1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Copyright (c) 2011-2012 Pawel Jakub Dawidek. All rights reserved.
25 * Copyright 2013 Martin Matuska <mm@FreeBSD.org>. All rights reserved.
26 * Copyright 2014 Xin Li <delphij@FreeBSD.org>. All rights reserved.
27 * Copyright 2015, OmniTI Computer Consulting, Inc. All rights reserved.
28 * Copyright 2015 Nexenta Systems, Inc. All rights reserved.
29 * Copyright (c) 2014, 2016 Joyent, Inc. All rights reserved.
30 * Copyright (c) 2011, 2015 by Delphix. All rights reserved.
31 * Copyright (c) 2013 by Saso Kiselkov. All rights reserved.
32 * Copyright (c) 2013 Steven Hartland. All rights reserved.
33 * Copyright (c) 2014 Integros [integros.com]
34 * Copyright 2016 Toomas Soome <tsoome@me.com>
35 */
36
37 /*
38 * ZFS ioctls.
39 *
40 * This file handles the ioctls to /dev/zfs, used for configuring ZFS storage
41 * pools and filesystems, e.g. with /sbin/zfs and /sbin/zpool.
42 *
43 * There are two ways that we handle ioctls: the legacy way where almost
44 * all of the logic is in the ioctl callback, and the new way where most
45 * of the marshalling is handled in the common entry point, zfsdev_ioctl().
46 *
47 * Non-legacy ioctls should be registered by calling
48 * zfs_ioctl_register() from zfs_ioctl_init(). The ioctl is invoked
49 * from userland by lzc_ioctl().
50 *
51 * The registration arguments are as follows:
52 *
53 * const char *name
54 * The name of the ioctl. This is used for history logging. If the
55 * ioctl returns successfully (the callback returns 0), and allow_log
56 * is true, then a history log entry will be recorded with the input &
57 * output nvlists. The log entry can be printed with "zpool history -i".
58 *
59 * zfs_ioc_t ioc
60 * The ioctl request number, which userland will pass to ioctl(2).
61 * The ioctl numbers can change from release to release, because
62 * the caller (libzfs) must be matched to the kernel.
63 *
64 * zfs_secpolicy_func_t *secpolicy
65 * This function will be called before the zfs_ioc_func_t, to
66 * determine if this operation is permitted. It should return EPERM
67 * on failure, and 0 on success. Checks include determining if the
68 * dataset is visible in this zone, and if the user has either all
69 * zfs privileges in the zone (SYS_MOUNT), or has been granted permission
70 * to do this operation on this dataset with "zfs allow".
71 *
72 * zfs_ioc_namecheck_t namecheck
73 * This specifies what to expect in the zfs_cmd_t:zc_name -- a pool
74 * name, a dataset name, or nothing. If the name is not well-formed,
75 * the ioctl will fail and the callback will not be called.
76 * Therefore, the callback can assume that the name is well-formed
77 * (e.g. is null-terminated, doesn't have more than one '@' character,
78 * doesn't have invalid characters).
79 *
80 * zfs_ioc_poolcheck_t pool_check
81 * This specifies requirements on the pool state. If the pool does
82 * not meet them (is suspended or is readonly), the ioctl will fail
83 * and the callback will not be called. If any checks are specified
84 * (i.e. it is not POOL_CHECK_NONE), namecheck must not be NO_NAME.
85 * Multiple checks can be or-ed together (e.g. POOL_CHECK_SUSPENDED |
86 * POOL_CHECK_READONLY).
87 *
88 * boolean_t smush_outnvlist
89 * If smush_outnvlist is true, then the output is presumed to be a
90 * list of errors, and it will be "smushed" down to fit into the
91 * caller's buffer, by removing some entries and replacing them with a
92 * single "N_MORE_ERRORS" entry indicating how many were removed. See
93 * nvlist_smush() for details. If smush_outnvlist is false, and the
94 * outnvlist does not fit into the userland-provided buffer, then the
95 * ioctl will fail with ENOMEM.
96 *
97 * zfs_ioc_func_t *func
98 * The callback function that will perform the operation.
99 *
100 * The callback should return 0 on success, or an error number on
101 * failure. If the function fails, the userland ioctl will return -1,
102 * and errno will be set to the callback's return value. The callback
103 * will be called with the following arguments:
104 *
105 * const char *name
106 * The name of the pool or dataset to operate on, from
107 * zfs_cmd_t:zc_name. The 'namecheck' argument specifies the
108 * expected type (pool, dataset, or none).
109 *
110 * nvlist_t *innvl
111 * The input nvlist, deserialized from zfs_cmd_t:zc_nvlist_src. Or
112 * NULL if no input nvlist was provided. Changes to this nvlist are
113 * ignored. If the input nvlist could not be deserialized, the
114 * ioctl will fail and the callback will not be called.
115 *
116 * nvlist_t *outnvl
117 * The output nvlist, initially empty. The callback can fill it in,
118 * and it will be returned to userland by serializing it into
119 * zfs_cmd_t:zc_nvlist_dst. If it is non-empty, and serialization
120 * fails (e.g. because the caller didn't supply a large enough
121 * buffer), then the overall ioctl will fail. See the
122 * 'smush_nvlist' argument above for additional behaviors.
123 *
124 * There are two typical uses of the output nvlist:
125 * - To return state, e.g. property values. In this case,
126 * smush_outnvlist should be false. If the buffer was not large
127 * enough, the caller will reallocate a larger buffer and try
128 * the ioctl again.
129 *
130 * - To return multiple errors from an ioctl which makes on-disk
131 * changes. In this case, smush_outnvlist should be true.
132 * Ioctls which make on-disk modifications should generally not
133 * use the outnvl if they succeed, because the caller can not
134 * distinguish between the operation failing, and
135 * deserialization failing.
136 */
137 #ifdef __FreeBSD__
138 #include "opt_kstack_pages.h"
139 #endif
140
141 #include <sys/types.h>
142 #include <sys/param.h>
143 #include <sys/systm.h>
144 #include <sys/open.h>
145 #include <sys/conf.h>
146 #include <sys/kernel.h>
147 #include <sys/lock.h>
148 #include <sys/malloc.h>
149 #include <sys/mutex.h>
150 #include <sys/proc.h>
151 #include <sys/errno.h>
152 #include <sys/uio.h>
153 #include <sys/buf.h>
154 #include <sys/file.h>
155 #include <sys/kmem.h>
156 #include <sys/conf.h>
157 #include <sys/cmn_err.h>
158 #include <sys/stat.h>
159 #include <sys/zfs_ioctl.h>
160 #include <sys/zfs_vfsops.h>
161 #include <sys/zfs_znode.h>
162 #include <sys/zap.h>
163 #include <sys/spa.h>
164 #include <sys/spa_impl.h>
165 #include <sys/vdev.h>
166 #include <sys/dmu.h>
167 #include <sys/dsl_dir.h>
168 #include <sys/dsl_dataset.h>
169 #include <sys/dsl_prop.h>
170 #include <sys/dsl_deleg.h>
171 #include <sys/dmu_objset.h>
172 #include <sys/dmu_impl.h>
173 #include <sys/dmu_tx.h>
174 #include <sys/sunddi.h>
175 #include <sys/policy.h>
176 #include <sys/zone.h>
177 #include <sys/nvpair.h>
178 #include <sys/mount.h>
179 #ifdef __FreeBSD__
180 #include <sys/taskqueue.h>
181 #endif
182 #ifdef __NetBSD__
183 #include <sys/callb.h>
184 #include <sys/taskq.h>
185 #endif
186 #include <sys/sdt.h>
187 #include <sys/varargs.h>
188 #include <sys/fs/zfs.h>
189 #include <sys/zfs_ctldir.h>
190 #include <sys/zfs_dir.h>
191 #include <sys/zfs_onexit.h>
192 #include <sys/zvol.h>
193 #include <sys/dsl_scan.h>
194 #include <sys/dmu_objset.h>
195 #include <sys/dmu_send.h>
196 #include <sys/dsl_destroy.h>
197 #include <sys/dsl_bookmark.h>
198 #include <sys/dsl_userhold.h>
199 #include <sys/zfeature.h>
200 #include <sys/zio_checksum.h>
201
202 #include "zfs_namecheck.h"
203 #include "zfs_prop.h"
204 #include "zfs_deleg.h"
205 #include "zfs_comutil.h"
206 #include "zfs_ioctl_compat.h"
207
208 #ifdef __FreeBSD__
209 CTASSERT(sizeof(zfs_cmd_t) < IOCPARM_MAX);
210 static struct cdev *zfsdev;
211 #endif
212
213 #ifdef __NetBSD__
214 static dev_info_t __zfs_devinfo = { -1, -1 };
215 dev_info_t *zfs_dip = &__zfs_devinfo;
216
217 #define zfs_init() /* nothing */
218 #define zfs_fini() /* nothing */
219
220 #define vfs_busy(x, y) vfs_busy(x)
221 #define vfs_rel(x) vfs_rele(x)
222 #endif
223
224 uint_t zfs_fsyncer_key;
225 extern uint_t rrw_tsd_key;
226 static uint_t zfs_allow_log_key;
227 extern uint_t zfs_geom_probe_vdev_key;
228
229 typedef int zfs_ioc_legacy_func_t(zfs_cmd_t *);
230 typedef int zfs_ioc_func_t(const char *, nvlist_t *, nvlist_t *);
231 typedef int zfs_secpolicy_func_t(zfs_cmd_t *, nvlist_t *, cred_t *);
232
233 typedef enum {
234 NO_NAME,
235 POOL_NAME,
236 DATASET_NAME
237 } zfs_ioc_namecheck_t;
238
239 typedef enum {
240 POOL_CHECK_NONE = 1 << 0,
241 POOL_CHECK_SUSPENDED = 1 << 1,
242 POOL_CHECK_READONLY = 1 << 2,
243 } zfs_ioc_poolcheck_t;
244
245 typedef struct zfs_ioc_vec {
246 zfs_ioc_legacy_func_t *zvec_legacy_func;
247 zfs_ioc_func_t *zvec_func;
248 zfs_secpolicy_func_t *zvec_secpolicy;
249 zfs_ioc_namecheck_t zvec_namecheck;
250 boolean_t zvec_allow_log;
251 zfs_ioc_poolcheck_t zvec_pool_check;
252 boolean_t zvec_smush_outnvlist;
253 const char *zvec_name;
254 } zfs_ioc_vec_t;
255
256 /* This array is indexed by zfs_userquota_prop_t */
257 static const char *userquota_perms[] = {
258 ZFS_DELEG_PERM_USERUSED,
259 ZFS_DELEG_PERM_USERQUOTA,
260 ZFS_DELEG_PERM_GROUPUSED,
261 ZFS_DELEG_PERM_GROUPQUOTA,
262 };
263
264 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc);
265 static int zfs_check_settable(const char *name, nvpair_t *property,
266 cred_t *cr);
267 static int zfs_check_clearable(char *dataset, nvlist_t *props,
268 nvlist_t **errors);
269 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *,
270 boolean_t *);
271 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t *);
272 static int get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp);
273
274 #ifdef __FreeBSD__
275 static void zfsdev_close(void *data);
276 #endif
277
278 static int zfs_prop_activate_feature(spa_t *spa, spa_feature_t feature);
279
280 /* _NOTE(PRINTFLIKE(4)) - this is printf-like, but lint is too whiney */
281 void
__dprintf(const char * file,const char * func,int line,const char * fmt,...)282 __dprintf(const char *file, const char *func, int line, const char *fmt, ...)
283 {
284 const char *newfile;
285 char buf[512];
286 va_list adx;
287
288 /*
289 * Get rid of annoying "../common/" prefix to filename.
290 */
291 newfile = strrchr(file, '/');
292 if (newfile != NULL) {
293 newfile = newfile + 1; /* Get rid of leading / */
294 } else {
295 newfile = file;
296 }
297
298 va_start(adx, fmt);
299 (void) vsnprintf(buf, sizeof (buf), fmt, adx);
300 va_end(adx);
301
302 /*
303 * To get this data, use the zfs-dprintf probe as so:
304 * dtrace -q -n 'zfs-dprintf \
305 * /stringof(arg0) == "dbuf.c"/ \
306 * {printf("%s: %s", stringof(arg1), stringof(arg3))}'
307 * arg0 = file name
308 * arg1 = function name
309 * arg2 = line number
310 * arg3 = message
311 */
312 DTRACE_PROBE4(zfs__dprintf,
313 char *, newfile, char *, func, int, line, char *, buf);
314 }
315
316 static void
history_str_free(char * buf)317 history_str_free(char *buf)
318 {
319 kmem_free(buf, HIS_MAX_RECORD_LEN);
320 }
321
322 static char *
history_str_get(zfs_cmd_t * zc)323 history_str_get(zfs_cmd_t *zc)
324 {
325 char *buf;
326
327 if (zc->zc_history == 0)
328 return (NULL);
329
330 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP);
331 if (copyinstr((void *)(uintptr_t)zc->zc_history,
332 buf, HIS_MAX_RECORD_LEN, NULL) != 0) {
333 history_str_free(buf);
334 return (NULL);
335 }
336
337 buf[HIS_MAX_RECORD_LEN -1] = '\0';
338
339 return (buf);
340 }
341
342 /*
343 * Check to see if the named dataset is currently defined as bootable
344 */
345 static boolean_t
zfs_is_bootfs(const char * name)346 zfs_is_bootfs(const char *name)
347 {
348 objset_t *os;
349
350 if (dmu_objset_hold(name, FTAG, &os) == 0) {
351 boolean_t ret;
352 ret = (dmu_objset_id(os) == spa_bootfs(dmu_objset_spa(os)));
353 dmu_objset_rele(os, FTAG);
354 return (ret);
355 }
356 return (B_FALSE);
357 }
358
359 /*
360 * Return non-zero if the spa version is less than requested version.
361 */
362 static int
zfs_earlier_version(const char * name,int version)363 zfs_earlier_version(const char *name, int version)
364 {
365 spa_t *spa;
366
367 if (spa_open(name, &spa, FTAG) == 0) {
368 if (spa_version(spa) < version) {
369 spa_close(spa, FTAG);
370 return (1);
371 }
372 spa_close(spa, FTAG);
373 }
374 return (0);
375 }
376
377 /*
378 * Return TRUE if the ZPL version is less than requested version.
379 */
380 static boolean_t
zpl_earlier_version(const char * name,int version)381 zpl_earlier_version(const char *name, int version)
382 {
383 objset_t *os;
384 boolean_t rc = B_TRUE;
385
386 if (dmu_objset_hold(name, FTAG, &os) == 0) {
387 uint64_t zplversion;
388
389 if (dmu_objset_type(os) != DMU_OST_ZFS) {
390 dmu_objset_rele(os, FTAG);
391 return (B_TRUE);
392 }
393 /* XXX reading from non-owned objset */
394 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0)
395 rc = zplversion < version;
396 dmu_objset_rele(os, FTAG);
397 }
398 return (rc);
399 }
400
401 static void
zfs_log_history(zfs_cmd_t * zc)402 zfs_log_history(zfs_cmd_t *zc)
403 {
404 spa_t *spa;
405 char *buf;
406
407 if ((buf = history_str_get(zc)) == NULL)
408 return;
409
410 if (spa_open(zc->zc_name, &spa, FTAG) == 0) {
411 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY)
412 (void) spa_history_log(spa, buf);
413 spa_close(spa, FTAG);
414 }
415 history_str_free(buf);
416 }
417
418 /*
419 * Policy for top-level read operations (list pools). Requires no privileges,
420 * and can be used in the local zone, as there is no associated dataset.
421 */
422 /* ARGSUSED */
423 static int
zfs_secpolicy_none(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)424 zfs_secpolicy_none(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
425 {
426 return (0);
427 }
428
429 /*
430 * Policy for dataset read operations (list children, get statistics). Requires
431 * no privileges, but must be visible in the local zone.
432 */
433 /* ARGSUSED */
434 static int
zfs_secpolicy_read(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)435 zfs_secpolicy_read(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
436 {
437 if (INGLOBALZONE(curthread) ||
438 zone_dataset_visible(zc->zc_name, NULL))
439 return (0);
440
441 return (SET_ERROR(ENOENT));
442 }
443
444 static int
zfs_dozonecheck_impl(const char * dataset,uint64_t zoned,cred_t * cr)445 zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr)
446 {
447 int writable = 1;
448
449 /*
450 * The dataset must be visible by this zone -- check this first
451 * so they don't see EPERM on something they shouldn't know about.
452 */
453 if (!INGLOBALZONE(curthread) &&
454 !zone_dataset_visible(dataset, &writable))
455 return (SET_ERROR(ENOENT));
456
457 if (INGLOBALZONE(curthread)) {
458 /*
459 * If the fs is zoned, only root can access it from the
460 * global zone.
461 */
462 if (secpolicy_zfs(cr) && zoned)
463 return (SET_ERROR(EPERM));
464 } else {
465 /*
466 * If we are in a local zone, the 'zoned' property must be set.
467 */
468 if (!zoned)
469 return (SET_ERROR(EPERM));
470
471 /* must be writable by this zone */
472 if (!writable)
473 return (SET_ERROR(EPERM));
474 }
475 return (0);
476 }
477
478 static int
zfs_dozonecheck(const char * dataset,cred_t * cr)479 zfs_dozonecheck(const char *dataset, cred_t *cr)
480 {
481 uint64_t zoned;
482
483 #ifdef __NetBSD__
484 zoned = 0;
485 #else
486 if (dsl_prop_get_integer(dataset, "jailed", &zoned, NULL))
487 return (SET_ERROR(ENOENT));
488 #endif
489
490 return (zfs_dozonecheck_impl(dataset, zoned, cr));
491 }
492
493 static int
zfs_dozonecheck_ds(const char * dataset,dsl_dataset_t * ds,cred_t * cr)494 zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr)
495 {
496 uint64_t zoned;
497
498 #ifdef __NetBSD__
499 zoned = 0;
500 #else
501 if (dsl_prop_get_int_ds(ds, "jailed", &zoned))
502 return (SET_ERROR(ENOENT));
503 #endif
504
505 return (zfs_dozonecheck_impl(dataset, zoned, cr));
506 }
507
508 static int
zfs_secpolicy_write_perms_ds(const char * name,dsl_dataset_t * ds,const char * perm,cred_t * cr)509 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds,
510 const char *perm, cred_t *cr)
511 {
512 int error;
513
514 error = zfs_dozonecheck_ds(name, ds, cr);
515 if (error == 0) {
516 error = secpolicy_zfs(cr);
517 if (error != 0)
518 error = dsl_deleg_access_impl(ds, perm, cr);
519 }
520 return (error);
521 }
522
523 static int
zfs_secpolicy_write_perms(const char * name,const char * perm,cred_t * cr)524 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
525 {
526 int error;
527 dsl_dataset_t *ds;
528 dsl_pool_t *dp;
529
530 /*
531 * First do a quick check for root in the global zone, which
532 * is allowed to do all write_perms. This ensures that zfs_ioc_*
533 * will get to handle nonexistent datasets.
534 */
535 if (INGLOBALZONE(curthread) && secpolicy_zfs(cr) == 0)
536 return (0);
537
538 error = dsl_pool_hold(name, FTAG, &dp);
539 if (error != 0)
540 return (error);
541
542 error = dsl_dataset_hold(dp, name, FTAG, &ds);
543 if (error != 0) {
544 dsl_pool_rele(dp, FTAG);
545 return (error);
546 }
547
548 error = zfs_secpolicy_write_perms_ds(name, ds, perm, cr);
549
550 dsl_dataset_rele(ds, FTAG);
551 dsl_pool_rele(dp, FTAG);
552 return (error);
553 }
554
555 #ifdef SECLABEL
556 /*
557 * Policy for setting the security label property.
558 *
559 * Returns 0 for success, non-zero for access and other errors.
560 */
561 static int
zfs_set_slabel_policy(const char * name,char * strval,cred_t * cr)562 zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr)
563 {
564 char ds_hexsl[MAXNAMELEN];
565 bslabel_t ds_sl, new_sl;
566 boolean_t new_default = FALSE;
567 uint64_t zoned;
568 int needed_priv = -1;
569 int error;
570
571 /* First get the existing dataset label. */
572 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL),
573 1, sizeof (ds_hexsl), &ds_hexsl, NULL);
574 if (error != 0)
575 return (SET_ERROR(EPERM));
576
577 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0)
578 new_default = TRUE;
579
580 /* The label must be translatable */
581 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0))
582 return (SET_ERROR(EINVAL));
583
584 /*
585 * In a non-global zone, disallow attempts to set a label that
586 * doesn't match that of the zone; otherwise no other checks
587 * are needed.
588 */
589 if (!INGLOBALZONE(curproc)) {
590 if (new_default || !blequal(&new_sl, CR_SL(CRED())))
591 return (SET_ERROR(EPERM));
592 return (0);
593 }
594
595 /*
596 * For global-zone datasets (i.e., those whose zoned property is
597 * "off", verify that the specified new label is valid for the
598 * global zone.
599 */
600 if (dsl_prop_get_integer(name,
601 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL))
602 return (SET_ERROR(EPERM));
603 if (!zoned) {
604 if (zfs_check_global_label(name, strval) != 0)
605 return (SET_ERROR(EPERM));
606 }
607
608 /*
609 * If the existing dataset label is nondefault, check if the
610 * dataset is mounted (label cannot be changed while mounted).
611 * Get the zfsvfs; if there isn't one, then the dataset isn't
612 * mounted (or isn't a dataset, doesn't exist, ...).
613 */
614 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) {
615 objset_t *os;
616 static char *setsl_tag = "setsl_tag";
617
618 /*
619 * Try to own the dataset; abort if there is any error,
620 * (e.g., already mounted, in use, or other error).
621 */
622 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE,
623 setsl_tag, &os);
624 if (error != 0)
625 return (SET_ERROR(EPERM));
626
627 dmu_objset_disown(os, setsl_tag);
628
629 if (new_default) {
630 needed_priv = PRIV_FILE_DOWNGRADE_SL;
631 goto out_check;
632 }
633
634 if (hexstr_to_label(strval, &new_sl) != 0)
635 return (SET_ERROR(EPERM));
636
637 if (blstrictdom(&ds_sl, &new_sl))
638 needed_priv = PRIV_FILE_DOWNGRADE_SL;
639 else if (blstrictdom(&new_sl, &ds_sl))
640 needed_priv = PRIV_FILE_UPGRADE_SL;
641 } else {
642 /* dataset currently has a default label */
643 if (!new_default)
644 needed_priv = PRIV_FILE_UPGRADE_SL;
645 }
646
647 out_check:
648 if (needed_priv != -1)
649 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL));
650 return (0);
651 }
652 #endif /* SECLABEL */
653
654 static int
zfs_secpolicy_setprop(const char * dsname,zfs_prop_t prop,nvpair_t * propval,cred_t * cr)655 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval,
656 cred_t *cr)
657 {
658 char *strval;
659
660 /*
661 * Check permissions for special properties.
662 */
663 switch (prop) {
664 case ZFS_PROP_ZONED:
665 /*
666 * Disallow setting of 'zoned' from within a local zone.
667 */
668 if (!INGLOBALZONE(curthread))
669 return (SET_ERROR(EPERM));
670 break;
671
672 case ZFS_PROP_QUOTA:
673 case ZFS_PROP_FILESYSTEM_LIMIT:
674 case ZFS_PROP_SNAPSHOT_LIMIT:
675 if (!INGLOBALZONE(curthread)) {
676 uint64_t zoned;
677 char setpoint[ZFS_MAX_DATASET_NAME_LEN];
678 /*
679 * Unprivileged users are allowed to modify the
680 * limit on things *under* (ie. contained by)
681 * the thing they own.
682 */
683 if (dsl_prop_get_integer(dsname, "jailed", &zoned,
684 setpoint))
685 return (SET_ERROR(EPERM));
686 if (!zoned || strlen(dsname) <= strlen(setpoint))
687 return (SET_ERROR(EPERM));
688 }
689 break;
690
691 case ZFS_PROP_MLSLABEL:
692 #ifdef SECLABEL
693 if (!is_system_labeled())
694 return (SET_ERROR(EPERM));
695
696 if (nvpair_value_string(propval, &strval) == 0) {
697 int err;
698
699 err = zfs_set_slabel_policy(dsname, strval, CRED());
700 if (err != 0)
701 return (err);
702 }
703 #else
704 return (EOPNOTSUPP);
705 #endif
706 break;
707 }
708
709 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr));
710 }
711
712 /* ARGSUSED */
713 static int
zfs_secpolicy_set_fsacl(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)714 zfs_secpolicy_set_fsacl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
715 {
716 int error;
717
718 error = zfs_dozonecheck(zc->zc_name, cr);
719 if (error != 0)
720 return (error);
721
722 /*
723 * permission to set permissions will be evaluated later in
724 * dsl_deleg_can_allow()
725 */
726 return (0);
727 }
728
729 /* ARGSUSED */
730 static int
zfs_secpolicy_rollback(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)731 zfs_secpolicy_rollback(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
732 {
733 return (zfs_secpolicy_write_perms(zc->zc_name,
734 ZFS_DELEG_PERM_ROLLBACK, cr));
735 }
736
737 /* ARGSUSED */
738 static int
zfs_secpolicy_send(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)739 zfs_secpolicy_send(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
740 {
741 dsl_pool_t *dp;
742 dsl_dataset_t *ds;
743 char *cp;
744 int error;
745
746 /*
747 * Generate the current snapshot name from the given objsetid, then
748 * use that name for the secpolicy/zone checks.
749 */
750 cp = strchr(zc->zc_name, '@');
751 if (cp == NULL)
752 return (SET_ERROR(EINVAL));
753 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
754 if (error != 0)
755 return (error);
756
757 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
758 if (error != 0) {
759 dsl_pool_rele(dp, FTAG);
760 return (error);
761 }
762
763 dsl_dataset_name(ds, zc->zc_name);
764
765 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds,
766 ZFS_DELEG_PERM_SEND, cr);
767 dsl_dataset_rele(ds, FTAG);
768 dsl_pool_rele(dp, FTAG);
769
770 return (error);
771 }
772
773 /* ARGSUSED */
774 static int
zfs_secpolicy_send_new(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)775 zfs_secpolicy_send_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
776 {
777 return (zfs_secpolicy_write_perms(zc->zc_name,
778 ZFS_DELEG_PERM_SEND, cr));
779 }
780
781 /* ARGSUSED */
782 static int
zfs_secpolicy_deleg_share(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)783 zfs_secpolicy_deleg_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
784 {
785 vnode_t *vp;
786 int error;
787
788 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
789 NO_FOLLOW, NULL, &vp)) != 0)
790 return (error);
791
792 /* Now make sure mntpnt and dataset are ZFS */
793
794 if (strcmp(vp->v_vfsp->mnt_stat.f_fstypename, "zfs") != 0 ||
795 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
796 zc->zc_name) != 0)) {
797 VN_RELE(vp);
798 return (SET_ERROR(EPERM));
799 }
800
801 VN_RELE(vp);
802 return (dsl_deleg_access(zc->zc_name,
803 ZFS_DELEG_PERM_SHARE, cr));
804 }
805
806 int
zfs_secpolicy_share(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)807 zfs_secpolicy_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
808 {
809 if (!INGLOBALZONE(curthread))
810 return (SET_ERROR(EPERM));
811
812 if (secpolicy_nfs(cr) == 0) {
813 return (0);
814 } else {
815 return (zfs_secpolicy_deleg_share(zc, innvl, cr));
816 }
817 }
818
819 int
zfs_secpolicy_smb_acl(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)820 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
821 {
822 if (!INGLOBALZONE(curthread))
823 return (SET_ERROR(EPERM));
824
825 if (secpolicy_smb(cr) == 0) {
826 return (0);
827 } else {
828 return (zfs_secpolicy_deleg_share(zc, innvl, cr));
829 }
830 }
831
832 static int
zfs_get_parent(const char * datasetname,char * parent,int parentsize)833 zfs_get_parent(const char *datasetname, char *parent, int parentsize)
834 {
835 char *cp;
836
837 /*
838 * Remove the @bla or /bla from the end of the name to get the parent.
839 */
840 (void) strncpy(parent, datasetname, parentsize);
841 cp = strrchr(parent, '@');
842 if (cp != NULL) {
843 cp[0] = '\0';
844 } else {
845 cp = strrchr(parent, '/');
846 if (cp == NULL)
847 return (SET_ERROR(ENOENT));
848 cp[0] = '\0';
849 }
850
851 return (0);
852 }
853
854 int
zfs_secpolicy_destroy_perms(const char * name,cred_t * cr)855 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr)
856 {
857 int error;
858
859 if ((error = zfs_secpolicy_write_perms(name,
860 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
861 return (error);
862
863 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr));
864 }
865
866 /* ARGSUSED */
867 static int
zfs_secpolicy_destroy(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)868 zfs_secpolicy_destroy(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
869 {
870 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr));
871 }
872
873 /*
874 * Destroying snapshots with delegated permissions requires
875 * descendant mount and destroy permissions.
876 */
877 /* ARGSUSED */
878 static int
zfs_secpolicy_destroy_snaps(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)879 zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
880 {
881 nvlist_t *snaps;
882 nvpair_t *pair, *nextpair;
883 int error = 0;
884
885 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
886 return (SET_ERROR(EINVAL));
887 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
888 pair = nextpair) {
889 nextpair = nvlist_next_nvpair(snaps, pair);
890 error = zfs_secpolicy_destroy_perms(nvpair_name(pair), cr);
891 if (error == ENOENT) {
892 /*
893 * Ignore any snapshots that don't exist (we consider
894 * them "already destroyed"). Remove the name from the
895 * nvl here in case the snapshot is created between
896 * now and when we try to destroy it (in which case
897 * we don't want to destroy it since we haven't
898 * checked for permission).
899 */
900 fnvlist_remove_nvpair(snaps, pair);
901 error = 0;
902 }
903 if (error != 0)
904 break;
905 }
906
907 return (error);
908 }
909
910 int
zfs_secpolicy_rename_perms(const char * from,const char * to,cred_t * cr)911 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr)
912 {
913 char parentname[ZFS_MAX_DATASET_NAME_LEN];
914 int error;
915
916 if ((error = zfs_secpolicy_write_perms(from,
917 ZFS_DELEG_PERM_RENAME, cr)) != 0)
918 return (error);
919
920 if ((error = zfs_secpolicy_write_perms(from,
921 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
922 return (error);
923
924 if ((error = zfs_get_parent(to, parentname,
925 sizeof (parentname))) != 0)
926 return (error);
927
928 if ((error = zfs_secpolicy_write_perms(parentname,
929 ZFS_DELEG_PERM_CREATE, cr)) != 0)
930 return (error);
931
932 if ((error = zfs_secpolicy_write_perms(parentname,
933 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
934 return (error);
935
936 return (error);
937 }
938
939 /* ARGSUSED */
940 static int
zfs_secpolicy_rename(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)941 zfs_secpolicy_rename(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
942 {
943 char *at = NULL;
944 int error;
945
946 if ((zc->zc_cookie & 1) != 0) {
947 /*
948 * This is recursive rename, so the starting snapshot might
949 * not exist. Check file system or volume permission instead.
