1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #include <sys/types.h> 27 #include <sys/param.h> 28 #include <sys/errno.h> 29 #include <sys/uio.h> 30 #include <sys/buf.h> 31 #include <sys/modctl.h> 32 #include <sys/open.h> 33 #include <sys/file.h> 34 #include <sys/kmem.h> 35 #include <sys/conf.h> 36 #include <sys/cmn_err.h> 37 #include <sys/stat.h> 38 #include <sys/zfs_ioctl.h> 39 #include <sys/zfs_vfsops.h> 40 #include <sys/zfs_znode.h> 41 #include <sys/zap.h> 42 #include <sys/spa.h> 43 #include <sys/spa_impl.h> 44 #include <sys/vdev.h> 45 #include <sys/priv_impl.h> 46 #include <sys/dmu.h> 47 #include <sys/dsl_dir.h> 48 #include <sys/dsl_dataset.h> 49 #include <sys/dsl_prop.h> 50 #include <sys/dsl_deleg.h> 51 #include <sys/dmu_objset.h> 52 #include <sys/ddi.h> 53 #include <sys/sunddi.h> 54 #include <sys/sunldi.h> 55 #include <sys/policy.h> 56 #include <sys/zone.h> 57 #include <sys/nvpair.h> 58 #include <sys/pathname.h> 59 #include <sys/mount.h> 60 #include <sys/sdt.h> 61 #include <sys/fs/zfs.h> 62 #include <sys/zfs_ctldir.h> 63 #include <sys/zfs_dir.h> 64 #include <sys/zvol.h> 65 #include <sharefs/share.h> 66 #include <sys/dmu_objset.h> 67 68 #include "zfs_namecheck.h" 69 #include "zfs_prop.h" 70 #include "zfs_deleg.h" 71 72 extern struct modlfs zfs_modlfs; 73 74 extern void zfs_init(void); 75 extern void zfs_fini(void); 76 77 ldi_ident_t zfs_li = NULL; 78 dev_info_t *zfs_dip; 79 80 typedef int zfs_ioc_func_t(zfs_cmd_t *); 81 typedef int zfs_secpolicy_func_t(zfs_cmd_t *, cred_t *); 82 83 typedef enum { 84 NO_NAME, 85 POOL_NAME, 86 DATASET_NAME 87 } zfs_ioc_namecheck_t; 88 89 typedef struct zfs_ioc_vec { 90 zfs_ioc_func_t *zvec_func; 91 zfs_secpolicy_func_t *zvec_secpolicy; 92 zfs_ioc_namecheck_t zvec_namecheck; 93 boolean_t zvec_his_log; 94 boolean_t zvec_pool_check; 95 } zfs_ioc_vec_t; 96 97 /* This array is indexed by zfs_userquota_prop_t */ 98 static const char *userquota_perms[] = { 99 ZFS_DELEG_PERM_USERUSED, 100 ZFS_DELEG_PERM_USERQUOTA, 101 ZFS_DELEG_PERM_GROUPUSED, 102 ZFS_DELEG_PERM_GROUPQUOTA, 103 }; 104 105 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc); 106 static int zfs_check_settable(const char *name, nvpair_t *property, 107 cred_t *cr); 108 static int zfs_check_clearable(char *dataset, nvlist_t *props, 109 nvlist_t **errors); 110 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *, 111 boolean_t *); 112 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t **); 113 114 /* _NOTE(PRINTFLIKE(4)) - this is printf-like, but lint is too whiney */ 115 void 116 __dprintf(const char *file, const char *func, int line, const char *fmt, ...) 117 { 118 const char *newfile; 119 char buf[256]; 120 va_list adx; 121 122 /* 123 * Get rid of annoying "../common/" prefix to filename. 124 */ 125 newfile = strrchr(file, '/'); 126 if (newfile != NULL) { 127 newfile = newfile + 1; /* Get rid of leading / */ 128 } else { 129 newfile = file; 130 } 131 132 va_start(adx, fmt); 133 (void) vsnprintf(buf, sizeof (buf), fmt, adx); 134 va_end(adx); 135 136 /* 137 * To get this data, use the zfs-dprintf probe as so: 138 * dtrace -q -n 'zfs-dprintf \ 139 * /stringof(arg0) == "dbuf.c"/ \ 140 * {printf("%s: %s", stringof(arg1), stringof(arg3))}' 141 * arg0 = file name 142 * arg1 = function name 143 * arg2 = line number 144 * arg3 = message 145 */ 146 DTRACE_PROBE4(zfs__dprintf, 147 char *, newfile, char *, func, int, line, char *, buf); 148 } 149 150 static void 151 history_str_free(char *buf) 152 { 153 kmem_free(buf, HIS_MAX_RECORD_LEN); 154 } 155 156 static char * 157 history_str_get(zfs_cmd_t *zc) 158 { 159 char *buf; 160 161 if (zc->zc_history == NULL) 162 return (NULL); 163 164 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP); 165 if (copyinstr((void *)(uintptr_t)zc->zc_history, 166 buf, HIS_MAX_RECORD_LEN, NULL) != 0) { 167 history_str_free(buf); 168 return (NULL); 169 } 170 171 buf[HIS_MAX_RECORD_LEN -1] = '\0'; 172 173 return (buf); 174 } 175 176 /* 177 * Check to see if the named dataset is currently defined as bootable 178 */ 179 static boolean_t 180 zfs_is_bootfs(const char *name) 181 { 182 objset_t *os; 183 184 if (dmu_objset_hold(name, FTAG, &os) == 0) { 185 boolean_t ret; 186 ret = (dmu_objset_id(os) == spa_bootfs(dmu_objset_spa(os))); 187 dmu_objset_rele(os, FTAG); 188 return (ret); 189 } 190 return (B_FALSE); 191 } 192 193 /* 194 * zfs_earlier_version 195 * 196 * Return non-zero if the spa version is less than requested version. 197 */ 198 static int 199 zfs_earlier_version(const char *name, int version) 200 { 201 spa_t *spa; 202 203 if (spa_open(name, &spa, FTAG) == 0) { 204 if (spa_version(spa) < version) { 205 spa_close(spa, FTAG); 206 return (1); 207 } 208 spa_close(spa, FTAG); 209 } 210 return (0); 211 } 212 213 /* 214 * zpl_earlier_version 215 * 216 * Return TRUE if the ZPL version is less than requested version. 217 */ 218 static boolean_t 219 zpl_earlier_version(const char *name, int version) 220 { 221 objset_t *os; 222 boolean_t rc = B_TRUE; 223 224 if (dmu_objset_hold(name, FTAG, &os) == 0) { 225 uint64_t zplversion; 226 227 if (dmu_objset_type(os) != DMU_OST_ZFS) { 228 dmu_objset_rele(os, FTAG); 229 return (B_TRUE); 230 } 231 /* XXX reading from non-owned objset */ 232 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0) 233 rc = zplversion < version; 234 dmu_objset_rele(os, FTAG); 235 } 236 return (rc); 237 } 238 239 static void 240 zfs_log_history(zfs_cmd_t *zc) 241 { 242 spa_t *spa; 243 char *buf; 244 245 if ((buf = history_str_get(zc)) == NULL) 246 return; 247 248 if (spa_open(zc->zc_name, &spa, FTAG) == 0) { 249 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY) 250 (void) spa_history_log(spa, buf, LOG_CMD_NORMAL); 251 spa_close(spa, FTAG); 252 } 253 history_str_free(buf); 254 } 255 256 /* 257 * Policy for top-level read operations (list pools). Requires no privileges, 258 * and can be used in the local zone, as there is no associated dataset. 259 */ 260 /* ARGSUSED */ 261 static int 262 zfs_secpolicy_none(zfs_cmd_t *zc, cred_t *cr) 263 { 264 return (0); 265 } 266 267 /* 268 * Policy for dataset read operations (list children, get statistics). Requires 269 * no privileges, but must be visible in the local zone. 270 */ 271 /* ARGSUSED */ 272 static int 273 zfs_secpolicy_read(zfs_cmd_t *zc, cred_t *cr) 274 { 275 if (INGLOBALZONE(curproc) || 276 zone_dataset_visible(zc->zc_name, NULL)) 277 return (0); 278 279 return (ENOENT); 280 } 281 282 static int 283 zfs_dozonecheck(const char *dataset, cred_t *cr) 284 { 285 uint64_t zoned; 286 int writable = 1; 287 288 /* 289 * The dataset must be visible by this zone -- check this first 290 * so they don't see EPERM on something they shouldn't know about. 291 */ 292 if (!INGLOBALZONE(curproc) && 293 !zone_dataset_visible(dataset, &writable)) 294 return (ENOENT); 295 296 if (dsl_prop_get_integer(dataset, "zoned", &zoned, NULL)) 297 return (ENOENT); 298 299 if (INGLOBALZONE(curproc)) { 300 /* 301 * If the fs is zoned, only root can access it from the 302 * global zone. 303 */ 304 if (secpolicy_zfs(cr) && zoned) 305 return (EPERM); 306 } else { 307 /* 308 * If we are in a local zone, the 'zoned' property must be set. 309 */ 310 if (!zoned) 311 return (EPERM); 312 313 /* must be writable by this zone */ 314 if (!writable) 315 return (EPERM); 316 } 317 return (0); 318 } 319 320 int 321 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr) 322 { 323 int error; 324 325 error = zfs_dozonecheck(name, cr); 326 if (error == 0) { 327 error = secpolicy_zfs(cr); 328 if (error) 329 error = dsl_deleg_access(name, perm, cr); 330 } 331 return (error); 332 } 333 334 /* 335 * Policy for setting the security label property. 336 * 337 * Returns 0 for success, non-zero for access and other errors. 338 */ 339 static int 340 zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr) 341 { 342 char ds_hexsl[MAXNAMELEN]; 343 bslabel_t ds_sl, new_sl; 344 boolean_t new_default = FALSE; 345 uint64_t zoned; 346 int needed_priv = -1; 347 int error; 348 349 /* First get the existing dataset label. */ 350 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL), 351 1, sizeof (ds_hexsl), &ds_hexsl, NULL); 352 if (error) 353 return (EPERM); 354 355 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0) 356 new_default = TRUE; 357 358 /* The label must be translatable */ 359 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0)) 360 return (EINVAL); 361 362 /* 363 * In a non-global zone, disallow attempts to set a label that 364 * doesn't match that of the zone; otherwise no other checks 365 * are needed. 366 */ 367 if (!INGLOBALZONE(curproc)) { 368 if (new_default || !blequal(&new_sl, CR_SL(CRED()))) 369 return (EPERM); 370 return (0); 371 } 372 373 /* 374 * For global-zone datasets (i.e., those whose zoned property is 375 * "off", verify that the specified new label is valid for the 376 * global zone. 377 */ 378 if (dsl_prop_get_integer(name, 379 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL)) 380 return (EPERM); 381 if (!zoned) { 382 if (zfs_check_global_label(name, strval) != 0) 383 return (EPERM); 384 } 385 386 /* 387 * If the existing dataset label is nondefault, check if the 388 * dataset is mounted (label cannot be changed while mounted). 389 * Get the zfsvfs; if there isn't one, then the dataset isn't 390 * mounted (or isn't a dataset, doesn't exist, ...). 391 */ 392 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) { 393 objset_t *os; 394 static char *setsl_tag = "setsl_tag"; 395 396 /* 397 * Try to own the dataset; abort if there is any error, 398 * (e.g., already mounted, in use, or other error). 399 */ 400 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE, 401 setsl_tag, &os); 402 if (error) 403 return (EPERM); 404 405 dmu_objset_disown(os, setsl_tag); 406 407 if (new_default) { 408 needed_priv = PRIV_FILE_DOWNGRADE_SL; 409 goto out_check; 410 } 411 412 if (hexstr_to_label(strval, &new_sl) != 0) 413 return (EPERM); 414 415 if (blstrictdom(&ds_sl, &new_sl)) 416 needed_priv = PRIV_FILE_DOWNGRADE_SL; 417 else if (blstrictdom(&new_sl, &ds_sl)) 418 needed_priv = PRIV_FILE_UPGRADE_SL; 419 } else { 420 /* dataset currently has a default label */ 421 if (!new_default) 422 needed_priv = PRIV_FILE_UPGRADE_SL; 423 } 424 425 out_check: 426 if (needed_priv != -1) 427 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL)); 428 return (0); 429 } 430 431 static int 432 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval, 433 cred_t *cr) 434 { 435 char *strval; 436 437 /* 438 * Check permissions for special properties. 439 */ 440 switch (prop) { 441 case ZFS_PROP_ZONED: 442 /* 443 * Disallow setting of 'zoned' from within a local zone. 444 */ 445 if (!INGLOBALZONE(curproc)) 446 return (EPERM); 447 break; 448 449 case ZFS_PROP_QUOTA: 450 if (!INGLOBALZONE(curproc)) { 451 uint64_t zoned; 452 char setpoint[MAXNAMELEN]; 453 /* 454 * Unprivileged users are allowed to modify the 455 * quota on things *under* (ie. contained by) 456 * the thing they own. 457 */ 458 if (dsl_prop_get_integer(dsname, "zoned", &zoned, 459 setpoint)) 460 return (EPERM); 461 if (!zoned || strlen(dsname) <= strlen(setpoint)) 462 return (EPERM); 463 } 464 break; 465 466 case ZFS_PROP_MLSLABEL: 467 if (!is_system_labeled()) 468 return (EPERM); 469 470 if (nvpair_value_string(propval, &strval) == 0) { 471 int err; 472 473 err = zfs_set_slabel_policy(dsname, strval, CRED()); 474 if (err != 0) 475 return (err); 476 } 477 break; 478 } 479 480 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr)); 481 } 482 483 int 484 zfs_secpolicy_fsacl(zfs_cmd_t *zc, cred_t *cr) 485 { 486 int error; 487 488 error = zfs_dozonecheck(zc->zc_name, cr); 489 if (error) 490 return (error); 491 492 /* 493 * permission to set permissions will be evaluated later in 494 * dsl_deleg_can_allow() 495 */ 496 return (0); 497 } 498 499 int 500 zfs_secpolicy_rollback(zfs_cmd_t *zc, cred_t *cr) 501 { 502 return (zfs_secpolicy_write_perms(zc->zc_name, 503 ZFS_DELEG_PERM_ROLLBACK, cr)); 504 } 505 506 int 507 zfs_secpolicy_send(zfs_cmd_t *zc, cred_t *cr) 508 { 509 return (zfs_secpolicy_write_perms(zc->zc_name, 510 ZFS_DELEG_PERM_SEND, cr)); 511 } 512 513 static int 514 zfs_secpolicy_deleg_share(zfs_cmd_t *zc, cred_t *cr) 515 { 516 vnode_t *vp; 517 int error; 518 519 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE, 520 NO_FOLLOW, NULL, &vp)) != 0) 521 return (error); 522 523 /* Now make sure mntpnt and dataset are ZFS */ 524 525 if (vp->v_vfsp->vfs_fstype != zfsfstype || 526 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource), 527 zc->zc_name) != 0)) { 528 VN_RELE(vp); 529 return (EPERM); 530 } 531 532 VN_RELE(vp); 533 return (dsl_deleg_access(zc->zc_name, 534 ZFS_DELEG_PERM_SHARE, cr)); 535 } 536 537 int 538 zfs_secpolicy_share(zfs_cmd_t *zc, cred_t *cr) 539 { 540 if (!INGLOBALZONE(curproc)) 541 return (EPERM); 542 543 if (secpolicy_nfs(cr) == 0) { 544 return (0); 545 } else { 546 return (zfs_secpolicy_deleg_share(zc, cr)); 547 } 548 } 549 550 int 551 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, cred_t *cr) 552 { 553 if (!INGLOBALZONE(curproc)) 554 return (EPERM); 555 556 if (secpolicy_smb(cr) == 0) { 557 return (0); 558 } else { 559 return (zfs_secpolicy_deleg_share(zc, cr)); 560 } 561 } 562 563 static int 564 zfs_get_parent(const char *datasetname, char *parent, int parentsize) 565 { 566 char *cp; 567 568 /* 569 * Remove the @bla or /bla from the end of the name to get the parent. 570 */ 571 (void) strncpy(parent, datasetname, parentsize); 572 cp = strrchr(parent, '@'); 573 if (cp != NULL) { 574 cp[0] = '\0'; 575 } else { 576 cp = strrchr(parent, '/'); 577 if (cp == NULL) 578 return (ENOENT); 579 cp[0] = '\0'; 580 } 581 582 return (0); 583 } 584 585 int 586 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr) 587 { 588 int error; 589 590 if ((error = zfs_secpolicy_write_perms(name, 591 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 592 return (error); 593 594 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr)); 595 } 596 597 static int 598 zfs_secpolicy_destroy(zfs_cmd_t *zc, cred_t *cr) 599 { 600 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr)); 601 } 602 603 /* 604 * Destroying snapshots with delegated permissions requires 605 * descendent mount and destroy permissions. 606 * Reassemble the full filesystem@snap name so dsl_deleg_access() 607 * can do the correct permission check. 