1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #include <sys/types.h> 27 #include <sys/param.h> 28 #include <sys/errno.h> 29 #include <sys/uio.h> 30 #include <sys/buf.h> 31 #include <sys/modctl.h> 32 #include <sys/open.h> 33 #include <sys/file.h> 34 #include <sys/kmem.h> 35 #include <sys/conf.h> 36 #include <sys/cmn_err.h> 37 #include <sys/stat.h> 38 #include <sys/zfs_ioctl.h> 39 #include <sys/zfs_vfsops.h> 40 #include <sys/zfs_znode.h> 41 #include <sys/zap.h> 42 #include <sys/spa.h> 43 #include <sys/spa_impl.h> 44 #include <sys/vdev.h> 45 #include <sys/priv_impl.h> 46 #include <sys/dmu.h> 47 #include <sys/dsl_dir.h> 48 #include <sys/dsl_dataset.h> 49 #include <sys/dsl_prop.h> 50 #include <sys/dsl_deleg.h> 51 #include <sys/dmu_objset.h> 52 #include <sys/ddi.h> 53 #include <sys/sunddi.h> 54 #include <sys/sunldi.h> 55 #include <sys/policy.h> 56 #include <sys/zone.h> 57 #include <sys/nvpair.h> 58 #include <sys/pathname.h> 59 #include <sys/mount.h> 60 #include <sys/sdt.h> 61 #include <sys/fs/zfs.h> 62 #include <sys/zfs_ctldir.h> 63 #include <sys/zfs_dir.h> 64 #include <sys/zvol.h> 65 #include <sharefs/share.h> 66 #include <sys/dmu_objset.h> 67 68 #include "zfs_namecheck.h" 69 #include "zfs_prop.h" 70 #include "zfs_deleg.h" 71 72 extern struct modlfs zfs_modlfs; 73 74 extern void zfs_init(void); 75 extern void zfs_fini(void); 76 77 ldi_ident_t zfs_li = NULL; 78 dev_info_t *zfs_dip; 79 80 typedef int zfs_ioc_func_t(zfs_cmd_t *); 81 typedef int zfs_secpolicy_func_t(zfs_cmd_t *, cred_t *); 82 83 typedef enum { 84 NO_NAME, 85 POOL_NAME, 86 DATASET_NAME 87 } zfs_ioc_namecheck_t; 88 89 typedef struct zfs_ioc_vec { 90 zfs_ioc_func_t *zvec_func; 91 zfs_secpolicy_func_t *zvec_secpolicy; 92 zfs_ioc_namecheck_t zvec_namecheck; 93 boolean_t zvec_his_log; 94 boolean_t zvec_pool_check; 95 } zfs_ioc_vec_t; 96 97 /* This array is indexed by zfs_userquota_prop_t */ 98 static const char *userquota_perms[] = { 99 ZFS_DELEG_PERM_USERUSED, 100 ZFS_DELEG_PERM_USERQUOTA, 101 ZFS_DELEG_PERM_GROUPUSED, 102 ZFS_DELEG_PERM_GROUPQUOTA, 103 }; 104 105 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc); 106 static int zfs_check_settable(const char *name, nvpair_t *property, 107 cred_t *cr); 108 static int zfs_check_clearable(char *dataset, nvlist_t *props, 109 nvlist_t **errors); 110 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *, 111 boolean_t *); 112 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t **); 113 114 /* _NOTE(PRINTFLIKE(4)) - this is printf-like, but lint is too whiney */ 115 void 116 __dprintf(const char *file, const char *func, int line, const char *fmt, ...) 117 { 118 const char *newfile; 119 char buf[256]; 120 va_list adx; 121 122 /* 123 * Get rid of annoying "../common/" prefix to filename. 124 */ 125 newfile = strrchr(file, '/'); 126 if (newfile != NULL) { 127 newfile = newfile + 1; /* Get rid of leading / */ 128 } else { 129 newfile = file; 130 } 131 132 va_start(adx, fmt); 133 (void) vsnprintf(buf, sizeof (buf), fmt, adx); 134 va_end(adx); 135 136 /* 137 * To get this data, use the zfs-dprintf probe as so: 138 * dtrace -q -n 'zfs-dprintf \ 139 * /stringof(arg0) == "dbuf.c"/ \ 140 * {printf("%s: %s", stringof(arg1), stringof(arg3))}' 141 * arg0 = file name 142 * arg1 = function name 143 * arg2 = line number 144 * arg3 = message 145 */ 146 DTRACE_PROBE4(zfs__dprintf, 147 char *, newfile, char *, func, int, line, char *, buf); 148 } 149 150 static void 151 history_str_free(char *buf) 152 { 153 kmem_free(buf, HIS_MAX_RECORD_LEN); 154 } 155 156 static char * 157 history_str_get(zfs_cmd_t *zc) 158 { 159 char *buf; 160 161 if (zc->zc_history == NULL) 162 return (NULL); 163 164 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP); 165 if (copyinstr((void *)(uintptr_t)zc->zc_history, 166 buf, HIS_MAX_RECORD_LEN, NULL) != 0) { 167 history_str_free(buf); 168 return (NULL); 169 } 170 171 buf[HIS_MAX_RECORD_LEN -1] = '\0'; 172 173 return (buf); 174 } 175 176 /* 177 * Check to see if the named dataset is currently defined as bootable 178 */ 179 static boolean_t 180 zfs_is_bootfs(const char *name) 181 { 182 objset_t *os; 183 184 if (dmu_objset_hold(name, FTAG, &os) == 0) { 185 boolean_t ret; 186 ret = (dmu_objset_id(os) == spa_bootfs(dmu_objset_spa(os))); 187 dmu_objset_rele(os, FTAG); 188 return (ret); 189 } 190 return (B_FALSE); 191 } 192 193 /* 194 * zfs_earlier_version 195 * 196 * Return non-zero if the spa version is less than requested version. 197 */ 198 static int 199 zfs_earlier_version(const char *name, int version) 200 { 201 spa_t *spa; 202 203 if (spa_open(name, &spa, FTAG) == 0) { 204 if (spa_version(spa) < version) { 205 spa_close(spa, FTAG); 206 return (1); 207 } 208 spa_close(spa, FTAG); 209 } 210 return (0); 211 } 212 213 /* 214 * zpl_earlier_version 215 * 216 * Return TRUE if the ZPL version is less than requested version. 217 */ 218 static boolean_t 219 zpl_earlier_version(const char *name, int version) 220 { 221 objset_t *os; 222 boolean_t rc = B_TRUE; 223 224 if (dmu_objset_hold(name, FTAG, &os) == 0) { 225 uint64_t zplversion; 226 227 if (dmu_objset_type(os) != DMU_OST_ZFS) { 228 dmu_objset_rele(os, FTAG); 229 return (B_TRUE); 230 } 231 /* XXX reading from non-owned objset */ 232 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0) 233 rc = zplversion < version; 234 dmu_objset_rele(os, FTAG); 235 } 236 return (rc); 237 } 238 239 static void 240 zfs_log_history(zfs_cmd_t *zc) 241 { 242 spa_t *spa; 243 char *buf; 244 245 if ((buf = history_str_get(zc)) == NULL) 246 return; 247 248 if (spa_open(zc->zc_name, &spa, FTAG) == 0) { 249 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY) 250 (void) spa_history_log(spa, buf, LOG_CMD_NORMAL); 251 spa_close(spa, FTAG); 252 } 253 history_str_free(buf); 254 } 255 256 /* 257 * Policy for top-level read operations (list pools). Requires no privileges, 258 * and can be used in the local zone, as there is no associated dataset. 259 */ 260 /* ARGSUSED */ 261 static int 262 zfs_secpolicy_none(zfs_cmd_t *zc, cred_t *cr) 263 { 264 return (0); 265 } 266 267 /* 268 * Policy for dataset read operations (list children, get statistics). Requires 269 * no privileges, but must be visible in the local zone. 270 */ 271 /* ARGSUSED */ 272 static int 273 zfs_secpolicy_read(zfs_cmd_t *zc, cred_t *cr) 274 { 275 if (INGLOBALZONE(curproc) || 276 zone_dataset_visible(zc->zc_name, NULL)) 277 return (0); 278 279 return (ENOENT); 280 } 281 282 static int 283 zfs_dozonecheck(const char *dataset, cred_t *cr) 284 { 285 uint64_t zoned; 286 int writable = 1; 287 288 /* 289 * The dataset must be visible by this zone -- check this first 290 * so they don't see EPERM on something they shouldn't know about. 291 */ 292 if (!INGLOBALZONE(curproc) && 293 !zone_dataset_visible(dataset, &writable)) 294 return (ENOENT); 295 296 if (dsl_prop_get_integer(dataset, "zoned", &zoned, NULL)) 297 return (ENOENT); 298 299 if (INGLOBALZONE(curproc)) { 300 /* 301 * If the fs is zoned, only root can access it from the 302 * global zone. 303 */ 304 if (secpolicy_zfs(cr) && zoned) 305 return (EPERM); 306 } else { 307 /* 308 * If we are in a local zone, the 'zoned' property must be set. 309 */ 310 if (!zoned) 311 return (EPERM); 312 313 /* must be writable by this zone */ 314 if (!writable) 315 return (EPERM); 316 } 317 return (0); 318 } 319 320 int 321 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr) 322 { 323 int error; 324 325 error = zfs_dozonecheck(name, cr); 326 if (error == 0) { 327 error = secpolicy_zfs(cr); 328 if (error) 329 error = dsl_deleg_access(name, perm, cr); 330 } 331 return (error); 332 } 333 334 /* 335 * Policy for setting the security label property. 336 * 337 * Returns 0 for success, non-zero for access and other errors. 338 */ 339 static int 340 zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr) 341 { 342 char ds_hexsl[MAXNAMELEN]; 343 bslabel_t ds_sl, new_sl; 344 boolean_t new_default = FALSE; 345 uint64_t zoned; 346 int needed_priv = -1; 347 int error; 348 349 /* First get the existing dataset label. */ 350 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL), 351 1, sizeof (ds_hexsl), &ds_hexsl, NULL); 352 if (error) 353 return (EPERM); 354 355 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0) 356 new_default = TRUE; 357 358 /* The label must be translatable */ 359 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0)) 360 return (EINVAL); 361 362 /* 363 * In a non-global zone, disallow attempts to set a label that 364 * doesn't match that of the zone; otherwise no other checks 365 * are needed. 366 */ 367 if (!INGLOBALZONE(curproc)) { 368 if (new_default || !blequal(&new_sl, CR_SL(CRED()))) 369 return (EPERM); 370 return (0); 371 } 372 373 /* 374 * For global-zone datasets (i.e., those whose zoned property is 375 * "off", verify that the specified new label is valid for the 376 * global zone. 377 */ 378 if (dsl_prop_get_integer(name, 379 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL)) 380 return (EPERM); 381 if (!zoned) { 382 if (zfs_check_global_label(name, strval) != 0) 383 return (EPERM); 384 } 385 386 /* 387 * If the existing dataset label is nondefault, check if the 388 * dataset is mounted (label cannot be changed while mounted). 389 * Get the zfsvfs; if there isn't one, then the dataset isn't 390 * mounted (or isn't a dataset, doesn't exist, ...). 391 */ 392 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) { 393 objset_t *os; 394 static char *setsl_tag = "setsl_tag"; 395 396 /* 397 * Try to own the dataset; abort if there is any error, 398 * (e.g., already mounted, in use, or other error). 399 */ 400 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE, 401 setsl_tag, &os); 402 if (error) 403 return (EPERM); 404 405 dmu_objset_disown(os, setsl_tag); 406 407 if (new_default) { 408 needed_priv = PRIV_FILE_DOWNGRADE_SL; 409 goto out_check; 410 } 411 412 if (hexstr_to_label(strval, &new_sl) != 0) 413 return (EPERM); 414 415 if (blstrictdom(&ds_sl, &new_sl)) 416 needed_priv = PRIV_FILE_DOWNGRADE_SL; 417 else if (blstrictdom(&new_sl, &ds_sl)) 418 needed_priv = PRIV_FILE_UPGRADE_SL; 419 } else { 420 /* dataset currently has a default label */ 421 if (!new_default) 422 needed_priv = PRIV_FILE_UPGRADE_SL; 423 } 424 425 out_check: 426 if (needed_priv != -1) 427 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL)); 428 return (0); 429 } 430 431 static int 432 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval, 433 cred_t *cr) 434 { 435 char *strval; 436 437 /* 438 * Check permissions for special properties. 439 */ 440 switch (prop) { 441 case ZFS_PROP_ZONED: 442 /* 443 * Disallow setting of 'zoned' from within a local zone. 444 */ 445 if (!INGLOBALZONE(curproc)) 446 return (EPERM); 447 break; 448 449 case ZFS_PROP_QUOTA: 450 if (!INGLOBALZONE(curproc)) { 451 uint64_t zoned; 452 char setpoint[MAXNAMELEN]; 453 /* 454 * Unprivileged users are allowed to modify the 455 * quota on things *under* (ie. contained by) 456 * the thing they own. 457 */ 458 if (dsl_prop_get_integer(dsname, "zoned", &zoned, 459 setpoint)) 460 return (EPERM); 461 if (!zoned || strlen(dsname) <= strlen(setpoint)) 462 return (EPERM); 463 } 464 break; 465 466 case ZFS_PROP_MLSLABEL: 467 if (!is_system_labeled()) 468 return (EPERM); 469 470 if (nvpair_value_string(propval, &strval) == 0) { 471 int err; 472 473 err = zfs_set_slabel_policy(dsname, strval, CRED()); 474 if (err != 0) 475 return (err); 476 } 477 break; 478 } 479 480 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr)); 481 } 482 483 int 484 zfs_secpolicy_fsacl(zfs_cmd_t *zc, cred_t *cr) 485 { 486 int error; 487 488 error = zfs_dozonecheck(zc->zc_name, cr); 489 if (error) 490 return (error); 491 492 /* 493 * permission to set permissions will be evaluated later in 494 * dsl_deleg_can_allow() 495 */ 496 return (0); 497 } 498 499 int 500 zfs_secpolicy_rollback(zfs_cmd_t *zc, cred_t *cr) 501 { 502 return (zfs_secpolicy_write_perms(zc->zc_name, 503 ZFS_DELEG_PERM_ROLLBACK, cr)); 504 } 505 506 int 507 zfs_secpolicy_send(zfs_cmd_t *zc, cred_t *cr) 508 { 509 return (zfs_secpolicy_write_perms(zc->zc_name, 510 ZFS_DELEG_PERM_SEND, cr)); 511 } 512 513 static int 514 zfs_secpolicy_deleg_share(zfs_cmd_t *zc, cred_t *cr) 515 { 516 vnode_t *vp; 517 int error; 518 519 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE, 520 NO_FOLLOW, NULL, &vp)) != 0) 521 return (error); 522 523 /* Now make sure mntpnt and dataset are ZFS */ 524 525 if (vp->v_vfsp->vfs_fstype != zfsfstype || 526 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource), 527 zc->zc_name) != 0)) { 528 VN_RELE(vp); 529 return (EPERM); 530 } 531 532 VN_RELE(vp); 533 return (dsl_deleg_access(zc->zc_name, 534 ZFS_DELEG_PERM_SHARE, cr)); 535 } 536 537 int 538 zfs_secpolicy_share(zfs_cmd_t *zc, cred_t *cr) 539 { 540 if (!INGLOBALZONE(curproc)) 541 return (EPERM); 542 543 if (secpolicy_nfs(cr) == 0) { 544 return (0); 545 } else { 546 return (zfs_secpolicy_deleg_share(zc, cr)); 547 } 548 } 549 550 int 551 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, cred_t *cr) 552 { 553 if (!INGLOBALZONE(curproc)) 554 return (EPERM); 555 556 if (secpolicy_smb(cr) == 0) { 557 return (0); 558 } else { 559 return (zfs_secpolicy_deleg_share(zc, cr)); 560 } 561 } 562 563 static int 564 zfs_get_parent(const char *datasetname, char *parent, int parentsize) 565 { 566 char *cp; 567 568 /* 569 * Remove the @bla or /bla from the end of the name to get the parent. 