1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or https://opensource.org/licenses/CDDL-1.0. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. 24 * Portions Copyright 2011 Martin Matuska 25 * Copyright 2015, OmniTI Computer Consulting, Inc. All rights reserved. 26 * Copyright (c) 2012 Pawel Jakub Dawidek 27 * Copyright (c) 2014, 2016 Joyent, Inc. All rights reserved. 28 * Copyright 2016 Nexenta Systems, Inc. All rights reserved. 29 * Copyright (c) 2014, Joyent, Inc. All rights reserved. 30 * Copyright (c) 2011, 2024 by Delphix. All rights reserved. 31 * Copyright (c) 2013 by Saso Kiselkov. All rights reserved. 32 * Copyright (c) 2013 Steven Hartland. All rights reserved. 33 * Copyright (c) 2014 Integros [integros.com] 34 * Copyright 2016 Toomas Soome <tsoome@me.com> 35 * Copyright (c) 2016 Actifio, Inc. All rights reserved. 36 * Copyright (c) 2018, loli10K <ezomori.nozomu@gmail.com>. All rights reserved. 37 * Copyright 2017 RackTop Systems. 38 * Copyright (c) 2017 Open-E, Inc. All Rights Reserved. 39 * Copyright (c) 2019 Datto Inc. 40 * Copyright (c) 2019, 2020 by Christian Schwarz. All rights reserved. 41 * Copyright (c) 2019, 2021, 2023, 2024, Klara Inc. 42 * Copyright (c) 2019, Allan Jude 43 * Copyright 2024 Oxide Computer Company 44 */ 45 46 /* 47 * ZFS ioctls. 48 * 49 * This file handles the ioctls to /dev/zfs, used for configuring ZFS storage 50 * pools and filesystems, e.g. with /sbin/zfs and /sbin/zpool. 51 * 52 * There are two ways that we handle ioctls: the legacy way where almost 53 * all of the logic is in the ioctl callback, and the new way where most 54 * of the marshalling is handled in the common entry point, zfsdev_ioctl(). 55 * 56 * Non-legacy ioctls should be registered by calling 57 * zfs_ioctl_register() from zfs_ioctl_init(). The ioctl is invoked 58 * from userland by lzc_ioctl(). 59 * 60 * The registration arguments are as follows: 61 * 62 * const char *name 63 * The name of the ioctl. This is used for history logging. If the 64 * ioctl returns successfully (the callback returns 0), and allow_log 65 * is true, then a history log entry will be recorded with the input & 66 * output nvlists. The log entry can be printed with "zpool history -i". 67 * 68 * zfs_ioc_t ioc 69 * The ioctl request number, which userland will pass to ioctl(2). 70 * We want newer versions of libzfs and libzfs_core to run against 71 * existing zfs kernel modules (i.e. a deferred reboot after an update). 72 * Therefore the ioctl numbers cannot change from release to release. 73 * 74 * zfs_secpolicy_func_t *secpolicy 75 * This function will be called before the zfs_ioc_func_t, to 76 * determine if this operation is permitted. It should return EPERM 77 * on failure, and 0 on success. Checks include determining if the 78 * dataset is visible in this zone, and if the user has either all 79 * zfs privileges in the zone (SYS_MOUNT), or has been granted permission 80 * to do this operation on this dataset with "zfs allow". 81 * 82 * zfs_ioc_namecheck_t namecheck 83 * This specifies what to expect in the zfs_cmd_t:zc_name -- a pool 84 * name, a dataset name, or nothing. If the name is not well-formed, 85 * the ioctl will fail and the callback will not be called. 86 * Therefore, the callback can assume that the name is well-formed 87 * (e.g. is null-terminated, doesn't have more than one '@' character, 88 * doesn't have invalid characters). 89 * 90 * zfs_ioc_poolcheck_t pool_check 91 * This specifies requirements on the pool state. If the pool does 92 * not meet them (is suspended or is readonly), the ioctl will fail 93 * and the callback will not be called. If any checks are specified 94 * (i.e. it is not POOL_CHECK_NONE), namecheck must not be NO_NAME. 95 * Multiple checks can be or-ed together (e.g. POOL_CHECK_SUSPENDED | 96 * POOL_CHECK_READONLY). 97 * 98 * zfs_ioc_key_t *nvl_keys 99 * The list of expected/allowable innvl input keys. This list is used 100 * to validate the nvlist input to the ioctl. 101 * 102 * boolean_t smush_outnvlist 103 * If smush_outnvlist is true, then the output is presumed to be a 104 * list of errors, and it will be "smushed" down to fit into the 105 * caller's buffer, by removing some entries and replacing them with a 106 * single "N_MORE_ERRORS" entry indicating how many were removed. See 107 * nvlist_smush() for details. If smush_outnvlist is false, and the 108 * outnvlist does not fit into the userland-provided buffer, then the 109 * ioctl will fail with ENOMEM. 110 * 111 * zfs_ioc_func_t *func 112 * The callback function that will perform the operation. 113 * 114 * The callback should return 0 on success, or an error number on 115 * failure. If the function fails, the userland ioctl will return -1, 116 * and errno will be set to the callback's return value. The callback 117 * will be called with the following arguments: 118 * 119 * const char *name 120 * The name of the pool or dataset to operate on, from 121 * zfs_cmd_t:zc_name. The 'namecheck' argument specifies the 122 * expected type (pool, dataset, or none). 123 * 124 * nvlist_t *innvl 125 * The input nvlist, deserialized from zfs_cmd_t:zc_nvlist_src. Or 126 * NULL if no input nvlist was provided. Changes to this nvlist are 127 * ignored. If the input nvlist could not be deserialized, the 128 * ioctl will fail and the callback will not be called. 129 * 130 * nvlist_t *outnvl 131 * The output nvlist, initially empty. The callback can fill it in, 132 * and it will be returned to userland by serializing it into 133 * zfs_cmd_t:zc_nvlist_dst. If it is non-empty, and serialization 134 * fails (e.g. because the caller didn't supply a large enough 135 * buffer), then the overall ioctl will fail. See the 136 * 'smush_nvlist' argument above for additional behaviors. 137 * 138 * There are two typical uses of the output nvlist: 139 * - To return state, e.g. property values. In this case, 140 * smush_outnvlist should be false. If the buffer was not large 141 * enough, the caller will reallocate a larger buffer and try 142 * the ioctl again. 143 * 144 * - To return multiple errors from an ioctl which makes on-disk 145 * changes. In this case, smush_outnvlist should be true. 146 * Ioctls which make on-disk modifications should generally not 147 * use the outnvl if they succeed, because the caller can not 148 * distinguish between the operation failing, and 149 * deserialization failing. 150 * 151 * IOCTL Interface Errors 152 * 153 * The following ioctl input errors can be returned: 154 * ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel 155 * ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel 156 * ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing 157 * ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type 158 */ 159 160 #include <sys/types.h> 161 #include <sys/param.h> 162 #include <sys/errno.h> 163 #include <sys/file.h> 164 #include <sys/kmem.h> 165 #include <sys/cmn_err.h> 166 #include <sys/stat.h> 167 #include <sys/zfs_ioctl.h> 168 #include <sys/zfs_quota.h> 169 #include <sys/zfs_vfsops.h> 170 #include <sys/zfs_znode.h> 171 #include <sys/zap.h> 172 #include <sys/spa.h> 173 #include <sys/spa_impl.h> 174 #include <sys/vdev.h> 175 #include <sys/vdev_impl.h> 176 #include <sys/dmu.h> 177 #include <sys/dsl_dir.h> 178 #include <sys/dsl_dataset.h> 179 #include <sys/dsl_prop.h> 180 #include <sys/dsl_deleg.h> 181 #include <sys/dmu_objset.h> 182 #include <sys/dmu_impl.h> 183 #include <sys/dmu_redact.h> 184 #include <sys/dmu_tx.h> 185 #include <sys/sunddi.h> 186 #include <sys/policy.h> 187 #include <sys/zone.h> 188 #include <sys/nvpair.h> 189 #include <sys/pathname.h> 190 #include <sys/fs/zfs.h> 191 #include <sys/zfs_ctldir.h> 192 #include <sys/zfs_dir.h> 193 #include <sys/zfs_onexit.h> 194 #include <sys/zvol.h> 195 #include <sys/dsl_scan.h> 196 #include <sys/fm/util.h> 197 #include <sys/dsl_crypt.h> 198 #include <sys/rrwlock.h> 199 #include <sys/zfs_file.h> 200 201 #include <sys/dmu_recv.h> 202 #include <sys/dmu_send.h> 203 #include <sys/dmu_recv.h> 204 #include <sys/dsl_destroy.h> 205 #include <sys/dsl_bookmark.h> 206 #include <sys/dsl_userhold.h> 207 #include <sys/zfeature.h> 208 #include <sys/zcp.h> 209 #include <sys/zio_checksum.h> 210 #include <sys/vdev_removal.h> 211 #include <sys/vdev_impl.h> 212 #include <sys/vdev_initialize.h> 213 #include <sys/vdev_trim.h> 214 215 #include "zfs_namecheck.h" 216 #include "zfs_prop.h" 217 #include "zfs_deleg.h" 218 #include "zfs_comutil.h" 219 220 #include <sys/lua/lua.h> 221 #include <sys/lua/lauxlib.h> 222 #include <sys/zfs_ioctl_impl.h> 223 224 kmutex_t zfsdev_state_lock; 225 static zfsdev_state_t zfsdev_state_listhead; 226 227 /* 228 * Limit maximum nvlist size. We don't want users passing in insane values 229 * for zc->zc_nvlist_src_size, since we will need to allocate that much memory. 230 * Defaults to 0=auto which is handled by platform code. 231 */ 232 uint64_t zfs_max_nvlist_src_size = 0; 233 234 /* 235 * When logging the output nvlist of an ioctl in the on-disk history, limit 236 * the logged size to this many bytes. This must be less than DMU_MAX_ACCESS. 237 * This applies primarily to zfs_ioc_channel_program(). 238 */ 239 static uint64_t zfs_history_output_max = 1024 * 1024; 240 241 uint_t zfs_allow_log_key; 242 243 /* DATA_TYPE_ANY is used when zkey_type can vary. */ 244 #define DATA_TYPE_ANY DATA_TYPE_UNKNOWN 245 246 typedef struct zfs_ioc_vec { 247 zfs_ioc_legacy_func_t *zvec_legacy_func; 248 zfs_ioc_func_t *zvec_func; 249 zfs_secpolicy_func_t *zvec_secpolicy; 250 zfs_ioc_namecheck_t zvec_namecheck; 251 boolean_t zvec_allow_log; 252 zfs_ioc_poolcheck_t zvec_pool_check; 253 boolean_t zvec_smush_outnvlist; 254 const char *zvec_name; 255 const zfs_ioc_key_t *zvec_nvl_keys; 256 size_t zvec_nvl_key_count; 257 } zfs_ioc_vec_t; 258 259 /* This array is indexed by zfs_userquota_prop_t */ 260 static const char *userquota_perms[] = { 261 ZFS_DELEG_PERM_USERUSED, 262 ZFS_DELEG_PERM_USERQUOTA, 263 ZFS_DELEG_PERM_GROUPUSED, 264 ZFS_DELEG_PERM_GROUPQUOTA, 265 ZFS_DELEG_PERM_USEROBJUSED, 266 ZFS_DELEG_PERM_USEROBJQUOTA, 267 ZFS_DELEG_PERM_GROUPOBJUSED, 268 ZFS_DELEG_PERM_GROUPOBJQUOTA, 269 ZFS_DELEG_PERM_PROJECTUSED, 270 ZFS_DELEG_PERM_PROJECTQUOTA, 271 ZFS_DELEG_PERM_PROJECTOBJUSED, 272 ZFS_DELEG_PERM_PROJECTOBJQUOTA, 273 }; 274 275 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc); 276 static int zfs_ioc_id_quota_upgrade(zfs_cmd_t *zc); 277 static int zfs_check_settable(const char *name, nvpair_t *property, 278 cred_t *cr); 279 static int zfs_check_clearable(const char *dataset, nvlist_t *props, 280 nvlist_t **errors); 281 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *, 282 boolean_t *); 283 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t *); 284 static int get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp); 285 286 static void 287 history_str_free(char *buf) 288 { 289 kmem_free(buf, HIS_MAX_RECORD_LEN); 290 } 291 292 static char * 293 history_str_get(zfs_cmd_t *zc) 294 { 295 char *buf; 296 297 if (zc->zc_history == 0) 298 return (NULL); 299 300 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP); 301 if (copyinstr((void *)(uintptr_t)zc->zc_history, 302 buf, HIS_MAX_RECORD_LEN, NULL) != 0) { 303 history_str_free(buf); 304 return (NULL); 305 } 306 307 buf[HIS_MAX_RECORD_LEN -1] = '\0'; 308 309 return (buf); 310 } 311 312 /* 313 * Return non-zero if the spa version is less than requested version. 314 */ 315 static int 316 zfs_earlier_version(const char *name, int version) 317 { 318 spa_t *spa; 319 320 if (spa_open(name, &spa, FTAG) == 0) { 321 if (spa_version(spa) < version) { 322 spa_close(spa, FTAG); 323 return (1); 324 } 325 spa_close(spa, FTAG); 326 } 327 return (0); 328 } 329 330 /* 331 * Return TRUE if the ZPL version is less than requested version. 332 */ 333 static boolean_t 334 zpl_earlier_version(const char *name, int version) 335 { 336 objset_t *os; 337 boolean_t rc = B_TRUE; 338 339 if (dmu_objset_hold(name, FTAG, &os) == 0) { 340 uint64_t zplversion; 341 342 if (dmu_objset_type(os) != DMU_OST_ZFS) { 343 dmu_objset_rele(os, FTAG); 344 return (B_TRUE); 345 } 346 /* XXX reading from non-owned objset */ 347 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0) 348 rc = zplversion < version; 349 dmu_objset_rele(os, FTAG); 350 } 351 return (rc); 352 } 353 354 static void 355 zfs_log_history(zfs_cmd_t *zc) 356 { 357 spa_t *spa; 358 char *buf; 359 360 if ((buf = history_str_get(zc)) == NULL) 361 return; 362 363 if (spa_open(zc->zc_name, &spa, FTAG) == 0) { 364 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY) 365 (void) spa_history_log(spa, buf); 366 spa_close(spa, FTAG); 367 } 368 history_str_free(buf); 369 } 370 371 /* 372 * Policy for top-level read operations (list pools). Requires no privileges, 373 * and can be used in the local zone, as there is no associated dataset. 374 */ 375 static int 376 zfs_secpolicy_none(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 377 { 378 (void) zc, (void) innvl, (void) cr; 379 return (0); 380 } 381 382 /* 383 * Policy for dataset read operations (list children, get statistics). Requires 384 * no privileges, but must be visible in the local zone. 385 */ 386 static int 387 zfs_secpolicy_read(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 388 { 389 (void) innvl, (void) cr; 390 if (INGLOBALZONE(curproc) || 391 zone_dataset_visible(zc->zc_name, NULL)) 392 return (0); 393 394 return (SET_ERROR(ENOENT)); 395 } 396 397 static int 398 zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr) 399 { 400 int writable = 1; 401 402 /* 403 * The dataset must be visible by this zone -- check this first 404 * so they don't see EPERM on something they shouldn't know about. 405 */ 406 if (!INGLOBALZONE(curproc) && 407 !zone_dataset_visible(dataset, &writable)) 408 return (SET_ERROR(ENOENT)); 409 410 if (INGLOBALZONE(curproc)) { 411 /* 412 * If the fs is zoned, only root can access it from the 413 * global zone. 414 */ 415 if (secpolicy_zfs(cr) && zoned) 416 return (SET_ERROR(EPERM)); 417 } else { 418 /* 419 * If we are in a local zone, the 'zoned' property must be set. 420 */ 421 if (!zoned) 422 return (SET_ERROR(EPERM)); 423 424 /* must be writable by this zone */ 425 if (!writable) 426 return (SET_ERROR(EPERM)); 427 } 428 return (0); 429 } 430 431 static int 432 zfs_dozonecheck(const char *dataset, cred_t *cr) 433 { 434 uint64_t zoned; 435 436 if (dsl_prop_get_integer(dataset, zfs_prop_to_name(ZFS_PROP_ZONED), 437 &zoned, NULL)) 438 return (SET_ERROR(ENOENT)); 439 440 return (zfs_dozonecheck_impl(dataset, zoned, cr)); 441 } 442 443 static int 444 zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr) 445 { 446 uint64_t zoned; 447 448 if (dsl_prop_get_int_ds(ds, zfs_prop_to_name(ZFS_PROP_ZONED), &zoned)) 449 return (SET_ERROR(ENOENT)); 450 451 return (zfs_dozonecheck_impl(dataset, zoned, cr)); 452 } 453 454 static int 455 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds, 456 const char *perm, cred_t *cr) 457 { 458 int error; 459 460 error = zfs_dozonecheck_ds(name, ds, cr); 461 if (error == 0) { 462 error = secpolicy_zfs(cr); 463 if (error != 0) 464 error = dsl_deleg_access_impl(ds, perm, cr); 465 } 466 return (error); 467 } 468 469 static int 470 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr) 471 { 472 int error; 473 dsl_dataset_t *ds; 474 dsl_pool_t *dp; 475 476 /* 477 * First do a quick check for root in the global zone, which 478 * is allowed to do all write_perms. This ensures that zfs_ioc_* 479 * will get to handle nonexistent datasets. 480 */ 481 if (INGLOBALZONE(curproc) && secpolicy_zfs(cr) == 0) 482 return (0); 483 484 error = dsl_pool_hold(name, FTAG, &dp); 485 if (error != 0) 486 return (error); 487 488 error = dsl_dataset_hold(dp, name, FTAG, &ds); 489 if (error != 0) { 490 dsl_pool_rele(dp, FTAG); 491 return (error); 492 } 493 494 error = zfs_secpolicy_write_perms_ds(name, ds, perm, cr); 495 496 dsl_dataset_rele(ds, FTAG); 497 dsl_pool_rele(dp, FTAG); 498 return (error); 499 } 500 501 /* 502 * Policy for setting the security label property. 503 * 504 * Returns 0 for success, non-zero for access and other errors. 505 */ 506 static int 507 zfs_set_slabel_policy(const char *name, const char *strval, cred_t *cr) 508 { 509 #ifdef HAVE_MLSLABEL 510 char ds_hexsl[MAXNAMELEN]; 511 bslabel_t ds_sl, new_sl; 512 boolean_t new_default = FALSE; 513 uint64_t zoned; 514 int needed_priv = -1; 515 int error; 516 517 /* First get the existing dataset label. */ 518 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL), 519 1, sizeof (ds_hexsl), &ds_hexsl, NULL); 520 if (error != 0) 521 return (SET_ERROR(EPERM)); 522 523 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0) 524 new_default = TRUE; 525 526 /* The label must be translatable */ 527 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0)) 528 return (SET_ERROR(EINVAL)); 529 530 /* 531 * In a non-global zone, disallow attempts to set a label that 532 * doesn't match that of the zone; otherwise no other checks 533 * are needed. 534 */ 535 if (!INGLOBALZONE(curproc)) { 536 if (new_default || !blequal(&new_sl, CR_SL(CRED()))) 537 return (SET_ERROR(EPERM)); 538 return (0); 539 } 540 541 /* 542 * For global-zone datasets (i.e., those whose zoned property is 543 * "off", verify that the specified new label is valid for the 544 * global zone. 545 */ 546 if (dsl_prop_get_integer(name, 547 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL)) 548 return (SET_ERROR(EPERM)); 549 if (!zoned) { 550 if (zfs_check_global_label(name, strval) != 0) 551 return (SET_ERROR(EPERM)); 552 } 553 554 /* 555 * If the existing dataset label is nondefault, check if the 556 * dataset is mounted (label cannot be changed while mounted). 557 * Get the zfsvfs_t; if there isn't one, then the dataset isn't 558 * mounted (or isn't a dataset, doesn't exist, ...). 559 */ 560 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) { 561 objset_t *os; 562 static const char *setsl_tag = "setsl_tag"; 563 564 /* 565 * Try to own the dataset; abort if there is any error, 566 * (e.g., already mounted, in use, or other error). 567 */ 568 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE, B_TRUE, 569 setsl_tag, &os); 570 if (error != 0) 571 return (SET_ERROR(EPERM)); 572 573 dmu_objset_disown(os, B_TRUE, setsl_tag); 574 575 if (new_default) { 576 needed_priv = PRIV_FILE_DOWNGRADE_SL; 577 goto out_check; 578 } 579 580 if (hexstr_to_label(strval, &new_sl) != 0) 581 return (SET_ERROR(EPERM)); 582 583 if (blstrictdom(&ds_sl, &new_sl)) 584 needed_priv = PRIV_FILE_DOWNGRADE_SL; 585 else if (blstrictdom(&new_sl, &ds_sl)) 586 needed_priv = PRIV_FILE_UPGRADE_SL; 587 } else { 588 /* dataset currently has a default label */ 589 if (!new_default) 590 needed_priv = PRIV_FILE_UPGRADE_SL; 591 } 592 593 out_check: 594 if (needed_priv != -1) 595 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL)); 596 return (0); 597 #else 598 return (SET_ERROR(ENOTSUP)); 599 #endif /* HAVE_MLSLABEL */ 600 } 601 602 static int 603 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval, 604 cred_t *cr) 605 { 606 const char *strval; 607 608 /* 609 * Check permissions for special properties. 610 */ 611 switch (prop) { 612 default: 613 break; 614 case ZFS_PROP_ZONED: 615 /* 616 * Disallow setting of 'zoned' from within a local zone. 617 */ 618 if (!INGLOBALZONE(curproc)) 619 return (SET_ERROR(EPERM)); 620 break; 621 622 case ZFS_PROP_QUOTA: 623 case ZFS_PROP_FILESYSTEM_LIMIT: 624 case ZFS_PROP_SNAPSHOT_LIMIT: 625 if (!INGLOBALZONE(curproc)) { 626 uint64_t zoned; 627 char setpoint[ZFS_MAX_DATASET_NAME_LEN]; 628 /* 629 * Unprivileged users are allowed to modify the 630 * limit on things *under* (ie. contained by) 631 * the thing they own. 632 */ 633 if (dsl_prop_get_integer(dsname, 634 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, setpoint)) 635 return (SET_ERROR(EPERM)); 636 if (!zoned || strlen(dsname) <= strlen(setpoint)) 637 return (SET_ERROR(EPERM)); 638 } 639 break; 640 641 case ZFS_PROP_MLSLABEL: 642 if (!is_system_labeled()) 643 return (SET_ERROR(EPERM)); 644 645 if (nvpair_value_string(propval, &strval) == 0) { 646 int err; 647 648 err = zfs_set_slabel_policy(dsname, strval, CRED()); 649 if (err != 0) 650 return (err); 651 } 652 break; 653 } 654 655 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr)); 656 } 657 658 static int 659 zfs_secpolicy_set_fsacl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 660 { 661 /* 662 * permission to set permissions will be evaluated later in 663 * dsl_deleg_can_allow() 664 */ 665 (void) innvl; 666 return (zfs_dozonecheck(zc->zc_name, cr)); 667 } 668 669 static int 670 zfs_secpolicy_rollback(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 671 { 672 (void) innvl; 673 return (zfs_secpolicy_write_perms(zc->zc_name, 674 ZFS_DELEG_PERM_ROLLBACK, cr)); 675 } 676 677 static int 678 zfs_secpolicy_send(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 679 { 680 (void) innvl; 681 dsl_pool_t *dp; 682 dsl_dataset_t *ds; 683 const char *cp; 684 int error; 685 686 /* 687 * Generate the current snapshot name from the given objsetid, then 688 * use that name for the secpolicy/zone checks. 689 */ 690 cp = strchr(zc->zc_name, '@'); 691 if (cp == NULL) 692 return (SET_ERROR(EINVAL)); 693 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 694 if (error != 0) 695 return (error); 696 697 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds); 698 if (error != 0) { 699 dsl_pool_rele(dp, FTAG); 700 return (error); 701 } 702 703 dsl_dataset_name(ds, zc->zc_name); 704 705 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds, 706 ZFS_DELEG_PERM_SEND, cr); 707 dsl_dataset_rele(ds, FTAG); 708 dsl_pool_rele(dp, FTAG); 709 710 return (error); 711 } 712 713 static int 714 zfs_secpolicy_send_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 715 { 716 (void) innvl; 717 return (zfs_secpolicy_write_perms(zc->zc_name, 718 ZFS_DELEG_PERM_SEND, cr)); 719 } 720 721 static int 722 zfs_secpolicy_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 723 { 724 (void) zc, (void) innvl, (void) cr; 725 return (SET_ERROR(ENOTSUP)); 726 } 727 728 static int 729 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 730 { 731 (void) zc, (void) innvl, (void) cr; 732 return (SET_ERROR(ENOTSUP)); 733 } 734 735 static int 736 zfs_get_parent(const char *datasetname, char *parent, int parentsize) 737 { 738 char *cp; 739 740 /* 741 * Remove the @bla or /bla from the end of the name to get the parent. 742 */ 743 (void) strlcpy(parent, datasetname, parentsize); 744 cp = strrchr(parent, '@'); 745 if (cp != NULL) { 746 cp[0] = '\0'; 747 } else { 748 cp = strrchr(parent, '/'); 749 if (cp == NULL) 750 return (SET_ERROR(ENOENT)); 751 cp[0] = '\0'; 752 } 753 754 return (0); 755 } 756 757 int 758 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr) 759 { 760 int error; 761 762 if ((error = zfs_secpolicy_write_perms(name, 763 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 764 return (error); 765 766 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr)); 767 } 768 769 static int 770 zfs_secpolicy_destroy(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 771 { 772 (void) innvl; 773 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr)); 774 } 775 776 /* 777 * Destroying snapshots with delegated permissions requires 778 * descendant mount and destroy permissions. 779 */ 780 static int 781 zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 782 { 783 (void) zc; 784 nvlist_t *snaps; 785 nvpair_t *pair, *nextpair; 786 int error = 0; 787 788 snaps = fnvlist_lookup_nvlist(innvl, "snaps"); 789 790 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 791 pair = nextpair) { 792 nextpair = nvlist_next_nvpair(snaps, pair); 793 error = zfs_secpolicy_destroy_perms(nvpair_name(pair), cr); 794 if (error == ENOENT) { 795 /* 796 * Ignore any snapshots that don't exist (we consider 797 * them "already destroyed"). Remove the name from the 798 * nvl here in case the snapshot is created between 799 * now and when we try to destroy it (in which case 800 * we don't want to destroy it since we haven't 801 * checked for permission). 802 */ 803 fnvlist_remove_nvpair(snaps, pair); 804 error = 0; 805 } 806 if (error != 0) 807 break; 808 } 809 810 return (error); 811 } 812 813 int 814 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr) 815 { 816 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 817 int error; 818 819 if ((error = zfs_secpolicy_write_perms(from, 820 ZFS_DELEG_PERM_RENAME, cr)) != 0) 821 return (error); 822 823 if ((error = zfs_secpolicy_write_perms(from, 824 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 825 return (error); 826 827 if ((error = zfs_get_parent(to, parentname, 828 sizeof (parentname))) != 0) 829 return (error); 830 831 if ((error = zfs_secpolicy_write_perms(parentname, 832 ZFS_DELEG_PERM_CREATE, cr)) != 0) 833 return (error); 834 835 if ((error = zfs_secpolicy_write_perms(parentname, 836 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 837 return (error); 838 839 return (error); 840 } 841 842 static int 843 zfs_secpolicy_rename(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 844 { 845 (void) innvl; 846 return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr)); 847 } 848 849 static int 850 zfs_secpolicy_promote(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 851 { 852 (void) innvl; 853 dsl_pool_t *dp; 854 dsl_dataset_t *clone; 855 int error; 856 857 error = zfs_secpolicy_write_perms(zc->zc_name, 858 ZFS_DELEG_PERM_PROMOTE, cr); 859 if (error != 0) 860 return (error); 861 862 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 863 if (error != 0) 864 return (error); 865 866 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &clone); 867 868 if (error == 0) { 869 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 870 dsl_dataset_t *origin = NULL; 871 dsl_dir_t *dd; 872 dd = clone->ds_dir; 873 874 error = dsl_dataset_hold_obj(dd->dd_pool, 875 dsl_dir_phys(dd)->dd_origin_obj, FTAG, &origin); 876 if (error != 0) { 877 dsl_dataset_rele(clone, FTAG); 878 dsl_pool_rele(dp, FTAG); 879 return (error); 880 } 881 882 error = zfs_secpolicy_write_perms_ds(zc->zc_name, clone, 883 ZFS_DELEG_PERM_MOUNT, cr); 884 885 dsl_dataset_name(origin, parentname); 886 if (error == 0) { 887 error = zfs_secpolicy_write_perms_ds(parentname, origin, 888 ZFS_DELEG_PERM_PROMOTE, cr); 889 } 890 dsl_dataset_rele(clone, FTAG); 891 dsl_dataset_rele(origin, FTAG); 892 } 893 dsl_pool_rele(dp, FTAG); 894 return (error); 895 } 896 897 static int 898 zfs_secpolicy_recv(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 899 { 900 (void) innvl; 901 int error; 902 903 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 904 ZFS_DELEG_PERM_RECEIVE, cr)) != 0) 905 return (error); 906 907 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 908 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 909 return (error); 910 911 return (zfs_secpolicy_write_perms(zc->zc_name, 912 ZFS_DELEG_PERM_CREATE, cr)); 913 } 914 915 int 916 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr) 917 { 918 return (zfs_secpolicy_write_perms(name, 919 ZFS_DELEG_PERM_SNAPSHOT, cr)); 920 } 921 922 /* 923 * Check for permission to create each snapshot in the nvlist. 924 */ 925 static int 926 zfs_secpolicy_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 927 { 928 (void) zc; 929 nvlist_t *snaps; 930 int error = 0; 931 nvpair_t *pair; 932 933 snaps = fnvlist_lookup_nvlist(innvl, "snaps"); 934 935 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 936 pair = nvlist_next_nvpair(snaps, pair)) { 937 char *name = (char *)nvpair_name(pair); 938 char *atp = strchr(name, '@'); 939 940 if (atp == NULL) { 941 error = SET_ERROR(EINVAL); 942 break; 943 } 944 *atp = '\0'; 945 error = zfs_secpolicy_snapshot_perms(name, cr); 946 *atp = '@'; 947 if (error != 0) 948 break; 949 } 950 return (error); 951 } 952 953 /* 954 * Check for permission to create each bookmark in the nvlist. 955 */ 956 static int 957 zfs_secpolicy_bookmark(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 958 { 959 (void) zc; 960 int error = 0; 961 962 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL); 963 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) { 964 char *name = (char *)nvpair_name(pair); 965 char *hashp = strchr(name, '#'); 966 967 if (hashp == NULL) { 968 error = SET_ERROR(EINVAL); 969 break; 970 } 971 *hashp = '\0'; 972 error = zfs_secpolicy_write_perms(name, 973 ZFS_DELEG_PERM_BOOKMARK, cr); 974 *hashp = '#'; 975 if (error != 0) 976 break; 977 } 978 return (error); 979 } 980 981 static int 982 zfs_secpolicy_destroy_bookmarks(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 983 { 984 (void) zc; 985 nvpair_t *pair, *nextpair; 986 int error = 0; 987 988 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL; 989 pair = nextpair) { 990 char *name = (char *)nvpair_name(pair); 991 char *hashp = strchr(name, '#'); 992 nextpair = nvlist_next_nvpair(innvl, pair); 993 994 if (hashp == NULL) { 995 error = SET_ERROR(EINVAL); 996 break; 997 } 998 999 *hashp = '\0'; 1000 error = zfs_secpolicy_write_perms(name, 1001 ZFS_DELEG_PERM_DESTROY, cr); 1002 *hashp = '#'; 1003 if (error == ENOENT) { 1004 /* 1005 * Ignore any filesystems that don't exist (we consider 1006 * their bookmarks "already destroyed"). Remove 1007 * the name from the nvl here in case the filesystem 1008 * is created between now and when we try to destroy 1009 * the bookmark (in which case we don't want to 1010 * destroy it since we haven't checked for permission). 