1 // SPDX-License-Identifier: CDDL-1.0 2 /* 3 * CDDL HEADER START 4 * 5 * The contents of this file are subject to the terms of the 6 * Common Development and Distribution License (the "License"). 7 * You may not use this file except in compliance with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or https://opensource.org/licenses/CDDL-1.0. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 23 /* 24 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. 25 * Portions Copyright 2011 Martin Matuska 26 * Copyright 2015, OmniTI Computer Consulting, Inc. All rights reserved. 27 * Copyright (c) 2012 Pawel Jakub Dawidek 28 * Copyright (c) 2014, 2016 Joyent, Inc. All rights reserved. 29 * Copyright 2016 Nexenta Systems, Inc. All rights reserved. 30 * Copyright (c) 2014, Joyent, Inc. All rights reserved. 31 * Copyright (c) 2011, 2024 by Delphix. All rights reserved. 32 * Copyright (c) 2013 by Saso Kiselkov. All rights reserved. 33 * Copyright (c) 2013 Steven Hartland. All rights reserved. 34 * Copyright (c) 2014 Integros [integros.com] 35 * Copyright 2016 Toomas Soome <tsoome@me.com> 36 * Copyright (c) 2016 Actifio, Inc. All rights reserved. 37 * Copyright (c) 2018, loli10K <ezomori.nozomu@gmail.com>. All rights reserved. 38 * Copyright 2017 RackTop Systems. 39 * Copyright (c) 2017 Open-E, Inc. All Rights Reserved. 40 * Copyright (c) 2019 Datto Inc. 41 * Copyright (c) 2019, 2020 by Christian Schwarz. All rights reserved. 42 * Copyright (c) 2019, 2021, 2023, 2024, Klara Inc. 43 * Copyright (c) 2019, Allan Jude 44 * Copyright 2024 Oxide Computer Company 45 */ 46 47 /* 48 * ZFS ioctls. 49 * 50 * This file handles the ioctls to /dev/zfs, used for configuring ZFS storage 51 * pools and filesystems, e.g. with /sbin/zfs and /sbin/zpool. 52 * 53 * There are two ways that we handle ioctls: the legacy way where almost 54 * all of the logic is in the ioctl callback, and the new way where most 55 * of the marshalling is handled in the common entry point, zfsdev_ioctl(). 56 * 57 * Non-legacy ioctls should be registered by calling 58 * zfs_ioctl_register() from zfs_ioctl_init(). The ioctl is invoked 59 * from userland by lzc_ioctl(). 60 * 61 * The registration arguments are as follows: 62 * 63 * const char *name 64 * The name of the ioctl. This is used for history logging. If the 65 * ioctl returns successfully (the callback returns 0), and allow_log 66 * is true, then a history log entry will be recorded with the input & 67 * output nvlists. The log entry can be printed with "zpool history -i". 68 * 69 * zfs_ioc_t ioc 70 * The ioctl request number, which userland will pass to ioctl(2). 71 * We want newer versions of libzfs and libzfs_core to run against 72 * existing zfs kernel modules (i.e. a deferred reboot after an update). 73 * Therefore the ioctl numbers cannot change from release to release. 74 * 75 * zfs_secpolicy_func_t *secpolicy 76 * This function will be called before the zfs_ioc_func_t, to 77 * determine if this operation is permitted. It should return EPERM 78 * on failure, and 0 on success. Checks include determining if the 79 * dataset is visible in this zone, and if the user has either all 80 * zfs privileges in the zone (SYS_MOUNT), or has been granted permission 81 * to do this operation on this dataset with "zfs allow". 82 * 83 * zfs_ioc_namecheck_t namecheck 84 * This specifies what to expect in the zfs_cmd_t:zc_name -- a pool 85 * name, a dataset name, or nothing. If the name is not well-formed, 86 * the ioctl will fail and the callback will not be called. 87 * Therefore, the callback can assume that the name is well-formed 88 * (e.g. is null-terminated, doesn't have more than one '@' character, 89 * doesn't have invalid characters). 90 * 91 * zfs_ioc_poolcheck_t pool_check 92 * This specifies requirements on the pool state. If the pool does 93 * not meet them (is suspended or is readonly), the ioctl will fail 94 * and the callback will not be called. If any checks are specified 95 * (i.e. it is not POOL_CHECK_NONE), namecheck must not be NO_NAME. 96 * Multiple checks can be or-ed together (e.g. POOL_CHECK_SUSPENDED | 97 * POOL_CHECK_READONLY). 98 * 99 * zfs_ioc_key_t *nvl_keys 100 * The list of expected/allowable innvl input keys. This list is used 101 * to validate the nvlist input to the ioctl. 102 * 103 * boolean_t smush_outnvlist 104 * If smush_outnvlist is true, then the output is presumed to be a 105 * list of errors, and it will be "smushed" down to fit into the 106 * caller's buffer, by removing some entries and replacing them with a 107 * single "N_MORE_ERRORS" entry indicating how many were removed. See 108 * nvlist_smush() for details. If smush_outnvlist is false, and the 109 * outnvlist does not fit into the userland-provided buffer, then the 110 * ioctl will fail with ENOMEM. 111 * 112 * zfs_ioc_func_t *func 113 * The callback function that will perform the operation. 114 * 115 * The callback should return 0 on success, or an error number on 116 * failure. If the function fails, the userland ioctl will return -1, 117 * and errno will be set to the callback's return value. The callback 118 * will be called with the following arguments: 119 * 120 * const char *name 121 * The name of the pool or dataset to operate on, from 122 * zfs_cmd_t:zc_name. The 'namecheck' argument specifies the 123 * expected type (pool, dataset, or none). 124 * 125 * nvlist_t *innvl 126 * The input nvlist, deserialized from zfs_cmd_t:zc_nvlist_src. Or 127 * NULL if no input nvlist was provided. Changes to this nvlist are 128 * ignored. If the input nvlist could not be deserialized, the 129 * ioctl will fail and the callback will not be called. 130 * 131 * nvlist_t *outnvl 132 * The output nvlist, initially empty. The callback can fill it in, 133 * and it will be returned to userland by serializing it into 134 * zfs_cmd_t:zc_nvlist_dst. If it is non-empty, and serialization 135 * fails (e.g. because the caller didn't supply a large enough 136 * buffer), then the overall ioctl will fail. See the 137 * 'smush_nvlist' argument above for additional behaviors. 138 * 139 * There are two typical uses of the output nvlist: 140 * - To return state, e.g. property values. In this case, 141 * smush_outnvlist should be false. If the buffer was not large 142 * enough, the caller will reallocate a larger buffer and try 143 * the ioctl again. 144 * 145 * - To return multiple errors from an ioctl which makes on-disk 146 * changes. In this case, smush_outnvlist should be true. 147 * Ioctls which make on-disk modifications should generally not 148 * use the outnvl if they succeed, because the caller can not 149 * distinguish between the operation failing, and 150 * deserialization failing. 151 * 152 * IOCTL Interface Errors 153 * 154 * The following ioctl input errors can be returned: 155 * ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel 156 * ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel 157 * ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing 158 * ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type 159 */ 160 161 #include <sys/types.h> 162 #include <sys/param.h> 163 #include <sys/errno.h> 164 #include <sys/file.h> 165 #include <sys/kmem.h> 166 #include <sys/cmn_err.h> 167 #include <sys/stat.h> 168 #include <sys/zfs_ioctl.h> 169 #include <sys/zfs_quota.h> 170 #include <sys/zfs_vfsops.h> 171 #include <sys/zfs_znode.h> 172 #include <sys/zap.h> 173 #include <sys/spa.h> 174 #include <sys/spa_impl.h> 175 #include <sys/vdev.h> 176 #include <sys/vdev_impl.h> 177 #include <sys/dmu.h> 178 #include <sys/dsl_dir.h> 179 #include <sys/dsl_dataset.h> 180 #include <sys/dsl_prop.h> 181 #include <sys/dsl_deleg.h> 182 #include <sys/dmu_objset.h> 183 #include <sys/dmu_impl.h> 184 #include <sys/dmu_redact.h> 185 #include <sys/dmu_tx.h> 186 #include <sys/sunddi.h> 187 #include <sys/policy.h> 188 #include <sys/zone.h> 189 #include <sys/nvpair.h> 190 #include <sys/pathname.h> 191 #include <sys/fs/zfs.h> 192 #include <sys/zfs_ctldir.h> 193 #include <sys/zfs_dir.h> 194 #include <sys/zfs_onexit.h> 195 #include <sys/zvol.h> 196 #include <sys/dsl_scan.h> 197 #include <sys/fm/util.h> 198 #include <sys/dsl_crypt.h> 199 #include <sys/rrwlock.h> 200 #include <sys/zfs_file.h> 201 202 #include <sys/dmu_recv.h> 203 #include <sys/dmu_send.h> 204 #include <sys/dmu_recv.h> 205 #include <sys/dsl_destroy.h> 206 #include <sys/dsl_bookmark.h> 207 #include <sys/dsl_userhold.h> 208 #include <sys/zfeature.h> 209 #include <sys/zcp.h> 210 #include <sys/zio_checksum.h> 211 #include <sys/vdev_removal.h> 212 #include <sys/vdev_impl.h> 213 #include <sys/vdev_initialize.h> 214 #include <sys/vdev_trim.h> 215 216 #include "zfs_namecheck.h" 217 #include "zfs_prop.h" 218 #include "zfs_deleg.h" 219 #include "zfs_comutil.h" 220 221 #include <sys/lua/lua.h> 222 #include <sys/lua/lauxlib.h> 223 #include <sys/zfs_ioctl_impl.h> 224 225 kmutex_t zfsdev_state_lock; 226 static zfsdev_state_t zfsdev_state_listhead; 227 228 /* 229 * Limit maximum nvlist size. We don't want users passing in insane values 230 * for zc->zc_nvlist_src_size, since we will need to allocate that much memory. 231 * Defaults to 0=auto which is handled by platform code. 232 */ 233 uint64_t zfs_max_nvlist_src_size = 0; 234 235 /* 236 * When logging the output nvlist of an ioctl in the on-disk history, limit 237 * the logged size to this many bytes. This must be less than DMU_MAX_ACCESS. 238 * This applies primarily to zfs_ioc_channel_program(). 239 */ 240 static uint64_t zfs_history_output_max = 1024 * 1024; 241 242 uint_t zfs_allow_log_key; 243 244 /* DATA_TYPE_ANY is used when zkey_type can vary. */ 245 #define DATA_TYPE_ANY DATA_TYPE_UNKNOWN 246 247 typedef struct zfs_ioc_vec { 248 zfs_ioc_legacy_func_t *zvec_legacy_func; 249 zfs_ioc_func_t *zvec_func; 250 zfs_secpolicy_func_t *zvec_secpolicy; 251 zfs_ioc_namecheck_t zvec_namecheck; 252 boolean_t zvec_allow_log; 253 zfs_ioc_poolcheck_t zvec_pool_check; 254 boolean_t zvec_smush_outnvlist; 255 const char *zvec_name; 256 const zfs_ioc_key_t *zvec_nvl_keys; 257 size_t zvec_nvl_key_count; 258 } zfs_ioc_vec_t; 259 260 /* This array is indexed by zfs_userquota_prop_t */ 261 static const char *userquota_perms[] = { 262 ZFS_DELEG_PERM_USERUSED, 263 ZFS_DELEG_PERM_USERQUOTA, 264 ZFS_DELEG_PERM_GROUPUSED, 265 ZFS_DELEG_PERM_GROUPQUOTA, 266 ZFS_DELEG_PERM_USEROBJUSED, 267 ZFS_DELEG_PERM_USEROBJQUOTA, 268 ZFS_DELEG_PERM_GROUPOBJUSED, 269 ZFS_DELEG_PERM_GROUPOBJQUOTA, 270 ZFS_DELEG_PERM_PROJECTUSED, 271 ZFS_DELEG_PERM_PROJECTQUOTA, 272 ZFS_DELEG_PERM_PROJECTOBJUSED, 273 ZFS_DELEG_PERM_PROJECTOBJQUOTA, 274 }; 275 276 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc); 277 static int zfs_ioc_id_quota_upgrade(zfs_cmd_t *zc); 278 static int zfs_check_settable(const char *name, nvpair_t *property, 279 cred_t *cr); 280 static int zfs_check_clearable(const char *dataset, nvlist_t *props, 281 nvlist_t **errors); 282 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *, 283 boolean_t *); 284 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t *); 285 static int get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp); 286 287 static void 288 history_str_free(char *buf) 289 { 290 kmem_free(buf, HIS_MAX_RECORD_LEN); 291 } 292 293 static char * 294 history_str_get(zfs_cmd_t *zc) 295 { 296 char *buf; 297 298 if (zc->zc_history == 0) 299 return (NULL); 300 301 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP); 302 if (copyinstr((void *)(uintptr_t)zc->zc_history, 303 buf, HIS_MAX_RECORD_LEN, NULL) != 0) { 304 history_str_free(buf); 305 return (NULL); 306 } 307 308 buf[HIS_MAX_RECORD_LEN -1] = '\0'; 309 310 return (buf); 311 } 312 313 /* 314 * Return non-zero if the spa version is less than requested version. 315 */ 316 static int 317 zfs_earlier_version(const char *name, int version) 318 { 319 spa_t *spa; 320 321 if (spa_open(name, &spa, FTAG) == 0) { 322 if (spa_version(spa) < version) { 323 spa_close(spa, FTAG); 324 return (1); 325 } 326 spa_close(spa, FTAG); 327 } 328 return (0); 329 } 330 331 /* 332 * Return TRUE if the ZPL version is less than requested version. 333 */ 334 static boolean_t 335 zpl_earlier_version(const char *name, int version) 336 { 337 objset_t *os; 338 boolean_t rc = B_TRUE; 339 340 if (dmu_objset_hold(name, FTAG, &os) == 0) { 341 uint64_t zplversion; 342 343 if (dmu_objset_type(os) != DMU_OST_ZFS) { 344 dmu_objset_rele(os, FTAG); 345 return (B_TRUE); 346 } 347 /* XXX reading from non-owned objset */ 348 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0) 349 rc = zplversion < version; 350 dmu_objset_rele(os, FTAG); 351 } 352 return (rc); 353 } 354 355 static void 356 zfs_log_history(zfs_cmd_t *zc) 357 { 358 spa_t *spa; 359 char *buf; 360 361 if ((buf = history_str_get(zc)) == NULL) 362 return; 363 364 if (spa_open(zc->zc_name, &spa, FTAG) == 0) { 365 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY) 366 (void) spa_history_log(spa, buf); 367 spa_close(spa, FTAG); 368 } 369 history_str_free(buf); 370 } 371 372 /* 373 * Policy for top-level read operations (list pools). Requires no privileges, 374 * and can be used in the local zone, as there is no associated dataset. 375 */ 376 static int 377 zfs_secpolicy_none(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 378 { 379 (void) zc, (void) innvl, (void) cr; 380 return (0); 381 } 382 383 /* 384 * Policy for dataset read operations (list children, get statistics). Requires 385 * no privileges, but must be visible in the local zone. 386 */ 387 static int 388 zfs_secpolicy_read(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 389 { 390 (void) innvl, (void) cr; 391 if (INGLOBALZONE(curproc) || 392 zone_dataset_visible(zc->zc_name, NULL)) 393 return (0); 394 395 return (SET_ERROR(ENOENT)); 396 } 397 398 static int 399 zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr) 400 { 401 int writable = 1; 402 403 /* 404 * The dataset must be visible by this zone -- check this first 405 * so they don't see EPERM on something they shouldn't know about. 406 */ 407 if (!INGLOBALZONE(curproc) && 408 !zone_dataset_visible(dataset, &writable)) 409 return (SET_ERROR(ENOENT)); 410 411 if (INGLOBALZONE(curproc)) { 412 /* 413 * If the fs is zoned, only root can access it from the 414 * global zone. 415 */ 416 if (secpolicy_zfs(cr) && zoned) 417 return (SET_ERROR(EPERM)); 418 } else { 419 /* 420 * If we are in a local zone, the 'zoned' property must be set. 421 */ 422 if (!zoned) 423 return (SET_ERROR(EPERM)); 424 425 /* must be writable by this zone */ 426 if (!writable) 427 return (SET_ERROR(EPERM)); 428 } 429 return (0); 430 } 431 432 static int 433 zfs_dozonecheck(const char *dataset, cred_t *cr) 434 { 435 uint64_t zoned; 436 437 if (dsl_prop_get_integer(dataset, zfs_prop_to_name(ZFS_PROP_ZONED), 438 &zoned, NULL)) 439 return (SET_ERROR(ENOENT)); 440 441 return (zfs_dozonecheck_impl(dataset, zoned, cr)); 442 } 443 444 static int 445 zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr) 446 { 447 uint64_t zoned; 448 449 if (dsl_prop_get_int_ds(ds, zfs_prop_to_name(ZFS_PROP_ZONED), &zoned)) 450 return (SET_ERROR(ENOENT)); 451 452 return (zfs_dozonecheck_impl(dataset, zoned, cr)); 453 } 454 455 static int 456 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds, 457 const char *perm, cred_t *cr) 458 { 459 int error; 460 461 error = zfs_dozonecheck_ds(name, ds, cr); 462 if (error == 0) { 463 error = secpolicy_zfs(cr); 464 if (error != 0) 465 error = dsl_deleg_access_impl(ds, perm, cr); 466 } 467 return (error); 468 } 469 470 static int 471 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr) 472 { 473 int error; 474 dsl_dataset_t *ds; 475 dsl_pool_t *dp; 476 477 /* 478 * First do a quick check for root in the global zone, which 479 * is allowed to do all write_perms. This ensures that zfs_ioc_* 480 * will get to handle nonexistent datasets. 481 */ 482 if (INGLOBALZONE(curproc) && secpolicy_zfs(cr) == 0) 483 return (0); 484 485 error = dsl_pool_hold(name, FTAG, &dp); 486 if (error != 0) 487 return (error); 488 489 error = dsl_dataset_hold(dp, name, FTAG, &ds); 490 if (error != 0) { 491 dsl_pool_rele(dp, FTAG); 492 return (error); 493 } 494 495 error = zfs_secpolicy_write_perms_ds(name, ds, perm, cr); 496 497 dsl_dataset_rele(ds, FTAG); 498 dsl_pool_rele(dp, FTAG); 499 return (error); 500 } 501 502 /* 503 * Policy for setting the security label property. 504 * 505 * Returns 0 for success, non-zero for access and other errors. 506 */ 507 static int 508 zfs_set_slabel_policy(const char *name, const char *strval, cred_t *cr) 509 { 510 #ifdef HAVE_MLSLABEL 511 char ds_hexsl[MAXNAMELEN]; 512 bslabel_t ds_sl, new_sl; 513 boolean_t new_default = FALSE; 514 uint64_t zoned; 515 int needed_priv = -1; 516 int error; 517 518 /* First get the existing dataset label. */ 519 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL), 520 1, sizeof (ds_hexsl), &ds_hexsl, NULL); 521 if (error != 0) 522 return (SET_ERROR(EPERM)); 523 524 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0) 525 new_default = TRUE; 526 527 /* The label must be translatable */ 528 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0)) 529 return (SET_ERROR(EINVAL)); 530 531 /* 532 * In a non-global zone, disallow attempts to set a label that 533 * doesn't match that of the zone; otherwise no other checks 534 * are needed. 535 */ 536 if (!INGLOBALZONE(curproc)) { 537 if (new_default || !blequal(&new_sl, CR_SL(CRED()))) 538 return (SET_ERROR(EPERM)); 539 return (0); 540 } 541 542 /* 543 * For global-zone datasets (i.e., those whose zoned property is 544 * "off", verify that the specified new label is valid for the 545 * global zone. 546 */ 547 if (dsl_prop_get_integer(name, 548 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL)) 549 return (SET_ERROR(EPERM)); 550 if (!zoned) { 551 if (zfs_check_global_label(name, strval) != 0) 552 return (SET_ERROR(EPERM)); 553 } 554 555 /* 556 * If the existing dataset label is nondefault, check if the 557 * dataset is mounted (label cannot be changed while mounted). 558 * Get the zfsvfs_t; if there isn't one, then the dataset isn't 559 * mounted (or isn't a dataset, doesn't exist, ...). 560 */ 561 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) { 562 objset_t *os; 563 static const char *setsl_tag = "setsl_tag"; 564 565 /* 566 * Try to own the dataset; abort if there is any error, 567 * (e.g., already mounted, in use, or other error). 568 */ 569 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE, B_TRUE, 570 setsl_tag, &os); 571 if (error != 0) 572 return (SET_ERROR(EPERM)); 573 574 dmu_objset_disown(os, B_TRUE, setsl_tag); 575 576 if (new_default) { 577 needed_priv = PRIV_FILE_DOWNGRADE_SL; 578 goto out_check; 579 } 580 581 if (hexstr_to_label(strval, &new_sl) != 0) 582 return (SET_ERROR(EPERM)); 583 584 if (blstrictdom(&ds_sl, &new_sl)) 585 needed_priv = PRIV_FILE_DOWNGRADE_SL; 586 else if (blstrictdom(&new_sl, &ds_sl)) 587 needed_priv = PRIV_FILE_UPGRADE_SL; 588 } else { 589 /* dataset currently has a default label */ 590 if (!new_default) 591 needed_priv = PRIV_FILE_UPGRADE_SL; 592 } 593 594 out_check: 595 if (needed_priv != -1) 596 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL)); 597 return (0); 598 #else 599 return (SET_ERROR(ENOTSUP)); 600 #endif /* HAVE_MLSLABEL */ 601 } 602 603 static int 604 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval, 605 cred_t *cr) 606 { 607 const char *strval; 608 609 /* 610 * Check permissions for special properties. 611 */ 612 switch (prop) { 613 default: 614 break; 615 case ZFS_PROP_ZONED: 616 /* 617 * Disallow setting of 'zoned' from within a local zone. 618 */ 619 if (!INGLOBALZONE(curproc)) 620 return (SET_ERROR(EPERM)); 621 break; 622 623 case ZFS_PROP_QUOTA: 624 case ZFS_PROP_FILESYSTEM_LIMIT: 625 case ZFS_PROP_SNAPSHOT_LIMIT: 626 if (!INGLOBALZONE(curproc)) { 627 uint64_t zoned; 628 char setpoint[ZFS_MAX_DATASET_NAME_LEN]; 629 /* 630 * Unprivileged users are allowed to modify the 631 * limit on things *under* (ie. contained by) 632 * the thing they own. 633 */ 634 if (dsl_prop_get_integer(dsname, 635 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, setpoint)) 636 return (SET_ERROR(EPERM)); 637 if (!zoned || strlen(dsname) <= strlen(setpoint)) 638 return (SET_ERROR(EPERM)); 639 } 640 break; 641 642 case ZFS_PROP_MLSLABEL: 643 if (!is_system_labeled()) 644 return (SET_ERROR(EPERM)); 645 646 if (nvpair_value_string(propval, &strval) == 0) { 647 int err; 648 649 err = zfs_set_slabel_policy(dsname, strval, CRED()); 650 if (err != 0) 651 return (err); 652 } 653 break; 654 } 655 656 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr)); 657 } 658 659 static int 660 zfs_secpolicy_set_fsacl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 661 { 662 /* 663 * permission to set permissions will be evaluated later in 664 * dsl_deleg_can_allow() 665 */ 666 (void) innvl; 667 return (zfs_dozonecheck(zc->zc_name, cr)); 668 } 669 670 static int 671 zfs_secpolicy_rollback(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 672 { 673 (void) innvl; 674 return (zfs_secpolicy_write_perms(zc->zc_name, 675 ZFS_DELEG_PERM_ROLLBACK, cr)); 676 } 677 678 static int 679 zfs_secpolicy_send(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 680 { 681 (void) innvl; 682 dsl_pool_t *dp; 683 dsl_dataset_t *ds; 684 const char *cp; 685 int error; 686 687 /* 688 * Generate the current snapshot name from the given objsetid, then 689 * use that name for the secpolicy/zone checks. 690 */ 691 cp = strchr(zc->zc_name, '@'); 692 if (cp == NULL) 693 return (SET_ERROR(EINVAL)); 694 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 695 if (error != 0) 696 return (error); 697 698 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds); 699 if (error != 0) { 700 dsl_pool_rele(dp, FTAG); 701 return (error); 702 } 703 704 dsl_dataset_name(ds, zc->zc_name); 705 706 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds, 707 ZFS_DELEG_PERM_SEND, cr); 708 dsl_dataset_rele(ds, FTAG); 709 dsl_pool_rele(dp, FTAG); 710 711 return (error); 712 } 713 714 static int 715 zfs_secpolicy_send_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 716 { 717 (void) innvl; 718 return (zfs_secpolicy_write_perms(zc->zc_name, 719 ZFS_DELEG_PERM_SEND, cr)); 720 } 721 722 static int 723 zfs_secpolicy_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 724 { 725 (void) zc, (void) innvl, (void) cr; 726 return (SET_ERROR(ENOTSUP)); 727 } 728 729 static int 730 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 731 { 732 (void) zc, (void) innvl, (void) cr; 733 return (SET_ERROR(ENOTSUP)); 734 } 735 736 static int 737 zfs_get_parent(const char *datasetname, char *parent, int parentsize) 738 { 739 char *cp; 740 741 /* 742 * Remove the @bla or /bla from the end of the name to get the parent. 743 */ 744 (void) strlcpy(parent, datasetname, parentsize); 745 cp = strrchr(parent, '@'); 746 if (cp != NULL) { 747 cp[0] = '\0'; 748 } else { 749 cp = strrchr(parent, '/'); 750 if (cp == NULL) 751 return (SET_ERROR(ENOENT)); 752 cp[0] = '\0'; 753 } 754 755 return (0); 756 } 757 758 int 759 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr) 760 { 761 int error; 762 763 if ((error = zfs_secpolicy_write_perms(name, 764 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 765 return (error); 766 767 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr)); 768 } 769 770 static int 771 zfs_secpolicy_destroy(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 772 { 773 (void) innvl; 774 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr)); 775 } 776 777 /* 778 * Destroying snapshots with delegated permissions requires 779 * descendant mount and destroy permissions. 780 */ 781 static int 782 zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 783 { 784 (void) zc; 785 nvlist_t *snaps; 786 nvpair_t *pair, *nextpair; 787 int error = 0; 788 789 snaps = fnvlist_lookup_nvlist(innvl, "snaps"); 790 791 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 792 pair = nextpair) { 793 nextpair = nvlist_next_nvpair(snaps, pair); 794 error = zfs_secpolicy_destroy_perms(nvpair_name(pair), cr); 795 if (error == ENOENT) { 796 /* 797 * Ignore any snapshots that don't exist (we consider 798 * them "already destroyed"). Remove the name from the 799 * nvl here in case the snapshot is created between 800 * now and when we try to destroy it (in which case 801 * we don't want to destroy it since we haven't 802 * checked for permission). 803 */ 804 fnvlist_remove_nvpair(snaps, pair); 805 error = 0; 806 } 807 if (error != 0) 808 break; 809 } 810 811 return (error); 812 } 813 814 int 815 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr) 816 { 817 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 818 int error; 819 820 if ((error = zfs_secpolicy_write_perms(from, 821 ZFS_DELEG_PERM_RENAME, cr)) != 0) 822 return (error); 823 824 if ((error = zfs_secpolicy_write_perms(from, 825 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 826 return (error); 827 828 if ((error = zfs_get_parent(to, parentname, 829 sizeof (parentname))) != 0) 830 return (error); 831 832 if ((error = zfs_secpolicy_write_perms(parentname, 833 ZFS_DELEG_PERM_CREATE, cr)) != 0) 834 return (error); 835 836 if ((error = zfs_secpolicy_write_perms(parentname, 837 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 838 return (error); 839 840 return (error); 841 } 842 843 static int 844 zfs_secpolicy_rename(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 845 { 846 (void) innvl; 847 return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr)); 848 } 849 850 static int 851 zfs_secpolicy_promote(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 852 { 853 (void) innvl; 854 dsl_pool_t *dp; 855 dsl_dataset_t *clone; 856 int error; 857 858 error = zfs_secpolicy_write_perms(zc->zc_name, 859 ZFS_DELEG_PERM_PROMOTE, cr); 860 if (error != 0) 861 return (error); 862 863 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 864 if (error != 0) 865 return (error); 866 867 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &clone); 868 869 if (error == 0) { 870 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 871 dsl_dataset_t *origin = NULL; 872 dsl_dir_t *dd; 873 dd = clone->ds_dir; 874 875 error = dsl_dataset_hold_obj(dd->dd_pool, 876 dsl_dir_phys(dd)->dd_origin_obj, FTAG, &origin); 877 if (error != 0) { 878 dsl_dataset_rele(clone, FTAG); 879 dsl_pool_rele(dp, FTAG); 880 return (error); 881 } 882 883 error = zfs_secpolicy_write_perms_ds(zc->zc_name, clone, 884 ZFS_DELEG_PERM_MOUNT, cr); 885 886 dsl_dataset_name(origin, parentname); 887 if (error == 0) { 888 error = zfs_secpolicy_write_perms_ds(parentname, origin, 889 ZFS_DELEG_PERM_PROMOTE, cr); 890 } 891 dsl_dataset_rele(clone, FTAG); 892 dsl_dataset_rele(origin, FTAG); 893 } 894 dsl_pool_rele(dp, FTAG); 895 return (error); 896 } 897 898 static int 899 zfs_secpolicy_recv(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 900 { 901 (void) innvl; 902 int error; 903 904 /* 905 * zfs receive -F requires full receive permission, 906 * otherwise receive:append permission is enough 907 */ 908 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 909 ZFS_DELEG_PERM_RECEIVE, cr)) != 0) { 910 if (zc->zc_guid || nvlist_exists(innvl, "force")) 911 return (error); 912 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 913 ZFS_DELEG_PERM_RECEIVE_APPEND, cr)) != 0) 914 return (error); 915 } 916 917 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 918 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 919 return (error); 920 921 return (zfs_secpolicy_write_perms(zc->zc_name, 922 ZFS_DELEG_PERM_CREATE, cr)); 923 } 924 925 int 926 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr) 927 { 928 return (zfs_secpolicy_write_perms(name, 929 ZFS_DELEG_PERM_SNAPSHOT, cr)); 930 } 931 932 /* 933 * Check for permission to create each snapshot in the nvlist. 934 */ 935 static int 936 zfs_secpolicy_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 937 { 938 (void) zc; 939 nvlist_t *snaps; 940 int error = 0; 941 nvpair_t *pair; 942 943 snaps = fnvlist_lookup_nvlist(innvl, "snaps"); 944 945 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 946 pair = nvlist_next_nvpair(snaps, pair)) { 947 char *name = (char *)nvpair_name(pair); 948 char *atp = strchr(name, '@'); 949 950 if (atp == NULL) { 951 error = SET_ERROR(EINVAL); 952 break; 953 } 954 *atp = '\0'; 955 error = zfs_secpolicy_snapshot_perms(name, cr); 956 *atp = '@'; 957 if (error != 0) 958 break; 959 } 960 return (error); 961 } 962 963 /* 964 * Check for permission to create each bookmark in the nvlist. 965 */ 966 static int 967 zfs_secpolicy_bookmark(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 968 { 969 (void) zc; 970 int error = 0; 971 972 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL); 973 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) { 974 char *name = (char *)nvpair_name(pair); 975 char *hashp = strchr(name, '#'); 976 977 if (hashp == NULL) { 978 error = SET_ERROR(EINVAL); 979 break; 980 } 981 *hashp = '\0'; 982 error = zfs_secpolicy_write_perms(name, 983 ZFS_DELEG_PERM_BOOKMARK, cr); 984 *hashp = '#'; 985 if (error != 0) 986 break; 987 } 988 return (error); 989 } 990 991 static int 992 zfs_secpolicy_destroy_bookmarks(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 993 { 994 (void) zc; 995 nvpair_t *pair, *nextpair; 996 int error = 0; 997 998 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL; 999 pair = nextpair) { 1000 char *name = (char *)nvpair_name(pair); 1001 char *hashp = strchr(name, '#'); 1002 nextpair = nvlist_next_nvpair(innvl, pair); 1003 1004 if (hashp == NULL) { 1005 error = SET_ERROR(EINVAL); 1006 break; 1007 } 1008 1009 *hashp = '\0'; 1010 error = zfs_secpolicy_write_perms(name, 1011 ZFS_DELEG_PERM_DESTROY, cr); 1012 *hashp = '#'; 1013 if (error == ENOENT) { 1014 /* 1015 * Ignore any filesystems that don't exist (we consider 1016 * their bookmarks "already destroyed"). Remove 1017 * the name from the nvl here in case the filesystem 1018 * is created between now and when we try to destroy 1019 * the bookmark (in which case we don't want to 1020 * destroy it since we haven't checked for permission). 