570 */ 571 (void) strncpy(parent, datasetname, parentsize); 572 cp = strrchr(parent, '@'); 573 if (cp != NULL) { 574 cp[0] = '\0'; 575 } else { 576 cp = strrchr(parent, '/'); 577 if (cp == NULL) 578 return (ENOENT); 579 cp[0] = '\0'; 580 } 581 582 return (0); 583 } 584 585 int 586 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr) 587 { 588 int error; 589 590 if ((error = zfs_secpolicy_write_perms(name, 591 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 592 return (error); 593 594 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr)); 595 } 596 597 static int 598 zfs_secpolicy_destroy(zfs_cmd_t *zc, cred_t *cr) 599 { 600 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr)); 601 } 602 603 /* 604 * Must have sys_config privilege to check the iscsi permission 605 */ 606 /* ARGSUSED */ 607 static int 608 zfs_secpolicy_iscsi(zfs_cmd_t *zc, cred_t *cr) 609 { 610 return (secpolicy_zfs(cr)); 611 } 612 613 int 614 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr) 615 { 616 char parentname[MAXNAMELEN]; 617 int error; 618 619 if ((error = zfs_secpolicy_write_perms(from, 620 ZFS_DELEG_PERM_RENAME, cr)) != 0) 621 return (error); 622 623 if ((error = zfs_secpolicy_write_perms(from, 624 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 625 return (error); 626 627 if ((error = zfs_get_parent(to, parentname, 628 sizeof (parentname))) != 0) 629 return (error); 630 631 if ((error = zfs_secpolicy_write_perms(parentname, 632 ZFS_DELEG_PERM_CREATE, cr)) != 0) 633 return (error); 634 635 if ((error = zfs_secpolicy_write_perms(parentname, 636 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 637 return (error); 638 639 return (error); 640 } 641 642 static int 643 zfs_secpolicy_rename(zfs_cmd_t *zc, cred_t *cr) 644 { 645 return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr)); 646 } 647 648 static int 649 zfs_secpolicy_promote(zfs_cmd_t *zc, cred_t *cr) 650 { 651 char parentname[MAXNAMELEN]; 652 objset_t *clone; 653 int error; 654 655 error = zfs_secpolicy_write_perms(zc->zc_name, 656 ZFS_DELEG_PERM_PROMOTE, cr); 657 if (error) 658 return (error); 659 660 error = dmu_objset_hold(zc->zc_name, FTAG, &clone); 661 662 if (error == 0) { 663 dsl_dataset_t *pclone = NULL; 664 dsl_dir_t *dd; 665 dd = clone->os_dsl_dataset->ds_dir; 666 667 rw_enter(&dd->dd_pool->dp_config_rwlock, RW_READER); 668 error = dsl_dataset_hold_obj(dd->dd_pool, 669 dd->dd_phys->dd_origin_obj, FTAG, &pclone); 670 rw_exit(&dd->dd_pool->dp_config_rwlock); 671 if (error) { 672 dmu_objset_rele(clone, FTAG); 673 return (error); 674 } 675 676 error = zfs_secpolicy_write_perms(zc->zc_name, 677 ZFS_DELEG_PERM_MOUNT, cr); 678 679 dsl_dataset_name(pclone, parentname); 680 dmu_objset_rele(clone, FTAG); 681 dsl_dataset_rele(pclone, FTAG); 682 if (error == 0) 683 error = zfs_secpolicy_write_perms(parentname, 684 ZFS_DELEG_PERM_PROMOTE, cr); 685 } 686 return (error); 687 } 688 689 static int 690 zfs_secpolicy_receive(zfs_cmd_t *zc, cred_t *cr) 691 { 692 int error; 693 694 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 695 ZFS_DELEG_PERM_RECEIVE, cr)) != 0) 696 return (error); 697 698 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 699 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 700 return (error); 701 702 return (zfs_secpolicy_write_perms(zc->zc_name, 703 ZFS_DELEG_PERM_CREATE, cr)); 704 } 705 706 int 707 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr) 708 { 709 return (zfs_secpolicy_write_perms(name, 710 ZFS_DELEG_PERM_SNAPSHOT, cr)); 711 } 712 713 static int 714 zfs_secpolicy_snapshot(zfs_cmd_t *zc, cred_t *cr) 715 { 716 717 return (zfs_secpolicy_snapshot_perms(zc->zc_name, cr)); 718 } 719 720 static int 721 zfs_secpolicy_create(zfs_cmd_t *zc, cred_t *cr) 722 { 723 char parentname[MAXNAMELEN]; 724 int error; 725 726 if ((error = zfs_get_parent(zc->zc_name, parentname, 727 sizeof (parentname))) != 0) 728 return (error); 729 730 if (zc->zc_value[0] != '\0') { 731 if ((error = zfs_secpolicy_write_perms(zc->zc_value, 732 ZFS_DELEG_PERM_CLONE, cr)) != 0) 733 return (error); 734 } 735 736 if ((error = zfs_secpolicy_write_perms(parentname, 737 ZFS_DELEG_PERM_CREATE, cr)) != 0) 738 return (error); 739 740 error = zfs_secpolicy_write_perms(parentname, 741 ZFS_DELEG_PERM_MOUNT, cr); 742 743 return (error); 744 } 745 746 static int 747 zfs_secpolicy_umount(zfs_cmd_t *zc, cred_t *cr) 748 { 749 int error; 750 751 error = secpolicy_fs_unmount(cr, NULL); 752 if (error) { 753 error = dsl_deleg_access(zc->zc_name, ZFS_DELEG_PERM_MOUNT, cr); 754 } 755 return (error); 756 } 757 758 /* 759 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires 760 * SYS_CONFIG privilege, which is not available in a local zone. 761 */ 762 /* ARGSUSED */ 763 static int 764 zfs_secpolicy_config(zfs_cmd_t *zc, cred_t *cr) 765 { 766 if (secpolicy_sys_config(cr, B_FALSE) != 0) 767 return (EPERM); 768 769 return (0); 770 } 771 772 /* 773 * Policy for fault injection. Requires all privileges. 774 */ 775 /* ARGSUSED */ 776 static int 777 zfs_secpolicy_inject(zfs_cmd_t *zc, cred_t *cr) 778 { 779 return (secpolicy_zinject(cr)); 780 } 781 782 static int 783 zfs_secpolicy_inherit(zfs_cmd_t *zc, cred_t *cr) 784 { 785 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value); 786 787 if (prop == ZPROP_INVAL) { 788 if (!zfs_prop_user(zc->zc_value)) 789 return (EINVAL); 790 return (zfs_secpolicy_write_perms(zc->zc_name, 791 ZFS_DELEG_PERM_USERPROP, cr)); 792 } else { 793 return (zfs_secpolicy_setprop(zc->zc_name, prop, 794 NULL, cr)); 795 } 796 } 797 798 static int 799 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, cred_t *cr) 800 { 801 int err = zfs_secpolicy_read(zc, cr); 802 if (err) 803 return (err); 804 805 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 806 return (EINVAL); 807 808 if (zc->zc_value[0] == 0) { 809 /* 810 * They are asking about a posix uid/gid. If it's 811 * themself, allow it. 812 */ 813 if (zc->zc_objset_type == ZFS_PROP_USERUSED || 814 zc->zc_objset_type == ZFS_PROP_USERQUOTA) { 815 if (zc->zc_guid == crgetuid(cr)) 816 return (0); 817 } else { 818 if (groupmember(zc->zc_guid, cr)) 819 return (0); 820 } 821 } 822 823 return (zfs_secpolicy_write_perms(zc->zc_name, 824 userquota_perms[zc->zc_objset_type], cr)); 825 } 826 827 static int 828 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, cred_t *cr) 829 { 830 int err = zfs_secpolicy_read(zc, cr); 831 if (err) 832 return (err); 833 834 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 835 return (EINVAL); 836 837 return (zfs_secpolicy_write_perms(zc->zc_name, 838 userquota_perms[zc->zc_objset_type], cr)); 839 } 840 841 static int 842 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, cred_t *cr) 843 { 844 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION, 845 NULL, cr)); 846 } 847 848 static int 849 zfs_secpolicy_hold(zfs_cmd_t *zc, cred_t *cr) 850 { 851 return (zfs_secpolicy_write_perms(zc->zc_name, 852 ZFS_DELEG_PERM_HOLD, cr)); 853 } 854 855 static int 856 zfs_secpolicy_release(zfs_cmd_t *zc, cred_t *cr) 857 { 858 return (zfs_secpolicy_write_perms(zc->zc_name, 859 ZFS_DELEG_PERM_RELEASE, cr)); 860 } 861 862 /* 863 * Returns the nvlist as specified by the user in the zfs_cmd_t. 864 */ 865 static int 866 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp) 867 { 868 char *packed; 869 int error; 870 nvlist_t *list = NULL; 871 872 /* 873 * Read in and unpack the user-supplied nvlist. 874 */ 875 if (size == 0) 876 return (EINVAL); 877 878 packed = kmem_alloc(size, KM_SLEEP); 879 880 if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size, 881 iflag)) != 0) { 882 kmem_free(packed, size); 883 return (error); 884 } 885 886 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) { 887 kmem_free(packed, size); 888 return (error); 889 } 890 891 kmem_free(packed, size); 892 893 *nvp = list; 894 return (0); 895 } 896 897 static int 898 fit_error_list(zfs_cmd_t *zc, nvlist_t **errors) 899 { 900 size_t size; 901 902 VERIFY(nvlist_size(*errors, &size, NV_ENCODE_NATIVE) == 0); 903 904 if (size > zc->zc_nvlist_dst_size) { 905 nvpair_t *more_errors; 906 int n = 0; 907 908 if (zc->zc_nvlist_dst_size < 1024) 909 return (ENOMEM); 910 911 VERIFY(nvlist_add_int32(*errors, ZPROP_N_MORE_ERRORS, 0) == 0); 912 more_errors = nvlist_prev_nvpair(*errors, NULL); 913 914 do { 915 nvpair_t *pair = nvlist_prev_nvpair(*errors, 916 more_errors); 917 VERIFY(nvlist_remove_nvpair(*errors, pair) == 0); 918 n++; 919 VERIFY(nvlist_size(*errors, &size, 920 NV_ENCODE_NATIVE) == 0); 921 } while (size > zc->zc_nvlist_dst_size); 922 923 VERIFY(nvlist_remove_nvpair(*errors, more_errors) == 0); 924 VERIFY(nvlist_add_int32(*errors, ZPROP_N_MORE_ERRORS, n) == 0); 925 ASSERT(nvlist_size(*errors, &size, NV_ENCODE_NATIVE) == 0); 926 ASSERT(size <= zc->zc_nvlist_dst_size); 927 } 928 929 return (0); 930 } 931 932 static int 933 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl) 934 { 935 char *packed = NULL; 936 size_t size; 937 int error; 938 939 VERIFY(nvlist_size(nvl, &size, NV_ENCODE_NATIVE) == 0); 940 941 if (size > zc->zc_nvlist_dst_size) { 942 error = ENOMEM; 943 } else { 944 packed = kmem_alloc(size, KM_SLEEP); 945 VERIFY(nvlist_pack(nvl, &packed, &size, NV_ENCODE_NATIVE, 946 KM_SLEEP) == 0); 947 error = ddi_copyout(packed, 948 (void *)(uintptr_t)zc->zc_nvlist_dst, size, zc->zc_iflags); 949 kmem_free(packed, size); 950 } 951 952 zc->zc_nvlist_dst_size = size; 953 return (error); 954 } 955 956 static int 957 getzfsvfs(const char *dsname, zfsvfs_t **zfvp) 958 { 959 objset_t *os; 960 int error; 961 962 error = dmu_objset_hold(dsname, FTAG, &os); 963 if (error) 964 return (error); 965 if (dmu_objset_type(os) != DMU_OST_ZFS) { 966 dmu_objset_rele(os, FTAG); 967 return (EINVAL); 968 } 969 970 mutex_enter(&os->os_user_ptr_lock); 971 *zfvp = dmu_objset_get_user(os); 972 if (*zfvp) { 973 VFS_HOLD((*zfvp)->z_vfs); 974 } else { 975 error = ESRCH; 976 } 977 mutex_exit(&os->os_user_ptr_lock); 978 dmu_objset_rele(os, FTAG); 979 return (error); 980 } 981 982 /* 983 * Find a zfsvfs_t for a mounted filesystem, or create our own, in which 984 * case its z_vfs will be NULL, and it will be opened as the owner. 985 */ 986 static int 987 zfsvfs_hold(const char *name, void *tag, zfsvfs_t **zfvp) 988 { 989 int error = 0; 990 991 if (getzfsvfs(name, zfvp) != 0) 992 error = zfsvfs_create(name, zfvp); 993 if (error == 0) { 994 rrw_enter(&(*zfvp)->z_teardown_lock, RW_READER, tag); 995 if ((*zfvp)->z_unmounted) { 996 /* 997 * XXX we could probably try again, since the unmounting 998 * thread should be just about to disassociate the 999 * objset from the zfsvfs. 