1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. 24 * Copyright (c) 2011-2012 Pawel Jakub Dawidek. All rights reserved. 25 * Copyright 2013 Martin Matuska <mm (at) FreeBSD.org>. All rights reserved. 26 * Copyright 2014 Xin Li <delphij (at) FreeBSD.org>. All rights reserved. 27 * Copyright 2015, OmniTI Computer Consulting, Inc. All rights reserved. 28 * Copyright 2015 Nexenta Systems, Inc. All rights reserved. 29 * Copyright (c) 2014, 2016 Joyent, Inc. All rights reserved. 30 * Copyright (c) 2011, 2015 by Delphix. All rights reserved. 31 * Copyright (c) 2013 by Saso Kiselkov. All rights reserved. 32 * Copyright (c) 2013 Steven Hartland. All rights reserved. 33 * Copyright (c) 2014 Integros [integros.com] 34 * Copyright 2016 Toomas Soome <tsoome (at) me.com> 35 */ 36 37 /* 38 * ZFS ioctls. 39 * 40 * This file handles the ioctls to /dev/zfs, used for configuring ZFS storage 41 * pools and filesystems, e.g. with /sbin/zfs and /sbin/zpool. 42 * 43 * There are two ways that we handle ioctls: the legacy way where almost 44 * all of the logic is in the ioctl callback, and the new way where most 45 * of the marshalling is handled in the common entry point, zfsdev_ioctl(). 46 * 47 * Non-legacy ioctls should be registered by calling 48 * zfs_ioctl_register() from zfs_ioctl_init(). The ioctl is invoked 49 * from userland by lzc_ioctl(). 50 * 51 * The registration arguments are as follows: 52 * 53 * const char *name 54 * The name of the ioctl. This is used for history logging. If the 55 * ioctl returns successfully (the callback returns 0), and allow_log 56 * is true, then a history log entry will be recorded with the input & 57 * output nvlists. The log entry can be printed with "zpool history -i". 58 * 59 * zfs_ioc_t ioc 60 * The ioctl request number, which userland will pass to ioctl(2). 61 * The ioctl numbers can change from release to release, because 62 * the caller (libzfs) must be matched to the kernel. 63 * 64 * zfs_secpolicy_func_t *secpolicy 65 * This function will be called before the zfs_ioc_func_t, to 66 * determine if this operation is permitted. It should return EPERM 67 * on failure, and 0 on success. Checks include determining if the 68 * dataset is visible in this zone, and if the user has either all 69 * zfs privileges in the zone (SYS_MOUNT), or has been granted permission 70 * to do this operation on this dataset with "zfs allow". 71 * 72 * zfs_ioc_namecheck_t namecheck 73 * This specifies what to expect in the zfs_cmd_t:zc_name -- a pool 74 * name, a dataset name, or nothing. If the name is not well-formed, 75 * the ioctl will fail and the callback will not be called. 76 * Therefore, the callback can assume that the name is well-formed 77 * (e.g. is null-terminated, doesn't have more than one '@' character, 78 * doesn't have invalid characters). 79 * 80 * zfs_ioc_poolcheck_t pool_check 81 * This specifies requirements on the pool state. If the pool does 82 * not meet them (is suspended or is readonly), the ioctl will fail 83 * and the callback will not be called. If any checks are specified 84 * (i.e. it is not POOL_CHECK_NONE), namecheck must not be NO_NAME. 85 * Multiple checks can be or-ed together (e.g. POOL_CHECK_SUSPENDED | 86 * POOL_CHECK_READONLY). 87 * 88 * boolean_t smush_outnvlist 89 * If smush_outnvlist is true, then the output is presumed to be a 90 * list of errors, and it will be "smushed" down to fit into the 91 * caller's buffer, by removing some entries and replacing them with a 92 * single "N_MORE_ERRORS" entry indicating how many were removed. See 93 * nvlist_smush() for details. If smush_outnvlist is false, and the 94 * outnvlist does not fit into the userland-provided buffer, then the 95 * ioctl will fail with ENOMEM. 96 * 97 * zfs_ioc_func_t *func 98 * The callback function that will perform the operation. 99 * 100 * The callback should return 0 on success, or an error number on 101 * failure. If the function fails, the userland ioctl will return -1, 102 * and errno will be set to the callback's return value. The callback 103 * will be called with the following arguments: 104 * 105 * const char *name 106 * The name of the pool or dataset to operate on, from 107 * zfs_cmd_t:zc_name. The 'namecheck' argument specifies the 108 * expected type (pool, dataset, or none). 109 * 110 * nvlist_t *innvl 111 * The input nvlist, deserialized from zfs_cmd_t:zc_nvlist_src. Or 112 * NULL if no input nvlist was provided. Changes to this nvlist are 113 * ignored. If the input nvlist could not be deserialized, the 114 * ioctl will fail and the callback will not be called. 115 * 116 * nvlist_t *outnvl 117 * The output nvlist, initially empty. The callback can fill it in, 118 * and it will be returned to userland by serializing it into 119 * zfs_cmd_t:zc_nvlist_dst. If it is non-empty, and serialization 120 * fails (e.g. because the caller didn't supply a large enough 121 * buffer), then the overall ioctl will fail. See the 122 * 'smush_nvlist' argument above for additional behaviors. 123 * 124 * There are two typical uses of the output nvlist: 125 * - To return state, e.g. property values. In this case, 126 * smush_outnvlist should be false. If the buffer was not large 127 * enough, the caller will reallocate a larger buffer and try 128 * the ioctl again. 129 * 130 * - To return multiple errors from an ioctl which makes on-disk 131 * changes. In this case, smush_outnvlist should be true. 132 * Ioctls which make on-disk modifications should generally not 133 * use the outnvl if they succeed, because the caller can not 134 * distinguish between the operation failing, and 135 * deserialization failing. 136 */ 137 #ifdef __FreeBSD__ 138 #include "opt_kstack_pages.h" 139 #endif 140 141 #include <sys/types.h> 142 #include <sys/param.h> 143 #include <sys/systm.h> 144 #include <sys/open.h> 145 #include <sys/conf.h> 146 #include <sys/kernel.h> 147 #include <sys/lock.h> 148 #include <sys/malloc.h> 149 #include <sys/mutex.h> 150 #include <sys/proc.h> 151 #include <sys/errno.h> 152 #include <sys/uio.h> 153 #include <sys/buf.h> 154 #include <sys/file.h> 155 #include <sys/kmem.h> 156 #include <sys/conf.h> 157 #include <sys/cmn_err.h> 158 #include <sys/stat.h> 159 #include <sys/zfs_ioctl.h> 160 #include <sys/zfs_vfsops.h> 161 #include <sys/zfs_znode.h> 162 #include <sys/zap.h> 163 #include <sys/spa.h> 164 #include <sys/spa_impl.h> 165 #include <sys/vdev.h> 166 #include <sys/dmu.h> 167 #include <sys/dsl_dir.h> 168 #include <sys/dsl_dataset.h> 169 #include <sys/dsl_prop.h> 170 #include <sys/dsl_deleg.h> 171 #include <sys/dmu_objset.h> 172 #include <sys/dmu_impl.h> 173 #include <sys/dmu_tx.h> 174 #include <sys/sunddi.h> 175 #include <sys/policy.h> 176 #include <sys/zone.h> 177 #include <sys/nvpair.h> 178 #include <sys/mount.h> 179 #ifdef __FreeBSD__ 180 #include <sys/taskqueue.h> 181 #endif 182 #ifdef __NetBSD__ 183 #include <sys/callb.h> 184 #include <sys/taskq.h> 185 #endif 186 #include <sys/sdt.h> 187 #include <sys/varargs.h> 188 #include <sys/fs/zfs.h> 189 #include <sys/zfs_ctldir.h> 190 #include <sys/zfs_dir.h> 191 #include <sys/zfs_onexit.h> 192 #include <sys/zvol.h> 193 #include <sys/dsl_scan.h> 194 #include <sys/dmu_objset.h> 195 #include <sys/dmu_send.h> 196 #include <sys/dsl_destroy.h> 197 #include <sys/dsl_bookmark.h> 198 #include <sys/dsl_userhold.h> 199 #include <sys/zfeature.h> 200 #include <sys/zio_checksum.h> 201 202 #include "zfs_namecheck.h" 203 #include "zfs_prop.h" 204 #include "zfs_deleg.h" 205 #include "zfs_comutil.h" 206 #include "zfs_ioctl_compat.h" 207 208 #ifdef __FreeBSD__ 209 CTASSERT(sizeof(zfs_cmd_t) < IOCPARM_MAX); 210 static struct cdev *zfsdev; 211 #endif 212 213 #ifdef __NetBSD__ 214 static dev_info_t __zfs_devinfo = { -1, -1 }; 215 dev_info_t *zfs_dip = &__zfs_devinfo; 216 217 #define zfs_init() /* nothing */ 218 #define zfs_fini() /* nothing */ 219 220 #define vfs_busy(x, y) vfs_busy(x) 221 #define vfs_rel(x) vfs_rele(x) 222 #endif 223 224 extern uint_t rrw_tsd_key; 225 static uint_t zfs_allow_log_key; 226 extern uint_t zfs_geom_probe_vdev_key; 227 228 typedef int zfs_ioc_legacy_func_t(zfs_cmd_t *); 229 typedef int zfs_ioc_func_t(const char *, nvlist_t *, nvlist_t *); 230 typedef int zfs_secpolicy_func_t(zfs_cmd_t *, nvlist_t *, cred_t *); 231 232 typedef enum { 233 NO_NAME, 234 POOL_NAME, 235 DATASET_NAME 236 } zfs_ioc_namecheck_t; 237 238 typedef enum { 239 POOL_CHECK_NONE = 1 << 0, 240 POOL_CHECK_SUSPENDED = 1 << 1, 241 POOL_CHECK_READONLY = 1 << 2, 242 } zfs_ioc_poolcheck_t; 243 244 typedef struct zfs_ioc_vec { 245 zfs_ioc_legacy_func_t *zvec_legacy_func; 246 zfs_ioc_func_t *zvec_func; 247 zfs_secpolicy_func_t *zvec_secpolicy; 248 zfs_ioc_namecheck_t zvec_namecheck; 249 boolean_t zvec_allow_log; 250 zfs_ioc_poolcheck_t zvec_pool_check; 251 boolean_t zvec_smush_outnvlist; 252 const char *zvec_name; 253 } zfs_ioc_vec_t; 254 255 /* This array is indexed by zfs_userquota_prop_t */ 256 static const char *userquota_perms[] = { 257 ZFS_DELEG_PERM_USERUSED, 258 ZFS_DELEG_PERM_USERQUOTA, 259 ZFS_DELEG_PERM_GROUPUSED, 260 ZFS_DELEG_PERM_GROUPQUOTA, 261 }; 262 263 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc); 264 static int zfs_check_settable(const char *name, nvpair_t *property, 265 cred_t *cr); 266 static int zfs_check_clearable(char *dataset, nvlist_t *props, 267 nvlist_t **errors); 268 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *, 269 boolean_t *); 270 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t *); 271 static int get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp); 272 273 #ifdef __FreeBSD__ 274 static void zfsdev_close(void *data); 275 #endif 276 277 static int zfs_prop_activate_feature(spa_t *spa, spa_feature_t feature); 278 279 /* _NOTE(PRINTFLIKE(4)) - this is printf-like, but lint is too whiney */ 280 void 281 __dprintf(const char *file, const char *func, int line, const char *fmt, ...) 282 { 283 const char *newfile; 284 char buf[512]; 285 va_list adx; 286 287 /* 288 * Get rid of annoying "../common/" prefix to filename. 289 */ 290 newfile = strrchr(file, '/'); 291 if (newfile != NULL) { 292 newfile = newfile + 1; /* Get rid of leading / */ 293 } else { 294 newfile = file; 295 } 296 297 va_start(adx, fmt); 298 (void) vsnprintf(buf, sizeof (buf), fmt, adx); 299 va_end(adx); 300 301 /* 302 * To get this data, use the zfs-dprintf probe as so: 303 * dtrace -q -n 'zfs-dprintf \ 304 * /stringof(arg0) == "dbuf.c"/ \ 305 * {printf("%s: %s", stringof(arg1), stringof(arg3))}' 306 * arg0 = file name 307 * arg1 = function name 308 * arg2 = line number 309 * arg3 = message 310 */ 311 DTRACE_PROBE4(zfs__dprintf, 312 char *, newfile, char *, func, int, line, char *, buf); 313 } 314 315 static void 316 history_str_free(char *buf) 317 { 318 kmem_free(buf, HIS_MAX_RECORD_LEN); 319 } 320 321 static char * 322 history_str_get(zfs_cmd_t *zc) 323 { 324 char *buf; 325 326 if (zc->zc_history == 0) 327 return (NULL); 328 329 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP); 330 if (copyinstr((void *)(uintptr_t)zc->zc_history, 331 buf, HIS_MAX_RECORD_LEN, NULL) != 0) { 332 history_str_free(buf); 333 return (NULL); 334 } 335 336 buf[HIS_MAX_RECORD_LEN -1] = '\0'; 337 338 return (buf); 339 } 340 341 /* 342 * Check to see if the named dataset is currently defined as bootable 343 */ 344 static boolean_t 345 zfs_is_bootfs(const char *name) 346 { 347 objset_t *os; 348 349 if (dmu_objset_hold(name, FTAG, &os) == 0) { 350 boolean_t ret; 351 ret = (dmu_objset_id(os) == spa_bootfs(dmu_objset_spa(os))); 352 dmu_objset_rele(os, FTAG); 353 return (ret); 354 } 355 return (B_FALSE); 356 } 357 358 /* 359 * Return non-zero if the spa version is less than requested version. 360 */ 361 static int 362 zfs_earlier_version(const char *name, int version) 363 { 364 spa_t *spa; 365 366 if (spa_open(name, &spa, FTAG) == 0) { 367 if (spa_version(spa) < version) { 368 spa_close(spa, FTAG); 369 return (1); 370 } 371 spa_close(spa, FTAG); 372 } 373 return (0); 374 } 375 376 /* 377 * Return TRUE if the ZPL version is less than requested version. 378 */ 379 static boolean_t 380 zpl_earlier_version(const char *name, int version) 381 { 382 objset_t *os; 383 boolean_t rc = B_TRUE; 384 385 if (dmu_objset_hold(name, FTAG, &os) == 0) { 386 uint64_t zplversion; 387 388 if (dmu_objset_type(os) != DMU_OST_ZFS) { 389 dmu_objset_rele(os, FTAG); 390 return (B_TRUE); 391 } 392 /* XXX reading from non-owned objset */ 393 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0) 394 rc = zplversion < version; 395 dmu_objset_rele(os, FTAG); 396 } 397 return (rc); 398 } 399 400 static void 401 zfs_log_history(zfs_cmd_t *zc) 402 { 403 spa_t *spa; 404 char *buf; 405 406 if ((buf = history_str_get(zc)) == NULL) 407 return; 408 409 if (spa_open(zc->zc_name, &spa, FTAG) == 0) { 410 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY) 411 (void) spa_history_log(spa, buf); 412 spa_close(spa, FTAG); 413 } 414 history_str_free(buf); 415 } 416 417 /* 418 * Policy for top-level read operations (list pools). Requires no privileges, 419 * and can be used in the local zone, as there is no associated dataset. 420 */ 421 /* ARGSUSED */ 422 static int 423 zfs_secpolicy_none(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 424 { 425 return (0); 426 } 427 428 /* 429 * Policy for dataset read operations (list children, get statistics). Requires 430 * no privileges, but must be visible in the local zone. 431 */ 432 /* ARGSUSED */ 433 static int 434 zfs_secpolicy_read(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 435 { 436 if (INGLOBALZONE(curthread) || 437 zone_dataset_visible(zc->zc_name, NULL)) 438 return (0); 439 440 return (SET_ERROR(ENOENT)); 441 } 442 443 static int 444 zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr) 445 { 446 int writable = 1; 447 448 /* 449 * The dataset must be visible by this zone -- check this first 450 * so they don't see EPERM on something they shouldn't know about. 451 */ 452 if (!INGLOBALZONE(curthread) && 453 !zone_dataset_visible(dataset, &writable)) 454 return (SET_ERROR(ENOENT)); 455 456 if (INGLOBALZONE(curthread)) { 457 /* 458 * If the fs is zoned, only root can access it from the 459 * global zone. 460 */ 461 if (secpolicy_zfs(cr) && zoned) 462 return (SET_ERROR(EPERM)); 463 } else { 464 /* 465 * If we are in a local zone, the 'zoned' property must be set. 466 */ 467 if (!zoned) 468 return (SET_ERROR(EPERM)); 469 470 /* must be writable by this zone */ 471 if (!writable) 472 return (SET_ERROR(EPERM)); 473 } 474 return (0); 475 } 476 477 static int 478 zfs_dozonecheck(const char *dataset, cred_t *cr) 479 { 480 uint64_t zoned; 481 482 #ifdef __NetBSD__ 483 zoned = 0; 484 #else 485 if (dsl_prop_get_integer(dataset, "jailed", &zoned, NULL)) 486 return (SET_ERROR(ENOENT)); 487 #endif 488 489 return (zfs_dozonecheck_impl(dataset, zoned, cr)); 490 } 491 492 static int 493 zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr) 494 { 495 uint64_t zoned; 496 497 #ifdef __NetBSD__ 498 zoned = 0; 499 #else 500 if (dsl_prop_get_int_ds(ds, "jailed", &zoned)) 501 return (SET_ERROR(ENOENT)); 502 #endif 503 504 return (zfs_dozonecheck_impl(dataset, zoned, cr)); 505 } 506 507 static int 508 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds, 509 const char *perm, cred_t *cr) 510 { 511 int error; 512 513 error = zfs_dozonecheck_ds(name, ds, cr); 514 if (error == 0) { 515 error = secpolicy_zfs(cr); 516 if (error != 0) 517 error = dsl_deleg_access_impl(ds, perm, cr); 518 } 519 return (error); 520 } 521 522 static int 523 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr) 524 { 525 int error; 526 dsl_dataset_t *ds; 527 dsl_pool_t *dp; 528 529 /* 530 * First do a quick check for root in the global zone, which 531 * is allowed to do all write_perms. This ensures that zfs_ioc_* 532 * will get to handle nonexistent datasets. 533 */ 534 if (INGLOBALZONE(curthread) && secpolicy_zfs(cr) == 0) 535 return (0); 536 537 error = dsl_pool_hold(name, FTAG, &dp); 538 if (error != 0) 539 return (error); 540 541 error = dsl_dataset_hold(dp, name, FTAG, &ds); 542 if (error != 0) { 543 dsl_pool_rele(dp, FTAG); 544 return (error); 545 } 546 547 error = zfs_secpolicy_write_perms_ds(name, ds, perm, cr); 548 549 dsl_dataset_rele(ds, FTAG); 550 dsl_pool_rele(dp, FTAG); 551 return (error); 552 } 553 554 #ifdef SECLABEL 555 /* 556 * Policy for setting the security label property. 557 * 558 * Returns 0 for success, non-zero for access and other errors. 559 */ 560 static int 561 zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr) 562 { 563 char ds_hexsl[MAXNAMELEN]; 564 bslabel_t ds_sl, new_sl; 565 boolean_t new_default = FALSE; 566 uint64_t zoned; 567 int needed_priv = -1; 568 int error; 569 570 /* First get the existing dataset label. */ 571 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL), 572 1, sizeof (ds_hexsl), &ds_hexsl, NULL); 573 if (error != 0) 574 return (SET_ERROR(EPERM)); 575 576 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0) 577 new_default = TRUE; 578 579 /* The label must be translatable */ 580 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0)) 581 return (SET_ERROR(EINVAL)); 582 583 /* 584 * In a non-global zone, disallow attempts to set a label that 585 * doesn't match that of the zone; otherwise no other checks 586 * are needed. 587 */ 588 if (!INGLOBALZONE(curproc)) { 589 if (new_default || !blequal(&new_sl, CR_SL(CRED()))) 590 return (SET_ERROR(EPERM)); 591 return (0); 592 } 593 594 /* 595 * For global-zone datasets (i.e., those whose zoned property is 596 * "off", verify that the specified new label is valid for the 597 * global zone. 598 */ 599 if (dsl_prop_get_integer(name, 600 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL)) 601 return (SET_ERROR(EPERM)); 602 if (!zoned) { 603 if (zfs_check_global_label(name, strval) != 0) 604 return (SET_ERROR(EPERM)); 605 } 606 607 /* 608 * If the existing dataset label is nondefault, check if the 609 * dataset is mounted (label cannot be changed while mounted). 610 * Get the zfsvfs; if there isn't one, then the dataset isn't 611 * mounted (or isn't a dataset, doesn't exist, ...). 612 */ 613 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) { 614 objset_t *os; 615 static char *setsl_tag = "setsl_tag"; 616 617 /* 618 * Try to own the dataset; abort if there is any error, 619 * (e.g., already mounted, in use, or other error). 620 */ 621 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE, 622 setsl_tag, &os); 623 if (error != 0) 624 return (SET_ERROR(EPERM)); 625 626 dmu_objset_disown(os, setsl_tag); 627 628 if (new_default) { 629 needed_priv = PRIV_FILE_DOWNGRADE_SL; 630 goto out_check; 631 } 632 633 if (hexstr_to_label(strval, &new_sl) != 0) 634 return (SET_ERROR(EPERM)); 635 636 if (blstrictdom(&ds_sl, &new_sl)) 637 needed_priv = PRIV_FILE_DOWNGRADE_SL; 638 else if (blstrictdom(&new_sl, &ds_sl)) 639 needed_priv = PRIV_FILE_UPGRADE_SL; 640 } else { 641 /* dataset currently has a default label */ 642 if (!new_default) 643 needed_priv = PRIV_FILE_UPGRADE_SL; 644 } 645 646 out_check: 647 if (needed_priv != -1) 648 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL)); 649 return (0); 650 } 651 #endif /* SECLABEL */ 652 653 static int 654 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval, 655 cred_t *cr) 656 { 657 char *strval; 658 659 /* 660 * Check permissions for special properties. 661 */ 662 switch (prop) { 663 case ZFS_PROP_ZONED: 664 /* 665 * Disallow setting of 'zoned' from within a local zone. 666 */ 667 if (!INGLOBALZONE(curthread)) 668 return (SET_ERROR(EPERM)); 669 break; 670 671 case ZFS_PROP_QUOTA: 672 case ZFS_PROP_FILESYSTEM_LIMIT: 673 case ZFS_PROP_SNAPSHOT_LIMIT: 674 if (!INGLOBALZONE(curthread)) { 675 uint64_t zoned; 676 char setpoint[ZFS_MAX_DATASET_NAME_LEN]; 677 /* 678 * Unprivileged users are allowed to modify the 679 * limit on things *under* (ie. contained by) 680 * the thing they own. 681 */ 682 if (dsl_prop_get_integer(dsname, "jailed", &zoned, 683 setpoint)) 684 return (SET_ERROR(EPERM)); 685 if (!zoned || strlen(dsname) <= strlen(setpoint)) 686 return (SET_ERROR(EPERM)); 687 } 688 break; 689 690 case ZFS_PROP_MLSLABEL: 691 #ifdef SECLABEL 692 if (!is_system_labeled()) 693 return (SET_ERROR(EPERM)); 694 695 if (nvpair_value_string(propval, &strval) == 0) { 696 int err; 697 698 err = zfs_set_slabel_policy(dsname, strval, CRED()); 699 if (err != 0) 700 return (err); 701 } 702 #else 703 return (EOPNOTSUPP); 704 #endif 705 break; 706 } 707 708 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr)); 709 } 710 711 /* ARGSUSED */ 712 static int 713 zfs_secpolicy_set_fsacl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 714 { 715 int error; 716 717 error = zfs_dozonecheck(zc->zc_name, cr); 718 if (error != 0) 719 return (error); 720 721 /* 722 * permission to set permissions will be evaluated later in 723 * dsl_deleg_can_allow() 724 */ 725 return (0); 726 } 727 728 /* ARGSUSED */ 729 static int 730 zfs_secpolicy_rollback(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 731 { 732 return (zfs_secpolicy_write_perms(zc->zc_name, 733 ZFS_DELEG_PERM_ROLLBACK, cr)); 734 } 735 736 /* ARGSUSED */ 737 static int 738 zfs_secpolicy_send(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 739 { 740 dsl_pool_t *dp; 741 dsl_dataset_t *ds; 742 char *cp; 743 int error; 744 745 /* 746 * Generate the current snapshot name from the given objsetid, then 747 * use that name for the secpolicy/zone checks. 748 */ 749 cp = strchr(zc->zc_name, '@'); 750 if (cp == NULL) 751 return (SET_ERROR(EINVAL)); 752 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 753 if (error != 0) 754 return (error); 755 756 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds); 757 if (error != 0) { 758 dsl_pool_rele(dp, FTAG); 759 return (error); 760 } 761 762 dsl_dataset_name(ds, zc->zc_name); 763 764 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds, 765 ZFS_DELEG_PERM_SEND, cr); 766 dsl_dataset_rele(ds, FTAG); 767 dsl_pool_rele(dp, FTAG); 768 769 return (error); 770 } 771 772 /* ARGSUSED */ 773 static int 774 zfs_secpolicy_send_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 775 { 776 return (zfs_secpolicy_write_perms(zc->zc_name, 777 ZFS_DELEG_PERM_SEND, cr)); 778 } 779 780 /* ARGSUSED */ 781 static int 782 zfs_secpolicy_deleg_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 783 { 784 vnode_t *vp; 785 int error; 786 787 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE, 788 NO_FOLLOW, NULL, &vp)) != 0) 789 return (error); 790 791 /* Now make sure mntpnt and dataset are ZFS */ 792 793 if (strcmp(vp->v_vfsp->mnt_stat.f_fstypename, "zfs") != 0 || 794 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource), 795 zc->zc_name) != 0)) { 796 VN_RELE(vp); 797 return (SET_ERROR(EPERM)); 798 } 799 800 VN_RELE(vp); 801 return (dsl_deleg_access(zc->zc_name, 802 ZFS_DELEG_PERM_SHARE, cr)); 803 } 804 805 int 806 zfs_secpolicy_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 807 { 808 if (!INGLOBALZONE(curthread)) 809 return (SET_ERROR(EPERM)); 810 811 if (secpolicy_nfs(cr) == 0) { 812 return (0); 813 } else { 814 return (zfs_secpolicy_deleg_share(zc, innvl, cr)); 815 } 816 } 817 818 int 819 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 820 { 821 if (!INGLOBALZONE(curthread)) 822 return (SET_ERROR(EPERM)); 823 824 if (secpolicy_smb(cr) == 0) { 825 return (0); 826 } else { 827 return (zfs_secpolicy_deleg_share(zc, innvl, cr)); 828 } 829 } 830 831 static int 832 zfs_get_parent(const char *datasetname, char *parent, int parentsize) 833 { 834 char *cp; 835 836 /* 837 * Remove the @bla or /bla from the end of the name to get the parent. 838 */ 839 (void) strncpy(parent, datasetname, parentsize); 840 cp = strrchr(parent, '@'); 841 if (cp != NULL) { 842 cp[0] = '\0'; 843 } else { 844 cp = strrchr(parent, '/'); 845 if (cp == NULL) 846 return (SET_ERROR(ENOENT)); 847 cp[0] = '\0'; 848 } 849 850 return (0); 851 } 852 853 int 854 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr) 855 { 856 int error; 857 858 if ((error = zfs_secpolicy_write_perms(name, 859 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 860 return (error); 861 862 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr)); 863 } 864 865 /* ARGSUSED */ 866 static int 867 zfs_secpolicy_destroy(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 868 { 869 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr)); 870 } 871 872 /* 873 * Destroying snapshots with delegated permissions requires 874 * descendant mount and destroy permissions. 