1 // SPDX-License-Identifier: CDDL-1.0 2 /* 3 * CDDL HEADER START 4 * 5 * The contents of this file are subject to the terms of the 6 * Common Development and Distribution License (the "License"). 7 * You may not use this file except in compliance with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or https://opensource.org/licenses/CDDL-1.0. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 23 /* 24 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. 25 * Portions Copyright 2011 Martin Matuska 26 * Copyright 2015, OmniTI Computer Consulting, Inc. All rights reserved. 27 * Copyright (c) 2012 Pawel Jakub Dawidek 28 * Copyright (c) 2014, 2016 Joyent, Inc. All rights reserved. 29 * Copyright 2016 Nexenta Systems, Inc. All rights reserved. 30 * Copyright (c) 2014, Joyent, Inc. All rights reserved. 31 * Copyright (c) 2011, 2024 by Delphix. All rights reserved. 32 * Copyright (c) 2013 by Saso Kiselkov. All rights reserved. 33 * Copyright (c) 2013 Steven Hartland. All rights reserved. 34 * Copyright (c) 2014 Integros [integros.com] 35 * Copyright 2016 Toomas Soome <tsoome@me.com> 36 * Copyright (c) 2016 Actifio, Inc. All rights reserved. 37 * Copyright (c) 2018, loli10K <ezomori.nozomu@gmail.com>. All rights reserved. 38 * Copyright 2017 RackTop Systems. 39 * Copyright (c) 2017 Open-E, Inc. All Rights Reserved. 40 * Copyright (c) 2019 Datto Inc. 41 * Copyright (c) 2019, 2020 by Christian Schwarz. All rights reserved. 42 * Copyright (c) 2019, 2021, 2023, 2024, Klara Inc. 43 * Copyright (c) 2019, Allan Jude 44 * Copyright 2024 Oxide Computer Company 45 */ 46 47 /* 48 * ZFS ioctls. 49 * 50 * This file handles the ioctls to /dev/zfs, used for configuring ZFS storage 51 * pools and filesystems, e.g. with /sbin/zfs and /sbin/zpool. 52 * 53 * There are two ways that we handle ioctls: the legacy way where almost 54 * all of the logic is in the ioctl callback, and the new way where most 55 * of the marshalling is handled in the common entry point, zfsdev_ioctl(). 56 * 57 * Non-legacy ioctls should be registered by calling 58 * zfs_ioctl_register() from zfs_ioctl_init(). The ioctl is invoked 59 * from userland by lzc_ioctl(). 60 * 61 * The registration arguments are as follows: 62 * 63 * const char *name 64 * The name of the ioctl. This is used for history logging. If the 65 * ioctl returns successfully (the callback returns 0), and allow_log 66 * is true, then a history log entry will be recorded with the input & 67 * output nvlists. The log entry can be printed with "zpool history -i". 68 * 69 * zfs_ioc_t ioc 70 * The ioctl request number, which userland will pass to ioctl(2). 71 * We want newer versions of libzfs and libzfs_core to run against 72 * existing zfs kernel modules (i.e. a deferred reboot after an update). 73 * Therefore the ioctl numbers cannot change from release to release. 74 * 75 * zfs_secpolicy_func_t *secpolicy 76 * This function will be called before the zfs_ioc_func_t, to 77 * determine if this operation is permitted. It should return EPERM 78 * on failure, and 0 on success. Checks include determining if the 79 * dataset is visible in this zone, and if the user has either all 80 * zfs privileges in the zone (SYS_MOUNT), or has been granted permission 81 * to do this operation on this dataset with "zfs allow". 82 * 83 * zfs_ioc_namecheck_t namecheck 84 * This specifies what to expect in the zfs_cmd_t:zc_name -- a pool 85 * name, a dataset name, or nothing. If the name is not well-formed, 86 * the ioctl will fail and the callback will not be called. 87 * Therefore, the callback can assume that the name is well-formed 88 * (e.g. is null-terminated, doesn't have more than one '@' character, 89 * doesn't have invalid characters). 90 * 91 * zfs_ioc_poolcheck_t pool_check 92 * This specifies requirements on the pool state. If the pool does 93 * not meet them (is suspended or is readonly), the ioctl will fail 94 * and the callback will not be called. If any checks are specified 95 * (i.e. it is not POOL_CHECK_NONE), namecheck must not be NO_NAME. 96 * Multiple checks can be or-ed together (e.g. POOL_CHECK_SUSPENDED | 97 * POOL_CHECK_READONLY). 98 * 99 * zfs_ioc_key_t *nvl_keys 100 * The list of expected/allowable innvl input keys. This list is used 101 * to validate the nvlist input to the ioctl. 102 * 103 * boolean_t smush_outnvlist 104 * If smush_outnvlist is true, then the output is presumed to be a 105 * list of errors, and it will be "smushed" down to fit into the 106 * caller's buffer, by removing some entries and replacing them with a 107 * single "N_MORE_ERRORS" entry indicating how many were removed. See 108 * nvlist_smush() for details. If smush_outnvlist is false, and the 109 * outnvlist does not fit into the userland-provided buffer, then the 110 * ioctl will fail with ENOMEM. 111 * 112 * zfs_ioc_func_t *func 113 * The callback function that will perform the operation. 114 * 115 * The callback should return 0 on success, or an error number on 116 * failure. If the function fails, the userland ioctl will return -1, 117 * and errno will be set to the callback's return value. The callback 118 * will be called with the following arguments: 119 * 120 * const char *name 121 * The name of the pool or dataset to operate on, from 122 * zfs_cmd_t:zc_name. The 'namecheck' argument specifies the 123 * expected type (pool, dataset, or none). 124 * 125 * nvlist_t *innvl 126 * The input nvlist, deserialized from zfs_cmd_t:zc_nvlist_src. Or 127 * NULL if no input nvlist was provided. Changes to this nvlist are 128 * ignored. If the input nvlist could not be deserialized, the 129 * ioctl will fail and the callback will not be called. 130 * 131 * nvlist_t *outnvl 132 * The output nvlist, initially empty. The callback can fill it in, 133 * and it will be returned to userland by serializing it into 134 * zfs_cmd_t:zc_nvlist_dst. If it is non-empty, and serialization 135 * fails (e.g. because the caller didn't supply a large enough 136 * buffer), then the overall ioctl will fail. See the 137 * 'smush_nvlist' argument above for additional behaviors. 138 * 139 * There are two typical uses of the output nvlist: 140 * - To return state, e.g. property values. In this case, 141 * smush_outnvlist should be false. If the buffer was not large 142 * enough, the caller will reallocate a larger buffer and try 143 * the ioctl again. 144 * 145 * - To return multiple errors from an ioctl which makes on-disk 146 * changes. In this case, smush_outnvlist should be true. 147 * Ioctls which make on-disk modifications should generally not 148 * use the outnvl if they succeed, because the caller can not 149 * distinguish between the operation failing, and 150 * deserialization failing. 151 * 152 * IOCTL Interface Errors 153 * 154 * The following ioctl input errors can be returned: 155 * ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel 156 * ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel 157 * ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing 158 * ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type 159 */ 160 161 #include <sys/types.h> 162 #include <sys/param.h> 163 #include <sys/errno.h> 164 #include <sys/file.h> 165 #include <sys/kmem.h> 166 #include <sys/cmn_err.h> 167 #include <sys/stat.h> 168 #include <sys/zfs_ioctl.h> 169 #include <sys/zfs_quota.h> 170 #include <sys/zfs_vfsops.h> 171 #include <sys/zfs_znode.h> 172 #include <sys/zap.h> 173 #include <sys/spa.h> 174 #include <sys/spa_impl.h> 175 #include <sys/vdev.h> 176 #include <sys/vdev_impl.h> 177 #include <sys/dmu.h> 178 #include <sys/dsl_dir.h> 179 #include <sys/dsl_dataset.h> 180 #include <sys/dsl_prop.h> 181 #include <sys/dsl_deleg.h> 182 #include <sys/dmu_objset.h> 183 #include <sys/dmu_impl.h> 184 #include <sys/dmu_redact.h> 185 #include <sys/dmu_tx.h> 186 #include <sys/sunddi.h> 187 #include <sys/policy.h> 188 #include <sys/zone.h> 189 #include <sys/nvpair.h> 190 #include <sys/pathname.h> 191 #include <sys/fs/zfs.h> 192 #include <sys/zfs_ctldir.h> 193 #include <sys/zfs_dir.h> 194 #include <sys/zfs_onexit.h> 195 #include <sys/zvol.h> 196 #include <sys/dsl_scan.h> 197 #include <sys/fm/util.h> 198 #include <sys/dsl_crypt.h> 199 #include <sys/rrwlock.h> 200 #include <sys/zfs_file.h> 201 202 #include <sys/dmu_recv.h> 203 #include <sys/dmu_send.h> 204 #include <sys/dmu_recv.h> 205 #include <sys/dsl_destroy.h> 206 #include <sys/dsl_bookmark.h> 207 #include <sys/dsl_userhold.h> 208 #include <sys/zfeature.h> 209 #include <sys/zcp.h> 210 #include <sys/zio_checksum.h> 211 #include <sys/vdev_removal.h> 212 #include <sys/vdev_impl.h> 213 #include <sys/vdev_initialize.h> 214 #include <sys/vdev_trim.h> 215 #include <sys/brt.h> 216 #include <sys/ddt.h> 217 218 #include "zfs_namecheck.h" 219 #include "zfs_prop.h" 220 #include "zfs_deleg.h" 221 #include "zfs_comutil.h" 222 223 #include <sys/lua/lua.h> 224 #include <sys/lua/lauxlib.h> 225 #include <sys/zfs_ioctl_impl.h> 226 227 kmutex_t zfsdev_state_lock; 228 static zfsdev_state_t zfsdev_state_listhead; 229 230 /* 231 * Limit maximum nvlist size. We don't want users passing in insane values 232 * for zc->zc_nvlist_src_size, since we will need to allocate that much memory. 233 * Defaults to 0=auto which is handled by platform code. 234 */ 235 uint64_t zfs_max_nvlist_src_size = 0; 236 237 /* 238 * When logging the output nvlist of an ioctl in the on-disk history, limit 239 * the logged size to this many bytes. This must be less than DMU_MAX_ACCESS. 240 * This applies primarily to zfs_ioc_channel_program(). 241 */ 242 static uint64_t zfs_history_output_max = 1024 * 1024; 243 244 uint_t zfs_allow_log_key; 245 246 /* DATA_TYPE_ANY is used when zkey_type can vary. */ 247 #define DATA_TYPE_ANY DATA_TYPE_UNKNOWN 248 249 typedef struct zfs_ioc_vec { 250 zfs_ioc_legacy_func_t *zvec_legacy_func; 251 zfs_ioc_func_t *zvec_func; 252 zfs_secpolicy_func_t *zvec_secpolicy; 253 zfs_ioc_namecheck_t zvec_namecheck; 254 boolean_t zvec_allow_log; 255 zfs_ioc_poolcheck_t zvec_pool_check; 256 boolean_t zvec_smush_outnvlist; 257 const char *zvec_name; 258 const zfs_ioc_key_t *zvec_nvl_keys; 259 size_t zvec_nvl_key_count; 260 } zfs_ioc_vec_t; 261 262 /* This array is indexed by zfs_userquota_prop_t */ 263 static const char *userquota_perms[] = { 264 ZFS_DELEG_PERM_USERUSED, 265 ZFS_DELEG_PERM_USERQUOTA, 266 ZFS_DELEG_PERM_GROUPUSED, 267 ZFS_DELEG_PERM_GROUPQUOTA, 268 ZFS_DELEG_PERM_USEROBJUSED, 269 ZFS_DELEG_PERM_USEROBJQUOTA, 270 ZFS_DELEG_PERM_GROUPOBJUSED, 271 ZFS_DELEG_PERM_GROUPOBJQUOTA, 272 ZFS_DELEG_PERM_PROJECTUSED, 273 ZFS_DELEG_PERM_PROJECTQUOTA, 274 ZFS_DELEG_PERM_PROJECTOBJUSED, 275 ZFS_DELEG_PERM_PROJECTOBJQUOTA, 276 }; 277 278 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc); 279 static int zfs_ioc_id_quota_upgrade(zfs_cmd_t *zc); 280 static int zfs_check_settable(const char *name, nvpair_t *property, 281 cred_t *cr); 282 static int zfs_check_clearable(const char *dataset, nvlist_t *props, 283 nvlist_t **errors); 284 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *, 285 boolean_t *); 286 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t *); 287 static int get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp); 288 289 static void 290 history_str_free(char *buf) 291 { 292 kmem_free(buf, HIS_MAX_RECORD_LEN); 293 } 294 295 static char * 296 history_str_get(zfs_cmd_t *zc) 297 { 298 char *buf; 299 300 if (zc->zc_history == 0) 301 return (NULL); 302 303 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP); 304 if (copyinstr((void *)(uintptr_t)zc->zc_history, 305 buf, HIS_MAX_RECORD_LEN, NULL) != 0) { 306 history_str_free(buf); 307 return (NULL); 308 } 309 310 buf[HIS_MAX_RECORD_LEN -1] = '\0'; 311 312 return (buf); 313 } 314 315 /* 316 * Return non-zero if the spa version is less than requested version. 317 */ 318 static int 319 zfs_earlier_version(const char *name, int version) 320 { 321 spa_t *spa; 322 323 if (spa_open(name, &spa, FTAG) == 0) { 324 if (spa_version(spa) < version) { 325 spa_close(spa, FTAG); 326 return (1); 327 } 328 spa_close(spa, FTAG); 329 } 330 return (0); 331 } 332 333 /* 334 * Return TRUE if the ZPL version is less than requested version. 335 */ 336 static boolean_t 337 zpl_earlier_version(const char *name, int version) 338 { 339 objset_t *os; 340 boolean_t rc = B_TRUE; 341 342 if (dmu_objset_hold(name, FTAG, &os) == 0) { 343 uint64_t zplversion; 344 345 if (dmu_objset_type(os) != DMU_OST_ZFS) { 346 dmu_objset_rele(os, FTAG); 347 return (B_TRUE); 348 } 349 /* XXX reading from non-owned objset */ 350 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0) 351 rc = zplversion < version; 352 dmu_objset_rele(os, FTAG); 353 } 354 return (rc); 355 } 356 357 static void 358 zfs_log_history(zfs_cmd_t *zc) 359 { 360 spa_t *spa; 361 char *buf; 362 363 if ((buf = history_str_get(zc)) == NULL) 364 return; 365 366 if (spa_open(zc->zc_name, &spa, FTAG) == 0) { 367 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY) 368 (void) spa_history_log(spa, buf); 369 spa_close(spa, FTAG); 370 } 371 history_str_free(buf); 372 } 373 374 /* 375 * Policy for top-level read operations (list pools). Requires no privileges, 376 * and can be used in the local zone, as there is no associated dataset. 377 */ 378 static int 379 zfs_secpolicy_none(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 380 { 381 (void) zc, (void) innvl, (void) cr; 382 return (0); 383 } 384 385 /* 386 * Policy for dataset read operations (list children, get statistics). Requires 387 * no privileges, but must be visible in the local zone. 388 */ 389 static int 390 zfs_secpolicy_read(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 391 { 392 (void) innvl, (void) cr; 393 if (INGLOBALZONE(curproc) || 394 zone_dataset_visible(zc->zc_name, NULL)) 395 return (0); 396 397 return (SET_ERROR(ENOENT)); 398 } 399 400 static int 401 zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr) 402 { 403 int writable = 1; 404 405 /* 406 * The dataset must be visible by this zone -- check this first 407 * so they don't see EPERM on something they shouldn't know about. 408 */ 409 if (!INGLOBALZONE(curproc) && 410 !zone_dataset_visible(dataset, &writable)) 411 return (SET_ERROR(ENOENT)); 412 413 if (INGLOBALZONE(curproc)) { 414 /* 415 * If the fs is zoned, only root can access it from the 416 * global zone. 417 */ 418 if (secpolicy_zfs(cr) && zoned) 419 return (SET_ERROR(EPERM)); 420 } else { 421 /* 422 * If we are in a local zone, the 'zoned' property must be set. 423 */ 424 if (!zoned) 425 return (SET_ERROR(EPERM)); 426 427 /* must be writable by this zone */ 428 if (!writable) 429 return (SET_ERROR(EPERM)); 430 } 431 return (0); 432 } 433 434 static int 435 zfs_dozonecheck(const char *dataset, cred_t *cr) 436 { 437 uint64_t zoned; 438 439 if (dsl_prop_get_integer(dataset, zfs_prop_to_name(ZFS_PROP_ZONED), 440 &zoned, NULL)) 441 return (SET_ERROR(ENOENT)); 442 443 return (zfs_dozonecheck_impl(dataset, zoned, cr)); 444 } 445 446 static int 447 zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr) 448 { 449 uint64_t zoned; 450 451 if (dsl_prop_get_int_ds(ds, zfs_prop_to_name(ZFS_PROP_ZONED), &zoned)) 452 return (SET_ERROR(ENOENT)); 453 454 return (zfs_dozonecheck_impl(dataset, zoned, cr)); 455 } 456 457 static int 458 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds, 459 const char *perm, cred_t *cr) 460 { 461 int error; 462 463 error = zfs_dozonecheck_ds(name, ds, cr); 464 if (error == 0) { 465 error = secpolicy_zfs(cr); 466 if (error != 0) 467 error = dsl_deleg_access_impl(ds, perm, cr); 468 } 469 return (error); 470 } 471 472 static int 473 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr) 474 { 475 int error; 476 dsl_dataset_t *ds; 477 dsl_pool_t *dp; 478 479 /* 480 * First do a quick check for root in the global zone, which 481 * is allowed to do all write_perms. This ensures that zfs_ioc_* 482 * will get to handle nonexistent datasets. 483 */ 484 if (INGLOBALZONE(curproc) && secpolicy_zfs(cr) == 0) 485 return (0); 486 487 error = dsl_pool_hold(name, FTAG, &dp); 488 if (error != 0) 489 return (error); 490 491 error = dsl_dataset_hold(dp, name, FTAG, &ds); 492 if (error != 0) { 493 dsl_pool_rele(dp, FTAG); 494 return (error); 495 } 496 497 error = zfs_secpolicy_write_perms_ds(name, ds, perm, cr); 498 499 dsl_dataset_rele(ds, FTAG); 500 dsl_pool_rele(dp, FTAG); 501 return (error); 502 } 503 504 /* 505 * Policy for setting the security label property. 506 * 507 * Returns 0 for success, non-zero for access and other errors. 508 */ 509 static int 510 zfs_set_slabel_policy(const char *name, const char *strval, cred_t *cr) 511 { 512 #ifdef HAVE_MLSLABEL 513 char ds_hexsl[MAXNAMELEN]; 514 bslabel_t ds_sl, new_sl; 515 boolean_t new_default = FALSE; 516 uint64_t zoned; 517 int needed_priv = -1; 518 int error; 519 520 /* First get the existing dataset label. */ 521 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL), 522 1, sizeof (ds_hexsl), &ds_hexsl, NULL); 523 if (error != 0) 524 return (SET_ERROR(EPERM)); 525 526 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0) 527 new_default = TRUE; 528 529 /* The label must be translatable */ 530 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0)) 531 return (SET_ERROR(EINVAL)); 532 533 /* 534 * In a non-global zone, disallow attempts to set a label that 535 * doesn't match that of the zone; otherwise no other checks 536 * are needed. 537 */ 538 if (!INGLOBALZONE(curproc)) { 539 if (new_default || !blequal(&new_sl, CR_SL(CRED()))) 540 return (SET_ERROR(EPERM)); 541 return (0); 542 } 543 544 /* 545 * For global-zone datasets (i.e., those whose zoned property is 546 * "off", verify that the specified new label is valid for the 547 * global zone. 548 */ 549 if (dsl_prop_get_integer(name, 550 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL)) 551 return (SET_ERROR(EPERM)); 552 if (!zoned) { 553 if (zfs_check_global_label(name, strval) != 0) 554 return (SET_ERROR(EPERM)); 555 } 556 557 /* 558 * If the existing dataset label is nondefault, check if the 559 * dataset is mounted (label cannot be changed while mounted). 560 * Get the zfsvfs_t; if there isn't one, then the dataset isn't 561 * mounted (or isn't a dataset, doesn't exist, ...). 562 */ 563 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) { 564 objset_t *os; 565 static const char *setsl_tag = "setsl_tag"; 566 567 /* 568 * Try to own the dataset; abort if there is any error, 569 * (e.g., already mounted, in use, or other error). 570 */ 571 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE, B_TRUE, 572 setsl_tag, &os); 573 if (error != 0) 574 return (SET_ERROR(EPERM)); 575 576 dmu_objset_disown(os, B_TRUE, setsl_tag); 577 578 if (new_default) { 579 needed_priv = PRIV_FILE_DOWNGRADE_SL; 580 goto out_check; 581 } 582 583 if (hexstr_to_label(strval, &new_sl) != 0) 584 return (SET_ERROR(EPERM)); 585 586 if (blstrictdom(&ds_sl, &new_sl)) 587 needed_priv = PRIV_FILE_DOWNGRADE_SL; 588 else if (blstrictdom(&new_sl, &ds_sl)) 589 needed_priv = PRIV_FILE_UPGRADE_SL; 590 } else { 591 /* dataset currently has a default label */ 592 if (!new_default) 593 needed_priv = PRIV_FILE_UPGRADE_SL; 594 } 595 596 out_check: 597 if (needed_priv != -1) 598 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL)); 599 return (0); 600 #else 601 return (SET_ERROR(ENOTSUP)); 602 #endif /* HAVE_MLSLABEL */ 603 } 604 605 static int 606 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval, 607 cred_t *cr) 608 { 609 const char *strval; 610 611 /* 612 * Check permissions for special properties. 613 */ 614 switch (prop) { 615 default: 616 break; 617 case ZFS_PROP_ZONED: 618 /* 619 * Disallow setting of 'zoned' from within a local zone. 620 */ 621 if (!INGLOBALZONE(curproc)) 622 return (SET_ERROR(EPERM)); 623 break; 624 625 case ZFS_PROP_QUOTA: 626 case ZFS_PROP_FILESYSTEM_LIMIT: 627 case ZFS_PROP_SNAPSHOT_LIMIT: 628 if (!INGLOBALZONE(curproc)) { 629 uint64_t zoned; 630 char setpoint[ZFS_MAX_DATASET_NAME_LEN]; 631 /* 632 * Unprivileged users are allowed to modify the 633 * limit on things *under* (ie. contained by) 634 * the thing they own. 635 */ 636 if (dsl_prop_get_integer(dsname, 637 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, setpoint)) 638 return (SET_ERROR(EPERM)); 639 if (!zoned || strlen(dsname) <= strlen(setpoint)) 640 return (SET_ERROR(EPERM)); 641 } 642 break; 643 644 case ZFS_PROP_MLSLABEL: 645 if (!is_system_labeled()) 646 return (SET_ERROR(EPERM)); 647 648 if (nvpair_value_string(propval, &strval) == 0) { 649 int err; 650 651 err = zfs_set_slabel_policy(dsname, strval, CRED()); 652 if (err != 0) 653 return (err); 654 } 655 break; 656 } 657 658 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr)); 659 } 660 661 static int 662 zfs_secpolicy_set_fsacl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 663 { 664 /* 665 * permission to set permissions will be evaluated later in 666 * dsl_deleg_can_allow() 667 */ 668 (void) innvl; 669 return (zfs_dozonecheck(zc->zc_name, cr)); 670 } 671 672 static int 673 zfs_secpolicy_rollback(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 674 { 675 (void) innvl; 676 return (zfs_secpolicy_write_perms(zc->zc_name, 677 ZFS_DELEG_PERM_ROLLBACK, cr)); 678 } 679 680 static int 681 zfs_secpolicy_send(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 682 { 683 (void) innvl; 684 dsl_pool_t *dp; 685 dsl_dataset_t *ds; 686 const char *cp; 687 int error; 688 boolean_t rawok = (zc->zc_flags & 0x8); 689 690 /* 691 * Generate the current snapshot name from the given objsetid, then 692 * use that name for the secpolicy/zone checks. 693 */ 694 cp = strchr(zc->zc_name, '@'); 695 if (cp == NULL) 696 return (SET_ERROR(EINVAL)); 697 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 698 if (error != 0) 699 return (error); 700 701 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds); 702 if (error != 0) { 703 dsl_pool_rele(dp, FTAG); 704 return (error); 705 } 706 707 dsl_dataset_name(ds, zc->zc_name); 708 709 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds, 710 ZFS_DELEG_PERM_SEND, cr); 711 if (error != 0 && rawok == B_TRUE) { 712 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds, 713 ZFS_DELEG_PERM_SEND_RAW, cr); 714 } 715 dsl_dataset_rele(ds, FTAG); 716 dsl_pool_rele(dp, FTAG); 717 718 return (error); 719 } 720 721 static int 722 zfs_secpolicy_send_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 723 { 724 boolean_t rawok = nvlist_exists(innvl, "rawok"); 725 int error; 726 727 (void) innvl; 728 error = zfs_secpolicy_write_perms(zc->zc_name, 729 ZFS_DELEG_PERM_SEND, cr); 730 if (error != 0 && rawok == B_TRUE) { 731 error = zfs_secpolicy_write_perms(zc->zc_name, 732 ZFS_DELEG_PERM_SEND_RAW, cr); 733 } 734 return (error); 735 } 736 737 static int 738 zfs_secpolicy_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 739 { 740 (void) zc, (void) innvl, (void) cr; 741 return (SET_ERROR(ENOTSUP)); 742 } 743 744 static int 745 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 746 { 747 (void) zc, (void) innvl, (void) cr; 748 return (SET_ERROR(ENOTSUP)); 749 } 750 751 static int 752 zfs_get_parent(const char *datasetname, char *parent, int parentsize) 753 { 754 char *cp; 755 756 /* 757 * Remove the @bla or /bla from the end of the name to get the parent. 758 */ 759 (void) strlcpy(parent, datasetname, parentsize); 760 cp = strrchr(parent, '@'); 761 if (cp != NULL) { 762 cp[0] = '\0'; 763 } else { 764 cp = strrchr(parent, '/'); 765 if (cp == NULL) 766 return (SET_ERROR(ENOENT)); 767 cp[0] = '\0'; 768 } 769 770 return (0); 771 } 772 773 int 774 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr) 775 { 776 int error; 777 778 if ((error = zfs_secpolicy_write_perms(name, 779 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 780 return (error); 781 782 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr)); 783 } 784 785 static int 786 zfs_secpolicy_destroy(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 787 { 788 (void) innvl; 789 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr)); 790 } 791 792 /* 793 * Destroying snapshots with delegated permissions requires 794 * descendant mount and destroy permissions. 795 */ 796 static int 797 zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 798 { 799 (void) zc; 800 nvlist_t *snaps; 801 nvpair_t *pair, *nextpair; 802 int error = 0; 803 804 snaps = fnvlist_lookup_nvlist(innvl, "snaps"); 805 806 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 807 pair = nextpair) { 808 nextpair = nvlist_next_nvpair(snaps, pair); 809 error = zfs_secpolicy_destroy_perms(nvpair_name(pair), cr); 810 if (error == ENOENT) { 811 /* 812 * Ignore any snapshots that don't exist (we consider 813 * them "already destroyed"). Remove the name from the 814 * nvl here in case the snapshot is created between 815 * now and when we try to destroy it (in which case 816 * we don't want to destroy it since we haven't 817 * checked for permission). 818 */ 819 fnvlist_remove_nvpair(snaps, pair); 820 error = 0; 821 } 822 if (error != 0) 823 break; 824 } 825 826 return (error); 827 } 828 829 int 830 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr) 831 { 832 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 833 int error; 834 835 if ((error = zfs_secpolicy_write_perms(from, 836 ZFS_DELEG_PERM_RENAME, cr)) != 0) 837 return (error); 838 839 if ((error = zfs_secpolicy_write_perms(from, 840 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 841 return (error); 842 843 if ((error = zfs_get_parent(to, parentname, 844 sizeof (parentname))) != 0) 845 return (error); 846 847 if ((error = zfs_secpolicy_write_perms(parentname, 848 ZFS_DELEG_PERM_CREATE, cr)) != 0) 849 return (error); 850 851 if ((error = zfs_secpolicy_write_perms(parentname, 852 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 853 return (error); 854 855 return (error); 856 } 857 858 static int 859 zfs_secpolicy_rename(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 860 { 861 (void) innvl; 862 return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr)); 863 } 864 865 static int 866 zfs_secpolicy_promote(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 867 { 868 (void) innvl; 869 dsl_pool_t *dp; 870 dsl_dataset_t *clone; 871 int error; 872 873 error = zfs_secpolicy_write_perms(zc->zc_name, 874 ZFS_DELEG_PERM_PROMOTE, cr); 875 if (error != 0) 876 return (error); 877 878 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 879 if (error != 0) 880 return (error); 881 882 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &clone); 883 884 if (error == 0) { 885 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 886 dsl_dataset_t *origin = NULL; 887 dsl_dir_t *dd; 888 dd = clone->ds_dir; 889 890 error = dsl_dataset_hold_obj(dd->dd_pool, 891 dsl_dir_phys(dd)->dd_origin_obj, FTAG, &origin); 892 if (error != 0) { 893 dsl_dataset_rele(clone, FTAG); 894 dsl_pool_rele(dp, FTAG); 895 return (error); 896 } 897 898 error = zfs_secpolicy_write_perms_ds(zc->zc_name, clone, 899 ZFS_DELEG_PERM_MOUNT, cr); 900 901 dsl_dataset_name(origin, parentname); 902 if (error == 0) { 903 error = zfs_secpolicy_write_perms_ds(parentname, origin, 904 ZFS_DELEG_PERM_PROMOTE, cr); 905 } 906 dsl_dataset_rele(clone, FTAG); 907 dsl_dataset_rele(origin, FTAG); 908 } 909 dsl_pool_rele(dp, FTAG); 910 return (error); 911 } 912 913 static int 914 zfs_secpolicy_recv(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 915 { 916 (void) innvl; 917 int error; 918 919 /* 920 * zfs receive -F requires full receive permission, 921 * otherwise receive:append permission is enough 922 */ 923 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 924 ZFS_DELEG_PERM_RECEIVE, cr)) != 0) { 925 if (zc->zc_guid || nvlist_exists(innvl, "force")) 926 return (error); 927 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 928 ZFS_DELEG_PERM_RECEIVE_APPEND, cr)) != 0) 929 return (error); 930 } 931 932 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 933 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 934 return (error); 935 936 return (zfs_secpolicy_write_perms(zc->zc_name, 937 ZFS_DELEG_PERM_CREATE, cr)); 938 } 939 940 int 941 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr) 942 { 943 return (zfs_secpolicy_write_perms(name, 944 ZFS_DELEG_PERM_SNAPSHOT, cr)); 945 } 946 947 /* 948 * Check for permission to create each snapshot in the nvlist. 949 */ 950 static int 951 zfs_secpolicy_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 952 { 953 (void) zc; 954 nvlist_t *snaps; 955 int error = 0; 956 nvpair_t *pair; 957 958 snaps = fnvlist_lookup_nvlist(innvl, "snaps"); 959 960 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 961 pair = nvlist_next_nvpair(snaps, pair)) { 962 char *name = (char *)nvpair_name(pair); 963 char *atp = strchr(name, '@'); 964 965 if (atp == NULL) { 966 error = SET_ERROR(EINVAL); 967 break; 968 } 969 *atp = '\0'; 970 error = zfs_secpolicy_snapshot_perms(name, cr); 971 *atp = '@'; 972 if (error != 0) 973 break; 974 } 975 return (error); 976 } 977 978 /* 979 * Check for permission to create each bookmark in the nvlist. 980 */ 981 static int 982 zfs_secpolicy_bookmark(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 983 { 984 (void) zc; 985 int error = 0; 986 987 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL); 988 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) { 989 char *name = (char *)nvpair_name(pair); 990 char *hashp = strchr(name, '#'); 991 992 if (hashp == NULL) { 993 error = SET_ERROR(EINVAL); 994 break; 995 } 996 *hashp = '\0'; 997 error = zfs_secpolicy_write_perms(name, 998 ZFS_DELEG_PERM_BOOKMARK, cr); 999 *hashp = '#'; 1000 if (error != 0) 1001 break; 1002 } 1003 return (error); 1004 } 1005 1006 static int 1007 zfs_secpolicy_destroy_bookmarks(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1008 { 1009 (void) zc; 1010 nvpair_t *pair, *nextpair; 1011 int error = 0; 1012 1013 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL; 1014 pair = nextpair) { 1015 char *name = (char *)nvpair_name(pair); 1016 char *hashp = strchr(name, '#'); 1017 nextpair = nvlist_next_nvpair(innvl, pair); 1018 1019 if (hashp == NULL) { 1020 error = SET_ERROR(EINVAL); 1021 break; 1022 } 1023 1024 *hashp = '\0'; 1025 error = zfs_secpolicy_write_perms(name, 1026 ZFS_DELEG_PERM_DESTROY, cr); 1027 *hashp = '#'; 1028 if (error == ENOENT) { 1029 /* 1030 * Ignore any filesystems that don't exist (we consider 1031 * their bookmarks "already destroyed"). Remove 1032 * the name from the nvl here in case the filesystem 1033 * is created between now and when we try to destroy 1034 * the bookmark (in which case we don't want to 1035 * destroy it since we haven't checked for permission). 