1000 */ 1001 rrw_exit(&(*zfvp)->z_teardown_lock, tag); 1002 return (EBUSY); 1003 } 1004 } 1005 return (error); 1006 } 1007 1008 static void 1009 zfsvfs_rele(zfsvfs_t *zfsvfs, void *tag) 1010 { 1011 rrw_exit(&zfsvfs->z_teardown_lock, tag); 1012 1013 if (zfsvfs->z_vfs) { 1014 VFS_RELE(zfsvfs->z_vfs); 1015 } else { 1016 dmu_objset_disown(zfsvfs->z_os, zfsvfs); 1017 zfsvfs_free(zfsvfs); 1018 } 1019 } 1020 1021 static int 1022 zfs_ioc_pool_create(zfs_cmd_t *zc) 1023 { 1024 int error; 1025 nvlist_t *config, *props = NULL; 1026 nvlist_t *rootprops = NULL; 1027 nvlist_t *zplprops = NULL; 1028 char *buf; 1029 1030 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1031 zc->zc_iflags, &config)) 1032 return (error); 1033 1034 if (zc->zc_nvlist_src_size != 0 && (error = 1035 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1036 zc->zc_iflags, &props))) { 1037 nvlist_free(config); 1038 return (error); 1039 } 1040 1041 if (props) { 1042 nvlist_t *nvl = NULL; 1043 uint64_t version = SPA_VERSION; 1044 1045 (void) nvlist_lookup_uint64(props, 1046 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version); 1047 if (version < SPA_VERSION_INITIAL || version > SPA_VERSION) { 1048 error = EINVAL; 1049 goto pool_props_bad; 1050 } 1051 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl); 1052 if (nvl) { 1053 error = nvlist_dup(nvl, &rootprops, KM_SLEEP); 1054 if (error != 0) { 1055 nvlist_free(config); 1056 nvlist_free(props); 1057 return (error); 1058 } 1059 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS); 1060 } 1061 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 1062 error = zfs_fill_zplprops_root(version, rootprops, 1063 zplprops, NULL); 1064 if (error) 1065 goto pool_props_bad; 1066 } 1067 1068 buf = history_str_get(zc); 1069 1070 error = spa_create(zc->zc_name, config, props, buf, zplprops); 1071 1072 /* 1073 * Set the remaining root properties 1074 */ 1075 if (!error && (error = zfs_set_prop_nvlist(zc->zc_name, 1076 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0) 1077 (void) spa_destroy(zc->zc_name); 1078 1079 if (buf != NULL) 1080 history_str_free(buf); 1081 1082 pool_props_bad: 1083 nvlist_free(rootprops); 1084 nvlist_free(zplprops); 1085 nvlist_free(config); 1086 nvlist_free(props); 1087 1088 return (error); 1089 } 1090 1091 static int 1092 zfs_ioc_pool_destroy(zfs_cmd_t *zc) 1093 { 1094 int error; 1095 zfs_log_history(zc); 1096 error = spa_destroy(zc->zc_name); 1097 if (error == 0) 1098 zvol_remove_minors(zc->zc_name); 1099 return (error); 1100 } 1101 1102 static int 1103 zfs_ioc_pool_import(zfs_cmd_t *zc) 1104 { 1105 nvlist_t *config, *props = NULL; 1106 uint64_t guid; 1107 int error; 1108 1109 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1110 zc->zc_iflags, &config)) != 0) 1111 return (error); 1112 1113 if (zc->zc_nvlist_src_size != 0 && (error = 1114 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1115 zc->zc_iflags, &props))) { 1116 nvlist_free(config); 1117 return (error); 1118 } 1119 1120 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 || 1121 guid != zc->zc_guid) 1122 error = EINVAL; 1123 else if (zc->zc_cookie) 1124 error = spa_import_verbatim(zc->zc_name, config, props); 1125 else 1126 error = spa_import(zc->zc_name, config, props); 1127 1128 if (zc->zc_nvlist_dst != 0) 1129 (void) put_nvlist(zc, config); 1130 1131 nvlist_free(config); 1132 1133 if (props) 1134 nvlist_free(props); 1135 1136 return (error); 1137 } 1138 1139 static int 1140 zfs_ioc_pool_export(zfs_cmd_t *zc) 1141 { 1142 int error; 1143 boolean_t force = (boolean_t)zc->zc_cookie; 1144 boolean_t hardforce = (boolean_t)zc->zc_guid; 1145 1146 zfs_log_history(zc); 1147 error = spa_export(zc->zc_name, NULL, force, hardforce); 1148 if (error == 0) 1149 zvol_remove_minors(zc->zc_name); 1150 return (error); 1151 } 1152 1153 static int 1154 zfs_ioc_pool_configs(zfs_cmd_t *zc) 1155 { 1156 nvlist_t *configs; 1157 int error; 1158 1159 if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL) 1160 return (EEXIST); 1161 1162 error = put_nvlist(zc, configs); 1163 1164 nvlist_free(configs); 1165 1166 return (error); 1167 } 1168 1169 static int 1170 zfs_ioc_pool_stats(zfs_cmd_t *zc) 1171 { 1172 nvlist_t *config; 1173 int error; 1174 int ret = 0; 1175 1176 error = spa_get_stats(zc->zc_name, &config, zc->zc_value, 1177 sizeof (zc->zc_value)); 1178 1179 if (config != NULL) { 1180 ret = put_nvlist(zc, config); 1181 nvlist_free(config); 1182 1183 /* 1184 * The config may be present even if 'error' is non-zero. 1185 * In this case we return success, and preserve the real errno 1186 * in 'zc_cookie'. 1187 */ 1188 zc->zc_cookie = error; 1189 } else { 1190 ret = error; 1191 } 1192 1193 return (ret); 1194 } 1195 1196 /* 1197 * Try to import the given pool, returning pool stats as appropriate so that 1198 * user land knows which devices are available and overall pool health. 1199 */ 1200 static int 1201 zfs_ioc_pool_tryimport(zfs_cmd_t *zc) 1202 { 1203 nvlist_t *tryconfig, *config; 1204 int error; 1205 1206 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1207 zc->zc_iflags, &tryconfig)) != 0) 1208 return (error); 1209 1210 config = spa_tryimport(tryconfig); 1211 1212 nvlist_free(tryconfig); 1213 1214 if (config == NULL) 1215 return (EINVAL); 1216 1217 error = put_nvlist(zc, config); 1218 nvlist_free(config); 1219 1220 return (error); 1221 } 1222 1223 static int 1224 zfs_ioc_pool_scrub(zfs_cmd_t *zc) 1225 { 1226 spa_t *spa; 1227 int error; 1228 1229 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1230 return (error); 1231 1232 error = spa_scrub(spa, zc->zc_cookie); 1233 1234 spa_close(spa, FTAG); 1235 1236 return (error); 1237 } 1238 1239 static int 1240 zfs_ioc_pool_freeze(zfs_cmd_t *zc) 1241 { 1242 spa_t *spa; 1243 int error; 1244 1245 error = spa_open(zc->zc_name, &spa, FTAG); 1246 if (error == 0) { 1247 spa_freeze(spa); 1248 spa_close(spa, FTAG); 1249 } 1250 return (error); 1251 } 1252 1253 static int 1254 zfs_ioc_pool_upgrade(zfs_cmd_t *zc) 1255 { 1256 spa_t *spa; 1257 int error; 1258 1259 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1260 return (error); 1261 1262 if (zc->zc_cookie < spa_version(spa) || zc->zc_cookie > SPA_VERSION) { 1263 spa_close(spa, FTAG); 1264 return (EINVAL); 1265 } 1266 1267 spa_upgrade(spa, zc->zc_cookie); 1268 spa_close(spa, FTAG); 1269 1270 return (error); 1271 } 1272 1273 static int 1274 zfs_ioc_pool_get_history(zfs_cmd_t *zc) 1275 { 1276 spa_t *spa; 1277 char *hist_buf; 1278 uint64_t size; 1279 int error; 1280 1281 if ((size = zc->zc_history_len) == 0) 1282 return (EINVAL); 1283 1284 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1285 return (error); 1286 1287 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) { 1288 spa_close(spa, FTAG); 1289 return (ENOTSUP); 1290 } 1291 1292 hist_buf = kmem_alloc(size, KM_SLEEP); 1293 if ((error = spa_history_get(spa, &zc->zc_history_offset, 1294 &zc->zc_history_len, hist_buf)) == 0) { 1295 error = ddi_copyout(hist_buf, 1296 (void *)(uintptr_t)zc->zc_history, 1297 zc->zc_history_len, zc->zc_iflags); 1298 } 1299 1300 spa_close(spa, FTAG); 1301 kmem_free(hist_buf, size); 1302 return (error); 1303 } 1304 1305 static int 1306 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc) 1307 { 1308 int error; 1309 1310 if (error = dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value)) 1311 return (error); 1312 1313 return (0); 1314 } 1315 1316 /* 1317 * inputs: 1318 * zc_name name of filesystem 1319 * zc_obj object to find 1320 * 1321 * outputs: 1322 * zc_value name of object 1323 */ 1324 static int 1325 zfs_ioc_obj_to_path(zfs_cmd_t *zc) 1326 { 1327 objset_t *os; 1328 int error; 1329 1330 /* XXX reading from objset not owned */ 1331 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0) 1332 return (error); 1333 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1334 dmu_objset_rele(os, FTAG); 1335 return (EINVAL); 1336 } 1337 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value, 1338 sizeof (zc->zc_value)); 1339 dmu_objset_rele(os, FTAG); 1340 1341 return (error); 1342 } 1343 1344 static int 1345 zfs_ioc_vdev_add(zfs_cmd_t *zc) 1346 { 1347 spa_t *spa; 1348 int error; 1349 nvlist_t *config, **l2cache, **spares; 1350 uint_t nl2cache = 0, nspares = 0; 1351 1352 error = spa_open(zc->zc_name, &spa, FTAG); 1353 if (error != 0) 1354 return (error); 1355 1356 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1357 zc->zc_iflags, &config); 1358 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_L2CACHE, 1359 &l2cache, &nl2cache); 1360 1361 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_SPARES, 1362 &spares, &nspares); 1363 1364 /* 1365 * A root pool with concatenated devices is not supported. 1366 * Thus, can not add a device to a root pool. 1367 * 1368 * Intent log device can not be added to a rootpool because 1369 * during mountroot, zil is replayed, a seperated log device 1370 * can not be accessed during the mountroot time. 1371 * 1372 * l2cache and spare devices are ok to be added to a rootpool. 1373 */ 1374 if (spa_bootfs(spa) != 0 && nl2cache == 0 && nspares == 0) { 1375 spa_close(spa, FTAG); 1376 return (EDOM); 1377 } 1378 1379 if (error == 0) { 1380 error = spa_vdev_add(spa, config); 1381 nvlist_free(config); 1382 } 1383 spa_close(spa, FTAG); 1384 return (error); 1385 } 1386 1387 static int 1388 zfs_ioc_vdev_remove(zfs_cmd_t *zc) 1389 { 1390 spa_t *spa; 1391 int error; 1392 1393 error = spa_open(zc->zc_name, &spa, FTAG); 1394 if (error != 0) 1395 return (error); 1396 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE); 1397 spa_close(spa, FTAG); 1398 return (error); 1399 } 1400 1401 static int 1402 zfs_ioc_vdev_set_state(zfs_cmd_t *zc) 1403 { 1404 spa_t *spa; 1405 int error; 1406 vdev_state_t newstate = VDEV_STATE_UNKNOWN; 1407 1408 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1409 return (error); 1410 switch (zc->zc_cookie) { 1411 case VDEV_STATE_ONLINE: 1412 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate); 1413 break; 1414 1415 case VDEV_STATE_OFFLINE: 1416 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj); 1417 break; 1418 1419 case VDEV_STATE_FAULTED: 1420 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED && 1421 zc->zc_obj != VDEV_AUX_EXTERNAL) 1422 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED; 1423 1424 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj); 1425 break; 1426 1427 case VDEV_STATE_DEGRADED: 1428 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED && 1429 zc->zc_obj != VDEV_AUX_EXTERNAL) 1430 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED; 1431 1432 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj); 1433 break; 1434 1435 default: 1436 error = EINVAL; 1437 } 1438 zc->zc_cookie = newstate; 1439 spa_close(spa, FTAG); 1440 return (error); 1441 } 1442 1443 static int 1444 zfs_ioc_vdev_attach(zfs_cmd_t *zc) 1445 { 1446 spa_t *spa; 1447 int replacing = zc->zc_cookie; 1448 nvlist_t *config; 1449 int error; 1450 1451 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1452 return (error); 1453 1454 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1455 zc->zc_iflags, &config)) == 0) { 1456 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing); 1457 nvlist_free(config); 1458 } 1459 1460 spa_close(spa, FTAG); 1461 return (error); 1462 } 1463 1464 static int 1465 zfs_ioc_vdev_detach(zfs_cmd_t *zc) 1466 { 1467 spa_t *spa; 1468 int error; 1469 1470 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1471 return (error); 1472 1473 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE); 1474 1475 spa_close(spa, FTAG); 1476 return (error); 1477 } 1478 1479 static int 1480 zfs_ioc_vdev_setpath(zfs_cmd_t *zc) 1481 { 1482 spa_t *spa; 1483 char *path = zc->zc_value; 1484 uint64_t guid = zc->zc_guid; 1485 int error; 1486 1487 error = spa_open(zc->zc_name, &spa, FTAG); 1488 if (error != 0) 1489 return (error); 1490 1491 error = spa_vdev_setpath(spa, guid, path); 1492 spa_close(spa, FTAG); 1493 return (error); 1494 } 1495 1496 static int 1497 zfs_ioc_vdev_setfru(zfs_cmd_t *zc) 1498 { 1499 spa_t *spa; 1500 char *fru = zc->zc_value; 1501 uint64_t guid = zc->zc_guid; 1502 int error; 1503 1504 error = spa_open(zc->zc_name, &spa, FTAG); 1505 if (error != 0) 1506 return (error); 1507 1508 error = spa_vdev_setfru(spa, guid, fru); 1509 spa_close(spa, FTAG); 1510 return (error); 1511 } 1512 1513 /* 1514 * inputs: 1515 * zc_name name of filesystem 1516 * zc_nvlist_dst_size size of buffer for property nvlist 1517 * 1518 * outputs: 1519 * zc_objset_stats stats 1520 * zc_nvlist_dst property nvlist 1521 * zc_nvlist_dst_size size of property nvlist 1522 */ 1523 static int 1524 zfs_ioc_objset_stats(zfs_cmd_t *zc) 1525 { 1526 objset_t *os = NULL; 1527 int error; 1528 nvlist_t *nv; 1529 1530 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os)) 1531 return (error); 1532 1533 dmu_objset_fast_stat(os, &zc->zc_objset_stats); 1534 1535 if (zc->zc_nvlist_dst != 0 && 1536 (error = dsl_prop_get_all(os, &nv)) == 0) { 1537 dmu_objset_stats(os, nv); 1538 /* 1539 * NB: zvol_get_stats() will read the objset contents, 1540 * which we aren't supposed to do with a 1541 * DS_MODE_USER hold, because it could be 1542 * inconsistent. So this is a bit of a workaround... 1543 * XXX reading with out owning 1544 */ 1545 if (!zc->zc_objset_stats.dds_inconsistent) { 1546 if (dmu_objset_type(os) == DMU_OST_ZVOL) 1547 VERIFY(zvol_get_stats(os, nv) == 0); 1548 } 1549 error = put_nvlist(zc, nv); 1550 nvlist_free(nv); 1551 } 1552 1553 dmu_objset_rele(os, FTAG); 1554 return (error); 1555 } 1556 1557 /* 1558 * inputs: 1559 * zc_name name of filesystem 1560 * zc_nvlist_dst_size size of buffer for property nvlist 1561 * 1562 * outputs: 1563 * zc_nvlist_dst received property nvlist 1564 * zc_nvlist_dst_size size of received property nvlist 1565 * 1566 * Gets received properties (distinct from local properties on or after 1567 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from 1568 * local property values. 