875 */ 876 /* ARGSUSED */ 877 static int 878 zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 879 { 880 nvlist_t *snaps; 881 nvpair_t *pair, *nextpair; 882 int error = 0; 883 884 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0) 885 return (SET_ERROR(EINVAL)); 886 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 887 pair = nextpair) { 888 nextpair = nvlist_next_nvpair(snaps, pair); 889 error = zfs_secpolicy_destroy_perms(nvpair_name(pair), cr); 890 if (error == ENOENT) { 891 /* 892 * Ignore any snapshots that don't exist (we consider 893 * them "already destroyed"). Remove the name from the 894 * nvl here in case the snapshot is created between 895 * now and when we try to destroy it (in which case 896 * we don't want to destroy it since we haven't 897 * checked for permission). 898 */ 899 fnvlist_remove_nvpair(snaps, pair); 900 error = 0; 901 } 902 if (error != 0) 903 break; 904 } 905 906 return (error); 907 } 908 909 int 910 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr) 911 { 912 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 913 int error; 914 915 if ((error = zfs_secpolicy_write_perms(from, 916 ZFS_DELEG_PERM_RENAME, cr)) != 0) 917 return (error); 918 919 if ((error = zfs_secpolicy_write_perms(from, 920 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 921 return (error); 922 923 if ((error = zfs_get_parent(to, parentname, 924 sizeof (parentname))) != 0) 925 return (error); 926 927 if ((error = zfs_secpolicy_write_perms(parentname, 928 ZFS_DELEG_PERM_CREATE, cr)) != 0) 929 return (error); 930 931 if ((error = zfs_secpolicy_write_perms(parentname, 932 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 933 return (error); 934 935 return (error); 936 } 937 938 /* ARGSUSED */ 939 static int 940 zfs_secpolicy_rename(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 941 { 942 char *at = NULL; 943 int error; 944 945 if ((zc->zc_cookie & 1) != 0) { 946 /* 947 * This is recursive rename, so the starting snapshot might 948 * not exist. Check file system or volume permission instead. 949 */ 950 at = strchr(zc->zc_name, '@'); 951 if (at == NULL) 952 return (EINVAL); 953 *at = '\0'; 954 } 955 956 error = zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr); 957 958 if (at != NULL) 959 *at = '@'; 960 961 return (error); 962 } 963 964 /* ARGSUSED */ 965 static int 966 zfs_secpolicy_promote(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 967 { 968 dsl_pool_t *dp; 969 dsl_dataset_t *clone; 970 int error; 971 972 error = zfs_secpolicy_write_perms(zc->zc_name, 973 ZFS_DELEG_PERM_PROMOTE, cr); 974 if (error != 0) 975 return (error); 976 977 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 978 if (error != 0) 979 return (error); 980 981 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &clone); 982 983 if (error == 0) { 984 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 985 dsl_dataset_t *origin = NULL; 986 dsl_dir_t *dd; 987 dd = clone->ds_dir; 988 989 error = dsl_dataset_hold_obj(dd->dd_pool, 990 dsl_dir_phys(dd)->dd_origin_obj, FTAG, &origin); 991 if (error != 0) { 992 dsl_dataset_rele(clone, FTAG); 993 dsl_pool_rele(dp, FTAG); 994 return (error); 995 } 996 997 error = zfs_secpolicy_write_perms_ds(zc->zc_name, clone, 998 ZFS_DELEG_PERM_MOUNT, cr); 999 1000 dsl_dataset_name(origin, parentname); 1001 if (error == 0) { 1002 error = zfs_secpolicy_write_perms_ds(parentname, origin, 1003 ZFS_DELEG_PERM_PROMOTE, cr); 1004 } 1005 dsl_dataset_rele(clone, FTAG); 1006 dsl_dataset_rele(origin, FTAG); 1007 } 1008 dsl_pool_rele(dp, FTAG); 1009 return (error); 1010 } 1011 1012 /* ARGSUSED */ 1013 static int 1014 zfs_secpolicy_recv(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1015 { 1016 int error; 1017 1018 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 1019 ZFS_DELEG_PERM_RECEIVE, cr)) != 0) 1020 return (error); 1021 1022 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 1023 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 1024 return (error); 1025 1026 return (zfs_secpolicy_write_perms(zc->zc_name, 1027 ZFS_DELEG_PERM_CREATE, cr)); 1028 } 1029 1030 int 1031 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr) 1032 { 1033 return (zfs_secpolicy_write_perms(name, 1034 ZFS_DELEG_PERM_SNAPSHOT, cr)); 1035 } 1036 1037 /* 1038 * Check for permission to create each snapshot in the nvlist. 1039 */ 1040 /* ARGSUSED */ 1041 static int 1042 zfs_secpolicy_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1043 { 1044 nvlist_t *snaps; 1045 int error; 1046 nvpair_t *pair; 1047 1048 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0) 1049 return (SET_ERROR(EINVAL)); 1050 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 1051 pair = nvlist_next_nvpair(snaps, pair)) { 1052 char *name = nvpair_name(pair); 1053 char *atp = strchr(name, '@'); 1054 1055 if (atp == NULL) { 1056 error = SET_ERROR(EINVAL); 1057 break; 1058 } 1059 *atp = '\0'; 1060 error = zfs_secpolicy_snapshot_perms(name, cr); 1061 *atp = '@'; 1062 if (error != 0) 1063 break; 1064 } 1065 return (error); 1066 } 1067 1068 /* 1069 * Check for permission to create each snapshot in the nvlist. 1070 */ 1071 /* ARGSUSED */ 1072 static int 1073 zfs_secpolicy_bookmark(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1074 { 1075 int error = 0; 1076 1077 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL); 1078 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) { 1079 char *name = nvpair_name(pair); 1080 char *hashp = strchr(name, '#'); 1081 1082 if (hashp == NULL) { 1083 error = SET_ERROR(EINVAL); 1084 break; 1085 } 1086 *hashp = '\0'; 1087 error = zfs_secpolicy_write_perms(name, 1088 ZFS_DELEG_PERM_BOOKMARK, cr); 1089 *hashp = '#'; 1090 if (error != 0) 1091 break; 1092 } 1093 return (error); 1094 } 1095 1096 /* ARGSUSED */ 1097 static int 1098 zfs_secpolicy_destroy_bookmarks(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1099 { 1100 nvpair_t *pair, *nextpair; 1101 int error = 0; 1102 1103 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL; 1104 pair = nextpair) { 1105 char *name = nvpair_name(pair); 1106 char *hashp = strchr(name, '#'); 1107 nextpair = nvlist_next_nvpair(innvl, pair); 1108 1109 if (hashp == NULL) { 1110 error = SET_ERROR(EINVAL); 1111 break; 1112 } 1113 1114 *hashp = '\0'; 1115 error = zfs_secpolicy_write_perms(name, 1116 ZFS_DELEG_PERM_DESTROY, cr); 1117 *hashp = '#'; 1118 if (error == ENOENT) { 1119 /* 1120 * Ignore any filesystems that don't exist (we consider 1121 * their bookmarks "already destroyed"). Remove 1122 * the name from the nvl here in case the filesystem 1123 * is created between now and when we try to destroy 1124 * the bookmark (in which case we don't want to 1125 * destroy it since we haven't checked for permission). 1126 */ 1127 fnvlist_remove_nvpair(innvl, pair); 1128 error = 0; 1129 } 1130 if (error != 0) 1131 break; 1132 } 1133 1134 return (error); 1135 } 1136 1137 /* ARGSUSED */ 1138 static int 1139 zfs_secpolicy_log_history(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1140 { 1141 /* 1142 * Even root must have a proper TSD so that we know what pool 1143 * to log to. 1144 */ 1145 if (tsd_get(zfs_allow_log_key) == NULL) 1146 return (SET_ERROR(EPERM)); 1147 return (0); 1148 } 1149 1150 static int 1151 zfs_secpolicy_create_clone(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1152 { 1153 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 1154 int error; 1155 char *origin; 1156 1157 if ((error = zfs_get_parent(zc->zc_name, parentname, 1158 sizeof (parentname))) != 0) 1159 return (error); 1160 1161 if (nvlist_lookup_string(innvl, "origin", &origin) == 0 && 1162 (error = zfs_secpolicy_write_perms(origin, 1163 ZFS_DELEG_PERM_CLONE, cr)) != 0) 1164 return (error); 1165 1166 if ((error = zfs_secpolicy_write_perms(parentname, 1167 ZFS_DELEG_PERM_CREATE, cr)) != 0) 1168 return (error); 1169 1170 return (zfs_secpolicy_write_perms(parentname, 1171 ZFS_DELEG_PERM_MOUNT, cr)); 1172 } 1173 1174 /* 1175 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires 1176 * SYS_CONFIG privilege, which is not available in a local zone. 1177 */ 1178 /* ARGSUSED */ 1179 static int 1180 zfs_secpolicy_config(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1181 { 1182 if (secpolicy_sys_config(cr, B_FALSE) != 0) 1183 return (SET_ERROR(EPERM)); 1184 1185 return (0); 1186 } 1187 1188 /* 1189 * Policy for object to name lookups. 1190 */ 1191 /* ARGSUSED */ 1192 static int 1193 zfs_secpolicy_diff(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1194 { 1195 int error; 1196 1197 if ((error = secpolicy_sys_config(cr, B_FALSE)) == 0) 1198 return (0); 1199 1200 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr); 1201 return (error); 1202 } 1203 1204 /* 1205 * Policy for fault injection. Requires all privileges. 1206 */ 1207 /* ARGSUSED */ 1208 static int 1209 zfs_secpolicy_inject(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1210 { 1211 return (secpolicy_zinject(cr)); 1212 } 1213 1214 /* ARGSUSED */ 1215 static int 1216 zfs_secpolicy_inherit_prop(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1217 { 1218 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value); 1219 1220 if (prop == ZPROP_INVAL) { 1221 if (!zfs_prop_user(zc->zc_value)) 1222 return (SET_ERROR(EINVAL)); 1223 return (zfs_secpolicy_write_perms(zc->zc_name, 1224 ZFS_DELEG_PERM_USERPROP, cr)); 1225 } else { 1226 return (zfs_secpolicy_setprop(zc->zc_name, prop, 1227 NULL, cr)); 1228 } 1229 } 1230 1231 static int 1232 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1233 { 1234 int err = zfs_secpolicy_read(zc, innvl, cr); 1235 if (err) 1236 return (err); 1237 1238 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 1239 return (SET_ERROR(EINVAL)); 1240 1241 if (zc->zc_value[0] == 0) { 1242 /* 1243 * They are asking about a posix uid/gid. If it's 1244 * themself, allow it. 1245 */ 1246 if (zc->zc_objset_type == ZFS_PROP_USERUSED || 1247 zc->zc_objset_type == ZFS_PROP_USERQUOTA) { 1248 if (zc->zc_guid == crgetuid(cr)) 1249 return (0); 1250 } else { 1251 if (groupmember(zc->zc_guid, cr)) 1252 return (0); 1253 } 1254 } 1255 1256 return (zfs_secpolicy_write_perms(zc->zc_name, 1257 userquota_perms[zc->zc_objset_type], cr)); 1258 } 1259 1260 static int 1261 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1262 { 1263 int err = zfs_secpolicy_read(zc, innvl, cr); 1264 if (err) 1265 return (err); 1266 1267 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 1268 return (SET_ERROR(EINVAL)); 1269 1270 return (zfs_secpolicy_write_perms(zc->zc_name, 1271 userquota_perms[zc->zc_objset_type], cr)); 1272 } 1273 1274 /* ARGSUSED */ 1275 static int 1276 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1277 { 1278 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION, 1279 NULL, cr)); 1280 } 1281 1282 /* ARGSUSED */ 1283 static int 1284 zfs_secpolicy_hold(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1285 { 1286 nvpair_t *pair; 1287 nvlist_t *holds; 1288 int error; 1289 1290 error = nvlist_lookup_nvlist(innvl, "holds", &holds); 1291 if (error != 0) 1292 return (SET_ERROR(EINVAL)); 1293 1294 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL; 1295 pair = nvlist_next_nvpair(holds, pair)) { 1296 char fsname[ZFS_MAX_DATASET_NAME_LEN]; 1297 error = dmu_fsname(nvpair_name(pair), fsname); 1298 if (error != 0) 1299 return (error); 1300 error = zfs_secpolicy_write_perms(fsname, 1301 ZFS_DELEG_PERM_HOLD, cr); 1302 if (error != 0) 1303 return (error); 1304 } 1305 return (0); 1306 } 1307 1308 /* ARGSUSED */ 1309 static int 1310 zfs_secpolicy_release(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1311 { 1312 nvpair_t *pair; 1313 int error; 1314 1315 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL; 1316 pair = nvlist_next_nvpair(innvl, pair)) { 1317 char fsname[ZFS_MAX_DATASET_NAME_LEN]; 1318 error = dmu_fsname(nvpair_name(pair), fsname); 1319 if (error != 0) 1320 return (error); 1321 error = zfs_secpolicy_write_perms(fsname, 1322 ZFS_DELEG_PERM_RELEASE, cr); 1323 if (error != 0) 1324 return (error); 1325 } 1326 return (0); 1327 } 1328 1329 /* 1330 * Policy for allowing temporary snapshots to be taken or released 1331 */ 1332 static int 1333 zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1334 { 1335 /* 1336 * A temporary snapshot is the same as a snapshot, 1337 * hold, destroy and release all rolled into one. 1338 * Delegated diff alone is sufficient that we allow this. 1339 */ 1340 int error; 1341 1342 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 1343 ZFS_DELEG_PERM_DIFF, cr)) == 0) 1344 return (0); 1345 1346 error = zfs_secpolicy_snapshot_perms(zc->zc_name, cr); 1347 if (error == 0) 1348 error = zfs_secpolicy_hold(zc, innvl, cr); 1349 if (error == 0) 1350 error = zfs_secpolicy_release(zc, innvl, cr); 1351 if (error == 0) 1352 error = zfs_secpolicy_destroy(zc, innvl, cr); 1353 return (error); 1354 } 1355 1356 /* 1357 * Returns the nvlist as specified by the user in the zfs_cmd_t. 1358 */ 1359 static int 1360 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp) 1361 { 1362 char *packed; 1363 int error; 1364 nvlist_t *list = NULL; 1365 1366 /* 1367 * Read in and unpack the user-supplied nvlist. 1368 */ 1369 if (size == 0) 1370 return (SET_ERROR(EINVAL)); 1371 1372 packed = kmem_alloc(size, KM_SLEEP); 1373 1374 if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size, 1375 iflag)) != 0) { 1376 kmem_free(packed, size); 1377 return (SET_ERROR(EFAULT)); 1378 } 1379 1380 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) { 1381 kmem_free(packed, size); 1382 return (error); 1383 } 1384 1385 kmem_free(packed, size); 1386 1387 *nvp = list; 1388 return (0); 1389 } 1390 1391 /* 1392 * Reduce the size of this nvlist until it can be serialized in 'max' bytes. 1393 * Entries will be removed from the end of the nvlist, and one int32 entry 1394 * named "N_MORE_ERRORS" will be added indicating how many entries were 1395 * removed. 1396 */ 1397 static int 1398 nvlist_smush(nvlist_t *errors, size_t max) 1399 { 1400 size_t size; 1401 1402 size = fnvlist_size(errors); 1403 1404 if (size > max) { 1405 nvpair_t *more_errors; 1406 int n = 0; 1407 1408 if (max < 1024) 1409 return (SET_ERROR(ENOMEM)); 1410 1411 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, 0); 1412 more_errors = nvlist_prev_nvpair(errors, NULL); 1413 1414 do { 1415 nvpair_t *pair = nvlist_prev_nvpair(errors, 1416 more_errors); 1417 fnvlist_remove_nvpair(errors, pair); 1418 n++; 1419 size = fnvlist_size(errors); 1420 } while (size > max); 1421 1422 fnvlist_remove_nvpair(errors, more_errors); 1423 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, n); 1424 ASSERT3U(fnvlist_size(errors), <=, max); 1425 } 1426 1427 return (0); 1428 } 1429 1430 static int 1431 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl) 1432 { 1433 char *packed = NULL; 1434 int error = 0; 1435 size_t size; 1436 1437 size = fnvlist_size(nvl); 1438 1439 if (size > zc->zc_nvlist_dst_size) { 1440 /* 1441 * Solaris returns ENOMEM here, because even if an error is 1442 * returned from an ioctl(2), new zc_nvlist_dst_size will be 1443 * passed to the userland. This is not the case for FreeBSD. 1444 * We need to return 0, so the kernel will copy the 1445 * zc_nvlist_dst_size back and the userland can discover that a 1446 * bigger buffer is needed. 1447 */ 1448 error = 0; 1449 } else { 1450 packed = fnvlist_pack(nvl, &size); 1451 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst, 1452 size, zc->zc_iflags) != 0) 1453 error = SET_ERROR(EFAULT); 1454 fnvlist_pack_free(packed, size); 1455 } 1456 1457 zc->zc_nvlist_dst_size = size; 1458 zc->zc_nvlist_dst_filled = B_TRUE; 1459 return (error); 1460 } 1461 1462 static int 1463 getzfsvfs(const char *dsname, zfsvfs_t **zfvp) 1464 { 1465 objset_t *os; 1466 vfs_t *vfsp; 1467 int error; 1468 1469 error = dmu_objset_hold(dsname, FTAG, &os); 1470 if (error != 0) 1471 return (error); 1472 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1473 dmu_objset_rele(os, FTAG); 1474 return (SET_ERROR(EINVAL)); 1475 } 1476 1477 mutex_enter(&os->os_user_ptr_lock); 1478 *zfvp = dmu_objset_get_user(os); 1479 if (*zfvp) { 1480 vfsp = (*zfvp)->z_vfs; 1481 vfs_ref(vfsp); 1482 } else { 1483 error = SET_ERROR(ESRCH); 1484 } 1485 mutex_exit(&os->os_user_ptr_lock); 1486 dmu_objset_rele(os, FTAG); 1487 if (error == 0) { 1488 error = vfs_busy(vfsp, 0); 1489 vfs_rel(vfsp); 1490 if (error != 0) { 1491 *zfvp = NULL; 1492 error = SET_ERROR(ESRCH); 1493 } 1494 } 1495 return (error); 1496 } 1497 1498 /* 1499 * Find a zfsvfs_t for a mounted filesystem, or create our own, in which 1500 * case its z_vfs will be NULL, and it will be opened as the owner. 1501 * If 'writer' is set, the z_teardown_lock will be held for RW_WRITER, 1502 * which prevents all vnode ops from running. 1503 */ 1504 static int 1505 zfsvfs_hold(const char *name, void *tag, zfsvfs_t **zfvp, boolean_t writer) 1506 { 1507 int error = 0; 1508 1509 if (getzfsvfs(name, zfvp) != 0) 1510 error = zfsvfs_create(name, zfvp); 1511 if (error == 0) { 1512 rrm_enter(&(*zfvp)->z_teardown_lock, (writer) ? RW_WRITER : 1513 RW_READER, tag); 1514 if ((*zfvp)->z_unmounted) { 1515 /* 1516 * XXX we could probably try again, since the unmounting 1517 * thread should be just about to disassociate the 1518 * objset from the zfsvfs. 1519 */ 1520 rrm_exit(&(*zfvp)->z_teardown_lock, tag); 1521 return (SET_ERROR(EBUSY)); 1522 } 1523 } 1524 return (error); 1525 } 1526 1527 static void 1528 zfsvfs_rele(zfsvfs_t *zfsvfs, void *tag) 1529 { 1530 rrm_exit(&zfsvfs->z_teardown_lock, tag); 1531 1532 if (zfsvfs->z_vfs) { 1533 #ifdef illumos 1534 VFS_RELE(zfsvfs->z_vfs); 1535 #else 1536 vfs_unbusy(zfsvfs->z_vfs); 1537 #endif 1538 } else { 1539 dmu_objset_disown(zfsvfs->z_os, zfsvfs); 1540 zfsvfs_free(zfsvfs); 1541 } 1542 } 1543 1544 static int 1545 zfs_ioc_pool_create(zfs_cmd_t *zc) 1546 { 1547 int error; 1548 nvlist_t *config, *props = NULL; 1549 nvlist_t *rootprops = NULL; 1550 nvlist_t *zplprops = NULL; 1551 1552 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1553 zc->zc_iflags, &config)) 1554 return (error); 1555 1556 if (zc->zc_nvlist_src_size != 0 && (error = 1557 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1558 zc->zc_iflags, &props))) { 1559 nvlist_free(config); 1560 return (error); 1561 } 1562 1563 if (props) { 1564 nvlist_t *nvl = NULL; 1565 uint64_t version = SPA_VERSION; 1566 1567 (void) nvlist_lookup_uint64(props, 1568 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version); 1569 if (!SPA_VERSION_IS_SUPPORTED(version)) { 1570 error = SET_ERROR(EINVAL); 1571 goto pool_props_bad; 1572 } 1573 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl); 1574 if (nvl) { 1575 error = nvlist_dup(nvl, &rootprops, KM_SLEEP); 1576 if (error != 0) { 1577 nvlist_free(config); 1578 nvlist_free(props); 1579 return (error); 1580 } 1581 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS); 1582 } 1583 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 1584 error = zfs_fill_zplprops_root(version, rootprops, 1585 zplprops, NULL); 1586 if (error != 0) 1587 goto pool_props_bad; 1588 } 1589 1590 error = spa_create(zc->zc_name, config, props, zplprops); 1591 1592 /* 1593 * Set the remaining root properties 1594 */ 1595 if (!error && (error = zfs_set_prop_nvlist(zc->zc_name, 1596 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0) 1597 (void) spa_destroy(zc->zc_name); 1598 1599 pool_props_bad: 1600 nvlist_free(rootprops); 1601 nvlist_free(zplprops); 1602 nvlist_free(config); 1603 nvlist_free(props); 1604 1605 return (error); 1606 } 1607 1608 static int 1609 zfs_ioc_pool_destroy(zfs_cmd_t *zc) 1610 { 1611 int error; 1612 zfs_log_history(zc); 1613 error = spa_destroy(zc->zc_name); 1614 if (error == 0) 1615 zvol_remove_minors(zc->zc_name); 1616 return (error); 1617 } 1618 1619 static int 1620 zfs_ioc_pool_import(zfs_cmd_t *zc) 1621 { 1622 nvlist_t *config, *props = NULL; 1623 uint64_t guid; 1624 int error; 1625 1626 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1627 zc->zc_iflags, &config)) != 0) 1628 return (error); 1629 1630 if (zc->zc_nvlist_src_size != 0 && (error = 1631 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1632 zc->zc_iflags, &props))) { 1633 nvlist_free(config); 1634 return (error); 1635 } 1636 1637 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 || 1638 guid != zc->zc_guid) 1639 error = SET_ERROR(EINVAL); 1640 else 1641 error = spa_import(zc->zc_name, config, props, zc->zc_cookie); 1642 1643 if (zc->zc_nvlist_dst != 0) { 1644 int err; 1645 1646 if ((err = put_nvlist(zc, config)) != 0) 1647 error = err; 1648 } 1649 1650 nvlist_free(config); 1651 1652 nvlist_free(props); 1653 1654 return (error); 1655 } 1656 1657 static int 1658 zfs_ioc_pool_export(zfs_cmd_t *zc) 1659 { 1660 int error; 1661 boolean_t force = (boolean_t)zc->zc_cookie; 1662 boolean_t hardforce = (boolean_t)zc->zc_guid; 1663 1664 zfs_log_history(zc); 1665 error = spa_export(zc->zc_name, NULL, force, hardforce); 1666 if (error == 0) 1667 zvol_remove_minors(zc->zc_name); 1668 return (error); 1669 } 1670 1671 static int 1672 zfs_ioc_pool_configs(zfs_cmd_t *zc) 1673 { 1674 nvlist_t *configs; 1675 int error; 1676 1677 if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL) 1678 return (SET_ERROR(EEXIST)); 1679 1680 error = put_nvlist(zc, configs); 1681 1682 nvlist_free(configs); 1683 1684 return (error); 1685 } 1686 1687 /* 1688 * inputs: 1689 * zc_name name of the pool 1690 * 1691 * outputs: 1692 * zc_cookie real errno 1693 * zc_nvlist_dst config nvlist 1694 * zc_nvlist_dst_size size of config nvlist 1695 */ 1696 static int 1697 zfs_ioc_pool_stats(zfs_cmd_t *zc) 1698 { 1699 nvlist_t *config; 1700 int error; 1701 int ret = 0; 1702 1703 error = spa_get_stats(zc->zc_name, &config, zc->zc_value, 1704 sizeof (zc->zc_value)); 1705 1706 if (config != NULL) { 1707 ret = put_nvlist(zc, config); 1708 nvlist_free(config); 1709 1710 /* 1711 * The config may be present even if 'error' is non-zero. 1712 * In this case we return success, and preserve the real errno 1713 * in 'zc_cookie'. 1714 */ 1715 zc->zc_cookie = error; 1716 } else { 1717 ret = error; 1718 } 1719 1720 return (ret); 1721 } 1722 1723 /* 1724 * Try to import the given pool, returning pool stats as appropriate so that 1725 * user land knows which devices are available and overall pool health. 1726 */ 1727 static int 1728 zfs_ioc_pool_tryimport(zfs_cmd_t *zc) 1729 { 1730 nvlist_t *tryconfig, *config; 1731 int error; 1732 1733 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1734 zc->zc_iflags, &tryconfig)) != 0) 1735 return (error); 1736 1737 config = spa_tryimport(tryconfig); 1738 1739 nvlist_free(tryconfig); 1740 1741 if (config == NULL) 1742 return (SET_ERROR(EINVAL)); 1743 1744 error = put_nvlist(zc, config); 1745 nvlist_free(config); 1746 1747 return (error); 1748 } 1749 1750 /* 1751 * inputs: 1752 * zc_name name of the pool 1753 * zc_cookie scan func (pool_scan_func_t) 1754 */ 1755 static int 1756 zfs_ioc_pool_scan(zfs_cmd_t *zc) 1757 { 1758 spa_t *spa; 1759 int error; 1760 1761 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1762 return (error); 1763 1764 if (zc->zc_cookie == POOL_SCAN_NONE) 1765 error = spa_scan_stop(spa); 1766 else 1767 error = spa_scan(spa, zc->zc_cookie); 1768 1769 spa_close(spa, FTAG); 1770 1771 return (error); 1772 } 1773 1774 static int 1775 zfs_ioc_pool_freeze(zfs_cmd_t *zc) 1776 { 1777 spa_t *spa; 1778 int error; 1779 1780 error = spa_open(zc->zc_name, &spa, FTAG); 1781 if (error == 0) { 1782 spa_freeze(spa); 1783 spa_close(spa, FTAG); 1784 } 1785 return (error); 1786 } 1787 1788 static int 1789 zfs_ioc_pool_upgrade(zfs_cmd_t *zc) 1790 { 1791 spa_t *spa; 1792 int error; 1793 1794 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1795 return (error); 1796 1797 if (zc->zc_cookie < spa_version(spa) || 1798 !SPA_VERSION_IS_SUPPORTED(zc->zc_cookie)) { 1799 spa_close(spa, FTAG); 1800 return (SET_ERROR(EINVAL)); 1801 } 1802 1803 spa_upgrade(spa, zc->zc_cookie); 1804 spa_close(spa, FTAG); 1805 1806 return (error); 1807 } 1808 1809 static int 1810 zfs_ioc_pool_get_history(zfs_cmd_t *zc) 1811 { 1812 spa_t *spa; 1813 char *hist_buf; 1814 uint64_t size; 1815 int error; 1816 1817 if ((size = zc->zc_history_len) == 0) 1818 return (SET_ERROR(EINVAL)); 1819 1820 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1821 return (error); 1822 1823 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) { 1824 spa_close(spa, FTAG); 1825 return (SET_ERROR(ENOTSUP)); 1826 } 1827 1828 hist_buf = kmem_alloc(size, KM_SLEEP); 1829 if ((error = spa_history_get(spa, &zc->zc_history_offset, 1830 &zc->zc_history_len, hist_buf)) == 0) { 1831 error = ddi_copyout(hist_buf, 1832 (void *)(uintptr_t)zc->zc_history, 1833 zc->zc_history_len, zc->zc_iflags); 1834 } 1835 1836 spa_close(spa, FTAG); 1837 kmem_free(hist_buf, size); 1838 return (error); 1839 } 1840 1841 static int 1842 zfs_ioc_pool_reguid(zfs_cmd_t *zc) 1843 { 1844 spa_t *spa; 1845 int error; 1846 1847 error = spa_open(zc->zc_name, &spa, FTAG); 1848 if (error == 0) { 1849 error = spa_change_guid(spa); 1850 spa_close(spa, FTAG); 1851 } 1852 return (error); 1853 } 1854 1855 static int 1856 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc) 1857 { 1858 return (dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value)); 1859 } 1860 1861 /* 1862 * inputs: 1863 * zc_name name of filesystem 1864 * zc_obj object to find 1865 * 1866 * outputs: 1867 * zc_value name of object 1868 */ 1869 static int 1870 zfs_ioc_obj_to_path(zfs_cmd_t *zc) 1871 { 1872 objset_t *os; 1873 int error; 1874 1875 /* XXX reading from objset not owned */ 1876 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0) 1877 return (error); 1878 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1879 dmu_objset_rele(os, FTAG); 1880 return (SET_ERROR(EINVAL)); 1881 } 1882 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value, 1883 sizeof (zc->zc_value)); 1884 dmu_objset_rele(os, FTAG); 1885 1886 return (error); 1887 } 1888 1889 /* 1890 * inputs: 1891 * zc_name name of filesystem 1892 * zc_obj object to find 1893 * 1894 * outputs: 1895 * zc_stat stats on object 1896 * zc_value path to object 1897 */ 1898 static int 1899 zfs_ioc_obj_to_stats(zfs_cmd_t *zc) 1900 { 1901 objset_t *os; 1902 int error; 1903 1904 /* XXX reading from objset not owned */ 1905 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0) 1906 return (error); 1907 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1908 dmu_objset_rele(os, FTAG); 1909 return (SET_ERROR(EINVAL)); 1910 } 1911 error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value, 1912 sizeof (zc->zc_value)); 1913 dmu_objset_rele(os, FTAG); 1914 1915 return (error); 1916 } 1917 1918 static int 1919 zfs_ioc_vdev_add(zfs_cmd_t *zc) 1920 { 1921 spa_t *spa; 1922 int error; 1923 nvlist_t *config, **l2cache, **spares; 1924 uint_t nl2cache = 0, nspares = 0; 1925 1926 error = spa_open(zc->zc_name, &spa, FTAG); 1927 if (error != 0) 1928 return (error); 1929 1930 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1931 zc->zc_iflags, &config); 1932 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_L2CACHE, 1933 &l2cache, &nl2cache); 1934 1935 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_SPARES, 1936 &spares, &nspares); 1937 1938 #ifdef illumos 1939 /* 1940 * A root pool with concatenated devices is not supported. 