xref: /titanic_50/usr/src/uts/common/fs/zfs/zfs_ioctl.c (revision d577a05052763490983ba19d548a252fed6f75d9)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 #include <sys/types.h>
29 #include <sys/param.h>
30 #include <sys/errno.h>
31 #include <sys/uio.h>
32 #include <sys/buf.h>
33 #include <sys/modctl.h>
34 #include <sys/open.h>
35 #include <sys/file.h>
36 #include <sys/kmem.h>
37 #include <sys/conf.h>
38 #include <sys/cmn_err.h>
39 #include <sys/stat.h>
40 #include <sys/zfs_ioctl.h>
41 #include <sys/zap.h>
42 #include <sys/spa.h>
43 #include <sys/spa_impl.h>
44 #include <sys/vdev.h>
45 #include <sys/vdev_impl.h>
46 #include <sys/dmu.h>
47 #include <sys/dsl_dir.h>
48 #include <sys/dsl_dataset.h>
49 #include <sys/dsl_prop.h>
50 #include <sys/dsl_deleg.h>
51 #include <sys/dmu_objset.h>
52 #include <sys/ddi.h>
53 #include <sys/sunddi.h>
54 #include <sys/sunldi.h>
55 #include <sys/policy.h>
56 #include <sys/zone.h>
57 #include <sys/nvpair.h>
58 #include <sys/pathname.h>
59 #include <sys/mount.h>
60 #include <sys/sdt.h>
61 #include <sys/fs/zfs.h>
62 #include <sys/zfs_ctldir.h>
63 #include <sys/zvol.h>
64 #include <sharefs/share.h>
65 #include <sys/zfs_znode.h>
66 
67 #include "zfs_namecheck.h"
68 #include "zfs_prop.h"
69 #include "zfs_deleg.h"
70 
71 extern struct modlfs zfs_modlfs;
72 
73 extern void zfs_init(void);
74 extern void zfs_fini(void);
75 
76 ldi_ident_t zfs_li = NULL;
77 dev_info_t *zfs_dip;
78 
79 typedef int zfs_ioc_func_t(zfs_cmd_t *);
80 typedef int zfs_secpolicy_func_t(zfs_cmd_t *, cred_t *);
81 
82 typedef struct zfs_ioc_vec {
83 	zfs_ioc_func_t		*zvec_func;
84 	zfs_secpolicy_func_t	*zvec_secpolicy;
85 	enum {
86 		NO_NAME,
87 		POOL_NAME,
88 		DATASET_NAME
89 	} zvec_namecheck;
90 	boolean_t		zvec_his_log;
91 } zfs_ioc_vec_t;
92 
93 /* _NOTE(PRINTFLIKE(4)) - this is printf-like, but lint is too whiney */
94 void
95 __dprintf(const char *file, const char *func, int line, const char *fmt, ...)
96 {
97 	const char *newfile;
98 	char buf[256];
99 	va_list adx;
100 
101 	/*
102 	 * Get rid of annoying "../common/" prefix to filename.
103 	 */
104 	newfile = strrchr(file, '/');
105 	if (newfile != NULL) {
106 		newfile = newfile + 1; /* Get rid of leading / */
107 	} else {
108 		newfile = file;
109 	}
110 
111 	va_start(adx, fmt);
112 	(void) vsnprintf(buf, sizeof (buf), fmt, adx);
113 	va_end(adx);
114 
115 	/*
116 	 * To get this data, use the zfs-dprintf probe as so:
117 	 * dtrace -q -n 'zfs-dprintf \
118 	 *	/stringof(arg0) == "dbuf.c"/ \
119 	 *	{printf("%s: %s", stringof(arg1), stringof(arg3))}'
120 	 * arg0 = file name
121 	 * arg1 = function name
122 	 * arg2 = line number
123 	 * arg3 = message
124 	 */
125 	DTRACE_PROBE4(zfs__dprintf,
126 	    char *, newfile, char *, func, int, line, char *, buf);
127 }
128 
129 static void
130 history_str_free(char *buf)
131 {
132 	kmem_free(buf, HIS_MAX_RECORD_LEN);
133 }
134 
135 static char *
136 history_str_get(zfs_cmd_t *zc)
137 {
138 	char *buf;
139 
140 	if (zc->zc_history == NULL)
141 		return (NULL);
142 
143 	buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP);
144 	if (copyinstr((void *)(uintptr_t)zc->zc_history,
145 	    buf, HIS_MAX_RECORD_LEN, NULL) != 0) {
146 		history_str_free(buf);
147 		return (NULL);
148 	}
149 
150 	buf[HIS_MAX_RECORD_LEN -1] = '\0';
151 
152 	return (buf);
153 }
154 
155 static void
156 zfs_log_history(zfs_cmd_t *zc)
157 {
158 	spa_t *spa;
159 	char *buf;
160 
161 	if ((buf = history_str_get(zc)) == NULL)
162 		return;
163 
164 	if (spa_open(zc->zc_name, &spa, FTAG) == 0) {
165 		if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY)
166 			(void) spa_history_log(spa, buf, LOG_CMD_NORMAL);
167 		spa_close(spa, FTAG);
168 	}
169 	history_str_free(buf);
170 }
171 
172 /*
173  * Policy for top-level read operations (list pools).  Requires no privileges,
174  * and can be used in the local zone, as there is no associated dataset.
175  */
176 /* ARGSUSED */
177 static int
178 zfs_secpolicy_none(zfs_cmd_t *zc, cred_t *cr)
179 {
180 	return (0);
181 }
182 
183 /*
184  * Policy for dataset read operations (list children, get statistics).  Requires
185  * no privileges, but must be visible in the local zone.
186  */
187 /* ARGSUSED */
188 static int
189 zfs_secpolicy_read(zfs_cmd_t *zc, cred_t *cr)
190 {
191 	if (INGLOBALZONE(curproc) ||
192 	    zone_dataset_visible(zc->zc_name, NULL))
193 		return (0);
194 
195 	return (ENOENT);
196 }
197 
198 static int
199 zfs_dozonecheck(const char *dataset, cred_t *cr)
200 {
201 	uint64_t zoned;
202 	int writable = 1;
203 
204 	/*
205 	 * The dataset must be visible by this zone -- check this first
206 	 * so they don't see EPERM on something they shouldn't know about.
207 	 */
208 	if (!INGLOBALZONE(curproc) &&
209 	    !zone_dataset_visible(dataset, &writable))
210 		return (ENOENT);
211 
212 	if (dsl_prop_get_integer(dataset, "zoned", &zoned, NULL))
213 		return (ENOENT);
214 
215 	if (INGLOBALZONE(curproc)) {
216 		/*
217 		 * If the fs is zoned, only root can access it from the
218 		 * global zone.
219 		 */
220 		if (secpolicy_zfs(cr) && zoned)
221 			return (EPERM);
222 	} else {
223 		/*
224 		 * If we are in a local zone, the 'zoned' property must be set.
225 		 */
226 		if (!zoned)
227 			return (EPERM);
228 
229 		/* must be writable by this zone */
230 		if (!writable)
231 			return (EPERM);
232 	}
233 	return (0);
234 }
235 
236 int
237 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
238 {
239 	int error;
240 
241 	error = zfs_dozonecheck(name, cr);
242 	if (error == 0) {
243 		error = secpolicy_zfs(cr);
244 		if (error)
245 			error = dsl_deleg_access(name, perm, cr);
246 	}
247 	return (error);
248 }
249 
250 static int
251 zfs_secpolicy_setprop(const char *name, zfs_prop_t prop, cred_t *cr)
252 {
253 	/*
254 	 * Check permissions for special properties.
255 	 */
256 	switch (prop) {
257 	case ZFS_PROP_ZONED:
258 		/*
259 		 * Disallow setting of 'zoned' from within a local zone.
260 		 */
261 		if (!INGLOBALZONE(curproc))
262 			return (EPERM);
263 		break;
264 
265 	case ZFS_PROP_QUOTA:
266 		if (!INGLOBALZONE(curproc)) {
267 			uint64_t zoned;
268 			char setpoint[MAXNAMELEN];
269 			/*
270 			 * Unprivileged users are allowed to modify the
271 			 * quota on things *under* (ie. contained by)
272 			 * the thing they own.
273 			 */
274 			if (dsl_prop_get_integer(name, "zoned", &zoned,
275 			    setpoint))
276 				return (EPERM);
277 			if (!zoned || strlen(name) <= strlen(setpoint))
278 				return (EPERM);
279 		}
280 		break;
281 	}
282 
283 	return (zfs_secpolicy_write_perms(name, zfs_prop_to_name(prop), cr));
284 }
285 
286 int
287 zfs_secpolicy_fsacl(zfs_cmd_t *zc, cred_t *cr)
288 {
289 	int error;
290 
291 	error = zfs_dozonecheck(zc->zc_name, cr);
292 	if (error)
293 		return (error);
294 
295 	/*
296 	 * permission to set permissions will be evaluated later in
297 	 * dsl_deleg_can_allow()
298 	 */
299 	return (0);
300 }
301 
302 int
303 zfs_secpolicy_rollback(zfs_cmd_t *zc, cred_t *cr)
304 {
305 	int error;
306 	error = zfs_secpolicy_write_perms(zc->zc_name,
307 	    ZFS_DELEG_PERM_ROLLBACK, cr);
308 	if (error == 0)
309 		error = zfs_secpolicy_write_perms(zc->zc_name,
310 		    ZFS_DELEG_PERM_MOUNT, cr);
311 	return (error);
312 }
313 
314 int
315 zfs_secpolicy_send(zfs_cmd_t *zc, cred_t *cr)
316 {
317 	return (zfs_secpolicy_write_perms(zc->zc_name,
318 	    ZFS_DELEG_PERM_SEND, cr));
319 }
320 
321 int
322 zfs_secpolicy_share(zfs_cmd_t *zc, cred_t *cr)
323 {
324 	if (!INGLOBALZONE(curproc))
325 		return (EPERM);
326 
327 	if (secpolicy_nfs(CRED()) == 0) {
328 		return (0);
329 	} else {
330 		vnode_t *vp;
331 		int error;
332 
333 		if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
334 		    NO_FOLLOW, NULL, &vp)) != 0)
335 			return (error);
336 
337 		/* Now make sure mntpnt and dataset are ZFS */
338 
339 		if (vp->v_vfsp->vfs_fstype != zfsfstype ||
340 		    (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
341 		    zc->zc_name) != 0)) {
342 			VN_RELE(vp);
343 			return (EPERM);
344 		}
345 
346 		VN_RELE(vp);
347 		return (dsl_deleg_access(zc->zc_name,
348 		    ZFS_DELEG_PERM_SHARE, cr));
349 	}
350 }
351 
352 static int
353 zfs_get_parent(const char *datasetname, char *parent, int parentsize)
354 {
355 	char *cp;
356 
357 	/*
358 	 * Remove the @bla or /bla from the end of the name to get the parent.