1011 */ 1012 fnvlist_remove_nvpair(innvl, pair); 1013 error = 0; 1014 } 1015 if (error != 0) 1016 break; 1017 } 1018 1019 return (error); 1020 } 1021 1022 static int 1023 zfs_secpolicy_log_history(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1024 { 1025 (void) zc, (void) innvl, (void) cr; 1026 /* 1027 * Even root must have a proper TSD so that we know what pool 1028 * to log to. 1029 */ 1030 if (tsd_get(zfs_allow_log_key) == NULL) 1031 return (SET_ERROR(EPERM)); 1032 return (0); 1033 } 1034 1035 static int 1036 zfs_secpolicy_create_clone(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1037 { 1038 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 1039 int error; 1040 const char *origin; 1041 1042 if ((error = zfs_get_parent(zc->zc_name, parentname, 1043 sizeof (parentname))) != 0) 1044 return (error); 1045 1046 if (nvlist_lookup_string(innvl, "origin", &origin) == 0 && 1047 (error = zfs_secpolicy_write_perms(origin, 1048 ZFS_DELEG_PERM_CLONE, cr)) != 0) 1049 return (error); 1050 1051 if ((error = zfs_secpolicy_write_perms(parentname, 1052 ZFS_DELEG_PERM_CREATE, cr)) != 0) 1053 return (error); 1054 1055 return (zfs_secpolicy_write_perms(parentname, 1056 ZFS_DELEG_PERM_MOUNT, cr)); 1057 } 1058 1059 /* 1060 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires 1061 * SYS_CONFIG privilege, which is not available in a local zone. 1062 */ 1063 int 1064 zfs_secpolicy_config(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1065 { 1066 (void) zc, (void) innvl; 1067 1068 if (secpolicy_sys_config(cr, B_FALSE) != 0) 1069 return (SET_ERROR(EPERM)); 1070 1071 return (0); 1072 } 1073 1074 /* 1075 * Policy for object to name lookups. 1076 */ 1077 static int 1078 zfs_secpolicy_diff(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1079 { 1080 (void) innvl; 1081 int error; 1082 1083 if (secpolicy_sys_config(cr, B_FALSE) == 0) 1084 return (0); 1085 1086 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr); 1087 return (error); 1088 } 1089 1090 /* 1091 * Policy for fault injection. Requires all privileges. 1092 */ 1093 static int 1094 zfs_secpolicy_inject(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1095 { 1096 (void) zc, (void) innvl; 1097 return (secpolicy_zinject(cr)); 1098 } 1099 1100 static int 1101 zfs_secpolicy_inherit_prop(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1102 { 1103 (void) innvl; 1104 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value); 1105 1106 if (prop == ZPROP_USERPROP) { 1107 if (!zfs_prop_user(zc->zc_value)) 1108 return (SET_ERROR(EINVAL)); 1109 return (zfs_secpolicy_write_perms(zc->zc_name, 1110 ZFS_DELEG_PERM_USERPROP, cr)); 1111 } else { 1112 return (zfs_secpolicy_setprop(zc->zc_name, prop, 1113 NULL, cr)); 1114 } 1115 } 1116 1117 static int 1118 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1119 { 1120 int err = zfs_secpolicy_read(zc, innvl, cr); 1121 if (err) 1122 return (err); 1123 1124 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 1125 return (SET_ERROR(EINVAL)); 1126 1127 if (zc->zc_value[0] == 0) { 1128 /* 1129 * They are asking about a posix uid/gid. If it's 1130 * themself, allow it. 1131 */ 1132 if (zc->zc_objset_type == ZFS_PROP_USERUSED || 1133 zc->zc_objset_type == ZFS_PROP_USERQUOTA || 1134 zc->zc_objset_type == ZFS_PROP_USEROBJUSED || 1135 zc->zc_objset_type == ZFS_PROP_USEROBJQUOTA) { 1136 if (zc->zc_guid == crgetuid(cr)) 1137 return (0); 1138 } else if (zc->zc_objset_type == ZFS_PROP_GROUPUSED || 1139 zc->zc_objset_type == ZFS_PROP_GROUPQUOTA || 1140 zc->zc_objset_type == ZFS_PROP_GROUPOBJUSED || 1141 zc->zc_objset_type == ZFS_PROP_GROUPOBJQUOTA) { 1142 if (groupmember(zc->zc_guid, cr)) 1143 return (0); 1144 } 1145 /* else is for project quota/used */ 1146 } 1147 1148 return (zfs_secpolicy_write_perms(zc->zc_name, 1149 userquota_perms[zc->zc_objset_type], cr)); 1150 } 1151 1152 static int 1153 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1154 { 1155 int err = zfs_secpolicy_read(zc, innvl, cr); 1156 if (err) 1157 return (err); 1158 1159 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 1160 return (SET_ERROR(EINVAL)); 1161 1162 return (zfs_secpolicy_write_perms(zc->zc_name, 1163 userquota_perms[zc->zc_objset_type], cr)); 1164 } 1165 1166 static int 1167 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1168 { 1169 (void) innvl; 1170 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION, 1171 NULL, cr)); 1172 } 1173 1174 static int 1175 zfs_secpolicy_hold(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1176 { 1177 (void) zc; 1178 nvpair_t *pair; 1179 nvlist_t *holds; 1180 int error; 1181 1182 holds = fnvlist_lookup_nvlist(innvl, "holds"); 1183 1184 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL; 1185 pair = nvlist_next_nvpair(holds, pair)) { 1186 char fsname[ZFS_MAX_DATASET_NAME_LEN]; 1187 error = dmu_fsname(nvpair_name(pair), fsname); 1188 if (error != 0) 1189 return (error); 1190 error = zfs_secpolicy_write_perms(fsname, 1191 ZFS_DELEG_PERM_HOLD, cr); 1192 if (error != 0) 1193 return (error); 1194 } 1195 return (0); 1196 } 1197 1198 static int 1199 zfs_secpolicy_release(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1200 { 1201 (void) zc; 1202 nvpair_t *pair; 1203 int error; 1204 1205 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL; 1206 pair = nvlist_next_nvpair(innvl, pair)) { 1207 char fsname[ZFS_MAX_DATASET_NAME_LEN]; 1208 error = dmu_fsname(nvpair_name(pair), fsname); 1209 if (error != 0) 1210 return (error); 1211 error = zfs_secpolicy_write_perms(fsname, 1212 ZFS_DELEG_PERM_RELEASE, cr); 1213 if (error != 0) 1214 return (error); 1215 } 1216 return (0); 1217 } 1218 1219 /* 1220 * Policy for allowing temporary snapshots to be taken or released 1221 */ 1222 static int 1223 zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1224 { 1225 /* 1226 * A temporary snapshot is the same as a snapshot, 1227 * hold, destroy and release all rolled into one. 1228 * Delegated diff alone is sufficient that we allow this. 1229 */ 1230 int error; 1231 1232 if (zfs_secpolicy_write_perms(zc->zc_name, 1233 ZFS_DELEG_PERM_DIFF, cr) == 0) 1234 return (0); 1235 1236 error = zfs_secpolicy_snapshot_perms(zc->zc_name, cr); 1237 1238 if (innvl != NULL) { 1239 if (error == 0) 1240 error = zfs_secpolicy_hold(zc, innvl, cr); 1241 if (error == 0) 1242 error = zfs_secpolicy_release(zc, innvl, cr); 1243 if (error == 0) 1244 error = zfs_secpolicy_destroy(zc, innvl, cr); 1245 } 1246 return (error); 1247 } 1248 1249 static int 1250 zfs_secpolicy_load_key(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1251 { 1252 return (zfs_secpolicy_write_perms(zc->zc_name, 1253 ZFS_DELEG_PERM_LOAD_KEY, cr)); 1254 } 1255 1256 static int 1257 zfs_secpolicy_change_key(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1258 { 1259 return (zfs_secpolicy_write_perms(zc->zc_name, 1260 ZFS_DELEG_PERM_CHANGE_KEY, cr)); 1261 } 1262 1263 /* 1264 * Returns the nvlist as specified by the user in the zfs_cmd_t. 1265 */ 1266 static int 1267 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp) 1268 { 1269 char *packed; 1270 int error; 1271 nvlist_t *list = NULL; 1272 1273 /* 1274 * Read in and unpack the user-supplied nvlist. 1275 */ 1276 if (size == 0) 1277 return (SET_ERROR(EINVAL)); 1278 1279 packed = vmem_alloc(size, KM_SLEEP); 1280 1281 if (ddi_copyin((void *)(uintptr_t)nvl, packed, size, iflag) != 0) { 1282 vmem_free(packed, size); 1283 return (SET_ERROR(EFAULT)); 1284 } 1285 1286 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) { 1287 vmem_free(packed, size); 1288 return (error); 1289 } 1290 1291 vmem_free(packed, size); 1292 1293 *nvp = list; 1294 return (0); 1295 } 1296 1297 /* 1298 * Reduce the size of this nvlist until it can be serialized in 'max' bytes. 1299 * Entries will be removed from the end of the nvlist, and one int32 entry 1300 * named "N_MORE_ERRORS" will be added indicating how many entries were 1301 * removed. 1302 */ 1303 static int 1304 nvlist_smush(nvlist_t *errors, size_t max) 1305 { 1306 size_t size; 1307 1308 size = fnvlist_size(errors); 1309 1310 if (size > max) { 1311 nvpair_t *more_errors; 1312 int n = 0; 1313 1314 if (max < 1024) 1315 return (SET_ERROR(ENOMEM)); 1316 1317 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, 0); 1318 more_errors = nvlist_prev_nvpair(errors, NULL); 1319 1320 do { 1321 nvpair_t *pair = nvlist_prev_nvpair(errors, 1322 more_errors); 1323 fnvlist_remove_nvpair(errors, pair); 1324 n++; 1325 size = fnvlist_size(errors); 1326 } while (size > max); 1327 1328 fnvlist_remove_nvpair(errors, more_errors); 1329 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, n); 1330 ASSERT3U(fnvlist_size(errors), <=, max); 1331 } 1332 1333 return (0); 1334 } 1335 1336 static int 1337 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl) 1338 { 1339 char *packed = NULL; 1340 int error = 0; 1341 size_t size; 1342 1343 size = fnvlist_size(nvl); 1344 1345 if (size > zc->zc_nvlist_dst_size) { 1346 error = SET_ERROR(ENOMEM); 1347 } else { 1348 packed = fnvlist_pack(nvl, &size); 1349 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst, 1350 size, zc->zc_iflags) != 0) 1351 error = SET_ERROR(EFAULT); 1352 fnvlist_pack_free(packed, size); 1353 } 1354 1355 zc->zc_nvlist_dst_size = size; 1356 zc->zc_nvlist_dst_filled = B_TRUE; 1357 return (error); 1358 } 1359 1360 int 1361 getzfsvfs_impl(objset_t *os, zfsvfs_t **zfvp) 1362 { 1363 int error = 0; 1364 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1365 return (SET_ERROR(EINVAL)); 1366 } 1367 1368 mutex_enter(&os->os_user_ptr_lock); 1369 *zfvp = dmu_objset_get_user(os); 1370 /* bump s_active only when non-zero to prevent umount race */ 1371 error = zfs_vfs_ref(zfvp); 1372 mutex_exit(&os->os_user_ptr_lock); 1373 return (error); 1374 } 1375 1376 int 1377 getzfsvfs(const char *dsname, zfsvfs_t **zfvp) 1378 { 1379 objset_t *os; 1380 int error; 1381 1382 error = dmu_objset_hold(dsname, FTAG, &os); 1383 if (error != 0) 1384 return (error); 1385 1386 error = getzfsvfs_impl(os, zfvp); 1387 dmu_objset_rele(os, FTAG); 1388 return (error); 1389 } 1390 1391 /* 1392 * Find a zfsvfs_t for a mounted filesystem, or create our own, in which 1393 * case its z_sb will be NULL, and it will be opened as the owner. 1394 * If 'writer' is set, the z_teardown_lock will be held for RW_WRITER, 1395 * which prevents all inode ops from running. 1396 */ 1397 static int 1398 zfsvfs_hold(const char *name, const void *tag, zfsvfs_t **zfvp, 1399 boolean_t writer) 1400 { 1401 int error = 0; 1402 1403 if (getzfsvfs(name, zfvp) != 0) 1404 error = zfsvfs_create(name, B_FALSE, zfvp); 1405 if (error == 0) { 1406 if (writer) 1407 ZFS_TEARDOWN_ENTER_WRITE(*zfvp, tag); 1408 else 1409 ZFS_TEARDOWN_ENTER_READ(*zfvp, tag); 1410 if ((*zfvp)->z_unmounted) { 1411 /* 1412 * XXX we could probably try again, since the unmounting 1413 * thread should be just about to disassociate the 1414 * objset from the zfsvfs. 1415 */ 1416 ZFS_TEARDOWN_EXIT(*zfvp, tag); 1417 return (SET_ERROR(EBUSY)); 1418 } 1419 } 1420 return (error); 1421 } 1422 1423 static void 1424 zfsvfs_rele(zfsvfs_t *zfsvfs, const void *tag) 1425 { 1426 ZFS_TEARDOWN_EXIT(zfsvfs, tag); 1427 1428 if (zfs_vfs_held(zfsvfs)) { 1429 zfs_vfs_rele(zfsvfs); 1430 } else { 1431 dmu_objset_disown(zfsvfs->z_os, B_TRUE, zfsvfs); 1432 zfsvfs_free(zfsvfs); 1433 } 1434 } 1435 1436 static int 1437 zfs_ioc_pool_create(zfs_cmd_t *zc) 1438 { 1439 int error; 1440 nvlist_t *config, *props = NULL; 1441 nvlist_t *rootprops = NULL; 1442 nvlist_t *zplprops = NULL; 1443 dsl_crypto_params_t *dcp = NULL; 1444 const char *spa_name = zc->zc_name; 1445 boolean_t unload_wkey = B_TRUE; 1446 1447 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1448 zc->zc_iflags, &config))) 1449 return (error); 1450 1451 if (zc->zc_nvlist_src_size != 0 && (error = 1452 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1453 zc->zc_iflags, &props))) { 1454 nvlist_free(config); 1455 return (error); 1456 } 1457 1458 if (props) { 1459 nvlist_t *nvl = NULL; 1460 nvlist_t *hidden_args = NULL; 1461 uint64_t version = SPA_VERSION; 1462 const char *tname; 1463 1464 (void) nvlist_lookup_uint64(props, 1465 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version); 1466 if (!SPA_VERSION_IS_SUPPORTED(version)) { 1467 error = SET_ERROR(EINVAL); 1468 goto pool_props_bad; 1469 } 1470 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl); 1471 if (nvl) { 1472 error = nvlist_dup(nvl, &rootprops, KM_SLEEP); 1473 if (error != 0) 1474 goto pool_props_bad; 1475 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS); 1476 } 1477 1478 (void) nvlist_lookup_nvlist(props, ZPOOL_HIDDEN_ARGS, 1479 &hidden_args); 1480 error = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, 1481 rootprops, hidden_args, &dcp); 1482 if (error != 0) 1483 goto pool_props_bad; 1484 (void) nvlist_remove_all(props, ZPOOL_HIDDEN_ARGS); 1485 1486 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 1487 error = zfs_fill_zplprops_root(version, rootprops, 1488 zplprops, NULL); 1489 if (error != 0) 1490 goto pool_props_bad; 1491 1492 if (nvlist_lookup_string(props, 1493 zpool_prop_to_name(ZPOOL_PROP_TNAME), &tname) == 0) 1494 spa_name = tname; 1495 } 1496 1497 error = spa_create(zc->zc_name, config, props, zplprops, dcp); 1498 1499 /* 1500 * Set the remaining root properties 1501 */ 1502 if (!error && (error = zfs_set_prop_nvlist(spa_name, 1503 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0) { 1504 (void) spa_destroy(spa_name); 1505 unload_wkey = B_FALSE; /* spa_destroy() unloads wrapping keys */ 1506 } 1507 1508 pool_props_bad: 1509 nvlist_free(rootprops); 1510 nvlist_free(zplprops); 1511 nvlist_free(config); 1512 nvlist_free(props); 1513 dsl_crypto_params_free(dcp, unload_wkey && !!error); 1514 1515 return (error); 1516 } 1517 1518 static int 1519 zfs_ioc_pool_destroy(zfs_cmd_t *zc) 1520 { 1521 int error; 1522 zfs_log_history(zc); 1523 error = spa_destroy(zc->zc_name); 1524 1525 return (error); 1526 } 1527 1528 static int 1529 zfs_ioc_pool_import(zfs_cmd_t *zc) 1530 { 1531 nvlist_t *config, *props = NULL; 1532 uint64_t guid; 1533 int error; 1534 1535 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1536 zc->zc_iflags, &config)) != 0) 1537 return (error); 1538 1539 if (zc->zc_nvlist_src_size != 0 && (error = 1540 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1541 zc->zc_iflags, &props))) { 1542 nvlist_free(config); 1543 return (error); 1544 } 1545 1546 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 || 1547 guid != zc->zc_guid) 1548 error = SET_ERROR(EINVAL); 1549 else 1550 error = spa_import(zc->zc_name, config, props, zc->zc_cookie); 1551 1552 if (zc->zc_nvlist_dst != 0) { 1553 int err; 1554 1555 if ((err = put_nvlist(zc, config)) != 0) 1556 error = err; 1557 } 1558 1559 nvlist_free(config); 1560 nvlist_free(props); 1561 1562 return (error); 1563 } 1564 1565 static int 1566 zfs_ioc_pool_export(zfs_cmd_t *zc) 1567 { 1568 int error; 1569 boolean_t force = (boolean_t)zc->zc_cookie; 1570 boolean_t hardforce = (boolean_t)zc->zc_guid; 1571 1572 zfs_log_history(zc); 1573 error = spa_export(zc->zc_name, NULL, force, hardforce); 1574 1575 return (error); 1576 } 1577 1578 static int 1579 zfs_ioc_pool_configs(zfs_cmd_t *zc) 1580 { 1581 nvlist_t *configs; 1582 int error; 1583 1584 error = spa_all_configs(&zc->zc_cookie, &configs); 1585 if (error) 1586 return (error); 1587 1588 error = put_nvlist(zc, configs); 1589 1590 nvlist_free(configs); 1591 1592 return (error); 1593 } 1594 1595 /* 1596 * inputs: 1597 * zc_name name of the pool 1598 * 1599 * outputs: 1600 * zc_cookie real errno 1601 * zc_nvlist_dst config nvlist 1602 * zc_nvlist_dst_size size of config nvlist 1603 */ 1604 static int 1605 zfs_ioc_pool_stats(zfs_cmd_t *zc) 1606 { 1607 nvlist_t *config; 1608 int error; 1609 int ret = 0; 1610 1611 error = spa_get_stats(zc->zc_name, &config, zc->zc_value, 1612 sizeof (zc->zc_value)); 1613 1614 if (config != NULL) { 1615 ret = put_nvlist(zc, config); 1616 nvlist_free(config); 1617 1618 /* 1619 * The config may be present even if 'error' is non-zero. 1620 * In this case we return success, and preserve the real errno 1621 * in 'zc_cookie'. 1622 */ 1623 zc->zc_cookie = error; 1624 } else { 1625 ret = error; 1626 } 1627 1628 return (ret); 1629 } 1630 1631 /* 1632 * Try to import the given pool, returning pool stats as appropriate so that 1633 * user land knows which devices are available and overall pool health. 1634 */ 1635 static int 1636 zfs_ioc_pool_tryimport(zfs_cmd_t *zc) 1637 { 1638 nvlist_t *tryconfig, *config = NULL; 1639 int error; 1640 1641 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1642 zc->zc_iflags, &tryconfig)) != 0) 1643 return (error); 1644 1645 config = spa_tryimport(tryconfig); 1646 1647 nvlist_free(tryconfig); 1648 1649 if (config == NULL) 1650 return (SET_ERROR(EINVAL)); 1651 1652 error = put_nvlist(zc, config); 1653 nvlist_free(config); 1654 1655 return (error); 1656 } 1657 1658 /* 1659 * inputs: 1660 * zc_name name of the pool 1661 * zc_cookie scan func (pool_scan_func_t) 1662 * zc_flags scrub pause/resume flag (pool_scrub_cmd_t) 1663 */ 1664 static int 1665 zfs_ioc_pool_scan(zfs_cmd_t *zc) 1666 { 1667 spa_t *spa; 1668 int error; 1669 1670 if (zc->zc_flags >= POOL_SCRUB_FLAGS_END) 1671 return (SET_ERROR(EINVAL)); 1672 1673 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1674 return (error); 1675 1676 if (zc->zc_flags == POOL_SCRUB_PAUSE) 1677 error = spa_scrub_pause_resume(spa, POOL_SCRUB_PAUSE); 1678 else if (zc->zc_cookie == POOL_SCAN_NONE) 1679 error = spa_scan_stop(spa); 1680 else 1681 error = spa_scan(spa, zc->zc_cookie); 1682 1683 spa_close(spa, FTAG); 1684 1685 return (error); 1686 } 1687 1688 /* 1689 * inputs: 1690 * poolname name of the pool 1691 * scan_type scan func (pool_scan_func_t) 1692 * scan_command scrub pause/resume flag (pool_scrub_cmd_t) 1693 */ 1694 static const zfs_ioc_key_t zfs_keys_pool_scrub[] = { 1695 {"scan_type", DATA_TYPE_UINT64, 0}, 1696 {"scan_command", DATA_TYPE_UINT64, 0}, 1697 }; 1698 1699 static int 1700 zfs_ioc_pool_scrub(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 1701 { 1702 spa_t *spa; 1703 int error; 1704 uint64_t scan_type, scan_cmd; 1705 1706 if (nvlist_lookup_uint64(innvl, "scan_type", &scan_type) != 0) 1707 return (SET_ERROR(EINVAL)); 1708 if (nvlist_lookup_uint64(innvl, "scan_command", &scan_cmd) != 0) 1709 return (SET_ERROR(EINVAL)); 1710 1711 if (scan_cmd >= POOL_SCRUB_FLAGS_END) 1712 return (SET_ERROR(EINVAL)); 1713 1714 if ((error = spa_open(poolname, &spa, FTAG)) != 0) 1715 return (error); 1716 1717 if (scan_cmd == POOL_SCRUB_PAUSE) { 1718 error = spa_scrub_pause_resume(spa, POOL_SCRUB_PAUSE); 1719 } else if (scan_type == POOL_SCAN_NONE) { 1720 error = spa_scan_stop(spa); 1721 } else { 1722 error = spa_scan(spa, scan_type); 1723 } 1724 1725 spa_close(spa, FTAG); 1726 return (error); 1727 } 1728 1729 static int 1730 zfs_ioc_pool_freeze(zfs_cmd_t *zc) 1731 { 1732 spa_t *spa; 1733 int error; 1734 1735 error = spa_open(zc->zc_name, &spa, FTAG); 1736 if (error == 0) { 1737 spa_freeze(spa); 1738 spa_close(spa, FTAG); 1739 } 1740 return (error); 1741 } 1742 1743 static int 1744 zfs_ioc_pool_upgrade(zfs_cmd_t *zc) 1745 { 1746 spa_t *spa; 1747 int error; 1748 1749 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1750 return (error); 1751 1752 if (zc->zc_cookie < spa_version(spa) || 1753 !SPA_VERSION_IS_SUPPORTED(zc->zc_cookie)) { 1754 spa_close(spa, FTAG); 1755 return (SET_ERROR(EINVAL)); 1756 } 1757 1758 spa_upgrade(spa, zc->zc_cookie); 1759 spa_close(spa, FTAG); 1760 1761 return (error); 1762 } 1763 1764 static int 1765 zfs_ioc_pool_get_history(zfs_cmd_t *zc) 1766 { 1767 spa_t *spa; 1768 char *hist_buf; 1769 uint64_t size; 1770 int error; 1771 1772 if ((size = zc->zc_history_len) == 0) 1773 return (SET_ERROR(EINVAL)); 1774 1775 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1776 return (error); 1777 1778 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) { 1779 spa_close(spa, FTAG); 1780 return (SET_ERROR(ENOTSUP)); 1781 } 1782 1783 hist_buf = vmem_alloc(size, KM_SLEEP); 1784 if ((error = spa_history_get(spa, &zc->zc_history_offset, 1785 &zc->zc_history_len, hist_buf)) == 0) { 1786 error = ddi_copyout(hist_buf, 1787 (void *)(uintptr_t)zc->zc_history, 1788 zc->zc_history_len, zc->zc_iflags); 1789 } 1790 1791 spa_close(spa, FTAG); 1792 vmem_free(hist_buf, size); 1793 return (error); 1794 } 1795 1796 /* 1797 * inputs: 1798 * zc_nvlist_src nvlist optionally containing ZPOOL_REGUID_GUID 1799 * zc_nvlist_src_size size of the nvlist 1800 */ 1801 static int 1802 zfs_ioc_pool_reguid(zfs_cmd_t *zc) 1803 { 1804 uint64_t *guidp = NULL; 1805 nvlist_t *props = NULL; 1806 spa_t *spa; 1807 uint64_t guid; 1808 int error; 1809 1810 if (zc->zc_nvlist_src_size != 0) { 1811 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1812 zc->zc_iflags, &props); 1813 if (error != 0) 1814 return (error); 1815 1816 error = nvlist_lookup_uint64(props, ZPOOL_REGUID_GUID, &guid); 1817 if (error == 0) 1818 guidp = &guid; 1819 else if (error == ENOENT) 1820 guidp = NULL; 1821 else 1822 goto out; 1823 } 1824 1825 error = spa_open(zc->zc_name, &spa, FTAG); 1826 if (error == 0) { 1827 error = spa_change_guid(spa, guidp); 1828 spa_close(spa, FTAG); 1829 } 1830 1831 out: 1832 if (props != NULL) 1833 nvlist_free(props); 1834 1835 return (error); 1836 } 1837 1838 static int 1839 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc) 1840 { 1841 return (dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value)); 1842 } 1843 1844 /* 1845 * inputs: 1846 * zc_name name of filesystem 1847 * zc_obj object to find 1848 * 1849 * outputs: 1850 * zc_value name of object 1851 */ 1852 static int 1853 zfs_ioc_obj_to_path(zfs_cmd_t *zc) 1854 { 1855 objset_t *os; 1856 int error; 1857 1858 /* XXX reading from objset not owned */ 1859 if ((error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, 1860 FTAG, &os)) != 0) 1861 return (error); 1862 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1863 dmu_objset_rele_flags(os, B_TRUE, FTAG); 1864 return (SET_ERROR(EINVAL)); 1865 } 1866 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value, 1867 sizeof (zc->zc_value)); 1868 dmu_objset_rele_flags(os, B_TRUE, FTAG); 1869 1870 return (error); 1871 } 1872 1873 /* 1874 * inputs: 1875 * zc_name name of filesystem 1876 * zc_obj object to find 1877 * 1878 * outputs: 1879 * zc_stat stats on object 1880 * zc_value path to object 1881 */ 1882 static int 1883 zfs_ioc_obj_to_stats(zfs_cmd_t *zc) 1884 { 1885 objset_t *os; 1886 int error; 1887 1888 /* XXX reading from objset not owned */ 1889 if ((error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, 1890 FTAG, &os)) != 0) 1891 return (error); 1892 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1893 dmu_objset_rele_flags(os, B_TRUE, FTAG); 1894 return (SET_ERROR(EINVAL)); 1895 } 1896 error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value, 1897 sizeof (zc->zc_value)); 1898 dmu_objset_rele_flags(os, B_TRUE, FTAG); 1899 1900 return (error); 1901 } 1902 1903 static int 1904 zfs_ioc_vdev_add(zfs_cmd_t *zc) 1905 { 1906 spa_t *spa; 1907 int error; 1908 nvlist_t *config; 1909 1910 error = spa_open(zc->zc_name, &spa, FTAG); 1911 if (error != 0) 1912 return (error); 1913 1914 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1915 zc->zc_iflags, &config); 1916 if (error == 0) { 1917 error = spa_vdev_add(spa, config, zc->zc_flags); 1918 nvlist_free(config); 1919 } 1920 spa_close(spa, FTAG); 1921 return (error); 1922 } 1923 1924 /* 1925 * inputs: 1926 * zc_name name of the pool 1927 * zc_guid guid of vdev to remove 1928 * zc_cookie cancel removal 1929 */ 1930 static int 1931 zfs_ioc_vdev_remove(zfs_cmd_t *zc) 1932 { 1933 spa_t *spa; 1934 int error; 1935 1936 error = spa_open(zc->zc_name, &spa, FTAG); 1937 if (error != 0) 1938 return (error); 1939 if (zc->zc_cookie != 0) { 1940 error = spa_vdev_remove_cancel(spa); 1941 } else { 1942 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE); 1943 } 1944 spa_close(spa, FTAG); 1945 return (error); 1946 } 1947 1948 static int 1949 zfs_ioc_vdev_set_state(zfs_cmd_t *zc) 1950 { 1951 spa_t *spa; 1952 int error; 1953 vdev_state_t newstate = VDEV_STATE_UNKNOWN; 1954 1955 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1956 return (error); 1957 switch (zc->zc_cookie) { 1958 case VDEV_STATE_ONLINE: 1959 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate); 1960 break; 1961 1962 case VDEV_STATE_OFFLINE: 1963 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj); 1964 break; 1965 1966 case VDEV_STATE_FAULTED: 1967 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED && 1968 zc->zc_obj != VDEV_AUX_EXTERNAL && 1969 zc->zc_obj != VDEV_AUX_EXTERNAL_PERSIST) 1970 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED; 1971 1972 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj); 1973 break; 1974 1975 case VDEV_STATE_DEGRADED: 1976 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED && 1977 zc->zc_obj != VDEV_AUX_EXTERNAL) 1978 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED; 1979 1980 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj); 1981 break; 1982 1983 case VDEV_STATE_REMOVED: 1984 error = vdev_remove_wanted(spa, zc->zc_guid); 1985 break; 1986 1987 default: 1988 error = SET_ERROR(EINVAL); 1989 } 1990 zc->zc_cookie = newstate; 1991 spa_close(spa, FTAG); 1992 return (error); 1993 } 1994 1995 static int 1996 zfs_ioc_vdev_attach(zfs_cmd_t *zc) 1997 { 1998 spa_t *spa; 1999 nvlist_t *config; 2000 int replacing = zc->zc_cookie; 2001 int rebuild = zc->zc_simple; 2002 int error; 2003 2004 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 2005 return (error); 2006 2007 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 2008 zc->zc_iflags, &config)) == 0) { 2009 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing, 2010 rebuild); 2011 nvlist_free(config); 2012 } 2013 2014 spa_close(spa, FTAG); 2015 return (error); 2016 } 2017 2018 static int 2019 zfs_ioc_vdev_detach(zfs_cmd_t *zc) 2020 { 2021 spa_t *spa; 2022 int error; 2023 2024 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 2025 return (error); 2026 2027 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE); 2028 2029 spa_close(spa, FTAG); 2030 return (error); 2031 } 2032 2033 static int 2034 zfs_ioc_vdev_split(zfs_cmd_t *zc) 2035 { 2036 spa_t *spa; 2037 nvlist_t *config, *props = NULL; 2038 int error; 2039 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT); 2040 2041 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 2042 return (error); 2043 2044 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 2045 zc->zc_iflags, &config))) { 2046 spa_close(spa, FTAG); 2047 return (error); 2048 } 2049 2050 if (zc->zc_nvlist_src_size != 0 && (error = 2051 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2052 zc->zc_iflags, &props))) { 2053 spa_close(spa, FTAG); 2054 nvlist_free(config); 2055 return (error); 2056 } 2057 2058 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp); 2059 2060 spa_close(spa, FTAG); 2061 2062 nvlist_free(config); 2063 nvlist_free(props); 2064 2065 return (error); 2066 } 2067 2068 static int 2069 zfs_ioc_vdev_setpath(zfs_cmd_t *zc) 2070 { 2071 spa_t *spa; 2072 const char *path = zc->zc_value; 2073 uint64_t guid = zc->zc_guid; 2074 int error; 2075 2076 error = spa_open(zc->zc_name, &spa, FTAG); 2077 if (error != 0) 2078 return (error); 2079 2080 error = spa_vdev_setpath(spa, guid, path); 2081 spa_close(spa, FTAG); 2082 return (error); 2083 } 2084 2085 static int 2086 zfs_ioc_vdev_setfru(zfs_cmd_t *zc) 2087 { 2088 spa_t *spa; 2089 const char *fru = zc->zc_value; 2090 uint64_t guid = zc->zc_guid; 2091 int error; 2092 2093 error = spa_open(zc->zc_name, &spa, FTAG); 2094 if (error != 0) 2095 return (error); 2096 2097 error = spa_vdev_setfru(spa, guid, fru); 2098 spa_close(spa, FTAG); 2099 return (error); 2100 } 2101 2102 static int 2103 zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os) 2104 { 2105 int error = 0; 2106 nvlist_t *nv; 2107 2108 dmu_objset_fast_stat(os, &zc->zc_objset_stats); 2109 2110 if (!zc->zc_simple && zc->zc_nvlist_dst != 0 && 2111 (error = dsl_prop_get_all(os, &nv)) == 0) { 2112 dmu_objset_stats(os, nv); 2113 /* 2114 * NB: zvol_get_stats() will read the objset contents, 2115 * which we aren't supposed to do with a 2116 * DS_MODE_USER hold, because it could be 2117 * inconsistent. So this is a bit of a workaround... 2118 * XXX reading without owning 2119 */ 2120 if (!zc->zc_objset_stats.dds_inconsistent && 2121 dmu_objset_type(os) == DMU_OST_ZVOL) { 2122 error = zvol_get_stats(os, nv); 2123 if (error == EIO) { 2124 nvlist_free(nv); 2125 return (error); 2126 } 2127 VERIFY0(error); 2128 } 2129 if (error == 0) 2130 error = put_nvlist(zc, nv); 2131 nvlist_free(nv); 2132 } 2133 2134 return (error); 2135 } 2136 2137 /* 2138 * inputs: 2139 * zc_name name of filesystem 2140 * zc_nvlist_dst_size size of buffer for property nvlist 2141 * 2142 * outputs: 2143 * zc_objset_stats stats 2144 * zc_nvlist_dst property nvlist 2145 * zc_nvlist_dst_size size of property nvlist 2146 */ 2147 static int 2148 zfs_ioc_objset_stats(zfs_cmd_t *zc) 2149 { 2150 objset_t *os; 2151 int error; 2152 2153 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 2154 if (error == 0) { 2155 error = zfs_ioc_objset_stats_impl(zc, os); 2156 dmu_objset_rele(os, FTAG); 2157 } 2158 2159 return (error); 2160 } 2161 2162 /* 2163 * inputs: 2164 * zc_name name of filesystem 2165 * zc_nvlist_dst_size size of buffer for property nvlist 2166 * 2167 * outputs: 2168 * zc_nvlist_dst received property nvlist 2169 * zc_nvlist_dst_size size of received property nvlist 2170 * 2171 * Gets received properties (distinct from local properties on or after 2172 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from 2173 * local property values. 2174 */ 2175 static int 2176 zfs_ioc_objset_recvd_props(zfs_cmd_t *zc) 2177 { 2178 int error = 0; 2179 nvlist_t *nv; 2180 2181 /* 2182 * Without this check, we would return local property values if the 2183 * caller has not already received properties on or after 2184 * SPA_VERSION_RECVD_PROPS. 