1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. 24 */ 25 26 /* 27 * Copyright (c) 2011-2012 Pawel Jakub Dawidek. All rights reserved. 28 * Portions Copyright 2011 Martin Matuska 29 * Copyright 2015, OmniTI Computer Consulting, Inc. All rights reserved. 30 * Copyright 2018 Nexenta Systems, Inc. All rights reserved. 31 * Copyright 2019 Joyent, Inc. 32 * Copyright (c) 2011, 2017 by Delphix. All rights reserved. 33 * Copyright (c) 2013 by Saso Kiselkov. All rights reserved. 34 * Copyright (c) 2013 Steven Hartland. All rights reserved. 35 * Copyright (c) 2014 Integros [integros.com] 36 * Copyright 2016 Toomas Soome <tsoome@me.com> 37 * Copyright (c) 2017, loli10K <ezomori.nozomu@gmail.com>. All rights reserved. 38 * Copyright 2017 RackTop Systems. 39 * Copyright (c) 2017, Datto, Inc. All rights reserved. 40 */ 41 42 /* 43 * ZFS ioctls. 44 * 45 * This file handles the ioctls to /dev/zfs, used for configuring ZFS storage 46 * pools and filesystems, e.g. with /sbin/zfs and /sbin/zpool. 47 * 48 * There are two ways that we handle ioctls: the legacy way where almost 49 * all of the logic is in the ioctl callback, and the new way where most 50 * of the marshalling is handled in the common entry point, zfsdev_ioctl(). 51 * 52 * Non-legacy ioctls should be registered by calling 53 * zfs_ioctl_register() from zfs_ioctl_init(). The ioctl is invoked 54 * from userland by lzc_ioctl(). 55 * 56 * The registration arguments are as follows: 57 * 58 * const char *name 59 * The name of the ioctl. This is used for history logging. If the 60 * ioctl returns successfully (the callback returns 0), and allow_log 61 * is true, then a history log entry will be recorded with the input & 62 * output nvlists. The log entry can be printed with "zpool history -i". 63 * 64 * zfs_ioc_t ioc 65 * The ioctl request number, which userland will pass to ioctl(2). 66 * We want newer versions of libzfs and libzfs_core to run against 67 * existing zfs kernel modules (i.e. a deferred reboot after an update). 68 * Therefore the ioctl numbers cannot change from release to release. 69 * 70 * zfs_secpolicy_func_t *secpolicy 71 * This function will be called before the zfs_ioc_func_t, to 72 * determine if this operation is permitted. It should return EPERM 73 * on failure, and 0 on success. Checks include determining if the 74 * dataset is visible in this zone, and if the user has either all 75 * zfs privileges in the zone (SYS_MOUNT), or has been granted permission 76 * to do this operation on this dataset with "zfs allow". 77 * 78 * zfs_ioc_namecheck_t namecheck 79 * This specifies what to expect in the zfs_cmd_t:zc_name -- a pool 80 * name, a dataset name, or nothing. If the name is not well-formed, 81 * the ioctl will fail and the callback will not be called. 82 * Therefore, the callback can assume that the name is well-formed 83 * (e.g. is null-terminated, doesn't have more than one '@' character, 84 * doesn't have invalid characters). 85 * 86 * zfs_ioc_poolcheck_t pool_check 87 * This specifies requirements on the pool state. If the pool does 88 * not meet them (is suspended or is readonly), the ioctl will fail 89 * and the callback will not be called. If any checks are specified 90 * (i.e. it is not POOL_CHECK_NONE), namecheck must not be NO_NAME. 91 * Multiple checks can be or-ed together (e.g. POOL_CHECK_SUSPENDED | 92 * POOL_CHECK_READONLY). 93 * 94 * zfs_ioc_key_t *nvl_keys 95 * The list of expected/allowable innvl input keys. This list is used 96 * to validate the nvlist input to the ioctl. 97 * 98 * boolean_t smush_outnvlist 99 * If smush_outnvlist is true, then the output is presumed to be a 100 * list of errors, and it will be "smushed" down to fit into the 101 * caller's buffer, by removing some entries and replacing them with a 102 * single "N_MORE_ERRORS" entry indicating how many were removed. See 103 * nvlist_smush() for details. If smush_outnvlist is false, and the 104 * outnvlist does not fit into the userland-provided buffer, then the 105 * ioctl will fail with ENOMEM. 106 * 107 * zfs_ioc_func_t *func 108 * The callback function that will perform the operation. 109 * 110 * The callback should return 0 on success, or an error number on 111 * failure. If the function fails, the userland ioctl will return -1, 112 * and errno will be set to the callback's return value. The callback 113 * will be called with the following arguments: 114 * 115 * const char *name 116 * The name of the pool or dataset to operate on, from 117 * zfs_cmd_t:zc_name. The 'namecheck' argument specifies the 118 * expected type (pool, dataset, or none). 119 * 120 * nvlist_t *innvl 121 * The input nvlist, deserialized from zfs_cmd_t:zc_nvlist_src. Or 122 * NULL if no input nvlist was provided. Changes to this nvlist are 123 * ignored. If the input nvlist could not be deserialized, the 124 * ioctl will fail and the callback will not be called. 125 * 126 * nvlist_t *outnvl 127 * The output nvlist, initially empty. The callback can fill it in, 128 * and it will be returned to userland by serializing it into 129 * zfs_cmd_t:zc_nvlist_dst. If it is non-empty, and serialization 130 * fails (e.g. because the caller didn't supply a large enough 131 * buffer), then the overall ioctl will fail. See the 132 * 'smush_nvlist' argument above for additional behaviors. 133 * 134 * There are two typical uses of the output nvlist: 135 * - To return state, e.g. property values. In this case, 136 * smush_outnvlist should be false. If the buffer was not large 137 * enough, the caller will reallocate a larger buffer and try 138 * the ioctl again. 139 * 140 * - To return multiple errors from an ioctl which makes on-disk 141 * changes. In this case, smush_outnvlist should be true. 142 * Ioctls which make on-disk modifications should generally not 143 * use the outnvl if they succeed, because the caller can not 144 * distinguish between the operation failing, and 145 * deserialization failing. 146 * 147 * IOCTL Interface Errors 148 * 149 * The following ioctl input errors can be returned: 150 * ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel 151 * ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel 152 * ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing 153 * ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type 154 */ 155 156 #include <sys/types.h> 157 #include <sys/param.h> 158 #include <sys/errno.h> 159 #include <sys/uio.h> 160 #include <sys/buf.h> 161 #include <sys/modctl.h> 162 #include <sys/open.h> 163 #include <sys/file.h> 164 #include <sys/kmem.h> 165 #include <sys/conf.h> 166 #include <sys/cmn_err.h> 167 #include <sys/stat.h> 168 #include <sys/zfs_ioctl.h> 169 #include <sys/zfs_vfsops.h> 170 #include <sys/zfs_znode.h> 171 #include <sys/zap.h> 172 #include <sys/spa.h> 173 #include <sys/spa_impl.h> 174 #include <sys/vdev.h> 175 #include <sys/priv_impl.h> 176 #include <sys/dmu.h> 177 #include <sys/dsl_dir.h> 178 #include <sys/dsl_dataset.h> 179 #include <sys/dsl_prop.h> 180 #include <sys/dsl_deleg.h> 181 #include <sys/dmu_objset.h> 182 #include <sys/dmu_impl.h> 183 #include <sys/dmu_tx.h> 184 #include <sys/ddi.h> 185 #include <sys/sunddi.h> 186 #include <sys/sunldi.h> 187 #include <sys/policy.h> 188 #include <sys/zone.h> 189 #include <sys/nvpair.h> 190 #include <sys/pathname.h> 191 #include <sys/mount.h> 192 #include <sys/sdt.h> 193 #include <sys/fs/zfs.h> 194 #include <sys/zfs_ctldir.h> 195 #include <sys/zfs_dir.h> 196 #include <sys/zfs_onexit.h> 197 #include <sys/zvol.h> 198 #include <sys/dsl_scan.h> 199 #include <sharefs/share.h> 200 #include <sys/dmu_objset.h> 201 #include <sys/dmu_recv.h> 202 #include <sys/dmu_send.h> 203 #include <sys/dsl_destroy.h> 204 #include <sys/dsl_bookmark.h> 205 #include <sys/dsl_userhold.h> 206 #include <sys/zfeature.h> 207 #include <sys/zcp.h> 208 #include <sys/zio_checksum.h> 209 #include <sys/vdev_removal.h> 210 #include <sys/vdev_impl.h> 211 #include <sys/vdev_initialize.h> 212 #include <sys/vdev_trim.h> 213 #include <sys/dsl_crypt.h> 214 215 #include "zfs_namecheck.h" 216 #include "zfs_prop.h" 217 #include "zfs_deleg.h" 218 #include "zfs_comutil.h" 219 220 #include "lua.h" 221 #include "lauxlib.h" 222 223 extern struct modlfs zfs_modlfs; 224 225 extern void zfs_init(void); 226 extern void zfs_fini(void); 227 228 ldi_ident_t zfs_li = NULL; 229 dev_info_t *zfs_dip; 230 231 uint_t zfs_fsyncer_key; 232 extern uint_t rrw_tsd_key; 233 static uint_t zfs_allow_log_key; 234 235 typedef int zfs_ioc_legacy_func_t(zfs_cmd_t *); 236 typedef int zfs_ioc_func_t(const char *, nvlist_t *, nvlist_t *); 237 typedef int zfs_secpolicy_func_t(zfs_cmd_t *, nvlist_t *, cred_t *); 238 239 /* 240 * IOC Keys are used to document and validate user->kernel interface inputs. 241 * See zfs_keys_recv_new for an example declaration. Any key name that is not 242 * listed will be rejected as input. 243 * 244 * The keyname 'optional' is always allowed, and must be an nvlist if present. 245 * Arguments which older kernels can safely ignore can be placed under the 246 * "optional" key. 247 * 248 * When adding new keys to an existing ioc for new functionality, consider: 249 * - adding an entry into zfs_sysfs.c zfs_features[] list 250 * - updating the libzfs_input_check.c test utility 251 * 252 * Note: in the ZK_WILDCARDLIST case, the name serves as documentation 253 * for the expected name (bookmark, snapshot, property, etc) but there 254 * is no validation in the preflight zfs_check_input_nvpairs() check. 255 */ 256 typedef enum { 257 ZK_OPTIONAL = 1 << 0, /* pair is optional */ 258 ZK_WILDCARDLIST = 1 << 1, /* one or more unspecified key names */ 259 } ioc_key_flag_t; 260 261 /* DATA_TYPE_ANY is used when zkey_type can vary. */ 262 #define DATA_TYPE_ANY DATA_TYPE_UNKNOWN 263 264 typedef struct zfs_ioc_key { 265 const char *zkey_name; 266 data_type_t zkey_type; 267 ioc_key_flag_t zkey_flags; 268 } zfs_ioc_key_t; 269 270 typedef enum { 271 NO_NAME, 272 POOL_NAME, 273 DATASET_NAME 274 } zfs_ioc_namecheck_t; 275 276 typedef enum { 277 POOL_CHECK_NONE = 1 << 0, 278 POOL_CHECK_SUSPENDED = 1 << 1, 279 POOL_CHECK_READONLY = 1 << 2, 280 } zfs_ioc_poolcheck_t; 281 282 typedef struct zfs_ioc_vec { 283 zfs_ioc_legacy_func_t *zvec_legacy_func; 284 zfs_ioc_func_t *zvec_func; 285 zfs_secpolicy_func_t *zvec_secpolicy; 286 zfs_ioc_namecheck_t zvec_namecheck; 287 boolean_t zvec_allow_log; 288 zfs_ioc_poolcheck_t zvec_pool_check; 289 boolean_t zvec_smush_outnvlist; 290 const char *zvec_name; 291 const zfs_ioc_key_t *zvec_nvl_keys; 292 size_t zvec_nvl_key_count; 293 } zfs_ioc_vec_t; 294 295 /* This array is indexed by zfs_userquota_prop_t */ 296 static const char *userquota_perms[] = { 297 ZFS_DELEG_PERM_USERUSED, 298 ZFS_DELEG_PERM_USERQUOTA, 299 ZFS_DELEG_PERM_GROUPUSED, 300 ZFS_DELEG_PERM_GROUPQUOTA, 301 ZFS_DELEG_PERM_USEROBJUSED, 302 ZFS_DELEG_PERM_USEROBJQUOTA, 303 ZFS_DELEG_PERM_GROUPOBJUSED, 304 ZFS_DELEG_PERM_GROUPOBJQUOTA, 305 ZFS_DELEG_PERM_PROJECTUSED, 306 ZFS_DELEG_PERM_PROJECTQUOTA, 307 ZFS_DELEG_PERM_PROJECTOBJUSED, 308 ZFS_DELEG_PERM_PROJECTOBJQUOTA, 309 }; 310 311 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc); 312 static int zfs_ioc_id_quota_upgrade(zfs_cmd_t *zc); 313 static int zfs_check_settable(const char *name, nvpair_t *property, 314 cred_t *cr); 315 static int zfs_check_clearable(char *dataset, nvlist_t *props, 316 nvlist_t **errors); 317 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *, 318 boolean_t *); 319 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t *); 320 static int get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp); 321 322 static int zfs_prop_activate_feature(spa_t *spa, spa_feature_t feature); 323 324 /* _NOTE(PRINTFLIKE(4)) - this is printf-like, but lint is too whiney */ 325 void 326 __dprintf(const char *file, const char *func, int line, const char *fmt, ...) 327 { 328 const char *newfile; 329 char buf[512]; 330 va_list adx; 331 332 /* 333 * Get rid of annoying "../common/" prefix to filename. 334 */ 335 newfile = strrchr(file, '/'); 336 if (newfile != NULL) { 337 newfile = newfile + 1; /* Get rid of leading / */ 338 } else { 339 newfile = file; 340 } 341 342 va_start(adx, fmt); 343 (void) vsnprintf(buf, sizeof (buf), fmt, adx); 344 va_end(adx); 345 346 /* 347 * To get this data, use the zfs-dprintf probe as so: 348 * dtrace -q -n 'zfs-dprintf \ 349 * /stringof(arg0) == "dbuf.c"/ \ 350 * {printf("%s: %s", stringof(arg1), stringof(arg3))}' 351 * arg0 = file name 352 * arg1 = function name 353 * arg2 = line number 354 * arg3 = message 355 */ 356 DTRACE_PROBE4(zfs__dprintf, 357 char *, newfile, char *, func, int, line, char *, buf); 358 } 359 360 static void 361 history_str_free(char *buf) 362 { 363 kmem_free(buf, HIS_MAX_RECORD_LEN); 364 } 365 366 static char * 367 history_str_get(zfs_cmd_t *zc) 368 { 369 char *buf; 370 371 if (zc->zc_history == 0) 372 return (NULL); 373 374 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP); 375 if (copyinstr((void *)(uintptr_t)zc->zc_history, 376 buf, HIS_MAX_RECORD_LEN, NULL) != 0) { 377 history_str_free(buf); 378 return (NULL); 379 } 380 381 buf[HIS_MAX_RECORD_LEN -1] = '\0'; 382 383 return (buf); 384 } 385 386 /* 387 * Check to see if the named dataset is currently defined as bootable 388 */ 389 static boolean_t 390 zfs_is_bootfs(const char *name) 391 { 392 objset_t *os; 393 394 if (dmu_objset_hold(name, FTAG, &os) == 0) { 395 boolean_t ret; 396 ret = (dmu_objset_id(os) == spa_bootfs(dmu_objset_spa(os))); 397 dmu_objset_rele(os, FTAG); 398 return (ret); 399 } 400 return (B_FALSE); 401 } 402 403 /* 404 * Return non-zero if the spa version is less than requested version. 405 */ 406 static int 407 zfs_earlier_version(const char *name, int version) 408 { 409 spa_t *spa; 410 411 if (spa_open(name, &spa, FTAG) == 0) { 412 if (spa_version(spa) < version) { 413 spa_close(spa, FTAG); 414 return (1); 415 } 416 spa_close(spa, FTAG); 417 } 418 return (0); 419 } 420 421 /* 422 * Return TRUE if the ZPL version is less than requested version. 423 */ 424 static boolean_t 425 zpl_earlier_version(const char *name, int version) 426 { 427 objset_t *os; 428 boolean_t rc = B_TRUE; 429 430 if (dmu_objset_hold(name, FTAG, &os) == 0) { 431 uint64_t zplversion; 432 433 if (dmu_objset_type(os) != DMU_OST_ZFS) { 434 dmu_objset_rele(os, FTAG); 435 return (B_TRUE); 436 } 437 /* XXX reading from non-owned objset */ 438 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0) 439 rc = zplversion < version; 440 dmu_objset_rele(os, FTAG); 441 } 442 return (rc); 443 } 444 445 static void 446 zfs_log_history(zfs_cmd_t *zc) 447 { 448 spa_t *spa; 449 char *buf; 450 451 if ((buf = history_str_get(zc)) == NULL) 452 return; 453 454 if (spa_open(zc->zc_name, &spa, FTAG) == 0) { 455 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY) 456 (void) spa_history_log(spa, buf); 457 spa_close(spa, FTAG); 458 } 459 history_str_free(buf); 460 } 461 462 /* 463 * Policy for top-level read operations (list pools). Requires no privileges, 464 * and can be used in the local zone, as there is no associated dataset. 465 */ 466 /* ARGSUSED */ 467 static int 468 zfs_secpolicy_none(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 469 { 470 return (0); 471 } 472 473 /* 474 * Policy for dataset read operations (list children, get statistics). Requires 475 * no privileges, but must be visible in the local zone. 476 */ 477 /* ARGSUSED */ 478 static int 479 zfs_secpolicy_read(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 480 { 481 if (INGLOBALZONE(curproc) || 482 zone_dataset_visible(zc->zc_name, NULL)) 483 return (0); 484 485 return (SET_ERROR(ENOENT)); 486 } 487 488 static int 489 zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr) 490 { 491 int writable = 1; 492 493 /* 494 * The dataset must be visible by this zone -- check this first 495 * so they don't see EPERM on something they shouldn't know about. 496 */ 497 if (!INGLOBALZONE(curproc) && 498 !zone_dataset_visible(dataset, &writable)) 499 return (SET_ERROR(ENOENT)); 500 501 if (INGLOBALZONE(curproc)) { 502 /* 503 * If the fs is zoned, only root can access it from the 504 * global zone. 505 */ 506 if (secpolicy_zfs(cr) && zoned) 507 return (SET_ERROR(EPERM)); 508 } else { 509 /* 510 * If we are in a local zone, the 'zoned' property must be set. 511 */ 512 if (!zoned) 513 return (SET_ERROR(EPERM)); 514 515 /* must be writable by this zone */ 516 if (!writable) 517 return (SET_ERROR(EPERM)); 518 } 519 return (0); 520 } 521 522 static int 523 zfs_dozonecheck(const char *dataset, cred_t *cr) 524 { 525 uint64_t zoned; 526 527 if (dsl_prop_get_integer(dataset, "zoned", &zoned, NULL)) 528 return (SET_ERROR(ENOENT)); 529 530 return (zfs_dozonecheck_impl(dataset, zoned, cr)); 531 } 532 533 static int 534 zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr) 535 { 536 uint64_t zoned; 537 538 if (dsl_prop_get_int_ds(ds, "zoned", &zoned)) 539 return (SET_ERROR(ENOENT)); 540 541 return (zfs_dozonecheck_impl(dataset, zoned, cr)); 542 } 543 544 static int 545 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds, 546 const char *perm, cred_t *cr) 547 { 548 int error; 549 550 error = zfs_dozonecheck_ds(name, ds, cr); 551 if (error == 0) { 552 error = secpolicy_zfs(cr); 553 if (error != 0) 554 error = dsl_deleg_access_impl(ds, perm, cr); 555 } 556 return (error); 557 } 558 559 static int 560 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr) 561 { 562 int error; 563 dsl_dataset_t *ds; 564 dsl_pool_t *dp; 565 566 /* 567 * First do a quick check for root in the global zone, which 568 * is allowed to do all write_perms. This ensures that zfs_ioc_* 569 * will get to handle nonexistent datasets. 570 */ 571 if (INGLOBALZONE(curproc) && secpolicy_zfs(cr) == 0) 572 return (0); 573 574 error = dsl_pool_hold(name, FTAG, &dp); 575 if (error != 0) 576 return (error); 577 578 error = dsl_dataset_hold(dp, name, FTAG, &ds); 579 if (error != 0) { 580 dsl_pool_rele(dp, FTAG); 581 return (error); 582 } 583 584 error = zfs_secpolicy_write_perms_ds(name, ds, perm, cr); 585 586 dsl_dataset_rele(ds, FTAG); 587 dsl_pool_rele(dp, FTAG); 588 return (error); 589 } 590 591 /* 592 * Policy for setting the security label property. 593 * 594 * Returns 0 for success, non-zero for access and other errors. 595 */ 596 static int 597 zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr) 598 { 599 char ds_hexsl[MAXNAMELEN]; 600 bslabel_t ds_sl, new_sl; 601 boolean_t new_default = FALSE; 602 uint64_t zoned; 603 int needed_priv = -1; 604 int error; 605 606 /* First get the existing dataset label. */ 607 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL), 608 1, sizeof (ds_hexsl), &ds_hexsl, NULL); 609 if (error != 0) 610 return (SET_ERROR(EPERM)); 611 612 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0) 613 new_default = TRUE; 614 615 /* The label must be translatable */ 616 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0)) 617 return (SET_ERROR(EINVAL)); 618 619 /* 620 * In a non-global zone, disallow attempts to set a label that 621 * doesn't match that of the zone; otherwise no other checks 622 * are needed. 623 */ 624 if (!INGLOBALZONE(curproc)) { 625 if (new_default || !blequal(&new_sl, CR_SL(CRED()))) 626 return (SET_ERROR(EPERM)); 627 return (0); 628 } 629 630 /* 631 * For global-zone datasets (i.e., those whose zoned property is 632 * "off", verify that the specified new label is valid for the 633 * global zone. 634 */ 635 if (dsl_prop_get_integer(name, 636 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL)) 637 return (SET_ERROR(EPERM)); 638 if (!zoned) { 639 if (zfs_check_global_label(name, strval) != 0) 640 return (SET_ERROR(EPERM)); 641 } 642 643 /* 644 * If the existing dataset label is nondefault, check if the 645 * dataset is mounted (label cannot be changed while mounted). 646 * Get the zfsvfs; if there isn't one, then the dataset isn't 647 * mounted (or isn't a dataset, doesn't exist, ...). 648 */ 649 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) { 650 objset_t *os; 651 static char *setsl_tag = "setsl_tag"; 652 653 /* 654 * Try to own the dataset; abort if there is any error, 655 * (e.g., already mounted, in use, or other error). 656 */ 657 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE, B_TRUE, 658 setsl_tag, &os); 659 if (error != 0) 660 return (SET_ERROR(EPERM)); 661 662 dmu_objset_disown(os, B_TRUE, setsl_tag); 663 664 if (new_default) { 665 needed_priv = PRIV_FILE_DOWNGRADE_SL; 666 goto out_check; 667 } 668 669 if (hexstr_to_label(strval, &new_sl) != 0) 670 return (SET_ERROR(EPERM)); 671 672 if (blstrictdom(&ds_sl, &new_sl)) 673 needed_priv = PRIV_FILE_DOWNGRADE_SL; 674 else if (blstrictdom(&new_sl, &ds_sl)) 675 needed_priv = PRIV_FILE_UPGRADE_SL; 676 } else { 677 /* dataset currently has a default label */ 678 if (!new_default) 679 needed_priv = PRIV_FILE_UPGRADE_SL; 680 } 681 682 out_check: 683 if (needed_priv != -1) 684 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL)); 685 return (0); 686 } 687 688 static int 689 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval, 690 cred_t *cr) 691 { 692 char *strval; 693 694 /* 695 * Check permissions for special properties. 696 */ 697 switch (prop) { 698 case ZFS_PROP_ZONED: 699 /* 700 * Disallow setting of 'zoned' from within a local zone. 701 */ 702 if (!INGLOBALZONE(curproc)) 703 return (SET_ERROR(EPERM)); 704 break; 705 706 case ZFS_PROP_QUOTA: 707 case ZFS_PROP_FILESYSTEM_LIMIT: 708 case ZFS_PROP_SNAPSHOT_LIMIT: 709 if (!INGLOBALZONE(curproc)) { 710 uint64_t zoned; 711 char setpoint[ZFS_MAX_DATASET_NAME_LEN]; 712 /* 713 * Unprivileged users are allowed to modify the 714 * limit on things *under* (ie. contained by) 715 * the thing they own. 716 */ 717 if (dsl_prop_get_integer(dsname, "zoned", &zoned, 718 setpoint)) 719 return (SET_ERROR(EPERM)); 720 if (!zoned || strlen(dsname) <= strlen(setpoint)) 721 return (SET_ERROR(EPERM)); 722 } 723 break; 724 725 case ZFS_PROP_MLSLABEL: 726 if (!is_system_labeled()) 727 return (SET_ERROR(EPERM)); 728 729 if (nvpair_value_string(propval, &strval) == 0) { 730 int err; 731 732 err = zfs_set_slabel_policy(dsname, strval, CRED()); 733 if (err != 0) 734 return (err); 735 } 736 break; 737 } 738 739 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr)); 740 } 741 742 /* ARGSUSED */ 743 static int 744 zfs_secpolicy_set_fsacl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 745 { 746 int error; 747 748 error = zfs_dozonecheck(zc->zc_name, cr); 749 if (error != 0) 750 return (error); 751 752 /* 753 * permission to set permissions will be evaluated later in 754 * dsl_deleg_can_allow() 755 */ 756 return (0); 757 } 758 759 /* ARGSUSED */ 760 static int 761 zfs_secpolicy_rollback(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 762 { 763 return (zfs_secpolicy_write_perms(zc->zc_name, 764 ZFS_DELEG_PERM_ROLLBACK, cr)); 765 } 766 767 /* ARGSUSED */ 768 static int 769 zfs_secpolicy_send(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 770 { 771 dsl_pool_t *dp; 772 dsl_dataset_t *ds; 773 char *cp; 774 int error; 775 776 /* 777 * Generate the current snapshot name from the given objsetid, then 778 * use that name for the secpolicy/zone checks. 779 */ 780 cp = strchr(zc->zc_name, '@'); 781 if (cp == NULL) 782 return (SET_ERROR(EINVAL)); 783 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 784 if (error != 0) 785 return (error); 786 787 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds); 788 if (error != 0) { 789 dsl_pool_rele(dp, FTAG); 790 return (error); 791 } 792 793 dsl_dataset_name(ds, zc->zc_name); 794 795 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds, 796 ZFS_DELEG_PERM_SEND, cr); 797 dsl_dataset_rele(ds, FTAG); 798 dsl_pool_rele(dp, FTAG); 799 800 return (error); 801 } 802 803 /* ARGSUSED */ 804 static int 805 zfs_secpolicy_send_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 806 { 807 return (zfs_secpolicy_write_perms(zc->zc_name, 808 ZFS_DELEG_PERM_SEND, cr)); 809 } 810 811 /* ARGSUSED */ 812 static int 813 zfs_secpolicy_deleg_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 814 { 815 vnode_t *vp; 816 int error; 817 818 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE, 819 NO_FOLLOW, NULL, &vp)) != 0) 820 return (error); 821 822 /* Now make sure mntpnt and dataset are ZFS */ 823 824 if (vp->v_vfsp->vfs_fstype != zfsfstype || 825 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource), 826 zc->zc_name) != 0)) { 827 VN_RELE(vp); 828 return (SET_ERROR(EPERM)); 829 } 830 831 VN_RELE(vp); 832 return (dsl_deleg_access(zc->zc_name, 833 ZFS_DELEG_PERM_SHARE, cr)); 834 } 835 836 int 837 zfs_secpolicy_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 838 { 839 if (secpolicy_nfs(cr) == 0) { 840 return (0); 841 } else { 842 return (zfs_secpolicy_deleg_share(zc, innvl, cr)); 843 } 844 } 845 846 int 847 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 848 { 849 if (secpolicy_smb(cr) == 0) { 850 return (0); 851 } else { 852 return (zfs_secpolicy_deleg_share(zc, innvl, cr)); 853 } 854 } 855 856 static int 857 zfs_get_parent(const char *datasetname, char *parent, int parentsize) 858 { 859 char *cp; 860 861 /* 862 * Remove the @bla or /bla from the end of the name to get the parent. 863 */ 864 (void) strncpy(parent, datasetname, parentsize); 865 cp = strrchr(parent, '@'); 866 if (cp != NULL) { 867 cp[0] = '\0'; 868 } else { 869 cp = strrchr(parent, '/'); 870 if (cp == NULL) 871 return (SET_ERROR(ENOENT)); 872 cp[0] = '\0'; 873 } 874 875 return (0); 876 } 877 878 int 879 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr) 880 { 881 int error; 882 883 if ((error = zfs_secpolicy_write_perms(name, 884 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 885 return (error); 886 887 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr)); 888 } 889 890 /* ARGSUSED */ 891 static int 892 zfs_secpolicy_destroy(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 893 { 894 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr)); 895 } 896 897 /* 898 * Destroying snapshots with delegated permissions requires 899 * descendant mount and destroy permissions. 900 */ 901 /* ARGSUSED */ 902 static int 903 zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 904 { 905 nvlist_t *snaps; 906 nvpair_t *pair, *nextpair; 907 int error = 0; 908 909 snaps = fnvlist_lookup_nvlist(innvl, "snaps"); 910 911 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 912 pair = nextpair) { 913 nextpair = nvlist_next_nvpair(snaps, pair); 914 error = zfs_secpolicy_destroy_perms(nvpair_name(pair), cr); 915 if (error == ENOENT) { 916 /* 917 * Ignore any snapshots that don't exist (we consider 918 * them "already destroyed"). Remove the name from the 919 * nvl here in case the snapshot is created between 920 * now and when we try to destroy it (in which case 921 * we don't want to destroy it since we haven't 922 * checked for permission). 