608 * 609 * Since this routine is used when doing a recursive destroy of snapshots 610 * and destroying snapshots requires descendent permissions, a successfull 611 * check of the top level snapshot applies to snapshots of all descendent 612 * datasets as well. 613 */ 614 static int 615 zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, cred_t *cr) 616 { 617 int error; 618 char *dsname; 619 620 dsname = kmem_asprintf("%s@%s", zc->zc_name, zc->zc_value); 621 622 error = zfs_secpolicy_destroy_perms(dsname, cr); 623 624 strfree(dsname); 625 return (error); 626 } 627 628 /* 629 * Must have sys_config privilege to check the iscsi permission 630 */ 631 /* ARGSUSED */ 632 static int 633 zfs_secpolicy_iscsi(zfs_cmd_t *zc, cred_t *cr) 634 { 635 return (secpolicy_zfs(cr)); 636 } 637 638 int 639 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr) 640 { 641 char parentname[MAXNAMELEN]; 642 int error; 643 644 if ((error = zfs_secpolicy_write_perms(from, 645 ZFS_DELEG_PERM_RENAME, cr)) != 0) 646 return (error); 647 648 if ((error = zfs_secpolicy_write_perms(from, 649 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 650 return (error); 651 652 if ((error = zfs_get_parent(to, parentname, 653 sizeof (parentname))) != 0) 654 return (error); 655 656 if ((error = zfs_secpolicy_write_perms(parentname, 657 ZFS_DELEG_PERM_CREATE, cr)) != 0) 658 return (error); 659 660 if ((error = zfs_secpolicy_write_perms(parentname, 661 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 662 return (error); 663 664 return (error); 665 } 666 667 static int 668 zfs_secpolicy_rename(zfs_cmd_t *zc, cred_t *cr) 669 { 670 return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr)); 671 } 672 673 static int 674 zfs_secpolicy_promote(zfs_cmd_t *zc, cred_t *cr) 675 { 676 char parentname[MAXNAMELEN]; 677 objset_t *clone; 678 int error; 679 680 error = zfs_secpolicy_write_perms(zc->zc_name, 681 ZFS_DELEG_PERM_PROMOTE, cr); 682 if (error) 683 return (error); 684 685 error = dmu_objset_hold(zc->zc_name, FTAG, &clone); 686 687 if (error == 0) { 688 dsl_dataset_t *pclone = NULL; 689 dsl_dir_t *dd; 690 dd = clone->os_dsl_dataset->ds_dir; 691 692 rw_enter(&dd->dd_pool->dp_config_rwlock, RW_READER); 693 error = dsl_dataset_hold_obj(dd->dd_pool, 694 dd->dd_phys->dd_origin_obj, FTAG, &pclone); 695 rw_exit(&dd->dd_pool->dp_config_rwlock); 696 if (error) { 697 dmu_objset_rele(clone, FTAG); 698 return (error); 699 } 700 701 error = zfs_secpolicy_write_perms(zc->zc_name, 702 ZFS_DELEG_PERM_MOUNT, cr); 703 704 dsl_dataset_name(pclone, parentname); 705 dmu_objset_rele(clone, FTAG); 706 dsl_dataset_rele(pclone, FTAG); 707 if (error == 0) 708 error = zfs_secpolicy_write_perms(parentname, 709 ZFS_DELEG_PERM_PROMOTE, cr); 710 } 711 return (error); 712 } 713 714 static int 715 zfs_secpolicy_receive(zfs_cmd_t *zc, cred_t *cr) 716 { 717 int error; 718 719 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 720 ZFS_DELEG_PERM_RECEIVE, cr)) != 0) 721 return (error); 722 723 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 724 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 725 return (error); 726 727 return (zfs_secpolicy_write_perms(zc->zc_name, 728 ZFS_DELEG_PERM_CREATE, cr)); 729 } 730 731 int 732 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr) 733 { 734 return (zfs_secpolicy_write_perms(name, 735 ZFS_DELEG_PERM_SNAPSHOT, cr)); 736 } 737 738 static int 739 zfs_secpolicy_snapshot(zfs_cmd_t *zc, cred_t *cr) 740 { 741 742 return (zfs_secpolicy_snapshot_perms(zc->zc_name, cr)); 743 } 744 745 static int 746 zfs_secpolicy_create(zfs_cmd_t *zc, cred_t *cr) 747 { 748 char parentname[MAXNAMELEN]; 749 int error; 750 751 if ((error = zfs_get_parent(zc->zc_name, parentname, 752 sizeof (parentname))) != 0) 753 return (error); 754 755 if (zc->zc_value[0] != '\0') { 756 if ((error = zfs_secpolicy_write_perms(zc->zc_value, 757 ZFS_DELEG_PERM_CLONE, cr)) != 0) 758 return (error); 759 } 760 761 if ((error = zfs_secpolicy_write_perms(parentname, 762 ZFS_DELEG_PERM_CREATE, cr)) != 0) 763 return (error); 764 765 error = zfs_secpolicy_write_perms(parentname, 766 ZFS_DELEG_PERM_MOUNT, cr); 767 768 return (error); 769 } 770 771 static int 772 zfs_secpolicy_umount(zfs_cmd_t *zc, cred_t *cr) 773 { 774 int error; 775 776 error = secpolicy_fs_unmount(cr, NULL); 777 if (error) { 778 error = dsl_deleg_access(zc->zc_name, ZFS_DELEG_PERM_MOUNT, cr); 779 } 780 return (error); 781 } 782 783 /* 784 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires 785 * SYS_CONFIG privilege, which is not available in a local zone. 786 */ 787 /* ARGSUSED */ 788 static int 789 zfs_secpolicy_config(zfs_cmd_t *zc, cred_t *cr) 790 { 791 if (secpolicy_sys_config(cr, B_FALSE) != 0) 792 return (EPERM); 793 794 return (0); 795 } 796 797 /* 798 * Policy for fault injection. Requires all privileges. 799 */ 800 /* ARGSUSED */ 801 static int 802 zfs_secpolicy_inject(zfs_cmd_t *zc, cred_t *cr) 803 { 804 return (secpolicy_zinject(cr)); 805 } 806 807 static int 808 zfs_secpolicy_inherit(zfs_cmd_t *zc, cred_t *cr) 809 { 810 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value); 811 812 if (prop == ZPROP_INVAL) { 813 if (!zfs_prop_user(zc->zc_value)) 814 return (EINVAL); 815 return (zfs_secpolicy_write_perms(zc->zc_name, 816 ZFS_DELEG_PERM_USERPROP, cr)); 817 } else { 818 return (zfs_secpolicy_setprop(zc->zc_name, prop, 819 NULL, cr)); 820 } 821 } 822 823 static int 824 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, cred_t *cr) 825 { 826 int err = zfs_secpolicy_read(zc, cr); 827 if (err) 828 return (err); 829 830 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 831 return (EINVAL); 832 833 if (zc->zc_value[0] == 0) { 834 /* 835 * They are asking about a posix uid/gid. If it's 836 * themself, allow it. 837 */ 838 if (zc->zc_objset_type == ZFS_PROP_USERUSED || 839 zc->zc_objset_type == ZFS_PROP_USERQUOTA) { 840 if (zc->zc_guid == crgetuid(cr)) 841 return (0); 842 } else { 843 if (groupmember(zc->zc_guid, cr)) 844 return (0); 845 } 846 } 847 848 return (zfs_secpolicy_write_perms(zc->zc_name, 849 userquota_perms[zc->zc_objset_type], cr)); 850 } 851 852 static int 853 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, cred_t *cr) 854 { 855 int err = zfs_secpolicy_read(zc, cr); 856 if (err) 857 return (err); 858 859 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 860 return (EINVAL); 861 862 return (zfs_secpolicy_write_perms(zc->zc_name, 863 userquota_perms[zc->zc_objset_type], cr)); 864 } 865 866 static int 867 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, cred_t *cr) 868 { 869 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION, 870 NULL, cr)); 871 } 872 873 static int 874 zfs_secpolicy_hold(zfs_cmd_t *zc, cred_t *cr) 875 { 876 return (zfs_secpolicy_write_perms(zc->zc_name, 877 ZFS_DELEG_PERM_HOLD, cr)); 878 } 879 880 static int 881 zfs_secpolicy_release(zfs_cmd_t *zc, cred_t *cr) 882 { 883 return (zfs_secpolicy_write_perms(zc->zc_name, 884 ZFS_DELEG_PERM_RELEASE, cr)); 885 } 886 887 /* 888 * Returns the nvlist as specified by the user in the zfs_cmd_t. 889 */ 890 static int 891 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp) 892 { 893 char *packed; 894 int error; 895 nvlist_t *list = NULL; 896 897 /* 898 * Read in and unpack the user-supplied nvlist. 899 */ 900 if (size == 0) 901 return (EINVAL); 902 903 packed = kmem_alloc(size, KM_SLEEP); 904 905 if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size, 906 iflag)) != 0) { 907 kmem_free(packed, size); 908 return (error); 909 } 910 911 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) { 912 kmem_free(packed, size); 913 return (error); 914 } 915 916 kmem_free(packed, size); 917 918 *nvp = list; 919 return (0); 920 } 921 922 static int 923 fit_error_list(zfs_cmd_t *zc, nvlist_t **errors) 924 { 925 size_t size; 926 927 VERIFY(nvlist_size(*errors, &size, NV_ENCODE_NATIVE) == 0); 928 929 if (size > zc->zc_nvlist_dst_size) { 930 nvpair_t *more_errors; 931 int n = 0; 932 933 if (zc->zc_nvlist_dst_size < 1024) 934 return (ENOMEM); 935 936 VERIFY(nvlist_add_int32(*errors, ZPROP_N_MORE_ERRORS, 0) == 0); 937 more_errors = nvlist_prev_nvpair(*errors, NULL); 938 939 do { 940 nvpair_t *pair = nvlist_prev_nvpair(*errors, 941 more_errors); 942 VERIFY(nvlist_remove_nvpair(*errors, pair) == 0); 943 n++; 944 VERIFY(nvlist_size(*errors, &size, 945 NV_ENCODE_NATIVE) == 0); 946 } while (size > zc->zc_nvlist_dst_size); 947 948 VERIFY(nvlist_remove_nvpair(*errors, more_errors) == 0); 949 VERIFY(nvlist_add_int32(*errors, ZPROP_N_MORE_ERRORS, n) == 0); 950 ASSERT(nvlist_size(*errors, &size, NV_ENCODE_NATIVE) == 0); 951 ASSERT(size <= zc->zc_nvlist_dst_size); 952 } 953 954 return (0); 955 } 956 957 static int 958 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl) 959 { 960 char *packed = NULL; 961 size_t size; 962 int error; 963 964 VERIFY(nvlist_size(nvl, &size, NV_ENCODE_NATIVE) == 0); 965 966 if (size > zc->zc_nvlist_dst_size) { 967 error = ENOMEM; 968 } else { 969 packed = kmem_alloc(size, KM_SLEEP); 970 VERIFY(nvlist_pack(nvl, &packed, &size, NV_ENCODE_NATIVE, 971 KM_SLEEP) == 0); 972 error = ddi_copyout(packed, 973 (void *)(uintptr_t)zc->zc_nvlist_dst, size, zc->zc_iflags); 974 kmem_free(packed, size); 975 } 976 977 zc->zc_nvlist_dst_size = size; 978 return (error); 979 } 980 981 static int 982 getzfsvfs(const char *dsname, zfsvfs_t **zfvp) 983 { 984 objset_t *os; 985 int error; 986 987 error = dmu_objset_hold(dsname, FTAG, &os); 988 if (error) 989 return (error); 990 if (dmu_objset_type(os) != DMU_OST_ZFS) { 991 dmu_objset_rele(os, FTAG); 992 return (EINVAL); 993 } 994 995 mutex_enter(&os->os_user_ptr_lock); 996 *zfvp = dmu_objset_get_user(os); 997 if (*zfvp) { 998 VFS_HOLD((*zfvp)->z_vfs); 999 } else { 1000 error = ESRCH; 1001 } 1002 mutex_exit(&os->os_user_ptr_lock); 1003 dmu_objset_rele(os, FTAG); 1004 return (error); 1005 } 1006 1007 /* 1008 * Find a zfsvfs_t for a mounted filesystem, or create our own, in which 1009 * case its z_vfs will be NULL, and it will be opened as the owner. 1010 */ 1011 static int 1012 zfsvfs_hold(const char *name, void *tag, zfsvfs_t **zfvp) 1013 { 1014 int error = 0; 1015 1016 if (getzfsvfs(name, zfvp) != 0) 1017 error = zfsvfs_create(name, zfvp); 1018 if (error == 0) { 1019 rrw_enter(&(*zfvp)->z_teardown_lock, RW_READER, tag); 1020 if ((*zfvp)->z_unmounted) { 1021 /* 1022 * XXX we could probably try again, since the unmounting 1023 * thread should be just about to disassociate the 1024 * objset from the zfsvfs. 1025 */ 1026 rrw_exit(&(*zfvp)->z_teardown_lock, tag); 1027 return (EBUSY); 1028 } 1029 } 1030 return (error); 1031 } 1032 1033 static void 1034 zfsvfs_rele(zfsvfs_t *zfsvfs, void *tag) 1035 { 1036 rrw_exit(&zfsvfs->z_teardown_lock, tag); 1037 1038 if (zfsvfs->z_vfs) { 1039 VFS_RELE(zfsvfs->z_vfs); 1040 } else { 1041 dmu_objset_disown(zfsvfs->z_os, zfsvfs); 1042 zfsvfs_free(zfsvfs); 1043 } 1044 } 1045 1046 static int 1047 zfs_ioc_pool_create(zfs_cmd_t *zc) 1048 { 1049 int error; 1050 nvlist_t *config, *props = NULL; 1051 nvlist_t *rootprops = NULL; 1052 nvlist_t *zplprops = NULL; 1053 char *buf; 1054 1055 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1056 zc->zc_iflags, &config)) 1057 return (error); 1058 1059 if (zc->zc_nvlist_src_size != 0 && (error = 1060 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1061 zc->zc_iflags, &props))) { 1062 nvlist_free(config); 1063 return (error); 1064 } 1065 1066 if (props) { 1067 nvlist_t *nvl = NULL; 1068 uint64_t version = SPA_VERSION; 1069 1070 (void) nvlist_lookup_uint64(props, 1071 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version); 1072 if (version < SPA_VERSION_INITIAL || version > SPA_VERSION) { 1073 error = EINVAL; 1074 goto pool_props_bad; 1075 } 1076 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl); 1077 if (nvl) { 1078 error = nvlist_dup(nvl, &rootprops, KM_SLEEP); 1079 if (error != 0) { 1080 nvlist_free(config); 1081 nvlist_free(props); 1082 return (error); 1083 } 1084 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS); 1085 } 1086 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 1087 error = zfs_fill_zplprops_root(version, rootprops, 1088 zplprops, NULL); 1089 if (error) 1090 goto pool_props_bad; 1091 } 1092 1093 buf = history_str_get(zc); 1094 1095 error = spa_create(zc->zc_name, config, props, buf, zplprops); 1096 1097 /* 1098 * Set the remaining root properties 1099 */ 1100 if (!error && (error = zfs_set_prop_nvlist(zc->zc_name, 1101 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0) 1102 (void) spa_destroy(zc->zc_name); 1103 1104 if (buf != NULL) 1105 history_str_free(buf); 1106 1107 pool_props_bad: 1108 nvlist_free(rootprops); 1109 nvlist_free(zplprops); 1110 nvlist_free(config); 1111 nvlist_free(props); 1112 1113 return (error); 1114 } 1115 1116 static int 1117 zfs_ioc_pool_destroy(zfs_cmd_t *zc) 1118 { 1119 int error; 1120 zfs_log_history(zc); 1121 error = spa_destroy(zc->zc_name); 1122 if (error == 0) 1123 zvol_remove_minors(zc->zc_name); 1124 return (error); 1125 } 1126 1127 static int 1128 zfs_ioc_pool_import(zfs_cmd_t *zc) 1129 { 1130 nvlist_t *config, *props = NULL; 1131 uint64_t guid; 1132 int error; 1133 1134 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1135 zc->zc_iflags, &config)) != 0) 1136 return (error); 1137 1138 if (zc->zc_nvlist_src_size != 0 && (error = 1139 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1140 zc->zc_iflags, &props))) { 1141 nvlist_free(config); 1142 return (error); 1143 } 1144 1145 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 || 1146 guid != zc->zc_guid) 1147 error = EINVAL; 1148 else if (zc->zc_cookie) 1149 error = spa_import_verbatim(zc->zc_name, config, props); 1150 else 1151 error = spa_import(zc->zc_name, config, props); 1152 1153 if (zc->zc_nvlist_dst != 0) 1154 (void) put_nvlist(zc, config); 1155 1156 nvlist_free(config); 1157 1158 if (props) 1159 nvlist_free(props); 1160 1161 return (error); 1162 } 1163 1164 static int 1165 zfs_ioc_pool_export(zfs_cmd_t *zc) 1166 { 1167 int error; 1168 boolean_t force = (boolean_t)zc->zc_cookie; 1169 boolean_t hardforce = (boolean_t)zc->zc_guid; 1170 1171 zfs_log_history(zc); 1172 error = spa_export(zc->zc_name, NULL, force, hardforce); 1173 if (error == 0) 1174 zvol_remove_minors(zc->zc_name); 1175 return (error); 1176 } 1177 1178 static int 1179 zfs_ioc_pool_configs(zfs_cmd_t *zc) 1180 { 1181 nvlist_t *configs; 1182 int error; 1183 1184 if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL) 1185 return (EEXIST); 1186 1187 error = put_nvlist(zc, configs); 1188 1189 nvlist_free(configs); 1190 1191 return (error); 1192 } 1193 1194 static int 1195 zfs_ioc_pool_stats(zfs_cmd_t *zc) 1196 { 1197 nvlist_t *config; 1198 int error; 1199 int ret = 0; 1200 1201 error = spa_get_stats(zc->zc_name, &config, zc->zc_value, 1202 sizeof (zc->zc_value)); 1203 1204 if (config != NULL) { 1205 ret = put_nvlist(zc, config); 1206 nvlist_free(config); 1207 1208 /* 1209 * The config may be present even if 'error' is non-zero. 1210 * In this case we return success, and preserve the real errno 1211 * in 'zc_cookie'. 1212 */ 1213 zc->zc_cookie = error; 1214 } else { 1215 ret = error; 1216 } 1217 1218 return (ret); 1219 } 1220 1221 /* 1222 * Try to import the given pool, returning pool stats as appropriate so that 1223 * user land knows which devices are available and overall pool health. 