950 */
951 at = strchr(zc->zc_name, '@');
952 if (at == NULL)
953 return (EINVAL);
954 *at = '\0';
955 }
956
957 error = zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr);
958
959 if (at != NULL)
960 *at = '@';
961
962 return (error);
963 }
964
965 /* ARGSUSED */
966 static int
zfs_secpolicy_promote(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)967 zfs_secpolicy_promote(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
968 {
969 dsl_pool_t *dp;
970 dsl_dataset_t *clone;
971 int error;
972
973 error = zfs_secpolicy_write_perms(zc->zc_name,
974 ZFS_DELEG_PERM_PROMOTE, cr);
975 if (error != 0)
976 return (error);
977
978 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
979 if (error != 0)
980 return (error);
981
982 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &clone);
983
984 if (error == 0) {
985 char parentname[ZFS_MAX_DATASET_NAME_LEN];
986 dsl_dataset_t *origin = NULL;
987 dsl_dir_t *dd;
988 dd = clone->ds_dir;
989
990 error = dsl_dataset_hold_obj(dd->dd_pool,
991 dsl_dir_phys(dd)->dd_origin_obj, FTAG, &origin);
992 if (error != 0) {
993 dsl_dataset_rele(clone, FTAG);
994 dsl_pool_rele(dp, FTAG);
995 return (error);
996 }
997
998 error = zfs_secpolicy_write_perms_ds(zc->zc_name, clone,
999 ZFS_DELEG_PERM_MOUNT, cr);
1000
1001 dsl_dataset_name(origin, parentname);
1002 if (error == 0) {
1003 error = zfs_secpolicy_write_perms_ds(parentname, origin,
1004 ZFS_DELEG_PERM_PROMOTE, cr);
1005 }
1006 dsl_dataset_rele(clone, FTAG);
1007 dsl_dataset_rele(origin, FTAG);
1008 }
1009 dsl_pool_rele(dp, FTAG);
1010 return (error);
1011 }
1012
1013 /* ARGSUSED */
1014 static int
zfs_secpolicy_recv(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1015 zfs_secpolicy_recv(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1016 {
1017 int error;
1018
1019 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
1020 ZFS_DELEG_PERM_RECEIVE, cr)) != 0)
1021 return (error);
1022
1023 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
1024 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
1025 return (error);
1026
1027 return (zfs_secpolicy_write_perms(zc->zc_name,
1028 ZFS_DELEG_PERM_CREATE, cr));
1029 }
1030
1031 int
zfs_secpolicy_snapshot_perms(const char * name,cred_t * cr)1032 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr)
1033 {
1034 return (zfs_secpolicy_write_perms(name,
1035 ZFS_DELEG_PERM_SNAPSHOT, cr));
1036 }
1037
1038 /*
1039 * Check for permission to create each snapshot in the nvlist.
1040 */
1041 /* ARGSUSED */
1042 static int
zfs_secpolicy_snapshot(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1043 zfs_secpolicy_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1044 {
1045 nvlist_t *snaps;
1046 int error;
1047 nvpair_t *pair;
1048
1049 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
1050 return (SET_ERROR(EINVAL));
1051 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
1052 pair = nvlist_next_nvpair(snaps, pair)) {
1053 char *name = nvpair_name(pair);
1054 char *atp = strchr(name, '@');
1055
1056 if (atp == NULL) {
1057 error = SET_ERROR(EINVAL);
1058 break;
1059 }
1060 *atp = '\0';
1061 error = zfs_secpolicy_snapshot_perms(name, cr);
1062 *atp = '@';
1063 if (error != 0)
1064 break;
1065 }
1066 return (error);
1067 }
1068
1069 /*
1070 * Check for permission to create each snapshot in the nvlist.
1071 */
1072 /* ARGSUSED */
1073 static int
zfs_secpolicy_bookmark(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1074 zfs_secpolicy_bookmark(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1075 {
1076 int error = 0;
1077
1078 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL);
1079 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
1080 char *name = nvpair_name(pair);
1081 char *hashp = strchr(name, '#');
1082
1083 if (hashp == NULL) {
1084 error = SET_ERROR(EINVAL);
1085 break;
1086 }
1087 *hashp = '\0';
1088 error = zfs_secpolicy_write_perms(name,
1089 ZFS_DELEG_PERM_BOOKMARK, cr);
1090 *hashp = '#';
1091 if (error != 0)
1092 break;
1093 }
1094 return (error);
1095 }
1096
1097 /* ARGSUSED */
1098 static int
zfs_secpolicy_destroy_bookmarks(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1099 zfs_secpolicy_destroy_bookmarks(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1100 {
1101 nvpair_t *pair, *nextpair;
1102 int error = 0;
1103
1104 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL;
1105 pair = nextpair) {
1106 char *name = nvpair_name(pair);
1107 char *hashp = strchr(name, '#');
1108 nextpair = nvlist_next_nvpair(innvl, pair);
1109
1110 if (hashp == NULL) {
1111 error = SET_ERROR(EINVAL);
1112 break;
1113 }
1114
1115 *hashp = '\0';
1116 error = zfs_secpolicy_write_perms(name,
1117 ZFS_DELEG_PERM_DESTROY, cr);
1118 *hashp = '#';
1119 if (error == ENOENT) {
1120 /*
1121 * Ignore any filesystems that don't exist (we consider
1122 * their bookmarks "already destroyed"). Remove
1123 * the name from the nvl here in case the filesystem
1124 * is created between now and when we try to destroy
1125 * the bookmark (in which case we don't want to
1126 * destroy it since we haven't checked for permission).
1127 */
1128 fnvlist_remove_nvpair(innvl, pair);
1129 error = 0;
1130 }
1131 if (error != 0)
1132 break;
1133 }
1134
1135 return (error);
1136 }
1137
1138 /* ARGSUSED */
1139 static int
zfs_secpolicy_log_history(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1140 zfs_secpolicy_log_history(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1141 {
1142 /*
1143 * Even root must have a proper TSD so that we know what pool
1144 * to log to.
1145 */
1146 if (tsd_get(zfs_allow_log_key) == NULL)
1147 return (SET_ERROR(EPERM));
1148 return (0);
1149 }
1150
1151 static int
zfs_secpolicy_create_clone(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1152 zfs_secpolicy_create_clone(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1153 {
1154 char parentname[ZFS_MAX_DATASET_NAME_LEN];
1155 int error;
1156 char *origin;
1157
1158 if ((error = zfs_get_parent(zc->zc_name, parentname,
1159 sizeof (parentname))) != 0)
1160 return (error);
1161
1162 if (nvlist_lookup_string(innvl, "origin", &origin) == 0 &&
1163 (error = zfs_secpolicy_write_perms(origin,
1164 ZFS_DELEG_PERM_CLONE, cr)) != 0)
1165 return (error);
1166
1167 if ((error = zfs_secpolicy_write_perms(parentname,
1168 ZFS_DELEG_PERM_CREATE, cr)) != 0)
1169 return (error);
1170
1171 return (zfs_secpolicy_write_perms(parentname,
1172 ZFS_DELEG_PERM_MOUNT, cr));
1173 }
1174
1175 /*
1176 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires
1177 * SYS_CONFIG privilege, which is not available in a local zone.
1178 */
1179 /* ARGSUSED */
1180 static int
zfs_secpolicy_config(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1181 zfs_secpolicy_config(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1182 {
1183 if (secpolicy_sys_config(cr, B_FALSE) != 0)
1184 return (SET_ERROR(EPERM));
1185
1186 return (0);
1187 }
1188
1189 /*
1190 * Policy for object to name lookups.
1191 */
1192 /* ARGSUSED */
1193 static int
zfs_secpolicy_diff(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1194 zfs_secpolicy_diff(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1195 {
1196 int error;
1197
1198 if ((error = secpolicy_sys_config(cr, B_FALSE)) == 0)
1199 return (0);
1200
1201 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr);
1202 return (error);
1203 }
1204
1205 /*
1206 * Policy for fault injection. Requires all privileges.
1207 */
1208 /* ARGSUSED */
1209 static int
zfs_secpolicy_inject(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1210 zfs_secpolicy_inject(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1211 {
1212 return (secpolicy_zinject(cr));
1213 }
1214
1215 /* ARGSUSED */
1216 static int
zfs_secpolicy_inherit_prop(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1217 zfs_secpolicy_inherit_prop(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1218 {
1219 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value);
1220
1221 if (prop == ZPROP_INVAL) {
1222 if (!zfs_prop_user(zc->zc_value))
1223 return (SET_ERROR(EINVAL));
1224 return (zfs_secpolicy_write_perms(zc->zc_name,
1225 ZFS_DELEG_PERM_USERPROP, cr));
1226 } else {
1227 return (zfs_secpolicy_setprop(zc->zc_name, prop,
1228 NULL, cr));
1229 }
1230 }
1231
1232 static int
zfs_secpolicy_userspace_one(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1233 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1234 {
1235 int err = zfs_secpolicy_read(zc, innvl, cr);
1236 if (err)
1237 return (err);
1238
1239 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1240 return (SET_ERROR(EINVAL));
1241
1242 if (zc->zc_value[0] == 0) {
1243 /*
1244 * They are asking about a posix uid/gid. If it's
1245 * themself, allow it.
1246 */
1247 if (zc->zc_objset_type == ZFS_PROP_USERUSED ||
1248 zc->zc_objset_type == ZFS_PROP_USERQUOTA) {
1249 if (zc->zc_guid == crgetuid(cr))
1250 return (0);
1251 } else {
1252 if (groupmember(zc->zc_guid, cr))
1253 return (0);
1254 }
1255 }
1256
1257 return (zfs_secpolicy_write_perms(zc->zc_name,
1258 userquota_perms[zc->zc_objset_type], cr));
1259 }
1260
1261 static int
zfs_secpolicy_userspace_many(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1262 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1263 {
1264 int err = zfs_secpolicy_read(zc, innvl, cr);
1265 if (err)
1266 return (err);
1267
1268 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1269 return (SET_ERROR(EINVAL));
1270
1271 return (zfs_secpolicy_write_perms(zc->zc_name,
1272 userquota_perms[zc->zc_objset_type], cr));
1273 }
1274
1275 /* ARGSUSED */
1276 static int
zfs_secpolicy_userspace_upgrade(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1277 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1278 {
1279 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION,
1280 NULL, cr));
1281 }
1282
1283 /* ARGSUSED */
1284 static int
zfs_secpolicy_hold(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1285 zfs_secpolicy_hold(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1286 {
1287 nvpair_t *pair;
1288 nvlist_t *holds;
1289 int error;
1290
1291 error = nvlist_lookup_nvlist(innvl, "holds", &holds);
1292 if (error != 0)
1293 return (SET_ERROR(EINVAL));
1294
1295 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL;
1296 pair = nvlist_next_nvpair(holds, pair)) {
1297 char fsname[ZFS_MAX_DATASET_NAME_LEN];
1298 error = dmu_fsname(nvpair_name(pair), fsname);
1299 if (error != 0)
1300 return (error);
1301 error = zfs_secpolicy_write_perms(fsname,
1302 ZFS_DELEG_PERM_HOLD, cr);
1303 if (error != 0)
1304 return (error);
1305 }
1306 return (0);
1307 }
1308
1309 /* ARGSUSED */
1310 static int
zfs_secpolicy_release(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1311 zfs_secpolicy_release(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1312 {
1313 nvpair_t *pair;
1314 int error;
1315
1316 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL;
1317 pair = nvlist_next_nvpair(innvl, pair)) {
1318 char fsname[ZFS_MAX_DATASET_NAME_LEN];
1319 error = dmu_fsname(nvpair_name(pair), fsname);
1320 if (error != 0)
1321 return (error);
1322 error = zfs_secpolicy_write_perms(fsname,
1323 ZFS_DELEG_PERM_RELEASE, cr);
1324 if (error != 0)
1325 return (error);
1326 }
1327 return (0);
1328 }
1329
1330 /*
1331 * Policy for allowing temporary snapshots to be taken or released
1332 */
1333 static int
zfs_secpolicy_tmp_snapshot(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1334 zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1335 {
1336 /*
1337 * A temporary snapshot is the same as a snapshot,
1338 * hold, destroy and release all rolled into one.
1339 * Delegated diff alone is sufficient that we allow this.
1340 */
1341 int error;
1342
1343 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
1344 ZFS_DELEG_PERM_DIFF, cr)) == 0)
1345 return (0);
1346
1347 error = zfs_secpolicy_snapshot_perms(zc->zc_name, cr);
1348 if (error == 0)
1349 error = zfs_secpolicy_hold(zc, innvl, cr);
1350 if (error == 0)
1351 error = zfs_secpolicy_release(zc, innvl, cr);
1352 if (error == 0)
1353 error = zfs_secpolicy_destroy(zc, innvl, cr);
1354 return (error);
1355 }
1356
1357 /*
1358 * Returns the nvlist as specified by the user in the zfs_cmd_t.
1359 */
1360 static int
get_nvlist(uint64_t nvl,uint64_t size,int iflag,nvlist_t ** nvp)1361 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp)
1362 {
1363 char *packed;
1364 int error;
1365 nvlist_t *list = NULL;
1366
1367 /*
1368 * Read in and unpack the user-supplied nvlist.
1369 */
1370 if (size == 0)
1371 return (SET_ERROR(EINVAL));
1372
1373 packed = kmem_alloc(size, KM_SLEEP);
1374
1375 if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size,
1376 iflag)) != 0) {
1377 kmem_free(packed, size);
1378 return (SET_ERROR(EFAULT));
1379 }
1380
1381 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) {
1382 kmem_free(packed, size);
1383 return (error);
1384 }
1385
1386 kmem_free(packed, size);
1387
1388 *nvp = list;
1389 return (0);
1390 }
1391
1392 /*
1393 * Reduce the size of this nvlist until it can be serialized in 'max' bytes.
1394 * Entries will be removed from the end of the nvlist, and one int32 entry
1395 * named "N_MORE_ERRORS" will be added indicating how many entries were
1396 * removed.
1397 */
1398 static int
nvlist_smush(nvlist_t * errors,size_t max)1399 nvlist_smush(nvlist_t *errors, size_t max)
1400 {
1401 size_t size;
1402
1403 size = fnvlist_size(errors);
1404
1405 if (size > max) {
1406 nvpair_t *more_errors;
1407 int n = 0;
1408
1409 if (max < 1024)
1410 return (SET_ERROR(ENOMEM));
1411
1412 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, 0);
1413 more_errors = nvlist_prev_nvpair(errors, NULL);
1414
1415 do {
1416 nvpair_t *pair = nvlist_prev_nvpair(errors,
1417 more_errors);
1418 fnvlist_remove_nvpair(errors, pair);
1419 n++;
1420 size = fnvlist_size(errors);
1421 } while (size > max);
1422
1423 fnvlist_remove_nvpair(errors, more_errors);
1424 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, n);
1425 ASSERT3U(fnvlist_size(errors), <=, max);
1426 }
1427
1428 return (0);
1429 }
1430
1431 static int
put_nvlist(zfs_cmd_t * zc,nvlist_t * nvl)1432 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl)
1433 {
1434 char *packed = NULL;
1435 int error = 0;
1436 size_t size;
1437
1438 size = fnvlist_size(nvl);
1439
1440 if (size > zc->zc_nvlist_dst_size) {
1441 /*
1442 * Solaris returns ENOMEM here, because even if an error is
1443 * returned from an ioctl(2), new zc_nvlist_dst_size will be
1444 * passed to the userland. This is not the case for FreeBSD.
1445 * We need to return 0, so the kernel will copy the
1446 * zc_nvlist_dst_size back and the userland can discover that a
1447 * bigger buffer is needed.
1448 */
1449 error = 0;
1450 } else {
1451 packed = fnvlist_pack(nvl, &size);
1452 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst,
1453 size, zc->zc_iflags) != 0)
1454 error = SET_ERROR(EFAULT);
1455 fnvlist_pack_free(packed, size);
1456 }
1457
1458 zc->zc_nvlist_dst_size = size;
1459 zc->zc_nvlist_dst_filled = B_TRUE;
1460 return (error);
1461 }
1462
1463 static int
getzfsvfs(const char * dsname,zfsvfs_t ** zfvp)1464 getzfsvfs(const char *dsname, zfsvfs_t **zfvp)
1465 {
1466 objset_t *os;
1467 vfs_t *vfsp;
1468 int error;
1469
1470 error = dmu_objset_hold(dsname, FTAG, &os);
1471 if (error != 0)
1472 return (error);
1473 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1474 dmu_objset_rele(os, FTAG);
1475 return (SET_ERROR(EINVAL));
1476 }
1477
1478 mutex_enter(&os->os_user_ptr_lock);
1479 *zfvp = dmu_objset_get_user(os);
1480 if (*zfvp) {
1481 vfsp = (*zfvp)->z_vfs;
1482 vfs_ref(vfsp);
1483 } else {
1484 error = SET_ERROR(ESRCH);
1485 }
1486 mutex_exit(&os->os_user_ptr_lock);
1487 dmu_objset_rele(os, FTAG);
1488 if (error == 0) {
1489 error = vfs_busy(vfsp, 0);
1490 vfs_rel(vfsp);
1491 if (error != 0) {
1492 *zfvp = NULL;
1493 error = SET_ERROR(ESRCH);
1494 }
1495 }
1496 return (error);
1497 }
1498
1499 /*
1500 * Find a zfsvfs_t for a mounted filesystem, or create our own, in which
1501 * case its z_vfs will be NULL, and it will be opened as the owner.
1502 * If 'writer' is set, the z_teardown_lock will be held for RW_WRITER,
1503 * which prevents all vnode ops from running.
1504 */
1505 static int
zfsvfs_hold(const char * name,void * tag,zfsvfs_t ** zfvp,boolean_t writer)1506 zfsvfs_hold(const char *name, void *tag, zfsvfs_t **zfvp, boolean_t writer)
1507 {
1508 int error = 0;
1509
1510 if (getzfsvfs(name, zfvp) != 0)
1511 error = zfsvfs_create(name, zfvp);
1512 if (error == 0) {
1513 rrm_enter(&(*zfvp)->z_teardown_lock, (writer) ? RW_WRITER :
1514 RW_READER, tag);
1515 if ((*zfvp)->z_unmounted) {
1516 /*
1517 * XXX we could probably try again, since the unmounting
1518 * thread should be just about to disassociate the
1519 * objset from the zfsvfs.
1520 */
1521 rrm_exit(&(*zfvp)->z_teardown_lock, tag);
1522 return (SET_ERROR(EBUSY));
1523 }
1524 }
1525 return (error);
1526 }
1527
1528 static void
zfsvfs_rele(zfsvfs_t * zfsvfs,void * tag)1529 zfsvfs_rele(zfsvfs_t *zfsvfs, void *tag)
1530 {
1531 rrm_exit(&zfsvfs->z_teardown_lock, tag);
1532
1533 if (zfsvfs->z_vfs) {
1534 #ifdef illumos
1535 VFS_RELE(zfsvfs->z_vfs);
1536 #else
1537 vfs_unbusy(zfsvfs->z_vfs);
1538 #endif
1539 } else {
1540 dmu_objset_disown(zfsvfs->z_os, zfsvfs);
1541 zfsvfs_free(zfsvfs);
1542 }
1543 }
1544
1545 static int
zfs_ioc_pool_create(zfs_cmd_t * zc)1546 zfs_ioc_pool_create(zfs_cmd_t *zc)
1547 {
1548 int error;
1549 nvlist_t *config, *props = NULL;
1550 nvlist_t *rootprops = NULL;
1551 nvlist_t *zplprops = NULL;
1552
1553 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1554 zc->zc_iflags, &config))
1555 return (error);
1556
1557 if (zc->zc_nvlist_src_size != 0 && (error =
1558 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1559 zc->zc_iflags, &props))) {
1560 nvlist_free(config);
1561 return (error);
1562 }
1563
1564 if (props) {
1565 nvlist_t *nvl = NULL;
1566 uint64_t version = SPA_VERSION;
1567
1568 (void) nvlist_lookup_uint64(props,
1569 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version);
1570 if (!SPA_VERSION_IS_SUPPORTED(version)) {
1571 error = SET_ERROR(EINVAL);
1572 goto pool_props_bad;
1573 }
1574 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl);
1575 if (nvl) {
1576 error = nvlist_dup(nvl, &rootprops, KM_SLEEP);
1577 if (error != 0) {
1578 nvlist_free(config);
1579 nvlist_free(props);
1580 return (error);
1581 }
1582 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS);
1583 }
1584 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1585 error = zfs_fill_zplprops_root(version, rootprops,
1586 zplprops, NULL);
1587 if (error != 0)
1588 goto pool_props_bad;
1589 }
1590
1591 error = spa_create(zc->zc_name, config, props, zplprops);
1592
1593 /*
1594 * Set the remaining root properties
1595 */
1596 if (!error && (error = zfs_set_prop_nvlist(zc->zc_name,
1597 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0)
1598 (void) spa_destroy(zc->zc_name);
1599
1600 pool_props_bad:
1601 nvlist_free(rootprops);
1602 nvlist_free(zplprops);
1603 nvlist_free(config);
1604 nvlist_free(props);
1605
1606 return (error);
1607 }
1608
1609 static int
zfs_ioc_pool_destroy(zfs_cmd_t * zc)1610 zfs_ioc_pool_destroy(zfs_cmd_t *zc)
1611 {
1612 int error;
1613 zfs_log_history(zc);
1614 error = spa_destroy(zc->zc_name);
1615 if (error == 0)
1616 zvol_remove_minors(zc->zc_name);
1617 return (error);
1618 }
1619
1620 static int
zfs_ioc_pool_import(zfs_cmd_t * zc)1621 zfs_ioc_pool_import(zfs_cmd_t *zc)
1622 {
1623 nvlist_t *config, *props = NULL;
1624 uint64_t guid;
1625 int error;
1626
1627 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1628 zc->zc_iflags, &config)) != 0)
1629 return (error);
1630
1631 if (zc->zc_nvlist_src_size != 0 && (error =
1632 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1633 zc->zc_iflags, &props))) {
1634 nvlist_free(config);
1635 return (error);
1636 }
1637
1638 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 ||
1639 guid != zc->zc_guid)
1640 error = SET_ERROR(EINVAL);
1641 else
1642 error = spa_import(zc->zc_name, config, props, zc->zc_cookie);
1643
1644 if (zc->zc_nvlist_dst != 0) {
1645 int err;
1646
1647 if ((err = put_nvlist(zc, config)) != 0)
1648 error = err;
1649 }
1650
1651 nvlist_free(config);
1652
1653 nvlist_free(props);
1654
1655 return (error);
1656 }
1657
1658 static int
zfs_ioc_pool_export(zfs_cmd_t * zc)1659 zfs_ioc_pool_export(zfs_cmd_t *zc)
1660 {
1661 int error;
1662 boolean_t force = (boolean_t)zc->zc_cookie;
1663 boolean_t hardforce = (boolean_t)zc->zc_guid;
1664
1665 zfs_log_history(zc);
1666 error = spa_export(zc->zc_name, NULL, force, hardforce);
1667 if (error == 0)
1668 zvol_remove_minors(zc->zc_name);
1669 return (error);
1670 }
1671
1672 static int
zfs_ioc_pool_configs(zfs_cmd_t * zc)1673 zfs_ioc_pool_configs(zfs_cmd_t *zc)
1674 {
1675 nvlist_t *configs;
1676 int error;
1677
1678 if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL)
1679 return (SET_ERROR(EEXIST));
1680
1681 error = put_nvlist(zc, configs);
1682
1683 nvlist_free(configs);
1684
1685 return (error);
1686 }
1687
1688 /*
1689 * inputs:
1690 * zc_name name of the pool
1691 *
1692 * outputs:
1693 * zc_cookie real errno
1694 * zc_nvlist_dst config nvlist
1695 * zc_nvlist_dst_size size of config nvlist
1696 */
1697 static int
zfs_ioc_pool_stats(zfs_cmd_t * zc)1698 zfs_ioc_pool_stats(zfs_cmd_t *zc)
1699 {
1700 nvlist_t *config;
1701 int error;
1702 int ret = 0;
1703
1704 error = spa_get_stats(zc->zc_name, &config, zc->zc_value,
1705 sizeof (zc->zc_value));
1706
1707 if (config != NULL) {
1708 ret = put_nvlist(zc, config);
1709 nvlist_free(config);
1710
1711 /*
1712 * The config may be present even if 'error' is non-zero.
1713 * In this case we return success, and preserve the real errno
1714 * in 'zc_cookie'.
1715 */
1716 zc->zc_cookie = error;
1717 } else {
1718 ret = error;
1719 }
1720
1721 return (ret);
1722 }
1723
1724 /*
1725 * Try to import the given pool, returning pool stats as appropriate so that
1726 * user land knows which devices are available and overall pool health.
1727 */
1728 static int
zfs_ioc_pool_tryimport(zfs_cmd_t * zc)1729 zfs_ioc_pool_tryimport(zfs_cmd_t *zc)
1730 {
1731 nvlist_t *tryconfig, *config;
1732 int error;
1733
1734 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1735 zc->zc_iflags, &tryconfig)) != 0)
1736 return (error);
1737
1738 config = spa_tryimport(tryconfig);
1739
1740 nvlist_free(tryconfig);
1741
1742 if (config == NULL)
1743 return (SET_ERROR(EINVAL));
1744
1745 error = put_nvlist(zc, config);
1746 nvlist_free(config);
1747
1748 return (error);
1749 }
1750
1751 /*
1752 * inputs:
1753 * zc_name name of the pool
1754 * zc_cookie scan func (pool_scan_func_t)
1755 */
1756 static int
zfs_ioc_pool_scan(zfs_cmd_t * zc)1757 zfs_ioc_pool_scan(zfs_cmd_t *zc)
1758 {
1759 spa_t *spa;
1760 int error;
1761
1762 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1763 return (error);
1764
1765 if (zc->zc_cookie == POOL_SCAN_NONE)
1766 error = spa_scan_stop(spa);
1767 else
1768 error = spa_scan(spa, zc->zc_cookie);
1769
1770 spa_close(spa, FTAG);
1771
1772 return (error);
1773 }
1774
1775 static int
zfs_ioc_pool_freeze(zfs_cmd_t * zc)1776 zfs_ioc_pool_freeze(zfs_cmd_t *zc)
1777 {
1778 spa_t *spa;
1779 int error;
1780
1781 error = spa_open(zc->zc_name, &spa, FTAG);
1782 if (error == 0) {
1783 spa_freeze(spa);
1784 spa_close(spa, FTAG);
1785 }
1786 return (error);
1787 }
1788
1789 static int
zfs_ioc_pool_upgrade(zfs_cmd_t * zc)1790 zfs_ioc_pool_upgrade(zfs_cmd_t *zc)
1791 {
1792 spa_t *spa;
1793 int error;
1794
1795 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1796 return (error);
1797
1798 if (zc->zc_cookie < spa_version(spa) ||
1799 !SPA_VERSION_IS_SUPPORTED(zc->zc_cookie)) {
1800 spa_close(spa, FTAG);
1801 return (SET_ERROR(EINVAL));
1802 }
1803
1804 spa_upgrade(spa, zc->zc_cookie);
1805 spa_close(spa, FTAG);
1806
1807 return (error);
1808 }
1809
1810 static int
zfs_ioc_pool_get_history(zfs_cmd_t * zc)1811 zfs_ioc_pool_get_history(zfs_cmd_t *zc)
1812 {
1813 spa_t *spa;
1814 char *hist_buf;
1815 uint64_t size;
1816 int error;
1817
1818 if ((size = zc->zc_history_len) == 0)
1819 return (SET_ERROR(EINVAL));
1820
1821 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1822 return (error);
1823
1824 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
1825 spa_close(spa, FTAG);
1826 return (SET_ERROR(ENOTSUP));
1827 }
1828
1829 hist_buf = kmem_alloc(size, KM_SLEEP);
1830 if ((error = spa_history_get(spa, &zc->zc_history_offset,
1831 &zc->zc_history_len, hist_buf)) == 0) {
1832 error = ddi_copyout(hist_buf,
1833 (void *)(uintptr_t)zc->zc_history,
1834 zc->zc_history_len, zc->zc_iflags);
1835 }
1836
1837 spa_close(spa, FTAG);
1838 kmem_free(hist_buf, size);
1839 return (error);
1840 }
1841
1842 static int
zfs_ioc_pool_reguid(zfs_cmd_t * zc)1843 zfs_ioc_pool_reguid(zfs_cmd_t *zc)
1844 {
1845 spa_t *spa;
1846 int error;
1847
1848 error = spa_open(zc->zc_name, &spa, FTAG);
1849 if (error == 0) {
1850 error = spa_change_guid(spa);
1851 spa_close(spa, FTAG);
1852 }
1853 return (error);
1854 }
1855
1856 static int
zfs_ioc_dsobj_to_dsname(zfs_cmd_t * zc)1857 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc)
1858 {
1859 return (dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value));
1860 }
1861
1862 /*
1863 * inputs:
1864 * zc_name name of filesystem
1865 * zc_obj object to find
1866 *
1867 * outputs:
1868 * zc_value name of object
1869 */
1870 static int
zfs_ioc_obj_to_path(zfs_cmd_t * zc)1871 zfs_ioc_obj_to_path(zfs_cmd_t *zc)
1872 {
1873 objset_t *os;
1874 int error;
1875
1876 /* XXX reading from objset not owned */
1877 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0)
1878 return (error);
1879 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1880 dmu_objset_rele(os, FTAG);
1881 return (SET_ERROR(EINVAL));
1882 }
1883 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value,
1884 sizeof (zc->zc_value));
1885 dmu_objset_rele(os, FTAG);
1886
1887 return (error);
1888 }
1889
1890 /*
1891 * inputs:
1892 * zc_name name of filesystem
1893 * zc_obj object to find
1894 *
1895 * outputs:
1896 * zc_stat stats on object
1897 * zc_value path to object
1898 */
1899 static int
zfs_ioc_obj_to_stats(zfs_cmd_t * zc)1900 zfs_ioc_obj_to_stats(zfs_cmd_t *zc)
1901 {
1902 objset_t *os;
1903 int error;
1904
1905 /* XXX reading from objset not owned */
1906 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0)
1907 return (error);
1908 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1909 dmu_objset_rele(os, FTAG);
1910 return (SET_ERROR(EINVAL));
1911 }
1912 error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value,
1913 sizeof (zc->zc_value));
1914 dmu_objset_rele(os, FTAG);
1915
1916 return (error);
1917 }
1918
1919 static int
zfs_ioc_vdev_add(zfs_cmd_t * zc)1920 zfs_ioc_vdev_add(zfs_cmd_t *zc)
1921 {
1922 spa_t *spa;
1923 int error;
1924 nvlist_t *config, **l2cache, **spares;
1925 uint_t nl2cache = 0, nspares = 0;
1926
1927 error = spa_open(zc->zc_name, &spa, FTAG);
1928 if (error != 0)
1929 return (error);
1930
1931 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1932 zc->zc_iflags, &config);
1933 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_L2CACHE,
1934 &l2cache, &nl2cache);
1935
1936 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_SPARES,
1937 &spares, &nspares);
1938
1939 #ifdef illumos
1940 /*
1941 * A root pool with concatenated devices is not supported.
1942 * Thus, can not add a device to a root pool.
1943 *
1944 * Intent log device can not be added to a rootpool because
1945 * during mountroot, zil is replayed, a seperated log device
1946 * can not be accessed during the mountroot time.
1947 *
1948 * l2cache and spare devices are ok to be added to a rootpool.
1949 */
1950 if (spa_bootfs(spa) != 0 && nl2cache == 0 && nspares == 0) {
1951 nvlist_free(config);
1952 spa_close(spa, FTAG);
1953 return (SET_ERROR(EDOM));
1954 }
1955 #endif /* illumos */
1956
1957 if (error == 0) {
1958 error = spa_vdev_add(spa, config);
1959 nvlist_free(config);
1960 }
1961 spa_close(spa, FTAG);
1962 return (error);
1963 }
1964
1965 /*
1966 * inputs:
1967 * zc_name name of the pool
1968 * zc_nvlist_conf nvlist of devices to remove
1969 * zc_cookie to stop the remove?