923 */ 924 fnvlist_remove_nvpair(snaps, pair); 925 error = 0; 926 } 927 if (error != 0) 928 break; 929 } 930 931 return (error); 932 } 933 934 int 935 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr) 936 { 937 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 938 int error; 939 940 if ((error = zfs_secpolicy_write_perms(from, 941 ZFS_DELEG_PERM_RENAME, cr)) != 0) 942 return (error); 943 944 if ((error = zfs_secpolicy_write_perms(from, 945 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 946 return (error); 947 948 if ((error = zfs_get_parent(to, parentname, 949 sizeof (parentname))) != 0) 950 return (error); 951 952 if ((error = zfs_secpolicy_write_perms(parentname, 953 ZFS_DELEG_PERM_CREATE, cr)) != 0) 954 return (error); 955 956 if ((error = zfs_secpolicy_write_perms(parentname, 957 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 958 return (error); 959 960 return (error); 961 } 962 963 /* ARGSUSED */ 964 static int 965 zfs_secpolicy_rename(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 966 { 967 return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr)); 968 } 969 970 /* ARGSUSED */ 971 static int 972 zfs_secpolicy_promote(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 973 { 974 dsl_pool_t *dp; 975 dsl_dataset_t *clone; 976 int error; 977 978 error = zfs_secpolicy_write_perms(zc->zc_name, 979 ZFS_DELEG_PERM_PROMOTE, cr); 980 if (error != 0) 981 return (error); 982 983 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 984 if (error != 0) 985 return (error); 986 987 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &clone); 988 989 if (error == 0) { 990 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 991 dsl_dataset_t *origin = NULL; 992 dsl_dir_t *dd; 993 dd = clone->ds_dir; 994 995 error = dsl_dataset_hold_obj(dd->dd_pool, 996 dsl_dir_phys(dd)->dd_origin_obj, FTAG, &origin); 997 if (error != 0) { 998 dsl_dataset_rele(clone, FTAG); 999 dsl_pool_rele(dp, FTAG); 1000 return (error); 1001 } 1002 1003 error = zfs_secpolicy_write_perms_ds(zc->zc_name, clone, 1004 ZFS_DELEG_PERM_MOUNT, cr); 1005 1006 dsl_dataset_name(origin, parentname); 1007 if (error == 0) { 1008 error = zfs_secpolicy_write_perms_ds(parentname, origin, 1009 ZFS_DELEG_PERM_PROMOTE, cr); 1010 } 1011 dsl_dataset_rele(clone, FTAG); 1012 dsl_dataset_rele(origin, FTAG); 1013 } 1014 dsl_pool_rele(dp, FTAG); 1015 return (error); 1016 } 1017 1018 /* ARGSUSED */ 1019 static int 1020 zfs_secpolicy_recv(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1021 { 1022 int error; 1023 1024 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 1025 ZFS_DELEG_PERM_RECEIVE, cr)) != 0) 1026 return (error); 1027 1028 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 1029 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 1030 return (error); 1031 1032 return (zfs_secpolicy_write_perms(zc->zc_name, 1033 ZFS_DELEG_PERM_CREATE, cr)); 1034 } 1035 1036 int 1037 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr) 1038 { 1039 return (zfs_secpolicy_write_perms(name, 1040 ZFS_DELEG_PERM_SNAPSHOT, cr)); 1041 } 1042 1043 /* 1044 * Check for permission to create each snapshot in the nvlist. 1045 */ 1046 /* ARGSUSED */ 1047 static int 1048 zfs_secpolicy_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1049 { 1050 nvlist_t *snaps; 1051 int error = 0; 1052 nvpair_t *pair; 1053 1054 snaps = fnvlist_lookup_nvlist(innvl, "snaps"); 1055 1056 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 1057 pair = nvlist_next_nvpair(snaps, pair)) { 1058 char *name = nvpair_name(pair); 1059 char *atp = strchr(name, '@'); 1060 1061 if (atp == NULL) { 1062 error = SET_ERROR(EINVAL); 1063 break; 1064 } 1065 *atp = '\0'; 1066 error = zfs_secpolicy_snapshot_perms(name, cr); 1067 *atp = '@'; 1068 if (error != 0) 1069 break; 1070 } 1071 return (error); 1072 } 1073 1074 /* 1075 * Check for permission to create each bookmark in the nvlist. 1076 */ 1077 /* ARGSUSED */ 1078 static int 1079 zfs_secpolicy_bookmark(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1080 { 1081 int error = 0; 1082 1083 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL); 1084 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) { 1085 char *name = nvpair_name(pair); 1086 char *hashp = strchr(name, '#'); 1087 1088 if (hashp == NULL) { 1089 error = SET_ERROR(EINVAL); 1090 break; 1091 } 1092 *hashp = '\0'; 1093 error = zfs_secpolicy_write_perms(name, 1094 ZFS_DELEG_PERM_BOOKMARK, cr); 1095 *hashp = '#'; 1096 if (error != 0) 1097 break; 1098 } 1099 return (error); 1100 } 1101 1102 /* ARGSUSED */ 1103 static int 1104 zfs_secpolicy_remap(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1105 { 1106 return (zfs_secpolicy_write_perms(zc->zc_name, 1107 ZFS_DELEG_PERM_REMAP, cr)); 1108 } 1109 1110 /* ARGSUSED */ 1111 static int 1112 zfs_secpolicy_destroy_bookmarks(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1113 { 1114 nvpair_t *pair, *nextpair; 1115 int error = 0; 1116 1117 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL; 1118 pair = nextpair) { 1119 char *name = nvpair_name(pair); 1120 char *hashp = strchr(name, '#'); 1121 nextpair = nvlist_next_nvpair(innvl, pair); 1122 1123 if (hashp == NULL) { 1124 error = SET_ERROR(EINVAL); 1125 break; 1126 } 1127 1128 *hashp = '\0'; 1129 error = zfs_secpolicy_write_perms(name, 1130 ZFS_DELEG_PERM_DESTROY, cr); 1131 *hashp = '#'; 1132 if (error == ENOENT) { 1133 /* 1134 * Ignore any filesystems that don't exist (we consider 1135 * their bookmarks "already destroyed"). Remove 1136 * the name from the nvl here in case the filesystem 1137 * is created between now and when we try to destroy 1138 * the bookmark (in which case we don't want to 1139 * destroy it since we haven't checked for permission). 1140 */ 1141 fnvlist_remove_nvpair(innvl, pair); 1142 error = 0; 1143 } 1144 if (error != 0) 1145 break; 1146 } 1147 1148 return (error); 1149 } 1150 1151 /* ARGSUSED */ 1152 static int 1153 zfs_secpolicy_log_history(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1154 { 1155 /* 1156 * Even root must have a proper TSD so that we know what pool 1157 * to log to. 1158 */ 1159 if (tsd_get(zfs_allow_log_key) == NULL) 1160 return (SET_ERROR(EPERM)); 1161 return (0); 1162 } 1163 1164 static int 1165 zfs_secpolicy_create_clone(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1166 { 1167 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 1168 int error; 1169 char *origin; 1170 1171 if ((error = zfs_get_parent(zc->zc_name, parentname, 1172 sizeof (parentname))) != 0) 1173 return (error); 1174 1175 if (nvlist_lookup_string(innvl, "origin", &origin) == 0 && 1176 (error = zfs_secpolicy_write_perms(origin, 1177 ZFS_DELEG_PERM_CLONE, cr)) != 0) 1178 return (error); 1179 1180 if ((error = zfs_secpolicy_write_perms(parentname, 1181 ZFS_DELEG_PERM_CREATE, cr)) != 0) 1182 return (error); 1183 1184 return (zfs_secpolicy_write_perms(parentname, 1185 ZFS_DELEG_PERM_MOUNT, cr)); 1186 } 1187 1188 /* 1189 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires 1190 * SYS_CONFIG privilege, which is not available in a local zone. 1191 */ 1192 /* ARGSUSED */ 1193 static int 1194 zfs_secpolicy_config(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1195 { 1196 if (secpolicy_sys_config(cr, B_FALSE) != 0) 1197 return (SET_ERROR(EPERM)); 1198 1199 return (0); 1200 } 1201 1202 /* 1203 * Policy for object to name lookups. 1204 */ 1205 /* ARGSUSED */ 1206 static int 1207 zfs_secpolicy_diff(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1208 { 1209 int error; 1210 1211 if ((error = secpolicy_sys_config(cr, B_FALSE)) == 0) 1212 return (0); 1213 1214 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr); 1215 return (error); 1216 } 1217 1218 /* 1219 * Policy for fault injection. Requires all privileges. 1220 */ 1221 /* ARGSUSED */ 1222 static int 1223 zfs_secpolicy_inject(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1224 { 1225 return (secpolicy_zinject(cr)); 1226 } 1227 1228 /* ARGSUSED */ 1229 static int 1230 zfs_secpolicy_inherit_prop(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1231 { 1232 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value); 1233 1234 if (prop == ZPROP_INVAL) { 1235 if (!zfs_prop_user(zc->zc_value)) 1236 return (SET_ERROR(EINVAL)); 1237 return (zfs_secpolicy_write_perms(zc->zc_name, 1238 ZFS_DELEG_PERM_USERPROP, cr)); 1239 } else { 1240 return (zfs_secpolicy_setprop(zc->zc_name, prop, 1241 NULL, cr)); 1242 } 1243 } 1244 1245 static int 1246 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1247 { 1248 int err = zfs_secpolicy_read(zc, innvl, cr); 1249 if (err) 1250 return (err); 1251 1252 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 1253 return (SET_ERROR(EINVAL)); 1254 1255 if (zc->zc_value[0] == 0) { 1256 /* 1257 * They are asking about a posix uid/gid. If it's 1258 * themself, allow it. 1259 */ 1260 if (zc->zc_objset_type == ZFS_PROP_USERUSED || 1261 zc->zc_objset_type == ZFS_PROP_USERQUOTA || 1262 zc->zc_objset_type == ZFS_PROP_USEROBJUSED || 1263 zc->zc_objset_type == ZFS_PROP_USEROBJQUOTA) { 1264 if (zc->zc_guid == crgetuid(cr)) 1265 return (0); 1266 } else if (zc->zc_objset_type == ZFS_PROP_GROUPUSED || 1267 zc->zc_objset_type == ZFS_PROP_GROUPQUOTA || 1268 zc->zc_objset_type == ZFS_PROP_GROUPOBJUSED || 1269 zc->zc_objset_type == ZFS_PROP_GROUPOBJQUOTA) { 1270 if (groupmember(zc->zc_guid, cr)) 1271 return (0); 1272 } 1273 /* else is for project quota/used */ 1274 } 1275 1276 return (zfs_secpolicy_write_perms(zc->zc_name, 1277 userquota_perms[zc->zc_objset_type], cr)); 1278 } 1279 1280 static int 1281 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1282 { 1283 int err = zfs_secpolicy_read(zc, innvl, cr); 1284 if (err) 1285 return (err); 1286 1287 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 1288 return (SET_ERROR(EINVAL)); 1289 1290 return (zfs_secpolicy_write_perms(zc->zc_name, 1291 userquota_perms[zc->zc_objset_type], cr)); 1292 } 1293 1294 /* ARGSUSED */ 1295 static int 1296 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1297 { 1298 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION, 1299 NULL, cr)); 1300 } 1301 1302 /* ARGSUSED */ 1303 static int 1304 zfs_secpolicy_hold(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1305 { 1306 nvpair_t *pair; 1307 nvlist_t *holds; 1308 int error; 1309 1310 holds = fnvlist_lookup_nvlist(innvl, "holds"); 1311 1312 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL; 1313 pair = nvlist_next_nvpair(holds, pair)) { 1314 char fsname[ZFS_MAX_DATASET_NAME_LEN]; 1315 error = dmu_fsname(nvpair_name(pair), fsname); 1316 if (error != 0) 1317 return (error); 1318 error = zfs_secpolicy_write_perms(fsname, 1319 ZFS_DELEG_PERM_HOLD, cr); 1320 if (error != 0) 1321 return (error); 1322 } 1323 return (0); 1324 } 1325 1326 /* ARGSUSED */ 1327 static int 1328 zfs_secpolicy_release(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1329 { 1330 nvpair_t *pair; 1331 int error; 1332 1333 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL; 1334 pair = nvlist_next_nvpair(innvl, pair)) { 1335 char fsname[ZFS_MAX_DATASET_NAME_LEN]; 1336 error = dmu_fsname(nvpair_name(pair), fsname); 1337 if (error != 0) 1338 return (error); 1339 error = zfs_secpolicy_write_perms(fsname, 1340 ZFS_DELEG_PERM_RELEASE, cr); 1341 if (error != 0) 1342 return (error); 1343 } 1344 return (0); 1345 } 1346 1347 /* ARGSUSED */ 1348 static int 1349 zfs_secpolicy_load_key(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1350 { 1351 return (zfs_secpolicy_write_perms(zc->zc_name, 1352 ZFS_DELEG_PERM_LOAD_KEY, cr)); 1353 } 1354 1355 /* ARGSUSED */ 1356 static int 1357 zfs_secpolicy_change_key(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1358 { 1359 return (zfs_secpolicy_write_perms(zc->zc_name, 1360 ZFS_DELEG_PERM_CHANGE_KEY, cr)); 1361 } 1362 1363 /* 1364 * Policy for allowing temporary snapshots to be taken or released 1365 */ 1366 static int 1367 zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1368 { 1369 /* 1370 * A temporary snapshot is the same as a snapshot, 1371 * hold, destroy and release all rolled into one. 1372 * Delegated diff alone is sufficient that we allow this. 1373 */ 1374 int error; 1375 1376 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 1377 ZFS_DELEG_PERM_DIFF, cr)) == 0) 1378 return (0); 1379 1380 error = zfs_secpolicy_snapshot_perms(zc->zc_name, cr); 1381 1382 if (innvl != NULL) { 1383 if (error == 0) 1384 error = zfs_secpolicy_hold(zc, innvl, cr); 1385 if (error == 0) 1386 error = zfs_secpolicy_release(zc, innvl, cr); 1387 if (error == 0) 1388 error = zfs_secpolicy_destroy(zc, innvl, cr); 1389 } 1390 return (error); 1391 } 1392 1393 /* 1394 * Returns the nvlist as specified by the user in the zfs_cmd_t. 1395 */ 1396 static int 1397 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp) 1398 { 1399 char *packed; 1400 int error; 1401 nvlist_t *list = NULL; 1402 1403 /* 1404 * Read in and unpack the user-supplied nvlist. 1405 */ 1406 if (size == 0) 1407 return (SET_ERROR(EINVAL)); 1408 1409 packed = kmem_alloc(size, KM_SLEEP); 1410 1411 if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size, 1412 iflag)) != 0) { 1413 kmem_free(packed, size); 1414 return (SET_ERROR(EFAULT)); 1415 } 1416 1417 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) { 1418 kmem_free(packed, size); 1419 return (error); 1420 } 1421 1422 kmem_free(packed, size); 1423 1424 *nvp = list; 1425 return (0); 1426 } 1427 1428 /* 1429 * Reduce the size of this nvlist until it can be serialized in 'max' bytes. 1430 * Entries will be removed from the end of the nvlist, and one int32 entry 1431 * named "N_MORE_ERRORS" will be added indicating how many entries were 1432 * removed. 1433 */ 1434 static int 1435 nvlist_smush(nvlist_t *errors, size_t max) 1436 { 1437 size_t size; 1438 1439 size = fnvlist_size(errors); 1440 1441 if (size > max) { 1442 nvpair_t *more_errors; 1443 int n = 0; 1444 1445 if (max < 1024) 1446 return (SET_ERROR(ENOMEM)); 1447 1448 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, 0); 1449 more_errors = nvlist_prev_nvpair(errors, NULL); 1450 1451 do { 1452 nvpair_t *pair = nvlist_prev_nvpair(errors, 1453 more_errors); 1454 fnvlist_remove_nvpair(errors, pair); 1455 n++; 1456 size = fnvlist_size(errors); 1457 } while (size > max); 1458 1459 fnvlist_remove_nvpair(errors, more_errors); 1460 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, n); 1461 ASSERT3U(fnvlist_size(errors), <=, max); 1462 } 1463 1464 return (0); 1465 } 1466 1467 static int 1468 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl) 1469 { 1470 char *packed = NULL; 1471 int error = 0; 1472 size_t size; 1473 1474 size = fnvlist_size(nvl); 1475 1476 if (size > zc->zc_nvlist_dst_size) { 1477 error = SET_ERROR(ENOMEM); 1478 } else { 1479 packed = fnvlist_pack(nvl, &size); 1480 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst, 1481 size, zc->zc_iflags) != 0) 1482 error = SET_ERROR(EFAULT); 1483 fnvlist_pack_free(packed, size); 1484 } 1485 1486 zc->zc_nvlist_dst_size = size; 1487 zc->zc_nvlist_dst_filled = B_TRUE; 1488 return (error); 1489 } 1490 1491 int 1492 getzfsvfs_impl(objset_t *os, zfsvfs_t **zfvp) 1493 { 1494 int error = 0; 1495 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1496 return (SET_ERROR(EINVAL)); 1497 } 1498 1499 mutex_enter(&os->os_user_ptr_lock); 1500 *zfvp = dmu_objset_get_user(os); 1501 if (*zfvp) { 1502 VFS_HOLD((*zfvp)->z_vfs); 1503 } else { 1504 error = SET_ERROR(ESRCH); 1505 } 1506 mutex_exit(&os->os_user_ptr_lock); 1507 return (error); 1508 } 1509 1510 int 1511 getzfsvfs(const char *dsname, zfsvfs_t **zfvp) 1512 { 1513 objset_t *os; 1514 int error; 1515 1516 error = dmu_objset_hold(dsname, FTAG, &os); 1517 if (error != 0) 1518 return (error); 1519 1520 error = getzfsvfs_impl(os, zfvp); 1521 dmu_objset_rele(os, FTAG); 1522 return (error); 1523 } 1524 1525 /* 1526 * Find a zfsvfs_t for a mounted filesystem, or create our own, in which 1527 * case its z_vfs will be NULL, and it will be opened as the owner. 1528 * If 'writer' is set, the z_teardown_lock will be held for RW_WRITER, 1529 * which prevents all vnode ops from running. 1530 */ 1531 static int 1532 zfsvfs_hold(const char *name, void *tag, zfsvfs_t **zfvp, boolean_t writer) 1533 { 1534 int error = 0; 1535 1536 if (getzfsvfs(name, zfvp) != 0) 1537 error = zfsvfs_create(name, B_FALSE, zfvp); 1538 if (error == 0) { 1539 rrm_enter(&(*zfvp)->z_teardown_lock, (writer) ? RW_WRITER : 1540 RW_READER, tag); 1541 if ((*zfvp)->z_unmounted) { 1542 /* 1543 * XXX we could probably try again, since the unmounting 1544 * thread should be just about to disassociate the 1545 * objset from the zfsvfs. 1546 */ 1547 rrm_exit(&(*zfvp)->z_teardown_lock, tag); 1548 return (SET_ERROR(EBUSY)); 1549 } 1550 } 1551 return (error); 1552 } 1553 1554 static void 1555 zfsvfs_rele(zfsvfs_t *zfsvfs, void *tag) 1556 { 1557 rrm_exit(&zfsvfs->z_teardown_lock, tag); 1558 1559 if (zfsvfs->z_vfs) { 1560 VFS_RELE(zfsvfs->z_vfs); 1561 } else { 1562 dmu_objset_disown(zfsvfs->z_os, B_TRUE, zfsvfs); 1563 zfsvfs_free(zfsvfs); 1564 } 1565 } 1566 1567 static int 1568 zfs_ioc_pool_create(zfs_cmd_t *zc) 1569 { 1570 int error; 1571 nvlist_t *config, *props = NULL; 1572 nvlist_t *rootprops = NULL; 1573 nvlist_t *zplprops = NULL; 1574 char *spa_name = zc->zc_name; 1575 dsl_crypto_params_t *dcp = NULL; 1576 1577 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1578 zc->zc_iflags, &config)) 1579 return (error); 1580 1581 if (zc->zc_nvlist_src_size != 0 && (error = 1582 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1583 zc->zc_iflags, &props))) { 1584 nvlist_free(config); 1585 return (error); 1586 } 1587 1588 if (props) { 1589 nvlist_t *nvl = NULL; 1590 nvlist_t *hidden_args = NULL; 1591 uint64_t version = SPA_VERSION; 1592 char *tname; 1593 1594 (void) nvlist_lookup_uint64(props, 1595 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version); 1596 if (!SPA_VERSION_IS_SUPPORTED(version)) { 1597 error = SET_ERROR(EINVAL); 1598 goto pool_props_bad; 1599 } 1600 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl); 1601 if (nvl) { 1602 error = nvlist_dup(nvl, &rootprops, KM_SLEEP); 1603 if (error != 0) { 1604 nvlist_free(config); 1605 nvlist_free(props); 1606 return (error); 1607 } 1608 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS); 1609 } 1610 1611 (void) nvlist_lookup_nvlist(props, ZPOOL_HIDDEN_ARGS, 1612 &hidden_args); 1613 error = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, 1614 rootprops, hidden_args, &dcp); 1615 if (error != 0) { 1616 nvlist_free(config); 1617 nvlist_free(props); 1618 return (error); 1619 } 1620 (void) nvlist_remove_all(props, ZPOOL_HIDDEN_ARGS); 1621 1622 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 1623 error = zfs_fill_zplprops_root(version, rootprops, 1624 zplprops, NULL); 1625 if (error != 0) 1626 goto pool_props_bad; 1627 1628 if (nvlist_lookup_string(props, 1629 zpool_prop_to_name(ZPOOL_PROP_TNAME), &tname) == 0) 1630 spa_name = tname; 1631 } 1632 1633 error = spa_create(zc->zc_name, config, props, zplprops, dcp); 1634 1635 /* 1636 * Set the remaining root properties 1637 */ 1638 if (!error && (error = zfs_set_prop_nvlist(spa_name, 1639 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0) 1640 (void) spa_destroy(spa_name); 1641 1642 pool_props_bad: 1643 nvlist_free(rootprops); 1644 nvlist_free(zplprops); 1645 nvlist_free(config); 1646 nvlist_free(props); 1647 dsl_crypto_params_free(dcp, !!error); 1648 1649 return (error); 1650 } 1651 1652 static int 1653 zfs_ioc_pool_destroy(zfs_cmd_t *zc) 1654 { 1655 int error; 1656 zfs_log_history(zc); 1657 error = spa_destroy(zc->zc_name); 1658 if (error == 0) 1659 zvol_remove_minors(zc->zc_name); 1660 return (error); 1661 } 1662 1663 static int 1664 zfs_ioc_pool_import(zfs_cmd_t *zc) 1665 { 1666 nvlist_t *config, *props = NULL; 1667 uint64_t guid; 1668 int error; 1669 1670 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1671 zc->zc_iflags, &config)) != 0) 1672 return (error); 1673 1674 if (zc->zc_nvlist_src_size != 0 && (error = 1675 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1676 zc->zc_iflags, &props))) { 1677 nvlist_free(config); 1678 return (error); 1679 } 1680 1681 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 || 1682 guid != zc->zc_guid) 1683 error = SET_ERROR(EINVAL); 1684 else 1685 error = spa_import(zc->zc_name, config, props, zc->zc_cookie); 1686 1687 if (zc->zc_nvlist_dst != 0) { 1688 int err; 1689 1690 if ((err = put_nvlist(zc, config)) != 0) 1691 error = err; 1692 } 1693 1694 nvlist_free(config); 1695 1696 nvlist_free(props); 1697 1698 return (error); 1699 } 1700 1701 static int 1702 zfs_ioc_pool_export(zfs_cmd_t *zc) 1703 { 1704 int error; 1705 boolean_t force = (boolean_t)zc->zc_cookie; 1706 boolean_t hardforce = (boolean_t)zc->zc_guid; 1707 1708 zfs_log_history(zc); 1709 error = spa_export(zc->zc_name, NULL, force, hardforce); 1710 if (error == 0) 1711 zvol_remove_minors(zc->zc_name); 1712 return (error); 1713 } 1714 1715 static int 1716 zfs_ioc_pool_configs(zfs_cmd_t *zc) 1717 { 1718 nvlist_t *configs; 1719 int error; 1720 1721 if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL) 1722 return (SET_ERROR(EEXIST)); 1723 1724 error = put_nvlist(zc, configs); 1725 1726 nvlist_free(configs); 1727 1728 return (error); 1729 } 1730 1731 /* 1732 * inputs: 1733 * zc_name name of the pool 1734 * 1735 * outputs: 1736 * zc_cookie real errno 1737 * zc_nvlist_dst config nvlist 1738 * zc_nvlist_dst_size size of config nvlist 1739 */ 1740 static int 1741 zfs_ioc_pool_stats(zfs_cmd_t *zc) 1742 { 1743 nvlist_t *config; 1744 int error; 1745 int ret = 0; 1746 1747 error = spa_get_stats(zc->zc_name, &config, zc->zc_value, 1748 sizeof (zc->zc_value)); 1749 1750 if (config != NULL) { 1751 ret = put_nvlist(zc, config); 1752 nvlist_free(config); 1753 1754 /* 1755 * The config may be present even if 'error' is non-zero. 1756 * In this case we return success, and preserve the real errno 1757 * in 'zc_cookie'. 1758 */ 1759 zc->zc_cookie = error; 1760 } else { 1761 ret = error; 1762 } 1763 1764 return (ret); 1765 } 1766 1767 /* 1768 * Try to import the given pool, returning pool stats as appropriate so that 1769 * user land knows which devices are available and overall pool health. 1770 */ 1771 static int 1772 zfs_ioc_pool_tryimport(zfs_cmd_t *zc) 1773 { 1774 nvlist_t *tryconfig, *config; 1775 int error; 1776 1777 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1778 zc->zc_iflags, &tryconfig)) != 0) 1779 return (error); 1780 1781 config = spa_tryimport(tryconfig); 1782 1783 nvlist_free(tryconfig); 1784 1785 if (config == NULL) 1786 return (SET_ERROR(EINVAL)); 1787 1788 error = put_nvlist(zc, config); 1789 nvlist_free(config); 1790 1791 return (error); 1792 } 1793 1794 /* 1795 * inputs: 1796 * zc_name name of the pool 1797 * zc_cookie scan func (pool_scan_func_t) 1798 * zc_flags scrub pause/resume flag (pool_scrub_cmd_t) 1799 */ 1800 static int 1801 zfs_ioc_pool_scan(zfs_cmd_t *zc) 1802 { 1803 spa_t *spa; 1804 int error; 1805 1806 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1807 return (error); 1808 1809 if (zc->zc_flags >= POOL_SCRUB_FLAGS_END) 1810 return (SET_ERROR(EINVAL)); 1811 1812 if (zc->zc_flags == POOL_SCRUB_PAUSE) 1813 error = spa_scrub_pause_resume(spa, POOL_SCRUB_PAUSE); 1814 else if (zc->zc_cookie == POOL_SCAN_NONE) 1815 error = spa_scan_stop(spa); 1816 else 1817 error = spa_scan(spa, zc->zc_cookie); 1818 1819 spa_close(spa, FTAG); 1820 1821 return (error); 1822 } 1823 1824 static int 1825 zfs_ioc_pool_freeze(zfs_cmd_t *zc) 1826 { 1827 spa_t *spa; 1828 int error; 1829 1830 error = spa_open(zc->zc_name, &spa, FTAG); 1831 if (error == 0) { 1832 spa_freeze(spa); 1833 spa_close(spa, FTAG); 1834 } 1835 return (error); 1836 } 1837 1838 static int 1839 zfs_ioc_pool_upgrade(zfs_cmd_t *zc) 1840 { 1841 spa_t *spa; 1842 int error; 1843 1844 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1845 return (error); 1846 1847 if (zc->zc_cookie < spa_version(spa) || 1848 !SPA_VERSION_IS_SUPPORTED(zc->zc_cookie)) { 1849 spa_close(spa, FTAG); 1850 return (SET_ERROR(EINVAL)); 1851 } 1852 1853 spa_upgrade(spa, zc->zc_cookie); 1854 spa_close(spa, FTAG); 1855 1856 return (error); 1857 } 1858 1859 static int 1860 zfs_ioc_pool_get_history(zfs_cmd_t *zc) 1861 { 1862 spa_t *spa; 1863 char *hist_buf; 1864 uint64_t size; 1865 int error; 1866 1867 if ((size = zc->zc_history_len) == 0) 1868 return (SET_ERROR(EINVAL)); 1869 1870 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1871 return (error); 1872 1873 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) { 1874 spa_close(spa, FTAG); 1875 return (SET_ERROR(ENOTSUP)); 1876 } 1877 1878 hist_buf = kmem_alloc(size, KM_SLEEP); 1879 if ((error = spa_history_get(spa, &zc->zc_history_offset, 1880 &zc->zc_history_len, hist_buf)) == 0) { 1881 error = ddi_copyout(hist_buf, 1882 (void *)(uintptr_t)zc->zc_history, 1883 zc->zc_history_len, zc->zc_iflags); 1884 } 1885 1886 spa_close(spa, FTAG); 1887 kmem_free(hist_buf, size); 1888 return (error); 1889 } 1890 1891 static int 1892 zfs_ioc_pool_reguid(zfs_cmd_t *zc) 1893 { 1894 spa_t *spa; 1895 int error; 1896 1897 error = spa_open(zc->zc_name, &spa, FTAG); 1898 if (error == 0) { 1899 error = spa_change_guid(spa); 1900 spa_close(spa, FTAG); 1901 } 1902 return (error); 1903 } 1904 1905 static int 1906 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc) 1907 { 1908 return (dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value)); 1909 } 1910 1911 /* 1912 * inputs: 1913 * zc_name name of filesystem 1914 * zc_obj object to find 1915 * 1916 * outputs: 1917 * zc_value name of object 1918 */ 1919 static int 1920 zfs_ioc_obj_to_path(zfs_cmd_t *zc) 1921 { 1922 objset_t *os; 1923 int error; 1924 1925 /* XXX reading from objset not owned */ 1926 if ((error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, 1927 FTAG, &os)) != 0) 1928 return (error); 1929 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1930 dmu_objset_rele_flags(os, B_TRUE, FTAG); 1931 return (SET_ERROR(EINVAL)); 1932 } 1933 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value, 1934 sizeof (zc->zc_value)); 1935 dmu_objset_rele_flags(os, B_TRUE, FTAG); 1936 1937 return (error); 1938 } 1939 1940 /* 1941 * inputs: 1942 * zc_name name of filesystem 1943 * zc_obj object to find 1944 * 1945 * outputs: 1946 * zc_stat stats on object 1947 * zc_value path to object 1948 */ 1949 static int 1950 zfs_ioc_obj_to_stats(zfs_cmd_t *zc) 1951 { 1952 objset_t *os; 1953 int error; 1954 1955 /* XXX reading from objset not owned */ 1956 if ((error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, 1957 FTAG, &os)) != 0) 1958 return (error); 1959 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1960 dmu_objset_rele_flags(os, B_TRUE, FTAG); 1961 return (SET_ERROR(EINVAL)); 1962 } 1963 error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value, 1964 sizeof (zc->zc_value)); 1965 dmu_objset_rele_flags(os, B_TRUE, FTAG); 1966 1967 return (error); 1968 } 1969 1970 static int 1971 zfs_ioc_vdev_add(zfs_cmd_t *zc) 1972 { 1973 spa_t *spa; 1974 int error; 1975 nvlist_t *config, **l2cache, **spares; 1976 uint_t nl2cache = 0, nspares = 0; 1977 1978 error = spa_open(zc->zc_name, &spa, FTAG); 1979 if (error != 0) 1980 return (error); 1981 1982 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1983 zc->zc_iflags, &config); 1984 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_L2CACHE, 1985 &l2cache, &nl2cache); 1986 1987 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_SPARES, 1988 &spares, &nspares); 1989 1990 /* 1991 * A root pool with concatenated devices is not supported. 