1036 */ 1037 fnvlist_remove_nvpair(innvl, pair); 1038 error = 0; 1039 } 1040 if (error != 0) 1041 break; 1042 } 1043 1044 return (error); 1045 } 1046 1047 static int 1048 zfs_secpolicy_log_history(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1049 { 1050 (void) zc, (void) innvl, (void) cr; 1051 /* 1052 * Even root must have a proper TSD so that we know what pool 1053 * to log to. 1054 */ 1055 if (tsd_get(zfs_allow_log_key) == NULL) 1056 return (SET_ERROR(EPERM)); 1057 return (0); 1058 } 1059 1060 static int 1061 zfs_secpolicy_create_clone(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1062 { 1063 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 1064 int error; 1065 const char *origin; 1066 1067 if ((error = zfs_get_parent(zc->zc_name, parentname, 1068 sizeof (parentname))) != 0) 1069 return (error); 1070 1071 if (nvlist_lookup_string(innvl, "origin", &origin) == 0 && 1072 (error = zfs_secpolicy_write_perms(origin, 1073 ZFS_DELEG_PERM_CLONE, cr)) != 0) 1074 return (error); 1075 1076 if ((error = zfs_secpolicy_write_perms(parentname, 1077 ZFS_DELEG_PERM_CREATE, cr)) != 0) 1078 return (error); 1079 1080 return (zfs_secpolicy_write_perms(parentname, 1081 ZFS_DELEG_PERM_MOUNT, cr)); 1082 } 1083 1084 /* 1085 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires 1086 * SYS_CONFIG privilege, which is not available in a local zone. 1087 */ 1088 int 1089 zfs_secpolicy_config(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1090 { 1091 (void) zc, (void) innvl; 1092 1093 if (secpolicy_sys_config(cr, B_FALSE) != 0) 1094 return (SET_ERROR(EPERM)); 1095 1096 return (0); 1097 } 1098 1099 /* 1100 * Policy for object to name lookups. 1101 */ 1102 static int 1103 zfs_secpolicy_diff(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1104 { 1105 (void) innvl; 1106 int error; 1107 1108 if (secpolicy_sys_config(cr, B_FALSE) == 0) 1109 return (0); 1110 1111 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr); 1112 return (error); 1113 } 1114 1115 /* 1116 * Policy for fault injection. Requires all privileges. 1117 */ 1118 static int 1119 zfs_secpolicy_inject(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1120 { 1121 (void) zc, (void) innvl; 1122 return (secpolicy_zinject(cr)); 1123 } 1124 1125 static int 1126 zfs_secpolicy_inherit_prop(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1127 { 1128 (void) innvl; 1129 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value); 1130 1131 if (prop == ZPROP_USERPROP) { 1132 if (!zfs_prop_user(zc->zc_value)) 1133 return (SET_ERROR(EINVAL)); 1134 return (zfs_secpolicy_write_perms(zc->zc_name, 1135 ZFS_DELEG_PERM_USERPROP, cr)); 1136 } else { 1137 return (zfs_secpolicy_setprop(zc->zc_name, prop, 1138 NULL, cr)); 1139 } 1140 } 1141 1142 static int 1143 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1144 { 1145 int err = zfs_secpolicy_read(zc, innvl, cr); 1146 if (err) 1147 return (err); 1148 1149 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 1150 return (SET_ERROR(EINVAL)); 1151 1152 if (zc->zc_value[0] == 0) { 1153 /* 1154 * They are asking about a posix uid/gid. If it's 1155 * themself, allow it. 1156 */ 1157 if (zc->zc_objset_type == ZFS_PROP_USERUSED || 1158 zc->zc_objset_type == ZFS_PROP_USERQUOTA || 1159 zc->zc_objset_type == ZFS_PROP_USEROBJUSED || 1160 zc->zc_objset_type == ZFS_PROP_USEROBJQUOTA) { 1161 if (zc->zc_guid == crgetuid(cr)) 1162 return (0); 1163 } else if (zc->zc_objset_type == ZFS_PROP_GROUPUSED || 1164 zc->zc_objset_type == ZFS_PROP_GROUPQUOTA || 1165 zc->zc_objset_type == ZFS_PROP_GROUPOBJUSED || 1166 zc->zc_objset_type == ZFS_PROP_GROUPOBJQUOTA) { 1167 if (groupmember(zc->zc_guid, cr)) 1168 return (0); 1169 } 1170 /* else is for project quota/used */ 1171 } 1172 1173 return (zfs_secpolicy_write_perms(zc->zc_name, 1174 userquota_perms[zc->zc_objset_type], cr)); 1175 } 1176 1177 static int 1178 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1179 { 1180 int err = zfs_secpolicy_read(zc, innvl, cr); 1181 if (err) 1182 return (err); 1183 1184 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 1185 return (SET_ERROR(EINVAL)); 1186 1187 return (zfs_secpolicy_write_perms(zc->zc_name, 1188 userquota_perms[zc->zc_objset_type], cr)); 1189 } 1190 1191 static int 1192 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1193 { 1194 (void) innvl; 1195 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION, 1196 NULL, cr)); 1197 } 1198 1199 static int 1200 zfs_secpolicy_hold(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1201 { 1202 (void) zc; 1203 nvpair_t *pair; 1204 nvlist_t *holds; 1205 int error; 1206 1207 holds = fnvlist_lookup_nvlist(innvl, "holds"); 1208 1209 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL; 1210 pair = nvlist_next_nvpair(holds, pair)) { 1211 char fsname[ZFS_MAX_DATASET_NAME_LEN]; 1212 error = dmu_fsname(nvpair_name(pair), fsname); 1213 if (error != 0) 1214 return (error); 1215 error = zfs_secpolicy_write_perms(fsname, 1216 ZFS_DELEG_PERM_HOLD, cr); 1217 if (error != 0) 1218 return (error); 1219 } 1220 return (0); 1221 } 1222 1223 static int 1224 zfs_secpolicy_release(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1225 { 1226 (void) zc; 1227 nvpair_t *pair; 1228 int error; 1229 1230 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL; 1231 pair = nvlist_next_nvpair(innvl, pair)) { 1232 char fsname[ZFS_MAX_DATASET_NAME_LEN]; 1233 error = dmu_fsname(nvpair_name(pair), fsname); 1234 if (error != 0) 1235 return (error); 1236 error = zfs_secpolicy_write_perms(fsname, 1237 ZFS_DELEG_PERM_RELEASE, cr); 1238 if (error != 0) 1239 return (error); 1240 } 1241 return (0); 1242 } 1243 1244 /* 1245 * Policy for allowing temporary snapshots to be taken or released 1246 */ 1247 static int 1248 zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1249 { 1250 /* 1251 * A temporary snapshot is the same as a snapshot, 1252 * hold, destroy and release all rolled into one. 1253 * Delegated diff alone is sufficient that we allow this. 1254 */ 1255 int error; 1256 1257 if (zfs_secpolicy_write_perms(zc->zc_name, 1258 ZFS_DELEG_PERM_DIFF, cr) == 0) 1259 return (0); 1260 1261 error = zfs_secpolicy_snapshot_perms(zc->zc_name, cr); 1262 1263 if (innvl != NULL) { 1264 if (error == 0) 1265 error = zfs_secpolicy_hold(zc, innvl, cr); 1266 if (error == 0) 1267 error = zfs_secpolicy_release(zc, innvl, cr); 1268 if (error == 0) 1269 error = zfs_secpolicy_destroy(zc, innvl, cr); 1270 } 1271 return (error); 1272 } 1273 1274 static int 1275 zfs_secpolicy_load_key(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1276 { 1277 return (zfs_secpolicy_write_perms(zc->zc_name, 1278 ZFS_DELEG_PERM_LOAD_KEY, cr)); 1279 } 1280 1281 static int 1282 zfs_secpolicy_change_key(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1283 { 1284 return (zfs_secpolicy_write_perms(zc->zc_name, 1285 ZFS_DELEG_PERM_CHANGE_KEY, cr)); 1286 } 1287 1288 /* 1289 * Returns the nvlist as specified by the user in the zfs_cmd_t. 1290 */ 1291 static int 1292 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp) 1293 { 1294 char *packed; 1295 int error; 1296 nvlist_t *list = NULL; 1297 1298 /* 1299 * Read in and unpack the user-supplied nvlist. 1300 */ 1301 if (size == 0) 1302 return (SET_ERROR(EINVAL)); 1303 1304 packed = vmem_alloc(size, KM_SLEEP); 1305 1306 if (ddi_copyin((void *)(uintptr_t)nvl, packed, size, iflag) != 0) { 1307 vmem_free(packed, size); 1308 return (SET_ERROR(EFAULT)); 1309 } 1310 1311 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) { 1312 vmem_free(packed, size); 1313 return (error); 1314 } 1315 1316 vmem_free(packed, size); 1317 1318 *nvp = list; 1319 return (0); 1320 } 1321 1322 /* 1323 * Reduce the size of this nvlist until it can be serialized in 'max' bytes. 1324 * Entries will be removed from the end of the nvlist, and one int32 entry 1325 * named "N_MORE_ERRORS" will be added indicating how many entries were 1326 * removed. 1327 */ 1328 static int 1329 nvlist_smush(nvlist_t *errors, size_t max) 1330 { 1331 size_t size; 1332 1333 size = fnvlist_size(errors); 1334 1335 if (size > max) { 1336 nvpair_t *more_errors; 1337 int n = 0; 1338 1339 if (max < 1024) 1340 return (SET_ERROR(ENOMEM)); 1341 1342 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, 0); 1343 more_errors = nvlist_prev_nvpair(errors, NULL); 1344 1345 do { 1346 nvpair_t *pair = nvlist_prev_nvpair(errors, 1347 more_errors); 1348 fnvlist_remove_nvpair(errors, pair); 1349 n++; 1350 size = fnvlist_size(errors); 1351 } while (size > max); 1352 1353 fnvlist_remove_nvpair(errors, more_errors); 1354 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, n); 1355 ASSERT3U(fnvlist_size(errors), <=, max); 1356 } 1357 1358 return (0); 1359 } 1360 1361 static int 1362 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl) 1363 { 1364 char *packed = NULL; 1365 int error = 0; 1366 size_t size; 1367 1368 size = fnvlist_size(nvl); 1369 1370 if (size > zc->zc_nvlist_dst_size) { 1371 error = SET_ERROR(ENOMEM); 1372 } else { 1373 packed = fnvlist_pack(nvl, &size); 1374 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst, 1375 size, zc->zc_iflags) != 0) 1376 error = SET_ERROR(EFAULT); 1377 fnvlist_pack_free(packed, size); 1378 } 1379 1380 zc->zc_nvlist_dst_size = size; 1381 zc->zc_nvlist_dst_filled = B_TRUE; 1382 return (error); 1383 } 1384 1385 int 1386 getzfsvfs_impl(objset_t *os, zfsvfs_t **zfvp) 1387 { 1388 int error = 0; 1389 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1390 return (SET_ERROR(EINVAL)); 1391 } 1392 1393 mutex_enter(&os->os_user_ptr_lock); 1394 *zfvp = dmu_objset_get_user(os); 1395 /* bump s_active only when non-zero to prevent umount race */ 1396 error = zfs_vfs_ref(zfvp); 1397 mutex_exit(&os->os_user_ptr_lock); 1398 return (error); 1399 } 1400 1401 int 1402 getzfsvfs(const char *dsname, zfsvfs_t **zfvp) 1403 { 1404 objset_t *os; 1405 int error; 1406 1407 error = dmu_objset_hold(dsname, FTAG, &os); 1408 if (error != 0) 1409 return (error); 1410 1411 error = getzfsvfs_impl(os, zfvp); 1412 dmu_objset_rele(os, FTAG); 1413 return (error); 1414 } 1415 1416 /* 1417 * Find a zfsvfs_t for a mounted filesystem, or create our own, in which 1418 * case its z_sb will be NULL, and it will be opened as the owner. 1419 * If 'writer' is set, the z_teardown_lock will be held for RW_WRITER, 1420 * which prevents all inode ops from running. 1421 */ 1422 static int 1423 zfsvfs_hold(const char *name, const void *tag, zfsvfs_t **zfvp, 1424 boolean_t writer) 1425 { 1426 int error = 0; 1427 1428 if (getzfsvfs(name, zfvp) != 0) 1429 error = zfsvfs_create(name, B_FALSE, zfvp); 1430 if (error == 0) { 1431 if (writer) 1432 ZFS_TEARDOWN_ENTER_WRITE(*zfvp, tag); 1433 else 1434 ZFS_TEARDOWN_ENTER_READ(*zfvp, tag); 1435 if ((*zfvp)->z_unmounted) { 1436 /* 1437 * XXX we could probably try again, since the unmounting 1438 * thread should be just about to disassociate the 1439 * objset from the zfsvfs. 1440 */ 1441 ZFS_TEARDOWN_EXIT(*zfvp, tag); 1442 return (SET_ERROR(EBUSY)); 1443 } 1444 } 1445 return (error); 1446 } 1447 1448 static void 1449 zfsvfs_rele(zfsvfs_t *zfsvfs, const void *tag) 1450 { 1451 ZFS_TEARDOWN_EXIT(zfsvfs, tag); 1452 1453 if (zfs_vfs_held(zfsvfs)) { 1454 zfs_vfs_rele(zfsvfs); 1455 } else { 1456 dmu_objset_disown(zfsvfs->z_os, B_TRUE, zfsvfs); 1457 zfsvfs_free(zfsvfs); 1458 } 1459 } 1460 1461 static int 1462 zfs_ioc_pool_create(zfs_cmd_t *zc) 1463 { 1464 int error; 1465 nvlist_t *config, *props = NULL; 1466 nvlist_t *rootprops = NULL; 1467 nvlist_t *zplprops = NULL; 1468 dsl_crypto_params_t *dcp = NULL; 1469 const char *spa_name = zc->zc_name; 1470 boolean_t unload_wkey = B_TRUE; 1471 1472 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1473 zc->zc_iflags, &config))) 1474 return (error); 1475 1476 if (zc->zc_nvlist_src_size != 0 && (error = 1477 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1478 zc->zc_iflags, &props))) { 1479 nvlist_free(config); 1480 return (error); 1481 } 1482 1483 if (props) { 1484 nvlist_t *nvl = NULL; 1485 nvlist_t *hidden_args = NULL; 1486 uint64_t version = SPA_VERSION; 1487 const char *tname; 1488 1489 (void) nvlist_lookup_uint64(props, 1490 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version); 1491 if (!SPA_VERSION_IS_SUPPORTED(version)) { 1492 error = SET_ERROR(EINVAL); 1493 goto pool_props_bad; 1494 } 1495 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl); 1496 if (nvl) { 1497 error = nvlist_dup(nvl, &rootprops, KM_SLEEP); 1498 if (error != 0) 1499 goto pool_props_bad; 1500 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS); 1501 } 1502 1503 (void) nvlist_lookup_nvlist(props, ZPOOL_HIDDEN_ARGS, 1504 &hidden_args); 1505 error = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, 1506 rootprops, hidden_args, &dcp); 1507 if (error != 0) 1508 goto pool_props_bad; 1509 (void) nvlist_remove_all(props, ZPOOL_HIDDEN_ARGS); 1510 1511 VERIFY0(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP)); 1512 error = zfs_fill_zplprops_root(version, rootprops, 1513 zplprops, NULL); 1514 if (error != 0) 1515 goto pool_props_bad; 1516 1517 if (nvlist_lookup_string(props, 1518 zpool_prop_to_name(ZPOOL_PROP_TNAME), &tname) == 0) 1519 spa_name = tname; 1520 } 1521 1522 error = spa_create(zc->zc_name, config, props, zplprops, dcp); 1523 1524 /* 1525 * Set the remaining root properties 1526 */ 1527 if (!error && (error = zfs_set_prop_nvlist(spa_name, 1528 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0) { 1529 (void) spa_destroy(spa_name); 1530 unload_wkey = B_FALSE; /* spa_destroy() unloads wrapping keys */ 1531 } 1532 1533 pool_props_bad: 1534 nvlist_free(rootprops); 1535 nvlist_free(zplprops); 1536 nvlist_free(config); 1537 nvlist_free(props); 1538 dsl_crypto_params_free(dcp, unload_wkey && !!error); 1539 1540 return (error); 1541 } 1542 1543 static int 1544 zfs_ioc_pool_destroy(zfs_cmd_t *zc) 1545 { 1546 int error; 1547 zfs_log_history(zc); 1548 error = spa_destroy(zc->zc_name); 1549 1550 return (error); 1551 } 1552 1553 static int 1554 zfs_ioc_pool_import(zfs_cmd_t *zc) 1555 { 1556 nvlist_t *config, *props = NULL; 1557 uint64_t guid; 1558 int error; 1559 1560 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1561 zc->zc_iflags, &config)) != 0) 1562 return (error); 1563 1564 if (zc->zc_nvlist_src_size != 0 && (error = 1565 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1566 zc->zc_iflags, &props))) { 1567 nvlist_free(config); 1568 return (error); 1569 } 1570 1571 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 || 1572 guid != zc->zc_guid) 1573 error = SET_ERROR(EINVAL); 1574 else 1575 error = spa_import(zc->zc_name, config, props, zc->zc_cookie); 1576 1577 if (zc->zc_nvlist_dst != 0) { 1578 int err; 1579 1580 if ((err = put_nvlist(zc, config)) != 0) 1581 error = err; 1582 } 1583 1584 nvlist_free(config); 1585 nvlist_free(props); 1586 1587 return (error); 1588 } 1589 1590 static int 1591 zfs_ioc_pool_export(zfs_cmd_t *zc) 1592 { 1593 int error; 1594 boolean_t force = (boolean_t)zc->zc_cookie; 1595 boolean_t hardforce = (boolean_t)zc->zc_guid; 1596 1597 zfs_log_history(zc); 1598 error = spa_export(zc->zc_name, NULL, force, hardforce); 1599 1600 return (error); 1601 } 1602 1603 static int 1604 zfs_ioc_pool_configs(zfs_cmd_t *zc) 1605 { 1606 nvlist_t *configs; 1607 int error; 1608 1609 error = spa_all_configs(&zc->zc_cookie, &configs); 1610 if (error) 1611 return (error); 1612 1613 error = put_nvlist(zc, configs); 1614 1615 nvlist_free(configs); 1616 1617 return (error); 1618 } 1619 1620 /* 1621 * inputs: 1622 * zc_name name of the pool 1623 * 1624 * outputs: 1625 * zc_cookie real errno 1626 * zc_nvlist_dst config nvlist 1627 * zc_nvlist_dst_size size of config nvlist 1628 */ 1629 static int 1630 zfs_ioc_pool_stats(zfs_cmd_t *zc) 1631 { 1632 nvlist_t *config; 1633 int error; 1634 int ret = 0; 1635 1636 error = spa_get_stats(zc->zc_name, &config, zc->zc_value, 1637 sizeof (zc->zc_value)); 1638 1639 if (config != NULL) { 1640 ret = put_nvlist(zc, config); 1641 nvlist_free(config); 1642 1643 /* 1644 * The config may be present even if 'error' is non-zero. 1645 * In this case we return success, and preserve the real errno 1646 * in 'zc_cookie'. 1647 */ 1648 zc->zc_cookie = error; 1649 } else { 1650 ret = error; 1651 } 1652 1653 return (ret); 1654 } 1655 1656 /* 1657 * Try to import the given pool, returning pool stats as appropriate so that 1658 * user land knows which devices are available and overall pool health. 1659 */ 1660 static int 1661 zfs_ioc_pool_tryimport(zfs_cmd_t *zc) 1662 { 1663 nvlist_t *tryconfig, *config = NULL; 1664 int error; 1665 1666 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1667 zc->zc_iflags, &tryconfig)) != 0) 1668 return (error); 1669 1670 config = spa_tryimport(tryconfig); 1671 1672 nvlist_free(tryconfig); 1673 1674 if (config == NULL) 1675 return (SET_ERROR(EINVAL)); 1676 1677 error = put_nvlist(zc, config); 1678 nvlist_free(config); 1679 1680 return (error); 1681 } 1682 1683 /* 1684 * inputs: 1685 * zc_name name of the pool 1686 * zc_cookie scan func (pool_scan_func_t) 1687 * zc_flags scrub pause/resume flag (pool_scrub_cmd_t) 1688 */ 1689 static int 1690 zfs_ioc_pool_scan(zfs_cmd_t *zc) 1691 { 1692 spa_t *spa; 1693 int error; 1694 1695 if (zc->zc_flags >= POOL_SCRUB_FLAGS_END) 1696 return (SET_ERROR(EINVAL)); 1697 1698 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1699 return (error); 1700 1701 if (zc->zc_flags == POOL_SCRUB_PAUSE) 1702 error = spa_scrub_pause_resume(spa, POOL_SCRUB_PAUSE); 1703 else if (zc->zc_cookie == POOL_SCAN_NONE) 1704 error = spa_scan_stop(spa); 1705 else 1706 error = spa_scan(spa, zc->zc_cookie); 1707 1708 spa_close(spa, FTAG); 1709 1710 return (error); 1711 } 1712 1713 /* 1714 * inputs: 1715 * poolname name of the pool 1716 * scan_type scan func (pool_scan_func_t) 1717 * scan_command scrub pause/resume flag (pool_scrub_cmd_t) 1718 */ 1719 static const zfs_ioc_key_t zfs_keys_pool_scrub[] = { 1720 {"scan_type", DATA_TYPE_UINT64, 0}, 1721 {"scan_command", DATA_TYPE_UINT64, 0}, 1722 {"scan_date_start", DATA_TYPE_UINT64, ZK_OPTIONAL}, 1723 {"scan_date_end", DATA_TYPE_UINT64, ZK_OPTIONAL}, 1724 }; 1725 1726 static int 1727 zfs_ioc_pool_scrub(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 1728 { 1729 spa_t *spa; 1730 int error; 1731 uint64_t scan_type, scan_cmd; 1732 uint64_t date_start, date_end; 1733 1734 if (nvlist_lookup_uint64(innvl, "scan_type", &scan_type) != 0) 1735 return (SET_ERROR(EINVAL)); 1736 if (nvlist_lookup_uint64(innvl, "scan_command", &scan_cmd) != 0) 1737 return (SET_ERROR(EINVAL)); 1738 1739 if (scan_cmd >= POOL_SCRUB_FLAGS_END) 1740 return (SET_ERROR(EINVAL)); 1741 1742 if (nvlist_lookup_uint64(innvl, "scan_date_start", &date_start) != 0) 1743 date_start = 0; 1744 if (nvlist_lookup_uint64(innvl, "scan_date_end", &date_end) != 0) 1745 date_end = 0; 1746 1747 if ((error = spa_open(poolname, &spa, FTAG)) != 0) 1748 return (error); 1749 1750 if (scan_cmd == POOL_SCRUB_PAUSE) { 1751 error = spa_scrub_pause_resume(spa, POOL_SCRUB_PAUSE); 1752 } else if (scan_type == POOL_SCAN_NONE) { 1753 error = spa_scan_stop(spa); 1754 } else if (scan_cmd == POOL_SCRUB_FROM_LAST_TXG) { 1755 error = spa_scan_range(spa, scan_type, 1756 spa_get_last_scrubbed_txg(spa), 0); 1757 } else { 1758 uint64_t txg_start, txg_end; 1759 1760 txg_start = txg_end = 0; 1761 if (date_start != 0 || date_end != 0) { 1762 mutex_enter(&spa->spa_txg_log_time_lock); 1763 if (date_start != 0) { 1764 txg_start = dbrrd_query(&spa->spa_txg_log_time, 1765 date_start, DBRRD_FLOOR); 1766 } 1767 1768 if (date_end != 0) { 1769 txg_end = dbrrd_query(&spa->spa_txg_log_time, 1770 date_end, DBRRD_CEILING); 1771 } 1772 mutex_exit(&spa->spa_txg_log_time_lock); 1773 } 1774 1775 error = spa_scan_range(spa, scan_type, txg_start, txg_end); 1776 } 1777 1778 spa_close(spa, FTAG); 1779 return (error); 1780 } 1781 1782 static int 1783 zfs_ioc_pool_freeze(zfs_cmd_t *zc) 1784 { 1785 spa_t *spa; 1786 int error; 1787 1788 error = spa_open(zc->zc_name, &spa, FTAG); 1789 if (error == 0) { 1790 spa_freeze(spa); 1791 spa_close(spa, FTAG); 1792 } 1793 return (error); 1794 } 1795 1796 static int 1797 zfs_ioc_pool_upgrade(zfs_cmd_t *zc) 1798 { 1799 spa_t *spa; 1800 int error; 1801 1802 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1803 return (error); 1804 1805 if (zc->zc_cookie < spa_version(spa) || 1806 !SPA_VERSION_IS_SUPPORTED(zc->zc_cookie)) { 1807 spa_close(spa, FTAG); 1808 return (SET_ERROR(EINVAL)); 1809 } 1810 1811 spa_upgrade(spa, zc->zc_cookie); 1812 spa_close(spa, FTAG); 1813 1814 return (error); 1815 } 1816 1817 static int 1818 zfs_ioc_pool_get_history(zfs_cmd_t *zc) 1819 { 1820 spa_t *spa; 1821 char *hist_buf; 1822 uint64_t size; 1823 int error; 1824 1825 if ((size = zc->zc_history_len) == 0) 1826 return (SET_ERROR(EINVAL)); 1827 1828 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1829 return (error); 1830 1831 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) { 1832 spa_close(spa, FTAG); 1833 return (SET_ERROR(ENOTSUP)); 1834 } 1835 1836 hist_buf = vmem_alloc(size, KM_SLEEP); 1837 if ((error = spa_history_get(spa, &zc->zc_history_offset, 1838 &zc->zc_history_len, hist_buf)) == 0) { 1839 error = ddi_copyout(hist_buf, 1840 (void *)(uintptr_t)zc->zc_history, 1841 zc->zc_history_len, zc->zc_iflags); 1842 } 1843 1844 spa_close(spa, FTAG); 1845 vmem_free(hist_buf, size); 1846 return (error); 1847 } 1848 1849 /* 1850 * inputs: 1851 * zc_nvlist_src nvlist optionally containing ZPOOL_REGUID_GUID 1852 * zc_nvlist_src_size size of the nvlist 1853 */ 1854 static int 1855 zfs_ioc_pool_reguid(zfs_cmd_t *zc) 1856 { 1857 uint64_t *guidp = NULL; 1858 nvlist_t *props = NULL; 1859 spa_t *spa; 1860 uint64_t guid; 1861 int error; 1862 1863 if (zc->zc_nvlist_src_size != 0) { 1864 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1865 zc->zc_iflags, &props); 1866 if (error != 0) 1867 return (error); 1868 1869 error = nvlist_lookup_uint64(props, ZPOOL_REGUID_GUID, &guid); 1870 if (error == 0) 1871 guidp = &guid; 1872 else if (error == ENOENT) 1873 guidp = NULL; 1874 else 1875 goto out; 1876 } 1877 1878 error = spa_open(zc->zc_name, &spa, FTAG); 1879 if (error == 0) { 1880 error = spa_change_guid(spa, guidp); 1881 spa_close(spa, FTAG); 1882 } 1883 1884 out: 1885 if (props != NULL) 1886 nvlist_free(props); 1887 1888 return (error); 1889 } 1890 1891 static int 1892 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc) 1893 { 1894 return (dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value)); 1895 } 1896 1897 /* 1898 * inputs: 1899 * zc_name name of filesystem 1900 * zc_obj object to find 1901 * 1902 * outputs: 1903 * zc_value name of object 1904 */ 1905 static int 1906 zfs_ioc_obj_to_path(zfs_cmd_t *zc) 1907 { 1908 objset_t *os; 1909 int error; 1910 1911 /* XXX reading from objset not owned */ 1912 if ((error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, 1913 FTAG, &os)) != 0) 1914 return (error); 1915 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1916 dmu_objset_rele_flags(os, B_TRUE, FTAG); 1917 return (SET_ERROR(EINVAL)); 1918 } 1919 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value, 1920 sizeof (zc->zc_value)); 1921 dmu_objset_rele_flags(os, B_TRUE, FTAG); 1922 1923 return (error); 1924 } 1925 1926 /* 1927 * inputs: 1928 * zc_name name of filesystem 1929 * zc_obj object to find 1930 * 1931 * outputs: 1932 * zc_stat stats on object 1933 * zc_value path to object 1934 */ 1935 static int 1936 zfs_ioc_obj_to_stats(zfs_cmd_t *zc) 1937 { 1938 objset_t *os; 1939 int error; 1940 1941 /* XXX reading from objset not owned */ 1942 if ((error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, 1943 FTAG, &os)) != 0) 1944 return (error); 1945 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1946 dmu_objset_rele_flags(os, B_TRUE, FTAG); 1947 return (SET_ERROR(EINVAL)); 1948 } 1949 error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value, 1950 sizeof (zc->zc_value)); 1951 dmu_objset_rele_flags(os, B_TRUE, FTAG); 1952 1953 return (error); 1954 } 1955 1956 static int 1957 zfs_ioc_vdev_add(zfs_cmd_t *zc) 1958 { 1959 spa_t *spa; 1960 int error; 1961 nvlist_t *config; 1962 1963 error = spa_open(zc->zc_name, &spa, FTAG); 1964 if (error != 0) 1965 return (error); 1966 1967 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1968 zc->zc_iflags, &config); 1969 if (error == 0) { 1970 error = spa_vdev_add(spa, config, zc->zc_flags); 1971 nvlist_free(config); 1972 } 1973 spa_close(spa, FTAG); 1974 return (error); 1975 } 1976 1977 /* 1978 * inputs: 1979 * zc_name name of the pool 1980 * zc_guid guid of vdev to remove 1981 * zc_cookie cancel removal 1982 */ 1983 static int 1984 zfs_ioc_vdev_remove(zfs_cmd_t *zc) 1985 { 1986 spa_t *spa; 1987 int error; 1988 1989 error = spa_open(zc->zc_name, &spa, FTAG); 1990 if (error != 0) 1991 return (error); 1992 if (zc->zc_cookie != 0) { 1993 error = spa_vdev_remove_cancel(spa); 1994 } else { 1995 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE); 1996 } 1997 spa_close(spa, FTAG); 1998 return (error); 1999 } 2000 2001 static int 2002 zfs_ioc_vdev_set_state(zfs_cmd_t *zc) 2003 { 2004 spa_t *spa; 2005 int error; 2006 vdev_state_t newstate = VDEV_STATE_UNKNOWN; 2007 2008 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 2009 return (error); 2010 switch (zc->zc_cookie) { 2011 case VDEV_STATE_ONLINE: 2012 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate); 2013 break; 2014 2015 case VDEV_STATE_OFFLINE: 2016 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj); 2017 break; 2018 2019 case VDEV_STATE_FAULTED: 2020 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED && 2021 zc->zc_obj != VDEV_AUX_EXTERNAL && 2022 zc->zc_obj != VDEV_AUX_EXTERNAL_PERSIST) 2023 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED; 2024 2025 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj); 2026 break; 2027 2028 case VDEV_STATE_DEGRADED: 2029 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED && 2030 zc->zc_obj != VDEV_AUX_EXTERNAL) 2031 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED; 2032 2033 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj); 2034 break; 2035 2036 case VDEV_STATE_REMOVED: 2037 error = vdev_remove_wanted(spa, zc->zc_guid); 2038 break; 2039 2040 default: 2041 error = SET_ERROR(EINVAL); 2042 } 2043 zc->zc_cookie = newstate; 2044 spa_close(spa, FTAG); 2045 return (error); 2046 } 2047 2048 static int 2049 zfs_ioc_vdev_attach(zfs_cmd_t *zc) 2050 { 2051 spa_t *spa; 2052 nvlist_t *config; 2053 int replacing = zc->zc_cookie; 2054 int rebuild = zc->zc_simple; 2055 int error; 2056 2057 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 2058 return (error); 2059 2060 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 2061 zc->zc_iflags, &config)) == 0) { 2062 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing, 2063 rebuild); 2064 nvlist_free(config); 2065 } 2066 2067 spa_close(spa, FTAG); 2068 return (error); 2069 } 2070 2071 static int 2072 zfs_ioc_vdev_detach(zfs_cmd_t *zc) 2073 { 2074 spa_t *spa; 2075 int error; 2076 2077 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 2078 return (error); 2079 2080 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE); 2081 2082 spa_close(spa, FTAG); 2083 return (error); 2084 } 2085 2086 static int 2087 zfs_ioc_vdev_split(zfs_cmd_t *zc) 2088 { 2089 spa_t *spa; 2090 nvlist_t *config, *props = NULL; 2091 int error; 2092 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT); 2093 2094 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 2095 return (error); 2096 2097 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 2098 zc->zc_iflags, &config))) { 2099 spa_close(spa, FTAG); 2100 return (error); 2101 } 2102 2103 if (zc->zc_nvlist_src_size != 0 && (error = 2104 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2105 zc->zc_iflags, &props))) { 2106 spa_close(spa, FTAG); 2107 nvlist_free(config); 2108 return (error); 2109 } 2110 2111 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp); 2112 2113 spa_close(spa, FTAG); 2114 2115 nvlist_free(config); 2116 nvlist_free(props); 2117 2118 return (error); 2119 } 2120 2121 static int 2122 zfs_ioc_vdev_setpath(zfs_cmd_t *zc) 2123 { 2124 spa_t *spa; 2125 const char *path = zc->zc_value; 2126 uint64_t guid = zc->zc_guid; 2127 int error; 2128 2129 error = spa_open(zc->zc_name, &spa, FTAG); 2130 if (error != 0) 2131 return (error); 2132 2133 error = spa_vdev_setpath(spa, guid, path); 2134 spa_close(spa, FTAG); 2135 return (error); 2136 } 2137 2138 static int 2139 zfs_ioc_vdev_setfru(zfs_cmd_t *zc) 2140 { 2141 spa_t *spa; 2142 const char *fru = zc->zc_value; 2143 uint64_t guid = zc->zc_guid; 2144 int error; 2145 2146 error = spa_open(zc->zc_name, &spa, FTAG); 2147 if (error != 0) 2148 return (error); 2149 2150 error = spa_vdev_setfru(spa, guid, fru); 2151 spa_close(spa, FTAG); 2152 return (error); 2153 } 2154 2155 static int 2156 zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os) 2157 { 2158 int error = 0; 2159 nvlist_t *nv; 2160 2161 dmu_objset_fast_stat(os, &zc->zc_objset_stats); 2162 2163 if (!zc->zc_simple && zc->zc_nvlist_dst != 0 && 2164 (error = dsl_prop_get_all(os, &nv)) == 0) { 2165 dmu_objset_stats(os, nv); 2166 /* 2167 * NB: zvol_get_stats() will read the objset contents, 2168 * which we aren't supposed to do with a 2169 * DS_MODE_USER hold, because it could be 2170 * inconsistent. So this is a bit of a workaround... 2171 * XXX reading without owning 2172 */ 2173 if (!zc->zc_objset_stats.dds_inconsistent && 2174 dmu_objset_type(os) == DMU_OST_ZVOL) { 2175 error = zvol_get_stats(os, nv); 2176 if (error == EIO) { 2177 nvlist_free(nv); 2178 return (error); 2179 } 2180 VERIFY0(error); 2181 } 2182 if (error == 0) 2183 error = put_nvlist(zc, nv); 2184 nvlist_free(nv); 2185 } 2186 2187 return (error); 2188 } 2189 2190 /* 2191 * inputs: 2192 * zc_name name of filesystem 2193 * zc_nvlist_dst_size size of buffer for property nvlist 2194 * 2195 * outputs: 2196 * zc_objset_stats stats 2197 * zc_nvlist_dst property nvlist 2198 * zc_nvlist_dst_size size of property nvlist 2199 */ 2200 static int 2201 zfs_ioc_objset_stats(zfs_cmd_t *zc) 2202 { 2203 objset_t *os; 2204 int error; 2205 2206 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 2207 if (error == 0) { 2208 error = zfs_ioc_objset_stats_impl(zc, os); 2209 dmu_objset_rele(os, FTAG); 2210 } 2211 2212 return (error); 2213 } 2214 2215 /* 2216 * inputs: 2217 * zc_name name of filesystem 2218 * zc_nvlist_dst_size size of buffer for property nvlist 2219 * 2220 * outputs: 2221 * zc_nvlist_dst received property nvlist 2222 * zc_nvlist_dst_size size of received property nvlist 2223 * 2224 * Gets received properties (distinct from local properties on or after 2225 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from 2226 * local property values. 