1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. 24 * Copyright (c) 2011-2012 Pawel Jakub Dawidek. All rights reserved. 25 * Portions Copyright 2011 Martin Matuska 26 * Copyright 2015, OmniTI Computer Consulting, Inc. All rights reserved. 27 * Copyright 2016 Nexenta Systems, Inc. All rights reserved. 28 * Copyright (c) 2014, 2016 Joyent, Inc. All rights reserved. 29 * Copyright (c) 2011, 2017 by Delphix. All rights reserved. 30 * Copyright (c) 2013 by Saso Kiselkov. All rights reserved. 31 * Copyright (c) 2013 Steven Hartland. All rights reserved. 32 * Copyright (c) 2014 Integros [integros.com] 33 * Copyright 2016 Toomas Soome <tsoome@me.com> 34 * Copyright (c) 2017, loli10K <ezomori.nozomu@gmail.com>. All rights reserved. 35 * Copyright 2017 RackTop Systems. 36 * Copyright (c) 2017, Datto, Inc. All rights reserved. 37 */ 38 39 /* 40 * ZFS ioctls. 41 * 42 * This file handles the ioctls to /dev/zfs, used for configuring ZFS storage 43 * pools and filesystems, e.g. with /sbin/zfs and /sbin/zpool. 44 * 45 * There are two ways that we handle ioctls: the legacy way where almost 46 * all of the logic is in the ioctl callback, and the new way where most 47 * of the marshalling is handled in the common entry point, zfsdev_ioctl(). 48 * 49 * Non-legacy ioctls should be registered by calling 50 * zfs_ioctl_register() from zfs_ioctl_init(). The ioctl is invoked 51 * from userland by lzc_ioctl(). 52 * 53 * The registration arguments are as follows: 54 * 55 * const char *name 56 * The name of the ioctl. This is used for history logging. If the 57 * ioctl returns successfully (the callback returns 0), and allow_log 58 * is true, then a history log entry will be recorded with the input & 59 * output nvlists. The log entry can be printed with "zpool history -i". 60 * 61 * zfs_ioc_t ioc 62 * The ioctl request number, which userland will pass to ioctl(2). 63 * The ioctl numbers can change from release to release, because 64 * the caller (libzfs) must be matched to the kernel. 65 * 66 * zfs_secpolicy_func_t *secpolicy 67 * This function will be called before the zfs_ioc_func_t, to 68 * determine if this operation is permitted. It should return EPERM 69 * on failure, and 0 on success. Checks include determining if the 70 * dataset is visible in this zone, and if the user has either all 71 * zfs privileges in the zone (SYS_MOUNT), or has been granted permission 72 * to do this operation on this dataset with "zfs allow". 73 * 74 * zfs_ioc_namecheck_t namecheck 75 * This specifies what to expect in the zfs_cmd_t:zc_name -- a pool 76 * name, a dataset name, or nothing. If the name is not well-formed, 77 * the ioctl will fail and the callback will not be called. 78 * Therefore, the callback can assume that the name is well-formed 79 * (e.g. is null-terminated, doesn't have more than one '@' character, 80 * doesn't have invalid characters). 81 * 82 * zfs_ioc_poolcheck_t pool_check 83 * This specifies requirements on the pool state. If the pool does 84 * not meet them (is suspended or is readonly), the ioctl will fail 85 * and the callback will not be called. If any checks are specified 86 * (i.e. it is not POOL_CHECK_NONE), namecheck must not be NO_NAME. 87 * Multiple checks can be or-ed together (e.g. POOL_CHECK_SUSPENDED | 88 * POOL_CHECK_READONLY). 89 * 90 * boolean_t smush_outnvlist 91 * If smush_outnvlist is true, then the output is presumed to be a 92 * list of errors, and it will be "smushed" down to fit into the 93 * caller's buffer, by removing some entries and replacing them with a 94 * single "N_MORE_ERRORS" entry indicating how many were removed. See 95 * nvlist_smush() for details. If smush_outnvlist is false, and the 96 * outnvlist does not fit into the userland-provided buffer, then the 97 * ioctl will fail with ENOMEM. 98 * 99 * zfs_ioc_func_t *func 100 * The callback function that will perform the operation. 101 * 102 * The callback should return 0 on success, or an error number on 103 * failure. If the function fails, the userland ioctl will return -1, 104 * and errno will be set to the callback's return value. The callback 105 * will be called with the following arguments: 106 * 107 * const char *name 108 * The name of the pool or dataset to operate on, from 109 * zfs_cmd_t:zc_name. The 'namecheck' argument specifies the 110 * expected type (pool, dataset, or none). 111 * 112 * nvlist_t *innvl 113 * The input nvlist, deserialized from zfs_cmd_t:zc_nvlist_src. Or 114 * NULL if no input nvlist was provided. Changes to this nvlist are 115 * ignored. If the input nvlist could not be deserialized, the 116 * ioctl will fail and the callback will not be called. 117 * 118 * nvlist_t *outnvl 119 * The output nvlist, initially empty. The callback can fill it in, 120 * and it will be returned to userland by serializing it into 121 * zfs_cmd_t:zc_nvlist_dst. If it is non-empty, and serialization 122 * fails (e.g. because the caller didn't supply a large enough 123 * buffer), then the overall ioctl will fail. See the 124 * 'smush_nvlist' argument above for additional behaviors. 125 * 126 * There are two typical uses of the output nvlist: 127 * - To return state, e.g. property values. In this case, 128 * smush_outnvlist should be false. If the buffer was not large 129 * enough, the caller will reallocate a larger buffer and try 130 * the ioctl again. 131 * 132 * - To return multiple errors from an ioctl which makes on-disk 133 * changes. In this case, smush_outnvlist should be true. 134 * Ioctls which make on-disk modifications should generally not 135 * use the outnvl if they succeed, because the caller can not 136 * distinguish between the operation failing, and 137 * deserialization failing. 138 */ 139 140 #include <sys/types.h> 141 #include <sys/param.h> 142 #include <sys/errno.h> 143 #include <sys/uio.h> 144 #include <sys/buf.h> 145 #include <sys/modctl.h> 146 #include <sys/open.h> 147 #include <sys/file.h> 148 #include <sys/kmem.h> 149 #include <sys/conf.h> 150 #include <sys/cmn_err.h> 151 #include <sys/stat.h> 152 #include <sys/zfs_ioctl.h> 153 #include <sys/zfs_vfsops.h> 154 #include <sys/zfs_znode.h> 155 #include <sys/zap.h> 156 #include <sys/spa.h> 157 #include <sys/spa_impl.h> 158 #include <sys/vdev.h> 159 #include <sys/priv_impl.h> 160 #include <sys/dmu.h> 161 #include <sys/dsl_dir.h> 162 #include <sys/dsl_dataset.h> 163 #include <sys/dsl_prop.h> 164 #include <sys/dsl_deleg.h> 165 #include <sys/dmu_objset.h> 166 #include <sys/dmu_impl.h> 167 #include <sys/dmu_tx.h> 168 #include <sys/ddi.h> 169 #include <sys/sunddi.h> 170 #include <sys/sunldi.h> 171 #include <sys/policy.h> 172 #include <sys/zone.h> 173 #include <sys/nvpair.h> 174 #include <sys/pathname.h> 175 #include <sys/mount.h> 176 #include <sys/sdt.h> 177 #include <sys/fs/zfs.h> 178 #include <sys/zfs_ctldir.h> 179 #include <sys/zfs_dir.h> 180 #include <sys/zfs_onexit.h> 181 #include <sys/zvol.h> 182 #include <sys/dsl_scan.h> 183 #include <sharefs/share.h> 184 #include <sys/dmu_objset.h> 185 #include <sys/dmu_recv.h> 186 #include <sys/dmu_send.h> 187 #include <sys/dsl_destroy.h> 188 #include <sys/dsl_bookmark.h> 189 #include <sys/dsl_userhold.h> 190 #include <sys/zfeature.h> 191 #include <sys/zcp.h> 192 #include <sys/zio_checksum.h> 193 #include <sys/vdev_removal.h> 194 #include <sys/vdev_impl.h> 195 #include <sys/vdev_initialize.h> 196 #include <sys/dsl_crypt.h> 197 198 #include "zfs_namecheck.h" 199 #include "zfs_prop.h" 200 #include "zfs_deleg.h" 201 #include "zfs_comutil.h" 202 203 #include "lua.h" 204 #include "lauxlib.h" 205 206 extern struct modlfs zfs_modlfs; 207 208 extern void zfs_init(void); 209 extern void zfs_fini(void); 210 211 ldi_ident_t zfs_li = NULL; 212 dev_info_t *zfs_dip; 213 214 uint_t zfs_fsyncer_key; 215 extern uint_t rrw_tsd_key; 216 static uint_t zfs_allow_log_key; 217 218 typedef int zfs_ioc_legacy_func_t(zfs_cmd_t *); 219 typedef int zfs_ioc_func_t(const char *, nvlist_t *, nvlist_t *); 220 typedef int zfs_secpolicy_func_t(zfs_cmd_t *, nvlist_t *, cred_t *); 221 222 typedef enum { 223 NO_NAME, 224 POOL_NAME, 225 DATASET_NAME 226 } zfs_ioc_namecheck_t; 227 228 typedef enum { 229 POOL_CHECK_NONE = 1 << 0, 230 POOL_CHECK_SUSPENDED = 1 << 1, 231 POOL_CHECK_READONLY = 1 << 2, 232 } zfs_ioc_poolcheck_t; 233 234 typedef struct zfs_ioc_vec { 235 zfs_ioc_legacy_func_t *zvec_legacy_func; 236 zfs_ioc_func_t *zvec_func; 237 zfs_secpolicy_func_t *zvec_secpolicy; 238 zfs_ioc_namecheck_t zvec_namecheck; 239 boolean_t zvec_allow_log; 240 zfs_ioc_poolcheck_t zvec_pool_check; 241 boolean_t zvec_smush_outnvlist; 242 const char *zvec_name; 243 } zfs_ioc_vec_t; 244 245 /* This array is indexed by zfs_userquota_prop_t */ 246 static const char *userquota_perms[] = { 247 ZFS_DELEG_PERM_USERUSED, 248 ZFS_DELEG_PERM_USERQUOTA, 249 ZFS_DELEG_PERM_GROUPUSED, 250 ZFS_DELEG_PERM_GROUPQUOTA, 251 }; 252 253 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc); 254 static int zfs_check_settable(const char *name, nvpair_t *property, 255 cred_t *cr); 256 static int zfs_check_clearable(char *dataset, nvlist_t *props, 257 nvlist_t **errors); 258 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *, 259 boolean_t *); 260 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t *); 261 static int get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp); 262 263 static int zfs_prop_activate_feature(spa_t *spa, spa_feature_t feature); 264 265 /* _NOTE(PRINTFLIKE(4)) - this is printf-like, but lint is too whiney */ 266 void 267 __dprintf(const char *file, const char *func, int line, const char *fmt, ...) 268 { 269 const char *newfile; 270 char buf[512]; 271 va_list adx; 272 273 /* 274 * Get rid of annoying "../common/" prefix to filename. 275 */ 276 newfile = strrchr(file, '/'); 277 if (newfile != NULL) { 278 newfile = newfile + 1; /* Get rid of leading / */ 279 } else { 280 newfile = file; 281 } 282 283 va_start(adx, fmt); 284 (void) vsnprintf(buf, sizeof (buf), fmt, adx); 285 va_end(adx); 286 287 /* 288 * To get this data, use the zfs-dprintf probe as so: 289 * dtrace -q -n 'zfs-dprintf \ 290 * /stringof(arg0) == "dbuf.c"/ \ 291 * {printf("%s: %s", stringof(arg1), stringof(arg3))}' 292 * arg0 = file name 293 * arg1 = function name 294 * arg2 = line number 295 * arg3 = message 296 */ 297 DTRACE_PROBE4(zfs__dprintf, 298 char *, newfile, char *, func, int, line, char *, buf); 299 } 300 301 static void 302 history_str_free(char *buf) 303 { 304 kmem_free(buf, HIS_MAX_RECORD_LEN); 305 } 306 307 static char * 308 history_str_get(zfs_cmd_t *zc) 309 { 310 char *buf; 311 312 if (zc->zc_history == 0) 313 return (NULL); 314 315 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP); 316 if (copyinstr((void *)(uintptr_t)zc->zc_history, 317 buf, HIS_MAX_RECORD_LEN, NULL) != 0) { 318 history_str_free(buf); 319 return (NULL); 320 } 321 322 buf[HIS_MAX_RECORD_LEN -1] = '\0'; 323 324 return (buf); 325 } 326 327 /* 328 * Check to see if the named dataset is currently defined as bootable 329 */ 330 static boolean_t 331 zfs_is_bootfs(const char *name) 332 { 333 objset_t *os; 334 335 if (dmu_objset_hold(name, FTAG, &os) == 0) { 336 boolean_t ret; 337 ret = (dmu_objset_id(os) == spa_bootfs(dmu_objset_spa(os))); 338 dmu_objset_rele(os, FTAG); 339 return (ret); 340 } 341 return (B_FALSE); 342 } 343 344 /* 345 * Return non-zero if the spa version is less than requested version. 346 */ 347 static int 348 zfs_earlier_version(const char *name, int version) 349 { 350 spa_t *spa; 351 352 if (spa_open(name, &spa, FTAG) == 0) { 353 if (spa_version(spa) < version) { 354 spa_close(spa, FTAG); 355 return (1); 356 } 357 spa_close(spa, FTAG); 358 } 359 return (0); 360 } 361 362 /* 363 * Return TRUE if the ZPL version is less than requested version. 364 */ 365 static boolean_t 366 zpl_earlier_version(const char *name, int version) 367 { 368 objset_t *os; 369 boolean_t rc = B_TRUE; 370 371 if (dmu_objset_hold(name, FTAG, &os) == 0) { 372 uint64_t zplversion; 373 374 if (dmu_objset_type(os) != DMU_OST_ZFS) { 375 dmu_objset_rele(os, FTAG); 376 return (B_TRUE); 377 } 378 /* XXX reading from non-owned objset */ 379 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0) 380 rc = zplversion < version; 381 dmu_objset_rele(os, FTAG); 382 } 383 return (rc); 384 } 385 386 static void 387 zfs_log_history(zfs_cmd_t *zc) 388 { 389 spa_t *spa; 390 char *buf; 391 392 if ((buf = history_str_get(zc)) == NULL) 393 return; 394 395 if (spa_open(zc->zc_name, &spa, FTAG) == 0) { 396 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY) 397 (void) spa_history_log(spa, buf); 398 spa_close(spa, FTAG); 399 } 400 history_str_free(buf); 401 } 402 403 /* 404 * Policy for top-level read operations (list pools). Requires no privileges, 405 * and can be used in the local zone, as there is no associated dataset. 406 */ 407 /* ARGSUSED */ 408 static int 409 zfs_secpolicy_none(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 410 { 411 return (0); 412 } 413 414 /* 415 * Policy for dataset read operations (list children, get statistics). Requires 416 * no privileges, but must be visible in the local zone. 417 */ 418 /* ARGSUSED */ 419 static int 420 zfs_secpolicy_read(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 421 { 422 if (INGLOBALZONE(curproc) || 423 zone_dataset_visible(zc->zc_name, NULL)) 424 return (0); 425 426 return (SET_ERROR(ENOENT)); 427 } 428 429 static int 430 zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr) 431 { 432 int writable = 1; 433 434 /* 435 * The dataset must be visible by this zone -- check this first 436 * so they don't see EPERM on something they shouldn't know about. 437 */ 438 if (!INGLOBALZONE(curproc) && 439 !zone_dataset_visible(dataset, &writable)) 440 return (SET_ERROR(ENOENT)); 441 442 if (INGLOBALZONE(curproc)) { 443 /* 444 * If the fs is zoned, only root can access it from the 445 * global zone. 446 */ 447 if (secpolicy_zfs(cr) && zoned) 448 return (SET_ERROR(EPERM)); 449 } else { 450 /* 451 * If we are in a local zone, the 'zoned' property must be set. 452 */ 453 if (!zoned) 454 return (SET_ERROR(EPERM)); 455 456 /* must be writable by this zone */ 457 if (!writable) 458 return (SET_ERROR(EPERM)); 459 } 460 return (0); 461 } 462 463 static int 464 zfs_dozonecheck(const char *dataset, cred_t *cr) 465 { 466 uint64_t zoned; 467 468 if (dsl_prop_get_integer(dataset, "zoned", &zoned, NULL)) 469 return (SET_ERROR(ENOENT)); 470 471 return (zfs_dozonecheck_impl(dataset, zoned, cr)); 472 } 473 474 static int 475 zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr) 476 { 477 uint64_t zoned; 478 479 if (dsl_prop_get_int_ds(ds, "zoned", &zoned)) 480 return (SET_ERROR(ENOENT)); 481 482 return (zfs_dozonecheck_impl(dataset, zoned, cr)); 483 } 484 485 static int 486 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds, 487 const char *perm, cred_t *cr) 488 { 489 int error; 490 491 error = zfs_dozonecheck_ds(name, ds, cr); 492 if (error == 0) { 493 error = secpolicy_zfs(cr); 494 if (error != 0) 495 error = dsl_deleg_access_impl(ds, perm, cr); 496 } 497 return (error); 498 } 499 500 static int 501 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr) 502 { 503 int error; 504 dsl_dataset_t *ds; 505 dsl_pool_t *dp; 506 507 /* 508 * First do a quick check for root in the global zone, which 509 * is allowed to do all write_perms. This ensures that zfs_ioc_* 510 * will get to handle nonexistent datasets. 511 */ 512 if (INGLOBALZONE(curproc) && secpolicy_zfs(cr) == 0) 513 return (0); 514 515 error = dsl_pool_hold(name, FTAG, &dp); 516 if (error != 0) 517 return (error); 518 519 error = dsl_dataset_hold(dp, name, FTAG, &ds); 520 if (error != 0) { 521 dsl_pool_rele(dp, FTAG); 522 return (error); 523 } 524 525 error = zfs_secpolicy_write_perms_ds(name, ds, perm, cr); 526 527 dsl_dataset_rele(ds, FTAG); 528 dsl_pool_rele(dp, FTAG); 529 return (error); 530 } 531 532 /* 533 * Policy for setting the security label property. 534 * 535 * Returns 0 for success, non-zero for access and other errors. 536 */ 537 static int 538 zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr) 539 { 540 char ds_hexsl[MAXNAMELEN]; 541 bslabel_t ds_sl, new_sl; 542 boolean_t new_default = FALSE; 543 uint64_t zoned; 544 int needed_priv = -1; 545 int error; 546 547 /* First get the existing dataset label. */ 548 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL), 549 1, sizeof (ds_hexsl), &ds_hexsl, NULL); 550 if (error != 0) 551 return (SET_ERROR(EPERM)); 552 553 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0) 554 new_default = TRUE; 555 556 /* The label must be translatable */ 557 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0)) 558 return (SET_ERROR(EINVAL)); 559 560 /* 561 * In a non-global zone, disallow attempts to set a label that 562 * doesn't match that of the zone; otherwise no other checks 563 * are needed. 564 */ 565 if (!INGLOBALZONE(curproc)) { 566 if (new_default || !blequal(&new_sl, CR_SL(CRED()))) 567 return (SET_ERROR(EPERM)); 568 return (0); 569 } 570 571 /* 572 * For global-zone datasets (i.e., those whose zoned property is 573 * "off", verify that the specified new label is valid for the 574 * global zone. 575 */ 576 if (dsl_prop_get_integer(name, 577 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL)) 578 return (SET_ERROR(EPERM)); 579 if (!zoned) { 580 if (zfs_check_global_label(name, strval) != 0) 581 return (SET_ERROR(EPERM)); 582 } 583 584 /* 585 * If the existing dataset label is nondefault, check if the 586 * dataset is mounted (label cannot be changed while mounted). 587 * Get the zfsvfs; if there isn't one, then the dataset isn't 588 * mounted (or isn't a dataset, doesn't exist, ...). 589 */ 590 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) { 591 objset_t *os; 592 static char *setsl_tag = "setsl_tag"; 593 594 /* 595 * Try to own the dataset; abort if there is any error, 596 * (e.g., already mounted, in use, or other error). 597 */ 598 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE, B_TRUE, 599 setsl_tag, &os); 600 if (error != 0) 601 return (SET_ERROR(EPERM)); 602 603 dmu_objset_disown(os, B_TRUE, setsl_tag); 604 605 if (new_default) { 606 needed_priv = PRIV_FILE_DOWNGRADE_SL; 607 goto out_check; 608 } 609 610 if (hexstr_to_label(strval, &new_sl) != 0) 611 return (SET_ERROR(EPERM)); 612 613 if (blstrictdom(&ds_sl, &new_sl)) 614 needed_priv = PRIV_FILE_DOWNGRADE_SL; 615 else if (blstrictdom(&new_sl, &ds_sl)) 616 needed_priv = PRIV_FILE_UPGRADE_SL; 617 } else { 618 /* dataset currently has a default label */ 619 if (!new_default) 620 needed_priv = PRIV_FILE_UPGRADE_SL; 621 } 622 623 out_check: 624 if (needed_priv != -1) 625 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL)); 626 return (0); 627 } 628 629 static int 630 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval, 631 cred_t *cr) 632 { 633 char *strval; 634 635 /* 636 * Check permissions for special properties. 637 */ 638 switch (prop) { 639 case ZFS_PROP_ZONED: 640 /* 641 * Disallow setting of 'zoned' from within a local zone. 642 */ 643 if (!INGLOBALZONE(curproc)) 644 return (SET_ERROR(EPERM)); 645 break; 646 647 case ZFS_PROP_QUOTA: 648 case ZFS_PROP_FILESYSTEM_LIMIT: 649 case ZFS_PROP_SNAPSHOT_LIMIT: 650 if (!INGLOBALZONE(curproc)) { 651 uint64_t zoned; 652 char setpoint[ZFS_MAX_DATASET_NAME_LEN]; 653 /* 654 * Unprivileged users are allowed to modify the 655 * limit on things *under* (ie. contained by) 656 * the thing they own. 657 */ 658 if (dsl_prop_get_integer(dsname, "zoned", &zoned, 659 setpoint)) 660 return (SET_ERROR(EPERM)); 661 if (!zoned || strlen(dsname) <= strlen(setpoint)) 662 return (SET_ERROR(EPERM)); 663 } 664 break; 665 666 case ZFS_PROP_MLSLABEL: 667 if (!is_system_labeled()) 668 return (SET_ERROR(EPERM)); 669 670 if (nvpair_value_string(propval, &strval) == 0) { 671 int err; 672 673 err = zfs_set_slabel_policy(dsname, strval, CRED()); 674 if (err != 0) 675 return (err); 676 } 677 break; 678 } 679 680 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr)); 681 } 682 683 /* ARGSUSED */ 684 static int 685 zfs_secpolicy_set_fsacl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 686 { 687 int error; 688 689 error = zfs_dozonecheck(zc->zc_name, cr); 690 if (error != 0) 691 return (error); 692 693 /* 694 * permission to set permissions will be evaluated later in 695 * dsl_deleg_can_allow() 696 */ 697 return (0); 698 } 699 700 /* ARGSUSED */ 701 static int 702 zfs_secpolicy_rollback(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 703 { 704 return (zfs_secpolicy_write_perms(zc->zc_name, 705 ZFS_DELEG_PERM_ROLLBACK, cr)); 706 } 707 708 /* ARGSUSED */ 709 static int 710 zfs_secpolicy_send(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 711 { 712 dsl_pool_t *dp; 713 dsl_dataset_t *ds; 714 char *cp; 715 int error; 716 717 /* 718 * Generate the current snapshot name from the given objsetid, then 719 * use that name for the secpolicy/zone checks. 720 */ 721 cp = strchr(zc->zc_name, '@'); 722 if (cp == NULL) 723 return (SET_ERROR(EINVAL)); 724 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 725 if (error != 0) 726 return (error); 727 728 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds); 729 if (error != 0) { 730 dsl_pool_rele(dp, FTAG); 731 return (error); 732 } 733 734 dsl_dataset_name(ds, zc->zc_name); 735 736 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds, 737 ZFS_DELEG_PERM_SEND, cr); 738 dsl_dataset_rele(ds, FTAG); 739 dsl_pool_rele(dp, FTAG); 740 741 return (error); 742 } 743 744 /* ARGSUSED */ 745 static int 746 zfs_secpolicy_send_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 747 { 748 return (zfs_secpolicy_write_perms(zc->zc_name, 749 ZFS_DELEG_PERM_SEND, cr)); 750 } 751 752 /* ARGSUSED */ 753 static int 754 zfs_secpolicy_deleg_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 755 { 756 vnode_t *vp; 757 int error; 758 759 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE, 760 NO_FOLLOW, NULL, &vp)) != 0) 761 return (error); 762 763 /* Now make sure mntpnt and dataset are ZFS */ 764 765 if (vp->v_vfsp->vfs_fstype != zfsfstype || 766 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource), 767 zc->zc_name) != 0)) { 768 VN_RELE(vp); 769 return (SET_ERROR(EPERM)); 770 } 771 772 VN_RELE(vp); 773 return (dsl_deleg_access(zc->zc_name, 774 ZFS_DELEG_PERM_SHARE, cr)); 775 } 776 777 int 778 zfs_secpolicy_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 779 { 780 if (!INGLOBALZONE(curproc)) 781 return (SET_ERROR(EPERM)); 782 783 if (secpolicy_nfs(cr) == 0) { 784 return (0); 785 } else { 786 return (zfs_secpolicy_deleg_share(zc, innvl, cr)); 787 } 788 } 789 790 int 791 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 792 { 793 if (!INGLOBALZONE(curproc)) 794 return (SET_ERROR(EPERM)); 795 796 if (secpolicy_smb(cr) == 0) { 797 return (0); 798 } else { 799 return (zfs_secpolicy_deleg_share(zc, innvl, cr)); 800 } 801 } 802 803 static int 804 zfs_get_parent(const char *datasetname, char *parent, int parentsize) 805 { 806 char *cp; 807 808 /* 809 * Remove the @bla or /bla from the end of the name to get the parent. 810 */ 811 (void) strncpy(parent, datasetname, parentsize); 812 cp = strrchr(parent, '@'); 813 if (cp != NULL) { 814 cp[0] = '\0'; 815 } else { 816 cp = strrchr(parent, '/'); 817 if (cp == NULL) 818 return (SET_ERROR(ENOENT)); 819 cp[0] = '\0'; 820 } 821 822 return (0); 823 } 824 825 int 826 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr) 827 { 828 int error; 829 830 if ((error = zfs_secpolicy_write_perms(name, 831 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 832 return (error); 833 834 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr)); 835 } 836 837 /* ARGSUSED */ 838 static int 839 zfs_secpolicy_destroy(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 840 { 841 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr)); 842 } 843 844 /* 845 * Destroying snapshots with delegated permissions requires 846 * descendant mount and destroy permissions. 847 */ 848 /* ARGSUSED */ 849 static int 850 zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 851 { 852 nvlist_t *snaps; 853 nvpair_t *pair, *nextpair; 854 int error = 0; 855 856 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0) 857 return (SET_ERROR(EINVAL)); 858 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 859 pair = nextpair) { 860 nextpair = nvlist_next_nvpair(snaps, pair); 861 error = zfs_secpolicy_destroy_perms(nvpair_name(pair), cr); 862 if (error == ENOENT) { 863 /* 864 * Ignore any snapshots that don't exist (we consider 865 * them "already destroyed"). Remove the name from the 866 * nvl here in case the snapshot is created between 867 * now and when we try to destroy it (in which case 868 * we don't want to destroy it since we haven't 869 * checked for permission). 