2185 */ 2186 if (!dsl_prop_get_hasrecvd(zc->zc_name)) 2187 return (SET_ERROR(ENOTSUP)); 2188 2189 if (zc->zc_nvlist_dst != 0 && 2190 (error = dsl_prop_get_received(zc->zc_name, &nv)) == 0) { 2191 error = put_nvlist(zc, nv); 2192 nvlist_free(nv); 2193 } 2194 2195 return (error); 2196 } 2197 2198 static int 2199 nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop) 2200 { 2201 uint64_t value; 2202 int error; 2203 2204 /* 2205 * zfs_get_zplprop() will either find a value or give us 2206 * the default value (if there is one). 2207 */ 2208 if ((error = zfs_get_zplprop(os, prop, &value)) != 0) 2209 return (error); 2210 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0); 2211 return (0); 2212 } 2213 2214 /* 2215 * inputs: 2216 * zc_name name of filesystem 2217 * zc_nvlist_dst_size size of buffer for zpl property nvlist 2218 * 2219 * outputs: 2220 * zc_nvlist_dst zpl property nvlist 2221 * zc_nvlist_dst_size size of zpl property nvlist 2222 */ 2223 static int 2224 zfs_ioc_objset_zplprops(zfs_cmd_t *zc) 2225 { 2226 objset_t *os; 2227 int err; 2228 2229 /* XXX reading without owning */ 2230 if ((err = dmu_objset_hold(zc->zc_name, FTAG, &os))) 2231 return (err); 2232 2233 dmu_objset_fast_stat(os, &zc->zc_objset_stats); 2234 2235 /* 2236 * NB: nvl_add_zplprop() will read the objset contents, 2237 * which we aren't supposed to do with a DS_MODE_USER 2238 * hold, because it could be inconsistent. 2239 */ 2240 if (zc->zc_nvlist_dst != 0 && 2241 !zc->zc_objset_stats.dds_inconsistent && 2242 dmu_objset_type(os) == DMU_OST_ZFS) { 2243 nvlist_t *nv; 2244 2245 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2246 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 && 2247 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 && 2248 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 && 2249 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0) 2250 err = put_nvlist(zc, nv); 2251 nvlist_free(nv); 2252 } else { 2253 err = SET_ERROR(ENOENT); 2254 } 2255 dmu_objset_rele(os, FTAG); 2256 return (err); 2257 } 2258 2259 /* 2260 * inputs: 2261 * zc_name name of filesystem 2262 * zc_cookie zap cursor 2263 * zc_nvlist_dst_size size of buffer for property nvlist 2264 * 2265 * outputs: 2266 * zc_name name of next filesystem 2267 * zc_cookie zap cursor 2268 * zc_objset_stats stats 2269 * zc_nvlist_dst property nvlist 2270 * zc_nvlist_dst_size size of property nvlist 2271 */ 2272 static int 2273 zfs_ioc_dataset_list_next(zfs_cmd_t *zc) 2274 { 2275 objset_t *os; 2276 int error; 2277 char *p; 2278 size_t orig_len = strlen(zc->zc_name); 2279 2280 top: 2281 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os))) { 2282 if (error == ENOENT) 2283 error = SET_ERROR(ESRCH); 2284 return (error); 2285 } 2286 2287 p = strrchr(zc->zc_name, '/'); 2288 if (p == NULL || p[1] != '\0') 2289 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name)); 2290 p = zc->zc_name + strlen(zc->zc_name); 2291 2292 do { 2293 error = dmu_dir_list_next(os, 2294 sizeof (zc->zc_name) - (p - zc->zc_name), p, 2295 NULL, &zc->zc_cookie); 2296 if (error == ENOENT) 2297 error = SET_ERROR(ESRCH); 2298 } while (error == 0 && zfs_dataset_name_hidden(zc->zc_name)); 2299 dmu_objset_rele(os, FTAG); 2300 2301 /* 2302 * If it's an internal dataset (ie. with a '$' in its name), 2303 * don't try to get stats for it, otherwise we'll return ENOENT. 2304 */ 2305 if (error == 0 && strchr(zc->zc_name, '$') == NULL) { 2306 error = zfs_ioc_objset_stats(zc); /* fill in the stats */ 2307 if (error == ENOENT) { 2308 /* We lost a race with destroy, get the next one. */ 2309 zc->zc_name[orig_len] = '\0'; 2310 goto top; 2311 } 2312 } 2313 return (error); 2314 } 2315 2316 /* 2317 * inputs: 2318 * zc_name name of filesystem 2319 * zc_cookie zap cursor 2320 * zc_nvlist_src iteration range nvlist 2321 * zc_nvlist_src_size size of iteration range nvlist 2322 * 2323 * outputs: 2324 * zc_name name of next snapshot 2325 * zc_objset_stats stats 2326 * zc_nvlist_dst property nvlist 2327 * zc_nvlist_dst_size size of property nvlist 2328 */ 2329 static int 2330 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc) 2331 { 2332 int error; 2333 objset_t *os, *ossnap; 2334 dsl_dataset_t *ds; 2335 uint64_t min_txg = 0, max_txg = 0; 2336 2337 if (zc->zc_nvlist_src_size != 0) { 2338 nvlist_t *props = NULL; 2339 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2340 zc->zc_iflags, &props); 2341 if (error != 0) 2342 return (error); 2343 (void) nvlist_lookup_uint64(props, SNAP_ITER_MIN_TXG, 2344 &min_txg); 2345 (void) nvlist_lookup_uint64(props, SNAP_ITER_MAX_TXG, 2346 &max_txg); 2347 nvlist_free(props); 2348 } 2349 2350 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 2351 if (error != 0) { 2352 return (error == ENOENT ? SET_ERROR(ESRCH) : error); 2353 } 2354 2355 /* 2356 * A dataset name of maximum length cannot have any snapshots, 2357 * so exit immediately. 2358 */ 2359 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >= 2360 ZFS_MAX_DATASET_NAME_LEN) { 2361 dmu_objset_rele(os, FTAG); 2362 return (SET_ERROR(ESRCH)); 2363 } 2364 2365 while (error == 0) { 2366 if (issig()) { 2367 error = SET_ERROR(EINTR); 2368 break; 2369 } 2370 2371 error = dmu_snapshot_list_next(os, 2372 sizeof (zc->zc_name) - strlen(zc->zc_name), 2373 zc->zc_name + strlen(zc->zc_name), &zc->zc_obj, 2374 &zc->zc_cookie, NULL); 2375 if (error == ENOENT) { 2376 error = SET_ERROR(ESRCH); 2377 break; 2378 } else if (error != 0) { 2379 break; 2380 } 2381 2382 error = dsl_dataset_hold_obj(dmu_objset_pool(os), zc->zc_obj, 2383 FTAG, &ds); 2384 if (error != 0) 2385 break; 2386 2387 if ((min_txg != 0 && dsl_get_creationtxg(ds) < min_txg) || 2388 (max_txg != 0 && dsl_get_creationtxg(ds) > max_txg)) { 2389 dsl_dataset_rele(ds, FTAG); 2390 /* undo snapshot name append */ 2391 *(strchr(zc->zc_name, '@') + 1) = '\0'; 2392 /* skip snapshot */ 2393 continue; 2394 } 2395 2396 if (zc->zc_simple) { 2397 dsl_dataset_fast_stat(ds, &zc->zc_objset_stats); 2398 dsl_dataset_rele(ds, FTAG); 2399 break; 2400 } 2401 2402 if ((error = dmu_objset_from_ds(ds, &ossnap)) != 0) { 2403 dsl_dataset_rele(ds, FTAG); 2404 break; 2405 } 2406 if ((error = zfs_ioc_objset_stats_impl(zc, ossnap)) != 0) { 2407 dsl_dataset_rele(ds, FTAG); 2408 break; 2409 } 2410 dsl_dataset_rele(ds, FTAG); 2411 break; 2412 } 2413 2414 dmu_objset_rele(os, FTAG); 2415 /* if we failed, undo the @ that we tacked on to zc_name */ 2416 if (error != 0) 2417 *strchr(zc->zc_name, '@') = '\0'; 2418 return (error); 2419 } 2420 2421 static int 2422 zfs_prop_set_userquota(const char *dsname, nvpair_t *pair) 2423 { 2424 const char *propname = nvpair_name(pair); 2425 uint64_t *valary; 2426 unsigned int vallen; 2427 const char *dash, *domain; 2428 zfs_userquota_prop_t type; 2429 uint64_t rid; 2430 uint64_t quota; 2431 zfsvfs_t *zfsvfs; 2432 int err; 2433 2434 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2435 nvlist_t *attrs; 2436 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 2437 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2438 &pair) != 0) 2439 return (SET_ERROR(EINVAL)); 2440 } 2441 2442 /* 2443 * A correctly constructed propname is encoded as 2444 * userquota@<rid>-<domain>. 2445 */ 2446 if ((dash = strchr(propname, '-')) == NULL || 2447 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 || 2448 vallen != 3) 2449 return (SET_ERROR(EINVAL)); 2450 2451 domain = dash + 1; 2452 type = valary[0]; 2453 rid = valary[1]; 2454 quota = valary[2]; 2455 2456 err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE); 2457 if (err == 0) { 2458 err = zfs_set_userquota(zfsvfs, type, domain, rid, quota); 2459 zfsvfs_rele(zfsvfs, FTAG); 2460 } 2461 2462 return (err); 2463 } 2464 2465 /* 2466 * If the named property is one that has a special function to set its value, 2467 * return 0 on success and a positive error code on failure; otherwise if it is 2468 * not one of the special properties handled by this function, return -1. 2469 * 2470 * XXX: It would be better for callers of the property interface if we handled 2471 * these special cases in dsl_prop.c (in the dsl layer). 2472 */ 2473 static int 2474 zfs_prop_set_special(const char *dsname, zprop_source_t source, 2475 nvpair_t *pair) 2476 { 2477 const char *propname = nvpair_name(pair); 2478 zfs_prop_t prop = zfs_name_to_prop(propname); 2479 uint64_t intval = 0; 2480 const char *strval = NULL; 2481 int err = -1; 2482 2483 if (prop == ZPROP_USERPROP) { 2484 if (zfs_prop_userquota(propname)) 2485 return (zfs_prop_set_userquota(dsname, pair)); 2486 return (-1); 2487 } 2488 2489 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2490 nvlist_t *attrs; 2491 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 2492 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2493 &pair) == 0); 2494 } 2495 2496 /* all special properties are numeric except for keylocation */ 2497 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING) { 2498 strval = fnvpair_value_string(pair); 2499 } else { 2500 intval = fnvpair_value_uint64(pair); 2501 } 2502 2503 switch (prop) { 2504 case ZFS_PROP_QUOTA: 2505 err = dsl_dir_set_quota(dsname, source, intval); 2506 break; 2507 case ZFS_PROP_REFQUOTA: 2508 err = dsl_dataset_set_refquota(dsname, source, intval); 2509 break; 2510 case ZFS_PROP_FILESYSTEM_LIMIT: 2511 case ZFS_PROP_SNAPSHOT_LIMIT: 2512 if (intval == UINT64_MAX) { 2513 /* clearing the limit, just do it */ 2514 err = 0; 2515 } else { 2516 err = dsl_dir_activate_fs_ss_limit(dsname); 2517 } 2518 /* 2519 * Set err to -1 to force the zfs_set_prop_nvlist code down the 2520 * default path to set the value in the nvlist. 2521 */ 2522 if (err == 0) 2523 err = -1; 2524 break; 2525 case ZFS_PROP_KEYLOCATION: 2526 err = dsl_crypto_can_set_keylocation(dsname, strval); 2527 2528 /* 2529 * Set err to -1 to force the zfs_set_prop_nvlist code down the 2530 * default path to set the value in the nvlist. 2531 */ 2532 if (err == 0) 2533 err = -1; 2534 break; 2535 case ZFS_PROP_RESERVATION: 2536 err = dsl_dir_set_reservation(dsname, source, intval); 2537 break; 2538 case ZFS_PROP_REFRESERVATION: 2539 err = dsl_dataset_set_refreservation(dsname, source, intval); 2540 break; 2541 case ZFS_PROP_COMPRESSION: 2542 err = dsl_dataset_set_compression(dsname, source, intval); 2543 /* 2544 * Set err to -1 to force the zfs_set_prop_nvlist code down the 2545 * default path to set the value in the nvlist. 2546 */ 2547 if (err == 0) 2548 err = -1; 2549 break; 2550 case ZFS_PROP_VOLSIZE: 2551 err = zvol_set_volsize(dsname, intval); 2552 break; 2553 case ZFS_PROP_VOLTHREADING: 2554 err = zvol_set_volthreading(dsname, intval); 2555 /* 2556 * Set err to -1 to force the zfs_set_prop_nvlist code down the 2557 * default path to set the value in the nvlist. 2558 */ 2559 if (err == 0) 2560 err = -1; 2561 break; 2562 case ZFS_PROP_SNAPDEV: 2563 case ZFS_PROP_VOLMODE: 2564 err = zvol_set_common(dsname, prop, source, intval); 2565 break; 2566 case ZFS_PROP_READONLY: 2567 err = zvol_set_ro(dsname, intval); 2568 /* 2569 * Set err to -1 to force the zfs_set_prop_nvlist code down the 2570 * default path to set the value in the nvlist. 2571 */ 2572 if (err == 0) 2573 err = -1; 2574 break; 2575 case ZFS_PROP_VERSION: 2576 { 2577 zfsvfs_t *zfsvfs; 2578 2579 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0) 2580 break; 2581 2582 err = zfs_set_version(zfsvfs, intval); 2583 zfsvfs_rele(zfsvfs, FTAG); 2584 2585 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) { 2586 zfs_cmd_t *zc; 2587 2588 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP); 2589 (void) strlcpy(zc->zc_name, dsname, 2590 sizeof (zc->zc_name)); 2591 (void) zfs_ioc_userspace_upgrade(zc); 2592 (void) zfs_ioc_id_quota_upgrade(zc); 2593 kmem_free(zc, sizeof (zfs_cmd_t)); 2594 } 2595 break; 2596 } 2597 case ZFS_PROP_LONGNAME: 2598 { 2599 zfsvfs_t *zfsvfs; 2600 2601 /* 2602 * Ignore the checks if the property is being applied as part of 2603 * 'zfs receive'. Because, we already check if the local pool 2604 * has SPA_FEATURE_LONGNAME enabled in dmu_recv_begin_check(). 2605 */ 2606 if (source == ZPROP_SRC_RECEIVED) { 2607 cmn_err(CE_NOTE, "Skipping ZFS_PROP_LONGNAME checks " 2608 "for dsname=%s\n", dsname); 2609 err = -1; 2610 break; 2611 } 2612 2613 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE)) != 0) { 2614 cmn_err(CE_WARN, "%s:%d Failed to hold for dsname=%s " 2615 "err=%d\n", __FILE__, __LINE__, dsname, err); 2616 break; 2617 } 2618 2619 if (!spa_feature_is_enabled(zfsvfs->z_os->os_spa, 2620 SPA_FEATURE_LONGNAME)) { 2621 err = ENOTSUP; 2622 } else { 2623 /* 2624 * Set err to -1 to force the zfs_set_prop_nvlist code 2625 * down the default path to set the value in the nvlist. 2626 */ 2627 err = -1; 2628 } 2629 zfsvfs_rele(zfsvfs, FTAG); 2630 break; 2631 } 2632 default: 2633 err = -1; 2634 } 2635 2636 return (err); 2637 } 2638 2639 static boolean_t 2640 zfs_is_namespace_prop(zfs_prop_t prop) 2641 { 2642 switch (prop) { 2643 2644 case ZFS_PROP_ATIME: 2645 case ZFS_PROP_RELATIME: 2646 case ZFS_PROP_DEVICES: 2647 case ZFS_PROP_EXEC: 2648 case ZFS_PROP_SETUID: 2649 case ZFS_PROP_READONLY: 2650 case ZFS_PROP_XATTR: 2651 case ZFS_PROP_NBMAND: 2652 return (B_TRUE); 2653 2654 default: 2655 return (B_FALSE); 2656 } 2657 } 2658 2659 /* 2660 * This function is best effort. If it fails to set any of the given properties, 2661 * it continues to set as many as it can and returns the last error 2662 * encountered. If the caller provides a non-NULL errlist, it will be filled in 2663 * with the list of names of all the properties that failed along with the 2664 * corresponding error numbers. 2665 * 2666 * If every property is set successfully, zero is returned and errlist is not 2667 * modified. 2668 */ 2669 int 2670 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl, 2671 nvlist_t *errlist) 2672 { 2673 nvpair_t *pair; 2674 nvpair_t *propval; 2675 int rv = 0; 2676 int err; 2677 uint64_t intval; 2678 const char *strval; 2679 boolean_t should_update_mount_cache = B_FALSE; 2680 2681 nvlist_t *genericnvl = fnvlist_alloc(); 2682 nvlist_t *retrynvl = fnvlist_alloc(); 2683 retry: 2684 pair = NULL; 2685 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) { 2686 const char *propname = nvpair_name(pair); 2687 zfs_prop_t prop = zfs_name_to_prop(propname); 2688 err = 0; 2689 2690 /* decode the property value */ 2691 propval = pair; 2692 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2693 nvlist_t *attrs; 2694 attrs = fnvpair_value_nvlist(pair); 2695 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2696 &propval) != 0) 2697 err = SET_ERROR(EINVAL); 2698 } 2699 2700 /* Validate value type */ 2701 if (err == 0 && source == ZPROP_SRC_INHERITED) { 2702 /* inherited properties are expected to be booleans */ 2703 if (nvpair_type(propval) != DATA_TYPE_BOOLEAN) 2704 err = SET_ERROR(EINVAL); 2705 } else if (err == 0 && prop == ZPROP_USERPROP) { 2706 if (zfs_prop_user(propname)) { 2707 if (nvpair_type(propval) != DATA_TYPE_STRING) 2708 err = SET_ERROR(EINVAL); 2709 } else if (zfs_prop_userquota(propname)) { 2710 if (nvpair_type(propval) != 2711 DATA_TYPE_UINT64_ARRAY) 2712 err = SET_ERROR(EINVAL); 2713 } else { 2714 err = SET_ERROR(EINVAL); 2715 } 2716 } else if (err == 0) { 2717 if (nvpair_type(propval) == DATA_TYPE_STRING) { 2718 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING) 2719 err = SET_ERROR(EINVAL); 2720 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) { 2721 const char *unused; 2722 2723 intval = fnvpair_value_uint64(propval); 2724 2725 switch (zfs_prop_get_type(prop)) { 2726 case PROP_TYPE_NUMBER: 2727 break; 2728 case PROP_TYPE_STRING: 2729 err = SET_ERROR(EINVAL); 2730 break; 2731 case PROP_TYPE_INDEX: 2732 if (zfs_prop_index_to_string(prop, 2733 intval, &unused) != 0) 2734 err = 2735 SET_ERROR(ZFS_ERR_BADPROP); 2736 break; 2737 default: 2738 cmn_err(CE_PANIC, 2739 "unknown property type"); 2740 } 2741 } else { 2742 err = SET_ERROR(EINVAL); 2743 } 2744 } 2745 2746 /* Validate permissions */ 2747 if (err == 0) 2748 err = zfs_check_settable(dsname, pair, CRED()); 2749 2750 if (err == 0) { 2751 if (source == ZPROP_SRC_INHERITED) 2752 err = -1; /* does not need special handling */ 2753 else 2754 err = zfs_prop_set_special(dsname, source, 2755 pair); 2756 if (err == -1) { 2757 /* 2758 * For better performance we build up a list of 2759 * properties to set in a single transaction. 2760 */ 2761 err = nvlist_add_nvpair(genericnvl, pair); 2762 } else if (err != 0 && nvl != retrynvl) { 2763 /* 2764 * This may be a spurious error caused by 2765 * receiving quota and reservation out of order. 2766 * Try again in a second pass. 2767 */ 2768 err = nvlist_add_nvpair(retrynvl, pair); 2769 } 2770 } 2771 2772 if (err != 0) { 2773 if (errlist != NULL) 2774 fnvlist_add_int32(errlist, propname, err); 2775 rv = err; 2776 } 2777 2778 if (zfs_is_namespace_prop(prop)) 2779 should_update_mount_cache = B_TRUE; 2780 } 2781 2782 if (nvl != retrynvl && !nvlist_empty(retrynvl)) { 2783 nvl = retrynvl; 2784 goto retry; 2785 } 2786 2787 if (nvlist_empty(genericnvl)) 2788 goto out; 2789 2790 /* 2791 * Try to set them all in one batch. 2792 */ 2793 err = dsl_props_set(dsname, source, genericnvl); 2794 if (err == 0) 2795 goto out; 2796 2797 /* 2798 * If batching fails, we still want to set as many properties as we 2799 * can, so try setting them individually. 2800 */ 2801 pair = NULL; 2802 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) { 2803 const char *propname = nvpair_name(pair); 2804 2805 propval = pair; 2806 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2807 nvlist_t *attrs; 2808 attrs = fnvpair_value_nvlist(pair); 2809 propval = fnvlist_lookup_nvpair(attrs, ZPROP_VALUE); 2810 } 2811 2812 if (nvpair_type(propval) == DATA_TYPE_STRING) { 2813 strval = fnvpair_value_string(propval); 2814 err = dsl_prop_set_string(dsname, propname, 2815 source, strval); 2816 } else if (nvpair_type(propval) == DATA_TYPE_BOOLEAN) { 2817 err = dsl_prop_inherit(dsname, propname, source); 2818 } else { 2819 intval = fnvpair_value_uint64(propval); 2820 err = dsl_prop_set_int(dsname, propname, source, 2821 intval); 2822 } 2823 2824 if (err != 0) { 2825 if (errlist != NULL) { 2826 fnvlist_add_int32(errlist, propname, err); 2827 } 2828 rv = err; 2829 } 2830 } 2831 2832 out: 2833 if (should_update_mount_cache) 2834 zfs_ioctl_update_mount_cache(dsname); 2835 2836 nvlist_free(genericnvl); 2837 nvlist_free(retrynvl); 2838 2839 return (rv); 2840 } 2841 2842 /* 2843 * Check that all the properties are valid user properties. 2844 */ 2845 static int 2846 zfs_check_userprops(nvlist_t *nvl) 2847 { 2848 nvpair_t *pair = NULL; 2849 2850 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) { 2851 const char *propname = nvpair_name(pair); 2852 2853 if (!zfs_prop_user(propname) || 2854 nvpair_type(pair) != DATA_TYPE_STRING) 2855 return (SET_ERROR(EINVAL)); 2856 2857 if (strlen(propname) >= ZAP_MAXNAMELEN) 2858 return (SET_ERROR(ENAMETOOLONG)); 2859 2860 if (strlen(fnvpair_value_string(pair)) >= ZAP_MAXVALUELEN) 2861 return (SET_ERROR(E2BIG)); 2862 } 2863 return (0); 2864 } 2865 2866 static void 2867 props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops) 2868 { 2869 nvpair_t *pair; 2870 2871 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2872 2873 pair = NULL; 2874 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) { 2875 if (nvlist_exists(skipped, nvpair_name(pair))) 2876 continue; 2877 2878 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0); 2879 } 2880 } 2881 2882 static int 2883 clear_received_props(const char *dsname, nvlist_t *props, 2884 nvlist_t *skipped) 2885 { 2886 int err = 0; 2887 nvlist_t *cleared_props = NULL; 2888 props_skip(props, skipped, &cleared_props); 2889 if (!nvlist_empty(cleared_props)) { 2890 /* 2891 * Acts on local properties until the dataset has received 2892 * properties at least once on or after SPA_VERSION_RECVD_PROPS. 2893 */ 2894 zprop_source_t flags = (ZPROP_SRC_NONE | 2895 (dsl_prop_get_hasrecvd(dsname) ? ZPROP_SRC_RECEIVED : 0)); 2896 err = zfs_set_prop_nvlist(dsname, flags, cleared_props, NULL); 2897 } 2898 nvlist_free(cleared_props); 2899 return (err); 2900 } 2901 2902 /* 2903 * inputs: 2904 * zc_name name of filesystem 2905 * zc_value name of property to set 2906 * zc_nvlist_src{_size} nvlist of properties to apply 2907 * zc_cookie received properties flag 2908 * 2909 * outputs: 2910 * zc_nvlist_dst{_size} error for each unapplied received property 2911 */ 2912 static int 2913 zfs_ioc_set_prop(zfs_cmd_t *zc) 2914 { 2915 nvlist_t *nvl; 2916 boolean_t received = zc->zc_cookie; 2917 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED : 2918 ZPROP_SRC_LOCAL); 2919 nvlist_t *errors; 2920 int error; 2921 2922 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2923 zc->zc_iflags, &nvl)) != 0) 2924 return (error); 2925 2926 if (received) { 2927 nvlist_t *origprops; 2928 2929 if (dsl_prop_get_received(zc->zc_name, &origprops) == 0) { 2930 (void) clear_received_props(zc->zc_name, 2931 origprops, nvl); 2932 nvlist_free(origprops); 2933 } 2934 2935 error = dsl_prop_set_hasrecvd(zc->zc_name); 2936 } 2937 2938 errors = fnvlist_alloc(); 2939 if (error == 0) 2940 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, errors); 2941 2942 if (zc->zc_nvlist_dst != 0 && errors != NULL) { 2943 (void) put_nvlist(zc, errors); 2944 } 2945 2946 nvlist_free(errors); 2947 nvlist_free(nvl); 2948 return (error); 2949 } 2950 2951 /* 2952 * inputs: 2953 * zc_name name of filesystem 2954 * zc_value name of property to inherit 2955 * zc_cookie revert to received value if TRUE 2956 * 2957 * outputs: none 2958 */ 2959 static int 2960 zfs_ioc_inherit_prop(zfs_cmd_t *zc) 2961 { 2962 const char *propname = zc->zc_value; 2963 zfs_prop_t prop = zfs_name_to_prop(propname); 2964 boolean_t received = zc->zc_cookie; 2965 zprop_source_t source = (received 2966 ? ZPROP_SRC_NONE /* revert to received value, if any */ 2967 : ZPROP_SRC_INHERITED); /* explicitly inherit */ 2968 nvlist_t *dummy; 2969 nvpair_t *pair; 2970 zprop_type_t type; 2971 int err; 2972 2973 if (!received) { 2974 /* 2975 * Only check this in the non-received case. We want to allow 2976 * 'inherit -S' to revert non-inheritable properties like quota 2977 * and reservation to the received or default values even though 2978 * they are not considered inheritable. 2979 */ 2980 if (prop != ZPROP_USERPROP && !zfs_prop_inheritable(prop)) 2981 return (SET_ERROR(EINVAL)); 2982 } 2983 2984 if (prop == ZPROP_USERPROP) { 2985 if (!zfs_prop_user(propname)) 2986 return (SET_ERROR(EINVAL)); 2987 2988 type = PROP_TYPE_STRING; 2989 } else if (prop == ZFS_PROP_VOLSIZE || prop == ZFS_PROP_VERSION) { 2990 return (SET_ERROR(EINVAL)); 2991 } else { 2992 type = zfs_prop_get_type(prop); 2993 } 2994 2995 /* 2996 * zfs_prop_set_special() expects properties in the form of an 2997 * nvpair with type info. 2998 */ 2999 dummy = fnvlist_alloc(); 3000 3001 switch (type) { 3002 case PROP_TYPE_STRING: 3003 VERIFY(0 == nvlist_add_string(dummy, propname, "")); 3004 break; 3005 case PROP_TYPE_NUMBER: 3006 case PROP_TYPE_INDEX: 3007 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0)); 3008 break; 3009 default: 3010 err = SET_ERROR(EINVAL); 3011 goto errout; 3012 } 3013 3014 pair = nvlist_next_nvpair(dummy, NULL); 3015 if (pair == NULL) { 3016 err = SET_ERROR(EINVAL); 3017 } else { 3018 err = zfs_prop_set_special(zc->zc_name, source, pair); 3019 if (err == -1) /* property is not "special", needs handling */ 3020 err = dsl_prop_inherit(zc->zc_name, zc->zc_value, 3021 source); 3022 } 3023 3024 errout: 3025 nvlist_free(dummy); 3026 return (err); 3027 } 3028 3029 static int 3030 zfs_ioc_pool_set_props(zfs_cmd_t *zc) 3031 { 3032 nvlist_t *props; 3033 spa_t *spa; 3034 int error; 3035 nvpair_t *pair; 3036 3037 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 3038 zc->zc_iflags, &props))) 3039 return (error); 3040 3041 /* 3042 * If the only property is the configfile, then just do a spa_lookup() 3043 * to handle the faulted case. 3044 */ 3045 pair = nvlist_next_nvpair(props, NULL); 3046 if (pair != NULL && strcmp(nvpair_name(pair), 3047 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 && 3048 nvlist_next_nvpair(props, pair) == NULL) { 3049 mutex_enter(&spa_namespace_lock); 3050 if ((spa = spa_lookup(zc->zc_name)) != NULL) { 3051 spa_configfile_set(spa, props, B_FALSE); 3052 spa_write_cachefile(spa, B_FALSE, B_TRUE, B_FALSE); 3053 } 3054 mutex_exit(&spa_namespace_lock); 3055 if (spa != NULL) { 3056 nvlist_free(props); 3057 return (0); 3058 } 3059 } 3060 3061 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) { 3062 nvlist_free(props); 3063 return (error); 3064 } 3065 3066 error = spa_prop_set(spa, props); 3067 3068 nvlist_free(props); 3069 spa_close(spa, FTAG); 3070 3071 return (error); 3072 } 3073 3074 /* 3075 * innvl: { 3076 * "get_props_names": [ "prop1", "prop2", ..., "propN" ] 3077 * } 3078 */ 3079 3080 static const zfs_ioc_key_t zfs_keys_get_props[] = { 3081 { ZPOOL_GET_PROPS_NAMES, DATA_TYPE_STRING_ARRAY, ZK_OPTIONAL }, 3082 }; 3083 3084 static int 3085 zfs_ioc_pool_get_props(const char *pool, nvlist_t *innvl, nvlist_t *outnvl) 3086 { 3087 spa_t *spa; 3088 char **props = NULL; 3089 unsigned int n_props = 0; 3090 int error; 3091 3092 if (nvlist_lookup_string_array(innvl, ZPOOL_GET_PROPS_NAMES, 3093 &props, &n_props) != 0) { 3094 props = NULL; 3095 } 3096 3097 if ((error = spa_open(pool, &spa, FTAG)) != 0) { 3098 /* 3099 * If the pool is faulted, there may be properties we can still 3100 * get (such as altroot and cachefile), so attempt to get them 3101 * anyway. 3102 */ 3103 mutex_enter(&spa_namespace_lock); 3104 if ((spa = spa_lookup(pool)) != NULL) { 3105 error = spa_prop_get(spa, outnvl); 3106 if (error == 0 && props != NULL) 3107 error = spa_prop_get_nvlist(spa, props, n_props, 3108 outnvl); 3109 } 3110 mutex_exit(&spa_namespace_lock); 3111 } else { 3112 error = spa_prop_get(spa, outnvl); 3113 if (error == 0 && props != NULL) 3114 error = spa_prop_get_nvlist(spa, props, n_props, 3115 outnvl); 3116 spa_close(spa, FTAG); 3117 } 3118 3119 return (error); 3120 } 3121 3122 /* 3123 * innvl: { 3124 * "vdevprops_set_vdev" -> guid 3125 * "vdevprops_set_props" -> { prop -> value } 3126 * } 3127 * 3128 * outnvl: propname -> error code (int32) 3129 */ 3130 static const zfs_ioc_key_t zfs_keys_vdev_set_props[] = { 3131 {ZPOOL_VDEV_PROPS_SET_VDEV, DATA_TYPE_UINT64, 0}, 3132 {ZPOOL_VDEV_PROPS_SET_PROPS, DATA_TYPE_NVLIST, 0} 3133 }; 3134 3135 static int 3136 zfs_ioc_vdev_set_props(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3137 { 3138 spa_t *spa; 3139 int error; 3140 vdev_t *vd; 3141 uint64_t vdev_guid; 3142 3143 /* Early validation */ 3144 if (nvlist_lookup_uint64(innvl, ZPOOL_VDEV_PROPS_SET_VDEV, 3145 &vdev_guid) != 0) 3146 return (SET_ERROR(EINVAL)); 3147 3148 if (outnvl == NULL) 3149 return (SET_ERROR(EINVAL)); 3150 3151 if ((error = spa_open(poolname, &spa, FTAG)) != 0) 3152 return (error); 3153 3154 ASSERT(spa_writeable(spa)); 3155 3156 if ((vd = spa_lookup_by_guid(spa, vdev_guid, B_TRUE)) == NULL) { 3157 spa_close(spa, FTAG); 3158 return (SET_ERROR(ENOENT)); 3159 } 3160 3161 error = vdev_prop_set(vd, innvl, outnvl); 3162 3163 spa_close(spa, FTAG); 3164 3165 return (error); 3166 } 3167 3168 /* 3169 * innvl: { 3170 * "vdevprops_get_vdev" -> guid 3171 * (optional) "vdevprops_get_props" -> { propname -> propid } 3172 * } 3173 * 3174 * outnvl: propname -> value 3175 */ 3176 static const zfs_ioc_key_t zfs_keys_vdev_get_props[] = { 3177 {ZPOOL_VDEV_PROPS_GET_VDEV, DATA_TYPE_UINT64, 0}, 3178 {ZPOOL_VDEV_PROPS_GET_PROPS, DATA_TYPE_NVLIST, ZK_OPTIONAL} 3179 }; 3180 3181 static int 3182 zfs_ioc_vdev_get_props(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3183 { 3184 spa_t *spa; 3185 int error; 3186 vdev_t *vd; 3187 uint64_t vdev_guid; 3188 3189 /* Early validation */ 3190 if (nvlist_lookup_uint64(innvl, ZPOOL_VDEV_PROPS_GET_VDEV, 3191 &vdev_guid) != 0) 3192 return (SET_ERROR(EINVAL)); 3193 3194 if (outnvl == NULL) 3195 return (SET_ERROR(EINVAL)); 3196 3197 if ((error = spa_open(poolname, &spa, FTAG)) != 0) 3198 return (error); 3199 3200 if ((vd = spa_lookup_by_guid(spa, vdev_guid, B_TRUE)) == NULL) { 3201 spa_close(spa, FTAG); 3202 return (SET_ERROR(ENOENT)); 3203 } 3204 3205 error = vdev_prop_get(vd, innvl, outnvl); 3206 3207 spa_close(spa, FTAG); 3208 3209 return (error); 3210 } 3211 3212 /* 3213 * inputs: 3214 * zc_name name of filesystem 3215 * zc_nvlist_src{_size} nvlist of delegated permissions 3216 * zc_perm_action allow/unallow flag 3217 * 3218 * outputs: none 3219 */ 3220 static int 3221 zfs_ioc_set_fsacl(zfs_cmd_t *zc) 3222 { 3223 int error; 3224 nvlist_t *fsaclnv = NULL; 3225 3226 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 3227 zc->zc_iflags, &fsaclnv)) != 0) 3228 return (error); 3229 3230 /* 3231 * Verify nvlist is constructed correctly 3232 */ 3233 if (zfs_deleg_verify_nvlist(fsaclnv) != 0) { 3234 nvlist_free(fsaclnv); 3235 return (SET_ERROR(EINVAL)); 3236 } 3237 3238 /* 3239 * If we don't have PRIV_SYS_MOUNT, then validate 3240 * that user is allowed to hand out each permission in 3241 * the nvlist(s) 3242 */ 3243 3244 error = secpolicy_zfs(CRED()); 3245 if (error != 0) { 3246 if (zc->zc_perm_action == B_FALSE) { 3247 error = dsl_deleg_can_allow(zc->zc_name, 3248 fsaclnv, CRED()); 3249 } else { 3250 error = dsl_deleg_can_unallow(zc->zc_name, 3251 fsaclnv, CRED()); 3252 } 3253 } 3254 3255 if (error == 0) 3256 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action); 3257 3258 nvlist_free(fsaclnv); 3259 return (error); 3260 } 3261 3262 /* 3263 * inputs: 3264 * zc_name name of filesystem 3265 * 3266 * outputs: 3267 * zc_nvlist_src{_size} nvlist of delegated permissions 3268 */ 3269 static int 3270 zfs_ioc_get_fsacl(zfs_cmd_t *zc) 3271 { 3272 nvlist_t *nvp; 3273 int error; 3274 3275 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) { 3276 error = put_nvlist(zc, nvp); 3277 nvlist_free(nvp); 3278 } 3279 3280 return (error); 3281 } 3282 3283 static void 3284 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx) 3285 { 3286 zfs_creat_t *zct = arg; 3287 3288 zfs_create_fs(os, cr, zct->zct_zplprops, tx); 3289 } 3290 3291 #define ZFS_PROP_UNDEFINED ((uint64_t)-1) 3292 3293 /* 3294 * inputs: 3295 * os parent objset pointer (NULL if root fs) 3296 * fuids_ok fuids allowed in this version of the spa? 3297 * sa_ok SAs allowed in this version of the spa? 3298 * createprops list of properties requested by creator 3299 * 3300 * outputs: 3301 * zplprops values for the zplprops we attach to the master node object 3302 * is_ci true if requested file system will be purely case-insensitive 3303 * 3304 * Determine the settings for utf8only, normalization and 3305 * casesensitivity. Specific values may have been requested by the 3306 * creator and/or we can inherit values from the parent dataset. If 3307 * the file system is of too early a vintage, a creator can not 3308 * request settings for these properties, even if the requested 3309 * setting is the default value. We don't actually want to create dsl 3310 * properties for these, so remove them from the source nvlist after 3311 * processing. 