xref: /titanic_52/usr/src/lib/libzfs/common/libzfs_dataset.c (revision 97dfde0e576e5aaee47d98d1d8098fe4ad188e3b)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 #include <assert.h>
30 #include <ctype.h>
31 #include <errno.h>
32 #include <libdevinfo.h>
33 #include <libintl.h>
34 #include <math.h>
35 #include <stdio.h>
36 #include <stdlib.h>
37 #include <strings.h>
38 #include <unistd.h>
39 #include <zone.h>
40 #include <sys/mntent.h>
41 #include <sys/mnttab.h>
42 #include <sys/mount.h>
43 
44 #include <sys/spa.h>
45 #include <sys/zio.h>
46 #include <libzfs.h>
47 
48 #include "zfs_namecheck.h"
49 #include "zfs_prop.h"
50 #include "libzfs_impl.h"
51 
52 /*
53  * Given a single type (not a mask of types), return the type in a human
54  * readable form.
55  */
56 const char *
57 zfs_type_to_name(zfs_type_t type)
58 {
59 	switch (type) {
60 	case ZFS_TYPE_FILESYSTEM:
61 		return (dgettext(TEXT_DOMAIN, "filesystem"));
62 	case ZFS_TYPE_SNAPSHOT:
63 		return (dgettext(TEXT_DOMAIN, "snapshot"));
64 	case ZFS_TYPE_VOLUME:
65 		return (dgettext(TEXT_DOMAIN, "volume"));
66 	}
67 
68 	zfs_baderror(type);
69 	return (NULL);
70 }
71 
72 /*
73  * Given a path and mask of ZFS types, return a string describing this dataset.
74  * This is used when we fail to open a dataset and we cannot get an exact type.
75  * We guess what the type would have been based on the path and the mask of
76  * acceptable types.
77  */
78 static const char *
79 path_to_str(const char *path, int types)
80 {
81 	/*
82 	 * When given a single type, always report the exact type.
83 	 */
84 	if (types == ZFS_TYPE_SNAPSHOT)
85 		return (dgettext(TEXT_DOMAIN, "snapshot"));
86 	if (types == ZFS_TYPE_FILESYSTEM)
87 		return (dgettext(TEXT_DOMAIN, "filesystem"));
88 	if (types == ZFS_TYPE_VOLUME)
89 		return (dgettext(TEXT_DOMAIN, "volume"));
90 
91 	/*
92 	 * The user is requesting more than one type of dataset.  If this is the
93 	 * case, consult the path itself.  If we're looking for a snapshot, and
94 	 * a '@' is found, then report it as "snapshot".  Otherwise, remove the
95 	 * snapshot attribute and try again.
96 	 */
97 	if (types & ZFS_TYPE_SNAPSHOT) {
98 		if (strchr(path, '@') != NULL)
99 			return (dgettext(TEXT_DOMAIN, "snapshot"));
100 		return (path_to_str(path, types & ~ZFS_TYPE_SNAPSHOT));
101 	}
102 
103 
104 	/*
105 	 * The user has requested either filesystems or volumes.
106 	 * We have no way of knowing a priori what type this would be, so always
107 	 * report it as "filesystem" or "volume", our two primitive types.
108 	 */
109 	if (types & ZFS_TYPE_FILESYSTEM)
110 		return (dgettext(TEXT_DOMAIN, "filesystem"));
111 
112 	assert(types & ZFS_TYPE_VOLUME);
113 	return (dgettext(TEXT_DOMAIN, "volume"));
114 }
115 
116 /*
117  * Validate a ZFS path.  This is used even before trying to open the dataset, to
118  * provide a more meaningful error message.  We place a more useful message in
119  * 'buf' detailing exactly why the name was not valid.
120  */
121 static int
122 zfs_validate_name(const char *path, int type, char *buf, size_t buflen)
123 {
124 	namecheck_err_t why;
125 	char what;
126 
127 	if (dataset_namecheck(path, &why, &what) != 0) {
128 		if (buf != NULL) {
129 			switch (why) {
130 			case NAME_ERR_TOOLONG:
131 				(void) strlcpy(buf, dgettext(TEXT_DOMAIN,
132 				    "name is too long"), buflen);
133 				break;
134 
135 			case NAME_ERR_LEADING_SLASH:
136 				(void) strlcpy(buf, dgettext(TEXT_DOMAIN,
137 				    "leading slash"), buflen);
138 				break;
139 
140 			case NAME_ERR_EMPTY_COMPONENT:
141 				(void) strlcpy(buf, dgettext(TEXT_DOMAIN,
142 				    "empty component"), buflen);
143 				break;
144 
145 			case NAME_ERR_TRAILING_SLASH:
146 				(void) strlcpy(buf, dgettext(TEXT_DOMAIN,
147 				    "trailing slash"), buflen);
148 				break;
149 
150 			case NAME_ERR_INVALCHAR:
151 				(void) snprintf(buf, buflen,
152 				    dgettext(TEXT_DOMAIN, "invalid character "
153 				    "'%c'"), what);
154 				break;
155 
156 			case NAME_ERR_MULTIPLE_AT:
157 				(void) strlcpy(buf, dgettext(TEXT_DOMAIN,
158 				    "multiple '@' delimiters"), buflen);
159 				break;
160 			}
161 		}
162 
163 		return (0);
164 	}
165 
166 	if (!(type & ZFS_TYPE_SNAPSHOT) && strchr(path, '@') != NULL) {
167 		if (buf != NULL)
168 			(void) strlcpy(buf,
169 			    dgettext(TEXT_DOMAIN,
170 			    "snapshot delimiter '@'"), buflen);
171 		return (0);
172 	}
173 
174 	return (1);
175 }
176 
177 int
178 zfs_name_valid(const char *name, zfs_type_t type)
179 {
180 	return (zfs_validate_name(name, type, NULL, NULL));
181 }
182 
183 /*
184  * Utility function to gather stats (objset and zpl) for the given object.
185  */
186 static int
187 get_stats(zfs_handle_t *zhp)
188 {
189 	zfs_cmd_t zc = { 0 };
190 
191 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
192 
193 	/*
194 	 * get the generic DMU stats and per-type (zfs, zvol) stats
195 	 */
196 	if (ioctl(zfs_fd, ZFS_IOC_OBJSET_STATS, &zc) != 0)
197 		return (-1);
198 
199 	bcopy(&zc.zc_objset_stats, &zhp->zfs_dmustats,
200 	    sizeof (zc.zc_objset_stats));
201 
202 	bcopy(&zc.zc_zfs_stats, &zhp->zfs_zplstats, sizeof (zc.zc_zfs_stats));
203 
204 	zhp->zfs_volsize = zc.zc_volsize;
205 	zhp->zfs_volblocksize = zc.zc_volblocksize;
206 
207 	return (0);
208 }
209 
210 /*
211  * Refresh the properties currently stored in the handle.
212  */
213 void
214 zfs_refresh_properties(zfs_handle_t *zhp)
215 {
216 	(void) get_stats(zhp);
217 }
218 
219 /*
220  * Makes a handle from the given dataset name.  Used by zfs_open() and
221  * zfs_iter_* to create child handles on the fly.
222  */
223 zfs_handle_t *
224 make_dataset_handle(const char *path)
225 {
226 	zfs_handle_t *zhp = zfs_malloc(sizeof (zfs_handle_t));
227 
228 	(void) strlcpy(zhp->zfs_name, path, sizeof (zhp->zfs_name));
229 
230 	if (get_stats(zhp) != 0) {
231 		free(zhp);
232 		return (NULL);
233 	}
234 
235 	/*
236 	 * We've managed to open the dataset and gather statistics.  Determine
237 	 * the high-level type.
238 	 */
239 	if (zhp->zfs_dmustats.dds_is_snapshot)
240 		zhp->zfs_type = ZFS_TYPE_SNAPSHOT;
241 	else if (zhp->zfs_dmustats.dds_type == DMU_OST_ZVOL)
242 		zhp->zfs_type = ZFS_TYPE_VOLUME;
243 	else if (zhp->zfs_dmustats.dds_type == DMU_OST_ZFS)
244 		zhp->zfs_type = ZFS_TYPE_FILESYSTEM;
245 	else
246 		/* we should never see any other dataset types */
247 		zfs_baderror(zhp->zfs_dmustats.dds_type);
248 
249 	return (zhp);
250 }
251 
252 /*
253  * Opens the given snapshot, filesystem, or volume.   The 'types'
254  * argument is a mask of acceptable types.  The function will print an
255  * appropriate error message and return NULL if it can't be opened.
256  */
257 zfs_handle_t *
258 zfs_open(const char *path, int types)
259 {
260 	zfs_handle_t *zhp;
261 
262 	/*
263 	 * Validate the name before we even try to open it.  We don't care about
264 	 * the verbose invalid messages here; just report a generic error.
265 	 */
266 	if (!zfs_validate_name(path, types, NULL, 0)) {
267 		zfs_error(dgettext(TEXT_DOMAIN,
268 		    "cannot open '%s': invalid %s name"), path,
269 		    path_to_str(path, types));
270 		return (NULL);
271 	}
272 
273 	/*
274 	 * Try to get stats for the dataset, which will tell us if it exists.
275 	 */
276 	errno = 0;
277 	if ((zhp = make_dataset_handle(path)) == NULL) {
278 		switch (errno) {
279 		case ENOENT:
280 			/*
281 			 * The dataset doesn't exist.
282 			 */
283 			zfs_error(dgettext(TEXT_DOMAIN,
284 			    "cannot open '%s': no such %s"), path,
285 			    path_to_str(path, types));
286 			break;
287 
288 		case EBUSY:
289 			/*
290 			 * We were able to open the dataset but couldn't
291 			 * get the stats.
292 			 */
293 			zfs_error(dgettext(TEXT_DOMAIN,
294 			    "cannot open '%s': %s is busy"), path,
295 			    path_to_str(path, types));
296 			break;
297 
298 		default:
299 			zfs_baderror(errno);
300 
301 		}
302 		return (NULL);
303 	}
304 
305 	if (!(types & zhp->zfs_type)) {
306 		zfs_error(dgettext(TEXT_DOMAIN, "cannot open '%s': operation "
307 		    "not supported for %ss"), path,
308 		    zfs_type_to_name(zhp->zfs_type));
309 		free(zhp);
310 		return (NULL);
311 	}
312 
313 	return (zhp);
314 }
315 
316 /*
317  * Release a ZFS handle.  Nothing to do but free the associated memory.
318  */
319 void
320 zfs_close(zfs_handle_t *zhp)
321 {
322 	if (zhp->zfs_mntopts)
323 		free(zhp->zfs_mntopts);
324 	free(zhp);
325 }
326 
327 struct {
328 	const char *name;
329 	uint64_t value;
330 } checksum_table[] = {
331 	{ "on",		ZIO_CHECKSUM_ON },
332 	{ "off",	ZIO_CHECKSUM_OFF },
333 	{ "fletcher2",	ZIO_CHECKSUM_FLETCHER_2 },
334 	{ "fletcher4",	ZIO_CHECKSUM_FLETCHER_4 },
335 	{ "sha256",	ZIO_CHECKSUM_SHA256 },
336 	{ NULL }
337 };
338 
339 struct {
340 	const char *name;
341 	uint64_t value;
342 } compress_table[] = {
343 	{ "on",		ZIO_COMPRESS_ON },
344 	{ "off",	ZIO_COMPRESS_OFF },
345 	{ "lzjb",	ZIO_COMPRESS_LZJB },
346 	{ NULL }
347 };
348 
349 struct {
350 	const char *name;
351 	uint64_t value;
352 } snapdir_table[] = {
353 	{ "hidden",	ZFS_SNAPDIR_HIDDEN },
354 	{ "visible",	ZFS_SNAPDIR_VISIBLE },
355 	{ NULL }
356 };
357 
358 struct {
359 	const char *name;
360 	uint64_t value;
361 } acl_mode_table[] = {
362 	{ "discard",	DISCARD },
363 	{ "groupmask",	GROUPMASK },
364 	{ "passthrough", PASSTHROUGH },
365 	{ NULL }
366 };
367 
368 struct {
369 	const char *name;
370 	uint64_t value;
371 } acl_inherit_table[] = {
372 	{ "discard",	DISCARD },
373 	{ "noallow",	NOALLOW },
374 	{ "secure",	SECURE },
375 	{ "passthrough", PASSTHROUGH },
376 	{ NULL }
377 };
378 
379 
380 /*
381  * Given a numeric suffix, convert the value into a number of bits that the
382  * resulting value must be shifted.
383  */
384 static int
385 str2shift(const char *buf, char *reason, size_t len)
386 {
387 	const char *ends = "BKMGTPEZ";
388 	int i;
389 
390 	if (buf[0] == '\0')
391 		return (0);
392 	for (i = 0; i < strlen(ends); i++) {
393 		if (toupper(buf[0]) == ends[i])
394 			break;
395 	}
396 	if (i == strlen(ends)) {
397 		(void) snprintf(reason, len, dgettext(TEXT_DOMAIN, "invalid "
398 		    "numeric suffix '%s'"), buf);
399 		return (-1);
400 	}
401 
402 	/*
403 	 * We want to allow trailing 'b' characters for 'GB' or 'Mb'.  But don't
404 	 * allow 'BB' - that's just weird.
405 	 */
406 	if (buf[1] == '\0' || (toupper(buf[1]) == 'B' && buf[2] == '\0' &&
407 	    toupper(buf[0]) != 'B')) {
408 		return (10*i);
409 	}
410 
411 	(void) snprintf(reason, len, dgettext(TEXT_DOMAIN, "invalid numeric "
412 	    "suffix '%s'"), buf);
413 	return (-1);
414 }
415 
416 /*
417  * Convert a string of the form '100G' into a real number.  Used when setting
418  * properties or creating a volume.  'buf' is used to place an extended error
419  * message for the caller to use.
420  */
421 static int
422 nicestrtonum(const char *value, uint64_t *num, char *buf, size_t buflen)
423 {
424 	char *end;
425 	int shift;
426 
427 	*num = 0;
428 
429 	/* Check to see if this looks like a number.  */
430 	if ((value[0] < '0' || value[0] > '9') && value[0] != '.') {
431 		(void) strlcpy(buf, dgettext(TEXT_DOMAIN,
432 		    "must be a numeric value"), buflen);
433 		return (-1);
434 	}
435 
436 	/* Rely on stroll() to process the numeric portion.  */
437 	errno = 0;
438 	*num = strtoll(value, &end, 10);
439 
440 	/*
441 	 * Check for ERANGE, which indicates that the value is too large to fit
442 	 * in a 64-bit value.