870 */ 871 fnvlist_remove_nvpair(snaps, pair); 872 error = 0; 873 } 874 if (error != 0) 875 break; 876 } 877 878 return (error); 879 } 880 881 int 882 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr) 883 { 884 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 885 int error; 886 887 if ((error = zfs_secpolicy_write_perms(from, 888 ZFS_DELEG_PERM_RENAME, cr)) != 0) 889 return (error); 890 891 if ((error = zfs_secpolicy_write_perms(from, 892 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 893 return (error); 894 895 if ((error = zfs_get_parent(to, parentname, 896 sizeof (parentname))) != 0) 897 return (error); 898 899 if ((error = zfs_secpolicy_write_perms(parentname, 900 ZFS_DELEG_PERM_CREATE, cr)) != 0) 901 return (error); 902 903 if ((error = zfs_secpolicy_write_perms(parentname, 904 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 905 return (error); 906 907 return (error); 908 } 909 910 /* ARGSUSED */ 911 static int 912 zfs_secpolicy_rename(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 913 { 914 return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr)); 915 } 916 917 /* ARGSUSED */ 918 static int 919 zfs_secpolicy_promote(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 920 { 921 dsl_pool_t *dp; 922 dsl_dataset_t *clone; 923 int error; 924 925 error = zfs_secpolicy_write_perms(zc->zc_name, 926 ZFS_DELEG_PERM_PROMOTE, cr); 927 if (error != 0) 928 return (error); 929 930 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 931 if (error != 0) 932 return (error); 933 934 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &clone); 935 936 if (error == 0) { 937 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 938 dsl_dataset_t *origin = NULL; 939 dsl_dir_t *dd; 940 dd = clone->ds_dir; 941 942 error = dsl_dataset_hold_obj(dd->dd_pool, 943 dsl_dir_phys(dd)->dd_origin_obj, FTAG, &origin); 944 if (error != 0) { 945 dsl_dataset_rele(clone, FTAG); 946 dsl_pool_rele(dp, FTAG); 947 return (error); 948 } 949 950 error = zfs_secpolicy_write_perms_ds(zc->zc_name, clone, 951 ZFS_DELEG_PERM_MOUNT, cr); 952 953 dsl_dataset_name(origin, parentname); 954 if (error == 0) { 955 error = zfs_secpolicy_write_perms_ds(parentname, origin, 956 ZFS_DELEG_PERM_PROMOTE, cr); 957 } 958 dsl_dataset_rele(clone, FTAG); 959 dsl_dataset_rele(origin, FTAG); 960 } 961 dsl_pool_rele(dp, FTAG); 962 return (error); 963 } 964 965 /* ARGSUSED */ 966 static int 967 zfs_secpolicy_recv(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 968 { 969 int error; 970 971 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 972 ZFS_DELEG_PERM_RECEIVE, cr)) != 0) 973 return (error); 974 975 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 976 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 977 return (error); 978 979 return (zfs_secpolicy_write_perms(zc->zc_name, 980 ZFS_DELEG_PERM_CREATE, cr)); 981 } 982 983 int 984 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr) 985 { 986 return (zfs_secpolicy_write_perms(name, 987 ZFS_DELEG_PERM_SNAPSHOT, cr)); 988 } 989 990 /* 991 * Check for permission to create each snapshot in the nvlist. 992 */ 993 /* ARGSUSED */ 994 static int 995 zfs_secpolicy_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 996 { 997 nvlist_t *snaps; 998 int error = 0; 999 nvpair_t *pair; 1000 1001 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0) 1002 return (SET_ERROR(EINVAL)); 1003 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 1004 pair = nvlist_next_nvpair(snaps, pair)) { 1005 char *name = nvpair_name(pair); 1006 char *atp = strchr(name, '@'); 1007 1008 if (atp == NULL) { 1009 error = SET_ERROR(EINVAL); 1010 break; 1011 } 1012 *atp = '\0'; 1013 error = zfs_secpolicy_snapshot_perms(name, cr); 1014 *atp = '@'; 1015 if (error != 0) 1016 break; 1017 } 1018 return (error); 1019 } 1020 1021 /* 1022 * Check for permission to create each snapshot in the nvlist. 1023 */ 1024 /* ARGSUSED */ 1025 static int 1026 zfs_secpolicy_bookmark(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1027 { 1028 int error = 0; 1029 1030 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL); 1031 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) { 1032 char *name = nvpair_name(pair); 1033 char *hashp = strchr(name, '#'); 1034 1035 if (hashp == NULL) { 1036 error = SET_ERROR(EINVAL); 1037 break; 1038 } 1039 *hashp = '\0'; 1040 error = zfs_secpolicy_write_perms(name, 1041 ZFS_DELEG_PERM_BOOKMARK, cr); 1042 *hashp = '#'; 1043 if (error != 0) 1044 break; 1045 } 1046 return (error); 1047 } 1048 1049 /* ARGSUSED */ 1050 static int 1051 zfs_secpolicy_remap(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1052 { 1053 return (zfs_secpolicy_write_perms(zc->zc_name, 1054 ZFS_DELEG_PERM_REMAP, cr)); 1055 } 1056 1057 /* ARGSUSED */ 1058 static int 1059 zfs_secpolicy_destroy_bookmarks(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1060 { 1061 nvpair_t *pair, *nextpair; 1062 int error = 0; 1063 1064 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL; 1065 pair = nextpair) { 1066 char *name = nvpair_name(pair); 1067 char *hashp = strchr(name, '#'); 1068 nextpair = nvlist_next_nvpair(innvl, pair); 1069 1070 if (hashp == NULL) { 1071 error = SET_ERROR(EINVAL); 1072 break; 1073 } 1074 1075 *hashp = '\0'; 1076 error = zfs_secpolicy_write_perms(name, 1077 ZFS_DELEG_PERM_DESTROY, cr); 1078 *hashp = '#'; 1079 if (error == ENOENT) { 1080 /* 1081 * Ignore any filesystems that don't exist (we consider 1082 * their bookmarks "already destroyed"). Remove 1083 * the name from the nvl here in case the filesystem 1084 * is created between now and when we try to destroy 1085 * the bookmark (in which case we don't want to 1086 * destroy it since we haven't checked for permission). 1087 */ 1088 fnvlist_remove_nvpair(innvl, pair); 1089 error = 0; 1090 } 1091 if (error != 0) 1092 break; 1093 } 1094 1095 return (error); 1096 } 1097 1098 /* ARGSUSED */ 1099 static int 1100 zfs_secpolicy_log_history(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1101 { 1102 /* 1103 * Even root must have a proper TSD so that we know what pool 1104 * to log to. 1105 */ 1106 if (tsd_get(zfs_allow_log_key) == NULL) 1107 return (SET_ERROR(EPERM)); 1108 return (0); 1109 } 1110 1111 static int 1112 zfs_secpolicy_create_clone(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1113 { 1114 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 1115 int error; 1116 char *origin; 1117 1118 if ((error = zfs_get_parent(zc->zc_name, parentname, 1119 sizeof (parentname))) != 0) 1120 return (error); 1121 1122 if (nvlist_lookup_string(innvl, "origin", &origin) == 0 && 1123 (error = zfs_secpolicy_write_perms(origin, 1124 ZFS_DELEG_PERM_CLONE, cr)) != 0) 1125 return (error); 1126 1127 if ((error = zfs_secpolicy_write_perms(parentname, 1128 ZFS_DELEG_PERM_CREATE, cr)) != 0) 1129 return (error); 1130 1131 return (zfs_secpolicy_write_perms(parentname, 1132 ZFS_DELEG_PERM_MOUNT, cr)); 1133 } 1134 1135 /* 1136 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires 1137 * SYS_CONFIG privilege, which is not available in a local zone. 1138 */ 1139 /* ARGSUSED */ 1140 static int 1141 zfs_secpolicy_config(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1142 { 1143 if (secpolicy_sys_config(cr, B_FALSE) != 0) 1144 return (SET_ERROR(EPERM)); 1145 1146 return (0); 1147 } 1148 1149 /* 1150 * Policy for object to name lookups. 1151 */ 1152 /* ARGSUSED */ 1153 static int 1154 zfs_secpolicy_diff(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1155 { 1156 int error; 1157 1158 if ((error = secpolicy_sys_config(cr, B_FALSE)) == 0) 1159 return (0); 1160 1161 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr); 1162 return (error); 1163 } 1164 1165 /* 1166 * Policy for fault injection. Requires all privileges. 1167 */ 1168 /* ARGSUSED */ 1169 static int 1170 zfs_secpolicy_inject(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1171 { 1172 return (secpolicy_zinject(cr)); 1173 } 1174 1175 /* ARGSUSED */ 1176 static int 1177 zfs_secpolicy_inherit_prop(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1178 { 1179 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value); 1180 1181 if (prop == ZPROP_INVAL) { 1182 if (!zfs_prop_user(zc->zc_value)) 1183 return (SET_ERROR(EINVAL)); 1184 return (zfs_secpolicy_write_perms(zc->zc_name, 1185 ZFS_DELEG_PERM_USERPROP, cr)); 1186 } else { 1187 return (zfs_secpolicy_setprop(zc->zc_name, prop, 1188 NULL, cr)); 1189 } 1190 } 1191 1192 static int 1193 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1194 { 1195 int err = zfs_secpolicy_read(zc, innvl, cr); 1196 if (err) 1197 return (err); 1198 1199 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 1200 return (SET_ERROR(EINVAL)); 1201 1202 if (zc->zc_value[0] == 0) { 1203 /* 1204 * They are asking about a posix uid/gid. If it's 1205 * themself, allow it. 1206 */ 1207 if (zc->zc_objset_type == ZFS_PROP_USERUSED || 1208 zc->zc_objset_type == ZFS_PROP_USERQUOTA) { 1209 if (zc->zc_guid == crgetuid(cr)) 1210 return (0); 1211 } else { 1212 if (groupmember(zc->zc_guid, cr)) 1213 return (0); 1214 } 1215 } 1216 1217 return (zfs_secpolicy_write_perms(zc->zc_name, 1218 userquota_perms[zc->zc_objset_type], cr)); 1219 } 1220 1221 static int 1222 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1223 { 1224 int err = zfs_secpolicy_read(zc, innvl, cr); 1225 if (err) 1226 return (err); 1227 1228 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 1229 return (SET_ERROR(EINVAL)); 1230 1231 return (zfs_secpolicy_write_perms(zc->zc_name, 1232 userquota_perms[zc->zc_objset_type], cr)); 1233 } 1234 1235 /* ARGSUSED */ 1236 static int 1237 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1238 { 1239 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION, 1240 NULL, cr)); 1241 } 1242 1243 /* ARGSUSED */ 1244 static int 1245 zfs_secpolicy_hold(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1246 { 1247 nvpair_t *pair; 1248 nvlist_t *holds; 1249 int error; 1250 1251 error = nvlist_lookup_nvlist(innvl, "holds", &holds); 1252 if (error != 0) 1253 return (SET_ERROR(EINVAL)); 1254 1255 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL; 1256 pair = nvlist_next_nvpair(holds, pair)) { 1257 char fsname[ZFS_MAX_DATASET_NAME_LEN]; 1258 error = dmu_fsname(nvpair_name(pair), fsname); 1259 if (error != 0) 1260 return (error); 1261 error = zfs_secpolicy_write_perms(fsname, 1262 ZFS_DELEG_PERM_HOLD, cr); 1263 if (error != 0) 1264 return (error); 1265 } 1266 return (0); 1267 } 1268 1269 /* ARGSUSED */ 1270 static int 1271 zfs_secpolicy_release(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1272 { 1273 nvpair_t *pair; 1274 int error; 1275 1276 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL; 1277 pair = nvlist_next_nvpair(innvl, pair)) { 1278 char fsname[ZFS_MAX_DATASET_NAME_LEN]; 1279 error = dmu_fsname(nvpair_name(pair), fsname); 1280 if (error != 0) 1281 return (error); 1282 error = zfs_secpolicy_write_perms(fsname, 1283 ZFS_DELEG_PERM_RELEASE, cr); 1284 if (error != 0) 1285 return (error); 1286 } 1287 return (0); 1288 } 1289 1290 /* ARGSUSED */ 1291 static int 1292 zfs_secpolicy_load_key(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1293 { 1294 return (zfs_secpolicy_write_perms(zc->zc_name, 1295 ZFS_DELEG_PERM_LOAD_KEY, cr)); 1296 } 1297 1298 /* ARGSUSED */ 1299 static int 1300 zfs_secpolicy_change_key(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1301 { 1302 return (zfs_secpolicy_write_perms(zc->zc_name, 1303 ZFS_DELEG_PERM_CHANGE_KEY, cr)); 1304 } 1305 1306 /* 1307 * Policy for allowing temporary snapshots to be taken or released 1308 */ 1309 static int 1310 zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1311 { 1312 /* 1313 * A temporary snapshot is the same as a snapshot, 1314 * hold, destroy and release all rolled into one. 1315 * Delegated diff alone is sufficient that we allow this. 1316 */ 1317 int error; 1318 1319 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 1320 ZFS_DELEG_PERM_DIFF, cr)) == 0) 1321 return (0); 1322 1323 error = zfs_secpolicy_snapshot_perms(zc->zc_name, cr); 1324 if (error == 0) 1325 error = zfs_secpolicy_hold(zc, innvl, cr); 1326 if (error == 0) 1327 error = zfs_secpolicy_release(zc, innvl, cr); 1328 if (error == 0) 1329 error = zfs_secpolicy_destroy(zc, innvl, cr); 1330 return (error); 1331 } 1332 1333 /* 1334 * Returns the nvlist as specified by the user in the zfs_cmd_t. 1335 */ 1336 static int 1337 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp) 1338 { 1339 char *packed; 1340 int error; 1341 nvlist_t *list = NULL; 1342 1343 /* 1344 * Read in and unpack the user-supplied nvlist. 1345 */ 1346 if (size == 0) 1347 return (SET_ERROR(EINVAL)); 1348 1349 packed = kmem_alloc(size, KM_SLEEP); 1350 1351 if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size, 1352 iflag)) != 0) { 1353 kmem_free(packed, size); 1354 return (SET_ERROR(EFAULT)); 1355 } 1356 1357 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) { 1358 kmem_free(packed, size); 1359 return (error); 1360 } 1361 1362 kmem_free(packed, size); 1363 1364 *nvp = list; 1365 return (0); 1366 } 1367 1368 /* 1369 * Reduce the size of this nvlist until it can be serialized in 'max' bytes. 1370 * Entries will be removed from the end of the nvlist, and one int32 entry 1371 * named "N_MORE_ERRORS" will be added indicating how many entries were 1372 * removed. 1373 */ 1374 static int 1375 nvlist_smush(nvlist_t *errors, size_t max) 1376 { 1377 size_t size; 1378 1379 size = fnvlist_size(errors); 1380 1381 if (size > max) { 1382 nvpair_t *more_errors; 1383 int n = 0; 1384 1385 if (max < 1024) 1386 return (SET_ERROR(ENOMEM)); 1387 1388 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, 0); 1389 more_errors = nvlist_prev_nvpair(errors, NULL); 1390 1391 do { 1392 nvpair_t *pair = nvlist_prev_nvpair(errors, 1393 more_errors); 1394 fnvlist_remove_nvpair(errors, pair); 1395 n++; 1396 size = fnvlist_size(errors); 1397 } while (size > max); 1398 1399 fnvlist_remove_nvpair(errors, more_errors); 1400 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, n); 1401 ASSERT3U(fnvlist_size(errors), <=, max); 1402 } 1403 1404 return (0); 1405 } 1406 1407 static int 1408 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl) 1409 { 1410 char *packed = NULL; 1411 int error = 0; 1412 size_t size; 1413 1414 size = fnvlist_size(nvl); 1415 1416 if (size > zc->zc_nvlist_dst_size) { 1417 error = SET_ERROR(ENOMEM); 1418 } else { 1419 packed = fnvlist_pack(nvl, &size); 1420 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst, 1421 size, zc->zc_iflags) != 0) 1422 error = SET_ERROR(EFAULT); 1423 fnvlist_pack_free(packed, size); 1424 } 1425 1426 zc->zc_nvlist_dst_size = size; 1427 zc->zc_nvlist_dst_filled = B_TRUE; 1428 return (error); 1429 } 1430 1431 int 1432 getzfsvfs_impl(objset_t *os, zfsvfs_t **zfvp) 1433 { 1434 int error = 0; 1435 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1436 return (SET_ERROR(EINVAL)); 1437 } 1438 1439 mutex_enter(&os->os_user_ptr_lock); 1440 *zfvp = dmu_objset_get_user(os); 1441 if (*zfvp) { 1442 VFS_HOLD((*zfvp)->z_vfs); 1443 } else { 1444 error = SET_ERROR(ESRCH); 1445 } 1446 mutex_exit(&os->os_user_ptr_lock); 1447 return (error); 1448 } 1449 1450 int 1451 getzfsvfs(const char *dsname, zfsvfs_t **zfvp) 1452 { 1453 objset_t *os; 1454 int error; 1455 1456 error = dmu_objset_hold(dsname, FTAG, &os); 1457 if (error != 0) 1458 return (error); 1459 1460 error = getzfsvfs_impl(os, zfvp); 1461 dmu_objset_rele(os, FTAG); 1462 return (error); 1463 } 1464 1465 /* 1466 * Find a zfsvfs_t for a mounted filesystem, or create our own, in which 1467 * case its z_vfs will be NULL, and it will be opened as the owner. 1468 * If 'writer' is set, the z_teardown_lock will be held for RW_WRITER, 1469 * which prevents all vnode ops from running. 1470 */ 1471 static int 1472 zfsvfs_hold(const char *name, void *tag, zfsvfs_t **zfvp, boolean_t writer) 1473 { 1474 int error = 0; 1475 1476 if (getzfsvfs(name, zfvp) != 0) 1477 error = zfsvfs_create(name, zfvp); 1478 if (error == 0) { 1479 rrm_enter(&(*zfvp)->z_teardown_lock, (writer) ? RW_WRITER : 1480 RW_READER, tag); 1481 if ((*zfvp)->z_unmounted) { 1482 /* 1483 * XXX we could probably try again, since the unmounting 1484 * thread should be just about to disassociate the 1485 * objset from the zfsvfs. 1486 */ 1487 rrm_exit(&(*zfvp)->z_teardown_lock, tag); 1488 return (SET_ERROR(EBUSY)); 1489 } 1490 } 1491 return (error); 1492 } 1493 1494 static void 1495 zfsvfs_rele(zfsvfs_t *zfsvfs, void *tag) 1496 { 1497 rrm_exit(&zfsvfs->z_teardown_lock, tag); 1498 1499 if (zfsvfs->z_vfs) { 1500 VFS_RELE(zfsvfs->z_vfs); 1501 } else { 1502 dmu_objset_disown(zfsvfs->z_os, B_TRUE, zfsvfs); 1503 zfsvfs_free(zfsvfs); 1504 } 1505 } 1506 1507 static int 1508 zfs_ioc_pool_create(zfs_cmd_t *zc) 1509 { 1510 int error; 1511 nvlist_t *config, *props = NULL; 1512 nvlist_t *rootprops = NULL; 1513 nvlist_t *zplprops = NULL; 1514 char *spa_name = zc->zc_name; 1515 dsl_crypto_params_t *dcp = NULL; 1516 1517 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1518 zc->zc_iflags, &config)) 1519 return (error); 1520 1521 if (zc->zc_nvlist_src_size != 0 && (error = 1522 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1523 zc->zc_iflags, &props))) { 1524 nvlist_free(config); 1525 return (error); 1526 } 1527 1528 if (props) { 1529 nvlist_t *nvl = NULL; 1530 nvlist_t *hidden_args = NULL; 1531 uint64_t version = SPA_VERSION; 1532 char *tname; 1533 1534 (void) nvlist_lookup_uint64(props, 1535 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version); 1536 if (!SPA_VERSION_IS_SUPPORTED(version)) { 1537 error = SET_ERROR(EINVAL); 1538 goto pool_props_bad; 1539 } 1540 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl); 1541 if (nvl) { 1542 error = nvlist_dup(nvl, &rootprops, KM_SLEEP); 1543 if (error != 0) { 1544 nvlist_free(config); 1545 nvlist_free(props); 1546 return (error); 1547 } 1548 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS); 1549 } 1550 1551 (void) nvlist_lookup_nvlist(props, ZPOOL_HIDDEN_ARGS, 1552 &hidden_args); 1553 error = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, 1554 rootprops, hidden_args, &dcp); 1555 if (error != 0) { 1556 nvlist_free(config); 1557 nvlist_free(props); 1558 return (error); 1559 } 1560 (void) nvlist_remove_all(props, ZPOOL_HIDDEN_ARGS); 1561 1562 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 1563 error = zfs_fill_zplprops_root(version, rootprops, 1564 zplprops, NULL); 1565 if (error != 0) 1566 goto pool_props_bad; 1567 1568 if (nvlist_lookup_string(props, 1569 zpool_prop_to_name(ZPOOL_PROP_TNAME), &tname) == 0) 1570 spa_name = tname; 1571 } 1572 1573 error = spa_create(zc->zc_name, config, props, zplprops, dcp); 1574 1575 /* 1576 * Set the remaining root properties 1577 */ 1578 if (!error && (error = zfs_set_prop_nvlist(spa_name, 1579 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0) 1580 (void) spa_destroy(spa_name); 1581 1582 pool_props_bad: 1583 nvlist_free(rootprops); 1584 nvlist_free(zplprops); 1585 nvlist_free(config); 1586 nvlist_free(props); 1587 dsl_crypto_params_free(dcp, !!error); 1588 1589 return (error); 1590 } 1591 1592 static int 1593 zfs_ioc_pool_destroy(zfs_cmd_t *zc) 1594 { 1595 int error; 1596 zfs_log_history(zc); 1597 error = spa_destroy(zc->zc_name); 1598 if (error == 0) 1599 zvol_remove_minors(zc->zc_name); 1600 return (error); 1601 } 1602 1603 static int 1604 zfs_ioc_pool_import(zfs_cmd_t *zc) 1605 { 1606 nvlist_t *config, *props = NULL; 1607 uint64_t guid; 1608 int error; 1609 1610 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1611 zc->zc_iflags, &config)) != 0) 1612 return (error); 1613 1614 if (zc->zc_nvlist_src_size != 0 && (error = 1615 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1616 zc->zc_iflags, &props))) { 1617 nvlist_free(config); 1618 return (error); 1619 } 1620 1621 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 || 1622 guid != zc->zc_guid) 1623 error = SET_ERROR(EINVAL); 1624 else 1625 error = spa_import(zc->zc_name, config, props, zc->zc_cookie); 1626 1627 if (zc->zc_nvlist_dst != 0) { 1628 int err; 1629 1630 if ((err = put_nvlist(zc, config)) != 0) 1631 error = err; 1632 } 1633 1634 nvlist_free(config); 1635 1636 nvlist_free(props); 1637 1638 return (error); 1639 } 1640 1641 static int 1642 zfs_ioc_pool_export(zfs_cmd_t *zc) 1643 { 1644 int error; 1645 boolean_t force = (boolean_t)zc->zc_cookie; 1646 boolean_t hardforce = (boolean_t)zc->zc_guid; 1647 1648 zfs_log_history(zc); 1649 error = spa_export(zc->zc_name, NULL, force, hardforce); 1650 if (error == 0) 1651 zvol_remove_minors(zc->zc_name); 1652 return (error); 1653 } 1654 1655 static int 1656 zfs_ioc_pool_configs(zfs_cmd_t *zc) 1657 { 1658 nvlist_t *configs; 1659 int error; 1660 1661 if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL) 1662 return (SET_ERROR(EEXIST)); 1663 1664 error = put_nvlist(zc, configs); 1665 1666 nvlist_free(configs); 1667 1668 return (error); 1669 } 1670 1671 /* 1672 * inputs: 1673 * zc_name name of the pool 1674 * 1675 * outputs: 1676 * zc_cookie real errno 1677 * zc_nvlist_dst config nvlist 1678 * zc_nvlist_dst_size size of config nvlist 1679 */ 1680 static int 1681 zfs_ioc_pool_stats(zfs_cmd_t *zc) 1682 { 1683 nvlist_t *config; 1684 int error; 1685 int ret = 0; 1686 1687 error = spa_get_stats(zc->zc_name, &config, zc->zc_value, 1688 sizeof (zc->zc_value)); 1689 1690 if (config != NULL) { 1691 ret = put_nvlist(zc, config); 1692 nvlist_free(config); 1693 1694 /* 1695 * The config may be present even if 'error' is non-zero. 1696 * In this case we return success, and preserve the real errno 1697 * in 'zc_cookie'. 1698 */ 1699 zc->zc_cookie = error; 1700 } else { 1701 ret = error; 1702 } 1703 1704 return (ret); 1705 } 1706 1707 /* 1708 * Try to import the given pool, returning pool stats as appropriate so that 1709 * user land knows which devices are available and overall pool health. 1710 */ 1711 static int 1712 zfs_ioc_pool_tryimport(zfs_cmd_t *zc) 1713 { 1714 nvlist_t *tryconfig, *config; 1715 int error; 1716 1717 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1718 zc->zc_iflags, &tryconfig)) != 0) 1719 return (error); 1720 1721 config = spa_tryimport(tryconfig); 1722 1723 nvlist_free(tryconfig); 1724 1725 if (config == NULL) 1726 return (SET_ERROR(EINVAL)); 1727 1728 error = put_nvlist(zc, config); 1729 nvlist_free(config); 1730 1731 return (error); 1732 } 1733 1734 /* 1735 * inputs: 1736 * zc_name name of the pool 1737 * zc_cookie scan func (pool_scan_func_t) 1738 * zc_flags scrub pause/resume flag (pool_scrub_cmd_t) 1739 */ 1740 static int 1741 zfs_ioc_pool_scan(zfs_cmd_t *zc) 1742 { 1743 spa_t *spa; 1744 int error; 1745 1746 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1747 return (error); 1748 1749 if (zc->zc_flags >= POOL_SCRUB_FLAGS_END) 1750 return (SET_ERROR(EINVAL)); 1751 1752 if (zc->zc_flags == POOL_SCRUB_PAUSE) 1753 error = spa_scrub_pause_resume(spa, POOL_SCRUB_PAUSE); 1754 else if (zc->zc_cookie == POOL_SCAN_NONE) 1755 error = spa_scan_stop(spa); 1756 else 1757 error = spa_scan(spa, zc->zc_cookie); 1758 1759 spa_close(spa, FTAG); 1760 1761 return (error); 1762 } 1763 1764 static int 1765 zfs_ioc_pool_freeze(zfs_cmd_t *zc) 1766 { 1767 spa_t *spa; 1768 int error; 1769 1770 error = spa_open(zc->zc_name, &spa, FTAG); 1771 if (error == 0) { 1772 spa_freeze(spa); 1773 spa_close(spa, FTAG); 1774 } 1775 return (error); 1776 } 1777 1778 static int 1779 zfs_ioc_pool_upgrade(zfs_cmd_t *zc) 1780 { 1781 spa_t *spa; 1782 int error; 1783 1784 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1785 return (error); 1786 1787 if (zc->zc_cookie < spa_version(spa) || 1788 !SPA_VERSION_IS_SUPPORTED(zc->zc_cookie)) { 1789 spa_close(spa, FTAG); 1790 return (SET_ERROR(EINVAL)); 1791 } 1792 1793 spa_upgrade(spa, zc->zc_cookie); 1794 spa_close(spa, FTAG); 1795 1796 return (error); 1797 } 1798 1799 static int 1800 zfs_ioc_pool_get_history(zfs_cmd_t *zc) 1801 { 1802 spa_t *spa; 1803 char *hist_buf; 1804 uint64_t size; 1805 int error; 1806 1807 if ((size = zc->zc_history_len) == 0) 1808 return (SET_ERROR(EINVAL)); 1809 1810 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1811 return (error); 1812 1813 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) { 1814 spa_close(spa, FTAG); 1815 return (SET_ERROR(ENOTSUP)); 1816 } 1817 1818 hist_buf = kmem_alloc(size, KM_SLEEP); 1819 if ((error = spa_history_get(spa, &zc->zc_history_offset, 1820 &zc->zc_history_len, hist_buf)) == 0) { 1821 error = ddi_copyout(hist_buf, 1822 (void *)(uintptr_t)zc->zc_history, 1823 zc->zc_history_len, zc->zc_iflags); 1824 } 1825 1826 spa_close(spa, FTAG); 1827 kmem_free(hist_buf, size); 1828 return (error); 1829 } 1830 1831 static int 1832 zfs_ioc_pool_reguid(zfs_cmd_t *zc) 1833 { 1834 spa_t *spa; 1835 int error; 1836 1837 error = spa_open(zc->zc_name, &spa, FTAG); 1838 if (error == 0) { 1839 error = spa_change_guid(spa); 1840 spa_close(spa, FTAG); 1841 } 1842 return (error); 1843 } 1844 1845 static int 1846 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc) 1847 { 1848 return (dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value)); 1849 } 1850 1851 /* 1852 * inputs: 1853 * zc_name name of filesystem 1854 * zc_obj object to find 1855 * 1856 * outputs: 1857 * zc_value name of object 1858 */ 1859 static int 1860 zfs_ioc_obj_to_path(zfs_cmd_t *zc) 1861 { 1862 objset_t *os; 1863 int error; 1864 1865 /* XXX reading from objset not owned */ 1866 if ((error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, 1867 FTAG, &os)) != 0) 1868 return (error); 1869 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1870 dmu_objset_rele_flags(os, B_TRUE, FTAG); 1871 return (SET_ERROR(EINVAL)); 1872 } 1873 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value, 1874 sizeof (zc->zc_value)); 1875 dmu_objset_rele_flags(os, B_TRUE, FTAG); 1876 1877 return (error); 1878 } 1879 1880 /* 1881 * inputs: 1882 * zc_name name of filesystem 1883 * zc_obj object to find 1884 * 1885 * outputs: 1886 * zc_stat stats on object 1887 * zc_value path to object 1888 */ 1889 static int 1890 zfs_ioc_obj_to_stats(zfs_cmd_t *zc) 1891 { 1892 objset_t *os; 1893 int error; 1894 1895 /* XXX reading from objset not owned */ 1896 if ((error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, 1897 FTAG, &os)) != 0) 1898 return (error); 1899 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1900 dmu_objset_rele_flags(os, B_TRUE, FTAG); 1901 return (SET_ERROR(EINVAL)); 1902 } 1903 error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value, 1904 sizeof (zc->zc_value)); 1905 dmu_objset_rele_flags(os, B_TRUE, FTAG); 1906 1907 return (error); 1908 } 1909 1910 static int 1911 zfs_ioc_vdev_add(zfs_cmd_t *zc) 1912 { 1913 spa_t *spa; 1914 int error; 1915 nvlist_t *config, **l2cache, **spares; 1916 uint_t nl2cache = 0, nspares = 0; 1917 1918 error = spa_open(zc->zc_name, &spa, FTAG); 1919 if (error != 0) 1920 return (error); 1921 1922 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1923 zc->zc_iflags, &config); 1924 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_L2CACHE, 1925 &l2cache, &nl2cache); 1926 1927 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_SPARES, 1928 &spares, &nspares); 1929 1930 /* 1931 * A root pool with concatenated devices is not supported. 