xref: /titanic_44/usr/src/uts/common/fs/zfs/zfs_ioctl.c (revision 380789fc80376bd1573770361cb177a08c7e3524)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 #include <sys/types.h>
29 #include <sys/param.h>
30 #include <sys/errno.h>
31 #include <sys/uio.h>
32 #include <sys/buf.h>
33 #include <sys/modctl.h>
34 #include <sys/open.h>
35 #include <sys/file.h>
36 #include <sys/kmem.h>
37 #include <sys/conf.h>
38 #include <sys/cmn_err.h>
39 #include <sys/stat.h>
40 #include <sys/zfs_ioctl.h>
41 #include <sys/zfs_i18n.h>
42 #include <sys/zfs_znode.h>
43 #include <sys/zap.h>
44 #include <sys/spa.h>
45 #include <sys/spa_impl.h>
46 #include <sys/vdev.h>
47 #include <sys/vdev_impl.h>
48 #include <sys/dmu.h>
49 #include <sys/dsl_dir.h>
50 #include <sys/dsl_dataset.h>
51 #include <sys/dsl_prop.h>
52 #include <sys/dsl_deleg.h>
53 #include <sys/dmu_objset.h>
54 #include <sys/ddi.h>
55 #include <sys/sunddi.h>
56 #include <sys/sunldi.h>
57 #include <sys/policy.h>
58 #include <sys/zone.h>
59 #include <sys/nvpair.h>
60 #include <sys/pathname.h>
61 #include <sys/mount.h>
62 #include <sys/sdt.h>
63 #include <sys/fs/zfs.h>
64 #include <sys/zfs_ctldir.h>
65 #include <sys/zfs_dir.h>
66 #include <sys/zvol.h>
67 #include <sharefs/share.h>
68 #include <sys/zfs_znode.h>
69 #include <sys/zfs_vfsops.h>
70 #include <sys/dmu_objset.h>
71 
72 #include "zfs_namecheck.h"
73 #include "zfs_prop.h"
74 #include "zfs_deleg.h"
75 
76 extern struct modlfs zfs_modlfs;
77 
78 extern void zfs_init(void);
79 extern void zfs_fini(void);
80 
81 ldi_ident_t zfs_li = NULL;
82 dev_info_t *zfs_dip;
83 
84 typedef int zfs_ioc_func_t(zfs_cmd_t *);
85 typedef int zfs_secpolicy_func_t(zfs_cmd_t *, cred_t *);
86 
87 typedef struct zfs_ioc_vec {
88 	zfs_ioc_func_t		*zvec_func;
89 	zfs_secpolicy_func_t	*zvec_secpolicy;
90 	enum {
91 		NO_NAME,
92 		POOL_NAME,
93 		DATASET_NAME
94 	} zvec_namecheck;
95 	boolean_t		zvec_his_log;
96 } zfs_ioc_vec_t;
97 
98 /* _NOTE(PRINTFLIKE(4)) - this is printf-like, but lint is too whiney */
99 void
100 __dprintf(const char *file, const char *func, int line, const char *fmt, ...)
101 {
102 	const char *newfile;
103 	char buf[256];
104 	va_list adx;
105 
106 	/*
107 	 * Get rid of annoying "../common/" prefix to filename.
108 	 */
109 	newfile = strrchr(file, '/');
110 	if (newfile != NULL) {
111 		newfile = newfile + 1; /* Get rid of leading / */
112 	} else {
113 		newfile = file;
114 	}
115 
116 	va_start(adx, fmt);
117 	(void) vsnprintf(buf, sizeof (buf), fmt, adx);
118 	va_end(adx);
119 
120 	/*
121 	 * To get this data, use the zfs-dprintf probe as so:
122 	 * dtrace -q -n 'zfs-dprintf \
123 	 *	/stringof(arg0) == "dbuf.c"/ \
124 	 *	{printf("%s: %s", stringof(arg1), stringof(arg3))}'
125 	 * arg0 = file name
126 	 * arg1 = function name
127 	 * arg2 = line number
128 	 * arg3 = message
129 	 */
130 	DTRACE_PROBE4(zfs__dprintf,
131 	    char *, newfile, char *, func, int, line, char *, buf);
132 }
133 
134 static void
135 history_str_free(char *buf)
136 {
137 	kmem_free(buf, HIS_MAX_RECORD_LEN);
138 }
139 
140 static char *
141 history_str_get(zfs_cmd_t *zc)
142 {
143 	char *buf;
144 
145 	if (zc->zc_history == NULL)
146 		return (NULL);
147 
148 	buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP);
149 	if (copyinstr((void *)(uintptr_t)zc->zc_history,
150 	    buf, HIS_MAX_RECORD_LEN, NULL) != 0) {
151 		history_str_free(buf);
152 		return (NULL);
153 	}
154 
155 	buf[HIS_MAX_RECORD_LEN -1] = '\0';
156 
157 	return (buf);
158 }
159 
160 /*
161  * zfs_check_version
162  *
163  *	Return non-zero if the spa version is less than requested version.
164  */
165 static int
166 zfs_check_version(const char *name, int version)
167 {
168 
169 	spa_t *spa;
170 
171 	if (spa_open(name, &spa, FTAG) == 0) {
172 		if (spa_version(spa) < version) {
173 			spa_close(spa, FTAG);
174 			return (1);
175 		}
176 		spa_close(spa, FTAG);
177 	}
178 	return (0);
179 }
180 
181 static void
182 zfs_log_history(zfs_cmd_t *zc)
183 {
184 	spa_t *spa;
185 	char *buf;
186 
187 	if ((buf = history_str_get(zc)) == NULL)
188 		return;
189 
190 	if (spa_open(zc->zc_name, &spa, FTAG) == 0) {
191 		if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY)
192 			(void) spa_history_log(spa, buf, LOG_CMD_NORMAL);
193 		spa_close(spa, FTAG);
194 	}
195 	history_str_free(buf);
196 }
197 
198 /*
199  * Policy for top-level read operations (list pools).  Requires no privileges,
200  * and can be used in the local zone, as there is no associated dataset.
201  */
202 /* ARGSUSED */
203 static int
204 zfs_secpolicy_none(zfs_cmd_t *zc, cred_t *cr)
205 {
206 	return (0);
207 }
208 
209 /*
210  * Policy for dataset read operations (list children, get statistics).  Requires
211  * no privileges, but must be visible in the local zone.
212  */
213 /* ARGSUSED */
214 static int
215 zfs_secpolicy_read(zfs_cmd_t *zc, cred_t *cr)
216 {
217 	if (INGLOBALZONE(curproc) ||
218 	    zone_dataset_visible(zc->zc_name, NULL))
219 		return (0);
220 
221 	return (ENOENT);
222 }
223 
224 static int
225 zfs_dozonecheck(const char *dataset, cred_t *cr)
226 {
227 	uint64_t zoned;
228 	int writable = 1;
229 
230 	/*
231 	 * The dataset must be visible by this zone -- check this first
232 	 * so they don't see EPERM on something they shouldn't know about.
233 	 */
234 	if (!INGLOBALZONE(curproc) &&
235 	    !zone_dataset_visible(dataset, &writable))
236 		return (ENOENT);
237 
238 	if (dsl_prop_get_integer(dataset, "zoned", &zoned, NULL))
239 		return (ENOENT);
240 
241 	if (INGLOBALZONE(curproc)) {
242 		/*
243 		 * If the fs is zoned, only root can access it from the
244 		 * global zone.
245 		 */
246 		if (secpolicy_zfs(cr) && zoned)
247 			return (EPERM);
248 	} else {
249 		/*
250 		 * If we are in a local zone, the 'zoned' property must be set.
251 		 */
252 		if (!zoned)
253 			return (EPERM);
254 
255 		/* must be writable by this zone */
256 		if (!writable)
257 			return (EPERM);
258 	}
259 	return (0);
260 }
261 
262 int
263 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
264 {
265 	int error;
266 
267 	error = zfs_dozonecheck(name, cr);
268 	if (error == 0) {
269 		error = secpolicy_zfs(cr);
270 		if (error)
271 			error = dsl_deleg_access(name, perm, cr);
272 	}
273 	return (error);
274 }
275 
276 static int
277 zfs_secpolicy_setprop(const char *name, zfs_prop_t prop, cred_t *cr)
278 {
279 	/*
280 	 * Check permissions for special properties.
281 	 */
282 	switch (prop) {
283 	case ZFS_PROP_ZONED:
284 		/*
285 		 * Disallow setting of 'zoned' from within a local zone.
286 		 */
287 		if (!INGLOBALZONE(curproc))
288 			return (EPERM);
289 		break;
290 
291 	case ZFS_PROP_QUOTA:
292 		if (!INGLOBALZONE(curproc)) {
293 			uint64_t zoned;
294 			char setpoint[MAXNAMELEN];
295 			/*
296 			 * Unprivileged users are allowed to modify the
297 			 * quota on things *under* (ie. contained by)
298 			 * the thing they own.
299 			 */
300 			if (dsl_prop_get_integer(name, "zoned", &zoned,
301 			    setpoint))
302 				return (EPERM);
303 			if (!zoned || strlen(name) <= strlen(setpoint))
304 				return (EPERM);
305 		}
306 		break;
307 	}
308 
309 	return (zfs_secpolicy_write_perms(name, zfs_prop_to_name(prop), cr));
310 }
311 
312 int
313 zfs_secpolicy_fsacl(zfs_cmd_t *zc, cred_t *cr)
314 {
315 	int error;
316 
317 	error = zfs_dozonecheck(zc->zc_name, cr);
318 	if (error)
319 		return (error);
320 
321 	/*
322 	 * permission to set permissions will be evaluated later in
323 	 * dsl_deleg_can_allow()
324 	 */
325 	return (0);
326 }
327 
328 int
329 zfs_secpolicy_rollback(zfs_cmd_t *zc, cred_t *cr)
330 {
331 	int error;
332 	error = zfs_secpolicy_write_perms(zc->zc_name,
333 	    ZFS_DELEG_PERM_ROLLBACK, cr);
334 	if (error == 0)
335 		error = zfs_secpolicy_write_perms(zc->zc_name,
336 		    ZFS_DELEG_PERM_MOUNT, cr);
337 	return (error);
338 }
339 
340 int
341 zfs_secpolicy_send(zfs_cmd_t *zc, cred_t *cr)
342 {
343 	return (zfs_secpolicy_write_perms(zc->zc_name,
344 	    ZFS_DELEG_PERM_SEND, cr));
345 }
346 
347 int
348 zfs_secpolicy_share(zfs_cmd_t *zc, cred_t *cr)
349 {
350 	if (!INGLOBALZONE(curproc))
351 		return (EPERM);
352 
353 	if (secpolicy_nfs(cr) == 0) {
354 		return (0);
355 	} else {
356 		vnode_t *vp;
357 		int error;
358 
359 		if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
360 		    NO_FOLLOW, NULL, &vp)) != 0)
361 			return (error);
362 
363 		/* Now make sure mntpnt and dataset are ZFS */
364 
365 		if (vp->v_vfsp->vfs_fstype != zfsfstype ||
366 		    (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
367 		    zc->zc_name) != 0)) {
368 			VN_RELE(vp);
369 			return (EPERM);
370 		}
371 
372 		VN_RELE(vp);
373 		return (dsl_deleg_access(zc->zc_name,
374 		    ZFS_DELEG_PERM_SHARE, cr));
375 	}
376 }
377 
378 static int
379 zfs_get_parent(const char *datasetname, char *parent, int parentsize)
380 {
381 	char *cp;
382 
383 	/*
384 	 * Remove the @bla or /bla from the end of the name to get the parent.