2227 */ 2228 static int 2229 zfs_ioc_objset_recvd_props(zfs_cmd_t *zc) 2230 { 2231 int error = 0; 2232 nvlist_t *nv; 2233 2234 /* 2235 * Without this check, we would return local property values if the 2236 * caller has not already received properties on or after 2237 * SPA_VERSION_RECVD_PROPS. 2238 */ 2239 if (!dsl_prop_get_hasrecvd(zc->zc_name)) 2240 return (SET_ERROR(ENOTSUP)); 2241 2242 if (zc->zc_nvlist_dst != 0 && 2243 (error = dsl_prop_get_received(zc->zc_name, &nv)) == 0) { 2244 error = put_nvlist(zc, nv); 2245 nvlist_free(nv); 2246 } 2247 2248 return (error); 2249 } 2250 2251 static int 2252 nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop) 2253 { 2254 uint64_t value; 2255 int error; 2256 2257 /* 2258 * zfs_get_zplprop() will either find a value or give us 2259 * the default value (if there is one). 2260 */ 2261 if ((error = zfs_get_zplprop(os, prop, &value)) != 0) 2262 return (error); 2263 VERIFY0(nvlist_add_uint64(props, zfs_prop_to_name(prop), value)); 2264 return (0); 2265 } 2266 2267 /* 2268 * inputs: 2269 * zc_name name of filesystem 2270 * zc_nvlist_dst_size size of buffer for zpl property nvlist 2271 * 2272 * outputs: 2273 * zc_nvlist_dst zpl property nvlist 2274 * zc_nvlist_dst_size size of zpl property nvlist 2275 */ 2276 static int 2277 zfs_ioc_objset_zplprops(zfs_cmd_t *zc) 2278 { 2279 objset_t *os; 2280 int err; 2281 2282 /* XXX reading without owning */ 2283 if ((err = dmu_objset_hold(zc->zc_name, FTAG, &os))) 2284 return (err); 2285 2286 dmu_objset_fast_stat(os, &zc->zc_objset_stats); 2287 2288 /* 2289 * NB: nvl_add_zplprop() will read the objset contents, 2290 * which we aren't supposed to do with a DS_MODE_USER 2291 * hold, because it could be inconsistent. 2292 */ 2293 if (zc->zc_nvlist_dst != 0 && 2294 !zc->zc_objset_stats.dds_inconsistent && 2295 dmu_objset_type(os) == DMU_OST_ZFS) { 2296 nvlist_t *nv; 2297 2298 VERIFY0(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP)); 2299 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 && 2300 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 && 2301 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 && 2302 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0 && 2303 (err = nvl_add_zplprop(os, nv, 2304 ZFS_PROP_DEFAULTUSERQUOTA)) == 0 && 2305 (err = nvl_add_zplprop(os, nv, 2306 ZFS_PROP_DEFAULTGROUPQUOTA)) == 0 && 2307 (err = nvl_add_zplprop(os, nv, 2308 ZFS_PROP_DEFAULTPROJECTQUOTA)) == 0 && 2309 (err = nvl_add_zplprop(os, nv, 2310 ZFS_PROP_DEFAULTUSEROBJQUOTA)) == 0 && 2311 (err = nvl_add_zplprop(os, nv, 2312 ZFS_PROP_DEFAULTGROUPOBJQUOTA)) == 0 && 2313 (err = nvl_add_zplprop(os, nv, 2314 ZFS_PROP_DEFAULTPROJECTOBJQUOTA)) == 0) 2315 err = put_nvlist(zc, nv); 2316 nvlist_free(nv); 2317 } else { 2318 err = SET_ERROR(ENOENT); 2319 } 2320 dmu_objset_rele(os, FTAG); 2321 return (err); 2322 } 2323 2324 /* 2325 * inputs: 2326 * zc_name name of filesystem 2327 * zc_cookie zap cursor 2328 * zc_nvlist_dst_size size of buffer for property nvlist 2329 * 2330 * outputs: 2331 * zc_name name of next filesystem 2332 * zc_cookie zap cursor 2333 * zc_objset_stats stats 2334 * zc_nvlist_dst property nvlist 2335 * zc_nvlist_dst_size size of property nvlist 2336 */ 2337 static int 2338 zfs_ioc_dataset_list_next(zfs_cmd_t *zc) 2339 { 2340 objset_t *os; 2341 int error; 2342 char *p; 2343 size_t orig_len = strlen(zc->zc_name); 2344 2345 top: 2346 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os))) { 2347 if (error == ENOENT) 2348 error = SET_ERROR(ESRCH); 2349 return (error); 2350 } 2351 2352 p = strrchr(zc->zc_name, '/'); 2353 if (p == NULL || p[1] != '\0') 2354 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name)); 2355 p = zc->zc_name + strlen(zc->zc_name); 2356 2357 do { 2358 error = dmu_dir_list_next(os, 2359 sizeof (zc->zc_name) - (p - zc->zc_name), p, 2360 NULL, &zc->zc_cookie); 2361 if (error == ENOENT) 2362 error = SET_ERROR(ESRCH); 2363 } while (error == 0 && zfs_dataset_name_hidden(zc->zc_name)); 2364 dmu_objset_rele(os, FTAG); 2365 2366 /* 2367 * If it's an internal dataset (ie. with a '$' in its name), 2368 * don't try to get stats for it, otherwise we'll return ENOENT. 2369 */ 2370 if (error == 0 && strchr(zc->zc_name, '$') == NULL) { 2371 error = zfs_ioc_objset_stats(zc); /* fill in the stats */ 2372 if (error == ENOENT) { 2373 /* We lost a race with destroy, get the next one. */ 2374 zc->zc_name[orig_len] = '\0'; 2375 goto top; 2376 } 2377 } 2378 return (error); 2379 } 2380 2381 /* 2382 * inputs: 2383 * zc_name name of filesystem 2384 * zc_cookie zap cursor 2385 * zc_nvlist_src iteration range nvlist 2386 * zc_nvlist_src_size size of iteration range nvlist 2387 * 2388 * outputs: 2389 * zc_name name of next snapshot 2390 * zc_objset_stats stats 2391 * zc_nvlist_dst property nvlist 2392 * zc_nvlist_dst_size size of property nvlist 2393 */ 2394 static int 2395 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc) 2396 { 2397 int error; 2398 objset_t *os, *ossnap; 2399 dsl_dataset_t *ds; 2400 uint64_t min_txg = 0, max_txg = 0; 2401 2402 if (zc->zc_nvlist_src_size != 0) { 2403 nvlist_t *props = NULL; 2404 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2405 zc->zc_iflags, &props); 2406 if (error != 0) 2407 return (error); 2408 (void) nvlist_lookup_uint64(props, SNAP_ITER_MIN_TXG, 2409 &min_txg); 2410 (void) nvlist_lookup_uint64(props, SNAP_ITER_MAX_TXG, 2411 &max_txg); 2412 nvlist_free(props); 2413 } 2414 2415 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 2416 if (error != 0) { 2417 return (error == ENOENT ? SET_ERROR(ESRCH) : error); 2418 } 2419 2420 /* 2421 * A dataset name of maximum length cannot have any snapshots, 2422 * so exit immediately. 2423 */ 2424 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >= 2425 ZFS_MAX_DATASET_NAME_LEN) { 2426 dmu_objset_rele(os, FTAG); 2427 return (SET_ERROR(ESRCH)); 2428 } 2429 2430 while (error == 0) { 2431 if (issig()) { 2432 error = SET_ERROR(EINTR); 2433 break; 2434 } 2435 2436 error = dmu_snapshot_list_next(os, 2437 sizeof (zc->zc_name) - strlen(zc->zc_name), 2438 zc->zc_name + strlen(zc->zc_name), &zc->zc_obj, 2439 &zc->zc_cookie, NULL); 2440 if (error == ENOENT) { 2441 error = SET_ERROR(ESRCH); 2442 break; 2443 } else if (error != 0) { 2444 break; 2445 } 2446 2447 error = dsl_dataset_hold_obj(dmu_objset_pool(os), zc->zc_obj, 2448 FTAG, &ds); 2449 if (error != 0) 2450 break; 2451 2452 if ((min_txg != 0 && dsl_get_creationtxg(ds) < min_txg) || 2453 (max_txg != 0 && dsl_get_creationtxg(ds) > max_txg)) { 2454 dsl_dataset_rele(ds, FTAG); 2455 /* undo snapshot name append */ 2456 *(strchr(zc->zc_name, '@') + 1) = '\0'; 2457 /* skip snapshot */ 2458 continue; 2459 } 2460 2461 if (zc->zc_simple) { 2462 dsl_dataset_fast_stat(ds, &zc->zc_objset_stats); 2463 dsl_dataset_rele(ds, FTAG); 2464 break; 2465 } 2466 2467 if ((error = dmu_objset_from_ds(ds, &ossnap)) != 0) { 2468 dsl_dataset_rele(ds, FTAG); 2469 break; 2470 } 2471 if ((error = zfs_ioc_objset_stats_impl(zc, ossnap)) != 0) { 2472 dsl_dataset_rele(ds, FTAG); 2473 break; 2474 } 2475 dsl_dataset_rele(ds, FTAG); 2476 break; 2477 } 2478 2479 dmu_objset_rele(os, FTAG); 2480 /* if we failed, undo the @ that we tacked on to zc_name */ 2481 if (error != 0) 2482 *strchr(zc->zc_name, '@') = '\0'; 2483 return (error); 2484 } 2485 2486 static int 2487 zfs_prop_set_userquota(const char *dsname, nvpair_t *pair) 2488 { 2489 const char *propname = nvpair_name(pair); 2490 uint64_t *valary; 2491 unsigned int vallen; 2492 const char *dash, *domain; 2493 zfs_userquota_prop_t type; 2494 uint64_t rid; 2495 uint64_t quota; 2496 zfsvfs_t *zfsvfs; 2497 int err; 2498 2499 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2500 nvlist_t *attrs; 2501 VERIFY0(nvpair_value_nvlist(pair, &attrs)); 2502 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2503 &pair) != 0) 2504 return (SET_ERROR(EINVAL)); 2505 } 2506 2507 /* 2508 * A correctly constructed propname is encoded as 2509 * userquota@<rid>-<domain>. 2510 */ 2511 if ((dash = strchr(propname, '-')) == NULL || 2512 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 || 2513 vallen != 3) 2514 return (SET_ERROR(EINVAL)); 2515 2516 domain = dash + 1; 2517 type = valary[0]; 2518 rid = valary[1]; 2519 quota = valary[2]; 2520 2521 err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE); 2522 if (err == 0) { 2523 err = zfs_set_userquota(zfsvfs, type, domain, rid, quota); 2524 zfsvfs_rele(zfsvfs, FTAG); 2525 } 2526 2527 return (err); 2528 } 2529 2530 /* 2531 * If the named property is one that has a special function to set its value, 2532 * return 0 on success and a positive error code on failure; otherwise if it is 2533 * not one of the special properties handled by this function, return -1. 2534 * 2535 * XXX: It would be better for callers of the property interface if we handled 2536 * these special cases in dsl_prop.c (in the dsl layer). 2537 */ 2538 static int 2539 zfs_prop_set_special(const char *dsname, zprop_source_t source, 2540 nvpair_t *pair) 2541 { 2542 const char *propname = nvpair_name(pair); 2543 zfs_prop_t prop = zfs_name_to_prop(propname); 2544 uint64_t intval = 0; 2545 const char *strval = NULL; 2546 int err = -1; 2547 2548 if (prop == ZPROP_USERPROP) { 2549 if (zfs_prop_userquota(propname)) 2550 return (zfs_prop_set_userquota(dsname, pair)); 2551 return (-1); 2552 } 2553 2554 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2555 nvlist_t *attrs; 2556 VERIFY0(nvpair_value_nvlist(pair, &attrs)); 2557 VERIFY0(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, &pair)); 2558 } 2559 2560 /* all special properties are numeric except for keylocation */ 2561 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING) { 2562 strval = fnvpair_value_string(pair); 2563 } else { 2564 intval = fnvpair_value_uint64(pair); 2565 } 2566 2567 switch (prop) { 2568 case ZFS_PROP_QUOTA: 2569 err = dsl_dir_set_quota(dsname, source, intval); 2570 break; 2571 case ZFS_PROP_REFQUOTA: 2572 err = dsl_dataset_set_refquota(dsname, source, intval); 2573 break; 2574 case ZFS_PROP_FILESYSTEM_LIMIT: 2575 case ZFS_PROP_SNAPSHOT_LIMIT: 2576 if (intval == UINT64_MAX) { 2577 /* clearing the limit, just do it */ 2578 err = 0; 2579 } else { 2580 err = dsl_dir_activate_fs_ss_limit(dsname); 2581 } 2582 /* 2583 * Set err to -1 to force the zfs_set_prop_nvlist code down the 2584 * default path to set the value in the nvlist. 2585 */ 2586 if (err == 0) 2587 err = -1; 2588 break; 2589 case ZFS_PROP_KEYLOCATION: 2590 err = dsl_crypto_can_set_keylocation(dsname, strval); 2591 2592 /* 2593 * Set err to -1 to force the zfs_set_prop_nvlist code down the 2594 * default path to set the value in the nvlist. 2595 */ 2596 if (err == 0) 2597 err = -1; 2598 break; 2599 case ZFS_PROP_RESERVATION: 2600 err = dsl_dir_set_reservation(dsname, source, intval); 2601 break; 2602 case ZFS_PROP_REFRESERVATION: 2603 err = dsl_dataset_set_refreservation(dsname, source, intval); 2604 break; 2605 case ZFS_PROP_COMPRESSION: 2606 err = dsl_dataset_set_compression(dsname, source, intval); 2607 /* 2608 * Set err to -1 to force the zfs_set_prop_nvlist code down the 2609 * default path to set the value in the nvlist. 2610 */ 2611 if (err == 0) 2612 err = -1; 2613 break; 2614 case ZFS_PROP_VOLSIZE: 2615 err = zvol_set_volsize(dsname, intval); 2616 break; 2617 case ZFS_PROP_VOLTHREADING: 2618 err = zvol_set_volthreading(dsname, intval); 2619 /* 2620 * Set err to -1 to force the zfs_set_prop_nvlist code down the 2621 * default path to set the value in the nvlist. 2622 */ 2623 if (err == 0) 2624 err = -1; 2625 break; 2626 case ZFS_PROP_SNAPDEV: 2627 case ZFS_PROP_VOLMODE: 2628 err = zvol_set_common(dsname, prop, source, intval); 2629 break; 2630 case ZFS_PROP_READONLY: 2631 err = zvol_set_ro(dsname, intval); 2632 /* 2633 * Set err to -1 to force the zfs_set_prop_nvlist code down the 2634 * default path to set the value in the nvlist. 2635 */ 2636 if (err == 0) 2637 err = -1; 2638 break; 2639 case ZFS_PROP_VERSION: 2640 { 2641 zfsvfs_t *zfsvfs; 2642 2643 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0) 2644 break; 2645 2646 err = zfs_set_version(zfsvfs, intval); 2647 zfsvfs_rele(zfsvfs, FTAG); 2648 2649 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) { 2650 zfs_cmd_t *zc; 2651 2652 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP); 2653 (void) strlcpy(zc->zc_name, dsname, 2654 sizeof (zc->zc_name)); 2655 (void) zfs_ioc_userspace_upgrade(zc); 2656 (void) zfs_ioc_id_quota_upgrade(zc); 2657 kmem_free(zc, sizeof (zfs_cmd_t)); 2658 } 2659 break; 2660 } 2661 case ZFS_PROP_LONGNAME: 2662 { 2663 zfsvfs_t *zfsvfs; 2664 2665 /* 2666 * Ignore the checks if the property is being applied as part of 2667 * 'zfs receive'. Because, we already check if the local pool 2668 * has SPA_FEATURE_LONGNAME enabled in dmu_recv_begin_check(). 2669 */ 2670 if (source == ZPROP_SRC_RECEIVED) { 2671 cmn_err(CE_NOTE, "Skipping ZFS_PROP_LONGNAME checks " 2672 "for dsname=%s\n", dsname); 2673 err = -1; 2674 break; 2675 } 2676 2677 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE)) != 0) { 2678 cmn_err(CE_WARN, "%s:%d Failed to hold for dsname=%s " 2679 "err=%d\n", __FILE__, __LINE__, dsname, err); 2680 break; 2681 } 2682 2683 if (!spa_feature_is_enabled(zfsvfs->z_os->os_spa, 2684 SPA_FEATURE_LONGNAME)) { 2685 err = ENOTSUP; 2686 } else { 2687 /* 2688 * Set err to -1 to force the zfs_set_prop_nvlist code 2689 * down the default path to set the value in the nvlist. 2690 */ 2691 err = -1; 2692 } 2693 zfsvfs_rele(zfsvfs, FTAG); 2694 break; 2695 } 2696 case ZFS_PROP_DEFAULTUSERQUOTA: 2697 case ZFS_PROP_DEFAULTGROUPQUOTA: 2698 case ZFS_PROP_DEFAULTPROJECTQUOTA: 2699 case ZFS_PROP_DEFAULTUSEROBJQUOTA: 2700 case ZFS_PROP_DEFAULTGROUPOBJQUOTA: 2701 case ZFS_PROP_DEFAULTPROJECTOBJQUOTA: 2702 { 2703 zfsvfs_t *zfsvfs; 2704 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0) 2705 break; 2706 err = zfs_set_default_quota(zfsvfs, prop, intval); 2707 zfsvfs_rele(zfsvfs, FTAG); 2708 break; 2709 } 2710 default: 2711 err = -1; 2712 } 2713 2714 return (err); 2715 } 2716 2717 static boolean_t 2718 zfs_is_namespace_prop(zfs_prop_t prop) 2719 { 2720 switch (prop) { 2721 2722 case ZFS_PROP_ATIME: 2723 case ZFS_PROP_RELATIME: 2724 case ZFS_PROP_DEVICES: 2725 case ZFS_PROP_EXEC: 2726 case ZFS_PROP_SETUID: 2727 case ZFS_PROP_READONLY: 2728 case ZFS_PROP_XATTR: 2729 case ZFS_PROP_NBMAND: 2730 return (B_TRUE); 2731 2732 default: 2733 return (B_FALSE); 2734 } 2735 } 2736 2737 /* 2738 * This function is best effort. If it fails to set any of the given properties, 2739 * it continues to set as many as it can and returns the last error 2740 * encountered. If the caller provides a non-NULL errlist, it will be filled in 2741 * with the list of names of all the properties that failed along with the 2742 * corresponding error numbers. 2743 * 2744 * If every property is set successfully, zero is returned and errlist is not 2745 * modified. 2746 */ 2747 int 2748 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl, 2749 nvlist_t *errlist) 2750 { 2751 nvpair_t *pair; 2752 nvpair_t *propval; 2753 int rv = 0; 2754 int err; 2755 uint64_t intval; 2756 const char *strval; 2757 boolean_t should_update_mount_cache = B_FALSE; 2758 2759 nvlist_t *genericnvl = fnvlist_alloc(); 2760 nvlist_t *retrynvl = fnvlist_alloc(); 2761 retry: 2762 pair = NULL; 2763 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) { 2764 const char *propname = nvpair_name(pair); 2765 zfs_prop_t prop = zfs_name_to_prop(propname); 2766 err = 0; 2767 2768 /* decode the property value */ 2769 propval = pair; 2770 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2771 nvlist_t *attrs; 2772 attrs = fnvpair_value_nvlist(pair); 2773 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2774 &propval) != 0) 2775 err = SET_ERROR(EINVAL); 2776 } 2777 2778 /* Validate value type */ 2779 if (err == 0 && source == ZPROP_SRC_INHERITED) { 2780 /* inherited properties are expected to be booleans */ 2781 if (nvpair_type(propval) != DATA_TYPE_BOOLEAN) 2782 err = SET_ERROR(EINVAL); 2783 } else if (err == 0 && prop == ZPROP_USERPROP) { 2784 if (zfs_prop_user(propname)) { 2785 if (nvpair_type(propval) != DATA_TYPE_STRING) 2786 err = SET_ERROR(EINVAL); 2787 } else if (zfs_prop_userquota(propname)) { 2788 if (nvpair_type(propval) != 2789 DATA_TYPE_UINT64_ARRAY) 2790 err = SET_ERROR(EINVAL); 2791 } else { 2792 err = SET_ERROR(EINVAL); 2793 } 2794 } else if (err == 0) { 2795 if (nvpair_type(propval) == DATA_TYPE_STRING) { 2796 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING) 2797 err = SET_ERROR(EINVAL); 2798 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) { 2799 const char *unused; 2800 2801 intval = fnvpair_value_uint64(propval); 2802 2803 switch (zfs_prop_get_type(prop)) { 2804 case PROP_TYPE_NUMBER: 2805 break; 2806 case PROP_TYPE_STRING: 2807 err = SET_ERROR(EINVAL); 2808 break; 2809 case PROP_TYPE_INDEX: 2810 if (zfs_prop_index_to_string(prop, 2811 intval, &unused) != 0) 2812 err = 2813 SET_ERROR(ZFS_ERR_BADPROP); 2814 break; 2815 default: 2816 cmn_err(CE_PANIC, 2817 "unknown property type"); 2818 } 2819 } else { 2820 err = SET_ERROR(EINVAL); 2821 } 2822 } 2823 2824 /* Validate permissions */ 2825 if (err == 0) 2826 err = zfs_check_settable(dsname, pair, CRED()); 2827 2828 if (err == 0) { 2829 if (source == ZPROP_SRC_INHERITED) 2830 err = -1; /* does not need special handling */ 2831 else 2832 err = zfs_prop_set_special(dsname, source, 2833 pair); 2834 if (err == -1) { 2835 /* 2836 * For better performance we build up a list of 2837 * properties to set in a single transaction. 2838 */ 2839 err = nvlist_add_nvpair(genericnvl, pair); 2840 } else if (err != 0 && nvl != retrynvl) { 2841 /* 2842 * This may be a spurious error caused by 2843 * receiving quota and reservation out of order. 2844 * Try again in a second pass. 2845 */ 2846 err = nvlist_add_nvpair(retrynvl, pair); 2847 } 2848 } 2849 2850 if (err != 0) { 2851 if (errlist != NULL) 2852 fnvlist_add_int32(errlist, propname, err); 2853 rv = err; 2854 } 2855 2856 if (zfs_is_namespace_prop(prop)) 2857 should_update_mount_cache = B_TRUE; 2858 } 2859 2860 if (nvl != retrynvl && !nvlist_empty(retrynvl)) { 2861 nvl = retrynvl; 2862 goto retry; 2863 } 2864 2865 if (nvlist_empty(genericnvl)) 2866 goto out; 2867 2868 /* 2869 * Try to set them all in one batch. 2870 */ 2871 err = dsl_props_set(dsname, source, genericnvl); 2872 if (err == 0) 2873 goto out; 2874 2875 /* 2876 * If batching fails, we still want to set as many properties as we 2877 * can, so try setting them individually. 2878 */ 2879 pair = NULL; 2880 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) { 2881 const char *propname = nvpair_name(pair); 2882 2883 propval = pair; 2884 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2885 nvlist_t *attrs; 2886 attrs = fnvpair_value_nvlist(pair); 2887 propval = fnvlist_lookup_nvpair(attrs, ZPROP_VALUE); 2888 } 2889 2890 if (nvpair_type(propval) == DATA_TYPE_STRING) { 2891 strval = fnvpair_value_string(propval); 2892 err = dsl_prop_set_string(dsname, propname, 2893 source, strval); 2894 } else if (nvpair_type(propval) == DATA_TYPE_BOOLEAN) { 2895 err = dsl_prop_inherit(dsname, propname, source); 2896 } else { 2897 intval = fnvpair_value_uint64(propval); 2898 err = dsl_prop_set_int(dsname, propname, source, 2899 intval); 2900 } 2901 2902 if (err != 0) { 2903 if (errlist != NULL) { 2904 fnvlist_add_int32(errlist, propname, err); 2905 } 2906 rv = err; 2907 } 2908 } 2909 2910 out: 2911 if (should_update_mount_cache) 2912 zfs_ioctl_update_mount_cache(dsname); 2913 2914 nvlist_free(genericnvl); 2915 nvlist_free(retrynvl); 2916 2917 return (rv); 2918 } 2919 2920 /* 2921 * Check that all the properties are valid user properties. 2922 */ 2923 static int 2924 zfs_check_userprops(nvlist_t *nvl) 2925 { 2926 nvpair_t *pair = NULL; 2927 2928 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) { 2929 const char *propname = nvpair_name(pair); 2930 2931 if (!zfs_prop_user(propname) || 2932 nvpair_type(pair) != DATA_TYPE_STRING) 2933 return (SET_ERROR(EINVAL)); 2934 2935 if (strlen(propname) >= ZAP_MAXNAMELEN) 2936 return (SET_ERROR(ENAMETOOLONG)); 2937 2938 if (strlen(fnvpair_value_string(pair)) >= ZAP_MAXVALUELEN) 2939 return (SET_ERROR(E2BIG)); 2940 } 2941 return (0); 2942 } 2943 2944 static void 2945 props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops) 2946 { 2947 nvpair_t *pair; 2948 2949 VERIFY0(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP)); 2950 2951 pair = NULL; 2952 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) { 2953 if (nvlist_exists(skipped, nvpair_name(pair))) 2954 continue; 2955 2956 VERIFY0(nvlist_add_nvpair(*newprops, pair)); 2957 } 2958 } 2959 2960 static int 2961 clear_received_props(const char *dsname, nvlist_t *props, 2962 nvlist_t *skipped) 2963 { 2964 int err = 0; 2965 nvlist_t *cleared_props = NULL; 2966 props_skip(props, skipped, &cleared_props); 2967 if (!nvlist_empty(cleared_props)) { 2968 /* 2969 * Acts on local properties until the dataset has received 2970 * properties at least once on or after SPA_VERSION_RECVD_PROPS. 2971 */ 2972 zprop_source_t flags = (ZPROP_SRC_NONE | 2973 (dsl_prop_get_hasrecvd(dsname) ? ZPROP_SRC_RECEIVED : 0)); 2974 err = zfs_set_prop_nvlist(dsname, flags, cleared_props, NULL); 2975 } 2976 nvlist_free(cleared_props); 2977 return (err); 2978 } 2979 2980 /* 2981 * inputs: 2982 * zc_name name of filesystem 2983 * zc_value name of property to set 2984 * zc_nvlist_src{_size} nvlist of properties to apply 2985 * zc_cookie received properties flag 2986 * 2987 * outputs: 2988 * zc_nvlist_dst{_size} error for each unapplied received property 2989 */ 2990 static int 2991 zfs_ioc_set_prop(zfs_cmd_t *zc) 2992 { 2993 nvlist_t *nvl; 2994 boolean_t received = zc->zc_cookie; 2995 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED : 2996 ZPROP_SRC_LOCAL); 2997 nvlist_t *errors; 2998 int error; 2999 3000 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 3001 zc->zc_iflags, &nvl)) != 0) 3002 return (error); 3003 3004 if (received) { 3005 nvlist_t *origprops; 3006 3007 if (dsl_prop_get_received(zc->zc_name, &origprops) == 0) { 3008 (void) clear_received_props(zc->zc_name, 3009 origprops, nvl); 3010 nvlist_free(origprops); 3011 } 3012 3013 error = dsl_prop_set_hasrecvd(zc->zc_name); 3014 } 3015 3016 errors = fnvlist_alloc(); 3017 if (error == 0) 3018 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, errors); 3019 3020 if (zc->zc_nvlist_dst != 0 && errors != NULL) { 3021 (void) put_nvlist(zc, errors); 3022 } 3023 3024 nvlist_free(errors); 3025 nvlist_free(nvl); 3026 return (error); 3027 } 3028 3029 /* 3030 * inputs: 3031 * zc_name name of filesystem 3032 * zc_value name of property to inherit 3033 * zc_cookie revert to received value if TRUE 3034 * 3035 * outputs: none 3036 */ 3037 static int 3038 zfs_ioc_inherit_prop(zfs_cmd_t *zc) 3039 { 3040 const char *propname = zc->zc_value; 3041 zfs_prop_t prop = zfs_name_to_prop(propname); 3042 boolean_t received = zc->zc_cookie; 3043 zprop_source_t source = (received 3044 ? ZPROP_SRC_NONE /* revert to received value, if any */ 3045 : ZPROP_SRC_INHERITED); /* explicitly inherit */ 3046 nvlist_t *dummy; 3047 nvpair_t *pair; 3048 zprop_type_t type; 3049 int err; 3050 3051 if (!received) { 3052 /* 3053 * Only check this in the non-received case. We want to allow 3054 * 'inherit -S' to revert non-inheritable properties like quota 3055 * and reservation to the received or default values even though 3056 * they are not considered inheritable. 3057 */ 3058 if (prop != ZPROP_USERPROP && !zfs_prop_inheritable(prop)) 3059 return (SET_ERROR(EINVAL)); 3060 } 3061 3062 if (prop == ZPROP_USERPROP) { 3063 if (!zfs_prop_user(propname)) 3064 return (SET_ERROR(EINVAL)); 3065 3066 type = PROP_TYPE_STRING; 3067 } else if (prop == ZFS_PROP_VOLSIZE || prop == ZFS_PROP_VERSION) { 3068 return (SET_ERROR(EINVAL)); 3069 } else { 3070 type = zfs_prop_get_type(prop); 3071 } 3072 3073 /* 3074 * zfs_prop_set_special() expects properties in the form of an 3075 * nvpair with type info. 3076 */ 3077 dummy = fnvlist_alloc(); 3078 3079 switch (type) { 3080 case PROP_TYPE_STRING: 3081 VERIFY0(nvlist_add_string(dummy, propname, "")); 3082 break; 3083 case PROP_TYPE_NUMBER: 3084 case PROP_TYPE_INDEX: 3085 VERIFY0(nvlist_add_uint64(dummy, propname, 0)); 3086 break; 3087 default: 3088 err = SET_ERROR(EINVAL); 3089 goto errout; 3090 } 3091 3092 pair = nvlist_next_nvpair(dummy, NULL); 3093 if (pair == NULL) { 3094 err = SET_ERROR(EINVAL); 3095 } else { 3096 err = zfs_prop_set_special(zc->zc_name, source, pair); 3097 if (err == -1) /* property is not "special", needs handling */ 3098 err = dsl_prop_inherit(zc->zc_name, zc->zc_value, 3099 source); 3100 } 3101 3102 errout: 3103 nvlist_free(dummy); 3104 return (err); 3105 } 3106 3107 static int 3108 zfs_ioc_pool_set_props(zfs_cmd_t *zc) 3109 { 3110 nvlist_t *props; 3111 spa_t *spa; 3112 int error; 3113 nvpair_t *pair; 3114 3115 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 3116 zc->zc_iflags, &props))) 3117 return (error); 3118 3119 /* 3120 * If the only property is the configfile, then just do a spa_lookup() 3121 * to handle the faulted case. 3122 */ 3123 pair = nvlist_next_nvpair(props, NULL); 3124 if (pair != NULL && strcmp(nvpair_name(pair), 3125 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 && 3126 nvlist_next_nvpair(props, pair) == NULL) { 3127 spa_namespace_enter(FTAG); 3128 if ((spa = spa_lookup(zc->zc_name)) != NULL) { 3129 spa_configfile_set(spa, props, B_FALSE); 3130 spa_write_cachefile(spa, B_FALSE, B_TRUE, B_FALSE); 3131 } 3132 spa_namespace_exit(FTAG); 3133 if (spa != NULL) { 3134 nvlist_free(props); 3135 return (0); 3136 } 3137 } 3138 3139 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) { 3140 nvlist_free(props); 3141 return (error); 3142 } 3143 3144 error = spa_prop_set(spa, props); 3145 3146 nvlist_free(props); 3147 spa_close(spa, FTAG); 3148 3149 return (error); 3150 } 3151 3152 /* 3153 * innvl: { 3154 * "get_props_names": [ "prop1", "prop2", ..., "propN" ] 3155 * } 3156 */ 3157 3158 static const zfs_ioc_key_t zfs_keys_get_props[] = { 3159 { ZPOOL_GET_PROPS_NAMES, DATA_TYPE_STRING_ARRAY, ZK_OPTIONAL }, 3160 }; 3161 3162 static int 3163 zfs_ioc_pool_get_props(const char *pool, nvlist_t *innvl, nvlist_t *outnvl) 3164 { 3165 spa_t *spa; 3166 char **props = NULL; 3167 unsigned int n_props = 0; 3168 int error; 3169 3170 if (nvlist_lookup_string_array(innvl, ZPOOL_GET_PROPS_NAMES, 3171 &props, &n_props) != 0) { 3172 props = NULL; 3173 } 3174 3175 if ((error = spa_open(pool, &spa, FTAG)) != 0) { 3176 /* 3177 * If the pool is faulted, there may be properties we can still 3178 * get (such as altroot and cachefile), so attempt to get them 3179 * anyway. 3180 */ 3181 spa_namespace_enter(FTAG); 3182 if ((spa = spa_lookup(pool)) != NULL) { 3183 error = spa_prop_get(spa, outnvl); 3184 if (error == 0 && props != NULL) 3185 error = spa_prop_get_nvlist(spa, props, n_props, 3186 outnvl); 3187 } 3188 spa_namespace_exit(FTAG); 3189 } else { 3190 error = spa_prop_get(spa, outnvl); 3191 if (error == 0 && props != NULL) 3192 error = spa_prop_get_nvlist(spa, props, n_props, 3193 outnvl); 3194 spa_close(spa, FTAG); 3195 } 3196 3197 return (error); 3198 } 3199 3200 /* 3201 * innvl: { 3202 * "vdevprops_set_vdev" -> guid 3203 * "vdevprops_set_props" -> { prop -> value } 3204 * } 3205 * 3206 * outnvl: propname -> error code (int32) 3207 */ 3208 static const zfs_ioc_key_t zfs_keys_vdev_set_props[] = { 3209 {ZPOOL_VDEV_PROPS_SET_VDEV, DATA_TYPE_UINT64, 0}, 3210 {ZPOOL_VDEV_PROPS_SET_PROPS, DATA_TYPE_NVLIST, 0} 3211 }; 3212 3213 static int 3214 zfs_ioc_vdev_set_props(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3215 { 3216 spa_t *spa; 3217 int error; 3218 vdev_t *vd; 3219 uint64_t vdev_guid; 3220 3221 /* Early validation */ 3222 if (nvlist_lookup_uint64(innvl, ZPOOL_VDEV_PROPS_SET_VDEV, 3223 &vdev_guid) != 0) 3224 return (SET_ERROR(EINVAL)); 3225 3226 if (outnvl == NULL) 3227 return (SET_ERROR(EINVAL)); 3228 3229 if ((error = spa_open(poolname, &spa, FTAG)) != 0) 3230 return (error); 3231 3232 ASSERT(spa_writeable(spa)); 3233 3234 if ((vd = spa_lookup_by_guid(spa, vdev_guid, B_TRUE)) == NULL) { 3235 spa_close(spa, FTAG); 3236 return (SET_ERROR(ENOENT)); 3237 } 3238 3239 error = vdev_prop_set(vd, innvl, outnvl); 3240 3241 spa_close(spa, FTAG); 3242 3243 return (error); 3244 } 3245 3246 /* 3247 * innvl: { 3248 * "vdevprops_get_vdev" -> guid 3249 * (optional) "vdevprops_get_props" -> { propname -> propid } 3250 * } 3251 * 3252 * outnvl: propname -> value 3253 */ 3254 static const zfs_ioc_key_t zfs_keys_vdev_get_props[] = { 3255 {ZPOOL_VDEV_PROPS_GET_VDEV, DATA_TYPE_UINT64, 0}, 3256 {ZPOOL_VDEV_PROPS_GET_PROPS, DATA_TYPE_NVLIST, ZK_OPTIONAL} 3257 }; 3258 3259 static int 3260 zfs_ioc_vdev_get_props(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3261 { 3262 spa_t *spa; 3263 int error; 3264 vdev_t *vd; 3265 uint64_t vdev_guid; 3266 3267 /* Early validation */ 3268 if (nvlist_lookup_uint64(innvl, ZPOOL_VDEV_PROPS_GET_VDEV, 3269 &vdev_guid) != 0) 3270 return (SET_ERROR(EINVAL)); 3271 3272 if (outnvl == NULL) 3273 return (SET_ERROR(EINVAL)); 3274 3275 if ((error = spa_open(poolname, &spa, FTAG)) != 0) 3276 return (error); 3277 3278 if ((vd = spa_lookup_by_guid(spa, vdev_guid, B_TRUE)) == NULL) { 3279 spa_close(spa, FTAG); 3280 return (SET_ERROR(ENOENT)); 3281 } 3282 3283 error = vdev_prop_get(vd, innvl, outnvl); 3284 3285 spa_close(spa, FTAG); 3286 3287 return (error); 3288 } 3289 3290 /* 3291 * inputs: 3292 * zc_name name of filesystem 3293 * zc_nvlist_src{_size} nvlist of delegated permissions 3294 * zc_perm_action allow/unallow flag 3295 * 3296 * outputs: none 3297 */ 3298 static int 3299 zfs_ioc_set_fsacl(zfs_cmd_t *zc) 3300 { 3301 int error; 3302 nvlist_t *fsaclnv = NULL; 3303 3304 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 3305 zc->zc_iflags, &fsaclnv)) != 0) 3306 return (error); 3307 3308 /* 3309 * Verify nvlist is constructed correctly 3310 */ 3311 if (zfs_deleg_verify_nvlist(fsaclnv) != 0) { 3312 nvlist_free(fsaclnv); 3313 return (SET_ERROR(EINVAL)); 3314 } 3315 3316 /* 3317 * If we don't have PRIV_SYS_MOUNT, then validate 3318 * that user is allowed to hand out each permission in 3319 * the nvlist(s) 3320 */ 3321 3322 error = secpolicy_zfs(CRED()); 3323 if (error != 0) { 3324 if (zc->zc_perm_action == B_FALSE) { 3325 error = dsl_deleg_can_allow(zc->zc_name, 3326 fsaclnv, CRED()); 3327 } else { 3328 error = dsl_deleg_can_unallow(zc->zc_name, 3329 fsaclnv, CRED()); 3330 } 3331 } 3332 3333 if (error == 0) 3334 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action); 3335 3336 nvlist_free(fsaclnv); 3337 return (error); 3338 } 3339 3340 /* 3341 * inputs: 3342 * zc_name name of filesystem 3343 * 3344 * outputs: 3345 * zc_nvlist_src{_size} nvlist of delegated permissions 3346 */ 3347 static int 3348 zfs_ioc_get_fsacl(zfs_cmd_t *zc) 3349 { 3350 nvlist_t *nvp; 3351 int error; 3352 3353 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) { 3354 error = put_nvlist(zc, nvp); 3355 nvlist_free(nvp); 3356 } 3357 3358 return (error); 3359 } 3360 3361 static void 3362 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx) 3363 { 3364 zfs_creat_t *zct = arg; 3365 3366 zfs_create_fs(os, cr, zct->zct_zplprops, tx); 3367 } 3368 3369 #define ZFS_PROP_UNDEFINED ((uint64_t)-1) 3370 3371 /* 3372 * inputs: 3373 * os parent objset pointer (NULL if root fs) 3374 * fuids_ok fuids allowed in this version of the spa? 3375 * sa_ok SAs allowed in this version of the spa? 3376 * createprops list of properties requested by creator 3377 * 3378 * outputs: 3379 * zplprops values for the zplprops we attach to the master node object 3380 * is_ci true if requested file system will be purely case-insensitive 3381 * 3382 * Determine the settings for utf8only, normalization and 3383 * casesensitivity. Specific values may have been requested by the 3384 * creator and/or we can inherit values from the parent dataset. If 3385 * the file system is of too early a vintage, a creator can not 3386 * request settings for these properties, even if the requested 3387 * setting is the default value. We don't actually want to create dsl 3388 * properties for these, so remove them from the source nvlist after 3389 * processing. 