1932 * Thus, can not add a device to a root pool. 1933 * 1934 * Intent log device can not be added to a rootpool because 1935 * during mountroot, zil is replayed, a seperated log device 1936 * can not be accessed during the mountroot time. 1937 * 1938 * l2cache and spare devices are ok to be added to a rootpool. 1939 */ 1940 if (spa_bootfs(spa) != 0 && nl2cache == 0 && nspares == 0) { 1941 nvlist_free(config); 1942 spa_close(spa, FTAG); 1943 return (SET_ERROR(EDOM)); 1944 } 1945 1946 if (error == 0) { 1947 error = spa_vdev_add(spa, config); 1948 nvlist_free(config); 1949 } 1950 spa_close(spa, FTAG); 1951 return (error); 1952 } 1953 1954 /* 1955 * inputs: 1956 * zc_name name of the pool 1957 * zc_guid guid of vdev to remove 1958 * zc_cookie cancel removal 1959 */ 1960 static int 1961 zfs_ioc_vdev_remove(zfs_cmd_t *zc) 1962 { 1963 spa_t *spa; 1964 int error; 1965 1966 error = spa_open(zc->zc_name, &spa, FTAG); 1967 if (error != 0) 1968 return (error); 1969 if (zc->zc_cookie != 0) { 1970 error = spa_vdev_remove_cancel(spa); 1971 } else { 1972 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE); 1973 } 1974 spa_close(spa, FTAG); 1975 return (error); 1976 } 1977 1978 static int 1979 zfs_ioc_vdev_set_state(zfs_cmd_t *zc) 1980 { 1981 spa_t *spa; 1982 int error; 1983 vdev_state_t newstate = VDEV_STATE_UNKNOWN; 1984 1985 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1986 return (error); 1987 switch (zc->zc_cookie) { 1988 case VDEV_STATE_ONLINE: 1989 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate); 1990 break; 1991 1992 case VDEV_STATE_OFFLINE: 1993 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj); 1994 break; 1995 1996 case VDEV_STATE_FAULTED: 1997 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED && 1998 zc->zc_obj != VDEV_AUX_EXTERNAL) 1999 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED; 2000 2001 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj); 2002 break; 2003 2004 case VDEV_STATE_DEGRADED: 2005 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED && 2006 zc->zc_obj != VDEV_AUX_EXTERNAL) 2007 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED; 2008 2009 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj); 2010 break; 2011 2012 default: 2013 error = SET_ERROR(EINVAL); 2014 } 2015 zc->zc_cookie = newstate; 2016 spa_close(spa, FTAG); 2017 return (error); 2018 } 2019 2020 static int 2021 zfs_ioc_vdev_attach(zfs_cmd_t *zc) 2022 { 2023 spa_t *spa; 2024 int replacing = zc->zc_cookie; 2025 nvlist_t *config; 2026 int error; 2027 2028 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 2029 return (error); 2030 2031 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 2032 zc->zc_iflags, &config)) == 0) { 2033 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing); 2034 nvlist_free(config); 2035 } 2036 2037 spa_close(spa, FTAG); 2038 return (error); 2039 } 2040 2041 static int 2042 zfs_ioc_vdev_detach(zfs_cmd_t *zc) 2043 { 2044 spa_t *spa; 2045 int error; 2046 2047 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 2048 return (error); 2049 2050 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE); 2051 2052 spa_close(spa, FTAG); 2053 return (error); 2054 } 2055 2056 static int 2057 zfs_ioc_vdev_split(zfs_cmd_t *zc) 2058 { 2059 spa_t *spa; 2060 nvlist_t *config, *props = NULL; 2061 int error; 2062 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT); 2063 2064 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 2065 return (error); 2066 2067 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 2068 zc->zc_iflags, &config)) { 2069 spa_close(spa, FTAG); 2070 return (error); 2071 } 2072 2073 if (zc->zc_nvlist_src_size != 0 && (error = 2074 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2075 zc->zc_iflags, &props))) { 2076 spa_close(spa, FTAG); 2077 nvlist_free(config); 2078 return (error); 2079 } 2080 2081 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp); 2082 2083 spa_close(spa, FTAG); 2084 2085 nvlist_free(config); 2086 nvlist_free(props); 2087 2088 return (error); 2089 } 2090 2091 static int 2092 zfs_ioc_vdev_setpath(zfs_cmd_t *zc) 2093 { 2094 spa_t *spa; 2095 char *path = zc->zc_value; 2096 uint64_t guid = zc->zc_guid; 2097 int error; 2098 2099 error = spa_open(zc->zc_name, &spa, FTAG); 2100 if (error != 0) 2101 return (error); 2102 2103 error = spa_vdev_setpath(spa, guid, path); 2104 spa_close(spa, FTAG); 2105 return (error); 2106 } 2107 2108 static int 2109 zfs_ioc_vdev_setfru(zfs_cmd_t *zc) 2110 { 2111 spa_t *spa; 2112 char *fru = zc->zc_value; 2113 uint64_t guid = zc->zc_guid; 2114 int error; 2115 2116 error = spa_open(zc->zc_name, &spa, FTAG); 2117 if (error != 0) 2118 return (error); 2119 2120 error = spa_vdev_setfru(spa, guid, fru); 2121 spa_close(spa, FTAG); 2122 return (error); 2123 } 2124 2125 static int 2126 zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os) 2127 { 2128 int error = 0; 2129 nvlist_t *nv; 2130 2131 dmu_objset_fast_stat(os, &zc->zc_objset_stats); 2132 2133 if (zc->zc_nvlist_dst != 0 && 2134 (error = dsl_prop_get_all(os, &nv)) == 0) { 2135 dmu_objset_stats(os, nv); 2136 /* 2137 * NB: zvol_get_stats() will read the objset contents, 2138 * which we aren't supposed to do with a 2139 * DS_MODE_USER hold, because it could be 2140 * inconsistent. So this is a bit of a workaround... 2141 * XXX reading with out owning 2142 */ 2143 if (!zc->zc_objset_stats.dds_inconsistent && 2144 dmu_objset_type(os) == DMU_OST_ZVOL) { 2145 error = zvol_get_stats(os, nv); 2146 if (error == EIO) 2147 return (error); 2148 VERIFY0(error); 2149 } 2150 error = put_nvlist(zc, nv); 2151 nvlist_free(nv); 2152 } 2153 2154 return (error); 2155 } 2156 2157 /* 2158 * inputs: 2159 * zc_name name of filesystem 2160 * zc_nvlist_dst_size size of buffer for property nvlist 2161 * 2162 * outputs: 2163 * zc_objset_stats stats 2164 * zc_nvlist_dst property nvlist 2165 * zc_nvlist_dst_size size of property nvlist 2166 */ 2167 static int 2168 zfs_ioc_objset_stats(zfs_cmd_t *zc) 2169 { 2170 objset_t *os; 2171 int error; 2172 2173 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 2174 if (error == 0) { 2175 error = zfs_ioc_objset_stats_impl(zc, os); 2176 dmu_objset_rele(os, FTAG); 2177 } 2178 2179 return (error); 2180 } 2181 2182 /* 2183 * inputs: 2184 * zc_name name of filesystem 2185 * zc_nvlist_dst_size size of buffer for property nvlist 2186 * 2187 * outputs: 2188 * zc_nvlist_dst received property nvlist 2189 * zc_nvlist_dst_size size of received property nvlist 2190 * 2191 * Gets received properties (distinct from local properties on or after 2192 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from 2193 * local property values. 2194 */ 2195 static int 2196 zfs_ioc_objset_recvd_props(zfs_cmd_t *zc) 2197 { 2198 int error = 0; 2199 nvlist_t *nv; 2200 2201 /* 2202 * Without this check, we would return local property values if the 2203 * caller has not already received properties on or after 2204 * SPA_VERSION_RECVD_PROPS. 2205 */ 2206 if (!dsl_prop_get_hasrecvd(zc->zc_name)) 2207 return (SET_ERROR(ENOTSUP)); 2208 2209 if (zc->zc_nvlist_dst != 0 && 2210 (error = dsl_prop_get_received(zc->zc_name, &nv)) == 0) { 2211 error = put_nvlist(zc, nv); 2212 nvlist_free(nv); 2213 } 2214 2215 return (error); 2216 } 2217 2218 static int 2219 nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop) 2220 { 2221 uint64_t value; 2222 int error; 2223 2224 /* 2225 * zfs_get_zplprop() will either find a value or give us 2226 * the default value (if there is one). 2227 */ 2228 if ((error = zfs_get_zplprop(os, prop, &value)) != 0) 2229 return (error); 2230 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0); 2231 return (0); 2232 } 2233 2234 /* 2235 * inputs: 2236 * zc_name name of filesystem 2237 * zc_nvlist_dst_size size of buffer for zpl property nvlist 2238 * 2239 * outputs: 2240 * zc_nvlist_dst zpl property nvlist 2241 * zc_nvlist_dst_size size of zpl property nvlist 2242 */ 2243 static int 2244 zfs_ioc_objset_zplprops(zfs_cmd_t *zc) 2245 { 2246 objset_t *os; 2247 int err; 2248 2249 /* XXX reading without owning */ 2250 if (err = dmu_objset_hold(zc->zc_name, FTAG, &os)) 2251 return (err); 2252 2253 dmu_objset_fast_stat(os, &zc->zc_objset_stats); 2254 2255 /* 2256 * NB: nvl_add_zplprop() will read the objset contents, 2257 * which we aren't supposed to do with a DS_MODE_USER 2258 * hold, because it could be inconsistent. 2259 */ 2260 if (zc->zc_nvlist_dst != 0 && 2261 !zc->zc_objset_stats.dds_inconsistent && 2262 dmu_objset_type(os) == DMU_OST_ZFS) { 2263 nvlist_t *nv; 2264 2265 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2266 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 && 2267 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 && 2268 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 && 2269 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0) 2270 err = put_nvlist(zc, nv); 2271 nvlist_free(nv); 2272 } else { 2273 err = SET_ERROR(ENOENT); 2274 } 2275 dmu_objset_rele(os, FTAG); 2276 return (err); 2277 } 2278 2279 static boolean_t 2280 dataset_name_hidden(const char *name) 2281 { 2282 /* 2283 * Skip over datasets that are not visible in this zone, 2284 * internal datasets (which have a $ in their name), and 2285 * temporary datasets (which have a % in their name). 2286 */ 2287 if (strchr(name, '$') != NULL) 2288 return (B_TRUE); 2289 if (strchr(name, '%') != NULL) 2290 return (B_TRUE); 2291 if (!INGLOBALZONE(curproc) && !zone_dataset_visible(name, NULL)) 2292 return (B_TRUE); 2293 return (B_FALSE); 2294 } 2295 2296 /* 2297 * inputs: 2298 * zc_name name of filesystem 2299 * zc_cookie zap cursor 2300 * zc_nvlist_dst_size size of buffer for property nvlist 2301 * 2302 * outputs: 2303 * zc_name name of next filesystem 2304 * zc_cookie zap cursor 2305 * zc_objset_stats stats 2306 * zc_nvlist_dst property nvlist 2307 * zc_nvlist_dst_size size of property nvlist 2308 */ 2309 static int 2310 zfs_ioc_dataset_list_next(zfs_cmd_t *zc) 2311 { 2312 objset_t *os; 2313 int error; 2314 char *p; 2315 size_t orig_len = strlen(zc->zc_name); 2316 2317 top: 2318 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os)) { 2319 if (error == ENOENT) 2320 error = SET_ERROR(ESRCH); 2321 return (error); 2322 } 2323 2324 p = strrchr(zc->zc_name, '/'); 2325 if (p == NULL || p[1] != '\0') 2326 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name)); 2327 p = zc->zc_name + strlen(zc->zc_name); 2328 2329 do { 2330 error = dmu_dir_list_next(os, 2331 sizeof (zc->zc_name) - (p - zc->zc_name), p, 2332 NULL, &zc->zc_cookie); 2333 if (error == ENOENT) 2334 error = SET_ERROR(ESRCH); 2335 } while (error == 0 && dataset_name_hidden(zc->zc_name)); 2336 dmu_objset_rele(os, FTAG); 2337 2338 /* 2339 * If it's an internal dataset (ie. with a '$' in its name), 2340 * don't try to get stats for it, otherwise we'll return ENOENT. 2341 */ 2342 if (error == 0 && strchr(zc->zc_name, '$') == NULL) { 2343 error = zfs_ioc_objset_stats(zc); /* fill in the stats */ 2344 if (error == ENOENT) { 2345 /* We lost a race with destroy, get the next one. */ 2346 zc->zc_name[orig_len] = '\0'; 2347 goto top; 2348 } 2349 } 2350 return (error); 2351 } 2352 2353 /* 2354 * inputs: 2355 * zc_name name of filesystem 2356 * zc_cookie zap cursor 2357 * zc_nvlist_dst_size size of buffer for property nvlist 2358 * zc_simple when set, only name is requested 2359 * 2360 * outputs: 2361 * zc_name name of next snapshot 2362 * zc_objset_stats stats 2363 * zc_nvlist_dst property nvlist 2364 * zc_nvlist_dst_size size of property nvlist 2365 */ 2366 static int 2367 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc) 2368 { 2369 objset_t *os; 2370 int error; 2371 2372 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 2373 if (error != 0) { 2374 return (error == ENOENT ? ESRCH : error); 2375 } 2376 2377 /* 2378 * A dataset name of maximum length cannot have any snapshots, 2379 * so exit immediately. 2380 */ 2381 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >= 2382 ZFS_MAX_DATASET_NAME_LEN) { 2383 dmu_objset_rele(os, FTAG); 2384 return (SET_ERROR(ESRCH)); 2385 } 2386 2387 error = dmu_snapshot_list_next(os, 2388 sizeof (zc->zc_name) - strlen(zc->zc_name), 2389 zc->zc_name + strlen(zc->zc_name), &zc->zc_obj, &zc->zc_cookie, 2390 NULL); 2391 2392 if (error == 0 && !zc->zc_simple) { 2393 dsl_dataset_t *ds; 2394 dsl_pool_t *dp = os->os_dsl_dataset->ds_dir->dd_pool; 2395 2396 error = dsl_dataset_hold_obj(dp, zc->zc_obj, FTAG, &ds); 2397 if (error == 0) { 2398 objset_t *ossnap; 2399 2400 error = dmu_objset_from_ds(ds, &ossnap); 2401 if (error == 0) 2402 error = zfs_ioc_objset_stats_impl(zc, ossnap); 2403 dsl_dataset_rele(ds, FTAG); 2404 } 2405 } else if (error == ENOENT) { 2406 error = SET_ERROR(ESRCH); 2407 } 2408 2409 dmu_objset_rele(os, FTAG); 2410 /* if we failed, undo the @ that we tacked on to zc_name */ 2411 if (error != 0) 2412 *strchr(zc->zc_name, '@') = '\0'; 2413 return (error); 2414 } 2415 2416 static int 2417 zfs_prop_set_userquota(const char *dsname, nvpair_t *pair) 2418 { 2419 const char *propname = nvpair_name(pair); 2420 uint64_t *valary; 2421 unsigned int vallen; 2422 const char *domain; 2423 char *dash; 2424 zfs_userquota_prop_t type; 2425 uint64_t rid; 2426 uint64_t quota; 2427 zfsvfs_t *zfsvfs; 2428 int err; 2429 2430 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2431 nvlist_t *attrs; 2432 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 2433 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2434 &pair) != 0) 2435 return (SET_ERROR(EINVAL)); 2436 } 2437 2438 /* 2439 * A correctly constructed propname is encoded as 2440 * userquota@<rid>-<domain>. 2441 */ 2442 if ((dash = strchr(propname, '-')) == NULL || 2443 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 || 2444 vallen != 3) 2445 return (SET_ERROR(EINVAL)); 2446 2447 domain = dash + 1; 2448 type = valary[0]; 2449 rid = valary[1]; 2450 quota = valary[2]; 2451 2452 err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE); 2453 if (err == 0) { 2454 err = zfs_set_userquota(zfsvfs, type, domain, rid, quota); 2455 zfsvfs_rele(zfsvfs, FTAG); 2456 } 2457 2458 return (err); 2459 } 2460 2461 /* 2462 * If the named property is one that has a special function to set its value, 2463 * return 0 on success and a positive error code on failure; otherwise if it is 2464 * not one of the special properties handled by this function, return -1. 2465 * 2466 * XXX: It would be better for callers of the property interface if we handled 2467 * these special cases in dsl_prop.c (in the dsl layer). 2468 */ 2469 static int 2470 zfs_prop_set_special(const char *dsname, zprop_source_t source, 2471 nvpair_t *pair) 2472 { 2473 const char *propname = nvpair_name(pair); 2474 zfs_prop_t prop = zfs_name_to_prop(propname); 2475 uint64_t intval = 0; 2476 char *strval = NULL; 2477 int err = -1; 2478 2479 if (prop == ZPROP_INVAL) { 2480 if (zfs_prop_userquota(propname)) 2481 return (zfs_prop_set_userquota(dsname, pair)); 2482 return (-1); 2483 } 2484 2485 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2486 nvlist_t *attrs; 2487 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 2488 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2489 &pair) == 0); 2490 } 2491 2492 /* all special properties are numeric except for keylocation */ 2493 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING) { 2494 strval = fnvpair_value_string(pair); 2495 } else { 2496 intval = fnvpair_value_uint64(pair); 2497 } 2498 2499 switch (prop) { 2500 case ZFS_PROP_QUOTA: 2501 err = dsl_dir_set_quota(dsname, source, intval); 2502 break; 2503 case ZFS_PROP_REFQUOTA: 2504 err = dsl_dataset_set_refquota(dsname, source, intval); 2505 break; 2506 case ZFS_PROP_FILESYSTEM_LIMIT: 2507 case ZFS_PROP_SNAPSHOT_LIMIT: 2508 if (intval == UINT64_MAX) { 2509 /* clearing the limit, just do it */ 2510 err = 0; 2511 } else { 2512 err = dsl_dir_activate_fs_ss_limit(dsname); 2513 } 2514 /* 2515 * Set err to -1 to force the zfs_set_prop_nvlist code down the 2516 * default path to set the value in the nvlist. 2517 */ 2518 if (err == 0) 2519 err = -1; 2520 break; 2521 case ZFS_PROP_KEYLOCATION: 2522 err = dsl_crypto_can_set_keylocation(dsname, strval); 2523 2524 /* 2525 * Set err to -1 to force the zfs_set_prop_nvlist code down the 2526 * default path to set the value in the nvlist. 2527 */ 2528 if (err == 0) 2529 err = -1; 2530 break; 2531 case ZFS_PROP_RESERVATION: 2532 err = dsl_dir_set_reservation(dsname, source, intval); 2533 break; 2534 case ZFS_PROP_REFRESERVATION: 2535 err = dsl_dataset_set_refreservation(dsname, source, intval); 2536 break; 2537 case ZFS_PROP_VOLSIZE: 2538 err = zvol_set_volsize(dsname, intval); 2539 break; 2540 case ZFS_PROP_VERSION: 2541 { 2542 zfsvfs_t *zfsvfs; 2543 2544 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0) 2545 break; 2546 2547 err = zfs_set_version(zfsvfs, intval); 2548 zfsvfs_rele(zfsvfs, FTAG); 2549 2550 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) { 2551 zfs_cmd_t *zc; 2552 2553 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP); 2554 (void) strcpy(zc->zc_name, dsname); 2555 (void) zfs_ioc_userspace_upgrade(zc); 2556 kmem_free(zc, sizeof (zfs_cmd_t)); 2557 } 2558 break; 2559 } 2560 default: 2561 err = -1; 2562 } 2563 2564 return (err); 2565 } 2566 2567 /* 2568 * This function is best effort. If it fails to set any of the given properties, 2569 * it continues to set as many as it can and returns the last error 2570 * encountered. If the caller provides a non-NULL errlist, it will be filled in 2571 * with the list of names of all the properties that failed along with the 2572 * corresponding error numbers. 2573 * 2574 * If every property is set successfully, zero is returned and errlist is not 2575 * modified. 2576 */ 2577 int 2578 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl, 2579 nvlist_t *errlist) 2580 { 2581 nvpair_t *pair; 2582 nvpair_t *propval; 2583 int rv = 0; 2584 uint64_t intval; 2585 char *strval; 2586 nvlist_t *genericnvl = fnvlist_alloc(); 2587 nvlist_t *retrynvl = fnvlist_alloc(); 2588 2589 retry: 2590 pair = NULL; 2591 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) { 2592 const char *propname = nvpair_name(pair); 2593 zfs_prop_t prop = zfs_name_to_prop(propname); 2594 int err = 0; 2595 2596 /* decode the property value */ 2597 propval = pair; 2598 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2599 nvlist_t *attrs; 2600 attrs = fnvpair_value_nvlist(pair); 2601 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2602 &propval) != 0) 2603 err = SET_ERROR(EINVAL); 2604 } 2605 2606 /* Validate value type */ 2607 if (err == 0 && source == ZPROP_SRC_INHERITED) { 2608 /* inherited properties are expected to be booleans */ 2609 if (nvpair_type(propval) != DATA_TYPE_BOOLEAN) 2610 err = SET_ERROR(EINVAL); 2611 } else if (err == 0 && prop == ZPROP_INVAL) { 2612 if (zfs_prop_user(propname)) { 2613 if (nvpair_type(propval) != DATA_TYPE_STRING) 2614 err = SET_ERROR(EINVAL); 2615 } else if (zfs_prop_userquota(propname)) { 2616 if (nvpair_type(propval) != 2617 DATA_TYPE_UINT64_ARRAY) 2618 err = SET_ERROR(EINVAL); 2619 } else { 2620 err = SET_ERROR(EINVAL); 2621 } 2622 } else if (err == 0) { 2623 if (nvpair_type(propval) == DATA_TYPE_STRING) { 2624 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING) 2625 err = SET_ERROR(EINVAL); 2626 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) { 2627 const char *unused; 2628 2629 intval = fnvpair_value_uint64(propval); 2630 2631 switch (zfs_prop_get_type(prop)) { 2632 case PROP_TYPE_NUMBER: 2633 break; 2634 case PROP_TYPE_STRING: 2635 err = SET_ERROR(EINVAL); 2636 break; 2637 case PROP_TYPE_INDEX: 2638 if (zfs_prop_index_to_string(prop, 2639 intval, &unused) != 0) 2640 err = SET_ERROR(EINVAL); 2641 break; 2642 default: 2643 cmn_err(CE_PANIC, 2644 "unknown property type"); 2645 } 2646 } else { 2647 err = SET_ERROR(EINVAL); 2648 } 2649 } 2650 2651 /* Validate permissions */ 2652 if (err == 0) 2653 err = zfs_check_settable(dsname, pair, CRED()); 2654 2655 if (err == 0) { 2656 if (source == ZPROP_SRC_INHERITED) 2657 err = -1; /* does not need special handling */ 2658 else 2659 err = zfs_prop_set_special(dsname, source, 2660 pair); 2661 if (err == -1) { 2662 /* 2663 * For better performance we build up a list of 2664 * properties to set in a single transaction. 2665 */ 2666 err = nvlist_add_nvpair(genericnvl, pair); 2667 } else if (err != 0 && nvl != retrynvl) { 2668 /* 2669 * This may be a spurious error caused by 2670 * receiving quota and reservation out of order. 2671 * Try again in a second pass. 2672 */ 2673 err = nvlist_add_nvpair(retrynvl, pair); 2674 } 2675 } 2676 2677 if (err != 0) { 2678 if (errlist != NULL) 2679 fnvlist_add_int32(errlist, propname, err); 2680 rv = err; 2681 } 2682 } 2683 2684 if (nvl != retrynvl && !nvlist_empty(retrynvl)) { 2685 nvl = retrynvl; 2686 goto retry; 2687 } 2688 2689 if (!nvlist_empty(genericnvl) && 2690 dsl_props_set(dsname, source, genericnvl) != 0) { 2691 /* 2692 * If this fails, we still want to set as many properties as we 2693 * can, so try setting them individually. 2694 */ 2695 pair = NULL; 2696 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) { 2697 const char *propname = nvpair_name(pair); 2698 int err = 0; 2699 2700 propval = pair; 2701 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2702 nvlist_t *attrs; 2703 attrs = fnvpair_value_nvlist(pair); 2704 propval = fnvlist_lookup_nvpair(attrs, 2705 ZPROP_VALUE); 2706 } 2707 2708 if (nvpair_type(propval) == DATA_TYPE_STRING) { 2709 strval = fnvpair_value_string(propval); 2710 err = dsl_prop_set_string(dsname, propname, 2711 source, strval); 2712 } else if (nvpair_type(propval) == DATA_TYPE_BOOLEAN) { 2713 err = dsl_prop_inherit(dsname, propname, 2714 source); 2715 } else { 2716 intval = fnvpair_value_uint64(propval); 2717 err = dsl_prop_set_int(dsname, propname, source, 2718 intval); 2719 } 2720 2721 if (err != 0) { 2722 if (errlist != NULL) { 2723 fnvlist_add_int32(errlist, propname, 2724 err); 2725 } 2726 rv = err; 2727 } 2728 } 2729 } 2730 nvlist_free(genericnvl); 2731 nvlist_free(retrynvl); 2732 2733 return (rv); 2734 } 2735 2736 /* 2737 * Check that all the properties are valid user properties. 