3312 */ 3313 static int 3314 zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver, 3315 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops, 3316 nvlist_t *zplprops, boolean_t *is_ci) 3317 { 3318 uint64_t sense = ZFS_PROP_UNDEFINED; 3319 uint64_t norm = ZFS_PROP_UNDEFINED; 3320 uint64_t u8 = ZFS_PROP_UNDEFINED; 3321 int error; 3322 3323 ASSERT(zplprops != NULL); 3324 3325 /* parent dataset must be a filesystem */ 3326 if (os != NULL && os->os_phys->os_type != DMU_OST_ZFS) 3327 return (SET_ERROR(ZFS_ERR_WRONG_PARENT)); 3328 3329 /* 3330 * Pull out creator prop choices, if any. 3331 */ 3332 if (createprops) { 3333 (void) nvlist_lookup_uint64(createprops, 3334 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver); 3335 (void) nvlist_lookup_uint64(createprops, 3336 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm); 3337 (void) nvlist_remove_all(createprops, 3338 zfs_prop_to_name(ZFS_PROP_NORMALIZE)); 3339 (void) nvlist_lookup_uint64(createprops, 3340 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8); 3341 (void) nvlist_remove_all(createprops, 3342 zfs_prop_to_name(ZFS_PROP_UTF8ONLY)); 3343 (void) nvlist_lookup_uint64(createprops, 3344 zfs_prop_to_name(ZFS_PROP_CASE), &sense); 3345 (void) nvlist_remove_all(createprops, 3346 zfs_prop_to_name(ZFS_PROP_CASE)); 3347 } 3348 3349 /* 3350 * If the zpl version requested is whacky or the file system 3351 * or pool is version is too "young" to support normalization 3352 * and the creator tried to set a value for one of the props, 3353 * error out. 3354 */ 3355 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) || 3356 (zplver >= ZPL_VERSION_FUID && !fuids_ok) || 3357 (zplver >= ZPL_VERSION_SA && !sa_ok) || 3358 (zplver < ZPL_VERSION_NORMALIZATION && 3359 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED || 3360 sense != ZFS_PROP_UNDEFINED))) 3361 return (SET_ERROR(ENOTSUP)); 3362 3363 /* 3364 * Put the version in the zplprops 3365 */ 3366 VERIFY(nvlist_add_uint64(zplprops, 3367 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0); 3368 3369 if (norm == ZFS_PROP_UNDEFINED && 3370 (error = zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm)) != 0) 3371 return (error); 3372 VERIFY(nvlist_add_uint64(zplprops, 3373 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0); 3374 3375 /* 3376 * If we're normalizing, names must always be valid UTF-8 strings. 3377 */ 3378 if (norm) 3379 u8 = 1; 3380 if (u8 == ZFS_PROP_UNDEFINED && 3381 (error = zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8)) != 0) 3382 return (error); 3383 VERIFY(nvlist_add_uint64(zplprops, 3384 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0); 3385 3386 if (sense == ZFS_PROP_UNDEFINED && 3387 (error = zfs_get_zplprop(os, ZFS_PROP_CASE, &sense)) != 0) 3388 return (error); 3389 VERIFY(nvlist_add_uint64(zplprops, 3390 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0); 3391 3392 if (is_ci) 3393 *is_ci = (sense == ZFS_CASE_INSENSITIVE); 3394 3395 return (0); 3396 } 3397 3398 static int 3399 zfs_fill_zplprops(const char *dataset, nvlist_t *createprops, 3400 nvlist_t *zplprops, boolean_t *is_ci) 3401 { 3402 boolean_t fuids_ok, sa_ok; 3403 uint64_t zplver = ZPL_VERSION; 3404 objset_t *os = NULL; 3405 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 3406 spa_t *spa; 3407 uint64_t spa_vers; 3408 int error; 3409 3410 zfs_get_parent(dataset, parentname, sizeof (parentname)); 3411 3412 if ((error = spa_open(dataset, &spa, FTAG)) != 0) 3413 return (error); 3414 3415 spa_vers = spa_version(spa); 3416 spa_close(spa, FTAG); 3417 3418 zplver = zfs_zpl_version_map(spa_vers); 3419 fuids_ok = (zplver >= ZPL_VERSION_FUID); 3420 sa_ok = (zplver >= ZPL_VERSION_SA); 3421 3422 /* 3423 * Open parent object set so we can inherit zplprop values. 3424 */ 3425 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0) 3426 return (error); 3427 3428 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops, 3429 zplprops, is_ci); 3430 dmu_objset_rele(os, FTAG); 3431 return (error); 3432 } 3433 3434 static int 3435 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops, 3436 nvlist_t *zplprops, boolean_t *is_ci) 3437 { 3438 boolean_t fuids_ok; 3439 boolean_t sa_ok; 3440 uint64_t zplver = ZPL_VERSION; 3441 int error; 3442 3443 zplver = zfs_zpl_version_map(spa_vers); 3444 fuids_ok = (zplver >= ZPL_VERSION_FUID); 3445 sa_ok = (zplver >= ZPL_VERSION_SA); 3446 3447 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok, 3448 createprops, zplprops, is_ci); 3449 return (error); 3450 } 3451 3452 /* 3453 * innvl: { 3454 * "type" -> dmu_objset_type_t (int32) 3455 * (optional) "props" -> { prop -> value } 3456 * (optional) "hidden_args" -> { "wkeydata" -> value } 3457 * raw uint8_t array of encryption wrapping key data (32 bytes) 3458 * } 3459 * 3460 * outnvl: propname -> error code (int32) 3461 */ 3462 3463 static const zfs_ioc_key_t zfs_keys_create[] = { 3464 {"type", DATA_TYPE_INT32, 0}, 3465 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 3466 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 3467 }; 3468 3469 static int 3470 zfs_ioc_create(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3471 { 3472 int error = 0; 3473 zfs_creat_t zct = { 0 }; 3474 nvlist_t *nvprops = NULL; 3475 nvlist_t *hidden_args = NULL; 3476 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx); 3477 dmu_objset_type_t type; 3478 boolean_t is_insensitive = B_FALSE; 3479 dsl_crypto_params_t *dcp = NULL; 3480 3481 type = (dmu_objset_type_t)fnvlist_lookup_int32(innvl, "type"); 3482 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops); 3483 (void) nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args); 3484 3485 switch (type) { 3486 case DMU_OST_ZFS: 3487 cbfunc = zfs_create_cb; 3488 break; 3489 3490 case DMU_OST_ZVOL: 3491 cbfunc = zvol_create_cb; 3492 break; 3493 3494 default: 3495 cbfunc = NULL; 3496 break; 3497 } 3498 if (strchr(fsname, '@') || 3499 strchr(fsname, '%')) 3500 return (SET_ERROR(EINVAL)); 3501 3502 zct.zct_props = nvprops; 3503 3504 if (cbfunc == NULL) 3505 return (SET_ERROR(EINVAL)); 3506 3507 if (type == DMU_OST_ZVOL) { 3508 uint64_t volsize, volblocksize; 3509 3510 if (nvprops == NULL) 3511 return (SET_ERROR(EINVAL)); 3512 if (nvlist_lookup_uint64(nvprops, 3513 zfs_prop_to_name(ZFS_PROP_VOLSIZE), &volsize) != 0) 3514 return (SET_ERROR(EINVAL)); 3515 3516 if ((error = nvlist_lookup_uint64(nvprops, 3517 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE), 3518 &volblocksize)) != 0 && error != ENOENT) 3519 return (SET_ERROR(EINVAL)); 3520 3521 if (error != 0) 3522 volblocksize = zfs_prop_default_numeric( 3523 ZFS_PROP_VOLBLOCKSIZE); 3524 3525 if ((error = zvol_check_volblocksize(fsname, 3526 volblocksize)) != 0 || 3527 (error = zvol_check_volsize(volsize, 3528 volblocksize)) != 0) 3529 return (error); 3530 } else if (type == DMU_OST_ZFS) { 3531 int error; 3532 3533 /* 3534 * We have to have normalization and 3535 * case-folding flags correct when we do the 3536 * file system creation, so go figure them out 3537 * now. 3538 */ 3539 VERIFY(nvlist_alloc(&zct.zct_zplprops, 3540 NV_UNIQUE_NAME, KM_SLEEP) == 0); 3541 error = zfs_fill_zplprops(fsname, nvprops, 3542 zct.zct_zplprops, &is_insensitive); 3543 if (error != 0) { 3544 nvlist_free(zct.zct_zplprops); 3545 return (error); 3546 } 3547 } 3548 3549 error = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, nvprops, 3550 hidden_args, &dcp); 3551 if (error != 0) { 3552 nvlist_free(zct.zct_zplprops); 3553 return (error); 3554 } 3555 3556 error = dmu_objset_create(fsname, type, 3557 is_insensitive ? DS_FLAG_CI_DATASET : 0, dcp, cbfunc, &zct); 3558 3559 nvlist_free(zct.zct_zplprops); 3560 dsl_crypto_params_free(dcp, !!error); 3561 3562 /* 3563 * It would be nice to do this atomically. 3564 */ 3565 if (error == 0) { 3566 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL, 3567 nvprops, outnvl); 3568 if (error != 0) { 3569 spa_t *spa; 3570 int error2; 3571 3572 /* 3573 * Volumes will return EBUSY and cannot be destroyed 3574 * until all asynchronous minor handling (e.g. from 3575 * setting the volmode property) has completed. Wait for 3576 * the spa_zvol_taskq to drain then retry. 3577 */ 3578 error2 = dsl_destroy_head(fsname); 3579 while ((error2 == EBUSY) && (type == DMU_OST_ZVOL)) { 3580 error2 = spa_open(fsname, &spa, FTAG); 3581 if (error2 == 0) { 3582 taskq_wait(spa->spa_zvol_taskq); 3583 spa_close(spa, FTAG); 3584 } 3585 error2 = dsl_destroy_head(fsname); 3586 } 3587 } 3588 } 3589 return (error); 3590 } 3591 3592 /* 3593 * innvl: { 3594 * "origin" -> name of origin snapshot 3595 * (optional) "props" -> { prop -> value } 3596 * (optional) "hidden_args" -> { "wkeydata" -> value } 3597 * raw uint8_t array of encryption wrapping key data (32 bytes) 3598 * } 3599 * 3600 * outputs: 3601 * outnvl: propname -> error code (int32) 3602 */ 3603 static const zfs_ioc_key_t zfs_keys_clone[] = { 3604 {"origin", DATA_TYPE_STRING, 0}, 3605 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 3606 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 3607 }; 3608 3609 static int 3610 zfs_ioc_clone(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3611 { 3612 int error = 0; 3613 nvlist_t *nvprops = NULL; 3614 const char *origin_name; 3615 3616 origin_name = fnvlist_lookup_string(innvl, "origin"); 3617 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops); 3618 3619 if (strchr(fsname, '@') || 3620 strchr(fsname, '%')) 3621 return (SET_ERROR(EINVAL)); 3622 3623 if (dataset_namecheck(origin_name, NULL, NULL) != 0) 3624 return (SET_ERROR(EINVAL)); 3625 3626 error = dmu_objset_clone(fsname, origin_name); 3627 3628 /* 3629 * It would be nice to do this atomically. 3630 */ 3631 if (error == 0) { 3632 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL, 3633 nvprops, outnvl); 3634 if (error != 0) 3635 (void) dsl_destroy_head(fsname); 3636 } 3637 return (error); 3638 } 3639 3640 static const zfs_ioc_key_t zfs_keys_remap[] = { 3641 /* no nvl keys */ 3642 }; 3643 3644 static int 3645 zfs_ioc_remap(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3646 { 3647 /* This IOCTL is no longer supported. */ 3648 (void) fsname, (void) innvl, (void) outnvl; 3649 return (0); 3650 } 3651 3652 /* 3653 * innvl: { 3654 * "snaps" -> { snapshot1, snapshot2 } 3655 * (optional) "props" -> { prop -> value (string) } 3656 * } 3657 * 3658 * outnvl: snapshot -> error code (int32) 3659 */ 3660 static const zfs_ioc_key_t zfs_keys_snapshot[] = { 3661 {"snaps", DATA_TYPE_NVLIST, 0}, 3662 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 3663 }; 3664 3665 static int 3666 zfs_ioc_snapshot(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3667 { 3668 nvlist_t *snaps; 3669 nvlist_t *props = NULL; 3670 int error, poollen; 3671 nvpair_t *pair; 3672 3673 (void) nvlist_lookup_nvlist(innvl, "props", &props); 3674 if (!nvlist_empty(props) && 3675 zfs_earlier_version(poolname, SPA_VERSION_SNAP_PROPS)) 3676 return (SET_ERROR(ENOTSUP)); 3677 if ((error = zfs_check_userprops(props)) != 0) 3678 return (error); 3679 3680 snaps = fnvlist_lookup_nvlist(innvl, "snaps"); 3681 poollen = strlen(poolname); 3682 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 3683 pair = nvlist_next_nvpair(snaps, pair)) { 3684 const char *name = nvpair_name(pair); 3685 char *cp = strchr(name, '@'); 3686 3687 /* 3688 * The snap name must contain an @, and the part after it must 3689 * contain only valid characters. 3690 */ 3691 if (cp == NULL || 3692 zfs_component_namecheck(cp + 1, NULL, NULL) != 0) 3693 return (SET_ERROR(EINVAL)); 3694 3695 /* 3696 * The snap must be in the specified pool. 3697 */ 3698 if (strncmp(name, poolname, poollen) != 0 || 3699 (name[poollen] != '/' && name[poollen] != '@')) 3700 return (SET_ERROR(EXDEV)); 3701 3702 /* 3703 * Check for permission to set the properties on the fs. 3704 */ 3705 if (!nvlist_empty(props)) { 3706 *cp = '\0'; 3707 error = zfs_secpolicy_write_perms(name, 3708 ZFS_DELEG_PERM_USERPROP, CRED()); 3709 *cp = '@'; 3710 if (error != 0) 3711 return (error); 3712 } 3713 3714 /* This must be the only snap of this fs. */ 3715 for (nvpair_t *pair2 = nvlist_next_nvpair(snaps, pair); 3716 pair2 != NULL; pair2 = nvlist_next_nvpair(snaps, pair2)) { 3717 if (strncmp(name, nvpair_name(pair2), cp - name + 1) 3718 == 0) { 3719 return (SET_ERROR(EXDEV)); 3720 } 3721 } 3722 } 3723 3724 error = dsl_dataset_snapshot(snaps, props, outnvl); 3725 3726 return (error); 3727 } 3728 3729 /* 3730 * innvl: "message" -> string 3731 */ 3732 static const zfs_ioc_key_t zfs_keys_log_history[] = { 3733 {"message", DATA_TYPE_STRING, 0}, 3734 }; 3735 3736 static int 3737 zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl) 3738 { 3739 (void) unused, (void) outnvl; 3740 const char *message; 3741 char *poolname; 3742 spa_t *spa; 3743 int error; 3744 3745 /* 3746 * The poolname in the ioctl is not set, we get it from the TSD, 3747 * which was set at the end of the last successful ioctl that allows 3748 * logging. The secpolicy func already checked that it is set. 3749 * Only one log ioctl is allowed after each successful ioctl, so 3750 * we clear the TSD here. 3751 */ 3752 poolname = tsd_get(zfs_allow_log_key); 3753 if (poolname == NULL) 3754 return (SET_ERROR(EINVAL)); 3755 (void) tsd_set(zfs_allow_log_key, NULL); 3756 error = spa_open(poolname, &spa, FTAG); 3757 kmem_strfree(poolname); 3758 if (error != 0) 3759 return (error); 3760 3761 message = fnvlist_lookup_string(innvl, "message"); 3762 3763 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) { 3764 spa_close(spa, FTAG); 3765 return (SET_ERROR(ENOTSUP)); 3766 } 3767 3768 error = spa_history_log(spa, message); 3769 spa_close(spa, FTAG); 3770 return (error); 3771 } 3772 3773 /* 3774 * This ioctl is used to set the bootenv configuration on the current 3775 * pool. This configuration is stored in the second padding area of the label, 3776 * and it is used by the bootloader(s) to store the bootloader and/or system 3777 * specific data. 3778 * The data is stored as nvlist data stream, and is protected by 3779 * an embedded checksum. 3780 * The version can have two possible values: 3781 * VB_RAW: nvlist should have key GRUB_ENVMAP, value DATA_TYPE_STRING. 3782 * VB_NVLIST: nvlist with arbitrary <key, value> pairs. 3783 */ 3784 static const zfs_ioc_key_t zfs_keys_set_bootenv[] = { 3785 {"version", DATA_TYPE_UINT64, 0}, 3786 {"<keys>", DATA_TYPE_ANY, ZK_OPTIONAL | ZK_WILDCARDLIST}, 3787 }; 3788 3789 static int 3790 zfs_ioc_set_bootenv(const char *name, nvlist_t *innvl, nvlist_t *outnvl) 3791 { 3792 int error; 3793 spa_t *spa; 3794 3795 if ((error = spa_open(name, &spa, FTAG)) != 0) 3796 return (error); 3797 spa_vdev_state_enter(spa, SCL_ALL); 3798 error = vdev_label_write_bootenv(spa->spa_root_vdev, innvl); 3799 (void) spa_vdev_state_exit(spa, NULL, 0); 3800 spa_close(spa, FTAG); 3801 return (error); 3802 } 3803 3804 static const zfs_ioc_key_t zfs_keys_get_bootenv[] = { 3805 /* no nvl keys */ 3806 }; 3807 3808 static int 3809 zfs_ioc_get_bootenv(const char *name, nvlist_t *innvl, nvlist_t *outnvl) 3810 { 3811 spa_t *spa; 3812 int error; 3813 3814 if ((error = spa_open(name, &spa, FTAG)) != 0) 3815 return (error); 3816 spa_vdev_state_enter(spa, SCL_ALL); 3817 error = vdev_label_read_bootenv(spa->spa_root_vdev, outnvl); 3818 (void) spa_vdev_state_exit(spa, NULL, 0); 3819 spa_close(spa, FTAG); 3820 return (error); 3821 } 3822 3823 /* 3824 * The dp_config_rwlock must not be held when calling this, because the 3825 * unmount may need to write out data. 3826 * 3827 * This function is best-effort. Callers must deal gracefully if it 3828 * remains mounted (or is remounted after this call). 3829 * 3830 * Returns 0 if the argument is not a snapshot, or it is not currently a 3831 * filesystem, or we were able to unmount it. Returns error code otherwise. 3832 */ 3833 void 3834 zfs_unmount_snap(const char *snapname) 3835 { 3836 if (strchr(snapname, '@') == NULL) 3837 return; 3838 3839 (void) zfsctl_snapshot_unmount(snapname, MNT_FORCE); 3840 } 3841 3842 static int 3843 zfs_unmount_snap_cb(const char *snapname, void *arg) 3844 { 3845 (void) arg; 3846 zfs_unmount_snap(snapname); 3847 return (0); 3848 } 3849 3850 /* 3851 * When a clone is destroyed, its origin may also need to be destroyed, 3852 * in which case it must be unmounted. This routine will do that unmount 3853 * if necessary. 3854 */ 3855 void 3856 zfs_destroy_unmount_origin(const char *fsname) 3857 { 3858 int error; 3859 objset_t *os; 3860 dsl_dataset_t *ds; 3861 3862 error = dmu_objset_hold(fsname, FTAG, &os); 3863 if (error != 0) 3864 return; 3865 ds = dmu_objset_ds(os); 3866 if (dsl_dir_is_clone(ds->ds_dir) && DS_IS_DEFER_DESTROY(ds->ds_prev)) { 3867 char originname[ZFS_MAX_DATASET_NAME_LEN]; 3868 dsl_dataset_name(ds->ds_prev, originname); 3869 dmu_objset_rele(os, FTAG); 3870 zfs_unmount_snap(originname); 3871 } else { 3872 dmu_objset_rele(os, FTAG); 3873 } 3874 } 3875 3876 /* 3877 * innvl: { 3878 * "snaps" -> { snapshot1, snapshot2 } 3879 * (optional boolean) "defer" 3880 * } 3881 * 3882 * outnvl: snapshot -> error code (int32) 3883 */ 3884 static const zfs_ioc_key_t zfs_keys_destroy_snaps[] = { 3885 {"snaps", DATA_TYPE_NVLIST, 0}, 3886 {"defer", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 3887 }; 3888 3889 static int 3890 zfs_ioc_destroy_snaps(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3891 { 3892 int poollen; 3893 nvlist_t *snaps; 3894 nvpair_t *pair; 3895 boolean_t defer; 3896 spa_t *spa; 3897 3898 snaps = fnvlist_lookup_nvlist(innvl, "snaps"); 3899 defer = nvlist_exists(innvl, "defer"); 3900 3901 poollen = strlen(poolname); 3902 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 3903 pair = nvlist_next_nvpair(snaps, pair)) { 3904 const char *name = nvpair_name(pair); 3905 3906 /* 3907 * The snap must be in the specified pool to prevent the 3908 * invalid removal of zvol minors below. 3909 */ 3910 if (strncmp(name, poolname, poollen) != 0 || 3911 (name[poollen] != '/' && name[poollen] != '@')) 3912 return (SET_ERROR(EXDEV)); 3913 3914 zfs_unmount_snap(nvpair_name(pair)); 3915 if (spa_open(name, &spa, FTAG) == 0) { 3916 zvol_remove_minors(spa, name, B_TRUE); 3917 spa_close(spa, FTAG); 3918 } 3919 } 3920 3921 return (dsl_destroy_snapshots_nvl(snaps, defer, outnvl)); 3922 } 3923 3924 /* 3925 * Create bookmarks. The bookmark names are of the form <fs>#<bmark>. 3926 * All bookmarks and snapshots must be in the same pool. 3927 * dsl_bookmark_create_nvl_validate describes the nvlist schema in more detail. 3928 * 3929 * innvl: { 3930 * new_bookmark1 -> existing_snapshot, 3931 * new_bookmark2 -> existing_bookmark, 3932 * } 3933 * 3934 * outnvl: bookmark -> error code (int32) 3935 * 3936 */ 3937 static const zfs_ioc_key_t zfs_keys_bookmark[] = { 3938 {"<bookmark>...", DATA_TYPE_STRING, ZK_WILDCARDLIST}, 3939 }; 3940 3941 static int 3942 zfs_ioc_bookmark(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3943 { 3944 (void) poolname; 3945 return (dsl_bookmark_create(innvl, outnvl)); 3946 } 3947 3948 /* 3949 * innvl: { 3950 * property 1, property 2, ... 3951 * } 3952 * 3953 * outnvl: { 3954 * bookmark name 1 -> { property 1, property 2, ... }, 3955 * bookmark name 2 -> { property 1, property 2, ... } 3956 * } 3957 * 3958 */ 3959 static const zfs_ioc_key_t zfs_keys_get_bookmarks[] = { 3960 {"<property>...", DATA_TYPE_BOOLEAN, ZK_WILDCARDLIST | ZK_OPTIONAL}, 3961 }; 3962 3963 static int 3964 zfs_ioc_get_bookmarks(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3965 { 3966 return (dsl_get_bookmarks(fsname, innvl, outnvl)); 3967 } 3968 3969 /* 3970 * innvl is not used. 3971 * 3972 * outnvl: { 3973 * property 1, property 2, ... 3974 * } 3975 * 3976 */ 3977 static const zfs_ioc_key_t zfs_keys_get_bookmark_props[] = { 3978 /* no nvl keys */ 3979 }; 3980 3981 static int 3982 zfs_ioc_get_bookmark_props(const char *bookmark, nvlist_t *innvl, 3983 nvlist_t *outnvl) 3984 { 3985 (void) innvl; 3986 char fsname[ZFS_MAX_DATASET_NAME_LEN]; 3987 char *bmname; 3988 3989 bmname = strchr(bookmark, '#'); 3990 if (bmname == NULL) 3991 return (SET_ERROR(EINVAL)); 3992 bmname++; 3993 3994 (void) strlcpy(fsname, bookmark, sizeof (fsname)); 3995 *(strchr(fsname, '#')) = '\0'; 3996 3997 return (dsl_get_bookmark_props(fsname, bmname, outnvl)); 3998 } 3999 4000 /* 4001 * innvl: { 4002 * bookmark name 1, bookmark name 2 4003 * } 4004 * 4005 * outnvl: bookmark -> error code (int32) 4006 * 4007 */ 4008 static const zfs_ioc_key_t zfs_keys_destroy_bookmarks[] = { 4009 {"<bookmark>...", DATA_TYPE_BOOLEAN, ZK_WILDCARDLIST}, 4010 }; 4011 4012 static int 4013 zfs_ioc_destroy_bookmarks(const char *poolname, nvlist_t *innvl, 4014 nvlist_t *outnvl) 4015 { 4016 int error, poollen; 4017 4018 poollen = strlen(poolname); 4019 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL); 4020 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) { 4021 const char *name = nvpair_name(pair); 4022 const char *cp = strchr(name, '#'); 4023 4024 /* 4025 * The bookmark name must contain an #, and the part after it 4026 * must contain only valid characters. 4027 */ 4028 if (cp == NULL || 4029 zfs_component_namecheck(cp + 1, NULL, NULL) != 0) 4030 return (SET_ERROR(EINVAL)); 4031 4032 /* 4033 * The bookmark must be in the specified pool. 4034 */ 4035 if (strncmp(name, poolname, poollen) != 0 || 4036 (name[poollen] != '/' && name[poollen] != '#')) 4037 return (SET_ERROR(EXDEV)); 4038 } 4039 4040 error = dsl_bookmark_destroy(innvl, outnvl); 4041 return (error); 4042 } 4043 4044 static const zfs_ioc_key_t zfs_keys_channel_program[] = { 4045 {"program", DATA_TYPE_STRING, 0}, 4046 {"arg", DATA_TYPE_ANY, 0}, 4047 {"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL}, 4048 {"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL}, 4049 {"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL}, 4050 }; 4051 4052 static int 4053 zfs_ioc_channel_program(const char *poolname, nvlist_t *innvl, 4054 nvlist_t *outnvl) 4055 { 4056 const char *program; 4057 uint64_t instrlimit, memlimit; 4058 boolean_t sync_flag; 4059 nvpair_t *nvarg = NULL; 4060 4061 program = fnvlist_lookup_string(innvl, ZCP_ARG_PROGRAM); 4062 if (0 != nvlist_lookup_boolean_value(innvl, ZCP_ARG_SYNC, &sync_flag)) { 4063 sync_flag = B_TRUE; 4064 } 4065 if (0 != nvlist_lookup_uint64(innvl, ZCP_ARG_INSTRLIMIT, &instrlimit)) { 4066 instrlimit = ZCP_DEFAULT_INSTRLIMIT; 4067 } 4068 if (0 != nvlist_lookup_uint64(innvl, ZCP_ARG_MEMLIMIT, &memlimit)) { 4069 memlimit = ZCP_DEFAULT_MEMLIMIT; 4070 } 4071 nvarg = fnvlist_lookup_nvpair(innvl, ZCP_ARG_ARGLIST); 4072 4073 if (instrlimit == 0 || instrlimit > zfs_lua_max_instrlimit) 4074 return (SET_ERROR(EINVAL)); 4075 if (memlimit == 0 || memlimit > zfs_lua_max_memlimit) 4076 return (SET_ERROR(EINVAL)); 4077 4078 return (zcp_eval(poolname, program, sync_flag, instrlimit, memlimit, 4079 nvarg, outnvl)); 4080 } 4081 4082 /* 4083 * innvl: unused 4084 * outnvl: empty 4085 */ 4086 static const zfs_ioc_key_t zfs_keys_pool_checkpoint[] = { 4087 /* no nvl keys */ 4088 }; 4089 4090 static int 4091 zfs_ioc_pool_checkpoint(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 4092 { 4093 (void) innvl, (void) outnvl; 4094 return (spa_checkpoint(poolname)); 4095 } 4096 4097 /* 4098 * innvl: unused 4099 * outnvl: empty 4100 */ 4101 static const zfs_ioc_key_t zfs_keys_pool_discard_checkpoint[] = { 4102 /* no nvl keys */ 4103 }; 4104 4105 static int 4106 zfs_ioc_pool_discard_checkpoint(const char *poolname, nvlist_t *innvl, 4107 nvlist_t *outnvl) 4108 { 4109 (void) innvl, (void) outnvl; 4110 return (spa_checkpoint_discard(poolname)); 4111 } 4112 4113 /* 4114 * Loads specific types of data for the given pool 4115 * 4116 * innvl: { 4117 * "prefetch_type" -> int32_t 4118 * } 4119 * 4120 * outnvl: empty 4121 */ 4122 static const zfs_ioc_key_t zfs_keys_pool_prefetch[] = { 4123 {ZPOOL_PREFETCH_TYPE, DATA_TYPE_INT32, 0}, 4124 }; 4125 4126 static int 4127 zfs_ioc_pool_prefetch(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 4128 { 4129 (void) outnvl; 4130 4131 int error; 4132 spa_t *spa; 4133 int32_t type; 4134 4135 /* 4136 * Currently, only ZPOOL_PREFETCH_DDT is supported 4137 */ 4138 if (nvlist_lookup_int32(innvl, ZPOOL_PREFETCH_TYPE, &type) != 0 || 4139 type != ZPOOL_PREFETCH_DDT) { 4140 return (EINVAL); 4141 } 4142 4143 error = spa_open(poolname, &spa, FTAG); 4144 if (error != 0) 4145 return (error); 4146 4147 hrtime_t start_time = gethrtime(); 4148 4149 ddt_prefetch_all(spa); 4150 4151 zfs_dbgmsg("pool '%s': loaded ddt into ARC in %llu ms", spa->spa_name, 4152 (u_longlong_t)NSEC2MSEC(gethrtime() - start_time)); 4153 4154 spa_close(spa, FTAG); 4155 4156 return (error); 4157 } 4158 4159 /* 4160 * inputs: 4161 * zc_name name of dataset to destroy 4162 * zc_defer_destroy mark for deferred destroy 4163 * 4164 * outputs: none 4165 */ 4166 static int 4167 zfs_ioc_destroy(zfs_cmd_t *zc) 4168 { 4169 objset_t *os; 4170 dmu_objset_type_t ost; 4171 int err; 4172 4173 err = dmu_objset_hold(zc->zc_name, FTAG, &os); 4174 if (err != 0) 4175 return (err); 4176 ost = dmu_objset_type(os); 4177 dmu_objset_rele(os, FTAG); 4178 4179 if (ost == DMU_OST_ZFS) 4180 zfs_unmount_snap(zc->zc_name); 4181 4182 if (strchr(zc->zc_name, '@')) { 4183 err = dsl_destroy_snapshot(zc->zc_name, zc->zc_defer_destroy); 4184 } else { 4185 err = dsl_destroy_head(zc->zc_name); 4186 if (err == EEXIST) { 4187 /* 4188 * It is possible that the given DS may have 4189 * hidden child (%recv) datasets - "leftovers" 4190 * resulting from the previously interrupted 4191 * 'zfs receive'. 4192 * 4193 * 6 extra bytes for /%recv 4194 */ 4195 char namebuf[ZFS_MAX_DATASET_NAME_LEN + 6]; 4196 4197 if (snprintf(namebuf, sizeof (namebuf), "%s/%s", 4198 zc->zc_name, recv_clone_name) >= 4199 sizeof (namebuf)) 4200 return (SET_ERROR(EINVAL)); 4201 4202 /* 4203 * Try to remove the hidden child (%recv) and after 4204 * that try to remove the target dataset. 4205 * If the hidden child (%recv) does not exist 4206 * the original error (EEXIST) will be returned 4207 */ 4208 err = dsl_destroy_head(namebuf); 4209 if (err == 0) 4210 err = dsl_destroy_head(zc->zc_name); 4211 else if (err == ENOENT) 4212 err = SET_ERROR(EEXIST); 4213 } 4214 } 4215 4216 return (err); 4217 } 4218 4219 /* 4220 * innvl: { 4221 * "initialize_command" -> POOL_INITIALIZE_{CANCEL|START|SUSPEND} (uint64) 4222 * "initialize_vdevs": { -> guids to initialize (nvlist) 4223 * "vdev_path_1": vdev_guid_1, (uint64), 4224 * "vdev_path_2": vdev_guid_2, (uint64), 4225 * ... 4226 * }, 4227 * } 4228 * 4229 * outnvl: { 4230 * "initialize_vdevs": { -> initialization errors (nvlist) 4231 * "vdev_path_1": errno, see function body for possible errnos (uint64) 4232 * "vdev_path_2": errno, ... (uint64) 4233 * ... 4234 * } 4235 * } 4236 * 4237 * EINVAL is returned for an unknown commands or if any of the provided vdev 4238 * guids have be specified with a type other than uint64. 4239 */ 4240 static const zfs_ioc_key_t zfs_keys_pool_initialize[] = { 4241 {ZPOOL_INITIALIZE_COMMAND, DATA_TYPE_UINT64, 0}, 4242 {ZPOOL_INITIALIZE_VDEVS, DATA_TYPE_NVLIST, 0} 4243 }; 4244 4245 static int 4246 zfs_ioc_pool_initialize(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 4247 { 4248 uint64_t cmd_type; 4249 if (nvlist_lookup_uint64(innvl, ZPOOL_INITIALIZE_COMMAND, 4250 &cmd_type) != 0) { 4251 return (SET_ERROR(EINVAL)); 4252 } 4253 4254 if (!(cmd_type == POOL_INITIALIZE_CANCEL || 4255 cmd_type == POOL_INITIALIZE_START || 4256 cmd_type == POOL_INITIALIZE_SUSPEND || 4257 cmd_type == POOL_INITIALIZE_UNINIT)) { 4258 return (SET_ERROR(EINVAL)); 4259 } 4260 4261 nvlist_t *vdev_guids; 4262 if (nvlist_lookup_nvlist(innvl, ZPOOL_INITIALIZE_VDEVS, 4263 &vdev_guids) != 0) { 4264 return (SET_ERROR(EINVAL)); 4265 } 4266 4267 for (nvpair_t *pair = nvlist_next_nvpair(vdev_guids, NULL); 4268 pair != NULL; pair = nvlist_next_nvpair(vdev_guids, pair)) { 4269 uint64_t vdev_guid; 4270 if (nvpair_value_uint64(pair, &vdev_guid) != 0) { 4271 return (SET_ERROR(EINVAL)); 4272 } 4273 } 4274 4275 spa_t *spa; 4276 int error = spa_open(poolname, &spa, FTAG); 4277 if (error != 0) 4278 return (error); 4279 4280 nvlist_t *vdev_errlist = fnvlist_alloc(); 4281 int total_errors = spa_vdev_initialize(spa, vdev_guids, cmd_type, 4282 vdev_errlist); 4283 4284 if (fnvlist_size(vdev_errlist) > 0) { 4285 fnvlist_add_nvlist(outnvl, ZPOOL_INITIALIZE_VDEVS, 4286 vdev_errlist); 4287 } 4288 fnvlist_free(vdev_errlist); 4289 4290 spa_close(spa, FTAG); 4291 return (total_errors > 0 ? SET_ERROR(EINVAL) : 0); 4292 } 4293 4294 /* 4295 * innvl: { 4296 * "trim_command" -> POOL_TRIM_{CANCEL|START|SUSPEND} (uint64) 4297 * "trim_vdevs": { -> guids to TRIM (nvlist) 4298 * "vdev_path_1": vdev_guid_1, (uint64), 4299 * "vdev_path_2": vdev_guid_2, (uint64), 4300 * ... 