1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. 23 */ 24 25 #include <sys/types.h> 26 #include <sys/param.h> 27 #include <sys/errno.h> 28 #include <sys/uio.h> 29 #include <sys/buf.h> 30 #include <sys/modctl.h> 31 #include <sys/open.h> 32 #include <sys/file.h> 33 #include <sys/kmem.h> 34 #include <sys/conf.h> 35 #include <sys/cmn_err.h> 36 #include <sys/stat.h> 37 #include <sys/zfs_ioctl.h> 38 #include <sys/zfs_vfsops.h> 39 #include <sys/zfs_znode.h> 40 #include <sys/zap.h> 41 #include <sys/spa.h> 42 #include <sys/spa_impl.h> 43 #include <sys/vdev.h> 44 #include <sys/priv_impl.h> 45 #include <sys/dmu.h> 46 #include <sys/dsl_dir.h> 47 #include <sys/dsl_dataset.h> 48 #include <sys/dsl_prop.h> 49 #include <sys/dsl_deleg.h> 50 #include <sys/dmu_objset.h> 51 #include <sys/ddi.h> 52 #include <sys/sunddi.h> 53 #include <sys/sunldi.h> 54 #include <sys/policy.h> 55 #include <sys/zone.h> 56 #include <sys/nvpair.h> 57 #include <sys/pathname.h> 58 #include <sys/mount.h> 59 #include <sys/sdt.h> 60 #include <sys/fs/zfs.h> 61 #include <sys/zfs_ctldir.h> 62 #include <sys/zfs_dir.h> 63 #include <sys/zfs_onexit.h> 64 #include <sys/zvol.h> 65 #include <sys/dsl_scan.h> 66 #include <sharefs/share.h> 67 #include <sys/dmu_objset.h> 68 69 #include "zfs_namecheck.h" 70 #include "zfs_prop.h" 71 #include "zfs_deleg.h" 72 #include "zfs_comutil.h" 73 74 extern struct modlfs zfs_modlfs; 75 76 extern void zfs_init(void); 77 extern void zfs_fini(void); 78 79 ldi_ident_t zfs_li = NULL; 80 dev_info_t *zfs_dip; 81 82 typedef int zfs_ioc_func_t(zfs_cmd_t *); 83 typedef int zfs_secpolicy_func_t(zfs_cmd_t *, cred_t *); 84 85 typedef enum { 86 NO_NAME, 87 POOL_NAME, 88 DATASET_NAME 89 } zfs_ioc_namecheck_t; 90 91 typedef enum { 92 POOL_CHECK_NONE = 1 << 0, 93 POOL_CHECK_SUSPENDED = 1 << 1, 94 POOL_CHECK_READONLY = 1 << 2 95 } zfs_ioc_poolcheck_t; 96 97 typedef struct zfs_ioc_vec { 98 zfs_ioc_func_t *zvec_func; 99 zfs_secpolicy_func_t *zvec_secpolicy; 100 zfs_ioc_namecheck_t zvec_namecheck; 101 boolean_t zvec_his_log; 102 zfs_ioc_poolcheck_t zvec_pool_check; 103 } zfs_ioc_vec_t; 104 105 /* This array is indexed by zfs_userquota_prop_t */ 106 static const char *userquota_perms[] = { 107 ZFS_DELEG_PERM_USERUSED, 108 ZFS_DELEG_PERM_USERQUOTA, 109 ZFS_DELEG_PERM_GROUPUSED, 110 ZFS_DELEG_PERM_GROUPQUOTA, 111 }; 112 113 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc); 114 static int zfs_check_settable(const char *name, nvpair_t *property, 115 cred_t *cr); 116 static int zfs_check_clearable(char *dataset, nvlist_t *props, 117 nvlist_t **errors); 118 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *, 119 boolean_t *); 120 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t **); 121 122 /* _NOTE(PRINTFLIKE(4)) - this is printf-like, but lint is too whiney */ 123 void 124 __dprintf(const char *file, const char *func, int line, const char *fmt, ...) 125 { 126 const char *newfile; 127 char buf[512]; 128 va_list adx; 129 130 /* 131 * Get rid of annoying "../common/" prefix to filename. 132 */ 133 newfile = strrchr(file, '/'); 134 if (newfile != NULL) { 135 newfile = newfile + 1; /* Get rid of leading / */ 136 } else { 137 newfile = file; 138 } 139 140 va_start(adx, fmt); 141 (void) vsnprintf(buf, sizeof (buf), fmt, adx); 142 va_end(adx); 143 144 /* 145 * To get this data, use the zfs-dprintf probe as so: 146 * dtrace -q -n 'zfs-dprintf \ 147 * /stringof(arg0) == "dbuf.c"/ \ 148 * {printf("%s: %s", stringof(arg1), stringof(arg3))}' 149 * arg0 = file name 150 * arg1 = function name 151 * arg2 = line number 152 * arg3 = message 153 */ 154 DTRACE_PROBE4(zfs__dprintf, 155 char *, newfile, char *, func, int, line, char *, buf); 156 } 157 158 static void 159 history_str_free(char *buf) 160 { 161 kmem_free(buf, HIS_MAX_RECORD_LEN); 162 } 163 164 static char * 165 history_str_get(zfs_cmd_t *zc) 166 { 167 char *buf; 168 169 if (zc->zc_history == NULL) 170 return (NULL); 171 172 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP); 173 if (copyinstr((void *)(uintptr_t)zc->zc_history, 174 buf, HIS_MAX_RECORD_LEN, NULL) != 0) { 175 history_str_free(buf); 176 return (NULL); 177 } 178 179 buf[HIS_MAX_RECORD_LEN -1] = '\0'; 180 181 return (buf); 182 } 183 184 /* 185 * Check to see if the named dataset is currently defined as bootable 186 */ 187 static boolean_t 188 zfs_is_bootfs(const char *name) 189 { 190 objset_t *os; 191 192 if (dmu_objset_hold(name, FTAG, &os) == 0) { 193 boolean_t ret; 194 ret = (dmu_objset_id(os) == spa_bootfs(dmu_objset_spa(os))); 195 dmu_objset_rele(os, FTAG); 196 return (ret); 197 } 198 return (B_FALSE); 199 } 200 201 /* 202 * zfs_earlier_version 203 * 204 * Return non-zero if the spa version is less than requested version. 205 */ 206 static int 207 zfs_earlier_version(const char *name, int version) 208 { 209 spa_t *spa; 210 211 if (spa_open(name, &spa, FTAG) == 0) { 212 if (spa_version(spa) < version) { 213 spa_close(spa, FTAG); 214 return (1); 215 } 216 spa_close(spa, FTAG); 217 } 218 return (0); 219 } 220 221 /* 222 * zpl_earlier_version 223 * 224 * Return TRUE if the ZPL version is less than requested version. 225 */ 226 static boolean_t 227 zpl_earlier_version(const char *name, int version) 228 { 229 objset_t *os; 230 boolean_t rc = B_TRUE; 231 232 if (dmu_objset_hold(name, FTAG, &os) == 0) { 233 uint64_t zplversion; 234 235 if (dmu_objset_type(os) != DMU_OST_ZFS) { 236 dmu_objset_rele(os, FTAG); 237 return (B_TRUE); 238 } 239 /* XXX reading from non-owned objset */ 240 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0) 241 rc = zplversion < version; 242 dmu_objset_rele(os, FTAG); 243 } 244 return (rc); 245 } 246 247 static void 248 zfs_log_history(zfs_cmd_t *zc) 249 { 250 spa_t *spa; 251 char *buf; 252 253 if ((buf = history_str_get(zc)) == NULL) 254 return; 255 256 if (spa_open(zc->zc_name, &spa, FTAG) == 0) { 257 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY) 258 (void) spa_history_log(spa, buf, LOG_CMD_NORMAL); 259 spa_close(spa, FTAG); 260 } 261 history_str_free(buf); 262 } 263 264 /* 265 * Policy for top-level read operations (list pools). Requires no privileges, 266 * and can be used in the local zone, as there is no associated dataset. 267 */ 268 /* ARGSUSED */ 269 static int 270 zfs_secpolicy_none(zfs_cmd_t *zc, cred_t *cr) 271 { 272 return (0); 273 } 274 275 /* 276 * Policy for dataset read operations (list children, get statistics). Requires 277 * no privileges, but must be visible in the local zone. 278 */ 279 /* ARGSUSED */ 280 static int 281 zfs_secpolicy_read(zfs_cmd_t *zc, cred_t *cr) 282 { 283 if (INGLOBALZONE(curproc) || 284 zone_dataset_visible(zc->zc_name, NULL)) 285 return (0); 286 287 return (ENOENT); 288 } 289 290 static int 291 zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr) 292 { 293 int writable = 1; 294 295 /* 296 * The dataset must be visible by this zone -- check this first 297 * so they don't see EPERM on something they shouldn't know about. 298 */ 299 if (!INGLOBALZONE(curproc) && 300 !zone_dataset_visible(dataset, &writable)) 301 return (ENOENT); 302 303 if (INGLOBALZONE(curproc)) { 304 /* 305 * If the fs is zoned, only root can access it from the 306 * global zone. 307 */ 308 if (secpolicy_zfs(cr) && zoned) 309 return (EPERM); 310 } else { 311 /* 312 * If we are in a local zone, the 'zoned' property must be set. 313 */ 314 if (!zoned) 315 return (EPERM); 316 317 /* must be writable by this zone */ 318 if (!writable) 319 return (EPERM); 320 } 321 return (0); 322 } 323 324 static int 325 zfs_dozonecheck(const char *dataset, cred_t *cr) 326 { 327 uint64_t zoned; 328 329 if (dsl_prop_get_integer(dataset, "zoned", &zoned, NULL)) 330 return (ENOENT); 331 332 return (zfs_dozonecheck_impl(dataset, zoned, cr)); 333 } 334 335 static int 336 zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr) 337 { 338 uint64_t zoned; 339 340 rw_enter(&ds->ds_dir->dd_pool->dp_config_rwlock, RW_READER); 341 if (dsl_prop_get_ds(ds, "zoned", 8, 1, &zoned, NULL)) { 342 rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock); 343 return (ENOENT); 344 } 345 rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock); 346 347 return (zfs_dozonecheck_impl(dataset, zoned, cr)); 348 } 349 350 int 351 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr) 352 { 353 int error; 354 355 error = zfs_dozonecheck(name, cr); 356 if (error == 0) { 357 error = secpolicy_zfs(cr); 358 if (error) 359 error = dsl_deleg_access(name, perm, cr); 360 } 361 return (error); 362 } 363 364 int 365 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds, 366 const char *perm, cred_t *cr) 367 { 368 int error; 369 370 error = zfs_dozonecheck_ds(name, ds, cr); 371 if (error == 0) { 372 error = secpolicy_zfs(cr); 373 if (error) 374 error = dsl_deleg_access_impl(ds, perm, cr); 375 } 376 return (error); 377 } 378 379 /* 380 * Policy for setting the security label property. 381 * 382 * Returns 0 for success, non-zero for access and other errors. 383 */ 384 static int 385 zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr) 386 { 387 char ds_hexsl[MAXNAMELEN]; 388 bslabel_t ds_sl, new_sl; 389 boolean_t new_default = FALSE; 390 uint64_t zoned; 391 int needed_priv = -1; 392 int error; 393 394 /* First get the existing dataset label. */ 395 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL), 396 1, sizeof (ds_hexsl), &ds_hexsl, NULL); 397 if (error) 398 return (EPERM); 399 400 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0) 401 new_default = TRUE; 402 403 /* The label must be translatable */ 404 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0)) 405 return (EINVAL); 406 407 /* 408 * In a non-global zone, disallow attempts to set a label that 409 * doesn't match that of the zone; otherwise no other checks 410 * are needed. 411 */ 412 if (!INGLOBALZONE(curproc)) { 413 if (new_default || !blequal(&new_sl, CR_SL(CRED()))) 414 return (EPERM); 415 return (0); 416 } 417 418 /* 419 * For global-zone datasets (i.e., those whose zoned property is 420 * "off", verify that the specified new label is valid for the 421 * global zone. 422 */ 423 if (dsl_prop_get_integer(name, 424 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL)) 425 return (EPERM); 426 if (!zoned) { 427 if (zfs_check_global_label(name, strval) != 0) 428 return (EPERM); 429 } 430 431 /* 432 * If the existing dataset label is nondefault, check if the 433 * dataset is mounted (label cannot be changed while mounted). 434 * Get the zfsvfs; if there isn't one, then the dataset isn't 435 * mounted (or isn't a dataset, doesn't exist, ...). 436 */ 437 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) { 438 objset_t *os; 439 static char *setsl_tag = "setsl_tag"; 440 441 /* 442 * Try to own the dataset; abort if there is any error, 443 * (e.g., already mounted, in use, or other error). 444 */ 445 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE, 446 setsl_tag, &os); 447 if (error) 448 return (EPERM); 449 450 dmu_objset_disown(os, setsl_tag); 451 452 if (new_default) { 453 needed_priv = PRIV_FILE_DOWNGRADE_SL; 454 goto out_check; 455 } 456 457 if (hexstr_to_label(strval, &new_sl) != 0) 458 return (EPERM); 459 460 if (blstrictdom(&ds_sl, &new_sl)) 461 needed_priv = PRIV_FILE_DOWNGRADE_SL; 462 else if (blstrictdom(&new_sl, &ds_sl)) 463 needed_priv = PRIV_FILE_UPGRADE_SL; 464 } else { 465 /* dataset currently has a default label */ 466 if (!new_default) 467 needed_priv = PRIV_FILE_UPGRADE_SL; 468 } 469 470 out_check: 471 if (needed_priv != -1) 472 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL)); 473 return (0); 474 } 475 476 static int 477 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval, 478 cred_t *cr) 479 { 480 char *strval; 481 482 /* 483 * Check permissions for special properties. 484 */ 485 switch (prop) { 486 case ZFS_PROP_ZONED: 487 /* 488 * Disallow setting of 'zoned' from within a local zone. 489 */ 490 if (!INGLOBALZONE(curproc)) 491 return (EPERM); 492 break; 493 494 case ZFS_PROP_QUOTA: 495 if (!INGLOBALZONE(curproc)) { 496 uint64_t zoned; 497 char setpoint[MAXNAMELEN]; 498 /* 499 * Unprivileged users are allowed to modify the 500 * quota on things *under* (ie. contained by) 501 * the thing they own. 502 */ 503 if (dsl_prop_get_integer(dsname, "zoned", &zoned, 504 setpoint)) 505 return (EPERM); 506 if (!zoned || strlen(dsname) <= strlen(setpoint)) 507 return (EPERM); 508 } 509 break; 510 511 case ZFS_PROP_MLSLABEL: 512 if (!is_system_labeled()) 513 return (EPERM); 514 515 if (nvpair_value_string(propval, &strval) == 0) { 516 int err; 517 518 err = zfs_set_slabel_policy(dsname, strval, CRED()); 519 if (err != 0) 520 return (err); 521 } 522 break; 523 } 524 525 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr)); 526 } 527 528 int 529 zfs_secpolicy_fsacl(zfs_cmd_t *zc, cred_t *cr) 530 { 531 int error; 532 533 error = zfs_dozonecheck(zc->zc_name, cr); 534 if (error) 535 return (error); 536 537 /* 538 * permission to set permissions will be evaluated later in 539 * dsl_deleg_can_allow() 540 */ 541 return (0); 542 } 543 544 int 545 zfs_secpolicy_rollback(zfs_cmd_t *zc, cred_t *cr) 546 { 547 return (zfs_secpolicy_write_perms(zc->zc_name, 548 ZFS_DELEG_PERM_ROLLBACK, cr)); 549 } 550 551 int 552 zfs_secpolicy_send(zfs_cmd_t *zc, cred_t *cr) 553 { 554 spa_t *spa; 555 dsl_pool_t *dp; 556 dsl_dataset_t *ds; 557 char *cp; 558 int error; 559 560 /* 561 * Generate the current snapshot name from the given objsetid, then 562 * use that name for the secpolicy/zone checks. 563 */ 564 cp = strchr(zc->zc_name, '@'); 565 if (cp == NULL) 566 return (EINVAL); 567 error = spa_open(zc->zc_name, &spa, FTAG); 568 if (error) 569 return (error); 570 571 dp = spa_get_dsl(spa); 572 rw_enter(&dp->dp_config_rwlock, RW_READER); 573 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds); 574 rw_exit(&dp->dp_config_rwlock); 575 spa_close(spa, FTAG); 576 if (error) 577 return (error); 578 579 dsl_dataset_name(ds, zc->zc_name); 580 581 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds, 582 ZFS_DELEG_PERM_SEND, cr); 583 dsl_dataset_rele(ds, FTAG); 584 585 return (error); 586 } 587 588 static int 589 zfs_secpolicy_deleg_share(zfs_cmd_t *zc, cred_t *cr) 590 { 591 vnode_t *vp; 592 int error; 593 594 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE, 595 NO_FOLLOW, NULL, &vp)) != 0) 596 return (error); 597 598 /* Now make sure mntpnt and dataset are ZFS */ 599 600 if (vp->v_vfsp->vfs_fstype != zfsfstype || 601 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource), 602 zc->zc_name) != 0)) { 603 VN_RELE(vp); 604 return (EPERM); 605 } 606 607 VN_RELE(vp); 608 return (dsl_deleg_access(zc->zc_name, 609 ZFS_DELEG_PERM_SHARE, cr)); 610 } 611 612 int 613 zfs_secpolicy_share(zfs_cmd_t *zc, cred_t *cr) 614 { 615 if (!INGLOBALZONE(curproc)) 616 return (EPERM); 617 618 if (secpolicy_nfs(cr) == 0) { 619 return (0); 620 } else { 621 return (zfs_secpolicy_deleg_share(zc, cr)); 622 } 623 } 624 625 int 626 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, cred_t *cr) 627 { 628 if (!INGLOBALZONE(curproc)) 629 return (EPERM); 630 631 if (secpolicy_smb(cr) == 0) { 632 return (0); 633 } else { 634 return (zfs_secpolicy_deleg_share(zc, cr)); 635 } 636 } 637 638 static int 639 zfs_get_parent(const char *datasetname, char *parent, int parentsize) 640 { 641 char *cp; 642 643 /* 644 * Remove the @bla or /bla from the end of the name to get the parent. 645 */ 646 (void) strncpy(parent, datasetname, parentsize); 647 cp = strrchr(parent, '@'); 648 if (cp != NULL) { 649 cp[0] = '\0'; 650 } else { 651 cp = strrchr(parent, '/'); 652 if (cp == NULL) 653 return (ENOENT); 654 cp[0] = '\0'; 655 } 656 657 return (0); 658 } 659 660 int 661 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr) 662 { 663 int error; 664 665 if ((error = zfs_secpolicy_write_perms(name, 666 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 667 return (error); 668 669 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr)); 670 } 671 672 static int 673 zfs_secpolicy_destroy(zfs_cmd_t *zc, cred_t *cr) 674 { 675 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr)); 676 } 677 678 /* 679 * Destroying snapshots with delegated permissions requires 680 * descendent mount and destroy permissions. 681 * Reassemble the full filesystem@snap name so dsl_deleg_access() 682 * can do the correct permission check. 