1021 */ 1022 fnvlist_remove_nvpair(innvl, pair); 1023 error = 0; 1024 } 1025 if (error != 0) 1026 break; 1027 } 1028 1029 return (error); 1030 } 1031 1032 static int 1033 zfs_secpolicy_log_history(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1034 { 1035 (void) zc, (void) innvl, (void) cr; 1036 /* 1037 * Even root must have a proper TSD so that we know what pool 1038 * to log to. 1039 */ 1040 if (tsd_get(zfs_allow_log_key) == NULL) 1041 return (SET_ERROR(EPERM)); 1042 return (0); 1043 } 1044 1045 static int 1046 zfs_secpolicy_create_clone(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1047 { 1048 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 1049 int error; 1050 const char *origin; 1051 1052 if ((error = zfs_get_parent(zc->zc_name, parentname, 1053 sizeof (parentname))) != 0) 1054 return (error); 1055 1056 if (nvlist_lookup_string(innvl, "origin", &origin) == 0 && 1057 (error = zfs_secpolicy_write_perms(origin, 1058 ZFS_DELEG_PERM_CLONE, cr)) != 0) 1059 return (error); 1060 1061 if ((error = zfs_secpolicy_write_perms(parentname, 1062 ZFS_DELEG_PERM_CREATE, cr)) != 0) 1063 return (error); 1064 1065 return (zfs_secpolicy_write_perms(parentname, 1066 ZFS_DELEG_PERM_MOUNT, cr)); 1067 } 1068 1069 /* 1070 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires 1071 * SYS_CONFIG privilege, which is not available in a local zone. 1072 */ 1073 int 1074 zfs_secpolicy_config(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1075 { 1076 (void) zc, (void) innvl; 1077 1078 if (secpolicy_sys_config(cr, B_FALSE) != 0) 1079 return (SET_ERROR(EPERM)); 1080 1081 return (0); 1082 } 1083 1084 /* 1085 * Policy for object to name lookups. 1086 */ 1087 static int 1088 zfs_secpolicy_diff(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1089 { 1090 (void) innvl; 1091 int error; 1092 1093 if (secpolicy_sys_config(cr, B_FALSE) == 0) 1094 return (0); 1095 1096 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr); 1097 return (error); 1098 } 1099 1100 /* 1101 * Policy for fault injection. Requires all privileges. 1102 */ 1103 static int 1104 zfs_secpolicy_inject(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1105 { 1106 (void) zc, (void) innvl; 1107 return (secpolicy_zinject(cr)); 1108 } 1109 1110 static int 1111 zfs_secpolicy_inherit_prop(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1112 { 1113 (void) innvl; 1114 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value); 1115 1116 if (prop == ZPROP_USERPROP) { 1117 if (!zfs_prop_user(zc->zc_value)) 1118 return (SET_ERROR(EINVAL)); 1119 return (zfs_secpolicy_write_perms(zc->zc_name, 1120 ZFS_DELEG_PERM_USERPROP, cr)); 1121 } else { 1122 return (zfs_secpolicy_setprop(zc->zc_name, prop, 1123 NULL, cr)); 1124 } 1125 } 1126 1127 static int 1128 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1129 { 1130 int err = zfs_secpolicy_read(zc, innvl, cr); 1131 if (err) 1132 return (err); 1133 1134 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 1135 return (SET_ERROR(EINVAL)); 1136 1137 if (zc->zc_value[0] == 0) { 1138 /* 1139 * They are asking about a posix uid/gid. If it's 1140 * themself, allow it. 1141 */ 1142 if (zc->zc_objset_type == ZFS_PROP_USERUSED || 1143 zc->zc_objset_type == ZFS_PROP_USERQUOTA || 1144 zc->zc_objset_type == ZFS_PROP_USEROBJUSED || 1145 zc->zc_objset_type == ZFS_PROP_USEROBJQUOTA) { 1146 if (zc->zc_guid == crgetuid(cr)) 1147 return (0); 1148 } else if (zc->zc_objset_type == ZFS_PROP_GROUPUSED || 1149 zc->zc_objset_type == ZFS_PROP_GROUPQUOTA || 1150 zc->zc_objset_type == ZFS_PROP_GROUPOBJUSED || 1151 zc->zc_objset_type == ZFS_PROP_GROUPOBJQUOTA) { 1152 if (groupmember(zc->zc_guid, cr)) 1153 return (0); 1154 } 1155 /* else is for project quota/used */ 1156 } 1157 1158 return (zfs_secpolicy_write_perms(zc->zc_name, 1159 userquota_perms[zc->zc_objset_type], cr)); 1160 } 1161 1162 static int 1163 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1164 { 1165 int err = zfs_secpolicy_read(zc, innvl, cr); 1166 if (err) 1167 return (err); 1168 1169 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 1170 return (SET_ERROR(EINVAL)); 1171 1172 return (zfs_secpolicy_write_perms(zc->zc_name, 1173 userquota_perms[zc->zc_objset_type], cr)); 1174 } 1175 1176 static int 1177 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1178 { 1179 (void) innvl; 1180 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION, 1181 NULL, cr)); 1182 } 1183 1184 static int 1185 zfs_secpolicy_hold(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1186 { 1187 (void) zc; 1188 nvpair_t *pair; 1189 nvlist_t *holds; 1190 int error; 1191 1192 holds = fnvlist_lookup_nvlist(innvl, "holds"); 1193 1194 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL; 1195 pair = nvlist_next_nvpair(holds, pair)) { 1196 char fsname[ZFS_MAX_DATASET_NAME_LEN]; 1197 error = dmu_fsname(nvpair_name(pair), fsname); 1198 if (error != 0) 1199 return (error); 1200 error = zfs_secpolicy_write_perms(fsname, 1201 ZFS_DELEG_PERM_HOLD, cr); 1202 if (error != 0) 1203 return (error); 1204 } 1205 return (0); 1206 } 1207 1208 static int 1209 zfs_secpolicy_release(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1210 { 1211 (void) zc; 1212 nvpair_t *pair; 1213 int error; 1214 1215 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL; 1216 pair = nvlist_next_nvpair(innvl, pair)) { 1217 char fsname[ZFS_MAX_DATASET_NAME_LEN]; 1218 error = dmu_fsname(nvpair_name(pair), fsname); 1219 if (error != 0) 1220 return (error); 1221 error = zfs_secpolicy_write_perms(fsname, 1222 ZFS_DELEG_PERM_RELEASE, cr); 1223 if (error != 0) 1224 return (error); 1225 } 1226 return (0); 1227 } 1228 1229 /* 1230 * Policy for allowing temporary snapshots to be taken or released 1231 */ 1232 static int 1233 zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1234 { 1235 /* 1236 * A temporary snapshot is the same as a snapshot, 1237 * hold, destroy and release all rolled into one. 1238 * Delegated diff alone is sufficient that we allow this. 1239 */ 1240 int error; 1241 1242 if (zfs_secpolicy_write_perms(zc->zc_name, 1243 ZFS_DELEG_PERM_DIFF, cr) == 0) 1244 return (0); 1245 1246 error = zfs_secpolicy_snapshot_perms(zc->zc_name, cr); 1247 1248 if (innvl != NULL) { 1249 if (error == 0) 1250 error = zfs_secpolicy_hold(zc, innvl, cr); 1251 if (error == 0) 1252 error = zfs_secpolicy_release(zc, innvl, cr); 1253 if (error == 0) 1254 error = zfs_secpolicy_destroy(zc, innvl, cr); 1255 } 1256 return (error); 1257 } 1258 1259 static int 1260 zfs_secpolicy_load_key(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1261 { 1262 return (zfs_secpolicy_write_perms(zc->zc_name, 1263 ZFS_DELEG_PERM_LOAD_KEY, cr)); 1264 } 1265 1266 static int 1267 zfs_secpolicy_change_key(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1268 { 1269 return (zfs_secpolicy_write_perms(zc->zc_name, 1270 ZFS_DELEG_PERM_CHANGE_KEY, cr)); 1271 } 1272 1273 /* 1274 * Returns the nvlist as specified by the user in the zfs_cmd_t. 1275 */ 1276 static int 1277 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp) 1278 { 1279 char *packed; 1280 int error; 1281 nvlist_t *list = NULL; 1282 1283 /* 1284 * Read in and unpack the user-supplied nvlist. 1285 */ 1286 if (size == 0) 1287 return (SET_ERROR(EINVAL)); 1288 1289 packed = vmem_alloc(size, KM_SLEEP); 1290 1291 if (ddi_copyin((void *)(uintptr_t)nvl, packed, size, iflag) != 0) { 1292 vmem_free(packed, size); 1293 return (SET_ERROR(EFAULT)); 1294 } 1295 1296 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) { 1297 vmem_free(packed, size); 1298 return (error); 1299 } 1300 1301 vmem_free(packed, size); 1302 1303 *nvp = list; 1304 return (0); 1305 } 1306 1307 /* 1308 * Reduce the size of this nvlist until it can be serialized in 'max' bytes. 1309 * Entries will be removed from the end of the nvlist, and one int32 entry 1310 * named "N_MORE_ERRORS" will be added indicating how many entries were 1311 * removed. 1312 */ 1313 static int 1314 nvlist_smush(nvlist_t *errors, size_t max) 1315 { 1316 size_t size; 1317 1318 size = fnvlist_size(errors); 1319 1320 if (size > max) { 1321 nvpair_t *more_errors; 1322 int n = 0; 1323 1324 if (max < 1024) 1325 return (SET_ERROR(ENOMEM)); 1326 1327 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, 0); 1328 more_errors = nvlist_prev_nvpair(errors, NULL); 1329 1330 do { 1331 nvpair_t *pair = nvlist_prev_nvpair(errors, 1332 more_errors); 1333 fnvlist_remove_nvpair(errors, pair); 1334 n++; 1335 size = fnvlist_size(errors); 1336 } while (size > max); 1337 1338 fnvlist_remove_nvpair(errors, more_errors); 1339 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, n); 1340 ASSERT3U(fnvlist_size(errors), <=, max); 1341 } 1342 1343 return (0); 1344 } 1345 1346 static int 1347 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl) 1348 { 1349 char *packed = NULL; 1350 int error = 0; 1351 size_t size; 1352 1353 size = fnvlist_size(nvl); 1354 1355 if (size > zc->zc_nvlist_dst_size) { 1356 error = SET_ERROR(ENOMEM); 1357 } else { 1358 packed = fnvlist_pack(nvl, &size); 1359 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst, 1360 size, zc->zc_iflags) != 0) 1361 error = SET_ERROR(EFAULT); 1362 fnvlist_pack_free(packed, size); 1363 } 1364 1365 zc->zc_nvlist_dst_size = size; 1366 zc->zc_nvlist_dst_filled = B_TRUE; 1367 return (error); 1368 } 1369 1370 int 1371 getzfsvfs_impl(objset_t *os, zfsvfs_t **zfvp) 1372 { 1373 int error = 0; 1374 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1375 return (SET_ERROR(EINVAL)); 1376 } 1377 1378 mutex_enter(&os->os_user_ptr_lock); 1379 *zfvp = dmu_objset_get_user(os); 1380 /* bump s_active only when non-zero to prevent umount race */ 1381 error = zfs_vfs_ref(zfvp); 1382 mutex_exit(&os->os_user_ptr_lock); 1383 return (error); 1384 } 1385 1386 int 1387 getzfsvfs(const char *dsname, zfsvfs_t **zfvp) 1388 { 1389 objset_t *os; 1390 int error; 1391 1392 error = dmu_objset_hold(dsname, FTAG, &os); 1393 if (error != 0) 1394 return (error); 1395 1396 error = getzfsvfs_impl(os, zfvp); 1397 dmu_objset_rele(os, FTAG); 1398 return (error); 1399 } 1400 1401 /* 1402 * Find a zfsvfs_t for a mounted filesystem, or create our own, in which 1403 * case its z_sb will be NULL, and it will be opened as the owner. 1404 * If 'writer' is set, the z_teardown_lock will be held for RW_WRITER, 1405 * which prevents all inode ops from running. 1406 */ 1407 static int 1408 zfsvfs_hold(const char *name, const void *tag, zfsvfs_t **zfvp, 1409 boolean_t writer) 1410 { 1411 int error = 0; 1412 1413 if (getzfsvfs(name, zfvp) != 0) 1414 error = zfsvfs_create(name, B_FALSE, zfvp); 1415 if (error == 0) { 1416 if (writer) 1417 ZFS_TEARDOWN_ENTER_WRITE(*zfvp, tag); 1418 else 1419 ZFS_TEARDOWN_ENTER_READ(*zfvp, tag); 1420 if ((*zfvp)->z_unmounted) { 1421 /* 1422 * XXX we could probably try again, since the unmounting 1423 * thread should be just about to disassociate the 1424 * objset from the zfsvfs. 1425 */ 1426 ZFS_TEARDOWN_EXIT(*zfvp, tag); 1427 return (SET_ERROR(EBUSY)); 1428 } 1429 } 1430 return (error); 1431 } 1432 1433 static void 1434 zfsvfs_rele(zfsvfs_t *zfsvfs, const void *tag) 1435 { 1436 ZFS_TEARDOWN_EXIT(zfsvfs, tag); 1437 1438 if (zfs_vfs_held(zfsvfs)) { 1439 zfs_vfs_rele(zfsvfs); 1440 } else { 1441 dmu_objset_disown(zfsvfs->z_os, B_TRUE, zfsvfs); 1442 zfsvfs_free(zfsvfs); 1443 } 1444 } 1445 1446 static int 1447 zfs_ioc_pool_create(zfs_cmd_t *zc) 1448 { 1449 int error; 1450 nvlist_t *config, *props = NULL; 1451 nvlist_t *rootprops = NULL; 1452 nvlist_t *zplprops = NULL; 1453 dsl_crypto_params_t *dcp = NULL; 1454 const char *spa_name = zc->zc_name; 1455 boolean_t unload_wkey = B_TRUE; 1456 1457 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1458 zc->zc_iflags, &config))) 1459 return (error); 1460 1461 if (zc->zc_nvlist_src_size != 0 && (error = 1462 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1463 zc->zc_iflags, &props))) { 1464 nvlist_free(config); 1465 return (error); 1466 } 1467 1468 if (props) { 1469 nvlist_t *nvl = NULL; 1470 nvlist_t *hidden_args = NULL; 1471 uint64_t version = SPA_VERSION; 1472 const char *tname; 1473 1474 (void) nvlist_lookup_uint64(props, 1475 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version); 1476 if (!SPA_VERSION_IS_SUPPORTED(version)) { 1477 error = SET_ERROR(EINVAL); 1478 goto pool_props_bad; 1479 } 1480 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl); 1481 if (nvl) { 1482 error = nvlist_dup(nvl, &rootprops, KM_SLEEP); 1483 if (error != 0) 1484 goto pool_props_bad; 1485 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS); 1486 } 1487 1488 (void) nvlist_lookup_nvlist(props, ZPOOL_HIDDEN_ARGS, 1489 &hidden_args); 1490 error = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, 1491 rootprops, hidden_args, &dcp); 1492 if (error != 0) 1493 goto pool_props_bad; 1494 (void) nvlist_remove_all(props, ZPOOL_HIDDEN_ARGS); 1495 1496 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 1497 error = zfs_fill_zplprops_root(version, rootprops, 1498 zplprops, NULL); 1499 if (error != 0) 1500 goto pool_props_bad; 1501 1502 if (nvlist_lookup_string(props, 1503 zpool_prop_to_name(ZPOOL_PROP_TNAME), &tname) == 0) 1504 spa_name = tname; 1505 } 1506 1507 error = spa_create(zc->zc_name, config, props, zplprops, dcp); 1508 1509 /* 1510 * Set the remaining root properties 1511 */ 1512 if (!error && (error = zfs_set_prop_nvlist(spa_name, 1513 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0) { 1514 (void) spa_destroy(spa_name); 1515 unload_wkey = B_FALSE; /* spa_destroy() unloads wrapping keys */ 1516 } 1517 1518 pool_props_bad: 1519 nvlist_free(rootprops); 1520 nvlist_free(zplprops); 1521 nvlist_free(config); 1522 nvlist_free(props); 1523 dsl_crypto_params_free(dcp, unload_wkey && !!error); 1524 1525 return (error); 1526 } 1527 1528 static int 1529 zfs_ioc_pool_destroy(zfs_cmd_t *zc) 1530 { 1531 int error; 1532 zfs_log_history(zc); 1533 error = spa_destroy(zc->zc_name); 1534 1535 return (error); 1536 } 1537 1538 static int 1539 zfs_ioc_pool_import(zfs_cmd_t *zc) 1540 { 1541 nvlist_t *config, *props = NULL; 1542 uint64_t guid; 1543 int error; 1544 1545 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1546 zc->zc_iflags, &config)) != 0) 1547 return (error); 1548 1549 if (zc->zc_nvlist_src_size != 0 && (error = 1550 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1551 zc->zc_iflags, &props))) { 1552 nvlist_free(config); 1553 return (error); 1554 } 1555 1556 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 || 1557 guid != zc->zc_guid) 1558 error = SET_ERROR(EINVAL); 1559 else 1560 error = spa_import(zc->zc_name, config, props, zc->zc_cookie); 1561 1562 if (zc->zc_nvlist_dst != 0) { 1563 int err; 1564 1565 if ((err = put_nvlist(zc, config)) != 0) 1566 error = err; 1567 } 1568 1569 nvlist_free(config); 1570 nvlist_free(props); 1571 1572 return (error); 1573 } 1574 1575 static int 1576 zfs_ioc_pool_export(zfs_cmd_t *zc) 1577 { 1578 int error; 1579 boolean_t force = (boolean_t)zc->zc_cookie; 1580 boolean_t hardforce = (boolean_t)zc->zc_guid; 1581 1582 zfs_log_history(zc); 1583 error = spa_export(zc->zc_name, NULL, force, hardforce); 1584 1585 return (error); 1586 } 1587 1588 static int 1589 zfs_ioc_pool_configs(zfs_cmd_t *zc) 1590 { 1591 nvlist_t *configs; 1592 int error; 1593 1594 error = spa_all_configs(&zc->zc_cookie, &configs); 1595 if (error) 1596 return (error); 1597 1598 error = put_nvlist(zc, configs); 1599 1600 nvlist_free(configs); 1601 1602 return (error); 1603 } 1604 1605 /* 1606 * inputs: 1607 * zc_name name of the pool 1608 * 1609 * outputs: 1610 * zc_cookie real errno 1611 * zc_nvlist_dst config nvlist 1612 * zc_nvlist_dst_size size of config nvlist 1613 */ 1614 static int 1615 zfs_ioc_pool_stats(zfs_cmd_t *zc) 1616 { 1617 nvlist_t *config; 1618 int error; 1619 int ret = 0; 1620 1621 error = spa_get_stats(zc->zc_name, &config, zc->zc_value, 1622 sizeof (zc->zc_value)); 1623 1624 if (config != NULL) { 1625 ret = put_nvlist(zc, config); 1626 nvlist_free(config); 1627 1628 /* 1629 * The config may be present even if 'error' is non-zero. 1630 * In this case we return success, and preserve the real errno 1631 * in 'zc_cookie'. 1632 */ 1633 zc->zc_cookie = error; 1634 } else { 1635 ret = error; 1636 } 1637 1638 return (ret); 1639 } 1640 1641 /* 1642 * Try to import the given pool, returning pool stats as appropriate so that 1643 * user land knows which devices are available and overall pool health. 1644 */ 1645 static int 1646 zfs_ioc_pool_tryimport(zfs_cmd_t *zc) 1647 { 1648 nvlist_t *tryconfig, *config = NULL; 1649 int error; 1650 1651 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1652 zc->zc_iflags, &tryconfig)) != 0) 1653 return (error); 1654 1655 config = spa_tryimport(tryconfig); 1656 1657 nvlist_free(tryconfig); 1658 1659 if (config == NULL) 1660 return (SET_ERROR(EINVAL)); 1661 1662 error = put_nvlist(zc, config); 1663 nvlist_free(config); 1664 1665 return (error); 1666 } 1667 1668 /* 1669 * inputs: 1670 * zc_name name of the pool 1671 * zc_cookie scan func (pool_scan_func_t) 1672 * zc_flags scrub pause/resume flag (pool_scrub_cmd_t) 1673 */ 1674 static int 1675 zfs_ioc_pool_scan(zfs_cmd_t *zc) 1676 { 1677 spa_t *spa; 1678 int error; 1679 1680 if (zc->zc_flags >= POOL_SCRUB_FLAGS_END) 1681 return (SET_ERROR(EINVAL)); 1682 1683 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1684 return (error); 1685 1686 if (zc->zc_flags == POOL_SCRUB_PAUSE) 1687 error = spa_scrub_pause_resume(spa, POOL_SCRUB_PAUSE); 1688 else if (zc->zc_cookie == POOL_SCAN_NONE) 1689 error = spa_scan_stop(spa); 1690 else 1691 error = spa_scan(spa, zc->zc_cookie); 1692 1693 spa_close(spa, FTAG); 1694 1695 return (error); 1696 } 1697 1698 /* 1699 * inputs: 1700 * poolname name of the pool 1701 * scan_type scan func (pool_scan_func_t) 1702 * scan_command scrub pause/resume flag (pool_scrub_cmd_t) 1703 */ 1704 static const zfs_ioc_key_t zfs_keys_pool_scrub[] = { 1705 {"scan_type", DATA_TYPE_UINT64, 0}, 1706 {"scan_command", DATA_TYPE_UINT64, 0}, 1707 }; 1708 1709 static int 1710 zfs_ioc_pool_scrub(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 1711 { 1712 spa_t *spa; 1713 int error; 1714 uint64_t scan_type, scan_cmd; 1715 1716 if (nvlist_lookup_uint64(innvl, "scan_type", &scan_type) != 0) 1717 return (SET_ERROR(EINVAL)); 1718 if (nvlist_lookup_uint64(innvl, "scan_command", &scan_cmd) != 0) 1719 return (SET_ERROR(EINVAL)); 1720 1721 if (scan_cmd >= POOL_SCRUB_FLAGS_END) 1722 return (SET_ERROR(EINVAL)); 1723 1724 if ((error = spa_open(poolname, &spa, FTAG)) != 0) 1725 return (error); 1726 1727 if (scan_cmd == POOL_SCRUB_PAUSE) { 1728 error = spa_scrub_pause_resume(spa, POOL_SCRUB_PAUSE); 1729 } else if (scan_type == POOL_SCAN_NONE) { 1730 error = spa_scan_stop(spa); 1731 } else if (scan_cmd == POOL_SCRUB_FROM_LAST_TXG) { 1732 error = spa_scan_range(spa, scan_type, 1733 spa_get_last_scrubbed_txg(spa), 0); 1734 } else { 1735 error = spa_scan(spa, scan_type); 1736 } 1737 1738 spa_close(spa, FTAG); 1739 return (error); 1740 } 1741 1742 static int 1743 zfs_ioc_pool_freeze(zfs_cmd_t *zc) 1744 { 1745 spa_t *spa; 1746 int error; 1747 1748 error = spa_open(zc->zc_name, &spa, FTAG); 1749 if (error == 0) { 1750 spa_freeze(spa); 1751 spa_close(spa, FTAG); 1752 } 1753 return (error); 1754 } 1755 1756 static int 1757 zfs_ioc_pool_upgrade(zfs_cmd_t *zc) 1758 { 1759 spa_t *spa; 1760 int error; 1761 1762 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1763 return (error); 1764 1765 if (zc->zc_cookie < spa_version(spa) || 1766 !SPA_VERSION_IS_SUPPORTED(zc->zc_cookie)) { 1767 spa_close(spa, FTAG); 1768 return (SET_ERROR(EINVAL)); 1769 } 1770 1771 spa_upgrade(spa, zc->zc_cookie); 1772 spa_close(spa, FTAG); 1773 1774 return (error); 1775 } 1776 1777 static int 1778 zfs_ioc_pool_get_history(zfs_cmd_t *zc) 1779 { 1780 spa_t *spa; 1781 char *hist_buf; 1782 uint64_t size; 1783 int error; 1784 1785 if ((size = zc->zc_history_len) == 0) 1786 return (SET_ERROR(EINVAL)); 1787 1788 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1789 return (error); 1790 1791 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) { 1792 spa_close(spa, FTAG); 1793 return (SET_ERROR(ENOTSUP)); 1794 } 1795 1796 hist_buf = vmem_alloc(size, KM_SLEEP); 1797 if ((error = spa_history_get(spa, &zc->zc_history_offset, 1798 &zc->zc_history_len, hist_buf)) == 0) { 1799 error = ddi_copyout(hist_buf, 1800 (void *)(uintptr_t)zc->zc_history, 1801 zc->zc_history_len, zc->zc_iflags); 1802 } 1803 1804 spa_close(spa, FTAG); 1805 vmem_free(hist_buf, size); 1806 return (error); 1807 } 1808 1809 /* 1810 * inputs: 1811 * zc_nvlist_src nvlist optionally containing ZPOOL_REGUID_GUID 1812 * zc_nvlist_src_size size of the nvlist 1813 */ 1814 static int 1815 zfs_ioc_pool_reguid(zfs_cmd_t *zc) 1816 { 1817 uint64_t *guidp = NULL; 1818 nvlist_t *props = NULL; 1819 spa_t *spa; 1820 uint64_t guid; 1821 int error; 1822 1823 if (zc->zc_nvlist_src_size != 0) { 1824 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1825 zc->zc_iflags, &props); 1826 if (error != 0) 1827 return (error); 1828 1829 error = nvlist_lookup_uint64(props, ZPOOL_REGUID_GUID, &guid); 1830 if (error == 0) 1831 guidp = &guid; 1832 else if (error == ENOENT) 1833 guidp = NULL; 1834 else 1835 goto out; 1836 } 1837 1838 error = spa_open(zc->zc_name, &spa, FTAG); 1839 if (error == 0) { 1840 error = spa_change_guid(spa, guidp); 1841 spa_close(spa, FTAG); 1842 } 1843 1844 out: 1845 if (props != NULL) 1846 nvlist_free(props); 1847 1848 return (error); 1849 } 1850 1851 static int 1852 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc) 1853 { 1854 return (dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value)); 1855 } 1856 1857 /* 1858 * inputs: 1859 * zc_name name of filesystem 1860 * zc_obj object to find 1861 * 1862 * outputs: 1863 * zc_value name of object 1864 */ 1865 static int 1866 zfs_ioc_obj_to_path(zfs_cmd_t *zc) 1867 { 1868 objset_t *os; 1869 int error; 1870 1871 /* XXX reading from objset not owned */ 1872 if ((error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, 1873 FTAG, &os)) != 0) 1874 return (error); 1875 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1876 dmu_objset_rele_flags(os, B_TRUE, FTAG); 1877 return (SET_ERROR(EINVAL)); 1878 } 1879 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value, 1880 sizeof (zc->zc_value)); 1881 dmu_objset_rele_flags(os, B_TRUE, FTAG); 1882 1883 return (error); 1884 } 1885 1886 /* 1887 * inputs: 1888 * zc_name name of filesystem 1889 * zc_obj object to find 1890 * 1891 * outputs: 1892 * zc_stat stats on object 1893 * zc_value path to object 1894 */ 1895 static int 1896 zfs_ioc_obj_to_stats(zfs_cmd_t *zc) 1897 { 1898 objset_t *os; 1899 int error; 1900 1901 /* XXX reading from objset not owned */ 1902 if ((error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, 1903 FTAG, &os)) != 0) 1904 return (error); 1905 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1906 dmu_objset_rele_flags(os, B_TRUE, FTAG); 1907 return (SET_ERROR(EINVAL)); 1908 } 1909 error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value, 1910 sizeof (zc->zc_value)); 1911 dmu_objset_rele_flags(os, B_TRUE, FTAG); 1912 1913 return (error); 1914 } 1915 1916 static int 1917 zfs_ioc_vdev_add(zfs_cmd_t *zc) 1918 { 1919 spa_t *spa; 1920 int error; 1921 nvlist_t *config; 1922 1923 error = spa_open(zc->zc_name, &spa, FTAG); 1924 if (error != 0) 1925 return (error); 1926 1927 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1928 zc->zc_iflags, &config); 1929 if (error == 0) { 1930 error = spa_vdev_add(spa, config, zc->zc_flags); 1931 nvlist_free(config); 1932 } 1933 spa_close(spa, FTAG); 1934 return (error); 1935 } 1936 1937 /* 1938 * inputs: 1939 * zc_name name of the pool 1940 * zc_guid guid of vdev to remove 1941 * zc_cookie cancel removal 1942 */ 1943 static int 1944 zfs_ioc_vdev_remove(zfs_cmd_t *zc) 1945 { 1946 spa_t *spa; 1947 int error; 1948 1949 error = spa_open(zc->zc_name, &spa, FTAG); 1950 if (error != 0) 1951 return (error); 1952 if (zc->zc_cookie != 0) { 1953 error = spa_vdev_remove_cancel(spa); 1954 } else { 1955 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE); 1956 } 1957 spa_close(spa, FTAG); 1958 return (error); 1959 } 1960 1961 static int 1962 zfs_ioc_vdev_set_state(zfs_cmd_t *zc) 1963 { 1964 spa_t *spa; 1965 int error; 1966 vdev_state_t newstate = VDEV_STATE_UNKNOWN; 1967 1968 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1969 return (error); 1970 switch (zc->zc_cookie) { 1971 case VDEV_STATE_ONLINE: 1972 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate); 1973 break; 1974 1975 case VDEV_STATE_OFFLINE: 1976 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj); 1977 break; 1978 1979 case VDEV_STATE_FAULTED: 1980 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED && 1981 zc->zc_obj != VDEV_AUX_EXTERNAL && 1982 zc->zc_obj != VDEV_AUX_EXTERNAL_PERSIST) 1983 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED; 1984 1985 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj); 1986 break; 1987 1988 case VDEV_STATE_DEGRADED: 1989 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED && 1990 zc->zc_obj != VDEV_AUX_EXTERNAL) 1991 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED; 1992 1993 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj); 1994 break; 1995 1996 case VDEV_STATE_REMOVED: 1997 error = vdev_remove_wanted(spa, zc->zc_guid); 1998 break; 1999 2000 default: 2001 error = SET_ERROR(EINVAL); 2002 } 2003 zc->zc_cookie = newstate; 2004 spa_close(spa, FTAG); 2005 return (error); 2006 } 2007 2008 static int 2009 zfs_ioc_vdev_attach(zfs_cmd_t *zc) 2010 { 2011 spa_t *spa; 2012 nvlist_t *config; 2013 int replacing = zc->zc_cookie; 2014 int rebuild = zc->zc_simple; 2015 int error; 2016 2017 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 2018 return (error); 2019 2020 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 2021 zc->zc_iflags, &config)) == 0) { 2022 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing, 2023 rebuild); 2024 nvlist_free(config); 2025 } 2026 2027 spa_close(spa, FTAG); 2028 return (error); 2029 } 2030 2031 static int 2032 zfs_ioc_vdev_detach(zfs_cmd_t *zc) 2033 { 2034 spa_t *spa; 2035 int error; 2036 2037 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 2038 return (error); 2039 2040 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE); 2041 2042 spa_close(spa, FTAG); 2043 return (error); 2044 } 2045 2046 static int 2047 zfs_ioc_vdev_split(zfs_cmd_t *zc) 2048 { 2049 spa_t *spa; 2050 nvlist_t *config, *props = NULL; 2051 int error; 2052 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT); 2053 2054 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 2055 return (error); 2056 2057 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 2058 zc->zc_iflags, &config))) { 2059 spa_close(spa, FTAG); 2060 return (error); 2061 } 2062 2063 if (zc->zc_nvlist_src_size != 0 && (error = 2064 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2065 zc->zc_iflags, &props))) { 2066 spa_close(spa, FTAG); 2067 nvlist_free(config); 2068 return (error); 2069 } 2070 2071 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp); 2072 2073 spa_close(spa, FTAG); 2074 2075 nvlist_free(config); 2076 nvlist_free(props); 2077 2078 return (error); 2079 } 2080 2081 static int 2082 zfs_ioc_vdev_setpath(zfs_cmd_t *zc) 2083 { 2084 spa_t *spa; 2085 const char *path = zc->zc_value; 2086 uint64_t guid = zc->zc_guid; 2087 int error; 2088 2089 error = spa_open(zc->zc_name, &spa, FTAG); 2090 if (error != 0) 2091 return (error); 2092 2093 error = spa_vdev_setpath(spa, guid, path); 2094 spa_close(spa, FTAG); 2095 return (error); 2096 } 2097 2098 static int 2099 zfs_ioc_vdev_setfru(zfs_cmd_t *zc) 2100 { 2101 spa_t *spa; 2102 const char *fru = zc->zc_value; 2103 uint64_t guid = zc->zc_guid; 2104 int error; 2105 2106 error = spa_open(zc->zc_name, &spa, FTAG); 2107 if (error != 0) 2108 return (error); 2109 2110 error = spa_vdev_setfru(spa, guid, fru); 2111 spa_close(spa, FTAG); 2112 return (error); 2113 } 2114 2115 static int 2116 zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os) 2117 { 2118 int error = 0; 2119 nvlist_t *nv; 2120 2121 dmu_objset_fast_stat(os, &zc->zc_objset_stats); 2122 2123 if (!zc->zc_simple && zc->zc_nvlist_dst != 0 && 2124 (error = dsl_prop_get_all(os, &nv)) == 0) { 2125 dmu_objset_stats(os, nv); 2126 /* 2127 * NB: zvol_get_stats() will read the objset contents, 2128 * which we aren't supposed to do with a 2129 * DS_MODE_USER hold, because it could be 2130 * inconsistent. So this is a bit of a workaround... 2131 * XXX reading without owning 2132 */ 2133 if (!zc->zc_objset_stats.dds_inconsistent && 2134 dmu_objset_type(os) == DMU_OST_ZVOL) { 2135 error = zvol_get_stats(os, nv); 2136 if (error == EIO) { 2137 nvlist_free(nv); 2138 return (error); 2139 } 2140 VERIFY0(error); 2141 } 2142 if (error == 0) 2143 error = put_nvlist(zc, nv); 2144 nvlist_free(nv); 2145 } 2146 2147 return (error); 2148 } 2149 2150 /* 2151 * inputs: 2152 * zc_name name of filesystem 2153 * zc_nvlist_dst_size size of buffer for property nvlist 2154 * 2155 * outputs: 2156 * zc_objset_stats stats 2157 * zc_nvlist_dst property nvlist 2158 * zc_nvlist_dst_size size of property nvlist 2159 */ 2160 static int 2161 zfs_ioc_objset_stats(zfs_cmd_t *zc) 2162 { 2163 objset_t *os; 2164 int error; 2165 2166 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 2167 if (error == 0) { 2168 error = zfs_ioc_objset_stats_impl(zc, os); 2169 dmu_objset_rele(os, FTAG); 2170 } 2171 2172 return (error); 2173 } 2174 2175 /* 2176 * inputs: 2177 * zc_name name of filesystem 2178 * zc_nvlist_dst_size size of buffer for property nvlist 2179 * 2180 * outputs: 2181 * zc_nvlist_dst received property nvlist 2182 * zc_nvlist_dst_size size of received property nvlist 2183 * 2184 * Gets received properties (distinct from local properties on or after 2185 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from 2186 * local property values. 