1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #include <sys/types.h> 27 #include <sys/param.h> 28 #include <sys/errno.h> 29 #include <sys/uio.h> 30 #include <sys/buf.h> 31 #include <sys/modctl.h> 32 #include <sys/open.h> 33 #include <sys/file.h> 34 #include <sys/kmem.h> 35 #include <sys/conf.h> 36 #include <sys/cmn_err.h> 37 #include <sys/stat.h> 38 #include <sys/zfs_ioctl.h> 39 #include <sys/zfs_vfsops.h> 40 #include <sys/zfs_znode.h> 41 #include <sys/zap.h> 42 #include <sys/spa.h> 43 #include <sys/spa_impl.h> 44 #include <sys/vdev.h> 45 #include <sys/priv_impl.h> 46 #include <sys/dmu.h> 47 #include <sys/dsl_dir.h> 48 #include <sys/dsl_dataset.h> 49 #include <sys/dsl_prop.h> 50 #include <sys/dsl_deleg.h> 51 #include <sys/dmu_objset.h> 52 #include <sys/ddi.h> 53 #include <sys/sunddi.h> 54 #include <sys/sunldi.h> 55 #include <sys/policy.h> 56 #include <sys/zone.h> 57 #include <sys/nvpair.h> 58 #include <sys/pathname.h> 59 #include <sys/mount.h> 60 #include <sys/sdt.h> 61 #include <sys/fs/zfs.h> 62 #include <sys/zfs_ctldir.h> 63 #include <sys/zfs_dir.h> 64 #include <sys/zvol.h> 65 #include <sharefs/share.h> 66 #include <sys/dmu_objset.h> 67 68 #include "zfs_namecheck.h" 69 #include "zfs_prop.h" 70 #include "zfs_deleg.h" 71 72 extern struct modlfs zfs_modlfs; 73 74 extern void zfs_init(void); 75 extern void zfs_fini(void); 76 77 ldi_ident_t zfs_li = NULL; 78 dev_info_t *zfs_dip; 79 80 typedef int zfs_ioc_func_t(zfs_cmd_t *); 81 typedef int zfs_secpolicy_func_t(zfs_cmd_t *, cred_t *); 82 83 typedef enum { 84 NO_NAME, 85 POOL_NAME, 86 DATASET_NAME 87 } zfs_ioc_namecheck_t; 88 89 typedef struct zfs_ioc_vec { 90 zfs_ioc_func_t *zvec_func; 91 zfs_secpolicy_func_t *zvec_secpolicy; 92 zfs_ioc_namecheck_t zvec_namecheck; 93 boolean_t zvec_his_log; 94 boolean_t zvec_pool_check; 95 } zfs_ioc_vec_t; 96 97 /* This array is indexed by zfs_userquota_prop_t */ 98 static const char *userquota_perms[] = { 99 ZFS_DELEG_PERM_USERUSED, 100 ZFS_DELEG_PERM_USERQUOTA, 101 ZFS_DELEG_PERM_GROUPUSED, 102 ZFS_DELEG_PERM_GROUPQUOTA, 103 }; 104 105 static char *setsl_tag = "setsl_tag"; 106 107 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc); 108 static void clear_props(char *dataset, nvlist_t *props, nvlist_t *newprops); 109 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *, 110 boolean_t *); 111 int zfs_set_prop_nvlist(const char *, nvlist_t *); 112 113 /* _NOTE(PRINTFLIKE(4)) - this is printf-like, but lint is too whiney */ 114 void 115 __dprintf(const char *file, const char *func, int line, const char *fmt, ...) 116 { 117 const char *newfile; 118 char buf[256]; 119 va_list adx; 120 121 /* 122 * Get rid of annoying "../common/" prefix to filename. 123 */ 124 newfile = strrchr(file, '/'); 125 if (newfile != NULL) { 126 newfile = newfile + 1; /* Get rid of leading / */ 127 } else { 128 newfile = file; 129 } 130 131 va_start(adx, fmt); 132 (void) vsnprintf(buf, sizeof (buf), fmt, adx); 133 va_end(adx); 134 135 /* 136 * To get this data, use the zfs-dprintf probe as so: 137 * dtrace -q -n 'zfs-dprintf \ 138 * /stringof(arg0) == "dbuf.c"/ \ 139 * {printf("%s: %s", stringof(arg1), stringof(arg3))}' 140 * arg0 = file name 141 * arg1 = function name 142 * arg2 = line number 143 * arg3 = message 144 */ 145 DTRACE_PROBE4(zfs__dprintf, 146 char *, newfile, char *, func, int, line, char *, buf); 147 } 148 149 static void 150 history_str_free(char *buf) 151 { 152 kmem_free(buf, HIS_MAX_RECORD_LEN); 153 } 154 155 static char * 156 history_str_get(zfs_cmd_t *zc) 157 { 158 char *buf; 159 160 if (zc->zc_history == NULL) 161 return (NULL); 162 163 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP); 164 if (copyinstr((void *)(uintptr_t)zc->zc_history, 165 buf, HIS_MAX_RECORD_LEN, NULL) != 0) { 166 history_str_free(buf); 167 return (NULL); 168 } 169 170 buf[HIS_MAX_RECORD_LEN -1] = '\0'; 171 172 return (buf); 173 } 174 175 /* 176 * Check to see if the named dataset is currently defined as bootable 177 */ 178 static boolean_t 179 zfs_is_bootfs(const char *name) 180 { 181 objset_t *os; 182 183 if (dmu_objset_hold(name, FTAG, &os) == 0) { 184 boolean_t ret; 185 ret = (dmu_objset_id(os) == spa_bootfs(dmu_objset_spa(os))); 186 dmu_objset_rele(os, FTAG); 187 return (ret); 188 } 189 return (B_FALSE); 190 } 191 192 /* 193 * zfs_earlier_version 194 * 195 * Return non-zero if the spa version is less than requested version. 196 */ 197 static int 198 zfs_earlier_version(const char *name, int version) 199 { 200 spa_t *spa; 201 202 if (spa_open(name, &spa, FTAG) == 0) { 203 if (spa_version(spa) < version) { 204 spa_close(spa, FTAG); 205 return (1); 206 } 207 spa_close(spa, FTAG); 208 } 209 return (0); 210 } 211 212 /* 213 * zpl_earlier_version 214 * 215 * Return TRUE if the ZPL version is less than requested version. 216 */ 217 static boolean_t 218 zpl_earlier_version(const char *name, int version) 219 { 220 objset_t *os; 221 boolean_t rc = B_TRUE; 222 223 if (dmu_objset_hold(name, FTAG, &os) == 0) { 224 uint64_t zplversion; 225 226 if (dmu_objset_type(os) != DMU_OST_ZFS) { 227 dmu_objset_rele(os, FTAG); 228 return (B_TRUE); 229 } 230 /* XXX reading from non-owned objset */ 231 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0) 232 rc = zplversion < version; 233 dmu_objset_rele(os, FTAG); 234 } 235 return (rc); 236 } 237 238 static void 239 zfs_log_history(zfs_cmd_t *zc) 240 { 241 spa_t *spa; 242 char *buf; 243 244 if ((buf = history_str_get(zc)) == NULL) 245 return; 246 247 if (spa_open(zc->zc_name, &spa, FTAG) == 0) { 248 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY) 249 (void) spa_history_log(spa, buf, LOG_CMD_NORMAL); 250 spa_close(spa, FTAG); 251 } 252 history_str_free(buf); 253 } 254 255 /* 256 * Policy for top-level read operations (list pools). Requires no privileges, 257 * and can be used in the local zone, as there is no associated dataset. 258 */ 259 /* ARGSUSED */ 260 static int 261 zfs_secpolicy_none(zfs_cmd_t *zc, cred_t *cr) 262 { 263 return (0); 264 } 265 266 /* 267 * Policy for dataset read operations (list children, get statistics). Requires 268 * no privileges, but must be visible in the local zone. 269 */ 270 /* ARGSUSED */ 271 static int 272 zfs_secpolicy_read(zfs_cmd_t *zc, cred_t *cr) 273 { 274 if (INGLOBALZONE(curproc) || 275 zone_dataset_visible(zc->zc_name, NULL)) 276 return (0); 277 278 return (ENOENT); 279 } 280 281 static int 282 zfs_dozonecheck(const char *dataset, cred_t *cr) 283 { 284 uint64_t zoned; 285 int writable = 1; 286 287 /* 288 * The dataset must be visible by this zone -- check this first 289 * so they don't see EPERM on something they shouldn't know about. 290 */ 291 if (!INGLOBALZONE(curproc) && 292 !zone_dataset_visible(dataset, &writable)) 293 return (ENOENT); 294 295 if (dsl_prop_get_integer(dataset, "zoned", &zoned, NULL)) 296 return (ENOENT); 297 298 if (INGLOBALZONE(curproc)) { 299 /* 300 * If the fs is zoned, only root can access it from the 301 * global zone. 302 */ 303 if (secpolicy_zfs(cr) && zoned) 304 return (EPERM); 305 } else { 306 /* 307 * If we are in a local zone, the 'zoned' property must be set. 308 */ 309 if (!zoned) 310 return (EPERM); 311 312 /* must be writable by this zone */ 313 if (!writable) 314 return (EPERM); 315 } 316 return (0); 317 } 318 319 int 320 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr) 321 { 322 int error; 323 324 error = zfs_dozonecheck(name, cr); 325 if (error == 0) { 326 error = secpolicy_zfs(cr); 327 if (error) 328 error = dsl_deleg_access(name, perm, cr); 329 } 330 return (error); 331 } 332 333 /* 334 * Policy for setting the security label property. 335 * 336 * Returns 0 for success, non-zero for access and other errors. 337 * 338 * If the objset is non-NULL upon return, the caller is responsible 339 * for dis-owning it, using the tag: setsl_tag. 340 * 341 */ 342 static int 343 zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr, 344 objset_t **osp) 345 { 346 char ds_hexsl[MAXNAMELEN]; 347 bslabel_t ds_sl, new_sl; 348 boolean_t new_default = FALSE; 349 uint64_t zoned; 350 int needed_priv = -1; 351 int error; 352 353 /* First get the existing dataset label. */ 354 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL), 355 1, sizeof (ds_hexsl), &ds_hexsl, NULL); 356 if (error) 357 return (EPERM); 358 359 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0) 360 new_default = TRUE; 361 362 /* The label must be translatable */ 363 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0)) 364 return (EINVAL); 365 366 /* 367 * In a non-global zone, disallow attempts to set a label that 368 * doesn't match that of the zone; otherwise no other checks 369 * are needed. 370 */ 371 if (!INGLOBALZONE(curproc)) { 372 if (new_default || !blequal(&new_sl, CR_SL(CRED()))) 373 return (EPERM); 374 return (0); 375 } 376 377 /* 378 * For global-zone datasets (i.e., those whose zoned property is 379 * "off", verify that the specified new label is valid for the 380 * global zone. 381 */ 382 if (dsl_prop_get_integer(name, 383 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL)) 384 return (EPERM); 385 if (!zoned) { 386 if (zfs_check_global_label(name, strval) != 0) 387 return (EPERM); 388 } 389 390 /* 391 * If the existing dataset label is nondefault, check if the 392 * dataset is mounted (label cannot be changed while mounted). 393 * Get the zfsvfs; if there isn't one, then the dataset isn't 394 * mounted (or isn't a dataset, doesn't exist, ...). 395 */ 396 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) { 397 ASSERT(osp != NULL); 398 /* 399 * Try to own the dataset; abort if there is any error, 400 * (e.g., already mounted, in use, or other error). 401 */ 402 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE, 403 setsl_tag, osp); 404 if (error) 405 return (EPERM); 406 407 if (new_default) { 408 needed_priv = PRIV_FILE_DOWNGRADE_SL; 409 goto out_check; 410 } 411 412 if (hexstr_to_label(strval, &new_sl) != 0) 413 return (EPERM); 414 415 if (blstrictdom(&ds_sl, &new_sl)) 416 needed_priv = PRIV_FILE_DOWNGRADE_SL; 417 else if (blstrictdom(&new_sl, &ds_sl)) 418 needed_priv = PRIV_FILE_UPGRADE_SL; 419 } else { 420 /* dataset currently has a default label */ 421 if (!new_default) 422 needed_priv = PRIV_FILE_UPGRADE_SL; 423 } 424 425 out_check: 426 if (needed_priv != -1) 427 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL)); 428 return (0); 429 } 430 431 static int 432 zfs_secpolicy_setprop(const char *name, zfs_prop_t prop, cred_t *cr) 433 { 434 /* 435 * Check permissions for special properties. 436 */ 437 switch (prop) { 438 case ZFS_PROP_ZONED: 439 /* 440 * Disallow setting of 'zoned' from within a local zone. 441 */ 442 if (!INGLOBALZONE(curproc)) 443 return (EPERM); 444 break; 445 446 case ZFS_PROP_QUOTA: 447 if (!INGLOBALZONE(curproc)) { 448 uint64_t zoned; 449 char setpoint[MAXNAMELEN]; 450 /* 451 * Unprivileged users are allowed to modify the 452 * quota on things *under* (ie. contained by) 453 * the thing they own. 454 */ 455 if (dsl_prop_get_integer(name, "zoned", &zoned, 456 setpoint)) 457 return (EPERM); 458 if (!zoned || strlen(name) <= strlen(setpoint)) 459 return (EPERM); 460 } 461 break; 462 463 case ZFS_PROP_MLSLABEL: 464 if (!is_system_labeled()) 465 return (EPERM); 466 break; 467 } 468 469 return (zfs_secpolicy_write_perms(name, zfs_prop_to_name(prop), cr)); 470 } 471 472 int 473 zfs_secpolicy_fsacl(zfs_cmd_t *zc, cred_t *cr) 474 { 475 int error; 476 477 error = zfs_dozonecheck(zc->zc_name, cr); 478 if (error) 479 return (error); 480 481 /* 482 * permission to set permissions will be evaluated later in 483 * dsl_deleg_can_allow() 484 */ 485 return (0); 486 } 487 488 int 489 zfs_secpolicy_rollback(zfs_cmd_t *zc, cred_t *cr) 490 { 491 return (zfs_secpolicy_write_perms(zc->zc_name, 492 ZFS_DELEG_PERM_ROLLBACK, cr)); 493 } 494 495 int 496 zfs_secpolicy_send(zfs_cmd_t *zc, cred_t *cr) 497 { 498 return (zfs_secpolicy_write_perms(zc->zc_name, 499 ZFS_DELEG_PERM_SEND, cr)); 500 } 501 502 static int 503 zfs_secpolicy_deleg_share(zfs_cmd_t *zc, cred_t *cr) 504 { 505 vnode_t *vp; 506 int error; 507 508 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE, 509 NO_FOLLOW, NULL, &vp)) != 0) 510 return (error); 511 512 /* Now make sure mntpnt and dataset are ZFS */ 513 514 if (vp->v_vfsp->vfs_fstype != zfsfstype || 515 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource), 516 zc->zc_name) != 0)) { 517 VN_RELE(vp); 518 return (EPERM); 519 } 520 521 VN_RELE(vp); 522 return (dsl_deleg_access(zc->zc_name, 523 ZFS_DELEG_PERM_SHARE, cr)); 524 } 525 526 int 527 zfs_secpolicy_share(zfs_cmd_t *zc, cred_t *cr) 528 { 529 if (!INGLOBALZONE(curproc)) 530 return (EPERM); 531 532 if (secpolicy_nfs(cr) == 0) { 533 return (0); 534 } else { 535 return (zfs_secpolicy_deleg_share(zc, cr)); 536 } 537 } 538 539 int 540 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, cred_t *cr) 541 { 542 if (!INGLOBALZONE(curproc)) 543 return (EPERM); 544 545 if (secpolicy_smb(cr) == 0) { 546 return (0); 547 } else { 548 return (zfs_secpolicy_deleg_share(zc, cr)); 549 } 550 } 551 552 static int 553 zfs_get_parent(const char *datasetname, char *parent, int parentsize) 554 { 555 char *cp; 556 557 /* 558 * Remove the @bla or /bla from the end of the name to get the parent. 