1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #include <sys/types.h> 27 #include <sys/param.h> 28 #include <sys/errno.h> 29 #include <sys/uio.h> 30 #include <sys/buf.h> 31 #include <sys/modctl.h> 32 #include <sys/open.h> 33 #include <sys/file.h> 34 #include <sys/kmem.h> 35 #include <sys/conf.h> 36 #include <sys/cmn_err.h> 37 #include <sys/stat.h> 38 #include <sys/zfs_ioctl.h> 39 #include <sys/zfs_vfsops.h> 40 #include <sys/zfs_znode.h> 41 #include <sys/zap.h> 42 #include <sys/spa.h> 43 #include <sys/spa_impl.h> 44 #include <sys/vdev.h> 45 #include <sys/priv_impl.h> 46 #include <sys/dmu.h> 47 #include <sys/dsl_dir.h> 48 #include <sys/dsl_dataset.h> 49 #include <sys/dsl_prop.h> 50 #include <sys/dsl_deleg.h> 51 #include <sys/dmu_objset.h> 52 #include <sys/ddi.h> 53 #include <sys/sunddi.h> 54 #include <sys/sunldi.h> 55 #include <sys/policy.h> 56 #include <sys/zone.h> 57 #include <sys/nvpair.h> 58 #include <sys/pathname.h> 59 #include <sys/mount.h> 60 #include <sys/sdt.h> 61 #include <sys/fs/zfs.h> 62 #include <sys/zfs_ctldir.h> 63 #include <sys/zfs_dir.h> 64 #include <sys/zvol.h> 65 #include <sharefs/share.h> 66 #include <sys/dmu_objset.h> 67 68 #include "zfs_namecheck.h" 69 #include "zfs_prop.h" 70 #include "zfs_deleg.h" 71 #include "zfs_comutil.h" 72 73 extern struct modlfs zfs_modlfs; 74 75 extern void zfs_init(void); 76 extern void zfs_fini(void); 77 78 ldi_ident_t zfs_li = NULL; 79 dev_info_t *zfs_dip; 80 81 typedef int zfs_ioc_func_t(zfs_cmd_t *); 82 typedef int zfs_secpolicy_func_t(zfs_cmd_t *, cred_t *); 83 84 typedef enum { 85 NO_NAME, 86 POOL_NAME, 87 DATASET_NAME 88 } zfs_ioc_namecheck_t; 89 90 typedef struct zfs_ioc_vec { 91 zfs_ioc_func_t *zvec_func; 92 zfs_secpolicy_func_t *zvec_secpolicy; 93 zfs_ioc_namecheck_t zvec_namecheck; 94 boolean_t zvec_his_log; 95 boolean_t zvec_pool_check; 96 } zfs_ioc_vec_t; 97 98 /* This array is indexed by zfs_userquota_prop_t */ 99 static const char *userquota_perms[] = { 100 ZFS_DELEG_PERM_USERUSED, 101 ZFS_DELEG_PERM_USERQUOTA, 102 ZFS_DELEG_PERM_GROUPUSED, 103 ZFS_DELEG_PERM_GROUPQUOTA, 104 }; 105 106 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc); 107 static int zfs_check_settable(const char *name, nvpair_t *property, 108 cred_t *cr); 109 static int zfs_check_clearable(char *dataset, nvlist_t *props, 110 nvlist_t **errors); 111 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *, 112 boolean_t *); 113 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t **); 114 115 /* _NOTE(PRINTFLIKE(4)) - this is printf-like, but lint is too whiney */ 116 void 117 __dprintf(const char *file, const char *func, int line, const char *fmt, ...) 118 { 119 const char *newfile; 120 char buf[256]; 121 va_list adx; 122 123 /* 124 * Get rid of annoying "../common/" prefix to filename. 125 */ 126 newfile = strrchr(file, '/'); 127 if (newfile != NULL) { 128 newfile = newfile + 1; /* Get rid of leading / */ 129 } else { 130 newfile = file; 131 } 132 133 va_start(adx, fmt); 134 (void) vsnprintf(buf, sizeof (buf), fmt, adx); 135 va_end(adx); 136 137 /* 138 * To get this data, use the zfs-dprintf probe as so: 139 * dtrace -q -n 'zfs-dprintf \ 140 * /stringof(arg0) == "dbuf.c"/ \ 141 * {printf("%s: %s", stringof(arg1), stringof(arg3))}' 142 * arg0 = file name 143 * arg1 = function name 144 * arg2 = line number 145 * arg3 = message 146 */ 147 DTRACE_PROBE4(zfs__dprintf, 148 char *, newfile, char *, func, int, line, char *, buf); 149 } 150 151 static void 152 history_str_free(char *buf) 153 { 154 kmem_free(buf, HIS_MAX_RECORD_LEN); 155 } 156 157 static char * 158 history_str_get(zfs_cmd_t *zc) 159 { 160 char *buf; 161 162 if (zc->zc_history == NULL) 163 return (NULL); 164 165 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP); 166 if (copyinstr((void *)(uintptr_t)zc->zc_history, 167 buf, HIS_MAX_RECORD_LEN, NULL) != 0) { 168 history_str_free(buf); 169 return (NULL); 170 } 171 172 buf[HIS_MAX_RECORD_LEN -1] = '\0'; 173 174 return (buf); 175 } 176 177 /* 178 * Check to see if the named dataset is currently defined as bootable 179 */ 180 static boolean_t 181 zfs_is_bootfs(const char *name) 182 { 183 objset_t *os; 184 185 if (dmu_objset_hold(name, FTAG, &os) == 0) { 186 boolean_t ret; 187 ret = (dmu_objset_id(os) == spa_bootfs(dmu_objset_spa(os))); 188 dmu_objset_rele(os, FTAG); 189 return (ret); 190 } 191 return (B_FALSE); 192 } 193 194 /* 195 * zfs_earlier_version 196 * 197 * Return non-zero if the spa version is less than requested version. 198 */ 199 static int 200 zfs_earlier_version(const char *name, int version) 201 { 202 spa_t *spa; 203 204 if (spa_open(name, &spa, FTAG) == 0) { 205 if (spa_version(spa) < version) { 206 spa_close(spa, FTAG); 207 return (1); 208 } 209 spa_close(spa, FTAG); 210 } 211 return (0); 212 } 213 214 /* 215 * zpl_earlier_version 216 * 217 * Return TRUE if the ZPL version is less than requested version. 218 */ 219 static boolean_t 220 zpl_earlier_version(const char *name, int version) 221 { 222 objset_t *os; 223 boolean_t rc = B_TRUE; 224 225 if (dmu_objset_hold(name, FTAG, &os) == 0) { 226 uint64_t zplversion; 227 228 if (dmu_objset_type(os) != DMU_OST_ZFS) { 229 dmu_objset_rele(os, FTAG); 230 return (B_TRUE); 231 } 232 /* XXX reading from non-owned objset */ 233 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0) 234 rc = zplversion < version; 235 dmu_objset_rele(os, FTAG); 236 } 237 return (rc); 238 } 239 240 static void 241 zfs_log_history(zfs_cmd_t *zc) 242 { 243 spa_t *spa; 244 char *buf; 245 246 if ((buf = history_str_get(zc)) == NULL) 247 return; 248 249 if (spa_open(zc->zc_name, &spa, FTAG) == 0) { 250 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY) 251 (void) spa_history_log(spa, buf, LOG_CMD_NORMAL); 252 spa_close(spa, FTAG); 253 } 254 history_str_free(buf); 255 } 256 257 /* 258 * Policy for top-level read operations (list pools). Requires no privileges, 259 * and can be used in the local zone, as there is no associated dataset. 260 */ 261 /* ARGSUSED */ 262 static int 263 zfs_secpolicy_none(zfs_cmd_t *zc, cred_t *cr) 264 { 265 return (0); 266 } 267 268 /* 269 * Policy for dataset read operations (list children, get statistics). Requires 270 * no privileges, but must be visible in the local zone. 271 */ 272 /* ARGSUSED */ 273 static int 274 zfs_secpolicy_read(zfs_cmd_t *zc, cred_t *cr) 275 { 276 if (INGLOBALZONE(curproc) || 277 zone_dataset_visible(zc->zc_name, NULL)) 278 return (0); 279 280 return (ENOENT); 281 } 282 283 static int 284 zfs_dozonecheck(const char *dataset, cred_t *cr) 285 { 286 uint64_t zoned; 287 int writable = 1; 288 289 /* 290 * The dataset must be visible by this zone -- check this first 291 * so they don't see EPERM on something they shouldn't know about. 292 */ 293 if (!INGLOBALZONE(curproc) && 294 !zone_dataset_visible(dataset, &writable)) 295 return (ENOENT); 296 297 if (dsl_prop_get_integer(dataset, "zoned", &zoned, NULL)) 298 return (ENOENT); 299 300 if (INGLOBALZONE(curproc)) { 301 /* 302 * If the fs is zoned, only root can access it from the 303 * global zone. 304 */ 305 if (secpolicy_zfs(cr) && zoned) 306 return (EPERM); 307 } else { 308 /* 309 * If we are in a local zone, the 'zoned' property must be set. 310 */ 311 if (!zoned) 312 return (EPERM); 313 314 /* must be writable by this zone */ 315 if (!writable) 316 return (EPERM); 317 } 318 return (0); 319 } 320 321 int 322 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr) 323 { 324 int error; 325 326 error = zfs_dozonecheck(name, cr); 327 if (error == 0) { 328 error = secpolicy_zfs(cr); 329 if (error) 330 error = dsl_deleg_access(name, perm, cr); 331 } 332 return (error); 333 } 334 335 /* 336 * Policy for setting the security label property. 337 * 338 * Returns 0 for success, non-zero for access and other errors. 339 */ 340 static int 341 zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr) 342 { 343 char ds_hexsl[MAXNAMELEN]; 344 bslabel_t ds_sl, new_sl; 345 boolean_t new_default = FALSE; 346 uint64_t zoned; 347 int needed_priv = -1; 348 int error; 349 350 /* First get the existing dataset label. */ 351 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL), 352 1, sizeof (ds_hexsl), &ds_hexsl, NULL); 353 if (error) 354 return (EPERM); 355 356 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0) 357 new_default = TRUE; 358 359 /* The label must be translatable */ 360 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0)) 361 return (EINVAL); 362 363 /* 364 * In a non-global zone, disallow attempts to set a label that 365 * doesn't match that of the zone; otherwise no other checks 366 * are needed. 367 */ 368 if (!INGLOBALZONE(curproc)) { 369 if (new_default || !blequal(&new_sl, CR_SL(CRED()))) 370 return (EPERM); 371 return (0); 372 } 373 374 /* 375 * For global-zone datasets (i.e., those whose zoned property is 376 * "off", verify that the specified new label is valid for the 377 * global zone. 378 */ 379 if (dsl_prop_get_integer(name, 380 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL)) 381 return (EPERM); 382 if (!zoned) { 383 if (zfs_check_global_label(name, strval) != 0) 384 return (EPERM); 385 } 386 387 /* 388 * If the existing dataset label is nondefault, check if the 389 * dataset is mounted (label cannot be changed while mounted). 390 * Get the zfsvfs; if there isn't one, then the dataset isn't 391 * mounted (or isn't a dataset, doesn't exist, ...). 392 */ 393 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) { 394 objset_t *os; 395 static char *setsl_tag = "setsl_tag"; 396 397 /* 398 * Try to own the dataset; abort if there is any error, 399 * (e.g., already mounted, in use, or other error). 400 */ 401 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE, 402 setsl_tag, &os); 403 if (error) 404 return (EPERM); 405 406 dmu_objset_disown(os, setsl_tag); 407 408 if (new_default) { 409 needed_priv = PRIV_FILE_DOWNGRADE_SL; 410 goto out_check; 411 } 412 413 if (hexstr_to_label(strval, &new_sl) != 0) 414 return (EPERM); 415 416 if (blstrictdom(&ds_sl, &new_sl)) 417 needed_priv = PRIV_FILE_DOWNGRADE_SL; 418 else if (blstrictdom(&new_sl, &ds_sl)) 419 needed_priv = PRIV_FILE_UPGRADE_SL; 420 } else { 421 /* dataset currently has a default label */ 422 if (!new_default) 423 needed_priv = PRIV_FILE_UPGRADE_SL; 424 } 425 426 out_check: 427 if (needed_priv != -1) 428 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL)); 429 return (0); 430 } 431 432 static int 433 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval, 434 cred_t *cr) 435 { 436 char *strval; 437 438 /* 439 * Check permissions for special properties. 440 */ 441 switch (prop) { 442 case ZFS_PROP_ZONED: 443 /* 444 * Disallow setting of 'zoned' from within a local zone. 445 */ 446 if (!INGLOBALZONE(curproc)) 447 return (EPERM); 448 break; 449 450 case ZFS_PROP_QUOTA: 451 if (!INGLOBALZONE(curproc)) { 452 uint64_t zoned; 453 char setpoint[MAXNAMELEN]; 454 /* 455 * Unprivileged users are allowed to modify the 456 * quota on things *under* (ie. contained by) 457 * the thing they own. 458 */ 459 if (dsl_prop_get_integer(dsname, "zoned", &zoned, 460 setpoint)) 461 return (EPERM); 462 if (!zoned || strlen(dsname) <= strlen(setpoint)) 463 return (EPERM); 464 } 465 break; 466 467 case ZFS_PROP_MLSLABEL: 468 if (!is_system_labeled()) 469 return (EPERM); 470 471 if (nvpair_value_string(propval, &strval) == 0) { 472 int err; 473 474 err = zfs_set_slabel_policy(dsname, strval, CRED()); 475 if (err != 0) 476 return (err); 477 } 478 break; 479 } 480 481 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr)); 482 } 483 484 int 485 zfs_secpolicy_fsacl(zfs_cmd_t *zc, cred_t *cr) 486 { 487 int error; 488 489 error = zfs_dozonecheck(zc->zc_name, cr); 490 if (error) 491 return (error); 492 493 /* 494 * permission to set permissions will be evaluated later in 495 * dsl_deleg_can_allow() 496 */ 497 return (0); 498 } 499 500 int 501 zfs_secpolicy_rollback(zfs_cmd_t *zc, cred_t *cr) 502 { 503 return (zfs_secpolicy_write_perms(zc->zc_name, 504 ZFS_DELEG_PERM_ROLLBACK, cr)); 505 } 506 507 int 508 zfs_secpolicy_send(zfs_cmd_t *zc, cred_t *cr) 509 { 510 return (zfs_secpolicy_write_perms(zc->zc_name, 511 ZFS_DELEG_PERM_SEND, cr)); 512 } 513 514 static int 515 zfs_secpolicy_deleg_share(zfs_cmd_t *zc, cred_t *cr) 516 { 517 vnode_t *vp; 518 int error; 519 520 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE, 521 NO_FOLLOW, NULL, &vp)) != 0) 522 return (error); 523 524 /* Now make sure mntpnt and dataset are ZFS */ 525 526 if (vp->v_vfsp->vfs_fstype != zfsfstype || 527 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource), 528 zc->zc_name) != 0)) { 529 VN_RELE(vp); 530 return (EPERM); 531 } 532 533 VN_RELE(vp); 534 return (dsl_deleg_access(zc->zc_name, 535 ZFS_DELEG_PERM_SHARE, cr)); 536 } 537 538 int 539 zfs_secpolicy_share(zfs_cmd_t *zc, cred_t *cr) 540 { 541 if (!INGLOBALZONE(curproc)) 542 return (EPERM); 543 544 if (secpolicy_nfs(cr) == 0) { 545 return (0); 546 } else { 547 return (zfs_secpolicy_deleg_share(zc, cr)); 548 } 549 } 550 551 int 552 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, cred_t *cr) 553 { 554 if (!INGLOBALZONE(curproc)) 555 return (EPERM); 556 557 if (secpolicy_smb(cr) == 0) { 558 return (0); 559 } else { 560 return (zfs_secpolicy_deleg_share(zc, cr)); 561 } 562 } 563 564 static int 565 zfs_get_parent(const char *datasetname, char *parent, int parentsize) 566 { 567 char *cp; 568 569 /* 570 * Remove the @bla or /bla from the end of the name to get the parent. 571 */ 572 (void) strncpy(parent, datasetname, parentsize); 573 cp = strrchr(parent, '@'); 574 if (cp != NULL) { 575 cp[0] = '\0'; 576 } else { 577 cp = strrchr(parent, '/'); 578 if (cp == NULL) 579 return (ENOENT); 580 cp[0] = '\0'; 581 } 582 583 return (0); 584 } 585 586 int 587 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr) 588 { 589 int error; 590 591 if ((error = zfs_secpolicy_write_perms(name, 592 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 593 return (error); 594 595 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr)); 596 } 597 598 static int 599 zfs_secpolicy_destroy(zfs_cmd_t *zc, cred_t *cr) 600 { 601 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr)); 602 } 603 604 /* 605 * Destroying snapshots with delegated permissions requires 606 * descendent mount and destroy permissions. 607 * Reassemble the full filesystem@snap name so dsl_deleg_access() 608 * can do the correct permission check. 