1569 */ 1570 static int 1571 zfs_ioc_objset_recvd_props(zfs_cmd_t *zc) 1572 { 1573 objset_t *os = NULL; 1574 int error; 1575 nvlist_t *nv; 1576 1577 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os)) 1578 return (error); 1579 1580 /* 1581 * Without this check, we would return local property values if the 1582 * caller has not already received properties on or after 1583 * SPA_VERSION_RECVD_PROPS. 1584 */ 1585 if (!dsl_prop_get_hasrecvd(os)) { 1586 dmu_objset_rele(os, FTAG); 1587 return (ENOTSUP); 1588 } 1589 1590 if (zc->zc_nvlist_dst != 0 && 1591 (error = dsl_prop_get_received(os, &nv)) == 0) { 1592 error = put_nvlist(zc, nv); 1593 nvlist_free(nv); 1594 } 1595 1596 dmu_objset_rele(os, FTAG); 1597 return (error); 1598 } 1599 1600 static int 1601 nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop) 1602 { 1603 uint64_t value; 1604 int error; 1605 1606 /* 1607 * zfs_get_zplprop() will either find a value or give us 1608 * the default value (if there is one). 1609 */ 1610 if ((error = zfs_get_zplprop(os, prop, &value)) != 0) 1611 return (error); 1612 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0); 1613 return (0); 1614 } 1615 1616 /* 1617 * inputs: 1618 * zc_name name of filesystem 1619 * zc_nvlist_dst_size size of buffer for zpl property nvlist 1620 * 1621 * outputs: 1622 * zc_nvlist_dst zpl property nvlist 1623 * zc_nvlist_dst_size size of zpl property nvlist 1624 */ 1625 static int 1626 zfs_ioc_objset_zplprops(zfs_cmd_t *zc) 1627 { 1628 objset_t *os; 1629 int err; 1630 1631 /* XXX reading without owning */ 1632 if (err = dmu_objset_hold(zc->zc_name, FTAG, &os)) 1633 return (err); 1634 1635 dmu_objset_fast_stat(os, &zc->zc_objset_stats); 1636 1637 /* 1638 * NB: nvl_add_zplprop() will read the objset contents, 1639 * which we aren't supposed to do with a DS_MODE_USER 1640 * hold, because it could be inconsistent. 1641 */ 1642 if (zc->zc_nvlist_dst != NULL && 1643 !zc->zc_objset_stats.dds_inconsistent && 1644 dmu_objset_type(os) == DMU_OST_ZFS) { 1645 nvlist_t *nv; 1646 1647 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0); 1648 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 && 1649 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 && 1650 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 && 1651 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0) 1652 err = put_nvlist(zc, nv); 1653 nvlist_free(nv); 1654 } else { 1655 err = ENOENT; 1656 } 1657 dmu_objset_rele(os, FTAG); 1658 return (err); 1659 } 1660 1661 static boolean_t 1662 dataset_name_hidden(const char *name) 1663 { 1664 /* 1665 * Skip over datasets that are not visible in this zone, 1666 * internal datasets (which have a $ in their name), and 1667 * temporary datasets (which have a % in their name). 1668 */ 1669 if (strchr(name, '$') != NULL) 1670 return (B_TRUE); 1671 if (strchr(name, '%') != NULL) 1672 return (B_TRUE); 1673 if (!INGLOBALZONE(curproc) && !zone_dataset_visible(name, NULL)) 1674 return (B_TRUE); 1675 return (B_FALSE); 1676 } 1677 1678 /* 1679 * inputs: 1680 * zc_name name of filesystem 1681 * zc_cookie zap cursor 1682 * zc_nvlist_dst_size size of buffer for property nvlist 1683 * 1684 * outputs: 1685 * zc_name name of next filesystem 1686 * zc_cookie zap cursor 1687 * zc_objset_stats stats 1688 * zc_nvlist_dst property nvlist 1689 * zc_nvlist_dst_size size of property nvlist 1690 */ 1691 static int 1692 zfs_ioc_dataset_list_next(zfs_cmd_t *zc) 1693 { 1694 objset_t *os; 1695 int error; 1696 char *p; 1697 1698 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os)) { 1699 if (error == ENOENT) 1700 error = ESRCH; 1701 return (error); 1702 } 1703 1704 p = strrchr(zc->zc_name, '/'); 1705 if (p == NULL || p[1] != '\0') 1706 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name)); 1707 p = zc->zc_name + strlen(zc->zc_name); 1708 1709 /* 1710 * Pre-fetch the datasets. dmu_objset_prefetch() always returns 0 1711 * but is not declared void because its called by dmu_objset_find(). 1712 */ 1713 if (zc->zc_cookie == 0) { 1714 uint64_t cookie = 0; 1715 int len = sizeof (zc->zc_name) - (p - zc->zc_name); 1716 1717 while (dmu_dir_list_next(os, len, p, NULL, &cookie) == 0) 1718 (void) dmu_objset_prefetch(p, NULL); 1719 } 1720 1721 do { 1722 error = dmu_dir_list_next(os, 1723 sizeof (zc->zc_name) - (p - zc->zc_name), p, 1724 NULL, &zc->zc_cookie); 1725 if (error == ENOENT) 1726 error = ESRCH; 1727 } while (error == 0 && dataset_name_hidden(zc->zc_name) && 1728 !(zc->zc_iflags & FKIOCTL)); 1729 dmu_objset_rele(os, FTAG); 1730 1731 /* 1732 * If it's an internal dataset (ie. with a '$' in its name), 1733 * don't try to get stats for it, otherwise we'll return ENOENT. 1734 */ 1735 if (error == 0 && strchr(zc->zc_name, '$') == NULL) 1736 error = zfs_ioc_objset_stats(zc); /* fill in the stats */ 1737 return (error); 1738 } 1739 1740 /* 1741 * inputs: 1742 * zc_name name of filesystem 1743 * zc_cookie zap cursor 1744 * zc_nvlist_dst_size size of buffer for property nvlist 1745 * 1746 * outputs: 1747 * zc_name name of next snapshot 1748 * zc_objset_stats stats 1749 * zc_nvlist_dst property nvlist 1750 * zc_nvlist_dst_size size of property nvlist 1751 */ 1752 static int 1753 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc) 1754 { 1755 objset_t *os; 1756 int error; 1757 1758 if (zc->zc_cookie == 0) 1759 (void) dmu_objset_find(zc->zc_name, dmu_objset_prefetch, 1760 NULL, DS_FIND_SNAPSHOTS); 1761 1762 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 1763 if (error) 1764 return (error == ENOENT ? ESRCH : error); 1765 1766 /* 1767 * A dataset name of maximum length cannot have any snapshots, 1768 * so exit immediately. 1769 */ 1770 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >= MAXNAMELEN) { 1771 dmu_objset_rele(os, FTAG); 1772 return (ESRCH); 1773 } 1774 1775 error = dmu_snapshot_list_next(os, 1776 sizeof (zc->zc_name) - strlen(zc->zc_name), 1777 zc->zc_name + strlen(zc->zc_name), NULL, &zc->zc_cookie, NULL); 1778 dmu_objset_rele(os, FTAG); 1779 if (error == 0) 1780 error = zfs_ioc_objset_stats(zc); /* fill in the stats */ 1781 else if (error == ENOENT) 1782 error = ESRCH; 1783 1784 /* if we failed, undo the @ that we tacked on to zc_name */ 1785 if (error) 1786 *strchr(zc->zc_name, '@') = '\0'; 1787 return (error); 1788 } 1789 1790 static int 1791 zfs_prop_set_userquota(const char *dsname, nvpair_t *pair) 1792 { 1793 const char *propname = nvpair_name(pair); 1794 uint64_t *valary; 1795 unsigned int vallen; 1796 const char *domain; 1797 zfs_userquota_prop_t type; 1798 uint64_t rid; 1799 uint64_t quota; 1800 zfsvfs_t *zfsvfs; 1801 int err; 1802 1803 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 1804 nvlist_t *attrs; 1805 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 1806 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 1807 &pair) == 0); 1808 } 1809 1810 VERIFY(nvpair_value_uint64_array(pair, &valary, &vallen) == 0); 1811 VERIFY(vallen == 3); 1812 type = valary[0]; 1813 rid = valary[1]; 1814 quota = valary[2]; 1815 /* 1816 * The propname is encoded as 1817 * userquota@<rid>-<domain>. 1818 */ 1819 domain = strchr(propname, '-') + 1; 1820 1821 err = zfsvfs_hold(dsname, FTAG, &zfsvfs); 1822 if (err == 0) { 1823 err = zfs_set_userquota(zfsvfs, type, domain, rid, quota); 1824 zfsvfs_rele(zfsvfs, FTAG); 1825 } 1826 1827 return (err); 1828 } 1829 1830 /* 1831 * If the named property is one that has a special function to set its value, 1832 * return 0 on success and a positive error code on failure; otherwise if it is 1833 * not one of the special properties handled by this function, return -1. 1834 * 1835 * XXX: It would be better for callers of the properety interface if we handled 1836 * these special cases in dsl_prop.c (in the dsl layer). 1837 */ 1838 static int 1839 zfs_prop_set_special(const char *dsname, zprop_source_t source, 1840 nvpair_t *pair) 1841 { 1842 const char *propname = nvpair_name(pair); 1843 zfs_prop_t prop = zfs_name_to_prop(propname); 1844 uint64_t intval; 1845 int err; 1846 1847 if (prop == ZPROP_INVAL) { 1848 if (zfs_prop_userquota(propname)) 1849 return (zfs_prop_set_userquota(dsname, pair)); 1850 return (-1); 1851 } 1852 1853 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 1854 nvlist_t *attrs; 1855 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 1856 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 1857 &pair) == 0); 1858 } 1859 1860 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING) 1861 return (-1); 1862 1863 VERIFY(0 == nvpair_value_uint64(pair, &intval)); 1864 1865 switch (prop) { 1866 case ZFS_PROP_QUOTA: 1867 err = dsl_dir_set_quota(dsname, source, intval); 1868 break; 1869 case ZFS_PROP_REFQUOTA: 1870 err = dsl_dataset_set_quota(dsname, source, intval); 1871 break; 1872 case ZFS_PROP_RESERVATION: 1873 err = dsl_dir_set_reservation(dsname, source, intval); 1874 break; 1875 case ZFS_PROP_REFRESERVATION: 1876 err = dsl_dataset_set_reservation(dsname, source, intval); 1877 break; 1878 case ZFS_PROP_VOLSIZE: 1879 err = zvol_set_volsize(dsname, ddi_driver_major(zfs_dip), 1880 intval); 1881 break; 1882 case ZFS_PROP_VERSION: 1883 { 1884 zfsvfs_t *zfsvfs; 1885 1886 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs)) != 0) 1887 break; 1888 1889 err = zfs_set_version(zfsvfs, intval); 1890 zfsvfs_rele(zfsvfs, FTAG); 1891 1892 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) { 1893 zfs_cmd_t *zc; 1894 1895 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP); 1896 (void) strcpy(zc->zc_name, dsname); 1897 (void) zfs_ioc_userspace_upgrade(zc); 1898 kmem_free(zc, sizeof (zfs_cmd_t)); 1899 } 1900 break; 1901 } 1902 1903 default: 1904 err = -1; 1905 } 1906 1907 return (err); 1908 } 1909 1910 /* 1911 * This function is best effort. If it fails to set any of the given properties, 1912 * it continues to set as many as it can and returns the first error 1913 * encountered. If the caller provides a non-NULL errlist, it also gives the 1914 * complete list of names of all the properties it failed to set along with the 1915 * corresponding error numbers. The caller is responsible for freeing the 1916 * returned errlist. 1917 * 1918 * If every property is set successfully, zero is returned and the list pointed 1919 * at by errlist is NULL. 1920 */ 1921 int 1922 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl, 1923 nvlist_t **errlist) 1924 { 1925 nvpair_t *pair; 1926 nvpair_t *propval; 1927 int rv = 0; 1928 uint64_t intval; 1929 char *strval; 1930 nvlist_t *genericnvl; 1931 nvlist_t *errors; 1932 nvlist_t *retrynvl; 1933 1934 VERIFY(nvlist_alloc(&genericnvl, NV_UNIQUE_NAME, KM_SLEEP) == 0); 1935 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0); 1936 VERIFY(nvlist_alloc(&retrynvl, NV_UNIQUE_NAME, KM_SLEEP) == 0); 1937 1938 retry: 1939 pair = NULL; 1940 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) { 1941 const char *propname = nvpair_name(pair); 1942 zfs_prop_t prop = zfs_name_to_prop(propname); 1943 int err = 0; 1944 1945 /* decode the property value */ 1946 propval = pair; 1947 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 1948 nvlist_t *attrs; 1949 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 1950 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 1951 &propval) == 0); 1952 } 1953 1954 /* Validate value type */ 1955 if (prop == ZPROP_INVAL) { 1956 if (zfs_prop_user(propname)) { 1957 if (nvpair_type(propval) != DATA_TYPE_STRING) 1958 err = EINVAL; 1959 } else if (zfs_prop_userquota(propname)) { 1960 if (nvpair_type(propval) != 1961 DATA_TYPE_UINT64_ARRAY) 1962 err = EINVAL; 1963 } 1964 } else { 1965 if (nvpair_type(propval) == DATA_TYPE_STRING) { 1966 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING) 1967 err = EINVAL; 1968 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) { 1969 const char *unused; 1970 1971 VERIFY(nvpair_value_uint64(propval, 1972 &intval) == 0); 1973 1974 switch (zfs_prop_get_type(prop)) { 1975 case PROP_TYPE_NUMBER: 1976 break; 1977 case PROP_TYPE_STRING: 1978 err = EINVAL; 1979 break; 1980 case PROP_TYPE_INDEX: 1981 if (zfs_prop_index_to_string(prop, 1982 intval, &unused) != 0) 1983 err = EINVAL; 1984 break; 1985 default: 1986 cmn_err(CE_PANIC, 1987 "unknown property type"); 1988 } 1989 } else { 1990 err = EINVAL; 1991 } 1992 } 1993 1994 /* Validate permissions */ 1995 if (err == 0) 1996 err = zfs_check_settable(dsname, pair, CRED()); 1997 1998 if (err == 0) { 1999 err = zfs_prop_set_special(dsname, source, pair); 2000 if (err == -1) { 2001 /* 2002 * For better performance we build up a list of 2003 * properties to set in a single transaction. 