359 	 */
360 	(void) strncpy(parent, datasetname, parentsize);
361 	cp = strrchr(parent, '@');
362 	if (cp != NULL) {
363 		cp[0] = '\0';
364 	} else {
365 		cp = strrchr(parent, '/');
366 		if (cp == NULL)
367 			return (ENOENT);
368 		cp[0] = '\0';
369 	}
370 
371 	return (0);
372 }
373 
374 int
375 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr)
376 {
377 	int error;
378 
379 	if ((error = zfs_secpolicy_write_perms(name,
380 	    ZFS_DELEG_PERM_MOUNT, cr)) != 0)
381 		return (error);
382 
383 	return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr));
384 }
385 
386 static int
387 zfs_secpolicy_destroy(zfs_cmd_t *zc, cred_t *cr)
388 {
389 	return (zfs_secpolicy_destroy_perms(zc->zc_name, cr));
390 }
391 
392 /*
393  * Must have sys_config privilege to check the iscsi permission
394  */
395 /* ARGSUSED */
396 static int
397 zfs_secpolicy_iscsi(zfs_cmd_t *zc, cred_t *cr)
398 {
399 	return (secpolicy_zfs(cr));
400 }
401 
402 int
403 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr)
404 {
405 	char 	parentname[MAXNAMELEN];
406 	int	error;
407 
408 	if ((error = zfs_secpolicy_write_perms(from,
409 	    ZFS_DELEG_PERM_RENAME, cr)) != 0)
410 		return (error);
411 
412 	if ((error = zfs_secpolicy_write_perms(from,
413 	    ZFS_DELEG_PERM_MOUNT, cr)) != 0)
414 		return (error);
415 
416 	if ((error = zfs_get_parent(to, parentname,
417 	    sizeof (parentname))) != 0)
418 		return (error);
419 
420 	if ((error = zfs_secpolicy_write_perms(parentname,
421 	    ZFS_DELEG_PERM_CREATE, cr)) != 0)
422 		return (error);
423 
424 	if ((error = zfs_secpolicy_write_perms(parentname,
425 	    ZFS_DELEG_PERM_MOUNT, cr)) != 0)
426 		return (error);
427 
428 	return (error);
429 }
430 
431 static int
432 zfs_secpolicy_rename(zfs_cmd_t *zc, cred_t *cr)
433 {
434 	return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr));
435 }
436 
437 static int
438 zfs_secpolicy_promote(zfs_cmd_t *zc, cred_t *cr)
439 {
440 	char 	parentname[MAXNAMELEN];
441 	objset_t *clone;
442 	int error;
443 
444 	error = zfs_secpolicy_write_perms(zc->zc_name,
445 	    ZFS_DELEG_PERM_PROMOTE, cr);
446 	if (error)
447 		return (error);
448 
449 	error = dmu_objset_open(zc->zc_name, DMU_OST_ANY,
450 	    DS_MODE_STANDARD | DS_MODE_READONLY, &clone);
451 
452 	if (error == 0) {
453 		dsl_dataset_t *pclone = NULL;
454 		dsl_dir_t *dd;
455 		dd = clone->os->os_dsl_dataset->ds_dir;
456 
457 		rw_enter(&dd->dd_pool->dp_config_rwlock, RW_READER);
458 		error = dsl_dataset_open_obj(dd->dd_pool,
459 		    dd->dd_phys->dd_clone_parent_obj, NULL,
460 		    DS_MODE_NONE, FTAG, &pclone);
461 		rw_exit(&dd->dd_pool->dp_config_rwlock);
462 		if (error) {
463 			dmu_objset_close(clone);
464 			return (error);
465 		}
466 
467 		error = zfs_secpolicy_write_perms(zc->zc_name,
468 		    ZFS_DELEG_PERM_MOUNT, cr);
469 
470 		dsl_dataset_name(pclone, parentname);
471 		dmu_objset_close(clone);
472 		dsl_dataset_close(pclone, DS_MODE_NONE, FTAG);
473 		if (error == 0)
474 			error = zfs_secpolicy_write_perms(parentname,
475 			    ZFS_DELEG_PERM_PROMOTE, cr);
476 	}
477 	return (error);
478 }
479 
480 static int
481 zfs_secpolicy_receive(zfs_cmd_t *zc, cred_t *cr)
482 {
483 	int error;
484 
485 	if ((error = zfs_secpolicy_write_perms(zc->zc_name,
486 	    ZFS_DELEG_PERM_RECEIVE, cr)) != 0)
487 		return (error);
488 
489 	if ((error = zfs_secpolicy_write_perms(zc->zc_name,
490 	    ZFS_DELEG_PERM_MOUNT, cr)) != 0)
491 		return (error);
492 
493 	return (zfs_secpolicy_write_perms(zc->zc_name,
494 	    ZFS_DELEG_PERM_CREATE, cr));
495 }
496 
497 int
498 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr)
499 {
500 	int error;
501 
502 	if ((error = zfs_secpolicy_write_perms(name,
503 	    ZFS_DELEG_PERM_SNAPSHOT, cr)) != 0)
504 		return (error);
505 
506 	error = zfs_secpolicy_write_perms(name,
507 	    ZFS_DELEG_PERM_MOUNT, cr);
508 
509 	return (error);
510 }
511 
512 static int
513 zfs_secpolicy_snapshot(zfs_cmd_t *zc, cred_t *cr)
514 {
515 
516 	return (zfs_secpolicy_snapshot_perms(zc->zc_name, cr));
517 }
518 
519 static int
520 zfs_secpolicy_create(zfs_cmd_t *zc, cred_t *cr)
521 {
522 	char 	parentname[MAXNAMELEN];
523 	int 	error;
524 
525 	if ((error = zfs_get_parent(zc->zc_name, parentname,
526 	    sizeof (parentname))) != 0)
527 		return (error);
528 
529 	if (zc->zc_value[0] != '\0') {
530 		if ((error = zfs_secpolicy_write_perms(zc->zc_value,
531 		    ZFS_DELEG_PERM_CLONE, cr)) != 0)
532 			return (error);
533 	}
534 
535 	if ((error = zfs_secpolicy_write_perms(parentname,
536 	    ZFS_DELEG_PERM_CREATE, cr)) != 0)
537 		return (error);
538 
539 	error = zfs_secpolicy_write_perms(parentname,
540 	    ZFS_DELEG_PERM_MOUNT, cr);
541 
542 	return (error);
543 }
544 
545 static int
546 zfs_secpolicy_umount(zfs_cmd_t *zc, cred_t *cr)
547 {
548 	int error;
549 
550 	error = secpolicy_fs_unmount(cr, NULL);
551 	if (error) {
552 		error = dsl_deleg_access(zc->zc_name, ZFS_DELEG_PERM_MOUNT, cr);
553 	}
554 	return (error);
555 }
556 
557 /*
558  * Policy for pool operations - create/destroy pools, add vdevs, etc.  Requires
559  * SYS_CONFIG privilege, which is not available in a local zone.
560  */
561 /* ARGSUSED */
562 static int
563 zfs_secpolicy_config(zfs_cmd_t *zc, cred_t *cr)
564 {
565 	if (secpolicy_sys_config(cr, B_FALSE) != 0)
566 		return (EPERM);
567 
568 	return (0);
569 }
570 
571 /*
572  * Just like zfs_secpolicy_config, except that we will check for
573  * mount permission on the dataset for permission to create/remove
574  * the minor nodes.
575  */
576 static int
577 zfs_secpolicy_minor(zfs_cmd_t *zc, cred_t *cr)
578 {
579 	if (secpolicy_sys_config(cr, B_FALSE) != 0) {
580 		return (dsl_deleg_access(zc->zc_name,
581 		    ZFS_DELEG_PERM_MOUNT, cr));
582 	}
583 
584 	return (0);
585 }
586 
587 /*
588  * Policy for fault injection.  Requires all privileges.
589  */
590 /* ARGSUSED */
591 static int
592 zfs_secpolicy_inject(zfs_cmd_t *zc, cred_t *cr)
593 {
594 	return (secpolicy_zinject(cr));
595 }
596 
597 static int
598 zfs_secpolicy_inherit(zfs_cmd_t *zc, cred_t *cr)
599 {
600 	zfs_prop_t prop = zfs_name_to_prop(zc->zc_value);
601 
602 	if (prop == ZFS_PROP_INVAL) {
603 		if (!zfs_prop_user(zc->zc_value))
604 			return (EINVAL);
605 		return (zfs_secpolicy_write_perms(zc->zc_name,
606 		    ZFS_DELEG_PERM_USERPROP, cr));
607 	} else {
608 		if (!zfs_prop_inheritable(prop))
609 			return (EINVAL);
610 		return (zfs_secpolicy_setprop(zc->zc_name, prop, cr));
611 	}
612 }
613 
614 /*
615  * Returns the nvlist as specified by the user in the zfs_cmd_t.
616  */
617 static int
618 get_nvlist(zfs_cmd_t *zc, nvlist_t **nvp)
619 {
620 	char *packed;
621 	size_t size;
622 	int error;
623 	nvlist_t *config = NULL;
624 
625 	/*
626 	 * Read in and unpack the user-supplied nvlist.