2738 */ 2739 static int 2740 zfs_check_userprops(const char *fsname, nvlist_t *nvl) 2741 { 2742 nvpair_t *pair = NULL; 2743 int error = 0; 2744 2745 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) { 2746 const char *propname = nvpair_name(pair); 2747 2748 if (!zfs_prop_user(propname) || 2749 nvpair_type(pair) != DATA_TYPE_STRING) 2750 return (SET_ERROR(EINVAL)); 2751 2752 if (error = zfs_secpolicy_write_perms(fsname, 2753 ZFS_DELEG_PERM_USERPROP, CRED())) 2754 return (error); 2755 2756 if (strlen(propname) >= ZAP_MAXNAMELEN) 2757 return (SET_ERROR(ENAMETOOLONG)); 2758 2759 if (strlen(fnvpair_value_string(pair)) >= ZAP_MAXVALUELEN) 2760 return (E2BIG); 2761 } 2762 return (0); 2763 } 2764 2765 static void 2766 props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops) 2767 { 2768 nvpair_t *pair; 2769 2770 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2771 2772 pair = NULL; 2773 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) { 2774 if (nvlist_exists(skipped, nvpair_name(pair))) 2775 continue; 2776 2777 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0); 2778 } 2779 } 2780 2781 static int 2782 clear_received_props(const char *dsname, nvlist_t *props, 2783 nvlist_t *skipped) 2784 { 2785 int err = 0; 2786 nvlist_t *cleared_props = NULL; 2787 props_skip(props, skipped, &cleared_props); 2788 if (!nvlist_empty(cleared_props)) { 2789 /* 2790 * Acts on local properties until the dataset has received 2791 * properties at least once on or after SPA_VERSION_RECVD_PROPS. 2792 */ 2793 zprop_source_t flags = (ZPROP_SRC_NONE | 2794 (dsl_prop_get_hasrecvd(dsname) ? ZPROP_SRC_RECEIVED : 0)); 2795 err = zfs_set_prop_nvlist(dsname, flags, cleared_props, NULL); 2796 } 2797 nvlist_free(cleared_props); 2798 return (err); 2799 } 2800 2801 /* 2802 * inputs: 2803 * zc_name name of filesystem 2804 * zc_value name of property to set 2805 * zc_nvlist_src{_size} nvlist of properties to apply 2806 * zc_cookie received properties flag 2807 * 2808 * outputs: 2809 * zc_nvlist_dst{_size} error for each unapplied received property 2810 */ 2811 static int 2812 zfs_ioc_set_prop(zfs_cmd_t *zc) 2813 { 2814 nvlist_t *nvl; 2815 boolean_t received = zc->zc_cookie; 2816 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED : 2817 ZPROP_SRC_LOCAL); 2818 nvlist_t *errors; 2819 int error; 2820 2821 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2822 zc->zc_iflags, &nvl)) != 0) 2823 return (error); 2824 2825 if (received) { 2826 nvlist_t *origprops; 2827 2828 if (dsl_prop_get_received(zc->zc_name, &origprops) == 0) { 2829 (void) clear_received_props(zc->zc_name, 2830 origprops, nvl); 2831 nvlist_free(origprops); 2832 } 2833 2834 error = dsl_prop_set_hasrecvd(zc->zc_name); 2835 } 2836 2837 errors = fnvlist_alloc(); 2838 if (error == 0) 2839 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, errors); 2840 2841 if (zc->zc_nvlist_dst != 0 && errors != NULL) { 2842 (void) put_nvlist(zc, errors); 2843 } 2844 2845 nvlist_free(errors); 2846 nvlist_free(nvl); 2847 return (error); 2848 } 2849 2850 /* 2851 * inputs: 2852 * zc_name name of filesystem 2853 * zc_value name of property to inherit 2854 * zc_cookie revert to received value if TRUE 2855 * 2856 * outputs: none 2857 */ 2858 static int 2859 zfs_ioc_inherit_prop(zfs_cmd_t *zc) 2860 { 2861 const char *propname = zc->zc_value; 2862 zfs_prop_t prop = zfs_name_to_prop(propname); 2863 boolean_t received = zc->zc_cookie; 2864 zprop_source_t source = (received 2865 ? ZPROP_SRC_NONE /* revert to received value, if any */ 2866 : ZPROP_SRC_INHERITED); /* explicitly inherit */ 2867 2868 if (received) { 2869 nvlist_t *dummy; 2870 nvpair_t *pair; 2871 zprop_type_t type; 2872 int err; 2873 2874 /* 2875 * zfs_prop_set_special() expects properties in the form of an 2876 * nvpair with type info. 2877 */ 2878 if (prop == ZPROP_INVAL) { 2879 if (!zfs_prop_user(propname)) 2880 return (SET_ERROR(EINVAL)); 2881 2882 type = PROP_TYPE_STRING; 2883 } else if (prop == ZFS_PROP_VOLSIZE || 2884 prop == ZFS_PROP_VERSION) { 2885 return (SET_ERROR(EINVAL)); 2886 } else { 2887 type = zfs_prop_get_type(prop); 2888 } 2889 2890 VERIFY(nvlist_alloc(&dummy, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2891 2892 switch (type) { 2893 case PROP_TYPE_STRING: 2894 VERIFY(0 == nvlist_add_string(dummy, propname, "")); 2895 break; 2896 case PROP_TYPE_NUMBER: 2897 case PROP_TYPE_INDEX: 2898 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0)); 2899 break; 2900 default: 2901 nvlist_free(dummy); 2902 return (SET_ERROR(EINVAL)); 2903 } 2904 2905 pair = nvlist_next_nvpair(dummy, NULL); 2906 err = zfs_prop_set_special(zc->zc_name, source, pair); 2907 nvlist_free(dummy); 2908 if (err != -1) 2909 return (err); /* special property already handled */ 2910 } else { 2911 /* 2912 * Only check this in the non-received case. We want to allow 2913 * 'inherit -S' to revert non-inheritable properties like quota 2914 * and reservation to the received or default values even though 2915 * they are not considered inheritable. 2916 */ 2917 if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop)) 2918 return (SET_ERROR(EINVAL)); 2919 } 2920 2921 /* property name has been validated by zfs_secpolicy_inherit_prop() */ 2922 return (dsl_prop_inherit(zc->zc_name, zc->zc_value, source)); 2923 } 2924 2925 static int 2926 zfs_ioc_pool_set_props(zfs_cmd_t *zc) 2927 { 2928 nvlist_t *props; 2929 spa_t *spa; 2930 int error; 2931 nvpair_t *pair; 2932 2933 if (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2934 zc->zc_iflags, &props)) 2935 return (error); 2936 2937 /* 2938 * If the only property is the configfile, then just do a spa_lookup() 2939 * to handle the faulted case. 2940 */ 2941 pair = nvlist_next_nvpair(props, NULL); 2942 if (pair != NULL && strcmp(nvpair_name(pair), 2943 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 && 2944 nvlist_next_nvpair(props, pair) == NULL) { 2945 mutex_enter(&spa_namespace_lock); 2946 if ((spa = spa_lookup(zc->zc_name)) != NULL) { 2947 spa_configfile_set(spa, props, B_FALSE); 2948 spa_write_cachefile(spa, B_FALSE, B_TRUE); 2949 } 2950 mutex_exit(&spa_namespace_lock); 2951 if (spa != NULL) { 2952 nvlist_free(props); 2953 return (0); 2954 } 2955 } 2956 2957 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) { 2958 nvlist_free(props); 2959 return (error); 2960 } 2961 2962 error = spa_prop_set(spa, props); 2963 2964 nvlist_free(props); 2965 spa_close(spa, FTAG); 2966 2967 return (error); 2968 } 2969 2970 static int 2971 zfs_ioc_pool_get_props(zfs_cmd_t *zc) 2972 { 2973 spa_t *spa; 2974 int error; 2975 nvlist_t *nvp = NULL; 2976 2977 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) { 2978 /* 2979 * If the pool is faulted, there may be properties we can still 2980 * get (such as altroot and cachefile), so attempt to get them 2981 * anyway. 2982 */ 2983 mutex_enter(&spa_namespace_lock); 2984 if ((spa = spa_lookup(zc->zc_name)) != NULL) 2985 error = spa_prop_get(spa, &nvp); 2986 mutex_exit(&spa_namespace_lock); 2987 } else { 2988 error = spa_prop_get(spa, &nvp); 2989 spa_close(spa, FTAG); 2990 } 2991 2992 if (error == 0 && zc->zc_nvlist_dst != 0) 2993 error = put_nvlist(zc, nvp); 2994 else 2995 error = SET_ERROR(EFAULT); 2996 2997 nvlist_free(nvp); 2998 return (error); 2999 } 3000 3001 /* 3002 * inputs: 3003 * zc_name name of filesystem 3004 * zc_nvlist_src{_size} nvlist of delegated permissions 3005 * zc_perm_action allow/unallow flag 3006 * 3007 * outputs: none 3008 */ 3009 static int 3010 zfs_ioc_set_fsacl(zfs_cmd_t *zc) 3011 { 3012 int error; 3013 nvlist_t *fsaclnv = NULL; 3014 3015 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 3016 zc->zc_iflags, &fsaclnv)) != 0) 3017 return (error); 3018 3019 /* 3020 * Verify nvlist is constructed correctly 3021 */ 3022 if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) { 3023 nvlist_free(fsaclnv); 3024 return (SET_ERROR(EINVAL)); 3025 } 3026 3027 /* 3028 * If we don't have PRIV_SYS_MOUNT, then validate 3029 * that user is allowed to hand out each permission in 3030 * the nvlist(s) 3031 */ 3032 3033 error = secpolicy_zfs(CRED()); 3034 if (error != 0) { 3035 if (zc->zc_perm_action == B_FALSE) { 3036 error = dsl_deleg_can_allow(zc->zc_name, 3037 fsaclnv, CRED()); 3038 } else { 3039 error = dsl_deleg_can_unallow(zc->zc_name, 3040 fsaclnv, CRED()); 3041 } 3042 } 3043 3044 if (error == 0) 3045 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action); 3046 3047 nvlist_free(fsaclnv); 3048 return (error); 3049 } 3050 3051 /* 3052 * inputs: 3053 * zc_name name of filesystem 3054 * 3055 * outputs: 3056 * zc_nvlist_src{_size} nvlist of delegated permissions 3057 */ 3058 static int 3059 zfs_ioc_get_fsacl(zfs_cmd_t *zc) 3060 { 3061 nvlist_t *nvp; 3062 int error; 3063 3064 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) { 3065 error = put_nvlist(zc, nvp); 3066 nvlist_free(nvp); 3067 } 3068 3069 return (error); 3070 } 3071 3072 /* ARGSUSED */ 3073 static void 3074 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx) 3075 { 3076 zfs_creat_t *zct = arg; 3077 3078 zfs_create_fs(os, cr, zct->zct_zplprops, tx); 3079 } 3080 3081 #define ZFS_PROP_UNDEFINED ((uint64_t)-1) 3082 3083 /* 3084 * inputs: 3085 * os parent objset pointer (NULL if root fs) 3086 * fuids_ok fuids allowed in this version of the spa? 3087 * sa_ok SAs allowed in this version of the spa? 3088 * createprops list of properties requested by creator 3089 * 3090 * outputs: 3091 * zplprops values for the zplprops we attach to the master node object 3092 * is_ci true if requested file system will be purely case-insensitive 3093 * 3094 * Determine the settings for utf8only, normalization and 3095 * casesensitivity. Specific values may have been requested by the 3096 * creator and/or we can inherit values from the parent dataset. If 3097 * the file system is of too early a vintage, a creator can not 3098 * request settings for these properties, even if the requested 3099 * setting is the default value. We don't actually want to create dsl 3100 * properties for these, so remove them from the source nvlist after 3101 * processing. 3102 */ 3103 static int 3104 zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver, 3105 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops, 3106 nvlist_t *zplprops, boolean_t *is_ci) 3107 { 3108 uint64_t sense = ZFS_PROP_UNDEFINED; 3109 uint64_t norm = ZFS_PROP_UNDEFINED; 3110 uint64_t u8 = ZFS_PROP_UNDEFINED; 3111 3112 ASSERT(zplprops != NULL); 3113 3114 if (os != NULL && os->os_phys->os_type != DMU_OST_ZFS) 3115 return (SET_ERROR(EINVAL)); 3116 3117 /* 3118 * Pull out creator prop choices, if any. 3119 */ 3120 if (createprops) { 3121 (void) nvlist_lookup_uint64(createprops, 3122 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver); 3123 (void) nvlist_lookup_uint64(createprops, 3124 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm); 3125 (void) nvlist_remove_all(createprops, 3126 zfs_prop_to_name(ZFS_PROP_NORMALIZE)); 3127 (void) nvlist_lookup_uint64(createprops, 3128 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8); 3129 (void) nvlist_remove_all(createprops, 3130 zfs_prop_to_name(ZFS_PROP_UTF8ONLY)); 3131 (void) nvlist_lookup_uint64(createprops, 3132 zfs_prop_to_name(ZFS_PROP_CASE), &sense); 3133 (void) nvlist_remove_all(createprops, 3134 zfs_prop_to_name(ZFS_PROP_CASE)); 3135 } 3136 3137 /* 3138 * If the zpl version requested is whacky or the file system 3139 * or pool is version is too "young" to support normalization 3140 * and the creator tried to set a value for one of the props, 3141 * error out. 3142 */ 3143 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) || 3144 (zplver >= ZPL_VERSION_FUID && !fuids_ok) || 3145 (zplver >= ZPL_VERSION_SA && !sa_ok) || 3146 (zplver < ZPL_VERSION_NORMALIZATION && 3147 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED || 3148 sense != ZFS_PROP_UNDEFINED))) 3149 return (SET_ERROR(ENOTSUP)); 3150 3151 /* 3152 * Put the version in the zplprops 3153 */ 3154 VERIFY(nvlist_add_uint64(zplprops, 3155 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0); 3156 3157 if (norm == ZFS_PROP_UNDEFINED) 3158 VERIFY(zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm) == 0); 3159 VERIFY(nvlist_add_uint64(zplprops, 3160 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0); 3161 3162 /* 3163 * If we're normalizing, names must always be valid UTF-8 strings. 3164 */ 3165 if (norm) 3166 u8 = 1; 3167 if (u8 == ZFS_PROP_UNDEFINED) 3168 VERIFY(zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8) == 0); 3169 VERIFY(nvlist_add_uint64(zplprops, 3170 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0); 3171 3172 if (sense == ZFS_PROP_UNDEFINED) 3173 VERIFY(zfs_get_zplprop(os, ZFS_PROP_CASE, &sense) == 0); 3174 VERIFY(nvlist_add_uint64(zplprops, 3175 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0); 3176 3177 if (is_ci) 3178 *is_ci = (sense == ZFS_CASE_INSENSITIVE); 3179 3180 return (0); 3181 } 3182 3183 static int 3184 zfs_fill_zplprops(const char *dataset, nvlist_t *createprops, 3185 nvlist_t *zplprops, boolean_t *is_ci) 3186 { 3187 boolean_t fuids_ok, sa_ok; 3188 uint64_t zplver = ZPL_VERSION; 3189 objset_t *os = NULL; 3190 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 3191 char *cp; 3192 spa_t *spa; 3193 uint64_t spa_vers; 3194 int error; 3195 3196 (void) strlcpy(parentname, dataset, sizeof (parentname)); 3197 cp = strrchr(parentname, '/'); 3198 ASSERT(cp != NULL); 3199 cp[0] = '\0'; 3200 3201 if ((error = spa_open(dataset, &spa, FTAG)) != 0) 3202 return (error); 3203 3204 spa_vers = spa_version(spa); 3205 spa_close(spa, FTAG); 3206 3207 zplver = zfs_zpl_version_map(spa_vers); 3208 fuids_ok = (zplver >= ZPL_VERSION_FUID); 3209 sa_ok = (zplver >= ZPL_VERSION_SA); 3210 3211 /* 3212 * Open parent object set so we can inherit zplprop values. 3213 */ 3214 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0) 3215 return (error); 3216 3217 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops, 3218 zplprops, is_ci); 3219 dmu_objset_rele(os, FTAG); 3220 return (error); 3221 } 3222 3223 static int 3224 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops, 3225 nvlist_t *zplprops, boolean_t *is_ci) 3226 { 3227 boolean_t fuids_ok; 3228 boolean_t sa_ok; 3229 uint64_t zplver = ZPL_VERSION; 3230 int error; 3231 3232 zplver = zfs_zpl_version_map(spa_vers); 3233 fuids_ok = (zplver >= ZPL_VERSION_FUID); 3234 sa_ok = (zplver >= ZPL_VERSION_SA); 3235 3236 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok, 3237 createprops, zplprops, is_ci); 3238 return (error); 3239 } 3240 3241 /* 3242 * innvl: { 3243 * "type" -> dmu_objset_type_t (int32) 3244 * (optional) "props" -> { prop -> value } 3245 * (optional) "hidden_args" -> { "wkeydata" -> value } 3246 * raw uint8_t array of encryption wrapping key data (32 bytes) 3247 * } 3248 * 3249 * outnvl: propname -> error code (int32) 3250 */ 3251 static int 3252 zfs_ioc_create(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3253 { 3254 int error = 0; 3255 zfs_creat_t zct = { 0 }; 3256 nvlist_t *nvprops = NULL; 3257 nvlist_t *hidden_args = NULL; 3258 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx); 3259 int32_t type32; 3260 dmu_objset_type_t type; 3261 boolean_t is_insensitive = B_FALSE; 3262 dsl_crypto_params_t *dcp = NULL; 3263 3264 if (nvlist_lookup_int32(innvl, "type", &type32) != 0) 3265 return (SET_ERROR(EINVAL)); 3266 type = type32; 3267 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops); 3268 (void) nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args); 3269 3270 switch (type) { 3271 case DMU_OST_ZFS: 3272 cbfunc = zfs_create_cb; 3273 break; 3274 3275 case DMU_OST_ZVOL: 3276 cbfunc = zvol_create_cb; 3277 break; 3278 3279 default: 3280 cbfunc = NULL; 3281 break; 3282 } 3283 if (strchr(fsname, '@') || 3284 strchr(fsname, '%')) 3285 return (SET_ERROR(EINVAL)); 3286 3287 zct.zct_props = nvprops; 3288 3289 if (cbfunc == NULL) 3290 return (SET_ERROR(EINVAL)); 3291 3292 if (type == DMU_OST_ZVOL) { 3293 uint64_t volsize, volblocksize; 3294 3295 if (nvprops == NULL) 3296 return (SET_ERROR(EINVAL)); 3297 if (nvlist_lookup_uint64(nvprops, 3298 zfs_prop_to_name(ZFS_PROP_VOLSIZE), &volsize) != 0) 3299 return (SET_ERROR(EINVAL)); 3300 3301 if ((error = nvlist_lookup_uint64(nvprops, 3302 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE), 3303 &volblocksize)) != 0 && error != ENOENT) 3304 return (SET_ERROR(EINVAL)); 3305 3306 if (error != 0) 3307 volblocksize = zfs_prop_default_numeric( 3308 ZFS_PROP_VOLBLOCKSIZE); 3309 3310 if ((error = zvol_check_volblocksize( 3311 volblocksize)) != 0 || 3312 (error = zvol_check_volsize(volsize, 3313 volblocksize)) != 0) 3314 return (error); 3315 } else if (type == DMU_OST_ZFS) { 3316 int error; 3317 3318 /* 3319 * We have to have normalization and 3320 * case-folding flags correct when we do the 3321 * file system creation, so go figure them out 3322 * now. 3323 */ 3324 VERIFY(nvlist_alloc(&zct.zct_zplprops, 3325 NV_UNIQUE_NAME, KM_SLEEP) == 0); 3326 error = zfs_fill_zplprops(fsname, nvprops, 3327 zct.zct_zplprops, &is_insensitive); 3328 if (error != 0) { 3329 nvlist_free(zct.zct_zplprops); 3330 return (error); 3331 } 3332 } 3333 3334 error = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, nvprops, 3335 hidden_args, &dcp); 3336 if (error != 0) { 3337 nvlist_free(zct.zct_zplprops); 3338 return (error); 3339 } 3340 3341 error = dmu_objset_create(fsname, type, 3342 is_insensitive ? DS_FLAG_CI_DATASET : 0, dcp, cbfunc, &zct); 3343 3344 nvlist_free(zct.zct_zplprops); 3345 dsl_crypto_params_free(dcp, !!error); 3346 3347 /* 3348 * It would be nice to do this atomically. 3349 */ 3350 if (error == 0) { 3351 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL, 3352 nvprops, outnvl); 3353 if (error != 0) 3354 (void) dsl_destroy_head(fsname); 3355 } 3356 return (error); 3357 } 3358 3359 /* 3360 * innvl: { 3361 * "origin" -> name of origin snapshot 3362 * (optional) "props" -> { prop -> value } 3363 * (optional) "hidden_args" -> { "wkeydata" -> value } 3364 * raw uint8_t array of encryption wrapping key data (32 bytes) 3365 * } 3366 * 3367 * outnvl: propname -> error code (int32) 3368 */ 3369 static int 3370 zfs_ioc_clone(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3371 { 3372 int error = 0; 3373 nvlist_t *nvprops = NULL; 3374 char *origin_name; 3375 3376 if (nvlist_lookup_string(innvl, "origin", &origin_name) != 0) 3377 return (SET_ERROR(EINVAL)); 3378 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops); 3379 3380 if (strchr(fsname, '@') || 3381 strchr(fsname, '%')) 3382 return (SET_ERROR(EINVAL)); 3383 3384 if (dataset_namecheck(origin_name, NULL, NULL) != 0) 3385 return (SET_ERROR(EINVAL)); 3386 3387 error = dmu_objset_clone(fsname, origin_name); 3388 3389 /* 3390 * It would be nice to do this atomically. 3391 */ 3392 if (error == 0) { 3393 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL, 3394 nvprops, outnvl); 3395 if (error != 0) 3396 (void) dsl_destroy_head(fsname); 3397 } 3398 return (error); 3399 } 3400 3401 /* ARGSUSED */ 3402 static int 3403 zfs_ioc_remap(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3404 { 3405 if (strchr(fsname, '@') || 3406 strchr(fsname, '%')) 3407 return (SET_ERROR(EINVAL)); 3408 3409 return (dmu_objset_remap_indirects(fsname)); 3410 } 3411 3412 /* 3413 * innvl: { 3414 * "snaps" -> { snapshot1, snapshot2 } 3415 * (optional) "props" -> { prop -> value (string) } 3416 * } 3417 * 3418 * outnvl: snapshot -> error code (int32) 3419 */ 3420 static int 3421 zfs_ioc_snapshot(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3422 { 3423 nvlist_t *snaps; 3424 nvlist_t *props = NULL; 3425 int error, poollen; 3426 nvpair_t *pair; 3427 3428 (void) nvlist_lookup_nvlist(innvl, "props", &props); 3429 if ((error = zfs_check_userprops(poolname, props)) != 0) 3430 return (error); 3431 3432 if (!nvlist_empty(props) && 3433 zfs_earlier_version(poolname, SPA_VERSION_SNAP_PROPS)) 3434 return (SET_ERROR(ENOTSUP)); 3435 3436 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0) 3437 return (SET_ERROR(EINVAL)); 3438 poollen = strlen(poolname); 3439 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 3440 pair = nvlist_next_nvpair(snaps, pair)) { 3441 const char *name = nvpair_name(pair); 3442 const char *cp = strchr(name, '@'); 3443 3444 /* 3445 * The snap name must contain an @, and the part after it must 3446 * contain only valid characters. 3447 */ 3448 if (cp == NULL || 3449 zfs_component_namecheck(cp + 1, NULL, NULL) != 0) 3450 return (SET_ERROR(EINVAL)); 3451 3452 /* 3453 * The snap must be in the specified pool. 3454 */ 3455 if (strncmp(name, poolname, poollen) != 0 || 3456 (name[poollen] != '/' && name[poollen] != '@')) 3457 return (SET_ERROR(EXDEV)); 3458 3459 /* This must be the only snap of this fs. */ 3460 for (nvpair_t *pair2 = nvlist_next_nvpair(snaps, pair); 3461 pair2 != NULL; pair2 = nvlist_next_nvpair(snaps, pair2)) { 3462 if (strncmp(name, nvpair_name(pair2), cp - name + 1) 3463 == 0) { 3464 return (SET_ERROR(EXDEV)); 3465 } 3466 } 3467 } 3468 3469 error = dsl_dataset_snapshot(snaps, props, outnvl); 3470 return (error); 3471 } 3472 3473 /* 3474 * innvl: "message" -> string 3475 */ 3476 /* ARGSUSED */ 3477 static int 3478 zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl) 3479 { 3480 char *message; 3481 spa_t *spa; 3482 int error; 3483 char *poolname; 3484 3485 /* 3486 * The poolname in the ioctl is not set, we get it from the TSD, 3487 * which was set at the end of the last successful ioctl that allows 3488 * logging. The secpolicy func already checked that it is set. 3489 * Only one log ioctl is allowed after each successful ioctl, so 3490 * we clear the TSD here. 3491 */ 3492 poolname = tsd_get(zfs_allow_log_key); 3493 (void) tsd_set(zfs_allow_log_key, NULL); 3494 error = spa_open(poolname, &spa, FTAG); 3495 strfree(poolname); 3496 if (error != 0) 3497 return (error); 3498 3499 if (nvlist_lookup_string(innvl, "message", &message) != 0) { 3500 spa_close(spa, FTAG); 3501 return (SET_ERROR(EINVAL)); 3502 } 3503 3504 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) { 3505 spa_close(spa, FTAG); 3506 return (SET_ERROR(ENOTSUP)); 3507 } 3508 3509 error = spa_history_log(spa, message); 3510 spa_close(spa, FTAG); 3511 return (error); 3512 } 3513 3514 /* 3515 * The dp_config_rwlock must not be held when calling this, because the 3516 * unmount may need to write out data. 3517 * 3518 * This function is best-effort. Callers must deal gracefully if it 3519 * remains mounted (or is remounted after this call). 3520 * 3521 * Returns 0 if the argument is not a snapshot, or it is not currently a 3522 * filesystem, or we were able to unmount it. Returns error code otherwise. 3523 */ 3524 void 3525 zfs_unmount_snap(const char *snapname) 3526 { 3527 vfs_t *vfsp = NULL; 3528 zfsvfs_t *zfsvfs = NULL; 3529 3530 if (strchr(snapname, '@') == NULL) 3531 return; 3532 3533 int err = getzfsvfs(snapname, &zfsvfs); 3534 if (err != 0) { 3535 ASSERT3P(zfsvfs, ==, NULL); 3536 return; 3537 } 3538 vfsp = zfsvfs->z_vfs; 3539 3540 ASSERT(!dsl_pool_config_held(dmu_objset_pool(zfsvfs->z_os))); 3541 3542 err = vn_vfswlock(vfsp->vfs_vnodecovered); 3543 VFS_RELE(vfsp); 3544 if (err != 0) 3545 return; 3546 3547 /* 3548 * Always force the unmount for snapshots. 3549 */ 3550 (void) dounmount(vfsp, MS_FORCE, kcred); 3551 } 3552 3553 /* ARGSUSED */ 3554 static int 3555 zfs_unmount_snap_cb(const char *snapname, void *arg) 3556 { 3557 zfs_unmount_snap(snapname); 3558 return (0); 3559 } 3560 3561 /* 3562 * When a clone is destroyed, its origin may also need to be destroyed, 3563 * in which case it must be unmounted. This routine will do that unmount 3564 * if necessary. 3565 */ 3566 void 3567 zfs_destroy_unmount_origin(const char *fsname) 3568 { 3569 int error; 3570 objset_t *os; 3571 dsl_dataset_t *ds; 3572 3573 error = dmu_objset_hold(fsname, FTAG, &os); 3574 if (error != 0) 3575 return; 3576 ds = dmu_objset_ds(os); 3577 if (dsl_dir_is_clone(ds->ds_dir) && DS_IS_DEFER_DESTROY(ds->ds_prev)) { 3578 char originname[ZFS_MAX_DATASET_NAME_LEN]; 3579 dsl_dataset_name(ds->ds_prev, originname); 3580 dmu_objset_rele(os, FTAG); 3581 zfs_unmount_snap(originname); 3582 } else { 3583 dmu_objset_rele(os, FTAG); 3584 } 3585 } 3586 3587 /* 3588 * innvl: { 3589 * "snaps" -> { snapshot1, snapshot2 } 3590 * (optional boolean) "defer" 3591 * } 3592 * 3593 * outnvl: snapshot -> error code (int32) 3594 * 3595 */ 3596 /* ARGSUSED */ 3597 static int 3598 zfs_ioc_destroy_snaps(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3599 { 3600 nvlist_t *snaps; 3601 nvpair_t *pair; 3602 boolean_t defer; 3603 3604 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0) 3605 return (SET_ERROR(EINVAL)); 3606 defer = nvlist_exists(innvl, "defer"); 3607 3608 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 3609 pair = nvlist_next_nvpair(snaps, pair)) { 3610 zfs_unmount_snap(nvpair_name(pair)); 3611 } 3612 3613 return (dsl_destroy_snapshots_nvl(snaps, defer, outnvl)); 3614 } 3615 3616 /* 3617 * Create bookmarks. Bookmark names are of the form <fs>#<bmark>. 3618 * All bookmarks must be in the same pool. 3619 * 3620 * innvl: { 3621 * bookmark1 -> snapshot1, bookmark2 -> snapshot2 3622 * } 3623 * 3624 * outnvl: bookmark -> error code (int32) 3625 * 3626 */ 3627 /* ARGSUSED */ 3628 static int 3629 zfs_ioc_bookmark(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3630 { 3631 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL); 3632 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) { 3633 char *snap_name; 3634 3635 /* 3636 * Verify the snapshot argument. 