2004 */ 2005 err = nvlist_add_nvpair(genericnvl, pair); 2006 } else if (err != 0 && nvl != retrynvl) { 2007 /* 2008 * This may be a spurious error caused by 2009 * receiving quota and reservation out of order. 2010 * Try again in a second pass. 2011 */ 2012 err = nvlist_add_nvpair(retrynvl, pair); 2013 } 2014 } 2015 2016 if (err != 0) 2017 VERIFY(nvlist_add_int32(errors, propname, err) == 0); 2018 } 2019 2020 if (nvl != retrynvl && !nvlist_empty(retrynvl)) { 2021 nvl = retrynvl; 2022 goto retry; 2023 } 2024 2025 if (!nvlist_empty(genericnvl) && 2026 dsl_props_set(dsname, source, genericnvl) != 0) { 2027 /* 2028 * If this fails, we still want to set as many properties as we 2029 * can, so try setting them individually. 2030 */ 2031 pair = NULL; 2032 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) { 2033 const char *propname = nvpair_name(pair); 2034 int err = 0; 2035 2036 propval = pair; 2037 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2038 nvlist_t *attrs; 2039 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 2040 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2041 &propval) == 0); 2042 } 2043 2044 if (nvpair_type(propval) == DATA_TYPE_STRING) { 2045 VERIFY(nvpair_value_string(propval, 2046 &strval) == 0); 2047 err = dsl_prop_set(dsname, propname, source, 1, 2048 strlen(strval) + 1, strval); 2049 } else { 2050 VERIFY(nvpair_value_uint64(propval, 2051 &intval) == 0); 2052 err = dsl_prop_set(dsname, propname, source, 8, 2053 1, &intval); 2054 } 2055 2056 if (err != 0) { 2057 VERIFY(nvlist_add_int32(errors, propname, 2058 err) == 0); 2059 } 2060 } 2061 } 2062 nvlist_free(genericnvl); 2063 nvlist_free(retrynvl); 2064 2065 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) { 2066 nvlist_free(errors); 2067 errors = NULL; 2068 } else { 2069 VERIFY(nvpair_value_int32(pair, &rv) == 0); 2070 } 2071 2072 if (errlist == NULL) 2073 nvlist_free(errors); 2074 else 2075 *errlist = errors; 2076 2077 return (rv); 2078 } 2079 2080 /* 2081 * Check that all the properties are valid user properties. 2082 */ 2083 static int 2084 zfs_check_userprops(char *fsname, nvlist_t *nvl) 2085 { 2086 nvpair_t *pair = NULL; 2087 int error = 0; 2088 2089 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) { 2090 const char *propname = nvpair_name(pair); 2091 char *valstr; 2092 2093 if (!zfs_prop_user(propname) || 2094 nvpair_type(pair) != DATA_TYPE_STRING) 2095 return (EINVAL); 2096 2097 if (error = zfs_secpolicy_write_perms(fsname, 2098 ZFS_DELEG_PERM_USERPROP, CRED())) 2099 return (error); 2100 2101 if (strlen(propname) >= ZAP_MAXNAMELEN) 2102 return (ENAMETOOLONG); 2103 2104 VERIFY(nvpair_value_string(pair, &valstr) == 0); 2105 if (strlen(valstr) >= ZAP_MAXVALUELEN) 2106 return (E2BIG); 2107 } 2108 return (0); 2109 } 2110 2111 static void 2112 props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops) 2113 { 2114 nvpair_t *pair; 2115 2116 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2117 2118 pair = NULL; 2119 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) { 2120 if (nvlist_exists(skipped, nvpair_name(pair))) 2121 continue; 2122 2123 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0); 2124 } 2125 } 2126 2127 static int 2128 clear_received_props(objset_t *os, const char *fs, nvlist_t *props, 2129 nvlist_t *skipped) 2130 { 2131 int err = 0; 2132 nvlist_t *cleared_props = NULL; 2133 props_skip(props, skipped, &cleared_props); 2134 if (!nvlist_empty(cleared_props)) { 2135 /* 2136 * Acts on local properties until the dataset has received 2137 * properties at least once on or after SPA_VERSION_RECVD_PROPS. 2138 */ 2139 zprop_source_t flags = (ZPROP_SRC_NONE | 2140 (dsl_prop_get_hasrecvd(os) ? ZPROP_SRC_RECEIVED : 0)); 2141 err = zfs_set_prop_nvlist(fs, flags, cleared_props, NULL); 2142 } 2143 nvlist_free(cleared_props); 2144 return (err); 2145 } 2146 2147 /* 2148 * inputs: 2149 * zc_name name of filesystem 2150 * zc_value name of property to set 2151 * zc_nvlist_src{_size} nvlist of properties to apply 2152 * zc_cookie received properties flag 2153 * 2154 * outputs: 2155 * zc_nvlist_dst{_size} error for each unapplied received property 2156 */ 2157 static int 2158 zfs_ioc_set_prop(zfs_cmd_t *zc) 2159 { 2160 nvlist_t *nvl; 2161 boolean_t received = zc->zc_cookie; 2162 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED : 2163 ZPROP_SRC_LOCAL); 2164 nvlist_t *errors = NULL; 2165 int error; 2166 2167 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2168 zc->zc_iflags, &nvl)) != 0) 2169 return (error); 2170 2171 if (received) { 2172 nvlist_t *origprops; 2173 objset_t *os; 2174 2175 if (dmu_objset_hold(zc->zc_name, FTAG, &os) == 0) { 2176 if (dsl_prop_get_received(os, &origprops) == 0) { 2177 (void) clear_received_props(os, 2178 zc->zc_name, origprops, nvl); 2179 nvlist_free(origprops); 2180 } 2181 2182 dsl_prop_set_hasrecvd(os); 2183 dmu_objset_rele(os, FTAG); 2184 } 2185 } 2186 2187 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, &errors); 2188 2189 if (zc->zc_nvlist_dst != NULL && errors != NULL) { 2190 (void) put_nvlist(zc, errors); 2191 } 2192 2193 nvlist_free(errors); 2194 nvlist_free(nvl); 2195 return (error); 2196 } 2197 2198 /* 2199 * inputs: 2200 * zc_name name of filesystem 2201 * zc_value name of property to inherit 2202 * zc_cookie revert to received value if TRUE 2203 * 2204 * outputs: none 2205 */ 2206 static int 2207 zfs_ioc_inherit_prop(zfs_cmd_t *zc) 2208 { 2209 const char *propname = zc->zc_value; 2210 zfs_prop_t prop = zfs_name_to_prop(propname); 2211 boolean_t received = zc->zc_cookie; 2212 zprop_source_t source = (received 2213 ? ZPROP_SRC_NONE /* revert to received value, if any */ 2214 : ZPROP_SRC_INHERITED); /* explicitly inherit */ 2215 2216 if (received) { 2217 nvlist_t *dummy; 2218 nvpair_t *pair; 2219 zprop_type_t type; 2220 int err; 2221 2222 /* 2223 * zfs_prop_set_special() expects properties in the form of an 2224 * nvpair with type info. 2225 */ 2226 if (prop == ZPROP_INVAL) { 2227 if (!zfs_prop_user(propname)) 2228 return (EINVAL); 2229 2230 type = PROP_TYPE_STRING; 2231 } else { 2232 type = zfs_prop_get_type(prop); 2233 } 2234 2235 VERIFY(nvlist_alloc(&dummy, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2236 2237 switch (type) { 2238 case PROP_TYPE_STRING: 2239 VERIFY(0 == nvlist_add_string(dummy, propname, "")); 2240 break; 2241 case PROP_TYPE_NUMBER: 2242 case PROP_TYPE_INDEX: 2243 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0)); 2244 break; 2245 default: 2246 nvlist_free(dummy); 2247 return (EINVAL); 2248 } 2249 2250 pair = nvlist_next_nvpair(dummy, NULL); 2251 err = zfs_prop_set_special(zc->zc_name, source, pair); 2252 nvlist_free(dummy); 2253 if (err != -1) 2254 return (err); /* special property already handled */ 2255 } else { 2256 /* 2257 * Only check this in the non-received case. We want to allow 2258 * 'inherit -S' to revert non-inheritable properties like quota 2259 * and reservation to the received or default values even though 2260 * they are not considered inheritable. 2261 */ 2262 if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop)) 2263 return (EINVAL); 2264 } 2265 2266 /* the property name has been validated by zfs_secpolicy_inherit() */ 2267 return (dsl_prop_set(zc->zc_name, zc->zc_value, source, 0, 0, NULL)); 2268 } 2269 2270 static int 2271 zfs_ioc_pool_set_props(zfs_cmd_t *zc) 2272 { 2273 nvlist_t *props; 2274 spa_t *spa; 2275 int error; 2276 nvpair_t *pair; 2277 2278 if (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2279 zc->zc_iflags, &props)) 2280 return (error); 2281 2282 /* 2283 * If the only property is the configfile, then just do a spa_lookup() 2284 * to handle the faulted case. 2285 */ 2286 pair = nvlist_next_nvpair(props, NULL); 2287 if (pair != NULL && strcmp(nvpair_name(pair), 2288 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 && 2289 nvlist_next_nvpair(props, pair) == NULL) { 2290 mutex_enter(&spa_namespace_lock); 2291 if ((spa = spa_lookup(zc->zc_name)) != NULL) { 2292 spa_configfile_set(spa, props, B_FALSE); 2293 spa_config_sync(spa, B_FALSE, B_TRUE); 2294 } 2295 mutex_exit(&spa_namespace_lock); 2296 if (spa != NULL) { 2297 nvlist_free(props); 2298 return (0); 2299 } 2300 } 2301 2302 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) { 2303 nvlist_free(props); 2304 return (error); 2305 } 2306 2307 error = spa_prop_set(spa, props); 2308 2309 nvlist_free(props); 2310 spa_close(spa, FTAG); 2311 2312 return (error); 2313 } 2314 2315 static int 2316 zfs_ioc_pool_get_props(zfs_cmd_t *zc) 2317 { 2318 spa_t *spa; 2319 int error; 2320 nvlist_t *nvp = NULL; 2321 2322 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) { 2323 /* 2324 * If the pool is faulted, there may be properties we can still 2325 * get (such as altroot and cachefile), so attempt to get them 2326 * anyway. 2327 */ 2328 mutex_enter(&spa_namespace_lock); 2329 if ((spa = spa_lookup(zc->zc_name)) != NULL) 2330 error = spa_prop_get(spa, &nvp); 2331 mutex_exit(&spa_namespace_lock); 2332 } else { 2333 error = spa_prop_get(spa, &nvp); 2334 spa_close(spa, FTAG); 2335 } 2336 2337 if (error == 0 && zc->zc_nvlist_dst != NULL) 2338 error = put_nvlist(zc, nvp); 2339 else 2340 error = EFAULT; 2341 2342 nvlist_free(nvp); 2343 return (error); 2344 } 2345 2346 static int 2347 zfs_ioc_iscsi_perm_check(zfs_cmd_t *zc) 2348 { 2349 nvlist_t *nvp; 2350 int error; 2351 uint32_t uid; 2352 uint32_t gid; 2353 uint32_t *groups; 2354 uint_t group_cnt; 2355 cred_t *usercred; 2356 2357 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2358 zc->zc_iflags, &nvp)) != 0) { 2359 return (error); 2360 } 2361 2362 if ((error = nvlist_lookup_uint32(nvp, 2363 ZFS_DELEG_PERM_UID, &uid)) != 0) { 2364 nvlist_free(nvp); 2365 return (EPERM); 2366 } 2367 2368 if ((error = nvlist_lookup_uint32(nvp, 2369 ZFS_DELEG_PERM_GID, &gid)) != 0) { 2370 nvlist_free(nvp); 2371 return (EPERM); 2372 } 2373 2374 if ((error = nvlist_lookup_uint32_array(nvp, ZFS_DELEG_PERM_GROUPS, 2375 &groups, &group_cnt)) != 0) { 2376 nvlist_free(nvp); 2377 return (EPERM); 2378 } 2379 usercred = cralloc(); 2380 if ((crsetugid(usercred, uid, gid) != 0) || 2381 (crsetgroups(usercred, group_cnt, (gid_t *)groups) != 0)) { 2382 nvlist_free(nvp); 2383 crfree(usercred); 2384 return (EPERM); 2385 } 2386 nvlist_free(nvp); 2387 error = dsl_deleg_access(zc->zc_name, 2388 zfs_prop_to_name(ZFS_PROP_SHAREISCSI), usercred); 2389 crfree(usercred); 2390 return (error); 2391 } 2392 2393 /* 2394 * inputs: 2395 * zc_name name of filesystem 2396 * zc_nvlist_src{_size} nvlist of delegated permissions 2397 * zc_perm_action allow/unallow flag 2398 * 2399 * outputs: none 2400 */ 2401 static int 2402 zfs_ioc_set_fsacl(zfs_cmd_t *zc) 2403 { 2404 int error; 2405 nvlist_t *fsaclnv = NULL; 2406 2407 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2408 zc->zc_iflags, &fsaclnv)) != 0) 2409 return (error); 2410 2411 /* 2412 * Verify nvlist is constructed correctly 2413 */ 2414 if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) { 2415 nvlist_free(fsaclnv); 2416 return (EINVAL); 2417 } 2418 2419 /* 2420 * If we don't have PRIV_SYS_MOUNT, then validate 2421 * that user is allowed to hand out each permission in 2422 * the nvlist(s) 2423 */ 2424 2425 error = secpolicy_zfs(CRED()); 2426 if (error) { 2427 if (zc->zc_perm_action == B_FALSE) { 2428 error = dsl_deleg_can_allow(zc->zc_name, 2429 fsaclnv, CRED()); 2430 } else { 2431 error = dsl_deleg_can_unallow(zc->zc_name, 2432 fsaclnv, CRED()); 2433 } 2434 } 2435 2436 if (error == 0) 2437 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action); 2438 2439 nvlist_free(fsaclnv); 2440 return (error); 2441 } 2442 2443 /* 2444 * inputs: 2445 * zc_name name of filesystem 2446 * 2447 * outputs: 2448 * zc_nvlist_src{_size} nvlist of delegated permissions 2449 */ 2450 static int 2451 zfs_ioc_get_fsacl(zfs_cmd_t *zc) 2452 { 2453 nvlist_t *nvp; 2454 int error; 2455 2456 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) { 2457 error = put_nvlist(zc, nvp); 2458 nvlist_free(nvp); 2459 } 2460 2461 return (error); 2462 } 2463 2464 /* 2465 * Search the vfs list for a specified resource. Returns a pointer to it 2466 * or NULL if no suitable entry is found. The caller of this routine 2467 * is responsible for releasing the returned vfs pointer. 