1992 * Thus, can not add a device to a root pool. 1993 * 1994 * Intent log device can not be added to a rootpool because 1995 * during mountroot, zil is replayed, a seperated log device 1996 * can not be accessed during the mountroot time. 1997 * 1998 * l2cache and spare devices are ok to be added to a rootpool. 1999 */ 2000 if (spa_bootfs(spa) != 0 && nl2cache == 0 && nspares == 0) { 2001 nvlist_free(config); 2002 spa_close(spa, FTAG); 2003 return (SET_ERROR(EDOM)); 2004 } 2005 2006 if (error == 0) { 2007 error = spa_vdev_add(spa, config); 2008 nvlist_free(config); 2009 } 2010 spa_close(spa, FTAG); 2011 return (error); 2012 } 2013 2014 /* 2015 * inputs: 2016 * zc_name name of the pool 2017 * zc_guid guid of vdev to remove 2018 * zc_cookie cancel removal 2019 */ 2020 static int 2021 zfs_ioc_vdev_remove(zfs_cmd_t *zc) 2022 { 2023 spa_t *spa; 2024 int error; 2025 2026 error = spa_open(zc->zc_name, &spa, FTAG); 2027 if (error != 0) 2028 return (error); 2029 if (zc->zc_cookie != 0) { 2030 error = spa_vdev_remove_cancel(spa); 2031 } else { 2032 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE); 2033 } 2034 spa_close(spa, FTAG); 2035 return (error); 2036 } 2037 2038 static int 2039 zfs_ioc_vdev_set_state(zfs_cmd_t *zc) 2040 { 2041 spa_t *spa; 2042 int error; 2043 vdev_state_t newstate = VDEV_STATE_UNKNOWN; 2044 2045 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 2046 return (error); 2047 switch (zc->zc_cookie) { 2048 case VDEV_STATE_ONLINE: 2049 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate); 2050 break; 2051 2052 case VDEV_STATE_OFFLINE: 2053 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj); 2054 break; 2055 2056 case VDEV_STATE_FAULTED: 2057 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED && 2058 zc->zc_obj != VDEV_AUX_EXTERNAL) 2059 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED; 2060 2061 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj); 2062 break; 2063 2064 case VDEV_STATE_DEGRADED: 2065 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED && 2066 zc->zc_obj != VDEV_AUX_EXTERNAL) 2067 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED; 2068 2069 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj); 2070 break; 2071 2072 default: 2073 error = SET_ERROR(EINVAL); 2074 } 2075 zc->zc_cookie = newstate; 2076 spa_close(spa, FTAG); 2077 return (error); 2078 } 2079 2080 static int 2081 zfs_ioc_vdev_attach(zfs_cmd_t *zc) 2082 { 2083 spa_t *spa; 2084 int replacing = zc->zc_cookie; 2085 nvlist_t *config; 2086 int error; 2087 2088 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 2089 return (error); 2090 2091 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 2092 zc->zc_iflags, &config)) == 0) { 2093 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing); 2094 nvlist_free(config); 2095 } 2096 2097 spa_close(spa, FTAG); 2098 return (error); 2099 } 2100 2101 static int 2102 zfs_ioc_vdev_detach(zfs_cmd_t *zc) 2103 { 2104 spa_t *spa; 2105 int error; 2106 2107 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 2108 return (error); 2109 2110 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE); 2111 2112 spa_close(spa, FTAG); 2113 return (error); 2114 } 2115 2116 static int 2117 zfs_ioc_vdev_split(zfs_cmd_t *zc) 2118 { 2119 spa_t *spa; 2120 nvlist_t *config, *props = NULL; 2121 int error; 2122 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT); 2123 2124 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 2125 return (error); 2126 2127 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 2128 zc->zc_iflags, &config)) { 2129 spa_close(spa, FTAG); 2130 return (error); 2131 } 2132 2133 if (zc->zc_nvlist_src_size != 0 && (error = 2134 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2135 zc->zc_iflags, &props))) { 2136 spa_close(spa, FTAG); 2137 nvlist_free(config); 2138 return (error); 2139 } 2140 2141 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp); 2142 2143 spa_close(spa, FTAG); 2144 2145 nvlist_free(config); 2146 nvlist_free(props); 2147 2148 return (error); 2149 } 2150 2151 static int 2152 zfs_ioc_vdev_setpath(zfs_cmd_t *zc) 2153 { 2154 spa_t *spa; 2155 char *path = zc->zc_value; 2156 uint64_t guid = zc->zc_guid; 2157 int error; 2158 2159 error = spa_open(zc->zc_name, &spa, FTAG); 2160 if (error != 0) 2161 return (error); 2162 2163 error = spa_vdev_setpath(spa, guid, path); 2164 spa_close(spa, FTAG); 2165 return (error); 2166 } 2167 2168 static int 2169 zfs_ioc_vdev_setfru(zfs_cmd_t *zc) 2170 { 2171 spa_t *spa; 2172 char *fru = zc->zc_value; 2173 uint64_t guid = zc->zc_guid; 2174 int error; 2175 2176 error = spa_open(zc->zc_name, &spa, FTAG); 2177 if (error != 0) 2178 return (error); 2179 2180 error = spa_vdev_setfru(spa, guid, fru); 2181 spa_close(spa, FTAG); 2182 return (error); 2183 } 2184 2185 static int 2186 zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os) 2187 { 2188 int error = 0; 2189 nvlist_t *nv; 2190 2191 dmu_objset_fast_stat(os, &zc->zc_objset_stats); 2192 2193 if (zc->zc_nvlist_dst != 0 && 2194 (error = dsl_prop_get_all(os, &nv)) == 0) { 2195 dmu_objset_stats(os, nv); 2196 /* 2197 * NB: zvol_get_stats() will read the objset contents, 2198 * which we aren't supposed to do with a 2199 * DS_MODE_USER hold, because it could be 2200 * inconsistent. So this is a bit of a workaround... 2201 * XXX reading with out owning 2202 */ 2203 if (!zc->zc_objset_stats.dds_inconsistent && 2204 dmu_objset_type(os) == DMU_OST_ZVOL) { 2205 error = zvol_get_stats(os, nv); 2206 if (error == EIO) 2207 return (error); 2208 VERIFY0(error); 2209 } 2210 error = put_nvlist(zc, nv); 2211 nvlist_free(nv); 2212 } 2213 2214 return (error); 2215 } 2216 2217 /* 2218 * inputs: 2219 * zc_name name of filesystem 2220 * zc_nvlist_dst_size size of buffer for property nvlist 2221 * 2222 * outputs: 2223 * zc_objset_stats stats 2224 * zc_nvlist_dst property nvlist 2225 * zc_nvlist_dst_size size of property nvlist 2226 */ 2227 static int 2228 zfs_ioc_objset_stats(zfs_cmd_t *zc) 2229 { 2230 objset_t *os; 2231 int error; 2232 2233 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 2234 if (error == 0) { 2235 error = zfs_ioc_objset_stats_impl(zc, os); 2236 dmu_objset_rele(os, FTAG); 2237 } 2238 2239 return (error); 2240 } 2241 2242 /* 2243 * inputs: 2244 * zc_name name of filesystem 2245 * zc_nvlist_dst_size size of buffer for property nvlist 2246 * 2247 * outputs: 2248 * zc_nvlist_dst received property nvlist 2249 * zc_nvlist_dst_size size of received property nvlist 2250 * 2251 * Gets received properties (distinct from local properties on or after 2252 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from 2253 * local property values. 2254 */ 2255 static int 2256 zfs_ioc_objset_recvd_props(zfs_cmd_t *zc) 2257 { 2258 int error = 0; 2259 nvlist_t *nv; 2260 2261 /* 2262 * Without this check, we would return local property values if the 2263 * caller has not already received properties on or after 2264 * SPA_VERSION_RECVD_PROPS. 2265 */ 2266 if (!dsl_prop_get_hasrecvd(zc->zc_name)) 2267 return (SET_ERROR(ENOTSUP)); 2268 2269 if (zc->zc_nvlist_dst != 0 && 2270 (error = dsl_prop_get_received(zc->zc_name, &nv)) == 0) { 2271 error = put_nvlist(zc, nv); 2272 nvlist_free(nv); 2273 } 2274 2275 return (error); 2276 } 2277 2278 static int 2279 nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop) 2280 { 2281 uint64_t value; 2282 int error; 2283 2284 /* 2285 * zfs_get_zplprop() will either find a value or give us 2286 * the default value (if there is one). 2287 */ 2288 if ((error = zfs_get_zplprop(os, prop, &value)) != 0) 2289 return (error); 2290 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0); 2291 return (0); 2292 } 2293 2294 /* 2295 * inputs: 2296 * zc_name name of filesystem 2297 * zc_nvlist_dst_size size of buffer for zpl property nvlist 2298 * 2299 * outputs: 2300 * zc_nvlist_dst zpl property nvlist 2301 * zc_nvlist_dst_size size of zpl property nvlist 2302 */ 2303 static int 2304 zfs_ioc_objset_zplprops(zfs_cmd_t *zc) 2305 { 2306 objset_t *os; 2307 int err; 2308 2309 /* XXX reading without owning */ 2310 if (err = dmu_objset_hold(zc->zc_name, FTAG, &os)) 2311 return (err); 2312 2313 dmu_objset_fast_stat(os, &zc->zc_objset_stats); 2314 2315 /* 2316 * NB: nvl_add_zplprop() will read the objset contents, 2317 * which we aren't supposed to do with a DS_MODE_USER 2318 * hold, because it could be inconsistent. 2319 */ 2320 if (zc->zc_nvlist_dst != 0 && 2321 !zc->zc_objset_stats.dds_inconsistent && 2322 dmu_objset_type(os) == DMU_OST_ZFS) { 2323 nvlist_t *nv; 2324 2325 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2326 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 && 2327 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 && 2328 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 && 2329 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0) 2330 err = put_nvlist(zc, nv); 2331 nvlist_free(nv); 2332 } else { 2333 err = SET_ERROR(ENOENT); 2334 } 2335 dmu_objset_rele(os, FTAG); 2336 return (err); 2337 } 2338 2339 static boolean_t 2340 dataset_name_hidden(const char *name) 2341 { 2342 /* 2343 * Skip over datasets that are not visible in this zone, 2344 * internal datasets (which have a $ in their name), and 2345 * temporary datasets (which have a % in their name). 2346 */ 2347 if (strchr(name, '$') != NULL) 2348 return (B_TRUE); 2349 if (strchr(name, '%') != NULL) 2350 return (B_TRUE); 2351 if (!INGLOBALZONE(curproc) && !zone_dataset_visible(name, NULL)) 2352 return (B_TRUE); 2353 return (B_FALSE); 2354 } 2355 2356 /* 2357 * inputs: 2358 * zc_name name of filesystem 2359 * zc_cookie zap cursor 2360 * zc_nvlist_dst_size size of buffer for property nvlist 2361 * 2362 * outputs: 2363 * zc_name name of next filesystem 2364 * zc_cookie zap cursor 2365 * zc_objset_stats stats 2366 * zc_nvlist_dst property nvlist 2367 * zc_nvlist_dst_size size of property nvlist 2368 */ 2369 static int 2370 zfs_ioc_dataset_list_next(zfs_cmd_t *zc) 2371 { 2372 objset_t *os; 2373 int error; 2374 char *p; 2375 size_t orig_len = strlen(zc->zc_name); 2376 2377 top: 2378 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os)) { 2379 if (error == ENOENT) 2380 error = SET_ERROR(ESRCH); 2381 return (error); 2382 } 2383 2384 p = strrchr(zc->zc_name, '/'); 2385 if (p == NULL || p[1] != '\0') 2386 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name)); 2387 p = zc->zc_name + strlen(zc->zc_name); 2388 2389 do { 2390 error = dmu_dir_list_next(os, 2391 sizeof (zc->zc_name) - (p - zc->zc_name), p, 2392 NULL, &zc->zc_cookie); 2393 if (error == ENOENT) 2394 error = SET_ERROR(ESRCH); 2395 } while (error == 0 && dataset_name_hidden(zc->zc_name)); 2396 dmu_objset_rele(os, FTAG); 2397 2398 /* 2399 * If it's an internal dataset (ie. with a '$' in its name), 2400 * don't try to get stats for it, otherwise we'll return ENOENT. 2401 */ 2402 if (error == 0 && strchr(zc->zc_name, '$') == NULL) { 2403 error = zfs_ioc_objset_stats(zc); /* fill in the stats */ 2404 if (error == ENOENT) { 2405 /* We lost a race with destroy, get the next one. */ 2406 zc->zc_name[orig_len] = '\0'; 2407 goto top; 2408 } 2409 } 2410 return (error); 2411 } 2412 2413 /* 2414 * inputs: 2415 * zc_name name of filesystem 2416 * zc_cookie zap cursor 2417 * zc_nvlist_dst_size size of buffer for property nvlist 2418 * zc_simple when set, only name is requested 2419 * 2420 * outputs: 2421 * zc_name name of next snapshot 2422 * zc_objset_stats stats 2423 * zc_nvlist_dst property nvlist 2424 * zc_nvlist_dst_size size of property nvlist 2425 */ 2426 static int 2427 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc) 2428 { 2429 objset_t *os; 2430 int error; 2431 2432 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 2433 if (error != 0) { 2434 return (error == ENOENT ? ESRCH : error); 2435 } 2436 2437 /* 2438 * A dataset name of maximum length cannot have any snapshots, 2439 * so exit immediately. 2440 */ 2441 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >= 2442 ZFS_MAX_DATASET_NAME_LEN) { 2443 dmu_objset_rele(os, FTAG); 2444 return (SET_ERROR(ESRCH)); 2445 } 2446 2447 error = dmu_snapshot_list_next(os, 2448 sizeof (zc->zc_name) - strlen(zc->zc_name), 2449 zc->zc_name + strlen(zc->zc_name), &zc->zc_obj, &zc->zc_cookie, 2450 NULL); 2451 2452 if (error == 0 && !zc->zc_simple) { 2453 dsl_dataset_t *ds; 2454 dsl_pool_t *dp = os->os_dsl_dataset->ds_dir->dd_pool; 2455 2456 error = dsl_dataset_hold_obj(dp, zc->zc_obj, FTAG, &ds); 2457 if (error == 0) { 2458 objset_t *ossnap; 2459 2460 error = dmu_objset_from_ds(ds, &ossnap); 2461 if (error == 0) 2462 error = zfs_ioc_objset_stats_impl(zc, ossnap); 2463 dsl_dataset_rele(ds, FTAG); 2464 } 2465 } else if (error == ENOENT) { 2466 error = SET_ERROR(ESRCH); 2467 } 2468 2469 dmu_objset_rele(os, FTAG); 2470 /* if we failed, undo the @ that we tacked on to zc_name */ 2471 if (error != 0) 2472 *strchr(zc->zc_name, '@') = '\0'; 2473 return (error); 2474 } 2475 2476 static int 2477 zfs_prop_set_userquota(const char *dsname, nvpair_t *pair) 2478 { 2479 const char *propname = nvpair_name(pair); 2480 uint64_t *valary; 2481 unsigned int vallen; 2482 const char *domain; 2483 char *dash; 2484 zfs_userquota_prop_t type; 2485 uint64_t rid; 2486 uint64_t quota; 2487 zfsvfs_t *zfsvfs; 2488 int err; 2489 2490 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2491 nvlist_t *attrs; 2492 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 2493 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2494 &pair) != 0) 2495 return (SET_ERROR(EINVAL)); 2496 } 2497 2498 /* 2499 * A correctly constructed propname is encoded as 2500 * userquota@<rid>-<domain>. 2501 */ 2502 if ((dash = strchr(propname, '-')) == NULL || 2503 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 || 2504 vallen != 3) 2505 return (SET_ERROR(EINVAL)); 2506 2507 domain = dash + 1; 2508 type = valary[0]; 2509 rid = valary[1]; 2510 quota = valary[2]; 2511 2512 err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE); 2513 if (err == 0) { 2514 err = zfs_set_userquota(zfsvfs, type, domain, rid, quota); 2515 zfsvfs_rele(zfsvfs, FTAG); 2516 } 2517 2518 return (err); 2519 } 2520 2521 /* 2522 * If the named property is one that has a special function to set its value, 2523 * return 0 on success and a positive error code on failure; otherwise if it is 2524 * not one of the special properties handled by this function, return -1. 2525 * 2526 * XXX: It would be better for callers of the property interface if we handled 2527 * these special cases in dsl_prop.c (in the dsl layer). 2528 */ 2529 static int 2530 zfs_prop_set_special(const char *dsname, zprop_source_t source, 2531 nvpair_t *pair) 2532 { 2533 const char *propname = nvpair_name(pair); 2534 zfs_prop_t prop = zfs_name_to_prop(propname); 2535 uint64_t intval = 0; 2536 char *strval = NULL; 2537 int err = -1; 2538 2539 if (prop == ZPROP_INVAL) { 2540 if (zfs_prop_userquota(propname)) 2541 return (zfs_prop_set_userquota(dsname, pair)); 2542 return (-1); 2543 } 2544 2545 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2546 nvlist_t *attrs; 2547 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 2548 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2549 &pair) == 0); 2550 } 2551 2552 /* all special properties are numeric except for keylocation */ 2553 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING) { 2554 strval = fnvpair_value_string(pair); 2555 } else { 2556 intval = fnvpair_value_uint64(pair); 2557 } 2558 2559 switch (prop) { 2560 case ZFS_PROP_QUOTA: 2561 err = dsl_dir_set_quota(dsname, source, intval); 2562 break; 2563 case ZFS_PROP_REFQUOTA: 2564 err = dsl_dataset_set_refquota(dsname, source, intval); 2565 break; 2566 case ZFS_PROP_FILESYSTEM_LIMIT: 2567 case ZFS_PROP_SNAPSHOT_LIMIT: 2568 if (intval == UINT64_MAX) { 2569 /* clearing the limit, just do it */ 2570 err = 0; 2571 } else { 2572 err = dsl_dir_activate_fs_ss_limit(dsname); 2573 } 2574 /* 2575 * Set err to -1 to force the zfs_set_prop_nvlist code down the 2576 * default path to set the value in the nvlist. 2577 */ 2578 if (err == 0) 2579 err = -1; 2580 break; 2581 case ZFS_PROP_KEYLOCATION: 2582 err = dsl_crypto_can_set_keylocation(dsname, strval); 2583 2584 /* 2585 * Set err to -1 to force the zfs_set_prop_nvlist code down the 2586 * default path to set the value in the nvlist. 2587 */ 2588 if (err == 0) 2589 err = -1; 2590 break; 2591 case ZFS_PROP_RESERVATION: 2592 err = dsl_dir_set_reservation(dsname, source, intval); 2593 break; 2594 case ZFS_PROP_REFRESERVATION: 2595 err = dsl_dataset_set_refreservation(dsname, source, intval); 2596 break; 2597 case ZFS_PROP_VOLSIZE: 2598 err = zvol_set_volsize(dsname, intval); 2599 break; 2600 case ZFS_PROP_VERSION: 2601 { 2602 zfsvfs_t *zfsvfs; 2603 2604 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0) 2605 break; 2606 2607 err = zfs_set_version(zfsvfs, intval); 2608 zfsvfs_rele(zfsvfs, FTAG); 2609 2610 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) { 2611 zfs_cmd_t *zc; 2612 2613 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP); 2614 (void) strcpy(zc->zc_name, dsname); 2615 (void) zfs_ioc_userspace_upgrade(zc); 2616 (void) zfs_ioc_id_quota_upgrade(zc); 2617 kmem_free(zc, sizeof (zfs_cmd_t)); 2618 } 2619 break; 2620 } 2621 default: 2622 err = -1; 2623 } 2624 2625 return (err); 2626 } 2627 2628 /* 2629 * This function is best effort. If it fails to set any of the given properties, 2630 * it continues to set as many as it can and returns the last error 2631 * encountered. If the caller provides a non-NULL errlist, it will be filled in 2632 * with the list of names of all the properties that failed along with the 2633 * corresponding error numbers. 2634 * 2635 * If every property is set successfully, zero is returned and errlist is not 2636 * modified. 2637 */ 2638 int 2639 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl, 2640 nvlist_t *errlist) 2641 { 2642 nvpair_t *pair; 2643 nvpair_t *propval; 2644 int rv = 0; 2645 uint64_t intval; 2646 char *strval; 2647 nvlist_t *genericnvl = fnvlist_alloc(); 2648 nvlist_t *retrynvl = fnvlist_alloc(); 2649 2650 retry: 2651 pair = NULL; 2652 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) { 2653 const char *propname = nvpair_name(pair); 2654 zfs_prop_t prop = zfs_name_to_prop(propname); 2655 int err = 0; 2656 2657 /* decode the property value */ 2658 propval = pair; 2659 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2660 nvlist_t *attrs; 2661 attrs = fnvpair_value_nvlist(pair); 2662 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2663 &propval) != 0) 2664 err = SET_ERROR(EINVAL); 2665 } 2666 2667 /* Validate value type */ 2668 if (err == 0 && source == ZPROP_SRC_INHERITED) { 2669 /* inherited properties are expected to be booleans */ 2670 if (nvpair_type(propval) != DATA_TYPE_BOOLEAN) 2671 err = SET_ERROR(EINVAL); 2672 } else if (err == 0 && prop == ZPROP_INVAL) { 2673 if (zfs_prop_user(propname)) { 2674 if (nvpair_type(propval) != DATA_TYPE_STRING) 2675 err = SET_ERROR(EINVAL); 2676 } else if (zfs_prop_userquota(propname)) { 2677 if (nvpair_type(propval) != 2678 DATA_TYPE_UINT64_ARRAY) 2679 err = SET_ERROR(EINVAL); 2680 } else { 2681 err = SET_ERROR(EINVAL); 2682 } 2683 } else if (err == 0) { 2684 if (nvpair_type(propval) == DATA_TYPE_STRING) { 2685 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING) 2686 err = SET_ERROR(EINVAL); 2687 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) { 2688 const char *unused; 2689 2690 intval = fnvpair_value_uint64(propval); 2691 2692 switch (zfs_prop_get_type(prop)) { 2693 case PROP_TYPE_NUMBER: 2694 break; 2695 case PROP_TYPE_STRING: 2696 err = SET_ERROR(EINVAL); 2697 break; 2698 case PROP_TYPE_INDEX: 2699 if (zfs_prop_index_to_string(prop, 2700 intval, &unused) != 0) 2701 err = SET_ERROR(EINVAL); 2702 break; 2703 default: 2704 cmn_err(CE_PANIC, 2705 "unknown property type"); 2706 } 2707 } else { 2708 err = SET_ERROR(EINVAL); 2709 } 2710 } 2711 2712 /* Validate permissions */ 2713 if (err == 0) 2714 err = zfs_check_settable(dsname, pair, CRED()); 2715 2716 if (err == 0) { 2717 if (source == ZPROP_SRC_INHERITED) 2718 err = -1; /* does not need special handling */ 2719 else 2720 err = zfs_prop_set_special(dsname, source, 2721 pair); 2722 if (err == -1) { 2723 /* 2724 * For better performance we build up a list of 2725 * properties to set in a single transaction. 2726 */ 2727 err = nvlist_add_nvpair(genericnvl, pair); 2728 } else if (err != 0 && nvl != retrynvl) { 2729 /* 2730 * This may be a spurious error caused by 2731 * receiving quota and reservation out of order. 2732 * Try again in a second pass. 2733 */ 2734 err = nvlist_add_nvpair(retrynvl, pair); 2735 } 2736 } 2737 2738 if (err != 0) { 2739 if (errlist != NULL) 2740 fnvlist_add_int32(errlist, propname, err); 2741 rv = err; 2742 } 2743 } 2744 2745 if (nvl != retrynvl && !nvlist_empty(retrynvl)) { 2746 nvl = retrynvl; 2747 goto retry; 2748 } 2749 2750 if (!nvlist_empty(genericnvl) && 2751 dsl_props_set(dsname, source, genericnvl) != 0) { 2752 /* 2753 * If this fails, we still want to set as many properties as we 2754 * can, so try setting them individually. 2755 */ 2756 pair = NULL; 2757 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) { 2758 const char *propname = nvpair_name(pair); 2759 int err = 0; 2760 2761 propval = pair; 2762 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2763 nvlist_t *attrs; 2764 attrs = fnvpair_value_nvlist(pair); 2765 propval = fnvlist_lookup_nvpair(attrs, 2766 ZPROP_VALUE); 2767 } 2768 2769 if (nvpair_type(propval) == DATA_TYPE_STRING) { 2770 strval = fnvpair_value_string(propval); 2771 err = dsl_prop_set_string(dsname, propname, 2772 source, strval); 2773 } else if (nvpair_type(propval) == DATA_TYPE_BOOLEAN) { 2774 err = dsl_prop_inherit(dsname, propname, 2775 source); 2776 } else { 2777 intval = fnvpair_value_uint64(propval); 2778 err = dsl_prop_set_int(dsname, propname, source, 2779 intval); 2780 } 2781 2782 if (err != 0) { 2783 if (errlist != NULL) { 2784 fnvlist_add_int32(errlist, propname, 2785 err); 2786 } 2787 rv = err; 2788 } 2789 } 2790 } 2791 nvlist_free(genericnvl); 2792 nvlist_free(retrynvl); 2793 2794 return (rv); 2795 } 2796 2797 /* 2798 * Check that all the properties are valid user properties. 2799 */ 2800 static int 2801 zfs_check_userprops(const char *fsname, nvlist_t *nvl) 2802 { 2803 nvpair_t *pair = NULL; 2804 int error = 0; 2805 2806 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) { 2807 const char *propname = nvpair_name(pair); 2808 2809 if (!zfs_prop_user(propname) || 2810 nvpair_type(pair) != DATA_TYPE_STRING) 2811 return (SET_ERROR(EINVAL)); 2812 2813 if (error = zfs_secpolicy_write_perms(fsname, 2814 ZFS_DELEG_PERM_USERPROP, CRED())) 2815 return (error); 2816 2817 if (strlen(propname) >= ZAP_MAXNAMELEN) 2818 return (SET_ERROR(ENAMETOOLONG)); 2819 2820 if (strlen(fnvpair_value_string(pair)) >= ZAP_MAXVALUELEN) 2821 return (E2BIG); 2822 } 2823 return (0); 2824 } 2825 2826 static void 2827 props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops) 2828 { 2829 nvpair_t *pair; 2830 2831 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2832 2833 pair = NULL; 2834 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) { 2835 if (nvlist_exists(skipped, nvpair_name(pair))) 2836 continue; 2837 2838 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0); 2839 } 2840 } 2841 2842 static int 2843 clear_received_props(const char *dsname, nvlist_t *props, 2844 nvlist_t *skipped) 2845 { 2846 int err = 0; 2847 nvlist_t *cleared_props = NULL; 2848 props_skip(props, skipped, &cleared_props); 2849 if (!nvlist_empty(cleared_props)) { 2850 /* 2851 * Acts on local properties until the dataset has received 2852 * properties at least once on or after SPA_VERSION_RECVD_PROPS. 2853 */ 2854 zprop_source_t flags = (ZPROP_SRC_NONE | 2855 (dsl_prop_get_hasrecvd(dsname) ? ZPROP_SRC_RECEIVED : 0)); 2856 err = zfs_set_prop_nvlist(dsname, flags, cleared_props, NULL); 2857 } 2858 nvlist_free(cleared_props); 2859 return (err); 2860 } 2861 2862 /* 2863 * inputs: 2864 * zc_name name of filesystem 2865 * zc_value name of property to set 2866 * zc_nvlist_src{_size} nvlist of properties to apply 2867 * zc_cookie received properties flag 2868 * 2869 * outputs: 2870 * zc_nvlist_dst{_size} error for each unapplied received property 2871 */ 2872 static int 2873 zfs_ioc_set_prop(zfs_cmd_t *zc) 2874 { 2875 nvlist_t *nvl; 2876 boolean_t received = zc->zc_cookie; 2877 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED : 2878 ZPROP_SRC_LOCAL); 2879 nvlist_t *errors; 2880 int error; 2881 2882 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2883 zc->zc_iflags, &nvl)) != 0) 2884 return (error); 2885 2886 if (received) { 2887 nvlist_t *origprops; 2888 2889 if (dsl_prop_get_received(zc->zc_name, &origprops) == 0) { 2890 (void) clear_received_props(zc->zc_name, 2891 origprops, nvl); 2892 nvlist_free(origprops); 2893 } 2894 2895 error = dsl_prop_set_hasrecvd(zc->zc_name); 2896 } 2897 2898 errors = fnvlist_alloc(); 2899 if (error == 0) 2900 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, errors); 2901 2902 if (zc->zc_nvlist_dst != 0 && errors != NULL) { 2903 (void) put_nvlist(zc, errors); 2904 } 2905 2906 nvlist_free(errors); 2907 nvlist_free(nvl); 2908 return (error); 2909 } 2910 2911 /* 2912 * inputs: 2913 * zc_name name of filesystem 2914 * zc_value name of property to inherit 2915 * zc_cookie revert to received value if TRUE 2916 * 2917 * outputs: none 2918 */ 2919 static int 2920 zfs_ioc_inherit_prop(zfs_cmd_t *zc) 2921 { 2922 const char *propname = zc->zc_value; 2923 zfs_prop_t prop = zfs_name_to_prop(propname); 2924 boolean_t received = zc->zc_cookie; 2925 zprop_source_t source = (received 2926 ? ZPROP_SRC_NONE /* revert to received value, if any */ 2927 : ZPROP_SRC_INHERITED); /* explicitly inherit */ 2928 2929 if (received) { 2930 nvlist_t *dummy; 2931 nvpair_t *pair; 2932 zprop_type_t type; 2933 int err; 2934 2935 /* 2936 * zfs_prop_set_special() expects properties in the form of an 2937 * nvpair with type info. 2938 */ 2939 if (prop == ZPROP_INVAL) { 2940 if (!zfs_prop_user(propname)) 2941 return (SET_ERROR(EINVAL)); 2942 2943 type = PROP_TYPE_STRING; 2944 } else if (prop == ZFS_PROP_VOLSIZE || 2945 prop == ZFS_PROP_VERSION) { 2946 return (SET_ERROR(EINVAL)); 2947 } else { 2948 type = zfs_prop_get_type(prop); 2949 } 2950 2951 VERIFY(nvlist_alloc(&dummy, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2952 2953 switch (type) { 2954 case PROP_TYPE_STRING: 2955 VERIFY(0 == nvlist_add_string(dummy, propname, "")); 2956 break; 2957 case PROP_TYPE_NUMBER: 2958 case PROP_TYPE_INDEX: 2959 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0)); 2960 break; 2961 default: 2962 nvlist_free(dummy); 2963 return (SET_ERROR(EINVAL)); 2964 } 2965 2966 pair = nvlist_next_nvpair(dummy, NULL); 2967 err = zfs_prop_set_special(zc->zc_name, source, pair); 2968 nvlist_free(dummy); 2969 if (err != -1) 2970 return (err); /* special property already handled */ 2971 } else { 2972 /* 2973 * Only check this in the non-received case. We want to allow 2974 * 'inherit -S' to revert non-inheritable properties like quota 2975 * and reservation to the received or default values even though 2976 * they are not considered inheritable. 