3637 */ 3638 if (nvpair_value_string(pair, &snap_name) != 0) 3639 return (SET_ERROR(EINVAL)); 3640 3641 3642 /* Verify that the keys (bookmarks) are unique */ 3643 for (nvpair_t *pair2 = nvlist_next_nvpair(innvl, pair); 3644 pair2 != NULL; pair2 = nvlist_next_nvpair(innvl, pair2)) { 3645 if (strcmp(nvpair_name(pair), nvpair_name(pair2)) == 0) 3646 return (SET_ERROR(EINVAL)); 3647 } 3648 } 3649 3650 return (dsl_bookmark_create(innvl, outnvl)); 3651 } 3652 3653 /* 3654 * innvl: { 3655 * property 1, property 2, ... 3656 * } 3657 * 3658 * outnvl: { 3659 * bookmark name 1 -> { property 1, property 2, ... }, 3660 * bookmark name 2 -> { property 1, property 2, ... } 3661 * } 3662 * 3663 */ 3664 static int 3665 zfs_ioc_get_bookmarks(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3666 { 3667 return (dsl_get_bookmarks(fsname, innvl, outnvl)); 3668 } 3669 3670 /* 3671 * innvl: { 3672 * bookmark name 1, bookmark name 2 3673 * } 3674 * 3675 * outnvl: bookmark -> error code (int32) 3676 * 3677 */ 3678 static int 3679 zfs_ioc_destroy_bookmarks(const char *poolname, nvlist_t *innvl, 3680 nvlist_t *outnvl) 3681 { 3682 int error, poollen; 3683 3684 poollen = strlen(poolname); 3685 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL); 3686 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) { 3687 const char *name = nvpair_name(pair); 3688 const char *cp = strchr(name, '#'); 3689 3690 /* 3691 * The bookmark name must contain an #, and the part after it 3692 * must contain only valid characters. 3693 */ 3694 if (cp == NULL || 3695 zfs_component_namecheck(cp + 1, NULL, NULL) != 0) 3696 return (SET_ERROR(EINVAL)); 3697 3698 /* 3699 * The bookmark must be in the specified pool. 3700 */ 3701 if (strncmp(name, poolname, poollen) != 0 || 3702 (name[poollen] != '/' && name[poollen] != '#')) 3703 return (SET_ERROR(EXDEV)); 3704 } 3705 3706 error = dsl_bookmark_destroy(innvl, outnvl); 3707 return (error); 3708 } 3709 3710 static int 3711 zfs_ioc_channel_program(const char *poolname, nvlist_t *innvl, 3712 nvlist_t *outnvl) 3713 { 3714 char *program; 3715 uint64_t instrlimit, memlimit; 3716 boolean_t sync_flag; 3717 nvpair_t *nvarg = NULL; 3718 3719 if (0 != nvlist_lookup_string(innvl, ZCP_ARG_PROGRAM, &program)) { 3720 return (EINVAL); 3721 } 3722 if (0 != nvlist_lookup_boolean_value(innvl, ZCP_ARG_SYNC, &sync_flag)) { 3723 sync_flag = B_TRUE; 3724 } 3725 if (0 != nvlist_lookup_uint64(innvl, ZCP_ARG_INSTRLIMIT, &instrlimit)) { 3726 instrlimit = ZCP_DEFAULT_INSTRLIMIT; 3727 } 3728 if (0 != nvlist_lookup_uint64(innvl, ZCP_ARG_MEMLIMIT, &memlimit)) { 3729 memlimit = ZCP_DEFAULT_MEMLIMIT; 3730 } 3731 if (0 != nvlist_lookup_nvpair(innvl, ZCP_ARG_ARGLIST, &nvarg)) { 3732 return (EINVAL); 3733 } 3734 3735 if (instrlimit == 0 || instrlimit > zfs_lua_max_instrlimit) 3736 return (EINVAL); 3737 if (memlimit == 0 || memlimit > zfs_lua_max_memlimit) 3738 return (EINVAL); 3739 3740 return (zcp_eval(poolname, program, sync_flag, instrlimit, memlimit, 3741 nvarg, outnvl)); 3742 } 3743 3744 /* 3745 * innvl: unused 3746 * outnvl: empty 3747 */ 3748 /* ARGSUSED */ 3749 static int 3750 zfs_ioc_pool_checkpoint(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3751 { 3752 return (spa_checkpoint(poolname)); 3753 } 3754 3755 /* 3756 * innvl: unused 3757 * outnvl: empty 3758 */ 3759 /* ARGSUSED */ 3760 static int 3761 zfs_ioc_pool_discard_checkpoint(const char *poolname, nvlist_t *innvl, 3762 nvlist_t *outnvl) 3763 { 3764 return (spa_checkpoint_discard(poolname)); 3765 } 3766 3767 /* 3768 * inputs: 3769 * zc_name name of dataset to destroy 3770 * zc_defer_destroy mark for deferred destroy 3771 * 3772 * outputs: none 3773 */ 3774 static int 3775 zfs_ioc_destroy(zfs_cmd_t *zc) 3776 { 3777 objset_t *os; 3778 dmu_objset_type_t ost; 3779 int err; 3780 3781 err = dmu_objset_hold(zc->zc_name, FTAG, &os); 3782 if (err != 0) 3783 return (err); 3784 ost = dmu_objset_type(os); 3785 dmu_objset_rele(os, FTAG); 3786 3787 if (ost == DMU_OST_ZFS) 3788 zfs_unmount_snap(zc->zc_name); 3789 3790 if (strchr(zc->zc_name, '@')) { 3791 err = dsl_destroy_snapshot(zc->zc_name, zc->zc_defer_destroy); 3792 } else { 3793 err = dsl_destroy_head(zc->zc_name); 3794 if (err == EEXIST) { 3795 /* 3796 * It is possible that the given DS may have 3797 * hidden child (%recv) datasets - "leftovers" 3798 * resulting from the previously interrupted 3799 * 'zfs receive'. 3800 * 3801 * 6 extra bytes for /%recv 3802 */ 3803 char namebuf[ZFS_MAX_DATASET_NAME_LEN + 6]; 3804 3805 if (snprintf(namebuf, sizeof (namebuf), "%s/%s", 3806 zc->zc_name, recv_clone_name) >= 3807 sizeof (namebuf)) 3808 return (SET_ERROR(EINVAL)); 3809 3810 /* 3811 * Try to remove the hidden child (%recv) and after 3812 * that try to remove the target dataset. 3813 * If the hidden child (%recv) does not exist 3814 * the original error (EEXIST) will be returned 3815 */ 3816 err = dsl_destroy_head(namebuf); 3817 if (err == 0) 3818 err = dsl_destroy_head(zc->zc_name); 3819 else if (err == ENOENT) 3820 err = SET_ERROR(EEXIST); 3821 } 3822 } 3823 if (ost == DMU_OST_ZVOL && err == 0) 3824 (void) zvol_remove_minor(zc->zc_name); 3825 return (err); 3826 } 3827 3828 /* 3829 * innvl: { 3830 * vdevs: { 3831 * guid 1, guid 2, ... 3832 * }, 3833 * func: POOL_INITIALIZE_{CANCEL|DO|SUSPEND} 3834 * } 3835 * 3836 * outnvl: { 3837 * [func: EINVAL (if provided command type didn't make sense)], 3838 * [vdevs: { 3839 * guid1: errno, (see function body for possible errnos) 3840 * ... 3841 * }] 3842 * } 3843 * 3844 */ 3845 static int 3846 zfs_ioc_pool_initialize(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3847 { 3848 spa_t *spa; 3849 int error; 3850 3851 error = spa_open(poolname, &spa, FTAG); 3852 if (error != 0) 3853 return (error); 3854 3855 uint64_t cmd_type; 3856 if (nvlist_lookup_uint64(innvl, ZPOOL_INITIALIZE_COMMAND, 3857 &cmd_type) != 0) { 3858 spa_close(spa, FTAG); 3859 return (SET_ERROR(EINVAL)); 3860 } 3861 if (!(cmd_type == POOL_INITIALIZE_CANCEL || 3862 cmd_type == POOL_INITIALIZE_DO || 3863 cmd_type == POOL_INITIALIZE_SUSPEND)) { 3864 spa_close(spa, FTAG); 3865 return (SET_ERROR(EINVAL)); 3866 } 3867 3868 nvlist_t *vdev_guids; 3869 if (nvlist_lookup_nvlist(innvl, ZPOOL_INITIALIZE_VDEVS, 3870 &vdev_guids) != 0) { 3871 spa_close(spa, FTAG); 3872 return (SET_ERROR(EINVAL)); 3873 } 3874 3875 nvlist_t *vdev_errlist = fnvlist_alloc(); 3876 int total_errors = 0; 3877 3878 for (nvpair_t *pair = nvlist_next_nvpair(vdev_guids, NULL); 3879 pair != NULL; pair = nvlist_next_nvpair(vdev_guids, pair)) { 3880 uint64_t vdev_guid = fnvpair_value_uint64(pair); 3881 3882 error = spa_vdev_initialize(spa, vdev_guid, cmd_type); 3883 if (error != 0) { 3884 char guid_as_str[MAXNAMELEN]; 3885 3886 (void) snprintf(guid_as_str, sizeof (guid_as_str), 3887 "%llu", (unsigned long long)vdev_guid); 3888 fnvlist_add_int64(vdev_errlist, guid_as_str, error); 3889 total_errors++; 3890 } 3891 } 3892 if (fnvlist_size(vdev_errlist) > 0) { 3893 fnvlist_add_nvlist(outnvl, ZPOOL_INITIALIZE_VDEVS, 3894 vdev_errlist); 3895 } 3896 fnvlist_free(vdev_errlist); 3897 3898 spa_close(spa, FTAG); 3899 return (total_errors > 0 ? EINVAL : 0); 3900 } 3901 3902 /* 3903 * fsname is name of dataset to rollback (to most recent snapshot) 3904 * 3905 * innvl may contain name of expected target snapshot 3906 * 3907 * outnvl: "target" -> name of most recent snapshot 3908 * } 3909 */ 3910 /* ARGSUSED */ 3911 static int 3912 zfs_ioc_rollback(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3913 { 3914 zfsvfs_t *zfsvfs; 3915 char *target = NULL; 3916 int error; 3917 3918 (void) nvlist_lookup_string(innvl, "target", &target); 3919 if (target != NULL) { 3920 const char *cp = strchr(target, '@'); 3921 3922 /* 3923 * The snap name must contain an @, and the part after it must 3924 * contain only valid characters. 3925 */ 3926 if (cp == NULL || 3927 zfs_component_namecheck(cp + 1, NULL, NULL) != 0) 3928 return (SET_ERROR(EINVAL)); 3929 } 3930 3931 if (getzfsvfs(fsname, &zfsvfs) == 0) { 3932 dsl_dataset_t *ds; 3933 3934 ds = dmu_objset_ds(zfsvfs->z_os); 3935 error = zfs_suspend_fs(zfsvfs); 3936 if (error == 0) { 3937 int resume_err; 3938 3939 error = dsl_dataset_rollback(fsname, target, zfsvfs, 3940 outnvl); 3941 resume_err = zfs_resume_fs(zfsvfs, ds); 3942 error = error ? error : resume_err; 3943 } 3944 VFS_RELE(zfsvfs->z_vfs); 3945 } else { 3946 error = dsl_dataset_rollback(fsname, target, NULL, outnvl); 3947 } 3948 return (error); 3949 } 3950 3951 static int 3952 recursive_unmount(const char *fsname, void *arg) 3953 { 3954 const char *snapname = arg; 3955 char fullname[ZFS_MAX_DATASET_NAME_LEN]; 3956 3957 (void) snprintf(fullname, sizeof (fullname), "%s@%s", fsname, snapname); 3958 zfs_unmount_snap(fullname); 3959 3960 return (0); 3961 } 3962 3963 /* 3964 * inputs: 3965 * zc_name old name of dataset 3966 * zc_value new name of dataset 3967 * zc_cookie recursive flag (only valid for snapshots) 3968 * 3969 * outputs: none 3970 */ 3971 static int 3972 zfs_ioc_rename(zfs_cmd_t *zc) 3973 { 3974 objset_t *os; 3975 dmu_objset_type_t ost; 3976 boolean_t recursive = zc->zc_cookie & 1; 3977 char *at; 3978 int err; 3979 3980 /* "zfs rename" from and to ...%recv datasets should both fail */ 3981 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0'; 3982 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0'; 3983 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0 || 3984 dataset_namecheck(zc->zc_value, NULL, NULL) != 0 || 3985 strchr(zc->zc_name, '%') || strchr(zc->zc_value, '%')) 3986 return (SET_ERROR(EINVAL)); 3987 3988 err = dmu_objset_hold(zc->zc_name, FTAG, &os); 3989 if (err != 0) 3990 return (err); 3991 ost = dmu_objset_type(os); 3992 dmu_objset_rele(os, FTAG); 3993 3994 at = strchr(zc->zc_name, '@'); 3995 if (at != NULL) { 3996 /* snaps must be in same fs */ 3997 int error; 3998 3999 if (strncmp(zc->zc_name, zc->zc_value, at - zc->zc_name + 1)) 4000 return (SET_ERROR(EXDEV)); 4001 *at = '\0'; 4002 if (ost == DMU_OST_ZFS) { 4003 error = dmu_objset_find(zc->zc_name, 4004 recursive_unmount, at + 1, 4005 recursive ? DS_FIND_CHILDREN : 0); 4006 if (error != 0) { 4007 *at = '@'; 4008 return (error); 4009 } 4010 } 4011 error = dsl_dataset_rename_snapshot(zc->zc_name, 4012 at + 1, strchr(zc->zc_value, '@') + 1, recursive); 4013 *at = '@'; 4014 4015 return (error); 4016 } else { 4017 if (ost == DMU_OST_ZVOL) 4018 (void) zvol_remove_minor(zc->zc_name); 4019 return (dsl_dir_rename(zc->zc_name, zc->zc_value)); 4020 } 4021 } 4022 4023 static int 4024 zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr) 4025 { 4026 const char *propname = nvpair_name(pair); 4027 boolean_t issnap = (strchr(dsname, '@') != NULL); 4028 zfs_prop_t prop = zfs_name_to_prop(propname); 4029 uint64_t intval; 4030 int err; 4031 4032 if (prop == ZPROP_INVAL) { 4033 if (zfs_prop_user(propname)) { 4034 if (err = zfs_secpolicy_write_perms(dsname, 4035 ZFS_DELEG_PERM_USERPROP, cr)) 4036 return (err); 4037 return (0); 4038 } 4039 4040 if (!issnap && zfs_prop_userquota(propname)) { 4041 const char *perm = NULL; 4042 const char *uq_prefix = 4043 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA]; 4044 const char *gq_prefix = 4045 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA]; 4046 4047 if (strncmp(propname, uq_prefix, 4048 strlen(uq_prefix)) == 0) { 4049 perm = ZFS_DELEG_PERM_USERQUOTA; 4050 } else if (strncmp(propname, gq_prefix, 4051 strlen(gq_prefix)) == 0) { 4052 perm = ZFS_DELEG_PERM_GROUPQUOTA; 4053 } else { 4054 /* USERUSED and GROUPUSED are read-only */ 4055 return (SET_ERROR(EINVAL)); 4056 } 4057 4058 if (err = zfs_secpolicy_write_perms(dsname, perm, cr)) 4059 return (err); 4060 return (0); 4061 } 4062 4063 return (SET_ERROR(EINVAL)); 4064 } 4065 4066 if (issnap) 4067 return (SET_ERROR(EINVAL)); 4068 4069 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 4070 /* 4071 * dsl_prop_get_all_impl() returns properties in this 4072 * format. 4073 */ 4074 nvlist_t *attrs; 4075 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 4076 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 4077 &pair) == 0); 4078 } 4079 4080 /* 4081 * Check that this value is valid for this pool version 4082 */ 4083 switch (prop) { 4084 case ZFS_PROP_COMPRESSION: 4085 /* 4086 * If the user specified gzip compression, make sure 4087 * the SPA supports it. We ignore any errors here since 4088 * we'll catch them later. 4089 */ 4090 if (nvpair_value_uint64(pair, &intval) == 0) { 4091 if (intval >= ZIO_COMPRESS_GZIP_1 && 4092 intval <= ZIO_COMPRESS_GZIP_9 && 4093 zfs_earlier_version(dsname, 4094 SPA_VERSION_GZIP_COMPRESSION)) { 4095 return (SET_ERROR(ENOTSUP)); 4096 } 4097 4098 if (intval == ZIO_COMPRESS_ZLE && 4099 zfs_earlier_version(dsname, 4100 SPA_VERSION_ZLE_COMPRESSION)) 4101 return (SET_ERROR(ENOTSUP)); 4102 4103 if (intval == ZIO_COMPRESS_LZ4) { 4104 spa_t *spa; 4105 4106 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 4107 return (err); 4108 4109 if (!spa_feature_is_enabled(spa, 4110 SPA_FEATURE_LZ4_COMPRESS)) { 4111 spa_close(spa, FTAG); 4112 return (SET_ERROR(ENOTSUP)); 4113 } 4114 spa_close(spa, FTAG); 4115 } 4116 4117 /* 4118 * If this is a bootable dataset then 4119 * verify that the compression algorithm 4120 * is supported for booting. We must return 4121 * something other than ENOTSUP since it 4122 * implies a downrev pool version. 4123 */ 4124 if (zfs_is_bootfs(dsname) && 4125 !BOOTFS_COMPRESS_VALID(intval)) { 4126 return (SET_ERROR(ERANGE)); 4127 } 4128 } 4129 break; 4130 4131 case ZFS_PROP_COPIES: 4132 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS)) 4133 return (SET_ERROR(ENOTSUP)); 4134 break; 4135 4136 case ZFS_PROP_RECORDSIZE: 4137 /* Record sizes above 128k need the feature to be enabled */ 4138 if (nvpair_value_uint64(pair, &intval) == 0 && 4139 intval > SPA_OLD_MAXBLOCKSIZE) { 4140 spa_t *spa; 4141 4142 /* 4143 * We don't allow setting the property above 1MB, 4144 * unless the tunable has been changed. 4145 */ 4146 if (intval > zfs_max_recordsize || 4147 intval > SPA_MAXBLOCKSIZE) 4148 return (SET_ERROR(ERANGE)); 4149 4150 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 4151 return (err); 4152 4153 if (!spa_feature_is_enabled(spa, 4154 SPA_FEATURE_LARGE_BLOCKS)) { 4155 spa_close(spa, FTAG); 4156 return (SET_ERROR(ENOTSUP)); 4157 } 4158 spa_close(spa, FTAG); 4159 } 4160 break; 4161 4162 case ZFS_PROP_DNODESIZE: 4163 /* Dnode sizes above 512 need the feature to be enabled */ 4164 if (nvpair_value_uint64(pair, &intval) == 0 && 4165 intval != ZFS_DNSIZE_LEGACY) { 4166 spa_t *spa; 4167 4168 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 4169 return (err); 4170 4171 if (!spa_feature_is_enabled(spa, 4172 SPA_FEATURE_LARGE_DNODE)) { 4173 spa_close(spa, FTAG); 4174 return (SET_ERROR(ENOTSUP)); 4175 } 4176 spa_close(spa, FTAG); 4177 } 4178 break; 4179 4180 case ZFS_PROP_SPECIAL_SMALL_BLOCKS: 4181 /* 4182 * This property could require the allocation classes 4183 * feature to be active for setting, however we allow 4184 * it so that tests of settable properties succeed. 4185 * The CLI will issue a warning in this case. 4186 */ 4187 break; 4188 4189 case ZFS_PROP_SHARESMB: 4190 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID)) 4191 return (SET_ERROR(ENOTSUP)); 4192 break; 4193 4194 case ZFS_PROP_ACLINHERIT: 4195 if (nvpair_type(pair) == DATA_TYPE_UINT64 && 4196 nvpair_value_uint64(pair, &intval) == 0) { 4197 if (intval == ZFS_ACL_PASSTHROUGH_X && 4198 zfs_earlier_version(dsname, 4199 SPA_VERSION_PASSTHROUGH_X)) 4200 return (SET_ERROR(ENOTSUP)); 4201 } 4202 break; 4203 4204 case ZFS_PROP_CHECKSUM: 4205 case ZFS_PROP_DEDUP: 4206 { 4207 spa_feature_t feature; 4208 spa_t *spa; 4209 4210 /* dedup feature version checks */ 4211 if (prop == ZFS_PROP_DEDUP && 4212 zfs_earlier_version(dsname, SPA_VERSION_DEDUP)) 4213 return (SET_ERROR(ENOTSUP)); 4214 4215 if (nvpair_value_uint64(pair, &intval) != 0) 4216 return (SET_ERROR(EINVAL)); 4217 4218 /* check prop value is enabled in features */ 4219 feature = zio_checksum_to_feature(intval & ZIO_CHECKSUM_MASK); 4220 if (feature == SPA_FEATURE_NONE) 4221 break; 4222 4223 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 4224 return (err); 4225 4226 if (!spa_feature_is_enabled(spa, feature)) { 4227 spa_close(spa, FTAG); 4228 return (SET_ERROR(ENOTSUP)); 4229 } 4230 spa_close(spa, FTAG); 4231 break; 4232 } 4233 } 4234 4235 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED())); 4236 } 4237 4238 /* 4239 * Checks for a race condition to make sure we don't increment a feature flag 4240 * multiple times. 4241 */ 4242 static int 4243 zfs_prop_activate_feature_check(void *arg, dmu_tx_t *tx) 4244 { 4245 spa_t *spa = dmu_tx_pool(tx)->dp_spa; 4246 spa_feature_t *featurep = arg; 4247 4248 if (!spa_feature_is_active(spa, *featurep)) 4249 return (0); 4250 else 4251 return (SET_ERROR(EBUSY)); 4252 } 4253 4254 /* 4255 * The callback invoked on feature activation in the sync task caused by 4256 * zfs_prop_activate_feature. 4257 */ 4258 static void 4259 zfs_prop_activate_feature_sync(void *arg, dmu_tx_t *tx) 4260 { 4261 spa_t *spa = dmu_tx_pool(tx)->dp_spa; 4262 spa_feature_t *featurep = arg; 4263 4264 spa_feature_incr(spa, *featurep, tx); 4265 } 4266 4267 /* 4268 * Activates a feature on a pool in response to a property setting. This 4269 * creates a new sync task which modifies the pool to reflect the feature 4270 * as being active. 4271 */ 4272 static int 4273 zfs_prop_activate_feature(spa_t *spa, spa_feature_t feature) 4274 { 4275 int err; 4276 4277 /* EBUSY here indicates that the feature is already active */ 4278 err = dsl_sync_task(spa_name(spa), 4279 zfs_prop_activate_feature_check, zfs_prop_activate_feature_sync, 4280 &feature, 2, ZFS_SPACE_CHECK_RESERVED); 4281 4282 if (err != 0 && err != EBUSY) 4283 return (err); 4284 else 4285 return (0); 4286 } 4287 4288 /* 4289 * Removes properties from the given props list that fail permission checks 4290 * needed to clear them and to restore them in case of a receive error. For each 4291 * property, make sure we have both set and inherit permissions. 4292 * 4293 * Returns the first error encountered if any permission checks fail. If the 4294 * caller provides a non-NULL errlist, it also gives the complete list of names 4295 * of all the properties that failed a permission check along with the 4296 * corresponding error numbers. The caller is responsible for freeing the 4297 * returned errlist. 4298 * 4299 * If every property checks out successfully, zero is returned and the list 4300 * pointed at by errlist is NULL. 4301 */ 4302 static int 4303 zfs_check_clearable(char *dataset, nvlist_t *props, nvlist_t **errlist) 4304 { 4305 zfs_cmd_t *zc; 4306 nvpair_t *pair, *next_pair; 4307 nvlist_t *errors; 4308 int err, rv = 0; 4309 4310 if (props == NULL) 4311 return (0); 4312 4313 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0); 4314 4315 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP); 4316 (void) strcpy(zc->zc_name, dataset); 4317 pair = nvlist_next_nvpair(props, NULL); 4318 while (pair != NULL) { 4319 next_pair = nvlist_next_nvpair(props, pair); 4320 4321 (void) strcpy(zc->zc_value, nvpair_name(pair)); 4322 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 || 4323 (err = zfs_secpolicy_inherit_prop(zc, NULL, CRED())) != 0) { 4324 VERIFY(nvlist_remove_nvpair(props, pair) == 0); 4325 VERIFY(nvlist_add_int32(errors, 4326 zc->zc_value, err) == 0); 4327 } 4328 pair = next_pair; 4329 } 4330 kmem_free(zc, sizeof (zfs_cmd_t)); 4331 4332 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) { 4333 nvlist_free(errors); 4334 errors = NULL; 4335 } else { 4336 VERIFY(nvpair_value_int32(pair, &rv) == 0); 4337 } 4338 4339 if (errlist == NULL) 4340 nvlist_free(errors); 4341 else 4342 *errlist = errors; 4343 4344 return (rv); 4345 } 4346 4347 static boolean_t 4348 propval_equals(nvpair_t *p1, nvpair_t *p2) 4349 { 4350 if (nvpair_type(p1) == DATA_TYPE_NVLIST) { 4351 /* dsl_prop_get_all_impl() format */ 4352 nvlist_t *attrs; 4353 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0); 4354 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 4355 &p1) == 0); 4356 } 4357 4358 if (nvpair_type(p2) == DATA_TYPE_NVLIST) { 4359 nvlist_t *attrs; 4360 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0); 4361 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 4362 &p2) == 0); 4363 } 4364 4365 if (nvpair_type(p1) != nvpair_type(p2)) 4366 return (B_FALSE); 4367 4368 if (nvpair_type(p1) == DATA_TYPE_STRING) { 4369 char *valstr1, *valstr2; 4370 4371 VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0); 4372 VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0); 4373 return (strcmp(valstr1, valstr2) == 0); 4374 } else { 4375 uint64_t intval1, intval2; 4376 4377 VERIFY(nvpair_value_uint64(p1, &intval1) == 0); 4378 VERIFY(nvpair_value_uint64(p2, &intval2) == 0); 4379 return (intval1 == intval2); 4380 } 4381 } 4382 4383 /* 4384 * Remove properties from props if they are not going to change (as determined 4385 * by comparison with origprops). Remove them from origprops as well, since we 4386 * do not need to clear or restore properties that won't change. 4387 */ 4388 static void 4389 props_reduce(nvlist_t *props, nvlist_t *origprops) 4390 { 4391 nvpair_t *pair, *next_pair; 4392 4393 if (origprops == NULL) 4394 return; /* all props need to be received */ 4395 4396 pair = nvlist_next_nvpair(props, NULL); 4397 while (pair != NULL) { 4398 const char *propname = nvpair_name(pair); 4399 nvpair_t *match; 4400 4401 next_pair = nvlist_next_nvpair(props, pair); 4402 4403 if ((nvlist_lookup_nvpair(origprops, propname, 4404 &match) != 0) || !propval_equals(pair, match)) 4405 goto next; /* need to set received value */ 4406 4407 /* don't clear the existing received value */ 4408 (void) nvlist_remove_nvpair(origprops, match); 4409 /* don't bother receiving the property */ 4410 (void) nvlist_remove_nvpair(props, pair); 4411 next: 4412 pair = next_pair; 4413 } 4414 } 4415 4416 /* 4417 * Extract properties that cannot be set PRIOR to the receipt of a dataset. 4418 * For example, refquota cannot be set until after the receipt of a dataset, 4419 * because in replication streams, an older/earlier snapshot may exceed the 4420 * refquota. We want to receive the older/earlier snapshot, but setting 4421 * refquota pre-receipt will set the dsl's ACTUAL quota, which will prevent 4422 * the older/earlier snapshot from being received (with EDQUOT). 4423 * 4424 * The ZFS test "zfs_receive_011_pos" demonstrates such a scenario. 4425 * 4426 * libzfs will need to be judicious handling errors encountered by props 4427 * extracted by this function. 4428 */ 4429 static nvlist_t * 4430 extract_delay_props(nvlist_t *props) 4431 { 4432 nvlist_t *delayprops; 4433 nvpair_t *nvp, *tmp; 4434 static const zfs_prop_t delayable[] = { 4435 ZFS_PROP_REFQUOTA, 4436 ZFS_PROP_KEYLOCATION, 4437 0 4438 }; 4439 int i; 4440 4441 VERIFY(nvlist_alloc(&delayprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 4442 4443 for (nvp = nvlist_next_nvpair(props, NULL); nvp != NULL; 4444 nvp = nvlist_next_nvpair(props, nvp)) { 4445 /* 4446 * strcmp() is safe because zfs_prop_to_name() always returns 4447 * a bounded string. 4448 */ 4449 for (i = 0; delayable[i] != 0; i++) { 4450 if (strcmp(zfs_prop_to_name(delayable[i]), 4451 nvpair_name(nvp)) == 0) { 4452 break; 4453 } 4454 } 4455 if (delayable[i] != 0) { 4456 tmp = nvlist_prev_nvpair(props, nvp); 4457 VERIFY(nvlist_add_nvpair(delayprops, nvp) == 0); 4458 VERIFY(nvlist_remove_nvpair(props, nvp) == 0); 4459 nvp = tmp; 4460 } 4461 } 4462 4463 if (nvlist_empty(delayprops)) { 4464 nvlist_free(delayprops); 4465 delayprops = NULL; 4466 } 4467 return (delayprops); 4468 } 4469 4470 #ifdef DEBUG 4471 static boolean_t zfs_ioc_recv_inject_err; 4472 #endif 4473 4474 /* 4475 * nvlist 'errors' is always allocated. It will contain descriptions of 4476 * encountered errors, if any. It's the callers responsibility to free. 4477 */ 4478 static int 4479 zfs_ioc_recv_impl(char *tofs, char *tosnap, char *origin, nvlist_t *recvprops, 4480 nvlist_t *localprops, nvlist_t *hidden_args, boolean_t force, 4481 boolean_t resumable, int input_fd, dmu_replay_record_t *begin_record, 4482 int cleanup_fd, uint64_t *read_bytes, uint64_t *errflags, 4483 uint64_t *action_handle, nvlist_t **errors) 4484 { 4485 dmu_recv_cookie_t drc; 4486 int error = 0; 4487 int props_error = 0; 4488 offset_t off; 4489 nvlist_t *local_delayprops = NULL; 4490 nvlist_t *recv_delayprops = NULL; 4491 nvlist_t *origprops = NULL; /* existing properties */ 4492 nvlist_t *origrecvd = NULL; /* existing received properties */ 4493 boolean_t first_recvd_props = B_FALSE; 4494 file_t *input_fp; 4495 4496 *read_bytes = 0; 4497 *errflags = 0; 4498 *errors = fnvlist_alloc(); 4499 4500 input_fp = getf(input_fd); 4501 if (input_fp == NULL) 4502 return (SET_ERROR(EBADF)); 4503 4504 error = dmu_recv_begin(tofs, tosnap, begin_record, force, 4505 resumable, localprops, hidden_args, origin, &drc); 4506 if (error != 0) 4507 goto out; 4508 4509 /* 4510 * Set properties before we receive the stream so that they are applied 4511 * to the new data. Note that we must call dmu_recv_stream() if 4512 * dmu_recv_begin() succeeds. 