1 /* 2 * CDDL HEADER START 3 * 4 * This file and its contents are supplied under the terms of the 5 * Common Development and Distribution License ("CDDL"), version 1.0. 6 * You may only use this file in accordance with the terms of version 7 * 1.0 of the CDDL. 8 * 9 * A full copy of the text of the CDDL should have accompanied this 10 * source. A copy of the CDDL is also available via the Internet at 11 * http://www.illumos.org/license/CDDL. 12 * 13 * CDDL HEADER END 14 */ 15 16 /* 17 * Copyright (c) 2016, 2017 by Delphix. All rights reserved. 18 */ 19 20 /* 21 * ZFS Channel Programs (ZCP) 22 * 23 * The ZCP interface allows various ZFS commands and operations ZFS 24 * administrative operations (e.g. creating and destroying snapshots, typically 25 * performed via an ioctl to /dev/zfs by the zfs(1M) command and 26 * libzfs/libzfs_core) to be run * programmatically as a Lua script. A ZCP 27 * script is run as a dsl_sync_task and fully executed during one transaction 28 * group sync. This ensures that no other changes can be written concurrently 29 * with a running Lua script. Combining multiple calls to the exposed ZFS 30 * functions into one script gives a number of benefits: 31 * 32 * 1. Atomicity. For some compound or iterative operations, it's useful to be 33 * able to guarantee that the state of a pool has not changed between calls to 34 * ZFS. 35 * 36 * 2. Performance. If a large number of changes need to be made (e.g. deleting 37 * many filesystems), there can be a significant performance penalty as a 38 * result of the need to wait for a transaction group sync to pass for every 39 * single operation. When expressed as a single ZCP script, all these changes 40 * can be performed at once in one txg sync. 41 * 42 * A modified version of the Lua 5.2 interpreter is used to run channel program 43 * scripts. The Lua 5.2 manual can be found at: 44 * 45 * http://www.lua.org/manual/5.2/ 46 * 47 * If being run by a user (via an ioctl syscall), executing a ZCP script 48 * requires root privileges in the global zone. 49 * 50 * Scripts are passed to zcp_eval() as a string, then run in a synctask by 51 * zcp_eval_sync(). Arguments can be passed into the Lua script as an nvlist, 52 * which will be converted to a Lua table. Similarly, values returned from 53 * a ZCP script will be converted to an nvlist. See zcp_lua_to_nvlist_impl() 54 * for details on exact allowed types and conversion. 55 * 56 * ZFS functionality is exposed to a ZCP script as a library of function calls. 57 * These calls are sorted into submodules, such as zfs.list and zfs.sync, for 58 * iterators and synctasks, respectively. Each of these submodules resides in 59 * its own source file, with a zcp_*_info structure describing each library 60 * call in the submodule. 61 * 62 * Error handling in ZCP scripts is handled by a number of different methods 63 * based on severity: 64 * 65 * 1. Memory and time limits are in place to prevent a channel program from 66 * consuming excessive system or running forever. If one of these limits is 67 * hit, the channel program will be stopped immediately and return from 68 * zcp_eval() with an error code. No attempt will be made to roll back or undo 69 * any changes made by the channel program before the error occured. 70 * Consumers invoking zcp_eval() from elsewhere in the kernel may pass a time 71 * limit of 0, disabling the time limit. 72 * 73 * 2. Internal Lua errors can occur as a result of a syntax error, calling a 74 * library function with incorrect arguments, invoking the error() function, 75 * failing an assert(), or other runtime errors. In these cases the channel 76 * program will stop executing and return from zcp_eval() with an error code. 77 * In place of a return value, an error message will also be returned in the 78 * 'result' nvlist containing information about the error. No attempt will be 79 * made to roll back or undo any changes made by the channel program before the 80 * error occured. 81 * 82 * 3. If an error occurs inside a ZFS library call which returns an error code, 83 * the error is returned to the Lua script to be handled as desired. 84 * 85 * In the first two cases, Lua's error-throwing mechanism is used, which 86 * longjumps out of the script execution with luaL_error() and returns with the 87 * error. 88 * 89 * See zfs-program(1M) for more information on high level usage. 90 */ 91 92 #include "lua.h" 93 #include "lualib.h" 94 #include "lauxlib.h" 95 96 #include <sys/dsl_prop.h> 97 #include <sys/dsl_synctask.h> 98 #include <sys/dsl_dataset.h> 99 #include <sys/zcp.h> 100 #include <sys/zcp_iter.h> 101 #include <sys/zcp_prop.h> 102 #include <sys/zcp_global.h> 103 #include <util/sscanf.h> 104 105 #define ZCP_NVLIST_MAX_DEPTH 20 106 107 uint64_t zfs_lua_check_instrlimit_interval = 100; 108 uint64_t zfs_lua_max_instrlimit = ZCP_MAX_INSTRLIMIT; 109 uint64_t zfs_lua_max_memlimit = ZCP_MAX_MEMLIMIT; 110 111 /* 112 * Forward declarations for mutually recursive functions 113 */ 114 static int zcp_nvpair_value_to_lua(lua_State *, nvpair_t *, char *, int); 115 static int zcp_lua_to_nvlist_impl(lua_State *, int, nvlist_t *, const char *, 116 int); 117 118 typedef struct zcp_alloc_arg { 119 boolean_t aa_must_succeed; 120 int64_t aa_alloc_remaining; 121 int64_t aa_alloc_limit; 122 } zcp_alloc_arg_t; 123 124 typedef struct zcp_eval_arg { 125 lua_State *ea_state; 126 zcp_alloc_arg_t *ea_allocargs; 127 cred_t *ea_cred; 128 nvlist_t *ea_outnvl; 129 int ea_result; 130 uint64_t ea_instrlimit; 131 } zcp_eval_arg_t; 132 133 /* 134 * The outer-most error callback handler for use with lua_pcall(). On 135 * error Lua will call this callback with a single argument that 136 * represents the error value. In most cases this will be a string 137 * containing an error message, but channel programs can use Lua's 138 * error() function to return arbitrary objects as errors. This callback 139 * returns (on the Lua stack) the original error object along with a traceback. 