2187 */ 2188 static int 2189 zfs_ioc_objset_recvd_props(zfs_cmd_t *zc) 2190 { 2191 int error = 0; 2192 nvlist_t *nv; 2193 2194 /* 2195 * Without this check, we would return local property values if the 2196 * caller has not already received properties on or after 2197 * SPA_VERSION_RECVD_PROPS. 2198 */ 2199 if (!dsl_prop_get_hasrecvd(zc->zc_name)) 2200 return (SET_ERROR(ENOTSUP)); 2201 2202 if (zc->zc_nvlist_dst != 0 && 2203 (error = dsl_prop_get_received(zc->zc_name, &nv)) == 0) { 2204 error = put_nvlist(zc, nv); 2205 nvlist_free(nv); 2206 } 2207 2208 return (error); 2209 } 2210 2211 static int 2212 nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop) 2213 { 2214 uint64_t value; 2215 int error; 2216 2217 /* 2218 * zfs_get_zplprop() will either find a value or give us 2219 * the default value (if there is one). 2220 */ 2221 if ((error = zfs_get_zplprop(os, prop, &value)) != 0) 2222 return (error); 2223 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0); 2224 return (0); 2225 } 2226 2227 /* 2228 * inputs: 2229 * zc_name name of filesystem 2230 * zc_nvlist_dst_size size of buffer for zpl property nvlist 2231 * 2232 * outputs: 2233 * zc_nvlist_dst zpl property nvlist 2234 * zc_nvlist_dst_size size of zpl property nvlist 2235 */ 2236 static int 2237 zfs_ioc_objset_zplprops(zfs_cmd_t *zc) 2238 { 2239 objset_t *os; 2240 int err; 2241 2242 /* XXX reading without owning */ 2243 if ((err = dmu_objset_hold(zc->zc_name, FTAG, &os))) 2244 return (err); 2245 2246 dmu_objset_fast_stat(os, &zc->zc_objset_stats); 2247 2248 /* 2249 * NB: nvl_add_zplprop() will read the objset contents, 2250 * which we aren't supposed to do with a DS_MODE_USER 2251 * hold, because it could be inconsistent. 2252 */ 2253 if (zc->zc_nvlist_dst != 0 && 2254 !zc->zc_objset_stats.dds_inconsistent && 2255 dmu_objset_type(os) == DMU_OST_ZFS) { 2256 nvlist_t *nv; 2257 2258 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2259 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 && 2260 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 && 2261 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 && 2262 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0) 2263 err = put_nvlist(zc, nv); 2264 nvlist_free(nv); 2265 } else { 2266 err = SET_ERROR(ENOENT); 2267 } 2268 dmu_objset_rele(os, FTAG); 2269 return (err); 2270 } 2271 2272 /* 2273 * inputs: 2274 * zc_name name of filesystem 2275 * zc_cookie zap cursor 2276 * zc_nvlist_dst_size size of buffer for property nvlist 2277 * 2278 * outputs: 2279 * zc_name name of next filesystem 2280 * zc_cookie zap cursor 2281 * zc_objset_stats stats 2282 * zc_nvlist_dst property nvlist 2283 * zc_nvlist_dst_size size of property nvlist 2284 */ 2285 static int 2286 zfs_ioc_dataset_list_next(zfs_cmd_t *zc) 2287 { 2288 objset_t *os; 2289 int error; 2290 char *p; 2291 size_t orig_len = strlen(zc->zc_name); 2292 2293 top: 2294 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os))) { 2295 if (error == ENOENT) 2296 error = SET_ERROR(ESRCH); 2297 return (error); 2298 } 2299 2300 p = strrchr(zc->zc_name, '/'); 2301 if (p == NULL || p[1] != '\0') 2302 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name)); 2303 p = zc->zc_name + strlen(zc->zc_name); 2304 2305 do { 2306 error = dmu_dir_list_next(os, 2307 sizeof (zc->zc_name) - (p - zc->zc_name), p, 2308 NULL, &zc->zc_cookie); 2309 if (error == ENOENT) 2310 error = SET_ERROR(ESRCH); 2311 } while (error == 0 && zfs_dataset_name_hidden(zc->zc_name)); 2312 dmu_objset_rele(os, FTAG); 2313 2314 /* 2315 * If it's an internal dataset (ie. with a '$' in its name), 2316 * don't try to get stats for it, otherwise we'll return ENOENT. 2317 */ 2318 if (error == 0 && strchr(zc->zc_name, '$') == NULL) { 2319 error = zfs_ioc_objset_stats(zc); /* fill in the stats */ 2320 if (error == ENOENT) { 2321 /* We lost a race with destroy, get the next one. */ 2322 zc->zc_name[orig_len] = '\0'; 2323 goto top; 2324 } 2325 } 2326 return (error); 2327 } 2328 2329 /* 2330 * inputs: 2331 * zc_name name of filesystem 2332 * zc_cookie zap cursor 2333 * zc_nvlist_src iteration range nvlist 2334 * zc_nvlist_src_size size of iteration range nvlist 2335 * 2336 * outputs: 2337 * zc_name name of next snapshot 2338 * zc_objset_stats stats 2339 * zc_nvlist_dst property nvlist 2340 * zc_nvlist_dst_size size of property nvlist 2341 */ 2342 static int 2343 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc) 2344 { 2345 int error; 2346 objset_t *os, *ossnap; 2347 dsl_dataset_t *ds; 2348 uint64_t min_txg = 0, max_txg = 0; 2349 2350 if (zc->zc_nvlist_src_size != 0) { 2351 nvlist_t *props = NULL; 2352 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2353 zc->zc_iflags, &props); 2354 if (error != 0) 2355 return (error); 2356 (void) nvlist_lookup_uint64(props, SNAP_ITER_MIN_TXG, 2357 &min_txg); 2358 (void) nvlist_lookup_uint64(props, SNAP_ITER_MAX_TXG, 2359 &max_txg); 2360 nvlist_free(props); 2361 } 2362 2363 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 2364 if (error != 0) { 2365 return (error == ENOENT ? SET_ERROR(ESRCH) : error); 2366 } 2367 2368 /* 2369 * A dataset name of maximum length cannot have any snapshots, 2370 * so exit immediately. 2371 */ 2372 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >= 2373 ZFS_MAX_DATASET_NAME_LEN) { 2374 dmu_objset_rele(os, FTAG); 2375 return (SET_ERROR(ESRCH)); 2376 } 2377 2378 while (error == 0) { 2379 if (issig()) { 2380 error = SET_ERROR(EINTR); 2381 break; 2382 } 2383 2384 error = dmu_snapshot_list_next(os, 2385 sizeof (zc->zc_name) - strlen(zc->zc_name), 2386 zc->zc_name + strlen(zc->zc_name), &zc->zc_obj, 2387 &zc->zc_cookie, NULL); 2388 if (error == ENOENT) { 2389 error = SET_ERROR(ESRCH); 2390 break; 2391 } else if (error != 0) { 2392 break; 2393 } 2394 2395 error = dsl_dataset_hold_obj(dmu_objset_pool(os), zc->zc_obj, 2396 FTAG, &ds); 2397 if (error != 0) 2398 break; 2399 2400 if ((min_txg != 0 && dsl_get_creationtxg(ds) < min_txg) || 2401 (max_txg != 0 && dsl_get_creationtxg(ds) > max_txg)) { 2402 dsl_dataset_rele(ds, FTAG); 2403 /* undo snapshot name append */ 2404 *(strchr(zc->zc_name, '@') + 1) = '\0'; 2405 /* skip snapshot */ 2406 continue; 2407 } 2408 2409 if (zc->zc_simple) { 2410 dsl_dataset_fast_stat(ds, &zc->zc_objset_stats); 2411 dsl_dataset_rele(ds, FTAG); 2412 break; 2413 } 2414 2415 if ((error = dmu_objset_from_ds(ds, &ossnap)) != 0) { 2416 dsl_dataset_rele(ds, FTAG); 2417 break; 2418 } 2419 if ((error = zfs_ioc_objset_stats_impl(zc, ossnap)) != 0) { 2420 dsl_dataset_rele(ds, FTAG); 2421 break; 2422 } 2423 dsl_dataset_rele(ds, FTAG); 2424 break; 2425 } 2426 2427 dmu_objset_rele(os, FTAG); 2428 /* if we failed, undo the @ that we tacked on to zc_name */ 2429 if (error != 0) 2430 *strchr(zc->zc_name, '@') = '\0'; 2431 return (error); 2432 } 2433 2434 static int 2435 zfs_prop_set_userquota(const char *dsname, nvpair_t *pair) 2436 { 2437 const char *propname = nvpair_name(pair); 2438 uint64_t *valary; 2439 unsigned int vallen; 2440 const char *dash, *domain; 2441 zfs_userquota_prop_t type; 2442 uint64_t rid; 2443 uint64_t quota; 2444 zfsvfs_t *zfsvfs; 2445 int err; 2446 2447 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2448 nvlist_t *attrs; 2449 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 2450 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2451 &pair) != 0) 2452 return (SET_ERROR(EINVAL)); 2453 } 2454 2455 /* 2456 * A correctly constructed propname is encoded as 2457 * userquota@<rid>-<domain>. 2458 */ 2459 if ((dash = strchr(propname, '-')) == NULL || 2460 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 || 2461 vallen != 3) 2462 return (SET_ERROR(EINVAL)); 2463 2464 domain = dash + 1; 2465 type = valary[0]; 2466 rid = valary[1]; 2467 quota = valary[2]; 2468 2469 err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE); 2470 if (err == 0) { 2471 err = zfs_set_userquota(zfsvfs, type, domain, rid, quota); 2472 zfsvfs_rele(zfsvfs, FTAG); 2473 } 2474 2475 return (err); 2476 } 2477 2478 /* 2479 * If the named property is one that has a special function to set its value, 2480 * return 0 on success and a positive error code on failure; otherwise if it is 2481 * not one of the special properties handled by this function, return -1. 2482 * 2483 * XXX: It would be better for callers of the property interface if we handled 2484 * these special cases in dsl_prop.c (in the dsl layer). 2485 */ 2486 static int 2487 zfs_prop_set_special(const char *dsname, zprop_source_t source, 2488 nvpair_t *pair) 2489 { 2490 const char *propname = nvpair_name(pair); 2491 zfs_prop_t prop = zfs_name_to_prop(propname); 2492 uint64_t intval = 0; 2493 const char *strval = NULL; 2494 int err = -1; 2495 2496 if (prop == ZPROP_USERPROP) { 2497 if (zfs_prop_userquota(propname)) 2498 return (zfs_prop_set_userquota(dsname, pair)); 2499 return (-1); 2500 } 2501 2502 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2503 nvlist_t *attrs; 2504 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 2505 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2506 &pair) == 0); 2507 } 2508 2509 /* all special properties are numeric except for keylocation */ 2510 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING) { 2511 strval = fnvpair_value_string(pair); 2512 } else { 2513 intval = fnvpair_value_uint64(pair); 2514 } 2515 2516 switch (prop) { 2517 case ZFS_PROP_QUOTA: 2518 err = dsl_dir_set_quota(dsname, source, intval); 2519 break; 2520 case ZFS_PROP_REFQUOTA: 2521 err = dsl_dataset_set_refquota(dsname, source, intval); 2522 break; 2523 case ZFS_PROP_FILESYSTEM_LIMIT: 2524 case ZFS_PROP_SNAPSHOT_LIMIT: 2525 if (intval == UINT64_MAX) { 2526 /* clearing the limit, just do it */ 2527 err = 0; 2528 } else { 2529 err = dsl_dir_activate_fs_ss_limit(dsname); 2530 } 2531 /* 2532 * Set err to -1 to force the zfs_set_prop_nvlist code down the 2533 * default path to set the value in the nvlist. 2534 */ 2535 if (err == 0) 2536 err = -1; 2537 break; 2538 case ZFS_PROP_KEYLOCATION: 2539 err = dsl_crypto_can_set_keylocation(dsname, strval); 2540 2541 /* 2542 * Set err to -1 to force the zfs_set_prop_nvlist code down the 2543 * default path to set the value in the nvlist. 2544 */ 2545 if (err == 0) 2546 err = -1; 2547 break; 2548 case ZFS_PROP_RESERVATION: 2549 err = dsl_dir_set_reservation(dsname, source, intval); 2550 break; 2551 case ZFS_PROP_REFRESERVATION: 2552 err = dsl_dataset_set_refreservation(dsname, source, intval); 2553 break; 2554 case ZFS_PROP_COMPRESSION: 2555 err = dsl_dataset_set_compression(dsname, source, intval); 2556 /* 2557 * Set err to -1 to force the zfs_set_prop_nvlist code down the 2558 * default path to set the value in the nvlist. 2559 */ 2560 if (err == 0) 2561 err = -1; 2562 break; 2563 case ZFS_PROP_VOLSIZE: 2564 err = zvol_set_volsize(dsname, intval); 2565 break; 2566 case ZFS_PROP_VOLTHREADING: 2567 err = zvol_set_volthreading(dsname, intval); 2568 /* 2569 * Set err to -1 to force the zfs_set_prop_nvlist code down the 2570 * default path to set the value in the nvlist. 2571 */ 2572 if (err == 0) 2573 err = -1; 2574 break; 2575 case ZFS_PROP_SNAPDEV: 2576 case ZFS_PROP_VOLMODE: 2577 err = zvol_set_common(dsname, prop, source, intval); 2578 break; 2579 case ZFS_PROP_READONLY: 2580 err = zvol_set_ro(dsname, intval); 2581 /* 2582 * Set err to -1 to force the zfs_set_prop_nvlist code down the 2583 * default path to set the value in the nvlist. 2584 */ 2585 if (err == 0) 2586 err = -1; 2587 break; 2588 case ZFS_PROP_VERSION: 2589 { 2590 zfsvfs_t *zfsvfs; 2591 2592 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0) 2593 break; 2594 2595 err = zfs_set_version(zfsvfs, intval); 2596 zfsvfs_rele(zfsvfs, FTAG); 2597 2598 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) { 2599 zfs_cmd_t *zc; 2600 2601 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP); 2602 (void) strlcpy(zc->zc_name, dsname, 2603 sizeof (zc->zc_name)); 2604 (void) zfs_ioc_userspace_upgrade(zc); 2605 (void) zfs_ioc_id_quota_upgrade(zc); 2606 kmem_free(zc, sizeof (zfs_cmd_t)); 2607 } 2608 break; 2609 } 2610 case ZFS_PROP_LONGNAME: 2611 { 2612 zfsvfs_t *zfsvfs; 2613 2614 /* 2615 * Ignore the checks if the property is being applied as part of 2616 * 'zfs receive'. Because, we already check if the local pool 2617 * has SPA_FEATURE_LONGNAME enabled in dmu_recv_begin_check(). 2618 */ 2619 if (source == ZPROP_SRC_RECEIVED) { 2620 cmn_err(CE_NOTE, "Skipping ZFS_PROP_LONGNAME checks " 2621 "for dsname=%s\n", dsname); 2622 err = -1; 2623 break; 2624 } 2625 2626 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE)) != 0) { 2627 cmn_err(CE_WARN, "%s:%d Failed to hold for dsname=%s " 2628 "err=%d\n", __FILE__, __LINE__, dsname, err); 2629 break; 2630 } 2631 2632 if (!spa_feature_is_enabled(zfsvfs->z_os->os_spa, 2633 SPA_FEATURE_LONGNAME)) { 2634 err = ENOTSUP; 2635 } else { 2636 /* 2637 * Set err to -1 to force the zfs_set_prop_nvlist code 2638 * down the default path to set the value in the nvlist. 2639 */ 2640 err = -1; 2641 } 2642 zfsvfs_rele(zfsvfs, FTAG); 2643 break; 2644 } 2645 default: 2646 err = -1; 2647 } 2648 2649 return (err); 2650 } 2651 2652 static boolean_t 2653 zfs_is_namespace_prop(zfs_prop_t prop) 2654 { 2655 switch (prop) { 2656 2657 case ZFS_PROP_ATIME: 2658 case ZFS_PROP_RELATIME: 2659 case ZFS_PROP_DEVICES: 2660 case ZFS_PROP_EXEC: 2661 case ZFS_PROP_SETUID: 2662 case ZFS_PROP_READONLY: 2663 case ZFS_PROP_XATTR: 2664 case ZFS_PROP_NBMAND: 2665 return (B_TRUE); 2666 2667 default: 2668 return (B_FALSE); 2669 } 2670 } 2671 2672 /* 2673 * This function is best effort. If it fails to set any of the given properties, 2674 * it continues to set as many as it can and returns the last error 2675 * encountered. If the caller provides a non-NULL errlist, it will be filled in 2676 * with the list of names of all the properties that failed along with the 2677 * corresponding error numbers. 2678 * 2679 * If every property is set successfully, zero is returned and errlist is not 2680 * modified. 2681 */ 2682 int 2683 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl, 2684 nvlist_t *errlist) 2685 { 2686 nvpair_t *pair; 2687 nvpair_t *propval; 2688 int rv = 0; 2689 int err; 2690 uint64_t intval; 2691 const char *strval; 2692 boolean_t should_update_mount_cache = B_FALSE; 2693 2694 nvlist_t *genericnvl = fnvlist_alloc(); 2695 nvlist_t *retrynvl = fnvlist_alloc(); 2696 retry: 2697 pair = NULL; 2698 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) { 2699 const char *propname = nvpair_name(pair); 2700 zfs_prop_t prop = zfs_name_to_prop(propname); 2701 err = 0; 2702 2703 /* decode the property value */ 2704 propval = pair; 2705 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2706 nvlist_t *attrs; 2707 attrs = fnvpair_value_nvlist(pair); 2708 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2709 &propval) != 0) 2710 err = SET_ERROR(EINVAL); 2711 } 2712 2713 /* Validate value type */ 2714 if (err == 0 && source == ZPROP_SRC_INHERITED) { 2715 /* inherited properties are expected to be booleans */ 2716 if (nvpair_type(propval) != DATA_TYPE_BOOLEAN) 2717 err = SET_ERROR(EINVAL); 2718 } else if (err == 0 && prop == ZPROP_USERPROP) { 2719 if (zfs_prop_user(propname)) { 2720 if (nvpair_type(propval) != DATA_TYPE_STRING) 2721 err = SET_ERROR(EINVAL); 2722 } else if (zfs_prop_userquota(propname)) { 2723 if (nvpair_type(propval) != 2724 DATA_TYPE_UINT64_ARRAY) 2725 err = SET_ERROR(EINVAL); 2726 } else { 2727 err = SET_ERROR(EINVAL); 2728 } 2729 } else if (err == 0) { 2730 if (nvpair_type(propval) == DATA_TYPE_STRING) { 2731 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING) 2732 err = SET_ERROR(EINVAL); 2733 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) { 2734 const char *unused; 2735 2736 intval = fnvpair_value_uint64(propval); 2737 2738 switch (zfs_prop_get_type(prop)) { 2739 case PROP_TYPE_NUMBER: 2740 break; 2741 case PROP_TYPE_STRING: 2742 err = SET_ERROR(EINVAL); 2743 break; 2744 case PROP_TYPE_INDEX: 2745 if (zfs_prop_index_to_string(prop, 2746 intval, &unused) != 0) 2747 err = 2748 SET_ERROR(ZFS_ERR_BADPROP); 2749 break; 2750 default: 2751 cmn_err(CE_PANIC, 2752 "unknown property type"); 2753 } 2754 } else { 2755 err = SET_ERROR(EINVAL); 2756 } 2757 } 2758 2759 /* Validate permissions */ 2760 if (err == 0) 2761 err = zfs_check_settable(dsname, pair, CRED()); 2762 2763 if (err == 0) { 2764 if (source == ZPROP_SRC_INHERITED) 2765 err = -1; /* does not need special handling */ 2766 else 2767 err = zfs_prop_set_special(dsname, source, 2768 pair); 2769 if (err == -1) { 2770 /* 2771 * For better performance we build up a list of 2772 * properties to set in a single transaction. 2773 */ 2774 err = nvlist_add_nvpair(genericnvl, pair); 2775 } else if (err != 0 && nvl != retrynvl) { 2776 /* 2777 * This may be a spurious error caused by 2778 * receiving quota and reservation out of order. 2779 * Try again in a second pass. 2780 */ 2781 err = nvlist_add_nvpair(retrynvl, pair); 2782 } 2783 } 2784 2785 if (err != 0) { 2786 if (errlist != NULL) 2787 fnvlist_add_int32(errlist, propname, err); 2788 rv = err; 2789 } 2790 2791 if (zfs_is_namespace_prop(prop)) 2792 should_update_mount_cache = B_TRUE; 2793 } 2794 2795 if (nvl != retrynvl && !nvlist_empty(retrynvl)) { 2796 nvl = retrynvl; 2797 goto retry; 2798 } 2799 2800 if (nvlist_empty(genericnvl)) 2801 goto out; 2802 2803 /* 2804 * Try to set them all in one batch. 2805 */ 2806 err = dsl_props_set(dsname, source, genericnvl); 2807 if (err == 0) 2808 goto out; 2809 2810 /* 2811 * If batching fails, we still want to set as many properties as we 2812 * can, so try setting them individually. 2813 */ 2814 pair = NULL; 2815 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) { 2816 const char *propname = nvpair_name(pair); 2817 2818 propval = pair; 2819 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2820 nvlist_t *attrs; 2821 attrs = fnvpair_value_nvlist(pair); 2822 propval = fnvlist_lookup_nvpair(attrs, ZPROP_VALUE); 2823 } 2824 2825 if (nvpair_type(propval) == DATA_TYPE_STRING) { 2826 strval = fnvpair_value_string(propval); 2827 err = dsl_prop_set_string(dsname, propname, 2828 source, strval); 2829 } else if (nvpair_type(propval) == DATA_TYPE_BOOLEAN) { 2830 err = dsl_prop_inherit(dsname, propname, source); 2831 } else { 2832 intval = fnvpair_value_uint64(propval); 2833 err = dsl_prop_set_int(dsname, propname, source, 2834 intval); 2835 } 2836 2837 if (err != 0) { 2838 if (errlist != NULL) { 2839 fnvlist_add_int32(errlist, propname, err); 2840 } 2841 rv = err; 2842 } 2843 } 2844 2845 out: 2846 if (should_update_mount_cache) 2847 zfs_ioctl_update_mount_cache(dsname); 2848 2849 nvlist_free(genericnvl); 2850 nvlist_free(retrynvl); 2851 2852 return (rv); 2853 } 2854 2855 /* 2856 * Check that all the properties are valid user properties. 2857 */ 2858 static int 2859 zfs_check_userprops(nvlist_t *nvl) 2860 { 2861 nvpair_t *pair = NULL; 2862 2863 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) { 2864 const char *propname = nvpair_name(pair); 2865 2866 if (!zfs_prop_user(propname) || 2867 nvpair_type(pair) != DATA_TYPE_STRING) 2868 return (SET_ERROR(EINVAL)); 2869 2870 if (strlen(propname) >= ZAP_MAXNAMELEN) 2871 return (SET_ERROR(ENAMETOOLONG)); 2872 2873 if (strlen(fnvpair_value_string(pair)) >= ZAP_MAXVALUELEN) 2874 return (SET_ERROR(E2BIG)); 2875 } 2876 return (0); 2877 } 2878 2879 static void 2880 props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops) 2881 { 2882 nvpair_t *pair; 2883 2884 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2885 2886 pair = NULL; 2887 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) { 2888 if (nvlist_exists(skipped, nvpair_name(pair))) 2889 continue; 2890 2891 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0); 2892 } 2893 } 2894 2895 static int 2896 clear_received_props(const char *dsname, nvlist_t *props, 2897 nvlist_t *skipped) 2898 { 2899 int err = 0; 2900 nvlist_t *cleared_props = NULL; 2901 props_skip(props, skipped, &cleared_props); 2902 if (!nvlist_empty(cleared_props)) { 2903 /* 2904 * Acts on local properties until the dataset has received 2905 * properties at least once on or after SPA_VERSION_RECVD_PROPS. 2906 */ 2907 zprop_source_t flags = (ZPROP_SRC_NONE | 2908 (dsl_prop_get_hasrecvd(dsname) ? ZPROP_SRC_RECEIVED : 0)); 2909 err = zfs_set_prop_nvlist(dsname, flags, cleared_props, NULL); 2910 } 2911 nvlist_free(cleared_props); 2912 return (err); 2913 } 2914 2915 /* 2916 * inputs: 2917 * zc_name name of filesystem 2918 * zc_value name of property to set 2919 * zc_nvlist_src{_size} nvlist of properties to apply 2920 * zc_cookie received properties flag 2921 * 2922 * outputs: 2923 * zc_nvlist_dst{_size} error for each unapplied received property 2924 */ 2925 static int 2926 zfs_ioc_set_prop(zfs_cmd_t *zc) 2927 { 2928 nvlist_t *nvl; 2929 boolean_t received = zc->zc_cookie; 2930 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED : 2931 ZPROP_SRC_LOCAL); 2932 nvlist_t *errors; 2933 int error; 2934 2935 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2936 zc->zc_iflags, &nvl)) != 0) 2937 return (error); 2938 2939 if (received) { 2940 nvlist_t *origprops; 2941 2942 if (dsl_prop_get_received(zc->zc_name, &origprops) == 0) { 2943 (void) clear_received_props(zc->zc_name, 2944 origprops, nvl); 2945 nvlist_free(origprops); 2946 } 2947 2948 error = dsl_prop_set_hasrecvd(zc->zc_name); 2949 } 2950 2951 errors = fnvlist_alloc(); 2952 if (error == 0) 2953 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, errors); 2954 2955 if (zc->zc_nvlist_dst != 0 && errors != NULL) { 2956 (void) put_nvlist(zc, errors); 2957 } 2958 2959 nvlist_free(errors); 2960 nvlist_free(nvl); 2961 return (error); 2962 } 2963 2964 /* 2965 * inputs: 2966 * zc_name name of filesystem 2967 * zc_value name of property to inherit 2968 * zc_cookie revert to received value if TRUE 2969 * 2970 * outputs: none 2971 */ 2972 static int 2973 zfs_ioc_inherit_prop(zfs_cmd_t *zc) 2974 { 2975 const char *propname = zc->zc_value; 2976 zfs_prop_t prop = zfs_name_to_prop(propname); 2977 boolean_t received = zc->zc_cookie; 2978 zprop_source_t source = (received 2979 ? ZPROP_SRC_NONE /* revert to received value, if any */ 2980 : ZPROP_SRC_INHERITED); /* explicitly inherit */ 2981 nvlist_t *dummy; 2982 nvpair_t *pair; 2983 zprop_type_t type; 2984 int err; 2985 2986 if (!received) { 2987 /* 2988 * Only check this in the non-received case. We want to allow 2989 * 'inherit -S' to revert non-inheritable properties like quota 2990 * and reservation to the received or default values even though 2991 * they are not considered inheritable. 2992 */ 2993 if (prop != ZPROP_USERPROP && !zfs_prop_inheritable(prop)) 2994 return (SET_ERROR(EINVAL)); 2995 } 2996 2997 if (prop == ZPROP_USERPROP) { 2998 if (!zfs_prop_user(propname)) 2999 return (SET_ERROR(EINVAL)); 3000 3001 type = PROP_TYPE_STRING; 3002 } else if (prop == ZFS_PROP_VOLSIZE || prop == ZFS_PROP_VERSION) { 3003 return (SET_ERROR(EINVAL)); 3004 } else { 3005 type = zfs_prop_get_type(prop); 3006 } 3007 3008 /* 3009 * zfs_prop_set_special() expects properties in the form of an 3010 * nvpair with type info. 3011 */ 3012 dummy = fnvlist_alloc(); 3013 3014 switch (type) { 3015 case PROP_TYPE_STRING: 3016 VERIFY(0 == nvlist_add_string(dummy, propname, "")); 3017 break; 3018 case PROP_TYPE_NUMBER: 3019 case PROP_TYPE_INDEX: 3020 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0)); 3021 break; 3022 default: 3023 err = SET_ERROR(EINVAL); 3024 goto errout; 3025 } 3026 3027 pair = nvlist_next_nvpair(dummy, NULL); 3028 if (pair == NULL) { 3029 err = SET_ERROR(EINVAL); 3030 } else { 3031 err = zfs_prop_set_special(zc->zc_name, source, pair); 3032 if (err == -1) /* property is not "special", needs handling */ 3033 err = dsl_prop_inherit(zc->zc_name, zc->zc_value, 3034 source); 3035 } 3036 3037 errout: 3038 nvlist_free(dummy); 3039 return (err); 3040 } 3041 3042 static int 3043 zfs_ioc_pool_set_props(zfs_cmd_t *zc) 3044 { 3045 nvlist_t *props; 3046 spa_t *spa; 3047 int error; 3048 nvpair_t *pair; 3049 3050 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 3051 zc->zc_iflags, &props))) 3052 return (error); 3053 3054 /* 3055 * If the only property is the configfile, then just do a spa_lookup() 3056 * to handle the faulted case. 3057 */ 3058 pair = nvlist_next_nvpair(props, NULL); 3059 if (pair != NULL && strcmp(nvpair_name(pair), 3060 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 && 3061 nvlist_next_nvpair(props, pair) == NULL) { 3062 mutex_enter(&spa_namespace_lock); 3063 if ((spa = spa_lookup(zc->zc_name)) != NULL) { 3064 spa_configfile_set(spa, props, B_FALSE); 3065 spa_write_cachefile(spa, B_FALSE, B_TRUE, B_FALSE); 3066 } 3067 mutex_exit(&spa_namespace_lock); 3068 if (spa != NULL) { 3069 nvlist_free(props); 3070 return (0); 3071 } 3072 } 3073 3074 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) { 3075 nvlist_free(props); 3076 return (error); 3077 } 3078 3079 error = spa_prop_set(spa, props); 3080 3081 nvlist_free(props); 3082 spa_close(spa, FTAG); 3083 3084 return (error); 3085 } 3086 3087 /* 3088 * innvl: { 3089 * "get_props_names": [ "prop1", "prop2", ..., "propN" ] 3090 * } 3091 */ 3092 3093 static const zfs_ioc_key_t zfs_keys_get_props[] = { 3094 { ZPOOL_GET_PROPS_NAMES, DATA_TYPE_STRING_ARRAY, ZK_OPTIONAL }, 3095 }; 3096 3097 static int 3098 zfs_ioc_pool_get_props(const char *pool, nvlist_t *innvl, nvlist_t *outnvl) 3099 { 3100 spa_t *spa; 3101 char **props = NULL; 3102 unsigned int n_props = 0; 3103 int error; 3104 3105 if (nvlist_lookup_string_array(innvl, ZPOOL_GET_PROPS_NAMES, 3106 &props, &n_props) != 0) { 3107 props = NULL; 3108 } 3109 3110 if ((error = spa_open(pool, &spa, FTAG)) != 0) { 3111 /* 3112 * If the pool is faulted, there may be properties we can still 3113 * get (such as altroot and cachefile), so attempt to get them 3114 * anyway. 3115 */ 3116 mutex_enter(&spa_namespace_lock); 3117 if ((spa = spa_lookup(pool)) != NULL) { 3118 error = spa_prop_get(spa, outnvl); 3119 if (error == 0 && props != NULL) 3120 error = spa_prop_get_nvlist(spa, props, n_props, 3121 outnvl); 3122 } 3123 mutex_exit(&spa_namespace_lock); 3124 } else { 3125 error = spa_prop_get(spa, outnvl); 3126 if (error == 0 && props != NULL) 3127 error = spa_prop_get_nvlist(spa, props, n_props, 3128 outnvl); 3129 spa_close(spa, FTAG); 3130 } 3131 3132 return (error); 3133 } 3134 3135 /* 3136 * innvl: { 3137 * "vdevprops_set_vdev" -> guid 3138 * "vdevprops_set_props" -> { prop -> value } 3139 * } 3140 * 3141 * outnvl: propname -> error code (int32) 3142 */ 3143 static const zfs_ioc_key_t zfs_keys_vdev_set_props[] = { 3144 {ZPOOL_VDEV_PROPS_SET_VDEV, DATA_TYPE_UINT64, 0}, 3145 {ZPOOL_VDEV_PROPS_SET_PROPS, DATA_TYPE_NVLIST, 0} 3146 }; 3147 3148 static int 3149 zfs_ioc_vdev_set_props(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3150 { 3151 spa_t *spa; 3152 int error; 3153 vdev_t *vd; 3154 uint64_t vdev_guid; 3155 3156 /* Early validation */ 3157 if (nvlist_lookup_uint64(innvl, ZPOOL_VDEV_PROPS_SET_VDEV, 3158 &vdev_guid) != 0) 3159 return (SET_ERROR(EINVAL)); 3160 3161 if (outnvl == NULL) 3162 return (SET_ERROR(EINVAL)); 3163 3164 if ((error = spa_open(poolname, &spa, FTAG)) != 0) 3165 return (error); 3166 3167 ASSERT(spa_writeable(spa)); 3168 3169 if ((vd = spa_lookup_by_guid(spa, vdev_guid, B_TRUE)) == NULL) { 3170 spa_close(spa, FTAG); 3171 return (SET_ERROR(ENOENT)); 3172 } 3173 3174 error = vdev_prop_set(vd, innvl, outnvl); 3175 3176 spa_close(spa, FTAG); 3177 3178 return (error); 3179 } 3180 3181 /* 3182 * innvl: { 3183 * "vdevprops_get_vdev" -> guid 3184 * (optional) "vdevprops_get_props" -> { propname -> propid } 3185 * } 3186 * 3187 * outnvl: propname -> value 3188 */ 3189 static const zfs_ioc_key_t zfs_keys_vdev_get_props[] = { 3190 {ZPOOL_VDEV_PROPS_GET_VDEV, DATA_TYPE_UINT64, 0}, 3191 {ZPOOL_VDEV_PROPS_GET_PROPS, DATA_TYPE_NVLIST, ZK_OPTIONAL} 3192 }; 3193 3194 static int 3195 zfs_ioc_vdev_get_props(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3196 { 3197 spa_t *spa; 3198 int error; 3199 vdev_t *vd; 3200 uint64_t vdev_guid; 3201 3202 /* Early validation */ 3203 if (nvlist_lookup_uint64(innvl, ZPOOL_VDEV_PROPS_GET_VDEV, 3204 &vdev_guid) != 0) 3205 return (SET_ERROR(EINVAL)); 3206 3207 if (outnvl == NULL) 3208 return (SET_ERROR(EINVAL)); 3209 3210 if ((error = spa_open(poolname, &spa, FTAG)) != 0) 3211 return (error); 3212 3213 if ((vd = spa_lookup_by_guid(spa, vdev_guid, B_TRUE)) == NULL) { 3214 spa_close(spa, FTAG); 3215 return (SET_ERROR(ENOENT)); 3216 } 3217 3218 error = vdev_prop_get(vd, innvl, outnvl); 3219 3220 spa_close(spa, FTAG); 3221 3222 return (error); 3223 } 3224 3225 /* 3226 * inputs: 3227 * zc_name name of filesystem 3228 * zc_nvlist_src{_size} nvlist of delegated permissions 3229 * zc_perm_action allow/unallow flag 3230 * 3231 * outputs: none 3232 */ 3233 static int 3234 zfs_ioc_set_fsacl(zfs_cmd_t *zc) 3235 { 3236 int error; 3237 nvlist_t *fsaclnv = NULL; 3238 3239 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 3240 zc->zc_iflags, &fsaclnv)) != 0) 3241 return (error); 3242 3243 /* 3244 * Verify nvlist is constructed correctly 3245 */ 3246 if (zfs_deleg_verify_nvlist(fsaclnv) != 0) { 3247 nvlist_free(fsaclnv); 3248 return (SET_ERROR(EINVAL)); 3249 } 3250 3251 /* 3252 * If we don't have PRIV_SYS_MOUNT, then validate 3253 * that user is allowed to hand out each permission in 3254 * the nvlist(s) 3255 */ 3256 3257 error = secpolicy_zfs(CRED()); 3258 if (error != 0) { 3259 if (zc->zc_perm_action == B_FALSE) { 3260 error = dsl_deleg_can_allow(zc->zc_name, 3261 fsaclnv, CRED()); 3262 } else { 3263 error = dsl_deleg_can_unallow(zc->zc_name, 3264 fsaclnv, CRED()); 3265 } 3266 } 3267 3268 if (error == 0) 3269 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action); 3270 3271 nvlist_free(fsaclnv); 3272 return (error); 3273 } 3274 3275 /* 3276 * inputs: 3277 * zc_name name of filesystem 3278 * 3279 * outputs: 3280 * zc_nvlist_src{_size} nvlist of delegated permissions 3281 */ 3282 static int 3283 zfs_ioc_get_fsacl(zfs_cmd_t *zc) 3284 { 3285 nvlist_t *nvp; 3286 int error; 3287 3288 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) { 3289 error = put_nvlist(zc, nvp); 3290 nvlist_free(nvp); 3291 } 3292 3293 return (error); 3294 } 3295 3296 static void 3297 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx) 3298 { 3299 zfs_creat_t *zct = arg; 3300 3301 zfs_create_fs(os, cr, zct->zct_zplprops, tx); 3302 } 3303 3304 #define ZFS_PROP_UNDEFINED ((uint64_t)-1) 3305 3306 /* 3307 * inputs: 3308 * os parent objset pointer (NULL if root fs) 3309 * fuids_ok fuids allowed in this version of the spa? 3310 * sa_ok SAs allowed in this version of the spa? 3311 * createprops list of properties requested by creator 3312 * 3313 * outputs: 3314 * zplprops values for the zplprops we attach to the master node object 3315 * is_ci true if requested file system will be purely case-insensitive 3316 * 3317 * Determine the settings for utf8only, normalization and 3318 * casesensitivity. Specific values may have been requested by the 3319 * creator and/or we can inherit values from the parent dataset. If 3320 * the file system is of too early a vintage, a creator can not 3321 * request settings for these properties, even if the requested 3322 * setting is the default value. We don't actually want to create dsl 3323 * properties for these, so remove them from the source nvlist after 3324 * processing. 