627 	 */
628 	if ((size = zc->zc_nvlist_src_size) == 0)
629 		return (EINVAL);
630 
631 	packed = kmem_alloc(size, KM_SLEEP);
632 
633 	if ((error = xcopyin((void *)(uintptr_t)zc->zc_nvlist_src, packed,
634 	    size)) != 0) {
635 		kmem_free(packed, size);
636 		return (error);
637 	}
638 
639 	if ((error = nvlist_unpack(packed, size, &config, 0)) != 0) {
640 		kmem_free(packed, size);
641 		return (error);
642 	}
643 
644 	kmem_free(packed, size);
645 
646 	*nvp = config;
647 	return (0);
648 }
649 
650 static int
651 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl)
652 {
653 	char *packed = NULL;
654 	size_t size;
655 	int error;
656 
657 	VERIFY(nvlist_size(nvl, &size, NV_ENCODE_NATIVE) == 0);
658 
659 	if (size > zc->zc_nvlist_dst_size) {
660 		error = ENOMEM;
661 	} else {
662 		packed = kmem_alloc(size, KM_SLEEP);
663 		VERIFY(nvlist_pack(nvl, &packed, &size, NV_ENCODE_NATIVE,
664 		    KM_SLEEP) == 0);
665 		error = xcopyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst,
666 		    size);
667 		kmem_free(packed, size);
668 	}
669 
670 	zc->zc_nvlist_dst_size = size;
671 	return (error);
672 }
673 
674 static int
675 zfs_ioc_pool_create(zfs_cmd_t *zc)
676 {
677 	int error;
678 	nvlist_t *config;
679 	char *buf;
680 
681 	if ((buf = history_str_get(zc)) == NULL)
682 		return (EINVAL);
683 
684 	if ((error = get_nvlist(zc, &config)) != 0) {
685 		history_str_free(buf);
686 		return (error);
687 	}
688 
689 	error = spa_create(zc->zc_name, config, zc->zc_value[0] == '\0' ?
690 	    NULL : zc->zc_value, buf);
691 
692 	nvlist_free(config);
693 	history_str_free(buf);
694 
695 	return (error);
696 }
697 
698 static int
699 zfs_ioc_pool_destroy(zfs_cmd_t *zc)
700 {
701 	int error;
702 	zfs_log_history(zc);
703 	error = spa_destroy(zc->zc_name);
704 	return (error);
705 }
706 
707 static int
708 zfs_ioc_pool_import(zfs_cmd_t *zc)
709 {
710 	int error;
711 	nvlist_t *config;
712 	uint64_t guid;
713 
714 	if ((error = get_nvlist(zc, &config)) != 0)
715 		return (error);
716 
717 	if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 ||
718 	    guid != zc->zc_guid)
719 		error = EINVAL;
720 	else
721 		error = spa_import(zc->zc_name, config,
722 		    zc->zc_value[0] == '\0' ? NULL : zc->zc_value);
723 
724 	nvlist_free(config);
725 
726 	return (error);
727 }
728 
729 static int
730 zfs_ioc_pool_export(zfs_cmd_t *zc)
731 {
732 	int error;
733 	zfs_log_history(zc);
734 	error = spa_export(zc->zc_name, NULL);
735 	return (error);
736 }
737 
738 static int
739 zfs_ioc_pool_configs(zfs_cmd_t *zc)
740 {
741 	nvlist_t *configs;
742 	int error;
743 
744 	if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL)
745 		return (EEXIST);
746 
747 	error = put_nvlist(zc, configs);
748 
749 	nvlist_free(configs);
750 
751 	return (error);
752 }
753 
754 static int
755 zfs_ioc_pool_stats(zfs_cmd_t *zc)
756 {
757 	nvlist_t *config;
758 	int error;
759 	int ret = 0;
760 
761 	error = spa_get_stats(zc->zc_name, &config, zc->zc_value,
762 	    sizeof (zc->zc_value));
763 
764 	if (config != NULL) {
765 		ret = put_nvlist(zc, config);
766 		nvlist_free(config);
767 
768 		/*
769 		 * The config may be present even if 'error' is non-zero.
770 		 * In this case we return success, and preserve the real errno
771 		 * in 'zc_cookie'.
772 		 */
773 		zc->zc_cookie = error;
774 	} else {
775 		ret = error;
776 	}
777 
778 	return (ret);
779 }
780 
781 /*
782  * Try to import the given pool, returning pool stats as appropriate so that
783  * user land knows which devices are available and overall pool health.
784  */
785 static int
786 zfs_ioc_pool_tryimport(zfs_cmd_t *zc)
787 {
788 	nvlist_t *tryconfig, *config;
789 	int error;
790 
791 	if ((error = get_nvlist(zc, &tryconfig)) != 0)
792 		return (error);
793 
794 	config = spa_tryimport(tryconfig);
795 
796 	nvlist_free(tryconfig);
797 
798 	if (config == NULL)
799 		return (EINVAL);
800 
801 	error = put_nvlist(zc, config);
802 	nvlist_free(config);
803 
804 	return (error);
805 }
806 
807 static int
808 zfs_ioc_pool_scrub(zfs_cmd_t *zc)
809 {
810 	spa_t *spa;
811 	int error;
812 
813 	if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
814 		return (error);
815 
816 	mutex_enter(&spa_namespace_lock);
817 	error = spa_scrub(spa, zc->zc_cookie, B_FALSE);
818 	mutex_exit(&spa_namespace_lock);
819 
820 	spa_close(spa, FTAG);
821 
822 	return (error);
823 }
824 
825 static int
826 zfs_ioc_pool_freeze(zfs_cmd_t *zc)
827 {
828 	spa_t *spa;
829 	int error;
830 
831 	error = spa_open(zc->zc_name, &spa, FTAG);
832 	if (error == 0) {
833 		spa_freeze(spa);
834 		spa_close(spa, FTAG);
835 	}
836 	return (error);
837 }
838 
839 static int
840 zfs_ioc_pool_upgrade(zfs_cmd_t *zc)
841 {
842 	spa_t *spa;
843 	int error;
844 
845 	if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
846 		return (error);
847 
848 	spa_upgrade(spa);
849 	spa_close(spa, FTAG);
850 
851 	return (error);
852 }
853 
854 static int
855 zfs_ioc_pool_get_history(zfs_cmd_t *zc)
856 {
857 	spa_t *spa;
858 	char *hist_buf;
859 	uint64_t size;
860 	int error;
861 
862 	if ((size = zc->zc_history_len) == 0)
863 		return (EINVAL);
864 
865 	if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
866 		return (error);
867 
868 	if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
869 		spa_close(spa, FTAG);
870 		return (ENOTSUP);
871 	}
872 
873 	hist_buf = kmem_alloc(size, KM_SLEEP);
874 	if ((error = spa_history_get(spa, &zc->zc_history_offset,
875 	    &zc->zc_history_len, hist_buf)) == 0) {
876 		error = xcopyout(hist_buf,
877 		    (char *)(uintptr_t)zc->zc_history,
878 		    zc->zc_history_len);
879 	}
880 
881 	spa_close(spa, FTAG);
882 	kmem_free(hist_buf, size);
883 	return (error);
884 }
885 
886 static int
887 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc)
888 {
889 	int error;
890 
891 	if (error = dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value))
892 		return (error);
893 
894 	return (0);
895 }
896 
897 static int
898 zfs_ioc_obj_to_path(zfs_cmd_t *zc)
899 {
900 	objset_t *osp;
901 	int error;
902 
903 	if ((error = dmu_objset_open(zc->zc_name, DMU_OST_ZFS,
904 	    DS_MODE_NONE | DS_MODE_READONLY, &osp)) != 0)
905 		return (error);
906 
907 	error = zfs_obj_to_path(osp, zc->zc_obj, zc->zc_value,
908 	    sizeof (zc->zc_value));
909 	dmu_objset_close(osp);
910 
911 	return (error);
912 }
913 
914 static int
915 zfs_ioc_vdev_add(zfs_cmd_t *zc)
916 {
917 	spa_t *spa;
918 	int error;
919 	nvlist_t *config;
920 
921 	error = spa_open(zc->zc_name, &spa, FTAG);
922 	if (error != 0)
923 		return (error);
924 
925 	/*
926 	 * A root pool with concatenated devices is not supported.
927 	 * Thus, can not add a device to a root pool with one device.
928 	 */
929 	if (spa->spa_root_vdev->vdev_children == 1 && spa->spa_bootfs != 0) {
930 		spa_close(spa, FTAG);
931 		return (EDOM);
932 	}
933 
934 	if ((error = get_nvlist(zc, &config)) == 0) {
935 		error = spa_vdev_add(spa, config);
936 		nvlist_free(config);
937 	}
938 	spa_close(spa, FTAG);
939 	return (error);
940 }
941 
942 static int
943 zfs_ioc_vdev_remove(zfs_cmd_t *zc)
944 {
945 	spa_t *spa;
946 	int error;
947 
948 	error = spa_open(zc->zc_name, &spa, FTAG);
949 	if (error != 0)
950 		return (error);
951 	error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE);
952 	spa_close(spa, FTAG);
953 	return (error);
954 }
955 
956 static int
957 zfs_ioc_vdev_set_state(zfs_cmd_t *zc)
958 {
959 	spa_t *spa;
960 	int error;
961 	vdev_state_t newstate = VDEV_STATE_UNKNOWN;
962 
963 	if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
964 		return (error);
965 	switch (zc->zc_cookie) {
966 	case VDEV_STATE_ONLINE:
967 		error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate);
968 		break;
969 
970 	case VDEV_STATE_OFFLINE:
971 		error = vdev_offline(spa, zc->zc_guid, zc->zc_obj);
972 		break;
973 
974 	case VDEV_STATE_FAULTED:
975 		error = vdev_fault(spa, zc->zc_guid);
976 		break;
977 
978 	case VDEV_STATE_DEGRADED:
979 		error = vdev_degrade(spa, zc->zc_guid);
980 		break;
981 
982 	default:
983 		error = EINVAL;
984 	}
985 	zc->zc_cookie = newstate;
986 	spa_close(spa, FTAG);
987 	return (error);
988 }
989 
990 static int
991 zfs_ioc_vdev_attach(zfs_cmd_t *zc)
992 {
993 	spa_t *spa;
994 	int replacing = zc->zc_cookie;
995 	nvlist_t *config;
996 	int error;
997 
998 	if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
999 		return (error);
1000 
1001 	if ((error = get_nvlist(zc, &config)) == 0) {
1002 		error = spa_vdev_attach(spa, zc->zc_guid, config, replacing);
1003 		nvlist_free(config);
1004 	}
1005 
1006 	spa_close(spa, FTAG);
1007 	return (error);
1008 }
1009 
1010 static int
1011 zfs_ioc_vdev_detach(zfs_cmd_t *zc)
1012 {
1013 	spa_t *spa;
1014 	int error;
1015 
1016 	if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1017 		return (error);
1018 
1019 	error = spa_vdev_detach(spa, zc->zc_guid, B_FALSE);
1020 
1021 	spa_close(spa, FTAG);
1022 	return (error);
1023 }
1024 
1025 static int
1026 zfs_ioc_vdev_setpath(zfs_cmd_t *zc)
1027 {
1028 	spa_t *spa;
1029 	char *path = zc->zc_value;
1030 	uint64_t guid = zc->zc_guid;
1031 	int error;
1032 
1033 	error = spa_open(zc->zc_name, &spa, FTAG);
1034 	if (error != 0)
1035 		return (error);
1036 
1037 	error = spa_vdev_setpath(spa, guid, path);
1038 	spa_close(spa, FTAG);
1039 	return (error);
1040 }
1041 
1042 static int
1043 zfs_ioc_objset_stats(zfs_cmd_t *zc)
1044 {
1045 	objset_t *os = NULL;
1046 	int error;
1047 	nvlist_t *nv;
1048 
1049 retry:
1050 	error = dmu_objset_open(zc->zc_name, DMU_OST_ANY,
1051 	    DS_MODE_STANDARD | DS_MODE_READONLY, &os);
1052 	if (error != 0) {
1053 		/*
1054 		 * This is ugly: dmu_objset_open() can return EBUSY if
1055 		 * the objset is held exclusively. Fortunately this hold is
1056 		 * only for a short while, so we retry here.