140 * 141 * Fatal Lua errors can occur while resources are held, so we also call any 142 * registered cleanup function here. 143 */ 144 static int 145 zcp_error_handler(lua_State *state) 146 { 147 const char *msg; 148 149 zcp_cleanup(state); 150 151 VERIFY3U(1, ==, lua_gettop(state)); 152 msg = lua_tostring(state, 1); 153 luaL_traceback(state, state, msg, 1); 154 return (1); 155 } 156 157 int 158 zcp_argerror(lua_State *state, int narg, const char *msg, ...) 159 { 160 va_list alist; 161 162 va_start(alist, msg); 163 const char *buf = lua_pushvfstring(state, msg, alist); 164 va_end(alist); 165 166 return (luaL_argerror(state, narg, buf)); 167 } 168 169 /* 170 * Install a new cleanup function, which will be invoked with the given 171 * opaque argument if a fatal error causes the Lua interpreter to longjump out 172 * of a function call. 173 * 174 * If an error occurs, the cleanup function will be invoked exactly once and 175 * then unreigstered. 176 * 177 * Returns the registered cleanup handler so the caller can deregister it 178 * if no error occurs. 179 */ 180 zcp_cleanup_handler_t * 181 zcp_register_cleanup(lua_State *state, zcp_cleanup_t cleanfunc, void *cleanarg) 182 { 183 zcp_run_info_t *ri = zcp_run_info(state); 184 185 zcp_cleanup_handler_t *zch = kmem_alloc(sizeof (*zch), KM_SLEEP); 186 zch->zch_cleanup_func = cleanfunc; 187 zch->zch_cleanup_arg = cleanarg; 188 list_insert_head(&ri->zri_cleanup_handlers, zch); 189 190 return (zch); 191 } 192 193 void 194 zcp_deregister_cleanup(lua_State *state, zcp_cleanup_handler_t *zch) 195 { 196 zcp_run_info_t *ri = zcp_run_info(state); 197 list_remove(&ri->zri_cleanup_handlers, zch); 198 kmem_free(zch, sizeof (*zch)); 199 } 200 201 /* 202 * Execute the currently registered cleanup handlers then free them and 203 * destroy the handler list. 204 */ 205 void 206 zcp_cleanup(lua_State *state) 207 { 208 zcp_run_info_t *ri = zcp_run_info(state); 209 210 for (zcp_cleanup_handler_t *zch = 211 list_remove_head(&ri->zri_cleanup_handlers); zch != NULL; 212 zch = list_remove_head(&ri->zri_cleanup_handlers)) { 213 zch->zch_cleanup_func(zch->zch_cleanup_arg); 214 kmem_free(zch, sizeof (*zch)); 215 } 216 } 217 218 /* 219 * Convert the lua table at the given index on the Lua stack to an nvlist 220 * and return it. 221 * 222 * If the table can not be converted for any reason, NULL is returned and 223 * an error message is pushed onto the Lua stack. 224 */ 225 static nvlist_t * 226 zcp_table_to_nvlist(lua_State *state, int index, int depth) 227 { 228 nvlist_t *nvl; 229 /* 230 * Converting a Lua table to an nvlist with key uniqueness checking is 231 * O(n^2) in the number of keys in the nvlist, which can take a long 232 * time when we return a large table from a channel program. 233 * Furthermore, Lua's table interface *almost* guarantees unique keys 234 * on its own (details below). Therefore, we don't use fnvlist_alloc() 235 * here to avoid the built-in uniqueness checking. 236 * 237 * The *almost* is because it's possible to have key collisions between 238 * e.g. the string "1" and the number 1, or the string "true" and the 239 * boolean true, so we explicitly check that when we're looking at a 240 * key which is an integer / boolean or a string that can be parsed as 241 * one of those types. In the worst case this could still devolve into 242 * O(n^2), so we only start doing these checks on boolean/integer keys 243 * once we've seen a string key which fits this weird usage pattern. 244 * 245 * Ultimately, we still want callers to know that the keys in this 246 * nvlist are unique, so before we return this we set the nvlist's 247 * flags to reflect that. 248 */ 249 VERIFY0(nvlist_alloc(&nvl, 0, KM_SLEEP)); 250 251 /* 252 * Push an empty stack slot where lua_next() will store each 253 * table key. 254 */ 255 lua_pushnil(state); 256 boolean_t saw_str_could_collide = B_FALSE; 257 while (lua_next(state, index) != 0) { 258 /* 259 * The next key-value pair from the table at index is 260 * now on the stack, with the key at stack slot -2 and 261 * the value at slot -1. 262 */ 263 int err = 0; 264 char buf[32]; 265 const char *key = NULL; 266 boolean_t key_could_collide = B_FALSE; 267 268 switch (lua_type(state, -2)) { 269 case LUA_TSTRING: 270 key = lua_tostring(state, -2); 271 272 /* check if this could collide with a number or bool */ 273 long long tmp; 274 int parselen; 275 if ((sscanf(key, "%lld%n", &tmp, &parselen) > 0 && 276 parselen == strlen(key)) || 277 strcmp(key, "true") == 0 || 278 strcmp(key, "false") == 0) { 279 key_could_collide = B_TRUE; 280 saw_str_could_collide = B_TRUE; 281 } 282 break; 283 case LUA_TBOOLEAN: 284 key = (lua_toboolean(state, -2) == B_TRUE ? 285 "true" : "false"); 286 if (saw_str_could_collide) { 287 key_could_collide = B_TRUE; 288 } 289 break; 290 case LUA_TNUMBER: 291 VERIFY3U(sizeof (buf), >, 292 snprintf(buf, sizeof (buf), "%lld", 293 (longlong_t)lua_tonumber(state, -2))); 294 key = buf; 295 if (saw_str_could_collide) { 296 key_could_collide = B_TRUE; 297 } 298 break; 299 default: 300 fnvlist_free(nvl); 301 (void) lua_pushfstring(state, "Invalid key " 302 "type '%s' in table", 303 lua_typename(state, lua_type(state, -2))); 304 return (NULL); 305 } 306 /* 307 * Check for type-mismatched key collisions, and throw an error. 