443 	 */
444 	if (errno == ERANGE) {
445 		(void) strlcpy(buf, dgettext(TEXT_DOMAIN,
446 		    "value is too large"), buflen);
447 		return (-1);
448 	}
449 
450 	/*
451 	 * If we have a decimal value, then do the computation with floating
452 	 * point arithmetic.  Otherwise, use standard arithmetic.
453 	 */
454 	if (*end == '.') {
455 		double fval = strtod(value, &end);
456 
457 		if ((shift = str2shift(end, buf, buflen)) == -1)
458 			return (-1);
459 
460 		fval *= pow(2, shift);
461 
462 		if (fval > UINT64_MAX) {
463 			(void) strlcpy(buf, dgettext(TEXT_DOMAIN,
464 			    "value is too large"), buflen);
465 			return (-1);
466 		}
467 
468 		*num = (uint64_t)fval;
469 	} else {
470 		if ((shift = str2shift(end, buf, buflen)) == -1)
471 			return (-1);
472 
473 		/* Check for overflow */
474 		if (shift >= 64 || (*num << shift) >> shift != *num) {
475 			(void) strlcpy(buf, dgettext(TEXT_DOMAIN,
476 			    "value is too large"), buflen);
477 			return (-1);
478 		}
479 
480 		*num <<= shift;
481 	}
482 
483 	return (0);
484 }
485 
486 int
487 zfs_nicestrtonum(const char *str, uint64_t *val)
488 {
489 	char buf[1];
490 
491 	return (nicestrtonum(str, val, buf, sizeof (buf)));
492 }
493 
494 /*
495  * Given a property type and value, verify that the value is appropriate.  Used
496  * by zfs_prop_set() and some libzfs consumers.
497  */
498 int
499 zfs_prop_validate(zfs_prop_t prop, const char *value, uint64_t *intval)
500 {
501 	const char *propname = zfs_prop_to_name(prop);
502 	uint64_t number;
503 	char reason[64];
504 	int i;
505 
506 	/*
507 	 * Check to see if this a read-only property.
508 	 */
509 	if (zfs_prop_readonly(prop)) {
510 		zfs_error(dgettext(TEXT_DOMAIN,
511 		    "cannot set %s property: read-only property"), propname);
512 		return (-1);
513 	}
514 
515 	/* See if the property value is too long */
516 	if (strlen(value) >= ZFS_MAXPROPLEN) {
517 		zfs_error(dgettext(TEXT_DOMAIN,
518 		    "bad %s value '%s': value is too long"), propname,
519 		    value);
520 		return (-1);
521 	}
522 
523 	/* Perform basic checking based on property type */
524 	switch (zfs_prop_get_type(prop)) {
525 	case prop_type_boolean:
526 		if (strcmp(value, "on") == 0) {
527 			number = 1;
528 		} else if (strcmp(value, "off") == 0) {
529 			number = 0;
530 		} else {
531 			zfs_error(dgettext(TEXT_DOMAIN,
532 			    "bad %s value '%s': must be 'on' or 'off'"),
533 			    propname, value);
534 			return (-1);
535 		}
536 		break;
537 
538 	case prop_type_number:
539 		/* treat 'none' as 0 */
540 		if (strcmp(value, "none") == 0) {
541 			number = 0;
542 			break;
543 		}
544 
545 		if (nicestrtonum(value, &number, reason,
546 		    sizeof (reason)) != 0) {
547 			zfs_error(dgettext(TEXT_DOMAIN,
548 			    "bad %s value '%s': %s"), propname, value,
549 			    reason);
550 			return (-1);
551 		}
552 
553 		/* don't allow 0 for quota, use 'none' instead */
554 		if (prop == ZFS_PROP_QUOTA && number == 0 &&
555 		    strcmp(value, "none") != 0) {
556 			zfs_error(dgettext(TEXT_DOMAIN,
557 			    "bad %s value '%s': use '%s=none' to disable"),
558 			    propname, value, propname);
559 			return (-1);
560 		}
561 
562 		/* must be power of two within SPA_{MIN,MAX}BLOCKSIZE */
563 		if (prop == ZFS_PROP_RECORDSIZE ||
564 		    prop == ZFS_PROP_VOLBLOCKSIZE) {
565 			if (number < SPA_MINBLOCKSIZE ||
566 			    number > SPA_MAXBLOCKSIZE || !ISP2(number)) {
567 				zfs_error(dgettext(TEXT_DOMAIN,
568 				    "bad %s value '%s': "
569 				    "must be power of 2 from %u to %uk"),
570 				    propname, value,
571 				    (uint_t)SPA_MINBLOCKSIZE,
572 				    (uint_t)SPA_MAXBLOCKSIZE >> 10);
573 				return (-1);
574 			}
575 		}
576 
577 		break;
578 
579 	case prop_type_string:
580 	case prop_type_index:
581 		/*
582 		 * The two writable string values, 'mountpoint' and
583 		 * 'checksum' need special consideration.  The 'index' types are
584 		 * specified as strings by the user, but passed to the kernel as
585 		 * integers.
586 		 */
587 		switch (prop) {
588 		case ZFS_PROP_MOUNTPOINT:
589 			if (strcmp(value, ZFS_MOUNTPOINT_NONE) == 0 ||
590 			    strcmp(value, ZFS_MOUNTPOINT_LEGACY) == 0)
591 				break;
592 
593 			if (value[0] != '/') {
594 				zfs_error(dgettext(TEXT_DOMAIN,
595 				    "bad %s value '%s': must be an absolute "
596 				    "path, 'none', or 'legacy'"),
597 				    propname, value);
598 				return (-1);
599 			}
600 			break;
601 
602 		case ZFS_PROP_CHECKSUM:
603 			for (i = 0; checksum_table[i].name != NULL; i++) {
604 				if (strcmp(value, checksum_table[i].name)
605 				    == 0) {
606 					number = checksum_table[i].value;
607 					break;
608 				}
609 			}
610 
611 			if (checksum_table[i].name == NULL) {
612 				zfs_error(dgettext(TEXT_DOMAIN,
613 				    "bad %s value '%s': must be 'on', 'off', "
614 				    "'fletcher2', 'fletcher4', or 'sha256'"),
615 				    propname, value);
616 				return (-1);
617 			}
618 			break;
619 
620 		case ZFS_PROP_COMPRESSION:
621 			for (i = 0; compress_table[i].name != NULL; i++) {
622 				if (strcmp(value, compress_table[i].name)
623 				    == 0) {
624 					number = compress_table[i].value;
625 					break;
626 				}
627 			}
628 
629 			if (compress_table[i].name == NULL) {
630 				zfs_error(dgettext(TEXT_DOMAIN,
631 				    "bad %s value '%s': must be 'on', 'off', "
632 				    "or 'lzjb'"),
633 				    propname, value);
634 				return (-1);
635 			}
636 			break;
637 
638 		case ZFS_PROP_SNAPDIR:
639 			for (i = 0; snapdir_table[i].name != NULL; i++) {
640 				if (strcmp(value, snapdir_table[i].name) == 0) {
641 					number = snapdir_table[i].value;
642 					break;
643 				}
644 			}
645 
646 			if (snapdir_table[i].name == NULL) {
647 				zfs_error(dgettext(TEXT_DOMAIN,
648 				    "bad %s value '%s': must be 'hidden' "
649 				    "or 'visible'"),
650 				    propname, value);
651 				return (-1);
652 			}
653 			break;
654 
655 		case ZFS_PROP_ACLMODE:
656 			for (i = 0; acl_mode_table[i].name != NULL; i++) {
657 				if (strcmp(value, acl_mode_table[i].name)
658 				    == 0) {
659 					number = acl_mode_table[i].value;
660 					break;
661 				}
662 			}
663 
664 			if (acl_mode_table[i].name == NULL) {
665 				zfs_error(dgettext(TEXT_DOMAIN,
666 				    "bad %s value '%s': must be 'discard', "
667 				    "'groupmask' or 'passthrough'"),
668 				    propname, value);
669 				return (-1);
670 			}
671 			break;
672 
673 		case ZFS_PROP_ACLINHERIT:
674 			for (i = 0; acl_inherit_table[i].name != NULL; i++) {
675 				if (strcmp(value, acl_inherit_table[i].name)
676 				    == 0) {
677 					number = acl_inherit_table[i].value;
678 					break;
679 				}
680 			}
681 
682 			if (acl_inherit_table[i].name == NULL) {
683 				zfs_error(dgettext(TEXT_DOMAIN,
684 				    "bad %s value '%s': must be 'discard', "
685 				    "'noallow', 'secure' or 'passthrough'"),
686 				    propname, value);
687 				return (-1);
688 			}
689 			break;
690 
691 		case ZFS_PROP_SHARENFS:
692 			/*
693 			 * Nothing to do for 'sharenfs', this gets passed on to
694 			 * share(1M) verbatim.
695 			 */
696 			break;
697 		}
698 	}
699 
700 	if (intval != NULL)
701 		*intval = number;
702 
703 	return (0);
704 }
705 
706 /*
707  * Given a property name and value, set the property for the given dataset.
708  */
709 int
710 zfs_prop_set(zfs_handle_t *zhp, zfs_prop_t prop, const char *propval)
711 {
712 	const char *propname = zfs_prop_to_name(prop);
713 	uint64_t number;
714 	zfs_cmd_t zc = { 0 };
715 	int ret;
716 	prop_changelist_t *cl;
717 
718 	if (zfs_prop_validate(prop, propval, &number) != 0)
719 		return (-1);
720 
721 	/*
722 	 * Check to see if the value applies to this type
723 	 */
724 	if (!zfs_prop_valid_for_type(prop, zhp->zfs_type)) {
725 		zfs_error(dgettext(TEXT_DOMAIN,
726 		    "cannot set %s for '%s': property does not apply to %ss"),
727 		    propname, zhp->zfs_name, zfs_type_to_name(zhp->zfs_type));
728 		return (-1);
729 	}
730 
731 	/*
732 	 * For the mountpoint and sharenfs properties, check if it can be set
733 	 * in a global/non-global zone based on the zoned property value:
734 	 *
735 	 *		global zone	    non-global zone
736 	 * -----------------------------------------------------
737 	 * zoned=on	mountpoint (no)	    mountpoint (yes)
738 	 *		sharenfs (no)	    sharenfs (no)
739 	 *
740 	 * zoned=off	mountpoint (yes)	N/A
741 	 *		sharenfs (yes)
742 	 */
743 	if (prop == ZFS_PROP_MOUNTPOINT || prop == ZFS_PROP_SHARENFS) {
744 		if (zfs_prop_get_int(zhp, ZFS_PROP_ZONED)) {
745 			if (getzoneid() == GLOBAL_ZONEID) {
746 				zfs_error(dgettext(TEXT_DOMAIN,
747 				    "cannot set %s for '%s': "
748 				    "dataset is used in a non-global zone"),
749 				    propname, zhp->zfs_name);
750 				return (-1);
751 			} else if (prop == ZFS_PROP_SHARENFS) {
752 				zfs_error(dgettext(TEXT_DOMAIN,
753 				    "cannot set %s for '%s': filesystems "
754 				    "cannot be shared in a non-global zone"),
755 				    propname, zhp->zfs_name);
756 				return (-1);
757 			}
758 		} else if (getzoneid() != GLOBAL_ZONEID) {
759 			/*
760 			 * If zoned property is 'off', this must be in
761 			 * a globle zone. If not, something is wrong.
762 			 */
763 			zfs_error(dgettext(TEXT_DOMAIN,
764 			    "cannot set %s for '%s': dataset is "
765 			    "used in a non-global zone, but 'zoned' "
766 			    "property is not set"),
767 			    propname, zhp->zfs_name);
768 			return (-1);
769 		}
770 	}
771 
772 	if ((cl = changelist_gather(zhp, prop, 0)) == NULL)
773 		return (-1);
774 
775 	if (prop == ZFS_PROP_MOUNTPOINT && changelist_haszonedchild(cl)) {
776 		zfs_error(dgettext(TEXT_DOMAIN, "cannot set %s for '%s', "
777 			"child dataset with inherited mountpoint is used "
778 			"in a non-global zone"),
779 			propname, zhp->zfs_name);
780 		ret = -1;
781 		goto error;
782 	}
783 
784 	if ((ret = changelist_prefix(cl)) != 0)
785 		goto error;
786 
787 	/*
788 	 * Execute the corresponding ioctl() to set this property.
789 	 */
790 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
791 
792 	switch (prop) {
793 	case ZFS_PROP_QUOTA:
794 		zc.zc_cookie = number;
795 		ret = ioctl(zfs_fd, ZFS_IOC_SET_QUOTA, &zc);
796 		break;
797 	case ZFS_PROP_RESERVATION:
798 		zc.zc_cookie = number;
799 		ret = ioctl(zfs_fd, ZFS_IOC_SET_RESERVATION, &zc);
800 		break;
801 	case ZFS_PROP_MOUNTPOINT:
802 	case ZFS_PROP_SHARENFS:
803 		/*
804 		 * These properties are passed down as real strings.
805 		 */
806 		(void) strlcpy(zc.zc_prop_name, propname,
807 		    sizeof (zc.zc_prop_name));
808 		(void) strlcpy(zc.zc_prop_value, propval,
809 		    sizeof (zc.zc_prop_value));
810 		zc.zc_intsz = 1;
811 		zc.zc_numints = strlen(propval) + 1;
812 		ret = ioctl(zfs_fd, ZFS_IOC_SET_PROP, &zc);
813 		break;
814 	case ZFS_PROP_VOLSIZE:
815 		zc.zc_volsize = number;
816 		ret = ioctl(zfs_fd, ZFS_IOC_SET_VOLSIZE, &zc);
817 		break;
818 	case ZFS_PROP_VOLBLOCKSIZE:
819 		zc.zc_volblocksize = number;
820 		ret = ioctl(zfs_fd, ZFS_IOC_SET_VOLBLOCKSIZE, &zc);
821 		break;
822 	default:
823 		(void) strlcpy(zc.zc_prop_name, propname,
824 		    sizeof (zc.zc_prop_name));
825 		/* LINTED - alignment */
826 		*(uint64_t *)zc.zc_prop_value = number;
827 		zc.zc_intsz = 8;
828 		zc.zc_numints = 1;
829 		ret = ioctl(zfs_fd, ZFS_IOC_SET_PROP, &zc);
830 		break;
831 	}
832 
833 	if (ret != 0) {
834 		switch (errno) {
835 
836 		case EPERM:
837 			zfs_error(dgettext(TEXT_DOMAIN,
838 			    "cannot set %s for '%s': permission "
839 			    "denied"), propname, zhp->zfs_name);
840 			break;
841 
842 		case ENOENT:
843 			zfs_error(dgettext(TEXT_DOMAIN,
844 			    "cannot open '%s': no such %s"), zhp->zfs_name,
845 			    zfs_type_to_name(zhp->zfs_type));
846 			break;
847 
848 		case ENOSPC:
849 			/*
850 			 * For quotas and reservations, ENOSPC indicates
851 			 * something different; setting a quota or reservation
852 			 * doesn't use any disk space.