609 * 610 * Since this routine is used when doing a recursive destroy of snapshots 611 * and destroying snapshots requires descendent permissions, a successfull 612 * check of the top level snapshot applies to snapshots of all descendent 613 * datasets as well. 614 */ 615 static int 616 zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, cred_t *cr) 617 { 618 int error; 619 char *dsname; 620 621 dsname = kmem_asprintf("%s@%s", zc->zc_name, zc->zc_value); 622 623 error = zfs_secpolicy_destroy_perms(dsname, cr); 624 625 strfree(dsname); 626 return (error); 627 } 628 629 int 630 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr) 631 { 632 char parentname[MAXNAMELEN]; 633 int error; 634 635 if ((error = zfs_secpolicy_write_perms(from, 636 ZFS_DELEG_PERM_RENAME, cr)) != 0) 637 return (error); 638 639 if ((error = zfs_secpolicy_write_perms(from, 640 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 641 return (error); 642 643 if ((error = zfs_get_parent(to, parentname, 644 sizeof (parentname))) != 0) 645 return (error); 646 647 if ((error = zfs_secpolicy_write_perms(parentname, 648 ZFS_DELEG_PERM_CREATE, cr)) != 0) 649 return (error); 650 651 if ((error = zfs_secpolicy_write_perms(parentname, 652 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 653 return (error); 654 655 return (error); 656 } 657 658 static int 659 zfs_secpolicy_rename(zfs_cmd_t *zc, cred_t *cr) 660 { 661 return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr)); 662 } 663 664 static int 665 zfs_secpolicy_promote(zfs_cmd_t *zc, cred_t *cr) 666 { 667 char parentname[MAXNAMELEN]; 668 objset_t *clone; 669 int error; 670 671 error = zfs_secpolicy_write_perms(zc->zc_name, 672 ZFS_DELEG_PERM_PROMOTE, cr); 673 if (error) 674 return (error); 675 676 error = dmu_objset_hold(zc->zc_name, FTAG, &clone); 677 678 if (error == 0) { 679 dsl_dataset_t *pclone = NULL; 680 dsl_dir_t *dd; 681 dd = clone->os_dsl_dataset->ds_dir; 682 683 rw_enter(&dd->dd_pool->dp_config_rwlock, RW_READER); 684 error = dsl_dataset_hold_obj(dd->dd_pool, 685 dd->dd_phys->dd_origin_obj, FTAG, &pclone); 686 rw_exit(&dd->dd_pool->dp_config_rwlock); 687 if (error) { 688 dmu_objset_rele(clone, FTAG); 689 return (error); 690 } 691 692 error = zfs_secpolicy_write_perms(zc->zc_name, 693 ZFS_DELEG_PERM_MOUNT, cr); 694 695 dsl_dataset_name(pclone, parentname); 696 dmu_objset_rele(clone, FTAG); 697 dsl_dataset_rele(pclone, FTAG); 698 if (error == 0) 699 error = zfs_secpolicy_write_perms(parentname, 700 ZFS_DELEG_PERM_PROMOTE, cr); 701 } 702 return (error); 703 } 704 705 static int 706 zfs_secpolicy_receive(zfs_cmd_t *zc, cred_t *cr) 707 { 708 int error; 709 710 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 711 ZFS_DELEG_PERM_RECEIVE, cr)) != 0) 712 return (error); 713 714 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 715 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 716 return (error); 717 718 return (zfs_secpolicy_write_perms(zc->zc_name, 719 ZFS_DELEG_PERM_CREATE, cr)); 720 } 721 722 int 723 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr) 724 { 725 return (zfs_secpolicy_write_perms(name, 726 ZFS_DELEG_PERM_SNAPSHOT, cr)); 727 } 728 729 static int 730 zfs_secpolicy_snapshot(zfs_cmd_t *zc, cred_t *cr) 731 { 732 733 return (zfs_secpolicy_snapshot_perms(zc->zc_name, cr)); 734 } 735 736 static int 737 zfs_secpolicy_create(zfs_cmd_t *zc, cred_t *cr) 738 { 739 char parentname[MAXNAMELEN]; 740 int error; 741 742 if ((error = zfs_get_parent(zc->zc_name, parentname, 743 sizeof (parentname))) != 0) 744 return (error); 745 746 if (zc->zc_value[0] != '\0') { 747 if ((error = zfs_secpolicy_write_perms(zc->zc_value, 748 ZFS_DELEG_PERM_CLONE, cr)) != 0) 749 return (error); 750 } 751 752 if ((error = zfs_secpolicy_write_perms(parentname, 753 ZFS_DELEG_PERM_CREATE, cr)) != 0) 754 return (error); 755 756 error = zfs_secpolicy_write_perms(parentname, 757 ZFS_DELEG_PERM_MOUNT, cr); 758 759 return (error); 760 } 761 762 static int 763 zfs_secpolicy_umount(zfs_cmd_t *zc, cred_t *cr) 764 { 765 int error; 766 767 error = secpolicy_fs_unmount(cr, NULL); 768 if (error) { 769 error = dsl_deleg_access(zc->zc_name, ZFS_DELEG_PERM_MOUNT, cr); 770 } 771 return (error); 772 } 773 774 /* 775 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires 776 * SYS_CONFIG privilege, which is not available in a local zone. 777 */ 778 /* ARGSUSED */ 779 static int 780 zfs_secpolicy_config(zfs_cmd_t *zc, cred_t *cr) 781 { 782 if (secpolicy_sys_config(cr, B_FALSE) != 0) 783 return (EPERM); 784 785 return (0); 786 } 787 788 /* 789 * Policy for fault injection. Requires all privileges. 790 */ 791 /* ARGSUSED */ 792 static int 793 zfs_secpolicy_inject(zfs_cmd_t *zc, cred_t *cr) 794 { 795 return (secpolicy_zinject(cr)); 796 } 797 798 static int 799 zfs_secpolicy_inherit(zfs_cmd_t *zc, cred_t *cr) 800 { 801 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value); 802 803 if (prop == ZPROP_INVAL) { 804 if (!zfs_prop_user(zc->zc_value)) 805 return (EINVAL); 806 return (zfs_secpolicy_write_perms(zc->zc_name, 807 ZFS_DELEG_PERM_USERPROP, cr)); 808 } else { 809 return (zfs_secpolicy_setprop(zc->zc_name, prop, 810 NULL, cr)); 811 } 812 } 813 814 static int 815 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, cred_t *cr) 816 { 817 int err = zfs_secpolicy_read(zc, cr); 818 if (err) 819 return (err); 820 821 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 822 return (EINVAL); 823 824 if (zc->zc_value[0] == 0) { 825 /* 826 * They are asking about a posix uid/gid. If it's 827 * themself, allow it. 828 */ 829 if (zc->zc_objset_type == ZFS_PROP_USERUSED || 830 zc->zc_objset_type == ZFS_PROP_USERQUOTA) { 831 if (zc->zc_guid == crgetuid(cr)) 832 return (0); 833 } else { 834 if (groupmember(zc->zc_guid, cr)) 835 return (0); 836 } 837 } 838 839 return (zfs_secpolicy_write_perms(zc->zc_name, 840 userquota_perms[zc->zc_objset_type], cr)); 841 } 842 843 static int 844 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, cred_t *cr) 845 { 846 int err = zfs_secpolicy_read(zc, cr); 847 if (err) 848 return (err); 849 850 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 851 return (EINVAL); 852 853 return (zfs_secpolicy_write_perms(zc->zc_name, 854 userquota_perms[zc->zc_objset_type], cr)); 855 } 856 857 static int 858 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, cred_t *cr) 859 { 860 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION, 861 NULL, cr)); 862 } 863 864 static int 865 zfs_secpolicy_hold(zfs_cmd_t *zc, cred_t *cr) 866 { 867 return (zfs_secpolicy_write_perms(zc->zc_name, 868 ZFS_DELEG_PERM_HOLD, cr)); 869 } 870 871 static int 872 zfs_secpolicy_release(zfs_cmd_t *zc, cred_t *cr) 873 { 874 return (zfs_secpolicy_write_perms(zc->zc_name, 875 ZFS_DELEG_PERM_RELEASE, cr)); 876 } 877 878 /* 879 * Returns the nvlist as specified by the user in the zfs_cmd_t. 880 */ 881 static int 882 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp) 883 { 884 char *packed; 885 int error; 886 nvlist_t *list = NULL; 887 888 /* 889 * Read in and unpack the user-supplied nvlist. 890 */ 891 if (size == 0) 892 return (EINVAL); 893 894 packed = kmem_alloc(size, KM_SLEEP); 895 896 if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size, 897 iflag)) != 0) { 898 kmem_free(packed, size); 899 return (error); 900 } 901 902 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) { 903 kmem_free(packed, size); 904 return (error); 905 } 906 907 kmem_free(packed, size); 908 909 *nvp = list; 910 return (0); 911 } 912 913 static int 914 fit_error_list(zfs_cmd_t *zc, nvlist_t **errors) 915 { 916 size_t size; 917 918 VERIFY(nvlist_size(*errors, &size, NV_ENCODE_NATIVE) == 0); 919 920 if (size > zc->zc_nvlist_dst_size) { 921 nvpair_t *more_errors; 922 int n = 0; 923 924 if (zc->zc_nvlist_dst_size < 1024) 925 return (ENOMEM); 926 927 VERIFY(nvlist_add_int32(*errors, ZPROP_N_MORE_ERRORS, 0) == 0); 928 more_errors = nvlist_prev_nvpair(*errors, NULL); 929 930 do { 931 nvpair_t *pair = nvlist_prev_nvpair(*errors, 932 more_errors); 933 VERIFY(nvlist_remove_nvpair(*errors, pair) == 0); 934 n++; 935 VERIFY(nvlist_size(*errors, &size, 936 NV_ENCODE_NATIVE) == 0); 937 } while (size > zc->zc_nvlist_dst_size); 938 939 VERIFY(nvlist_remove_nvpair(*errors, more_errors) == 0); 940 VERIFY(nvlist_add_int32(*errors, ZPROP_N_MORE_ERRORS, n) == 0); 941 ASSERT(nvlist_size(*errors, &size, NV_ENCODE_NATIVE) == 0); 942 ASSERT(size <= zc->zc_nvlist_dst_size); 943 } 944 945 return (0); 946 } 947 948 static int 949 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl) 950 { 951 char *packed = NULL; 952 int error = 0; 953 size_t size; 954 955 VERIFY(nvlist_size(nvl, &size, NV_ENCODE_NATIVE) == 0); 956 957 if (size > zc->zc_nvlist_dst_size) { 958 error = ENOMEM; 959 } else { 960 packed = kmem_alloc(size, KM_SLEEP); 961 VERIFY(nvlist_pack(nvl, &packed, &size, NV_ENCODE_NATIVE, 962 KM_SLEEP) == 0); 963 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst, 964 size, zc->zc_iflags) != 0) 965 error = EFAULT; 966 kmem_free(packed, size); 967 } 968 969 zc->zc_nvlist_dst_size = size; 970 return (error); 971 } 972 973 static int 974 getzfsvfs(const char *dsname, zfsvfs_t **zfvp) 975 { 976 objset_t *os; 977 int error; 978 979 error = dmu_objset_hold(dsname, FTAG, &os); 980 if (error) 981 return (error); 982 if (dmu_objset_type(os) != DMU_OST_ZFS) { 983 dmu_objset_rele(os, FTAG); 984 return (EINVAL); 985 } 986 987 mutex_enter(&os->os_user_ptr_lock); 988 *zfvp = dmu_objset_get_user(os); 989 if (*zfvp) { 990 VFS_HOLD((*zfvp)->z_vfs); 991 } else { 992 error = ESRCH; 993 } 994 mutex_exit(&os->os_user_ptr_lock); 995 dmu_objset_rele(os, FTAG); 996 return (error); 997 } 998 999 /* 1000 * Find a zfsvfs_t for a mounted filesystem, or create our own, in which 1001 * case its z_vfs will be NULL, and it will be opened as the owner. 1002 */ 1003 static int 1004 zfsvfs_hold(const char *name, void *tag, zfsvfs_t **zfvp) 1005 { 1006 int error = 0; 1007 1008 if (getzfsvfs(name, zfvp) != 0) 1009 error = zfsvfs_create(name, zfvp); 1010 if (error == 0) { 1011 rrw_enter(&(*zfvp)->z_teardown_lock, RW_READER, tag); 1012 if ((*zfvp)->z_unmounted) { 1013 /* 1014 * XXX we could probably try again, since the unmounting 1015 * thread should be just about to disassociate the 1016 * objset from the zfsvfs. 1017 */ 1018 rrw_exit(&(*zfvp)->z_teardown_lock, tag); 1019 return (EBUSY); 1020 } 1021 } 1022 return (error); 1023 } 1024 1025 static void 1026 zfsvfs_rele(zfsvfs_t *zfsvfs, void *tag) 1027 { 1028 rrw_exit(&zfsvfs->z_teardown_lock, tag); 1029 1030 if (zfsvfs->z_vfs) { 1031 VFS_RELE(zfsvfs->z_vfs); 1032 } else { 1033 dmu_objset_disown(zfsvfs->z_os, zfsvfs); 1034 zfsvfs_free(zfsvfs); 1035 } 1036 } 1037 1038 static int 1039 zfs_ioc_pool_create(zfs_cmd_t *zc) 1040 { 1041 int error; 1042 nvlist_t *config, *props = NULL; 1043 nvlist_t *rootprops = NULL; 1044 nvlist_t *zplprops = NULL; 1045 char *buf; 1046 1047 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1048 zc->zc_iflags, &config)) 1049 return (error); 1050 1051 if (zc->zc_nvlist_src_size != 0 && (error = 1052 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1053 zc->zc_iflags, &props))) { 1054 nvlist_free(config); 1055 return (error); 1056 } 1057 1058 if (props) { 1059 nvlist_t *nvl = NULL; 1060 uint64_t version = SPA_VERSION; 1061 1062 (void) nvlist_lookup_uint64(props, 1063 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version); 1064 if (version < SPA_VERSION_INITIAL || version > SPA_VERSION) { 1065 error = EINVAL; 1066 goto pool_props_bad; 1067 } 1068 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl); 1069 if (nvl) { 1070 error = nvlist_dup(nvl, &rootprops, KM_SLEEP); 1071 if (error != 0) { 1072 nvlist_free(config); 1073 nvlist_free(props); 1074 return (error); 1075 } 1076 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS); 1077 } 1078 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 1079 error = zfs_fill_zplprops_root(version, rootprops, 1080 zplprops, NULL); 1081 if (error) 1082 goto pool_props_bad; 1083 } 1084 1085 buf = history_str_get(zc); 1086 1087 error = spa_create(zc->zc_name, config, props, buf, zplprops); 1088 1089 /* 1090 * Set the remaining root properties 1091 */ 1092 if (!error && (error = zfs_set_prop_nvlist(zc->zc_name, 1093 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0) 1094 (void) spa_destroy(zc->zc_name); 1095 1096 if (buf != NULL) 1097 history_str_free(buf); 1098 1099 pool_props_bad: 1100 nvlist_free(rootprops); 1101 nvlist_free(zplprops); 1102 nvlist_free(config); 1103 nvlist_free(props); 1104 1105 return (error); 1106 } 1107 1108 static int 1109 zfs_ioc_pool_destroy(zfs_cmd_t *zc) 1110 { 1111 int error; 1112 zfs_log_history(zc); 1113 error = spa_destroy(zc->zc_name); 1114 if (error == 0) 1115 zvol_remove_minors(zc->zc_name); 1116 return (error); 1117 } 1118 1119 static int 1120 zfs_ioc_pool_import(zfs_cmd_t *zc) 1121 { 1122 nvlist_t *config, *props = NULL; 1123 uint64_t guid; 1124 int error; 1125 1126 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1127 zc->zc_iflags, &config)) != 0) 1128 return (error); 1129 1130 if (zc->zc_nvlist_src_size != 0 && (error = 1131 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1132 zc->zc_iflags, &props))) { 1133 nvlist_free(config); 1134 return (error); 1135 } 1136 1137 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 || 1138 guid != zc->zc_guid) 1139 error = EINVAL; 1140 else if (zc->zc_cookie) 1141 error = spa_import_verbatim(zc->zc_name, config, props); 1142 else 1143 error = spa_import(zc->zc_name, config, props); 1144 1145 if (zc->zc_nvlist_dst != 0) 1146 (void) put_nvlist(zc, config); 1147 1148 nvlist_free(config); 1149 1150 if (props) 1151 nvlist_free(props); 1152 1153 return (error); 1154 } 1155 1156 static int 1157 zfs_ioc_pool_export(zfs_cmd_t *zc) 1158 { 1159 int error; 1160 boolean_t force = (boolean_t)zc->zc_cookie; 1161 boolean_t hardforce = (boolean_t)zc->zc_guid; 1162 1163 zfs_log_history(zc); 1164 error = spa_export(zc->zc_name, NULL, force, hardforce); 1165 if (error == 0) 1166 zvol_remove_minors(zc->zc_name); 1167 return (error); 1168 } 1169 1170 static int 1171 zfs_ioc_pool_configs(zfs_cmd_t *zc) 1172 { 1173 nvlist_t *configs; 1174 int error; 1175 1176 if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL) 1177 return (EEXIST); 1178 1179 error = put_nvlist(zc, configs); 1180 1181 nvlist_free(configs); 1182 1183 return (error); 1184 } 1185 1186 static int 1187 zfs_ioc_pool_stats(zfs_cmd_t *zc) 1188 { 1189 nvlist_t *config; 1190 int error; 1191 int ret = 0; 1192 1193 error = spa_get_stats(zc->zc_name, &config, zc->zc_value, 1194 sizeof (zc->zc_value)); 1195 1196 if (config != NULL) { 1197 ret = put_nvlist(zc, config); 1198 nvlist_free(config); 1199 1200 /* 1201 * The config may be present even if 'error' is non-zero. 1202 * In this case we return success, and preserve the real errno 1203 * in 'zc_cookie'. 1204 */ 1205 zc->zc_cookie = error; 1206 } else { 1207 ret = error; 1208 } 1209 1210 return (ret); 1211 } 1212 1213 /* 1214 * Try to import the given pool, returning pool stats as appropriate so that 1215 * user land knows which devices are available and overall pool health. 