3390 */ 3391 static int 3392 zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver, 3393 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops, 3394 nvlist_t *zplprops, boolean_t *is_ci) 3395 { 3396 uint64_t sense = ZFS_PROP_UNDEFINED; 3397 uint64_t norm = ZFS_PROP_UNDEFINED; 3398 uint64_t u8 = ZFS_PROP_UNDEFINED; 3399 uint64_t duq = ZFS_PROP_UNDEFINED, duoq = ZFS_PROP_UNDEFINED; 3400 uint64_t dgq = ZFS_PROP_UNDEFINED, dgoq = ZFS_PROP_UNDEFINED; 3401 uint64_t dpq = ZFS_PROP_UNDEFINED, dpoq = ZFS_PROP_UNDEFINED; 3402 int error; 3403 3404 ASSERT(zplprops != NULL); 3405 3406 /* parent dataset must be a filesystem */ 3407 if (os != NULL && os->os_phys->os_type != DMU_OST_ZFS) 3408 return (SET_ERROR(ZFS_ERR_WRONG_PARENT)); 3409 3410 /* 3411 * Pull out creator prop choices, if any. 3412 */ 3413 if (createprops) { 3414 (void) nvlist_lookup_uint64(createprops, 3415 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver); 3416 (void) nvlist_lookup_uint64(createprops, 3417 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm); 3418 (void) nvlist_remove_all(createprops, 3419 zfs_prop_to_name(ZFS_PROP_NORMALIZE)); 3420 (void) nvlist_lookup_uint64(createprops, 3421 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8); 3422 (void) nvlist_remove_all(createprops, 3423 zfs_prop_to_name(ZFS_PROP_UTF8ONLY)); 3424 (void) nvlist_lookup_uint64(createprops, 3425 zfs_prop_to_name(ZFS_PROP_CASE), &sense); 3426 (void) nvlist_remove_all(createprops, 3427 zfs_prop_to_name(ZFS_PROP_CASE)); 3428 (void) nvlist_lookup_uint64(createprops, 3429 zfs_prop_to_name(ZFS_PROP_DEFAULTUSERQUOTA), &duq); 3430 (void) nvlist_remove_all(createprops, 3431 zfs_prop_to_name(ZFS_PROP_DEFAULTUSERQUOTA)); 3432 (void) nvlist_lookup_uint64(createprops, 3433 zfs_prop_to_name(ZFS_PROP_DEFAULTGROUPQUOTA), &dgq); 3434 (void) nvlist_remove_all(createprops, 3435 zfs_prop_to_name(ZFS_PROP_DEFAULTGROUPQUOTA)); 3436 (void) nvlist_lookup_uint64(createprops, 3437 zfs_prop_to_name(ZFS_PROP_DEFAULTPROJECTQUOTA), &dpq); 3438 (void) nvlist_remove_all(createprops, 3439 zfs_prop_to_name(ZFS_PROP_DEFAULTPROJECTQUOTA)); 3440 (void) nvlist_lookup_uint64(createprops, 3441 zfs_prop_to_name(ZFS_PROP_DEFAULTUSEROBJQUOTA), &duoq); 3442 (void) nvlist_remove_all(createprops, 3443 zfs_prop_to_name(ZFS_PROP_DEFAULTUSEROBJQUOTA)); 3444 (void) nvlist_lookup_uint64(createprops, 3445 zfs_prop_to_name(ZFS_PROP_DEFAULTGROUPOBJQUOTA), &dgoq); 3446 (void) nvlist_remove_all(createprops, 3447 zfs_prop_to_name(ZFS_PROP_DEFAULTGROUPOBJQUOTA)); 3448 (void) nvlist_lookup_uint64(createprops, 3449 zfs_prop_to_name(ZFS_PROP_DEFAULTPROJECTOBJQUOTA), &dpoq); 3450 (void) nvlist_remove_all(createprops, 3451 zfs_prop_to_name(ZFS_PROP_DEFAULTPROJECTOBJQUOTA)); 3452 } 3453 3454 /* 3455 * If the zpl version requested is whacky or the file system 3456 * or pool is version is too "young" to support normalization 3457 * and the creator tried to set a value for one of the props, 3458 * error out. 3459 */ 3460 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) || 3461 (zplver >= ZPL_VERSION_FUID && !fuids_ok) || 3462 (zplver >= ZPL_VERSION_SA && !sa_ok) || 3463 (zplver < ZPL_VERSION_NORMALIZATION && 3464 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED || 3465 sense != ZFS_PROP_UNDEFINED))) 3466 return (SET_ERROR(ENOTSUP)); 3467 3468 /* 3469 * Put the version in the zplprops 3470 */ 3471 VERIFY0(nvlist_add_uint64(zplprops, 3472 zfs_prop_to_name(ZFS_PROP_VERSION), zplver)); 3473 3474 if (norm == ZFS_PROP_UNDEFINED && 3475 (error = zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm)) != 0) 3476 return (error); 3477 VERIFY0(nvlist_add_uint64(zplprops, 3478 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm)); 3479 3480 /* 3481 * If we're normalizing, names must always be valid UTF-8 strings. 3482 */ 3483 if (norm) 3484 u8 = 1; 3485 if (u8 == ZFS_PROP_UNDEFINED && 3486 (error = zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8)) != 0) 3487 return (error); 3488 VERIFY0(nvlist_add_uint64(zplprops, 3489 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8)); 3490 3491 if (sense == ZFS_PROP_UNDEFINED && 3492 (error = zfs_get_zplprop(os, ZFS_PROP_CASE, &sense)) != 0) 3493 return (error); 3494 VERIFY0(nvlist_add_uint64(zplprops, 3495 zfs_prop_to_name(ZFS_PROP_CASE), sense)); 3496 3497 if (duq == ZFS_PROP_UNDEFINED && 3498 (error = zfs_get_zplprop(os, ZFS_PROP_DEFAULTUSERQUOTA, &duq)) != 0) 3499 return (error); 3500 VERIFY0(nvlist_add_uint64(zplprops, 3501 zfs_prop_to_name(ZFS_PROP_DEFAULTUSERQUOTA), duq)); 3502 3503 if (dgq == ZFS_PROP_UNDEFINED && 3504 (error = zfs_get_zplprop(os, ZFS_PROP_DEFAULTGROUPQUOTA, 3505 &dgq)) != 0) 3506 return (error); 3507 VERIFY0(nvlist_add_uint64(zplprops, 3508 zfs_prop_to_name(ZFS_PROP_DEFAULTGROUPQUOTA), dgq)); 3509 3510 if (dpq == ZFS_PROP_UNDEFINED && 3511 (error = zfs_get_zplprop(os, ZFS_PROP_DEFAULTPROJECTQUOTA, 3512 &dpq)) != 0) 3513 return (error); 3514 VERIFY0(nvlist_add_uint64(zplprops, 3515 zfs_prop_to_name(ZFS_PROP_DEFAULTPROJECTQUOTA), dpq)); 3516 3517 if (duoq == ZFS_PROP_UNDEFINED && 3518 (error = zfs_get_zplprop(os, ZFS_PROP_DEFAULTUSEROBJQUOTA, 3519 &duoq)) != 0) 3520 return (error); 3521 VERIFY0(nvlist_add_uint64(zplprops, 3522 zfs_prop_to_name(ZFS_PROP_DEFAULTUSEROBJQUOTA), duoq)); 3523 3524 if (dgoq == ZFS_PROP_UNDEFINED && 3525 (error = zfs_get_zplprop(os, ZFS_PROP_DEFAULTGROUPOBJQUOTA, 3526 &dgoq)) != 0) 3527 return (error); 3528 VERIFY0(nvlist_add_uint64(zplprops, 3529 zfs_prop_to_name(ZFS_PROP_DEFAULTGROUPOBJQUOTA), dgoq)); 3530 3531 if (dpoq == ZFS_PROP_UNDEFINED && 3532 (error = zfs_get_zplprop(os, ZFS_PROP_DEFAULTPROJECTOBJQUOTA, 3533 &dpoq)) != 0) 3534 return (error); 3535 VERIFY0(nvlist_add_uint64(zplprops, 3536 zfs_prop_to_name(ZFS_PROP_DEFAULTPROJECTOBJQUOTA), dpoq)); 3537 3538 if (is_ci) 3539 *is_ci = (sense == ZFS_CASE_INSENSITIVE); 3540 3541 return (0); 3542 } 3543 3544 static int 3545 zfs_fill_zplprops(const char *dataset, nvlist_t *createprops, 3546 nvlist_t *zplprops, boolean_t *is_ci) 3547 { 3548 boolean_t fuids_ok, sa_ok; 3549 uint64_t zplver = ZPL_VERSION; 3550 objset_t *os = NULL; 3551 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 3552 spa_t *spa; 3553 uint64_t spa_vers; 3554 int error; 3555 3556 zfs_get_parent(dataset, parentname, sizeof (parentname)); 3557 3558 if ((error = spa_open(dataset, &spa, FTAG)) != 0) 3559 return (error); 3560 3561 spa_vers = spa_version(spa); 3562 spa_close(spa, FTAG); 3563 3564 zplver = zfs_zpl_version_map(spa_vers); 3565 fuids_ok = (zplver >= ZPL_VERSION_FUID); 3566 sa_ok = (zplver >= ZPL_VERSION_SA); 3567 3568 /* 3569 * Open parent object set so we can inherit zplprop values. 3570 */ 3571 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0) 3572 return (error); 3573 3574 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops, 3575 zplprops, is_ci); 3576 dmu_objset_rele(os, FTAG); 3577 return (error); 3578 } 3579 3580 static int 3581 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops, 3582 nvlist_t *zplprops, boolean_t *is_ci) 3583 { 3584 boolean_t fuids_ok; 3585 boolean_t sa_ok; 3586 uint64_t zplver = ZPL_VERSION; 3587 int error; 3588 3589 zplver = zfs_zpl_version_map(spa_vers); 3590 fuids_ok = (zplver >= ZPL_VERSION_FUID); 3591 sa_ok = (zplver >= ZPL_VERSION_SA); 3592 3593 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok, 3594 createprops, zplprops, is_ci); 3595 return (error); 3596 } 3597 3598 /* 3599 * innvl: { 3600 * "type" -> dmu_objset_type_t (int32) 3601 * (optional) "props" -> { prop -> value } 3602 * (optional) "hidden_args" -> { "wkeydata" -> value } 3603 * raw uint8_t array of encryption wrapping key data (32 bytes) 3604 * } 3605 * 3606 * outnvl: propname -> error code (int32) 3607 */ 3608 3609 static const zfs_ioc_key_t zfs_keys_create[] = { 3610 {"type", DATA_TYPE_INT32, 0}, 3611 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 3612 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 3613 }; 3614 3615 static int 3616 zfs_ioc_create(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3617 { 3618 int error = 0; 3619 zfs_creat_t zct = { 0 }; 3620 nvlist_t *nvprops = NULL; 3621 nvlist_t *hidden_args = NULL; 3622 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx); 3623 dmu_objset_type_t type; 3624 boolean_t is_insensitive = B_FALSE; 3625 dsl_crypto_params_t *dcp = NULL; 3626 3627 type = (dmu_objset_type_t)fnvlist_lookup_int32(innvl, "type"); 3628 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops); 3629 (void) nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args); 3630 3631 switch (type) { 3632 case DMU_OST_ZFS: 3633 cbfunc = zfs_create_cb; 3634 break; 3635 3636 case DMU_OST_ZVOL: 3637 cbfunc = zvol_create_cb; 3638 break; 3639 3640 default: 3641 cbfunc = NULL; 3642 break; 3643 } 3644 if (strchr(fsname, '@') || 3645 strchr(fsname, '%')) 3646 return (SET_ERROR(EINVAL)); 3647 3648 zct.zct_props = nvprops; 3649 3650 if (cbfunc == NULL) 3651 return (SET_ERROR(EINVAL)); 3652 3653 if (type == DMU_OST_ZVOL) { 3654 uint64_t volsize, volblocksize; 3655 3656 if (nvprops == NULL) 3657 return (SET_ERROR(EINVAL)); 3658 if (nvlist_lookup_uint64(nvprops, 3659 zfs_prop_to_name(ZFS_PROP_VOLSIZE), &volsize) != 0) 3660 return (SET_ERROR(EINVAL)); 3661 3662 if ((error = nvlist_lookup_uint64(nvprops, 3663 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE), 3664 &volblocksize)) != 0 && error != ENOENT) 3665 return (SET_ERROR(EINVAL)); 3666 3667 if (error != 0) 3668 volblocksize = zfs_prop_default_numeric( 3669 ZFS_PROP_VOLBLOCKSIZE); 3670 3671 if ((error = zvol_check_volblocksize(fsname, 3672 volblocksize)) != 0 || 3673 (error = zvol_check_volsize(volsize, 3674 volblocksize)) != 0) 3675 return (error); 3676 } else if (type == DMU_OST_ZFS) { 3677 int error; 3678 3679 /* 3680 * We have to have normalization and 3681 * case-folding flags correct when we do the 3682 * file system creation, so go figure them out 3683 * now. 3684 */ 3685 VERIFY0(nvlist_alloc(&zct.zct_zplprops, 3686 NV_UNIQUE_NAME, KM_SLEEP)); 3687 error = zfs_fill_zplprops(fsname, nvprops, 3688 zct.zct_zplprops, &is_insensitive); 3689 if (error != 0) { 3690 nvlist_free(zct.zct_zplprops); 3691 return (error); 3692 } 3693 } 3694 3695 error = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, nvprops, 3696 hidden_args, &dcp); 3697 if (error != 0) { 3698 nvlist_free(zct.zct_zplprops); 3699 return (error); 3700 } 3701 3702 error = dmu_objset_create(fsname, type, 3703 is_insensitive ? DS_FLAG_CI_DATASET : 0, dcp, cbfunc, &zct); 3704 3705 nvlist_free(zct.zct_zplprops); 3706 dsl_crypto_params_free(dcp, !!error); 3707 3708 /* 3709 * It would be nice to do this atomically. 3710 */ 3711 if (error == 0) { 3712 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL, 3713 nvprops, outnvl); 3714 if (error != 0) { 3715 spa_t *spa; 3716 int error2; 3717 3718 /* 3719 * Volumes will return EBUSY and cannot be destroyed 3720 * until all asynchronous minor handling (e.g. from 3721 * setting the volmode property) has completed. Wait for 3722 * the spa_zvol_taskq to drain then retry. 3723 */ 3724 error2 = dsl_destroy_head(fsname); 3725 while ((error2 == EBUSY) && (type == DMU_OST_ZVOL)) { 3726 error2 = spa_open(fsname, &spa, FTAG); 3727 if (error2 == 0) { 3728 taskq_wait(spa->spa_zvol_taskq); 3729 spa_close(spa, FTAG); 3730 } 3731 error2 = dsl_destroy_head(fsname); 3732 } 3733 } 3734 } 3735 return (error); 3736 } 3737 3738 /* 3739 * innvl: { 3740 * "origin" -> name of origin snapshot 3741 * (optional) "props" -> { prop -> value } 3742 * (optional) "hidden_args" -> { "wkeydata" -> value } 3743 * raw uint8_t array of encryption wrapping key data (32 bytes) 3744 * } 3745 * 3746 * outputs: 3747 * outnvl: propname -> error code (int32) 3748 */ 3749 static const zfs_ioc_key_t zfs_keys_clone[] = { 3750 {"origin", DATA_TYPE_STRING, 0}, 3751 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 3752 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 3753 }; 3754 3755 static int 3756 zfs_ioc_clone(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3757 { 3758 int error = 0; 3759 nvlist_t *nvprops = NULL; 3760 const char *origin_name; 3761 3762 origin_name = fnvlist_lookup_string(innvl, "origin"); 3763 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops); 3764 3765 if (strchr(fsname, '@') || 3766 strchr(fsname, '%')) 3767 return (SET_ERROR(EINVAL)); 3768 3769 if (dataset_namecheck(origin_name, NULL, NULL) != 0) 3770 return (SET_ERROR(EINVAL)); 3771 3772 error = dsl_dataset_clone(fsname, origin_name); 3773 3774 /* 3775 * It would be nice to do this atomically. 3776 */ 3777 if (error == 0) { 3778 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL, 3779 nvprops, outnvl); 3780 if (error != 0) 3781 (void) dsl_destroy_head(fsname); 3782 } 3783 return (error); 3784 } 3785 3786 static const zfs_ioc_key_t zfs_keys_remap[] = { 3787 /* no nvl keys */ 3788 }; 3789 3790 static int 3791 zfs_ioc_remap(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3792 { 3793 /* This IOCTL is no longer supported. */ 3794 (void) fsname, (void) innvl, (void) outnvl; 3795 return (0); 3796 } 3797 3798 /* 3799 * innvl: { 3800 * "snaps" -> { snapshot1, snapshot2 } 3801 * (optional) "props" -> { prop -> value (string) } 3802 * } 3803 * 3804 * outnvl: snapshot -> error code (int32) 3805 */ 3806 static const zfs_ioc_key_t zfs_keys_snapshot[] = { 3807 {"snaps", DATA_TYPE_NVLIST, 0}, 3808 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 3809 }; 3810 3811 static int 3812 zfs_ioc_snapshot(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3813 { 3814 nvlist_t *snaps; 3815 nvlist_t *props = NULL; 3816 int error, poollen; 3817 nvpair_t *pair; 3818 3819 (void) nvlist_lookup_nvlist(innvl, "props", &props); 3820 if (!nvlist_empty(props) && 3821 zfs_earlier_version(poolname, SPA_VERSION_SNAP_PROPS)) 3822 return (SET_ERROR(ENOTSUP)); 3823 if ((error = zfs_check_userprops(props)) != 0) 3824 return (error); 3825 3826 snaps = fnvlist_lookup_nvlist(innvl, "snaps"); 3827 poollen = strlen(poolname); 3828 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 3829 pair = nvlist_next_nvpair(snaps, pair)) { 3830 const char *name = nvpair_name(pair); 3831 char *cp = strchr(name, '@'); 3832 3833 /* 3834 * The snap name must contain an @, and the part after it must 3835 * contain only valid characters. 3836 */ 3837 if (cp == NULL || 3838 zfs_component_namecheck(cp + 1, NULL, NULL) != 0) 3839 return (SET_ERROR(EINVAL)); 3840 3841 /* 3842 * The snap must be in the specified pool. 3843 */ 3844 if (strncmp(name, poolname, poollen) != 0 || 3845 (name[poollen] != '/' && name[poollen] != '@')) 3846 return (SET_ERROR(EXDEV)); 3847 3848 /* 3849 * Check for permission to set the properties on the fs. 3850 */ 3851 if (!nvlist_empty(props)) { 3852 *cp = '\0'; 3853 error = zfs_secpolicy_write_perms(name, 3854 ZFS_DELEG_PERM_USERPROP, CRED()); 3855 *cp = '@'; 3856 if (error != 0) 3857 return (error); 3858 } 3859 3860 /* This must be the only snap of this fs. */ 3861 for (nvpair_t *pair2 = nvlist_next_nvpair(snaps, pair); 3862 pair2 != NULL; pair2 = nvlist_next_nvpair(snaps, pair2)) { 3863 if (strncmp(name, nvpair_name(pair2), cp - name + 1) 3864 == 0) { 3865 return (SET_ERROR(EXDEV)); 3866 } 3867 } 3868 } 3869 3870 error = dsl_dataset_snapshot(snaps, props, outnvl); 3871 3872 return (error); 3873 } 3874 3875 /* 3876 * innvl: "message" -> string 3877 */ 3878 static const zfs_ioc_key_t zfs_keys_log_history[] = { 3879 {"message", DATA_TYPE_STRING, 0}, 3880 }; 3881 3882 static int 3883 zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl) 3884 { 3885 (void) unused, (void) outnvl; 3886 const char *message; 3887 char *poolname; 3888 spa_t *spa; 3889 int error; 3890 3891 /* 3892 * The poolname in the ioctl is not set, we get it from the TSD, 3893 * which was set at the end of the last successful ioctl that allows 3894 * logging. The secpolicy func already checked that it is set. 3895 * Only one log ioctl is allowed after each successful ioctl, so 3896 * we clear the TSD here. 3897 */ 3898 poolname = tsd_get(zfs_allow_log_key); 3899 if (poolname == NULL) 3900 return (SET_ERROR(EINVAL)); 3901 (void) tsd_set(zfs_allow_log_key, NULL); 3902 error = spa_open(poolname, &spa, FTAG); 3903 kmem_strfree(poolname); 3904 if (error != 0) 3905 return (error); 3906 3907 message = fnvlist_lookup_string(innvl, "message"); 3908 3909 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) { 3910 spa_close(spa, FTAG); 3911 return (SET_ERROR(ENOTSUP)); 3912 } 3913 3914 error = spa_history_log(spa, message); 3915 spa_close(spa, FTAG); 3916 return (error); 3917 } 3918 3919 /* 3920 * This ioctl is used to set the bootenv configuration on the current 3921 * pool. This configuration is stored in the second padding area of the label, 3922 * and it is used by the bootloader(s) to store the bootloader and/or system 3923 * specific data. 3924 * The data is stored as nvlist data stream, and is protected by 3925 * an embedded checksum. 3926 * The version can have two possible values: 3927 * VB_RAW: nvlist should have key GRUB_ENVMAP, value DATA_TYPE_STRING. 3928 * VB_NVLIST: nvlist with arbitrary <key, value> pairs. 3929 */ 3930 static const zfs_ioc_key_t zfs_keys_set_bootenv[] = { 3931 {"version", DATA_TYPE_UINT64, 0}, 3932 {"<keys>", DATA_TYPE_ANY, ZK_OPTIONAL | ZK_WILDCARDLIST}, 3933 }; 3934 3935 static int 3936 zfs_ioc_set_bootenv(const char *name, nvlist_t *innvl, nvlist_t *outnvl) 3937 { 3938 int error; 3939 spa_t *spa; 3940 3941 if ((error = spa_open(name, &spa, FTAG)) != 0) 3942 return (error); 3943 spa_vdev_state_enter(spa, SCL_ALL); 3944 error = vdev_label_write_bootenv(spa->spa_root_vdev, innvl); 3945 (void) spa_vdev_state_exit(spa, NULL, 0); 3946 spa_close(spa, FTAG); 3947 return (error); 3948 } 3949 3950 static const zfs_ioc_key_t zfs_keys_get_bootenv[] = { 3951 /* no nvl keys */ 3952 }; 3953 3954 static int 3955 zfs_ioc_get_bootenv(const char *name, nvlist_t *innvl, nvlist_t *outnvl) 3956 { 3957 spa_t *spa; 3958 int error; 3959 3960 if ((error = spa_open(name, &spa, FTAG)) != 0) 3961 return (error); 3962 spa_vdev_state_enter(spa, SCL_ALL); 3963 error = vdev_label_read_bootenv(spa->spa_root_vdev, outnvl); 3964 (void) spa_vdev_state_exit(spa, NULL, 0); 3965 spa_close(spa, FTAG); 3966 return (error); 3967 } 3968 3969 /* 3970 * The dp_config_rwlock must not be held when calling this, because the 3971 * unmount may need to write out data. 3972 * 3973 * This function is best-effort. Callers must deal gracefully if it 3974 * remains mounted (or is remounted after this call). 3975 * 3976 * Returns 0 if the argument is not a snapshot, or it is not currently a 3977 * filesystem, or we were able to unmount it. Returns error code otherwise. 3978 */ 3979 void 3980 zfs_unmount_snap(const char *snapname) 3981 { 3982 if (strchr(snapname, '@') == NULL) 3983 return; 3984 3985 (void) zfsctl_snapshot_unmount(snapname, MNT_FORCE); 3986 } 3987 3988 static int 3989 zfs_unmount_snap_cb(const char *snapname, void *arg) 3990 { 3991 (void) arg; 3992 zfs_unmount_snap(snapname); 3993 return (0); 3994 } 3995 3996 /* 3997 * When a clone is destroyed, its origin may also need to be destroyed, 3998 * in which case it must be unmounted. This routine will do that unmount 3999 * if necessary. 4000 */ 4001 void 4002 zfs_destroy_unmount_origin(const char *fsname) 4003 { 4004 int error; 4005 objset_t *os; 4006 dsl_dataset_t *ds; 4007 4008 error = dmu_objset_hold(fsname, FTAG, &os); 4009 if (error != 0) 4010 return; 4011 ds = dmu_objset_ds(os); 4012 if (dsl_dir_is_clone(ds->ds_dir) && DS_IS_DEFER_DESTROY(ds->ds_prev)) { 4013 char originname[ZFS_MAX_DATASET_NAME_LEN]; 4014 dsl_dataset_name(ds->ds_prev, originname); 4015 dmu_objset_rele(os, FTAG); 4016 zfs_unmount_snap(originname); 4017 } else { 4018 dmu_objset_rele(os, FTAG); 4019 } 4020 } 4021 4022 /* 4023 * innvl: { 4024 * "snaps" -> { snapshot1, snapshot2 } 4025 * (optional boolean) "defer" 4026 * } 4027 * 4028 * outnvl: snapshot -> error code (int32) 4029 */ 4030 static const zfs_ioc_key_t zfs_keys_destroy_snaps[] = { 4031 {"snaps", DATA_TYPE_NVLIST, 0}, 4032 {"defer", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 4033 }; 4034 4035 static int 4036 zfs_ioc_destroy_snaps(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 4037 { 4038 int poollen; 4039 nvlist_t *snaps; 4040 nvpair_t *pair; 4041 boolean_t defer; 4042 spa_t *spa; 4043 4044 snaps = fnvlist_lookup_nvlist(innvl, "snaps"); 4045 defer = nvlist_exists(innvl, "defer"); 4046 4047 poollen = strlen(poolname); 4048 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 4049 pair = nvlist_next_nvpair(snaps, pair)) { 4050 const char *name = nvpair_name(pair); 4051 4052 /* 4053 * The snap must be in the specified pool to prevent the 4054 * invalid removal of zvol minors below. 4055 */ 4056 if (strncmp(name, poolname, poollen) != 0 || 4057 (name[poollen] != '/' && name[poollen] != '@')) 4058 return (SET_ERROR(EXDEV)); 4059 4060 zfs_unmount_snap(nvpair_name(pair)); 4061 if (spa_open(name, &spa, FTAG) == 0) { 4062 zvol_remove_minors(spa, name, B_TRUE); 4063 spa_close(spa, FTAG); 4064 } 4065 } 4066 4067 return (dsl_destroy_snapshots_nvl(snaps, defer, outnvl)); 4068 } 4069 4070 /* 4071 * Create bookmarks. The bookmark names are of the form <fs>#<bmark>. 4072 * All bookmarks and snapshots must be in the same pool. 4073 * dsl_bookmark_create_nvl_validate describes the nvlist schema in more detail. 4074 * 4075 * innvl: { 4076 * new_bookmark1 -> existing_snapshot, 4077 * new_bookmark2 -> existing_bookmark, 4078 * } 4079 * 4080 * outnvl: bookmark -> error code (int32) 4081 * 4082 */ 4083 static const zfs_ioc_key_t zfs_keys_bookmark[] = { 4084 {"<bookmark>...", DATA_TYPE_STRING, ZK_WILDCARDLIST}, 4085 }; 4086 4087 static int 4088 zfs_ioc_bookmark(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 4089 { 4090 (void) poolname; 4091 return (dsl_bookmark_create(innvl, outnvl)); 4092 } 4093 4094 /* 4095 * innvl: { 4096 * property 1, property 2, ... 4097 * } 4098 * 4099 * outnvl: { 4100 * bookmark name 1 -> { property 1, property 2, ... }, 4101 * bookmark name 2 -> { property 1, property 2, ... } 4102 * } 4103 * 4104 */ 4105 static const zfs_ioc_key_t zfs_keys_get_bookmarks[] = { 4106 {"<property>...", DATA_TYPE_BOOLEAN, ZK_WILDCARDLIST | ZK_OPTIONAL}, 4107 }; 4108 4109 static int 4110 zfs_ioc_get_bookmarks(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 4111 { 4112 return (dsl_get_bookmarks(fsname, innvl, outnvl)); 4113 } 4114 4115 /* 4116 * innvl is not used. 4117 * 4118 * outnvl: { 4119 * property 1, property 2, ... 4120 * } 4121 * 4122 */ 4123 static const zfs_ioc_key_t zfs_keys_get_bookmark_props[] = { 4124 /* no nvl keys */ 4125 }; 4126 4127 static int 4128 zfs_ioc_get_bookmark_props(const char *bookmark, nvlist_t *innvl, 4129 nvlist_t *outnvl) 4130 { 4131 (void) innvl; 4132 char fsname[ZFS_MAX_DATASET_NAME_LEN]; 4133 char *bmname; 4134 4135 bmname = strchr(bookmark, '#'); 4136 if (bmname == NULL) 4137 return (SET_ERROR(EINVAL)); 4138 bmname++; 4139 4140 (void) strlcpy(fsname, bookmark, sizeof (fsname)); 4141 *(strchr(fsname, '#')) = '\0'; 4142 4143 return (dsl_get_bookmark_props(fsname, bmname, outnvl)); 4144 } 4145 4146 /* 4147 * innvl: { 4148 * bookmark name 1, bookmark name 2 4149 * } 4150 * 4151 * outnvl: bookmark -> error code (int32) 4152 * 4153 */ 4154 static const zfs_ioc_key_t zfs_keys_destroy_bookmarks[] = { 4155 {"<bookmark>...", DATA_TYPE_BOOLEAN, ZK_WILDCARDLIST}, 4156 }; 4157 4158 static int 4159 zfs_ioc_destroy_bookmarks(const char *poolname, nvlist_t *innvl, 4160 nvlist_t *outnvl) 4161 { 4162 int error, poollen; 4163 4164 poollen = strlen(poolname); 4165 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL); 4166 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) { 4167 const char *name = nvpair_name(pair); 4168 const char *cp = strchr(name, '#'); 4169 4170 /* 4171 * The bookmark name must contain an #, and the part after it 4172 * must contain only valid characters. 4173 */ 4174 if (cp == NULL || 4175 zfs_component_namecheck(cp + 1, NULL, NULL) != 0) 4176 return (SET_ERROR(EINVAL)); 4177 4178 /* 4179 * The bookmark must be in the specified pool. 4180 */ 4181 if (strncmp(name, poolname, poollen) != 0 || 4182 (name[poollen] != '/' && name[poollen] != '#')) 4183 return (SET_ERROR(EXDEV)); 4184 } 4185 4186 error = dsl_bookmark_destroy(innvl, outnvl); 4187 return (error); 4188 } 4189 4190 static const zfs_ioc_key_t zfs_keys_channel_program[] = { 4191 {"program", DATA_TYPE_STRING, 0}, 4192 {"arg", DATA_TYPE_ANY, 0}, 4193 {"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL}, 4194 {"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL}, 4195 {"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL}, 4196 }; 4197 4198 static int 4199 zfs_ioc_channel_program(const char *poolname, nvlist_t *innvl, 4200 nvlist_t *outnvl) 4201 { 4202 const char *program; 4203 uint64_t instrlimit, memlimit; 4204 boolean_t sync_flag; 4205 nvpair_t *nvarg = NULL; 4206 4207 program = fnvlist_lookup_string(innvl, ZCP_ARG_PROGRAM); 4208 if (0 != nvlist_lookup_boolean_value(innvl, ZCP_ARG_SYNC, &sync_flag)) { 4209 sync_flag = B_TRUE; 4210 } 4211 if (0 != nvlist_lookup_uint64(innvl, ZCP_ARG_INSTRLIMIT, &instrlimit)) { 4212 instrlimit = ZCP_DEFAULT_INSTRLIMIT; 4213 } 4214 if (0 != nvlist_lookup_uint64(innvl, ZCP_ARG_MEMLIMIT, &memlimit)) { 4215 memlimit = ZCP_DEFAULT_MEMLIMIT; 4216 } 4217 nvarg = fnvlist_lookup_nvpair(innvl, ZCP_ARG_ARGLIST); 4218 4219 if (instrlimit == 0 || instrlimit > zfs_lua_max_instrlimit) 4220 return (SET_ERROR(EINVAL)); 4221 if (memlimit == 0 || memlimit > zfs_lua_max_memlimit) 4222 return (SET_ERROR(EINVAL)); 4223 4224 return (zcp_eval(poolname, program, sync_flag, instrlimit, memlimit, 4225 nvarg, outnvl)); 4226 } 4227 4228 /* 4229 * innvl: unused 4230 * outnvl: empty 4231 */ 4232 static const zfs_ioc_key_t zfs_keys_pool_checkpoint[] = { 4233 /* no nvl keys */ 4234 }; 4235 4236 static int 4237 zfs_ioc_pool_checkpoint(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 4238 { 4239 (void) innvl, (void) outnvl; 4240 return (spa_checkpoint(poolname)); 4241 } 4242 4243 /* 4244 * innvl: unused 4245 * outnvl: empty 4246 */ 4247 static const zfs_ioc_key_t zfs_keys_pool_discard_checkpoint[] = { 4248 /* no nvl keys */ 4249 }; 4250 4251 static int 4252 zfs_ioc_pool_discard_checkpoint(const char *poolname, nvlist_t *innvl, 4253 nvlist_t *outnvl) 4254 { 4255 (void) innvl, (void) outnvl; 4256 return (spa_checkpoint_discard(poolname)); 4257 } 4258 4259 /* 4260 * Loads specific types of data for the given pool 4261 * 4262 * innvl: { 4263 * "prefetch_type" -> int32_t 4264 * } 4265 * 4266 * outnvl: empty 4267 */ 4268 static const zfs_ioc_key_t zfs_keys_pool_prefetch[] = { 4269 {ZPOOL_PREFETCH_TYPE, DATA_TYPE_INT32, 0}, 4270 }; 4271 4272 static int 4273 zfs_ioc_pool_prefetch(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 4274 { 4275 (void) outnvl; 4276 4277 int error; 4278 spa_t *spa; 4279 int32_t type; 4280 4281 if (nvlist_lookup_int32(innvl, ZPOOL_PREFETCH_TYPE, &type) != 0) 4282 return (EINVAL); 4283 4284 if (type != ZPOOL_PREFETCH_DDT && type != ZPOOL_PREFETCH_BRT) 4285 return (EINVAL); 4286 4287 error = spa_open(poolname, &spa, FTAG); 4288 if (error != 0) 4289 return (error); 4290 4291 hrtime_t start_time = gethrtime(); 4292 4293 if (type == ZPOOL_PREFETCH_DDT) { 4294 ddt_prefetch_all(spa); 4295 zfs_dbgmsg("pool '%s': loaded ddt into ARC in %llu ms", 4296 spa->spa_name, 4297 (u_longlong_t)NSEC2MSEC(gethrtime() - start_time)); 4298 } else { 4299 brt_prefetch_all(spa); 4300 zfs_dbgmsg("pool '%s': loaded brt into ARC in %llu ms", 4301 spa->spa_name, 4302 (u_longlong_t)NSEC2MSEC(gethrtime() - start_time)); 4303 } 4304 4305 spa_close(spa, FTAG); 4306 4307 return (error); 4308 } 4309 4310 /* 4311 * inputs: 4312 * zc_name name of dataset to destroy 4313 * zc_defer_destroy mark for deferred destroy 4314 * 4315 * outputs: none 4316 */ 4317 static int 4318 zfs_ioc_destroy(zfs_cmd_t *zc) 4319 { 4320 objset_t *os; 4321 dmu_objset_type_t ost; 4322 int err; 4323 4324 err = dmu_objset_hold(zc->zc_name, FTAG, &os); 4325 if (err != 0) 4326 return (err); 4327 ost = dmu_objset_type(os); 4328 dmu_objset_rele(os, FTAG); 4329 4330 if (ost == DMU_OST_ZFS) 4331 zfs_unmount_snap(zc->zc_name); 4332 4333 if (strchr(zc->zc_name, '@')) { 4334 err = dsl_destroy_snapshot(zc->zc_name, zc->zc_defer_destroy); 4335 } else { 4336 err = dsl_destroy_head(zc->zc_name); 4337 if (err == EEXIST) { 4338 /* 4339 * It is possible that the given DS may have 4340 * hidden child (%recv) datasets - "leftovers" 4341 * resulting from the previously interrupted 4342 * 'zfs receive'. 