1970 */
1971 static int
zfs_ioc_vdev_remove(zfs_cmd_t * zc)1972 zfs_ioc_vdev_remove(zfs_cmd_t *zc)
1973 {
1974 spa_t *spa;
1975 int error;
1976
1977 error = spa_open(zc->zc_name, &spa, FTAG);
1978 if (error != 0)
1979 return (error);
1980 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE);
1981 spa_close(spa, FTAG);
1982 return (error);
1983 }
1984
1985 static int
zfs_ioc_vdev_set_state(zfs_cmd_t * zc)1986 zfs_ioc_vdev_set_state(zfs_cmd_t *zc)
1987 {
1988 spa_t *spa;
1989 int error;
1990 vdev_state_t newstate = VDEV_STATE_UNKNOWN;
1991
1992 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1993 return (error);
1994 switch (zc->zc_cookie) {
1995 case VDEV_STATE_ONLINE:
1996 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate);
1997 break;
1998
1999 case VDEV_STATE_OFFLINE:
2000 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj);
2001 break;
2002
2003 case VDEV_STATE_FAULTED:
2004 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
2005 zc->zc_obj != VDEV_AUX_EXTERNAL)
2006 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
2007
2008 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj);
2009 break;
2010
2011 case VDEV_STATE_DEGRADED:
2012 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
2013 zc->zc_obj != VDEV_AUX_EXTERNAL)
2014 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
2015
2016 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj);
2017 break;
2018
2019 default:
2020 error = SET_ERROR(EINVAL);
2021 }
2022 zc->zc_cookie = newstate;
2023 spa_close(spa, FTAG);
2024 return (error);
2025 }
2026
2027 static int
zfs_ioc_vdev_attach(zfs_cmd_t * zc)2028 zfs_ioc_vdev_attach(zfs_cmd_t *zc)
2029 {
2030 spa_t *spa;
2031 int replacing = zc->zc_cookie;
2032 nvlist_t *config;
2033 int error;
2034
2035 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
2036 return (error);
2037
2038 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
2039 zc->zc_iflags, &config)) == 0) {
2040 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing);
2041 nvlist_free(config);
2042 }
2043
2044 spa_close(spa, FTAG);
2045 return (error);
2046 }
2047
2048 static int
zfs_ioc_vdev_detach(zfs_cmd_t * zc)2049 zfs_ioc_vdev_detach(zfs_cmd_t *zc)
2050 {
2051 spa_t *spa;
2052 int error;
2053
2054 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
2055 return (error);
2056
2057 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE);
2058
2059 spa_close(spa, FTAG);
2060 return (error);
2061 }
2062
2063 static int
zfs_ioc_vdev_split(zfs_cmd_t * zc)2064 zfs_ioc_vdev_split(zfs_cmd_t *zc)
2065 {
2066 spa_t *spa;
2067 nvlist_t *config, *props = NULL;
2068 int error;
2069 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT);
2070
2071 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
2072 return (error);
2073
2074 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
2075 zc->zc_iflags, &config)) {
2076 spa_close(spa, FTAG);
2077 return (error);
2078 }
2079
2080 if (zc->zc_nvlist_src_size != 0 && (error =
2081 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2082 zc->zc_iflags, &props))) {
2083 spa_close(spa, FTAG);
2084 nvlist_free(config);
2085 return (error);
2086 }
2087
2088 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp);
2089
2090 spa_close(spa, FTAG);
2091
2092 nvlist_free(config);
2093 nvlist_free(props);
2094
2095 return (error);
2096 }
2097
2098 static int
zfs_ioc_vdev_setpath(zfs_cmd_t * zc)2099 zfs_ioc_vdev_setpath(zfs_cmd_t *zc)
2100 {
2101 spa_t *spa;
2102 char *path = zc->zc_value;
2103 uint64_t guid = zc->zc_guid;
2104 int error;
2105
2106 error = spa_open(zc->zc_name, &spa, FTAG);
2107 if (error != 0)
2108 return (error);
2109
2110 error = spa_vdev_setpath(spa, guid, path);
2111 spa_close(spa, FTAG);
2112 return (error);
2113 }
2114
2115 static int
zfs_ioc_vdev_setfru(zfs_cmd_t * zc)2116 zfs_ioc_vdev_setfru(zfs_cmd_t *zc)
2117 {
2118 spa_t *spa;
2119 char *fru = zc->zc_value;
2120 uint64_t guid = zc->zc_guid;
2121 int error;
2122
2123 error = spa_open(zc->zc_name, &spa, FTAG);
2124 if (error != 0)
2125 return (error);
2126
2127 error = spa_vdev_setfru(spa, guid, fru);
2128 spa_close(spa, FTAG);
2129 return (error);
2130 }
2131
2132 static int
zfs_ioc_objset_stats_impl(zfs_cmd_t * zc,objset_t * os)2133 zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os)
2134 {
2135 int error = 0;
2136 nvlist_t *nv;
2137
2138 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
2139
2140 if (zc->zc_nvlist_dst != 0 &&
2141 (error = dsl_prop_get_all(os, &nv)) == 0) {
2142 dmu_objset_stats(os, nv);
2143 /*
2144 * NB: zvol_get_stats() will read the objset contents,
2145 * which we aren't supposed to do with a
2146 * DS_MODE_USER hold, because it could be
2147 * inconsistent. So this is a bit of a workaround...
2148 * XXX reading with out owning
2149 */
2150 if (!zc->zc_objset_stats.dds_inconsistent &&
2151 dmu_objset_type(os) == DMU_OST_ZVOL) {
2152 error = zvol_get_stats(os, nv);
2153 if (error == EIO)
2154 return (error);
2155 VERIFY0(error);
2156 }
2157 error = put_nvlist(zc, nv);
2158 nvlist_free(nv);
2159 }
2160
2161 return (error);
2162 }
2163
2164 /*
2165 * inputs:
2166 * zc_name name of filesystem
2167 * zc_nvlist_dst_size size of buffer for property nvlist
2168 *
2169 * outputs:
2170 * zc_objset_stats stats
2171 * zc_nvlist_dst property nvlist
2172 * zc_nvlist_dst_size size of property nvlist
2173 */
2174 static int
zfs_ioc_objset_stats(zfs_cmd_t * zc)2175 zfs_ioc_objset_stats(zfs_cmd_t *zc)
2176 {
2177 objset_t *os;
2178 int error;
2179
2180 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2181 if (error == 0) {
2182 error = zfs_ioc_objset_stats_impl(zc, os);
2183 dmu_objset_rele(os, FTAG);
2184 }
2185
2186 if (error == ENOMEM)
2187 error = 0;
2188 return (error);
2189 }
2190
2191 /*
2192 * inputs:
2193 * zc_name name of filesystem
2194 * zc_nvlist_dst_size size of buffer for property nvlist
2195 *
2196 * outputs:
2197 * zc_nvlist_dst received property nvlist
2198 * zc_nvlist_dst_size size of received property nvlist
2199 *
2200 * Gets received properties (distinct from local properties on or after
2201 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from
2202 * local property values.
2203 */
2204 static int
zfs_ioc_objset_recvd_props(zfs_cmd_t * zc)2205 zfs_ioc_objset_recvd_props(zfs_cmd_t *zc)
2206 {
2207 int error = 0;
2208 nvlist_t *nv;
2209
2210 /*
2211 * Without this check, we would return local property values if the
2212 * caller has not already received properties on or after
2213 * SPA_VERSION_RECVD_PROPS.
2214 */
2215 if (!dsl_prop_get_hasrecvd(zc->zc_name))
2216 return (SET_ERROR(ENOTSUP));
2217
2218 if (zc->zc_nvlist_dst != 0 &&
2219 (error = dsl_prop_get_received(zc->zc_name, &nv)) == 0) {
2220 error = put_nvlist(zc, nv);
2221 nvlist_free(nv);
2222 }
2223
2224 return (error);
2225 }
2226
2227 static int
nvl_add_zplprop(objset_t * os,nvlist_t * props,zfs_prop_t prop)2228 nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop)
2229 {
2230 uint64_t value;
2231 int error;
2232
2233 /*
2234 * zfs_get_zplprop() will either find a value or give us
2235 * the default value (if there is one).
2236 */
2237 if ((error = zfs_get_zplprop(os, prop, &value)) != 0)
2238 return (error);
2239 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0);
2240 return (0);
2241 }
2242
2243 /*
2244 * inputs:
2245 * zc_name name of filesystem
2246 * zc_nvlist_dst_size size of buffer for zpl property nvlist
2247 *
2248 * outputs:
2249 * zc_nvlist_dst zpl property nvlist
2250 * zc_nvlist_dst_size size of zpl property nvlist
2251 */
2252 static int
zfs_ioc_objset_zplprops(zfs_cmd_t * zc)2253 zfs_ioc_objset_zplprops(zfs_cmd_t *zc)
2254 {
2255 objset_t *os;
2256 int err;
2257
2258 /* XXX reading without owning */
2259 if (err = dmu_objset_hold(zc->zc_name, FTAG, &os))
2260 return (err);
2261
2262 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
2263
2264 /*
2265 * NB: nvl_add_zplprop() will read the objset contents,
2266 * which we aren't supposed to do with a DS_MODE_USER
2267 * hold, because it could be inconsistent.
2268 */
2269 if (zc->zc_nvlist_dst != 0 &&
2270 !zc->zc_objset_stats.dds_inconsistent &&
2271 dmu_objset_type(os) == DMU_OST_ZFS) {
2272 nvlist_t *nv;
2273
2274 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2275 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 &&
2276 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 &&
2277 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 &&
2278 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0)
2279 err = put_nvlist(zc, nv);
2280 nvlist_free(nv);
2281 } else {
2282 err = SET_ERROR(ENOENT);
2283 }
2284 dmu_objset_rele(os, FTAG);
2285 return (err);
2286 }
2287
2288 boolean_t
dataset_name_hidden(const char * name)2289 dataset_name_hidden(const char *name)
2290 {
2291 /*
2292 * Skip over datasets that are not visible in this zone,
2293 * internal datasets (which have a $ in their name), and
2294 * temporary datasets (which have a % in their name).
2295 */
2296 if (strchr(name, '$') != NULL)
2297 return (B_TRUE);
2298 if (strchr(name, '%') != NULL)
2299 return (B_TRUE);
2300 if (!INGLOBALZONE(curthread) && !zone_dataset_visible(name, NULL))
2301 return (B_TRUE);
2302 return (B_FALSE);
2303 }
2304
2305 /*
2306 * inputs:
2307 * zc_name name of filesystem
2308 * zc_cookie zap cursor
2309 * zc_nvlist_dst_size size of buffer for property nvlist
2310 *
2311 * outputs:
2312 * zc_name name of next filesystem
2313 * zc_cookie zap cursor
2314 * zc_objset_stats stats
2315 * zc_nvlist_dst property nvlist
2316 * zc_nvlist_dst_size size of property nvlist
2317 */
2318 static int
zfs_ioc_dataset_list_next(zfs_cmd_t * zc)2319 zfs_ioc_dataset_list_next(zfs_cmd_t *zc)
2320 {
2321 objset_t *os;
2322 int error;
2323 char *p;
2324 size_t orig_len = strlen(zc->zc_name);
2325
2326 top:
2327 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os)) {
2328 if (error == ENOENT)
2329 error = SET_ERROR(ESRCH);
2330 return (error);
2331 }
2332
2333 p = strrchr(zc->zc_name, '/');
2334 if (p == NULL || p[1] != '\0')
2335 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name));
2336 p = zc->zc_name + strlen(zc->zc_name);
2337
2338 do {
2339 error = dmu_dir_list_next(os,
2340 sizeof (zc->zc_name) - (p - zc->zc_name), p,
2341 NULL, &zc->zc_cookie);
2342 if (error == ENOENT)
2343 error = SET_ERROR(ESRCH);
2344 } while (error == 0 && dataset_name_hidden(zc->zc_name));
2345 dmu_objset_rele(os, FTAG);
2346
2347 /*
2348 * If it's an internal dataset (ie. with a '$' in its name),
2349 * don't try to get stats for it, otherwise we'll return ENOENT.
2350 */
2351 if (error == 0 && strchr(zc->zc_name, '$') == NULL) {
2352 error = zfs_ioc_objset_stats(zc); /* fill in the stats */
2353 if (error == ENOENT) {
2354 /* We lost a race with destroy, get the next one. */
2355 zc->zc_name[orig_len] = '\0';
2356 goto top;
2357 }
2358 }
2359 return (error);
2360 }
2361
2362 /*
2363 * inputs:
2364 * zc_name name of filesystem
2365 * zc_cookie zap cursor
2366 * zc_nvlist_dst_size size of buffer for property nvlist
2367 * zc_simple when set, only name is requested
2368 *
2369 * outputs:
2370 * zc_name name of next snapshot
2371 * zc_objset_stats stats
2372 * zc_nvlist_dst property nvlist
2373 * zc_nvlist_dst_size size of property nvlist
2374 */
2375 static int
zfs_ioc_snapshot_list_next(zfs_cmd_t * zc)2376 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc)
2377 {
2378 objset_t *os;
2379 int error;
2380
2381 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2382 if (error != 0) {
2383 return (error == ENOENT ? ESRCH : error);
2384 }
2385
2386 /*
2387 * A dataset name of maximum length cannot have any snapshots,
2388 * so exit immediately.
2389 */
2390 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >=
2391 ZFS_MAX_DATASET_NAME_LEN) {
2392 dmu_objset_rele(os, FTAG);
2393 return (SET_ERROR(ESRCH));
2394 }
2395
2396 error = dmu_snapshot_list_next(os,
2397 sizeof (zc->zc_name) - strlen(zc->zc_name),
2398 zc->zc_name + strlen(zc->zc_name), &zc->zc_obj, &zc->zc_cookie,
2399 NULL);
2400
2401 if (error == 0 && !zc->zc_simple) {
2402 dsl_dataset_t *ds;
2403 dsl_pool_t *dp = os->os_dsl_dataset->ds_dir->dd_pool;
2404
2405 error = dsl_dataset_hold_obj(dp, zc->zc_obj, FTAG, &ds);
2406 if (error == 0) {
2407 objset_t *ossnap;
2408
2409 error = dmu_objset_from_ds(ds, &ossnap);
2410 if (error == 0)
2411 error = zfs_ioc_objset_stats_impl(zc, ossnap);
2412 dsl_dataset_rele(ds, FTAG);
2413 }
2414 } else if (error == ENOENT) {
2415 error = SET_ERROR(ESRCH);
2416 }
2417
2418 dmu_objset_rele(os, FTAG);
2419 /* if we failed, undo the @ that we tacked on to zc_name */
2420 if (error != 0)
2421 *strchr(zc->zc_name, '@') = '\0';
2422 return (error);
2423 }
2424
2425 static int
zfs_prop_set_userquota(const char * dsname,nvpair_t * pair)2426 zfs_prop_set_userquota(const char *dsname, nvpair_t *pair)
2427 {
2428 const char *propname = nvpair_name(pair);
2429 uint64_t *valary;
2430 unsigned int vallen;
2431 const char *domain;
2432 char *dash;
2433 zfs_userquota_prop_t type;
2434 uint64_t rid;
2435 uint64_t quota;
2436 zfsvfs_t *zfsvfs;
2437 int err;
2438
2439 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2440 nvlist_t *attrs;
2441 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2442 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2443 &pair) != 0)
2444 return (SET_ERROR(EINVAL));
2445 }
2446
2447 /*
2448 * A correctly constructed propname is encoded as
2449 * userquota@<rid>-<domain>.
2450 */
2451 if ((dash = strchr(propname, '-')) == NULL ||
2452 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 ||
2453 vallen != 3)
2454 return (SET_ERROR(EINVAL));
2455
2456 domain = dash + 1;
2457 type = valary[0];
2458 rid = valary[1];
2459 quota = valary[2];
2460
2461 err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE);
2462 if (err == 0) {
2463 err = zfs_set_userquota(zfsvfs, type, domain, rid, quota);
2464 zfsvfs_rele(zfsvfs, FTAG);
2465 }
2466
2467 return (err);
2468 }
2469
2470 /*
2471 * If the named property is one that has a special function to set its value,
2472 * return 0 on success and a positive error code on failure; otherwise if it is
2473 * not one of the special properties handled by this function, return -1.
2474 *
2475 * XXX: It would be better for callers of the property interface if we handled
2476 * these special cases in dsl_prop.c (in the dsl layer).
2477 */
2478 static int
zfs_prop_set_special(const char * dsname,zprop_source_t source,nvpair_t * pair)2479 zfs_prop_set_special(const char *dsname, zprop_source_t source,
2480 nvpair_t *pair)
2481 {
2482 const char *propname = nvpair_name(pair);
2483 zfs_prop_t prop = zfs_name_to_prop(propname);
2484 uint64_t intval;
2485 int err = -1;
2486
2487 if (prop == ZPROP_INVAL) {
2488 if (zfs_prop_userquota(propname))
2489 return (zfs_prop_set_userquota(dsname, pair));
2490 return (-1);
2491 }
2492
2493 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2494 nvlist_t *attrs;
2495 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2496 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2497 &pair) == 0);
2498 }
2499
2500 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING)
2501 return (-1);
2502
2503 VERIFY(0 == nvpair_value_uint64(pair, &intval));
2504
2505 switch (prop) {
2506 case ZFS_PROP_QUOTA:
2507 err = dsl_dir_set_quota(dsname, source, intval);
2508 break;
2509 case ZFS_PROP_REFQUOTA:
2510 err = dsl_dataset_set_refquota(dsname, source, intval);
2511 break;
2512 case ZFS_PROP_FILESYSTEM_LIMIT:
2513 case ZFS_PROP_SNAPSHOT_LIMIT:
2514 if (intval == UINT64_MAX) {
2515 /* clearing the limit, just do it */
2516 err = 0;
2517 } else {
2518 err = dsl_dir_activate_fs_ss_limit(dsname);
2519 }
2520 /*
2521 * Set err to -1 to force the zfs_set_prop_nvlist code down the
2522 * default path to set the value in the nvlist.
2523 */
2524 if (err == 0)
2525 err = -1;
2526 break;
2527 case ZFS_PROP_RESERVATION:
2528 err = dsl_dir_set_reservation(dsname, source, intval);
2529 break;
2530 case ZFS_PROP_REFRESERVATION:
2531 err = dsl_dataset_set_refreservation(dsname, source, intval);
2532 break;
2533 case ZFS_PROP_VOLSIZE:
2534 err = zvol_set_volsize(dsname, intval);
2535 break;
2536 case ZFS_PROP_VERSION:
2537 {
2538 zfsvfs_t *zfsvfs;
2539
2540 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0)
2541 break;
2542
2543 err = zfs_set_version(zfsvfs, intval);
2544 zfsvfs_rele(zfsvfs, FTAG);
2545
2546 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) {
2547 zfs_cmd_t *zc;
2548
2549 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
2550 (void) strcpy(zc->zc_name, dsname);
2551 (void) zfs_ioc_userspace_upgrade(zc);
2552 kmem_free(zc, sizeof (zfs_cmd_t));
2553 }
2554 break;
2555 }
2556 default:
2557 err = -1;
2558 }
2559
2560 return (err);
2561 }
2562
2563 /*
2564 * This function is best effort. If it fails to set any of the given properties,
2565 * it continues to set as many as it can and returns the last error
2566 * encountered. If the caller provides a non-NULL errlist, it will be filled in
2567 * with the list of names of all the properties that failed along with the
2568 * corresponding error numbers.
2569 *
2570 * If every property is set successfully, zero is returned and errlist is not
2571 * modified.
2572 */
2573 int
zfs_set_prop_nvlist(const char * dsname,zprop_source_t source,nvlist_t * nvl,nvlist_t * errlist)2574 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl,
2575 nvlist_t *errlist)
2576 {
2577 nvpair_t *pair;
2578 nvpair_t *propval;
2579 int rv = 0;
2580 uint64_t intval;
2581 char *strval;
2582 nvlist_t *genericnvl = fnvlist_alloc();
2583 nvlist_t *retrynvl = fnvlist_alloc();
2584
2585 retry:
2586 pair = NULL;
2587 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2588 const char *propname = nvpair_name(pair);
2589 zfs_prop_t prop = zfs_name_to_prop(propname);
2590 int err = 0;
2591
2592 /* decode the property value */
2593 propval = pair;
2594 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2595 nvlist_t *attrs;
2596 attrs = fnvpair_value_nvlist(pair);
2597 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2598 &propval) != 0)
2599 err = SET_ERROR(EINVAL);
2600 }
2601
2602 /* Validate value type */
2603 if (err == 0 && prop == ZPROP_INVAL) {
2604 if (zfs_prop_user(propname)) {
2605 if (nvpair_type(propval) != DATA_TYPE_STRING)
2606 err = SET_ERROR(EINVAL);
2607 } else if (zfs_prop_userquota(propname)) {
2608 if (nvpair_type(propval) !=
2609 DATA_TYPE_UINT64_ARRAY)
2610 err = SET_ERROR(EINVAL);
2611 } else {
2612 err = SET_ERROR(EINVAL);
2613 }
2614 } else if (err == 0) {
2615 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2616 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING)
2617 err = SET_ERROR(EINVAL);
2618 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) {
2619 const char *unused;
2620
2621 intval = fnvpair_value_uint64(propval);
2622
2623 switch (zfs_prop_get_type(prop)) {
2624 case PROP_TYPE_NUMBER:
2625 break;
2626 case PROP_TYPE_STRING:
2627 err = SET_ERROR(EINVAL);
2628 break;
2629 case PROP_TYPE_INDEX:
2630 if (zfs_prop_index_to_string(prop,
2631 intval, &unused) != 0)
2632 err = SET_ERROR(EINVAL);
2633 break;
2634 default:
2635 cmn_err(CE_PANIC,
2636 "unknown property type");
2637 }
2638 } else {
2639 err = SET_ERROR(EINVAL);
2640 }
2641 }
2642
2643 /* Validate permissions */
2644 if (err == 0)
2645 err = zfs_check_settable(dsname, pair, CRED());
2646
2647 if (err == 0) {
2648 err = zfs_prop_set_special(dsname, source, pair);
2649 if (err == -1) {
2650 /*
2651 * For better performance we build up a list of
2652 * properties to set in a single transaction.
2653 */
2654 err = nvlist_add_nvpair(genericnvl, pair);
2655 } else if (err != 0 && nvl != retrynvl) {
2656 /*
2657 * This may be a spurious error caused by
2658 * receiving quota and reservation out of order.
2659 * Try again in a second pass.
2660 */
2661 err = nvlist_add_nvpair(retrynvl, pair);
2662 }
2663 }
2664
2665 if (err != 0) {
2666 if (errlist != NULL)
2667 fnvlist_add_int32(errlist, propname, err);
2668 rv = err;
2669 }
2670 }
2671
2672 if (nvl != retrynvl && !nvlist_empty(retrynvl)) {
2673 nvl = retrynvl;
2674 goto retry;
2675 }
2676
2677 if (!nvlist_empty(genericnvl) &&
2678 dsl_props_set(dsname, source, genericnvl) != 0) {
2679 /*
2680 * If this fails, we still want to set as many properties as we
2681 * can, so try setting them individually.
2682 */
2683 pair = NULL;
2684 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) {
2685 const char *propname = nvpair_name(pair);
2686 int err = 0;
2687
2688 propval = pair;
2689 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2690 nvlist_t *attrs;
2691 attrs = fnvpair_value_nvlist(pair);
2692 propval = fnvlist_lookup_nvpair(attrs,
2693 ZPROP_VALUE);
2694 }
2695
2696 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2697 strval = fnvpair_value_string(propval);
2698 err = dsl_prop_set_string(dsname, propname,
2699 source, strval);
2700 } else {
2701 intval = fnvpair_value_uint64(propval);
2702 err = dsl_prop_set_int(dsname, propname, source,
2703 intval);
2704 }
2705
2706 if (err != 0) {
2707 if (errlist != NULL) {
2708 fnvlist_add_int32(errlist, propname,
2709 err);
2710 }
2711 rv = err;
2712 }
2713 }
2714 }
2715 nvlist_free(genericnvl);
2716 nvlist_free(retrynvl);
2717
2718 return (rv);
2719 }
2720
2721 /*
2722 * Check that all the properties are valid user properties.
2723 */
2724 static int
zfs_check_userprops(const char * fsname,nvlist_t * nvl)2725 zfs_check_userprops(const char *fsname, nvlist_t *nvl)
2726 {
2727 nvpair_t *pair = NULL;
2728 int error = 0;
2729
2730 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2731 const char *propname = nvpair_name(pair);
2732
2733 if (!zfs_prop_user(propname) ||
2734 nvpair_type(pair) != DATA_TYPE_STRING)
2735 return (SET_ERROR(EINVAL));
2736
2737 if (error = zfs_secpolicy_write_perms(fsname,
2738 ZFS_DELEG_PERM_USERPROP, CRED()))
2739 return (error);
2740
2741 if (strlen(propname) >= ZAP_MAXNAMELEN)
2742 return (SET_ERROR(ENAMETOOLONG));
2743
2744 if (strlen(fnvpair_value_string(pair)) >= ZAP_MAXVALUELEN)
2745 return (E2BIG);
2746 }
2747 return (0);
2748 }
2749
2750 static void
props_skip(nvlist_t * props,nvlist_t * skipped,nvlist_t ** newprops)2751 props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops)
2752 {
2753 nvpair_t *pair;
2754
2755 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2756
2757 pair = NULL;
2758 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) {
2759 if (nvlist_exists(skipped, nvpair_name(pair)))
2760 continue;
2761
2762 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0);
2763 }
2764 }
2765
2766 static int
clear_received_props(const char * dsname,nvlist_t * props,nvlist_t * skipped)2767 clear_received_props(const char *dsname, nvlist_t *props,
2768 nvlist_t *skipped)
2769 {
2770 int err = 0;
2771 nvlist_t *cleared_props = NULL;
2772 props_skip(props, skipped, &cleared_props);
2773 if (!nvlist_empty(cleared_props)) {
2774 /*
2775 * Acts on local properties until the dataset has received
2776 * properties at least once on or after SPA_VERSION_RECVD_PROPS.
2777 */
2778 zprop_source_t flags = (ZPROP_SRC_NONE |
2779 (dsl_prop_get_hasrecvd(dsname) ? ZPROP_SRC_RECEIVED : 0));
2780 err = zfs_set_prop_nvlist(dsname, flags, cleared_props, NULL);
2781 }
2782 nvlist_free(cleared_props);
2783 return (err);
2784 }
2785
2786 /*
2787 * inputs:
2788 * zc_name name of filesystem
2789 * zc_value name of property to set
2790 * zc_nvlist_src{_size} nvlist of properties to apply
2791 * zc_cookie received properties flag
2792 *
2793 * outputs:
2794 * zc_nvlist_dst{_size} error for each unapplied received property
2795 */
2796 static int
zfs_ioc_set_prop(zfs_cmd_t * zc)2797 zfs_ioc_set_prop(zfs_cmd_t *zc)
2798 {
2799 nvlist_t *nvl;
2800 boolean_t received = zc->zc_cookie;
2801 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED :
2802 ZPROP_SRC_LOCAL);
2803 nvlist_t *errors;
2804 int error;
2805
2806 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2807 zc->zc_iflags, &nvl)) != 0)
2808 return (error);
2809
2810 if (received) {
2811 nvlist_t *origprops;
2812
2813 if (dsl_prop_get_received(zc->zc_name, &origprops) == 0) {
2814 (void) clear_received_props(zc->zc_name,
2815 origprops, nvl);
2816 nvlist_free(origprops);
2817 }
2818
2819 error = dsl_prop_set_hasrecvd(zc->zc_name);
2820 }
2821
2822 errors = fnvlist_alloc();
2823 if (error == 0)
2824 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, errors);
2825
2826 if (zc->zc_nvlist_dst != 0 && errors != NULL) {
2827 (void) put_nvlist(zc, errors);
2828 }
2829
2830 nvlist_free(errors);
2831 nvlist_free(nvl);
2832 return (error);
2833 }
2834
2835 /*
2836 * inputs:
2837 * zc_name name of filesystem
2838 * zc_value name of property to inherit
2839 * zc_cookie revert to received value if TRUE
2840 *
2841 * outputs: none
2842 */
2843 static int
zfs_ioc_inherit_prop(zfs_cmd_t * zc)2844 zfs_ioc_inherit_prop(zfs_cmd_t *zc)
2845 {
2846 const char *propname = zc->zc_value;
2847 zfs_prop_t prop = zfs_name_to_prop(propname);
2848 boolean_t received = zc->zc_cookie;
2849 zprop_source_t source = (received
2850 ? ZPROP_SRC_NONE /* revert to received value, if any */
2851 : ZPROP_SRC_INHERITED); /* explicitly inherit */
2852
2853 if (received) {
2854 nvlist_t *dummy;
2855 nvpair_t *pair;
2856 zprop_type_t type;
2857 int err;
2858
2859 /*
2860 * zfs_prop_set_special() expects properties in the form of an
2861 * nvpair with type info.
2862 */
2863 if (prop == ZPROP_INVAL) {
2864 if (!zfs_prop_user(propname))
2865 return (SET_ERROR(EINVAL));
2866
2867 type = PROP_TYPE_STRING;
2868 } else if (prop == ZFS_PROP_VOLSIZE ||
2869 prop == ZFS_PROP_VERSION) {
2870 return (SET_ERROR(EINVAL));
2871 } else {
2872 type = zfs_prop_get_type(prop);
2873 }
2874
2875 VERIFY(nvlist_alloc(&dummy, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2876
2877 switch (type) {
2878 case PROP_TYPE_STRING:
2879 VERIFY(0 == nvlist_add_string(dummy, propname, ""));
2880 break;
2881 case PROP_TYPE_NUMBER:
2882 case PROP_TYPE_INDEX:
2883 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0));
2884 break;
2885 default:
2886 nvlist_free(dummy);
2887 return (SET_ERROR(EINVAL));
2888 }
2889
2890 pair = nvlist_next_nvpair(dummy, NULL);
2891 err = zfs_prop_set_special(zc->zc_name, source, pair);
2892 nvlist_free(dummy);
2893 if (err != -1)
2894 return (err); /* special property already handled */
2895 } else {
2896 /*
2897 * Only check this in the non-received case. We want to allow
2898 * 'inherit -S' to revert non-inheritable properties like quota
2899 * and reservation to the received or default values even though
2900 * they are not considered inheritable.
2901 */
2902 if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop))
2903 return (SET_ERROR(EINVAL));
2904 }
2905
2906 /* property name has been validated by zfs_secpolicy_inherit_prop() */
2907 return (dsl_prop_inherit(zc->zc_name, zc->zc_value, source));
2908 }
2909
2910 static int
zfs_ioc_pool_set_props(zfs_cmd_t * zc)2911 zfs_ioc_pool_set_props(zfs_cmd_t *zc)
2912 {
2913 nvlist_t *props;
2914 spa_t *spa;
2915 int error;
2916 nvpair_t *pair;
2917
2918 if (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2919 zc->zc_iflags, &props))
2920 return (error);
2921
2922 /*
2923 * If the only property is the configfile, then just do a spa_lookup()
2924 * to handle the faulted case.
2925 */
2926 pair = nvlist_next_nvpair(props, NULL);
2927 if (pair != NULL && strcmp(nvpair_name(pair),
2928 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 &&
2929 nvlist_next_nvpair(props, pair) == NULL) {
2930 mutex_enter(&spa_namespace_lock);
2931 if ((spa = spa_lookup(zc->zc_name)) != NULL) {
2932 spa_configfile_set(spa, props, B_FALSE);
2933 spa_config_sync(spa, B_FALSE, B_TRUE);
2934 }
2935 mutex_exit(&spa_namespace_lock);
2936 if (spa != NULL) {
2937 nvlist_free(props);
2938 return (0);
2939 }
2940 }
2941
2942 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2943 nvlist_free(props);
2944 return (error);
2945 }
2946
2947 error = spa_prop_set(spa, props);
2948
2949 nvlist_free(props);
2950 spa_close(spa, FTAG);
2951
2952 return (error);
2953 }
2954
2955 static int
zfs_ioc_pool_get_props(zfs_cmd_t * zc)2956 zfs_ioc_pool_get_props(zfs_cmd_t *zc)
2957 {
2958 spa_t *spa;
2959 int error;
2960 nvlist_t *nvp = NULL;
2961
2962 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2963 /*
2964 * If the pool is faulted, there may be properties we can still
2965 * get (such as altroot and cachefile), so attempt to get them
2966 * anyway.