4301 * }, 4302 * "trim_rate" -> Target TRIM rate in bytes/sec. 4303 * "trim_secure" -> Set to request a secure TRIM. 4304 * } 4305 * 4306 * outnvl: { 4307 * "trim_vdevs": { -> TRIM errors (nvlist) 4308 * "vdev_path_1": errno, see function body for possible errnos (uint64) 4309 * "vdev_path_2": errno, ... (uint64) 4310 * ... 4311 * } 4312 * } 4313 * 4314 * EINVAL is returned for an unknown commands or if any of the provided vdev 4315 * guids have be specified with a type other than uint64. 4316 */ 4317 static const zfs_ioc_key_t zfs_keys_pool_trim[] = { 4318 {ZPOOL_TRIM_COMMAND, DATA_TYPE_UINT64, 0}, 4319 {ZPOOL_TRIM_VDEVS, DATA_TYPE_NVLIST, 0}, 4320 {ZPOOL_TRIM_RATE, DATA_TYPE_UINT64, ZK_OPTIONAL}, 4321 {ZPOOL_TRIM_SECURE, DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL}, 4322 }; 4323 4324 static int 4325 zfs_ioc_pool_trim(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 4326 { 4327 uint64_t cmd_type; 4328 if (nvlist_lookup_uint64(innvl, ZPOOL_TRIM_COMMAND, &cmd_type) != 0) 4329 return (SET_ERROR(EINVAL)); 4330 4331 if (!(cmd_type == POOL_TRIM_CANCEL || 4332 cmd_type == POOL_TRIM_START || 4333 cmd_type == POOL_TRIM_SUSPEND)) { 4334 return (SET_ERROR(EINVAL)); 4335 } 4336 4337 nvlist_t *vdev_guids; 4338 if (nvlist_lookup_nvlist(innvl, ZPOOL_TRIM_VDEVS, &vdev_guids) != 0) 4339 return (SET_ERROR(EINVAL)); 4340 4341 for (nvpair_t *pair = nvlist_next_nvpair(vdev_guids, NULL); 4342 pair != NULL; pair = nvlist_next_nvpair(vdev_guids, pair)) { 4343 uint64_t vdev_guid; 4344 if (nvpair_value_uint64(pair, &vdev_guid) != 0) { 4345 return (SET_ERROR(EINVAL)); 4346 } 4347 } 4348 4349 /* Optional, defaults to maximum rate when not provided */ 4350 uint64_t rate; 4351 if (nvlist_lookup_uint64(innvl, ZPOOL_TRIM_RATE, &rate) != 0) 4352 rate = 0; 4353 4354 /* Optional, defaults to standard TRIM when not provided */ 4355 boolean_t secure; 4356 if (nvlist_lookup_boolean_value(innvl, ZPOOL_TRIM_SECURE, 4357 &secure) != 0) { 4358 secure = B_FALSE; 4359 } 4360 4361 spa_t *spa; 4362 int error = spa_open(poolname, &spa, FTAG); 4363 if (error != 0) 4364 return (error); 4365 4366 nvlist_t *vdev_errlist = fnvlist_alloc(); 4367 int total_errors = spa_vdev_trim(spa, vdev_guids, cmd_type, 4368 rate, !!zfs_trim_metaslab_skip, secure, vdev_errlist); 4369 4370 if (fnvlist_size(vdev_errlist) > 0) 4371 fnvlist_add_nvlist(outnvl, ZPOOL_TRIM_VDEVS, vdev_errlist); 4372 4373 fnvlist_free(vdev_errlist); 4374 4375 spa_close(spa, FTAG); 4376 return (total_errors > 0 ? SET_ERROR(EINVAL) : 0); 4377 } 4378 4379 #define DDT_PRUNE_UNIT "ddt_prune_unit" 4380 #define DDT_PRUNE_AMOUNT "ddt_prune_amount" 4381 4382 /* 4383 * innvl: { 4384 * "ddt_prune_unit" -> uint32_t 4385 * "ddt_prune_amount" -> uint64_t 4386 * } 4387 * 4388 * outnvl: "waited" -> boolean_t 4389 */ 4390 static const zfs_ioc_key_t zfs_keys_ddt_prune[] = { 4391 {DDT_PRUNE_UNIT, DATA_TYPE_INT32, 0}, 4392 {DDT_PRUNE_AMOUNT, DATA_TYPE_UINT64, 0}, 4393 }; 4394 4395 static int 4396 zfs_ioc_ddt_prune(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 4397 { 4398 int32_t unit; 4399 uint64_t amount; 4400 4401 if (nvlist_lookup_int32(innvl, DDT_PRUNE_UNIT, &unit) != 0 || 4402 nvlist_lookup_uint64(innvl, DDT_PRUNE_AMOUNT, &amount) != 0) { 4403 return (EINVAL); 4404 } 4405 4406 spa_t *spa; 4407 int error = spa_open(poolname, &spa, FTAG); 4408 if (error != 0) 4409 return (error); 4410 4411 if (!spa_feature_is_enabled(spa, SPA_FEATURE_FAST_DEDUP)) { 4412 spa_close(spa, FTAG); 4413 return (SET_ERROR(ENOTSUP)); 4414 } 4415 4416 error = ddt_prune_unique_entries(spa, (zpool_ddt_prune_unit_t)unit, 4417 amount); 4418 4419 spa_close(spa, FTAG); 4420 4421 return (error); 4422 } 4423 4424 /* 4425 * This ioctl waits for activity of a particular type to complete. If there is 4426 * no activity of that type in progress, it returns immediately, and the 4427 * returned value "waited" is false. If there is activity in progress, and no 4428 * tag is passed in, the ioctl blocks until all activity of that type is 4429 * complete, and then returns with "waited" set to true. 4430 * 4431 * If a tag is provided, it identifies a particular instance of an activity to 4432 * wait for. Currently, this is only valid for use with 'initialize', because 4433 * that is the only activity for which there can be multiple instances running 4434 * concurrently. In the case of 'initialize', the tag corresponds to the guid of 4435 * the vdev on which to wait. 4436 * 4437 * If a thread waiting in the ioctl receives a signal, the call will return 4438 * immediately, and the return value will be EINTR. 4439 * 4440 * innvl: { 4441 * "wait_activity" -> int32_t 4442 * (optional) "wait_tag" -> uint64_t 4443 * } 4444 * 4445 * outnvl: "waited" -> boolean_t 4446 */ 4447 static const zfs_ioc_key_t zfs_keys_pool_wait[] = { 4448 {ZPOOL_WAIT_ACTIVITY, DATA_TYPE_INT32, 0}, 4449 {ZPOOL_WAIT_TAG, DATA_TYPE_UINT64, ZK_OPTIONAL}, 4450 }; 4451 4452 static int 4453 zfs_ioc_wait(const char *name, nvlist_t *innvl, nvlist_t *outnvl) 4454 { 4455 int32_t activity; 4456 uint64_t tag; 4457 boolean_t waited; 4458 int error; 4459 4460 if (nvlist_lookup_int32(innvl, ZPOOL_WAIT_ACTIVITY, &activity) != 0) 4461 return (EINVAL); 4462 4463 if (nvlist_lookup_uint64(innvl, ZPOOL_WAIT_TAG, &tag) == 0) 4464 error = spa_wait_tag(name, activity, tag, &waited); 4465 else 4466 error = spa_wait(name, activity, &waited); 4467 4468 if (error == 0) 4469 fnvlist_add_boolean_value(outnvl, ZPOOL_WAIT_WAITED, waited); 4470 4471 return (error); 4472 } 4473 4474 /* 4475 * This ioctl waits for activity of a particular type to complete. If there is 4476 * no activity of that type in progress, it returns immediately, and the 4477 * returned value "waited" is false. If there is activity in progress, and no 4478 * tag is passed in, the ioctl blocks until all activity of that type is 4479 * complete, and then returns with "waited" set to true. 4480 * 4481 * If a thread waiting in the ioctl receives a signal, the call will return 4482 * immediately, and the return value will be EINTR. 4483 * 4484 * innvl: { 4485 * "wait_activity" -> int32_t 4486 * } 4487 * 4488 * outnvl: "waited" -> boolean_t 4489 */ 4490 static const zfs_ioc_key_t zfs_keys_fs_wait[] = { 4491 {ZFS_WAIT_ACTIVITY, DATA_TYPE_INT32, 0}, 4492 }; 4493 4494 static int 4495 zfs_ioc_wait_fs(const char *name, nvlist_t *innvl, nvlist_t *outnvl) 4496 { 4497 int32_t activity; 4498 boolean_t waited = B_FALSE; 4499 int error; 4500 dsl_pool_t *dp; 4501 dsl_dir_t *dd; 4502 dsl_dataset_t *ds; 4503 4504 if (nvlist_lookup_int32(innvl, ZFS_WAIT_ACTIVITY, &activity) != 0) 4505 return (SET_ERROR(EINVAL)); 4506 4507 if (activity >= ZFS_WAIT_NUM_ACTIVITIES || activity < 0) 4508 return (SET_ERROR(EINVAL)); 4509 4510 if ((error = dsl_pool_hold(name, FTAG, &dp)) != 0) 4511 return (error); 4512 4513 if ((error = dsl_dataset_hold(dp, name, FTAG, &ds)) != 0) { 4514 dsl_pool_rele(dp, FTAG); 4515 return (error); 4516 } 4517 4518 dd = ds->ds_dir; 4519 mutex_enter(&dd->dd_activity_lock); 4520 dd->dd_activity_waiters++; 4521 4522 /* 4523 * We get a long-hold here so that the dsl_dataset_t and dsl_dir_t 4524 * aren't evicted while we're waiting. Normally this is prevented by 4525 * holding the pool, but we can't do that while we're waiting since 4526 * that would prevent TXGs from syncing out. Some of the functionality 4527 * of long-holds (e.g. preventing deletion) is unnecessary for this 4528 * case, since we would cancel the waiters before proceeding with a 4529 * deletion. An alternative mechanism for keeping the dataset around 4530 * could be developed but this is simpler. 4531 */ 4532 dsl_dataset_long_hold(ds, FTAG); 4533 dsl_pool_rele(dp, FTAG); 4534 4535 error = dsl_dir_wait(dd, ds, activity, &waited); 4536 4537 dsl_dataset_long_rele(ds, FTAG); 4538 dd->dd_activity_waiters--; 4539 if (dd->dd_activity_waiters == 0) 4540 cv_signal(&dd->dd_activity_cv); 4541 mutex_exit(&dd->dd_activity_lock); 4542 4543 dsl_dataset_rele(ds, FTAG); 4544 4545 if (error == 0) 4546 fnvlist_add_boolean_value(outnvl, ZFS_WAIT_WAITED, waited); 4547 4548 return (error); 4549 } 4550 4551 /* 4552 * fsname is name of dataset to rollback (to most recent snapshot) 4553 * 4554 * innvl may contain name of expected target snapshot 4555 * 4556 * outnvl: "target" -> name of most recent snapshot 4557 * } 4558 */ 4559 static const zfs_ioc_key_t zfs_keys_rollback[] = { 4560 {"target", DATA_TYPE_STRING, ZK_OPTIONAL}, 4561 }; 4562 4563 static int 4564 zfs_ioc_rollback(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 4565 { 4566 zfsvfs_t *zfsvfs; 4567 zvol_state_handle_t *zv; 4568 const char *target = NULL; 4569 int error; 4570 4571 (void) nvlist_lookup_string(innvl, "target", &target); 4572 if (target != NULL) { 4573 const char *cp = strchr(target, '@'); 4574 4575 /* 4576 * The snap name must contain an @, and the part after it must 4577 * contain only valid characters. 4578 */ 4579 if (cp == NULL || 4580 zfs_component_namecheck(cp + 1, NULL, NULL) != 0) 4581 return (SET_ERROR(EINVAL)); 4582 } 4583 4584 if (getzfsvfs(fsname, &zfsvfs) == 0) { 4585 dsl_dataset_t *ds; 4586 4587 ds = dmu_objset_ds(zfsvfs->z_os); 4588 error = zfs_suspend_fs(zfsvfs); 4589 if (error == 0) { 4590 int resume_err; 4591 4592 error = dsl_dataset_rollback(fsname, target, zfsvfs, 4593 outnvl); 4594 resume_err = zfs_resume_fs(zfsvfs, ds); 4595 error = error ? error : resume_err; 4596 } 4597 zfs_vfs_rele(zfsvfs); 4598 } else if ((zv = zvol_suspend(fsname)) != NULL) { 4599 error = dsl_dataset_rollback(fsname, target, zvol_tag(zv), 4600 outnvl); 4601 zvol_resume(zv); 4602 } else { 4603 error = dsl_dataset_rollback(fsname, target, NULL, outnvl); 4604 } 4605 return (error); 4606 } 4607 4608 static int 4609 recursive_unmount(const char *fsname, void *arg) 4610 { 4611 const char *snapname = arg; 4612 char *fullname; 4613 4614 fullname = kmem_asprintf("%s@%s", fsname, snapname); 4615 zfs_unmount_snap(fullname); 4616 kmem_strfree(fullname); 4617 4618 return (0); 4619 } 4620 4621 /* 4622 * 4623 * snapname is the snapshot to redact. 4624 * innvl: { 4625 * "bookname" -> (string) 4626 * shortname of the redaction bookmark to generate 4627 * "snapnv" -> (nvlist, values ignored) 4628 * snapshots to redact snapname with respect to 4629 * } 4630 * 4631 * outnvl is unused 4632 */ 4633 4634 static const zfs_ioc_key_t zfs_keys_redact[] = { 4635 {"bookname", DATA_TYPE_STRING, 0}, 4636 {"snapnv", DATA_TYPE_NVLIST, 0}, 4637 }; 4638 4639 static int 4640 zfs_ioc_redact(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl) 4641 { 4642 (void) outnvl; 4643 nvlist_t *redactnvl = NULL; 4644 const char *redactbook = NULL; 4645 4646 if (nvlist_lookup_nvlist(innvl, "snapnv", &redactnvl) != 0) 4647 return (SET_ERROR(EINVAL)); 4648 if (fnvlist_num_pairs(redactnvl) == 0) 4649 return (SET_ERROR(ENXIO)); 4650 if (nvlist_lookup_string(innvl, "bookname", &redactbook) != 0) 4651 return (SET_ERROR(EINVAL)); 4652 4653 return (dmu_redact_snap(snapname, redactnvl, redactbook)); 4654 } 4655 4656 /* 4657 * inputs: 4658 * zc_name old name of dataset 4659 * zc_value new name of dataset 4660 * zc_cookie recursive flag (only valid for snapshots) 4661 * 4662 * outputs: none 4663 */ 4664 static int 4665 zfs_ioc_rename(zfs_cmd_t *zc) 4666 { 4667 objset_t *os; 4668 dmu_objset_type_t ost; 4669 boolean_t recursive = zc->zc_cookie & 1; 4670 boolean_t nounmount = !!(zc->zc_cookie & 2); 4671 char *at; 4672 int err; 4673 4674 /* "zfs rename" from and to ...%recv datasets should both fail */ 4675 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0'; 4676 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0'; 4677 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0 || 4678 dataset_namecheck(zc->zc_value, NULL, NULL) != 0 || 4679 strchr(zc->zc_name, '%') || strchr(zc->zc_value, '%')) 4680 return (SET_ERROR(EINVAL)); 4681 4682 err = dmu_objset_hold(zc->zc_name, FTAG, &os); 4683 if (err != 0) 4684 return (err); 4685 ost = dmu_objset_type(os); 4686 dmu_objset_rele(os, FTAG); 4687 4688 at = strchr(zc->zc_name, '@'); 4689 if (at != NULL) { 4690 /* snaps must be in same fs */ 4691 int error; 4692 4693 if (strncmp(zc->zc_name, zc->zc_value, at - zc->zc_name + 1)) 4694 return (SET_ERROR(EXDEV)); 4695 *at = '\0'; 4696 if (ost == DMU_OST_ZFS && !nounmount) { 4697 error = dmu_objset_find(zc->zc_name, 4698 recursive_unmount, at + 1, 4699 recursive ? DS_FIND_CHILDREN : 0); 4700 if (error != 0) { 4701 *at = '@'; 4702 return (error); 4703 } 4704 } 4705 error = dsl_dataset_rename_snapshot(zc->zc_name, 4706 at + 1, strchr(zc->zc_value, '@') + 1, recursive); 4707 *at = '@'; 4708 4709 return (error); 4710 } else { 4711 return (dsl_dir_rename(zc->zc_name, zc->zc_value)); 4712 } 4713 } 4714 4715 static int 4716 zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr) 4717 { 4718 const char *propname = nvpair_name(pair); 4719 boolean_t issnap = (strchr(dsname, '@') != NULL); 4720 zfs_prop_t prop = zfs_name_to_prop(propname); 4721 uint64_t intval, compval; 4722 int err; 4723 4724 if (prop == ZPROP_USERPROP) { 4725 if (zfs_prop_user(propname)) { 4726 if ((err = zfs_secpolicy_write_perms(dsname, 4727 ZFS_DELEG_PERM_USERPROP, cr))) 4728 return (err); 4729 return (0); 4730 } 4731 4732 if (!issnap && zfs_prop_userquota(propname)) { 4733 const char *perm = NULL; 4734 const char *uq_prefix = 4735 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA]; 4736 const char *gq_prefix = 4737 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA]; 4738 const char *uiq_prefix = 4739 zfs_userquota_prop_prefixes[ZFS_PROP_USEROBJQUOTA]; 4740 const char *giq_prefix = 4741 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPOBJQUOTA]; 4742 const char *pq_prefix = 4743 zfs_userquota_prop_prefixes[ZFS_PROP_PROJECTQUOTA]; 4744 const char *piq_prefix = zfs_userquota_prop_prefixes[\ 4745 ZFS_PROP_PROJECTOBJQUOTA]; 4746 4747 if (strncmp(propname, uq_prefix, 4748 strlen(uq_prefix)) == 0) { 4749 perm = ZFS_DELEG_PERM_USERQUOTA; 4750 } else if (strncmp(propname, uiq_prefix, 4751 strlen(uiq_prefix)) == 0) { 4752 perm = ZFS_DELEG_PERM_USEROBJQUOTA; 4753 } else if (strncmp(propname, gq_prefix, 4754 strlen(gq_prefix)) == 0) { 4755 perm = ZFS_DELEG_PERM_GROUPQUOTA; 4756 } else if (strncmp(propname, giq_prefix, 4757 strlen(giq_prefix)) == 0) { 4758 perm = ZFS_DELEG_PERM_GROUPOBJQUOTA; 4759 } else if (strncmp(propname, pq_prefix, 4760 strlen(pq_prefix)) == 0) { 4761 perm = ZFS_DELEG_PERM_PROJECTQUOTA; 4762 } else if (strncmp(propname, piq_prefix, 4763 strlen(piq_prefix)) == 0) { 4764 perm = ZFS_DELEG_PERM_PROJECTOBJQUOTA; 4765 } else { 4766 /* {USER|GROUP|PROJECT}USED are read-only */ 4767 return (SET_ERROR(EINVAL)); 4768 } 4769 4770 if ((err = zfs_secpolicy_write_perms(dsname, perm, cr))) 4771 return (err); 4772 return (0); 4773 } 4774 4775 return (SET_ERROR(EINVAL)); 4776 } 4777 4778 if (issnap) 4779 return (SET_ERROR(EINVAL)); 4780 4781 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 4782 /* 4783 * dsl_prop_get_all_impl() returns properties in this 4784 * format. 4785 */ 4786 nvlist_t *attrs; 4787 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 4788 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 4789 &pair) == 0); 4790 } 4791 4792 /* 4793 * Check that this value is valid for this pool version 4794 */ 4795 switch (prop) { 4796 case ZFS_PROP_COMPRESSION: 4797 /* 4798 * If the user specified gzip compression, make sure 4799 * the SPA supports it. We ignore any errors here since 4800 * we'll catch them later. 4801 */ 4802 if (nvpair_value_uint64(pair, &intval) == 0) { 4803 compval = ZIO_COMPRESS_ALGO(intval); 4804 if (compval >= ZIO_COMPRESS_GZIP_1 && 4805 compval <= ZIO_COMPRESS_GZIP_9 && 4806 zfs_earlier_version(dsname, 4807 SPA_VERSION_GZIP_COMPRESSION)) { 4808 return (SET_ERROR(ENOTSUP)); 4809 } 4810 4811 if (compval == ZIO_COMPRESS_ZLE && 4812 zfs_earlier_version(dsname, 4813 SPA_VERSION_ZLE_COMPRESSION)) 4814 return (SET_ERROR(ENOTSUP)); 4815 4816 if (compval == ZIO_COMPRESS_LZ4) { 4817 spa_t *spa; 4818 4819 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 4820 return (err); 4821 4822 if (!spa_feature_is_enabled(spa, 4823 SPA_FEATURE_LZ4_COMPRESS)) { 4824 spa_close(spa, FTAG); 4825 return (SET_ERROR(ENOTSUP)); 4826 } 4827 spa_close(spa, FTAG); 4828 } 4829 4830 if (compval == ZIO_COMPRESS_ZSTD) { 4831 spa_t *spa; 4832 4833 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 4834 return (err); 4835 4836 if (!spa_feature_is_enabled(spa, 4837 SPA_FEATURE_ZSTD_COMPRESS)) { 4838 spa_close(spa, FTAG); 4839 return (SET_ERROR(ENOTSUP)); 4840 } 4841 spa_close(spa, FTAG); 4842 } 4843 } 4844 break; 4845 4846 case ZFS_PROP_COPIES: 4847 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS)) 4848 return (SET_ERROR(ENOTSUP)); 4849 break; 4850 4851 case ZFS_PROP_VOLBLOCKSIZE: 4852 case ZFS_PROP_RECORDSIZE: 4853 /* Record sizes above 128k need the feature to be enabled */ 4854 if (nvpair_value_uint64(pair, &intval) == 0 && 4855 intval > SPA_OLD_MAXBLOCKSIZE) { 4856 spa_t *spa; 4857 4858 /* 4859 * We don't allow setting the property above 1MB, 4860 * unless the tunable has been changed. 4861 */ 4862 if (intval > zfs_max_recordsize || 4863 intval > SPA_MAXBLOCKSIZE) 4864 return (SET_ERROR(ERANGE)); 4865 4866 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 4867 return (err); 4868 4869 if (!spa_feature_is_enabled(spa, 4870 SPA_FEATURE_LARGE_BLOCKS)) { 4871 spa_close(spa, FTAG); 4872 return (SET_ERROR(ENOTSUP)); 4873 } 4874 spa_close(spa, FTAG); 4875 } 4876 break; 4877 4878 case ZFS_PROP_DNODESIZE: 4879 /* Dnode sizes above 512 need the feature to be enabled */ 4880 if (nvpair_value_uint64(pair, &intval) == 0 && 4881 intval != ZFS_DNSIZE_LEGACY) { 4882 spa_t *spa; 4883 4884 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 4885 return (err); 4886 4887 if (!spa_feature_is_enabled(spa, 4888 SPA_FEATURE_LARGE_DNODE)) { 4889 spa_close(spa, FTAG); 4890 return (SET_ERROR(ENOTSUP)); 4891 } 4892 spa_close(spa, FTAG); 4893 } 4894 break; 4895 4896 case ZFS_PROP_SPECIAL_SMALL_BLOCKS: 4897 /* 4898 * This property could require the allocation classes 4899 * feature to be active for setting, however we allow 4900 * it so that tests of settable properties succeed. 4901 * The CLI will issue a warning in this case. 4902 */ 4903 break; 4904 4905 case ZFS_PROP_SHARESMB: 4906 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID)) 4907 return (SET_ERROR(ENOTSUP)); 4908 break; 4909 4910 case ZFS_PROP_ACLINHERIT: 4911 if (nvpair_type(pair) == DATA_TYPE_UINT64 && 4912 nvpair_value_uint64(pair, &intval) == 0) { 4913 if (intval == ZFS_ACL_PASSTHROUGH_X && 4914 zfs_earlier_version(dsname, 4915 SPA_VERSION_PASSTHROUGH_X)) 4916 return (SET_ERROR(ENOTSUP)); 4917 } 4918 break; 4919 case ZFS_PROP_CHECKSUM: 4920 case ZFS_PROP_DEDUP: 4921 { 4922 spa_feature_t feature; 4923 spa_t *spa; 4924 int err; 4925 4926 /* dedup feature version checks */ 4927 if (prop == ZFS_PROP_DEDUP && 4928 zfs_earlier_version(dsname, SPA_VERSION_DEDUP)) 4929 return (SET_ERROR(ENOTSUP)); 4930 4931 if (nvpair_type(pair) == DATA_TYPE_UINT64 && 4932 nvpair_value_uint64(pair, &intval) == 0) { 4933 /* check prop value is enabled in features */ 4934 feature = zio_checksum_to_feature( 4935 intval & ZIO_CHECKSUM_MASK); 4936 if (feature == SPA_FEATURE_NONE) 4937 break; 4938 4939 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 4940 return (err); 4941 4942 if (!spa_feature_is_enabled(spa, feature)) { 4943 spa_close(spa, FTAG); 4944 return (SET_ERROR(ENOTSUP)); 4945 } 4946 spa_close(spa, FTAG); 4947 } 4948 break; 4949 } 4950 4951 default: 4952 break; 4953 } 4954 4955 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED())); 4956 } 4957 4958 /* 4959 * Removes properties from the given props list that fail permission checks 4960 * needed to clear them and to restore them in case of a receive error. For each 4961 * property, make sure we have both set and inherit permissions. 4962 * 4963 * Returns the first error encountered if any permission checks fail. If the 4964 * caller provides a non-NULL errlist, it also gives the complete list of names 4965 * of all the properties that failed a permission check along with the 4966 * corresponding error numbers. The caller is responsible for freeing the 4967 * returned errlist. 4968 * 4969 * If every property checks out successfully, zero is returned and the list 4970 * pointed at by errlist is NULL. 4971 */ 4972 static int 4973 zfs_check_clearable(const char *dataset, nvlist_t *props, nvlist_t **errlist) 4974 { 4975 zfs_cmd_t *zc; 4976 nvpair_t *pair, *next_pair; 4977 nvlist_t *errors; 4978 int err, rv = 0; 4979 4980 if (props == NULL) 4981 return (0); 4982 4983 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0); 4984 4985 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP); 4986 (void) strlcpy(zc->zc_name, dataset, sizeof (zc->zc_name)); 4987 pair = nvlist_next_nvpair(props, NULL); 4988 while (pair != NULL) { 4989 next_pair = nvlist_next_nvpair(props, pair); 4990 4991 (void) strlcpy(zc->zc_value, nvpair_name(pair), 4992 sizeof (zc->zc_value)); 4993 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 || 4994 (err = zfs_secpolicy_inherit_prop(zc, NULL, CRED())) != 0) { 4995 VERIFY(nvlist_remove_nvpair(props, pair) == 0); 4996 VERIFY(nvlist_add_int32(errors, 4997 zc->zc_value, err) == 0); 4998 } 4999 pair = next_pair; 5000 } 5001 kmem_free(zc, sizeof (zfs_cmd_t)); 5002 5003 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) { 5004 nvlist_free(errors); 5005 errors = NULL; 5006 } else { 5007 VERIFY(nvpair_value_int32(pair, &rv) == 0); 5008 } 5009 5010 if (errlist == NULL) 5011 nvlist_free(errors); 5012 else 5013 *errlist = errors; 5014 5015 return (rv); 5016 } 5017 5018 static boolean_t 5019 propval_equals(nvpair_t *p1, nvpair_t *p2) 5020 { 5021 if (nvpair_type(p1) == DATA_TYPE_NVLIST) { 5022 /* dsl_prop_get_all_impl() format */ 5023 nvlist_t *attrs; 5024 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0); 5025 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 5026 &p1) == 0); 5027 } 5028 5029 if (nvpair_type(p2) == DATA_TYPE_NVLIST) { 5030 nvlist_t *attrs; 5031 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0); 5032 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 5033 &p2) == 0); 5034 } 5035 5036 if (nvpair_type(p1) != nvpair_type(p2)) 5037 return (B_FALSE); 5038 5039 if (nvpair_type(p1) == DATA_TYPE_STRING) { 5040 const char *valstr1, *valstr2; 5041 5042 VERIFY(nvpair_value_string(p1, &valstr1) == 0); 5043 VERIFY(nvpair_value_string(p2, &valstr2) == 0); 5044 return (strcmp(valstr1, valstr2) == 0); 5045 } else { 5046 uint64_t intval1, intval2; 5047 5048 VERIFY(nvpair_value_uint64(p1, &intval1) == 0); 5049 VERIFY(nvpair_value_uint64(p2, &intval2) == 0); 5050 return (intval1 == intval2); 5051 } 5052 } 5053 5054 /* 5055 * Remove properties from props if they are not going to change (as determined 5056 * by comparison with origprops). Remove them from origprops as well, since we 5057 * do not need to clear or restore properties that won't change. 5058 */ 5059 static void 5060 props_reduce(nvlist_t *props, nvlist_t *origprops) 5061 { 5062 nvpair_t *pair, *next_pair; 5063 5064 if (origprops == NULL) 5065 return; /* all props need to be received */ 5066 5067 pair = nvlist_next_nvpair(props, NULL); 5068 while (pair != NULL) { 5069 const char *propname = nvpair_name(pair); 5070 nvpair_t *match; 5071 5072 next_pair = nvlist_next_nvpair(props, pair); 5073 5074 if ((nvlist_lookup_nvpair(origprops, propname, 5075 &match) != 0) || !propval_equals(pair, match)) 5076 goto next; /* need to set received value */ 5077 5078 /* don't clear the existing received value */ 5079 (void) nvlist_remove_nvpair(origprops, match); 5080 /* don't bother receiving the property */ 5081 (void) nvlist_remove_nvpair(props, pair); 5082 next: 5083 pair = next_pair; 5084 } 5085 } 5086 5087 /* 5088 * Extract properties that cannot be set PRIOR to the receipt of a dataset. 5089 * For example, refquota cannot be set until after the receipt of a dataset, 5090 * because in replication streams, an older/earlier snapshot may exceed the 5091 * refquota. We want to receive the older/earlier snapshot, but setting 5092 * refquota pre-receipt will set the dsl's ACTUAL quota, which will prevent 5093 * the older/earlier snapshot from being received (with EDQUOT). 5094 * 5095 * The ZFS test "zfs_receive_011_pos" demonstrates such a scenario. 5096 * 5097 * libzfs will need to be judicious handling errors encountered by props 5098 * extracted by this function. 5099 */ 5100 static nvlist_t * 5101 extract_delay_props(nvlist_t *props) 5102 { 5103 nvlist_t *delayprops; 5104 nvpair_t *nvp, *tmp; 5105 static const zfs_prop_t delayable[] = { 5106 ZFS_PROP_REFQUOTA, 5107 ZFS_PROP_KEYLOCATION, 5108 /* 5109 * Setting ZFS_PROP_SHARESMB requires the objset type to be 5110 * known, which is not possible prior to receipt of raw sends. 5111 */ 5112 ZFS_PROP_SHARESMB, 5113 0 5114 }; 5115 int i; 5116 5117 VERIFY(nvlist_alloc(&delayprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 5118 5119 for (nvp = nvlist_next_nvpair(props, NULL); nvp != NULL; 5120 nvp = nvlist_next_nvpair(props, nvp)) { 5121 /* 5122 * strcmp() is safe because zfs_prop_to_name() always returns 5123 * a bounded string. 5124 */ 5125 for (i = 0; delayable[i] != 0; i++) { 5126 if (strcmp(zfs_prop_to_name(delayable[i]), 5127 nvpair_name(nvp)) == 0) { 5128 break; 5129 } 5130 } 5131 if (delayable[i] != 0) { 5132 tmp = nvlist_prev_nvpair(props, nvp); 5133 VERIFY(nvlist_add_nvpair(delayprops, nvp) == 0); 5134 VERIFY(nvlist_remove_nvpair(props, nvp) == 0); 5135 nvp = tmp; 5136 } 5137 } 5138 5139 if (nvlist_empty(delayprops)) { 5140 nvlist_free(delayprops); 5141 delayprops = NULL; 5142 } 5143 return (delayprops); 5144 } 5145 5146 static void 5147 zfs_allow_log_destroy(void *arg) 5148 { 5149 char *poolname = arg; 5150 5151 if (poolname != NULL) 5152 kmem_strfree(poolname); 5153 } 5154 5155 #ifdef ZFS_DEBUG 5156 static boolean_t zfs_ioc_recv_inject_err; 5157 #endif 5158 5159 /* 5160 * nvlist 'errors' is always allocated. It will contain descriptions of 5161 * encountered errors, if any. It's the callers responsibility to free. 5162 */ 5163 static int 5164 zfs_ioc_recv_impl(char *tofs, char *tosnap, const char *origin, 5165 nvlist_t *recvprops, nvlist_t *localprops, nvlist_t *hidden_args, 5166 boolean_t force, boolean_t heal, boolean_t resumable, int input_fd, 5167 dmu_replay_record_t *begin_record, uint64_t *read_bytes, 5168 uint64_t *errflags, nvlist_t **errors) 5169 { 5170 dmu_recv_cookie_t drc; 5171 int error = 0; 5172 int props_error = 0; 5173 offset_t off, noff; 5174 nvlist_t *local_delayprops = NULL; 5175 nvlist_t *recv_delayprops = NULL; 5176 nvlist_t *inherited_delayprops = NULL; 5177 nvlist_t *origprops = NULL; /* existing properties */ 5178 nvlist_t *origrecvd = NULL; /* existing received properties */ 5179 boolean_t first_recvd_props = B_FALSE; 5180 boolean_t tofs_was_redacted; 5181 zfs_file_t *input_fp; 5182 5183 *read_bytes = 0; 5184 *errflags = 0; 5185 *errors = fnvlist_alloc(); 5186 off = 0; 5187 5188 if ((input_fp = zfs_file_get(input_fd)) == NULL) 5189 return (SET_ERROR(EBADF)); 5190 5191 noff = off = zfs_file_off(input_fp); 5192 error = dmu_recv_begin(tofs, tosnap, begin_record, force, heal, 5193 resumable, localprops, hidden_args, origin, &drc, input_fp, 5194 &off); 5195 if (error != 0) 5196 goto out; 5197 tofs_was_redacted = dsl_get_redacted(drc.drc_ds); 5198 5199 /* 5200 * Set properties before we receive the stream so that they are applied 5201 * to the new data. Note that we must call dmu_recv_stream() if 5202 * dmu_recv_begin() succeeds. 5203 */ 5204 if (recvprops != NULL && !drc.drc_newfs) { 5205 if (spa_version(dsl_dataset_get_spa(drc.drc_ds)) >= 5206 SPA_VERSION_RECVD_PROPS && 5207 !dsl_prop_get_hasrecvd(tofs)) 5208 first_recvd_props = B_TRUE; 5209 5210 /* 5211 * If new received properties are supplied, they are to 5212 * completely replace the existing received properties, 5213 * so stash away the existing ones. 5214 */ 5215 if (dsl_prop_get_received(tofs, &origrecvd) == 0) { 5216 nvlist_t *errlist = NULL; 5217 /* 5218 * Don't bother writing a property if its value won't 5219 * change (and avoid the unnecessary security checks). 5220 * 5221 * The first receive after SPA_VERSION_RECVD_PROPS is a 5222 * special case where we blow away all local properties 5223 * regardless. 5224 */ 5225 if (!first_recvd_props) 5226 props_reduce(recvprops, origrecvd); 5227 if (zfs_check_clearable(tofs, origrecvd, &errlist) != 0) 5228 (void) nvlist_merge(*errors, errlist, 0); 5229 nvlist_free(errlist); 5230 5231 if (clear_received_props(tofs, origrecvd, 5232 first_recvd_props ? NULL : recvprops) != 0) 5233 *errflags |= ZPROP_ERR_NOCLEAR; 5234 } else { 5235 *errflags |= ZPROP_ERR_NOCLEAR; 5236 } 5237 } 5238 5239 /* 5240 * Stash away existing properties so we can restore them on error unless 5241 * we're doing the first receive after SPA_VERSION_RECVD_PROPS, in which 5242 * case "origrecvd" will take care of that. 5243 */ 5244 if (localprops != NULL && !drc.drc_newfs && !first_recvd_props) { 5245 objset_t *os; 5246 if (dmu_objset_hold(tofs, FTAG, &os) == 0) { 5247 if (dsl_prop_get_all(os, &origprops) != 0) { 5248 *errflags |= ZPROP_ERR_NOCLEAR; 5249 } 5250 dmu_objset_rele(os, FTAG); 5251 } else { 5252 *errflags |= ZPROP_ERR_NOCLEAR; 5253 } 5254 } 5255 5256 if (recvprops != NULL) { 5257 props_error = dsl_prop_set_hasrecvd(tofs); 5258 5259 if (props_error == 0) { 5260 recv_delayprops = extract_delay_props(recvprops); 5261 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED, 5262 recvprops, *errors); 5263 } 5264 } 5265 5266 if (localprops != NULL) { 5267 nvlist_t *oprops = fnvlist_alloc(); 5268 nvlist_t *xprops = fnvlist_alloc(); 5269 nvpair_t *nvp = NULL; 5270 5271 while ((nvp = nvlist_next_nvpair(localprops, nvp)) != NULL) { 5272 if (nvpair_type(nvp) == DATA_TYPE_BOOLEAN) { 5273 /* -x property */ 5274 const char *name = nvpair_name(nvp); 5275 zfs_prop_t prop = zfs_name_to_prop(name); 5276 if (prop != ZPROP_USERPROP) { 5277 if (!zfs_prop_inheritable(prop)) 5278 continue; 5279 } else if (!zfs_prop_user(name)) 5280 continue; 5281 fnvlist_add_boolean(xprops, name); 5282 } else { 5283 /* -o property=value */ 5284 fnvlist_add_nvpair(oprops, nvp); 5285 } 5286 } 5287 5288 local_delayprops = extract_delay_props(oprops); 5289 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL, 5290 oprops, *errors); 5291 inherited_delayprops = extract_delay_props(xprops); 5292 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED, 5293 xprops, *errors); 5294 5295 nvlist_free(oprops); 5296 nvlist_free(xprops); 5297 } 5298 5299 error = dmu_recv_stream(&drc, &off); 5300 5301 if (error == 0) { 5302 zfsvfs_t *zfsvfs = NULL; 5303 zvol_state_handle_t *zv = NULL; 5304 5305 if (getzfsvfs(tofs, &zfsvfs) == 0) { 5306 /* online recv */ 5307 dsl_dataset_t *ds; 5308 int end_err; 5309 boolean_t stream_is_redacted = DMU_GET_FEATUREFLAGS( 5310 begin_record->drr_u.drr_begin. 