4343 * 4344 * 6 extra bytes for /%recv 4345 */ 4346 char namebuf[ZFS_MAX_DATASET_NAME_LEN + 6]; 4347 4348 if (snprintf(namebuf, sizeof (namebuf), "%s/%s", 4349 zc->zc_name, recv_clone_name) >= 4350 sizeof (namebuf)) 4351 return (SET_ERROR(EINVAL)); 4352 4353 /* 4354 * Try to remove the hidden child (%recv) and after 4355 * that try to remove the target dataset. 4356 * If the hidden child (%recv) does not exist 4357 * the original error (EEXIST) will be returned 4358 */ 4359 err = dsl_destroy_head(namebuf); 4360 if (err == 0) 4361 err = dsl_destroy_head(zc->zc_name); 4362 else if (err == ENOENT) 4363 err = SET_ERROR(EEXIST); 4364 } 4365 } 4366 4367 return (err); 4368 } 4369 4370 /* 4371 * innvl: { 4372 * "initialize_command" -> POOL_INITIALIZE_{CANCEL|START|SUSPEND} (uint64) 4373 * "initialize_vdevs": { -> guids to initialize (nvlist) 4374 * "vdev_path_1": vdev_guid_1, (uint64), 4375 * "vdev_path_2": vdev_guid_2, (uint64), 4376 * ... 4377 * }, 4378 * } 4379 * 4380 * outnvl: { 4381 * "initialize_vdevs": { -> initialization errors (nvlist) 4382 * "vdev_path_1": errno, see function body for possible errnos (uint64) 4383 * "vdev_path_2": errno, ... (uint64) 4384 * ... 4385 * } 4386 * } 4387 * 4388 * EINVAL is returned for an unknown commands or if any of the provided vdev 4389 * guids have be specified with a type other than uint64. 4390 */ 4391 static const zfs_ioc_key_t zfs_keys_pool_initialize[] = { 4392 {ZPOOL_INITIALIZE_COMMAND, DATA_TYPE_UINT64, 0}, 4393 {ZPOOL_INITIALIZE_VDEVS, DATA_TYPE_NVLIST, 0} 4394 }; 4395 4396 static int 4397 zfs_ioc_pool_initialize(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 4398 { 4399 uint64_t cmd_type; 4400 if (nvlist_lookup_uint64(innvl, ZPOOL_INITIALIZE_COMMAND, 4401 &cmd_type) != 0) { 4402 return (SET_ERROR(EINVAL)); 4403 } 4404 4405 if (!(cmd_type == POOL_INITIALIZE_CANCEL || 4406 cmd_type == POOL_INITIALIZE_START || 4407 cmd_type == POOL_INITIALIZE_SUSPEND || 4408 cmd_type == POOL_INITIALIZE_UNINIT)) { 4409 return (SET_ERROR(EINVAL)); 4410 } 4411 4412 nvlist_t *vdev_guids; 4413 if (nvlist_lookup_nvlist(innvl, ZPOOL_INITIALIZE_VDEVS, 4414 &vdev_guids) != 0) { 4415 return (SET_ERROR(EINVAL)); 4416 } 4417 4418 for (nvpair_t *pair = nvlist_next_nvpair(vdev_guids, NULL); 4419 pair != NULL; pair = nvlist_next_nvpair(vdev_guids, pair)) { 4420 uint64_t vdev_guid; 4421 if (nvpair_value_uint64(pair, &vdev_guid) != 0) { 4422 return (SET_ERROR(EINVAL)); 4423 } 4424 } 4425 4426 spa_t *spa; 4427 int error = spa_open(poolname, &spa, FTAG); 4428 if (error != 0) 4429 return (error); 4430 4431 nvlist_t *vdev_errlist = fnvlist_alloc(); 4432 int total_errors = spa_vdev_initialize(spa, vdev_guids, cmd_type, 4433 vdev_errlist); 4434 4435 if (fnvlist_size(vdev_errlist) > 0) { 4436 fnvlist_add_nvlist(outnvl, ZPOOL_INITIALIZE_VDEVS, 4437 vdev_errlist); 4438 } 4439 fnvlist_free(vdev_errlist); 4440 4441 spa_close(spa, FTAG); 4442 return (total_errors > 0 ? SET_ERROR(EINVAL) : 0); 4443 } 4444 4445 /* 4446 * innvl: { 4447 * "trim_command" -> POOL_TRIM_{CANCEL|START|SUSPEND} (uint64) 4448 * "trim_vdevs": { -> guids to TRIM (nvlist) 4449 * "vdev_path_1": vdev_guid_1, (uint64), 4450 * "vdev_path_2": vdev_guid_2, (uint64), 4451 * ... 4452 * }, 4453 * "trim_rate" -> Target TRIM rate in bytes/sec. 4454 * "trim_secure" -> Set to request a secure TRIM. 4455 * } 4456 * 4457 * outnvl: { 4458 * "trim_vdevs": { -> TRIM errors (nvlist) 4459 * "vdev_path_1": errno, see function body for possible errnos (uint64) 4460 * "vdev_path_2": errno, ... (uint64) 4461 * ... 4462 * } 4463 * } 4464 * 4465 * EINVAL is returned for an unknown commands or if any of the provided vdev 4466 * guids have be specified with a type other than uint64. 4467 */ 4468 static const zfs_ioc_key_t zfs_keys_pool_trim[] = { 4469 {ZPOOL_TRIM_COMMAND, DATA_TYPE_UINT64, 0}, 4470 {ZPOOL_TRIM_VDEVS, DATA_TYPE_NVLIST, 0}, 4471 {ZPOOL_TRIM_RATE, DATA_TYPE_UINT64, ZK_OPTIONAL}, 4472 {ZPOOL_TRIM_SECURE, DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL}, 4473 }; 4474 4475 static int 4476 zfs_ioc_pool_trim(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 4477 { 4478 uint64_t cmd_type; 4479 if (nvlist_lookup_uint64(innvl, ZPOOL_TRIM_COMMAND, &cmd_type) != 0) 4480 return (SET_ERROR(EINVAL)); 4481 4482 if (!(cmd_type == POOL_TRIM_CANCEL || 4483 cmd_type == POOL_TRIM_START || 4484 cmd_type == POOL_TRIM_SUSPEND)) { 4485 return (SET_ERROR(EINVAL)); 4486 } 4487 4488 nvlist_t *vdev_guids; 4489 if (nvlist_lookup_nvlist(innvl, ZPOOL_TRIM_VDEVS, &vdev_guids) != 0) 4490 return (SET_ERROR(EINVAL)); 4491 4492 for (nvpair_t *pair = nvlist_next_nvpair(vdev_guids, NULL); 4493 pair != NULL; pair = nvlist_next_nvpair(vdev_guids, pair)) { 4494 uint64_t vdev_guid; 4495 if (nvpair_value_uint64(pair, &vdev_guid) != 0) { 4496 return (SET_ERROR(EINVAL)); 4497 } 4498 } 4499 4500 /* Optional, defaults to maximum rate when not provided */ 4501 uint64_t rate; 4502 if (nvlist_lookup_uint64(innvl, ZPOOL_TRIM_RATE, &rate) != 0) 4503 rate = 0; 4504 4505 /* Optional, defaults to standard TRIM when not provided */ 4506 boolean_t secure; 4507 if (nvlist_lookup_boolean_value(innvl, ZPOOL_TRIM_SECURE, 4508 &secure) != 0) { 4509 secure = B_FALSE; 4510 } 4511 4512 spa_t *spa; 4513 int error = spa_open(poolname, &spa, FTAG); 4514 if (error != 0) 4515 return (error); 4516 4517 nvlist_t *vdev_errlist = fnvlist_alloc(); 4518 int total_errors = spa_vdev_trim(spa, vdev_guids, cmd_type, 4519 rate, !!zfs_trim_metaslab_skip, secure, vdev_errlist); 4520 4521 if (fnvlist_size(vdev_errlist) > 0) 4522 fnvlist_add_nvlist(outnvl, ZPOOL_TRIM_VDEVS, vdev_errlist); 4523 4524 fnvlist_free(vdev_errlist); 4525 4526 spa_close(spa, FTAG); 4527 return (total_errors > 0 ? SET_ERROR(EINVAL) : 0); 4528 } 4529 4530 #define DDT_PRUNE_UNIT "ddt_prune_unit" 4531 #define DDT_PRUNE_AMOUNT "ddt_prune_amount" 4532 4533 /* 4534 * innvl: { 4535 * "ddt_prune_unit" -> uint32_t 4536 * "ddt_prune_amount" -> uint64_t 4537 * } 4538 * 4539 * outnvl: "waited" -> boolean_t 4540 */ 4541 static const zfs_ioc_key_t zfs_keys_ddt_prune[] = { 4542 {DDT_PRUNE_UNIT, DATA_TYPE_INT32, 0}, 4543 {DDT_PRUNE_AMOUNT, DATA_TYPE_UINT64, 0}, 4544 }; 4545 4546 static int 4547 zfs_ioc_ddt_prune(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 4548 { 4549 int32_t unit; 4550 uint64_t amount; 4551 4552 if (nvlist_lookup_int32(innvl, DDT_PRUNE_UNIT, &unit) != 0 || 4553 nvlist_lookup_uint64(innvl, DDT_PRUNE_AMOUNT, &amount) != 0) { 4554 return (EINVAL); 4555 } 4556 4557 spa_t *spa; 4558 int error = spa_open(poolname, &spa, FTAG); 4559 if (error != 0) 4560 return (error); 4561 4562 if (!spa_feature_is_enabled(spa, SPA_FEATURE_FAST_DEDUP)) { 4563 spa_close(spa, FTAG); 4564 return (SET_ERROR(ENOTSUP)); 4565 } 4566 4567 error = ddt_prune_unique_entries(spa, (zpool_ddt_prune_unit_t)unit, 4568 amount); 4569 4570 spa_close(spa, FTAG); 4571 4572 return (error); 4573 } 4574 4575 /* 4576 * This ioctl waits for activity of a particular type to complete. If there is 4577 * no activity of that type in progress, it returns immediately, and the 4578 * returned value "waited" is false. If there is activity in progress, and no 4579 * tag is passed in, the ioctl blocks until all activity of that type is 4580 * complete, and then returns with "waited" set to true. 4581 * 4582 * If a tag is provided, it identifies a particular instance of an activity to 4583 * wait for. Currently, this is only valid for use with 'initialize', because 4584 * that is the only activity for which there can be multiple instances running 4585 * concurrently. In the case of 'initialize', the tag corresponds to the guid of 4586 * the vdev on which to wait. 4587 * 4588 * If a thread waiting in the ioctl receives a signal, the call will return 4589 * immediately, and the return value will be EINTR. 4590 * 4591 * innvl: { 4592 * "wait_activity" -> int32_t 4593 * (optional) "wait_tag" -> uint64_t 4594 * } 4595 * 4596 * outnvl: "waited" -> boolean_t 4597 */ 4598 static const zfs_ioc_key_t zfs_keys_pool_wait[] = { 4599 {ZPOOL_WAIT_ACTIVITY, DATA_TYPE_INT32, 0}, 4600 {ZPOOL_WAIT_TAG, DATA_TYPE_UINT64, ZK_OPTIONAL}, 4601 }; 4602 4603 static int 4604 zfs_ioc_wait(const char *name, nvlist_t *innvl, nvlist_t *outnvl) 4605 { 4606 int32_t activity; 4607 uint64_t tag; 4608 boolean_t waited; 4609 int error; 4610 4611 if (nvlist_lookup_int32(innvl, ZPOOL_WAIT_ACTIVITY, &activity) != 0) 4612 return (EINVAL); 4613 4614 if (nvlist_lookup_uint64(innvl, ZPOOL_WAIT_TAG, &tag) == 0) 4615 error = spa_wait_tag(name, activity, tag, &waited); 4616 else 4617 error = spa_wait(name, activity, &waited); 4618 4619 if (error == 0) 4620 fnvlist_add_boolean_value(outnvl, ZPOOL_WAIT_WAITED, waited); 4621 4622 return (error); 4623 } 4624 4625 /* 4626 * This ioctl waits for activity of a particular type to complete. If there is 4627 * no activity of that type in progress, it returns immediately, and the 4628 * returned value "waited" is false. If there is activity in progress, and no 4629 * tag is passed in, the ioctl blocks until all activity of that type is 4630 * complete, and then returns with "waited" set to true. 4631 * 4632 * If a thread waiting in the ioctl receives a signal, the call will return 4633 * immediately, and the return value will be EINTR. 4634 * 4635 * innvl: { 4636 * "wait_activity" -> int32_t 4637 * } 4638 * 4639 * outnvl: "waited" -> boolean_t 4640 */ 4641 static const zfs_ioc_key_t zfs_keys_fs_wait[] = { 4642 {ZFS_WAIT_ACTIVITY, DATA_TYPE_INT32, 0}, 4643 }; 4644 4645 static int 4646 zfs_ioc_wait_fs(const char *name, nvlist_t *innvl, nvlist_t *outnvl) 4647 { 4648 int32_t activity; 4649 boolean_t waited = B_FALSE; 4650 int error; 4651 dsl_pool_t *dp; 4652 dsl_dir_t *dd; 4653 dsl_dataset_t *ds; 4654 4655 if (nvlist_lookup_int32(innvl, ZFS_WAIT_ACTIVITY, &activity) != 0) 4656 return (SET_ERROR(EINVAL)); 4657 4658 if (activity >= ZFS_WAIT_NUM_ACTIVITIES || activity < 0) 4659 return (SET_ERROR(EINVAL)); 4660 4661 if ((error = dsl_pool_hold(name, FTAG, &dp)) != 0) 4662 return (error); 4663 4664 if ((error = dsl_dataset_hold(dp, name, FTAG, &ds)) != 0) { 4665 dsl_pool_rele(dp, FTAG); 4666 return (error); 4667 } 4668 4669 dd = ds->ds_dir; 4670 mutex_enter(&dd->dd_activity_lock); 4671 dd->dd_activity_waiters++; 4672 4673 /* 4674 * We get a long-hold here so that the dsl_dataset_t and dsl_dir_t 4675 * aren't evicted while we're waiting. Normally this is prevented by 4676 * holding the pool, but we can't do that while we're waiting since 4677 * that would prevent TXGs from syncing out. Some of the functionality 4678 * of long-holds (e.g. preventing deletion) is unnecessary for this 4679 * case, since we would cancel the waiters before proceeding with a 4680 * deletion. An alternative mechanism for keeping the dataset around 4681 * could be developed but this is simpler. 4682 */ 4683 dsl_dataset_long_hold(ds, FTAG); 4684 dsl_pool_rele(dp, FTAG); 4685 4686 error = dsl_dir_wait(dd, ds, activity, &waited); 4687 4688 dsl_dataset_long_rele(ds, FTAG); 4689 dd->dd_activity_waiters--; 4690 if (dd->dd_activity_waiters == 0) 4691 cv_signal(&dd->dd_activity_cv); 4692 mutex_exit(&dd->dd_activity_lock); 4693 4694 dsl_dataset_rele(ds, FTAG); 4695 4696 if (error == 0) 4697 fnvlist_add_boolean_value(outnvl, ZFS_WAIT_WAITED, waited); 4698 4699 return (error); 4700 } 4701 4702 /* 4703 * fsname is name of dataset to rollback (to most recent snapshot) 4704 * 4705 * innvl may contain name of expected target snapshot 4706 * 4707 * outnvl: "target" -> name of most recent snapshot 4708 * } 4709 */ 4710 static const zfs_ioc_key_t zfs_keys_rollback[] = { 4711 {"target", DATA_TYPE_STRING, ZK_OPTIONAL}, 4712 }; 4713 4714 static int 4715 zfs_ioc_rollback(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 4716 { 4717 zfsvfs_t *zfsvfs; 4718 zvol_state_handle_t *zv; 4719 const char *target = NULL; 4720 int error; 4721 4722 (void) nvlist_lookup_string(innvl, "target", &target); 4723 if (target != NULL) { 4724 const char *cp = strchr(target, '@'); 4725 4726 /* 4727 * The snap name must contain an @, and the part after it must 4728 * contain only valid characters. 4729 */ 4730 if (cp == NULL || 4731 zfs_component_namecheck(cp + 1, NULL, NULL) != 0) 4732 return (SET_ERROR(EINVAL)); 4733 } 4734 4735 if (getzfsvfs(fsname, &zfsvfs) == 0) { 4736 dsl_dataset_t *ds; 4737 4738 ds = dmu_objset_ds(zfsvfs->z_os); 4739 error = zfs_suspend_fs(zfsvfs); 4740 if (error == 0) { 4741 int resume_err; 4742 4743 error = dsl_dataset_rollback(fsname, target, zfsvfs, 4744 outnvl); 4745 resume_err = zfs_resume_fs(zfsvfs, ds); 4746 error = error ? error : resume_err; 4747 } 4748 zfs_vfs_rele(zfsvfs); 4749 } else if (zvol_suspend(fsname, &zv) == 0) { 4750 error = dsl_dataset_rollback(fsname, target, zvol_tag(zv), 4751 outnvl); 4752 zvol_resume(zv); 4753 } else { 4754 error = dsl_dataset_rollback(fsname, target, NULL, outnvl); 4755 } 4756 return (error); 4757 } 4758 4759 static int 4760 recursive_unmount(const char *fsname, void *arg) 4761 { 4762 const char *snapname = arg; 4763 char *fullname; 4764 4765 fullname = kmem_asprintf("%s@%s", fsname, snapname); 4766 zfs_unmount_snap(fullname); 4767 kmem_strfree(fullname); 4768 4769 return (0); 4770 } 4771 4772 /* 4773 * 4774 * snapname is the snapshot to redact. 4775 * innvl: { 4776 * "bookname" -> (string) 4777 * shortname of the redaction bookmark to generate 4778 * "snapnv" -> (nvlist, values ignored) 4779 * snapshots to redact snapname with respect to 4780 * } 4781 * 4782 * outnvl is unused 4783 */ 4784 4785 static const zfs_ioc_key_t zfs_keys_redact[] = { 4786 {"bookname", DATA_TYPE_STRING, 0}, 4787 {"snapnv", DATA_TYPE_NVLIST, 0}, 4788 }; 4789 4790 static int 4791 zfs_ioc_redact(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl) 4792 { 4793 (void) outnvl; 4794 nvlist_t *redactnvl = NULL; 4795 const char *redactbook = NULL; 4796 4797 if (nvlist_lookup_nvlist(innvl, "snapnv", &redactnvl) != 0) 4798 return (SET_ERROR(EINVAL)); 4799 if (fnvlist_num_pairs(redactnvl) == 0) 4800 return (SET_ERROR(ENXIO)); 4801 if (nvlist_lookup_string(innvl, "bookname", &redactbook) != 0) 4802 return (SET_ERROR(EINVAL)); 4803 4804 return (dmu_redact_snap(snapname, redactnvl, redactbook)); 4805 } 4806 4807 /* 4808 * inputs: 4809 * zc_name old name of dataset 4810 * zc_value new name of dataset 4811 * zc_cookie recursive flag (only valid for snapshots) 4812 * 4813 * outputs: none 4814 */ 4815 static int 4816 zfs_ioc_rename(zfs_cmd_t *zc) 4817 { 4818 objset_t *os; 4819 dmu_objset_type_t ost; 4820 boolean_t recursive = zc->zc_cookie & 1; 4821 boolean_t nounmount = !!(zc->zc_cookie & 2); 4822 char *at; 4823 int err; 4824 4825 /* "zfs rename" from and to ...%recv datasets should both fail */ 4826 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0'; 4827 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0'; 4828 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0 || 4829 dataset_namecheck(zc->zc_value, NULL, NULL) != 0 || 4830 strchr(zc->zc_name, '%') || strchr(zc->zc_value, '%')) 4831 return (SET_ERROR(EINVAL)); 4832 4833 err = dmu_objset_hold(zc->zc_name, FTAG, &os); 4834 if (err != 0) 4835 return (err); 4836 ost = dmu_objset_type(os); 4837 dmu_objset_rele(os, FTAG); 4838 4839 at = strchr(zc->zc_name, '@'); 4840 if (at != NULL) { 4841 /* snaps must be in same fs */ 4842 int error; 4843 4844 if (strncmp(zc->zc_name, zc->zc_value, at - zc->zc_name + 1)) 4845 return (SET_ERROR(EXDEV)); 4846 *at = '\0'; 4847 if (ost == DMU_OST_ZFS && !nounmount) { 4848 error = dmu_objset_find(zc->zc_name, 4849 recursive_unmount, at + 1, 4850 recursive ? DS_FIND_CHILDREN : 0); 4851 if (error != 0) { 4852 *at = '@'; 4853 return (error); 4854 } 4855 } 4856 error = dsl_dataset_rename_snapshot(zc->zc_name, 4857 at + 1, strchr(zc->zc_value, '@') + 1, recursive); 4858 *at = '@'; 4859 4860 return (error); 4861 } else { 4862 return (dsl_dir_rename(zc->zc_name, zc->zc_value)); 4863 } 4864 } 4865 4866 static int 4867 zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr) 4868 { 4869 const char *propname = nvpair_name(pair); 4870 boolean_t issnap = (strchr(dsname, '@') != NULL); 4871 zfs_prop_t prop = zfs_name_to_prop(propname); 4872 uint64_t intval, compval; 4873 int err; 4874 4875 if (prop == ZPROP_USERPROP) { 4876 if (zfs_prop_user(propname)) { 4877 if ((err = zfs_secpolicy_write_perms(dsname, 4878 ZFS_DELEG_PERM_USERPROP, cr))) 4879 return (err); 4880 return (0); 4881 } 4882 4883 if (!issnap && zfs_prop_userquota(propname)) { 4884 const char *perm = NULL; 4885 const char *uq_prefix = 4886 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA]; 4887 const char *gq_prefix = 4888 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA]; 4889 const char *uiq_prefix = 4890 zfs_userquota_prop_prefixes[ZFS_PROP_USEROBJQUOTA]; 4891 const char *giq_prefix = 4892 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPOBJQUOTA]; 4893 const char *pq_prefix = 4894 zfs_userquota_prop_prefixes[ZFS_PROP_PROJECTQUOTA]; 4895 const char *piq_prefix = zfs_userquota_prop_prefixes[\ 4896 ZFS_PROP_PROJECTOBJQUOTA]; 4897 4898 if (strncmp(propname, uq_prefix, 4899 strlen(uq_prefix)) == 0) { 4900 perm = ZFS_DELEG_PERM_USERQUOTA; 4901 } else if (strncmp(propname, uiq_prefix, 4902 strlen(uiq_prefix)) == 0) { 4903 perm = ZFS_DELEG_PERM_USEROBJQUOTA; 4904 } else if (strncmp(propname, gq_prefix, 4905 strlen(gq_prefix)) == 0) { 4906 perm = ZFS_DELEG_PERM_GROUPQUOTA; 4907 } else if (strncmp(propname, giq_prefix, 4908 strlen(giq_prefix)) == 0) { 4909 perm = ZFS_DELEG_PERM_GROUPOBJQUOTA; 4910 } else if (strncmp(propname, pq_prefix, 4911 strlen(pq_prefix)) == 0) { 4912 perm = ZFS_DELEG_PERM_PROJECTQUOTA; 4913 } else if (strncmp(propname, piq_prefix, 4914 strlen(piq_prefix)) == 0) { 4915 perm = ZFS_DELEG_PERM_PROJECTOBJQUOTA; 4916 } else { 4917 /* {USER|GROUP|PROJECT}USED are read-only */ 4918 return (SET_ERROR(EINVAL)); 4919 } 4920 4921 if ((err = zfs_secpolicy_write_perms(dsname, perm, cr))) 4922 return (err); 4923 return (0); 4924 } 4925 4926 return (SET_ERROR(EINVAL)); 4927 } 4928 4929 if (issnap) 4930 return (SET_ERROR(EINVAL)); 4931 4932 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 4933 /* 4934 * dsl_prop_get_all_impl() returns properties in this 4935 * format. 4936 */ 4937 nvlist_t *attrs; 4938 VERIFY0(nvpair_value_nvlist(pair, &attrs)); 4939 VERIFY0(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, &pair)); 4940 } 4941 4942 /* 4943 * Check that this value is valid for this pool version 4944 */ 4945 switch (prop) { 4946 case ZFS_PROP_COMPRESSION: 4947 /* 4948 * If the user specified gzip compression, make sure 4949 * the SPA supports it. We ignore any errors here since 4950 * we'll catch them later. 4951 */ 4952 if (nvpair_value_uint64(pair, &intval) == 0) { 4953 compval = ZIO_COMPRESS_ALGO(intval); 4954 if (compval >= ZIO_COMPRESS_GZIP_1 && 4955 compval <= ZIO_COMPRESS_GZIP_9 && 4956 zfs_earlier_version(dsname, 4957 SPA_VERSION_GZIP_COMPRESSION)) { 4958 return (SET_ERROR(ENOTSUP)); 4959 } 4960 4961 if (compval == ZIO_COMPRESS_ZLE && 4962 zfs_earlier_version(dsname, 4963 SPA_VERSION_ZLE_COMPRESSION)) 4964 return (SET_ERROR(ENOTSUP)); 4965 4966 if (compval == ZIO_COMPRESS_LZ4) { 4967 spa_t *spa; 4968 4969 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 4970 return (err); 4971 4972 if (!spa_feature_is_enabled(spa, 4973 SPA_FEATURE_LZ4_COMPRESS)) { 4974 spa_close(spa, FTAG); 4975 return (SET_ERROR(ENOTSUP)); 4976 } 4977 spa_close(spa, FTAG); 4978 } 4979 4980 if (compval == ZIO_COMPRESS_ZSTD) { 4981 spa_t *spa; 4982 4983 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 4984 return (err); 4985 4986 if (!spa_feature_is_enabled(spa, 4987 SPA_FEATURE_ZSTD_COMPRESS)) { 4988 spa_close(spa, FTAG); 4989 return (SET_ERROR(ENOTSUP)); 4990 } 4991 spa_close(spa, FTAG); 4992 } 4993 } 4994 break; 4995 4996 case ZFS_PROP_COPIES: 4997 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS)) 4998 return (SET_ERROR(ENOTSUP)); 4999 break; 5000 5001 case ZFS_PROP_VOLBLOCKSIZE: 5002 case ZFS_PROP_RECORDSIZE: 5003 /* Record sizes above 128k need the feature to be enabled */ 5004 if (nvpair_value_uint64(pair, &intval) == 0 && 5005 intval > SPA_OLD_MAXBLOCKSIZE) { 5006 spa_t *spa; 5007 5008 /* 5009 * We don't allow setting the property above 1MB, 5010 * unless the tunable has been changed. 5011 */ 5012 if (intval > zfs_max_recordsize || 5013 intval > SPA_MAXBLOCKSIZE) 5014 return (SET_ERROR(ERANGE)); 5015 5016 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 5017 return (err); 5018 5019 if (!spa_feature_is_enabled(spa, 5020 SPA_FEATURE_LARGE_BLOCKS)) { 5021 spa_close(spa, FTAG); 5022 return (SET_ERROR(ENOTSUP)); 5023 } 5024 spa_close(spa, FTAG); 5025 } 5026 break; 5027 5028 case ZFS_PROP_DNODESIZE: 5029 /* Dnode sizes above 512 need the feature to be enabled */ 5030 if (nvpair_value_uint64(pair, &intval) == 0 && 5031 intval != ZFS_DNSIZE_LEGACY) { 5032 spa_t *spa; 5033 5034 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 5035 return (err); 5036 5037 if (!spa_feature_is_enabled(spa, 5038 SPA_FEATURE_LARGE_DNODE)) { 5039 spa_close(spa, FTAG); 5040 return (SET_ERROR(ENOTSUP)); 5041 } 5042 spa_close(spa, FTAG); 5043 } 5044 break; 5045 5046 case ZFS_PROP_SHARESMB: 5047 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID)) 5048 return (SET_ERROR(ENOTSUP)); 5049 break; 5050 5051 case ZFS_PROP_ACLINHERIT: 5052 if (nvpair_type(pair) == DATA_TYPE_UINT64 && 5053 nvpair_value_uint64(pair, &intval) == 0) { 5054 if (intval == ZFS_ACL_PASSTHROUGH_X && 5055 zfs_earlier_version(dsname, 5056 SPA_VERSION_PASSTHROUGH_X)) 5057 return (SET_ERROR(ENOTSUP)); 5058 } 5059 break; 5060 case ZFS_PROP_CHECKSUM: 5061 case ZFS_PROP_DEDUP: 5062 { 5063 spa_feature_t feature; 5064 spa_t *spa; 5065 int err; 5066 5067 /* dedup feature version checks */ 5068 if (prop == ZFS_PROP_DEDUP && 5069 zfs_earlier_version(dsname, SPA_VERSION_DEDUP)) 5070 return (SET_ERROR(ENOTSUP)); 5071 5072 if (nvpair_type(pair) == DATA_TYPE_UINT64 && 5073 nvpair_value_uint64(pair, &intval) == 0) { 5074 /* check prop value is enabled in features */ 5075 feature = zio_checksum_to_feature( 5076 intval & ZIO_CHECKSUM_MASK); 5077 if (feature == SPA_FEATURE_NONE) 5078 break; 5079 5080 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 5081 return (err); 5082 5083 if (!spa_feature_is_enabled(spa, feature)) { 5084 spa_close(spa, FTAG); 5085 return (SET_ERROR(ENOTSUP)); 5086 } 5087 spa_close(spa, FTAG); 5088 } 5089 break; 5090 } 5091 5092 default: 5093 break; 5094 } 5095 5096 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED())); 5097 } 5098 5099 /* 5100 * Removes properties from the given props list that fail permission checks 5101 * needed to clear them and to restore them in case of a receive error. For each 5102 * property, make sure we have both set and inherit permissions. 5103 * 5104 * Returns the first error encountered if any permission checks fail. If the 5105 * caller provides a non-NULL errlist, it also gives the complete list of names 5106 * of all the properties that failed a permission check along with the 5107 * corresponding error numbers. The caller is responsible for freeing the 5108 * returned errlist. 5109 * 5110 * If every property checks out successfully, zero is returned and the list 5111 * pointed at by errlist is NULL. 5112 */ 5113 static int 5114 zfs_check_clearable(const char *dataset, nvlist_t *props, nvlist_t **errlist) 5115 { 5116 zfs_cmd_t *zc; 5117 nvpair_t *pair, *next_pair; 5118 nvlist_t *errors; 5119 int err, rv = 0; 5120 5121 if (props == NULL) 5122 return (0); 5123 5124 VERIFY0(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP)); 5125 5126 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP); 5127 (void) strlcpy(zc->zc_name, dataset, sizeof (zc->zc_name)); 5128 pair = nvlist_next_nvpair(props, NULL); 5129 while (pair != NULL) { 5130 next_pair = nvlist_next_nvpair(props, pair); 5131 5132 (void) strlcpy(zc->zc_value, nvpair_name(pair), 5133 sizeof (zc->zc_value)); 5134 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 || 5135 (err = zfs_secpolicy_inherit_prop(zc, NULL, CRED())) != 0) { 5136 VERIFY0(nvlist_remove_nvpair(props, pair)); 5137 VERIFY0(nvlist_add_int32(errors, zc->zc_value, err)); 5138 } 5139 pair = next_pair; 5140 } 5141 kmem_free(zc, sizeof (zfs_cmd_t)); 5142 5143 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) { 5144 nvlist_free(errors); 5145 errors = NULL; 5146 } else { 5147 VERIFY0(nvpair_value_int32(pair, &rv)); 5148 } 5149 5150 if (errlist == NULL) 5151 nvlist_free(errors); 5152 else 5153 *errlist = errors; 5154 5155 return (rv); 5156 } 5157 5158 static boolean_t 5159 propval_equals(nvpair_t *p1, nvpair_t *p2) 5160 { 5161 if (nvpair_type(p1) == DATA_TYPE_NVLIST) { 5162 /* dsl_prop_get_all_impl() format */ 5163 nvlist_t *attrs; 5164 VERIFY0(nvpair_value_nvlist(p1, &attrs)); 5165 VERIFY0(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, &p1)); 5166 } 5167 5168 if (nvpair_type(p2) == DATA_TYPE_NVLIST) { 5169 nvlist_t *attrs; 5170 VERIFY0(nvpair_value_nvlist(p2, &attrs)); 5171 VERIFY0(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, &p2)); 5172 } 5173 5174 if (nvpair_type(p1) != nvpair_type(p2)) 5175 return (B_FALSE); 5176 5177 if (nvpair_type(p1) == DATA_TYPE_STRING) { 5178 const char *valstr1, *valstr2; 5179 5180 VERIFY0(nvpair_value_string(p1, &valstr1)); 5181 VERIFY0(nvpair_value_string(p2, &valstr2)); 5182 return (strcmp(valstr1, valstr2) == 0); 5183 } else { 5184 uint64_t intval1, intval2; 5185 5186 VERIFY0(nvpair_value_uint64(p1, &intval1)); 5187 VERIFY0(nvpair_value_uint64(p2, &intval2)); 5188 return (intval1 == intval2); 5189 } 5190 } 5191 5192 /* 5193 * Remove properties from props if they are not going to change (as determined 5194 * by comparison with origprops). Remove them from origprops as well, since we 5195 * do not need to clear or restore properties that won't change. 5196 */ 5197 static void 5198 props_reduce(nvlist_t *props, nvlist_t *origprops) 5199 { 5200 nvpair_t *pair, *next_pair; 5201 5202 if (origprops == NULL) 5203 return; /* all props need to be received */ 5204 5205 pair = nvlist_next_nvpair(props, NULL); 5206 while (pair != NULL) { 5207 const char *propname = nvpair_name(pair); 5208 nvpair_t *match; 5209 5210 next_pair = nvlist_next_nvpair(props, pair); 5211 5212 if ((nvlist_lookup_nvpair(origprops, propname, 5213 &match) != 0) || !propval_equals(pair, match)) 5214 goto next; /* need to set received value */ 5215 5216 /* don't clear the existing received value */ 5217 (void) nvlist_remove_nvpair(origprops, match); 5218 /* don't bother receiving the property */ 5219 (void) nvlist_remove_nvpair(props, pair); 5220 next: 5221 pair = next_pair; 5222 } 5223 } 5224 5225 /* 5226 * Extract properties that cannot be set PRIOR to the receipt of a dataset. 5227 * For example, refquota cannot be set until after the receipt of a dataset, 5228 * because in replication streams, an older/earlier snapshot may exceed the 5229 * refquota. We want to receive the older/earlier snapshot, but setting 5230 * refquota pre-receipt will set the dsl's ACTUAL quota, which will prevent 5231 * the older/earlier snapshot from being received (with EDQUOT). 5232 * 5233 * The ZFS test "zfs_receive_011_pos" demonstrates such a scenario. 5234 * 5235 * libzfs will need to be judicious handling errors encountered by props 5236 * extracted by this function. 5237 */ 5238 static nvlist_t * 5239 extract_delay_props(nvlist_t *props) 5240 { 5241 nvlist_t *delayprops; 5242 nvpair_t *nvp, *tmp; 5243 static const zfs_prop_t delayable[] = { 5244 ZFS_PROP_REFQUOTA, 5245 ZFS_PROP_KEYLOCATION, 5246 /* 5247 * Setting ZFS_PROP_SHARESMB requires the objset type to be 5248 * known, which is not possible prior to receipt of raw sends. 5249 */ 5250 ZFS_PROP_SHARESMB, 5251 0 5252 }; 5253 int i; 5254 5255 VERIFY0(nvlist_alloc(&delayprops, NV_UNIQUE_NAME, KM_SLEEP)); 5256 5257 for (nvp = nvlist_next_nvpair(props, NULL); nvp != NULL; 5258 nvp = nvlist_next_nvpair(props, nvp)) { 5259 /* 5260 * strcmp() is safe because zfs_prop_to_name() always returns 5261 * a bounded string. 5262 */ 5263 for (i = 0; delayable[i] != 0; i++) { 5264 if (strcmp(zfs_prop_to_name(delayable[i]), 5265 nvpair_name(nvp)) == 0) { 5266 break; 5267 } 5268 } 5269 if (delayable[i] != 0) { 5270 tmp = nvlist_prev_nvpair(props, nvp); 5271 VERIFY0(nvlist_add_nvpair(delayprops, nvp)); 5272 VERIFY0(nvlist_remove_nvpair(props, nvp)); 5273 nvp = tmp; 5274 } 5275 } 5276 5277 if (nvlist_empty(delayprops)) { 5278 nvlist_free(delayprops); 5279 delayprops = NULL; 5280 } 5281 return (delayprops); 5282 } 5283 5284 static void 5285 zfs_allow_log_destroy(void *arg) 5286 { 5287 char *poolname = arg; 5288 5289 if (poolname != NULL) 5290 kmem_strfree(poolname); 5291 } 5292 5293 #ifdef ZFS_DEBUG 5294 static boolean_t zfs_ioc_recv_inject_err; 5295 #endif 5296 5297 /* 5298 * nvlist 'errors' is always allocated. It will contain descriptions of 5299 * encountered errors, if any. It's the callers responsibility to free. 5300 */ 5301 static int 5302 zfs_ioc_recv_impl(char *tofs, char *tosnap, const char *origin, 5303 nvlist_t *recvprops, nvlist_t *localprops, nvlist_t *hidden_args, 5304 boolean_t force, boolean_t heal, boolean_t resumable, int input_fd, 5305 dmu_replay_record_t *begin_record, uint64_t *read_bytes, 5306 uint64_t *errflags, nvlist_t **errors) 5307 { 5308 dmu_recv_cookie_t drc; 5309 int error = 0; 5310 int props_error = 0; 5311 offset_t off, noff; 5312 nvlist_t *local_delayprops = NULL; 5313 nvlist_t *recv_delayprops = NULL; 5314 nvlist_t *inherited_delayprops = NULL; 5315 nvlist_t *origprops = NULL; /* existing properties */ 5316 nvlist_t *origrecvd = NULL; /* existing received properties */ 5317 boolean_t first_recvd_props = B_FALSE; 5318 boolean_t tofs_was_redacted; 5319 zfs_file_t *input_fp; 5320 5321 *read_bytes = 0; 5322 *errflags = 0; 5323 *errors = fnvlist_alloc(); 5324 off = 0; 5325 5326 if ((input_fp = zfs_file_get(input_fd)) == NULL) 5327 return (SET_ERROR(EBADF)); 5328 5329 noff = off = zfs_file_off(input_fp); 5330 error = dmu_recv_begin(tofs, tosnap, begin_record, force, heal, 5331 resumable, localprops, hidden_args, origin, &drc, input_fp, 5332 &off); 5333 if (error != 0) 5334 goto out; 5335 tofs_was_redacted = dsl_get_redacted(drc.drc_ds); 5336 5337 /* 5338 * Set properties before we receive the stream so that they are applied 5339 * to the new data. Note that we must call dmu_recv_stream() if 5340 * dmu_recv_begin() succeeds. 