1941 * Thus, can not add a device to a root pool. 1942 * 1943 * Intent log device can not be added to a rootpool because 1944 * during mountroot, zil is replayed, a seperated log device 1945 * can not be accessed during the mountroot time. 1946 * 1947 * l2cache and spare devices are ok to be added to a rootpool. 1948 */ 1949 if (spa_bootfs(spa) != 0 && nl2cache == 0 && nspares == 0) { 1950 nvlist_free(config); 1951 spa_close(spa, FTAG); 1952 return (SET_ERROR(EDOM)); 1953 } 1954 #endif /* illumos */ 1955 1956 if (error == 0) { 1957 error = spa_vdev_add(spa, config); 1958 nvlist_free(config); 1959 } 1960 spa_close(spa, FTAG); 1961 return (error); 1962 } 1963 1964 /* 1965 * inputs: 1966 * zc_name name of the pool 1967 * zc_nvlist_conf nvlist of devices to remove 1968 * zc_cookie to stop the remove? 1969 */ 1970 static int 1971 zfs_ioc_vdev_remove(zfs_cmd_t *zc) 1972 { 1973 spa_t *spa; 1974 int error; 1975 1976 error = spa_open(zc->zc_name, &spa, FTAG); 1977 if (error != 0) 1978 return (error); 1979 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE); 1980 spa_close(spa, FTAG); 1981 return (error); 1982 } 1983 1984 static int 1985 zfs_ioc_vdev_set_state(zfs_cmd_t *zc) 1986 { 1987 spa_t *spa; 1988 int error; 1989 vdev_state_t newstate = VDEV_STATE_UNKNOWN; 1990 1991 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1992 return (error); 1993 switch (zc->zc_cookie) { 1994 case VDEV_STATE_ONLINE: 1995 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate); 1996 break; 1997 1998 case VDEV_STATE_OFFLINE: 1999 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj); 2000 break; 2001 2002 case VDEV_STATE_FAULTED: 2003 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED && 2004 zc->zc_obj != VDEV_AUX_EXTERNAL) 2005 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED; 2006 2007 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj); 2008 break; 2009 2010 case VDEV_STATE_DEGRADED: 2011 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED && 2012 zc->zc_obj != VDEV_AUX_EXTERNAL) 2013 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED; 2014 2015 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj); 2016 break; 2017 2018 default: 2019 error = SET_ERROR(EINVAL); 2020 } 2021 zc->zc_cookie = newstate; 2022 spa_close(spa, FTAG); 2023 return (error); 2024 } 2025 2026 static int 2027 zfs_ioc_vdev_attach(zfs_cmd_t *zc) 2028 { 2029 spa_t *spa; 2030 int replacing = zc->zc_cookie; 2031 nvlist_t *config; 2032 int error; 2033 2034 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 2035 return (error); 2036 2037 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 2038 zc->zc_iflags, &config)) == 0) { 2039 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing); 2040 nvlist_free(config); 2041 } 2042 2043 spa_close(spa, FTAG); 2044 return (error); 2045 } 2046 2047 static int 2048 zfs_ioc_vdev_detach(zfs_cmd_t *zc) 2049 { 2050 spa_t *spa; 2051 int error; 2052 2053 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 2054 return (error); 2055 2056 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE); 2057 2058 spa_close(spa, FTAG); 2059 return (error); 2060 } 2061 2062 static int 2063 zfs_ioc_vdev_split(zfs_cmd_t *zc) 2064 { 2065 spa_t *spa; 2066 nvlist_t *config, *props = NULL; 2067 int error; 2068 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT); 2069 2070 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 2071 return (error); 2072 2073 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 2074 zc->zc_iflags, &config)) { 2075 spa_close(spa, FTAG); 2076 return (error); 2077 } 2078 2079 if (zc->zc_nvlist_src_size != 0 && (error = 2080 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2081 zc->zc_iflags, &props))) { 2082 spa_close(spa, FTAG); 2083 nvlist_free(config); 2084 return (error); 2085 } 2086 2087 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp); 2088 2089 spa_close(spa, FTAG); 2090 2091 nvlist_free(config); 2092 nvlist_free(props); 2093 2094 return (error); 2095 } 2096 2097 static int 2098 zfs_ioc_vdev_setpath(zfs_cmd_t *zc) 2099 { 2100 spa_t *spa; 2101 char *path = zc->zc_value; 2102 uint64_t guid = zc->zc_guid; 2103 int error; 2104 2105 error = spa_open(zc->zc_name, &spa, FTAG); 2106 if (error != 0) 2107 return (error); 2108 2109 error = spa_vdev_setpath(spa, guid, path); 2110 spa_close(spa, FTAG); 2111 return (error); 2112 } 2113 2114 static int 2115 zfs_ioc_vdev_setfru(zfs_cmd_t *zc) 2116 { 2117 spa_t *spa; 2118 char *fru = zc->zc_value; 2119 uint64_t guid = zc->zc_guid; 2120 int error; 2121 2122 error = spa_open(zc->zc_name, &spa, FTAG); 2123 if (error != 0) 2124 return (error); 2125 2126 error = spa_vdev_setfru(spa, guid, fru); 2127 spa_close(spa, FTAG); 2128 return (error); 2129 } 2130 2131 static int 2132 zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os) 2133 { 2134 int error = 0; 2135 nvlist_t *nv; 2136 2137 dmu_objset_fast_stat(os, &zc->zc_objset_stats); 2138 2139 if (zc->zc_nvlist_dst != 0 && 2140 (error = dsl_prop_get_all(os, &nv)) == 0) { 2141 dmu_objset_stats(os, nv); 2142 /* 2143 * NB: zvol_get_stats() will read the objset contents, 2144 * which we aren't supposed to do with a 2145 * DS_MODE_USER hold, because it could be 2146 * inconsistent. So this is a bit of a workaround... 2147 * XXX reading with out owning 2148 */ 2149 if (!zc->zc_objset_stats.dds_inconsistent && 2150 dmu_objset_type(os) == DMU_OST_ZVOL) { 2151 error = zvol_get_stats(os, nv); 2152 if (error == EIO) 2153 return (error); 2154 VERIFY0(error); 2155 } 2156 error = put_nvlist(zc, nv); 2157 nvlist_free(nv); 2158 } 2159 2160 return (error); 2161 } 2162 2163 /* 2164 * inputs: 2165 * zc_name name of filesystem 2166 * zc_nvlist_dst_size size of buffer for property nvlist 2167 * 2168 * outputs: 2169 * zc_objset_stats stats 2170 * zc_nvlist_dst property nvlist 2171 * zc_nvlist_dst_size size of property nvlist 2172 */ 2173 static int 2174 zfs_ioc_objset_stats(zfs_cmd_t *zc) 2175 { 2176 objset_t *os; 2177 int error; 2178 2179 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 2180 if (error == 0) { 2181 error = zfs_ioc_objset_stats_impl(zc, os); 2182 dmu_objset_rele(os, FTAG); 2183 } 2184 2185 if (error == ENOMEM) 2186 error = 0; 2187 return (error); 2188 } 2189 2190 /* 2191 * inputs: 2192 * zc_name name of filesystem 2193 * zc_nvlist_dst_size size of buffer for property nvlist 2194 * 2195 * outputs: 2196 * zc_nvlist_dst received property nvlist 2197 * zc_nvlist_dst_size size of received property nvlist 2198 * 2199 * Gets received properties (distinct from local properties on or after 2200 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from 2201 * local property values. 2202 */ 2203 static int 2204 zfs_ioc_objset_recvd_props(zfs_cmd_t *zc) 2205 { 2206 int error = 0; 2207 nvlist_t *nv; 2208 2209 /* 2210 * Without this check, we would return local property values if the 2211 * caller has not already received properties on or after 2212 * SPA_VERSION_RECVD_PROPS. 2213 */ 2214 if (!dsl_prop_get_hasrecvd(zc->zc_name)) 2215 return (SET_ERROR(ENOTSUP)); 2216 2217 if (zc->zc_nvlist_dst != 0 && 2218 (error = dsl_prop_get_received(zc->zc_name, &nv)) == 0) { 2219 error = put_nvlist(zc, nv); 2220 nvlist_free(nv); 2221 } 2222 2223 return (error); 2224 } 2225 2226 static int 2227 nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop) 2228 { 2229 uint64_t value; 2230 int error; 2231 2232 /* 2233 * zfs_get_zplprop() will either find a value or give us 2234 * the default value (if there is one). 2235 */ 2236 if ((error = zfs_get_zplprop(os, prop, &value)) != 0) 2237 return (error); 2238 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0); 2239 return (0); 2240 } 2241 2242 /* 2243 * inputs: 2244 * zc_name name of filesystem 2245 * zc_nvlist_dst_size size of buffer for zpl property nvlist 2246 * 2247 * outputs: 2248 * zc_nvlist_dst zpl property nvlist 2249 * zc_nvlist_dst_size size of zpl property nvlist 2250 */ 2251 static int 2252 zfs_ioc_objset_zplprops(zfs_cmd_t *zc) 2253 { 2254 objset_t *os; 2255 int err; 2256 2257 /* XXX reading without owning */ 2258 if (err = dmu_objset_hold(zc->zc_name, FTAG, &os)) 2259 return (err); 2260 2261 dmu_objset_fast_stat(os, &zc->zc_objset_stats); 2262 2263 /* 2264 * NB: nvl_add_zplprop() will read the objset contents, 2265 * which we aren't supposed to do with a DS_MODE_USER 2266 * hold, because it could be inconsistent. 2267 */ 2268 if (zc->zc_nvlist_dst != 0 && 2269 !zc->zc_objset_stats.dds_inconsistent && 2270 dmu_objset_type(os) == DMU_OST_ZFS) { 2271 nvlist_t *nv; 2272 2273 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2274 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 && 2275 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 && 2276 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 && 2277 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0) 2278 err = put_nvlist(zc, nv); 2279 nvlist_free(nv); 2280 } else { 2281 err = SET_ERROR(ENOENT); 2282 } 2283 dmu_objset_rele(os, FTAG); 2284 return (err); 2285 } 2286 2287 boolean_t 2288 dataset_name_hidden(const char *name) 2289 { 2290 /* 2291 * Skip over datasets that are not visible in this zone, 2292 * internal datasets (which have a $ in their name), and 2293 * temporary datasets (which have a % in their name). 2294 */ 2295 if (strchr(name, '$') != NULL) 2296 return (B_TRUE); 2297 if (strchr(name, '%') != NULL) 2298 return (B_TRUE); 2299 if (!INGLOBALZONE(curthread) && !zone_dataset_visible(name, NULL)) 2300 return (B_TRUE); 2301 return (B_FALSE); 2302 } 2303 2304 /* 2305 * inputs: 2306 * zc_name name of filesystem 2307 * zc_cookie zap cursor 2308 * zc_nvlist_dst_size size of buffer for property nvlist 2309 * 2310 * outputs: 2311 * zc_name name of next filesystem 2312 * zc_cookie zap cursor 2313 * zc_objset_stats stats 2314 * zc_nvlist_dst property nvlist 2315 * zc_nvlist_dst_size size of property nvlist 2316 */ 2317 static int 2318 zfs_ioc_dataset_list_next(zfs_cmd_t *zc) 2319 { 2320 objset_t *os; 2321 int error; 2322 char *p; 2323 size_t orig_len = strlen(zc->zc_name); 2324 2325 top: 2326 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os)) { 2327 if (error == ENOENT) 2328 error = SET_ERROR(ESRCH); 2329 return (error); 2330 } 2331 2332 p = strrchr(zc->zc_name, '/'); 2333 if (p == NULL || p[1] != '\0') 2334 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name)); 2335 p = zc->zc_name + strlen(zc->zc_name); 2336 2337 do { 2338 error = dmu_dir_list_next(os, 2339 sizeof (zc->zc_name) - (p - zc->zc_name), p, 2340 NULL, &zc->zc_cookie); 2341 if (error == ENOENT) 2342 error = SET_ERROR(ESRCH); 2343 } while (error == 0 && dataset_name_hidden(zc->zc_name)); 2344 dmu_objset_rele(os, FTAG); 2345 2346 /* 2347 * If it's an internal dataset (ie. with a '$' in its name), 2348 * don't try to get stats for it, otherwise we'll return ENOENT. 2349 */ 2350 if (error == 0 && strchr(zc->zc_name, '$') == NULL) { 2351 error = zfs_ioc_objset_stats(zc); /* fill in the stats */ 2352 if (error == ENOENT) { 2353 /* We lost a race with destroy, get the next one. */ 2354 zc->zc_name[orig_len] = '\0'; 2355 goto top; 2356 } 2357 } 2358 return (error); 2359 } 2360 2361 /* 2362 * inputs: 2363 * zc_name name of filesystem 2364 * zc_cookie zap cursor 2365 * zc_nvlist_dst_size size of buffer for property nvlist 2366 * zc_simple when set, only name is requested 2367 * 2368 * outputs: 2369 * zc_name name of next snapshot 2370 * zc_objset_stats stats 2371 * zc_nvlist_dst property nvlist 2372 * zc_nvlist_dst_size size of property nvlist 2373 */ 2374 static int 2375 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc) 2376 { 2377 objset_t *os; 2378 int error; 2379 2380 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 2381 if (error != 0) { 2382 return (error == ENOENT ? ESRCH : error); 2383 } 2384 2385 /* 2386 * A dataset name of maximum length cannot have any snapshots, 2387 * so exit immediately. 2388 */ 2389 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >= 2390 ZFS_MAX_DATASET_NAME_LEN) { 2391 dmu_objset_rele(os, FTAG); 2392 return (SET_ERROR(ESRCH)); 2393 } 2394 2395 error = dmu_snapshot_list_next(os, 2396 sizeof (zc->zc_name) - strlen(zc->zc_name), 2397 zc->zc_name + strlen(zc->zc_name), &zc->zc_obj, &zc->zc_cookie, 2398 NULL); 2399 2400 if (error == 0 && !zc->zc_simple) { 2401 dsl_dataset_t *ds; 2402 dsl_pool_t *dp = os->os_dsl_dataset->ds_dir->dd_pool; 2403 2404 error = dsl_dataset_hold_obj(dp, zc->zc_obj, FTAG, &ds); 2405 if (error == 0) { 2406 objset_t *ossnap; 2407 2408 error = dmu_objset_from_ds(ds, &ossnap); 2409 if (error == 0) 2410 error = zfs_ioc_objset_stats_impl(zc, ossnap); 2411 dsl_dataset_rele(ds, FTAG); 2412 } 2413 } else if (error == ENOENT) { 2414 error = SET_ERROR(ESRCH); 2415 } 2416 2417 dmu_objset_rele(os, FTAG); 2418 /* if we failed, undo the @ that we tacked on to zc_name */ 2419 if (error != 0) 2420 *strchr(zc->zc_name, '@') = '\0'; 2421 return (error); 2422 } 2423 2424 static int 2425 zfs_prop_set_userquota(const char *dsname, nvpair_t *pair) 2426 { 2427 const char *propname = nvpair_name(pair); 2428 uint64_t *valary; 2429 unsigned int vallen; 2430 const char *domain; 2431 char *dash; 2432 zfs_userquota_prop_t type; 2433 uint64_t rid; 2434 uint64_t quota; 2435 zfsvfs_t *zfsvfs; 2436 int err; 2437 2438 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2439 nvlist_t *attrs; 2440 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 2441 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2442 &pair) != 0) 2443 return (SET_ERROR(EINVAL)); 2444 } 2445 2446 /* 2447 * A correctly constructed propname is encoded as 2448 * userquota@<rid>-<domain>. 2449 */ 2450 if ((dash = strchr(propname, '-')) == NULL || 2451 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 || 2452 vallen != 3) 2453 return (SET_ERROR(EINVAL)); 2454 2455 domain = dash + 1; 2456 type = valary[0]; 2457 rid = valary[1]; 2458 quota = valary[2]; 2459 2460 err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE); 2461 if (err == 0) { 2462 err = zfs_set_userquota(zfsvfs, type, domain, rid, quota); 2463 zfsvfs_rele(zfsvfs, FTAG); 2464 } 2465 2466 return (err); 2467 } 2468 2469 /* 2470 * If the named property is one that has a special function to set its value, 2471 * return 0 on success and a positive error code on failure; otherwise if it is 2472 * not one of the special properties handled by this function, return -1. 2473 * 2474 * XXX: It would be better for callers of the property interface if we handled 2475 * these special cases in dsl_prop.c (in the dsl layer). 2476 */ 2477 static int 2478 zfs_prop_set_special(const char *dsname, zprop_source_t source, 2479 nvpair_t *pair) 2480 { 2481 const char *propname = nvpair_name(pair); 2482 zfs_prop_t prop = zfs_name_to_prop(propname); 2483 uint64_t intval; 2484 int err = -1; 2485 2486 if (prop == ZPROP_INVAL) { 2487 if (zfs_prop_userquota(propname)) 2488 return (zfs_prop_set_userquota(dsname, pair)); 2489 return (-1); 2490 } 2491 2492 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2493 nvlist_t *attrs; 2494 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 2495 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2496 &pair) == 0); 2497 } 2498 2499 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING) 2500 return (-1); 2501 2502 VERIFY(0 == nvpair_value_uint64(pair, &intval)); 2503 2504 switch (prop) { 2505 case ZFS_PROP_QUOTA: 2506 err = dsl_dir_set_quota(dsname, source, intval); 2507 break; 2508 case ZFS_PROP_REFQUOTA: 2509 err = dsl_dataset_set_refquota(dsname, source, intval); 2510 break; 2511 case ZFS_PROP_FILESYSTEM_LIMIT: 2512 case ZFS_PROP_SNAPSHOT_LIMIT: 2513 if (intval == UINT64_MAX) { 2514 /* clearing the limit, just do it */ 2515 err = 0; 2516 } else { 2517 err = dsl_dir_activate_fs_ss_limit(dsname); 2518 } 2519 /* 2520 * Set err to -1 to force the zfs_set_prop_nvlist code down the 2521 * default path to set the value in the nvlist. 2522 */ 2523 if (err == 0) 2524 err = -1; 2525 break; 2526 case ZFS_PROP_RESERVATION: 2527 err = dsl_dir_set_reservation(dsname, source, intval); 2528 break; 2529 case ZFS_PROP_REFRESERVATION: 2530 err = dsl_dataset_set_refreservation(dsname, source, intval); 2531 break; 2532 case ZFS_PROP_VOLSIZE: 2533 err = zvol_set_volsize(dsname, intval); 2534 break; 2535 case ZFS_PROP_VERSION: 2536 { 2537 zfsvfs_t *zfsvfs; 2538 2539 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0) 2540 break; 2541 2542 err = zfs_set_version(zfsvfs, intval); 2543 zfsvfs_rele(zfsvfs, FTAG); 2544 2545 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) { 2546 zfs_cmd_t *zc; 2547 2548 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP); 2549 (void) strcpy(zc->zc_name, dsname); 2550 (void) zfs_ioc_userspace_upgrade(zc); 2551 kmem_free(zc, sizeof (zfs_cmd_t)); 2552 } 2553 break; 2554 } 2555 default: 2556 err = -1; 2557 } 2558 2559 return (err); 2560 } 2561 2562 /* 2563 * This function is best effort. If it fails to set any of the given properties, 2564 * it continues to set as many as it can and returns the last error 2565 * encountered. If the caller provides a non-NULL errlist, it will be filled in 2566 * with the list of names of all the properties that failed along with the 2567 * corresponding error numbers. 2568 * 2569 * If every property is set successfully, zero is returned and errlist is not 2570 * modified. 2571 */ 2572 int 2573 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl, 2574 nvlist_t *errlist) 2575 { 2576 nvpair_t *pair; 2577 nvpair_t *propval; 2578 int rv = 0; 2579 uint64_t intval; 2580 char *strval; 2581 nvlist_t *genericnvl = fnvlist_alloc(); 2582 nvlist_t *retrynvl = fnvlist_alloc(); 2583 2584 retry: 2585 pair = NULL; 2586 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) { 2587 const char *propname = nvpair_name(pair); 2588 zfs_prop_t prop = zfs_name_to_prop(propname); 2589 int err = 0; 2590 2591 /* decode the property value */ 2592 propval = pair; 2593 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2594 nvlist_t *attrs; 2595 attrs = fnvpair_value_nvlist(pair); 2596 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2597 &propval) != 0) 2598 err = SET_ERROR(EINVAL); 2599 } 2600 2601 /* Validate value type */ 2602 if (err == 0 && prop == ZPROP_INVAL) { 2603 if (zfs_prop_user(propname)) { 2604 if (nvpair_type(propval) != DATA_TYPE_STRING) 2605 err = SET_ERROR(EINVAL); 2606 } else if (zfs_prop_userquota(propname)) { 2607 if (nvpair_type(propval) != 2608 DATA_TYPE_UINT64_ARRAY) 2609 err = SET_ERROR(EINVAL); 2610 } else { 2611 err = SET_ERROR(EINVAL); 2612 } 2613 } else if (err == 0) { 2614 if (nvpair_type(propval) == DATA_TYPE_STRING) { 2615 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING) 2616 err = SET_ERROR(EINVAL); 2617 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) { 2618 const char *unused; 2619 2620 intval = fnvpair_value_uint64(propval); 2621 2622 switch (zfs_prop_get_type(prop)) { 2623 case PROP_TYPE_NUMBER: 2624 break; 2625 case PROP_TYPE_STRING: 2626 err = SET_ERROR(EINVAL); 2627 break; 2628 case PROP_TYPE_INDEX: 2629 if (zfs_prop_index_to_string(prop, 2630 intval, &unused) != 0) 2631 err = SET_ERROR(EINVAL); 2632 break; 2633 default: 2634 cmn_err(CE_PANIC, 2635 "unknown property type"); 2636 } 2637 } else { 2638 err = SET_ERROR(EINVAL); 2639 } 2640 } 2641 2642 /* Validate permissions */ 2643 if (err == 0) 2644 err = zfs_check_settable(dsname, pair, CRED()); 2645 2646 if (err == 0) { 2647 err = zfs_prop_set_special(dsname, source, pair); 2648 if (err == -1) { 2649 /* 2650 * For better performance we build up a list of 2651 * properties to set in a single transaction. 2652 */ 2653 err = nvlist_add_nvpair(genericnvl, pair); 2654 } else if (err != 0 && nvl != retrynvl) { 2655 /* 2656 * This may be a spurious error caused by 2657 * receiving quota and reservation out of order. 2658 * Try again in a second pass. 2659 */ 2660 err = nvlist_add_nvpair(retrynvl, pair); 2661 } 2662 } 2663 2664 if (err != 0) { 2665 if (errlist != NULL) 2666 fnvlist_add_int32(errlist, propname, err); 2667 rv = err; 2668 } 2669 } 2670 2671 if (nvl != retrynvl && !nvlist_empty(retrynvl)) { 2672 nvl = retrynvl; 2673 goto retry; 2674 } 2675 2676 if (!nvlist_empty(genericnvl) && 2677 dsl_props_set(dsname, source, genericnvl) != 0) { 2678 /* 2679 * If this fails, we still want to set as many properties as we 2680 * can, so try setting them individually. 2681 */ 2682 pair = NULL; 2683 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) { 2684 const char *propname = nvpair_name(pair); 2685 int err = 0; 2686 2687 propval = pair; 2688 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2689 nvlist_t *attrs; 2690 attrs = fnvpair_value_nvlist(pair); 2691 propval = fnvlist_lookup_nvpair(attrs, 2692 ZPROP_VALUE); 2693 } 2694 2695 if (nvpair_type(propval) == DATA_TYPE_STRING) { 2696 strval = fnvpair_value_string(propval); 2697 err = dsl_prop_set_string(dsname, propname, 2698 source, strval); 2699 } else { 2700 intval = fnvpair_value_uint64(propval); 2701 err = dsl_prop_set_int(dsname, propname, source, 2702 intval); 2703 } 2704 2705 if (err != 0) { 2706 if (errlist != NULL) { 2707 fnvlist_add_int32(errlist, propname, 2708 err); 2709 } 2710 rv = err; 2711 } 2712 } 2713 } 2714 nvlist_free(genericnvl); 2715 nvlist_free(retrynvl); 2716 2717 return (rv); 2718 } 2719 2720 /* 2721 * Check that all the properties are valid user properties. 2722 */ 2723 static int 2724 zfs_check_userprops(const char *fsname, nvlist_t *nvl) 2725 { 2726 nvpair_t *pair = NULL; 2727 int error = 0; 2728 2729 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) { 2730 const char *propname = nvpair_name(pair); 2731 2732 if (!zfs_prop_user(propname) || 2733 nvpair_type(pair) != DATA_TYPE_STRING) 2734 return (SET_ERROR(EINVAL)); 2735 2736 if (error = zfs_secpolicy_write_perms(fsname, 2737 ZFS_DELEG_PERM_USERPROP, CRED())) 2738 return (error); 2739 2740 if (strlen(propname) >= ZAP_MAXNAMELEN) 2741 return (SET_ERROR(ENAMETOOLONG)); 2742 2743 if (strlen(fnvpair_value_string(pair)) >= ZAP_MAXVALUELEN) 2744 return (E2BIG); 2745 } 2746 return (0); 2747 } 2748 2749 static void 2750 props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops) 2751 { 2752 nvpair_t *pair; 2753 2754 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2755 2756 pair = NULL; 2757 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) { 2758 if (nvlist_exists(skipped, nvpair_name(pair))) 2759 continue; 2760 2761 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0); 2762 } 2763 } 2764 2765 static int 2766 clear_received_props(const char *dsname, nvlist_t *props, 2767 nvlist_t *skipped) 2768 { 2769 int err = 0; 2770 nvlist_t *cleared_props = NULL; 2771 props_skip(props, skipped, &cleared_props); 2772 if (!nvlist_empty(cleared_props)) { 2773 /* 2774 * Acts on local properties until the dataset has received 2775 * properties at least once on or after SPA_VERSION_RECVD_PROPS. 