1057 		 * This avoids user code having to handle EBUSY,
1058 		 * for example for a "zfs list".
1059 		 */
1060 		if (error == EBUSY) {
1061 			delay(1);
1062 			goto retry;
1063 		}
1064 		return (error);
1065 	}
1066 
1067 	dmu_objset_fast_stat(os, &zc->zc_objset_stats);
1068 
1069 	if (zc->zc_nvlist_dst != 0 &&
1070 	    (error = dsl_prop_get_all(os, &nv)) == 0) {
1071 		dmu_objset_stats(os, nv);
1072 		/*
1073 		 * NB: {zpl,zvol}_get_stats() will read the objset contents,
1074 		 * which we aren't supposed to do with a
1075 		 * DS_MODE_STANDARD open, because it could be
1076 		 * inconsistent.  So this is a bit of a workaround...
1077 		 */
1078 		if (!zc->zc_objset_stats.dds_inconsistent) {
1079 			if (dmu_objset_type(os) == DMU_OST_ZVOL)
1080 				VERIFY(zvol_get_stats(os, nv) == 0);
1081 			else if (dmu_objset_type(os) == DMU_OST_ZFS)
1082 				(void) zfs_get_stats(os, nv);
1083 		}
1084 		error = put_nvlist(zc, nv);
1085 		nvlist_free(nv);
1086 	}
1087 
1088 	spa_altroot(dmu_objset_spa(os), zc->zc_value, sizeof (zc->zc_value));
1089 
1090 	dmu_objset_close(os);
1091 	return (error);
1092 }
1093 
1094 static int
1095 zfs_ioc_dataset_list_next(zfs_cmd_t *zc)
1096 {
1097 	objset_t *os;
1098 	int error;
1099 	char *p;
1100 
1101 retry:
1102 	error = dmu_objset_open(zc->zc_name, DMU_OST_ANY,
1103 	    DS_MODE_STANDARD | DS_MODE_READONLY, &os);
1104 	if (error != 0) {
1105 		/*
1106 		 * This is ugly: dmu_objset_open() can return EBUSY if
1107 		 * the objset is held exclusively. Fortunately this hold is
1108 		 * only for a short while, so we retry here.
1109 		 * This avoids user code having to handle EBUSY,
1110 		 * for example for a "zfs list".
1111 		 */
1112 		if (error == EBUSY) {
1113 			delay(1);
1114 			goto retry;
1115 		}
1116 		if (error == ENOENT)
1117 			error = ESRCH;
1118 		return (error);
1119 	}
1120 
1121 	p = strrchr(zc->zc_name, '/');
1122 	if (p == NULL || p[1] != '\0')
1123 		(void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name));
1124 	p = zc->zc_name + strlen(zc->zc_name);
1125 
1126 	do {
1127 		error = dmu_dir_list_next(os,
1128 		    sizeof (zc->zc_name) - (p - zc->zc_name), p,
1129 		    NULL, &zc->zc_cookie);
1130 		if (error == ENOENT)
1131 			error = ESRCH;
1132 	} while (error == 0 && !INGLOBALZONE(curproc) &&
1133 	    !zone_dataset_visible(zc->zc_name, NULL));
1134 
1135 	/*
1136 	 * If it's a hidden dataset (ie. with a '$' in its name), don't
1137 	 * try to get stats for it.  Userland will skip over it.
1138 	 */
1139 	if (error == 0 && strchr(zc->zc_name, '$') == NULL)
1140 		error = zfs_ioc_objset_stats(zc); /* fill in the stats */
1141 
1142 	dmu_objset_close(os);
1143 	return (error);
1144 }
1145 
1146 static int
1147 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc)
1148 {
1149 	objset_t *os;
1150 	int error;
1151 
1152 retry:
1153 	error = dmu_objset_open(zc->zc_name, DMU_OST_ANY,
1154 	    DS_MODE_STANDARD | DS_MODE_READONLY, &os);
1155 	if (error != 0) {
1156 		/*
1157 		 * This is ugly: dmu_objset_open() can return EBUSY if
1158 		 * the objset is held exclusively. Fortunately this hold is
1159 		 * only for a short while, so we retry here.
1160 		 * This avoids user code having to handle EBUSY,
1161 		 * for example for a "zfs list".
1162 		 */
1163 		if (error == EBUSY) {
1164 			delay(1);
1165 			goto retry;
1166 		}
1167 		if (error == ENOENT)
1168 			error = ESRCH;
1169 		return (error);
1170 	}
1171 
1172 	/*
1173 	 * A dataset name of maximum length cannot have any snapshots,
1174 	 * so exit immediately.
1175 	 */
1176 	if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >= MAXNAMELEN) {
1177 		dmu_objset_close(os);
1178 		return (ESRCH);
1179 	}
1180 
1181 	error = dmu_snapshot_list_next(os,
1182 	    sizeof (zc->zc_name) - strlen(zc->zc_name),
1183 	    zc->zc_name + strlen(zc->zc_name), NULL, &zc->zc_cookie);
1184 	if (error == ENOENT)
1185 		error = ESRCH;
1186 
1187 	if (error == 0)
1188 		error = zfs_ioc_objset_stats(zc); /* fill in the stats */
1189 
1190 	dmu_objset_close(os);
1191 	return (error);
1192 }
1193 
1194 static int
1195 zfs_set_prop_nvlist(const char *name, nvlist_t *nvl)
1196 {
1197 	nvpair_t *elem;
1198 	int error;
1199 	uint64_t intval;
1200 	char *strval;
1201 
1202 	/*
1203 	 * First validate permission to set all of the properties
1204 	 */
1205 	elem = NULL;
1206 	while ((elem = nvlist_next_nvpair(nvl, elem)) != NULL) {
1207 		const char *propname = nvpair_name(elem);
1208 		zfs_prop_t prop = zfs_name_to_prop(propname);
1209 
1210 		if (prop == ZFS_PROP_INVAL) {
1211 			/*
1212 			 * If this is a user-defined property, it must be a
1213 			 * string, and there is no further validation to do.
1214 			 */
1215 			if (!zfs_prop_user(propname) ||
1216 			    nvpair_type(elem) != DATA_TYPE_STRING)
1217 				return (EINVAL);
1218 
1219 			error = zfs_secpolicy_write_perms(name,
1220 			    ZFS_DELEG_PERM_USERPROP, CRED());
1221 			if (error)
1222 				return (error);
1223 			continue;
1224 		}
1225 
1226 		if ((error = zfs_secpolicy_setprop(name, prop, CRED())) != 0)
1227 			return (error);
1228 
1229 		/*
1230 		 * Check that this value is valid for this pool version
1231 		 */
1232 		switch (prop) {
1233 		case ZFS_PROP_COMPRESSION:
1234 			/*
1235 			 * If the user specified gzip compression, make sure
1236 			 * the SPA supports it. We ignore any errors here since
1237 			 * we'll catch them later.