5311 drr_versioninfo) & DMU_BACKUP_FEATURE_REDACTED; 5312 5313 ds = dmu_objset_ds(zfsvfs->z_os); 5314 error = zfs_suspend_fs(zfsvfs); 5315 /* 5316 * If the suspend fails, then the recv_end will 5317 * likely also fail, and clean up after itself. 5318 */ 5319 end_err = dmu_recv_end(&drc, zfsvfs); 5320 /* 5321 * If the dataset was not redacted, but we received a 5322 * redacted stream onto it, we need to unmount the 5323 * dataset. Otherwise, resume the filesystem. 5324 */ 5325 if (error == 0 && !drc.drc_newfs && 5326 stream_is_redacted && !tofs_was_redacted) { 5327 error = zfs_end_fs(zfsvfs, ds); 5328 } else if (error == 0) { 5329 error = zfs_resume_fs(zfsvfs, ds); 5330 } 5331 error = error ? error : end_err; 5332 zfs_vfs_rele(zfsvfs); 5333 } else if ((zv = zvol_suspend(tofs)) != NULL) { 5334 error = dmu_recv_end(&drc, zvol_tag(zv)); 5335 zvol_resume(zv); 5336 } else { 5337 error = dmu_recv_end(&drc, NULL); 5338 } 5339 5340 /* Set delayed properties now, after we're done receiving. */ 5341 if (recv_delayprops != NULL && error == 0) { 5342 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED, 5343 recv_delayprops, *errors); 5344 } 5345 if (local_delayprops != NULL && error == 0) { 5346 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL, 5347 local_delayprops, *errors); 5348 } 5349 if (inherited_delayprops != NULL && error == 0) { 5350 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED, 5351 inherited_delayprops, *errors); 5352 } 5353 } 5354 5355 /* 5356 * Merge delayed props back in with initial props, in case 5357 * we're DEBUG and zfs_ioc_recv_inject_err is set (which means 5358 * we have to make sure clear_received_props() includes 5359 * the delayed properties). 5360 * 5361 * Since zfs_ioc_recv_inject_err is only in DEBUG kernels, 5362 * using ASSERT() will be just like a VERIFY. 5363 */ 5364 if (recv_delayprops != NULL) { 5365 ASSERT(nvlist_merge(recvprops, recv_delayprops, 0) == 0); 5366 nvlist_free(recv_delayprops); 5367 } 5368 if (local_delayprops != NULL) { 5369 ASSERT(nvlist_merge(localprops, local_delayprops, 0) == 0); 5370 nvlist_free(local_delayprops); 5371 } 5372 if (inherited_delayprops != NULL) { 5373 ASSERT(nvlist_merge(localprops, inherited_delayprops, 0) == 0); 5374 nvlist_free(inherited_delayprops); 5375 } 5376 *read_bytes = off - noff; 5377 5378 #ifdef ZFS_DEBUG 5379 if (zfs_ioc_recv_inject_err) { 5380 zfs_ioc_recv_inject_err = B_FALSE; 5381 error = 1; 5382 } 5383 #endif 5384 5385 /* 5386 * On error, restore the original props. 5387 */ 5388 if (error != 0 && recvprops != NULL && !drc.drc_newfs) { 5389 if (clear_received_props(tofs, recvprops, NULL) != 0) { 5390 /* 5391 * We failed to clear the received properties. 5392 * Since we may have left a $recvd value on the 5393 * system, we can't clear the $hasrecvd flag. 5394 */ 5395 *errflags |= ZPROP_ERR_NORESTORE; 5396 } else if (first_recvd_props) { 5397 dsl_prop_unset_hasrecvd(tofs); 5398 } 5399 5400 if (origrecvd == NULL && !drc.drc_newfs) { 5401 /* We failed to stash the original properties. */ 5402 *errflags |= ZPROP_ERR_NORESTORE; 5403 } 5404 5405 /* 5406 * dsl_props_set() will not convert RECEIVED to LOCAL on or 5407 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL 5408 * explicitly if we're restoring local properties cleared in the 5409 * first new-style receive. 5410 */ 5411 if (origrecvd != NULL && 5412 zfs_set_prop_nvlist(tofs, (first_recvd_props ? 5413 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED), 5414 origrecvd, NULL) != 0) { 5415 /* 5416 * We stashed the original properties but failed to 5417 * restore them. 5418 */ 5419 *errflags |= ZPROP_ERR_NORESTORE; 5420 } 5421 } 5422 if (error != 0 && localprops != NULL && !drc.drc_newfs && 5423 !first_recvd_props) { 5424 nvlist_t *setprops; 5425 nvlist_t *inheritprops; 5426 nvpair_t *nvp; 5427 5428 if (origprops == NULL) { 5429 /* We failed to stash the original properties. */ 5430 *errflags |= ZPROP_ERR_NORESTORE; 5431 goto out; 5432 } 5433 5434 /* Restore original props */ 5435 setprops = fnvlist_alloc(); 5436 inheritprops = fnvlist_alloc(); 5437 nvp = NULL; 5438 while ((nvp = nvlist_next_nvpair(localprops, nvp)) != NULL) { 5439 const char *name = nvpair_name(nvp); 5440 const char *source; 5441 nvlist_t *attrs; 5442 5443 if (!nvlist_exists(origprops, name)) { 5444 /* 5445 * Property was not present or was explicitly 5446 * inherited before the receive, restore this. 5447 */ 5448 fnvlist_add_boolean(inheritprops, name); 5449 continue; 5450 } 5451 attrs = fnvlist_lookup_nvlist(origprops, name); 5452 source = fnvlist_lookup_string(attrs, ZPROP_SOURCE); 5453 5454 /* Skip received properties */ 5455 if (strcmp(source, ZPROP_SOURCE_VAL_RECVD) == 0) 5456 continue; 5457 5458 if (strcmp(source, tofs) == 0) { 5459 /* Property was locally set */ 5460 fnvlist_add_nvlist(setprops, name, attrs); 5461 } else { 5462 /* Property was implicitly inherited */ 5463 fnvlist_add_boolean(inheritprops, name); 5464 } 5465 } 5466 5467 if (zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL, setprops, 5468 NULL) != 0) 5469 *errflags |= ZPROP_ERR_NORESTORE; 5470 if (zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED, inheritprops, 5471 NULL) != 0) 5472 *errflags |= ZPROP_ERR_NORESTORE; 5473 5474 nvlist_free(setprops); 5475 nvlist_free(inheritprops); 5476 } 5477 out: 5478 zfs_file_put(input_fp); 5479 nvlist_free(origrecvd); 5480 nvlist_free(origprops); 5481 5482 if (error == 0) 5483 error = props_error; 5484 5485 return (error); 5486 } 5487 5488 /* 5489 * inputs: 5490 * zc_name name of containing filesystem (unused) 5491 * zc_nvlist_src{_size} nvlist of properties to apply 5492 * zc_nvlist_conf{_size} nvlist of properties to exclude 5493 * (DATA_TYPE_BOOLEAN) and override (everything else) 5494 * zc_value name of snapshot to create 5495 * zc_string name of clone origin (if DRR_FLAG_CLONE) 5496 * zc_cookie file descriptor to recv from 5497 * zc_begin_record the BEGIN record of the stream (not byteswapped) 5498 * zc_guid force flag 5499 * 5500 * outputs: 5501 * zc_cookie number of bytes read 5502 * zc_obj zprop_errflags_t 5503 * zc_nvlist_dst{_size} error for each unapplied received property 5504 */ 5505 static int 5506 zfs_ioc_recv(zfs_cmd_t *zc) 5507 { 5508 dmu_replay_record_t begin_record; 5509 nvlist_t *errors = NULL; 5510 nvlist_t *recvdprops = NULL; 5511 nvlist_t *localprops = NULL; 5512 const char *origin = NULL; 5513 char *tosnap; 5514 char tofs[ZFS_MAX_DATASET_NAME_LEN]; 5515 int error = 0; 5516 5517 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 || 5518 strchr(zc->zc_value, '@') == NULL || 5519 strchr(zc->zc_value, '%') != NULL) { 5520 return (SET_ERROR(EINVAL)); 5521 } 5522 5523 (void) strlcpy(tofs, zc->zc_value, sizeof (tofs)); 5524 tosnap = strchr(tofs, '@'); 5525 *tosnap++ = '\0'; 5526 5527 if (zc->zc_nvlist_src != 0 && 5528 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 5529 zc->zc_iflags, &recvdprops)) != 0) { 5530 goto out; 5531 } 5532 5533 if (zc->zc_nvlist_conf != 0 && 5534 (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 5535 zc->zc_iflags, &localprops)) != 0) { 5536 goto out; 5537 } 5538 5539 if (zc->zc_string[0]) 5540 origin = zc->zc_string; 5541 5542 begin_record.drr_type = DRR_BEGIN; 5543 begin_record.drr_payloadlen = 0; 5544 begin_record.drr_u.drr_begin = zc->zc_begin_record; 5545 5546 error = zfs_ioc_recv_impl(tofs, tosnap, origin, recvdprops, localprops, 5547 NULL, zc->zc_guid, B_FALSE, B_FALSE, zc->zc_cookie, &begin_record, 5548 &zc->zc_cookie, &zc->zc_obj, &errors); 5549 5550 /* 5551 * Now that all props, initial and delayed, are set, report the prop 5552 * errors to the caller. 5553 */ 5554 if (zc->zc_nvlist_dst_size != 0 && errors != NULL && 5555 (nvlist_smush(errors, zc->zc_nvlist_dst_size) != 0 || 5556 put_nvlist(zc, errors) != 0)) { 5557 /* 5558 * Caller made zc->zc_nvlist_dst less than the minimum expected 5559 * size or supplied an invalid address. 5560 */ 5561 error = SET_ERROR(EINVAL); 5562 } 5563 5564 out: 5565 nvlist_free(errors); 5566 nvlist_free(recvdprops); 5567 nvlist_free(localprops); 5568 5569 return (error); 5570 } 5571 5572 /* 5573 * innvl: { 5574 * "snapname" -> full name of the snapshot to create 5575 * (optional) "props" -> received properties to set (nvlist) 5576 * (optional) "localprops" -> override and exclude properties (nvlist) 5577 * (optional) "origin" -> name of clone origin (DRR_FLAG_CLONE) 5578 * "begin_record" -> non-byteswapped dmu_replay_record_t 5579 * "input_fd" -> file descriptor to read stream from (int32) 5580 * (optional) "force" -> force flag (value ignored) 5581 * (optional) "heal" -> use send stream to heal data corruption 5582 * (optional) "resumable" -> resumable flag (value ignored) 5583 * (optional) "cleanup_fd" -> unused 5584 * (optional) "action_handle" -> unused 5585 * (optional) "hidden_args" -> { "wkeydata" -> value } 5586 * } 5587 * 5588 * outnvl: { 5589 * "read_bytes" -> number of bytes read 5590 * "error_flags" -> zprop_errflags_t 5591 * "errors" -> error for each unapplied received property (nvlist) 5592 * } 5593 */ 5594 static const zfs_ioc_key_t zfs_keys_recv_new[] = { 5595 {"snapname", DATA_TYPE_STRING, 0}, 5596 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 5597 {"localprops", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 5598 {"origin", DATA_TYPE_STRING, ZK_OPTIONAL}, 5599 {"begin_record", DATA_TYPE_BYTE_ARRAY, 0}, 5600 {"input_fd", DATA_TYPE_INT32, 0}, 5601 {"force", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 5602 {"heal", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 5603 {"resumable", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 5604 {"cleanup_fd", DATA_TYPE_INT32, ZK_OPTIONAL}, 5605 {"action_handle", DATA_TYPE_UINT64, ZK_OPTIONAL}, 5606 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 5607 }; 5608 5609 static int 5610 zfs_ioc_recv_new(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 5611 { 5612 dmu_replay_record_t *begin_record; 5613 uint_t begin_record_size; 5614 nvlist_t *errors = NULL; 5615 nvlist_t *recvprops = NULL; 5616 nvlist_t *localprops = NULL; 5617 nvlist_t *hidden_args = NULL; 5618 const char *snapname; 5619 const char *origin = NULL; 5620 char *tosnap; 5621 char tofs[ZFS_MAX_DATASET_NAME_LEN]; 5622 boolean_t force; 5623 boolean_t heal; 5624 boolean_t resumable; 5625 uint64_t read_bytes = 0; 5626 uint64_t errflags = 0; 5627 int input_fd = -1; 5628 int error; 5629 5630 snapname = fnvlist_lookup_string(innvl, "snapname"); 5631 5632 if (dataset_namecheck(snapname, NULL, NULL) != 0 || 5633 strchr(snapname, '@') == NULL || 5634 strchr(snapname, '%') != NULL) { 5635 return (SET_ERROR(EINVAL)); 5636 } 5637 5638 (void) strlcpy(tofs, snapname, sizeof (tofs)); 5639 tosnap = strchr(tofs, '@'); 5640 *tosnap++ = '\0'; 5641 5642 error = nvlist_lookup_string(innvl, "origin", &origin); 5643 if (error && error != ENOENT) 5644 return (error); 5645 5646 error = nvlist_lookup_byte_array(innvl, "begin_record", 5647 (uchar_t **)&begin_record, &begin_record_size); 5648 if (error != 0 || begin_record_size != sizeof (*begin_record)) 5649 return (SET_ERROR(EINVAL)); 5650 5651 input_fd = fnvlist_lookup_int32(innvl, "input_fd"); 5652 5653 force = nvlist_exists(innvl, "force"); 5654 heal = nvlist_exists(innvl, "heal"); 5655 resumable = nvlist_exists(innvl, "resumable"); 5656 5657 /* we still use "props" here for backwards compatibility */ 5658 error = nvlist_lookup_nvlist(innvl, "props", &recvprops); 5659 if (error && error != ENOENT) 5660 goto out; 5661 5662 error = nvlist_lookup_nvlist(innvl, "localprops", &localprops); 5663 if (error && error != ENOENT) 5664 goto out; 5665 5666 error = nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args); 5667 if (error && error != ENOENT) 5668 goto out; 5669 5670 error = zfs_ioc_recv_impl(tofs, tosnap, origin, recvprops, localprops, 5671 hidden_args, force, heal, resumable, input_fd, begin_record, 5672 &read_bytes, &errflags, &errors); 5673 5674 fnvlist_add_uint64(outnvl, "read_bytes", read_bytes); 5675 fnvlist_add_uint64(outnvl, "error_flags", errflags); 5676 fnvlist_add_nvlist(outnvl, "errors", errors); 5677 5678 out: 5679 nvlist_free(errors); 5680 nvlist_free(recvprops); 5681 nvlist_free(localprops); 5682 nvlist_free(hidden_args); 5683 5684 return (error); 5685 } 5686 5687 /* 5688 * When stack space is limited, we write replication stream data to the target 5689 * on a separate taskq thread, to make sure there's enough stack space. 5690 */ 5691 #ifndef HAVE_LARGE_STACKS 5692 #define USE_SEND_TASKQ 1 5693 #endif 5694 5695 typedef struct dump_bytes_io { 5696 zfs_file_t *dbi_fp; 5697 caddr_t dbi_buf; 5698 int dbi_len; 5699 int dbi_err; 5700 } dump_bytes_io_t; 5701 5702 static void 5703 dump_bytes_cb(void *arg) 5704 { 5705 dump_bytes_io_t *dbi = (dump_bytes_io_t *)arg; 5706 zfs_file_t *fp; 5707 caddr_t buf; 5708 5709 fp = dbi->dbi_fp; 5710 buf = dbi->dbi_buf; 5711 5712 dbi->dbi_err = zfs_file_write(fp, buf, dbi->dbi_len, NULL); 5713 } 5714 5715 typedef struct dump_bytes_arg { 5716 zfs_file_t *dba_fp; 5717 #ifdef USE_SEND_TASKQ 5718 taskq_t *dba_tq; 5719 taskq_ent_t dba_tqent; 5720 #endif 5721 } dump_bytes_arg_t; 5722 5723 static int 5724 dump_bytes(objset_t *os, void *buf, int len, void *arg) 5725 { 5726 dump_bytes_arg_t *dba = (dump_bytes_arg_t *)arg; 5727 dump_bytes_io_t dbi; 5728 5729 dbi.dbi_fp = dba->dba_fp; 5730 dbi.dbi_buf = buf; 5731 dbi.dbi_len = len; 5732 5733 #ifdef USE_SEND_TASKQ 5734 taskq_dispatch_ent(dba->dba_tq, dump_bytes_cb, &dbi, TQ_SLEEP, 5735 &dba->dba_tqent); 5736 taskq_wait(dba->dba_tq); 5737 #else 5738 dump_bytes_cb(&dbi); 5739 #endif 5740 5741 return (dbi.dbi_err); 5742 } 5743 5744 static int 5745 dump_bytes_init(dump_bytes_arg_t *dba, int fd, dmu_send_outparams_t *out) 5746 { 5747 zfs_file_t *fp = zfs_file_get(fd); 5748 if (fp == NULL) 5749 return (SET_ERROR(EBADF)); 5750 5751 dba->dba_fp = fp; 5752 #ifdef USE_SEND_TASKQ 5753 dba->dba_tq = taskq_create("z_send", 1, defclsyspri, 0, 0, 0); 5754 taskq_init_ent(&dba->dba_tqent); 5755 #endif 5756 5757 memset(out, 0, sizeof (dmu_send_outparams_t)); 5758 out->dso_outfunc = dump_bytes; 5759 out->dso_arg = dba; 5760 out->dso_dryrun = B_FALSE; 5761 5762 return (0); 5763 } 5764 5765 static void 5766 dump_bytes_fini(dump_bytes_arg_t *dba) 5767 { 5768 zfs_file_put(dba->dba_fp); 5769 #ifdef USE_SEND_TASKQ 5770 taskq_destroy(dba->dba_tq); 5771 #endif 5772 } 5773 5774 /* 5775 * inputs: 5776 * zc_name name of snapshot to send 5777 * zc_cookie file descriptor to send stream to 5778 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj) 5779 * zc_sendobj objsetid of snapshot to send 5780 * zc_fromobj objsetid of incremental fromsnap (may be zero) 5781 * zc_guid if set, estimate size of stream only. zc_cookie is ignored. 5782 * output size in zc_objset_type. 5783 * zc_flags lzc_send_flags 5784 * 5785 * outputs: 5786 * zc_objset_type estimated size, if zc_guid is set 5787 * 5788 * NOTE: This is no longer the preferred interface, any new functionality 5789 * should be added to zfs_ioc_send_new() instead. 5790 */ 5791 static int 5792 zfs_ioc_send(zfs_cmd_t *zc) 5793 { 5794 int error; 5795 offset_t off; 5796 boolean_t estimate = (zc->zc_guid != 0); 5797 boolean_t embedok = (zc->zc_flags & 0x1); 5798 boolean_t large_block_ok = (zc->zc_flags & 0x2); 5799 boolean_t compressok = (zc->zc_flags & 0x4); 5800 boolean_t rawok = (zc->zc_flags & 0x8); 5801 boolean_t savedok = (zc->zc_flags & 0x10); 5802 5803 if (zc->zc_obj != 0) { 5804 dsl_pool_t *dp; 5805 dsl_dataset_t *tosnap; 5806 5807 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 5808 if (error != 0) 5809 return (error); 5810 5811 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &tosnap); 5812 if (error != 0) { 5813 dsl_pool_rele(dp, FTAG); 5814 return (error); 5815 } 5816 5817 if (dsl_dir_is_clone(tosnap->ds_dir)) 5818 zc->zc_fromobj = 5819 dsl_dir_phys(tosnap->ds_dir)->dd_origin_obj; 5820 dsl_dataset_rele(tosnap, FTAG); 5821 dsl_pool_rele(dp, FTAG); 5822 } 5823 5824 if (estimate) { 5825 dsl_pool_t *dp; 5826 dsl_dataset_t *tosnap; 5827 dsl_dataset_t *fromsnap = NULL; 5828 5829 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 5830 if (error != 0) 5831 return (error); 5832 5833 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, 5834 FTAG, &tosnap); 5835 if (error != 0) { 5836 dsl_pool_rele(dp, FTAG); 5837 return (error); 5838 } 5839 5840 if (zc->zc_fromobj != 0) { 5841 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj, 5842 FTAG, &fromsnap); 5843 if (error != 0) { 5844 dsl_dataset_rele(tosnap, FTAG); 5845 dsl_pool_rele(dp, FTAG); 5846 return (error); 5847 } 5848 } 5849 5850 error = dmu_send_estimate_fast(tosnap, fromsnap, NULL, 5851 compressok || rawok, savedok, &zc->zc_objset_type); 5852 5853 if (fromsnap != NULL) 5854 dsl_dataset_rele(fromsnap, FTAG); 5855 dsl_dataset_rele(tosnap, FTAG); 5856 dsl_pool_rele(dp, FTAG); 5857 } else { 5858 dump_bytes_arg_t dba; 5859 dmu_send_outparams_t out; 5860 error = dump_bytes_init(&dba, zc->zc_cookie, &out); 5861 if (error) 5862 return (error); 5863 5864 off = zfs_file_off(dba.dba_fp); 5865 error = dmu_send_obj(zc->zc_name, zc->zc_sendobj, 5866 zc->zc_fromobj, embedok, large_block_ok, compressok, 5867 rawok, savedok, zc->zc_cookie, &off, &out); 5868 5869 dump_bytes_fini(&dba); 5870 } 5871 return (error); 5872 } 5873 5874 /* 5875 * inputs: 5876 * zc_name name of snapshot on which to report progress 5877 * zc_cookie file descriptor of send stream 5878 * 5879 * outputs: 5880 * zc_cookie number of bytes written in send stream thus far 5881 * zc_objset_type logical size of data traversed by send thus far 5882 */ 5883 static int 5884 zfs_ioc_send_progress(zfs_cmd_t *zc) 5885 { 5886 dsl_pool_t *dp; 5887 dsl_dataset_t *ds; 5888 dmu_sendstatus_t *dsp = NULL; 5889 int error; 5890 5891 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 5892 if (error != 0) 5893 return (error); 5894 5895 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds); 5896 if (error != 0) { 5897 dsl_pool_rele(dp, FTAG); 5898 return (error); 5899 } 5900 5901 mutex_enter(&ds->ds_sendstream_lock); 5902 5903 /* 5904 * Iterate over all the send streams currently active on this dataset. 5905 * If there's one which matches the specified file descriptor _and_ the 5906 * stream was started by the current process, return the progress of 5907 * that stream. 5908 */ 5909 5910 for (dsp = list_head(&ds->ds_sendstreams); dsp != NULL; 5911 dsp = list_next(&ds->ds_sendstreams, dsp)) { 5912 if (dsp->dss_outfd == zc->zc_cookie && 5913 zfs_proc_is_caller(dsp->dss_proc)) 5914 break; 5915 } 5916 5917 if (dsp != NULL) { 5918 zc->zc_cookie = atomic_cas_64((volatile uint64_t *)dsp->dss_off, 5919 0, 0); 5920 /* This is the closest thing we have to atomic_read_64. */ 5921 zc->zc_objset_type = atomic_cas_64(&dsp->dss_blocks, 0, 0); 5922 } else { 5923 error = SET_ERROR(ENOENT); 5924 } 5925 5926 mutex_exit(&ds->ds_sendstream_lock); 5927 dsl_dataset_rele(ds, FTAG); 5928 dsl_pool_rele(dp, FTAG); 5929 return (error); 5930 } 5931 5932 static int 5933 zfs_ioc_inject_fault(zfs_cmd_t *zc) 5934 { 5935 int id, error; 5936 5937 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id, 5938 &zc->zc_inject_record); 5939 5940 if (error == 0) 5941 zc->zc_guid = (uint64_t)id; 5942 5943 return (error); 5944 } 5945 5946 static int 5947 zfs_ioc_clear_fault(zfs_cmd_t *zc) 5948 { 5949 return (zio_clear_fault((int)zc->zc_guid)); 5950 } 5951 5952 static int 5953 zfs_ioc_inject_list_next(zfs_cmd_t *zc) 5954 { 5955 int id = (int)zc->zc_guid; 5956 int error; 5957 5958 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name), 5959 &zc->zc_inject_record); 5960 5961 zc->zc_guid = id; 5962 5963 return (error); 5964 } 5965 5966 static int 5967 zfs_ioc_error_log(zfs_cmd_t *zc) 5968 { 5969 spa_t *spa; 5970 int error; 5971 5972 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 5973 return (error); 5974 5975 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst, 5976 &zc->zc_nvlist_dst_size); 5977 5978 spa_close(spa, FTAG); 5979 5980 return (error); 5981 } 5982 5983 static int 5984 zfs_ioc_clear(zfs_cmd_t *zc) 5985 { 5986 spa_t *spa; 5987 vdev_t *vd; 5988 int error; 5989 5990 /* 5991 * On zpool clear we also fix up missing slogs 5992 */ 5993 mutex_enter(&spa_namespace_lock); 5994 spa = spa_lookup(zc->zc_name); 5995 if (spa == NULL) { 5996 mutex_exit(&spa_namespace_lock); 5997 return (SET_ERROR(EIO)); 5998 } 5999 if (spa_get_log_state(spa) == SPA_LOG_MISSING) { 6000 /* we need to let spa_open/spa_load clear the chains */ 6001 spa_set_log_state(spa, SPA_LOG_CLEAR); 6002 } 6003 spa->spa_last_open_failed = 0; 6004 mutex_exit(&spa_namespace_lock); 6005 6006 if (zc->zc_cookie & ZPOOL_NO_REWIND) { 6007 error = spa_open(zc->zc_name, &spa, FTAG); 6008 } else { 6009 nvlist_t *policy; 6010 nvlist_t *config = NULL; 6011 6012 if (zc->zc_nvlist_src == 0) 6013 return (SET_ERROR(EINVAL)); 6014 6015 if ((error = get_nvlist(zc->zc_nvlist_src, 6016 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) { 6017 error = spa_open_rewind(zc->zc_name, &spa, FTAG, 6018 policy, &config); 6019 if (config != NULL) { 6020 int err; 6021 6022 if ((err = put_nvlist(zc, config)) != 0) 6023 error = err; 6024 nvlist_free(config); 6025 } 6026 nvlist_free(policy); 6027 } 6028 } 6029 6030 if (error != 0) 6031 return (error); 6032 6033 /* 6034 * If multihost is enabled, resuming I/O is unsafe as another 6035 * host may have imported the pool. Check for remote activity. 6036 */ 6037 if (spa_multihost(spa) && spa_suspended(spa) && 6038 spa_mmp_remote_host_activity(spa)) { 6039 spa_close(spa, FTAG); 6040 return (SET_ERROR(EREMOTEIO)); 6041 } 6042 6043 spa_vdev_state_enter(spa, SCL_NONE); 6044 6045 if (zc->zc_guid == 0) { 6046 vd = NULL; 6047 } else { 6048 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE); 6049 if (vd == NULL) { 6050 error = SET_ERROR(ENODEV); 6051 (void) spa_vdev_state_exit(spa, NULL, error); 6052 spa_close(spa, FTAG); 6053 return (error); 6054 } 6055 } 6056 6057 vdev_clear(spa, vd); 6058 6059 (void) spa_vdev_state_exit(spa, spa_suspended(spa) ? 6060 NULL : spa->spa_root_vdev, 0); 6061 6062 /* 6063 * Resume any suspended I/Os. 6064 */ 6065 if (zio_resume(spa) != 0) 6066 error = SET_ERROR(EIO); 6067 6068 spa_close(spa, FTAG); 6069 6070 return (error); 6071 } 6072 6073 /* 6074 * Reopen all the vdevs associated with the pool. 6075 * 6076 * innvl: { 6077 * "scrub_restart" -> when true and scrub is running, allow to restart 6078 * scrub as the side effect of the reopen (boolean). 6079 * } 6080 * 6081 * outnvl is unused 6082 */ 6083 static const zfs_ioc_key_t zfs_keys_pool_reopen[] = { 6084 {"scrub_restart", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL}, 6085 }; 6086 6087 static int 6088 zfs_ioc_pool_reopen(const char *pool, nvlist_t *innvl, nvlist_t *outnvl) 6089 { 6090 (void) outnvl; 6091 spa_t *spa; 6092 int error; 6093 boolean_t rc, scrub_restart = B_TRUE; 6094 6095 if (innvl) { 6096 error = nvlist_lookup_boolean_value(innvl, 6097 "scrub_restart", &rc); 6098 if (error == 0) 6099 scrub_restart = rc; 6100 } 6101 6102 error = spa_open(pool, &spa, FTAG); 6103 if (error != 0) 6104 return (error); 6105 6106 spa_vdev_state_enter(spa, SCL_NONE); 6107 6108 /* 6109 * If the scrub_restart flag is B_FALSE and a scrub is already 6110 * in progress then set spa_scrub_reopen flag to B_TRUE so that 6111 * we don't restart the scrub as a side effect of the reopen. 6112 * Otherwise, let vdev_open() decided if a resilver is required. 6113 */ 6114 6115 spa->spa_scrub_reopen = (!scrub_restart && 6116 dsl_scan_scrubbing(spa->spa_dsl_pool)); 6117 vdev_reopen(spa->spa_root_vdev); 6118 spa->spa_scrub_reopen = B_FALSE; 6119 6120 (void) spa_vdev_state_exit(spa, NULL, 0); 6121 spa_close(spa, FTAG); 6122 return (0); 6123 } 6124 6125 /* 6126 * inputs: 6127 * zc_name name of filesystem 6128 * 6129 * outputs: 6130 * zc_string name of conflicting snapshot, if there is one 6131 */ 6132 static int 6133 zfs_ioc_promote(zfs_cmd_t *zc) 6134 { 6135 dsl_pool_t *dp; 6136 dsl_dataset_t *ds, *ods; 6137 char origin[ZFS_MAX_DATASET_NAME_LEN]; 6138 char *cp; 6139 int error; 6140 6141 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0'; 6142 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0 || 6143 strchr(zc->zc_name, '%')) 6144 return (SET_ERROR(EINVAL)); 6145 6146 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 6147 if (error != 0) 6148 return (error); 6149 6150 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds); 6151 if (error != 0) { 6152 dsl_pool_rele(dp, FTAG); 6153 return (error); 6154 } 6155 6156 if (!dsl_dir_is_clone(ds->ds_dir)) { 6157 dsl_dataset_rele(ds, FTAG); 6158 dsl_pool_rele(dp, FTAG); 6159 return (SET_ERROR(EINVAL)); 6160 } 6161 6162 error = dsl_dataset_hold_obj(dp, 6163 dsl_dir_phys(ds->ds_dir)->dd_origin_obj, FTAG, &ods); 6164 if (error != 0) { 6165 dsl_dataset_rele(ds, FTAG); 6166 dsl_pool_rele(dp, FTAG); 6167 return (error); 6168 } 6169 6170 dsl_dataset_name(ods, origin); 6171 dsl_dataset_rele(ods, FTAG); 6172 dsl_dataset_rele(ds, FTAG); 6173 dsl_pool_rele(dp, FTAG); 6174 6175 /* 6176 * We don't need to unmount *all* the origin fs's snapshots, but 6177 * it's easier. 6178 */ 6179 cp = strchr(origin, '@'); 6180 if (cp) 6181 *cp = '\0'; 6182 (void) dmu_objset_find(origin, 6183 zfs_unmount_snap_cb, NULL, DS_FIND_SNAPSHOTS); 6184 return (dsl_dataset_promote(zc->zc_name, zc->zc_string)); 6185 } 6186 6187 /* 6188 * Retrieve a single {user|group|project}{used|quota}@... property. 