683 * 684 * Since this routine is used when doing a recursive destroy of snapshots 685 * and destroying snapshots requires descendent permissions, a successfull 686 * check of the top level snapshot applies to snapshots of all descendent 687 * datasets as well. 688 */ 689 static int 690 zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, cred_t *cr) 691 { 692 int error; 693 char *dsname; 694 695 dsname = kmem_asprintf("%s@%s", zc->zc_name, zc->zc_value); 696 697 error = zfs_secpolicy_destroy_perms(dsname, cr); 698 699 strfree(dsname); 700 return (error); 701 } 702 703 int 704 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr) 705 { 706 char parentname[MAXNAMELEN]; 707 int error; 708 709 if ((error = zfs_secpolicy_write_perms(from, 710 ZFS_DELEG_PERM_RENAME, cr)) != 0) 711 return (error); 712 713 if ((error = zfs_secpolicy_write_perms(from, 714 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 715 return (error); 716 717 if ((error = zfs_get_parent(to, parentname, 718 sizeof (parentname))) != 0) 719 return (error); 720 721 if ((error = zfs_secpolicy_write_perms(parentname, 722 ZFS_DELEG_PERM_CREATE, cr)) != 0) 723 return (error); 724 725 if ((error = zfs_secpolicy_write_perms(parentname, 726 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 727 return (error); 728 729 return (error); 730 } 731 732 static int 733 zfs_secpolicy_rename(zfs_cmd_t *zc, cred_t *cr) 734 { 735 return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr)); 736 } 737 738 static int 739 zfs_secpolicy_promote(zfs_cmd_t *zc, cred_t *cr) 740 { 741 char parentname[MAXNAMELEN]; 742 objset_t *clone; 743 int error; 744 745 error = zfs_secpolicy_write_perms(zc->zc_name, 746 ZFS_DELEG_PERM_PROMOTE, cr); 747 if (error) 748 return (error); 749 750 error = dmu_objset_hold(zc->zc_name, FTAG, &clone); 751 752 if (error == 0) { 753 dsl_dataset_t *pclone = NULL; 754 dsl_dir_t *dd; 755 dd = clone->os_dsl_dataset->ds_dir; 756 757 rw_enter(&dd->dd_pool->dp_config_rwlock, RW_READER); 758 error = dsl_dataset_hold_obj(dd->dd_pool, 759 dd->dd_phys->dd_origin_obj, FTAG, &pclone); 760 rw_exit(&dd->dd_pool->dp_config_rwlock); 761 if (error) { 762 dmu_objset_rele(clone, FTAG); 763 return (error); 764 } 765 766 error = zfs_secpolicy_write_perms(zc->zc_name, 767 ZFS_DELEG_PERM_MOUNT, cr); 768 769 dsl_dataset_name(pclone, parentname); 770 dmu_objset_rele(clone, FTAG); 771 dsl_dataset_rele(pclone, FTAG); 772 if (error == 0) 773 error = zfs_secpolicy_write_perms(parentname, 774 ZFS_DELEG_PERM_PROMOTE, cr); 775 } 776 return (error); 777 } 778 779 static int 780 zfs_secpolicy_receive(zfs_cmd_t *zc, cred_t *cr) 781 { 782 int error; 783 784 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 785 ZFS_DELEG_PERM_RECEIVE, cr)) != 0) 786 return (error); 787 788 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 789 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 790 return (error); 791 792 return (zfs_secpolicy_write_perms(zc->zc_name, 793 ZFS_DELEG_PERM_CREATE, cr)); 794 } 795 796 int 797 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr) 798 { 799 return (zfs_secpolicy_write_perms(name, 800 ZFS_DELEG_PERM_SNAPSHOT, cr)); 801 } 802 803 static int 804 zfs_secpolicy_snapshot(zfs_cmd_t *zc, cred_t *cr) 805 { 806 807 return (zfs_secpolicy_snapshot_perms(zc->zc_name, cr)); 808 } 809 810 static int 811 zfs_secpolicy_create(zfs_cmd_t *zc, cred_t *cr) 812 { 813 char parentname[MAXNAMELEN]; 814 int error; 815 816 if ((error = zfs_get_parent(zc->zc_name, parentname, 817 sizeof (parentname))) != 0) 818 return (error); 819 820 if (zc->zc_value[0] != '\0') { 821 if ((error = zfs_secpolicy_write_perms(zc->zc_value, 822 ZFS_DELEG_PERM_CLONE, cr)) != 0) 823 return (error); 824 } 825 826 if ((error = zfs_secpolicy_write_perms(parentname, 827 ZFS_DELEG_PERM_CREATE, cr)) != 0) 828 return (error); 829 830 error = zfs_secpolicy_write_perms(parentname, 831 ZFS_DELEG_PERM_MOUNT, cr); 832 833 return (error); 834 } 835 836 static int 837 zfs_secpolicy_umount(zfs_cmd_t *zc, cred_t *cr) 838 { 839 int error; 840 841 error = secpolicy_fs_unmount(cr, NULL); 842 if (error) { 843 error = dsl_deleg_access(zc->zc_name, ZFS_DELEG_PERM_MOUNT, cr); 844 } 845 return (error); 846 } 847 848 /* 849 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires 850 * SYS_CONFIG privilege, which is not available in a local zone. 851 */ 852 /* ARGSUSED */ 853 static int 854 zfs_secpolicy_config(zfs_cmd_t *zc, cred_t *cr) 855 { 856 if (secpolicy_sys_config(cr, B_FALSE) != 0) 857 return (EPERM); 858 859 return (0); 860 } 861 862 /* 863 * Policy for object to name lookups. 864 */ 865 /* ARGSUSED */ 866 static int 867 zfs_secpolicy_diff(zfs_cmd_t *zc, cred_t *cr) 868 { 869 int error; 870 871 if ((error = secpolicy_sys_config(cr, B_FALSE)) == 0) 872 return (0); 873 874 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr); 875 return (error); 876 } 877 878 /* 879 * Policy for fault injection. Requires all privileges. 880 */ 881 /* ARGSUSED */ 882 static int 883 zfs_secpolicy_inject(zfs_cmd_t *zc, cred_t *cr) 884 { 885 return (secpolicy_zinject(cr)); 886 } 887 888 static int 889 zfs_secpolicy_inherit(zfs_cmd_t *zc, cred_t *cr) 890 { 891 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value); 892 893 if (prop == ZPROP_INVAL) { 894 if (!zfs_prop_user(zc->zc_value)) 895 return (EINVAL); 896 return (zfs_secpolicy_write_perms(zc->zc_name, 897 ZFS_DELEG_PERM_USERPROP, cr)); 898 } else { 899 return (zfs_secpolicy_setprop(zc->zc_name, prop, 900 NULL, cr)); 901 } 902 } 903 904 static int 905 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, cred_t *cr) 906 { 907 int err = zfs_secpolicy_read(zc, cr); 908 if (err) 909 return (err); 910 911 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 912 return (EINVAL); 913 914 if (zc->zc_value[0] == 0) { 915 /* 916 * They are asking about a posix uid/gid. If it's 917 * themself, allow it. 918 */ 919 if (zc->zc_objset_type == ZFS_PROP_USERUSED || 920 zc->zc_objset_type == ZFS_PROP_USERQUOTA) { 921 if (zc->zc_guid == crgetuid(cr)) 922 return (0); 923 } else { 924 if (groupmember(zc->zc_guid, cr)) 925 return (0); 926 } 927 } 928 929 return (zfs_secpolicy_write_perms(zc->zc_name, 930 userquota_perms[zc->zc_objset_type], cr)); 931 } 932 933 static int 934 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, cred_t *cr) 935 { 936 int err = zfs_secpolicy_read(zc, cr); 937 if (err) 938 return (err); 939 940 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 941 return (EINVAL); 942 943 return (zfs_secpolicy_write_perms(zc->zc_name, 944 userquota_perms[zc->zc_objset_type], cr)); 945 } 946 947 static int 948 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, cred_t *cr) 949 { 950 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION, 951 NULL, cr)); 952 } 953 954 static int 955 zfs_secpolicy_hold(zfs_cmd_t *zc, cred_t *cr) 956 { 957 return (zfs_secpolicy_write_perms(zc->zc_name, 958 ZFS_DELEG_PERM_HOLD, cr)); 959 } 960 961 static int 962 zfs_secpolicy_release(zfs_cmd_t *zc, cred_t *cr) 963 { 964 return (zfs_secpolicy_write_perms(zc->zc_name, 965 ZFS_DELEG_PERM_RELEASE, cr)); 966 } 967 968 /* 969 * Policy for allowing temporary snapshots to be taken or released 970 */ 971 static int 972 zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, cred_t *cr) 973 { 974 /* 975 * A temporary snapshot is the same as a snapshot, 976 * hold, destroy and release all rolled into one. 977 * Delegated diff alone is sufficient that we allow this. 978 */ 979 int error; 980 981 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 982 ZFS_DELEG_PERM_DIFF, cr)) == 0) 983 return (0); 984 985 error = zfs_secpolicy_snapshot(zc, cr); 986 if (!error) 987 error = zfs_secpolicy_hold(zc, cr); 988 if (!error) 989 error = zfs_secpolicy_release(zc, cr); 990 if (!error) 991 error = zfs_secpolicy_destroy(zc, cr); 992 return (error); 993 } 994 995 /* 996 * Returns the nvlist as specified by the user in the zfs_cmd_t. 997 */ 998 static int 999 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp) 1000 { 1001 char *packed; 1002 int error; 1003 nvlist_t *list = NULL; 1004 1005 /* 1006 * Read in and unpack the user-supplied nvlist. 1007 */ 1008 if (size == 0) 1009 return (EINVAL); 1010 1011 packed = kmem_alloc(size, KM_SLEEP); 1012 1013 if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size, 1014 iflag)) != 0) { 1015 kmem_free(packed, size); 1016 return (error); 1017 } 1018 1019 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) { 1020 kmem_free(packed, size); 1021 return (error); 1022 } 1023 1024 kmem_free(packed, size); 1025 1026 *nvp = list; 1027 return (0); 1028 } 1029 1030 static int 1031 fit_error_list(zfs_cmd_t *zc, nvlist_t **errors) 1032 { 1033 size_t size; 1034 1035 VERIFY(nvlist_size(*errors, &size, NV_ENCODE_NATIVE) == 0); 1036 1037 if (size > zc->zc_nvlist_dst_size) { 1038 nvpair_t *more_errors; 1039 int n = 0; 1040 1041 if (zc->zc_nvlist_dst_size < 1024) 1042 return (ENOMEM); 1043 1044 VERIFY(nvlist_add_int32(*errors, ZPROP_N_MORE_ERRORS, 0) == 0); 1045 more_errors = nvlist_prev_nvpair(*errors, NULL); 1046 1047 do { 1048 nvpair_t *pair = nvlist_prev_nvpair(*errors, 1049 more_errors); 1050 VERIFY(nvlist_remove_nvpair(*errors, pair) == 0); 1051 n++; 1052 VERIFY(nvlist_size(*errors, &size, 1053 NV_ENCODE_NATIVE) == 0); 1054 } while (size > zc->zc_nvlist_dst_size); 1055 1056 VERIFY(nvlist_remove_nvpair(*errors, more_errors) == 0); 1057 VERIFY(nvlist_add_int32(*errors, ZPROP_N_MORE_ERRORS, n) == 0); 1058 ASSERT(nvlist_size(*errors, &size, NV_ENCODE_NATIVE) == 0); 1059 ASSERT(size <= zc->zc_nvlist_dst_size); 1060 } 1061 1062 return (0); 1063 } 1064 1065 static int 1066 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl) 1067 { 1068 char *packed = NULL; 1069 int error = 0; 1070 size_t size; 1071 1072 VERIFY(nvlist_size(nvl, &size, NV_ENCODE_NATIVE) == 0); 1073 1074 if (size > zc->zc_nvlist_dst_size) { 1075 error = ENOMEM; 1076 } else { 1077 packed = kmem_alloc(size, KM_SLEEP); 1078 VERIFY(nvlist_pack(nvl, &packed, &size, NV_ENCODE_NATIVE, 1079 KM_SLEEP) == 0); 1080 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst, 1081 size, zc->zc_iflags) != 0) 1082 error = EFAULT; 1083 kmem_free(packed, size); 1084 } 1085 1086 zc->zc_nvlist_dst_size = size; 1087 return (error); 1088 } 1089 1090 static int 1091 getzfsvfs(const char *dsname, zfsvfs_t **zfvp) 1092 { 1093 objset_t *os; 1094 int error; 1095 1096 error = dmu_objset_hold(dsname, FTAG, &os); 1097 if (error) 1098 return (error); 1099 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1100 dmu_objset_rele(os, FTAG); 1101 return (EINVAL); 1102 } 1103 1104 mutex_enter(&os->os_user_ptr_lock); 1105 *zfvp = dmu_objset_get_user(os); 1106 if (*zfvp) { 1107 VFS_HOLD((*zfvp)->z_vfs); 1108 } else { 1109 error = ESRCH; 1110 } 1111 mutex_exit(&os->os_user_ptr_lock); 1112 dmu_objset_rele(os, FTAG); 1113 return (error); 1114 } 1115 1116 /* 1117 * Find a zfsvfs_t for a mounted filesystem, or create our own, in which 1118 * case its z_vfs will be NULL, and it will be opened as the owner. 1119 */ 1120 static int 1121 zfsvfs_hold(const char *name, void *tag, zfsvfs_t **zfvp, boolean_t writer) 1122 { 1123 int error = 0; 1124 1125 if (getzfsvfs(name, zfvp) != 0) 1126 error = zfsvfs_create(name, zfvp); 1127 if (error == 0) { 1128 rrw_enter(&(*zfvp)->z_teardown_lock, (writer) ? RW_WRITER : 1129 RW_READER, tag); 1130 if ((*zfvp)->z_unmounted) { 1131 /* 1132 * XXX we could probably try again, since the unmounting 1133 * thread should be just about to disassociate the 1134 * objset from the zfsvfs. 1135 */ 1136 rrw_exit(&(*zfvp)->z_teardown_lock, tag); 1137 return (EBUSY); 1138 } 1139 } 1140 return (error); 1141 } 1142 1143 static void 1144 zfsvfs_rele(zfsvfs_t *zfsvfs, void *tag) 1145 { 1146 rrw_exit(&zfsvfs->z_teardown_lock, tag); 1147 1148 if (zfsvfs->z_vfs) { 1149 VFS_RELE(zfsvfs->z_vfs); 1150 } else { 1151 dmu_objset_disown(zfsvfs->z_os, zfsvfs); 1152 zfsvfs_free(zfsvfs); 1153 } 1154 } 1155 1156 static int 1157 zfs_ioc_pool_create(zfs_cmd_t *zc) 1158 { 1159 int error; 1160 nvlist_t *config, *props = NULL; 1161 nvlist_t *rootprops = NULL; 1162 nvlist_t *zplprops = NULL; 1163 char *buf; 1164 1165 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1166 zc->zc_iflags, &config)) 1167 return (error); 1168 1169 if (zc->zc_nvlist_src_size != 0 && (error = 1170 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1171 zc->zc_iflags, &props))) { 1172 nvlist_free(config); 1173 return (error); 1174 } 1175 1176 if (props) { 1177 nvlist_t *nvl = NULL; 1178 uint64_t version = SPA_VERSION; 1179 1180 (void) nvlist_lookup_uint64(props, 1181 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version); 1182 if (version < SPA_VERSION_INITIAL || version > SPA_VERSION) { 1183 error = EINVAL; 1184 goto pool_props_bad; 1185 } 1186 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl); 1187 if (nvl) { 1188 error = nvlist_dup(nvl, &rootprops, KM_SLEEP); 1189 if (error != 0) { 1190 nvlist_free(config); 1191 nvlist_free(props); 1192 return (error); 1193 } 1194 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS); 1195 } 1196 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 1197 error = zfs_fill_zplprops_root(version, rootprops, 1198 zplprops, NULL); 1199 if (error) 1200 goto pool_props_bad; 1201 } 1202 1203 buf = history_str_get(zc); 1204 1205 error = spa_create(zc->zc_name, config, props, buf, zplprops); 1206 1207 /* 1208 * Set the remaining root properties 1209 */ 1210 if (!error && (error = zfs_set_prop_nvlist(zc->zc_name, 1211 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0) 1212 (void) spa_destroy(zc->zc_name); 1213 1214 if (buf != NULL) 1215 history_str_free(buf); 1216 1217 pool_props_bad: 1218 nvlist_free(rootprops); 1219 nvlist_free(zplprops); 1220 nvlist_free(config); 1221 nvlist_free(props); 1222 1223 return (error); 1224 } 1225 1226 static int 1227 zfs_ioc_pool_destroy(zfs_cmd_t *zc) 1228 { 1229 int error; 1230 zfs_log_history(zc); 1231 error = spa_destroy(zc->zc_name); 1232 if (error == 0) 1233 zvol_remove_minors(zc->zc_name); 1234 return (error); 1235 } 1236 1237 static int 1238 zfs_ioc_pool_import(zfs_cmd_t *zc) 1239 { 1240 nvlist_t *config, *props = NULL; 1241 uint64_t guid; 1242 int error; 1243 1244 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1245 zc->zc_iflags, &config)) != 0) 1246 return (error); 1247 1248 if (zc->zc_nvlist_src_size != 0 && (error = 1249 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1250 zc->zc_iflags, &props))) { 1251 nvlist_free(config); 1252 return (error); 1253 } 1254 1255 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 || 1256 guid != zc->zc_guid) 1257 error = EINVAL; 1258 else 1259 error = spa_import(zc->zc_name, config, props, zc->zc_cookie); 1260 1261 if (zc->zc_nvlist_dst != 0) { 1262 int err; 1263 1264 if ((err = put_nvlist(zc, config)) != 0) 1265 error = err; 1266 } 1267 1268 nvlist_free(config); 1269 1270 if (props) 1271 nvlist_free(props); 1272 1273 return (error); 1274 } 1275 1276 static int 1277 zfs_ioc_pool_export(zfs_cmd_t *zc) 1278 { 1279 int error; 1280 boolean_t force = (boolean_t)zc->zc_cookie; 1281 boolean_t hardforce = (boolean_t)zc->zc_guid; 1282 1283 zfs_log_history(zc); 1284 error = spa_export(zc->zc_name, NULL, force, hardforce); 1285 if (error == 0) 1286 zvol_remove_minors(zc->zc_name); 1287 return (error); 1288 } 1289 1290 static int 1291 zfs_ioc_pool_configs(zfs_cmd_t *zc) 1292 { 1293 nvlist_t *configs; 1294 int error; 1295 1296 if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL) 1297 return (EEXIST); 1298 1299 error = put_nvlist(zc, configs); 1300 1301 nvlist_free(configs); 1302 1303 return (error); 1304 } 1305 1306 static int 1307 zfs_ioc_pool_stats(zfs_cmd_t *zc) 1308 { 1309 nvlist_t *config; 1310 int error; 1311 int ret = 0; 1312 1313 error = spa_get_stats(zc->zc_name, &config, zc->zc_value, 1314 sizeof (zc->zc_value)); 1315 1316 if (config != NULL) { 1317 ret = put_nvlist(zc, config); 1318 nvlist_free(config); 1319 1320 /* 1321 * The config may be present even if 'error' is non-zero. 1322 * In this case we return success, and preserve the real errno 1323 * in 'zc_cookie'. 1324 */ 1325 zc->zc_cookie = error; 1326 } else { 1327 ret = error; 1328 } 1329 1330 return (ret); 1331 } 1332 1333 /* 1334 * Try to import the given pool, returning pool stats as appropriate so that 1335 * user land knows which devices are available and overall pool health. 