3325 */ 3326 static int 3327 zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver, 3328 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops, 3329 nvlist_t *zplprops, boolean_t *is_ci) 3330 { 3331 uint64_t sense = ZFS_PROP_UNDEFINED; 3332 uint64_t norm = ZFS_PROP_UNDEFINED; 3333 uint64_t u8 = ZFS_PROP_UNDEFINED; 3334 int error; 3335 3336 ASSERT(zplprops != NULL); 3337 3338 /* parent dataset must be a filesystem */ 3339 if (os != NULL && os->os_phys->os_type != DMU_OST_ZFS) 3340 return (SET_ERROR(ZFS_ERR_WRONG_PARENT)); 3341 3342 /* 3343 * Pull out creator prop choices, if any. 3344 */ 3345 if (createprops) { 3346 (void) nvlist_lookup_uint64(createprops, 3347 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver); 3348 (void) nvlist_lookup_uint64(createprops, 3349 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm); 3350 (void) nvlist_remove_all(createprops, 3351 zfs_prop_to_name(ZFS_PROP_NORMALIZE)); 3352 (void) nvlist_lookup_uint64(createprops, 3353 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8); 3354 (void) nvlist_remove_all(createprops, 3355 zfs_prop_to_name(ZFS_PROP_UTF8ONLY)); 3356 (void) nvlist_lookup_uint64(createprops, 3357 zfs_prop_to_name(ZFS_PROP_CASE), &sense); 3358 (void) nvlist_remove_all(createprops, 3359 zfs_prop_to_name(ZFS_PROP_CASE)); 3360 } 3361 3362 /* 3363 * If the zpl version requested is whacky or the file system 3364 * or pool is version is too "young" to support normalization 3365 * and the creator tried to set a value for one of the props, 3366 * error out. 3367 */ 3368 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) || 3369 (zplver >= ZPL_VERSION_FUID && !fuids_ok) || 3370 (zplver >= ZPL_VERSION_SA && !sa_ok) || 3371 (zplver < ZPL_VERSION_NORMALIZATION && 3372 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED || 3373 sense != ZFS_PROP_UNDEFINED))) 3374 return (SET_ERROR(ENOTSUP)); 3375 3376 /* 3377 * Put the version in the zplprops 3378 */ 3379 VERIFY(nvlist_add_uint64(zplprops, 3380 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0); 3381 3382 if (norm == ZFS_PROP_UNDEFINED && 3383 (error = zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm)) != 0) 3384 return (error); 3385 VERIFY(nvlist_add_uint64(zplprops, 3386 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0); 3387 3388 /* 3389 * If we're normalizing, names must always be valid UTF-8 strings. 3390 */ 3391 if (norm) 3392 u8 = 1; 3393 if (u8 == ZFS_PROP_UNDEFINED && 3394 (error = zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8)) != 0) 3395 return (error); 3396 VERIFY(nvlist_add_uint64(zplprops, 3397 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0); 3398 3399 if (sense == ZFS_PROP_UNDEFINED && 3400 (error = zfs_get_zplprop(os, ZFS_PROP_CASE, &sense)) != 0) 3401 return (error); 3402 VERIFY(nvlist_add_uint64(zplprops, 3403 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0); 3404 3405 if (is_ci) 3406 *is_ci = (sense == ZFS_CASE_INSENSITIVE); 3407 3408 return (0); 3409 } 3410 3411 static int 3412 zfs_fill_zplprops(const char *dataset, nvlist_t *createprops, 3413 nvlist_t *zplprops, boolean_t *is_ci) 3414 { 3415 boolean_t fuids_ok, sa_ok; 3416 uint64_t zplver = ZPL_VERSION; 3417 objset_t *os = NULL; 3418 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 3419 spa_t *spa; 3420 uint64_t spa_vers; 3421 int error; 3422 3423 zfs_get_parent(dataset, parentname, sizeof (parentname)); 3424 3425 if ((error = spa_open(dataset, &spa, FTAG)) != 0) 3426 return (error); 3427 3428 spa_vers = spa_version(spa); 3429 spa_close(spa, FTAG); 3430 3431 zplver = zfs_zpl_version_map(spa_vers); 3432 fuids_ok = (zplver >= ZPL_VERSION_FUID); 3433 sa_ok = (zplver >= ZPL_VERSION_SA); 3434 3435 /* 3436 * Open parent object set so we can inherit zplprop values. 3437 */ 3438 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0) 3439 return (error); 3440 3441 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops, 3442 zplprops, is_ci); 3443 dmu_objset_rele(os, FTAG); 3444 return (error); 3445 } 3446 3447 static int 3448 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops, 3449 nvlist_t *zplprops, boolean_t *is_ci) 3450 { 3451 boolean_t fuids_ok; 3452 boolean_t sa_ok; 3453 uint64_t zplver = ZPL_VERSION; 3454 int error; 3455 3456 zplver = zfs_zpl_version_map(spa_vers); 3457 fuids_ok = (zplver >= ZPL_VERSION_FUID); 3458 sa_ok = (zplver >= ZPL_VERSION_SA); 3459 3460 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok, 3461 createprops, zplprops, is_ci); 3462 return (error); 3463 } 3464 3465 /* 3466 * innvl: { 3467 * "type" -> dmu_objset_type_t (int32) 3468 * (optional) "props" -> { prop -> value } 3469 * (optional) "hidden_args" -> { "wkeydata" -> value } 3470 * raw uint8_t array of encryption wrapping key data (32 bytes) 3471 * } 3472 * 3473 * outnvl: propname -> error code (int32) 3474 */ 3475 3476 static const zfs_ioc_key_t zfs_keys_create[] = { 3477 {"type", DATA_TYPE_INT32, 0}, 3478 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 3479 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 3480 }; 3481 3482 static int 3483 zfs_ioc_create(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3484 { 3485 int error = 0; 3486 zfs_creat_t zct = { 0 }; 3487 nvlist_t *nvprops = NULL; 3488 nvlist_t *hidden_args = NULL; 3489 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx); 3490 dmu_objset_type_t type; 3491 boolean_t is_insensitive = B_FALSE; 3492 dsl_crypto_params_t *dcp = NULL; 3493 3494 type = (dmu_objset_type_t)fnvlist_lookup_int32(innvl, "type"); 3495 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops); 3496 (void) nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args); 3497 3498 switch (type) { 3499 case DMU_OST_ZFS: 3500 cbfunc = zfs_create_cb; 3501 break; 3502 3503 case DMU_OST_ZVOL: 3504 cbfunc = zvol_create_cb; 3505 break; 3506 3507 default: 3508 cbfunc = NULL; 3509 break; 3510 } 3511 if (strchr(fsname, '@') || 3512 strchr(fsname, '%')) 3513 return (SET_ERROR(EINVAL)); 3514 3515 zct.zct_props = nvprops; 3516 3517 if (cbfunc == NULL) 3518 return (SET_ERROR(EINVAL)); 3519 3520 if (type == DMU_OST_ZVOL) { 3521 uint64_t volsize, volblocksize; 3522 3523 if (nvprops == NULL) 3524 return (SET_ERROR(EINVAL)); 3525 if (nvlist_lookup_uint64(nvprops, 3526 zfs_prop_to_name(ZFS_PROP_VOLSIZE), &volsize) != 0) 3527 return (SET_ERROR(EINVAL)); 3528 3529 if ((error = nvlist_lookup_uint64(nvprops, 3530 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE), 3531 &volblocksize)) != 0 && error != ENOENT) 3532 return (SET_ERROR(EINVAL)); 3533 3534 if (error != 0) 3535 volblocksize = zfs_prop_default_numeric( 3536 ZFS_PROP_VOLBLOCKSIZE); 3537 3538 if ((error = zvol_check_volblocksize(fsname, 3539 volblocksize)) != 0 || 3540 (error = zvol_check_volsize(volsize, 3541 volblocksize)) != 0) 3542 return (error); 3543 } else if (type == DMU_OST_ZFS) { 3544 int error; 3545 3546 /* 3547 * We have to have normalization and 3548 * case-folding flags correct when we do the 3549 * file system creation, so go figure them out 3550 * now. 3551 */ 3552 VERIFY(nvlist_alloc(&zct.zct_zplprops, 3553 NV_UNIQUE_NAME, KM_SLEEP) == 0); 3554 error = zfs_fill_zplprops(fsname, nvprops, 3555 zct.zct_zplprops, &is_insensitive); 3556 if (error != 0) { 3557 nvlist_free(zct.zct_zplprops); 3558 return (error); 3559 } 3560 } 3561 3562 error = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, nvprops, 3563 hidden_args, &dcp); 3564 if (error != 0) { 3565 nvlist_free(zct.zct_zplprops); 3566 return (error); 3567 } 3568 3569 error = dmu_objset_create(fsname, type, 3570 is_insensitive ? DS_FLAG_CI_DATASET : 0, dcp, cbfunc, &zct); 3571 3572 nvlist_free(zct.zct_zplprops); 3573 dsl_crypto_params_free(dcp, !!error); 3574 3575 /* 3576 * It would be nice to do this atomically. 3577 */ 3578 if (error == 0) { 3579 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL, 3580 nvprops, outnvl); 3581 if (error != 0) { 3582 spa_t *spa; 3583 int error2; 3584 3585 /* 3586 * Volumes will return EBUSY and cannot be destroyed 3587 * until all asynchronous minor handling (e.g. from 3588 * setting the volmode property) has completed. Wait for 3589 * the spa_zvol_taskq to drain then retry. 3590 */ 3591 error2 = dsl_destroy_head(fsname); 3592 while ((error2 == EBUSY) && (type == DMU_OST_ZVOL)) { 3593 error2 = spa_open(fsname, &spa, FTAG); 3594 if (error2 == 0) { 3595 taskq_wait(spa->spa_zvol_taskq); 3596 spa_close(spa, FTAG); 3597 } 3598 error2 = dsl_destroy_head(fsname); 3599 } 3600 } 3601 } 3602 return (error); 3603 } 3604 3605 /* 3606 * innvl: { 3607 * "origin" -> name of origin snapshot 3608 * (optional) "props" -> { prop -> value } 3609 * (optional) "hidden_args" -> { "wkeydata" -> value } 3610 * raw uint8_t array of encryption wrapping key data (32 bytes) 3611 * } 3612 * 3613 * outputs: 3614 * outnvl: propname -> error code (int32) 3615 */ 3616 static const zfs_ioc_key_t zfs_keys_clone[] = { 3617 {"origin", DATA_TYPE_STRING, 0}, 3618 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 3619 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 3620 }; 3621 3622 static int 3623 zfs_ioc_clone(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3624 { 3625 int error = 0; 3626 nvlist_t *nvprops = NULL; 3627 const char *origin_name; 3628 3629 origin_name = fnvlist_lookup_string(innvl, "origin"); 3630 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops); 3631 3632 if (strchr(fsname, '@') || 3633 strchr(fsname, '%')) 3634 return (SET_ERROR(EINVAL)); 3635 3636 if (dataset_namecheck(origin_name, NULL, NULL) != 0) 3637 return (SET_ERROR(EINVAL)); 3638 3639 error = dmu_objset_clone(fsname, origin_name); 3640 3641 /* 3642 * It would be nice to do this atomically. 3643 */ 3644 if (error == 0) { 3645 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL, 3646 nvprops, outnvl); 3647 if (error != 0) 3648 (void) dsl_destroy_head(fsname); 3649 } 3650 return (error); 3651 } 3652 3653 static const zfs_ioc_key_t zfs_keys_remap[] = { 3654 /* no nvl keys */ 3655 }; 3656 3657 static int 3658 zfs_ioc_remap(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3659 { 3660 /* This IOCTL is no longer supported. */ 3661 (void) fsname, (void) innvl, (void) outnvl; 3662 return (0); 3663 } 3664 3665 /* 3666 * innvl: { 3667 * "snaps" -> { snapshot1, snapshot2 } 3668 * (optional) "props" -> { prop -> value (string) } 3669 * } 3670 * 3671 * outnvl: snapshot -> error code (int32) 3672 */ 3673 static const zfs_ioc_key_t zfs_keys_snapshot[] = { 3674 {"snaps", DATA_TYPE_NVLIST, 0}, 3675 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 3676 }; 3677 3678 static int 3679 zfs_ioc_snapshot(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3680 { 3681 nvlist_t *snaps; 3682 nvlist_t *props = NULL; 3683 int error, poollen; 3684 nvpair_t *pair; 3685 3686 (void) nvlist_lookup_nvlist(innvl, "props", &props); 3687 if (!nvlist_empty(props) && 3688 zfs_earlier_version(poolname, SPA_VERSION_SNAP_PROPS)) 3689 return (SET_ERROR(ENOTSUP)); 3690 if ((error = zfs_check_userprops(props)) != 0) 3691 return (error); 3692 3693 snaps = fnvlist_lookup_nvlist(innvl, "snaps"); 3694 poollen = strlen(poolname); 3695 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 3696 pair = nvlist_next_nvpair(snaps, pair)) { 3697 const char *name = nvpair_name(pair); 3698 char *cp = strchr(name, '@'); 3699 3700 /* 3701 * The snap name must contain an @, and the part after it must 3702 * contain only valid characters. 3703 */ 3704 if (cp == NULL || 3705 zfs_component_namecheck(cp + 1, NULL, NULL) != 0) 3706 return (SET_ERROR(EINVAL)); 3707 3708 /* 3709 * The snap must be in the specified pool. 3710 */ 3711 if (strncmp(name, poolname, poollen) != 0 || 3712 (name[poollen] != '/' && name[poollen] != '@')) 3713 return (SET_ERROR(EXDEV)); 3714 3715 /* 3716 * Check for permission to set the properties on the fs. 3717 */ 3718 if (!nvlist_empty(props)) { 3719 *cp = '\0'; 3720 error = zfs_secpolicy_write_perms(name, 3721 ZFS_DELEG_PERM_USERPROP, CRED()); 3722 *cp = '@'; 3723 if (error != 0) 3724 return (error); 3725 } 3726 3727 /* This must be the only snap of this fs. */ 3728 for (nvpair_t *pair2 = nvlist_next_nvpair(snaps, pair); 3729 pair2 != NULL; pair2 = nvlist_next_nvpair(snaps, pair2)) { 3730 if (strncmp(name, nvpair_name(pair2), cp - name + 1) 3731 == 0) { 3732 return (SET_ERROR(EXDEV)); 3733 } 3734 } 3735 } 3736 3737 error = dsl_dataset_snapshot(snaps, props, outnvl); 3738 3739 return (error); 3740 } 3741 3742 /* 3743 * innvl: "message" -> string 3744 */ 3745 static const zfs_ioc_key_t zfs_keys_log_history[] = { 3746 {"message", DATA_TYPE_STRING, 0}, 3747 }; 3748 3749 static int 3750 zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl) 3751 { 3752 (void) unused, (void) outnvl; 3753 const char *message; 3754 char *poolname; 3755 spa_t *spa; 3756 int error; 3757 3758 /* 3759 * The poolname in the ioctl is not set, we get it from the TSD, 3760 * which was set at the end of the last successful ioctl that allows 3761 * logging. The secpolicy func already checked that it is set. 3762 * Only one log ioctl is allowed after each successful ioctl, so 3763 * we clear the TSD here. 3764 */ 3765 poolname = tsd_get(zfs_allow_log_key); 3766 if (poolname == NULL) 3767 return (SET_ERROR(EINVAL)); 3768 (void) tsd_set(zfs_allow_log_key, NULL); 3769 error = spa_open(poolname, &spa, FTAG); 3770 kmem_strfree(poolname); 3771 if (error != 0) 3772 return (error); 3773 3774 message = fnvlist_lookup_string(innvl, "message"); 3775 3776 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) { 3777 spa_close(spa, FTAG); 3778 return (SET_ERROR(ENOTSUP)); 3779 } 3780 3781 error = spa_history_log(spa, message); 3782 spa_close(spa, FTAG); 3783 return (error); 3784 } 3785 3786 /* 3787 * This ioctl is used to set the bootenv configuration on the current 3788 * pool. This configuration is stored in the second padding area of the label, 3789 * and it is used by the bootloader(s) to store the bootloader and/or system 3790 * specific data. 3791 * The data is stored as nvlist data stream, and is protected by 3792 * an embedded checksum. 3793 * The version can have two possible values: 3794 * VB_RAW: nvlist should have key GRUB_ENVMAP, value DATA_TYPE_STRING. 3795 * VB_NVLIST: nvlist with arbitrary <key, value> pairs. 3796 */ 3797 static const zfs_ioc_key_t zfs_keys_set_bootenv[] = { 3798 {"version", DATA_TYPE_UINT64, 0}, 3799 {"<keys>", DATA_TYPE_ANY, ZK_OPTIONAL | ZK_WILDCARDLIST}, 3800 }; 3801 3802 static int 3803 zfs_ioc_set_bootenv(const char *name, nvlist_t *innvl, nvlist_t *outnvl) 3804 { 3805 int error; 3806 spa_t *spa; 3807 3808 if ((error = spa_open(name, &spa, FTAG)) != 0) 3809 return (error); 3810 spa_vdev_state_enter(spa, SCL_ALL); 3811 error = vdev_label_write_bootenv(spa->spa_root_vdev, innvl); 3812 (void) spa_vdev_state_exit(spa, NULL, 0); 3813 spa_close(spa, FTAG); 3814 return (error); 3815 } 3816 3817 static const zfs_ioc_key_t zfs_keys_get_bootenv[] = { 3818 /* no nvl keys */ 3819 }; 3820 3821 static int 3822 zfs_ioc_get_bootenv(const char *name, nvlist_t *innvl, nvlist_t *outnvl) 3823 { 3824 spa_t *spa; 3825 int error; 3826 3827 if ((error = spa_open(name, &spa, FTAG)) != 0) 3828 return (error); 3829 spa_vdev_state_enter(spa, SCL_ALL); 3830 error = vdev_label_read_bootenv(spa->spa_root_vdev, outnvl); 3831 (void) spa_vdev_state_exit(spa, NULL, 0); 3832 spa_close(spa, FTAG); 3833 return (error); 3834 } 3835 3836 /* 3837 * The dp_config_rwlock must not be held when calling this, because the 3838 * unmount may need to write out data. 3839 * 3840 * This function is best-effort. Callers must deal gracefully if it 3841 * remains mounted (or is remounted after this call). 3842 * 3843 * Returns 0 if the argument is not a snapshot, or it is not currently a 3844 * filesystem, or we were able to unmount it. Returns error code otherwise. 3845 */ 3846 void 3847 zfs_unmount_snap(const char *snapname) 3848 { 3849 if (strchr(snapname, '@') == NULL) 3850 return; 3851 3852 (void) zfsctl_snapshot_unmount(snapname, MNT_FORCE); 3853 } 3854 3855 static int 3856 zfs_unmount_snap_cb(const char *snapname, void *arg) 3857 { 3858 (void) arg; 3859 zfs_unmount_snap(snapname); 3860 return (0); 3861 } 3862 3863 /* 3864 * When a clone is destroyed, its origin may also need to be destroyed, 3865 * in which case it must be unmounted. This routine will do that unmount 3866 * if necessary. 3867 */ 3868 void 3869 zfs_destroy_unmount_origin(const char *fsname) 3870 { 3871 int error; 3872 objset_t *os; 3873 dsl_dataset_t *ds; 3874 3875 error = dmu_objset_hold(fsname, FTAG, &os); 3876 if (error != 0) 3877 return; 3878 ds = dmu_objset_ds(os); 3879 if (dsl_dir_is_clone(ds->ds_dir) && DS_IS_DEFER_DESTROY(ds->ds_prev)) { 3880 char originname[ZFS_MAX_DATASET_NAME_LEN]; 3881 dsl_dataset_name(ds->ds_prev, originname); 3882 dmu_objset_rele(os, FTAG); 3883 zfs_unmount_snap(originname); 3884 } else { 3885 dmu_objset_rele(os, FTAG); 3886 } 3887 } 3888 3889 /* 3890 * innvl: { 3891 * "snaps" -> { snapshot1, snapshot2 } 3892 * (optional boolean) "defer" 3893 * } 3894 * 3895 * outnvl: snapshot -> error code (int32) 3896 */ 3897 static const zfs_ioc_key_t zfs_keys_destroy_snaps[] = { 3898 {"snaps", DATA_TYPE_NVLIST, 0}, 3899 {"defer", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 3900 }; 3901 3902 static int 3903 zfs_ioc_destroy_snaps(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3904 { 3905 int poollen; 3906 nvlist_t *snaps; 3907 nvpair_t *pair; 3908 boolean_t defer; 3909 spa_t *spa; 3910 3911 snaps = fnvlist_lookup_nvlist(innvl, "snaps"); 3912 defer = nvlist_exists(innvl, "defer"); 3913 3914 poollen = strlen(poolname); 3915 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 3916 pair = nvlist_next_nvpair(snaps, pair)) { 3917 const char *name = nvpair_name(pair); 3918 3919 /* 3920 * The snap must be in the specified pool to prevent the 3921 * invalid removal of zvol minors below. 3922 */ 3923 if (strncmp(name, poolname, poollen) != 0 || 3924 (name[poollen] != '/' && name[poollen] != '@')) 3925 return (SET_ERROR(EXDEV)); 3926 3927 zfs_unmount_snap(nvpair_name(pair)); 3928 if (spa_open(name, &spa, FTAG) == 0) { 3929 zvol_remove_minors(spa, name, B_TRUE); 3930 spa_close(spa, FTAG); 3931 } 3932 } 3933 3934 return (dsl_destroy_snapshots_nvl(snaps, defer, outnvl)); 3935 } 3936 3937 /* 3938 * Create bookmarks. The bookmark names are of the form <fs>#<bmark>. 3939 * All bookmarks and snapshots must be in the same pool. 3940 * dsl_bookmark_create_nvl_validate describes the nvlist schema in more detail. 3941 * 3942 * innvl: { 3943 * new_bookmark1 -> existing_snapshot, 3944 * new_bookmark2 -> existing_bookmark, 3945 * } 3946 * 3947 * outnvl: bookmark -> error code (int32) 3948 * 3949 */ 3950 static const zfs_ioc_key_t zfs_keys_bookmark[] = { 3951 {"<bookmark>...", DATA_TYPE_STRING, ZK_WILDCARDLIST}, 3952 }; 3953 3954 static int 3955 zfs_ioc_bookmark(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3956 { 3957 (void) poolname; 3958 return (dsl_bookmark_create(innvl, outnvl)); 3959 } 3960 3961 /* 3962 * innvl: { 3963 * property 1, property 2, ... 3964 * } 3965 * 3966 * outnvl: { 3967 * bookmark name 1 -> { property 1, property 2, ... }, 3968 * bookmark name 2 -> { property 1, property 2, ... } 3969 * } 3970 * 3971 */ 3972 static const zfs_ioc_key_t zfs_keys_get_bookmarks[] = { 3973 {"<property>...", DATA_TYPE_BOOLEAN, ZK_WILDCARDLIST | ZK_OPTIONAL}, 3974 }; 3975 3976 static int 3977 zfs_ioc_get_bookmarks(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3978 { 3979 return (dsl_get_bookmarks(fsname, innvl, outnvl)); 3980 } 3981 3982 /* 3983 * innvl is not used. 3984 * 3985 * outnvl: { 3986 * property 1, property 2, ... 3987 * } 3988 * 3989 */ 3990 static const zfs_ioc_key_t zfs_keys_get_bookmark_props[] = { 3991 /* no nvl keys */ 3992 }; 3993 3994 static int 3995 zfs_ioc_get_bookmark_props(const char *bookmark, nvlist_t *innvl, 3996 nvlist_t *outnvl) 3997 { 3998 (void) innvl; 3999 char fsname[ZFS_MAX_DATASET_NAME_LEN]; 4000 char *bmname; 4001 4002 bmname = strchr(bookmark, '#'); 4003 if (bmname == NULL) 4004 return (SET_ERROR(EINVAL)); 4005 bmname++; 4006 4007 (void) strlcpy(fsname, bookmark, sizeof (fsname)); 4008 *(strchr(fsname, '#')) = '\0'; 4009 4010 return (dsl_get_bookmark_props(fsname, bmname, outnvl)); 4011 } 4012 4013 /* 4014 * innvl: { 4015 * bookmark name 1, bookmark name 2 4016 * } 4017 * 4018 * outnvl: bookmark -> error code (int32) 4019 * 4020 */ 4021 static const zfs_ioc_key_t zfs_keys_destroy_bookmarks[] = { 4022 {"<bookmark>...", DATA_TYPE_BOOLEAN, ZK_WILDCARDLIST}, 4023 }; 4024 4025 static int 4026 zfs_ioc_destroy_bookmarks(const char *poolname, nvlist_t *innvl, 4027 nvlist_t *outnvl) 4028 { 4029 int error, poollen; 4030 4031 poollen = strlen(poolname); 4032 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL); 4033 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) { 4034 const char *name = nvpair_name(pair); 4035 const char *cp = strchr(name, '#'); 4036 4037 /* 4038 * The bookmark name must contain an #, and the part after it 4039 * must contain only valid characters. 4040 */ 4041 if (cp == NULL || 4042 zfs_component_namecheck(cp + 1, NULL, NULL) != 0) 4043 return (SET_ERROR(EINVAL)); 4044 4045 /* 4046 * The bookmark must be in the specified pool. 4047 */ 4048 if (strncmp(name, poolname, poollen) != 0 || 4049 (name[poollen] != '/' && name[poollen] != '#')) 4050 return (SET_ERROR(EXDEV)); 4051 } 4052 4053 error = dsl_bookmark_destroy(innvl, outnvl); 4054 return (error); 4055 } 4056 4057 static const zfs_ioc_key_t zfs_keys_channel_program[] = { 4058 {"program", DATA_TYPE_STRING, 0}, 4059 {"arg", DATA_TYPE_ANY, 0}, 4060 {"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL}, 4061 {"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL}, 4062 {"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL}, 4063 }; 4064 4065 static int 4066 zfs_ioc_channel_program(const char *poolname, nvlist_t *innvl, 4067 nvlist_t *outnvl) 4068 { 4069 const char *program; 4070 uint64_t instrlimit, memlimit; 4071 boolean_t sync_flag; 4072 nvpair_t *nvarg = NULL; 4073 4074 program = fnvlist_lookup_string(innvl, ZCP_ARG_PROGRAM); 4075 if (0 != nvlist_lookup_boolean_value(innvl, ZCP_ARG_SYNC, &sync_flag)) { 4076 sync_flag = B_TRUE; 4077 } 4078 if (0 != nvlist_lookup_uint64(innvl, ZCP_ARG_INSTRLIMIT, &instrlimit)) { 4079 instrlimit = ZCP_DEFAULT_INSTRLIMIT; 4080 } 4081 if (0 != nvlist_lookup_uint64(innvl, ZCP_ARG_MEMLIMIT, &memlimit)) { 4082 memlimit = ZCP_DEFAULT_MEMLIMIT; 4083 } 4084 nvarg = fnvlist_lookup_nvpair(innvl, ZCP_ARG_ARGLIST); 4085 4086 if (instrlimit == 0 || instrlimit > zfs_lua_max_instrlimit) 4087 return (SET_ERROR(EINVAL)); 4088 if (memlimit == 0 || memlimit > zfs_lua_max_memlimit) 4089 return (SET_ERROR(EINVAL)); 4090 4091 return (zcp_eval(poolname, program, sync_flag, instrlimit, memlimit, 4092 nvarg, outnvl)); 4093 } 4094 4095 /* 4096 * innvl: unused 4097 * outnvl: empty 4098 */ 4099 static const zfs_ioc_key_t zfs_keys_pool_checkpoint[] = { 4100 /* no nvl keys */ 4101 }; 4102 4103 static int 4104 zfs_ioc_pool_checkpoint(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 4105 { 4106 (void) innvl, (void) outnvl; 4107 return (spa_checkpoint(poolname)); 4108 } 4109 4110 /* 4111 * innvl: unused 4112 * outnvl: empty 4113 */ 4114 static const zfs_ioc_key_t zfs_keys_pool_discard_checkpoint[] = { 4115 /* no nvl keys */ 4116 }; 4117 4118 static int 4119 zfs_ioc_pool_discard_checkpoint(const char *poolname, nvlist_t *innvl, 4120 nvlist_t *outnvl) 4121 { 4122 (void) innvl, (void) outnvl; 4123 return (spa_checkpoint_discard(poolname)); 4124 } 4125 4126 /* 4127 * Loads specific types of data for the given pool 4128 * 4129 * innvl: { 4130 * "prefetch_type" -> int32_t 4131 * } 4132 * 4133 * outnvl: empty 4134 */ 4135 static const zfs_ioc_key_t zfs_keys_pool_prefetch[] = { 4136 {ZPOOL_PREFETCH_TYPE, DATA_TYPE_INT32, 0}, 4137 }; 4138 4139 static int 4140 zfs_ioc_pool_prefetch(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 4141 { 4142 (void) outnvl; 4143 4144 int error; 4145 spa_t *spa; 4146 int32_t type; 4147 4148 /* 4149 * Currently, only ZPOOL_PREFETCH_DDT is supported 4150 */ 4151 if (nvlist_lookup_int32(innvl, ZPOOL_PREFETCH_TYPE, &type) != 0 || 4152 type != ZPOOL_PREFETCH_DDT) { 4153 return (EINVAL); 4154 } 4155 4156 error = spa_open(poolname, &spa, FTAG); 4157 if (error != 0) 4158 return (error); 4159 4160 hrtime_t start_time = gethrtime(); 4161 4162 ddt_prefetch_all(spa); 4163 4164 zfs_dbgmsg("pool '%s': loaded ddt into ARC in %llu ms", spa->spa_name, 4165 (u_longlong_t)NSEC2MSEC(gethrtime() - start_time)); 4166 4167 spa_close(spa, FTAG); 4168 4169 return (error); 4170 } 4171 4172 /* 4173 * inputs: 4174 * zc_name name of dataset to destroy 4175 * zc_defer_destroy mark for deferred destroy 4176 * 4177 * outputs: none 4178 */ 4179 static int 4180 zfs_ioc_destroy(zfs_cmd_t *zc) 4181 { 4182 objset_t *os; 4183 dmu_objset_type_t ost; 4184 int err; 4185 4186 err = dmu_objset_hold(zc->zc_name, FTAG, &os); 4187 if (err != 0) 4188 return (err); 4189 ost = dmu_objset_type(os); 4190 dmu_objset_rele(os, FTAG); 4191 4192 if (ost == DMU_OST_ZFS) 4193 zfs_unmount_snap(zc->zc_name); 4194 4195 if (strchr(zc->zc_name, '@')) { 4196 err = dsl_destroy_snapshot(zc->zc_name, zc->zc_defer_destroy); 4197 } else { 4198 err = dsl_destroy_head(zc->zc_name); 4199 if (err == EEXIST) { 4200 /* 4201 * It is possible that the given DS may have 4202 * hidden child (%recv) datasets - "leftovers" 4203 * resulting from the previously interrupted 4204 * 'zfs receive'. 4205 * 4206 * 6 extra bytes for /%recv 4207 */ 4208 char namebuf[ZFS_MAX_DATASET_NAME_LEN + 6]; 4209 4210 if (snprintf(namebuf, sizeof (namebuf), "%s/%s", 4211 zc->zc_name, recv_clone_name) >= 4212 sizeof (namebuf)) 4213 return (SET_ERROR(EINVAL)); 4214 4215 /* 4216 * Try to remove the hidden child (%recv) and after 4217 * that try to remove the target dataset. 4218 * If the hidden child (%recv) does not exist 4219 * the original error (EEXIST) will be returned 4220 */ 4221 err = dsl_destroy_head(namebuf); 4222 if (err == 0) 4223 err = dsl_destroy_head(zc->zc_name); 4224 else if (err == ENOENT) 4225 err = SET_ERROR(EEXIST); 4226 } 4227 } 4228 4229 return (err); 4230 } 4231 4232 /* 4233 * innvl: { 4234 * "initialize_command" -> POOL_INITIALIZE_{CANCEL|START|SUSPEND} (uint64) 4235 * "initialize_vdevs": { -> guids to initialize (nvlist) 4236 * "vdev_path_1": vdev_guid_1, (uint64), 4237 * "vdev_path_2": vdev_guid_2, (uint64), 4238 * ... 4239 * }, 4240 * } 4241 * 4242 * outnvl: { 4243 * "initialize_vdevs": { -> initialization errors (nvlist) 4244 * "vdev_path_1": errno, see function body for possible errnos (uint64) 4245 * "vdev_path_2": errno, ... (uint64) 4246 * ... 4247 * } 4248 * } 4249 * 4250 * EINVAL is returned for an unknown commands or if any of the provided vdev 4251 * guids have be specified with a type other than uint64. 4252 */ 4253 static const zfs_ioc_key_t zfs_keys_pool_initialize[] = { 4254 {ZPOOL_INITIALIZE_COMMAND, DATA_TYPE_UINT64, 0}, 4255 {ZPOOL_INITIALIZE_VDEVS, DATA_TYPE_NVLIST, 0} 4256 }; 4257 4258 static int 4259 zfs_ioc_pool_initialize(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 4260 { 4261 uint64_t cmd_type; 4262 if (nvlist_lookup_uint64(innvl, ZPOOL_INITIALIZE_COMMAND, 4263 &cmd_type) != 0) { 4264 return (SET_ERROR(EINVAL)); 4265 } 4266 4267 if (!(cmd_type == POOL_INITIALIZE_CANCEL || 4268 cmd_type == POOL_INITIALIZE_START || 4269 cmd_type == POOL_INITIALIZE_SUSPEND || 4270 cmd_type == POOL_INITIALIZE_UNINIT)) { 4271 return (SET_ERROR(EINVAL)); 4272 } 4273 4274 nvlist_t *vdev_guids; 4275 if (nvlist_lookup_nvlist(innvl, ZPOOL_INITIALIZE_VDEVS, 4276 &vdev_guids) != 0) { 4277 return (SET_ERROR(EINVAL)); 4278 } 4279 4280 for (nvpair_t *pair = nvlist_next_nvpair(vdev_guids, NULL); 4281 pair != NULL; pair = nvlist_next_nvpair(vdev_guids, pair)) { 4282 uint64_t vdev_guid; 4283 if (nvpair_value_uint64(pair, &vdev_guid) != 0) { 4284 return (SET_ERROR(EINVAL)); 4285 } 4286 } 4287 4288 spa_t *spa; 4289 int error = spa_open(poolname, &spa, FTAG); 4290 if (error != 0) 4291 return (error); 4292 4293 nvlist_t *vdev_errlist = fnvlist_alloc(); 4294 int total_errors = spa_vdev_initialize(spa, vdev_guids, cmd_type, 4295 vdev_errlist); 4296 4297 if (fnvlist_size(vdev_errlist) > 0) { 4298 fnvlist_add_nvlist(outnvl, ZPOOL_INITIALIZE_VDEVS, 4299 vdev_errlist); 4300 } 4301 fnvlist_free(vdev_errlist); 4302 4303 spa_close(spa, FTAG); 4304 return (total_errors > 0 ? SET_ERROR(EINVAL) : 0); 4305 } 4306 4307 /* 4308 * innvl: { 4309 * "trim_command" -> POOL_TRIM_{CANCEL|START|SUSPEND} (uint64) 4310 * "trim_vdevs": { -> guids to TRIM (nvlist) 4311 * "vdev_path_1": vdev_guid_1, (uint64), 4312 * "vdev_path_2": vdev_guid_2, (uint64), 4313 * ... 