559 */ 560 (void) strncpy(parent, datasetname, parentsize); 561 cp = strrchr(parent, '@'); 562 if (cp != NULL) { 563 cp[0] = '\0'; 564 } else { 565 cp = strrchr(parent, '/'); 566 if (cp == NULL) 567 return (ENOENT); 568 cp[0] = '\0'; 569 } 570 571 return (0); 572 } 573 574 int 575 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr) 576 { 577 int error; 578 579 if ((error = zfs_secpolicy_write_perms(name, 580 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 581 return (error); 582 583 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr)); 584 } 585 586 static int 587 zfs_secpolicy_destroy(zfs_cmd_t *zc, cred_t *cr) 588 { 589 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr)); 590 } 591 592 /* 593 * Must have sys_config privilege to check the iscsi permission 594 */ 595 /* ARGSUSED */ 596 static int 597 zfs_secpolicy_iscsi(zfs_cmd_t *zc, cred_t *cr) 598 { 599 return (secpolicy_zfs(cr)); 600 } 601 602 int 603 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr) 604 { 605 char parentname[MAXNAMELEN]; 606 int error; 607 608 if ((error = zfs_secpolicy_write_perms(from, 609 ZFS_DELEG_PERM_RENAME, cr)) != 0) 610 return (error); 611 612 if ((error = zfs_secpolicy_write_perms(from, 613 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 614 return (error); 615 616 if ((error = zfs_get_parent(to, parentname, 617 sizeof (parentname))) != 0) 618 return (error); 619 620 if ((error = zfs_secpolicy_write_perms(parentname, 621 ZFS_DELEG_PERM_CREATE, cr)) != 0) 622 return (error); 623 624 if ((error = zfs_secpolicy_write_perms(parentname, 625 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 626 return (error); 627 628 return (error); 629 } 630 631 static int 632 zfs_secpolicy_rename(zfs_cmd_t *zc, cred_t *cr) 633 { 634 return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr)); 635 } 636 637 static int 638 zfs_secpolicy_promote(zfs_cmd_t *zc, cred_t *cr) 639 { 640 char parentname[MAXNAMELEN]; 641 objset_t *clone; 642 int error; 643 644 error = zfs_secpolicy_write_perms(zc->zc_name, 645 ZFS_DELEG_PERM_PROMOTE, cr); 646 if (error) 647 return (error); 648 649 error = dmu_objset_hold(zc->zc_name, FTAG, &clone); 650 651 if (error == 0) { 652 dsl_dataset_t *pclone = NULL; 653 dsl_dir_t *dd; 654 dd = clone->os_dsl_dataset->ds_dir; 655 656 rw_enter(&dd->dd_pool->dp_config_rwlock, RW_READER); 657 error = dsl_dataset_hold_obj(dd->dd_pool, 658 dd->dd_phys->dd_origin_obj, FTAG, &pclone); 659 rw_exit(&dd->dd_pool->dp_config_rwlock); 660 if (error) { 661 dmu_objset_rele(clone, FTAG); 662 return (error); 663 } 664 665 error = zfs_secpolicy_write_perms(zc->zc_name, 666 ZFS_DELEG_PERM_MOUNT, cr); 667 668 dsl_dataset_name(pclone, parentname); 669 dmu_objset_rele(clone, FTAG); 670 dsl_dataset_rele(pclone, FTAG); 671 if (error == 0) 672 error = zfs_secpolicy_write_perms(parentname, 673 ZFS_DELEG_PERM_PROMOTE, cr); 674 } 675 return (error); 676 } 677 678 static int 679 zfs_secpolicy_receive(zfs_cmd_t *zc, cred_t *cr) 680 { 681 int error; 682 683 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 684 ZFS_DELEG_PERM_RECEIVE, cr)) != 0) 685 return (error); 686 687 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 688 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 689 return (error); 690 691 return (zfs_secpolicy_write_perms(zc->zc_name, 692 ZFS_DELEG_PERM_CREATE, cr)); 693 } 694 695 int 696 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr) 697 { 698 return (zfs_secpolicy_write_perms(name, 699 ZFS_DELEG_PERM_SNAPSHOT, cr)); 700 } 701 702 static int 703 zfs_secpolicy_snapshot(zfs_cmd_t *zc, cred_t *cr) 704 { 705 706 return (zfs_secpolicy_snapshot_perms(zc->zc_name, cr)); 707 } 708 709 static int 710 zfs_secpolicy_create(zfs_cmd_t *zc, cred_t *cr) 711 { 712 char parentname[MAXNAMELEN]; 713 int error; 714 715 if ((error = zfs_get_parent(zc->zc_name, parentname, 716 sizeof (parentname))) != 0) 717 return (error); 718 719 if (zc->zc_value[0] != '\0') { 720 if ((error = zfs_secpolicy_write_perms(zc->zc_value, 721 ZFS_DELEG_PERM_CLONE, cr)) != 0) 722 return (error); 723 } 724 725 if ((error = zfs_secpolicy_write_perms(parentname, 726 ZFS_DELEG_PERM_CREATE, cr)) != 0) 727 return (error); 728 729 error = zfs_secpolicy_write_perms(parentname, 730 ZFS_DELEG_PERM_MOUNT, cr); 731 732 return (error); 733 } 734 735 static int 736 zfs_secpolicy_umount(zfs_cmd_t *zc, cred_t *cr) 737 { 738 int error; 739 740 error = secpolicy_fs_unmount(cr, NULL); 741 if (error) { 742 error = dsl_deleg_access(zc->zc_name, ZFS_DELEG_PERM_MOUNT, cr); 743 } 744 return (error); 745 } 746 747 /* 748 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires 749 * SYS_CONFIG privilege, which is not available in a local zone. 750 */ 751 /* ARGSUSED */ 752 static int 753 zfs_secpolicy_config(zfs_cmd_t *zc, cred_t *cr) 754 { 755 if (secpolicy_sys_config(cr, B_FALSE) != 0) 756 return (EPERM); 757 758 return (0); 759 } 760 761 /* 762 * Policy for fault injection. Requires all privileges. 763 */ 764 /* ARGSUSED */ 765 static int 766 zfs_secpolicy_inject(zfs_cmd_t *zc, cred_t *cr) 767 { 768 return (secpolicy_zinject(cr)); 769 } 770 771 static int 772 zfs_secpolicy_inherit(zfs_cmd_t *zc, cred_t *cr) 773 { 774 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value); 775 776 if (prop == ZPROP_INVAL) { 777 if (!zfs_prop_user(zc->zc_value)) 778 return (EINVAL); 779 return (zfs_secpolicy_write_perms(zc->zc_name, 780 ZFS_DELEG_PERM_USERPROP, cr)); 781 } else { 782 if (!zfs_prop_inheritable(prop)) 783 return (EINVAL); 784 return (zfs_secpolicy_setprop(zc->zc_name, prop, cr)); 785 } 786 } 787 788 static int 789 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, cred_t *cr) 790 { 791 int err = zfs_secpolicy_read(zc, cr); 792 if (err) 793 return (err); 794 795 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 796 return (EINVAL); 797 798 if (zc->zc_value[0] == 0) { 799 /* 800 * They are asking about a posix uid/gid. If it's 801 * themself, allow it. 802 */ 803 if (zc->zc_objset_type == ZFS_PROP_USERUSED || 804 zc->zc_objset_type == ZFS_PROP_USERQUOTA) { 805 if (zc->zc_guid == crgetuid(cr)) 806 return (0); 807 } else { 808 if (groupmember(zc->zc_guid, cr)) 809 return (0); 810 } 811 } 812 813 return (zfs_secpolicy_write_perms(zc->zc_name, 814 userquota_perms[zc->zc_objset_type], cr)); 815 } 816 817 static int 818 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, cred_t *cr) 819 { 820 int err = zfs_secpolicy_read(zc, cr); 821 if (err) 822 return (err); 823 824 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 825 return (EINVAL); 826 827 return (zfs_secpolicy_write_perms(zc->zc_name, 828 userquota_perms[zc->zc_objset_type], cr)); 829 } 830 831 static int 832 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, cred_t *cr) 833 { 834 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION, cr)); 835 } 836 837 static int 838 zfs_secpolicy_hold(zfs_cmd_t *zc, cred_t *cr) 839 { 840 return (zfs_secpolicy_write_perms(zc->zc_name, 841 ZFS_DELEG_PERM_HOLD, cr)); 842 } 843 844 static int 845 zfs_secpolicy_release(zfs_cmd_t *zc, cred_t *cr) 846 { 847 return (zfs_secpolicy_write_perms(zc->zc_name, 848 ZFS_DELEG_PERM_RELEASE, cr)); 849 } 850 851 /* 852 * Returns the nvlist as specified by the user in the zfs_cmd_t. 853 */ 854 static int 855 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp) 856 { 857 char *packed; 858 int error; 859 nvlist_t *list = NULL; 860 861 /* 862 * Read in and unpack the user-supplied nvlist. 863 */ 864 if (size == 0) 865 return (EINVAL); 866 867 packed = kmem_alloc(size, KM_SLEEP); 868 869 if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size, 870 iflag)) != 0) { 871 kmem_free(packed, size); 872 return (error); 873 } 874 875 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) { 876 kmem_free(packed, size); 877 return (error); 878 } 879 880 kmem_free(packed, size); 881 882 *nvp = list; 883 return (0); 884 } 885 886 static int 887 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl) 888 { 889 char *packed = NULL; 890 size_t size; 891 int error; 892 893 VERIFY(nvlist_size(nvl, &size, NV_ENCODE_NATIVE) == 0); 894 895 if (size > zc->zc_nvlist_dst_size) { 896 error = ENOMEM; 897 } else { 898 packed = kmem_alloc(size, KM_SLEEP); 899 VERIFY(nvlist_pack(nvl, &packed, &size, NV_ENCODE_NATIVE, 900 KM_SLEEP) == 0); 901 error = ddi_copyout(packed, 902 (void *)(uintptr_t)zc->zc_nvlist_dst, size, zc->zc_iflags); 903 kmem_free(packed, size); 904 } 905 906 zc->zc_nvlist_dst_size = size; 907 return (error); 908 } 909 910 static int 911 getzfsvfs(const char *dsname, zfsvfs_t **zvp) 912 { 913 objset_t *os; 914 int error; 915 916 error = dmu_objset_hold(dsname, FTAG, &os); 917 if (error) 918 return (error); 919 if (dmu_objset_type(os) != DMU_OST_ZFS) { 920 dmu_objset_rele(os, FTAG); 921 return (EINVAL); 922 } 923 924 mutex_enter(&os->os_user_ptr_lock); 925 *zvp = dmu_objset_get_user(os); 926 if (*zvp) { 927 VFS_HOLD((*zvp)->z_vfs); 928 } else { 929 error = ESRCH; 930 } 931 mutex_exit(&os->os_user_ptr_lock); 932 dmu_objset_rele(os, FTAG); 933 return (error); 934 } 935 936 /* 937 * Find a zfsvfs_t for a mounted filesystem, or create our own, in which 938 * case its z_vfs will be NULL, and it will be opened as the owner. 939 */ 940 static int 941 zfsvfs_hold(const char *name, void *tag, zfsvfs_t **zvp) 942 { 943 int error = 0; 944 945 if (getzfsvfs(name, zvp) != 0) 946 error = zfsvfs_create(name, zvp); 947 if (error == 0) { 948 rrw_enter(&(*zvp)->z_teardown_lock, RW_READER, tag); 949 if ((*zvp)->z_unmounted) { 950 /* 951 * XXX we could probably try again, since the unmounting 952 * thread should be just about to disassociate the 953 * objset from the zfsvfs. 954 */ 955 rrw_exit(&(*zvp)->z_teardown_lock, tag); 956 return (EBUSY); 957 } 958 } 959 return (error); 960 } 961 962 static void 963 zfsvfs_rele(zfsvfs_t *zfsvfs, void *tag) 964 { 965 rrw_exit(&zfsvfs->z_teardown_lock, tag); 966 967 if (zfsvfs->z_vfs) { 968 VFS_RELE(zfsvfs->z_vfs); 969 } else { 970 dmu_objset_disown(zfsvfs->z_os, zfsvfs); 971 zfsvfs_free(zfsvfs); 972 } 973 } 974 975 static int 976 zfs_ioc_pool_create(zfs_cmd_t *zc) 977 { 978 int error; 979 nvlist_t *config, *props = NULL; 980 nvlist_t *rootprops = NULL; 981 nvlist_t *zplprops = NULL; 982 char *buf; 983 984 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 985 zc->zc_iflags, &config)) 986 return (error); 987 988 if (zc->zc_nvlist_src_size != 0 && (error = 989 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 990 zc->zc_iflags, &props))) { 991 nvlist_free(config); 992 return (error); 993 } 994 995 if (props) { 996 nvlist_t *nvl = NULL; 997 uint64_t version = SPA_VERSION; 998 999 (void) nvlist_lookup_uint64(props, 1000 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version); 1001 if (version < SPA_VERSION_INITIAL || version > SPA_VERSION) { 1002 error = EINVAL; 1003 goto pool_props_bad; 1004 } 1005 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl); 1006 if (nvl) { 1007 error = nvlist_dup(nvl, &rootprops, KM_SLEEP); 1008 if (error != 0) { 1009 nvlist_free(config); 1010 nvlist_free(props); 1011 return (error); 1012 } 1013 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS); 1014 } 1015 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 1016 error = zfs_fill_zplprops_root(version, rootprops, 1017 zplprops, NULL); 1018 if (error) 1019 goto pool_props_bad; 1020 } 1021 1022 buf = history_str_get(zc); 1023 1024 error = spa_create(zc->zc_name, config, props, buf, zplprops); 1025 1026 /* 1027 * Set the remaining root properties 1028 */ 1029 if (!error && 1030 (error = zfs_set_prop_nvlist(zc->zc_name, rootprops)) != 0) 1031 (void) spa_destroy(zc->zc_name); 1032 1033 if (buf != NULL) 1034 history_str_free(buf); 1035 1036 pool_props_bad: 1037 nvlist_free(rootprops); 1038 nvlist_free(zplprops); 1039 nvlist_free(config); 1040 nvlist_free(props); 1041 1042 return (error); 1043 } 1044 1045 static int 1046 zfs_ioc_pool_destroy(zfs_cmd_t *zc) 1047 { 1048 int error; 1049 zfs_log_history(zc); 1050 error = spa_destroy(zc->zc_name); 1051 if (error == 0) 1052 zvol_remove_minors(zc->zc_name); 1053 return (error); 1054 } 1055 1056 static int 1057 zfs_ioc_pool_import(zfs_cmd_t *zc) 1058 { 1059 nvlist_t *config, *props = NULL; 1060 uint64_t guid; 1061 int error; 1062 1063 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1064 zc->zc_iflags, &config)) != 0) 1065 return (error); 1066 1067 if (zc->zc_nvlist_src_size != 0 && (error = 1068 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1069 zc->zc_iflags, &props))) { 1070 nvlist_free(config); 1071 return (error); 1072 } 1073 1074 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 || 1075 guid != zc->zc_guid) 1076 error = EINVAL; 1077 else if (zc->zc_cookie) 1078 error = spa_import_verbatim(zc->zc_name, config, props); 1079 else 1080 error = spa_import(zc->zc_name, config, props); 1081 1082 if (zc->zc_nvlist_dst != 0) 1083 (void) put_nvlist(zc, config); 1084 1085 nvlist_free(config); 1086 1087 if (props) 1088 nvlist_free(props); 1089 1090 return (error); 1091 } 1092 1093 static int 1094 zfs_ioc_pool_export(zfs_cmd_t *zc) 1095 { 1096 int error; 1097 boolean_t force = (boolean_t)zc->zc_cookie; 1098 boolean_t hardforce = (boolean_t)zc->zc_guid; 1099 1100 zfs_log_history(zc); 1101 error = spa_export(zc->zc_name, NULL, force, hardforce); 1102 if (error == 0) 1103 zvol_remove_minors(zc->zc_name); 1104 return (error); 1105 } 1106 1107 static int 1108 zfs_ioc_pool_configs(zfs_cmd_t *zc) 1109 { 1110 nvlist_t *configs; 1111 int error; 1112 1113 if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL) 1114 return (EEXIST); 1115 1116 error = put_nvlist(zc, configs); 1117 1118 nvlist_free(configs); 1119 1120 return (error); 1121 } 1122 1123 static int 1124 zfs_ioc_pool_stats(zfs_cmd_t *zc) 1125 { 1126 nvlist_t *config; 1127 int error; 1128 int ret = 0; 1129 1130 error = spa_get_stats(zc->zc_name, &config, zc->zc_value, 1131 sizeof (zc->zc_value)); 1132 1133 if (config != NULL) { 1134 ret = put_nvlist(zc, config); 1135 nvlist_free(config); 1136 1137 /* 1138 * The config may be present even if 'error' is non-zero. 1139 * In this case we return success, and preserve the real errno 1140 * in 'zc_cookie'. 