2977 */ 2978 if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop)) 2979 return (SET_ERROR(EINVAL)); 2980 } 2981 2982 /* property name has been validated by zfs_secpolicy_inherit_prop() */ 2983 return (dsl_prop_inherit(zc->zc_name, zc->zc_value, source)); 2984 } 2985 2986 static int 2987 zfs_ioc_pool_set_props(zfs_cmd_t *zc) 2988 { 2989 nvlist_t *props; 2990 spa_t *spa; 2991 int error; 2992 nvpair_t *pair; 2993 2994 if (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2995 zc->zc_iflags, &props)) 2996 return (error); 2997 2998 /* 2999 * If the only property is the configfile, then just do a spa_lookup() 3000 * to handle the faulted case. 3001 */ 3002 pair = nvlist_next_nvpair(props, NULL); 3003 if (pair != NULL && strcmp(nvpair_name(pair), 3004 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 && 3005 nvlist_next_nvpair(props, pair) == NULL) { 3006 mutex_enter(&spa_namespace_lock); 3007 if ((spa = spa_lookup(zc->zc_name)) != NULL) { 3008 spa_configfile_set(spa, props, B_FALSE); 3009 spa_write_cachefile(spa, B_FALSE, B_TRUE); 3010 } 3011 mutex_exit(&spa_namespace_lock); 3012 if (spa != NULL) { 3013 nvlist_free(props); 3014 return (0); 3015 } 3016 } 3017 3018 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) { 3019 nvlist_free(props); 3020 return (error); 3021 } 3022 3023 error = spa_prop_set(spa, props); 3024 3025 nvlist_free(props); 3026 spa_close(spa, FTAG); 3027 3028 return (error); 3029 } 3030 3031 static int 3032 zfs_ioc_pool_get_props(zfs_cmd_t *zc) 3033 { 3034 spa_t *spa; 3035 int error; 3036 nvlist_t *nvp = NULL; 3037 3038 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) { 3039 /* 3040 * If the pool is faulted, there may be properties we can still 3041 * get (such as altroot and cachefile), so attempt to get them 3042 * anyway. 3043 */ 3044 mutex_enter(&spa_namespace_lock); 3045 if ((spa = spa_lookup(zc->zc_name)) != NULL) 3046 error = spa_prop_get(spa, &nvp); 3047 mutex_exit(&spa_namespace_lock); 3048 } else { 3049 error = spa_prop_get(spa, &nvp); 3050 spa_close(spa, FTAG); 3051 } 3052 3053 if (error == 0 && zc->zc_nvlist_dst != 0) 3054 error = put_nvlist(zc, nvp); 3055 else 3056 error = SET_ERROR(EFAULT); 3057 3058 nvlist_free(nvp); 3059 return (error); 3060 } 3061 3062 /* 3063 * inputs: 3064 * zc_name name of filesystem 3065 * zc_nvlist_src{_size} nvlist of delegated permissions 3066 * zc_perm_action allow/unallow flag 3067 * 3068 * outputs: none 3069 */ 3070 static int 3071 zfs_ioc_set_fsacl(zfs_cmd_t *zc) 3072 { 3073 int error; 3074 nvlist_t *fsaclnv = NULL; 3075 3076 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 3077 zc->zc_iflags, &fsaclnv)) != 0) 3078 return (error); 3079 3080 /* 3081 * Verify nvlist is constructed correctly 3082 */ 3083 if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) { 3084 nvlist_free(fsaclnv); 3085 return (SET_ERROR(EINVAL)); 3086 } 3087 3088 /* 3089 * If we don't have PRIV_SYS_MOUNT, then validate 3090 * that user is allowed to hand out each permission in 3091 * the nvlist(s) 3092 */ 3093 3094 error = secpolicy_zfs(CRED()); 3095 if (error != 0) { 3096 if (zc->zc_perm_action == B_FALSE) { 3097 error = dsl_deleg_can_allow(zc->zc_name, 3098 fsaclnv, CRED()); 3099 } else { 3100 error = dsl_deleg_can_unallow(zc->zc_name, 3101 fsaclnv, CRED()); 3102 } 3103 } 3104 3105 if (error == 0) 3106 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action); 3107 3108 nvlist_free(fsaclnv); 3109 return (error); 3110 } 3111 3112 /* 3113 * inputs: 3114 * zc_name name of filesystem 3115 * 3116 * outputs: 3117 * zc_nvlist_src{_size} nvlist of delegated permissions 3118 */ 3119 static int 3120 zfs_ioc_get_fsacl(zfs_cmd_t *zc) 3121 { 3122 nvlist_t *nvp; 3123 int error; 3124 3125 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) { 3126 error = put_nvlist(zc, nvp); 3127 nvlist_free(nvp); 3128 } 3129 3130 return (error); 3131 } 3132 3133 /* ARGSUSED */ 3134 static void 3135 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx) 3136 { 3137 zfs_creat_t *zct = arg; 3138 3139 zfs_create_fs(os, cr, zct->zct_zplprops, tx); 3140 } 3141 3142 #define ZFS_PROP_UNDEFINED ((uint64_t)-1) 3143 3144 /* 3145 * inputs: 3146 * os parent objset pointer (NULL if root fs) 3147 * fuids_ok fuids allowed in this version of the spa? 3148 * sa_ok SAs allowed in this version of the spa? 3149 * createprops list of properties requested by creator 3150 * 3151 * outputs: 3152 * zplprops values for the zplprops we attach to the master node object 3153 * is_ci true if requested file system will be purely case-insensitive 3154 * 3155 * Determine the settings for utf8only, normalization and 3156 * casesensitivity. Specific values may have been requested by the 3157 * creator and/or we can inherit values from the parent dataset. If 3158 * the file system is of too early a vintage, a creator can not 3159 * request settings for these properties, even if the requested 3160 * setting is the default value. We don't actually want to create dsl 3161 * properties for these, so remove them from the source nvlist after 3162 * processing. 3163 */ 3164 static int 3165 zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver, 3166 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops, 3167 nvlist_t *zplprops, boolean_t *is_ci) 3168 { 3169 uint64_t sense = ZFS_PROP_UNDEFINED; 3170 uint64_t norm = ZFS_PROP_UNDEFINED; 3171 uint64_t u8 = ZFS_PROP_UNDEFINED; 3172 3173 ASSERT(zplprops != NULL); 3174 3175 if (os != NULL && os->os_phys->os_type != DMU_OST_ZFS) 3176 return (SET_ERROR(EINVAL)); 3177 3178 /* 3179 * Pull out creator prop choices, if any. 3180 */ 3181 if (createprops) { 3182 (void) nvlist_lookup_uint64(createprops, 3183 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver); 3184 (void) nvlist_lookup_uint64(createprops, 3185 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm); 3186 (void) nvlist_remove_all(createprops, 3187 zfs_prop_to_name(ZFS_PROP_NORMALIZE)); 3188 (void) nvlist_lookup_uint64(createprops, 3189 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8); 3190 (void) nvlist_remove_all(createprops, 3191 zfs_prop_to_name(ZFS_PROP_UTF8ONLY)); 3192 (void) nvlist_lookup_uint64(createprops, 3193 zfs_prop_to_name(ZFS_PROP_CASE), &sense); 3194 (void) nvlist_remove_all(createprops, 3195 zfs_prop_to_name(ZFS_PROP_CASE)); 3196 } 3197 3198 /* 3199 * If the zpl version requested is whacky or the file system 3200 * or pool is version is too "young" to support normalization 3201 * and the creator tried to set a value for one of the props, 3202 * error out. 3203 */ 3204 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) || 3205 (zplver >= ZPL_VERSION_FUID && !fuids_ok) || 3206 (zplver >= ZPL_VERSION_SA && !sa_ok) || 3207 (zplver < ZPL_VERSION_NORMALIZATION && 3208 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED || 3209 sense != ZFS_PROP_UNDEFINED))) 3210 return (SET_ERROR(ENOTSUP)); 3211 3212 /* 3213 * Put the version in the zplprops 3214 */ 3215 VERIFY(nvlist_add_uint64(zplprops, 3216 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0); 3217 3218 if (norm == ZFS_PROP_UNDEFINED) 3219 VERIFY(zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm) == 0); 3220 VERIFY(nvlist_add_uint64(zplprops, 3221 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0); 3222 3223 /* 3224 * If we're normalizing, names must always be valid UTF-8 strings. 3225 */ 3226 if (norm) 3227 u8 = 1; 3228 if (u8 == ZFS_PROP_UNDEFINED) 3229 VERIFY(zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8) == 0); 3230 VERIFY(nvlist_add_uint64(zplprops, 3231 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0); 3232 3233 if (sense == ZFS_PROP_UNDEFINED) 3234 VERIFY(zfs_get_zplprop(os, ZFS_PROP_CASE, &sense) == 0); 3235 VERIFY(nvlist_add_uint64(zplprops, 3236 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0); 3237 3238 if (is_ci) 3239 *is_ci = (sense == ZFS_CASE_INSENSITIVE); 3240 3241 return (0); 3242 } 3243 3244 static int 3245 zfs_fill_zplprops(const char *dataset, nvlist_t *createprops, 3246 nvlist_t *zplprops, boolean_t *is_ci) 3247 { 3248 boolean_t fuids_ok, sa_ok; 3249 uint64_t zplver = ZPL_VERSION; 3250 objset_t *os = NULL; 3251 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 3252 char *cp; 3253 spa_t *spa; 3254 uint64_t spa_vers; 3255 int error; 3256 3257 (void) strlcpy(parentname, dataset, sizeof (parentname)); 3258 cp = strrchr(parentname, '/'); 3259 ASSERT(cp != NULL); 3260 cp[0] = '\0'; 3261 3262 if ((error = spa_open(dataset, &spa, FTAG)) != 0) 3263 return (error); 3264 3265 spa_vers = spa_version(spa); 3266 spa_close(spa, FTAG); 3267 3268 zplver = zfs_zpl_version_map(spa_vers); 3269 fuids_ok = (zplver >= ZPL_VERSION_FUID); 3270 sa_ok = (zplver >= ZPL_VERSION_SA); 3271 3272 /* 3273 * Open parent object set so we can inherit zplprop values. 3274 */ 3275 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0) 3276 return (error); 3277 3278 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops, 3279 zplprops, is_ci); 3280 dmu_objset_rele(os, FTAG); 3281 return (error); 3282 } 3283 3284 static int 3285 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops, 3286 nvlist_t *zplprops, boolean_t *is_ci) 3287 { 3288 boolean_t fuids_ok; 3289 boolean_t sa_ok; 3290 uint64_t zplver = ZPL_VERSION; 3291 int error; 3292 3293 zplver = zfs_zpl_version_map(spa_vers); 3294 fuids_ok = (zplver >= ZPL_VERSION_FUID); 3295 sa_ok = (zplver >= ZPL_VERSION_SA); 3296 3297 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok, 3298 createprops, zplprops, is_ci); 3299 return (error); 3300 } 3301 3302 /* 3303 * innvl: { 3304 * "type" -> dmu_objset_type_t (int32) 3305 * (optional) "props" -> { prop -> value } 3306 * (optional) "hidden_args" -> { "wkeydata" -> value } 3307 * raw uint8_t array of encryption wrapping key data (32 bytes) 3308 * } 3309 * 3310 * outnvl: propname -> error code (int32) 3311 */ 3312 3313 static const zfs_ioc_key_t zfs_keys_create[] = { 3314 {"type", DATA_TYPE_INT32, 0}, 3315 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 3316 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 3317 }; 3318 3319 static int 3320 zfs_ioc_create(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3321 { 3322 int error = 0; 3323 zfs_creat_t zct = { 0 }; 3324 nvlist_t *nvprops = NULL; 3325 nvlist_t *hidden_args = NULL; 3326 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx); 3327 dmu_objset_type_t type; 3328 boolean_t is_insensitive = B_FALSE; 3329 dsl_crypto_params_t *dcp = NULL; 3330 3331 type = (dmu_objset_type_t)fnvlist_lookup_int32(innvl, "type"); 3332 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops); 3333 (void) nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args); 3334 3335 switch (type) { 3336 case DMU_OST_ZFS: 3337 cbfunc = zfs_create_cb; 3338 break; 3339 3340 case DMU_OST_ZVOL: 3341 cbfunc = zvol_create_cb; 3342 break; 3343 3344 default: 3345 cbfunc = NULL; 3346 break; 3347 } 3348 if (strchr(fsname, '@') || 3349 strchr(fsname, '%')) 3350 return (SET_ERROR(EINVAL)); 3351 3352 zct.zct_props = nvprops; 3353 3354 if (cbfunc == NULL) 3355 return (SET_ERROR(EINVAL)); 3356 3357 if (type == DMU_OST_ZVOL) { 3358 uint64_t volsize, volblocksize; 3359 3360 if (nvprops == NULL) 3361 return (SET_ERROR(EINVAL)); 3362 if (nvlist_lookup_uint64(nvprops, 3363 zfs_prop_to_name(ZFS_PROP_VOLSIZE), &volsize) != 0) 3364 return (SET_ERROR(EINVAL)); 3365 3366 if ((error = nvlist_lookup_uint64(nvprops, 3367 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE), 3368 &volblocksize)) != 0 && error != ENOENT) 3369 return (SET_ERROR(EINVAL)); 3370 3371 if (error != 0) 3372 volblocksize = zfs_prop_default_numeric( 3373 ZFS_PROP_VOLBLOCKSIZE); 3374 3375 if ((error = zvol_check_volblocksize( 3376 volblocksize)) != 0 || 3377 (error = zvol_check_volsize(volsize, 3378 volblocksize)) != 0) 3379 return (error); 3380 } else if (type == DMU_OST_ZFS) { 3381 int error; 3382 3383 /* 3384 * We have to have normalization and 3385 * case-folding flags correct when we do the 3386 * file system creation, so go figure them out 3387 * now. 3388 */ 3389 VERIFY(nvlist_alloc(&zct.zct_zplprops, 3390 NV_UNIQUE_NAME, KM_SLEEP) == 0); 3391 error = zfs_fill_zplprops(fsname, nvprops, 3392 zct.zct_zplprops, &is_insensitive); 3393 if (error != 0) { 3394 nvlist_free(zct.zct_zplprops); 3395 return (error); 3396 } 3397 } 3398 3399 error = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, nvprops, 3400 hidden_args, &dcp); 3401 if (error != 0) { 3402 nvlist_free(zct.zct_zplprops); 3403 return (error); 3404 } 3405 3406 error = dmu_objset_create(fsname, type, 3407 is_insensitive ? DS_FLAG_CI_DATASET : 0, dcp, cbfunc, &zct); 3408 3409 nvlist_free(zct.zct_zplprops); 3410 dsl_crypto_params_free(dcp, !!error); 3411 3412 /* 3413 * It would be nice to do this atomically. 3414 */ 3415 if (error == 0) { 3416 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL, 3417 nvprops, outnvl); 3418 if (error != 0) 3419 (void) dsl_destroy_head(fsname); 3420 } 3421 return (error); 3422 } 3423 3424 /* 3425 * innvl: { 3426 * "origin" -> name of origin snapshot 3427 * (optional) "props" -> { prop -> value } 3428 * (optional) "hidden_args" -> { "wkeydata" -> value } 3429 * raw uint8_t array of encryption wrapping key data (32 bytes) 3430 * } 3431 * 3432 * outnvl: propname -> error code (int32) 3433 */ 3434 static const zfs_ioc_key_t zfs_keys_clone[] = { 3435 {"origin", DATA_TYPE_STRING, 0}, 3436 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 3437 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 3438 }; 3439 3440 static int 3441 zfs_ioc_clone(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3442 { 3443 int error = 0; 3444 nvlist_t *nvprops = NULL; 3445 char *origin_name; 3446 3447 if (nvlist_lookup_string(innvl, "origin", &origin_name) != 0) 3448 return (SET_ERROR(EINVAL)); 3449 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops); 3450 3451 if (strchr(fsname, '@') || 3452 strchr(fsname, '%')) 3453 return (SET_ERROR(EINVAL)); 3454 3455 if (dataset_namecheck(origin_name, NULL, NULL) != 0) 3456 return (SET_ERROR(EINVAL)); 3457 3458 error = dmu_objset_clone(fsname, origin_name); 3459 3460 /* 3461 * It would be nice to do this atomically. 3462 */ 3463 if (error == 0) { 3464 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL, 3465 nvprops, outnvl); 3466 if (error != 0) 3467 (void) dsl_destroy_head(fsname); 3468 } 3469 return (error); 3470 } 3471 3472 static const zfs_ioc_key_t zfs_keys_remap[] = { 3473 /* no nvl keys */ 3474 }; 3475 3476 /* ARGSUSED */ 3477 static int 3478 zfs_ioc_remap(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3479 { 3480 if (strchr(fsname, '@') || 3481 strchr(fsname, '%')) 3482 return (SET_ERROR(EINVAL)); 3483 3484 return (dmu_objset_remap_indirects(fsname)); 3485 } 3486 3487 /* 3488 * innvl: { 3489 * "snaps" -> { snapshot1, snapshot2 } 3490 * (optional) "props" -> { prop -> value (string) } 3491 * } 3492 * 3493 * outnvl: snapshot -> error code (int32) 3494 */ 3495 static const zfs_ioc_key_t zfs_keys_snapshot[] = { 3496 {"snaps", DATA_TYPE_NVLIST, 0}, 3497 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 3498 }; 3499 3500 static int 3501 zfs_ioc_snapshot(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3502 { 3503 nvlist_t *snaps; 3504 nvlist_t *props = NULL; 3505 int error, poollen; 3506 nvpair_t *pair; 3507 3508 (void) nvlist_lookup_nvlist(innvl, "props", &props); 3509 if ((error = zfs_check_userprops(poolname, props)) != 0) 3510 return (error); 3511 3512 if (!nvlist_empty(props) && 3513 zfs_earlier_version(poolname, SPA_VERSION_SNAP_PROPS)) 3514 return (SET_ERROR(ENOTSUP)); 3515 3516 snaps = fnvlist_lookup_nvlist(innvl, "snaps"); 3517 poollen = strlen(poolname); 3518 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 3519 pair = nvlist_next_nvpair(snaps, pair)) { 3520 const char *name = nvpair_name(pair); 3521 const char *cp = strchr(name, '@'); 3522 3523 /* 3524 * The snap name must contain an @, and the part after it must 3525 * contain only valid characters. 3526 */ 3527 if (cp == NULL || 3528 zfs_component_namecheck(cp + 1, NULL, NULL) != 0) 3529 return (SET_ERROR(EINVAL)); 3530 3531 /* 3532 * The snap must be in the specified pool. 3533 */ 3534 if (strncmp(name, poolname, poollen) != 0 || 3535 (name[poollen] != '/' && name[poollen] != '@')) 3536 return (SET_ERROR(EXDEV)); 3537 3538 /* This must be the only snap of this fs. */ 3539 for (nvpair_t *pair2 = nvlist_next_nvpair(snaps, pair); 3540 pair2 != NULL; pair2 = nvlist_next_nvpair(snaps, pair2)) { 3541 if (strncmp(name, nvpair_name(pair2), cp - name + 1) 3542 == 0) { 3543 return (SET_ERROR(EXDEV)); 3544 } 3545 } 3546 } 3547 3548 error = dsl_dataset_snapshot(snaps, props, outnvl); 3549 return (error); 3550 } 3551 3552 /* 3553 * innvl: "message" -> string 3554 */ 3555 static const zfs_ioc_key_t zfs_keys_log_history[] = { 3556 {"message", DATA_TYPE_STRING, 0}, 3557 }; 3558 3559 /* ARGSUSED */ 3560 static int 3561 zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl) 3562 { 3563 char *message; 3564 spa_t *spa; 3565 int error; 3566 char *poolname; 3567 3568 /* 3569 * The poolname in the ioctl is not set, we get it from the TSD, 3570 * which was set at the end of the last successful ioctl that allows 3571 * logging. The secpolicy func already checked that it is set. 3572 * Only one log ioctl is allowed after each successful ioctl, so 3573 * we clear the TSD here. 3574 */ 3575 poolname = tsd_get(zfs_allow_log_key); 3576 (void) tsd_set(zfs_allow_log_key, NULL); 3577 error = spa_open(poolname, &spa, FTAG); 3578 strfree(poolname); 3579 if (error != 0) 3580 return (error); 3581 3582 message = fnvlist_lookup_string(innvl, "message"); 3583 3584 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) { 3585 spa_close(spa, FTAG); 3586 return (SET_ERROR(ENOTSUP)); 3587 } 3588 3589 error = spa_history_log(spa, message); 3590 spa_close(spa, FTAG); 3591 return (error); 3592 } 3593 3594 /* 3595 * The dp_config_rwlock must not be held when calling this, because the 3596 * unmount may need to write out data. 3597 * 3598 * This function is best-effort. Callers must deal gracefully if it 3599 * remains mounted (or is remounted after this call). 3600 * 3601 * Returns 0 if the argument is not a snapshot, or it is not currently a 3602 * filesystem, or we were able to unmount it. Returns error code otherwise. 3603 */ 3604 void 3605 zfs_unmount_snap(const char *snapname) 3606 { 3607 vfs_t *vfsp = NULL; 3608 zfsvfs_t *zfsvfs = NULL; 3609 3610 if (strchr(snapname, '@') == NULL) 3611 return; 3612 3613 int err = getzfsvfs(snapname, &zfsvfs); 3614 if (err != 0) { 3615 ASSERT3P(zfsvfs, ==, NULL); 3616 return; 3617 } 3618 vfsp = zfsvfs->z_vfs; 3619 3620 ASSERT(!dsl_pool_config_held(dmu_objset_pool(zfsvfs->z_os))); 3621 3622 err = vn_vfswlock(vfsp->vfs_vnodecovered); 3623 VFS_RELE(vfsp); 3624 if (err != 0) 3625 return; 3626 3627 /* 3628 * Always force the unmount for snapshots. 3629 */ 3630 (void) dounmount(vfsp, MS_FORCE, kcred); 3631 } 3632 3633 /* ARGSUSED */ 3634 static int 3635 zfs_unmount_snap_cb(const char *snapname, void *arg) 3636 { 3637 zfs_unmount_snap(snapname); 3638 return (0); 3639 } 3640 3641 /* 3642 * When a clone is destroyed, its origin may also need to be destroyed, 3643 * in which case it must be unmounted. This routine will do that unmount 3644 * if necessary. 3645 */ 3646 void 3647 zfs_destroy_unmount_origin(const char *fsname) 3648 { 3649 int error; 3650 objset_t *os; 3651 dsl_dataset_t *ds; 3652 3653 error = dmu_objset_hold(fsname, FTAG, &os); 3654 if (error != 0) 3655 return; 3656 ds = dmu_objset_ds(os); 3657 if (dsl_dir_is_clone(ds->ds_dir) && DS_IS_DEFER_DESTROY(ds->ds_prev)) { 3658 char originname[ZFS_MAX_DATASET_NAME_LEN]; 3659 dsl_dataset_name(ds->ds_prev, originname); 3660 dmu_objset_rele(os, FTAG); 3661 zfs_unmount_snap(originname); 3662 } else { 3663 dmu_objset_rele(os, FTAG); 3664 } 3665 } 3666 3667 /* 3668 * innvl: { 3669 * "snaps" -> { snapshot1, snapshot2 } 3670 * (optional boolean) "defer" 3671 * } 3672 * 3673 * outnvl: snapshot -> error code (int32) 3674 * 3675 */ 3676 static const zfs_ioc_key_t zfs_keys_destroy_snaps[] = { 3677 {"snaps", DATA_TYPE_NVLIST, 0}, 3678 {"defer", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 3679 }; 3680 3681 /* ARGSUSED */ 3682 static int 3683 zfs_ioc_destroy_snaps(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3684 { 3685 nvlist_t *snaps; 3686 nvpair_t *pair; 3687 boolean_t defer; 3688 3689 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0) 3690 return (SET_ERROR(EINVAL)); 3691 defer = nvlist_exists(innvl, "defer"); 3692 3693 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 3694 pair = nvlist_next_nvpair(snaps, pair)) { 3695 zfs_unmount_snap(nvpair_name(pair)); 3696 } 3697 3698 return (dsl_destroy_snapshots_nvl(snaps, defer, outnvl)); 3699 } 3700 3701 /* 3702 * Create bookmarks. Bookmark names are of the form <fs>#<bmark>. 3703 * All bookmarks must be in the same pool. 3704 * 3705 * innvl: { 3706 * bookmark1 -> snapshot1, bookmark2 -> snapshot2 3707 * } 3708 * 3709 * outnvl: bookmark -> error code (int32) 3710 * 3711 */ 3712 static const zfs_ioc_key_t zfs_keys_bookmark[] = { 3713 {"<bookmark>...", DATA_TYPE_STRING, ZK_WILDCARDLIST}, 3714 }; 3715 3716 /* ARGSUSED */ 3717 static int 3718 zfs_ioc_bookmark(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3719 { 3720 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL); 3721 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) { 3722 char *snap_name; 3723 3724 /* 3725 * Verify the snapshot argument. 3726 */ 3727 if (nvpair_value_string(pair, &snap_name) != 0) 3728 return (SET_ERROR(EINVAL)); 3729 3730 3731 /* Verify that the keys (bookmarks) are unique */ 3732 for (nvpair_t *pair2 = nvlist_next_nvpair(innvl, pair); 3733 pair2 != NULL; pair2 = nvlist_next_nvpair(innvl, pair2)) { 3734 if (strcmp(nvpair_name(pair), nvpair_name(pair2)) == 0) 3735 return (SET_ERROR(EINVAL)); 3736 } 3737 } 3738 3739 return (dsl_bookmark_create(innvl, outnvl)); 3740 } 3741 3742 /* 3743 * innvl: { 3744 * property 1, property 2, ... 3745 * } 3746 * 3747 * outnvl: { 3748 * bookmark name 1 -> { property 1, property 2, ... }, 3749 * bookmark name 2 -> { property 1, property 2, ... } 3750 * } 3751 * 3752 */ 3753 static const zfs_ioc_key_t zfs_keys_get_bookmarks[] = { 3754 {"<property>...", DATA_TYPE_BOOLEAN, ZK_WILDCARDLIST | ZK_OPTIONAL}, 3755 }; 3756 3757 static int 3758 zfs_ioc_get_bookmarks(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3759 { 3760 return (dsl_get_bookmarks(fsname, innvl, outnvl)); 3761 } 3762 3763 /* 3764 * innvl: { 3765 * bookmark name 1, bookmark name 2 3766 * } 3767 * 3768 * outnvl: bookmark -> error code (int32) 3769 * 3770 */ 3771 static const zfs_ioc_key_t zfs_keys_destroy_bookmarks[] = { 3772 {"<bookmark>...", DATA_TYPE_BOOLEAN, ZK_WILDCARDLIST}, 3773 }; 3774 3775 static int 3776 zfs_ioc_destroy_bookmarks(const char *poolname, nvlist_t *innvl, 3777 nvlist_t *outnvl) 3778 { 3779 int error, poollen; 3780 3781 poollen = strlen(poolname); 3782 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL); 3783 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) { 3784 const char *name = nvpair_name(pair); 3785 const char *cp = strchr(name, '#'); 3786 3787 /* 3788 * The bookmark name must contain an #, and the part after it 3789 * must contain only valid characters. 3790 */ 3791 if (cp == NULL || 3792 zfs_component_namecheck(cp + 1, NULL, NULL) != 0) 3793 return (SET_ERROR(EINVAL)); 3794 3795 /* 3796 * The bookmark must be in the specified pool. 3797 */ 3798 if (strncmp(name, poolname, poollen) != 0 || 3799 (name[poollen] != '/' && name[poollen] != '#')) 3800 return (SET_ERROR(EXDEV)); 3801 } 3802 3803 error = dsl_bookmark_destroy(innvl, outnvl); 3804 return (error); 3805 } 3806 3807 static const zfs_ioc_key_t zfs_keys_channel_program[] = { 3808 {"program", DATA_TYPE_STRING, 0}, 3809 {"arg", DATA_TYPE_ANY, 0}, 3810 {"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL}, 3811 {"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL}, 3812 {"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL}, 3813 }; 3814 3815 static int 3816 zfs_ioc_channel_program(const char *poolname, nvlist_t *innvl, 3817 nvlist_t *outnvl) 3818 { 3819 char *program; 3820 uint64_t instrlimit, memlimit; 3821 boolean_t sync_flag; 3822 nvpair_t *nvarg = NULL; 3823 3824 program = fnvlist_lookup_string(innvl, ZCP_ARG_PROGRAM); 3825 if (0 != nvlist_lookup_boolean_value(innvl, ZCP_ARG_SYNC, &sync_flag)) { 3826 sync_flag = B_TRUE; 3827 } 3828 if (0 != nvlist_lookup_uint64(innvl, ZCP_ARG_INSTRLIMIT, &instrlimit)) { 3829 instrlimit = ZCP_DEFAULT_INSTRLIMIT; 3830 } 3831 if (0 != nvlist_lookup_uint64(innvl, ZCP_ARG_MEMLIMIT, &memlimit)) { 3832 memlimit = ZCP_DEFAULT_MEMLIMIT; 3833 } 3834 nvarg = fnvlist_lookup_nvpair(innvl, ZCP_ARG_ARGLIST); 3835 3836 if (instrlimit == 0 || instrlimit > zfs_lua_max_instrlimit) 3837 return (EINVAL); 3838 if (memlimit == 0 || memlimit > zfs_lua_max_memlimit) 3839 return (EINVAL); 3840 3841 return (zcp_eval(poolname, program, sync_flag, instrlimit, memlimit, 3842 nvarg, outnvl)); 3843 } 3844 3845 /* 3846 * innvl: unused 3847 * outnvl: empty 3848 */ 3849 static const zfs_ioc_key_t zfs_keys_pool_checkpoint[] = { 3850 /* no nvl keys */ 3851 }; 3852 3853 /* ARGSUSED */ 3854 static int 3855 zfs_ioc_pool_checkpoint(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3856 { 3857 return (spa_checkpoint(poolname)); 3858 } 3859 3860 /* 3861 * innvl: unused 3862 * outnvl: empty 3863 */ 3864 static const zfs_ioc_key_t zfs_keys_pool_discard_checkpoint[] = { 3865 /* no nvl keys */ 3866 }; 3867 3868 /* ARGSUSED */ 3869 static int 3870 zfs_ioc_pool_discard_checkpoint(const char *poolname, nvlist_t *innvl, 3871 nvlist_t *outnvl) 3872 { 3873 return (spa_checkpoint_discard(poolname)); 3874 } 3875 3876 /* 3877 * inputs: 3878 * zc_name name of dataset to destroy 3879 * zc_defer_destroy mark for deferred destroy 3880 * 3881 * outputs: none 3882 */ 3883 static int 3884 zfs_ioc_destroy(zfs_cmd_t *zc) 3885 { 3886 objset_t *os; 3887 dmu_objset_type_t ost; 3888 int err; 3889 3890 err = dmu_objset_hold(zc->zc_name, FTAG, &os); 3891 if (err != 0) 3892 return (err); 3893 ost = dmu_objset_type(os); 3894 dmu_objset_rele(os, FTAG); 3895 3896 if (ost == DMU_OST_ZFS) 3897 zfs_unmount_snap(zc->zc_name); 3898 3899 if (strchr(zc->zc_name, '@')) { 3900 err = dsl_destroy_snapshot(zc->zc_name, zc->zc_defer_destroy); 3901 } else { 3902 err = dsl_destroy_head(zc->zc_name); 3903 if (err == EEXIST) { 3904 /* 3905 * It is possible that the given DS may have 3906 * hidden child (%recv) datasets - "leftovers" 3907 * resulting from the previously interrupted 3908 * 'zfs receive'. 