1224 */ 1225 static int 1226 zfs_ioc_pool_tryimport(zfs_cmd_t *zc) 1227 { 1228 nvlist_t *tryconfig, *config; 1229 int error; 1230 1231 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1232 zc->zc_iflags, &tryconfig)) != 0) 1233 return (error); 1234 1235 config = spa_tryimport(tryconfig); 1236 1237 nvlist_free(tryconfig); 1238 1239 if (config == NULL) 1240 return (EINVAL); 1241 1242 error = put_nvlist(zc, config); 1243 nvlist_free(config); 1244 1245 return (error); 1246 } 1247 1248 static int 1249 zfs_ioc_pool_scrub(zfs_cmd_t *zc) 1250 { 1251 spa_t *spa; 1252 int error; 1253 1254 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1255 return (error); 1256 1257 error = spa_scrub(spa, zc->zc_cookie); 1258 1259 spa_close(spa, FTAG); 1260 1261 return (error); 1262 } 1263 1264 static int 1265 zfs_ioc_pool_freeze(zfs_cmd_t *zc) 1266 { 1267 spa_t *spa; 1268 int error; 1269 1270 error = spa_open(zc->zc_name, &spa, FTAG); 1271 if (error == 0) { 1272 spa_freeze(spa); 1273 spa_close(spa, FTAG); 1274 } 1275 return (error); 1276 } 1277 1278 static int 1279 zfs_ioc_pool_upgrade(zfs_cmd_t *zc) 1280 { 1281 spa_t *spa; 1282 int error; 1283 1284 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1285 return (error); 1286 1287 if (zc->zc_cookie < spa_version(spa) || zc->zc_cookie > SPA_VERSION) { 1288 spa_close(spa, FTAG); 1289 return (EINVAL); 1290 } 1291 1292 spa_upgrade(spa, zc->zc_cookie); 1293 spa_close(spa, FTAG); 1294 1295 return (error); 1296 } 1297 1298 static int 1299 zfs_ioc_pool_get_history(zfs_cmd_t *zc) 1300 { 1301 spa_t *spa; 1302 char *hist_buf; 1303 uint64_t size; 1304 int error; 1305 1306 if ((size = zc->zc_history_len) == 0) 1307 return (EINVAL); 1308 1309 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1310 return (error); 1311 1312 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) { 1313 spa_close(spa, FTAG); 1314 return (ENOTSUP); 1315 } 1316 1317 hist_buf = kmem_alloc(size, KM_SLEEP); 1318 if ((error = spa_history_get(spa, &zc->zc_history_offset, 1319 &zc->zc_history_len, hist_buf)) == 0) { 1320 error = ddi_copyout(hist_buf, 1321 (void *)(uintptr_t)zc->zc_history, 1322 zc->zc_history_len, zc->zc_iflags); 1323 } 1324 1325 spa_close(spa, FTAG); 1326 kmem_free(hist_buf, size); 1327 return (error); 1328 } 1329 1330 static int 1331 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc) 1332 { 1333 int error; 1334 1335 if (error = dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value)) 1336 return (error); 1337 1338 return (0); 1339 } 1340 1341 /* 1342 * inputs: 1343 * zc_name name of filesystem 1344 * zc_obj object to find 1345 * 1346 * outputs: 1347 * zc_value name of object 1348 */ 1349 static int 1350 zfs_ioc_obj_to_path(zfs_cmd_t *zc) 1351 { 1352 objset_t *os; 1353 int error; 1354 1355 /* XXX reading from objset not owned */ 1356 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0) 1357 return (error); 1358 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1359 dmu_objset_rele(os, FTAG); 1360 return (EINVAL); 1361 } 1362 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value, 1363 sizeof (zc->zc_value)); 1364 dmu_objset_rele(os, FTAG); 1365 1366 return (error); 1367 } 1368 1369 static int 1370 zfs_ioc_vdev_add(zfs_cmd_t *zc) 1371 { 1372 spa_t *spa; 1373 int error; 1374 nvlist_t *config, **l2cache, **spares; 1375 uint_t nl2cache = 0, nspares = 0; 1376 1377 error = spa_open(zc->zc_name, &spa, FTAG); 1378 if (error != 0) 1379 return (error); 1380 1381 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1382 zc->zc_iflags, &config); 1383 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_L2CACHE, 1384 &l2cache, &nl2cache); 1385 1386 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_SPARES, 1387 &spares, &nspares); 1388 1389 /* 1390 * A root pool with concatenated devices is not supported. 1391 * Thus, can not add a device to a root pool. 1392 * 1393 * Intent log device can not be added to a rootpool because 1394 * during mountroot, zil is replayed, a seperated log device 1395 * can not be accessed during the mountroot time. 1396 * 1397 * l2cache and spare devices are ok to be added to a rootpool. 1398 */ 1399 if (spa_bootfs(spa) != 0 && nl2cache == 0 && nspares == 0) { 1400 nvlist_free(config); 1401 spa_close(spa, FTAG); 1402 return (EDOM); 1403 } 1404 1405 if (error == 0) { 1406 error = spa_vdev_add(spa, config); 1407 nvlist_free(config); 1408 } 1409 spa_close(spa, FTAG); 1410 return (error); 1411 } 1412 1413 static int 1414 zfs_ioc_vdev_remove(zfs_cmd_t *zc) 1415 { 1416 spa_t *spa; 1417 int error; 1418 1419 error = spa_open(zc->zc_name, &spa, FTAG); 1420 if (error != 0) 1421 return (error); 1422 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE); 1423 spa_close(spa, FTAG); 1424 return (error); 1425 } 1426 1427 static int 1428 zfs_ioc_vdev_set_state(zfs_cmd_t *zc) 1429 { 1430 spa_t *spa; 1431 int error; 1432 vdev_state_t newstate = VDEV_STATE_UNKNOWN; 1433 1434 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1435 return (error); 1436 switch (zc->zc_cookie) { 1437 case VDEV_STATE_ONLINE: 1438 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate); 1439 break; 1440 1441 case VDEV_STATE_OFFLINE: 1442 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj); 1443 break; 1444 1445 case VDEV_STATE_FAULTED: 1446 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED && 1447 zc->zc_obj != VDEV_AUX_EXTERNAL) 1448 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED; 1449 1450 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj); 1451 break; 1452 1453 case VDEV_STATE_DEGRADED: 1454 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED && 1455 zc->zc_obj != VDEV_AUX_EXTERNAL) 1456 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED; 1457 1458 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj); 1459 break; 1460 1461 default: 1462 error = EINVAL; 1463 } 1464 zc->zc_cookie = newstate; 1465 spa_close(spa, FTAG); 1466 return (error); 1467 } 1468 1469 static int 1470 zfs_ioc_vdev_attach(zfs_cmd_t *zc) 1471 { 1472 spa_t *spa; 1473 int replacing = zc->zc_cookie; 1474 nvlist_t *config; 1475 int error; 1476 1477 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1478 return (error); 1479 1480 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1481 zc->zc_iflags, &config)) == 0) { 1482 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing); 1483 nvlist_free(config); 1484 } 1485 1486 spa_close(spa, FTAG); 1487 return (error); 1488 } 1489 1490 static int 1491 zfs_ioc_vdev_detach(zfs_cmd_t *zc) 1492 { 1493 spa_t *spa; 1494 int error; 1495 1496 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1497 return (error); 1498 1499 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE); 1500 1501 spa_close(spa, FTAG); 1502 return (error); 1503 } 1504 1505 static int 1506 zfs_ioc_vdev_split(zfs_cmd_t *zc) 1507 { 1508 spa_t *spa; 1509 nvlist_t *config, *props = NULL; 1510 int error; 1511 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT); 1512 1513 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1514 return (error); 1515 1516 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1517 zc->zc_iflags, &config)) { 1518 spa_close(spa, FTAG); 1519 return (error); 1520 } 1521 1522 if (zc->zc_nvlist_src_size != 0 && (error = 1523 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1524 zc->zc_iflags, &props))) { 1525 spa_close(spa, FTAG); 1526 nvlist_free(config); 1527 return (error); 1528 } 1529 1530 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp); 1531 1532 spa_close(spa, FTAG); 1533 1534 nvlist_free(config); 1535 nvlist_free(props); 1536 1537 return (error); 1538 } 1539 1540 static int 1541 zfs_ioc_vdev_setpath(zfs_cmd_t *zc) 1542 { 1543 spa_t *spa; 1544 char *path = zc->zc_value; 1545 uint64_t guid = zc->zc_guid; 1546 int error; 1547 1548 error = spa_open(zc->zc_name, &spa, FTAG); 1549 if (error != 0) 1550 return (error); 1551 1552 error = spa_vdev_setpath(spa, guid, path); 1553 spa_close(spa, FTAG); 1554 return (error); 1555 } 1556 1557 static int 1558 zfs_ioc_vdev_setfru(zfs_cmd_t *zc) 1559 { 1560 spa_t *spa; 1561 char *fru = zc->zc_value; 1562 uint64_t guid = zc->zc_guid; 1563 int error; 1564 1565 error = spa_open(zc->zc_name, &spa, FTAG); 1566 if (error != 0) 1567 return (error); 1568 1569 error = spa_vdev_setfru(spa, guid, fru); 1570 spa_close(spa, FTAG); 1571 return (error); 1572 } 1573 1574 /* 1575 * inputs: 1576 * zc_name name of filesystem 1577 * zc_nvlist_dst_size size of buffer for property nvlist 1578 * 1579 * outputs: 1580 * zc_objset_stats stats 1581 * zc_nvlist_dst property nvlist 1582 * zc_nvlist_dst_size size of property nvlist 1583 */ 1584 static int 1585 zfs_ioc_objset_stats(zfs_cmd_t *zc) 1586 { 1587 objset_t *os = NULL; 1588 int error; 1589 nvlist_t *nv; 1590 1591 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os)) 1592 return (error); 1593 1594 dmu_objset_fast_stat(os, &zc->zc_objset_stats); 1595 1596 if (zc->zc_nvlist_dst != 0 && 1597 (error = dsl_prop_get_all(os, &nv)) == 0) { 1598 dmu_objset_stats(os, nv); 1599 /* 1600 * NB: zvol_get_stats() will read the objset contents, 1601 * which we aren't supposed to do with a 1602 * DS_MODE_USER hold, because it could be 1603 * inconsistent. So this is a bit of a workaround... 1604 * XXX reading with out owning 1605 */ 1606 if (!zc->zc_objset_stats.dds_inconsistent) { 1607 if (dmu_objset_type(os) == DMU_OST_ZVOL) 1608 VERIFY(zvol_get_stats(os, nv) == 0); 1609 } 1610 error = put_nvlist(zc, nv); 1611 nvlist_free(nv); 1612 } 1613 1614 dmu_objset_rele(os, FTAG); 1615 return (error); 1616 } 1617 1618 /* 1619 * inputs: 1620 * zc_name name of filesystem 1621 * zc_nvlist_dst_size size of buffer for property nvlist 1622 * 1623 * outputs: 1624 * zc_nvlist_dst received property nvlist 1625 * zc_nvlist_dst_size size of received property nvlist 1626 * 1627 * Gets received properties (distinct from local properties on or after 1628 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from 1629 * local property values. 1630 */ 1631 static int 1632 zfs_ioc_objset_recvd_props(zfs_cmd_t *zc) 1633 { 1634 objset_t *os = NULL; 1635 int error; 1636 nvlist_t *nv; 1637 1638 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os)) 1639 return (error); 1640 1641 /* 1642 * Without this check, we would return local property values if the 1643 * caller has not already received properties on or after 1644 * SPA_VERSION_RECVD_PROPS. 1645 */ 1646 if (!dsl_prop_get_hasrecvd(os)) { 1647 dmu_objset_rele(os, FTAG); 1648 return (ENOTSUP); 1649 } 1650 1651 if (zc->zc_nvlist_dst != 0 && 1652 (error = dsl_prop_get_received(os, &nv)) == 0) { 1653 error = put_nvlist(zc, nv); 1654 nvlist_free(nv); 1655 } 1656 1657 dmu_objset_rele(os, FTAG); 1658 return (error); 1659 } 1660 1661 static int 1662 nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop) 1663 { 1664 uint64_t value; 1665 int error; 1666 1667 /* 1668 * zfs_get_zplprop() will either find a value or give us 1669 * the default value (if there is one). 1670 */ 1671 if ((error = zfs_get_zplprop(os, prop, &value)) != 0) 1672 return (error); 1673 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0); 1674 return (0); 1675 } 1676 1677 /* 1678 * inputs: 1679 * zc_name name of filesystem 1680 * zc_nvlist_dst_size size of buffer for zpl property nvlist 1681 * 1682 * outputs: 1683 * zc_nvlist_dst zpl property nvlist 1684 * zc_nvlist_dst_size size of zpl property nvlist 1685 */ 1686 static int 1687 zfs_ioc_objset_zplprops(zfs_cmd_t *zc) 1688 { 1689 objset_t *os; 1690 int err; 1691 1692 /* XXX reading without owning */ 1693 if (err = dmu_objset_hold(zc->zc_name, FTAG, &os)) 1694 return (err); 1695 1696 dmu_objset_fast_stat(os, &zc->zc_objset_stats); 1697 1698 /* 1699 * NB: nvl_add_zplprop() will read the objset contents, 1700 * which we aren't supposed to do with a DS_MODE_USER 1701 * hold, because it could be inconsistent. 1702 */ 1703 if (zc->zc_nvlist_dst != NULL && 1704 !zc->zc_objset_stats.dds_inconsistent && 1705 dmu_objset_type(os) == DMU_OST_ZFS) { 1706 nvlist_t *nv; 1707 1708 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0); 1709 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 && 1710 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 && 1711 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 && 1712 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0) 1713 err = put_nvlist(zc, nv); 1714 nvlist_free(nv); 1715 } else { 1716 err = ENOENT; 1717 } 1718 dmu_objset_rele(os, FTAG); 1719 return (err); 1720 } 1721 1722 static boolean_t 1723 dataset_name_hidden(const char *name) 1724 { 1725 /* 1726 * Skip over datasets that are not visible in this zone, 1727 * internal datasets (which have a $ in their name), and 1728 * temporary datasets (which have a % in their name). 1729 */ 1730 if (strchr(name, '$') != NULL) 1731 return (B_TRUE); 1732 if (strchr(name, '%') != NULL) 1733 return (B_TRUE); 1734 if (!INGLOBALZONE(curproc) && !zone_dataset_visible(name, NULL)) 1735 return (B_TRUE); 1736 return (B_FALSE); 1737 } 1738 1739 /* 1740 * inputs: 1741 * zc_name name of filesystem 1742 * zc_cookie zap cursor 1743 * zc_nvlist_dst_size size of buffer for property nvlist 1744 * 1745 * outputs: 1746 * zc_name name of next filesystem 1747 * zc_cookie zap cursor 1748 * zc_objset_stats stats 1749 * zc_nvlist_dst property nvlist 1750 * zc_nvlist_dst_size size of property nvlist 1751 */ 1752 static int 1753 zfs_ioc_dataset_list_next(zfs_cmd_t *zc) 1754 { 1755 objset_t *os; 1756 int error; 1757 char *p; 1758 size_t orig_len = strlen(zc->zc_name); 1759 1760 top: 1761 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os)) { 1762 if (error == ENOENT) 1763 error = ESRCH; 1764 return (error); 1765 } 1766 1767 p = strrchr(zc->zc_name, '/'); 1768 if (p == NULL || p[1] != '\0') 1769 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name)); 1770 p = zc->zc_name + strlen(zc->zc_name); 1771 1772 /* 1773 * Pre-fetch the datasets. dmu_objset_prefetch() always returns 0 1774 * but is not declared void because its called by dmu_objset_find(). 1775 */ 1776 if (zc->zc_cookie == 0) { 1777 uint64_t cookie = 0; 1778 int len = sizeof (zc->zc_name) - (p - zc->zc_name); 1779 1780 while (dmu_dir_list_next(os, len, p, NULL, &cookie) == 0) 1781 (void) dmu_objset_prefetch(p, NULL); 1782 } 1783 1784 do { 1785 error = dmu_dir_list_next(os, 1786 sizeof (zc->zc_name) - (p - zc->zc_name), p, 1787 NULL, &zc->zc_cookie); 1788 if (error == ENOENT) 1789 error = ESRCH; 1790 } while (error == 0 && dataset_name_hidden(zc->zc_name) && 1791 !(zc->zc_iflags & FKIOCTL)); 1792 dmu_objset_rele(os, FTAG); 1793 1794 /* 1795 * If it's an internal dataset (ie. with a '$' in its name), 1796 * don't try to get stats for it, otherwise we'll return ENOENT. 1797 */ 1798 if (error == 0 && strchr(zc->zc_name, '$') == NULL) { 1799 error = zfs_ioc_objset_stats(zc); /* fill in the stats */ 1800 if (error == ENOENT) { 1801 /* We lost a race with destroy, get the next one. */ 1802 zc->zc_name[orig_len] = '\0'; 1803 goto top; 1804 } 1805 } 1806 return (error); 1807 } 1808 1809 /* 1810 * inputs: 1811 * zc_name name of filesystem 1812 * zc_cookie zap cursor 1813 * zc_nvlist_dst_size size of buffer for property nvlist 1814 * 1815 * outputs: 1816 * zc_name name of next snapshot 1817 * zc_objset_stats stats 1818 * zc_nvlist_dst property nvlist 1819 * zc_nvlist_dst_size size of property nvlist 1820 */ 1821 static int 1822 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc) 1823 { 1824 objset_t *os; 1825 int error; 1826 1827 top: 1828 if (zc->zc_cookie == 0) 1829 (void) dmu_objset_find(zc->zc_name, dmu_objset_prefetch, 1830 NULL, DS_FIND_SNAPSHOTS); 1831 1832 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 1833 if (error) 1834 return (error == ENOENT ? ESRCH : error); 1835 1836 /* 1837 * A dataset name of maximum length cannot have any snapshots, 1838 * so exit immediately. 