4314 * }, 4315 * "trim_rate" -> Target TRIM rate in bytes/sec. 4316 * "trim_secure" -> Set to request a secure TRIM. 4317 * } 4318 * 4319 * outnvl: { 4320 * "trim_vdevs": { -> TRIM errors (nvlist) 4321 * "vdev_path_1": errno, see function body for possible errnos (uint64) 4322 * "vdev_path_2": errno, ... (uint64) 4323 * ... 4324 * } 4325 * } 4326 * 4327 * EINVAL is returned for an unknown commands or if any of the provided vdev 4328 * guids have be specified with a type other than uint64. 4329 */ 4330 static const zfs_ioc_key_t zfs_keys_pool_trim[] = { 4331 {ZPOOL_TRIM_COMMAND, DATA_TYPE_UINT64, 0}, 4332 {ZPOOL_TRIM_VDEVS, DATA_TYPE_NVLIST, 0}, 4333 {ZPOOL_TRIM_RATE, DATA_TYPE_UINT64, ZK_OPTIONAL}, 4334 {ZPOOL_TRIM_SECURE, DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL}, 4335 }; 4336 4337 static int 4338 zfs_ioc_pool_trim(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 4339 { 4340 uint64_t cmd_type; 4341 if (nvlist_lookup_uint64(innvl, ZPOOL_TRIM_COMMAND, &cmd_type) != 0) 4342 return (SET_ERROR(EINVAL)); 4343 4344 if (!(cmd_type == POOL_TRIM_CANCEL || 4345 cmd_type == POOL_TRIM_START || 4346 cmd_type == POOL_TRIM_SUSPEND)) { 4347 return (SET_ERROR(EINVAL)); 4348 } 4349 4350 nvlist_t *vdev_guids; 4351 if (nvlist_lookup_nvlist(innvl, ZPOOL_TRIM_VDEVS, &vdev_guids) != 0) 4352 return (SET_ERROR(EINVAL)); 4353 4354 for (nvpair_t *pair = nvlist_next_nvpair(vdev_guids, NULL); 4355 pair != NULL; pair = nvlist_next_nvpair(vdev_guids, pair)) { 4356 uint64_t vdev_guid; 4357 if (nvpair_value_uint64(pair, &vdev_guid) != 0) { 4358 return (SET_ERROR(EINVAL)); 4359 } 4360 } 4361 4362 /* Optional, defaults to maximum rate when not provided */ 4363 uint64_t rate; 4364 if (nvlist_lookup_uint64(innvl, ZPOOL_TRIM_RATE, &rate) != 0) 4365 rate = 0; 4366 4367 /* Optional, defaults to standard TRIM when not provided */ 4368 boolean_t secure; 4369 if (nvlist_lookup_boolean_value(innvl, ZPOOL_TRIM_SECURE, 4370 &secure) != 0) { 4371 secure = B_FALSE; 4372 } 4373 4374 spa_t *spa; 4375 int error = spa_open(poolname, &spa, FTAG); 4376 if (error != 0) 4377 return (error); 4378 4379 nvlist_t *vdev_errlist = fnvlist_alloc(); 4380 int total_errors = spa_vdev_trim(spa, vdev_guids, cmd_type, 4381 rate, !!zfs_trim_metaslab_skip, secure, vdev_errlist); 4382 4383 if (fnvlist_size(vdev_errlist) > 0) 4384 fnvlist_add_nvlist(outnvl, ZPOOL_TRIM_VDEVS, vdev_errlist); 4385 4386 fnvlist_free(vdev_errlist); 4387 4388 spa_close(spa, FTAG); 4389 return (total_errors > 0 ? SET_ERROR(EINVAL) : 0); 4390 } 4391 4392 #define DDT_PRUNE_UNIT "ddt_prune_unit" 4393 #define DDT_PRUNE_AMOUNT "ddt_prune_amount" 4394 4395 /* 4396 * innvl: { 4397 * "ddt_prune_unit" -> uint32_t 4398 * "ddt_prune_amount" -> uint64_t 4399 * } 4400 * 4401 * outnvl: "waited" -> boolean_t 4402 */ 4403 static const zfs_ioc_key_t zfs_keys_ddt_prune[] = { 4404 {DDT_PRUNE_UNIT, DATA_TYPE_INT32, 0}, 4405 {DDT_PRUNE_AMOUNT, DATA_TYPE_UINT64, 0}, 4406 }; 4407 4408 static int 4409 zfs_ioc_ddt_prune(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 4410 { 4411 int32_t unit; 4412 uint64_t amount; 4413 4414 if (nvlist_lookup_int32(innvl, DDT_PRUNE_UNIT, &unit) != 0 || 4415 nvlist_lookup_uint64(innvl, DDT_PRUNE_AMOUNT, &amount) != 0) { 4416 return (EINVAL); 4417 } 4418 4419 spa_t *spa; 4420 int error = spa_open(poolname, &spa, FTAG); 4421 if (error != 0) 4422 return (error); 4423 4424 if (!spa_feature_is_enabled(spa, SPA_FEATURE_FAST_DEDUP)) { 4425 spa_close(spa, FTAG); 4426 return (SET_ERROR(ENOTSUP)); 4427 } 4428 4429 error = ddt_prune_unique_entries(spa, (zpool_ddt_prune_unit_t)unit, 4430 amount); 4431 4432 spa_close(spa, FTAG); 4433 4434 return (error); 4435 } 4436 4437 /* 4438 * This ioctl waits for activity of a particular type to complete. If there is 4439 * no activity of that type in progress, it returns immediately, and the 4440 * returned value "waited" is false. If there is activity in progress, and no 4441 * tag is passed in, the ioctl blocks until all activity of that type is 4442 * complete, and then returns with "waited" set to true. 4443 * 4444 * If a tag is provided, it identifies a particular instance of an activity to 4445 * wait for. Currently, this is only valid for use with 'initialize', because 4446 * that is the only activity for which there can be multiple instances running 4447 * concurrently. In the case of 'initialize', the tag corresponds to the guid of 4448 * the vdev on which to wait. 4449 * 4450 * If a thread waiting in the ioctl receives a signal, the call will return 4451 * immediately, and the return value will be EINTR. 4452 * 4453 * innvl: { 4454 * "wait_activity" -> int32_t 4455 * (optional) "wait_tag" -> uint64_t 4456 * } 4457 * 4458 * outnvl: "waited" -> boolean_t 4459 */ 4460 static const zfs_ioc_key_t zfs_keys_pool_wait[] = { 4461 {ZPOOL_WAIT_ACTIVITY, DATA_TYPE_INT32, 0}, 4462 {ZPOOL_WAIT_TAG, DATA_TYPE_UINT64, ZK_OPTIONAL}, 4463 }; 4464 4465 static int 4466 zfs_ioc_wait(const char *name, nvlist_t *innvl, nvlist_t *outnvl) 4467 { 4468 int32_t activity; 4469 uint64_t tag; 4470 boolean_t waited; 4471 int error; 4472 4473 if (nvlist_lookup_int32(innvl, ZPOOL_WAIT_ACTIVITY, &activity) != 0) 4474 return (EINVAL); 4475 4476 if (nvlist_lookup_uint64(innvl, ZPOOL_WAIT_TAG, &tag) == 0) 4477 error = spa_wait_tag(name, activity, tag, &waited); 4478 else 4479 error = spa_wait(name, activity, &waited); 4480 4481 if (error == 0) 4482 fnvlist_add_boolean_value(outnvl, ZPOOL_WAIT_WAITED, waited); 4483 4484 return (error); 4485 } 4486 4487 /* 4488 * This ioctl waits for activity of a particular type to complete. If there is 4489 * no activity of that type in progress, it returns immediately, and the 4490 * returned value "waited" is false. If there is activity in progress, and no 4491 * tag is passed in, the ioctl blocks until all activity of that type is 4492 * complete, and then returns with "waited" set to true. 4493 * 4494 * If a thread waiting in the ioctl receives a signal, the call will return 4495 * immediately, and the return value will be EINTR. 4496 * 4497 * innvl: { 4498 * "wait_activity" -> int32_t 4499 * } 4500 * 4501 * outnvl: "waited" -> boolean_t 4502 */ 4503 static const zfs_ioc_key_t zfs_keys_fs_wait[] = { 4504 {ZFS_WAIT_ACTIVITY, DATA_TYPE_INT32, 0}, 4505 }; 4506 4507 static int 4508 zfs_ioc_wait_fs(const char *name, nvlist_t *innvl, nvlist_t *outnvl) 4509 { 4510 int32_t activity; 4511 boolean_t waited = B_FALSE; 4512 int error; 4513 dsl_pool_t *dp; 4514 dsl_dir_t *dd; 4515 dsl_dataset_t *ds; 4516 4517 if (nvlist_lookup_int32(innvl, ZFS_WAIT_ACTIVITY, &activity) != 0) 4518 return (SET_ERROR(EINVAL)); 4519 4520 if (activity >= ZFS_WAIT_NUM_ACTIVITIES || activity < 0) 4521 return (SET_ERROR(EINVAL)); 4522 4523 if ((error = dsl_pool_hold(name, FTAG, &dp)) != 0) 4524 return (error); 4525 4526 if ((error = dsl_dataset_hold(dp, name, FTAG, &ds)) != 0) { 4527 dsl_pool_rele(dp, FTAG); 4528 return (error); 4529 } 4530 4531 dd = ds->ds_dir; 4532 mutex_enter(&dd->dd_activity_lock); 4533 dd->dd_activity_waiters++; 4534 4535 /* 4536 * We get a long-hold here so that the dsl_dataset_t and dsl_dir_t 4537 * aren't evicted while we're waiting. Normally this is prevented by 4538 * holding the pool, but we can't do that while we're waiting since 4539 * that would prevent TXGs from syncing out. Some of the functionality 4540 * of long-holds (e.g. preventing deletion) is unnecessary for this 4541 * case, since we would cancel the waiters before proceeding with a 4542 * deletion. An alternative mechanism for keeping the dataset around 4543 * could be developed but this is simpler. 4544 */ 4545 dsl_dataset_long_hold(ds, FTAG); 4546 dsl_pool_rele(dp, FTAG); 4547 4548 error = dsl_dir_wait(dd, ds, activity, &waited); 4549 4550 dsl_dataset_long_rele(ds, FTAG); 4551 dd->dd_activity_waiters--; 4552 if (dd->dd_activity_waiters == 0) 4553 cv_signal(&dd->dd_activity_cv); 4554 mutex_exit(&dd->dd_activity_lock); 4555 4556 dsl_dataset_rele(ds, FTAG); 4557 4558 if (error == 0) 4559 fnvlist_add_boolean_value(outnvl, ZFS_WAIT_WAITED, waited); 4560 4561 return (error); 4562 } 4563 4564 /* 4565 * fsname is name of dataset to rollback (to most recent snapshot) 4566 * 4567 * innvl may contain name of expected target snapshot 4568 * 4569 * outnvl: "target" -> name of most recent snapshot 4570 * } 4571 */ 4572 static const zfs_ioc_key_t zfs_keys_rollback[] = { 4573 {"target", DATA_TYPE_STRING, ZK_OPTIONAL}, 4574 }; 4575 4576 static int 4577 zfs_ioc_rollback(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 4578 { 4579 zfsvfs_t *zfsvfs; 4580 zvol_state_handle_t *zv; 4581 const char *target = NULL; 4582 int error; 4583 4584 (void) nvlist_lookup_string(innvl, "target", &target); 4585 if (target != NULL) { 4586 const char *cp = strchr(target, '@'); 4587 4588 /* 4589 * The snap name must contain an @, and the part after it must 4590 * contain only valid characters. 4591 */ 4592 if (cp == NULL || 4593 zfs_component_namecheck(cp + 1, NULL, NULL) != 0) 4594 return (SET_ERROR(EINVAL)); 4595 } 4596 4597 if (getzfsvfs(fsname, &zfsvfs) == 0) { 4598 dsl_dataset_t *ds; 4599 4600 ds = dmu_objset_ds(zfsvfs->z_os); 4601 error = zfs_suspend_fs(zfsvfs); 4602 if (error == 0) { 4603 int resume_err; 4604 4605 error = dsl_dataset_rollback(fsname, target, zfsvfs, 4606 outnvl); 4607 resume_err = zfs_resume_fs(zfsvfs, ds); 4608 error = error ? error : resume_err; 4609 } 4610 zfs_vfs_rele(zfsvfs); 4611 } else if ((zv = zvol_suspend(fsname)) != NULL) { 4612 error = dsl_dataset_rollback(fsname, target, zvol_tag(zv), 4613 outnvl); 4614 zvol_resume(zv); 4615 } else { 4616 error = dsl_dataset_rollback(fsname, target, NULL, outnvl); 4617 } 4618 return (error); 4619 } 4620 4621 static int 4622 recursive_unmount(const char *fsname, void *arg) 4623 { 4624 const char *snapname = arg; 4625 char *fullname; 4626 4627 fullname = kmem_asprintf("%s@%s", fsname, snapname); 4628 zfs_unmount_snap(fullname); 4629 kmem_strfree(fullname); 4630 4631 return (0); 4632 } 4633 4634 /* 4635 * 4636 * snapname is the snapshot to redact. 4637 * innvl: { 4638 * "bookname" -> (string) 4639 * shortname of the redaction bookmark to generate 4640 * "snapnv" -> (nvlist, values ignored) 4641 * snapshots to redact snapname with respect to 4642 * } 4643 * 4644 * outnvl is unused 4645 */ 4646 4647 static const zfs_ioc_key_t zfs_keys_redact[] = { 4648 {"bookname", DATA_TYPE_STRING, 0}, 4649 {"snapnv", DATA_TYPE_NVLIST, 0}, 4650 }; 4651 4652 static int 4653 zfs_ioc_redact(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl) 4654 { 4655 (void) outnvl; 4656 nvlist_t *redactnvl = NULL; 4657 const char *redactbook = NULL; 4658 4659 if (nvlist_lookup_nvlist(innvl, "snapnv", &redactnvl) != 0) 4660 return (SET_ERROR(EINVAL)); 4661 if (fnvlist_num_pairs(redactnvl) == 0) 4662 return (SET_ERROR(ENXIO)); 4663 if (nvlist_lookup_string(innvl, "bookname", &redactbook) != 0) 4664 return (SET_ERROR(EINVAL)); 4665 4666 return (dmu_redact_snap(snapname, redactnvl, redactbook)); 4667 } 4668 4669 /* 4670 * inputs: 4671 * zc_name old name of dataset 4672 * zc_value new name of dataset 4673 * zc_cookie recursive flag (only valid for snapshots) 4674 * 4675 * outputs: none 4676 */ 4677 static int 4678 zfs_ioc_rename(zfs_cmd_t *zc) 4679 { 4680 objset_t *os; 4681 dmu_objset_type_t ost; 4682 boolean_t recursive = zc->zc_cookie & 1; 4683 boolean_t nounmount = !!(zc->zc_cookie & 2); 4684 char *at; 4685 int err; 4686 4687 /* "zfs rename" from and to ...%recv datasets should both fail */ 4688 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0'; 4689 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0'; 4690 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0 || 4691 dataset_namecheck(zc->zc_value, NULL, NULL) != 0 || 4692 strchr(zc->zc_name, '%') || strchr(zc->zc_value, '%')) 4693 return (SET_ERROR(EINVAL)); 4694 4695 err = dmu_objset_hold(zc->zc_name, FTAG, &os); 4696 if (err != 0) 4697 return (err); 4698 ost = dmu_objset_type(os); 4699 dmu_objset_rele(os, FTAG); 4700 4701 at = strchr(zc->zc_name, '@'); 4702 if (at != NULL) { 4703 /* snaps must be in same fs */ 4704 int error; 4705 4706 if (strncmp(zc->zc_name, zc->zc_value, at - zc->zc_name + 1)) 4707 return (SET_ERROR(EXDEV)); 4708 *at = '\0'; 4709 if (ost == DMU_OST_ZFS && !nounmount) { 4710 error = dmu_objset_find(zc->zc_name, 4711 recursive_unmount, at + 1, 4712 recursive ? DS_FIND_CHILDREN : 0); 4713 if (error != 0) { 4714 *at = '@'; 4715 return (error); 4716 } 4717 } 4718 error = dsl_dataset_rename_snapshot(zc->zc_name, 4719 at + 1, strchr(zc->zc_value, '@') + 1, recursive); 4720 *at = '@'; 4721 4722 return (error); 4723 } else { 4724 return (dsl_dir_rename(zc->zc_name, zc->zc_value)); 4725 } 4726 } 4727 4728 static int 4729 zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr) 4730 { 4731 const char *propname = nvpair_name(pair); 4732 boolean_t issnap = (strchr(dsname, '@') != NULL); 4733 zfs_prop_t prop = zfs_name_to_prop(propname); 4734 uint64_t intval, compval; 4735 int err; 4736 4737 if (prop == ZPROP_USERPROP) { 4738 if (zfs_prop_user(propname)) { 4739 if ((err = zfs_secpolicy_write_perms(dsname, 4740 ZFS_DELEG_PERM_USERPROP, cr))) 4741 return (err); 4742 return (0); 4743 } 4744 4745 if (!issnap && zfs_prop_userquota(propname)) { 4746 const char *perm = NULL; 4747 const char *uq_prefix = 4748 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA]; 4749 const char *gq_prefix = 4750 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA]; 4751 const char *uiq_prefix = 4752 zfs_userquota_prop_prefixes[ZFS_PROP_USEROBJQUOTA]; 4753 const char *giq_prefix = 4754 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPOBJQUOTA]; 4755 const char *pq_prefix = 4756 zfs_userquota_prop_prefixes[ZFS_PROP_PROJECTQUOTA]; 4757 const char *piq_prefix = zfs_userquota_prop_prefixes[\ 4758 ZFS_PROP_PROJECTOBJQUOTA]; 4759 4760 if (strncmp(propname, uq_prefix, 4761 strlen(uq_prefix)) == 0) { 4762 perm = ZFS_DELEG_PERM_USERQUOTA; 4763 } else if (strncmp(propname, uiq_prefix, 4764 strlen(uiq_prefix)) == 0) { 4765 perm = ZFS_DELEG_PERM_USEROBJQUOTA; 4766 } else if (strncmp(propname, gq_prefix, 4767 strlen(gq_prefix)) == 0) { 4768 perm = ZFS_DELEG_PERM_GROUPQUOTA; 4769 } else if (strncmp(propname, giq_prefix, 4770 strlen(giq_prefix)) == 0) { 4771 perm = ZFS_DELEG_PERM_GROUPOBJQUOTA; 4772 } else if (strncmp(propname, pq_prefix, 4773 strlen(pq_prefix)) == 0) { 4774 perm = ZFS_DELEG_PERM_PROJECTQUOTA; 4775 } else if (strncmp(propname, piq_prefix, 4776 strlen(piq_prefix)) == 0) { 4777 perm = ZFS_DELEG_PERM_PROJECTOBJQUOTA; 4778 } else { 4779 /* {USER|GROUP|PROJECT}USED are read-only */ 4780 return (SET_ERROR(EINVAL)); 4781 } 4782 4783 if ((err = zfs_secpolicy_write_perms(dsname, perm, cr))) 4784 return (err); 4785 return (0); 4786 } 4787 4788 return (SET_ERROR(EINVAL)); 4789 } 4790 4791 if (issnap) 4792 return (SET_ERROR(EINVAL)); 4793 4794 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 4795 /* 4796 * dsl_prop_get_all_impl() returns properties in this 4797 * format. 4798 */ 4799 nvlist_t *attrs; 4800 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 4801 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 4802 &pair) == 0); 4803 } 4804 4805 /* 4806 * Check that this value is valid for this pool version 4807 */ 4808 switch (prop) { 4809 case ZFS_PROP_COMPRESSION: 4810 /* 4811 * If the user specified gzip compression, make sure 4812 * the SPA supports it. We ignore any errors here since 4813 * we'll catch them later. 4814 */ 4815 if (nvpair_value_uint64(pair, &intval) == 0) { 4816 compval = ZIO_COMPRESS_ALGO(intval); 4817 if (compval >= ZIO_COMPRESS_GZIP_1 && 4818 compval <= ZIO_COMPRESS_GZIP_9 && 4819 zfs_earlier_version(dsname, 4820 SPA_VERSION_GZIP_COMPRESSION)) { 4821 return (SET_ERROR(ENOTSUP)); 4822 } 4823 4824 if (compval == ZIO_COMPRESS_ZLE && 4825 zfs_earlier_version(dsname, 4826 SPA_VERSION_ZLE_COMPRESSION)) 4827 return (SET_ERROR(ENOTSUP)); 4828 4829 if (compval == ZIO_COMPRESS_LZ4) { 4830 spa_t *spa; 4831 4832 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 4833 return (err); 4834 4835 if (!spa_feature_is_enabled(spa, 4836 SPA_FEATURE_LZ4_COMPRESS)) { 4837 spa_close(spa, FTAG); 4838 return (SET_ERROR(ENOTSUP)); 4839 } 4840 spa_close(spa, FTAG); 4841 } 4842 4843 if (compval == ZIO_COMPRESS_ZSTD) { 4844 spa_t *spa; 4845 4846 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 4847 return (err); 4848 4849 if (!spa_feature_is_enabled(spa, 4850 SPA_FEATURE_ZSTD_COMPRESS)) { 4851 spa_close(spa, FTAG); 4852 return (SET_ERROR(ENOTSUP)); 4853 } 4854 spa_close(spa, FTAG); 4855 } 4856 } 4857 break; 4858 4859 case ZFS_PROP_COPIES: 4860 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS)) 4861 return (SET_ERROR(ENOTSUP)); 4862 break; 4863 4864 case ZFS_PROP_VOLBLOCKSIZE: 4865 case ZFS_PROP_RECORDSIZE: 4866 /* Record sizes above 128k need the feature to be enabled */ 4867 if (nvpair_value_uint64(pair, &intval) == 0 && 4868 intval > SPA_OLD_MAXBLOCKSIZE) { 4869 spa_t *spa; 4870 4871 /* 4872 * We don't allow setting the property above 1MB, 4873 * unless the tunable has been changed. 4874 */ 4875 if (intval > zfs_max_recordsize || 4876 intval > SPA_MAXBLOCKSIZE) 4877 return (SET_ERROR(ERANGE)); 4878 4879 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 4880 return (err); 4881 4882 if (!spa_feature_is_enabled(spa, 4883 SPA_FEATURE_LARGE_BLOCKS)) { 4884 spa_close(spa, FTAG); 4885 return (SET_ERROR(ENOTSUP)); 4886 } 4887 spa_close(spa, FTAG); 4888 } 4889 break; 4890 4891 case ZFS_PROP_DNODESIZE: 4892 /* Dnode sizes above 512 need the feature to be enabled */ 4893 if (nvpair_value_uint64(pair, &intval) == 0 && 4894 intval != ZFS_DNSIZE_LEGACY) { 4895 spa_t *spa; 4896 4897 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 4898 return (err); 4899 4900 if (!spa_feature_is_enabled(spa, 4901 SPA_FEATURE_LARGE_DNODE)) { 4902 spa_close(spa, FTAG); 4903 return (SET_ERROR(ENOTSUP)); 4904 } 4905 spa_close(spa, FTAG); 4906 } 4907 break; 4908 4909 case ZFS_PROP_SPECIAL_SMALL_BLOCKS: 4910 /* 4911 * This property could require the allocation classes 4912 * feature to be active for setting, however we allow 4913 * it so that tests of settable properties succeed. 4914 * The CLI will issue a warning in this case. 4915 */ 4916 break; 4917 4918 case ZFS_PROP_SHARESMB: 4919 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID)) 4920 return (SET_ERROR(ENOTSUP)); 4921 break; 4922 4923 case ZFS_PROP_ACLINHERIT: 4924 if (nvpair_type(pair) == DATA_TYPE_UINT64 && 4925 nvpair_value_uint64(pair, &intval) == 0) { 4926 if (intval == ZFS_ACL_PASSTHROUGH_X && 4927 zfs_earlier_version(dsname, 4928 SPA_VERSION_PASSTHROUGH_X)) 4929 return (SET_ERROR(ENOTSUP)); 4930 } 4931 break; 4932 case ZFS_PROP_CHECKSUM: 4933 case ZFS_PROP_DEDUP: 4934 { 4935 spa_feature_t feature; 4936 spa_t *spa; 4937 int err; 4938 4939 /* dedup feature version checks */ 4940 if (prop == ZFS_PROP_DEDUP && 4941 zfs_earlier_version(dsname, SPA_VERSION_DEDUP)) 4942 return (SET_ERROR(ENOTSUP)); 4943 4944 if (nvpair_type(pair) == DATA_TYPE_UINT64 && 4945 nvpair_value_uint64(pair, &intval) == 0) { 4946 /* check prop value is enabled in features */ 4947 feature = zio_checksum_to_feature( 4948 intval & ZIO_CHECKSUM_MASK); 4949 if (feature == SPA_FEATURE_NONE) 4950 break; 4951 4952 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 4953 return (err); 4954 4955 if (!spa_feature_is_enabled(spa, feature)) { 4956 spa_close(spa, FTAG); 4957 return (SET_ERROR(ENOTSUP)); 4958 } 4959 spa_close(spa, FTAG); 4960 } 4961 break; 4962 } 4963 4964 default: 4965 break; 4966 } 4967 4968 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED())); 4969 } 4970 4971 /* 4972 * Removes properties from the given props list that fail permission checks 4973 * needed to clear them and to restore them in case of a receive error. For each 4974 * property, make sure we have both set and inherit permissions. 4975 * 4976 * Returns the first error encountered if any permission checks fail. If the 4977 * caller provides a non-NULL errlist, it also gives the complete list of names 4978 * of all the properties that failed a permission check along with the 4979 * corresponding error numbers. The caller is responsible for freeing the 4980 * returned errlist. 4981 * 4982 * If every property checks out successfully, zero is returned and the list 4983 * pointed at by errlist is NULL. 4984 */ 4985 static int 4986 zfs_check_clearable(const char *dataset, nvlist_t *props, nvlist_t **errlist) 4987 { 4988 zfs_cmd_t *zc; 4989 nvpair_t *pair, *next_pair; 4990 nvlist_t *errors; 4991 int err, rv = 0; 4992 4993 if (props == NULL) 4994 return (0); 4995 4996 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0); 4997 4998 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP); 4999 (void) strlcpy(zc->zc_name, dataset, sizeof (zc->zc_name)); 5000 pair = nvlist_next_nvpair(props, NULL); 5001 while (pair != NULL) { 5002 next_pair = nvlist_next_nvpair(props, pair); 5003 5004 (void) strlcpy(zc->zc_value, nvpair_name(pair), 5005 sizeof (zc->zc_value)); 5006 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 || 5007 (err = zfs_secpolicy_inherit_prop(zc, NULL, CRED())) != 0) { 5008 VERIFY(nvlist_remove_nvpair(props, pair) == 0); 5009 VERIFY(nvlist_add_int32(errors, 5010 zc->zc_value, err) == 0); 5011 } 5012 pair = next_pair; 5013 } 5014 kmem_free(zc, sizeof (zfs_cmd_t)); 5015 5016 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) { 5017 nvlist_free(errors); 5018 errors = NULL; 5019 } else { 5020 VERIFY(nvpair_value_int32(pair, &rv) == 0); 5021 } 5022 5023 if (errlist == NULL) 5024 nvlist_free(errors); 5025 else 5026 *errlist = errors; 5027 5028 return (rv); 5029 } 5030 5031 static boolean_t 5032 propval_equals(nvpair_t *p1, nvpair_t *p2) 5033 { 5034 if (nvpair_type(p1) == DATA_TYPE_NVLIST) { 5035 /* dsl_prop_get_all_impl() format */ 5036 nvlist_t *attrs; 5037 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0); 5038 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 5039 &p1) == 0); 5040 } 5041 5042 if (nvpair_type(p2) == DATA_TYPE_NVLIST) { 5043 nvlist_t *attrs; 5044 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0); 5045 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 5046 &p2) == 0); 5047 } 5048 5049 if (nvpair_type(p1) != nvpair_type(p2)) 5050 return (B_FALSE); 5051 5052 if (nvpair_type(p1) == DATA_TYPE_STRING) { 5053 const char *valstr1, *valstr2; 5054 5055 VERIFY(nvpair_value_string(p1, &valstr1) == 0); 5056 VERIFY(nvpair_value_string(p2, &valstr2) == 0); 5057 return (strcmp(valstr1, valstr2) == 0); 5058 } else { 5059 uint64_t intval1, intval2; 5060 5061 VERIFY(nvpair_value_uint64(p1, &intval1) == 0); 5062 VERIFY(nvpair_value_uint64(p2, &intval2) == 0); 5063 return (intval1 == intval2); 5064 } 5065 } 5066 5067 /* 5068 * Remove properties from props if they are not going to change (as determined 5069 * by comparison with origprops). Remove them from origprops as well, since we 5070 * do not need to clear or restore properties that won't change. 5071 */ 5072 static void 5073 props_reduce(nvlist_t *props, nvlist_t *origprops) 5074 { 5075 nvpair_t *pair, *next_pair; 5076 5077 if (origprops == NULL) 5078 return; /* all props need to be received */ 5079 5080 pair = nvlist_next_nvpair(props, NULL); 5081 while (pair != NULL) { 5082 const char *propname = nvpair_name(pair); 5083 nvpair_t *match; 5084 5085 next_pair = nvlist_next_nvpair(props, pair); 5086 5087 if ((nvlist_lookup_nvpair(origprops, propname, 5088 &match) != 0) || !propval_equals(pair, match)) 5089 goto next; /* need to set received value */ 5090 5091 /* don't clear the existing received value */ 5092 (void) nvlist_remove_nvpair(origprops, match); 5093 /* don't bother receiving the property */ 5094 (void) nvlist_remove_nvpair(props, pair); 5095 next: 5096 pair = next_pair; 5097 } 5098 } 5099 5100 /* 5101 * Extract properties that cannot be set PRIOR to the receipt of a dataset. 5102 * For example, refquota cannot be set until after the receipt of a dataset, 5103 * because in replication streams, an older/earlier snapshot may exceed the 5104 * refquota. We want to receive the older/earlier snapshot, but setting 5105 * refquota pre-receipt will set the dsl's ACTUAL quota, which will prevent 5106 * the older/earlier snapshot from being received (with EDQUOT). 5107 * 5108 * The ZFS test "zfs_receive_011_pos" demonstrates such a scenario. 5109 * 5110 * libzfs will need to be judicious handling errors encountered by props 5111 * extracted by this function. 5112 */ 5113 static nvlist_t * 5114 extract_delay_props(nvlist_t *props) 5115 { 5116 nvlist_t *delayprops; 5117 nvpair_t *nvp, *tmp; 5118 static const zfs_prop_t delayable[] = { 5119 ZFS_PROP_REFQUOTA, 5120 ZFS_PROP_KEYLOCATION, 5121 /* 5122 * Setting ZFS_PROP_SHARESMB requires the objset type to be 5123 * known, which is not possible prior to receipt of raw sends. 5124 */ 5125 ZFS_PROP_SHARESMB, 5126 0 5127 }; 5128 int i; 5129 5130 VERIFY(nvlist_alloc(&delayprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 5131 5132 for (nvp = nvlist_next_nvpair(props, NULL); nvp != NULL; 5133 nvp = nvlist_next_nvpair(props, nvp)) { 5134 /* 5135 * strcmp() is safe because zfs_prop_to_name() always returns 5136 * a bounded string. 5137 */ 5138 for (i = 0; delayable[i] != 0; i++) { 5139 if (strcmp(zfs_prop_to_name(delayable[i]), 5140 nvpair_name(nvp)) == 0) { 5141 break; 5142 } 5143 } 5144 if (delayable[i] != 0) { 5145 tmp = nvlist_prev_nvpair(props, nvp); 5146 VERIFY(nvlist_add_nvpair(delayprops, nvp) == 0); 5147 VERIFY(nvlist_remove_nvpair(props, nvp) == 0); 5148 nvp = tmp; 5149 } 5150 } 5151 5152 if (nvlist_empty(delayprops)) { 5153 nvlist_free(delayprops); 5154 delayprops = NULL; 5155 } 5156 return (delayprops); 5157 } 5158 5159 static void 5160 zfs_allow_log_destroy(void *arg) 5161 { 5162 char *poolname = arg; 5163 5164 if (poolname != NULL) 5165 kmem_strfree(poolname); 5166 } 5167 5168 #ifdef ZFS_DEBUG 5169 static boolean_t zfs_ioc_recv_inject_err; 5170 #endif 5171 5172 /* 5173 * nvlist 'errors' is always allocated. It will contain descriptions of 5174 * encountered errors, if any. It's the callers responsibility to free. 5175 */ 5176 static int 5177 zfs_ioc_recv_impl(char *tofs, char *tosnap, const char *origin, 5178 nvlist_t *recvprops, nvlist_t *localprops, nvlist_t *hidden_args, 5179 boolean_t force, boolean_t heal, boolean_t resumable, int input_fd, 5180 dmu_replay_record_t *begin_record, uint64_t *read_bytes, 5181 uint64_t *errflags, nvlist_t **errors) 5182 { 5183 dmu_recv_cookie_t drc; 5184 int error = 0; 5185 int props_error = 0; 5186 offset_t off, noff; 5187 nvlist_t *local_delayprops = NULL; 5188 nvlist_t *recv_delayprops = NULL; 5189 nvlist_t *inherited_delayprops = NULL; 5190 nvlist_t *origprops = NULL; /* existing properties */ 5191 nvlist_t *origrecvd = NULL; /* existing received properties */ 5192 boolean_t first_recvd_props = B_FALSE; 5193 boolean_t tofs_was_redacted; 5194 zfs_file_t *input_fp; 5195 5196 *read_bytes = 0; 5197 *errflags = 0; 5198 *errors = fnvlist_alloc(); 5199 off = 0; 5200 5201 if ((input_fp = zfs_file_get(input_fd)) == NULL) 5202 return (SET_ERROR(EBADF)); 5203 5204 noff = off = zfs_file_off(input_fp); 5205 error = dmu_recv_begin(tofs, tosnap, begin_record, force, heal, 5206 resumable, localprops, hidden_args, origin, &drc, input_fp, 5207 &off); 5208 if (error != 0) 5209 goto out; 5210 tofs_was_redacted = dsl_get_redacted(drc.drc_ds); 5211 5212 /* 5213 * Set properties before we receive the stream so that they are applied 5214 * to the new data. Note that we must call dmu_recv_stream() if 5215 * dmu_recv_begin() succeeds. 5216 */ 5217 if (recvprops != NULL && !drc.drc_newfs) { 5218 if (spa_version(dsl_dataset_get_spa(drc.drc_ds)) >= 5219 SPA_VERSION_RECVD_PROPS && 5220 !dsl_prop_get_hasrecvd(tofs)) 5221 first_recvd_props = B_TRUE; 5222 5223 /* 5224 * If new received properties are supplied, they are to 5225 * completely replace the existing received properties, 5226 * so stash away the existing ones. 5227 */ 5228 if (dsl_prop_get_received(tofs, &origrecvd) == 0) { 5229 nvlist_t *errlist = NULL; 5230 /* 5231 * Don't bother writing a property if its value won't 5232 * change (and avoid the unnecessary security checks). 5233 * 5234 * The first receive after SPA_VERSION_RECVD_PROPS is a 5235 * special case where we blow away all local properties 5236 * regardless. 5237 */ 5238 if (!first_recvd_props) 5239 props_reduce(recvprops, origrecvd); 5240 if (zfs_check_clearable(tofs, origrecvd, &errlist) != 0) 5241 (void) nvlist_merge(*errors, errlist, 0); 5242 nvlist_free(errlist); 5243 5244 if (clear_received_props(tofs, origrecvd, 5245 first_recvd_props ? NULL : recvprops) != 0) 5246 *errflags |= ZPROP_ERR_NOCLEAR; 5247 } else { 5248 *errflags |= ZPROP_ERR_NOCLEAR; 5249 } 5250 } 5251 5252 /* 5253 * Stash away existing properties so we can restore them on error unless 5254 * we're doing the first receive after SPA_VERSION_RECVD_PROPS, in which 5255 * case "origrecvd" will take care of that. 5256 */ 5257 if (localprops != NULL && !drc.drc_newfs && !first_recvd_props) { 5258 objset_t *os; 5259 if (dmu_objset_hold(tofs, FTAG, &os) == 0) { 5260 if (dsl_prop_get_all(os, &origprops) != 0) { 5261 *errflags |= ZPROP_ERR_NOCLEAR; 5262 } 5263 dmu_objset_rele(os, FTAG); 5264 } else { 5265 *errflags |= ZPROP_ERR_NOCLEAR; 5266 } 5267 } 5268 5269 if (recvprops != NULL) { 5270 props_error = dsl_prop_set_hasrecvd(tofs); 5271 5272 if (props_error == 0) { 5273 recv_delayprops = extract_delay_props(recvprops); 5274 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED, 5275 recvprops, *errors); 5276 } 5277 } 5278 5279 if (localprops != NULL) { 5280 nvlist_t *oprops = fnvlist_alloc(); 5281 nvlist_t *xprops = fnvlist_alloc(); 5282 nvpair_t *nvp = NULL; 5283 5284 while ((nvp = nvlist_next_nvpair(localprops, nvp)) != NULL) { 5285 if (nvpair_type(nvp) == DATA_TYPE_BOOLEAN) { 5286 /* -x property */ 5287 const char *name = nvpair_name(nvp); 5288 zfs_prop_t prop = zfs_name_to_prop(name); 5289 if (prop != ZPROP_USERPROP) { 5290 if (!zfs_prop_inheritable(prop)) 5291 continue; 5292 } else if (!zfs_prop_user(name)) 5293 continue; 5294 fnvlist_add_boolean(xprops, name); 5295 } else { 5296 /* -o property=value */ 5297 fnvlist_add_nvpair(oprops, nvp); 5298 } 5299 } 5300 5301 local_delayprops = extract_delay_props(oprops); 5302 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL, 5303 oprops, *errors); 5304 inherited_delayprops = extract_delay_props(xprops); 5305 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED, 5306 xprops, *errors); 5307 5308 nvlist_free(oprops); 5309 nvlist_free(xprops); 5310 } 5311 5312 error = dmu_recv_stream(&drc, &off); 5313 5314 if (error == 0) { 5315 zfsvfs_t *zfsvfs = NULL; 5316 zvol_state_handle_t *zv = NULL; 5317 5318 if (getzfsvfs(tofs, &zfsvfs) == 0) { 5319 /* online recv */ 5320 dsl_dataset_t *ds; 5321 int end_err; 5322 boolean_t stream_is_redacted = DMU_GET_FEATUREFLAGS( 5323 begin_record->drr_u.drr_begin. 