3909 * 3910 * 6 extra bytes for /%recv 3911 */ 3912 char namebuf[ZFS_MAX_DATASET_NAME_LEN + 6]; 3913 3914 if (snprintf(namebuf, sizeof (namebuf), "%s/%s", 3915 zc->zc_name, recv_clone_name) >= 3916 sizeof (namebuf)) 3917 return (SET_ERROR(EINVAL)); 3918 3919 /* 3920 * Try to remove the hidden child (%recv) and after 3921 * that try to remove the target dataset. 3922 * If the hidden child (%recv) does not exist 3923 * the original error (EEXIST) will be returned 3924 */ 3925 err = dsl_destroy_head(namebuf); 3926 if (err == 0) 3927 err = dsl_destroy_head(zc->zc_name); 3928 else if (err == ENOENT) 3929 err = SET_ERROR(EEXIST); 3930 } 3931 } 3932 if (ost == DMU_OST_ZVOL && err == 0) 3933 (void) zvol_remove_minor(zc->zc_name); 3934 return (err); 3935 } 3936 3937 /* 3938 * innvl: { 3939 * "initialize_command" -> POOL_INITIALIZE_{CANCEL|START|SUSPEND} (uint64) 3940 * "initialize_vdevs": { -> guids to initialize (nvlist) 3941 * "vdev_path_1": vdev_guid_1, (uint64), 3942 * "vdev_path_2": vdev_guid_2, (uint64), 3943 * ... 3944 * }, 3945 * } 3946 * 3947 * outnvl: { 3948 * "initialize_vdevs": { -> initialization errors (nvlist) 3949 * "vdev_path_1": errno, see function body for possible errnos (uint64) 3950 * "vdev_path_2": errno, ... (uint64) 3951 * ... 3952 * } 3953 * } 3954 * 3955 * EINVAL is returned for an unknown command or if any of the provided vdev 3956 * guids have be specified with a type other than uint64. 3957 */ 3958 static const zfs_ioc_key_t zfs_keys_pool_initialize[] = { 3959 {ZPOOL_INITIALIZE_COMMAND, DATA_TYPE_UINT64, 0}, 3960 {ZPOOL_INITIALIZE_VDEVS, DATA_TYPE_NVLIST, 0} 3961 }; 3962 3963 static int 3964 zfs_ioc_pool_initialize(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3965 { 3966 uint64_t cmd_type; 3967 if (nvlist_lookup_uint64(innvl, ZPOOL_INITIALIZE_COMMAND, 3968 &cmd_type) != 0) { 3969 return (SET_ERROR(EINVAL)); 3970 } 3971 3972 if (!(cmd_type == POOL_INITIALIZE_CANCEL || 3973 cmd_type == POOL_INITIALIZE_START || 3974 cmd_type == POOL_INITIALIZE_SUSPEND)) { 3975 return (SET_ERROR(EINVAL)); 3976 } 3977 3978 nvlist_t *vdev_guids; 3979 if (nvlist_lookup_nvlist(innvl, ZPOOL_INITIALIZE_VDEVS, 3980 &vdev_guids) != 0) { 3981 return (SET_ERROR(EINVAL)); 3982 } 3983 3984 for (nvpair_t *pair = nvlist_next_nvpair(vdev_guids, NULL); 3985 pair != NULL; pair = nvlist_next_nvpair(vdev_guids, pair)) { 3986 uint64_t vdev_guid; 3987 if (nvpair_value_uint64(pair, &vdev_guid) != 0) { 3988 return (SET_ERROR(EINVAL)); 3989 } 3990 } 3991 3992 spa_t *spa; 3993 int error = spa_open(poolname, &spa, FTAG); 3994 if (error != 0) 3995 return (error); 3996 3997 nvlist_t *vdev_errlist = fnvlist_alloc(); 3998 int total_errors = spa_vdev_initialize(spa, vdev_guids, cmd_type, 3999 vdev_errlist); 4000 4001 if (fnvlist_size(vdev_errlist) > 0) { 4002 fnvlist_add_nvlist(outnvl, ZPOOL_INITIALIZE_VDEVS, 4003 vdev_errlist); 4004 } 4005 fnvlist_free(vdev_errlist); 4006 4007 spa_close(spa, FTAG); 4008 return (total_errors > 0 ? EINVAL : 0); 4009 } 4010 4011 /* 4012 * innvl: { 4013 * "trim_command" -> POOL_TRIM_{CANCEL|START|SUSPEND} (uint64) 4014 * "trim_vdevs": { -> guids to TRIM (nvlist) 4015 * "vdev_path_1": vdev_guid_1, (uint64), 4016 * "vdev_path_2": vdev_guid_2, (uint64), 4017 * ... 4018 * }, 4019 * "trim_rate" -> Target TRIM rate in bytes/sec. 4020 * "trim_secure" -> Set to request a secure TRIM. 4021 * } 4022 * 4023 * outnvl: { 4024 * "trim_vdevs": { -> TRIM errors (nvlist) 4025 * "vdev_path_1": errno, see function body for possible errnos (uint64) 4026 * "vdev_path_2": errno, ... (uint64) 4027 * ... 4028 * } 4029 * } 4030 * 4031 * EINVAL is returned for an unknown command or if any of the provided vdev 4032 * guids have be specified with a type other than uint64. 4033 */ 4034 static const zfs_ioc_key_t zfs_keys_pool_trim[] = { 4035 {ZPOOL_TRIM_COMMAND, DATA_TYPE_UINT64, 0}, 4036 {ZPOOL_TRIM_VDEVS, DATA_TYPE_NVLIST, 0}, 4037 {ZPOOL_TRIM_RATE, DATA_TYPE_UINT64, ZK_OPTIONAL}, 4038 {ZPOOL_TRIM_SECURE, DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL}, 4039 }; 4040 4041 static int 4042 zfs_ioc_pool_trim(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 4043 { 4044 uint64_t cmd_type; 4045 if (nvlist_lookup_uint64(innvl, ZPOOL_TRIM_COMMAND, &cmd_type) != 0) 4046 return (SET_ERROR(EINVAL)); 4047 4048 if (!(cmd_type == POOL_TRIM_CANCEL || 4049 cmd_type == POOL_TRIM_START || 4050 cmd_type == POOL_TRIM_SUSPEND)) { 4051 return (SET_ERROR(EINVAL)); 4052 } 4053 4054 nvlist_t *vdev_guids; 4055 if (nvlist_lookup_nvlist(innvl, ZPOOL_TRIM_VDEVS, &vdev_guids) != 0) 4056 return (SET_ERROR(EINVAL)); 4057 4058 for (nvpair_t *pair = nvlist_next_nvpair(vdev_guids, NULL); 4059 pair != NULL; pair = nvlist_next_nvpair(vdev_guids, pair)) { 4060 uint64_t vdev_guid; 4061 if (nvpair_value_uint64(pair, &vdev_guid) != 0) { 4062 return (SET_ERROR(EINVAL)); 4063 } 4064 } 4065 4066 /* Optional, defaults to maximum rate when not provided */ 4067 uint64_t rate; 4068 if (nvlist_lookup_uint64(innvl, ZPOOL_TRIM_RATE, &rate) != 0) 4069 rate = 0; 4070 4071 /* Optional, defaults to standard TRIM when not provided */ 4072 boolean_t secure; 4073 if (nvlist_lookup_boolean_value(innvl, ZPOOL_TRIM_SECURE, 4074 &secure) != 0) { 4075 secure = B_FALSE; 4076 } 4077 4078 spa_t *spa; 4079 int error = spa_open(poolname, &spa, FTAG); 4080 if (error != 0) 4081 return (error); 4082 4083 nvlist_t *vdev_errlist = fnvlist_alloc(); 4084 int total_errors = spa_vdev_trim(spa, vdev_guids, cmd_type, 4085 rate, !!zfs_trim_metaslab_skip, secure, vdev_errlist); 4086 4087 if (fnvlist_size(vdev_errlist) > 0) 4088 fnvlist_add_nvlist(outnvl, ZPOOL_TRIM_VDEVS, vdev_errlist); 4089 4090 fnvlist_free(vdev_errlist); 4091 4092 spa_close(spa, FTAG); 4093 return (total_errors > 0 ? EINVAL : 0); 4094 } 4095 4096 /* 4097 * fsname is name of dataset to rollback (to most recent snapshot) 4098 * 4099 * innvl may contain name of expected target snapshot 4100 * 4101 * outnvl: "target" -> name of most recent snapshot 4102 * } 4103 */ 4104 static const zfs_ioc_key_t zfs_keys_rollback[] = { 4105 {"target", DATA_TYPE_STRING, ZK_OPTIONAL}, 4106 }; 4107 4108 /* ARGSUSED */ 4109 static int 4110 zfs_ioc_rollback(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 4111 { 4112 zfsvfs_t *zfsvfs; 4113 char *target = NULL; 4114 int error; 4115 4116 (void) nvlist_lookup_string(innvl, "target", &target); 4117 if (target != NULL) { 4118 const char *cp = strchr(target, '@'); 4119 4120 /* 4121 * The snap name must contain an @, and the part after it must 4122 * contain only valid characters. 4123 */ 4124 if (cp == NULL || 4125 zfs_component_namecheck(cp + 1, NULL, NULL) != 0) 4126 return (SET_ERROR(EINVAL)); 4127 } 4128 4129 if (getzfsvfs(fsname, &zfsvfs) == 0) { 4130 dsl_dataset_t *ds; 4131 4132 ds = dmu_objset_ds(zfsvfs->z_os); 4133 error = zfs_suspend_fs(zfsvfs); 4134 if (error == 0) { 4135 int resume_err; 4136 4137 error = dsl_dataset_rollback(fsname, target, zfsvfs, 4138 outnvl); 4139 resume_err = zfs_resume_fs(zfsvfs, ds); 4140 error = error ? error : resume_err; 4141 } 4142 VFS_RELE(zfsvfs->z_vfs); 4143 } else { 4144 error = dsl_dataset_rollback(fsname, target, NULL, outnvl); 4145 } 4146 return (error); 4147 } 4148 4149 static int 4150 recursive_unmount(const char *fsname, void *arg) 4151 { 4152 const char *snapname = arg; 4153 char fullname[ZFS_MAX_DATASET_NAME_LEN]; 4154 4155 (void) snprintf(fullname, sizeof (fullname), "%s@%s", fsname, snapname); 4156 zfs_unmount_snap(fullname); 4157 4158 return (0); 4159 } 4160 4161 /* 4162 * inputs: 4163 * zc_name old name of dataset 4164 * zc_value new name of dataset 4165 * zc_cookie recursive flag (only valid for snapshots) 4166 * 4167 * outputs: none 4168 */ 4169 static int 4170 zfs_ioc_rename(zfs_cmd_t *zc) 4171 { 4172 objset_t *os; 4173 dmu_objset_type_t ost; 4174 boolean_t recursive = zc->zc_cookie & 1; 4175 char *at; 4176 int err; 4177 4178 /* "zfs rename" from and to ...%recv datasets should both fail */ 4179 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0'; 4180 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0'; 4181 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0 || 4182 dataset_namecheck(zc->zc_value, NULL, NULL) != 0 || 4183 strchr(zc->zc_name, '%') || strchr(zc->zc_value, '%')) 4184 return (SET_ERROR(EINVAL)); 4185 4186 err = dmu_objset_hold(zc->zc_name, FTAG, &os); 4187 if (err != 0) 4188 return (err); 4189 ost = dmu_objset_type(os); 4190 dmu_objset_rele(os, FTAG); 4191 4192 at = strchr(zc->zc_name, '@'); 4193 if (at != NULL) { 4194 /* snaps must be in same fs */ 4195 int error; 4196 4197 if (strncmp(zc->zc_name, zc->zc_value, at - zc->zc_name + 1)) 4198 return (SET_ERROR(EXDEV)); 4199 *at = '\0'; 4200 if (ost == DMU_OST_ZFS) { 4201 error = dmu_objset_find(zc->zc_name, 4202 recursive_unmount, at + 1, 4203 recursive ? DS_FIND_CHILDREN : 0); 4204 if (error != 0) { 4205 *at = '@'; 4206 return (error); 4207 } 4208 } 4209 error = dsl_dataset_rename_snapshot(zc->zc_name, 4210 at + 1, strchr(zc->zc_value, '@') + 1, recursive); 4211 *at = '@'; 4212 4213 return (error); 4214 } else { 4215 if (ost == DMU_OST_ZVOL) 4216 (void) zvol_remove_minor(zc->zc_name); 4217 return (dsl_dir_rename(zc->zc_name, zc->zc_value)); 4218 } 4219 } 4220 4221 static int 4222 zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr) 4223 { 4224 const char *propname = nvpair_name(pair); 4225 boolean_t issnap = (strchr(dsname, '@') != NULL); 4226 zfs_prop_t prop = zfs_name_to_prop(propname); 4227 uint64_t intval; 4228 int err; 4229 4230 if (prop == ZPROP_INVAL) { 4231 if (zfs_prop_user(propname)) { 4232 if (err = zfs_secpolicy_write_perms(dsname, 4233 ZFS_DELEG_PERM_USERPROP, cr)) 4234 return (err); 4235 return (0); 4236 } 4237 4238 if (!issnap && zfs_prop_userquota(propname)) { 4239 const char *perm = NULL; 4240 const char *uq_prefix = 4241 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA]; 4242 const char *gq_prefix = 4243 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA]; 4244 const char *uiq_prefix = 4245 zfs_userquota_prop_prefixes[ZFS_PROP_USEROBJQUOTA]; 4246 const char *giq_prefix = 4247 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPOBJQUOTA]; 4248 const char *pq_prefix = 4249 zfs_userquota_prop_prefixes[ZFS_PROP_PROJECTQUOTA]; 4250 const char *piq_prefix = zfs_userquota_prop_prefixes[\ 4251 ZFS_PROP_PROJECTOBJQUOTA]; 4252 4253 if (strncmp(propname, uq_prefix, 4254 strlen(uq_prefix)) == 0) { 4255 perm = ZFS_DELEG_PERM_USERQUOTA; 4256 } else if (strncmp(propname, uiq_prefix, 4257 strlen(uiq_prefix)) == 0) { 4258 perm = ZFS_DELEG_PERM_USEROBJQUOTA; 4259 } else if (strncmp(propname, gq_prefix, 4260 strlen(gq_prefix)) == 0) { 4261 perm = ZFS_DELEG_PERM_GROUPQUOTA; 4262 } else if (strncmp(propname, giq_prefix, 4263 strlen(giq_prefix)) == 0) { 4264 perm = ZFS_DELEG_PERM_GROUPOBJQUOTA; 4265 } else if (strncmp(propname, pq_prefix, 4266 strlen(pq_prefix)) == 0) { 4267 perm = ZFS_DELEG_PERM_PROJECTQUOTA; 4268 } else if (strncmp(propname, piq_prefix, 4269 strlen(piq_prefix)) == 0) { 4270 perm = ZFS_DELEG_PERM_PROJECTOBJQUOTA; 4271 } else { 4272 /* {USER|GROUP|PROJECT}USED are read-only */ 4273 return (SET_ERROR(EINVAL)); 4274 } 4275 4276 if (err = zfs_secpolicy_write_perms(dsname, perm, cr)) 4277 return (err); 4278 return (0); 4279 } 4280 4281 return (SET_ERROR(EINVAL)); 4282 } 4283 4284 if (issnap) 4285 return (SET_ERROR(EINVAL)); 4286 4287 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 4288 /* 4289 * dsl_prop_get_all_impl() returns properties in this 4290 * format. 4291 */ 4292 nvlist_t *attrs; 4293 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 4294 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 4295 &pair) == 0); 4296 } 4297 4298 /* 4299 * Check that this value is valid for this pool version 4300 */ 4301 switch (prop) { 4302 case ZFS_PROP_COMPRESSION: 4303 /* 4304 * If the user specified gzip compression, make sure 4305 * the SPA supports it. We ignore any errors here since 4306 * we'll catch them later. 4307 */ 4308 if (nvpair_value_uint64(pair, &intval) == 0) { 4309 if (intval >= ZIO_COMPRESS_GZIP_1 && 4310 intval <= ZIO_COMPRESS_GZIP_9 && 4311 zfs_earlier_version(dsname, 4312 SPA_VERSION_GZIP_COMPRESSION)) { 4313 return (SET_ERROR(ENOTSUP)); 4314 } 4315 4316 if (intval == ZIO_COMPRESS_ZLE && 4317 zfs_earlier_version(dsname, 4318 SPA_VERSION_ZLE_COMPRESSION)) 4319 return (SET_ERROR(ENOTSUP)); 4320 4321 if (intval == ZIO_COMPRESS_LZ4) { 4322 spa_t *spa; 4323 4324 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 4325 return (err); 4326 4327 if (!spa_feature_is_enabled(spa, 4328 SPA_FEATURE_LZ4_COMPRESS)) { 4329 spa_close(spa, FTAG); 4330 return (SET_ERROR(ENOTSUP)); 4331 } 4332 spa_close(spa, FTAG); 4333 } 4334 4335 /* 4336 * If this is a bootable dataset then 4337 * verify that the compression algorithm 4338 * is supported for booting. We must return 4339 * something other than ENOTSUP since it 4340 * implies a downrev pool version. 4341 */ 4342 if (zfs_is_bootfs(dsname) && 4343 !BOOTFS_COMPRESS_VALID(intval)) { 4344 return (SET_ERROR(ERANGE)); 4345 } 4346 } 4347 break; 4348 4349 case ZFS_PROP_COPIES: 4350 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS)) 4351 return (SET_ERROR(ENOTSUP)); 4352 break; 4353 4354 case ZFS_PROP_RECORDSIZE: 4355 /* Record sizes above 128k need the feature to be enabled */ 4356 if (nvpair_value_uint64(pair, &intval) == 0 && 4357 intval > SPA_OLD_MAXBLOCKSIZE) { 4358 spa_t *spa; 4359 4360 /* 4361 * We don't allow setting the property above 1MB, 4362 * unless the tunable has been changed. 4363 */ 4364 if (intval > zfs_max_recordsize || 4365 intval > SPA_MAXBLOCKSIZE) 4366 return (SET_ERROR(ERANGE)); 4367 4368 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 4369 return (err); 4370 4371 if (!spa_feature_is_enabled(spa, 4372 SPA_FEATURE_LARGE_BLOCKS)) { 4373 spa_close(spa, FTAG); 4374 return (SET_ERROR(ENOTSUP)); 4375 } 4376 spa_close(spa, FTAG); 4377 } 4378 break; 4379 4380 case ZFS_PROP_DNODESIZE: 4381 /* Dnode sizes above 512 need the feature to be enabled */ 4382 if (nvpair_value_uint64(pair, &intval) == 0 && 4383 intval != ZFS_DNSIZE_LEGACY) { 4384 spa_t *spa; 4385 4386 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 4387 return (err); 4388 4389 if (!spa_feature_is_enabled(spa, 4390 SPA_FEATURE_LARGE_DNODE)) { 4391 spa_close(spa, FTAG); 4392 return (SET_ERROR(ENOTSUP)); 4393 } 4394 spa_close(spa, FTAG); 4395 } 4396 break; 4397 4398 case ZFS_PROP_SPECIAL_SMALL_BLOCKS: 4399 /* 4400 * This property could require the allocation classes 4401 * feature to be active for setting, however we allow 4402 * it so that tests of settable properties succeed. 4403 * The CLI will issue a warning in this case. 4404 */ 4405 break; 4406 4407 case ZFS_PROP_SHARESMB: 4408 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID)) 4409 return (SET_ERROR(ENOTSUP)); 4410 break; 4411 4412 case ZFS_PROP_ACLINHERIT: 4413 if (nvpair_type(pair) == DATA_TYPE_UINT64 && 4414 nvpair_value_uint64(pair, &intval) == 0) { 4415 if (intval == ZFS_ACL_PASSTHROUGH_X && 4416 zfs_earlier_version(dsname, 4417 SPA_VERSION_PASSTHROUGH_X)) 4418 return (SET_ERROR(ENOTSUP)); 4419 } 4420 break; 4421 4422 case ZFS_PROP_CHECKSUM: 4423 case ZFS_PROP_DEDUP: 4424 { 4425 spa_feature_t feature; 4426 spa_t *spa; 4427 4428 /* dedup feature version checks */ 4429 if (prop == ZFS_PROP_DEDUP && 4430 zfs_earlier_version(dsname, SPA_VERSION_DEDUP)) 4431 return (SET_ERROR(ENOTSUP)); 4432 4433 if (nvpair_value_uint64(pair, &intval) != 0) 4434 return (SET_ERROR(EINVAL)); 4435 4436 /* check prop value is enabled in features */ 4437 feature = zio_checksum_to_feature(intval & ZIO_CHECKSUM_MASK); 4438 if (feature == SPA_FEATURE_NONE) 4439 break; 4440 4441 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 4442 return (err); 4443 4444 if (!spa_feature_is_enabled(spa, feature)) { 4445 spa_close(spa, FTAG); 4446 return (SET_ERROR(ENOTSUP)); 4447 } 4448 spa_close(spa, FTAG); 4449 break; 4450 } 4451 } 4452 4453 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED())); 4454 } 4455 4456 /* 4457 * Checks for a race condition to make sure we don't increment a feature flag 4458 * multiple times. 4459 */ 4460 static int 4461 zfs_prop_activate_feature_check(void *arg, dmu_tx_t *tx) 4462 { 4463 spa_t *spa = dmu_tx_pool(tx)->dp_spa; 4464 spa_feature_t *featurep = arg; 4465 4466 if (!spa_feature_is_active(spa, *featurep)) 4467 return (0); 4468 else 4469 return (SET_ERROR(EBUSY)); 4470 } 4471 4472 /* 4473 * The callback invoked on feature activation in the sync task caused by 4474 * zfs_prop_activate_feature. 4475 */ 4476 static void 4477 zfs_prop_activate_feature_sync(void *arg, dmu_tx_t *tx) 4478 { 4479 spa_t *spa = dmu_tx_pool(tx)->dp_spa; 4480 spa_feature_t *featurep = arg; 4481 4482 spa_feature_incr(spa, *featurep, tx); 4483 } 4484 4485 /* 4486 * Activates a feature on a pool in response to a property setting. This 4487 * creates a new sync task which modifies the pool to reflect the feature 4488 * as being active. 4489 */ 4490 static int 4491 zfs_prop_activate_feature(spa_t *spa, spa_feature_t feature) 4492 { 4493 int err; 4494 4495 /* EBUSY here indicates that the feature is already active */ 4496 err = dsl_sync_task(spa_name(spa), 4497 zfs_prop_activate_feature_check, zfs_prop_activate_feature_sync, 4498 &feature, 2, ZFS_SPACE_CHECK_RESERVED); 4499 4500 if (err != 0 && err != EBUSY) 4501 return (err); 4502 else 4503 return (0); 4504 } 4505 4506 /* 4507 * Removes properties from the given props list that fail permission checks 4508 * needed to clear them and to restore them in case of a receive error. For each 4509 * property, make sure we have both set and inherit permissions. 4510 * 4511 * Returns the first error encountered if any permission checks fail. If the 4512 * caller provides a non-NULL errlist, it also gives the complete list of names 4513 * of all the properties that failed a permission check along with the 4514 * corresponding error numbers. The caller is responsible for freeing the 4515 * returned errlist. 4516 * 4517 * If every property checks out successfully, zero is returned and the list 4518 * pointed at by errlist is NULL. 4519 */ 4520 static int 4521 zfs_check_clearable(char *dataset, nvlist_t *props, nvlist_t **errlist) 4522 { 4523 zfs_cmd_t *zc; 4524 nvpair_t *pair, *next_pair; 4525 nvlist_t *errors; 4526 int err, rv = 0; 4527 4528 if (props == NULL) 4529 return (0); 4530 4531 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0); 4532 4533 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP); 4534 (void) strcpy(zc->zc_name, dataset); 4535 pair = nvlist_next_nvpair(props, NULL); 4536 while (pair != NULL) { 4537 next_pair = nvlist_next_nvpair(props, pair); 4538 4539 (void) strcpy(zc->zc_value, nvpair_name(pair)); 4540 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 || 4541 (err = zfs_secpolicy_inherit_prop(zc, NULL, CRED())) != 0) { 4542 VERIFY(nvlist_remove_nvpair(props, pair) == 0); 4543 VERIFY(nvlist_add_int32(errors, 4544 zc->zc_value, err) == 0); 4545 } 4546 pair = next_pair; 4547 } 4548 kmem_free(zc, sizeof (zfs_cmd_t)); 4549 4550 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) { 4551 nvlist_free(errors); 4552 errors = NULL; 4553 } else { 4554 VERIFY(nvpair_value_int32(pair, &rv) == 0); 4555 } 4556 4557 if (errlist == NULL) 4558 nvlist_free(errors); 4559 else 4560 *errlist = errors; 4561 4562 return (rv); 4563 } 4564 4565 static boolean_t 4566 propval_equals(nvpair_t *p1, nvpair_t *p2) 4567 { 4568 if (nvpair_type(p1) == DATA_TYPE_NVLIST) { 4569 /* dsl_prop_get_all_impl() format */ 4570 nvlist_t *attrs; 4571 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0); 4572 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 4573 &p1) == 0); 4574 } 4575 4576 if (nvpair_type(p2) == DATA_TYPE_NVLIST) { 4577 nvlist_t *attrs; 4578 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0); 4579 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 4580 &p2) == 0); 4581 } 4582 4583 if (nvpair_type(p1) != nvpair_type(p2)) 4584 return (B_FALSE); 4585 4586 if (nvpair_type(p1) == DATA_TYPE_STRING) { 4587 char *valstr1, *valstr2; 4588 4589 VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0); 4590 VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0); 4591 return (strcmp(valstr1, valstr2) == 0); 4592 } else { 4593 uint64_t intval1, intval2; 4594 4595 VERIFY(nvpair_value_uint64(p1, &intval1) == 0); 4596 VERIFY(nvpair_value_uint64(p2, &intval2) == 0); 4597 return (intval1 == intval2); 4598 } 4599 } 4600 4601 /* 4602 * Remove properties from props if they are not going to change (as determined 4603 * by comparison with origprops). Remove them from origprops as well, since we 4604 * do not need to clear or restore properties that won't change. 4605 */ 4606 static void 4607 props_reduce(nvlist_t *props, nvlist_t *origprops) 4608 { 4609 nvpair_t *pair, *next_pair; 4610 4611 if (origprops == NULL) 4612 return; /* all props need to be received */ 4613 4614 pair = nvlist_next_nvpair(props, NULL); 4615 while (pair != NULL) { 4616 const char *propname = nvpair_name(pair); 4617 nvpair_t *match; 4618 4619 next_pair = nvlist_next_nvpair(props, pair); 4620 4621 if ((nvlist_lookup_nvpair(origprops, propname, 4622 &match) != 0) || !propval_equals(pair, match)) 4623 goto next; /* need to set received value */ 4624 4625 /* don't clear the existing received value */ 4626 (void) nvlist_remove_nvpair(origprops, match); 4627 /* don't bother receiving the property */ 4628 (void) nvlist_remove_nvpair(props, pair); 4629 next: 4630 pair = next_pair; 4631 } 4632 } 4633 4634 /* 4635 * Extract properties that cannot be set PRIOR to the receipt of a dataset. 4636 * For example, refquota cannot be set until after the receipt of a dataset, 4637 * because in replication streams, an older/earlier snapshot may exceed the 4638 * refquota. We want to receive the older/earlier snapshot, but setting 4639 * refquota pre-receipt will set the dsl's ACTUAL quota, which will prevent 4640 * the older/earlier snapshot from being received (with EDQUOT). 4641 * 4642 * The ZFS test "zfs_receive_011_pos" demonstrates such a scenario. 4643 * 4644 * libzfs will need to be judicious handling errors encountered by props 4645 * extracted by this function. 4646 */ 4647 static nvlist_t * 4648 extract_delay_props(nvlist_t *props) 4649 { 4650 nvlist_t *delayprops; 4651 nvpair_t *nvp, *tmp; 4652 static const zfs_prop_t delayable[] = { 4653 ZFS_PROP_REFQUOTA, 4654 ZFS_PROP_KEYLOCATION, 4655 0 4656 }; 4657 int i; 4658 4659 VERIFY(nvlist_alloc(&delayprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 4660 4661 for (nvp = nvlist_next_nvpair(props, NULL); nvp != NULL; 4662 nvp = nvlist_next_nvpair(props, nvp)) { 4663 /* 4664 * strcmp() is safe because zfs_prop_to_name() always returns 4665 * a bounded string. 4666 */ 4667 for (i = 0; delayable[i] != 0; i++) { 4668 if (strcmp(zfs_prop_to_name(delayable[i]), 4669 nvpair_name(nvp)) == 0) { 4670 break; 4671 } 4672 } 4673 if (delayable[i] != 0) { 4674 tmp = nvlist_prev_nvpair(props, nvp); 4675 VERIFY(nvlist_add_nvpair(delayprops, nvp) == 0); 4676 VERIFY(nvlist_remove_nvpair(props, nvp) == 0); 4677 nvp = tmp; 4678 } 4679 } 4680 4681 if (nvlist_empty(delayprops)) { 4682 nvlist_free(delayprops); 4683 delayprops = NULL; 4684 } 4685 return (delayprops); 4686 } 4687 4688 #ifdef DEBUG 4689 static boolean_t zfs_ioc_recv_inject_err; 4690 #endif 4691 4692 /* 4693 * nvlist 'errors' is always allocated. It will contain descriptions of 4694 * encountered errors, if any. It's the callers responsibility to free. 4695 */ 4696 static int 4697 zfs_ioc_recv_impl(char *tofs, char *tosnap, char *origin, nvlist_t *recvprops, 4698 nvlist_t *localprops, nvlist_t *hidden_args, boolean_t force, 4699 boolean_t resumable, int input_fd, dmu_replay_record_t *begin_record, 4700 int cleanup_fd, uint64_t *read_bytes, uint64_t *errflags, 4701 uint64_t *action_handle, nvlist_t **errors) 4702 { 4703 dmu_recv_cookie_t drc; 4704 int error = 0; 4705 int props_error = 0; 4706 offset_t off; 4707 nvlist_t *local_delayprops = NULL; 4708 nvlist_t *recv_delayprops = NULL; 4709 nvlist_t *origprops = NULL; /* existing properties */ 4710 nvlist_t *origrecvd = NULL; /* existing received properties */ 4711 boolean_t first_recvd_props = B_FALSE; 4712 file_t *input_fp; 4713 4714 *read_bytes = 0; 4715 *errflags = 0; 4716 *errors = fnvlist_alloc(); 4717 4718 input_fp = getf(input_fd); 4719 if (input_fp == NULL) 4720 return (SET_ERROR(EBADF)); 4721 4722 error = dmu_recv_begin(tofs, tosnap, begin_record, force, 4723 resumable, localprops, hidden_args, origin, &drc); 4724 if (error != 0) 4725 goto out; 4726 4727 /* 4728 * Set properties before we receive the stream so that they are applied 4729 * to the new data. Note that we must call dmu_recv_stream() if 4730 * dmu_recv_begin() succeeds. 4731 */ 4732 if (recvprops != NULL && !drc.drc_newfs) { 4733 if (spa_version(dsl_dataset_get_spa(drc.drc_ds)) >= 4734 SPA_VERSION_RECVD_PROPS && 4735 !dsl_prop_get_hasrecvd(tofs)) 4736 first_recvd_props = B_TRUE; 4737 4738 /* 4739 * If new received properties are supplied, they are to 4740 * completely replace the existing received properties, 4741 * so stash away the existing ones. 4742 */ 4743 if (dsl_prop_get_received(tofs, &origrecvd) == 0) { 4744 nvlist_t *errlist = NULL; 4745 /* 4746 * Don't bother writing a property if its value won't 4747 * change (and avoid the unnecessary security checks). 4748 * 4749 * The first receive after SPA_VERSION_RECVD_PROPS is a 4750 * special case where we blow away all local properties 4751 * regardless. 