1238 			 */
1239 			if (nvpair_type(elem) == DATA_TYPE_UINT64 &&
1240 			    nvpair_value_uint64(elem, &intval) == 0 &&
1241 			    intval >= ZIO_COMPRESS_GZIP_1 &&
1242 			    intval <= ZIO_COMPRESS_GZIP_9) {
1243 				spa_t *spa;
1244 
1245 				if (spa_open(name, &spa, FTAG) == 0) {
1246 					if (spa_version(spa) <
1247 					    SPA_VERSION_GZIP_COMPRESSION) {
1248 						spa_close(spa, FTAG);
1249 						return (ENOTSUP);
1250 					}
1251 
1252 					spa_close(spa, FTAG);
1253 				}
1254 			}
1255 			break;
1256 
1257 		case ZFS_PROP_COPIES:
1258 		{
1259 			spa_t *spa;
1260 
1261 			if (spa_open(name, &spa, FTAG) == 0) {
1262 				if (spa_version(spa) <
1263 				    SPA_VERSION_DITTO_BLOCKS) {
1264 					spa_close(spa, FTAG);
1265 					return (ENOTSUP);
1266 				}
1267 				spa_close(spa, FTAG);
1268 			}
1269 			break;
1270 		}
1271 		}
1272 	}
1273 
1274 	elem = NULL;
1275 	while ((elem = nvlist_next_nvpair(nvl, elem)) != NULL) {
1276 		const char *propname = nvpair_name(elem);
1277 		zfs_prop_t prop = zfs_name_to_prop(propname);
1278 
1279 		if (prop == ZFS_PROP_INVAL) {
1280 			VERIFY(nvpair_value_string(elem, &strval) == 0);
1281 			error = dsl_prop_set(name, propname, 1,
1282 			    strlen(strval) + 1, strval);
1283 			if (error == 0)
1284 				continue;
1285 			else
1286 				return (error);
1287 		}
1288 
1289 		switch (prop) {
1290 		case ZFS_PROP_QUOTA:
1291 			if ((error = nvpair_value_uint64(elem, &intval)) != 0 ||
1292 			    (error = dsl_dir_set_quota(name, intval)) != 0)
1293 				return (error);
1294 			break;
1295 
1296 		case ZFS_PROP_RESERVATION:
1297 			if ((error = nvpair_value_uint64(elem, &intval)) != 0 ||
1298 			    (error = dsl_dir_set_reservation(name,
1299 			    intval)) != 0)
1300 				return (error);
1301 			break;
1302 
1303 		case ZFS_PROP_VOLSIZE:
1304 			if ((error = nvpair_value_uint64(elem, &intval)) != 0 ||
1305 			    (error = zvol_set_volsize(name,
1306 			    ddi_driver_major(zfs_dip), intval)) != 0)
1307 				return (error);
1308 			break;
1309 
1310 		case ZFS_PROP_VOLBLOCKSIZE:
1311 			if ((error = nvpair_value_uint64(elem, &intval)) != 0 ||
1312 			    (error = zvol_set_volblocksize(name, intval)) != 0)
1313 				return (error);
1314 			break;
1315 
1316 		case ZFS_PROP_VERSION:
1317 			if ((error = nvpair_value_uint64(elem, &intval)) != 0 ||
1318 			    (error = zfs_set_version(name, intval)) != 0)
1319 				return (error);
1320 			break;
1321 
1322 		default:
1323 			if (nvpair_type(elem) == DATA_TYPE_STRING) {
1324 				if (zfs_prop_get_type(prop) !=
1325 				    PROP_TYPE_STRING)
1326 					return (EINVAL);
1327 				VERIFY(nvpair_value_string(elem, &strval) == 0);
1328 				if ((error = dsl_prop_set(name,
1329 				    nvpair_name(elem), 1, strlen(strval) + 1,
1330 				    strval)) != 0)
1331 					return (error);
1332 			} else if (nvpair_type(elem) == DATA_TYPE_UINT64) {
1333 				const char *unused;
1334 
1335 				VERIFY(nvpair_value_uint64(elem, &intval) == 0);
1336 
1337 				switch (zfs_prop_get_type(prop)) {
1338 				case PROP_TYPE_NUMBER:
1339 					break;
1340 				case PROP_TYPE_STRING:
1341 					return (EINVAL);
1342 				case PROP_TYPE_INDEX:
1343 					if (zfs_prop_index_to_string(prop,
1344 					    intval, &unused) != 0)
1345 						return (EINVAL);
1346 					break;
1347 				default:
1348 					cmn_err(CE_PANIC,
1349 					    "unknown property type");
1350 					break;
1351 				}
1352 
1353 				if ((error = dsl_prop_set(name, propname,
1354 				    8, 1, &intval)) != 0)
1355 					return (error);
1356 			} else {
1357 				return (EINVAL);
1358 			}
1359 			break;
1360 		}
1361 	}
1362 
1363 	return (0);
1364 }
1365 
1366 static int
1367 zfs_ioc_set_prop(zfs_cmd_t *zc)
1368 {
1369 	nvlist_t *nvl;
1370 	int error;
1371 
1372 	if ((error = get_nvlist(zc, &nvl)) != 0)
1373 		return (error);
1374 
1375 	error = zfs_set_prop_nvlist(zc->zc_name, nvl);
1376 
1377 	nvlist_free(nvl);
1378 	return (error);
1379 }
1380 
1381 static int
1382 zfs_ioc_inherit_prop(zfs_cmd_t *zc)
1383 {
1384 	/* the property name has been validated by zfs_secpolicy_inherit() */
1385 	return (dsl_prop_set(zc->zc_name, zc->zc_value, 0, 0, NULL));
1386 }
1387 
1388 static int
1389 zfs_ioc_pool_set_props(zfs_cmd_t *zc)
1390 {
1391 	nvlist_t *nvl;
1392 	int error, reset_bootfs = 0;
1393 	uint64_t objnum;
1394 	uint64_t intval;
1395 	zpool_prop_t prop;
1396 	nvpair_t *elem;
1397 	char *propname, *strval;
1398 	spa_t *spa;
1399 	vdev_t *rvdev;
1400 	char *vdev_type;
1401 	objset_t *os;
1402 
1403 	if ((error = get_nvlist(zc, &nvl)) != 0)
1404 		return (error);
1405 
1406 	if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
1407 		nvlist_free(nvl);
1408 		return (error);
1409 	}
1410 
1411 	if (spa_version(spa) < SPA_VERSION_BOOTFS) {
1412 		nvlist_free(nvl);
1413 		spa_close(spa, FTAG);
1414 		return (ENOTSUP);
1415 	}
1416 
1417 	elem = NULL;
1418 	while ((elem = nvlist_next_nvpair(nvl, elem)) != NULL) {
1419 
1420 		propname = nvpair_name(elem);
1421 
1422 		if ((prop = zpool_name_to_prop(propname)) ==
1423 		    ZFS_PROP_INVAL) {
1424 			nvlist_free(nvl);
1425 			spa_close(spa, FTAG);
1426 			return (EINVAL);
1427 		}
1428 
1429 		switch (prop) {
1430 		case ZPOOL_PROP_DELEGATION:
1431 			VERIFY(nvpair_value_uint64(elem, &intval) == 0);
1432 			if (intval > 1)
1433 				error = EINVAL;
1434 			break;
1435 		case ZPOOL_PROP_BOOTFS:
1436 			/*
1437 			 * A bootable filesystem can not be on a RAIDZ pool
1438 			 * nor a striped pool with more than 1 device.
1439 			 */
1440 			rvdev = spa->spa_root_vdev;
1441 			vdev_type =
1442 			    rvdev->vdev_child[0]->vdev_ops->vdev_op_type;
1443 			if (strcmp(vdev_type, VDEV_TYPE_RAIDZ) == 0 ||
1444 			    (strcmp(vdev_type, VDEV_TYPE_MIRROR) != 0 &&
1445 			    rvdev->vdev_children > 1)) {
1446 				error = ENOTSUP;
1447 				break;
1448 			}
1449 
1450 			reset_bootfs = 1;
1451 
1452 			VERIFY(nvpair_value_string(elem, &strval) == 0);
1453 			if (strval == NULL || strval[0] == '\0') {
1454 				objnum = zpool_prop_default_numeric(
1455 				    ZPOOL_PROP_BOOTFS);
1456 				break;
1457 			}
1458 
1459 			if (error = dmu_objset_open(strval, DMU_OST_ZFS,
1460 			    DS_MODE_STANDARD | DS_MODE_READONLY, &os))
1461 				break;
1462 			objnum = dmu_objset_id(os);
1463 			dmu_objset_close(os);
1464 			break;
1465 		}
1466 
1467 		if (error)
1468 			break;
1469 	}
1470 	if (error == 0) {
1471 		if (reset_bootfs) {
1472 			VERIFY(nvlist_remove(nvl,
1473 			    zpool_prop_to_name(ZPOOL_PROP_BOOTFS),
1474 			    DATA_TYPE_STRING) == 0);
1475 			VERIFY(nvlist_add_uint64(nvl,
1476 			    zpool_prop_to_name(ZPOOL_PROP_BOOTFS),
1477 			    objnum) == 0);
1478 		}
1479 		error = spa_set_props(spa, nvl);
1480 	}
1481 
1482 	nvlist_free(nvl);
1483 	spa_close(spa, FTAG);
1484 
1485 	return (error);
1486 }
1487 
1488 static int
1489 zfs_ioc_pool_get_props(zfs_cmd_t *zc)
1490 {
1491 	spa_t *spa;
1492 	int error;
1493 	nvlist_t *nvp = NULL;
1494 
1495 	if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1496 		return (error);
1497 
1498 	error = spa_get_props(spa, &nvp);
1499 
1500 	if (error == 0 && zc->zc_nvlist_dst != NULL)
1501 		error = put_nvlist(zc, nvp);
1502 	else
1503 		error = EFAULT;
1504 
1505 	spa_close(spa, FTAG);
1506 
1507 	if (nvp)
1508 		nvlist_free(nvp);
1509 	return (error);
1510 }
1511 
1512 static int
1513 zfs_ioc_iscsi_perm_check(zfs_cmd_t *zc)
1514 {
1515 	nvlist_t *nvp;
1516 	int error;
1517 	uint32_t uid;
1518 	uint32_t gid;
1519 	uint32_t *groups;
1520 	uint_t group_cnt;
1521 	cred_t	*usercred;
1522 
1523 	if ((error = get_nvlist(zc, &nvp)) != 0) {
1524 		return (error);
1525 	}
1526 
1527 	if ((error = nvlist_lookup_uint32(nvp,
1528 	    ZFS_DELEG_PERM_UID, &uid)) != 0) {
1529 		nvlist_free(nvp);
1530 		return (EPERM);
1531 	}
1532 
1533 	if ((error = nvlist_lookup_uint32(nvp,
1534 	    ZFS_DELEG_PERM_GID, &gid)) != 0) {
1535 		nvlist_free(nvp);
1536 		return (EPERM);
1537 	}
1538 
1539 	if ((error = nvlist_lookup_uint32_array(nvp, ZFS_DELEG_PERM_GROUPS,
1540 	    &groups, &group_cnt)) != 0) {
1541 		nvlist_free(nvp);
1542 		return (EPERM);
1543 	}
1544 	usercred = cralloc();
1545 	if ((crsetugid(usercred, uid, gid) != 0) ||
1546 	    (crsetgroups(usercred, group_cnt, (gid_t *)groups) != 0)) {
1547 		nvlist_free(nvp);
1548 		crfree(usercred);
1549 		return (EPERM);
1550 	}
1551 	nvlist_free(nvp);
1552 	error = dsl_deleg_access(zc->zc_name,
1553 	    zfs_prop_to_name(ZFS_PROP_SHAREISCSI), usercred);
1554 	crfree(usercred);
1555 	return (error);
1556 }
1557 
1558 static int
1559 zfs_ioc_set_fsacl(zfs_cmd_t *zc)
1560 {
1561 	int error;
1562 	nvlist_t *fsaclnv = NULL;
1563 
1564 	if ((error = get_nvlist(zc, &fsaclnv)) != 0)
1565 		return (error);
1566 
1567 	/*
1568 	 * Verify nvlist is constructed correctly
1569 	 */
1570 	if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) {
1571 		nvlist_free(fsaclnv);
1572 		return (EINVAL);
1573 	}
1574 
1575 	/*
1576 	 * If we don't have PRIV_SYS_MOUNT, then validate
1577 	 * that user is allowed to hand out each permission in
1578 	 * the nvlist(s)
1579 	 */
1580 
1581 	error = secpolicy_zfs(CRED());
1582 	if (error) {
1583 		if (zc->zc_perm_action == B_FALSE) {
1584 			error = dsl_deleg_can_allow(zc->zc_name,
1585 			    fsaclnv, CRED());
1586 		} else {
1587 			error = dsl_deleg_can_unallow(zc->zc_name,
1588 			    fsaclnv, CRED());
1589 		}
1590 	}
1591 
1592 	if (error == 0)
1593 		error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action);
1594 
1595 	nvlist_free(fsaclnv);
1596 	return (error);
1597 }
1598 
1599 static int
1600 zfs_ioc_get_fsacl(zfs_cmd_t *zc)
1601 {
1602 	nvlist_t *nvp;
1603 	int error;
1604 
1605 	if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) {
1606 		error = put_nvlist(zc, nvp);
1607 		nvlist_free(nvp);
1608 	}
1609 
1610 	return (error);
1611 }
1612 
1613 static int
1614 zfs_ioc_create_minor(zfs_cmd_t *zc)
1615 {
1616 	return (zvol_create_minor(zc->zc_name, ddi_driver_major(zfs_dip)));
1617 }
1618 
1619 static int
1620 zfs_ioc_remove_minor(zfs_cmd_t *zc)
1621 {
1622 	return (zvol_remove_minor(zc->zc_name));
1623 }
1624 
1625 /*
1626  * Search the vfs list for a specified resource.  Returns a pointer to it
1627  * or NULL if no suitable entry is found. The caller of this routine
1628  * is responsible for releasing the returned vfs pointer.
