1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 #include <sys/types.h> 29 #include <sys/param.h> 30 #include <sys/errno.h> 31 #include <sys/uio.h> 32 #include <sys/buf.h> 33 #include <sys/modctl.h> 34 #include <sys/open.h> 35 #include <sys/file.h> 36 #include <sys/kmem.h> 37 #include <sys/conf.h> 38 #include <sys/cmn_err.h> 39 #include <sys/stat.h> 40 #include <sys/zfs_ioctl.h> 41 #include <sys/zfs_i18n.h> 42 #include <sys/zfs_znode.h> 43 #include <sys/zap.h> 44 #include <sys/spa.h> 45 #include <sys/spa_impl.h> 46 #include <sys/vdev.h> 47 #include <sys/vdev_impl.h> 48 #include <sys/dmu.h> 49 #include <sys/dsl_dir.h> 50 #include <sys/dsl_dataset.h> 51 #include <sys/dsl_prop.h> 52 #include <sys/dsl_deleg.h> 53 #include <sys/dmu_objset.h> 54 #include <sys/ddi.h> 55 #include <sys/sunddi.h> 56 #include <sys/sunldi.h> 57 #include <sys/policy.h> 58 #include <sys/zone.h> 59 #include <sys/nvpair.h> 60 #include <sys/pathname.h> 61 #include <sys/mount.h> 62 #include <sys/sdt.h> 63 #include <sys/fs/zfs.h> 64 #include <sys/zfs_ctldir.h> 65 #include <sys/zfs_dir.h> 66 #include <sys/zvol.h> 67 #include <sharefs/share.h> 68 #include <sys/zfs_znode.h> 69 #include <sys/zfs_vfsops.h> 70 #include <sys/dmu_objset.h> 71 72 #include "zfs_namecheck.h" 73 #include "zfs_prop.h" 74 #include "zfs_deleg.h" 75 76 extern struct modlfs zfs_modlfs; 77 78 extern void zfs_init(void); 79 extern void zfs_fini(void); 80 81 ldi_ident_t zfs_li = NULL; 82 dev_info_t *zfs_dip; 83 84 typedef int zfs_ioc_func_t(zfs_cmd_t *); 85 typedef int zfs_secpolicy_func_t(zfs_cmd_t *, cred_t *); 86 87 typedef struct zfs_ioc_vec { 88 zfs_ioc_func_t *zvec_func; 89 zfs_secpolicy_func_t *zvec_secpolicy; 90 enum { 91 NO_NAME, 92 POOL_NAME, 93 DATASET_NAME 94 } zvec_namecheck; 95 boolean_t zvec_his_log; 96 } zfs_ioc_vec_t; 97 98 /* _NOTE(PRINTFLIKE(4)) - this is printf-like, but lint is too whiney */ 99 void 100 __dprintf(const char *file, const char *func, int line, const char *fmt, ...) 101 { 102 const char *newfile; 103 char buf[256]; 104 va_list adx; 105 106 /* 107 * Get rid of annoying "../common/" prefix to filename. 108 */ 109 newfile = strrchr(file, '/'); 110 if (newfile != NULL) { 111 newfile = newfile + 1; /* Get rid of leading / */ 112 } else { 113 newfile = file; 114 } 115 116 va_start(adx, fmt); 117 (void) vsnprintf(buf, sizeof (buf), fmt, adx); 118 va_end(adx); 119 120 /* 121 * To get this data, use the zfs-dprintf probe as so: 122 * dtrace -q -n 'zfs-dprintf \ 123 * /stringof(arg0) == "dbuf.c"/ \ 124 * {printf("%s: %s", stringof(arg1), stringof(arg3))}' 125 * arg0 = file name 126 * arg1 = function name 127 * arg2 = line number 128 * arg3 = message 129 */ 130 DTRACE_PROBE4(zfs__dprintf, 131 char *, newfile, char *, func, int, line, char *, buf); 132 } 133 134 static void 135 history_str_free(char *buf) 136 { 137 kmem_free(buf, HIS_MAX_RECORD_LEN); 138 } 139 140 static char * 141 history_str_get(zfs_cmd_t *zc) 142 { 143 char *buf; 144 145 if (zc->zc_history == NULL) 146 return (NULL); 147 148 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP); 149 if (copyinstr((void *)(uintptr_t)zc->zc_history, 150 buf, HIS_MAX_RECORD_LEN, NULL) != 0) { 151 history_str_free(buf); 152 return (NULL); 153 } 154 155 buf[HIS_MAX_RECORD_LEN -1] = '\0'; 156 157 return (buf); 158 } 159 160 static int 161 zfs_check_version(const char *name, int version) 162 { 163 164 spa_t *spa; 165 166 if (spa_open(name, &spa, FTAG) == 0) { 167 if (spa_version(spa) < version) { 168 spa_close(spa, FTAG); 169 return (1); 170 } 171 spa_close(spa, FTAG); 172 } 173 return (0); 174 } 175 176 static void 177 zfs_log_history(zfs_cmd_t *zc) 178 { 179 spa_t *spa; 180 char *buf; 181 182 if ((buf = history_str_get(zc)) == NULL) 183 return; 184 185 if (spa_open(zc->zc_name, &spa, FTAG) == 0) { 186 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY) 187 (void) spa_history_log(spa, buf, LOG_CMD_NORMAL); 188 spa_close(spa, FTAG); 189 } 190 history_str_free(buf); 191 } 192 193 /* 194 * Policy for top-level read operations (list pools). Requires no privileges, 195 * and can be used in the local zone, as there is no associated dataset. 196 */ 197 /* ARGSUSED */ 198 static int 199 zfs_secpolicy_none(zfs_cmd_t *zc, cred_t *cr) 200 { 201 return (0); 202 } 203 204 /* 205 * Policy for dataset read operations (list children, get statistics). Requires 206 * no privileges, but must be visible in the local zone. 207 */ 208 /* ARGSUSED */ 209 static int 210 zfs_secpolicy_read(zfs_cmd_t *zc, cred_t *cr) 211 { 212 if (INGLOBALZONE(curproc) || 213 zone_dataset_visible(zc->zc_name, NULL)) 214 return (0); 215 216 return (ENOENT); 217 } 218 219 static int 220 zfs_dozonecheck(const char *dataset, cred_t *cr) 221 { 222 uint64_t zoned; 223 int writable = 1; 224 225 /* 226 * The dataset must be visible by this zone -- check this first 227 * so they don't see EPERM on something they shouldn't know about. 228 */ 229 if (!INGLOBALZONE(curproc) && 230 !zone_dataset_visible(dataset, &writable)) 231 return (ENOENT); 232 233 if (dsl_prop_get_integer(dataset, "zoned", &zoned, NULL)) 234 return (ENOENT); 235 236 if (INGLOBALZONE(curproc)) { 237 /* 238 * If the fs is zoned, only root can access it from the 239 * global zone. 240 */ 241 if (secpolicy_zfs(cr) && zoned) 242 return (EPERM); 243 } else { 244 /* 245 * If we are in a local zone, the 'zoned' property must be set. 246 */ 247 if (!zoned) 248 return (EPERM); 249 250 /* must be writable by this zone */ 251 if (!writable) 252 return (EPERM); 253 } 254 return (0); 255 } 256 257 int 258 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr) 259 { 260 int error; 261 262 error = zfs_dozonecheck(name, cr); 263 if (error == 0) { 264 error = secpolicy_zfs(cr); 265 if (error) 266 error = dsl_deleg_access(name, perm, cr); 267 } 268 return (error); 269 } 270 271 static int 272 zfs_secpolicy_setprop(const char *name, zfs_prop_t prop, cred_t *cr) 273 { 274 /* 275 * Check permissions for special properties. 276 */ 277 switch (prop) { 278 case ZFS_PROP_ZONED: 279 /* 280 * Disallow setting of 'zoned' from within a local zone. 281 */ 282 if (!INGLOBALZONE(curproc)) 283 return (EPERM); 284 break; 285 286 case ZFS_PROP_QUOTA: 287 if (!INGLOBALZONE(curproc)) { 288 uint64_t zoned; 289 char setpoint[MAXNAMELEN]; 290 /* 291 * Unprivileged users are allowed to modify the 292 * quota on things *under* (ie. contained by) 293 * the thing they own. 294 */ 295 if (dsl_prop_get_integer(name, "zoned", &zoned, 296 setpoint)) 297 return (EPERM); 298 if (!zoned || strlen(name) <= strlen(setpoint)) 299 return (EPERM); 300 } 301 break; 302 } 303 304 return (zfs_secpolicy_write_perms(name, zfs_prop_to_name(prop), cr)); 305 } 306 307 int 308 zfs_secpolicy_fsacl(zfs_cmd_t *zc, cred_t *cr) 309 { 310 int error; 311 312 error = zfs_dozonecheck(zc->zc_name, cr); 313 if (error) 314 return (error); 315 316 /* 317 * permission to set permissions will be evaluated later in 318 * dsl_deleg_can_allow() 319 */ 320 return (0); 321 } 322 323 int 324 zfs_secpolicy_rollback(zfs_cmd_t *zc, cred_t *cr) 325 { 326 int error; 327 error = zfs_secpolicy_write_perms(zc->zc_name, 328 ZFS_DELEG_PERM_ROLLBACK, cr); 329 if (error == 0) 330 error = zfs_secpolicy_write_perms(zc->zc_name, 331 ZFS_DELEG_PERM_MOUNT, cr); 332 return (error); 333 } 334 335 int 336 zfs_secpolicy_send(zfs_cmd_t *zc, cred_t *cr) 337 { 338 return (zfs_secpolicy_write_perms(zc->zc_name, 339 ZFS_DELEG_PERM_SEND, cr)); 340 } 341 342 int 343 zfs_secpolicy_share(zfs_cmd_t *zc, cred_t *cr) 344 { 345 if (!INGLOBALZONE(curproc)) 346 return (EPERM); 347 348 if (secpolicy_nfs(CRED()) == 0) { 349 return (0); 350 } else { 351 vnode_t *vp; 352 int error; 353 354 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE, 355 NO_FOLLOW, NULL, &vp)) != 0) 356 return (error); 357 358 /* Now make sure mntpnt and dataset are ZFS */ 359 360 if (vp->v_vfsp->vfs_fstype != zfsfstype || 361 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource), 362 zc->zc_name) != 0)) { 363 VN_RELE(vp); 364 return (EPERM); 365 } 366 367 VN_RELE(vp); 368 return (dsl_deleg_access(zc->zc_name, 369 ZFS_DELEG_PERM_SHARE, cr)); 370 } 371 } 372 373 static int 374 zfs_get_parent(const char *datasetname, char *parent, int parentsize) 375 { 376 char *cp; 377 378 /* 379 * Remove the @bla or /bla from the end of the name to get the parent. 