4752 */ 4753 if (!first_recvd_props) 4754 props_reduce(recvprops, origrecvd); 4755 if (zfs_check_clearable(tofs, origrecvd, &errlist) != 0) 4756 (void) nvlist_merge(*errors, errlist, 0); 4757 nvlist_free(errlist); 4758 4759 if (clear_received_props(tofs, origrecvd, 4760 first_recvd_props ? NULL : recvprops) != 0) 4761 *errflags |= ZPROP_ERR_NOCLEAR; 4762 } else { 4763 *errflags |= ZPROP_ERR_NOCLEAR; 4764 } 4765 } 4766 4767 /* 4768 * Stash away existing properties so we can restore them on error unless 4769 * we're doing the first receive after SPA_VERSION_RECVD_PROPS, in which 4770 * case "origrecvd" will take care of that. 4771 */ 4772 if (localprops != NULL && !drc.drc_newfs && !first_recvd_props) { 4773 objset_t *os; 4774 if (dmu_objset_hold(tofs, FTAG, &os) == 0) { 4775 if (dsl_prop_get_all(os, &origprops) != 0) { 4776 *errflags |= ZPROP_ERR_NOCLEAR; 4777 } 4778 dmu_objset_rele(os, FTAG); 4779 } else { 4780 *errflags |= ZPROP_ERR_NOCLEAR; 4781 } 4782 } 4783 4784 if (recvprops != NULL) { 4785 props_error = dsl_prop_set_hasrecvd(tofs); 4786 4787 if (props_error == 0) { 4788 recv_delayprops = extract_delay_props(recvprops); 4789 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED, 4790 recvprops, *errors); 4791 } 4792 } 4793 4794 if (localprops != NULL) { 4795 nvlist_t *oprops = fnvlist_alloc(); 4796 nvlist_t *xprops = fnvlist_alloc(); 4797 nvpair_t *nvp = NULL; 4798 4799 while ((nvp = nvlist_next_nvpair(localprops, nvp)) != NULL) { 4800 if (nvpair_type(nvp) == DATA_TYPE_BOOLEAN) { 4801 /* -x property */ 4802 const char *name = nvpair_name(nvp); 4803 zfs_prop_t prop = zfs_name_to_prop(name); 4804 if (prop != ZPROP_INVAL) { 4805 if (!zfs_prop_inheritable(prop)) 4806 continue; 4807 } else if (!zfs_prop_user(name)) 4808 continue; 4809 fnvlist_add_boolean(xprops, name); 4810 } else { 4811 /* -o property=value */ 4812 fnvlist_add_nvpair(oprops, nvp); 4813 } 4814 } 4815 4816 local_delayprops = extract_delay_props(oprops); 4817 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL, 4818 oprops, *errors); 4819 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED, 4820 xprops, *errors); 4821 4822 nvlist_free(oprops); 4823 nvlist_free(xprops); 4824 } 4825 4826 off = input_fp->f_offset; 4827 error = dmu_recv_stream(&drc, input_fp->f_vnode, &off, cleanup_fd, 4828 action_handle); 4829 4830 if (error == 0) { 4831 zfsvfs_t *zfsvfs = NULL; 4832 4833 if (getzfsvfs(tofs, &zfsvfs) == 0) { 4834 /* online recv */ 4835 dsl_dataset_t *ds; 4836 int end_err; 4837 4838 ds = dmu_objset_ds(zfsvfs->z_os); 4839 error = zfs_suspend_fs(zfsvfs); 4840 /* 4841 * If the suspend fails, then the recv_end will 4842 * likely also fail, and clean up after itself. 4843 */ 4844 end_err = dmu_recv_end(&drc, zfsvfs); 4845 if (error == 0) 4846 error = zfs_resume_fs(zfsvfs, ds); 4847 error = error ? error : end_err; 4848 VFS_RELE(zfsvfs->z_vfs); 4849 } else { 4850 error = dmu_recv_end(&drc, NULL); 4851 } 4852 4853 /* Set delayed properties now, after we're done receiving. */ 4854 if (recv_delayprops != NULL && error == 0) { 4855 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED, 4856 recv_delayprops, *errors); 4857 } 4858 if (local_delayprops != NULL && error == 0) { 4859 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL, 4860 local_delayprops, *errors); 4861 } 4862 } 4863 4864 /* 4865 * Merge delayed props back in with initial props, in case 4866 * we're DEBUG and zfs_ioc_recv_inject_err is set (which means 4867 * we have to make sure clear_received_props() includes 4868 * the delayed properties). 4869 * 4870 * Since zfs_ioc_recv_inject_err is only in DEBUG kernels, 4871 * using ASSERT() will be just like a VERIFY. 4872 */ 4873 if (recv_delayprops != NULL) { 4874 ASSERT(nvlist_merge(recvprops, recv_delayprops, 0) == 0); 4875 nvlist_free(recv_delayprops); 4876 } 4877 if (local_delayprops != NULL) { 4878 ASSERT(nvlist_merge(localprops, local_delayprops, 0) == 0); 4879 nvlist_free(local_delayprops); 4880 } 4881 4882 *read_bytes = off - input_fp->f_offset; 4883 if (VOP_SEEK(input_fp->f_vnode, input_fp->f_offset, &off, NULL) == 0) 4884 input_fp->f_offset = off; 4885 4886 #ifdef DEBUG 4887 if (zfs_ioc_recv_inject_err) { 4888 zfs_ioc_recv_inject_err = B_FALSE; 4889 error = 1; 4890 } 4891 #endif 4892 4893 /* 4894 * On error, restore the original props. 4895 */ 4896 if (error != 0 && recvprops != NULL && !drc.drc_newfs) { 4897 if (clear_received_props(tofs, recvprops, NULL) != 0) { 4898 /* 4899 * We failed to clear the received properties. 4900 * Since we may have left a $recvd value on the 4901 * system, we can't clear the $hasrecvd flag. 4902 */ 4903 *errflags |= ZPROP_ERR_NORESTORE; 4904 } else if (first_recvd_props) { 4905 dsl_prop_unset_hasrecvd(tofs); 4906 } 4907 4908 if (origrecvd == NULL && !drc.drc_newfs) { 4909 /* We failed to stash the original properties. */ 4910 *errflags |= ZPROP_ERR_NORESTORE; 4911 } 4912 4913 /* 4914 * dsl_props_set() will not convert RECEIVED to LOCAL on or 4915 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL 4916 * explicitly if we're restoring local properties cleared in the 4917 * first new-style receive. 4918 */ 4919 if (origrecvd != NULL && 4920 zfs_set_prop_nvlist(tofs, (first_recvd_props ? 4921 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED), 4922 origrecvd, NULL) != 0) { 4923 /* 4924 * We stashed the original properties but failed to 4925 * restore them. 4926 */ 4927 *errflags |= ZPROP_ERR_NORESTORE; 4928 } 4929 } 4930 if (error != 0 && localprops != NULL && !drc.drc_newfs && 4931 !first_recvd_props) { 4932 nvlist_t *setprops; 4933 nvlist_t *inheritprops; 4934 nvpair_t *nvp; 4935 4936 if (origprops == NULL) { 4937 /* We failed to stash the original properties. */ 4938 *errflags |= ZPROP_ERR_NORESTORE; 4939 goto out; 4940 } 4941 4942 /* Restore original props */ 4943 setprops = fnvlist_alloc(); 4944 inheritprops = fnvlist_alloc(); 4945 nvp = NULL; 4946 while ((nvp = nvlist_next_nvpair(localprops, nvp)) != NULL) { 4947 const char *name = nvpair_name(nvp); 4948 const char *source; 4949 nvlist_t *attrs; 4950 4951 if (!nvlist_exists(origprops, name)) { 4952 /* 4953 * Property was not present or was explicitly 4954 * inherited before the receive, restore this. 4955 */ 4956 fnvlist_add_boolean(inheritprops, name); 4957 continue; 4958 } 4959 attrs = fnvlist_lookup_nvlist(origprops, name); 4960 source = fnvlist_lookup_string(attrs, ZPROP_SOURCE); 4961 4962 /* Skip received properties */ 4963 if (strcmp(source, ZPROP_SOURCE_VAL_RECVD) == 0) 4964 continue; 4965 4966 if (strcmp(source, tofs) == 0) { 4967 /* Property was locally set */ 4968 fnvlist_add_nvlist(setprops, name, attrs); 4969 } else { 4970 /* Property was implicitly inherited */ 4971 fnvlist_add_boolean(inheritprops, name); 4972 } 4973 } 4974 4975 if (zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL, setprops, 4976 NULL) != 0) 4977 *errflags |= ZPROP_ERR_NORESTORE; 4978 if (zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED, inheritprops, 4979 NULL) != 0) 4980 *errflags |= ZPROP_ERR_NORESTORE; 4981 4982 nvlist_free(setprops); 4983 nvlist_free(inheritprops); 4984 } 4985 out: 4986 releasef(input_fd); 4987 nvlist_free(origrecvd); 4988 nvlist_free(origprops); 4989 4990 if (error == 0) 4991 error = props_error; 4992 4993 return (error); 4994 } 4995 4996 /* 4997 * inputs: 4998 * zc_name name of containing filesystem 4999 * zc_nvlist_src{_size} nvlist of received properties to apply 5000 * zc_nvlist_conf{_size} nvlist of local properties to apply 5001 * zc_history_offset{_len} nvlist of hidden args { "wkeydata" -> value } 5002 * zc_value name of snapshot to create 5003 * zc_string name of clone origin (if DRR_FLAG_CLONE) 5004 * zc_cookie file descriptor to recv from 5005 * zc_begin_record the BEGIN record of the stream (not byteswapped) 5006 * zc_guid force flag 5007 * zc_cleanup_fd cleanup-on-exit file descriptor 5008 * zc_action_handle handle for this guid/ds mapping (or zero on first call) 5009 * zc_resumable if data is incomplete assume sender will resume 5010 * 5011 * outputs: 5012 * zc_cookie number of bytes read 5013 * zc_nvlist_dst{_size} error for each unapplied received property 5014 * zc_obj zprop_errflags_t 5015 * zc_action_handle handle for this guid/ds mapping 5016 */ 5017 static int 5018 zfs_ioc_recv(zfs_cmd_t *zc) 5019 { 5020 dmu_replay_record_t begin_record; 5021 nvlist_t *errors = NULL; 5022 nvlist_t *recvdprops = NULL; 5023 nvlist_t *localprops = NULL; 5024 nvlist_t *hidden_args = NULL; 5025 char *origin = NULL; 5026 char *tosnap; 5027 char tofs[ZFS_MAX_DATASET_NAME_LEN]; 5028 int error = 0; 5029 5030 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 || 5031 strchr(zc->zc_value, '@') == NULL || 5032 strchr(zc->zc_value, '%')) 5033 return (SET_ERROR(EINVAL)); 5034 5035 (void) strlcpy(tofs, zc->zc_value, sizeof (tofs)); 5036 tosnap = strchr(tofs, '@'); 5037 *tosnap++ = '\0'; 5038 5039 if (zc->zc_nvlist_src != 0 && 5040 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 5041 zc->zc_iflags, &recvdprops)) != 0) 5042 return (error); 5043 5044 if (zc->zc_nvlist_conf != 0 && 5045 (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 5046 zc->zc_iflags, &localprops)) != 0) 5047 return (error); 5048 5049 if (zc->zc_history_offset != 0 && 5050 (error = get_nvlist(zc->zc_history_offset, zc->zc_history_len, 5051 zc->zc_iflags, &hidden_args)) != 0) 5052 return (error); 5053 5054 if (zc->zc_string[0]) 5055 origin = zc->zc_string; 5056 5057 begin_record.drr_type = DRR_BEGIN; 5058 begin_record.drr_payloadlen = zc->zc_begin_record.drr_payloadlen; 5059 begin_record.drr_u.drr_begin = zc->zc_begin_record.drr_u.drr_begin; 5060 5061 error = zfs_ioc_recv_impl(tofs, tosnap, origin, recvdprops, localprops, 5062 hidden_args, zc->zc_guid, zc->zc_resumable, zc->zc_cookie, 5063 &begin_record, zc->zc_cleanup_fd, &zc->zc_cookie, &zc->zc_obj, 5064 &zc->zc_action_handle, &errors); 5065 nvlist_free(recvdprops); 5066 nvlist_free(localprops); 5067 5068 /* 5069 * Now that all props, initial and delayed, are set, report the prop 5070 * errors to the caller. 5071 */ 5072 if (zc->zc_nvlist_dst_size != 0 && errors != NULL && 5073 (nvlist_smush(errors, zc->zc_nvlist_dst_size) != 0 || 5074 put_nvlist(zc, errors) != 0)) { 5075 /* 5076 * Caller made zc->zc_nvlist_dst less than the minimum expected 5077 * size or supplied an invalid address. 5078 */ 5079 error = SET_ERROR(EINVAL); 5080 } 5081 5082 nvlist_free(errors); 5083 5084 return (error); 5085 } 5086 5087 /* 5088 * inputs: 5089 * zc_name name of snapshot to send 5090 * zc_cookie file descriptor to send stream to 5091 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj) 5092 * zc_sendobj objsetid of snapshot to send 5093 * zc_fromobj objsetid of incremental fromsnap (may be zero) 5094 * zc_guid if set, estimate size of stream only. zc_cookie is ignored. 5095 * output size in zc_objset_type. 5096 * zc_flags lzc_send_flags 5097 * 5098 * outputs: 5099 * zc_objset_type estimated size, if zc_guid is set 5100 */ 5101 static int 5102 zfs_ioc_send(zfs_cmd_t *zc) 5103 { 5104 int error; 5105 offset_t off; 5106 boolean_t estimate = (zc->zc_guid != 0); 5107 boolean_t embedok = (zc->zc_flags & 0x1); 5108 boolean_t large_block_ok = (zc->zc_flags & 0x2); 5109 boolean_t compressok = (zc->zc_flags & 0x4); 5110 boolean_t rawok = (zc->zc_flags & 0x8); 5111 5112 if (zc->zc_obj != 0) { 5113 dsl_pool_t *dp; 5114 dsl_dataset_t *tosnap; 5115 5116 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 5117 if (error != 0) 5118 return (error); 5119 5120 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &tosnap); 5121 if (error != 0) { 5122 dsl_pool_rele(dp, FTAG); 5123 return (error); 5124 } 5125 5126 if (dsl_dir_is_clone(tosnap->ds_dir)) 5127 zc->zc_fromobj = 5128 dsl_dir_phys(tosnap->ds_dir)->dd_origin_obj; 5129 dsl_dataset_rele(tosnap, FTAG); 5130 dsl_pool_rele(dp, FTAG); 5131 } 5132 5133 if (estimate) { 5134 dsl_pool_t *dp; 5135 dsl_dataset_t *tosnap; 5136 dsl_dataset_t *fromsnap = NULL; 5137 5138 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 5139 if (error != 0) 5140 return (error); 5141 5142 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, 5143 FTAG, &tosnap); 5144 if (error != 0) { 5145 dsl_pool_rele(dp, FTAG); 5146 return (error); 5147 } 5148 5149 if (zc->zc_fromobj != 0) { 5150 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj, 5151 FTAG, &fromsnap); 5152 if (error != 0) { 5153 dsl_dataset_rele(tosnap, FTAG); 5154 dsl_pool_rele(dp, FTAG); 5155 return (error); 5156 } 5157 } 5158 5159 error = dmu_send_estimate(tosnap, fromsnap, compressok || rawok, 5160 &zc->zc_objset_type); 5161 5162 if (fromsnap != NULL) 5163 dsl_dataset_rele(fromsnap, FTAG); 5164 dsl_dataset_rele(tosnap, FTAG); 5165 dsl_pool_rele(dp, FTAG); 5166 } else { 5167 file_t *fp = getf(zc->zc_cookie); 5168 if (fp == NULL) 5169 return (SET_ERROR(EBADF)); 5170 5171 off = fp->f_offset; 5172 error = dmu_send_obj(zc->zc_name, zc->zc_sendobj, 5173 zc->zc_fromobj, embedok, large_block_ok, compressok, rawok, 5174 zc->zc_cookie, fp->f_vnode, &off); 5175 5176 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0) 5177 fp->f_offset = off; 5178 releasef(zc->zc_cookie); 5179 } 5180 return (error); 5181 } 5182 5183 /* 5184 * inputs: 5185 * zc_name name of snapshot on which to report progress 5186 * zc_cookie file descriptor of send stream 5187 * 5188 * outputs: 5189 * zc_cookie number of bytes written in send stream thus far 5190 */ 5191 static int 5192 zfs_ioc_send_progress(zfs_cmd_t *zc) 5193 { 5194 dsl_pool_t *dp; 5195 dsl_dataset_t *ds; 5196 dmu_sendarg_t *dsp = NULL; 5197 int error; 5198 5199 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 5200 if (error != 0) 5201 return (error); 5202 5203 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds); 5204 if (error != 0) { 5205 dsl_pool_rele(dp, FTAG); 5206 return (error); 5207 } 5208 5209 mutex_enter(&ds->ds_sendstream_lock); 5210 5211 /* 5212 * Iterate over all the send streams currently active on this dataset. 5213 * If there's one which matches the specified file descriptor _and_ the 5214 * stream was started by the current process, return the progress of 5215 * that stream. 5216 */ 5217 for (dsp = list_head(&ds->ds_sendstreams); dsp != NULL; 5218 dsp = list_next(&ds->ds_sendstreams, dsp)) { 5219 if (dsp->dsa_outfd == zc->zc_cookie && 5220 dsp->dsa_proc == curproc) 5221 break; 5222 } 5223 5224 if (dsp != NULL) 5225 zc->zc_cookie = *(dsp->dsa_off); 5226 else 5227 error = SET_ERROR(ENOENT); 5228 5229 mutex_exit(&ds->ds_sendstream_lock); 5230 dsl_dataset_rele(ds, FTAG); 5231 dsl_pool_rele(dp, FTAG); 5232 return (error); 5233 } 5234 5235 static int 5236 zfs_ioc_inject_fault(zfs_cmd_t *zc) 5237 { 5238 int id, error; 5239 5240 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id, 5241 &zc->zc_inject_record); 5242 5243 if (error == 0) 5244 zc->zc_guid = (uint64_t)id; 5245 5246 return (error); 5247 } 5248 5249 static int 5250 zfs_ioc_clear_fault(zfs_cmd_t *zc) 5251 { 5252 return (zio_clear_fault((int)zc->zc_guid)); 5253 } 5254 5255 static int 5256 zfs_ioc_inject_list_next(zfs_cmd_t *zc) 5257 { 5258 int id = (int)zc->zc_guid; 5259 int error; 5260 5261 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name), 5262 &zc->zc_inject_record); 5263 5264 zc->zc_guid = id; 5265 5266 return (error); 5267 } 5268 5269 static int 5270 zfs_ioc_error_log(zfs_cmd_t *zc) 5271 { 5272 spa_t *spa; 5273 int error; 5274 size_t count = (size_t)zc->zc_nvlist_dst_size; 5275 5276 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 5277 return (error); 5278 5279 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst, 5280 &count); 5281 if (error == 0) 5282 zc->zc_nvlist_dst_size = count; 5283 else 5284 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa); 5285 5286 spa_close(spa, FTAG); 5287 5288 return (error); 5289 } 5290 5291 static int 5292 zfs_ioc_clear(zfs_cmd_t *zc) 5293 { 5294 spa_t *spa; 5295 vdev_t *vd; 5296 int error; 5297 5298 /* 5299 * On zpool clear we also fix up missing slogs 5300 */ 5301 mutex_enter(&spa_namespace_lock); 5302 spa = spa_lookup(zc->zc_name); 5303 if (spa == NULL) { 5304 mutex_exit(&spa_namespace_lock); 5305 return (SET_ERROR(EIO)); 5306 } 5307 if (spa_get_log_state(spa) == SPA_LOG_MISSING) { 5308 /* we need to let spa_open/spa_load clear the chains */ 5309 spa_set_log_state(spa, SPA_LOG_CLEAR); 5310 } 5311 spa->spa_last_open_failed = 0; 5312 mutex_exit(&spa_namespace_lock); 5313 5314 if (zc->zc_cookie & ZPOOL_NO_REWIND) { 5315 error = spa_open(zc->zc_name, &spa, FTAG); 5316 } else { 5317 nvlist_t *policy; 5318 nvlist_t *config = NULL; 5319 5320 if (zc->zc_nvlist_src == 0) 5321 return (SET_ERROR(EINVAL)); 5322 5323 if ((error = get_nvlist(zc->zc_nvlist_src, 5324 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) { 5325 error = spa_open_rewind(zc->zc_name, &spa, FTAG, 5326 policy, &config); 5327 if (config != NULL) { 5328 int err; 5329 5330 if ((err = put_nvlist(zc, config)) != 0) 5331 error = err; 5332 nvlist_free(config); 5333 } 5334 nvlist_free(policy); 5335 } 5336 } 5337 5338 if (error != 0) 5339 return (error); 5340 5341 /* 5342 * If multihost is enabled, resuming I/O is unsafe as another 5343 * host may have imported the pool. 5344 */ 5345 if (spa_multihost(spa) && spa_suspended(spa)) 5346 return (SET_ERROR(EINVAL)); 5347 5348 spa_vdev_state_enter(spa, SCL_NONE); 5349 5350 if (zc->zc_guid == 0) { 5351 vd = NULL; 5352 } else { 5353 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE); 5354 if (vd == NULL) { 5355 (void) spa_vdev_state_exit(spa, NULL, ENODEV); 5356 spa_close(spa, FTAG); 5357 return (SET_ERROR(ENODEV)); 5358 } 5359 } 5360 5361 vdev_clear(spa, vd); 5362 5363 (void) spa_vdev_state_exit(spa, NULL, 0); 5364 5365 /* 5366 * Resume any suspended I/Os. 5367 */ 5368 if (zio_resume(spa) != 0) 5369 error = SET_ERROR(EIO); 5370 5371 spa_close(spa, FTAG); 5372 5373 return (error); 5374 } 5375 5376 static int 5377 zfs_ioc_pool_reopen(zfs_cmd_t *zc) 5378 { 5379 spa_t *spa; 5380 int error; 5381 5382 error = spa_open(zc->zc_name, &spa, FTAG); 5383 if (error != 0) 5384 return (error); 5385 5386 spa_vdev_state_enter(spa, SCL_NONE); 5387 5388 /* 5389 * If a resilver is already in progress then set the 5390 * spa_scrub_reopen flag to B_TRUE so that we don't restart 5391 * the scan as a side effect of the reopen. Otherwise, let 5392 * vdev_open() decided if a resilver is required. 5393 */ 5394 spa->spa_scrub_reopen = dsl_scan_resilvering(spa->spa_dsl_pool); 5395 vdev_reopen(spa->spa_root_vdev); 5396 spa->spa_scrub_reopen = B_FALSE; 5397 5398 (void) spa_vdev_state_exit(spa, NULL, 0); 5399 spa_close(spa, FTAG); 5400 return (0); 5401 } 5402 /* 5403 * inputs: 5404 * zc_name name of filesystem 5405 * 5406 * outputs: 5407 * zc_string name of conflicting snapshot, if there is one 5408 */ 5409 static int 5410 zfs_ioc_promote(zfs_cmd_t *zc) 5411 { 5412 dsl_pool_t *dp; 5413 dsl_dataset_t *ds, *ods; 5414 char origin[ZFS_MAX_DATASET_NAME_LEN]; 5415 char *cp; 5416 int error; 5417 5418 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0'; 5419 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0 || 5420 strchr(zc->zc_name, '%')) 5421 return (SET_ERROR(EINVAL)); 5422 5423 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 5424 if (error != 0) 5425 return (error); 5426 5427 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds); 5428 if (error != 0) { 5429 dsl_pool_rele(dp, FTAG); 5430 return (error); 5431 } 5432 5433 if (!dsl_dir_is_clone(ds->ds_dir)) { 5434 dsl_dataset_rele(ds, FTAG); 5435 dsl_pool_rele(dp, FTAG); 5436 return (SET_ERROR(EINVAL)); 5437 } 5438 5439 error = dsl_dataset_hold_obj(dp, 5440 dsl_dir_phys(ds->ds_dir)->dd_origin_obj, FTAG, &ods); 5441 if (error != 0) { 5442 dsl_dataset_rele(ds, FTAG); 5443 dsl_pool_rele(dp, FTAG); 5444 return (error); 5445 } 5446 5447 dsl_dataset_name(ods, origin); 5448 dsl_dataset_rele(ods, FTAG); 5449 dsl_dataset_rele(ds, FTAG); 5450 dsl_pool_rele(dp, FTAG); 5451 5452 /* 5453 * We don't need to unmount *all* the origin fs's snapshots, but 5454 * it's easier. 5455 */ 5456 cp = strchr(origin, '@'); 5457 if (cp) 5458 *cp = '\0'; 5459 (void) dmu_objset_find(origin, 5460 zfs_unmount_snap_cb, NULL, DS_FIND_SNAPSHOTS); 5461 return (dsl_dataset_promote(zc->zc_name, zc->zc_string)); 5462 } 5463 5464 /* 5465 * Retrieve a single {user|group|project}{used|quota}@... property. 5466 * 5467 * inputs: 5468 * zc_name name of filesystem 5469 * zc_objset_type zfs_userquota_prop_t 5470 * zc_value domain name (eg. "S-1-234-567-89") 5471 * zc_guid RID/UID/GID 5472 * 5473 * outputs: 5474 * zc_cookie property value 5475 */ 5476 static int 5477 zfs_ioc_userspace_one(zfs_cmd_t *zc) 5478 { 5479 zfsvfs_t *zfsvfs; 5480 int error; 5481 5482 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 5483 return (SET_ERROR(EINVAL)); 5484 5485 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE); 5486 if (error != 0) 5487 return (error); 5488 5489 error = zfs_userspace_one(zfsvfs, 5490 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie); 5491 zfsvfs_rele(zfsvfs, FTAG); 5492 5493 return (error); 5494 } 5495 5496 /* 5497 * inputs: 5498 * zc_name name of filesystem 5499 * zc_cookie zap cursor 5500 * zc_objset_type zfs_userquota_prop_t 5501 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist) 5502 * 5503 * outputs: 5504 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t) 5505 * zc_cookie zap cursor 5506 */ 5507 static int 5508 zfs_ioc_userspace_many(zfs_cmd_t *zc) 5509 { 5510 zfsvfs_t *zfsvfs; 5511 int bufsize = zc->zc_nvlist_dst_size; 5512 5513 if (bufsize <= 0) 5514 return (SET_ERROR(ENOMEM)); 5515 5516 int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE); 5517 if (error != 0) 5518 return (error); 5519 5520 void *buf = kmem_alloc(bufsize, KM_SLEEP); 5521 5522 error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie, 5523 buf, &zc->zc_nvlist_dst_size); 5524 5525 if (error == 0) { 5526 error = xcopyout(buf, 5527 (void *)(uintptr_t)zc->zc_nvlist_dst, 5528 zc->zc_nvlist_dst_size); 5529 } 5530 kmem_free(buf, bufsize); 5531 zfsvfs_rele(zfsvfs, FTAG); 5532 5533 return (error); 5534 } 5535 5536 /* 5537 * inputs: 5538 * zc_name name of filesystem 5539 * 5540 * outputs: 5541 * none 5542 */ 5543 static int 5544 zfs_ioc_userspace_upgrade(zfs_cmd_t *zc) 5545 { 5546 objset_t *os; 5547 int error = 0; 5548 zfsvfs_t *zfsvfs; 5549 5550 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) { 5551 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) { 5552 /* 5553 * If userused is not enabled, it may be because the 5554 * objset needs to be closed & reopened (to grow the 5555 * objset_phys_t). Suspend/resume the fs will do that. 5556 */ 5557 dsl_dataset_t *ds, *newds; 5558 5559 ds = dmu_objset_ds(zfsvfs->z_os); 5560 error = zfs_suspend_fs(zfsvfs); 5561 if (error == 0) { 5562 dmu_objset_refresh_ownership(ds, &newds, 5563 B_TRUE, zfsvfs); 5564 error = zfs_resume_fs(zfsvfs, newds); 5565 } 5566 } 5567 if (error == 0) 5568 error = dmu_objset_userspace_upgrade(zfsvfs->z_os); 5569 VFS_RELE(zfsvfs->z_vfs); 5570 } else { 5571 /* XXX kind of reading contents without owning */ 5572 error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, FTAG, &os); 5573 if (error != 0) 5574 return (error); 5575 5576 error = dmu_objset_userspace_upgrade(os); 5577 dmu_objset_rele_flags(os, B_TRUE, FTAG); 5578 } 5579 5580 return (error); 5581 } 5582 5583 /* 5584 * inputs: 5585 * zc_name name of filesystem 5586 * 5587 * outputs: 5588 * none 5589 */ 5590 static int 5591 zfs_ioc_id_quota_upgrade(zfs_cmd_t *zc) 5592 { 5593 objset_t *os; 5594 int error; 5595 5596 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 5597 if (error != 0) 5598 return (error); 5599 5600 dsl_dataset_long_hold(dmu_objset_ds(os), FTAG); 5601 dsl_pool_rele(dmu_objset_pool(os), FTAG); 5602 5603 if (dmu_objset_userobjspace_upgradable(os) || 5604 dmu_objset_projectquota_upgradable(os)) { 5605 mutex_enter(&os->os_upgrade_lock); 5606 if (os->os_upgrade_id == 0) { 5607 /* clear potential error code and retry */ 5608 os->os_upgrade_status = 0; 5609 mutex_exit(&os->os_upgrade_lock); 5610 5611 dmu_objset_id_quota_upgrade(os); 5612 } else { 5613 mutex_exit(&os->os_upgrade_lock); 5614 } 5615 5616 taskq_wait_id(os->os_spa->spa_upgrade_taskq, os->os_upgrade_id); 5617 error = os->os_upgrade_status; 5618 } 5619 5620 dsl_dataset_long_rele(dmu_objset_ds(os), FTAG); 5621 dsl_dataset_rele(dmu_objset_ds(os), FTAG); 5622 5623 return (error); 5624 } 5625 5626 /* 5627 * We don't want to have a hard dependency 5628 * against some special symbols in sharefs 5629 * nfs, and smbsrv. Determine them if needed when 5630 * the first file system is shared. 5631 * Neither sharefs, nfs or smbsrv are unloadable modules. 5632 */ 5633 int (*znfsexport_fs)(void *arg); 5634 int (*zshare_fs)(enum sharefs_sys_op, share_t *, uint32_t); 5635 int (*zsmbexport_fs)(void *arg, boolean_t add_share); 5636 5637 int zfs_nfsshare_inited; 5638 int zfs_smbshare_inited; 5639 5640 ddi_modhandle_t nfs_mod; 5641 ddi_modhandle_t sharefs_mod; 5642 ddi_modhandle_t smbsrv_mod; 5643 kmutex_t zfs_share_lock; 5644 5645 static int 5646 zfs_init_sharefs() 5647 { 5648 int error; 5649 5650 ASSERT(MUTEX_HELD(&zfs_share_lock)); 5651 /* Both NFS and SMB shares also require sharetab support. */ 5652 if (sharefs_mod == NULL && ((sharefs_mod = 5653 ddi_modopen("fs/sharefs", 5654 KRTLD_MODE_FIRST, &error)) == NULL)) { 5655 return (SET_ERROR(ENOSYS)); 5656 } 5657 if (zshare_fs == NULL && ((zshare_fs = 5658 (int (*)(enum sharefs_sys_op, share_t *, uint32_t)) 5659 ddi_modsym(sharefs_mod, "sharefs_impl", &error)) == NULL)) { 5660 return (SET_ERROR(ENOSYS)); 5661 } 5662 return (0); 5663 } 5664 5665 static int 5666 zfs_ioc_share(zfs_cmd_t *zc) 5667 { 5668 int error; 5669 int opcode; 5670 5671 switch (zc->zc_share.z_sharetype) { 5672 case ZFS_SHARE_NFS: 5673 case ZFS_UNSHARE_NFS: 5674 if (zfs_nfsshare_inited == 0) { 5675 mutex_enter(&zfs_share_lock); 5676 if (nfs_mod == NULL && ((nfs_mod = ddi_modopen("fs/nfs", 5677 KRTLD_MODE_FIRST, &error)) == NULL)) { 5678 mutex_exit(&zfs_share_lock); 5679 return (SET_ERROR(ENOSYS)); 5680 } 5681 if (znfsexport_fs == NULL && 5682 ((znfsexport_fs = (int (*)(void *)) 5683 ddi_modsym(nfs_mod, 5684 "nfs_export", &error)) == NULL)) { 5685 mutex_exit(&zfs_share_lock); 5686 return (SET_ERROR(ENOSYS)); 5687 } 5688 error = zfs_init_sharefs(); 5689 if (error != 0) { 5690 mutex_exit(&zfs_share_lock); 5691 return (SET_ERROR(ENOSYS)); 5692 } 5693 zfs_nfsshare_inited = 1; 5694 mutex_exit(&zfs_share_lock); 5695 } 5696 break; 5697 case ZFS_SHARE_SMB: 5698 case ZFS_UNSHARE_SMB: 5699 if (zfs_smbshare_inited == 0) { 5700 mutex_enter(&zfs_share_lock); 5701 if (smbsrv_mod == NULL && ((smbsrv_mod = 5702 ddi_modopen("drv/smbsrv", 5703 KRTLD_MODE_FIRST, &error)) == NULL)) { 5704 mutex_exit(&zfs_share_lock); 5705 return (SET_ERROR(ENOSYS)); 5706 } 5707 if (zsmbexport_fs == NULL && ((zsmbexport_fs = 5708 (int (*)(void *, boolean_t))ddi_modsym(smbsrv_mod, 5709 "smb_server_share", &error)) == NULL)) { 5710 mutex_exit(&zfs_share_lock); 5711 return (SET_ERROR(ENOSYS)); 5712 } 5713 error = zfs_init_sharefs(); 5714 if (error != 0) { 5715 mutex_exit(&zfs_share_lock); 5716 return (SET_ERROR(ENOSYS)); 5717 } 5718 zfs_smbshare_inited = 1; 5719 mutex_exit(&zfs_share_lock); 5720 } 5721 break; 5722 default: 5723 return (SET_ERROR(EINVAL)); 5724 } 5725 5726 switch (zc->zc_share.z_sharetype) { 5727 case ZFS_SHARE_NFS: 5728 case ZFS_UNSHARE_NFS: 5729 if (error = 5730 znfsexport_fs((void *) 5731 (uintptr_t)zc->zc_share.z_exportdata)) 5732 return (error); 5733 break; 5734 case ZFS_SHARE_SMB: 5735 case ZFS_UNSHARE_SMB: 5736 if (error = zsmbexport_fs((void *) 5737 (uintptr_t)zc->zc_share.z_exportdata, 5738 zc->zc_share.z_sharetype == ZFS_SHARE_SMB ? 