385 	 */
386 	(void) strncpy(parent, datasetname, parentsize);
387 	cp = strrchr(parent, '@');
388 	if (cp != NULL) {
389 		cp[0] = '\0';
390 	} else {
391 		cp = strrchr(parent, '/');
392 		if (cp == NULL)
393 			return (ENOENT);
394 		cp[0] = '\0';
395 	}
396 
397 	return (0);
398 }
399 
400 int
401 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr)
402 {
403 	int error;
404 
405 	if ((error = zfs_secpolicy_write_perms(name,
406 	    ZFS_DELEG_PERM_MOUNT, cr)) != 0)
407 		return (error);
408 
409 	return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr));
410 }
411 
412 static int
413 zfs_secpolicy_destroy(zfs_cmd_t *zc, cred_t *cr)
414 {
415 	return (zfs_secpolicy_destroy_perms(zc->zc_name, cr));
416 }
417 
418 /*
419  * Must have sys_config privilege to check the iscsi permission
420  */
421 /* ARGSUSED */
422 static int
423 zfs_secpolicy_iscsi(zfs_cmd_t *zc, cred_t *cr)
424 {
425 	return (secpolicy_zfs(cr));
426 }
427 
428 int
429 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr)
430 {
431 	char 	parentname[MAXNAMELEN];
432 	int	error;
433 
434 	if ((error = zfs_secpolicy_write_perms(from,
435 	    ZFS_DELEG_PERM_RENAME, cr)) != 0)
436 		return (error);
437 
438 	if ((error = zfs_secpolicy_write_perms(from,
439 	    ZFS_DELEG_PERM_MOUNT, cr)) != 0)
440 		return (error);
441 
442 	if ((error = zfs_get_parent(to, parentname,
443 	    sizeof (parentname))) != 0)
444 		return (error);
445 
446 	if ((error = zfs_secpolicy_write_perms(parentname,
447 	    ZFS_DELEG_PERM_CREATE, cr)) != 0)
448 		return (error);
449 
450 	if ((error = zfs_secpolicy_write_perms(parentname,
451 	    ZFS_DELEG_PERM_MOUNT, cr)) != 0)
452 		return (error);
453 
454 	return (error);
455 }
456 
457 static int
458 zfs_secpolicy_rename(zfs_cmd_t *zc, cred_t *cr)
459 {
460 	return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr));
461 }
462 
463 static int
464 zfs_secpolicy_promote(zfs_cmd_t *zc, cred_t *cr)
465 {
466 	char 	parentname[MAXNAMELEN];
467 	objset_t *clone;
468 	int error;
469 
470 	error = zfs_secpolicy_write_perms(zc->zc_name,
471 	    ZFS_DELEG_PERM_PROMOTE, cr);
472 	if (error)
473 		return (error);
474 
475 	error = dmu_objset_open(zc->zc_name, DMU_OST_ANY,
476 	    DS_MODE_STANDARD | DS_MODE_READONLY, &clone);
477 
478 	if (error == 0) {
479 		dsl_dataset_t *pclone = NULL;
480 		dsl_dir_t *dd;
481 		dd = clone->os->os_dsl_dataset->ds_dir;
482 
483 		rw_enter(&dd->dd_pool->dp_config_rwlock, RW_READER);
484 		error = dsl_dataset_open_obj(dd->dd_pool,
485 		    dd->dd_phys->dd_origin_obj, NULL,
486 		    DS_MODE_NONE, FTAG, &pclone);
487 		rw_exit(&dd->dd_pool->dp_config_rwlock);
488 		if (error) {
489 			dmu_objset_close(clone);
490 			return (error);
491 		}
492 
493 		error = zfs_secpolicy_write_perms(zc->zc_name,
494 		    ZFS_DELEG_PERM_MOUNT, cr);
495 
496 		dsl_dataset_name(pclone, parentname);
497 		dmu_objset_close(clone);
498 		dsl_dataset_close(pclone, DS_MODE_NONE, FTAG);
499 		if (error == 0)
500 			error = zfs_secpolicy_write_perms(parentname,
501 			    ZFS_DELEG_PERM_PROMOTE, cr);
502 	}
503 	return (error);
504 }
505 
506 static int
507 zfs_secpolicy_receive(zfs_cmd_t *zc, cred_t *cr)
508 {
509 	int error;
510 
511 	if ((error = zfs_secpolicy_write_perms(zc->zc_name,
512 	    ZFS_DELEG_PERM_RECEIVE, cr)) != 0)
513 		return (error);
514 
515 	if ((error = zfs_secpolicy_write_perms(zc->zc_name,
516 	    ZFS_DELEG_PERM_MOUNT, cr)) != 0)
517 		return (error);
518 
519 	return (zfs_secpolicy_write_perms(zc->zc_name,
520 	    ZFS_DELEG_PERM_CREATE, cr));
521 }
522 
523 int
524 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr)
525 {
526 	int error;
527 
528 	if ((error = zfs_secpolicy_write_perms(name,
529 	    ZFS_DELEG_PERM_SNAPSHOT, cr)) != 0)
530 		return (error);
531 
532 	error = zfs_secpolicy_write_perms(name,
533 	    ZFS_DELEG_PERM_MOUNT, cr);
534 
535 	return (error);
536 }
537 
538 static int
539 zfs_secpolicy_snapshot(zfs_cmd_t *zc, cred_t *cr)
540 {
541 
542 	return (zfs_secpolicy_snapshot_perms(zc->zc_name, cr));
543 }
544 
545 static int
546 zfs_secpolicy_create(zfs_cmd_t *zc, cred_t *cr)
547 {
548 	char 	parentname[MAXNAMELEN];
549 	int 	error;
550 
551 	if ((error = zfs_get_parent(zc->zc_name, parentname,
552 	    sizeof (parentname))) != 0)
553 		return (error);
554 
555 	if (zc->zc_value[0] != '\0') {
556 		if ((error = zfs_secpolicy_write_perms(zc->zc_value,
557 		    ZFS_DELEG_PERM_CLONE, cr)) != 0)
558 			return (error);
559 	}
560 
561 	if ((error = zfs_secpolicy_write_perms(parentname,
562 	    ZFS_DELEG_PERM_CREATE, cr)) != 0)
563 		return (error);
564 
565 	error = zfs_secpolicy_write_perms(parentname,
566 	    ZFS_DELEG_PERM_MOUNT, cr);
567 
568 	return (error);
569 }
570 
571 static int
572 zfs_secpolicy_umount(zfs_cmd_t *zc, cred_t *cr)
573 {
574 	int error;
575 
576 	error = secpolicy_fs_unmount(cr, NULL);
577 	if (error) {
578 		error = dsl_deleg_access(zc->zc_name, ZFS_DELEG_PERM_MOUNT, cr);
579 	}
580 	return (error);
581 }
582 
583 /*
584  * Policy for pool operations - create/destroy pools, add vdevs, etc.  Requires
585  * SYS_CONFIG privilege, which is not available in a local zone.
586  */
587 /* ARGSUSED */
588 static int
589 zfs_secpolicy_config(zfs_cmd_t *zc, cred_t *cr)
590 {
591 	if (secpolicy_sys_config(cr, B_FALSE) != 0)
592 		return (EPERM);
593 
594 	return (0);
595 }
596 
597 /*
598  * Just like zfs_secpolicy_config, except that we will check for
599  * mount permission on the dataset for permission to create/remove
600  * the minor nodes.
601  */
602 static int
603 zfs_secpolicy_minor(zfs_cmd_t *zc, cred_t *cr)
604 {
605 	if (secpolicy_sys_config(cr, B_FALSE) != 0) {
606 		return (dsl_deleg_access(zc->zc_name,
607 		    ZFS_DELEG_PERM_MOUNT, cr));
608 	}
609 
610 	return (0);
611 }
612 
613 /*
614  * Policy for fault injection.  Requires all privileges.
615  */
616 /* ARGSUSED */
617 static int
618 zfs_secpolicy_inject(zfs_cmd_t *zc, cred_t *cr)
619 {
620 	return (secpolicy_zinject(cr));
621 }
622 
623 static int
624 zfs_secpolicy_inherit(zfs_cmd_t *zc, cred_t *cr)
625 {
626 	zfs_prop_t prop = zfs_name_to_prop(zc->zc_value);
627 
628 	if (prop == ZPROP_INVAL) {
629 		if (!zfs_prop_user(zc->zc_value))
630 			return (EINVAL);
631 		return (zfs_secpolicy_write_perms(zc->zc_name,
632 		    ZFS_DELEG_PERM_USERPROP, cr));
633 	} else {
634 		if (!zfs_prop_inheritable(prop))
635 			return (EINVAL);
636 		return (zfs_secpolicy_setprop(zc->zc_name, prop, cr));
637 	}
638 }
639 
640 /*
641  * Returns the nvlist as specified by the user in the zfs_cmd_t.
642  */
643 static int
644 get_nvlist(uint64_t nvl, uint64_t size, nvlist_t **nvp)
645 {
646 	char *packed;
647 	int error;
648 	nvlist_t *list = NULL;
649 
650 	/*
651 	 * Read in and unpack the user-supplied nvlist.
652 	 */
653 	if (size == 0)
654 		return (EINVAL);
655 
656 	packed = kmem_alloc(size, KM_SLEEP);
657 
658 	if ((error = xcopyin((void *)(uintptr_t)nvl, packed, size)) != 0) {
659 		kmem_free(packed, size);
660 		return (error);
661 	}
662 
663 	if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) {
664 		kmem_free(packed, size);
665 		return (error);
666 	}
667 
668 	kmem_free(packed, size);
669 
670 	*nvp = list;
671 	return (0);
672 }
673 
674 static int
675 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl)
676 {
677 	char *packed = NULL;
678 	size_t size;
679 	int error;
680 
681 	VERIFY(nvlist_size(nvl, &size, NV_ENCODE_NATIVE) == 0);
682 
683 	if (size > zc->zc_nvlist_dst_size) {
684 		error = ENOMEM;
685 	} else {
686 		packed = kmem_alloc(size, KM_SLEEP);
687 		VERIFY(nvlist_pack(nvl, &packed, &size, NV_ENCODE_NATIVE,
688 		    KM_SLEEP) == 0);
689 		error = xcopyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst,
690 		    size);
691 		kmem_free(packed, size);
692 	}
693 
694 	zc->zc_nvlist_dst_size = size;
695 	return (error);
696 }
697 
698 static int
699 zfs_ioc_pool_create(zfs_cmd_t *zc)
700 {
701 	int error;
702 	nvlist_t *config, *props = NULL;
703 	char *buf;
704 
705 	if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
706 	    &config))
707 		return (error);
708 
709 	if (zc->zc_nvlist_src_size != 0 && (error =
710 	    get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, &props))) {
711 		nvlist_free(config);
712 		return (error);
713 	}
714 
715 	buf = history_str_get(zc);
716 
717 	error = spa_create(zc->zc_name, config, props, buf);
718 
719 	if (buf != NULL)
720 		history_str_free(buf);
721 
722 	nvlist_free(config);
723 
724 	if (props)
725 		nvlist_free(props);
726 
727 	return (error);
728 }
729 
730 static int
731 zfs_ioc_pool_destroy(zfs_cmd_t *zc)
732 {
733 	int error;
734 	zfs_log_history(zc);
735 	error = spa_destroy(zc->zc_name);
736 	return (error);
737 }
738 
739 static int
740 zfs_ioc_pool_import(zfs_cmd_t *zc)
741 {
742 	int error;
743 	nvlist_t *config, *props = NULL;
744 	uint64_t guid;
745 
746 	if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
747 	    &config)) != 0)
748 		return (error);
749 
750 	if (zc->zc_nvlist_src_size != 0 && (error =
751 	    get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, &props))) {
752 		nvlist_free(config);
753 		return (error);
754 	}
755 
756 	if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 ||
757 	    guid != zc->zc_guid)
758 		error = EINVAL;
759 	else
760 		error = spa_import(zc->zc_name, config, props);
761 
762 	nvlist_free(config);
763 
764 	if (props)
765 		nvlist_free(props);
766 
767 	return (error);
768 }
769 
770 static int
771 zfs_ioc_pool_export(zfs_cmd_t *zc)
772 {
773 	int error;
774 	zfs_log_history(zc);
775 	error = spa_export(zc->zc_name, NULL);
776 	return (error);
777 }
778 
779 static int
780 zfs_ioc_pool_configs(zfs_cmd_t *zc)
781 {
782 	nvlist_t *configs;
783 	int error;
784 
785 	if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL)
786 		return (EEXIST);
787 
788 	error = put_nvlist(zc, configs);
789 
790 	nvlist_free(configs);
791 
792 	return (error);
793 }
794 
795 static int
796 zfs_ioc_pool_stats(zfs_cmd_t *zc)
797 {
798 	nvlist_t *config;
799 	int error;
800 	int ret = 0;
801 
802 	error = spa_get_stats(zc->zc_name, &config, zc->zc_value,
803 	    sizeof (zc->zc_value));
804 
805 	if (config != NULL) {
806 		ret = put_nvlist(zc, config);
807 		nvlist_free(config);
808 
809 		/*
810 		 * The config may be present even if 'error' is non-zero.
811 		 * In this case we return success, and preserve the real errno
812 		 * in 'zc_cookie'.
813 		 */
814 		zc->zc_cookie = error;
815 	} else {
816 		ret = error;
817 	}
818 
819 	return (ret);
820 }
821 
822 /*
823  * Try to import the given pool, returning pool stats as appropriate so that
824  * user land knows which devices are available and overall pool health.