2776 */ 2777 zprop_source_t flags = (ZPROP_SRC_NONE | 2778 (dsl_prop_get_hasrecvd(dsname) ? ZPROP_SRC_RECEIVED : 0)); 2779 err = zfs_set_prop_nvlist(dsname, flags, cleared_props, NULL); 2780 } 2781 nvlist_free(cleared_props); 2782 return (err); 2783 } 2784 2785 /* 2786 * inputs: 2787 * zc_name name of filesystem 2788 * zc_value name of property to set 2789 * zc_nvlist_src{_size} nvlist of properties to apply 2790 * zc_cookie received properties flag 2791 * 2792 * outputs: 2793 * zc_nvlist_dst{_size} error for each unapplied received property 2794 */ 2795 static int 2796 zfs_ioc_set_prop(zfs_cmd_t *zc) 2797 { 2798 nvlist_t *nvl; 2799 boolean_t received = zc->zc_cookie; 2800 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED : 2801 ZPROP_SRC_LOCAL); 2802 nvlist_t *errors; 2803 int error; 2804 2805 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2806 zc->zc_iflags, &nvl)) != 0) 2807 return (error); 2808 2809 if (received) { 2810 nvlist_t *origprops; 2811 2812 if (dsl_prop_get_received(zc->zc_name, &origprops) == 0) { 2813 (void) clear_received_props(zc->zc_name, 2814 origprops, nvl); 2815 nvlist_free(origprops); 2816 } 2817 2818 error = dsl_prop_set_hasrecvd(zc->zc_name); 2819 } 2820 2821 errors = fnvlist_alloc(); 2822 if (error == 0) 2823 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, errors); 2824 2825 if (zc->zc_nvlist_dst != 0 && errors != NULL) { 2826 (void) put_nvlist(zc, errors); 2827 } 2828 2829 nvlist_free(errors); 2830 nvlist_free(nvl); 2831 return (error); 2832 } 2833 2834 /* 2835 * inputs: 2836 * zc_name name of filesystem 2837 * zc_value name of property to inherit 2838 * zc_cookie revert to received value if TRUE 2839 * 2840 * outputs: none 2841 */ 2842 static int 2843 zfs_ioc_inherit_prop(zfs_cmd_t *zc) 2844 { 2845 const char *propname = zc->zc_value; 2846 zfs_prop_t prop = zfs_name_to_prop(propname); 2847 boolean_t received = zc->zc_cookie; 2848 zprop_source_t source = (received 2849 ? ZPROP_SRC_NONE /* revert to received value, if any */ 2850 : ZPROP_SRC_INHERITED); /* explicitly inherit */ 2851 2852 if (received) { 2853 nvlist_t *dummy; 2854 nvpair_t *pair; 2855 zprop_type_t type; 2856 int err; 2857 2858 /* 2859 * zfs_prop_set_special() expects properties in the form of an 2860 * nvpair with type info. 2861 */ 2862 if (prop == ZPROP_INVAL) { 2863 if (!zfs_prop_user(propname)) 2864 return (SET_ERROR(EINVAL)); 2865 2866 type = PROP_TYPE_STRING; 2867 } else if (prop == ZFS_PROP_VOLSIZE || 2868 prop == ZFS_PROP_VERSION) { 2869 return (SET_ERROR(EINVAL)); 2870 } else { 2871 type = zfs_prop_get_type(prop); 2872 } 2873 2874 VERIFY(nvlist_alloc(&dummy, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2875 2876 switch (type) { 2877 case PROP_TYPE_STRING: 2878 VERIFY(0 == nvlist_add_string(dummy, propname, "")); 2879 break; 2880 case PROP_TYPE_NUMBER: 2881 case PROP_TYPE_INDEX: 2882 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0)); 2883 break; 2884 default: 2885 nvlist_free(dummy); 2886 return (SET_ERROR(EINVAL)); 2887 } 2888 2889 pair = nvlist_next_nvpair(dummy, NULL); 2890 err = zfs_prop_set_special(zc->zc_name, source, pair); 2891 nvlist_free(dummy); 2892 if (err != -1) 2893 return (err); /* special property already handled */ 2894 } else { 2895 /* 2896 * Only check this in the non-received case. We want to allow 2897 * 'inherit -S' to revert non-inheritable properties like quota 2898 * and reservation to the received or default values even though 2899 * they are not considered inheritable. 2900 */ 2901 if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop)) 2902 return (SET_ERROR(EINVAL)); 2903 } 2904 2905 /* property name has been validated by zfs_secpolicy_inherit_prop() */ 2906 return (dsl_prop_inherit(zc->zc_name, zc->zc_value, source)); 2907 } 2908 2909 static int 2910 zfs_ioc_pool_set_props(zfs_cmd_t *zc) 2911 { 2912 nvlist_t *props; 2913 spa_t *spa; 2914 int error; 2915 nvpair_t *pair; 2916 2917 if (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2918 zc->zc_iflags, &props)) 2919 return (error); 2920 2921 /* 2922 * If the only property is the configfile, then just do a spa_lookup() 2923 * to handle the faulted case. 2924 */ 2925 pair = nvlist_next_nvpair(props, NULL); 2926 if (pair != NULL && strcmp(nvpair_name(pair), 2927 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 && 2928 nvlist_next_nvpair(props, pair) == NULL) { 2929 mutex_enter(&spa_namespace_lock); 2930 if ((spa = spa_lookup(zc->zc_name)) != NULL) { 2931 spa_configfile_set(spa, props, B_FALSE); 2932 spa_config_sync(spa, B_FALSE, B_TRUE); 2933 } 2934 mutex_exit(&spa_namespace_lock); 2935 if (spa != NULL) { 2936 nvlist_free(props); 2937 return (0); 2938 } 2939 } 2940 2941 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) { 2942 nvlist_free(props); 2943 return (error); 2944 } 2945 2946 error = spa_prop_set(spa, props); 2947 2948 nvlist_free(props); 2949 spa_close(spa, FTAG); 2950 2951 return (error); 2952 } 2953 2954 static int 2955 zfs_ioc_pool_get_props(zfs_cmd_t *zc) 2956 { 2957 spa_t *spa; 2958 int error; 2959 nvlist_t *nvp = NULL; 2960 2961 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) { 2962 /* 2963 * If the pool is faulted, there may be properties we can still 2964 * get (such as altroot and cachefile), so attempt to get them 2965 * anyway. 2966 */ 2967 mutex_enter(&spa_namespace_lock); 2968 if ((spa = spa_lookup(zc->zc_name)) != NULL) 2969 error = spa_prop_get(spa, &nvp); 2970 mutex_exit(&spa_namespace_lock); 2971 } else { 2972 error = spa_prop_get(spa, &nvp); 2973 spa_close(spa, FTAG); 2974 } 2975 2976 if (error == 0 && zc->zc_nvlist_dst != 0) 2977 error = put_nvlist(zc, nvp); 2978 else 2979 error = SET_ERROR(EFAULT); 2980 2981 nvlist_free(nvp); 2982 return (error); 2983 } 2984 2985 /* 2986 * inputs: 2987 * zc_name name of filesystem 2988 * zc_nvlist_src{_size} nvlist of delegated permissions 2989 * zc_perm_action allow/unallow flag 2990 * 2991 * outputs: none 2992 */ 2993 static int 2994 zfs_ioc_set_fsacl(zfs_cmd_t *zc) 2995 { 2996 int error; 2997 nvlist_t *fsaclnv = NULL; 2998 2999 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 3000 zc->zc_iflags, &fsaclnv)) != 0) 3001 return (error); 3002 3003 /* 3004 * Verify nvlist is constructed correctly 3005 */ 3006 if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) { 3007 nvlist_free(fsaclnv); 3008 return (SET_ERROR(EINVAL)); 3009 } 3010 3011 /* 3012 * If we don't have PRIV_SYS_MOUNT, then validate 3013 * that user is allowed to hand out each permission in 3014 * the nvlist(s) 3015 */ 3016 3017 error = secpolicy_zfs(CRED()); 3018 if (error != 0) { 3019 if (zc->zc_perm_action == B_FALSE) { 3020 error = dsl_deleg_can_allow(zc->zc_name, 3021 fsaclnv, CRED()); 3022 } else { 3023 error = dsl_deleg_can_unallow(zc->zc_name, 3024 fsaclnv, CRED()); 3025 } 3026 } 3027 3028 if (error == 0) 3029 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action); 3030 3031 nvlist_free(fsaclnv); 3032 return (error); 3033 } 3034 3035 /* 3036 * inputs: 3037 * zc_name name of filesystem 3038 * 3039 * outputs: 3040 * zc_nvlist_src{_size} nvlist of delegated permissions 3041 */ 3042 static int 3043 zfs_ioc_get_fsacl(zfs_cmd_t *zc) 3044 { 3045 nvlist_t *nvp; 3046 int error; 3047 3048 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) { 3049 error = put_nvlist(zc, nvp); 3050 nvlist_free(nvp); 3051 } 3052 3053 return (error); 3054 } 3055 3056 /* 3057 * Search the vfs list for a specified resource. Returns a pointer to it 3058 * or NULL if no suitable entry is found. The caller of this routine 3059 * is responsible for releasing the returned vfs pointer. 3060 */ 3061 static vfs_t * 3062 zfs_get_vfs(const char *resource) 3063 { 3064 vfs_t *vfsp; 3065 3066 #ifdef __FreeBSD__ 3067 mtx_lock(&mountlist_mtx); 3068 TAILQ_FOREACH(vfsp, &mountlist, mnt_list) { 3069 if (strcmp(refstr_value(vfsp->vfs_resource), resource) == 0) { 3070 if (vfs_busy(vfsp, MBF_MNTLSTLOCK) != 0) 3071 vfsp = NULL; 3072 break; 3073 } 3074 } 3075 if (vfsp == NULL) 3076 mtx_unlock(&mountlist_mtx); 3077 #endif 3078 #ifdef __NetBSD__ 3079 mount_iterator_t *iter; 3080 3081 mountlist_iterator_init(&iter); 3082 while ((vfsp = mountlist_iterator_next(iter)) != NULL) { 3083 if (strcmp(refstr_value(vfsp->vfs_resource), resource) == 0) { 3084 if (vfs_busy(vfsp, 0) != 0) 3085 vfsp = NULL; 3086 break; 3087 } 3088 } 3089 mountlist_iterator_destroy(iter); 3090 #endif 3091 3092 return (vfsp); 3093 } 3094 3095 /* ARGSUSED */ 3096 static void 3097 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx) 3098 { 3099 zfs_creat_t *zct = arg; 3100 3101 zfs_create_fs(os, cr, zct->zct_zplprops, tx); 3102 } 3103 3104 #define ZFS_PROP_UNDEFINED ((uint64_t)-1) 3105 3106 /* 3107 * inputs: 3108 * os parent objset pointer (NULL if root fs) 3109 * fuids_ok fuids allowed in this version of the spa? 3110 * sa_ok SAs allowed in this version of the spa? 3111 * createprops list of properties requested by creator 3112 * 3113 * outputs: 3114 * zplprops values for the zplprops we attach to the master node object 3115 * is_ci true if requested file system will be purely case-insensitive 3116 * 3117 * Determine the settings for utf8only, normalization and 3118 * casesensitivity. Specific values may have been requested by the 3119 * creator and/or we can inherit values from the parent dataset. If 3120 * the file system is of too early a vintage, a creator can not 3121 * request settings for these properties, even if the requested 3122 * setting is the default value. We don't actually want to create dsl 3123 * properties for these, so remove them from the source nvlist after 3124 * processing. 3125 */ 3126 static int 3127 zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver, 3128 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops, 3129 nvlist_t *zplprops, boolean_t *is_ci) 3130 { 3131 uint64_t sense = ZFS_PROP_UNDEFINED; 3132 uint64_t norm = ZFS_PROP_UNDEFINED; 3133 uint64_t u8 = ZFS_PROP_UNDEFINED; 3134 3135 ASSERT(zplprops != NULL); 3136 3137 /* 3138 * Pull out creator prop choices, if any. 3139 */ 3140 if (createprops) { 3141 (void) nvlist_lookup_uint64(createprops, 3142 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver); 3143 (void) nvlist_lookup_uint64(createprops, 3144 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm); 3145 (void) nvlist_remove_all(createprops, 3146 zfs_prop_to_name(ZFS_PROP_NORMALIZE)); 3147 (void) nvlist_lookup_uint64(createprops, 3148 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8); 3149 (void) nvlist_remove_all(createprops, 3150 zfs_prop_to_name(ZFS_PROP_UTF8ONLY)); 3151 (void) nvlist_lookup_uint64(createprops, 3152 zfs_prop_to_name(ZFS_PROP_CASE), &sense); 3153 (void) nvlist_remove_all(createprops, 3154 zfs_prop_to_name(ZFS_PROP_CASE)); 3155 } 3156 3157 /* 3158 * If the zpl version requested is whacky or the file system 3159 * or pool is version is too "young" to support normalization 3160 * and the creator tried to set a value for one of the props, 3161 * error out. 3162 */ 3163 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) || 3164 (zplver >= ZPL_VERSION_FUID && !fuids_ok) || 3165 (zplver >= ZPL_VERSION_SA && !sa_ok) || 3166 (zplver < ZPL_VERSION_NORMALIZATION && 3167 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED || 3168 sense != ZFS_PROP_UNDEFINED))) 3169 return (SET_ERROR(ENOTSUP)); 3170 3171 /* 3172 * Put the version in the zplprops 3173 */ 3174 VERIFY(nvlist_add_uint64(zplprops, 3175 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0); 3176 3177 if (norm == ZFS_PROP_UNDEFINED) 3178 VERIFY(zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm) == 0); 3179 VERIFY(nvlist_add_uint64(zplprops, 3180 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0); 3181 3182 /* 3183 * If we're normalizing, names must always be valid UTF-8 strings. 3184 */ 3185 if (norm) 3186 u8 = 1; 3187 if (u8 == ZFS_PROP_UNDEFINED) 3188 VERIFY(zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8) == 0); 3189 VERIFY(nvlist_add_uint64(zplprops, 3190 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0); 3191 3192 if (sense == ZFS_PROP_UNDEFINED) 3193 VERIFY(zfs_get_zplprop(os, ZFS_PROP_CASE, &sense) == 0); 3194 VERIFY(nvlist_add_uint64(zplprops, 3195 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0); 3196 3197 if (is_ci) 3198 *is_ci = (sense == ZFS_CASE_INSENSITIVE); 3199 3200 return (0); 3201 } 3202 3203 static int 3204 zfs_fill_zplprops(const char *dataset, nvlist_t *createprops, 3205 nvlist_t *zplprops, boolean_t *is_ci) 3206 { 3207 boolean_t fuids_ok, sa_ok; 3208 uint64_t zplver = ZPL_VERSION; 3209 objset_t *os = NULL; 3210 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 3211 char *cp; 3212 spa_t *spa; 3213 uint64_t spa_vers; 3214 int error; 3215 3216 (void) strlcpy(parentname, dataset, sizeof (parentname)); 3217 cp = strrchr(parentname, '/'); 3218 ASSERT(cp != NULL); 3219 cp[0] = '\0'; 3220 3221 if ((error = spa_open(dataset, &spa, FTAG)) != 0) 3222 return (error); 3223 3224 spa_vers = spa_version(spa); 3225 spa_close(spa, FTAG); 3226 3227 zplver = zfs_zpl_version_map(spa_vers); 3228 fuids_ok = (zplver >= ZPL_VERSION_FUID); 3229 sa_ok = (zplver >= ZPL_VERSION_SA); 3230 3231 /* 3232 * Open parent object set so we can inherit zplprop values. 3233 */ 3234 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0) 3235 return (error); 3236 3237 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops, 3238 zplprops, is_ci); 3239 dmu_objset_rele(os, FTAG); 3240 return (error); 3241 } 3242 3243 static int 3244 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops, 3245 nvlist_t *zplprops, boolean_t *is_ci) 3246 { 3247 boolean_t fuids_ok; 3248 boolean_t sa_ok; 3249 uint64_t zplver = ZPL_VERSION; 3250 int error; 3251 3252 zplver = zfs_zpl_version_map(spa_vers); 3253 fuids_ok = (zplver >= ZPL_VERSION_FUID); 3254 sa_ok = (zplver >= ZPL_VERSION_SA); 3255 3256 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok, 3257 createprops, zplprops, is_ci); 3258 return (error); 3259 } 3260 3261 /* 3262 * innvl: { 3263 * "type" -> dmu_objset_type_t (int32) 3264 * (optional) "props" -> { prop -> value } 3265 * } 3266 * 3267 * outnvl: propname -> error code (int32) 3268 */ 3269 static int 3270 zfs_ioc_create(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3271 { 3272 int error = 0; 3273 zfs_creat_t zct = { 0 }; 3274 nvlist_t *nvprops = NULL; 3275 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx); 3276 int32_t type32; 3277 dmu_objset_type_t type; 3278 boolean_t is_insensitive = B_FALSE; 3279 3280 if (nvlist_lookup_int32(innvl, "type", &type32) != 0) 3281 return (SET_ERROR(EINVAL)); 3282 type = type32; 3283 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops); 3284 3285 switch (type) { 3286 case DMU_OST_ZFS: 3287 cbfunc = zfs_create_cb; 3288 break; 3289 3290 case DMU_OST_ZVOL: 3291 cbfunc = zvol_create_cb; 3292 break; 3293 3294 default: 3295 cbfunc = NULL; 3296 break; 3297 } 3298 if (strchr(fsname, '@') || 3299 strchr(fsname, '%')) 3300 return (SET_ERROR(EINVAL)); 3301 3302 zct.zct_props = nvprops; 3303 3304 if (cbfunc == NULL) 3305 return (SET_ERROR(EINVAL)); 3306 3307 if (type == DMU_OST_ZVOL) { 3308 uint64_t volsize, volblocksize; 3309 3310 if (nvprops == NULL) 3311 return (SET_ERROR(EINVAL)); 3312 if (nvlist_lookup_uint64(nvprops, 3313 zfs_prop_to_name(ZFS_PROP_VOLSIZE), &volsize) != 0) 3314 return (SET_ERROR(EINVAL)); 3315 3316 if ((error = nvlist_lookup_uint64(nvprops, 3317 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE), 3318 &volblocksize)) != 0 && error != ENOENT) 3319 return (SET_ERROR(EINVAL)); 3320 3321 if (error != 0) 3322 volblocksize = zfs_prop_default_numeric( 3323 ZFS_PROP_VOLBLOCKSIZE); 3324 3325 if ((error = zvol_check_volblocksize( 3326 volblocksize)) != 0 || 3327 (error = zvol_check_volsize(volsize, 3328 volblocksize)) != 0) 3329 return (error); 3330 } else if (type == DMU_OST_ZFS) { 3331 int error; 3332 3333 /* 3334 * We have to have normalization and 3335 * case-folding flags correct when we do the 3336 * file system creation, so go figure them out 3337 * now. 3338 */ 3339 VERIFY(nvlist_alloc(&zct.zct_zplprops, 3340 NV_UNIQUE_NAME, KM_SLEEP) == 0); 3341 error = zfs_fill_zplprops(fsname, nvprops, 3342 zct.zct_zplprops, &is_insensitive); 3343 if (error != 0) { 3344 nvlist_free(zct.zct_zplprops); 3345 return (error); 3346 } 3347 } 3348 3349 error = dmu_objset_create(fsname, type, 3350 is_insensitive ? DS_FLAG_CI_DATASET : 0, cbfunc, &zct); 3351 nvlist_free(zct.zct_zplprops); 3352 3353 /* 3354 * It would be nice to do this atomically. 3355 */ 3356 if (error == 0) { 3357 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL, 3358 nvprops, outnvl); 3359 if (error != 0) 3360 (void) dsl_destroy_head(fsname); 3361 } 3362 if (error == 0 && type == DMU_OST_ZVOL) 3363 zvol_create_minors(fsname); 3364 return (error); 3365 } 3366 3367 /* 3368 * innvl: { 3369 * "origin" -> name of origin snapshot 3370 * (optional) "props" -> { prop -> value } 3371 * } 3372 * 3373 * outnvl: propname -> error code (int32) 3374 */ 3375 static int 3376 zfs_ioc_clone(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3377 { 3378 int error = 0; 3379 nvlist_t *nvprops = NULL; 3380 char *origin_name; 3381 3382 if (nvlist_lookup_string(innvl, "origin", &origin_name) != 0) 3383 return (SET_ERROR(EINVAL)); 3384 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops); 3385 3386 if (strchr(fsname, '@') || 3387 strchr(fsname, '%')) 3388 return (SET_ERROR(EINVAL)); 3389 3390 if (dataset_namecheck(origin_name, NULL, NULL) != 0) 3391 return (SET_ERROR(EINVAL)); 3392 error = dmu_objset_clone(fsname, origin_name); 3393 if (error != 0) 3394 return (error); 3395 3396 /* 3397 * It would be nice to do this atomically. 3398 */ 3399 if (error == 0) { 3400 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL, 3401 nvprops, outnvl); 3402 if (error != 0) 3403 (void) dsl_destroy_head(fsname); 3404 } 3405 if (error == 0) 3406 zvol_create_minors(fsname); 3407 return (error); 3408 } 3409 3410 /* 3411 * innvl: { 3412 * "snaps" -> { snapshot1, snapshot2 } 3413 * (optional) "props" -> { prop -> value (string) } 3414 * } 3415 * 3416 * outnvl: snapshot -> error code (int32) 3417 */ 3418 static int 3419 zfs_ioc_snapshot(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3420 { 3421 nvlist_t *snaps; 3422 nvlist_t *props = NULL; 3423 int error, poollen; 3424 nvpair_t *pair; 3425 3426 (void) nvlist_lookup_nvlist(innvl, "props", &props); 3427 if ((error = zfs_check_userprops(poolname, props)) != 0) 3428 return (error); 3429 3430 if (!nvlist_empty(props) && 3431 zfs_earlier_version(poolname, SPA_VERSION_SNAP_PROPS)) 3432 return (SET_ERROR(ENOTSUP)); 3433 3434 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0) 3435 return (SET_ERROR(EINVAL)); 3436 poollen = strlen(poolname); 3437 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 3438 pair = nvlist_next_nvpair(snaps, pair)) { 3439 const char *name = nvpair_name(pair); 3440 const char *cp = strchr(name, '@'); 3441 3442 /* 3443 * The snap name must contain an @, and the part after it must 3444 * contain only valid characters. 3445 */ 3446 if (cp == NULL || 3447 zfs_component_namecheck(cp + 1, NULL, NULL) != 0) 3448 return (SET_ERROR(EINVAL)); 3449 3450 /* 3451 * The snap must be in the specified pool. 3452 */ 3453 if (strncmp(name, poolname, poollen) != 0 || 3454 (name[poollen] != '/' && name[poollen] != '@')) 3455 return (SET_ERROR(EXDEV)); 3456 3457 /* This must be the only snap of this fs. */ 3458 for (nvpair_t *pair2 = nvlist_next_nvpair(snaps, pair); 3459 pair2 != NULL; pair2 = nvlist_next_nvpair(snaps, pair2)) { 3460 if (strncmp(name, nvpair_name(pair2), cp - name + 1) 3461 == 0) { 3462 return (SET_ERROR(EXDEV)); 3463 } 3464 } 3465 } 3466 3467 error = dsl_dataset_snapshot(snaps, props, outnvl); 3468 return (error); 3469 } 3470 3471 /* 3472 * innvl: "message" -> string 3473 */ 3474 /* ARGSUSED */ 3475 static int 3476 zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl) 3477 { 3478 char *message; 3479 spa_t *spa; 3480 int error; 3481 char *poolname; 3482 3483 /* 3484 * The poolname in the ioctl is not set, we get it from the TSD, 3485 * which was set at the end of the last successful ioctl that allows 3486 * logging. The secpolicy func already checked that it is set. 3487 * Only one log ioctl is allowed after each successful ioctl, so 3488 * we clear the TSD here. 3489 */ 3490 poolname = tsd_get(zfs_allow_log_key); 3491 (void) tsd_set(zfs_allow_log_key, NULL); 3492 error = spa_open(poolname, &spa, FTAG); 3493 strfree(poolname); 3494 if (error != 0) 3495 return (error); 3496 3497 if (nvlist_lookup_string(innvl, "message", &message) != 0) { 3498 spa_close(spa, FTAG); 3499 return (SET_ERROR(EINVAL)); 3500 } 3501 3502 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) { 3503 spa_close(spa, FTAG); 3504 return (SET_ERROR(ENOTSUP)); 3505 } 3506 3507 error = spa_history_log(spa, message); 3508 spa_close(spa, FTAG); 3509 return (error); 3510 } 3511 3512 #ifdef __FreeBSD__ 3513 static int 3514 zfs_ioc_nextboot(const char *unused, nvlist_t *innvl, nvlist_t *outnvl) 3515 { 3516 char name[MAXNAMELEN]; 3517 spa_t *spa; 3518 vdev_t *vd; 3519 char *command; 3520 uint64_t pool_guid; 3521 uint64_t vdev_guid; 3522 int error; 3523 3524 if (nvlist_lookup_uint64(innvl, 3525 ZPOOL_CONFIG_POOL_GUID, &pool_guid) != 0) 3526 return (EINVAL); 3527 if (nvlist_lookup_uint64(innvl, 3528 ZPOOL_CONFIG_GUID, &vdev_guid) != 0) 3529 return (EINVAL); 3530 if (nvlist_lookup_string(innvl, 3531 "command", &command) != 0) 3532 return (EINVAL); 3533 3534 mutex_enter(&spa_namespace_lock); 3535 spa = spa_by_guid(pool_guid, vdev_guid); 3536 if (spa != NULL) 3537 strcpy(name, spa_name(spa)); 3538 mutex_exit(&spa_namespace_lock); 3539 if (spa == NULL) 3540 return (ENOENT); 3541 3542 if ((error = spa_open(name, &spa, FTAG)) != 0) 3543 return (error); 3544 spa_vdev_state_enter(spa, SCL_ALL); 3545 vd = spa_lookup_by_guid(spa, vdev_guid, B_TRUE); 3546 if (vd == NULL) { 3547 (void) spa_vdev_state_exit(spa, NULL, ENXIO); 3548 spa_close(spa, FTAG); 3549 return (ENODEV); 3550 } 3551 error = vdev_label_write_pad2(vd, command, strlen(command)); 3552 (void) spa_vdev_state_exit(spa, NULL, 0); 3553 txg_wait_synced(spa->spa_dsl_pool, 0); 3554 spa_close(spa, FTAG); 3555 return (error); 3556 } 3557 #endif 3558 3559 /* 3560 * The dp_config_rwlock must not be held when calling this, because the 3561 * unmount may need to write out data. 3562 * 3563 * This function is best-effort. Callers must deal gracefully if it 3564 * remains mounted (or is remounted after this call). 3565 * 3566 * Returns 0 if the argument is not a snapshot, or it is not currently a 3567 * filesystem, or we were able to unmount it. Returns error code otherwise. 3568 */ 3569 int 3570 zfs_unmount_snap(const char *snapname) 3571 { 3572 vfs_t *vfsp; 3573 zfsvfs_t *zfsvfs; 3574 int err; 3575 3576 if (strchr(snapname, '@') == NULL) 3577 return (0); 3578 3579 vfsp = zfs_get_vfs(snapname); 3580 if (vfsp == NULL) 3581 return (0); 3582 3583 zfsvfs = vfsp->vfs_data; 3584 ASSERT(!dsl_pool_config_held(dmu_objset_pool(zfsvfs->z_os))); 3585 3586 err = vn_vfswlock(vfsp->vfs_vnodecovered); 3587 #ifdef illumos 3588 VFS_RELE(vfsp); 3589 #else 3590 vfs_unbusy(vfsp); 3591 #endif 3592 if (err != 0) 3593 return (SET_ERROR(err)); 3594 3595 /* 3596 * Always force the unmount for snapshots. 3597 */ 3598 3599 #ifdef illumos 3600 (void) dounmount(vfsp, MS_FORCE, kcred); 3601 #else 3602 vfs_ref(vfsp); 3603 (void) dounmount(vfsp, MS_FORCE, curthread); 3604 #endif 3605 return (0); 3606 } 3607 3608 /* ARGSUSED */ 3609 static int 3610 zfs_unmount_snap_cb(const char *snapname, void *arg) 3611 { 3612 return (zfs_unmount_snap(snapname)); 3613 } 3614 3615 /* 3616 * When a clone is destroyed, its origin may also need to be destroyed, 3617 * in which case it must be unmounted. This routine will do that unmount 3618 * if necessary. 3619 */ 3620 void 3621 zfs_destroy_unmount_origin(const char *fsname) 3622 { 3623 int error; 3624 objset_t *os; 3625 dsl_dataset_t *ds; 3626 3627 error = dmu_objset_hold(fsname, FTAG, &os); 3628 if (error != 0) 3629 return; 3630 ds = dmu_objset_ds(os); 3631 if (dsl_dir_is_clone(ds->ds_dir) && DS_IS_DEFER_DESTROY(ds->ds_prev)) { 3632 char originname[ZFS_MAX_DATASET_NAME_LEN]; 3633 dsl_dataset_name(ds->ds_prev, originname); 3634 dmu_objset_rele(os, FTAG); 3635 (void) zfs_unmount_snap(originname); 3636 } else { 3637 dmu_objset_rele(os, FTAG); 3638 } 3639 } 3640 3641 /* 3642 * innvl: { 3643 * "snaps" -> { snapshot1, snapshot2 } 3644 * (optional boolean) "defer" 3645 * } 3646 * 3647 * outnvl: snapshot -> error code (int32) 3648 * 3649 */ 3650 /* ARGSUSED */ 3651 static int 3652 zfs_ioc_destroy_snaps(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3653 { 3654 int error, poollen; 3655 nvlist_t *snaps; 3656 nvpair_t *pair; 3657 boolean_t defer; 3658 3659 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0) 3660 return (SET_ERROR(EINVAL)); 3661 defer = nvlist_exists(innvl, "defer"); 3662 3663 poollen = strlen(poolname); 3664 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 3665 pair = nvlist_next_nvpair(snaps, pair)) { 3666 const char *name = nvpair_name(pair); 3667 3668 /* 3669 * The snap must be in the specified pool to prevent the 3670 * invalid removal of zvol minors below. 