308 */ 309 if (key_could_collide && nvlist_exists(nvl, key)) { 310 fnvlist_free(nvl); 311 (void) lua_pushfstring(state, "Collision of " 312 "key '%s' in table", key); 313 return (NULL); 314 } 315 /* 316 * Recursively convert the table value and insert into 317 * the new nvlist with the parsed key. To prevent 318 * stack overflow on circular or heavily nested tables, 319 * we track the current nvlist depth. 320 */ 321 if (depth >= ZCP_NVLIST_MAX_DEPTH) { 322 fnvlist_free(nvl); 323 (void) lua_pushfstring(state, "Maximum table " 324 "depth (%d) exceeded for table", 325 ZCP_NVLIST_MAX_DEPTH); 326 return (NULL); 327 } 328 err = zcp_lua_to_nvlist_impl(state, -1, nvl, key, 329 depth + 1); 330 if (err != 0) { 331 fnvlist_free(nvl); 332 /* 333 * Error message has been pushed to the lua 334 * stack by the recursive call. 335 */ 336 return (NULL); 337 } 338 /* 339 * Pop the value pushed by lua_next(). 340 */ 341 lua_pop(state, 1); 342 } 343 344 /* 345 * Mark the nvlist as having unique keys. This is a little ugly, but we 346 * ensured above that there are no duplicate keys in the nvlist. 347 */ 348 nvl->nvl_nvflag |= NV_UNIQUE_NAME; 349 350 return (nvl); 351 } 352 353 /* 354 * Convert a value from the given index into the lua stack to an nvpair, adding 355 * it to an nvlist with the given key. 356 * 357 * Values are converted as follows: 358 * 359 * string -> string 360 * number -> int64 361 * boolean -> boolean 362 * nil -> boolean (no value) 363 * 364 * Lua tables are converted to nvlists and then inserted. The table's keys 365 * are converted to strings then used as keys in the nvlist to store each table 366 * element. Keys are converted as follows: 367 * 368 * string -> no change 369 * number -> "%lld" 370 * boolean -> "true" | "false" 371 * nil -> error 372 * 373 * In the case of a key collision, an error is thrown. 374 * 375 * If an error is encountered, a nonzero error code is returned, and an error 376 * string will be pushed onto the Lua stack. 377 */ 378 static int 379 zcp_lua_to_nvlist_impl(lua_State *state, int index, nvlist_t *nvl, 380 const char *key, int depth) 381 { 382 /* 383 * Verify that we have enough remaining space in the lua stack to parse 384 * a key-value pair and push an error. 385 */ 386 if (!lua_checkstack(state, 3)) { 387 (void) lua_pushstring(state, "Lua stack overflow"); 388 return (1); 389 } 390 391 index = lua_absindex(state, index); 392 393 switch (lua_type(state, index)) { 394 case LUA_TNIL: 395 fnvlist_add_boolean(nvl, key); 396 break; 397 case LUA_TBOOLEAN: 398 fnvlist_add_boolean_value(nvl, key, 399 lua_toboolean(state, index)); 400 break; 401 case LUA_TNUMBER: 402 fnvlist_add_int64(nvl, key, lua_tonumber(state, index)); 403 break; 404 case LUA_TSTRING: 405 fnvlist_add_string(nvl, key, lua_tostring(state, index)); 406 break; 407 case LUA_TTABLE: { 408 nvlist_t *value_nvl = zcp_table_to_nvlist(state, index, depth); 409 if (value_nvl == NULL) 410 return (EINVAL); 411 412 fnvlist_add_nvlist(nvl, key, value_nvl); 413 fnvlist_free(value_nvl); 414 break; 415 } 416 default: 417 (void) lua_pushfstring(state, 418 "Invalid value type '%s' for key '%s'", 419 lua_typename(state, lua_type(state, index)), key); 420 return (EINVAL); 421 } 422 423 return (0); 424 } 425 426 /* 427 * Convert a lua value to an nvpair, adding it to an nvlist with the given key. 428 */ 429 void 430 zcp_lua_to_nvlist(lua_State *state, int index, nvlist_t *nvl, const char *key) 431 { 432 /* 433 * On error, zcp_lua_to_nvlist_impl pushes an error string onto the Lua 434 * stack before returning with a nonzero error code. If an error is 435 * returned, throw a fatal lua error with the given string. 436 */ 437 if (zcp_lua_to_nvlist_impl(state, index, nvl, key, 0) != 0) 438 (void) lua_error(state); 439 } 440 441 int 442 zcp_lua_to_nvlist_helper(lua_State *state) 443 { 444 nvlist_t *nv = (nvlist_t *)lua_touserdata(state, 2); 445 const char *key = (const char *)lua_touserdata(state, 1); 446 zcp_lua_to_nvlist(state, 3, nv, key); 447 return (0); 448 } 449 450 void 451 zcp_convert_return_values(lua_State *state, nvlist_t *nvl, 452 const char *key, zcp_eval_arg_t *evalargs) 453 { 454 int err; 455 lua_pushcfunction(state, zcp_lua_to_nvlist_helper); 456 lua_pushlightuserdata(state, (char *)key); 457 lua_pushlightuserdata(state, nvl); 458 lua_pushvalue(state, 1); 459 lua_remove(state, 1); 460 err = lua_pcall(state, 3, 0, 0); /* zcp_lua_to_nvlist_helper */ 461 if (err != 0) { 462 zcp_lua_to_nvlist(state, 1, nvl, ZCP_RET_ERROR); 463 evalargs->ea_result = SET_ERROR(ECHRNG); 464 } 465 } 466 467 /* 468 * Push a Lua table representing nvl onto the stack. If it can't be 469 * converted, return EINVAL, fill in errbuf, and push nothing. errbuf may 470 * be specified as NULL, in which case no error string will be output. 471 * 472 * Most nvlists are converted as simple key->value Lua tables, but we make 473 * an exception for the case where all nvlist entries are BOOLEANs (a string 474 * key without a value). In Lua, a table key pointing to a value of Nil 475 * (no value) is equivalent to the key not existing, so a BOOLEAN nvlist 476 * entry can't be directly converted to a Lua table entry. Nvlists of entirely 477 * BOOLEAN entries are frequently used to pass around lists of datasets, so for 478 * convenience we check for this case, and convert it to a simple Lua array of 479 * strings. 480 */ 481 int 482 zcp_nvlist_to_lua(lua_State *state, nvlist_t *nvl, 483 char *errbuf, int errbuf_len) 484 { 485 nvpair_t *pair; 486 lua_newtable(state); 487 boolean_t has_values = B_FALSE; 488 /* 489 * If the list doesn't have any values, just convert it to a string 490 * array. 