825  */
826 static int
827 zfs_ioc_pool_tryimport(zfs_cmd_t *zc)
828 {
829 	nvlist_t *tryconfig, *config;
830 	int error;
831 
832 	if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
833 	    &tryconfig)) != 0)
834 		return (error);
835 
836 	config = spa_tryimport(tryconfig);
837 
838 	nvlist_free(tryconfig);
839 
840 	if (config == NULL)
841 		return (EINVAL);
842 
843 	error = put_nvlist(zc, config);
844 	nvlist_free(config);
845 
846 	return (error);
847 }
848 
849 static int
850 zfs_ioc_pool_scrub(zfs_cmd_t *zc)
851 {
852 	spa_t *spa;
853 	int error;
854 
855 	if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
856 		return (error);
857 
858 	mutex_enter(&spa_namespace_lock);
859 	error = spa_scrub(spa, zc->zc_cookie, B_FALSE);
860 	mutex_exit(&spa_namespace_lock);
861 
862 	spa_close(spa, FTAG);
863 
864 	return (error);
865 }
866 
867 static int
868 zfs_ioc_pool_freeze(zfs_cmd_t *zc)
869 {
870 	spa_t *spa;
871 	int error;
872 
873 	error = spa_open(zc->zc_name, &spa, FTAG);
874 	if (error == 0) {
875 		spa_freeze(spa);
876 		spa_close(spa, FTAG);
877 	}
878 	return (error);
879 }
880 
881 static int
882 zfs_ioc_pool_upgrade(zfs_cmd_t *zc)
883 {
884 	spa_t *spa;
885 	int error;
886 
887 	if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
888 		return (error);
889 
890 	if (zc->zc_cookie < spa_version(spa) || zc->zc_cookie > SPA_VERSION) {
891 		spa_close(spa, FTAG);
892 		return (EINVAL);
893 	}
894 
895 	spa_upgrade(spa, zc->zc_cookie);
896 	spa_close(spa, FTAG);
897 
898 	return (error);
899 }
900 
901 static int
902 zfs_ioc_pool_get_history(zfs_cmd_t *zc)
903 {
904 	spa_t *spa;
905 	char *hist_buf;
906 	uint64_t size;
907 	int error;
908 
909 	if ((size = zc->zc_history_len) == 0)
910 		return (EINVAL);
911 
912 	if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
913 		return (error);
914 
915 	if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
916 		spa_close(spa, FTAG);
917 		return (ENOTSUP);
918 	}
919 
920 	hist_buf = kmem_alloc(size, KM_SLEEP);
921 	if ((error = spa_history_get(spa, &zc->zc_history_offset,
922 	    &zc->zc_history_len, hist_buf)) == 0) {
923 		error = xcopyout(hist_buf,
924 		    (char *)(uintptr_t)zc->zc_history,
925 		    zc->zc_history_len);
926 	}
927 
928 	spa_close(spa, FTAG);
929 	kmem_free(hist_buf, size);
930 	return (error);
931 }
932 
933 static int
934 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc)
935 {
936 	int error;
937 
938 	if (error = dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value))
939 		return (error);
940 
941 	return (0);
942 }
943 
944 static int
945 zfs_ioc_obj_to_path(zfs_cmd_t *zc)
946 {
947 	objset_t *osp;
948 	int error;
949 
950 	if ((error = dmu_objset_open(zc->zc_name, DMU_OST_ZFS,
951 	    DS_MODE_NONE | DS_MODE_READONLY, &osp)) != 0)
952 		return (error);
953 
954 	error = zfs_obj_to_path(osp, zc->zc_obj, zc->zc_value,
955 	    sizeof (zc->zc_value));
956 	dmu_objset_close(osp);
957 
958 	return (error);
959 }
960 
961 static int
962 zfs_ioc_vdev_add(zfs_cmd_t *zc)
963 {
964 	spa_t *spa;
965 	int error;
966 	nvlist_t *config;
967 
968 	error = spa_open(zc->zc_name, &spa, FTAG);
969 	if (error != 0)
970 		return (error);
971 
972 	/*
973 	 * A root pool with concatenated devices is not supported.
974 	 * Thus, can not add a device to a root pool with one device.
975 	 */
976 	if (spa->spa_root_vdev->vdev_children == 1 && spa->spa_bootfs != 0) {
977 		spa_close(spa, FTAG);
978 		return (EDOM);
979 	}
980 
981 	if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
982 	    &config)) == 0) {
983 		error = spa_vdev_add(spa, config);
984 		nvlist_free(config);
985 	}
986 	spa_close(spa, FTAG);
987 	return (error);
988 }
989 
990 static int
991 zfs_ioc_vdev_remove(zfs_cmd_t *zc)
992 {
993 	spa_t *spa;
994 	int error;
995 
996 	error = spa_open(zc->zc_name, &spa, FTAG);
997 	if (error != 0)
998 		return (error);
999 	error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE);
1000 	spa_close(spa, FTAG);
1001 	return (error);
1002 }
1003 
1004 static int
1005 zfs_ioc_vdev_set_state(zfs_cmd_t *zc)
1006 {
1007 	spa_t *spa;
1008 	int error;
1009 	vdev_state_t newstate = VDEV_STATE_UNKNOWN;
1010 
1011 	if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1012 		return (error);
1013 	switch (zc->zc_cookie) {
1014 	case VDEV_STATE_ONLINE:
1015 		error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate);
1016 		break;
1017 
1018 	case VDEV_STATE_OFFLINE:
1019 		error = vdev_offline(spa, zc->zc_guid, zc->zc_obj);
1020 		break;
1021 
1022 	case VDEV_STATE_FAULTED:
1023 		error = vdev_fault(spa, zc->zc_guid);
1024 		break;
1025 
1026 	case VDEV_STATE_DEGRADED:
1027 		error = vdev_degrade(spa, zc->zc_guid);
1028 		break;
1029 
1030 	default:
1031 		error = EINVAL;
1032 	}
1033 	zc->zc_cookie = newstate;
1034 	spa_close(spa, FTAG);
1035 	return (error);
1036 }
1037 
1038 static int
1039 zfs_ioc_vdev_attach(zfs_cmd_t *zc)
1040 {
1041 	spa_t *spa;
1042 	int replacing = zc->zc_cookie;
1043 	nvlist_t *config;
1044 	int error;
1045 
1046 	if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1047 		return (error);
1048 
1049 	if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1050 	    &config)) == 0) {
1051 		error = spa_vdev_attach(spa, zc->zc_guid, config, replacing);
1052 		nvlist_free(config);
1053 	}
1054 
1055 	spa_close(spa, FTAG);
1056 	return (error);
1057 }
1058 
1059 static int
1060 zfs_ioc_vdev_detach(zfs_cmd_t *zc)
1061 {
1062 	spa_t *spa;
1063 	int error;
1064 
1065 	if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1066 		return (error);
1067 
1068 	error = spa_vdev_detach(spa, zc->zc_guid, B_FALSE);
1069 
1070 	spa_close(spa, FTAG);
1071 	return (error);
1072 }
1073 
1074 static int
1075 zfs_ioc_vdev_setpath(zfs_cmd_t *zc)
1076 {
1077 	spa_t *spa;
1078 	char *path = zc->zc_value;
1079 	uint64_t guid = zc->zc_guid;
1080 	int error;
1081 
1082 	error = spa_open(zc->zc_name, &spa, FTAG);
1083 	if (error != 0)
1084 		return (error);
1085 
1086 	error = spa_vdev_setpath(spa, guid, path);
1087 	spa_close(spa, FTAG);
1088 	return (error);
1089 }
1090 
1091 /*
1092  * inputs:
1093  * zc_name		name of filesystem
1094  * zc_nvlist_dst_size	size of buffer for property nvlist
1095  *
1096  * outputs:
1097  * zc_objset_stats	stats
1098  * zc_nvlist_dst	property nvlist
1099  * zc_nvlist_dst_size	size of property nvlist
1100  * zc_value		alternate root
1101  */
1102 static int
1103 zfs_ioc_objset_stats(zfs_cmd_t *zc)
1104 {
1105 	objset_t *os = NULL;
1106 	int error;
1107 	nvlist_t *nv;
1108 
1109 retry:
1110 	error = dmu_objset_open(zc->zc_name, DMU_OST_ANY,
1111 	    DS_MODE_STANDARD | DS_MODE_READONLY, &os);
1112 	if (error != 0) {
1113 		/*
1114 		 * This is ugly: dmu_objset_open() can return EBUSY if
1115 		 * the objset is held exclusively. Fortunately this hold is
1116 		 * only for a short while, so we retry here.
1117 		 * This avoids user code having to handle EBUSY,
1118 		 * for example for a "zfs list".
1119 		 */
1120 		if (error == EBUSY) {
1121 			delay(1);
1122 			goto retry;
1123 		}
1124 		return (error);
1125 	}
1126 
1127 	dmu_objset_fast_stat(os, &zc->zc_objset_stats);
1128 
1129 	if (zc->zc_nvlist_dst != 0 &&
1130 	    (error = dsl_prop_get_all(os, &nv)) == 0) {
1131 		dmu_objset_stats(os, nv);
1132 		/*
1133 		 * NB: zvol_get_stats() will read the objset contents,
1134 		 * which we aren't supposed to do with a
1135 		 * DS_MODE_STANDARD open, because it could be
1136 		 * inconsistent.  So this is a bit of a workaround...
1137 		 */
1138 		if (!zc->zc_objset_stats.dds_inconsistent) {
1139 			if (dmu_objset_type(os) == DMU_OST_ZVOL)
1140 				VERIFY(zvol_get_stats(os, nv) == 0);
1141 		}
1142 		error = put_nvlist(zc, nv);
1143 		nvlist_free(nv);
1144 	}
1145 
1146 	spa_altroot(dmu_objset_spa(os), zc->zc_value, sizeof (zc->zc_value));
1147 
1148 	dmu_objset_close(os);
1149 	return (error);
1150 }
1151 
1152 /*
1153  * inputs:
1154  * zc_name		name of filesystem
1155  * zc_cookie		zap cursor
1156  * zc_nvlist_dst_size	size of buffer for property nvlist
1157  *
1158  * outputs:
1159  * zc_name		name of next filesystem
1160  * zc_objset_stats	stats
1161  * zc_nvlist_dst	property nvlist
1162  * zc_nvlist_dst_size	size of property nvlist
1163  * zc_value		alternate root
1164  */
1165 static int
1166 zfs_ioc_objset_version(zfs_cmd_t *zc)
1167 {
1168 	objset_t *os = NULL;
1169 	int error;
1170 
1171 retry:
1172 	error = dmu_objset_open(zc->zc_name, DMU_OST_ANY,
1173 	    DS_MODE_STANDARD | DS_MODE_READONLY, &os);
1174 	if (error != 0) {
1175 		/*
1176 		 * This is ugly: dmu_objset_open() can return EBUSY if
1177 		 * the objset is held exclusively. Fortunately this hold is
1178 		 * only for a short while, so we retry here.
1179 		 * This avoids user code having to handle EBUSY,
1180 		 * for example for a "zfs list".
1181 		 */
1182 		if (error == EBUSY) {
1183 			delay(1);
1184 			goto retry;
1185 		}
1186 		return (error);
1187 	}
1188 
1189 	dmu_objset_fast_stat(os, &zc->zc_objset_stats);
1190 
1191 	/*
1192 	 * NB: zfs_get_version() will read the objset contents,
1193 	 * which we aren't supposed to do with a
1194 	 * DS_MODE_STANDARD open, because it could be
1195 	 * inconsistent.  So this is a bit of a workaround...
1196 	 */
1197 	zc->zc_cookie = 0;
1198 	if (!zc->zc_objset_stats.dds_inconsistent)
1199 		if (dmu_objset_type(os) == DMU_OST_ZFS)
1200 			(void) zfs_get_version(os, &zc->zc_cookie);
1201 
1202 	dmu_objset_close(os);
1203 	return (0);
1204 }
1205 
1206 static int
1207 zfs_ioc_dataset_list_next(zfs_cmd_t *zc)
1208 {
1209 	objset_t *os;
1210 	int error;
1211 	char *p;
1212 
1213 retry:
1214 	error = dmu_objset_open(zc->zc_name, DMU_OST_ANY,
1215 	    DS_MODE_STANDARD | DS_MODE_READONLY, &os);
1216 	if (error != 0) {
1217 		/*
1218 		 * This is ugly: dmu_objset_open() can return EBUSY if
1219 		 * the objset is held exclusively. Fortunately this hold is
1220 		 * only for a short while, so we retry here.
1221 		 * This avoids user code having to handle EBUSY,
1222 		 * for example for a "zfs list".
1223 		 */
1224 		if (error == EBUSY) {
1225 			delay(1);
1226 			goto retry;
1227 		}
1228 		if (error == ENOENT)
1229 			error = ESRCH;
1230 		return (error);
1231 	}
1232 
1233 	p = strrchr(zc->zc_name, '/');
1234 	if (p == NULL || p[1] != '\0')
1235 		(void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name));
1236 	p = zc->zc_name + strlen(zc->zc_name);
1237 
1238 	do {
1239 		error = dmu_dir_list_next(os,
1240 		    sizeof (zc->zc_name) - (p - zc->zc_name), p,
1241 		    NULL, &zc->zc_cookie);
1242 		if (error == ENOENT)
1243 			error = ESRCH;
1244 	} while (error == 0 && !INGLOBALZONE(curproc) &&
1245 	    !zone_dataset_visible(zc->zc_name, NULL));
1246 
1247 	/*
1248 	 * If it's a hidden dataset (ie. with a '$' in its name), don't
1249 	 * try to get stats for it.  Userland will skip over it.
1250 	 */
1251 	if (error == 0 && strchr(zc->zc_name, '$') == NULL)
1252 		error = zfs_ioc_objset_stats(zc); /* fill in the stats */
1253 
1254 	dmu_objset_close(os);
1255 	return (error);
1256 }
1257 
1258 /*
1259  * inputs:
1260  * zc_name		name of filesystem
1261  * zc_cookie		zap cursor
1262  * zc_nvlist_dst_size	size of buffer for property nvlist
1263  *
1264  * outputs:
1265  * zc_name		name of next snapshot
1266  * zc_objset_stats	stats
1267  * zc_nvlist_dst	property nvlist
1268  * zc_nvlist_dst_size	size of property nvlist
1269  * zc_value		alternate root
1270  */
1271 static int
1272 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc)
1273 {
1274 	objset_t *os;
1275 	int error;
1276 
1277 retry:
1278 	error = dmu_objset_open(zc->zc_name, DMU_OST_ANY,
1279 	    DS_MODE_STANDARD | DS_MODE_READONLY, &os);
1280 	if (error != 0) {
1281 		/*
1282 		 * This is ugly: dmu_objset_open() can return EBUSY if
1283 		 * the objset is held exclusively. Fortunately this hold is
1284 		 * only for a short while, so we retry here.