1336 */ 1337 static int 1338 zfs_ioc_pool_tryimport(zfs_cmd_t *zc) 1339 { 1340 nvlist_t *tryconfig, *config; 1341 int error; 1342 1343 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1344 zc->zc_iflags, &tryconfig)) != 0) 1345 return (error); 1346 1347 config = spa_tryimport(tryconfig); 1348 1349 nvlist_free(tryconfig); 1350 1351 if (config == NULL) 1352 return (EINVAL); 1353 1354 error = put_nvlist(zc, config); 1355 nvlist_free(config); 1356 1357 return (error); 1358 } 1359 1360 /* 1361 * inputs: 1362 * zc_name name of the pool 1363 * zc_cookie scan func (pool_scan_func_t) 1364 */ 1365 static int 1366 zfs_ioc_pool_scan(zfs_cmd_t *zc) 1367 { 1368 spa_t *spa; 1369 int error; 1370 1371 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1372 return (error); 1373 1374 if (zc->zc_cookie == POOL_SCAN_NONE) 1375 error = spa_scan_stop(spa); 1376 else 1377 error = spa_scan(spa, zc->zc_cookie); 1378 1379 spa_close(spa, FTAG); 1380 1381 return (error); 1382 } 1383 1384 static int 1385 zfs_ioc_pool_freeze(zfs_cmd_t *zc) 1386 { 1387 spa_t *spa; 1388 int error; 1389 1390 error = spa_open(zc->zc_name, &spa, FTAG); 1391 if (error == 0) { 1392 spa_freeze(spa); 1393 spa_close(spa, FTAG); 1394 } 1395 return (error); 1396 } 1397 1398 static int 1399 zfs_ioc_pool_upgrade(zfs_cmd_t *zc) 1400 { 1401 spa_t *spa; 1402 int error; 1403 1404 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1405 return (error); 1406 1407 if (zc->zc_cookie < spa_version(spa) || zc->zc_cookie > SPA_VERSION) { 1408 spa_close(spa, FTAG); 1409 return (EINVAL); 1410 } 1411 1412 spa_upgrade(spa, zc->zc_cookie); 1413 spa_close(spa, FTAG); 1414 1415 return (error); 1416 } 1417 1418 static int 1419 zfs_ioc_pool_get_history(zfs_cmd_t *zc) 1420 { 1421 spa_t *spa; 1422 char *hist_buf; 1423 uint64_t size; 1424 int error; 1425 1426 if ((size = zc->zc_history_len) == 0) 1427 return (EINVAL); 1428 1429 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1430 return (error); 1431 1432 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) { 1433 spa_close(spa, FTAG); 1434 return (ENOTSUP); 1435 } 1436 1437 hist_buf = kmem_alloc(size, KM_SLEEP); 1438 if ((error = spa_history_get(spa, &zc->zc_history_offset, 1439 &zc->zc_history_len, hist_buf)) == 0) { 1440 error = ddi_copyout(hist_buf, 1441 (void *)(uintptr_t)zc->zc_history, 1442 zc->zc_history_len, zc->zc_iflags); 1443 } 1444 1445 spa_close(spa, FTAG); 1446 kmem_free(hist_buf, size); 1447 return (error); 1448 } 1449 1450 static int 1451 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc) 1452 { 1453 int error; 1454 1455 if (error = dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value)) 1456 return (error); 1457 1458 return (0); 1459 } 1460 1461 /* 1462 * inputs: 1463 * zc_name name of filesystem 1464 * zc_obj object to find 1465 * 1466 * outputs: 1467 * zc_value name of object 1468 */ 1469 static int 1470 zfs_ioc_obj_to_path(zfs_cmd_t *zc) 1471 { 1472 objset_t *os; 1473 int error; 1474 1475 /* XXX reading from objset not owned */ 1476 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0) 1477 return (error); 1478 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1479 dmu_objset_rele(os, FTAG); 1480 return (EINVAL); 1481 } 1482 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value, 1483 sizeof (zc->zc_value)); 1484 dmu_objset_rele(os, FTAG); 1485 1486 return (error); 1487 } 1488 1489 /* 1490 * inputs: 1491 * zc_name name of filesystem 1492 * zc_obj object to find 1493 * 1494 * outputs: 1495 * zc_stat stats on object 1496 * zc_value path to object 1497 */ 1498 static int 1499 zfs_ioc_obj_to_stats(zfs_cmd_t *zc) 1500 { 1501 objset_t *os; 1502 int error; 1503 1504 /* XXX reading from objset not owned */ 1505 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0) 1506 return (error); 1507 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1508 dmu_objset_rele(os, FTAG); 1509 return (EINVAL); 1510 } 1511 error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value, 1512 sizeof (zc->zc_value)); 1513 dmu_objset_rele(os, FTAG); 1514 1515 return (error); 1516 } 1517 1518 static int 1519 zfs_ioc_vdev_add(zfs_cmd_t *zc) 1520 { 1521 spa_t *spa; 1522 int error; 1523 nvlist_t *config, **l2cache, **spares; 1524 uint_t nl2cache = 0, nspares = 0; 1525 1526 error = spa_open(zc->zc_name, &spa, FTAG); 1527 if (error != 0) 1528 return (error); 1529 1530 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1531 zc->zc_iflags, &config); 1532 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_L2CACHE, 1533 &l2cache, &nl2cache); 1534 1535 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_SPARES, 1536 &spares, &nspares); 1537 1538 /* 1539 * A root pool with concatenated devices is not supported. 1540 * Thus, can not add a device to a root pool. 1541 * 1542 * Intent log device can not be added to a rootpool because 1543 * during mountroot, zil is replayed, a seperated log device 1544 * can not be accessed during the mountroot time. 1545 * 1546 * l2cache and spare devices are ok to be added to a rootpool. 1547 */ 1548 if (spa_bootfs(spa) != 0 && nl2cache == 0 && nspares == 0) { 1549 nvlist_free(config); 1550 spa_close(spa, FTAG); 1551 return (EDOM); 1552 } 1553 1554 if (error == 0) { 1555 error = spa_vdev_add(spa, config); 1556 nvlist_free(config); 1557 } 1558 spa_close(spa, FTAG); 1559 return (error); 1560 } 1561 1562 /* 1563 * inputs: 1564 * zc_name name of the pool 1565 * zc_nvlist_conf nvlist of devices to remove 1566 * zc_cookie to stop the remove? 1567 */ 1568 static int 1569 zfs_ioc_vdev_remove(zfs_cmd_t *zc) 1570 { 1571 spa_t *spa; 1572 int error; 1573 1574 error = spa_open(zc->zc_name, &spa, FTAG); 1575 if (error != 0) 1576 return (error); 1577 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE); 1578 spa_close(spa, FTAG); 1579 return (error); 1580 } 1581 1582 static int 1583 zfs_ioc_vdev_set_state(zfs_cmd_t *zc) 1584 { 1585 spa_t *spa; 1586 int error; 1587 vdev_state_t newstate = VDEV_STATE_UNKNOWN; 1588 1589 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1590 return (error); 1591 switch (zc->zc_cookie) { 1592 case VDEV_STATE_ONLINE: 1593 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate); 1594 break; 1595 1596 case VDEV_STATE_OFFLINE: 1597 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj); 1598 break; 1599 1600 case VDEV_STATE_FAULTED: 1601 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED && 1602 zc->zc_obj != VDEV_AUX_EXTERNAL) 1603 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED; 1604 1605 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj); 1606 break; 1607 1608 case VDEV_STATE_DEGRADED: 1609 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED && 1610 zc->zc_obj != VDEV_AUX_EXTERNAL) 1611 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED; 1612 1613 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj); 1614 break; 1615 1616 default: 1617 error = EINVAL; 1618 } 1619 zc->zc_cookie = newstate; 1620 spa_close(spa, FTAG); 1621 return (error); 1622 } 1623 1624 static int 1625 zfs_ioc_vdev_attach(zfs_cmd_t *zc) 1626 { 1627 spa_t *spa; 1628 int replacing = zc->zc_cookie; 1629 nvlist_t *config; 1630 int error; 1631 1632 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1633 return (error); 1634 1635 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1636 zc->zc_iflags, &config)) == 0) { 1637 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing); 1638 nvlist_free(config); 1639 } 1640 1641 spa_close(spa, FTAG); 1642 return (error); 1643 } 1644 1645 static int 1646 zfs_ioc_vdev_detach(zfs_cmd_t *zc) 1647 { 1648 spa_t *spa; 1649 int error; 1650 1651 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1652 return (error); 1653 1654 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE); 1655 1656 spa_close(spa, FTAG); 1657 return (error); 1658 } 1659 1660 static int 1661 zfs_ioc_vdev_split(zfs_cmd_t *zc) 1662 { 1663 spa_t *spa; 1664 nvlist_t *config, *props = NULL; 1665 int error; 1666 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT); 1667 1668 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1669 return (error); 1670 1671 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1672 zc->zc_iflags, &config)) { 1673 spa_close(spa, FTAG); 1674 return (error); 1675 } 1676 1677 if (zc->zc_nvlist_src_size != 0 && (error = 1678 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1679 zc->zc_iflags, &props))) { 1680 spa_close(spa, FTAG); 1681 nvlist_free(config); 1682 return (error); 1683 } 1684 1685 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp); 1686 1687 spa_close(spa, FTAG); 1688 1689 nvlist_free(config); 1690 nvlist_free(props); 1691 1692 return (error); 1693 } 1694 1695 static int 1696 zfs_ioc_vdev_setpath(zfs_cmd_t *zc) 1697 { 1698 spa_t *spa; 1699 char *path = zc->zc_value; 1700 uint64_t guid = zc->zc_guid; 1701 int error; 1702 1703 error = spa_open(zc->zc_name, &spa, FTAG); 1704 if (error != 0) 1705 return (error); 1706 1707 error = spa_vdev_setpath(spa, guid, path); 1708 spa_close(spa, FTAG); 1709 return (error); 1710 } 1711 1712 static int 1713 zfs_ioc_vdev_setfru(zfs_cmd_t *zc) 1714 { 1715 spa_t *spa; 1716 char *fru = zc->zc_value; 1717 uint64_t guid = zc->zc_guid; 1718 int error; 1719 1720 error = spa_open(zc->zc_name, &spa, FTAG); 1721 if (error != 0) 1722 return (error); 1723 1724 error = spa_vdev_setfru(spa, guid, fru); 1725 spa_close(spa, FTAG); 1726 return (error); 1727 } 1728 1729 static int 1730 zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os) 1731 { 1732 int error = 0; 1733 nvlist_t *nv; 1734 1735 dmu_objset_fast_stat(os, &zc->zc_objset_stats); 1736 1737 if (zc->zc_nvlist_dst != 0 && 1738 (error = dsl_prop_get_all(os, &nv)) == 0) { 1739 dmu_objset_stats(os, nv); 1740 /* 1741 * NB: zvol_get_stats() will read the objset contents, 1742 * which we aren't supposed to do with a 1743 * DS_MODE_USER hold, because it could be 1744 * inconsistent. So this is a bit of a workaround... 1745 * XXX reading with out owning 1746 */ 1747 if (!zc->zc_objset_stats.dds_inconsistent) { 1748 if (dmu_objset_type(os) == DMU_OST_ZVOL) 1749 VERIFY(zvol_get_stats(os, nv) == 0); 1750 } 1751 error = put_nvlist(zc, nv); 1752 nvlist_free(nv); 1753 } 1754 1755 return (error); 1756 } 1757 1758 /* 1759 * inputs: 1760 * zc_name name of filesystem 1761 * zc_nvlist_dst_size size of buffer for property nvlist 1762 * 1763 * outputs: 1764 * zc_objset_stats stats 1765 * zc_nvlist_dst property nvlist 1766 * zc_nvlist_dst_size size of property nvlist 1767 */ 1768 static int 1769 zfs_ioc_objset_stats(zfs_cmd_t *zc) 1770 { 1771 objset_t *os = NULL; 1772 int error; 1773 1774 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os)) 1775 return (error); 1776 1777 error = zfs_ioc_objset_stats_impl(zc, os); 1778 1779 dmu_objset_rele(os, FTAG); 1780 1781 return (error); 1782 } 1783 1784 /* 1785 * inputs: 1786 * zc_name name of filesystem 1787 * zc_nvlist_dst_size size of buffer for property nvlist 1788 * 1789 * outputs: 1790 * zc_nvlist_dst received property nvlist 1791 * zc_nvlist_dst_size size of received property nvlist 1792 * 1793 * Gets received properties (distinct from local properties on or after 1794 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from 1795 * local property values. 1796 */ 1797 static int 1798 zfs_ioc_objset_recvd_props(zfs_cmd_t *zc) 1799 { 1800 objset_t *os = NULL; 1801 int error; 1802 nvlist_t *nv; 1803 1804 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os)) 1805 return (error); 1806 1807 /* 1808 * Without this check, we would return local property values if the 1809 * caller has not already received properties on or after 1810 * SPA_VERSION_RECVD_PROPS. 1811 */ 1812 if (!dsl_prop_get_hasrecvd(os)) { 1813 dmu_objset_rele(os, FTAG); 1814 return (ENOTSUP); 1815 } 1816 1817 if (zc->zc_nvlist_dst != 0 && 1818 (error = dsl_prop_get_received(os, &nv)) == 0) { 1819 error = put_nvlist(zc, nv); 1820 nvlist_free(nv); 1821 } 1822 1823 dmu_objset_rele(os, FTAG); 1824 return (error); 1825 } 1826 1827 static int 1828 nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop) 1829 { 1830 uint64_t value; 1831 int error; 1832 1833 /* 1834 * zfs_get_zplprop() will either find a value or give us 1835 * the default value (if there is one). 1836 */ 1837 if ((error = zfs_get_zplprop(os, prop, &value)) != 0) 1838 return (error); 1839 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0); 1840 return (0); 1841 } 1842 1843 /* 1844 * inputs: 1845 * zc_name name of filesystem 1846 * zc_nvlist_dst_size size of buffer for zpl property nvlist 1847 * 1848 * outputs: 1849 * zc_nvlist_dst zpl property nvlist 1850 * zc_nvlist_dst_size size of zpl property nvlist 1851 */ 1852 static int 1853 zfs_ioc_objset_zplprops(zfs_cmd_t *zc) 1854 { 1855 objset_t *os; 1856 int err; 1857 1858 /* XXX reading without owning */ 1859 if (err = dmu_objset_hold(zc->zc_name, FTAG, &os)) 1860 return (err); 1861 1862 dmu_objset_fast_stat(os, &zc->zc_objset_stats); 1863 1864 /* 1865 * NB: nvl_add_zplprop() will read the objset contents, 1866 * which we aren't supposed to do with a DS_MODE_USER 1867 * hold, because it could be inconsistent. 1868 */ 1869 if (zc->zc_nvlist_dst != NULL && 1870 !zc->zc_objset_stats.dds_inconsistent && 1871 dmu_objset_type(os) == DMU_OST_ZFS) { 1872 nvlist_t *nv; 1873 1874 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0); 1875 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 && 1876 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 && 1877 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 && 1878 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0) 1879 err = put_nvlist(zc, nv); 1880 nvlist_free(nv); 1881 } else { 1882 err = ENOENT; 1883 } 1884 dmu_objset_rele(os, FTAG); 1885 return (err); 1886 } 1887 1888 static boolean_t 1889 dataset_name_hidden(const char *name) 1890 { 1891 /* 1892 * Skip over datasets that are not visible in this zone, 1893 * internal datasets (which have a $ in their name), and 1894 * temporary datasets (which have a % in their name). 1895 */ 1896 if (strchr(name, '$') != NULL) 1897 return (B_TRUE); 1898 if (strchr(name, '%') != NULL) 1899 return (B_TRUE); 1900 if (!INGLOBALZONE(curproc) && !zone_dataset_visible(name, NULL)) 1901 return (B_TRUE); 1902 return (B_FALSE); 1903 } 1904 1905 /* 1906 * inputs: 1907 * zc_name name of filesystem 1908 * zc_cookie zap cursor 1909 * zc_nvlist_dst_size size of buffer for property nvlist 1910 * 1911 * outputs: 1912 * zc_name name of next filesystem 1913 * zc_cookie zap cursor 1914 * zc_objset_stats stats 1915 * zc_nvlist_dst property nvlist 1916 * zc_nvlist_dst_size size of property nvlist 1917 */ 1918 static int 1919 zfs_ioc_dataset_list_next(zfs_cmd_t *zc) 1920 { 1921 objset_t *os; 1922 int error; 1923 char *p; 1924 size_t orig_len = strlen(zc->zc_name); 1925 1926 top: 1927 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os)) { 1928 if (error == ENOENT) 1929 error = ESRCH; 1930 return (error); 1931 } 1932 1933 p = strrchr(zc->zc_name, '/'); 1934 if (p == NULL || p[1] != '\0') 1935 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name)); 1936 p = zc->zc_name + strlen(zc->zc_name); 1937 1938 /* 1939 * Pre-fetch the datasets. dmu_objset_prefetch() always returns 0 1940 * but is not declared void because its called by dmu_objset_find(). 1941 */ 1942 if (zc->zc_cookie == 0) { 1943 uint64_t cookie = 0; 1944 int len = sizeof (zc->zc_name) - (p - zc->zc_name); 1945 1946 while (dmu_dir_list_next(os, len, p, NULL, &cookie) == 0) 1947 (void) dmu_objset_prefetch(p, NULL); 1948 } 1949 1950 do { 1951 error = dmu_dir_list_next(os, 1952 sizeof (zc->zc_name) - (p - zc->zc_name), p, 1953 NULL, &zc->zc_cookie); 1954 if (error == ENOENT) 1955 error = ESRCH; 1956 } while (error == 0 && dataset_name_hidden(zc->zc_name) && 1957 !(zc->zc_iflags & FKIOCTL)); 1958 dmu_objset_rele(os, FTAG); 1959 1960 /* 1961 * If it's an internal dataset (ie. with a '$' in its name), 1962 * don't try to get stats for it, otherwise we'll return ENOENT. 1963 */ 1964 if (error == 0 && strchr(zc->zc_name, '$') == NULL) { 1965 error = zfs_ioc_objset_stats(zc); /* fill in the stats */ 1966 if (error == ENOENT) { 1967 /* We lost a race with destroy, get the next one. */ 1968 zc->zc_name[orig_len] = '\0'; 1969 goto top; 1970 } 1971 } 1972 return (error); 1973 } 1974 1975 /* 1976 * inputs: 1977 * zc_name name of filesystem 1978 * zc_cookie zap cursor 1979 * zc_nvlist_dst_size size of buffer for property nvlist 1980 * 1981 * outputs: 1982 * zc_name name of next snapshot 1983 * zc_objset_stats stats 1984 * zc_nvlist_dst property nvlist 1985 * zc_nvlist_dst_size size of property nvlist 1986 */ 1987 static int 1988 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc) 1989 { 1990 objset_t *os; 1991 int error; 1992 1993 top: 1994 if (zc->zc_cookie == 0) 1995 (void) dmu_objset_find(zc->zc_name, dmu_objset_prefetch, 1996 NULL, DS_FIND_SNAPSHOTS); 1997 1998 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 1999 if (error) 2000 return (error == ENOENT ? ESRCH : error); 2001 2002 /* 2003 * A dataset name of maximum length cannot have any snapshots, 2004 * so exit immediately. 2005 */ 2006 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >= MAXNAMELEN) { 2007 dmu_objset_rele(os, FTAG); 2008 return (ESRCH); 2009 } 2010 2011 error = dmu_snapshot_list_next(os, 2012 sizeof (zc->zc_name) - strlen(zc->zc_name), 2013 zc->zc_name + strlen(zc->zc_name), &zc->zc_obj, &zc->zc_cookie, 2014 NULL); 2015 2016 if (error == 0) { 2017 dsl_dataset_t *ds; 2018 dsl_pool_t *dp = os->os_dsl_dataset->ds_dir->dd_pool; 2019 2020 /* 2021 * Since we probably don't have a hold on this snapshot, 2022 * it's possible that the objsetid could have been destroyed 2023 * and reused for a new objset. It's OK if this happens during 2024 * a zfs send operation, since the new createtxg will be 2025 * beyond the range we're interested in. 2026 */ 2027 rw_enter(&dp->dp_config_rwlock, RW_READER); 2028 error = dsl_dataset_hold_obj(dp, zc->zc_obj, FTAG, &ds); 2029 rw_exit(&dp->dp_config_rwlock); 2030 if (error) { 2031 if (error == ENOENT) { 2032 /* Racing with destroy, get the next one. */ 2033 *strchr(zc->zc_name, '@') = '\0'; 2034 dmu_objset_rele(os, FTAG); 2035 goto top; 2036 } 2037 } else { 2038 objset_t *ossnap; 2039 2040 error = dmu_objset_from_ds(ds, &ossnap); 2041 if (error == 0) 2042 error = zfs_ioc_objset_stats_impl(zc, ossnap); 2043 dsl_dataset_rele(ds, FTAG); 2044 } 2045 } else if (error == ENOENT) { 2046 error = ESRCH; 2047 } 2048 2049 dmu_objset_rele(os, FTAG); 2050 /* if we failed, undo the @ that we tacked on to zc_name */ 2051 if (error) 2052 *strchr(zc->zc_name, '@') = '\0'; 2053 return (error); 2054 } 2055 2056 static int 2057 zfs_prop_set_userquota(const char *dsname, nvpair_t *pair) 2058 { 2059 const char *propname = nvpair_name(pair); 2060 uint64_t *valary; 2061 unsigned int vallen; 2062 const char *domain; 2063 char *dash; 2064 zfs_userquota_prop_t type; 2065 uint64_t rid; 2066 uint64_t quota; 2067 zfsvfs_t *zfsvfs; 2068 int err; 2069 2070 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2071 nvlist_t *attrs; 2072 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 2073 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2074 &pair) != 0) 2075 return (EINVAL); 2076 } 2077 2078 /* 2079 * A correctly constructed propname is encoded as 2080 * userquota@<rid>-<domain>. 