491 */ 492 for (pair = nvlist_next_nvpair(nvl, NULL); 493 pair != NULL; pair = nvlist_next_nvpair(nvl, pair)) { 494 if (nvpair_type(pair) != DATA_TYPE_BOOLEAN) { 495 has_values = B_TRUE; 496 break; 497 } 498 } 499 if (!has_values) { 500 int i = 1; 501 for (pair = nvlist_next_nvpair(nvl, NULL); 502 pair != NULL; pair = nvlist_next_nvpair(nvl, pair)) { 503 (void) lua_pushinteger(state, i); 504 (void) lua_pushstring(state, nvpair_name(pair)); 505 (void) lua_settable(state, -3); 506 i++; 507 } 508 } else { 509 for (pair = nvlist_next_nvpair(nvl, NULL); 510 pair != NULL; pair = nvlist_next_nvpair(nvl, pair)) { 511 int err = zcp_nvpair_value_to_lua(state, pair, 512 errbuf, errbuf_len); 513 if (err != 0) { 514 lua_pop(state, 1); 515 return (err); 516 } 517 (void) lua_setfield(state, -2, nvpair_name(pair)); 518 } 519 } 520 return (0); 521 } 522 523 /* 524 * Push a Lua object representing the value of "pair" onto the stack. 525 * 526 * Only understands boolean_value, string, int64, nvlist, 527 * string_array, and int64_array type values. For other 528 * types, returns EINVAL, fills in errbuf, and pushes nothing. 529 */ 530 static int 531 zcp_nvpair_value_to_lua(lua_State *state, nvpair_t *pair, 532 char *errbuf, int errbuf_len) 533 { 534 int err = 0; 535 536 if (pair == NULL) { 537 lua_pushnil(state); 538 return (0); 539 } 540 541 switch (nvpair_type(pair)) { 542 case DATA_TYPE_BOOLEAN_VALUE: 543 (void) lua_pushboolean(state, 544 fnvpair_value_boolean_value(pair)); 545 break; 546 case DATA_TYPE_STRING: 547 (void) lua_pushstring(state, fnvpair_value_string(pair)); 548 break; 549 case DATA_TYPE_INT64: 550 (void) lua_pushinteger(state, fnvpair_value_int64(pair)); 551 break; 552 case DATA_TYPE_NVLIST: 553 err = zcp_nvlist_to_lua(state, 554 fnvpair_value_nvlist(pair), errbuf, errbuf_len); 555 break; 556 case DATA_TYPE_STRING_ARRAY: { 557 char **strarr; 558 uint_t nelem; 559 (void) nvpair_value_string_array(pair, &strarr, &nelem); 560 lua_newtable(state); 561 for (int i = 0; i < nelem; i++) { 562 (void) lua_pushinteger(state, i + 1); 563 (void) lua_pushstring(state, strarr[i]); 564 (void) lua_settable(state, -3); 565 } 566 break; 567 } 568 case DATA_TYPE_UINT64_ARRAY: { 569 uint64_t *intarr; 570 uint_t nelem; 571 (void) nvpair_value_uint64_array(pair, &intarr, &nelem); 572 lua_newtable(state); 573 for (int i = 0; i < nelem; i++) { 574 (void) lua_pushinteger(state, i + 1); 575 (void) lua_pushinteger(state, intarr[i]); 576 (void) lua_settable(state, -3); 577 } 578 break; 579 } 580 case DATA_TYPE_INT64_ARRAY: { 581 int64_t *intarr; 582 uint_t nelem; 583 (void) nvpair_value_int64_array(pair, &intarr, &nelem); 584 lua_newtable(state); 585 for (int i = 0; i < nelem; i++) { 586 (void) lua_pushinteger(state, i + 1); 587 (void) lua_pushinteger(state, intarr[i]); 588 (void) lua_settable(state, -3); 589 } 590 break; 591 } 592 default: { 593 if (errbuf != NULL) { 594 (void) snprintf(errbuf, errbuf_len, 595 "Unhandled nvpair type %d for key '%s'", 596 nvpair_type(pair), nvpair_name(pair)); 597 } 598 return (EINVAL); 599 } 600 } 601 return (err); 602 } 603 604 int 605 zcp_dataset_hold_error(lua_State *state, dsl_pool_t *dp, const char *dsname, 606 int error) 607 { 608 if (error == ENOENT) { 609 (void) zcp_argerror(state, 1, "no such dataset '%s'", dsname); 610 return (NULL); /* not reached; zcp_argerror will longjmp */ 611 } else if (error == EXDEV) { 612 (void) zcp_argerror(state, 1, 613 "dataset '%s' is not in the target pool '%s'", 614 dsname, spa_name(dp->dp_spa)); 615 return (NULL); /* not reached; zcp_argerror will longjmp */ 616 } else if (error == EIO) { 617 (void) luaL_error(state, 618 "I/O error while accessing dataset '%s'", dsname); 619 return (NULL); /* not reached; luaL_error will longjmp */ 620 } else if (error != 0) { 621 (void) luaL_error(state, 622 "unexpected error %d while accessing dataset '%s'", 623 error, dsname); 624 return (NULL); /* not reached; luaL_error will longjmp */ 625 } 626 return (NULL); 627 } 628 629 /* 630 * Note: will longjmp (via lua_error()) on error. 631 * Assumes that the dsname is argument #1 (for error reporting purposes). 632 */ 633 dsl_dataset_t * 634 zcp_dataset_hold(lua_State *state, dsl_pool_t *dp, const char *dsname, 635 void *tag) 636 { 637 dsl_dataset_t *ds; 638 int error = dsl_dataset_hold(dp, dsname, tag, &ds); 639 (void) zcp_dataset_hold_error(state, dp, dsname, error); 640 return (ds); 641 } 642 643 static int zcp_debug(lua_State *); 644 static zcp_lib_info_t zcp_debug_info = { 645 .name = "debug", 646 .func = zcp_debug, 647 .pargs = { 648 { .za_name = "debug string", .za_lua_type = LUA_TSTRING}, 649 {NULL, NULL} 650 }, 651 .kwargs = { 652 {NULL, NULL} 653 } 654 }; 655 656 static int 657 zcp_debug(lua_State *state) 658 { 659 const char *dbgstring; 660 zcp_run_info_t *ri = zcp_run_info(state); 661 zcp_lib_info_t *libinfo = &zcp_debug_info; 662 663 zcp_parse_args(state, libinfo->name, libinfo->pargs, libinfo->kwargs); 664 665 dbgstring = lua_tostring(state, 1); 666 667 zfs_dbgmsg("txg %lld ZCP: %s", ri->zri_tx->tx_txg, dbgstring); 668 669 return (0); 670 } 671 672 static int zcp_exists(lua_State *); 673 static zcp_lib_info_t zcp_exists_info = { 674 .name = "exists", 675 .func = zcp_exists, 676 .pargs = { 677 { .za_name = "dataset", .za_lua_type = LUA_TSTRING}, 678 {NULL, NULL} 679 }, 680 .kwargs = { 681 {NULL, NULL} 682 } 683 }; 684 685 static int 686 zcp_exists(lua_State *state) 687 { 688 zcp_run_info_t *ri = zcp_run_info(state); 689 dsl_pool_t *dp = ri->zri_pool; 690 zcp_lib_info_t *libinfo = &zcp_exists_info; 691 692 zcp_parse_args(state, libinfo->name, libinfo->pargs, libinfo->kwargs); 693 694 const char *dsname = lua_tostring(state, 1); 695 696 dsl_dataset_t *ds; 697 int error = dsl_dataset_hold(dp, dsname, FTAG, &ds); 698 if (error == 0) { 699 dsl_dataset_rele(ds, FTAG); 700 lua_pushboolean(state, B_TRUE); 701 } else if (error == ENOENT) { 702 lua_pushboolean(state, B_FALSE); 703 } else if (error == EXDEV) { 704 return (luaL_error(state, "dataset '%s' is not in the " 705 "target pool", dsname)); 706 } else if (error == EIO) { 707 return (luaL_error(state, "I/O error opening dataset '%s'", 708 dsname)); 709 } else if (error != 0) { 710 return (luaL_error(state, "unexpected error %d", error)); 711 } 712 713 return (1); 714 } 715 716 /* 717 * Allocate/realloc/free a buffer for the lua interpreter. 