853 			 */
854 			switch (prop) {
855 			case ZFS_PROP_QUOTA:
856 				zfs_error(dgettext(TEXT_DOMAIN, "cannot set %s "
857 				    "for '%s': size is less than current "
858 				    "used or reserved space"), propname,
859 				    zhp->zfs_name);
860 				break;
861 
862 			case ZFS_PROP_RESERVATION:
863 				zfs_error(dgettext(TEXT_DOMAIN, "cannot set %s "
864 				    "for '%s': size is greater than available "
865 				    "space"), propname, zhp->zfs_name);
866 				break;
867 
868 			default:
869 				zfs_error(dgettext(TEXT_DOMAIN,
870 				    "cannot set %s for '%s': out of space"),
871 				    propname, zhp->zfs_name);
872 				break;
873 			}
874 			break;
875 
876 		case EBUSY:
877 			if (prop == ZFS_PROP_VOLBLOCKSIZE) {
878 				zfs_error(dgettext(TEXT_DOMAIN,
879 				    "cannot set %s for '%s': "
880 				    "volume already contains data"),
881 				    propname, zhp->zfs_name);
882 			} else {
883 				zfs_baderror(errno);
884 			}
885 			break;
886 
887 		case EROFS:
888 			zfs_error(dgettext(TEXT_DOMAIN, "cannot set %s for "
889 			    "'%s': read only %s"), propname, zhp->zfs_name,
890 			    zfs_type_to_name(zhp->zfs_type));
891 			break;
892 
893 		case EOVERFLOW:
894 			/*
895 			 * This platform can't address a volume this big.
896 			 */
897 #ifdef _ILP32
898 			if (prop == ZFS_PROP_VOLSIZE) {
899 				zfs_error(dgettext(TEXT_DOMAIN,
900 				    "cannot set %s for '%s': "
901 				    "max volume size is 1TB on 32-bit systems"),
902 				    propname, zhp->zfs_name);
903 				break;
904 			}
905 #endif
906 			zfs_baderror(errno);
907 		default:
908 			zfs_baderror(errno);
909 		}
910 	} else {
911 		/*
912 		 * Refresh the statistics so the new property value
913 		 * is reflected.
914 		 */
915 		if ((ret = changelist_postfix(cl)) != 0)
916 			goto error;
917 
918 		(void) get_stats(zhp);
919 	}
920 
921 error:
922 	changelist_free(cl);
923 	return (ret);
924 }
925 
926 /*
927  * Given a property, inherit the value from the parent dataset.
928  */
929 int
930 zfs_prop_inherit(zfs_handle_t *zhp, zfs_prop_t prop)
931 {
932 	const char *propname = zfs_prop_to_name(prop);
933 	zfs_cmd_t zc = { 0 };
934 	int ret;
935 	prop_changelist_t *cl;
936 
937 	/*
938 	 * Verify that this property is inheritable.
939 	 */
940 	if (zfs_prop_readonly(prop)) {
941 		zfs_error(dgettext(TEXT_DOMAIN,
942 		    "cannot inherit %s for '%s': property is read-only"),
943 		    propname, zhp->zfs_name);
944 		return (-1);
945 	}
946 
947 	if (!zfs_prop_inheritable(prop)) {
948 		zfs_error(dgettext(TEXT_DOMAIN,
949 		    "cannot inherit %s for '%s': property is not inheritable"),
950 		    propname, zhp->zfs_name);
951 		return (-1);
952 	}
953 
954 	/*
955 	 * Check to see if the value applies to this type
956 	 */
957 	if (!zfs_prop_valid_for_type(prop, zhp->zfs_type)) {
958 		zfs_error(dgettext(TEXT_DOMAIN,
959 		    "cannot inherit %s for '%s': property does "
960 		    "not apply to %ss"), propname, zhp->zfs_name,
961 		    zfs_type_to_name(zhp->zfs_type));
962 		return (-1);
963 	}
964 
965 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
966 	(void) strlcpy(zc.zc_prop_name, propname, sizeof (zc.zc_prop_name));
967 
968 	if (prop == ZFS_PROP_MOUNTPOINT && getzoneid() == GLOBAL_ZONEID &&
969 	    zfs_prop_get_int(zhp, ZFS_PROP_ZONED)) {
970 		zfs_error(dgettext(TEXT_DOMAIN, "cannot inherit %s for '%s', "
971 		    "dataset is used in a non-global zone"), propname,
972 		    zhp->zfs_name);
973 		return (-1);
974 	}
975 
976 	/*
977 	 * Determine datasets which will be affected by this change, if any.
978 	 */
979 	if ((cl = changelist_gather(zhp, prop, 0)) == NULL)
980 		return (-1);
981 
982 	if (prop == ZFS_PROP_MOUNTPOINT && changelist_haszonedchild(cl)) {
983 		zfs_error(dgettext(TEXT_DOMAIN, "cannot inherit %s for '%s', "
984 			"child dataset with inherited mountpoint is "
985 			"used in a non-global zone"),
986 			propname, zhp->zfs_name);
987 		ret = -1;
988 		goto error;
989 	}
990 
991 	if ((ret = changelist_prefix(cl)) != 0)
992 		goto error;
993 
994 	zc.zc_numints = 0;
995 
996 	if ((ret = ioctl(zfs_fd, ZFS_IOC_SET_PROP, &zc)) != 0) {
997 		switch (errno) {
998 		case EPERM:
999 			zfs_error(dgettext(TEXT_DOMAIN,
1000 			    "cannot inherit %s for '%s': permission "
1001 			    "denied"), propname, zhp->zfs_name);
1002 			break;
1003 		case ENOENT:
1004 			zfs_error(dgettext(TEXT_DOMAIN,
1005 			    "cannot open '%s': no such %s"), zhp->zfs_name,
1006 			    zfs_type_to_name(zhp->zfs_type));
1007 			break;
1008 		case ENOSPC:
1009 			zfs_error(dgettext(TEXT_DOMAIN,
1010 			    "cannot inherit %s for '%s': "
1011 			    "out of space"), propname, zhp->zfs_name);
1012 			break;
1013 		default:
1014 			zfs_baderror(errno);
1015 		}
1016 
1017 	} else {
1018 
1019 		if ((ret = changelist_postfix(cl)) != 0)
1020 			goto error;
1021 
1022 		/*
1023 		 * Refresh the statistics so the new property is reflected.
1024 		 */
1025 		(void) get_stats(zhp);
1026 	}
1027 
1028 
1029 error:
1030 	changelist_free(cl);
1031 	return (ret);
1032 }
1033 
1034 static void
1035 nicebool(int value, char *buf, size_t buflen)
1036 {
1037 	if (value)
1038 		(void) strlcpy(buf, "on", buflen);
1039 	else
1040 		(void) strlcpy(buf, "off", buflen);
1041 }
1042 
1043 /*
1044  * Internal function for getting a numeric property.  Both zfs_prop_get() and
1045  * zfs_prop_get_int() are built using this interface.
1046  *
1047  * Certain properties can be overridden using 'mount -o'.  In this case, scan
1048  * the contents of the /etc/mnttab entry, searching for the appropriate options.
1049  * If they differ from the on-disk values, report the current values and mark
1050  * the source "temporary".
1051  */
1052 static uint64_t
1053 get_numeric_property(zfs_handle_t *zhp, zfs_prop_t prop, zfs_source_t *src,
1054     char **source)
1055 {
1056 	uint64_t val;
1057 	struct mnttab mnt;
1058 
1059 	*source = NULL;
1060 
1061 	if (zhp->zfs_mntopts == NULL)
1062 		mnt.mnt_mntopts = "";
1063 	else
1064 		mnt.mnt_mntopts = zhp->zfs_mntopts;
1065 
1066 	switch (prop) {
1067 	case ZFS_PROP_ATIME:
1068 		*source = zhp->zfs_zplstats.zs_atime_setpoint;
1069 		val = zhp->zfs_zplstats.zs_devices;
1070 
1071 		if (hasmntopt(&mnt, MNTOPT_ATIME) && !val) {
1072 			val = TRUE;
1073 			if (src)
1074 				*src = ZFS_SRC_TEMPORARY;
1075 		} else if (hasmntopt(&mnt, MNTOPT_NOATIME) && val) {
1076 			val = FALSE;
1077 			if (src)
1078 				*src = ZFS_SRC_TEMPORARY;
1079 		}
1080 		return (zhp->zfs_zplstats.zs_atime);
1081 
1082 	case ZFS_PROP_AVAILABLE:
1083 		return (zhp->zfs_dmustats.dds_available);
1084 
1085 	case ZFS_PROP_DEVICES:
1086 		*source = zhp->zfs_zplstats.zs_devices_setpoint;
1087 		val = zhp->zfs_zplstats.zs_devices;
1088 
1089 		if (hasmntopt(&mnt, MNTOPT_DEVICES) && !val) {
1090 			val = TRUE;
1091 			if (src)
1092 				*src = ZFS_SRC_TEMPORARY;
1093 		} else if (hasmntopt(&mnt, MNTOPT_NODEVICES) && val) {
1094 			val = FALSE;
1095 			if (src)
1096 				*src = ZFS_SRC_TEMPORARY;
1097 		}
1098 		return (val);
1099 
1100 	case ZFS_PROP_EXEC:
1101 		*source = zhp->zfs_zplstats.zs_exec_setpoint;
1102 		val = zhp->zfs_zplstats.zs_exec;
1103 
1104 		if (hasmntopt(&mnt, MNTOPT_EXEC) && !val) {
1105 			val = TRUE;
1106 			if (src)
1107 				*src = ZFS_SRC_TEMPORARY;
1108 		} else if (hasmntopt(&mnt, MNTOPT_NOEXEC) && val) {
1109 			val = FALSE;
1110 			if (src)
1111 				*src = ZFS_SRC_TEMPORARY;
1112 		}
1113 		return (val);
1114 
1115 	case ZFS_PROP_RECORDSIZE:
1116 		*source = zhp->zfs_zplstats.zs_recordsize_setpoint;
1117 		return (zhp->zfs_zplstats.zs_recordsize);
1118 
1119 	case ZFS_PROP_COMPRESSION:
1120 		*source = zhp->zfs_dmustats.dds_compression_setpoint;
1121 		return (zhp->zfs_dmustats.dds_compression);
1122 
1123 	case ZFS_PROP_READONLY:
1124 		*source = zhp->zfs_zplstats.zs_readonly_setpoint;
1125 		val = zhp->zfs_zplstats.zs_readonly;
1126 
1127 		if (hasmntopt(&mnt, MNTOPT_RO) && !val) {
1128 			val = TRUE;
1129 			if (src)
1130 				*src = ZFS_SRC_TEMPORARY;
1131 		} else if (hasmntopt(&mnt, MNTOPT_RW) && val) {
1132 			val = FALSE;
1133 			if (src)
1134 				*src = ZFS_SRC_TEMPORARY;
1135 		}
1136 		return (val);
1137 
1138 	case ZFS_PROP_QUOTA:
1139 		if (zhp->zfs_dmustats.dds_quota == 0)
1140 			*source = "";	/* default */
1141 		else
1142 			*source = zhp->zfs_name;
1143 		return (zhp->zfs_dmustats.dds_quota);
1144 
1145 	case ZFS_PROP_RESERVATION:
1146 		if (zhp->zfs_dmustats.dds_reserved == 0)
1147 			*source = "";	/* default */
1148 		else
1149 			*source = zhp->zfs_name;
1150 		return (zhp->zfs_dmustats.dds_reserved);
1151 
1152 	case ZFS_PROP_COMPRESSRATIO:
1153 		/*
1154 		 * Using physical space and logical space, calculate the
1155 		 * compression ratio.  We return the number as a multiple of
1156 		 * 100, so '2.5x' would be returned as 250.
1157 		 */
1158 		if (zhp->zfs_dmustats.dds_compressed_bytes == 0)
1159 			return (100ULL);
1160 		else
1161 			return (zhp->zfs_dmustats.dds_uncompressed_bytes * 100 /
1162 			    zhp->zfs_dmustats.dds_compressed_bytes);
1163 
1164 	case ZFS_PROP_REFERENCED:
1165 		/*
1166 		 * 'referenced' refers to the amount of physical space
1167 		 * referenced (possibly shared) by this object.
1168 		 */
1169 		return (zhp->zfs_dmustats.dds_space_refd);
1170 
1171 	case ZFS_PROP_SETUID:
1172 		*source = zhp->zfs_zplstats.zs_setuid_setpoint;
1173 		val = zhp->zfs_zplstats.zs_setuid;
1174 
1175 		if (hasmntopt(&mnt, MNTOPT_SETUID) && !val) {
1176 			val = TRUE;
1177 			if (src)
1178 				*src = ZFS_SRC_TEMPORARY;
1179 		} else if (hasmntopt(&mnt, MNTOPT_NOSETUID) && val) {
1180 			val = FALSE;
1181 			if (src)
1182 				*src = ZFS_SRC_TEMPORARY;
1183 		}
1184 		return (val);
1185 
1186 	case ZFS_PROP_VOLSIZE:
1187 		return (zhp->zfs_volsize);
1188 
1189 	case ZFS_PROP_VOLBLOCKSIZE:
1190 		return (zhp->zfs_volblocksize);
1191 
1192 	case ZFS_PROP_ZONED:
1193 		*source = zhp->zfs_dmustats.dds_zoned_setpoint;
1194 		return (zhp->zfs_dmustats.dds_zoned);
1195 
1196 	case ZFS_PROP_USED:
1197 		return (zhp->zfs_dmustats.dds_space_used);
1198 
1199 	case ZFS_PROP_CREATETXG:
1200 		return (zhp->zfs_dmustats.dds_creation_txg);
1201 
1202 	case ZFS_PROP_MOUNTED:
1203 		/*
1204 		 * Unlike other properties, we defer calculation of 'MOUNTED'
1205 		 * until actually requested.  This is because the getmntany()
1206 		 * call can be extremely expensive on systems with a large
1207 		 * number of filesystems, and the property isn't needed in
1208 		 * normal use cases.