1141 */ 1142 zc->zc_cookie = error; 1143 } else { 1144 ret = error; 1145 } 1146 1147 return (ret); 1148 } 1149 1150 /* 1151 * Try to import the given pool, returning pool stats as appropriate so that 1152 * user land knows which devices are available and overall pool health. 1153 */ 1154 static int 1155 zfs_ioc_pool_tryimport(zfs_cmd_t *zc) 1156 { 1157 nvlist_t *tryconfig, *config; 1158 int error; 1159 1160 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1161 zc->zc_iflags, &tryconfig)) != 0) 1162 return (error); 1163 1164 config = spa_tryimport(tryconfig); 1165 1166 nvlist_free(tryconfig); 1167 1168 if (config == NULL) 1169 return (EINVAL); 1170 1171 error = put_nvlist(zc, config); 1172 nvlist_free(config); 1173 1174 return (error); 1175 } 1176 1177 static int 1178 zfs_ioc_pool_scrub(zfs_cmd_t *zc) 1179 { 1180 spa_t *spa; 1181 int error; 1182 1183 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1184 return (error); 1185 1186 error = spa_scrub(spa, zc->zc_cookie); 1187 1188 spa_close(spa, FTAG); 1189 1190 return (error); 1191 } 1192 1193 static int 1194 zfs_ioc_pool_freeze(zfs_cmd_t *zc) 1195 { 1196 spa_t *spa; 1197 int error; 1198 1199 error = spa_open(zc->zc_name, &spa, FTAG); 1200 if (error == 0) { 1201 spa_freeze(spa); 1202 spa_close(spa, FTAG); 1203 } 1204 return (error); 1205 } 1206 1207 static int 1208 zfs_ioc_pool_upgrade(zfs_cmd_t *zc) 1209 { 1210 spa_t *spa; 1211 int error; 1212 1213 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1214 return (error); 1215 1216 if (zc->zc_cookie < spa_version(spa) || zc->zc_cookie > SPA_VERSION) { 1217 spa_close(spa, FTAG); 1218 return (EINVAL); 1219 } 1220 1221 spa_upgrade(spa, zc->zc_cookie); 1222 spa_close(spa, FTAG); 1223 1224 return (error); 1225 } 1226 1227 static int 1228 zfs_ioc_pool_get_history(zfs_cmd_t *zc) 1229 { 1230 spa_t *spa; 1231 char *hist_buf; 1232 uint64_t size; 1233 int error; 1234 1235 if ((size = zc->zc_history_len) == 0) 1236 return (EINVAL); 1237 1238 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1239 return (error); 1240 1241 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) { 1242 spa_close(spa, FTAG); 1243 return (ENOTSUP); 1244 } 1245 1246 hist_buf = kmem_alloc(size, KM_SLEEP); 1247 if ((error = spa_history_get(spa, &zc->zc_history_offset, 1248 &zc->zc_history_len, hist_buf)) == 0) { 1249 error = ddi_copyout(hist_buf, 1250 (void *)(uintptr_t)zc->zc_history, 1251 zc->zc_history_len, zc->zc_iflags); 1252 } 1253 1254 spa_close(spa, FTAG); 1255 kmem_free(hist_buf, size); 1256 return (error); 1257 } 1258 1259 static int 1260 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc) 1261 { 1262 int error; 1263 1264 if (error = dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value)) 1265 return (error); 1266 1267 return (0); 1268 } 1269 1270 /* 1271 * inputs: 1272 * zc_name name of filesystem 1273 * zc_obj object to find 1274 * 1275 * outputs: 1276 * zc_value name of object 1277 */ 1278 static int 1279 zfs_ioc_obj_to_path(zfs_cmd_t *zc) 1280 { 1281 objset_t *os; 1282 int error; 1283 1284 /* XXX reading from objset not owned */ 1285 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0) 1286 return (error); 1287 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1288 dmu_objset_rele(os, FTAG); 1289 return (EINVAL); 1290 } 1291 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value, 1292 sizeof (zc->zc_value)); 1293 dmu_objset_rele(os, FTAG); 1294 1295 return (error); 1296 } 1297 1298 static int 1299 zfs_ioc_vdev_add(zfs_cmd_t *zc) 1300 { 1301 spa_t *spa; 1302 int error; 1303 nvlist_t *config, **l2cache, **spares; 1304 uint_t nl2cache = 0, nspares = 0; 1305 1306 error = spa_open(zc->zc_name, &spa, FTAG); 1307 if (error != 0) 1308 return (error); 1309 1310 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1311 zc->zc_iflags, &config); 1312 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_L2CACHE, 1313 &l2cache, &nl2cache); 1314 1315 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_SPARES, 1316 &spares, &nspares); 1317 1318 /* 1319 * A root pool with concatenated devices is not supported. 1320 * Thus, can not add a device to a root pool. 1321 * 1322 * Intent log device can not be added to a rootpool because 1323 * during mountroot, zil is replayed, a seperated log device 1324 * can not be accessed during the mountroot time. 1325 * 1326 * l2cache and spare devices are ok to be added to a rootpool. 1327 */ 1328 if (spa_bootfs(spa) != 0 && nl2cache == 0 && nspares == 0) { 1329 spa_close(spa, FTAG); 1330 return (EDOM); 1331 } 1332 1333 if (error == 0) { 1334 error = spa_vdev_add(spa, config); 1335 nvlist_free(config); 1336 } 1337 spa_close(spa, FTAG); 1338 return (error); 1339 } 1340 1341 static int 1342 zfs_ioc_vdev_remove(zfs_cmd_t *zc) 1343 { 1344 spa_t *spa; 1345 int error; 1346 1347 error = spa_open(zc->zc_name, &spa, FTAG); 1348 if (error != 0) 1349 return (error); 1350 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE); 1351 spa_close(spa, FTAG); 1352 return (error); 1353 } 1354 1355 static int 1356 zfs_ioc_vdev_set_state(zfs_cmd_t *zc) 1357 { 1358 spa_t *spa; 1359 int error; 1360 vdev_state_t newstate = VDEV_STATE_UNKNOWN; 1361 1362 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1363 return (error); 1364 switch (zc->zc_cookie) { 1365 case VDEV_STATE_ONLINE: 1366 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate); 1367 break; 1368 1369 case VDEV_STATE_OFFLINE: 1370 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj); 1371 break; 1372 1373 case VDEV_STATE_FAULTED: 1374 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED && 1375 zc->zc_obj != VDEV_AUX_EXTERNAL) 1376 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED; 1377 1378 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj); 1379 break; 1380 1381 case VDEV_STATE_DEGRADED: 1382 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED && 1383 zc->zc_obj != VDEV_AUX_EXTERNAL) 1384 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED; 1385 1386 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj); 1387 break; 1388 1389 default: 1390 error = EINVAL; 1391 } 1392 zc->zc_cookie = newstate; 1393 spa_close(spa, FTAG); 1394 return (error); 1395 } 1396 1397 static int 1398 zfs_ioc_vdev_attach(zfs_cmd_t *zc) 1399 { 1400 spa_t *spa; 1401 int replacing = zc->zc_cookie; 1402 nvlist_t *config; 1403 int error; 1404 1405 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1406 return (error); 1407 1408 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1409 zc->zc_iflags, &config)) == 0) { 1410 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing); 1411 nvlist_free(config); 1412 } 1413 1414 spa_close(spa, FTAG); 1415 return (error); 1416 } 1417 1418 static int 1419 zfs_ioc_vdev_detach(zfs_cmd_t *zc) 1420 { 1421 spa_t *spa; 1422 int error; 1423 1424 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1425 return (error); 1426 1427 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE); 1428 1429 spa_close(spa, FTAG); 1430 return (error); 1431 } 1432 1433 static int 1434 zfs_ioc_vdev_setpath(zfs_cmd_t *zc) 1435 { 1436 spa_t *spa; 1437 char *path = zc->zc_value; 1438 uint64_t guid = zc->zc_guid; 1439 int error; 1440 1441 error = spa_open(zc->zc_name, &spa, FTAG); 1442 if (error != 0) 1443 return (error); 1444 1445 error = spa_vdev_setpath(spa, guid, path); 1446 spa_close(spa, FTAG); 1447 return (error); 1448 } 1449 1450 static int 1451 zfs_ioc_vdev_setfru(zfs_cmd_t *zc) 1452 { 1453 spa_t *spa; 1454 char *fru = zc->zc_value; 1455 uint64_t guid = zc->zc_guid; 1456 int error; 1457 1458 error = spa_open(zc->zc_name, &spa, FTAG); 1459 if (error != 0) 1460 return (error); 1461 1462 error = spa_vdev_setfru(spa, guid, fru); 1463 spa_close(spa, FTAG); 1464 return (error); 1465 } 1466 1467 /* 1468 * inputs: 1469 * zc_name name of filesystem 1470 * zc_nvlist_dst_size size of buffer for property nvlist 1471 * 1472 * outputs: 1473 * zc_objset_stats stats 1474 * zc_nvlist_dst property nvlist 1475 * zc_nvlist_dst_size size of property nvlist 1476 */ 1477 static int 1478 zfs_ioc_objset_stats(zfs_cmd_t *zc) 1479 { 1480 objset_t *os = NULL; 1481 int error; 1482 nvlist_t *nv; 1483 1484 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os)) 1485 return (error); 1486 1487 dmu_objset_fast_stat(os, &zc->zc_objset_stats); 1488 1489 if (zc->zc_nvlist_dst != 0 && 1490 (error = dsl_prop_get_all(os, &nv, FALSE)) == 0) { 1491 dmu_objset_stats(os, nv); 1492 /* 1493 * NB: zvol_get_stats() will read the objset contents, 1494 * which we aren't supposed to do with a 1495 * DS_MODE_USER hold, because it could be 1496 * inconsistent. So this is a bit of a workaround... 1497 * XXX reading with out owning 1498 */ 1499 if (!zc->zc_objset_stats.dds_inconsistent) { 1500 if (dmu_objset_type(os) == DMU_OST_ZVOL) 1501 VERIFY(zvol_get_stats(os, nv) == 0); 1502 } 1503 error = put_nvlist(zc, nv); 1504 nvlist_free(nv); 1505 } 1506 1507 dmu_objset_rele(os, FTAG); 1508 return (error); 1509 } 1510 1511 static int 1512 nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop) 1513 { 1514 uint64_t value; 1515 int error; 1516 1517 /* 1518 * zfs_get_zplprop() will either find a value or give us 1519 * the default value (if there is one). 1520 */ 1521 if ((error = zfs_get_zplprop(os, prop, &value)) != 0) 1522 return (error); 1523 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0); 1524 return (0); 1525 } 1526 1527 /* 1528 * inputs: 1529 * zc_name name of filesystem 1530 * zc_nvlist_dst_size size of buffer for zpl property nvlist 1531 * 1532 * outputs: 1533 * zc_nvlist_dst zpl property nvlist 1534 * zc_nvlist_dst_size size of zpl property nvlist 1535 */ 1536 static int 1537 zfs_ioc_objset_zplprops(zfs_cmd_t *zc) 1538 { 1539 objset_t *os; 1540 int err; 1541 1542 /* XXX reading without owning */ 1543 if (err = dmu_objset_hold(zc->zc_name, FTAG, &os)) 1544 return (err); 1545 1546 dmu_objset_fast_stat(os, &zc->zc_objset_stats); 1547 1548 /* 1549 * NB: nvl_add_zplprop() will read the objset contents, 1550 * which we aren't supposed to do with a DS_MODE_USER 1551 * hold, because it could be inconsistent. 1552 */ 1553 if (zc->zc_nvlist_dst != NULL && 1554 !zc->zc_objset_stats.dds_inconsistent && 1555 dmu_objset_type(os) == DMU_OST_ZFS) { 1556 nvlist_t *nv; 1557 1558 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0); 1559 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 && 1560 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 && 1561 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 && 1562 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0) 1563 err = put_nvlist(zc, nv); 1564 nvlist_free(nv); 1565 } else { 1566 err = ENOENT; 1567 } 1568 dmu_objset_rele(os, FTAG); 1569 return (err); 1570 } 1571 1572 static boolean_t 1573 dataset_name_hidden(const char *name) 1574 { 1575 /* 1576 * Skip over datasets that are not visible in this zone, 1577 * internal datasets (which have a $ in their name), and 1578 * temporary datasets (which have a % in their name). 1579 */ 1580 if (strchr(name, '$') != NULL) 1581 return (B_TRUE); 1582 if (strchr(name, '%') != NULL) 1583 return (B_TRUE); 1584 if (!INGLOBALZONE(curproc) && !zone_dataset_visible(name, NULL)) 1585 return (B_TRUE); 1586 return (B_FALSE); 1587 } 1588 1589 /* 1590 * inputs: 1591 * zc_name name of filesystem 1592 * zc_cookie zap cursor 1593 * zc_nvlist_dst_size size of buffer for property nvlist 1594 * 1595 * outputs: 1596 * zc_name name of next filesystem 1597 * zc_cookie zap cursor 1598 * zc_objset_stats stats 1599 * zc_nvlist_dst property nvlist 1600 * zc_nvlist_dst_size size of property nvlist 1601 */ 1602 static int 1603 zfs_ioc_dataset_list_next(zfs_cmd_t *zc) 1604 { 1605 objset_t *os; 1606 int error; 1607 char *p; 1608 1609 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os)) { 1610 if (error == ENOENT) 1611 error = ESRCH; 1612 return (error); 1613 } 1614 1615 p = strrchr(zc->zc_name, '/'); 1616 if (p == NULL || p[1] != '\0') 1617 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name)); 1618 p = zc->zc_name + strlen(zc->zc_name); 1619 1620 /* 1621 * Pre-fetch the datasets. dmu_objset_prefetch() always returns 0 1622 * but is not declared void because its called by dmu_objset_find(). 