1839 */ 1840 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >= MAXNAMELEN) { 1841 dmu_objset_rele(os, FTAG); 1842 return (ESRCH); 1843 } 1844 1845 error = dmu_snapshot_list_next(os, 1846 sizeof (zc->zc_name) - strlen(zc->zc_name), 1847 zc->zc_name + strlen(zc->zc_name), NULL, &zc->zc_cookie, NULL); 1848 dmu_objset_rele(os, FTAG); 1849 if (error == 0) { 1850 error = zfs_ioc_objset_stats(zc); /* fill in the stats */ 1851 if (error == ENOENT) { 1852 /* We lost a race with destroy, get the next one. */ 1853 *strchr(zc->zc_name, '@') = '\0'; 1854 goto top; 1855 } 1856 } else if (error == ENOENT) { 1857 error = ESRCH; 1858 } 1859 1860 /* if we failed, undo the @ that we tacked on to zc_name */ 1861 if (error) 1862 *strchr(zc->zc_name, '@') = '\0'; 1863 return (error); 1864 } 1865 1866 static int 1867 zfs_prop_set_userquota(const char *dsname, nvpair_t *pair) 1868 { 1869 const char *propname = nvpair_name(pair); 1870 uint64_t *valary; 1871 unsigned int vallen; 1872 const char *domain; 1873 zfs_userquota_prop_t type; 1874 uint64_t rid; 1875 uint64_t quota; 1876 zfsvfs_t *zfsvfs; 1877 int err; 1878 1879 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 1880 nvlist_t *attrs; 1881 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 1882 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 1883 &pair) == 0); 1884 } 1885 1886 VERIFY(nvpair_value_uint64_array(pair, &valary, &vallen) == 0); 1887 VERIFY(vallen == 3); 1888 type = valary[0]; 1889 rid = valary[1]; 1890 quota = valary[2]; 1891 /* 1892 * The propname is encoded as 1893 * userquota@<rid>-<domain>. 1894 */ 1895 domain = strchr(propname, '-') + 1; 1896 1897 err = zfsvfs_hold(dsname, FTAG, &zfsvfs); 1898 if (err == 0) { 1899 err = zfs_set_userquota(zfsvfs, type, domain, rid, quota); 1900 zfsvfs_rele(zfsvfs, FTAG); 1901 } 1902 1903 return (err); 1904 } 1905 1906 /* 1907 * If the named property is one that has a special function to set its value, 1908 * return 0 on success and a positive error code on failure; otherwise if it is 1909 * not one of the special properties handled by this function, return -1. 1910 * 1911 * XXX: It would be better for callers of the properety interface if we handled 1912 * these special cases in dsl_prop.c (in the dsl layer). 1913 */ 1914 static int 1915 zfs_prop_set_special(const char *dsname, zprop_source_t source, 1916 nvpair_t *pair) 1917 { 1918 const char *propname = nvpair_name(pair); 1919 zfs_prop_t prop = zfs_name_to_prop(propname); 1920 uint64_t intval; 1921 int err; 1922 1923 if (prop == ZPROP_INVAL) { 1924 if (zfs_prop_userquota(propname)) 1925 return (zfs_prop_set_userquota(dsname, pair)); 1926 return (-1); 1927 } 1928 1929 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 1930 nvlist_t *attrs; 1931 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 1932 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 1933 &pair) == 0); 1934 } 1935 1936 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING) 1937 return (-1); 1938 1939 VERIFY(0 == nvpair_value_uint64(pair, &intval)); 1940 1941 switch (prop) { 1942 case ZFS_PROP_QUOTA: 1943 err = dsl_dir_set_quota(dsname, source, intval); 1944 break; 1945 case ZFS_PROP_REFQUOTA: 1946 err = dsl_dataset_set_quota(dsname, source, intval); 1947 break; 1948 case ZFS_PROP_RESERVATION: 1949 err = dsl_dir_set_reservation(dsname, source, intval); 1950 break; 1951 case ZFS_PROP_REFRESERVATION: 1952 err = dsl_dataset_set_reservation(dsname, source, intval); 1953 break; 1954 case ZFS_PROP_VOLSIZE: 1955 err = zvol_set_volsize(dsname, ddi_driver_major(zfs_dip), 1956 intval); 1957 break; 1958 case ZFS_PROP_VERSION: 1959 { 1960 zfsvfs_t *zfsvfs; 1961 1962 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs)) != 0) 1963 break; 1964 1965 err = zfs_set_version(zfsvfs, intval); 1966 zfsvfs_rele(zfsvfs, FTAG); 1967 1968 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) { 1969 zfs_cmd_t *zc; 1970 1971 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP); 1972 (void) strcpy(zc->zc_name, dsname); 1973 (void) zfs_ioc_userspace_upgrade(zc); 1974 kmem_free(zc, sizeof (zfs_cmd_t)); 1975 } 1976 break; 1977 } 1978 1979 default: 1980 err = -1; 1981 } 1982 1983 return (err); 1984 } 1985 1986 /* 1987 * This function is best effort. If it fails to set any of the given properties, 1988 * it continues to set as many as it can and returns the first error 1989 * encountered. If the caller provides a non-NULL errlist, it also gives the 1990 * complete list of names of all the properties it failed to set along with the 1991 * corresponding error numbers. The caller is responsible for freeing the 1992 * returned errlist. 1993 * 1994 * If every property is set successfully, zero is returned and the list pointed 1995 * at by errlist is NULL. 1996 */ 1997 int 1998 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl, 1999 nvlist_t **errlist) 2000 { 2001 nvpair_t *pair; 2002 nvpair_t *propval; 2003 int rv = 0; 2004 uint64_t intval; 2005 char *strval; 2006 nvlist_t *genericnvl; 2007 nvlist_t *errors; 2008 nvlist_t *retrynvl; 2009 2010 VERIFY(nvlist_alloc(&genericnvl, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2011 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2012 VERIFY(nvlist_alloc(&retrynvl, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2013 2014 retry: 2015 pair = NULL; 2016 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) { 2017 const char *propname = nvpair_name(pair); 2018 zfs_prop_t prop = zfs_name_to_prop(propname); 2019 int err = 0; 2020 2021 /* decode the property value */ 2022 propval = pair; 2023 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2024 nvlist_t *attrs; 2025 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 2026 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2027 &propval) == 0); 2028 } 2029 2030 /* Validate value type */ 2031 if (prop == ZPROP_INVAL) { 2032 if (zfs_prop_user(propname)) { 2033 if (nvpair_type(propval) != DATA_TYPE_STRING) 2034 err = EINVAL; 2035 } else if (zfs_prop_userquota(propname)) { 2036 if (nvpair_type(propval) != 2037 DATA_TYPE_UINT64_ARRAY) 2038 err = EINVAL; 2039 } 2040 } else { 2041 if (nvpair_type(propval) == DATA_TYPE_STRING) { 2042 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING) 2043 err = EINVAL; 2044 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) { 2045 const char *unused; 2046 2047 VERIFY(nvpair_value_uint64(propval, 2048 &intval) == 0); 2049 2050 switch (zfs_prop_get_type(prop)) { 2051 case PROP_TYPE_NUMBER: 2052 break; 2053 case PROP_TYPE_STRING: 2054 err = EINVAL; 2055 break; 2056 case PROP_TYPE_INDEX: 2057 if (zfs_prop_index_to_string(prop, 2058 intval, &unused) != 0) 2059 err = EINVAL; 2060 break; 2061 default: 2062 cmn_err(CE_PANIC, 2063 "unknown property type"); 2064 } 2065 } else { 2066 err = EINVAL; 2067 } 2068 } 2069 2070 /* Validate permissions */ 2071 if (err == 0) 2072 err = zfs_check_settable(dsname, pair, CRED()); 2073 2074 if (err == 0) { 2075 err = zfs_prop_set_special(dsname, source, pair); 2076 if (err == -1) { 2077 /* 2078 * For better performance we build up a list of 2079 * properties to set in a single transaction. 2080 */ 2081 err = nvlist_add_nvpair(genericnvl, pair); 2082 } else if (err != 0 && nvl != retrynvl) { 2083 /* 2084 * This may be a spurious error caused by 2085 * receiving quota and reservation out of order. 2086 * Try again in a second pass. 2087 */ 2088 err = nvlist_add_nvpair(retrynvl, pair); 2089 } 2090 } 2091 2092 if (err != 0) 2093 VERIFY(nvlist_add_int32(errors, propname, err) == 0); 2094 } 2095 2096 if (nvl != retrynvl && !nvlist_empty(retrynvl)) { 2097 nvl = retrynvl; 2098 goto retry; 2099 } 2100 2101 if (!nvlist_empty(genericnvl) && 2102 dsl_props_set(dsname, source, genericnvl) != 0) { 2103 /* 2104 * If this fails, we still want to set as many properties as we 2105 * can, so try setting them individually. 2106 */ 2107 pair = NULL; 2108 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) { 2109 const char *propname = nvpair_name(pair); 2110 int err = 0; 2111 2112 propval = pair; 2113 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2114 nvlist_t *attrs; 2115 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 2116 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2117 &propval) == 0); 2118 } 2119 2120 if (nvpair_type(propval) == DATA_TYPE_STRING) { 2121 VERIFY(nvpair_value_string(propval, 2122 &strval) == 0); 2123 err = dsl_prop_set(dsname, propname, source, 1, 2124 strlen(strval) + 1, strval); 2125 } else { 2126 VERIFY(nvpair_value_uint64(propval, 2127 &intval) == 0); 2128 err = dsl_prop_set(dsname, propname, source, 8, 2129 1, &intval); 2130 } 2131 2132 if (err != 0) { 2133 VERIFY(nvlist_add_int32(errors, propname, 2134 err) == 0); 2135 } 2136 } 2137 } 2138 nvlist_free(genericnvl); 2139 nvlist_free(retrynvl); 2140 2141 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) { 2142 nvlist_free(errors); 2143 errors = NULL; 2144 } else { 2145 VERIFY(nvpair_value_int32(pair, &rv) == 0); 2146 } 2147 2148 if (errlist == NULL) 2149 nvlist_free(errors); 2150 else 2151 *errlist = errors; 2152 2153 return (rv); 2154 } 2155 2156 /* 2157 * Check that all the properties are valid user properties. 2158 */ 2159 static int 2160 zfs_check_userprops(char *fsname, nvlist_t *nvl) 2161 { 2162 nvpair_t *pair = NULL; 2163 int error = 0; 2164 2165 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) { 2166 const char *propname = nvpair_name(pair); 2167 char *valstr; 2168 2169 if (!zfs_prop_user(propname) || 2170 nvpair_type(pair) != DATA_TYPE_STRING) 2171 return (EINVAL); 2172 2173 if (error = zfs_secpolicy_write_perms(fsname, 2174 ZFS_DELEG_PERM_USERPROP, CRED())) 2175 return (error); 2176 2177 if (strlen(propname) >= ZAP_MAXNAMELEN) 2178 return (ENAMETOOLONG); 2179 2180 VERIFY(nvpair_value_string(pair, &valstr) == 0); 2181 if (strlen(valstr) >= ZAP_MAXVALUELEN) 2182 return (E2BIG); 2183 } 2184 return (0); 2185 } 2186 2187 static void 2188 props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops) 2189 { 2190 nvpair_t *pair; 2191 2192 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2193 2194 pair = NULL; 2195 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) { 2196 if (nvlist_exists(skipped, nvpair_name(pair))) 2197 continue; 2198 2199 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0); 2200 } 2201 } 2202 2203 static int 2204 clear_received_props(objset_t *os, const char *fs, nvlist_t *props, 2205 nvlist_t *skipped) 2206 { 2207 int err = 0; 2208 nvlist_t *cleared_props = NULL; 2209 props_skip(props, skipped, &cleared_props); 2210 if (!nvlist_empty(cleared_props)) { 2211 /* 2212 * Acts on local properties until the dataset has received 2213 * properties at least once on or after SPA_VERSION_RECVD_PROPS. 2214 */ 2215 zprop_source_t flags = (ZPROP_SRC_NONE | 2216 (dsl_prop_get_hasrecvd(os) ? ZPROP_SRC_RECEIVED : 0)); 2217 err = zfs_set_prop_nvlist(fs, flags, cleared_props, NULL); 2218 } 2219 nvlist_free(cleared_props); 2220 return (err); 2221 } 2222 2223 /* 2224 * inputs: 2225 * zc_name name of filesystem 2226 * zc_value name of property to set 2227 * zc_nvlist_src{_size} nvlist of properties to apply 2228 * zc_cookie received properties flag 2229 * 2230 * outputs: 2231 * zc_nvlist_dst{_size} error for each unapplied received property 2232 */ 2233 static int 2234 zfs_ioc_set_prop(zfs_cmd_t *zc) 2235 { 2236 nvlist_t *nvl; 2237 boolean_t received = zc->zc_cookie; 2238 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED : 2239 ZPROP_SRC_LOCAL); 2240 nvlist_t *errors = NULL; 2241 int error; 2242 2243 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2244 zc->zc_iflags, &nvl)) != 0) 2245 return (error); 2246 2247 if (received) { 2248 nvlist_t *origprops; 2249 objset_t *os; 2250 2251 if (dmu_objset_hold(zc->zc_name, FTAG, &os) == 0) { 2252 if (dsl_prop_get_received(os, &origprops) == 0) { 2253 (void) clear_received_props(os, 2254 zc->zc_name, origprops, nvl); 2255 nvlist_free(origprops); 2256 } 2257 2258 dsl_prop_set_hasrecvd(os); 2259 dmu_objset_rele(os, FTAG); 2260 } 2261 } 2262 2263 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, &errors); 2264 2265 if (zc->zc_nvlist_dst != NULL && errors != NULL) { 2266 (void) put_nvlist(zc, errors); 2267 } 2268 2269 nvlist_free(errors); 2270 nvlist_free(nvl); 2271 return (error); 2272 } 2273 2274 /* 2275 * inputs: 2276 * zc_name name of filesystem 2277 * zc_value name of property to inherit 2278 * zc_cookie revert to received value if TRUE 2279 * 2280 * outputs: none 2281 */ 2282 static int 2283 zfs_ioc_inherit_prop(zfs_cmd_t *zc) 2284 { 2285 const char *propname = zc->zc_value; 2286 zfs_prop_t prop = zfs_name_to_prop(propname); 2287 boolean_t received = zc->zc_cookie; 2288 zprop_source_t source = (received 2289 ? ZPROP_SRC_NONE /* revert to received value, if any */ 2290 : ZPROP_SRC_INHERITED); /* explicitly inherit */ 2291 2292 if (received) { 2293 nvlist_t *dummy; 2294 nvpair_t *pair; 2295 zprop_type_t type; 2296 int err; 2297 2298 /* 2299 * zfs_prop_set_special() expects properties in the form of an 2300 * nvpair with type info. 2301 */ 2302 if (prop == ZPROP_INVAL) { 2303 if (!zfs_prop_user(propname)) 2304 return (EINVAL); 2305 2306 type = PROP_TYPE_STRING; 2307 } else if (prop == ZFS_PROP_VOLSIZE || 2308 prop == ZFS_PROP_VERSION) { 2309 return (EINVAL); 2310 } else { 2311 type = zfs_prop_get_type(prop); 2312 } 2313 2314 VERIFY(nvlist_alloc(&dummy, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2315 2316 switch (type) { 2317 case PROP_TYPE_STRING: 2318 VERIFY(0 == nvlist_add_string(dummy, propname, "")); 2319 break; 2320 case PROP_TYPE_NUMBER: 2321 case PROP_TYPE_INDEX: 2322 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0)); 2323 break; 2324 default: 2325 nvlist_free(dummy); 2326 return (EINVAL); 2327 } 2328 2329 pair = nvlist_next_nvpair(dummy, NULL); 2330 err = zfs_prop_set_special(zc->zc_name, source, pair); 2331 nvlist_free(dummy); 2332 if (err != -1) 2333 return (err); /* special property already handled */ 2334 } else { 2335 /* 2336 * Only check this in the non-received case. We want to allow 2337 * 'inherit -S' to revert non-inheritable properties like quota 2338 * and reservation to the received or default values even though 2339 * they are not considered inheritable. 2340 */ 2341 if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop)) 2342 return (EINVAL); 2343 } 2344 2345 /* the property name has been validated by zfs_secpolicy_inherit() */ 2346 return (dsl_prop_set(zc->zc_name, zc->zc_value, source, 0, 0, NULL)); 2347 } 2348 2349 static int 2350 zfs_ioc_pool_set_props(zfs_cmd_t *zc) 2351 { 2352 nvlist_t *props; 2353 spa_t *spa; 2354 int error; 2355 nvpair_t *pair; 2356 2357 if (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2358 zc->zc_iflags, &props)) 2359 return (error); 2360 2361 /* 2362 * If the only property is the configfile, then just do a spa_lookup() 2363 * to handle the faulted case. 2364 */ 2365 pair = nvlist_next_nvpair(props, NULL); 2366 if (pair != NULL && strcmp(nvpair_name(pair), 2367 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 && 2368 nvlist_next_nvpair(props, pair) == NULL) { 2369 mutex_enter(&spa_namespace_lock); 2370 if ((spa = spa_lookup(zc->zc_name)) != NULL) { 2371 spa_configfile_set(spa, props, B_FALSE); 2372 spa_config_sync(spa, B_FALSE, B_TRUE); 2373 } 2374 mutex_exit(&spa_namespace_lock); 2375 if (spa != NULL) { 2376 nvlist_free(props); 2377 return (0); 2378 } 2379 } 2380 2381 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) { 2382 nvlist_free(props); 2383 return (error); 2384 } 2385 2386 error = spa_prop_set(spa, props); 2387 2388 nvlist_free(props); 2389 spa_close(spa, FTAG); 2390 2391 return (error); 2392 } 2393 2394 static int 2395 zfs_ioc_pool_get_props(zfs_cmd_t *zc) 2396 { 2397 spa_t *spa; 2398 int error; 2399 nvlist_t *nvp = NULL; 2400 2401 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) { 2402 /* 2403 * If the pool is faulted, there may be properties we can still 2404 * get (such as altroot and cachefile), so attempt to get them 2405 * anyway. 