3671 */ 3672 if (strncmp(name, poolname, poollen) != 0 || 3673 (name[poollen] != '/' && name[poollen] != '@')) 3674 return (SET_ERROR(EXDEV)); 3675 3676 error = zfs_unmount_snap(name); 3677 if (error != 0) 3678 return (error); 3679 zvol_remove_minors(name); 3680 } 3681 3682 return (dsl_destroy_snapshots_nvl(snaps, defer, outnvl)); 3683 } 3684 3685 /* 3686 * Create bookmarks. Bookmark names are of the form <fs>#<bmark>. 3687 * All bookmarks must be in the same pool. 3688 * 3689 * innvl: { 3690 * bookmark1 -> snapshot1, bookmark2 -> snapshot2 3691 * } 3692 * 3693 * outnvl: bookmark -> error code (int32) 3694 * 3695 */ 3696 /* ARGSUSED */ 3697 static int 3698 zfs_ioc_bookmark(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3699 { 3700 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL); 3701 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) { 3702 char *snap_name; 3703 3704 /* 3705 * Verify the snapshot argument. 3706 */ 3707 if (nvpair_value_string(pair, &snap_name) != 0) 3708 return (SET_ERROR(EINVAL)); 3709 3710 3711 /* Verify that the keys (bookmarks) are unique */ 3712 for (nvpair_t *pair2 = nvlist_next_nvpair(innvl, pair); 3713 pair2 != NULL; pair2 = nvlist_next_nvpair(innvl, pair2)) { 3714 if (strcmp(nvpair_name(pair), nvpair_name(pair2)) == 0) 3715 return (SET_ERROR(EINVAL)); 3716 } 3717 } 3718 3719 return (dsl_bookmark_create(innvl, outnvl)); 3720 } 3721 3722 /* 3723 * innvl: { 3724 * property 1, property 2, ... 3725 * } 3726 * 3727 * outnvl: { 3728 * bookmark name 1 -> { property 1, property 2, ... }, 3729 * bookmark name 2 -> { property 1, property 2, ... } 3730 * } 3731 * 3732 */ 3733 static int 3734 zfs_ioc_get_bookmarks(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3735 { 3736 return (dsl_get_bookmarks(fsname, innvl, outnvl)); 3737 } 3738 3739 /* 3740 * innvl: { 3741 * bookmark name 1, bookmark name 2 3742 * } 3743 * 3744 * outnvl: bookmark -> error code (int32) 3745 * 3746 */ 3747 static int 3748 zfs_ioc_destroy_bookmarks(const char *poolname, nvlist_t *innvl, 3749 nvlist_t *outnvl) 3750 { 3751 int error, poollen; 3752 3753 poollen = strlen(poolname); 3754 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL); 3755 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) { 3756 const char *name = nvpair_name(pair); 3757 const char *cp = strchr(name, '#'); 3758 3759 /* 3760 * The bookmark name must contain an #, and the part after it 3761 * must contain only valid characters. 3762 */ 3763 if (cp == NULL || 3764 zfs_component_namecheck(cp + 1, NULL, NULL) != 0) 3765 return (SET_ERROR(EINVAL)); 3766 3767 /* 3768 * The bookmark must be in the specified pool. 3769 */ 3770 if (strncmp(name, poolname, poollen) != 0 || 3771 (name[poollen] != '/' && name[poollen] != '#')) 3772 return (SET_ERROR(EXDEV)); 3773 } 3774 3775 error = dsl_bookmark_destroy(innvl, outnvl); 3776 return (error); 3777 } 3778 3779 /* 3780 * inputs: 3781 * zc_name name of dataset to destroy 3782 * zc_objset_type type of objset 3783 * zc_defer_destroy mark for deferred destroy 3784 * 3785 * outputs: none 3786 */ 3787 static int 3788 zfs_ioc_destroy(zfs_cmd_t *zc) 3789 { 3790 int err; 3791 3792 if (zc->zc_objset_type == DMU_OST_ZFS) { 3793 err = zfs_unmount_snap(zc->zc_name); 3794 if (err != 0) 3795 return (err); 3796 } 3797 3798 if (strchr(zc->zc_name, '@')) 3799 err = dsl_destroy_snapshot(zc->zc_name, zc->zc_defer_destroy); 3800 else 3801 err = dsl_destroy_head(zc->zc_name); 3802 if (zc->zc_objset_type == DMU_OST_ZVOL && err == 0) 3803 #if defined(__FreeBSD__) || defined(__NetBSD__) 3804 zvol_remove_minors(zc->zc_name); 3805 #else 3806 (void) zvol_remove_minor(zc->zc_name); 3807 #endif 3808 return (err); 3809 } 3810 3811 /* 3812 * fsname is name of dataset to rollback (to most recent snapshot) 3813 * 3814 * innvl is not used. 3815 * 3816 * outnvl: "target" -> name of most recent snapshot 3817 * } 3818 */ 3819 /* ARGSUSED */ 3820 static int 3821 zfs_ioc_rollback(const char *fsname, nvlist_t *args, nvlist_t *outnvl) 3822 { 3823 zfsvfs_t *zfsvfs; 3824 int error; 3825 3826 if (getzfsvfs(fsname, &zfsvfs) == 0) { 3827 dsl_dataset_t *ds; 3828 3829 ds = dmu_objset_ds(zfsvfs->z_os); 3830 error = zfs_suspend_fs(zfsvfs); 3831 if (error == 0) { 3832 int resume_err; 3833 3834 error = dsl_dataset_rollback(fsname, zfsvfs, outnvl); 3835 resume_err = zfs_resume_fs(zfsvfs, ds); 3836 error = error ? error : resume_err; 3837 } 3838 #ifdef illumos 3839 VFS_RELE(zfsvfs->z_vfs); 3840 #else 3841 vfs_unbusy(zfsvfs->z_vfs); 3842 #endif 3843 } else { 3844 error = dsl_dataset_rollback(fsname, NULL, outnvl); 3845 } 3846 return (error); 3847 } 3848 3849 static int 3850 recursive_unmount(const char *fsname, void *arg) 3851 { 3852 const char *snapname = arg; 3853 char fullname[ZFS_MAX_DATASET_NAME_LEN]; 3854 3855 (void) snprintf(fullname, sizeof (fullname), "%s@%s", fsname, snapname); 3856 return (zfs_unmount_snap(fullname)); 3857 } 3858 3859 /* 3860 * inputs: 3861 * zc_name old name of dataset 3862 * zc_value new name of dataset 3863 * zc_cookie recursive flag (only valid for snapshots) 3864 * 3865 * outputs: none 3866 */ 3867 static int 3868 zfs_ioc_rename(zfs_cmd_t *zc) 3869 { 3870 boolean_t recursive = zc->zc_cookie & 1; 3871 char *at; 3872 boolean_t allow_mounted = B_TRUE; 3873 3874 #if defined(__FreeBSD__) || defined(__NetBSD__) 3875 allow_mounted = (zc->zc_cookie & 2) != 0; 3876 #endif 3877 3878 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0'; 3879 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 || 3880 strchr(zc->zc_value, '%')) 3881 return (SET_ERROR(EINVAL)); 3882 3883 at = strchr(zc->zc_name, '@'); 3884 if (at != NULL) { 3885 /* snaps must be in same fs */ 3886 int error; 3887 3888 if (strncmp(zc->zc_name, zc->zc_value, at - zc->zc_name + 1)) 3889 return (SET_ERROR(EXDEV)); 3890 *at = '\0'; 3891 if (zc->zc_objset_type == DMU_OST_ZFS && !allow_mounted) { 3892 error = dmu_objset_find(zc->zc_name, 3893 recursive_unmount, at + 1, 3894 recursive ? DS_FIND_CHILDREN : 0); 3895 if (error != 0) { 3896 *at = '@'; 3897 return (error); 3898 } 3899 } 3900 error = dsl_dataset_rename_snapshot(zc->zc_name, 3901 at + 1, strchr(zc->zc_value, '@') + 1, recursive); 3902 *at = '@'; 3903 3904 return (error); 3905 } else { 3906 #ifdef illumos 3907 if (zc->zc_objset_type == DMU_OST_ZVOL) 3908 (void) zvol_remove_minor(zc->zc_name); 3909 #endif 3910 return (dsl_dir_rename(zc->zc_name, zc->zc_value)); 3911 } 3912 } 3913 3914 static int 3915 zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr) 3916 { 3917 const char *propname = nvpair_name(pair); 3918 boolean_t issnap = (strchr(dsname, '@') != NULL); 3919 zfs_prop_t prop = zfs_name_to_prop(propname); 3920 uint64_t intval; 3921 int err; 3922 3923 if (prop == ZPROP_INVAL) { 3924 if (zfs_prop_user(propname)) { 3925 if (err = zfs_secpolicy_write_perms(dsname, 3926 ZFS_DELEG_PERM_USERPROP, cr)) 3927 return (err); 3928 return (0); 3929 } 3930 3931 if (!issnap && zfs_prop_userquota(propname)) { 3932 const char *perm = NULL; 3933 const char *uq_prefix = 3934 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA]; 3935 const char *gq_prefix = 3936 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA]; 3937 3938 if (strncmp(propname, uq_prefix, 3939 strlen(uq_prefix)) == 0) { 3940 perm = ZFS_DELEG_PERM_USERQUOTA; 3941 } else if (strncmp(propname, gq_prefix, 3942 strlen(gq_prefix)) == 0) { 3943 perm = ZFS_DELEG_PERM_GROUPQUOTA; 3944 } else { 3945 /* USERUSED and GROUPUSED are read-only */ 3946 return (SET_ERROR(EINVAL)); 3947 } 3948 3949 if (err = zfs_secpolicy_write_perms(dsname, perm, cr)) 3950 return (err); 3951 return (0); 3952 } 3953 3954 return (SET_ERROR(EINVAL)); 3955 } 3956 3957 if (issnap) 3958 return (SET_ERROR(EINVAL)); 3959 3960 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 3961 /* 3962 * dsl_prop_get_all_impl() returns properties in this 3963 * format. 3964 */ 3965 nvlist_t *attrs; 3966 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 3967 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 3968 &pair) == 0); 3969 } 3970 3971 /* 3972 * Check that this value is valid for this pool version 3973 */ 3974 switch (prop) { 3975 case ZFS_PROP_COMPRESSION: 3976 /* 3977 * If the user specified gzip compression, make sure 3978 * the SPA supports it. We ignore any errors here since 3979 * we'll catch them later. 3980 */ 3981 if (nvpair_value_uint64(pair, &intval) == 0) { 3982 if (intval >= ZIO_COMPRESS_GZIP_1 && 3983 intval <= ZIO_COMPRESS_GZIP_9 && 3984 zfs_earlier_version(dsname, 3985 SPA_VERSION_GZIP_COMPRESSION)) { 3986 return (SET_ERROR(ENOTSUP)); 3987 } 3988 3989 if (intval == ZIO_COMPRESS_ZLE && 3990 zfs_earlier_version(dsname, 3991 SPA_VERSION_ZLE_COMPRESSION)) 3992 return (SET_ERROR(ENOTSUP)); 3993 3994 if (intval == ZIO_COMPRESS_LZ4) { 3995 spa_t *spa; 3996 3997 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 3998 return (err); 3999 4000 if (!spa_feature_is_enabled(spa, 4001 SPA_FEATURE_LZ4_COMPRESS)) { 4002 spa_close(spa, FTAG); 4003 return (SET_ERROR(ENOTSUP)); 4004 } 4005 spa_close(spa, FTAG); 4006 } 4007 4008 /* 4009 * If this is a bootable dataset then 4010 * verify that the compression algorithm 4011 * is supported for booting. We must return 4012 * something other than ENOTSUP since it 4013 * implies a downrev pool version. 4014 */ 4015 if (zfs_is_bootfs(dsname) && 4016 !BOOTFS_COMPRESS_VALID(intval)) { 4017 return (SET_ERROR(ERANGE)); 4018 } 4019 } 4020 break; 4021 4022 case ZFS_PROP_COPIES: 4023 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS)) 4024 return (SET_ERROR(ENOTSUP)); 4025 break; 4026 4027 case ZFS_PROP_RECORDSIZE: 4028 /* Record sizes above 128k need the feature to be enabled */ 4029 if (nvpair_value_uint64(pair, &intval) == 0 && 4030 intval > SPA_OLD_MAXBLOCKSIZE) { 4031 spa_t *spa; 4032 4033 /* 4034 * We don't allow setting the property above 1MB, 4035 * unless the tunable has been changed. 4036 */ 4037 if (intval > zfs_max_recordsize || 4038 intval > SPA_MAXBLOCKSIZE) 4039 return (SET_ERROR(ERANGE)); 4040 4041 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 4042 return (err); 4043 4044 if (!spa_feature_is_enabled(spa, 4045 SPA_FEATURE_LARGE_BLOCKS)) { 4046 spa_close(spa, FTAG); 4047 return (SET_ERROR(ENOTSUP)); 4048 } 4049 spa_close(spa, FTAG); 4050 } 4051 break; 4052 4053 case ZFS_PROP_SHARESMB: 4054 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID)) 4055 return (SET_ERROR(ENOTSUP)); 4056 break; 4057 4058 case ZFS_PROP_ACLINHERIT: 4059 if (nvpair_type(pair) == DATA_TYPE_UINT64 && 4060 nvpair_value_uint64(pair, &intval) == 0) { 4061 if (intval == ZFS_ACL_PASSTHROUGH_X && 4062 zfs_earlier_version(dsname, 4063 SPA_VERSION_PASSTHROUGH_X)) 4064 return (SET_ERROR(ENOTSUP)); 4065 } 4066 break; 4067 4068 case ZFS_PROP_CHECKSUM: 4069 case ZFS_PROP_DEDUP: 4070 { 4071 spa_feature_t feature; 4072 spa_t *spa; 4073 4074 /* dedup feature version checks */ 4075 if (prop == ZFS_PROP_DEDUP && 4076 zfs_earlier_version(dsname, SPA_VERSION_DEDUP)) 4077 return (SET_ERROR(ENOTSUP)); 4078 4079 if (nvpair_value_uint64(pair, &intval) != 0) 4080 return (SET_ERROR(EINVAL)); 4081 4082 /* check prop value is enabled in features */ 4083 feature = zio_checksum_to_feature(intval & ZIO_CHECKSUM_MASK); 4084 if (feature == SPA_FEATURE_NONE) 4085 break; 4086 4087 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 4088 return (err); 4089 /* 4090 * Salted checksums are not supported on root pools. 4091 */ 4092 if (spa_bootfs(spa) != 0 && 4093 intval < ZIO_CHECKSUM_FUNCTIONS && 4094 (zio_checksum_table[intval].ci_flags & 4095 ZCHECKSUM_FLAG_SALTED)) { 4096 spa_close(spa, FTAG); 4097 return (SET_ERROR(ERANGE)); 4098 } 4099 if (!spa_feature_is_enabled(spa, feature)) { 4100 spa_close(spa, FTAG); 4101 return (SET_ERROR(ENOTSUP)); 4102 } 4103 spa_close(spa, FTAG); 4104 break; 4105 } 4106 } 4107 4108 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED())); 4109 } 4110 4111 /* 4112 * Checks for a race condition to make sure we don't increment a feature flag 4113 * multiple times. 4114 */ 4115 static int 4116 zfs_prop_activate_feature_check(void *arg, dmu_tx_t *tx) 4117 { 4118 spa_t *spa = dmu_tx_pool(tx)->dp_spa; 4119 spa_feature_t *featurep = arg; 4120 4121 if (!spa_feature_is_active(spa, *featurep)) 4122 return (0); 4123 else 4124 return (SET_ERROR(EBUSY)); 4125 } 4126 4127 /* 4128 * The callback invoked on feature activation in the sync task caused by 4129 * zfs_prop_activate_feature. 4130 */ 4131 static void 4132 zfs_prop_activate_feature_sync(void *arg, dmu_tx_t *tx) 4133 { 4134 spa_t *spa = dmu_tx_pool(tx)->dp_spa; 4135 spa_feature_t *featurep = arg; 4136 4137 spa_feature_incr(spa, *featurep, tx); 4138 } 4139 4140 /* 4141 * Activates a feature on a pool in response to a property setting. This 4142 * creates a new sync task which modifies the pool to reflect the feature 4143 * as being active. 4144 */ 4145 static int 4146 zfs_prop_activate_feature(spa_t *spa, spa_feature_t feature) 4147 { 4148 int err; 4149 4150 /* EBUSY here indicates that the feature is already active */ 4151 err = dsl_sync_task(spa_name(spa), 4152 zfs_prop_activate_feature_check, zfs_prop_activate_feature_sync, 4153 &feature, 2, ZFS_SPACE_CHECK_RESERVED); 4154 4155 if (err != 0 && err != EBUSY) 4156 return (err); 4157 else 4158 return (0); 4159 } 4160 4161 /* 4162 * Removes properties from the given props list that fail permission checks 4163 * needed to clear them and to restore them in case of a receive error. For each 4164 * property, make sure we have both set and inherit permissions. 4165 * 4166 * Returns the first error encountered if any permission checks fail. If the 4167 * caller provides a non-NULL errlist, it also gives the complete list of names 4168 * of all the properties that failed a permission check along with the 4169 * corresponding error numbers. The caller is responsible for freeing the 4170 * returned errlist. 4171 * 4172 * If every property checks out successfully, zero is returned and the list 4173 * pointed at by errlist is NULL. 4174 */ 4175 static int 4176 zfs_check_clearable(char *dataset, nvlist_t *props, nvlist_t **errlist) 4177 { 4178 zfs_cmd_t *zc; 4179 nvpair_t *pair, *next_pair; 4180 nvlist_t *errors; 4181 int err, rv = 0; 4182 4183 if (props == NULL) 4184 return (0); 4185 4186 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0); 4187 4188 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP); 4189 (void) strcpy(zc->zc_name, dataset); 4190 pair = nvlist_next_nvpair(props, NULL); 4191 while (pair != NULL) { 4192 next_pair = nvlist_next_nvpair(props, pair); 4193 4194 (void) strcpy(zc->zc_value, nvpair_name(pair)); 4195 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 || 4196 (err = zfs_secpolicy_inherit_prop(zc, NULL, CRED())) != 0) { 4197 VERIFY(nvlist_remove_nvpair(props, pair) == 0); 4198 VERIFY(nvlist_add_int32(errors, 4199 zc->zc_value, err) == 0); 4200 } 4201 pair = next_pair; 4202 } 4203 kmem_free(zc, sizeof (zfs_cmd_t)); 4204 4205 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) { 4206 nvlist_free(errors); 4207 errors = NULL; 4208 } else { 4209 VERIFY(nvpair_value_int32(pair, &rv) == 0); 4210 } 4211 4212 if (errlist == NULL) 4213 nvlist_free(errors); 4214 else 4215 *errlist = errors; 4216 4217 return (rv); 4218 } 4219 4220 static boolean_t 4221 propval_equals(nvpair_t *p1, nvpair_t *p2) 4222 { 4223 if (nvpair_type(p1) == DATA_TYPE_NVLIST) { 4224 /* dsl_prop_get_all_impl() format */ 4225 nvlist_t *attrs; 4226 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0); 4227 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 4228 &p1) == 0); 4229 } 4230 4231 if (nvpair_type(p2) == DATA_TYPE_NVLIST) { 4232 nvlist_t *attrs; 4233 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0); 4234 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 4235 &p2) == 0); 4236 } 4237 4238 if (nvpair_type(p1) != nvpair_type(p2)) 4239 return (B_FALSE); 4240 4241 if (nvpair_type(p1) == DATA_TYPE_STRING) { 4242 char *valstr1, *valstr2; 4243 4244 VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0); 4245 VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0); 4246 return (strcmp(valstr1, valstr2) == 0); 4247 } else { 4248 uint64_t intval1, intval2; 4249 4250 VERIFY(nvpair_value_uint64(p1, &intval1) == 0); 4251 VERIFY(nvpair_value_uint64(p2, &intval2) == 0); 4252 return (intval1 == intval2); 4253 } 4254 } 4255 4256 /* 4257 * Remove properties from props if they are not going to change (as determined 4258 * by comparison with origprops). Remove them from origprops as well, since we 4259 * do not need to clear or restore properties that won't change. 4260 */ 4261 static void 4262 props_reduce(nvlist_t *props, nvlist_t *origprops) 4263 { 4264 nvpair_t *pair, *next_pair; 4265 4266 if (origprops == NULL) 4267 return; /* all props need to be received */ 4268 4269 pair = nvlist_next_nvpair(props, NULL); 4270 while (pair != NULL) { 4271 const char *propname = nvpair_name(pair); 4272 nvpair_t *match; 4273 4274 next_pair = nvlist_next_nvpair(props, pair); 4275 4276 if ((nvlist_lookup_nvpair(origprops, propname, 4277 &match) != 0) || !propval_equals(pair, match)) 4278 goto next; /* need to set received value */ 4279 4280 /* don't clear the existing received value */ 4281 (void) nvlist_remove_nvpair(origprops, match); 4282 /* don't bother receiving the property */ 4283 (void) nvlist_remove_nvpair(props, pair); 4284 next: 4285 pair = next_pair; 4286 } 4287 } 4288 4289 /* 4290 * Extract properties that cannot be set PRIOR to the receipt of a dataset. 4291 * For example, refquota cannot be set until after the receipt of a dataset, 4292 * because in replication streams, an older/earlier snapshot may exceed the 4293 * refquota. We want to receive the older/earlier snapshot, but setting 4294 * refquota pre-receipt will set the dsl's ACTUAL quota, which will prevent 4295 * the older/earlier snapshot from being received (with EDQUOT). 4296 * 4297 * The ZFS test "zfs_receive_011_pos" demonstrates such a scenario. 4298 * 4299 * libzfs will need to be judicious handling errors encountered by props 4300 * extracted by this function. 4301 */ 4302 static nvlist_t * 4303 extract_delay_props(nvlist_t *props) 4304 { 4305 nvlist_t *delayprops; 4306 nvpair_t *nvp, *tmp; 4307 static const zfs_prop_t delayable[] = { ZFS_PROP_REFQUOTA, 0 }; 4308 int i; 4309 4310 VERIFY(nvlist_alloc(&delayprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 4311 4312 for (nvp = nvlist_next_nvpair(props, NULL); nvp != NULL; 4313 nvp = nvlist_next_nvpair(props, nvp)) { 4314 /* 4315 * strcmp() is safe because zfs_prop_to_name() always returns 4316 * a bounded string. 4317 */ 4318 for (i = 0; delayable[i] != 0; i++) { 4319 if (strcmp(zfs_prop_to_name(delayable[i]), 4320 nvpair_name(nvp)) == 0) { 4321 break; 4322 } 4323 } 4324 if (delayable[i] != 0) { 4325 tmp = nvlist_prev_nvpair(props, nvp); 4326 VERIFY(nvlist_add_nvpair(delayprops, nvp) == 0); 4327 VERIFY(nvlist_remove_nvpair(props, nvp) == 0); 4328 nvp = tmp; 4329 } 4330 } 4331 4332 if (nvlist_empty(delayprops)) { 4333 nvlist_free(delayprops); 4334 delayprops = NULL; 4335 } 4336 return (delayprops); 4337 } 4338 4339 #ifdef DEBUG 4340 static boolean_t zfs_ioc_recv_inject_err; 4341 #endif 4342 4343 /* 4344 * inputs: 4345 * zc_name name of containing filesystem 4346 * zc_nvlist_src{_size} nvlist of properties to apply 4347 * zc_value name of snapshot to create 4348 * zc_string name of clone origin (if DRR_FLAG_CLONE) 4349 * zc_cookie file descriptor to recv from 4350 * zc_begin_record the BEGIN record of the stream (not byteswapped) 4351 * zc_guid force flag 4352 * zc_cleanup_fd cleanup-on-exit file descriptor 4353 * zc_action_handle handle for this guid/ds mapping (or zero on first call) 4354 * zc_resumable if data is incomplete assume sender will resume 4355 * 4356 * outputs: 4357 * zc_cookie number of bytes read 4358 * zc_nvlist_dst{_size} error for each unapplied received property 4359 * zc_obj zprop_errflags_t 4360 * zc_action_handle handle for this guid/ds mapping 4361 */ 4362 static int 4363 zfs_ioc_recv(zfs_cmd_t *zc) 4364 { 4365 file_t *fp; 4366 dmu_recv_cookie_t drc; 4367 boolean_t force = (boolean_t)zc->zc_guid; 4368 int fd; 4369 int error = 0; 4370 int props_error = 0; 4371 nvlist_t *errors; 4372 offset_t off; 4373 nvlist_t *props = NULL; /* sent properties */ 4374 nvlist_t *origprops = NULL; /* existing properties */ 4375 nvlist_t *delayprops = NULL; /* sent properties applied post-receive */ 4376 char *origin = NULL; 4377 char *tosnap; 4378 char tofs[ZFS_MAX_DATASET_NAME_LEN]; 4379 #ifdef __FreeBSD__ 4380 cap_rights_t rights; 4381 #endif 4382 boolean_t first_recvd_props = B_FALSE; 4383 4384 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 || 4385 strchr(zc->zc_value, '@') == NULL || 4386 strchr(zc->zc_value, '%')) 4387 return (SET_ERROR(EINVAL)); 4388 4389 (void) strcpy(tofs, zc->zc_value); 4390 tosnap = strchr(tofs, '@'); 4391 *tosnap++ = '\0'; 4392 4393 if (zc->zc_nvlist_src != 0 && 4394 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 4395 zc->zc_iflags, &props)) != 0) 4396 return (error); 4397 4398 fd = zc->zc_cookie; 4399 #ifdef __FreeBSD__ 4400 fget_read(curthread, fd, cap_rights_init(&rights, CAP_PREAD), &fp); 4401 #else 4402 fp = getf(fd); 4403 #endif 4404 if (fp == NULL) { 4405 nvlist_free(props); 4406 return (SET_ERROR(EBADF)); 4407 } 4408 4409 errors = fnvlist_alloc(); 4410 4411 if (zc->zc_string[0]) 4412 origin = zc->zc_string; 4413 4414 error = dmu_recv_begin(tofs, tosnap, 4415 &zc->zc_begin_record, force, zc->zc_resumable, origin, &drc); 4416 if (error != 0) 4417 goto out; 4418 4419 /* 4420 * Set properties before we receive the stream so that they are applied 4421 * to the new data. Note that we must call dmu_recv_stream() if 4422 * dmu_recv_begin() succeeds. 4423 */ 4424 if (props != NULL && !drc.drc_newfs) { 4425 if (spa_version(dsl_dataset_get_spa(drc.drc_ds)) >= 4426 SPA_VERSION_RECVD_PROPS && 4427 !dsl_prop_get_hasrecvd(tofs)) 4428 first_recvd_props = B_TRUE; 4429 4430 /* 4431 * If new received properties are supplied, they are to 4432 * completely replace the existing received properties, so stash 4433 * away the existing ones. 4434 */ 4435 if (dsl_prop_get_received(tofs, &origprops) == 0) { 4436 nvlist_t *errlist = NULL; 4437 /* 4438 * Don't bother writing a property if its value won't 4439 * change (and avoid the unnecessary security checks). 4440 * 4441 * The first receive after SPA_VERSION_RECVD_PROPS is a 4442 * special case where we blow away all local properties 4443 * regardless. 4444 */ 4445 if (!first_recvd_props) 4446 props_reduce(props, origprops); 4447 if (zfs_check_clearable(tofs, origprops, &errlist) != 0) 4448 (void) nvlist_merge(errors, errlist, 0); 4449 nvlist_free(errlist); 4450 4451 if (clear_received_props(tofs, origprops, 4452 first_recvd_props ? NULL : props) != 0) 4453 zc->zc_obj |= ZPROP_ERR_NOCLEAR; 4454 } else { 4455 zc->zc_obj |= ZPROP_ERR_NOCLEAR; 4456 } 4457 } 4458 4459 if (props != NULL) { 4460 props_error = dsl_prop_set_hasrecvd(tofs); 4461 4462 if (props_error == 0) { 4463 delayprops = extract_delay_props(props); 4464 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED, 4465 props, errors); 4466 } 4467 } 4468 4469 off = fp->f_offset; 4470 error = dmu_recv_stream(&drc, fp, &off, zc->zc_cleanup_fd, 4471 &zc->zc_action_handle); 4472 4473 if (error == 0) { 4474 zfsvfs_t *zfsvfs = NULL; 4475 4476 if (getzfsvfs(tofs, &zfsvfs) == 0) { 4477 /* online recv */ 4478 dsl_dataset_t *ds; 4479 int end_err; 4480 4481 ds = dmu_objset_ds(zfsvfs->z_os); 4482 error = zfs_suspend_fs(zfsvfs); 4483 /* 4484 * If the suspend fails, then the recv_end will 4485 * likely also fail, and clean up after itself. 4486 */ 4487 end_err = dmu_recv_end(&drc, zfsvfs); 4488 if (error == 0) 4489 error = zfs_resume_fs(zfsvfs, ds); 4490 error = error ? error : end_err; 4491 #ifdef illumos 4492 VFS_RELE(zfsvfs->z_vfs); 4493 #else 4494 vfs_unbusy(zfsvfs->z_vfs); 4495 #endif 4496 } else { 4497 error = dmu_recv_end(&drc, NULL); 4498 } 4499 4500 /* Set delayed properties now, after we're done receiving. */ 4501 if (delayprops != NULL && error == 0) { 4502 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED, 4503 delayprops, errors); 4504 } 4505 } 4506 4507 if (delayprops != NULL) { 4508 /* 4509 * Merge delayed props back in with initial props, in case 4510 * we're DEBUG and zfs_ioc_recv_inject_err is set (which means 4511 * we have to make sure clear_received_props() includes 4512 * the delayed properties). 4513 * 4514 * Since zfs_ioc_recv_inject_err is only in DEBUG kernels, 4515 * using ASSERT() will be just like a VERIFY. 