380 */ 381 (void) strncpy(parent, datasetname, parentsize); 382 cp = strrchr(parent, '@'); 383 if (cp != NULL) { 384 cp[0] = '\0'; 385 } else { 386 cp = strrchr(parent, '/'); 387 if (cp == NULL) 388 return (ENOENT); 389 cp[0] = '\0'; 390 } 391 392 return (0); 393 } 394 395 int 396 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr) 397 { 398 int error; 399 400 if ((error = zfs_secpolicy_write_perms(name, 401 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 402 return (error); 403 404 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr)); 405 } 406 407 static int 408 zfs_secpolicy_destroy(zfs_cmd_t *zc, cred_t *cr) 409 { 410 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr)); 411 } 412 413 /* 414 * Must have sys_config privilege to check the iscsi permission 415 */ 416 /* ARGSUSED */ 417 static int 418 zfs_secpolicy_iscsi(zfs_cmd_t *zc, cred_t *cr) 419 { 420 return (secpolicy_zfs(cr)); 421 } 422 423 int 424 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr) 425 { 426 char parentname[MAXNAMELEN]; 427 int error; 428 429 if ((error = zfs_secpolicy_write_perms(from, 430 ZFS_DELEG_PERM_RENAME, cr)) != 0) 431 return (error); 432 433 if ((error = zfs_secpolicy_write_perms(from, 434 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 435 return (error); 436 437 if ((error = zfs_get_parent(to, parentname, 438 sizeof (parentname))) != 0) 439 return (error); 440 441 if ((error = zfs_secpolicy_write_perms(parentname, 442 ZFS_DELEG_PERM_CREATE, cr)) != 0) 443 return (error); 444 445 if ((error = zfs_secpolicy_write_perms(parentname, 446 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 447 return (error); 448 449 return (error); 450 } 451 452 static int 453 zfs_secpolicy_rename(zfs_cmd_t *zc, cred_t *cr) 454 { 455 return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr)); 456 } 457 458 static int 459 zfs_secpolicy_promote(zfs_cmd_t *zc, cred_t *cr) 460 { 461 char parentname[MAXNAMELEN]; 462 objset_t *clone; 463 int error; 464 465 error = zfs_secpolicy_write_perms(zc->zc_name, 466 ZFS_DELEG_PERM_PROMOTE, cr); 467 if (error) 468 return (error); 469 470 error = dmu_objset_open(zc->zc_name, DMU_OST_ANY, 471 DS_MODE_STANDARD | DS_MODE_READONLY, &clone); 472 473 if (error == 0) { 474 dsl_dataset_t *pclone = NULL; 475 dsl_dir_t *dd; 476 dd = clone->os->os_dsl_dataset->ds_dir; 477 478 rw_enter(&dd->dd_pool->dp_config_rwlock, RW_READER); 479 error = dsl_dataset_open_obj(dd->dd_pool, 480 dd->dd_phys->dd_clone_parent_obj, NULL, 481 DS_MODE_NONE, FTAG, &pclone); 482 rw_exit(&dd->dd_pool->dp_config_rwlock); 483 if (error) { 484 dmu_objset_close(clone); 485 return (error); 486 } 487 488 error = zfs_secpolicy_write_perms(zc->zc_name, 489 ZFS_DELEG_PERM_MOUNT, cr); 490 491 dsl_dataset_name(pclone, parentname); 492 dmu_objset_close(clone); 493 dsl_dataset_close(pclone, DS_MODE_NONE, FTAG); 494 if (error == 0) 495 error = zfs_secpolicy_write_perms(parentname, 496 ZFS_DELEG_PERM_PROMOTE, cr); 497 } 498 return (error); 499 } 500 501 static int 502 zfs_secpolicy_receive(zfs_cmd_t *zc, cred_t *cr) 503 { 504 int error; 505 506 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 507 ZFS_DELEG_PERM_RECEIVE, cr)) != 0) 508 return (error); 509 510 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 511 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 512 return (error); 513 514 return (zfs_secpolicy_write_perms(zc->zc_name, 515 ZFS_DELEG_PERM_CREATE, cr)); 516 } 517 518 int 519 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr) 520 { 521 int error; 522 523 if ((error = zfs_secpolicy_write_perms(name, 524 ZFS_DELEG_PERM_SNAPSHOT, cr)) != 0) 525 return (error); 526 527 error = zfs_secpolicy_write_perms(name, 528 ZFS_DELEG_PERM_MOUNT, cr); 529 530 return (error); 531 } 532 533 static int 534 zfs_secpolicy_snapshot(zfs_cmd_t *zc, cred_t *cr) 535 { 536 537 return (zfs_secpolicy_snapshot_perms(zc->zc_name, cr)); 538 } 539 540 static int 541 zfs_secpolicy_create(zfs_cmd_t *zc, cred_t *cr) 542 { 543 char parentname[MAXNAMELEN]; 544 int error; 545 546 if ((error = zfs_get_parent(zc->zc_name, parentname, 547 sizeof (parentname))) != 0) 548 return (error); 549 550 if (zc->zc_value[0] != '\0') { 551 if ((error = zfs_secpolicy_write_perms(zc->zc_value, 552 ZFS_DELEG_PERM_CLONE, cr)) != 0) 553 return (error); 554 } 555 556 if ((error = zfs_secpolicy_write_perms(parentname, 557 ZFS_DELEG_PERM_CREATE, cr)) != 0) 558 return (error); 559 560 error = zfs_secpolicy_write_perms(parentname, 561 ZFS_DELEG_PERM_MOUNT, cr); 562 563 return (error); 564 } 565 566 static int 567 zfs_secpolicy_umount(zfs_cmd_t *zc, cred_t *cr) 568 { 569 int error; 570 571 error = secpolicy_fs_unmount(cr, NULL); 572 if (error) { 573 error = dsl_deleg_access(zc->zc_name, ZFS_DELEG_PERM_MOUNT, cr); 574 } 575 return (error); 576 } 577 578 /* 579 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires 580 * SYS_CONFIG privilege, which is not available in a local zone. 581 */ 582 /* ARGSUSED */ 583 static int 584 zfs_secpolicy_config(zfs_cmd_t *zc, cred_t *cr) 585 { 586 if (secpolicy_sys_config(cr, B_FALSE) != 0) 587 return (EPERM); 588 589 return (0); 590 } 591 592 /* 593 * Just like zfs_secpolicy_config, except that we will check for 594 * mount permission on the dataset for permission to create/remove 595 * the minor nodes. 596 */ 597 static int 598 zfs_secpolicy_minor(zfs_cmd_t *zc, cred_t *cr) 599 { 600 if (secpolicy_sys_config(cr, B_FALSE) != 0) { 601 return (dsl_deleg_access(zc->zc_name, 602 ZFS_DELEG_PERM_MOUNT, cr)); 603 } 604 605 return (0); 606 } 607 608 /* 609 * Policy for fault injection. Requires all privileges. 610 */ 611 /* ARGSUSED */ 612 static int 613 zfs_secpolicy_inject(zfs_cmd_t *zc, cred_t *cr) 614 { 615 return (secpolicy_zinject(cr)); 616 } 617 618 static int 619 zfs_secpolicy_inherit(zfs_cmd_t *zc, cred_t *cr) 620 { 621 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value); 622 623 if (prop == ZPROP_INVAL) { 624 if (!zfs_prop_user(zc->zc_value)) 625 return (EINVAL); 626 return (zfs_secpolicy_write_perms(zc->zc_name, 627 ZFS_DELEG_PERM_USERPROP, cr)); 628 } else { 629 if (!zfs_prop_inheritable(prop)) 630 return (EINVAL); 631 return (zfs_secpolicy_setprop(zc->zc_name, prop, cr)); 632 } 633 } 634 635 /* 636 * Returns the nvlist as specified by the user in the zfs_cmd_t. 637 */ 638 static int 639 get_nvlist(uint64_t nvl, uint64_t size, nvlist_t **nvp) 640 { 641 char *packed; 642 int error; 643 nvlist_t *list = NULL; 644 645 /* 646 * Read in and unpack the user-supplied nvlist. 647 */ 648 if (size == 0) 649 return (EINVAL); 650 651 packed = kmem_alloc(size, KM_SLEEP); 652 653 if ((error = xcopyin((void *)(uintptr_t)nvl, packed, size)) != 0) { 654 kmem_free(packed, size); 655 return (error); 656 } 657 658 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) { 659 kmem_free(packed, size); 660 return (error); 661 } 662 663 kmem_free(packed, size); 664 665 *nvp = list; 666 return (0); 667 } 668 669 static int 670 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl) 671 { 672 char *packed = NULL; 673 size_t size; 674 int error; 675 676 VERIFY(nvlist_size(nvl, &size, NV_ENCODE_NATIVE) == 0); 677 678 if (size > zc->zc_nvlist_dst_size) { 679 error = ENOMEM; 680 } else { 681 packed = kmem_alloc(size, KM_SLEEP); 682 VERIFY(nvlist_pack(nvl, &packed, &size, NV_ENCODE_NATIVE, 683 KM_SLEEP) == 0); 684 error = xcopyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst, 685 size); 686 kmem_free(packed, size); 687 } 688 689 zc->zc_nvlist_dst_size = size; 690 return (error); 691 } 692 693 static int 694 zfs_ioc_pool_create(zfs_cmd_t *zc) 695 { 696 int error; 697 nvlist_t *config, *props = NULL; 698 char *buf; 699 700 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 701 &config)) 702 return (error); 703 704 if (zc->zc_nvlist_src_size != 0 && (error = 705 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, &props))) { 706 nvlist_free(config); 707 return (error); 708 } 709 710 buf = history_str_get(zc); 711 712 error = spa_create(zc->zc_name, config, props, buf); 713 714 if (buf != NULL) 715 history_str_free(buf); 716 717 nvlist_free(config); 718 719 if (props) 720 nvlist_free(props); 721 722 return (error); 723 } 724 725 static int 726 zfs_ioc_pool_destroy(zfs_cmd_t *zc) 727 { 728 int error; 729 zfs_log_history(zc); 730 error = spa_destroy(zc->zc_name); 731 return (error); 732 } 733 734 static int 735 zfs_ioc_pool_import(zfs_cmd_t *zc) 736 { 737 int error; 738 nvlist_t *config, *props = NULL; 739 uint64_t guid; 740 741 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 742 &config)) != 0) 743 return (error); 744 745 if (zc->zc_nvlist_src_size != 0 && (error = 746 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, &props))) { 747 nvlist_free(config); 748 return (error); 749 } 750 751 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 || 752 guid != zc->zc_guid) 753 error = EINVAL; 754 else 755 error = spa_import(zc->zc_name, config, props); 756 757 nvlist_free(config); 758 759 if (props) 760 nvlist_free(props); 761 762 return (error); 763 } 764 765 static int 766 zfs_ioc_pool_export(zfs_cmd_t *zc) 767 { 768 int error; 769 zfs_log_history(zc); 770 error = spa_export(zc->zc_name, NULL); 771 return (error); 772 } 773 774 static int 775 zfs_ioc_pool_configs(zfs_cmd_t *zc) 776 { 777 nvlist_t *configs; 778 int error; 779 780 if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL) 781 return (EEXIST); 782 783 error = put_nvlist(zc, configs); 784 785 nvlist_free(configs); 786 787 return (error); 788 } 789 790 static int 791 zfs_ioc_pool_stats(zfs_cmd_t *zc) 792 { 793 nvlist_t *config; 794 int error; 795 int ret = 0; 796 797 error = spa_get_stats(zc->zc_name, &config, zc->zc_value, 798 sizeof (zc->zc_value)); 799 800 if (config != NULL) { 801 ret = put_nvlist(zc, config); 802 nvlist_free(config); 803 804 /* 805 * The config may be present even if 'error' is non-zero. 806 * In this case we return success, and preserve the real errno 807 * in 'zc_cookie'. 