2081 */ 2082 if ((dash = strchr(propname, '-')) == NULL || 2083 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 || 2084 vallen != 3) 2085 return (EINVAL); 2086 2087 domain = dash + 1; 2088 type = valary[0]; 2089 rid = valary[1]; 2090 quota = valary[2]; 2091 2092 err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE); 2093 if (err == 0) { 2094 err = zfs_set_userquota(zfsvfs, type, domain, rid, quota); 2095 zfsvfs_rele(zfsvfs, FTAG); 2096 } 2097 2098 return (err); 2099 } 2100 2101 /* 2102 * If the named property is one that has a special function to set its value, 2103 * return 0 on success and a positive error code on failure; otherwise if it is 2104 * not one of the special properties handled by this function, return -1. 2105 * 2106 * XXX: It would be better for callers of the property interface if we handled 2107 * these special cases in dsl_prop.c (in the dsl layer). 2108 */ 2109 static int 2110 zfs_prop_set_special(const char *dsname, zprop_source_t source, 2111 nvpair_t *pair) 2112 { 2113 const char *propname = nvpair_name(pair); 2114 zfs_prop_t prop = zfs_name_to_prop(propname); 2115 uint64_t intval; 2116 int err; 2117 2118 if (prop == ZPROP_INVAL) { 2119 if (zfs_prop_userquota(propname)) 2120 return (zfs_prop_set_userquota(dsname, pair)); 2121 return (-1); 2122 } 2123 2124 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2125 nvlist_t *attrs; 2126 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 2127 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2128 &pair) == 0); 2129 } 2130 2131 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING) 2132 return (-1); 2133 2134 VERIFY(0 == nvpair_value_uint64(pair, &intval)); 2135 2136 switch (prop) { 2137 case ZFS_PROP_QUOTA: 2138 err = dsl_dir_set_quota(dsname, source, intval); 2139 break; 2140 case ZFS_PROP_REFQUOTA: 2141 err = dsl_dataset_set_quota(dsname, source, intval); 2142 break; 2143 case ZFS_PROP_RESERVATION: 2144 err = dsl_dir_set_reservation(dsname, source, intval); 2145 break; 2146 case ZFS_PROP_REFRESERVATION: 2147 err = dsl_dataset_set_reservation(dsname, source, intval); 2148 break; 2149 case ZFS_PROP_VOLSIZE: 2150 err = zvol_set_volsize(dsname, ddi_driver_major(zfs_dip), 2151 intval); 2152 break; 2153 case ZFS_PROP_VERSION: 2154 { 2155 zfsvfs_t *zfsvfs; 2156 2157 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0) 2158 break; 2159 2160 err = zfs_set_version(zfsvfs, intval); 2161 zfsvfs_rele(zfsvfs, FTAG); 2162 2163 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) { 2164 zfs_cmd_t *zc; 2165 2166 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP); 2167 (void) strcpy(zc->zc_name, dsname); 2168 (void) zfs_ioc_userspace_upgrade(zc); 2169 kmem_free(zc, sizeof (zfs_cmd_t)); 2170 } 2171 break; 2172 } 2173 2174 default: 2175 err = -1; 2176 } 2177 2178 return (err); 2179 } 2180 2181 /* 2182 * This function is best effort. If it fails to set any of the given properties, 2183 * it continues to set as many as it can and returns the first error 2184 * encountered. If the caller provides a non-NULL errlist, it also gives the 2185 * complete list of names of all the properties it failed to set along with the 2186 * corresponding error numbers. The caller is responsible for freeing the 2187 * returned errlist. 2188 * 2189 * If every property is set successfully, zero is returned and the list pointed 2190 * at by errlist is NULL. 2191 */ 2192 int 2193 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl, 2194 nvlist_t **errlist) 2195 { 2196 nvpair_t *pair; 2197 nvpair_t *propval; 2198 int rv = 0; 2199 uint64_t intval; 2200 char *strval; 2201 nvlist_t *genericnvl; 2202 nvlist_t *errors; 2203 nvlist_t *retrynvl; 2204 2205 VERIFY(nvlist_alloc(&genericnvl, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2206 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2207 VERIFY(nvlist_alloc(&retrynvl, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2208 2209 retry: 2210 pair = NULL; 2211 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) { 2212 const char *propname = nvpair_name(pair); 2213 zfs_prop_t prop = zfs_name_to_prop(propname); 2214 int err = 0; 2215 2216 /* decode the property value */ 2217 propval = pair; 2218 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2219 nvlist_t *attrs; 2220 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 2221 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2222 &propval) != 0) 2223 err = EINVAL; 2224 } 2225 2226 /* Validate value type */ 2227 if (err == 0 && prop == ZPROP_INVAL) { 2228 if (zfs_prop_user(propname)) { 2229 if (nvpair_type(propval) != DATA_TYPE_STRING) 2230 err = EINVAL; 2231 } else if (zfs_prop_userquota(propname)) { 2232 if (nvpair_type(propval) != 2233 DATA_TYPE_UINT64_ARRAY) 2234 err = EINVAL; 2235 } 2236 } else if (err == 0) { 2237 if (nvpair_type(propval) == DATA_TYPE_STRING) { 2238 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING) 2239 err = EINVAL; 2240 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) { 2241 const char *unused; 2242 2243 VERIFY(nvpair_value_uint64(propval, 2244 &intval) == 0); 2245 2246 switch (zfs_prop_get_type(prop)) { 2247 case PROP_TYPE_NUMBER: 2248 break; 2249 case PROP_TYPE_STRING: 2250 err = EINVAL; 2251 break; 2252 case PROP_TYPE_INDEX: 2253 if (zfs_prop_index_to_string(prop, 2254 intval, &unused) != 0) 2255 err = EINVAL; 2256 break; 2257 default: 2258 cmn_err(CE_PANIC, 2259 "unknown property type"); 2260 } 2261 } else { 2262 err = EINVAL; 2263 } 2264 } 2265 2266 /* Validate permissions */ 2267 if (err == 0) 2268 err = zfs_check_settable(dsname, pair, CRED()); 2269 2270 if (err == 0) { 2271 err = zfs_prop_set_special(dsname, source, pair); 2272 if (err == -1) { 2273 /* 2274 * For better performance we build up a list of 2275 * properties to set in a single transaction. 2276 */ 2277 err = nvlist_add_nvpair(genericnvl, pair); 2278 } else if (err != 0 && nvl != retrynvl) { 2279 /* 2280 * This may be a spurious error caused by 2281 * receiving quota and reservation out of order. 2282 * Try again in a second pass. 2283 */ 2284 err = nvlist_add_nvpair(retrynvl, pair); 2285 } 2286 } 2287 2288 if (err != 0) 2289 VERIFY(nvlist_add_int32(errors, propname, err) == 0); 2290 } 2291 2292 if (nvl != retrynvl && !nvlist_empty(retrynvl)) { 2293 nvl = retrynvl; 2294 goto retry; 2295 } 2296 2297 if (!nvlist_empty(genericnvl) && 2298 dsl_props_set(dsname, source, genericnvl) != 0) { 2299 /* 2300 * If this fails, we still want to set as many properties as we 2301 * can, so try setting them individually. 2302 */ 2303 pair = NULL; 2304 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) { 2305 const char *propname = nvpair_name(pair); 2306 int err = 0; 2307 2308 propval = pair; 2309 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2310 nvlist_t *attrs; 2311 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 2312 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2313 &propval) == 0); 2314 } 2315 2316 if (nvpair_type(propval) == DATA_TYPE_STRING) { 2317 VERIFY(nvpair_value_string(propval, 2318 &strval) == 0); 2319 err = dsl_prop_set(dsname, propname, source, 1, 2320 strlen(strval) + 1, strval); 2321 } else { 2322 VERIFY(nvpair_value_uint64(propval, 2323 &intval) == 0); 2324 err = dsl_prop_set(dsname, propname, source, 8, 2325 1, &intval); 2326 } 2327 2328 if (err != 0) { 2329 VERIFY(nvlist_add_int32(errors, propname, 2330 err) == 0); 2331 } 2332 } 2333 } 2334 nvlist_free(genericnvl); 2335 nvlist_free(retrynvl); 2336 2337 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) { 2338 nvlist_free(errors); 2339 errors = NULL; 2340 } else { 2341 VERIFY(nvpair_value_int32(pair, &rv) == 0); 2342 } 2343 2344 if (errlist == NULL) 2345 nvlist_free(errors); 2346 else 2347 *errlist = errors; 2348 2349 return (rv); 2350 } 2351 2352 /* 2353 * Check that all the properties are valid user properties. 2354 */ 2355 static int 2356 zfs_check_userprops(char *fsname, nvlist_t *nvl) 2357 { 2358 nvpair_t *pair = NULL; 2359 int error = 0; 2360 2361 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) { 2362 const char *propname = nvpair_name(pair); 2363 char *valstr; 2364 2365 if (!zfs_prop_user(propname) || 2366 nvpair_type(pair) != DATA_TYPE_STRING) 2367 return (EINVAL); 2368 2369 if (error = zfs_secpolicy_write_perms(fsname, 2370 ZFS_DELEG_PERM_USERPROP, CRED())) 2371 return (error); 2372 2373 if (strlen(propname) >= ZAP_MAXNAMELEN) 2374 return (ENAMETOOLONG); 2375 2376 VERIFY(nvpair_value_string(pair, &valstr) == 0); 2377 if (strlen(valstr) >= ZAP_MAXVALUELEN) 2378 return (E2BIG); 2379 } 2380 return (0); 2381 } 2382 2383 static void 2384 props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops) 2385 { 2386 nvpair_t *pair; 2387 2388 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2389 2390 pair = NULL; 2391 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) { 2392 if (nvlist_exists(skipped, nvpair_name(pair))) 2393 continue; 2394 2395 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0); 2396 } 2397 } 2398 2399 static int 2400 clear_received_props(objset_t *os, const char *fs, nvlist_t *props, 2401 nvlist_t *skipped) 2402 { 2403 int err = 0; 2404 nvlist_t *cleared_props = NULL; 2405 props_skip(props, skipped, &cleared_props); 2406 if (!nvlist_empty(cleared_props)) { 2407 /* 2408 * Acts on local properties until the dataset has received 2409 * properties at least once on or after SPA_VERSION_RECVD_PROPS. 2410 */ 2411 zprop_source_t flags = (ZPROP_SRC_NONE | 2412 (dsl_prop_get_hasrecvd(os) ? ZPROP_SRC_RECEIVED : 0)); 2413 err = zfs_set_prop_nvlist(fs, flags, cleared_props, NULL); 2414 } 2415 nvlist_free(cleared_props); 2416 return (err); 2417 } 2418 2419 /* 2420 * inputs: 2421 * zc_name name of filesystem 2422 * zc_value name of property to set 2423 * zc_nvlist_src{_size} nvlist of properties to apply 2424 * zc_cookie received properties flag 2425 * 2426 * outputs: 2427 * zc_nvlist_dst{_size} error for each unapplied received property 2428 */ 2429 static int 2430 zfs_ioc_set_prop(zfs_cmd_t *zc) 2431 { 2432 nvlist_t *nvl; 2433 boolean_t received = zc->zc_cookie; 2434 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED : 2435 ZPROP_SRC_LOCAL); 2436 nvlist_t *errors = NULL; 2437 int error; 2438 2439 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2440 zc->zc_iflags, &nvl)) != 0) 2441 return (error); 2442 2443 if (received) { 2444 nvlist_t *origprops; 2445 objset_t *os; 2446 2447 if (dmu_objset_hold(zc->zc_name, FTAG, &os) == 0) { 2448 if (dsl_prop_get_received(os, &origprops) == 0) { 2449 (void) clear_received_props(os, 2450 zc->zc_name, origprops, nvl); 2451 nvlist_free(origprops); 2452 } 2453 2454 dsl_prop_set_hasrecvd(os); 2455 dmu_objset_rele(os, FTAG); 2456 } 2457 } 2458 2459 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, &errors); 2460 2461 if (zc->zc_nvlist_dst != NULL && errors != NULL) { 2462 (void) put_nvlist(zc, errors); 2463 } 2464 2465 nvlist_free(errors); 2466 nvlist_free(nvl); 2467 return (error); 2468 } 2469 2470 /* 2471 * inputs: 2472 * zc_name name of filesystem 2473 * zc_value name of property to inherit 2474 * zc_cookie revert to received value if TRUE 2475 * 2476 * outputs: none 2477 */ 2478 static int 2479 zfs_ioc_inherit_prop(zfs_cmd_t *zc) 2480 { 2481 const char *propname = zc->zc_value; 2482 zfs_prop_t prop = zfs_name_to_prop(propname); 2483 boolean_t received = zc->zc_cookie; 2484 zprop_source_t source = (received 2485 ? ZPROP_SRC_NONE /* revert to received value, if any */ 2486 : ZPROP_SRC_INHERITED); /* explicitly inherit */ 2487 2488 if (received) { 2489 nvlist_t *dummy; 2490 nvpair_t *pair; 2491 zprop_type_t type; 2492 int err; 2493 2494 /* 2495 * zfs_prop_set_special() expects properties in the form of an 2496 * nvpair with type info. 2497 */ 2498 if (prop == ZPROP_INVAL) { 2499 if (!zfs_prop_user(propname)) 2500 return (EINVAL); 2501 2502 type = PROP_TYPE_STRING; 2503 } else if (prop == ZFS_PROP_VOLSIZE || 2504 prop == ZFS_PROP_VERSION) { 2505 return (EINVAL); 2506 } else { 2507 type = zfs_prop_get_type(prop); 2508 } 2509 2510 VERIFY(nvlist_alloc(&dummy, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2511 2512 switch (type) { 2513 case PROP_TYPE_STRING: 2514 VERIFY(0 == nvlist_add_string(dummy, propname, "")); 2515 break; 2516 case PROP_TYPE_NUMBER: 2517 case PROP_TYPE_INDEX: 2518 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0)); 2519 break; 2520 default: 2521 nvlist_free(dummy); 2522 return (EINVAL); 2523 } 2524 2525 pair = nvlist_next_nvpair(dummy, NULL); 2526 err = zfs_prop_set_special(zc->zc_name, source, pair); 2527 nvlist_free(dummy); 2528 if (err != -1) 2529 return (err); /* special property already handled */ 2530 } else { 2531 /* 2532 * Only check this in the non-received case. We want to allow 2533 * 'inherit -S' to revert non-inheritable properties like quota 2534 * and reservation to the received or default values even though 2535 * they are not considered inheritable. 2536 */ 2537 if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop)) 2538 return (EINVAL); 2539 } 2540 2541 /* the property name has been validated by zfs_secpolicy_inherit() */ 2542 return (dsl_prop_set(zc->zc_name, zc->zc_value, source, 0, 0, NULL)); 2543 } 2544 2545 static int 2546 zfs_ioc_pool_set_props(zfs_cmd_t *zc) 2547 { 2548 nvlist_t *props; 2549 spa_t *spa; 2550 int error; 2551 nvpair_t *pair; 2552 2553 if (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2554 zc->zc_iflags, &props)) 2555 return (error); 2556 2557 /* 2558 * If the only property is the configfile, then just do a spa_lookup() 2559 * to handle the faulted case. 2560 */ 2561 pair = nvlist_next_nvpair(props, NULL); 2562 if (pair != NULL && strcmp(nvpair_name(pair), 2563 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 && 2564 nvlist_next_nvpair(props, pair) == NULL) { 2565 mutex_enter(&spa_namespace_lock); 2566 if ((spa = spa_lookup(zc->zc_name)) != NULL) { 2567 spa_configfile_set(spa, props, B_FALSE); 2568 spa_config_sync(spa, B_FALSE, B_TRUE); 2569 } 2570 mutex_exit(&spa_namespace_lock); 2571 if (spa != NULL) { 2572 nvlist_free(props); 2573 return (0); 2574 } 2575 } 2576 2577 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) { 2578 nvlist_free(props); 2579 return (error); 2580 } 2581 2582 error = spa_prop_set(spa, props); 2583 2584 nvlist_free(props); 2585 spa_close(spa, FTAG); 2586 2587 return (error); 2588 } 2589 2590 static int 2591 zfs_ioc_pool_get_props(zfs_cmd_t *zc) 2592 { 2593 spa_t *spa; 2594 int error; 2595 nvlist_t *nvp = NULL; 2596 2597 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) { 2598 /* 2599 * If the pool is faulted, there may be properties we can still 2600 * get (such as altroot and cachefile), so attempt to get them 2601 * anyway. 2602 */ 2603 mutex_enter(&spa_namespace_lock); 2604 if ((spa = spa_lookup(zc->zc_name)) != NULL) 2605 error = spa_prop_get(spa, &nvp); 2606 mutex_exit(&spa_namespace_lock); 2607 } else { 2608 error = spa_prop_get(spa, &nvp); 2609 spa_close(spa, FTAG); 2610 } 2611 2612 if (error == 0 && zc->zc_nvlist_dst != NULL) 2613 error = put_nvlist(zc, nvp); 2614 else 2615 error = EFAULT; 2616 2617 nvlist_free(nvp); 2618 return (error); 2619 } 2620 2621 /* 2622 * inputs: 2623 * zc_name name of filesystem 2624 * zc_nvlist_src{_size} nvlist of delegated permissions 2625 * zc_perm_action allow/unallow flag 2626 * 2627 * outputs: none 2628 */ 2629 static int 2630 zfs_ioc_set_fsacl(zfs_cmd_t *zc) 2631 { 2632 int error; 2633 nvlist_t *fsaclnv = NULL; 2634 2635 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2636 zc->zc_iflags, &fsaclnv)) != 0) 2637 return (error); 2638 2639 /* 2640 * Verify nvlist is constructed correctly 2641 */ 2642 if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) { 2643 nvlist_free(fsaclnv); 2644 return (EINVAL); 2645 } 2646 2647 /* 2648 * If we don't have PRIV_SYS_MOUNT, then validate 2649 * that user is allowed to hand out each permission in 2650 * the nvlist(s) 2651 */ 2652 2653 error = secpolicy_zfs(CRED()); 2654 if (error) { 2655 if (zc->zc_perm_action == B_FALSE) { 2656 error = dsl_deleg_can_allow(zc->zc_name, 2657 fsaclnv, CRED()); 2658 } else { 2659 error = dsl_deleg_can_unallow(zc->zc_name, 2660 fsaclnv, CRED()); 2661 } 2662 } 2663 2664 if (error == 0) 2665 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action); 2666 2667 nvlist_free(fsaclnv); 2668 return (error); 2669 } 2670 2671 /* 2672 * inputs: 2673 * zc_name name of filesystem 2674 * 2675 * outputs: 2676 * zc_nvlist_src{_size} nvlist of delegated permissions 2677 */ 2678 static int 2679 zfs_ioc_get_fsacl(zfs_cmd_t *zc) 2680 { 2681 nvlist_t *nvp; 2682 int error; 2683 2684 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) { 2685 error = put_nvlist(zc, nvp); 2686 nvlist_free(nvp); 2687 } 2688 2689 return (error); 2690 } 2691 2692 /* 2693 * Search the vfs list for a specified resource. Returns a pointer to it 2694 * or NULL if no suitable entry is found. The caller of this routine 2695 * is responsible for releasing the returned vfs pointer. 