6189 * 6190 * inputs: 6191 * zc_name name of filesystem 6192 * zc_objset_type zfs_userquota_prop_t 6193 * zc_value domain name (eg. "S-1-234-567-89") 6194 * zc_guid RID/UID/GID 6195 * 6196 * outputs: 6197 * zc_cookie property value 6198 */ 6199 static int 6200 zfs_ioc_userspace_one(zfs_cmd_t *zc) 6201 { 6202 zfsvfs_t *zfsvfs; 6203 int error; 6204 6205 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 6206 return (SET_ERROR(EINVAL)); 6207 6208 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE); 6209 if (error != 0) 6210 return (error); 6211 6212 error = zfs_userspace_one(zfsvfs, 6213 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie); 6214 zfsvfs_rele(zfsvfs, FTAG); 6215 6216 return (error); 6217 } 6218 6219 /* 6220 * inputs: 6221 * zc_name name of filesystem 6222 * zc_cookie zap cursor 6223 * zc_objset_type zfs_userquota_prop_t 6224 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist) 6225 * 6226 * outputs: 6227 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t) 6228 * zc_cookie zap cursor 6229 */ 6230 static int 6231 zfs_ioc_userspace_many(zfs_cmd_t *zc) 6232 { 6233 zfsvfs_t *zfsvfs; 6234 int bufsize = zc->zc_nvlist_dst_size; 6235 6236 if (bufsize <= 0) 6237 return (SET_ERROR(ENOMEM)); 6238 6239 int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE); 6240 if (error != 0) 6241 return (error); 6242 6243 void *buf = vmem_alloc(bufsize, KM_SLEEP); 6244 6245 error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie, 6246 buf, &zc->zc_nvlist_dst_size); 6247 6248 if (error == 0) { 6249 error = xcopyout(buf, 6250 (void *)(uintptr_t)zc->zc_nvlist_dst, 6251 zc->zc_nvlist_dst_size); 6252 } 6253 vmem_free(buf, bufsize); 6254 zfsvfs_rele(zfsvfs, FTAG); 6255 6256 return (error); 6257 } 6258 6259 /* 6260 * inputs: 6261 * zc_name name of filesystem 6262 * 6263 * outputs: 6264 * none 6265 */ 6266 static int 6267 zfs_ioc_userspace_upgrade(zfs_cmd_t *zc) 6268 { 6269 int error = 0; 6270 zfsvfs_t *zfsvfs; 6271 6272 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) { 6273 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) { 6274 /* 6275 * If userused is not enabled, it may be because the 6276 * objset needs to be closed & reopened (to grow the 6277 * objset_phys_t). Suspend/resume the fs will do that. 6278 */ 6279 dsl_dataset_t *ds, *newds; 6280 6281 ds = dmu_objset_ds(zfsvfs->z_os); 6282 error = zfs_suspend_fs(zfsvfs); 6283 if (error == 0) { 6284 dmu_objset_refresh_ownership(ds, &newds, 6285 B_TRUE, zfsvfs); 6286 error = zfs_resume_fs(zfsvfs, newds); 6287 } 6288 } 6289 if (error == 0) { 6290 mutex_enter(&zfsvfs->z_os->os_upgrade_lock); 6291 if (zfsvfs->z_os->os_upgrade_id == 0) { 6292 /* clear potential error code and retry */ 6293 zfsvfs->z_os->os_upgrade_status = 0; 6294 mutex_exit(&zfsvfs->z_os->os_upgrade_lock); 6295 6296 dsl_pool_config_enter( 6297 dmu_objset_pool(zfsvfs->z_os), FTAG); 6298 dmu_objset_userspace_upgrade(zfsvfs->z_os); 6299 dsl_pool_config_exit( 6300 dmu_objset_pool(zfsvfs->z_os), FTAG); 6301 } else { 6302 mutex_exit(&zfsvfs->z_os->os_upgrade_lock); 6303 } 6304 6305 taskq_wait_id(zfsvfs->z_os->os_spa->spa_upgrade_taskq, 6306 zfsvfs->z_os->os_upgrade_id); 6307 error = zfsvfs->z_os->os_upgrade_status; 6308 } 6309 zfs_vfs_rele(zfsvfs); 6310 } else { 6311 objset_t *os; 6312 6313 /* XXX kind of reading contents without owning */ 6314 error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, FTAG, &os); 6315 if (error != 0) 6316 return (error); 6317 6318 mutex_enter(&os->os_upgrade_lock); 6319 if (os->os_upgrade_id == 0) { 6320 /* clear potential error code and retry */ 6321 os->os_upgrade_status = 0; 6322 mutex_exit(&os->os_upgrade_lock); 6323 6324 dmu_objset_userspace_upgrade(os); 6325 } else { 6326 mutex_exit(&os->os_upgrade_lock); 6327 } 6328 6329 dsl_pool_rele(dmu_objset_pool(os), FTAG); 6330 6331 taskq_wait_id(os->os_spa->spa_upgrade_taskq, os->os_upgrade_id); 6332 error = os->os_upgrade_status; 6333 6334 dsl_dataset_rele_flags(dmu_objset_ds(os), DS_HOLD_FLAG_DECRYPT, 6335 FTAG); 6336 } 6337 return (error); 6338 } 6339 6340 /* 6341 * inputs: 6342 * zc_name name of filesystem 6343 * 6344 * outputs: 6345 * none 6346 */ 6347 static int 6348 zfs_ioc_id_quota_upgrade(zfs_cmd_t *zc) 6349 { 6350 objset_t *os; 6351 int error; 6352 6353 error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, FTAG, &os); 6354 if (error != 0) 6355 return (error); 6356 6357 if (dmu_objset_userobjspace_upgradable(os) || 6358 dmu_objset_projectquota_upgradable(os)) { 6359 mutex_enter(&os->os_upgrade_lock); 6360 if (os->os_upgrade_id == 0) { 6361 /* clear potential error code and retry */ 6362 os->os_upgrade_status = 0; 6363 mutex_exit(&os->os_upgrade_lock); 6364 6365 dmu_objset_id_quota_upgrade(os); 6366 } else { 6367 mutex_exit(&os->os_upgrade_lock); 6368 } 6369 6370 dsl_pool_rele(dmu_objset_pool(os), FTAG); 6371 6372 taskq_wait_id(os->os_spa->spa_upgrade_taskq, os->os_upgrade_id); 6373 error = os->os_upgrade_status; 6374 } else { 6375 dsl_pool_rele(dmu_objset_pool(os), FTAG); 6376 } 6377 6378 dsl_dataset_rele_flags(dmu_objset_ds(os), DS_HOLD_FLAG_DECRYPT, FTAG); 6379 6380 return (error); 6381 } 6382 6383 static int 6384 zfs_ioc_share(zfs_cmd_t *zc) 6385 { 6386 return (SET_ERROR(ENOSYS)); 6387 } 6388 6389 /* 6390 * inputs: 6391 * zc_name name of containing filesystem 6392 * zc_obj object # beyond which we want next in-use object # 6393 * 6394 * outputs: 6395 * zc_obj next in-use object # 6396 */ 6397 static int 6398 zfs_ioc_next_obj(zfs_cmd_t *zc) 6399 { 6400 objset_t *os = NULL; 6401 int error; 6402 6403 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 6404 if (error != 0) 6405 return (error); 6406 6407 error = dmu_object_next(os, &zc->zc_obj, B_FALSE, 0); 6408 6409 dmu_objset_rele(os, FTAG); 6410 return (error); 6411 } 6412 6413 /* 6414 * inputs: 6415 * zc_name name of filesystem 6416 * zc_value prefix name for snapshot 6417 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process 6418 * 6419 * outputs: 6420 * zc_value short name of new snapshot 6421 */ 6422 static int 6423 zfs_ioc_tmp_snapshot(zfs_cmd_t *zc) 6424 { 6425 char *snap_name; 6426 char *hold_name; 6427 minor_t minor; 6428 6429 zfs_file_t *fp = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor); 6430 if (fp == NULL) 6431 return (SET_ERROR(EBADF)); 6432 6433 snap_name = kmem_asprintf("%s-%016llx", zc->zc_value, 6434 (u_longlong_t)ddi_get_lbolt64()); 6435 hold_name = kmem_asprintf("%%%s", zc->zc_value); 6436 6437 int error = dsl_dataset_snapshot_tmp(zc->zc_name, snap_name, minor, 6438 hold_name); 6439 if (error == 0) 6440 (void) strlcpy(zc->zc_value, snap_name, 6441 sizeof (zc->zc_value)); 6442 kmem_strfree(snap_name); 6443 kmem_strfree(hold_name); 6444 zfs_onexit_fd_rele(fp); 6445 return (error); 6446 } 6447 6448 /* 6449 * inputs: 6450 * zc_name name of "to" snapshot 6451 * zc_value name of "from" snapshot 6452 * zc_cookie file descriptor to write diff data on 6453 * 6454 * outputs: 6455 * dmu_diff_record_t's to the file descriptor 6456 */ 6457 static int 6458 zfs_ioc_diff(zfs_cmd_t *zc) 6459 { 6460 zfs_file_t *fp; 6461 offset_t off; 6462 int error; 6463 6464 if ((fp = zfs_file_get(zc->zc_cookie)) == NULL) 6465 return (SET_ERROR(EBADF)); 6466 6467 off = zfs_file_off(fp); 6468 error = dmu_diff(zc->zc_name, zc->zc_value, fp, &off); 6469 6470 zfs_file_put(fp); 6471 6472 return (error); 6473 } 6474 6475 static int 6476 zfs_ioc_smb_acl(zfs_cmd_t *zc) 6477 { 6478 return (SET_ERROR(ENOTSUP)); 6479 } 6480 6481 /* 6482 * innvl: { 6483 * "holds" -> { snapname -> holdname (string), ... } 6484 * (optional) "cleanup_fd" -> fd (int32) 6485 * } 6486 * 6487 * outnvl: { 6488 * snapname -> error value (int32) 6489 * ... 6490 * } 6491 */ 6492 static const zfs_ioc_key_t zfs_keys_hold[] = { 6493 {"holds", DATA_TYPE_NVLIST, 0}, 6494 {"cleanup_fd", DATA_TYPE_INT32, ZK_OPTIONAL}, 6495 }; 6496 6497 static int 6498 zfs_ioc_hold(const char *pool, nvlist_t *args, nvlist_t *errlist) 6499 { 6500 (void) pool; 6501 nvpair_t *pair; 6502 nvlist_t *holds; 6503 int cleanup_fd = -1; 6504 int error; 6505 minor_t minor = 0; 6506 zfs_file_t *fp = NULL; 6507 6508 holds = fnvlist_lookup_nvlist(args, "holds"); 6509 6510 /* make sure the user didn't pass us any invalid (empty) tags */ 6511 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL; 6512 pair = nvlist_next_nvpair(holds, pair)) { 6513 const char *htag; 6514 6515 error = nvpair_value_string(pair, &htag); 6516 if (error != 0) 6517 return (SET_ERROR(error)); 6518 6519 if (strlen(htag) == 0) 6520 return (SET_ERROR(EINVAL)); 6521 } 6522 6523 if (nvlist_lookup_int32(args, "cleanup_fd", &cleanup_fd) == 0) { 6524 fp = zfs_onexit_fd_hold(cleanup_fd, &minor); 6525 if (fp == NULL) 6526 return (SET_ERROR(EBADF)); 6527 } 6528 6529 error = dsl_dataset_user_hold(holds, minor, errlist); 6530 if (fp != NULL) { 6531 ASSERT3U(minor, !=, 0); 6532 zfs_onexit_fd_rele(fp); 6533 } 6534 return (SET_ERROR(error)); 6535 } 6536 6537 /* 6538 * innvl is not used. 6539 * 6540 * outnvl: { 6541 * holdname -> time added (uint64 seconds since epoch) 6542 * ... 6543 * } 6544 */ 6545 static const zfs_ioc_key_t zfs_keys_get_holds[] = { 6546 /* no nvl keys */ 6547 }; 6548 6549 static int 6550 zfs_ioc_get_holds(const char *snapname, nvlist_t *args, nvlist_t *outnvl) 6551 { 6552 (void) args; 6553 return (dsl_dataset_get_holds(snapname, outnvl)); 6554 } 6555 6556 /* 6557 * innvl: { 6558 * snapname -> { holdname, ... } 6559 * ... 6560 * } 6561 * 6562 * outnvl: { 6563 * snapname -> error value (int32) 6564 * ... 6565 * } 6566 */ 6567 static const zfs_ioc_key_t zfs_keys_release[] = { 6568 {"<snapname>...", DATA_TYPE_NVLIST, ZK_WILDCARDLIST}, 6569 }; 6570 6571 static int 6572 zfs_ioc_release(const char *pool, nvlist_t *holds, nvlist_t *errlist) 6573 { 6574 (void) pool; 6575 return (dsl_dataset_user_release(holds, errlist)); 6576 } 6577 6578 /* 6579 * inputs: 6580 * zc_guid flags (ZEVENT_NONBLOCK) 6581 * zc_cleanup_fd zevent file descriptor 6582 * 6583 * outputs: 6584 * zc_nvlist_dst next nvlist event 6585 * zc_cookie dropped events since last get 6586 */ 6587 static int 6588 zfs_ioc_events_next(zfs_cmd_t *zc) 6589 { 6590 zfs_zevent_t *ze; 6591 nvlist_t *event = NULL; 6592 minor_t minor; 6593 uint64_t dropped = 0; 6594 int error; 6595 6596 zfs_file_t *fp = zfs_zevent_fd_hold(zc->zc_cleanup_fd, &minor, &ze); 6597 if (fp == NULL) 6598 return (SET_ERROR(EBADF)); 6599 6600 do { 6601 error = zfs_zevent_next(ze, &event, 6602 &zc->zc_nvlist_dst_size, &dropped); 6603 if (event != NULL) { 6604 zc->zc_cookie = dropped; 6605 error = put_nvlist(zc, event); 6606 nvlist_free(event); 6607 } 6608 6609 if (zc->zc_guid & ZEVENT_NONBLOCK) 6610 break; 6611 6612 if ((error == 0) || (error != ENOENT)) 6613 break; 6614 6615 error = zfs_zevent_wait(ze); 6616 if (error != 0) 6617 break; 6618 } while (1); 6619 6620 zfs_zevent_fd_rele(fp); 6621 6622 return (error); 6623 } 6624 6625 /* 6626 * outputs: 6627 * zc_cookie cleared events count 6628 */ 6629 static int 6630 zfs_ioc_events_clear(zfs_cmd_t *zc) 6631 { 6632 uint_t count; 6633 6634 zfs_zevent_drain_all(&count); 6635 zc->zc_cookie = count; 6636 6637 return (0); 6638 } 6639 6640 /* 6641 * inputs: 6642 * zc_guid eid | ZEVENT_SEEK_START | ZEVENT_SEEK_END 6643 * zc_cleanup zevent file descriptor 6644 */ 6645 static int 6646 zfs_ioc_events_seek(zfs_cmd_t *zc) 6647 { 6648 zfs_zevent_t *ze; 6649 minor_t minor; 6650 int error; 6651 6652 zfs_file_t *fp = zfs_zevent_fd_hold(zc->zc_cleanup_fd, &minor, &ze); 6653 if (fp == NULL) 6654 return (SET_ERROR(EBADF)); 6655 6656 error = zfs_zevent_seek(ze, zc->zc_guid); 6657 zfs_zevent_fd_rele(fp); 6658 6659 return (error); 6660 } 6661 6662 /* 6663 * inputs: 6664 * zc_name name of later filesystem or snapshot 6665 * zc_value full name of old snapshot or bookmark 6666 * 6667 * outputs: 6668 * zc_cookie space in bytes 6669 * zc_objset_type compressed space in bytes 6670 * zc_perm_action uncompressed space in bytes 6671 */ 6672 static int 6673 zfs_ioc_space_written(zfs_cmd_t *zc) 6674 { 6675 int error; 6676 dsl_pool_t *dp; 6677 dsl_dataset_t *new; 6678 6679 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 6680 if (error != 0) 6681 return (error); 6682 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &new); 6683 if (error != 0) { 6684 dsl_pool_rele(dp, FTAG); 6685 return (error); 6686 } 6687 if (strchr(zc->zc_value, '#') != NULL) { 6688 zfs_bookmark_phys_t bmp; 6689 error = dsl_bookmark_lookup(dp, zc->zc_value, 6690 new, &bmp); 6691 if (error == 0) { 6692 error = dsl_dataset_space_written_bookmark(&bmp, new, 6693 &zc->zc_cookie, 6694 &zc->zc_objset_type, &zc->zc_perm_action); 6695 } 6696 } else { 6697 dsl_dataset_t *old; 6698 error = dsl_dataset_hold(dp, zc->zc_value, FTAG, &old); 6699 6700 if (error == 0) { 6701 error = dsl_dataset_space_written(old, new, 6702 &zc->zc_cookie, 6703 &zc->zc_objset_type, &zc->zc_perm_action); 6704 dsl_dataset_rele(old, FTAG); 6705 } 6706 } 6707 dsl_dataset_rele(new, FTAG); 6708 dsl_pool_rele(dp, FTAG); 6709 return (error); 6710 } 6711 6712 /* 6713 * innvl: { 6714 * "firstsnap" -> snapshot name 6715 * } 6716 * 6717 * outnvl: { 6718 * "used" -> space in bytes 6719 * "compressed" -> compressed space in bytes 6720 * "uncompressed" -> uncompressed space in bytes 6721 * } 6722 */ 6723 static const zfs_ioc_key_t zfs_keys_space_snaps[] = { 6724 {"firstsnap", DATA_TYPE_STRING, 0}, 6725 }; 6726 6727 static int 6728 zfs_ioc_space_snaps(const char *lastsnap, nvlist_t *innvl, nvlist_t *outnvl) 6729 { 6730 int error; 6731 dsl_pool_t *dp; 6732 dsl_dataset_t *new, *old; 6733 const char *firstsnap; 6734 uint64_t used, comp, uncomp; 6735 6736 firstsnap = fnvlist_lookup_string(innvl, "firstsnap"); 6737 6738 error = dsl_pool_hold(lastsnap, FTAG, &dp); 6739 if (error != 0) 6740 return (error); 6741 6742 error = dsl_dataset_hold(dp, lastsnap, FTAG, &new); 6743 if (error == 0 && !new->ds_is_snapshot) { 6744 dsl_dataset_rele(new, FTAG); 6745 error = SET_ERROR(EINVAL); 6746 } 6747 if (error != 0) { 6748 dsl_pool_rele(dp, FTAG); 6749 return (error); 6750 } 6751 error = dsl_dataset_hold(dp, firstsnap, FTAG, &old); 6752 if (error == 0 && !old->ds_is_snapshot) { 6753 dsl_dataset_rele(old, FTAG); 6754 error = SET_ERROR(EINVAL); 6755 } 6756 if (error != 0) { 6757 dsl_dataset_rele(new, FTAG); 6758 dsl_pool_rele(dp, FTAG); 6759 return (error); 6760 } 6761 6762 error = dsl_dataset_space_wouldfree(old, new, &used, &comp, &uncomp); 6763 dsl_dataset_rele(old, FTAG); 6764 dsl_dataset_rele(new, FTAG); 6765 dsl_pool_rele(dp, FTAG); 6766 fnvlist_add_uint64(outnvl, "used", used); 6767 fnvlist_add_uint64(outnvl, "compressed", comp); 6768 fnvlist_add_uint64(outnvl, "uncompressed", uncomp); 6769 return (error); 6770 } 6771 6772 /* 6773 * innvl: { 6774 * "fd" -> file descriptor to write stream to (int32) 6775 * (optional) "fromsnap" -> full snap name to send an incremental from 6776 * (optional) "largeblockok" -> (value ignored) 6777 * indicates that blocks > 128KB are permitted 6778 * (optional) "embedok" -> (value ignored) 6779 * presence indicates DRR_WRITE_EMBEDDED records are permitted 6780 * (optional) "compressok" -> (value ignored) 6781 * presence indicates compressed DRR_WRITE records are permitted 6782 * (optional) "rawok" -> (value ignored) 6783 * presence indicates raw encrypted records should be used. 6784 * (optional) "savedok" -> (value ignored) 6785 * presence indicates we should send a partially received snapshot 6786 * (optional) "resume_object" and "resume_offset" -> (uint64) 6787 * if present, resume send stream from specified object and offset. 6788 * (optional) "redactbook" -> (string) 6789 * if present, use this bookmark's redaction list to generate a redacted 6790 * send stream 6791 * } 6792 * 6793 * outnvl is unused 6794 */ 6795 static const zfs_ioc_key_t zfs_keys_send_new[] = { 6796 {"fd", DATA_TYPE_INT32, 0}, 6797 {"fromsnap", DATA_TYPE_STRING, ZK_OPTIONAL}, 6798 {"largeblockok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 6799 {"embedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 6800 {"compressok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 6801 {"rawok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 6802 {"savedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 6803 {"resume_object", DATA_TYPE_UINT64, ZK_OPTIONAL}, 6804 {"resume_offset", DATA_TYPE_UINT64, ZK_OPTIONAL}, 6805 {"redactbook", DATA_TYPE_STRING, ZK_OPTIONAL}, 6806 }; 6807 6808 static int 6809 zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl) 6810 { 6811 (void) outnvl; 6812 int error; 6813 offset_t off; 6814 const char *fromname = NULL; 6815 int fd; 6816 boolean_t largeblockok; 6817 boolean_t embedok; 6818 boolean_t compressok; 6819 boolean_t rawok; 6820 boolean_t savedok; 6821 uint64_t resumeobj = 0; 6822 uint64_t resumeoff = 0; 6823 const char *redactbook = NULL; 6824 6825 fd = fnvlist_lookup_int32(innvl, "fd"); 6826 6827 (void) nvlist_lookup_string(innvl, "fromsnap", &fromname); 6828 6829 largeblockok = nvlist_exists(innvl, "largeblockok"); 6830 embedok = nvlist_exists(innvl, "embedok"); 6831 compressok = nvlist_exists(innvl, "compressok"); 6832 rawok = nvlist_exists(innvl, "rawok"); 6833 savedok = nvlist_exists(innvl, "savedok"); 6834 6835 (void) nvlist_lookup_uint64(innvl, "resume_object", &resumeobj); 6836 (void) nvlist_lookup_uint64(innvl, "resume_offset", &resumeoff); 6837 6838 (void) nvlist_lookup_string(innvl, "redactbook", &redactbook); 6839 6840 dump_bytes_arg_t dba; 6841 dmu_send_outparams_t out; 6842 error = dump_bytes_init(&dba, fd, &out); 6843 if (error) 6844 return (error); 6845 6846 off = zfs_file_off(dba.dba_fp); 6847 error = dmu_send(snapname, fromname, embedok, largeblockok, 6848 compressok, rawok, savedok, resumeobj, resumeoff, 6849 redactbook, fd, &off, &out); 6850 6851 dump_bytes_fini(&dba); 6852 6853 return (error); 6854 } 6855 6856 static int 6857 send_space_sum(objset_t *os, void *buf, int len, void *arg) 6858 { 6859 (void) os, (void) buf; 6860 uint64_t *size = arg; 6861 6862 *size += len; 6863 return (0); 6864 } 6865 6866 /* 6867 * Determine approximately how large a zfs send stream will be -- the number 6868 * of bytes that will be written to the fd supplied to zfs_ioc_send_new(). 6869 * 6870 * innvl: { 6871 * (optional) "from" -> full snap or bookmark name to send an incremental 6872 * from 6873 * (optional) "largeblockok" -> (value ignored) 6874 * indicates that blocks > 128KB are permitted 6875 * (optional) "embedok" -> (value ignored) 6876 * presence indicates DRR_WRITE_EMBEDDED records are permitted 6877 * (optional) "compressok" -> (value ignored) 6878 * presence indicates compressed DRR_WRITE records are permitted 6879 * (optional) "rawok" -> (value ignored) 6880 * presence indicates raw encrypted records should be used. 6881 * (optional) "resume_object" and "resume_offset" -> (uint64) 6882 * if present, resume send stream from specified object and offset. 6883 * (optional) "fd" -> file descriptor to use as a cookie for progress 6884 * tracking (int32) 6885 * } 6886 * 6887 * outnvl: { 6888 * "space" -> bytes of space (uint64) 6889 * } 6890 */ 6891 static const zfs_ioc_key_t zfs_keys_send_space[] = { 6892 {"from", DATA_TYPE_STRING, ZK_OPTIONAL}, 6893 {"fromsnap", DATA_TYPE_STRING, ZK_OPTIONAL}, 6894 {"largeblockok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 6895 {"embedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 6896 {"compressok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 6897 {"rawok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 6898 {"fd", DATA_TYPE_INT32, ZK_OPTIONAL}, 6899 {"redactbook", DATA_TYPE_STRING, ZK_OPTIONAL}, 6900 {"resume_object", DATA_TYPE_UINT64, ZK_OPTIONAL}, 6901 {"resume_offset", DATA_TYPE_UINT64, ZK_OPTIONAL}, 6902 {"bytes", DATA_TYPE_UINT64, ZK_OPTIONAL}, 6903 }; 6904 6905 static int 6906 zfs_ioc_send_space(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl) 6907 { 6908 dsl_pool_t *dp; 6909 dsl_dataset_t *tosnap; 6910 dsl_dataset_t *fromsnap = NULL; 6911 int error; 6912 const char *fromname = NULL; 6913 const char *redactlist_book = NULL; 6914 boolean_t largeblockok; 6915 boolean_t embedok; 6916 boolean_t compressok; 6917 boolean_t rawok; 6918 boolean_t savedok; 6919 uint64_t space = 0; 6920 boolean_t full_estimate = B_FALSE; 6921 uint64_t resumeobj = 0; 6922 uint64_t resumeoff = 0; 6923 uint64_t resume_bytes = 0; 6924 int32_t fd = -1; 6925 zfs_bookmark_phys_t zbm = {0}; 6926 6927 error = dsl_pool_hold(snapname, FTAG, &dp); 6928 if (error != 0) 6929 return (error); 6930 6931 error = dsl_dataset_hold(dp, snapname, FTAG, &tosnap); 6932 if (error != 0) { 6933 dsl_pool_rele(dp, FTAG); 6934 return (error); 6935 } 6936 (void) nvlist_lookup_int32(innvl, "fd", &fd); 6937 6938 largeblockok = nvlist_exists(innvl, "largeblockok"); 6939 embedok = nvlist_exists(innvl, "embedok"); 6940 compressok = nvlist_exists(innvl, "compressok"); 6941 rawok = nvlist_exists(innvl, "rawok"); 6942 savedok = nvlist_exists(innvl, "savedok"); 6943 boolean_t from = (nvlist_lookup_string(innvl, "from", &fromname) == 0); 6944 boolean_t altbook = (nvlist_lookup_string(innvl, "redactbook", 6945 &redactlist_book) == 0); 6946 6947 (void) nvlist_lookup_uint64(innvl, "resume_object", &resumeobj); 6948 (void) nvlist_lookup_uint64(innvl, "resume_offset", &resumeoff); 6949 (void) nvlist_lookup_uint64(innvl, "bytes", &resume_bytes); 6950 6951 if (altbook) { 6952 full_estimate = B_TRUE; 6953 } else if (from) { 6954 if (strchr(fromname, '#')) { 6955 error = dsl_bookmark_lookup(dp, fromname, tosnap, &zbm); 6956 6957 /* 6958 * dsl_bookmark_lookup() will fail with EXDEV if 6959 * the from-bookmark and tosnap are at the same txg. 6960 * However, it's valid to do a send (and therefore, 6961 * a send estimate) from and to the same time point, 6962 * if the bookmark is redacted (the incremental send 6963 * can change what's redacted on the target). In 6964 * this case, dsl_bookmark_lookup() fills in zbm 6965 * but returns EXDEV. Ignore this error. 6966 */ 6967 if (error == EXDEV && zbm.zbm_redaction_obj != 0 && 6968 zbm.zbm_guid == 6969 dsl_dataset_phys(tosnap)->ds_guid) 6970 error = 0; 6971 6972 if (error != 0) { 6973 dsl_dataset_rele(tosnap, FTAG); 6974 dsl_pool_rele(dp, FTAG); 6975 return (error); 6976 } 6977 if (zbm.zbm_redaction_obj != 0 || !(zbm.zbm_flags & 6978 ZBM_FLAG_HAS_FBN)) { 6979 full_estimate = B_TRUE; 6980 } 6981 } else if (strchr(fromname, '@')) { 6982 error = dsl_dataset_hold(dp, fromname, FTAG, &fromsnap); 6983 if (error != 0) { 6984 dsl_dataset_rele(tosnap, FTAG); 6985 dsl_pool_rele(dp, FTAG); 6986 return (error); 6987 } 6988 6989 if (!dsl_dataset_is_before(tosnap, fromsnap, 0)) { 6990 full_estimate = B_TRUE; 6991 dsl_dataset_rele(fromsnap, FTAG); 6992 } 6993 } else { 6994 /* 6995 * from is not properly formatted as a snapshot or 6996 * bookmark 6997 */ 6998 dsl_dataset_rele(tosnap, FTAG); 6999 dsl_pool_rele(dp, FTAG); 7000 return (SET_ERROR(EINVAL)); 7001 } 7002 } 7003 7004 if (full_estimate) { 7005 dmu_send_outparams_t out = {0}; 7006 offset_t off = 0; 7007 out.dso_outfunc = send_space_sum; 7008 out.dso_arg = &space; 7009 out.dso_dryrun = B_TRUE; 7010 /* 7011 * We have to release these holds so dmu_send can take them. It 7012 * will do all the error checking we need. 7013 */ 7014 dsl_dataset_rele(tosnap, FTAG); 7015 dsl_pool_rele(dp, FTAG); 7016 error = dmu_send(snapname, fromname, embedok, largeblockok, 7017 compressok, rawok, savedok, resumeobj, resumeoff, 7018 redactlist_book, fd, &off, &out); 7019 } else { 7020 error = dmu_send_estimate_fast(tosnap, fromsnap, 7021 (from && strchr(fromname, '#') != NULL ? &zbm : NULL), 7022 compressok || rawok, savedok, &space); 7023 space -= resume_bytes; 7024 if (fromsnap != NULL) 7025 dsl_dataset_rele(fromsnap, FTAG); 7026 dsl_dataset_rele(tosnap, FTAG); 7027 dsl_pool_rele(dp, FTAG); 7028 } 7029 7030 fnvlist_add_uint64(outnvl, "space", space); 7031 7032 return (error); 7033 } 7034 7035 /* 7036 * Sync the currently open TXG to disk for the specified pool. 7037 * This is somewhat similar to 'zfs_sync()'. 7038 * For cases that do not result in error this ioctl will wait for 7039 * the currently open TXG to commit before returning back to the caller. 7040 * 7041 * innvl: { 7042 * "force" -> when true, force uberblock update even if there is no dirty data. 7043 * In addition this will cause the vdev configuration to be written 7044 * out including updating the zpool cache file. (boolean_t) 7045 * } 7046 * 7047 * onvl is unused 7048 */ 7049 static const zfs_ioc_key_t zfs_keys_pool_sync[] = { 7050 {"force", DATA_TYPE_BOOLEAN_VALUE, 0}, 7051 }; 7052 7053 static int 7054 zfs_ioc_pool_sync(const char *pool, nvlist_t *innvl, nvlist_t *onvl) 7055 { 7056 (void) onvl; 7057 int err; 7058 boolean_t rc, force = B_FALSE; 7059 spa_t *spa; 7060 7061 if ((err = spa_open(pool, &spa, FTAG)) != 0) 7062 return (err); 7063 7064 if (innvl) { 7065 err = nvlist_lookup_boolean_value(innvl, "force", &rc); 7066 if (err == 0) 7067 force = rc; 7068 } 7069 7070 if (force) { 7071 spa_config_enter(spa, SCL_CONFIG, FTAG, RW_WRITER); 7072 vdev_config_dirty(spa->spa_root_vdev); 7073 spa_config_exit(spa, SCL_CONFIG, FTAG); 7074 } 7075 txg_wait_synced(spa_get_dsl(spa), 0); 7076 7077 spa_close(spa, FTAG); 7078 7079 return (0); 7080 } 7081 7082 /* 7083 * Load a user's wrapping key into the kernel. 7084 * innvl: { 7085 * "hidden_args" -> { "wkeydata" -> value } 7086 * raw uint8_t array of encryption wrapping key data (32 bytes) 7087 * (optional) "noop" -> (value ignored) 7088 * presence indicated key should only be verified, not loaded 7089 * } 7090 */ 7091 static const zfs_ioc_key_t zfs_keys_load_key[] = { 7092 {"hidden_args", DATA_TYPE_NVLIST, 0}, 7093 {"noop", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 7094 }; 7095 7096 static int 7097 zfs_ioc_load_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl) 7098 { 7099 (void) outnvl; 7100 int ret; 7101 dsl_crypto_params_t *dcp = NULL; 7102 nvlist_t *hidden_args; 7103 boolean_t noop = nvlist_exists(innvl, "noop"); 7104 7105 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) { 7106 ret = SET_ERROR(EINVAL); 7107 goto error; 7108 } 7109 7110 hidden_args = fnvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS); 7111 7112 ret = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, NULL, 7113 hidden_args, &dcp); 7114 if (ret != 0) 7115 goto error; 7116 7117 ret = spa_keystore_load_wkey(dsname, dcp, noop); 7118 if (ret != 0) 7119 goto error; 7120 7121 dsl_crypto_params_free(dcp, noop); 7122 7123 return (0); 7124 7125 error: 7126 dsl_crypto_params_free(dcp, B_TRUE); 7127 return (ret); 7128 } 7129 7130 /* 7131 * Unload a user's wrapping key from the kernel. 7132 * Both innvl and outnvl are unused. 7133 */ 7134 static const zfs_ioc_key_t zfs_keys_unload_key[] = { 7135 /* no nvl keys */ 7136 }; 7137 7138 static int 7139 zfs_ioc_unload_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl) 7140 { 7141 (void) innvl, (void) outnvl; 7142 int ret = 0; 7143 7144 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) { 7145 ret = (SET_ERROR(EINVAL)); 7146 goto out; 7147 } 7148 7149 ret = spa_keystore_unload_wkey(dsname); 7150 if (ret != 0) 7151 goto out; 7152 7153 out: 7154 return (ret); 7155 } 7156 7157 /* 7158 * Changes a user's wrapping key used to decrypt a dataset. The keyformat, 7159 * keylocation, pbkdf2salt, and pbkdf2iters properties can also be specified 7160 * here to change how the key is derived in userspace. 7161 * 7162 * innvl: { 7163 * "hidden_args" (optional) -> { "wkeydata" -> value } 7164 * raw uint8_t array of new encryption wrapping key data (32 bytes) 7165 * "props" (optional) -> { prop -> value } 7166 * } 7167 * 7168 * outnvl is unused 7169 */ 7170 static const zfs_ioc_key_t zfs_keys_change_key[] = { 7171 {"crypt_cmd", DATA_TYPE_UINT64, ZK_OPTIONAL}, 7172 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 7173 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 7174 }; 7175 7176 static int 7177 zfs_ioc_change_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl) 7178 { 7179 (void) outnvl; 7180 int ret; 7181 uint64_t cmd = DCP_CMD_NONE; 7182 dsl_crypto_params_t *dcp = NULL; 7183 nvlist_t *args = NULL, *hidden_args = NULL; 7184 7185 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) { 7186 ret = (SET_ERROR(EINVAL)); 7187 goto error; 7188 } 7189 7190 (void) nvlist_lookup_uint64(innvl, "crypt_cmd", &cmd); 7191 (void) nvlist_lookup_nvlist(innvl, "props", &args); 7192 (void) nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args); 7193 7194 ret = dsl_crypto_params_create_nvlist(cmd, args, hidden_args, &dcp); 7195 if (ret != 0) 7196 goto error; 7197 7198 ret = spa_keystore_change_key(dsname, dcp); 7199 if (ret != 0) 7200 goto error; 7201 7202 dsl_crypto_params_free(dcp, B_FALSE); 7203 7204 return (0); 7205 7206 error: 7207 dsl_crypto_params_free(dcp, B_TRUE); 7208 return (ret); 7209 } 7210 7211 static zfs_ioc_vec_t zfs_ioc_vec[ZFS_IOC_LAST - ZFS_IOC_FIRST]; 7212 7213 static void 7214 zfs_ioctl_register_legacy(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 7215 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck, 7216 boolean_t log_history, zfs_ioc_poolcheck_t pool_check) 7217 { 7218 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST]; 7219 7220 ASSERT3U(ioc, >=, ZFS_IOC_FIRST); 7221 ASSERT3U(ioc, <, ZFS_IOC_LAST); 7222 ASSERT3P(vec->zvec_legacy_func, ==, NULL); 7223 ASSERT3P(vec->zvec_func, ==, NULL); 7224 7225 vec->zvec_legacy_func = func; 7226 vec->zvec_secpolicy = secpolicy; 7227 vec->zvec_namecheck = namecheck; 7228 vec->zvec_allow_log = log_history; 7229 vec->zvec_pool_check = pool_check; 7230 } 7231 7232 /* 7233 * See the block comment at the beginning of this file for details on 7234 * each argument to this function. 