4516 */ 4517 ASSERT(nvlist_merge(props, delayprops, 0) == 0); 4518 nvlist_free(delayprops); 4519 } 4520 4521 /* 4522 * Now that all props, initial and delayed, are set, report the prop 4523 * errors to the caller. 4524 */ 4525 if (zc->zc_nvlist_dst_size != 0 && 4526 (nvlist_smush(errors, zc->zc_nvlist_dst_size) != 0 || 4527 put_nvlist(zc, errors) != 0)) { 4528 /* 4529 * Caller made zc->zc_nvlist_dst less than the minimum expected 4530 * size or supplied an invalid address. 4531 */ 4532 props_error = SET_ERROR(EINVAL); 4533 } 4534 4535 zc->zc_cookie = off - fp->f_offset; 4536 if (off >= 0 && off <= MAXOFFSET_T) 4537 fp->f_offset = off; 4538 4539 #ifdef DEBUG 4540 if (zfs_ioc_recv_inject_err) { 4541 zfs_ioc_recv_inject_err = B_FALSE; 4542 error = 1; 4543 } 4544 #endif 4545 4546 if (error == 0) 4547 zvol_create_minors(tofs); 4548 4549 /* 4550 * On error, restore the original props. 4551 */ 4552 if (error != 0 && props != NULL && !drc.drc_newfs) { 4553 if (clear_received_props(tofs, props, NULL) != 0) { 4554 /* 4555 * We failed to clear the received properties. 4556 * Since we may have left a $recvd value on the 4557 * system, we can't clear the $hasrecvd flag. 4558 */ 4559 zc->zc_obj |= ZPROP_ERR_NORESTORE; 4560 } else if (first_recvd_props) { 4561 dsl_prop_unset_hasrecvd(tofs); 4562 } 4563 4564 if (origprops == NULL && !drc.drc_newfs) { 4565 /* We failed to stash the original properties. */ 4566 zc->zc_obj |= ZPROP_ERR_NORESTORE; 4567 } 4568 4569 /* 4570 * dsl_props_set() will not convert RECEIVED to LOCAL on or 4571 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL 4572 * explictly if we're restoring local properties cleared in the 4573 * first new-style receive. 4574 */ 4575 if (origprops != NULL && 4576 zfs_set_prop_nvlist(tofs, (first_recvd_props ? 4577 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED), 4578 origprops, NULL) != 0) { 4579 /* 4580 * We stashed the original properties but failed to 4581 * restore them. 4582 */ 4583 zc->zc_obj |= ZPROP_ERR_NORESTORE; 4584 } 4585 } 4586 out: 4587 nvlist_free(props); 4588 nvlist_free(origprops); 4589 nvlist_free(errors); 4590 releasef(fd); 4591 4592 if (error == 0) 4593 error = props_error; 4594 4595 return (error); 4596 } 4597 4598 /* 4599 * inputs: 4600 * zc_name name of snapshot to send 4601 * zc_cookie file descriptor to send stream to 4602 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj) 4603 * zc_sendobj objsetid of snapshot to send 4604 * zc_fromobj objsetid of incremental fromsnap (may be zero) 4605 * zc_guid if set, estimate size of stream only. zc_cookie is ignored. 4606 * output size in zc_objset_type. 4607 * zc_flags lzc_send_flags 4608 * 4609 * outputs: 4610 * zc_objset_type estimated size, if zc_guid is set 4611 */ 4612 static int 4613 zfs_ioc_send(zfs_cmd_t *zc) 4614 { 4615 int error; 4616 offset_t off; 4617 boolean_t estimate = (zc->zc_guid != 0); 4618 boolean_t embedok = (zc->zc_flags & 0x1); 4619 boolean_t large_block_ok = (zc->zc_flags & 0x2); 4620 4621 if (zc->zc_obj != 0) { 4622 dsl_pool_t *dp; 4623 dsl_dataset_t *tosnap; 4624 4625 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 4626 if (error != 0) 4627 return (error); 4628 4629 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &tosnap); 4630 if (error != 0) { 4631 dsl_pool_rele(dp, FTAG); 4632 return (error); 4633 } 4634 4635 if (dsl_dir_is_clone(tosnap->ds_dir)) 4636 zc->zc_fromobj = 4637 dsl_dir_phys(tosnap->ds_dir)->dd_origin_obj; 4638 dsl_dataset_rele(tosnap, FTAG); 4639 dsl_pool_rele(dp, FTAG); 4640 } 4641 4642 if (estimate) { 4643 dsl_pool_t *dp; 4644 dsl_dataset_t *tosnap; 4645 dsl_dataset_t *fromsnap = NULL; 4646 4647 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 4648 if (error != 0) 4649 return (error); 4650 4651 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &tosnap); 4652 if (error != 0) { 4653 dsl_pool_rele(dp, FTAG); 4654 return (error); 4655 } 4656 4657 if (zc->zc_fromobj != 0) { 4658 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj, 4659 FTAG, &fromsnap); 4660 if (error != 0) { 4661 dsl_dataset_rele(tosnap, FTAG); 4662 dsl_pool_rele(dp, FTAG); 4663 return (error); 4664 } 4665 } 4666 4667 error = dmu_send_estimate(tosnap, fromsnap, 4668 &zc->zc_objset_type); 4669 4670 if (fromsnap != NULL) 4671 dsl_dataset_rele(fromsnap, FTAG); 4672 dsl_dataset_rele(tosnap, FTAG); 4673 dsl_pool_rele(dp, FTAG); 4674 } else { 4675 file_t *fp; 4676 #ifdef __FreeBSD__ 4677 cap_rights_t rights; 4678 4679 fget_write(curthread, zc->zc_cookie, 4680 cap_rights_init(&rights, CAP_WRITE), &fp); 4681 #else 4682 fp = getf(zc->zc_cookie); 4683 #endif 4684 if (fp == NULL) 4685 return (SET_ERROR(EBADF)); 4686 4687 off = fp->f_offset; 4688 error = dmu_send_obj(zc->zc_name, zc->zc_sendobj, 4689 zc->zc_fromobj, embedok, large_block_ok, 4690 #ifdef illumos 4691 zc->zc_cookie, fp->f_vnode, &off); 4692 #else 4693 zc->zc_cookie, fp, &off); 4694 #endif 4695 4696 if (off >= 0 && off <= MAXOFFSET_T) 4697 fp->f_offset = off; 4698 releasef(zc->zc_cookie); 4699 } 4700 return (error); 4701 } 4702 4703 /* 4704 * inputs: 4705 * zc_name name of snapshot on which to report progress 4706 * zc_cookie file descriptor of send stream 4707 * 4708 * outputs: 4709 * zc_cookie number of bytes written in send stream thus far 4710 */ 4711 static int 4712 zfs_ioc_send_progress(zfs_cmd_t *zc) 4713 { 4714 dsl_pool_t *dp; 4715 dsl_dataset_t *ds; 4716 dmu_sendarg_t *dsp = NULL; 4717 int error; 4718 4719 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 4720 if (error != 0) 4721 return (error); 4722 4723 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds); 4724 if (error != 0) { 4725 dsl_pool_rele(dp, FTAG); 4726 return (error); 4727 } 4728 4729 mutex_enter(&ds->ds_sendstream_lock); 4730 4731 /* 4732 * Iterate over all the send streams currently active on this dataset. 4733 * If there's one which matches the specified file descriptor _and_ the 4734 * stream was started by the current process, return the progress of 4735 * that stream. 4736 */ 4737 for (dsp = list_head(&ds->ds_sendstreams); dsp != NULL; 4738 dsp = list_next(&ds->ds_sendstreams, dsp)) { 4739 if (dsp->dsa_outfd == zc->zc_cookie && 4740 dsp->dsa_proc == curproc) 4741 break; 4742 } 4743 4744 if (dsp != NULL) 4745 zc->zc_cookie = *(dsp->dsa_off); 4746 else 4747 error = SET_ERROR(ENOENT); 4748 4749 mutex_exit(&ds->ds_sendstream_lock); 4750 dsl_dataset_rele(ds, FTAG); 4751 dsl_pool_rele(dp, FTAG); 4752 return (error); 4753 } 4754 4755 static int 4756 zfs_ioc_inject_fault(zfs_cmd_t *zc) 4757 { 4758 int id, error; 4759 4760 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id, 4761 &zc->zc_inject_record); 4762 4763 if (error == 0) 4764 zc->zc_guid = (uint64_t)id; 4765 4766 return (error); 4767 } 4768 4769 static int 4770 zfs_ioc_clear_fault(zfs_cmd_t *zc) 4771 { 4772 return (zio_clear_fault((int)zc->zc_guid)); 4773 } 4774 4775 static int 4776 zfs_ioc_inject_list_next(zfs_cmd_t *zc) 4777 { 4778 int id = (int)zc->zc_guid; 4779 int error; 4780 4781 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name), 4782 &zc->zc_inject_record); 4783 4784 zc->zc_guid = id; 4785 4786 return (error); 4787 } 4788 4789 static int 4790 zfs_ioc_error_log(zfs_cmd_t *zc) 4791 { 4792 spa_t *spa; 4793 int error; 4794 size_t count = (size_t)zc->zc_nvlist_dst_size; 4795 4796 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 4797 return (error); 4798 4799 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst, 4800 &count); 4801 if (error == 0) 4802 zc->zc_nvlist_dst_size = count; 4803 else 4804 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa); 4805 4806 spa_close(spa, FTAG); 4807 4808 return (error); 4809 } 4810 4811 static int 4812 zfs_ioc_clear(zfs_cmd_t *zc) 4813 { 4814 spa_t *spa; 4815 vdev_t *vd; 4816 int error; 4817 4818 /* 4819 * On zpool clear we also fix up missing slogs 4820 */ 4821 mutex_enter(&spa_namespace_lock); 4822 spa = spa_lookup(zc->zc_name); 4823 if (spa == NULL) { 4824 mutex_exit(&spa_namespace_lock); 4825 return (SET_ERROR(EIO)); 4826 } 4827 if (spa_get_log_state(spa) == SPA_LOG_MISSING) { 4828 /* we need to let spa_open/spa_load clear the chains */ 4829 spa_set_log_state(spa, SPA_LOG_CLEAR); 4830 } 4831 spa->spa_last_open_failed = 0; 4832 mutex_exit(&spa_namespace_lock); 4833 4834 if (zc->zc_cookie & ZPOOL_NO_REWIND) { 4835 error = spa_open(zc->zc_name, &spa, FTAG); 4836 } else { 4837 nvlist_t *policy; 4838 nvlist_t *config = NULL; 4839 4840 if (zc->zc_nvlist_src == 0) 4841 return (SET_ERROR(EINVAL)); 4842 4843 if ((error = get_nvlist(zc->zc_nvlist_src, 4844 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) { 4845 error = spa_open_rewind(zc->zc_name, &spa, FTAG, 4846 policy, &config); 4847 if (config != NULL) { 4848 int err; 4849 4850 if ((err = put_nvlist(zc, config)) != 0) 4851 error = err; 4852 nvlist_free(config); 4853 } 4854 nvlist_free(policy); 4855 } 4856 } 4857 4858 if (error != 0) 4859 return (error); 4860 4861 spa_vdev_state_enter(spa, SCL_NONE); 4862 4863 if (zc->zc_guid == 0) { 4864 vd = NULL; 4865 } else { 4866 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE); 4867 if (vd == NULL) { 4868 (void) spa_vdev_state_exit(spa, NULL, ENODEV); 4869 spa_close(spa, FTAG); 4870 return (SET_ERROR(ENODEV)); 4871 } 4872 } 4873 4874 vdev_clear(spa, vd); 4875 4876 (void) spa_vdev_state_exit(spa, NULL, 0); 4877 4878 /* 4879 * Resume any suspended I/Os. 4880 */ 4881 if (zio_resume(spa) != 0) 4882 error = SET_ERROR(EIO); 4883 4884 spa_close(spa, FTAG); 4885 4886 return (error); 4887 } 4888 4889 static int 4890 zfs_ioc_pool_reopen(zfs_cmd_t *zc) 4891 { 4892 spa_t *spa; 4893 int error; 4894 4895 error = spa_open(zc->zc_name, &spa, FTAG); 4896 if (error != 0) 4897 return (error); 4898 4899 spa_vdev_state_enter(spa, SCL_NONE); 4900 4901 /* 4902 * If a resilver is already in progress then set the 4903 * spa_scrub_reopen flag to B_TRUE so that we don't restart 4904 * the scan as a side effect of the reopen. Otherwise, let 4905 * vdev_open() decided if a resilver is required. 4906 */ 4907 spa->spa_scrub_reopen = dsl_scan_resilvering(spa->spa_dsl_pool); 4908 vdev_reopen(spa->spa_root_vdev); 4909 spa->spa_scrub_reopen = B_FALSE; 4910 4911 (void) spa_vdev_state_exit(spa, NULL, 0); 4912 spa_close(spa, FTAG); 4913 return (0); 4914 } 4915 /* 4916 * inputs: 4917 * zc_name name of filesystem 4918 * zc_value name of origin snapshot 4919 * 4920 * outputs: 4921 * zc_string name of conflicting snapshot, if there is one 4922 */ 4923 static int 4924 zfs_ioc_promote(zfs_cmd_t *zc) 4925 { 4926 char *cp; 4927 4928 /* 4929 * We don't need to unmount *all* the origin fs's snapshots, but 4930 * it's easier. 4931 */ 4932 cp = strchr(zc->zc_value, '@'); 4933 if (cp) 4934 *cp = '\0'; 4935 (void) dmu_objset_find(zc->zc_value, 4936 zfs_unmount_snap_cb, NULL, DS_FIND_SNAPSHOTS); 4937 return (dsl_dataset_promote(zc->zc_name, zc->zc_string)); 4938 } 4939 4940 /* 4941 * Retrieve a single {user|group}{used|quota}@... property. 4942 * 4943 * inputs: 4944 * zc_name name of filesystem 4945 * zc_objset_type zfs_userquota_prop_t 4946 * zc_value domain name (eg. "S-1-234-567-89") 4947 * zc_guid RID/UID/GID 4948 * 4949 * outputs: 4950 * zc_cookie property value 4951 */ 4952 static int 4953 zfs_ioc_userspace_one(zfs_cmd_t *zc) 4954 { 4955 zfsvfs_t *zfsvfs; 4956 int error; 4957 4958 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 4959 return (SET_ERROR(EINVAL)); 4960 4961 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE); 4962 if (error != 0) 4963 return (error); 4964 4965 error = zfs_userspace_one(zfsvfs, 4966 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie); 4967 zfsvfs_rele(zfsvfs, FTAG); 4968 4969 return (error); 4970 } 4971 4972 /* 4973 * inputs: 4974 * zc_name name of filesystem 4975 * zc_cookie zap cursor 4976 * zc_objset_type zfs_userquota_prop_t 4977 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist) 4978 * 4979 * outputs: 4980 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t) 4981 * zc_cookie zap cursor 4982 */ 4983 static int 4984 zfs_ioc_userspace_many(zfs_cmd_t *zc) 4985 { 4986 zfsvfs_t *zfsvfs; 4987 int bufsize = zc->zc_nvlist_dst_size; 4988 4989 if (bufsize <= 0) 4990 return (SET_ERROR(ENOMEM)); 4991 4992 int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE); 4993 if (error != 0) 4994 return (error); 4995 4996 void *buf = kmem_alloc(bufsize, KM_SLEEP); 4997 4998 error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie, 4999 buf, &zc->zc_nvlist_dst_size); 5000 5001 if (error == 0) { 5002 error = ddi_copyout(buf, 5003 (void *)(uintptr_t)zc->zc_nvlist_dst, 5004 zc->zc_nvlist_dst_size, zc->zc_iflags); 5005 } 5006 kmem_free(buf, bufsize); 5007 zfsvfs_rele(zfsvfs, FTAG); 5008 5009 return (error); 5010 } 5011 5012 /* 5013 * inputs: 5014 * zc_name name of filesystem 5015 * 5016 * outputs: 5017 * none 5018 */ 5019 static int 5020 zfs_ioc_userspace_upgrade(zfs_cmd_t *zc) 5021 { 5022 objset_t *os; 5023 int error = 0; 5024 zfsvfs_t *zfsvfs; 5025 5026 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) { 5027 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) { 5028 /* 5029 * If userused is not enabled, it may be because the 5030 * objset needs to be closed & reopened (to grow the 5031 * objset_phys_t). Suspend/resume the fs will do that. 5032 */ 5033 dsl_dataset_t *ds; 5034 5035 ds = dmu_objset_ds(zfsvfs->z_os); 5036 error = zfs_suspend_fs(zfsvfs); 5037 if (error == 0) { 5038 dmu_objset_refresh_ownership(zfsvfs->z_os, 5039 zfsvfs); 5040 error = zfs_resume_fs(zfsvfs, ds); 5041 } 5042 } 5043 if (error == 0) 5044 error = dmu_objset_userspace_upgrade(zfsvfs->z_os); 5045 #ifdef illumos 5046 VFS_RELE(zfsvfs->z_vfs); 5047 #else 5048 vfs_unbusy(zfsvfs->z_vfs); 5049 #endif 5050 } else { 5051 /* XXX kind of reading contents without owning */ 5052 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 5053 if (error != 0) 5054 return (error); 5055 5056 error = dmu_objset_userspace_upgrade(os); 5057 dmu_objset_rele(os, FTAG); 5058 } 5059 5060 return (error); 5061 } 5062 5063 #ifdef illumos 5064 /* 5065 * We don't want to have a hard dependency 5066 * against some special symbols in sharefs 5067 * nfs, and smbsrv. Determine them if needed when 5068 * the first file system is shared. 5069 * Neither sharefs, nfs or smbsrv are unloadable modules. 5070 */ 5071 int (*znfsexport_fs)(void *arg); 5072 int (*zshare_fs)(enum sharefs_sys_op, share_t *, uint32_t); 5073 int (*zsmbexport_fs)(void *arg, boolean_t add_share); 5074 5075 int zfs_nfsshare_inited; 5076 int zfs_smbshare_inited; 5077 5078 ddi_modhandle_t nfs_mod; 5079 ddi_modhandle_t sharefs_mod; 5080 ddi_modhandle_t smbsrv_mod; 5081 #endif /* illumos */ 5082 kmutex_t zfs_share_lock; 5083 5084 #ifdef illumos 5085 static int 5086 zfs_init_sharefs() 5087 { 5088 int error; 5089 5090 ASSERT(MUTEX_HELD(&zfs_share_lock)); 5091 /* Both NFS and SMB shares also require sharetab support. */ 5092 if (sharefs_mod == NULL && ((sharefs_mod = 5093 ddi_modopen("fs/sharefs", 5094 KRTLD_MODE_FIRST, &error)) == NULL)) { 5095 return (SET_ERROR(ENOSYS)); 5096 } 5097 if (zshare_fs == NULL && ((zshare_fs = 5098 (int (*)(enum sharefs_sys_op, share_t *, uint32_t)) 5099 ddi_modsym(sharefs_mod, "sharefs_impl", &error)) == NULL)) { 5100 return (SET_ERROR(ENOSYS)); 5101 } 5102 return (0); 5103 } 5104 #endif /* illumos */ 5105 5106 static int 5107 zfs_ioc_share(zfs_cmd_t *zc) 5108 { 5109 #ifdef illumos 5110 int error; 5111 int opcode; 5112 5113 switch (zc->zc_share.z_sharetype) { 5114 case ZFS_SHARE_NFS: 5115 case ZFS_UNSHARE_NFS: 5116 if (zfs_nfsshare_inited == 0) { 5117 mutex_enter(&zfs_share_lock); 5118 if (nfs_mod == NULL && ((nfs_mod = ddi_modopen("fs/nfs", 5119 KRTLD_MODE_FIRST, &error)) == NULL)) { 5120 mutex_exit(&zfs_share_lock); 5121 return (SET_ERROR(ENOSYS)); 5122 } 5123 if (znfsexport_fs == NULL && 5124 ((znfsexport_fs = (int (*)(void *)) 5125 ddi_modsym(nfs_mod, 5126 "nfs_export", &error)) == NULL)) { 5127 mutex_exit(&zfs_share_lock); 5128 return (SET_ERROR(ENOSYS)); 5129 } 5130 error = zfs_init_sharefs(); 5131 if (error != 0) { 5132 mutex_exit(&zfs_share_lock); 5133 return (SET_ERROR(ENOSYS)); 5134 } 5135 zfs_nfsshare_inited = 1; 5136 mutex_exit(&zfs_share_lock); 5137 } 5138 break; 5139 case ZFS_SHARE_SMB: 5140 case ZFS_UNSHARE_SMB: 5141 if (zfs_smbshare_inited == 0) { 5142 mutex_enter(&zfs_share_lock); 5143 if (smbsrv_mod == NULL && ((smbsrv_mod = 5144 ddi_modopen("drv/smbsrv", 5145 KRTLD_MODE_FIRST, &error)) == NULL)) { 5146 mutex_exit(&zfs_share_lock); 5147 return (SET_ERROR(ENOSYS)); 5148 } 5149 if (zsmbexport_fs == NULL && ((zsmbexport_fs = 5150 (int (*)(void *, boolean_t))ddi_modsym(smbsrv_mod, 5151 "smb_server_share", &error)) == NULL)) { 5152 mutex_exit(&zfs_share_lock); 5153 return (SET_ERROR(ENOSYS)); 5154 } 5155 error = zfs_init_sharefs(); 5156 if (error != 0) { 5157 mutex_exit(&zfs_share_lock); 5158 return (SET_ERROR(ENOSYS)); 5159 } 5160 zfs_smbshare_inited = 1; 5161 mutex_exit(&zfs_share_lock); 5162 } 5163 break; 5164 default: 5165 return (SET_ERROR(EINVAL)); 5166 } 5167 5168 switch (zc->zc_share.z_sharetype) { 5169 case ZFS_SHARE_NFS: 5170 case ZFS_UNSHARE_NFS: 5171 if (error = 5172 znfsexport_fs((void *) 5173 (uintptr_t)zc->zc_share.z_exportdata)) 5174 return (error); 5175 break; 5176 case ZFS_SHARE_SMB: 5177 case ZFS_UNSHARE_SMB: 5178 if (error = zsmbexport_fs((void *) 5179 (uintptr_t)zc->zc_share.z_exportdata, 5180 zc->zc_share.z_sharetype == ZFS_SHARE_SMB ? 5181 B_TRUE: B_FALSE)) { 5182 return (error); 5183 } 5184 break; 5185 } 5186 5187 opcode = (zc->zc_share.z_sharetype == ZFS_SHARE_NFS || 5188 zc->zc_share.z_sharetype == ZFS_SHARE_SMB) ? 5189 SHAREFS_ADD : SHAREFS_REMOVE; 5190 5191 /* 5192 * Add or remove share from sharetab 5193 */ 5194 error = zshare_fs(opcode, 5195 (void *)(uintptr_t)zc->zc_share.z_sharedata, 5196 zc->zc_share.z_sharemax); 5197 5198 return (error); 5199 5200 #else /* !illumos */ 5201 return (ENOSYS); 5202 #endif /* illumos */ 5203 } 5204 5205 ace_t full_access[] = { 5206 {(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0} 5207 }; 5208 5209 /* 5210 * inputs: 5211 * zc_name name of containing filesystem 5212 * zc_obj object # beyond which we want next in-use object # 5213 * 5214 * outputs: 5215 * zc_obj next in-use object # 5216 */ 5217 static int 5218 zfs_ioc_next_obj(zfs_cmd_t *zc) 5219 { 5220 objset_t *os = NULL; 5221 int error; 5222 5223 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 5224 if (error != 0) 5225 return (error); 5226 5227 error = dmu_object_next(os, &zc->zc_obj, B_FALSE, 5228 dsl_dataset_phys(os->os_dsl_dataset)->ds_prev_snap_txg); 5229 5230 dmu_objset_rele(os, FTAG); 5231 return (error); 5232 } 5233 5234 /* 5235 * inputs: 5236 * zc_name name of filesystem 5237 * zc_value prefix name for snapshot 5238 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process 5239 * 5240 * outputs: 5241 * zc_value short name of new snapshot 5242 */ 5243 static int 5244 zfs_ioc_tmp_snapshot(zfs_cmd_t *zc) 5245 { 5246 char *snap_name; 5247 char *hold_name; 5248 int error; 5249 minor_t minor; 5250 5251 error = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor); 5252 if (error != 0) 5253 return (error); 5254 5255 snap_name = kmem_asprintf("%s-%016llx", zc->zc_value, 5256 (u_longlong_t)ddi_get_lbolt64()); 5257 hold_name = kmem_asprintf("%%%s", zc->zc_value); 5258 5259 error = dsl_dataset_snapshot_tmp(zc->zc_name, snap_name, minor, 5260 hold_name); 5261 if (error == 0) 5262 (void) strcpy(zc->zc_value, snap_name); 5263 strfree(snap_name); 5264 strfree(hold_name); 5265 zfs_onexit_fd_rele(zc->zc_cleanup_fd); 5266 return (error); 5267 } 5268 5269 /* 5270 * inputs: 5271 * zc_name name of "to" snapshot 5272 * zc_value name of "from" snapshot 5273 * zc_cookie file descriptor to write diff data on 5274 * 5275 * outputs: 5276 * dmu_diff_record_t's to the file descriptor 5277 */ 5278 static int 5279 zfs_ioc_diff(zfs_cmd_t *zc) 5280 { 5281 file_t *fp; 5282 offset_t off; 5283 int error; 5284 5285 #ifdef __FreeBSD__ 5286 cap_rights_t rights; 5287 5288 fget_write(curthread, zc->zc_cookie, 5289 cap_rights_init(&rights, CAP_WRITE), &fp); 5290 #else 5291 fp = getf(zc->zc_cookie); 5292 #endif 5293 if (fp == NULL) 5294 return (SET_ERROR(EBADF)); 5295 5296 off = fp->f_offset; 5297 5298 error = dmu_diff(zc->zc_name, zc->zc_value, fp, &off); 5299 5300 if (off >= 0 && off <= MAXOFFSET_T) 5301 fp->f_offset = off; 5302 releasef(zc->zc_cookie); 5303 5304 return (error); 5305 } 5306 5307 #ifdef illumos 5308 /* 5309 * Remove all ACL files in shares dir 5310 */ 5311 static int 5312 zfs_smb_acl_purge(znode_t *dzp) 5313 { 5314 zap_cursor_t zc; 5315 zap_attribute_t zap; 5316 zfsvfs_t *zfsvfs = dzp->z_zfsvfs; 5317 int error; 5318 5319 for (zap_cursor_init(&zc, zfsvfs->z_os, dzp->z_id); 5320 (error = zap_cursor_retrieve(&zc, &zap)) == 0; 5321 zap_cursor_advance(&zc)) { 5322 if ((error = VOP_REMOVE(ZTOV(dzp), zap.za_name, kcred, 5323 NULL, 0)) != 0) 5324 break; 5325 } 5326 zap_cursor_fini(&zc); 5327 return (error); 5328 } 5329 #endif /* illumos */ 5330 5331 static int 5332 zfs_ioc_smb_acl(zfs_cmd_t *zc) 5333 { 5334 #ifdef illumos 5335 vnode_t *vp; 5336 znode_t *dzp; 5337 vnode_t *resourcevp = NULL; 5338 znode_t *sharedir; 5339 zfsvfs_t *zfsvfs; 5340 nvlist_t *nvlist; 5341 char *src, *target; 5342 vattr_t vattr; 5343 vsecattr_t vsec; 5344 int error = 0; 5345 5346 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE, 5347 NO_FOLLOW, NULL, &vp)) != 0) 5348 return (error); 5349 5350 /* Now make sure mntpnt and dataset are ZFS */ 5351 5352 if (strcmp(vp->v_vfsp->mnt_stat.f_fstypename, "zfs") != 0 || 5353 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource), 5354 zc->zc_name) != 0)) { 5355 VN_RELE(vp); 5356 return (SET_ERROR(EINVAL)); 5357 } 5358 5359 dzp = VTOZ(vp); 5360 zfsvfs = dzp->z_zfsvfs; 5361 ZFS_ENTER(zfsvfs); 5362 5363 /* 5364 * Create share dir if its missing. 5365 */ 5366 mutex_enter(&zfsvfs->z_lock); 5367 if (zfsvfs->z_shares_dir == 0) { 5368 dmu_tx_t *tx; 5369 5370 tx = dmu_tx_create(zfsvfs->z_os); 5371 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, TRUE, 5372 ZFS_SHARES_DIR); 5373 dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL); 5374 error = dmu_tx_assign(tx, TXG_WAIT); 5375 if (error != 0) { 5376 dmu_tx_abort(tx); 5377 } else { 5378 error = zfs_create_share_dir(zfsvfs, tx); 5379 dmu_tx_commit(tx); 5380 } 5381 if (error != 0) { 5382 mutex_exit(&zfsvfs->z_lock); 5383 VN_RELE(vp); 5384 ZFS_EXIT(zfsvfs); 5385 return (error); 5386 } 5387 } 5388 mutex_exit(&zfsvfs->z_lock); 5389 5390 ASSERT(zfsvfs->z_shares_dir); 5391 if ((error = zfs_zget(zfsvfs, zfsvfs->z_shares_dir, &sharedir)) != 0) { 5392 VN_RELE(vp); 5393 ZFS_EXIT(zfsvfs); 5394 return (error); 5395 } 5396 5397 switch (zc->zc_cookie) { 5398 case ZFS_SMB_ACL_ADD: 5399 vattr.va_mask = AT_MODE|AT_UID|AT_GID|AT_TYPE; 5400 vattr.va_type = VREG; 5401 vattr.va_mode = S_IFREG|0777; 5402 vattr.va_uid = 0; 5403 vattr.va_gid = 0; 5404 5405 vsec.vsa_mask = VSA_ACE; 5406 vsec.vsa_aclentp = &full_access; 5407 vsec.vsa_aclentsz = sizeof (full_access); 5408 vsec.vsa_aclcnt = 1; 5409 5410 error = VOP_CREATE(ZTOV(sharedir), zc->zc_string, 5411 &vattr, EXCL, 0, &resourcevp, kcred, 0, NULL, &vsec); 5412 if (resourcevp) 5413 VN_RELE(resourcevp); 5414 break; 5415 5416 case ZFS_SMB_ACL_REMOVE: 5417 error = VOP_REMOVE(ZTOV(sharedir), zc->zc_string, kcred, 5418 NULL, 0); 5419 break; 5420 5421 case ZFS_SMB_ACL_RENAME: 5422 if ((error = get_nvlist(zc->zc_nvlist_src, 5423 zc->zc_nvlist_src_size, zc->zc_iflags, &nvlist)) != 0) { 5424 VN_RELE(vp); 5425 VN_RELE(ZTOV(sharedir)); 5426 ZFS_EXIT(zfsvfs); 5427 return (error); 5428 } 5429 if (nvlist_lookup_string(nvlist, ZFS_SMB_ACL_SRC, &src) || 5430 nvlist_lookup_string(nvlist, ZFS_SMB_ACL_TARGET, 5431 &target)) { 5432 VN_RELE(vp); 5433 VN_RELE(ZTOV(sharedir)); 5434 ZFS_EXIT(zfsvfs); 5435 nvlist_free(nvlist); 5436 return (error); 5437 } 5438 error = VOP_RENAME(ZTOV(sharedir), src, ZTOV(sharedir), target, 5439 kcred, NULL, 0); 5440 nvlist_free(nvlist); 5441 break; 5442 5443 case ZFS_SMB_ACL_PURGE: 5444 error = zfs_smb_acl_purge(sharedir); 5445 break; 5446 5447 default: 5448 error = SET_ERROR(EINVAL); 5449 break; 5450 } 5451 5452 VN_RELE(vp); 5453 VN_RELE(ZTOV(sharedir)); 5454 5455 ZFS_EXIT(zfsvfs); 5456 5457 return (error); 5458 #else /* !illumos */ 5459 return (EOPNOTSUPP); 5460 #endif /* illumos */ 5461 } 5462 5463 /* 5464 * innvl: { 5465 * "holds" -> { snapname -> holdname (string), ... } 5466 * (optional) "cleanup_fd" -> fd (int32) 5467 * } 5468 * 5469 * outnvl: { 5470 * snapname -> error value (int32) 5471 * ... 