1629  */
1630 static vfs_t *
1631 zfs_get_vfs(const char *resource)
1632 {
1633 	struct vfs *vfsp;
1634 	struct vfs *vfs_found = NULL;
1635 
1636 	vfs_list_read_lock();
1637 	vfsp = rootvfs;
1638 	do {
1639 		if (strcmp(refstr_value(vfsp->vfs_resource), resource) == 0) {
1640 			VFS_HOLD(vfsp);
1641 			vfs_found = vfsp;
1642 			break;
1643 		}
1644 		vfsp = vfsp->vfs_next;
1645 	} while (vfsp != rootvfs);
1646 	vfs_list_unlock();
1647 	return (vfs_found);
1648 }
1649 
1650 /* ARGSUSED */
1651 static void
1652 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx)
1653 {
1654 	nvlist_t *nvprops = arg;
1655 	uint64_t version = ZPL_VERSION;
1656 
1657 	(void) nvlist_lookup_uint64(nvprops,
1658 	    zfs_prop_to_name(ZFS_PROP_VERSION), &version);
1659 
1660 	zfs_create_fs(os, cr, version, tx);
1661 }
1662 
1663 static int
1664 zfs_ioc_create(zfs_cmd_t *zc)
1665 {
1666 	objset_t *clone;
1667 	int error = 0;
1668 	nvlist_t *nvprops = NULL;
1669 	void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx);
1670 	dmu_objset_type_t type = zc->zc_objset_type;
1671 
1672 	switch (type) {
1673 
1674 	case DMU_OST_ZFS:
1675 		cbfunc = zfs_create_cb;
1676 		break;
1677 
1678 	case DMU_OST_ZVOL:
1679 		cbfunc = zvol_create_cb;
1680 		break;
1681 
1682 	default:
1683 		cbfunc = NULL;
1684 	}
1685 	if (strchr(zc->zc_name, '@'))
1686 		return (EINVAL);
1687 
1688 	if (zc->zc_nvlist_src != NULL &&
1689 	    (error = get_nvlist(zc, &nvprops)) != 0)
1690 		return (error);
1691 
1692 	if (zc->zc_value[0] != '\0') {
1693 		/*
1694 		 * We're creating a clone of an existing snapshot.
1695 		 */
1696 		zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
1697 		if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0) {
1698 			nvlist_free(nvprops);
1699 			return (EINVAL);
1700 		}
1701 
1702 		error = dmu_objset_open(zc->zc_value, type,
1703 		    DS_MODE_STANDARD | DS_MODE_READONLY, &clone);
1704 		if (error) {
1705 			nvlist_free(nvprops);
1706 			return (error);
1707 		}
1708 		error = dmu_objset_create(zc->zc_name, type, clone, NULL, NULL);
1709 		dmu_objset_close(clone);
1710 	} else {
1711 		if (cbfunc == NULL) {
1712 			nvlist_free(nvprops);
1713 			return (EINVAL);
1714 		}
1715 
1716 		if (type == DMU_OST_ZVOL) {
1717 			uint64_t volsize, volblocksize;
1718 
1719 			if (nvprops == NULL ||
1720 			    nvlist_lookup_uint64(nvprops,
1721 			    zfs_prop_to_name(ZFS_PROP_VOLSIZE),
1722 			    &volsize) != 0) {
1723 				nvlist_free(nvprops);
1724 				return (EINVAL);
1725 			}
1726 
1727 			if ((error = nvlist_lookup_uint64(nvprops,
1728 			    zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
1729 			    &volblocksize)) != 0 && error != ENOENT) {
1730 				nvlist_free(nvprops);
1731 				return (EINVAL);
1732 			}
1733 
1734 			if (error != 0)
1735 				volblocksize = zfs_prop_default_numeric(
1736 				    ZFS_PROP_VOLBLOCKSIZE);
1737 
1738 			if ((error = zvol_check_volblocksize(
1739 			    volblocksize)) != 0 ||
1740 			    (error = zvol_check_volsize(volsize,
1741 			    volblocksize)) != 0) {
1742 				nvlist_free(nvprops);
1743 				return (error);
1744 			}
1745 		} else if (type == DMU_OST_ZFS) {
1746 			uint64_t version;
1747 
1748 			if (0 == nvlist_lookup_uint64(nvprops,
1749 			    zfs_prop_to_name(ZFS_PROP_VERSION), &version) &&
1750 			    (version < ZPL_VERSION_INITIAL ||
1751 			    version > ZPL_VERSION)) {
1752 				nvlist_free(nvprops);
1753 				return (EINVAL);
1754 			}
1755 		}
1756 
1757 		error = dmu_objset_create(zc->zc_name, type, NULL, cbfunc,
1758 		    nvprops);
1759 	}
1760 
1761 	/*
1762 	 * It would be nice to do this atomically.
1763 	 */
1764 	if (error == 0) {
1765 		if ((error = zfs_set_prop_nvlist(zc->zc_name, nvprops)) != 0)
1766 			(void) dmu_objset_destroy(zc->zc_name);
1767 	}
1768 
1769 	nvlist_free(nvprops);
1770 	return (error);
1771 }
1772 
1773 static int
1774 zfs_ioc_snapshot(zfs_cmd_t *zc)
1775 {
1776 	if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
1777 		return (EINVAL);
1778 	return (dmu_objset_snapshot(zc->zc_name,
1779 	    zc->zc_value, zc->zc_cookie));
1780 }
1781 
1782 int
1783 zfs_unmount_snap(char *name, void *arg)
1784 {
1785 	char *snapname = arg;
1786 	char *cp;
1787 	vfs_t *vfsp = NULL;
1788 
1789 	/*
1790 	 * Snapshots (which are under .zfs control) must be unmounted
1791 	 * before they can be destroyed.
1792 	 */
1793 
1794 	if (snapname) {
1795 		(void) strcat(name, "@");
1796 		(void) strcat(name, snapname);
1797 		vfsp = zfs_get_vfs(name);
1798 		cp = strchr(name, '@');
1799 		*cp = '\0';
1800 	} else if (strchr(name, '@')) {
1801 		vfsp = zfs_get_vfs(name);
1802 	}
1803 
1804 	if (vfsp) {
1805 		/*
1806 		 * Always force the unmount for snapshots.
1807 		 */
1808 		int flag = MS_FORCE;
1809 		int err;
1810 
1811 		if ((err = vn_vfswlock(vfsp->vfs_vnodecovered)) != 0) {
1812 			VFS_RELE(vfsp);
1813 			return (err);
1814 		}
1815 		VFS_RELE(vfsp);
1816 		if ((err = dounmount(vfsp, flag, kcred)) != 0)
1817 			return (err);
1818 	}
1819 	return (0);
1820 }
1821 
1822 static int
1823 zfs_ioc_destroy_snaps(zfs_cmd_t *zc)
1824 {
1825 	int err;
1826 
1827 	if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
1828 		return (EINVAL);
1829 	err = dmu_objset_find(zc->zc_name,
1830 	    zfs_unmount_snap, zc->zc_value, DS_FIND_CHILDREN);
1831 	if (err)
1832 		return (err);
1833 	return (dmu_snapshots_destroy(zc->zc_name, zc->zc_value));
1834 }
1835 
1836 static int
1837 zfs_ioc_destroy(zfs_cmd_t *zc)
1838 {
1839 	if (strchr(zc->zc_name, '@') && zc->zc_objset_type == DMU_OST_ZFS) {
1840 		int err = zfs_unmount_snap(zc->zc_name, NULL);
1841 		if (err)
1842 			return (err);
1843 	}
1844 
1845 	return (dmu_objset_destroy(zc->zc_name));
1846 }
1847 
1848 static int
1849 zfs_ioc_rollback(zfs_cmd_t *zc)
1850 {
1851 	return (dmu_objset_rollback(zc->zc_name));
1852 }
1853 
1854 static int
1855 zfs_ioc_rename(zfs_cmd_t *zc)
1856 {
1857 	boolean_t recursive = zc->zc_cookie & 1;
1858 
1859 	zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
1860 	if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0)
1861 		return (EINVAL);
1862 
1863 	/*
1864 	 * Unmount snapshot unless we're doing a recursive rename,
1865 	 * in which case the dataset code figures out which snapshots
1866 	 * to unmount.