808 */ 809 zc->zc_cookie = error; 810 } else { 811 ret = error; 812 } 813 814 return (ret); 815 } 816 817 /* 818 * Try to import the given pool, returning pool stats as appropriate so that 819 * user land knows which devices are available and overall pool health. 820 */ 821 static int 822 zfs_ioc_pool_tryimport(zfs_cmd_t *zc) 823 { 824 nvlist_t *tryconfig, *config; 825 int error; 826 827 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 828 &tryconfig)) != 0) 829 return (error); 830 831 config = spa_tryimport(tryconfig); 832 833 nvlist_free(tryconfig); 834 835 if (config == NULL) 836 return (EINVAL); 837 838 error = put_nvlist(zc, config); 839 nvlist_free(config); 840 841 return (error); 842 } 843 844 static int 845 zfs_ioc_pool_scrub(zfs_cmd_t *zc) 846 { 847 spa_t *spa; 848 int error; 849 850 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 851 return (error); 852 853 mutex_enter(&spa_namespace_lock); 854 error = spa_scrub(spa, zc->zc_cookie, B_FALSE); 855 mutex_exit(&spa_namespace_lock); 856 857 spa_close(spa, FTAG); 858 859 return (error); 860 } 861 862 static int 863 zfs_ioc_pool_freeze(zfs_cmd_t *zc) 864 { 865 spa_t *spa; 866 int error; 867 868 error = spa_open(zc->zc_name, &spa, FTAG); 869 if (error == 0) { 870 spa_freeze(spa); 871 spa_close(spa, FTAG); 872 } 873 return (error); 874 } 875 876 static int 877 zfs_ioc_pool_upgrade(zfs_cmd_t *zc) 878 { 879 spa_t *spa; 880 int error; 881 882 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 883 return (error); 884 885 if (zc->zc_cookie < spa_version(spa) || zc->zc_cookie > SPA_VERSION) { 886 spa_close(spa, FTAG); 887 return (EINVAL); 888 } 889 890 spa_upgrade(spa, zc->zc_cookie); 891 spa_close(spa, FTAG); 892 893 return (error); 894 } 895 896 static int 897 zfs_ioc_pool_get_history(zfs_cmd_t *zc) 898 { 899 spa_t *spa; 900 char *hist_buf; 901 uint64_t size; 902 int error; 903 904 if ((size = zc->zc_history_len) == 0) 905 return (EINVAL); 906 907 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 908 return (error); 909 910 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) { 911 spa_close(spa, FTAG); 912 return (ENOTSUP); 913 } 914 915 hist_buf = kmem_alloc(size, KM_SLEEP); 916 if ((error = spa_history_get(spa, &zc->zc_history_offset, 917 &zc->zc_history_len, hist_buf)) == 0) { 918 error = xcopyout(hist_buf, 919 (char *)(uintptr_t)zc->zc_history, 920 zc->zc_history_len); 921 } 922 923 spa_close(spa, FTAG); 924 kmem_free(hist_buf, size); 925 return (error); 926 } 927 928 static int 929 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc) 930 { 931 int error; 932 933 if (error = dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value)) 934 return (error); 935 936 return (0); 937 } 938 939 static int 940 zfs_ioc_obj_to_path(zfs_cmd_t *zc) 941 { 942 objset_t *osp; 943 int error; 944 945 if ((error = dmu_objset_open(zc->zc_name, DMU_OST_ZFS, 946 DS_MODE_NONE | DS_MODE_READONLY, &osp)) != 0) 947 return (error); 948 949 error = zfs_obj_to_path(osp, zc->zc_obj, zc->zc_value, 950 sizeof (zc->zc_value)); 951 dmu_objset_close(osp); 952 953 return (error); 954 } 955 956 static int 957 zfs_ioc_vdev_add(zfs_cmd_t *zc) 958 { 959 spa_t *spa; 960 int error; 961 nvlist_t *config; 962 963 error = spa_open(zc->zc_name, &spa, FTAG); 964 if (error != 0) 965 return (error); 966 967 /* 968 * A root pool with concatenated devices is not supported. 969 * Thus, can not add a device to a root pool with one device. 970 */ 971 if (spa->spa_root_vdev->vdev_children == 1 && spa->spa_bootfs != 0) { 972 spa_close(spa, FTAG); 973 return (EDOM); 974 } 975 976 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 977 &config)) == 0) { 978 error = spa_vdev_add(spa, config); 979 nvlist_free(config); 980 } 981 spa_close(spa, FTAG); 982 return (error); 983 } 984 985 static int 986 zfs_ioc_vdev_remove(zfs_cmd_t *zc) 987 { 988 spa_t *spa; 989 int error; 990 991 error = spa_open(zc->zc_name, &spa, FTAG); 992 if (error != 0) 993 return (error); 994 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE); 995 spa_close(spa, FTAG); 996 return (error); 997 } 998 999 static int 1000 zfs_ioc_vdev_set_state(zfs_cmd_t *zc) 1001 { 1002 spa_t *spa; 1003 int error; 1004 vdev_state_t newstate = VDEV_STATE_UNKNOWN; 1005 1006 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1007 return (error); 1008 switch (zc->zc_cookie) { 1009 case VDEV_STATE_ONLINE: 1010 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate); 1011 break; 1012 1013 case VDEV_STATE_OFFLINE: 1014 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj); 1015 break; 1016 1017 case VDEV_STATE_FAULTED: 1018 error = vdev_fault(spa, zc->zc_guid); 1019 break; 1020 1021 case VDEV_STATE_DEGRADED: 1022 error = vdev_degrade(spa, zc->zc_guid); 1023 break; 1024 1025 default: 1026 error = EINVAL; 1027 } 1028 zc->zc_cookie = newstate; 1029 spa_close(spa, FTAG); 1030 return (error); 1031 } 1032 1033 static int 1034 zfs_ioc_vdev_attach(zfs_cmd_t *zc) 1035 { 1036 spa_t *spa; 1037 int replacing = zc->zc_cookie; 1038 nvlist_t *config; 1039 int error; 1040 1041 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1042 return (error); 1043 1044 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1045 &config)) == 0) { 1046 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing); 1047 nvlist_free(config); 1048 } 1049 1050 spa_close(spa, FTAG); 1051 return (error); 1052 } 1053 1054 static int 1055 zfs_ioc_vdev_detach(zfs_cmd_t *zc) 1056 { 1057 spa_t *spa; 1058 int error; 1059 1060 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1061 return (error); 1062 1063 error = spa_vdev_detach(spa, zc->zc_guid, B_FALSE); 1064 1065 spa_close(spa, FTAG); 1066 return (error); 1067 } 1068 1069 static int 1070 zfs_ioc_vdev_setpath(zfs_cmd_t *zc) 1071 { 1072 spa_t *spa; 1073 char *path = zc->zc_value; 1074 uint64_t guid = zc->zc_guid; 1075 int error; 1076 1077 error = spa_open(zc->zc_name, &spa, FTAG); 1078 if (error != 0) 1079 return (error); 1080 1081 error = spa_vdev_setpath(spa, guid, path); 1082 spa_close(spa, FTAG); 1083 return (error); 1084 } 1085 1086 static int 1087 zfs_ioc_objset_stats(zfs_cmd_t *zc) 1088 { 1089 objset_t *os = NULL; 1090 int error; 1091 nvlist_t *nv; 1092 1093 retry: 1094 error = dmu_objset_open(zc->zc_name, DMU_OST_ANY, 1095 DS_MODE_STANDARD | DS_MODE_READONLY, &os); 1096 if (error != 0) { 1097 /* 1098 * This is ugly: dmu_objset_open() can return EBUSY if 1099 * the objset is held exclusively. Fortunately this hold is 1100 * only for a short while, so we retry here. 1101 * This avoids user code having to handle EBUSY, 1102 * for example for a "zfs list". 1103 */ 1104 if (error == EBUSY) { 1105 delay(1); 1106 goto retry; 1107 } 1108 return (error); 1109 } 1110 1111 dmu_objset_fast_stat(os, &zc->zc_objset_stats); 1112 1113 if (zc->zc_nvlist_dst != 0 && 1114 (error = dsl_prop_get_all(os, &nv)) == 0) { 1115 dmu_objset_stats(os, nv); 1116 /* 1117 * NB: zvol_get_stats() will read the objset contents, 1118 * which we aren't supposed to do with a 1119 * DS_MODE_STANDARD open, because it could be 1120 * inconsistent. So this is a bit of a workaround... 1121 */ 1122 if (!zc->zc_objset_stats.dds_inconsistent) { 1123 if (dmu_objset_type(os) == DMU_OST_ZVOL) 1124 VERIFY(zvol_get_stats(os, nv) == 0); 1125 } 1126 error = put_nvlist(zc, nv); 1127 nvlist_free(nv); 1128 } 1129 1130 spa_altroot(dmu_objset_spa(os), zc->zc_value, sizeof (zc->zc_value)); 1131 1132 dmu_objset_close(os); 1133 return (error); 1134 } 1135 1136 static int 1137 zfs_ioc_objset_version(zfs_cmd_t *zc) 1138 { 1139 objset_t *os = NULL; 1140 int error; 1141 1142 retry: 1143 error = dmu_objset_open(zc->zc_name, DMU_OST_ANY, 1144 DS_MODE_STANDARD | DS_MODE_READONLY, &os); 1145 if (error != 0) { 1146 /* 1147 * This is ugly: dmu_objset_open() can return EBUSY if 1148 * the objset is held exclusively. Fortunately this hold is 1149 * only for a short while, so we retry here. 1150 * This avoids user code having to handle EBUSY, 1151 * for example for a "zfs list". 