2967 */
2968 mutex_enter(&spa_namespace_lock);
2969 if ((spa = spa_lookup(zc->zc_name)) != NULL)
2970 error = spa_prop_get(spa, &nvp);
2971 mutex_exit(&spa_namespace_lock);
2972 } else {
2973 error = spa_prop_get(spa, &nvp);
2974 spa_close(spa, FTAG);
2975 }
2976
2977 if (error == 0 && zc->zc_nvlist_dst != 0)
2978 error = put_nvlist(zc, nvp);
2979 else
2980 error = SET_ERROR(EFAULT);
2981
2982 nvlist_free(nvp);
2983 return (error);
2984 }
2985
2986 /*
2987 * inputs:
2988 * zc_name name of filesystem
2989 * zc_nvlist_src{_size} nvlist of delegated permissions
2990 * zc_perm_action allow/unallow flag
2991 *
2992 * outputs: none
2993 */
2994 static int
zfs_ioc_set_fsacl(zfs_cmd_t * zc)2995 zfs_ioc_set_fsacl(zfs_cmd_t *zc)
2996 {
2997 int error;
2998 nvlist_t *fsaclnv = NULL;
2999
3000 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
3001 zc->zc_iflags, &fsaclnv)) != 0)
3002 return (error);
3003
3004 /*
3005 * Verify nvlist is constructed correctly
3006 */
3007 if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) {
3008 nvlist_free(fsaclnv);
3009 return (SET_ERROR(EINVAL));
3010 }
3011
3012 /*
3013 * If we don't have PRIV_SYS_MOUNT, then validate
3014 * that user is allowed to hand out each permission in
3015 * the nvlist(s)
3016 */
3017
3018 error = secpolicy_zfs(CRED());
3019 if (error != 0) {
3020 if (zc->zc_perm_action == B_FALSE) {
3021 error = dsl_deleg_can_allow(zc->zc_name,
3022 fsaclnv, CRED());
3023 } else {
3024 error = dsl_deleg_can_unallow(zc->zc_name,
3025 fsaclnv, CRED());
3026 }
3027 }
3028
3029 if (error == 0)
3030 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action);
3031
3032 nvlist_free(fsaclnv);
3033 return (error);
3034 }
3035
3036 /*
3037 * inputs:
3038 * zc_name name of filesystem
3039 *
3040 * outputs:
3041 * zc_nvlist_src{_size} nvlist of delegated permissions
3042 */
3043 static int
zfs_ioc_get_fsacl(zfs_cmd_t * zc)3044 zfs_ioc_get_fsacl(zfs_cmd_t *zc)
3045 {
3046 nvlist_t *nvp;
3047 int error;
3048
3049 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) {
3050 error = put_nvlist(zc, nvp);
3051 nvlist_free(nvp);
3052 }
3053
3054 return (error);
3055 }
3056
3057 /*
3058 * Search the vfs list for a specified resource. Returns a pointer to it
3059 * or NULL if no suitable entry is found. The caller of this routine
3060 * is responsible for releasing the returned vfs pointer.
3061 */
3062 static vfs_t *
zfs_get_vfs(const char * resource)3063 zfs_get_vfs(const char *resource)
3064 {
3065 vfs_t *vfsp;
3066
3067 #ifdef __FreeBSD__
3068 mtx_lock(&mountlist_mtx);
3069 TAILQ_FOREACH(vfsp, &mountlist, mnt_list) {
3070 if (strcmp(refstr_value(vfsp->vfs_resource), resource) == 0) {
3071 if (vfs_busy(vfsp, MBF_MNTLSTLOCK) != 0)
3072 vfsp = NULL;
3073 break;
3074 }
3075 }
3076 if (vfsp == NULL)
3077 mtx_unlock(&mountlist_mtx);
3078 #endif
3079 #ifdef __NetBSD__
3080 mount_iterator_t *iter;
3081
3082 mountlist_iterator_init(&iter);
3083 while ((vfsp = mountlist_iterator_next(iter)) != NULL) {
3084 if (strcmp(refstr_value(vfsp->vfs_resource), resource) == 0) {
3085 if (vfs_busy(vfsp, 0) != 0)
3086 vfsp = NULL;
3087 break;
3088 }
3089 }
3090 mountlist_iterator_destroy(iter);
3091 #endif
3092
3093 return (vfsp);
3094 }
3095
3096 /* ARGSUSED */
3097 static void
zfs_create_cb(objset_t * os,void * arg,cred_t * cr,dmu_tx_t * tx)3098 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx)
3099 {
3100 zfs_creat_t *zct = arg;
3101
3102 zfs_create_fs(os, cr, zct->zct_zplprops, tx);
3103 }
3104
3105 #define ZFS_PROP_UNDEFINED ((uint64_t)-1)
3106
3107 /*
3108 * inputs:
3109 * os parent objset pointer (NULL if root fs)
3110 * fuids_ok fuids allowed in this version of the spa?
3111 * sa_ok SAs allowed in this version of the spa?
3112 * createprops list of properties requested by creator
3113 *
3114 * outputs:
3115 * zplprops values for the zplprops we attach to the master node object
3116 * is_ci true if requested file system will be purely case-insensitive
3117 *
3118 * Determine the settings for utf8only, normalization and
3119 * casesensitivity. Specific values may have been requested by the
3120 * creator and/or we can inherit values from the parent dataset. If
3121 * the file system is of too early a vintage, a creator can not
3122 * request settings for these properties, even if the requested
3123 * setting is the default value. We don't actually want to create dsl
3124 * properties for these, so remove them from the source nvlist after
3125 * processing.
3126 */
3127 static int
zfs_fill_zplprops_impl(objset_t * os,uint64_t zplver,boolean_t fuids_ok,boolean_t sa_ok,nvlist_t * createprops,nvlist_t * zplprops,boolean_t * is_ci)3128 zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver,
3129 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops,
3130 nvlist_t *zplprops, boolean_t *is_ci)
3131 {
3132 uint64_t sense = ZFS_PROP_UNDEFINED;
3133 uint64_t norm = ZFS_PROP_UNDEFINED;
3134 uint64_t u8 = ZFS_PROP_UNDEFINED;
3135
3136 ASSERT(zplprops != NULL);
3137
3138 /*
3139 * Pull out creator prop choices, if any.
3140 */
3141 if (createprops) {
3142 (void) nvlist_lookup_uint64(createprops,
3143 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver);
3144 (void) nvlist_lookup_uint64(createprops,
3145 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm);
3146 (void) nvlist_remove_all(createprops,
3147 zfs_prop_to_name(ZFS_PROP_NORMALIZE));
3148 (void) nvlist_lookup_uint64(createprops,
3149 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8);
3150 (void) nvlist_remove_all(createprops,
3151 zfs_prop_to_name(ZFS_PROP_UTF8ONLY));
3152 (void) nvlist_lookup_uint64(createprops,
3153 zfs_prop_to_name(ZFS_PROP_CASE), &sense);
3154 (void) nvlist_remove_all(createprops,
3155 zfs_prop_to_name(ZFS_PROP_CASE));
3156 }
3157
3158 /*
3159 * If the zpl version requested is whacky or the file system
3160 * or pool is version is too "young" to support normalization
3161 * and the creator tried to set a value for one of the props,
3162 * error out.
3163 */
3164 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) ||
3165 (zplver >= ZPL_VERSION_FUID && !fuids_ok) ||
3166 (zplver >= ZPL_VERSION_SA && !sa_ok) ||
3167 (zplver < ZPL_VERSION_NORMALIZATION &&
3168 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED ||
3169 sense != ZFS_PROP_UNDEFINED)))
3170 return (SET_ERROR(ENOTSUP));
3171
3172 /*
3173 * Put the version in the zplprops
3174 */
3175 VERIFY(nvlist_add_uint64(zplprops,
3176 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0);
3177
3178 if (norm == ZFS_PROP_UNDEFINED)
3179 VERIFY(zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm) == 0);
3180 VERIFY(nvlist_add_uint64(zplprops,
3181 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0);
3182
3183 /*
3184 * If we're normalizing, names must always be valid UTF-8 strings.
3185 */
3186 if (norm)
3187 u8 = 1;
3188 if (u8 == ZFS_PROP_UNDEFINED)
3189 VERIFY(zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8) == 0);
3190 VERIFY(nvlist_add_uint64(zplprops,
3191 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0);
3192
3193 if (sense == ZFS_PROP_UNDEFINED)
3194 VERIFY(zfs_get_zplprop(os, ZFS_PROP_CASE, &sense) == 0);
3195 VERIFY(nvlist_add_uint64(zplprops,
3196 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0);
3197
3198 if (is_ci)
3199 *is_ci = (sense == ZFS_CASE_INSENSITIVE);
3200
3201 return (0);
3202 }
3203
3204 static int
zfs_fill_zplprops(const char * dataset,nvlist_t * createprops,nvlist_t * zplprops,boolean_t * is_ci)3205 zfs_fill_zplprops(const char *dataset, nvlist_t *createprops,
3206 nvlist_t *zplprops, boolean_t *is_ci)
3207 {
3208 boolean_t fuids_ok, sa_ok;
3209 uint64_t zplver = ZPL_VERSION;
3210 objset_t *os = NULL;
3211 char parentname[ZFS_MAX_DATASET_NAME_LEN];
3212 char *cp;
3213 spa_t *spa;
3214 uint64_t spa_vers;
3215 int error;
3216
3217 (void) strlcpy(parentname, dataset, sizeof (parentname));
3218 cp = strrchr(parentname, '/');
3219 ASSERT(cp != NULL);
3220 cp[0] = '\0';
3221
3222 if ((error = spa_open(dataset, &spa, FTAG)) != 0)
3223 return (error);
3224
3225 spa_vers = spa_version(spa);
3226 spa_close(spa, FTAG);
3227
3228 zplver = zfs_zpl_version_map(spa_vers);
3229 fuids_ok = (zplver >= ZPL_VERSION_FUID);
3230 sa_ok = (zplver >= ZPL_VERSION_SA);
3231
3232 /*
3233 * Open parent object set so we can inherit zplprop values.
3234 */
3235 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0)
3236 return (error);
3237
3238 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops,
3239 zplprops, is_ci);
3240 dmu_objset_rele(os, FTAG);
3241 return (error);
3242 }
3243
3244 static int
zfs_fill_zplprops_root(uint64_t spa_vers,nvlist_t * createprops,nvlist_t * zplprops,boolean_t * is_ci)3245 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops,
3246 nvlist_t *zplprops, boolean_t *is_ci)
3247 {
3248 boolean_t fuids_ok;
3249 boolean_t sa_ok;
3250 uint64_t zplver = ZPL_VERSION;
3251 int error;
3252
3253 zplver = zfs_zpl_version_map(spa_vers);
3254 fuids_ok = (zplver >= ZPL_VERSION_FUID);
3255 sa_ok = (zplver >= ZPL_VERSION_SA);
3256
3257 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok,
3258 createprops, zplprops, is_ci);
3259 return (error);
3260 }
3261
3262 /*
3263 * innvl: {
3264 * "type" -> dmu_objset_type_t (int32)
3265 * (optional) "props" -> { prop -> value }
3266 * }
3267 *
3268 * outnvl: propname -> error code (int32)
3269 */
3270 static int
zfs_ioc_create(const char * fsname,nvlist_t * innvl,nvlist_t * outnvl)3271 zfs_ioc_create(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3272 {
3273 int error = 0;
3274 zfs_creat_t zct = { 0 };
3275 nvlist_t *nvprops = NULL;
3276 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx);
3277 int32_t type32;
3278 dmu_objset_type_t type;
3279 boolean_t is_insensitive = B_FALSE;
3280
3281 if (nvlist_lookup_int32(innvl, "type", &type32) != 0)
3282 return (SET_ERROR(EINVAL));
3283 type = type32;
3284 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3285
3286 switch (type) {
3287 case DMU_OST_ZFS:
3288 cbfunc = zfs_create_cb;
3289 break;
3290
3291 case DMU_OST_ZVOL:
3292 cbfunc = zvol_create_cb;
3293 break;
3294
3295 default:
3296 cbfunc = NULL;
3297 break;
3298 }
3299 if (strchr(fsname, '@') ||
3300 strchr(fsname, '%'))
3301 return (SET_ERROR(EINVAL));
3302
3303 zct.zct_props = nvprops;
3304
3305 if (cbfunc == NULL)
3306 return (SET_ERROR(EINVAL));
3307
3308 if (type == DMU_OST_ZVOL) {
3309 uint64_t volsize, volblocksize;
3310
3311 if (nvprops == NULL)
3312 return (SET_ERROR(EINVAL));
3313 if (nvlist_lookup_uint64(nvprops,
3314 zfs_prop_to_name(ZFS_PROP_VOLSIZE), &volsize) != 0)
3315 return (SET_ERROR(EINVAL));
3316
3317 if ((error = nvlist_lookup_uint64(nvprops,
3318 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
3319 &volblocksize)) != 0 && error != ENOENT)
3320 return (SET_ERROR(EINVAL));
3321
3322 if (error != 0)
3323 volblocksize = zfs_prop_default_numeric(
3324 ZFS_PROP_VOLBLOCKSIZE);
3325
3326 if ((error = zvol_check_volblocksize(
3327 volblocksize)) != 0 ||
3328 (error = zvol_check_volsize(volsize,
3329 volblocksize)) != 0)
3330 return (error);
3331 } else if (type == DMU_OST_ZFS) {
3332 int error;
3333
3334 /*
3335 * We have to have normalization and
3336 * case-folding flags correct when we do the
3337 * file system creation, so go figure them out
3338 * now.
3339 */
3340 VERIFY(nvlist_alloc(&zct.zct_zplprops,
3341 NV_UNIQUE_NAME, KM_SLEEP) == 0);
3342 error = zfs_fill_zplprops(fsname, nvprops,
3343 zct.zct_zplprops, &is_insensitive);
3344 if (error != 0) {
3345 nvlist_free(zct.zct_zplprops);
3346 return (error);
3347 }
3348 }
3349
3350 error = dmu_objset_create(fsname, type,
3351 is_insensitive ? DS_FLAG_CI_DATASET : 0, cbfunc, &zct);
3352 nvlist_free(zct.zct_zplprops);
3353
3354 /*
3355 * It would be nice to do this atomically.
3356 */
3357 if (error == 0) {
3358 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3359 nvprops, outnvl);
3360 if (error != 0)
3361 (void) dsl_destroy_head(fsname);
3362 }
3363 if (error == 0 && type == DMU_OST_ZVOL)
3364 zvol_create_minors(fsname);
3365 return (error);
3366 }
3367
3368 /*
3369 * innvl: {
3370 * "origin" -> name of origin snapshot
3371 * (optional) "props" -> { prop -> value }
3372 * }
3373 *
3374 * outnvl: propname -> error code (int32)
3375 */
3376 static int
zfs_ioc_clone(const char * fsname,nvlist_t * innvl,nvlist_t * outnvl)3377 zfs_ioc_clone(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3378 {
3379 int error = 0;
3380 nvlist_t *nvprops = NULL;
3381 char *origin_name;
3382
3383 if (nvlist_lookup_string(innvl, "origin", &origin_name) != 0)
3384 return (SET_ERROR(EINVAL));
3385 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3386
3387 if (strchr(fsname, '@') ||
3388 strchr(fsname, '%'))
3389 return (SET_ERROR(EINVAL));
3390
3391 if (dataset_namecheck(origin_name, NULL, NULL) != 0)
3392 return (SET_ERROR(EINVAL));
3393 error = dmu_objset_clone(fsname, origin_name);
3394 if (error != 0)
3395 return (error);
3396
3397 /*
3398 * It would be nice to do this atomically.
3399 */
3400 if (error == 0) {
3401 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3402 nvprops, outnvl);
3403 if (error != 0)
3404 (void) dsl_destroy_head(fsname);
3405 }
3406 if (error == 0)
3407 zvol_create_minors(fsname);
3408 return (error);
3409 }
3410
3411 /*
3412 * innvl: {
3413 * "snaps" -> { snapshot1, snapshot2 }
3414 * (optional) "props" -> { prop -> value (string) }
3415 * }
3416 *
3417 * outnvl: snapshot -> error code (int32)
3418 */
3419 static int
zfs_ioc_snapshot(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)3420 zfs_ioc_snapshot(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3421 {
3422 nvlist_t *snaps;
3423 nvlist_t *props = NULL;
3424 int error, poollen;
3425 nvpair_t *pair;
3426
3427 (void) nvlist_lookup_nvlist(innvl, "props", &props);
3428 if ((error = zfs_check_userprops(poolname, props)) != 0)
3429 return (error);
3430
3431 if (!nvlist_empty(props) &&
3432 zfs_earlier_version(poolname, SPA_VERSION_SNAP_PROPS))
3433 return (SET_ERROR(ENOTSUP));
3434
3435 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
3436 return (SET_ERROR(EINVAL));
3437 poollen = strlen(poolname);
3438 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3439 pair = nvlist_next_nvpair(snaps, pair)) {
3440 const char *name = nvpair_name(pair);
3441 const char *cp = strchr(name, '@');
3442
3443 /*
3444 * The snap name must contain an @, and the part after it must
3445 * contain only valid characters.
3446 */
3447 if (cp == NULL ||
3448 zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
3449 return (SET_ERROR(EINVAL));
3450
3451 /*
3452 * The snap must be in the specified pool.
3453 */
3454 if (strncmp(name, poolname, poollen) != 0 ||
3455 (name[poollen] != '/' && name[poollen] != '@'))
3456 return (SET_ERROR(EXDEV));
3457
3458 /* This must be the only snap of this fs. */
3459 for (nvpair_t *pair2 = nvlist_next_nvpair(snaps, pair);
3460 pair2 != NULL; pair2 = nvlist_next_nvpair(snaps, pair2)) {
3461 if (strncmp(name, nvpair_name(pair2), cp - name + 1)
3462 == 0) {
3463 return (SET_ERROR(EXDEV));
3464 }
3465 }
3466 }
3467
3468 error = dsl_dataset_snapshot(snaps, props, outnvl);
3469 return (error);
3470 }
3471
3472 /*
3473 * innvl: "message" -> string
3474 */
3475 /* ARGSUSED */
3476 static int
zfs_ioc_log_history(const char * unused,nvlist_t * innvl,nvlist_t * outnvl)3477 zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl)
3478 {
3479 char *message;
3480 spa_t *spa;
3481 int error;
3482 char *poolname;
3483
3484 /*
3485 * The poolname in the ioctl is not set, we get it from the TSD,
3486 * which was set at the end of the last successful ioctl that allows
3487 * logging. The secpolicy func already checked that it is set.
3488 * Only one log ioctl is allowed after each successful ioctl, so
3489 * we clear the TSD here.
3490 */
3491 poolname = tsd_get(zfs_allow_log_key);
3492 (void) tsd_set(zfs_allow_log_key, NULL);
3493 error = spa_open(poolname, &spa, FTAG);
3494 strfree(poolname);
3495 if (error != 0)
3496 return (error);
3497
3498 if (nvlist_lookup_string(innvl, "message", &message) != 0) {
3499 spa_close(spa, FTAG);
3500 return (SET_ERROR(EINVAL));
3501 }
3502
3503 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
3504 spa_close(spa, FTAG);
3505 return (SET_ERROR(ENOTSUP));
3506 }
3507
3508 error = spa_history_log(spa, message);
3509 spa_close(spa, FTAG);
3510 return (error);
3511 }
3512
3513 #ifdef __FreeBSD__
3514 static int
zfs_ioc_nextboot(const char * unused,nvlist_t * innvl,nvlist_t * outnvl)3515 zfs_ioc_nextboot(const char *unused, nvlist_t *innvl, nvlist_t *outnvl)
3516 {
3517 char name[MAXNAMELEN];
3518 spa_t *spa;
3519 vdev_t *vd;
3520 char *command;
3521 uint64_t pool_guid;
3522 uint64_t vdev_guid;
3523 int error;
3524
3525 if (nvlist_lookup_uint64(innvl,
3526 ZPOOL_CONFIG_POOL_GUID, &pool_guid) != 0)
3527 return (EINVAL);
3528 if (nvlist_lookup_uint64(innvl,
3529 ZPOOL_CONFIG_GUID, &vdev_guid) != 0)
3530 return (EINVAL);
3531 if (nvlist_lookup_string(innvl,
3532 "command", &command) != 0)
3533 return (EINVAL);
3534
3535 mutex_enter(&spa_namespace_lock);
3536 spa = spa_by_guid(pool_guid, vdev_guid);
3537 if (spa != NULL)
3538 strcpy(name, spa_name(spa));
3539 mutex_exit(&spa_namespace_lock);
3540 if (spa == NULL)
3541 return (ENOENT);
3542
3543 if ((error = spa_open(name, &spa, FTAG)) != 0)
3544 return (error);
3545 spa_vdev_state_enter(spa, SCL_ALL);
3546 vd = spa_lookup_by_guid(spa, vdev_guid, B_TRUE);
3547 if (vd == NULL) {
3548 (void) spa_vdev_state_exit(spa, NULL, ENXIO);
3549 spa_close(spa, FTAG);
3550 return (ENODEV);
3551 }
3552 error = vdev_label_write_pad2(vd, command, strlen(command));
3553 (void) spa_vdev_state_exit(spa, NULL, 0);
3554 txg_wait_synced(spa->spa_dsl_pool, 0);
3555 spa_close(spa, FTAG);
3556 return (error);
3557 }
3558 #endif
3559
3560 /*
3561 * The dp_config_rwlock must not be held when calling this, because the
3562 * unmount may need to write out data.
3563 *
3564 * This function is best-effort. Callers must deal gracefully if it
3565 * remains mounted (or is remounted after this call).
3566 *
3567 * Returns 0 if the argument is not a snapshot, or it is not currently a
3568 * filesystem, or we were able to unmount it. Returns error code otherwise.
3569 */
3570 int
zfs_unmount_snap(const char * snapname)3571 zfs_unmount_snap(const char *snapname)
3572 {
3573 vfs_t *vfsp;
3574 zfsvfs_t *zfsvfs;
3575 int err;
3576
3577 if (strchr(snapname, '@') == NULL)
3578 return (0);
3579
3580 vfsp = zfs_get_vfs(snapname);
3581 if (vfsp == NULL)
3582 return (0);
3583
3584 zfsvfs = vfsp->vfs_data;
3585 ASSERT(!dsl_pool_config_held(dmu_objset_pool(zfsvfs->z_os)));
3586
3587 err = vn_vfswlock(vfsp->vfs_vnodecovered);
3588 #ifdef illumos
3589 VFS_RELE(vfsp);
3590 #else
3591 vfs_unbusy(vfsp);
3592 #endif
3593 if (err != 0)
3594 return (SET_ERROR(err));
3595
3596 /*
3597 * Always force the unmount for snapshots.
3598 */
3599
3600 #ifdef illumos
3601 (void) dounmount(vfsp, MS_FORCE, kcred);
3602 #else
3603 vfs_ref(vfsp);
3604 (void) dounmount(vfsp, MS_FORCE, curthread);
3605 #endif
3606 return (0);
3607 }
3608
3609 /* ARGSUSED */
3610 static int
zfs_unmount_snap_cb(const char * snapname,void * arg)3611 zfs_unmount_snap_cb(const char *snapname, void *arg)
3612 {
3613 return (zfs_unmount_snap(snapname));
3614 }
3615
3616 /*
3617 * When a clone is destroyed, its origin may also need to be destroyed,
3618 * in which case it must be unmounted. This routine will do that unmount
3619 * if necessary.
3620 */
3621 void
zfs_destroy_unmount_origin(const char * fsname)3622 zfs_destroy_unmount_origin(const char *fsname)
3623 {
3624 int error;
3625 objset_t *os;
3626 dsl_dataset_t *ds;
3627
3628 error = dmu_objset_hold(fsname, FTAG, &os);
3629 if (error != 0)
3630 return;
3631 ds = dmu_objset_ds(os);
3632 if (dsl_dir_is_clone(ds->ds_dir) && DS_IS_DEFER_DESTROY(ds->ds_prev)) {
3633 char originname[ZFS_MAX_DATASET_NAME_LEN];
3634 dsl_dataset_name(ds->ds_prev, originname);
3635 dmu_objset_rele(os, FTAG);
3636 (void) zfs_unmount_snap(originname);
3637 } else {
3638 dmu_objset_rele(os, FTAG);
3639 }
3640 }
3641
3642 /*
3643 * innvl: {
3644 * "snaps" -> { snapshot1, snapshot2 }
3645 * (optional boolean) "defer"
3646 * }
3647 *
3648 * outnvl: snapshot -> error code (int32)
3649 *
3650 */
3651 /* ARGSUSED */
3652 static int
zfs_ioc_destroy_snaps(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)3653 zfs_ioc_destroy_snaps(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3654 {
3655 int error, poollen;
3656 nvlist_t *snaps;
3657 nvpair_t *pair;
3658 boolean_t defer;
3659
3660 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
3661 return (SET_ERROR(EINVAL));
3662 defer = nvlist_exists(innvl, "defer");
3663
3664 poollen = strlen(poolname);
3665 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3666 pair = nvlist_next_nvpair(snaps, pair)) {
3667 const char *name = nvpair_name(pair);
3668
3669 /*
3670 * The snap must be in the specified pool to prevent the
3671 * invalid removal of zvol minors below.
3672 */
3673 if (strncmp(name, poolname, poollen) != 0 ||
3674 (name[poollen] != '/' && name[poollen] != '@'))
3675 return (SET_ERROR(EXDEV));
3676
3677 error = zfs_unmount_snap(name);
3678 if (error != 0)
3679 return (error);
3680 zvol_remove_minors(name);
3681 }
3682
3683 return (dsl_destroy_snapshots_nvl(snaps, defer, outnvl));
3684 }
3685
3686 /*
3687 * Create bookmarks. Bookmark names are of the form <fs>#<bmark>.
3688 * All bookmarks must be in the same pool.
3689 *
3690 * innvl: {
3691 * bookmark1 -> snapshot1, bookmark2 -> snapshot2
3692 * }
3693 *
3694 * outnvl: bookmark -> error code (int32)
3695 *
3696 */
3697 /* ARGSUSED */
3698 static int
zfs_ioc_bookmark(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)3699 zfs_ioc_bookmark(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3700 {
3701 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL);
3702 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
3703 char *snap_name;
3704
3705 /*
3706 * Verify the snapshot argument.
3707 */
3708 if (nvpair_value_string(pair, &snap_name) != 0)
3709 return (SET_ERROR(EINVAL));
3710
3711
3712 /* Verify that the keys (bookmarks) are unique */
3713 for (nvpair_t *pair2 = nvlist_next_nvpair(innvl, pair);
3714 pair2 != NULL; pair2 = nvlist_next_nvpair(innvl, pair2)) {
3715 if (strcmp(nvpair_name(pair), nvpair_name(pair2)) == 0)
3716 return (SET_ERROR(EINVAL));
3717 }
3718 }
3719
3720 return (dsl_bookmark_create(innvl, outnvl));
3721 }
3722
3723 /*
3724 * innvl: {
3725 * property 1, property 2, ...
3726 * }
3727 *
3728 * outnvl: {
3729 * bookmark name 1 -> { property 1, property 2, ... },
3730 * bookmark name 2 -> { property 1, property 2, ... }
3731 * }
3732 *
3733 */
3734 static int
zfs_ioc_get_bookmarks(const char * fsname,nvlist_t * innvl,nvlist_t * outnvl)3735 zfs_ioc_get_bookmarks(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3736 {
3737 return (dsl_get_bookmarks(fsname, innvl, outnvl));
3738 }
3739
3740 /*
3741 * innvl: {
3742 * bookmark name 1, bookmark name 2
3743 * }
3744 *
3745 * outnvl: bookmark -> error code (int32)
3746 *
3747 */
3748 static int
zfs_ioc_destroy_bookmarks(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)3749 zfs_ioc_destroy_bookmarks(const char *poolname, nvlist_t *innvl,
3750 nvlist_t *outnvl)
3751 {
3752 int error, poollen;
3753
3754 poollen = strlen(poolname);
3755 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL);
3756 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
3757 const char *name = nvpair_name(pair);
3758 const char *cp = strchr(name, '#');
3759
3760 /*
3761 * The bookmark name must contain an #, and the part after it
3762 * must contain only valid characters.
3763 */
3764 if (cp == NULL ||
3765 zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
3766 return (SET_ERROR(EINVAL));
3767
3768 /*
3769 * The bookmark must be in the specified pool.
3770 */
3771 if (strncmp(name, poolname, poollen) != 0 ||
3772 (name[poollen] != '/' && name[poollen] != '#'))
3773 return (SET_ERROR(EXDEV));
3774 }
3775
3776 error = dsl_bookmark_destroy(innvl, outnvl);
3777 return (error);
3778 }
3779
3780 /*
3781 * inputs:
3782 * zc_name name of dataset to destroy
3783 * zc_objset_type type of objset
3784 * zc_defer_destroy mark for deferred destroy
3785 *
3786 * outputs: none
3787 */
3788 static int
zfs_ioc_destroy(zfs_cmd_t * zc)3789 zfs_ioc_destroy(zfs_cmd_t *zc)
3790 {
3791 int err;
3792
3793 if (zc->zc_objset_type == DMU_OST_ZFS) {
3794 err = zfs_unmount_snap(zc->zc_name);
3795 if (err != 0)
3796 return (err);
3797 }
3798
3799 if (strchr(zc->zc_name, '@'))
3800 err = dsl_destroy_snapshot(zc->zc_name, zc->zc_defer_destroy);
3801 else
3802 err = dsl_destroy_head(zc->zc_name);
3803 if (zc->zc_objset_type == DMU_OST_ZVOL && err == 0)
3804 #if defined(__FreeBSD__) || defined(__NetBSD__)
3805 zvol_remove_minors(zc->zc_name);
3806 #else
3807 (void) zvol_remove_minor(zc->zc_name);
3808 #endif
3809 return (err);
3810 }
3811
3812 /*
3813 * fsname is name of dataset to rollback (to most recent snapshot)
3814 *
3815 * innvl is not used.