1867 	 */
1868 	if (!recursive && strchr(zc->zc_name, '@') != NULL &&
1869 	    zc->zc_objset_type == DMU_OST_ZFS) {
1870 		int err = zfs_unmount_snap(zc->zc_name, NULL);
1871 		if (err)
1872 			return (err);
1873 	}
1874 
1875 	return (dmu_objset_rename(zc->zc_name, zc->zc_value, recursive));
1876 }
1877 
1878 static int
1879 zfs_ioc_recvbackup(zfs_cmd_t *zc)
1880 {
1881 	file_t *fp;
1882 	int error, fd;
1883 	offset_t new_off;
1884 
1885 	if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
1886 	    strchr(zc->zc_value, '@') == NULL)
1887 		return (EINVAL);
1888 
1889 	fd = zc->zc_cookie;
1890 	fp = getf(fd);
1891 	if (fp == NULL)
1892 		return (EBADF);
1893 	error = dmu_recvbackup(zc->zc_value, &zc->zc_begin_record,
1894 	    &zc->zc_cookie, (boolean_t)zc->zc_guid, fp->f_vnode,
1895 	    fp->f_offset);
1896 
1897 	new_off = fp->f_offset + zc->zc_cookie;
1898 	if (VOP_SEEK(fp->f_vnode, fp->f_offset, &new_off) == 0)
1899 		fp->f_offset = new_off;
1900 
1901 	releasef(fd);
1902 	return (error);
1903 }
1904 
1905 static int
1906 zfs_ioc_sendbackup(zfs_cmd_t *zc)
1907 {
1908 	objset_t *fromsnap = NULL;
1909 	objset_t *tosnap;
1910 	file_t *fp;
1911 	int error;
1912 
1913 	error = dmu_objset_open(zc->zc_name, DMU_OST_ANY,
1914 	    DS_MODE_STANDARD | DS_MODE_READONLY, &tosnap);
1915 	if (error)
1916 		return (error);
1917 
1918 	if (zc->zc_value[0] != '\0') {
1919 		char buf[MAXPATHLEN];
1920 		char *cp;
1921 
1922 		(void) strncpy(buf, zc->zc_name, sizeof (buf));
1923 		cp = strchr(buf, '@');
1924 		if (cp)
1925 			*(cp+1) = 0;
1926 		(void) strncat(buf, zc->zc_value, sizeof (buf));
1927 		error = dmu_objset_open(buf, DMU_OST_ANY,
1928 		    DS_MODE_STANDARD | DS_MODE_READONLY, &fromsnap);
1929 		if (error) {
1930 			dmu_objset_close(tosnap);
1931 			return (error);
1932 		}
1933 	}
1934 
1935 	fp = getf(zc->zc_cookie);
1936 	if (fp == NULL) {
1937 		dmu_objset_close(tosnap);
1938 		if (fromsnap)
1939 			dmu_objset_close(fromsnap);
1940 		return (EBADF);
1941 	}
1942 
1943 	error = dmu_sendbackup(tosnap, fromsnap, fp->f_vnode);
1944 
1945 	releasef(zc->zc_cookie);
1946 	if (fromsnap)
1947 		dmu_objset_close(fromsnap);
1948 	dmu_objset_close(tosnap);
1949 	return (error);
1950 }
1951 
1952 static int
1953 zfs_ioc_inject_fault(zfs_cmd_t *zc)
1954 {
1955 	int id, error;
1956 
1957 	error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id,
1958 	    &zc->zc_inject_record);
1959 
1960 	if (error == 0)
1961 		zc->zc_guid = (uint64_t)id;
1962 
1963 	return (error);
1964 }
1965 
1966 static int
1967 zfs_ioc_clear_fault(zfs_cmd_t *zc)
1968 {
1969 	return (zio_clear_fault((int)zc->zc_guid));
1970 }
1971 
1972 static int
1973 zfs_ioc_inject_list_next(zfs_cmd_t *zc)
1974 {
1975 	int id = (int)zc->zc_guid;
1976 	int error;
1977 
1978 	error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name),
1979 	    &zc->zc_inject_record);
1980 
1981 	zc->zc_guid = id;
1982 
1983 	return (error);
1984 }
1985 
1986 static int
1987 zfs_ioc_error_log(zfs_cmd_t *zc)
1988 {
1989 	spa_t *spa;
1990 	int error;
1991 	size_t count = (size_t)zc->zc_nvlist_dst_size;
1992 
1993 	if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1994 		return (error);
1995 
1996 	error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst,
1997 	    &count);
1998 	if (error == 0)
1999 		zc->zc_nvlist_dst_size = count;
2000 	else
2001 		zc->zc_nvlist_dst_size = spa_get_errlog_size(spa);
2002 
2003 	spa_close(spa, FTAG);
2004 
2005 	return (error);
2006 }
2007 
2008 static int
2009 zfs_ioc_clear(zfs_cmd_t *zc)
2010 {
2011 	spa_t *spa;
2012 	vdev_t *vd;
2013 	uint64_t txg;
2014 	int error;
2015 
2016 	if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
2017 		return (error);
2018 
2019 	txg = spa_vdev_enter(spa);
2020 
2021 	if (zc->zc_guid == 0) {
2022 		vd = NULL;
2023 	} else if ((vd = spa_lookup_by_guid(spa, zc->zc_guid)) == NULL) {
2024 		(void) spa_vdev_exit(spa, NULL, txg, ENODEV);
2025 		spa_close(spa, FTAG);
2026 		return (ENODEV);
2027 	}
2028 
2029 	vdev_clear(spa, vd);
2030 
2031 	(void) spa_vdev_exit(spa, NULL, txg, 0);
2032 
2033 	spa_close(spa, FTAG);
2034 
2035 	return (0);
2036 }
2037 
2038 static int
2039 zfs_ioc_promote(zfs_cmd_t *zc)
2040 {
2041 	char *cp;
2042 
2043 	/*
2044 	 * We don't need to unmount *all* the origin fs's snapshots, but
2045 	 * it's easier.
2046 	 */
2047 	cp = strchr(zc->zc_value, '@');
2048 	if (cp)
2049 		*cp = '\0';
2050 	(void) dmu_objset_find(zc->zc_value,
2051 	    zfs_unmount_snap, NULL, DS_FIND_SNAPSHOTS);
2052 	return (dsl_dataset_promote(zc->zc_name));
2053 }
2054 
2055 /*
2056  * We don't want to have a hard dependency
2057  * against some special symbols in sharefs
2058  * and nfs.  Determine them if needed when
2059  * the first file system is shared.
2060  * Neither sharefs or nfs are unloadable modules.
2061  */
2062 int (*zexport_fs)(void *arg);
2063 int (*zshare_fs)(enum sharefs_sys_op, share_t *, uint32_t);
2064 
2065 int zfs_share_inited;
2066 ddi_modhandle_t nfs_mod;
2067 ddi_modhandle_t sharefs_mod;
2068 kmutex_t zfs_share_lock;
2069 
2070 static int
2071 zfs_ioc_share(zfs_cmd_t *zc)
2072 {
2073 	int error;
2074 	int opcode;
2075 
2076 	if (zfs_share_inited == 0) {
2077 		mutex_enter(&zfs_share_lock);
2078 		nfs_mod = ddi_modopen("fs/nfs", KRTLD_MODE_FIRST, &error);
2079 		sharefs_mod = ddi_modopen("fs/sharefs",
2080 		    KRTLD_MODE_FIRST, &error);
2081 		if (nfs_mod == NULL || sharefs_mod == NULL) {
2082 			mutex_exit(&zfs_share_lock);
2083 			return (ENOSYS);
2084 		}
2085 		if (zexport_fs == NULL && ((zexport_fs = (int (*)(void *))
2086 		    ddi_modsym(nfs_mod, "nfs_export", &error)) == NULL)) {
2087 			mutex_exit(&zfs_share_lock);
2088 			return (ENOSYS);
2089 		}
2090 
2091 		if (zshare_fs == NULL && ((zshare_fs =
2092 		    (int (*)(enum sharefs_sys_op, share_t *, uint32_t))
2093 		    ddi_modsym(sharefs_mod, "sharefs_impl", &error)) == NULL)) {
2094 			mutex_exit(&zfs_share_lock);
2095 			return (ENOSYS);
2096 		}
2097 		zfs_share_inited = 1;
2098 		mutex_exit(&zfs_share_lock);
2099 	}
2100 
2101 	if (error = zexport_fs((void *)(uintptr_t)zc->zc_share.z_exportdata))
2102 		return (error);
2103 
2104 	opcode = (zc->zc_share.z_sharetype == B_TRUE) ?
2105 	    SHAREFS_ADD : SHAREFS_REMOVE;
2106 
2107 	error = zshare_fs(opcode,
2108 	    (void *)(uintptr_t)zc->zc_share.z_sharedata,
2109 	    zc->zc_share.z_sharemax);
2110 
2111 	return (error);
2112 
2113 }
2114 
2115 /*
2116  * pool destroy and pool export don't log the history as part of zfsdev_ioctl,
2117  * but rather zfs_ioc_pool_create, and zfs_ioc_pool_export do the loggin
2118  * of those commands.