1216 */ 1217 static int 1218 zfs_ioc_pool_tryimport(zfs_cmd_t *zc) 1219 { 1220 nvlist_t *tryconfig, *config; 1221 int error; 1222 1223 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1224 zc->zc_iflags, &tryconfig)) != 0) 1225 return (error); 1226 1227 config = spa_tryimport(tryconfig); 1228 1229 nvlist_free(tryconfig); 1230 1231 if (config == NULL) 1232 return (EINVAL); 1233 1234 error = put_nvlist(zc, config); 1235 nvlist_free(config); 1236 1237 return (error); 1238 } 1239 1240 static int 1241 zfs_ioc_pool_scrub(zfs_cmd_t *zc) 1242 { 1243 spa_t *spa; 1244 int error; 1245 1246 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1247 return (error); 1248 1249 error = spa_scrub(spa, zc->zc_cookie); 1250 1251 spa_close(spa, FTAG); 1252 1253 return (error); 1254 } 1255 1256 static int 1257 zfs_ioc_pool_freeze(zfs_cmd_t *zc) 1258 { 1259 spa_t *spa; 1260 int error; 1261 1262 error = spa_open(zc->zc_name, &spa, FTAG); 1263 if (error == 0) { 1264 spa_freeze(spa); 1265 spa_close(spa, FTAG); 1266 } 1267 return (error); 1268 } 1269 1270 static int 1271 zfs_ioc_pool_upgrade(zfs_cmd_t *zc) 1272 { 1273 spa_t *spa; 1274 int error; 1275 1276 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1277 return (error); 1278 1279 if (zc->zc_cookie < spa_version(spa) || zc->zc_cookie > SPA_VERSION) { 1280 spa_close(spa, FTAG); 1281 return (EINVAL); 1282 } 1283 1284 spa_upgrade(spa, zc->zc_cookie); 1285 spa_close(spa, FTAG); 1286 1287 return (error); 1288 } 1289 1290 static int 1291 zfs_ioc_pool_get_history(zfs_cmd_t *zc) 1292 { 1293 spa_t *spa; 1294 char *hist_buf; 1295 uint64_t size; 1296 int error; 1297 1298 if ((size = zc->zc_history_len) == 0) 1299 return (EINVAL); 1300 1301 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1302 return (error); 1303 1304 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) { 1305 spa_close(spa, FTAG); 1306 return (ENOTSUP); 1307 } 1308 1309 hist_buf = kmem_alloc(size, KM_SLEEP); 1310 if ((error = spa_history_get(spa, &zc->zc_history_offset, 1311 &zc->zc_history_len, hist_buf)) == 0) { 1312 error = ddi_copyout(hist_buf, 1313 (void *)(uintptr_t)zc->zc_history, 1314 zc->zc_history_len, zc->zc_iflags); 1315 } 1316 1317 spa_close(spa, FTAG); 1318 kmem_free(hist_buf, size); 1319 return (error); 1320 } 1321 1322 static int 1323 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc) 1324 { 1325 int error; 1326 1327 if (error = dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value)) 1328 return (error); 1329 1330 return (0); 1331 } 1332 1333 /* 1334 * inputs: 1335 * zc_name name of filesystem 1336 * zc_obj object to find 1337 * 1338 * outputs: 1339 * zc_value name of object 1340 */ 1341 static int 1342 zfs_ioc_obj_to_path(zfs_cmd_t *zc) 1343 { 1344 objset_t *os; 1345 int error; 1346 1347 /* XXX reading from objset not owned */ 1348 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0) 1349 return (error); 1350 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1351 dmu_objset_rele(os, FTAG); 1352 return (EINVAL); 1353 } 1354 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value, 1355 sizeof (zc->zc_value)); 1356 dmu_objset_rele(os, FTAG); 1357 1358 return (error); 1359 } 1360 1361 static int 1362 zfs_ioc_vdev_add(zfs_cmd_t *zc) 1363 { 1364 spa_t *spa; 1365 int error; 1366 nvlist_t *config, **l2cache, **spares; 1367 uint_t nl2cache = 0, nspares = 0; 1368 1369 error = spa_open(zc->zc_name, &spa, FTAG); 1370 if (error != 0) 1371 return (error); 1372 1373 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1374 zc->zc_iflags, &config); 1375 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_L2CACHE, 1376 &l2cache, &nl2cache); 1377 1378 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_SPARES, 1379 &spares, &nspares); 1380 1381 /* 1382 * A root pool with concatenated devices is not supported. 1383 * Thus, can not add a device to a root pool. 1384 * 1385 * Intent log device can not be added to a rootpool because 1386 * during mountroot, zil is replayed, a seperated log device 1387 * can not be accessed during the mountroot time. 1388 * 1389 * l2cache and spare devices are ok to be added to a rootpool. 1390 */ 1391 if (spa_bootfs(spa) != 0 && nl2cache == 0 && nspares == 0) { 1392 nvlist_free(config); 1393 spa_close(spa, FTAG); 1394 return (EDOM); 1395 } 1396 1397 if (error == 0) { 1398 error = spa_vdev_add(spa, config); 1399 nvlist_free(config); 1400 } 1401 spa_close(spa, FTAG); 1402 return (error); 1403 } 1404 1405 static int 1406 zfs_ioc_vdev_remove(zfs_cmd_t *zc) 1407 { 1408 spa_t *spa; 1409 int error; 1410 1411 error = spa_open(zc->zc_name, &spa, FTAG); 1412 if (error != 0) 1413 return (error); 1414 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE); 1415 spa_close(spa, FTAG); 1416 return (error); 1417 } 1418 1419 static int 1420 zfs_ioc_vdev_set_state(zfs_cmd_t *zc) 1421 { 1422 spa_t *spa; 1423 int error; 1424 vdev_state_t newstate = VDEV_STATE_UNKNOWN; 1425 1426 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1427 return (error); 1428 switch (zc->zc_cookie) { 1429 case VDEV_STATE_ONLINE: 1430 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate); 1431 break; 1432 1433 case VDEV_STATE_OFFLINE: 1434 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj); 1435 break; 1436 1437 case VDEV_STATE_FAULTED: 1438 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED && 1439 zc->zc_obj != VDEV_AUX_EXTERNAL) 1440 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED; 1441 1442 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj); 1443 break; 1444 1445 case VDEV_STATE_DEGRADED: 1446 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED && 1447 zc->zc_obj != VDEV_AUX_EXTERNAL) 1448 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED; 1449 1450 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj); 1451 break; 1452 1453 default: 1454 error = EINVAL; 1455 } 1456 zc->zc_cookie = newstate; 1457 spa_close(spa, FTAG); 1458 return (error); 1459 } 1460 1461 static int 1462 zfs_ioc_vdev_attach(zfs_cmd_t *zc) 1463 { 1464 spa_t *spa; 1465 int replacing = zc->zc_cookie; 1466 nvlist_t *config; 1467 int error; 1468 1469 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1470 return (error); 1471 1472 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1473 zc->zc_iflags, &config)) == 0) { 1474 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing); 1475 nvlist_free(config); 1476 } 1477 1478 spa_close(spa, FTAG); 1479 return (error); 1480 } 1481 1482 static int 1483 zfs_ioc_vdev_detach(zfs_cmd_t *zc) 1484 { 1485 spa_t *spa; 1486 int error; 1487 1488 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1489 return (error); 1490 1491 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE); 1492 1493 spa_close(spa, FTAG); 1494 return (error); 1495 } 1496 1497 static int 1498 zfs_ioc_vdev_split(zfs_cmd_t *zc) 1499 { 1500 spa_t *spa; 1501 nvlist_t *config, *props = NULL; 1502 int error; 1503 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT); 1504 1505 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1506 return (error); 1507 1508 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1509 zc->zc_iflags, &config)) { 1510 spa_close(spa, FTAG); 1511 return (error); 1512 } 1513 1514 if (zc->zc_nvlist_src_size != 0 && (error = 1515 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1516 zc->zc_iflags, &props))) { 1517 spa_close(spa, FTAG); 1518 nvlist_free(config); 1519 return (error); 1520 } 1521 1522 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp); 1523 1524 spa_close(spa, FTAG); 1525 1526 nvlist_free(config); 1527 nvlist_free(props); 1528 1529 return (error); 1530 } 1531 1532 static int 1533 zfs_ioc_vdev_setpath(zfs_cmd_t *zc) 1534 { 1535 spa_t *spa; 1536 char *path = zc->zc_value; 1537 uint64_t guid = zc->zc_guid; 1538 int error; 1539 1540 error = spa_open(zc->zc_name, &spa, FTAG); 1541 if (error != 0) 1542 return (error); 1543 1544 error = spa_vdev_setpath(spa, guid, path); 1545 spa_close(spa, FTAG); 1546 return (error); 1547 } 1548 1549 static int 1550 zfs_ioc_vdev_setfru(zfs_cmd_t *zc) 1551 { 1552 spa_t *spa; 1553 char *fru = zc->zc_value; 1554 uint64_t guid = zc->zc_guid; 1555 int error; 1556 1557 error = spa_open(zc->zc_name, &spa, FTAG); 1558 if (error != 0) 1559 return (error); 1560 1561 error = spa_vdev_setfru(spa, guid, fru); 1562 spa_close(spa, FTAG); 1563 return (error); 1564 } 1565 1566 /* 1567 * inputs: 1568 * zc_name name of filesystem 1569 * zc_nvlist_dst_size size of buffer for property nvlist 1570 * 1571 * outputs: 1572 * zc_objset_stats stats 1573 * zc_nvlist_dst property nvlist 1574 * zc_nvlist_dst_size size of property nvlist 1575 */ 1576 static int 1577 zfs_ioc_objset_stats(zfs_cmd_t *zc) 1578 { 1579 objset_t *os = NULL; 1580 int error; 1581 nvlist_t *nv; 1582 1583 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os)) 1584 return (error); 1585 1586 dmu_objset_fast_stat(os, &zc->zc_objset_stats); 1587 1588 if (zc->zc_nvlist_dst != 0 && 1589 (error = dsl_prop_get_all(os, &nv)) == 0) { 1590 dmu_objset_stats(os, nv); 1591 /* 1592 * NB: zvol_get_stats() will read the objset contents, 1593 * which we aren't supposed to do with a 1594 * DS_MODE_USER hold, because it could be 1595 * inconsistent. So this is a bit of a workaround... 1596 * XXX reading with out owning 1597 */ 1598 if (!zc->zc_objset_stats.dds_inconsistent) { 1599 if (dmu_objset_type(os) == DMU_OST_ZVOL) 1600 VERIFY(zvol_get_stats(os, nv) == 0); 1601 } 1602 error = put_nvlist(zc, nv); 1603 nvlist_free(nv); 1604 } 1605 1606 dmu_objset_rele(os, FTAG); 1607 return (error); 1608 } 1609 1610 /* 1611 * inputs: 1612 * zc_name name of filesystem 1613 * zc_nvlist_dst_size size of buffer for property nvlist 1614 * 1615 * outputs: 1616 * zc_nvlist_dst received property nvlist 1617 * zc_nvlist_dst_size size of received property nvlist 1618 * 1619 * Gets received properties (distinct from local properties on or after 1620 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from 1621 * local property values. 1622 */ 1623 static int 1624 zfs_ioc_objset_recvd_props(zfs_cmd_t *zc) 1625 { 1626 objset_t *os = NULL; 1627 int error; 1628 nvlist_t *nv; 1629 1630 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os)) 1631 return (error); 1632 1633 /* 1634 * Without this check, we would return local property values if the 1635 * caller has not already received properties on or after 1636 * SPA_VERSION_RECVD_PROPS. 1637 */ 1638 if (!dsl_prop_get_hasrecvd(os)) { 1639 dmu_objset_rele(os, FTAG); 1640 return (ENOTSUP); 1641 } 1642 1643 if (zc->zc_nvlist_dst != 0 && 1644 (error = dsl_prop_get_received(os, &nv)) == 0) { 1645 error = put_nvlist(zc, nv); 1646 nvlist_free(nv); 1647 } 1648 1649 dmu_objset_rele(os, FTAG); 1650 return (error); 1651 } 1652 1653 static int 1654 nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop) 1655 { 1656 uint64_t value; 1657 int error; 1658 1659 /* 1660 * zfs_get_zplprop() will either find a value or give us 1661 * the default value (if there is one). 1662 */ 1663 if ((error = zfs_get_zplprop(os, prop, &value)) != 0) 1664 return (error); 1665 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0); 1666 return (0); 1667 } 1668 1669 /* 1670 * inputs: 1671 * zc_name name of filesystem 1672 * zc_nvlist_dst_size size of buffer for zpl property nvlist 1673 * 1674 * outputs: 1675 * zc_nvlist_dst zpl property nvlist 1676 * zc_nvlist_dst_size size of zpl property nvlist 1677 */ 1678 static int 1679 zfs_ioc_objset_zplprops(zfs_cmd_t *zc) 1680 { 1681 objset_t *os; 1682 int err; 1683 1684 /* XXX reading without owning */ 1685 if (err = dmu_objset_hold(zc->zc_name, FTAG, &os)) 1686 return (err); 1687 1688 dmu_objset_fast_stat(os, &zc->zc_objset_stats); 1689 1690 /* 1691 * NB: nvl_add_zplprop() will read the objset contents, 1692 * which we aren't supposed to do with a DS_MODE_USER 1693 * hold, because it could be inconsistent. 1694 */ 1695 if (zc->zc_nvlist_dst != NULL && 1696 !zc->zc_objset_stats.dds_inconsistent && 1697 dmu_objset_type(os) == DMU_OST_ZFS) { 1698 nvlist_t *nv; 1699 1700 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0); 1701 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 && 1702 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 && 1703 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 && 1704 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0) 1705 err = put_nvlist(zc, nv); 1706 nvlist_free(nv); 1707 } else { 1708 err = ENOENT; 1709 } 1710 dmu_objset_rele(os, FTAG); 1711 return (err); 1712 } 1713 1714 static boolean_t 1715 dataset_name_hidden(const char *name) 1716 { 1717 /* 1718 * Skip over datasets that are not visible in this zone, 1719 * internal datasets (which have a $ in their name), and 1720 * temporary datasets (which have a % in their name). 1721 */ 1722 if (strchr(name, '$') != NULL) 1723 return (B_TRUE); 1724 if (strchr(name, '%') != NULL) 1725 return (B_TRUE); 1726 if (!INGLOBALZONE(curproc) && !zone_dataset_visible(name, NULL)) 1727 return (B_TRUE); 1728 return (B_FALSE); 1729 } 1730 1731 /* 1732 * inputs: 1733 * zc_name name of filesystem 1734 * zc_cookie zap cursor 1735 * zc_nvlist_dst_size size of buffer for property nvlist 1736 * 1737 * outputs: 1738 * zc_name name of next filesystem 1739 * zc_cookie zap cursor 1740 * zc_objset_stats stats 1741 * zc_nvlist_dst property nvlist 1742 * zc_nvlist_dst_size size of property nvlist 1743 */ 1744 static int 1745 zfs_ioc_dataset_list_next(zfs_cmd_t *zc) 1746 { 1747 objset_t *os; 1748 int error; 1749 char *p; 1750 size_t orig_len = strlen(zc->zc_name); 1751 1752 top: 1753 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os)) { 1754 if (error == ENOENT) 1755 error = ESRCH; 1756 return (error); 1757 } 1758 1759 p = strrchr(zc->zc_name, '/'); 1760 if (p == NULL || p[1] != '\0') 1761 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name)); 1762 p = zc->zc_name + strlen(zc->zc_name); 1763 1764 /* 1765 * Pre-fetch the datasets. dmu_objset_prefetch() always returns 0 1766 * but is not declared void because its called by dmu_objset_find(). 1767 */ 1768 if (zc->zc_cookie == 0) { 1769 uint64_t cookie = 0; 1770 int len = sizeof (zc->zc_name) - (p - zc->zc_name); 1771 1772 while (dmu_dir_list_next(os, len, p, NULL, &cookie) == 0) 1773 (void) dmu_objset_prefetch(p, NULL); 1774 } 1775 1776 do { 1777 error = dmu_dir_list_next(os, 1778 sizeof (zc->zc_name) - (p - zc->zc_name), p, 1779 NULL, &zc->zc_cookie); 1780 if (error == ENOENT) 1781 error = ESRCH; 1782 } while (error == 0 && dataset_name_hidden(zc->zc_name) && 1783 !(zc->zc_iflags & FKIOCTL)); 1784 dmu_objset_rele(os, FTAG); 1785 1786 /* 1787 * If it's an internal dataset (ie. with a '$' in its name), 1788 * don't try to get stats for it, otherwise we'll return ENOENT. 1789 */ 1790 if (error == 0 && strchr(zc->zc_name, '$') == NULL) { 1791 error = zfs_ioc_objset_stats(zc); /* fill in the stats */ 1792 if (error == ENOENT) { 1793 /* We lost a race with destroy, get the next one. */ 1794 zc->zc_name[orig_len] = '\0'; 1795 goto top; 1796 } 1797 } 1798 return (error); 1799 } 1800 1801 /* 1802 * inputs: 1803 * zc_name name of filesystem 1804 * zc_cookie zap cursor 1805 * zc_nvlist_dst_size size of buffer for property nvlist 1806 * 1807 * outputs: 1808 * zc_name name of next snapshot 1809 * zc_objset_stats stats 1810 * zc_nvlist_dst property nvlist 1811 * zc_nvlist_dst_size size of property nvlist 1812 */ 1813 static int 1814 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc) 1815 { 1816 objset_t *os; 1817 int error; 1818 1819 top: 1820 if (zc->zc_cookie == 0) 1821 (void) dmu_objset_find(zc->zc_name, dmu_objset_prefetch, 1822 NULL, DS_FIND_SNAPSHOTS); 1823 1824 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 1825 if (error) 1826 return (error == ENOENT ? ESRCH : error); 1827 1828 /* 1829 * A dataset name of maximum length cannot have any snapshots, 1830 * so exit immediately. 