5341 */ 5342 if (recvprops != NULL && !drc.drc_newfs) { 5343 if (spa_version(dsl_dataset_get_spa(drc.drc_ds)) >= 5344 SPA_VERSION_RECVD_PROPS && 5345 !dsl_prop_get_hasrecvd(tofs)) 5346 first_recvd_props = B_TRUE; 5347 5348 /* 5349 * If new received properties are supplied, they are to 5350 * completely replace the existing received properties, 5351 * so stash away the existing ones. 5352 */ 5353 if (dsl_prop_get_received(tofs, &origrecvd) == 0) { 5354 nvlist_t *errlist = NULL; 5355 /* 5356 * Don't bother writing a property if its value won't 5357 * change (and avoid the unnecessary security checks). 5358 * 5359 * The first receive after SPA_VERSION_RECVD_PROPS is a 5360 * special case where we blow away all local properties 5361 * regardless. 5362 */ 5363 if (!first_recvd_props) 5364 props_reduce(recvprops, origrecvd); 5365 if (zfs_check_clearable(tofs, origrecvd, &errlist) != 0) 5366 (void) nvlist_merge(*errors, errlist, 0); 5367 nvlist_free(errlist); 5368 5369 if (clear_received_props(tofs, origrecvd, 5370 first_recvd_props ? NULL : recvprops) != 0) 5371 *errflags |= ZPROP_ERR_NOCLEAR; 5372 } else { 5373 *errflags |= ZPROP_ERR_NOCLEAR; 5374 } 5375 } 5376 5377 /* 5378 * Stash away existing properties so we can restore them on error unless 5379 * we're doing the first receive after SPA_VERSION_RECVD_PROPS, in which 5380 * case "origrecvd" will take care of that. 5381 */ 5382 if (localprops != NULL && !drc.drc_newfs && !first_recvd_props) { 5383 objset_t *os; 5384 if (dmu_objset_hold(tofs, FTAG, &os) == 0) { 5385 if (dsl_prop_get_all(os, &origprops) != 0) { 5386 *errflags |= ZPROP_ERR_NOCLEAR; 5387 } 5388 dmu_objset_rele(os, FTAG); 5389 } else { 5390 *errflags |= ZPROP_ERR_NOCLEAR; 5391 } 5392 } 5393 5394 if (recvprops != NULL) { 5395 props_error = dsl_prop_set_hasrecvd(tofs); 5396 5397 if (props_error == 0) { 5398 recv_delayprops = extract_delay_props(recvprops); 5399 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED, 5400 recvprops, *errors); 5401 } 5402 } 5403 5404 if (localprops != NULL) { 5405 nvlist_t *oprops = fnvlist_alloc(); 5406 nvlist_t *xprops = fnvlist_alloc(); 5407 nvpair_t *nvp = NULL; 5408 5409 while ((nvp = nvlist_next_nvpair(localprops, nvp)) != NULL) { 5410 if (nvpair_type(nvp) == DATA_TYPE_BOOLEAN) { 5411 /* -x property */ 5412 const char *name = nvpair_name(nvp); 5413 zfs_prop_t prop = zfs_name_to_prop(name); 5414 if (prop != ZPROP_USERPROP) { 5415 if (!zfs_prop_inheritable(prop)) 5416 continue; 5417 } else if (!zfs_prop_user(name)) 5418 continue; 5419 fnvlist_add_boolean(xprops, name); 5420 } else { 5421 /* -o property=value */ 5422 fnvlist_add_nvpair(oprops, nvp); 5423 } 5424 } 5425 5426 local_delayprops = extract_delay_props(oprops); 5427 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL, 5428 oprops, *errors); 5429 inherited_delayprops = extract_delay_props(xprops); 5430 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED, 5431 xprops, *errors); 5432 5433 nvlist_free(oprops); 5434 nvlist_free(xprops); 5435 } 5436 5437 error = dmu_recv_stream(&drc, &off); 5438 5439 if (error == 0) { 5440 zfsvfs_t *zfsvfs = NULL; 5441 zvol_state_handle_t *zv = NULL; 5442 5443 if (getzfsvfs(tofs, &zfsvfs) == 0) { 5444 /* online recv */ 5445 dsl_dataset_t *ds; 5446 int end_err; 5447 boolean_t stream_is_redacted = DMU_GET_FEATUREFLAGS( 5448 begin_record->drr_u.drr_begin. 5449 drr_versioninfo) & DMU_BACKUP_FEATURE_REDACTED; 5450 5451 ds = dmu_objset_ds(zfsvfs->z_os); 5452 error = zfs_suspend_fs(zfsvfs); 5453 /* 5454 * If the suspend fails, then the recv_end will 5455 * likely also fail, and clean up after itself. 5456 */ 5457 end_err = dmu_recv_end(&drc, zfsvfs); 5458 /* 5459 * If the dataset was not redacted, but we received a 5460 * redacted stream onto it, we need to unmount the 5461 * dataset. Otherwise, resume the filesystem. 5462 */ 5463 if (error == 0 && !drc.drc_newfs && 5464 stream_is_redacted && !tofs_was_redacted) { 5465 error = zfs_end_fs(zfsvfs, ds); 5466 } else if (error == 0) { 5467 error = zfs_resume_fs(zfsvfs, ds); 5468 } 5469 error = error ? error : end_err; 5470 zfs_vfs_rele(zfsvfs); 5471 } else if (zvol_suspend(tofs, &zv) == 0) { 5472 error = dmu_recv_end(&drc, zvol_tag(zv)); 5473 zvol_resume(zv); 5474 } else { 5475 error = dmu_recv_end(&drc, NULL); 5476 } 5477 5478 /* Set delayed properties now, after we're done receiving. */ 5479 if (recv_delayprops != NULL && error == 0) { 5480 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED, 5481 recv_delayprops, *errors); 5482 } 5483 if (local_delayprops != NULL && error == 0) { 5484 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL, 5485 local_delayprops, *errors); 5486 } 5487 if (inherited_delayprops != NULL && error == 0) { 5488 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED, 5489 inherited_delayprops, *errors); 5490 } 5491 } 5492 5493 /* 5494 * Merge delayed props back in with initial props, in case 5495 * we're DEBUG and zfs_ioc_recv_inject_err is set (which means 5496 * we have to make sure clear_received_props() includes 5497 * the delayed properties). 5498 * 5499 * Since zfs_ioc_recv_inject_err is only in DEBUG kernels, 5500 * using ASSERT() will be just like a VERIFY. 5501 */ 5502 if (recv_delayprops != NULL) { 5503 ASSERT0(nvlist_merge(recvprops, recv_delayprops, 0)); 5504 nvlist_free(recv_delayprops); 5505 } 5506 if (local_delayprops != NULL) { 5507 ASSERT0(nvlist_merge(localprops, local_delayprops, 0)); 5508 nvlist_free(local_delayprops); 5509 } 5510 if (inherited_delayprops != NULL) { 5511 ASSERT0(nvlist_merge(localprops, inherited_delayprops, 0)); 5512 nvlist_free(inherited_delayprops); 5513 } 5514 *read_bytes = off - noff; 5515 5516 #ifdef ZFS_DEBUG 5517 if (zfs_ioc_recv_inject_err) { 5518 zfs_ioc_recv_inject_err = B_FALSE; 5519 error = 1; 5520 } 5521 #endif 5522 5523 /* 5524 * On error, restore the original props. 5525 */ 5526 if (error != 0 && recvprops != NULL && !drc.drc_newfs) { 5527 if (clear_received_props(tofs, recvprops, NULL) != 0) { 5528 /* 5529 * We failed to clear the received properties. 5530 * Since we may have left a $recvd value on the 5531 * system, we can't clear the $hasrecvd flag. 5532 */ 5533 *errflags |= ZPROP_ERR_NORESTORE; 5534 } else if (first_recvd_props) { 5535 dsl_prop_unset_hasrecvd(tofs); 5536 } 5537 5538 if (origrecvd == NULL && !drc.drc_newfs) { 5539 /* We failed to stash the original properties. */ 5540 *errflags |= ZPROP_ERR_NORESTORE; 5541 } 5542 5543 /* 5544 * dsl_props_set() will not convert RECEIVED to LOCAL on or 5545 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL 5546 * explicitly if we're restoring local properties cleared in the 5547 * first new-style receive. 5548 */ 5549 if (origrecvd != NULL && 5550 zfs_set_prop_nvlist(tofs, (first_recvd_props ? 5551 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED), 5552 origrecvd, NULL) != 0) { 5553 /* 5554 * We stashed the original properties but failed to 5555 * restore them. 5556 */ 5557 *errflags |= ZPROP_ERR_NORESTORE; 5558 } 5559 } 5560 if (error != 0 && localprops != NULL && !drc.drc_newfs && 5561 !first_recvd_props) { 5562 nvlist_t *setprops; 5563 nvlist_t *inheritprops; 5564 nvpair_t *nvp; 5565 5566 if (origprops == NULL) { 5567 /* We failed to stash the original properties. */ 5568 *errflags |= ZPROP_ERR_NORESTORE; 5569 goto out; 5570 } 5571 5572 /* Restore original props */ 5573 setprops = fnvlist_alloc(); 5574 inheritprops = fnvlist_alloc(); 5575 nvp = NULL; 5576 while ((nvp = nvlist_next_nvpair(localprops, nvp)) != NULL) { 5577 const char *name = nvpair_name(nvp); 5578 const char *source; 5579 nvlist_t *attrs; 5580 5581 if (!nvlist_exists(origprops, name)) { 5582 /* 5583 * Property was not present or was explicitly 5584 * inherited before the receive, restore this. 5585 */ 5586 fnvlist_add_boolean(inheritprops, name); 5587 continue; 5588 } 5589 attrs = fnvlist_lookup_nvlist(origprops, name); 5590 source = fnvlist_lookup_string(attrs, ZPROP_SOURCE); 5591 5592 /* Skip received properties */ 5593 if (strcmp(source, ZPROP_SOURCE_VAL_RECVD) == 0) 5594 continue; 5595 5596 if (strcmp(source, tofs) == 0) { 5597 /* Property was locally set */ 5598 fnvlist_add_nvlist(setprops, name, attrs); 5599 } else { 5600 /* Property was implicitly inherited */ 5601 fnvlist_add_boolean(inheritprops, name); 5602 } 5603 } 5604 5605 if (zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL, setprops, 5606 NULL) != 0) 5607 *errflags |= ZPROP_ERR_NORESTORE; 5608 if (zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED, inheritprops, 5609 NULL) != 0) 5610 *errflags |= ZPROP_ERR_NORESTORE; 5611 5612 nvlist_free(setprops); 5613 nvlist_free(inheritprops); 5614 } 5615 out: 5616 zfs_file_put(input_fp); 5617 nvlist_free(origrecvd); 5618 nvlist_free(origprops); 5619 5620 if (error == 0) 5621 error = props_error; 5622 5623 return (error); 5624 } 5625 5626 /* 5627 * inputs: 5628 * zc_name name of containing filesystem (unused) 5629 * zc_nvlist_src{_size} nvlist of properties to apply 5630 * zc_nvlist_conf{_size} nvlist of properties to exclude 5631 * (DATA_TYPE_BOOLEAN) and override (everything else) 5632 * zc_value name of snapshot to create 5633 * zc_string name of clone origin (if DRR_FLAG_CLONE) 5634 * zc_cookie file descriptor to recv from 5635 * zc_begin_record the BEGIN record of the stream (not byteswapped) 5636 * zc_guid force flag 5637 * 5638 * outputs: 5639 * zc_cookie number of bytes read 5640 * zc_obj zprop_errflags_t 5641 * zc_nvlist_dst{_size} error for each unapplied received property 5642 */ 5643 static int 5644 zfs_ioc_recv(zfs_cmd_t *zc) 5645 { 5646 dmu_replay_record_t begin_record; 5647 nvlist_t *errors = NULL; 5648 nvlist_t *recvdprops = NULL; 5649 nvlist_t *localprops = NULL; 5650 const char *origin = NULL; 5651 char *tosnap; 5652 char tofs[ZFS_MAX_DATASET_NAME_LEN]; 5653 int error = 0; 5654 5655 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 || 5656 strchr(zc->zc_value, '@') == NULL || 5657 strchr(zc->zc_value, '%') != NULL) { 5658 return (SET_ERROR(EINVAL)); 5659 } 5660 5661 (void) strlcpy(tofs, zc->zc_value, sizeof (tofs)); 5662 tosnap = strchr(tofs, '@'); 5663 *tosnap++ = '\0'; 5664 5665 if (zc->zc_nvlist_src != 0 && 5666 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 5667 zc->zc_iflags, &recvdprops)) != 0) { 5668 goto out; 5669 } 5670 5671 if (zc->zc_nvlist_conf != 0 && 5672 (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 5673 zc->zc_iflags, &localprops)) != 0) { 5674 goto out; 5675 } 5676 5677 if (zc->zc_string[0]) 5678 origin = zc->zc_string; 5679 5680 begin_record.drr_type = DRR_BEGIN; 5681 begin_record.drr_payloadlen = 0; 5682 begin_record.drr_u.drr_begin = zc->zc_begin_record; 5683 5684 error = zfs_ioc_recv_impl(tofs, tosnap, origin, recvdprops, localprops, 5685 NULL, zc->zc_guid, B_FALSE, B_FALSE, zc->zc_cookie, &begin_record, 5686 &zc->zc_cookie, &zc->zc_obj, &errors); 5687 5688 /* 5689 * Now that all props, initial and delayed, are set, report the prop 5690 * errors to the caller. 5691 */ 5692 if (zc->zc_nvlist_dst_size != 0 && errors != NULL && 5693 (nvlist_smush(errors, zc->zc_nvlist_dst_size) != 0 || 5694 put_nvlist(zc, errors) != 0)) { 5695 /* 5696 * Caller made zc->zc_nvlist_dst less than the minimum expected 5697 * size or supplied an invalid address. 5698 */ 5699 error = SET_ERROR(EINVAL); 5700 } 5701 5702 out: 5703 nvlist_free(errors); 5704 nvlist_free(recvdprops); 5705 nvlist_free(localprops); 5706 5707 return (error); 5708 } 5709 5710 /* 5711 * innvl: { 5712 * "snapname" -> full name of the snapshot to create 5713 * (optional) "props" -> received properties to set (nvlist) 5714 * (optional) "localprops" -> override and exclude properties (nvlist) 5715 * (optional) "origin" -> name of clone origin (DRR_FLAG_CLONE) 5716 * "begin_record" -> non-byteswapped dmu_replay_record_t 5717 * "input_fd" -> file descriptor to read stream from (int32) 5718 * (optional) "force" -> force flag (value ignored) 5719 * (optional) "heal" -> use send stream to heal data corruption 5720 * (optional) "resumable" -> resumable flag (value ignored) 5721 * (optional) "cleanup_fd" -> unused 5722 * (optional) "action_handle" -> unused 5723 * (optional) "hidden_args" -> { "wkeydata" -> value } 5724 * } 5725 * 5726 * outnvl: { 5727 * "read_bytes" -> number of bytes read 5728 * "error_flags" -> zprop_errflags_t 5729 * "errors" -> error for each unapplied received property (nvlist) 5730 * } 5731 */ 5732 static const zfs_ioc_key_t zfs_keys_recv_new[] = { 5733 {"snapname", DATA_TYPE_STRING, 0}, 5734 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 5735 {"localprops", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 5736 {"origin", DATA_TYPE_STRING, ZK_OPTIONAL}, 5737 {"begin_record", DATA_TYPE_BYTE_ARRAY, 0}, 5738 {"input_fd", DATA_TYPE_INT32, 0}, 5739 {"force", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 5740 {"heal", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 5741 {"resumable", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 5742 {"cleanup_fd", DATA_TYPE_INT32, ZK_OPTIONAL}, 5743 {"action_handle", DATA_TYPE_UINT64, ZK_OPTIONAL}, 5744 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 5745 }; 5746 5747 static int 5748 zfs_ioc_recv_new(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 5749 { 5750 dmu_replay_record_t *begin_record; 5751 uint_t begin_record_size; 5752 nvlist_t *errors = NULL; 5753 nvlist_t *recvprops = NULL; 5754 nvlist_t *localprops = NULL; 5755 nvlist_t *hidden_args = NULL; 5756 const char *snapname; 5757 const char *origin = NULL; 5758 char *tosnap; 5759 char tofs[ZFS_MAX_DATASET_NAME_LEN]; 5760 boolean_t force; 5761 boolean_t heal; 5762 boolean_t resumable; 5763 uint64_t read_bytes = 0; 5764 uint64_t errflags = 0; 5765 int input_fd = -1; 5766 int error; 5767 5768 snapname = fnvlist_lookup_string(innvl, "snapname"); 5769 5770 if (dataset_namecheck(snapname, NULL, NULL) != 0 || 5771 strchr(snapname, '@') == NULL || 5772 strchr(snapname, '%') != NULL) { 5773 return (SET_ERROR(EINVAL)); 5774 } 5775 5776 (void) strlcpy(tofs, snapname, sizeof (tofs)); 5777 tosnap = strchr(tofs, '@'); 5778 *tosnap++ = '\0'; 5779 5780 error = nvlist_lookup_string(innvl, "origin", &origin); 5781 if (error && error != ENOENT) 5782 return (error); 5783 5784 error = nvlist_lookup_byte_array(innvl, "begin_record", 5785 (uchar_t **)&begin_record, &begin_record_size); 5786 if (error != 0 || begin_record_size != sizeof (*begin_record)) 5787 return (SET_ERROR(EINVAL)); 5788 5789 input_fd = fnvlist_lookup_int32(innvl, "input_fd"); 5790 5791 force = nvlist_exists(innvl, "force"); 5792 heal = nvlist_exists(innvl, "heal"); 5793 resumable = nvlist_exists(innvl, "resumable"); 5794 5795 /* we still use "props" here for backwards compatibility */ 5796 error = nvlist_lookup_nvlist(innvl, "props", &recvprops); 5797 if (error && error != ENOENT) 5798 goto out; 5799 5800 error = nvlist_lookup_nvlist(innvl, "localprops", &localprops); 5801 if (error && error != ENOENT) 5802 goto out; 5803 5804 error = nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args); 5805 if (error && error != ENOENT) 5806 goto out; 5807 5808 error = zfs_ioc_recv_impl(tofs, tosnap, origin, recvprops, localprops, 5809 hidden_args, force, heal, resumable, input_fd, begin_record, 5810 &read_bytes, &errflags, &errors); 5811 5812 fnvlist_add_uint64(outnvl, "read_bytes", read_bytes); 5813 fnvlist_add_uint64(outnvl, "error_flags", errflags); 5814 fnvlist_add_nvlist(outnvl, "errors", errors); 5815 5816 out: 5817 nvlist_free(errors); 5818 nvlist_free(recvprops); 5819 nvlist_free(localprops); 5820 nvlist_free(hidden_args); 5821 5822 return (error); 5823 } 5824 5825 /* 5826 * When stack space is limited, we write replication stream data to the target 5827 * on a separate taskq thread, to make sure there's enough stack space. 5828 */ 5829 #ifndef HAVE_LARGE_STACKS 5830 #define USE_SEND_TASKQ 1 5831 #endif 5832 5833 typedef struct dump_bytes_io { 5834 zfs_file_t *dbi_fp; 5835 caddr_t dbi_buf; 5836 int dbi_len; 5837 int dbi_err; 5838 } dump_bytes_io_t; 5839 5840 static void 5841 dump_bytes_cb(void *arg) 5842 { 5843 dump_bytes_io_t *dbi = (dump_bytes_io_t *)arg; 5844 zfs_file_t *fp; 5845 caddr_t buf; 5846 5847 fp = dbi->dbi_fp; 5848 buf = dbi->dbi_buf; 5849 5850 dbi->dbi_err = zfs_file_write(fp, buf, dbi->dbi_len, NULL); 5851 } 5852 5853 typedef struct dump_bytes_arg { 5854 zfs_file_t *dba_fp; 5855 #ifdef USE_SEND_TASKQ 5856 taskq_t *dba_tq; 5857 taskq_ent_t dba_tqent; 5858 #endif 5859 } dump_bytes_arg_t; 5860 5861 static int 5862 dump_bytes(objset_t *os, void *buf, int len, void *arg) 5863 { 5864 dump_bytes_arg_t *dba = (dump_bytes_arg_t *)arg; 5865 dump_bytes_io_t dbi; 5866 5867 dbi.dbi_fp = dba->dba_fp; 5868 dbi.dbi_buf = buf; 5869 dbi.dbi_len = len; 5870 5871 #ifdef USE_SEND_TASKQ 5872 taskq_dispatch_ent(dba->dba_tq, dump_bytes_cb, &dbi, TQ_SLEEP, 5873 &dba->dba_tqent); 5874 taskq_wait(dba->dba_tq); 5875 #else 5876 dump_bytes_cb(&dbi); 5877 #endif 5878 5879 return (dbi.dbi_err); 5880 } 5881 5882 static int 5883 dump_bytes_init(dump_bytes_arg_t *dba, int fd, dmu_send_outparams_t *out) 5884 { 5885 zfs_file_t *fp = zfs_file_get(fd); 5886 if (fp == NULL) 5887 return (SET_ERROR(EBADF)); 5888 5889 dba->dba_fp = fp; 5890 #ifdef USE_SEND_TASKQ 5891 dba->dba_tq = taskq_create("z_send", 1, defclsyspri, 0, 0, 0); 5892 taskq_init_ent(&dba->dba_tqent); 5893 #endif 5894 5895 memset(out, 0, sizeof (dmu_send_outparams_t)); 5896 out->dso_outfunc = dump_bytes; 5897 out->dso_arg = dba; 5898 out->dso_dryrun = B_FALSE; 5899 5900 return (0); 5901 } 5902 5903 static void 5904 dump_bytes_fini(dump_bytes_arg_t *dba) 5905 { 5906 zfs_file_put(dba->dba_fp); 5907 #ifdef USE_SEND_TASKQ 5908 taskq_destroy(dba->dba_tq); 5909 #endif 5910 } 5911 5912 /* 5913 * inputs: 5914 * zc_name name of snapshot to send 5915 * zc_cookie file descriptor to send stream to 5916 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj) 5917 * zc_sendobj objsetid of snapshot to send 5918 * zc_fromobj objsetid of incremental fromsnap (may be zero) 5919 * zc_guid if set, estimate size of stream only. zc_cookie is ignored. 5920 * output size in zc_objset_type. 5921 * zc_flags lzc_send_flags 5922 * 5923 * outputs: 5924 * zc_objset_type estimated size, if zc_guid is set 5925 * 5926 * NOTE: This is no longer the preferred interface, any new functionality 5927 * should be added to zfs_ioc_send_new() instead. 5928 */ 5929 static int 5930 zfs_ioc_send(zfs_cmd_t *zc) 5931 { 5932 int error; 5933 offset_t off; 5934 boolean_t estimate = (zc->zc_guid != 0); 5935 boolean_t embedok = (zc->zc_flags & 0x1); 5936 boolean_t large_block_ok = (zc->zc_flags & 0x2); 5937 boolean_t compressok = (zc->zc_flags & 0x4); 5938 boolean_t rawok = (zc->zc_flags & 0x8); 5939 boolean_t savedok = (zc->zc_flags & 0x10); 5940 5941 if (zc->zc_obj != 0) { 5942 dsl_pool_t *dp; 5943 dsl_dataset_t *tosnap; 5944 5945 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 5946 if (error != 0) 5947 return (error); 5948 5949 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &tosnap); 5950 if (error != 0) { 5951 dsl_pool_rele(dp, FTAG); 5952 return (error); 5953 } 5954 5955 if (dsl_dir_is_clone(tosnap->ds_dir)) 5956 zc->zc_fromobj = 5957 dsl_dir_phys(tosnap->ds_dir)->dd_origin_obj; 5958 dsl_dataset_rele(tosnap, FTAG); 5959 dsl_pool_rele(dp, FTAG); 5960 } 5961 5962 if (estimate) { 5963 dsl_pool_t *dp; 5964 dsl_dataset_t *tosnap; 5965 dsl_dataset_t *fromsnap = NULL; 5966 5967 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 5968 if (error != 0) 5969 return (error); 5970 5971 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, 5972 FTAG, &tosnap); 5973 if (error != 0) { 5974 dsl_pool_rele(dp, FTAG); 5975 return (error); 5976 } 5977 5978 if (zc->zc_fromobj != 0) { 5979 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj, 5980 FTAG, &fromsnap); 5981 if (error != 0) { 5982 dsl_dataset_rele(tosnap, FTAG); 5983 dsl_pool_rele(dp, FTAG); 5984 return (error); 5985 } 5986 } 5987 5988 error = dmu_send_estimate_fast(tosnap, fromsnap, NULL, 5989 compressok || rawok, savedok, &zc->zc_objset_type); 5990 5991 if (fromsnap != NULL) 5992 dsl_dataset_rele(fromsnap, FTAG); 5993 dsl_dataset_rele(tosnap, FTAG); 5994 dsl_pool_rele(dp, FTAG); 5995 } else { 5996 dump_bytes_arg_t dba; 5997 dmu_send_outparams_t out; 5998 error = dump_bytes_init(&dba, zc->zc_cookie, &out); 5999 if (error) 6000 return (error); 6001 6002 off = zfs_file_off(dba.dba_fp); 6003 error = dmu_send_obj(zc->zc_name, zc->zc_sendobj, 6004 zc->zc_fromobj, embedok, large_block_ok, compressok, 6005 rawok, savedok, zc->zc_cookie, &off, &out); 6006 6007 dump_bytes_fini(&dba); 6008 } 6009 return (error); 6010 } 6011 6012 /* 6013 * inputs: 6014 * zc_name name of snapshot on which to report progress 6015 * zc_cookie file descriptor of send stream 6016 * 6017 * outputs: 6018 * zc_cookie number of bytes written in send stream thus far 6019 * zc_objset_type logical size of data traversed by send thus far 6020 */ 6021 static int 6022 zfs_ioc_send_progress(zfs_cmd_t *zc) 6023 { 6024 dsl_pool_t *dp; 6025 dsl_dataset_t *ds; 6026 dmu_sendstatus_t *dsp = NULL; 6027 int error; 6028 6029 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 6030 if (error != 0) 6031 return (error); 6032 6033 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds); 6034 if (error != 0) { 6035 dsl_pool_rele(dp, FTAG); 6036 return (error); 6037 } 6038 6039 mutex_enter(&ds->ds_sendstream_lock); 6040 6041 /* 6042 * Iterate over all the send streams currently active on this dataset. 6043 * If there's one which matches the specified file descriptor _and_ the 6044 * stream was started by the current process, return the progress of 6045 * that stream. 6046 */ 6047 6048 for (dsp = list_head(&ds->ds_sendstreams); dsp != NULL; 6049 dsp = list_next(&ds->ds_sendstreams, dsp)) { 6050 if (dsp->dss_outfd == zc->zc_cookie && 6051 zfs_proc_is_caller(dsp->dss_proc)) 6052 break; 6053 } 6054 6055 if (dsp != NULL) { 6056 zc->zc_cookie = atomic_cas_64((volatile uint64_t *)dsp->dss_off, 6057 0, 0); 6058 /* This is the closest thing we have to atomic_read_64. */ 6059 zc->zc_objset_type = atomic_cas_64(&dsp->dss_blocks, 0, 0); 6060 } else { 6061 error = SET_ERROR(ENOENT); 6062 } 6063 6064 mutex_exit(&ds->ds_sendstream_lock); 6065 dsl_dataset_rele(ds, FTAG); 6066 dsl_pool_rele(dp, FTAG); 6067 return (error); 6068 } 6069 6070 static int 6071 zfs_ioc_inject_fault(zfs_cmd_t *zc) 6072 { 6073 int id, error; 6074 6075 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id, 6076 &zc->zc_inject_record); 6077 6078 if (error == 0) 6079 zc->zc_guid = (uint64_t)id; 6080 6081 return (error); 6082 } 6083 6084 static int 6085 zfs_ioc_clear_fault(zfs_cmd_t *zc) 6086 { 6087 return (zio_clear_fault((int)zc->zc_guid)); 6088 } 6089 6090 static int 6091 zfs_ioc_inject_list_next(zfs_cmd_t *zc) 6092 { 6093 int id = (int)zc->zc_guid; 6094 int error; 6095 6096 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name), 6097 &zc->zc_inject_record); 6098 6099 zc->zc_guid = id; 6100 6101 return (error); 6102 } 6103 6104 static int 6105 zfs_ioc_error_log(zfs_cmd_t *zc) 6106 { 6107 spa_t *spa; 6108 int error; 6109 6110 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 6111 return (error); 6112 6113 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst, 6114 &zc->zc_nvlist_dst_size); 6115 6116 spa_close(spa, FTAG); 6117 6118 return (error); 6119 } 6120 6121 static int 6122 zfs_ioc_clear(zfs_cmd_t *zc) 6123 { 6124 spa_t *spa; 6125 vdev_t *vd; 6126 int error; 6127 6128 /* 6129 * On zpool clear we also fix up missing slogs 6130 */ 6131 spa_namespace_enter(FTAG); 6132 spa = spa_lookup(zc->zc_name); 6133 if (spa == NULL) { 6134 spa_namespace_exit(FTAG); 6135 return (SET_ERROR(EIO)); 6136 } 6137 if (spa_get_log_state(spa) == SPA_LOG_MISSING) { 6138 /* we need to let spa_open/spa_load clear the chains */ 6139 spa_set_log_state(spa, SPA_LOG_CLEAR); 6140 } 6141 spa->spa_last_open_failed = 0; 6142 spa_namespace_exit(FTAG); 6143 6144 if (zc->zc_cookie & ZPOOL_NO_REWIND) { 6145 error = spa_open(zc->zc_name, &spa, FTAG); 6146 } else { 6147 nvlist_t *policy; 6148 nvlist_t *config = NULL; 6149 6150 if (zc->zc_nvlist_src == 0) 6151 return (SET_ERROR(EINVAL)); 6152 6153 if ((error = get_nvlist(zc->zc_nvlist_src, 6154 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) { 6155 error = spa_open_rewind(zc->zc_name, &spa, FTAG, 6156 policy, &config); 6157 if (config != NULL) { 6158 int err; 6159 6160 if ((err = put_nvlist(zc, config)) != 0) 6161 error = err; 6162 nvlist_free(config); 6163 } 6164 nvlist_free(policy); 6165 } 6166 } 6167 6168 if (error != 0) 6169 return (error); 6170 6171 /* 6172 * If multihost is enabled, resuming I/O is unsafe as another 6173 * host may have imported the pool. Check for remote activity. 6174 */ 6175 if (spa_multihost(spa) && spa_suspended(spa) && 6176 spa_mmp_remote_host_activity(spa)) { 6177 spa_close(spa, FTAG); 6178 return (SET_ERROR(EREMOTEIO)); 6179 } 6180 6181 spa_vdev_state_enter(spa, SCL_NONE); 6182 6183 if (zc->zc_guid == 0) { 6184 vd = NULL; 6185 } else { 6186 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE); 6187 if (vd == NULL) { 6188 error = SET_ERROR(ENODEV); 6189 (void) spa_vdev_state_exit(spa, NULL, error); 6190 spa_close(spa, FTAG); 6191 return (error); 6192 } 6193 } 6194 6195 vdev_clear(spa, vd); 6196 6197 (void) spa_vdev_state_exit(spa, spa_suspended(spa) ? 6198 NULL : spa->spa_root_vdev, 0); 6199 6200 /* 6201 * Resume any suspended I/Os. 6202 */ 6203 if (zio_resume(spa) != 0) 6204 error = SET_ERROR(EIO); 6205 6206 spa_close(spa, FTAG); 6207 6208 return (error); 6209 } 6210 6211 /* 6212 * Reopen all the vdevs associated with the pool. 6213 * 6214 * innvl: { 6215 * "scrub_restart" -> when true and scrub is running, allow to restart 6216 * scrub as the side effect of the reopen (boolean). 6217 * } 6218 * 6219 * outnvl is unused 6220 */ 6221 static const zfs_ioc_key_t zfs_keys_pool_reopen[] = { 6222 {"scrub_restart", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL}, 6223 }; 6224 6225 static int 6226 zfs_ioc_pool_reopen(const char *pool, nvlist_t *innvl, nvlist_t *outnvl) 6227 { 6228 (void) outnvl; 6229 spa_t *spa; 6230 int error; 6231 boolean_t rc, scrub_restart = B_TRUE; 6232 6233 if (innvl) { 6234 error = nvlist_lookup_boolean_value(innvl, 6235 "scrub_restart", &rc); 6236 if (error == 0) 6237 scrub_restart = rc; 6238 } 6239 6240 error = spa_open(pool, &spa, FTAG); 6241 if (error != 0) 6242 return (error); 6243 6244 spa_vdev_state_enter(spa, SCL_NONE); 6245 6246 /* 6247 * If the scrub_restart flag is B_FALSE and a scrub is already 6248 * in progress then set spa_scrub_reopen flag to B_TRUE so that 6249 * we don't restart the scrub as a side effect of the reopen. 6250 * Otherwise, let vdev_open() decided if a resilver is required. 6251 */ 6252 6253 spa->spa_scrub_reopen = (!scrub_restart && 6254 dsl_scan_scrubbing(spa->spa_dsl_pool)); 6255 vdev_reopen(spa->spa_root_vdev); 6256 spa->spa_scrub_reopen = B_FALSE; 6257 6258 (void) spa_vdev_state_exit(spa, NULL, 0); 6259 spa_close(spa, FTAG); 6260 return (0); 6261 } 6262 6263 /* 6264 * inputs: 6265 * zc_name name of filesystem 6266 * 6267 * outputs: 6268 * zc_string name of conflicting snapshot, if there is one 6269 */ 6270 static int 6271 zfs_ioc_promote(zfs_cmd_t *zc) 6272 { 6273 dsl_pool_t *dp; 6274 dsl_dataset_t *ds, *ods; 6275 char origin[ZFS_MAX_DATASET_NAME_LEN]; 6276 char *cp; 6277 int error; 6278 6279 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0'; 6280 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0 || 6281 strchr(zc->zc_name, '%')) 6282 return (SET_ERROR(EINVAL)); 6283 6284 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 6285 if (error != 0) 6286 return (error); 6287 6288 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds); 6289 if (error != 0) { 6290 dsl_pool_rele(dp, FTAG); 6291 return (error); 6292 } 6293 6294 if (!dsl_dir_is_clone(ds->ds_dir)) { 6295 dsl_dataset_rele(ds, FTAG); 6296 dsl_pool_rele(dp, FTAG); 6297 return (SET_ERROR(EINVAL)); 6298 } 6299 6300 error = dsl_dataset_hold_obj(dp, 6301 dsl_dir_phys(ds->ds_dir)->dd_origin_obj, FTAG, &ods); 6302 if (error != 0) { 6303 dsl_dataset_rele(ds, FTAG); 6304 dsl_pool_rele(dp, FTAG); 6305 return (error); 6306 } 6307 6308 dsl_dataset_name(ods, origin); 6309 dsl_dataset_rele(ods, FTAG); 6310 dsl_dataset_rele(ds, FTAG); 6311 dsl_pool_rele(dp, FTAG); 6312 6313 /* 6314 * We don't need to unmount *all* the origin fs's snapshots, but 6315 * it's easier. 6316 */ 6317 cp = strchr(origin, '@'); 6318 if (cp) 6319 *cp = '\0'; 6320 (void) dmu_objset_find(origin, 6321 zfs_unmount_snap_cb, NULL, DS_FIND_SNAPSHOTS); 6322 return (dsl_dataset_promote(zc->zc_name, zc->zc_string)); 6323 } 6324 6325 /* 6326 * Retrieve a single {user|group|project}{used|quota}@... property. 