2406 */ 2407 mutex_enter(&spa_namespace_lock); 2408 if ((spa = spa_lookup(zc->zc_name)) != NULL) 2409 error = spa_prop_get(spa, &nvp); 2410 mutex_exit(&spa_namespace_lock); 2411 } else { 2412 error = spa_prop_get(spa, &nvp); 2413 spa_close(spa, FTAG); 2414 } 2415 2416 if (error == 0 && zc->zc_nvlist_dst != NULL) 2417 error = put_nvlist(zc, nvp); 2418 else 2419 error = EFAULT; 2420 2421 nvlist_free(nvp); 2422 return (error); 2423 } 2424 2425 static int 2426 zfs_ioc_iscsi_perm_check(zfs_cmd_t *zc) 2427 { 2428 nvlist_t *nvp; 2429 int error; 2430 uint32_t uid; 2431 uint32_t gid; 2432 uint32_t *groups; 2433 uint_t group_cnt; 2434 cred_t *usercred; 2435 2436 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2437 zc->zc_iflags, &nvp)) != 0) { 2438 return (error); 2439 } 2440 2441 if ((error = nvlist_lookup_uint32(nvp, 2442 ZFS_DELEG_PERM_UID, &uid)) != 0) { 2443 nvlist_free(nvp); 2444 return (EPERM); 2445 } 2446 2447 if ((error = nvlist_lookup_uint32(nvp, 2448 ZFS_DELEG_PERM_GID, &gid)) != 0) { 2449 nvlist_free(nvp); 2450 return (EPERM); 2451 } 2452 2453 if ((error = nvlist_lookup_uint32_array(nvp, ZFS_DELEG_PERM_GROUPS, 2454 &groups, &group_cnt)) != 0) { 2455 nvlist_free(nvp); 2456 return (EPERM); 2457 } 2458 usercred = cralloc(); 2459 if ((crsetugid(usercred, uid, gid) != 0) || 2460 (crsetgroups(usercred, group_cnt, (gid_t *)groups) != 0)) { 2461 nvlist_free(nvp); 2462 crfree(usercred); 2463 return (EPERM); 2464 } 2465 nvlist_free(nvp); 2466 error = dsl_deleg_access(zc->zc_name, 2467 zfs_prop_to_name(ZFS_PROP_SHAREISCSI), usercred); 2468 crfree(usercred); 2469 return (error); 2470 } 2471 2472 /* 2473 * inputs: 2474 * zc_name name of filesystem 2475 * zc_nvlist_src{_size} nvlist of delegated permissions 2476 * zc_perm_action allow/unallow flag 2477 * 2478 * outputs: none 2479 */ 2480 static int 2481 zfs_ioc_set_fsacl(zfs_cmd_t *zc) 2482 { 2483 int error; 2484 nvlist_t *fsaclnv = NULL; 2485 2486 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2487 zc->zc_iflags, &fsaclnv)) != 0) 2488 return (error); 2489 2490 /* 2491 * Verify nvlist is constructed correctly 2492 */ 2493 if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) { 2494 nvlist_free(fsaclnv); 2495 return (EINVAL); 2496 } 2497 2498 /* 2499 * If we don't have PRIV_SYS_MOUNT, then validate 2500 * that user is allowed to hand out each permission in 2501 * the nvlist(s) 2502 */ 2503 2504 error = secpolicy_zfs(CRED()); 2505 if (error) { 2506 if (zc->zc_perm_action == B_FALSE) { 2507 error = dsl_deleg_can_allow(zc->zc_name, 2508 fsaclnv, CRED()); 2509 } else { 2510 error = dsl_deleg_can_unallow(zc->zc_name, 2511 fsaclnv, CRED()); 2512 } 2513 } 2514 2515 if (error == 0) 2516 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action); 2517 2518 nvlist_free(fsaclnv); 2519 return (error); 2520 } 2521 2522 /* 2523 * inputs: 2524 * zc_name name of filesystem 2525 * 2526 * outputs: 2527 * zc_nvlist_src{_size} nvlist of delegated permissions 2528 */ 2529 static int 2530 zfs_ioc_get_fsacl(zfs_cmd_t *zc) 2531 { 2532 nvlist_t *nvp; 2533 int error; 2534 2535 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) { 2536 error = put_nvlist(zc, nvp); 2537 nvlist_free(nvp); 2538 } 2539 2540 return (error); 2541 } 2542 2543 /* 2544 * Search the vfs list for a specified resource. Returns a pointer to it 2545 * or NULL if no suitable entry is found. The caller of this routine 2546 * is responsible for releasing the returned vfs pointer. 2547 */ 2548 static vfs_t * 2549 zfs_get_vfs(const char *resource) 2550 { 2551 struct vfs *vfsp; 2552 struct vfs *vfs_found = NULL; 2553 2554 vfs_list_read_lock(); 2555 vfsp = rootvfs; 2556 do { 2557 if (strcmp(refstr_value(vfsp->vfs_resource), resource) == 0) { 2558 VFS_HOLD(vfsp); 2559 vfs_found = vfsp; 2560 break; 2561 } 2562 vfsp = vfsp->vfs_next; 2563 } while (vfsp != rootvfs); 2564 vfs_list_unlock(); 2565 return (vfs_found); 2566 } 2567 2568 /* ARGSUSED */ 2569 static void 2570 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx) 2571 { 2572 zfs_creat_t *zct = arg; 2573 2574 zfs_create_fs(os, cr, zct->zct_zplprops, tx); 2575 } 2576 2577 #define ZFS_PROP_UNDEFINED ((uint64_t)-1) 2578 2579 /* 2580 * inputs: 2581 * createprops list of properties requested by creator 2582 * default_zplver zpl version to use if unspecified in createprops 2583 * fuids_ok fuids allowed in this version of the spa? 2584 * os parent objset pointer (NULL if root fs) 2585 * 2586 * outputs: 2587 * zplprops values for the zplprops we attach to the master node object 2588 * is_ci true if requested file system will be purely case-insensitive 2589 * 2590 * Determine the settings for utf8only, normalization and 2591 * casesensitivity. Specific values may have been requested by the 2592 * creator and/or we can inherit values from the parent dataset. If 2593 * the file system is of too early a vintage, a creator can not 2594 * request settings for these properties, even if the requested 2595 * setting is the default value. We don't actually want to create dsl 2596 * properties for these, so remove them from the source nvlist after 2597 * processing. 2598 */ 2599 static int 2600 zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver, 2601 boolean_t fuids_ok, nvlist_t *createprops, nvlist_t *zplprops, 2602 boolean_t *is_ci) 2603 { 2604 uint64_t sense = ZFS_PROP_UNDEFINED; 2605 uint64_t norm = ZFS_PROP_UNDEFINED; 2606 uint64_t u8 = ZFS_PROP_UNDEFINED; 2607 2608 ASSERT(zplprops != NULL); 2609 2610 /* 2611 * Pull out creator prop choices, if any. 2612 */ 2613 if (createprops) { 2614 (void) nvlist_lookup_uint64(createprops, 2615 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver); 2616 (void) nvlist_lookup_uint64(createprops, 2617 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm); 2618 (void) nvlist_remove_all(createprops, 2619 zfs_prop_to_name(ZFS_PROP_NORMALIZE)); 2620 (void) nvlist_lookup_uint64(createprops, 2621 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8); 2622 (void) nvlist_remove_all(createprops, 2623 zfs_prop_to_name(ZFS_PROP_UTF8ONLY)); 2624 (void) nvlist_lookup_uint64(createprops, 2625 zfs_prop_to_name(ZFS_PROP_CASE), &sense); 2626 (void) nvlist_remove_all(createprops, 2627 zfs_prop_to_name(ZFS_PROP_CASE)); 2628 } 2629 2630 /* 2631 * If the zpl version requested is whacky or the file system 2632 * or pool is version is too "young" to support normalization 2633 * and the creator tried to set a value for one of the props, 2634 * error out. 2635 */ 2636 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) || 2637 (zplver >= ZPL_VERSION_FUID && !fuids_ok) || 2638 (zplver < ZPL_VERSION_NORMALIZATION && 2639 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED || 2640 sense != ZFS_PROP_UNDEFINED))) 2641 return (ENOTSUP); 2642 2643 /* 2644 * Put the version in the zplprops 2645 */ 2646 VERIFY(nvlist_add_uint64(zplprops, 2647 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0); 2648 2649 if (norm == ZFS_PROP_UNDEFINED) 2650 VERIFY(zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm) == 0); 2651 VERIFY(nvlist_add_uint64(zplprops, 2652 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0); 2653 2654 /* 2655 * If we're normalizing, names must always be valid UTF-8 strings. 2656 */ 2657 if (norm) 2658 u8 = 1; 2659 if (u8 == ZFS_PROP_UNDEFINED) 2660 VERIFY(zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8) == 0); 2661 VERIFY(nvlist_add_uint64(zplprops, 2662 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0); 2663 2664 if (sense == ZFS_PROP_UNDEFINED) 2665 VERIFY(zfs_get_zplprop(os, ZFS_PROP_CASE, &sense) == 0); 2666 VERIFY(nvlist_add_uint64(zplprops, 2667 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0); 2668 2669 if (is_ci) 2670 *is_ci = (sense == ZFS_CASE_INSENSITIVE); 2671 2672 return (0); 2673 } 2674 2675 static int 2676 zfs_fill_zplprops(const char *dataset, nvlist_t *createprops, 2677 nvlist_t *zplprops, boolean_t *is_ci) 2678 { 2679 boolean_t fuids_ok = B_TRUE; 2680 uint64_t zplver = ZPL_VERSION; 2681 objset_t *os = NULL; 2682 char parentname[MAXNAMELEN]; 2683 char *cp; 2684 int error; 2685 2686 (void) strlcpy(parentname, dataset, sizeof (parentname)); 2687 cp = strrchr(parentname, '/'); 2688 ASSERT(cp != NULL); 2689 cp[0] = '\0'; 2690 2691 if (zfs_earlier_version(dataset, SPA_VERSION_USERSPACE)) 2692 zplver = ZPL_VERSION_USERSPACE - 1; 2693 if (zfs_earlier_version(dataset, SPA_VERSION_FUID)) { 2694 zplver = ZPL_VERSION_FUID - 1; 2695 fuids_ok = B_FALSE; 2696 } 2697 2698 /* 2699 * Open parent object set so we can inherit zplprop values. 2700 */ 2701 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0) 2702 return (error); 2703 2704 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, createprops, 2705 zplprops, is_ci); 2706 dmu_objset_rele(os, FTAG); 2707 return (error); 2708 } 2709 2710 static int 2711 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops, 2712 nvlist_t *zplprops, boolean_t *is_ci) 2713 { 2714 boolean_t fuids_ok = B_TRUE; 2715 uint64_t zplver = ZPL_VERSION; 2716 int error; 2717 2718 if (spa_vers < SPA_VERSION_FUID) { 2719 zplver = ZPL_VERSION_FUID - 1; 2720 fuids_ok = B_FALSE; 2721 } 2722 2723 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, createprops, 2724 zplprops, is_ci); 2725 return (error); 2726 } 2727 2728 /* 2729 * inputs: 2730 * zc_objset_type type of objset to create (fs vs zvol) 2731 * zc_name name of new objset 2732 * zc_value name of snapshot to clone from (may be empty) 2733 * zc_nvlist_src{_size} nvlist of properties to apply 2734 * 2735 * outputs: none 2736 */ 2737 static int 2738 zfs_ioc_create(zfs_cmd_t *zc) 2739 { 2740 objset_t *clone; 2741 int error = 0; 2742 zfs_creat_t zct; 2743 nvlist_t *nvprops = NULL; 2744 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx); 2745 dmu_objset_type_t type = zc->zc_objset_type; 2746 2747 switch (type) { 2748 2749 case DMU_OST_ZFS: 2750 cbfunc = zfs_create_cb; 2751 break; 2752 2753 case DMU_OST_ZVOL: 2754 cbfunc = zvol_create_cb; 2755 break; 2756 2757 default: 2758 cbfunc = NULL; 2759 break; 2760 } 2761 if (strchr(zc->zc_name, '@') || 2762 strchr(zc->zc_name, '%')) 2763 return (EINVAL); 2764 2765 if (zc->zc_nvlist_src != NULL && 2766 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2767 zc->zc_iflags, &nvprops)) != 0) 2768 return (error); 2769 2770 zct.zct_zplprops = NULL; 2771 zct.zct_props = nvprops; 2772 2773 if (zc->zc_value[0] != '\0') { 2774 /* 2775 * We're creating a clone of an existing snapshot. 2776 */ 2777 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0'; 2778 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0) { 2779 nvlist_free(nvprops); 2780 return (EINVAL); 2781 } 2782 2783 error = dmu_objset_hold(zc->zc_value, FTAG, &clone); 2784 if (error) { 2785 nvlist_free(nvprops); 2786 return (error); 2787 } 2788 2789 error = dmu_objset_clone(zc->zc_name, dmu_objset_ds(clone), 0); 2790 dmu_objset_rele(clone, FTAG); 2791 if (error) { 2792 nvlist_free(nvprops); 2793 return (error); 2794 } 2795 } else { 2796 boolean_t is_insensitive = B_FALSE; 2797 2798 if (cbfunc == NULL) { 2799 nvlist_free(nvprops); 2800 return (EINVAL); 2801 } 2802 2803 if (type == DMU_OST_ZVOL) { 2804 uint64_t volsize, volblocksize; 2805 2806 if (nvprops == NULL || 2807 nvlist_lookup_uint64(nvprops, 2808 zfs_prop_to_name(ZFS_PROP_VOLSIZE), 2809 &volsize) != 0) { 2810 nvlist_free(nvprops); 2811 return (EINVAL); 2812 } 2813 2814 if ((error = nvlist_lookup_uint64(nvprops, 2815 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE), 2816 &volblocksize)) != 0 && error != ENOENT) { 2817 nvlist_free(nvprops); 2818 return (EINVAL); 2819 } 2820 2821 if (error != 0) 2822 volblocksize = zfs_prop_default_numeric( 2823 ZFS_PROP_VOLBLOCKSIZE); 2824 2825 if ((error = zvol_check_volblocksize( 2826 volblocksize)) != 0 || 2827 (error = zvol_check_volsize(volsize, 2828 volblocksize)) != 0) { 2829 nvlist_free(nvprops); 2830 return (error); 2831 } 2832 } else if (type == DMU_OST_ZFS) { 2833 int error; 2834 2835 /* 2836 * We have to have normalization and 2837 * case-folding flags correct when we do the 2838 * file system creation, so go figure them out 2839 * now. 2840 */ 2841 VERIFY(nvlist_alloc(&zct.zct_zplprops, 2842 NV_UNIQUE_NAME, KM_SLEEP) == 0); 2843 error = zfs_fill_zplprops(zc->zc_name, nvprops, 2844 zct.zct_zplprops, &is_insensitive); 2845 if (error != 0) { 2846 nvlist_free(nvprops); 2847 nvlist_free(zct.zct_zplprops); 2848 return (error); 2849 } 2850 } 2851 error = dmu_objset_create(zc->zc_name, type, 2852 is_insensitive ? DS_FLAG_CI_DATASET : 0, cbfunc, &zct); 2853 nvlist_free(zct.zct_zplprops); 2854 } 2855 2856 /* 2857 * It would be nice to do this atomically. 2858 */ 2859 if (error == 0) { 2860 error = zfs_set_prop_nvlist(zc->zc_name, ZPROP_SRC_LOCAL, 2861 nvprops, NULL); 2862 if (error != 0) 2863 (void) dmu_objset_destroy(zc->zc_name, B_FALSE); 2864 } 2865 nvlist_free(nvprops); 2866 return (error); 2867 } 2868 2869 /* 2870 * inputs: 2871 * zc_name name of filesystem 2872 * zc_value short name of snapshot 2873 * zc_cookie recursive flag 2874 * zc_nvlist_src[_size] property list 2875 * 2876 * outputs: 2877 * zc_value short snapname (i.e. part after the '@') 2878 */ 2879 static int 2880 zfs_ioc_snapshot(zfs_cmd_t *zc) 2881 { 2882 nvlist_t *nvprops = NULL; 2883 int error; 2884 boolean_t recursive = zc->zc_cookie; 2885 2886 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0) 2887 return (EINVAL); 2888 2889 if (zc->zc_nvlist_src != NULL && 2890 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2891 zc->zc_iflags, &nvprops)) != 0) 2892 return (error); 2893 2894 error = zfs_check_userprops(zc->zc_name, nvprops); 2895 if (error) 2896 goto out; 2897 2898 if (!nvlist_empty(nvprops) && 2899 zfs_earlier_version(zc->zc_name, SPA_VERSION_SNAP_PROPS)) { 2900 error = ENOTSUP; 2901 goto out; 2902 } 2903 2904 error = dmu_objset_snapshot(zc->zc_name, zc->zc_value, 2905 nvprops, recursive); 2906 2907 out: 2908 nvlist_free(nvprops); 2909 return (error); 2910 } 2911 2912 int 2913 zfs_unmount_snap(const char *name, void *arg) 2914 { 2915 vfs_t *vfsp = NULL; 2916 2917 if (arg) { 2918 char *snapname = arg; 2919 char *fullname = kmem_asprintf("%s@%s", name, snapname); 2920 vfsp = zfs_get_vfs(fullname); 2921 strfree(fullname); 2922 } else if (strchr(name, '@')) { 2923 vfsp = zfs_get_vfs(name); 2924 } 2925 2926 if (vfsp) { 2927 /* 2928 * Always force the unmount for snapshots. 2929 */ 2930 int flag = MS_FORCE; 2931 int err; 2932 2933 if ((err = vn_vfswlock(vfsp->vfs_vnodecovered)) != 0) { 2934 VFS_RELE(vfsp); 2935 return (err); 2936 } 2937 VFS_RELE(vfsp); 2938 if ((err = dounmount(vfsp, flag, kcred)) != 0) 2939 return (err); 2940 } 2941 return (0); 2942 } 2943 2944 /* 2945 * inputs: 2946 * zc_name name of filesystem 2947 * zc_value short name of snapshot 2948 * zc_defer_destroy mark for deferred destroy 2949 * 2950 * outputs: none 2951 */ 2952 static int 2953 zfs_ioc_destroy_snaps(zfs_cmd_t *zc) 2954 { 2955 int err; 2956 2957 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0) 2958 return (EINVAL); 2959 err = dmu_objset_find(zc->zc_name, 2960 zfs_unmount_snap, zc->zc_value, DS_FIND_CHILDREN); 2961 if (err) 2962 return (err); 2963 return (dmu_snapshots_destroy(zc->zc_name, zc->zc_value, 2964 zc->zc_defer_destroy)); 2965 } 2966 2967 /* 2968 * inputs: 2969 * zc_name name of dataset to destroy 2970 * zc_objset_type type of objset 2971 * zc_defer_destroy mark for deferred destroy 2972 * 2973 * outputs: none 2974 */ 2975 static int 2976 zfs_ioc_destroy(zfs_cmd_t *zc) 2977 { 2978 int err; 2979 if (strchr(zc->zc_name, '@') && zc->zc_objset_type == DMU_OST_ZFS) { 2980 err = zfs_unmount_snap(zc->zc_name, NULL); 2981 if (err) 2982 return (err); 2983 } 2984 2985 err = dmu_objset_destroy(zc->zc_name, zc->zc_defer_destroy); 2986 if (zc->zc_objset_type == DMU_OST_ZVOL && err == 0) 2987 (void) zvol_remove_minor(zc->zc_name); 2988 return (err); 2989 } 2990 2991 /* 2992 * inputs: 2993 * zc_name name of dataset to rollback (to most recent snapshot) 2994 * 2995 * outputs: none 2996 */ 2997 static int 2998 zfs_ioc_rollback(zfs_cmd_t *zc) 2999 { 3000 dsl_dataset_t *ds, *clone; 3001 int error; 3002 zfsvfs_t *zfsvfs; 3003 char *clone_name; 3004 3005 error = dsl_dataset_hold(zc->zc_name, FTAG, &ds); 3006 if (error) 3007 return (error); 3008 3009 /* must not be a snapshot */ 3010 if (dsl_dataset_is_snapshot(ds)) { 3011 dsl_dataset_rele(ds, FTAG); 3012 return (EINVAL); 3013 } 3014 3015 /* must have a most recent snapshot */ 3016 if (ds->ds_phys->ds_prev_snap_txg < TXG_INITIAL) { 3017 dsl_dataset_rele(ds, FTAG); 3018 return (EINVAL); 3019 } 3020 3021 /* 3022 * Create clone of most recent snapshot. 