1831 */ 1832 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >= MAXNAMELEN) { 1833 dmu_objset_rele(os, FTAG); 1834 return (ESRCH); 1835 } 1836 1837 error = dmu_snapshot_list_next(os, 1838 sizeof (zc->zc_name) - strlen(zc->zc_name), 1839 zc->zc_name + strlen(zc->zc_name), NULL, &zc->zc_cookie, NULL); 1840 dmu_objset_rele(os, FTAG); 1841 if (error == 0) { 1842 error = zfs_ioc_objset_stats(zc); /* fill in the stats */ 1843 if (error == ENOENT) { 1844 /* We lost a race with destroy, get the next one. */ 1845 *strchr(zc->zc_name, '@') = '\0'; 1846 goto top; 1847 } 1848 } else if (error == ENOENT) { 1849 error = ESRCH; 1850 } 1851 1852 /* if we failed, undo the @ that we tacked on to zc_name */ 1853 if (error) 1854 *strchr(zc->zc_name, '@') = '\0'; 1855 return (error); 1856 } 1857 1858 static int 1859 zfs_prop_set_userquota(const char *dsname, nvpair_t *pair) 1860 { 1861 const char *propname = nvpair_name(pair); 1862 uint64_t *valary; 1863 unsigned int vallen; 1864 const char *domain; 1865 char *dash; 1866 zfs_userquota_prop_t type; 1867 uint64_t rid; 1868 uint64_t quota; 1869 zfsvfs_t *zfsvfs; 1870 int err; 1871 1872 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 1873 nvlist_t *attrs; 1874 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 1875 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 1876 &pair) != 0) 1877 return (EINVAL); 1878 } 1879 1880 /* 1881 * A correctly constructed propname is encoded as 1882 * userquota@<rid>-<domain>. 1883 */ 1884 if ((dash = strchr(propname, '-')) == NULL || 1885 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 || 1886 vallen != 3) 1887 return (EINVAL); 1888 1889 domain = dash + 1; 1890 type = valary[0]; 1891 rid = valary[1]; 1892 quota = valary[2]; 1893 1894 err = zfsvfs_hold(dsname, FTAG, &zfsvfs); 1895 if (err == 0) { 1896 err = zfs_set_userquota(zfsvfs, type, domain, rid, quota); 1897 zfsvfs_rele(zfsvfs, FTAG); 1898 } 1899 1900 return (err); 1901 } 1902 1903 /* 1904 * If the named property is one that has a special function to set its value, 1905 * return 0 on success and a positive error code on failure; otherwise if it is 1906 * not one of the special properties handled by this function, return -1. 1907 * 1908 * XXX: It would be better for callers of the property interface if we handled 1909 * these special cases in dsl_prop.c (in the dsl layer). 1910 */ 1911 static int 1912 zfs_prop_set_special(const char *dsname, zprop_source_t source, 1913 nvpair_t *pair) 1914 { 1915 const char *propname = nvpair_name(pair); 1916 zfs_prop_t prop = zfs_name_to_prop(propname); 1917 uint64_t intval; 1918 int err; 1919 1920 if (prop == ZPROP_INVAL) { 1921 if (zfs_prop_userquota(propname)) 1922 return (zfs_prop_set_userquota(dsname, pair)); 1923 return (-1); 1924 } 1925 1926 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 1927 nvlist_t *attrs; 1928 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 1929 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 1930 &pair) == 0); 1931 } 1932 1933 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING) 1934 return (-1); 1935 1936 VERIFY(0 == nvpair_value_uint64(pair, &intval)); 1937 1938 switch (prop) { 1939 case ZFS_PROP_QUOTA: 1940 err = dsl_dir_set_quota(dsname, source, intval); 1941 break; 1942 case ZFS_PROP_REFQUOTA: 1943 err = dsl_dataset_set_quota(dsname, source, intval); 1944 break; 1945 case ZFS_PROP_RESERVATION: 1946 err = dsl_dir_set_reservation(dsname, source, intval); 1947 break; 1948 case ZFS_PROP_REFRESERVATION: 1949 err = dsl_dataset_set_reservation(dsname, source, intval); 1950 break; 1951 case ZFS_PROP_VOLSIZE: 1952 err = zvol_set_volsize(dsname, ddi_driver_major(zfs_dip), 1953 intval); 1954 break; 1955 case ZFS_PROP_VERSION: 1956 { 1957 zfsvfs_t *zfsvfs; 1958 1959 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs)) != 0) 1960 break; 1961 1962 err = zfs_set_version(zfsvfs, intval); 1963 zfsvfs_rele(zfsvfs, FTAG); 1964 1965 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) { 1966 zfs_cmd_t *zc; 1967 1968 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP); 1969 (void) strcpy(zc->zc_name, dsname); 1970 (void) zfs_ioc_userspace_upgrade(zc); 1971 kmem_free(zc, sizeof (zfs_cmd_t)); 1972 } 1973 break; 1974 } 1975 1976 default: 1977 err = -1; 1978 } 1979 1980 return (err); 1981 } 1982 1983 /* 1984 * This function is best effort. If it fails to set any of the given properties, 1985 * it continues to set as many as it can and returns the first error 1986 * encountered. If the caller provides a non-NULL errlist, it also gives the 1987 * complete list of names of all the properties it failed to set along with the 1988 * corresponding error numbers. The caller is responsible for freeing the 1989 * returned errlist. 1990 * 1991 * If every property is set successfully, zero is returned and the list pointed 1992 * at by errlist is NULL. 1993 */ 1994 int 1995 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl, 1996 nvlist_t **errlist) 1997 { 1998 nvpair_t *pair; 1999 nvpair_t *propval; 2000 int rv = 0; 2001 uint64_t intval; 2002 char *strval; 2003 nvlist_t *genericnvl; 2004 nvlist_t *errors; 2005 nvlist_t *retrynvl; 2006 2007 VERIFY(nvlist_alloc(&genericnvl, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2008 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2009 VERIFY(nvlist_alloc(&retrynvl, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2010 2011 retry: 2012 pair = NULL; 2013 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) { 2014 const char *propname = nvpair_name(pair); 2015 zfs_prop_t prop = zfs_name_to_prop(propname); 2016 int err = 0; 2017 2018 /* decode the property value */ 2019 propval = pair; 2020 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2021 nvlist_t *attrs; 2022 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 2023 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2024 &propval) != 0) 2025 err = EINVAL; 2026 } 2027 2028 /* Validate value type */ 2029 if (err == 0 && prop == ZPROP_INVAL) { 2030 if (zfs_prop_user(propname)) { 2031 if (nvpair_type(propval) != DATA_TYPE_STRING) 2032 err = EINVAL; 2033 } else if (zfs_prop_userquota(propname)) { 2034 if (nvpair_type(propval) != 2035 DATA_TYPE_UINT64_ARRAY) 2036 err = EINVAL; 2037 } 2038 } else if (err == 0) { 2039 if (nvpair_type(propval) == DATA_TYPE_STRING) { 2040 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING) 2041 err = EINVAL; 2042 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) { 2043 const char *unused; 2044 2045 VERIFY(nvpair_value_uint64(propval, 2046 &intval) == 0); 2047 2048 switch (zfs_prop_get_type(prop)) { 2049 case PROP_TYPE_NUMBER: 2050 break; 2051 case PROP_TYPE_STRING: 2052 err = EINVAL; 2053 break; 2054 case PROP_TYPE_INDEX: 2055 if (zfs_prop_index_to_string(prop, 2056 intval, &unused) != 0) 2057 err = EINVAL; 2058 break; 2059 default: 2060 cmn_err(CE_PANIC, 2061 "unknown property type"); 2062 } 2063 } else { 2064 err = EINVAL; 2065 } 2066 } 2067 2068 /* Validate permissions */ 2069 if (err == 0) 2070 err = zfs_check_settable(dsname, pair, CRED()); 2071 2072 if (err == 0) { 2073 err = zfs_prop_set_special(dsname, source, pair); 2074 if (err == -1) { 2075 /* 2076 * For better performance we build up a list of 2077 * properties to set in a single transaction. 2078 */ 2079 err = nvlist_add_nvpair(genericnvl, pair); 2080 } else if (err != 0 && nvl != retrynvl) { 2081 /* 2082 * This may be a spurious error caused by 2083 * receiving quota and reservation out of order. 2084 * Try again in a second pass. 2085 */ 2086 err = nvlist_add_nvpair(retrynvl, pair); 2087 } 2088 } 2089 2090 if (err != 0) 2091 VERIFY(nvlist_add_int32(errors, propname, err) == 0); 2092 } 2093 2094 if (nvl != retrynvl && !nvlist_empty(retrynvl)) { 2095 nvl = retrynvl; 2096 goto retry; 2097 } 2098 2099 if (!nvlist_empty(genericnvl) && 2100 dsl_props_set(dsname, source, genericnvl) != 0) { 2101 /* 2102 * If this fails, we still want to set as many properties as we 2103 * can, so try setting them individually. 2104 */ 2105 pair = NULL; 2106 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) { 2107 const char *propname = nvpair_name(pair); 2108 int err = 0; 2109 2110 propval = pair; 2111 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2112 nvlist_t *attrs; 2113 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 2114 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2115 &propval) == 0); 2116 } 2117 2118 if (nvpair_type(propval) == DATA_TYPE_STRING) { 2119 VERIFY(nvpair_value_string(propval, 2120 &strval) == 0); 2121 err = dsl_prop_set(dsname, propname, source, 1, 2122 strlen(strval) + 1, strval); 2123 } else { 2124 VERIFY(nvpair_value_uint64(propval, 2125 &intval) == 0); 2126 err = dsl_prop_set(dsname, propname, source, 8, 2127 1, &intval); 2128 } 2129 2130 if (err != 0) { 2131 VERIFY(nvlist_add_int32(errors, propname, 2132 err) == 0); 2133 } 2134 } 2135 } 2136 nvlist_free(genericnvl); 2137 nvlist_free(retrynvl); 2138 2139 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) { 2140 nvlist_free(errors); 2141 errors = NULL; 2142 } else { 2143 VERIFY(nvpair_value_int32(pair, &rv) == 0); 2144 } 2145 2146 if (errlist == NULL) 2147 nvlist_free(errors); 2148 else 2149 *errlist = errors; 2150 2151 return (rv); 2152 } 2153 2154 /* 2155 * Check that all the properties are valid user properties. 2156 */ 2157 static int 2158 zfs_check_userprops(char *fsname, nvlist_t *nvl) 2159 { 2160 nvpair_t *pair = NULL; 2161 int error = 0; 2162 2163 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) { 2164 const char *propname = nvpair_name(pair); 2165 char *valstr; 2166 2167 if (!zfs_prop_user(propname) || 2168 nvpair_type(pair) != DATA_TYPE_STRING) 2169 return (EINVAL); 2170 2171 if (error = zfs_secpolicy_write_perms(fsname, 2172 ZFS_DELEG_PERM_USERPROP, CRED())) 2173 return (error); 2174 2175 if (strlen(propname) >= ZAP_MAXNAMELEN) 2176 return (ENAMETOOLONG); 2177 2178 VERIFY(nvpair_value_string(pair, &valstr) == 0); 2179 if (strlen(valstr) >= ZAP_MAXVALUELEN) 2180 return (E2BIG); 2181 } 2182 return (0); 2183 } 2184 2185 static void 2186 props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops) 2187 { 2188 nvpair_t *pair; 2189 2190 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2191 2192 pair = NULL; 2193 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) { 2194 if (nvlist_exists(skipped, nvpair_name(pair))) 2195 continue; 2196 2197 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0); 2198 } 2199 } 2200 2201 static int 2202 clear_received_props(objset_t *os, const char *fs, nvlist_t *props, 2203 nvlist_t *skipped) 2204 { 2205 int err = 0; 2206 nvlist_t *cleared_props = NULL; 2207 props_skip(props, skipped, &cleared_props); 2208 if (!nvlist_empty(cleared_props)) { 2209 /* 2210 * Acts on local properties until the dataset has received 2211 * properties at least once on or after SPA_VERSION_RECVD_PROPS. 2212 */ 2213 zprop_source_t flags = (ZPROP_SRC_NONE | 2214 (dsl_prop_get_hasrecvd(os) ? ZPROP_SRC_RECEIVED : 0)); 2215 err = zfs_set_prop_nvlist(fs, flags, cleared_props, NULL); 2216 } 2217 nvlist_free(cleared_props); 2218 return (err); 2219 } 2220 2221 /* 2222 * inputs: 2223 * zc_name name of filesystem 2224 * zc_value name of property to set 2225 * zc_nvlist_src{_size} nvlist of properties to apply 2226 * zc_cookie received properties flag 2227 * 2228 * outputs: 2229 * zc_nvlist_dst{_size} error for each unapplied received property 2230 */ 2231 static int 2232 zfs_ioc_set_prop(zfs_cmd_t *zc) 2233 { 2234 nvlist_t *nvl; 2235 boolean_t received = zc->zc_cookie; 2236 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED : 2237 ZPROP_SRC_LOCAL); 2238 nvlist_t *errors = NULL; 2239 int error; 2240 2241 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2242 zc->zc_iflags, &nvl)) != 0) 2243 return (error); 2244 2245 if (received) { 2246 nvlist_t *origprops; 2247 objset_t *os; 2248 2249 if (dmu_objset_hold(zc->zc_name, FTAG, &os) == 0) { 2250 if (dsl_prop_get_received(os, &origprops) == 0) { 2251 (void) clear_received_props(os, 2252 zc->zc_name, origprops, nvl); 2253 nvlist_free(origprops); 2254 } 2255 2256 dsl_prop_set_hasrecvd(os); 2257 dmu_objset_rele(os, FTAG); 2258 } 2259 } 2260 2261 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, &errors); 2262 2263 if (zc->zc_nvlist_dst != NULL && errors != NULL) { 2264 (void) put_nvlist(zc, errors); 2265 } 2266 2267 nvlist_free(errors); 2268 nvlist_free(nvl); 2269 return (error); 2270 } 2271 2272 /* 2273 * inputs: 2274 * zc_name name of filesystem 2275 * zc_value name of property to inherit 2276 * zc_cookie revert to received value if TRUE 2277 * 2278 * outputs: none 2279 */ 2280 static int 2281 zfs_ioc_inherit_prop(zfs_cmd_t *zc) 2282 { 2283 const char *propname = zc->zc_value; 2284 zfs_prop_t prop = zfs_name_to_prop(propname); 2285 boolean_t received = zc->zc_cookie; 2286 zprop_source_t source = (received 2287 ? ZPROP_SRC_NONE /* revert to received value, if any */ 2288 : ZPROP_SRC_INHERITED); /* explicitly inherit */ 2289 2290 if (received) { 2291 nvlist_t *dummy; 2292 nvpair_t *pair; 2293 zprop_type_t type; 2294 int err; 2295 2296 /* 2297 * zfs_prop_set_special() expects properties in the form of an 2298 * nvpair with type info. 2299 */ 2300 if (prop == ZPROP_INVAL) { 2301 if (!zfs_prop_user(propname)) 2302 return (EINVAL); 2303 2304 type = PROP_TYPE_STRING; 2305 } else if (prop == ZFS_PROP_VOLSIZE || 2306 prop == ZFS_PROP_VERSION) { 2307 return (EINVAL); 2308 } else { 2309 type = zfs_prop_get_type(prop); 2310 } 2311 2312 VERIFY(nvlist_alloc(&dummy, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2313 2314 switch (type) { 2315 case PROP_TYPE_STRING: 2316 VERIFY(0 == nvlist_add_string(dummy, propname, "")); 2317 break; 2318 case PROP_TYPE_NUMBER: 2319 case PROP_TYPE_INDEX: 2320 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0)); 2321 break; 2322 default: 2323 nvlist_free(dummy); 2324 return (EINVAL); 2325 } 2326 2327 pair = nvlist_next_nvpair(dummy, NULL); 2328 err = zfs_prop_set_special(zc->zc_name, source, pair); 2329 nvlist_free(dummy); 2330 if (err != -1) 2331 return (err); /* special property already handled */ 2332 } else { 2333 /* 2334 * Only check this in the non-received case. We want to allow 2335 * 'inherit -S' to revert non-inheritable properties like quota 2336 * and reservation to the received or default values even though 2337 * they are not considered inheritable. 2338 */ 2339 if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop)) 2340 return (EINVAL); 2341 } 2342 2343 /* the property name has been validated by zfs_secpolicy_inherit() */ 2344 return (dsl_prop_set(zc->zc_name, zc->zc_value, source, 0, 0, NULL)); 2345 } 2346 2347 static int 2348 zfs_ioc_pool_set_props(zfs_cmd_t *zc) 2349 { 2350 nvlist_t *props; 2351 spa_t *spa; 2352 int error; 2353 nvpair_t *pair; 2354 2355 if (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2356 zc->zc_iflags, &props)) 2357 return (error); 2358 2359 /* 2360 * If the only property is the configfile, then just do a spa_lookup() 2361 * to handle the faulted case. 2362 */ 2363 pair = nvlist_next_nvpair(props, NULL); 2364 if (pair != NULL && strcmp(nvpair_name(pair), 2365 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 && 2366 nvlist_next_nvpair(props, pair) == NULL) { 2367 mutex_enter(&spa_namespace_lock); 2368 if ((spa = spa_lookup(zc->zc_name)) != NULL) { 2369 spa_configfile_set(spa, props, B_FALSE); 2370 spa_config_sync(spa, B_FALSE, B_TRUE); 2371 } 2372 mutex_exit(&spa_namespace_lock); 2373 if (spa != NULL) { 2374 nvlist_free(props); 2375 return (0); 2376 } 2377 } 2378 2379 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) { 2380 nvlist_free(props); 2381 return (error); 2382 } 2383 2384 error = spa_prop_set(spa, props); 2385 2386 nvlist_free(props); 2387 spa_close(spa, FTAG); 2388 2389 return (error); 2390 } 2391 2392 static int 2393 zfs_ioc_pool_get_props(zfs_cmd_t *zc) 2394 { 2395 spa_t *spa; 2396 int error; 2397 nvlist_t *nvp = NULL; 2398 2399 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) { 2400 /* 2401 * If the pool is faulted, there may be properties we can still 2402 * get (such as altroot and cachefile), so attempt to get them 2403 * anyway. 