2696 */ 2697 static vfs_t * 2698 zfs_get_vfs(const char *resource) 2699 { 2700 struct vfs *vfsp; 2701 struct vfs *vfs_found = NULL; 2702 2703 vfs_list_read_lock(); 2704 vfsp = rootvfs; 2705 do { 2706 if (strcmp(refstr_value(vfsp->vfs_resource), resource) == 0) { 2707 VFS_HOLD(vfsp); 2708 vfs_found = vfsp; 2709 break; 2710 } 2711 vfsp = vfsp->vfs_next; 2712 } while (vfsp != rootvfs); 2713 vfs_list_unlock(); 2714 return (vfs_found); 2715 } 2716 2717 /* ARGSUSED */ 2718 static void 2719 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx) 2720 { 2721 zfs_creat_t *zct = arg; 2722 2723 zfs_create_fs(os, cr, zct->zct_zplprops, tx); 2724 } 2725 2726 #define ZFS_PROP_UNDEFINED ((uint64_t)-1) 2727 2728 /* 2729 * inputs: 2730 * createprops list of properties requested by creator 2731 * default_zplver zpl version to use if unspecified in createprops 2732 * fuids_ok fuids allowed in this version of the spa? 2733 * os parent objset pointer (NULL if root fs) 2734 * 2735 * outputs: 2736 * zplprops values for the zplprops we attach to the master node object 2737 * is_ci true if requested file system will be purely case-insensitive 2738 * 2739 * Determine the settings for utf8only, normalization and 2740 * casesensitivity. Specific values may have been requested by the 2741 * creator and/or we can inherit values from the parent dataset. If 2742 * the file system is of too early a vintage, a creator can not 2743 * request settings for these properties, even if the requested 2744 * setting is the default value. We don't actually want to create dsl 2745 * properties for these, so remove them from the source nvlist after 2746 * processing. 2747 */ 2748 static int 2749 zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver, 2750 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops, 2751 nvlist_t *zplprops, boolean_t *is_ci) 2752 { 2753 uint64_t sense = ZFS_PROP_UNDEFINED; 2754 uint64_t norm = ZFS_PROP_UNDEFINED; 2755 uint64_t u8 = ZFS_PROP_UNDEFINED; 2756 2757 ASSERT(zplprops != NULL); 2758 2759 /* 2760 * Pull out creator prop choices, if any. 2761 */ 2762 if (createprops) { 2763 (void) nvlist_lookup_uint64(createprops, 2764 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver); 2765 (void) nvlist_lookup_uint64(createprops, 2766 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm); 2767 (void) nvlist_remove_all(createprops, 2768 zfs_prop_to_name(ZFS_PROP_NORMALIZE)); 2769 (void) nvlist_lookup_uint64(createprops, 2770 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8); 2771 (void) nvlist_remove_all(createprops, 2772 zfs_prop_to_name(ZFS_PROP_UTF8ONLY)); 2773 (void) nvlist_lookup_uint64(createprops, 2774 zfs_prop_to_name(ZFS_PROP_CASE), &sense); 2775 (void) nvlist_remove_all(createprops, 2776 zfs_prop_to_name(ZFS_PROP_CASE)); 2777 } 2778 2779 /* 2780 * If the zpl version requested is whacky or the file system 2781 * or pool is version is too "young" to support normalization 2782 * and the creator tried to set a value for one of the props, 2783 * error out. 2784 */ 2785 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) || 2786 (zplver >= ZPL_VERSION_FUID && !fuids_ok) || 2787 (zplver >= ZPL_VERSION_SA && !sa_ok) || 2788 (zplver < ZPL_VERSION_NORMALIZATION && 2789 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED || 2790 sense != ZFS_PROP_UNDEFINED))) 2791 return (ENOTSUP); 2792 2793 /* 2794 * Put the version in the zplprops 2795 */ 2796 VERIFY(nvlist_add_uint64(zplprops, 2797 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0); 2798 2799 if (norm == ZFS_PROP_UNDEFINED) 2800 VERIFY(zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm) == 0); 2801 VERIFY(nvlist_add_uint64(zplprops, 2802 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0); 2803 2804 /* 2805 * If we're normalizing, names must always be valid UTF-8 strings. 2806 */ 2807 if (norm) 2808 u8 = 1; 2809 if (u8 == ZFS_PROP_UNDEFINED) 2810 VERIFY(zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8) == 0); 2811 VERIFY(nvlist_add_uint64(zplprops, 2812 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0); 2813 2814 if (sense == ZFS_PROP_UNDEFINED) 2815 VERIFY(zfs_get_zplprop(os, ZFS_PROP_CASE, &sense) == 0); 2816 VERIFY(nvlist_add_uint64(zplprops, 2817 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0); 2818 2819 if (is_ci) 2820 *is_ci = (sense == ZFS_CASE_INSENSITIVE); 2821 2822 return (0); 2823 } 2824 2825 static int 2826 zfs_fill_zplprops(const char *dataset, nvlist_t *createprops, 2827 nvlist_t *zplprops, boolean_t *is_ci) 2828 { 2829 boolean_t fuids_ok, sa_ok; 2830 uint64_t zplver = ZPL_VERSION; 2831 objset_t *os = NULL; 2832 char parentname[MAXNAMELEN]; 2833 char *cp; 2834 spa_t *spa; 2835 uint64_t spa_vers; 2836 int error; 2837 2838 (void) strlcpy(parentname, dataset, sizeof (parentname)); 2839 cp = strrchr(parentname, '/'); 2840 ASSERT(cp != NULL); 2841 cp[0] = '\0'; 2842 2843 if ((error = spa_open(dataset, &spa, FTAG)) != 0) 2844 return (error); 2845 2846 spa_vers = spa_version(spa); 2847 spa_close(spa, FTAG); 2848 2849 zplver = zfs_zpl_version_map(spa_vers); 2850 fuids_ok = (zplver >= ZPL_VERSION_FUID); 2851 sa_ok = (zplver >= ZPL_VERSION_SA); 2852 2853 /* 2854 * Open parent object set so we can inherit zplprop values. 2855 */ 2856 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0) 2857 return (error); 2858 2859 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops, 2860 zplprops, is_ci); 2861 dmu_objset_rele(os, FTAG); 2862 return (error); 2863 } 2864 2865 static int 2866 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops, 2867 nvlist_t *zplprops, boolean_t *is_ci) 2868 { 2869 boolean_t fuids_ok; 2870 boolean_t sa_ok; 2871 uint64_t zplver = ZPL_VERSION; 2872 int error; 2873 2874 zplver = zfs_zpl_version_map(spa_vers); 2875 fuids_ok = (zplver >= ZPL_VERSION_FUID); 2876 sa_ok = (zplver >= ZPL_VERSION_SA); 2877 2878 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok, 2879 createprops, zplprops, is_ci); 2880 return (error); 2881 } 2882 2883 /* 2884 * inputs: 2885 * zc_objset_type type of objset to create (fs vs zvol) 2886 * zc_name name of new objset 2887 * zc_value name of snapshot to clone from (may be empty) 2888 * zc_nvlist_src{_size} nvlist of properties to apply 2889 * 2890 * outputs: none 2891 */ 2892 static int 2893 zfs_ioc_create(zfs_cmd_t *zc) 2894 { 2895 objset_t *clone; 2896 int error = 0; 2897 zfs_creat_t zct; 2898 nvlist_t *nvprops = NULL; 2899 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx); 2900 dmu_objset_type_t type = zc->zc_objset_type; 2901 2902 switch (type) { 2903 2904 case DMU_OST_ZFS: 2905 cbfunc = zfs_create_cb; 2906 break; 2907 2908 case DMU_OST_ZVOL: 2909 cbfunc = zvol_create_cb; 2910 break; 2911 2912 default: 2913 cbfunc = NULL; 2914 break; 2915 } 2916 if (strchr(zc->zc_name, '@') || 2917 strchr(zc->zc_name, '%')) 2918 return (EINVAL); 2919 2920 if (zc->zc_nvlist_src != NULL && 2921 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2922 zc->zc_iflags, &nvprops)) != 0) 2923 return (error); 2924 2925 zct.zct_zplprops = NULL; 2926 zct.zct_props = nvprops; 2927 2928 if (zc->zc_value[0] != '\0') { 2929 /* 2930 * We're creating a clone of an existing snapshot. 2931 */ 2932 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0'; 2933 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0) { 2934 nvlist_free(nvprops); 2935 return (EINVAL); 2936 } 2937 2938 error = dmu_objset_hold(zc->zc_value, FTAG, &clone); 2939 if (error) { 2940 nvlist_free(nvprops); 2941 return (error); 2942 } 2943 2944 error = dmu_objset_clone(zc->zc_name, dmu_objset_ds(clone), 0); 2945 dmu_objset_rele(clone, FTAG); 2946 if (error) { 2947 nvlist_free(nvprops); 2948 return (error); 2949 } 2950 } else { 2951 boolean_t is_insensitive = B_FALSE; 2952 2953 if (cbfunc == NULL) { 2954 nvlist_free(nvprops); 2955 return (EINVAL); 2956 } 2957 2958 if (type == DMU_OST_ZVOL) { 2959 uint64_t volsize, volblocksize; 2960 2961 if (nvprops == NULL || 2962 nvlist_lookup_uint64(nvprops, 2963 zfs_prop_to_name(ZFS_PROP_VOLSIZE), 2964 &volsize) != 0) { 2965 nvlist_free(nvprops); 2966 return (EINVAL); 2967 } 2968 2969 if ((error = nvlist_lookup_uint64(nvprops, 2970 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE), 2971 &volblocksize)) != 0 && error != ENOENT) { 2972 nvlist_free(nvprops); 2973 return (EINVAL); 2974 } 2975 2976 if (error != 0) 2977 volblocksize = zfs_prop_default_numeric( 2978 ZFS_PROP_VOLBLOCKSIZE); 2979 2980 if ((error = zvol_check_volblocksize( 2981 volblocksize)) != 0 || 2982 (error = zvol_check_volsize(volsize, 2983 volblocksize)) != 0) { 2984 nvlist_free(nvprops); 2985 return (error); 2986 } 2987 } else if (type == DMU_OST_ZFS) { 2988 int error; 2989 2990 /* 2991 * We have to have normalization and 2992 * case-folding flags correct when we do the 2993 * file system creation, so go figure them out 2994 * now. 2995 */ 2996 VERIFY(nvlist_alloc(&zct.zct_zplprops, 2997 NV_UNIQUE_NAME, KM_SLEEP) == 0); 2998 error = zfs_fill_zplprops(zc->zc_name, nvprops, 2999 zct.zct_zplprops, &is_insensitive); 3000 if (error != 0) { 3001 nvlist_free(nvprops); 3002 nvlist_free(zct.zct_zplprops); 3003 return (error); 3004 } 3005 } 3006 error = dmu_objset_create(zc->zc_name, type, 3007 is_insensitive ? DS_FLAG_CI_DATASET : 0, cbfunc, &zct); 3008 nvlist_free(zct.zct_zplprops); 3009 } 3010 3011 /* 3012 * It would be nice to do this atomically. 3013 */ 3014 if (error == 0) { 3015 error = zfs_set_prop_nvlist(zc->zc_name, ZPROP_SRC_LOCAL, 3016 nvprops, NULL); 3017 if (error != 0) 3018 (void) dmu_objset_destroy(zc->zc_name, B_FALSE); 3019 } 3020 nvlist_free(nvprops); 3021 return (error); 3022 } 3023 3024 /* 3025 * inputs: 3026 * zc_name name of filesystem 3027 * zc_value short name of snapshot 3028 * zc_cookie recursive flag 3029 * zc_nvlist_src[_size] property list 3030 * 3031 * outputs: 3032 * zc_value short snapname (i.e. part after the '@') 3033 */ 3034 static int 3035 zfs_ioc_snapshot(zfs_cmd_t *zc) 3036 { 3037 nvlist_t *nvprops = NULL; 3038 int error; 3039 boolean_t recursive = zc->zc_cookie; 3040 3041 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0) 3042 return (EINVAL); 3043 3044 if (zc->zc_nvlist_src != NULL && 3045 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 3046 zc->zc_iflags, &nvprops)) != 0) 3047 return (error); 3048 3049 error = zfs_check_userprops(zc->zc_name, nvprops); 3050 if (error) 3051 goto out; 3052 3053 if (!nvlist_empty(nvprops) && 3054 zfs_earlier_version(zc->zc_name, SPA_VERSION_SNAP_PROPS)) { 3055 error = ENOTSUP; 3056 goto out; 3057 } 3058 3059 error = dmu_objset_snapshot(zc->zc_name, zc->zc_value, NULL, 3060 nvprops, recursive, B_FALSE, -1); 3061 3062 out: 3063 nvlist_free(nvprops); 3064 return (error); 3065 } 3066 3067 int 3068 zfs_unmount_snap(const char *name, void *arg) 3069 { 3070 vfs_t *vfsp = NULL; 3071 3072 if (arg) { 3073 char *snapname = arg; 3074 char *fullname = kmem_asprintf("%s@%s", name, snapname); 3075 vfsp = zfs_get_vfs(fullname); 3076 strfree(fullname); 3077 } else if (strchr(name, '@')) { 3078 vfsp = zfs_get_vfs(name); 3079 } 3080 3081 if (vfsp) { 3082 /* 3083 * Always force the unmount for snapshots. 3084 */ 3085 int flag = MS_FORCE; 3086 int err; 3087 3088 if ((err = vn_vfswlock(vfsp->vfs_vnodecovered)) != 0) { 3089 VFS_RELE(vfsp); 3090 return (err); 3091 } 3092 VFS_RELE(vfsp); 3093 if ((err = dounmount(vfsp, flag, kcred)) != 0) 3094 return (err); 3095 } 3096 return (0); 3097 } 3098 3099 /* 3100 * inputs: 3101 * zc_name name of filesystem 3102 * zc_value short name of snapshot 3103 * zc_defer_destroy mark for deferred destroy 3104 * 3105 * outputs: none 3106 */ 3107 static int 3108 zfs_ioc_destroy_snaps(zfs_cmd_t *zc) 3109 { 3110 int err; 3111 3112 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0) 3113 return (EINVAL); 3114 err = dmu_objset_find(zc->zc_name, 3115 zfs_unmount_snap, zc->zc_value, DS_FIND_CHILDREN); 3116 if (err) 3117 return (err); 3118 return (dmu_snapshots_destroy(zc->zc_name, zc->zc_value, 3119 zc->zc_defer_destroy)); 3120 } 3121 3122 /* 3123 * inputs: 3124 * zc_name name of dataset to destroy 3125 * zc_objset_type type of objset 3126 * zc_defer_destroy mark for deferred destroy 3127 * 3128 * outputs: none 3129 */ 3130 static int 3131 zfs_ioc_destroy(zfs_cmd_t *zc) 3132 { 3133 int err; 3134 if (strchr(zc->zc_name, '@') && zc->zc_objset_type == DMU_OST_ZFS) { 3135 err = zfs_unmount_snap(zc->zc_name, NULL); 3136 if (err) 3137 return (err); 3138 } 3139 3140 err = dmu_objset_destroy(zc->zc_name, zc->zc_defer_destroy); 3141 if (zc->zc_objset_type == DMU_OST_ZVOL && err == 0) 3142 (void) zvol_remove_minor(zc->zc_name); 3143 return (err); 3144 } 3145 3146 /* 3147 * inputs: 3148 * zc_name name of dataset to rollback (to most recent snapshot) 3149 * 3150 * outputs: none 3151 */ 3152 static int 3153 zfs_ioc_rollback(zfs_cmd_t *zc) 3154 { 3155 dsl_dataset_t *ds, *clone; 3156 int error; 3157 zfsvfs_t *zfsvfs; 3158 char *clone_name; 3159 3160 error = dsl_dataset_hold(zc->zc_name, FTAG, &ds); 3161 if (error) 3162 return (error); 3163 3164 /* must not be a snapshot */ 3165 if (dsl_dataset_is_snapshot(ds)) { 3166 dsl_dataset_rele(ds, FTAG); 3167 return (EINVAL); 3168 } 3169 3170 /* must have a most recent snapshot */ 3171 if (ds->ds_phys->ds_prev_snap_txg < TXG_INITIAL) { 3172 dsl_dataset_rele(ds, FTAG); 3173 return (EINVAL); 3174 } 3175 3176 /* 3177 * Create clone of most recent snapshot. 3178 */ 3179 clone_name = kmem_asprintf("%s/%%rollback", zc->zc_name); 3180 error = dmu_objset_clone(clone_name, ds->ds_prev, DS_FLAG_INCONSISTENT); 3181 if (error) 3182 goto out; 3183 3184 error = dsl_dataset_own(clone_name, B_TRUE, FTAG, &clone); 3185 if (error) 3186 goto out; 3187 3188 /* 3189 * Do clone swap. 3190 */ 3191 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) { 3192 error = zfs_suspend_fs(zfsvfs); 3193 if (error == 0) { 3194 int resume_err; 3195 3196 if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) { 3197 error = dsl_dataset_clone_swap(clone, ds, 3198 B_TRUE); 3199 dsl_dataset_disown(ds, FTAG); 3200 ds = NULL; 3201 } else { 3202 error = EBUSY; 3203 } 3204 resume_err = zfs_resume_fs(zfsvfs, zc->zc_name); 3205 error = error ? error : resume_err; 3206 } 3207 VFS_RELE(zfsvfs->z_vfs); 3208 } else { 3209 if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) { 3210 error = dsl_dataset_clone_swap(clone, ds, B_TRUE); 3211 dsl_dataset_disown(ds, FTAG); 3212 ds = NULL; 3213 } else { 3214 error = EBUSY; 3215 } 3216 } 3217 3218 /* 3219 * Destroy clone (which also closes it). 3220 */ 3221 (void) dsl_dataset_destroy(clone, FTAG, B_FALSE); 3222 3223 out: 3224 strfree(clone_name); 3225 if (ds) 3226 dsl_dataset_rele(ds, FTAG); 3227 return (error); 3228 } 3229 3230 /* 3231 * inputs: 3232 * zc_name old name of dataset 3233 * zc_value new name of dataset 3234 * zc_cookie recursive flag (only valid for snapshots) 3235 * 3236 * outputs: none 3237 */ 3238 static int 3239 zfs_ioc_rename(zfs_cmd_t *zc) 3240 { 3241 boolean_t recursive = zc->zc_cookie & 1; 3242 3243 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0'; 3244 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 || 3245 strchr(zc->zc_value, '%')) 3246 return (EINVAL); 3247 3248 /* 3249 * Unmount snapshot unless we're doing a recursive rename, 3250 * in which case the dataset code figures out which snapshots 3251 * to unmount. 3252 */ 3253 if (!recursive && strchr(zc->zc_name, '@') != NULL && 3254 zc->zc_objset_type == DMU_OST_ZFS) { 3255 int err = zfs_unmount_snap(zc->zc_name, NULL); 3256 if (err) 3257 return (err); 3258 } 3259 if (zc->zc_objset_type == DMU_OST_ZVOL) 3260 (void) zvol_remove_minor(zc->zc_name); 3261 return (dmu_objset_rename(zc->zc_name, zc->zc_value, recursive)); 3262 } 3263 3264 static int 3265 zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr) 3266 { 3267 const char *propname = nvpair_name(pair); 3268 boolean_t issnap = (strchr(dsname, '@') != NULL); 3269 zfs_prop_t prop = zfs_name_to_prop(propname); 3270 uint64_t intval; 3271 int err; 3272 3273 if (prop == ZPROP_INVAL) { 3274 if (zfs_prop_user(propname)) { 3275 if (err = zfs_secpolicy_write_perms(dsname, 3276 ZFS_DELEG_PERM_USERPROP, cr)) 3277 return (err); 3278 return (0); 3279 } 3280 3281 if (!issnap && zfs_prop_userquota(propname)) { 3282 const char *perm = NULL; 3283 const char *uq_prefix = 3284 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA]; 3285 const char *gq_prefix = 3286 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA]; 3287 3288 if (strncmp(propname, uq_prefix, 3289 strlen(uq_prefix)) == 0) { 3290 perm = ZFS_DELEG_PERM_USERQUOTA; 3291 } else if (strncmp(propname, gq_prefix, 3292 strlen(gq_prefix)) == 0) { 3293 perm = ZFS_DELEG_PERM_GROUPQUOTA; 3294 } else { 3295 /* USERUSED and GROUPUSED are read-only */ 3296 return (EINVAL); 3297 } 3298 3299 if (err = zfs_secpolicy_write_perms(dsname, perm, cr)) 3300 return (err); 3301 return (0); 3302 } 3303 3304 return (EINVAL); 3305 } 3306 3307 if (issnap) 3308 return (EINVAL); 3309 3310 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 3311 /* 3312 * dsl_prop_get_all_impl() returns properties in this 3313 * format. 