718 * 719 * When nsize is 0, behaves as free() and returns NULL. 720 * 721 * If ptr is NULL, behaves as malloc() and returns an allocated buffer of size 722 * at least nsize. 723 * 724 * Otherwise, behaves as realloc(), changing the allocation from osize to nsize. 725 * Shrinking the buffer size never fails. 726 * 727 * The original allocated buffer size is stored as a uint64 at the beginning of 728 * the buffer to avoid actually reallocating when shrinking a buffer, since lua 729 * requires that this operation never fail. 730 */ 731 static void * 732 zcp_lua_alloc(void *ud, void *ptr, size_t osize, size_t nsize) 733 { 734 zcp_alloc_arg_t *allocargs = ud; 735 int flags = (allocargs->aa_must_succeed) ? 736 KM_SLEEP : (KM_NOSLEEP | KM_NORMALPRI); 737 738 if (nsize == 0) { 739 if (ptr != NULL) { 740 int64_t *allocbuf = (int64_t *)ptr - 1; 741 int64_t allocsize = *allocbuf; 742 ASSERT3S(allocsize, >, 0); 743 ASSERT3S(allocargs->aa_alloc_remaining + allocsize, <=, 744 allocargs->aa_alloc_limit); 745 allocargs->aa_alloc_remaining += allocsize; 746 kmem_free(allocbuf, allocsize); 747 } 748 return (NULL); 749 } else if (ptr == NULL) { 750 int64_t *allocbuf; 751 int64_t allocsize = nsize + sizeof (int64_t); 752 753 if (!allocargs->aa_must_succeed && 754 (allocsize <= 0 || 755 allocsize > allocargs->aa_alloc_remaining)) { 756 return (NULL); 757 } 758 759 allocbuf = kmem_alloc(allocsize, flags); 760 if (allocbuf == NULL) { 761 return (NULL); 762 } 763 allocargs->aa_alloc_remaining -= allocsize; 764 765 *allocbuf = allocsize; 766 return (allocbuf + 1); 767 } else if (nsize <= osize) { 768 /* 769 * If shrinking the buffer, lua requires that the reallocation 770 * never fail. 771 */ 772 return (ptr); 773 } else { 774 ASSERT3U(nsize, >, osize); 775 776 uint64_t *luabuf = zcp_lua_alloc(ud, NULL, 0, nsize); 777 if (luabuf == NULL) { 778 return (NULL); 779 } 780 (void) memcpy(luabuf, ptr, osize); 781 VERIFY3P(zcp_lua_alloc(ud, ptr, osize, 0), ==, NULL); 782 return (luabuf); 783 } 784 } 785 786 /* ARGSUSED */ 787 static void 788 zcp_lua_counthook(lua_State *state, lua_Debug *ar) 789 { 790 /* 791 * If we're called, check how many instructions the channel program has 792 * executed so far, and compare against the limit. 793 */ 794 lua_getfield(state, LUA_REGISTRYINDEX, ZCP_RUN_INFO_KEY); 795 zcp_run_info_t *ri = lua_touserdata(state, -1); 796 797 ri->zri_curinstrs += zfs_lua_check_instrlimit_interval; 798 if (ri->zri_maxinstrs != 0 && ri->zri_curinstrs > ri->zri_maxinstrs) { 799 ri->zri_timed_out = B_TRUE; 800 (void) lua_pushstring(state, 801 "Channel program timed out."); 802 (void) lua_error(state); 803 } 804 } 805 806 static int 807 zcp_panic_cb(lua_State *state) 808 { 809 panic("unprotected error in call to Lua API (%s)\n", 810 lua_tostring(state, -1)); 811 return (0); 812 } 813 814 static void 815 zcp_eval_impl(dmu_tx_t *tx, boolean_t sync, zcp_eval_arg_t *evalargs) 816 { 817 int err; 818 zcp_run_info_t ri; 819 lua_State *state = evalargs->ea_state; 820 821 VERIFY3U(3, ==, lua_gettop(state)); 822 823 /* 824 * Store the zcp_run_info_t struct for this run in the Lua registry. 825 * Registry entries are not directly accessible by the Lua scripts but 826 * can be accessed by our callbacks. 827 */ 828 ri.zri_space_used = 0; 829 ri.zri_pool = dmu_tx_pool(tx); 830 ri.zri_cred = evalargs->ea_cred; 831 ri.zri_tx = tx; 832 ri.zri_timed_out = B_FALSE; 833 ri.zri_sync = sync; 834 list_create(&ri.zri_cleanup_handlers, sizeof (zcp_cleanup_handler_t), 835 offsetof(zcp_cleanup_handler_t, zch_node)); 836 ri.zri_curinstrs = 0; 837 ri.zri_maxinstrs = evalargs->ea_instrlimit; 838 839 lua_pushlightuserdata(state, &ri); 840 lua_setfield(state, LUA_REGISTRYINDEX, ZCP_RUN_INFO_KEY); 841 VERIFY3U(3, ==, lua_gettop(state)); 842 843 /* 844 * Tell the Lua interpreter to call our handler every count 845 * instructions. Channel programs that execute too many instructions 846 * should die with ETIME. 847 */ 848 (void) lua_sethook(state, zcp_lua_counthook, LUA_MASKCOUNT, 849 zfs_lua_check_instrlimit_interval); 850 851 /* 852 * Tell the Lua memory allocator to stop using KM_SLEEP before handing 853 * off control to the channel program. Channel programs that use too 854 * much memory should die with ENOSPC. 855 */ 856 evalargs->ea_allocargs->aa_must_succeed = B_FALSE; 857 858 /* 859 * Call the Lua function that open-context passed us. This pops the 860 * function and its input from the stack and pushes any return 861 * or error values. 862 */ 863 err = lua_pcall(state, 1, LUA_MULTRET, 1); 864 865 /* 866 * Let Lua use KM_SLEEP while we interpret the return values. 867 */ 868 evalargs->ea_allocargs->aa_must_succeed = B_TRUE; 869 870 /* 871 * Remove the error handler callback from the stack. At this point, 872 * there shouldn't be any cleanup handler registered in the handler 873 * list (zri_cleanup_handlers), regardless of whether it ran or not. 874 */ 875 list_destroy(&ri.zri_cleanup_handlers); 876 lua_remove(state, 1); 877 878 switch (err) { 879 case LUA_OK: { 880 /* 881 * Lua supports returning multiple values in a single return 882 * statement. Return values will have been pushed onto the 883 * stack: 884 * 1: Return value 1 885 * 2: Return value 2 886 * 3: etc... 887 * To simplify the process of retrieving a return value from a 888 * channel program, we disallow returning more than one value 889 * to ZFS from the Lua script, yielding a singleton return 890 * nvlist of the form { "return": Return value 1 }. 