1285 		 * This avoids user code having to handle EBUSY,
1286 		 * for example for a "zfs list".
1287 		 */
1288 		if (error == EBUSY) {
1289 			delay(1);
1290 			goto retry;
1291 		}
1292 		if (error == ENOENT)
1293 			error = ESRCH;
1294 		return (error);
1295 	}
1296 
1297 	/*
1298 	 * A dataset name of maximum length cannot have any snapshots,
1299 	 * so exit immediately.
1300 	 */
1301 	if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >= MAXNAMELEN) {
1302 		dmu_objset_close(os);
1303 		return (ESRCH);
1304 	}
1305 
1306 	error = dmu_snapshot_list_next(os,
1307 	    sizeof (zc->zc_name) - strlen(zc->zc_name),
1308 	    zc->zc_name + strlen(zc->zc_name), NULL, &zc->zc_cookie);
1309 	if (error == ENOENT)
1310 		error = ESRCH;
1311 
1312 	if (error == 0)
1313 		error = zfs_ioc_objset_stats(zc); /* fill in the stats */
1314 
1315 	/* if we failed, undo the @ that we tacked on to zc_name */
1316 	if (error != 0)
1317 		*strchr(zc->zc_name, '@') = '\0';
1318 
1319 	dmu_objset_close(os);
1320 	return (error);
1321 }
1322 
1323 static int
1324 zfs_set_prop_nvlist(const char *name, nvlist_t *nvl)
1325 {
1326 	nvpair_t *elem;
1327 	int error;
1328 	uint64_t intval;
1329 	char *strval;
1330 
1331 	/*
1332 	 * First validate permission to set all of the properties
1333 	 */
1334 	elem = NULL;
1335 	while ((elem = nvlist_next_nvpair(nvl, elem)) != NULL) {
1336 		const char *propname = nvpair_name(elem);
1337 		zfs_prop_t prop = zfs_name_to_prop(propname);
1338 
1339 		if (prop == ZPROP_INVAL) {
1340 			/*
1341 			 * If this is a user-defined property, it must be a
1342 			 * string, and there is no further validation to do.
1343 			 */
1344 			if (!zfs_prop_user(propname) ||
1345 			    nvpair_type(elem) != DATA_TYPE_STRING)
1346 				return (EINVAL);
1347 
1348 			if (error = zfs_secpolicy_write_perms(name,
1349 			    ZFS_DELEG_PERM_USERPROP, CRED()))
1350 				return (error);
1351 			continue;
1352 		}
1353 
1354 		if ((error = zfs_secpolicy_setprop(name, prop, CRED())) != 0)
1355 			return (error);
1356 
1357 		/*
1358 		 * Check that this value is valid for this pool version
1359 		 */
1360 		switch (prop) {
1361 		case ZFS_PROP_COMPRESSION:
1362 			/*
1363 			 * If the user specified gzip compression, make sure
1364 			 * the SPA supports it. We ignore any errors here since
1365 			 * we'll catch them later.
1366 			 */
1367 			if (nvpair_type(elem) == DATA_TYPE_UINT64 &&
1368 			    nvpair_value_uint64(elem, &intval) == 0 &&
1369 			    intval >= ZIO_COMPRESS_GZIP_1 &&
1370 			    intval <= ZIO_COMPRESS_GZIP_9) {
1371 				if (zfs_check_version(name,
1372 				    SPA_VERSION_GZIP_COMPRESSION))
1373 					return (ENOTSUP);
1374 			}
1375 			break;
1376 
1377 		case ZFS_PROP_COPIES:
1378 			if (zfs_check_version(name, SPA_VERSION_DITTO_BLOCKS))
1379 				return (ENOTSUP);
1380 			break;
1381 		case ZFS_PROP_NORMALIZE:
1382 		case ZFS_PROP_UTF8ONLY:
1383 		case ZFS_PROP_CASE:
1384 			if (zfs_check_version(name, SPA_VERSION_NORMALIZATION))
1385 				return (ENOTSUP);
1386 
1387 		}
1388 		if ((error = zfs_secpolicy_setprop(name, prop, CRED())) != 0)
1389 			return (error);
1390 	}
1391 
1392 	elem = NULL;
1393 	while ((elem = nvlist_next_nvpair(nvl, elem)) != NULL) {
1394 		const char *propname = nvpair_name(elem);
1395 		zfs_prop_t prop = zfs_name_to_prop(propname);
1396 
1397 		if (prop == ZPROP_INVAL) {
1398 			VERIFY(nvpair_value_string(elem, &strval) == 0);
1399 			error = dsl_prop_set(name, propname, 1,
1400 			    strlen(strval) + 1, strval);
1401 			if (error == 0)
1402 				continue;
1403 			else
1404 				return (error);
1405 		}
1406 
1407 		switch (prop) {
1408 		case ZFS_PROP_QUOTA:
1409 			if ((error = nvpair_value_uint64(elem, &intval)) != 0 ||
1410 			    (error = dsl_dir_set_quota(name, intval)) != 0)
1411 				return (error);
1412 			break;
1413 
1414 		case ZFS_PROP_REFQUOTA:
1415 			if ((error = nvpair_value_uint64(elem, &intval)) != 0 ||
1416 			    (error = dsl_dataset_set_quota(name, intval)) != 0)
1417 				return (error);
1418 			break;
1419 
1420 		case ZFS_PROP_RESERVATION:
1421 			if ((error = nvpair_value_uint64(elem, &intval)) != 0 ||
1422 			    (error = dsl_dir_set_reservation(name,
1423 			    intval)) != 0)
1424 				return (error);
1425 			break;
1426 
1427 		case ZFS_PROP_REFRESERVATION:
1428 			if ((error = nvpair_value_uint64(elem, &intval)) != 0 ||
1429 			    (error = dsl_dataset_set_reservation(name,
1430 			    intval)) != 0)
1431 				return (error);
1432 			break;
1433 
1434 		case ZFS_PROP_VOLSIZE:
1435 			if ((error = nvpair_value_uint64(elem, &intval)) != 0 ||
1436 			    (error = zvol_set_volsize(name,
1437 			    ddi_driver_major(zfs_dip), intval)) != 0)
1438 				return (error);
1439 			break;
1440 
1441 		case ZFS_PROP_VOLBLOCKSIZE:
1442 			if ((error = nvpair_value_uint64(elem, &intval)) != 0 ||
1443 			    (error = zvol_set_volblocksize(name, intval)) != 0)
1444 				return (error);
1445 			break;
1446 
1447 		case ZFS_PROP_VERSION:
1448 			if ((error = nvpair_value_uint64(elem, &intval)) != 0 ||
1449 			    (error = zfs_set_version(name, intval)) != 0)
1450 				return (error);
1451 			break;
1452 
1453 		default:
1454 			if (nvpair_type(elem) == DATA_TYPE_STRING) {
1455 				if (zfs_prop_get_type(prop) !=
1456 				    PROP_TYPE_STRING)
1457 					return (EINVAL);
1458 				VERIFY(nvpair_value_string(elem, &strval) == 0);
1459 				if ((error = dsl_prop_set(name,
1460 				    nvpair_name(elem), 1, strlen(strval) + 1,
1461 				    strval)) != 0)
1462 					return (error);
1463 			} else if (nvpair_type(elem) == DATA_TYPE_UINT64) {
1464 				const char *unused;
1465 
1466 				VERIFY(nvpair_value_uint64(elem, &intval) == 0);
1467 
1468 				switch (zfs_prop_get_type(prop)) {
1469 				case PROP_TYPE_NUMBER:
1470 					break;
1471 				case PROP_TYPE_STRING:
1472 					return (EINVAL);
1473 				case PROP_TYPE_INDEX:
1474 					if (zfs_prop_index_to_string(prop,
1475 					    intval, &unused) != 0)
1476 						return (EINVAL);
1477 					break;
1478 				default:
1479 					cmn_err(CE_PANIC,
1480 					    "unknown property type");
1481 					break;
1482 				}
1483 
1484 				if ((error = dsl_prop_set(name, propname,
1485 				    8, 1, &intval)) != 0)
1486 					return (error);
1487 			} else {
1488 				return (EINVAL);
1489 			}
1490 			break;
1491 		}
1492 	}
1493 
1494 	return (0);
1495 }
1496 
1497 /*
1498  * inputs:
1499  * zc_name		name of filesystem
1500  * zc_value		name of property to inherit
1501  * zc_nvlist_src{_size}	nvlist of properties to apply
1502  *
1503  * outputs:		none
1504  */
1505 static int
1506 zfs_ioc_set_prop(zfs_cmd_t *zc)
1507 {
1508 	nvlist_t *nvl;
1509 	int error;
1510 
1511 	if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1512 	    &nvl)) != 0)
1513 		return (error);
1514 
1515 	error = zfs_set_prop_nvlist(zc->zc_name, nvl);
1516 
1517 	nvlist_free(nvl);
1518 	return (error);
1519 }
1520 
1521 /*
1522  * inputs:
1523  * zc_name		name of filesystem
1524  * zc_value		name of property to inherit
1525  *
1526  * outputs:		none
1527  */
1528 static int
1529 zfs_ioc_inherit_prop(zfs_cmd_t *zc)
1530 {
1531 	/* the property name has been validated by zfs_secpolicy_inherit() */
1532 	return (dsl_prop_set(zc->zc_name, zc->zc_value, 0, 0, NULL));
1533 }
1534 
1535 static int
1536 zfs_ioc_pool_set_props(zfs_cmd_t *zc)
1537 {
1538 	nvlist_t *props;
1539 	spa_t *spa;
1540 	int error;
1541 
1542 	if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1543 	    &props)))
1544 		return (error);
1545 
1546 	if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
1547 		nvlist_free(props);
1548 		return (error);
1549 	}
1550 
1551 	error = spa_prop_set(spa, props);
1552 
1553 	nvlist_free(props);
1554 	spa_close(spa, FTAG);
1555 
1556 	return (error);
1557 }
1558 
1559 static int
1560 zfs_ioc_pool_get_props(zfs_cmd_t *zc)
1561 {
1562 	spa_t *spa;
1563 	int error;
1564 	nvlist_t *nvp = NULL;
1565 
1566 	if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1567 		return (error);
1568 
1569 	error = spa_prop_get(spa, &nvp);
1570 
1571 	if (error == 0 && zc->zc_nvlist_dst != NULL)
1572 		error = put_nvlist(zc, nvp);
1573 	else
1574 		error = EFAULT;
1575 
1576 	spa_close(spa, FTAG);
1577 
1578 	if (nvp)
1579 		nvlist_free(nvp);
1580 	return (error);
1581 }
1582 
1583 static int
1584 zfs_ioc_iscsi_perm_check(zfs_cmd_t *zc)
1585 {
1586 	nvlist_t *nvp;
1587 	int error;
1588 	uint32_t uid;
1589 	uint32_t gid;
1590 	uint32_t *groups;
1591 	uint_t group_cnt;
1592 	cred_t	*usercred;
1593 
1594 	if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1595 	    &nvp)) != 0) {
1596 		return (error);
1597 	}
1598 
1599 	if ((error = nvlist_lookup_uint32(nvp,
1600 	    ZFS_DELEG_PERM_UID, &uid)) != 0) {
1601 		nvlist_free(nvp);
1602 		return (EPERM);
1603 	}
1604 
1605 	if ((error = nvlist_lookup_uint32(nvp,
1606 	    ZFS_DELEG_PERM_GID, &gid)) != 0) {
1607 		nvlist_free(nvp);
1608 		return (EPERM);
1609 	}
1610 
1611 	if ((error = nvlist_lookup_uint32_array(nvp, ZFS_DELEG_PERM_GROUPS,
1612 	    &groups, &group_cnt)) != 0) {
1613 		nvlist_free(nvp);
1614 		return (EPERM);
1615 	}
1616 	usercred = cralloc();
1617 	if ((crsetugid(usercred, uid, gid) != 0) ||
1618 	    (crsetgroups(usercred, group_cnt, (gid_t *)groups) != 0)) {
1619 		nvlist_free(nvp);
1620 		crfree(usercred);
1621 		return (EPERM);
1622 	}
1623 	nvlist_free(nvp);
1624 	error = dsl_deleg_access(zc->zc_name,
1625 	    zfs_prop_to_name(ZFS_PROP_SHAREISCSI), usercred);
1626 	crfree(usercred);
1627 	return (error);
1628 }
1629 
1630 /*
1631  * inputs:
1632  * zc_name		name of filesystem
1633  * zc_nvlist_src{_size}	nvlist of delegated permissions
1634  * zc_perm_action	allow/unallow flag
1635  *
1636  * outputs:		none
1637  */
1638 static int
1639 zfs_ioc_set_fsacl(zfs_cmd_t *zc)
1640 {
1641 	int error;
1642 	nvlist_t *fsaclnv = NULL;
1643 
1644 	if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1645 	    &fsaclnv)) != 0)
1646 		return (error);
1647 
1648 	/*
1649 	 * Verify nvlist is constructed correctly
1650 	 */
1651 	if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) {
1652 		nvlist_free(fsaclnv);
1653 		return (EINVAL);
1654 	}
1655 
1656 	/*
1657 	 * If we don't have PRIV_SYS_MOUNT, then validate
1658 	 * that user is allowed to hand out each permission in
1659 	 * the nvlist(s)
1660 	 */
1661 
1662 	error = secpolicy_zfs(CRED());
1663 	if (error) {
1664 		if (zc->zc_perm_action == B_FALSE) {
1665 			error = dsl_deleg_can_allow(zc->zc_name,
1666 			    fsaclnv, CRED());
1667 		} else {
1668 			error = dsl_deleg_can_unallow(zc->zc_name,
1669 			    fsaclnv, CRED());
1670 		}
1671 	}
1672 
1673 	if (error == 0)
1674 		error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action);
1675 
1676 	nvlist_free(fsaclnv);
1677 	return (error);
1678 }
1679 
1680 /*
1681  * inputs:
1682  * zc_name		name of filesystem
1683  *
1684  * outputs:
1685  * zc_nvlist_src{_size}	nvlist of delegated permissions
1686  */
1687 static int
1688 zfs_ioc_get_fsacl(zfs_cmd_t *zc)
1689 {
1690 	nvlist_t *nvp;
1691 	int error;
1692 
1693 	if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) {
1694 		error = put_nvlist(zc, nvp);
1695 		nvlist_free(nvp);
1696 	}
1697 
1698 	return (error);
1699 }
1700 
1701 /*
1702  * inputs:
1703  * zc_name		name of volume
1704  *
1705  * outputs:		none
1706  */
1707 static int
1708 zfs_ioc_create_minor(zfs_cmd_t *zc)
1709 {
1710 	return (zvol_create_minor(zc->zc_name, ddi_driver_major(zfs_dip)));
1711 }
1712 
1713 /*
1714  * inputs:
1715  * zc_name		name of volume
1716  *
1717  * outputs:		none
1718  */
1719 static int
1720 zfs_ioc_remove_minor(zfs_cmd_t *zc)
1721 {
1722 	return (zvol_remove_minor(zc->zc_name));
1723 }
1724 
1725 /*
1726  * Search the vfs list for a specified resource.  Returns a pointer to it
1727  * or NULL if no suitable entry is found. The caller of this routine
1728  * is responsible for releasing the returned vfs pointer.