3816 *
3817 * outnvl: "target" -> name of most recent snapshot
3818 * }
3819 */
3820 /* ARGSUSED */
3821 static int
zfs_ioc_rollback(const char * fsname,nvlist_t * args,nvlist_t * outnvl)3822 zfs_ioc_rollback(const char *fsname, nvlist_t *args, nvlist_t *outnvl)
3823 {
3824 zfsvfs_t *zfsvfs;
3825 int error;
3826
3827 if (getzfsvfs(fsname, &zfsvfs) == 0) {
3828 dsl_dataset_t *ds;
3829
3830 ds = dmu_objset_ds(zfsvfs->z_os);
3831 error = zfs_suspend_fs(zfsvfs);
3832 if (error == 0) {
3833 int resume_err;
3834
3835 error = dsl_dataset_rollback(fsname, zfsvfs, outnvl);
3836 resume_err = zfs_resume_fs(zfsvfs, ds);
3837 error = error ? error : resume_err;
3838 }
3839 #ifdef illumos
3840 VFS_RELE(zfsvfs->z_vfs);
3841 #else
3842 vfs_unbusy(zfsvfs->z_vfs);
3843 #endif
3844 } else {
3845 error = dsl_dataset_rollback(fsname, NULL, outnvl);
3846 }
3847 return (error);
3848 }
3849
3850 static int
recursive_unmount(const char * fsname,void * arg)3851 recursive_unmount(const char *fsname, void *arg)
3852 {
3853 const char *snapname = arg;
3854 char fullname[ZFS_MAX_DATASET_NAME_LEN];
3855
3856 (void) snprintf(fullname, sizeof (fullname), "%s@%s", fsname, snapname);
3857 return (zfs_unmount_snap(fullname));
3858 }
3859
3860 /*
3861 * inputs:
3862 * zc_name old name of dataset
3863 * zc_value new name of dataset
3864 * zc_cookie recursive flag (only valid for snapshots)
3865 *
3866 * outputs: none
3867 */
3868 static int
zfs_ioc_rename(zfs_cmd_t * zc)3869 zfs_ioc_rename(zfs_cmd_t *zc)
3870 {
3871 boolean_t recursive = zc->zc_cookie & 1;
3872 char *at;
3873 boolean_t allow_mounted = B_TRUE;
3874
3875 #if defined(__FreeBSD__) || defined(__NetBSD__)
3876 allow_mounted = (zc->zc_cookie & 2) != 0;
3877 #endif
3878
3879 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
3880 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
3881 strchr(zc->zc_value, '%'))
3882 return (SET_ERROR(EINVAL));
3883
3884 at = strchr(zc->zc_name, '@');
3885 if (at != NULL) {
3886 /* snaps must be in same fs */
3887 int error;
3888
3889 if (strncmp(zc->zc_name, zc->zc_value, at - zc->zc_name + 1))
3890 return (SET_ERROR(EXDEV));
3891 *at = '\0';
3892 if (zc->zc_objset_type == DMU_OST_ZFS && !allow_mounted) {
3893 error = dmu_objset_find(zc->zc_name,
3894 recursive_unmount, at + 1,
3895 recursive ? DS_FIND_CHILDREN : 0);
3896 if (error != 0) {
3897 *at = '@';
3898 return (error);
3899 }
3900 }
3901 error = dsl_dataset_rename_snapshot(zc->zc_name,
3902 at + 1, strchr(zc->zc_value, '@') + 1, recursive);
3903 *at = '@';
3904
3905 return (error);
3906 } else {
3907 #ifdef illumos
3908 if (zc->zc_objset_type == DMU_OST_ZVOL)
3909 (void) zvol_remove_minor(zc->zc_name);
3910 #endif
3911 return (dsl_dir_rename(zc->zc_name, zc->zc_value));
3912 }
3913 }
3914
3915 static int
zfs_check_settable(const char * dsname,nvpair_t * pair,cred_t * cr)3916 zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr)
3917 {
3918 const char *propname = nvpair_name(pair);
3919 boolean_t issnap = (strchr(dsname, '@') != NULL);
3920 zfs_prop_t prop = zfs_name_to_prop(propname);
3921 uint64_t intval;
3922 int err;
3923
3924 if (prop == ZPROP_INVAL) {
3925 if (zfs_prop_user(propname)) {
3926 if (err = zfs_secpolicy_write_perms(dsname,
3927 ZFS_DELEG_PERM_USERPROP, cr))
3928 return (err);
3929 return (0);
3930 }
3931
3932 if (!issnap && zfs_prop_userquota(propname)) {
3933 const char *perm = NULL;
3934 const char *uq_prefix =
3935 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA];
3936 const char *gq_prefix =
3937 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA];
3938
3939 if (strncmp(propname, uq_prefix,
3940 strlen(uq_prefix)) == 0) {
3941 perm = ZFS_DELEG_PERM_USERQUOTA;
3942 } else if (strncmp(propname, gq_prefix,
3943 strlen(gq_prefix)) == 0) {
3944 perm = ZFS_DELEG_PERM_GROUPQUOTA;
3945 } else {
3946 /* USERUSED and GROUPUSED are read-only */
3947 return (SET_ERROR(EINVAL));
3948 }
3949
3950 if (err = zfs_secpolicy_write_perms(dsname, perm, cr))
3951 return (err);
3952 return (0);
3953 }
3954
3955 return (SET_ERROR(EINVAL));
3956 }
3957
3958 if (issnap)
3959 return (SET_ERROR(EINVAL));
3960
3961 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
3962 /*
3963 * dsl_prop_get_all_impl() returns properties in this
3964 * format.
3965 */
3966 nvlist_t *attrs;
3967 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
3968 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3969 &pair) == 0);
3970 }
3971
3972 /*
3973 * Check that this value is valid for this pool version
3974 */
3975 switch (prop) {
3976 case ZFS_PROP_COMPRESSION:
3977 /*
3978 * If the user specified gzip compression, make sure
3979 * the SPA supports it. We ignore any errors here since
3980 * we'll catch them later.
3981 */
3982 if (nvpair_value_uint64(pair, &intval) == 0) {
3983 if (intval >= ZIO_COMPRESS_GZIP_1 &&
3984 intval <= ZIO_COMPRESS_GZIP_9 &&
3985 zfs_earlier_version(dsname,
3986 SPA_VERSION_GZIP_COMPRESSION)) {
3987 return (SET_ERROR(ENOTSUP));
3988 }
3989
3990 if (intval == ZIO_COMPRESS_ZLE &&
3991 zfs_earlier_version(dsname,
3992 SPA_VERSION_ZLE_COMPRESSION))
3993 return (SET_ERROR(ENOTSUP));
3994
3995 if (intval == ZIO_COMPRESS_LZ4) {
3996 spa_t *spa;
3997
3998 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
3999 return (err);
4000
4001 if (!spa_feature_is_enabled(spa,
4002 SPA_FEATURE_LZ4_COMPRESS)) {
4003 spa_close(spa, FTAG);
4004 return (SET_ERROR(ENOTSUP));
4005 }
4006 spa_close(spa, FTAG);
4007 }
4008
4009 /*
4010 * If this is a bootable dataset then
4011 * verify that the compression algorithm
4012 * is supported for booting. We must return
4013 * something other than ENOTSUP since it
4014 * implies a downrev pool version.
4015 */
4016 if (zfs_is_bootfs(dsname) &&
4017 !BOOTFS_COMPRESS_VALID(intval)) {
4018 return (SET_ERROR(ERANGE));
4019 }
4020 }
4021 break;
4022
4023 case ZFS_PROP_COPIES:
4024 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS))
4025 return (SET_ERROR(ENOTSUP));
4026 break;
4027
4028 case ZFS_PROP_RECORDSIZE:
4029 /* Record sizes above 128k need the feature to be enabled */
4030 if (nvpair_value_uint64(pair, &intval) == 0 &&
4031 intval > SPA_OLD_MAXBLOCKSIZE) {
4032 spa_t *spa;
4033
4034 /*
4035 * We don't allow setting the property above 1MB,
4036 * unless the tunable has been changed.
4037 */
4038 if (intval > zfs_max_recordsize ||
4039 intval > SPA_MAXBLOCKSIZE)
4040 return (SET_ERROR(ERANGE));
4041
4042 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4043 return (err);
4044
4045 if (!spa_feature_is_enabled(spa,
4046 SPA_FEATURE_LARGE_BLOCKS)) {
4047 spa_close(spa, FTAG);
4048 return (SET_ERROR(ENOTSUP));
4049 }
4050 spa_close(spa, FTAG);
4051 }
4052 break;
4053
4054 case ZFS_PROP_SHARESMB:
4055 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID))
4056 return (SET_ERROR(ENOTSUP));
4057 break;
4058
4059 case ZFS_PROP_ACLINHERIT:
4060 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
4061 nvpair_value_uint64(pair, &intval) == 0) {
4062 if (intval == ZFS_ACL_PASSTHROUGH_X &&
4063 zfs_earlier_version(dsname,
4064 SPA_VERSION_PASSTHROUGH_X))
4065 return (SET_ERROR(ENOTSUP));
4066 }
4067 break;
4068
4069 case ZFS_PROP_CHECKSUM:
4070 case ZFS_PROP_DEDUP:
4071 {
4072 spa_feature_t feature;
4073 spa_t *spa;
4074
4075 /* dedup feature version checks */
4076 if (prop == ZFS_PROP_DEDUP &&
4077 zfs_earlier_version(dsname, SPA_VERSION_DEDUP))
4078 return (SET_ERROR(ENOTSUP));
4079
4080 if (nvpair_value_uint64(pair, &intval) != 0)
4081 return (SET_ERROR(EINVAL));
4082
4083 /* check prop value is enabled in features */
4084 feature = zio_checksum_to_feature(intval & ZIO_CHECKSUM_MASK);
4085 if (feature == SPA_FEATURE_NONE)
4086 break;
4087
4088 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4089 return (err);
4090 /*
4091 * Salted checksums are not supported on root pools.
4092 */
4093 if (spa_bootfs(spa) != 0 &&
4094 intval < ZIO_CHECKSUM_FUNCTIONS &&
4095 (zio_checksum_table[intval].ci_flags &
4096 ZCHECKSUM_FLAG_SALTED)) {
4097 spa_close(spa, FTAG);
4098 return (SET_ERROR(ERANGE));
4099 }
4100 if (!spa_feature_is_enabled(spa, feature)) {
4101 spa_close(spa, FTAG);
4102 return (SET_ERROR(ENOTSUP));
4103 }
4104 spa_close(spa, FTAG);
4105 break;
4106 }
4107 }
4108
4109 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED()));
4110 }
4111
4112 /*
4113 * Checks for a race condition to make sure we don't increment a feature flag
4114 * multiple times.
4115 */
4116 static int
zfs_prop_activate_feature_check(void * arg,dmu_tx_t * tx)4117 zfs_prop_activate_feature_check(void *arg, dmu_tx_t *tx)
4118 {
4119 spa_t *spa = dmu_tx_pool(tx)->dp_spa;
4120 spa_feature_t *featurep = arg;
4121
4122 if (!spa_feature_is_active(spa, *featurep))
4123 return (0);
4124 else
4125 return (SET_ERROR(EBUSY));
4126 }
4127
4128 /*
4129 * The callback invoked on feature activation in the sync task caused by
4130 * zfs_prop_activate_feature.
4131 */
4132 static void
zfs_prop_activate_feature_sync(void * arg,dmu_tx_t * tx)4133 zfs_prop_activate_feature_sync(void *arg, dmu_tx_t *tx)
4134 {
4135 spa_t *spa = dmu_tx_pool(tx)->dp_spa;
4136 spa_feature_t *featurep = arg;
4137
4138 spa_feature_incr(spa, *featurep, tx);
4139 }
4140
4141 /*
4142 * Activates a feature on a pool in response to a property setting. This
4143 * creates a new sync task which modifies the pool to reflect the feature
4144 * as being active.
4145 */
4146 static int
zfs_prop_activate_feature(spa_t * spa,spa_feature_t feature)4147 zfs_prop_activate_feature(spa_t *spa, spa_feature_t feature)
4148 {
4149 int err;
4150
4151 /* EBUSY here indicates that the feature is already active */
4152 err = dsl_sync_task(spa_name(spa),
4153 zfs_prop_activate_feature_check, zfs_prop_activate_feature_sync,
4154 &feature, 2, ZFS_SPACE_CHECK_RESERVED);
4155
4156 if (err != 0 && err != EBUSY)
4157 return (err);
4158 else
4159 return (0);
4160 }
4161
4162 /*
4163 * Removes properties from the given props list that fail permission checks
4164 * needed to clear them and to restore them in case of a receive error. For each
4165 * property, make sure we have both set and inherit permissions.
4166 *
4167 * Returns the first error encountered if any permission checks fail. If the
4168 * caller provides a non-NULL errlist, it also gives the complete list of names
4169 * of all the properties that failed a permission check along with the
4170 * corresponding error numbers. The caller is responsible for freeing the
4171 * returned errlist.
4172 *
4173 * If every property checks out successfully, zero is returned and the list
4174 * pointed at by errlist is NULL.
4175 */
4176 static int
zfs_check_clearable(char * dataset,nvlist_t * props,nvlist_t ** errlist)4177 zfs_check_clearable(char *dataset, nvlist_t *props, nvlist_t **errlist)
4178 {
4179 zfs_cmd_t *zc;
4180 nvpair_t *pair, *next_pair;
4181 nvlist_t *errors;
4182 int err, rv = 0;
4183
4184 if (props == NULL)
4185 return (0);
4186
4187 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
4188
4189 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP);
4190 (void) strcpy(zc->zc_name, dataset);
4191 pair = nvlist_next_nvpair(props, NULL);
4192 while (pair != NULL) {
4193 next_pair = nvlist_next_nvpair(props, pair);
4194
4195 (void) strcpy(zc->zc_value, nvpair_name(pair));
4196 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 ||
4197 (err = zfs_secpolicy_inherit_prop(zc, NULL, CRED())) != 0) {
4198 VERIFY(nvlist_remove_nvpair(props, pair) == 0);
4199 VERIFY(nvlist_add_int32(errors,
4200 zc->zc_value, err) == 0);
4201 }
4202 pair = next_pair;
4203 }
4204 kmem_free(zc, sizeof (zfs_cmd_t));
4205
4206 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
4207 nvlist_free(errors);
4208 errors = NULL;
4209 } else {
4210 VERIFY(nvpair_value_int32(pair, &rv) == 0);
4211 }
4212
4213 if (errlist == NULL)
4214 nvlist_free(errors);
4215 else
4216 *errlist = errors;
4217
4218 return (rv);
4219 }
4220
4221 static boolean_t
propval_equals(nvpair_t * p1,nvpair_t * p2)4222 propval_equals(nvpair_t *p1, nvpair_t *p2)
4223 {
4224 if (nvpair_type(p1) == DATA_TYPE_NVLIST) {
4225 /* dsl_prop_get_all_impl() format */
4226 nvlist_t *attrs;
4227 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0);
4228 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
4229 &p1) == 0);
4230 }
4231
4232 if (nvpair_type(p2) == DATA_TYPE_NVLIST) {
4233 nvlist_t *attrs;
4234 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0);
4235 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
4236 &p2) == 0);
4237 }
4238
4239 if (nvpair_type(p1) != nvpair_type(p2))
4240 return (B_FALSE);
4241
4242 if (nvpair_type(p1) == DATA_TYPE_STRING) {
4243 char *valstr1, *valstr2;
4244
4245 VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0);
4246 VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0);
4247 return (strcmp(valstr1, valstr2) == 0);
4248 } else {
4249 uint64_t intval1, intval2;
4250
4251 VERIFY(nvpair_value_uint64(p1, &intval1) == 0);
4252 VERIFY(nvpair_value_uint64(p2, &intval2) == 0);
4253 return (intval1 == intval2);
4254 }
4255 }
4256
4257 /*
4258 * Remove properties from props if they are not going to change (as determined
4259 * by comparison with origprops). Remove them from origprops as well, since we
4260 * do not need to clear or restore properties that won't change.
4261 */
4262 static void
props_reduce(nvlist_t * props,nvlist_t * origprops)4263 props_reduce(nvlist_t *props, nvlist_t *origprops)
4264 {
4265 nvpair_t *pair, *next_pair;
4266
4267 if (origprops == NULL)
4268 return; /* all props need to be received */
4269
4270 pair = nvlist_next_nvpair(props, NULL);
4271 while (pair != NULL) {
4272 const char *propname = nvpair_name(pair);
4273 nvpair_t *match;
4274
4275 next_pair = nvlist_next_nvpair(props, pair);
4276
4277 if ((nvlist_lookup_nvpair(origprops, propname,
4278 &match) != 0) || !propval_equals(pair, match))
4279 goto next; /* need to set received value */
4280
4281 /* don't clear the existing received value */
4282 (void) nvlist_remove_nvpair(origprops, match);
4283 /* don't bother receiving the property */
4284 (void) nvlist_remove_nvpair(props, pair);
4285 next:
4286 pair = next_pair;
4287 }
4288 }
4289
4290 /*
4291 * Extract properties that cannot be set PRIOR to the receipt of a dataset.
4292 * For example, refquota cannot be set until after the receipt of a dataset,
4293 * because in replication streams, an older/earlier snapshot may exceed the
4294 * refquota. We want to receive the older/earlier snapshot, but setting
4295 * refquota pre-receipt will set the dsl's ACTUAL quota, which will prevent
4296 * the older/earlier snapshot from being received (with EDQUOT).
4297 *
4298 * The ZFS test "zfs_receive_011_pos" demonstrates such a scenario.
4299 *
4300 * libzfs will need to be judicious handling errors encountered by props
4301 * extracted by this function.
4302 */
4303 static nvlist_t *
extract_delay_props(nvlist_t * props)4304 extract_delay_props(nvlist_t *props)
4305 {
4306 nvlist_t *delayprops;
4307 nvpair_t *nvp, *tmp;
4308 static const zfs_prop_t delayable[] = { ZFS_PROP_REFQUOTA, 0 };
4309 int i;
4310
4311 VERIFY(nvlist_alloc(&delayprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
4312
4313 for (nvp = nvlist_next_nvpair(props, NULL); nvp != NULL;
4314 nvp = nvlist_next_nvpair(props, nvp)) {
4315 /*
4316 * strcmp() is safe because zfs_prop_to_name() always returns
4317 * a bounded string.
4318 */
4319 for (i = 0; delayable[i] != 0; i++) {
4320 if (strcmp(zfs_prop_to_name(delayable[i]),
4321 nvpair_name(nvp)) == 0) {
4322 break;
4323 }
4324 }
4325 if (delayable[i] != 0) {
4326 tmp = nvlist_prev_nvpair(props, nvp);
4327 VERIFY(nvlist_add_nvpair(delayprops, nvp) == 0);
4328 VERIFY(nvlist_remove_nvpair(props, nvp) == 0);
4329 nvp = tmp;
4330 }
4331 }
4332
4333 if (nvlist_empty(delayprops)) {
4334 nvlist_free(delayprops);
4335 delayprops = NULL;
4336 }
4337 return (delayprops);
4338 }
4339
4340 #ifdef DEBUG
4341 static boolean_t zfs_ioc_recv_inject_err;
4342 #endif
4343
4344 /*
4345 * inputs:
4346 * zc_name name of containing filesystem
4347 * zc_nvlist_src{_size} nvlist of properties to apply
4348 * zc_value name of snapshot to create
4349 * zc_string name of clone origin (if DRR_FLAG_CLONE)
4350 * zc_cookie file descriptor to recv from
4351 * zc_begin_record the BEGIN record of the stream (not byteswapped)
4352 * zc_guid force flag
4353 * zc_cleanup_fd cleanup-on-exit file descriptor
4354 * zc_action_handle handle for this guid/ds mapping (or zero on first call)
4355 * zc_resumable if data is incomplete assume sender will resume
4356 *
4357 * outputs:
4358 * zc_cookie number of bytes read
4359 * zc_nvlist_dst{_size} error for each unapplied received property
4360 * zc_obj zprop_errflags_t
4361 * zc_action_handle handle for this guid/ds mapping
4362 */
4363 static int
zfs_ioc_recv(zfs_cmd_t * zc)4364 zfs_ioc_recv(zfs_cmd_t *zc)
4365 {
4366 file_t *fp;
4367 dmu_recv_cookie_t drc;
4368 boolean_t force = (boolean_t)zc->zc_guid;
4369 int fd;
4370 int error = 0;
4371 int props_error = 0;
4372 nvlist_t *errors;
4373 offset_t off;
4374 nvlist_t *props = NULL; /* sent properties */
4375 nvlist_t *origprops = NULL; /* existing properties */
4376 nvlist_t *delayprops = NULL; /* sent properties applied post-receive */
4377 char *origin = NULL;
4378 char *tosnap;
4379 char tofs[ZFS_MAX_DATASET_NAME_LEN];
4380 #ifdef __FreeBSD__
4381 cap_rights_t rights;
4382 #endif
4383 boolean_t first_recvd_props = B_FALSE;
4384
4385 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
4386 strchr(zc->zc_value, '@') == NULL ||
4387 strchr(zc->zc_value, '%'))
4388 return (SET_ERROR(EINVAL));
4389
4390 (void) strcpy(tofs, zc->zc_value);
4391 tosnap = strchr(tofs, '@');
4392 *tosnap++ = '\0';
4393
4394 if (zc->zc_nvlist_src != 0 &&
4395 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
4396 zc->zc_iflags, &props)) != 0)
4397 return (error);
4398
4399 fd = zc->zc_cookie;
4400 #ifdef __FreeBSD__
4401 fget_read(curthread, fd, cap_rights_init(&rights, CAP_PREAD), &fp);
4402 #else
4403 fp = getf(fd);
4404 #endif
4405 if (fp == NULL) {
4406 nvlist_free(props);
4407 return (SET_ERROR(EBADF));
4408 }
4409
4410 errors = fnvlist_alloc();
4411
4412 if (zc->zc_string[0])
4413 origin = zc->zc_string;
4414
4415 error = dmu_recv_begin(tofs, tosnap,
4416 &zc->zc_begin_record, force, zc->zc_resumable, origin, &drc);
4417 if (error != 0)
4418 goto out;
4419
4420 /*
4421 * Set properties before we receive the stream so that they are applied
4422 * to the new data. Note that we must call dmu_recv_stream() if
4423 * dmu_recv_begin() succeeds.
4424 */
4425 if (props != NULL && !drc.drc_newfs) {
4426 if (spa_version(dsl_dataset_get_spa(drc.drc_ds)) >=
4427 SPA_VERSION_RECVD_PROPS &&
4428 !dsl_prop_get_hasrecvd(tofs))
4429 first_recvd_props = B_TRUE;
4430
4431 /*
4432 * If new received properties are supplied, they are to
4433 * completely replace the existing received properties, so stash
4434 * away the existing ones.
4435 */
4436 if (dsl_prop_get_received(tofs, &origprops) == 0) {
4437 nvlist_t *errlist = NULL;
4438 /*
4439 * Don't bother writing a property if its value won't
4440 * change (and avoid the unnecessary security checks).
4441 *
4442 * The first receive after SPA_VERSION_RECVD_PROPS is a
4443 * special case where we blow away all local properties
4444 * regardless.
4445 */
4446 if (!first_recvd_props)
4447 props_reduce(props, origprops);
4448 if (zfs_check_clearable(tofs, origprops, &errlist) != 0)
4449 (void) nvlist_merge(errors, errlist, 0);
4450 nvlist_free(errlist);
4451
4452 if (clear_received_props(tofs, origprops,
4453 first_recvd_props ? NULL : props) != 0)
4454 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
4455 } else {
4456 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
4457 }
4458 }
4459
4460 if (props != NULL) {
4461 props_error = dsl_prop_set_hasrecvd(tofs);
4462
4463 if (props_error == 0) {
4464 delayprops = extract_delay_props(props);
4465 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
4466 props, errors);
4467 }
4468 }
4469
4470 off = fp->f_offset;
4471 error = dmu_recv_stream(&drc, fp, &off, zc->zc_cleanup_fd,
4472 &zc->zc_action_handle);
4473
4474 if (error == 0) {
4475 zfsvfs_t *zfsvfs = NULL;
4476
4477 if (getzfsvfs(tofs, &zfsvfs) == 0) {
4478 /* online recv */
4479 dsl_dataset_t *ds;
4480 int end_err;
4481
4482 ds = dmu_objset_ds(zfsvfs->z_os);
4483 error = zfs_suspend_fs(zfsvfs);
4484 /*
4485 * If the suspend fails, then the recv_end will
4486 * likely also fail, and clean up after itself.
4487 */
4488 end_err = dmu_recv_end(&drc, zfsvfs);
4489 if (error == 0)
4490 error = zfs_resume_fs(zfsvfs, ds);
4491 error = error ? error : end_err;
4492 #ifdef illumos
4493 VFS_RELE(zfsvfs->z_vfs);
4494 #else
4495 vfs_unbusy(zfsvfs->z_vfs);
4496 #endif
4497 } else {
4498 error = dmu_recv_end(&drc, NULL);
4499 }
4500
4501 /* Set delayed properties now, after we're done receiving. */
4502 if (delayprops != NULL && error == 0) {
4503 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
4504 delayprops, errors);
4505 }
4506 }
4507
4508 if (delayprops != NULL) {
4509 /*
4510 * Merge delayed props back in with initial props, in case
4511 * we're DEBUG and zfs_ioc_recv_inject_err is set (which means
4512 * we have to make sure clear_received_props() includes
4513 * the delayed properties).
4514 *
4515 * Since zfs_ioc_recv_inject_err is only in DEBUG kernels,
4516 * using ASSERT() will be just like a VERIFY.
4517 */
4518 ASSERT(nvlist_merge(props, delayprops, 0) == 0);
4519 nvlist_free(delayprops);
4520 }
4521
4522 /*
4523 * Now that all props, initial and delayed, are set, report the prop
4524 * errors to the caller.
4525 */
4526 if (zc->zc_nvlist_dst_size != 0 &&
4527 (nvlist_smush(errors, zc->zc_nvlist_dst_size) != 0 ||
4528 put_nvlist(zc, errors) != 0)) {
4529 /*
4530 * Caller made zc->zc_nvlist_dst less than the minimum expected
4531 * size or supplied an invalid address.
4532 */
4533 props_error = SET_ERROR(EINVAL);
4534 }
4535
4536 zc->zc_cookie = off - fp->f_offset;
4537 if (off >= 0 && off <= MAXOFFSET_T)
4538 fp->f_offset = off;
4539
4540 #ifdef DEBUG
4541 if (zfs_ioc_recv_inject_err) {
4542 zfs_ioc_recv_inject_err = B_FALSE;
4543 error = 1;
4544 }
4545 #endif
4546
4547 if (error == 0)
4548 zvol_create_minors(tofs);
4549
4550 /*
4551 * On error, restore the original props.
4552 */
4553 if (error != 0 && props != NULL && !drc.drc_newfs) {
4554 if (clear_received_props(tofs, props, NULL) != 0) {
4555 /*
4556 * We failed to clear the received properties.
4557 * Since we may have left a $recvd value on the
4558 * system, we can't clear the $hasrecvd flag.
4559 */
4560 zc->zc_obj |= ZPROP_ERR_NORESTORE;
4561 } else if (first_recvd_props) {
4562 dsl_prop_unset_hasrecvd(tofs);
4563 }
4564
4565 if (origprops == NULL && !drc.drc_newfs) {
4566 /* We failed to stash the original properties. */
4567 zc->zc_obj |= ZPROP_ERR_NORESTORE;
4568 }
4569
4570 /*
4571 * dsl_props_set() will not convert RECEIVED to LOCAL on or
4572 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL
4573 * explictly if we're restoring local properties cleared in the
4574 * first new-style receive.
4575 */
4576 if (origprops != NULL &&
4577 zfs_set_prop_nvlist(tofs, (first_recvd_props ?
4578 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED),
4579 origprops, NULL) != 0) {
4580 /*
4581 * We stashed the original properties but failed to
4582 * restore them.
4583 */
4584 zc->zc_obj |= ZPROP_ERR_NORESTORE;
4585 }
4586 }
4587 out:
4588 nvlist_free(props);
4589 nvlist_free(origprops);
4590 nvlist_free(errors);
4591 releasef(fd);
4592
4593 if (error == 0)
4594 error = props_error;
4595
4596 return (error);
4597 }
4598
4599 /*
4600 * inputs:
4601 * zc_name name of snapshot to send
4602 * zc_cookie file descriptor to send stream to
4603 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj)
4604 * zc_sendobj objsetid of snapshot to send
4605 * zc_fromobj objsetid of incremental fromsnap (may be zero)
4606 * zc_guid if set, estimate size of stream only. zc_cookie is ignored.
4607 * output size in zc_objset_type.
4608 * zc_flags lzc_send_flags
4609 *
4610 * outputs:
4611 * zc_objset_type estimated size, if zc_guid is set
4612 */
4613 static int
zfs_ioc_send(zfs_cmd_t * zc)4614 zfs_ioc_send(zfs_cmd_t *zc)
4615 {
4616 int error;
4617 offset_t off;
4618 boolean_t estimate = (zc->zc_guid != 0);
4619 boolean_t embedok = (zc->zc_flags & 0x1);
4620 boolean_t large_block_ok = (zc->zc_flags & 0x2);
4621
4622 if (zc->zc_obj != 0) {
4623 dsl_pool_t *dp;
4624 dsl_dataset_t *tosnap;
4625
4626 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
4627 if (error != 0)
4628 return (error);
4629
4630 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &tosnap);
4631 if (error != 0) {
4632 dsl_pool_rele(dp, FTAG);
4633 return (error);
4634 }
4635
4636 if (dsl_dir_is_clone(tosnap->ds_dir))
4637 zc->zc_fromobj =
4638 dsl_dir_phys(tosnap->ds_dir)->dd_origin_obj;
4639 dsl_dataset_rele(tosnap, FTAG);
4640 dsl_pool_rele(dp, FTAG);
4641 }
4642
4643 if (estimate) {
4644 dsl_pool_t *dp;
4645 dsl_dataset_t *tosnap;
4646 dsl_dataset_t *fromsnap = NULL;
4647
4648 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
4649 if (error != 0)
4650 return (error);
4651
4652 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &tosnap);
4653 if (error != 0) {
4654 dsl_pool_rele(dp, FTAG);
4655 return (error);
4656 }
4657
4658 if (zc->zc_fromobj != 0) {
4659 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj,
4660 FTAG, &fromsnap);
4661 if (error != 0) {
4662 dsl_dataset_rele(tosnap, FTAG);
4663 dsl_pool_rele(dp, FTAG);
4664 return (error);
4665 }
4666 }
4667
4668 error = dmu_send_estimate(tosnap, fromsnap,
4669 &zc->zc_objset_type);
4670
4671 if (fromsnap != NULL)
4672 dsl_dataset_rele(fromsnap, FTAG);
4673 dsl_dataset_rele(tosnap, FTAG);
4674 dsl_pool_rele(dp, FTAG);
4675 } else {
4676 file_t *fp;
4677 #ifdef __FreeBSD__
4678 cap_rights_t rights;
4679
4680 fget_write(curthread, zc->zc_cookie,
4681 cap_rights_init(&rights, CAP_WRITE), &fp);
4682 #else
4683 fp = getf(zc->zc_cookie);
4684 #endif
4685 if (fp == NULL)
4686 return (SET_ERROR(EBADF));
4687
4688 off = fp->f_offset;
4689 error = dmu_send_obj(zc->zc_name, zc->zc_sendobj,
4690 zc->zc_fromobj, embedok, large_block_ok,
4691 #ifdef illumos
4692 zc->zc_cookie, fp->f_vnode, &off);
4693 #else
4694 zc->zc_cookie, fp, &off);
4695 #endif
4696
4697 if (off >= 0 && off <= MAXOFFSET_T)
4698 fp->f_offset = off;
4699 releasef(zc->zc_cookie);
4700 }
4701 return (error);
4702 }
4703
4704 /*
4705 * inputs:
4706 * zc_name name of snapshot on which to report progress
4707 * zc_cookie file descriptor of send stream
4708 *
4709 * outputs:
4710 * zc_cookie number of bytes written in send stream thus far
4711 */
4712 static int
zfs_ioc_send_progress(zfs_cmd_t * zc)4713 zfs_ioc_send_progress(zfs_cmd_t *zc)
4714 {
4715 dsl_pool_t *dp;
4716 dsl_dataset_t *ds;
4717 dmu_sendarg_t *dsp = NULL;
4718 int error;
4719
4720 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
4721 if (error != 0)
4722 return (error);
4723
4724 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds);
4725 if (error != 0) {
4726 dsl_pool_rele(dp, FTAG);
4727 return (error);
4728 }
4729
4730 mutex_enter(&ds->ds_sendstream_lock);
4731
4732 /*
4733 * Iterate over all the send streams currently active on this dataset.
4734 * If there's one which matches the specified file descriptor _and_ the
4735 * stream was started by the current process, return the progress of
4736 * that stream.