1209 		 */
1210 		if (zhp->zfs_mntopts == NULL) {
1211 			struct mnttab search = { 0 }, entry;
1212 
1213 			search.mnt_special = (char *)zhp->zfs_name;
1214 			rewind(mnttab_file);
1215 
1216 			if (getmntany(mnttab_file, &entry, &search) == 0)
1217 				zhp->zfs_mntopts =
1218 				    zfs_strdup(entry.mnt_mntopts);
1219 		}
1220 		return (zhp->zfs_mntopts != NULL);
1221 
1222 	default:
1223 		zfs_baderror(EINVAL);
1224 	}
1225 
1226 	return (0);
1227 }
1228 
1229 /*
1230  * Calculate the source type, given the raw source string.
1231  */
1232 static void
1233 get_source(zfs_handle_t *zhp, zfs_source_t *srctype, char *source,
1234     char *statbuf, size_t statlen)
1235 {
1236 	if (statbuf == NULL || *srctype == ZFS_SRC_TEMPORARY)
1237 		return;
1238 
1239 	if (source == NULL) {
1240 		*srctype = ZFS_SRC_NONE;
1241 	} else if (source[0] == '\0') {
1242 		*srctype = ZFS_SRC_DEFAULT;
1243 	} else {
1244 		if (strcmp(source, zhp->zfs_name) == 0) {
1245 			*srctype = ZFS_SRC_LOCAL;
1246 		} else {
1247 			(void) strlcpy(statbuf, source, statlen);
1248 			*srctype = ZFS_SRC_INHERITED;
1249 		}
1250 	}
1251 
1252 }
1253 
1254 /*
1255  * Retrieve a property from the given object.  If 'literal' is specified, then
1256  * numbers are left as exact values.  Otherwise, numbers are converted to a
1257  * human-readable form.
1258  *
1259  * Returns 0 on success, or -1 on error.
1260  */
1261 int
1262 zfs_prop_get(zfs_handle_t *zhp, zfs_prop_t prop, char *propbuf, size_t proplen,
1263     zfs_source_t *src, char *statbuf, size_t statlen, int literal)
1264 {
1265 	char *source = NULL;
1266 	uint64_t val;
1267 	char *str;
1268 	int i;
1269 	const char *root;
1270 
1271 	/*
1272 	 * Check to see if this property applies to our object
1273 	 */
1274 	if (!zfs_prop_valid_for_type(prop, zhp->zfs_type))
1275 		return (-1);
1276 
1277 	if (src)
1278 		*src = ZFS_SRC_NONE;
1279 
1280 	switch (prop) {
1281 	case ZFS_PROP_ATIME:
1282 	case ZFS_PROP_READONLY:
1283 	case ZFS_PROP_SETUID:
1284 	case ZFS_PROP_ZONED:
1285 	case ZFS_PROP_DEVICES:
1286 	case ZFS_PROP_EXEC:
1287 		/*
1288 		 * Basic boolean values are built on top of
1289 		 * get_numeric_property().
1290 		 */
1291 		nicebool(get_numeric_property(zhp, prop, src, &source),
1292 		    propbuf, proplen);
1293 
1294 		break;
1295 
1296 	case ZFS_PROP_AVAILABLE:
1297 	case ZFS_PROP_RECORDSIZE:
1298 	case ZFS_PROP_CREATETXG:
1299 	case ZFS_PROP_REFERENCED:
1300 	case ZFS_PROP_USED:
1301 	case ZFS_PROP_VOLSIZE:
1302 	case ZFS_PROP_VOLBLOCKSIZE:
1303 		/*
1304 		 * Basic numeric values are built on top of
1305 		 * get_numeric_property().
1306 		 */
1307 		val = get_numeric_property(zhp, prop, src, &source);
1308 		if (literal)
1309 			(void) snprintf(propbuf, proplen, "%llu", val);
1310 		else
1311 			zfs_nicenum(val, propbuf, proplen);
1312 		break;
1313 
1314 	case ZFS_PROP_COMPRESSION:
1315 		for (i = 0; compress_table[i].name != NULL; i++) {
1316 			if (compress_table[i].value ==
1317 			    zhp->zfs_dmustats.dds_compression)
1318 				break;
1319 		}
1320 		assert(compress_table[i].name != NULL);
1321 		(void) strlcpy(propbuf, compress_table[i].name, proplen);
1322 		source = zhp->zfs_dmustats.dds_compression_setpoint;
1323 		break;
1324 
1325 	case ZFS_PROP_CHECKSUM:
1326 		for (i = 0; checksum_table[i].name != NULL; i++) {
1327 			if (checksum_table[i].value ==
1328 			    zhp->zfs_dmustats.dds_checksum)
1329 				break;
1330 		}
1331 		assert(checksum_table[i].name != NULL);
1332 		(void) strlcpy(propbuf, checksum_table[i].name, proplen);
1333 		source = zhp->zfs_dmustats.dds_checksum_setpoint;
1334 		break;
1335 
1336 	case ZFS_PROP_SNAPDIR:
1337 		for (i = 0; snapdir_table[i].name != NULL; i++) {
1338 			if (snapdir_table[i].value ==
1339 			    zhp->zfs_zplstats.zs_snapdir)
1340 				break;
1341 		}
1342 		assert(snapdir_table[i].name != NULL);
1343 		(void) strlcpy(propbuf, snapdir_table[i].name, proplen);
1344 		source = zhp->zfs_zplstats.zs_snapdir_setpoint;
1345 		break;
1346 
1347 	case ZFS_PROP_ACLMODE:
1348 		for (i = 0; acl_mode_table[i].name != NULL; i++) {
1349 			if (acl_mode_table[i].value ==
1350 			    zhp->zfs_zplstats.zs_acl_mode)
1351 				break;
1352 		}
1353 		assert(acl_mode_table[i].name != NULL);
1354 		(void) strlcpy(propbuf, acl_mode_table[i].name, proplen);
1355 		source = zhp->zfs_zplstats.zs_acl_mode_setpoint;
1356 		break;
1357 
1358 	case ZFS_PROP_ACLINHERIT:
1359 		for (i = 0; acl_inherit_table[i].name != NULL; i++) {
1360 			if (acl_inherit_table[i].value ==
1361 			    zhp->zfs_zplstats.zs_acl_inherit)
1362 				break;
1363 		}
1364 		assert(acl_inherit_table[i].name != NULL);
1365 		(void) strlcpy(propbuf, acl_inherit_table[i].name, proplen);
1366 		source = zhp->zfs_zplstats.zs_acl_inherit_setpoint;
1367 		break;
1368 
1369 	case ZFS_PROP_CREATION:
1370 		/*
1371 		 * 'creation' is a time_t stored in the statistics.  We convert
1372 		 * this into a string unless 'literal' is specified.
1373 		 */
1374 		{
1375 			time_t time = (time_t)
1376 			    zhp->zfs_dmustats.dds_creation_time;
1377 			struct tm t;
1378 
1379 			if (literal ||
1380 			    localtime_r(&time, &t) == NULL ||
1381 			    strftime(propbuf, proplen, "%a %b %e %k:%M %Y",
1382 			    &t) == 0)
1383 				(void) snprintf(propbuf, proplen, "%llu",
1384 				    zhp->zfs_dmustats.dds_creation_time);
1385 		}
1386 		break;
1387 
1388 	case ZFS_PROP_MOUNTPOINT:
1389 		/*
1390 		 * Getting the precise mountpoint can be tricky.
1391 		 *
1392 		 *  - for 'none' or 'legacy', return those values.
1393 		 *  - for default mountpoints, construct it as /zfs/<dataset>
1394 		 *  - for inherited mountpoints, we want to take everything
1395 		 *    after our ancestor and append it to the inherited value.
1396 		 *
1397 		 * If the pool has an alternate root, we want to prepend that
1398 		 * root to any values we return.
1399 		 */
1400 		root = zhp->zfs_dmustats.dds_altroot;
1401 
1402 		if (zhp->zfs_zplstats.zs_mountpoint[0] == '\0') {
1403 			(void) snprintf(propbuf, proplen, "%s/zfs/%s",
1404 			    root, zhp->zfs_name);
1405 		} else if (zhp->zfs_zplstats.zs_mountpoint[0] == '/') {
1406 			const char *relpath = zhp->zfs_name +
1407 			    strlen(zhp->zfs_zplstats.zs_mountpoint_setpoint);
1408 			const char *mntpoint = zhp->zfs_zplstats.zs_mountpoint;
1409 
1410 			if (relpath[0] == '/')
1411 				relpath++;
1412 			if (mntpoint[1] == '\0')
1413 				mntpoint++;
1414 
1415 			if (relpath[0] == '\0')
1416 				(void) snprintf(propbuf, proplen, "%s%s",
1417 				    root, mntpoint);
1418 			else
1419 				(void) snprintf(propbuf, proplen, "%s%s%s%s",
1420 				    root, mntpoint,
1421 				    relpath[0] == '@' ? "" : "/",
1422 				    relpath);
1423 		} else {
1424 			/* 'legacy' or 'none' */
1425 			(void) strlcpy(propbuf, zhp->zfs_zplstats.zs_mountpoint,
1426 			    proplen);
1427 		}
1428 
1429 		source = zhp->zfs_zplstats.zs_mountpoint_setpoint;
1430 		break;
1431 
1432 	case ZFS_PROP_SHARENFS:
1433 		(void) strlcpy(propbuf, zhp->zfs_zplstats.zs_sharenfs, proplen);
1434 		source = zhp->zfs_zplstats.zs_sharenfs_setpoint;
1435 		break;
1436 
1437 	case ZFS_PROP_ORIGIN:
1438 		(void) strlcpy(propbuf, zhp->zfs_dmustats.dds_clone_of,
1439 		    proplen);
1440 		/*
1441 		 * If there is no parent at all, return failure to indicate that
1442 		 * it doesn't apply to this dataset.
1443 		 */
1444 		if (propbuf[0] == '\0')
1445 			return (-1);
1446 		break;
1447 
1448 	case ZFS_PROP_QUOTA:
1449 	case ZFS_PROP_RESERVATION:
1450 		val = get_numeric_property(zhp, prop, src, &source);
1451 
1452 		/*
1453 		 * If quota or reservation is 0, we translate this into 'none'
1454 		 * (unless literal is set), and indicate that it's the default
1455 		 * value.  Otherwise, we print the number nicely and indicate
1456 		 * that its set locally.
1457 		 */
1458 		if (val == 0) {
1459 			if (literal)
1460 				(void) strlcpy(propbuf, "0", proplen);
1461 			else
1462 				(void) strlcpy(propbuf, "none", proplen);
1463 		} else {
1464 			if (literal)
1465 				(void) snprintf(propbuf, proplen, "%llu", val);
1466 			else
1467 				zfs_nicenum(val, propbuf, proplen);
1468 		}
1469 		break;
1470 
1471 	case ZFS_PROP_COMPRESSRATIO:
1472 		val = get_numeric_property(zhp, prop, src, &source);
1473 		(void) snprintf(propbuf, proplen, "%lld.%02lldx", val / 100,
1474 		    val % 100);
1475 		break;
1476 
1477 	case ZFS_PROP_TYPE:
1478 		switch (zhp->zfs_type) {
1479 		case ZFS_TYPE_FILESYSTEM:
1480 			str = "filesystem";
1481 			break;
1482 		case ZFS_TYPE_VOLUME:
1483 			str = "volume";
1484 			break;
1485 		case ZFS_TYPE_SNAPSHOT:
1486 			str = "snapshot";
1487 			break;
1488 		default:
1489 			zfs_baderror(zhp->zfs_type);
1490 		}
1491 		(void) snprintf(propbuf, proplen, "%s", str);
1492 		break;
1493 
1494 	case ZFS_PROP_MOUNTED:
1495 		/*
1496 		 * The 'mounted' property is a pseudo-property that described
1497 		 * whether the filesystem is currently mounted.  Even though
1498 		 * it's a boolean value, the typical values of "on" and "off"
1499 		 * don't make sense, so we translate to "yes" and "no".
1500 		 */
1501 		if (get_numeric_property(zhp, ZFS_PROP_MOUNTED, src, &source))
1502 			(void) strlcpy(propbuf, "yes", proplen);
1503 		else
1504 			(void) strlcpy(propbuf, "no", proplen);
1505 		break;
1506 
1507 	case ZFS_PROP_NAME:
1508 		/*
1509 		 * The 'name' property is a pseudo-property derived from the
1510 		 * dataset name.  It is presented as a real property to simplify
1511 		 * consumers.
1512 		 */
1513 		(void) strlcpy(propbuf, zhp->zfs_name, proplen);
1514 		break;
1515 
1516 	default:
1517 		zfs_baderror(EINVAL);
1518 	}
1519 
1520 	get_source(zhp, src, source, statbuf, statlen);
1521 
1522 	return (0);
1523 }
1524 
1525 /*
1526  * Utility function to get the given numeric property.  Does no validation that
1527  * the given property is the appropriate type; should only be used with
1528  * hard-coded property types.
1529  */
1530 uint64_t
1531 zfs_prop_get_int(zfs_handle_t *zhp, zfs_prop_t prop)
1532 {
1533 	char *source;
1534 	zfs_source_t sourcetype = ZFS_SRC_NONE;
1535 
1536 	return (get_numeric_property(zhp, prop, &sourcetype, &source));
1537 }
1538 
1539 /*
1540  * Similar to zfs_prop_get(), but returns the value as an integer.
1541  */
1542 int
1543 zfs_prop_get_numeric(zfs_handle_t *zhp, zfs_prop_t prop, uint64_t *value,
1544     zfs_source_t *src, char *statbuf, size_t statlen)
1545 {
1546 	char *source;
1547 
1548 	/*
1549 	 * Check to see if this property applies to our object
1550 	 */
1551 	if (!zfs_prop_valid_for_type(prop, zhp->zfs_type))
1552 		return (-1);
1553 
1554 	if (src)
1555 		*src = ZFS_SRC_NONE;
1556 
1557 	*value = get_numeric_property(zhp, prop, src, &source);
1558 
1559 	get_source(zhp, src, source, statbuf, statlen);
1560 
1561 	return (0);
1562 }
1563 
1564 /*
1565  * Returns the name of the given zfs handle.