3314 */ 3315 nvlist_t *attrs; 3316 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 3317 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 3318 &pair) == 0); 3319 } 3320 3321 /* 3322 * Check that this value is valid for this pool version 3323 */ 3324 switch (prop) { 3325 case ZFS_PROP_COMPRESSION: 3326 /* 3327 * If the user specified gzip compression, make sure 3328 * the SPA supports it. We ignore any errors here since 3329 * we'll catch them later. 3330 */ 3331 if (nvpair_type(pair) == DATA_TYPE_UINT64 && 3332 nvpair_value_uint64(pair, &intval) == 0) { 3333 if (intval >= ZIO_COMPRESS_GZIP_1 && 3334 intval <= ZIO_COMPRESS_GZIP_9 && 3335 zfs_earlier_version(dsname, 3336 SPA_VERSION_GZIP_COMPRESSION)) { 3337 return (ENOTSUP); 3338 } 3339 3340 if (intval == ZIO_COMPRESS_ZLE && 3341 zfs_earlier_version(dsname, 3342 SPA_VERSION_ZLE_COMPRESSION)) 3343 return (ENOTSUP); 3344 3345 /* 3346 * If this is a bootable dataset then 3347 * verify that the compression algorithm 3348 * is supported for booting. We must return 3349 * something other than ENOTSUP since it 3350 * implies a downrev pool version. 3351 */ 3352 if (zfs_is_bootfs(dsname) && 3353 !BOOTFS_COMPRESS_VALID(intval)) { 3354 return (ERANGE); 3355 } 3356 } 3357 break; 3358 3359 case ZFS_PROP_COPIES: 3360 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS)) 3361 return (ENOTSUP); 3362 break; 3363 3364 case ZFS_PROP_DEDUP: 3365 if (zfs_earlier_version(dsname, SPA_VERSION_DEDUP)) 3366 return (ENOTSUP); 3367 break; 3368 3369 case ZFS_PROP_SHARESMB: 3370 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID)) 3371 return (ENOTSUP); 3372 break; 3373 3374 case ZFS_PROP_ACLINHERIT: 3375 if (nvpair_type(pair) == DATA_TYPE_UINT64 && 3376 nvpair_value_uint64(pair, &intval) == 0) { 3377 if (intval == ZFS_ACL_PASSTHROUGH_X && 3378 zfs_earlier_version(dsname, 3379 SPA_VERSION_PASSTHROUGH_X)) 3380 return (ENOTSUP); 3381 } 3382 break; 3383 } 3384 3385 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED())); 3386 } 3387 3388 /* 3389 * Removes properties from the given props list that fail permission checks 3390 * needed to clear them and to restore them in case of a receive error. For each 3391 * property, make sure we have both set and inherit permissions. 3392 * 3393 * Returns the first error encountered if any permission checks fail. If the 3394 * caller provides a non-NULL errlist, it also gives the complete list of names 3395 * of all the properties that failed a permission check along with the 3396 * corresponding error numbers. The caller is responsible for freeing the 3397 * returned errlist. 3398 * 3399 * If every property checks out successfully, zero is returned and the list 3400 * pointed at by errlist is NULL. 3401 */ 3402 static int 3403 zfs_check_clearable(char *dataset, nvlist_t *props, nvlist_t **errlist) 3404 { 3405 zfs_cmd_t *zc; 3406 nvpair_t *pair, *next_pair; 3407 nvlist_t *errors; 3408 int err, rv = 0; 3409 3410 if (props == NULL) 3411 return (0); 3412 3413 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0); 3414 3415 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP); 3416 (void) strcpy(zc->zc_name, dataset); 3417 pair = nvlist_next_nvpair(props, NULL); 3418 while (pair != NULL) { 3419 next_pair = nvlist_next_nvpair(props, pair); 3420 3421 (void) strcpy(zc->zc_value, nvpair_name(pair)); 3422 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 || 3423 (err = zfs_secpolicy_inherit(zc, CRED())) != 0) { 3424 VERIFY(nvlist_remove_nvpair(props, pair) == 0); 3425 VERIFY(nvlist_add_int32(errors, 3426 zc->zc_value, err) == 0); 3427 } 3428 pair = next_pair; 3429 } 3430 kmem_free(zc, sizeof (zfs_cmd_t)); 3431 3432 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) { 3433 nvlist_free(errors); 3434 errors = NULL; 3435 } else { 3436 VERIFY(nvpair_value_int32(pair, &rv) == 0); 3437 } 3438 3439 if (errlist == NULL) 3440 nvlist_free(errors); 3441 else 3442 *errlist = errors; 3443 3444 return (rv); 3445 } 3446 3447 static boolean_t 3448 propval_equals(nvpair_t *p1, nvpair_t *p2) 3449 { 3450 if (nvpair_type(p1) == DATA_TYPE_NVLIST) { 3451 /* dsl_prop_get_all_impl() format */ 3452 nvlist_t *attrs; 3453 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0); 3454 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 3455 &p1) == 0); 3456 } 3457 3458 if (nvpair_type(p2) == DATA_TYPE_NVLIST) { 3459 nvlist_t *attrs; 3460 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0); 3461 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 3462 &p2) == 0); 3463 } 3464 3465 if (nvpair_type(p1) != nvpair_type(p2)) 3466 return (B_FALSE); 3467 3468 if (nvpair_type(p1) == DATA_TYPE_STRING) { 3469 char *valstr1, *valstr2; 3470 3471 VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0); 3472 VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0); 3473 return (strcmp(valstr1, valstr2) == 0); 3474 } else { 3475 uint64_t intval1, intval2; 3476 3477 VERIFY(nvpair_value_uint64(p1, &intval1) == 0); 3478 VERIFY(nvpair_value_uint64(p2, &intval2) == 0); 3479 return (intval1 == intval2); 3480 } 3481 } 3482 3483 /* 3484 * Remove properties from props if they are not going to change (as determined 3485 * by comparison with origprops). Remove them from origprops as well, since we 3486 * do not need to clear or restore properties that won't change. 3487 */ 3488 static void 3489 props_reduce(nvlist_t *props, nvlist_t *origprops) 3490 { 3491 nvpair_t *pair, *next_pair; 3492 3493 if (origprops == NULL) 3494 return; /* all props need to be received */ 3495 3496 pair = nvlist_next_nvpair(props, NULL); 3497 while (pair != NULL) { 3498 const char *propname = nvpair_name(pair); 3499 nvpair_t *match; 3500 3501 next_pair = nvlist_next_nvpair(props, pair); 3502 3503 if ((nvlist_lookup_nvpair(origprops, propname, 3504 &match) != 0) || !propval_equals(pair, match)) 3505 goto next; /* need to set received value */ 3506 3507 /* don't clear the existing received value */ 3508 (void) nvlist_remove_nvpair(origprops, match); 3509 /* don't bother receiving the property */ 3510 (void) nvlist_remove_nvpair(props, pair); 3511 next: 3512 pair = next_pair; 3513 } 3514 } 3515 3516 #ifdef DEBUG 3517 static boolean_t zfs_ioc_recv_inject_err; 3518 #endif 3519 3520 /* 3521 * inputs: 3522 * zc_name name of containing filesystem 3523 * zc_nvlist_src{_size} nvlist of properties to apply 3524 * zc_value name of snapshot to create 3525 * zc_string name of clone origin (if DRR_FLAG_CLONE) 3526 * zc_cookie file descriptor to recv from 3527 * zc_begin_record the BEGIN record of the stream (not byteswapped) 3528 * zc_guid force flag 3529 * zc_cleanup_fd cleanup-on-exit file descriptor 3530 * zc_action_handle handle for this guid/ds mapping (or zero on first call) 3531 * 3532 * outputs: 3533 * zc_cookie number of bytes read 3534 * zc_nvlist_dst{_size} error for each unapplied received property 3535 * zc_obj zprop_errflags_t 3536 * zc_action_handle handle for this guid/ds mapping 3537 */ 3538 static int 3539 zfs_ioc_recv(zfs_cmd_t *zc) 3540 { 3541 file_t *fp; 3542 objset_t *os; 3543 dmu_recv_cookie_t drc; 3544 boolean_t force = (boolean_t)zc->zc_guid; 3545 int fd; 3546 int error = 0; 3547 int props_error = 0; 3548 nvlist_t *errors; 3549 offset_t off; 3550 nvlist_t *props = NULL; /* sent properties */ 3551 nvlist_t *origprops = NULL; /* existing properties */ 3552 objset_t *origin = NULL; 3553 char *tosnap; 3554 char tofs[ZFS_MAXNAMELEN]; 3555 boolean_t first_recvd_props = B_FALSE; 3556 3557 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 || 3558 strchr(zc->zc_value, '@') == NULL || 3559 strchr(zc->zc_value, '%')) 3560 return (EINVAL); 3561 3562 (void) strcpy(tofs, zc->zc_value); 3563 tosnap = strchr(tofs, '@'); 3564 *tosnap++ = '\0'; 3565 3566 if (zc->zc_nvlist_src != NULL && 3567 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 3568 zc->zc_iflags, &props)) != 0) 3569 return (error); 3570 3571 fd = zc->zc_cookie; 3572 fp = getf(fd); 3573 if (fp == NULL) { 3574 nvlist_free(props); 3575 return (EBADF); 3576 } 3577 3578 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0); 3579 3580 if (props && dmu_objset_hold(tofs, FTAG, &os) == 0) { 3581 if ((spa_version(os->os_spa) >= SPA_VERSION_RECVD_PROPS) && 3582 !dsl_prop_get_hasrecvd(os)) { 3583 first_recvd_props = B_TRUE; 3584 } 3585 3586 /* 3587 * If new received properties are supplied, they are to 3588 * completely replace the existing received properties, so stash 3589 * away the existing ones. 3590 */ 3591 if (dsl_prop_get_received(os, &origprops) == 0) { 3592 nvlist_t *errlist = NULL; 3593 /* 3594 * Don't bother writing a property if its value won't 3595 * change (and avoid the unnecessary security checks). 3596 * 3597 * The first receive after SPA_VERSION_RECVD_PROPS is a 3598 * special case where we blow away all local properties 3599 * regardless. 3600 */ 3601 if (!first_recvd_props) 3602 props_reduce(props, origprops); 3603 if (zfs_check_clearable(tofs, origprops, 3604 &errlist) != 0) 3605 (void) nvlist_merge(errors, errlist, 0); 3606 nvlist_free(errlist); 3607 } 3608 3609 dmu_objset_rele(os, FTAG); 3610 } 3611 3612 if (zc->zc_string[0]) { 3613 error = dmu_objset_hold(zc->zc_string, FTAG, &origin); 3614 if (error) 3615 goto out; 3616 } 3617 3618 error = dmu_recv_begin(tofs, tosnap, zc->zc_top_ds, 3619 &zc->zc_begin_record, force, origin, &drc); 3620 if (origin) 3621 dmu_objset_rele(origin, FTAG); 3622 if (error) 3623 goto out; 3624 3625 /* 3626 * Set properties before we receive the stream so that they are applied 3627 * to the new data. Note that we must call dmu_recv_stream() if 3628 * dmu_recv_begin() succeeds. 3629 */ 3630 if (props) { 3631 nvlist_t *errlist; 3632 3633 if (dmu_objset_from_ds(drc.drc_logical_ds, &os) == 0) { 3634 if (drc.drc_newfs) { 3635 if (spa_version(os->os_spa) >= 3636 SPA_VERSION_RECVD_PROPS) 3637 first_recvd_props = B_TRUE; 3638 } else if (origprops != NULL) { 3639 if (clear_received_props(os, tofs, origprops, 3640 first_recvd_props ? NULL : props) != 0) 3641 zc->zc_obj |= ZPROP_ERR_NOCLEAR; 3642 } else { 3643 zc->zc_obj |= ZPROP_ERR_NOCLEAR; 3644 } 3645 dsl_prop_set_hasrecvd(os); 3646 } else if (!drc.drc_newfs) { 3647 zc->zc_obj |= ZPROP_ERR_NOCLEAR; 3648 } 3649 3650 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED, 3651 props, &errlist); 3652 (void) nvlist_merge(errors, errlist, 0); 3653 nvlist_free(errlist); 3654 } 3655 3656 if (fit_error_list(zc, &errors) != 0 || put_nvlist(zc, errors) != 0) { 3657 /* 3658 * Caller made zc->zc_nvlist_dst less than the minimum expected 3659 * size or supplied an invalid address. 3660 */ 3661 props_error = EINVAL; 3662 } 3663 3664 off = fp->f_offset; 3665 error = dmu_recv_stream(&drc, fp->f_vnode, &off, zc->zc_cleanup_fd, 3666 &zc->zc_action_handle); 3667 3668 if (error == 0) { 3669 zfsvfs_t *zfsvfs = NULL; 3670 3671 if (getzfsvfs(tofs, &zfsvfs) == 0) { 3672 /* online recv */ 3673 int end_err; 3674 3675 error = zfs_suspend_fs(zfsvfs); 3676 /* 3677 * If the suspend fails, then the recv_end will 3678 * likely also fail, and clean up after itself. 3679 */ 3680 end_err = dmu_recv_end(&drc); 3681 if (error == 0) 3682 error = zfs_resume_fs(zfsvfs, tofs); 3683 error = error ? error : end_err; 3684 VFS_RELE(zfsvfs->z_vfs); 3685 } else { 3686 error = dmu_recv_end(&drc); 3687 } 3688 } 3689 3690 zc->zc_cookie = off - fp->f_offset; 3691 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0) 3692 fp->f_offset = off; 3693 3694 #ifdef DEBUG 3695 if (zfs_ioc_recv_inject_err) { 3696 zfs_ioc_recv_inject_err = B_FALSE; 3697 error = 1; 3698 } 3699 #endif 3700 /* 3701 * On error, restore the original props. 3702 */ 3703 if (error && props) { 3704 if (dmu_objset_hold(tofs, FTAG, &os) == 0) { 3705 if (clear_received_props(os, tofs, props, NULL) != 0) { 3706 /* 3707 * We failed to clear the received properties. 3708 * Since we may have left a $recvd value on the 3709 * system, we can't clear the $hasrecvd flag. 3710 */ 3711 zc->zc_obj |= ZPROP_ERR_NORESTORE; 3712 } else if (first_recvd_props) { 3713 dsl_prop_unset_hasrecvd(os); 3714 } 3715 dmu_objset_rele(os, FTAG); 3716 } else if (!drc.drc_newfs) { 3717 /* We failed to clear the received properties. */ 3718 zc->zc_obj |= ZPROP_ERR_NORESTORE; 3719 } 3720 3721 if (origprops == NULL && !drc.drc_newfs) { 3722 /* We failed to stash the original properties. */ 3723 zc->zc_obj |= ZPROP_ERR_NORESTORE; 3724 } 3725 3726 /* 3727 * dsl_props_set() will not convert RECEIVED to LOCAL on or 3728 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL 3729 * explictly if we're restoring local properties cleared in the 3730 * first new-style receive. 3731 */ 3732 if (origprops != NULL && 3733 zfs_set_prop_nvlist(tofs, (first_recvd_props ? 3734 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED), 3735 origprops, NULL) != 0) { 3736 /* 3737 * We stashed the original properties but failed to 3738 * restore them. 3739 */ 3740 zc->zc_obj |= ZPROP_ERR_NORESTORE; 3741 } 3742 } 3743 out: 3744 nvlist_free(props); 3745 nvlist_free(origprops); 3746 nvlist_free(errors); 3747 releasef(fd); 3748 3749 if (error == 0) 3750 error = props_error; 3751 3752 return (error); 3753 } 3754 3755 /* 3756 * inputs: 3757 * zc_name name of snapshot to send 3758 * zc_cookie file descriptor to send stream to 3759 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj) 3760 * zc_sendobj objsetid of snapshot to send 3761 * zc_fromobj objsetid of incremental fromsnap (may be zero) 3762 * 3763 * outputs: none 3764 */ 3765 static int 3766 zfs_ioc_send(zfs_cmd_t *zc) 3767 { 3768 objset_t *fromsnap = NULL; 3769 objset_t *tosnap; 3770 file_t *fp; 3771 int error; 3772 offset_t off; 3773 dsl_dataset_t *ds; 3774 dsl_dataset_t *dsfrom = NULL; 3775 spa_t *spa; 3776 dsl_pool_t *dp; 3777 3778 error = spa_open(zc->zc_name, &spa, FTAG); 3779 if (error) 3780 return (error); 3781 3782 dp = spa_get_dsl(spa); 3783 rw_enter(&dp->dp_config_rwlock, RW_READER); 3784 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds); 3785 rw_exit(&dp->dp_config_rwlock); 3786 if (error) { 3787 spa_close(spa, FTAG); 3788 return (error); 3789 } 3790 3791 error = dmu_objset_from_ds(ds, &tosnap); 3792 if (error) { 3793 dsl_dataset_rele(ds, FTAG); 3794 spa_close(spa, FTAG); 3795 return (error); 3796 } 3797 3798 if (zc->zc_fromobj != 0) { 3799 rw_enter(&dp->dp_config_rwlock, RW_READER); 3800 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj, FTAG, &dsfrom); 3801 rw_exit(&dp->dp_config_rwlock); 3802 spa_close(spa, FTAG); 3803 if (error) { 3804 dsl_dataset_rele(ds, FTAG); 3805 return (error); 3806 } 3807 error = dmu_objset_from_ds(dsfrom, &fromsnap); 3808 if (error) { 3809 dsl_dataset_rele(dsfrom, FTAG); 3810 dsl_dataset_rele(ds, FTAG); 3811 return (error); 3812 } 3813 } else { 3814 spa_close(spa, FTAG); 3815 } 3816 3817 fp = getf(zc->zc_cookie); 3818 if (fp == NULL) { 3819 dsl_dataset_rele(ds, FTAG); 3820 if (dsfrom) 3821 dsl_dataset_rele(dsfrom, FTAG); 3822 return (EBADF); 3823 } 3824 3825 off = fp->f_offset; 3826 error = dmu_sendbackup(tosnap, fromsnap, zc->zc_obj, fp->f_vnode, &off); 3827 3828 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0) 3829 fp->f_offset = off; 3830 releasef(zc->zc_cookie); 3831 if (dsfrom) 3832 dsl_dataset_rele(dsfrom, FTAG); 3833 dsl_dataset_rele(ds, FTAG); 3834 return (error); 3835 } 3836 3837 static int 3838 zfs_ioc_inject_fault(zfs_cmd_t *zc) 3839 { 3840 int id, error; 3841 3842 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id, 3843 &zc->zc_inject_record); 3844 3845 if (error == 0) 3846 zc->zc_guid = (uint64_t)id; 3847 3848 return (error); 3849 } 3850 3851 static int 3852 zfs_ioc_clear_fault(zfs_cmd_t *zc) 3853 { 3854 return (zio_clear_fault((int)zc->zc_guid)); 3855 } 3856 3857 static int 3858 zfs_ioc_inject_list_next(zfs_cmd_t *zc) 3859 { 3860 int id = (int)zc->zc_guid; 3861 int error; 3862 3863 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name), 3864 &zc->zc_inject_record); 3865 3866 zc->zc_guid = id; 3867 3868 return (error); 3869 } 3870 3871 static int 3872 zfs_ioc_error_log(zfs_cmd_t *zc) 3873 { 3874 spa_t *spa; 3875 int error; 3876 size_t count = (size_t)zc->zc_nvlist_dst_size; 3877 3878 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 3879 return (error); 3880 3881 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst, 3882 &count); 3883 if (error == 0) 3884 zc->zc_nvlist_dst_size = count; 3885 else 3886 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa); 3887 3888 spa_close(spa, FTAG); 3889 3890 return (error); 3891 } 3892 3893 static int 3894 zfs_ioc_clear(zfs_cmd_t *zc) 3895 { 3896 spa_t *spa; 3897 vdev_t *vd; 3898 int error; 3899 3900 /* 3901 * On zpool clear we also fix up missing slogs 3902 */ 3903 mutex_enter(&spa_namespace_lock); 3904 spa = spa_lookup(zc->zc_name); 3905 if (spa == NULL) { 3906 mutex_exit(&spa_namespace_lock); 3907 return (EIO); 3908 } 3909 if (spa_get_log_state(spa) == SPA_LOG_MISSING) { 3910 /* we need to let spa_open/spa_load clear the chains */ 3911 spa_set_log_state(spa, SPA_LOG_CLEAR); 3912 } 3913 spa->spa_last_open_failed = 0; 3914 mutex_exit(&spa_namespace_lock); 3915 3916 if (zc->zc_cookie & ZPOOL_NO_REWIND) { 3917 error = spa_open(zc->zc_name, &spa, FTAG); 3918 } else { 3919 nvlist_t *policy; 3920 nvlist_t *config = NULL; 3921 3922 if (zc->zc_nvlist_src == NULL) 3923 return (EINVAL); 3924 3925 if ((error = get_nvlist(zc->zc_nvlist_src, 3926 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) { 3927 error = spa_open_rewind(zc->zc_name, &spa, FTAG, 3928 policy, &config); 3929 if (config != NULL) { 3930 int err; 3931 3932 if ((err = put_nvlist(zc, config)) != 0) 3933 error = err; 3934 nvlist_free(config); 3935 } 3936 nvlist_free(policy); 3937 } 3938 } 3939 3940 if (error) 3941 return (error); 3942 3943 spa_vdev_state_enter(spa, SCL_NONE); 3944 3945 if (zc->zc_guid == 0) { 3946 vd = NULL; 3947 } else { 3948 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE); 3949 if (vd == NULL) { 3950 (void) spa_vdev_state_exit(spa, NULL, ENODEV); 3951 spa_close(spa, FTAG); 3952 return (ENODEV); 3953 } 3954 } 3955 3956 vdev_clear(spa, vd); 3957 3958 (void) spa_vdev_state_exit(spa, NULL, 0); 3959 3960 /* 3961 * Resume any suspended I/Os. 3962 */ 3963 if (zio_resume(spa) != 0) 3964 error = EIO; 3965 3966 spa_close(spa, FTAG); 3967 3968 return (error); 3969 } 3970 3971 /* 3972 * inputs: 3973 * zc_name name of filesystem 3974 * zc_value name of origin snapshot 3975 * 3976 * outputs: 3977 * zc_string name of conflicting snapshot, if there is one 3978 */ 3979 static int 3980 zfs_ioc_promote(zfs_cmd_t *zc) 3981 { 3982 char *cp; 3983 3984 /* 3985 * We don't need to unmount *all* the origin fs's snapshots, but 3986 * it's easier. 