891 */ 892 int return_count = lua_gettop(state); 893 894 if (return_count == 1) { 895 evalargs->ea_result = 0; 896 zcp_convert_return_values(state, evalargs->ea_outnvl, 897 ZCP_RET_RETURN, evalargs); 898 } else if (return_count > 1) { 899 evalargs->ea_result = SET_ERROR(ECHRNG); 900 (void) lua_pushfstring(state, "Multiple return " 901 "values not supported"); 902 zcp_convert_return_values(state, evalargs->ea_outnvl, 903 ZCP_RET_ERROR, evalargs); 904 } 905 break; 906 } 907 case LUA_ERRRUN: 908 case LUA_ERRGCMM: { 909 /* 910 * The channel program encountered a fatal error within the 911 * script, such as failing an assertion, or calling a function 912 * with incompatible arguments. The error value and the 913 * traceback generated by zcp_error_handler() should be on the 914 * stack. 915 */ 916 VERIFY3U(1, ==, lua_gettop(state)); 917 if (ri.zri_timed_out) { 918 evalargs->ea_result = SET_ERROR(ETIME); 919 } else { 920 evalargs->ea_result = SET_ERROR(ECHRNG); 921 } 922 923 zcp_convert_return_values(state, evalargs->ea_outnvl, 924 ZCP_RET_ERROR, evalargs); 925 break; 926 } 927 case LUA_ERRERR: { 928 /* 929 * The channel program encountered a fatal error within the 930 * script, and we encountered another error while trying to 931 * compute the traceback in zcp_error_handler(). We can only 932 * return the error message. 933 */ 934 VERIFY3U(1, ==, lua_gettop(state)); 935 if (ri.zri_timed_out) { 936 evalargs->ea_result = SET_ERROR(ETIME); 937 } else { 938 evalargs->ea_result = SET_ERROR(ECHRNG); 939 } 940 941 zcp_convert_return_values(state, evalargs->ea_outnvl, 942 ZCP_RET_ERROR, evalargs); 943 break; 944 } 945 case LUA_ERRMEM: 946 /* 947 * Lua ran out of memory while running the channel program. 948 * There's not much we can do. 949 */ 950 evalargs->ea_result = SET_ERROR(ENOSPC); 951 break; 952 default: 953 VERIFY0(err); 954 } 955 } 956 957 static void 958 zcp_pool_error(zcp_eval_arg_t *evalargs, const char *poolname) 959 { 960 evalargs->ea_result = SET_ERROR(ECHRNG); 961 (void) lua_pushfstring(evalargs->ea_state, "Could not open pool: %s", 962 poolname); 963 zcp_convert_return_values(evalargs->ea_state, evalargs->ea_outnvl, 964 ZCP_RET_ERROR, evalargs); 965 966 } 967 968 static void 969 zcp_eval_sync(void *arg, dmu_tx_t *tx) 970 { 971 zcp_eval_arg_t *evalargs = arg; 972 973 /* 974 * Open context should have setup the stack to contain: 975 * 1: Error handler callback 976 * 2: Script to run (converted to a Lua function) 977 * 3: nvlist input to function (converted to Lua table or nil) 978 */ 979 VERIFY3U(3, ==, lua_gettop(evalargs->ea_state)); 980 981 zcp_eval_impl(tx, B_TRUE, evalargs); 982 } 983 984 static void 985 zcp_eval_open(zcp_eval_arg_t *evalargs, const char *poolname) 986 { 987 988 int error; 989 dsl_pool_t *dp; 990 dmu_tx_t *tx; 991 992 /* 993 * See comment from the same assertion in zcp_eval_sync(). 994 */ 995 VERIFY3U(3, ==, lua_gettop(evalargs->ea_state)); 996 997 error = dsl_pool_hold(poolname, FTAG, &dp); 998 if (error != 0) { 999 zcp_pool_error(evalargs, poolname); 1000 return; 1001 } 1002 1003 /* 1004 * As we are running in open-context, we have no transaction associated 1005 * with the channel program. At the same time, functions from the 1006 * zfs.check submodule need to be associated with a transaction as 1007 * they are basically dry-runs of their counterparts in the zfs.sync 1008 * submodule. These functions should be able to run in open-context. 1009 * Therefore we create a new transaction that we later abort once 1010 * the channel program has been evaluated. 1011 */ 1012 tx = dmu_tx_create_dd(dp->dp_mos_dir); 1013 1014 zcp_eval_impl(tx, B_FALSE, evalargs); 1015 1016 dmu_tx_abort(tx); 1017 1018 dsl_pool_rele(dp, FTAG); 1019 } 1020 1021 int 1022 zcp_eval(const char *poolname, const char *program, boolean_t sync, 1023 uint64_t instrlimit, uint64_t memlimit, nvpair_t *nvarg, nvlist_t *outnvl) 1024 { 1025 int err; 1026 lua_State *state; 1027 zcp_eval_arg_t evalargs; 1028 1029 if (instrlimit > zfs_lua_max_instrlimit) 1030 return (SET_ERROR(EINVAL)); 1031 if (memlimit == 0 || memlimit > zfs_lua_max_memlimit) 1032 return (SET_ERROR(EINVAL)); 1033 1034 zcp_alloc_arg_t allocargs = { 1035 .aa_must_succeed = B_TRUE, 1036 .aa_alloc_remaining = (int64_t)memlimit, 1037 .aa_alloc_limit = (int64_t)memlimit, 1038 }; 1039 1040 /* 1041 * Creates a Lua state with a memory allocator that uses KM_SLEEP. 1042 * This should never fail. 1043 */ 1044 state = lua_newstate(zcp_lua_alloc, &allocargs); 1045 VERIFY(state != NULL); 1046 (void) lua_atpanic(state, zcp_panic_cb); 1047 1048 /* 1049 * Load core Lua libraries we want access to. 1050 */ 1051 VERIFY3U(1, ==, luaopen_base(state)); 1052 lua_pop(state, 1); 1053 VERIFY3U(1, ==, luaopen_coroutine(state)); 1054 lua_setglobal(state, LUA_COLIBNAME); 1055 VERIFY0(lua_gettop(state)); 1056 VERIFY3U(1, ==, luaopen_string(state)); 1057 lua_setglobal(state, LUA_STRLIBNAME); 1058 VERIFY0(lua_gettop(state)); 1059 VERIFY3U(1, ==, luaopen_table(state)); 1060 lua_setglobal(state, LUA_TABLIBNAME); 1061 VERIFY0(lua_gettop(state)); 1062 1063 /* 1064 * Load globally visible variables such as errno aliases. 1065 */ 1066 zcp_load_globals(state); 1067 VERIFY0(lua_gettop(state)); 1068 1069 /* 1070 * Load ZFS-specific modules. 