2468 */ 2469 static vfs_t * 2470 zfs_get_vfs(const char *resource) 2471 { 2472 struct vfs *vfsp; 2473 struct vfs *vfs_found = NULL; 2474 2475 vfs_list_read_lock(); 2476 vfsp = rootvfs; 2477 do { 2478 if (strcmp(refstr_value(vfsp->vfs_resource), resource) == 0) { 2479 VFS_HOLD(vfsp); 2480 vfs_found = vfsp; 2481 break; 2482 } 2483 vfsp = vfsp->vfs_next; 2484 } while (vfsp != rootvfs); 2485 vfs_list_unlock(); 2486 return (vfs_found); 2487 } 2488 2489 /* ARGSUSED */ 2490 static void 2491 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx) 2492 { 2493 zfs_creat_t *zct = arg; 2494 2495 zfs_create_fs(os, cr, zct->zct_zplprops, tx); 2496 } 2497 2498 #define ZFS_PROP_UNDEFINED ((uint64_t)-1) 2499 2500 /* 2501 * inputs: 2502 * createprops list of properties requested by creator 2503 * default_zplver zpl version to use if unspecified in createprops 2504 * fuids_ok fuids allowed in this version of the spa? 2505 * os parent objset pointer (NULL if root fs) 2506 * 2507 * outputs: 2508 * zplprops values for the zplprops we attach to the master node object 2509 * is_ci true if requested file system will be purely case-insensitive 2510 * 2511 * Determine the settings for utf8only, normalization and 2512 * casesensitivity. Specific values may have been requested by the 2513 * creator and/or we can inherit values from the parent dataset. If 2514 * the file system is of too early a vintage, a creator can not 2515 * request settings for these properties, even if the requested 2516 * setting is the default value. We don't actually want to create dsl 2517 * properties for these, so remove them from the source nvlist after 2518 * processing. 2519 */ 2520 static int 2521 zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver, 2522 boolean_t fuids_ok, nvlist_t *createprops, nvlist_t *zplprops, 2523 boolean_t *is_ci) 2524 { 2525 uint64_t sense = ZFS_PROP_UNDEFINED; 2526 uint64_t norm = ZFS_PROP_UNDEFINED; 2527 uint64_t u8 = ZFS_PROP_UNDEFINED; 2528 2529 ASSERT(zplprops != NULL); 2530 2531 /* 2532 * Pull out creator prop choices, if any. 2533 */ 2534 if (createprops) { 2535 (void) nvlist_lookup_uint64(createprops, 2536 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver); 2537 (void) nvlist_lookup_uint64(createprops, 2538 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm); 2539 (void) nvlist_remove_all(createprops, 2540 zfs_prop_to_name(ZFS_PROP_NORMALIZE)); 2541 (void) nvlist_lookup_uint64(createprops, 2542 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8); 2543 (void) nvlist_remove_all(createprops, 2544 zfs_prop_to_name(ZFS_PROP_UTF8ONLY)); 2545 (void) nvlist_lookup_uint64(createprops, 2546 zfs_prop_to_name(ZFS_PROP_CASE), &sense); 2547 (void) nvlist_remove_all(createprops, 2548 zfs_prop_to_name(ZFS_PROP_CASE)); 2549 } 2550 2551 /* 2552 * If the zpl version requested is whacky or the file system 2553 * or pool is version is too "young" to support normalization 2554 * and the creator tried to set a value for one of the props, 2555 * error out. 2556 */ 2557 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) || 2558 (zplver >= ZPL_VERSION_FUID && !fuids_ok) || 2559 (zplver < ZPL_VERSION_NORMALIZATION && 2560 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED || 2561 sense != ZFS_PROP_UNDEFINED))) 2562 return (ENOTSUP); 2563 2564 /* 2565 * Put the version in the zplprops 2566 */ 2567 VERIFY(nvlist_add_uint64(zplprops, 2568 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0); 2569 2570 if (norm == ZFS_PROP_UNDEFINED) 2571 VERIFY(zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm) == 0); 2572 VERIFY(nvlist_add_uint64(zplprops, 2573 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0); 2574 2575 /* 2576 * If we're normalizing, names must always be valid UTF-8 strings. 2577 */ 2578 if (norm) 2579 u8 = 1; 2580 if (u8 == ZFS_PROP_UNDEFINED) 2581 VERIFY(zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8) == 0); 2582 VERIFY(nvlist_add_uint64(zplprops, 2583 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0); 2584 2585 if (sense == ZFS_PROP_UNDEFINED) 2586 VERIFY(zfs_get_zplprop(os, ZFS_PROP_CASE, &sense) == 0); 2587 VERIFY(nvlist_add_uint64(zplprops, 2588 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0); 2589 2590 if (is_ci) 2591 *is_ci = (sense == ZFS_CASE_INSENSITIVE); 2592 2593 return (0); 2594 } 2595 2596 static int 2597 zfs_fill_zplprops(const char *dataset, nvlist_t *createprops, 2598 nvlist_t *zplprops, boolean_t *is_ci) 2599 { 2600 boolean_t fuids_ok = B_TRUE; 2601 uint64_t zplver = ZPL_VERSION; 2602 objset_t *os = NULL; 2603 char parentname[MAXNAMELEN]; 2604 char *cp; 2605 int error; 2606 2607 (void) strlcpy(parentname, dataset, sizeof (parentname)); 2608 cp = strrchr(parentname, '/'); 2609 ASSERT(cp != NULL); 2610 cp[0] = '\0'; 2611 2612 if (zfs_earlier_version(dataset, SPA_VERSION_USERSPACE)) 2613 zplver = ZPL_VERSION_USERSPACE - 1; 2614 if (zfs_earlier_version(dataset, SPA_VERSION_FUID)) { 2615 zplver = ZPL_VERSION_FUID - 1; 2616 fuids_ok = B_FALSE; 2617 } 2618 2619 /* 2620 * Open parent object set so we can inherit zplprop values. 2621 */ 2622 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0) 2623 return (error); 2624 2625 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, createprops, 2626 zplprops, is_ci); 2627 dmu_objset_rele(os, FTAG); 2628 return (error); 2629 } 2630 2631 static int 2632 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops, 2633 nvlist_t *zplprops, boolean_t *is_ci) 2634 { 2635 boolean_t fuids_ok = B_TRUE; 2636 uint64_t zplver = ZPL_VERSION; 2637 int error; 2638 2639 if (spa_vers < SPA_VERSION_FUID) { 2640 zplver = ZPL_VERSION_FUID - 1; 2641 fuids_ok = B_FALSE; 2642 } 2643 2644 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, createprops, 2645 zplprops, is_ci); 2646 return (error); 2647 } 2648 2649 /* 2650 * inputs: 2651 * zc_objset_type type of objset to create (fs vs zvol) 2652 * zc_name name of new objset 2653 * zc_value name of snapshot to clone from (may be empty) 2654 * zc_nvlist_src{_size} nvlist of properties to apply 2655 * 2656 * outputs: none 2657 */ 2658 static int 2659 zfs_ioc_create(zfs_cmd_t *zc) 2660 { 2661 objset_t *clone; 2662 int error = 0; 2663 zfs_creat_t zct; 2664 nvlist_t *nvprops = NULL; 2665 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx); 2666 dmu_objset_type_t type = zc->zc_objset_type; 2667 2668 switch (type) { 2669 2670 case DMU_OST_ZFS: 2671 cbfunc = zfs_create_cb; 2672 break; 2673 2674 case DMU_OST_ZVOL: 2675 cbfunc = zvol_create_cb; 2676 break; 2677 2678 default: 2679 cbfunc = NULL; 2680 break; 2681 } 2682 if (strchr(zc->zc_name, '@') || 2683 strchr(zc->zc_name, '%')) 2684 return (EINVAL); 2685 2686 if (zc->zc_nvlist_src != NULL && 2687 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2688 zc->zc_iflags, &nvprops)) != 0) 2689 return (error); 2690 2691 zct.zct_zplprops = NULL; 2692 zct.zct_props = nvprops; 2693 2694 if (zc->zc_value[0] != '\0') { 2695 /* 2696 * We're creating a clone of an existing snapshot. 2697 */ 2698 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0'; 2699 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0) { 2700 nvlist_free(nvprops); 2701 return (EINVAL); 2702 } 2703 2704 error = dmu_objset_hold(zc->zc_value, FTAG, &clone); 2705 if (error) { 2706 nvlist_free(nvprops); 2707 return (error); 2708 } 2709 2710 error = dmu_objset_clone(zc->zc_name, dmu_objset_ds(clone), 0); 2711 dmu_objset_rele(clone, FTAG); 2712 if (error) { 2713 nvlist_free(nvprops); 2714 return (error); 2715 } 2716 } else { 2717 boolean_t is_insensitive = B_FALSE; 2718 2719 if (cbfunc == NULL) { 2720 nvlist_free(nvprops); 2721 return (EINVAL); 2722 } 2723 2724 if (type == DMU_OST_ZVOL) { 2725 uint64_t volsize, volblocksize; 2726 2727 if (nvprops == NULL || 2728 nvlist_lookup_uint64(nvprops, 2729 zfs_prop_to_name(ZFS_PROP_VOLSIZE), 2730 &volsize) != 0) { 2731 nvlist_free(nvprops); 2732 return (EINVAL); 2733 } 2734 2735 if ((error = nvlist_lookup_uint64(nvprops, 2736 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE), 2737 &volblocksize)) != 0 && error != ENOENT) { 2738 nvlist_free(nvprops); 2739 return (EINVAL); 2740 } 2741 2742 if (error != 0) 2743 volblocksize = zfs_prop_default_numeric( 2744 ZFS_PROP_VOLBLOCKSIZE); 2745 2746 if ((error = zvol_check_volblocksize( 2747 volblocksize)) != 0 || 2748 (error = zvol_check_volsize(volsize, 2749 volblocksize)) != 0) { 2750 nvlist_free(nvprops); 2751 return (error); 2752 } 2753 } else if (type == DMU_OST_ZFS) { 2754 int error; 2755 2756 /* 2757 * We have to have normalization and 2758 * case-folding flags correct when we do the 2759 * file system creation, so go figure them out 2760 * now. 2761 */ 2762 VERIFY(nvlist_alloc(&zct.zct_zplprops, 2763 NV_UNIQUE_NAME, KM_SLEEP) == 0); 2764 error = zfs_fill_zplprops(zc->zc_name, nvprops, 2765 zct.zct_zplprops, &is_insensitive); 2766 if (error != 0) { 2767 nvlist_free(nvprops); 2768 nvlist_free(zct.zct_zplprops); 2769 return (error); 2770 } 2771 } 2772 error = dmu_objset_create(zc->zc_name, type, 2773 is_insensitive ? DS_FLAG_CI_DATASET : 0, cbfunc, &zct); 2774 nvlist_free(zct.zct_zplprops); 2775 } 2776 2777 /* 2778 * It would be nice to do this atomically. 2779 */ 2780 if (error == 0) { 2781 error = zfs_set_prop_nvlist(zc->zc_name, ZPROP_SRC_LOCAL, 2782 nvprops, NULL); 2783 if (error != 0) 2784 (void) dmu_objset_destroy(zc->zc_name, B_FALSE); 2785 } 2786 nvlist_free(nvprops); 2787 return (error); 2788 } 2789 2790 /* 2791 * inputs: 2792 * zc_name name of filesystem 2793 * zc_value short name of snapshot 2794 * zc_cookie recursive flag 2795 * zc_nvlist_src[_size] property list 2796 * 2797 * outputs: 2798 * zc_value short snapname (i.e. part after the '@') 2799 */ 2800 static int 2801 zfs_ioc_snapshot(zfs_cmd_t *zc) 2802 { 2803 nvlist_t *nvprops = NULL; 2804 int error; 2805 boolean_t recursive = zc->zc_cookie; 2806 2807 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0) 2808 return (EINVAL); 2809 2810 if (zc->zc_nvlist_src != NULL && 2811 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2812 zc->zc_iflags, &nvprops)) != 0) 2813 return (error); 2814 2815 error = zfs_check_userprops(zc->zc_name, nvprops); 2816 if (error) 2817 goto out; 2818 2819 if (!nvlist_empty(nvprops) && 2820 zfs_earlier_version(zc->zc_name, SPA_VERSION_SNAP_PROPS)) { 2821 error = ENOTSUP; 2822 goto out; 2823 } 2824 2825 error = dmu_objset_snapshot(zc->zc_name, zc->zc_value, 2826 nvprops, recursive); 2827 2828 out: 2829 nvlist_free(nvprops); 2830 return (error); 2831 } 2832 2833 int 2834 zfs_unmount_snap(char *name, void *arg) 2835 { 2836 vfs_t *vfsp = NULL; 2837 2838 if (arg) { 2839 char *snapname = arg; 2840 int len = strlen(name) + strlen(snapname) + 2; 2841 char *buf = kmem_alloc(len, KM_SLEEP); 2842 2843 (void) strcpy(buf, name); 2844 (void) strcat(buf, "@"); 2845 (void) strcat(buf, snapname); 2846 vfsp = zfs_get_vfs(buf); 2847 kmem_free(buf, len); 2848 } else if (strchr(name, '@')) { 2849 vfsp = zfs_get_vfs(name); 2850 } 2851 2852 if (vfsp) { 2853 /* 2854 * Always force the unmount for snapshots. 2855 */ 2856 int flag = MS_FORCE; 2857 int err; 2858 2859 if ((err = vn_vfswlock(vfsp->vfs_vnodecovered)) != 0) { 2860 VFS_RELE(vfsp); 2861 return (err); 2862 } 2863 VFS_RELE(vfsp); 2864 if ((err = dounmount(vfsp, flag, kcred)) != 0) 2865 return (err); 2866 } 2867 return (0); 2868 } 2869 2870 /* 2871 * inputs: 2872 * zc_name name of filesystem 2873 * zc_value short name of snapshot 2874 * zc_defer_destroy mark for deferred destroy 2875 * 2876 * outputs: none 2877 */ 2878 static int 2879 zfs_ioc_destroy_snaps(zfs_cmd_t *zc) 2880 { 2881 int err; 2882 2883 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0) 2884 return (EINVAL); 2885 err = dmu_objset_find(zc->zc_name, 2886 zfs_unmount_snap, zc->zc_value, DS_FIND_CHILDREN); 2887 if (err) 2888 return (err); 2889 return (dmu_snapshots_destroy(zc->zc_name, zc->zc_value, 2890 zc->zc_defer_destroy)); 2891 } 2892 2893 /* 2894 * inputs: 2895 * zc_name name of dataset to destroy 2896 * zc_objset_type type of objset 2897 * zc_defer_destroy mark for deferred destroy 2898 * 2899 * outputs: none 2900 */ 2901 static int 2902 zfs_ioc_destroy(zfs_cmd_t *zc) 2903 { 2904 int err; 2905 if (strchr(zc->zc_name, '@') && zc->zc_objset_type == DMU_OST_ZFS) { 2906 err = zfs_unmount_snap(zc->zc_name, NULL); 2907 if (err) 2908 return (err); 2909 } 2910 2911 err = dmu_objset_destroy(zc->zc_name, zc->zc_defer_destroy); 2912 if (zc->zc_objset_type == DMU_OST_ZVOL && err == 0) 2913 (void) zvol_remove_minor(zc->zc_name); 2914 return (err); 2915 } 2916 2917 /* 2918 * inputs: 2919 * zc_name name of dataset to rollback (to most recent snapshot) 2920 * 2921 * outputs: none 2922 */ 2923 static int 2924 zfs_ioc_rollback(zfs_cmd_t *zc) 2925 { 2926 dsl_dataset_t *ds, *clone; 2927 int error; 2928 zfsvfs_t *zfsvfs; 2929 char *clone_name; 2930 2931 error = dsl_dataset_hold(zc->zc_name, FTAG, &ds); 2932 if (error) 2933 return (error); 2934 2935 /* must not be a snapshot */ 2936 if (dsl_dataset_is_snapshot(ds)) { 2937 dsl_dataset_rele(ds, FTAG); 2938 return (EINVAL); 2939 } 2940 2941 /* must have a most recent snapshot */ 2942 if (ds->ds_phys->ds_prev_snap_txg < TXG_INITIAL) { 2943 dsl_dataset_rele(ds, FTAG); 2944 return (EINVAL); 2945 } 2946 2947 /* 2948 * Create clone of most recent snapshot. 