7235 */ 7236 void 7237 zfs_ioctl_register(const char *name, zfs_ioc_t ioc, zfs_ioc_func_t *func, 7238 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck, 7239 zfs_ioc_poolcheck_t pool_check, boolean_t smush_outnvlist, 7240 boolean_t allow_log, const zfs_ioc_key_t *nvl_keys, size_t num_keys) 7241 { 7242 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST]; 7243 7244 ASSERT3U(ioc, >=, ZFS_IOC_FIRST); 7245 ASSERT3U(ioc, <, ZFS_IOC_LAST); 7246 ASSERT3P(vec->zvec_legacy_func, ==, NULL); 7247 ASSERT3P(vec->zvec_func, ==, NULL); 7248 7249 /* if we are logging, the name must be valid */ 7250 ASSERT(!allow_log || namecheck != NO_NAME); 7251 7252 vec->zvec_name = name; 7253 vec->zvec_func = func; 7254 vec->zvec_secpolicy = secpolicy; 7255 vec->zvec_namecheck = namecheck; 7256 vec->zvec_pool_check = pool_check; 7257 vec->zvec_smush_outnvlist = smush_outnvlist; 7258 vec->zvec_allow_log = allow_log; 7259 vec->zvec_nvl_keys = nvl_keys; 7260 vec->zvec_nvl_key_count = num_keys; 7261 } 7262 7263 static void 7264 zfs_ioctl_register_pool(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 7265 zfs_secpolicy_func_t *secpolicy, boolean_t log_history, 7266 zfs_ioc_poolcheck_t pool_check) 7267 { 7268 zfs_ioctl_register_legacy(ioc, func, secpolicy, 7269 POOL_NAME, log_history, pool_check); 7270 } 7271 7272 void 7273 zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 7274 zfs_secpolicy_func_t *secpolicy, zfs_ioc_poolcheck_t pool_check) 7275 { 7276 zfs_ioctl_register_legacy(ioc, func, secpolicy, 7277 DATASET_NAME, B_FALSE, pool_check); 7278 } 7279 7280 static void 7281 zfs_ioctl_register_pool_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func) 7282 { 7283 zfs_ioctl_register_legacy(ioc, func, zfs_secpolicy_config, 7284 POOL_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 7285 } 7286 7287 static void 7288 zfs_ioctl_register_pool_meta(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 7289 zfs_secpolicy_func_t *secpolicy) 7290 { 7291 zfs_ioctl_register_legacy(ioc, func, secpolicy, 7292 NO_NAME, B_FALSE, POOL_CHECK_NONE); 7293 } 7294 7295 static void 7296 zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc, 7297 zfs_ioc_legacy_func_t *func, zfs_secpolicy_func_t *secpolicy) 7298 { 7299 zfs_ioctl_register_legacy(ioc, func, secpolicy, 7300 DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED); 7301 } 7302 7303 static void 7304 zfs_ioctl_register_dataset_read(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func) 7305 { 7306 zfs_ioctl_register_dataset_read_secpolicy(ioc, func, 7307 zfs_secpolicy_read); 7308 } 7309 7310 static void 7311 zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 7312 zfs_secpolicy_func_t *secpolicy) 7313 { 7314 zfs_ioctl_register_legacy(ioc, func, secpolicy, 7315 DATASET_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 7316 } 7317 7318 static void 7319 zfs_ioctl_init(void) 7320 { 7321 zfs_ioctl_register("snapshot", ZFS_IOC_SNAPSHOT, 7322 zfs_ioc_snapshot, zfs_secpolicy_snapshot, POOL_NAME, 7323 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7324 zfs_keys_snapshot, ARRAY_SIZE(zfs_keys_snapshot)); 7325 7326 zfs_ioctl_register("log_history", ZFS_IOC_LOG_HISTORY, 7327 zfs_ioc_log_history, zfs_secpolicy_log_history, NO_NAME, 7328 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE, 7329 zfs_keys_log_history, ARRAY_SIZE(zfs_keys_log_history)); 7330 7331 zfs_ioctl_register("space_snaps", ZFS_IOC_SPACE_SNAPS, 7332 zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME, 7333 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE, 7334 zfs_keys_space_snaps, ARRAY_SIZE(zfs_keys_space_snaps)); 7335 7336 zfs_ioctl_register("send", ZFS_IOC_SEND_NEW, 7337 zfs_ioc_send_new, zfs_secpolicy_send_new, DATASET_NAME, 7338 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE, 7339 zfs_keys_send_new, ARRAY_SIZE(zfs_keys_send_new)); 7340 7341 zfs_ioctl_register("send_space", ZFS_IOC_SEND_SPACE, 7342 zfs_ioc_send_space, zfs_secpolicy_read, DATASET_NAME, 7343 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE, 7344 zfs_keys_send_space, ARRAY_SIZE(zfs_keys_send_space)); 7345 7346 zfs_ioctl_register("create", ZFS_IOC_CREATE, 7347 zfs_ioc_create, zfs_secpolicy_create_clone, DATASET_NAME, 7348 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7349 zfs_keys_create, ARRAY_SIZE(zfs_keys_create)); 7350 7351 zfs_ioctl_register("clone", ZFS_IOC_CLONE, 7352 zfs_ioc_clone, zfs_secpolicy_create_clone, DATASET_NAME, 7353 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7354 zfs_keys_clone, ARRAY_SIZE(zfs_keys_clone)); 7355 7356 zfs_ioctl_register("remap", ZFS_IOC_REMAP, 7357 zfs_ioc_remap, zfs_secpolicy_none, DATASET_NAME, 7358 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE, 7359 zfs_keys_remap, ARRAY_SIZE(zfs_keys_remap)); 7360 7361 zfs_ioctl_register("destroy_snaps", ZFS_IOC_DESTROY_SNAPS, 7362 zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, POOL_NAME, 7363 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7364 zfs_keys_destroy_snaps, ARRAY_SIZE(zfs_keys_destroy_snaps)); 7365 7366 zfs_ioctl_register("hold", ZFS_IOC_HOLD, 7367 zfs_ioc_hold, zfs_secpolicy_hold, POOL_NAME, 7368 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7369 zfs_keys_hold, ARRAY_SIZE(zfs_keys_hold)); 7370 zfs_ioctl_register("release", ZFS_IOC_RELEASE, 7371 zfs_ioc_release, zfs_secpolicy_release, POOL_NAME, 7372 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7373 zfs_keys_release, ARRAY_SIZE(zfs_keys_release)); 7374 7375 zfs_ioctl_register("get_holds", ZFS_IOC_GET_HOLDS, 7376 zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME, 7377 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE, 7378 zfs_keys_get_holds, ARRAY_SIZE(zfs_keys_get_holds)); 7379 7380 zfs_ioctl_register("rollback", ZFS_IOC_ROLLBACK, 7381 zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME, 7382 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE, 7383 zfs_keys_rollback, ARRAY_SIZE(zfs_keys_rollback)); 7384 7385 zfs_ioctl_register("bookmark", ZFS_IOC_BOOKMARK, 7386 zfs_ioc_bookmark, zfs_secpolicy_bookmark, POOL_NAME, 7387 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7388 zfs_keys_bookmark, ARRAY_SIZE(zfs_keys_bookmark)); 7389 7390 zfs_ioctl_register("get_bookmarks", ZFS_IOC_GET_BOOKMARKS, 7391 zfs_ioc_get_bookmarks, zfs_secpolicy_read, DATASET_NAME, 7392 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE, 7393 zfs_keys_get_bookmarks, ARRAY_SIZE(zfs_keys_get_bookmarks)); 7394 7395 zfs_ioctl_register("get_bookmark_props", ZFS_IOC_GET_BOOKMARK_PROPS, 7396 zfs_ioc_get_bookmark_props, zfs_secpolicy_read, ENTITY_NAME, 7397 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE, zfs_keys_get_bookmark_props, 7398 ARRAY_SIZE(zfs_keys_get_bookmark_props)); 7399 7400 zfs_ioctl_register("destroy_bookmarks", ZFS_IOC_DESTROY_BOOKMARKS, 7401 zfs_ioc_destroy_bookmarks, zfs_secpolicy_destroy_bookmarks, 7402 POOL_NAME, 7403 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7404 zfs_keys_destroy_bookmarks, 7405 ARRAY_SIZE(zfs_keys_destroy_bookmarks)); 7406 7407 zfs_ioctl_register("receive", ZFS_IOC_RECV_NEW, 7408 zfs_ioc_recv_new, zfs_secpolicy_recv, DATASET_NAME, 7409 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7410 zfs_keys_recv_new, ARRAY_SIZE(zfs_keys_recv_new)); 7411 zfs_ioctl_register("load-key", ZFS_IOC_LOAD_KEY, 7412 zfs_ioc_load_key, zfs_secpolicy_load_key, 7413 DATASET_NAME, POOL_CHECK_SUSPENDED, B_TRUE, B_TRUE, 7414 zfs_keys_load_key, ARRAY_SIZE(zfs_keys_load_key)); 7415 zfs_ioctl_register("unload-key", ZFS_IOC_UNLOAD_KEY, 7416 zfs_ioc_unload_key, zfs_secpolicy_load_key, 7417 DATASET_NAME, POOL_CHECK_SUSPENDED, B_TRUE, B_TRUE, 7418 zfs_keys_unload_key, ARRAY_SIZE(zfs_keys_unload_key)); 7419 zfs_ioctl_register("change-key", ZFS_IOC_CHANGE_KEY, 7420 zfs_ioc_change_key, zfs_secpolicy_change_key, 7421 DATASET_NAME, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, 7422 B_TRUE, B_TRUE, zfs_keys_change_key, 7423 ARRAY_SIZE(zfs_keys_change_key)); 7424 7425 zfs_ioctl_register("sync", ZFS_IOC_POOL_SYNC, 7426 zfs_ioc_pool_sync, zfs_secpolicy_none, POOL_NAME, 7427 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE, 7428 zfs_keys_pool_sync, ARRAY_SIZE(zfs_keys_pool_sync)); 7429 zfs_ioctl_register("reopen", ZFS_IOC_POOL_REOPEN, zfs_ioc_pool_reopen, 7430 zfs_secpolicy_config, POOL_NAME, POOL_CHECK_SUSPENDED, B_TRUE, 7431 B_TRUE, zfs_keys_pool_reopen, ARRAY_SIZE(zfs_keys_pool_reopen)); 7432 7433 zfs_ioctl_register("channel_program", ZFS_IOC_CHANNEL_PROGRAM, 7434 zfs_ioc_channel_program, zfs_secpolicy_config, 7435 POOL_NAME, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, 7436 B_TRUE, zfs_keys_channel_program, 7437 ARRAY_SIZE(zfs_keys_channel_program)); 7438 7439 zfs_ioctl_register("redact", ZFS_IOC_REDACT, 7440 zfs_ioc_redact, zfs_secpolicy_config, DATASET_NAME, 7441 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7442 zfs_keys_redact, ARRAY_SIZE(zfs_keys_redact)); 7443 7444 zfs_ioctl_register("zpool_checkpoint", ZFS_IOC_POOL_CHECKPOINT, 7445 zfs_ioc_pool_checkpoint, zfs_secpolicy_config, POOL_NAME, 7446 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7447 zfs_keys_pool_checkpoint, ARRAY_SIZE(zfs_keys_pool_checkpoint)); 7448 7449 zfs_ioctl_register("zpool_discard_checkpoint", 7450 ZFS_IOC_POOL_DISCARD_CHECKPOINT, zfs_ioc_pool_discard_checkpoint, 7451 zfs_secpolicy_config, POOL_NAME, 7452 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7453 zfs_keys_pool_discard_checkpoint, 7454 ARRAY_SIZE(zfs_keys_pool_discard_checkpoint)); 7455 7456 zfs_ioctl_register("zpool_prefetch", 7457 ZFS_IOC_POOL_PREFETCH, zfs_ioc_pool_prefetch, 7458 zfs_secpolicy_config, POOL_NAME, 7459 POOL_CHECK_SUSPENDED, B_TRUE, B_TRUE, 7460 zfs_keys_pool_prefetch, ARRAY_SIZE(zfs_keys_pool_prefetch)); 7461 7462 zfs_ioctl_register("initialize", ZFS_IOC_POOL_INITIALIZE, 7463 zfs_ioc_pool_initialize, zfs_secpolicy_config, POOL_NAME, 7464 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7465 zfs_keys_pool_initialize, ARRAY_SIZE(zfs_keys_pool_initialize)); 7466 7467 zfs_ioctl_register("trim", ZFS_IOC_POOL_TRIM, 7468 zfs_ioc_pool_trim, zfs_secpolicy_config, POOL_NAME, 7469 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7470 zfs_keys_pool_trim, ARRAY_SIZE(zfs_keys_pool_trim)); 7471 7472 zfs_ioctl_register("wait", ZFS_IOC_WAIT, 7473 zfs_ioc_wait, zfs_secpolicy_none, POOL_NAME, 7474 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE, 7475 zfs_keys_pool_wait, ARRAY_SIZE(zfs_keys_pool_wait)); 7476 7477 zfs_ioctl_register("wait_fs", ZFS_IOC_WAIT_FS, 7478 zfs_ioc_wait_fs, zfs_secpolicy_none, DATASET_NAME, 7479 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE, 7480 zfs_keys_fs_wait, ARRAY_SIZE(zfs_keys_fs_wait)); 7481 7482 zfs_ioctl_register("set_bootenv", ZFS_IOC_SET_BOOTENV, 7483 zfs_ioc_set_bootenv, zfs_secpolicy_config, POOL_NAME, 7484 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE, 7485 zfs_keys_set_bootenv, ARRAY_SIZE(zfs_keys_set_bootenv)); 7486 7487 zfs_ioctl_register("get_bootenv", ZFS_IOC_GET_BOOTENV, 7488 zfs_ioc_get_bootenv, zfs_secpolicy_none, POOL_NAME, 7489 POOL_CHECK_SUSPENDED, B_FALSE, B_TRUE, 7490 zfs_keys_get_bootenv, ARRAY_SIZE(zfs_keys_get_bootenv)); 7491 7492 zfs_ioctl_register("zpool_vdev_get_props", ZFS_IOC_VDEV_GET_PROPS, 7493 zfs_ioc_vdev_get_props, zfs_secpolicy_read, POOL_NAME, 7494 POOL_CHECK_NONE, B_FALSE, B_FALSE, zfs_keys_vdev_get_props, 7495 ARRAY_SIZE(zfs_keys_vdev_get_props)); 7496 7497 zfs_ioctl_register("zpool_vdev_set_props", ZFS_IOC_VDEV_SET_PROPS, 7498 zfs_ioc_vdev_set_props, zfs_secpolicy_config, POOL_NAME, 7499 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE, 7500 zfs_keys_vdev_set_props, ARRAY_SIZE(zfs_keys_vdev_set_props)); 7501 7502 zfs_ioctl_register("scrub", ZFS_IOC_POOL_SCRUB, 7503 zfs_ioc_pool_scrub, zfs_secpolicy_config, POOL_NAME, 7504 POOL_CHECK_NONE, B_TRUE, B_TRUE, 7505 zfs_keys_pool_scrub, ARRAY_SIZE(zfs_keys_pool_scrub)); 7506 7507 zfs_ioctl_register("get_props", ZFS_IOC_POOL_GET_PROPS, 7508 zfs_ioc_pool_get_props, zfs_secpolicy_read, POOL_NAME, 7509 POOL_CHECK_NONE, B_FALSE, B_FALSE, 7510 zfs_keys_get_props, ARRAY_SIZE(zfs_keys_get_props)); 7511 7512 zfs_ioctl_register("zpool_ddt_prune", ZFS_IOC_DDT_PRUNE, 7513 zfs_ioc_ddt_prune, zfs_secpolicy_config, POOL_NAME, 7514 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7515 zfs_keys_ddt_prune, ARRAY_SIZE(zfs_keys_ddt_prune)); 7516 7517 /* IOCTLS that use the legacy function signature */ 7518 7519 zfs_ioctl_register_legacy(ZFS_IOC_POOL_FREEZE, zfs_ioc_pool_freeze, 7520 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_READONLY); 7521 7522 zfs_ioctl_register_pool(ZFS_IOC_POOL_CREATE, zfs_ioc_pool_create, 7523 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE); 7524 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SCAN, 7525 zfs_ioc_pool_scan); 7526 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_UPGRADE, 7527 zfs_ioc_pool_upgrade); 7528 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ADD, 7529 zfs_ioc_vdev_add); 7530 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_REMOVE, 7531 zfs_ioc_vdev_remove); 7532 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SET_STATE, 7533 zfs_ioc_vdev_set_state); 7534 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ATTACH, 7535 zfs_ioc_vdev_attach); 7536 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_DETACH, 7537 zfs_ioc_vdev_detach); 7538 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETPATH, 7539 zfs_ioc_vdev_setpath); 7540 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETFRU, 7541 zfs_ioc_vdev_setfru); 7542 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SET_PROPS, 7543 zfs_ioc_pool_set_props); 7544 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SPLIT, 7545 zfs_ioc_vdev_split); 7546 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_REGUID, 7547 zfs_ioc_pool_reguid); 7548 7549 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_CONFIGS, 7550 zfs_ioc_pool_configs, zfs_secpolicy_none); 7551 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_TRYIMPORT, 7552 zfs_ioc_pool_tryimport, zfs_secpolicy_config); 7553 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_FAULT, 7554 zfs_ioc_inject_fault, zfs_secpolicy_inject); 7555 zfs_ioctl_register_pool_meta(ZFS_IOC_CLEAR_FAULT, 7556 zfs_ioc_clear_fault, zfs_secpolicy_inject); 7557 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_LIST_NEXT, 7558 zfs_ioc_inject_list_next, zfs_secpolicy_inject); 7559 7560 /* 7561 * pool destroy, and export don't log the history as part of 7562 * zfsdev_ioctl, but rather zfs_ioc_pool_export 7563 * does the logging of those commands. 7564 */ 7565 zfs_ioctl_register_pool(ZFS_IOC_POOL_DESTROY, zfs_ioc_pool_destroy, 7566 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED); 7567 zfs_ioctl_register_pool(ZFS_IOC_POOL_EXPORT, zfs_ioc_pool_export, 7568 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED); 7569 7570 zfs_ioctl_register_pool(ZFS_IOC_POOL_STATS, zfs_ioc_pool_stats, 7571 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE); 7572 7573 zfs_ioctl_register_pool(ZFS_IOC_ERROR_LOG, zfs_ioc_error_log, 7574 zfs_secpolicy_inject, B_FALSE, POOL_CHECK_SUSPENDED); 7575 zfs_ioctl_register_pool(ZFS_IOC_DSOBJ_TO_DSNAME, 7576 zfs_ioc_dsobj_to_dsname, 7577 zfs_secpolicy_diff, B_FALSE, POOL_CHECK_SUSPENDED); 7578 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_HISTORY, 7579 zfs_ioc_pool_get_history, 7580 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED); 7581 7582 zfs_ioctl_register_pool(ZFS_IOC_POOL_IMPORT, zfs_ioc_pool_import, 7583 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE); 7584 7585 zfs_ioctl_register_pool(ZFS_IOC_CLEAR, zfs_ioc_clear, 7586 zfs_secpolicy_config, B_TRUE, POOL_CHECK_READONLY); 7587 7588 zfs_ioctl_register_dataset_read(ZFS_IOC_SPACE_WRITTEN, 7589 zfs_ioc_space_written); 7590 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_RECVD_PROPS, 7591 zfs_ioc_objset_recvd_props); 7592 zfs_ioctl_register_dataset_read(ZFS_IOC_NEXT_OBJ, 7593 zfs_ioc_next_obj); 7594 zfs_ioctl_register_dataset_read(ZFS_IOC_GET_FSACL, 7595 zfs_ioc_get_fsacl); 7596 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_STATS, 7597 zfs_ioc_objset_stats); 7598 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_ZPLPROPS, 7599 zfs_ioc_objset_zplprops); 7600 zfs_ioctl_register_dataset_read(ZFS_IOC_DATASET_LIST_NEXT, 7601 zfs_ioc_dataset_list_next); 7602 zfs_ioctl_register_dataset_read(ZFS_IOC_SNAPSHOT_LIST_NEXT, 7603 zfs_ioc_snapshot_list_next); 7604 zfs_ioctl_register_dataset_read(ZFS_IOC_SEND_PROGRESS, 7605 zfs_ioc_send_progress); 7606 7607 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_DIFF, 7608 zfs_ioc_diff, zfs_secpolicy_diff); 7609 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_STATS, 7610 zfs_ioc_obj_to_stats, zfs_secpolicy_diff); 7611 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_PATH, 7612 zfs_ioc_obj_to_path, zfs_secpolicy_diff); 7613 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_ONE, 7614 zfs_ioc_userspace_one, zfs_secpolicy_userspace_one); 7615 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_MANY, 7616 zfs_ioc_userspace_many, zfs_secpolicy_userspace_many); 7617 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_SEND, 7618 zfs_ioc_send, zfs_secpolicy_send); 7619 7620 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_PROP, zfs_ioc_set_prop, 7621 zfs_secpolicy_none); 7622 zfs_ioctl_register_dataset_modify(ZFS_IOC_DESTROY, zfs_ioc_destroy, 7623 zfs_secpolicy_destroy); 7624 zfs_ioctl_register_dataset_modify(ZFS_IOC_RENAME, zfs_ioc_rename, 7625 zfs_secpolicy_rename); 7626 zfs_ioctl_register_dataset_modify(ZFS_IOC_RECV, zfs_ioc_recv, 7627 zfs_secpolicy_recv); 7628 zfs_ioctl_register_dataset_modify(ZFS_IOC_PROMOTE, zfs_ioc_promote, 7629 zfs_secpolicy_promote); 7630 zfs_ioctl_register_dataset_modify(ZFS_IOC_INHERIT_PROP, 7631 zfs_ioc_inherit_prop, zfs_secpolicy_inherit_prop); 7632 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_FSACL, zfs_ioc_set_fsacl, 7633 zfs_secpolicy_set_fsacl); 7634 7635 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SHARE, zfs_ioc_share, 7636 zfs_secpolicy_share, POOL_CHECK_NONE); 7637 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SMB_ACL, zfs_ioc_smb_acl, 7638 zfs_secpolicy_smb_acl, POOL_CHECK_NONE); 7639 zfs_ioctl_register_dataset_nolog(ZFS_IOC_USERSPACE_UPGRADE, 7640 zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade, 7641 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 7642 zfs_ioctl_register_dataset_nolog(ZFS_IOC_TMP_SNAPSHOT, 7643 zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot, 7644 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 7645 7646 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_NEXT, zfs_ioc_events_next, 7647 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE); 7648 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_CLEAR, zfs_ioc_events_clear, 7649 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE); 7650 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_SEEK, zfs_ioc_events_seek, 7651 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE); 7652 7653 zfs_ioctl_init_os(); 7654 } 7655 7656 /* 7657 * Verify that for non-legacy ioctls the input nvlist 7658 * pairs match against the expected input. 7659 * 7660 * Possible errors are: 7661 * ZFS_ERR_IOC_ARG_UNAVAIL An unrecognized nvpair was encountered 7662 * ZFS_ERR_IOC_ARG_REQUIRED A required nvpair is missing 7663 * ZFS_ERR_IOC_ARG_BADTYPE Invalid type for nvpair 7664 */ 7665 static int 7666 zfs_check_input_nvpairs(nvlist_t *innvl, const zfs_ioc_vec_t *vec) 7667 { 7668 const zfs_ioc_key_t *nvl_keys = vec->zvec_nvl_keys; 7669 boolean_t required_keys_found = B_FALSE; 7670 7671 /* 7672 * examine each input pair 7673 */ 7674 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL); 7675 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) { 7676 const char *name = nvpair_name(pair); 7677 data_type_t type = nvpair_type(pair); 7678 boolean_t identified = B_FALSE; 7679 7680 /* 7681 * check pair against the documented names and type 7682 */ 7683 for (int k = 0; k < vec->zvec_nvl_key_count; k++) { 7684 /* if not a wild card name, check for an exact match */ 7685 if ((nvl_keys[k].zkey_flags & ZK_WILDCARDLIST) == 0 && 7686 strcmp(nvl_keys[k].zkey_name, name) != 0) 7687 continue; 7688 7689 identified = B_TRUE; 7690 7691 if (nvl_keys[k].zkey_type != DATA_TYPE_ANY && 7692 nvl_keys[k].zkey_type != type) { 7693 return (SET_ERROR(ZFS_ERR_IOC_ARG_BADTYPE)); 7694 } 7695 7696 if (nvl_keys[k].zkey_flags & ZK_OPTIONAL) 7697 continue; 7698 7699 required_keys_found = B_TRUE; 7700 break; 7701 } 7702 7703 /* allow an 'optional' key, everything else is invalid */ 7704 if (!identified && 7705 (strcmp(name, "optional") != 0 || 7706 type != DATA_TYPE_NVLIST)) { 7707 return (SET_ERROR(ZFS_ERR_IOC_ARG_UNAVAIL)); 7708 } 7709 } 7710 7711 /* verify that all required keys were found */ 7712 for (int k = 0; k < vec->zvec_nvl_key_count; k++) { 7713 if (nvl_keys[k].zkey_flags & ZK_OPTIONAL) 7714 continue; 7715 7716 if (nvl_keys[k].zkey_flags & ZK_WILDCARDLIST) { 7717 /* at least one non-optional key is expected here */ 7718 if (!required_keys_found) 7719 return (SET_ERROR(ZFS_ERR_IOC_ARG_REQUIRED)); 7720 continue; 7721 } 7722 7723 if (!nvlist_exists(innvl, nvl_keys[k].zkey_name)) 7724 return (SET_ERROR(ZFS_ERR_IOC_ARG_REQUIRED)); 7725 } 7726 7727 return (0); 7728 } 7729 7730 static int 7731 pool_status_check(const char *name, zfs_ioc_namecheck_t type, 7732 zfs_ioc_poolcheck_t check) 7733 { 7734 spa_t *spa; 7735 int error; 7736 7737 ASSERT(type == POOL_NAME || type == DATASET_NAME || 7738 type == ENTITY_NAME); 7739 7740 if (check & POOL_CHECK_NONE) 7741 return (0); 7742 7743 error = spa_open(name, &spa, FTAG); 7744 if (error == 0) { 7745 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa)) 7746 error = SET_ERROR(EAGAIN); 7747 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa)) 7748 error = SET_ERROR(EROFS); 7749 spa_close(spa, FTAG); 7750 } 7751 return (error); 7752 } 7753 7754 int 7755 zfsdev_getminor(zfs_file_t *fp, minor_t *minorp) 7756 { 7757 zfsdev_state_t *zs, *fpd; 7758 7759 ASSERT(!MUTEX_HELD(&zfsdev_state_lock)); 7760 7761 fpd = zfs_file_private(fp); 7762 if (fpd == NULL) 7763 return (SET_ERROR(EBADF)); 7764 7765 mutex_enter(&zfsdev_state_lock); 7766 7767 for (zs = &zfsdev_state_listhead; zs != NULL; zs = zs->zs_next) { 7768 7769 if (zs->zs_minor == -1) 7770 continue; 7771 7772 if (fpd == zs) { 7773 *minorp = fpd->zs_minor; 7774 mutex_exit(&zfsdev_state_lock); 7775 return (0); 7776 } 7777 } 7778 7779 mutex_exit(&zfsdev_state_lock); 7780 7781 return (SET_ERROR(EBADF)); 7782 } 7783 7784 void * 7785 zfsdev_get_state(minor_t minor, enum zfsdev_state_type which) 7786 { 7787 zfsdev_state_t *zs; 7788 7789 for (zs = &zfsdev_state_listhead; zs != NULL; zs = zs->zs_next) { 7790 if (zs->zs_minor == minor) { 7791 membar_consumer(); 7792 switch (which) { 7793 case ZST_ONEXIT: 7794 return (zs->zs_onexit); 7795 case ZST_ZEVENT: 7796 return (zs->zs_zevent); 7797 case ZST_ALL: 7798 return (zs); 7799 } 7800 } 7801 } 7802 7803 return (NULL); 7804 } 7805 7806 /* 7807 * Find a free minor number. The zfsdev_state_list is expected to 7808 * be short since it is only a list of currently open file handles. 7809 */ 7810 static minor_t 7811 zfsdev_minor_alloc(void) 7812 { 7813 static minor_t last_minor = 0; 7814 minor_t m; 7815 7816 ASSERT(MUTEX_HELD(&zfsdev_state_lock)); 7817 7818 for (m = last_minor + 1; m != last_minor; m++) { 7819 if (m > ZFSDEV_MAX_MINOR) 7820 m = 1; 7821 if (zfsdev_get_state(m, ZST_ALL) == NULL) { 7822 last_minor = m; 7823 return (m); 7824 } 7825 } 7826 7827 return (0); 7828 } 7829 7830 int 7831 zfsdev_state_init(void *priv) 7832 { 7833 zfsdev_state_t *zs, *zsprev = NULL; 7834 minor_t minor; 7835 boolean_t newzs = B_FALSE; 7836 7837 ASSERT(MUTEX_HELD(&zfsdev_state_lock)); 7838 7839 minor = zfsdev_minor_alloc(); 7840 if (minor == 0) 7841 return (SET_ERROR(ENXIO)); 7842 7843 for (zs = &zfsdev_state_listhead; zs != NULL; zs = zs->zs_next) { 7844 if (zs->zs_minor == -1) 7845 break; 7846 zsprev = zs; 7847 } 7848 7849 if (!zs) { 7850 zs = kmem_zalloc(sizeof (zfsdev_state_t), KM_SLEEP); 7851 newzs = B_TRUE; 7852 } 7853 7854 zfsdev_private_set_state(priv, zs); 7855 7856 zfs_onexit_init((zfs_onexit_t **)&zs->zs_onexit); 7857 zfs_zevent_init((zfs_zevent_t **)&zs->zs_zevent); 7858 7859 /* 7860 * In order to provide for lock-free concurrent read access 7861 * to the minor list in zfsdev_get_state(), new entries 7862 * must be completely written before linking them into the 7863 * list whereas existing entries are already linked; the last 7864 * operation must be updating zs_minor (from -1 to the new 7865 * value). 7866 */ 7867 if (newzs) { 7868 zs->zs_minor = minor; 7869 membar_producer(); 7870 zsprev->zs_next = zs; 7871 } else { 7872 membar_producer(); 7873 zs->zs_minor = minor; 7874 } 7875 7876 return (0); 7877 } 7878 7879 void 7880 zfsdev_state_destroy(void *priv) 7881 { 7882 zfsdev_state_t *zs = zfsdev_private_get_state(priv); 7883 7884 ASSERT(zs != NULL); 7885 ASSERT3S(zs->zs_minor, >, 0); 7886 7887 /* 7888 * The last reference to this zfsdev file descriptor is being dropped. 7889 * We don't have to worry about lookup grabbing this state object, and 7890 * zfsdev_state_init() will not try to reuse this object until it is 7891 * invalidated by setting zs_minor to -1. Invalidation must be done 7892 * last, with a memory barrier to ensure ordering. This lets us avoid 7893 * taking the global zfsdev state lock around destruction. 7894 */ 7895 zfs_onexit_destroy(zs->zs_onexit); 7896 zfs_zevent_destroy(zs->zs_zevent); 7897 zs->zs_onexit = NULL; 7898 zs->zs_zevent = NULL; 7899 membar_producer(); 7900 zs->zs_minor = -1; 7901 } 7902 7903 long 7904 zfsdev_ioctl_common(uint_t vecnum, zfs_cmd_t *zc, int flag) 7905 { 7906 int error, cmd; 7907 const zfs_ioc_vec_t *vec; 7908 char *saved_poolname = NULL; 7909 uint64_t max_nvlist_src_size; 7910 size_t saved_poolname_len = 0; 7911 nvlist_t *innvl = NULL; 7912 fstrans_cookie_t cookie; 7913 hrtime_t start_time = gethrtime(); 7914 7915 cmd = vecnum; 7916 error = 0; 7917 if (vecnum >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0])) 7918 return (SET_ERROR(ZFS_ERR_IOC_CMD_UNAVAIL)); 7919 7920 vec = &zfs_ioc_vec[vecnum]; 7921 7922 /* 7923 * The registered ioctl list may be sparse, verify that either 7924 * a normal or legacy handler are registered. 7925 */ 7926 if (vec->zvec_func == NULL && vec->zvec_legacy_func == NULL) 7927 return (SET_ERROR(ZFS_ERR_IOC_CMD_UNAVAIL)); 7928 7929 zc->zc_iflags = flag & FKIOCTL; 7930 max_nvlist_src_size = zfs_max_nvlist_src_size_os(); 7931 if (zc->zc_nvlist_src_size > max_nvlist_src_size) { 7932 /* 7933 * Make sure the user doesn't pass in an insane value for 7934 * zc_nvlist_src_size. We have to check, since we will end 7935 * up allocating that much memory inside of get_nvlist(). This 7936 * prevents a nefarious user from allocating tons of kernel 7937 * memory. 7938 * 7939 * Also, we return EINVAL instead of ENOMEM here. The reason 7940 * being that returning ENOMEM from an ioctl() has a special 7941 * connotation; that the user's size value is too small and 7942 * needs to be expanded to hold the nvlist. See 7943 * zcmd_expand_dst_nvlist() for details. 7944 */ 7945 error = SET_ERROR(EINVAL); /* User's size too big */ 7946 7947 } else if (zc->zc_nvlist_src_size != 0) { 7948 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 7949 zc->zc_iflags, &innvl); 7950 if (error != 0) 7951 goto out; 7952 } 7953 7954 /* 7955 * Ensure that all pool/dataset names are valid before we pass down to 7956 * the lower layers. 7957 */ 7958 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0'; 7959 switch (vec->zvec_namecheck) { 7960 case POOL_NAME: 7961 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0) 7962 error = SET_ERROR(EINVAL); 7963 else 7964 error = pool_status_check(zc->zc_name, 7965 vec->zvec_namecheck, vec->zvec_pool_check); 7966 break; 7967 7968 case DATASET_NAME: 7969 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0) 7970 error = SET_ERROR(EINVAL); 7971 else 7972 error = pool_status_check(zc->zc_name, 7973 vec->zvec_namecheck, vec->zvec_pool_check); 7974 break; 7975 7976 case ENTITY_NAME: 7977 if (entity_namecheck(zc->zc_name, NULL, NULL) != 0) { 7978 error = SET_ERROR(EINVAL); 7979 } else { 7980 error = pool_status_check(zc->zc_name, 7981 vec->zvec_namecheck, vec->zvec_pool_check); 7982 } 7983 break; 7984 7985 case NO_NAME: 7986 break; 7987 } 7988 /* 7989 * Ensure that all input pairs are valid before we pass them down 7990 * to the lower layers. 7991 * 7992 * The vectored functions can use fnvlist_lookup_{type} for any 7993 * required pairs since zfs_check_input_nvpairs() confirmed that 7994 * they exist and are of the correct type. 7995 */ 7996 if (error == 0 && vec->zvec_func != NULL) { 7997 error = zfs_check_input_nvpairs(innvl, vec); 7998 if (error != 0) 7999 goto out; 8000 } 8001 8002 if (error == 0) { 8003 cookie = spl_fstrans_mark(); 8004 error = vec->zvec_secpolicy(zc, innvl, CRED()); 8005 spl_fstrans_unmark(cookie); 8006 } 8007 8008 if (error != 0) 8009 goto out; 8010 8011 /* legacy ioctls can modify zc_name */ 8012 /* 8013 * Can't use kmem_strdup() as we might truncate the string and 8014 * kmem_strfree() would then free with incorrect size. 8015 */ 8016 saved_poolname_len = strlen(zc->zc_name) + 1; 8017 saved_poolname = kmem_alloc(saved_poolname_len, KM_SLEEP); 8018 8019 strlcpy(saved_poolname, zc->zc_name, saved_poolname_len); 8020 saved_poolname[strcspn(saved_poolname, "/@#")] = '\0'; 8021 8022 if (vec->zvec_func != NULL) { 8023 nvlist_t *outnvl; 8024 int puterror = 0; 8025 spa_t *spa; 8026 nvlist_t *lognv = NULL; 8027 8028 ASSERT(vec->zvec_legacy_func == NULL); 8029 8030 /* 8031 * Add the innvl to the lognv before calling the func, 8032 * in case the func changes the innvl. 8033 */ 8034 if (vec->zvec_allow_log) { 8035 lognv = fnvlist_alloc(); 8036 fnvlist_add_string(lognv, ZPOOL_HIST_IOCTL, 8037 vec->zvec_name); 8038 if (!nvlist_empty(innvl)) { 8039 fnvlist_add_nvlist(lognv, ZPOOL_HIST_INPUT_NVL, 8040 innvl); 8041 } 8042 } 8043 8044 outnvl = fnvlist_alloc(); 8045 cookie = spl_fstrans_mark(); 8046 error = vec->zvec_func(zc->zc_name, innvl, outnvl); 8047 spl_fstrans_unmark(cookie); 8048 8049 /* 8050 * Some commands can partially execute, modify state, and still 8051 * return an error. In these cases, attempt to record what 8052 * was modified. 8053 */ 8054 if ((error == 0 || 8055 (cmd == ZFS_IOC_CHANNEL_PROGRAM && error != EINVAL)) && 8056 vec->zvec_allow_log && 8057 spa_open(zc->zc_name, &spa, FTAG) == 0) { 8058 if (!nvlist_empty(outnvl)) { 8059 size_t out_size = fnvlist_size(outnvl); 8060 if (out_size > zfs_history_output_max) { 8061 fnvlist_add_int64(lognv, 8062 ZPOOL_HIST_OUTPUT_SIZE, out_size); 8063 } else { 8064 fnvlist_add_nvlist(lognv, 8065 ZPOOL_HIST_OUTPUT_NVL, outnvl); 8066 } 8067 } 8068 if (error != 0) { 8069 fnvlist_add_int64(lognv, ZPOOL_HIST_ERRNO, 8070 error); 8071 } 8072 fnvlist_add_int64(lognv, ZPOOL_HIST_ELAPSED_NS, 8073 gethrtime() - start_time); 8074 (void) spa_history_log_nvl(spa, lognv); 8075 spa_close(spa, FTAG); 8076 } 8077 fnvlist_free(lognv); 8078 8079 if (!nvlist_empty(outnvl) || zc->zc_nvlist_dst_size != 0) { 8080 int smusherror = 0; 8081 if (vec->zvec_smush_outnvlist) { 8082 smusherror = nvlist_smush(outnvl, 8083 zc->zc_nvlist_dst_size); 8084 } 8085 if (smusherror == 0) 8086 puterror = put_nvlist(zc, outnvl); 8087 } 8088 8089 if (puterror != 0) 8090 error = puterror; 8091 8092 nvlist_free(outnvl); 8093 } else { 8094 cookie = spl_fstrans_mark(); 8095 error = vec->zvec_legacy_func(zc); 8096 spl_fstrans_unmark(cookie); 8097 } 8098 8099 out: 8100 nvlist_free(innvl); 8101 if (error == 0 && vec->zvec_allow_log) { 8102 char *s = tsd_get(zfs_allow_log_key); 8103 if (s != NULL) 8104 kmem_strfree(s); 8105 (void) tsd_set(zfs_allow_log_key, kmem_strdup(saved_poolname)); 8106 } 8107 if (saved_poolname != NULL) 8108 kmem_free(saved_poolname, saved_poolname_len); 8109 8110 return (error); 8111 } 8112 8113 int 8114 zfs_kmod_init(void) 8115 { 8116 int error; 8117 8118 if ((error = zvol_init()) != 0) 8119 return (error); 8120 8121 spa_init(SPA_MODE_READ | SPA_MODE_WRITE); 8122 zfs_init(); 8123 8124 zfs_ioctl_init(); 8125 8126 mutex_init(&zfsdev_state_lock, NULL, MUTEX_DEFAULT, NULL); 8127 zfsdev_state_listhead.zs_minor = -1; 8128 8129 if ((error = zfsdev_attach()) != 0) 8130 goto out; 8131 8132 tsd_create(&rrw_tsd_key, rrw_tsd_destroy); 8133 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy); 8134 8135 return (0); 8136 out: 8137 zfs_fini(); 8138 spa_fini(); 8139 zvol_fini(); 8140 8141 return (error); 8142 } 8143 8144 void 8145 zfs_kmod_fini(void) 8146 { 8147 zfsdev_state_t *zs, *zsnext = NULL; 8148 8149 zfsdev_detach(); 8150 8151 mutex_destroy(&zfsdev_state_lock); 8152 8153 for (zs = &zfsdev_state_listhead; zs != NULL; zs = zsnext) { 8154 zsnext = zs->zs_next; 8155 if (zs->zs_onexit) 8156 zfs_onexit_destroy(zs->zs_onexit); 8157 if (zs->zs_zevent) 8158 zfs_zevent_destroy(zs->zs_zevent); 8159 if (zs != &zfsdev_state_listhead) 8160 kmem_free(zs, sizeof (zfsdev_state_t)); 8161 } 8162 8163 zfs_ereport_taskq_fini(); /* run before zfs_fini() on Linux */ 8164 zfs_fini(); 8165 spa_fini(); 8166 zvol_fini(); 8167 8168 tsd_destroy(&rrw_tsd_key); 8169 tsd_destroy(&zfs_allow_log_key); 8170 } 8171 8172 ZFS_MODULE_PARAM(zfs, zfs_, max_nvlist_src_size, U64, ZMOD_RW, 8173 "Maximum size in bytes allowed for src nvlist passed with ZFS ioctls"); 8174 8175 ZFS_MODULE_PARAM(zfs, zfs_, history_output_max, U64, ZMOD_RW, 8176 "Maximum size in bytes of ZFS ioctl output that will be logged"); 8177