3023 */ 3024 clone_name = kmem_asprintf("%s/%%rollback", zc->zc_name); 3025 error = dmu_objset_clone(clone_name, ds->ds_prev, DS_FLAG_INCONSISTENT); 3026 if (error) 3027 goto out; 3028 3029 error = dsl_dataset_own(clone_name, B_TRUE, FTAG, &clone); 3030 if (error) 3031 goto out; 3032 3033 /* 3034 * Do clone swap. 3035 */ 3036 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) { 3037 error = zfs_suspend_fs(zfsvfs); 3038 if (error == 0) { 3039 int resume_err; 3040 3041 if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) { 3042 error = dsl_dataset_clone_swap(clone, ds, 3043 B_TRUE); 3044 dsl_dataset_disown(ds, FTAG); 3045 ds = NULL; 3046 } else { 3047 error = EBUSY; 3048 } 3049 resume_err = zfs_resume_fs(zfsvfs, zc->zc_name); 3050 error = error ? error : resume_err; 3051 } 3052 VFS_RELE(zfsvfs->z_vfs); 3053 } else { 3054 if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) { 3055 error = dsl_dataset_clone_swap(clone, ds, B_TRUE); 3056 dsl_dataset_disown(ds, FTAG); 3057 ds = NULL; 3058 } else { 3059 error = EBUSY; 3060 } 3061 } 3062 3063 /* 3064 * Destroy clone (which also closes it). 3065 */ 3066 (void) dsl_dataset_destroy(clone, FTAG, B_FALSE); 3067 3068 out: 3069 strfree(clone_name); 3070 if (ds) 3071 dsl_dataset_rele(ds, FTAG); 3072 return (error); 3073 } 3074 3075 /* 3076 * inputs: 3077 * zc_name old name of dataset 3078 * zc_value new name of dataset 3079 * zc_cookie recursive flag (only valid for snapshots) 3080 * 3081 * outputs: none 3082 */ 3083 static int 3084 zfs_ioc_rename(zfs_cmd_t *zc) 3085 { 3086 boolean_t recursive = zc->zc_cookie & 1; 3087 3088 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0'; 3089 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 || 3090 strchr(zc->zc_value, '%')) 3091 return (EINVAL); 3092 3093 /* 3094 * Unmount snapshot unless we're doing a recursive rename, 3095 * in which case the dataset code figures out which snapshots 3096 * to unmount. 3097 */ 3098 if (!recursive && strchr(zc->zc_name, '@') != NULL && 3099 zc->zc_objset_type == DMU_OST_ZFS) { 3100 int err = zfs_unmount_snap(zc->zc_name, NULL); 3101 if (err) 3102 return (err); 3103 } 3104 if (zc->zc_objset_type == DMU_OST_ZVOL) 3105 (void) zvol_remove_minor(zc->zc_name); 3106 return (dmu_objset_rename(zc->zc_name, zc->zc_value, recursive)); 3107 } 3108 3109 static int 3110 zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr) 3111 { 3112 const char *propname = nvpair_name(pair); 3113 boolean_t issnap = (strchr(dsname, '@') != NULL); 3114 zfs_prop_t prop = zfs_name_to_prop(propname); 3115 uint64_t intval; 3116 int err; 3117 3118 if (prop == ZPROP_INVAL) { 3119 if (zfs_prop_user(propname)) { 3120 if (err = zfs_secpolicy_write_perms(dsname, 3121 ZFS_DELEG_PERM_USERPROP, cr)) 3122 return (err); 3123 return (0); 3124 } 3125 3126 if (!issnap && zfs_prop_userquota(propname)) { 3127 const char *perm = NULL; 3128 const char *uq_prefix = 3129 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA]; 3130 const char *gq_prefix = 3131 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA]; 3132 3133 if (strncmp(propname, uq_prefix, 3134 strlen(uq_prefix)) == 0) { 3135 perm = ZFS_DELEG_PERM_USERQUOTA; 3136 } else if (strncmp(propname, gq_prefix, 3137 strlen(gq_prefix)) == 0) { 3138 perm = ZFS_DELEG_PERM_GROUPQUOTA; 3139 } else { 3140 /* USERUSED and GROUPUSED are read-only */ 3141 return (EINVAL); 3142 } 3143 3144 if (err = zfs_secpolicy_write_perms(dsname, perm, cr)) 3145 return (err); 3146 return (0); 3147 } 3148 3149 return (EINVAL); 3150 } 3151 3152 if (issnap) 3153 return (EINVAL); 3154 3155 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 3156 /* 3157 * dsl_prop_get_all_impl() returns properties in this 3158 * format. 3159 */ 3160 nvlist_t *attrs; 3161 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 3162 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 3163 &pair) == 0); 3164 } 3165 3166 /* 3167 * Check that this value is valid for this pool version 3168 */ 3169 switch (prop) { 3170 case ZFS_PROP_COMPRESSION: 3171 /* 3172 * If the user specified gzip compression, make sure 3173 * the SPA supports it. We ignore any errors here since 3174 * we'll catch them later. 3175 */ 3176 if (nvpair_type(pair) == DATA_TYPE_UINT64 && 3177 nvpair_value_uint64(pair, &intval) == 0) { 3178 if (intval >= ZIO_COMPRESS_GZIP_1 && 3179 intval <= ZIO_COMPRESS_GZIP_9 && 3180 zfs_earlier_version(dsname, 3181 SPA_VERSION_GZIP_COMPRESSION)) { 3182 return (ENOTSUP); 3183 } 3184 3185 if (intval == ZIO_COMPRESS_ZLE && 3186 zfs_earlier_version(dsname, 3187 SPA_VERSION_ZLE_COMPRESSION)) 3188 return (ENOTSUP); 3189 3190 /* 3191 * If this is a bootable dataset then 3192 * verify that the compression algorithm 3193 * is supported for booting. We must return 3194 * something other than ENOTSUP since it 3195 * implies a downrev pool version. 3196 */ 3197 if (zfs_is_bootfs(dsname) && 3198 !BOOTFS_COMPRESS_VALID(intval)) { 3199 return (ERANGE); 3200 } 3201 } 3202 break; 3203 3204 case ZFS_PROP_COPIES: 3205 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS)) 3206 return (ENOTSUP); 3207 break; 3208 3209 case ZFS_PROP_DEDUP: 3210 if (zfs_earlier_version(dsname, SPA_VERSION_DEDUP)) 3211 return (ENOTSUP); 3212 break; 3213 3214 case ZFS_PROP_SHARESMB: 3215 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID)) 3216 return (ENOTSUP); 3217 break; 3218 3219 case ZFS_PROP_ACLINHERIT: 3220 if (nvpair_type(pair) == DATA_TYPE_UINT64 && 3221 nvpair_value_uint64(pair, &intval) == 0) { 3222 if (intval == ZFS_ACL_PASSTHROUGH_X && 3223 zfs_earlier_version(dsname, 3224 SPA_VERSION_PASSTHROUGH_X)) 3225 return (ENOTSUP); 3226 } 3227 break; 3228 } 3229 3230 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED())); 3231 } 3232 3233 /* 3234 * Removes properties from the given props list that fail permission checks 3235 * needed to clear them and to restore them in case of a receive error. For each 3236 * property, make sure we have both set and inherit permissions. 3237 * 3238 * Returns the first error encountered if any permission checks fail. If the 3239 * caller provides a non-NULL errlist, it also gives the complete list of names 3240 * of all the properties that failed a permission check along with the 3241 * corresponding error numbers. The caller is responsible for freeing the 3242 * returned errlist. 3243 * 3244 * If every property checks out successfully, zero is returned and the list 3245 * pointed at by errlist is NULL. 3246 */ 3247 static int 3248 zfs_check_clearable(char *dataset, nvlist_t *props, nvlist_t **errlist) 3249 { 3250 zfs_cmd_t *zc; 3251 nvpair_t *pair, *next_pair; 3252 nvlist_t *errors; 3253 int err, rv = 0; 3254 3255 if (props == NULL) 3256 return (0); 3257 3258 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0); 3259 3260 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP); 3261 (void) strcpy(zc->zc_name, dataset); 3262 pair = nvlist_next_nvpair(props, NULL); 3263 while (pair != NULL) { 3264 next_pair = nvlist_next_nvpair(props, pair); 3265 3266 (void) strcpy(zc->zc_value, nvpair_name(pair)); 3267 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 || 3268 (err = zfs_secpolicy_inherit(zc, CRED())) != 0) { 3269 VERIFY(nvlist_remove_nvpair(props, pair) == 0); 3270 VERIFY(nvlist_add_int32(errors, 3271 zc->zc_value, err) == 0); 3272 } 3273 pair = next_pair; 3274 } 3275 kmem_free(zc, sizeof (zfs_cmd_t)); 3276 3277 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) { 3278 nvlist_free(errors); 3279 errors = NULL; 3280 } else { 3281 VERIFY(nvpair_value_int32(pair, &rv) == 0); 3282 } 3283 3284 if (errlist == NULL) 3285 nvlist_free(errors); 3286 else 3287 *errlist = errors; 3288 3289 return (rv); 3290 } 3291 3292 static boolean_t 3293 propval_equals(nvpair_t *p1, nvpair_t *p2) 3294 { 3295 if (nvpair_type(p1) == DATA_TYPE_NVLIST) { 3296 /* dsl_prop_get_all_impl() format */ 3297 nvlist_t *attrs; 3298 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0); 3299 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 3300 &p1) == 0); 3301 } 3302 3303 if (nvpair_type(p2) == DATA_TYPE_NVLIST) { 3304 nvlist_t *attrs; 3305 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0); 3306 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 3307 &p2) == 0); 3308 } 3309 3310 if (nvpair_type(p1) != nvpair_type(p2)) 3311 return (B_FALSE); 3312 3313 if (nvpair_type(p1) == DATA_TYPE_STRING) { 3314 char *valstr1, *valstr2; 3315 3316 VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0); 3317 VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0); 3318 return (strcmp(valstr1, valstr2) == 0); 3319 } else { 3320 uint64_t intval1, intval2; 3321 3322 VERIFY(nvpair_value_uint64(p1, &intval1) == 0); 3323 VERIFY(nvpair_value_uint64(p2, &intval2) == 0); 3324 return (intval1 == intval2); 3325 } 3326 } 3327 3328 /* 3329 * Remove properties from props if they are not going to change (as determined 3330 * by comparison with origprops). Remove them from origprops as well, since we 3331 * do not need to clear or restore properties that won't change. 3332 */ 3333 static void 3334 props_reduce(nvlist_t *props, nvlist_t *origprops) 3335 { 3336 nvpair_t *pair, *next_pair; 3337 3338 if (origprops == NULL) 3339 return; /* all props need to be received */ 3340 3341 pair = nvlist_next_nvpair(props, NULL); 3342 while (pair != NULL) { 3343 const char *propname = nvpair_name(pair); 3344 nvpair_t *match; 3345 3346 next_pair = nvlist_next_nvpair(props, pair); 3347 3348 if ((nvlist_lookup_nvpair(origprops, propname, 3349 &match) != 0) || !propval_equals(pair, match)) 3350 goto next; /* need to set received value */ 3351 3352 /* don't clear the existing received value */ 3353 (void) nvlist_remove_nvpair(origprops, match); 3354 /* don't bother receiving the property */ 3355 (void) nvlist_remove_nvpair(props, pair); 3356 next: 3357 pair = next_pair; 3358 } 3359 } 3360 3361 #ifdef DEBUG 3362 static boolean_t zfs_ioc_recv_inject_err; 3363 #endif 3364 3365 /* 3366 * inputs: 3367 * zc_name name of containing filesystem 3368 * zc_nvlist_src{_size} nvlist of properties to apply 3369 * zc_value name of snapshot to create 3370 * zc_string name of clone origin (if DRR_FLAG_CLONE) 3371 * zc_cookie file descriptor to recv from 3372 * zc_begin_record the BEGIN record of the stream (not byteswapped) 3373 * zc_guid force flag 3374 * 3375 * outputs: 3376 * zc_cookie number of bytes read 3377 * zc_nvlist_dst{_size} error for each unapplied received property 3378 * zc_obj zprop_errflags_t 3379 */ 3380 static int 3381 zfs_ioc_recv(zfs_cmd_t *zc) 3382 { 3383 file_t *fp; 3384 objset_t *os; 3385 dmu_recv_cookie_t drc; 3386 boolean_t force = (boolean_t)zc->zc_guid; 3387 int fd; 3388 int error = 0; 3389 int props_error = 0; 3390 nvlist_t *errors; 3391 offset_t off; 3392 nvlist_t *props = NULL; /* sent properties */ 3393 nvlist_t *origprops = NULL; /* existing properties */ 3394 objset_t *origin = NULL; 3395 char *tosnap; 3396 char tofs[ZFS_MAXNAMELEN]; 3397 boolean_t first_recvd_props = B_FALSE; 3398 3399 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 || 3400 strchr(zc->zc_value, '@') == NULL || 3401 strchr(zc->zc_value, '%')) 3402 return (EINVAL); 3403 3404 (void) strcpy(tofs, zc->zc_value); 3405 tosnap = strchr(tofs, '@'); 3406 *tosnap++ = '\0'; 3407 3408 if (zc->zc_nvlist_src != NULL && 3409 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 3410 zc->zc_iflags, &props)) != 0) 3411 return (error); 3412 3413 fd = zc->zc_cookie; 3414 fp = getf(fd); 3415 if (fp == NULL) { 3416 nvlist_free(props); 3417 return (EBADF); 3418 } 3419 3420 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0); 3421 3422 if (props && dmu_objset_hold(tofs, FTAG, &os) == 0) { 3423 if ((spa_version(os->os_spa) >= SPA_VERSION_RECVD_PROPS) && 3424 !dsl_prop_get_hasrecvd(os)) { 3425 first_recvd_props = B_TRUE; 3426 } 3427 3428 /* 3429 * If new received properties are supplied, they are to 3430 * completely replace the existing received properties, so stash 3431 * away the existing ones. 3432 */ 3433 if (dsl_prop_get_received(os, &origprops) == 0) { 3434 nvlist_t *errlist = NULL; 3435 /* 3436 * Don't bother writing a property if its value won't 3437 * change (and avoid the unnecessary security checks). 3438 * 3439 * The first receive after SPA_VERSION_RECVD_PROPS is a 3440 * special case where we blow away all local properties 3441 * regardless. 3442 */ 3443 if (!first_recvd_props) 3444 props_reduce(props, origprops); 3445 if (zfs_check_clearable(tofs, origprops, 3446 &errlist) != 0) 3447 (void) nvlist_merge(errors, errlist, 0); 3448 nvlist_free(errlist); 3449 } 3450 3451 dmu_objset_rele(os, FTAG); 3452 } 3453 3454 if (zc->zc_string[0]) { 3455 error = dmu_objset_hold(zc->zc_string, FTAG, &origin); 3456 if (error) 3457 goto out; 3458 } 3459 3460 error = dmu_recv_begin(tofs, tosnap, zc->zc_top_ds, 3461 &zc->zc_begin_record, force, origin, &drc); 3462 if (origin) 3463 dmu_objset_rele(origin, FTAG); 3464 if (error) 3465 goto out; 3466 3467 /* 3468 * Set properties before we receive the stream so that they are applied 3469 * to the new data. Note that we must call dmu_recv_stream() if 3470 * dmu_recv_begin() succeeds. 3471 */ 3472 if (props) { 3473 nvlist_t *errlist; 3474 3475 if (dmu_objset_from_ds(drc.drc_logical_ds, &os) == 0) { 3476 if (drc.drc_newfs) { 3477 if (spa_version(os->os_spa) >= 3478 SPA_VERSION_RECVD_PROPS) 3479 first_recvd_props = B_TRUE; 3480 } else if (origprops != NULL) { 3481 if (clear_received_props(os, tofs, origprops, 3482 first_recvd_props ? NULL : props) != 0) 3483 zc->zc_obj |= ZPROP_ERR_NOCLEAR; 3484 } else { 3485 zc->zc_obj |= ZPROP_ERR_NOCLEAR; 3486 } 3487 dsl_prop_set_hasrecvd(os); 3488 } else if (!drc.drc_newfs) { 3489 zc->zc_obj |= ZPROP_ERR_NOCLEAR; 3490 } 3491 3492 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED, 3493 props, &errlist); 3494 (void) nvlist_merge(errors, errlist, 0); 3495 nvlist_free(errlist); 3496 } 3497 3498 if (fit_error_list(zc, &errors) != 0 || put_nvlist(zc, errors) != 0) { 3499 /* 3500 * Caller made zc->zc_nvlist_dst less than the minimum expected 3501 * size or supplied an invalid address. 3502 */ 3503 props_error = EINVAL; 3504 } 3505 3506 off = fp->f_offset; 3507 error = dmu_recv_stream(&drc, fp->f_vnode, &off); 3508 3509 if (error == 0) { 3510 zfsvfs_t *zfsvfs = NULL; 3511 3512 if (getzfsvfs(tofs, &zfsvfs) == 0) { 3513 /* online recv */ 3514 int end_err; 3515 3516 error = zfs_suspend_fs(zfsvfs); 3517 /* 3518 * If the suspend fails, then the recv_end will 3519 * likely also fail, and clean up after itself. 