5324 drr_versioninfo) & DMU_BACKUP_FEATURE_REDACTED; 5325 5326 ds = dmu_objset_ds(zfsvfs->z_os); 5327 error = zfs_suspend_fs(zfsvfs); 5328 /* 5329 * If the suspend fails, then the recv_end will 5330 * likely also fail, and clean up after itself. 5331 */ 5332 end_err = dmu_recv_end(&drc, zfsvfs); 5333 /* 5334 * If the dataset was not redacted, but we received a 5335 * redacted stream onto it, we need to unmount the 5336 * dataset. Otherwise, resume the filesystem. 5337 */ 5338 if (error == 0 && !drc.drc_newfs && 5339 stream_is_redacted && !tofs_was_redacted) { 5340 error = zfs_end_fs(zfsvfs, ds); 5341 } else if (error == 0) { 5342 error = zfs_resume_fs(zfsvfs, ds); 5343 } 5344 error = error ? error : end_err; 5345 zfs_vfs_rele(zfsvfs); 5346 } else if ((zv = zvol_suspend(tofs)) != NULL) { 5347 error = dmu_recv_end(&drc, zvol_tag(zv)); 5348 zvol_resume(zv); 5349 } else { 5350 error = dmu_recv_end(&drc, NULL); 5351 } 5352 5353 /* Set delayed properties now, after we're done receiving. */ 5354 if (recv_delayprops != NULL && error == 0) { 5355 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED, 5356 recv_delayprops, *errors); 5357 } 5358 if (local_delayprops != NULL && error == 0) { 5359 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL, 5360 local_delayprops, *errors); 5361 } 5362 if (inherited_delayprops != NULL && error == 0) { 5363 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED, 5364 inherited_delayprops, *errors); 5365 } 5366 } 5367 5368 /* 5369 * Merge delayed props back in with initial props, in case 5370 * we're DEBUG and zfs_ioc_recv_inject_err is set (which means 5371 * we have to make sure clear_received_props() includes 5372 * the delayed properties). 5373 * 5374 * Since zfs_ioc_recv_inject_err is only in DEBUG kernels, 5375 * using ASSERT() will be just like a VERIFY. 5376 */ 5377 if (recv_delayprops != NULL) { 5378 ASSERT(nvlist_merge(recvprops, recv_delayprops, 0) == 0); 5379 nvlist_free(recv_delayprops); 5380 } 5381 if (local_delayprops != NULL) { 5382 ASSERT(nvlist_merge(localprops, local_delayprops, 0) == 0); 5383 nvlist_free(local_delayprops); 5384 } 5385 if (inherited_delayprops != NULL) { 5386 ASSERT(nvlist_merge(localprops, inherited_delayprops, 0) == 0); 5387 nvlist_free(inherited_delayprops); 5388 } 5389 *read_bytes = off - noff; 5390 5391 #ifdef ZFS_DEBUG 5392 if (zfs_ioc_recv_inject_err) { 5393 zfs_ioc_recv_inject_err = B_FALSE; 5394 error = 1; 5395 } 5396 #endif 5397 5398 /* 5399 * On error, restore the original props. 5400 */ 5401 if (error != 0 && recvprops != NULL && !drc.drc_newfs) { 5402 if (clear_received_props(tofs, recvprops, NULL) != 0) { 5403 /* 5404 * We failed to clear the received properties. 5405 * Since we may have left a $recvd value on the 5406 * system, we can't clear the $hasrecvd flag. 5407 */ 5408 *errflags |= ZPROP_ERR_NORESTORE; 5409 } else if (first_recvd_props) { 5410 dsl_prop_unset_hasrecvd(tofs); 5411 } 5412 5413 if (origrecvd == NULL && !drc.drc_newfs) { 5414 /* We failed to stash the original properties. */ 5415 *errflags |= ZPROP_ERR_NORESTORE; 5416 } 5417 5418 /* 5419 * dsl_props_set() will not convert RECEIVED to LOCAL on or 5420 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL 5421 * explicitly if we're restoring local properties cleared in the 5422 * first new-style receive. 5423 */ 5424 if (origrecvd != NULL && 5425 zfs_set_prop_nvlist(tofs, (first_recvd_props ? 5426 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED), 5427 origrecvd, NULL) != 0) { 5428 /* 5429 * We stashed the original properties but failed to 5430 * restore them. 5431 */ 5432 *errflags |= ZPROP_ERR_NORESTORE; 5433 } 5434 } 5435 if (error != 0 && localprops != NULL && !drc.drc_newfs && 5436 !first_recvd_props) { 5437 nvlist_t *setprops; 5438 nvlist_t *inheritprops; 5439 nvpair_t *nvp; 5440 5441 if (origprops == NULL) { 5442 /* We failed to stash the original properties. */ 5443 *errflags |= ZPROP_ERR_NORESTORE; 5444 goto out; 5445 } 5446 5447 /* Restore original props */ 5448 setprops = fnvlist_alloc(); 5449 inheritprops = fnvlist_alloc(); 5450 nvp = NULL; 5451 while ((nvp = nvlist_next_nvpair(localprops, nvp)) != NULL) { 5452 const char *name = nvpair_name(nvp); 5453 const char *source; 5454 nvlist_t *attrs; 5455 5456 if (!nvlist_exists(origprops, name)) { 5457 /* 5458 * Property was not present or was explicitly 5459 * inherited before the receive, restore this. 5460 */ 5461 fnvlist_add_boolean(inheritprops, name); 5462 continue; 5463 } 5464 attrs = fnvlist_lookup_nvlist(origprops, name); 5465 source = fnvlist_lookup_string(attrs, ZPROP_SOURCE); 5466 5467 /* Skip received properties */ 5468 if (strcmp(source, ZPROP_SOURCE_VAL_RECVD) == 0) 5469 continue; 5470 5471 if (strcmp(source, tofs) == 0) { 5472 /* Property was locally set */ 5473 fnvlist_add_nvlist(setprops, name, attrs); 5474 } else { 5475 /* Property was implicitly inherited */ 5476 fnvlist_add_boolean(inheritprops, name); 5477 } 5478 } 5479 5480 if (zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL, setprops, 5481 NULL) != 0) 5482 *errflags |= ZPROP_ERR_NORESTORE; 5483 if (zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED, inheritprops, 5484 NULL) != 0) 5485 *errflags |= ZPROP_ERR_NORESTORE; 5486 5487 nvlist_free(setprops); 5488 nvlist_free(inheritprops); 5489 } 5490 out: 5491 zfs_file_put(input_fp); 5492 nvlist_free(origrecvd); 5493 nvlist_free(origprops); 5494 5495 if (error == 0) 5496 error = props_error; 5497 5498 return (error); 5499 } 5500 5501 /* 5502 * inputs: 5503 * zc_name name of containing filesystem (unused) 5504 * zc_nvlist_src{_size} nvlist of properties to apply 5505 * zc_nvlist_conf{_size} nvlist of properties to exclude 5506 * (DATA_TYPE_BOOLEAN) and override (everything else) 5507 * zc_value name of snapshot to create 5508 * zc_string name of clone origin (if DRR_FLAG_CLONE) 5509 * zc_cookie file descriptor to recv from 5510 * zc_begin_record the BEGIN record of the stream (not byteswapped) 5511 * zc_guid force flag 5512 * 5513 * outputs: 5514 * zc_cookie number of bytes read 5515 * zc_obj zprop_errflags_t 5516 * zc_nvlist_dst{_size} error for each unapplied received property 5517 */ 5518 static int 5519 zfs_ioc_recv(zfs_cmd_t *zc) 5520 { 5521 dmu_replay_record_t begin_record; 5522 nvlist_t *errors = NULL; 5523 nvlist_t *recvdprops = NULL; 5524 nvlist_t *localprops = NULL; 5525 const char *origin = NULL; 5526 char *tosnap; 5527 char tofs[ZFS_MAX_DATASET_NAME_LEN]; 5528 int error = 0; 5529 5530 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 || 5531 strchr(zc->zc_value, '@') == NULL || 5532 strchr(zc->zc_value, '%') != NULL) { 5533 return (SET_ERROR(EINVAL)); 5534 } 5535 5536 (void) strlcpy(tofs, zc->zc_value, sizeof (tofs)); 5537 tosnap = strchr(tofs, '@'); 5538 *tosnap++ = '\0'; 5539 5540 if (zc->zc_nvlist_src != 0 && 5541 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 5542 zc->zc_iflags, &recvdprops)) != 0) { 5543 goto out; 5544 } 5545 5546 if (zc->zc_nvlist_conf != 0 && 5547 (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 5548 zc->zc_iflags, &localprops)) != 0) { 5549 goto out; 5550 } 5551 5552 if (zc->zc_string[0]) 5553 origin = zc->zc_string; 5554 5555 begin_record.drr_type = DRR_BEGIN; 5556 begin_record.drr_payloadlen = 0; 5557 begin_record.drr_u.drr_begin = zc->zc_begin_record; 5558 5559 error = zfs_ioc_recv_impl(tofs, tosnap, origin, recvdprops, localprops, 5560 NULL, zc->zc_guid, B_FALSE, B_FALSE, zc->zc_cookie, &begin_record, 5561 &zc->zc_cookie, &zc->zc_obj, &errors); 5562 5563 /* 5564 * Now that all props, initial and delayed, are set, report the prop 5565 * errors to the caller. 5566 */ 5567 if (zc->zc_nvlist_dst_size != 0 && errors != NULL && 5568 (nvlist_smush(errors, zc->zc_nvlist_dst_size) != 0 || 5569 put_nvlist(zc, errors) != 0)) { 5570 /* 5571 * Caller made zc->zc_nvlist_dst less than the minimum expected 5572 * size or supplied an invalid address. 5573 */ 5574 error = SET_ERROR(EINVAL); 5575 } 5576 5577 out: 5578 nvlist_free(errors); 5579 nvlist_free(recvdprops); 5580 nvlist_free(localprops); 5581 5582 return (error); 5583 } 5584 5585 /* 5586 * innvl: { 5587 * "snapname" -> full name of the snapshot to create 5588 * (optional) "props" -> received properties to set (nvlist) 5589 * (optional) "localprops" -> override and exclude properties (nvlist) 5590 * (optional) "origin" -> name of clone origin (DRR_FLAG_CLONE) 5591 * "begin_record" -> non-byteswapped dmu_replay_record_t 5592 * "input_fd" -> file descriptor to read stream from (int32) 5593 * (optional) "force" -> force flag (value ignored) 5594 * (optional) "heal" -> use send stream to heal data corruption 5595 * (optional) "resumable" -> resumable flag (value ignored) 5596 * (optional) "cleanup_fd" -> unused 5597 * (optional) "action_handle" -> unused 5598 * (optional) "hidden_args" -> { "wkeydata" -> value } 5599 * } 5600 * 5601 * outnvl: { 5602 * "read_bytes" -> number of bytes read 5603 * "error_flags" -> zprop_errflags_t 5604 * "errors" -> error for each unapplied received property (nvlist) 5605 * } 5606 */ 5607 static const zfs_ioc_key_t zfs_keys_recv_new[] = { 5608 {"snapname", DATA_TYPE_STRING, 0}, 5609 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 5610 {"localprops", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 5611 {"origin", DATA_TYPE_STRING, ZK_OPTIONAL}, 5612 {"begin_record", DATA_TYPE_BYTE_ARRAY, 0}, 5613 {"input_fd", DATA_TYPE_INT32, 0}, 5614 {"force", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 5615 {"heal", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 5616 {"resumable", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 5617 {"cleanup_fd", DATA_TYPE_INT32, ZK_OPTIONAL}, 5618 {"action_handle", DATA_TYPE_UINT64, ZK_OPTIONAL}, 5619 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 5620 }; 5621 5622 static int 5623 zfs_ioc_recv_new(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 5624 { 5625 dmu_replay_record_t *begin_record; 5626 uint_t begin_record_size; 5627 nvlist_t *errors = NULL; 5628 nvlist_t *recvprops = NULL; 5629 nvlist_t *localprops = NULL; 5630 nvlist_t *hidden_args = NULL; 5631 const char *snapname; 5632 const char *origin = NULL; 5633 char *tosnap; 5634 char tofs[ZFS_MAX_DATASET_NAME_LEN]; 5635 boolean_t force; 5636 boolean_t heal; 5637 boolean_t resumable; 5638 uint64_t read_bytes = 0; 5639 uint64_t errflags = 0; 5640 int input_fd = -1; 5641 int error; 5642 5643 snapname = fnvlist_lookup_string(innvl, "snapname"); 5644 5645 if (dataset_namecheck(snapname, NULL, NULL) != 0 || 5646 strchr(snapname, '@') == NULL || 5647 strchr(snapname, '%') != NULL) { 5648 return (SET_ERROR(EINVAL)); 5649 } 5650 5651 (void) strlcpy(tofs, snapname, sizeof (tofs)); 5652 tosnap = strchr(tofs, '@'); 5653 *tosnap++ = '\0'; 5654 5655 error = nvlist_lookup_string(innvl, "origin", &origin); 5656 if (error && error != ENOENT) 5657 return (error); 5658 5659 error = nvlist_lookup_byte_array(innvl, "begin_record", 5660 (uchar_t **)&begin_record, &begin_record_size); 5661 if (error != 0 || begin_record_size != sizeof (*begin_record)) 5662 return (SET_ERROR(EINVAL)); 5663 5664 input_fd = fnvlist_lookup_int32(innvl, "input_fd"); 5665 5666 force = nvlist_exists(innvl, "force"); 5667 heal = nvlist_exists(innvl, "heal"); 5668 resumable = nvlist_exists(innvl, "resumable"); 5669 5670 /* we still use "props" here for backwards compatibility */ 5671 error = nvlist_lookup_nvlist(innvl, "props", &recvprops); 5672 if (error && error != ENOENT) 5673 goto out; 5674 5675 error = nvlist_lookup_nvlist(innvl, "localprops", &localprops); 5676 if (error && error != ENOENT) 5677 goto out; 5678 5679 error = nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args); 5680 if (error && error != ENOENT) 5681 goto out; 5682 5683 error = zfs_ioc_recv_impl(tofs, tosnap, origin, recvprops, localprops, 5684 hidden_args, force, heal, resumable, input_fd, begin_record, 5685 &read_bytes, &errflags, &errors); 5686 5687 fnvlist_add_uint64(outnvl, "read_bytes", read_bytes); 5688 fnvlist_add_uint64(outnvl, "error_flags", errflags); 5689 fnvlist_add_nvlist(outnvl, "errors", errors); 5690 5691 out: 5692 nvlist_free(errors); 5693 nvlist_free(recvprops); 5694 nvlist_free(localprops); 5695 nvlist_free(hidden_args); 5696 5697 return (error); 5698 } 5699 5700 /* 5701 * When stack space is limited, we write replication stream data to the target 5702 * on a separate taskq thread, to make sure there's enough stack space. 5703 */ 5704 #ifndef HAVE_LARGE_STACKS 5705 #define USE_SEND_TASKQ 1 5706 #endif 5707 5708 typedef struct dump_bytes_io { 5709 zfs_file_t *dbi_fp; 5710 caddr_t dbi_buf; 5711 int dbi_len; 5712 int dbi_err; 5713 } dump_bytes_io_t; 5714 5715 static void 5716 dump_bytes_cb(void *arg) 5717 { 5718 dump_bytes_io_t *dbi = (dump_bytes_io_t *)arg; 5719 zfs_file_t *fp; 5720 caddr_t buf; 5721 5722 fp = dbi->dbi_fp; 5723 buf = dbi->dbi_buf; 5724 5725 dbi->dbi_err = zfs_file_write(fp, buf, dbi->dbi_len, NULL); 5726 } 5727 5728 typedef struct dump_bytes_arg { 5729 zfs_file_t *dba_fp; 5730 #ifdef USE_SEND_TASKQ 5731 taskq_t *dba_tq; 5732 taskq_ent_t dba_tqent; 5733 #endif 5734 } dump_bytes_arg_t; 5735 5736 static int 5737 dump_bytes(objset_t *os, void *buf, int len, void *arg) 5738 { 5739 dump_bytes_arg_t *dba = (dump_bytes_arg_t *)arg; 5740 dump_bytes_io_t dbi; 5741 5742 dbi.dbi_fp = dba->dba_fp; 5743 dbi.dbi_buf = buf; 5744 dbi.dbi_len = len; 5745 5746 #ifdef USE_SEND_TASKQ 5747 taskq_dispatch_ent(dba->dba_tq, dump_bytes_cb, &dbi, TQ_SLEEP, 5748 &dba->dba_tqent); 5749 taskq_wait(dba->dba_tq); 5750 #else 5751 dump_bytes_cb(&dbi); 5752 #endif 5753 5754 return (dbi.dbi_err); 5755 } 5756 5757 static int 5758 dump_bytes_init(dump_bytes_arg_t *dba, int fd, dmu_send_outparams_t *out) 5759 { 5760 zfs_file_t *fp = zfs_file_get(fd); 5761 if (fp == NULL) 5762 return (SET_ERROR(EBADF)); 5763 5764 dba->dba_fp = fp; 5765 #ifdef USE_SEND_TASKQ 5766 dba->dba_tq = taskq_create("z_send", 1, defclsyspri, 0, 0, 0); 5767 taskq_init_ent(&dba->dba_tqent); 5768 #endif 5769 5770 memset(out, 0, sizeof (dmu_send_outparams_t)); 5771 out->dso_outfunc = dump_bytes; 5772 out->dso_arg = dba; 5773 out->dso_dryrun = B_FALSE; 5774 5775 return (0); 5776 } 5777 5778 static void 5779 dump_bytes_fini(dump_bytes_arg_t *dba) 5780 { 5781 zfs_file_put(dba->dba_fp); 5782 #ifdef USE_SEND_TASKQ 5783 taskq_destroy(dba->dba_tq); 5784 #endif 5785 } 5786 5787 /* 5788 * inputs: 5789 * zc_name name of snapshot to send 5790 * zc_cookie file descriptor to send stream to 5791 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj) 5792 * zc_sendobj objsetid of snapshot to send 5793 * zc_fromobj objsetid of incremental fromsnap (may be zero) 5794 * zc_guid if set, estimate size of stream only. zc_cookie is ignored. 5795 * output size in zc_objset_type. 5796 * zc_flags lzc_send_flags 5797 * 5798 * outputs: 5799 * zc_objset_type estimated size, if zc_guid is set 5800 * 5801 * NOTE: This is no longer the preferred interface, any new functionality 5802 * should be added to zfs_ioc_send_new() instead. 5803 */ 5804 static int 5805 zfs_ioc_send(zfs_cmd_t *zc) 5806 { 5807 int error; 5808 offset_t off; 5809 boolean_t estimate = (zc->zc_guid != 0); 5810 boolean_t embedok = (zc->zc_flags & 0x1); 5811 boolean_t large_block_ok = (zc->zc_flags & 0x2); 5812 boolean_t compressok = (zc->zc_flags & 0x4); 5813 boolean_t rawok = (zc->zc_flags & 0x8); 5814 boolean_t savedok = (zc->zc_flags & 0x10); 5815 5816 if (zc->zc_obj != 0) { 5817 dsl_pool_t *dp; 5818 dsl_dataset_t *tosnap; 5819 5820 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 5821 if (error != 0) 5822 return (error); 5823 5824 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &tosnap); 5825 if (error != 0) { 5826 dsl_pool_rele(dp, FTAG); 5827 return (error); 5828 } 5829 5830 if (dsl_dir_is_clone(tosnap->ds_dir)) 5831 zc->zc_fromobj = 5832 dsl_dir_phys(tosnap->ds_dir)->dd_origin_obj; 5833 dsl_dataset_rele(tosnap, FTAG); 5834 dsl_pool_rele(dp, FTAG); 5835 } 5836 5837 if (estimate) { 5838 dsl_pool_t *dp; 5839 dsl_dataset_t *tosnap; 5840 dsl_dataset_t *fromsnap = NULL; 5841 5842 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 5843 if (error != 0) 5844 return (error); 5845 5846 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, 5847 FTAG, &tosnap); 5848 if (error != 0) { 5849 dsl_pool_rele(dp, FTAG); 5850 return (error); 5851 } 5852 5853 if (zc->zc_fromobj != 0) { 5854 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj, 5855 FTAG, &fromsnap); 5856 if (error != 0) { 5857 dsl_dataset_rele(tosnap, FTAG); 5858 dsl_pool_rele(dp, FTAG); 5859 return (error); 5860 } 5861 } 5862 5863 error = dmu_send_estimate_fast(tosnap, fromsnap, NULL, 5864 compressok || rawok, savedok, &zc->zc_objset_type); 5865 5866 if (fromsnap != NULL) 5867 dsl_dataset_rele(fromsnap, FTAG); 5868 dsl_dataset_rele(tosnap, FTAG); 5869 dsl_pool_rele(dp, FTAG); 5870 } else { 5871 dump_bytes_arg_t dba; 5872 dmu_send_outparams_t out; 5873 error = dump_bytes_init(&dba, zc->zc_cookie, &out); 5874 if (error) 5875 return (error); 5876 5877 off = zfs_file_off(dba.dba_fp); 5878 error = dmu_send_obj(zc->zc_name, zc->zc_sendobj, 5879 zc->zc_fromobj, embedok, large_block_ok, compressok, 5880 rawok, savedok, zc->zc_cookie, &off, &out); 5881 5882 dump_bytes_fini(&dba); 5883 } 5884 return (error); 5885 } 5886 5887 /* 5888 * inputs: 5889 * zc_name name of snapshot on which to report progress 5890 * zc_cookie file descriptor of send stream 5891 * 5892 * outputs: 5893 * zc_cookie number of bytes written in send stream thus far 5894 * zc_objset_type logical size of data traversed by send thus far 5895 */ 5896 static int 5897 zfs_ioc_send_progress(zfs_cmd_t *zc) 5898 { 5899 dsl_pool_t *dp; 5900 dsl_dataset_t *ds; 5901 dmu_sendstatus_t *dsp = NULL; 5902 int error; 5903 5904 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 5905 if (error != 0) 5906 return (error); 5907 5908 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds); 5909 if (error != 0) { 5910 dsl_pool_rele(dp, FTAG); 5911 return (error); 5912 } 5913 5914 mutex_enter(&ds->ds_sendstream_lock); 5915 5916 /* 5917 * Iterate over all the send streams currently active on this dataset. 5918 * If there's one which matches the specified file descriptor _and_ the 5919 * stream was started by the current process, return the progress of 5920 * that stream. 5921 */ 5922 5923 for (dsp = list_head(&ds->ds_sendstreams); dsp != NULL; 5924 dsp = list_next(&ds->ds_sendstreams, dsp)) { 5925 if (dsp->dss_outfd == zc->zc_cookie && 5926 zfs_proc_is_caller(dsp->dss_proc)) 5927 break; 5928 } 5929 5930 if (dsp != NULL) { 5931 zc->zc_cookie = atomic_cas_64((volatile uint64_t *)dsp->dss_off, 5932 0, 0); 5933 /* This is the closest thing we have to atomic_read_64. */ 5934 zc->zc_objset_type = atomic_cas_64(&dsp->dss_blocks, 0, 0); 5935 } else { 5936 error = SET_ERROR(ENOENT); 5937 } 5938 5939 mutex_exit(&ds->ds_sendstream_lock); 5940 dsl_dataset_rele(ds, FTAG); 5941 dsl_pool_rele(dp, FTAG); 5942 return (error); 5943 } 5944 5945 static int 5946 zfs_ioc_inject_fault(zfs_cmd_t *zc) 5947 { 5948 int id, error; 5949 5950 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id, 5951 &zc->zc_inject_record); 5952 5953 if (error == 0) 5954 zc->zc_guid = (uint64_t)id; 5955 5956 return (error); 5957 } 5958 5959 static int 5960 zfs_ioc_clear_fault(zfs_cmd_t *zc) 5961 { 5962 return (zio_clear_fault((int)zc->zc_guid)); 5963 } 5964 5965 static int 5966 zfs_ioc_inject_list_next(zfs_cmd_t *zc) 5967 { 5968 int id = (int)zc->zc_guid; 5969 int error; 5970 5971 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name), 5972 &zc->zc_inject_record); 5973 5974 zc->zc_guid = id; 5975 5976 return (error); 5977 } 5978 5979 static int 5980 zfs_ioc_error_log(zfs_cmd_t *zc) 5981 { 5982 spa_t *spa; 5983 int error; 5984 5985 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 5986 return (error); 5987 5988 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst, 5989 &zc->zc_nvlist_dst_size); 5990 5991 spa_close(spa, FTAG); 5992 5993 return (error); 5994 } 5995 5996 static int 5997 zfs_ioc_clear(zfs_cmd_t *zc) 5998 { 5999 spa_t *spa; 6000 vdev_t *vd; 6001 int error; 6002 6003 /* 6004 * On zpool clear we also fix up missing slogs 6005 */ 6006 mutex_enter(&spa_namespace_lock); 6007 spa = spa_lookup(zc->zc_name); 6008 if (spa == NULL) { 6009 mutex_exit(&spa_namespace_lock); 6010 return (SET_ERROR(EIO)); 6011 } 6012 if (spa_get_log_state(spa) == SPA_LOG_MISSING) { 6013 /* we need to let spa_open/spa_load clear the chains */ 6014 spa_set_log_state(spa, SPA_LOG_CLEAR); 6015 } 6016 spa->spa_last_open_failed = 0; 6017 mutex_exit(&spa_namespace_lock); 6018 6019 if (zc->zc_cookie & ZPOOL_NO_REWIND) { 6020 error = spa_open(zc->zc_name, &spa, FTAG); 6021 } else { 6022 nvlist_t *policy; 6023 nvlist_t *config = NULL; 6024 6025 if (zc->zc_nvlist_src == 0) 6026 return (SET_ERROR(EINVAL)); 6027 6028 if ((error = get_nvlist(zc->zc_nvlist_src, 6029 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) { 6030 error = spa_open_rewind(zc->zc_name, &spa, FTAG, 6031 policy, &config); 6032 if (config != NULL) { 6033 int err; 6034 6035 if ((err = put_nvlist(zc, config)) != 0) 6036 error = err; 6037 nvlist_free(config); 6038 } 6039 nvlist_free(policy); 6040 } 6041 } 6042 6043 if (error != 0) 6044 return (error); 6045 6046 /* 6047 * If multihost is enabled, resuming I/O is unsafe as another 6048 * host may have imported the pool. Check for remote activity. 6049 */ 6050 if (spa_multihost(spa) && spa_suspended(spa) && 6051 spa_mmp_remote_host_activity(spa)) { 6052 spa_close(spa, FTAG); 6053 return (SET_ERROR(EREMOTEIO)); 6054 } 6055 6056 spa_vdev_state_enter(spa, SCL_NONE); 6057 6058 if (zc->zc_guid == 0) { 6059 vd = NULL; 6060 } else { 6061 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE); 6062 if (vd == NULL) { 6063 error = SET_ERROR(ENODEV); 6064 (void) spa_vdev_state_exit(spa, NULL, error); 6065 spa_close(spa, FTAG); 6066 return (error); 6067 } 6068 } 6069 6070 vdev_clear(spa, vd); 6071 6072 (void) spa_vdev_state_exit(spa, spa_suspended(spa) ? 6073 NULL : spa->spa_root_vdev, 0); 6074 6075 /* 6076 * Resume any suspended I/Os. 6077 */ 6078 if (zio_resume(spa) != 0) 6079 error = SET_ERROR(EIO); 6080 6081 spa_close(spa, FTAG); 6082 6083 return (error); 6084 } 6085 6086 /* 6087 * Reopen all the vdevs associated with the pool. 6088 * 6089 * innvl: { 6090 * "scrub_restart" -> when true and scrub is running, allow to restart 6091 * scrub as the side effect of the reopen (boolean). 6092 * } 6093 * 6094 * outnvl is unused 6095 */ 6096 static const zfs_ioc_key_t zfs_keys_pool_reopen[] = { 6097 {"scrub_restart", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL}, 6098 }; 6099 6100 static int 6101 zfs_ioc_pool_reopen(const char *pool, nvlist_t *innvl, nvlist_t *outnvl) 6102 { 6103 (void) outnvl; 6104 spa_t *spa; 6105 int error; 6106 boolean_t rc, scrub_restart = B_TRUE; 6107 6108 if (innvl) { 6109 error = nvlist_lookup_boolean_value(innvl, 6110 "scrub_restart", &rc); 6111 if (error == 0) 6112 scrub_restart = rc; 6113 } 6114 6115 error = spa_open(pool, &spa, FTAG); 6116 if (error != 0) 6117 return (error); 6118 6119 spa_vdev_state_enter(spa, SCL_NONE); 6120 6121 /* 6122 * If the scrub_restart flag is B_FALSE and a scrub is already 6123 * in progress then set spa_scrub_reopen flag to B_TRUE so that 6124 * we don't restart the scrub as a side effect of the reopen. 6125 * Otherwise, let vdev_open() decided if a resilver is required. 6126 */ 6127 6128 spa->spa_scrub_reopen = (!scrub_restart && 6129 dsl_scan_scrubbing(spa->spa_dsl_pool)); 6130 vdev_reopen(spa->spa_root_vdev); 6131 spa->spa_scrub_reopen = B_FALSE; 6132 6133 (void) spa_vdev_state_exit(spa, NULL, 0); 6134 spa_close(spa, FTAG); 6135 return (0); 6136 } 6137 6138 /* 6139 * inputs: 6140 * zc_name name of filesystem 6141 * 6142 * outputs: 6143 * zc_string name of conflicting snapshot, if there is one 6144 */ 6145 static int 6146 zfs_ioc_promote(zfs_cmd_t *zc) 6147 { 6148 dsl_pool_t *dp; 6149 dsl_dataset_t *ds, *ods; 6150 char origin[ZFS_MAX_DATASET_NAME_LEN]; 6151 char *cp; 6152 int error; 6153 6154 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0'; 6155 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0 || 6156 strchr(zc->zc_name, '%')) 6157 return (SET_ERROR(EINVAL)); 6158 6159 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 6160 if (error != 0) 6161 return (error); 6162 6163 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds); 6164 if (error != 0) { 6165 dsl_pool_rele(dp, FTAG); 6166 return (error); 6167 } 6168 6169 if (!dsl_dir_is_clone(ds->ds_dir)) { 6170 dsl_dataset_rele(ds, FTAG); 6171 dsl_pool_rele(dp, FTAG); 6172 return (SET_ERROR(EINVAL)); 6173 } 6174 6175 error = dsl_dataset_hold_obj(dp, 6176 dsl_dir_phys(ds->ds_dir)->dd_origin_obj, FTAG, &ods); 6177 if (error != 0) { 6178 dsl_dataset_rele(ds, FTAG); 6179 dsl_pool_rele(dp, FTAG); 6180 return (error); 6181 } 6182 6183 dsl_dataset_name(ods, origin); 6184 dsl_dataset_rele(ods, FTAG); 6185 dsl_dataset_rele(ds, FTAG); 6186 dsl_pool_rele(dp, FTAG); 6187 6188 /* 6189 * We don't need to unmount *all* the origin fs's snapshots, but 6190 * it's easier. 6191 */ 6192 cp = strchr(origin, '@'); 6193 if (cp) 6194 *cp = '\0'; 6195 (void) dmu_objset_find(origin, 6196 zfs_unmount_snap_cb, NULL, DS_FIND_SNAPSHOTS); 6197 return (dsl_dataset_promote(zc->zc_name, zc->zc_string)); 6198 } 6199 6200 /* 6201 * Retrieve a single {user|group|project}{used|quota}@... property. 