1152 */ 1153 if (error == EBUSY) { 1154 delay(1); 1155 goto retry; 1156 } 1157 return (error); 1158 } 1159 1160 dmu_objset_fast_stat(os, &zc->zc_objset_stats); 1161 1162 /* 1163 * NB: zfs_get_version() will read the objset contents, 1164 * which we aren't supposed to do with a 1165 * DS_MODE_STANDARD open, because it could be 1166 * inconsistent. So this is a bit of a workaround... 1167 */ 1168 zc->zc_cookie = 0; 1169 if (!zc->zc_objset_stats.dds_inconsistent) 1170 if (dmu_objset_type(os) == DMU_OST_ZFS) 1171 (void) zfs_get_version(os, &zc->zc_cookie); 1172 1173 dmu_objset_close(os); 1174 return (0); 1175 } 1176 1177 static int 1178 zfs_ioc_dataset_list_next(zfs_cmd_t *zc) 1179 { 1180 objset_t *os; 1181 int error; 1182 char *p; 1183 1184 retry: 1185 error = dmu_objset_open(zc->zc_name, DMU_OST_ANY, 1186 DS_MODE_STANDARD | DS_MODE_READONLY, &os); 1187 if (error != 0) { 1188 /* 1189 * This is ugly: dmu_objset_open() can return EBUSY if 1190 * the objset is held exclusively. Fortunately this hold is 1191 * only for a short while, so we retry here. 1192 * This avoids user code having to handle EBUSY, 1193 * for example for a "zfs list". 1194 */ 1195 if (error == EBUSY) { 1196 delay(1); 1197 goto retry; 1198 } 1199 if (error == ENOENT) 1200 error = ESRCH; 1201 return (error); 1202 } 1203 1204 p = strrchr(zc->zc_name, '/'); 1205 if (p == NULL || p[1] != '\0') 1206 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name)); 1207 p = zc->zc_name + strlen(zc->zc_name); 1208 1209 do { 1210 error = dmu_dir_list_next(os, 1211 sizeof (zc->zc_name) - (p - zc->zc_name), p, 1212 NULL, &zc->zc_cookie); 1213 if (error == ENOENT) 1214 error = ESRCH; 1215 } while (error == 0 && !INGLOBALZONE(curproc) && 1216 !zone_dataset_visible(zc->zc_name, NULL)); 1217 1218 /* 1219 * If it's a hidden dataset (ie. with a '$' in its name), don't 1220 * try to get stats for it. Userland will skip over it. 1221 */ 1222 if (error == 0 && strchr(zc->zc_name, '$') == NULL) 1223 error = zfs_ioc_objset_stats(zc); /* fill in the stats */ 1224 1225 dmu_objset_close(os); 1226 return (error); 1227 } 1228 1229 static int 1230 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc) 1231 { 1232 objset_t *os; 1233 int error; 1234 1235 retry: 1236 error = dmu_objset_open(zc->zc_name, DMU_OST_ANY, 1237 DS_MODE_STANDARD | DS_MODE_READONLY, &os); 1238 if (error != 0) { 1239 /* 1240 * This is ugly: dmu_objset_open() can return EBUSY if 1241 * the objset is held exclusively. Fortunately this hold is 1242 * only for a short while, so we retry here. 1243 * This avoids user code having to handle EBUSY, 1244 * for example for a "zfs list". 1245 */ 1246 if (error == EBUSY) { 1247 delay(1); 1248 goto retry; 1249 } 1250 if (error == ENOENT) 1251 error = ESRCH; 1252 return (error); 1253 } 1254 1255 /* 1256 * A dataset name of maximum length cannot have any snapshots, 1257 * so exit immediately. 1258 */ 1259 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >= MAXNAMELEN) { 1260 dmu_objset_close(os); 1261 return (ESRCH); 1262 } 1263 1264 error = dmu_snapshot_list_next(os, 1265 sizeof (zc->zc_name) - strlen(zc->zc_name), 1266 zc->zc_name + strlen(zc->zc_name), NULL, &zc->zc_cookie); 1267 if (error == ENOENT) 1268 error = ESRCH; 1269 1270 if (error == 0) 1271 error = zfs_ioc_objset_stats(zc); /* fill in the stats */ 1272 1273 dmu_objset_close(os); 1274 return (error); 1275 } 1276 1277 static int 1278 zfs_set_prop_nvlist(const char *name, nvlist_t *nvl) 1279 { 1280 nvpair_t *elem; 1281 int error; 1282 uint64_t intval; 1283 char *strval; 1284 1285 /* 1286 * First validate permission to set all of the properties 1287 */ 1288 elem = NULL; 1289 while ((elem = nvlist_next_nvpair(nvl, elem)) != NULL) { 1290 const char *propname = nvpair_name(elem); 1291 zfs_prop_t prop = zfs_name_to_prop(propname); 1292 1293 if (prop == ZPROP_INVAL) { 1294 /* 1295 * If this is a user-defined property, it must be a 1296 * string, and there is no further validation to do. 1297 */ 1298 if (!zfs_prop_user(propname) || 1299 nvpair_type(elem) != DATA_TYPE_STRING) 1300 return (EINVAL); 1301 1302 if (error = zfs_secpolicy_write_perms(name, 1303 ZFS_DELEG_PERM_USERPROP, CRED())) 1304 return (error); 1305 continue; 1306 } 1307 1308 if ((error = zfs_secpolicy_setprop(name, prop, CRED())) != 0) 1309 return (error); 1310 1311 /* 1312 * Check that this value is valid for this pool version 1313 */ 1314 switch (prop) { 1315 case ZFS_PROP_COMPRESSION: 1316 /* 1317 * If the user specified gzip compression, make sure 1318 * the SPA supports it. We ignore any errors here since 1319 * we'll catch them later. 1320 */ 1321 if (nvpair_type(elem) == DATA_TYPE_UINT64 && 1322 nvpair_value_uint64(elem, &intval) == 0 && 1323 intval >= ZIO_COMPRESS_GZIP_1 && 1324 intval <= ZIO_COMPRESS_GZIP_9) { 1325 if (zfs_check_version(name, 1326 SPA_VERSION_GZIP_COMPRESSION)) 1327 return (ENOTSUP); 1328 } 1329 break; 1330 1331 case ZFS_PROP_COPIES: 1332 if (zfs_check_version(name, SPA_VERSION_DITTO_BLOCKS)) 1333 return (ENOTSUP); 1334 break; 1335 case ZFS_PROP_NORMALIZE: 1336 case ZFS_PROP_UTF8ONLY: 1337 case ZFS_PROP_CASE: 1338 if (zfs_check_version(name, SPA_VERSION_NORMALIZATION)) 1339 return (ENOTSUP); 1340 1341 } 1342 if ((error = zfs_secpolicy_setprop(name, prop, CRED())) != 0) 1343 return (error); 1344 } 1345 1346 elem = NULL; 1347 while ((elem = nvlist_next_nvpair(nvl, elem)) != NULL) { 1348 const char *propname = nvpair_name(elem); 1349 zfs_prop_t prop = zfs_name_to_prop(propname); 1350 1351 if (prop == ZPROP_INVAL) { 1352 VERIFY(nvpair_value_string(elem, &strval) == 0); 1353 error = dsl_prop_set(name, propname, 1, 1354 strlen(strval) + 1, strval); 1355 if (error == 0) 1356 continue; 1357 else 1358 return (error); 1359 } 1360 1361 switch (prop) { 1362 case ZFS_PROP_QUOTA: 1363 if ((error = nvpair_value_uint64(elem, &intval)) != 0 || 1364 (error = dsl_dir_set_quota(name, intval)) != 0) 1365 return (error); 1366 break; 1367 1368 case ZFS_PROP_RESERVATION: 1369 if ((error = nvpair_value_uint64(elem, &intval)) != 0 || 1370 (error = dsl_dir_set_reservation(name, 1371 intval)) != 0) 1372 return (error); 1373 break; 1374 1375 case ZFS_PROP_VOLSIZE: 1376 if ((error = nvpair_value_uint64(elem, &intval)) != 0 || 1377 (error = zvol_set_volsize(name, 1378 ddi_driver_major(zfs_dip), intval)) != 0) 1379 return (error); 1380 break; 1381 1382 case ZFS_PROP_VOLBLOCKSIZE: 1383 if ((error = nvpair_value_uint64(elem, &intval)) != 0 || 1384 (error = zvol_set_volblocksize(name, intval)) != 0) 1385 return (error); 1386 break; 1387 1388 case ZFS_PROP_VERSION: 1389 if ((error = nvpair_value_uint64(elem, &intval)) != 0 || 1390 (error = zfs_set_version(name, intval)) != 0) 1391 return (error); 1392 break; 1393 1394 default: 1395 if (nvpair_type(elem) == DATA_TYPE_STRING) { 1396 if (zfs_prop_get_type(prop) != 1397 PROP_TYPE_STRING) 1398 return (EINVAL); 1399 VERIFY(nvpair_value_string(elem, &strval) == 0); 1400 if ((error = dsl_prop_set(name, 1401 nvpair_name(elem), 1, strlen(strval) + 1, 1402 strval)) != 0) 1403 return (error); 1404 } else if (nvpair_type(elem) == DATA_TYPE_UINT64) { 1405 const char *unused; 1406 1407 VERIFY(nvpair_value_uint64(elem, &intval) == 0); 1408 1409 switch (zfs_prop_get_type(prop)) { 1410 case PROP_TYPE_NUMBER: 1411 break; 1412 case PROP_TYPE_STRING: 1413 return (EINVAL); 1414 case PROP_TYPE_INDEX: 1415 if (zfs_prop_index_to_string(prop, 1416 intval, &unused) != 0) 1417 return (EINVAL); 1418 break; 1419 default: 1420 cmn_err(CE_PANIC, 1421 "unknown property type"); 1422 break; 1423 } 1424 1425 if ((error = dsl_prop_set(name, propname, 1426 8, 1, &intval)) != 0) 1427 return (error); 1428 } else { 1429 return (EINVAL); 1430 } 1431 break; 1432 } 1433 } 1434 1435 return (0); 1436 } 1437 1438 static int 1439 zfs_ioc_set_prop(zfs_cmd_t *zc) 1440 { 1441 nvlist_t *nvl; 1442 int error; 1443 1444 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1445 &nvl)) != 0) 1446 return (error); 1447 1448 error = zfs_set_prop_nvlist(zc->zc_name, nvl); 1449 1450 nvlist_free(nvl); 1451 return (error); 1452 } 1453 1454 static int 1455 zfs_ioc_inherit_prop(zfs_cmd_t *zc) 1456 { 1457 /* the property name has been validated by zfs_secpolicy_inherit() */ 1458 return (dsl_prop_set(zc->zc_name, zc->zc_value, 0, 0, NULL)); 1459 } 1460 1461 static int 1462 zfs_ioc_pool_set_props(zfs_cmd_t *zc) 1463 { 1464 nvlist_t *props; 1465 spa_t *spa; 1466 int error; 1467 1468 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1469 &props))) 1470 return (error); 1471 1472 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) { 1473 nvlist_free(props); 1474 return (error); 1475 } 1476 1477 error = spa_prop_set(spa, props); 1478 1479 nvlist_free(props); 1480 spa_close(spa, FTAG); 1481 1482 return (error); 1483 } 1484 1485 static int 1486 zfs_ioc_pool_get_props(zfs_cmd_t *zc) 1487 { 1488 spa_t *spa; 1489 int error; 1490 nvlist_t *nvp = NULL; 1491 1492 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1493 return (error); 1494 1495 error = spa_prop_get(spa, &nvp); 1496 1497 if (error == 0 && zc->zc_nvlist_dst != NULL) 1498 error = put_nvlist(zc, nvp); 1499 else 1500 error = EFAULT; 1501 1502 spa_close(spa, FTAG); 1503 1504 if (nvp) 1505 nvlist_free(nvp); 1506 return (error); 1507 } 1508 1509 static int 1510 zfs_ioc_iscsi_perm_check(zfs_cmd_t *zc) 1511 { 1512 nvlist_t *nvp; 1513 int error; 1514 uint32_t uid; 1515 uint32_t gid; 1516 uint32_t *groups; 1517 uint_t group_cnt; 1518 cred_t *usercred; 1519 1520 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1521 &nvp)) != 0) { 1522 return (error); 1523 } 1524 1525 if ((error = nvlist_lookup_uint32(nvp, 1526 ZFS_DELEG_PERM_UID, &uid)) != 0) { 1527 nvlist_free(nvp); 1528 return (EPERM); 1529 } 1530 1531 if ((error = nvlist_lookup_uint32(nvp, 1532 ZFS_DELEG_PERM_GID, &gid)) != 0) { 1533 nvlist_free(nvp); 1534 return (EPERM); 1535 } 1536 1537 if ((error = nvlist_lookup_uint32_array(nvp, ZFS_DELEG_PERM_GROUPS, 1538 &groups, &group_cnt)) != 0) { 1539 nvlist_free(nvp); 1540 return (EPERM); 1541 } 1542 usercred = cralloc(); 1543 if ((crsetugid(usercred, uid, gid) != 0) || 1544 (crsetgroups(usercred, group_cnt, (gid_t *)groups) != 0)) { 1545 nvlist_free(nvp); 1546 crfree(usercred); 1547 return (EPERM); 1548 } 1549 nvlist_free(nvp); 1550 error = dsl_deleg_access(zc->zc_name, 1551 zfs_prop_to_name(ZFS_PROP_SHAREISCSI), usercred); 1552 crfree(usercred); 1553 return (error); 1554 } 1555 1556 static int 1557 zfs_ioc_set_fsacl(zfs_cmd_t *zc) 1558 { 1559 int error; 1560 nvlist_t *fsaclnv = NULL; 1561 1562 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1563 &fsaclnv)) != 0) 1564 return (error); 1565 1566 /* 1567 * Verify nvlist is constructed correctly 1568 */ 1569 if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) { 1570 nvlist_free(fsaclnv); 1571 return (EINVAL); 1572 } 1573 1574 /* 1575 * If we don't have PRIV_SYS_MOUNT, then validate 1576 * that user is allowed to hand out each permission in 1577 * the nvlist(s) 1578 */ 1579 1580 error = secpolicy_zfs(CRED()); 1581 if (error) { 1582 if (zc->zc_perm_action == B_FALSE) { 1583 error = dsl_deleg_can_allow(zc->zc_name, 1584 fsaclnv, CRED()); 1585 } else { 1586 error = dsl_deleg_can_unallow(zc->zc_name, 1587 fsaclnv, CRED()); 1588 } 1589 } 1590 1591 if (error == 0) 1592 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action); 1593 1594 nvlist_free(fsaclnv); 1595 return (error); 1596 } 1597 1598 static int 1599 zfs_ioc_get_fsacl(zfs_cmd_t *zc) 1600 { 1601 nvlist_t *nvp; 1602 int error; 1603 1604 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) { 1605 error = put_nvlist(zc, nvp); 1606 nvlist_free(nvp); 1607 } 1608 1609 return (error); 1610 } 1611 1612 static int 1613 zfs_ioc_create_minor(zfs_cmd_t *zc) 1614 { 1615 return (zvol_create_minor(zc->zc_name, ddi_driver_major(zfs_dip))); 1616 } 1617 1618 static int 1619 zfs_ioc_remove_minor(zfs_cmd_t *zc) 1620 { 1621 return (zvol_remove_minor(zc->zc_name)); 1622 } 1623 1624 /* 1625 * Search the vfs list for a specified resource. Returns a pointer to it 1626 * or NULL if no suitable entry is found. The caller of this routine 1627 * is responsible for releasing the returned vfs pointer. 1628 */ 1629 static vfs_t * 1630 zfs_get_vfs(const char *resource) 1631 { 1632 struct vfs *vfsp; 1633 struct vfs *vfs_found = NULL; 1634 1635 vfs_list_read_lock(); 1636 vfsp = rootvfs; 1637 do { 1638 if (strcmp(refstr_value(vfsp->vfs_resource), resource) == 0) { 1639 VFS_HOLD(vfsp); 1640 vfs_found = vfsp; 1641 break; 1642 } 1643 vfsp = vfsp->vfs_next; 1644 } while (vfsp != rootvfs); 1645 vfs_list_unlock(); 1646 return (vfs_found); 1647 } 1648 1649 /* ARGSUSED */ 1650 static void 1651 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx) 1652 { 1653 zfs_creat_t *zct = arg; 1654 uint64_t version; 1655 1656 if (spa_version(dmu_objset_spa(os)) >= SPA_VERSION_FUID) 1657 version = ZPL_VERSION; 1658 else 1659 version = ZPL_VERSION_FUID - 1; 1660 1661 (void) nvlist_lookup_uint64(zct->zct_props, 1662 zfs_prop_to_name(ZFS_PROP_VERSION), &version); 1663 1664 zfs_create_fs(os, cr, version, zct->zct_norm, tx); 1665 } 1666 1667 /* 1668 * zfs_prop_lookup() 1669 * 1670 * Look for the property first in the existing property nvlist. If 1671 * it's already present, you're done. If it's not there, attempt to 1672 * find the property value from a parent dataset. If that fails, fall 1673 * back to the property's default value. In either of these two 1674 * cases, if update is TRUE, add a value for the property to the 1675 * property nvlist. 1676 * 1677 * If the rval pointer is non-NULL, copy the discovered value to rval. 1678 * 1679 * If we get any unexpected errors, bail and return the error number 1680 * to the caller. 1681 * 1682 * If we succeed, return 0. 1683 */ 1684 static int 1685 zfs_prop_lookup(const char *parentname, zfs_prop_t propnum, 1686 nvlist_t *proplist, uint64_t *rval, boolean_t update) 1687 { 1688 const char *propname; 1689 uint64_t value; 1690 int error = ENOENT; 1691 1692 propname = zfs_prop_to_name(propnum); 1693 if (proplist != NULL) 1694 error = nvlist_lookup_uint64(proplist, propname, &value); 1695 if (error == ENOENT) { 1696 error = dsl_prop_get_integer(parentname, propname, 1697 &value, NULL); 1698 if (error == ENOENT) 1699 value = zfs_prop_default_numeric(propnum); 1700 else if (error != 0) 1701 return (error); 1702 if (update) { 1703 ASSERT(proplist != NULL); 1704 error = nvlist_add_uint64(proplist, propname, value); 1705 } 1706 } 1707 if (error == 0 && rval) 1708 *rval = value; 1709 return (error); 1710 } 1711 1712 /* 1713 * zfs_normalization_get 1714 * 1715 * Get the normalization flag value. If the properties have 1716 * non-default values, make sure the pool version is recent enough to 1717 * support these choices. 1718 */ 1719 static int 1720 zfs_normalization_get(const char *dataset, nvlist_t *proplist, int *norm, 1721 boolean_t update) 1722 { 1723 char parentname[MAXNAMELEN]; 1724 char poolname[MAXNAMELEN]; 1725 char *cp; 1726 uint64_t value; 1727 int check = 0; 1728 int error; 1729 1730 ASSERT(norm != NULL); 1731 *norm = 0; 1732 1733 (void) strncpy(parentname, dataset, sizeof (parentname)); 1734 cp = strrchr(parentname, '@'); 1735 if (cp != NULL) { 1736 cp[0] = '\0'; 1737 } else { 1738 cp = strrchr(parentname, '/'); 1739 if (cp == NULL) 1740 return (ENOENT); 1741 cp[0] = '\0'; 1742 } 1743 1744 (void) strncpy(poolname, dataset, sizeof (poolname)); 1745 cp = strchr(poolname, '/'); 1746 if (cp != NULL) 1747 cp[0] = '\0'; 1748 1749 error = zfs_prop_lookup(parentname, ZFS_PROP_UTF8ONLY, 1750 proplist, &value, update); 1751 if (error != 0) 1752 return (error); 1753 if (value != zfs_prop_default_numeric(ZFS_PROP_UTF8ONLY)) 1754 check = 1; 1755 1756 error = zfs_prop_lookup(parentname, ZFS_PROP_NORMALIZE, 1757 proplist, &value, update); 1758 if (error != 0) 1759 return (error); 1760 if (value != zfs_prop_default_numeric(ZFS_PROP_NORMALIZE)) { 1761 check = 1; 1762 switch ((int)value) { 1763 case ZFS_NORMALIZE_NONE: 1764 break; 1765 case ZFS_NORMALIZE_C: 1766 *norm |= U8_TEXTPREP_NFC; 1767 break; 1768 case ZFS_NORMALIZE_D: 1769 *norm |= U8_TEXTPREP_NFD; 1770 break; 1771 case ZFS_NORMALIZE_KC: 1772 *norm |= U8_TEXTPREP_NFKC; 1773 break; 1774 case ZFS_NORMALIZE_KD: 1775 *norm |= U8_TEXTPREP_NFKD; 1776 break; 1777 default: 1778 ASSERT((int)value >= ZFS_NORMALIZE_NONE); 1779 ASSERT((int)value <= ZFS_NORMALIZE_KD); 1780 break; 1781 } 1782 } 1783 1784 error = zfs_prop_lookup(parentname, ZFS_PROP_CASE, 1785 proplist, &value, update); 1786 if (error != 0) 1787 return (error); 1788 if (value != zfs_prop_default_numeric(ZFS_PROP_CASE)) { 1789 check = 1; 1790 switch ((int)value) { 1791 case ZFS_CASE_SENSITIVE: 1792 break; 1793 case ZFS_CASE_INSENSITIVE: 1794 *norm |= U8_TEXTPREP_TOUPPER; 1795 break; 1796 case ZFS_CASE_MIXED: 1797 *norm |= U8_TEXTPREP_TOUPPER; 1798 break; 1799 default: 1800 ASSERT((int)value >= ZFS_CASE_SENSITIVE); 1801 ASSERT((int)value <= ZFS_CASE_MIXED); 1802 break; 1803 } 1804 } 1805 1806 if (check == 1) 1807 if (zfs_check_version(poolname, SPA_VERSION_NORMALIZATION)) 1808 return (ENOTSUP); 1809 return (0); 1810 } 1811 1812 static int 1813 zfs_ioc_create(zfs_cmd_t *zc) 1814 { 1815 objset_t *clone; 1816 int error = 0; 1817 zfs_creat_t zct; 1818 nvlist_t *nvprops = NULL; 1819 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx); 1820 dmu_objset_type_t type = zc->zc_objset_type; 1821 1822 switch (type) { 1823 1824 case DMU_OST_ZFS: 1825 cbfunc = zfs_create_cb; 1826 break; 1827 1828 case DMU_OST_ZVOL: 1829 cbfunc = zvol_create_cb; 1830 break; 1831 1832 default: 1833 cbfunc = NULL; 1834 } 1835 if (strchr(zc->zc_name, '@') || 1836 strchr(zc->zc_name, '%')) 1837 return (EINVAL); 1838 1839 if (zc->zc_nvlist_src != NULL && 1840 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1841 &nvprops)) != 0) 1842 return (error); 1843 1844 zct.zct_norm = 0; 1845 zct.zct_props = nvprops; 1846 1847 if (zc->zc_value[0] != '\0') { 1848 /* 1849 * We're creating a clone of an existing snapshot. 