1623 */ 1624 if (zc->zc_cookie == 0) { 1625 uint64_t cookie = 0; 1626 int len = sizeof (zc->zc_name) - (p - zc->zc_name); 1627 1628 while (dmu_dir_list_next(os, len, p, NULL, &cookie) == 0) 1629 (void) dmu_objset_prefetch(p, NULL); 1630 } 1631 1632 do { 1633 error = dmu_dir_list_next(os, 1634 sizeof (zc->zc_name) - (p - zc->zc_name), p, 1635 NULL, &zc->zc_cookie); 1636 if (error == ENOENT) 1637 error = ESRCH; 1638 } while (error == 0 && dataset_name_hidden(zc->zc_name) && 1639 !(zc->zc_iflags & FKIOCTL)); 1640 dmu_objset_rele(os, FTAG); 1641 1642 /* 1643 * If it's an internal dataset (ie. with a '$' in its name), 1644 * don't try to get stats for it, otherwise we'll return ENOENT. 1645 */ 1646 if (error == 0 && strchr(zc->zc_name, '$') == NULL) 1647 error = zfs_ioc_objset_stats(zc); /* fill in the stats */ 1648 return (error); 1649 } 1650 1651 /* 1652 * inputs: 1653 * zc_name name of filesystem 1654 * zc_cookie zap cursor 1655 * zc_nvlist_dst_size size of buffer for property nvlist 1656 * 1657 * outputs: 1658 * zc_name name of next snapshot 1659 * zc_objset_stats stats 1660 * zc_nvlist_dst property nvlist 1661 * zc_nvlist_dst_size size of property nvlist 1662 */ 1663 static int 1664 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc) 1665 { 1666 objset_t *os; 1667 int error; 1668 1669 if (zc->zc_cookie == 0) 1670 (void) dmu_objset_find(zc->zc_name, dmu_objset_prefetch, 1671 NULL, DS_FIND_SNAPSHOTS); 1672 1673 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 1674 if (error) 1675 return (error == ENOENT ? ESRCH : error); 1676 1677 /* 1678 * A dataset name of maximum length cannot have any snapshots, 1679 * so exit immediately. 1680 */ 1681 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >= MAXNAMELEN) { 1682 dmu_objset_rele(os, FTAG); 1683 return (ESRCH); 1684 } 1685 1686 error = dmu_snapshot_list_next(os, 1687 sizeof (zc->zc_name) - strlen(zc->zc_name), 1688 zc->zc_name + strlen(zc->zc_name), NULL, &zc->zc_cookie, NULL); 1689 dmu_objset_rele(os, FTAG); 1690 if (error == 0) 1691 error = zfs_ioc_objset_stats(zc); /* fill in the stats */ 1692 else if (error == ENOENT) 1693 error = ESRCH; 1694 1695 /* if we failed, undo the @ that we tacked on to zc_name */ 1696 if (error) 1697 *strchr(zc->zc_name, '@') = '\0'; 1698 return (error); 1699 } 1700 1701 int 1702 zfs_set_prop_nvlist(const char *name, nvlist_t *nvl) 1703 { 1704 nvpair_t *elem; 1705 int error = 0; 1706 uint64_t intval; 1707 char *strval; 1708 nvlist_t *genericnvl; 1709 boolean_t issnap = (strchr(name, '@') != NULL); 1710 1711 /* 1712 * First validate permission to set all of the properties 1713 */ 1714 elem = NULL; 1715 while ((elem = nvlist_next_nvpair(nvl, elem)) != NULL) { 1716 const char *propname = nvpair_name(elem); 1717 zfs_prop_t prop = zfs_name_to_prop(propname); 1718 1719 if (prop == ZPROP_INVAL) { 1720 /* 1721 * If this is a user-defined property, it must be a 1722 * string, and there is no further validation to do. 1723 */ 1724 if (zfs_prop_user(propname) && 1725 nvpair_type(elem) == DATA_TYPE_STRING) { 1726 if (error = zfs_secpolicy_write_perms(name, 1727 ZFS_DELEG_PERM_USERPROP, CRED())) 1728 return (error); 1729 continue; 1730 } 1731 1732 if (!issnap && zfs_prop_userquota(propname) && 1733 nvpair_type(elem) == DATA_TYPE_UINT64_ARRAY) { 1734 const char *perm; 1735 const char *up = zfs_userquota_prop_prefixes 1736 [ZFS_PROP_USERQUOTA]; 1737 if (strncmp(propname, up, strlen(up)) == 0) 1738 perm = ZFS_DELEG_PERM_USERQUOTA; 1739 else 1740 perm = ZFS_DELEG_PERM_GROUPQUOTA; 1741 if (error = zfs_secpolicy_write_perms(name, 1742 perm, CRED())) 1743 return (error); 1744 continue; 1745 } 1746 1747 return (EINVAL); 1748 } 1749 1750 if (issnap) 1751 return (EINVAL); 1752 1753 if ((error = zfs_secpolicy_setprop(name, prop, CRED())) != 0) 1754 return (error); 1755 1756 /* 1757 * Check that this value is valid for this pool version 1758 */ 1759 switch (prop) { 1760 case ZFS_PROP_COMPRESSION: 1761 /* 1762 * If the user specified gzip compression, make sure 1763 * the SPA supports it. We ignore any errors here since 1764 * we'll catch them later. 1765 */ 1766 if (nvpair_type(elem) == DATA_TYPE_UINT64 && 1767 nvpair_value_uint64(elem, &intval) == 0) { 1768 if (intval >= ZIO_COMPRESS_GZIP_1 && 1769 intval <= ZIO_COMPRESS_GZIP_9 && 1770 zfs_earlier_version(name, 1771 SPA_VERSION_GZIP_COMPRESSION)) 1772 return (ENOTSUP); 1773 1774 if (intval == ZIO_COMPRESS_ZLE && 1775 zfs_earlier_version(name, 1776 SPA_VERSION_ZLE_COMPRESSION)) 1777 return (ENOTSUP); 1778 1779 /* 1780 * If this is a bootable dataset then 1781 * verify that the compression algorithm 1782 * is supported for booting. We must return 1783 * something other than ENOTSUP since it 1784 * implies a downrev pool version. 1785 */ 1786 if (zfs_is_bootfs(name) && 1787 !BOOTFS_COMPRESS_VALID(intval)) 1788 return (ERANGE); 1789 } 1790 break; 1791 1792 case ZFS_PROP_COPIES: 1793 if (zfs_earlier_version(name, SPA_VERSION_DITTO_BLOCKS)) 1794 return (ENOTSUP); 1795 break; 1796 1797 case ZFS_PROP_DEDUP: 1798 if (zfs_earlier_version(name, SPA_VERSION_DEDUP)) 1799 return (ENOTSUP); 1800 break; 1801 1802 case ZFS_PROP_SHARESMB: 1803 if (zpl_earlier_version(name, ZPL_VERSION_FUID)) 1804 return (ENOTSUP); 1805 break; 1806 1807 case ZFS_PROP_ACLINHERIT: 1808 if (nvpair_type(elem) == DATA_TYPE_UINT64 && 1809 nvpair_value_uint64(elem, &intval) == 0) 1810 if (intval == ZFS_ACL_PASSTHROUGH_X && 1811 zfs_earlier_version(name, 1812 SPA_VERSION_PASSTHROUGH_X)) 1813 return (ENOTSUP); 1814 } 1815 } 1816 1817 VERIFY(nvlist_alloc(&genericnvl, NV_UNIQUE_NAME, KM_SLEEP) == 0); 1818 elem = NULL; 1819 while ((elem = nvlist_next_nvpair(nvl, elem)) != NULL) { 1820 const char *propname = nvpair_name(elem); 1821 zfs_prop_t prop = zfs_name_to_prop(propname); 1822 1823 if (prop == ZPROP_INVAL) { 1824 if (zfs_prop_userquota(propname)) { 1825 uint64_t *valary; 1826 unsigned int vallen; 1827 const char *domain; 1828 zfs_userquota_prop_t type; 1829 uint64_t rid; 1830 uint64_t quota; 1831 zfsvfs_t *zfsvfs; 1832 1833 VERIFY(nvpair_value_uint64_array(elem, 1834 &valary, &vallen) == 0); 1835 VERIFY(vallen == 3); 1836 type = valary[0]; 1837 rid = valary[1]; 1838 quota = valary[2]; 1839 /* 1840 * The propname is encoded as 1841 * userquota@<rid>-<domain>. 1842 */ 1843 domain = strchr(propname, '-') + 1; 1844 1845 error = zfsvfs_hold(name, FTAG, &zfsvfs); 1846 if (error == 0) { 1847 error = zfs_set_userquota(zfsvfs, 1848 type, domain, rid, quota); 1849 zfsvfs_rele(zfsvfs, FTAG); 1850 } 1851 if (error == 0) 1852 continue; 1853 else 1854 goto out; 1855 } else if (zfs_prop_user(propname)) { 1856 VERIFY(nvpair_value_string(elem, &strval) == 0); 1857 error = dsl_prop_set(name, propname, 1, 1858 strlen(strval) + 1, strval); 1859 if (error == 0) 1860 continue; 1861 else 1862 goto out; 1863 } 1864 } 1865 1866 switch (prop) { 1867 case ZFS_PROP_QUOTA: 1868 if ((error = nvpair_value_uint64(elem, &intval)) != 0 || 1869 (error = dsl_dir_set_quota(name, intval)) != 0) 1870 goto out; 1871 break; 1872 1873 case ZFS_PROP_REFQUOTA: 1874 if ((error = nvpair_value_uint64(elem, &intval)) != 0 || 1875 (error = dsl_dataset_set_quota(name, intval)) != 0) 1876 goto out; 1877 break; 1878 1879 case ZFS_PROP_RESERVATION: 1880 if ((error = nvpair_value_uint64(elem, &intval)) != 0 || 1881 (error = dsl_dir_set_reservation(name, 1882 intval)) != 0) 1883 goto out; 1884 break; 1885 1886 case ZFS_PROP_REFRESERVATION: 1887 if ((error = nvpair_value_uint64(elem, &intval)) != 0 || 1888 (error = dsl_dataset_set_reservation(name, 1889 intval)) != 0) 1890 goto out; 1891 break; 1892 1893 case ZFS_PROP_VOLSIZE: 1894 if ((error = nvpair_value_uint64(elem, &intval)) != 0 || 1895 (error = zvol_set_volsize(name, 1896 ddi_driver_major(zfs_dip), intval)) != 0) 1897 goto out; 1898 break; 1899 1900 case ZFS_PROP_VERSION: 1901 { 1902 zfsvfs_t *zfsvfs; 1903 1904 if ((error = nvpair_value_uint64(elem, &intval)) != 0) 1905 goto out; 1906 if ((error = zfsvfs_hold(name, FTAG, &zfsvfs)) != 0) 1907 goto out; 1908 error = zfs_set_version(zfsvfs, intval); 1909 zfsvfs_rele(zfsvfs, FTAG); 1910 1911 if (error == 0 && intval >= ZPL_VERSION_USERSPACE) { 1912 zfs_cmd_t zc = { 0 }; 1913 (void) strcpy(zc.zc_name, name); 1914 (void) zfs_ioc_userspace_upgrade(&zc); 1915 } 1916 if (error) 1917 goto out; 1918 break; 1919 } 1920 1921 case ZFS_PROP_MLSLABEL: 1922 { 1923 objset_t *os = NULL; 1924 1925 if ((error = nvpair_value_string(elem, &strval)) != 0) 1926 goto out; 1927 if ((error = zfs_set_slabel_policy(name, strval, 1928 CRED(), &os)) != 0) { 1929 /* error; first release the dataset if needed */ 1930 if (os) 1931 dmu_objset_disown(os, setsl_tag); 1932 goto out; 1933 } 1934 1935 error = nvlist_add_nvpair(genericnvl, elem); 1936 if (os) 1937 dmu_objset_disown(os, setsl_tag); 1938 if (error != 0) 1939 goto out; 1940 break; 1941 } 1942 1943 default: 1944 if (nvpair_type(elem) == DATA_TYPE_STRING) { 1945 if (zfs_prop_get_type(prop) != 1946 PROP_TYPE_STRING) { 1947 error = EINVAL; 1948 goto out; 1949 } 1950 } else if (nvpair_type(elem) == DATA_TYPE_UINT64) { 1951 const char *unused; 1952 1953 VERIFY(nvpair_value_uint64(elem, &intval) == 0); 1954 1955 switch (zfs_prop_get_type(prop)) { 1956 case PROP_TYPE_NUMBER: 1957 break; 1958 case PROP_TYPE_STRING: 1959 error = EINVAL; 1960 goto out; 1961 case PROP_TYPE_INDEX: 1962 if (zfs_prop_index_to_string(prop, 1963 intval, &unused) != 0) { 1964 error = EINVAL; 1965 goto out; 1966 } 1967 break; 1968 default: 1969 cmn_err(CE_PANIC, 1970 "unknown property type"); 1971 break; 1972 } 1973 } else { 1974 error = EINVAL; 1975 goto out; 1976 } 1977 if ((error = nvlist_add_nvpair(genericnvl, elem)) != 0) 1978 goto out; 1979 } 1980 } 1981 1982 if (nvlist_next_nvpair(genericnvl, NULL) != NULL) { 1983 error = dsl_props_set(name, genericnvl); 1984 } 1985 out: 1986 nvlist_free(genericnvl); 1987 return (error); 1988 } 1989 1990 /* 1991 * Check that all the properties are valid user properties. 1992 */ 1993 static int 1994 zfs_check_userprops(char *fsname, nvlist_t *nvl) 1995 { 1996 nvpair_t *elem = NULL; 1997 int error = 0; 1998 1999 while ((elem = nvlist_next_nvpair(nvl, elem)) != NULL) { 2000 const char *propname = nvpair_name(elem); 2001 char *valstr; 2002 2003 if (!zfs_prop_user(propname) || 2004 nvpair_type(elem) != DATA_TYPE_STRING) 2005 return (EINVAL); 2006 2007 if (error = zfs_secpolicy_write_perms(fsname, 2008 ZFS_DELEG_PERM_USERPROP, CRED())) 2009 return (error); 2010 2011 if (strlen(propname) >= ZAP_MAXNAMELEN) 2012 return (ENAMETOOLONG); 2013 2014 VERIFY(nvpair_value_string(elem, &valstr) == 0); 2015 if (strlen(valstr) >= ZAP_MAXVALUELEN) 2016 return (E2BIG); 2017 } 2018 return (0); 2019 } 2020 2021 /* 2022 * inputs: 2023 * zc_name name of filesystem 2024 * zc_value name of property to set 2025 * zc_nvlist_src{_size} nvlist of properties to apply 2026 * zc_cookie clear existing local props? 2027 * 2028 * outputs: none 2029 */ 2030 static int 2031 zfs_ioc_set_prop(zfs_cmd_t *zc) 2032 { 2033 nvlist_t *nvl; 2034 int error; 2035 2036 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2037 zc->zc_iflags, &nvl)) != 0) 2038 return (error); 2039 2040 if (zc->zc_cookie) { 2041 nvlist_t *origprops; 2042 objset_t *os; 2043 2044 if (dmu_objset_hold(zc->zc_name, FTAG, &os) == 0) { 2045 if (dsl_prop_get_all(os, &origprops, TRUE) == 0) { 2046 clear_props(zc->zc_name, origprops, nvl); 2047 nvlist_free(origprops); 2048 } 2049 dmu_objset_rele(os, FTAG); 2050 } 2051 2052 } 2053 2054 error = zfs_set_prop_nvlist(zc->zc_name, nvl); 2055 2056 nvlist_free(nvl); 2057 return (error); 2058 } 2059 2060 /* 2061 * inputs: 2062 * zc_name name of filesystem 2063 * zc_value name of property to inherit 2064 * 2065 * outputs: none 2066 */ 2067 static int 2068 zfs_ioc_inherit_prop(zfs_cmd_t *zc) 2069 { 2070 /* the property name has been validated by zfs_secpolicy_inherit() */ 2071 return (dsl_prop_set(zc->zc_name, zc->zc_value, 0, 0, NULL)); 2072 } 2073 2074 static int 2075 zfs_ioc_pool_set_props(zfs_cmd_t *zc) 2076 { 2077 nvlist_t *props; 2078 spa_t *spa; 2079 int error; 2080 nvpair_t *elem; 2081 2082 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2083 zc->zc_iflags, &props))) 2084 return (error); 2085 2086 /* 2087 * If the only property is the configfile, then just do a spa_lookup() 2088 * to handle the faulted case. 2089 */ 2090 elem = nvlist_next_nvpair(props, NULL); 2091 if (elem != NULL && strcmp(nvpair_name(elem), 2092 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 && 2093 nvlist_next_nvpair(props, elem) == NULL) { 2094 mutex_enter(&spa_namespace_lock); 2095 if ((spa = spa_lookup(zc->zc_name)) != NULL) { 2096 spa_configfile_set(spa, props, B_FALSE); 2097 spa_config_sync(spa, B_FALSE, B_TRUE); 2098 } 2099 mutex_exit(&spa_namespace_lock); 2100 if (spa != NULL) { 2101 nvlist_free(props); 2102 return (0); 2103 } 2104 } 2105 2106 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) { 2107 nvlist_free(props); 2108 return (error); 2109 } 2110 2111 error = spa_prop_set(spa, props); 2112 2113 nvlist_free(props); 2114 spa_close(spa, FTAG); 2115 2116 return (error); 2117 } 2118 2119 static int 2120 zfs_ioc_pool_get_props(zfs_cmd_t *zc) 2121 { 2122 spa_t *spa; 2123 int error; 2124 nvlist_t *nvp = NULL; 2125 2126 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) { 2127 /* 2128 * If the pool is faulted, there may be properties we can still 2129 * get (such as altroot and cachefile), so attempt to get them 2130 * anyway. 