1729  */
1730 static vfs_t *
1731 zfs_get_vfs(const char *resource)
1732 {
1733 	struct vfs *vfsp;
1734 	struct vfs *vfs_found = NULL;
1735 
1736 	vfs_list_read_lock();
1737 	vfsp = rootvfs;
1738 	do {
1739 		if (strcmp(refstr_value(vfsp->vfs_resource), resource) == 0) {
1740 			VFS_HOLD(vfsp);
1741 			vfs_found = vfsp;
1742 			break;
1743 		}
1744 		vfsp = vfsp->vfs_next;
1745 	} while (vfsp != rootvfs);
1746 	vfs_list_unlock();
1747 	return (vfs_found);
1748 }
1749 
1750 /* ARGSUSED */
1751 static void
1752 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx)
1753 {
1754 	zfs_creat_t *zct = arg;
1755 	uint64_t version;
1756 
1757 	if (spa_version(dmu_objset_spa(os)) >= SPA_VERSION_FUID)
1758 		version = ZPL_VERSION;
1759 	else
1760 		version = ZPL_VERSION_FUID - 1;
1761 
1762 	(void) nvlist_lookup_uint64(zct->zct_props,
1763 	    zfs_prop_to_name(ZFS_PROP_VERSION), &version);
1764 
1765 	zfs_create_fs(os, cr, version, zct->zct_norm, tx);
1766 }
1767 
1768 /*
1769  * zfs_prop_lookup()
1770  *
1771  * Look for the property first in the existing property nvlist.  If
1772  * it's already present, you're done.  If it's not there, attempt to
1773  * find the property value from a parent dataset.  If that fails, fall
1774  * back to the property's default value.  In either of these two
1775  * cases, if update is TRUE, add a value for the property to the
1776  * property nvlist.
1777  *
1778  * If the rval pointer is non-NULL, copy the discovered value to rval.
1779  *
1780  * If we get any unexpected errors, bail and return the error number
1781  * to the caller.
1782  *
1783  * If we succeed, return 0.
1784  */
1785 static int
1786 zfs_prop_lookup(const char *parentname, zfs_prop_t propnum,
1787     nvlist_t *proplist, uint64_t *rval, boolean_t update)
1788 {
1789 	const char *propname;
1790 	uint64_t value;
1791 	int error = ENOENT;
1792 
1793 	propname = zfs_prop_to_name(propnum);
1794 	if (proplist != NULL)
1795 		error = nvlist_lookup_uint64(proplist, propname, &value);
1796 	if (error == ENOENT) {
1797 		error = dsl_prop_get_integer(parentname, propname,
1798 		    &value, NULL);
1799 		if (error == ENOENT)
1800 			value = zfs_prop_default_numeric(propnum);
1801 		else if (error != 0)
1802 			return (error);
1803 		if (update) {
1804 			ASSERT(proplist != NULL);
1805 			error = nvlist_add_uint64(proplist, propname, value);
1806 		}
1807 	}
1808 	if (error == 0 && rval)
1809 		*rval = value;
1810 	return (error);
1811 }
1812 
1813 /*
1814  * zfs_normalization_get
1815  *
1816  * Get the normalization flag value.  If the properties have
1817  * non-default values, make sure the pool version is recent enough to
1818  * support these choices.
1819  */
1820 static int
1821 zfs_normalization_get(const char *dataset, nvlist_t *proplist, int *norm,
1822     boolean_t update)
1823 {
1824 	char parentname[MAXNAMELEN];
1825 	char poolname[MAXNAMELEN];
1826 	char *cp;
1827 	uint64_t value;
1828 	int check = 0;
1829 	int error;
1830 
1831 	ASSERT(norm != NULL);
1832 	*norm = 0;
1833 
1834 	(void) strncpy(parentname, dataset, sizeof (parentname));
1835 	cp = strrchr(parentname, '@');
1836 	if (cp != NULL) {
1837 		cp[0] = '\0';
1838 	} else {
1839 		cp = strrchr(parentname, '/');
1840 		if (cp == NULL)
1841 			return (ENOENT);
1842 		cp[0] = '\0';
1843 	}
1844 
1845 	(void) strncpy(poolname, dataset, sizeof (poolname));
1846 	cp = strchr(poolname, '/');
1847 	if (cp != NULL)
1848 		cp[0] = '\0';
1849 
1850 	/*
1851 	 * Make sure pool is of new enough vintage to support normalization.
1852 	 */
1853 	if (zfs_check_version(poolname, SPA_VERSION_NORMALIZATION))
1854 		return (0);
1855 
1856 	error = zfs_prop_lookup(parentname, ZFS_PROP_UTF8ONLY,
1857 	    proplist, &value, update);
1858 	if (error != 0)
1859 		return (error);
1860 	if (value != zfs_prop_default_numeric(ZFS_PROP_UTF8ONLY))
1861 		check = 1;
1862 
1863 	error = zfs_prop_lookup(parentname, ZFS_PROP_NORMALIZE,
1864 	    proplist, &value, update);
1865 	if (error != 0)
1866 		return (error);
1867 	if (value != zfs_prop_default_numeric(ZFS_PROP_NORMALIZE)) {
1868 		check = 1;
1869 		switch ((int)value) {
1870 		case ZFS_NORMALIZE_NONE:
1871 			break;
1872 		case ZFS_NORMALIZE_C:
1873 			*norm |= U8_TEXTPREP_NFC;
1874 			break;
1875 		case ZFS_NORMALIZE_D:
1876 			*norm |= U8_TEXTPREP_NFD;
1877 			break;
1878 		case ZFS_NORMALIZE_KC:
1879 			*norm |= U8_TEXTPREP_NFKC;
1880 			break;
1881 		case ZFS_NORMALIZE_KD:
1882 			*norm |= U8_TEXTPREP_NFKD;
1883 			break;
1884 		default:
1885 			ASSERT((int)value >= ZFS_NORMALIZE_NONE);
1886 			ASSERT((int)value <= ZFS_NORMALIZE_KD);
1887 			break;
1888 		}
1889 	}
1890 
1891 	error = zfs_prop_lookup(parentname, ZFS_PROP_CASE,
1892 	    proplist, &value, update);
1893 	if (error != 0)
1894 		return (error);
1895 	if (value != zfs_prop_default_numeric(ZFS_PROP_CASE)) {
1896 		check = 1;
1897 		switch ((int)value) {
1898 		case ZFS_CASE_SENSITIVE:
1899 			break;
1900 		case ZFS_CASE_INSENSITIVE:
1901 			*norm |= U8_TEXTPREP_TOUPPER;
1902 			break;
1903 		case ZFS_CASE_MIXED:
1904 			*norm |= U8_TEXTPREP_TOUPPER;
1905 			break;
1906 		default:
1907 			ASSERT((int)value >= ZFS_CASE_SENSITIVE);
1908 			ASSERT((int)value <= ZFS_CASE_MIXED);
1909 			break;
1910 		}
1911 	}
1912 
1913 	/*
1914 	 * At the moment we are disabling non-default values for these
1915 	 * properties because they cannot be preserved properly with a
1916 	 * zfs send.
1917 	 */
1918 	if (check == 1)
1919 		return (ENOTSUP);
1920 
1921 	return (0);
1922 }
1923 
1924 /*
1925  * inputs:
1926  * zc_objset_type	type of objset to create (fs vs zvol)
1927  * zc_name		name of new objset
1928  * zc_value		name of snapshot to clone from (may be empty)
1929  * zc_nvlist_src{_size}	nvlist of properties to apply
1930  *
1931  * outputs:		none
1932  */
1933 static int
1934 zfs_ioc_create(zfs_cmd_t *zc)
1935 {
1936 	objset_t *clone;
1937 	int error = 0;
1938 	zfs_creat_t zct;
1939 	nvlist_t *nvprops = NULL;
1940 	void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx);
1941 	dmu_objset_type_t type = zc->zc_objset_type;
1942 
1943 	switch (type) {
1944 
1945 	case DMU_OST_ZFS:
1946 		cbfunc = zfs_create_cb;
1947 		break;
1948 
1949 	case DMU_OST_ZVOL:
1950 		cbfunc = zvol_create_cb;
1951 		break;
1952 
1953 	default:
1954 		cbfunc = NULL;
1955 	}
1956 	if (strchr(zc->zc_name, '@') ||
1957 	    strchr(zc->zc_name, '%'))
1958 		return (EINVAL);
1959 
1960 	if (zc->zc_nvlist_src != NULL &&
1961 	    (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1962 	    &nvprops)) != 0)
1963 		return (error);
1964 
1965 	zct.zct_norm = 0;
1966 	zct.zct_props = nvprops;
1967 
1968 	if (zc->zc_value[0] != '\0') {
1969 		/*
1970 		 * We're creating a clone of an existing snapshot.
1971 		 */
1972 		zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
1973 		if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0) {
1974 			nvlist_free(nvprops);
1975 			return (EINVAL);
1976 		}
1977 
1978 		error = dmu_objset_open(zc->zc_value, type,
1979 		    DS_MODE_STANDARD | DS_MODE_READONLY, &clone);
1980 		if (error) {
1981 			nvlist_free(nvprops);
1982 			return (error);
1983 		}
1984 		error = dmu_objset_create(zc->zc_name, type, clone, NULL, NULL);
1985 		if (error) {
1986 			dmu_objset_close(clone);
1987 			nvlist_free(nvprops);
1988 			return (error);
1989 		}
1990 		/*
1991 		 * If caller did not provide any properties, allocate
1992 		 * an nvlist for properties, as we will be adding our set-once
1993 		 * properties to it.  This carries the choices made on the
1994 		 * original file system into the clone.
1995 		 */
1996 		if (nvprops == NULL)
1997 			VERIFY(nvlist_alloc(&nvprops,
1998 			    NV_UNIQUE_NAME, KM_SLEEP) == 0);
1999 
2000 		/*
2001 		 * We have to have normalization and case-folding
2002 		 * flags correct when we do the file system creation,
2003 		 * so go figure them out now.  All we really care about
2004 		 * here is getting these values into the property list.