4513 */ 4514 if (recvprops != NULL && !drc.drc_newfs) { 4515 if (spa_version(dsl_dataset_get_spa(drc.drc_ds)) >= 4516 SPA_VERSION_RECVD_PROPS && 4517 !dsl_prop_get_hasrecvd(tofs)) 4518 first_recvd_props = B_TRUE; 4519 4520 /* 4521 * If new received properties are supplied, they are to 4522 * completely replace the existing received properties, 4523 * so stash away the existing ones. 4524 */ 4525 if (dsl_prop_get_received(tofs, &origrecvd) == 0) { 4526 nvlist_t *errlist = NULL; 4527 /* 4528 * Don't bother writing a property if its value won't 4529 * change (and avoid the unnecessary security checks). 4530 * 4531 * The first receive after SPA_VERSION_RECVD_PROPS is a 4532 * special case where we blow away all local properties 4533 * regardless. 4534 */ 4535 if (!first_recvd_props) 4536 props_reduce(recvprops, origrecvd); 4537 if (zfs_check_clearable(tofs, origrecvd, &errlist) != 0) 4538 (void) nvlist_merge(*errors, errlist, 0); 4539 nvlist_free(errlist); 4540 4541 if (clear_received_props(tofs, origrecvd, 4542 first_recvd_props ? NULL : recvprops) != 0) 4543 *errflags |= ZPROP_ERR_NOCLEAR; 4544 } else { 4545 *errflags |= ZPROP_ERR_NOCLEAR; 4546 } 4547 } 4548 4549 /* 4550 * Stash away existing properties so we can restore them on error unless 4551 * we're doing the first receive after SPA_VERSION_RECVD_PROPS, in which 4552 * case "origrecvd" will take care of that. 4553 */ 4554 if (localprops != NULL && !drc.drc_newfs && !first_recvd_props) { 4555 objset_t *os; 4556 if (dmu_objset_hold(tofs, FTAG, &os) == 0) { 4557 if (dsl_prop_get_all(os, &origprops) != 0) { 4558 *errflags |= ZPROP_ERR_NOCLEAR; 4559 } 4560 dmu_objset_rele(os, FTAG); 4561 } else { 4562 *errflags |= ZPROP_ERR_NOCLEAR; 4563 } 4564 } 4565 4566 if (recvprops != NULL) { 4567 props_error = dsl_prop_set_hasrecvd(tofs); 4568 4569 if (props_error == 0) { 4570 recv_delayprops = extract_delay_props(recvprops); 4571 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED, 4572 recvprops, *errors); 4573 } 4574 } 4575 4576 if (localprops != NULL) { 4577 nvlist_t *oprops = fnvlist_alloc(); 4578 nvlist_t *xprops = fnvlist_alloc(); 4579 nvpair_t *nvp = NULL; 4580 4581 while ((nvp = nvlist_next_nvpair(localprops, nvp)) != NULL) { 4582 if (nvpair_type(nvp) == DATA_TYPE_BOOLEAN) { 4583 /* -x property */ 4584 const char *name = nvpair_name(nvp); 4585 zfs_prop_t prop = zfs_name_to_prop(name); 4586 if (prop != ZPROP_INVAL) { 4587 if (!zfs_prop_inheritable(prop)) 4588 continue; 4589 } else if (!zfs_prop_user(name)) 4590 continue; 4591 fnvlist_add_boolean(xprops, name); 4592 } else { 4593 /* -o property=value */ 4594 fnvlist_add_nvpair(oprops, nvp); 4595 } 4596 } 4597 4598 local_delayprops = extract_delay_props(oprops); 4599 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL, 4600 oprops, *errors); 4601 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED, 4602 xprops, *errors); 4603 4604 nvlist_free(oprops); 4605 nvlist_free(xprops); 4606 } 4607 4608 off = input_fp->f_offset; 4609 error = dmu_recv_stream(&drc, input_fp->f_vnode, &off, cleanup_fd, 4610 action_handle); 4611 4612 if (error == 0) { 4613 zfsvfs_t *zfsvfs = NULL; 4614 4615 if (getzfsvfs(tofs, &zfsvfs) == 0) { 4616 /* online recv */ 4617 dsl_dataset_t *ds; 4618 int end_err; 4619 4620 ds = dmu_objset_ds(zfsvfs->z_os); 4621 error = zfs_suspend_fs(zfsvfs); 4622 /* 4623 * If the suspend fails, then the recv_end will 4624 * likely also fail, and clean up after itself. 4625 */ 4626 end_err = dmu_recv_end(&drc, zfsvfs); 4627 if (error == 0) 4628 error = zfs_resume_fs(zfsvfs, ds); 4629 error = error ? error : end_err; 4630 VFS_RELE(zfsvfs->z_vfs); 4631 } else { 4632 error = dmu_recv_end(&drc, NULL); 4633 } 4634 4635 /* Set delayed properties now, after we're done receiving. */ 4636 if (recv_delayprops != NULL && error == 0) { 4637 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED, 4638 recv_delayprops, *errors); 4639 } 4640 if (local_delayprops != NULL && error == 0) { 4641 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL, 4642 local_delayprops, *errors); 4643 } 4644 } 4645 4646 /* 4647 * Merge delayed props back in with initial props, in case 4648 * we're DEBUG and zfs_ioc_recv_inject_err is set (which means 4649 * we have to make sure clear_received_props() includes 4650 * the delayed properties). 4651 * 4652 * Since zfs_ioc_recv_inject_err is only in DEBUG kernels, 4653 * using ASSERT() will be just like a VERIFY. 4654 */ 4655 if (recv_delayprops != NULL) { 4656 ASSERT(nvlist_merge(recvprops, recv_delayprops, 0) == 0); 4657 nvlist_free(recv_delayprops); 4658 } 4659 if (local_delayprops != NULL) { 4660 ASSERT(nvlist_merge(localprops, local_delayprops, 0) == 0); 4661 nvlist_free(local_delayprops); 4662 } 4663 4664 *read_bytes = off - input_fp->f_offset; 4665 if (VOP_SEEK(input_fp->f_vnode, input_fp->f_offset, &off, NULL) == 0) 4666 input_fp->f_offset = off; 4667 4668 #ifdef DEBUG 4669 if (zfs_ioc_recv_inject_err) { 4670 zfs_ioc_recv_inject_err = B_FALSE; 4671 error = 1; 4672 } 4673 #endif 4674 4675 /* 4676 * On error, restore the original props. 4677 */ 4678 if (error != 0 && recvprops != NULL && !drc.drc_newfs) { 4679 if (clear_received_props(tofs, recvprops, NULL) != 0) { 4680 /* 4681 * We failed to clear the received properties. 4682 * Since we may have left a $recvd value on the 4683 * system, we can't clear the $hasrecvd flag. 4684 */ 4685 *errflags |= ZPROP_ERR_NORESTORE; 4686 } else if (first_recvd_props) { 4687 dsl_prop_unset_hasrecvd(tofs); 4688 } 4689 4690 if (origrecvd == NULL && !drc.drc_newfs) { 4691 /* We failed to stash the original properties. */ 4692 *errflags |= ZPROP_ERR_NORESTORE; 4693 } 4694 4695 /* 4696 * dsl_props_set() will not convert RECEIVED to LOCAL on or 4697 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL 4698 * explicitly if we're restoring local properties cleared in the 4699 * first new-style receive. 4700 */ 4701 if (origrecvd != NULL && 4702 zfs_set_prop_nvlist(tofs, (first_recvd_props ? 4703 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED), 4704 origrecvd, NULL) != 0) { 4705 /* 4706 * We stashed the original properties but failed to 4707 * restore them. 4708 */ 4709 *errflags |= ZPROP_ERR_NORESTORE; 4710 } 4711 } 4712 if (error != 0 && localprops != NULL && !drc.drc_newfs && 4713 !first_recvd_props) { 4714 nvlist_t *setprops; 4715 nvlist_t *inheritprops; 4716 nvpair_t *nvp; 4717 4718 if (origprops == NULL) { 4719 /* We failed to stash the original properties. */ 4720 *errflags |= ZPROP_ERR_NORESTORE; 4721 goto out; 4722 } 4723 4724 /* Restore original props */ 4725 setprops = fnvlist_alloc(); 4726 inheritprops = fnvlist_alloc(); 4727 nvp = NULL; 4728 while ((nvp = nvlist_next_nvpair(localprops, nvp)) != NULL) { 4729 const char *name = nvpair_name(nvp); 4730 const char *source; 4731 nvlist_t *attrs; 4732 4733 if (!nvlist_exists(origprops, name)) { 4734 /* 4735 * Property was not present or was explicitly 4736 * inherited before the receive, restore this. 4737 */ 4738 fnvlist_add_boolean(inheritprops, name); 4739 continue; 4740 } 4741 attrs = fnvlist_lookup_nvlist(origprops, name); 4742 source = fnvlist_lookup_string(attrs, ZPROP_SOURCE); 4743 4744 /* Skip received properties */ 4745 if (strcmp(source, ZPROP_SOURCE_VAL_RECVD) == 0) 4746 continue; 4747 4748 if (strcmp(source, tofs) == 0) { 4749 /* Property was locally set */ 4750 fnvlist_add_nvlist(setprops, name, attrs); 4751 } else { 4752 /* Property was implicitly inherited */ 4753 fnvlist_add_boolean(inheritprops, name); 4754 } 4755 } 4756 4757 if (zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL, setprops, 4758 NULL) != 0) 4759 *errflags |= ZPROP_ERR_NORESTORE; 4760 if (zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED, inheritprops, 4761 NULL) != 0) 4762 *errflags |= ZPROP_ERR_NORESTORE; 4763 4764 nvlist_free(setprops); 4765 nvlist_free(inheritprops); 4766 } 4767 out: 4768 releasef(input_fd); 4769 nvlist_free(origrecvd); 4770 nvlist_free(origprops); 4771 4772 if (error == 0) 4773 error = props_error; 4774 4775 return (error); 4776 } 4777 4778 /* 4779 * inputs: 4780 * zc_name name of containing filesystem 4781 * zc_nvlist_src{_size} nvlist of received properties to apply 4782 * zc_nvlist_conf{_size} nvlist of local properties to apply 4783 * zc_history_offset{_len} nvlist of hidden args { "wkeydata" -> value } 4784 * zc_value name of snapshot to create 4785 * zc_string name of clone origin (if DRR_FLAG_CLONE) 4786 * zc_cookie file descriptor to recv from 4787 * zc_begin_record the BEGIN record of the stream (not byteswapped) 4788 * zc_guid force flag 4789 * zc_cleanup_fd cleanup-on-exit file descriptor 4790 * zc_action_handle handle for this guid/ds mapping (or zero on first call) 4791 * zc_resumable if data is incomplete assume sender will resume 4792 * 4793 * outputs: 4794 * zc_cookie number of bytes read 4795 * zc_nvlist_dst{_size} error for each unapplied received property 4796 * zc_obj zprop_errflags_t 4797 * zc_action_handle handle for this guid/ds mapping 4798 */ 4799 static int 4800 zfs_ioc_recv(zfs_cmd_t *zc) 4801 { 4802 dmu_replay_record_t begin_record; 4803 nvlist_t *errors = NULL; 4804 nvlist_t *recvdprops = NULL; 4805 nvlist_t *localprops = NULL; 4806 nvlist_t *hidden_args = NULL; 4807 char *origin = NULL; 4808 char *tosnap; 4809 char tofs[ZFS_MAX_DATASET_NAME_LEN]; 4810 int error = 0; 4811 4812 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 || 4813 strchr(zc->zc_value, '@') == NULL || 4814 strchr(zc->zc_value, '%')) 4815 return (SET_ERROR(EINVAL)); 4816 4817 (void) strlcpy(tofs, zc->zc_value, sizeof (tofs)); 4818 tosnap = strchr(tofs, '@'); 4819 *tosnap++ = '\0'; 4820 4821 if (zc->zc_nvlist_src != 0 && 4822 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 4823 zc->zc_iflags, &recvdprops)) != 0) 4824 return (error); 4825 4826 if (zc->zc_nvlist_conf != 0 && 4827 (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 4828 zc->zc_iflags, &localprops)) != 0) 4829 return (error); 4830 4831 if (zc->zc_history_offset != 0 && 4832 (error = get_nvlist(zc->zc_history_offset, zc->zc_history_len, 4833 zc->zc_iflags, &hidden_args)) != 0) 4834 return (error); 4835 4836 if (zc->zc_string[0]) 4837 origin = zc->zc_string; 4838 4839 begin_record.drr_type = DRR_BEGIN; 4840 begin_record.drr_payloadlen = zc->zc_begin_record.drr_payloadlen; 4841 begin_record.drr_u.drr_begin = zc->zc_begin_record.drr_u.drr_begin; 4842 4843 error = zfs_ioc_recv_impl(tofs, tosnap, origin, recvdprops, localprops, 4844 hidden_args, zc->zc_guid, zc->zc_resumable, zc->zc_cookie, 4845 &begin_record, zc->zc_cleanup_fd, &zc->zc_cookie, &zc->zc_obj, 4846 &zc->zc_action_handle, &errors); 4847 nvlist_free(recvdprops); 4848 nvlist_free(localprops); 4849 4850 /* 4851 * Now that all props, initial and delayed, are set, report the prop 4852 * errors to the caller. 4853 */ 4854 if (zc->zc_nvlist_dst_size != 0 && errors != NULL && 4855 (nvlist_smush(errors, zc->zc_nvlist_dst_size) != 0 || 4856 put_nvlist(zc, errors) != 0)) { 4857 /* 4858 * Caller made zc->zc_nvlist_dst less than the minimum expected 4859 * size or supplied an invalid address. 4860 */ 4861 error = SET_ERROR(EINVAL); 4862 } 4863 4864 nvlist_free(errors); 4865 4866 return (error); 4867 } 4868 4869 /* 4870 * inputs: 4871 * zc_name name of snapshot to send 4872 * zc_cookie file descriptor to send stream to 4873 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj) 4874 * zc_sendobj objsetid of snapshot to send 4875 * zc_fromobj objsetid of incremental fromsnap (may be zero) 4876 * zc_guid if set, estimate size of stream only. zc_cookie is ignored. 4877 * output size in zc_objset_type. 4878 * zc_flags lzc_send_flags 4879 * 4880 * outputs: 4881 * zc_objset_type estimated size, if zc_guid is set 4882 */ 4883 static int 4884 zfs_ioc_send(zfs_cmd_t *zc) 4885 { 4886 int error; 4887 offset_t off; 4888 boolean_t estimate = (zc->zc_guid != 0); 4889 boolean_t embedok = (zc->zc_flags & 0x1); 4890 boolean_t large_block_ok = (zc->zc_flags & 0x2); 4891 boolean_t compressok = (zc->zc_flags & 0x4); 4892 boolean_t rawok = (zc->zc_flags & 0x8); 4893 4894 if (zc->zc_obj != 0) { 4895 dsl_pool_t *dp; 4896 dsl_dataset_t *tosnap; 4897 4898 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 4899 if (error != 0) 4900 return (error); 4901 4902 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &tosnap); 4903 if (error != 0) { 4904 dsl_pool_rele(dp, FTAG); 4905 return (error); 4906 } 4907 4908 if (dsl_dir_is_clone(tosnap->ds_dir)) 4909 zc->zc_fromobj = 4910 dsl_dir_phys(tosnap->ds_dir)->dd_origin_obj; 4911 dsl_dataset_rele(tosnap, FTAG); 4912 dsl_pool_rele(dp, FTAG); 4913 } 4914 4915 if (estimate) { 4916 dsl_pool_t *dp; 4917 dsl_dataset_t *tosnap; 4918 dsl_dataset_t *fromsnap = NULL; 4919 4920 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 4921 if (error != 0) 4922 return (error); 4923 4924 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, 4925 FTAG, &tosnap); 4926 if (error != 0) { 4927 dsl_pool_rele(dp, FTAG); 4928 return (error); 4929 } 4930 4931 if (zc->zc_fromobj != 0) { 4932 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj, 4933 FTAG, &fromsnap); 4934 if (error != 0) { 4935 dsl_dataset_rele(tosnap, FTAG); 4936 dsl_pool_rele(dp, FTAG); 4937 return (error); 4938 } 4939 } 4940 4941 error = dmu_send_estimate(tosnap, fromsnap, compressok || rawok, 4942 &zc->zc_objset_type); 4943 4944 if (fromsnap != NULL) 4945 dsl_dataset_rele(fromsnap, FTAG); 4946 dsl_dataset_rele(tosnap, FTAG); 4947 dsl_pool_rele(dp, FTAG); 4948 } else { 4949 file_t *fp = getf(zc->zc_cookie); 4950 if (fp == NULL) 4951 return (SET_ERROR(EBADF)); 4952 4953 off = fp->f_offset; 4954 error = dmu_send_obj(zc->zc_name, zc->zc_sendobj, 4955 zc->zc_fromobj, embedok, large_block_ok, compressok, rawok, 4956 zc->zc_cookie, fp->f_vnode, &off); 4957 4958 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0) 4959 fp->f_offset = off; 4960 releasef(zc->zc_cookie); 4961 } 4962 return (error); 4963 } 4964 4965 /* 4966 * inputs: 4967 * zc_name name of snapshot on which to report progress 4968 * zc_cookie file descriptor of send stream 4969 * 4970 * outputs: 4971 * zc_cookie number of bytes written in send stream thus far 4972 */ 4973 static int 4974 zfs_ioc_send_progress(zfs_cmd_t *zc) 4975 { 4976 dsl_pool_t *dp; 4977 dsl_dataset_t *ds; 4978 dmu_sendarg_t *dsp = NULL; 4979 int error; 4980 4981 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 4982 if (error != 0) 4983 return (error); 4984 4985 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds); 4986 if (error != 0) { 4987 dsl_pool_rele(dp, FTAG); 4988 return (error); 4989 } 4990 4991 mutex_enter(&ds->ds_sendstream_lock); 4992 4993 /* 4994 * Iterate over all the send streams currently active on this dataset. 4995 * If there's one which matches the specified file descriptor _and_ the 4996 * stream was started by the current process, return the progress of 4997 * that stream. 4998 */ 4999 for (dsp = list_head(&ds->ds_sendstreams); dsp != NULL; 5000 dsp = list_next(&ds->ds_sendstreams, dsp)) { 5001 if (dsp->dsa_outfd == zc->zc_cookie && 5002 dsp->dsa_proc == curproc) 5003 break; 5004 } 5005 5006 if (dsp != NULL) 5007 zc->zc_cookie = *(dsp->dsa_off); 5008 else 5009 error = SET_ERROR(ENOENT); 5010 5011 mutex_exit(&ds->ds_sendstream_lock); 5012 dsl_dataset_rele(ds, FTAG); 5013 dsl_pool_rele(dp, FTAG); 5014 return (error); 5015 } 5016 5017 static int 5018 zfs_ioc_inject_fault(zfs_cmd_t *zc) 5019 { 5020 int id, error; 5021 5022 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id, 5023 &zc->zc_inject_record); 5024 5025 if (error == 0) 5026 zc->zc_guid = (uint64_t)id; 5027 5028 return (error); 5029 } 5030 5031 static int 5032 zfs_ioc_clear_fault(zfs_cmd_t *zc) 5033 { 5034 return (zio_clear_fault((int)zc->zc_guid)); 5035 } 5036 5037 static int 5038 zfs_ioc_inject_list_next(zfs_cmd_t *zc) 5039 { 5040 int id = (int)zc->zc_guid; 5041 int error; 5042 5043 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name), 5044 &zc->zc_inject_record); 5045 5046 zc->zc_guid = id; 5047 5048 return (error); 5049 } 5050 5051 static int 5052 zfs_ioc_error_log(zfs_cmd_t *zc) 5053 { 5054 spa_t *spa; 5055 int error; 5056 size_t count = (size_t)zc->zc_nvlist_dst_size; 5057 5058 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 5059 return (error); 5060 5061 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst, 5062 &count); 5063 if (error == 0) 5064 zc->zc_nvlist_dst_size = count; 5065 else 5066 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa); 5067 5068 spa_close(spa, FTAG); 5069 5070 return (error); 5071 } 5072 5073 static int 5074 zfs_ioc_clear(zfs_cmd_t *zc) 5075 { 5076 spa_t *spa; 5077 vdev_t *vd; 5078 int error; 5079 5080 /* 5081 * On zpool clear we also fix up missing slogs 5082 */ 5083 mutex_enter(&spa_namespace_lock); 5084 spa = spa_lookup(zc->zc_name); 5085 if (spa == NULL) { 5086 mutex_exit(&spa_namespace_lock); 5087 return (SET_ERROR(EIO)); 5088 } 5089 if (spa_get_log_state(spa) == SPA_LOG_MISSING) { 5090 /* we need to let spa_open/spa_load clear the chains */ 5091 spa_set_log_state(spa, SPA_LOG_CLEAR); 5092 } 5093 spa->spa_last_open_failed = 0; 5094 mutex_exit(&spa_namespace_lock); 5095 5096 if (zc->zc_cookie & ZPOOL_NO_REWIND) { 5097 error = spa_open(zc->zc_name, &spa, FTAG); 5098 } else { 5099 nvlist_t *policy; 5100 nvlist_t *config = NULL; 5101 5102 if (zc->zc_nvlist_src == 0) 5103 return (SET_ERROR(EINVAL)); 5104 5105 if ((error = get_nvlist(zc->zc_nvlist_src, 5106 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) { 5107 error = spa_open_rewind(zc->zc_name, &spa, FTAG, 5108 policy, &config); 5109 if (config != NULL) { 5110 int err; 5111 5112 if ((err = put_nvlist(zc, config)) != 0) 5113 error = err; 5114 nvlist_free(config); 5115 } 5116 nvlist_free(policy); 5117 } 5118 } 5119 5120 if (error != 0) 5121 return (error); 5122 5123 /* 5124 * If multihost is enabled, resuming I/O is unsafe as another 5125 * host may have imported the pool. 5126 */ 5127 if (spa_multihost(spa) && spa_suspended(spa)) 5128 return (SET_ERROR(EINVAL)); 5129 5130 spa_vdev_state_enter(spa, SCL_NONE); 5131 5132 if (zc->zc_guid == 0) { 5133 vd = NULL; 5134 } else { 5135 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE); 5136 if (vd == NULL) { 5137 (void) spa_vdev_state_exit(spa, NULL, ENODEV); 5138 spa_close(spa, FTAG); 5139 return (SET_ERROR(ENODEV)); 5140 } 5141 } 5142 5143 vdev_clear(spa, vd); 5144 5145 (void) spa_vdev_state_exit(spa, NULL, 0); 5146 5147 /* 5148 * Resume any suspended I/Os. 5149 */ 5150 if (zio_resume(spa) != 0) 5151 error = SET_ERROR(EIO); 5152 5153 spa_close(spa, FTAG); 5154 5155 return (error); 5156 } 5157 5158 static int 5159 zfs_ioc_pool_reopen(zfs_cmd_t *zc) 5160 { 5161 spa_t *spa; 5162 int error; 5163 5164 error = spa_open(zc->zc_name, &spa, FTAG); 5165 if (error != 0) 5166 return (error); 5167 5168 spa_vdev_state_enter(spa, SCL_NONE); 5169 5170 /* 5171 * If a resilver is already in progress then set the 5172 * spa_scrub_reopen flag to B_TRUE so that we don't restart 5173 * the scan as a side effect of the reopen. Otherwise, let 5174 * vdev_open() decided if a resilver is required. 5175 */ 5176 spa->spa_scrub_reopen = dsl_scan_resilvering(spa->spa_dsl_pool); 5177 vdev_reopen(spa->spa_root_vdev); 5178 spa->spa_scrub_reopen = B_FALSE; 5179 5180 (void) spa_vdev_state_exit(spa, NULL, 0); 5181 spa_close(spa, FTAG); 5182 return (0); 5183 } 5184 /* 5185 * inputs: 5186 * zc_name name of filesystem 5187 * 5188 * outputs: 5189 * zc_string name of conflicting snapshot, if there is one 5190 */ 5191 static int 5192 zfs_ioc_promote(zfs_cmd_t *zc) 5193 { 5194 dsl_pool_t *dp; 5195 dsl_dataset_t *ds, *ods; 5196 char origin[ZFS_MAX_DATASET_NAME_LEN]; 5197 char *cp; 5198 int error; 5199 5200 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0'; 5201 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0 || 5202 strchr(zc->zc_name, '%')) 5203 return (SET_ERROR(EINVAL)); 5204 5205 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 5206 if (error != 0) 5207 return (error); 5208 5209 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds); 5210 if (error != 0) { 5211 dsl_pool_rele(dp, FTAG); 5212 return (error); 5213 } 5214 5215 if (!dsl_dir_is_clone(ds->ds_dir)) { 5216 dsl_dataset_rele(ds, FTAG); 5217 dsl_pool_rele(dp, FTAG); 5218 return (SET_ERROR(EINVAL)); 5219 } 5220 5221 error = dsl_dataset_hold_obj(dp, 5222 dsl_dir_phys(ds->ds_dir)->dd_origin_obj, FTAG, &ods); 5223 if (error != 0) { 5224 dsl_dataset_rele(ds, FTAG); 5225 dsl_pool_rele(dp, FTAG); 5226 return (error); 5227 } 5228 5229 dsl_dataset_name(ods, origin); 5230 dsl_dataset_rele(ods, FTAG); 5231 dsl_dataset_rele(ds, FTAG); 5232 dsl_pool_rele(dp, FTAG); 5233 5234 /* 5235 * We don't need to unmount *all* the origin fs's snapshots, but 5236 * it's easier. 5237 */ 5238 cp = strchr(origin, '@'); 5239 if (cp) 5240 *cp = '\0'; 5241 (void) dmu_objset_find(origin, 5242 zfs_unmount_snap_cb, NULL, DS_FIND_SNAPSHOTS); 5243 return (dsl_dataset_promote(zc->zc_name, zc->zc_string)); 5244 } 5245 5246 /* 5247 * Retrieve a single {user|group}{used|quota}@... property. 5248 * 5249 * inputs: 5250 * zc_name name of filesystem 5251 * zc_objset_type zfs_userquota_prop_t 5252 * zc_value domain name (eg. "S-1-234-567-89") 5253 * zc_guid RID/UID/GID 5254 * 5255 * outputs: 5256 * zc_cookie property value 5257 */ 5258 static int 5259 zfs_ioc_userspace_one(zfs_cmd_t *zc) 5260 { 5261 zfsvfs_t *zfsvfs; 5262 int error; 5263 5264 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 5265 return (SET_ERROR(EINVAL)); 5266 5267 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE); 5268 if (error != 0) 5269 return (error); 5270 5271 error = zfs_userspace_one(zfsvfs, 5272 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie); 5273 zfsvfs_rele(zfsvfs, FTAG); 5274 5275 return (error); 5276 } 5277 5278 /* 5279 * inputs: 5280 * zc_name name of filesystem 5281 * zc_cookie zap cursor 5282 * zc_objset_type zfs_userquota_prop_t 5283 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist) 5284 * 5285 * outputs: 5286 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t) 5287 * zc_cookie zap cursor 5288 */ 5289 static int 5290 zfs_ioc_userspace_many(zfs_cmd_t *zc) 5291 { 5292 zfsvfs_t *zfsvfs; 5293 int bufsize = zc->zc_nvlist_dst_size; 5294 5295 if (bufsize <= 0) 5296 return (SET_ERROR(ENOMEM)); 5297 5298 int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE); 5299 if (error != 0) 5300 return (error); 5301 5302 void *buf = kmem_alloc(bufsize, KM_SLEEP); 5303 5304 error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie, 5305 buf, &zc->zc_nvlist_dst_size); 5306 5307 if (error == 0) { 5308 error = xcopyout(buf, 5309 (void *)(uintptr_t)zc->zc_nvlist_dst, 5310 zc->zc_nvlist_dst_size); 5311 } 5312 kmem_free(buf, bufsize); 5313 zfsvfs_rele(zfsvfs, FTAG); 5314 5315 return (error); 5316 } 5317 5318 /* 5319 * inputs: 5320 * zc_name name of filesystem 5321 * 5322 * outputs: 5323 * none 5324 */ 5325 static int 5326 zfs_ioc_userspace_upgrade(zfs_cmd_t *zc) 5327 { 5328 objset_t *os; 5329 int error = 0; 5330 zfsvfs_t *zfsvfs; 5331 5332 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) { 5333 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) { 5334 /* 5335 * If userused is not enabled, it may be because the 5336 * objset needs to be closed & reopened (to grow the 5337 * objset_phys_t). Suspend/resume the fs will do that. 5338 */ 5339 dsl_dataset_t *ds, *newds; 5340 5341 ds = dmu_objset_ds(zfsvfs->z_os); 5342 error = zfs_suspend_fs(zfsvfs); 5343 if (error == 0) { 5344 dmu_objset_refresh_ownership(ds, &newds, 5345 B_TRUE, zfsvfs); 5346 error = zfs_resume_fs(zfsvfs, newds); 5347 } 5348 } 5349 if (error == 0) 5350 error = dmu_objset_userspace_upgrade(zfsvfs->z_os); 5351 VFS_RELE(zfsvfs->z_vfs); 5352 } else { 5353 /* XXX kind of reading contents without owning */ 5354 error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, FTAG, &os); 5355 if (error != 0) 5356 return (error); 5357 5358 error = dmu_objset_userspace_upgrade(os); 5359 dmu_objset_rele_flags(os, B_TRUE, FTAG); 5360 } 5361 5362 return (error); 5363 } 5364 5365 /* 5366 * We don't want to have a hard dependency 5367 * against some special symbols in sharefs 5368 * nfs, and smbsrv. Determine them if needed when 5369 * the first file system is shared. 5370 * Neither sharefs, nfs or smbsrv are unloadable modules. 