2404 */ 2405 mutex_enter(&spa_namespace_lock); 2406 if ((spa = spa_lookup(zc->zc_name)) != NULL) 2407 error = spa_prop_get(spa, &nvp); 2408 mutex_exit(&spa_namespace_lock); 2409 } else { 2410 error = spa_prop_get(spa, &nvp); 2411 spa_close(spa, FTAG); 2412 } 2413 2414 if (error == 0 && zc->zc_nvlist_dst != NULL) 2415 error = put_nvlist(zc, nvp); 2416 else 2417 error = EFAULT; 2418 2419 nvlist_free(nvp); 2420 return (error); 2421 } 2422 2423 /* 2424 * inputs: 2425 * zc_name name of filesystem 2426 * zc_nvlist_src{_size} nvlist of delegated permissions 2427 * zc_perm_action allow/unallow flag 2428 * 2429 * outputs: none 2430 */ 2431 static int 2432 zfs_ioc_set_fsacl(zfs_cmd_t *zc) 2433 { 2434 int error; 2435 nvlist_t *fsaclnv = NULL; 2436 2437 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2438 zc->zc_iflags, &fsaclnv)) != 0) 2439 return (error); 2440 2441 /* 2442 * Verify nvlist is constructed correctly 2443 */ 2444 if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) { 2445 nvlist_free(fsaclnv); 2446 return (EINVAL); 2447 } 2448 2449 /* 2450 * If we don't have PRIV_SYS_MOUNT, then validate 2451 * that user is allowed to hand out each permission in 2452 * the nvlist(s) 2453 */ 2454 2455 error = secpolicy_zfs(CRED()); 2456 if (error) { 2457 if (zc->zc_perm_action == B_FALSE) { 2458 error = dsl_deleg_can_allow(zc->zc_name, 2459 fsaclnv, CRED()); 2460 } else { 2461 error = dsl_deleg_can_unallow(zc->zc_name, 2462 fsaclnv, CRED()); 2463 } 2464 } 2465 2466 if (error == 0) 2467 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action); 2468 2469 nvlist_free(fsaclnv); 2470 return (error); 2471 } 2472 2473 /* 2474 * inputs: 2475 * zc_name name of filesystem 2476 * 2477 * outputs: 2478 * zc_nvlist_src{_size} nvlist of delegated permissions 2479 */ 2480 static int 2481 zfs_ioc_get_fsacl(zfs_cmd_t *zc) 2482 { 2483 nvlist_t *nvp; 2484 int error; 2485 2486 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) { 2487 error = put_nvlist(zc, nvp); 2488 nvlist_free(nvp); 2489 } 2490 2491 return (error); 2492 } 2493 2494 /* 2495 * Search the vfs list for a specified resource. Returns a pointer to it 2496 * or NULL if no suitable entry is found. The caller of this routine 2497 * is responsible for releasing the returned vfs pointer. 2498 */ 2499 static vfs_t * 2500 zfs_get_vfs(const char *resource) 2501 { 2502 struct vfs *vfsp; 2503 struct vfs *vfs_found = NULL; 2504 2505 vfs_list_read_lock(); 2506 vfsp = rootvfs; 2507 do { 2508 if (strcmp(refstr_value(vfsp->vfs_resource), resource) == 0) { 2509 VFS_HOLD(vfsp); 2510 vfs_found = vfsp; 2511 break; 2512 } 2513 vfsp = vfsp->vfs_next; 2514 } while (vfsp != rootvfs); 2515 vfs_list_unlock(); 2516 return (vfs_found); 2517 } 2518 2519 /* ARGSUSED */ 2520 static void 2521 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx) 2522 { 2523 zfs_creat_t *zct = arg; 2524 2525 zfs_create_fs(os, cr, zct->zct_zplprops, tx); 2526 } 2527 2528 #define ZFS_PROP_UNDEFINED ((uint64_t)-1) 2529 2530 /* 2531 * inputs: 2532 * createprops list of properties requested by creator 2533 * default_zplver zpl version to use if unspecified in createprops 2534 * fuids_ok fuids allowed in this version of the spa? 2535 * os parent objset pointer (NULL if root fs) 2536 * 2537 * outputs: 2538 * zplprops values for the zplprops we attach to the master node object 2539 * is_ci true if requested file system will be purely case-insensitive 2540 * 2541 * Determine the settings for utf8only, normalization and 2542 * casesensitivity. Specific values may have been requested by the 2543 * creator and/or we can inherit values from the parent dataset. If 2544 * the file system is of too early a vintage, a creator can not 2545 * request settings for these properties, even if the requested 2546 * setting is the default value. We don't actually want to create dsl 2547 * properties for these, so remove them from the source nvlist after 2548 * processing. 2549 */ 2550 static int 2551 zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver, 2552 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops, 2553 nvlist_t *zplprops, boolean_t *is_ci) 2554 { 2555 uint64_t sense = ZFS_PROP_UNDEFINED; 2556 uint64_t norm = ZFS_PROP_UNDEFINED; 2557 uint64_t u8 = ZFS_PROP_UNDEFINED; 2558 2559 ASSERT(zplprops != NULL); 2560 2561 /* 2562 * Pull out creator prop choices, if any. 2563 */ 2564 if (createprops) { 2565 (void) nvlist_lookup_uint64(createprops, 2566 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver); 2567 (void) nvlist_lookup_uint64(createprops, 2568 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm); 2569 (void) nvlist_remove_all(createprops, 2570 zfs_prop_to_name(ZFS_PROP_NORMALIZE)); 2571 (void) nvlist_lookup_uint64(createprops, 2572 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8); 2573 (void) nvlist_remove_all(createprops, 2574 zfs_prop_to_name(ZFS_PROP_UTF8ONLY)); 2575 (void) nvlist_lookup_uint64(createprops, 2576 zfs_prop_to_name(ZFS_PROP_CASE), &sense); 2577 (void) nvlist_remove_all(createprops, 2578 zfs_prop_to_name(ZFS_PROP_CASE)); 2579 } 2580 2581 /* 2582 * If the zpl version requested is whacky or the file system 2583 * or pool is version is too "young" to support normalization 2584 * and the creator tried to set a value for one of the props, 2585 * error out. 2586 */ 2587 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) || 2588 (zplver >= ZPL_VERSION_FUID && !fuids_ok) || 2589 (zplver >= ZPL_VERSION_SA && !sa_ok) || 2590 (zplver < ZPL_VERSION_NORMALIZATION && 2591 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED || 2592 sense != ZFS_PROP_UNDEFINED))) 2593 return (ENOTSUP); 2594 2595 /* 2596 * Put the version in the zplprops 2597 */ 2598 VERIFY(nvlist_add_uint64(zplprops, 2599 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0); 2600 2601 if (norm == ZFS_PROP_UNDEFINED) 2602 VERIFY(zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm) == 0); 2603 VERIFY(nvlist_add_uint64(zplprops, 2604 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0); 2605 2606 /* 2607 * If we're normalizing, names must always be valid UTF-8 strings. 2608 */ 2609 if (norm) 2610 u8 = 1; 2611 if (u8 == ZFS_PROP_UNDEFINED) 2612 VERIFY(zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8) == 0); 2613 VERIFY(nvlist_add_uint64(zplprops, 2614 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0); 2615 2616 if (sense == ZFS_PROP_UNDEFINED) 2617 VERIFY(zfs_get_zplprop(os, ZFS_PROP_CASE, &sense) == 0); 2618 VERIFY(nvlist_add_uint64(zplprops, 2619 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0); 2620 2621 if (is_ci) 2622 *is_ci = (sense == ZFS_CASE_INSENSITIVE); 2623 2624 return (0); 2625 } 2626 2627 static int 2628 zfs_fill_zplprops(const char *dataset, nvlist_t *createprops, 2629 nvlist_t *zplprops, boolean_t *is_ci) 2630 { 2631 boolean_t fuids_ok, sa_ok; 2632 uint64_t zplver = ZPL_VERSION; 2633 objset_t *os = NULL; 2634 char parentname[MAXNAMELEN]; 2635 char *cp; 2636 spa_t *spa; 2637 uint64_t spa_vers; 2638 int error; 2639 2640 (void) strlcpy(parentname, dataset, sizeof (parentname)); 2641 cp = strrchr(parentname, '/'); 2642 ASSERT(cp != NULL); 2643 cp[0] = '\0'; 2644 2645 if ((error = spa_open(dataset, &spa, FTAG)) != 0) 2646 return (error); 2647 2648 spa_vers = spa_version(spa); 2649 spa_close(spa, FTAG); 2650 2651 zplver = zfs_zpl_version_map(spa_vers); 2652 fuids_ok = (zplver >= ZPL_VERSION_FUID); 2653 sa_ok = (zplver >= ZPL_VERSION_SA); 2654 2655 /* 2656 * Open parent object set so we can inherit zplprop values. 2657 */ 2658 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0) 2659 return (error); 2660 2661 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops, 2662 zplprops, is_ci); 2663 dmu_objset_rele(os, FTAG); 2664 return (error); 2665 } 2666 2667 static int 2668 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops, 2669 nvlist_t *zplprops, boolean_t *is_ci) 2670 { 2671 boolean_t fuids_ok; 2672 boolean_t sa_ok; 2673 uint64_t zplver = ZPL_VERSION; 2674 int error; 2675 2676 zplver = zfs_zpl_version_map(spa_vers); 2677 fuids_ok = (zplver >= ZPL_VERSION_FUID); 2678 sa_ok = (zplver >= ZPL_VERSION_SA); 2679 2680 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok, 2681 createprops, zplprops, is_ci); 2682 return (error); 2683 } 2684 2685 /* 2686 * inputs: 2687 * zc_objset_type type of objset to create (fs vs zvol) 2688 * zc_name name of new objset 2689 * zc_value name of snapshot to clone from (may be empty) 2690 * zc_nvlist_src{_size} nvlist of properties to apply 2691 * 2692 * outputs: none 2693 */ 2694 static int 2695 zfs_ioc_create(zfs_cmd_t *zc) 2696 { 2697 objset_t *clone; 2698 int error = 0; 2699 zfs_creat_t zct; 2700 nvlist_t *nvprops = NULL; 2701 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx); 2702 dmu_objset_type_t type = zc->zc_objset_type; 2703 2704 switch (type) { 2705 2706 case DMU_OST_ZFS: 2707 cbfunc = zfs_create_cb; 2708 break; 2709 2710 case DMU_OST_ZVOL: 2711 cbfunc = zvol_create_cb; 2712 break; 2713 2714 default: 2715 cbfunc = NULL; 2716 break; 2717 } 2718 if (strchr(zc->zc_name, '@') || 2719 strchr(zc->zc_name, '%')) 2720 return (EINVAL); 2721 2722 if (zc->zc_nvlist_src != NULL && 2723 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2724 zc->zc_iflags, &nvprops)) != 0) 2725 return (error); 2726 2727 zct.zct_zplprops = NULL; 2728 zct.zct_props = nvprops; 2729 2730 if (zc->zc_value[0] != '\0') { 2731 /* 2732 * We're creating a clone of an existing snapshot. 2733 */ 2734 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0'; 2735 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0) { 2736 nvlist_free(nvprops); 2737 return (EINVAL); 2738 } 2739 2740 error = dmu_objset_hold(zc->zc_value, FTAG, &clone); 2741 if (error) { 2742 nvlist_free(nvprops); 2743 return (error); 2744 } 2745 2746 error = dmu_objset_clone(zc->zc_name, dmu_objset_ds(clone), 0); 2747 dmu_objset_rele(clone, FTAG); 2748 if (error) { 2749 nvlist_free(nvprops); 2750 return (error); 2751 } 2752 } else { 2753 boolean_t is_insensitive = B_FALSE; 2754 2755 if (cbfunc == NULL) { 2756 nvlist_free(nvprops); 2757 return (EINVAL); 2758 } 2759 2760 if (type == DMU_OST_ZVOL) { 2761 uint64_t volsize, volblocksize; 2762 2763 if (nvprops == NULL || 2764 nvlist_lookup_uint64(nvprops, 2765 zfs_prop_to_name(ZFS_PROP_VOLSIZE), 2766 &volsize) != 0) { 2767 nvlist_free(nvprops); 2768 return (EINVAL); 2769 } 2770 2771 if ((error = nvlist_lookup_uint64(nvprops, 2772 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE), 2773 &volblocksize)) != 0 && error != ENOENT) { 2774 nvlist_free(nvprops); 2775 return (EINVAL); 2776 } 2777 2778 if (error != 0) 2779 volblocksize = zfs_prop_default_numeric( 2780 ZFS_PROP_VOLBLOCKSIZE); 2781 2782 if ((error = zvol_check_volblocksize( 2783 volblocksize)) != 0 || 2784 (error = zvol_check_volsize(volsize, 2785 volblocksize)) != 0) { 2786 nvlist_free(nvprops); 2787 return (error); 2788 } 2789 } else if (type == DMU_OST_ZFS) { 2790 int error; 2791 2792 /* 2793 * We have to have normalization and 2794 * case-folding flags correct when we do the 2795 * file system creation, so go figure them out 2796 * now. 2797 */ 2798 VERIFY(nvlist_alloc(&zct.zct_zplprops, 2799 NV_UNIQUE_NAME, KM_SLEEP) == 0); 2800 error = zfs_fill_zplprops(zc->zc_name, nvprops, 2801 zct.zct_zplprops, &is_insensitive); 2802 if (error != 0) { 2803 nvlist_free(nvprops); 2804 nvlist_free(zct.zct_zplprops); 2805 return (error); 2806 } 2807 } 2808 error = dmu_objset_create(zc->zc_name, type, 2809 is_insensitive ? DS_FLAG_CI_DATASET : 0, cbfunc, &zct); 2810 nvlist_free(zct.zct_zplprops); 2811 } 2812 2813 /* 2814 * It would be nice to do this atomically. 2815 */ 2816 if (error == 0) { 2817 error = zfs_set_prop_nvlist(zc->zc_name, ZPROP_SRC_LOCAL, 2818 nvprops, NULL); 2819 if (error != 0) 2820 (void) dmu_objset_destroy(zc->zc_name, B_FALSE); 2821 } 2822 nvlist_free(nvprops); 2823 return (error); 2824 } 2825 2826 /* 2827 * inputs: 2828 * zc_name name of filesystem 2829 * zc_value short name of snapshot 2830 * zc_cookie recursive flag 2831 * zc_nvlist_src[_size] property list 2832 * 2833 * outputs: 2834 * zc_value short snapname (i.e. part after the '@') 2835 */ 2836 static int 2837 zfs_ioc_snapshot(zfs_cmd_t *zc) 2838 { 2839 nvlist_t *nvprops = NULL; 2840 int error; 2841 boolean_t recursive = zc->zc_cookie; 2842 2843 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0) 2844 return (EINVAL); 2845 2846 if (zc->zc_nvlist_src != NULL && 2847 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2848 zc->zc_iflags, &nvprops)) != 0) 2849 return (error); 2850 2851 error = zfs_check_userprops(zc->zc_name, nvprops); 2852 if (error) 2853 goto out; 2854 2855 if (!nvlist_empty(nvprops) && 2856 zfs_earlier_version(zc->zc_name, SPA_VERSION_SNAP_PROPS)) { 2857 error = ENOTSUP; 2858 goto out; 2859 } 2860 2861 error = dmu_objset_snapshot(zc->zc_name, zc->zc_value, 2862 nvprops, recursive); 2863 2864 out: 2865 nvlist_free(nvprops); 2866 return (error); 2867 } 2868 2869 int 2870 zfs_unmount_snap(const char *name, void *arg) 2871 { 2872 vfs_t *vfsp = NULL; 2873 2874 if (arg) { 2875 char *snapname = arg; 2876 char *fullname = kmem_asprintf("%s@%s", name, snapname); 2877 vfsp = zfs_get_vfs(fullname); 2878 strfree(fullname); 2879 } else if (strchr(name, '@')) { 2880 vfsp = zfs_get_vfs(name); 2881 } 2882 2883 if (vfsp) { 2884 /* 2885 * Always force the unmount for snapshots. 2886 */ 2887 int flag = MS_FORCE; 2888 int err; 2889 2890 if ((err = vn_vfswlock(vfsp->vfs_vnodecovered)) != 0) { 2891 VFS_RELE(vfsp); 2892 return (err); 2893 } 2894 VFS_RELE(vfsp); 2895 if ((err = dounmount(vfsp, flag, kcred)) != 0) 2896 return (err); 2897 } 2898 return (0); 2899 } 2900 2901 /* 2902 * inputs: 2903 * zc_name name of filesystem 2904 * zc_value short name of snapshot 2905 * zc_defer_destroy mark for deferred destroy 2906 * 2907 * outputs: none 2908 */ 2909 static int 2910 zfs_ioc_destroy_snaps(zfs_cmd_t *zc) 2911 { 2912 int err; 2913 2914 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0) 2915 return (EINVAL); 2916 err = dmu_objset_find(zc->zc_name, 2917 zfs_unmount_snap, zc->zc_value, DS_FIND_CHILDREN); 2918 if (err) 2919 return (err); 2920 return (dmu_snapshots_destroy(zc->zc_name, zc->zc_value, 2921 zc->zc_defer_destroy)); 2922 } 2923 2924 /* 2925 * inputs: 2926 * zc_name name of dataset to destroy 2927 * zc_objset_type type of objset 2928 * zc_defer_destroy mark for deferred destroy 2929 * 2930 * outputs: none 2931 */ 2932 static int 2933 zfs_ioc_destroy(zfs_cmd_t *zc) 2934 { 2935 int err; 2936 if (strchr(zc->zc_name, '@') && zc->zc_objset_type == DMU_OST_ZFS) { 2937 err = zfs_unmount_snap(zc->zc_name, NULL); 2938 if (err) 2939 return (err); 2940 } 2941 2942 err = dmu_objset_destroy(zc->zc_name, zc->zc_defer_destroy); 2943 if (zc->zc_objset_type == DMU_OST_ZVOL && err == 0) 2944 (void) zvol_remove_minor(zc->zc_name); 2945 return (err); 2946 } 2947 2948 /* 2949 * inputs: 2950 * zc_name name of dataset to rollback (to most recent snapshot) 2951 * 2952 * outputs: none 2953 */ 2954 static int 2955 zfs_ioc_rollback(zfs_cmd_t *zc) 2956 { 2957 dsl_dataset_t *ds, *clone; 2958 int error; 2959 zfsvfs_t *zfsvfs; 2960 char *clone_name; 2961 2962 error = dsl_dataset_hold(zc->zc_name, FTAG, &ds); 2963 if (error) 2964 return (error); 2965 2966 /* must not be a snapshot */ 2967 if (dsl_dataset_is_snapshot(ds)) { 2968 dsl_dataset_rele(ds, FTAG); 2969 return (EINVAL); 2970 } 2971 2972 /* must have a most recent snapshot */ 2973 if (ds->ds_phys->ds_prev_snap_txg < TXG_INITIAL) { 2974 dsl_dataset_rele(ds, FTAG); 2975 return (EINVAL); 2976 } 2977 2978 /* 2979 * Create clone of most recent snapshot. 