1850 */ 1851 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0'; 1852 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0) { 1853 nvlist_free(nvprops); 1854 return (EINVAL); 1855 } 1856 1857 error = dmu_objset_open(zc->zc_value, type, 1858 DS_MODE_STANDARD | DS_MODE_READONLY, &clone); 1859 if (error) { 1860 nvlist_free(nvprops); 1861 return (error); 1862 } 1863 error = dmu_objset_create(zc->zc_name, type, clone, NULL, NULL); 1864 if (error) { 1865 dmu_objset_close(clone); 1866 nvlist_free(nvprops); 1867 return (error); 1868 } 1869 /* 1870 * If caller did not provide any properties, allocate 1871 * an nvlist for properties, as we will be adding our set-once 1872 * properties to it. This carries the choices made on the 1873 * original file system into the clone. 1874 */ 1875 if (nvprops == NULL) 1876 VERIFY(nvlist_alloc(&nvprops, 1877 NV_UNIQUE_NAME, KM_SLEEP) == 0); 1878 1879 /* 1880 * We have to have normalization and case-folding 1881 * flags correct when we do the file system creation, 1882 * so go figure them out now. All we really care about 1883 * here is getting these values into the property list. 1884 */ 1885 error = zfs_normalization_get(zc->zc_value, nvprops, 1886 &zct.zct_norm, B_TRUE); 1887 if (error != 0) { 1888 dmu_objset_close(clone); 1889 nvlist_free(nvprops); 1890 return (error); 1891 } 1892 dmu_objset_close(clone); 1893 } else { 1894 if (cbfunc == NULL) { 1895 nvlist_free(nvprops); 1896 return (EINVAL); 1897 } 1898 1899 if (type == DMU_OST_ZVOL) { 1900 uint64_t volsize, volblocksize; 1901 1902 if (nvprops == NULL || 1903 nvlist_lookup_uint64(nvprops, 1904 zfs_prop_to_name(ZFS_PROP_VOLSIZE), 1905 &volsize) != 0) { 1906 nvlist_free(nvprops); 1907 return (EINVAL); 1908 } 1909 1910 if ((error = nvlist_lookup_uint64(nvprops, 1911 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE), 1912 &volblocksize)) != 0 && error != ENOENT) { 1913 nvlist_free(nvprops); 1914 return (EINVAL); 1915 } 1916 1917 if (error != 0) 1918 volblocksize = zfs_prop_default_numeric( 1919 ZFS_PROP_VOLBLOCKSIZE); 1920 1921 if ((error = zvol_check_volblocksize( 1922 volblocksize)) != 0 || 1923 (error = zvol_check_volsize(volsize, 1924 volblocksize)) != 0) { 1925 nvlist_free(nvprops); 1926 return (error); 1927 } 1928 } else if (type == DMU_OST_ZFS) { 1929 uint64_t version; 1930 int error; 1931 1932 error = nvlist_lookup_uint64(nvprops, 1933 zfs_prop_to_name(ZFS_PROP_VERSION), &version); 1934 1935 if (error == 0 && (version < ZPL_VERSION_INITIAL || 1936 version > ZPL_VERSION)) { 1937 nvlist_free(nvprops); 1938 return (ENOTSUP); 1939 } else if (error == 0 && version >= ZPL_VERSION_FUID && 1940 zfs_check_version(zc->zc_name, SPA_VERSION_FUID)) { 1941 nvlist_free(nvprops); 1942 return (ENOTSUP); 1943 } 1944 1945 /* 1946 * We have to have normalization and 1947 * case-folding flags correct when we do the 1948 * file system creation, so go figure them out 1949 * now. The final argument to zfs_normalization_get() 1950 * tells that routine not to update the nvprops 1951 * list. 1952 */ 1953 error = zfs_normalization_get(zc->zc_name, nvprops, 1954 &zct.zct_norm, B_FALSE); 1955 if (error != 0) { 1956 nvlist_free(nvprops); 1957 return (error); 1958 } 1959 } 1960 error = dmu_objset_create(zc->zc_name, type, NULL, cbfunc, 1961 &zct); 1962 } 1963 1964 /* 1965 * It would be nice to do this atomically. 1966 */ 1967 if (error == 0) { 1968 if ((error = zfs_set_prop_nvlist(zc->zc_name, nvprops)) != 0) 1969 (void) dmu_objset_destroy(zc->zc_name); 1970 } 1971 1972 nvlist_free(nvprops); 1973 return (error); 1974 } 1975 1976 static int 1977 zfs_ioc_snapshot(zfs_cmd_t *zc) 1978 { 1979 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0) 1980 return (EINVAL); 1981 return (dmu_objset_snapshot(zc->zc_name, 1982 zc->zc_value, zc->zc_cookie)); 1983 } 1984 1985 int 1986 zfs_unmount_snap(char *name, void *arg) 1987 { 1988 char *snapname = arg; 1989 char *cp; 1990 vfs_t *vfsp = NULL; 1991 1992 /* 1993 * Snapshots (which are under .zfs control) must be unmounted 1994 * before they can be destroyed. 1995 */ 1996 1997 if (snapname) { 1998 (void) strcat(name, "@"); 1999 (void) strcat(name, snapname); 2000 vfsp = zfs_get_vfs(name); 2001 cp = strchr(name, '@'); 2002 *cp = '\0'; 2003 } else if (strchr(name, '@')) { 2004 vfsp = zfs_get_vfs(name); 2005 } 2006 2007 if (vfsp) { 2008 /* 2009 * Always force the unmount for snapshots. 2010 */ 2011 int flag = MS_FORCE; 2012 int err; 2013 2014 if ((err = vn_vfswlock(vfsp->vfs_vnodecovered)) != 0) { 2015 VFS_RELE(vfsp); 2016 return (err); 2017 } 2018 VFS_RELE(vfsp); 2019 if ((err = dounmount(vfsp, flag, kcred)) != 0) 2020 return (err); 2021 } 2022 return (0); 2023 } 2024 2025 static int 2026 zfs_ioc_destroy_snaps(zfs_cmd_t *zc) 2027 { 2028 int err; 2029 2030 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0) 2031 return (EINVAL); 2032 err = dmu_objset_find(zc->zc_name, 2033 zfs_unmount_snap, zc->zc_value, DS_FIND_CHILDREN); 2034 if (err) 2035 return (err); 2036 return (dmu_snapshots_destroy(zc->zc_name, zc->zc_value)); 2037 } 2038 2039 static int 2040 zfs_ioc_destroy(zfs_cmd_t *zc) 2041 { 2042 if (strchr(zc->zc_name, '@') && zc->zc_objset_type == DMU_OST_ZFS) { 2043 int err = zfs_unmount_snap(zc->zc_name, NULL); 2044 if (err) 2045 return (err); 2046 } 2047 2048 return (dmu_objset_destroy(zc->zc_name)); 2049 } 2050 2051 static int 2052 zfs_ioc_rollback(zfs_cmd_t *zc) 2053 { 2054 return (dmu_objset_rollback(zc->zc_name)); 2055 } 2056 2057 static int 2058 zfs_ioc_rename(zfs_cmd_t *zc) 2059 { 2060 boolean_t recursive = zc->zc_cookie & 1; 2061 2062 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0'; 2063 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 || 2064 strchr(zc->zc_value, '%')) 2065 return (EINVAL); 2066 2067 /* 2068 * Unmount snapshot unless we're doing a recursive rename, 2069 * in which case the dataset code figures out which snapshots 2070 * to unmount. 2071 */ 2072 if (!recursive && strchr(zc->zc_name, '@') != NULL && 2073 zc->zc_objset_type == DMU_OST_ZFS) { 2074 int err = zfs_unmount_snap(zc->zc_name, NULL); 2075 if (err) 2076 return (err); 2077 } 2078 2079 return (dmu_objset_rename(zc->zc_name, zc->zc_value, recursive)); 2080 } 2081 2082 static int 2083 zfs_ioc_recvbackup(zfs_cmd_t *zc) 2084 { 2085 file_t *fp; 2086 offset_t new_off; 2087 objset_t *os; 2088 zfsvfs_t *zfsvfs = NULL; 2089 char *cp; 2090 char cosname[MAXNAMELEN]; 2091 boolean_t force = (boolean_t)zc->zc_guid; 2092 int error, fd; 2093 2094 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 || 2095 strchr(zc->zc_value, '@') == NULL || 2096 strchr(zc->zc_value, '%')) 2097 return (EINVAL); 2098 2099 fd = zc->zc_cookie; 2100 fp = getf(fd); 2101 if (fp == NULL) 2102 return (EBADF); 2103 2104 /* 2105 * Get the zfsvfs for the receiving objset. There 2106 * won't be one if we're operating on a zvol, if the 2107 * objset doesn't exist yet, or is not mounted. 2108 */ 2109 cp = strchr(zc->zc_value, '@'); 2110 *cp = '\0'; 2111 error = dmu_objset_open(zc->zc_value, DMU_OST_ANY, 2112 DS_MODE_STANDARD | DS_MODE_READONLY, &os); 2113 *cp = '@'; 2114 if (!error) { 2115 if (dmu_objset_type(os) == DMU_OST_ZFS) { 2116 mutex_enter(&os->os->os_user_ptr_lock); 2117 zfsvfs = dmu_objset_get_user(os); 2118 if (zfsvfs != NULL) 2119 VFS_HOLD(zfsvfs->z_vfs); 2120 mutex_exit(&os->os->os_user_ptr_lock); 2121 } 2122 dmu_objset_close(os); 2123 } 2124 2125 error = dmu_recvbackup(zc->zc_value, &zc->zc_begin_record, 2126 &zc->zc_cookie, force, zfsvfs != NULL, fp->f_vnode, 2127 fp->f_offset, cosname); 2128 2129 /* 2130 * For incremental snapshots where we created a 2131 * temporary clone, we now swap zfsvfs::z_os with 2132 * the newly created and received "cosname". 