2131 */ 2132 mutex_enter(&spa_namespace_lock); 2133 if ((spa = spa_lookup(zc->zc_name)) != NULL) 2134 error = spa_prop_get(spa, &nvp); 2135 mutex_exit(&spa_namespace_lock); 2136 } else { 2137 error = spa_prop_get(spa, &nvp); 2138 spa_close(spa, FTAG); 2139 } 2140 2141 if (error == 0 && zc->zc_nvlist_dst != NULL) 2142 error = put_nvlist(zc, nvp); 2143 else 2144 error = EFAULT; 2145 2146 nvlist_free(nvp); 2147 return (error); 2148 } 2149 2150 static int 2151 zfs_ioc_iscsi_perm_check(zfs_cmd_t *zc) 2152 { 2153 nvlist_t *nvp; 2154 int error; 2155 uint32_t uid; 2156 uint32_t gid; 2157 uint32_t *groups; 2158 uint_t group_cnt; 2159 cred_t *usercred; 2160 2161 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2162 zc->zc_iflags, &nvp)) != 0) { 2163 return (error); 2164 } 2165 2166 if ((error = nvlist_lookup_uint32(nvp, 2167 ZFS_DELEG_PERM_UID, &uid)) != 0) { 2168 nvlist_free(nvp); 2169 return (EPERM); 2170 } 2171 2172 if ((error = nvlist_lookup_uint32(nvp, 2173 ZFS_DELEG_PERM_GID, &gid)) != 0) { 2174 nvlist_free(nvp); 2175 return (EPERM); 2176 } 2177 2178 if ((error = nvlist_lookup_uint32_array(nvp, ZFS_DELEG_PERM_GROUPS, 2179 &groups, &group_cnt)) != 0) { 2180 nvlist_free(nvp); 2181 return (EPERM); 2182 } 2183 usercred = cralloc(); 2184 if ((crsetugid(usercred, uid, gid) != 0) || 2185 (crsetgroups(usercred, group_cnt, (gid_t *)groups) != 0)) { 2186 nvlist_free(nvp); 2187 crfree(usercred); 2188 return (EPERM); 2189 } 2190 nvlist_free(nvp); 2191 error = dsl_deleg_access(zc->zc_name, 2192 zfs_prop_to_name(ZFS_PROP_SHAREISCSI), usercred); 2193 crfree(usercred); 2194 return (error); 2195 } 2196 2197 /* 2198 * inputs: 2199 * zc_name name of filesystem 2200 * zc_nvlist_src{_size} nvlist of delegated permissions 2201 * zc_perm_action allow/unallow flag 2202 * 2203 * outputs: none 2204 */ 2205 static int 2206 zfs_ioc_set_fsacl(zfs_cmd_t *zc) 2207 { 2208 int error; 2209 nvlist_t *fsaclnv = NULL; 2210 2211 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2212 zc->zc_iflags, &fsaclnv)) != 0) 2213 return (error); 2214 2215 /* 2216 * Verify nvlist is constructed correctly 2217 */ 2218 if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) { 2219 nvlist_free(fsaclnv); 2220 return (EINVAL); 2221 } 2222 2223 /* 2224 * If we don't have PRIV_SYS_MOUNT, then validate 2225 * that user is allowed to hand out each permission in 2226 * the nvlist(s) 2227 */ 2228 2229 error = secpolicy_zfs(CRED()); 2230 if (error) { 2231 if (zc->zc_perm_action == B_FALSE) { 2232 error = dsl_deleg_can_allow(zc->zc_name, 2233 fsaclnv, CRED()); 2234 } else { 2235 error = dsl_deleg_can_unallow(zc->zc_name, 2236 fsaclnv, CRED()); 2237 } 2238 } 2239 2240 if (error == 0) 2241 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action); 2242 2243 nvlist_free(fsaclnv); 2244 return (error); 2245 } 2246 2247 /* 2248 * inputs: 2249 * zc_name name of filesystem 2250 * 2251 * outputs: 2252 * zc_nvlist_src{_size} nvlist of delegated permissions 2253 */ 2254 static int 2255 zfs_ioc_get_fsacl(zfs_cmd_t *zc) 2256 { 2257 nvlist_t *nvp; 2258 int error; 2259 2260 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) { 2261 error = put_nvlist(zc, nvp); 2262 nvlist_free(nvp); 2263 } 2264 2265 return (error); 2266 } 2267 2268 /* 2269 * Search the vfs list for a specified resource. Returns a pointer to it 2270 * or NULL if no suitable entry is found. The caller of this routine 2271 * is responsible for releasing the returned vfs pointer. 2272 */ 2273 static vfs_t * 2274 zfs_get_vfs(const char *resource) 2275 { 2276 struct vfs *vfsp; 2277 struct vfs *vfs_found = NULL; 2278 2279 vfs_list_read_lock(); 2280 vfsp = rootvfs; 2281 do { 2282 if (strcmp(refstr_value(vfsp->vfs_resource), resource) == 0) { 2283 VFS_HOLD(vfsp); 2284 vfs_found = vfsp; 2285 break; 2286 } 2287 vfsp = vfsp->vfs_next; 2288 } while (vfsp != rootvfs); 2289 vfs_list_unlock(); 2290 return (vfs_found); 2291 } 2292 2293 /* ARGSUSED */ 2294 static void 2295 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx) 2296 { 2297 zfs_creat_t *zct = arg; 2298 2299 zfs_create_fs(os, cr, zct->zct_zplprops, tx); 2300 } 2301 2302 #define ZFS_PROP_UNDEFINED ((uint64_t)-1) 2303 2304 /* 2305 * inputs: 2306 * createprops list of properties requested by creator 2307 * default_zplver zpl version to use if unspecified in createprops 2308 * fuids_ok fuids allowed in this version of the spa? 2309 * os parent objset pointer (NULL if root fs) 2310 * 2311 * outputs: 2312 * zplprops values for the zplprops we attach to the master node object 2313 * is_ci true if requested file system will be purely case-insensitive 2314 * 2315 * Determine the settings for utf8only, normalization and 2316 * casesensitivity. Specific values may have been requested by the 2317 * creator and/or we can inherit values from the parent dataset. If 2318 * the file system is of too early a vintage, a creator can not 2319 * request settings for these properties, even if the requested 2320 * setting is the default value. We don't actually want to create dsl 2321 * properties for these, so remove them from the source nvlist after 2322 * processing. 2323 */ 2324 static int 2325 zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver, 2326 boolean_t fuids_ok, nvlist_t *createprops, nvlist_t *zplprops, 2327 boolean_t *is_ci) 2328 { 2329 uint64_t sense = ZFS_PROP_UNDEFINED; 2330 uint64_t norm = ZFS_PROP_UNDEFINED; 2331 uint64_t u8 = ZFS_PROP_UNDEFINED; 2332 2333 ASSERT(zplprops != NULL); 2334 2335 /* 2336 * Pull out creator prop choices, if any. 2337 */ 2338 if (createprops) { 2339 (void) nvlist_lookup_uint64(createprops, 2340 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver); 2341 (void) nvlist_lookup_uint64(createprops, 2342 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm); 2343 (void) nvlist_remove_all(createprops, 2344 zfs_prop_to_name(ZFS_PROP_NORMALIZE)); 2345 (void) nvlist_lookup_uint64(createprops, 2346 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8); 2347 (void) nvlist_remove_all(createprops, 2348 zfs_prop_to_name(ZFS_PROP_UTF8ONLY)); 2349 (void) nvlist_lookup_uint64(createprops, 2350 zfs_prop_to_name(ZFS_PROP_CASE), &sense); 2351 (void) nvlist_remove_all(createprops, 2352 zfs_prop_to_name(ZFS_PROP_CASE)); 2353 } 2354 2355 /* 2356 * If the zpl version requested is whacky or the file system 2357 * or pool is version is too "young" to support normalization 2358 * and the creator tried to set a value for one of the props, 2359 * error out. 2360 */ 2361 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) || 2362 (zplver >= ZPL_VERSION_FUID && !fuids_ok) || 2363 (zplver < ZPL_VERSION_NORMALIZATION && 2364 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED || 2365 sense != ZFS_PROP_UNDEFINED))) 2366 return (ENOTSUP); 2367 2368 /* 2369 * Put the version in the zplprops 2370 */ 2371 VERIFY(nvlist_add_uint64(zplprops, 2372 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0); 2373 2374 if (norm == ZFS_PROP_UNDEFINED) 2375 VERIFY(zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm) == 0); 2376 VERIFY(nvlist_add_uint64(zplprops, 2377 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0); 2378 2379 /* 2380 * If we're normalizing, names must always be valid UTF-8 strings. 2381 */ 2382 if (norm) 2383 u8 = 1; 2384 if (u8 == ZFS_PROP_UNDEFINED) 2385 VERIFY(zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8) == 0); 2386 VERIFY(nvlist_add_uint64(zplprops, 2387 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0); 2388 2389 if (sense == ZFS_PROP_UNDEFINED) 2390 VERIFY(zfs_get_zplprop(os, ZFS_PROP_CASE, &sense) == 0); 2391 VERIFY(nvlist_add_uint64(zplprops, 2392 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0); 2393 2394 if (is_ci) 2395 *is_ci = (sense == ZFS_CASE_INSENSITIVE); 2396 2397 return (0); 2398 } 2399 2400 static int 2401 zfs_fill_zplprops(const char *dataset, nvlist_t *createprops, 2402 nvlist_t *zplprops, boolean_t *is_ci) 2403 { 2404 boolean_t fuids_ok = B_TRUE; 2405 uint64_t zplver = ZPL_VERSION; 2406 objset_t *os = NULL; 2407 char parentname[MAXNAMELEN]; 2408 char *cp; 2409 int error; 2410 2411 (void) strlcpy(parentname, dataset, sizeof (parentname)); 2412 cp = strrchr(parentname, '/'); 2413 ASSERT(cp != NULL); 2414 cp[0] = '\0'; 2415 2416 if (zfs_earlier_version(dataset, SPA_VERSION_USERSPACE)) 2417 zplver = ZPL_VERSION_USERSPACE - 1; 2418 if (zfs_earlier_version(dataset, SPA_VERSION_FUID)) { 2419 zplver = ZPL_VERSION_FUID - 1; 2420 fuids_ok = B_FALSE; 2421 } 2422 2423 /* 2424 * Open parent object set so we can inherit zplprop values. 2425 */ 2426 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0) 2427 return (error); 2428 2429 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, createprops, 2430 zplprops, is_ci); 2431 dmu_objset_rele(os, FTAG); 2432 return (error); 2433 } 2434 2435 static int 2436 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops, 2437 nvlist_t *zplprops, boolean_t *is_ci) 2438 { 2439 boolean_t fuids_ok = B_TRUE; 2440 uint64_t zplver = ZPL_VERSION; 2441 int error; 2442 2443 if (spa_vers < SPA_VERSION_FUID) { 2444 zplver = ZPL_VERSION_FUID - 1; 2445 fuids_ok = B_FALSE; 2446 } 2447 2448 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, createprops, 2449 zplprops, is_ci); 2450 return (error); 2451 } 2452 2453 /* 2454 * inputs: 2455 * zc_objset_type type of objset to create (fs vs zvol) 2456 * zc_name name of new objset 2457 * zc_value name of snapshot to clone from (may be empty) 2458 * zc_nvlist_src{_size} nvlist of properties to apply 2459 * 2460 * outputs: none 2461 */ 2462 static int 2463 zfs_ioc_create(zfs_cmd_t *zc) 2464 { 2465 objset_t *clone; 2466 int error = 0; 2467 zfs_creat_t zct; 2468 nvlist_t *nvprops = NULL; 2469 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx); 2470 dmu_objset_type_t type = zc->zc_objset_type; 2471 2472 switch (type) { 2473 2474 case DMU_OST_ZFS: 2475 cbfunc = zfs_create_cb; 2476 break; 2477 2478 case DMU_OST_ZVOL: 2479 cbfunc = zvol_create_cb; 2480 break; 2481 2482 default: 2483 cbfunc = NULL; 2484 break; 2485 } 2486 if (strchr(zc->zc_name, '@') || 2487 strchr(zc->zc_name, '%')) 2488 return (EINVAL); 2489 2490 if (zc->zc_nvlist_src != NULL && 2491 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2492 zc->zc_iflags, &nvprops)) != 0) 2493 return (error); 2494 2495 zct.zct_zplprops = NULL; 2496 zct.zct_props = nvprops; 2497 2498 if (zc->zc_value[0] != '\0') { 2499 /* 2500 * We're creating a clone of an existing snapshot. 2501 */ 2502 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0'; 2503 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0) { 2504 nvlist_free(nvprops); 2505 return (EINVAL); 2506 } 2507 2508 error = dmu_objset_hold(zc->zc_value, FTAG, &clone); 2509 if (error) { 2510 nvlist_free(nvprops); 2511 return (error); 2512 } 2513 2514 error = dmu_objset_clone(zc->zc_name, dmu_objset_ds(clone), 0); 2515 dmu_objset_rele(clone, FTAG); 2516 if (error) { 2517 nvlist_free(nvprops); 2518 return (error); 2519 } 2520 } else { 2521 boolean_t is_insensitive = B_FALSE; 2522 2523 if (cbfunc == NULL) { 2524 nvlist_free(nvprops); 2525 return (EINVAL); 2526 } 2527 2528 if (type == DMU_OST_ZVOL) { 2529 uint64_t volsize, volblocksize; 2530 2531 if (nvprops == NULL || 2532 nvlist_lookup_uint64(nvprops, 2533 zfs_prop_to_name(ZFS_PROP_VOLSIZE), 2534 &volsize) != 0) { 2535 nvlist_free(nvprops); 2536 return (EINVAL); 2537 } 2538 2539 if ((error = nvlist_lookup_uint64(nvprops, 2540 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE), 2541 &volblocksize)) != 0 && error != ENOENT) { 2542 nvlist_free(nvprops); 2543 return (EINVAL); 2544 } 2545 2546 if (error != 0) 2547 volblocksize = zfs_prop_default_numeric( 2548 ZFS_PROP_VOLBLOCKSIZE); 2549 2550 if ((error = zvol_check_volblocksize( 2551 volblocksize)) != 0 || 2552 (error = zvol_check_volsize(volsize, 2553 volblocksize)) != 0) { 2554 nvlist_free(nvprops); 2555 return (error); 2556 } 2557 } else if (type == DMU_OST_ZFS) { 2558 int error; 2559 2560 /* 2561 * We have to have normalization and 2562 * case-folding flags correct when we do the 2563 * file system creation, so go figure them out 2564 * now. 2565 */ 2566 VERIFY(nvlist_alloc(&zct.zct_zplprops, 2567 NV_UNIQUE_NAME, KM_SLEEP) == 0); 2568 error = zfs_fill_zplprops(zc->zc_name, nvprops, 2569 zct.zct_zplprops, &is_insensitive); 2570 if (error != 0) { 2571 nvlist_free(nvprops); 2572 nvlist_free(zct.zct_zplprops); 2573 return (error); 2574 } 2575 } 2576 error = dmu_objset_create(zc->zc_name, type, 2577 is_insensitive ? DS_FLAG_CI_DATASET : 0, cbfunc, &zct); 2578 nvlist_free(zct.zct_zplprops); 2579 } 2580 2581 /* 2582 * It would be nice to do this atomically. 