4737 */
4738 for (dsp = list_head(&ds->ds_sendstreams); dsp != NULL;
4739 dsp = list_next(&ds->ds_sendstreams, dsp)) {
4740 if (dsp->dsa_outfd == zc->zc_cookie &&
4741 dsp->dsa_proc == curproc)
4742 break;
4743 }
4744
4745 if (dsp != NULL)
4746 zc->zc_cookie = *(dsp->dsa_off);
4747 else
4748 error = SET_ERROR(ENOENT);
4749
4750 mutex_exit(&ds->ds_sendstream_lock);
4751 dsl_dataset_rele(ds, FTAG);
4752 dsl_pool_rele(dp, FTAG);
4753 return (error);
4754 }
4755
4756 static int
zfs_ioc_inject_fault(zfs_cmd_t * zc)4757 zfs_ioc_inject_fault(zfs_cmd_t *zc)
4758 {
4759 int id, error;
4760
4761 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id,
4762 &zc->zc_inject_record);
4763
4764 if (error == 0)
4765 zc->zc_guid = (uint64_t)id;
4766
4767 return (error);
4768 }
4769
4770 static int
zfs_ioc_clear_fault(zfs_cmd_t * zc)4771 zfs_ioc_clear_fault(zfs_cmd_t *zc)
4772 {
4773 return (zio_clear_fault((int)zc->zc_guid));
4774 }
4775
4776 static int
zfs_ioc_inject_list_next(zfs_cmd_t * zc)4777 zfs_ioc_inject_list_next(zfs_cmd_t *zc)
4778 {
4779 int id = (int)zc->zc_guid;
4780 int error;
4781
4782 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name),
4783 &zc->zc_inject_record);
4784
4785 zc->zc_guid = id;
4786
4787 return (error);
4788 }
4789
4790 static int
zfs_ioc_error_log(zfs_cmd_t * zc)4791 zfs_ioc_error_log(zfs_cmd_t *zc)
4792 {
4793 spa_t *spa;
4794 int error;
4795 size_t count = (size_t)zc->zc_nvlist_dst_size;
4796
4797 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
4798 return (error);
4799
4800 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst,
4801 &count);
4802 if (error == 0)
4803 zc->zc_nvlist_dst_size = count;
4804 else
4805 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa);
4806
4807 spa_close(spa, FTAG);
4808
4809 return (error);
4810 }
4811
4812 static int
zfs_ioc_clear(zfs_cmd_t * zc)4813 zfs_ioc_clear(zfs_cmd_t *zc)
4814 {
4815 spa_t *spa;
4816 vdev_t *vd;
4817 int error;
4818
4819 /*
4820 * On zpool clear we also fix up missing slogs
4821 */
4822 mutex_enter(&spa_namespace_lock);
4823 spa = spa_lookup(zc->zc_name);
4824 if (spa == NULL) {
4825 mutex_exit(&spa_namespace_lock);
4826 return (SET_ERROR(EIO));
4827 }
4828 if (spa_get_log_state(spa) == SPA_LOG_MISSING) {
4829 /* we need to let spa_open/spa_load clear the chains */
4830 spa_set_log_state(spa, SPA_LOG_CLEAR);
4831 }
4832 spa->spa_last_open_failed = 0;
4833 mutex_exit(&spa_namespace_lock);
4834
4835 if (zc->zc_cookie & ZPOOL_NO_REWIND) {
4836 error = spa_open(zc->zc_name, &spa, FTAG);
4837 } else {
4838 nvlist_t *policy;
4839 nvlist_t *config = NULL;
4840
4841 if (zc->zc_nvlist_src == 0)
4842 return (SET_ERROR(EINVAL));
4843
4844 if ((error = get_nvlist(zc->zc_nvlist_src,
4845 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) {
4846 error = spa_open_rewind(zc->zc_name, &spa, FTAG,
4847 policy, &config);
4848 if (config != NULL) {
4849 int err;
4850
4851 if ((err = put_nvlist(zc, config)) != 0)
4852 error = err;
4853 nvlist_free(config);
4854 }
4855 nvlist_free(policy);
4856 }
4857 }
4858
4859 if (error != 0)
4860 return (error);
4861
4862 spa_vdev_state_enter(spa, SCL_NONE);
4863
4864 if (zc->zc_guid == 0) {
4865 vd = NULL;
4866 } else {
4867 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE);
4868 if (vd == NULL) {
4869 (void) spa_vdev_state_exit(spa, NULL, ENODEV);
4870 spa_close(spa, FTAG);
4871 return (SET_ERROR(ENODEV));
4872 }
4873 }
4874
4875 vdev_clear(spa, vd);
4876
4877 (void) spa_vdev_state_exit(spa, NULL, 0);
4878
4879 /*
4880 * Resume any suspended I/Os.
4881 */
4882 if (zio_resume(spa) != 0)
4883 error = SET_ERROR(EIO);
4884
4885 spa_close(spa, FTAG);
4886
4887 return (error);
4888 }
4889
4890 static int
zfs_ioc_pool_reopen(zfs_cmd_t * zc)4891 zfs_ioc_pool_reopen(zfs_cmd_t *zc)
4892 {
4893 spa_t *spa;
4894 int error;
4895
4896 error = spa_open(zc->zc_name, &spa, FTAG);
4897 if (error != 0)
4898 return (error);
4899
4900 spa_vdev_state_enter(spa, SCL_NONE);
4901
4902 /*
4903 * If a resilver is already in progress then set the
4904 * spa_scrub_reopen flag to B_TRUE so that we don't restart
4905 * the scan as a side effect of the reopen. Otherwise, let
4906 * vdev_open() decided if a resilver is required.
4907 */
4908 spa->spa_scrub_reopen = dsl_scan_resilvering(spa->spa_dsl_pool);
4909 vdev_reopen(spa->spa_root_vdev);
4910 spa->spa_scrub_reopen = B_FALSE;
4911
4912 (void) spa_vdev_state_exit(spa, NULL, 0);
4913 spa_close(spa, FTAG);
4914 return (0);
4915 }
4916 /*
4917 * inputs:
4918 * zc_name name of filesystem
4919 * zc_value name of origin snapshot
4920 *
4921 * outputs:
4922 * zc_string name of conflicting snapshot, if there is one
4923 */
4924 static int
zfs_ioc_promote(zfs_cmd_t * zc)4925 zfs_ioc_promote(zfs_cmd_t *zc)
4926 {
4927 char *cp;
4928
4929 /*
4930 * We don't need to unmount *all* the origin fs's snapshots, but
4931 * it's easier.
4932 */
4933 cp = strchr(zc->zc_value, '@');
4934 if (cp)
4935 *cp = '\0';
4936 (void) dmu_objset_find(zc->zc_value,
4937 zfs_unmount_snap_cb, NULL, DS_FIND_SNAPSHOTS);
4938 return (dsl_dataset_promote(zc->zc_name, zc->zc_string));
4939 }
4940
4941 /*
4942 * Retrieve a single {user|group}{used|quota}@... property.
4943 *
4944 * inputs:
4945 * zc_name name of filesystem
4946 * zc_objset_type zfs_userquota_prop_t
4947 * zc_value domain name (eg. "S-1-234-567-89")
4948 * zc_guid RID/UID/GID
4949 *
4950 * outputs:
4951 * zc_cookie property value
4952 */
4953 static int
zfs_ioc_userspace_one(zfs_cmd_t * zc)4954 zfs_ioc_userspace_one(zfs_cmd_t *zc)
4955 {
4956 zfsvfs_t *zfsvfs;
4957 int error;
4958
4959 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
4960 return (SET_ERROR(EINVAL));
4961
4962 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
4963 if (error != 0)
4964 return (error);
4965
4966 error = zfs_userspace_one(zfsvfs,
4967 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie);
4968 zfsvfs_rele(zfsvfs, FTAG);
4969
4970 return (error);
4971 }
4972
4973 /*
4974 * inputs:
4975 * zc_name name of filesystem
4976 * zc_cookie zap cursor
4977 * zc_objset_type zfs_userquota_prop_t
4978 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist)
4979 *
4980 * outputs:
4981 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t)
4982 * zc_cookie zap cursor
4983 */
4984 static int
zfs_ioc_userspace_many(zfs_cmd_t * zc)4985 zfs_ioc_userspace_many(zfs_cmd_t *zc)
4986 {
4987 zfsvfs_t *zfsvfs;
4988 int bufsize = zc->zc_nvlist_dst_size;
4989
4990 if (bufsize <= 0)
4991 return (SET_ERROR(ENOMEM));
4992
4993 int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
4994 if (error != 0)
4995 return (error);
4996
4997 void *buf = kmem_alloc(bufsize, KM_SLEEP);
4998
4999 error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie,
5000 buf, &zc->zc_nvlist_dst_size);
5001
5002 if (error == 0) {
5003 error = ddi_copyout(buf,
5004 (void *)(uintptr_t)zc->zc_nvlist_dst,
5005 zc->zc_nvlist_dst_size, zc->zc_iflags);
5006 }
5007 kmem_free(buf, bufsize);
5008 zfsvfs_rele(zfsvfs, FTAG);
5009
5010 return (error);
5011 }
5012
5013 /*
5014 * inputs:
5015 * zc_name name of filesystem
5016 *
5017 * outputs:
5018 * none
5019 */
5020 static int
zfs_ioc_userspace_upgrade(zfs_cmd_t * zc)5021 zfs_ioc_userspace_upgrade(zfs_cmd_t *zc)
5022 {
5023 objset_t *os;
5024 int error = 0;
5025 zfsvfs_t *zfsvfs;
5026
5027 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) {
5028 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) {
5029 /*
5030 * If userused is not enabled, it may be because the
5031 * objset needs to be closed & reopened (to grow the
5032 * objset_phys_t). Suspend/resume the fs will do that.
5033 */
5034 dsl_dataset_t *ds;
5035
5036 ds = dmu_objset_ds(zfsvfs->z_os);
5037 error = zfs_suspend_fs(zfsvfs);
5038 if (error == 0) {
5039 dmu_objset_refresh_ownership(zfsvfs->z_os,
5040 zfsvfs);
5041 error = zfs_resume_fs(zfsvfs, ds);
5042 }
5043 }
5044 if (error == 0)
5045 error = dmu_objset_userspace_upgrade(zfsvfs->z_os);
5046 #ifdef illumos
5047 VFS_RELE(zfsvfs->z_vfs);
5048 #else
5049 vfs_unbusy(zfsvfs->z_vfs);
5050 #endif
5051 } else {
5052 /* XXX kind of reading contents without owning */
5053 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
5054 if (error != 0)
5055 return (error);
5056
5057 error = dmu_objset_userspace_upgrade(os);
5058 dmu_objset_rele(os, FTAG);
5059 }
5060
5061 return (error);
5062 }
5063
5064 #ifdef illumos
5065 /*
5066 * We don't want to have a hard dependency
5067 * against some special symbols in sharefs
5068 * nfs, and smbsrv. Determine them if needed when
5069 * the first file system is shared.
5070 * Neither sharefs, nfs or smbsrv are unloadable modules.
5071 */
5072 int (*znfsexport_fs)(void *arg);
5073 int (*zshare_fs)(enum sharefs_sys_op, share_t *, uint32_t);
5074 int (*zsmbexport_fs)(void *arg, boolean_t add_share);
5075
5076 int zfs_nfsshare_inited;
5077 int zfs_smbshare_inited;
5078
5079 ddi_modhandle_t nfs_mod;
5080 ddi_modhandle_t sharefs_mod;
5081 ddi_modhandle_t smbsrv_mod;
5082 #endif /* illumos */
5083 kmutex_t zfs_share_lock;
5084
5085 #ifdef illumos
5086 static int
zfs_init_sharefs()5087 zfs_init_sharefs()
5088 {
5089 int error;
5090
5091 ASSERT(MUTEX_HELD(&zfs_share_lock));
5092 /* Both NFS and SMB shares also require sharetab support. */
5093 if (sharefs_mod == NULL && ((sharefs_mod =
5094 ddi_modopen("fs/sharefs",
5095 KRTLD_MODE_FIRST, &error)) == NULL)) {
5096 return (SET_ERROR(ENOSYS));
5097 }
5098 if (zshare_fs == NULL && ((zshare_fs =
5099 (int (*)(enum sharefs_sys_op, share_t *, uint32_t))
5100 ddi_modsym(sharefs_mod, "sharefs_impl", &error)) == NULL)) {
5101 return (SET_ERROR(ENOSYS));
5102 }
5103 return (0);
5104 }
5105 #endif /* illumos */
5106
5107 static int
zfs_ioc_share(zfs_cmd_t * zc)5108 zfs_ioc_share(zfs_cmd_t *zc)
5109 {
5110 #ifdef illumos
5111 int error;
5112 int opcode;
5113
5114 switch (zc->zc_share.z_sharetype) {
5115 case ZFS_SHARE_NFS:
5116 case ZFS_UNSHARE_NFS:
5117 if (zfs_nfsshare_inited == 0) {
5118 mutex_enter(&zfs_share_lock);
5119 if (nfs_mod == NULL && ((nfs_mod = ddi_modopen("fs/nfs",
5120 KRTLD_MODE_FIRST, &error)) == NULL)) {
5121 mutex_exit(&zfs_share_lock);
5122 return (SET_ERROR(ENOSYS));
5123 }
5124 if (znfsexport_fs == NULL &&
5125 ((znfsexport_fs = (int (*)(void *))
5126 ddi_modsym(nfs_mod,
5127 "nfs_export", &error)) == NULL)) {
5128 mutex_exit(&zfs_share_lock);
5129 return (SET_ERROR(ENOSYS));
5130 }
5131 error = zfs_init_sharefs();
5132 if (error != 0) {
5133 mutex_exit(&zfs_share_lock);
5134 return (SET_ERROR(ENOSYS));
5135 }
5136 zfs_nfsshare_inited = 1;
5137 mutex_exit(&zfs_share_lock);
5138 }
5139 break;
5140 case ZFS_SHARE_SMB:
5141 case ZFS_UNSHARE_SMB:
5142 if (zfs_smbshare_inited == 0) {
5143 mutex_enter(&zfs_share_lock);
5144 if (smbsrv_mod == NULL && ((smbsrv_mod =
5145 ddi_modopen("drv/smbsrv",
5146 KRTLD_MODE_FIRST, &error)) == NULL)) {
5147 mutex_exit(&zfs_share_lock);
5148 return (SET_ERROR(ENOSYS));
5149 }
5150 if (zsmbexport_fs == NULL && ((zsmbexport_fs =
5151 (int (*)(void *, boolean_t))ddi_modsym(smbsrv_mod,
5152 "smb_server_share", &error)) == NULL)) {
5153 mutex_exit(&zfs_share_lock);
5154 return (SET_ERROR(ENOSYS));
5155 }
5156 error = zfs_init_sharefs();
5157 if (error != 0) {
5158 mutex_exit(&zfs_share_lock);
5159 return (SET_ERROR(ENOSYS));
5160 }
5161 zfs_smbshare_inited = 1;
5162 mutex_exit(&zfs_share_lock);
5163 }
5164 break;
5165 default:
5166 return (SET_ERROR(EINVAL));
5167 }
5168
5169 switch (zc->zc_share.z_sharetype) {
5170 case ZFS_SHARE_NFS:
5171 case ZFS_UNSHARE_NFS:
5172 if (error =
5173 znfsexport_fs((void *)
5174 (uintptr_t)zc->zc_share.z_exportdata))
5175 return (error);
5176 break;
5177 case ZFS_SHARE_SMB:
5178 case ZFS_UNSHARE_SMB:
5179 if (error = zsmbexport_fs((void *)
5180 (uintptr_t)zc->zc_share.z_exportdata,
5181 zc->zc_share.z_sharetype == ZFS_SHARE_SMB ?
5182 B_TRUE: B_FALSE)) {
5183 return (error);
5184 }
5185 break;
5186 }
5187
5188 opcode = (zc->zc_share.z_sharetype == ZFS_SHARE_NFS ||
5189 zc->zc_share.z_sharetype == ZFS_SHARE_SMB) ?
5190 SHAREFS_ADD : SHAREFS_REMOVE;
5191
5192 /*
5193 * Add or remove share from sharetab
5194 */
5195 error = zshare_fs(opcode,
5196 (void *)(uintptr_t)zc->zc_share.z_sharedata,
5197 zc->zc_share.z_sharemax);
5198
5199 return (error);
5200
5201 #else /* !illumos */
5202 return (ENOSYS);
5203 #endif /* illumos */
5204 }
5205
5206 ace_t full_access[] = {
5207 {(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0}
5208 };
5209
5210 /*
5211 * inputs:
5212 * zc_name name of containing filesystem
5213 * zc_obj object # beyond which we want next in-use object #
5214 *
5215 * outputs:
5216 * zc_obj next in-use object #
5217 */
5218 static int
zfs_ioc_next_obj(zfs_cmd_t * zc)5219 zfs_ioc_next_obj(zfs_cmd_t *zc)
5220 {
5221 objset_t *os = NULL;
5222 int error;
5223
5224 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
5225 if (error != 0)
5226 return (error);
5227
5228 error = dmu_object_next(os, &zc->zc_obj, B_FALSE,
5229 dsl_dataset_phys(os->os_dsl_dataset)->ds_prev_snap_txg);
5230
5231 dmu_objset_rele(os, FTAG);
5232 return (error);
5233 }
5234
5235 /*
5236 * inputs:
5237 * zc_name name of filesystem
5238 * zc_value prefix name for snapshot
5239 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process
5240 *
5241 * outputs:
5242 * zc_value short name of new snapshot
5243 */
5244 static int
zfs_ioc_tmp_snapshot(zfs_cmd_t * zc)5245 zfs_ioc_tmp_snapshot(zfs_cmd_t *zc)
5246 {
5247 char *snap_name;
5248 char *hold_name;
5249 int error;
5250 minor_t minor;
5251
5252 error = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor);
5253 if (error != 0)
5254 return (error);
5255
5256 snap_name = kmem_asprintf("%s-%016llx", zc->zc_value,
5257 (u_longlong_t)ddi_get_lbolt64());
5258 hold_name = kmem_asprintf("%%%s", zc->zc_value);
5259
5260 error = dsl_dataset_snapshot_tmp(zc->zc_name, snap_name, minor,
5261 hold_name);
5262 if (error == 0)
5263 (void) strcpy(zc->zc_value, snap_name);
5264 strfree(snap_name);
5265 strfree(hold_name);
5266 zfs_onexit_fd_rele(zc->zc_cleanup_fd);
5267 return (error);
5268 }
5269
5270 /*
5271 * inputs:
5272 * zc_name name of "to" snapshot
5273 * zc_value name of "from" snapshot
5274 * zc_cookie file descriptor to write diff data on
5275 *
5276 * outputs:
5277 * dmu_diff_record_t's to the file descriptor
5278 */
5279 static int
zfs_ioc_diff(zfs_cmd_t * zc)5280 zfs_ioc_diff(zfs_cmd_t *zc)
5281 {
5282 file_t *fp;
5283 offset_t off;
5284 int error;
5285
5286 #ifdef __FreeBSD__
5287 cap_rights_t rights;
5288
5289 fget_write(curthread, zc->zc_cookie,
5290 cap_rights_init(&rights, CAP_WRITE), &fp);
5291 #else
5292 fp = getf(zc->zc_cookie);
5293 #endif
5294 if (fp == NULL)
5295 return (SET_ERROR(EBADF));
5296
5297 off = fp->f_offset;
5298
5299 error = dmu_diff(zc->zc_name, zc->zc_value, fp, &off);
5300
5301 if (off >= 0 && off <= MAXOFFSET_T)
5302 fp->f_offset = off;
5303 releasef(zc->zc_cookie);
5304
5305 return (error);
5306 }
5307
5308 #ifdef illumos
5309 /*
5310 * Remove all ACL files in shares dir
5311 */
5312 static int
zfs_smb_acl_purge(znode_t * dzp)5313 zfs_smb_acl_purge(znode_t *dzp)
5314 {
5315 zap_cursor_t zc;
5316 zap_attribute_t zap;
5317 zfsvfs_t *zfsvfs = dzp->z_zfsvfs;
5318 int error;
5319
5320 for (zap_cursor_init(&zc, zfsvfs->z_os, dzp->z_id);
5321 (error = zap_cursor_retrieve(&zc, &zap)) == 0;
5322 zap_cursor_advance(&zc)) {
5323 if ((error = VOP_REMOVE(ZTOV(dzp), zap.za_name, kcred,
5324 NULL, 0)) != 0)
5325 break;
5326 }
5327 zap_cursor_fini(&zc);
5328 return (error);
5329 }
5330 #endif /* illumos */
5331
5332 static int
zfs_ioc_smb_acl(zfs_cmd_t * zc)5333 zfs_ioc_smb_acl(zfs_cmd_t *zc)
5334 {
5335 #ifdef illumos
5336 vnode_t *vp;
5337 znode_t *dzp;
5338 vnode_t *resourcevp = NULL;
5339 znode_t *sharedir;
5340 zfsvfs_t *zfsvfs;
5341 nvlist_t *nvlist;
5342 char *src, *target;
5343 vattr_t vattr;
5344 vsecattr_t vsec;
5345 int error = 0;
5346
5347 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
5348 NO_FOLLOW, NULL, &vp)) != 0)
5349 return (error);
5350
5351 /* Now make sure mntpnt and dataset are ZFS */
5352
5353 if (strcmp(vp->v_vfsp->mnt_stat.f_fstypename, "zfs") != 0 ||
5354 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
5355 zc->zc_name) != 0)) {
5356 VN_RELE(vp);
5357 return (SET_ERROR(EINVAL));
5358 }
5359
5360 dzp = VTOZ(vp);
5361 zfsvfs = dzp->z_zfsvfs;
5362 ZFS_ENTER(zfsvfs);
5363
5364 /*
5365 * Create share dir if its missing.
5366 */
5367 mutex_enter(&zfsvfs->z_lock);
5368 if (zfsvfs->z_shares_dir == 0) {
5369 dmu_tx_t *tx;
5370
5371 tx = dmu_tx_create(zfsvfs->z_os);
5372 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, TRUE,
5373 ZFS_SHARES_DIR);
5374 dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL);
5375 error = dmu_tx_assign(tx, TXG_WAIT);
5376 if (error != 0) {
5377 dmu_tx_abort(tx);
5378 } else {
5379 error = zfs_create_share_dir(zfsvfs, tx);
5380 dmu_tx_commit(tx);
5381 }
5382 if (error != 0) {
5383 mutex_exit(&zfsvfs->z_lock);
5384 VN_RELE(vp);
5385 ZFS_EXIT(zfsvfs);
5386 return (error);
5387 }
5388 }
5389 mutex_exit(&zfsvfs->z_lock);
5390
5391 ASSERT(zfsvfs->z_shares_dir);
5392 if ((error = zfs_zget(zfsvfs, zfsvfs->z_shares_dir, &sharedir)) != 0) {
5393 VN_RELE(vp);
5394 ZFS_EXIT(zfsvfs);
5395 return (error);
5396 }
5397
5398 switch (zc->zc_cookie) {
5399 case ZFS_SMB_ACL_ADD:
5400 vattr.va_mask = AT_MODE|AT_UID|AT_GID|AT_TYPE;
5401 vattr.va_type = VREG;
5402 vattr.va_mode = S_IFREG|0777;
5403 vattr.va_uid = 0;
5404 vattr.va_gid = 0;
5405
5406 vsec.vsa_mask = VSA_ACE;
5407 vsec.vsa_aclentp = &full_access;
5408 vsec.vsa_aclentsz = sizeof (full_access);
5409 vsec.vsa_aclcnt = 1;
5410
5411 error = VOP_CREATE(ZTOV(sharedir), zc->zc_string,
5412 &vattr, EXCL, 0, &resourcevp, kcred, 0, NULL, &vsec);
5413 if (resourcevp)
5414 VN_RELE(resourcevp);
5415 break;
5416
5417 case ZFS_SMB_ACL_REMOVE:
5418 error = VOP_REMOVE(ZTOV(sharedir), zc->zc_string, kcred,
5419 NULL, 0);
5420 break;
5421
5422 case ZFS_SMB_ACL_RENAME:
5423 if ((error = get_nvlist(zc->zc_nvlist_src,
5424 zc->zc_nvlist_src_size, zc->zc_iflags, &nvlist)) != 0) {
5425 VN_RELE(vp);
5426 VN_RELE(ZTOV(sharedir));
5427 ZFS_EXIT(zfsvfs);
5428 return (error);
5429 }
5430 if (nvlist_lookup_string(nvlist, ZFS_SMB_ACL_SRC, &src) ||
5431 nvlist_lookup_string(nvlist, ZFS_SMB_ACL_TARGET,
5432 &target)) {
5433 VN_RELE(vp);
5434 VN_RELE(ZTOV(sharedir));
5435 ZFS_EXIT(zfsvfs);
5436 nvlist_free(nvlist);
5437 return (error);
5438 }
5439 error = VOP_RENAME(ZTOV(sharedir), src, ZTOV(sharedir), target,
5440 kcred, NULL, 0);
5441 nvlist_free(nvlist);
5442 break;
5443
5444 case ZFS_SMB_ACL_PURGE:
5445 error = zfs_smb_acl_purge(sharedir);
5446 break;
5447
5448 default:
5449 error = SET_ERROR(EINVAL);
5450 break;
5451 }
5452
5453 VN_RELE(vp);
5454 VN_RELE(ZTOV(sharedir));
5455
5456 ZFS_EXIT(zfsvfs);
5457
5458 return (error);
5459 #else /* !illumos */
5460 return (EOPNOTSUPP);
5461 #endif /* illumos */
5462 }
5463
5464 /*
5465 * innvl: {
5466 * "holds" -> { snapname -> holdname (string), ... }
5467 * (optional) "cleanup_fd" -> fd (int32)
5468 * }
5469 *
5470 * outnvl: {
5471 * snapname -> error value (int32)
5472 * ...
5473 * }
5474 */
5475 /* ARGSUSED */
5476 static int
zfs_ioc_hold(const char * pool,nvlist_t * args,nvlist_t * errlist)5477 zfs_ioc_hold(const char *pool, nvlist_t *args, nvlist_t *errlist)
5478 {
5479 nvpair_t *pair;
5480 nvlist_t *holds;
5481 int cleanup_fd = -1;
5482 int error;
5483 minor_t minor = 0;
5484
5485 error = nvlist_lookup_nvlist(args, "holds", &holds);
5486 if (error != 0)
5487 return (SET_ERROR(EINVAL));
5488
5489 /* make sure the user didn't pass us any invalid (empty) tags */
5490 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL;
5491 pair = nvlist_next_nvpair(holds, pair)) {
5492 char *htag;
5493
5494 error = nvpair_value_string(pair, &htag);
5495 if (error != 0)
5496 return (SET_ERROR(error));
5497
5498 if (strlen(htag) == 0)
5499 return (SET_ERROR(EINVAL));
5500 }
5501
5502 if (nvlist_lookup_int32(args, "cleanup_fd", &cleanup_fd) == 0) {
5503 error = zfs_onexit_fd_hold(cleanup_fd, &minor);
5504 if (error != 0)
5505 return (error);
5506 }
5507
5508 error = dsl_dataset_user_hold(holds, minor, errlist);
5509 if (minor != 0)
5510 zfs_onexit_fd_rele(cleanup_fd);
5511 return (error);
5512 }
5513
5514 /*
5515 * innvl is not used.
5516 *
5517 * outnvl: {
5518 * holdname -> time added (uint64 seconds since epoch)
5519 * ...
5520 * }
5521 */
5522 /* ARGSUSED */
5523 static int
zfs_ioc_get_holds(const char * snapname,nvlist_t * args,nvlist_t * outnvl)5524 zfs_ioc_get_holds(const char *snapname, nvlist_t *args, nvlist_t *outnvl)
5525 {
5526 return (dsl_dataset_get_holds(snapname, outnvl));
5527 }
5528
5529 /*
5530 * innvl: {
5531 * snapname -> { holdname, ... }
5532 * ...
5533 * }
5534 *
5535 * outnvl: {
5536 * snapname -> error value (int32)
5537 * ...
5538 * }
5539 */
5540 /* ARGSUSED */
5541 static int
zfs_ioc_release(const char * pool,nvlist_t * holds,nvlist_t * errlist)5542 zfs_ioc_release(const char *pool, nvlist_t *holds, nvlist_t *errlist)
5543 {
5544 return (dsl_dataset_user_release(holds, errlist));
5545 }
5546
5547 /*
5548 * inputs:
5549 * zc_name name of new filesystem or snapshot
5550 * zc_value full name of old snapshot
5551 *
5552 * outputs:
5553 * zc_cookie space in bytes
5554 * zc_objset_type compressed space in bytes
5555 * zc_perm_action uncompressed space in bytes
5556 */
5557 static int
zfs_ioc_space_written(zfs_cmd_t * zc)5558 zfs_ioc_space_written(zfs_cmd_t *zc)
5559 {
5560 int error;
5561 dsl_pool_t *dp;
5562 dsl_dataset_t *new, *old;
5563
5564 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
5565 if (error != 0)
5566 return (error);
5567 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &new);
5568 if (error != 0) {
5569 dsl_pool_rele(dp, FTAG);
5570 return (error);
5571 }
5572 error = dsl_dataset_hold(dp, zc->zc_value, FTAG, &old);
5573 if (error != 0) {
5574 dsl_dataset_rele(new, FTAG);
5575 dsl_pool_rele(dp, FTAG);
5576 return (error);
5577 }
5578
5579 error = dsl_dataset_space_written(old, new, &zc->zc_cookie,
5580 &zc->zc_objset_type, &zc->zc_perm_action);
5581 dsl_dataset_rele(old, FTAG);
5582 dsl_dataset_rele(new, FTAG);
5583 dsl_pool_rele(dp, FTAG);
5584 return (error);
5585 }
5586
5587 /*
5588 * innvl: {
5589 * "firstsnap" -> snapshot name
5590 * }
5591 *
5592 * outnvl: {
5593 * "used" -> space in bytes
5594 * "compressed" -> compressed space in bytes
5595 * "uncompressed" -> uncompressed space in bytes
5596 * }
5597 */
5598 static int
zfs_ioc_space_snaps(const char * lastsnap,nvlist_t * innvl,nvlist_t * outnvl)5599 zfs_ioc_space_snaps(const char *lastsnap, nvlist_t *innvl, nvlist_t *outnvl)
5600 {
5601 int error;
5602 dsl_pool_t *dp;
5603 dsl_dataset_t *new, *old;
5604 char *firstsnap;
5605 uint64_t used, comp, uncomp;
5606
5607 if (nvlist_lookup_string(innvl, "firstsnap", &firstsnap) != 0)
5608 return (SET_ERROR(EINVAL));
5609
5610 error = dsl_pool_hold(lastsnap, FTAG, &dp);
5611 if (error != 0)
5612 return (error);
5613
5614 error = dsl_dataset_hold(dp, lastsnap, FTAG, &new);
5615 if (error == 0 && !new->ds_is_snapshot) {
5616 dsl_dataset_rele(new, FTAG);
5617 error = SET_ERROR(EINVAL);
5618 }
5619 if (error != 0) {
5620 dsl_pool_rele(dp, FTAG);
5621 return (error);
5622 }
5623 error = dsl_dataset_hold(dp, firstsnap, FTAG, &old);
5624 if (error == 0 && !old->ds_is_snapshot) {
5625 dsl_dataset_rele(old, FTAG);
5626 error = SET_ERROR(EINVAL);
5627 }
5628 if (error != 0) {
5629 dsl_dataset_rele(new, FTAG);
5630 dsl_pool_rele(dp, FTAG);
5631 return (error);
5632 }
5633
5634 error = dsl_dataset_space_wouldfree(old, new, &used, &comp, &uncomp);
5635 dsl_dataset_rele(old, FTAG);
5636 dsl_dataset_rele(new, FTAG);
5637 dsl_pool_rele(dp, FTAG);
5638 fnvlist_add_uint64(outnvl, "used", used);
5639 fnvlist_add_uint64(outnvl, "compressed", comp);
5640 fnvlist_add_uint64(outnvl, "uncompressed", uncomp);
5641 return (error);
5642 }
5643
5644 #ifdef __FreeBSD__
5645
5646 static int
zfs_ioc_jail(zfs_cmd_t * zc)5647 zfs_ioc_jail(zfs_cmd_t *zc)
5648 {
5649
5650 return (zone_dataset_attach(curthread->td_ucred, zc->zc_name,
5651 (int)zc->zc_jailid));
5652 }
5653
5654 static int
zfs_ioc_unjail(zfs_cmd_t * zc)5655 zfs_ioc_unjail(zfs_cmd_t *zc)
5656 {
5657
5658 return (zone_dataset_detach(curthread->td_ucred, zc->zc_name,
5659 (int)zc->zc_jailid));
5660 }
5661
5662 #endif
5663
5664 /*
5665 * innvl: {
5666 * "fd" -> file descriptor to write stream to (int32)
5667 * (optional) "fromsnap" -> full snap name to send an incremental from
5668 * (optional) "largeblockok" -> (value ignored)
5669 * indicates that blocks > 128KB are permitted
5670 * (optional) "embedok" -> (value ignored)
5671 * presence indicates DRR_WRITE_EMBEDDED records are permitted
5672 * (optional) "resume_object" and "resume_offset" -> (uint64)
5673 * if present, resume send stream from specified object and offset.