2005 		 */
2006 		error = zfs_normalization_get(zc->zc_value, nvprops,
2007 		    &zct.zct_norm, B_TRUE);
2008 		if (error != 0) {
2009 			dmu_objset_close(clone);
2010 			nvlist_free(nvprops);
2011 			return (error);
2012 		}
2013 		dmu_objset_close(clone);
2014 	} else {
2015 		if (cbfunc == NULL) {
2016 			nvlist_free(nvprops);
2017 			return (EINVAL);
2018 		}
2019 
2020 		if (type == DMU_OST_ZVOL) {
2021 			uint64_t volsize, volblocksize;
2022 
2023 			if (nvprops == NULL ||
2024 			    nvlist_lookup_uint64(nvprops,
2025 			    zfs_prop_to_name(ZFS_PROP_VOLSIZE),
2026 			    &volsize) != 0) {
2027 				nvlist_free(nvprops);
2028 				return (EINVAL);
2029 			}
2030 
2031 			if ((error = nvlist_lookup_uint64(nvprops,
2032 			    zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
2033 			    &volblocksize)) != 0 && error != ENOENT) {
2034 				nvlist_free(nvprops);
2035 				return (EINVAL);
2036 			}
2037 
2038 			if (error != 0)
2039 				volblocksize = zfs_prop_default_numeric(
2040 				    ZFS_PROP_VOLBLOCKSIZE);
2041 
2042 			if ((error = zvol_check_volblocksize(
2043 			    volblocksize)) != 0 ||
2044 			    (error = zvol_check_volsize(volsize,
2045 			    volblocksize)) != 0) {
2046 				nvlist_free(nvprops);
2047 				return (error);
2048 			}
2049 		} else if (type == DMU_OST_ZFS) {
2050 			uint64_t version;
2051 			int error;
2052 
2053 			error = nvlist_lookup_uint64(nvprops,
2054 			    zfs_prop_to_name(ZFS_PROP_VERSION), &version);
2055 
2056 			if (error == 0 && (version < ZPL_VERSION_INITIAL ||
2057 			    version > ZPL_VERSION)) {
2058 				nvlist_free(nvprops);
2059 				return (ENOTSUP);
2060 			} else if (error == 0 && version >= ZPL_VERSION_FUID &&
2061 			    zfs_check_version(zc->zc_name, SPA_VERSION_FUID)) {
2062 				nvlist_free(nvprops);
2063 				return (ENOTSUP);
2064 			}
2065 
2066 			/*
2067 			 * We have to have normalization and
2068 			 * case-folding flags correct when we do the
2069 			 * file system creation, so go figure them out
2070 			 * now.  The final argument to zfs_normalization_get()
2071 			 * tells that routine not to update the nvprops
2072 			 * list.
2073 			 */
2074 			error = zfs_normalization_get(zc->zc_name, nvprops,
2075 			    &zct.zct_norm, B_FALSE);
2076 			if (error != 0) {
2077 				nvlist_free(nvprops);
2078 				return (error);
2079 			}
2080 		}
2081 		error = dmu_objset_create(zc->zc_name, type, NULL, cbfunc,
2082 		    &zct);
2083 	}
2084 
2085 	/*
2086 	 * It would be nice to do this atomically.
2087 	 */
2088 	if (error == 0) {
2089 		if ((error = zfs_set_prop_nvlist(zc->zc_name, nvprops)) != 0)
2090 			(void) dmu_objset_destroy(zc->zc_name);
2091 	}
2092 
2093 	nvlist_free(nvprops);
2094 	return (error);
2095 }
2096 
2097 /*
2098  * inputs:
2099  * zc_name	name of filesystem
2100  * zc_value	short name of snapshot
2101  * zc_cookie	recursive flag
2102  *
2103  * outputs:	none
2104  */
2105 static int
2106 zfs_ioc_snapshot(zfs_cmd_t *zc)
2107 {
2108 	if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
2109 		return (EINVAL);
2110 	return (dmu_objset_snapshot(zc->zc_name,
2111 	    zc->zc_value, zc->zc_cookie));
2112 }
2113 
2114 int
2115 zfs_unmount_snap(char *name, void *arg)
2116 {
2117 	char *snapname = arg;
2118 	char *cp;
2119 	vfs_t *vfsp = NULL;
2120 
2121 	/*
2122 	 * Snapshots (which are under .zfs control) must be unmounted
2123 	 * before they can be destroyed.
2124 	 */
2125 
2126 	if (snapname) {
2127 		(void) strcat(name, "@");
2128 		(void) strcat(name, snapname);
2129 		vfsp = zfs_get_vfs(name);
2130 		cp = strchr(name, '@');
2131 		*cp = '\0';
2132 	} else if (strchr(name, '@')) {
2133 		vfsp = zfs_get_vfs(name);
2134 	}
2135 
2136 	if (vfsp) {
2137 		/*
2138 		 * Always force the unmount for snapshots.
2139 		 */
2140 		int flag = MS_FORCE;
2141 		int err;
2142 
2143 		if ((err = vn_vfswlock(vfsp->vfs_vnodecovered)) != 0) {
2144 			VFS_RELE(vfsp);
2145 			return (err);
2146 		}
2147 		VFS_RELE(vfsp);
2148 		if ((err = dounmount(vfsp, flag, kcred)) != 0)
2149 			return (err);
2150 	}
2151 	return (0);
2152 }
2153 
2154 /*
2155  * inputs:
2156  * zc_name	name of filesystem
2157  * zc_value	short name of snapshot
2158  *
2159  * outputs:	none
2160  */
2161 static int
2162 zfs_ioc_destroy_snaps(zfs_cmd_t *zc)
2163 {
2164 	int err;
2165 
2166 	if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
2167 		return (EINVAL);
2168 	err = dmu_objset_find(zc->zc_name,
2169 	    zfs_unmount_snap, zc->zc_value, DS_FIND_CHILDREN);
2170 	if (err)
2171 		return (err);
2172 	return (dmu_snapshots_destroy(zc->zc_name, zc->zc_value));
2173 }
2174 
2175 /*
2176  * inputs:
2177  * zc_name		name of dataset to destroy
2178  * zc_objset_type	type of objset
2179  *
2180  * outputs:		none
2181  */
2182 static int
2183 zfs_ioc_destroy(zfs_cmd_t *zc)
2184 {
2185 	if (strchr(zc->zc_name, '@') && zc->zc_objset_type == DMU_OST_ZFS) {
2186 		int err = zfs_unmount_snap(zc->zc_name, NULL);
2187 		if (err)
2188 			return (err);
2189 	}
2190 
2191 	return (dmu_objset_destroy(zc->zc_name));
2192 }
2193 
2194 /*
2195  * inputs:
2196  * zc_name	name of dataset to rollback (to most recent snapshot)
2197  *
2198  * outputs:	none
2199  */
2200 static int
2201 zfs_ioc_rollback(zfs_cmd_t *zc)
2202 {
2203 	objset_t *os;
2204 	int error;
2205 	zfsvfs_t *zfsvfs = NULL;
2206 
2207 	/*
2208 	 * Get the zfsvfs for the receiving objset. There
2209 	 * won't be one if we're operating on a zvol, if the
2210 	 * objset doesn't exist yet, or is not mounted.
2211 	 */
2212 	error = dmu_objset_open(zc->zc_name, DMU_OST_ANY,
2213 	    DS_MODE_STANDARD, &os);
2214 	if (error)
2215 		return (error);
2216 
2217 	if (dmu_objset_type(os) == DMU_OST_ZFS) {
2218 		mutex_enter(&os->os->os_user_ptr_lock);
2219 		zfsvfs = dmu_objset_get_user(os);
2220 		if (zfsvfs != NULL)
2221 			VFS_HOLD(zfsvfs->z_vfs);
2222 		mutex_exit(&os->os->os_user_ptr_lock);
2223 	}
2224 
2225 	if (zfsvfs != NULL) {
2226 		char osname[MAXNAMELEN];
2227 		int mode;
2228 
2229 		VERIFY3U(0, ==, zfs_suspend_fs(zfsvfs, osname, &mode));
2230 		ASSERT(strcmp(osname, zc->zc_name) == 0);
2231 		error = dmu_objset_rollback(os);
2232 		VERIFY3U(0, ==, zfs_resume_fs(zfsvfs, osname, mode));
2233 
2234 		VFS_RELE(zfsvfs->z_vfs);
2235 	} else {
2236 		error = dmu_objset_rollback(os);
2237 	}
2238 	/* Note, the dmu_objset_rollback() closes the objset for us. */
2239 
2240 	return (error);
2241 }
2242 
2243 /*
2244  * inputs:
2245  * zc_name	old name of dataset
2246  * zc_value	new name of dataset
2247  * zc_cookie	recursive flag (only valid for snapshots)
2248  *
2249  * outputs:	none
2250  */
2251 static int
2252 zfs_ioc_rename(zfs_cmd_t *zc)
2253 {
2254 	boolean_t recursive = zc->zc_cookie & 1;
2255 
2256 	zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
2257 	if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
2258 	    strchr(zc->zc_value, '%'))
2259 		return (EINVAL);
2260 
2261 	/*
2262 	 * Unmount snapshot unless we're doing a recursive rename,
2263 	 * in which case the dataset code figures out which snapshots
2264 	 * to unmount.
2265 	 */
2266 	if (!recursive && strchr(zc->zc_name, '@') != NULL &&
2267 	    zc->zc_objset_type == DMU_OST_ZFS) {
2268 		int err = zfs_unmount_snap(zc->zc_name, NULL);
2269 		if (err)
2270 			return (err);
2271 	}
2272 
2273 	return (dmu_objset_rename(zc->zc_name, zc->zc_value, recursive));
2274 }
2275 
2276 /*
2277  * inputs:
2278  * zc_name		name of containing filesystem
2279  * zc_nvlist_src{_size}	nvlist of properties to apply
2280  * zc_value		name of snapshot to create
2281  * zc_string		name of clone origin (if DRR_FLAG_CLONE)
2282  * zc_cookie		file descriptor to recv from
2283  * zc_begin_record	the BEGIN record of the stream (not byteswapped)
2284  * zc_guid		force flag
2285  *
2286  * outputs:
2287  * zc_cookie		number of bytes read
2288  */
2289 static int
2290 zfs_ioc_recv(zfs_cmd_t *zc)
2291 {
2292 	file_t *fp;
2293 	objset_t *os;
2294 	dmu_recv_cookie_t drc;
2295 	zfsvfs_t *zfsvfs = NULL;
2296 	boolean_t force = (boolean_t)zc->zc_guid;
2297 	int error, fd;
2298 	offset_t off;
2299 	nvlist_t *props = NULL;
2300 	objset_t *origin = NULL;
2301 	char *tosnap;
2302 	char tofs[ZFS_MAXNAMELEN];
2303 
2304 	if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
2305 	    strchr(zc->zc_value, '@') == NULL ||
2306 	    strchr(zc->zc_value, '%'))
2307 		return (EINVAL);
2308 
2309 	(void) strcpy(tofs, zc->zc_value);
2310 	tosnap = strchr(tofs, '@');
2311 	*tosnap = '\0';
2312 	tosnap++;
2313 
2314 	if (zc->zc_nvlist_src != NULL &&
2315 	    (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2316 	    &props)) != 0)
2317 		return (error);
2318 
2319 	fd = zc->zc_cookie;
2320 	fp = getf(fd);
2321 	if (fp == NULL) {
2322 		nvlist_free(props);
2323 		return (EBADF);
2324 	}
2325 
2326 	/*
2327 	 * Get the zfsvfs for the receiving objset. There
2328 	 * won't be one if we're operating on a zvol, if the
2329 	 * objset doesn't exist yet, or is not mounted.
2330 	 */
2331 
2332 	error = dmu_objset_open(tofs, DMU_OST_ZFS,
2333 	    DS_MODE_STANDARD | DS_MODE_READONLY, &os);
2334 	if (!error) {
2335 		mutex_enter(&os->os->os_user_ptr_lock);
2336 		zfsvfs = dmu_objset_get_user(os);
2337 		if (zfsvfs != NULL)
2338 			VFS_HOLD(zfsvfs->z_vfs);
2339 		mutex_exit(&os->os->os_user_ptr_lock);
2340 		dmu_objset_close(os);
2341 	}
2342 
2343 	if (zc->zc_string[0]) {
2344 		error = dmu_objset_open(zc->zc_string, DMU_OST_ANY,
2345 		    DS_MODE_STANDARD | DS_MODE_READONLY, &origin);
2346 		if (error) {
2347 			if (zfsvfs != NULL)
2348 				VFS_RELE(zfsvfs->z_vfs);
2349 			nvlist_free(props);
2350 			releasef(fd);
2351 			return (error);
2352 		}
2353 	}
2354 
2355 	error = dmu_recv_begin(tofs, tosnap, &zc->zc_begin_record,
2356 	    force, origin, zfsvfs != NULL, &drc);
2357 	if (origin)
2358 		dmu_objset_close(origin);
2359 	if (error) {
2360 		if (zfsvfs != NULL)
2361 			VFS_RELE(zfsvfs->z_vfs);
2362 		nvlist_free(props);
2363 		releasef(fd);
2364 		return (error);
2365 	}
2366 
2367 	/*
2368 	 * If properties are supplied, they are to completely replace
2369 	 * the existing ones; "inherit" any existing properties.
2370 	 */
2371 	if (props) {
2372 		objset_t *os;
2373 		nvlist_t *nv = NULL;
2374 
2375 		error = dmu_objset_open(tofs, DMU_OST_ANY,
2376 		    DS_MODE_STANDARD | DS_MODE_READONLY | DS_MODE_INCONSISTENT,
2377 		    &os);
2378 		if (error == 0) {
2379 			error = dsl_prop_get_all(os, &nv);
2380 			dmu_objset_close(os);
2381 		}
2382 		if (error == 0) {
2383 			nvpair_t *elem;
2384 			zfs_cmd_t *zc2;
2385 			zc2 = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP);
2386 
2387 			(void) strcpy(zc2->zc_name, tofs);
2388 			for (elem = nvlist_next_nvpair(nv, NULL); elem;
2389 			    elem = nvlist_next_nvpair(nv, elem)) {
2390 				(void) strcpy(zc2->zc_value, nvpair_name(elem));
2391 				if (zfs_secpolicy_inherit(zc2, CRED()) == 0)
2392 					(void) zfs_ioc_inherit_prop(zc2);
2393 			}
2394 			kmem_free(zc2, sizeof (zfs_cmd_t));
2395 		}
2396 		if (nv)
2397 			nvlist_free(nv);
2398 	}
2399 
2400 	/*
2401 	 * Set properties.  Note, we ignore errors.  Would be better to
2402 	 * do best-effort in zfs_set_prop_nvlist, too.