1566  */
1567 const char *
1568 zfs_get_name(const zfs_handle_t *zhp)
1569 {
1570 	return (zhp->zfs_name);
1571 }
1572 
1573 /*
1574  * Returns the type of the given zfs handle.
1575  */
1576 zfs_type_t
1577 zfs_get_type(const zfs_handle_t *zhp)
1578 {
1579 	return (zhp->zfs_type);
1580 }
1581 
1582 /*
1583  * Iterate over all children, datasets and snapshots.
1584  */
1585 int
1586 zfs_iter_children(zfs_handle_t *zhp, zfs_iter_f func, void *data)
1587 {
1588 	zfs_cmd_t zc = { 0 };
1589 	zfs_handle_t *nzhp;
1590 	int ret;
1591 
1592 	for ((void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
1593 	    ioctl(zfs_fd, ZFS_IOC_DATASET_LIST_NEXT, &zc) == 0;
1594 	    (void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name))) {
1595 		/*
1596 		 * Ignore private dataset names.
1597 		 */
1598 		if (dataset_name_hidden(zc.zc_name))
1599 			continue;
1600 
1601 		/*
1602 		 * Silently ignore errors, as the only plausible explanation is
1603 		 * that the pool has since been removed.
1604 		 */
1605 		if ((nzhp = make_dataset_handle(zc.zc_name)) == NULL)
1606 			continue;
1607 
1608 		if ((ret = func(nzhp, data)) != 0)
1609 			return (ret);
1610 	}
1611 
1612 	/*
1613 	 * An errno value of ESRCH indicates normal completion.  If ENOENT is
1614 	 * returned, then the underlying dataset has been removed since we
1615 	 * obtained the handle.
1616 	 */
1617 	if (errno != ESRCH && errno != ENOENT)
1618 		zfs_baderror(errno);
1619 
1620 	bzero(&zc, sizeof (zc));
1621 
1622 	for ((void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
1623 	    ioctl(zfs_fd, ZFS_IOC_SNAPSHOT_LIST_NEXT, &zc) == 0;
1624 	    (void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name))) {
1625 
1626 		if ((nzhp = make_dataset_handle(zc.zc_name)) == NULL)
1627 			continue;
1628 
1629 		if ((ret = func(nzhp, data)) != 0)
1630 			return (ret);
1631 	}
1632 
1633 	/*
1634 	 * An errno value of ESRCH indicates normal completion.  If ENOENT is
1635 	 * returned, then the underlying dataset has been removed since we
1636 	 * obtained the handle.  Silently ignore this case, and return success.
1637 	 */
1638 	if (errno != ESRCH && errno != ENOENT)
1639 		zfs_baderror(errno);
1640 
1641 	return (0);
1642 }
1643 
1644 /*
1645  * Given a complete name, return just the portion that refers to the parent.
1646  * Can return NULL if this is a pool.
1647  */
1648 static int
1649 parent_name(const char *path, char *buf, size_t buflen)
1650 {
1651 	char *loc;
1652 
1653 	if ((loc = strrchr(path, '/')) == NULL)
1654 		return (-1);
1655 
1656 	(void) strncpy(buf, path, MIN(buflen, loc - path));
1657 	buf[loc - path] = '\0';
1658 
1659 	return (0);
1660 }
1661 
1662 /*
1663  * Checks to make sure that the given path has a parent, and that it exists.
1664  */
1665 static int
1666 check_parents(const char *path, zfs_type_t type)
1667 {
1668 	zfs_cmd_t zc = { 0 };
1669 	char parent[ZFS_MAXNAMELEN];
1670 	char *slash;
1671 
1672 	/* get parent, and check to see if this is just a pool */
1673 	if (parent_name(path, parent, sizeof (parent)) != 0) {
1674 		zfs_error(dgettext(TEXT_DOMAIN,
1675 		    "cannot create '%s': missing dataset name"),
1676 		    path, zfs_type_to_name(type));
1677 		zfs_error(dgettext(TEXT_DOMAIN,
1678 		    "use 'zpool create' to create a storage pool"));
1679 		return (-1);
1680 	}
1681 
1682 	/* check to see if the pool exists */
1683 	if ((slash = strchr(parent, '/')) == NULL)
1684 		slash = parent + strlen(parent);
1685 	(void) strncpy(zc.zc_name, parent, slash - parent);
1686 	zc.zc_name[slash - parent] = '\0';
1687 	if (ioctl(zfs_fd, ZFS_IOC_OBJSET_STATS, &zc) != 0 &&
1688 	    errno == ENOENT) {
1689 		zfs_error(dgettext(TEXT_DOMAIN,
1690 		    "cannot create '%s': no such pool '%s'"), path, zc.zc_name);
1691 		return (-1);
1692 	}
1693 
1694 	/* check to see if the parent dataset exists */
1695 	(void) strlcpy(zc.zc_name, parent, sizeof (zc.zc_name));
1696 	if (ioctl(zfs_fd, ZFS_IOC_OBJSET_STATS, &zc) != 0) {
1697 		switch (errno) {
1698 		case ENOENT:
1699 			zfs_error(dgettext(TEXT_DOMAIN,
1700 			    "cannot create '%s': parent does not exist"), path);
1701 			return (-1);
1702 
1703 		default:
1704 			zfs_baderror(errno);
1705 		}
1706 	}
1707 
1708 	/* we are in a non-global zone, but parent is in the global zone */
1709 	if (getzoneid() != GLOBAL_ZONEID && !zc.zc_objset_stats.dds_zoned) {
1710 		zfs_error(dgettext(TEXT_DOMAIN,
1711 		    "cannot create '%s': permission denied"), path);
1712 		return (-1);
1713 	}
1714 
1715 	/* make sure parent is a filesystem */
1716 	if (zc.zc_objset_stats.dds_type != DMU_OST_ZFS) {
1717 		zfs_error(dgettext(TEXT_DOMAIN,
1718 		    "cannot create '%s': parent is not a filesystem"),
1719 		    path);
1720 		return (-1);
1721 	}
1722 
1723 	return (0);
1724 }
1725 
1726 /*
1727  * Create a new filesystem or volume.  'sizestr' and 'blocksizestr' are used
1728  * only for volumes, and indicate the size and blocksize of the volume.
1729  */
1730 int
1731 zfs_create(const char *path, zfs_type_t type,
1732 	const char *sizestr, const char *blocksizestr)
1733 {
1734 	char reason[64];
1735 	zfs_cmd_t zc = { 0 };
1736 	int ret;
1737 	uint64_t size = 0;
1738 	uint64_t blocksize = zfs_prop_default_numeric(ZFS_PROP_VOLBLOCKSIZE);
1739 
1740 	/* convert sizestr into integer size */
1741 	if (sizestr != NULL && nicestrtonum(sizestr, &size,
1742 	    reason, sizeof (reason)) != 0) {
1743 		zfs_error(dgettext(TEXT_DOMAIN,
1744 		    "bad volume size '%s': %s"), sizestr, reason);
1745 		return (-1);
1746 	}
1747 
1748 	/* convert blocksizestr into integer blocksize */
1749 	if (blocksizestr != NULL && nicestrtonum(blocksizestr, &blocksize,
1750 	    reason, sizeof (reason)) != 0) {
1751 		zfs_error(dgettext(TEXT_DOMAIN,
1752 		    "bad volume blocksize '%s': %s"), blocksizestr, reason);
1753 		return (-1);
1754 	}
1755 
1756 	/* validate the path, taking care to note the extended error message */
1757 	if (!zfs_validate_name(path, type, reason, sizeof (reason))) {
1758 		zfs_error(dgettext(TEXT_DOMAIN,
1759 		    "cannot create '%s': %s in %s name"), path, reason,
1760 		    zfs_type_to_name(type));
1761 		if (strstr(reason, "snapshot") != NULL)
1762 			zfs_error(dgettext(TEXT_DOMAIN,
1763 			    "use 'zfs snapshot' to create a snapshot"));
1764 		return (-1);
1765 	}
1766 
1767 	/* validate parents exist */
1768 	if (check_parents(path, type) != 0)
1769 		return (-1);
1770 
1771 	/*
1772 	 * The failure modes when creating a dataset of a different type over
1773 	 * one that already exists is a little strange.  In particular, if you
1774 	 * try to create a dataset on top of an existing dataset, the ioctl()
1775 	 * will return ENOENT, not EEXIST.  To prevent this from happening, we
1776 	 * first try to see if the dataset exists.
1777 	 */
1778 	(void) strlcpy(zc.zc_name, path, sizeof (zc.zc_name));
1779 	if (ioctl(zfs_fd, ZFS_IOC_OBJSET_STATS, &zc) == 0) {
1780 		zfs_error(dgettext(TEXT_DOMAIN,
1781 		    "cannot create '%s': dataset exists"), path);
1782 		return (-1);
1783 	}
1784 
1785 	if (type == ZFS_TYPE_VOLUME)
1786 		zc.zc_objset_type = DMU_OST_ZVOL;
1787 	else
1788 		zc.zc_objset_type = DMU_OST_ZFS;
1789 
1790 	if (type == ZFS_TYPE_VOLUME) {
1791 		/*
1792 		 * If we are creating a volume, the size and block size must
1793 		 * satisfy a few restraints.  First, the blocksize must be a
1794 		 * valid block size between SPA_{MIN,MAX}BLOCKSIZE.  Second, the
1795 		 * volsize must be a multiple of the block size, and cannot be
1796 		 * zero.
1797 		 */
1798 		if (size == 0) {
1799 			zfs_error(dgettext(TEXT_DOMAIN,
1800 			    "bad volume size '%s': cannot be zero"), sizestr);
1801 			return (-1);
1802 		}
1803 
1804 		if (blocksize < SPA_MINBLOCKSIZE ||
1805 		    blocksize > SPA_MAXBLOCKSIZE || !ISP2(blocksize)) {
1806 			zfs_error(dgettext(TEXT_DOMAIN,
1807 			    "bad volume block size '%s': "
1808 			    "must be power of 2 from %u to %uk"),
1809 			    blocksizestr,
1810 			    (uint_t)SPA_MINBLOCKSIZE,
1811 			    (uint_t)SPA_MAXBLOCKSIZE >> 10);
1812 			return (-1);
1813 		}
1814 
1815 		if (size % blocksize != 0) {
1816 			char buf[64];
1817 			zfs_nicenum(blocksize, buf, sizeof (buf));
1818 			zfs_error(dgettext(TEXT_DOMAIN,
1819 			    "bad volume size '%s': "
1820 			    "must be multiple of volume block size (%s)"),
1821 			    sizestr, buf);
1822 			return (-1);
1823 		}
1824 
1825 		zc.zc_volsize = size;
1826 		zc.zc_volblocksize = blocksize;
1827 	}
1828 
1829 	/* create the dataset */
1830 	ret = ioctl(zfs_fd, ZFS_IOC_CREATE, &zc);
1831 
1832 	if (ret == 0 && type == ZFS_TYPE_VOLUME)
1833 		ret = zvol_create_link(path);
1834 
1835 	/* check for failure */
1836 	if (ret != 0) {
1837 		char parent[ZFS_MAXNAMELEN];
1838 		(void) parent_name(path, parent, sizeof (parent));
1839 
1840 		switch (errno) {
1841 		case ENOENT:
1842 			/*
1843 			 * The parent dataset has been deleted since our
1844 			 * previous check.
1845 			 */
1846 			zfs_error(dgettext(TEXT_DOMAIN,
1847 			    "cannot create '%s': no such parent '%s'"),
1848 			    path, parent);
1849 			break;
1850 
1851 		case EPERM:
1852 			/*
1853 			 * The user doesn't have permission to create a new
1854 			 * dataset here.
1855 			 */
1856 			zfs_error(dgettext(TEXT_DOMAIN,
1857 			    "cannot create '%s': permission denied"), path);
1858 			break;
1859 
1860 		case EDQUOT:
1861 		case ENOSPC:
1862 			/*
1863 			 * The parent dataset does not have enough free space
1864 			 * to create a new dataset.
1865 			 */
1866 			zfs_error(dgettext(TEXT_DOMAIN,
1867 			    "cannot create '%s': not enough space in '%s'"),
1868 			    path, parent);
1869 			break;
1870 
1871 		case EEXIST:
1872 			/*
1873 			 * The target dataset already exists.  We should have
1874 			 * caught this above, but there may be some unexplained
1875 			 * race condition.
1876 			 */
1877 			zfs_error(dgettext(TEXT_DOMAIN,
1878 			    "cannot create '%s': dataset exists"), path);
1879 			break;
1880 
1881 		case EINVAL:
1882 			/*
1883 			 * The target dataset does not support children.
1884 			 */
1885 			zfs_error(dgettext(TEXT_DOMAIN,
1886 			    "cannot create '%s': children unsupported in '%s'"),
1887 			    path, parent);
1888 			break;
1889 
1890 		case EDOM:
1891 			zfs_error(dgettext(TEXT_DOMAIN, "bad %s value '%s': "
1892 			    "must be power of 2 from %u to %uk"),
1893 			    zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
1894 			    blocksizestr ? blocksizestr : "<unknown>",
1895 			    (uint_t)SPA_MINBLOCKSIZE,
1896 			    (uint_t)SPA_MAXBLOCKSIZE >> 10);
1897 			break;
1898 #ifdef _ILP32
1899 		case EOVERFLOW:
1900 			/*
1901 			 * This platform can't address a volume this big.
1902 			 */
1903 			if (type == ZFS_TYPE_VOLUME) {
1904 				zfs_error(dgettext(TEXT_DOMAIN,
1905 				    "cannot create '%s': "
1906 				    "max volume size is 1TB on 32-bit systems"),
1907 				    path);
1908 				break;
1909 			}
1910 #endif
1911 
1912 		default:
1913 			zfs_baderror(errno);
1914 		}
1915 
1916 		return (-1);
1917 	}
1918 
1919 	return (0);
1920 }
1921 
1922 /*
1923  * Destroys the given dataset.  The caller must make sure that the filesystem
1924  * isn't mounted, and that there are no active dependents.