5739 B_TRUE: B_FALSE)) { 5740 return (error); 5741 } 5742 break; 5743 } 5744 5745 opcode = (zc->zc_share.z_sharetype == ZFS_SHARE_NFS || 5746 zc->zc_share.z_sharetype == ZFS_SHARE_SMB) ? 5747 SHAREFS_ADD : SHAREFS_REMOVE; 5748 5749 /* 5750 * Add or remove share from sharetab 5751 */ 5752 error = zshare_fs(opcode, 5753 (void *)(uintptr_t)zc->zc_share.z_sharedata, 5754 zc->zc_share.z_sharemax); 5755 5756 return (error); 5757 5758 } 5759 5760 ace_t full_access[] = { 5761 {(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0} 5762 }; 5763 5764 /* 5765 * inputs: 5766 * zc_name name of containing filesystem 5767 * zc_obj object # beyond which we want next in-use object # 5768 * 5769 * outputs: 5770 * zc_obj next in-use object # 5771 */ 5772 static int 5773 zfs_ioc_next_obj(zfs_cmd_t *zc) 5774 { 5775 objset_t *os = NULL; 5776 int error; 5777 5778 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 5779 if (error != 0) 5780 return (error); 5781 5782 error = dmu_object_next(os, &zc->zc_obj, B_FALSE, 5783 dsl_dataset_phys(os->os_dsl_dataset)->ds_prev_snap_txg); 5784 5785 dmu_objset_rele(os, FTAG); 5786 return (error); 5787 } 5788 5789 /* 5790 * inputs: 5791 * zc_name name of filesystem 5792 * zc_value prefix name for snapshot 5793 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process 5794 * 5795 * outputs: 5796 * zc_value short name of new snapshot 5797 */ 5798 static int 5799 zfs_ioc_tmp_snapshot(zfs_cmd_t *zc) 5800 { 5801 char *snap_name; 5802 char *hold_name; 5803 int error; 5804 minor_t minor; 5805 5806 error = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor); 5807 if (error != 0) 5808 return (error); 5809 5810 snap_name = kmem_asprintf("%s-%016llx", zc->zc_value, 5811 (u_longlong_t)ddi_get_lbolt64()); 5812 hold_name = kmem_asprintf("%%%s", zc->zc_value); 5813 5814 error = dsl_dataset_snapshot_tmp(zc->zc_name, snap_name, minor, 5815 hold_name); 5816 if (error == 0) 5817 (void) strcpy(zc->zc_value, snap_name); 5818 strfree(snap_name); 5819 strfree(hold_name); 5820 zfs_onexit_fd_rele(zc->zc_cleanup_fd); 5821 return (error); 5822 } 5823 5824 /* 5825 * inputs: 5826 * zc_name name of "to" snapshot 5827 * zc_value name of "from" snapshot 5828 * zc_cookie file descriptor to write diff data on 5829 * 5830 * outputs: 5831 * dmu_diff_record_t's to the file descriptor 5832 */ 5833 static int 5834 zfs_ioc_diff(zfs_cmd_t *zc) 5835 { 5836 file_t *fp; 5837 offset_t off; 5838 int error; 5839 5840 fp = getf(zc->zc_cookie); 5841 if (fp == NULL) 5842 return (SET_ERROR(EBADF)); 5843 5844 off = fp->f_offset; 5845 5846 error = dmu_diff(zc->zc_name, zc->zc_value, fp->f_vnode, &off); 5847 5848 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0) 5849 fp->f_offset = off; 5850 releasef(zc->zc_cookie); 5851 5852 return (error); 5853 } 5854 5855 /* 5856 * Remove all ACL files in shares dir 5857 */ 5858 static int 5859 zfs_smb_acl_purge(znode_t *dzp) 5860 { 5861 zap_cursor_t zc; 5862 zap_attribute_t zap; 5863 zfsvfs_t *zfsvfs = dzp->z_zfsvfs; 5864 int error; 5865 5866 for (zap_cursor_init(&zc, zfsvfs->z_os, dzp->z_id); 5867 (error = zap_cursor_retrieve(&zc, &zap)) == 0; 5868 zap_cursor_advance(&zc)) { 5869 if ((error = VOP_REMOVE(ZTOV(dzp), zap.za_name, kcred, 5870 NULL, 0)) != 0) 5871 break; 5872 } 5873 zap_cursor_fini(&zc); 5874 return (error); 5875 } 5876 5877 static int 5878 zfs_ioc_smb_acl(zfs_cmd_t *zc) 5879 { 5880 vnode_t *vp; 5881 znode_t *dzp; 5882 vnode_t *resourcevp = NULL; 5883 znode_t *sharedir; 5884 zfsvfs_t *zfsvfs; 5885 nvlist_t *nvlist; 5886 char *src, *target; 5887 vattr_t vattr; 5888 vsecattr_t vsec; 5889 int error = 0; 5890 5891 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE, 5892 NO_FOLLOW, NULL, &vp)) != 0) 5893 return (error); 5894 5895 /* Now make sure mntpnt and dataset are ZFS */ 5896 5897 if (vp->v_vfsp->vfs_fstype != zfsfstype || 5898 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource), 5899 zc->zc_name) != 0)) { 5900 VN_RELE(vp); 5901 return (SET_ERROR(EINVAL)); 5902 } 5903 5904 dzp = VTOZ(vp); 5905 zfsvfs = dzp->z_zfsvfs; 5906 ZFS_ENTER(zfsvfs); 5907 5908 /* 5909 * Create share dir if its missing. 5910 */ 5911 mutex_enter(&zfsvfs->z_lock); 5912 if (zfsvfs->z_shares_dir == 0) { 5913 dmu_tx_t *tx; 5914 5915 tx = dmu_tx_create(zfsvfs->z_os); 5916 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, TRUE, 5917 ZFS_SHARES_DIR); 5918 dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL); 5919 error = dmu_tx_assign(tx, TXG_WAIT); 5920 if (error != 0) { 5921 dmu_tx_abort(tx); 5922 } else { 5923 error = zfs_create_share_dir(zfsvfs, tx); 5924 dmu_tx_commit(tx); 5925 } 5926 if (error != 0) { 5927 mutex_exit(&zfsvfs->z_lock); 5928 VN_RELE(vp); 5929 ZFS_EXIT(zfsvfs); 5930 return (error); 5931 } 5932 } 5933 mutex_exit(&zfsvfs->z_lock); 5934 5935 ASSERT(zfsvfs->z_shares_dir); 5936 if ((error = zfs_zget(zfsvfs, zfsvfs->z_shares_dir, &sharedir)) != 0) { 5937 VN_RELE(vp); 5938 ZFS_EXIT(zfsvfs); 5939 return (error); 5940 } 5941 5942 switch (zc->zc_cookie) { 5943 case ZFS_SMB_ACL_ADD: 5944 vattr.va_mask = AT_MODE|AT_UID|AT_GID|AT_TYPE; 5945 vattr.va_type = VREG; 5946 vattr.va_mode = S_IFREG|0777; 5947 vattr.va_uid = 0; 5948 vattr.va_gid = 0; 5949 5950 vsec.vsa_mask = VSA_ACE; 5951 vsec.vsa_aclentp = &full_access; 5952 vsec.vsa_aclentsz = sizeof (full_access); 5953 vsec.vsa_aclcnt = 1; 5954 5955 error = VOP_CREATE(ZTOV(sharedir), zc->zc_string, 5956 &vattr, EXCL, 0, &resourcevp, kcred, 0, NULL, &vsec); 5957 if (resourcevp) 5958 VN_RELE(resourcevp); 5959 break; 5960 5961 case ZFS_SMB_ACL_REMOVE: 5962 error = VOP_REMOVE(ZTOV(sharedir), zc->zc_string, kcred, 5963 NULL, 0); 5964 break; 5965 5966 case ZFS_SMB_ACL_RENAME: 5967 if ((error = get_nvlist(zc->zc_nvlist_src, 5968 zc->zc_nvlist_src_size, zc->zc_iflags, &nvlist)) != 0) { 5969 VN_RELE(vp); 5970 VN_RELE(ZTOV(sharedir)); 5971 ZFS_EXIT(zfsvfs); 5972 return (error); 5973 } 5974 if (nvlist_lookup_string(nvlist, ZFS_SMB_ACL_SRC, &src) || 5975 nvlist_lookup_string(nvlist, ZFS_SMB_ACL_TARGET, 5976 &target)) { 5977 VN_RELE(vp); 5978 VN_RELE(ZTOV(sharedir)); 5979 ZFS_EXIT(zfsvfs); 5980 nvlist_free(nvlist); 5981 return (error); 5982 } 5983 error = VOP_RENAME(ZTOV(sharedir), src, ZTOV(sharedir), target, 5984 kcred, NULL, 0); 5985 nvlist_free(nvlist); 5986 break; 5987 5988 case ZFS_SMB_ACL_PURGE: 5989 error = zfs_smb_acl_purge(sharedir); 5990 break; 5991 5992 default: 5993 error = SET_ERROR(EINVAL); 5994 break; 5995 } 5996 5997 VN_RELE(vp); 5998 VN_RELE(ZTOV(sharedir)); 5999 6000 ZFS_EXIT(zfsvfs); 6001 6002 return (error); 6003 } 6004 6005 /* 6006 * innvl: { 6007 * "holds" -> { snapname -> holdname (string), ... } 6008 * (optional) "cleanup_fd" -> fd (int32) 6009 * } 6010 * 6011 * outnvl: { 6012 * snapname -> error value (int32) 6013 * ... 6014 * } 6015 */ 6016 static const zfs_ioc_key_t zfs_keys_hold[] = { 6017 {"holds", DATA_TYPE_NVLIST, 0}, 6018 {"cleanup_fd", DATA_TYPE_INT32, ZK_OPTIONAL}, 6019 }; 6020 6021 /* ARGSUSED */ 6022 static int 6023 zfs_ioc_hold(const char *pool, nvlist_t *args, nvlist_t *errlist) 6024 { 6025 nvpair_t *pair; 6026 nvlist_t *holds; 6027 int cleanup_fd = -1; 6028 int error; 6029 minor_t minor = 0; 6030 6031 holds = fnvlist_lookup_nvlist(args, "holds"); 6032 6033 /* make sure the user didn't pass us any invalid (empty) tags */ 6034 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL; 6035 pair = nvlist_next_nvpair(holds, pair)) { 6036 char *htag; 6037 6038 error = nvpair_value_string(pair, &htag); 6039 if (error != 0) 6040 return (SET_ERROR(error)); 6041 6042 if (strlen(htag) == 0) 6043 return (SET_ERROR(EINVAL)); 6044 } 6045 6046 if (nvlist_lookup_int32(args, "cleanup_fd", &cleanup_fd) == 0) { 6047 error = zfs_onexit_fd_hold(cleanup_fd, &minor); 6048 if (error != 0) 6049 return (error); 6050 } 6051 6052 error = dsl_dataset_user_hold(holds, minor, errlist); 6053 if (minor != 0) 6054 zfs_onexit_fd_rele(cleanup_fd); 6055 return (error); 6056 } 6057 6058 /* 6059 * innvl is not used. 6060 * 6061 * outnvl: { 6062 * holdname -> time added (uint64 seconds since epoch) 6063 * ... 6064 * } 6065 */ 6066 static const zfs_ioc_key_t zfs_keys_get_holds[] = { 6067 /* no nvl keys */ 6068 }; 6069 6070 /* ARGSUSED */ 6071 static int 6072 zfs_ioc_get_holds(const char *snapname, nvlist_t *args, nvlist_t *outnvl) 6073 { 6074 return (dsl_dataset_get_holds(snapname, outnvl)); 6075 } 6076 6077 /* 6078 * innvl: { 6079 * snapname -> { holdname, ... } 6080 * ... 6081 * } 6082 * 6083 * outnvl: { 6084 * snapname -> error value (int32) 6085 * ... 6086 * } 6087 */ 6088 static const zfs_ioc_key_t zfs_keys_release[] = { 6089 {"<snapname>...", DATA_TYPE_NVLIST, ZK_WILDCARDLIST}, 6090 }; 6091 6092 /* ARGSUSED */ 6093 static int 6094 zfs_ioc_release(const char *pool, nvlist_t *holds, nvlist_t *errlist) 6095 { 6096 return (dsl_dataset_user_release(holds, errlist)); 6097 } 6098 6099 /* 6100 * inputs: 6101 * zc_name name of new filesystem or snapshot 6102 * zc_value full name of old snapshot 6103 * 6104 * outputs: 6105 * zc_cookie space in bytes 6106 * zc_objset_type compressed space in bytes 6107 * zc_perm_action uncompressed space in bytes 6108 */ 6109 static int 6110 zfs_ioc_space_written(zfs_cmd_t *zc) 6111 { 6112 int error; 6113 dsl_pool_t *dp; 6114 dsl_dataset_t *new, *old; 6115 6116 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 6117 if (error != 0) 6118 return (error); 6119 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &new); 6120 if (error != 0) { 6121 dsl_pool_rele(dp, FTAG); 6122 return (error); 6123 } 6124 error = dsl_dataset_hold(dp, zc->zc_value, FTAG, &old); 6125 if (error != 0) { 6126 dsl_dataset_rele(new, FTAG); 6127 dsl_pool_rele(dp, FTAG); 6128 return (error); 6129 } 6130 6131 error = dsl_dataset_space_written(old, new, &zc->zc_cookie, 6132 &zc->zc_objset_type, &zc->zc_perm_action); 6133 dsl_dataset_rele(old, FTAG); 6134 dsl_dataset_rele(new, FTAG); 6135 dsl_pool_rele(dp, FTAG); 6136 return (error); 6137 } 6138 6139 /* 6140 * innvl: { 6141 * "firstsnap" -> snapshot name 6142 * } 6143 * 6144 * outnvl: { 6145 * "used" -> space in bytes 6146 * "compressed" -> compressed space in bytes 6147 * "uncompressed" -> uncompressed space in bytes 6148 * } 6149 */ 6150 static const zfs_ioc_key_t zfs_keys_space_snaps[] = { 6151 {"firstsnap", DATA_TYPE_STRING, 0}, 6152 }; 6153 6154 static int 6155 zfs_ioc_space_snaps(const char *lastsnap, nvlist_t *innvl, nvlist_t *outnvl) 6156 { 6157 int error; 6158 dsl_pool_t *dp; 6159 dsl_dataset_t *new, *old; 6160 char *firstsnap; 6161 uint64_t used, comp, uncomp; 6162 6163 firstsnap = fnvlist_lookup_string(innvl, "firstsnap"); 6164 6165 error = dsl_pool_hold(lastsnap, FTAG, &dp); 6166 if (error != 0) 6167 return (error); 6168 6169 error = dsl_dataset_hold(dp, lastsnap, FTAG, &new); 6170 if (error == 0 && !new->ds_is_snapshot) { 6171 dsl_dataset_rele(new, FTAG); 6172 error = SET_ERROR(EINVAL); 6173 } 6174 if (error != 0) { 6175 dsl_pool_rele(dp, FTAG); 6176 return (error); 6177 } 6178 error = dsl_dataset_hold(dp, firstsnap, FTAG, &old); 6179 if (error == 0 && !old->ds_is_snapshot) { 6180 dsl_dataset_rele(old, FTAG); 6181 error = SET_ERROR(EINVAL); 6182 } 6183 if (error != 0) { 6184 dsl_dataset_rele(new, FTAG); 6185 dsl_pool_rele(dp, FTAG); 6186 return (error); 6187 } 6188 6189 error = dsl_dataset_space_wouldfree(old, new, &used, &comp, &uncomp); 6190 dsl_dataset_rele(old, FTAG); 6191 dsl_dataset_rele(new, FTAG); 6192 dsl_pool_rele(dp, FTAG); 6193 fnvlist_add_uint64(outnvl, "used", used); 6194 fnvlist_add_uint64(outnvl, "compressed", comp); 6195 fnvlist_add_uint64(outnvl, "uncompressed", uncomp); 6196 return (error); 6197 } 6198 6199 /* 6200 * innvl: { 6201 * "fd" -> file descriptor to write stream to (int32) 6202 * (optional) "fromsnap" -> full snap name to send an incremental from 6203 * (optional) "largeblockok" -> (value ignored) 6204 * indicates that blocks > 128KB are permitted 6205 * (optional) "embedok" -> (value ignored) 6206 * presence indicates DRR_WRITE_EMBEDDED records are permitted 6207 * (optional) "compressok" -> (value ignored) 6208 * presence indicates compressed DRR_WRITE records are permitted 6209 * (optional) "rawok" -> (value ignored) 6210 * presence indicates raw encrypted records should be used. 6211 * (optional) "resume_object" and "resume_offset" -> (uint64) 6212 * if present, resume send stream from specified object and offset. 6213 * } 6214 * 6215 * outnvl is unused 6216 */ 6217 static const zfs_ioc_key_t zfs_keys_send_new[] = { 6218 {"fd", DATA_TYPE_INT32, 0}, 6219 {"fromsnap", DATA_TYPE_STRING, ZK_OPTIONAL}, 6220 {"largeblockok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 6221 {"embedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 6222 {"compressok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 6223 {"rawok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 6224 {"resume_object", DATA_TYPE_UINT64, ZK_OPTIONAL}, 6225 {"resume_offset", DATA_TYPE_UINT64, ZK_OPTIONAL}, 6226 }; 6227 6228 /* ARGSUSED */ 6229 static int 6230 zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl) 6231 { 6232 int error; 6233 offset_t off; 6234 char *fromname = NULL; 6235 int fd; 6236 boolean_t largeblockok; 6237 boolean_t embedok; 6238 boolean_t compressok; 6239 boolean_t rawok; 6240 uint64_t resumeobj = 0; 6241 uint64_t resumeoff = 0; 6242 6243 fd = fnvlist_lookup_int32(innvl, "fd"); 6244 6245 (void) nvlist_lookup_string(innvl, "fromsnap", &fromname); 6246 6247 largeblockok = nvlist_exists(innvl, "largeblockok"); 6248 embedok = nvlist_exists(innvl, "embedok"); 6249 compressok = nvlist_exists(innvl, "compressok"); 6250 rawok = nvlist_exists(innvl, "rawok"); 6251 6252 (void) nvlist_lookup_uint64(innvl, "resume_object", &resumeobj); 6253 (void) nvlist_lookup_uint64(innvl, "resume_offset", &resumeoff); 6254 6255 file_t *fp = getf(fd); 6256 if (fp == NULL) 6257 return (SET_ERROR(EBADF)); 6258 6259 off = fp->f_offset; 6260 error = dmu_send(snapname, fromname, embedok, largeblockok, compressok, 6261 rawok, fd, resumeobj, resumeoff, fp->f_vnode, &off); 6262 6263 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0) 6264 fp->f_offset = off; 6265 releasef(fd); 6266 return (error); 6267 } 6268 6269 /* 6270 * Determine approximately how large a zfs send stream will be -- the number 6271 * of bytes that will be written to the fd supplied to zfs_ioc_send_new(). 6272 * 6273 * innvl: { 6274 * (optional) "from" -> full snap or bookmark name to send an incremental 6275 * from 6276 * (optional) "largeblockok" -> (value ignored) 6277 * indicates that blocks > 128KB are permitted 6278 * (optional) "embedok" -> (value ignored) 6279 * presence indicates DRR_WRITE_EMBEDDED records are permitted 6280 * (optional) "compressok" -> (value ignored) 6281 * presence indicates compressed DRR_WRITE records are permitted 6282 * } 6283 * 6284 * outnvl: { 6285 * "space" -> bytes of space (uint64) 6286 * } 6287 */ 6288 static const zfs_ioc_key_t zfs_keys_send_space[] = { 6289 {"from", DATA_TYPE_STRING, ZK_OPTIONAL}, 6290 {"fromsnap", DATA_TYPE_STRING, ZK_OPTIONAL}, 6291 {"largeblockok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 6292 {"embedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 6293 {"compressok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 6294 {"rawok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 6295 }; 6296 6297 static int 6298 zfs_ioc_send_space(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl) 6299 { 6300 dsl_pool_t *dp; 6301 dsl_dataset_t *tosnap; 6302 int error; 6303 char *fromname; 6304 boolean_t compressok; 6305 boolean_t rawok; 6306 uint64_t space; 6307 6308 error = dsl_pool_hold(snapname, FTAG, &dp); 6309 if (error != 0) 6310 return (error); 6311 6312 error = dsl_dataset_hold(dp, snapname, FTAG, &tosnap); 6313 if (error != 0) { 6314 dsl_pool_rele(dp, FTAG); 6315 return (error); 6316 } 6317 6318 compressok = nvlist_exists(innvl, "compressok"); 6319 rawok = nvlist_exists(innvl, "rawok"); 6320 6321 error = nvlist_lookup_string(innvl, "from", &fromname); 6322 if (error == 0) { 6323 if (strchr(fromname, '@') != NULL) { 6324 /* 6325 * If from is a snapshot, hold it and use the more 6326 * efficient dmu_send_estimate to estimate send space 6327 * size using deadlists. 6328 */ 6329 dsl_dataset_t *fromsnap; 6330 error = dsl_dataset_hold(dp, fromname, FTAG, &fromsnap); 6331 if (error != 0) 6332 goto out; 6333 error = dmu_send_estimate(tosnap, fromsnap, 6334 compressok || rawok, &space); 6335 dsl_dataset_rele(fromsnap, FTAG); 6336 } else if (strchr(fromname, '#') != NULL) { 6337 /* 6338 * If from is a bookmark, fetch the creation TXG of the 6339 * snapshot it was created from and use that to find 6340 * blocks that were born after it. 6341 */ 6342 zfs_bookmark_phys_t frombm; 6343 6344 error = dsl_bookmark_lookup(dp, fromname, tosnap, 6345 &frombm); 6346 if (error != 0) 6347 goto out; 6348 error = dmu_send_estimate_from_txg(tosnap, 6349 frombm.zbm_creation_txg, compressok || rawok, 6350 &space); 6351 } else { 6352 /* 6353 * from is not properly formatted as a snapshot or 6354 * bookmark 6355 */ 6356 error = SET_ERROR(EINVAL); 6357 goto out; 6358 } 6359 } else { 6360 /* 6361 * If estimating the size of a full send, use dmu_send_estimate. 6362 */ 6363 error = dmu_send_estimate(tosnap, NULL, compressok || rawok, 6364 &space); 6365 } 6366 6367 fnvlist_add_uint64(outnvl, "space", space); 6368 6369 out: 6370 dsl_dataset_rele(tosnap, FTAG); 6371 dsl_pool_rele(dp, FTAG); 6372 return (error); 6373 } 6374 6375 /* 6376 * Sync the currently open TXG to disk for the specified pool. 6377 * This is somewhat similar to 'zfs_sync()'. 6378 * For cases that do not result in error this ioctl will wait for 6379 * the currently open TXG to commit before returning back to the caller. 6380 * 6381 * innvl: { 6382 * "force" -> when true, force uberblock update even if there is no dirty data. 6383 * In addition this will cause the vdev configuration to be written 6384 * out including updating the zpool cache file. (boolean_t) 6385 * } 6386 * 6387 * onvl is unused 6388 */ 6389 static const zfs_ioc_key_t zfs_keys_pool_sync[] = { 6390 {"force", DATA_TYPE_BOOLEAN_VALUE, 0}, 6391 }; 6392 6393 /* ARGSUSED */ 6394 static int 6395 zfs_ioc_pool_sync(const char *pool, nvlist_t *innvl, nvlist_t *onvl) 6396 { 6397 int err; 6398 boolean_t force = B_FALSE; 6399 spa_t *spa; 6400 6401 if ((err = spa_open(pool, &spa, FTAG)) != 0) 6402 return (err); 6403 6404 if (innvl) 6405 force = fnvlist_lookup_boolean_value(innvl, "force"); 6406 6407 if (force) { 6408 spa_config_enter(spa, SCL_CONFIG, FTAG, RW_WRITER); 6409 vdev_config_dirty(spa->spa_root_vdev); 6410 spa_config_exit(spa, SCL_CONFIG, FTAG); 6411 } 6412 txg_wait_synced(spa_get_dsl(spa), 0); 6413 6414 spa_close(spa, FTAG); 6415 6416 return (err); 6417 } 6418 6419 /* 6420 * Load a user's wrapping key into the kernel. 6421 * innvl: { 6422 * "hidden_args" -> { "wkeydata" -> value } 6423 * raw uint8_t array of encryption wrapping key data (32 bytes) 6424 * (optional) "noop" -> (value ignored) 6425 * presence indicated key should only be verified, not loaded 6426 * } 6427 */ 6428 static const zfs_ioc_key_t zfs_keys_load_key[] = { 6429 {"hidden_args", DATA_TYPE_NVLIST, 0}, 6430 {"noop", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, 6431 }; 6432 6433 /* ARGSUSED */ 6434 static int 6435 zfs_ioc_load_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl) 6436 { 6437 int ret = 0; 6438 dsl_crypto_params_t *dcp = NULL; 6439 nvlist_t *hidden_args; 6440 boolean_t noop = nvlist_exists(innvl, "noop"); 6441 6442 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) { 6443 ret = SET_ERROR(EINVAL); 6444 goto error; 6445 } 6446 6447 hidden_args = fnvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS); 6448 6449 ret = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, NULL, 6450 hidden_args, &dcp); 6451 if (ret != 0) 6452 goto error; 6453 6454 ret = spa_keystore_load_wkey(dsname, dcp, noop); 6455 if (ret != 0) 6456 goto error; 6457 6458 dsl_crypto_params_free(dcp, noop); 6459 6460 return (0); 6461 6462 error: 6463 dsl_crypto_params_free(dcp, B_TRUE); 6464 return (ret); 6465 } 6466 6467 /* 6468 * Unload a user's wrapping key from the kernel. 6469 * Both innvl and outnvl are unused. 6470 */ 6471 static const zfs_ioc_key_t zfs_keys_unload_key[] = { 6472 /* no nvl keys */ 6473 }; 6474 6475 /* ARGSUSED */ 6476 static int 6477 zfs_ioc_unload_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl) 6478 { 6479 int ret = 0; 6480 6481 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) { 6482 ret = (SET_ERROR(EINVAL)); 6483 goto out; 6484 } 6485 6486 ret = spa_keystore_unload_wkey(dsname); 6487 if (ret != 0) 6488 goto out; 6489 6490 out: 6491 return (ret); 6492 } 6493 6494 /* 6495 * Changes a user's wrapping key used to decrypt a dataset. The keyformat, 6496 * keylocation, pbkdf2salt, and pbkdf2iters properties can also be specified 6497 * here to change how the key is derived in userspace. 6498 * 6499 * innvl: { 6500 * "hidden_args" (optional) -> { "wkeydata" -> value } 6501 * raw uint8_t array of new encryption wrapping key data (32 bytes) 6502 * "props" (optional) -> { prop -> value } 6503 * } 6504 * 6505 * outnvl is unused 6506 */ 6507 static const zfs_ioc_key_t zfs_keys_change_key[] = { 6508 {"crypt_cmd", DATA_TYPE_UINT64, ZK_OPTIONAL}, 6509 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 6510 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL}, 6511 }; 6512 6513 /* ARGSUSED */ 6514 static int 6515 zfs_ioc_change_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl) 6516 { 6517 int ret; 6518 uint64_t cmd = DCP_CMD_NONE; 6519 dsl_crypto_params_t *dcp = NULL; 6520 nvlist_t *args = NULL, *hidden_args = NULL; 6521 6522 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) { 6523 ret = (SET_ERROR(EINVAL)); 6524 goto error; 6525 } 6526 6527 (void) nvlist_lookup_uint64(innvl, "crypt_cmd", &cmd); 6528 (void) nvlist_lookup_nvlist(innvl, "props", &args); 6529 (void) nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args); 6530 6531 ret = dsl_crypto_params_create_nvlist(cmd, args, hidden_args, &dcp); 6532 if (ret != 0) 6533 goto error; 6534 6535 ret = spa_keystore_change_key(dsname, dcp); 6536 if (ret != 0) 6537 goto error; 6538 6539 dsl_crypto_params_free(dcp, B_FALSE); 6540 6541 return (0); 6542 6543 error: 6544 dsl_crypto_params_free(dcp, B_TRUE); 6545 return (ret); 6546 } 6547 6548 static zfs_ioc_vec_t zfs_ioc_vec[ZFS_IOC_LAST - ZFS_IOC_FIRST]; 6549 6550 static void 6551 zfs_ioctl_register_legacy(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 6552 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck, 6553 boolean_t log_history, zfs_ioc_poolcheck_t pool_check) 6554 { 6555 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST]; 6556 6557 ASSERT3U(ioc, >=, ZFS_IOC_FIRST); 6558 ASSERT3U(ioc, <, ZFS_IOC_LAST); 6559 ASSERT3P(vec->zvec_legacy_func, ==, NULL); 6560 ASSERT3P(vec->zvec_func, ==, NULL); 6561 6562 vec->zvec_legacy_func = func; 6563 vec->zvec_secpolicy = secpolicy; 6564 vec->zvec_namecheck = namecheck; 6565 vec->zvec_allow_log = log_history; 6566 vec->zvec_pool_check = pool_check; 6567 } 6568 6569 /* 6570 * See the block comment at the beginning of this file for details on 6571 * each argument to this function. 