3987 */ 3988 cp = strchr(zc->zc_value, '@'); 3989 if (cp) 3990 *cp = '\0'; 3991 (void) dmu_objset_find(zc->zc_value, 3992 zfs_unmount_snap, NULL, DS_FIND_SNAPSHOTS); 3993 return (dsl_dataset_promote(zc->zc_name, zc->zc_string)); 3994 } 3995 3996 /* 3997 * Retrieve a single {user|group}{used|quota}@... property. 3998 * 3999 * inputs: 4000 * zc_name name of filesystem 4001 * zc_objset_type zfs_userquota_prop_t 4002 * zc_value domain name (eg. "S-1-234-567-89") 4003 * zc_guid RID/UID/GID 4004 * 4005 * outputs: 4006 * zc_cookie property value 4007 */ 4008 static int 4009 zfs_ioc_userspace_one(zfs_cmd_t *zc) 4010 { 4011 zfsvfs_t *zfsvfs; 4012 int error; 4013 4014 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 4015 return (EINVAL); 4016 4017 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE); 4018 if (error) 4019 return (error); 4020 4021 error = zfs_userspace_one(zfsvfs, 4022 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie); 4023 zfsvfs_rele(zfsvfs, FTAG); 4024 4025 return (error); 4026 } 4027 4028 /* 4029 * inputs: 4030 * zc_name name of filesystem 4031 * zc_cookie zap cursor 4032 * zc_objset_type zfs_userquota_prop_t 4033 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist) 4034 * 4035 * outputs: 4036 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t) 4037 * zc_cookie zap cursor 4038 */ 4039 static int 4040 zfs_ioc_userspace_many(zfs_cmd_t *zc) 4041 { 4042 zfsvfs_t *zfsvfs; 4043 int bufsize = zc->zc_nvlist_dst_size; 4044 4045 if (bufsize <= 0) 4046 return (ENOMEM); 4047 4048 int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE); 4049 if (error) 4050 return (error); 4051 4052 void *buf = kmem_alloc(bufsize, KM_SLEEP); 4053 4054 error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie, 4055 buf, &zc->zc_nvlist_dst_size); 4056 4057 if (error == 0) { 4058 error = xcopyout(buf, 4059 (void *)(uintptr_t)zc->zc_nvlist_dst, 4060 zc->zc_nvlist_dst_size); 4061 } 4062 kmem_free(buf, bufsize); 4063 zfsvfs_rele(zfsvfs, FTAG); 4064 4065 return (error); 4066 } 4067 4068 /* 4069 * inputs: 4070 * zc_name name of filesystem 4071 * 4072 * outputs: 4073 * none 4074 */ 4075 static int 4076 zfs_ioc_userspace_upgrade(zfs_cmd_t *zc) 4077 { 4078 objset_t *os; 4079 int error = 0; 4080 zfsvfs_t *zfsvfs; 4081 4082 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) { 4083 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) { 4084 /* 4085 * If userused is not enabled, it may be because the 4086 * objset needs to be closed & reopened (to grow the 4087 * objset_phys_t). Suspend/resume the fs will do that. 4088 */ 4089 error = zfs_suspend_fs(zfsvfs); 4090 if (error == 0) 4091 error = zfs_resume_fs(zfsvfs, zc->zc_name); 4092 } 4093 if (error == 0) 4094 error = dmu_objset_userspace_upgrade(zfsvfs->z_os); 4095 VFS_RELE(zfsvfs->z_vfs); 4096 } else { 4097 /* XXX kind of reading contents without owning */ 4098 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 4099 if (error) 4100 return (error); 4101 4102 error = dmu_objset_userspace_upgrade(os); 4103 dmu_objset_rele(os, FTAG); 4104 } 4105 4106 return (error); 4107 } 4108 4109 /* 4110 * We don't want to have a hard dependency 4111 * against some special symbols in sharefs 4112 * nfs, and smbsrv. Determine them if needed when 4113 * the first file system is shared. 4114 * Neither sharefs, nfs or smbsrv are unloadable modules. 4115 */ 4116 int (*znfsexport_fs)(void *arg); 4117 int (*zshare_fs)(enum sharefs_sys_op, share_t *, uint32_t); 4118 int (*zsmbexport_fs)(void *arg, boolean_t add_share); 4119 4120 int zfs_nfsshare_inited; 4121 int zfs_smbshare_inited; 4122 4123 ddi_modhandle_t nfs_mod; 4124 ddi_modhandle_t sharefs_mod; 4125 ddi_modhandle_t smbsrv_mod; 4126 kmutex_t zfs_share_lock; 4127 4128 static int 4129 zfs_init_sharefs() 4130 { 4131 int error; 4132 4133 ASSERT(MUTEX_HELD(&zfs_share_lock)); 4134 /* Both NFS and SMB shares also require sharetab support. */ 4135 if (sharefs_mod == NULL && ((sharefs_mod = 4136 ddi_modopen("fs/sharefs", 4137 KRTLD_MODE_FIRST, &error)) == NULL)) { 4138 return (ENOSYS); 4139 } 4140 if (zshare_fs == NULL && ((zshare_fs = 4141 (int (*)(enum sharefs_sys_op, share_t *, uint32_t)) 4142 ddi_modsym(sharefs_mod, "sharefs_impl", &error)) == NULL)) { 4143 return (ENOSYS); 4144 } 4145 return (0); 4146 } 4147 4148 static int 4149 zfs_ioc_share(zfs_cmd_t *zc) 4150 { 4151 int error; 4152 int opcode; 4153 4154 switch (zc->zc_share.z_sharetype) { 4155 case ZFS_SHARE_NFS: 4156 case ZFS_UNSHARE_NFS: 4157 if (zfs_nfsshare_inited == 0) { 4158 mutex_enter(&zfs_share_lock); 4159 if (nfs_mod == NULL && ((nfs_mod = ddi_modopen("fs/nfs", 4160 KRTLD_MODE_FIRST, &error)) == NULL)) { 4161 mutex_exit(&zfs_share_lock); 4162 return (ENOSYS); 4163 } 4164 if (znfsexport_fs == NULL && 4165 ((znfsexport_fs = (int (*)(void *)) 4166 ddi_modsym(nfs_mod, 4167 "nfs_export", &error)) == NULL)) { 4168 mutex_exit(&zfs_share_lock); 4169 return (ENOSYS); 4170 } 4171 error = zfs_init_sharefs(); 4172 if (error) { 4173 mutex_exit(&zfs_share_lock); 4174 return (ENOSYS); 4175 } 4176 zfs_nfsshare_inited = 1; 4177 mutex_exit(&zfs_share_lock); 4178 } 4179 break; 4180 case ZFS_SHARE_SMB: 4181 case ZFS_UNSHARE_SMB: 4182 if (zfs_smbshare_inited == 0) { 4183 mutex_enter(&zfs_share_lock); 4184 if (smbsrv_mod == NULL && ((smbsrv_mod = 4185 ddi_modopen("drv/smbsrv", 4186 KRTLD_MODE_FIRST, &error)) == NULL)) { 4187 mutex_exit(&zfs_share_lock); 4188 return (ENOSYS); 4189 } 4190 if (zsmbexport_fs == NULL && ((zsmbexport_fs = 4191 (int (*)(void *, boolean_t))ddi_modsym(smbsrv_mod, 4192 "smb_server_share", &error)) == NULL)) { 4193 mutex_exit(&zfs_share_lock); 4194 return (ENOSYS); 4195 } 4196 error = zfs_init_sharefs(); 4197 if (error) { 4198 mutex_exit(&zfs_share_lock); 4199 return (ENOSYS); 4200 } 4201 zfs_smbshare_inited = 1; 4202 mutex_exit(&zfs_share_lock); 4203 } 4204 break; 4205 default: 4206 return (EINVAL); 4207 } 4208 4209 switch (zc->zc_share.z_sharetype) { 4210 case ZFS_SHARE_NFS: 4211 case ZFS_UNSHARE_NFS: 4212 if (error = 4213 znfsexport_fs((void *) 4214 (uintptr_t)zc->zc_share.z_exportdata)) 4215 return (error); 4216 break; 4217 case ZFS_SHARE_SMB: 4218 case ZFS_UNSHARE_SMB: 4219 if (error = zsmbexport_fs((void *) 4220 (uintptr_t)zc->zc_share.z_exportdata, 4221 zc->zc_share.z_sharetype == ZFS_SHARE_SMB ? 4222 B_TRUE: B_FALSE)) { 4223 return (error); 4224 } 4225 break; 4226 } 4227 4228 opcode = (zc->zc_share.z_sharetype == ZFS_SHARE_NFS || 4229 zc->zc_share.z_sharetype == ZFS_SHARE_SMB) ? 4230 SHAREFS_ADD : SHAREFS_REMOVE; 4231 4232 /* 4233 * Add or remove share from sharetab 4234 */ 4235 error = zshare_fs(opcode, 4236 (void *)(uintptr_t)zc->zc_share.z_sharedata, 4237 zc->zc_share.z_sharemax); 4238 4239 return (error); 4240 4241 } 4242 4243 ace_t full_access[] = { 4244 {(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0} 4245 }; 4246 4247 /* 4248 * inputs: 4249 * zc_name name of containing filesystem 4250 * zc_obj object # beyond which we want next in-use object # 4251 * 4252 * outputs: 4253 * zc_obj next in-use object # 4254 */ 4255 static int 4256 zfs_ioc_next_obj(zfs_cmd_t *zc) 4257 { 4258 objset_t *os = NULL; 4259 int error; 4260 4261 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 4262 if (error) 4263 return (error); 4264 4265 error = dmu_object_next(os, &zc->zc_obj, B_FALSE, 4266 os->os_dsl_dataset->ds_phys->ds_prev_snap_txg); 4267 4268 dmu_objset_rele(os, FTAG); 4269 return (error); 4270 } 4271 4272 /* 4273 * inputs: 4274 * zc_name name of filesystem 4275 * zc_value prefix name for snapshot 4276 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process 4277 * 4278 * outputs: 4279 */ 4280 static int 4281 zfs_ioc_tmp_snapshot(zfs_cmd_t *zc) 4282 { 4283 char *snap_name; 4284 int error; 4285 4286 snap_name = kmem_asprintf("%s-%016llx", zc->zc_value, 4287 (u_longlong_t)ddi_get_lbolt64()); 4288 4289 if (strlen(snap_name) >= MAXNAMELEN) { 4290 strfree(snap_name); 4291 return (E2BIG); 4292 } 4293 4294 error = dmu_objset_snapshot(zc->zc_name, snap_name, snap_name, 4295 NULL, B_FALSE, B_TRUE, zc->zc_cleanup_fd); 4296 if (error != 0) { 4297 strfree(snap_name); 4298 return (error); 4299 } 4300 4301 (void) strcpy(zc->zc_value, snap_name); 4302 strfree(snap_name); 4303 return (0); 4304 } 4305 4306 /* 4307 * inputs: 4308 * zc_name name of "to" snapshot 4309 * zc_value name of "from" snapshot 4310 * zc_cookie file descriptor to write diff data on 4311 * 4312 * outputs: 4313 * dmu_diff_record_t's to the file descriptor 4314 */ 4315 static int 4316 zfs_ioc_diff(zfs_cmd_t *zc) 4317 { 4318 objset_t *fromsnap; 4319 objset_t *tosnap; 4320 file_t *fp; 4321 offset_t off; 4322 int error; 4323 4324 error = dmu_objset_hold(zc->zc_name, FTAG, &tosnap); 4325 if (error) 4326 return (error); 4327 4328 error = dmu_objset_hold(zc->zc_value, FTAG, &fromsnap); 4329 if (error) { 4330 dmu_objset_rele(tosnap, FTAG); 4331 return (error); 4332 } 4333 4334 fp = getf(zc->zc_cookie); 4335 if (fp == NULL) { 4336 dmu_objset_rele(fromsnap, FTAG); 4337 dmu_objset_rele(tosnap, FTAG); 4338 return (EBADF); 4339 } 4340 4341 off = fp->f_offset; 4342 4343 error = dmu_diff(tosnap, fromsnap, fp->f_vnode, &off); 4344 4345 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0) 4346 fp->f_offset = off; 4347 releasef(zc->zc_cookie); 4348 4349 dmu_objset_rele(fromsnap, FTAG); 4350 dmu_objset_rele(tosnap, FTAG); 4351 return (error); 4352 } 4353 4354 /* 4355 * Remove all ACL files in shares dir 4356 */ 4357 static int 4358 zfs_smb_acl_purge(znode_t *dzp) 4359 { 4360 zap_cursor_t zc; 4361 zap_attribute_t zap; 4362 zfsvfs_t *zfsvfs = dzp->z_zfsvfs; 4363 int error; 4364 4365 for (zap_cursor_init(&zc, zfsvfs->z_os, dzp->z_id); 4366 (error = zap_cursor_retrieve(&zc, &zap)) == 0; 4367 zap_cursor_advance(&zc)) { 4368 if ((error = VOP_REMOVE(ZTOV(dzp), zap.za_name, kcred, 4369 NULL, 0)) != 0) 4370 break; 4371 } 4372 zap_cursor_fini(&zc); 4373 return (error); 4374 } 4375 4376 static int 4377 zfs_ioc_smb_acl(zfs_cmd_t *zc) 4378 { 4379 vnode_t *vp; 4380 znode_t *dzp; 4381 vnode_t *resourcevp = NULL; 4382 znode_t *sharedir; 4383 zfsvfs_t *zfsvfs; 4384 nvlist_t *nvlist; 4385 char *src, *target; 4386 vattr_t vattr; 4387 vsecattr_t vsec; 4388 int error = 0; 4389 4390 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE, 4391 NO_FOLLOW, NULL, &vp)) != 0) 4392 return (error); 4393 4394 /* Now make sure mntpnt and dataset are ZFS */ 4395 4396 if (vp->v_vfsp->vfs_fstype != zfsfstype || 4397 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource), 4398 zc->zc_name) != 0)) { 4399 VN_RELE(vp); 4400 return (EINVAL); 4401 } 4402 4403 dzp = VTOZ(vp); 4404 zfsvfs = dzp->z_zfsvfs; 4405 ZFS_ENTER(zfsvfs); 4406 4407 /* 4408 * Create share dir if its missing. 4409 */ 4410 mutex_enter(&zfsvfs->z_lock); 4411 if (zfsvfs->z_shares_dir == 0) { 4412 dmu_tx_t *tx; 4413 4414 tx = dmu_tx_create(zfsvfs->z_os); 4415 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, TRUE, 4416 ZFS_SHARES_DIR); 4417 dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL); 4418 error = dmu_tx_assign(tx, TXG_WAIT); 4419 if (error) { 4420 dmu_tx_abort(tx); 4421 } else { 4422 error = zfs_create_share_dir(zfsvfs, tx); 4423 dmu_tx_commit(tx); 4424 } 4425 if (error) { 4426 mutex_exit(&zfsvfs->z_lock); 4427 VN_RELE(vp); 4428 ZFS_EXIT(zfsvfs); 4429 return (error); 4430 } 4431 } 4432 mutex_exit(&zfsvfs->z_lock); 4433 4434 ASSERT(zfsvfs->z_shares_dir); 4435 if ((error = zfs_zget(zfsvfs, zfsvfs->z_shares_dir, &sharedir)) != 0) { 4436 VN_RELE(vp); 4437 ZFS_EXIT(zfsvfs); 4438 return (error); 4439 } 4440 4441 switch (zc->zc_cookie) { 4442 case ZFS_SMB_ACL_ADD: 4443 vattr.va_mask = AT_MODE|AT_UID|AT_GID|AT_TYPE; 4444 vattr.va_type = VREG; 4445 vattr.va_mode = S_IFREG|0777; 4446 vattr.va_uid = 0; 4447 vattr.va_gid = 0; 4448 4449 vsec.vsa_mask = VSA_ACE; 4450 vsec.vsa_aclentp = &full_access; 4451 vsec.vsa_aclentsz = sizeof (full_access); 4452 vsec.vsa_aclcnt = 1; 4453 4454 error = VOP_CREATE(ZTOV(sharedir), zc->zc_string, 4455 &vattr, EXCL, 0, &resourcevp, kcred, 0, NULL, &vsec); 4456 if (resourcevp) 4457 VN_RELE(resourcevp); 4458 break; 4459 4460 case ZFS_SMB_ACL_REMOVE: 4461 error = VOP_REMOVE(ZTOV(sharedir), zc->zc_string, kcred, 4462 NULL, 0); 4463 break; 4464 4465 case ZFS_SMB_ACL_RENAME: 4466 if ((error = get_nvlist(zc->zc_nvlist_src, 4467 zc->zc_nvlist_src_size, zc->zc_iflags, &nvlist)) != 0) { 4468 VN_RELE(vp); 4469 ZFS_EXIT(zfsvfs); 4470 return (error); 4471 } 4472 if (nvlist_lookup_string(nvlist, ZFS_SMB_ACL_SRC, &src) || 4473 nvlist_lookup_string(nvlist, ZFS_SMB_ACL_TARGET, 4474 &target)) { 4475 VN_RELE(vp); 4476 VN_RELE(ZTOV(sharedir)); 4477 ZFS_EXIT(zfsvfs); 4478 nvlist_free(nvlist); 4479 return (error); 4480 } 4481 error = VOP_RENAME(ZTOV(sharedir), src, ZTOV(sharedir), target, 4482 kcred, NULL, 0); 4483 nvlist_free(nvlist); 4484 break; 4485 4486 case ZFS_SMB_ACL_PURGE: 4487 error = zfs_smb_acl_purge(sharedir); 4488 break; 4489 4490 default: 4491 error = EINVAL; 4492 break; 4493 } 4494 4495 VN_RELE(vp); 4496 VN_RELE(ZTOV(sharedir)); 4497 4498 ZFS_EXIT(zfsvfs); 4499 4500 return (error); 4501 } 4502 4503 /* 4504 * inputs: 4505 * zc_name name of filesystem 4506 * zc_value short name of snap 4507 * zc_string user-supplied tag for this hold 4508 * zc_cookie recursive flag 4509 * zc_temphold set if hold is temporary 4510 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process 4511 * zc_sendobj if non-zero, the objid for zc_name@zc_value 4512 * zc_createtxg if zc_sendobj is non-zero, snap must have zc_createtxg 4513 * 4514 * outputs: none 4515 */ 4516 static int 4517 zfs_ioc_hold(zfs_cmd_t *zc) 4518 { 4519 boolean_t recursive = zc->zc_cookie; 4520 spa_t *spa; 4521 dsl_pool_t *dp; 4522 dsl_dataset_t *ds; 4523 int error; 4524 minor_t minor = 0; 4525 4526 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0) 4527 return (EINVAL); 4528 4529 if (zc->zc_sendobj == 0) { 4530 return (dsl_dataset_user_hold(zc->zc_name, zc->zc_value, 4531 zc->zc_string, recursive, zc->zc_temphold, 4532 zc->zc_cleanup_fd)); 4533 } 4534 4535 if (recursive) 4536 return (EINVAL); 4537 4538 error = spa_open(zc->zc_name, &spa, FTAG); 4539 if (error) 4540 return (error); 4541 4542 dp = spa_get_dsl(spa); 4543 rw_enter(&dp->dp_config_rwlock, RW_READER); 4544 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds); 4545 rw_exit(&dp->dp_config_rwlock); 4546 spa_close(spa, FTAG); 4547 if (error) 4548 return (error); 4549 4550 /* 4551 * Until we have a hold on this snapshot, it's possible that 4552 * zc_sendobj could've been destroyed and reused as part 4553 * of a later txg. Make sure we're looking at the right object. 