2980 */ 2981 clone_name = kmem_asprintf("%s/%%rollback", zc->zc_name); 2982 error = dmu_objset_clone(clone_name, ds->ds_prev, DS_FLAG_INCONSISTENT); 2983 if (error) 2984 goto out; 2985 2986 error = dsl_dataset_own(clone_name, B_TRUE, FTAG, &clone); 2987 if (error) 2988 goto out; 2989 2990 /* 2991 * Do clone swap. 2992 */ 2993 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) { 2994 error = zfs_suspend_fs(zfsvfs); 2995 if (error == 0) { 2996 int resume_err; 2997 2998 if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) { 2999 error = dsl_dataset_clone_swap(clone, ds, 3000 B_TRUE); 3001 dsl_dataset_disown(ds, FTAG); 3002 ds = NULL; 3003 } else { 3004 error = EBUSY; 3005 } 3006 resume_err = zfs_resume_fs(zfsvfs, zc->zc_name); 3007 error = error ? error : resume_err; 3008 } 3009 VFS_RELE(zfsvfs->z_vfs); 3010 } else { 3011 if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) { 3012 error = dsl_dataset_clone_swap(clone, ds, B_TRUE); 3013 dsl_dataset_disown(ds, FTAG); 3014 ds = NULL; 3015 } else { 3016 error = EBUSY; 3017 } 3018 } 3019 3020 /* 3021 * Destroy clone (which also closes it). 3022 */ 3023 (void) dsl_dataset_destroy(clone, FTAG, B_FALSE); 3024 3025 out: 3026 strfree(clone_name); 3027 if (ds) 3028 dsl_dataset_rele(ds, FTAG); 3029 return (error); 3030 } 3031 3032 /* 3033 * inputs: 3034 * zc_name old name of dataset 3035 * zc_value new name of dataset 3036 * zc_cookie recursive flag (only valid for snapshots) 3037 * 3038 * outputs: none 3039 */ 3040 static int 3041 zfs_ioc_rename(zfs_cmd_t *zc) 3042 { 3043 boolean_t recursive = zc->zc_cookie & 1; 3044 3045 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0'; 3046 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 || 3047 strchr(zc->zc_value, '%')) 3048 return (EINVAL); 3049 3050 /* 3051 * Unmount snapshot unless we're doing a recursive rename, 3052 * in which case the dataset code figures out which snapshots 3053 * to unmount. 3054 */ 3055 if (!recursive && strchr(zc->zc_name, '@') != NULL && 3056 zc->zc_objset_type == DMU_OST_ZFS) { 3057 int err = zfs_unmount_snap(zc->zc_name, NULL); 3058 if (err) 3059 return (err); 3060 } 3061 if (zc->zc_objset_type == DMU_OST_ZVOL) 3062 (void) zvol_remove_minor(zc->zc_name); 3063 return (dmu_objset_rename(zc->zc_name, zc->zc_value, recursive)); 3064 } 3065 3066 static int 3067 zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr) 3068 { 3069 const char *propname = nvpair_name(pair); 3070 boolean_t issnap = (strchr(dsname, '@') != NULL); 3071 zfs_prop_t prop = zfs_name_to_prop(propname); 3072 uint64_t intval; 3073 int err; 3074 3075 if (prop == ZPROP_INVAL) { 3076 if (zfs_prop_user(propname)) { 3077 if (err = zfs_secpolicy_write_perms(dsname, 3078 ZFS_DELEG_PERM_USERPROP, cr)) 3079 return (err); 3080 return (0); 3081 } 3082 3083 if (!issnap && zfs_prop_userquota(propname)) { 3084 const char *perm = NULL; 3085 const char *uq_prefix = 3086 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA]; 3087 const char *gq_prefix = 3088 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA]; 3089 3090 if (strncmp(propname, uq_prefix, 3091 strlen(uq_prefix)) == 0) { 3092 perm = ZFS_DELEG_PERM_USERQUOTA; 3093 } else if (strncmp(propname, gq_prefix, 3094 strlen(gq_prefix)) == 0) { 3095 perm = ZFS_DELEG_PERM_GROUPQUOTA; 3096 } else { 3097 /* USERUSED and GROUPUSED are read-only */ 3098 return (EINVAL); 3099 } 3100 3101 if (err = zfs_secpolicy_write_perms(dsname, perm, cr)) 3102 return (err); 3103 return (0); 3104 } 3105 3106 return (EINVAL); 3107 } 3108 3109 if (issnap) 3110 return (EINVAL); 3111 3112 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 3113 /* 3114 * dsl_prop_get_all_impl() returns properties in this 3115 * format. 3116 */ 3117 nvlist_t *attrs; 3118 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 3119 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 3120 &pair) == 0); 3121 } 3122 3123 /* 3124 * Check that this value is valid for this pool version 3125 */ 3126 switch (prop) { 3127 case ZFS_PROP_COMPRESSION: 3128 /* 3129 * If the user specified gzip compression, make sure 3130 * the SPA supports it. We ignore any errors here since 3131 * we'll catch them later. 3132 */ 3133 if (nvpair_type(pair) == DATA_TYPE_UINT64 && 3134 nvpair_value_uint64(pair, &intval) == 0) { 3135 if (intval >= ZIO_COMPRESS_GZIP_1 && 3136 intval <= ZIO_COMPRESS_GZIP_9 && 3137 zfs_earlier_version(dsname, 3138 SPA_VERSION_GZIP_COMPRESSION)) { 3139 return (ENOTSUP); 3140 } 3141 3142 if (intval == ZIO_COMPRESS_ZLE && 3143 zfs_earlier_version(dsname, 3144 SPA_VERSION_ZLE_COMPRESSION)) 3145 return (ENOTSUP); 3146 3147 /* 3148 * If this is a bootable dataset then 3149 * verify that the compression algorithm 3150 * is supported for booting. We must return 3151 * something other than ENOTSUP since it 3152 * implies a downrev pool version. 3153 */ 3154 if (zfs_is_bootfs(dsname) && 3155 !BOOTFS_COMPRESS_VALID(intval)) { 3156 return (ERANGE); 3157 } 3158 } 3159 break; 3160 3161 case ZFS_PROP_COPIES: 3162 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS)) 3163 return (ENOTSUP); 3164 break; 3165 3166 case ZFS_PROP_DEDUP: 3167 if (zfs_earlier_version(dsname, SPA_VERSION_DEDUP)) 3168 return (ENOTSUP); 3169 break; 3170 3171 case ZFS_PROP_SHARESMB: 3172 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID)) 3173 return (ENOTSUP); 3174 break; 3175 3176 case ZFS_PROP_ACLINHERIT: 3177 if (nvpair_type(pair) == DATA_TYPE_UINT64 && 3178 nvpair_value_uint64(pair, &intval) == 0) { 3179 if (intval == ZFS_ACL_PASSTHROUGH_X && 3180 zfs_earlier_version(dsname, 3181 SPA_VERSION_PASSTHROUGH_X)) 3182 return (ENOTSUP); 3183 } 3184 break; 3185 } 3186 3187 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED())); 3188 } 3189 3190 /* 3191 * Removes properties from the given props list that fail permission checks 3192 * needed to clear them and to restore them in case of a receive error. For each 3193 * property, make sure we have both set and inherit permissions. 3194 * 3195 * Returns the first error encountered if any permission checks fail. If the 3196 * caller provides a non-NULL errlist, it also gives the complete list of names 3197 * of all the properties that failed a permission check along with the 3198 * corresponding error numbers. The caller is responsible for freeing the 3199 * returned errlist. 3200 * 3201 * If every property checks out successfully, zero is returned and the list 3202 * pointed at by errlist is NULL. 3203 */ 3204 static int 3205 zfs_check_clearable(char *dataset, nvlist_t *props, nvlist_t **errlist) 3206 { 3207 zfs_cmd_t *zc; 3208 nvpair_t *pair, *next_pair; 3209 nvlist_t *errors; 3210 int err, rv = 0; 3211 3212 if (props == NULL) 3213 return (0); 3214 3215 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0); 3216 3217 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP); 3218 (void) strcpy(zc->zc_name, dataset); 3219 pair = nvlist_next_nvpair(props, NULL); 3220 while (pair != NULL) { 3221 next_pair = nvlist_next_nvpair(props, pair); 3222 3223 (void) strcpy(zc->zc_value, nvpair_name(pair)); 3224 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 || 3225 (err = zfs_secpolicy_inherit(zc, CRED())) != 0) { 3226 VERIFY(nvlist_remove_nvpair(props, pair) == 0); 3227 VERIFY(nvlist_add_int32(errors, 3228 zc->zc_value, err) == 0); 3229 } 3230 pair = next_pair; 3231 } 3232 kmem_free(zc, sizeof (zfs_cmd_t)); 3233 3234 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) { 3235 nvlist_free(errors); 3236 errors = NULL; 3237 } else { 3238 VERIFY(nvpair_value_int32(pair, &rv) == 0); 3239 } 3240 3241 if (errlist == NULL) 3242 nvlist_free(errors); 3243 else 3244 *errlist = errors; 3245 3246 return (rv); 3247 } 3248 3249 static boolean_t 3250 propval_equals(nvpair_t *p1, nvpair_t *p2) 3251 { 3252 if (nvpair_type(p1) == DATA_TYPE_NVLIST) { 3253 /* dsl_prop_get_all_impl() format */ 3254 nvlist_t *attrs; 3255 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0); 3256 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 3257 &p1) == 0); 3258 } 3259 3260 if (nvpair_type(p2) == DATA_TYPE_NVLIST) { 3261 nvlist_t *attrs; 3262 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0); 3263 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 3264 &p2) == 0); 3265 } 3266 3267 if (nvpair_type(p1) != nvpair_type(p2)) 3268 return (B_FALSE); 3269 3270 if (nvpair_type(p1) == DATA_TYPE_STRING) { 3271 char *valstr1, *valstr2; 3272 3273 VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0); 3274 VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0); 3275 return (strcmp(valstr1, valstr2) == 0); 3276 } else { 3277 uint64_t intval1, intval2; 3278 3279 VERIFY(nvpair_value_uint64(p1, &intval1) == 0); 3280 VERIFY(nvpair_value_uint64(p2, &intval2) == 0); 3281 return (intval1 == intval2); 3282 } 3283 } 3284 3285 /* 3286 * Remove properties from props if they are not going to change (as determined 3287 * by comparison with origprops). Remove them from origprops as well, since we 3288 * do not need to clear or restore properties that won't change. 3289 */ 3290 static void 3291 props_reduce(nvlist_t *props, nvlist_t *origprops) 3292 { 3293 nvpair_t *pair, *next_pair; 3294 3295 if (origprops == NULL) 3296 return; /* all props need to be received */ 3297 3298 pair = nvlist_next_nvpair(props, NULL); 3299 while (pair != NULL) { 3300 const char *propname = nvpair_name(pair); 3301 nvpair_t *match; 3302 3303 next_pair = nvlist_next_nvpair(props, pair); 3304 3305 if ((nvlist_lookup_nvpair(origprops, propname, 3306 &match) != 0) || !propval_equals(pair, match)) 3307 goto next; /* need to set received value */ 3308 3309 /* don't clear the existing received value */ 3310 (void) nvlist_remove_nvpair(origprops, match); 3311 /* don't bother receiving the property */ 3312 (void) nvlist_remove_nvpair(props, pair); 3313 next: 3314 pair = next_pair; 3315 } 3316 } 3317 3318 #ifdef DEBUG 3319 static boolean_t zfs_ioc_recv_inject_err; 3320 #endif 3321 3322 /* 3323 * inputs: 3324 * zc_name name of containing filesystem 3325 * zc_nvlist_src{_size} nvlist of properties to apply 3326 * zc_value name of snapshot to create 3327 * zc_string name of clone origin (if DRR_FLAG_CLONE) 3328 * zc_cookie file descriptor to recv from 3329 * zc_begin_record the BEGIN record of the stream (not byteswapped) 3330 * zc_guid force flag 3331 * 3332 * outputs: 3333 * zc_cookie number of bytes read 3334 * zc_nvlist_dst{_size} error for each unapplied received property 3335 * zc_obj zprop_errflags_t 3336 */ 3337 static int 3338 zfs_ioc_recv(zfs_cmd_t *zc) 3339 { 3340 file_t *fp; 3341 objset_t *os; 3342 dmu_recv_cookie_t drc; 3343 boolean_t force = (boolean_t)zc->zc_guid; 3344 int fd; 3345 int error = 0; 3346 int props_error = 0; 3347 nvlist_t *errors; 3348 offset_t off; 3349 nvlist_t *props = NULL; /* sent properties */ 3350 nvlist_t *origprops = NULL; /* existing properties */ 3351 objset_t *origin = NULL; 3352 char *tosnap; 3353 char tofs[ZFS_MAXNAMELEN]; 3354 boolean_t first_recvd_props = B_FALSE; 3355 3356 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 || 3357 strchr(zc->zc_value, '@') == NULL || 3358 strchr(zc->zc_value, '%')) 3359 return (EINVAL); 3360 3361 (void) strcpy(tofs, zc->zc_value); 3362 tosnap = strchr(tofs, '@'); 3363 *tosnap++ = '\0'; 3364 3365 if (zc->zc_nvlist_src != NULL && 3366 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 3367 zc->zc_iflags, &props)) != 0) 3368 return (error); 3369 3370 fd = zc->zc_cookie; 3371 fp = getf(fd); 3372 if (fp == NULL) { 3373 nvlist_free(props); 3374 return (EBADF); 3375 } 3376 3377 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0); 3378 3379 if (props && dmu_objset_hold(tofs, FTAG, &os) == 0) { 3380 if ((spa_version(os->os_spa) >= SPA_VERSION_RECVD_PROPS) && 3381 !dsl_prop_get_hasrecvd(os)) { 3382 first_recvd_props = B_TRUE; 3383 } 3384 3385 /* 3386 * If new received properties are supplied, they are to 3387 * completely replace the existing received properties, so stash 3388 * away the existing ones. 3389 */ 3390 if (dsl_prop_get_received(os, &origprops) == 0) { 3391 nvlist_t *errlist = NULL; 3392 /* 3393 * Don't bother writing a property if its value won't 3394 * change (and avoid the unnecessary security checks). 3395 * 3396 * The first receive after SPA_VERSION_RECVD_PROPS is a 3397 * special case where we blow away all local properties 3398 * regardless. 3399 */ 3400 if (!first_recvd_props) 3401 props_reduce(props, origprops); 3402 if (zfs_check_clearable(tofs, origprops, 3403 &errlist) != 0) 3404 (void) nvlist_merge(errors, errlist, 0); 3405 nvlist_free(errlist); 3406 } 3407 3408 dmu_objset_rele(os, FTAG); 3409 } 3410 3411 if (zc->zc_string[0]) { 3412 error = dmu_objset_hold(zc->zc_string, FTAG, &origin); 3413 if (error) 3414 goto out; 3415 } 3416 3417 error = dmu_recv_begin(tofs, tosnap, zc->zc_top_ds, 3418 &zc->zc_begin_record, force, origin, &drc); 3419 if (origin) 3420 dmu_objset_rele(origin, FTAG); 3421 if (error) 3422 goto out; 3423 3424 /* 3425 * Set properties before we receive the stream so that they are applied 3426 * to the new data. Note that we must call dmu_recv_stream() if 3427 * dmu_recv_begin() succeeds. 3428 */ 3429 if (props) { 3430 nvlist_t *errlist; 3431 3432 if (dmu_objset_from_ds(drc.drc_logical_ds, &os) == 0) { 3433 if (drc.drc_newfs) { 3434 if (spa_version(os->os_spa) >= 3435 SPA_VERSION_RECVD_PROPS) 3436 first_recvd_props = B_TRUE; 3437 } else if (origprops != NULL) { 3438 if (clear_received_props(os, tofs, origprops, 3439 first_recvd_props ? NULL : props) != 0) 3440 zc->zc_obj |= ZPROP_ERR_NOCLEAR; 3441 } else { 3442 zc->zc_obj |= ZPROP_ERR_NOCLEAR; 3443 } 3444 dsl_prop_set_hasrecvd(os); 3445 } else if (!drc.drc_newfs) { 3446 zc->zc_obj |= ZPROP_ERR_NOCLEAR; 3447 } 3448 3449 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED, 3450 props, &errlist); 3451 (void) nvlist_merge(errors, errlist, 0); 3452 nvlist_free(errlist); 3453 } 3454 3455 if (fit_error_list(zc, &errors) != 0 || put_nvlist(zc, errors) != 0) { 3456 /* 3457 * Caller made zc->zc_nvlist_dst less than the minimum expected 3458 * size or supplied an invalid address. 3459 */ 3460 props_error = EINVAL; 3461 } 3462 3463 off = fp->f_offset; 3464 error = dmu_recv_stream(&drc, fp->f_vnode, &off); 3465 3466 if (error == 0) { 3467 zfsvfs_t *zfsvfs = NULL; 3468 3469 if (getzfsvfs(tofs, &zfsvfs) == 0) { 3470 /* online recv */ 3471 int end_err; 3472 3473 error = zfs_suspend_fs(zfsvfs); 3474 /* 3475 * If the suspend fails, then the recv_end will 3476 * likely also fail, and clean up after itself. 