5674 * }
5675 *
5676 * outnvl is unused
5677 */
5678 /* ARGSUSED */
5679 static int
zfs_ioc_send_new(const char * snapname,nvlist_t * innvl,nvlist_t * outnvl)5680 zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
5681 {
5682 int error;
5683 offset_t off;
5684 char *fromname = NULL;
5685 int fd;
5686 boolean_t largeblockok;
5687 boolean_t embedok;
5688 uint64_t resumeobj = 0;
5689 uint64_t resumeoff = 0;
5690
5691 error = nvlist_lookup_int32(innvl, "fd", &fd);
5692 if (error != 0)
5693 return (SET_ERROR(EINVAL));
5694
5695 (void) nvlist_lookup_string(innvl, "fromsnap", &fromname);
5696
5697 largeblockok = nvlist_exists(innvl, "largeblockok");
5698 embedok = nvlist_exists(innvl, "embedok");
5699
5700 (void) nvlist_lookup_uint64(innvl, "resume_object", &resumeobj);
5701 (void) nvlist_lookup_uint64(innvl, "resume_offset", &resumeoff);
5702
5703 #ifdef __FreeBSD__
5704 cap_rights_t rights;
5705
5706 fget_write(curthread, fd, cap_rights_init(&rights, CAP_WRITE), &fp);
5707 #else
5708 file_t *fp = getf(fd);
5709 #endif
5710 if (fp == NULL)
5711 return (SET_ERROR(EBADF));
5712
5713 off = fp->f_offset;
5714 error = dmu_send(snapname, fromname, embedok, largeblockok, fd,
5715 #ifdef illumos
5716 resumeobj, resumeoff, fp->f_vnode, &off);
5717 #else
5718 resumeobj, resumeoff, fp, &off);
5719 #endif
5720
5721 #ifdef illumos
5722 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
5723 fp->f_offset = off;
5724 #else
5725 fp->f_offset = off;
5726 #endif
5727
5728 releasef(fd);
5729 return (error);
5730 }
5731
5732 /*
5733 * Determine approximately how large a zfs send stream will be -- the number
5734 * of bytes that will be written to the fd supplied to zfs_ioc_send_new().
5735 *
5736 * innvl: {
5737 * (optional) "from" -> full snap or bookmark name to send an incremental
5738 * from
5739 * }
5740 *
5741 * outnvl: {
5742 * "space" -> bytes of space (uint64)
5743 * }
5744 */
5745 static int
zfs_ioc_send_space(const char * snapname,nvlist_t * innvl,nvlist_t * outnvl)5746 zfs_ioc_send_space(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
5747 {
5748 dsl_pool_t *dp;
5749 dsl_dataset_t *tosnap;
5750 int error;
5751 char *fromname;
5752 uint64_t space;
5753
5754 error = dsl_pool_hold(snapname, FTAG, &dp);
5755 if (error != 0)
5756 return (error);
5757
5758 error = dsl_dataset_hold(dp, snapname, FTAG, &tosnap);
5759 if (error != 0) {
5760 dsl_pool_rele(dp, FTAG);
5761 return (error);
5762 }
5763
5764 error = nvlist_lookup_string(innvl, "from", &fromname);
5765 if (error == 0) {
5766 if (strchr(fromname, '@') != NULL) {
5767 /*
5768 * If from is a snapshot, hold it and use the more
5769 * efficient dmu_send_estimate to estimate send space
5770 * size using deadlists.
5771 */
5772 dsl_dataset_t *fromsnap;
5773 error = dsl_dataset_hold(dp, fromname, FTAG, &fromsnap);
5774 if (error != 0)
5775 goto out;
5776 error = dmu_send_estimate(tosnap, fromsnap, &space);
5777 dsl_dataset_rele(fromsnap, FTAG);
5778 } else if (strchr(fromname, '#') != NULL) {
5779 /*
5780 * If from is a bookmark, fetch the creation TXG of the
5781 * snapshot it was created from and use that to find
5782 * blocks that were born after it.
5783 */
5784 zfs_bookmark_phys_t frombm;
5785
5786 error = dsl_bookmark_lookup(dp, fromname, tosnap,
5787 &frombm);
5788 if (error != 0)
5789 goto out;
5790 error = dmu_send_estimate_from_txg(tosnap,
5791 frombm.zbm_creation_txg, &space);
5792 } else {
5793 /*
5794 * from is not properly formatted as a snapshot or
5795 * bookmark
5796 */
5797 error = SET_ERROR(EINVAL);
5798 goto out;
5799 }
5800 } else {
5801 // If estimating the size of a full send, use dmu_send_estimate
5802 error = dmu_send_estimate(tosnap, NULL, &space);
5803 }
5804
5805 fnvlist_add_uint64(outnvl, "space", space);
5806
5807 out:
5808 dsl_dataset_rele(tosnap, FTAG);
5809 dsl_pool_rele(dp, FTAG);
5810 return (error);
5811 }
5812
5813 static zfs_ioc_vec_t zfs_ioc_vec[ZFS_IOC_LAST - ZFS_IOC_FIRST];
5814
5815 static void
zfs_ioctl_register_legacy(zfs_ioc_t ioc,zfs_ioc_legacy_func_t * func,zfs_secpolicy_func_t * secpolicy,zfs_ioc_namecheck_t namecheck,boolean_t log_history,zfs_ioc_poolcheck_t pool_check)5816 zfs_ioctl_register_legacy(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5817 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
5818 boolean_t log_history, zfs_ioc_poolcheck_t pool_check)
5819 {
5820 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
5821
5822 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
5823 ASSERT3U(ioc, <, ZFS_IOC_LAST);
5824 ASSERT3P(vec->zvec_legacy_func, ==, NULL);
5825 ASSERT3P(vec->zvec_func, ==, NULL);
5826
5827 vec->zvec_legacy_func = func;
5828 vec->zvec_secpolicy = secpolicy;
5829 vec->zvec_namecheck = namecheck;
5830 vec->zvec_allow_log = log_history;
5831 vec->zvec_pool_check = pool_check;
5832 }
5833
5834 /*
5835 * See the block comment at the beginning of this file for details on
5836 * each argument to this function.
5837 */
5838 static void
zfs_ioctl_register(const char * name,zfs_ioc_t ioc,zfs_ioc_func_t * func,zfs_secpolicy_func_t * secpolicy,zfs_ioc_namecheck_t namecheck,zfs_ioc_poolcheck_t pool_check,boolean_t smush_outnvlist,boolean_t allow_log)5839 zfs_ioctl_register(const char *name, zfs_ioc_t ioc, zfs_ioc_func_t *func,
5840 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
5841 zfs_ioc_poolcheck_t pool_check, boolean_t smush_outnvlist,
5842 boolean_t allow_log)
5843 {
5844 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
5845
5846 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
5847 ASSERT3U(ioc, <, ZFS_IOC_LAST);
5848 ASSERT3P(vec->zvec_legacy_func, ==, NULL);
5849 ASSERT3P(vec->zvec_func, ==, NULL);
5850
5851 /* if we are logging, the name must be valid */
5852 ASSERT(!allow_log || namecheck != NO_NAME);
5853
5854 vec->zvec_name = name;
5855 vec->zvec_func = func;
5856 vec->zvec_secpolicy = secpolicy;
5857 vec->zvec_namecheck = namecheck;
5858 vec->zvec_pool_check = pool_check;
5859 vec->zvec_smush_outnvlist = smush_outnvlist;
5860 vec->zvec_allow_log = allow_log;
5861 }
5862
5863 static void
zfs_ioctl_register_pool(zfs_ioc_t ioc,zfs_ioc_legacy_func_t * func,zfs_secpolicy_func_t * secpolicy,boolean_t log_history,zfs_ioc_poolcheck_t pool_check)5864 zfs_ioctl_register_pool(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5865 zfs_secpolicy_func_t *secpolicy, boolean_t log_history,
5866 zfs_ioc_poolcheck_t pool_check)
5867 {
5868 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5869 POOL_NAME, log_history, pool_check);
5870 }
5871
5872 static void
zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc,zfs_ioc_legacy_func_t * func,zfs_secpolicy_func_t * secpolicy,zfs_ioc_poolcheck_t pool_check)5873 zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5874 zfs_secpolicy_func_t *secpolicy, zfs_ioc_poolcheck_t pool_check)
5875 {
5876 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5877 DATASET_NAME, B_FALSE, pool_check);
5878 }
5879
5880 static void
zfs_ioctl_register_pool_modify(zfs_ioc_t ioc,zfs_ioc_legacy_func_t * func)5881 zfs_ioctl_register_pool_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
5882 {
5883 zfs_ioctl_register_legacy(ioc, func, zfs_secpolicy_config,
5884 POOL_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5885 }
5886
5887 static void
zfs_ioctl_register_pool_meta(zfs_ioc_t ioc,zfs_ioc_legacy_func_t * func,zfs_secpolicy_func_t * secpolicy)5888 zfs_ioctl_register_pool_meta(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5889 zfs_secpolicy_func_t *secpolicy)
5890 {
5891 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5892 NO_NAME, B_FALSE, POOL_CHECK_NONE);
5893 }
5894
5895 static void
zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc,zfs_ioc_legacy_func_t * func,zfs_secpolicy_func_t * secpolicy)5896 zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc,
5897 zfs_ioc_legacy_func_t *func, zfs_secpolicy_func_t *secpolicy)
5898 {
5899 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5900 DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED);
5901 }
5902
5903 static void
zfs_ioctl_register_dataset_read(zfs_ioc_t ioc,zfs_ioc_legacy_func_t * func)5904 zfs_ioctl_register_dataset_read(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
5905 {
5906 zfs_ioctl_register_dataset_read_secpolicy(ioc, func,
5907 zfs_secpolicy_read);
5908 }
5909
5910 static void
zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc,zfs_ioc_legacy_func_t * func,zfs_secpolicy_func_t * secpolicy)5911 zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5912 zfs_secpolicy_func_t *secpolicy)
5913 {
5914 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5915 DATASET_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5916 }
5917
5918 static void
zfs_ioctl_init(void)5919 zfs_ioctl_init(void)
5920 {
5921 zfs_ioctl_register("snapshot", ZFS_IOC_SNAPSHOT,
5922 zfs_ioc_snapshot, zfs_secpolicy_snapshot, POOL_NAME,
5923 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5924
5925 zfs_ioctl_register("log_history", ZFS_IOC_LOG_HISTORY,
5926 zfs_ioc_log_history, zfs_secpolicy_log_history, NO_NAME,
5927 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE);
5928
5929 zfs_ioctl_register("space_snaps", ZFS_IOC_SPACE_SNAPS,
5930 zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME,
5931 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5932
5933 zfs_ioctl_register("send", ZFS_IOC_SEND_NEW,
5934 zfs_ioc_send_new, zfs_secpolicy_send_new, DATASET_NAME,
5935 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5936
5937 zfs_ioctl_register("send_space", ZFS_IOC_SEND_SPACE,
5938 zfs_ioc_send_space, zfs_secpolicy_read, DATASET_NAME,
5939 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5940
5941 zfs_ioctl_register("create", ZFS_IOC_CREATE,
5942 zfs_ioc_create, zfs_secpolicy_create_clone, DATASET_NAME,
5943 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5944
5945 zfs_ioctl_register("clone", ZFS_IOC_CLONE,
5946 zfs_ioc_clone, zfs_secpolicy_create_clone, DATASET_NAME,
5947 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5948
5949 zfs_ioctl_register("destroy_snaps", ZFS_IOC_DESTROY_SNAPS,
5950 zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, POOL_NAME,
5951 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5952
5953 zfs_ioctl_register("hold", ZFS_IOC_HOLD,
5954 zfs_ioc_hold, zfs_secpolicy_hold, POOL_NAME,
5955 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5956 zfs_ioctl_register("release", ZFS_IOC_RELEASE,
5957 zfs_ioc_release, zfs_secpolicy_release, POOL_NAME,
5958 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5959
5960 zfs_ioctl_register("get_holds", ZFS_IOC_GET_HOLDS,
5961 zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME,
5962 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5963
5964 zfs_ioctl_register("rollback", ZFS_IOC_ROLLBACK,
5965 zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME,
5966 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE);
5967
5968 zfs_ioctl_register("bookmark", ZFS_IOC_BOOKMARK,
5969 zfs_ioc_bookmark, zfs_secpolicy_bookmark, POOL_NAME,
5970 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5971
5972 zfs_ioctl_register("get_bookmarks", ZFS_IOC_GET_BOOKMARKS,
5973 zfs_ioc_get_bookmarks, zfs_secpolicy_read, DATASET_NAME,
5974 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5975
5976 zfs_ioctl_register("destroy_bookmarks", ZFS_IOC_DESTROY_BOOKMARKS,
5977 zfs_ioc_destroy_bookmarks, zfs_secpolicy_destroy_bookmarks,
5978 POOL_NAME,
5979 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5980
5981 /* IOCTLS that use the legacy function signature */
5982
5983 zfs_ioctl_register_legacy(ZFS_IOC_POOL_FREEZE, zfs_ioc_pool_freeze,
5984 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_READONLY);
5985
5986 zfs_ioctl_register_pool(ZFS_IOC_POOL_CREATE, zfs_ioc_pool_create,
5987 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
5988 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SCAN,
5989 zfs_ioc_pool_scan);
5990 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_UPGRADE,
5991 zfs_ioc_pool_upgrade);
5992 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ADD,
5993 zfs_ioc_vdev_add);
5994 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_REMOVE,
5995 zfs_ioc_vdev_remove);
5996 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SET_STATE,
5997 zfs_ioc_vdev_set_state);
5998 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ATTACH,
5999 zfs_ioc_vdev_attach);
6000 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_DETACH,
6001 zfs_ioc_vdev_detach);
6002 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETPATH,
6003 zfs_ioc_vdev_setpath);
6004 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETFRU,
6005 zfs_ioc_vdev_setfru);
6006 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SET_PROPS,
6007 zfs_ioc_pool_set_props);
6008 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SPLIT,
6009 zfs_ioc_vdev_split);
6010 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_REGUID,
6011 zfs_ioc_pool_reguid);
6012
6013 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_CONFIGS,
6014 zfs_ioc_pool_configs, zfs_secpolicy_none);
6015 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_TRYIMPORT,
6016 zfs_ioc_pool_tryimport, zfs_secpolicy_config);
6017 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_FAULT,
6018 zfs_ioc_inject_fault, zfs_secpolicy_inject);
6019 zfs_ioctl_register_pool_meta(ZFS_IOC_CLEAR_FAULT,
6020 zfs_ioc_clear_fault, zfs_secpolicy_inject);
6021 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_LIST_NEXT,
6022 zfs_ioc_inject_list_next, zfs_secpolicy_inject);
6023
6024 /*
6025 * pool destroy, and export don't log the history as part of
6026 * zfsdev_ioctl, but rather zfs_ioc_pool_export
6027 * does the logging of those commands.
6028 */
6029 zfs_ioctl_register_pool(ZFS_IOC_POOL_DESTROY, zfs_ioc_pool_destroy,
6030 zfs_secpolicy_config, B_FALSE, POOL_CHECK_NONE);
6031 zfs_ioctl_register_pool(ZFS_IOC_POOL_EXPORT, zfs_ioc_pool_export,
6032 zfs_secpolicy_config, B_FALSE, POOL_CHECK_NONE);
6033
6034 zfs_ioctl_register_pool(ZFS_IOC_POOL_STATS, zfs_ioc_pool_stats,
6035 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
6036 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_PROPS, zfs_ioc_pool_get_props,
6037 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
6038
6039 zfs_ioctl_register_pool(ZFS_IOC_ERROR_LOG, zfs_ioc_error_log,
6040 zfs_secpolicy_inject, B_FALSE, POOL_CHECK_NONE);
6041 zfs_ioctl_register_pool(ZFS_IOC_DSOBJ_TO_DSNAME,
6042 zfs_ioc_dsobj_to_dsname,
6043 zfs_secpolicy_diff, B_FALSE, POOL_CHECK_NONE);
6044 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_HISTORY,
6045 zfs_ioc_pool_get_history,
6046 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
6047
6048 zfs_ioctl_register_pool(ZFS_IOC_POOL_IMPORT, zfs_ioc_pool_import,
6049 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
6050
6051 zfs_ioctl_register_pool(ZFS_IOC_CLEAR, zfs_ioc_clear,
6052 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
6053 zfs_ioctl_register_pool(ZFS_IOC_POOL_REOPEN, zfs_ioc_pool_reopen,
6054 zfs_secpolicy_config, B_TRUE, POOL_CHECK_SUSPENDED);
6055
6056 zfs_ioctl_register_dataset_read(ZFS_IOC_SPACE_WRITTEN,
6057 zfs_ioc_space_written);
6058 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_RECVD_PROPS,
6059 zfs_ioc_objset_recvd_props);
6060 zfs_ioctl_register_dataset_read(ZFS_IOC_NEXT_OBJ,
6061 zfs_ioc_next_obj);
6062 zfs_ioctl_register_dataset_read(ZFS_IOC_GET_FSACL,
6063 zfs_ioc_get_fsacl);
6064 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_STATS,
6065 zfs_ioc_objset_stats);
6066 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_ZPLPROPS,
6067 zfs_ioc_objset_zplprops);
6068 zfs_ioctl_register_dataset_read(ZFS_IOC_DATASET_LIST_NEXT,
6069 zfs_ioc_dataset_list_next);
6070 zfs_ioctl_register_dataset_read(ZFS_IOC_SNAPSHOT_LIST_NEXT,
6071 zfs_ioc_snapshot_list_next);
6072 zfs_ioctl_register_dataset_read(ZFS_IOC_SEND_PROGRESS,
6073 zfs_ioc_send_progress);
6074
6075 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_DIFF,
6076 zfs_ioc_diff, zfs_secpolicy_diff);
6077 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_STATS,
6078 zfs_ioc_obj_to_stats, zfs_secpolicy_diff);
6079 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_PATH,
6080 zfs_ioc_obj_to_path, zfs_secpolicy_diff);
6081 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_ONE,
6082 zfs_ioc_userspace_one, zfs_secpolicy_userspace_one);
6083 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_MANY,
6084 zfs_ioc_userspace_many, zfs_secpolicy_userspace_many);
6085 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_SEND,
6086 zfs_ioc_send, zfs_secpolicy_send);
6087
6088 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_PROP, zfs_ioc_set_prop,
6089 zfs_secpolicy_none);
6090 zfs_ioctl_register_dataset_modify(ZFS_IOC_DESTROY, zfs_ioc_destroy,
6091 zfs_secpolicy_destroy);
6092 zfs_ioctl_register_dataset_modify(ZFS_IOC_RENAME, zfs_ioc_rename,
6093 zfs_secpolicy_rename);
6094 zfs_ioctl_register_dataset_modify(ZFS_IOC_RECV, zfs_ioc_recv,
6095 zfs_secpolicy_recv);
6096 zfs_ioctl_register_dataset_modify(ZFS_IOC_PROMOTE, zfs_ioc_promote,
6097 zfs_secpolicy_promote);
6098 zfs_ioctl_register_dataset_modify(ZFS_IOC_INHERIT_PROP,
6099 zfs_ioc_inherit_prop, zfs_secpolicy_inherit_prop);
6100 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_FSACL, zfs_ioc_set_fsacl,
6101 zfs_secpolicy_set_fsacl);
6102
6103 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SHARE, zfs_ioc_share,
6104 zfs_secpolicy_share, POOL_CHECK_NONE);
6105 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SMB_ACL, zfs_ioc_smb_acl,
6106 zfs_secpolicy_smb_acl, POOL_CHECK_NONE);
6107 zfs_ioctl_register_dataset_nolog(ZFS_IOC_USERSPACE_UPGRADE,
6108 zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade,
6109 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
6110 zfs_ioctl_register_dataset_nolog(ZFS_IOC_TMP_SNAPSHOT,
6111 zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot,
6112 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
6113
6114 #ifdef __FreeBSD__
6115 zfs_ioctl_register_dataset_nolog(ZFS_IOC_JAIL, zfs_ioc_jail,
6116 zfs_secpolicy_config, POOL_CHECK_NONE);
6117 zfs_ioctl_register_dataset_nolog(ZFS_IOC_UNJAIL, zfs_ioc_unjail,
6118 zfs_secpolicy_config, POOL_CHECK_NONE);
6119 zfs_ioctl_register("fbsd_nextboot", ZFS_IOC_NEXTBOOT,
6120 zfs_ioc_nextboot, zfs_secpolicy_config, NO_NAME,
6121 POOL_CHECK_NONE, B_FALSE, B_FALSE);
6122 #endif
6123 }
6124
6125 int
pool_status_check(const char * name,zfs_ioc_namecheck_t type,zfs_ioc_poolcheck_t check)6126 pool_status_check(const char *name, zfs_ioc_namecheck_t type,
6127 zfs_ioc_poolcheck_t check)
6128 {
6129 spa_t *spa;
6130 int error;
6131
6132 ASSERT(type == POOL_NAME || type == DATASET_NAME);
6133
6134 if (check & POOL_CHECK_NONE)
6135 return (0);
6136
6137 error = spa_open(name, &spa, FTAG);
6138 if (error == 0) {
6139 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa))
6140 error = SET_ERROR(EAGAIN);
6141 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa))
6142 error = SET_ERROR(EROFS);
6143 spa_close(spa, FTAG);
6144 }
6145 return (error);
6146 }
6147
6148 /*
6149 * Find a free minor number.
6150 */
6151 minor_t
zfsdev_minor_alloc(void)6152 zfsdev_minor_alloc(void)
6153 {
6154 static minor_t last_minor;
6155 minor_t m;
6156
6157 #ifndef __NetBSD__
6158 ASSERT(MUTEX_HELD(&spa_namespace_lock));
6159 #endif
6160
6161 for (m = last_minor + 1; m != last_minor; m++) {
6162 if (m > ZFSDEV_MAX_MINOR)
6163 m = 1;
6164 if (ddi_get_soft_state(zfsdev_state, m) == NULL) {
6165 last_minor = m;
6166 return (m);
6167 }
6168 }
6169
6170 return (0);
6171 }
6172
6173 #ifdef __FreeBSD__
6174 static int
zfs_ctldev_init(struct cdev * devp)6175 zfs_ctldev_init(struct cdev *devp)
6176 #else
6177 static int
6178 zfs_ctldev_init(dev_t *devp)
6179 #endif
6180 {
6181 minor_t minor;
6182 zfs_soft_state_t *zs;
6183
6184 ASSERT(MUTEX_HELD(&spa_namespace_lock));
6185
6186 minor = zfsdev_minor_alloc();
6187 if (minor == 0)
6188 return (SET_ERROR(ENXIO));
6189
6190 if (ddi_soft_state_zalloc(zfsdev_state, minor) != DDI_SUCCESS)
6191 return (SET_ERROR(EAGAIN));
6192
6193 #ifdef __FreeBSD__
6194 devfs_set_cdevpriv((void *)(uintptr_t)minor, zfsdev_close);
6195 #else
6196 *devp = makedev(major(*devp), minor);
6197 #endif
6198
6199 zs = ddi_get_soft_state(zfsdev_state, minor);
6200 zs->zss_type = ZSST_CTLDEV;
6201 zfs_onexit_init((zfs_onexit_t **)&zs->zss_data);
6202
6203 return (0);
6204 }
6205
6206 static void
zfs_ctldev_destroy(zfs_onexit_t * zo,minor_t minor)6207 zfs_ctldev_destroy(zfs_onexit_t *zo, minor_t minor)
6208 {
6209 ASSERT(MUTEX_HELD(&spa_namespace_lock));
6210
6211 zfs_onexit_destroy(zo);
6212 ddi_soft_state_free(zfsdev_state, minor);
6213 }
6214
6215 void *
zfsdev_get_soft_state(minor_t minor,enum zfs_soft_state_type which)6216 zfsdev_get_soft_state(minor_t minor, enum zfs_soft_state_type which)
6217 {
6218 zfs_soft_state_t *zp;
6219
6220 zp = ddi_get_soft_state(zfsdev_state, minor);
6221 if (zp == NULL || zp->zss_type != which)
6222 return (NULL);
6223
6224 return (zp->zss_data);
6225 }
6226
6227 #ifdef __FreeBSD__
6228 static int
zfsdev_open(struct cdev * devp,int flag,int mode,struct thread * td)6229 zfsdev_open(struct cdev *devp, int flag, int mode, struct thread *td)
6230 #endif
6231 #ifdef __NetBSD__
6232 static int
6233 zfsdev_open(dev_t *devp, int flag, int otyp, cred_t *cr)
6234 #endif
6235 {
6236 int error = 0;
6237
6238 #ifndef __FreeBSD__
6239 if (getminor(*devp) != 0)
6240 return (zvol_open(devp, flag, otyp, cr));
6241 #endif
6242
6243 /* This is the control device. Allocate a new minor if requested. */
6244 if (flag & FEXCL) {
6245 mutex_enter(&spa_namespace_lock);
6246 error = zfs_ctldev_init(devp);
6247 mutex_exit(&spa_namespace_lock);
6248 }
6249
6250 return (error);
6251 }
6252
6253 #ifdef __FreeBSD__
6254 static void
zfsdev_close(void * data)6255 zfsdev_close(void *data)
6256 #endif
6257 #ifdef __NetBSD__
6258 static int
6259 zfsdev_close(dev_t dev, int flag, int otyp, cred_t *cr)
6260 #endif
6261 {
6262 zfs_onexit_t *zo;
6263 #ifdef __FreeBSD__
6264 minor_t minor = (minor_t)(uintptr_t)data;
6265 #endif
6266 #ifdef __NetBSD__
6267 minor_t minor = getminor(dev);
6268 #endif
6269
6270 if (minor == 0)
6271 #ifdef __FreeBSD__
6272 return;
6273 #else
6274 return (0);
6275 #endif
6276
6277 mutex_enter(&spa_namespace_lock);
6278 zo = zfsdev_get_soft_state(minor, ZSST_CTLDEV);
6279 if (zo == NULL) {
6280 mutex_exit(&spa_namespace_lock);
6281 #ifdef __FreeBSD__
6282 return;
6283 #else
6284 return zvol_close(dev, flag, otyp, cr);
6285 return 0;
6286 #endif
6287 }
6288 zfs_ctldev_destroy(zo, minor);
6289 mutex_exit(&spa_namespace_lock);
6290
6291 #ifndef __FreeBSD__
6292 return (0);
6293 #endif
6294 }
6295
6296 #ifdef __FreeBSD__
6297 static int
zfsdev_ioctl(struct cdev * dev,u_long zcmd,caddr_t arg,int flag,struct thread * td)6298 zfsdev_ioctl(struct cdev *dev, u_long zcmd, caddr_t arg, int flag,
6299 struct thread *td)
6300 #endif
6301 #ifdef __NetBSD__
6302 static int
6303 zfsdev_ioctl(dev_t dev, u_long zcmd, intptr_t iarg, int flag, cred_t *cr, int *rvalp)
6304 #endif
6305 {
6306 zfs_cmd_t *zc;
6307 uint_t vecnum;
6308 int error, rc, len;
6309 zfs_iocparm_t *zc_iocparm;
6310 int cflag, cmd, oldvecnum;
6311 boolean_t newioc, compat;
6312 void *compat_zc = NULL;
6313 #ifdef __FreeBSD__
6314 cred_t *cr = td->td_ucred;
6315 #endif
6316 const zfs_ioc_vec_t *vec;
6317 char *saved_poolname = NULL;
6318 nvlist_t *innvl = NULL;
6319 #ifdef __NetBSD__
6320 caddr_t arg = (caddr_t)iarg;
6321 #endif
6322
6323 #if defined(illumos) || defined(__NetBSD__)
6324 minor_t minor = getminor(dev);
6325
6326 if (minor != 0 &&
6327 zfsdev_get_soft_state(minor, ZSST_CTLDEV) == NULL)
6328 return (zvol_ioctl(dev, zcmd, iarg, flag, cr, rvalp));
6329 #endif
6330 #ifdef illumos
6331 vecnum = cmd - ZFS_IOC_FIRST;
6332 ASSERT3U(getmajor(dev), ==, ddi_driver_major(zfs_dip));
6333 #endif
6334
6335 cflag = ZFS_CMD_COMPAT_NONE;
6336 compat = B_FALSE;
6337 newioc = B_TRUE; /* "new" style (zfs_iocparm_t) ioctl */
6338 len = IOCPARM_LEN(zcmd);
6339 vecnum = cmd = zcmd & 0xff;
6340
6341 /*
6342 * Check if we are talking to supported older binaries
6343 * and translate zfs_cmd if necessary
6344 */
6345 if (len != sizeof(zfs_iocparm_t)) {
6346 newioc = B_FALSE;
6347 compat = B_TRUE;
6348
6349 vecnum = cmd;
6350
6351 switch (len) {
6352 case sizeof(zfs_cmd_zcmd_t):
6353 cflag = ZFS_CMD_COMPAT_LZC;
6354 break;
6355 case sizeof(zfs_cmd_deadman_t):
6356 cflag = ZFS_CMD_COMPAT_DEADMAN;
6357 break;
6358 case sizeof(zfs_cmd_v28_t):
6359 cflag = ZFS_CMD_COMPAT_V28;
6360 break;
6361 case sizeof(zfs_cmd_v15_t):
6362 cflag = ZFS_CMD_COMPAT_V15;
6363 vecnum = zfs_ioctl_v15_to_v28[cmd];
6364
6365 /*
6366 * Return without further handling
6367 * if the command is blacklisted.