2133 */ 2134 if (!error && zfsvfs != NULL) { 2135 char osname[MAXNAMELEN]; 2136 int mode; 2137 2138 error = zfs_suspend_fs(zfsvfs, osname, &mode); 2139 if (!error) { 2140 int swap_err; 2141 int snap_err = 0; 2142 2143 swap_err = dsl_dataset_clone_swap(cosname, force); 2144 if (!swap_err) { 2145 char *cp = strrchr(zc->zc_value, '@'); 2146 2147 *cp = '\0'; 2148 snap_err = dmu_replay_end_snapshot(zc->zc_value, 2149 &zc->zc_begin_record); 2150 *cp = '@'; 2151 } 2152 error = zfs_resume_fs(zfsvfs, osname, mode); 2153 if (!error) 2154 error = swap_err; 2155 if (!error) 2156 error = snap_err; 2157 } 2158 2159 /* destroy the clone we created */ 2160 (void) dmu_objset_destroy(cosname); 2161 } 2162 if (zfsvfs != NULL) 2163 VFS_RELE(zfsvfs->z_vfs); 2164 new_off = fp->f_offset + zc->zc_cookie; 2165 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &new_off, NULL) == 0) 2166 fp->f_offset = new_off; 2167 2168 releasef(fd); 2169 return (error); 2170 } 2171 2172 static int 2173 zfs_ioc_sendbackup(zfs_cmd_t *zc) 2174 { 2175 objset_t *fromsnap = NULL; 2176 objset_t *tosnap; 2177 file_t *fp; 2178 int error; 2179 2180 error = dmu_objset_open(zc->zc_name, DMU_OST_ANY, 2181 DS_MODE_STANDARD | DS_MODE_READONLY, &tosnap); 2182 if (error) 2183 return (error); 2184 2185 if (zc->zc_value[0] != '\0') { 2186 char buf[MAXPATHLEN]; 2187 char *cp; 2188 2189 (void) strncpy(buf, zc->zc_name, sizeof (buf)); 2190 cp = strchr(buf, '@'); 2191 if (cp) 2192 *(cp+1) = 0; 2193 (void) strncat(buf, zc->zc_value, sizeof (buf)); 2194 error = dmu_objset_open(buf, DMU_OST_ANY, 2195 DS_MODE_STANDARD | DS_MODE_READONLY, &fromsnap); 2196 if (error) { 2197 dmu_objset_close(tosnap); 2198 return (error); 2199 } 2200 } 2201 2202 fp = getf(zc->zc_cookie); 2203 if (fp == NULL) { 2204 dmu_objset_close(tosnap); 2205 if (fromsnap) 2206 dmu_objset_close(fromsnap); 2207 return (EBADF); 2208 } 2209 2210 error = dmu_sendbackup(tosnap, fromsnap, fp->f_vnode); 2211 2212 releasef(zc->zc_cookie); 2213 if (fromsnap) 2214 dmu_objset_close(fromsnap); 2215 dmu_objset_close(tosnap); 2216 return (error); 2217 } 2218 2219 static int 2220 zfs_ioc_inject_fault(zfs_cmd_t *zc) 2221 { 2222 int id, error; 2223 2224 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id, 2225 &zc->zc_inject_record); 2226 2227 if (error == 0) 2228 zc->zc_guid = (uint64_t)id; 2229 2230 return (error); 2231 } 2232 2233 static int 2234 zfs_ioc_clear_fault(zfs_cmd_t *zc) 2235 { 2236 return (zio_clear_fault((int)zc->zc_guid)); 2237 } 2238 2239 static int 2240 zfs_ioc_inject_list_next(zfs_cmd_t *zc) 2241 { 2242 int id = (int)zc->zc_guid; 2243 int error; 2244 2245 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name), 2246 &zc->zc_inject_record); 2247 2248 zc->zc_guid = id; 2249 2250 return (error); 2251 } 2252 2253 static int 2254 zfs_ioc_error_log(zfs_cmd_t *zc) 2255 { 2256 spa_t *spa; 2257 int error; 2258 size_t count = (size_t)zc->zc_nvlist_dst_size; 2259 2260 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 2261 return (error); 2262 2263 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst, 2264 &count); 2265 if (error == 0) 2266 zc->zc_nvlist_dst_size = count; 2267 else 2268 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa); 2269 2270 spa_close(spa, FTAG); 2271 2272 return (error); 2273 } 2274 2275 static int 2276 zfs_ioc_clear(zfs_cmd_t *zc) 2277 { 2278 spa_t *spa; 2279 vdev_t *vd; 2280 uint64_t txg; 2281 int error; 2282 2283 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 2284 return (error); 2285 2286 /* 2287 * Try to resume any I/Os which may have been suspended 2288 * as a result of a complete pool failure. 2289 */ 2290 if (!list_is_empty(&spa->spa_zio_list)) { 2291 if (zio_vdev_resume_io(spa) != 0) { 2292 spa_close(spa, FTAG); 2293 return (EIO); 2294 } 2295 } 2296 2297 txg = spa_vdev_enter(spa); 2298 2299 if (zc->zc_guid == 0) { 2300 vd = NULL; 2301 } else if ((vd = spa_lookup_by_guid(spa, zc->zc_guid)) == NULL) { 2302 (void) spa_vdev_exit(spa, NULL, txg, ENODEV); 2303 spa_close(spa, FTAG); 2304 return (ENODEV); 2305 } 2306 2307 vdev_clear(spa, vd, B_TRUE); 2308 2309 (void) spa_vdev_exit(spa, NULL, txg, 0); 2310 2311 spa_close(spa, FTAG); 2312 2313 return (0); 2314 } 2315 2316 static int 2317 zfs_ioc_promote(zfs_cmd_t *zc) 2318 { 2319 char *cp; 2320 2321 /* 2322 * We don't need to unmount *all* the origin fs's snapshots, but 2323 * it's easier. 2324 */ 2325 cp = strchr(zc->zc_value, '@'); 2326 if (cp) 2327 *cp = '\0'; 2328 (void) dmu_objset_find(zc->zc_value, 2329 zfs_unmount_snap, NULL, DS_FIND_SNAPSHOTS); 2330 return (dsl_dataset_promote(zc->zc_name)); 2331 } 2332 2333 /* 2334 * We don't want to have a hard dependency 2335 * against some special symbols in sharefs 2336 * nfs, and smbsrv. Determine them if needed when 2337 * the first file system is shared. 2338 * Neither sharefs, nfs or smbsrv are unloadable modules. 2339 */ 2340 int (*znfsexport_fs)(void *arg); 2341 int (*zshare_fs)(enum sharefs_sys_op, share_t *, uint32_t); 2342 int (*zsmbexport_fs)(void *arg, boolean_t add_share); 2343 2344 int zfs_nfsshare_inited; 2345 int zfs_smbshare_inited; 2346 2347 ddi_modhandle_t nfs_mod; 2348 ddi_modhandle_t sharefs_mod; 2349 ddi_modhandle_t smbsrv_mod; 2350 kmutex_t zfs_share_lock; 2351 2352 static int 2353 zfs_init_sharefs() 2354 { 2355 int error; 2356 2357 ASSERT(MUTEX_HELD(&zfs_share_lock)); 2358 /* Both NFS and SMB shares also require sharetab support. */ 2359 if (sharefs_mod == NULL && ((sharefs_mod = 2360 ddi_modopen("fs/sharefs", 2361 KRTLD_MODE_FIRST, &error)) == NULL)) { 2362 return (ENOSYS); 2363 } 2364 if (zshare_fs == NULL && ((zshare_fs = 2365 (int (*)(enum sharefs_sys_op, share_t *, uint32_t)) 2366 ddi_modsym(sharefs_mod, "sharefs_impl", &error)) == NULL)) { 2367 return (ENOSYS); 2368 } 2369 return (0); 2370 } 2371 2372 static int 2373 zfs_ioc_share(zfs_cmd_t *zc) 2374 { 2375 int error; 2376 int opcode; 2377 2378 switch (zc->zc_share.z_sharetype) { 2379 case ZFS_SHARE_NFS: 2380 case ZFS_UNSHARE_NFS: 2381 if (zfs_nfsshare_inited == 0) { 2382 mutex_enter(&zfs_share_lock); 2383 if (nfs_mod == NULL && ((nfs_mod = ddi_modopen("fs/nfs", 2384 KRTLD_MODE_FIRST, &error)) == NULL)) { 2385 mutex_exit(&zfs_share_lock); 2386 return (ENOSYS); 2387 } 2388 if (znfsexport_fs == NULL && 2389 ((znfsexport_fs = (int (*)(void *)) 2390 ddi_modsym(nfs_mod, 2391 "nfs_export", &error)) == NULL)) { 2392 mutex_exit(&zfs_share_lock); 2393 return (ENOSYS); 2394 } 2395 error = zfs_init_sharefs(); 2396 if (error) { 2397 mutex_exit(&zfs_share_lock); 2398 return (ENOSYS); 2399 } 2400 zfs_nfsshare_inited = 1; 2401 mutex_exit(&zfs_share_lock); 2402 } 2403 break; 2404 case ZFS_SHARE_SMB: 2405 case ZFS_UNSHARE_SMB: 2406 if (zfs_smbshare_inited == 0) { 2407 mutex_enter(&zfs_share_lock); 2408 if (smbsrv_mod == NULL && ((smbsrv_mod = 2409 ddi_modopen("drv/smbsrv", 2410 KRTLD_MODE_FIRST, &error)) == NULL)) { 2411 mutex_exit(&zfs_share_lock); 2412 return (ENOSYS); 2413 } 2414 if (zsmbexport_fs == NULL && ((zsmbexport_fs = 2415 (int (*)(void *, boolean_t))ddi_modsym(smbsrv_mod, 2416 "lmshrd_share_upcall", &error)) == NULL)) { 2417 mutex_exit(&zfs_share_lock); 2418 return (ENOSYS); 2419 } 2420 error = zfs_init_sharefs(); 2421 if (error) { 2422 mutex_exit(&zfs_share_lock); 2423 return (ENOSYS); 2424 } 2425 zfs_smbshare_inited = 1; 2426 mutex_exit(&zfs_share_lock); 2427 } 2428 break; 2429 default: 2430 return (EINVAL); 2431 } 2432 2433 switch (zc->zc_share.z_sharetype) { 2434 case ZFS_SHARE_NFS: 2435 case ZFS_UNSHARE_NFS: 2436 if (error = 2437 znfsexport_fs((void *) 2438 (uintptr_t)zc->zc_share.z_exportdata)) 2439 return (error); 2440 break; 2441 case ZFS_SHARE_SMB: 2442 case ZFS_UNSHARE_SMB: 2443 if (error = zsmbexport_fs((void *) 2444 (uintptr_t)zc->zc_share.z_exportdata, 2445 zc->zc_share.z_sharetype == ZFS_SHARE_SMB ? 2446 B_TRUE : B_FALSE)) { 2447 return (error); 2448 } 2449 break; 2450 } 2451 2452 opcode = (zc->zc_share.z_sharetype == ZFS_SHARE_NFS || 2453 zc->zc_share.z_sharetype == ZFS_SHARE_SMB) ? 2454 SHAREFS_ADD : SHAREFS_REMOVE; 2455 2456 /* 2457 * Add or remove share from sharetab 2458 */ 2459 error = zshare_fs(opcode, 2460 (void *)(uintptr_t)zc->zc_share.z_sharedata, 2461 zc->zc_share.z_sharemax); 2462 2463 return (error); 2464 2465 } 2466 2467 /* 2468 * pool create, destroy, and export don't log the history as part of 2469 * zfsdev_ioctl, but rather zfs_ioc_pool_create, and zfs_ioc_pool_export 2470 * do the logging of those commands. 