5371 */ 5372 int (*znfsexport_fs)(void *arg); 5373 int (*zshare_fs)(enum sharefs_sys_op, share_t *, uint32_t); 5374 int (*zsmbexport_fs)(void *arg, boolean_t add_share); 5375 5376 int zfs_nfsshare_inited; 5377 int zfs_smbshare_inited; 5378 5379 ddi_modhandle_t nfs_mod; 5380 ddi_modhandle_t sharefs_mod; 5381 ddi_modhandle_t smbsrv_mod; 5382 kmutex_t zfs_share_lock; 5383 5384 static int 5385 zfs_init_sharefs() 5386 { 5387 int error; 5388 5389 ASSERT(MUTEX_HELD(&zfs_share_lock)); 5390 /* Both NFS and SMB shares also require sharetab support. */ 5391 if (sharefs_mod == NULL && ((sharefs_mod = 5392 ddi_modopen("fs/sharefs", 5393 KRTLD_MODE_FIRST, &error)) == NULL)) { 5394 return (SET_ERROR(ENOSYS)); 5395 } 5396 if (zshare_fs == NULL && ((zshare_fs = 5397 (int (*)(enum sharefs_sys_op, share_t *, uint32_t)) 5398 ddi_modsym(sharefs_mod, "sharefs_impl", &error)) == NULL)) { 5399 return (SET_ERROR(ENOSYS)); 5400 } 5401 return (0); 5402 } 5403 5404 static int 5405 zfs_ioc_share(zfs_cmd_t *zc) 5406 { 5407 int error; 5408 int opcode; 5409 5410 switch (zc->zc_share.z_sharetype) { 5411 case ZFS_SHARE_NFS: 5412 case ZFS_UNSHARE_NFS: 5413 if (zfs_nfsshare_inited == 0) { 5414 mutex_enter(&zfs_share_lock); 5415 if (nfs_mod == NULL && ((nfs_mod = ddi_modopen("fs/nfs", 5416 KRTLD_MODE_FIRST, &error)) == NULL)) { 5417 mutex_exit(&zfs_share_lock); 5418 return (SET_ERROR(ENOSYS)); 5419 } 5420 if (znfsexport_fs == NULL && 5421 ((znfsexport_fs = (int (*)(void *)) 5422 ddi_modsym(nfs_mod, 5423 "nfs_export", &error)) == NULL)) { 5424 mutex_exit(&zfs_share_lock); 5425 return (SET_ERROR(ENOSYS)); 5426 } 5427 error = zfs_init_sharefs(); 5428 if (error != 0) { 5429 mutex_exit(&zfs_share_lock); 5430 return (SET_ERROR(ENOSYS)); 5431 } 5432 zfs_nfsshare_inited = 1; 5433 mutex_exit(&zfs_share_lock); 5434 } 5435 break; 5436 case ZFS_SHARE_SMB: 5437 case ZFS_UNSHARE_SMB: 5438 if (zfs_smbshare_inited == 0) { 5439 mutex_enter(&zfs_share_lock); 5440 if (smbsrv_mod == NULL && ((smbsrv_mod = 5441 ddi_modopen("drv/smbsrv", 5442 KRTLD_MODE_FIRST, &error)) == NULL)) { 5443 mutex_exit(&zfs_share_lock); 5444 return (SET_ERROR(ENOSYS)); 5445 } 5446 if (zsmbexport_fs == NULL && ((zsmbexport_fs = 5447 (int (*)(void *, boolean_t))ddi_modsym(smbsrv_mod, 5448 "smb_server_share", &error)) == NULL)) { 5449 mutex_exit(&zfs_share_lock); 5450 return (SET_ERROR(ENOSYS)); 5451 } 5452 error = zfs_init_sharefs(); 5453 if (error != 0) { 5454 mutex_exit(&zfs_share_lock); 5455 return (SET_ERROR(ENOSYS)); 5456 } 5457 zfs_smbshare_inited = 1; 5458 mutex_exit(&zfs_share_lock); 5459 } 5460 break; 5461 default: 5462 return (SET_ERROR(EINVAL)); 5463 } 5464 5465 switch (zc->zc_share.z_sharetype) { 5466 case ZFS_SHARE_NFS: 5467 case ZFS_UNSHARE_NFS: 5468 if (error = 5469 znfsexport_fs((void *) 5470 (uintptr_t)zc->zc_share.z_exportdata)) 5471 return (error); 5472 break; 5473 case ZFS_SHARE_SMB: 5474 case ZFS_UNSHARE_SMB: 5475 if (error = zsmbexport_fs((void *) 5476 (uintptr_t)zc->zc_share.z_exportdata, 5477 zc->zc_share.z_sharetype == ZFS_SHARE_SMB ? 5478 B_TRUE: B_FALSE)) { 5479 return (error); 5480 } 5481 break; 5482 } 5483 5484 opcode = (zc->zc_share.z_sharetype == ZFS_SHARE_NFS || 5485 zc->zc_share.z_sharetype == ZFS_SHARE_SMB) ? 5486 SHAREFS_ADD : SHAREFS_REMOVE; 5487 5488 /* 5489 * Add or remove share from sharetab 5490 */ 5491 error = zshare_fs(opcode, 5492 (void *)(uintptr_t)zc->zc_share.z_sharedata, 5493 zc->zc_share.z_sharemax); 5494 5495 return (error); 5496 5497 } 5498 5499 ace_t full_access[] = { 5500 {(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0} 5501 }; 5502 5503 /* 5504 * inputs: 5505 * zc_name name of containing filesystem 5506 * zc_obj object # beyond which we want next in-use object # 5507 * 5508 * outputs: 5509 * zc_obj next in-use object # 5510 */ 5511 static int 5512 zfs_ioc_next_obj(zfs_cmd_t *zc) 5513 { 5514 objset_t *os = NULL; 5515 int error; 5516 5517 error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, FTAG, &os); 5518 if (error != 0) 5519 return (error); 5520 5521 error = dmu_object_next(os, &zc->zc_obj, B_FALSE, 5522 dsl_dataset_phys(os->os_dsl_dataset)->ds_prev_snap_txg); 5523 5524 dmu_objset_rele(os, FTAG); 5525 return (error); 5526 } 5527 5528 /* 5529 * inputs: 5530 * zc_name name of filesystem 5531 * zc_value prefix name for snapshot 5532 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process 5533 * 5534 * outputs: 5535 * zc_value short name of new snapshot 5536 */ 5537 static int 5538 zfs_ioc_tmp_snapshot(zfs_cmd_t *zc) 5539 { 5540 char *snap_name; 5541 char *hold_name; 5542 int error; 5543 minor_t minor; 5544 5545 error = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor); 5546 if (error != 0) 5547 return (error); 5548 5549 snap_name = kmem_asprintf("%s-%016llx", zc->zc_value, 5550 (u_longlong_t)ddi_get_lbolt64()); 5551 hold_name = kmem_asprintf("%%%s", zc->zc_value); 5552 5553 error = dsl_dataset_snapshot_tmp(zc->zc_name, snap_name, minor, 5554 hold_name); 5555 if (error == 0) 5556 (void) strcpy(zc->zc_value, snap_name); 5557 strfree(snap_name); 5558 strfree(hold_name); 5559 zfs_onexit_fd_rele(zc->zc_cleanup_fd); 5560 return (error); 5561 } 5562 5563 /* 5564 * inputs: 5565 * zc_name name of "to" snapshot 5566 * zc_value name of "from" snapshot 5567 * zc_cookie file descriptor to write diff data on 5568 * 5569 * outputs: 5570 * dmu_diff_record_t's to the file descriptor 5571 */ 5572 static int 5573 zfs_ioc_diff(zfs_cmd_t *zc) 5574 { 5575 file_t *fp; 5576 offset_t off; 5577 int error; 5578 5579 fp = getf(zc->zc_cookie); 5580 if (fp == NULL) 5581 return (SET_ERROR(EBADF)); 5582 5583 off = fp->f_offset; 5584 5585 error = dmu_diff(zc->zc_name, zc->zc_value, fp->f_vnode, &off); 5586 5587 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0) 5588 fp->f_offset = off; 5589 releasef(zc->zc_cookie); 5590 5591 return (error); 5592 } 5593 5594 /* 5595 * Remove all ACL files in shares dir 5596 */ 5597 static int 5598 zfs_smb_acl_purge(znode_t *dzp) 5599 { 5600 zap_cursor_t zc; 5601 zap_attribute_t zap; 5602 zfsvfs_t *zfsvfs = dzp->z_zfsvfs; 5603 int error; 5604 5605 for (zap_cursor_init(&zc, zfsvfs->z_os, dzp->z_id); 5606 (error = zap_cursor_retrieve(&zc, &zap)) == 0; 5607 zap_cursor_advance(&zc)) { 5608 if ((error = VOP_REMOVE(ZTOV(dzp), zap.za_name, kcred, 5609 NULL, 0)) != 0) 5610 break; 5611 } 5612 zap_cursor_fini(&zc); 5613 return (error); 5614 } 5615 5616 static int 5617 zfs_ioc_smb_acl(zfs_cmd_t *zc) 5618 { 5619 vnode_t *vp; 5620 znode_t *dzp; 5621 vnode_t *resourcevp = NULL; 5622 znode_t *sharedir; 5623 zfsvfs_t *zfsvfs; 5624 nvlist_t *nvlist; 5625 char *src, *target; 5626 vattr_t vattr; 5627 vsecattr_t vsec; 5628 int error = 0; 5629 5630 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE, 5631 NO_FOLLOW, NULL, &vp)) != 0) 5632 return (error); 5633 5634 /* Now make sure mntpnt and dataset are ZFS */ 5635 5636 if (vp->v_vfsp->vfs_fstype != zfsfstype || 5637 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource), 5638 zc->zc_name) != 0)) { 5639 VN_RELE(vp); 5640 return (SET_ERROR(EINVAL)); 5641 } 5642 5643 dzp = VTOZ(vp); 5644 zfsvfs = dzp->z_zfsvfs; 5645 ZFS_ENTER(zfsvfs); 5646 5647 /* 5648 * Create share dir if its missing. 5649 */ 5650 mutex_enter(&zfsvfs->z_lock); 5651 if (zfsvfs->z_shares_dir == 0) { 5652 dmu_tx_t *tx; 5653 5654 tx = dmu_tx_create(zfsvfs->z_os); 5655 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, TRUE, 5656 ZFS_SHARES_DIR); 5657 dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL); 5658 error = dmu_tx_assign(tx, TXG_WAIT); 5659 if (error != 0) { 5660 dmu_tx_abort(tx); 5661 } else { 5662 error = zfs_create_share_dir(zfsvfs, tx); 5663 dmu_tx_commit(tx); 5664 } 5665 if (error != 0) { 5666 mutex_exit(&zfsvfs->z_lock); 5667 VN_RELE(vp); 5668 ZFS_EXIT(zfsvfs); 5669 return (error); 5670 } 5671 } 5672 mutex_exit(&zfsvfs->z_lock); 5673 5674 ASSERT(zfsvfs->z_shares_dir); 5675 if ((error = zfs_zget(zfsvfs, zfsvfs->z_shares_dir, &sharedir)) != 0) { 5676 VN_RELE(vp); 5677 ZFS_EXIT(zfsvfs); 5678 return (error); 5679 } 5680 5681 switch (zc->zc_cookie) { 5682 case ZFS_SMB_ACL_ADD: 5683 vattr.va_mask = AT_MODE|AT_UID|AT_GID|AT_TYPE; 5684 vattr.va_type = VREG; 5685 vattr.va_mode = S_IFREG|0777; 5686 vattr.va_uid = 0; 5687 vattr.va_gid = 0; 5688 5689 vsec.vsa_mask = VSA_ACE; 5690 vsec.vsa_aclentp = &full_access; 5691 vsec.vsa_aclentsz = sizeof (full_access); 5692 vsec.vsa_aclcnt = 1; 5693 5694 error = VOP_CREATE(ZTOV(sharedir), zc->zc_string, 5695 &vattr, EXCL, 0, &resourcevp, kcred, 0, NULL, &vsec); 5696 if (resourcevp) 5697 VN_RELE(resourcevp); 5698 break; 5699 5700 case ZFS_SMB_ACL_REMOVE: 5701 error = VOP_REMOVE(ZTOV(sharedir), zc->zc_string, kcred, 5702 NULL, 0); 5703 break; 5704 5705 case ZFS_SMB_ACL_RENAME: 5706 if ((error = get_nvlist(zc->zc_nvlist_src, 5707 zc->zc_nvlist_src_size, zc->zc_iflags, &nvlist)) != 0) { 5708 VN_RELE(vp); 5709 VN_RELE(ZTOV(sharedir)); 5710 ZFS_EXIT(zfsvfs); 5711 return (error); 5712 } 5713 if (nvlist_lookup_string(nvlist, ZFS_SMB_ACL_SRC, &src) || 5714 nvlist_lookup_string(nvlist, ZFS_SMB_ACL_TARGET, 5715 &target)) { 5716 VN_RELE(vp); 5717 VN_RELE(ZTOV(sharedir)); 5718 ZFS_EXIT(zfsvfs); 5719 nvlist_free(nvlist); 5720 return (error); 5721 } 5722 error = VOP_RENAME(ZTOV(sharedir), src, ZTOV(sharedir), target, 5723 kcred, NULL, 0); 5724 nvlist_free(nvlist); 5725 break; 5726 5727 case ZFS_SMB_ACL_PURGE: 5728 error = zfs_smb_acl_purge(sharedir); 5729 break; 5730 5731 default: 5732 error = SET_ERROR(EINVAL); 5733 break; 5734 } 5735 5736 VN_RELE(vp); 5737 VN_RELE(ZTOV(sharedir)); 5738 5739 ZFS_EXIT(zfsvfs); 5740 5741 return (error); 5742 } 5743 5744 /* 5745 * innvl: { 5746 * "holds" -> { snapname -> holdname (string), ... } 5747 * (optional) "cleanup_fd" -> fd (int32) 5748 * } 5749 * 5750 * outnvl: { 5751 * snapname -> error value (int32) 5752 * ... 5753 * } 5754 */ 5755 /* ARGSUSED */ 5756 static int 5757 zfs_ioc_hold(const char *pool, nvlist_t *args, nvlist_t *errlist) 5758 { 5759 nvpair_t *pair; 5760 nvlist_t *holds; 5761 int cleanup_fd = -1; 5762 int error; 5763 minor_t minor = 0; 5764 5765 error = nvlist_lookup_nvlist(args, "holds", &holds); 5766 if (error != 0) 5767 return (SET_ERROR(EINVAL)); 5768 5769 /* make sure the user didn't pass us any invalid (empty) tags */ 5770 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL; 5771 pair = nvlist_next_nvpair(holds, pair)) { 5772 char *htag; 5773 5774 error = nvpair_value_string(pair, &htag); 5775 if (error != 0) 5776 return (SET_ERROR(error)); 5777 5778 if (strlen(htag) == 0) 5779 return (SET_ERROR(EINVAL)); 5780 } 5781 5782 if (nvlist_lookup_int32(args, "cleanup_fd", &cleanup_fd) == 0) { 5783 error = zfs_onexit_fd_hold(cleanup_fd, &minor); 5784 if (error != 0) 5785 return (error); 5786 } 5787 5788 error = dsl_dataset_user_hold(holds, minor, errlist); 5789 if (minor != 0) 5790 zfs_onexit_fd_rele(cleanup_fd); 5791 return (error); 5792 } 5793 5794 /* 5795 * innvl is not used. 5796 * 5797 * outnvl: { 5798 * holdname -> time added (uint64 seconds since epoch) 5799 * ... 5800 * } 5801 */ 5802 /* ARGSUSED */ 5803 static int 5804 zfs_ioc_get_holds(const char *snapname, nvlist_t *args, nvlist_t *outnvl) 5805 { 5806 ASSERT3P(args, ==, NULL); 5807 return (dsl_dataset_get_holds(snapname, outnvl)); 5808 } 5809 5810 /* 5811 * innvl: { 5812 * snapname -> { holdname, ... } 5813 * ... 5814 * } 5815 * 5816 * outnvl: { 5817 * snapname -> error value (int32) 5818 * ... 5819 * } 5820 */ 5821 /* ARGSUSED */ 5822 static int 5823 zfs_ioc_release(const char *pool, nvlist_t *holds, nvlist_t *errlist) 5824 { 5825 return (dsl_dataset_user_release(holds, errlist)); 5826 } 5827 5828 /* 5829 * inputs: 5830 * zc_name name of new filesystem or snapshot 5831 * zc_value full name of old snapshot 5832 * 5833 * outputs: 5834 * zc_cookie space in bytes 5835 * zc_objset_type compressed space in bytes 5836 * zc_perm_action uncompressed space in bytes 5837 */ 5838 static int 5839 zfs_ioc_space_written(zfs_cmd_t *zc) 5840 { 5841 int error; 5842 dsl_pool_t *dp; 5843 dsl_dataset_t *new, *old; 5844 5845 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 5846 if (error != 0) 5847 return (error); 5848 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &new); 5849 if (error != 0) { 5850 dsl_pool_rele(dp, FTAG); 5851 return (error); 5852 } 5853 error = dsl_dataset_hold(dp, zc->zc_value, FTAG, &old); 5854 if (error != 0) { 5855 dsl_dataset_rele(new, FTAG); 5856 dsl_pool_rele(dp, FTAG); 5857 return (error); 5858 } 5859 5860 error = dsl_dataset_space_written(old, new, &zc->zc_cookie, 5861 &zc->zc_objset_type, &zc->zc_perm_action); 5862 dsl_dataset_rele(old, FTAG); 5863 dsl_dataset_rele(new, FTAG); 5864 dsl_pool_rele(dp, FTAG); 5865 return (error); 5866 } 5867 5868 /* 5869 * innvl: { 5870 * "firstsnap" -> snapshot name 5871 * } 5872 * 5873 * outnvl: { 5874 * "used" -> space in bytes 5875 * "compressed" -> compressed space in bytes 5876 * "uncompressed" -> uncompressed space in bytes 5877 * } 5878 */ 5879 static int 5880 zfs_ioc_space_snaps(const char *lastsnap, nvlist_t *innvl, nvlist_t *outnvl) 5881 { 5882 int error; 5883 dsl_pool_t *dp; 5884 dsl_dataset_t *new, *old; 5885 char *firstsnap; 5886 uint64_t used, comp, uncomp; 5887 5888 if (nvlist_lookup_string(innvl, "firstsnap", &firstsnap) != 0) 5889 return (SET_ERROR(EINVAL)); 5890 5891 error = dsl_pool_hold(lastsnap, FTAG, &dp); 5892 if (error != 0) 5893 return (error); 5894 5895 error = dsl_dataset_hold(dp, lastsnap, FTAG, &new); 5896 if (error == 0 && !new->ds_is_snapshot) { 5897 dsl_dataset_rele(new, FTAG); 5898 error = SET_ERROR(EINVAL); 5899 } 5900 if (error != 0) { 5901 dsl_pool_rele(dp, FTAG); 5902 return (error); 5903 } 5904 error = dsl_dataset_hold(dp, firstsnap, FTAG, &old); 5905 if (error == 0 && !old->ds_is_snapshot) { 5906 dsl_dataset_rele(old, FTAG); 5907 error = SET_ERROR(EINVAL); 5908 } 5909 if (error != 0) { 5910 dsl_dataset_rele(new, FTAG); 5911 dsl_pool_rele(dp, FTAG); 5912 return (error); 5913 } 5914 5915 error = dsl_dataset_space_wouldfree(old, new, &used, &comp, &uncomp); 5916 dsl_dataset_rele(old, FTAG); 5917 dsl_dataset_rele(new, FTAG); 5918 dsl_pool_rele(dp, FTAG); 5919 fnvlist_add_uint64(outnvl, "used", used); 5920 fnvlist_add_uint64(outnvl, "compressed", comp); 5921 fnvlist_add_uint64(outnvl, "uncompressed", uncomp); 5922 return (error); 5923 } 5924 5925 /* 5926 * innvl: { 5927 * "fd" -> file descriptor to write stream to (int32) 5928 * (optional) "fromsnap" -> full snap name to send an incremental from 5929 * (optional) "largeblockok" -> (value ignored) 5930 * indicates that blocks > 128KB are permitted 5931 * (optional) "embedok" -> (value ignored) 5932 * presence indicates DRR_WRITE_EMBEDDED records are permitted 5933 * (optional) "compressok" -> (value ignored) 5934 * presence indicates compressed DRR_WRITE records are permitted 5935 * (optional) "rawok" -> (value ignored) 5936 * presence indicates raw encrypted records should be used. 5937 * (optional) "resume_object" and "resume_offset" -> (uint64) 5938 * if present, resume send stream from specified object and offset. 5939 * } 5940 * 5941 * outnvl is unused 5942 */ 5943 /* ARGSUSED */ 5944 static int 5945 zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl) 5946 { 5947 int error; 5948 offset_t off; 5949 char *fromname = NULL; 5950 int fd; 5951 boolean_t largeblockok; 5952 boolean_t embedok; 5953 boolean_t compressok; 5954 boolean_t rawok; 5955 uint64_t resumeobj = 0; 5956 uint64_t resumeoff = 0; 5957 5958 error = nvlist_lookup_int32(innvl, "fd", &fd); 5959 if (error != 0) 5960 return (SET_ERROR(EINVAL)); 5961 5962 (void) nvlist_lookup_string(innvl, "fromsnap", &fromname); 5963 5964 largeblockok = nvlist_exists(innvl, "largeblockok"); 5965 embedok = nvlist_exists(innvl, "embedok"); 5966 compressok = nvlist_exists(innvl, "compressok"); 5967 rawok = nvlist_exists(innvl, "rawok"); 5968 5969 (void) nvlist_lookup_uint64(innvl, "resume_object", &resumeobj); 5970 (void) nvlist_lookup_uint64(innvl, "resume_offset", &resumeoff); 5971 5972 file_t *fp = getf(fd); 5973 if (fp == NULL) 5974 return (SET_ERROR(EBADF)); 5975 5976 off = fp->f_offset; 5977 error = dmu_send(snapname, fromname, embedok, largeblockok, compressok, 5978 rawok, fd, resumeobj, resumeoff, fp->f_vnode, &off); 5979 5980 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0) 5981 fp->f_offset = off; 5982 releasef(fd); 5983 return (error); 5984 } 5985 5986 /* 5987 * Determine approximately how large a zfs send stream will be -- the number 5988 * of bytes that will be written to the fd supplied to zfs_ioc_send_new(). 5989 * 5990 * innvl: { 5991 * (optional) "from" -> full snap or bookmark name to send an incremental 5992 * from 5993 * (optional) "largeblockok" -> (value ignored) 5994 * indicates that blocks > 128KB are permitted 5995 * (optional) "embedok" -> (value ignored) 5996 * presence indicates DRR_WRITE_EMBEDDED records are permitted 5997 * (optional) "compressok" -> (value ignored) 5998 * presence indicates compressed DRR_WRITE records are permitted 5999 * } 6000 * 6001 * outnvl: { 6002 * "space" -> bytes of space (uint64) 6003 * } 6004 */ 6005 static int 6006 zfs_ioc_send_space(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl) 6007 { 6008 dsl_pool_t *dp; 6009 dsl_dataset_t *tosnap; 6010 int error; 6011 char *fromname; 6012 boolean_t compressok; 6013 boolean_t rawok; 6014 uint64_t space; 6015 6016 error = dsl_pool_hold(snapname, FTAG, &dp); 6017 if (error != 0) 6018 return (error); 6019 6020 error = dsl_dataset_hold(dp, snapname, FTAG, &tosnap); 6021 if (error != 0) { 6022 dsl_pool_rele(dp, FTAG); 6023 return (error); 6024 } 6025 6026 compressok = nvlist_exists(innvl, "compressok"); 6027 rawok = nvlist_exists(innvl, "rawok"); 6028 6029 error = nvlist_lookup_string(innvl, "from", &fromname); 6030 if (error == 0) { 6031 if (strchr(fromname, '@') != NULL) { 6032 /* 6033 * If from is a snapshot, hold it and use the more 6034 * efficient dmu_send_estimate to estimate send space 6035 * size using deadlists. 6036 */ 6037 dsl_dataset_t *fromsnap; 6038 error = dsl_dataset_hold(dp, fromname, FTAG, &fromsnap); 6039 if (error != 0) 6040 goto out; 6041 error = dmu_send_estimate(tosnap, fromsnap, 6042 compressok || rawok, &space); 6043 dsl_dataset_rele(fromsnap, FTAG); 6044 } else if (strchr(fromname, '#') != NULL) { 6045 /* 6046 * If from is a bookmark, fetch the creation TXG of the 6047 * snapshot it was created from and use that to find 6048 * blocks that were born after it. 6049 */ 6050 zfs_bookmark_phys_t frombm; 6051 6052 error = dsl_bookmark_lookup(dp, fromname, tosnap, 6053 &frombm); 6054 if (error != 0) 6055 goto out; 6056 error = dmu_send_estimate_from_txg(tosnap, 6057 frombm.zbm_creation_txg, compressok || rawok, 6058 &space); 6059 } else { 6060 /* 6061 * from is not properly formatted as a snapshot or 6062 * bookmark 6063 */ 6064 error = SET_ERROR(EINVAL); 6065 goto out; 6066 } 6067 } else { 6068 /* 6069 * If estimating the size of a full send, use dmu_send_estimate. 6070 */ 6071 error = dmu_send_estimate(tosnap, NULL, compressok || rawok, 6072 &space); 6073 } 6074 6075 fnvlist_add_uint64(outnvl, "space", space); 6076 6077 out: 6078 dsl_dataset_rele(tosnap, FTAG); 6079 dsl_pool_rele(dp, FTAG); 6080 return (error); 6081 } 6082 6083 /* 6084 * Sync the currently open TXG to disk for the specified pool. 6085 * This is somewhat similar to 'zfs_sync()'. 6086 * For cases that do not result in error this ioctl will wait for 6087 * the currently open TXG to commit before returning back to the caller. 6088 * 6089 * innvl: { 6090 * "force" -> when true, force uberblock update even if there is no dirty data. 6091 * In addition this will cause the vdev configuration to be written 6092 * out including updating the zpool cache file. (boolean_t) 6093 * } 6094 * 6095 * onvl is unused 6096 */ 6097 /* ARGSUSED */ 6098 static int 6099 zfs_ioc_pool_sync(const char *pool, nvlist_t *innvl, nvlist_t *onvl) 6100 { 6101 int err; 6102 boolean_t force; 6103 spa_t *spa; 6104 6105 if ((err = spa_open(pool, &spa, FTAG)) != 0) 6106 return (err); 6107 6108 force = fnvlist_lookup_boolean_value(innvl, "force"); 6109 if (force) { 6110 spa_config_enter(spa, SCL_CONFIG, FTAG, RW_WRITER); 6111 vdev_config_dirty(spa->spa_root_vdev); 6112 spa_config_exit(spa, SCL_CONFIG, FTAG); 6113 } 6114 txg_wait_synced(spa_get_dsl(spa), 0); 6115 6116 spa_close(spa, FTAG); 6117 6118 return (err); 6119 } 6120 6121 /* 6122 * Load a user's wrapping key into the kernel. 6123 * innvl: { 6124 * "hidden_args" -> { "wkeydata" -> value } 6125 * raw uint8_t array of encryption wrapping key data (32 bytes) 6126 * (optional) "noop" -> (value ignored) 6127 * presence indicated key should only be verified, not loaded 6128 * } 6129 */ 6130 /* ARGSUSED */ 6131 static int 6132 zfs_ioc_load_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl) 6133 { 6134 int ret = 0; 6135 dsl_crypto_params_t *dcp = NULL; 6136 nvlist_t *hidden_args; 6137 boolean_t noop = nvlist_exists(innvl, "noop"); 6138 6139 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) { 6140 ret = SET_ERROR(EINVAL); 6141 goto error; 6142 } 6143 6144 ret = nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args); 6145 if (ret != 0) { 6146 ret = SET_ERROR(EINVAL); 6147 goto error; 6148 } 6149 6150 ret = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, NULL, 6151 hidden_args, &dcp); 6152 if (ret != 0) 6153 goto error; 6154 6155 ret = spa_keystore_load_wkey(dsname, dcp, noop); 6156 if (ret != 0) 6157 goto error; 6158 6159 dsl_crypto_params_free(dcp, noop); 6160 6161 return (0); 6162 6163 error: 6164 dsl_crypto_params_free(dcp, B_TRUE); 6165 return (ret); 6166 } 6167 6168 /* 6169 * Unload a user's wrapping key from the kernel. 6170 * Both innvl and outnvl are unused. 6171 */ 6172 /* ARGSUSED */ 6173 static int 6174 zfs_ioc_unload_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl) 6175 { 6176 int ret = 0; 6177 6178 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) { 6179 ret = (SET_ERROR(EINVAL)); 6180 goto out; 6181 } 6182 6183 ret = spa_keystore_unload_wkey(dsname); 6184 if (ret != 0) 6185 goto out; 6186 6187 out: 6188 return (ret); 6189 } 6190 6191 /* 6192 * Changes a user's wrapping key used to decrypt a dataset. The keyformat, 6193 * keylocation, pbkdf2salt, and pbkdf2iters properties can also be specified 6194 * here to change how the key is derived in userspace. 6195 * 6196 * innvl: { 6197 * "hidden_args" (optional) -> { "wkeydata" -> value } 6198 * raw uint8_t array of new encryption wrapping key data (32 bytes) 6199 * "props" (optional) -> { prop -> value } 6200 * } 6201 * 6202 * outnvl is unused 6203 */ 6204 /* ARGSUSED */ 6205 static int 6206 zfs_ioc_change_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl) 6207 { 6208 int ret; 6209 uint64_t cmd = DCP_CMD_NONE; 6210 dsl_crypto_params_t *dcp = NULL; 6211 nvlist_t *args = NULL, *hidden_args = NULL; 6212 6213 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) { 6214 ret = (SET_ERROR(EINVAL)); 6215 goto error; 6216 } 6217 6218 (void) nvlist_lookup_uint64(innvl, "crypt_cmd", &cmd); 6219 (void) nvlist_lookup_nvlist(innvl, "props", &args); 6220 (void) nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args); 6221 6222 ret = dsl_crypto_params_create_nvlist(cmd, args, hidden_args, &dcp); 6223 if (ret != 0) 6224 goto error; 6225 6226 ret = spa_keystore_change_key(dsname, dcp); 6227 if (ret != 0) 6228 goto error; 6229 6230 dsl_crypto_params_free(dcp, B_FALSE); 6231 6232 return (0); 6233 6234 error: 6235 dsl_crypto_params_free(dcp, B_TRUE); 6236 return (ret); 6237 } 6238 6239 static zfs_ioc_vec_t zfs_ioc_vec[ZFS_IOC_LAST - ZFS_IOC_FIRST]; 6240 6241 static void 6242 zfs_ioctl_register_legacy(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 6243 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck, 6244 boolean_t log_history, zfs_ioc_poolcheck_t pool_check) 6245 { 6246 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST]; 6247 6248 ASSERT3U(ioc, >=, ZFS_IOC_FIRST); 6249 ASSERT3U(ioc, <, ZFS_IOC_LAST); 6250 ASSERT3P(vec->zvec_legacy_func, ==, NULL); 6251 ASSERT3P(vec->zvec_func, ==, NULL); 6252 6253 vec->zvec_legacy_func = func; 6254 vec->zvec_secpolicy = secpolicy; 6255 vec->zvec_namecheck = namecheck; 6256 vec->zvec_allow_log = log_history; 6257 vec->zvec_pool_check = pool_check; 6258 } 6259 6260 /* 6261 * See the block comment at the beginning of this file for details on 6262 * each argument to this function. 