1071 */ 1072 lua_newtable(state); 1073 VERIFY3U(1, ==, zcp_load_list_lib(state)); 1074 lua_setfield(state, -2, "list"); 1075 VERIFY3U(1, ==, zcp_load_synctask_lib(state, B_FALSE)); 1076 lua_setfield(state, -2, "check"); 1077 VERIFY3U(1, ==, zcp_load_synctask_lib(state, B_TRUE)); 1078 lua_setfield(state, -2, "sync"); 1079 VERIFY3U(1, ==, zcp_load_get_lib(state)); 1080 lua_pushcclosure(state, zcp_debug_info.func, 0); 1081 lua_setfield(state, -2, zcp_debug_info.name); 1082 lua_pushcclosure(state, zcp_exists_info.func, 0); 1083 lua_setfield(state, -2, zcp_exists_info.name); 1084 lua_setglobal(state, "zfs"); 1085 VERIFY0(lua_gettop(state)); 1086 1087 /* 1088 * Push the error-callback that calculates Lua stack traces on 1089 * unexpected failures. 1090 */ 1091 lua_pushcfunction(state, zcp_error_handler); 1092 VERIFY3U(1, ==, lua_gettop(state)); 1093 1094 /* 1095 * Load the actual script as a function onto the stack as text ("t"). 1096 * The only valid error condition is a syntax error in the script. 1097 * ERRMEM should not be possible because our allocator is using 1098 * KM_SLEEP. ERRGCMM should not be possible because we have not added 1099 * any objects with __gc metamethods to the interpreter that could 1100 * fail. 1101 */ 1102 err = luaL_loadbufferx(state, program, strlen(program), 1103 "channel program", "t"); 1104 if (err == LUA_ERRSYNTAX) { 1105 fnvlist_add_string(outnvl, ZCP_RET_ERROR, 1106 lua_tostring(state, -1)); 1107 lua_close(state); 1108 return (SET_ERROR(EINVAL)); 1109 } 1110 VERIFY0(err); 1111 VERIFY3U(2, ==, lua_gettop(state)); 1112 1113 /* 1114 * Convert the input nvlist to a Lua object and put it on top of the 1115 * stack. 1116 */ 1117 char errmsg[128]; 1118 err = zcp_nvpair_value_to_lua(state, nvarg, 1119 errmsg, sizeof (errmsg)); 1120 if (err != 0) { 1121 fnvlist_add_string(outnvl, ZCP_RET_ERROR, errmsg); 1122 lua_close(state); 1123 return (SET_ERROR(EINVAL)); 1124 } 1125 VERIFY3U(3, ==, lua_gettop(state)); 1126 1127 evalargs.ea_state = state; 1128 evalargs.ea_allocargs = &allocargs; 1129 evalargs.ea_instrlimit = instrlimit; 1130 evalargs.ea_cred = CRED(); 1131 evalargs.ea_outnvl = outnvl; 1132 evalargs.ea_result = 0; 1133 1134 if (sync) { 1135 err = dsl_sync_task(poolname, NULL, 1136 zcp_eval_sync, &evalargs, 0, ZFS_SPACE_CHECK_ZCP_EVAL); 1137 if (err != 0) 1138 zcp_pool_error(&evalargs, poolname); 1139 } else { 1140 zcp_eval_open(&evalargs, poolname); 1141 } 1142 lua_close(state); 1143 1144 return (evalargs.ea_result); 1145 } 1146 1147 /* 1148 * Retrieve metadata about the currently running channel program. 1149 */ 1150 zcp_run_info_t * 1151 zcp_run_info(lua_State *state) 1152 { 1153 zcp_run_info_t *ri; 1154 1155 lua_getfield(state, LUA_REGISTRYINDEX, ZCP_RUN_INFO_KEY); 1156 ri = lua_touserdata(state, -1); 1157 lua_pop(state, 1); 1158 return (ri); 1159 } 1160 1161 /* 1162 * Argument Parsing 1163 * ================ 1164 * 1165 * The Lua language allows methods to be called with any number 1166 * of arguments of any type. When calling back into ZFS we need to sanitize 1167 * arguments from channel programs to make sure unexpected arguments or 1168 * arguments of the wrong type result in clear error messages. To do this 1169 * in a uniform way all callbacks from channel programs should use the 1170 * zcp_parse_args() function to interpret inputs. 1171 * 1172 * Positional vs Keyword Arguments 1173 * =============================== 1174 * 1175 * Every callback function takes a fixed set of required positional arguments 1176 * and optional keyword arguments. For example, the destroy function takes 1177 * a single positional string argument (the name of the dataset to destroy) 1178 * and an optional "defer" keyword boolean argument. When calling lua functions 1179 * with parentheses, only positional arguments can be used: 1180 * 1181 * zfs.sync.snapshot("rpool@snap") 1182 * 1183 * To use keyword arguments functions should be called with a single argument 1184 * that is a lua table containing mappings of integer -> positional arguments 1185 * and string -> keyword arguments: 1186 * 1187 * zfs.sync.snapshot({1="rpool@snap", defer=true}) 1188 * 1189 * The lua language allows curly braces to be used in place of parenthesis as 1190 * syntactic sugar for this calling convention: 1191 * 1192 * zfs.sync.snapshot{"rpool@snap", defer=true} 1193 */ 1194 1195 /* 1196 * Throw an error and print the given arguments. If there are too many 1197 * arguments to fit in the output buffer, only the error format string is 1198 * output. 1199 */ 1200 static void 1201 zcp_args_error(lua_State *state, const char *fname, const zcp_arg_t *pargs, 1202 const zcp_arg_t *kwargs, const char *fmt, ...) 1203 { 1204 int i; 1205 char errmsg[512]; 1206 size_t len = sizeof (errmsg); 1207 size_t msglen = 0; 1208 va_list argp; 1209 1210 va_start(argp, fmt); 1211 VERIFY3U(len, >, vsnprintf(errmsg, len, fmt, argp)); 1212 va_end(argp); 1213 1214 /* 1215 * Calculate the total length of the final string, including extra 1216 * formatting characters. If the argument dump would be too large, 1217 * only print the error string. 1218 */ 1219 msglen = strlen(errmsg); 1220 msglen += strlen(fname) + 4; /* : + {} + null terminator */ 1221 for (i = 0; pargs[i].za_name != NULL; i++) { 1222 msglen += strlen(pargs[i].za_name); 1223 msglen += strlen(lua_typename(state, pargs[i].za_lua_type)); 1224 if (pargs[i + 1].za_name != NULL || kwargs[0].za_name != NULL) 1225 msglen += 5; /* < + ( + )> + , */ 1226 else 1227 msglen += 4; /* < + ( + )> */ 1228 } 1229 for (i = 0; kwargs[i].za_name != NULL; i++) { 1230 msglen += strlen(kwargs[i].za_name); 1231 msglen += strlen(lua_typename(state, kwargs[i].za_lua_type)); 1232 if (kwargs[i + 1].za_name != NULL) 1233 msglen += 4; /* =( + ) + , */ 1234 else 1235 msglen += 3; /* =( + ) */ 1236 } 1237 1238 if (msglen >= len) 1239 (void) luaL_error(state, errmsg); 1240 1241 VERIFY3U(len, >, strlcat(errmsg, ": ", len)); 1242 VERIFY3U(len, >, strlcat(errmsg, fname, len)); 1243 VERIFY3U(len, >, strlcat(errmsg, "{", len)); 1244 for (i = 