2471 */ 2472 static zfs_ioc_vec_t zfs_ioc_vec[] = { 2473 { zfs_ioc_pool_create, zfs_secpolicy_config, POOL_NAME, B_FALSE }, 2474 { zfs_ioc_pool_destroy, zfs_secpolicy_config, POOL_NAME, B_FALSE }, 2475 { zfs_ioc_pool_import, zfs_secpolicy_config, POOL_NAME, B_TRUE }, 2476 { zfs_ioc_pool_export, zfs_secpolicy_config, POOL_NAME, B_FALSE }, 2477 { zfs_ioc_pool_configs, zfs_secpolicy_none, NO_NAME, B_FALSE }, 2478 { zfs_ioc_pool_stats, zfs_secpolicy_read, POOL_NAME, B_FALSE }, 2479 { zfs_ioc_pool_tryimport, zfs_secpolicy_config, NO_NAME, B_FALSE }, 2480 { zfs_ioc_pool_scrub, zfs_secpolicy_config, POOL_NAME, B_TRUE }, 2481 { zfs_ioc_pool_freeze, zfs_secpolicy_config, NO_NAME, B_FALSE }, 2482 { zfs_ioc_pool_upgrade, zfs_secpolicy_config, POOL_NAME, B_TRUE }, 2483 { zfs_ioc_pool_get_history, zfs_secpolicy_config, POOL_NAME, B_FALSE }, 2484 { zfs_ioc_vdev_add, zfs_secpolicy_config, POOL_NAME, B_TRUE }, 2485 { zfs_ioc_vdev_remove, zfs_secpolicy_config, POOL_NAME, B_TRUE }, 2486 { zfs_ioc_vdev_set_state, zfs_secpolicy_config, POOL_NAME, B_TRUE }, 2487 { zfs_ioc_vdev_attach, zfs_secpolicy_config, POOL_NAME, B_TRUE }, 2488 { zfs_ioc_vdev_detach, zfs_secpolicy_config, POOL_NAME, B_TRUE }, 2489 { zfs_ioc_vdev_setpath, zfs_secpolicy_config, POOL_NAME, B_FALSE }, 2490 { zfs_ioc_objset_stats, zfs_secpolicy_read, DATASET_NAME, B_FALSE }, 2491 { zfs_ioc_objset_version, zfs_secpolicy_read, DATASET_NAME, B_FALSE }, 2492 { zfs_ioc_dataset_list_next, zfs_secpolicy_read, 2493 DATASET_NAME, B_FALSE }, 2494 { zfs_ioc_snapshot_list_next, zfs_secpolicy_read, 2495 DATASET_NAME, B_FALSE }, 2496 { zfs_ioc_set_prop, zfs_secpolicy_none, DATASET_NAME, B_TRUE }, 2497 { zfs_ioc_create_minor, zfs_secpolicy_minor, DATASET_NAME, B_FALSE }, 2498 { zfs_ioc_remove_minor, zfs_secpolicy_minor, DATASET_NAME, B_FALSE }, 2499 { zfs_ioc_create, zfs_secpolicy_create, DATASET_NAME, B_TRUE }, 2500 { zfs_ioc_destroy, zfs_secpolicy_destroy, DATASET_NAME, B_TRUE }, 2501 { zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME, B_TRUE }, 2502 { zfs_ioc_rename, zfs_secpolicy_rename, DATASET_NAME, B_TRUE }, 2503 { zfs_ioc_recvbackup, zfs_secpolicy_receive, DATASET_NAME, B_TRUE }, 2504 { zfs_ioc_sendbackup, zfs_secpolicy_send, DATASET_NAME, B_TRUE }, 2505 { zfs_ioc_inject_fault, zfs_secpolicy_inject, NO_NAME, B_FALSE }, 2506 { zfs_ioc_clear_fault, zfs_secpolicy_inject, NO_NAME, B_FALSE }, 2507 { zfs_ioc_inject_list_next, zfs_secpolicy_inject, NO_NAME, B_FALSE }, 2508 { zfs_ioc_error_log, zfs_secpolicy_inject, POOL_NAME, B_FALSE }, 2509 { zfs_ioc_clear, zfs_secpolicy_config, POOL_NAME, B_TRUE }, 2510 { zfs_ioc_promote, zfs_secpolicy_promote, DATASET_NAME, B_TRUE }, 2511 { zfs_ioc_destroy_snaps, zfs_secpolicy_destroy, DATASET_NAME, B_TRUE }, 2512 { zfs_ioc_snapshot, zfs_secpolicy_snapshot, DATASET_NAME, B_TRUE }, 2513 { zfs_ioc_dsobj_to_dsname, zfs_secpolicy_config, POOL_NAME, B_FALSE }, 2514 { zfs_ioc_obj_to_path, zfs_secpolicy_config, NO_NAME, B_FALSE }, 2515 { zfs_ioc_pool_set_props, zfs_secpolicy_config, POOL_NAME, B_TRUE }, 2516 { zfs_ioc_pool_get_props, zfs_secpolicy_read, POOL_NAME, B_FALSE }, 2517 { zfs_ioc_set_fsacl, zfs_secpolicy_fsacl, DATASET_NAME, B_TRUE }, 2518 { zfs_ioc_get_fsacl, zfs_secpolicy_read, DATASET_NAME, B_FALSE }, 2519 { zfs_ioc_iscsi_perm_check, zfs_secpolicy_iscsi, 2520 DATASET_NAME, B_FALSE }, 2521 { zfs_ioc_share, zfs_secpolicy_share, DATASET_NAME, B_FALSE }, 2522 { zfs_ioc_inherit_prop, zfs_secpolicy_inherit, DATASET_NAME, B_TRUE }, 2523 }; 2524 2525 static int 2526 zfsdev_ioctl(dev_t dev, int cmd, intptr_t arg, int flag, cred_t *cr, int *rvalp) 2527 { 2528 zfs_cmd_t *zc; 2529 uint_t vec; 2530 int error, rc; 2531 2532 if (getminor(dev) != 0) 2533 return (zvol_ioctl(dev, cmd, arg, flag, cr, rvalp)); 2534 2535 vec = cmd - ZFS_IOC; 2536 ASSERT3U(getmajor(dev), ==, ddi_driver_major(zfs_dip)); 2537 2538 if (vec >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0])) 2539 return (EINVAL); 2540 2541 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP); 2542 2543 error = xcopyin((void *)arg, zc, sizeof (zfs_cmd_t)); 2544 2545 if (error == 0) 2546 error = zfs_ioc_vec[vec].zvec_secpolicy(zc, cr); 2547 2548 /* 2549 * Ensure that all pool/dataset names are valid before we pass down to 2550 * the lower layers. 2551 */ 2552 if (error == 0) { 2553 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0'; 2554 switch (zfs_ioc_vec[vec].zvec_namecheck) { 2555 case POOL_NAME: 2556 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0) 2557 error = EINVAL; 2558 break; 2559 2560 case DATASET_NAME: 2561 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0) 2562 error = EINVAL; 2563 break; 2564 2565 case NO_NAME: 2566 break; 2567 } 2568 } 2569 2570 if (error == 0) 2571 error = zfs_ioc_vec[vec].zvec_func(zc); 2572 2573 rc = xcopyout(zc, (void *)arg, sizeof (zfs_cmd_t)); 2574 if (error == 0) { 2575 error = rc; 2576 if (zfs_ioc_vec[vec].zvec_his_log == B_TRUE) 2577 zfs_log_history(zc); 2578 } 2579 2580 kmem_free(zc, sizeof (zfs_cmd_t)); 2581 return (error); 2582 } 2583 2584 static int 2585 zfs_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) 2586 { 2587 if (cmd != DDI_ATTACH) 2588 return (DDI_FAILURE); 2589 2590 if (ddi_create_minor_node(dip, "zfs", S_IFCHR, 0, 2591 DDI_PSEUDO, 0) == DDI_FAILURE) 2592 return (DDI_FAILURE); 2593 2594 zfs_dip = dip; 2595 2596 ddi_report_dev(dip); 2597 2598 return (DDI_SUCCESS); 2599 } 2600 2601 static int 2602 zfs_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) 2603 { 2604 if (spa_busy() || zfs_busy() || zvol_busy()) 2605 return (DDI_FAILURE); 2606 2607 if (cmd != DDI_DETACH) 2608 return (DDI_FAILURE); 2609 2610 zfs_dip = NULL; 2611 2612 ddi_prop_remove_all(dip); 2613 ddi_remove_minor_node(dip, NULL); 2614 2615 return (DDI_SUCCESS); 2616 } 2617 2618 /*ARGSUSED*/ 2619 static int 2620 zfs_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result) 2621 { 2622 switch (infocmd) { 2623 case DDI_INFO_DEVT2DEVINFO: 2624 *result = zfs_dip; 2625 return (DDI_SUCCESS); 2626 2627 case DDI_INFO_DEVT2INSTANCE: 2628 *result = (void *)0; 2629 return (DDI_SUCCESS); 2630 } 2631 2632 return (DDI_FAILURE); 2633 } 2634 2635 /* 2636 * OK, so this is a little weird. 2637 * 2638 * /dev/zfs is the control node, i.e. minor 0. 2639 * /dev/zvol/[r]dsk/pool/dataset are the zvols, minor > 0. 2640 * 2641 * /dev/zfs has basically nothing to do except serve up ioctls, 2642 * so most of the standard driver entry points are in zvol.c. 2643 */ 2644 static struct cb_ops zfs_cb_ops = { 2645 zvol_open, /* open */ 2646 zvol_close, /* close */ 2647 zvol_strategy, /* strategy */ 2648 nodev, /* print */ 2649 nodev, /* dump */ 2650 zvol_read, /* read */ 2651 zvol_write, /* write */ 2652 zfsdev_ioctl, /* ioctl */ 2653 nodev, /* devmap */ 2654 nodev, /* mmap */ 2655 nodev, /* segmap */ 2656 nochpoll, /* poll */ 2657 ddi_prop_op, /* prop_op */ 2658 NULL, /* streamtab */ 2659 D_NEW | D_MP | D_64BIT, /* Driver compatibility flag */ 2660 CB_REV, /* version */ 2661 nodev, /* async read */ 2662 nodev, /* async write */ 2663 }; 2664 2665 static struct dev_ops zfs_dev_ops = { 2666 DEVO_REV, /* version */ 2667 0, /* refcnt */ 2668 zfs_info, /* info */ 2669 nulldev, /* identify */ 2670 nulldev, /* probe */ 2671 zfs_attach, /* attach */ 2672 zfs_detach, /* detach */ 2673 nodev, /* reset */ 2674 &zfs_cb_ops, /* driver operations */ 2675 NULL /* no bus operations */ 2676 }; 2677 2678 static struct modldrv zfs_modldrv = { 2679 &mod_driverops, "ZFS storage pool version " SPA_VERSION_STRING, 2680 &zfs_dev_ops 2681 }; 2682 2683 static struct modlinkage modlinkage = { 2684 MODREV_1, 2685 (void *)&zfs_modlfs, 2686 (void *)&zfs_modldrv, 2687 NULL 2688 }; 2689 2690 2691 uint_t zfs_fsyncer_key; 2692 extern uint_t rrw_tsd_key; 2693 2694 int 2695 _init(void) 2696 { 2697 int error; 2698 2699 spa_init(FREAD | FWRITE); 2700 zfs_init(); 2701 zvol_init(); 2702 2703 if ((error = mod_install(&modlinkage)) != 0) { 2704 zvol_fini(); 2705 zfs_fini(); 2706 spa_fini(); 2707 return (error); 2708 } 2709 2710 tsd_create(&zfs_fsyncer_key, NULL); 2711 tsd_create(&rrw_tsd_key, NULL); 2712 2713 error = ldi_ident_from_mod(&modlinkage, &zfs_li); 2714 ASSERT(error == 0); 2715 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL); 2716 2717 return (0); 2718 } 2719 2720 int 2721 _fini(void) 2722 { 2723 int error; 2724 2725 if (spa_busy() || zfs_busy() || zvol_busy() || zio_injection_enabled) 2726 return (EBUSY); 2727 2728 if ((error = mod_remove(&modlinkage)) != 0) 2729 return (error); 2730 2731 zvol_fini(); 2732 zfs_fini(); 2733 spa_fini(); 2734 if (zfs_nfsshare_inited) 2735 (void) ddi_modclose(nfs_mod); 2736 if (zfs_smbshare_inited) 2737 (void) ddi_modclose(smbsrv_mod); 2738 if (zfs_nfsshare_inited || zfs_smbshare_inited) 2739 (void) ddi_modclose(sharefs_mod); 2740 2741 tsd_destroy(&zfs_fsyncer_key); 2742 ldi_ident_release(zfs_li); 2743 zfs_li = NULL; 2744 mutex_destroy(&zfs_share_lock); 2745 2746 return (error); 2747 } 2748 2749 int 2750 _info(struct modinfo *modinfop) 2751 { 2752 return (mod_info(&modlinkage, modinfop)); 2753 } 2754