3477 */ 3478 end_err = dmu_recv_end(&drc); 3479 if (error == 0) 3480 error = zfs_resume_fs(zfsvfs, tofs); 3481 error = error ? error : end_err; 3482 VFS_RELE(zfsvfs->z_vfs); 3483 } else { 3484 error = dmu_recv_end(&drc); 3485 } 3486 } 3487 3488 zc->zc_cookie = off - fp->f_offset; 3489 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0) 3490 fp->f_offset = off; 3491 3492 #ifdef DEBUG 3493 if (zfs_ioc_recv_inject_err) { 3494 zfs_ioc_recv_inject_err = B_FALSE; 3495 error = 1; 3496 } 3497 #endif 3498 /* 3499 * On error, restore the original props. 3500 */ 3501 if (error && props) { 3502 if (dmu_objset_hold(tofs, FTAG, &os) == 0) { 3503 if (clear_received_props(os, tofs, props, NULL) != 0) { 3504 /* 3505 * We failed to clear the received properties. 3506 * Since we may have left a $recvd value on the 3507 * system, we can't clear the $hasrecvd flag. 3508 */ 3509 zc->zc_obj |= ZPROP_ERR_NORESTORE; 3510 } else if (first_recvd_props) { 3511 dsl_prop_unset_hasrecvd(os); 3512 } 3513 dmu_objset_rele(os, FTAG); 3514 } else if (!drc.drc_newfs) { 3515 /* We failed to clear the received properties. */ 3516 zc->zc_obj |= ZPROP_ERR_NORESTORE; 3517 } 3518 3519 if (origprops == NULL && !drc.drc_newfs) { 3520 /* We failed to stash the original properties. */ 3521 zc->zc_obj |= ZPROP_ERR_NORESTORE; 3522 } 3523 3524 /* 3525 * dsl_props_set() will not convert RECEIVED to LOCAL on or 3526 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL 3527 * explictly if we're restoring local properties cleared in the 3528 * first new-style receive. 3529 */ 3530 if (origprops != NULL && 3531 zfs_set_prop_nvlist(tofs, (first_recvd_props ? 3532 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED), 3533 origprops, NULL) != 0) { 3534 /* 3535 * We stashed the original properties but failed to 3536 * restore them. 3537 */ 3538 zc->zc_obj |= ZPROP_ERR_NORESTORE; 3539 } 3540 } 3541 out: 3542 nvlist_free(props); 3543 nvlist_free(origprops); 3544 nvlist_free(errors); 3545 releasef(fd); 3546 3547 if (error == 0) 3548 error = props_error; 3549 3550 return (error); 3551 } 3552 3553 /* 3554 * inputs: 3555 * zc_name name of snapshot to send 3556 * zc_value short name of incremental fromsnap (may be empty) 3557 * zc_cookie file descriptor to send stream to 3558 * zc_obj fromorigin flag (mutually exclusive with zc_value) 3559 * 3560 * outputs: none 3561 */ 3562 static int 3563 zfs_ioc_send(zfs_cmd_t *zc) 3564 { 3565 objset_t *fromsnap = NULL; 3566 objset_t *tosnap; 3567 file_t *fp; 3568 int error; 3569 offset_t off; 3570 3571 error = dmu_objset_hold(zc->zc_name, FTAG, &tosnap); 3572 if (error) 3573 return (error); 3574 3575 if (zc->zc_value[0] != '\0') { 3576 char *buf; 3577 char *cp; 3578 3579 buf = kmem_alloc(MAXPATHLEN, KM_SLEEP); 3580 (void) strncpy(buf, zc->zc_name, MAXPATHLEN); 3581 cp = strchr(buf, '@'); 3582 if (cp) 3583 *(cp+1) = 0; 3584 (void) strncat(buf, zc->zc_value, MAXPATHLEN); 3585 error = dmu_objset_hold(buf, FTAG, &fromsnap); 3586 kmem_free(buf, MAXPATHLEN); 3587 if (error) { 3588 dmu_objset_rele(tosnap, FTAG); 3589 return (error); 3590 } 3591 } 3592 3593 fp = getf(zc->zc_cookie); 3594 if (fp == NULL) { 3595 dmu_objset_rele(tosnap, FTAG); 3596 if (fromsnap) 3597 dmu_objset_rele(fromsnap, FTAG); 3598 return (EBADF); 3599 } 3600 3601 off = fp->f_offset; 3602 error = dmu_sendbackup(tosnap, fromsnap, zc->zc_obj, fp->f_vnode, &off); 3603 3604 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0) 3605 fp->f_offset = off; 3606 releasef(zc->zc_cookie); 3607 if (fromsnap) 3608 dmu_objset_rele(fromsnap, FTAG); 3609 dmu_objset_rele(tosnap, FTAG); 3610 return (error); 3611 } 3612 3613 static int 3614 zfs_ioc_inject_fault(zfs_cmd_t *zc) 3615 { 3616 int id, error; 3617 3618 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id, 3619 &zc->zc_inject_record); 3620 3621 if (error == 0) 3622 zc->zc_guid = (uint64_t)id; 3623 3624 return (error); 3625 } 3626 3627 static int 3628 zfs_ioc_clear_fault(zfs_cmd_t *zc) 3629 { 3630 return (zio_clear_fault((int)zc->zc_guid)); 3631 } 3632 3633 static int 3634 zfs_ioc_inject_list_next(zfs_cmd_t *zc) 3635 { 3636 int id = (int)zc->zc_guid; 3637 int error; 3638 3639 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name), 3640 &zc->zc_inject_record); 3641 3642 zc->zc_guid = id; 3643 3644 return (error); 3645 } 3646 3647 static int 3648 zfs_ioc_error_log(zfs_cmd_t *zc) 3649 { 3650 spa_t *spa; 3651 int error; 3652 size_t count = (size_t)zc->zc_nvlist_dst_size; 3653 3654 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 3655 return (error); 3656 3657 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst, 3658 &count); 3659 if (error == 0) 3660 zc->zc_nvlist_dst_size = count; 3661 else 3662 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa); 3663 3664 spa_close(spa, FTAG); 3665 3666 return (error); 3667 } 3668 3669 static int 3670 zfs_ioc_clear(zfs_cmd_t *zc) 3671 { 3672 spa_t *spa; 3673 vdev_t *vd; 3674 int error; 3675 3676 /* 3677 * On zpool clear we also fix up missing slogs 3678 */ 3679 mutex_enter(&spa_namespace_lock); 3680 spa = spa_lookup(zc->zc_name); 3681 if (spa == NULL) { 3682 mutex_exit(&spa_namespace_lock); 3683 return (EIO); 3684 } 3685 if (spa_get_log_state(spa) == SPA_LOG_MISSING) { 3686 /* we need to let spa_open/spa_load clear the chains */ 3687 spa_set_log_state(spa, SPA_LOG_CLEAR); 3688 } 3689 spa->spa_last_open_failed = 0; 3690 mutex_exit(&spa_namespace_lock); 3691 3692 if (zc->zc_cookie & ZPOOL_NO_REWIND) { 3693 error = spa_open(zc->zc_name, &spa, FTAG); 3694 } else { 3695 nvlist_t *policy; 3696 nvlist_t *config = NULL; 3697 3698 if (zc->zc_nvlist_src == NULL) 3699 return (EINVAL); 3700 3701 if ((error = get_nvlist(zc->zc_nvlist_src, 3702 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) { 3703 error = spa_open_rewind(zc->zc_name, &spa, FTAG, 3704 policy, &config); 3705 if (config != NULL) { 3706 (void) put_nvlist(zc, config); 3707 nvlist_free(config); 3708 } 3709 nvlist_free(policy); 3710 } 3711 } 3712 3713 if (error) 3714 return (error); 3715 3716 spa_vdev_state_enter(spa, SCL_NONE); 3717 3718 if (zc->zc_guid == 0) { 3719 vd = NULL; 3720 } else { 3721 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE); 3722 if (vd == NULL) { 3723 (void) spa_vdev_state_exit(spa, NULL, ENODEV); 3724 spa_close(spa, FTAG); 3725 return (ENODEV); 3726 } 3727 } 3728 3729 vdev_clear(spa, vd); 3730 3731 (void) spa_vdev_state_exit(spa, NULL, 0); 3732 3733 /* 3734 * Resume any suspended I/Os. 3735 */ 3736 if (zio_resume(spa) != 0) 3737 error = EIO; 3738 3739 spa_close(spa, FTAG); 3740 3741 return (error); 3742 } 3743 3744 /* 3745 * inputs: 3746 * zc_name name of filesystem 3747 * zc_value name of origin snapshot 3748 * 3749 * outputs: 3750 * zc_string name of conflicting snapshot, if there is one 3751 */ 3752 static int 3753 zfs_ioc_promote(zfs_cmd_t *zc) 3754 { 3755 char *cp; 3756 3757 /* 3758 * We don't need to unmount *all* the origin fs's snapshots, but 3759 * it's easier. 3760 */ 3761 cp = strchr(zc->zc_value, '@'); 3762 if (cp) 3763 *cp = '\0'; 3764 (void) dmu_objset_find(zc->zc_value, 3765 zfs_unmount_snap, NULL, DS_FIND_SNAPSHOTS); 3766 return (dsl_dataset_promote(zc->zc_name, zc->zc_string)); 3767 } 3768 3769 /* 3770 * Retrieve a single {user|group}{used|quota}@... property. 3771 * 3772 * inputs: 3773 * zc_name name of filesystem 3774 * zc_objset_type zfs_userquota_prop_t 3775 * zc_value domain name (eg. "S-1-234-567-89") 3776 * zc_guid RID/UID/GID 3777 * 3778 * outputs: 3779 * zc_cookie property value 3780 */ 3781 static int 3782 zfs_ioc_userspace_one(zfs_cmd_t *zc) 3783 { 3784 zfsvfs_t *zfsvfs; 3785 int error; 3786 3787 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 3788 return (EINVAL); 3789 3790 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs); 3791 if (error) 3792 return (error); 3793 3794 error = zfs_userspace_one(zfsvfs, 3795 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie); 3796 zfsvfs_rele(zfsvfs, FTAG); 3797 3798 return (error); 3799 } 3800 3801 /* 3802 * inputs: 3803 * zc_name name of filesystem 3804 * zc_cookie zap cursor 3805 * zc_objset_type zfs_userquota_prop_t 3806 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist) 3807 * 3808 * outputs: 3809 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t) 3810 * zc_cookie zap cursor 3811 */ 3812 static int 3813 zfs_ioc_userspace_many(zfs_cmd_t *zc) 3814 { 3815 zfsvfs_t *zfsvfs; 3816 int bufsize = zc->zc_nvlist_dst_size; 3817 3818 if (bufsize <= 0) 3819 return (ENOMEM); 3820 3821 int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs); 3822 if (error) 3823 return (error); 3824 3825 void *buf = kmem_alloc(bufsize, KM_SLEEP); 3826 3827 error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie, 3828 buf, &zc->zc_nvlist_dst_size); 3829 3830 if (error == 0) { 3831 error = xcopyout(buf, 3832 (void *)(uintptr_t)zc->zc_nvlist_dst, 3833 zc->zc_nvlist_dst_size); 3834 } 3835 kmem_free(buf, bufsize); 3836 zfsvfs_rele(zfsvfs, FTAG); 3837 3838 return (error); 3839 } 3840 3841 /* 3842 * inputs: 3843 * zc_name name of filesystem 3844 * 3845 * outputs: 3846 * none 3847 */ 3848 static int 3849 zfs_ioc_userspace_upgrade(zfs_cmd_t *zc) 3850 { 3851 objset_t *os; 3852 int error = 0; 3853 zfsvfs_t *zfsvfs; 3854 3855 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) { 3856 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) { 3857 /* 3858 * If userused is not enabled, it may be because the 3859 * objset needs to be closed & reopened (to grow the 3860 * objset_phys_t). Suspend/resume the fs will do that. 3861 */ 3862 error = zfs_suspend_fs(zfsvfs); 3863 if (error == 0) 3864 error = zfs_resume_fs(zfsvfs, zc->zc_name); 3865 } 3866 if (error == 0) 3867 error = dmu_objset_userspace_upgrade(zfsvfs->z_os); 3868 VFS_RELE(zfsvfs->z_vfs); 3869 } else { 3870 /* XXX kind of reading contents without owning */ 3871 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 3872 if (error) 3873 return (error); 3874 3875 error = dmu_objset_userspace_upgrade(os); 3876 dmu_objset_rele(os, FTAG); 3877 } 3878 3879 return (error); 3880 } 3881 3882 /* 3883 * We don't want to have a hard dependency 3884 * against some special symbols in sharefs 3885 * nfs, and smbsrv. Determine them if needed when 3886 * the first file system is shared. 3887 * Neither sharefs, nfs or smbsrv are unloadable modules. 3888 */ 3889 int (*znfsexport_fs)(void *arg); 3890 int (*zshare_fs)(enum sharefs_sys_op, share_t *, uint32_t); 3891 int (*zsmbexport_fs)(void *arg, boolean_t add_share); 3892 3893 int zfs_nfsshare_inited; 3894 int zfs_smbshare_inited; 3895 3896 ddi_modhandle_t nfs_mod; 3897 ddi_modhandle_t sharefs_mod; 3898 ddi_modhandle_t smbsrv_mod; 3899 kmutex_t zfs_share_lock; 3900 3901 static int 3902 zfs_init_sharefs() 3903 { 3904 int error; 3905 3906 ASSERT(MUTEX_HELD(&zfs_share_lock)); 3907 /* Both NFS and SMB shares also require sharetab support. */ 3908 if (sharefs_mod == NULL && ((sharefs_mod = 3909 ddi_modopen("fs/sharefs", 3910 KRTLD_MODE_FIRST, &error)) == NULL)) { 3911 return (ENOSYS); 3912 } 3913 if (zshare_fs == NULL && ((zshare_fs = 3914 (int (*)(enum sharefs_sys_op, share_t *, uint32_t)) 3915 ddi_modsym(sharefs_mod, "sharefs_impl", &error)) == NULL)) { 3916 return (ENOSYS); 3917 } 3918 return (0); 3919 } 3920 3921 static int 3922 zfs_ioc_share(zfs_cmd_t *zc) 3923 { 3924 int error; 3925 int opcode; 3926 3927 switch (zc->zc_share.z_sharetype) { 3928 case ZFS_SHARE_NFS: 3929 case ZFS_UNSHARE_NFS: 3930 if (zfs_nfsshare_inited == 0) { 3931 mutex_enter(&zfs_share_lock); 3932 if (nfs_mod == NULL && ((nfs_mod = ddi_modopen("fs/nfs", 3933 KRTLD_MODE_FIRST, &error)) == NULL)) { 3934 mutex_exit(&zfs_share_lock); 3935 return (ENOSYS); 3936 } 3937 if (znfsexport_fs == NULL && 3938 ((znfsexport_fs = (int (*)(void *)) 3939 ddi_modsym(nfs_mod, 3940 "nfs_export", &error)) == NULL)) { 3941 mutex_exit(&zfs_share_lock); 3942 return (ENOSYS); 3943 } 3944 error = zfs_init_sharefs(); 3945 if (error) { 3946 mutex_exit(&zfs_share_lock); 3947 return (ENOSYS); 3948 } 3949 zfs_nfsshare_inited = 1; 3950 mutex_exit(&zfs_share_lock); 3951 } 3952 break; 3953 case ZFS_SHARE_SMB: 3954 case ZFS_UNSHARE_SMB: 3955 if (zfs_smbshare_inited == 0) { 3956 mutex_enter(&zfs_share_lock); 3957 if (smbsrv_mod == NULL && ((smbsrv_mod = 3958 ddi_modopen("drv/smbsrv", 3959 KRTLD_MODE_FIRST, &error)) == NULL)) { 3960 mutex_exit(&zfs_share_lock); 3961 return (ENOSYS); 3962 } 3963 if (zsmbexport_fs == NULL && ((zsmbexport_fs = 3964 (int (*)(void *, boolean_t))ddi_modsym(smbsrv_mod, 3965 "smb_server_share", &error)) == NULL)) { 3966 mutex_exit(&zfs_share_lock); 3967 return (ENOSYS); 3968 } 3969 error = zfs_init_sharefs(); 3970 if (error) { 3971 mutex_exit(&zfs_share_lock); 3972 return (ENOSYS); 3973 } 3974 zfs_smbshare_inited = 1; 3975 mutex_exit(&zfs_share_lock); 3976 } 3977 break; 3978 default: 3979 return (EINVAL); 3980 } 3981 3982 switch (zc->zc_share.z_sharetype) { 3983 case ZFS_SHARE_NFS: 3984 case ZFS_UNSHARE_NFS: 3985 if (error = 3986 znfsexport_fs((void *) 3987 (uintptr_t)zc->zc_share.z_exportdata)) 3988 return (error); 3989 break; 3990 case ZFS_SHARE_SMB: 3991 case ZFS_UNSHARE_SMB: 3992 if (error = zsmbexport_fs((void *) 3993 (uintptr_t)zc->zc_share.z_exportdata, 3994 zc->zc_share.z_sharetype == ZFS_SHARE_SMB ? 3995 B_TRUE: B_FALSE)) { 3996 return (error); 3997 } 3998 break; 3999 } 4000 4001 opcode = (zc->zc_share.z_sharetype == ZFS_SHARE_NFS || 4002 zc->zc_share.z_sharetype == ZFS_SHARE_SMB) ? 4003 SHAREFS_ADD : SHAREFS_REMOVE; 4004 4005 /* 4006 * Add or remove share from sharetab 4007 */ 4008 error = zshare_fs(opcode, 4009 (void *)(uintptr_t)zc->zc_share.z_sharedata, 4010 zc->zc_share.z_sharemax); 4011 4012 return (error); 4013 4014 } 4015 4016 ace_t full_access[] = { 4017 {(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0} 4018 }; 4019 4020 /* 4021 * Remove all ACL files in shares dir 4022 */ 4023 static int 4024 zfs_smb_acl_purge(znode_t *dzp) 4025 { 4026 zap_cursor_t zc; 4027 zap_attribute_t zap; 4028 zfsvfs_t *zfsvfs = dzp->z_zfsvfs; 4029 int error; 4030 4031 for (zap_cursor_init(&zc, zfsvfs->z_os, dzp->z_id); 4032 (error = zap_cursor_retrieve(&zc, &zap)) == 0; 4033 zap_cursor_advance(&zc)) { 4034 if ((error = VOP_REMOVE(ZTOV(dzp), zap.za_name, kcred, 4035 NULL, 0)) != 0) 4036 break; 4037 } 4038 zap_cursor_fini(&zc); 4039 return (error); 4040 } 4041 4042 static int 4043 zfs_ioc_smb_acl(zfs_cmd_t *zc) 4044 { 4045 vnode_t *vp; 4046 znode_t *dzp; 4047 vnode_t *resourcevp = NULL; 4048 znode_t *sharedir; 4049 zfsvfs_t *zfsvfs; 4050 nvlist_t *nvlist; 4051 char *src, *target; 4052 vattr_t vattr; 4053 vsecattr_t vsec; 4054 int error = 0; 4055 4056 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE, 4057 NO_FOLLOW, NULL, &vp)) != 0) 4058 return (error); 4059 4060 /* Now make sure mntpnt and dataset are ZFS */ 4061 4062 if (vp->v_vfsp->vfs_fstype != zfsfstype || 4063 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource), 4064 zc->zc_name) != 0)) { 4065 VN_RELE(vp); 4066 return (EINVAL); 4067 } 4068 4069 dzp = VTOZ(vp); 4070 zfsvfs = dzp->z_zfsvfs; 4071 ZFS_ENTER(zfsvfs); 4072 4073 /* 4074 * Create share dir if its missing. 