6263 */ 6264 static void 6265 zfs_ioctl_register(const char *name, zfs_ioc_t ioc, zfs_ioc_func_t *func, 6266 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck, 6267 zfs_ioc_poolcheck_t pool_check, boolean_t smush_outnvlist, 6268 boolean_t allow_log) 6269 { 6270 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST]; 6271 6272 ASSERT3U(ioc, >=, ZFS_IOC_FIRST); 6273 ASSERT3U(ioc, <, ZFS_IOC_LAST); 6274 ASSERT3P(vec->zvec_legacy_func, ==, NULL); 6275 ASSERT3P(vec->zvec_func, ==, NULL); 6276 6277 /* if we are logging, the name must be valid */ 6278 ASSERT(!allow_log || namecheck != NO_NAME); 6279 6280 vec->zvec_name = name; 6281 vec->zvec_func = func; 6282 vec->zvec_secpolicy = secpolicy; 6283 vec->zvec_namecheck = namecheck; 6284 vec->zvec_pool_check = pool_check; 6285 vec->zvec_smush_outnvlist = smush_outnvlist; 6286 vec->zvec_allow_log = allow_log; 6287 } 6288 6289 static void 6290 zfs_ioctl_register_pool(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 6291 zfs_secpolicy_func_t *secpolicy, boolean_t log_history, 6292 zfs_ioc_poolcheck_t pool_check) 6293 { 6294 zfs_ioctl_register_legacy(ioc, func, secpolicy, 6295 POOL_NAME, log_history, pool_check); 6296 } 6297 6298 static void 6299 zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 6300 zfs_secpolicy_func_t *secpolicy, zfs_ioc_poolcheck_t pool_check) 6301 { 6302 zfs_ioctl_register_legacy(ioc, func, secpolicy, 6303 DATASET_NAME, B_FALSE, pool_check); 6304 } 6305 6306 static void 6307 zfs_ioctl_register_pool_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func) 6308 { 6309 zfs_ioctl_register_legacy(ioc, func, zfs_secpolicy_config, 6310 POOL_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 6311 } 6312 6313 static void 6314 zfs_ioctl_register_pool_meta(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 6315 zfs_secpolicy_func_t *secpolicy) 6316 { 6317 zfs_ioctl_register_legacy(ioc, func, secpolicy, 6318 NO_NAME, B_FALSE, POOL_CHECK_NONE); 6319 } 6320 6321 static void 6322 zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc, 6323 zfs_ioc_legacy_func_t *func, zfs_secpolicy_func_t *secpolicy) 6324 { 6325 zfs_ioctl_register_legacy(ioc, func, secpolicy, 6326 DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED); 6327 } 6328 6329 static void 6330 zfs_ioctl_register_dataset_read(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func) 6331 { 6332 zfs_ioctl_register_dataset_read_secpolicy(ioc, func, 6333 zfs_secpolicy_read); 6334 } 6335 6336 static void 6337 zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 6338 zfs_secpolicy_func_t *secpolicy) 6339 { 6340 zfs_ioctl_register_legacy(ioc, func, secpolicy, 6341 DATASET_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 6342 } 6343 6344 static void 6345 zfs_ioctl_init(void) 6346 { 6347 zfs_ioctl_register("snapshot", ZFS_IOC_SNAPSHOT, 6348 zfs_ioc_snapshot, zfs_secpolicy_snapshot, POOL_NAME, 6349 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 6350 6351 zfs_ioctl_register("log_history", ZFS_IOC_LOG_HISTORY, 6352 zfs_ioc_log_history, zfs_secpolicy_log_history, NO_NAME, 6353 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE); 6354 6355 zfs_ioctl_register("space_snaps", ZFS_IOC_SPACE_SNAPS, 6356 zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME, 6357 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE); 6358 6359 zfs_ioctl_register("send", ZFS_IOC_SEND_NEW, 6360 zfs_ioc_send_new, zfs_secpolicy_send_new, DATASET_NAME, 6361 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE); 6362 6363 zfs_ioctl_register("send_space", ZFS_IOC_SEND_SPACE, 6364 zfs_ioc_send_space, zfs_secpolicy_read, DATASET_NAME, 6365 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE); 6366 6367 zfs_ioctl_register("create", ZFS_IOC_CREATE, 6368 zfs_ioc_create, zfs_secpolicy_create_clone, DATASET_NAME, 6369 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 6370 6371 zfs_ioctl_register("clone", ZFS_IOC_CLONE, 6372 zfs_ioc_clone, zfs_secpolicy_create_clone, DATASET_NAME, 6373 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 6374 6375 zfs_ioctl_register("remap", ZFS_IOC_REMAP, 6376 zfs_ioc_remap, zfs_secpolicy_remap, DATASET_NAME, 6377 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE); 6378 6379 zfs_ioctl_register("destroy_snaps", ZFS_IOC_DESTROY_SNAPS, 6380 zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, POOL_NAME, 6381 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 6382 6383 zfs_ioctl_register("hold", ZFS_IOC_HOLD, 6384 zfs_ioc_hold, zfs_secpolicy_hold, POOL_NAME, 6385 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 6386 zfs_ioctl_register("release", ZFS_IOC_RELEASE, 6387 zfs_ioc_release, zfs_secpolicy_release, POOL_NAME, 6388 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 6389 6390 zfs_ioctl_register("get_holds", ZFS_IOC_GET_HOLDS, 6391 zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME, 6392 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE); 6393 6394 zfs_ioctl_register("rollback", ZFS_IOC_ROLLBACK, 6395 zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME, 6396 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE); 6397 6398 zfs_ioctl_register("bookmark", ZFS_IOC_BOOKMARK, 6399 zfs_ioc_bookmark, zfs_secpolicy_bookmark, POOL_NAME, 6400 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 6401 6402 zfs_ioctl_register("get_bookmarks", ZFS_IOC_GET_BOOKMARKS, 6403 zfs_ioc_get_bookmarks, zfs_secpolicy_read, DATASET_NAME, 6404 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE); 6405 6406 zfs_ioctl_register("destroy_bookmarks", ZFS_IOC_DESTROY_BOOKMARKS, 6407 zfs_ioc_destroy_bookmarks, zfs_secpolicy_destroy_bookmarks, 6408 POOL_NAME, 6409 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 6410 6411 zfs_ioctl_register("channel_program", ZFS_IOC_CHANNEL_PROGRAM, 6412 zfs_ioc_channel_program, zfs_secpolicy_config, 6413 POOL_NAME, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, 6414 B_TRUE); 6415 6416 zfs_ioctl_register("zpool_checkpoint", ZFS_IOC_POOL_CHECKPOINT, 6417 zfs_ioc_pool_checkpoint, zfs_secpolicy_config, POOL_NAME, 6418 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 6419 6420 zfs_ioctl_register("zpool_discard_checkpoint", 6421 ZFS_IOC_POOL_DISCARD_CHECKPOINT, zfs_ioc_pool_discard_checkpoint, 6422 zfs_secpolicy_config, POOL_NAME, 6423 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 6424 6425 zfs_ioctl_register("initialize", ZFS_IOC_POOL_INITIALIZE, 6426 zfs_ioc_pool_initialize, zfs_secpolicy_config, POOL_NAME, 6427 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 6428 6429 zfs_ioctl_register("sync", ZFS_IOC_POOL_SYNC, 6430 zfs_ioc_pool_sync, zfs_secpolicy_none, POOL_NAME, 6431 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE); 6432 6433 zfs_ioctl_register("load-key", ZFS_IOC_LOAD_KEY, 6434 zfs_ioc_load_key, zfs_secpolicy_load_key, 6435 DATASET_NAME, POOL_CHECK_SUSPENDED, B_TRUE, B_TRUE); 6436 zfs_ioctl_register("unload-key", ZFS_IOC_UNLOAD_KEY, 6437 zfs_ioc_unload_key, zfs_secpolicy_load_key, 6438 DATASET_NAME, POOL_CHECK_SUSPENDED, B_TRUE, B_TRUE); 6439 zfs_ioctl_register("change-key", ZFS_IOC_CHANGE_KEY, 6440 zfs_ioc_change_key, zfs_secpolicy_change_key, 6441 DATASET_NAME, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, 6442 B_TRUE, B_TRUE); 6443 6444 /* IOCTLS that use the legacy function signature */ 6445 6446 zfs_ioctl_register_legacy(ZFS_IOC_POOL_FREEZE, zfs_ioc_pool_freeze, 6447 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_READONLY); 6448 6449 zfs_ioctl_register_pool(ZFS_IOC_POOL_CREATE, zfs_ioc_pool_create, 6450 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE); 6451 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SCAN, 6452 zfs_ioc_pool_scan); 6453 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_UPGRADE, 6454 zfs_ioc_pool_upgrade); 6455 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ADD, 6456 zfs_ioc_vdev_add); 6457 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_REMOVE, 6458 zfs_ioc_vdev_remove); 6459 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SET_STATE, 6460 zfs_ioc_vdev_set_state); 6461 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ATTACH, 6462 zfs_ioc_vdev_attach); 6463 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_DETACH, 6464 zfs_ioc_vdev_detach); 6465 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETPATH, 6466 zfs_ioc_vdev_setpath); 6467 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETFRU, 6468 zfs_ioc_vdev_setfru); 6469 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SET_PROPS, 6470 zfs_ioc_pool_set_props); 6471 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SPLIT, 6472 zfs_ioc_vdev_split); 6473 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_REGUID, 6474 zfs_ioc_pool_reguid); 6475 6476 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_CONFIGS, 6477 zfs_ioc_pool_configs, zfs_secpolicy_none); 6478 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_TRYIMPORT, 6479 zfs_ioc_pool_tryimport, zfs_secpolicy_config); 6480 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_FAULT, 6481 zfs_ioc_inject_fault, zfs_secpolicy_inject); 6482 zfs_ioctl_register_pool_meta(ZFS_IOC_CLEAR_FAULT, 6483 zfs_ioc_clear_fault, zfs_secpolicy_inject); 6484 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_LIST_NEXT, 6485 zfs_ioc_inject_list_next, zfs_secpolicy_inject); 6486 6487 /* 6488 * pool destroy, and export don't log the history as part of 6489 * zfsdev_ioctl, but rather zfs_ioc_pool_export 6490 * does the logging of those commands. 6491 */ 6492 zfs_ioctl_register_pool(ZFS_IOC_POOL_DESTROY, zfs_ioc_pool_destroy, 6493 zfs_secpolicy_config, B_FALSE, POOL_CHECK_NONE); 6494 zfs_ioctl_register_pool(ZFS_IOC_POOL_EXPORT, zfs_ioc_pool_export, 6495 zfs_secpolicy_config, B_FALSE, POOL_CHECK_NONE); 6496 6497 zfs_ioctl_register_pool(ZFS_IOC_POOL_STATS, zfs_ioc_pool_stats, 6498 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE); 6499 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_PROPS, zfs_ioc_pool_get_props, 6500 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE); 6501 6502 zfs_ioctl_register_pool(ZFS_IOC_ERROR_LOG, zfs_ioc_error_log, 6503 zfs_secpolicy_inject, B_FALSE, POOL_CHECK_SUSPENDED); 6504 zfs_ioctl_register_pool(ZFS_IOC_DSOBJ_TO_DSNAME, 6505 zfs_ioc_dsobj_to_dsname, 6506 zfs_secpolicy_diff, B_FALSE, POOL_CHECK_SUSPENDED); 6507 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_HISTORY, 6508 zfs_ioc_pool_get_history, 6509 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED); 6510 6511 zfs_ioctl_register_pool(ZFS_IOC_POOL_IMPORT, zfs_ioc_pool_import, 6512 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE); 6513 6514 zfs_ioctl_register_pool(ZFS_IOC_CLEAR, zfs_ioc_clear, 6515 zfs_secpolicy_config, B_TRUE, POOL_CHECK_READONLY); 6516 zfs_ioctl_register_pool(ZFS_IOC_POOL_REOPEN, zfs_ioc_pool_reopen, 6517 zfs_secpolicy_config, B_TRUE, POOL_CHECK_SUSPENDED); 6518 6519 zfs_ioctl_register_dataset_read(ZFS_IOC_SPACE_WRITTEN, 6520 zfs_ioc_space_written); 6521 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_RECVD_PROPS, 6522 zfs_ioc_objset_recvd_props); 6523 zfs_ioctl_register_dataset_read(ZFS_IOC_NEXT_OBJ, 6524 zfs_ioc_next_obj); 6525 zfs_ioctl_register_dataset_read(ZFS_IOC_GET_FSACL, 6526 zfs_ioc_get_fsacl); 6527 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_STATS, 6528 zfs_ioc_objset_stats); 6529 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_ZPLPROPS, 6530 zfs_ioc_objset_zplprops); 6531 zfs_ioctl_register_dataset_read(ZFS_IOC_DATASET_LIST_NEXT, 6532 zfs_ioc_dataset_list_next); 6533 zfs_ioctl_register_dataset_read(ZFS_IOC_SNAPSHOT_LIST_NEXT, 6534 zfs_ioc_snapshot_list_next); 6535 zfs_ioctl_register_dataset_read(ZFS_IOC_SEND_PROGRESS, 6536 zfs_ioc_send_progress); 6537 6538 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_DIFF, 6539 zfs_ioc_diff, zfs_secpolicy_diff); 6540 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_STATS, 6541 zfs_ioc_obj_to_stats, zfs_secpolicy_diff); 6542 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_PATH, 6543 zfs_ioc_obj_to_path, zfs_secpolicy_diff); 6544 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_ONE, 6545 zfs_ioc_userspace_one, zfs_secpolicy_userspace_one); 6546 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_MANY, 6547 zfs_ioc_userspace_many, zfs_secpolicy_userspace_many); 6548 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_SEND, 6549 zfs_ioc_send, zfs_secpolicy_send); 6550 6551 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_PROP, zfs_ioc_set_prop, 6552 zfs_secpolicy_none); 6553 zfs_ioctl_register_dataset_modify(ZFS_IOC_DESTROY, zfs_ioc_destroy, 6554 zfs_secpolicy_destroy); 6555 zfs_ioctl_register_dataset_modify(ZFS_IOC_RENAME, zfs_ioc_rename, 6556 zfs_secpolicy_rename); 6557 zfs_ioctl_register_dataset_modify(ZFS_IOC_RECV, zfs_ioc_recv, 6558 zfs_secpolicy_recv); 6559 zfs_ioctl_register_dataset_modify(ZFS_IOC_PROMOTE, zfs_ioc_promote, 6560 zfs_secpolicy_promote); 6561 zfs_ioctl_register_dataset_modify(ZFS_IOC_INHERIT_PROP, 6562 zfs_ioc_inherit_prop, zfs_secpolicy_inherit_prop); 6563 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_FSACL, zfs_ioc_set_fsacl, 6564 zfs_secpolicy_set_fsacl); 6565 6566 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SHARE, zfs_ioc_share, 6567 zfs_secpolicy_share, POOL_CHECK_NONE); 6568 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SMB_ACL, zfs_ioc_smb_acl, 6569 zfs_secpolicy_smb_acl, POOL_CHECK_NONE); 6570 zfs_ioctl_register_dataset_nolog(ZFS_IOC_USERSPACE_UPGRADE, 6571 zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade, 6572 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 6573 zfs_ioctl_register_dataset_nolog(ZFS_IOC_TMP_SNAPSHOT, 6574 zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot, 6575 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 6576 } 6577 6578 int 6579 pool_status_check(const char *name, zfs_ioc_namecheck_t type, 6580 zfs_ioc_poolcheck_t check) 6581 { 6582 spa_t *spa; 6583 int error; 6584 6585 ASSERT(type == POOL_NAME || type == DATASET_NAME); 6586 6587 if (check & POOL_CHECK_NONE) 6588 return (0); 6589 6590 error = spa_open(name, &spa, FTAG); 6591 if (error == 0) { 6592 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa)) 6593 error = SET_ERROR(EAGAIN); 6594 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa)) 6595 error = SET_ERROR(EROFS); 6596 spa_close(spa, FTAG); 6597 } 6598 return (error); 6599 } 6600 6601 /* 6602 * Find a free minor number. 6603 */ 6604 minor_t 6605 zfsdev_minor_alloc(void) 6606 { 6607 static minor_t last_minor; 6608 minor_t m; 6609 6610 ASSERT(MUTEX_HELD(&zfsdev_state_lock)); 6611 6612 for (m = last_minor + 1; m != last_minor; m++) { 6613 if (m > ZFSDEV_MAX_MINOR) 6614 m = 1; 6615 if (ddi_get_soft_state(zfsdev_state, m) == NULL) { 6616 last_minor = m; 6617 return (m); 6618 } 6619 } 6620 6621 return (0); 6622 } 6623 6624 static int 6625 zfs_ctldev_init(dev_t *devp) 6626 { 6627 minor_t minor; 6628 zfs_soft_state_t *zs; 6629 6630 ASSERT(MUTEX_HELD(&zfsdev_state_lock)); 6631 ASSERT(getminor(*devp) == 0); 6632 6633 minor = zfsdev_minor_alloc(); 6634 if (minor == 0) 6635 return (SET_ERROR(ENXIO)); 6636 6637 if (ddi_soft_state_zalloc(zfsdev_state, minor) != DDI_SUCCESS) 6638 return (SET_ERROR(EAGAIN)); 6639 6640 *devp = makedevice(getemajor(*devp), minor); 6641 6642 zs = ddi_get_soft_state(zfsdev_state, minor); 6643 zs->zss_type = ZSST_CTLDEV; 6644 zfs_onexit_init((zfs_onexit_t **)&zs->zss_data); 6645 6646 return (0); 6647 } 6648 6649 static void 6650 zfs_ctldev_destroy(zfs_onexit_t *zo, minor_t minor) 6651 { 6652 ASSERT(MUTEX_HELD(&zfsdev_state_lock)); 6653 6654 zfs_onexit_destroy(zo); 6655 ddi_soft_state_free(zfsdev_state, minor); 6656 } 6657 6658 void * 6659 zfsdev_get_soft_state(minor_t minor, enum zfs_soft_state_type which) 6660 { 6661 zfs_soft_state_t *zp; 6662 6663 zp = ddi_get_soft_state(zfsdev_state, minor); 6664 if (zp == NULL || zp->zss_type != which) 6665 return (NULL); 6666 6667 return (zp->zss_data); 6668 } 6669 6670 static int 6671 zfsdev_open(dev_t *devp, int flag, int otyp, cred_t *cr) 6672 { 6673 int error = 0; 6674 6675 if (getminor(*devp) != 0) 6676 return (zvol_open(devp, flag, otyp, cr)); 6677 6678 /* This is the control device. Allocate a new minor if requested. */ 6679 if (flag & FEXCL) { 6680 mutex_enter(&zfsdev_state_lock); 6681 error = zfs_ctldev_init(devp); 6682 mutex_exit(&zfsdev_state_lock); 6683 } 6684 6685 return (error); 6686 } 6687 6688 static int 6689 zfsdev_close(dev_t dev, int flag, int otyp, cred_t *cr) 6690 { 6691 zfs_onexit_t *zo; 6692 minor_t minor = getminor(dev); 6693 6694 if (minor == 0) 6695 return (0); 6696 6697 mutex_enter(&zfsdev_state_lock); 6698 zo = zfsdev_get_soft_state(minor, ZSST_CTLDEV); 6699 if (zo == NULL) { 6700 mutex_exit(&zfsdev_state_lock); 6701 return (zvol_close(dev, flag, otyp, cr)); 6702 } 6703 zfs_ctldev_destroy(zo, minor); 6704 mutex_exit(&zfsdev_state_lock); 6705 6706 return (0); 6707 } 6708 6709 static int 6710 zfsdev_ioctl(dev_t dev, int cmd, intptr_t arg, int flag, cred_t *cr, int *rvalp) 6711 { 6712 zfs_cmd_t *zc; 6713 uint_t vecnum; 6714 int error, rc, len; 6715 minor_t minor = getminor(dev); 6716 const zfs_ioc_vec_t *vec; 6717 char *saved_poolname = NULL; 6718 nvlist_t *innvl = NULL; 6719 6720 if (minor != 0 && 6721 zfsdev_get_soft_state(minor, ZSST_CTLDEV) == NULL) 6722 return (zvol_ioctl(dev, cmd, arg, flag, cr, rvalp)); 6723 6724 vecnum = cmd - ZFS_IOC_FIRST; 6725 ASSERT3U(getmajor(dev), ==, ddi_driver_major(zfs_dip)); 6726 6727 if (vecnum >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0])) 6728 return (SET_ERROR(EINVAL)); 6729 vec = &zfs_ioc_vec[vecnum]; 6730 6731 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP); 6732 6733 error = ddi_copyin((void *)arg, zc, sizeof (zfs_cmd_t), flag); 6734 if (error != 0) { 6735 error = SET_ERROR(EFAULT); 6736 goto out; 6737 } 6738 6739 zc->zc_iflags = flag & FKIOCTL; 6740 if (zc->zc_nvlist_src_size != 0) { 6741 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 6742 zc->zc_iflags, &innvl); 6743 if (error != 0) 6744 goto out; 6745 } 6746 6747 /* 6748 * Ensure that all pool/dataset names are valid before we pass down to 6749 * the lower layers. 6750 */ 6751 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0'; 6752 switch (vec->zvec_namecheck) { 6753 case POOL_NAME: 6754 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0) 6755 error = SET_ERROR(EINVAL); 6756 else 6757 error = pool_status_check(zc->zc_name, 6758 vec->zvec_namecheck, vec->zvec_pool_check); 6759 break; 6760 6761 case DATASET_NAME: 6762 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0) 6763 error = SET_ERROR(EINVAL); 6764 else 6765 error = pool_status_check(zc->zc_name, 6766 vec->zvec_namecheck, vec->zvec_pool_check); 6767 break; 6768 6769 case NO_NAME: 6770 break; 6771 } 6772 6773 6774 if (error == 0) 6775 error = vec->zvec_secpolicy(zc, innvl, cr); 6776 6777 if (error != 0) 6778 goto out; 6779 6780 /* legacy ioctls can modify zc_name */ 6781 len = strcspn(zc->zc_name, "/@#") + 1; 6782 saved_poolname = kmem_alloc(len, KM_SLEEP); 6783 (void) strlcpy(saved_poolname, zc->zc_name, len); 6784 6785 if (vec->zvec_func != NULL) { 6786 nvlist_t *outnvl; 6787 int puterror = 0; 6788 spa_t *spa; 6789 nvlist_t *lognv = NULL; 6790 6791 ASSERT(vec->zvec_legacy_func == NULL); 6792 6793 /* 6794 * Add the innvl to the lognv before calling the func, 6795 * in case the func changes the innvl. 6796 */ 6797 if (vec->zvec_allow_log) { 6798 lognv = fnvlist_alloc(); 6799 fnvlist_add_string(lognv, ZPOOL_HIST_IOCTL, 6800 vec->zvec_name); 6801 if (!nvlist_empty(innvl)) { 6802 fnvlist_add_nvlist(lognv, ZPOOL_HIST_INPUT_NVL, 6803 innvl); 6804 } 6805 } 6806 6807 outnvl = fnvlist_alloc(); 6808 error = vec->zvec_func(zc->zc_name, innvl, outnvl); 6809 6810 /* 6811 * Some commands can partially execute, modify state, and still 6812 * return an error. In these cases, attempt to record what 6813 * was modified. 6814 */ 6815 if ((error == 0 || 6816 (cmd == ZFS_IOC_CHANNEL_PROGRAM && error != EINVAL)) && 6817 vec->zvec_allow_log && 6818 spa_open(zc->zc_name, &spa, FTAG) == 0) { 6819 if (!nvlist_empty(outnvl)) { 6820 fnvlist_add_nvlist(lognv, ZPOOL_HIST_OUTPUT_NVL, 6821 outnvl); 6822 } 6823 if (error != 0) { 6824 fnvlist_add_int64(lognv, ZPOOL_HIST_ERRNO, 6825 error); 6826 } 6827 (void) spa_history_log_nvl(spa, lognv); 6828 spa_close(spa, FTAG); 6829 } 6830 fnvlist_free(lognv); 6831 6832 if (!nvlist_empty(outnvl) || zc->zc_nvlist_dst_size != 0) { 6833 int smusherror = 0; 6834 if (vec->zvec_smush_outnvlist) { 6835 smusherror = nvlist_smush(outnvl, 6836 zc->zc_nvlist_dst_size); 6837 } 6838 if (smusherror == 0) 6839 puterror = put_nvlist(zc, outnvl); 6840 } 6841 6842 if (puterror != 0) 6843 error = puterror; 6844 6845 nvlist_free(outnvl); 6846 } else { 6847 error = vec->zvec_legacy_func(zc); 6848 } 6849 6850 out: 6851 nvlist_free(innvl); 6852 rc = ddi_copyout(zc, (void *)arg, sizeof (zfs_cmd_t), flag); 6853 if (error == 0 && rc != 0) 6854 error = SET_ERROR(EFAULT); 6855 if (error == 0 && vec->zvec_allow_log) { 6856 char *s = tsd_get(zfs_allow_log_key); 6857 if (s != NULL) 6858 strfree(s); 6859 (void) tsd_set(zfs_allow_log_key, saved_poolname); 6860 } else { 6861 if (saved_poolname != NULL) 6862 strfree(saved_poolname); 6863 } 6864 6865 kmem_free(zc, sizeof (zfs_cmd_t)); 6866 return (error); 6867 } 6868 6869 static int 6870 zfs_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) 6871 { 6872 if (cmd != DDI_ATTACH) 6873 return (DDI_FAILURE); 6874 6875 if (ddi_create_minor_node(dip, "zfs", S_IFCHR, 0, 6876 DDI_PSEUDO, 0) == DDI_FAILURE) 6877 return (DDI_FAILURE); 6878 6879 zfs_dip = dip; 6880 6881 ddi_report_dev(dip); 6882 6883 return (DDI_SUCCESS); 6884 } 6885 6886 static int 6887 zfs_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) 6888 { 6889 if (spa_busy() || zfs_busy() || zvol_busy()) 6890 return (DDI_FAILURE); 6891 6892 if (cmd != DDI_DETACH) 6893 return (DDI_FAILURE); 6894 6895 zfs_dip = NULL; 6896 6897 ddi_prop_remove_all(dip); 6898 ddi_remove_minor_node(dip, NULL); 6899 6900 return (DDI_SUCCESS); 6901 } 6902 6903 /*ARGSUSED*/ 6904 static int 6905 zfs_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result) 6906 { 6907 switch (infocmd) { 6908 case DDI_INFO_DEVT2DEVINFO: 6909 *result = zfs_dip; 6910 return (DDI_SUCCESS); 6911 6912 case DDI_INFO_DEVT2INSTANCE: 6913 *result = (void *)0; 6914 return (DDI_SUCCESS); 6915 } 6916 6917 return (DDI_FAILURE); 6918 } 6919 6920 /* 6921 * OK, so this is a little weird. 6922 * 6923 * /dev/zfs is the control node, i.e. minor 0. 6924 * /dev/zvol/[r]dsk/pool/dataset are the zvols, minor > 0. 6925 * 6926 * /dev/zfs has basically nothing to do except serve up ioctls, 6927 * so most of the standard driver entry points are in zvol.c. 6928 */ 6929 static struct cb_ops zfs_cb_ops = { 6930 zfsdev_open, /* open */ 6931 zfsdev_close, /* close */ 6932 zvol_strategy, /* strategy */ 6933 nodev, /* print */ 6934 zvol_dump, /* dump */ 6935 zvol_read, /* read */ 6936 zvol_write, /* write */ 6937 zfsdev_ioctl, /* ioctl */ 6938 nodev, /* devmap */ 6939 nodev, /* mmap */ 6940 nodev, /* segmap */ 6941 nochpoll, /* poll */ 6942 ddi_prop_op, /* prop_op */ 6943 NULL, /* streamtab */ 6944 D_NEW | D_MP | D_64BIT, /* Driver compatibility flag */ 6945 CB_REV, /* version */ 6946 nodev, /* async read */ 6947 nodev, /* async write */ 6948 }; 6949 6950 static struct dev_ops zfs_dev_ops = { 6951 DEVO_REV, /* version */ 6952 0, /* refcnt */ 6953 zfs_info, /* info */ 6954 nulldev, /* identify */ 6955 nulldev, /* probe */ 6956 zfs_attach, /* attach */ 6957 zfs_detach, /* detach */ 6958 nodev, /* reset */ 6959 &zfs_cb_ops, /* driver operations */ 6960 NULL, /* no bus operations */ 6961 NULL, /* power */ 6962 ddi_quiesce_not_needed, /* quiesce */ 6963 }; 6964 6965 static struct modldrv zfs_modldrv = { 6966 &mod_driverops, 6967 "ZFS storage pool", 6968 &zfs_dev_ops 6969 }; 6970 6971 static struct modlinkage modlinkage = { 6972 MODREV_1, 6973 (void *)&zfs_modlfs, 6974 (void *)&zfs_modldrv, 6975 NULL 6976 }; 6977 6978 static void 6979 zfs_allow_log_destroy(void *arg) 6980 { 6981 char *poolname = arg; 6982 strfree(poolname); 6983 } 6984 6985 int 6986 _init(void) 6987 { 6988 int error; 6989 6990 spa_init(FREAD | FWRITE); 6991 zfs_init(); 6992 zvol_init(); 6993 zfs_ioctl_init(); 6994 6995 if ((error = mod_install(&modlinkage)) != 0) { 6996 zvol_fini(); 6997 zfs_fini(); 6998 spa_fini(); 6999 return (error); 7000 } 7001 7002 tsd_create(&zfs_fsyncer_key, NULL); 7003 tsd_create(&rrw_tsd_key, rrw_tsd_destroy); 7004 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy); 7005 7006 error = ldi_ident_from_mod(&modlinkage, &zfs_li); 7007 ASSERT(error == 0); 7008 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL); 7009 7010 return (0); 7011 } 7012 7013 int 7014 _fini(void) 7015 { 7016 int error; 7017 7018 if (spa_busy() || zfs_busy() || zvol_busy() || zio_injection_enabled) 7019 return (SET_ERROR(EBUSY)); 7020 7021 if ((error = mod_remove(&modlinkage)) != 0) 7022 return (error); 7023 7024 zvol_fini(); 7025 zfs_fini(); 7026 spa_fini(); 7027 if (zfs_nfsshare_inited) 7028 (void) ddi_modclose(nfs_mod); 7029 if (zfs_smbshare_inited) 7030 (void) ddi_modclose(smbsrv_mod); 7031 if (zfs_nfsshare_inited || zfs_smbshare_inited) 7032 (void) ddi_modclose(sharefs_mod); 7033 7034 tsd_destroy(&zfs_fsyncer_key); 7035 ldi_ident_release(zfs_li); 7036 zfs_li = NULL; 7037 mutex_destroy(&zfs_share_lock); 7038 7039 return (error); 7040 } 7041 7042 int 7043 _info(struct modinfo *modinfop) 7044 { 7045 return (mod_info(&modlinkage, modinfop)); 7046 } 7047