6368 */
6369 if (vecnum == ZFS_IOC_COMPAT_PASS)
6370 return (0);
6371 else if (vecnum == ZFS_IOC_COMPAT_FAIL)
6372 return (ENOTSUP);
6373 break;
6374 default:
6375 return (EINVAL);
6376 }
6377 }
6378
6379 if (vecnum >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0]))
6380 return (SET_ERROR(EINVAL));
6381 vec = &zfs_ioc_vec[vecnum];
6382
6383 zc = kmem_zalloc(sizeof(zfs_cmd_t), KM_SLEEP);
6384
6385 #ifdef illumos
6386 error = ddi_copyin((void *)arg, zc, sizeof (zfs_cmd_t), flag);
6387 if (error != 0) {
6388 error = SET_ERROR(EFAULT);
6389 goto out;
6390 }
6391 #else /* !illumos */
6392
6393 bzero(zc, sizeof(zfs_cmd_t));
6394
6395 if (newioc) {
6396 zc_iocparm = (void *)arg;
6397
6398 switch (zc_iocparm->zfs_ioctl_version) {
6399 case ZFS_IOCVER_CURRENT:
6400 if (zc_iocparm->zfs_cmd_size != sizeof(zfs_cmd_t)) {
6401 error = SET_ERROR(EINVAL);
6402 goto out;
6403 }
6404 break;
6405 case ZFS_IOCVER_INLANES:
6406 if (zc_iocparm->zfs_cmd_size != sizeof(zfs_cmd_inlanes_t)) {
6407 error = SET_ERROR(EFAULT);
6408 goto out;
6409 }
6410 compat = B_TRUE;
6411 cflag = ZFS_CMD_COMPAT_INLANES;
6412 break;
6413 case ZFS_IOCVER_RESUME:
6414 if (zc_iocparm->zfs_cmd_size != sizeof(zfs_cmd_resume_t)) {
6415 error = SET_ERROR(EFAULT);
6416 goto out;
6417 }
6418 compat = B_TRUE;
6419 cflag = ZFS_CMD_COMPAT_RESUME;
6420 break;
6421 case ZFS_IOCVER_EDBP:
6422 if (zc_iocparm->zfs_cmd_size != sizeof(zfs_cmd_edbp_t)) {
6423 error = SET_ERROR(EFAULT);
6424 goto out;
6425 }
6426 compat = B_TRUE;
6427 cflag = ZFS_CMD_COMPAT_EDBP;
6428 break;
6429 case ZFS_IOCVER_ZCMD:
6430 if (zc_iocparm->zfs_cmd_size > sizeof(zfs_cmd_t) ||
6431 zc_iocparm->zfs_cmd_size < sizeof(zfs_cmd_zcmd_t)) {
6432 error = SET_ERROR(EFAULT);
6433 goto out;
6434 }
6435 compat = B_TRUE;
6436 cflag = ZFS_CMD_COMPAT_ZCMD;
6437 break;
6438 default:
6439 error = SET_ERROR(EINVAL);
6440 goto out;
6441 /* NOTREACHED */
6442 }
6443
6444 if (compat) {
6445 ASSERT(sizeof(zfs_cmd_t) >= zc_iocparm->zfs_cmd_size);
6446 compat_zc = kmem_zalloc(sizeof(zfs_cmd_t), KM_SLEEP);
6447 bzero(compat_zc, sizeof(zfs_cmd_t));
6448
6449 error = ddi_copyin((void *)(uintptr_t)zc_iocparm->zfs_cmd,
6450 compat_zc, zc_iocparm->zfs_cmd_size, flag);
6451 if (error != 0) {
6452 error = SET_ERROR(EFAULT);
6453 goto out;
6454 }
6455 } else {
6456 error = ddi_copyin((void *)(uintptr_t)zc_iocparm->zfs_cmd,
6457 zc, zc_iocparm->zfs_cmd_size, flag);
6458 if (error != 0) {
6459 error = SET_ERROR(EFAULT);
6460 goto out;
6461 }
6462 }
6463 } else
6464 zc_iocparm = NULL;
6465
6466 if (compat) {
6467 if (newioc) {
6468 ASSERT(compat_zc != NULL);
6469 zfs_cmd_compat_get(zc, compat_zc, cflag);
6470 } else {
6471 ASSERT(compat_zc == NULL);
6472 zfs_cmd_compat_get(zc, arg, cflag);
6473 }
6474 oldvecnum = vecnum;
6475 error = zfs_ioctl_compat_pre(zc, &vecnum, cflag);
6476 if (error != 0)
6477 goto out;
6478 if (oldvecnum != vecnum)
6479 vec = &zfs_ioc_vec[vecnum];
6480 }
6481 #endif /* !illumos */
6482
6483 zc->zc_iflags = flag & FKIOCTL;
6484 if (zc->zc_nvlist_src_size != 0) {
6485 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
6486 zc->zc_iflags, &innvl);
6487 if (error != 0)
6488 goto out;
6489 }
6490
6491 /* rewrite innvl for backwards compatibility */
6492 if (compat)
6493 innvl = zfs_ioctl_compat_innvl(zc, innvl, vecnum, cflag);
6494
6495 /*
6496 * Ensure that all pool/dataset names are valid before we pass down to
6497 * the lower layers.
6498 */
6499 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
6500 switch (vec->zvec_namecheck) {
6501 case POOL_NAME:
6502 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0)
6503 error = SET_ERROR(EINVAL);
6504 else
6505 error = pool_status_check(zc->zc_name,
6506 vec->zvec_namecheck, vec->zvec_pool_check);
6507 break;
6508
6509 case DATASET_NAME:
6510 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0)
6511 error = SET_ERROR(EINVAL);
6512 else
6513 error = pool_status_check(zc->zc_name,
6514 vec->zvec_namecheck, vec->zvec_pool_check);
6515 break;
6516
6517 case NO_NAME:
6518 break;
6519 }
6520
6521 if (error == 0)
6522 error = vec->zvec_secpolicy(zc, innvl, cr);
6523
6524 if (error != 0)
6525 goto out;
6526
6527 /* legacy ioctls can modify zc_name */
6528 len = strcspn(zc->zc_name, "/@#") + 1;
6529 saved_poolname = kmem_alloc(len, KM_SLEEP);
6530 (void) strlcpy(saved_poolname, zc->zc_name, len);
6531
6532 if (vec->zvec_func != NULL) {
6533 nvlist_t *outnvl;
6534 int puterror = 0;
6535 spa_t *spa;
6536 nvlist_t *lognv = NULL;
6537
6538 ASSERT(vec->zvec_legacy_func == NULL);
6539
6540 /*
6541 * Add the innvl to the lognv before calling the func,
6542 * in case the func changes the innvl.
6543 */
6544 if (vec->zvec_allow_log) {
6545 lognv = fnvlist_alloc();
6546 fnvlist_add_string(lognv, ZPOOL_HIST_IOCTL,
6547 vec->zvec_name);
6548 if (!nvlist_empty(innvl)) {
6549 fnvlist_add_nvlist(lognv, ZPOOL_HIST_INPUT_NVL,
6550 innvl);
6551 }
6552 }
6553
6554 outnvl = fnvlist_alloc();
6555 error = vec->zvec_func(zc->zc_name, innvl, outnvl);
6556
6557 if (error == 0 && vec->zvec_allow_log &&
6558 spa_open(zc->zc_name, &spa, FTAG) == 0) {
6559 if (!nvlist_empty(outnvl)) {
6560 fnvlist_add_nvlist(lognv, ZPOOL_HIST_OUTPUT_NVL,
6561 outnvl);
6562 }
6563 (void) spa_history_log_nvl(spa, lognv);
6564 spa_close(spa, FTAG);
6565 }
6566 fnvlist_free(lognv);
6567
6568 /* rewrite outnvl for backwards compatibility */
6569 if (compat)
6570 outnvl = zfs_ioctl_compat_outnvl(zc, outnvl, vecnum,
6571 cflag);
6572
6573 if (!nvlist_empty(outnvl) || zc->zc_nvlist_dst_size != 0) {
6574 int smusherror = 0;
6575 if (vec->zvec_smush_outnvlist) {
6576 smusherror = nvlist_smush(outnvl,
6577 zc->zc_nvlist_dst_size);
6578 }
6579 if (smusherror == 0)
6580 puterror = put_nvlist(zc, outnvl);
6581 }
6582
6583 if (puterror != 0)
6584 error = puterror;
6585
6586 nvlist_free(outnvl);
6587 } else {
6588 error = vec->zvec_legacy_func(zc);
6589 }
6590
6591 out:
6592 nvlist_free(innvl);
6593
6594 #ifdef illumos
6595 rc = ddi_copyout(zc, (void *)arg, sizeof (zfs_cmd_t), flag);
6596 if (error == 0 && rc != 0)
6597 error = SET_ERROR(EFAULT);
6598 #else
6599 if (compat) {
6600 zfs_ioctl_compat_post(zc, cmd, cflag);
6601 if (newioc) {
6602 ASSERT(compat_zc != NULL);
6603 ASSERT(sizeof(zfs_cmd_t) >= zc_iocparm->zfs_cmd_size);
6604
6605 zfs_cmd_compat_put(zc, compat_zc, vecnum, cflag);
6606 rc = ddi_copyout(compat_zc,
6607 (void *)(uintptr_t)zc_iocparm->zfs_cmd,
6608 zc_iocparm->zfs_cmd_size, flag);
6609 if (error == 0 && rc != 0)
6610 error = SET_ERROR(EFAULT);
6611 kmem_free(compat_zc, sizeof (zfs_cmd_t));
6612 } else {
6613 zfs_cmd_compat_put(zc, arg, vecnum, cflag);
6614 }
6615 } else {
6616 ASSERT(newioc);
6617
6618 rc = ddi_copyout(zc, (void *)(uintptr_t)zc_iocparm->zfs_cmd,
6619 sizeof (zfs_cmd_t), flag);
6620 if (error == 0 && rc != 0)
6621 error = SET_ERROR(EFAULT);
6622 }
6623 #endif
6624 if (error == 0 && vec->zvec_allow_log) {
6625 char *s = tsd_get(zfs_allow_log_key);
6626 if (s != NULL)
6627 strfree(s);
6628 (void) tsd_set(zfs_allow_log_key, saved_poolname);
6629 } else {
6630 if (saved_poolname != NULL)
6631 strfree(saved_poolname);
6632 }
6633
6634 kmem_free(zc, sizeof (zfs_cmd_t));
6635 return (error);
6636 }
6637
6638 static void
zfs_allow_log_destroy(void * arg)6639 zfs_allow_log_destroy(void *arg)
6640 {
6641 char *poolname = arg;
6642 strfree(poolname);
6643 }
6644
6645 #ifdef illumos
6646 static int
zfs_attach(dev_info_t * dip,ddi_attach_cmd_t cmd)6647 zfs_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
6648 {
6649 if (cmd != DDI_ATTACH)
6650 return (DDI_FAILURE);
6651
6652 if (ddi_create_minor_node(dip, "zfs", S_IFCHR, 0,
6653 DDI_PSEUDO, 0) == DDI_FAILURE)
6654 return (DDI_FAILURE);
6655
6656 zfs_dip = dip;
6657
6658 ddi_report_dev(dip);
6659
6660 return (DDI_SUCCESS);
6661 }
6662
6663 static int
zfs_detach(dev_info_t * dip,ddi_detach_cmd_t cmd)6664 zfs_detach(dev_info_t *dip, ddi_detach_cmd_t cmd)
6665 {
6666 if (spa_busy() || zfs_busy() || zvol_busy())
6667 return (DDI_FAILURE);
6668
6669 if (cmd != DDI_DETACH)
6670 return (DDI_FAILURE);
6671
6672 zfs_dip = NULL;
6673
6674 ddi_prop_remove_all(dip);
6675 ddi_remove_minor_node(dip, NULL);
6676
6677 return (DDI_SUCCESS);
6678 }
6679
6680 /*ARGSUSED*/
6681 static int
zfs_info(dev_info_t * dip,ddi_info_cmd_t infocmd,void * arg,void ** result)6682 zfs_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result)
6683 {
6684 switch (infocmd) {
6685 case DDI_INFO_DEVT2DEVINFO:
6686 *result = zfs_dip;
6687 return (DDI_SUCCESS);
6688
6689 case DDI_INFO_DEVT2INSTANCE:
6690 *result = (void *)0;
6691 return (DDI_SUCCESS);
6692 }
6693
6694 return (DDI_FAILURE);
6695 }
6696
6697 /*
6698 * OK, so this is a little weird.
6699 *
6700 * /dev/zfs is the control node, i.e. minor 0.
6701 * /dev/zvol/[r]dsk/pool/dataset are the zvols, minor > 0.
6702 *
6703 * /dev/zfs has basically nothing to do except serve up ioctls,
6704 * so most of the standard driver entry points are in zvol.c.
6705 */
6706 static struct cb_ops zfs_cb_ops = {
6707 zfsdev_open, /* open */
6708 zfsdev_close, /* close */
6709 zvol_strategy, /* strategy */
6710 nodev, /* print */
6711 zvol_dump, /* dump */
6712 zvol_read, /* read */
6713 zvol_write, /* write */
6714 zfsdev_ioctl, /* ioctl */
6715 nodev, /* devmap */
6716 nodev, /* mmap */
6717 nodev, /* segmap */
6718 nochpoll, /* poll */
6719 ddi_prop_op, /* prop_op */
6720 NULL, /* streamtab */
6721 D_NEW | D_MP | D_64BIT, /* Driver compatibility flag */
6722 CB_REV, /* version */
6723 nodev, /* async read */
6724 nodev, /* async write */
6725 };
6726
6727 static struct dev_ops zfs_dev_ops = {
6728 DEVO_REV, /* version */
6729 0, /* refcnt */
6730 zfs_info, /* info */
6731 nulldev, /* identify */
6732 nulldev, /* probe */
6733 zfs_attach, /* attach */
6734 zfs_detach, /* detach */
6735 nodev, /* reset */
6736 &zfs_cb_ops, /* driver operations */
6737 NULL, /* no bus operations */
6738 NULL, /* power */
6739 ddi_quiesce_not_needed, /* quiesce */
6740 };
6741
6742 static struct modldrv zfs_modldrv = {
6743 &mod_driverops,
6744 "ZFS storage pool",
6745 &zfs_dev_ops
6746 };
6747
6748 static struct modlinkage modlinkage = {
6749 MODREV_1,
6750 (void *)&zfs_modlfs,
6751 (void *)&zfs_modldrv,
6752 NULL
6753 };
6754
6755 int
_init(void)6756 _init(void)
6757 {
6758 int error;
6759
6760 spa_init(FREAD | FWRITE);
6761 zfs_init();
6762 zvol_init();
6763 zfs_ioctl_init();
6764
6765 if ((error = mod_install(&modlinkage)) != 0) {
6766 zvol_fini();
6767 zfs_fini();
6768 spa_fini();
6769 return (error);
6770 }
6771
6772 tsd_create(&zfs_fsyncer_key, NULL);
6773 tsd_create(&zfs_putpages_key, NULL);
6774 tsd_create(&rrw_tsd_key, rrw_tsd_destroy);
6775 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy);
6776
6777 error = ldi_ident_from_mod(&modlinkage, &zfs_li);
6778 ASSERT(error == 0);
6779 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL);
6780
6781 return (0);
6782 }
6783
6784 int
_fini(void)6785 _fini(void)
6786 {
6787 int error;
6788
6789 if (spa_busy() || zfs_busy() || zvol_busy() || zio_injection_enabled)
6790 return (SET_ERROR(EBUSY));
6791
6792 if ((error = mod_remove(&modlinkage)) != 0)
6793 return (error);
6794
6795 zvol_fini();
6796 zfs_fini();
6797 spa_fini();
6798 if (zfs_nfsshare_inited)
6799 (void) ddi_modclose(nfs_mod);
6800 if (zfs_smbshare_inited)
6801 (void) ddi_modclose(smbsrv_mod);
6802 if (zfs_nfsshare_inited || zfs_smbshare_inited)
6803 (void) ddi_modclose(sharefs_mod);
6804
6805 tsd_destroy(&zfs_fsyncer_key);
6806 ldi_ident_release(zfs_li);
6807 zfs_li = NULL;
6808 mutex_destroy(&zfs_share_lock);
6809
6810 return (error);
6811 }
6812
6813 int
_info(struct modinfo * modinfop)6814 _info(struct modinfo *modinfop)
6815 {
6816 return (mod_info(&modlinkage, modinfop));
6817 }
6818 #endif /* illumos */
6819
6820 #ifdef __FreeBSD__
6821 static struct cdevsw zfs_cdevsw = {
6822 .d_version = D_VERSION,
6823 .d_open = zfsdev_open,
6824 .d_ioctl = zfsdev_ioctl,
6825 .d_name = ZFS_DEV_NAME
6826 };
6827
6828 static void
zfsdev_init(void)6829 zfsdev_init(void)
6830 {
6831 zfsdev = make_dev(&zfs_cdevsw, 0x0, UID_ROOT, GID_OPERATOR, 0666,
6832 ZFS_DEV_NAME);
6833 }
6834
6835 static void
zfsdev_fini(void)6836 zfsdev_fini(void)
6837 {
6838 if (zfsdev != NULL)
6839 destroy_dev(zfsdev);
6840 }
6841
6842 static struct root_hold_token *zfs_root_token;
6843 struct proc *zfsproc;
6844
6845 static int zfs__init(void);
6846 static int zfs__fini(void);
6847 static void zfs_shutdown(void *, int);
6848
6849 static eventhandler_tag zfs_shutdown_event_tag;
6850
6851 #define ZFS_MIN_KSTACK_PAGES 4
6852
6853 int
zfs__init(void)6854 zfs__init(void)
6855 {
6856
6857 #if KSTACK_PAGES < ZFS_MIN_KSTACK_PAGES
6858 printf("ZFS NOTICE: KSTACK_PAGES is %d which could result in stack "
6859 "overflow panic!\nPlease consider adding "
6860 "'options KSTACK_PAGES=%d' to your kernel config\n", KSTACK_PAGES,
6861 ZFS_MIN_KSTACK_PAGES);
6862 #endif
6863 zfs_root_token = root_mount_hold("ZFS");
6864
6865 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL);
6866
6867 spa_init(FREAD | FWRITE);
6868 zfs_init();
6869 zvol_init();
6870 zfs_ioctl_init();
6871
6872 tsd_create(&zfs_fsyncer_key, NULL);
6873 tsd_create(&rrw_tsd_key, rrw_tsd_destroy);
6874 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy);
6875 tsd_create(&zfs_geom_probe_vdev_key, NULL);
6876
6877 printf("ZFS storage pool version: features support (" SPA_VERSION_STRING ")\n");
6878 root_mount_rel(zfs_root_token);
6879
6880 zfsdev_init();
6881
6882 return (0);
6883 }
6884
6885 int
zfs__fini(void)6886 zfs__fini(void)
6887 {
6888 if (spa_busy() || zfs_busy() || zvol_busy() ||
6889 zio_injection_enabled) {
6890 return (EBUSY);
6891 }
6892
6893 zfsdev_fini();
6894 zvol_fini();
6895 zfs_fini();
6896 spa_fini();
6897
6898 tsd_destroy(&zfs_fsyncer_key);
6899 tsd_destroy(&rrw_tsd_key);
6900 tsd_destroy(&zfs_allow_log_key);
6901
6902 mutex_destroy(&zfs_share_lock);
6903
6904 return (0);
6905 }
6906
6907 static void
zfs_shutdown(void * arg __unused,int howto __unused)6908 zfs_shutdown(void *arg __unused, int howto __unused)
6909 {
6910
6911 /*
6912 * ZFS fini routines can not properly work in a panic-ed system.
6913 */
6914 if (panicstr == NULL)
6915 (void)zfs__fini();
6916 }
6917
6918
6919 static int
zfs_modevent(module_t mod,int type,void * unused __unused)6920 zfs_modevent(module_t mod, int type, void *unused __unused)
6921 {
6922 int err;
6923
6924 switch (type) {
6925 case MOD_LOAD:
6926 err = zfs__init();
6927 if (err == 0)
6928 zfs_shutdown_event_tag = EVENTHANDLER_REGISTER(
6929 shutdown_post_sync, zfs_shutdown, NULL,
6930 SHUTDOWN_PRI_FIRST);
6931 return (err);
6932 case MOD_UNLOAD:
6933 err = zfs__fini();
6934 if (err == 0 && zfs_shutdown_event_tag != NULL)
6935 EVENTHANDLER_DEREGISTER(shutdown_post_sync,
6936 zfs_shutdown_event_tag);
6937 return (err);
6938 case MOD_SHUTDOWN:
6939 return (0);
6940 default:
6941 break;
6942 }
6943 return (EOPNOTSUPP);
6944 }
6945
6946 static moduledata_t zfs_mod = {
6947 "zfsctrl",
6948 zfs_modevent,
6949 0
6950 };
6951 DECLARE_MODULE(zfsctrl, zfs_mod, SI_SUB_VFS, SI_ORDER_ANY);
6952 MODULE_VERSION(zfsctrl, 1);
6953 MODULE_DEPEND(zfsctrl, opensolaris, 1, 1, 1);
6954 MODULE_DEPEND(zfsctrl, krpc, 1, 1, 1);
6955 MODULE_DEPEND(zfsctrl, acl_nfs4, 1, 1, 1);
6956
6957 #endif /* __FreeBSD__ */
6958
6959 #ifdef __NetBSD__
6960
6961 #include <sys/module.h>
6962 #include <uvm/uvm_extern.h>
6963
6964 MODULE(MODULE_CLASS_VFS, zfs, "solaris");
6965
6966 static const struct fileops zfs_fileops;
6967
6968 static int
nb_zfsdev_fioctl(struct file * fp,u_long cmd,void * argp)6969 nb_zfsdev_fioctl(struct file *fp, u_long cmd, void *argp)
6970 {
6971 dev_t dev = (dev_t)(uintptr_t)fp->f_data;
6972 int rval;
6973
6974 return zfsdev_ioctl(dev, cmd, (intptr_t)argp, fp->f_flag,
6975 kauth_cred_get(), &rval);
6976 }
6977
6978 static int
nb_zfsdev_fclose(struct file * fp)6979 nb_zfsdev_fclose(struct file *fp)
6980 {
6981 dev_t dev = (dev_t)(uintptr_t)fp->f_data;
6982 int error;
6983
6984 return zfsdev_close(dev, fp->f_flag, OTYPCHR, fp->f_cred);
6985 }
6986
6987 static int
nb_zfsdev_copen(dev_t dev,int flag,int mode,lwp_t * l)6988 nb_zfsdev_copen(dev_t dev, int flag, int mode, lwp_t *l)
6989 {
6990 const bool must_clone = (getminor(dev) == 0 && (flag & FEXCL) != 0);
6991 struct file *fp;
6992 int error, fd;
6993
6994 if (must_clone) {
6995 error = fd_allocfile(&fp, &fd);
6996 if (error)
6997 return error;
6998 }
6999
7000 error = zfsdev_open(&dev, flag, OTYPCHR, kauth_cred_get());
7001
7002 if (must_clone) {
7003 if (error) {
7004 fd_abort(curproc, fp, fd);
7005 return error;
7006 }
7007 return fd_clone(fp, fd, flag, &zfs_fileops,
7008 (void *)(uintptr_t)dev);
7009 }
7010
7011 return error;
7012 }
7013
7014 static int
nb_zfsdev_cclose(dev_t dev,int flag,int mode,lwp_t * l)7015 nb_zfsdev_cclose(dev_t dev, int flag, int mode, lwp_t *l)
7016 {
7017
7018 return zfsdev_close(dev, flag, OTYPCHR, kauth_cred_get());
7019 }
7020
7021 static int
nb_zfsdev_bopen(dev_t dev,int flag,int mode,lwp_t * l)7022 nb_zfsdev_bopen(dev_t dev, int flag, int mode, lwp_t *l)
7023 {
7024
7025 return zfsdev_open(&dev, flag, OTYPBLK, kauth_cred_get());
7026 }
7027
7028 static int
nb_zfsdev_bclose(dev_t dev,int flag,int mode,lwp_t * l)7029 nb_zfsdev_bclose(dev_t dev, int flag, int mode, lwp_t *l)
7030 {
7031
7032 return zfsdev_close(dev, flag, OTYPBLK, kauth_cred_get());
7033 }
7034
7035 static int
nb_zvol_read(dev_t dev,struct uio * uio,int flag)7036 nb_zvol_read(dev_t dev, struct uio *uio, int flag)
7037 {
7038
7039 return zvol_read(dev, uio, kauth_cred_get());
7040 }
7041
7042 static int
nb_zvol_write(dev_t dev,struct uio * uio,int flag)7043 nb_zvol_write(dev_t dev, struct uio *uio, int flag)
7044 {
7045
7046 return zvol_write(dev, uio, kauth_cred_get());
7047 }
7048
7049 static int
nb_zfsdev_ioctl(dev_t dev,u_long cmd,void * argp,int flag,lwp_t * l)7050 nb_zfsdev_ioctl(dev_t dev, u_long cmd, void *argp, int flag, lwp_t *l)
7051 {
7052 int rval;
7053
7054 return zfsdev_ioctl(dev, cmd, (intptr_t)argp, flag, kauth_cred_get(),
7055 &rval);
7056 }
7057
7058 static void
nb_zvol_strategy(struct buf * bp)7059 nb_zvol_strategy(struct buf *bp)
7060 {
7061
7062 (void) zvol_strategy(bp);
7063 }
7064
7065 static const struct fileops zfs_fileops = {
7066 .fo_name = "zfs",
7067 .fo_read = fbadop_read,
7068 .fo_write = fbadop_write,
7069 .fo_ioctl = nb_zfsdev_fioctl,
7070 .fo_fcntl = fnullop_fcntl,
7071 .fo_poll = fnullop_poll,
7072 .fo_stat = fbadop_stat,
7073 .fo_close = nb_zfsdev_fclose,
7074 .fo_kqfilter = fnullop_kqfilter,
7075 .fo_restart = fnullop_restart,
7076 };
7077
7078 const struct bdevsw zfs_bdevsw = {
7079 .d_open = nb_zfsdev_bopen,
7080 .d_close = nb_zfsdev_bclose,
7081 .d_strategy = nb_zvol_strategy,
7082 .d_ioctl = nb_zfsdev_ioctl,
7083 .d_dump = nodump,
7084 .d_psize = nosize,
7085 .d_flag = D_DISK | D_MPSAFE
7086 };
7087
7088 const struct cdevsw zfs_cdevsw = {
7089 .d_open = nb_zfsdev_copen,
7090 .d_close = nb_zfsdev_cclose,
7091 .d_read = nb_zvol_read,
7092 .d_write = nb_zvol_write,
7093 .d_ioctl = nb_zfsdev_ioctl,
7094 .d_stop = nostop,
7095 .d_tty = notty,
7096 .d_poll = nopoll,
7097 .d_mmap = nommap,
7098 .d_kqfilter = nokqfilter,
7099 .d_flag = D_DISK | D_MPSAFE
7100 };
7101
7102 /* ZFS should only be used on systems with enough memory. */
7103 #define ZFS_MIN_MEGS 512
7104
7105 static int zfs_version_ioctl = ZFS_IOCVER_CURRENT;
7106 static int zfs_version_spa = SPA_VERSION;
7107 static struct sysctllog *zfs_sysctl_log;
7108
7109 static void
zfs_sysctl_init(void)7110 zfs_sysctl_init(void)
7111 {
7112 const struct sysctlnode *rnode;
7113
7114 sysctl_createv(&zfs_sysctl_log, 0, NULL, &rnode,
7115 CTLFLAG_PERMANENT,
7116 CTLTYPE_NODE, "zfs",
7117 SYSCTL_DESCR("zfs"),
7118 NULL, 0, NULL, 0,
7119 CTL_VFS, CTL_CREATE, CTL_EOL);
7120
7121 sysctl_createv(&zfs_sysctl_log, 0, &rnode, &rnode,
7122 CTLFLAG_PERMANENT,
7123 CTLTYPE_NODE, "version",
7124 SYSCTL_DESCR("version"),
7125 NULL, 0, NULL, 0,
7126 CTL_CREATE, CTL_EOL);
7127
7128 sysctl_createv(&zfs_sysctl_log, 0, &rnode, NULL,
7129 CTLFLAG_PERMANENT|CTLFLAG_READONLY,
7130 CTLTYPE_INT, "ioctl",
7131 SYSCTL_DESCR("ZFS ioctl version"),
7132 NULL, 0, &zfs_version_ioctl, 0,
7133 CTL_CREATE, CTL_EOL);
7134
7135 sysctl_createv(&zfs_sysctl_log, 0, &rnode, NULL,
7136 CTLFLAG_PERMANENT|CTLFLAG_READONLY,
7137 CTLTYPE_INT, "spa",
7138 SYSCTL_DESCR("ZFS SPA version"),
7139 NULL, 0, &zfs_version_spa, 0,
7140 CTL_CREATE, CTL_EOL);
7141 }
7142
7143 static void
zfs_sysctl_fini(void)7144 zfs_sysctl_fini(void)
7145 {
7146
7147 sysctl_teardown(&zfs_sysctl_log);
7148 }
7149
7150
7151 static void
zfs_loadvnode_destroy(void * arg)7152 zfs_loadvnode_destroy(void *arg)
7153 {
7154
7155 if (arg != NULL)
7156 panic("thread exiting with TSD loadvnode data %p", arg);
7157 }
7158
7159 static int
zfs_modcmd(modcmd_t cmd,void * arg)7160 zfs_modcmd(modcmd_t cmd, void *arg)
7161 {
7162 int error;
7163 int active, inactive;
7164 uint64_t availrmem;
7165
7166 extern struct vfsops zfs_vfsops;
7167 extern uint_t zfs_putpage_key;
7168
7169 switch (cmd) {
7170 case MODULE_CMD_INIT:
7171 /* XXXNETBSD trim is not supported yet */
7172 zfs_trim_enabled = B_FALSE;
7173
7174 availrmem = (uint64_t)physmem * PAGE_SIZE / 1048576;
7175 if (availrmem < ZFS_MIN_MEGS * 80 / 100) {
7176 printf("ERROR: at least %dMB of memory required to "
7177 "use ZFS\n", ZFS_MIN_MEGS);
7178 return ENOMEM;
7179 }
7180 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL);
7181 mutex_init(&zfs_debug_mtx, NULL, MUTEX_DEFAULT, NULL);
7182
7183 tsd_create(&zfs_fsyncer_key, NULL);
7184 tsd_create(&rrw_tsd_key, rrw_tsd_destroy);
7185 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy);
7186 tsd_create(&zfs_putpage_key, NULL);
7187
7188 spa_init(FREAD | FWRITE);
7189 zfs_init();
7190 zvol_init();
7191 zfs_ioctl_init();
7192 zfs_sysctl_init();
7193
7194 error = devsw_attach("zfs", &zfs_bdevsw, &zfs_dip->di_bmajor,
7195 &zfs_cdevsw, &zfs_dip->di_cmajor);
7196 if (error != 0) {
7197 goto attacherr;
7198 }
7199 (void) vfs_attach(&zfs_vfsops);
7200 return error;
7201
7202 case MODULE_CMD_FINI:
7203 if (spa_busy() || zfs_busy() || zvol_busy() ||
7204 zio_injection_enabled)
7205 return EBUSY;
7206
7207 error = vfs_detach(&zfs_vfsops);
7208 if (error)
7209 return error;
7210
7211 devsw_detach(&zfs_bdevsw, &zfs_cdevsw);
7212
7213 attacherr:
7214 zfs_sysctl_fini();
7215 zvol_fini();
7216 zfs_fini();
7217 spa_fini();
7218
7219 tsd_destroy(&zfs_putpage_key);
7220 tsd_destroy(&zfs_fsyncer_key);
7221 tsd_destroy(&rrw_tsd_key);
7222 tsd_destroy(&zfs_allow_log_key);
7223
7224 mutex_destroy(&zfs_debug_mtx);
7225 mutex_destroy(&zfs_share_lock);
7226
7227 return error;
7228
7229 case MODULE_CMD_AUTOUNLOAD:
7230 /*
7231 * We don't want to be autounloaded because unlike
7232 * other subsystems, we read our own configuration
7233 * from disk and provide things that might be used
7234 * later (zvols).
7235 */
7236 return EBUSY;
7237
7238 default:
7239 return ENOTTY;
7240 }
7241 }
7242
7243 #endif /* __NetBSD__ */
7244