4075 */ 4076 mutex_enter(&zfsvfs->z_lock); 4077 if (zfsvfs->z_shares_dir == 0) { 4078 dmu_tx_t *tx; 4079 4080 tx = dmu_tx_create(zfsvfs->z_os); 4081 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, TRUE, 4082 ZFS_SHARES_DIR); 4083 dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL); 4084 error = dmu_tx_assign(tx, TXG_WAIT); 4085 if (error) { 4086 dmu_tx_abort(tx); 4087 } else { 4088 error = zfs_create_share_dir(zfsvfs, tx); 4089 dmu_tx_commit(tx); 4090 } 4091 if (error) { 4092 mutex_exit(&zfsvfs->z_lock); 4093 VN_RELE(vp); 4094 ZFS_EXIT(zfsvfs); 4095 return (error); 4096 } 4097 } 4098 mutex_exit(&zfsvfs->z_lock); 4099 4100 ASSERT(zfsvfs->z_shares_dir); 4101 if ((error = zfs_zget(zfsvfs, zfsvfs->z_shares_dir, &sharedir)) != 0) { 4102 VN_RELE(vp); 4103 ZFS_EXIT(zfsvfs); 4104 return (error); 4105 } 4106 4107 switch (zc->zc_cookie) { 4108 case ZFS_SMB_ACL_ADD: 4109 vattr.va_mask = AT_MODE|AT_UID|AT_GID|AT_TYPE; 4110 vattr.va_type = VREG; 4111 vattr.va_mode = S_IFREG|0777; 4112 vattr.va_uid = 0; 4113 vattr.va_gid = 0; 4114 4115 vsec.vsa_mask = VSA_ACE; 4116 vsec.vsa_aclentp = &full_access; 4117 vsec.vsa_aclentsz = sizeof (full_access); 4118 vsec.vsa_aclcnt = 1; 4119 4120 error = VOP_CREATE(ZTOV(sharedir), zc->zc_string, 4121 &vattr, EXCL, 0, &resourcevp, kcred, 0, NULL, &vsec); 4122 if (resourcevp) 4123 VN_RELE(resourcevp); 4124 break; 4125 4126 case ZFS_SMB_ACL_REMOVE: 4127 error = VOP_REMOVE(ZTOV(sharedir), zc->zc_string, kcred, 4128 NULL, 0); 4129 break; 4130 4131 case ZFS_SMB_ACL_RENAME: 4132 if ((error = get_nvlist(zc->zc_nvlist_src, 4133 zc->zc_nvlist_src_size, zc->zc_iflags, &nvlist)) != 0) { 4134 VN_RELE(vp); 4135 ZFS_EXIT(zfsvfs); 4136 return (error); 4137 } 4138 if (nvlist_lookup_string(nvlist, ZFS_SMB_ACL_SRC, &src) || 4139 nvlist_lookup_string(nvlist, ZFS_SMB_ACL_TARGET, 4140 &target)) { 4141 VN_RELE(vp); 4142 VN_RELE(ZTOV(sharedir)); 4143 ZFS_EXIT(zfsvfs); 4144 nvlist_free(nvlist); 4145 return (error); 4146 } 4147 error = VOP_RENAME(ZTOV(sharedir), src, ZTOV(sharedir), target, 4148 kcred, NULL, 0); 4149 nvlist_free(nvlist); 4150 break; 4151 4152 case ZFS_SMB_ACL_PURGE: 4153 error = zfs_smb_acl_purge(sharedir); 4154 break; 4155 4156 default: 4157 error = EINVAL; 4158 break; 4159 } 4160 4161 VN_RELE(vp); 4162 VN_RELE(ZTOV(sharedir)); 4163 4164 ZFS_EXIT(zfsvfs); 4165 4166 return (error); 4167 } 4168 4169 /* 4170 * inputs: 4171 * zc_name name of filesystem 4172 * zc_value short name of snap 4173 * zc_string user-supplied tag for this reference 4174 * zc_cookie recursive flag 4175 * zc_temphold set if hold is temporary 4176 * 4177 * outputs: none 4178 */ 4179 static int 4180 zfs_ioc_hold(zfs_cmd_t *zc) 4181 { 4182 boolean_t recursive = zc->zc_cookie; 4183 4184 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0) 4185 return (EINVAL); 4186 4187 return (dsl_dataset_user_hold(zc->zc_name, zc->zc_value, 4188 zc->zc_string, recursive, zc->zc_temphold)); 4189 } 4190 4191 /* 4192 * inputs: 4193 * zc_name name of dataset from which we're releasing a user reference 4194 * zc_value short name of snap 4195 * zc_string user-supplied tag for this reference 4196 * zc_cookie recursive flag 4197 * 4198 * outputs: none 4199 */ 4200 static int 4201 zfs_ioc_release(zfs_cmd_t *zc) 4202 { 4203 boolean_t recursive = zc->zc_cookie; 4204 4205 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0) 4206 return (EINVAL); 4207 4208 return (dsl_dataset_user_release(zc->zc_name, zc->zc_value, 4209 zc->zc_string, recursive)); 4210 } 4211 4212 /* 4213 * inputs: 4214 * zc_name name of filesystem 4215 * 4216 * outputs: 4217 * zc_nvlist_src{_size} nvlist of snapshot holds 4218 */ 4219 static int 4220 zfs_ioc_get_holds(zfs_cmd_t *zc) 4221 { 4222 nvlist_t *nvp; 4223 int error; 4224 4225 if ((error = dsl_dataset_get_holds(zc->zc_name, &nvp)) == 0) { 4226 error = put_nvlist(zc, nvp); 4227 nvlist_free(nvp); 4228 } 4229 4230 return (error); 4231 } 4232 4233 /* 4234 * pool create, destroy, and export don't log the history as part of 4235 * zfsdev_ioctl, but rather zfs_ioc_pool_create, and zfs_ioc_pool_export 4236 * do the logging of those commands. 4237 */ 4238 static zfs_ioc_vec_t zfs_ioc_vec[] = { 4239 { zfs_ioc_pool_create, zfs_secpolicy_config, POOL_NAME, B_FALSE, 4240 B_FALSE }, 4241 { zfs_ioc_pool_destroy, zfs_secpolicy_config, POOL_NAME, B_FALSE, 4242 B_FALSE }, 4243 { zfs_ioc_pool_import, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4244 B_FALSE }, 4245 { zfs_ioc_pool_export, zfs_secpolicy_config, POOL_NAME, B_FALSE, 4246 B_FALSE }, 4247 { zfs_ioc_pool_configs, zfs_secpolicy_none, NO_NAME, B_FALSE, 4248 B_FALSE }, 4249 { zfs_ioc_pool_stats, zfs_secpolicy_read, POOL_NAME, B_FALSE, 4250 B_FALSE }, 4251 { zfs_ioc_pool_tryimport, zfs_secpolicy_config, NO_NAME, B_FALSE, 4252 B_FALSE }, 4253 { zfs_ioc_pool_scrub, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4254 B_TRUE }, 4255 { zfs_ioc_pool_freeze, zfs_secpolicy_config, NO_NAME, B_FALSE, 4256 B_FALSE }, 4257 { zfs_ioc_pool_upgrade, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4258 B_TRUE }, 4259 { zfs_ioc_pool_get_history, zfs_secpolicy_config, POOL_NAME, B_FALSE, 4260 B_FALSE }, 4261 { zfs_ioc_vdev_add, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4262 B_TRUE }, 4263 { zfs_ioc_vdev_remove, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4264 B_TRUE }, 4265 { zfs_ioc_vdev_set_state, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4266 B_FALSE }, 4267 { zfs_ioc_vdev_attach, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4268 B_TRUE }, 4269 { zfs_ioc_vdev_detach, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4270 B_TRUE }, 4271 { zfs_ioc_vdev_setpath, zfs_secpolicy_config, POOL_NAME, B_FALSE, 4272 B_TRUE }, 4273 { zfs_ioc_vdev_setfru, zfs_secpolicy_config, POOL_NAME, B_FALSE, 4274 B_TRUE }, 4275 { zfs_ioc_objset_stats, zfs_secpolicy_read, DATASET_NAME, B_FALSE, 4276 B_TRUE }, 4277 { zfs_ioc_objset_zplprops, zfs_secpolicy_read, DATASET_NAME, B_FALSE, 4278 B_FALSE }, 4279 { zfs_ioc_dataset_list_next, zfs_secpolicy_read, DATASET_NAME, B_FALSE, 4280 B_TRUE }, 4281 { zfs_ioc_snapshot_list_next, zfs_secpolicy_read, DATASET_NAME, B_FALSE, 4282 B_TRUE }, 4283 { zfs_ioc_set_prop, zfs_secpolicy_none, DATASET_NAME, B_TRUE, B_TRUE }, 4284 { zfs_ioc_create, zfs_secpolicy_create, DATASET_NAME, B_TRUE, B_TRUE }, 4285 { zfs_ioc_destroy, zfs_secpolicy_destroy, DATASET_NAME, B_TRUE, 4286 B_TRUE}, 4287 { zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME, B_TRUE, 4288 B_TRUE }, 4289 { zfs_ioc_rename, zfs_secpolicy_rename, DATASET_NAME, B_TRUE, B_TRUE }, 4290 { zfs_ioc_recv, zfs_secpolicy_receive, DATASET_NAME, B_TRUE, B_TRUE }, 4291 { zfs_ioc_send, zfs_secpolicy_send, DATASET_NAME, B_TRUE, B_FALSE }, 4292 { zfs_ioc_inject_fault, zfs_secpolicy_inject, NO_NAME, B_FALSE, 4293 B_FALSE }, 4294 { zfs_ioc_clear_fault, zfs_secpolicy_inject, NO_NAME, B_FALSE, 4295 B_FALSE }, 4296 { zfs_ioc_inject_list_next, zfs_secpolicy_inject, NO_NAME, B_FALSE, 4297 B_FALSE }, 4298 { zfs_ioc_error_log, zfs_secpolicy_inject, POOL_NAME, B_FALSE, 4299 B_FALSE }, 4300 { zfs_ioc_clear, zfs_secpolicy_config, POOL_NAME, B_TRUE, B_FALSE }, 4301 { zfs_ioc_promote, zfs_secpolicy_promote, DATASET_NAME, B_TRUE, 4302 B_TRUE }, 4303 { zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, DATASET_NAME, 4304 B_TRUE, B_TRUE }, 4305 { zfs_ioc_snapshot, zfs_secpolicy_snapshot, DATASET_NAME, B_TRUE, 4306 B_TRUE }, 4307 { zfs_ioc_dsobj_to_dsname, zfs_secpolicy_config, POOL_NAME, B_FALSE, 4308 B_FALSE }, 4309 { zfs_ioc_obj_to_path, zfs_secpolicy_config, DATASET_NAME, B_FALSE, 4310 B_TRUE }, 4311 { zfs_ioc_pool_set_props, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4312 B_TRUE }, 4313 { zfs_ioc_pool_get_props, zfs_secpolicy_read, POOL_NAME, B_FALSE, 4314 B_FALSE }, 4315 { zfs_ioc_set_fsacl, zfs_secpolicy_fsacl, DATASET_NAME, B_TRUE, 4316 B_TRUE }, 4317 { zfs_ioc_get_fsacl, zfs_secpolicy_read, DATASET_NAME, B_FALSE, 4318 B_FALSE }, 4319 { zfs_ioc_share, zfs_secpolicy_share, DATASET_NAME, B_FALSE, B_FALSE }, 4320 { zfs_ioc_inherit_prop, zfs_secpolicy_inherit, DATASET_NAME, B_TRUE, 4321 B_TRUE }, 4322 { zfs_ioc_smb_acl, zfs_secpolicy_smb_acl, DATASET_NAME, B_FALSE, 4323 B_FALSE }, 4324 { zfs_ioc_userspace_one, zfs_secpolicy_userspace_one, 4325 DATASET_NAME, B_FALSE, B_FALSE }, 4326 { zfs_ioc_userspace_many, zfs_secpolicy_userspace_many, 4327 DATASET_NAME, B_FALSE, B_FALSE }, 4328 { zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade, 4329 DATASET_NAME, B_FALSE, B_TRUE }, 4330 { zfs_ioc_hold, zfs_secpolicy_hold, DATASET_NAME, B_TRUE, B_TRUE }, 4331 { zfs_ioc_release, zfs_secpolicy_release, DATASET_NAME, B_TRUE, 4332 B_TRUE }, 4333 { zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME, B_FALSE, 4334 B_TRUE }, 4335 { zfs_ioc_objset_recvd_props, zfs_secpolicy_read, DATASET_NAME, B_FALSE, 4336 B_FALSE }, 4337 { zfs_ioc_vdev_split, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4338 B_TRUE } 4339 }; 4340 4341 int 4342 pool_status_check(const char *name, zfs_ioc_namecheck_t type) 4343 { 4344 spa_t *spa; 4345 int error; 4346 4347 ASSERT(type == POOL_NAME || type == DATASET_NAME); 4348 4349 error = spa_open(name, &spa, FTAG); 4350 if (error == 0) { 4351 if (spa_suspended(spa)) 4352 error = EAGAIN; 4353 spa_close(spa, FTAG); 4354 } 4355 return (error); 4356 } 4357 4358 static int 4359 zfsdev_ioctl(dev_t dev, int cmd, intptr_t arg, int flag, cred_t *cr, int *rvalp) 4360 { 4361 zfs_cmd_t *zc; 4362 uint_t vec; 4363 int error, rc; 4364 4365 if (getminor(dev) != 0) 4366 return (zvol_ioctl(dev, cmd, arg, flag, cr, rvalp)); 4367 4368 vec = cmd - ZFS_IOC; 4369 ASSERT3U(getmajor(dev), ==, ddi_driver_major(zfs_dip)); 4370 4371 if (vec >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0])) 4372 return (EINVAL); 4373 4374 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP); 4375 4376 error = ddi_copyin((void *)arg, zc, sizeof (zfs_cmd_t), flag); 4377 if (error != 0) 4378 error = EFAULT; 4379 4380 if ((error == 0) && !(flag & FKIOCTL)) 4381 error = zfs_ioc_vec[vec].zvec_secpolicy(zc, cr); 4382 4383 /* 4384 * Ensure that all pool/dataset names are valid before we pass down to 4385 * the lower layers. 4386 */ 4387 if (error == 0) { 4388 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0'; 4389 zc->zc_iflags = flag & FKIOCTL; 4390 switch (zfs_ioc_vec[vec].zvec_namecheck) { 4391 case POOL_NAME: 4392 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0) 4393 error = EINVAL; 4394 if (zfs_ioc_vec[vec].zvec_pool_check) 4395 error = pool_status_check(zc->zc_name, 4396 zfs_ioc_vec[vec].zvec_namecheck); 4397 break; 4398 4399 case DATASET_NAME: 4400 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0) 4401 error = EINVAL; 4402 if (zfs_ioc_vec[vec].zvec_pool_check) 4403 error = pool_status_check(zc->zc_name, 4404 zfs_ioc_vec[vec].zvec_namecheck); 4405 break; 4406 4407 case NO_NAME: 4408 break; 4409 } 4410 } 4411 4412 if (error == 0) 4413 error = zfs_ioc_vec[vec].zvec_func(zc); 4414 4415 rc = ddi_copyout(zc, (void *)arg, sizeof (zfs_cmd_t), flag); 4416 if (error == 0) { 4417 if (rc != 0) 4418 error = EFAULT; 4419 if (zfs_ioc_vec[vec].zvec_his_log) 4420 zfs_log_history(zc); 4421 } 4422 4423 kmem_free(zc, sizeof (zfs_cmd_t)); 4424 return (error); 4425 } 4426 4427 static int 4428 zfs_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) 4429 { 4430 if (cmd != DDI_ATTACH) 4431 return (DDI_FAILURE); 4432 4433 if (ddi_create_minor_node(dip, "zfs", S_IFCHR, 0, 4434 DDI_PSEUDO, 0) == DDI_FAILURE) 4435 return (DDI_FAILURE); 4436 4437 zfs_dip = dip; 4438 4439 ddi_report_dev(dip); 4440 4441 return (DDI_SUCCESS); 4442 } 4443 4444 static int 4445 zfs_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) 4446 { 4447 if (spa_busy() || zfs_busy() || zvol_busy()) 4448 return (DDI_FAILURE); 4449 4450 if (cmd != DDI_DETACH) 4451 return (DDI_FAILURE); 4452 4453 zfs_dip = NULL; 4454 4455 ddi_prop_remove_all(dip); 4456 ddi_remove_minor_node(dip, NULL); 4457 4458 return (DDI_SUCCESS); 4459 } 4460 4461 /*ARGSUSED*/ 4462 static int 4463 zfs_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result) 4464 { 4465 switch (infocmd) { 4466 case DDI_INFO_DEVT2DEVINFO: 4467 *result = zfs_dip; 4468 return (DDI_SUCCESS); 4469 4470 case DDI_INFO_DEVT2INSTANCE: 4471 *result = (void *)0; 4472 return (DDI_SUCCESS); 4473 } 4474 4475 return (DDI_FAILURE); 4476 } 4477 4478 /* 4479 * OK, so this is a little weird. 4480 * 4481 * /dev/zfs is the control node, i.e. minor 0. 4482 * /dev/zvol/[r]dsk/pool/dataset are the zvols, minor > 0. 4483 * 4484 * /dev/zfs has basically nothing to do except serve up ioctls, 4485 * so most of the standard driver entry points are in zvol.c. 4486 */ 4487 static struct cb_ops zfs_cb_ops = { 4488 zvol_open, /* open */ 4489 zvol_close, /* close */ 4490 zvol_strategy, /* strategy */ 4491 nodev, /* print */ 4492 zvol_dump, /* dump */ 4493 zvol_read, /* read */ 4494 zvol_write, /* write */ 4495 zfsdev_ioctl, /* ioctl */ 4496 nodev, /* devmap */ 4497 nodev, /* mmap */ 4498 nodev, /* segmap */ 4499 nochpoll, /* poll */ 4500 ddi_prop_op, /* prop_op */ 4501 NULL, /* streamtab */ 4502 D_NEW | D_MP | D_64BIT, /* Driver compatibility flag */ 4503 CB_REV, /* version */ 4504 nodev, /* async read */ 4505 nodev, /* async write */ 4506 }; 4507 4508 static struct dev_ops zfs_dev_ops = { 4509 DEVO_REV, /* version */ 4510 0, /* refcnt */ 4511 zfs_info, /* info */ 4512 nulldev, /* identify */ 4513 nulldev, /* probe */ 4514 zfs_attach, /* attach */ 4515 zfs_detach, /* detach */ 4516 nodev, /* reset */ 4517 &zfs_cb_ops, /* driver operations */ 4518 NULL, /* no bus operations */ 4519 NULL, /* power */ 4520 ddi_quiesce_not_needed, /* quiesce */ 4521 }; 4522 4523 static struct modldrv zfs_modldrv = { 4524 &mod_driverops, 4525 "ZFS storage pool", 4526 &zfs_dev_ops 4527 }; 4528 4529 static struct modlinkage modlinkage = { 4530 MODREV_1, 4531 (void *)&zfs_modlfs, 4532 (void *)&zfs_modldrv, 4533 NULL 4534 }; 4535 4536 4537 uint_t zfs_fsyncer_key; 4538 extern uint_t rrw_tsd_key; 4539 4540 int 4541 _init(void) 4542 { 4543 int error; 4544 4545 spa_init(FREAD | FWRITE); 4546 zfs_init(); 4547 zvol_init(); 4548 4549 if ((error = mod_install(&modlinkage)) != 0) { 4550 zvol_fini(); 4551 zfs_fini(); 4552 spa_fini(); 4553 return (error); 4554 } 4555 4556 tsd_create(&zfs_fsyncer_key, NULL); 4557 tsd_create(&rrw_tsd_key, NULL); 4558 4559 error = ldi_ident_from_mod(&modlinkage, &zfs_li); 4560 ASSERT(error == 0); 4561 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL); 4562 4563 return (0); 4564 } 4565 4566 int 4567 _fini(void) 4568 { 4569 int error; 4570 4571 if (spa_busy() || zfs_busy() || zvol_busy() || zio_injection_enabled) 4572 return (EBUSY); 4573 4574 if ((error = mod_remove(&modlinkage)) != 0) 4575 return (error); 4576 4577 zvol_fini(); 4578 zfs_fini(); 4579 spa_fini(); 4580 if (zfs_nfsshare_inited) 4581 (void) ddi_modclose(nfs_mod); 4582 if (zfs_smbshare_inited) 4583 (void) ddi_modclose(smbsrv_mod); 4584 if (zfs_nfsshare_inited || zfs_smbshare_inited) 4585 (void) ddi_modclose(sharefs_mod); 4586 4587 tsd_destroy(&zfs_fsyncer_key); 4588 ldi_ident_release(zfs_li); 4589 zfs_li = NULL; 4590 mutex_destroy(&zfs_share_lock); 4591 4592 return (error); 4593 } 4594 4595 int 4596 _info(struct modinfo *modinfop) 4597 { 4598 return (mod_info(&modlinkage, modinfop)); 4599 } 4600