6202 * 6203 * inputs: 6204 * zc_name name of filesystem 6205 * zc_objset_type zfs_userquota_prop_t 6206 * zc_value domain name (eg. "S-1-234-567-89") 6207 * zc_guid RID/UID/GID 6208 * 6209 * outputs: 6210 * zc_cookie property value 6211 */ 6212 static int 6213 zfs_ioc_userspace_one(zfs_cmd_t *zc) 6214 { 6215 zfsvfs_t *zfsvfs; 6216 int error; 6217 6218 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 6219 return (SET_ERROR(EINVAL)); 6220 6221 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE); 6222 if (error != 0) 6223 return (error); 6224 6225 error = zfs_userspace_one(zfsvfs, 6226 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie); 6227 zfsvfs_rele(zfsvfs, FTAG); 6228 6229 return (error); 6230 } 6231 6232 /* 6233 * inputs: 6234 * zc_name name of filesystem 6235 * zc_cookie zap cursor 6236 * zc_objset_type zfs_userquota_prop_t 6237 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist) 6238 * 6239 * outputs: 6240 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t) 6241 * zc_cookie zap cursor 6242 */ 6243 static int 6244 zfs_ioc_userspace_many(zfs_cmd_t *zc) 6245 { 6246 zfsvfs_t *zfsvfs; 6247 int bufsize = zc->zc_nvlist_dst_size; 6248 6249 if (bufsize <= 0) 6250 return (SET_ERROR(ENOMEM)); 6251 6252 int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE); 6253 if (error != 0) 6254 return (error); 6255 6256 void *buf = vmem_alloc(bufsize, KM_SLEEP); 6257 6258 error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie, 6259 buf, &zc->zc_nvlist_dst_size); 6260 6261 if (error == 0) { 6262 error = xcopyout(buf, 6263 (void *)(uintptr_t)zc->zc_nvlist_dst, 6264 zc->zc_nvlist_dst_size); 6265 } 6266 vmem_free(buf, bufsize); 6267 zfsvfs_rele(zfsvfs, FTAG); 6268 6269 return (error); 6270 } 6271 6272 /* 6273 * inputs: 6274 * zc_name name of filesystem 6275 * 6276 * outputs: 6277 * none 6278 */ 6279 static int 6280 zfs_ioc_userspace_upgrade(zfs_cmd_t *zc) 6281 { 6282 int error = 0; 6283 zfsvfs_t *zfsvfs; 6284 6285 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) { 6286 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) { 6287 /* 6288 * If userused is not enabled, it may be because the 6289 * objset needs to be closed & reopened (to grow the 6290 * objset_phys_t). Suspend/resume the fs will do that. 6291 */ 6292 dsl_dataset_t *ds, *newds; 6293 6294 ds = dmu_objset_ds(zfsvfs->z_os); 6295 error = zfs_suspend_fs(zfsvfs); 6296 if (error == 0) { 6297 dmu_objset_refresh_ownership(ds, &newds, 6298 B_TRUE, zfsvfs); 6299 error = zfs_resume_fs(zfsvfs, newds); 6300 } 6301 } 6302 if (error == 0) { 6303 mutex_enter(&zfsvfs->z_os->os_upgrade_lock); 6304 if (zfsvfs->z_os->os_upgrade_id == 0) { 6305 /* clear potential error code and retry */ 6306 zfsvfs->z_os->os_upgrade_status = 0; 6307 mutex_exit(&zfsvfs->z_os->os_upgrade_lock); 6308 6309 dsl_pool_config_enter( 6310 dmu_objset_pool(zfsvfs->z_os), FTAG); 6311 dmu_objset_userspace_upgrade(zfsvfs->z_os); 6312 dsl_pool_config_exit( 6313 dmu_objset_pool(zfsvfs->z_os), FTAG); 6314 } else { 6315 mutex_exit(&zfsvfs->z_os->os_upgrade_lock); 6316 } 6317 6318 taskq_wait_id(zfsvfs->z_os->os_spa->spa_upgrade_taskq, 6319 zfsvfs->z_os->os_upgrade_id); 6320 error = zfsvfs->z_os->os_upgrade_status; 6321 } 6322 zfs_vfs_rele(zfsvfs); 6323 } else { 6324 objset_t *os; 6325 6326 /* XXX kind of reading contents without owning */ 6327 error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, FTAG, &os); 6328 if (error != 0) 6329 return (error); 6330 6331 mutex_enter(&os->os_upgrade_lock); 6332 if (os->os_upgrade_id == 0) { 6333 /* clear potential error code and retry */ 6334 os->os_upgrade_status = 0; 6335 mutex_exit(&os->os_upgrade_lock); 6336 6337 dmu_objset_userspace_upgrade(os); 6338 } else { 6339 mutex_exit(&os->os_upgrade_lock); 6340 } 6341 6342 dsl_pool_rele(dmu_objset_pool(os), FTAG); 6343 6344 taskq_wait_id(os->os_spa->spa_upgrade_taskq, os->os_upgrade_id); 6345 error = os->os_upgrade_status; 6346 6347 dsl_dataset_rele_flags(dmu_objset_ds(os), DS_HOLD_FLAG_DECRYPT, 6348 FTAG); 6349 } 6350 return (error); 6351 } 6352 6353 /* 6354 * inputs: 6355 * zc_name name of filesystem 6356 * 6357 * outputs: 6358 * none 6359 */ 6360 static int 6361 zfs_ioc_id_quota_upgrade(zfs_cmd_t *zc) 6362 { 6363 objset_t *os; 6364 int error; 6365 6366 error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, FTAG, &os); 6367 if (error != 0) 6368 return (error); 6369 6370 if (dmu_objset_userobjspace_upgradable(os) || 6371 dmu_objset_projectquota_upgradable(os)) { 6372 mutex_enter(&os->os_upgrade_lock); 6373 if (os->os_upgrade_id == 0) { 6374 /* clear potential error code and retry */ 6375 os->os_upgrade_status = 0; 6376 mutex_exit(&os->os_upgrade_lock); 6377 6378 dmu_objset_id_quota_upgrade(os); 6379 } else { 6380 mutex_exit(&os->os_upgrade_lock); 6381 } 6382 6383 dsl_pool_rele(dmu_objset_pool(os), FTAG); 6384 6385 taskq_wait_id(os->os_spa->spa_upgrade_taskq, os->os_upgrade_id); 6386 error = os->os_upgrade_status; 6387 } else { 6388 dsl_pool_rele(dmu_objset_pool(os), FTAG); 6389 } 6390 6391 dsl_dataset_rele_flags(dmu_objset_ds(os), DS_HOLD_FLAG_DECRYPT, FTAG); 6392 6393 return (error); 6394 } 6395 6396 static int 6397 zfs_ioc_share(zfs_cmd_t *zc) 6398 { 6399 return (SET_ERROR(ENOSYS)); 6400 } 6401 6402 /* 6403 * inputs: 6404 * zc_name name of containing filesystem 6405 * zc_obj object # beyond which we want next in-use object # 6406 * 6407 * outputs: 6408 * zc_obj next in-use object # 6409 */ 6410 static int 6411 zfs_ioc_next_obj(zfs_cmd_t *zc) 6412 { 6413 objset_t *os = NULL; 6414 int error; 6415 6416 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 6417 if (error != 0) 6418 return (error); 6419 6420 error = dmu_object_next(os, &zc->zc_obj, B_FALSE, 0); 6421 6422 dmu_objset_rele(os, FTAG); 6423 return (error); 6424 } 6425 6426 /* 6427 * inputs: 6428 * zc_name name of filesystem 6429 * zc_value prefix name for snapshot 6430 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process 6431 * 6432 * outputs: 6433 * zc_value short name of new snapshot 6434 */ 6435 static int 6436 zfs_ioc_tmp_snapshot(zfs_cmd_t *zc) 6437 { 6438 char *snap_name; 6439 char *hold_name; 6440 minor_t minor; 6441 6442 zfs_file_t *fp = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor); 6443 if (fp == NULL) 6444 return (SET_ERROR(EBADF)); 6445 6446 snap_name = kmem_asprintf("%s-%016llx", zc->zc_value, 6447 (u_longlong_t)ddi_get_lbolt64()); 6448 hold_name = kmem_asprintf("%%%s", zc->zc_value); 6449 6450 int error = dsl_dataset_snapshot_tmp(zc->zc_name, snap_name, minor, 6451 hold_name); 6452 if (error == 0) 6453 (void) strlcpy(zc->zc_value, snap_name, 6454 sizeof (zc->zc_value)); 6455 kmem_strfree(snap_name); 6456 kmem_strfree(hold_name); 6457 zfs_onexit_fd_rele(fp); 6458 return (error); 6459 } 6460 6461 /* 6462 * inputs: 6463 * zc_name name of "to" snapshot 6464 * zc_value name of "from" snapshot 6465 * zc_cookie file descriptor to write diff data on 6466 * 6467 * outputs: 6468 * dmu_diff_record_t's to the file descriptor 6469 */ 6470 static int 6471 zfs_ioc_diff(zfs_cmd_t *zc) 6472 { 6473 zfs_file_t *fp; 6474 offset_t off; 6475 int error; 6476 6477 if ((fp = zfs_file_get(zc->zc_cookie)) == NULL) 6478 return (SET_ERROR(EBADF)); 6479 6480 off = zfs_file_off(fp); 6481 error = dmu_diff(zc->zc_name, zc->zc_value, fp, &off); 6482 6483 zfs_file_put(fp); 6484 6485 return (error); 6486 } 6487 6488 static int 6489 zfs_ioc_smb_acl(zfs_cmd_t *zc) 6490 { 6491 return (SET_ERROR(ENOTSUP)); 6492 } 6493 6494 /* 6495 * innvl: { 6496 * "holds" -> { snapname -> holdname (string), ... } 6497 * (optional) "cleanup_fd" -> fd (int32) 6498 * } 6499 * 6500 * outnvl: { 6501 * snapname -> error value (int32) 6502 * ... 6503 * } 6504 */ 6505 static const zfs_ioc_key_t zfs_keys_hold[] = { 6506 {"holds", DATA_TYPE_NVLIST, 0}, 6507 {"cleanup_fd", DATA_TYPE_INT32, ZK_OPTIONAL}, 6508 }; 6509 6510 static int 6511 zfs_ioc_hold(const char *pool, nvlist_t *args, nvlist_t *errlist) 6512 { 6513 (void) pool; 6514 nvpair_t *pair; 6515 nvlist_t *holds; 6516 int cleanup_fd = -1; 6517 int error; 6518 minor_t minor = 0; 6519 zfs_file_t *fp = NULL; 6520 6521 holds = fnvlist_lookup_nvlist(args, "holds"); 6522 6523 /* make sure the user didn't pass us any invalid (empty) tags */ 6524 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL; 6525 pair = nvlist_next_nvpair(holds, pair)) { 6526 const char *htag; 6527 6528 error = nvpair_value_string(pair, &htag); 6529 if (error != 0) 6530 return (SET_ERROR(error)); 6531 6532 if (strlen(htag) == 0) 6533 return (SET_ERROR(EINVAL)); 6534 } 6535 6536 if (nvlist_lookup_int32(args, "cleanup_fd", &cleanup_fd) == 0) { 6537 fp = zfs_onexit_fd_hold(cleanup_fd, &minor); 6538 if (fp == NULL) 6539 return (SET_ERROR(EBADF)); 6540 } 6541 6542 error = dsl_dataset_user_hold(holds, minor, errlist); 6543 if (fp != NULL) { 6544 ASSERT3U(minor, !=, 0); 6545 zfs_onexit_fd_rele(fp); 6546 } 6547 return (SET_ERROR(error)); 6548 } 6549 6550 /* 6551 * innvl is not used. 6552 * 6553 * outnvl: { 6554 * holdname -> time added (uint64 seconds since epoch) 6555 * ... 6556 * } 6557 */ 6558 static const zfs_ioc_key_t zfs_keys_get_holds[] = { 6559 /* no nvl keys */ 6560 }; 6561 6562 static int 6563 zfs_ioc_get_holds(const char *snapname, nvlist_t *args, nvlist_t *outnvl) 6564 { 6565 (void) args; 6566 return (dsl_dataset_get_holds(snapname, outnvl)); 6567 } 6568 6569 /* 6570 * innvl: { 6571 * snapname -> { holdname, ... } 6572 * ... 6573 * } 6574 * 6575 * outnvl: { 6576 * snapname -> error value (int32) 6577 * ... 6578 * } 6579 */ 6580 static const zfs_ioc_key_t zfs_keys_release[] = { 6581 {"<snapname>...", DATA_TYPE_NVLIST, ZK_WILDCARDLIST}, 6582 }; 6583 6584 static int 6585 zfs_ioc_release(const char *pool, nvlist_t *holds, nvlist_t *errlist) 6586 { 6587 (void) pool; 6588 return (dsl_dataset_user_release(holds, errlist)); 6589 } 6590 6591 /* 6592 * inputs: 6593 * zc_guid flags (ZEVENT_NONBLOCK) 6594 * zc_cleanup_fd zevent file descriptor 6595 * 6596 * outputs: 6597 * zc_nvlist_dst next nvlist event 6598 * zc_cookie dropped events since last get 6599 */ 6600 static int 6601 zfs_ioc_events_next(zfs_cmd_t *zc) 6602 { 6603 zfs_zevent_t *ze; 6604 nvlist_t *event = NULL; 6605 minor_t minor; 6606 uint64_t dropped = 0; 6607 int error; 6608 6609 zfs_file_t *fp = zfs_zevent_fd_hold(zc->zc_cleanup_fd, &minor, &ze); 6610 if (fp == NULL) 6611 return (SET_ERROR(EBADF)); 6612 6613 do { 6614 error = zfs_zevent_next(ze, &event, 6615 &zc->zc_nvlist_dst_size, &dropped); 6616 if (event != NULL) { 6617 zc->zc_cookie = dropped; 6618 error = put_nvlist(zc, event); 6619 nvlist_free(event); 6620 } 6621 6622 if (zc->zc_guid & ZEVENT_NONBLOCK) 6623 break; 6624 6625 if ((error == 0) || (error != ENOENT)) 6626 break; 6627 6628 error = zfs_zevent_wait(ze); 6629 if (error != 0) 6630 break; 6631 } while (1); 6632 6633 zfs_zevent_fd_rele(fp); 6634 6635 return (error); 6636 } 6637 6638 /* 6639 * outputs: 6640 * zc_cookie cleared events count 6641 */ 6642 static int 6643 zfs_ioc_events_clear(zfs_cmd_t *zc) 6644 { 6645 uint_t count; 6646 6647 zfs_zevent_drain_all(&count); 6648 zc->zc_cookie = count; 6649 6650 return (0); 6651 } 6652 6653 /* 6654 * inputs: 6655 * zc_guid eid | ZEVENT_SEEK_START | ZEVENT_SEEK_END 6656 * zc_cleanup zevent file descriptor 6657 */ 6658 static int 6659 zfs_ioc_events_seek(zfs_cmd_t *zc) 6660 { 6661 zfs_zevent_t *ze; 6662 minor_t minor; 6663 int error; 6664 6665 zfs_file_t *fp = zfs_zevent_fd_hold(zc->zc_cleanup_fd, &minor, &ze); 6666 if (fp == NULL) 6667 return (SET_ERROR(EBADF)); 6668 6669 error = zfs_zevent_seek(ze, zc->zc_guid); 6670 zfs_zevent_fd_rele(fp); 6671 6672 return (error); 6673 } 6674 6675 /* 6676 * inputs: 6677 * zc_name name of later filesystem or snapshot 6678 * zc_value full name of old snapshot or bookmark 6679 * 6680 * outputs: 6681 * zc_cookie space in bytes 6682 * zc_objset_type compressed space in bytes 6683 * zc_perm_action uncompressed space in bytes 6684 */ 6685 static int 6686 zfs_ioc_space_written(zfs_cmd_t *zc) 6687 { 6688 int error; 6689 dsl_pool_t *dp; 6690 dsl_dataset_t *new; 6691 6692 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 6693 if (error != 0) 6694 return (error); 6695 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &new); 6696 if (error != 0) { 6697 dsl_pool_rele(dp, FTAG); 6698 return (error); 6699 } 6700 if (strchr(zc->zc_value, '#') != NULL) { 6701 zfs_bookmark_phys_t bmp; 6702 error = dsl_bookmark_lookup(dp, zc->zc_value, 6703 new, &bmp); 6704 if (error == 0) { 6705 error = dsl_dataset_space_written_bookmark(&bmp, new, 6706 &zc->zc_cookie, 6707 &zc->zc_objset_type, &zc->zc_perm_action); 6708 } 6709 } else { 6710 dsl_dataset_t *old; 6711 error = dsl_dataset_hold(dp, zc->zc_value, FTAG, &old); 6712 6713 if (error == 0) { 6714 error = dsl_dataset_space_written(old, new, 6715 &zc->zc_cookie, 6716 &zc->zc_objset_type, &zc->zc_perm_action); 6717 dsl_dataset_rele(old, FTAG); 6718 } 6719 } 6720 dsl_dataset_rele(new, FTAG); 6721 dsl_pool_rele(dp, FTAG); 6722 return (error); 6723 } 6724 6725 /* 6726 * innvl: { 6727 * "firstsnap" -> snapshot name 6728 * } 6729 * 6730 * outnvl: { 6731 * "used" -> space in bytes 6732 * "compressed" -> compressed space in bytes 6733 * "uncompressed" -> uncompressed space in bytes 6734 * } 6735 */ 6736 static const zfs_ioc_key_t zfs_keys_space_snaps[] = { 6737 {"firstsnap", DATA_TYPE_STRING, 0}, 6738 }; 6739 6740 static int 6741 zfs_ioc_space_snaps(const char *lastsnap, nvlist_t *innvl, nvlist_t *outnvl) 6742 { 6743 int error; 6744 dsl_pool_t *dp; 6745 dsl_dataset_t *new, *old; 6746 const char *firstsnap; 6747 uint64_t used, comp, uncomp; 6748 6749 firstsnap = fnvlist_lookup_string(innvl, "firstsnap"); 6750 6751 error = dsl_pool_hold(lastsnap, FTAG, &dp); 6752 if (error != 0) 6753 return (error); 6754 6755 error = dsl_dataset_hold(dp, lastsnap, FTAG, &new); 6756 if (error == 0 && !new->ds_is_snapshot) { 6757 dsl_dataset_rele(new, FTAG); 6758 error = SET_ERROR(EINVAL); 6759 } 6760 if (error != 0) { 6761 dsl_pool_rele(dp, FTAG); 6762 return (error); 6763 } 6764 error = dsl_dataset_hold(dp, firstsnap, FTAG, &old); 6765 if (error == 0 && !old->ds_is_snapshot) { 6766 dsl_dataset_rele(old, FTAG); 6767 error = SET_ERROR(EINVAL); 6768 } 6769 if (error != 0) { 6770 dsl_dataset_rele(new, FTAG); 6771 dsl_pool_rele(dp, FTAG); 6772 return (error); 6773 } 6774 6775 error = dsl_dataset_space_wouldfree(old, new, &used, &comp, &uncomp); 6776 dsl_dataset_rele(old, FTAG); 6777 dsl_dataset_rele(new, FTAG); 6778 dsl_pool_rele(dp, FTAG); 6779 fnvlist_add_uint64(outnvl, "used", used); 6780 fnvlist_add_uint64(outnvl, "compressed", comp); 6781 fnvlist_add_uint64(outnvl, "uncompressed", uncomp); 6782 return (error); 6783 } 6784 6785 /* 6786 * innvl: { 6787 * "fd" -> file descriptor to write stream to (int32) 6788 * (optional) "fromsnap" -> full snap name to send an incremental from 6789 * (optional) "largeblockok" -> (value ignored) 6790 * indicates that blocks > 128KB are permitted 6791 * (optional) "embedok" -> (value ignored) 6792 * presence indicates DRR_WRITE_EMBEDDED records are permitted 6793 * (optional) "compressok" -> (value ignored) 6794 * presence indicates compressed DRR_WRITE records are permitted 6795 * (optional) "rawok" -> (value ignored) 6796 * presence indicates raw encrypted records should be used. 6797 * (optional) "savedok" -> (value ignored) 6798 * presence indicates we should send a partially received snapshot 6799 * (optional) "resume_object" and "resume_offset" -> (uint64) 6800 * if present, resume send stream from specified object and offset. 6801 * (optional) "redactbook" -> (string) 6802 * if present, use this bookmark's redaction list to generate a redacted 6803 * send stream 6804 * } 6805 * 6806 * outnvl is unused 6807 */ 6808 static const zfs_ioc_key_t zfs_keys_send_new[] = { 6809 {"fd", DATA_TYPE_INT32, 0}, 6810 {"fromsnap", DATA_TYPE_STRING, ZK_OPTIONAL}, 6811 {"largeblockok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 6812 {"embedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 6813 {"compressok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 6814 {"rawok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 6815 {"savedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 6816 {"resume_object", DATA_TYPE_UINT64, ZK_OPTIONAL}, 6817 {"resume_offset", DATA_TYPE_UINT64, ZK_OPTIONAL}, 6818 {"redactbook", DATA_TYPE_STRING, ZK_OPTIONAL}, 6819 }; 6820 6821 static int 6822 zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl) 6823 { 6824 (void) outnvl; 6825 int error; 6826 offset_t off; 6827 const char *fromname = NULL; 6828 int fd; 6829 boolean_t largeblockok; 6830 boolean_t embedok; 6831 boolean_t compressok; 6832 boolean_t rawok; 6833 boolean_t savedok; 6834 uint64_t resumeobj = 0; 6835 uint64_t resumeoff = 0; 6836 const char *redactbook = NULL; 6837 6838 fd = fnvlist_lookup_int32(innvl, "fd"); 6839 6840 (void) nvlist_lookup_string(innvl, "fromsnap", &fromname); 6841 6842 largeblockok = nvlist_exists(innvl, "largeblockok"); 6843 embedok = nvlist_exists(innvl, "embedok"); 6844 compressok = nvlist_exists(innvl, "compressok"); 6845 rawok = nvlist_exists(innvl, "rawok"); 6846 savedok = nvlist_exists(innvl, "savedok"); 6847 6848 (void) nvlist_lookup_uint64(innvl, "resume_object", &resumeobj); 6849 (void) nvlist_lookup_uint64(innvl, "resume_offset", &resumeoff); 6850 6851 (void) nvlist_lookup_string(innvl, "redactbook", &redactbook); 6852 6853 dump_bytes_arg_t dba; 6854 dmu_send_outparams_t out; 6855 error = dump_bytes_init(&dba, fd, &out); 6856 if (error) 6857 return (error); 6858 6859 off = zfs_file_off(dba.dba_fp); 6860 error = dmu_send(snapname, fromname, embedok, largeblockok, 6861 compressok, rawok, savedok, resumeobj, resumeoff, 6862 redactbook, fd, &off, &out); 6863 6864 dump_bytes_fini(&dba); 6865 6866 return (error); 6867 } 6868 6869 static int 6870 send_space_sum(objset_t *os, void *buf, int len, void *arg) 6871 { 6872 (void) os, (void) buf; 6873 uint64_t *size = arg; 6874 6875 *size += len; 6876 return (0); 6877 } 6878 6879 /* 6880 * Determine approximately how large a zfs send stream will be -- the number 6881 * of bytes that will be written to the fd supplied to zfs_ioc_send_new(). 6882 * 6883 * innvl: { 6884 * (optional) "from" -> full snap or bookmark name to send an incremental 6885 * from 6886 * (optional) "largeblockok" -> (value ignored) 6887 * indicates that blocks > 128KB are permitted 6888 * (optional) "embedok" -> (value ignored) 6889 * presence indicates DRR_WRITE_EMBEDDED records are permitted 6890 * (optional) "compressok" -> (value ignored) 6891 * presence indicates compressed DRR_WRITE records are permitted 6892 * (optional) "rawok" -> (value ignored) 6893 * presence indicates raw encrypted records should be used. 6894 * (optional) "resume_object" and "resume_offset" -> (uint64) 6895 * if present, resume send stream from specified object and offset. 6896 * (optional) "fd" -> file descriptor to use as a cookie for progress 6897 * tracking (int32) 6898 * } 6899 * 6900 * outnvl: { 6901 * "space" -> bytes of space (uint64) 6902 * } 6903 */ 6904 static const zfs_ioc_key_t zfs_keys_send_space[] = { 6905 {"from", DATA_TYPE_STRING, ZK_OPTIONAL}, 6906 {"fromsnap", DATA_TYPE_STRING, ZK_OPTIONAL}, 6907 {"largeblockok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 6908 {"embedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 6909 {"compressok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 6910 {"rawok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 6911 {"fd", DATA_TYPE_INT32, ZK_OPTIONAL}, 6912 {"redactbook", DATA_TYPE_STRING, ZK_OPTIONAL}, 6913 {"resume_object", DATA_TYPE_UINT64, ZK_OPTIONAL}, 6914 {"resume_offset", DATA_TYPE_UINT64, ZK_OPTIONAL}, 6915 {"bytes", DATA_TYPE_UINT64, ZK_OPTIONAL}, 6916 }; 6917 6918 static int 6919 zfs_ioc_send_space(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl) 6920 { 6921 dsl_pool_t *dp; 6922 dsl_dataset_t *tosnap; 6923 dsl_dataset_t *fromsnap = NULL; 6924 int error; 6925 const char *fromname = NULL; 6926 const char *redactlist_book = NULL; 6927 boolean_t largeblockok; 6928 boolean_t embedok; 6929 boolean_t compressok; 6930 boolean_t rawok; 6931 boolean_t savedok; 6932 uint64_t space = 0; 6933 boolean_t full_estimate = B_FALSE; 6934 uint64_t resumeobj = 0; 6935 uint64_t resumeoff = 0; 6936 uint64_t resume_bytes = 0; 6937 int32_t fd = -1; 6938 zfs_bookmark_phys_t zbm = {0}; 6939 6940 error = dsl_pool_hold(snapname, FTAG, &dp); 6941 if (error != 0) 6942 return (error); 6943 6944 error = dsl_dataset_hold(dp, snapname, FTAG, &tosnap); 6945 if (error != 0) { 6946 dsl_pool_rele(dp, FTAG); 6947 return (error); 6948 } 6949 (void) nvlist_lookup_int32(innvl, "fd", &fd); 6950 6951 largeblockok = nvlist_exists(innvl, "largeblockok"); 6952 embedok = nvlist_exists(innvl, "embedok"); 6953 compressok = nvlist_exists(innvl, "compressok"); 6954 rawok = nvlist_exists(innvl, "rawok"); 6955 savedok = nvlist_exists(innvl, "savedok"); 6956 boolean_t from = (nvlist_lookup_string(innvl, "from", &fromname) == 0); 6957 boolean_t altbook = (nvlist_lookup_string(innvl, "redactbook", 6958 &redactlist_book) == 0); 6959 6960 (void) nvlist_lookup_uint64(innvl, "resume_object", &resumeobj); 6961 (void) nvlist_lookup_uint64(innvl, "resume_offset", &resumeoff); 6962 (void) nvlist_lookup_uint64(innvl, "bytes", &resume_bytes); 6963 6964 if (altbook) { 6965 full_estimate = B_TRUE; 6966 } else if (from) { 6967 if (strchr(fromname, '#')) { 6968 error = dsl_bookmark_lookup(dp, fromname, tosnap, &zbm); 6969 6970 /* 6971 * dsl_bookmark_lookup() will fail with EXDEV if 6972 * the from-bookmark and tosnap are at the same txg. 6973 * However, it's valid to do a send (and therefore, 6974 * a send estimate) from and to the same time point, 6975 * if the bookmark is redacted (the incremental send 6976 * can change what's redacted on the target). In 6977 * this case, dsl_bookmark_lookup() fills in zbm 6978 * but returns EXDEV. Ignore this error. 6979 */ 6980 if (error == EXDEV && zbm.zbm_redaction_obj != 0 && 6981 zbm.zbm_guid == 6982 dsl_dataset_phys(tosnap)->ds_guid) 6983 error = 0; 6984 6985 if (error != 0) { 6986 dsl_dataset_rele(tosnap, FTAG); 6987 dsl_pool_rele(dp, FTAG); 6988 return (error); 6989 } 6990 if (zbm.zbm_redaction_obj != 0 || !(zbm.zbm_flags & 6991 ZBM_FLAG_HAS_FBN)) { 6992 full_estimate = B_TRUE; 6993 } 6994 } else if (strchr(fromname, '@')) { 6995 error = dsl_dataset_hold(dp, fromname, FTAG, &fromsnap); 6996 if (error != 0) { 6997 dsl_dataset_rele(tosnap, FTAG); 6998 dsl_pool_rele(dp, FTAG); 6999 return (error); 7000 } 7001 7002 if (!dsl_dataset_is_before(tosnap, fromsnap, 0)) { 7003 full_estimate = B_TRUE; 7004 dsl_dataset_rele(fromsnap, FTAG); 7005 } 7006 } else { 7007 /* 7008 * from is not properly formatted as a snapshot or 7009 * bookmark 7010 */ 7011 dsl_dataset_rele(tosnap, FTAG); 7012 dsl_pool_rele(dp, FTAG); 7013 return (SET_ERROR(EINVAL)); 7014 } 7015 } 7016 7017 if (full_estimate) { 7018 dmu_send_outparams_t out = {0}; 7019 offset_t off = 0; 7020 out.dso_outfunc = send_space_sum; 7021 out.dso_arg = &space; 7022 out.dso_dryrun = B_TRUE; 7023 /* 7024 * We have to release these holds so dmu_send can take them. It 7025 * will do all the error checking we need. 7026 */ 7027 dsl_dataset_rele(tosnap, FTAG); 7028 dsl_pool_rele(dp, FTAG); 7029 error = dmu_send(snapname, fromname, embedok, largeblockok, 7030 compressok, rawok, savedok, resumeobj, resumeoff, 7031 redactlist_book, fd, &off, &out); 7032 } else { 7033 error = dmu_send_estimate_fast(tosnap, fromsnap, 7034 (from && strchr(fromname, '#') != NULL ? &zbm : NULL), 7035 compressok || rawok, savedok, &space); 7036 space -= resume_bytes; 7037 if (fromsnap != NULL) 7038 dsl_dataset_rele(fromsnap, FTAG); 7039 dsl_dataset_rele(tosnap, FTAG); 7040 dsl_pool_rele(dp, FTAG); 7041 } 7042 7043 fnvlist_add_uint64(outnvl, "space", space); 7044 7045 return (error); 7046 } 7047 7048 /* 7049 * Sync the currently open TXG to disk for the specified pool. 7050 * This is somewhat similar to 'zfs_sync()'. 7051 * For cases that do not result in error this ioctl will wait for 7052 * the currently open TXG to commit before returning back to the caller. 7053 * 7054 * innvl: { 7055 * "force" -> when true, force uberblock update even if there is no dirty data. 7056 * In addition this will cause the vdev configuration to be written 7057 * out including updating the zpool cache file. (boolean_t) 7058 * } 7059 * 7060 * onvl is unused 7061 */ 7062 static const zfs_ioc_key_t zfs_keys_pool_sync[] = { 7063 {"force", DATA_TYPE_BOOLEAN_VALUE, 0}, 7064 }; 7065 7066 static int 7067 zfs_ioc_pool_sync(const char *pool, nvlist_t *innvl, nvlist_t *onvl) 7068 { 7069 (void) onvl; 7070 int err; 7071 boolean_t rc, force = B_FALSE; 7072 spa_t *spa; 7073 7074 if ((err = spa_open(pool, &spa, FTAG)) != 0) 7075 return (err); 7076 7077 if (innvl) { 7078 err = nvlist_lookup_boolean_value(innvl, "force", &rc); 7079 if (err == 0) 7080 force = rc; 7081 } 7082 7083 if (force) { 7084 spa_config_enter(spa, SCL_CONFIG, FTAG, RW_WRITER); 7085 vdev_config_dirty(spa->spa_root_vdev); 7086 spa_config_exit(spa, SCL_CONFIG, FTAG); 7087 } 7088 txg_wait_synced(spa_get_dsl(spa), 0); 7089 7090 spa_close(spa, FTAG); 7091 7092 return (0); 7093 } 7094 7095 /* 7096 * Load a user's wrapping key into the kernel. 7097 * innvl: { 7098 * "hidden_args" -> { "wkeydata" -> value } 7099 * raw uint8_t array of encryption wrapping key data (32 bytes) 7100 * (optional) "noop" -> (value ignored) 7101 * presence indicated key should only be verified, not loaded 7102 * } 7103 */ 7104 static const zfs_ioc_key_t zfs_keys_load_key[] = { 7105 {"hidden_args", DATA_TYPE_NVLIST, 0}, 7106 {"noop", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 7107 }; 7108 7109 static int 7110 zfs_ioc_load_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl) 7111 { 7112 (void) outnvl; 7113 int ret; 7114 dsl_crypto_params_t *dcp = NULL; 7115 nvlist_t *hidden_args; 7116 boolean_t noop = nvlist_exists(innvl, "noop"); 7117 7118 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) { 7119 ret = SET_ERROR(EINVAL); 7120 goto error; 7121 } 7122 7123 hidden_args = fnvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS); 7124 7125 ret = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, NULL, 7126 hidden_args, &dcp); 7127 if (ret != 0) 7128 goto error; 7129 7130 ret = spa_keystore_load_wkey(dsname, dcp, noop); 7131 if (ret != 0) 7132 goto error; 7133 7134 dsl_crypto_params_free(dcp, noop); 7135 7136 return (0); 7137 7138 error: 7139 dsl_crypto_params_free(dcp, B_TRUE); 7140 return (ret); 7141 } 7142 7143 /* 7144 * Unload a user's wrapping key from the kernel. 7145 * Both innvl and outnvl are unused. 7146 */ 7147 static const zfs_ioc_key_t zfs_keys_unload_key[] = { 7148 /* no nvl keys */ 7149 }; 7150 7151 static int 7152 zfs_ioc_unload_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl) 7153 { 7154 (void) innvl, (void) outnvl; 7155 int ret = 0; 7156 7157 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) { 7158 ret = (SET_ERROR(EINVAL)); 7159 goto out; 7160 } 7161 7162 ret = spa_keystore_unload_wkey(dsname); 7163 if (ret != 0) 7164 goto out; 7165 7166 out: 7167 return (ret); 7168 } 7169 7170 /* 7171 * Changes a user's wrapping key used to decrypt a dataset. The keyformat, 7172 * keylocation, pbkdf2salt, and pbkdf2iters properties can also be specified 7173 * here to change how the key is derived in userspace. 7174 * 7175 * innvl: { 7176 * "hidden_args" (optional) -> { "wkeydata" -> value } 7177 * raw uint8_t array of new encryption wrapping key data (32 bytes) 7178 * "props" (optional) -> { prop -> value } 7179 * } 7180 * 7181 * outnvl is unused 7182 */ 7183 static const zfs_ioc_key_t zfs_keys_change_key[] = { 7184 {"crypt_cmd", DATA_TYPE_UINT64, ZK_OPTIONAL}, 7185 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 7186 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 7187 }; 7188 7189 static int 7190 zfs_ioc_change_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl) 7191 { 7192 (void) outnvl; 7193 int ret; 7194 uint64_t cmd = DCP_CMD_NONE; 7195 dsl_crypto_params_t *dcp = NULL; 7196 nvlist_t *args = NULL, *hidden_args = NULL; 7197 7198 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) { 7199 ret = (SET_ERROR(EINVAL)); 7200 goto error; 7201 } 7202 7203 (void) nvlist_lookup_uint64(innvl, "crypt_cmd", &cmd); 7204 (void) nvlist_lookup_nvlist(innvl, "props", &args); 7205 (void) nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args); 7206 7207 ret = dsl_crypto_params_create_nvlist(cmd, args, hidden_args, &dcp); 7208 if (ret != 0) 7209 goto error; 7210 7211 ret = spa_keystore_change_key(dsname, dcp); 7212 if (ret != 0) 7213 goto error; 7214 7215 dsl_crypto_params_free(dcp, B_FALSE); 7216 7217 return (0); 7218 7219 error: 7220 dsl_crypto_params_free(dcp, B_TRUE); 7221 return (ret); 7222 } 7223 7224 static zfs_ioc_vec_t zfs_ioc_vec[ZFS_IOC_LAST - ZFS_IOC_FIRST]; 7225 7226 static void 7227 zfs_ioctl_register_legacy(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 7228 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck, 7229 boolean_t log_history, zfs_ioc_poolcheck_t pool_check) 7230 { 7231 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST]; 7232 7233 ASSERT3U(ioc, >=, ZFS_IOC_FIRST); 7234 ASSERT3U(ioc, <, ZFS_IOC_LAST); 7235 ASSERT3P(vec->zvec_legacy_func, ==, NULL); 7236 ASSERT3P(vec->zvec_func, ==, NULL); 7237 7238 vec->zvec_legacy_func = func; 7239 vec->zvec_secpolicy = secpolicy; 7240 vec->zvec_namecheck = namecheck; 7241 vec->zvec_allow_log = log_history; 7242 vec->zvec_pool_check = pool_check; 7243 } 7244 7245 /* 7246 * See the block comment at the beginning of this file for details on 7247 * each argument to this function. 