6572 */ 6573 static void 6574 zfs_ioctl_register(const char *name, zfs_ioc_t ioc, zfs_ioc_func_t *func, 6575 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck, 6576 zfs_ioc_poolcheck_t pool_check, boolean_t smush_outnvlist, 6577 boolean_t allow_log, const zfs_ioc_key_t *nvl_keys, size_t num_keys) 6578 { 6579 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST]; 6580 6581 ASSERT3U(ioc, >=, ZFS_IOC_FIRST); 6582 ASSERT3U(ioc, <, ZFS_IOC_LAST); 6583 ASSERT3P(vec->zvec_legacy_func, ==, NULL); 6584 ASSERT3P(vec->zvec_func, ==, NULL); 6585 6586 /* if we are logging, the name must be valid */ 6587 ASSERT(!allow_log || namecheck != NO_NAME); 6588 6589 vec->zvec_name = name; 6590 vec->zvec_func = func; 6591 vec->zvec_secpolicy = secpolicy; 6592 vec->zvec_namecheck = namecheck; 6593 vec->zvec_pool_check = pool_check; 6594 vec->zvec_smush_outnvlist = smush_outnvlist; 6595 vec->zvec_allow_log = allow_log; 6596 vec->zvec_nvl_keys = nvl_keys; 6597 vec->zvec_nvl_key_count = num_keys; 6598 } 6599 6600 static void 6601 zfs_ioctl_register_pool(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 6602 zfs_secpolicy_func_t *secpolicy, boolean_t log_history, 6603 zfs_ioc_poolcheck_t pool_check) 6604 { 6605 zfs_ioctl_register_legacy(ioc, func, secpolicy, 6606 POOL_NAME, log_history, pool_check); 6607 } 6608 6609 static void 6610 zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 6611 zfs_secpolicy_func_t *secpolicy, zfs_ioc_poolcheck_t pool_check) 6612 { 6613 zfs_ioctl_register_legacy(ioc, func, secpolicy, 6614 DATASET_NAME, B_FALSE, pool_check); 6615 } 6616 6617 static void 6618 zfs_ioctl_register_pool_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func) 6619 { 6620 zfs_ioctl_register_legacy(ioc, func, zfs_secpolicy_config, 6621 POOL_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 6622 } 6623 6624 static void 6625 zfs_ioctl_register_pool_meta(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 6626 zfs_secpolicy_func_t *secpolicy) 6627 { 6628 zfs_ioctl_register_legacy(ioc, func, secpolicy, 6629 NO_NAME, B_FALSE, POOL_CHECK_NONE); 6630 } 6631 6632 static void 6633 zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc, 6634 zfs_ioc_legacy_func_t *func, zfs_secpolicy_func_t *secpolicy) 6635 { 6636 zfs_ioctl_register_legacy(ioc, func, secpolicy, 6637 DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED); 6638 } 6639 6640 static void 6641 zfs_ioctl_register_dataset_read(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func) 6642 { 6643 zfs_ioctl_register_dataset_read_secpolicy(ioc, func, 6644 zfs_secpolicy_read); 6645 } 6646 6647 static void 6648 zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 6649 zfs_secpolicy_func_t *secpolicy) 6650 { 6651 zfs_ioctl_register_legacy(ioc, func, secpolicy, 6652 DATASET_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 6653 } 6654 6655 static void 6656 zfs_ioctl_init(void) 6657 { 6658 zfs_ioctl_register("snapshot", ZFS_IOC_SNAPSHOT, 6659 zfs_ioc_snapshot, zfs_secpolicy_snapshot, POOL_NAME, 6660 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 6661 zfs_keys_snapshot, ARRAY_SIZE(zfs_keys_snapshot)); 6662 6663 zfs_ioctl_register("log_history", ZFS_IOC_LOG_HISTORY, 6664 zfs_ioc_log_history, zfs_secpolicy_log_history, NO_NAME, 6665 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE, 6666 zfs_keys_log_history, ARRAY_SIZE(zfs_keys_log_history)); 6667 6668 zfs_ioctl_register("space_snaps", ZFS_IOC_SPACE_SNAPS, 6669 zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME, 6670 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE, 6671 zfs_keys_space_snaps, ARRAY_SIZE(zfs_keys_space_snaps)); 6672 6673 zfs_ioctl_register("send", ZFS_IOC_SEND_NEW, 6674 zfs_ioc_send_new, zfs_secpolicy_send_new, DATASET_NAME, 6675 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE, 6676 zfs_keys_send_new, ARRAY_SIZE(zfs_keys_send_new)); 6677 6678 zfs_ioctl_register("send_space", ZFS_IOC_SEND_SPACE, 6679 zfs_ioc_send_space, zfs_secpolicy_read, DATASET_NAME, 6680 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE, 6681 zfs_keys_send_space, ARRAY_SIZE(zfs_keys_send_space)); 6682 6683 zfs_ioctl_register("create", ZFS_IOC_CREATE, 6684 zfs_ioc_create, zfs_secpolicy_create_clone, DATASET_NAME, 6685 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 6686 zfs_keys_create, ARRAY_SIZE(zfs_keys_create)); 6687 6688 zfs_ioctl_register("clone", ZFS_IOC_CLONE, 6689 zfs_ioc_clone, zfs_secpolicy_create_clone, DATASET_NAME, 6690 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 6691 zfs_keys_clone, ARRAY_SIZE(zfs_keys_clone)); 6692 6693 zfs_ioctl_register("remap", ZFS_IOC_REMAP, 6694 zfs_ioc_remap, zfs_secpolicy_remap, DATASET_NAME, 6695 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE, 6696 zfs_keys_remap, ARRAY_SIZE(zfs_keys_remap)); 6697 6698 zfs_ioctl_register("destroy_snaps", ZFS_IOC_DESTROY_SNAPS, 6699 zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, POOL_NAME, 6700 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 6701 zfs_keys_destroy_snaps, ARRAY_SIZE(zfs_keys_destroy_snaps)); 6702 6703 zfs_ioctl_register("hold", ZFS_IOC_HOLD, 6704 zfs_ioc_hold, zfs_secpolicy_hold, POOL_NAME, 6705 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 6706 zfs_keys_hold, ARRAY_SIZE(zfs_keys_hold)); 6707 zfs_ioctl_register("release", ZFS_IOC_RELEASE, 6708 zfs_ioc_release, zfs_secpolicy_release, POOL_NAME, 6709 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 6710 zfs_keys_release, ARRAY_SIZE(zfs_keys_release)); 6711 6712 zfs_ioctl_register("get_holds", ZFS_IOC_GET_HOLDS, 6713 zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME, 6714 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE, 6715 zfs_keys_get_holds, ARRAY_SIZE(zfs_keys_get_holds)); 6716 6717 zfs_ioctl_register("rollback", ZFS_IOC_ROLLBACK, 6718 zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME, 6719 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE, 6720 zfs_keys_rollback, ARRAY_SIZE(zfs_keys_rollback)); 6721 6722 zfs_ioctl_register("bookmark", ZFS_IOC_BOOKMARK, 6723 zfs_ioc_bookmark, zfs_secpolicy_bookmark, POOL_NAME, 6724 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 6725 zfs_keys_bookmark, ARRAY_SIZE(zfs_keys_bookmark)); 6726 6727 zfs_ioctl_register("get_bookmarks", ZFS_IOC_GET_BOOKMARKS, 6728 zfs_ioc_get_bookmarks, zfs_secpolicy_read, DATASET_NAME, 6729 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE, 6730 zfs_keys_get_bookmarks, ARRAY_SIZE(zfs_keys_get_bookmarks)); 6731 6732 zfs_ioctl_register("destroy_bookmarks", ZFS_IOC_DESTROY_BOOKMARKS, 6733 zfs_ioc_destroy_bookmarks, zfs_secpolicy_destroy_bookmarks, 6734 POOL_NAME, 6735 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 6736 zfs_keys_destroy_bookmarks, 6737 ARRAY_SIZE(zfs_keys_destroy_bookmarks)); 6738 6739 zfs_ioctl_register("load-key", ZFS_IOC_LOAD_KEY, 6740 zfs_ioc_load_key, zfs_secpolicy_load_key, 6741 DATASET_NAME, POOL_CHECK_SUSPENDED, B_TRUE, B_TRUE, 6742 zfs_keys_load_key, ARRAY_SIZE(zfs_keys_load_key)); 6743 zfs_ioctl_register("unload-key", ZFS_IOC_UNLOAD_KEY, 6744 zfs_ioc_unload_key, zfs_secpolicy_load_key, 6745 DATASET_NAME, POOL_CHECK_SUSPENDED, B_TRUE, B_TRUE, 6746 zfs_keys_unload_key, ARRAY_SIZE(zfs_keys_unload_key)); 6747 zfs_ioctl_register("change-key", ZFS_IOC_CHANGE_KEY, 6748 zfs_ioc_change_key, zfs_secpolicy_change_key, 6749 DATASET_NAME, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, 6750 B_TRUE, B_TRUE, zfs_keys_change_key, 6751 ARRAY_SIZE(zfs_keys_change_key)); 6752 6753 zfs_ioctl_register("sync", ZFS_IOC_POOL_SYNC, 6754 zfs_ioc_pool_sync, zfs_secpolicy_none, POOL_NAME, 6755 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE, 6756 zfs_keys_pool_sync, ARRAY_SIZE(zfs_keys_pool_sync)); 6757 6758 zfs_ioctl_register("channel_program", ZFS_IOC_CHANNEL_PROGRAM, 6759 zfs_ioc_channel_program, zfs_secpolicy_config, 6760 POOL_NAME, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, 6761 B_TRUE, zfs_keys_channel_program, 6762 ARRAY_SIZE(zfs_keys_channel_program)); 6763 6764 zfs_ioctl_register("zpool_checkpoint", ZFS_IOC_POOL_CHECKPOINT, 6765 zfs_ioc_pool_checkpoint, zfs_secpolicy_config, POOL_NAME, 6766 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 6767 zfs_keys_pool_checkpoint, ARRAY_SIZE(zfs_keys_pool_checkpoint)); 6768 6769 zfs_ioctl_register("zpool_discard_checkpoint", 6770 ZFS_IOC_POOL_DISCARD_CHECKPOINT, zfs_ioc_pool_discard_checkpoint, 6771 zfs_secpolicy_config, POOL_NAME, 6772 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 6773 zfs_keys_pool_discard_checkpoint, 6774 ARRAY_SIZE(zfs_keys_pool_discard_checkpoint)); 6775 6776 zfs_ioctl_register("initialize", ZFS_IOC_POOL_INITIALIZE, 6777 zfs_ioc_pool_initialize, zfs_secpolicy_config, POOL_NAME, 6778 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 6779 zfs_keys_pool_initialize, ARRAY_SIZE(zfs_keys_pool_initialize)); 6780 6781 zfs_ioctl_register("trim", ZFS_IOC_POOL_TRIM, 6782 zfs_ioc_pool_trim, zfs_secpolicy_config, POOL_NAME, 6783 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, 6784 zfs_keys_pool_trim, ARRAY_SIZE(zfs_keys_pool_trim)); 6785 6786 /* IOCTLS that use the legacy function signature */ 6787 6788 zfs_ioctl_register_legacy(ZFS_IOC_POOL_FREEZE, zfs_ioc_pool_freeze, 6789 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_READONLY); 6790 6791 zfs_ioctl_register_pool(ZFS_IOC_POOL_CREATE, zfs_ioc_pool_create, 6792 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE); 6793 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SCAN, 6794 zfs_ioc_pool_scan); 6795 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_UPGRADE, 6796 zfs_ioc_pool_upgrade); 6797 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ADD, 6798 zfs_ioc_vdev_add); 6799 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_REMOVE, 6800 zfs_ioc_vdev_remove); 6801 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SET_STATE, 6802 zfs_ioc_vdev_set_state); 6803 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ATTACH, 6804 zfs_ioc_vdev_attach); 6805 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_DETACH, 6806 zfs_ioc_vdev_detach); 6807 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETPATH, 6808 zfs_ioc_vdev_setpath); 6809 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETFRU, 6810 zfs_ioc_vdev_setfru); 6811 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SET_PROPS, 6812 zfs_ioc_pool_set_props); 6813 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SPLIT, 6814 zfs_ioc_vdev_split); 6815 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_REGUID, 6816 zfs_ioc_pool_reguid); 6817 6818 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_CONFIGS, 6819 zfs_ioc_pool_configs, zfs_secpolicy_none); 6820 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_TRYIMPORT, 6821 zfs_ioc_pool_tryimport, zfs_secpolicy_config); 6822 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_FAULT, 6823 zfs_ioc_inject_fault, zfs_secpolicy_inject); 6824 zfs_ioctl_register_pool_meta(ZFS_IOC_CLEAR_FAULT, 6825 zfs_ioc_clear_fault, zfs_secpolicy_inject); 6826 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_LIST_NEXT, 6827 zfs_ioc_inject_list_next, zfs_secpolicy_inject); 6828 6829 /* 6830 * pool destroy, and export don't log the history as part of 6831 * zfsdev_ioctl, but rather zfs_ioc_pool_export 6832 * does the logging of those commands. 6833 */ 6834 zfs_ioctl_register_pool(ZFS_IOC_POOL_DESTROY, zfs_ioc_pool_destroy, 6835 zfs_secpolicy_config, B_FALSE, POOL_CHECK_NONE); 6836 zfs_ioctl_register_pool(ZFS_IOC_POOL_EXPORT, zfs_ioc_pool_export, 6837 zfs_secpolicy_config, B_FALSE, POOL_CHECK_NONE); 6838 6839 zfs_ioctl_register_pool(ZFS_IOC_POOL_STATS, zfs_ioc_pool_stats, 6840 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE); 6841 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_PROPS, zfs_ioc_pool_get_props, 6842 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE); 6843 6844 zfs_ioctl_register_pool(ZFS_IOC_ERROR_LOG, zfs_ioc_error_log, 6845 zfs_secpolicy_inject, B_FALSE, POOL_CHECK_SUSPENDED); 6846 zfs_ioctl_register_pool(ZFS_IOC_DSOBJ_TO_DSNAME, 6847 zfs_ioc_dsobj_to_dsname, 6848 zfs_secpolicy_diff, B_FALSE, POOL_CHECK_SUSPENDED); 6849 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_HISTORY, 6850 zfs_ioc_pool_get_history, 6851 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED); 6852 6853 zfs_ioctl_register_pool(ZFS_IOC_POOL_IMPORT, zfs_ioc_pool_import, 6854 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE); 6855 6856 zfs_ioctl_register_pool(ZFS_IOC_CLEAR, zfs_ioc_clear, 6857 zfs_secpolicy_config, B_TRUE, POOL_CHECK_READONLY); 6858 zfs_ioctl_register_pool(ZFS_IOC_POOL_REOPEN, zfs_ioc_pool_reopen, 6859 zfs_secpolicy_config, B_TRUE, POOL_CHECK_SUSPENDED); 6860 6861 zfs_ioctl_register_dataset_read(ZFS_IOC_SPACE_WRITTEN, 6862 zfs_ioc_space_written); 6863 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_RECVD_PROPS, 6864 zfs_ioc_objset_recvd_props); 6865 zfs_ioctl_register_dataset_read(ZFS_IOC_NEXT_OBJ, 6866 zfs_ioc_next_obj); 6867 zfs_ioctl_register_dataset_read(ZFS_IOC_GET_FSACL, 6868 zfs_ioc_get_fsacl); 6869 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_STATS, 6870 zfs_ioc_objset_stats); 6871 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_ZPLPROPS, 6872 zfs_ioc_objset_zplprops); 6873 zfs_ioctl_register_dataset_read(ZFS_IOC_DATASET_LIST_NEXT, 6874 zfs_ioc_dataset_list_next); 6875 zfs_ioctl_register_dataset_read(ZFS_IOC_SNAPSHOT_LIST_NEXT, 6876 zfs_ioc_snapshot_list_next); 6877 zfs_ioctl_register_dataset_read(ZFS_IOC_SEND_PROGRESS, 6878 zfs_ioc_send_progress); 6879 6880 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_DIFF, 6881 zfs_ioc_diff, zfs_secpolicy_diff); 6882 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_STATS, 6883 zfs_ioc_obj_to_stats, zfs_secpolicy_diff); 6884 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_PATH, 6885 zfs_ioc_obj_to_path, zfs_secpolicy_diff); 6886 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_ONE, 6887 zfs_ioc_userspace_one, zfs_secpolicy_userspace_one); 6888 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_MANY, 6889 zfs_ioc_userspace_many, zfs_secpolicy_userspace_many); 6890 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_SEND, 6891 zfs_ioc_send, zfs_secpolicy_send); 6892 6893 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_PROP, zfs_ioc_set_prop, 6894 zfs_secpolicy_none); 6895 zfs_ioctl_register_dataset_modify(ZFS_IOC_DESTROY, zfs_ioc_destroy, 6896 zfs_secpolicy_destroy); 6897 zfs_ioctl_register_dataset_modify(ZFS_IOC_RENAME, zfs_ioc_rename, 6898 zfs_secpolicy_rename); 6899 zfs_ioctl_register_dataset_modify(ZFS_IOC_RECV, zfs_ioc_recv, 6900 zfs_secpolicy_recv); 6901 zfs_ioctl_register_dataset_modify(ZFS_IOC_PROMOTE, zfs_ioc_promote, 6902 zfs_secpolicy_promote); 6903 zfs_ioctl_register_dataset_modify(ZFS_IOC_INHERIT_PROP, 6904 zfs_ioc_inherit_prop, zfs_secpolicy_inherit_prop); 6905 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_FSACL, zfs_ioc_set_fsacl, 6906 zfs_secpolicy_set_fsacl); 6907 6908 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SHARE, zfs_ioc_share, 6909 zfs_secpolicy_share, POOL_CHECK_NONE); 6910 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SMB_ACL, zfs_ioc_smb_acl, 6911 zfs_secpolicy_smb_acl, POOL_CHECK_NONE); 6912 zfs_ioctl_register_dataset_nolog(ZFS_IOC_USERSPACE_UPGRADE, 6913 zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade, 6914 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 6915 zfs_ioctl_register_dataset_nolog(ZFS_IOC_TMP_SNAPSHOT, 6916 zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot, 6917 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 6918 } 6919 6920 /* 6921 * Verify that for non-legacy ioctls the input nvlist 6922 * pairs match against the expected input. 6923 * 6924 * Possible errors are: 6925 * ZFS_ERR_IOC_ARG_UNAVAIL An unrecognized nvpair was encountered 6926 * ZFS_ERR_IOC_ARG_REQUIRED A required nvpair is missing 6927 * ZFS_ERR_IOC_ARG_BADTYPE Invalid type for nvpair 6928 */ 6929 static int 6930 zfs_check_input_nvpairs(nvlist_t *innvl, const zfs_ioc_vec_t *vec) 6931 { 6932 const zfs_ioc_key_t *nvl_keys = vec->zvec_nvl_keys; 6933 boolean_t required_keys_found = B_FALSE; 6934 6935 /* 6936 * examine each input pair 6937 */ 6938 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL); 6939 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) { 6940 char *name = nvpair_name(pair); 6941 data_type_t type = nvpair_type(pair); 6942 boolean_t identified = B_FALSE; 6943 6944 /* 6945 * check pair against the documented names and type 6946 */ 6947 for (int k = 0; k < vec->zvec_nvl_key_count; k++) { 6948 /* if not a wild card name, check for an exact match */ 6949 if ((nvl_keys[k].zkey_flags & ZK_WILDCARDLIST) == 0 && 6950 strcmp(nvl_keys[k].zkey_name, name) != 0) 6951 continue; 6952 6953 identified = B_TRUE; 6954 6955 if (nvl_keys[k].zkey_type != DATA_TYPE_ANY && 6956 nvl_keys[k].zkey_type != type) { 6957 return (SET_ERROR(ZFS_ERR_IOC_ARG_BADTYPE)); 6958 } 6959 6960 if (nvl_keys[k].zkey_flags & ZK_OPTIONAL) 6961 continue; 6962 6963 required_keys_found = B_TRUE; 6964 break; 6965 } 6966 6967 /* allow an 'optional' key, everything else is invalid */ 6968 if (!identified && 6969 (strcmp(name, "optional") != 0 || 6970 type != DATA_TYPE_NVLIST)) { 6971 return (SET_ERROR(ZFS_ERR_IOC_ARG_UNAVAIL)); 6972 } 6973 } 6974 6975 /* verify that all required keys were found */ 6976 for (int k = 0; k < vec->zvec_nvl_key_count; k++) { 6977 if (nvl_keys[k].zkey_flags & ZK_OPTIONAL) 6978 continue; 6979 6980 if (nvl_keys[k].zkey_flags & ZK_WILDCARDLIST) { 6981 /* at least one non-optionial key is expected here */ 6982 if (!required_keys_found) 6983 return (SET_ERROR(ZFS_ERR_IOC_ARG_REQUIRED)); 6984 continue; 6985 } 6986 6987 if (!nvlist_exists(innvl, nvl_keys[k].zkey_name)) 6988 return (SET_ERROR(ZFS_ERR_IOC_ARG_REQUIRED)); 6989 } 6990 6991 return (0); 6992 } 6993 6994 int 6995 pool_status_check(const char *name, zfs_ioc_namecheck_t type, 6996 zfs_ioc_poolcheck_t check) 6997 { 6998 spa_t *spa; 6999 int error; 7000 7001 ASSERT(type == POOL_NAME || type == DATASET_NAME); 7002 7003 if (check & POOL_CHECK_NONE) 7004 return (0); 7005 7006 error = spa_open(name, &spa, FTAG); 7007 if (error == 0) { 7008 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa)) 7009 error = SET_ERROR(EAGAIN); 7010 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa)) 7011 error = SET_ERROR(EROFS); 7012 spa_close(spa, FTAG); 7013 } 7014 return (error); 7015 } 7016 7017 /* 7018 * Find a free minor number. 7019 */ 7020 minor_t 7021 zfsdev_minor_alloc(void) 7022 { 7023 static minor_t last_minor; 7024 minor_t m; 7025 7026 ASSERT(MUTEX_HELD(&zfsdev_state_lock)); 7027 7028 for (m = last_minor + 1; m != last_minor; m++) { 7029 if (m > ZFSDEV_MAX_MINOR) 7030 m = 1; 7031 if (ddi_get_soft_state(zfsdev_state, m) == NULL) { 7032 last_minor = m; 7033 return (m); 7034 } 7035 } 7036 7037 return (0); 7038 } 7039 7040 static int 7041 zfs_ctldev_init(dev_t *devp) 7042 { 7043 minor_t minor; 7044 zfs_soft_state_t *zs; 7045 7046 ASSERT(MUTEX_HELD(&zfsdev_state_lock)); 7047 ASSERT(getminor(*devp) == 0); 7048 7049 minor = zfsdev_minor_alloc(); 7050 if (minor == 0) 7051 return (SET_ERROR(ENXIO)); 7052 7053 if (ddi_soft_state_zalloc(zfsdev_state, minor) != DDI_SUCCESS) 7054 return (SET_ERROR(EAGAIN)); 7055 7056 *devp = makedevice(getemajor(*devp), minor); 7057 7058 zs = ddi_get_soft_state(zfsdev_state, minor); 7059 zs->zss_type = ZSST_CTLDEV; 7060 zfs_onexit_init((zfs_onexit_t **)&zs->zss_data); 7061 7062 return (0); 7063 } 7064 7065 static void 7066 zfs_ctldev_destroy(zfs_onexit_t *zo, minor_t minor) 7067 { 7068 ASSERT(MUTEX_HELD(&zfsdev_state_lock)); 7069 7070 zfs_onexit_destroy(zo); 7071 ddi_soft_state_free(zfsdev_state, minor); 7072 } 7073 7074 void * 7075 zfsdev_get_soft_state(minor_t minor, enum zfs_soft_state_type which) 7076 { 7077 zfs_soft_state_t *zp; 7078 7079 zp = ddi_get_soft_state(zfsdev_state, minor); 7080 if (zp == NULL || zp->zss_type != which) 7081 return (NULL); 7082 7083 return (zp->zss_data); 7084 } 7085 7086 static int 7087 zfsdev_open(dev_t *devp, int flag, int otyp, cred_t *cr) 7088 { 7089 int error = 0; 7090 7091 if (getminor(*devp) != 0) 7092 return (zvol_open(devp, flag, otyp, cr)); 7093 7094 /* This is the control device. Allocate a new minor if requested. */ 7095 if (flag & FEXCL) { 7096 mutex_enter(&zfsdev_state_lock); 7097 error = zfs_ctldev_init(devp); 7098 mutex_exit(&zfsdev_state_lock); 7099 } 7100 7101 return (error); 7102 } 7103 7104 static int 7105 zfsdev_close(dev_t dev, int flag, int otyp, cred_t *cr) 7106 { 7107 zfs_onexit_t *zo; 7108 minor_t minor = getminor(dev); 7109 7110 if (minor == 0) 7111 return (0); 7112 7113 mutex_enter(&zfsdev_state_lock); 7114 zo = zfsdev_get_soft_state(minor, ZSST_CTLDEV); 7115 if (zo == NULL) { 7116 mutex_exit(&zfsdev_state_lock); 7117 return (zvol_close(dev, flag, otyp, cr)); 7118 } 7119 zfs_ctldev_destroy(zo, minor); 7120 mutex_exit(&zfsdev_state_lock); 7121 7122 return (0); 7123 } 7124 7125 static int 7126 zfsdev_ioctl(dev_t dev, int cmd, intptr_t arg, int flag, cred_t *cr, int *rvalp) 7127 { 7128 zfs_cmd_t *zc; 7129 uint_t vecnum; 7130 int error, rc, len; 7131 minor_t minor = getminor(dev); 7132 const zfs_ioc_vec_t *vec; 7133 char *saved_poolname = NULL; 7134 nvlist_t *innvl = NULL; 7135 7136 if (minor != 0 && 7137 zfsdev_get_soft_state(minor, ZSST_CTLDEV) == NULL) 7138 return (zvol_ioctl(dev, cmd, arg, flag, cr, rvalp)); 7139 7140 vecnum = cmd - ZFS_IOC_FIRST; 7141 ASSERT3U(getmajor(dev), ==, ddi_driver_major(zfs_dip)); 7142 7143 if (vecnum >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0])) 7144 return (SET_ERROR(ZFS_ERR_IOC_CMD_UNAVAIL)); 7145 vec = &zfs_ioc_vec[vecnum]; 7146 7147 /* 7148 * The registered ioctl list may be sparse, verify that either 7149 * a normal or legacy handler are registered. 7150 */ 7151 if (vec->zvec_func == NULL && vec->zvec_legacy_func == NULL) 7152 return (SET_ERROR(ZFS_ERR_IOC_CMD_UNAVAIL)); 7153 7154 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP); 7155 7156 error = ddi_copyin((void *)arg, zc, sizeof (zfs_cmd_t), flag); 7157 if (error != 0) { 7158 error = SET_ERROR(EFAULT); 7159 goto out; 7160 } 7161 7162 zc->zc_iflags = flag & FKIOCTL; 7163 if (zc->zc_nvlist_src_size != 0) { 7164 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 7165 zc->zc_iflags, &innvl); 7166 if (error != 0) 7167 goto out; 7168 } 7169 7170 /* 7171 * Ensure that all pool/dataset names are valid before we pass down to 7172 * the lower layers. 7173 */ 7174 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0'; 7175 switch (vec->zvec_namecheck) { 7176 case POOL_NAME: 7177 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0) 7178 error = SET_ERROR(EINVAL); 7179 else 7180 error = pool_status_check(zc->zc_name, 7181 vec->zvec_namecheck, vec->zvec_pool_check); 7182 break; 7183 7184 case DATASET_NAME: 7185 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0) 7186 error = SET_ERROR(EINVAL); 7187 else 7188 error = pool_status_check(zc->zc_name, 7189 vec->zvec_namecheck, vec->zvec_pool_check); 7190 break; 7191 7192 case NO_NAME: 7193 break; 7194 } 7195 7196 /* 7197 * Ensure that all input pairs are valid before we pass them down 7198 * to the lower layers. 7199 * 7200 * The vectored functions can use fnvlist_lookup_{type} for any 7201 * required pairs since zfs_check_input_nvpairs() confirmed that 7202 * they exist and are of the correct type. 7203 */ 7204 if (error == 0 && vec->zvec_func != NULL) { 7205 error = zfs_check_input_nvpairs(innvl, vec); 7206 if (error != 0) 7207 goto out; 7208 } 7209 7210 if (error == 0) 7211 error = vec->zvec_secpolicy(zc, innvl, cr); 7212 7213 if (error != 0) 7214 goto out; 7215 7216 /* legacy ioctls can modify zc_name */ 7217 len = strcspn(zc->zc_name, "/@#") + 1; 7218 saved_poolname = kmem_alloc(len, KM_SLEEP); 7219 (void) strlcpy(saved_poolname, zc->zc_name, len); 7220 7221 if (vec->zvec_func != NULL) { 7222 nvlist_t *outnvl; 7223 int puterror = 0; 7224 spa_t *spa; 7225 nvlist_t *lognv = NULL; 7226 7227 ASSERT(vec->zvec_legacy_func == NULL); 7228 7229 /* 7230 * Add the innvl to the lognv before calling the func, 7231 * in case the func changes the innvl. 7232 */ 7233 if (vec->zvec_allow_log) { 7234 lognv = fnvlist_alloc(); 7235 fnvlist_add_string(lognv, ZPOOL_HIST_IOCTL, 7236 vec->zvec_name); 7237 if (!nvlist_empty(innvl)) { 7238 fnvlist_add_nvlist(lognv, ZPOOL_HIST_INPUT_NVL, 7239 innvl); 7240 } 7241 } 7242 7243 outnvl = fnvlist_alloc(); 7244 error = vec->zvec_func(zc->zc_name, innvl, outnvl); 7245 7246 /* 7247 * Some commands can partially execute, modify state, and still 7248 * return an error. In these cases, attempt to record what 7249 * was modified. 7250 */ 7251 if ((error == 0 || 7252 (cmd == ZFS_IOC_CHANNEL_PROGRAM && error != EINVAL)) && 7253 vec->zvec_allow_log && 7254 spa_open(zc->zc_name, &spa, FTAG) == 0) { 7255 if (!nvlist_empty(outnvl)) { 7256 fnvlist_add_nvlist(lognv, ZPOOL_HIST_OUTPUT_NVL, 7257 outnvl); 7258 } 7259 if (error != 0) { 7260 fnvlist_add_int64(lognv, ZPOOL_HIST_ERRNO, 7261 error); 7262 } 7263 (void) spa_history_log_nvl(spa, lognv); 7264 spa_close(spa, FTAG); 7265 } 7266 fnvlist_free(lognv); 7267 7268 if (!nvlist_empty(outnvl) || zc->zc_nvlist_dst_size != 0) { 7269 int smusherror = 0; 7270 if (vec->zvec_smush_outnvlist) { 7271 smusherror = nvlist_smush(outnvl, 7272 zc->zc_nvlist_dst_size); 7273 } 7274 if (smusherror == 0) 7275 puterror = put_nvlist(zc, outnvl); 7276 } 7277 7278 if (puterror != 0) 7279 error = puterror; 7280 7281 nvlist_free(outnvl); 7282 } else { 7283 error = vec->zvec_legacy_func(zc); 7284 } 7285 7286 out: 7287 nvlist_free(innvl); 7288 rc = ddi_copyout(zc, (void *)arg, sizeof (zfs_cmd_t), flag); 7289 if (error == 0 && rc != 0) 7290 error = SET_ERROR(EFAULT); 7291 if (error == 0 && vec->zvec_allow_log) { 7292 char *s = tsd_get(zfs_allow_log_key); 7293 if (s != NULL) 7294 strfree(s); 7295 (void) tsd_set(zfs_allow_log_key, saved_poolname); 7296 } else { 7297 if (saved_poolname != NULL) 7298 strfree(saved_poolname); 7299 } 7300 7301 kmem_free(zc, sizeof (zfs_cmd_t)); 7302 return (error); 7303 } 7304 7305 static int 7306 zfs_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) 7307 { 7308 if (cmd != DDI_ATTACH) 7309 return (DDI_FAILURE); 7310 7311 if (ddi_create_minor_node(dip, "zfs", S_IFCHR, 0, 7312 DDI_PSEUDO, 0) == DDI_FAILURE) 7313 return (DDI_FAILURE); 7314 7315 zfs_dip = dip; 7316 7317 ddi_report_dev(dip); 7318 7319 return (DDI_SUCCESS); 7320 } 7321 7322 static int 7323 zfs_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) 7324 { 7325 if (spa_busy() || zfs_busy() || zvol_busy()) 7326 return (DDI_FAILURE); 7327 7328 if (cmd != DDI_DETACH) 7329 return (DDI_FAILURE); 7330 7331 zfs_dip = NULL; 7332 7333 ddi_prop_remove_all(dip); 7334 ddi_remove_minor_node(dip, NULL); 7335 7336 return (DDI_SUCCESS); 7337 } 7338 7339 /*ARGSUSED*/ 7340 static int 7341 zfs_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result) 7342 { 7343 switch (infocmd) { 7344 case DDI_INFO_DEVT2DEVINFO: 7345 *result = zfs_dip; 7346 return (DDI_SUCCESS); 7347 7348 case DDI_INFO_DEVT2INSTANCE: 7349 *result = (void *)0; 7350 return (DDI_SUCCESS); 7351 } 7352 7353 return (DDI_FAILURE); 7354 } 7355 7356 /* 7357 * OK, so this is a little weird. 7358 * 7359 * /dev/zfs is the control node, i.e. minor 0. 7360 * /dev/zvol/[r]dsk/pool/dataset are the zvols, minor > 0. 7361 * 7362 * /dev/zfs has basically nothing to do except serve up ioctls, 7363 * so most of the standard driver entry points are in zvol.c. 7364 */ 7365 static struct cb_ops zfs_cb_ops = { 7366 zfsdev_open, /* open */ 7367 zfsdev_close, /* close */ 7368 zvol_strategy, /* strategy */ 7369 nodev, /* print */ 7370 zvol_dump, /* dump */ 7371 zvol_read, /* read */ 7372 zvol_write, /* write */ 7373 zfsdev_ioctl, /* ioctl */ 7374 nodev, /* devmap */ 7375 nodev, /* mmap */ 7376 nodev, /* segmap */ 7377 nochpoll, /* poll */ 7378 ddi_prop_op, /* prop_op */ 7379 NULL, /* streamtab */ 7380 D_NEW | D_MP | D_64BIT, /* Driver compatibility flag */ 7381 CB_REV, /* version */ 7382 nodev, /* async read */ 7383 nodev, /* async write */ 7384 }; 7385 7386 static struct dev_ops zfs_dev_ops = { 7387 DEVO_REV, /* version */ 7388 0, /* refcnt */ 7389 zfs_info, /* info */ 7390 nulldev, /* identify */ 7391 nulldev, /* probe */ 7392 zfs_attach, /* attach */ 7393 zfs_detach, /* detach */ 7394 nodev, /* reset */ 7395 &zfs_cb_ops, /* driver operations */ 7396 NULL, /* no bus operations */ 7397 NULL, /* power */ 7398 ddi_quiesce_not_needed, /* quiesce */ 7399 }; 7400 7401 static struct modldrv zfs_modldrv = { 7402 &mod_driverops, 7403 "ZFS storage pool", 7404 &zfs_dev_ops 7405 }; 7406 7407 static struct modlinkage modlinkage = { 7408 MODREV_1, 7409 (void *)&zfs_modlfs, 7410 (void *)&zfs_modldrv, 7411 NULL 7412 }; 7413 7414 static void 7415 zfs_allow_log_destroy(void *arg) 7416 { 7417 char *poolname = arg; 7418 strfree(poolname); 7419 } 7420 7421 int 7422 _init(void) 7423 { 7424 int error; 7425 7426 spa_init(FREAD | FWRITE); 7427 zfs_init(); 7428 zvol_init(); 7429 zfs_ioctl_init(); 7430 7431 if ((error = mod_install(&modlinkage)) != 0) { 7432 zvol_fini(); 7433 zfs_fini(); 7434 spa_fini(); 7435 return (error); 7436 } 7437 7438 tsd_create(&zfs_fsyncer_key, NULL); 7439 tsd_create(&rrw_tsd_key, rrw_tsd_destroy); 7440 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy); 7441 7442 error = ldi_ident_from_mod(&modlinkage, &zfs_li); 7443 ASSERT(error == 0); 7444 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL); 7445 7446 return (0); 7447 } 7448 7449 int 7450 _fini(void) 7451 { 7452 int error; 7453 7454 if (spa_busy() || zfs_busy() || zvol_busy() || zio_injection_enabled) 7455 return (SET_ERROR(EBUSY)); 7456 7457 if ((error = mod_remove(&modlinkage)) != 0) 7458 return (error); 7459 7460 zvol_fini(); 7461 zfs_fini(); 7462 spa_fini(); 7463 if (zfs_nfsshare_inited) 7464 (void) ddi_modclose(nfs_mod); 7465 if (zfs_smbshare_inited) 7466 (void) ddi_modclose(smbsrv_mod); 7467 if (zfs_nfsshare_inited || zfs_smbshare_inited) 7468 (void) ddi_modclose(sharefs_mod); 7469 7470 tsd_destroy(&zfs_fsyncer_key); 7471 ldi_ident_release(zfs_li); 7472 zfs_li = NULL; 7473 mutex_destroy(&zfs_share_lock); 7474 7475 return (error); 7476 } 7477 7478 int 7479 _info(struct modinfo *modinfop) 7480 { 7481 return (mod_info(&modlinkage, modinfop)); 7482 } 7483