0; pargs[i].za_name != NULL; i++) { 1245 VERIFY3U(len, >, strlcat(errmsg, "<", len)); 1246 VERIFY3U(len, >, strlcat(errmsg, pargs[i].za_name, len)); 1247 VERIFY3U(len, >, strlcat(errmsg, "(", len)); 1248 VERIFY3U(len, >, strlcat(errmsg, 1249 lua_typename(state, pargs[i].za_lua_type), len)); 1250 VERIFY3U(len, >, strlcat(errmsg, ")>", len)); 1251 if (pargs[i + 1].za_name != NULL || kwargs[0].za_name != NULL) { 1252 VERIFY3U(len, >, strlcat(errmsg, ", ", len)); 1253 } 1254 } 1255 for (i = 0; kwargs[i].za_name != NULL; i++) { 1256 VERIFY3U(len, >, strlcat(errmsg, kwargs[i].za_name, len)); 1257 VERIFY3U(len, >, strlcat(errmsg, "=(", len)); 1258 VERIFY3U(len, >, strlcat(errmsg, 1259 lua_typename(state, kwargs[i].za_lua_type), len)); 1260 VERIFY3U(len, >, strlcat(errmsg, ")", len)); 1261 if (kwargs[i + 1].za_name != NULL) { 1262 VERIFY3U(len, >, strlcat(errmsg, ", ", len)); 1263 } 1264 } 1265 VERIFY3U(len, >, strlcat(errmsg, "}", len)); 1266 1267 (void) luaL_error(state, errmsg); 1268 panic("unreachable code"); 1269 } 1270 1271 static void 1272 zcp_parse_table_args(lua_State *state, const char *fname, 1273 const zcp_arg_t *pargs, const zcp_arg_t *kwargs) 1274 { 1275 int i; 1276 int type; 1277 1278 for (i = 0; pargs[i].za_name != NULL; i++) { 1279 /* 1280 * Check the table for this positional argument, leaving it 1281 * on the top of the stack once we finish validating it. 1282 */ 1283 lua_pushinteger(state, i + 1); 1284 lua_gettable(state, 1); 1285 1286 type = lua_type(state, -1); 1287 if (type == LUA_TNIL) { 1288 zcp_args_error(state, fname, pargs, kwargs, 1289 "too few arguments"); 1290 panic("unreachable code"); 1291 } else if (type != pargs[i].za_lua_type) { 1292 zcp_args_error(state, fname, pargs, kwargs, 1293 "arg %d wrong type (is '%s', expected '%s')", 1294 i + 1, lua_typename(state, type), 1295 lua_typename(state, pargs[i].za_lua_type)); 1296 panic("unreachable code"); 1297 } 1298 1299 /* 1300 * Remove the positional argument from the table. 1301 */ 1302 lua_pushinteger(state, i + 1); 1303 lua_pushnil(state); 1304 lua_settable(state, 1); 1305 } 1306 1307 for (i = 0; kwargs[i].za_name != NULL; i++) { 1308 /* 1309 * Check the table for this keyword argument, which may be 1310 * nil if it was omitted. Leave the value on the top of 1311 * the stack after validating it. 1312 */ 1313 lua_getfield(state, 1, kwargs[i].za_name); 1314 1315 type = lua_type(state, -1); 1316 if (type != LUA_TNIL && type != kwargs[i].za_lua_type) { 1317 zcp_args_error(state, fname, pargs, kwargs, 1318 "kwarg '%s' wrong type (is '%s', expected '%s')", 1319 kwargs[i].za_name, lua_typename(state, type), 1320 lua_typename(state, kwargs[i].za_lua_type)); 1321 panic("unreachable code"); 1322 } 1323 1324 /* 1325 * Remove the keyword argument from the table. 1326 */ 1327 lua_pushnil(state); 1328 lua_setfield(state, 1, kwargs[i].za_name); 1329 } 1330 1331 /* 1332 * Any entries remaining in the table are invalid inputs, print 1333 * an error message based on what the entry is. 1334 */ 1335 lua_pushnil(state); 1336 if (lua_next(state, 1)) { 1337 if (lua_isnumber(state, -2) && lua_tointeger(state, -2) > 0) { 1338 zcp_args_error(state, fname, pargs, kwargs, 1339 "too many positional arguments"); 1340 } else if (lua_isstring(state, -2)) { 1341 zcp_args_error(state, fname, pargs, kwargs, 1342 "invalid kwarg '%s'", lua_tostring(state, -2)); 1343 } else { 1344 zcp_args_error(state, fname, pargs, kwargs, 1345 "kwarg keys must be strings"); 1346 } 1347 panic("unreachable code"); 1348 } 1349 1350 lua_remove(state, 1); 1351 } 1352 1353 static void 1354 zcp_parse_pos_args(lua_State *state, const char *fname, const zcp_arg_t *pargs, 1355 const zcp_arg_t *kwargs) 1356 { 1357 int i; 1358 int type; 1359 1360 for (i = 0; pargs[i].za_name != NULL; i++) { 1361 type = lua_type(state, i + 1); 1362 if (type == LUA_TNONE) { 1363 zcp_args_error(state, fname, pargs, kwargs, 1364 "too few arguments"); 1365 panic("unreachable code"); 1366 } else if (type != pargs[i].za_lua_type) { 1367 zcp_args_error(state, fname, pargs, kwargs, 1368 "arg %d wrong type (is '%s', expected '%s')", 1369 i + 1, lua_typename(state, type), 1370 lua_typename(state, pargs[i].za_lua_type)); 1371 panic("unreachable code"); 1372 } 1373 } 1374 if (lua_gettop(state) != i) { 1375 zcp_args_error(state, fname, pargs, kwargs, 1376 "too many positional arguments"); 1377 panic("unreachable code"); 1378 } 1379 1380 for (i = 0; kwargs[i].za_name != NULL; i++) { 1381 lua_pushnil(state); 1382 } 1383 } 1384 1385 /* 1386 * Checks the current Lua stack against an expected set of positional and 1387 * keyword arguments. If the stack does not match the expected arguments 1388 * aborts the current channel program with a useful error message, otherwise 1389 * it re-arranges the stack so that it contains the positional arguments 1390 * followed by the keyword argument values in declaration order. Any missing 1391 * keyword argument will be represented by a nil value on the stack. 1392 * 1393 * If the stack contains exactly one argument of type LUA_TTABLE the curly 1394 * braces calling convention is assumed, otherwise the stack is parsed for 1395 * positional arguments only. 1396 * 1397 * This function should be used by every function callback. It should be called 1398 * before the callback manipulates the Lua stack as it assumes the stack 1399 * represents the function arguments. 1400 */ 1401 void 1402 zcp_parse_args(lua_State *state, const char *fname, const zcp_arg_t *pargs, 1403 const zcp_arg_t *kwargs) 1404 { 1405 if (lua_gettop(state) == 1 && lua_istable(state, 1)) { 1406 zcp_parse_table_args(state, fname, pargs, kwargs); 1407 } else { 1408 zcp_parse_pos_args(state, fname, pargs, kwargs); 1409 } 1410 } 1411