4554 */ 4555 if (zc->zc_createtxg != ds->ds_phys->ds_creation_txg) { 4556 dsl_dataset_rele(ds, FTAG); 4557 return (ENOENT); 4558 } 4559 4560 if (zc->zc_cleanup_fd != -1 && zc->zc_temphold) { 4561 error = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor); 4562 if (error) { 4563 dsl_dataset_rele(ds, FTAG); 4564 return (error); 4565 } 4566 } 4567 4568 error = dsl_dataset_user_hold_for_send(ds, zc->zc_string, 4569 zc->zc_temphold); 4570 if (minor != 0) { 4571 if (error == 0) { 4572 dsl_register_onexit_hold_cleanup(ds, zc->zc_string, 4573 minor); 4574 } 4575 zfs_onexit_fd_rele(zc->zc_cleanup_fd); 4576 } 4577 dsl_dataset_rele(ds, FTAG); 4578 4579 return (error); 4580 } 4581 4582 /* 4583 * inputs: 4584 * zc_name name of dataset from which we're releasing a user hold 4585 * zc_value short name of snap 4586 * zc_string user-supplied tag for this hold 4587 * zc_cookie recursive flag 4588 * 4589 * outputs: none 4590 */ 4591 static int 4592 zfs_ioc_release(zfs_cmd_t *zc) 4593 { 4594 boolean_t recursive = zc->zc_cookie; 4595 4596 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0) 4597 return (EINVAL); 4598 4599 return (dsl_dataset_user_release(zc->zc_name, zc->zc_value, 4600 zc->zc_string, recursive)); 4601 } 4602 4603 /* 4604 * inputs: 4605 * zc_name name of filesystem 4606 * 4607 * outputs: 4608 * zc_nvlist_src{_size} nvlist of snapshot holds 4609 */ 4610 static int 4611 zfs_ioc_get_holds(zfs_cmd_t *zc) 4612 { 4613 nvlist_t *nvp; 4614 int error; 4615 4616 if ((error = dsl_dataset_get_holds(zc->zc_name, &nvp)) == 0) { 4617 error = put_nvlist(zc, nvp); 4618 nvlist_free(nvp); 4619 } 4620 4621 return (error); 4622 } 4623 4624 /* 4625 * pool create, destroy, and export don't log the history as part of 4626 * zfsdev_ioctl, but rather zfs_ioc_pool_create, and zfs_ioc_pool_export 4627 * do the logging of those commands. 4628 */ 4629 static zfs_ioc_vec_t zfs_ioc_vec[] = { 4630 { zfs_ioc_pool_create, zfs_secpolicy_config, POOL_NAME, B_FALSE, 4631 POOL_CHECK_NONE }, 4632 { zfs_ioc_pool_destroy, zfs_secpolicy_config, POOL_NAME, B_FALSE, 4633 POOL_CHECK_NONE }, 4634 { zfs_ioc_pool_import, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4635 POOL_CHECK_NONE }, 4636 { zfs_ioc_pool_export, zfs_secpolicy_config, POOL_NAME, B_FALSE, 4637 POOL_CHECK_NONE }, 4638 { zfs_ioc_pool_configs, zfs_secpolicy_none, NO_NAME, B_FALSE, 4639 POOL_CHECK_NONE }, 4640 { zfs_ioc_pool_stats, zfs_secpolicy_read, POOL_NAME, B_FALSE, 4641 POOL_CHECK_NONE }, 4642 { zfs_ioc_pool_tryimport, zfs_secpolicy_config, NO_NAME, B_FALSE, 4643 POOL_CHECK_NONE }, 4644 { zfs_ioc_pool_scan, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4645 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY }, 4646 { zfs_ioc_pool_freeze, zfs_secpolicy_config, NO_NAME, B_FALSE, 4647 POOL_CHECK_READONLY }, 4648 { zfs_ioc_pool_upgrade, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4649 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY }, 4650 { zfs_ioc_pool_get_history, zfs_secpolicy_config, POOL_NAME, B_FALSE, 4651 POOL_CHECK_NONE }, 4652 { zfs_ioc_vdev_add, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4653 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY }, 4654 { zfs_ioc_vdev_remove, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4655 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY }, 4656 { zfs_ioc_vdev_set_state, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4657 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY }, 4658 { zfs_ioc_vdev_attach, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4659 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY }, 4660 { zfs_ioc_vdev_detach, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4661 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY }, 4662 { zfs_ioc_vdev_setpath, zfs_secpolicy_config, POOL_NAME, B_FALSE, 4663 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY }, 4664 { zfs_ioc_vdev_setfru, zfs_secpolicy_config, POOL_NAME, B_FALSE, 4665 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY }, 4666 { zfs_ioc_objset_stats, zfs_secpolicy_read, DATASET_NAME, B_FALSE, 4667 POOL_CHECK_SUSPENDED }, 4668 { zfs_ioc_objset_zplprops, zfs_secpolicy_read, DATASET_NAME, B_FALSE, 4669 POOL_CHECK_NONE }, 4670 { zfs_ioc_dataset_list_next, zfs_secpolicy_read, DATASET_NAME, B_FALSE, 4671 POOL_CHECK_SUSPENDED }, 4672 { zfs_ioc_snapshot_list_next, zfs_secpolicy_read, DATASET_NAME, B_FALSE, 4673 POOL_CHECK_SUSPENDED }, 4674 { zfs_ioc_set_prop, zfs_secpolicy_none, DATASET_NAME, B_TRUE, 4675 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY }, 4676 { zfs_ioc_create, zfs_secpolicy_create, DATASET_NAME, B_TRUE, 4677 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY }, 4678 { zfs_ioc_destroy, zfs_secpolicy_destroy, DATASET_NAME, B_TRUE, 4679 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY }, 4680 { zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME, B_TRUE, 4681 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY }, 4682 { zfs_ioc_rename, zfs_secpolicy_rename, DATASET_NAME, B_TRUE, 4683 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY }, 4684 { zfs_ioc_recv, zfs_secpolicy_receive, DATASET_NAME, B_TRUE, 4685 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY }, 4686 { zfs_ioc_send, zfs_secpolicy_send, DATASET_NAME, B_TRUE, 4687 POOL_CHECK_NONE }, 4688 { zfs_ioc_inject_fault, zfs_secpolicy_inject, NO_NAME, B_FALSE, 4689 POOL_CHECK_NONE }, 4690 { zfs_ioc_clear_fault, zfs_secpolicy_inject, NO_NAME, B_FALSE, 4691 POOL_CHECK_NONE }, 4692 { zfs_ioc_inject_list_next, zfs_secpolicy_inject, NO_NAME, B_FALSE, 4693 POOL_CHECK_NONE }, 4694 { zfs_ioc_error_log, zfs_secpolicy_inject, POOL_NAME, B_FALSE, 4695 POOL_CHECK_NONE }, 4696 { zfs_ioc_clear, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4697 POOL_CHECK_NONE }, 4698 { zfs_ioc_promote, zfs_secpolicy_promote, DATASET_NAME, B_TRUE, 4699 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY }, 4700 { zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, DATASET_NAME, 4701 B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY }, 4702 { zfs_ioc_snapshot, zfs_secpolicy_snapshot, DATASET_NAME, B_TRUE, 4703 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY }, 4704 { zfs_ioc_dsobj_to_dsname, zfs_secpolicy_diff, POOL_NAME, B_FALSE, 4705 POOL_CHECK_NONE }, 4706 { zfs_ioc_obj_to_path, zfs_secpolicy_diff, DATASET_NAME, B_FALSE, 4707 POOL_CHECK_SUSPENDED }, 4708 { zfs_ioc_pool_set_props, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4709 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY }, 4710 { zfs_ioc_pool_get_props, zfs_secpolicy_read, POOL_NAME, B_FALSE, 4711 POOL_CHECK_NONE }, 4712 { zfs_ioc_set_fsacl, zfs_secpolicy_fsacl, DATASET_NAME, B_TRUE, 4713 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY }, 4714 { zfs_ioc_get_fsacl, zfs_secpolicy_read, DATASET_NAME, B_FALSE, 4715 POOL_CHECK_NONE }, 4716 { zfs_ioc_share, zfs_secpolicy_share, DATASET_NAME, B_FALSE, 4717 POOL_CHECK_NONE }, 4718 { zfs_ioc_inherit_prop, zfs_secpolicy_inherit, DATASET_NAME, B_TRUE, 4719 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY }, 4720 { zfs_ioc_smb_acl, zfs_secpolicy_smb_acl, DATASET_NAME, B_FALSE, 4721 POOL_CHECK_NONE }, 4722 { zfs_ioc_userspace_one, zfs_secpolicy_userspace_one, DATASET_NAME, 4723 B_FALSE, POOL_CHECK_NONE }, 4724 { zfs_ioc_userspace_many, zfs_secpolicy_userspace_many, DATASET_NAME, 4725 B_FALSE, POOL_CHECK_NONE }, 4726 { zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade, 4727 DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY }, 4728 { zfs_ioc_hold, zfs_secpolicy_hold, DATASET_NAME, B_TRUE, 4729 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY }, 4730 { zfs_ioc_release, zfs_secpolicy_release, DATASET_NAME, B_TRUE, 4731 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY }, 4732 { zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME, B_FALSE, 4733 POOL_CHECK_SUSPENDED }, 4734 { zfs_ioc_objset_recvd_props, zfs_secpolicy_read, DATASET_NAME, B_FALSE, 4735 POOL_CHECK_NONE }, 4736 { zfs_ioc_vdev_split, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4737 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY }, 4738 { zfs_ioc_next_obj, zfs_secpolicy_read, DATASET_NAME, B_FALSE, 4739 POOL_CHECK_NONE }, 4740 { zfs_ioc_diff, zfs_secpolicy_diff, DATASET_NAME, B_FALSE, 4741 POOL_CHECK_NONE }, 4742 { zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot, DATASET_NAME, 4743 B_FALSE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY }, 4744 { zfs_ioc_obj_to_stats, zfs_secpolicy_diff, DATASET_NAME, B_FALSE, 4745 POOL_CHECK_SUSPENDED } 4746 }; 4747 4748 int 4749 pool_status_check(const char *name, zfs_ioc_namecheck_t type, 4750 zfs_ioc_poolcheck_t check) 4751 { 4752 spa_t *spa; 4753 int error; 4754 4755 ASSERT(type == POOL_NAME || type == DATASET_NAME); 4756 4757 if (check & POOL_CHECK_NONE) 4758 return (0); 4759 4760 error = spa_open(name, &spa, FTAG); 4761 if (error == 0) { 4762 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa)) 4763 error = EAGAIN; 4764 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa)) 4765 error = EROFS; 4766 spa_close(spa, FTAG); 4767 } 4768 return (error); 4769 } 4770 4771 /* 4772 * Find a free minor number. 4773 */ 4774 minor_t 4775 zfsdev_minor_alloc(void) 4776 { 4777 static minor_t last_minor; 4778 minor_t m; 4779 4780 ASSERT(MUTEX_HELD(&zfsdev_state_lock)); 4781 4782 for (m = last_minor + 1; m != last_minor; m++) { 4783 if (m > ZFSDEV_MAX_MINOR) 4784 m = 1; 4785 if (ddi_get_soft_state(zfsdev_state, m) == NULL) { 4786 last_minor = m; 4787 return (m); 4788 } 4789 } 4790 4791 return (0); 4792 } 4793 4794 static int 4795 zfs_ctldev_init(dev_t *devp) 4796 { 4797 minor_t minor; 4798 zfs_soft_state_t *zs; 4799 4800 ASSERT(MUTEX_HELD(&zfsdev_state_lock)); 4801 ASSERT(getminor(*devp) == 0); 4802 4803 minor = zfsdev_minor_alloc(); 4804 if (minor == 0) 4805 return (ENXIO); 4806 4807 if (ddi_soft_state_zalloc(zfsdev_state, minor) != DDI_SUCCESS) 4808 return (EAGAIN); 4809 4810 *devp = makedevice(getemajor(*devp), minor); 4811 4812 zs = ddi_get_soft_state(zfsdev_state, minor); 4813 zs->zss_type = ZSST_CTLDEV; 4814 zfs_onexit_init((zfs_onexit_t **)&zs->zss_data); 4815 4816 return (0); 4817 } 4818 4819 static void 4820 zfs_ctldev_destroy(zfs_onexit_t *zo, minor_t minor) 4821 { 4822 ASSERT(MUTEX_HELD(&zfsdev_state_lock)); 4823 4824 zfs_onexit_destroy(zo); 4825 ddi_soft_state_free(zfsdev_state, minor); 4826 } 4827 4828 void * 4829 zfsdev_get_soft_state(minor_t minor, enum zfs_soft_state_type which) 4830 { 4831 zfs_soft_state_t *zp; 4832 4833 zp = ddi_get_soft_state(zfsdev_state, minor); 4834 if (zp == NULL || zp->zss_type != which) 4835 return (NULL); 4836 4837 return (zp->zss_data); 4838 } 4839 4840 static int 4841 zfsdev_open(dev_t *devp, int flag, int otyp, cred_t *cr) 4842 { 4843 int error = 0; 4844 4845 if (getminor(*devp) != 0) 4846 return (zvol_open(devp, flag, otyp, cr)); 4847 4848 /* This is the control device. Allocate a new minor if requested. */ 4849 if (flag & FEXCL) { 4850 mutex_enter(&zfsdev_state_lock); 4851 error = zfs_ctldev_init(devp); 4852 mutex_exit(&zfsdev_state_lock); 4853 } 4854 4855 return (error); 4856 } 4857 4858 static int 4859 zfsdev_close(dev_t dev, int flag, int otyp, cred_t *cr) 4860 { 4861 zfs_onexit_t *zo; 4862 minor_t minor = getminor(dev); 4863 4864 if (minor == 0) 4865 return (0); 4866 4867 mutex_enter(&zfsdev_state_lock); 4868 zo = zfsdev_get_soft_state(minor, ZSST_CTLDEV); 4869 if (zo == NULL) { 4870 mutex_exit(&zfsdev_state_lock); 4871 return (zvol_close(dev, flag, otyp, cr)); 4872 } 4873 zfs_ctldev_destroy(zo, minor); 4874 mutex_exit(&zfsdev_state_lock); 4875 4876 return (0); 4877 } 4878 4879 static int 4880 zfsdev_ioctl(dev_t dev, int cmd, intptr_t arg, int flag, cred_t *cr, int *rvalp) 4881 { 4882 zfs_cmd_t *zc; 4883 uint_t vec; 4884 int error, rc; 4885 minor_t minor = getminor(dev); 4886 4887 if (minor != 0 && 4888 zfsdev_get_soft_state(minor, ZSST_CTLDEV) == NULL) 4889 return (zvol_ioctl(dev, cmd, arg, flag, cr, rvalp)); 4890 4891 vec = cmd - ZFS_IOC; 4892 ASSERT3U(getmajor(dev), ==, ddi_driver_major(zfs_dip)); 4893 4894 if (vec >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0])) 4895 return (EINVAL); 4896 4897 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP); 4898 4899 error = ddi_copyin((void *)arg, zc, sizeof (zfs_cmd_t), flag); 4900 if (error != 0) 4901 error = EFAULT; 4902 4903 if ((error == 0) && !(flag & FKIOCTL)) 4904 error = zfs_ioc_vec[vec].zvec_secpolicy(zc, cr); 4905 4906 /* 4907 * Ensure that all pool/dataset names are valid before we pass down to 4908 * the lower layers. 4909 */ 4910 if (error == 0) { 4911 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0'; 4912 zc->zc_iflags = flag & FKIOCTL; 4913 switch (zfs_ioc_vec[vec].zvec_namecheck) { 4914 case POOL_NAME: 4915 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0) 4916 error = EINVAL; 4917 error = pool_status_check(zc->zc_name, 4918 zfs_ioc_vec[vec].zvec_namecheck, 4919 zfs_ioc_vec[vec].zvec_pool_check); 4920 break; 4921 4922 case DATASET_NAME: 4923 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0) 4924 error = EINVAL; 4925 error = pool_status_check(zc->zc_name, 4926 zfs_ioc_vec[vec].zvec_namecheck, 4927 zfs_ioc_vec[vec].zvec_pool_check); 4928 break; 4929 4930 case NO_NAME: 4931 break; 4932 } 4933 } 4934 4935 if (error == 0) 4936 error = zfs_ioc_vec[vec].zvec_func(zc); 4937 4938 rc = ddi_copyout(zc, (void *)arg, sizeof (zfs_cmd_t), flag); 4939 if (error == 0) { 4940 if (rc != 0) 4941 error = EFAULT; 4942 if (zfs_ioc_vec[vec].zvec_his_log) 4943 zfs_log_history(zc); 4944 } 4945 4946 kmem_free(zc, sizeof (zfs_cmd_t)); 4947 return (error); 4948 } 4949 4950 static int 4951 zfs_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) 4952 { 4953 if (cmd != DDI_ATTACH) 4954 return (DDI_FAILURE); 4955 4956 if (ddi_create_minor_node(dip, "zfs", S_IFCHR, 0, 4957 DDI_PSEUDO, 0) == DDI_FAILURE) 4958 return (DDI_FAILURE); 4959 4960 zfs_dip = dip; 4961 4962 ddi_report_dev(dip); 4963 4964 return (DDI_SUCCESS); 4965 } 4966 4967 static int 4968 zfs_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) 4969 { 4970 if (spa_busy() || zfs_busy() || zvol_busy()) 4971 return (DDI_FAILURE); 4972 4973 if (cmd != DDI_DETACH) 4974 return (DDI_FAILURE); 4975 4976 zfs_dip = NULL; 4977 4978 ddi_prop_remove_all(dip); 4979 ddi_remove_minor_node(dip, NULL); 4980 4981 return (DDI_SUCCESS); 4982 } 4983 4984 /*ARGSUSED*/ 4985 static int 4986 zfs_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result) 4987 { 4988 switch (infocmd) { 4989 case DDI_INFO_DEVT2DEVINFO: 4990 *result = zfs_dip; 4991 return (DDI_SUCCESS); 4992 4993 case DDI_INFO_DEVT2INSTANCE: 4994 *result = (void *)0; 4995 return (DDI_SUCCESS); 4996 } 4997 4998 return (DDI_FAILURE); 4999 } 5000 5001 /* 5002 * OK, so this is a little weird. 5003 * 5004 * /dev/zfs is the control node, i.e. minor 0. 5005 * /dev/zvol/[r]dsk/pool/dataset are the zvols, minor > 0. 5006 * 5007 * /dev/zfs has basically nothing to do except serve up ioctls, 5008 * so most of the standard driver entry points are in zvol.c. 5009 */ 5010 static struct cb_ops zfs_cb_ops = { 5011 zfsdev_open, /* open */ 5012 zfsdev_close, /* close */ 5013 zvol_strategy, /* strategy */ 5014 nodev, /* print */ 5015 zvol_dump, /* dump */ 5016 zvol_read, /* read */ 5017 zvol_write, /* write */ 5018 zfsdev_ioctl, /* ioctl */ 5019 nodev, /* devmap */ 5020 nodev, /* mmap */ 5021 nodev, /* segmap */ 5022 nochpoll, /* poll */ 5023 ddi_prop_op, /* prop_op */ 5024 NULL, /* streamtab */ 5025 D_NEW | D_MP | D_64BIT, /* Driver compatibility flag */ 5026 CB_REV, /* version */ 5027 nodev, /* async read */ 5028 nodev, /* async write */ 5029 }; 5030 5031 static struct dev_ops zfs_dev_ops = { 5032 DEVO_REV, /* version */ 5033 0, /* refcnt */ 5034 zfs_info, /* info */ 5035 nulldev, /* identify */ 5036 nulldev, /* probe */ 5037 zfs_attach, /* attach */ 5038 zfs_detach, /* detach */ 5039 nodev, /* reset */ 5040 &zfs_cb_ops, /* driver operations */ 5041 NULL, /* no bus operations */ 5042 NULL, /* power */ 5043 ddi_quiesce_not_needed, /* quiesce */ 5044 }; 5045 5046 static struct modldrv zfs_modldrv = { 5047 &mod_driverops, 5048 "ZFS storage pool", 5049 &zfs_dev_ops 5050 }; 5051 5052 static struct modlinkage modlinkage = { 5053 MODREV_1, 5054 (void *)&zfs_modlfs, 5055 (void *)&zfs_modldrv, 5056 NULL 5057 }; 5058 5059 5060 uint_t zfs_fsyncer_key; 5061 extern uint_t rrw_tsd_key; 5062 5063 int 5064 _init(void) 5065 { 5066 int error; 5067 5068 spa_init(FREAD | FWRITE); 5069 zfs_init(); 5070 zvol_init(); 5071 5072 if ((error = mod_install(&modlinkage)) != 0) { 5073 zvol_fini(); 5074 zfs_fini(); 5075 spa_fini(); 5076 return (error); 5077 } 5078 5079 tsd_create(&zfs_fsyncer_key, NULL); 5080 tsd_create(&rrw_tsd_key, NULL); 5081 5082 error = ldi_ident_from_mod(&modlinkage, &zfs_li); 5083 ASSERT(error == 0); 5084 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL); 5085 5086 return (0); 5087 } 5088 5089 int 5090 _fini(void) 5091 { 5092 int error; 5093 5094 if (spa_busy() || zfs_busy() || zvol_busy() || zio_injection_enabled) 5095 return (EBUSY); 5096 5097 if ((error = mod_remove(&modlinkage)) != 0) 5098 return (error); 5099 5100 zvol_fini(); 5101 zfs_fini(); 5102 spa_fini(); 5103 if (zfs_nfsshare_inited) 5104 (void) ddi_modclose(nfs_mod); 5105 if (zfs_smbshare_inited) 5106 (void) ddi_modclose(smbsrv_mod); 5107 if (zfs_nfsshare_inited || zfs_smbshare_inited) 5108 (void) ddi_modclose(sharefs_mod); 5109 5110 tsd_destroy(&zfs_fsyncer_key); 5111 ldi_ident_release(zfs_li); 5112 zfs_li = NULL; 5113 mutex_destroy(&zfs_share_lock); 5114 5115 return (error); 5116 } 5117 5118 int 5119 _info(struct modinfo *modinfop) 5120 { 5121 return (mod_info(&modlinkage, modinfop)); 5122 } 5123
Indexes created Thu May 17 00:40:56 UTC 2012
Terms of Use
|
Privacy
|
Trademarks
|
Copyright Policy
|
Site Guidelines
|
Site Map
|
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
© 2012, Oracle Corporation and/or its affiliates.