3520 */ 3521 end_err = dmu_recv_end(&drc); 3522 if (error == 0) { 3523 int resume_err = 3524 zfs_resume_fs(zfsvfs, tofs); 3525 error = error ? error : resume_err; 3526 } 3527 error = error ? error : end_err; 3528 VFS_RELE(zfsvfs->z_vfs); 3529 } else { 3530 error = dmu_recv_end(&drc); 3531 } 3532 } 3533 3534 zc->zc_cookie = off - fp->f_offset; 3535 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0) 3536 fp->f_offset = off; 3537 3538 #ifdef DEBUG 3539 if (zfs_ioc_recv_inject_err) { 3540 zfs_ioc_recv_inject_err = B_FALSE; 3541 error = 1; 3542 } 3543 #endif 3544 /* 3545 * On error, restore the original props. 3546 */ 3547 if (error && props) { 3548 if (dmu_objset_hold(tofs, FTAG, &os) == 0) { 3549 if (clear_received_props(os, tofs, props, NULL) != 0) { 3550 /* 3551 * We failed to clear the received properties. 3552 * Since we may have left a $recvd value on the 3553 * system, we can't clear the $hasrecvd flag. 3554 */ 3555 zc->zc_obj |= ZPROP_ERR_NORESTORE; 3556 } else if (first_recvd_props) { 3557 dsl_prop_unset_hasrecvd(os); 3558 } 3559 dmu_objset_rele(os, FTAG); 3560 } else if (!drc.drc_newfs) { 3561 /* We failed to clear the received properties. */ 3562 zc->zc_obj |= ZPROP_ERR_NORESTORE; 3563 } 3564 3565 if (origprops == NULL && !drc.drc_newfs) { 3566 /* We failed to stash the original properties. */ 3567 zc->zc_obj |= ZPROP_ERR_NORESTORE; 3568 } 3569 3570 /* 3571 * dsl_props_set() will not convert RECEIVED to LOCAL on or 3572 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL 3573 * explictly if we're restoring local properties cleared in the 3574 * first new-style receive. 3575 */ 3576 if (origprops != NULL && 3577 zfs_set_prop_nvlist(tofs, (first_recvd_props ? 3578 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED), 3579 origprops, NULL) != 0) { 3580 /* 3581 * We stashed the original properties but failed to 3582 * restore them. 3583 */ 3584 zc->zc_obj |= ZPROP_ERR_NORESTORE; 3585 } 3586 } 3587 out: 3588 nvlist_free(props); 3589 nvlist_free(origprops); 3590 nvlist_free(errors); 3591 releasef(fd); 3592 3593 if (error == 0) 3594 error = props_error; 3595 3596 return (error); 3597 } 3598 3599 /* 3600 * inputs: 3601 * zc_name name of snapshot to send 3602 * zc_value short name of incremental fromsnap (may be empty) 3603 * zc_cookie file descriptor to send stream to 3604 * zc_obj fromorigin flag (mutually exclusive with zc_value) 3605 * 3606 * outputs: none 3607 */ 3608 static int 3609 zfs_ioc_send(zfs_cmd_t *zc) 3610 { 3611 objset_t *fromsnap = NULL; 3612 objset_t *tosnap; 3613 file_t *fp; 3614 int error; 3615 offset_t off; 3616 3617 error = dmu_objset_hold(zc->zc_name, FTAG, &tosnap); 3618 if (error) 3619 return (error); 3620 3621 if (zc->zc_value[0] != '\0') { 3622 char *buf; 3623 char *cp; 3624 3625 buf = kmem_alloc(MAXPATHLEN, KM_SLEEP); 3626 (void) strncpy(buf, zc->zc_name, MAXPATHLEN); 3627 cp = strchr(buf, '@'); 3628 if (cp) 3629 *(cp+1) = 0; 3630 (void) strncat(buf, zc->zc_value, MAXPATHLEN); 3631 error = dmu_objset_hold(buf, FTAG, &fromsnap); 3632 kmem_free(buf, MAXPATHLEN); 3633 if (error) { 3634 dmu_objset_rele(tosnap, FTAG); 3635 return (error); 3636 } 3637 } 3638 3639 fp = getf(zc->zc_cookie); 3640 if (fp == NULL) { 3641 dmu_objset_rele(tosnap, FTAG); 3642 if (fromsnap) 3643 dmu_objset_rele(fromsnap, FTAG); 3644 return (EBADF); 3645 } 3646 3647 off = fp->f_offset; 3648 error = dmu_sendbackup(tosnap, fromsnap, zc->zc_obj, fp->f_vnode, &off); 3649 3650 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0) 3651 fp->f_offset = off; 3652 releasef(zc->zc_cookie); 3653 if (fromsnap) 3654 dmu_objset_rele(fromsnap, FTAG); 3655 dmu_objset_rele(tosnap, FTAG); 3656 return (error); 3657 } 3658 3659 static int 3660 zfs_ioc_inject_fault(zfs_cmd_t *zc) 3661 { 3662 int id, error; 3663 3664 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id, 3665 &zc->zc_inject_record); 3666 3667 if (error == 0) 3668 zc->zc_guid = (uint64_t)id; 3669 3670 return (error); 3671 } 3672 3673 static int 3674 zfs_ioc_clear_fault(zfs_cmd_t *zc) 3675 { 3676 return (zio_clear_fault((int)zc->zc_guid)); 3677 } 3678 3679 static int 3680 zfs_ioc_inject_list_next(zfs_cmd_t *zc) 3681 { 3682 int id = (int)zc->zc_guid; 3683 int error; 3684 3685 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name), 3686 &zc->zc_inject_record); 3687 3688 zc->zc_guid = id; 3689 3690 return (error); 3691 } 3692 3693 static int 3694 zfs_ioc_error_log(zfs_cmd_t *zc) 3695 { 3696 spa_t *spa; 3697 int error; 3698 size_t count = (size_t)zc->zc_nvlist_dst_size; 3699 3700 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 3701 return (error); 3702 3703 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst, 3704 &count); 3705 if (error == 0) 3706 zc->zc_nvlist_dst_size = count; 3707 else 3708 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa); 3709 3710 spa_close(spa, FTAG); 3711 3712 return (error); 3713 } 3714 3715 static int 3716 zfs_ioc_clear(zfs_cmd_t *zc) 3717 { 3718 spa_t *spa; 3719 vdev_t *vd; 3720 int error; 3721 3722 /* 3723 * On zpool clear we also fix up missing slogs 3724 */ 3725 mutex_enter(&spa_namespace_lock); 3726 spa = spa_lookup(zc->zc_name); 3727 if (spa == NULL) { 3728 mutex_exit(&spa_namespace_lock); 3729 return (EIO); 3730 } 3731 if (spa_get_log_state(spa) == SPA_LOG_MISSING) { 3732 /* we need to let spa_open/spa_load clear the chains */ 3733 spa_set_log_state(spa, SPA_LOG_CLEAR); 3734 } 3735 spa->spa_last_open_failed = 0; 3736 mutex_exit(&spa_namespace_lock); 3737 3738 if (zc->zc_cookie == ZPOOL_NO_REWIND) { 3739 error = spa_open(zc->zc_name, &spa, FTAG); 3740 } else { 3741 nvlist_t *policy; 3742 nvlist_t *config = NULL; 3743 3744 if (zc->zc_nvlist_src == NULL) 3745 return (EINVAL); 3746 3747 if ((error = get_nvlist(zc->zc_nvlist_src, 3748 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) { 3749 error = spa_open_rewind(zc->zc_name, &spa, FTAG, 3750 policy, &config); 3751 if (config != NULL) { 3752 (void) put_nvlist(zc, config); 3753 nvlist_free(config); 3754 } 3755 nvlist_free(policy); 3756 } 3757 } 3758 3759 if (error) 3760 return (error); 3761 3762 spa_vdev_state_enter(spa, SCL_NONE); 3763 3764 if (zc->zc_guid == 0) { 3765 vd = NULL; 3766 } else { 3767 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE); 3768 if (vd == NULL) { 3769 (void) spa_vdev_state_exit(spa, NULL, ENODEV); 3770 spa_close(spa, FTAG); 3771 return (ENODEV); 3772 } 3773 } 3774 3775 vdev_clear(spa, vd); 3776 3777 (void) spa_vdev_state_exit(spa, NULL, 0); 3778 3779 /* 3780 * Resume any suspended I/Os. 3781 */ 3782 if (zio_resume(spa) != 0) 3783 error = EIO; 3784 3785 spa_close(spa, FTAG); 3786 3787 return (error); 3788 } 3789 3790 /* 3791 * inputs: 3792 * zc_name name of filesystem 3793 * zc_value name of origin snapshot 3794 * 3795 * outputs: 3796 * zc_string name of conflicting snapshot, if there is one 3797 */ 3798 static int 3799 zfs_ioc_promote(zfs_cmd_t *zc) 3800 { 3801 char *cp; 3802 3803 /* 3804 * We don't need to unmount *all* the origin fs's snapshots, but 3805 * it's easier. 3806 */ 3807 cp = strchr(zc->zc_value, '@'); 3808 if (cp) 3809 *cp = '\0'; 3810 (void) dmu_objset_find(zc->zc_value, 3811 zfs_unmount_snap, NULL, DS_FIND_SNAPSHOTS); 3812 return (dsl_dataset_promote(zc->zc_name, zc->zc_string)); 3813 } 3814 3815 /* 3816 * Retrieve a single {user|group}{used|quota}@... property. 3817 * 3818 * inputs: 3819 * zc_name name of filesystem 3820 * zc_objset_type zfs_userquota_prop_t 3821 * zc_value domain name (eg. "S-1-234-567-89") 3822 * zc_guid RID/UID/GID 3823 * 3824 * outputs: 3825 * zc_cookie property value 3826 */ 3827 static int 3828 zfs_ioc_userspace_one(zfs_cmd_t *zc) 3829 { 3830 zfsvfs_t *zfsvfs; 3831 int error; 3832 3833 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 3834 return (EINVAL); 3835 3836 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs); 3837 if (error) 3838 return (error); 3839 3840 error = zfs_userspace_one(zfsvfs, 3841 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie); 3842 zfsvfs_rele(zfsvfs, FTAG); 3843 3844 return (error); 3845 } 3846 3847 /* 3848 * inputs: 3849 * zc_name name of filesystem 3850 * zc_cookie zap cursor 3851 * zc_objset_type zfs_userquota_prop_t 3852 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist) 3853 * 3854 * outputs: 3855 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t) 3856 * zc_cookie zap cursor 3857 */ 3858 static int 3859 zfs_ioc_userspace_many(zfs_cmd_t *zc) 3860 { 3861 zfsvfs_t *zfsvfs; 3862 int error; 3863 3864 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs); 3865 if (error) 3866 return (error); 3867 3868 int bufsize = zc->zc_nvlist_dst_size; 3869 void *buf = kmem_alloc(bufsize, KM_SLEEP); 3870 3871 error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie, 3872 buf, &zc->zc_nvlist_dst_size); 3873 3874 if (error == 0) { 3875 error = xcopyout(buf, 3876 (void *)(uintptr_t)zc->zc_nvlist_dst, 3877 zc->zc_nvlist_dst_size); 3878 } 3879 kmem_free(buf, bufsize); 3880 zfsvfs_rele(zfsvfs, FTAG); 3881 3882 return (error); 3883 } 3884 3885 /* 3886 * inputs: 3887 * zc_name name of filesystem 3888 * 3889 * outputs: 3890 * none 3891 */ 3892 static int 3893 zfs_ioc_userspace_upgrade(zfs_cmd_t *zc) 3894 { 3895 objset_t *os; 3896 int error = 0; 3897 zfsvfs_t *zfsvfs; 3898 3899 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) { 3900 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) { 3901 /* 3902 * If userused is not enabled, it may be because the 3903 * objset needs to be closed & reopened (to grow the 3904 * objset_phys_t). Suspend/resume the fs will do that. 3905 */ 3906 error = zfs_suspend_fs(zfsvfs); 3907 if (error == 0) 3908 error = zfs_resume_fs(zfsvfs, zc->zc_name); 3909 } 3910 if (error == 0) 3911 error = dmu_objset_userspace_upgrade(zfsvfs->z_os); 3912 VFS_RELE(zfsvfs->z_vfs); 3913 } else { 3914 /* XXX kind of reading contents without owning */ 3915 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 3916 if (error) 3917 return (error); 3918 3919 error = dmu_objset_userspace_upgrade(os); 3920 dmu_objset_rele(os, FTAG); 3921 } 3922 3923 return (error); 3924 } 3925 3926 /* 3927 * We don't want to have a hard dependency 3928 * against some special symbols in sharefs 3929 * nfs, and smbsrv. Determine them if needed when 3930 * the first file system is shared. 3931 * Neither sharefs, nfs or smbsrv are unloadable modules. 3932 */ 3933 int (*znfsexport_fs)(void *arg); 3934 int (*zshare_fs)(enum sharefs_sys_op, share_t *, uint32_t); 3935 int (*zsmbexport_fs)(void *arg, boolean_t add_share); 3936 3937 int zfs_nfsshare_inited; 3938 int zfs_smbshare_inited; 3939 3940 ddi_modhandle_t nfs_mod; 3941 ddi_modhandle_t sharefs_mod; 3942 ddi_modhandle_t smbsrv_mod; 3943 kmutex_t zfs_share_lock; 3944 3945 static int 3946 zfs_init_sharefs() 3947 { 3948 int error; 3949 3950 ASSERT(MUTEX_HELD(&zfs_share_lock)); 3951 /* Both NFS and SMB shares also require sharetab support. */ 3952 if (sharefs_mod == NULL && ((sharefs_mod = 3953 ddi_modopen("fs/sharefs", 3954 KRTLD_MODE_FIRST, &error)) == NULL)) { 3955 return (ENOSYS); 3956 } 3957 if (zshare_fs == NULL && ((zshare_fs = 3958 (int (*)(enum sharefs_sys_op, share_t *, uint32_t)) 3959 ddi_modsym(sharefs_mod, "sharefs_impl", &error)) == NULL)) { 3960 return (ENOSYS); 3961 } 3962 return (0); 3963 } 3964 3965 static int 3966 zfs_ioc_share(zfs_cmd_t *zc) 3967 { 3968 int error; 3969 int opcode; 3970 3971 switch (zc->zc_share.z_sharetype) { 3972 case ZFS_SHARE_NFS: 3973 case ZFS_UNSHARE_NFS: 3974 if (zfs_nfsshare_inited == 0) { 3975 mutex_enter(&zfs_share_lock); 3976 if (nfs_mod == NULL && ((nfs_mod = ddi_modopen("fs/nfs", 3977 KRTLD_MODE_FIRST, &error)) == NULL)) { 3978 mutex_exit(&zfs_share_lock); 3979 return (ENOSYS); 3980 } 3981 if (znfsexport_fs == NULL && 3982 ((znfsexport_fs = (int (*)(void *)) 3983 ddi_modsym(nfs_mod, 3984 "nfs_export", &error)) == NULL)) { 3985 mutex_exit(&zfs_share_lock); 3986 return (ENOSYS); 3987 } 3988 error = zfs_init_sharefs(); 3989 if (error) { 3990 mutex_exit(&zfs_share_lock); 3991 return (ENOSYS); 3992 } 3993 zfs_nfsshare_inited = 1; 3994 mutex_exit(&zfs_share_lock); 3995 } 3996 break; 3997 case ZFS_SHARE_SMB: 3998 case ZFS_UNSHARE_SMB: 3999 if (zfs_smbshare_inited == 0) { 4000 mutex_enter(&zfs_share_lock); 4001 if (smbsrv_mod == NULL && ((smbsrv_mod = 4002 ddi_modopen("drv/smbsrv", 4003 KRTLD_MODE_FIRST, &error)) == NULL)) { 4004 mutex_exit(&zfs_share_lock); 4005 return (ENOSYS); 4006 } 4007 if (zsmbexport_fs == NULL && ((zsmbexport_fs = 4008 (int (*)(void *, boolean_t))ddi_modsym(smbsrv_mod, 4009 "smb_server_share", &error)) == NULL)) { 4010 mutex_exit(&zfs_share_lock); 4011 return (ENOSYS); 4012 } 4013 error = zfs_init_sharefs(); 4014 if (error) { 4015 mutex_exit(&zfs_share_lock); 4016 return (ENOSYS); 4017 } 4018 zfs_smbshare_inited = 1; 4019 mutex_exit(&zfs_share_lock); 4020 } 4021 break; 4022 default: 4023 return (EINVAL); 4024 } 4025 4026 switch (zc->zc_share.z_sharetype) { 4027 case ZFS_SHARE_NFS: 4028 case ZFS_UNSHARE_NFS: 4029 if (error = 4030 znfsexport_fs((void *) 4031 (uintptr_t)zc->zc_share.z_exportdata)) 4032 return (error); 4033 break; 4034 case ZFS_SHARE_SMB: 4035 case ZFS_UNSHARE_SMB: 4036 if (error = zsmbexport_fs((void *) 4037 (uintptr_t)zc->zc_share.z_exportdata, 4038 zc->zc_share.z_sharetype == ZFS_SHARE_SMB ? 4039 B_TRUE: B_FALSE)) { 4040 return (error); 4041 } 4042 break; 4043 } 4044 4045 opcode = (zc->zc_share.z_sharetype == ZFS_SHARE_NFS || 4046 zc->zc_share.z_sharetype == ZFS_SHARE_SMB) ? 4047 SHAREFS_ADD : SHAREFS_REMOVE; 4048 4049 /* 4050 * Add or remove share from sharetab 4051 */ 4052 error = zshare_fs(opcode, 4053 (void *)(uintptr_t)zc->zc_share.z_sharedata, 4054 zc->zc_share.z_sharemax); 4055 4056 return (error); 4057 4058 } 4059 4060 ace_t full_access[] = { 4061 {(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0} 4062 }; 4063 4064 /* 4065 * Remove all ACL files in shares dir 4066 */ 4067 static int 4068 zfs_smb_acl_purge(znode_t *dzp) 4069 { 4070 zap_cursor_t zc; 4071 zap_attribute_t zap; 4072 zfsvfs_t *zfsvfs = dzp->z_zfsvfs; 4073 int error; 4074 4075 for (zap_cursor_init(&zc, zfsvfs->z_os, dzp->z_id); 4076 (error = zap_cursor_retrieve(&zc, &zap)) == 0; 4077 zap_cursor_advance(&zc)) { 4078 if ((error = VOP_REMOVE(ZTOV(dzp), zap.za_name, kcred, 4079 NULL, 0)) != 0) 4080 break; 4081 } 4082 zap_cursor_fini(&zc); 4083 return (error); 4084 } 4085 4086 static int 4087 zfs_ioc_smb_acl(zfs_cmd_t *zc) 4088 { 4089 vnode_t *vp; 4090 znode_t *dzp; 4091 vnode_t *resourcevp = NULL; 4092 znode_t *sharedir; 4093 zfsvfs_t *zfsvfs; 4094 nvlist_t *nvlist; 4095 char *src, *target; 4096 vattr_t vattr; 4097 vsecattr_t vsec; 4098 int error = 0; 4099 4100 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE, 4101 NO_FOLLOW, NULL, &vp)) != 0) 4102 return (error); 4103 4104 /* Now make sure mntpnt and dataset are ZFS */ 4105 4106 if (vp->v_vfsp->vfs_fstype != zfsfstype || 4107 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource), 4108 zc->zc_name) != 0)) { 4109 VN_RELE(vp); 4110 return (EINVAL); 4111 } 4112 4113 dzp = VTOZ(vp); 4114 zfsvfs = dzp->z_zfsvfs; 4115 ZFS_ENTER(zfsvfs); 4116 4117 /* 4118 * Create share dir if its missing. 