7248 */ 7249 void 7250 zfs_ioctl_register(const char *name, zfs_ioc_t ioc, zfs_ioc_func_t *func, 7251 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck, 7252 zfs_ioc_poolcheck_t pool_check, boolean_t smush_outnvlist, 7253 boolean_t allow_log, const zfs_ioc_key_t *nvl_keys, size_t num_keys) 7254 { 7255 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST]; 7256 7257 ASSERT3U(ioc, >=, ZFS_IOC_FIRST); 7258 ASSERT3U(ioc, <, ZFS_IOC_LAST); 7259 ASSERT3P(vec->zvec_legacy_func, ==, NULL); 7260 ASSERT3P(vec->zvec_func, ==, NULL); 7261 7262 /* if we are logging, the name must be valid */ 7263 ASSERT(!allow_log || namecheck != NO_NAME); 7264 7265 vec->zvec_name = name; 7266 vec->zvec_func = func; 7267 vec->zvec_secpolicy = secpolicy; 7268 vec->zvec_namecheck = namecheck; 7269 vec->zvec_pool_check = pool_check; 7270 vec->zvec_smush_outnvlist = smush_outnvlist; 7271 vec->zvec_allow_log = allow_log; 7272 vec->zvec_nvl_keys = nvl_keys; 7273 vec->zvec_nvl_key_count = num_keys; 7274 } 7275 7276 static void 7277 zfs_ioctl_register_pool(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 7278 zfs_secpolicy_func_t *secpolicy, boolean_t log_history, 7279 zfs_ioc_poolcheck_t pool_check) 7280 { 7281 zfs_ioctl_register_legacy(ioc, func, secpolicy, 7282 POOL_NAME, log_history, pool_check); 7283 } 7284 7285 void 7286 zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 7287 zfs_secpolicy_func_t *secpolicy, zfs_ioc_poolcheck_t pool_check) 7288 { 7289 zfs_ioctl_register_legacy(ioc, func, secpolicy, 7290 DATASET_NAME, B_FALSE, pool_check); 7291 } 7292 7293 static void 7294 zfs_ioctl_register_pool_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func) 7295 { 7296 zfs_ioctl_register_legacy(ioc, func, zfs_secpolicy_config, 7297 POOL_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 7298 } 7299 7300 static void 7301 zfs_ioctl_register_pool_meta(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 7302 zfs_secpolicy_func_t *secpolicy) 7303 { 7304 zfs_ioctl_register_legacy(ioc, func, secpolicy, 7305 NO_NAME, B_FALSE, POOL_CHECK_NONE); 7306 } 7307 7308 static void 7309 zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc, 7310 zfs_ioc_legacy_func_t *func, zfs_secpolicy_func_t *secpolicy) 7311 { 7312 zfs_ioctl_register_legacy(ioc, func, secpolicy, 7313 DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED); 7314 } 7315 7316 static void 7317 zfs_ioctl_register_dataset_read(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func) 7318 { 7319 zfs_ioctl_register_dataset_read_secpolicy(ioc, func, 7320 zfs_secpolicy_read); 7321 } 7322 7323 static void 7324 zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 7325 zfs_secpolicy_func_t *secpolicy) 7326 { 7327 zfs_ioctl_register_legacy(ioc, func, secpolicy, 7328 DATASET_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 7329 } 7330 7331 static void 7332 zfs_ioctl_init(void) 7333 { 7334 zfs_ioctl_register("snapshot", ZFS_IOC_SNAPSHOT, 7335 zfs_ioc_snapshot, zfs_secpolicy_snapshot, POOL_NAME, 7336 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7337 zfs_keys_snapshot, ARRAY_SIZE(zfs_keys_snapshot)); 7338 7339 zfs_ioctl_register("log_history", ZFS_IOC_LOG_HISTORY, 7340 zfs_ioc_log_history, zfs_secpolicy_log_history, NO_NAME, 7341 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE, 7342 zfs_keys_log_history, ARRAY_SIZE(zfs_keys_log_history)); 7343 7344 zfs_ioctl_register("space_snaps", ZFS_IOC_SPACE_SNAPS, 7345 zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME, 7346 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE, 7347 zfs_keys_space_snaps, ARRAY_SIZE(zfs_keys_space_snaps)); 7348 7349 zfs_ioctl_register("send", ZFS_IOC_SEND_NEW, 7350 zfs_ioc_send_new, zfs_secpolicy_send_new, DATASET_NAME, 7351 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE, 7352 zfs_keys_send_new, ARRAY_SIZE(zfs_keys_send_new)); 7353 7354 zfs_ioctl_register("send_space", ZFS_IOC_SEND_SPACE, 7355 zfs_ioc_send_space, zfs_secpolicy_read, DATASET_NAME, 7356 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE, 7357 zfs_keys_send_space, ARRAY_SIZE(zfs_keys_send_space)); 7358 7359 zfs_ioctl_register("create", ZFS_IOC_CREATE, 7360 zfs_ioc_create, zfs_secpolicy_create_clone, DATASET_NAME, 7361 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7362 zfs_keys_create, ARRAY_SIZE(zfs_keys_create)); 7363 7364 zfs_ioctl_register("clone", ZFS_IOC_CLONE, 7365 zfs_ioc_clone, zfs_secpolicy_create_clone, DATASET_NAME, 7366 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7367 zfs_keys_clone, ARRAY_SIZE(zfs_keys_clone)); 7368 7369 zfs_ioctl_register("remap", ZFS_IOC_REMAP, 7370 zfs_ioc_remap, zfs_secpolicy_none, DATASET_NAME, 7371 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE, 7372 zfs_keys_remap, ARRAY_SIZE(zfs_keys_remap)); 7373 7374 zfs_ioctl_register("destroy_snaps", ZFS_IOC_DESTROY_SNAPS, 7375 zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, POOL_NAME, 7376 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7377 zfs_keys_destroy_snaps, ARRAY_SIZE(zfs_keys_destroy_snaps)); 7378 7379 zfs_ioctl_register("hold", ZFS_IOC_HOLD, 7380 zfs_ioc_hold, zfs_secpolicy_hold, POOL_NAME, 7381 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7382 zfs_keys_hold, ARRAY_SIZE(zfs_keys_hold)); 7383 zfs_ioctl_register("release", ZFS_IOC_RELEASE, 7384 zfs_ioc_release, zfs_secpolicy_release, POOL_NAME, 7385 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7386 zfs_keys_release, ARRAY_SIZE(zfs_keys_release)); 7387 7388 zfs_ioctl_register("get_holds", ZFS_IOC_GET_HOLDS, 7389 zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME, 7390 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE, 7391 zfs_keys_get_holds, ARRAY_SIZE(zfs_keys_get_holds)); 7392 7393 zfs_ioctl_register("rollback", ZFS_IOC_ROLLBACK, 7394 zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME, 7395 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE, 7396 zfs_keys_rollback, ARRAY_SIZE(zfs_keys_rollback)); 7397 7398 zfs_ioctl_register("bookmark", ZFS_IOC_BOOKMARK, 7399 zfs_ioc_bookmark, zfs_secpolicy_bookmark, POOL_NAME, 7400 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7401 zfs_keys_bookmark, ARRAY_SIZE(zfs_keys_bookmark)); 7402 7403 zfs_ioctl_register("get_bookmarks", ZFS_IOC_GET_BOOKMARKS, 7404 zfs_ioc_get_bookmarks, zfs_secpolicy_read, DATASET_NAME, 7405 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE, 7406 zfs_keys_get_bookmarks, ARRAY_SIZE(zfs_keys_get_bookmarks)); 7407 7408 zfs_ioctl_register("get_bookmark_props", ZFS_IOC_GET_BOOKMARK_PROPS, 7409 zfs_ioc_get_bookmark_props, zfs_secpolicy_read, ENTITY_NAME, 7410 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE, zfs_keys_get_bookmark_props, 7411 ARRAY_SIZE(zfs_keys_get_bookmark_props)); 7412 7413 zfs_ioctl_register("destroy_bookmarks", ZFS_IOC_DESTROY_BOOKMARKS, 7414 zfs_ioc_destroy_bookmarks, zfs_secpolicy_destroy_bookmarks, 7415 POOL_NAME, 7416 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7417 zfs_keys_destroy_bookmarks, 7418 ARRAY_SIZE(zfs_keys_destroy_bookmarks)); 7419 7420 zfs_ioctl_register("receive", ZFS_IOC_RECV_NEW, 7421 zfs_ioc_recv_new, zfs_secpolicy_recv, DATASET_NAME, 7422 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7423 zfs_keys_recv_new, ARRAY_SIZE(zfs_keys_recv_new)); 7424 zfs_ioctl_register("load-key", ZFS_IOC_LOAD_KEY, 7425 zfs_ioc_load_key, zfs_secpolicy_load_key, 7426 DATASET_NAME, POOL_CHECK_SUSPENDED, B_TRUE, B_TRUE, 7427 zfs_keys_load_key, ARRAY_SIZE(zfs_keys_load_key)); 7428 zfs_ioctl_register("unload-key", ZFS_IOC_UNLOAD_KEY, 7429 zfs_ioc_unload_key, zfs_secpolicy_load_key, 7430 DATASET_NAME, POOL_CHECK_SUSPENDED, B_TRUE, B_TRUE, 7431 zfs_keys_unload_key, ARRAY_SIZE(zfs_keys_unload_key)); 7432 zfs_ioctl_register("change-key", ZFS_IOC_CHANGE_KEY, 7433 zfs_ioc_change_key, zfs_secpolicy_change_key, 7434 DATASET_NAME, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, 7435 B_TRUE, B_TRUE, zfs_keys_change_key, 7436 ARRAY_SIZE(zfs_keys_change_key)); 7437 7438 zfs_ioctl_register("sync", ZFS_IOC_POOL_SYNC, 7439 zfs_ioc_pool_sync, zfs_secpolicy_none, POOL_NAME, 7440 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE, 7441 zfs_keys_pool_sync, ARRAY_SIZE(zfs_keys_pool_sync)); 7442 zfs_ioctl_register("reopen", ZFS_IOC_POOL_REOPEN, zfs_ioc_pool_reopen, 7443 zfs_secpolicy_config, POOL_NAME, POOL_CHECK_SUSPENDED, B_TRUE, 7444 B_TRUE, zfs_keys_pool_reopen, ARRAY_SIZE(zfs_keys_pool_reopen)); 7445 7446 zfs_ioctl_register("channel_program", ZFS_IOC_CHANNEL_PROGRAM, 7447 zfs_ioc_channel_program, zfs_secpolicy_config, 7448 POOL_NAME, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, 7449 B_TRUE, zfs_keys_channel_program, 7450 ARRAY_SIZE(zfs_keys_channel_program)); 7451 7452 zfs_ioctl_register("redact", ZFS_IOC_REDACT, 7453 zfs_ioc_redact, zfs_secpolicy_config, DATASET_NAME, 7454 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7455 zfs_keys_redact, ARRAY_SIZE(zfs_keys_redact)); 7456 7457 zfs_ioctl_register("zpool_checkpoint", ZFS_IOC_POOL_CHECKPOINT, 7458 zfs_ioc_pool_checkpoint, zfs_secpolicy_config, POOL_NAME, 7459 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7460 zfs_keys_pool_checkpoint, ARRAY_SIZE(zfs_keys_pool_checkpoint)); 7461 7462 zfs_ioctl_register("zpool_discard_checkpoint", 7463 ZFS_IOC_POOL_DISCARD_CHECKPOINT, zfs_ioc_pool_discard_checkpoint, 7464 zfs_secpolicy_config, POOL_NAME, 7465 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7466 zfs_keys_pool_discard_checkpoint, 7467 ARRAY_SIZE(zfs_keys_pool_discard_checkpoint)); 7468 7469 zfs_ioctl_register("zpool_prefetch", 7470 ZFS_IOC_POOL_PREFETCH, zfs_ioc_pool_prefetch, 7471 zfs_secpolicy_config, POOL_NAME, 7472 POOL_CHECK_SUSPENDED, B_TRUE, B_TRUE, 7473 zfs_keys_pool_prefetch, ARRAY_SIZE(zfs_keys_pool_prefetch)); 7474 7475 zfs_ioctl_register("initialize", ZFS_IOC_POOL_INITIALIZE, 7476 zfs_ioc_pool_initialize, zfs_secpolicy_config, POOL_NAME, 7477 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7478 zfs_keys_pool_initialize, ARRAY_SIZE(zfs_keys_pool_initialize)); 7479 7480 zfs_ioctl_register("trim", ZFS_IOC_POOL_TRIM, 7481 zfs_ioc_pool_trim, zfs_secpolicy_config, POOL_NAME, 7482 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7483 zfs_keys_pool_trim, ARRAY_SIZE(zfs_keys_pool_trim)); 7484 7485 zfs_ioctl_register("wait", ZFS_IOC_WAIT, 7486 zfs_ioc_wait, zfs_secpolicy_none, POOL_NAME, 7487 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE, 7488 zfs_keys_pool_wait, ARRAY_SIZE(zfs_keys_pool_wait)); 7489 7490 zfs_ioctl_register("wait_fs", ZFS_IOC_WAIT_FS, 7491 zfs_ioc_wait_fs, zfs_secpolicy_none, DATASET_NAME, 7492 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE, 7493 zfs_keys_fs_wait, ARRAY_SIZE(zfs_keys_fs_wait)); 7494 7495 zfs_ioctl_register("set_bootenv", ZFS_IOC_SET_BOOTENV, 7496 zfs_ioc_set_bootenv, zfs_secpolicy_config, POOL_NAME, 7497 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE, 7498 zfs_keys_set_bootenv, ARRAY_SIZE(zfs_keys_set_bootenv)); 7499 7500 zfs_ioctl_register("get_bootenv", ZFS_IOC_GET_BOOTENV, 7501 zfs_ioc_get_bootenv, zfs_secpolicy_none, POOL_NAME, 7502 POOL_CHECK_SUSPENDED, B_FALSE, B_TRUE, 7503 zfs_keys_get_bootenv, ARRAY_SIZE(zfs_keys_get_bootenv)); 7504 7505 zfs_ioctl_register("zpool_vdev_get_props", ZFS_IOC_VDEV_GET_PROPS, 7506 zfs_ioc_vdev_get_props, zfs_secpolicy_read, POOL_NAME, 7507 POOL_CHECK_NONE, B_FALSE, B_FALSE, zfs_keys_vdev_get_props, 7508 ARRAY_SIZE(zfs_keys_vdev_get_props)); 7509 7510 zfs_ioctl_register("zpool_vdev_set_props", ZFS_IOC_VDEV_SET_PROPS, 7511 zfs_ioc_vdev_set_props, zfs_secpolicy_config, POOL_NAME, 7512 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE, 7513 zfs_keys_vdev_set_props, ARRAY_SIZE(zfs_keys_vdev_set_props)); 7514 7515 zfs_ioctl_register("scrub", ZFS_IOC_POOL_SCRUB, 7516 zfs_ioc_pool_scrub, zfs_secpolicy_config, POOL_NAME, 7517 POOL_CHECK_NONE, B_TRUE, B_TRUE, 7518 zfs_keys_pool_scrub, ARRAY_SIZE(zfs_keys_pool_scrub)); 7519 7520 zfs_ioctl_register("get_props", ZFS_IOC_POOL_GET_PROPS, 7521 zfs_ioc_pool_get_props, zfs_secpolicy_read, POOL_NAME, 7522 POOL_CHECK_NONE, B_FALSE, B_FALSE, 7523 zfs_keys_get_props, ARRAY_SIZE(zfs_keys_get_props)); 7524 7525 zfs_ioctl_register("zpool_ddt_prune", ZFS_IOC_DDT_PRUNE, 7526 zfs_ioc_ddt_prune, zfs_secpolicy_config, POOL_NAME, 7527 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 7528 zfs_keys_ddt_prune, ARRAY_SIZE(zfs_keys_ddt_prune)); 7529 7530 /* IOCTLS that use the legacy function signature */ 7531 7532 zfs_ioctl_register_legacy(ZFS_IOC_POOL_FREEZE, zfs_ioc_pool_freeze, 7533 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_READONLY); 7534 7535 zfs_ioctl_register_pool(ZFS_IOC_POOL_CREATE, zfs_ioc_pool_create, 7536 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE); 7537 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SCAN, 7538 zfs_ioc_pool_scan); 7539 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_UPGRADE, 7540 zfs_ioc_pool_upgrade); 7541 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ADD, 7542 zfs_ioc_vdev_add); 7543 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_REMOVE, 7544 zfs_ioc_vdev_remove); 7545 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SET_STATE, 7546 zfs_ioc_vdev_set_state); 7547 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ATTACH, 7548 zfs_ioc_vdev_attach); 7549 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_DETACH, 7550 zfs_ioc_vdev_detach); 7551 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETPATH, 7552 zfs_ioc_vdev_setpath); 7553 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETFRU, 7554 zfs_ioc_vdev_setfru); 7555 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SET_PROPS, 7556 zfs_ioc_pool_set_props); 7557 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SPLIT, 7558 zfs_ioc_vdev_split); 7559 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_REGUID, 7560 zfs_ioc_pool_reguid); 7561 7562 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_CONFIGS, 7563 zfs_ioc_pool_configs, zfs_secpolicy_none); 7564 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_TRYIMPORT, 7565 zfs_ioc_pool_tryimport, zfs_secpolicy_config); 7566 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_FAULT, 7567 zfs_ioc_inject_fault, zfs_secpolicy_inject); 7568 zfs_ioctl_register_pool_meta(ZFS_IOC_CLEAR_FAULT, 7569 zfs_ioc_clear_fault, zfs_secpolicy_inject); 7570 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_LIST_NEXT, 7571 zfs_ioc_inject_list_next, zfs_secpolicy_inject); 7572 7573 /* 7574 * pool destroy, and export don't log the history as part of 7575 * zfsdev_ioctl, but rather zfs_ioc_pool_export 7576 * does the logging of those commands. 7577 */ 7578 zfs_ioctl_register_pool(ZFS_IOC_POOL_DESTROY, zfs_ioc_pool_destroy, 7579 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED); 7580 zfs_ioctl_register_pool(ZFS_IOC_POOL_EXPORT, zfs_ioc_pool_export, 7581 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED); 7582 7583 zfs_ioctl_register_pool(ZFS_IOC_POOL_STATS, zfs_ioc_pool_stats, 7584 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE); 7585 7586 zfs_ioctl_register_pool(ZFS_IOC_ERROR_LOG, zfs_ioc_error_log, 7587 zfs_secpolicy_inject, B_FALSE, POOL_CHECK_SUSPENDED); 7588 zfs_ioctl_register_pool(ZFS_IOC_DSOBJ_TO_DSNAME, 7589 zfs_ioc_dsobj_to_dsname, 7590 zfs_secpolicy_diff, B_FALSE, POOL_CHECK_SUSPENDED); 7591 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_HISTORY, 7592 zfs_ioc_pool_get_history, 7593 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED); 7594 7595 zfs_ioctl_register_pool(ZFS_IOC_POOL_IMPORT, zfs_ioc_pool_import, 7596 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE); 7597 7598 zfs_ioctl_register_pool(ZFS_IOC_CLEAR, zfs_ioc_clear, 7599 zfs_secpolicy_config, B_TRUE, POOL_CHECK_READONLY); 7600 7601 zfs_ioctl_register_dataset_read(ZFS_IOC_SPACE_WRITTEN, 7602 zfs_ioc_space_written); 7603 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_RECVD_PROPS, 7604 zfs_ioc_objset_recvd_props); 7605 zfs_ioctl_register_dataset_read(ZFS_IOC_NEXT_OBJ, 7606 zfs_ioc_next_obj); 7607 zfs_ioctl_register_dataset_read(ZFS_IOC_GET_FSACL, 7608 zfs_ioc_get_fsacl); 7609 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_STATS, 7610 zfs_ioc_objset_stats); 7611 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_ZPLPROPS, 7612 zfs_ioc_objset_zplprops); 7613 zfs_ioctl_register_dataset_read(ZFS_IOC_DATASET_LIST_NEXT, 7614 zfs_ioc_dataset_list_next); 7615 zfs_ioctl_register_dataset_read(ZFS_IOC_SNAPSHOT_LIST_NEXT, 7616 zfs_ioc_snapshot_list_next); 7617 zfs_ioctl_register_dataset_read(ZFS_IOC_SEND_PROGRESS, 7618 zfs_ioc_send_progress); 7619 7620 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_DIFF, 7621 zfs_ioc_diff, zfs_secpolicy_diff); 7622 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_STATS, 7623 zfs_ioc_obj_to_stats, zfs_secpolicy_diff); 7624 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_PATH, 7625 zfs_ioc_obj_to_path, zfs_secpolicy_diff); 7626 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_ONE, 7627 zfs_ioc_userspace_one, zfs_secpolicy_userspace_one); 7628 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_MANY, 7629 zfs_ioc_userspace_many, zfs_secpolicy_userspace_many); 7630 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_SEND, 7631 zfs_ioc_send, zfs_secpolicy_send); 7632 7633 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_PROP, zfs_ioc_set_prop, 7634 zfs_secpolicy_none); 7635 zfs_ioctl_register_dataset_modify(ZFS_IOC_DESTROY, zfs_ioc_destroy, 7636 zfs_secpolicy_destroy); 7637 zfs_ioctl_register_dataset_modify(ZFS_IOC_RENAME, zfs_ioc_rename, 7638 zfs_secpolicy_rename); 7639 zfs_ioctl_register_dataset_modify(ZFS_IOC_RECV, zfs_ioc_recv, 7640 zfs_secpolicy_recv); 7641 zfs_ioctl_register_dataset_modify(ZFS_IOC_PROMOTE, zfs_ioc_promote, 7642 zfs_secpolicy_promote); 7643 zfs_ioctl_register_dataset_modify(ZFS_IOC_INHERIT_PROP, 7644 zfs_ioc_inherit_prop, zfs_secpolicy_inherit_prop); 7645 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_FSACL, zfs_ioc_set_fsacl, 7646 zfs_secpolicy_set_fsacl); 7647 7648 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SHARE, zfs_ioc_share, 7649 zfs_secpolicy_share, POOL_CHECK_NONE); 7650 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SMB_ACL, zfs_ioc_smb_acl, 7651 zfs_secpolicy_smb_acl, POOL_CHECK_NONE); 7652 zfs_ioctl_register_dataset_nolog(ZFS_IOC_USERSPACE_UPGRADE, 7653 zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade, 7654 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 7655 zfs_ioctl_register_dataset_nolog(ZFS_IOC_TMP_SNAPSHOT, 7656 zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot, 7657 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 7658 7659 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_NEXT, zfs_ioc_events_next, 7660 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE); 7661 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_CLEAR, zfs_ioc_events_clear, 7662 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE); 7663 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_SEEK, zfs_ioc_events_seek, 7664 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE); 7665 7666 zfs_ioctl_init_os(); 7667 } 7668 7669 /* 7670 * Verify that for non-legacy ioctls the input nvlist 7671 * pairs match against the expected input. 7672 * 7673 * Possible errors are: 7674 * ZFS_ERR_IOC_ARG_UNAVAIL An unrecognized nvpair was encountered 7675 * ZFS_ERR_IOC_ARG_REQUIRED A required nvpair is missing 7676 * ZFS_ERR_IOC_ARG_BADTYPE Invalid type for nvpair 7677 */ 7678 static int 7679 zfs_check_input_nvpairs(nvlist_t *innvl, const zfs_ioc_vec_t *vec) 7680 { 7681 const zfs_ioc_key_t *nvl_keys = vec->zvec_nvl_keys; 7682 boolean_t required_keys_found = B_FALSE; 7683 7684 /* 7685 * examine each input pair 7686 */ 7687 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL); 7688 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) { 7689 const char *name = nvpair_name(pair); 7690 data_type_t type = nvpair_type(pair); 7691 boolean_t identified = B_FALSE; 7692 7693 /* 7694 * check pair against the documented names and type 7695 */ 7696 for (int k = 0; k < vec->zvec_nvl_key_count; k++) { 7697 /* if not a wild card name, check for an exact match */ 7698 if ((nvl_keys[k].zkey_flags & ZK_WILDCARDLIST) == 0 && 7699 strcmp(nvl_keys[k].zkey_name, name) != 0) 7700 continue; 7701 7702 identified = B_TRUE; 7703 7704 if (nvl_keys[k].zkey_type != DATA_TYPE_ANY && 7705 nvl_keys[k].zkey_type != type) { 7706 return (SET_ERROR(ZFS_ERR_IOC_ARG_BADTYPE)); 7707 } 7708 7709 if (nvl_keys[k].zkey_flags & ZK_OPTIONAL) 7710 continue; 7711 7712 required_keys_found = B_TRUE; 7713 break; 7714 } 7715 7716 /* allow an 'optional' key, everything else is invalid */ 7717 if (!identified && 7718 (strcmp(name, "optional") != 0 || 7719 type != DATA_TYPE_NVLIST)) { 7720 return (SET_ERROR(ZFS_ERR_IOC_ARG_UNAVAIL)); 7721 } 7722 } 7723 7724 /* verify that all required keys were found */ 7725 for (int k = 0; k < vec->zvec_nvl_key_count; k++) { 7726 if (nvl_keys[k].zkey_flags & ZK_OPTIONAL) 7727 continue; 7728 7729 if (nvl_keys[k].zkey_flags & ZK_WILDCARDLIST) { 7730 /* at least one non-optional key is expected here */ 7731 if (!required_keys_found) 7732 return (SET_ERROR(ZFS_ERR_IOC_ARG_REQUIRED)); 7733 continue; 7734 } 7735 7736 if (!nvlist_exists(innvl, nvl_keys[k].zkey_name)) 7737 return (SET_ERROR(ZFS_ERR_IOC_ARG_REQUIRED)); 7738 } 7739 7740 return (0); 7741 } 7742 7743 static int 7744 pool_status_check(const char *name, zfs_ioc_namecheck_t type, 7745 zfs_ioc_poolcheck_t check) 7746 { 7747 spa_t *spa; 7748 int error; 7749 7750 ASSERT(type == POOL_NAME || type == DATASET_NAME || 7751 type == ENTITY_NAME); 7752 7753 if (check & POOL_CHECK_NONE) 7754 return (0); 7755 7756 error = spa_open(name, &spa, FTAG); 7757 if (error == 0) { 7758 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa)) 7759 error = SET_ERROR(EAGAIN); 7760 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa)) 7761 error = SET_ERROR(EROFS); 7762 spa_close(spa, FTAG); 7763 } 7764 return (error); 7765 } 7766 7767 int 7768 zfsdev_getminor(zfs_file_t *fp, minor_t *minorp) 7769 { 7770 zfsdev_state_t *zs, *fpd; 7771 7772 ASSERT(!MUTEX_HELD(&zfsdev_state_lock)); 7773 7774 fpd = zfs_file_private(fp); 7775 if (fpd == NULL) 7776 return (SET_ERROR(EBADF)); 7777 7778 mutex_enter(&zfsdev_state_lock); 7779 7780 for (zs = &zfsdev_state_listhead; zs != NULL; zs = zs->zs_next) { 7781 7782 if (zs->zs_minor == -1) 7783 continue; 7784 7785 if (fpd == zs) { 7786 *minorp = fpd->zs_minor; 7787 mutex_exit(&zfsdev_state_lock); 7788 return (0); 7789 } 7790 } 7791 7792 mutex_exit(&zfsdev_state_lock); 7793 7794 return (SET_ERROR(EBADF)); 7795 } 7796 7797 void * 7798 zfsdev_get_state(minor_t minor, enum zfsdev_state_type which) 7799 { 7800 zfsdev_state_t *zs; 7801 7802 for (zs = &zfsdev_state_listhead; zs != NULL; zs = zs->zs_next) { 7803 if (zs->zs_minor == minor) { 7804 membar_consumer(); 7805 switch (which) { 7806 case ZST_ONEXIT: 7807 return (zs->zs_onexit); 7808 case ZST_ZEVENT: 7809 return (zs->zs_zevent); 7810 case ZST_ALL: 7811 return (zs); 7812 } 7813 } 7814 } 7815 7816 return (NULL); 7817 } 7818 7819 /* 7820 * Find a free minor number. The zfsdev_state_list is expected to 7821 * be short since it is only a list of currently open file handles. 7822 */ 7823 static minor_t 7824 zfsdev_minor_alloc(void) 7825 { 7826 static minor_t last_minor = 0; 7827 minor_t m; 7828 7829 ASSERT(MUTEX_HELD(&zfsdev_state_lock)); 7830 7831 for (m = last_minor + 1; m != last_minor; m++) { 7832 if (m > ZFSDEV_MAX_MINOR) 7833 m = 1; 7834 if (zfsdev_get_state(m, ZST_ALL) == NULL) { 7835 last_minor = m; 7836 return (m); 7837 } 7838 } 7839 7840 return (0); 7841 } 7842 7843 int 7844 zfsdev_state_init(void *priv) 7845 { 7846 zfsdev_state_t *zs, *zsprev = NULL; 7847 minor_t minor; 7848 boolean_t newzs = B_FALSE; 7849 7850 ASSERT(MUTEX_HELD(&zfsdev_state_lock)); 7851 7852 minor = zfsdev_minor_alloc(); 7853 if (minor == 0) 7854 return (SET_ERROR(ENXIO)); 7855 7856 for (zs = &zfsdev_state_listhead; zs != NULL; zs = zs->zs_next) { 7857 if (zs->zs_minor == -1) 7858 break; 7859 zsprev = zs; 7860 } 7861 7862 if (!zs) { 7863 zs = kmem_zalloc(sizeof (zfsdev_state_t), KM_SLEEP); 7864 newzs = B_TRUE; 7865 } 7866 7867 zfsdev_private_set_state(priv, zs); 7868 7869 zfs_onexit_init((zfs_onexit_t **)&zs->zs_onexit); 7870 zfs_zevent_init((zfs_zevent_t **)&zs->zs_zevent); 7871 7872 /* 7873 * In order to provide for lock-free concurrent read access 7874 * to the minor list in zfsdev_get_state(), new entries 7875 * must be completely written before linking them into the 7876 * list whereas existing entries are already linked; the last 7877 * operation must be updating zs_minor (from -1 to the new 7878 * value). 7879 */ 7880 if (newzs) { 7881 zs->zs_minor = minor; 7882 membar_producer(); 7883 zsprev->zs_next = zs; 7884 } else { 7885 membar_producer(); 7886 zs->zs_minor = minor; 7887 } 7888 7889 return (0); 7890 } 7891 7892 void 7893 zfsdev_state_destroy(void *priv) 7894 { 7895 zfsdev_state_t *zs = zfsdev_private_get_state(priv); 7896 7897 ASSERT(zs != NULL); 7898 ASSERT3S(zs->zs_minor, >, 0); 7899 7900 /* 7901 * The last reference to this zfsdev file descriptor is being dropped. 7902 * We don't have to worry about lookup grabbing this state object, and 7903 * zfsdev_state_init() will not try to reuse this object until it is 7904 * invalidated by setting zs_minor to -1. Invalidation must be done 7905 * last, with a memory barrier to ensure ordering. This lets us avoid 7906 * taking the global zfsdev state lock around destruction. 7907 */ 7908 zfs_onexit_destroy(zs->zs_onexit); 7909 zfs_zevent_destroy(zs->zs_zevent); 7910 zs->zs_onexit = NULL; 7911 zs->zs_zevent = NULL; 7912 membar_producer(); 7913 zs->zs_minor = -1; 7914 } 7915 7916 long 7917 zfsdev_ioctl_common(uint_t vecnum, zfs_cmd_t *zc, int flag) 7918 { 7919 int error, cmd; 7920 const zfs_ioc_vec_t *vec; 7921 char *saved_poolname = NULL; 7922 uint64_t max_nvlist_src_size; 7923 size_t saved_poolname_len = 0; 7924 nvlist_t *innvl = NULL; 7925 fstrans_cookie_t cookie; 7926 hrtime_t start_time = gethrtime(); 7927 7928 cmd = vecnum; 7929 error = 0; 7930 if (vecnum >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0])) 7931 return (SET_ERROR(ZFS_ERR_IOC_CMD_UNAVAIL)); 7932 7933 vec = &zfs_ioc_vec[vecnum]; 7934 7935 /* 7936 * The registered ioctl list may be sparse, verify that either 7937 * a normal or legacy handler are registered. 7938 */ 7939 if (vec->zvec_func == NULL && vec->zvec_legacy_func == NULL) 7940 return (SET_ERROR(ZFS_ERR_IOC_CMD_UNAVAIL)); 7941 7942 zc->zc_iflags = flag & FKIOCTL; 7943 max_nvlist_src_size = zfs_max_nvlist_src_size_os(); 7944 if (zc->zc_nvlist_src_size > max_nvlist_src_size) { 7945 /* 7946 * Make sure the user doesn't pass in an insane value for 7947 * zc_nvlist_src_size. We have to check, since we will end 7948 * up allocating that much memory inside of get_nvlist(). This 7949 * prevents a nefarious user from allocating tons of kernel 7950 * memory. 7951 * 7952 * Also, we return EINVAL instead of ENOMEM here. The reason 7953 * being that returning ENOMEM from an ioctl() has a special 7954 * connotation; that the user's size value is too small and 7955 * needs to be expanded to hold the nvlist. See 7956 * zcmd_expand_dst_nvlist() for details. 7957 */ 7958 error = SET_ERROR(EINVAL); /* User's size too big */ 7959 7960 } else if (zc->zc_nvlist_src_size != 0) { 7961 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 7962 zc->zc_iflags, &innvl); 7963 if (error != 0) 7964 goto out; 7965 } 7966 7967 /* 7968 * Ensure that all pool/dataset names are valid before we pass down to 7969 * the lower layers. 7970 */ 7971 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0'; 7972 switch (vec->zvec_namecheck) { 7973 case POOL_NAME: 7974 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0) 7975 error = SET_ERROR(EINVAL); 7976 else 7977 error = pool_status_check(zc->zc_name, 7978 vec->zvec_namecheck, vec->zvec_pool_check); 7979 break; 7980 7981 case DATASET_NAME: 7982 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0) 7983 error = SET_ERROR(EINVAL); 7984 else 7985 error = pool_status_check(zc->zc_name, 7986 vec->zvec_namecheck, vec->zvec_pool_check); 7987 break; 7988 7989 case ENTITY_NAME: 7990 if (entity_namecheck(zc->zc_name, NULL, NULL) != 0) { 7991 error = SET_ERROR(EINVAL); 7992 } else { 7993 error = pool_status_check(zc->zc_name, 7994 vec->zvec_namecheck, vec->zvec_pool_check); 7995 } 7996 break; 7997 7998 case NO_NAME: 7999 break; 8000 } 8001 /* 8002 * Ensure that all input pairs are valid before we pass them down 8003 * to the lower layers. 8004 * 8005 * The vectored functions can use fnvlist_lookup_{type} for any 8006 * required pairs since zfs_check_input_nvpairs() confirmed that 8007 * they exist and are of the correct type. 8008 */ 8009 if (error == 0 && vec->zvec_func != NULL) { 8010 error = zfs_check_input_nvpairs(innvl, vec); 8011 if (error != 0) 8012 goto out; 8013 } 8014 8015 if (error == 0) { 8016 cookie = spl_fstrans_mark(); 8017 error = vec->zvec_secpolicy(zc, innvl, CRED()); 8018 spl_fstrans_unmark(cookie); 8019 } 8020 8021 if (error != 0) 8022 goto out; 8023 8024 /* legacy ioctls can modify zc_name */ 8025 /* 8026 * Can't use kmem_strdup() as we might truncate the string and 8027 * kmem_strfree() would then free with incorrect size. 8028 */ 8029 saved_poolname_len = strlen(zc->zc_name) + 1; 8030 saved_poolname = kmem_alloc(saved_poolname_len, KM_SLEEP); 8031 8032 strlcpy(saved_poolname, zc->zc_name, saved_poolname_len); 8033 saved_poolname[strcspn(saved_poolname, "/@#")] = '\0'; 8034 8035 if (vec->zvec_func != NULL) { 8036 nvlist_t *outnvl; 8037 int puterror = 0; 8038 spa_t *spa; 8039 nvlist_t *lognv = NULL; 8040 8041 ASSERT(vec->zvec_legacy_func == NULL); 8042 8043 /* 8044 * Add the innvl to the lognv before calling the func, 8045 * in case the func changes the innvl. 8046 */ 8047 if (vec->zvec_allow_log) { 8048 lognv = fnvlist_alloc(); 8049 fnvlist_add_string(lognv, ZPOOL_HIST_IOCTL, 8050 vec->zvec_name); 8051 if (!nvlist_empty(innvl)) { 8052 fnvlist_add_nvlist(lognv, ZPOOL_HIST_INPUT_NVL, 8053 innvl); 8054 } 8055 } 8056 8057 outnvl = fnvlist_alloc(); 8058 cookie = spl_fstrans_mark(); 8059 error = vec->zvec_func(zc->zc_name, innvl, outnvl); 8060 spl_fstrans_unmark(cookie); 8061 8062 /* 8063 * Some commands can partially execute, modify state, and still 8064 * return an error. In these cases, attempt to record what 8065 * was modified. 8066 */ 8067 if ((error == 0 || 8068 (cmd == ZFS_IOC_CHANNEL_PROGRAM && error != EINVAL)) && 8069 vec->zvec_allow_log && 8070 spa_open(zc->zc_name, &spa, FTAG) == 0) { 8071 if (!nvlist_empty(outnvl)) { 8072 size_t out_size = fnvlist_size(outnvl); 8073 if (out_size > zfs_history_output_max) { 8074 fnvlist_add_int64(lognv, 8075 ZPOOL_HIST_OUTPUT_SIZE, out_size); 8076 } else { 8077 fnvlist_add_nvlist(lognv, 8078 ZPOOL_HIST_OUTPUT_NVL, outnvl); 8079 } 8080 } 8081 if (error != 0) { 8082 fnvlist_add_int64(lognv, ZPOOL_HIST_ERRNO, 8083 error); 8084 } 8085 fnvlist_add_int64(lognv, ZPOOL_HIST_ELAPSED_NS, 8086 gethrtime() - start_time); 8087 (void) spa_history_log_nvl(spa, lognv); 8088 spa_close(spa, FTAG); 8089 } 8090 fnvlist_free(lognv); 8091 8092 if (!nvlist_empty(outnvl) || zc->zc_nvlist_dst_size != 0) { 8093 int smusherror = 0; 8094 if (vec->zvec_smush_outnvlist) { 8095 smusherror = nvlist_smush(outnvl, 8096 zc->zc_nvlist_dst_size); 8097 } 8098 if (smusherror == 0) 8099 puterror = put_nvlist(zc, outnvl); 8100 } 8101 8102 if (puterror != 0) 8103 error = puterror; 8104 8105 nvlist_free(outnvl); 8106 } else { 8107 cookie = spl_fstrans_mark(); 8108 error = vec->zvec_legacy_func(zc); 8109 spl_fstrans_unmark(cookie); 8110 } 8111 8112 out: 8113 nvlist_free(innvl); 8114 if (error == 0 && vec->zvec_allow_log) { 8115 char *s = tsd_get(zfs_allow_log_key); 8116 if (s != NULL) 8117 kmem_strfree(s); 8118 (void) tsd_set(zfs_allow_log_key, kmem_strdup(saved_poolname)); 8119 } 8120 if (saved_poolname != NULL) 8121 kmem_free(saved_poolname, saved_poolname_len); 8122 8123 return (error); 8124 } 8125 8126 int 8127 zfs_kmod_init(void) 8128 { 8129 int error; 8130 8131 if ((error = zvol_init()) != 0) 8132 return (error); 8133 8134 spa_init(SPA_MODE_READ | SPA_MODE_WRITE); 8135 zfs_init(); 8136 8137 zfs_ioctl_init(); 8138 8139 mutex_init(&zfsdev_state_lock, NULL, MUTEX_DEFAULT, NULL); 8140 zfsdev_state_listhead.zs_minor = -1; 8141 8142 if ((error = zfsdev_attach()) != 0) 8143 goto out; 8144 8145 tsd_create(&rrw_tsd_key, rrw_tsd_destroy); 8146 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy); 8147 8148 return (0); 8149 out: 8150 zfs_fini(); 8151 spa_fini(); 8152 zvol_fini(); 8153 8154 return (error); 8155 } 8156 8157 void 8158 zfs_kmod_fini(void) 8159 { 8160 zfsdev_state_t *zs, *zsnext = NULL; 8161 8162 zfsdev_detach(); 8163 8164 mutex_destroy(&zfsdev_state_lock); 8165 8166 for (zs = &zfsdev_state_listhead; zs != NULL; zs = zsnext) { 8167 zsnext = zs->zs_next; 8168 if (zs->zs_onexit) 8169 zfs_onexit_destroy(zs->zs_onexit); 8170 if (zs->zs_zevent) 8171 zfs_zevent_destroy(zs->zs_zevent); 8172 if (zs != &zfsdev_state_listhead) 8173 kmem_free(zs, sizeof (zfsdev_state_t)); 8174 } 8175 8176 zfs_ereport_taskq_fini(); /* run before zfs_fini() on Linux */ 8177 zfs_fini(); 8178 spa_fini(); 8179 zvol_fini(); 8180 8181 tsd_destroy(&rrw_tsd_key); 8182 tsd_destroy(&zfs_allow_log_key); 8183 } 8184 8185 ZFS_MODULE_PARAM(zfs, zfs_, max_nvlist_src_size, U64, ZMOD_RW, 8186 "Maximum size in bytes allowed for src nvlist passed with ZFS ioctls"); 8187 8188 ZFS_MODULE_PARAM(zfs, zfs_, history_output_max, U64, ZMOD_RW, 8189 "Maximum size in bytes of ZFS ioctl output that will be logged"); 8190