2403 	 */
2404 	(void) zfs_set_prop_nvlist(tofs, props);
2405 	nvlist_free(props);
2406 
2407 	off = fp->f_offset;
2408 	error = dmu_recv_stream(&drc, fp->f_vnode, &off);
2409 
2410 	if (error == 0) {
2411 		if (zfsvfs != NULL) {
2412 			char osname[MAXNAMELEN];
2413 			int mode;
2414 
2415 			(void) zfs_suspend_fs(zfsvfs, osname, &mode);
2416 			error = dmu_recv_end(&drc);
2417 			error |= zfs_resume_fs(zfsvfs, osname, mode);
2418 		} else {
2419 			error = dmu_recv_end(&drc);
2420 		}
2421 	}
2422 	if (zfsvfs != NULL)
2423 		VFS_RELE(zfsvfs->z_vfs);
2424 
2425 	zc->zc_cookie = off - fp->f_offset;
2426 	if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
2427 		fp->f_offset = off;
2428 
2429 	releasef(fd);
2430 	return (error);
2431 }
2432 
2433 /*
2434  * inputs:
2435  * zc_name	name of snapshot to send
2436  * zc_value	short name of incremental fromsnap (may be empty)
2437  * zc_cookie	file descriptor to send stream to
2438  * zc_obj	fromorigin flag (mutually exclusive with zc_value)
2439  *
2440  * outputs: none
2441  */
2442 static int
2443 zfs_ioc_send(zfs_cmd_t *zc)
2444 {
2445 	objset_t *fromsnap = NULL;
2446 	objset_t *tosnap;
2447 	file_t *fp;
2448 	int error;
2449 	offset_t off;
2450 
2451 	error = dmu_objset_open(zc->zc_name, DMU_OST_ANY,
2452 	    DS_MODE_STANDARD | DS_MODE_READONLY, &tosnap);
2453 	if (error)
2454 		return (error);
2455 
2456 	if (zc->zc_value[0] != '\0') {
2457 		char buf[MAXPATHLEN];
2458 		char *cp;
2459 
2460 		(void) strncpy(buf, zc->zc_name, sizeof (buf));
2461 		cp = strchr(buf, '@');
2462 		if (cp)
2463 			*(cp+1) = 0;
2464 		(void) strncat(buf, zc->zc_value, sizeof (buf));
2465 		error = dmu_objset_open(buf, DMU_OST_ANY,
2466 		    DS_MODE_STANDARD | DS_MODE_READONLY, &fromsnap);
2467 		if (error) {
2468 			dmu_objset_close(tosnap);
2469 			return (error);
2470 		}
2471 	}
2472 
2473 	fp = getf(zc->zc_cookie);
2474 	if (fp == NULL) {
2475 		dmu_objset_close(tosnap);
2476 		if (fromsnap)
2477 			dmu_objset_close(fromsnap);
2478 		return (EBADF);
2479 	}
2480 
2481 	off = fp->f_offset;
2482 	error = dmu_sendbackup(tosnap, fromsnap, zc->zc_obj, fp->f_vnode, &off);
2483 
2484 	if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
2485 		fp->f_offset = off;
2486 	releasef(zc->zc_cookie);
2487 	if (fromsnap)
2488 		dmu_objset_close(fromsnap);
2489 	dmu_objset_close(tosnap);
2490 	return (error);
2491 }
2492 
2493 static int
2494 zfs_ioc_inject_fault(zfs_cmd_t *zc)
2495 {
2496 	int id, error;
2497 
2498 	error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id,
2499 	    &zc->zc_inject_record);
2500 
2501 	if (error == 0)
2502 		zc->zc_guid = (uint64_t)id;
2503 
2504 	return (error);
2505 }
2506 
2507 static int
2508 zfs_ioc_clear_fault(zfs_cmd_t *zc)
2509 {
2510 	return (zio_clear_fault((int)zc->zc_guid));
2511 }
2512 
2513 static int
2514 zfs_ioc_inject_list_next(zfs_cmd_t *zc)
2515 {
2516 	int id = (int)zc->zc_guid;
2517 	int error;
2518 
2519 	error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name),
2520 	    &zc->zc_inject_record);
2521 
2522 	zc->zc_guid = id;
2523 
2524 	return (error);
2525 }
2526 
2527 static int
2528 zfs_ioc_error_log(zfs_cmd_t *zc)
2529 {
2530 	spa_t *spa;
2531 	int error;
2532 	size_t count = (size_t)zc->zc_nvlist_dst_size;
2533 
2534 	if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
2535 		return (error);
2536 
2537 	error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst,
2538 	    &count);
2539 	if (error == 0)
2540 		zc->zc_nvlist_dst_size = count;
2541 	else
2542 		zc->zc_nvlist_dst_size = spa_get_errlog_size(spa);
2543 
2544 	spa_close(spa, FTAG);
2545 
2546 	return (error);
2547 }
2548 
2549 static int
2550 zfs_ioc_clear(zfs_cmd_t *zc)
2551 {
2552 	spa_t *spa;
2553 	vdev_t *vd;
2554 	uint64_t txg;
2555 	int error;
2556 
2557 	if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
2558 		return (error);
2559 
2560 	/*
2561 	 * Try to resume any I/Os which may have been suspended
2562 	 * as a result of a complete pool failure.
2563 	 */
2564 	if (!list_is_empty(&spa->spa_zio_list)) {
2565 		if (zio_vdev_resume_io(spa) != 0) {
2566 			spa_close(spa, FTAG);
2567 			return (EIO);
2568 		}
2569 	}
2570 
2571 	txg = spa_vdev_enter(spa);
2572 
2573 	if (zc->zc_guid == 0) {
2574 		vd = NULL;
2575 	} else if ((vd = spa_lookup_by_guid(spa, zc->zc_guid)) == NULL) {
2576 		(void) spa_vdev_exit(spa, NULL, txg, ENODEV);
2577 		spa_close(spa, FTAG);
2578 		return (ENODEV);
2579 	}
2580 
2581 	vdev_clear(spa, vd, B_TRUE);
2582 
2583 	(void) spa_vdev_exit(spa, NULL, txg, 0);
2584 
2585 	spa_close(spa, FTAG);
2586 
2587 	return (0);
2588 }
2589 
2590 /*
2591  * inputs:
2592  * zc_name	name of filesystem
2593  * zc_value	name of origin snapshot
2594  *
2595  * outputs:	none
2596  */
2597 static int
2598 zfs_ioc_promote(zfs_cmd_t *zc)
2599 {
2600 	char *cp;
2601 
2602 	/*
2603 	 * We don't need to unmount *all* the origin fs's snapshots, but
2604 	 * it's easier.
2605 	 */
2606 	cp = strchr(zc->zc_value, '@');
2607 	if (cp)
2608 		*cp = '\0';
2609 	(void) dmu_objset_find(zc->zc_value,
2610 	    zfs_unmount_snap, NULL, DS_FIND_SNAPSHOTS);
2611 	return (dsl_dataset_promote(zc->zc_name));
2612 }
2613 
2614 /*
2615  * We don't want to have a hard dependency
2616  * against some special symbols in sharefs
2617  * nfs, and smbsrv.  Determine them if needed when
2618  * the first file system is shared.
2619  * Neither sharefs, nfs or smbsrv are unloadable modules.
2620  */
2621 int (*znfsexport_fs)(void *arg);
2622 int (*zshare_fs)(enum sharefs_sys_op, share_t *, uint32_t);
2623 int (*zsmbexport_fs)(void *arg, boolean_t add_share);
2624 
2625 int zfs_nfsshare_inited;
2626 int zfs_smbshare_inited;
2627 
2628 ddi_modhandle_t nfs_mod;
2629 ddi_modhandle_t sharefs_mod;
2630 ddi_modhandle_t smbsrv_mod;
2631 kmutex_t zfs_share_lock;
2632 
2633 static int
2634 zfs_init_sharefs()
2635 {
2636 	int error;
2637 
2638 	ASSERT(MUTEX_HELD(&zfs_share_lock));
2639 	/* Both NFS and SMB shares also require sharetab support. */
2640 	if (sharefs_mod == NULL && ((sharefs_mod =
2641 	    ddi_modopen("fs/sharefs",
2642 	    KRTLD_MODE_FIRST, &error)) == NULL)) {
2643 		return (ENOSYS);
2644 	}
2645 	if (zshare_fs == NULL && ((zshare_fs =
2646 	    (int (*)(enum sharefs_sys_op, share_t *, uint32_t))
2647 	    ddi_modsym(sharefs_mod, "sharefs_impl", &error)) == NULL)) {
2648 		return (ENOSYS);
2649 	}
2650 	return (0);
2651 }
2652 
2653 static int
2654 zfs_ioc_share(zfs_cmd_t *zc)
2655 {
2656 	int error;
2657 	int opcode;
2658 
2659 	switch (zc->zc_share.z_sharetype) {
2660 	case ZFS_SHARE_NFS:
2661 	case ZFS_UNSHARE_NFS:
2662 		if (zfs_nfsshare_inited == 0) {
2663 			mutex_enter(&zfs_share_lock);
2664 			if (nfs_mod == NULL && ((nfs_mod = ddi_modopen("fs/nfs",
2665 			    KRTLD_MODE_FIRST, &error)) == NULL)) {
2666 				mutex_exit(&zfs_share_lock);
2667 				return (ENOSYS);
2668 			}
2669 			if (znfsexport_fs == NULL &&
2670 			    ((znfsexport_fs = (int (*)(void *))
2671 			    ddi_modsym(nfs_mod,
2672 			    "nfs_export", &error)) == NULL)) {
2673 				mutex_exit(&zfs_share_lock);
2674 				return (ENOSYS);
2675 			}
2676 			error = zfs_init_sharefs();
2677 			if (error) {
2678 				mutex_exit(&zfs_share_lock);
2679 				return (ENOSYS);
2680 			}
2681 			zfs_nfsshare_inited = 1;
2682 			mutex_exit(&zfs_share_lock);
2683 		}
2684 		break;
2685 	case ZFS_SHARE_SMB:
2686 	case ZFS_UNSHARE_SMB:
2687 		if (zfs_smbshare_inited == 0) {
2688 			mutex_enter(&zfs_share_lock);
2689 			if (smbsrv_mod == NULL && ((smbsrv_mod =
2690 			    ddi_modopen("drv/smbsrv",
2691 			    KRTLD_MODE_FIRST, &error)) == NULL)) {
2692 				mutex_exit(&zfs_share_lock);
2693 				return (ENOSYS);
2694 			}
2695 			if (zsmbexport_fs == NULL && ((zsmbexport_fs =
2696 			    (int (*)(void *, boolean_t))ddi_modsym(smbsrv_mod,
2697 			    "lmshrd_share_upcall", &error)) == NULL)) {
2698 				mutex_exit(&zfs_share_lock);
2699 				return (ENOSYS);
2700 			}
2701 			error = zfs_init_sharefs();
2702 			if (error) {
2703 				mutex_exit(&zfs_share_lock);
2704 				return (ENOSYS);
2705 			}
2706 			zfs_smbshare_inited = 1;
2707 			mutex_exit(&zfs_share_lock);
2708 		}
2709 		break;
2710 	default:
2711 		return (EINVAL);
2712 	}
2713 
2714 	switch (zc->zc_share.z_sharetype) {
2715 	case ZFS_SHARE_NFS:
2716 	case ZFS_UNSHARE_NFS:
2717 		if (error =
2718 		    znfsexport_fs((void *)
2719 		    (uintptr_t)zc->zc_share.z_exportdata))
2720 			return (error);
2721 		break;
2722 	case ZFS_SHARE_SMB:
2723 	case ZFS_UNSHARE_SMB:
2724 		if (error = zsmbexport_fs((void *)
2725 		    (uintptr_t)zc->zc_share.z_exportdata,
2726 		    zc->zc_share.z_sharetype == ZFS_SHARE_SMB ?
2727 		    B_TRUE : B_FALSE)) {
2728 			return (error);
2729 		}
2730 		break;
2731 	}
2732 
2733 	opcode = (zc->zc_share.z_sharetype == ZFS_SHARE_NFS ||
2734 	    zc->zc_share.z_sharetype == ZFS_SHARE_SMB) ?
2735 	    SHAREFS_ADD : SHAREFS_REMOVE;
2736 
2737 	/*
2738 	 * Add or remove share from sharetab
2739 	 */
2740 	error = zshare_fs(opcode,
2741 	    (void *)(uintptr_t)zc->zc_share.z_sharedata,
2742 	    zc->zc_share.z_sharemax);
2743 
2744 	return (error);
2745 
2746 }
2747 
2748 /*
2749  * pool create, destroy, and export don't log the history as part of
2750  * zfsdev_ioctl, but rather zfs_ioc_pool_create, and zfs_ioc_pool_export
2751  * do the logging of those commands.