2119  */
2120 static zfs_ioc_vec_t zfs_ioc_vec[] = {
2121 	{ zfs_ioc_pool_create, zfs_secpolicy_config, POOL_NAME, B_FALSE },
2122 	{ zfs_ioc_pool_destroy,	zfs_secpolicy_config, POOL_NAME, B_FALSE },
2123 	{ zfs_ioc_pool_import, zfs_secpolicy_config, POOL_NAME, B_TRUE },
2124 	{ zfs_ioc_pool_export, zfs_secpolicy_config, POOL_NAME, B_FALSE },
2125 	{ zfs_ioc_pool_configs,	zfs_secpolicy_none, NO_NAME, B_FALSE },
2126 	{ zfs_ioc_pool_stats, zfs_secpolicy_read, POOL_NAME, B_FALSE },
2127 	{ zfs_ioc_pool_tryimport, zfs_secpolicy_config, NO_NAME, B_FALSE },
2128 	{ zfs_ioc_pool_scrub, zfs_secpolicy_config, POOL_NAME, B_TRUE },
2129 	{ zfs_ioc_pool_freeze, zfs_secpolicy_config, NO_NAME, B_FALSE },
2130 	{ zfs_ioc_pool_upgrade,	zfs_secpolicy_config, POOL_NAME, B_TRUE },
2131 	{ zfs_ioc_pool_get_history, zfs_secpolicy_config, POOL_NAME, B_FALSE },
2132 	{ zfs_ioc_vdev_add, zfs_secpolicy_config, POOL_NAME, B_TRUE },
2133 	{ zfs_ioc_vdev_remove, zfs_secpolicy_config, POOL_NAME, B_TRUE },
2134 	{ zfs_ioc_vdev_set_state, zfs_secpolicy_config,	POOL_NAME, B_TRUE },
2135 	{ zfs_ioc_vdev_attach, zfs_secpolicy_config, POOL_NAME, B_TRUE },
2136 	{ zfs_ioc_vdev_detach, zfs_secpolicy_config, POOL_NAME, B_TRUE },
2137 	{ zfs_ioc_vdev_setpath,	zfs_secpolicy_config, POOL_NAME, B_FALSE },
2138 	{ zfs_ioc_objset_stats,	zfs_secpolicy_read, DATASET_NAME, B_FALSE },
2139 	{ zfs_ioc_dataset_list_next, zfs_secpolicy_read,
2140 	    DATASET_NAME, B_FALSE },
2141 	{ zfs_ioc_snapshot_list_next, zfs_secpolicy_read,
2142 	    DATASET_NAME, B_FALSE },
2143 	{ zfs_ioc_set_prop, zfs_secpolicy_none, DATASET_NAME, B_TRUE },
2144 	{ zfs_ioc_create_minor,	zfs_secpolicy_minor, DATASET_NAME, B_FALSE },
2145 	{ zfs_ioc_remove_minor,	zfs_secpolicy_minor, DATASET_NAME, B_FALSE },
2146 	{ zfs_ioc_create, zfs_secpolicy_create, DATASET_NAME, B_TRUE },
2147 	{ zfs_ioc_destroy, zfs_secpolicy_destroy, DATASET_NAME, B_TRUE },
2148 	{ zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME, B_TRUE },
2149 	{ zfs_ioc_rename, zfs_secpolicy_rename,	DATASET_NAME, B_TRUE },
2150 	{ zfs_ioc_recvbackup, zfs_secpolicy_receive, DATASET_NAME, B_TRUE },
2151 	{ zfs_ioc_sendbackup, zfs_secpolicy_send, DATASET_NAME, B_TRUE },
2152 	{ zfs_ioc_inject_fault,	zfs_secpolicy_inject, NO_NAME, B_FALSE },
2153 	{ zfs_ioc_clear_fault, zfs_secpolicy_inject, NO_NAME, B_FALSE },
2154 	{ zfs_ioc_inject_list_next, zfs_secpolicy_inject, NO_NAME, B_FALSE },
2155 	{ zfs_ioc_error_log, zfs_secpolicy_inject, POOL_NAME, B_FALSE },
2156 	{ zfs_ioc_clear, zfs_secpolicy_config, POOL_NAME, B_TRUE },
2157 	{ zfs_ioc_promote, zfs_secpolicy_promote, DATASET_NAME, B_TRUE },
2158 	{ zfs_ioc_destroy_snaps, zfs_secpolicy_destroy,	DATASET_NAME, B_TRUE },
2159 	{ zfs_ioc_snapshot, zfs_secpolicy_snapshot, DATASET_NAME, B_TRUE },
2160 	{ zfs_ioc_dsobj_to_dsname, zfs_secpolicy_config, POOL_NAME, B_FALSE },
2161 	{ zfs_ioc_obj_to_path, zfs_secpolicy_config, NO_NAME, B_FALSE },
2162 	{ zfs_ioc_pool_set_props, zfs_secpolicy_config,	POOL_NAME, B_TRUE },
2163 	{ zfs_ioc_pool_get_props, zfs_secpolicy_read, POOL_NAME, B_FALSE },
2164 	{ zfs_ioc_set_fsacl, zfs_secpolicy_fsacl, DATASET_NAME, B_TRUE },
2165 	{ zfs_ioc_get_fsacl, zfs_secpolicy_read, DATASET_NAME, B_FALSE },
2166 	{ zfs_ioc_iscsi_perm_check, zfs_secpolicy_iscsi,
2167 	    DATASET_NAME, B_FALSE },
2168 	{ zfs_ioc_share, zfs_secpolicy_share, DATASET_NAME, B_FALSE },
2169 	{ zfs_ioc_inherit_prop, zfs_secpolicy_inherit, DATASET_NAME, B_TRUE },
2170 };
2171 
2172 static int
2173 zfsdev_ioctl(dev_t dev, int cmd, intptr_t arg, int flag, cred_t *cr, int *rvalp)
2174 {
2175 	zfs_cmd_t *zc;
2176 	uint_t vec;
2177 	int error, rc;
2178 
2179 	if (getminor(dev) != 0)
2180 		return (zvol_ioctl(dev, cmd, arg, flag, cr, rvalp));
2181 
2182 	vec = cmd - ZFS_IOC;
2183 	ASSERT3U(getmajor(dev), ==, ddi_driver_major(zfs_dip));
2184 
2185 	if (vec >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0]))
2186 		return (EINVAL);
2187 
2188 	zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
2189 
2190 	error = xcopyin((void *)arg, zc, sizeof (zfs_cmd_t));
2191 
2192 	if (error == 0)
2193 		error = zfs_ioc_vec[vec].zvec_secpolicy(zc, cr);
2194 
2195 	/*
2196 	 * Ensure that all pool/dataset names are valid before we pass down to
2197 	 * the lower layers.
2198 	 */
2199 	if (error == 0) {
2200 		zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
2201 		switch (zfs_ioc_vec[vec].zvec_namecheck) {
2202 		case POOL_NAME:
2203 			if (pool_namecheck(zc->zc_name, NULL, NULL) != 0)
2204 				error = EINVAL;
2205 			break;
2206 
2207 		case DATASET_NAME:
2208 			if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0)
2209 				error = EINVAL;
2210 			break;
2211 
2212 		case NO_NAME:
2213 			break;
2214 		}
2215 	}
2216 
2217 	if (error == 0)
2218 		error = zfs_ioc_vec[vec].zvec_func(zc);
2219 
2220 	rc = xcopyout(zc, (void *)arg, sizeof (zfs_cmd_t));
2221 	if (error == 0) {
2222 		error = rc;
2223 		if (zfs_ioc_vec[vec].zvec_his_log == B_TRUE)
2224 			zfs_log_history(zc);
2225 	}
2226 
2227 	kmem_free(zc, sizeof (zfs_cmd_t));
2228 	return (error);
2229 }
2230 
2231 static int
2232 zfs_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
2233 {
2234 	if (cmd != DDI_ATTACH)
2235 		return (DDI_FAILURE);
2236 
2237 	if (ddi_create_minor_node(dip, "zfs", S_IFCHR, 0,
2238 	    DDI_PSEUDO, 0) == DDI_FAILURE)
2239 		return (DDI_FAILURE);
2240 
2241 	zfs_dip = dip;
2242 
2243 	ddi_report_dev(dip);
2244 
2245 	return (DDI_SUCCESS);
2246 }
2247 
2248 static int
2249 zfs_detach(dev_info_t *dip, ddi_detach_cmd_t cmd)
2250 {
2251 	if (spa_busy() || zfs_busy() || zvol_busy())
2252 		return (DDI_FAILURE);
2253 
2254 	if (cmd != DDI_DETACH)
2255 		return (DDI_FAILURE);
2256 
2257 	zfs_dip = NULL;
2258 
2259 	ddi_prop_remove_all(dip);
2260 	ddi_remove_minor_node(dip, NULL);
2261 
2262 	return (DDI_SUCCESS);
2263 }
2264 
2265 /*ARGSUSED*/
2266 static int
2267 zfs_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result)
2268 {
2269 	switch (infocmd) {
2270 	case DDI_INFO_DEVT2DEVINFO:
2271 		*result = zfs_dip;
2272 		return (DDI_SUCCESS);
2273 
2274 	case DDI_INFO_DEVT2INSTANCE:
2275 		*result = (void *)0;
2276 		return (DDI_SUCCESS);
2277 	}
2278 
2279 	return (DDI_FAILURE);
2280 }
2281 
2282 /*
2283  * OK, so this is a little weird.
2284  *
2285  * /dev/zfs is the control node, i.e. minor 0.
2286  * /dev/zvol/[r]dsk/pool/dataset are the zvols, minor > 0.
2287  *
2288  * /dev/zfs has basically nothing to do except serve up ioctls,
2289  * so most of the standard driver entry points are in zvol.c.
2290  */
2291 static struct cb_ops zfs_cb_ops = {
2292 	zvol_open,	/* open */
2293 	zvol_close,	/* close */
2294 	zvol_strategy,	/* strategy */
2295 	nodev,		/* print */
2296 	nodev,		/* dump */
2297 	zvol_read,	/* read */
2298 	zvol_write,	/* write */
2299 	zfsdev_ioctl,	/* ioctl */
2300 	nodev,		/* devmap */
2301 	nodev,		/* mmap */
2302 	nodev,		/* segmap */
2303 	nochpoll,	/* poll */
2304 	ddi_prop_op,	/* prop_op */
2305 	NULL,		/* streamtab */
2306 	D_NEW | D_MP | D_64BIT,		/* Driver compatibility flag */
2307 	CB_REV,		/* version */
2308 	nodev,		/* async read */
2309 	nodev,		/* async write */
2310 };
2311 
2312 static struct dev_ops zfs_dev_ops = {
2313 	DEVO_REV,	/* version */
2314 	0,		/* refcnt */
2315 	zfs_info,	/* info */
2316 	nulldev,	/* identify */
2317 	nulldev,	/* probe */
2318 	zfs_attach,	/* attach */
2319 	zfs_detach,	/* detach */
2320 	nodev,		/* reset */
2321 	&zfs_cb_ops,	/* driver operations */
2322 	NULL		/* no bus operations */
2323 };
2324 
2325 static struct modldrv zfs_modldrv = {
2326 	&mod_driverops, "ZFS storage pool version " SPA_VERSION_STRING,
2327 	    &zfs_dev_ops
2328 };
2329 
2330 static struct modlinkage modlinkage = {
2331 	MODREV_1,
2332 	(void *)&zfs_modlfs,
2333 	(void *)&zfs_modldrv,
2334 	NULL
2335 };
2336 
2337 
2338 uint_t zfs_fsyncer_key;
2339 
2340 int
2341 _init(void)
2342 {
2343 	int error;
2344 
2345 	spa_init(FREAD | FWRITE);
2346 	zfs_init();
2347 	zvol_init();
2348 
2349 	if ((error = mod_install(&modlinkage)) != 0) {
2350 		zvol_fini();
2351 		zfs_fini();
2352 		spa_fini();
2353 		return (error);
2354 	}
2355 
2356 	tsd_create(&zfs_fsyncer_key, NULL);
2357 
2358 	error = ldi_ident_from_mod(&modlinkage, &zfs_li);
2359 	ASSERT(error == 0);
2360 	mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL);
2361 
2362 	return (0);
2363 }
2364 
2365 int
2366 _fini(void)
2367 {
2368 	int error;
2369 
2370 	if (spa_busy() || zfs_busy() || zvol_busy() || zio_injection_enabled)
2371 		return (EBUSY);
2372 
2373 	if ((error = mod_remove(&modlinkage)) != 0)
2374 		return (error);
2375 
2376 	zvol_fini();
2377 	zfs_fini();
2378 	spa_fini();
2379 	if (zfs_share_inited) {
2380 		(void) ddi_modclose(nfs_mod);
2381 		(void) ddi_modclose(sharefs_mod);
2382 	}
2383 
2384 	tsd_destroy(&zfs_fsyncer_key);
2385 	ldi_ident_release(zfs_li);
2386 	zfs_li = NULL;
2387 	mutex_destroy(&zfs_share_lock);
2388 
2389 	return (error);
2390 }
2391 
2392 int
2393 _info(struct modinfo *modinfop)
2394 {
2395 	return (mod_info(&modlinkage, modinfop));
2396 }
2397