5472 * } 5473 */ 5474 /* ARGSUSED */ 5475 static int 5476 zfs_ioc_hold(const char *pool, nvlist_t *args, nvlist_t *errlist) 5477 { 5478 nvpair_t *pair; 5479 nvlist_t *holds; 5480 int cleanup_fd = -1; 5481 int error; 5482 minor_t minor = 0; 5483 5484 error = nvlist_lookup_nvlist(args, "holds", &holds); 5485 if (error != 0) 5486 return (SET_ERROR(EINVAL)); 5487 5488 /* make sure the user didn't pass us any invalid (empty) tags */ 5489 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL; 5490 pair = nvlist_next_nvpair(holds, pair)) { 5491 char *htag; 5492 5493 error = nvpair_value_string(pair, &htag); 5494 if (error != 0) 5495 return (SET_ERROR(error)); 5496 5497 if (strlen(htag) == 0) 5498 return (SET_ERROR(EINVAL)); 5499 } 5500 5501 if (nvlist_lookup_int32(args, "cleanup_fd", &cleanup_fd) == 0) { 5502 error = zfs_onexit_fd_hold(cleanup_fd, &minor); 5503 if (error != 0) 5504 return (error); 5505 } 5506 5507 error = dsl_dataset_user_hold(holds, minor, errlist); 5508 if (minor != 0) 5509 zfs_onexit_fd_rele(cleanup_fd); 5510 return (error); 5511 } 5512 5513 /* 5514 * innvl is not used. 5515 * 5516 * outnvl: { 5517 * holdname -> time added (uint64 seconds since epoch) 5518 * ... 5519 * } 5520 */ 5521 /* ARGSUSED */ 5522 static int 5523 zfs_ioc_get_holds(const char *snapname, nvlist_t *args, nvlist_t *outnvl) 5524 { 5525 return (dsl_dataset_get_holds(snapname, outnvl)); 5526 } 5527 5528 /* 5529 * innvl: { 5530 * snapname -> { holdname, ... } 5531 * ... 5532 * } 5533 * 5534 * outnvl: { 5535 * snapname -> error value (int32) 5536 * ... 5537 * } 5538 */ 5539 /* ARGSUSED */ 5540 static int 5541 zfs_ioc_release(const char *pool, nvlist_t *holds, nvlist_t *errlist) 5542 { 5543 return (dsl_dataset_user_release(holds, errlist)); 5544 } 5545 5546 /* 5547 * inputs: 5548 * zc_name name of new filesystem or snapshot 5549 * zc_value full name of old snapshot 5550 * 5551 * outputs: 5552 * zc_cookie space in bytes 5553 * zc_objset_type compressed space in bytes 5554 * zc_perm_action uncompressed space in bytes 5555 */ 5556 static int 5557 zfs_ioc_space_written(zfs_cmd_t *zc) 5558 { 5559 int error; 5560 dsl_pool_t *dp; 5561 dsl_dataset_t *new, *old; 5562 5563 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 5564 if (error != 0) 5565 return (error); 5566 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &new); 5567 if (error != 0) { 5568 dsl_pool_rele(dp, FTAG); 5569 return (error); 5570 } 5571 error = dsl_dataset_hold(dp, zc->zc_value, FTAG, &old); 5572 if (error != 0) { 5573 dsl_dataset_rele(new, FTAG); 5574 dsl_pool_rele(dp, FTAG); 5575 return (error); 5576 } 5577 5578 error = dsl_dataset_space_written(old, new, &zc->zc_cookie, 5579 &zc->zc_objset_type, &zc->zc_perm_action); 5580 dsl_dataset_rele(old, FTAG); 5581 dsl_dataset_rele(new, FTAG); 5582 dsl_pool_rele(dp, FTAG); 5583 return (error); 5584 } 5585 5586 /* 5587 * innvl: { 5588 * "firstsnap" -> snapshot name 5589 * } 5590 * 5591 * outnvl: { 5592 * "used" -> space in bytes 5593 * "compressed" -> compressed space in bytes 5594 * "uncompressed" -> uncompressed space in bytes 5595 * } 5596 */ 5597 static int 5598 zfs_ioc_space_snaps(const char *lastsnap, nvlist_t *innvl, nvlist_t *outnvl) 5599 { 5600 int error; 5601 dsl_pool_t *dp; 5602 dsl_dataset_t *new, *old; 5603 char *firstsnap; 5604 uint64_t used, comp, uncomp; 5605 5606 if (nvlist_lookup_string(innvl, "firstsnap", &firstsnap) != 0) 5607 return (SET_ERROR(EINVAL)); 5608 5609 error = dsl_pool_hold(lastsnap, FTAG, &dp); 5610 if (error != 0) 5611 return (error); 5612 5613 error = dsl_dataset_hold(dp, lastsnap, FTAG, &new); 5614 if (error == 0 && !new->ds_is_snapshot) { 5615 dsl_dataset_rele(new, FTAG); 5616 error = SET_ERROR(EINVAL); 5617 } 5618 if (error != 0) { 5619 dsl_pool_rele(dp, FTAG); 5620 return (error); 5621 } 5622 error = dsl_dataset_hold(dp, firstsnap, FTAG, &old); 5623 if (error == 0 && !old->ds_is_snapshot) { 5624 dsl_dataset_rele(old, FTAG); 5625 error = SET_ERROR(EINVAL); 5626 } 5627 if (error != 0) { 5628 dsl_dataset_rele(new, FTAG); 5629 dsl_pool_rele(dp, FTAG); 5630 return (error); 5631 } 5632 5633 error = dsl_dataset_space_wouldfree(old, new, &used, &comp, &uncomp); 5634 dsl_dataset_rele(old, FTAG); 5635 dsl_dataset_rele(new, FTAG); 5636 dsl_pool_rele(dp, FTAG); 5637 fnvlist_add_uint64(outnvl, "used", used); 5638 fnvlist_add_uint64(outnvl, "compressed", comp); 5639 fnvlist_add_uint64(outnvl, "uncompressed", uncomp); 5640 return (error); 5641 } 5642 5643 #ifdef __FreeBSD__ 5644 5645 static int 5646 zfs_ioc_jail(zfs_cmd_t *zc) 5647 { 5648 5649 return (zone_dataset_attach(curthread->td_ucred, zc->zc_name, 5650 (int)zc->zc_jailid)); 5651 } 5652 5653 static int 5654 zfs_ioc_unjail(zfs_cmd_t *zc) 5655 { 5656 5657 return (zone_dataset_detach(curthread->td_ucred, zc->zc_name, 5658 (int)zc->zc_jailid)); 5659 } 5660 5661 #endif 5662 5663 /* 5664 * innvl: { 5665 * "fd" -> file descriptor to write stream to (int32) 5666 * (optional) "fromsnap" -> full snap name to send an incremental from 5667 * (optional) "largeblockok" -> (value ignored) 5668 * indicates that blocks > 128KB are permitted 5669 * (optional) "embedok" -> (value ignored) 5670 * presence indicates DRR_WRITE_EMBEDDED records are permitted 5671 * (optional) "resume_object" and "resume_offset" -> (uint64) 5672 * if present, resume send stream from specified object and offset. 5673 * } 5674 * 5675 * outnvl is unused 5676 */ 5677 /* ARGSUSED */ 5678 static int 5679 zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl) 5680 { 5681 int error; 5682 offset_t off; 5683 char *fromname = NULL; 5684 int fd; 5685 boolean_t largeblockok; 5686 boolean_t embedok; 5687 uint64_t resumeobj = 0; 5688 uint64_t resumeoff = 0; 5689 5690 error = nvlist_lookup_int32(innvl, "fd", &fd); 5691 if (error != 0) 5692 return (SET_ERROR(EINVAL)); 5693 5694 (void) nvlist_lookup_string(innvl, "fromsnap", &fromname); 5695 5696 largeblockok = nvlist_exists(innvl, "largeblockok"); 5697 embedok = nvlist_exists(innvl, "embedok"); 5698 5699 (void) nvlist_lookup_uint64(innvl, "resume_object", &resumeobj); 5700 (void) nvlist_lookup_uint64(innvl, "resume_offset", &resumeoff); 5701 5702 #ifdef __FreeBSD__ 5703 cap_rights_t rights; 5704 5705 fget_write(curthread, fd, cap_rights_init(&rights, CAP_WRITE), &fp); 5706 #else 5707 file_t *fp = getf(fd); 5708 #endif 5709 if (fp == NULL) 5710 return (SET_ERROR(EBADF)); 5711 5712 off = fp->f_offset; 5713 error = dmu_send(snapname, fromname, embedok, largeblockok, fd, 5714 #ifdef illumos 5715 resumeobj, resumeoff, fp->f_vnode, &off); 5716 #else 5717 resumeobj, resumeoff, fp, &off); 5718 #endif 5719 5720 #ifdef illumos 5721 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0) 5722 fp->f_offset = off; 5723 #else 5724 fp->f_offset = off; 5725 #endif 5726 5727 releasef(fd); 5728 return (error); 5729 } 5730 5731 /* 5732 * Determine approximately how large a zfs send stream will be -- the number 5733 * of bytes that will be written to the fd supplied to zfs_ioc_send_new(). 5734 * 5735 * innvl: { 5736 * (optional) "from" -> full snap or bookmark name to send an incremental 5737 * from 5738 * } 5739 * 5740 * outnvl: { 5741 * "space" -> bytes of space (uint64) 5742 * } 5743 */ 5744 static int 5745 zfs_ioc_send_space(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl) 5746 { 5747 dsl_pool_t *dp; 5748 dsl_dataset_t *tosnap; 5749 int error; 5750 char *fromname; 5751 uint64_t space; 5752 5753 error = dsl_pool_hold(snapname, FTAG, &dp); 5754 if (error != 0) 5755 return (error); 5756 5757 error = dsl_dataset_hold(dp, snapname, FTAG, &tosnap); 5758 if (error != 0) { 5759 dsl_pool_rele(dp, FTAG); 5760 return (error); 5761 } 5762 5763 error = nvlist_lookup_string(innvl, "from", &fromname); 5764 if (error == 0) { 5765 if (strchr(fromname, '@') != NULL) { 5766 /* 5767 * If from is a snapshot, hold it and use the more 5768 * efficient dmu_send_estimate to estimate send space 5769 * size using deadlists. 5770 */ 5771 dsl_dataset_t *fromsnap; 5772 error = dsl_dataset_hold(dp, fromname, FTAG, &fromsnap); 5773 if (error != 0) 5774 goto out; 5775 error = dmu_send_estimate(tosnap, fromsnap, &space); 5776 dsl_dataset_rele(fromsnap, FTAG); 5777 } else if (strchr(fromname, '#') != NULL) { 5778 /* 5779 * If from is a bookmark, fetch the creation TXG of the 5780 * snapshot it was created from and use that to find 5781 * blocks that were born after it. 5782 */ 5783 zfs_bookmark_phys_t frombm; 5784 5785 error = dsl_bookmark_lookup(dp, fromname, tosnap, 5786 &frombm); 5787 if (error != 0) 5788 goto out; 5789 error = dmu_send_estimate_from_txg(tosnap, 5790 frombm.zbm_creation_txg, &space); 5791 } else { 5792 /* 5793 * from is not properly formatted as a snapshot or 5794 * bookmark 5795 */ 5796 error = SET_ERROR(EINVAL); 5797 goto out; 5798 } 5799 } else { 5800 // If estimating the size of a full send, use dmu_send_estimate 5801 error = dmu_send_estimate(tosnap, NULL, &space); 5802 } 5803 5804 fnvlist_add_uint64(outnvl, "space", space); 5805 5806 out: 5807 dsl_dataset_rele(tosnap, FTAG); 5808 dsl_pool_rele(dp, FTAG); 5809 return (error); 5810 } 5811 5812 static zfs_ioc_vec_t zfs_ioc_vec[ZFS_IOC_LAST - ZFS_IOC_FIRST]; 5813 5814 static void 5815 zfs_ioctl_register_legacy(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 5816 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck, 5817 boolean_t log_history, zfs_ioc_poolcheck_t pool_check) 5818 { 5819 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST]; 5820 5821 ASSERT3U(ioc, >=, ZFS_IOC_FIRST); 5822 ASSERT3U(ioc, <, ZFS_IOC_LAST); 5823 ASSERT3P(vec->zvec_legacy_func, ==, NULL); 5824 ASSERT3P(vec->zvec_func, ==, NULL); 5825 5826 vec->zvec_legacy_func = func; 5827 vec->zvec_secpolicy = secpolicy; 5828 vec->zvec_namecheck = namecheck; 5829 vec->zvec_allow_log = log_history; 5830 vec->zvec_pool_check = pool_check; 5831 } 5832 5833 /* 5834 * See the block comment at the beginning of this file for details on 5835 * each argument to this function. 5836 */ 5837 static void 5838 zfs_ioctl_register(const char *name, zfs_ioc_t ioc, zfs_ioc_func_t *func, 5839 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck, 5840 zfs_ioc_poolcheck_t pool_check, boolean_t smush_outnvlist, 5841 boolean_t allow_log) 5842 { 5843 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST]; 5844 5845 ASSERT3U(ioc, >=, ZFS_IOC_FIRST); 5846 ASSERT3U(ioc, <, ZFS_IOC_LAST); 5847 ASSERT3P(vec->zvec_legacy_func, ==, NULL); 5848 ASSERT3P(vec->zvec_func, ==, NULL); 5849 5850 /* if we are logging, the name must be valid */ 5851 ASSERT(!allow_log || namecheck != NO_NAME); 5852 5853 vec->zvec_name = name; 5854 vec->zvec_func = func; 5855 vec->zvec_secpolicy = secpolicy; 5856 vec->zvec_namecheck = namecheck; 5857 vec->zvec_pool_check = pool_check; 5858 vec->zvec_smush_outnvlist = smush_outnvlist; 5859 vec->zvec_allow_log = allow_log; 5860 } 5861 5862 static void 5863 zfs_ioctl_register_pool(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 5864 zfs_secpolicy_func_t *secpolicy, boolean_t log_history, 5865 zfs_ioc_poolcheck_t pool_check) 5866 { 5867 zfs_ioctl_register_legacy(ioc, func, secpolicy, 5868 POOL_NAME, log_history, pool_check); 5869 } 5870 5871 static void 5872 zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 5873 zfs_secpolicy_func_t *secpolicy, zfs_ioc_poolcheck_t pool_check) 5874 { 5875 zfs_ioctl_register_legacy(ioc, func, secpolicy, 5876 DATASET_NAME, B_FALSE, pool_check); 5877 } 5878 5879 static void 5880 zfs_ioctl_register_pool_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func) 5881 { 5882 zfs_ioctl_register_legacy(ioc, func, zfs_secpolicy_config, 5883 POOL_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 5884 } 5885 5886 static void 5887 zfs_ioctl_register_pool_meta(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 5888 zfs_secpolicy_func_t *secpolicy) 5889 { 5890 zfs_ioctl_register_legacy(ioc, func, secpolicy, 5891 NO_NAME, B_FALSE, POOL_CHECK_NONE); 5892 } 5893 5894 static void 5895 zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc, 5896 zfs_ioc_legacy_func_t *func, zfs_secpolicy_func_t *secpolicy) 5897 { 5898 zfs_ioctl_register_legacy(ioc, func, secpolicy, 5899 DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED); 5900 } 5901 5902 static void 5903 zfs_ioctl_register_dataset_read(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func) 5904 { 5905 zfs_ioctl_register_dataset_read_secpolicy(ioc, func, 5906 zfs_secpolicy_read); 5907 } 5908 5909 static void 5910 zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 5911 zfs_secpolicy_func_t *secpolicy) 5912 { 5913 zfs_ioctl_register_legacy(ioc, func, secpolicy, 5914 DATASET_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 5915 } 5916 5917 static void 5918 zfs_ioctl_init(void) 5919 { 5920 zfs_ioctl_register("snapshot", ZFS_IOC_SNAPSHOT, 5921 zfs_ioc_snapshot, zfs_secpolicy_snapshot, POOL_NAME, 5922 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5923 5924 zfs_ioctl_register("log_history", ZFS_IOC_LOG_HISTORY, 5925 zfs_ioc_log_history, zfs_secpolicy_log_history, NO_NAME, 5926 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE); 5927 5928 zfs_ioctl_register("space_snaps", ZFS_IOC_SPACE_SNAPS, 5929 zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME, 5930 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE); 5931 5932 zfs_ioctl_register("send", ZFS_IOC_SEND_NEW, 5933 zfs_ioc_send_new, zfs_secpolicy_send_new, DATASET_NAME, 5934 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE); 5935 5936 zfs_ioctl_register("send_space", ZFS_IOC_SEND_SPACE, 5937 zfs_ioc_send_space, zfs_secpolicy_read, DATASET_NAME, 5938 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE); 5939 5940 zfs_ioctl_register("create", ZFS_IOC_CREATE, 5941 zfs_ioc_create, zfs_secpolicy_create_clone, DATASET_NAME, 5942 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5943 5944 zfs_ioctl_register("clone", ZFS_IOC_CLONE, 5945 zfs_ioc_clone, zfs_secpolicy_create_clone, DATASET_NAME, 5946 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5947 5948 zfs_ioctl_register("destroy_snaps", ZFS_IOC_DESTROY_SNAPS, 5949 zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, POOL_NAME, 5950 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5951 5952 zfs_ioctl_register("hold", ZFS_IOC_HOLD, 5953 zfs_ioc_hold, zfs_secpolicy_hold, POOL_NAME, 5954 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5955 zfs_ioctl_register("release", ZFS_IOC_RELEASE, 5956 zfs_ioc_release, zfs_secpolicy_release, POOL_NAME, 5957 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5958 5959 zfs_ioctl_register("get_holds", ZFS_IOC_GET_HOLDS, 5960 zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME, 5961 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE); 5962 5963 zfs_ioctl_register("rollback", ZFS_IOC_ROLLBACK, 5964 zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME, 5965 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE); 5966 5967 zfs_ioctl_register("bookmark", ZFS_IOC_BOOKMARK, 5968 zfs_ioc_bookmark, zfs_secpolicy_bookmark, POOL_NAME, 5969 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5970 5971 zfs_ioctl_register("get_bookmarks", ZFS_IOC_GET_BOOKMARKS, 5972 zfs_ioc_get_bookmarks, zfs_secpolicy_read, DATASET_NAME, 5973 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE); 5974 5975 zfs_ioctl_register("destroy_bookmarks", ZFS_IOC_DESTROY_BOOKMARKS, 5976 zfs_ioc_destroy_bookmarks, zfs_secpolicy_destroy_bookmarks, 5977 POOL_NAME, 5978 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5979 5980 /* IOCTLS that use the legacy function signature */ 5981 5982 zfs_ioctl_register_legacy(ZFS_IOC_POOL_FREEZE, zfs_ioc_pool_freeze, 5983 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_READONLY); 5984 5985 zfs_ioctl_register_pool(ZFS_IOC_POOL_CREATE, zfs_ioc_pool_create, 5986 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE); 5987 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SCAN, 5988 zfs_ioc_pool_scan); 5989 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_UPGRADE, 5990 zfs_ioc_pool_upgrade); 5991 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ADD, 5992 zfs_ioc_vdev_add); 5993 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_REMOVE, 5994 zfs_ioc_vdev_remove); 5995 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SET_STATE, 5996 zfs_ioc_vdev_set_state); 5997 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ATTACH, 5998 zfs_ioc_vdev_attach); 5999 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_DETACH, 6000 zfs_ioc_vdev_detach); 6001 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETPATH, 6002 zfs_ioc_vdev_setpath); 6003 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETFRU, 6004 zfs_ioc_vdev_setfru); 6005 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SET_PROPS, 6006 zfs_ioc_pool_set_props); 6007 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SPLIT, 6008 zfs_ioc_vdev_split); 6009 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_REGUID, 6010 zfs_ioc_pool_reguid); 6011 6012 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_CONFIGS, 6013 zfs_ioc_pool_configs, zfs_secpolicy_none); 6014 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_TRYIMPORT, 6015 zfs_ioc_pool_tryimport, zfs_secpolicy_config); 6016 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_FAULT, 6017 zfs_ioc_inject_fault, zfs_secpolicy_inject); 6018 zfs_ioctl_register_pool_meta(ZFS_IOC_CLEAR_FAULT, 6019 zfs_ioc_clear_fault, zfs_secpolicy_inject); 6020 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_LIST_NEXT, 6021 zfs_ioc_inject_list_next, zfs_secpolicy_inject); 6022 6023 /* 6024 * pool destroy, and export don't log the history as part of 6025 * zfsdev_ioctl, but rather zfs_ioc_pool_export 6026 * does the logging of those commands. 6027 */ 6028 zfs_ioctl_register_pool(ZFS_IOC_POOL_DESTROY, zfs_ioc_pool_destroy, 6029 zfs_secpolicy_config, B_FALSE, POOL_CHECK_NONE); 6030 zfs_ioctl_register_pool(ZFS_IOC_POOL_EXPORT, zfs_ioc_pool_export, 6031 zfs_secpolicy_config, B_FALSE, POOL_CHECK_NONE); 6032 6033 zfs_ioctl_register_pool(ZFS_IOC_POOL_STATS, zfs_ioc_pool_stats, 6034 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE); 6035 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_PROPS, zfs_ioc_pool_get_props, 6036 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE); 6037 6038 zfs_ioctl_register_pool(ZFS_IOC_ERROR_LOG, zfs_ioc_error_log, 6039 zfs_secpolicy_inject, B_FALSE, POOL_CHECK_NONE); 6040 zfs_ioctl_register_pool(ZFS_IOC_DSOBJ_TO_DSNAME, 6041 zfs_ioc_dsobj_to_dsname, 6042 zfs_secpolicy_diff, B_FALSE, POOL_CHECK_NONE); 6043 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_HISTORY, 6044 zfs_ioc_pool_get_history, 6045 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED); 6046 6047 zfs_ioctl_register_pool(ZFS_IOC_POOL_IMPORT, zfs_ioc_pool_import, 6048 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE); 6049 6050 zfs_ioctl_register_pool(ZFS_IOC_CLEAR, zfs_ioc_clear, 6051 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE); 6052 zfs_ioctl_register_pool(ZFS_IOC_POOL_REOPEN, zfs_ioc_pool_reopen, 6053 zfs_secpolicy_config, B_TRUE, POOL_CHECK_SUSPENDED); 6054 6055 zfs_ioctl_register_dataset_read(ZFS_IOC_SPACE_WRITTEN, 6056 zfs_ioc_space_written); 6057 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_RECVD_PROPS, 6058 zfs_ioc_objset_recvd_props); 6059 zfs_ioctl_register_dataset_read(ZFS_IOC_NEXT_OBJ, 6060 zfs_ioc_next_obj); 6061 zfs_ioctl_register_dataset_read(ZFS_IOC_GET_FSACL, 6062 zfs_ioc_get_fsacl); 6063 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_STATS, 6064 zfs_ioc_objset_stats); 6065 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_ZPLPROPS, 6066 zfs_ioc_objset_zplprops); 6067 zfs_ioctl_register_dataset_read(ZFS_IOC_DATASET_LIST_NEXT, 6068 zfs_ioc_dataset_list_next); 6069 zfs_ioctl_register_dataset_read(ZFS_IOC_SNAPSHOT_LIST_NEXT, 6070 zfs_ioc_snapshot_list_next); 6071 zfs_ioctl_register_dataset_read(ZFS_IOC_SEND_PROGRESS, 6072 zfs_ioc_send_progress); 6073 6074 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_DIFF, 6075 zfs_ioc_diff, zfs_secpolicy_diff); 6076 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_STATS, 6077 zfs_ioc_obj_to_stats, zfs_secpolicy_diff); 6078 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_PATH, 6079 zfs_ioc_obj_to_path, zfs_secpolicy_diff); 6080 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_ONE, 6081 zfs_ioc_userspace_one, zfs_secpolicy_userspace_one); 6082 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_MANY, 6083 zfs_ioc_userspace_many, zfs_secpolicy_userspace_many); 6084 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_SEND, 6085 zfs_ioc_send, zfs_secpolicy_send); 6086 6087 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_PROP, zfs_ioc_set_prop, 6088 zfs_secpolicy_none); 6089 zfs_ioctl_register_dataset_modify(ZFS_IOC_DESTROY, zfs_ioc_destroy, 6090 zfs_secpolicy_destroy); 6091 zfs_ioctl_register_dataset_modify(ZFS_IOC_RENAME, zfs_ioc_rename, 6092 zfs_secpolicy_rename); 6093 zfs_ioctl_register_dataset_modify(ZFS_IOC_RECV, zfs_ioc_recv, 6094 zfs_secpolicy_recv); 6095 zfs_ioctl_register_dataset_modify(ZFS_IOC_PROMOTE, zfs_ioc_promote, 6096 zfs_secpolicy_promote); 6097 zfs_ioctl_register_dataset_modify(ZFS_IOC_INHERIT_PROP, 6098 zfs_ioc_inherit_prop, zfs_secpolicy_inherit_prop); 6099 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_FSACL, zfs_ioc_set_fsacl, 6100 zfs_secpolicy_set_fsacl); 6101 6102 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SHARE, zfs_ioc_share, 6103 zfs_secpolicy_share, POOL_CHECK_NONE); 6104 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SMB_ACL, zfs_ioc_smb_acl, 6105 zfs_secpolicy_smb_acl, POOL_CHECK_NONE); 6106 zfs_ioctl_register_dataset_nolog(ZFS_IOC_USERSPACE_UPGRADE, 6107 zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade, 6108 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 6109 zfs_ioctl_register_dataset_nolog(ZFS_IOC_TMP_SNAPSHOT, 6110 zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot, 6111 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 6112 6113 #ifdef __FreeBSD__ 6114 zfs_ioctl_register_dataset_nolog(ZFS_IOC_JAIL, zfs_ioc_jail, 6115 zfs_secpolicy_config, POOL_CHECK_NONE); 6116 zfs_ioctl_register_dataset_nolog(ZFS_IOC_UNJAIL, zfs_ioc_unjail, 6117 zfs_secpolicy_config, POOL_CHECK_NONE); 6118 zfs_ioctl_register("fbsd_nextboot", ZFS_IOC_NEXTBOOT, 6119 zfs_ioc_nextboot, zfs_secpolicy_config, NO_NAME, 6120 POOL_CHECK_NONE, B_FALSE, B_FALSE); 6121 #endif 6122 } 6123 6124 int 6125 pool_status_check(const char *name, zfs_ioc_namecheck_t type, 6126 zfs_ioc_poolcheck_t check) 6127 { 6128 spa_t *spa; 6129 int error; 6130 6131 ASSERT(type == POOL_NAME || type == DATASET_NAME); 6132 6133 if (check & POOL_CHECK_NONE) 6134 return (0); 6135 6136 error = spa_open(name, &spa, FTAG); 6137 if (error == 0) { 6138 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa)) 6139 error = SET_ERROR(EAGAIN); 6140 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa)) 6141 error = SET_ERROR(EROFS); 6142 spa_close(spa, FTAG); 6143 } 6144 return (error); 6145 } 6146 6147 /* 6148 * Find a free minor number. 