2583 */ 2584 if (error == 0) { 2585 if ((error = zfs_set_prop_nvlist(zc->zc_name, nvprops)) != 0) 2586 (void) dmu_objset_destroy(zc->zc_name, B_FALSE); 2587 } 2588 nvlist_free(nvprops); 2589 return (error); 2590 } 2591 2592 /* 2593 * inputs: 2594 * zc_name name of filesystem 2595 * zc_value short name of snapshot 2596 * zc_cookie recursive flag 2597 * zc_nvlist_src[_size] property list 2598 * 2599 * outputs: 2600 * zc_value short snapname (i.e. part after the '@') 2601 */ 2602 static int 2603 zfs_ioc_snapshot(zfs_cmd_t *zc) 2604 { 2605 nvlist_t *nvprops = NULL; 2606 int error; 2607 boolean_t recursive = zc->zc_cookie; 2608 2609 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0) 2610 return (EINVAL); 2611 2612 if (zc->zc_nvlist_src != NULL && 2613 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2614 zc->zc_iflags, &nvprops)) != 0) 2615 return (error); 2616 2617 error = zfs_check_userprops(zc->zc_name, nvprops); 2618 if (error) 2619 goto out; 2620 2621 if (nvprops != NULL && nvlist_next_nvpair(nvprops, NULL) != NULL && 2622 zfs_earlier_version(zc->zc_name, SPA_VERSION_SNAP_PROPS)) { 2623 error = ENOTSUP; 2624 goto out; 2625 } 2626 2627 error = dmu_objset_snapshot(zc->zc_name, zc->zc_value, 2628 nvprops, recursive); 2629 2630 out: 2631 nvlist_free(nvprops); 2632 return (error); 2633 } 2634 2635 int 2636 zfs_unmount_snap(char *name, void *arg) 2637 { 2638 vfs_t *vfsp = NULL; 2639 2640 if (arg) { 2641 char *snapname = arg; 2642 int len = strlen(name) + strlen(snapname) + 2; 2643 char *buf = kmem_alloc(len, KM_SLEEP); 2644 2645 (void) strcpy(buf, name); 2646 (void) strcat(buf, "@"); 2647 (void) strcat(buf, snapname); 2648 vfsp = zfs_get_vfs(buf); 2649 kmem_free(buf, len); 2650 } else if (strchr(name, '@')) { 2651 vfsp = zfs_get_vfs(name); 2652 } 2653 2654 if (vfsp) { 2655 /* 2656 * Always force the unmount for snapshots. 2657 */ 2658 int flag = MS_FORCE; 2659 int err; 2660 2661 if ((err = vn_vfswlock(vfsp->vfs_vnodecovered)) != 0) { 2662 VFS_RELE(vfsp); 2663 return (err); 2664 } 2665 VFS_RELE(vfsp); 2666 if ((err = dounmount(vfsp, flag, kcred)) != 0) 2667 return (err); 2668 } 2669 return (0); 2670 } 2671 2672 /* 2673 * inputs: 2674 * zc_name name of filesystem 2675 * zc_value short name of snapshot 2676 * zc_defer_destroy mark for deferred destroy 2677 * 2678 * outputs: none 2679 */ 2680 static int 2681 zfs_ioc_destroy_snaps(zfs_cmd_t *zc) 2682 { 2683 int err; 2684 2685 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0) 2686 return (EINVAL); 2687 err = dmu_objset_find(zc->zc_name, 2688 zfs_unmount_snap, zc->zc_value, DS_FIND_CHILDREN); 2689 if (err) 2690 return (err); 2691 return (dmu_snapshots_destroy(zc->zc_name, zc->zc_value, 2692 zc->zc_defer_destroy)); 2693 } 2694 2695 /* 2696 * inputs: 2697 * zc_name name of dataset to destroy 2698 * zc_objset_type type of objset 2699 * zc_defer_destroy mark for deferred destroy 2700 * 2701 * outputs: none 2702 */ 2703 static int 2704 zfs_ioc_destroy(zfs_cmd_t *zc) 2705 { 2706 int err; 2707 if (strchr(zc->zc_name, '@') && zc->zc_objset_type == DMU_OST_ZFS) { 2708 err = zfs_unmount_snap(zc->zc_name, NULL); 2709 if (err) 2710 return (err); 2711 } 2712 2713 err = dmu_objset_destroy(zc->zc_name, zc->zc_defer_destroy); 2714 if (zc->zc_objset_type == DMU_OST_ZVOL && err == 0) 2715 (void) zvol_remove_minor(zc->zc_name); 2716 return (err); 2717 } 2718 2719 /* 2720 * inputs: 2721 * zc_name name of dataset to rollback (to most recent snapshot) 2722 * 2723 * outputs: none 2724 */ 2725 static int 2726 zfs_ioc_rollback(zfs_cmd_t *zc) 2727 { 2728 dsl_dataset_t *ds, *clone; 2729 int error; 2730 zfsvfs_t *zfsvfs; 2731 char *clone_name; 2732 2733 error = dsl_dataset_hold(zc->zc_name, FTAG, &ds); 2734 if (error) 2735 return (error); 2736 2737 /* must not be a snapshot */ 2738 if (dsl_dataset_is_snapshot(ds)) { 2739 dsl_dataset_rele(ds, FTAG); 2740 return (EINVAL); 2741 } 2742 2743 /* must have a most recent snapshot */ 2744 if (ds->ds_phys->ds_prev_snap_txg < TXG_INITIAL) { 2745 dsl_dataset_rele(ds, FTAG); 2746 return (EINVAL); 2747 } 2748 2749 /* 2750 * Create clone of most recent snapshot. 2751 */ 2752 clone_name = kmem_asprintf("%s/%%rollback", zc->zc_name); 2753 error = dmu_objset_clone(clone_name, ds->ds_prev, DS_FLAG_INCONSISTENT); 2754 if (error) 2755 goto out; 2756 2757 error = dsl_dataset_own(clone_name, B_TRUE, FTAG, &clone); 2758 if (error) 2759 goto out; 2760 2761 /* 2762 * Do clone swap. 2763 */ 2764 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) { 2765 error = zfs_suspend_fs(zfsvfs); 2766 if (error == 0) { 2767 int resume_err; 2768 2769 if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) { 2770 error = dsl_dataset_clone_swap(clone, ds, 2771 B_TRUE); 2772 dsl_dataset_disown(ds, FTAG); 2773 ds = NULL; 2774 } else { 2775 error = EBUSY; 2776 } 2777 resume_err = zfs_resume_fs(zfsvfs, zc->zc_name); 2778 error = error ? error : resume_err; 2779 } 2780 VFS_RELE(zfsvfs->z_vfs); 2781 } else { 2782 if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) { 2783 error = dsl_dataset_clone_swap(clone, ds, B_TRUE); 2784 dsl_dataset_disown(ds, FTAG); 2785 ds = NULL; 2786 } else { 2787 error = EBUSY; 2788 } 2789 } 2790 2791 /* 2792 * Destroy clone (which also closes it). 2793 */ 2794 (void) dsl_dataset_destroy(clone, FTAG, B_FALSE); 2795 2796 out: 2797 strfree(clone_name); 2798 if (ds) 2799 dsl_dataset_rele(ds, FTAG); 2800 return (error); 2801 } 2802 2803 /* 2804 * inputs: 2805 * zc_name old name of dataset 2806 * zc_value new name of dataset 2807 * zc_cookie recursive flag (only valid for snapshots) 2808 * 2809 * outputs: none 2810 */ 2811 static int 2812 zfs_ioc_rename(zfs_cmd_t *zc) 2813 { 2814 boolean_t recursive = zc->zc_cookie & 1; 2815 2816 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0'; 2817 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 || 2818 strchr(zc->zc_value, '%')) 2819 return (EINVAL); 2820 2821 /* 2822 * Unmount snapshot unless we're doing a recursive rename, 2823 * in which case the dataset code figures out which snapshots 2824 * to unmount. 2825 */ 2826 if (!recursive && strchr(zc->zc_name, '@') != NULL && 2827 zc->zc_objset_type == DMU_OST_ZFS) { 2828 int err = zfs_unmount_snap(zc->zc_name, NULL); 2829 if (err) 2830 return (err); 2831 } 2832 if (zc->zc_objset_type == DMU_OST_ZVOL) 2833 (void) zvol_remove_minor(zc->zc_name); 2834 return (dmu_objset_rename(zc->zc_name, zc->zc_value, recursive)); 2835 } 2836 2837 static void 2838 clear_props(char *dataset, nvlist_t *props, nvlist_t *newprops) 2839 { 2840 zfs_cmd_t *zc; 2841 nvpair_t *prop; 2842 2843 if (props == NULL) 2844 return; 2845 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP); 2846 (void) strcpy(zc->zc_name, dataset); 2847 for (prop = nvlist_next_nvpair(props, NULL); prop; 2848 prop = nvlist_next_nvpair(props, prop)) { 2849 if (newprops != NULL && 2850 nvlist_exists(newprops, nvpair_name(prop))) 2851 continue; 2852 (void) strcpy(zc->zc_value, nvpair_name(prop)); 2853 if (zfs_secpolicy_inherit(zc, CRED()) == 0) 2854 (void) zfs_ioc_inherit_prop(zc); 2855 } 2856 kmem_free(zc, sizeof (zfs_cmd_t)); 2857 } 2858 2859 /* 2860 * inputs: 2861 * zc_name name of containing filesystem 2862 * zc_nvlist_src{_size} nvlist of properties to apply 2863 * zc_value name of snapshot to create 2864 * zc_string name of clone origin (if DRR_FLAG_CLONE) 2865 * zc_cookie file descriptor to recv from 2866 * zc_begin_record the BEGIN record of the stream (not byteswapped) 2867 * zc_guid force flag 2868 * 2869 * outputs: 2870 * zc_cookie number of bytes read 2871 */ 2872 static int 2873 zfs_ioc_recv(zfs_cmd_t *zc) 2874 { 2875 file_t *fp; 2876 objset_t *os; 2877 dmu_recv_cookie_t drc; 2878 boolean_t force = (boolean_t)zc->zc_guid; 2879 int error, fd; 2880 offset_t off; 2881 nvlist_t *props = NULL; 2882 nvlist_t *origprops = NULL; 2883 objset_t *origin = NULL; 2884 char *tosnap; 2885 char tofs[ZFS_MAXNAMELEN]; 2886 2887 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 || 2888 strchr(zc->zc_value, '@') == NULL || 2889 strchr(zc->zc_value, '%')) 2890 return (EINVAL); 2891 2892 (void) strcpy(tofs, zc->zc_value); 2893 tosnap = strchr(tofs, '@'); 2894 *tosnap = '\0'; 2895 tosnap++; 2896 2897 if (zc->zc_nvlist_src != NULL && 2898 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2899 zc->zc_iflags, &props)) != 0) 2900 return (error); 2901 2902 fd = zc->zc_cookie; 2903 fp = getf(fd); 2904 if (fp == NULL) { 2905 nvlist_free(props); 2906 return (EBADF); 2907 } 2908 2909 if (props && dmu_objset_hold(tofs, FTAG, &os) == 0) { 2910 /* 2911 * If new properties are supplied, they are to completely 2912 * replace the existing ones, so stash away the existing ones. 2913 */ 2914 (void) dsl_prop_get_all(os, &origprops, B_TRUE); 2915 2916 dmu_objset_rele(os, FTAG); 2917 } 2918 2919 if (zc->zc_string[0]) { 2920 error = dmu_objset_hold(zc->zc_string, FTAG, &origin); 2921 if (error) 2922 goto out; 2923 } 2924 2925 error = dmu_recv_begin(tofs, tosnap, zc->zc_top_ds, 2926 &zc->zc_begin_record, force, origin, &drc); 2927 if (origin) 2928 dmu_objset_rele(origin, FTAG); 2929 if (error) 2930 goto out; 2931 2932 /* 2933 * Reset properties. We do this before we receive the stream 2934 * so that the properties are applied to the new data. 2935 */ 2936 if (props) { 2937 clear_props(tofs, origprops, props); 2938 /* 2939 * XXX - Note, this is all-or-nothing; should be best-effort. 2940 */ 2941 (void) zfs_set_prop_nvlist(tofs, props); 2942 } 2943 2944 off = fp->f_offset; 2945 error = dmu_recv_stream(&drc, fp->f_vnode, &off); 2946 2947 if (error == 0) { 2948 zfsvfs_t *zfsvfs = NULL; 2949 2950 if (getzfsvfs(tofs, &zfsvfs) == 0) { 2951 /* online recv */ 2952 int end_err; 2953 2954 error = zfs_suspend_fs(zfsvfs); 2955 /* 2956 * If the suspend fails, then the recv_end will 2957 * likely also fail, and clean up after itself. 2958 */ 2959 end_err = dmu_recv_end(&drc); 2960 if (error == 0) { 2961 int resume_err = 2962 zfs_resume_fs(zfsvfs, tofs); 2963 error = error ? error : resume_err; 2964 } 2965 error = error ? error : end_err; 2966 VFS_RELE(zfsvfs->z_vfs); 2967 } else { 2968 error = dmu_recv_end(&drc); 2969 } 2970 } 2971 2972 zc->zc_cookie = off - fp->f_offset; 2973 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0) 2974 fp->f_offset = off; 2975 2976 /* 2977 * On error, restore the original props. 2978 */ 2979 if (error && props) { 2980 clear_props(tofs, props, NULL); 2981 (void) zfs_set_prop_nvlist(tofs, origprops); 2982 } 2983 out: 2984 nvlist_free(props); 2985 nvlist_free(origprops); 2986 releasef(fd); 2987 return (error); 2988 } 2989 2990 /* 2991 * inputs: 2992 * zc_name name of snapshot to send 2993 * zc_value short name of incremental fromsnap (may be empty) 2994 * zc_cookie file descriptor to send stream to 2995 * zc_obj fromorigin flag (mutually exclusive with zc_value) 2996 * 2997 * outputs: none 2998 */ 2999 static int 3000 zfs_ioc_send(zfs_cmd_t *zc) 3001 { 3002 objset_t *fromsnap = NULL; 3003 objset_t *tosnap; 3004 file_t *fp; 3005 int error; 3006 offset_t off; 3007 3008 error = dmu_objset_hold(zc->zc_name, FTAG, &tosnap); 3009 if (error) 3010 return (error); 3011 3012 if (zc->zc_value[0] != '\0') { 3013 char *buf; 3014 char *cp; 3015 3016 buf = kmem_alloc(MAXPATHLEN, KM_SLEEP); 3017 (void) strncpy(buf, zc->zc_name, MAXPATHLEN); 3018 cp = strchr(buf, '@'); 3019 if (cp) 3020 *(cp+1) = 0; 3021 (void) strncat(buf, zc->zc_value, MAXPATHLEN); 3022 error = dmu_objset_hold(buf, FTAG, &fromsnap); 3023 kmem_free(buf, MAXPATHLEN); 3024 if (error) { 3025 dmu_objset_rele(tosnap, FTAG); 3026 return (error); 3027 } 3028 } 3029 3030 fp = getf(zc->zc_cookie); 3031 if (fp == NULL) { 3032 dmu_objset_rele(tosnap, FTAG); 3033 if (fromsnap) 3034 dmu_objset_rele(fromsnap, FTAG); 3035 return (EBADF); 3036 } 3037 3038 off = fp->f_offset; 3039 error = dmu_sendbackup(tosnap, fromsnap, zc->zc_obj, fp->f_vnode, &off); 3040 3041 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0) 3042 fp->f_offset = off; 3043 releasef(zc->zc_cookie); 3044 if (fromsnap) 3045 dmu_objset_rele(fromsnap, FTAG); 3046 dmu_objset_rele(tosnap, FTAG); 3047 return (error); 3048 } 3049 3050 static int 3051 zfs_ioc_inject_fault(zfs_cmd_t *zc) 3052 { 3053 int id, error; 3054 3055 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id, 3056 &zc->zc_inject_record); 3057 3058 if (error == 0) 3059 zc->zc_guid = (uint64_t)id; 3060 3061 return (error); 3062 } 3063 3064 static int 3065 zfs_ioc_clear_fault(zfs_cmd_t *zc) 3066 { 3067 return (zio_clear_fault((int)zc->zc_guid)); 3068 } 3069 3070 static int 3071 zfs_ioc_inject_list_next(zfs_cmd_t *zc) 3072 { 3073 int id = (int)zc->zc_guid; 3074 int error; 3075 3076 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name), 3077 &zc->zc_inject_record); 3078 3079 zc->zc_guid = id; 3080 3081 return (error); 3082 } 3083 3084 static int 3085 zfs_ioc_error_log(zfs_cmd_t *zc) 3086 { 3087 spa_t *spa; 3088 int error; 3089 size_t count = (size_t)zc->zc_nvlist_dst_size; 3090 3091 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 3092 return (error); 3093 3094 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst, 3095 &count); 3096 if (error == 0) 3097 zc->zc_nvlist_dst_size = count; 3098 else 3099 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa); 3100 3101 spa_close(spa, FTAG); 3102 3103 return (error); 3104 } 3105 3106 static int 3107 zfs_ioc_clear(zfs_cmd_t *zc) 3108 { 3109 spa_t *spa; 3110 vdev_t *vd; 3111 int error; 3112 3113 /* 3114 * On zpool clear we also fix up missing slogs 3115 */ 3116 mutex_enter(&spa_namespace_lock); 3117 spa = spa_lookup(zc->zc_name); 3118 if (spa == NULL) { 3119 mutex_exit(&spa_namespace_lock); 3120 return (EIO); 3121 } 3122 if (spa_get_log_state(spa) == SPA_LOG_MISSING) { 3123 /* we need to let spa_open/spa_load clear the chains */ 3124 spa_set_log_state(spa, SPA_LOG_CLEAR); 3125 } 3126 spa->spa_last_open_failed = 0; 3127 mutex_exit(&spa_namespace_lock); 3128 3129 if (zc->zc_cookie == ZPOOL_NO_REWIND) { 3130 error = spa_open(zc->zc_name, &spa, FTAG); 3131 } else { 3132 nvlist_t *policy; 3133 nvlist_t *config = NULL; 3134 3135 if (zc->zc_nvlist_src == NULL) 3136 return (EINVAL); 3137 3138 if ((error = get_nvlist(zc->zc_nvlist_src, 3139 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) { 3140 error = spa_open_rewind(zc->zc_name, &spa, FTAG, 3141 policy, &config); 3142 if (config != NULL) { 3143 (void) put_nvlist(zc, config); 3144 nvlist_free(config); 3145 } 3146 nvlist_free(policy); 3147 } 3148 } 3149 3150 if (error) 3151 return (error); 3152 3153 spa_vdev_state_enter(spa, SCL_NONE); 3154 3155 if (zc->zc_guid == 0) { 3156 vd = NULL; 3157 } else { 3158 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE); 3159 if (vd == NULL) { 3160 (void) spa_vdev_state_exit(spa, NULL, ENODEV); 3161 spa_close(spa, FTAG); 3162 return (ENODEV); 3163 } 3164 } 3165 3166 vdev_clear(spa, vd); 3167 3168 (void) spa_vdev_state_exit(spa, NULL, 0); 3169 3170 /* 3171 * Resume any suspended I/Os. 3172 */ 3173 if (zio_resume(spa) != 0) 3174 error = EIO; 3175 3176 spa_close(spa, FTAG); 3177 3178 return (error); 3179 } 3180 3181 /* 3182 * inputs: 3183 * zc_name name of filesystem 3184 * zc_value name of origin snapshot 3185 * 3186 * outputs: 3187 * zc_string name of conflicting snapshot, if there is one 3188 */ 3189 static int 3190 zfs_ioc_promote(zfs_cmd_t *zc) 3191 { 3192 char *cp; 3193 3194 /* 3195 * We don't need to unmount *all* the origin fs's snapshots, but 3196 * it's easier. 3197 */ 3198 cp = strchr(zc->zc_value, '@'); 3199 if (cp) 3200 *cp = '\0'; 3201 (void) dmu_objset_find(zc->zc_value, 3202 zfs_unmount_snap, NULL, DS_FIND_SNAPSHOTS); 3203 return (dsl_dataset_promote(zc->zc_name, zc->zc_string)); 3204 } 3205 3206 /* 3207 * Retrieve a single {user|group}{used|quota}@... property. 3208 * 3209 * inputs: 3210 * zc_name name of filesystem 3211 * zc_objset_type zfs_userquota_prop_t 3212 * zc_value domain name (eg. "S-1-234-567-89") 3213 * zc_guid RID/UID/GID 3214 * 3215 * outputs: 3216 * zc_cookie property value 3217 */ 3218 static int 3219 zfs_ioc_userspace_one(zfs_cmd_t *zc) 3220 { 3221 zfsvfs_t *zfsvfs; 3222 int error; 3223 3224 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 3225 return (EINVAL); 3226 3227 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs); 3228 if (error) 3229 return (error); 3230 3231 error = zfs_userspace_one(zfsvfs, 3232 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie); 3233 zfsvfs_rele(zfsvfs, FTAG); 3234 3235 return (error); 3236 } 3237 3238 /* 3239 * inputs: 3240 * zc_name name of filesystem 3241 * zc_cookie zap cursor 3242 * zc_objset_type zfs_userquota_prop_t 3243 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist) 3244 * 3245 * outputs: 3246 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t) 3247 * zc_cookie zap cursor 3248 */ 3249 static int 3250 zfs_ioc_userspace_many(zfs_cmd_t *zc) 3251 { 3252 zfsvfs_t *zfsvfs; 3253 int error; 3254 3255 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs); 3256 if (error) 3257 return (error); 3258 3259 int bufsize = zc->zc_nvlist_dst_size; 3260 void *buf = kmem_alloc(bufsize, KM_SLEEP); 3261 3262 error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie, 3263 buf, &zc->zc_nvlist_dst_size); 3264 3265 if (error == 0) { 3266 error = xcopyout(buf, 3267 (void *)(uintptr_t)zc->zc_nvlist_dst, 3268 zc->zc_nvlist_dst_size); 3269 } 3270 kmem_free(buf, bufsize); 3271 zfsvfs_rele(zfsvfs, FTAG); 3272 3273 return (error); 3274 } 3275 3276 /* 3277 * inputs: 3278 * zc_name name of filesystem 3279 * 3280 * outputs: 3281 * none 3282 */ 3283 static int 3284 zfs_ioc_userspace_upgrade(zfs_cmd_t *zc) 3285 { 3286 objset_t *os; 3287 int error; 3288 zfsvfs_t *zfsvfs; 3289 3290 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) { 3291 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) { 3292 /* 3293 * If userused is not enabled, it may be because the 3294 * objset needs to be closed & reopened (to grow the 3295 * objset_phys_t). Suspend/resume the fs will do that. 3296 */ 3297 error = zfs_suspend_fs(zfsvfs); 3298 if (error == 0) 3299 error = zfs_resume_fs(zfsvfs, zc->zc_name); 3300 } 3301 if (error == 0) 3302 error = dmu_objset_userspace_upgrade(zfsvfs->z_os); 3303 VFS_RELE(zfsvfs->z_vfs); 3304 } else { 3305 /* XXX kind of reading contents without owning */ 3306 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 3307 if (error) 3308 return (error); 3309 3310 error = dmu_objset_userspace_upgrade(os); 3311 dmu_objset_rele(os, FTAG); 3312 } 3313 3314 return (error); 3315 } 3316 3317 /* 3318 * We don't want to have a hard dependency 3319 * against some special symbols in sharefs 3320 * nfs, and smbsrv. Determine them if needed when 3321 * the first file system is shared. 3322 * Neither sharefs, nfs or smbsrv are unloadable modules. 3323 */ 3324 int (*znfsexport_fs)(void *arg); 3325 int (*zshare_fs)(enum sharefs_sys_op, share_t *, uint32_t); 3326 int (*zsmbexport_fs)(void *arg, boolean_t add_share); 3327 3328 int zfs_nfsshare_inited; 3329 int zfs_smbshare_inited; 3330 3331 ddi_modhandle_t nfs_mod; 3332 ddi_modhandle_t sharefs_mod; 3333 ddi_modhandle_t smbsrv_mod; 3334 kmutex_t zfs_share_lock; 3335 3336 static int 3337 zfs_init_sharefs() 3338 { 3339 int error; 3340 3341 ASSERT(MUTEX_HELD(&zfs_share_lock)); 3342 /* Both NFS and SMB shares also require sharetab support. */ 3343 if (sharefs_mod == NULL && ((sharefs_mod = 3344 ddi_modopen("fs/sharefs", 3345 KRTLD_MODE_FIRST, &error)) == NULL)) { 3346 return (ENOSYS); 3347 } 3348 if (zshare_fs == NULL && ((zshare_fs = 3349 (int (*)(enum sharefs_sys_op, share_t *, uint32_t)) 3350 ddi_modsym(sharefs_mod, "sharefs_impl", &error)) == NULL)) { 3351 return (ENOSYS); 3352 } 3353 return (0); 3354 } 3355 3356 static int 3357 zfs_ioc_share(zfs_cmd_t *zc) 3358 { 3359 int error; 3360 int opcode; 3361 3362 switch (zc->zc_share.z_sharetype) { 3363 case ZFS_SHARE_NFS: 3364 case ZFS_UNSHARE_NFS: 3365 if (zfs_nfsshare_inited == 0) { 3366 mutex_enter(&zfs_share_lock); 3367 if (nfs_mod == NULL && ((nfs_mod = ddi_modopen("fs/nfs", 3368 KRTLD_MODE_FIRST, &error)) == NULL)) { 3369 mutex_exit(&zfs_share_lock); 3370 return (ENOSYS); 3371 } 3372 if (znfsexport_fs == NULL && 3373 ((znfsexport_fs = (int (*)(void *)) 3374 ddi_modsym(nfs_mod, 3375 "nfs_export", &error)) == NULL)) { 3376 mutex_exit(&zfs_share_lock); 3377 return (ENOSYS); 3378 } 3379 error = zfs_init_sharefs(); 3380 if (error) { 3381 mutex_exit(&zfs_share_lock); 3382 return (ENOSYS); 3383 } 3384 zfs_nfsshare_inited = 1; 3385 mutex_exit(&zfs_share_lock); 3386 } 3387 break; 3388 case ZFS_SHARE_SMB: 3389 case ZFS_UNSHARE_SMB: 3390 if (zfs_smbshare_inited == 0) { 3391 mutex_enter(&zfs_share_lock); 3392 if (smbsrv_mod == NULL && ((smbsrv_mod = 3393 ddi_modopen("drv/smbsrv", 3394 KRTLD_MODE_FIRST, &error)) == NULL)) { 3395 mutex_exit(&zfs_share_lock); 3396 return (ENOSYS); 3397 } 3398 if (zsmbexport_fs == NULL && ((zsmbexport_fs = 3399 (int (*)(void *, boolean_t))ddi_modsym(smbsrv_mod, 3400 "smb_server_share", &error)) == NULL)) { 3401 mutex_exit(&zfs_share_lock); 3402 return (ENOSYS); 3403 } 3404 error = zfs_init_sharefs(); 3405 if (error) { 3406 mutex_exit(&zfs_share_lock); 3407 return (ENOSYS); 3408 } 3409 zfs_smbshare_inited = 1; 3410 mutex_exit(&zfs_share_lock); 3411 } 3412 break; 3413 default: 3414 return (EINVAL); 3415 } 3416 3417 switch (zc->zc_share.z_sharetype) { 3418 case ZFS_SHARE_NFS: 3419 case ZFS_UNSHARE_NFS: 3420 if (error = 3421 znfsexport_fs((void *) 3422 (uintptr_t)zc->zc_share.z_exportdata)) 3423 return (error); 3424 break; 3425 case ZFS_SHARE_SMB: 3426 case ZFS_UNSHARE_SMB: 3427 if (error = zsmbexport_fs((void *) 3428 (uintptr_t)zc->zc_share.z_exportdata, 3429 zc->zc_share.z_sharetype == ZFS_SHARE_SMB ? 3430 B_TRUE: B_FALSE)) { 3431 return (error); 3432 } 3433 break; 3434 } 3435 3436 opcode = (zc->zc_share.z_sharetype == ZFS_SHARE_NFS || 3437 zc->zc_share.z_sharetype == ZFS_SHARE_SMB) ? 3438 SHAREFS_ADD : SHAREFS_REMOVE; 3439 3440 /* 3441 * Add or remove share from sharetab 3442 */ 3443 error = zshare_fs(opcode, 3444 (void *)(uintptr_t)zc->zc_share.z_sharedata, 3445 zc->zc_share.z_sharemax); 3446 3447 return (error); 3448 3449 } 3450 3451 ace_t full_access[] = { 3452 {(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0} 3453 }; 3454 3455 /* 3456 * Remove all ACL files in shares dir 3457 */ 3458 static int 3459 zfs_smb_acl_purge(znode_t *dzp) 3460 { 3461 zap_cursor_t zc; 3462 zap_attribute_t zap; 3463 zfsvfs_t *zfsvfs = dzp->z_zfsvfs; 3464 int error; 3465 3466 for (zap_cursor_init(&zc, zfsvfs->z_os, dzp->z_id); 3467 (error = zap_cursor_retrieve(&zc, &zap)) == 0; 3468 zap_cursor_advance(&zc)) { 3469 if ((error = VOP_REMOVE(ZTOV(dzp), zap.za_name, kcred, 3470 NULL, 0)) != 0) 3471 break; 3472 } 3473 zap_cursor_fini(&zc); 3474 return (error); 3475 } 3476 3477 static int 3478 zfs_ioc_smb_acl(zfs_cmd_t *zc) 3479 { 3480 vnode_t *vp; 3481 znode_t *dzp; 3482 vnode_t *resourcevp = NULL; 3483 znode_t *sharedir; 3484 zfsvfs_t *zfsvfs; 3485 nvlist_t *nvlist; 3486 char *src, *target; 3487 vattr_t vattr; 3488 vsecattr_t vsec; 3489 int error = 0; 3490 3491 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE, 3492 NO_FOLLOW, NULL, &vp)) != 0) 3493 return (error); 3494 3495 /* Now make sure mntpnt and dataset are ZFS */ 3496 3497 if (vp->v_vfsp->vfs_fstype != zfsfstype || 3498 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource), 3499 zc->zc_name) != 0)) { 3500 VN_RELE(vp); 3501 return (EINVAL); 3502 } 3503 3504 dzp = VTOZ(vp); 3505 zfsvfs = dzp->z_zfsvfs; 3506 ZFS_ENTER(zfsvfs); 3507 3508 /* 3509 * Create share dir if its missing. 3510 */ 3511 mutex_enter(&zfsvfs->z_lock); 3512 if (zfsvfs->z_shares_dir == 0) { 3513 dmu_tx_t *tx; 3514 3515 tx = dmu_tx_create(zfsvfs->z_os); 3516 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, TRUE, 3517 ZFS_SHARES_DIR); 3518 dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL); 3519 error = dmu_tx_assign(tx, TXG_WAIT); 3520 if (error) { 3521 dmu_tx_abort(tx); 3522 } else { 3523 error = zfs_create_share_dir(zfsvfs, tx); 3524 dmu_tx_commit(tx); 3525 } 3526 if (error) { 3527 mutex_exit(&zfsvfs->z_lock); 3528 VN_RELE(vp); 3529 ZFS_EXIT(zfsvfs); 3530 return (error); 3531 } 3532 } 3533 mutex_exit(&zfsvfs->z_lock); 3534 3535 ASSERT(zfsvfs->z_shares_dir); 3536 if ((error = zfs_zget(zfsvfs, zfsvfs->z_shares_dir, &sharedir)) != 0) { 3537 VN_RELE(vp); 3538 ZFS_EXIT(zfsvfs); 3539 return (error); 3540 } 3541 3542 switch (zc->zc_cookie) { 3543 case ZFS_SMB_ACL_ADD: 3544 vattr.va_mask = AT_MODE|AT_UID|AT_GID|AT_TYPE; 3545 vattr.va_type = VREG; 3546 vattr.va_mode = S_IFREG|0777; 3547 vattr.va_uid = 0; 3548 vattr.va_gid = 0; 3549 3550 vsec.vsa_mask = VSA_ACE; 3551 vsec.vsa_aclentp = &full_access; 3552 vsec.vsa_aclentsz = sizeof (full_access); 3553 vsec.vsa_aclcnt = 1; 3554 3555 error = VOP_CREATE(ZTOV(sharedir), zc->zc_string, 3556 &vattr, EXCL, 0, &resourcevp, kcred, 0, NULL, &vsec); 3557 if (resourcevp) 3558 VN_RELE(resourcevp); 3559 break; 3560 3561 case ZFS_SMB_ACL_REMOVE: 3562 error = VOP_REMOVE(ZTOV(sharedir), zc->zc_string, kcred, 3563 NULL, 0); 3564 break; 3565 3566 case ZFS_SMB_ACL_RENAME: 3567 if ((error = get_nvlist(zc->zc_nvlist_src, 3568 zc->zc_nvlist_src_size, zc->zc_iflags, &nvlist)) != 0) { 3569 VN_RELE(vp); 3570 ZFS_EXIT(zfsvfs); 3571 return (error); 3572 } 3573 if (nvlist_lookup_string(nvlist, ZFS_SMB_ACL_SRC, &src) || 3574 nvlist_lookup_string(nvlist, ZFS_SMB_ACL_TARGET, 3575 &target)) { 3576 VN_RELE(vp); 3577 VN_RELE(ZTOV(sharedir)); 3578 ZFS_EXIT(zfsvfs); 3579 return (error); 3580 } 3581 error = VOP_RENAME(ZTOV(sharedir), src, ZTOV(sharedir), target, 3582 kcred, NULL, 0); 3583 nvlist_free(nvlist); 3584 break; 3585 3586 case ZFS_SMB_ACL_PURGE: 3587 error = zfs_smb_acl_purge(sharedir); 3588 break; 3589 3590 default: 3591 error = EINVAL; 3592 break; 3593 } 3594 3595 VN_RELE(vp); 3596 VN_RELE(ZTOV(sharedir)); 3597 3598 ZFS_EXIT(zfsvfs); 3599 3600 return (error); 3601 } 3602 3603 /* 3604 * inputs: 3605 * zc_name name of filesystem 3606 * zc_value short name of snap 3607 * zc_string user-supplied tag for this reference 3608 * zc_cookie recursive flag 3609 * zc_temphold set if hold is temporary 3610 * 3611 * outputs: none 3612 */ 3613 static int 3614 zfs_ioc_hold(zfs_cmd_t *zc) 3615 { 3616 boolean_t recursive = zc->zc_cookie; 3617 3618 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0) 3619 return (EINVAL); 3620 3621 return (dsl_dataset_user_hold(zc->zc_name, zc->zc_value, 3622 zc->zc_string, recursive, zc->zc_temphold)); 3623 } 3624 3625 /* 3626 * inputs: 3627 * zc_name name of dataset from which we're releasing a user reference 3628 * zc_value short name of snap 3629 * zc_string user-supplied tag for this reference 3630 * zc_cookie recursive flag 3631 * 3632 * outputs: none 3633 */ 3634 static int 3635 zfs_ioc_release(zfs_cmd_t *zc) 3636 { 3637 boolean_t recursive = zc->zc_cookie; 3638 3639 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0) 3640 return (EINVAL); 3641 3642 return (dsl_dataset_user_release(zc->zc_name, zc->zc_value, 3643 zc->zc_string, recursive)); 3644 } 3645 3646 /* 3647 * inputs: 3648 * zc_name name of filesystem 3649 * 3650 * outputs: 3651 * zc_nvlist_src{_size} nvlist of snapshot holds 3652 */ 3653 static int 3654 zfs_ioc_get_holds(zfs_cmd_t *zc) 3655 { 3656 nvlist_t *nvp; 3657 int error; 3658 3659 if ((error = dsl_dataset_get_holds(zc->zc_name, &nvp)) == 0) { 3660 error = put_nvlist(zc, nvp); 3661 nvlist_free(nvp); 3662 } 3663 3664 return (error); 3665 } 3666 3667 /* 3668 * pool create, destroy, and export don't log the history as part of 3669 * zfsdev_ioctl, but rather zfs_ioc_pool_create, and zfs_ioc_pool_export 3670 * do the logging of those commands. 3671 */ 3672 static zfs_ioc_vec_t zfs_ioc_vec[] = { 3673 { zfs_ioc_pool_create, zfs_secpolicy_config, POOL_NAME, B_FALSE, 3674 B_FALSE }, 3675 { zfs_ioc_pool_destroy, zfs_secpolicy_config, POOL_NAME, B_FALSE, 3676 B_FALSE }, 3677 { zfs_ioc_pool_import, zfs_secpolicy_config, POOL_NAME, B_TRUE, 3678 B_FALSE }, 3679 { zfs_ioc_pool_export, zfs_secpolicy_config, POOL_NAME, B_FALSE, 3680 B_FALSE }, 3681 { zfs_ioc_pool_configs, zfs_secpolicy_none, NO_NAME, B_FALSE, 3682 B_FALSE }, 3683 { zfs_ioc_pool_stats, zfs_secpolicy_read, POOL_NAME, B_FALSE, 3684 B_FALSE }, 3685 { zfs_ioc_pool_tryimport, zfs_secpolicy_config, NO_NAME, B_FALSE, 3686 B_FALSE }, 3687 { zfs_ioc_pool_scrub, zfs_secpolicy_config, POOL_NAME, B_TRUE, 3688 B_TRUE }, 3689 { zfs_ioc_pool_freeze, zfs_secpolicy_config, NO_NAME, B_FALSE, 3690 B_FALSE }, 3691 { zfs_ioc_pool_upgrade, zfs_secpolicy_config, POOL_NAME, B_TRUE, 3692 B_TRUE }, 3693 { zfs_ioc_pool_get_history, zfs_secpolicy_config, POOL_NAME, B_FALSE, 3694 B_FALSE }, 3695 { zfs_ioc_vdev_add, zfs_secpolicy_config, POOL_NAME, B_TRUE, 3696 B_TRUE }, 3697 { zfs_ioc_vdev_remove, zfs_secpolicy_config, POOL_NAME, B_TRUE, 3698 B_TRUE }, 3699 { zfs_ioc_vdev_set_state, zfs_secpolicy_config, POOL_NAME, B_TRUE, 3700 B_FALSE }, 3701 { zfs_ioc_vdev_attach, zfs_secpolicy_config, POOL_NAME, B_TRUE, 3702 B_TRUE }, 3703 { zfs_ioc_vdev_detach, zfs_secpolicy_config, POOL_NAME, B_TRUE, 3704 B_TRUE }, 3705 { zfs_ioc_vdev_setpath, zfs_secpolicy_config, POOL_NAME, B_FALSE, 3706 B_TRUE }, 3707 { zfs_ioc_vdev_setfru, zfs_secpolicy_config, POOL_NAME, B_FALSE, 3708 B_TRUE }, 3709 { zfs_ioc_objset_stats, zfs_secpolicy_read, DATASET_NAME, B_FALSE, 3710 B_FALSE }, 3711 { zfs_ioc_objset_zplprops, zfs_secpolicy_read, DATASET_NAME, B_FALSE, 3712 B_FALSE }, 3713 { zfs_ioc_dataset_list_next, zfs_secpolicy_read, DATASET_NAME, B_FALSE, 3714 B_FALSE }, 3715 { zfs_ioc_snapshot_list_next, zfs_secpolicy_read, DATASET_NAME, B_FALSE, 3716 B_FALSE }, 3717 { zfs_ioc_set_prop, zfs_secpolicy_none, DATASET_NAME, B_TRUE, B_TRUE }, 3718 { zfs_ioc_create, zfs_secpolicy_create, DATASET_NAME, B_TRUE, B_TRUE }, 3719 { zfs_ioc_destroy, zfs_secpolicy_destroy, DATASET_NAME, B_TRUE, 3720 B_TRUE}, 3721 { zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME, B_TRUE, 3722 B_TRUE }, 3723 { zfs_ioc_rename, zfs_secpolicy_rename, DATASET_NAME, B_TRUE, B_TRUE }, 3724 { zfs_ioc_recv, zfs_secpolicy_receive, DATASET_NAME, B_TRUE, B_TRUE }, 3725 { zfs_ioc_send, zfs_secpolicy_send, DATASET_NAME, B_TRUE, B_FALSE }, 3726 { zfs_ioc_inject_fault, zfs_secpolicy_inject, NO_NAME, B_FALSE, 3727 B_FALSE }, 3728 { zfs_ioc_clear_fault, zfs_secpolicy_inject, NO_NAME, B_FALSE, 3729 B_FALSE }, 3730 { zfs_ioc_inject_list_next, zfs_secpolicy_inject, NO_NAME, B_FALSE, 3731 B_FALSE }, 3732 { zfs_ioc_error_log, zfs_secpolicy_inject, POOL_NAME, B_FALSE, 3733 B_FALSE }, 3734 { zfs_ioc_clear, zfs_secpolicy_config, POOL_NAME, B_TRUE, B_FALSE }, 3735 { zfs_ioc_promote, zfs_secpolicy_promote, DATASET_NAME, B_TRUE, 3736 B_TRUE }, 3737 { zfs_ioc_destroy_snaps, zfs_secpolicy_destroy, DATASET_NAME, B_TRUE, 3738 B_TRUE }, 3739 { zfs_ioc_snapshot, zfs_secpolicy_snapshot, DATASET_NAME, B_TRUE, 3740 B_TRUE }, 3741 { zfs_ioc_dsobj_to_dsname, zfs_secpolicy_config, POOL_NAME, B_FALSE, 3742 B_FALSE }, 3743 { zfs_ioc_obj_to_path, zfs_secpolicy_config, DATASET_NAME, B_FALSE, 3744 B_TRUE }, 3745 { zfs_ioc_pool_set_props, zfs_secpolicy_config, POOL_NAME, B_TRUE, 3746 B_TRUE }, 3747 { zfs_ioc_pool_get_props, zfs_secpolicy_read, POOL_NAME, B_FALSE, 3748 B_FALSE }, 3749 { zfs_ioc_set_fsacl, zfs_secpolicy_fsacl, DATASET_NAME, B_TRUE, 3750 B_TRUE }, 3751 { zfs_ioc_get_fsacl, zfs_secpolicy_read, DATASET_NAME, B_FALSE, 3752 B_FALSE }, 3753 { zfs_ioc_iscsi_perm_check, zfs_secpolicy_iscsi, DATASET_NAME, B_FALSE, 3754 B_FALSE }, 3755 { zfs_ioc_share, zfs_secpolicy_share, DATASET_NAME, B_FALSE, B_FALSE }, 3756 { zfs_ioc_inherit_prop, zfs_secpolicy_inherit, DATASET_NAME, B_TRUE, 3757 B_TRUE }, 3758 { zfs_ioc_smb_acl, zfs_secpolicy_smb_acl, DATASET_NAME, B_FALSE, 3759 B_FALSE }, 3760 { zfs_ioc_userspace_one, zfs_secpolicy_userspace_one, 3761 DATASET_NAME, B_FALSE, B_FALSE }, 3762 { zfs_ioc_userspace_many, zfs_secpolicy_userspace_many, 3763 DATASET_NAME, B_FALSE, B_FALSE }, 3764 { zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade, 3765 DATASET_NAME, B_FALSE, B_TRUE }, 3766 { zfs_ioc_hold, zfs_secpolicy_hold, DATASET_NAME, B_TRUE, B_TRUE }, 3767 { zfs_ioc_release, zfs_secpolicy_release, DATASET_NAME, B_TRUE, 3768 B_TRUE }, 3769 { zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME, B_FALSE, 3770 B_TRUE } 3771 }; 3772 3773 int 3774 pool_status_check(const char *name, zfs_ioc_namecheck_t type) 3775 { 3776 spa_t *spa; 3777 int error; 3778 3779 ASSERT(type == POOL_NAME || type == DATASET_NAME); 3780 3781 error = spa_open(name, &spa, FTAG); 3782 if (error == 0) { 3783 if (spa_suspended(spa)) 3784 error = EAGAIN; 3785 spa_close(spa, FTAG); 3786 } 3787 return (error); 3788 } 3789 3790 static int 3791 zfsdev_ioctl(dev_t dev, int cmd, intptr_t arg, int flag, cred_t *cr, int *rvalp) 3792 { 3793 zfs_cmd_t *zc; 3794 uint_t vec; 3795 int error, rc; 3796 3797 if (getminor(dev) != 0) 3798 return (zvol_ioctl(dev, cmd, arg, flag, cr, rvalp)); 3799 3800 vec = cmd - ZFS_IOC; 3801 ASSERT3U(getmajor(dev), ==, ddi_driver_major(zfs_dip)); 3802 3803 if (vec >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0])) 3804 return (EINVAL); 3805 3806 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP); 3807 3808 error = ddi_copyin((void *)arg, zc, sizeof (zfs_cmd_t), flag); 3809 3810 if ((error == 0) && !(flag & FKIOCTL)) 3811 error = zfs_ioc_vec[vec].zvec_secpolicy(zc, cr); 3812 3813 /* 3814 * Ensure that all pool/dataset names are valid before we pass down to 3815 * the lower layers. 3816 */ 3817 if (error == 0) { 3818 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0'; 3819 zc->zc_iflags = flag & FKIOCTL; 3820 switch (zfs_ioc_vec[vec].zvec_namecheck) { 3821 case POOL_NAME: 3822 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0) 3823 error = EINVAL; 3824 if (zfs_ioc_vec[vec].zvec_pool_check) 3825 error = pool_status_check(zc->zc_name, 3826 zfs_ioc_vec[vec].zvec_namecheck); 3827 break; 3828 3829 case DATASET_NAME: 3830 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0) 3831 error = EINVAL; 3832 if (zfs_ioc_vec[vec].zvec_pool_check) 3833 error = pool_status_check(zc->zc_name, 3834 zfs_ioc_vec[vec].zvec_namecheck); 3835 break; 3836 3837 case NO_NAME: 3838 break; 3839 } 3840 } 3841 3842 if (error == 0) 3843 error = zfs_ioc_vec[vec].zvec_func(zc); 3844 3845 rc = ddi_copyout(zc, (void *)arg, sizeof (zfs_cmd_t), flag); 3846 if (error == 0) { 3847 error = rc; 3848 if (zfs_ioc_vec[vec].zvec_his_log) 3849 zfs_log_history(zc); 3850 } 3851 3852 kmem_free(zc, sizeof (zfs_cmd_t)); 3853 return (error); 3854 } 3855 3856 static int 3857 zfs_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) 3858 { 3859 if (cmd != DDI_ATTACH) 3860 return (DDI_FAILURE); 3861 3862 if (ddi_create_minor_node(dip, "zfs", S_IFCHR, 0, 3863 DDI_PSEUDO, 0) == DDI_FAILURE) 3864 return (DDI_FAILURE); 3865 3866 zfs_dip = dip; 3867 3868 ddi_report_dev(dip); 3869 3870 return (DDI_SUCCESS); 3871 } 3872 3873 static int 3874 zfs_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) 3875 { 3876 if (spa_busy() || zfs_busy() || zvol_busy()) 3877 return (DDI_FAILURE); 3878 3879 if (cmd != DDI_DETACH) 3880 return (DDI_FAILURE); 3881 3882 zfs_dip = NULL; 3883 3884 ddi_prop_remove_all(dip); 3885 ddi_remove_minor_node(dip, NULL); 3886 3887 return (DDI_SUCCESS); 3888 } 3889 3890 /*ARGSUSED*/ 3891 static int 3892 zfs_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result) 3893 { 3894 switch (infocmd) { 3895 case DDI_INFO_DEVT2DEVINFO: 3896 *result = zfs_dip; 3897 return (DDI_SUCCESS); 3898 3899 case DDI_INFO_DEVT2INSTANCE: 3900 *result = (void *)0; 3901 return (DDI_SUCCESS); 3902 } 3903 3904 return (DDI_FAILURE); 3905 } 3906 3907 /* 3908 * OK, so this is a little weird. 3909 * 3910 * /dev/zfs is the control node, i.e. minor 0. 3911 * /dev/zvol/[r]dsk/pool/dataset are the zvols, minor > 0. 3912 * 3913 * /dev/zfs has basically nothing to do except serve up ioctls, 3914 * so most of the standard driver entry points are in zvol.c. 3915 */ 3916 static struct cb_ops zfs_cb_ops = { 3917 zvol_open, /* open */ 3918 zvol_close, /* close */ 3919 zvol_strategy, /* strategy */ 3920 nodev, /* print */ 3921 zvol_dump, /* dump */ 3922 zvol_read, /* read */ 3923 zvol_write, /* write */ 3924 zfsdev_ioctl, /* ioctl */ 3925 nodev, /* devmap */ 3926 nodev, /* mmap */ 3927 nodev, /* segmap */ 3928 nochpoll, /* poll */ 3929 ddi_prop_op, /* prop_op */ 3930 NULL, /* streamtab */ 3931 D_NEW | D_MP | D_64BIT, /* Driver compatibility flag */ 3932 CB_REV, /* version */ 3933 nodev, /* async read */ 3934 nodev, /* async write */ 3935 }; 3936 3937 static struct dev_ops zfs_dev_ops = { 3938 DEVO_REV, /* version */ 3939 0, /* refcnt */ 3940 zfs_info, /* info */ 3941 nulldev, /* identify */ 3942 nulldev, /* probe */ 3943 zfs_attach, /* attach */ 3944 zfs_detach, /* detach */ 3945 nodev, /* reset */ 3946 &zfs_cb_ops, /* driver operations */ 3947 NULL, /* no bus operations */ 3948 NULL, /* power */ 3949 ddi_quiesce_not_needed, /* quiesce */ 3950 }; 3951 3952 static struct modldrv zfs_modldrv = { 3953 &mod_driverops, 3954 "ZFS storage pool", 3955 &zfs_dev_ops 3956 }; 3957 3958 static struct modlinkage modlinkage = { 3959 MODREV_1, 3960 (void *)&zfs_modlfs, 3961 (void *)&zfs_modldrv, 3962 NULL 3963 }; 3964 3965 3966 uint_t zfs_fsyncer_key; 3967 extern uint_t rrw_tsd_key; 3968 3969 int 3970 _init(void) 3971 { 3972 int error; 3973 3974 spa_init(FREAD | FWRITE); 3975 zfs_init(); 3976 zvol_init(); 3977 3978 if ((error = mod_install(&modlinkage)) != 0) { 3979 zvol_fini(); 3980 zfs_fini(); 3981 spa_fini(); 3982 return (error); 3983 } 3984 3985 tsd_create(&zfs_fsyncer_key, NULL); 3986 tsd_create(&rrw_tsd_key, NULL); 3987 3988 error = ldi_ident_from_mod(&modlinkage, &zfs_li); 3989 ASSERT(error == 0); 3990 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL); 3991 3992 return (0); 3993 } 3994 3995 int 3996 _fini(void) 3997 { 3998 int error; 3999 4000 if (spa_busy() || zfs_busy() || zvol_busy() || zio_injection_enabled) 4001 return (EBUSY); 4002 4003 if ((error = mod_remove(&modlinkage)) != 0) 4004 return (error); 4005 4006 zvol_fini(); 4007 zfs_fini(); 4008 spa_fini(); 4009 if (zfs_nfsshare_inited) 4010 (void) ddi_modclose(nfs_mod); 4011 if (zfs_smbshare_inited) 4012 (void) ddi_modclose(smbsrv_mod); 4013 if (zfs_nfsshare_inited || zfs_smbshare_inited) 4014 (void) ddi_modclose(sharefs_mod); 4015 4016 tsd_destroy(&zfs_fsyncer_key); 4017 ldi_ident_release(zfs_li); 4018 zfs_li = NULL; 4019 mutex_destroy(&zfs_share_lock); 4020 4021 return (error); 4022 } 4023 4024 int 4025 _info(struct modinfo *modinfop) 4026 { 4027 return (mod_info(&modlinkage, modinfop)); 4028 } 4029