1925  */
1926 int
1927 zfs_destroy(zfs_handle_t *zhp)
1928 {
1929 	zfs_cmd_t zc = { 0 };
1930 	int ret;
1931 
1932 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
1933 
1934 	/*
1935 	 * We use the check for 'zfs_volblocksize' instead of ZFS_TYPE_VOLUME
1936 	 * so that we do the right thing for snapshots of volumes.
1937 	 */
1938 	if (zhp->zfs_volblocksize != 0) {
1939 		if (zvol_remove_link(zhp->zfs_name) != 0)
1940 			return (-1);
1941 
1942 		zc.zc_objset_type = DMU_OST_ZVOL;
1943 	} else {
1944 		zc.zc_objset_type = DMU_OST_ZFS;
1945 	}
1946 
1947 	ret = ioctl(zfs_fd, ZFS_IOC_DESTROY, &zc);
1948 
1949 	if (ret != 0) {
1950 		switch (errno) {
1951 
1952 		case EPERM:
1953 			/*
1954 			 * We don't have permission to destroy this dataset.
1955 			 */
1956 			zfs_error(dgettext(TEXT_DOMAIN,
1957 			    "cannot destroy '%s': permission denied"),
1958 			    zhp->zfs_name);
1959 			break;
1960 
1961 		case ENOENT:
1962 			/*
1963 			 * We've hit a race condition where the dataset has been
1964 			 * destroyed since we opened it.
1965 			 */
1966 			zfs_error(dgettext(TEXT_DOMAIN,
1967 			    "cannot destroy '%s': no such %s"),
1968 			    zhp->zfs_name, zfs_type_to_name(zhp->zfs_type));
1969 			break;
1970 
1971 		case EBUSY:
1972 			/*
1973 			 * Even if we destroy all children, there is a chance we
1974 			 * can hit this case if:
1975 			 *
1976 			 * 	- A child dataset has since been created
1977 			 * 	- A filesystem is mounted
1978 			 *
1979 			 * This error message is awful, but hopefully we've
1980 			 * already caught the common cases (and aborted more
1981 			 * appropriately) before calling this function.  There's
1982 			 * nothing else we can do at this point.
1983 			 */
1984 			zfs_error(dgettext(TEXT_DOMAIN,
1985 			    "cannot destroy '%s': %s is busy"),
1986 			    zhp->zfs_name, zfs_type_to_name(zhp->zfs_type));
1987 			break;
1988 
1989 		default:
1990 			zfs_baderror(errno);
1991 		}
1992 
1993 		return (-1);
1994 	}
1995 
1996 	remove_mountpoint(zhp);
1997 
1998 	return (0);
1999 }
2000 
2001 /*
2002  * Clones the given dataset.  The target must be of the same type as the source.
2003  */
2004 int
2005 zfs_clone(zfs_handle_t *zhp, const char *target)
2006 {
2007 	char reason[64];
2008 	zfs_cmd_t zc = { 0 };
2009 	char parent[ZFS_MAXNAMELEN];
2010 	int ret;
2011 
2012 	assert(zhp->zfs_type == ZFS_TYPE_SNAPSHOT);
2013 
2014 	/* validate the target name */
2015 	if (!zfs_validate_name(target, ZFS_TYPE_FILESYSTEM, reason,
2016 	    sizeof (reason))) {
2017 		zfs_error(dgettext(TEXT_DOMAIN,
2018 		    "cannot create '%s': %s in filesystem name"), target,
2019 		    reason, zfs_type_to_name(ZFS_TYPE_FILESYSTEM));
2020 		return (-1);
2021 	}
2022 
2023 	/* validate parents exist */
2024 	if (check_parents(target, zhp->zfs_type) != 0)
2025 		return (-1);
2026 
2027 	(void) parent_name(target, parent, sizeof (parent));
2028 
2029 	/* do the clone */
2030 	if (zhp->zfs_volblocksize != 0)
2031 		zc.zc_objset_type = DMU_OST_ZVOL;
2032 	else
2033 		zc.zc_objset_type = DMU_OST_ZFS;
2034 
2035 	(void) strlcpy(zc.zc_name, target, sizeof (zc.zc_name));
2036 	(void) strlcpy(zc.zc_filename, zhp->zfs_name, sizeof (zc.zc_filename));
2037 	ret = ioctl(zfs_fd, ZFS_IOC_CREATE, &zc);
2038 
2039 	if (ret != 0) {
2040 		switch (errno) {
2041 		case EPERM:
2042 			/*
2043 			 * The user doesn't have permission to create the clone.
2044 			 */
2045 			zfs_error(dgettext(TEXT_DOMAIN,
2046 			    "cannot create '%s': permission denied"),
2047 			    target);
2048 			break;
2049 
2050 		case ENOENT:
2051 			/*
2052 			 * The parent doesn't exist.  We should have caught this
2053 			 * above, but there may a race condition that has since
2054 			 * destroyed the parent.
2055 			 *
2056 			 * At this point, we don't know whether it's the source
2057 			 * that doesn't exist anymore, or whether the target
2058 			 * dataset doesn't exist.
2059 			 */
2060 			zfs_error(dgettext(TEXT_DOMAIN,
2061 			    "cannot create '%s': no such parent '%s'"),
2062 			    target, parent);
2063 			break;
2064 
2065 		case EDQUOT:
2066 		case ENOSPC:
2067 			/*
2068 			 * There is not enough space in the target dataset
2069 			 */
2070 			zfs_error(dgettext(TEXT_DOMAIN,
2071 			    "cannot create '%s': not enough space in '%s'"),
2072 			    target, parent);
2073 			break;
2074 
2075 		case EEXIST:
2076 			/*
2077 			 * The target already exists.
2078 			 */
2079 			zfs_error(dgettext(TEXT_DOMAIN,
2080 			    "cannot create '%s': dataset exists"), target);
2081 			break;
2082 
2083 		case EXDEV:
2084 			/*
2085 			 * The source and target pools differ.
2086 			 */
2087 			zfs_error(dgettext(TEXT_DOMAIN, "cannot create '%s': "
2088 			    "source and target pools differ"), target);
2089 			break;
2090 
2091 		default:
2092 			zfs_baderror(errno);
2093 		}
2094 	} else if (zhp->zfs_volblocksize != 0) {
2095 		ret = zvol_create_link(target);
2096 	}
2097 
2098 	return (ret);
2099 }
2100 
2101 /*
2102  * Takes a snapshot of the given dataset
2103  */
2104 int
2105 zfs_snapshot(const char *path)
2106 {
2107 	char reason[64];
2108 	const char *delim;
2109 	char *parent;
2110 	zfs_handle_t *zhp;
2111 	zfs_cmd_t zc = { 0 };
2112 	int ret;
2113 
2114 	/* validate the snapshot name */
2115 	if (!zfs_validate_name(path, ZFS_TYPE_SNAPSHOT, reason,
2116 	    sizeof (reason))) {
2117 		zfs_error(dgettext(TEXT_DOMAIN,
2118 		    "cannot snapshot '%s': %s in snapshot name"), path,
2119 		    reason);
2120 		return (-1);
2121 	}
2122 
2123 	/* make sure we have a snapshot */
2124 	if ((delim = strchr(path, '@')) == NULL) {
2125 		zfs_error(dgettext(TEXT_DOMAIN,
2126 		    "cannot snapshot '%s': missing '@' delim in snapshot "
2127 		    "name"), path);
2128 		zfs_error(dgettext(TEXT_DOMAIN,
2129 		    "use 'zfs create' to create a filesystem"));
2130 		return (-1);
2131 	}
2132 
2133 	/* make sure the parent exists and is of the appropriate type */
2134 	parent = zfs_malloc(delim - path + 1);
2135 	(void) strncpy(parent, path, delim - path);
2136 	parent[delim - path] = '\0';
2137 
2138 	if ((zhp = zfs_open(parent, ZFS_TYPE_FILESYSTEM |
2139 	    ZFS_TYPE_VOLUME)) == NULL) {
2140 		free(parent);
2141 		return (-1);
2142 	}
2143 
2144 	(void) strlcpy(zc.zc_name, path, sizeof (zc.zc_name));
2145 
2146 	if (zhp->zfs_type == ZFS_TYPE_VOLUME)
2147 		zc.zc_objset_type = DMU_OST_ZVOL;
2148 	else
2149 		zc.zc_objset_type = DMU_OST_ZFS;
2150 
2151 	ret = ioctl(zfs_fd, ZFS_IOC_CREATE, &zc);
2152 
2153 	if (ret == 0 && zhp->zfs_type == ZFS_TYPE_VOLUME) {
2154 		ret = zvol_create_link(path);
2155 		if (ret != 0)
2156 			(void) ioctl(zfs_fd, ZFS_IOC_DESTROY, &zc);
2157 	}
2158 
2159 	if (ret != 0) {
2160 		switch (errno) {
2161 		case EPERM:
2162 			/*
2163 			 * User doesn't have permission to create a snapshot
2164 			 */
2165 			zfs_error(dgettext(TEXT_DOMAIN, "cannot create '%s': "
2166 			    "permission denied"), path);
2167 			break;
2168 
2169 		case EDQUOT:
2170 		case ENOSPC:
2171 			/*
2172 			 * Out of space in parent.
2173 			 */
2174 			zfs_error(dgettext(TEXT_DOMAIN, "cannot create '%s': "
2175 			    "not enough space in '%s'"), path, parent);
2176 			break;
2177 
2178 		case EEXIST:
2179 			/*
2180 			 * Snapshot already exists.
2181 			 */
2182 			zfs_error(dgettext(TEXT_DOMAIN, "cannot create '%s': "
2183 			    "snapshot exists"), path);
2184 			break;
2185 
2186 		case ENOENT:
2187 			/*
2188 			 * Shouldn't happen because we verified the parent
2189 			 * above.  But there may be a race condition where it
2190 			 * has since been removed.
2191 			 */
2192 			zfs_error(dgettext(TEXT_DOMAIN, "cannot open '%s': "
2193 			    "no such %s"), parent,
2194 			    zfs_type_to_name(zhp->zfs_type));
2195 			break;
2196 
2197 		default:
2198 			zfs_baderror(errno);
2199 		}
2200 	}
2201 
2202 	free(parent);
2203 	zfs_close(zhp);
2204 
2205 	return (ret);
2206 }
2207 
2208 /*
2209  * Dumps a backup of tosnap, incremental from fromsnap if it isn't NULL.
2210  */
2211 int
2212 zfs_backup(zfs_handle_t *zhp_to, zfs_handle_t *zhp_from)
2213 {
2214 	zfs_cmd_t zc = { 0 };
2215 	int ret;
2216 
2217 	/* do the ioctl() */
2218 	(void) strlcpy(zc.zc_name, zhp_to->zfs_name, sizeof (zc.zc_name));
2219 	if (zhp_from) {
2220 		(void) strlcpy(zc.zc_prop_value, zhp_from->zfs_name,
2221 		    sizeof (zc.zc_name));
2222 	} else {
2223 		zc.zc_prop_value[0] = '\0';
2224 	}
2225 	zc.zc_cookie = STDOUT_FILENO;
2226 
2227 	ret = ioctl(zfs_fd, ZFS_IOC_SENDBACKUP, &zc);
2228 	if (ret != 0) {
2229 		switch (errno) {
2230 		case EPERM:
2231 			/*
2232 			 * User doesn't have permission to do a backup
2233 			 */
2234 			zfs_error(dgettext(TEXT_DOMAIN, "cannot backup '%s': "
2235 			    "permission denied"), zhp_to->zfs_name);
2236 			break;
2237 
2238 		case EXDEV:
2239 			zfs_error(dgettext(TEXT_DOMAIN,
2240 			    "cannot do incremental backup from %s:\n"
2241 			    "it is not an earlier snapshot from the "
2242 			    "same fs as %s"),
2243 			    zhp_from->zfs_name, zhp_to->zfs_name);
2244 			break;
2245 
2246 		case ENOENT:
2247 			/*
2248 			 * Shouldn't happen because we verified the parent
2249 			 * above.  But there may be a race condition where it
2250 			 * has since been removed.
2251 			 */
2252 			zfs_error(dgettext(TEXT_DOMAIN, "cannot open: "
2253 			    "no such snapshot"));
2254 			break;
2255 
2256 		case EDQUOT:
2257 		case EFBIG:
2258 		case EIO:
2259 		case ENOLINK:
2260 		case ENOSPC:
2261 		case ENOSTR:
2262 		case ENXIO:
2263 		case EPIPE:
2264 		case ERANGE:
2265 		case EFAULT:
2266 		case EROFS:
2267 			zfs_error(dgettext(TEXT_DOMAIN,
2268 			    "cannot write backup stream: %s"),
2269 			    strerror(errno));
2270 			break;
2271 
2272 		case EINTR:
2273 			zfs_error(dgettext(TEXT_DOMAIN,
2274 			    "backup failed: signal recieved"));
2275 			break;
2276 
2277 		default:
2278 			zfs_baderror(errno);
2279 		}
2280 	}
2281 
2282 	return (ret);
2283 }
2284 
2285 /*
2286  * Restores a backup of tosnap from stdin.
2287  */
2288 int
2289 zfs_restore(const char *tosnap, int isprefix, int verbose, int dryrun)
2290 {
2291 	zfs_cmd_t zc = { 0 };
2292 	time_t begin_time;
2293 	int ioctl_err, err, bytes, size;
2294 	char *cp;
2295 	dmu_replay_record_t drr;
2296 	struct drr_begin *drrb = &zc.zc_begin_record;
2297 
2298 	begin_time = time(NULL);
2299 
2300 	/* trim off snapname, if any */
2301 	(void) strcpy(zc.zc_name, tosnap);
2302 	cp = strchr(zc.zc_name, '@');
2303 	if (cp)
2304 		*cp = '\0';
2305 
2306 	/* read in the BEGIN record */
2307 	cp = (char *)&drr;
2308 	bytes = 0;
2309 	do {
2310 		size = read(STDIN_FILENO, cp, sizeof (drr) - bytes);
2311 		cp += size;
2312 		bytes += size;
2313 	} while (size > 0);
2314 
2315 	if (size < 0 || bytes != sizeof (drr)) {
2316 		zfs_error(dgettext(TEXT_DOMAIN,
2317 		    "cannot restore: invalid backup stream "
2318 		    "(couldn't read first record)"));
2319 		return (-1);
2320 	}
2321 
2322 	zc.zc_begin_record = drr.drr_u.drr_begin;
2323 
2324 	if (drrb->drr_magic != DMU_BACKUP_MAGIC &&
2325 	    drrb->drr_magic != BSWAP_64(DMU_BACKUP_MAGIC)) {
2326 		zfs_error(dgettext(TEXT_DOMAIN,
2327 		    "cannot restore: invalid backup stream "
2328 		    "(invalid magic number)"));
2329 		return (-1);
2330 	}
2331 
2332 	if (drrb->drr_version != DMU_BACKUP_VERSION &&
2333 	    drrb->drr_version != BSWAP_64(DMU_BACKUP_VERSION)) {
2334 		if (drrb->drr_magic == BSWAP_64(DMU_BACKUP_MAGIC))
2335 			drrb->drr_version = BSWAP_64(drrb->drr_version);
2336 		zfs_error(dgettext(TEXT_DOMAIN,
2337 		    "cannot restore: only backup version 0x%llx is supported, "
2338 		    "stream is version %llx."),
2339 		    DMU_BACKUP_VERSION, drrb->drr_version);
2340 		return (-1);
2341 	}
2342 
2343 	/*
2344 	 * Determine name of destination snapshot.