2949 */ 2950 clone_name = kmem_asprintf("%s/%%rollback", zc->zc_name); 2951 error = dmu_objset_clone(clone_name, ds->ds_prev, DS_FLAG_INCONSISTENT); 2952 if (error) 2953 goto out; 2954 2955 error = dsl_dataset_own(clone_name, B_TRUE, FTAG, &clone); 2956 if (error) 2957 goto out; 2958 2959 /* 2960 * Do clone swap. 2961 */ 2962 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) { 2963 error = zfs_suspend_fs(zfsvfs); 2964 if (error == 0) { 2965 int resume_err; 2966 2967 if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) { 2968 error = dsl_dataset_clone_swap(clone, ds, 2969 B_TRUE); 2970 dsl_dataset_disown(ds, FTAG); 2971 ds = NULL; 2972 } else { 2973 error = EBUSY; 2974 } 2975 resume_err = zfs_resume_fs(zfsvfs, zc->zc_name); 2976 error = error ? error : resume_err; 2977 } 2978 VFS_RELE(zfsvfs->z_vfs); 2979 } else { 2980 if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) { 2981 error = dsl_dataset_clone_swap(clone, ds, B_TRUE); 2982 dsl_dataset_disown(ds, FTAG); 2983 ds = NULL; 2984 } else { 2985 error = EBUSY; 2986 } 2987 } 2988 2989 /* 2990 * Destroy clone (which also closes it). 2991 */ 2992 (void) dsl_dataset_destroy(clone, FTAG, B_FALSE); 2993 2994 out: 2995 strfree(clone_name); 2996 if (ds) 2997 dsl_dataset_rele(ds, FTAG); 2998 return (error); 2999 } 3000 3001 /* 3002 * inputs: 3003 * zc_name old name of dataset 3004 * zc_value new name of dataset 3005 * zc_cookie recursive flag (only valid for snapshots) 3006 * 3007 * outputs: none 3008 */ 3009 static int 3010 zfs_ioc_rename(zfs_cmd_t *zc) 3011 { 3012 boolean_t recursive = zc->zc_cookie & 1; 3013 3014 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0'; 3015 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 || 3016 strchr(zc->zc_value, '%')) 3017 return (EINVAL); 3018 3019 /* 3020 * Unmount snapshot unless we're doing a recursive rename, 3021 * in which case the dataset code figures out which snapshots 3022 * to unmount. 3023 */ 3024 if (!recursive && strchr(zc->zc_name, '@') != NULL && 3025 zc->zc_objset_type == DMU_OST_ZFS) { 3026 int err = zfs_unmount_snap(zc->zc_name, NULL); 3027 if (err) 3028 return (err); 3029 } 3030 if (zc->zc_objset_type == DMU_OST_ZVOL) 3031 (void) zvol_remove_minor(zc->zc_name); 3032 return (dmu_objset_rename(zc->zc_name, zc->zc_value, recursive)); 3033 } 3034 3035 static int 3036 zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr) 3037 { 3038 const char *propname = nvpair_name(pair); 3039 boolean_t issnap = (strchr(dsname, '@') != NULL); 3040 zfs_prop_t prop = zfs_name_to_prop(propname); 3041 uint64_t intval; 3042 int err; 3043 3044 if (prop == ZPROP_INVAL) { 3045 if (zfs_prop_user(propname)) { 3046 if (err = zfs_secpolicy_write_perms(dsname, 3047 ZFS_DELEG_PERM_USERPROP, cr)) 3048 return (err); 3049 return (0); 3050 } 3051 3052 if (!issnap && zfs_prop_userquota(propname)) { 3053 const char *perm = NULL; 3054 const char *uq_prefix = 3055 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA]; 3056 const char *gq_prefix = 3057 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA]; 3058 3059 if (strncmp(propname, uq_prefix, 3060 strlen(uq_prefix)) == 0) { 3061 perm = ZFS_DELEG_PERM_USERQUOTA; 3062 } else if (strncmp(propname, gq_prefix, 3063 strlen(gq_prefix)) == 0) { 3064 perm = ZFS_DELEG_PERM_GROUPQUOTA; 3065 } else { 3066 /* USERUSED and GROUPUSED are read-only */ 3067 return (EINVAL); 3068 } 3069 3070 if (err = zfs_secpolicy_write_perms(dsname, perm, cr)) 3071 return (err); 3072 return (0); 3073 } 3074 3075 return (EINVAL); 3076 } 3077 3078 if (issnap) 3079 return (EINVAL); 3080 3081 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 3082 /* 3083 * dsl_prop_get_all_impl() returns properties in this 3084 * format. 3085 */ 3086 nvlist_t *attrs; 3087 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 3088 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 3089 &pair) == 0); 3090 } 3091 3092 /* 3093 * Check that this value is valid for this pool version 3094 */ 3095 switch (prop) { 3096 case ZFS_PROP_COMPRESSION: 3097 /* 3098 * If the user specified gzip compression, make sure 3099 * the SPA supports it. We ignore any errors here since 3100 * we'll catch them later. 3101 */ 3102 if (nvpair_type(pair) == DATA_TYPE_UINT64 && 3103 nvpair_value_uint64(pair, &intval) == 0) { 3104 if (intval >= ZIO_COMPRESS_GZIP_1 && 3105 intval <= ZIO_COMPRESS_GZIP_9 && 3106 zfs_earlier_version(dsname, 3107 SPA_VERSION_GZIP_COMPRESSION)) { 3108 return (ENOTSUP); 3109 } 3110 3111 if (intval == ZIO_COMPRESS_ZLE && 3112 zfs_earlier_version(dsname, 3113 SPA_VERSION_ZLE_COMPRESSION)) 3114 return (ENOTSUP); 3115 3116 /* 3117 * If this is a bootable dataset then 3118 * verify that the compression algorithm 3119 * is supported for booting. We must return 3120 * something other than ENOTSUP since it 3121 * implies a downrev pool version. 3122 */ 3123 if (zfs_is_bootfs(dsname) && 3124 !BOOTFS_COMPRESS_VALID(intval)) { 3125 return (ERANGE); 3126 } 3127 } 3128 break; 3129 3130 case ZFS_PROP_COPIES: 3131 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS)) 3132 return (ENOTSUP); 3133 break; 3134 3135 case ZFS_PROP_DEDUP: 3136 if (zfs_earlier_version(dsname, SPA_VERSION_DEDUP)) 3137 return (ENOTSUP); 3138 break; 3139 3140 case ZFS_PROP_SHARESMB: 3141 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID)) 3142 return (ENOTSUP); 3143 break; 3144 3145 case ZFS_PROP_ACLINHERIT: 3146 if (nvpair_type(pair) == DATA_TYPE_UINT64 && 3147 nvpair_value_uint64(pair, &intval) == 0) { 3148 if (intval == ZFS_ACL_PASSTHROUGH_X && 3149 zfs_earlier_version(dsname, 3150 SPA_VERSION_PASSTHROUGH_X)) 3151 return (ENOTSUP); 3152 } 3153 break; 3154 } 3155 3156 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED())); 3157 } 3158 3159 /* 3160 * Removes properties from the given props list that fail permission checks 3161 * needed to clear them and to restore them in case of a receive error. For each 3162 * property, make sure we have both set and inherit permissions. 3163 * 3164 * Returns the first error encountered if any permission checks fail. If the 3165 * caller provides a non-NULL errlist, it also gives the complete list of names 3166 * of all the properties that failed a permission check along with the 3167 * corresponding error numbers. The caller is responsible for freeing the 3168 * returned errlist. 3169 * 3170 * If every property checks out successfully, zero is returned and the list 3171 * pointed at by errlist is NULL. 3172 */ 3173 static int 3174 zfs_check_clearable(char *dataset, nvlist_t *props, nvlist_t **errlist) 3175 { 3176 zfs_cmd_t *zc; 3177 nvpair_t *pair, *next_pair; 3178 nvlist_t *errors; 3179 int err, rv = 0; 3180 3181 if (props == NULL) 3182 return (0); 3183 3184 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0); 3185 3186 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP); 3187 (void) strcpy(zc->zc_name, dataset); 3188 pair = nvlist_next_nvpair(props, NULL); 3189 while (pair != NULL) { 3190 next_pair = nvlist_next_nvpair(props, pair); 3191 3192 (void) strcpy(zc->zc_value, nvpair_name(pair)); 3193 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 || 3194 (err = zfs_secpolicy_inherit(zc, CRED())) != 0) { 3195 VERIFY(nvlist_remove_nvpair(props, pair) == 0); 3196 VERIFY(nvlist_add_int32(errors, 3197 zc->zc_value, err) == 0); 3198 } 3199 pair = next_pair; 3200 } 3201 kmem_free(zc, sizeof (zfs_cmd_t)); 3202 3203 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) { 3204 nvlist_free(errors); 3205 errors = NULL; 3206 } else { 3207 VERIFY(nvpair_value_int32(pair, &rv) == 0); 3208 } 3209 3210 if (errlist == NULL) 3211 nvlist_free(errors); 3212 else 3213 *errlist = errors; 3214 3215 return (rv); 3216 } 3217 3218 static boolean_t 3219 propval_equals(nvpair_t *p1, nvpair_t *p2) 3220 { 3221 if (nvpair_type(p1) == DATA_TYPE_NVLIST) { 3222 /* dsl_prop_get_all_impl() format */ 3223 nvlist_t *attrs; 3224 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0); 3225 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 3226 &p1) == 0); 3227 } 3228 3229 if (nvpair_type(p2) == DATA_TYPE_NVLIST) { 3230 nvlist_t *attrs; 3231 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0); 3232 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 3233 &p2) == 0); 3234 } 3235 3236 if (nvpair_type(p1) != nvpair_type(p2)) 3237 return (B_FALSE); 3238 3239 if (nvpair_type(p1) == DATA_TYPE_STRING) { 3240 char *valstr1, *valstr2; 3241 3242 VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0); 3243 VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0); 3244 return (strcmp(valstr1, valstr2) == 0); 3245 } else { 3246 uint64_t intval1, intval2; 3247 3248 VERIFY(nvpair_value_uint64(p1, &intval1) == 0); 3249 VERIFY(nvpair_value_uint64(p2, &intval2) == 0); 3250 return (intval1 == intval2); 3251 } 3252 } 3253 3254 /* 3255 * Remove properties from props if they are not going to change (as determined 3256 * by comparison with origprops). Remove them from origprops as well, since we 3257 * do not need to clear or restore properties that won't change. 3258 */ 3259 static void 3260 props_reduce(nvlist_t *props, nvlist_t *origprops) 3261 { 3262 nvpair_t *pair, *next_pair; 3263 3264 if (origprops == NULL) 3265 return; /* all props need to be received */ 3266 3267 pair = nvlist_next_nvpair(props, NULL); 3268 while (pair != NULL) { 3269 const char *propname = nvpair_name(pair); 3270 nvpair_t *match; 3271 3272 next_pair = nvlist_next_nvpair(props, pair); 3273 3274 if ((nvlist_lookup_nvpair(origprops, propname, 3275 &match) != 0) || !propval_equals(pair, match)) 3276 goto next; /* need to set received value */ 3277 3278 /* don't clear the existing received value */ 3279 (void) nvlist_remove_nvpair(origprops, match); 3280 /* don't bother receiving the property */ 3281 (void) nvlist_remove_nvpair(props, pair); 3282 next: 3283 pair = next_pair; 3284 } 3285 } 3286 3287 #ifdef DEBUG 3288 static boolean_t zfs_ioc_recv_inject_err; 3289 #endif 3290 3291 /* 3292 * inputs: 3293 * zc_name name of containing filesystem 3294 * zc_nvlist_src{_size} nvlist of properties to apply 3295 * zc_value name of snapshot to create 3296 * zc_string name of clone origin (if DRR_FLAG_CLONE) 3297 * zc_cookie file descriptor to recv from 3298 * zc_begin_record the BEGIN record of the stream (not byteswapped) 3299 * zc_guid force flag 3300 * 3301 * outputs: 3302 * zc_cookie number of bytes read 3303 * zc_nvlist_dst{_size} error for each unapplied received property 3304 * zc_obj zprop_errflags_t 3305 */ 3306 static int 3307 zfs_ioc_recv(zfs_cmd_t *zc) 3308 { 3309 file_t *fp; 3310 objset_t *os; 3311 dmu_recv_cookie_t drc; 3312 boolean_t force = (boolean_t)zc->zc_guid; 3313 int fd; 3314 int error = 0; 3315 int props_error = 0; 3316 nvlist_t *errors; 3317 offset_t off; 3318 nvlist_t *props = NULL; /* sent properties */ 3319 nvlist_t *origprops = NULL; /* existing properties */ 3320 objset_t *origin = NULL; 3321 char *tosnap; 3322 char tofs[ZFS_MAXNAMELEN]; 3323 boolean_t first_recvd_props = B_FALSE; 3324 3325 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 || 3326 strchr(zc->zc_value, '@') == NULL || 3327 strchr(zc->zc_value, '%')) 3328 return (EINVAL); 3329 3330 (void) strcpy(tofs, zc->zc_value); 3331 tosnap = strchr(tofs, '@'); 3332 *tosnap++ = '\0'; 3333 3334 if (zc->zc_nvlist_src != NULL && 3335 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 3336 zc->zc_iflags, &props)) != 0) 3337 return (error); 3338 3339 fd = zc->zc_cookie; 3340 fp = getf(fd); 3341 if (fp == NULL) { 3342 nvlist_free(props); 3343 return (EBADF); 3344 } 3345 3346 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0); 3347 3348 if (props && dmu_objset_hold(tofs, FTAG, &os) == 0) { 3349 if ((spa_version(os->os_spa) >= SPA_VERSION_RECVD_PROPS) && 3350 !dsl_prop_get_hasrecvd(os)) { 3351 first_recvd_props = B_TRUE; 3352 } 3353 3354 /* 3355 * If new received properties are supplied, they are to 3356 * completely replace the existing received properties, so stash 3357 * away the existing ones. 3358 */ 3359 if (dsl_prop_get_received(os, &origprops) == 0) { 3360 nvlist_t *errlist = NULL; 3361 /* 3362 * Don't bother writing a property if its value won't 3363 * change (and avoid the unnecessary security checks). 