6149 */ 6150 minor_t 6151 zfsdev_minor_alloc(void) 6152 { 6153 static minor_t last_minor; 6154 minor_t m; 6155 6156 #ifndef __NetBSD__ 6157 ASSERT(MUTEX_HELD(&spa_namespace_lock)); 6158 #endif 6159 6160 for (m = last_minor + 1; m != last_minor; m++) { 6161 if (m > ZFSDEV_MAX_MINOR) 6162 m = 1; 6163 if (ddi_get_soft_state(zfsdev_state, m) == NULL) { 6164 last_minor = m; 6165 return (m); 6166 } 6167 } 6168 6169 return (0); 6170 } 6171 6172 #ifdef __FreeBSD__ 6173 static int 6174 zfs_ctldev_init(struct cdev *devp) 6175 #else 6176 static int 6177 zfs_ctldev_init(dev_t *devp) 6178 #endif 6179 { 6180 minor_t minor; 6181 zfs_soft_state_t *zs; 6182 6183 ASSERT(MUTEX_HELD(&spa_namespace_lock)); 6184 6185 minor = zfsdev_minor_alloc(); 6186 if (minor == 0) 6187 return (SET_ERROR(ENXIO)); 6188 6189 if (ddi_soft_state_zalloc(zfsdev_state, minor) != DDI_SUCCESS) 6190 return (SET_ERROR(EAGAIN)); 6191 6192 #ifdef __FreeBSD__ 6193 devfs_set_cdevpriv((void *)(uintptr_t)minor, zfsdev_close); 6194 #else 6195 *devp = makedev(major(*devp), minor); 6196 #endif 6197 6198 zs = ddi_get_soft_state(zfsdev_state, minor); 6199 zs->zss_type = ZSST_CTLDEV; 6200 zfs_onexit_init((zfs_onexit_t **)&zs->zss_data); 6201 6202 return (0); 6203 } 6204 6205 static void 6206 zfs_ctldev_destroy(zfs_onexit_t *zo, minor_t minor) 6207 { 6208 ASSERT(MUTEX_HELD(&spa_namespace_lock)); 6209 6210 zfs_onexit_destroy(zo); 6211 ddi_soft_state_free(zfsdev_state, minor); 6212 } 6213 6214 void * 6215 zfsdev_get_soft_state(minor_t minor, enum zfs_soft_state_type which) 6216 { 6217 zfs_soft_state_t *zp; 6218 6219 zp = ddi_get_soft_state(zfsdev_state, minor); 6220 if (zp == NULL || zp->zss_type != which) 6221 return (NULL); 6222 6223 return (zp->zss_data); 6224 } 6225 6226 #ifdef __FreeBSD__ 6227 static int 6228 zfsdev_open(struct cdev *devp, int flag, int mode, struct thread *td) 6229 #endif 6230 #ifdef __NetBSD__ 6231 static int 6232 zfsdev_open(dev_t *devp, int flag, int otyp, cred_t *cr) 6233 #endif 6234 { 6235 int error = 0; 6236 6237 #ifndef __FreeBSD__ 6238 if (getminor(*devp) != 0) 6239 return (zvol_open(devp, flag, otyp, cr)); 6240 #endif 6241 6242 /* This is the control device. Allocate a new minor if requested. */ 6243 if (flag & FEXCL) { 6244 mutex_enter(&spa_namespace_lock); 6245 error = zfs_ctldev_init(devp); 6246 mutex_exit(&spa_namespace_lock); 6247 } 6248 6249 return (error); 6250 } 6251 6252 #ifdef __FreeBSD__ 6253 static void 6254 zfsdev_close(void *data) 6255 #endif 6256 #ifdef __NetBSD__ 6257 static int 6258 zfsdev_close(dev_t dev, int flag, int otyp, cred_t *cr) 6259 #endif 6260 { 6261 zfs_onexit_t *zo; 6262 #ifdef __FreeBSD__ 6263 minor_t minor = (minor_t)(uintptr_t)data; 6264 #endif 6265 #ifdef __NetBSD__ 6266 minor_t minor = getminor(dev); 6267 #endif 6268 6269 if (minor == 0) 6270 #ifdef __FreeBSD__ 6271 return; 6272 #else 6273 return (0); 6274 #endif 6275 6276 mutex_enter(&spa_namespace_lock); 6277 zo = zfsdev_get_soft_state(minor, ZSST_CTLDEV); 6278 if (zo == NULL) { 6279 mutex_exit(&spa_namespace_lock); 6280 #ifdef __FreeBSD__ 6281 return; 6282 #else 6283 return zvol_close(dev, flag, otyp, cr); 6284 return 0; 6285 #endif 6286 } 6287 zfs_ctldev_destroy(zo, minor); 6288 mutex_exit(&spa_namespace_lock); 6289 6290 #ifndef __FreeBSD__ 6291 return (0); 6292 #endif 6293 } 6294 6295 #ifdef __FreeBSD__ 6296 static int 6297 zfsdev_ioctl(struct cdev *dev, u_long zcmd, caddr_t arg, int flag, 6298 struct thread *td) 6299 #endif 6300 #ifdef __NetBSD__ 6301 static int 6302 zfsdev_ioctl(dev_t dev, u_long zcmd, intptr_t iarg, int flag, cred_t *cr, int *rvalp) 6303 #endif 6304 { 6305 zfs_cmd_t *zc; 6306 uint_t vecnum; 6307 int error, rc, len; 6308 zfs_iocparm_t *zc_iocparm; 6309 int cflag, cmd, oldvecnum; 6310 boolean_t newioc, compat; 6311 void *compat_zc = NULL; 6312 #ifdef __FreeBSD__ 6313 cred_t *cr = td->td_ucred; 6314 #endif 6315 const zfs_ioc_vec_t *vec; 6316 char *saved_poolname = NULL; 6317 nvlist_t *innvl = NULL; 6318 #ifdef __NetBSD__ 6319 caddr_t arg = (caddr_t)iarg; 6320 #endif 6321 6322 #if defined(illumos) || defined(__NetBSD__) 6323 minor_t minor = getminor(dev); 6324 6325 if (minor != 0 && 6326 zfsdev_get_soft_state(minor, ZSST_CTLDEV) == NULL) 6327 return (zvol_ioctl(dev, zcmd, iarg, flag, cr, rvalp)); 6328 #endif 6329 #ifdef illumos 6330 vecnum = cmd - ZFS_IOC_FIRST; 6331 ASSERT3U(getmajor(dev), ==, ddi_driver_major(zfs_dip)); 6332 #endif 6333 6334 cflag = ZFS_CMD_COMPAT_NONE; 6335 compat = B_FALSE; 6336 newioc = B_TRUE; /* "new" style (zfs_iocparm_t) ioctl */ 6337 len = IOCPARM_LEN(zcmd); 6338 vecnum = cmd = zcmd & 0xff; 6339 6340 /* 6341 * Check if we are talking to supported older binaries 6342 * and translate zfs_cmd if necessary 6343 */ 6344 if (len != sizeof(zfs_iocparm_t)) { 6345 newioc = B_FALSE; 6346 compat = B_TRUE; 6347 6348 vecnum = cmd; 6349 6350 switch (len) { 6351 case sizeof(zfs_cmd_zcmd_t): 6352 cflag = ZFS_CMD_COMPAT_LZC; 6353 break; 6354 case sizeof(zfs_cmd_deadman_t): 6355 cflag = ZFS_CMD_COMPAT_DEADMAN; 6356 break; 6357 case sizeof(zfs_cmd_v28_t): 6358 cflag = ZFS_CMD_COMPAT_V28; 6359 break; 6360 case sizeof(zfs_cmd_v15_t): 6361 cflag = ZFS_CMD_COMPAT_V15; 6362 vecnum = zfs_ioctl_v15_to_v28[cmd]; 6363 6364 /* 6365 * Return without further handling 6366 * if the command is blacklisted. 6367 */ 6368 if (vecnum == ZFS_IOC_COMPAT_PASS) 6369 return (0); 6370 else if (vecnum == ZFS_IOC_COMPAT_FAIL) 6371 return (ENOTSUP); 6372 break; 6373 default: 6374 return (EINVAL); 6375 } 6376 } 6377 6378 if (vecnum >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0])) 6379 return (SET_ERROR(EINVAL)); 6380 vec = &zfs_ioc_vec[vecnum]; 6381 6382 zc = kmem_zalloc(sizeof(zfs_cmd_t), KM_SLEEP); 6383 6384 #ifdef illumos 6385 error = ddi_copyin((void *)arg, zc, sizeof (zfs_cmd_t), flag); 6386 if (error != 0) { 6387 error = SET_ERROR(EFAULT); 6388 goto out; 6389 } 6390 #else /* !illumos */ 6391 6392 bzero(zc, sizeof(zfs_cmd_t)); 6393 6394 if (newioc) { 6395 zc_iocparm = (void *)arg; 6396 6397 switch (zc_iocparm->zfs_ioctl_version) { 6398 case ZFS_IOCVER_CURRENT: 6399 if (zc_iocparm->zfs_cmd_size != sizeof(zfs_cmd_t)) { 6400 error = SET_ERROR(EINVAL); 6401 goto out; 6402 } 6403 break; 6404 case ZFS_IOCVER_INLANES: 6405 if (zc_iocparm->zfs_cmd_size != sizeof(zfs_cmd_inlanes_t)) { 6406 error = SET_ERROR(EFAULT); 6407 goto out; 6408 } 6409 compat = B_TRUE; 6410 cflag = ZFS_CMD_COMPAT_INLANES; 6411 break; 6412 case ZFS_IOCVER_RESUME: 6413 if (zc_iocparm->zfs_cmd_size != sizeof(zfs_cmd_resume_t)) { 6414 error = SET_ERROR(EFAULT); 6415 goto out; 6416 } 6417 compat = B_TRUE; 6418 cflag = ZFS_CMD_COMPAT_RESUME; 6419 break; 6420 case ZFS_IOCVER_EDBP: 6421 if (zc_iocparm->zfs_cmd_size != sizeof(zfs_cmd_edbp_t)) { 6422 error = SET_ERROR(EFAULT); 6423 goto out; 6424 } 6425 compat = B_TRUE; 6426 cflag = ZFS_CMD_COMPAT_EDBP; 6427 break; 6428 case ZFS_IOCVER_ZCMD: 6429 if (zc_iocparm->zfs_cmd_size > sizeof(zfs_cmd_t) || 6430 zc_iocparm->zfs_cmd_size < sizeof(zfs_cmd_zcmd_t)) { 6431 error = SET_ERROR(EFAULT); 6432 goto out; 6433 } 6434 compat = B_TRUE; 6435 cflag = ZFS_CMD_COMPAT_ZCMD; 6436 break; 6437 default: 6438 error = SET_ERROR(EINVAL); 6439 goto out; 6440 /* NOTREACHED */ 6441 } 6442 6443 if (compat) { 6444 ASSERT(sizeof(zfs_cmd_t) >= zc_iocparm->zfs_cmd_size); 6445 compat_zc = kmem_zalloc(sizeof(zfs_cmd_t), KM_SLEEP); 6446 bzero(compat_zc, sizeof(zfs_cmd_t)); 6447 6448 error = ddi_copyin((void *)(uintptr_t)zc_iocparm->zfs_cmd, 6449 compat_zc, zc_iocparm->zfs_cmd_size, flag); 6450 if (error != 0) { 6451 error = SET_ERROR(EFAULT); 6452 goto out; 6453 } 6454 } else { 6455 error = ddi_copyin((void *)(uintptr_t)zc_iocparm->zfs_cmd, 6456 zc, zc_iocparm->zfs_cmd_size, flag); 6457 if (error != 0) { 6458 error = SET_ERROR(EFAULT); 6459 goto out; 6460 } 6461 } 6462 } else 6463 zc_iocparm = NULL; 6464 6465 if (compat) { 6466 if (newioc) { 6467 ASSERT(compat_zc != NULL); 6468 zfs_cmd_compat_get(zc, compat_zc, cflag); 6469 } else { 6470 ASSERT(compat_zc == NULL); 6471 zfs_cmd_compat_get(zc, arg, cflag); 6472 } 6473 oldvecnum = vecnum; 6474 error = zfs_ioctl_compat_pre(zc, &vecnum, cflag); 6475 if (error != 0) 6476 goto out; 6477 if (oldvecnum != vecnum) 6478 vec = &zfs_ioc_vec[vecnum]; 6479 } 6480 #endif /* !illumos */ 6481 6482 zc->zc_iflags = flag & FKIOCTL; 6483 if (zc->zc_nvlist_src_size != 0) { 6484 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 6485 zc->zc_iflags, &innvl); 6486 if (error != 0) 6487 goto out; 6488 } 6489 6490 /* rewrite innvl for backwards compatibility */ 6491 if (compat) 6492 innvl = zfs_ioctl_compat_innvl(zc, innvl, vecnum, cflag); 6493 6494 /* 6495 * Ensure that all pool/dataset names are valid before we pass down to 6496 * the lower layers. 6497 */ 6498 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0'; 6499 switch (vec->zvec_namecheck) { 6500 case POOL_NAME: 6501 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0) 6502 error = SET_ERROR(EINVAL); 6503 else 6504 error = pool_status_check(zc->zc_name, 6505 vec->zvec_namecheck, vec->zvec_pool_check); 6506 break; 6507 6508 case DATASET_NAME: 6509 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0) 6510 error = SET_ERROR(EINVAL); 6511 else 6512 error = pool_status_check(zc->zc_name, 6513 vec->zvec_namecheck, vec->zvec_pool_check); 6514 break; 6515 6516 case NO_NAME: 6517 break; 6518 } 6519 6520 if (error == 0) 6521 error = vec->zvec_secpolicy(zc, innvl, cr); 6522 6523 if (error != 0) 6524 goto out; 6525 6526 /* legacy ioctls can modify zc_name */ 6527 len = strcspn(zc->zc_name, "/@#") + 1; 6528 saved_poolname = kmem_alloc(len, KM_SLEEP); 6529 (void) strlcpy(saved_poolname, zc->zc_name, len); 6530 6531 if (vec->zvec_func != NULL) { 6532 nvlist_t *outnvl; 6533 int puterror = 0; 6534 spa_t *spa; 6535 nvlist_t *lognv = NULL; 6536 6537 ASSERT(vec->zvec_legacy_func == NULL); 6538 6539 /* 6540 * Add the innvl to the lognv before calling the func, 6541 * in case the func changes the innvl. 6542 */ 6543 if (vec->zvec_allow_log) { 6544 lognv = fnvlist_alloc(); 6545 fnvlist_add_string(lognv, ZPOOL_HIST_IOCTL, 6546 vec->zvec_name); 6547 if (!nvlist_empty(innvl)) { 6548 fnvlist_add_nvlist(lognv, ZPOOL_HIST_INPUT_NVL, 6549 innvl); 6550 } 6551 } 6552 6553 outnvl = fnvlist_alloc(); 6554 error = vec->zvec_func(zc->zc_name, innvl, outnvl); 6555 6556 if (error == 0 && vec->zvec_allow_log && 6557 spa_open(zc->zc_name, &spa, FTAG) == 0) { 6558 if (!nvlist_empty(outnvl)) { 6559 fnvlist_add_nvlist(lognv, ZPOOL_HIST_OUTPUT_NVL, 6560 outnvl); 6561 } 6562 (void) spa_history_log_nvl(spa, lognv); 6563 spa_close(spa, FTAG); 6564 } 6565 fnvlist_free(lognv); 6566 6567 /* rewrite outnvl for backwards compatibility */ 6568 if (compat) 6569 outnvl = zfs_ioctl_compat_outnvl(zc, outnvl, vecnum, 6570 cflag); 6571 6572 if (!nvlist_empty(outnvl) || zc->zc_nvlist_dst_size != 0) { 6573 int smusherror = 0; 6574 if (vec->zvec_smush_outnvlist) { 6575 smusherror = nvlist_smush(outnvl, 6576 zc->zc_nvlist_dst_size); 6577 } 6578 if (smusherror == 0) 6579 puterror = put_nvlist(zc, outnvl); 6580 } 6581 6582 if (puterror != 0) 6583 error = puterror; 6584 6585 nvlist_free(outnvl); 6586 } else { 6587 error = vec->zvec_legacy_func(zc); 6588 } 6589 6590 out: 6591 nvlist_free(innvl); 6592 6593 #ifdef illumos 6594 rc = ddi_copyout(zc, (void *)arg, sizeof (zfs_cmd_t), flag); 6595 if (error == 0 && rc != 0) 6596 error = SET_ERROR(EFAULT); 6597 #else 6598 if (compat) { 6599 zfs_ioctl_compat_post(zc, cmd, cflag); 6600 if (newioc) { 6601 ASSERT(compat_zc != NULL); 6602 ASSERT(sizeof(zfs_cmd_t) >= zc_iocparm->zfs_cmd_size); 6603 6604 zfs_cmd_compat_put(zc, compat_zc, vecnum, cflag); 6605 rc = ddi_copyout(compat_zc, 6606 (void *)(uintptr_t)zc_iocparm->zfs_cmd, 6607 zc_iocparm->zfs_cmd_size, flag); 6608 if (error == 0 && rc != 0) 6609 error = SET_ERROR(EFAULT); 6610 kmem_free(compat_zc, sizeof (zfs_cmd_t)); 6611 } else { 6612 zfs_cmd_compat_put(zc, arg, vecnum, cflag); 6613 } 6614 } else { 6615 ASSERT(newioc); 6616 6617 rc = ddi_copyout(zc, (void *)(uintptr_t)zc_iocparm->zfs_cmd, 6618 sizeof (zfs_cmd_t), flag); 6619 if (error == 0 && rc != 0) 6620 error = SET_ERROR(EFAULT); 6621 } 6622 #endif 6623 if (error == 0 && vec->zvec_allow_log) { 6624 char *s = tsd_get(zfs_allow_log_key); 6625 if (s != NULL) 6626 strfree(s); 6627 (void) tsd_set(zfs_allow_log_key, saved_poolname); 6628 } else { 6629 if (saved_poolname != NULL) 6630 strfree(saved_poolname); 6631 } 6632 6633 kmem_free(zc, sizeof (zfs_cmd_t)); 6634 return (error); 6635 } 6636 6637 static void 6638 zfs_allow_log_destroy(void *arg) 6639 { 6640 char *poolname = arg; 6641 strfree(poolname); 6642 } 6643 6644 #ifdef illumos 6645 static int 6646 zfs_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) 6647 { 6648 if (cmd != DDI_ATTACH) 6649 return (DDI_FAILURE); 6650 6651 if (ddi_create_minor_node(dip, "zfs", S_IFCHR, 0, 6652 DDI_PSEUDO, 0) == DDI_FAILURE) 6653 return (DDI_FAILURE); 6654 6655 zfs_dip = dip; 6656 6657 ddi_report_dev(dip); 6658 6659 return (DDI_SUCCESS); 6660 } 6661 6662 static int 6663 zfs_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) 6664 { 6665 if (spa_busy() || zfs_busy() || zvol_busy()) 6666 return (DDI_FAILURE); 6667 6668 if (cmd != DDI_DETACH) 6669 return (DDI_FAILURE); 6670 6671 zfs_dip = NULL; 6672 6673 ddi_prop_remove_all(dip); 6674 ddi_remove_minor_node(dip, NULL); 6675 6676 return (DDI_SUCCESS); 6677 } 6678 6679 /*ARGSUSED*/ 6680 static int 6681 zfs_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result) 6682 { 6683 switch (infocmd) { 6684 case DDI_INFO_DEVT2DEVINFO: 6685 *result = zfs_dip; 6686 return (DDI_SUCCESS); 6687 6688 case DDI_INFO_DEVT2INSTANCE: 6689 *result = (void *)0; 6690 return (DDI_SUCCESS); 6691 } 6692 6693 return (DDI_FAILURE); 6694 } 6695 6696 /* 6697 * OK, so this is a little weird. 6698 * 6699 * /dev/zfs is the control node, i.e. minor 0. 6700 * /dev/zvol/[r]dsk/pool/dataset are the zvols, minor > 0. 6701 * 6702 * /dev/zfs has basically nothing to do except serve up ioctls, 6703 * so most of the standard driver entry points are in zvol.c. 6704 */ 6705 static struct cb_ops zfs_cb_ops = { 6706 zfsdev_open, /* open */ 6707 zfsdev_close, /* close */ 6708 zvol_strategy, /* strategy */ 6709 nodev, /* print */ 6710 zvol_dump, /* dump */ 6711 zvol_read, /* read */ 6712 zvol_write, /* write */ 6713 zfsdev_ioctl, /* ioctl */ 6714 nodev, /* devmap */ 6715 nodev, /* mmap */ 6716 nodev, /* segmap */ 6717 nochpoll, /* poll */ 6718 ddi_prop_op, /* prop_op */ 6719 NULL, /* streamtab */ 6720 D_NEW | D_MP | D_64BIT, /* Driver compatibility flag */ 6721 CB_REV, /* version */ 6722 nodev, /* async read */ 6723 nodev, /* async write */ 6724 }; 6725 6726 static struct dev_ops zfs_dev_ops = { 6727 DEVO_REV, /* version */ 6728 0, /* refcnt */ 6729 zfs_info, /* info */ 6730 nulldev, /* identify */ 6731 nulldev, /* probe */ 6732 zfs_attach, /* attach */ 6733 zfs_detach, /* detach */ 6734 nodev, /* reset */ 6735 &zfs_cb_ops, /* driver operations */ 6736 NULL, /* no bus operations */ 6737 NULL, /* power */ 6738 ddi_quiesce_not_needed, /* quiesce */ 6739 }; 6740 6741 static struct modldrv zfs_modldrv = { 6742 &mod_driverops, 6743 "ZFS storage pool", 6744 &zfs_dev_ops 6745 }; 6746 6747 static struct modlinkage modlinkage = { 6748 MODREV_1, 6749 (void *)&zfs_modlfs, 6750 (void *)&zfs_modldrv, 6751 NULL 6752 }; 6753 6754 int 6755 _init(void) 6756 { 6757 int error; 6758 6759 spa_init(FREAD | FWRITE); 6760 zfs_init(); 6761 zvol_init(); 6762 zfs_ioctl_init(); 6763 6764 if ((error = mod_install(&modlinkage)) != 0) { 6765 zvol_fini(); 6766 zfs_fini(); 6767 spa_fini(); 6768 return (error); 6769 } 6770 6771 tsd_create(&zfs_putpages_key, NULL); 6772 tsd_create(&rrw_tsd_key, rrw_tsd_destroy); 6773 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy); 6774 6775 error = ldi_ident_from_mod(&modlinkage, &zfs_li); 6776 ASSERT(error == 0); 6777 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL); 6778 6779 return (0); 6780 } 6781 6782 int 6783 _fini(void) 6784 { 6785 int error; 6786 6787 if (spa_busy() || zfs_busy() || zvol_busy() || zio_injection_enabled) 6788 return (SET_ERROR(EBUSY)); 6789 6790 if ((error = mod_remove(&modlinkage)) != 0) 6791 return (error); 6792 6793 zvol_fini(); 6794 zfs_fini(); 6795 spa_fini(); 6796 if (zfs_nfsshare_inited) 6797 (void) ddi_modclose(nfs_mod); 6798 if (zfs_smbshare_inited) 6799 (void) ddi_modclose(smbsrv_mod); 6800 if (zfs_nfsshare_inited || zfs_smbshare_inited) 6801 (void) ddi_modclose(sharefs_mod); 6802 6803 ldi_ident_release(zfs_li); 6804 zfs_li = NULL; 6805 mutex_destroy(&zfs_share_lock); 6806 6807 return (error); 6808 } 6809 6810 int 6811 _info(struct modinfo *modinfop) 6812 { 6813 return (mod_info(&modlinkage, modinfop)); 6814 } 6815 #endif /* illumos */ 6816 6817 #ifdef __FreeBSD__ 6818 static struct cdevsw zfs_cdevsw = { 6819 .d_version = D_VERSION, 6820 .d_open = zfsdev_open, 6821 .d_ioctl = zfsdev_ioctl, 6822 .d_name = ZFS_DEV_NAME 6823 }; 6824 6825 static void 6826 zfsdev_init(void) 6827 { 6828 zfsdev = make_dev(&zfs_cdevsw, 0x0, UID_ROOT, GID_OPERATOR, 0666, 6829 ZFS_DEV_NAME); 6830 } 6831 6832 static void 6833 zfsdev_fini(void) 6834 { 6835 if (zfsdev != NULL) 6836 destroy_dev(zfsdev); 6837 } 6838 6839 static struct root_hold_token *zfs_root_token; 6840 struct proc *zfsproc; 6841 6842 static int zfs__init(void); 6843 static int zfs__fini(void); 6844 static void zfs_shutdown(void *, int); 6845 6846 static eventhandler_tag zfs_shutdown_event_tag; 6847 6848 #define ZFS_MIN_KSTACK_PAGES 4 6849 6850 int 6851 zfs__init(void) 6852 { 6853 6854 #if KSTACK_PAGES < ZFS_MIN_KSTACK_PAGES 6855 printf("ZFS NOTICE: KSTACK_PAGES is %d which could result in stack " 6856 "overflow panic!\nPlease consider adding " 6857 "'options KSTACK_PAGES=%d' to your kernel config\n", KSTACK_PAGES, 6858 ZFS_MIN_KSTACK_PAGES); 6859 #endif 6860 zfs_root_token = root_mount_hold("ZFS"); 6861 6862 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL); 6863 6864 spa_init(FREAD | FWRITE); 6865 zfs_init(); 6866 zvol_init(); 6867 zfs_ioctl_init(); 6868 6869 tsd_create(&rrw_tsd_key, rrw_tsd_destroy); 6870 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy); 6871 tsd_create(&zfs_geom_probe_vdev_key, NULL); 6872 6873 printf("ZFS storage pool version: features support (" SPA_VERSION_STRING ")\n"); 6874 root_mount_rel(zfs_root_token); 6875 6876 zfsdev_init(); 6877 6878 return (0); 6879 } 6880 6881 int 6882 zfs__fini(void) 6883 { 6884 if (spa_busy() || zfs_busy() || zvol_busy() || 6885 zio_injection_enabled) { 6886 return (EBUSY); 6887 } 6888 6889 zfsdev_fini(); 6890 zvol_fini(); 6891 zfs_fini(); 6892 spa_fini(); 6893 6894 tsd_destroy(&rrw_tsd_key); 6895 tsd_destroy(&zfs_allow_log_key); 6896 6897 mutex_destroy(&zfs_share_lock); 6898 6899 return (0); 6900 } 6901 6902 static void 6903 zfs_shutdown(void *arg __unused, int howto __unused) 6904 { 6905 6906 /* 6907 * ZFS fini routines can not properly work in a panic-ed system. 6908 */ 6909 if (panicstr == NULL) 6910 (void)zfs__fini(); 6911 } 6912 6913 6914 static int 6915 zfs_modevent(module_t mod, int type, void *unused __unused) 6916 { 6917 int err; 6918 6919 switch (type) { 6920 case MOD_LOAD: 6921 err = zfs__init(); 6922 if (err == 0) 6923 zfs_shutdown_event_tag = EVENTHANDLER_REGISTER( 6924 shutdown_post_sync, zfs_shutdown, NULL, 6925 SHUTDOWN_PRI_FIRST); 6926 return (err); 6927 case MOD_UNLOAD: 6928 err = zfs__fini(); 6929 if (err == 0 && zfs_shutdown_event_tag != NULL) 6930 EVENTHANDLER_DEREGISTER(shutdown_post_sync, 6931 zfs_shutdown_event_tag); 6932 return (err); 6933 case MOD_SHUTDOWN: 6934 return (0); 6935 default: 6936 break; 6937 } 6938 return (EOPNOTSUPP); 6939 } 6940 6941 static moduledata_t zfs_mod = { 6942 "zfsctrl", 6943 zfs_modevent, 6944 0 6945 }; 6946 DECLARE_MODULE(zfsctrl, zfs_mod, SI_SUB_VFS, SI_ORDER_ANY); 6947 MODULE_VERSION(zfsctrl, 1); 6948 MODULE_DEPEND(zfsctrl, opensolaris, 1, 1, 1); 6949 MODULE_DEPEND(zfsctrl, krpc, 1, 1, 1); 6950 MODULE_DEPEND(zfsctrl, acl_nfs4, 1, 1, 1); 6951 6952 #endif /* __FreeBSD__ */ 6953 6954 #ifdef __NetBSD__ 6955 6956 #include <sys/module.h> 6957 #include <uvm/uvm_extern.h> 6958 6959 MODULE(MODULE_CLASS_VFS, zfs, "solaris"); 6960 6961 static const struct fileops zfs_fileops; 6962 6963 static int 6964 nb_zfsdev_fioctl(struct file *fp, u_long cmd, void *argp) 6965 { 6966 dev_t dev = (dev_t)(uintptr_t)fp->f_data; 6967 int rval; 6968 6969 return zfsdev_ioctl(dev, cmd, (intptr_t)argp, fp->f_flag, 6970 kauth_cred_get(), &rval); 6971 } 6972 6973 static int 6974 nb_zfsdev_fclose(struct file *fp) 6975 { 6976 dev_t dev = (dev_t)(uintptr_t)fp->f_data; 6977 int error; 6978 6979 return zfsdev_close(dev, fp->f_flag, OTYPCHR, fp->f_cred); 6980 } 6981 6982 static int 6983 nb_zfsdev_copen(dev_t dev, int flag, int mode, lwp_t *l) 6984 { 6985 const bool must_clone = (getminor(dev) == 0 && (flag & FEXCL) != 0); 6986 struct file *fp; 6987 int error, fd; 6988 6989 if (must_clone) { 6990 error = fd_allocfile(&fp, &fd); 6991 if (error) 6992 return error; 6993 } 6994 6995 error = zfsdev_open(&dev, flag, OTYPCHR, kauth_cred_get()); 6996 6997 if (must_clone) { 6998 if (error) { 6999 fd_abort(curproc, fp, fd); 7000 return error; 7001 } 7002 return fd_clone(fp, fd, flag, &zfs_fileops, 7003 (void *)(uintptr_t)dev); 7004 } 7005 7006 return error; 7007 } 7008 7009 static int 7010 nb_zfsdev_cclose(dev_t dev, int flag, int mode, lwp_t *l) 7011 { 7012 7013 return zfsdev_close(dev, flag, OTYPCHR, kauth_cred_get()); 7014 } 7015 7016 static int 7017 nb_zfsdev_bopen(dev_t dev, int flag, int mode, lwp_t *l) 7018 { 7019 7020 return zfsdev_open(&dev, flag, OTYPBLK, kauth_cred_get()); 7021 } 7022 7023 static int 7024 nb_zfsdev_bclose(dev_t dev, int flag, int mode, lwp_t *l) 7025 { 7026 7027 return zfsdev_close(dev, flag, OTYPBLK, kauth_cred_get()); 7028 } 7029 7030 static int 7031 nb_zvol_read(dev_t dev, struct uio *uio, int flag) 7032 { 7033 7034 return zvol_read(dev, uio, kauth_cred_get()); 7035 } 7036 7037 static int 7038 nb_zvol_write(dev_t dev, struct uio *uio, int flag) 7039 { 7040 7041 return zvol_write(dev, uio, kauth_cred_get()); 7042 } 7043 7044 static int 7045 nb_zfsdev_ioctl(dev_t dev, u_long cmd, void *argp, int flag, lwp_t *l) 7046 { 7047 int rval; 7048 7049 return zfsdev_ioctl(dev, cmd, (intptr_t)argp, flag, kauth_cred_get(), 7050 &rval); 7051 } 7052 7053 static void 7054 nb_zvol_strategy(struct buf *bp) 7055 { 7056 7057 (void) zvol_strategy(bp); 7058 } 7059 7060 static const struct fileops zfs_fileops = { 7061 .fo_name = "zfs", 7062 .fo_read = fbadop_read, 7063 .fo_write = fbadop_write, 7064 .fo_ioctl = nb_zfsdev_fioctl, 7065 .fo_fcntl = fnullop_fcntl, 7066 .fo_poll = fnullop_poll, 7067 .fo_stat = fbadop_stat, 7068 .fo_close = nb_zfsdev_fclose, 7069 .fo_kqfilter = fnullop_kqfilter, 7070 .fo_restart = fnullop_restart, 7071 }; 7072 7073 const struct bdevsw zfs_bdevsw = { 7074 .d_open = nb_zfsdev_bopen, 7075 .d_close = nb_zfsdev_bclose, 7076 .d_strategy = nb_zvol_strategy, 7077 .d_ioctl = nb_zfsdev_ioctl, 7078 .d_dump = nodump, 7079 .d_psize = nosize, 7080 .d_flag = D_DISK | D_MPSAFE 7081 }; 7082 7083 const struct cdevsw zfs_cdevsw = { 7084 .d_open = nb_zfsdev_copen, 7085 .d_close = nb_zfsdev_cclose, 7086 .d_read = nb_zvol_read, 7087 .d_write = nb_zvol_write, 7088 .d_ioctl = nb_zfsdev_ioctl, 7089 .d_stop = nostop, 7090 .d_tty = notty, 7091 .d_poll = nopoll, 7092 .d_mmap = nommap, 7093 .d_kqfilter = nokqfilter, 7094 .d_flag = D_DISK | D_MPSAFE 7095 }; 7096 7097 /* ZFS should only be used on systems with enough memory. */ 7098 #define ZFS_MIN_MEGS 512 7099 7100 static int zfs_version_ioctl = ZFS_IOCVER_CURRENT; 7101 static int zfs_version_spa = SPA_VERSION; 7102 static struct sysctllog *zfs_sysctl_log; 7103 7104 static void 7105 zfs_sysctl_init(void) 7106 { 7107 const struct sysctlnode *rnode; 7108 7109 sysctl_createv(&zfs_sysctl_log, 0, NULL, &rnode, 7110 CTLFLAG_PERMANENT, 7111 CTLTYPE_NODE, "zfs", 7112 SYSCTL_DESCR("zfs"), 7113 NULL, 0, NULL, 0, 7114 CTL_VFS, CTL_CREATE, CTL_EOL); 7115 7116 sysctl_createv(&zfs_sysctl_log, 0, &rnode, &rnode, 7117 CTLFLAG_PERMANENT, 7118 CTLTYPE_NODE, "version", 7119 SYSCTL_DESCR("version"), 7120 NULL, 0, NULL, 0, 7121 CTL_CREATE, CTL_EOL); 7122 7123 sysctl_createv(&zfs_sysctl_log, 0, &rnode, NULL, 7124 CTLFLAG_PERMANENT|CTLFLAG_READONLY, 7125 CTLTYPE_INT, "ioctl", 7126 SYSCTL_DESCR("ZFS ioctl version"), 7127 NULL, 0, &zfs_version_ioctl, 0, 7128 CTL_CREATE, CTL_EOL); 7129 7130 sysctl_createv(&zfs_sysctl_log, 0, &rnode, NULL, 7131 CTLFLAG_PERMANENT|CTLFLAG_READONLY, 7132 CTLTYPE_INT, "spa", 7133 SYSCTL_DESCR("ZFS SPA version"), 7134 NULL, 0, &zfs_version_spa, 0, 7135 CTL_CREATE, CTL_EOL); 7136 } 7137 7138 static void 7139 zfs_sysctl_fini(void) 7140 { 7141 7142 sysctl_teardown(&zfs_sysctl_log); 7143 } 7144 7145 7146 static void 7147 zfs_loadvnode_destroy(void *arg) 7148 { 7149 7150 if (arg != NULL) 7151 panic("thread exiting with TSD loadvnode data %p", arg); 7152 } 7153 7154 static int 7155 zfs_modcmd(modcmd_t cmd, void *arg) 7156 { 7157 int error; 7158 int active, inactive; 7159 uint64_t availrmem; 7160 7161 extern struct vfsops zfs_vfsops; 7162 extern uint_t zfs_putpage_key; 7163 7164 switch (cmd) { 7165 case MODULE_CMD_INIT: 7166 /* XXXNETBSD trim is not supported yet */ 7167 zfs_trim_enabled = B_FALSE; 7168 7169 availrmem = (uint64_t)physmem * PAGE_SIZE / 1048576; 7170 if (availrmem < ZFS_MIN_MEGS * 80 / 100) { 7171 printf("ERROR: at least %dMB of memory required to " 7172 "use ZFS\n", ZFS_MIN_MEGS); 7173 return ENOMEM; 7174 } 7175 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL); 7176 mutex_init(&zfs_debug_mtx, NULL, MUTEX_DEFAULT, NULL); 7177 7178 tsd_create(&rrw_tsd_key, rrw_tsd_destroy); 7179 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy); 7180 tsd_create(&zfs_putpage_key, NULL); 7181 7182 spa_init(FREAD | FWRITE); 7183 zfs_init(); 7184 zvol_init(); 7185 zfs_ioctl_init(); 7186 zfs_sysctl_init(); 7187 7188 error = devsw_attach("zfs", &zfs_bdevsw, &zfs_dip->di_bmajor, 7189 &zfs_cdevsw, &zfs_dip->di_cmajor); 7190 if (error != 0) { 7191 goto attacherr; 7192 } 7193 (void) vfs_attach(&zfs_vfsops); 7194 return error; 7195 7196 case MODULE_CMD_FINI: 7197 if (spa_busy() || zfs_busy() || zvol_busy() || 7198 zio_injection_enabled) 7199 return EBUSY; 7200 7201 error = vfs_detach(&zfs_vfsops); 7202 if (error) 7203 return error; 7204 7205 devsw_detach(&zfs_bdevsw, &zfs_cdevsw); 7206 7207 attacherr: 7208 zfs_sysctl_fini(); 7209 zvol_fini(); 7210 zfs_fini(); 7211 spa_fini(); 7212 7213 tsd_destroy(&zfs_putpage_key); 7214 tsd_destroy(&rrw_tsd_key); 7215 tsd_destroy(&zfs_allow_log_key); 7216 7217 mutex_destroy(&zfs_debug_mtx); 7218 mutex_destroy(&zfs_share_lock); 7219 7220 return error; 7221 7222 case MODULE_CMD_AUTOUNLOAD: 7223 /* 7224 * We don't want to be autounloaded because unlike 7225 * other subsystems, we read our own configuration 7226 * from disk and provide things that might be used 7227 * later (zvols). 7228 */ 7229 return EBUSY; 7230 7231 default: 7232 return ENOTTY; 7233 } 7234 } 7235 7236 #endif /* __NetBSD__ */ 7237
Indexes created Sun Jun 21 00:25:28 UTC 2026