6327 * 6328 * inputs: 6329 * zc_name name of filesystem 6330 * zc_objset_type zfs_userquota_prop_t 6331 * zc_value domain name (eg. "S-1-234-567-89") 6332 * zc_guid RID/UID/GID 6333 * 6334 * outputs: 6335 * zc_cookie property value 6336 */ 6337 static int 6338 zfs_ioc_userspace_one(zfs_cmd_t *zc) 6339 { 6340 zfsvfs_t *zfsvfs; 6341 int error; 6342 6343 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 6344 return (SET_ERROR(EINVAL)); 6345 6346 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE); 6347 if (error != 0) 6348 return (error); 6349 6350 error = zfs_userspace_one(zfsvfs, 6351 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie); 6352 zfsvfs_rele(zfsvfs, FTAG); 6353 6354 return (error); 6355 } 6356 6357 /* 6358 * inputs: 6359 * zc_name name of filesystem 6360 * zc_cookie zap cursor 6361 * zc_objset_type zfs_userquota_prop_t 6362 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist) 6363 * 6364 * outputs: 6365 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t) 6366 * zc_cookie zap cursor 6367 */ 6368 static int 6369 zfs_ioc_userspace_many(zfs_cmd_t *zc) 6370 { 6371 zfsvfs_t *zfsvfs; 6372 int bufsize = zc->zc_nvlist_dst_size; 6373 6374 if (bufsize <= 0) 6375 return (SET_ERROR(ENOMEM)); 6376 6377 int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE); 6378 if (error != 0) 6379 return (error); 6380 6381 void *buf = vmem_alloc(bufsize, KM_SLEEP); 6382 6383 error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie, 6384 buf, &zc->zc_nvlist_dst_size, &zc->zc_guid); 6385 6386 if (error == 0) { 6387 error = xcopyout(buf, 6388 (void *)(uintptr_t)zc->zc_nvlist_dst, 6389 zc->zc_nvlist_dst_size); 6390 } 6391 vmem_free(buf, bufsize); 6392 zfsvfs_rele(zfsvfs, FTAG); 6393 6394 return (error); 6395 } 6396 6397 /* 6398 * inputs: 6399 * zc_name name of filesystem 6400 * 6401 * outputs: 6402 * none 6403 */ 6404 static int 6405 zfs_ioc_userspace_upgrade(zfs_cmd_t *zc) 6406 { 6407 int error = 0; 6408 zfsvfs_t *zfsvfs; 6409 6410 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) { 6411 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) { 6412 /* 6413 * If userused is not enabled, it may be because the 6414 * objset needs to be closed & reopened (to grow the 6415 * objset_phys_t). Suspend/resume the fs will do that. 6416 */ 6417 dsl_dataset_t *ds, *newds; 6418 6419 ds = dmu_objset_ds(zfsvfs->z_os); 6420 error = zfs_suspend_fs(zfsvfs); 6421 if (error == 0) { 6422 dmu_objset_refresh_ownership(ds, &newds, 6423 B_TRUE, zfsvfs); 6424 error = zfs_resume_fs(zfsvfs, newds); 6425 } 6426 } 6427 if (error == 0) { 6428 mutex_enter(&zfsvfs->z_os->os_upgrade_lock); 6429 if (zfsvfs->z_os->os_upgrade_id == 0) { 6430 /* clear potential error code and retry */ 6431 zfsvfs->z_os->os_upgrade_status = 0; 6432 mutex_exit(&zfsvfs->z_os->os_upgrade_lock); 6433 6434 dsl_pool_config_enter( 6435 dmu_objset_pool(zfsvfs->z_os), FTAG); 6436 dmu_objset_userspace_upgrade(zfsvfs->z_os); 6437 dsl_pool_config_exit( 6438 dmu_objset_pool(zfsvfs->z_os), FTAG); 6439 } else { 6440 mutex_exit(&zfsvfs->z_os->os_upgrade_lock); 6441 } 6442 6443 taskq_wait_id(zfsvfs->z_os->os_spa->spa_upgrade_taskq, 6444 zfsvfs->z_os->os_upgrade_id); 6445 error = zfsvfs->z_os->os_upgrade_status; 6446 } 6447 zfs_vfs_rele(zfsvfs); 6448 } else { 6449 objset_t *os; 6450 6451 /* XXX kind of reading contents without owning */ 6452 error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, FTAG, &os); 6453 if (error != 0) 6454 return (error); 6455 6456 mutex_enter(&os->os_upgrade_lock); 6457 if (os->os_upgrade_id == 0) { 6458 /* clear potential error code and retry */ 6459 os->os_upgrade_status = 0; 6460 mutex_exit(&os->os_upgrade_lock); 6461 6462 dmu_objset_userspace_upgrade(os); 6463 } else { 6464 mutex_exit(&os->os_upgrade_lock); 6465 } 6466 6467 dsl_pool_rele(dmu_objset_pool(os), FTAG); 6468 6469 taskq_wait_id(os->os_spa->spa_upgrade_taskq, os->os_upgrade_id); 6470 error = os->os_upgrade_status; 6471 6472 dsl_dataset_rele_flags(dmu_objset_ds(os), DS_HOLD_FLAG_DECRYPT, 6473 FTAG); 6474 } 6475 return (error); 6476 } 6477 6478 /* 6479 * inputs: 6480 * zc_name name of filesystem 6481 * 6482 * outputs: 6483 * none 6484 */ 6485 static int 6486 zfs_ioc_id_quota_upgrade(zfs_cmd_t *zc) 6487 { 6488 objset_t *os; 6489 int error; 6490 6491 error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, FTAG, &os); 6492 if (error != 0) 6493 return (error); 6494 6495 if (dmu_objset_userobjspace_upgradable(os) || 6496 dmu_objset_projectquota_upgradable(os)) { 6497 mutex_enter(&os->os_upgrade_lock); 6498 if (os->os_upgrade_id == 0) { 6499 /* clear potential error code and retry */ 6500 os->os_upgrade_status = 0; 6501 mutex_exit(&os->os_upgrade_lock); 6502 6503 dmu_objset_id_quota_upgrade(os); 6504 } else { 6505 mutex_exit(&os->os_upgrade_lock); 6506 } 6507 6508 dsl_pool_rele(dmu_objset_pool(os), FTAG); 6509 6510 taskq_wait_id(os->os_spa->spa_upgrade_taskq, os->os_upgrade_id); 6511 error = os->os_upgrade_status; 6512 } else { 6513 dsl_pool_rele(dmu_objset_pool(os), FTAG); 6514 } 6515 6516 dsl_dataset_rele_flags(dmu_objset_ds(os), DS_HOLD_FLAG_DECRYPT, FTAG); 6517 6518 return (error); 6519 } 6520 6521 static int 6522 zfs_ioc_share(zfs_cmd_t *zc) 6523 { 6524 return (SET_ERROR(ENOSYS)); 6525 } 6526 6527 /* 6528 * inputs: 6529 * zc_name name of containing filesystem 6530 * zc_obj object # beyond which we want next in-use object # 6531 * 6532 * outputs: 6533 * zc_obj next in-use object # 6534 */ 6535 static int 6536 zfs_ioc_next_obj(zfs_cmd_t *zc) 6537 { 6538 objset_t *os = NULL; 6539 int error; 6540 6541 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 6542 if (error != 0) 6543 return (error); 6544 6545 error = dmu_object_next(os, &zc->zc_obj, B_FALSE, 0); 6546 6547 dmu_objset_rele(os, FTAG); 6548 return (error); 6549 } 6550 6551 /* 6552 * inputs: 6553 * zc_name name of filesystem 6554 * zc_value prefix name for snapshot 6555 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process 6556 * 6557 * outputs: 6558 * zc_value short name of new snapshot 6559 */ 6560 static int 6561 zfs_ioc_tmp_snapshot(zfs_cmd_t *zc) 6562 { 6563 char *snap_name; 6564 char *hold_name; 6565 minor_t minor; 6566 6567 zfs_file_t *fp = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor); 6568 if (fp == NULL) 6569 return (SET_ERROR(EBADF)); 6570 6571 snap_name = kmem_asprintf("%s-%016llx", zc->zc_value, 6572 (u_longlong_t)ddi_get_lbolt64()); 6573 hold_name = kmem_asprintf("%%%s", zc->zc_value); 6574 6575 int error = dsl_dataset_snapshot_tmp(zc->zc_name, snap_name, minor, 6576 hold_name); 6577 if (error == 0) 6578 (void) strlcpy(zc->zc_value, snap_name, 6579 sizeof (zc->zc_value)); 6580 kmem_strfree(snap_name); 6581 kmem_strfree(hold_name); 6582 zfs_onexit_fd_rele(fp); 6583 return (error); 6584 } 6585 6586 /* 6587 * inputs: 6588 * zc_name name of "to" snapshot 6589 * zc_value name of "from" snapshot 6590 * zc_cookie file descriptor to write diff data on 6591 * 6592 * outputs: 6593 * dmu_diff_record_t's to the file descriptor 6594 */ 6595 static int 6596 zfs_ioc_diff(zfs_cmd_t *zc) 6597 { 6598 zfs_file_t *fp; 6599 offset_t off; 6600 int error; 6601 6602 if ((fp = zfs_file_get(zc->zc_cookie)) == NULL) 6603 return (SET_ERROR(EBADF)); 6604 6605 off = zfs_file_off(fp); 6606 error = dmu_diff(zc->zc_name, zc->zc_value, fp, &off); 6607 6608 zfs_file_put(fp); 6609 6610 return (error); 6611 } 6612 6613 static int 6614 zfs_ioc_smb_acl(zfs_cmd_t *zc) 6615 { 6616 return (SET_ERROR(ENOTSUP)); 6617 } 6618 6619 /* 6620 * innvl: { 6621 * "holds" -> { snapname -> holdname (string), ... } 6622 * (optional) "cleanup_fd" -> fd (int32) 6623 * } 6624 * 6625 * outnvl: { 6626 * snapname -> error value (int32) 6627 * ... 6628 * } 6629 */ 6630 static const zfs_ioc_key_t zfs_keys_hold[] = { 6631 {"holds", DATA_TYPE_NVLIST, 0}, 6632 {"cleanup_fd", DATA_TYPE_INT32, ZK_OPTIONAL}, 6633 }; 6634 6635 static int 6636 zfs_ioc_hold(const char *pool, nvlist_t *args, nvlist_t *errlist) 6637 { 6638 (void) pool; 6639 nvpair_t *pair; 6640 nvlist_t *holds; 6641 int cleanup_fd = -1; 6642 int error; 6643 minor_t minor = 0; 6644 zfs_file_t *fp = NULL; 6645 6646 holds = fnvlist_lookup_nvlist(args, "holds"); 6647 6648 /* make sure the user didn't pass us any invalid (empty) tags */ 6649 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL; 6650 pair = nvlist_next_nvpair(holds, pair)) { 6651 const char *htag; 6652 6653 error = nvpair_value_string(pair, &htag); 6654 if (error != 0) 6655 return (SET_ERROR(error)); 6656 6657 if (strlen(htag) == 0) 6658 return (SET_ERROR(EINVAL)); 6659 } 6660 6661 if (nvlist_lookup_int32(args, "cleanup_fd", &cleanup_fd) == 0) { 6662 fp = zfs_onexit_fd_hold(cleanup_fd, &minor); 6663 if (fp == NULL) 6664 return (SET_ERROR(EBADF)); 6665 } 6666 6667 error = dsl_dataset_user_hold(holds, minor, errlist); 6668 if (fp != NULL) { 6669 ASSERT3U(minor, !=, 0); 6670 zfs_onexit_fd_rele(fp); 6671 } 6672 return (SET_ERROR(error)); 6673 } 6674 6675 /* 6676 * innvl is not used. 6677 * 6678 * outnvl: { 6679 * holdname -> time added (uint64 seconds since epoch) 6680 * ... 6681 * } 6682 */ 6683 static const zfs_ioc_key_t zfs_keys_get_holds[] = { 6684 /* no nvl keys */ 6685 }; 6686 6687 static int 6688 zfs_ioc_get_holds(const char *snapname, nvlist_t *args, nvlist_t *outnvl) 6689 { 6690 (void) args; 6691 return (dsl_dataset_get_holds(snapname, outnvl)); 6692 } 6693 6694 /* 6695 * innvl: { 6696 * snapname -> { holdname, ... } 6697 * ... 6698 * } 6699 * 6700 * outnvl: { 6701 * snapname -> error value (int32) 6702 * ... 6703 * } 6704 */ 6705 static const zfs_ioc_key_t zfs_keys_release[] = { 6706 {"<snapname>...", DATA_TYPE_NVLIST, ZK_WILDCARDLIST}, 6707 }; 6708 6709 static int 6710 zfs_ioc_release(const char *pool, nvlist_t *holds, nvlist_t *errlist) 6711 { 6712 (void) pool; 6713 return (dsl_dataset_user_release(holds, errlist)); 6714 } 6715 6716 /* 6717 * inputs: 6718 * zc_guid flags (ZEVENT_NONBLOCK) 6719 * zc_cleanup_fd zevent file descriptor 6720 * 6721 * outputs: 6722 * zc_nvlist_dst next nvlist event 6723 * zc_cookie dropped events since last get 6724 */ 6725 static int 6726 zfs_ioc_events_next(zfs_cmd_t *zc) 6727 { 6728 zfs_zevent_t *ze; 6729 nvlist_t *event = NULL; 6730 minor_t minor; 6731 uint64_t dropped = 0; 6732 int error; 6733 6734 zfs_file_t *fp = zfs_zevent_fd_hold(zc->zc_cleanup_fd, &minor, &ze); 6735 if (fp == NULL) 6736 return (SET_ERROR(EBADF)); 6737 6738 do { 6739 error = zfs_zevent_next(ze, &event, 6740 &zc->zc_nvlist_dst_size, &dropped); 6741 if (event != NULL) { 6742 zc->zc_cookie = dropped; 6743 error = put_nvlist(zc, event); 6744 nvlist_free(event); 6745 } 6746 6747 if (zc->zc_guid & ZEVENT_NONBLOCK) 6748 break; 6749 6750 if ((error == 0) || (error != ENOENT)) 6751 break; 6752 6753 error = zfs_zevent_wait(ze); 6754 if (error != 0) 6755 break; 6756 } while (1); 6757 6758 zfs_zevent_fd_rele(fp); 6759 6760 return (error); 6761 } 6762 6763 /* 6764 * outputs: 6765 * zc_cookie cleared events count 6766 */ 6767 static int 6768 zfs_ioc_events_clear(zfs_cmd_t *zc) 6769 { 6770 uint_t count; 6771 6772 zfs_zevent_drain_all(&count); 6773 zc->zc_cookie = count; 6774 6775 return (0); 6776 } 6777 6778 /* 6779 * inputs: 6780 * zc_guid eid | ZEVENT_SEEK_START | ZEVENT_SEEK_END 6781 * zc_cleanup zevent file descriptor 6782 */ 6783 static int 6784 zfs_ioc_events_seek(zfs_cmd_t *zc) 6785 { 6786 zfs_zevent_t *ze; 6787 minor_t minor; 6788 int error; 6789 6790 zfs_file_t *fp = zfs_zevent_fd_hold(zc->zc_cleanup_fd, &minor, &ze); 6791 if (fp == NULL) 6792 return (SET_ERROR(EBADF)); 6793 6794 error = zfs_zevent_seek(ze, zc->zc_guid); 6795 zfs_zevent_fd_rele(fp); 6796 6797 return (error); 6798 } 6799 6800 /* 6801 * inputs: 6802 * zc_name name of later filesystem or snapshot 6803 * zc_value full name of old snapshot or bookmark 6804 * 6805 * outputs: 6806 * zc_cookie space in bytes 6807 * zc_objset_type compressed space in bytes 6808 * zc_perm_action uncompressed space in bytes 6809 */ 6810 static int 6811 zfs_ioc_space_written(zfs_cmd_t *zc) 6812 { 6813 int error; 6814 dsl_pool_t *dp; 6815 dsl_dataset_t *new; 6816 6817 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 6818 if (error != 0) 6819 return (error); 6820 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &new); 6821 if (error != 0) { 6822 dsl_pool_rele(dp, FTAG); 6823 return (error); 6824 } 6825 if (strchr(zc->zc_value, '#') != NULL) { 6826 zfs_bookmark_phys_t bmp; 6827 error = dsl_bookmark_lookup(dp, zc->zc_value, 6828 new, &bmp); 6829 if (error == 0) { 6830 error = dsl_dataset_space_written_bookmark(&bmp, new, 6831 &zc->zc_cookie, 6832 &zc->zc_objset_type, &zc->zc_perm_action); 6833 } 6834 } else { 6835 dsl_dataset_t *old; 6836 error = dsl_dataset_hold(dp, zc->zc_value, FTAG, &old); 6837 6838 if (error == 0) { 6839 error = dsl_dataset_space_written(old, new, 6840 &zc->zc_cookie, 6841 &zc->zc_objset_type, &zc->zc_perm_action); 6842 dsl_dataset_rele(old, FTAG); 6843 } 6844 } 6845 dsl_dataset_rele(new, FTAG); 6846 dsl_pool_rele(dp, FTAG); 6847 return (error); 6848 } 6849 6850 /* 6851 * innvl: { 6852 * "firstsnap" -> snapshot name 6853 * } 6854 * 6855 * outnvl: { 6856 * "used" -> space in bytes 6857 * "compressed" -> compressed space in bytes 6858 * "uncompressed" -> uncompressed space in bytes 6859 * } 6860 */ 6861 static const zfs_ioc_key_t zfs_keys_space_snaps[] = { 6862 {"firstsnap", DATA_TYPE_STRING, 0}, 6863 }; 6864 6865 static int 6866 zfs_ioc_space_snaps(const char *lastsnap, nvlist_t *innvl, nvlist_t *outnvl) 6867 { 6868 int error; 6869 dsl_pool_t *dp; 6870 dsl_dataset_t *new, *old; 6871 const char *firstsnap; 6872 uint64_t used, comp, uncomp; 6873 6874 firstsnap = fnvlist_lookup_string(innvl, "firstsnap"); 6875 6876 error = dsl_pool_hold(lastsnap, FTAG, &dp); 6877 if (error != 0) 6878 return (error); 6879 6880 error = dsl_dataset_hold(dp, lastsnap, FTAG, &new); 6881 if (error == 0 && !new->ds_is_snapshot) { 6882 dsl_dataset_rele(new, FTAG); 6883 error = SET_ERROR(EINVAL); 6884 } 6885 if (error != 0) { 6886 dsl_pool_rele(dp, FTAG); 6887 return (error); 6888 } 6889 error = dsl_dataset_hold(dp, firstsnap, FTAG, &old); 6890 if (error == 0 && !old->ds_is_snapshot) { 6891 dsl_dataset_rele(old, FTAG); 6892 error = SET_ERROR(EINVAL); 6893 } 6894 if (error != 0) { 6895 dsl_dataset_rele(new, FTAG); 6896 dsl_pool_rele(dp, FTAG); 6897 return (error); 6898 } 6899 6900 error = dsl_dataset_space_wouldfree(old, new, &used, &comp, &uncomp); 6901 dsl_dataset_rele(old, FTAG); 6902 dsl_dataset_rele(new, FTAG); 6903 dsl_pool_rele(dp, FTAG); 6904 fnvlist_add_uint64(outnvl, "used", used); 6905 fnvlist_add_uint64(outnvl, "compressed", comp); 6906 fnvlist_add_uint64(outnvl, "uncompressed", uncomp); 6907 return (error); 6908 } 6909 6910 /* 6911 * innvl: { 6912 * "fd" -> file descriptor to write stream to (int32) 6913 * (optional) "fromsnap" -> full snap name to send an incremental from 6914 * (optional) "largeblockok" -> (value ignored) 6915 * indicates that blocks > 128KB are permitted 6916 * (optional) "embedok" -> (value ignored) 6917 * presence indicates DRR_WRITE_EMBEDDED records are permitted 6918 * (optional) "compressok" -> (value ignored) 6919 * presence indicates compressed DRR_WRITE records are permitted 6920 * (optional) "rawok" -> (value ignored) 6921 * presence indicates raw encrypted records should be used. 6922 * (optional) "savedok" -> (value ignored) 6923 * presence indicates we should send a partially received snapshot 6924 * (optional) "resume_object" and "resume_offset" -> (uint64) 6925 * if present, resume send stream from specified object and offset. 6926 * (optional) "redactbook" -> (string) 6927 * if present, use this bookmark's redaction list to generate a redacted 6928 * send stream 6929 * } 6930 * 6931 * outnvl is unused 6932 */ 6933 static const zfs_ioc_key_t zfs_keys_send_new[] = { 6934 {"fd", DATA_TYPE_INT32, 0}, 6935 {"fromsnap", DATA_TYPE_STRING, ZK_OPTIONAL}, 6936 {"largeblockok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 6937 {"embedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 6938 {"compressok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 6939 {"rawok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 6940 {"savedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 6941 {"resume_object", DATA_TYPE_UINT64, ZK_OPTIONAL}, 6942 {"resume_offset", DATA_TYPE_UINT64, ZK_OPTIONAL}, 6943 {"redactbook", DATA_TYPE_STRING, ZK_OPTIONAL}, 6944 }; 6945 6946 static int 6947 zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl) 6948 { 6949 (void) outnvl; 6950 int error; 6951 offset_t off; 6952 const char *fromname = NULL; 6953 int fd; 6954 boolean_t largeblockok; 6955 boolean_t embedok; 6956 boolean_t compressok; 6957 boolean_t rawok; 6958 boolean_t savedok; 6959 uint64_t resumeobj = 0; 6960 uint64_t resumeoff = 0; 6961 const char *redactbook = NULL; 6962 6963 fd = fnvlist_lookup_int32(innvl, "fd"); 6964 6965 (void) nvlist_lookup_string(innvl, "fromsnap", &fromname); 6966 6967 largeblockok = nvlist_exists(innvl, "largeblockok"); 6968 embedok = nvlist_exists(innvl, "embedok"); 6969 compressok = nvlist_exists(innvl, "compressok"); 6970 rawok = nvlist_exists(innvl, "rawok"); 6971 savedok = nvlist_exists(innvl, "savedok"); 6972 6973 (void) nvlist_lookup_uint64(innvl, "resume_object", &resumeobj); 6974 (void) nvlist_lookup_uint64(innvl, "resume_offset", &resumeoff); 6975 6976 (void) nvlist_lookup_string(innvl, "redactbook", &redactbook); 6977 6978 dump_bytes_arg_t dba; 6979 dmu_send_outparams_t out; 6980 error = dump_bytes_init(&dba, fd, &out); 6981 if (error) 6982 return (error); 6983 6984 off = zfs_file_off(dba.dba_fp); 6985 error = dmu_send(snapname, fromname, embedok, largeblockok, 6986 compressok, rawok, savedok, resumeobj, resumeoff, 6987 redactbook, fd, &off, &out); 6988 6989 dump_bytes_fini(&dba); 6990 6991 return (error); 6992 } 6993 6994 static int 6995 send_space_sum(objset_t *os, void *buf, int len, void *arg) 6996 { 6997 (void) os, (void) buf; 6998 uint64_t *size = arg; 6999 7000 *size += len; 7001 return (0); 7002 } 7003 7004 /* 7005 * Determine approximately how large a zfs send stream will be -- the number 7006 * of bytes that will be written to the fd supplied to zfs_ioc_send_new(). 7007 * 7008 * innvl: { 7009 * (optional) "from" -> full snap or bookmark name to send an incremental 7010 * from 7011 * (optional) "largeblockok" -> (value ignored) 7012 * indicates that blocks > 128KB are permitted 7013 * (optional) "embedok" -> (value ignored) 7014 * presence indicates DRR_WRITE_EMBEDDED records are permitted 7015 * (optional) "compressok" -> (value ignored) 7016 * presence indicates compressed DRR_WRITE records are permitted 7017 * (optional) "rawok" -> (value ignored) 7018 * presence indicates raw encrypted records should be used. 7019 * (optional) "resume_object" and "resume_offset" -> (uint64) 7020 * if present, resume send stream from specified object and offset. 7021 * (optional) "fd" -> file descriptor to use as a cookie for progress 7022 * tracking (int32) 7023 * } 7024 * 7025 * outnvl: { 7026 * "space" -> bytes of space (uint64) 7027 * } 7028 */ 7029 static const zfs_ioc_key_t zfs_keys_send_space[] = { 7030 {"from", DATA_TYPE_STRING, ZK_OPTIONAL}, 7031 {"fromsnap", DATA_TYPE_STRING, ZK_OPTIONAL}, 7032 {"largeblockok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 7033 {"embedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 7034 {"compressok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 7035 {"rawok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 7036 {"fd", DATA_TYPE_INT32, ZK_OPTIONAL}, 7037 {"redactbook", DATA_TYPE_STRING, ZK_OPTIONAL}, 7038 {"resume_object", DATA_TYPE_UINT64, ZK_OPTIONAL}, 7039 {"resume_offset", DATA_TYPE_UINT64, ZK_OPTIONAL}, 7040 {"bytes", DATA_TYPE_UINT64, ZK_OPTIONAL}, 7041 }; 7042 7043 static int 7044 zfs_ioc_send_space(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl) 7045 { 7046 dsl_pool_t *dp; 7047 dsl_dataset_t *tosnap; 7048 dsl_dataset_t *fromsnap = NULL; 7049 int error; 7050 const char *fromname = NULL; 7051 const char *redactlist_book = NULL; 7052 boolean_t largeblockok; 7053 boolean_t embedok; 7054 boolean_t compressok; 7055 boolean_t rawok; 7056 boolean_t savedok; 7057 uint64_t space = 0; 7058 boolean_t full_estimate = B_FALSE; 7059 uint64_t resumeobj = 0; 7060 uint64_t resumeoff = 0; 7061 uint64_t resume_bytes = 0; 7062 int32_t fd = -1; 7063 zfs_bookmark_phys_t zbm = {0}; 7064 7065 error = dsl_pool_hold(snapname, FTAG, &dp); 7066 if (error != 0) 7067 return (error); 7068 7069 error = dsl_dataset_hold(dp, snapname, FTAG, &tosnap); 7070 if (error != 0) { 7071 dsl_pool_rele(dp, FTAG); 7072 return (error); 7073 } 7074 (void) nvlist_lookup_int32(innvl, "fd", &fd); 7075 7076 largeblockok = nvlist_exists(innvl, "largeblockok"); 7077 embedok = nvlist_exists(innvl, "embedok"); 7078 compressok = nvlist_exists(innvl, "compressok"); 7079 rawok = nvlist_exists(innvl, "rawok"); 7080 savedok = nvlist_exists(innvl, "savedok"); 7081 boolean_t from = (nvlist_lookup_string(innvl, "from", &fromname) == 0); 7082 boolean_t altbook = (nvlist_lookup_string(innvl, "redactbook", 7083 &redactlist_book) == 0); 7084 7085 (void) nvlist_lookup_uint64(innvl, "resume_object", &resumeobj); 7086 (void) nvlist_lookup_uint64(innvl, "resume_offset", &resumeoff); 7087 (void) nvlist_lookup_uint64(innvl, "bytes", &resume_bytes); 7088 7089 if (altbook) { 7090 full_estimate = B_TRUE; 7091 } else if (from) { 7092 if (strchr(fromname, '#')) { 7093 error = dsl_bookmark_lookup(dp, fromname, tosnap, &zbm); 7094 7095 /* 7096 * dsl_bookmark_lookup() will fail with EXDEV if 7097 * the from-bookmark and tosnap are at the same txg. 7098 * However, it's valid to do a send (and therefore, 7099 * a send estimate) from and to the same time point, 7100 * if the bookmark is redacted (the incremental send 7101 * can change what's redacted on the target). In 7102 * this case, dsl_bookmark_lookup() fills in zbm 7103 * but returns EXDEV. Ignore this error. 7104 */ 7105 if (error == EXDEV && zbm.zbm_redaction_obj != 0 && 7106 zbm.zbm_guid == 7107 dsl_dataset_phys(tosnap)->ds_guid) 7108 error = 0; 7109 7110 if (error != 0) { 7111 dsl_dataset_rele(tosnap, FTAG); 7112 dsl_pool_rele(dp, FTAG); 7113 return (error); 7114 } 7115 if (zbm.zbm_redaction_obj != 0 || !(zbm.zbm_flags & 7116 ZBM_FLAG_HAS_FBN)) { 7117 full_estimate = B_TRUE; 7118 } 7119 } else if (strchr(fromname, '@')) { 7120 error = dsl_dataset_hold(dp, fromname, FTAG, &fromsnap); 7121 if (error != 0) { 7122 dsl_dataset_rele(tosnap, FTAG); 7123 dsl_pool_rele(dp, FTAG); 7124 return (error); 7125 } 7126 7127 if (!dsl_dataset_is_before(tosnap, fromsnap, 0)) { 7128 full_estimate = B_TRUE; 7129 dsl_dataset_rele(fromsnap, FTAG); 7130 } 7131 } else { 7132 /* 7133 * from is not properly formatted as a snapshot or 7134 * bookmark 7135 */ 7136 dsl_dataset_rele(tosnap, FTAG); 7137 dsl_pool_rele(dp, FTAG); 7138 return (SET_ERROR(EINVAL)); 7139 } 7140 } 7141 7142 if (full_estimate) { 7143 dmu_send_outparams_t out = {0}; 7144 offset_t off = 0; 7145 out.dso_outfunc = send_space_sum; 7146 out.dso_arg = &space; 7147 out.dso_dryrun = B_TRUE; 7148 /* 7149 * We have to release these holds so dmu_send can take them. It 7150 * will do all the error checking we need. 7151 */ 7152 dsl_dataset_rele(tosnap, FTAG); 7153 dsl_pool_rele(dp, FTAG); 7154 error = dmu_send(snapname, fromname, embedok, largeblockok, 7155 compressok, rawok, savedok, resumeobj, resumeoff, 7156 redactlist_book, fd, &off, &out); 7157 } else { 7158 error = dmu_send_estimate_fast(tosnap, fromsnap, 7159 (from && strchr(fromname, '#') != NULL ? &zbm : NULL), 7160 compressok || rawok, savedok, &space); 7161 space -= resume_bytes; 7162 if (fromsnap != NULL) 7163 dsl_dataset_rele(fromsnap, FTAG); 7164 dsl_dataset_rele(tosnap, FTAG); 7165 dsl_pool_rele(dp, FTAG); 7166 } 7167 7168 fnvlist_add_uint64(outnvl, "space", space); 7169 7170 return (error); 7171 } 7172 7173 /* 7174 * Sync the currently open TXG to disk for the specified pool. 7175 * This is somewhat similar to 'zfs_sync()'. 7176 * For cases that do not result in error this ioctl will wait for 7177 * the currently open TXG to commit before returning back to the caller. 7178 * 7179 * innvl: { 7180 * "force" -> when true, force uberblock update even if there is no dirty data. 7181 * In addition this will cause the vdev configuration to be written 7182 * out including updating the zpool cache file. (boolean_t) 7183 * } 7184 * 7185 * onvl is unused 7186 */ 7187 static const zfs_ioc_key_t zfs_keys_pool_sync[] = { 7188 {"force", DATA_TYPE_BOOLEAN_VALUE, 0}, 7189 }; 7190 7191 static int 7192 zfs_ioc_pool_sync(const char *pool, nvlist_t *innvl, nvlist_t *onvl) 7193 { 7194 (void) onvl; 7195 int err; 7196 boolean_t rc, force = B_FALSE; 7197 spa_t *spa; 7198 7199 if ((err = spa_open(pool, &spa, FTAG)) != 0) 7200 return (err); 7201 7202 if (innvl) { 7203 err = nvlist_lookup_boolean_value(innvl, "force", &rc); 7204 if (err == 0) 7205 force = rc; 7206 } 7207 7208 if (force) { 7209 spa_config_enter(spa, SCL_CONFIG, FTAG, RW_WRITER); 7210 vdev_config_dirty(spa->spa_root_vdev); 7211 spa_config_exit(spa, SCL_CONFIG, FTAG); 7212 } 7213 txg_wait_synced(spa_get_dsl(spa), 0); 7214 7215 spa_close(spa, FTAG); 7216 7217 return (0); 7218 } 7219 7220 /* 7221 * Load a user's wrapping key into the kernel. 7222 * innvl: { 7223 * "hidden_args" -> { "wkeydata" -> value } 7224 * raw uint8_t array of encryption wrapping key data (32 bytes) 7225 * (optional) "noop" -> (value ignored) 7226 * presence indicated key should only be verified, not loaded 7227 * } 7228 */ 7229 static const zfs_ioc_key_t zfs_keys_load_key[] = { 7230 {"hidden_args", DATA_TYPE_NVLIST, 0}, 7231 {"noop", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 7232 }; 7233 7234 static int 7235 zfs_ioc_load_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl) 7236 { 7237 (void) outnvl; 7238 int ret; 7239 dsl_crypto_params_t *dcp = NULL; 7240 nvlist_t *hidden_args; 7241 boolean_t noop = nvlist_exists(innvl, "noop"); 7242 7243 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) { 7244 ret = SET_ERROR(EINVAL); 7245 goto error; 7246 } 7247 7248 hidden_args = fnvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS); 7249 7250 ret = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, NULL, 7251 hidden_args, &dcp); 7252 if (ret != 0) 7253 goto error; 7254 7255 ret = spa_keystore_load_wkey(dsname, dcp, noop); 7256 if (ret != 0) 7257 goto error; 7258 7259 dsl_crypto_params_free(dcp, noop); 7260 7261 return (0); 7262 7263 error: 7264 dsl_crypto_params_free(dcp, B_TRUE); 7265 return (ret); 7266 } 7267 7268 /* 7269 * Unload a user's wrapping key from the kernel. 7270 * Both innvl and outnvl are unused. 7271 */ 7272 static const zfs_ioc_key_t zfs_keys_unload_key[] = { 7273 /* no nvl keys */ 7274 }; 7275 7276 static int 7277 zfs_ioc_unload_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl) 7278 { 7279 (void) innvl, (void) outnvl; 7280 int ret = 0; 7281 7282 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) { 7283 ret = (SET_ERROR(EINVAL)); 7284 goto out; 7285 } 7286 7287 ret = spa_keystore_unload_wkey(dsname); 7288 if (ret != 0) 7289 goto out; 7290 7291 out: 7292 return (ret); 7293 } 7294 7295 /* 7296 * Changes a user's wrapping key used to decrypt a dataset. The keyformat, 7297 * keylocation, pbkdf2salt, and pbkdf2iters properties can also be specified 7298 * here to change how the key is derived in userspace. 7299 * 7300 * innvl: { 7301 * "hidden_args" (optional) -> { "wkeydata" -> value } 7302 * raw uint8_t array of new encryption wrapping key data (32 bytes) 7303 * "props" (optional) -> { prop -> value } 7304 * } 7305 * 7306 * outnvl is unused 7307 */ 7308 static const zfs_ioc_key_t zfs_keys_change_key[] = { 7309 {"crypt_cmd", DATA_TYPE_UINT64, ZK_OPTIONAL}, 7310 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 7311 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 7312 }; 7313 7314 static int 7315 zfs_ioc_change_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl) 7316 { 7317 (void) outnvl; 7318 int ret; 7319 uint64_t cmd = DCP_CMD_NONE; 7320 dsl_crypto_params_t *dcp = NULL; 7321 nvlist_t *args = NULL, *hidden_args = NULL; 7322 7323 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) { 7324 ret = (SET_ERROR(EINVAL)); 7325 goto error; 7326 } 7327 7328 (void) nvlist_lookup_uint64(innvl, "crypt_cmd", &cmd); 7329 (void) nvlist_lookup_nvlist(innvl, "props", &args); 7330 (void) nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args); 7331 7332 ret = dsl_crypto_params_create_nvlist(cmd, args, hidden_args, &dcp); 7333 if (ret != 0) 7334 goto error; 7335 7336 ret = spa_keystore_change_key(dsname, dcp); 7337 if (ret != 0) 7338 goto error; 7339 7340 dsl_crypto_params_free(dcp, B_FALSE); 7341 7342 return (0); 7343 7344 error: 7345 dsl_crypto_params_free(dcp, B_TRUE); 7346 return (ret); 7347 } 7348 7349 static zfs_ioc_vec_t zfs_ioc_vec[ZFS_IOC_LAST - ZFS_IOC_FIRST]; 7350 7351 static void 7352 zfs_ioctl_register_legacy(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 7353 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck, 7354 boolean_t log_history, zfs_ioc_poolcheck_t pool_check) 7355 { 7356 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST]; 7357 7358 ASSERT3U(ioc, >=, ZFS_IOC_FIRST); 7359 ASSERT3U(ioc, <, ZFS_IOC_LAST); 7360 ASSERT0P(vec->zvec_legacy_func); 7361 ASSERT0P(vec->zvec_func); 7362 7363 vec->zvec_legacy_func = func; 7364 vec->zvec_secpolicy = secpolicy; 7365 vec->zvec_namecheck = namecheck; 7366 vec->zvec_allow_log = log_history; 7367 vec->zvec_pool_check = pool_check; 7368 } 7369 7370 /* 7371 * See the block comment at the beginning of this file for details on 7372 * each argument to this function. 