2345 	 */
2346 	(void) strcpy(drrb->drr_toname, tosnap);
2347 	if (isprefix) {
2348 		if (strchr(tosnap, '@') != NULL) {
2349 			zfs_error(dgettext(TEXT_DOMAIN,
2350 			    "cannot restore: "
2351 			    "argument to -d must be a filesystem"));
2352 			return (-1);
2353 		}
2354 
2355 		cp = strchr(drr.drr_u.drr_begin.drr_toname, '/');
2356 		if (cp == NULL)
2357 			cp = drr.drr_u.drr_begin.drr_toname;
2358 		else
2359 			cp++;
2360 
2361 		(void) strcat(drrb->drr_toname, "/");
2362 		(void) strcat(drrb->drr_toname, cp);
2363 	} else if (strchr(tosnap, '@') == NULL) {
2364 		/*
2365 		 * they specified just a filesystem; tack on the
2366 		 * snapname from the backup.
2367 		 */
2368 		cp = strchr(drr.drr_u.drr_begin.drr_toname, '@');
2369 		if (cp == NULL || strlen(tosnap) + strlen(cp) >= MAXNAMELEN) {
2370 			zfs_error(dgettext(TEXT_DOMAIN,
2371 			    "cannot restore: invalid backup stream "
2372 			    "(invalid snapshot name)"));
2373 			return (-1);
2374 		}
2375 		(void) strcat(drrb->drr_toname, cp);
2376 	}
2377 
2378 	if (drrb->drr_fromguid) {
2379 		zfs_handle_t *h;
2380 		/* incremental backup stream */
2381 
2382 		/* do the ioctl to the containing fs */
2383 		(void) strcpy(zc.zc_name, drrb->drr_toname);
2384 		cp = strchr(zc.zc_name, '@');
2385 		*cp = '\0';
2386 
2387 		/* make sure destination fs exists */
2388 		h = zfs_open(zc.zc_name, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME);
2389 		if (h == NULL) {
2390 			zfs_error(dgettext(TEXT_DOMAIN,
2391 			    "cannot restore incrememtal backup: destination\n"
2392 			    "filesystem %s does not exist"),
2393 			    zc.zc_name);
2394 			return (-1);
2395 		}
2396 		if (!dryrun) {
2397 			/* unmount destination fs or remove device link. */
2398 			if (h->zfs_type == ZFS_TYPE_FILESYSTEM) {
2399 				(void) zfs_unmount(h, NULL, 0);
2400 			} else {
2401 				(void) zvol_remove_link(h->zfs_name);
2402 			}
2403 		}
2404 		zfs_close(h);
2405 	} else {
2406 		/* full backup stream */
2407 
2408 		(void) strcpy(zc.zc_name, drrb->drr_toname);
2409 
2410 		/* make sure they aren't trying to restore into the root */
2411 		if (strchr(zc.zc_name, '/') == NULL) {
2412 			cp = strchr(zc.zc_name, '@');
2413 			if (cp)
2414 				*cp = '\0';
2415 			zfs_error(dgettext(TEXT_DOMAIN,
2416 			    "cannot restore: destination fs %s already exists"),
2417 			    zc.zc_name);
2418 			return (-1);
2419 		}
2420 
2421 		if (isprefix) {
2422 			zfs_handle_t *h;
2423 
2424 			/* make sure prefix exists */
2425 			h = zfs_open(tosnap, ZFS_TYPE_FILESYSTEM |
2426 			    ZFS_TYPE_VOLUME);
2427 			if (h == NULL) {
2428 				zfs_error(dgettext(TEXT_DOMAIN,
2429 				    "cannot restore: "
2430 				    "filesystem %s does not exist"),
2431 				    tosnap);
2432 				return (-1);
2433 			}
2434 
2435 			/* create any necessary ancestors up to prefix */
2436 			zc.zc_objset_type = DMU_OST_ZFS;
2437 			/*
2438 			 * zc.zc_name is now the full name of the snap
2439 			 * we're restoring into
2440 			 */
2441 			cp = zc.zc_name + strlen(tosnap) + 1;
2442 			while (cp = strchr(cp, '/')) {
2443 				*cp = '\0';
2444 				err = ioctl(zfs_fd, ZFS_IOC_CREATE, &zc);
2445 				if (err && errno != ENOENT && errno != EEXIST) {
2446 					zfs_error(dgettext(TEXT_DOMAIN,
2447 					    "cannot restore: "
2448 					    "couldn't create ancestor %s"),
2449 					    zc.zc_name);
2450 					return (-1);
2451 				}
2452 				*cp = '/';
2453 				cp++;
2454 			}
2455 		}
2456 
2457 		/* Make sure destination fs does not exist */
2458 		cp = strchr(zc.zc_name, '@');
2459 		*cp = '\0';
2460 		if (ioctl(zfs_fd, ZFS_IOC_OBJSET_STATS, &zc) == 0) {
2461 			zfs_error(dgettext(TEXT_DOMAIN,
2462 			    "cannot restore full backup: "
2463 			    "destination filesystem %s already exists"),
2464 			    zc.zc_name);
2465 			return (-1);
2466 		}
2467 
2468 		/* Do the recvbackup ioctl to the fs's parent. */
2469 		cp = strrchr(zc.zc_name, '/');
2470 		*cp = '\0';
2471 	}
2472 
2473 	(void) strcpy(zc.zc_prop_value, tosnap);
2474 	zc.zc_cookie = STDIN_FILENO;
2475 	zc.zc_intsz = isprefix;
2476 	if (verbose) {
2477 		(void) printf("%s %s backup of %s into %s\n",
2478 		    dryrun ? "would restore" : "restoring",
2479 		    drrb->drr_fromguid ? "incremental" : "full",
2480 		    drr.drr_u.drr_begin.drr_toname,
2481 		    zc.zc_begin_record.drr_toname);
2482 		(void) fflush(stdout);
2483 	}
2484 	if (dryrun)
2485 		return (0);
2486 	err = ioctl_err = ioctl(zfs_fd, ZFS_IOC_RECVBACKUP, &zc);
2487 	if (ioctl_err != 0) {
2488 		switch (errno) {
2489 		case ENODEV:
2490 			zfs_error(dgettext(TEXT_DOMAIN,
2491 			    "cannot restore: "
2492 			    "most recent snapshot does not "
2493 			    "match incremental backup source"));
2494 			break;
2495 		case ETXTBSY:
2496 			zfs_error(dgettext(TEXT_DOMAIN,
2497 			    "cannot restore: "
2498 			    "destination has been modified since "
2499 			    "most recent snapshot --\n"
2500 			    "use 'zfs rollback' to discard changes"));
2501 			break;
2502 		case EEXIST:
2503 			if (drrb->drr_fromguid == 0) {
2504 				/* it's the containing fs that exists */
2505 				cp = strchr(drrb->drr_toname, '@');
2506 				*cp = '\0';
2507 			}
2508 			zfs_error(dgettext(TEXT_DOMAIN,
2509 			    "cannot restore to %s: destination already exists"),
2510 			    drrb->drr_toname);
2511 			break;
2512 		case ENOENT:
2513 			zfs_error(dgettext(TEXT_DOMAIN,
2514 			    "cannot restore: destination does not exist"));
2515 			break;
2516 		case EBUSY:
2517 			zfs_error(dgettext(TEXT_DOMAIN,
2518 			    "cannot restore: destination is in use"));
2519 			break;
2520 		case ENOSPC:
2521 			zfs_error(dgettext(TEXT_DOMAIN,
2522 			    "cannot restore: out of space"));
2523 			break;
2524 		case EDQUOT:
2525 			zfs_error(dgettext(TEXT_DOMAIN,
2526 			    "cannot restore: quota exceeded"));
2527 			break;
2528 		case EINTR:
2529 			zfs_error(dgettext(TEXT_DOMAIN,
2530 			    "restore failed: signal recieved"));
2531 			break;
2532 		case EINVAL:
2533 			zfs_error(dgettext(TEXT_DOMAIN,
2534 			    "cannot restore: invalid backup stream"));
2535 			break;
2536 		case EPERM:
2537 			zfs_error(dgettext(TEXT_DOMAIN,
2538 			    "cannot restore: permission denied"));
2539 			break;
2540 		default:
2541 			zfs_baderror(errno);
2542 		}
2543 	}
2544 
2545 	/*
2546 	 * Mount or recreate the /dev links for the target filesystem
2547 	 * (if created, or if we tore them down to do an incremental
2548 	 * restore), and the /dev links for the new snapshot (if
2549 	 * created).
2550 	 */
2551 	cp = strchr(drrb->drr_toname, '@');
2552 	if (cp && (ioctl_err == 0 || drrb->drr_fromguid)) {
2553 		zfs_handle_t *h;
2554 
2555 		*cp = '\0';
2556 		h = zfs_open(drrb->drr_toname,
2557 		    ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME);
2558 		*cp = '@';
2559 		if (h) {
2560 			if (h->zfs_type == ZFS_TYPE_FILESYSTEM) {
2561 				err = zfs_mount(h, NULL, 0);
2562 			} else {
2563 				err = zvol_create_link(h->zfs_name);
2564 				if (err == 0 && ioctl_err == 0) {
2565 					err =
2566 					    zvol_create_link(drrb->drr_toname);
2567 				}
2568 			}
2569 			zfs_close(h);
2570 		}
2571 	}
2572 
2573 	if (err || ioctl_err)
2574 		return (-1);
2575 
2576 	if (verbose) {
2577 		char buf1[64];
2578 		char buf2[64];
2579 		uint64_t bytes = zc.zc_cookie;
2580 		time_t delta = time(NULL) - begin_time;
2581 		if (delta == 0)
2582 			delta = 1;
2583 		zfs_nicenum(bytes, buf1, sizeof (buf1));
2584 		zfs_nicenum(bytes/delta, buf2, sizeof (buf1));
2585 
2586 		(void) printf("restored %sb backup in %lu seconds (%sb/sec)\n",
2587 		    buf1, delta, buf2);
2588 	}
2589 	return (0);
2590 }
2591 
2592 /*
2593  * Destroy any more recent snapshots.  We invoke this callback on any dependents
2594  * of the snapshot first.  If the 'cb_dependent' member is non-zero, then this
2595  * is a dependent and we should just destroy it without checking the transaction
2596  * group.
2597  */
2598 typedef struct rollback_data {
2599 	const char	*cb_target;		/* the snapshot */
2600 	uint64_t	cb_create;		/* creation time reference */
2601 	prop_changelist_t *cb_clp;		/* changelist pointer */
2602 	int		cb_error;
2603 	int		cb_dependent;
2604 } rollback_data_t;
2605 
2606 static int
2607 rollback_destroy(zfs_handle_t *zhp, void *data)
2608 {
2609 	rollback_data_t *cbp = data;
2610 
2611 	if (!cbp->cb_dependent) {
2612 		if (strcmp(zhp->zfs_name, cbp->cb_target) != 0 &&
2613 		    zfs_get_type(zhp) == ZFS_TYPE_SNAPSHOT &&
2614 		    zfs_prop_get_int(zhp, ZFS_PROP_CREATETXG) >
2615 		    cbp->cb_create) {
2616 
2617 			cbp->cb_dependent = TRUE;
2618 			(void) zfs_iter_dependents(zhp, rollback_destroy, cbp);
2619 			cbp->cb_dependent = FALSE;
2620 
2621 			if (zfs_destroy(zhp) != 0)
2622 				cbp->cb_error = 1;
2623 			else
2624 				changelist_remove(zhp, cbp->cb_clp);
2625 		}
2626 	} else {
2627 		if (zfs_destroy(zhp) != 0)
2628 			cbp->cb_error = 1;
2629 		else
2630 			changelist_remove(zhp, cbp->cb_clp);
2631 	}
2632 
2633 	zfs_close(zhp);
2634 	return (0);
2635 }
2636 
2637 /*
2638  * Rollback the dataset to its latest snapshot.
2639  */
2640 static int
2641 do_rollback(zfs_handle_t *zhp)
2642 {
2643 	int ret;
2644 	zfs_cmd_t zc = { 0 };
2645 
2646 	assert(zhp->zfs_type == ZFS_TYPE_FILESYSTEM ||
2647 	    zhp->zfs_type == ZFS_TYPE_VOLUME);
2648 
2649 	if (zhp->zfs_type == ZFS_TYPE_VOLUME &&
2650 	    zvol_remove_link(zhp->zfs_name) != 0)
2651 		return (-1);
2652 
2653 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
2654 
2655 	if (zhp->zfs_volblocksize != 0)
2656 		zc.zc_objset_type = DMU_OST_ZVOL;
2657 	else
2658 		zc.zc_objset_type = DMU_OST_ZFS;
2659 
2660 	/*
2661 	 * We rely on the consumer to verify that there are no newer snapshots
2662 	 * for the given dataset.  Given these constraints, we can simply pass
2663 	 * the name on to the ioctl() call.  There is still an unlikely race
2664 	 * condition where the user has taken a snapshot since we verified that
2665 	 * this was the most recent.
2666 	 */
2667 	if ((ret = ioctl(zfs_fd, ZFS_IOC_ROLLBACK, &zc)) != 0) {
2668 		switch (errno) {
2669 		case EPERM:
2670 			/*
2671 			 * The user doesn't have permission to rollback the
2672 			 * given dataset.