2752  */
2753 static zfs_ioc_vec_t zfs_ioc_vec[] = {
2754 	{ zfs_ioc_pool_create, zfs_secpolicy_config, POOL_NAME, B_FALSE },
2755 	{ zfs_ioc_pool_destroy,	zfs_secpolicy_config, POOL_NAME, B_FALSE },
2756 	{ zfs_ioc_pool_import, zfs_secpolicy_config, POOL_NAME, B_TRUE },
2757 	{ zfs_ioc_pool_export, zfs_secpolicy_config, POOL_NAME, B_FALSE },
2758 	{ zfs_ioc_pool_configs,	zfs_secpolicy_none, NO_NAME, B_FALSE },
2759 	{ zfs_ioc_pool_stats, zfs_secpolicy_read, POOL_NAME, B_FALSE },
2760 	{ zfs_ioc_pool_tryimport, zfs_secpolicy_config, NO_NAME, B_FALSE },
2761 	{ zfs_ioc_pool_scrub, zfs_secpolicy_config, POOL_NAME, B_TRUE },
2762 	{ zfs_ioc_pool_freeze, zfs_secpolicy_config, NO_NAME, B_FALSE },
2763 	{ zfs_ioc_pool_upgrade,	zfs_secpolicy_config, POOL_NAME, B_TRUE },
2764 	{ zfs_ioc_pool_get_history, zfs_secpolicy_config, POOL_NAME, B_FALSE },
2765 	{ zfs_ioc_vdev_add, zfs_secpolicy_config, POOL_NAME, B_TRUE },
2766 	{ zfs_ioc_vdev_remove, zfs_secpolicy_config, POOL_NAME, B_TRUE },
2767 	{ zfs_ioc_vdev_set_state, zfs_secpolicy_config,	POOL_NAME, B_TRUE },
2768 	{ zfs_ioc_vdev_attach, zfs_secpolicy_config, POOL_NAME, B_TRUE },
2769 	{ zfs_ioc_vdev_detach, zfs_secpolicy_config, POOL_NAME, B_TRUE },
2770 	{ zfs_ioc_vdev_setpath,	zfs_secpolicy_config, POOL_NAME, B_FALSE },
2771 	{ zfs_ioc_objset_stats,	zfs_secpolicy_read, DATASET_NAME, B_FALSE },
2772 	{ zfs_ioc_objset_version, zfs_secpolicy_read, DATASET_NAME, B_FALSE },
2773 	{ zfs_ioc_dataset_list_next, zfs_secpolicy_read,
2774 	    DATASET_NAME, B_FALSE },
2775 	{ zfs_ioc_snapshot_list_next, zfs_secpolicy_read,
2776 	    DATASET_NAME, B_FALSE },
2777 	{ zfs_ioc_set_prop, zfs_secpolicy_none, DATASET_NAME, B_TRUE },
2778 	{ zfs_ioc_create_minor,	zfs_secpolicy_minor, DATASET_NAME, B_FALSE },
2779 	{ zfs_ioc_remove_minor,	zfs_secpolicy_minor, DATASET_NAME, B_FALSE },
2780 	{ zfs_ioc_create, zfs_secpolicy_create, DATASET_NAME, B_TRUE },
2781 	{ zfs_ioc_destroy, zfs_secpolicy_destroy, DATASET_NAME, B_TRUE },
2782 	{ zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME, B_TRUE },
2783 	{ zfs_ioc_rename, zfs_secpolicy_rename,	DATASET_NAME, B_TRUE },
2784 	{ zfs_ioc_recv, zfs_secpolicy_receive, DATASET_NAME, B_TRUE },
2785 	{ zfs_ioc_send, zfs_secpolicy_send, DATASET_NAME, B_TRUE },
2786 	{ zfs_ioc_inject_fault,	zfs_secpolicy_inject, NO_NAME, B_FALSE },
2787 	{ zfs_ioc_clear_fault, zfs_secpolicy_inject, NO_NAME, B_FALSE },
2788 	{ zfs_ioc_inject_list_next, zfs_secpolicy_inject, NO_NAME, B_FALSE },
2789 	{ zfs_ioc_error_log, zfs_secpolicy_inject, POOL_NAME, B_FALSE },
2790 	{ zfs_ioc_clear, zfs_secpolicy_config, POOL_NAME, B_TRUE },
2791 	{ zfs_ioc_promote, zfs_secpolicy_promote, DATASET_NAME, B_TRUE },
2792 	{ zfs_ioc_destroy_snaps, zfs_secpolicy_destroy,	DATASET_NAME, B_TRUE },
2793 	{ zfs_ioc_snapshot, zfs_secpolicy_snapshot, DATASET_NAME, B_TRUE },
2794 	{ zfs_ioc_dsobj_to_dsname, zfs_secpolicy_config, POOL_NAME, B_FALSE },
2795 	{ zfs_ioc_obj_to_path, zfs_secpolicy_config, NO_NAME, B_FALSE },
2796 	{ zfs_ioc_pool_set_props, zfs_secpolicy_config,	POOL_NAME, B_TRUE },
2797 	{ zfs_ioc_pool_get_props, zfs_secpolicy_read, POOL_NAME, B_FALSE },
2798 	{ zfs_ioc_set_fsacl, zfs_secpolicy_fsacl, DATASET_NAME, B_TRUE },
2799 	{ zfs_ioc_get_fsacl, zfs_secpolicy_read, DATASET_NAME, B_FALSE },
2800 	{ zfs_ioc_iscsi_perm_check, zfs_secpolicy_iscsi,
2801 	    DATASET_NAME, B_FALSE },
2802 	{ zfs_ioc_share, zfs_secpolicy_share, DATASET_NAME, B_FALSE },
2803 	{ zfs_ioc_inherit_prop, zfs_secpolicy_inherit, DATASET_NAME, B_TRUE },
2804 };
2805 
2806 static int
2807 zfsdev_ioctl(dev_t dev, int cmd, intptr_t arg, int flag, cred_t *cr, int *rvalp)
2808 {
2809 	zfs_cmd_t *zc;
2810 	uint_t vec;
2811 	int error, rc;
2812 
2813 	if (getminor(dev) != 0)
2814 		return (zvol_ioctl(dev, cmd, arg, flag, cr, rvalp));
2815 
2816 	vec = cmd - ZFS_IOC;
2817 	ASSERT3U(getmajor(dev), ==, ddi_driver_major(zfs_dip));
2818 
2819 	if (vec >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0]))
2820 		return (EINVAL);
2821 
2822 	zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
2823 
2824 	error = xcopyin((void *)arg, zc, sizeof (zfs_cmd_t));
2825 
2826 	if (error == 0)
2827 		error = zfs_ioc_vec[vec].zvec_secpolicy(zc, cr);
2828 
2829 	/*
2830 	 * Ensure that all pool/dataset names are valid before we pass down to
2831 	 * the lower layers.
2832 	 */
2833 	if (error == 0) {
2834 		zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
2835 		switch (zfs_ioc_vec[vec].zvec_namecheck) {
2836 		case POOL_NAME:
2837 			if (pool_namecheck(zc->zc_name, NULL, NULL) != 0)
2838 				error = EINVAL;
2839 			break;
2840 
2841 		case DATASET_NAME:
2842 			if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0)
2843 				error = EINVAL;
2844 			break;
2845 
2846 		case NO_NAME:
2847 			break;
2848 		}
2849 	}
2850 
2851 	if (error == 0)
2852 		error = zfs_ioc_vec[vec].zvec_func(zc);
2853 
2854 	rc = xcopyout(zc, (void *)arg, sizeof (zfs_cmd_t));
2855 	if (error == 0) {
2856 		error = rc;
2857 		if (zfs_ioc_vec[vec].zvec_his_log == B_TRUE)
2858 			zfs_log_history(zc);
2859 	}
2860 
2861 	kmem_free(zc, sizeof (zfs_cmd_t));
2862 	return (error);
2863 }
2864 
2865 static int
2866 zfs_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
2867 {
2868 	if (cmd != DDI_ATTACH)
2869 		return (DDI_FAILURE);
2870 
2871 	if (ddi_create_minor_node(dip, "zfs", S_IFCHR, 0,
2872 	    DDI_PSEUDO, 0) == DDI_FAILURE)
2873 		return (DDI_FAILURE);
2874 
2875 	zfs_dip = dip;
2876 
2877 	ddi_report_dev(dip);
2878 
2879 	return (DDI_SUCCESS);
2880 }
2881 
2882 static int
2883 zfs_detach(dev_info_t *dip, ddi_detach_cmd_t cmd)
2884 {
2885 	if (spa_busy() || zfs_busy() || zvol_busy())
2886 		return (DDI_FAILURE);
2887 
2888 	if (cmd != DDI_DETACH)
2889 		return (DDI_FAILURE);
2890 
2891 	zfs_dip = NULL;
2892 
2893 	ddi_prop_remove_all(dip);
2894 	ddi_remove_minor_node(dip, NULL);
2895 
2896 	return (DDI_SUCCESS);
2897 }
2898 
2899 /*ARGSUSED*/
2900 static int
2901 zfs_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result)
2902 {
2903 	switch (infocmd) {
2904 	case DDI_INFO_DEVT2DEVINFO:
2905 		*result = zfs_dip;
2906 		return (DDI_SUCCESS);
2907 
2908 	case DDI_INFO_DEVT2INSTANCE:
2909 		*result = (void *)0;
2910 		return (DDI_SUCCESS);
2911 	}
2912 
2913 	return (DDI_FAILURE);
2914 }
2915 
2916 /*
2917  * OK, so this is a little weird.
2918  *
2919  * /dev/zfs is the control node, i.e. minor 0.
2920  * /dev/zvol/[r]dsk/pool/dataset are the zvols, minor > 0.
2921  *
2922  * /dev/zfs has basically nothing to do except serve up ioctls,
2923  * so most of the standard driver entry points are in zvol.c.
2924  */
2925 static struct cb_ops zfs_cb_ops = {
2926 	zvol_open,	/* open */
2927 	zvol_close,	/* close */
2928 	zvol_strategy,	/* strategy */
2929 	nodev,		/* print */
2930 	nodev,		/* dump */
2931 	zvol_read,	/* read */
2932 	zvol_write,	/* write */
2933 	zfsdev_ioctl,	/* ioctl */
2934 	nodev,		/* devmap */
2935 	nodev,		/* mmap */
2936 	nodev,		/* segmap */
2937 	nochpoll,	/* poll */
2938 	ddi_prop_op,	/* prop_op */
2939 	NULL,		/* streamtab */
2940 	D_NEW | D_MP | D_64BIT,		/* Driver compatibility flag */
2941 	CB_REV,		/* version */
2942 	nodev,		/* async read */
2943 	nodev,		/* async write */
2944 };
2945 
2946 static struct dev_ops zfs_dev_ops = {
2947 	DEVO_REV,	/* version */
2948 	0,		/* refcnt */
2949 	zfs_info,	/* info */
2950 	nulldev,	/* identify */
2951 	nulldev,	/* probe */
2952 	zfs_attach,	/* attach */
2953 	zfs_detach,	/* detach */
2954 	nodev,		/* reset */
2955 	&zfs_cb_ops,	/* driver operations */
2956 	NULL		/* no bus operations */
2957 };
2958 
2959 static struct modldrv zfs_modldrv = {
2960 	&mod_driverops, "ZFS storage pool version " SPA_VERSION_STRING,
2961 	    &zfs_dev_ops
2962 };
2963 
2964 static struct modlinkage modlinkage = {
2965 	MODREV_1,
2966 	(void *)&zfs_modlfs,
2967 	(void *)&zfs_modldrv,
2968 	NULL
2969 };
2970 
2971 
2972 uint_t zfs_fsyncer_key;
2973 extern uint_t rrw_tsd_key;
2974 
2975 int
2976 _init(void)
2977 {
2978 	int error;
2979 
2980 	spa_init(FREAD | FWRITE);
2981 	zfs_init();
2982 	zvol_init();
2983 
2984 	if ((error = mod_install(&modlinkage)) != 0) {
2985 		zvol_fini();
2986 		zfs_fini();
2987 		spa_fini();
2988 		return (error);
2989 	}
2990 
2991 	tsd_create(&zfs_fsyncer_key, NULL);
2992 	tsd_create(&rrw_tsd_key, NULL);
2993 
2994 	error = ldi_ident_from_mod(&modlinkage, &zfs_li);
2995 	ASSERT(error == 0);
2996 	mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL);
2997 
2998 	return (0);
2999 }
3000 
3001 int
3002 _fini(void)
3003 {
3004 	int error;
3005 
3006 	if (spa_busy() || zfs_busy() || zvol_busy() || zio_injection_enabled)
3007 		return (EBUSY);
3008 
3009 	if ((error = mod_remove(&modlinkage)) != 0)
3010 		return (error);
3011 
3012 	zvol_fini();
3013 	zfs_fini();
3014 	spa_fini();
3015 	if (zfs_nfsshare_inited)
3016 		(void) ddi_modclose(nfs_mod);
3017 	if (zfs_smbshare_inited)
3018 		(void) ddi_modclose(smbsrv_mod);
3019 	if (zfs_nfsshare_inited || zfs_smbshare_inited)
3020 		(void) ddi_modclose(sharefs_mod);
3021 
3022 	tsd_destroy(&zfs_fsyncer_key);
3023 	ldi_ident_release(zfs_li);
3024 	zfs_li = NULL;
3025 	mutex_destroy(&zfs_share_lock);
3026 
3027 	return (error);
3028 }
3029 
3030 int
3031 _info(struct modinfo *modinfop)
3032 {
3033 	return (mod_info(&modlinkage, modinfop));
3034 }
3035