7373 */ 7374 void 7375 zfs_ioctl_register(const char *name, zfs_ioc_t ioc, zfs_ioc_func_t *func, 7376 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck, 7377 zfs_ioc_poolcheck_t pool_check, boolean_t smush_outnvlist, 7378 boolean_t allow_log, const zfs_ioc_key_t *nvl_keys, size_t num_keys) 7379 { 7380 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST]; 7381 7382 ASSERT3U(ioc, >=, ZFS_IOC_FIRST); 7383 ASSERT3U(ioc, <, ZFS_IOC_LAST); 7384 ASSERT0P(vec->zvec_legacy_func); 7385 ASSERT0P(vec->zvec_func); 7386 7387 /* if we are logging, the name must be valid */ 7388 ASSERT(!allow_log || namecheck != NO_NAME); 7389 7390 vec->zvec_name = name; 7391 vec->zvec_func = func; 7392 vec->zvec_secpolicy = secpolicy; 7393 vec->zvec_namecheck = namecheck; 7394 vec->zvec_pool_check = pool_check; 7395 vec->zvec_smush_outnvlist = smush_outnvlist; 7396 vec->zvec_allow_log = allow_log; 7397 vec->zvec_nvl_keys = nvl_keys; 7398 vec->zvec_nvl_key_count = num_keys; 7399 } 7400 7401 static void 7402 zfs_ioctl_register_pool(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 7403 zfs_secpolicy_func_t *secpolicy, boolean_t log_history, 7404 zfs_ioc_poolcheck_t pool_check) 7405 { 7406 zfs_ioctl_register_legacy(ioc, func, secpolicy, 7407 POOL_NAME, log_history, pool_check); 7408 } 7409 7410 void 7411 zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 7412 zfs_secpolicy_func_t *secpolicy, zfs_ioc_poolcheck_t pool_check) 7413 { 7414 zfs_ioctl_register_legacy(ioc, func, secpolicy, 7415 DATASET_NAME, B_FALSE, pool_check); 7416 } 7417 7418 static void 7419 zfs_ioctl_register_pool_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func) 7420 { 7421 zfs_ioctl_register_legacy(ioc, func, zfs_secpolicy_config, 7422 POOL_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 7423 } 7424 7425 static void 7426 zfs_ioctl_register_pool_meta(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 7427 zfs_secpolicy_func_t *secpolicy) 7428 { 7429 zfs_ioctl_register_legacy(ioc, func, secpolicy, 7430 NO_NAME, B_FALSE, POOL_CHECK_NONE); 7431 } 7432 7433 static void 7434 zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc, 7435 zfs_ioc_legacy_func_t *func, zfs_secpolicy_func_t *secpolicy) 7436 { 7437 zfs_ioctl_register_legacy(ioc, func, secpolicy, 7438 DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED); 7439 } 7440 7441 static void 7442 zfs_ioctl_register_dataset_read(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func) 7443 { 7444 zfs_ioctl_register_dataset_read_secpolicy(ioc, func, 7445 zfs_secpolicy_read); 7446 } 7447 7448 static void 7449 zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 7450 zfs_secpolicy_func_t *secpolicy) 7451 { 7452 zfs_ioctl_register_legacy(ioc, func, secpolicy, 7453 DATASET_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 7454 } 7455 7456 static void 7457 zfs_ioctl_init(void) 7458 { 7459 zfs_ioctl_register("snapshot", ZFS_IOC_SNAPSHOT, 7460 zfs_ioc_snapshot, zfs_secpolicy_snapshot, POOL_NAME, 7461 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7462 zfs_keys_snapshot, ARRAY_SIZE(zfs_keys_snapshot)); 7463 7464 zfs_ioctl_register("log_history", ZFS_IOC_LOG_HISTORY, 7465 zfs_ioc_log_history, zfs_secpolicy_log_history, NO_NAME, 7466 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE, 7467 zfs_keys_log_history, ARRAY_SIZE(zfs_keys_log_history)); 7468 7469 zfs_ioctl_register("space_snaps", ZFS_IOC_SPACE_SNAPS, 7470 zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME, 7471 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE, 7472 zfs_keys_space_snaps, ARRAY_SIZE(zfs_keys_space_snaps)); 7473 7474 zfs_ioctl_register("send", ZFS_IOC_SEND_NEW, 7475 zfs_ioc_send_new, zfs_secpolicy_send_new, DATASET_NAME, 7476 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE, 7477 zfs_keys_send_new, ARRAY_SIZE(zfs_keys_send_new)); 7478 7479 zfs_ioctl_register("send_space", ZFS_IOC_SEND_SPACE, 7480 zfs_ioc_send_space, zfs_secpolicy_read, DATASET_NAME, 7481 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE, 7482 zfs_keys_send_space, ARRAY_SIZE(zfs_keys_send_space)); 7483 7484 zfs_ioctl_register("create", ZFS_IOC_CREATE, 7485 zfs_ioc_create, zfs_secpolicy_create_clone, DATASET_NAME, 7486 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7487 zfs_keys_create, ARRAY_SIZE(zfs_keys_create)); 7488 7489 zfs_ioctl_register("clone", ZFS_IOC_CLONE, 7490 zfs_ioc_clone, zfs_secpolicy_create_clone, DATASET_NAME, 7491 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7492 zfs_keys_clone, ARRAY_SIZE(zfs_keys_clone)); 7493 7494 zfs_ioctl_register("remap", ZFS_IOC_REMAP, 7495 zfs_ioc_remap, zfs_secpolicy_none, DATASET_NAME, 7496 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE, 7497 zfs_keys_remap, ARRAY_SIZE(zfs_keys_remap)); 7498 7499 zfs_ioctl_register("destroy_snaps", ZFS_IOC_DESTROY_SNAPS, 7500 zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, POOL_NAME, 7501 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7502 zfs_keys_destroy_snaps, ARRAY_SIZE(zfs_keys_destroy_snaps)); 7503 7504 zfs_ioctl_register("hold", ZFS_IOC_HOLD, 7505 zfs_ioc_hold, zfs_secpolicy_hold, POOL_NAME, 7506 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7507 zfs_keys_hold, ARRAY_SIZE(zfs_keys_hold)); 7508 zfs_ioctl_register("release", ZFS_IOC_RELEASE, 7509 zfs_ioc_release, zfs_secpolicy_release, POOL_NAME, 7510 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7511 zfs_keys_release, ARRAY_SIZE(zfs_keys_release)); 7512 7513 zfs_ioctl_register("get_holds", ZFS_IOC_GET_HOLDS, 7514 zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME, 7515 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE, 7516 zfs_keys_get_holds, ARRAY_SIZE(zfs_keys_get_holds)); 7517 7518 zfs_ioctl_register("rollback", ZFS_IOC_ROLLBACK, 7519 zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME, 7520 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE, 7521 zfs_keys_rollback, ARRAY_SIZE(zfs_keys_rollback)); 7522 7523 zfs_ioctl_register("bookmark", ZFS_IOC_BOOKMARK, 7524 zfs_ioc_bookmark, zfs_secpolicy_bookmark, POOL_NAME, 7525 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7526 zfs_keys_bookmark, ARRAY_SIZE(zfs_keys_bookmark)); 7527 7528 zfs_ioctl_register("get_bookmarks", ZFS_IOC_GET_BOOKMARKS, 7529 zfs_ioc_get_bookmarks, zfs_secpolicy_read, DATASET_NAME, 7530 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE, 7531 zfs_keys_get_bookmarks, ARRAY_SIZE(zfs_keys_get_bookmarks)); 7532 7533 zfs_ioctl_register("get_bookmark_props", ZFS_IOC_GET_BOOKMARK_PROPS, 7534 zfs_ioc_get_bookmark_props, zfs_secpolicy_read, ENTITY_NAME, 7535 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE, zfs_keys_get_bookmark_props, 7536 ARRAY_SIZE(zfs_keys_get_bookmark_props)); 7537 7538 zfs_ioctl_register("destroy_bookmarks", ZFS_IOC_DESTROY_BOOKMARKS, 7539 zfs_ioc_destroy_bookmarks, zfs_secpolicy_destroy_bookmarks, 7540 POOL_NAME, 7541 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7542 zfs_keys_destroy_bookmarks, 7543 ARRAY_SIZE(zfs_keys_destroy_bookmarks)); 7544 7545 zfs_ioctl_register("receive", ZFS_IOC_RECV_NEW, 7546 zfs_ioc_recv_new, zfs_secpolicy_recv, DATASET_NAME, 7547 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7548 zfs_keys_recv_new, ARRAY_SIZE(zfs_keys_recv_new)); 7549 zfs_ioctl_register("load-key", ZFS_IOC_LOAD_KEY, 7550 zfs_ioc_load_key, zfs_secpolicy_load_key, 7551 DATASET_NAME, POOL_CHECK_SUSPENDED, B_TRUE, B_TRUE, 7552 zfs_keys_load_key, ARRAY_SIZE(zfs_keys_load_key)); 7553 zfs_ioctl_register("unload-key", ZFS_IOC_UNLOAD_KEY, 7554 zfs_ioc_unload_key, zfs_secpolicy_load_key, 7555 DATASET_NAME, POOL_CHECK_SUSPENDED, B_TRUE, B_TRUE, 7556 zfs_keys_unload_key, ARRAY_SIZE(zfs_keys_unload_key)); 7557 zfs_ioctl_register("change-key", ZFS_IOC_CHANGE_KEY, 7558 zfs_ioc_change_key, zfs_secpolicy_change_key, 7559 DATASET_NAME, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, 7560 B_TRUE, B_TRUE, zfs_keys_change_key, 7561 ARRAY_SIZE(zfs_keys_change_key)); 7562 7563 zfs_ioctl_register("sync", ZFS_IOC_POOL_SYNC, 7564 zfs_ioc_pool_sync, zfs_secpolicy_none, POOL_NAME, 7565 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE, 7566 zfs_keys_pool_sync, ARRAY_SIZE(zfs_keys_pool_sync)); 7567 zfs_ioctl_register("reopen", ZFS_IOC_POOL_REOPEN, zfs_ioc_pool_reopen, 7568 zfs_secpolicy_config, POOL_NAME, POOL_CHECK_SUSPENDED, B_TRUE, 7569 B_TRUE, zfs_keys_pool_reopen, ARRAY_SIZE(zfs_keys_pool_reopen)); 7570 7571 zfs_ioctl_register("channel_program", ZFS_IOC_CHANNEL_PROGRAM, 7572 zfs_ioc_channel_program, zfs_secpolicy_config, 7573 POOL_NAME, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, 7574 B_TRUE, zfs_keys_channel_program, 7575 ARRAY_SIZE(zfs_keys_channel_program)); 7576 7577 zfs_ioctl_register("redact", ZFS_IOC_REDACT, 7578 zfs_ioc_redact, zfs_secpolicy_config, DATASET_NAME, 7579 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7580 zfs_keys_redact, ARRAY_SIZE(zfs_keys_redact)); 7581 7582 zfs_ioctl_register("zpool_checkpoint", ZFS_IOC_POOL_CHECKPOINT, 7583 zfs_ioc_pool_checkpoint, zfs_secpolicy_config, POOL_NAME, 7584 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7585 zfs_keys_pool_checkpoint, ARRAY_SIZE(zfs_keys_pool_checkpoint)); 7586 7587 zfs_ioctl_register("zpool_discard_checkpoint", 7588 ZFS_IOC_POOL_DISCARD_CHECKPOINT, zfs_ioc_pool_discard_checkpoint, 7589 zfs_secpolicy_config, POOL_NAME, 7590 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7591 zfs_keys_pool_discard_checkpoint, 7592 ARRAY_SIZE(zfs_keys_pool_discard_checkpoint)); 7593 7594 zfs_ioctl_register("zpool_prefetch", 7595 ZFS_IOC_POOL_PREFETCH, zfs_ioc_pool_prefetch, 7596 zfs_secpolicy_config, POOL_NAME, 7597 POOL_CHECK_SUSPENDED, B_TRUE, B_TRUE, 7598 zfs_keys_pool_prefetch, ARRAY_SIZE(zfs_keys_pool_prefetch)); 7599 7600 zfs_ioctl_register("initialize", ZFS_IOC_POOL_INITIALIZE, 7601 zfs_ioc_pool_initialize, zfs_secpolicy_config, POOL_NAME, 7602 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7603 zfs_keys_pool_initialize, ARRAY_SIZE(zfs_keys_pool_initialize)); 7604 7605 zfs_ioctl_register("trim", ZFS_IOC_POOL_TRIM, 7606 zfs_ioc_pool_trim, zfs_secpolicy_config, POOL_NAME, 7607 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7608 zfs_keys_pool_trim, ARRAY_SIZE(zfs_keys_pool_trim)); 7609 7610 zfs_ioctl_register("wait", ZFS_IOC_WAIT, 7611 zfs_ioc_wait, zfs_secpolicy_none, POOL_NAME, 7612 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE, 7613 zfs_keys_pool_wait, ARRAY_SIZE(zfs_keys_pool_wait)); 7614 7615 zfs_ioctl_register("wait_fs", ZFS_IOC_WAIT_FS, 7616 zfs_ioc_wait_fs, zfs_secpolicy_none, DATASET_NAME, 7617 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE, 7618 zfs_keys_fs_wait, ARRAY_SIZE(zfs_keys_fs_wait)); 7619 7620 zfs_ioctl_register("set_bootenv", ZFS_IOC_SET_BOOTENV, 7621 zfs_ioc_set_bootenv, zfs_secpolicy_config, POOL_NAME, 7622 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE, 7623 zfs_keys_set_bootenv, ARRAY_SIZE(zfs_keys_set_bootenv)); 7624 7625 zfs_ioctl_register("get_bootenv", ZFS_IOC_GET_BOOTENV, 7626 zfs_ioc_get_bootenv, zfs_secpolicy_none, POOL_NAME, 7627 POOL_CHECK_SUSPENDED, B_FALSE, B_TRUE, 7628 zfs_keys_get_bootenv, ARRAY_SIZE(zfs_keys_get_bootenv)); 7629 7630 zfs_ioctl_register("zpool_vdev_get_props", ZFS_IOC_VDEV_GET_PROPS, 7631 zfs_ioc_vdev_get_props, zfs_secpolicy_read, POOL_NAME, 7632 POOL_CHECK_NONE, B_FALSE, B_FALSE, zfs_keys_vdev_get_props, 7633 ARRAY_SIZE(zfs_keys_vdev_get_props)); 7634 7635 zfs_ioctl_register("zpool_vdev_set_props", ZFS_IOC_VDEV_SET_PROPS, 7636 zfs_ioc_vdev_set_props, zfs_secpolicy_config, POOL_NAME, 7637 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE, 7638 zfs_keys_vdev_set_props, ARRAY_SIZE(zfs_keys_vdev_set_props)); 7639 7640 zfs_ioctl_register("scrub", ZFS_IOC_POOL_SCRUB, 7641 zfs_ioc_pool_scrub, zfs_secpolicy_config, POOL_NAME, 7642 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7643 zfs_keys_pool_scrub, ARRAY_SIZE(zfs_keys_pool_scrub)); 7644 7645 zfs_ioctl_register("get_props", ZFS_IOC_POOL_GET_PROPS, 7646 zfs_ioc_pool_get_props, zfs_secpolicy_read, POOL_NAME, 7647 POOL_CHECK_NONE, B_FALSE, B_FALSE, 7648 zfs_keys_get_props, ARRAY_SIZE(zfs_keys_get_props)); 7649 7650 zfs_ioctl_register("zpool_ddt_prune", ZFS_IOC_DDT_PRUNE, 7651 zfs_ioc_ddt_prune, zfs_secpolicy_config, POOL_NAME, 7652 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7653 zfs_keys_ddt_prune, ARRAY_SIZE(zfs_keys_ddt_prune)); 7654 7655 /* IOCTLS that use the legacy function signature */ 7656 7657 zfs_ioctl_register_legacy(ZFS_IOC_POOL_FREEZE, zfs_ioc_pool_freeze, 7658 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_READONLY); 7659 7660 zfs_ioctl_register_pool(ZFS_IOC_POOL_CREATE, zfs_ioc_pool_create, 7661 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE); 7662 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SCAN, 7663 zfs_ioc_pool_scan); 7664 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_UPGRADE, 7665 zfs_ioc_pool_upgrade); 7666 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ADD, 7667 zfs_ioc_vdev_add); 7668 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_REMOVE, 7669 zfs_ioc_vdev_remove); 7670 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SET_STATE, 7671 zfs_ioc_vdev_set_state); 7672 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ATTACH, 7673 zfs_ioc_vdev_attach); 7674 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_DETACH, 7675 zfs_ioc_vdev_detach); 7676 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETPATH, 7677 zfs_ioc_vdev_setpath); 7678 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETFRU, 7679 zfs_ioc_vdev_setfru); 7680 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SET_PROPS, 7681 zfs_ioc_pool_set_props); 7682 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SPLIT, 7683 zfs_ioc_vdev_split); 7684 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_REGUID, 7685 zfs_ioc_pool_reguid); 7686 7687 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_CONFIGS, 7688 zfs_ioc_pool_configs, zfs_secpolicy_none); 7689 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_TRYIMPORT, 7690 zfs_ioc_pool_tryimport, zfs_secpolicy_config); 7691 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_FAULT, 7692 zfs_ioc_inject_fault, zfs_secpolicy_inject); 7693 zfs_ioctl_register_pool_meta(ZFS_IOC_CLEAR_FAULT, 7694 zfs_ioc_clear_fault, zfs_secpolicy_inject); 7695 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_LIST_NEXT, 7696 zfs_ioc_inject_list_next, zfs_secpolicy_inject); 7697 7698 /* 7699 * pool destroy, and export don't log the history as part of 7700 * zfsdev_ioctl, but rather zfs_ioc_pool_export 7701 * does the logging of those commands. 7702 */ 7703 zfs_ioctl_register_pool(ZFS_IOC_POOL_DESTROY, zfs_ioc_pool_destroy, 7704 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED); 7705 zfs_ioctl_register_pool(ZFS_IOC_POOL_EXPORT, zfs_ioc_pool_export, 7706 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED); 7707 7708 zfs_ioctl_register_pool(ZFS_IOC_POOL_STATS, zfs_ioc_pool_stats, 7709 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE); 7710 7711 zfs_ioctl_register_pool(ZFS_IOC_ERROR_LOG, zfs_ioc_error_log, 7712 zfs_secpolicy_inject, B_FALSE, POOL_CHECK_SUSPENDED); 7713 zfs_ioctl_register_pool(ZFS_IOC_DSOBJ_TO_DSNAME, 7714 zfs_ioc_dsobj_to_dsname, 7715 zfs_secpolicy_diff, B_FALSE, POOL_CHECK_SUSPENDED); 7716 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_HISTORY, 7717 zfs_ioc_pool_get_history, 7718 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED); 7719 7720 zfs_ioctl_register_pool(ZFS_IOC_POOL_IMPORT, zfs_ioc_pool_import, 7721 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE); 7722 7723 zfs_ioctl_register_pool(ZFS_IOC_CLEAR, zfs_ioc_clear, 7724 zfs_secpolicy_config, B_TRUE, POOL_CHECK_READONLY); 7725 7726 zfs_ioctl_register_dataset_read(ZFS_IOC_SPACE_WRITTEN, 7727 zfs_ioc_space_written); 7728 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_RECVD_PROPS, 7729 zfs_ioc_objset_recvd_props); 7730 zfs_ioctl_register_dataset_read(ZFS_IOC_NEXT_OBJ, 7731 zfs_ioc_next_obj); 7732 zfs_ioctl_register_dataset_read(ZFS_IOC_GET_FSACL, 7733 zfs_ioc_get_fsacl); 7734 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_STATS, 7735 zfs_ioc_objset_stats); 7736 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_ZPLPROPS, 7737 zfs_ioc_objset_zplprops); 7738 zfs_ioctl_register_dataset_read(ZFS_IOC_DATASET_LIST_NEXT, 7739 zfs_ioc_dataset_list_next); 7740 zfs_ioctl_register_dataset_read(ZFS_IOC_SNAPSHOT_LIST_NEXT, 7741 zfs_ioc_snapshot_list_next); 7742 zfs_ioctl_register_dataset_read(ZFS_IOC_SEND_PROGRESS, 7743 zfs_ioc_send_progress); 7744 7745 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_DIFF, 7746 zfs_ioc_diff, zfs_secpolicy_diff); 7747 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_STATS, 7748 zfs_ioc_obj_to_stats, zfs_secpolicy_diff); 7749 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_PATH, 7750 zfs_ioc_obj_to_path, zfs_secpolicy_diff); 7751 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_ONE, 7752 zfs_ioc_userspace_one, zfs_secpolicy_userspace_one); 7753 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_MANY, 7754 zfs_ioc_userspace_many, zfs_secpolicy_userspace_many); 7755 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_SEND, 7756 zfs_ioc_send, zfs_secpolicy_send); 7757 7758 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_PROP, zfs_ioc_set_prop, 7759 zfs_secpolicy_none); 7760 zfs_ioctl_register_dataset_modify(ZFS_IOC_DESTROY, zfs_ioc_destroy, 7761 zfs_secpolicy_destroy); 7762 zfs_ioctl_register_dataset_modify(ZFS_IOC_RENAME, zfs_ioc_rename, 7763 zfs_secpolicy_rename); 7764 zfs_ioctl_register_dataset_modify(ZFS_IOC_RECV, zfs_ioc_recv, 7765 zfs_secpolicy_recv); 7766 zfs_ioctl_register_dataset_modify(ZFS_IOC_PROMOTE, zfs_ioc_promote, 7767 zfs_secpolicy_promote); 7768 zfs_ioctl_register_dataset_modify(ZFS_IOC_INHERIT_PROP, 7769 zfs_ioc_inherit_prop, zfs_secpolicy_inherit_prop); 7770 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_FSACL, zfs_ioc_set_fsacl, 7771 zfs_secpolicy_set_fsacl); 7772 7773 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SHARE, zfs_ioc_share, 7774 zfs_secpolicy_share, POOL_CHECK_NONE); 7775 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SMB_ACL, zfs_ioc_smb_acl, 7776 zfs_secpolicy_smb_acl, POOL_CHECK_NONE); 7777 zfs_ioctl_register_dataset_nolog(ZFS_IOC_USERSPACE_UPGRADE, 7778 zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade, 7779 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 7780 zfs_ioctl_register_dataset_nolog(ZFS_IOC_TMP_SNAPSHOT, 7781 zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot, 7782 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 7783 7784 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_NEXT, zfs_ioc_events_next, 7785 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE); 7786 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_CLEAR, zfs_ioc_events_clear, 7787 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE); 7788 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_SEEK, zfs_ioc_events_seek, 7789 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE); 7790 7791 zfs_ioctl_init_os(); 7792 } 7793 7794 /* 7795 * Verify that for non-legacy ioctls the input nvlist 7796 * pairs match against the expected input. 7797 * 7798 * Possible errors are: 7799 * ZFS_ERR_IOC_ARG_UNAVAIL An unrecognized nvpair was encountered 7800 * ZFS_ERR_IOC_ARG_REQUIRED A required nvpair is missing 7801 * ZFS_ERR_IOC_ARG_BADTYPE Invalid type for nvpair 7802 */ 7803 static int 7804 zfs_check_input_nvpairs(nvlist_t *innvl, const zfs_ioc_vec_t *vec) 7805 { 7806 const zfs_ioc_key_t *nvl_keys = vec->zvec_nvl_keys; 7807 boolean_t required_keys_found = B_FALSE; 7808 7809 /* 7810 * examine each input pair 7811 */ 7812 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL); 7813 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) { 7814 const char *name = nvpair_name(pair); 7815 data_type_t type = nvpair_type(pair); 7816 boolean_t identified = B_FALSE; 7817 7818 /* 7819 * check pair against the documented names and type 7820 */ 7821 for (int k = 0; k < vec->zvec_nvl_key_count; k++) { 7822 /* if not a wild card name, check for an exact match */ 7823 if ((nvl_keys[k].zkey_flags & ZK_WILDCARDLIST) == 0 && 7824 strcmp(nvl_keys[k].zkey_name, name) != 0) 7825 continue; 7826 7827 identified = B_TRUE; 7828 7829 if (nvl_keys[k].zkey_type != DATA_TYPE_ANY && 7830 nvl_keys[k].zkey_type != type) { 7831 return (SET_ERROR(ZFS_ERR_IOC_ARG_BADTYPE)); 7832 } 7833 7834 if (nvl_keys[k].zkey_flags & ZK_OPTIONAL) 7835 continue; 7836 7837 required_keys_found = B_TRUE; 7838 break; 7839 } 7840 7841 /* allow an 'optional' key, everything else is invalid */ 7842 if (!identified && 7843 (strcmp(name, "optional") != 0 || 7844 type != DATA_TYPE_NVLIST)) { 7845 return (SET_ERROR(ZFS_ERR_IOC_ARG_UNAVAIL)); 7846 } 7847 } 7848 7849 /* verify that all required keys were found */ 7850 for (int k = 0; k < vec->zvec_nvl_key_count; k++) { 7851 if (nvl_keys[k].zkey_flags & ZK_OPTIONAL) 7852 continue; 7853 7854 if (nvl_keys[k].zkey_flags & ZK_WILDCARDLIST) { 7855 /* at least one non-optional key is expected here */ 7856 if (!required_keys_found) 7857 return (SET_ERROR(ZFS_ERR_IOC_ARG_REQUIRED)); 7858 continue; 7859 } 7860 7861 if (!nvlist_exists(innvl, nvl_keys[k].zkey_name)) 7862 return (SET_ERROR(ZFS_ERR_IOC_ARG_REQUIRED)); 7863 } 7864 7865 return (0); 7866 } 7867 7868 static int 7869 pool_status_check(const char *name, zfs_ioc_namecheck_t type, 7870 zfs_ioc_poolcheck_t check) 7871 { 7872 spa_t *spa; 7873 int error; 7874 7875 ASSERT(type == POOL_NAME || type == DATASET_NAME || 7876 type == ENTITY_NAME); 7877 7878 if (check & POOL_CHECK_NONE) 7879 return (0); 7880 7881 error = spa_open(name, &spa, FTAG); 7882 if (error == 0) { 7883 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa)) 7884 error = SET_ERROR(EAGAIN); 7885 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa)) 7886 error = SET_ERROR(EROFS); 7887 spa_close(spa, FTAG); 7888 } 7889 return (error); 7890 } 7891 7892 int 7893 zfsdev_getminor(zfs_file_t *fp, minor_t *minorp) 7894 { 7895 zfsdev_state_t *zs, *fpd; 7896 7897 ASSERT(!MUTEX_HELD(&zfsdev_state_lock)); 7898 7899 fpd = zfs_file_private(fp); 7900 if (fpd == NULL) 7901 return (SET_ERROR(EBADF)); 7902 7903 mutex_enter(&zfsdev_state_lock); 7904 7905 for (zs = &zfsdev_state_listhead; zs != NULL; zs = zs->zs_next) { 7906 7907 if (zs->zs_minor == -1) 7908 continue; 7909 7910 if (fpd == zs) { 7911 *minorp = fpd->zs_minor; 7912 mutex_exit(&zfsdev_state_lock); 7913 return (0); 7914 } 7915 } 7916 7917 mutex_exit(&zfsdev_state_lock); 7918 7919 return (SET_ERROR(EBADF)); 7920 } 7921 7922 void * 7923 zfsdev_get_state(minor_t minor, enum zfsdev_state_type which) 7924 { 7925 zfsdev_state_t *zs; 7926 7927 for (zs = &zfsdev_state_listhead; zs != NULL; zs = zs->zs_next) { 7928 if (zs->zs_minor == minor) { 7929 membar_consumer(); 7930 switch (which) { 7931 case ZST_ONEXIT: 7932 return (zs->zs_onexit); 7933 case ZST_ZEVENT: 7934 return (zs->zs_zevent); 7935 case ZST_ALL: 7936 return (zs); 7937 } 7938 } 7939 } 7940 7941 return (NULL); 7942 } 7943 7944 /* 7945 * Find a free minor number. The zfsdev_state_list is expected to 7946 * be short since it is only a list of currently open file handles. 7947 */ 7948 static minor_t 7949 zfsdev_minor_alloc(void) 7950 { 7951 static minor_t last_minor = 0; 7952 minor_t m; 7953 7954 ASSERT(MUTEX_HELD(&zfsdev_state_lock)); 7955 7956 for (m = last_minor + 1; m != last_minor; m++) { 7957 if (m > ZFSDEV_MAX_MINOR) 7958 m = 1; 7959 if (zfsdev_get_state(m, ZST_ALL) == NULL) { 7960 last_minor = m; 7961 return (m); 7962 } 7963 } 7964 7965 return (0); 7966 } 7967 7968 int 7969 zfsdev_state_init(void *priv) 7970 { 7971 zfsdev_state_t *zs, *zsprev = NULL; 7972 minor_t minor; 7973 boolean_t newzs = B_FALSE; 7974 7975 ASSERT(MUTEX_HELD(&zfsdev_state_lock)); 7976 7977 minor = zfsdev_minor_alloc(); 7978 if (minor == 0) 7979 return (SET_ERROR(ENXIO)); 7980 7981 for (zs = &zfsdev_state_listhead; zs != NULL; zs = zs->zs_next) { 7982 if (zs->zs_minor == -1) 7983 break; 7984 zsprev = zs; 7985 } 7986 7987 if (!zs) { 7988 zs = kmem_zalloc(sizeof (zfsdev_state_t), KM_SLEEP); 7989 newzs = B_TRUE; 7990 } 7991 7992 zfsdev_private_set_state(priv, zs); 7993 7994 zfs_onexit_init((zfs_onexit_t **)&zs->zs_onexit); 7995 zfs_zevent_init((zfs_zevent_t **)&zs->zs_zevent); 7996 7997 /* 7998 * In order to provide for lock-free concurrent read access 7999 * to the minor list in zfsdev_get_state(), new entries 8000 * must be completely written before linking them into the 8001 * list whereas existing entries are already linked; the last 8002 * operation must be updating zs_minor (from -1 to the new 8003 * value). 8004 */ 8005 if (newzs) { 8006 zs->zs_minor = minor; 8007 membar_producer(); 8008 zsprev->zs_next = zs; 8009 } else { 8010 membar_producer(); 8011 zs->zs_minor = minor; 8012 } 8013 8014 return (0); 8015 } 8016 8017 void 8018 zfsdev_state_destroy(void *priv) 8019 { 8020 zfsdev_state_t *zs = zfsdev_private_get_state(priv); 8021 8022 ASSERT(zs != NULL); 8023 ASSERT3S(zs->zs_minor, >, 0); 8024 8025 /* 8026 * The last reference to this zfsdev file descriptor is being dropped. 8027 * We don't have to worry about lookup grabbing this state object, and 8028 * zfsdev_state_init() will not try to reuse this object until it is 8029 * invalidated by setting zs_minor to -1. Invalidation must be done 8030 * last, with a memory barrier to ensure ordering. This lets us avoid 8031 * taking the global zfsdev state lock around destruction. 8032 */ 8033 zfs_onexit_destroy(zs->zs_onexit); 8034 zfs_zevent_destroy(zs->zs_zevent); 8035 zs->zs_onexit = NULL; 8036 zs->zs_zevent = NULL; 8037 membar_producer(); 8038 zs->zs_minor = -1; 8039 } 8040 8041 long 8042 zfsdev_ioctl_common(uint_t vecnum, zfs_cmd_t *zc, int flag) 8043 { 8044 int error, cmd; 8045 const zfs_ioc_vec_t *vec; 8046 char *saved_poolname = NULL; 8047 uint64_t max_nvlist_src_size; 8048 size_t saved_poolname_len = 0; 8049 nvlist_t *innvl = NULL; 8050 fstrans_cookie_t cookie; 8051 hrtime_t start_time = gethrtime(); 8052 8053 cmd = vecnum; 8054 error = 0; 8055 if (vecnum >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0])) 8056 return (SET_ERROR(ZFS_ERR_IOC_CMD_UNAVAIL)); 8057 8058 vec = &zfs_ioc_vec[vecnum]; 8059 8060 /* 8061 * The registered ioctl list may be sparse, verify that either 8062 * a normal or legacy handler are registered. 8063 */ 8064 if (vec->zvec_func == NULL && vec->zvec_legacy_func == NULL) 8065 return (SET_ERROR(ZFS_ERR_IOC_CMD_UNAVAIL)); 8066 8067 zc->zc_iflags = flag & FKIOCTL; 8068 max_nvlist_src_size = zfs_max_nvlist_src_size_os(); 8069 if (zc->zc_nvlist_src_size > max_nvlist_src_size) { 8070 /* 8071 * Make sure the user doesn't pass in an insane value for 8072 * zc_nvlist_src_size. We have to check, since we will end 8073 * up allocating that much memory inside of get_nvlist(). This 8074 * prevents a nefarious user from allocating tons of kernel 8075 * memory. 8076 * 8077 * Also, we return EINVAL instead of ENOMEM here. The reason 8078 * being that returning ENOMEM from an ioctl() has a special 8079 * connotation; that the user's size value is too small and 8080 * needs to be expanded to hold the nvlist. See 8081 * zcmd_expand_dst_nvlist() for details. 8082 */ 8083 error = SET_ERROR(EINVAL); /* User's size too big */ 8084 8085 } else if (zc->zc_nvlist_src_size != 0) { 8086 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 8087 zc->zc_iflags, &innvl); 8088 if (error != 0) 8089 goto out; 8090 } 8091 8092 /* 8093 * Ensure that all pool/dataset names are valid before we pass down to 8094 * the lower layers. 8095 */ 8096 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0'; 8097 switch (vec->zvec_namecheck) { 8098 case POOL_NAME: 8099 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0) 8100 error = SET_ERROR(EINVAL); 8101 else 8102 error = pool_status_check(zc->zc_name, 8103 vec->zvec_namecheck, vec->zvec_pool_check); 8104 break; 8105 8106 case DATASET_NAME: 8107 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0) 8108 error = SET_ERROR(EINVAL); 8109 else 8110 error = pool_status_check(zc->zc_name, 8111 vec->zvec_namecheck, vec->zvec_pool_check); 8112 break; 8113 8114 case ENTITY_NAME: 8115 if (entity_namecheck(zc->zc_name, NULL, NULL) != 0) { 8116 error = SET_ERROR(EINVAL); 8117 } else { 8118 error = pool_status_check(zc->zc_name, 8119 vec->zvec_namecheck, vec->zvec_pool_check); 8120 } 8121 break; 8122 8123 case NO_NAME: 8124 break; 8125 } 8126 /* 8127 * Ensure that all input pairs are valid before we pass them down 8128 * to the lower layers. 8129 * 8130 * The vectored functions can use fnvlist_lookup_{type} for any 8131 * required pairs since zfs_check_input_nvpairs() confirmed that 8132 * they exist and are of the correct type. 8133 */ 8134 if (error == 0 && vec->zvec_func != NULL) { 8135 error = zfs_check_input_nvpairs(innvl, vec); 8136 if (error != 0) 8137 goto out; 8138 } 8139 8140 if (error == 0) { 8141 cookie = spl_fstrans_mark(); 8142 error = vec->zvec_secpolicy(zc, innvl, CRED()); 8143 spl_fstrans_unmark(cookie); 8144 } 8145 8146 if (error != 0) 8147 goto out; 8148 8149 /* legacy ioctls can modify zc_name */ 8150 /* 8151 * Can't use kmem_strdup() as we might truncate the string and 8152 * kmem_strfree() would then free with incorrect size. 8153 */ 8154 saved_poolname_len = strlen(zc->zc_name) + 1; 8155 saved_poolname = kmem_alloc(saved_poolname_len, KM_SLEEP); 8156 8157 strlcpy(saved_poolname, zc->zc_name, saved_poolname_len); 8158 saved_poolname[strcspn(saved_poolname, "/@#")] = '\0'; 8159 8160 if (vec->zvec_func != NULL) { 8161 nvlist_t *outnvl; 8162 int puterror = 0; 8163 spa_t *spa; 8164 nvlist_t *lognv = NULL; 8165 8166 ASSERT0P(vec->zvec_legacy_func); 8167 8168 /* 8169 * Add the innvl to the lognv before calling the func, 8170 * in case the func changes the innvl. 8171 */ 8172 if (vec->zvec_allow_log) { 8173 lognv = fnvlist_alloc(); 8174 fnvlist_add_string(lognv, ZPOOL_HIST_IOCTL, 8175 vec->zvec_name); 8176 if (!nvlist_empty(innvl)) { 8177 fnvlist_add_nvlist(lognv, ZPOOL_HIST_INPUT_NVL, 8178 innvl); 8179 } 8180 } 8181 8182 outnvl = fnvlist_alloc(); 8183 cookie = spl_fstrans_mark(); 8184 error = vec->zvec_func(zc->zc_name, innvl, outnvl); 8185 spl_fstrans_unmark(cookie); 8186 8187 /* 8188 * Some commands can partially execute, modify state, and still 8189 * return an error. In these cases, attempt to record what 8190 * was modified. 8191 */ 8192 if ((error == 0 || 8193 (cmd == ZFS_IOC_CHANNEL_PROGRAM && error != EINVAL)) && 8194 vec->zvec_allow_log && 8195 spa_open(zc->zc_name, &spa, FTAG) == 0) { 8196 if (!nvlist_empty(outnvl)) { 8197 size_t out_size = fnvlist_size(outnvl); 8198 if (out_size > zfs_history_output_max) { 8199 fnvlist_add_int64(lognv, 8200 ZPOOL_HIST_OUTPUT_SIZE, out_size); 8201 } else { 8202 fnvlist_add_nvlist(lognv, 8203 ZPOOL_HIST_OUTPUT_NVL, outnvl); 8204 } 8205 } 8206 if (error != 0) { 8207 fnvlist_add_int64(lognv, ZPOOL_HIST_ERRNO, 8208 error); 8209 } 8210 fnvlist_add_int64(lognv, ZPOOL_HIST_ELAPSED_NS, 8211 gethrtime() - start_time); 8212 (void) spa_history_log_nvl(spa, lognv); 8213 spa_close(spa, FTAG); 8214 } 8215 fnvlist_free(lognv); 8216 8217 if (!nvlist_empty(outnvl) || zc->zc_nvlist_dst_size != 0) { 8218 int smusherror = 0; 8219 if (vec->zvec_smush_outnvlist) { 8220 smusherror = nvlist_smush(outnvl, 8221 zc->zc_nvlist_dst_size); 8222 } 8223 if (smusherror == 0) 8224 puterror = put_nvlist(zc, outnvl); 8225 } 8226 8227 if (puterror != 0) 8228 error = puterror; 8229 8230 nvlist_free(outnvl); 8231 } else { 8232 cookie = spl_fstrans_mark(); 8233 error = vec->zvec_legacy_func(zc); 8234 spl_fstrans_unmark(cookie); 8235 } 8236 8237 out: 8238 nvlist_free(innvl); 8239 if (error == 0 && vec->zvec_allow_log) { 8240 char *s = tsd_get(zfs_allow_log_key); 8241 if (s != NULL) 8242 kmem_strfree(s); 8243 (void) tsd_set(zfs_allow_log_key, kmem_strdup(saved_poolname)); 8244 } 8245 if (saved_poolname != NULL) 8246 kmem_free(saved_poolname, saved_poolname_len); 8247 8248 return (error); 8249 } 8250 8251 int 8252 zfs_kmod_init(void) 8253 { 8254 int error; 8255 8256 if ((error = zvol_init()) != 0) 8257 return (error); 8258 8259 spa_init(SPA_MODE_READ | SPA_MODE_WRITE); 8260 zfs_init(); 8261 8262 zfs_ioctl_init(); 8263 8264 mutex_init(&zfsdev_state_lock, NULL, MUTEX_DEFAULT, NULL); 8265 zfsdev_state_listhead.zs_minor = -1; 8266 8267 if ((error = zfsdev_attach()) != 0) 8268 goto out; 8269 8270 tsd_create(&rrw_tsd_key, rrw_tsd_destroy); 8271 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy); 8272 8273 return (0); 8274 out: 8275 zfs_fini(); 8276 spa_fini(); 8277 zvol_fini(); 8278 8279 return (error); 8280 } 8281 8282 void 8283 zfs_kmod_fini(void) 8284 { 8285 zfsdev_state_t *zs, *zsnext = NULL; 8286 8287 zfsdev_detach(); 8288 8289 mutex_destroy(&zfsdev_state_lock); 8290 8291 for (zs = &zfsdev_state_listhead; zs != NULL; zs = zsnext) { 8292 zsnext = zs->zs_next; 8293 if (zs->zs_onexit) 8294 zfs_onexit_destroy(zs->zs_onexit); 8295 if (zs->zs_zevent) 8296 zfs_zevent_destroy(zs->zs_zevent); 8297 if (zs != &zfsdev_state_listhead) 8298 kmem_free(zs, sizeof (zfsdev_state_t)); 8299 } 8300 8301 zfs_ereport_taskq_fini(); /* run before zfs_fini() on Linux */ 8302 zfs_fini(); 8303 spa_fini(); 8304 zvol_fini(); 8305 8306 tsd_destroy(&rrw_tsd_key); 8307 tsd_destroy(&zfs_allow_log_key); 8308 } 8309 8310 ZFS_MODULE_PARAM(zfs, zfs_, max_nvlist_src_size, U64, ZMOD_RW, 8311 "Maximum size in bytes allowed for src nvlist passed with ZFS ioctls"); 8312 8313 ZFS_MODULE_PARAM(zfs, zfs_, history_output_max, U64, ZMOD_RW, 8314 "Maximum size in bytes of ZFS ioctl output that will be logged"); 8315