4119 */ 4120 mutex_enter(&zfsvfs->z_lock); 4121 if (zfsvfs->z_shares_dir == 0) { 4122 dmu_tx_t *tx; 4123 4124 tx = dmu_tx_create(zfsvfs->z_os); 4125 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, TRUE, 4126 ZFS_SHARES_DIR); 4127 dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL); 4128 error = dmu_tx_assign(tx, TXG_WAIT); 4129 if (error) { 4130 dmu_tx_abort(tx); 4131 } else { 4132 error = zfs_create_share_dir(zfsvfs, tx); 4133 dmu_tx_commit(tx); 4134 } 4135 if (error) { 4136 mutex_exit(&zfsvfs->z_lock); 4137 VN_RELE(vp); 4138 ZFS_EXIT(zfsvfs); 4139 return (error); 4140 } 4141 } 4142 mutex_exit(&zfsvfs->z_lock); 4143 4144 ASSERT(zfsvfs->z_shares_dir); 4145 if ((error = zfs_zget(zfsvfs, zfsvfs->z_shares_dir, &sharedir)) != 0) { 4146 VN_RELE(vp); 4147 ZFS_EXIT(zfsvfs); 4148 return (error); 4149 } 4150 4151 switch (zc->zc_cookie) { 4152 case ZFS_SMB_ACL_ADD: 4153 vattr.va_mask = AT_MODE|AT_UID|AT_GID|AT_TYPE; 4154 vattr.va_type = VREG; 4155 vattr.va_mode = S_IFREG|0777; 4156 vattr.va_uid = 0; 4157 vattr.va_gid = 0; 4158 4159 vsec.vsa_mask = VSA_ACE; 4160 vsec.vsa_aclentp = &full_access; 4161 vsec.vsa_aclentsz = sizeof (full_access); 4162 vsec.vsa_aclcnt = 1; 4163 4164 error = VOP_CREATE(ZTOV(sharedir), zc->zc_string, 4165 &vattr, EXCL, 0, &resourcevp, kcred, 0, NULL, &vsec); 4166 if (resourcevp) 4167 VN_RELE(resourcevp); 4168 break; 4169 4170 case ZFS_SMB_ACL_REMOVE: 4171 error = VOP_REMOVE(ZTOV(sharedir), zc->zc_string, kcred, 4172 NULL, 0); 4173 break; 4174 4175 case ZFS_SMB_ACL_RENAME: 4176 if ((error = get_nvlist(zc->zc_nvlist_src, 4177 zc->zc_nvlist_src_size, zc->zc_iflags, &nvlist)) != 0) { 4178 VN_RELE(vp); 4179 ZFS_EXIT(zfsvfs); 4180 return (error); 4181 } 4182 if (nvlist_lookup_string(nvlist, ZFS_SMB_ACL_SRC, &src) || 4183 nvlist_lookup_string(nvlist, ZFS_SMB_ACL_TARGET, 4184 &target)) { 4185 VN_RELE(vp); 4186 VN_RELE(ZTOV(sharedir)); 4187 ZFS_EXIT(zfsvfs); 4188 nvlist_free(nvlist); 4189 return (error); 4190 } 4191 error = VOP_RENAME(ZTOV(sharedir), src, ZTOV(sharedir), target, 4192 kcred, NULL, 0); 4193 nvlist_free(nvlist); 4194 break; 4195 4196 case ZFS_SMB_ACL_PURGE: 4197 error = zfs_smb_acl_purge(sharedir); 4198 break; 4199 4200 default: 4201 error = EINVAL; 4202 break; 4203 } 4204 4205 VN_RELE(vp); 4206 VN_RELE(ZTOV(sharedir)); 4207 4208 ZFS_EXIT(zfsvfs); 4209 4210 return (error); 4211 } 4212 4213 /* 4214 * inputs: 4215 * zc_name name of filesystem 4216 * zc_value short name of snap 4217 * zc_string user-supplied tag for this reference 4218 * zc_cookie recursive flag 4219 * zc_temphold set if hold is temporary 4220 * 4221 * outputs: none 4222 */ 4223 static int 4224 zfs_ioc_hold(zfs_cmd_t *zc) 4225 { 4226 boolean_t recursive = zc->zc_cookie; 4227 4228 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0) 4229 return (EINVAL); 4230 4231 return (dsl_dataset_user_hold(zc->zc_name, zc->zc_value, 4232 zc->zc_string, recursive, zc->zc_temphold)); 4233 } 4234 4235 /* 4236 * inputs: 4237 * zc_name name of dataset from which we're releasing a user reference 4238 * zc_value short name of snap 4239 * zc_string user-supplied tag for this reference 4240 * zc_cookie recursive flag 4241 * 4242 * outputs: none 4243 */ 4244 static int 4245 zfs_ioc_release(zfs_cmd_t *zc) 4246 { 4247 boolean_t recursive = zc->zc_cookie; 4248 4249 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0) 4250 return (EINVAL); 4251 4252 return (dsl_dataset_user_release(zc->zc_name, zc->zc_value, 4253 zc->zc_string, recursive)); 4254 } 4255 4256 /* 4257 * inputs: 4258 * zc_name name of filesystem 4259 * 4260 * outputs: 4261 * zc_nvlist_src{_size} nvlist of snapshot holds 4262 */ 4263 static int 4264 zfs_ioc_get_holds(zfs_cmd_t *zc) 4265 { 4266 nvlist_t *nvp; 4267 int error; 4268 4269 if ((error = dsl_dataset_get_holds(zc->zc_name, &nvp)) == 0) { 4270 error = put_nvlist(zc, nvp); 4271 nvlist_free(nvp); 4272 } 4273 4274 return (error); 4275 } 4276 4277 /* 4278 * pool create, destroy, and export don't log the history as part of 4279 * zfsdev_ioctl, but rather zfs_ioc_pool_create, and zfs_ioc_pool_export 4280 * do the logging of those commands. 4281 */ 4282 static zfs_ioc_vec_t zfs_ioc_vec[] = { 4283 { zfs_ioc_pool_create, zfs_secpolicy_config, POOL_NAME, B_FALSE, 4284 B_FALSE }, 4285 { zfs_ioc_pool_destroy, zfs_secpolicy_config, POOL_NAME, B_FALSE, 4286 B_FALSE }, 4287 { zfs_ioc_pool_import, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4288 B_FALSE }, 4289 { zfs_ioc_pool_export, zfs_secpolicy_config, POOL_NAME, B_FALSE, 4290 B_FALSE }, 4291 { zfs_ioc_pool_configs, zfs_secpolicy_none, NO_NAME, B_FALSE, 4292 B_FALSE }, 4293 { zfs_ioc_pool_stats, zfs_secpolicy_read, POOL_NAME, B_FALSE, 4294 B_FALSE }, 4295 { zfs_ioc_pool_tryimport, zfs_secpolicy_config, NO_NAME, B_FALSE, 4296 B_FALSE }, 4297 { zfs_ioc_pool_scrub, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4298 B_TRUE }, 4299 { zfs_ioc_pool_freeze, zfs_secpolicy_config, NO_NAME, B_FALSE, 4300 B_FALSE }, 4301 { zfs_ioc_pool_upgrade, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4302 B_TRUE }, 4303 { zfs_ioc_pool_get_history, zfs_secpolicy_config, POOL_NAME, B_FALSE, 4304 B_FALSE }, 4305 { zfs_ioc_vdev_add, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4306 B_TRUE }, 4307 { zfs_ioc_vdev_remove, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4308 B_TRUE }, 4309 { zfs_ioc_vdev_set_state, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4310 B_FALSE }, 4311 { zfs_ioc_vdev_attach, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4312 B_TRUE }, 4313 { zfs_ioc_vdev_detach, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4314 B_TRUE }, 4315 { zfs_ioc_vdev_setpath, zfs_secpolicy_config, POOL_NAME, B_FALSE, 4316 B_TRUE }, 4317 { zfs_ioc_vdev_setfru, zfs_secpolicy_config, POOL_NAME, B_FALSE, 4318 B_TRUE }, 4319 { zfs_ioc_objset_stats, zfs_secpolicy_read, DATASET_NAME, B_FALSE, 4320 B_TRUE }, 4321 { zfs_ioc_objset_zplprops, zfs_secpolicy_read, DATASET_NAME, B_FALSE, 4322 B_FALSE }, 4323 { zfs_ioc_dataset_list_next, zfs_secpolicy_read, DATASET_NAME, B_FALSE, 4324 B_TRUE }, 4325 { zfs_ioc_snapshot_list_next, zfs_secpolicy_read, DATASET_NAME, B_FALSE, 4326 B_TRUE }, 4327 { zfs_ioc_set_prop, zfs_secpolicy_none, DATASET_NAME, B_TRUE, B_TRUE }, 4328 { zfs_ioc_create, zfs_secpolicy_create, DATASET_NAME, B_TRUE, B_TRUE }, 4329 { zfs_ioc_destroy, zfs_secpolicy_destroy, DATASET_NAME, B_TRUE, 4330 B_TRUE}, 4331 { zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME, B_TRUE, 4332 B_TRUE }, 4333 { zfs_ioc_rename, zfs_secpolicy_rename, DATASET_NAME, B_TRUE, B_TRUE }, 4334 { zfs_ioc_recv, zfs_secpolicy_receive, DATASET_NAME, B_TRUE, B_TRUE }, 4335 { zfs_ioc_send, zfs_secpolicy_send, DATASET_NAME, B_TRUE, B_FALSE }, 4336 { zfs_ioc_inject_fault, zfs_secpolicy_inject, NO_NAME, B_FALSE, 4337 B_FALSE }, 4338 { zfs_ioc_clear_fault, zfs_secpolicy_inject, NO_NAME, B_FALSE, 4339 B_FALSE }, 4340 { zfs_ioc_inject_list_next, zfs_secpolicy_inject, NO_NAME, B_FALSE, 4341 B_FALSE }, 4342 { zfs_ioc_error_log, zfs_secpolicy_inject, POOL_NAME, B_FALSE, 4343 B_FALSE }, 4344 { zfs_ioc_clear, zfs_secpolicy_config, POOL_NAME, B_TRUE, B_FALSE }, 4345 { zfs_ioc_promote, zfs_secpolicy_promote, DATASET_NAME, B_TRUE, 4346 B_TRUE }, 4347 { zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, DATASET_NAME, 4348 B_TRUE, B_TRUE }, 4349 { zfs_ioc_snapshot, zfs_secpolicy_snapshot, DATASET_NAME, B_TRUE, 4350 B_TRUE }, 4351 { zfs_ioc_dsobj_to_dsname, zfs_secpolicy_config, POOL_NAME, B_FALSE, 4352 B_FALSE }, 4353 { zfs_ioc_obj_to_path, zfs_secpolicy_config, DATASET_NAME, B_FALSE, 4354 B_TRUE }, 4355 { zfs_ioc_pool_set_props, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4356 B_TRUE }, 4357 { zfs_ioc_pool_get_props, zfs_secpolicy_read, POOL_NAME, B_FALSE, 4358 B_FALSE }, 4359 { zfs_ioc_set_fsacl, zfs_secpolicy_fsacl, DATASET_NAME, B_TRUE, 4360 B_TRUE }, 4361 { zfs_ioc_get_fsacl, zfs_secpolicy_read, DATASET_NAME, B_FALSE, 4362 B_FALSE }, 4363 { zfs_ioc_iscsi_perm_check, zfs_secpolicy_iscsi, DATASET_NAME, B_FALSE, 4364 B_FALSE }, 4365 { zfs_ioc_share, zfs_secpolicy_share, DATASET_NAME, B_FALSE, B_FALSE }, 4366 { zfs_ioc_inherit_prop, zfs_secpolicy_inherit, DATASET_NAME, B_TRUE, 4367 B_TRUE }, 4368 { zfs_ioc_smb_acl, zfs_secpolicy_smb_acl, DATASET_NAME, B_FALSE, 4369 B_FALSE }, 4370 { zfs_ioc_userspace_one, zfs_secpolicy_userspace_one, 4371 DATASET_NAME, B_FALSE, B_FALSE }, 4372 { zfs_ioc_userspace_many, zfs_secpolicy_userspace_many, 4373 DATASET_NAME, B_FALSE, B_FALSE }, 4374 { zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade, 4375 DATASET_NAME, B_FALSE, B_TRUE }, 4376 { zfs_ioc_hold, zfs_secpolicy_hold, DATASET_NAME, B_TRUE, B_TRUE }, 4377 { zfs_ioc_release, zfs_secpolicy_release, DATASET_NAME, B_TRUE, 4378 B_TRUE }, 4379 { zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME, B_FALSE, 4380 B_TRUE }, 4381 { zfs_ioc_objset_recvd_props, zfs_secpolicy_read, DATASET_NAME, B_FALSE, 4382 B_FALSE }, 4383 { zfs_ioc_vdev_split, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4384 B_TRUE } 4385 }; 4386 4387 int 4388 pool_status_check(const char *name, zfs_ioc_namecheck_t type) 4389 { 4390 spa_t *spa; 4391 int error; 4392 4393 ASSERT(type == POOL_NAME || type == DATASET_NAME); 4394 4395 error = spa_open(name, &spa, FTAG); 4396 if (error == 0) { 4397 if (spa_suspended(spa)) 4398 error = EAGAIN; 4399 spa_close(spa, FTAG); 4400 } 4401 return (error); 4402 } 4403 4404 static int 4405 zfsdev_ioctl(dev_t dev, int cmd, intptr_t arg, int flag, cred_t *cr, int *rvalp) 4406 { 4407 zfs_cmd_t *zc; 4408 uint_t vec; 4409 int error, rc; 4410 4411 if (getminor(dev) != 0) 4412 return (zvol_ioctl(dev, cmd, arg, flag, cr, rvalp)); 4413 4414 vec = cmd - ZFS_IOC; 4415 ASSERT3U(getmajor(dev), ==, ddi_driver_major(zfs_dip)); 4416 4417 if (vec >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0])) 4418 return (EINVAL); 4419 4420 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP); 4421 4422 error = ddi_copyin((void *)arg, zc, sizeof (zfs_cmd_t), flag); 4423 4424 if ((error == 0) && !(flag & FKIOCTL)) 4425 error = zfs_ioc_vec[vec].zvec_secpolicy(zc, cr); 4426 4427 /* 4428 * Ensure that all pool/dataset names are valid before we pass down to 4429 * the lower layers. 4430 */ 4431 if (error == 0) { 4432 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0'; 4433 zc->zc_iflags = flag & FKIOCTL; 4434 switch (zfs_ioc_vec[vec].zvec_namecheck) { 4435 case POOL_NAME: 4436 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0) 4437 error = EINVAL; 4438 if (zfs_ioc_vec[vec].zvec_pool_check) 4439 error = pool_status_check(zc->zc_name, 4440 zfs_ioc_vec[vec].zvec_namecheck); 4441 break; 4442 4443 case DATASET_NAME: 4444 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0) 4445 error = EINVAL; 4446 if (zfs_ioc_vec[vec].zvec_pool_check) 4447 error = pool_status_check(zc->zc_name, 4448 zfs_ioc_vec[vec].zvec_namecheck); 4449 break; 4450 4451 case NO_NAME: 4452 break; 4453 } 4454 } 4455 4456 if (error == 0) 4457 error = zfs_ioc_vec[vec].zvec_func(zc); 4458 4459 rc = ddi_copyout(zc, (void *)arg, sizeof (zfs_cmd_t), flag); 4460 if (error == 0) { 4461 error = rc; 4462 if (zfs_ioc_vec[vec].zvec_his_log) 4463 zfs_log_history(zc); 4464 } 4465 4466 kmem_free(zc, sizeof (zfs_cmd_t)); 4467 return (error); 4468 } 4469 4470 static int 4471 zfs_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) 4472 { 4473 if (cmd != DDI_ATTACH) 4474 return (DDI_FAILURE); 4475 4476 if (ddi_create_minor_node(dip, "zfs", S_IFCHR, 0, 4477 DDI_PSEUDO, 0) == DDI_FAILURE) 4478 return (DDI_FAILURE); 4479 4480 zfs_dip = dip; 4481 4482 ddi_report_dev(dip); 4483 4484 return (DDI_SUCCESS); 4485 } 4486 4487 static int 4488 zfs_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) 4489 { 4490 if (spa_busy() || zfs_busy() || zvol_busy()) 4491 return (DDI_FAILURE); 4492 4493 if (cmd != DDI_DETACH) 4494 return (DDI_FAILURE); 4495 4496 zfs_dip = NULL; 4497 4498 ddi_prop_remove_all(dip); 4499 ddi_remove_minor_node(dip, NULL); 4500 4501 return (DDI_SUCCESS); 4502 } 4503 4504 /*ARGSUSED*/ 4505 static int 4506 zfs_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result) 4507 { 4508 switch (infocmd) { 4509 case DDI_INFO_DEVT2DEVINFO: 4510 *result = zfs_dip; 4511 return (DDI_SUCCESS); 4512 4513 case DDI_INFO_DEVT2INSTANCE: 4514 *result = (void *)0; 4515 return (DDI_SUCCESS); 4516 } 4517 4518 return (DDI_FAILURE); 4519 } 4520 4521 /* 4522 * OK, so this is a little weird. 4523 * 4524 * /dev/zfs is the control node, i.e. minor 0. 4525 * /dev/zvol/[r]dsk/pool/dataset are the zvols, minor > 0. 4526 * 4527 * /dev/zfs has basically nothing to do except serve up ioctls, 4528 * so most of the standard driver entry points are in zvol.c. 4529 */ 4530 static struct cb_ops zfs_cb_ops = { 4531 zvol_open, /* open */ 4532 zvol_close, /* close */ 4533 zvol_strategy, /* strategy */ 4534 nodev, /* print */ 4535 zvol_dump, /* dump */ 4536 zvol_read, /* read */ 4537 zvol_write, /* write */ 4538 zfsdev_ioctl, /* ioctl */ 4539 nodev, /* devmap */ 4540 nodev, /* mmap */ 4541 nodev, /* segmap */ 4542 nochpoll, /* poll */ 4543 ddi_prop_op, /* prop_op */ 4544 NULL, /* streamtab */ 4545 D_NEW | D_MP | D_64BIT, /* Driver compatibility flag */ 4546 CB_REV, /* version */ 4547 nodev, /* async read */ 4548 nodev, /* async write */ 4549 }; 4550 4551 static struct dev_ops zfs_dev_ops = { 4552 DEVO_REV, /* version */ 4553 0, /* refcnt */ 4554 zfs_info, /* info */ 4555 nulldev, /* identify */ 4556 nulldev, /* probe */ 4557 zfs_attach, /* attach */ 4558 zfs_detach, /* detach */ 4559 nodev, /* reset */ 4560 &zfs_cb_ops, /* driver operations */ 4561 NULL, /* no bus operations */ 4562 NULL, /* power */ 4563 ddi_quiesce_not_needed, /* quiesce */ 4564 }; 4565 4566 static struct modldrv zfs_modldrv = { 4567 &mod_driverops, 4568 "ZFS storage pool", 4569 &zfs_dev_ops 4570 }; 4571 4572 static struct modlinkage modlinkage = { 4573 MODREV_1, 4574 (void *)&zfs_modlfs, 4575 (void *)&zfs_modldrv, 4576 NULL 4577 }; 4578 4579 4580 uint_t zfs_fsyncer_key; 4581 extern uint_t rrw_tsd_key; 4582 4583 int 4584 _init(void) 4585 { 4586 int error; 4587 4588 spa_init(FREAD | FWRITE); 4589 zfs_init(); 4590 zvol_init(); 4591 4592 if ((error = mod_install(&modlinkage)) != 0) { 4593 zvol_fini(); 4594 zfs_fini(); 4595 spa_fini(); 4596 return (error); 4597 } 4598 4599 tsd_create(&zfs_fsyncer_key, NULL); 4600 tsd_create(&rrw_tsd_key, NULL); 4601 4602 error = ldi_ident_from_mod(&modlinkage, &zfs_li); 4603 ASSERT(error == 0); 4604 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL); 4605 4606 return (0); 4607 } 4608 4609 int 4610 _fini(void) 4611 { 4612 int error; 4613 4614 if (spa_busy() || zfs_busy() || zvol_busy() || zio_injection_enabled) 4615 return (EBUSY); 4616 4617 if ((error = mod_remove(&modlinkage)) != 0) 4618 return (error); 4619 4620 zvol_fini(); 4621 zfs_fini(); 4622 spa_fini(); 4623 if (zfs_nfsshare_inited) 4624 (void) ddi_modclose(nfs_mod); 4625 if (zfs_smbshare_inited) 4626 (void) ddi_modclose(smbsrv_mod); 4627 if (zfs_nfsshare_inited || zfs_smbshare_inited) 4628 (void) ddi_modclose(sharefs_mod); 4629 4630 tsd_destroy(&zfs_fsyncer_key); 4631 ldi_ident_release(zfs_li); 4632 zfs_li = NULL; 4633 mutex_destroy(&zfs_share_lock); 4634 4635 return (error); 4636 } 4637 4638 int 4639 _info(struct modinfo *modinfop) 4640 { 4641 return (mod_info(&modlinkage, modinfop)); 4642 } 4643
Indexes created Wed Feb 10 04:24:43 UTC 2010
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Site Map |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
© 2010, Oracle Corporation and/or its affiliates