2673 			 */
2674 			zfs_error(dgettext(TEXT_DOMAIN, "cannot rollback '%s': "
2675 			    "permission denied"), zhp->zfs_name);
2676 			break;
2677 
2678 		case EDQUOT:
2679 		case ENOSPC:
2680 			/*
2681 			 * The parent dataset doesn't have enough space to
2682 			 * rollback to the last snapshot.
2683 			 */
2684 			{
2685 				char parent[ZFS_MAXNAMELEN];
2686 				(void) parent_name(zhp->zfs_name, parent,
2687 				    sizeof (parent));
2688 				zfs_error(dgettext(TEXT_DOMAIN, "cannot "
2689 				    "rollback '%s': out of space"), parent);
2690 			}
2691 			break;
2692 
2693 		case ENOENT:
2694 			/*
2695 			 * The dataset doesn't exist.  This shouldn't happen
2696 			 * except in race conditions.
2697 			 */
2698 			zfs_error(dgettext(TEXT_DOMAIN, "cannot rollback '%s': "
2699 			    "no such %s"), zhp->zfs_name,
2700 			    zfs_type_to_name(zhp->zfs_type));
2701 			break;
2702 
2703 		case EBUSY:
2704 			/*
2705 			 * The filesystem is busy.  This should have been caught
2706 			 * by the caller before getting here, but there may be
2707 			 * an unexpected problem.
2708 			 */
2709 			zfs_error(dgettext(TEXT_DOMAIN, "cannot rollback '%s': "
2710 			    "%s is busy"), zhp->zfs_name,
2711 			    zfs_type_to_name(zhp->zfs_type));
2712 			break;
2713 
2714 		default:
2715 			zfs_baderror(errno);
2716 		}
2717 	} else if (zhp->zfs_type == ZFS_TYPE_VOLUME) {
2718 		ret = zvol_create_link(zhp->zfs_name);
2719 	}
2720 
2721 	return (ret);
2722 }
2723 
2724 /*
2725  * Given a dataset, rollback to a specific snapshot, discarding any
2726  * data changes since then and making it the active dataset.
2727  *
2728  * Any snapshots more recent than the target are destroyed, along with
2729  * their dependents.
2730  */
2731 int
2732 zfs_rollback(zfs_handle_t *zhp, zfs_handle_t *snap, int flag)
2733 {
2734 	int ret;
2735 	rollback_data_t cb = { 0 };
2736 	prop_changelist_t *clp;
2737 
2738 	/*
2739 	 * Unmount all dependendents of the dataset and the dataset itself.
2740 	 * The list we need to gather is the same as for doing rename
2741 	 */
2742 	clp = changelist_gather(zhp, ZFS_PROP_NAME, flag ? MS_FORCE: 0);
2743 	if (clp == NULL)
2744 		return (-1);
2745 
2746 	if ((ret = changelist_prefix(clp)) != 0)
2747 		goto out;
2748 
2749 	/*
2750 	 * Destroy all recent snapshots and its dependends.
2751 	 */
2752 	cb.cb_target = snap->zfs_name;
2753 	cb.cb_create = zfs_prop_get_int(snap, ZFS_PROP_CREATETXG);
2754 	cb.cb_clp = clp;
2755 	(void) zfs_iter_children(zhp, rollback_destroy, &cb);
2756 
2757 	if ((ret = cb.cb_error) != 0) {
2758 		(void) changelist_postfix(clp);
2759 		goto out;
2760 	}
2761 
2762 	/*
2763 	 * Now that we have verified that the snapshot is the latest,
2764 	 * rollback to the given snapshot.
2765 	 */
2766 	ret = do_rollback(zhp);
2767 
2768 	if (ret != 0) {
2769 		(void) changelist_postfix(clp);
2770 		goto out;
2771 	}
2772 
2773 	/*
2774 	 * We only want to re-mount the filesystem if it was mounted in the
2775 	 * first place.
2776 	 */
2777 	ret = changelist_postfix(clp);
2778 
2779 out:
2780 	changelist_free(clp);
2781 	return (ret);
2782 }
2783 
2784 /*
2785  * Iterate over all dependents for a given dataset.  This includes both
2786  * hierarchical dependents (children) and data dependents (snapshots and
2787  * clones).  The bulk of the processing occurs in get_dependents() in
2788  * libzfs_graph.c.
2789  */
2790 int
2791 zfs_iter_dependents(zfs_handle_t *zhp, zfs_iter_f func, void *data)
2792 {
2793 	char **dependents;
2794 	size_t count;
2795 	int i;
2796 	zfs_handle_t *child;
2797 	int ret = 0;
2798 
2799 	dependents = get_dependents(zhp->zfs_name, &count);
2800 	for (i = 0; i < count; i++) {
2801 		if ((child = make_dataset_handle(dependents[i])) == NULL)
2802 			continue;
2803 
2804 		if ((ret = func(child, data)) != 0)
2805 			break;
2806 	}
2807 
2808 	for (i = 0; i < count; i++)
2809 		free(dependents[i]);
2810 	free(dependents);
2811 
2812 	return (ret);
2813 }
2814 
2815 /*
2816  * Renames the given dataset.
2817  */
2818 int
2819 zfs_rename(zfs_handle_t *zhp, const char *target)
2820 {
2821 	int ret;
2822 	zfs_cmd_t zc = { 0 };
2823 	char reason[64];
2824 	char *delim;
2825 	prop_changelist_t *cl;
2826 	char parent[ZFS_MAXNAMELEN];
2827 
2828 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
2829 	(void) strlcpy(zc.zc_prop_value, target, sizeof (zc.zc_prop_value));
2830 
2831 	/* if we have the same exact name, just return success */
2832 	if (strcmp(zhp->zfs_name, target) == 0)
2833 		return (0);
2834 
2835 	/*
2836 	 * Make sure the target name is valid
2837 	 */
2838 	if (!zfs_validate_name(target, zhp->zfs_type, reason,
2839 	    sizeof (reason))) {
2840 		zfs_error(dgettext(TEXT_DOMAIN,
2841 		    "cannot create '%s': %s in %s name"), target, reason,
2842 		    zfs_type_to_name(zhp->zfs_type));
2843 		return (-1);
2844 	}
2845 
2846 	if (zhp->zfs_type == ZFS_TYPE_SNAPSHOT) {
2847 		if ((delim = strchr(target, '@')) == NULL) {
2848 			zfs_error(dgettext(TEXT_DOMAIN,
2849 			    "cannot rename to '%s': not a snapshot"), target);
2850 			return (-1);
2851 		}
2852 
2853 		/*
2854 		 * Make sure we're renaming within the same dataset.
2855 		 */
2856 		if (strncmp(zhp->zfs_name, target, delim - target) != 0 ||
2857 		    zhp->zfs_name[delim - target] != '@') {
2858 			zfs_error(dgettext(TEXT_DOMAIN,
2859 			    "cannot rename to '%s': snapshots must be part "
2860 			    "of same dataset"), target);
2861 			return (-1);
2862 		}
2863 
2864 		(void) strncpy(parent, target, delim - target);
2865 		parent[delim - target] = '\0';
2866 	} else {
2867 		/* validate parents */
2868 		if (check_parents(target, zhp->zfs_type) != 0)
2869 			return (-1);
2870 
2871 		(void) parent_name(target, parent, sizeof (parent));
2872 
2873 		/* make sure we're in the same pool */
2874 		verify((delim = strchr(target, '/')) != NULL);
2875 		if (strncmp(zhp->zfs_name, target, delim - target) != 0 ||
2876 		    zhp->zfs_name[delim - target] != '/') {
2877 			zfs_error(dgettext(TEXT_DOMAIN,
2878 			    "cannot rename to '%s': "
2879 			    "datasets must be within same pool"), target);
2880 			return (-1);
2881 		}
2882 	}
2883 
2884 	if (getzoneid() == GLOBAL_ZONEID &&
2885 	    zfs_prop_get_int(zhp, ZFS_PROP_ZONED)) {
2886 		zfs_error(dgettext(TEXT_DOMAIN, "cannot rename %s, "
2887 		    "dataset is used in a non-global zone"), zhp->zfs_name);
2888 		return (-1);
2889 	}
2890 
2891 	if ((cl = changelist_gather(zhp, ZFS_PROP_NAME, 0)) == NULL)
2892 		return (1);
2893 
2894 	if (changelist_haszonedchild(cl)) {
2895 		zfs_error(dgettext(TEXT_DOMAIN,
2896 		    "cannot rename '%s': child dataset with inherited "
2897 		    "mountpoint is used in a non-global zone"), zhp->zfs_name);
2898 		ret = -1;
2899 		goto error;
2900 	}
2901 
2902 	if ((ret = changelist_prefix(cl)) != 0)
2903 		goto error;
2904 
2905 	if (zhp->zfs_volblocksize != 0)
2906 		zc.zc_objset_type = DMU_OST_ZVOL;
2907 	else
2908 		zc.zc_objset_type = DMU_OST_ZFS;
2909 
2910 	if ((ret = ioctl(zfs_fd, ZFS_IOC_RENAME, &zc)) != 0) {
2911 		switch (errno) {
2912 		case EPERM:
2913 			/*
2914 			 * The user doesn't have permission to rename the
2915 			 * given dataset.
2916 			 */
2917 			zfs_error(dgettext(TEXT_DOMAIN, "cannot rename '%s': "
2918 			    "permission denied"), zhp->zfs_name);
2919 			break;
2920 
2921 		case EDQUOT:
2922 		case ENOSPC:
2923 			/*
2924 			 * Not enough space in the parent dataset.
2925 			 */
2926 			zfs_error(dgettext(TEXT_DOMAIN, "cannot "
2927 			    "rename '%s': not enough space in '%s'"),
2928 			    zhp->zfs_name, parent);
2929 			break;
2930 
2931 		case ENOENT:
2932 			/*
2933 			 * The destination doesn't exist.
2934 			 */
2935 			zfs_error(dgettext(TEXT_DOMAIN, "cannot rename '%s' "
2936 			    "to '%s': destination doesn't exist"),
2937 			    zhp->zfs_name, target);
2938 			break;
2939 
2940 		case EEXIST:
2941 			/*
2942 			 * The destination already exists.
2943 			 */
2944 			zfs_error(dgettext(TEXT_DOMAIN, "cannot rename '%s' "
2945 			    "to '%s': destination already exists"),
2946 			    zhp->zfs_name, target);
2947 			break;
2948 
2949 		case EBUSY:
2950 			/*
2951 			 * The filesystem is busy.  This should have been caught
2952 			 * by the caller before getting here, but there may be
2953 			 * an unexpected problem.
2954 			 */
2955 			zfs_error(dgettext(TEXT_DOMAIN, "cannot rename '%s': "
2956 			    "%s is busy"), zhp->zfs_name,
2957 			    zfs_type_to_name(zhp->zfs_type));
2958 			break;
2959 
2960 		default:
2961 			zfs_baderror(errno);
2962 		}
2963 
2964 		/*
2965 		 * On failure, we still want to remount any filesystems that
2966 		 * were previously mounted, so we don't alter the system state.
2967 		 */
2968 		(void) changelist_postfix(cl);
2969 	} else {
2970 		changelist_rename(cl, zfs_get_name(zhp), target);
2971 
2972 		ret = changelist_postfix(cl);
2973 	}
2974 
2975 error:
2976 	changelist_free(cl);
2977 	return (ret);
2978 }
2979 
2980 /*
2981  * Given a zvol dataset, issue the ioctl to create the appropriate minor node,
2982  * poke devfsadm to create the /dev link, and then wait for the link to appear.
2983  */
2984 int
2985 zvol_create_link(const char *dataset)
2986 {
2987 	zfs_cmd_t zc = { 0 };
2988 	di_devlink_handle_t hdl;
2989 
2990 	(void) strlcpy(zc.zc_name, dataset, sizeof (zc.zc_name));
2991 
2992 	/*
2993 	 * Issue the appropriate ioctl.
2994 	 */
2995 	if (ioctl(zfs_fd, ZFS_IOC_CREATE_MINOR, &zc) != 0) {
2996 		switch (errno) {
2997 		case EPERM:
2998 			zfs_error(dgettext(TEXT_DOMAIN, "cannot create "
2999 			    "device links for '%s': permission denied"),
3000 			    dataset);
3001 			break;
3002 
3003 		case EEXIST:
3004 			/*
3005 			 * Silently ignore the case where the link already
3006 			 * exists.  This allows 'zfs volinit' to be run multiple
3007 			 * times without errors.
3008 			 */
3009 			return (0);
3010 
3011 		default:
3012 			zfs_baderror(errno);
3013 		}
3014 
3015 		return (-1);
3016 	}
3017 
3018 	/*
3019 	 * Call devfsadm and wait for the links to magically appear.
3020 	 */
3021 	if ((hdl = di_devlink_init(ZFS_DRIVER, DI_MAKE_LINK)) == NULL) {
3022 		zfs_error(dgettext(TEXT_DOMAIN,
3023 		    "cannot create device links for '%s'"), dataset);
3024 		(void) ioctl(zfs_fd, ZFS_IOC_REMOVE_MINOR, &zc);
3025 		return (-1);
3026 	} else {
3027 		(void) di_devlink_fini(&hdl);
3028 	}
3029 
3030 	return (0);
3031 }
3032 
3033 /*
3034  * Remove a minor node for the given zvol and the associated /dev links.
3035  */
3036 int
3037 zvol_remove_link(const char *dataset)
3038 {
3039 	zfs_cmd_t zc = { 0 };
3040 
3041 	(void) strlcpy(zc.zc_name, dataset, sizeof (zc.zc_name));
3042 
3043 	if (ioctl(zfs_fd, ZFS_IOC_REMOVE_MINOR, &zc) != 0) {
3044 		switch (errno) {
3045 		case EPERM:
3046 			zfs_error(dgettext(TEXT_DOMAIN, "cannot remove "
3047 			    "device links for '%s': permission denied"),
3048 			    dataset);
3049 			break;
3050 
3051 		case EBUSY:
3052 			zfs_error(dgettext(TEXT_DOMAIN, "cannot remove "
3053 			    "device links for '%s': volume is in use"),
3054 			    dataset);
3055 			break;
3056 
3057 		case ENXIO:
3058 			/*
3059 			 * Silently ignore the case where the link no longer
3060 			 * exists, so that 'zfs volfini' can be run multiple
3061 			 * times without errors.
3062 			 */
3063 			return (0);
3064 
3065 		default:
3066 			zfs_baderror(errno);
3067 		}
3068 
3069 		return (-1);
3070 	}
3071 
3072 	return (0);
3073 }
3074