3364 * 3365 * The first receive after SPA_VERSION_RECVD_PROPS is a 3366 * special case where we blow away all local properties 3367 * regardless. 3368 */ 3369 if (!first_recvd_props) 3370 props_reduce(props, origprops); 3371 if (zfs_check_clearable(tofs, origprops, 3372 &errlist) != 0) 3373 (void) nvlist_merge(errors, errlist, 0); 3374 nvlist_free(errlist); 3375 } 3376 3377 dmu_objset_rele(os, FTAG); 3378 } 3379 3380 if (zc->zc_string[0]) { 3381 error = dmu_objset_hold(zc->zc_string, FTAG, &origin); 3382 if (error) 3383 goto out; 3384 } 3385 3386 error = dmu_recv_begin(tofs, tosnap, zc->zc_top_ds, 3387 &zc->zc_begin_record, force, origin, &drc); 3388 if (origin) 3389 dmu_objset_rele(origin, FTAG); 3390 if (error) 3391 goto out; 3392 3393 /* 3394 * Set properties before we receive the stream so that they are applied 3395 * to the new data. Note that we must call dmu_recv_stream() if 3396 * dmu_recv_begin() succeeds. 3397 */ 3398 if (props) { 3399 nvlist_t *errlist; 3400 3401 if (dmu_objset_from_ds(drc.drc_logical_ds, &os) == 0) { 3402 if (drc.drc_newfs) { 3403 if (spa_version(os->os_spa) >= 3404 SPA_VERSION_RECVD_PROPS) 3405 first_recvd_props = B_TRUE; 3406 } else if (origprops != NULL) { 3407 if (clear_received_props(os, tofs, origprops, 3408 first_recvd_props ? NULL : props) != 0) 3409 zc->zc_obj |= ZPROP_ERR_NOCLEAR; 3410 } else { 3411 zc->zc_obj |= ZPROP_ERR_NOCLEAR; 3412 } 3413 dsl_prop_set_hasrecvd(os); 3414 } else if (!drc.drc_newfs) { 3415 zc->zc_obj |= ZPROP_ERR_NOCLEAR; 3416 } 3417 3418 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED, 3419 props, &errlist); 3420 (void) nvlist_merge(errors, errlist, 0); 3421 nvlist_free(errlist); 3422 } 3423 3424 if (fit_error_list(zc, &errors) != 0 || put_nvlist(zc, errors) != 0) { 3425 /* 3426 * Caller made zc->zc_nvlist_dst less than the minimum expected 3427 * size or supplied an invalid address. 3428 */ 3429 props_error = EINVAL; 3430 } 3431 3432 off = fp->f_offset; 3433 error = dmu_recv_stream(&drc, fp->f_vnode, &off); 3434 3435 if (error == 0) { 3436 zfsvfs_t *zfsvfs = NULL; 3437 3438 if (getzfsvfs(tofs, &zfsvfs) == 0) { 3439 /* online recv */ 3440 int end_err; 3441 3442 error = zfs_suspend_fs(zfsvfs); 3443 /* 3444 * If the suspend fails, then the recv_end will 3445 * likely also fail, and clean up after itself. 3446 */ 3447 end_err = dmu_recv_end(&drc); 3448 if (error == 0) { 3449 int resume_err = 3450 zfs_resume_fs(zfsvfs, tofs); 3451 error = error ? error : resume_err; 3452 } 3453 error = error ? error : end_err; 3454 VFS_RELE(zfsvfs->z_vfs); 3455 } else { 3456 error = dmu_recv_end(&drc); 3457 } 3458 } 3459 3460 zc->zc_cookie = off - fp->f_offset; 3461 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0) 3462 fp->f_offset = off; 3463 3464 #ifdef DEBUG 3465 if (zfs_ioc_recv_inject_err) { 3466 zfs_ioc_recv_inject_err = B_FALSE; 3467 error = 1; 3468 } 3469 #endif 3470 /* 3471 * On error, restore the original props. 3472 */ 3473 if (error && props) { 3474 if (dmu_objset_hold(tofs, FTAG, &os) == 0) { 3475 if (clear_received_props(os, tofs, props, NULL) != 0) { 3476 /* 3477 * We failed to clear the received properties. 3478 * Since we may have left a $recvd value on the 3479 * system, we can't clear the $hasrecvd flag. 3480 */ 3481 zc->zc_obj |= ZPROP_ERR_NORESTORE; 3482 } else if (first_recvd_props) { 3483 dsl_prop_unset_hasrecvd(os); 3484 } 3485 dmu_objset_rele(os, FTAG); 3486 } else if (!drc.drc_newfs) { 3487 /* We failed to clear the received properties. */ 3488 zc->zc_obj |= ZPROP_ERR_NORESTORE; 3489 } 3490 3491 if (origprops == NULL && !drc.drc_newfs) { 3492 /* We failed to stash the original properties. */ 3493 zc->zc_obj |= ZPROP_ERR_NORESTORE; 3494 } 3495 3496 /* 3497 * dsl_props_set() will not convert RECEIVED to LOCAL on or 3498 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL 3499 * explictly if we're restoring local properties cleared in the 3500 * first new-style receive. 3501 */ 3502 if (origprops != NULL && 3503 zfs_set_prop_nvlist(tofs, (first_recvd_props ? 3504 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED), 3505 origprops, NULL) != 0) { 3506 /* 3507 * We stashed the original properties but failed to 3508 * restore them. 3509 */ 3510 zc->zc_obj |= ZPROP_ERR_NORESTORE; 3511 } 3512 } 3513 out: 3514 nvlist_free(props); 3515 nvlist_free(origprops); 3516 nvlist_free(errors); 3517 releasef(fd); 3518 3519 if (error == 0) 3520 error = props_error; 3521 3522 return (error); 3523 } 3524 3525 /* 3526 * inputs: 3527 * zc_name name of snapshot to send 3528 * zc_value short name of incremental fromsnap (may be empty) 3529 * zc_cookie file descriptor to send stream to 3530 * zc_obj fromorigin flag (mutually exclusive with zc_value) 3531 * 3532 * outputs: none 3533 */ 3534 static int 3535 zfs_ioc_send(zfs_cmd_t *zc) 3536 { 3537 objset_t *fromsnap = NULL; 3538 objset_t *tosnap; 3539 file_t *fp; 3540 int error; 3541 offset_t off; 3542 3543 error = dmu_objset_hold(zc->zc_name, FTAG, &tosnap); 3544 if (error) 3545 return (error); 3546 3547 if (zc->zc_value[0] != '\0') { 3548 char *buf; 3549 char *cp; 3550 3551 buf = kmem_alloc(MAXPATHLEN, KM_SLEEP); 3552 (void) strncpy(buf, zc->zc_name, MAXPATHLEN); 3553 cp = strchr(buf, '@'); 3554 if (cp) 3555 *(cp+1) = 0; 3556 (void) strncat(buf, zc->zc_value, MAXPATHLEN); 3557 error = dmu_objset_hold(buf, FTAG, &fromsnap); 3558 kmem_free(buf, MAXPATHLEN); 3559 if (error) { 3560 dmu_objset_rele(tosnap, FTAG); 3561 return (error); 3562 } 3563 } 3564 3565 fp = getf(zc->zc_cookie); 3566 if (fp == NULL) { 3567 dmu_objset_rele(tosnap, FTAG); 3568 if (fromsnap) 3569 dmu_objset_rele(fromsnap, FTAG); 3570 return (EBADF); 3571 } 3572 3573 off = fp->f_offset; 3574 error = dmu_sendbackup(tosnap, fromsnap, zc->zc_obj, fp->f_vnode, &off); 3575 3576 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0) 3577 fp->f_offset = off; 3578 releasef(zc->zc_cookie); 3579 if (fromsnap) 3580 dmu_objset_rele(fromsnap, FTAG); 3581 dmu_objset_rele(tosnap, FTAG); 3582 return (error); 3583 } 3584 3585 static int 3586 zfs_ioc_inject_fault(zfs_cmd_t *zc) 3587 { 3588 int id, error; 3589 3590 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id, 3591 &zc->zc_inject_record); 3592 3593 if (error == 0) 3594 zc->zc_guid = (uint64_t)id; 3595 3596 return (error); 3597 } 3598 3599 static int 3600 zfs_ioc_clear_fault(zfs_cmd_t *zc) 3601 { 3602 return (zio_clear_fault((int)zc->zc_guid)); 3603 } 3604 3605 static int 3606 zfs_ioc_inject_list_next(zfs_cmd_t *zc) 3607 { 3608 int id = (int)zc->zc_guid; 3609 int error; 3610 3611 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name), 3612 &zc->zc_inject_record); 3613 3614 zc->zc_guid = id; 3615 3616 return (error); 3617 } 3618 3619 static int 3620 zfs_ioc_error_log(zfs_cmd_t *zc) 3621 { 3622 spa_t *spa; 3623 int error; 3624 size_t count = (size_t)zc->zc_nvlist_dst_size; 3625 3626 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 3627 return (error); 3628 3629 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst, 3630 &count); 3631 if (error == 0) 3632 zc->zc_nvlist_dst_size = count; 3633 else 3634 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa); 3635 3636 spa_close(spa, FTAG); 3637 3638 return (error); 3639 } 3640 3641 static int 3642 zfs_ioc_clear(zfs_cmd_t *zc) 3643 { 3644 spa_t *spa; 3645 vdev_t *vd; 3646 int error; 3647 3648 /* 3649 * On zpool clear we also fix up missing slogs 3650 */ 3651 mutex_enter(&spa_namespace_lock); 3652 spa = spa_lookup(zc->zc_name); 3653 if (spa == NULL) { 3654 mutex_exit(&spa_namespace_lock); 3655 return (EIO); 3656 } 3657 if (spa_get_log_state(spa) == SPA_LOG_MISSING) { 3658 /* we need to let spa_open/spa_load clear the chains */ 3659 spa_set_log_state(spa, SPA_LOG_CLEAR); 3660 } 3661 spa->spa_last_open_failed = 0; 3662 mutex_exit(&spa_namespace_lock); 3663 3664 if (zc->zc_cookie == ZPOOL_NO_REWIND) { 3665 error = spa_open(zc->zc_name, &spa, FTAG); 3666 } else { 3667 nvlist_t *policy; 3668 nvlist_t *config = NULL; 3669 3670 if (zc->zc_nvlist_src == NULL) 3671 return (EINVAL); 3672 3673 if ((error = get_nvlist(zc->zc_nvlist_src, 3674 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) { 3675 error = spa_open_rewind(zc->zc_name, &spa, FTAG, 3676 policy, &config); 3677 if (config != NULL) { 3678 (void) put_nvlist(zc, config); 3679 nvlist_free(config); 3680 } 3681 nvlist_free(policy); 3682 } 3683 } 3684 3685 if (error) 3686 return (error); 3687 3688 spa_vdev_state_enter(spa, SCL_NONE); 3689 3690 if (zc->zc_guid == 0) { 3691 vd = NULL; 3692 } else { 3693 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE); 3694 if (vd == NULL) { 3695 (void) spa_vdev_state_exit(spa, NULL, ENODEV); 3696 spa_close(spa, FTAG); 3697 return (ENODEV); 3698 } 3699 } 3700 3701 vdev_clear(spa, vd); 3702 3703 (void) spa_vdev_state_exit(spa, NULL, 0); 3704 3705 /* 3706 * Resume any suspended I/Os. 3707 */ 3708 if (zio_resume(spa) != 0) 3709 error = EIO; 3710 3711 spa_close(spa, FTAG); 3712 3713 return (error); 3714 } 3715 3716 /* 3717 * inputs: 3718 * zc_name name of filesystem 3719 * zc_value name of origin snapshot 3720 * 3721 * outputs: 3722 * zc_string name of conflicting snapshot, if there is one 3723 */ 3724 static int 3725 zfs_ioc_promote(zfs_cmd_t *zc) 3726 { 3727 char *cp; 3728 3729 /* 3730 * We don't need to unmount *all* the origin fs's snapshots, but 3731 * it's easier. 3732 */ 3733 cp = strchr(zc->zc_value, '@'); 3734 if (cp) 3735 *cp = '\0'; 3736 (void) dmu_objset_find(zc->zc_value, 3737 zfs_unmount_snap, NULL, DS_FIND_SNAPSHOTS); 3738 return (dsl_dataset_promote(zc->zc_name, zc->zc_string)); 3739 } 3740 3741 /* 3742 * Retrieve a single {user|group}{used|quota}@... property. 3743 * 3744 * inputs: 3745 * zc_name name of filesystem 3746 * zc_objset_type zfs_userquota_prop_t 3747 * zc_value domain name (eg. "S-1-234-567-89") 3748 * zc_guid RID/UID/GID 3749 * 3750 * outputs: 3751 * zc_cookie property value 3752 */ 3753 static int 3754 zfs_ioc_userspace_one(zfs_cmd_t *zc) 3755 { 3756 zfsvfs_t *zfsvfs; 3757 int error; 3758 3759 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 3760 return (EINVAL); 3761 3762 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs); 3763 if (error) 3764 return (error); 3765 3766 error = zfs_userspace_one(zfsvfs, 3767 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie); 3768 zfsvfs_rele(zfsvfs, FTAG); 3769 3770 return (error); 3771 } 3772 3773 /* 3774 * inputs: 3775 * zc_name name of filesystem 3776 * zc_cookie zap cursor 3777 * zc_objset_type zfs_userquota_prop_t 3778 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist) 3779 * 3780 * outputs: 3781 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t) 3782 * zc_cookie zap cursor 3783 */ 3784 static int 3785 zfs_ioc_userspace_many(zfs_cmd_t *zc) 3786 { 3787 zfsvfs_t *zfsvfs; 3788 int error; 3789 3790 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs); 3791 if (error) 3792 return (error); 3793 3794 int bufsize = zc->zc_nvlist_dst_size; 3795 void *buf = kmem_alloc(bufsize, KM_SLEEP); 3796 3797 error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie, 3798 buf, &zc->zc_nvlist_dst_size); 3799 3800 if (error == 0) { 3801 error = xcopyout(buf, 3802 (void *)(uintptr_t)zc->zc_nvlist_dst, 3803 zc->zc_nvlist_dst_size); 3804 } 3805 kmem_free(buf, bufsize); 3806 zfsvfs_rele(zfsvfs, FTAG); 3807 3808 return (error); 3809 } 3810 3811 /* 3812 * inputs: 3813 * zc_name name of filesystem 3814 * 3815 * outputs: 3816 * none 3817 */ 3818 static int 3819 zfs_ioc_userspace_upgrade(zfs_cmd_t *zc) 3820 { 3821 objset_t *os; 3822 int error; 3823 zfsvfs_t *zfsvfs; 3824 3825 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) { 3826 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) { 3827 /* 3828 * If userused is not enabled, it may be because the 3829 * objset needs to be closed & reopened (to grow the 3830 * objset_phys_t). Suspend/resume the fs will do that. 3831 */ 3832 error = zfs_suspend_fs(zfsvfs); 3833 if (error == 0) 3834 error = zfs_resume_fs(zfsvfs, zc->zc_name); 3835 } 3836 if (error == 0) 3837 error = dmu_objset_userspace_upgrade(zfsvfs->z_os); 3838 VFS_RELE(zfsvfs->z_vfs); 3839 } else { 3840 /* XXX kind of reading contents without owning */ 3841 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 3842 if (error) 3843 return (error); 3844 3845 error = dmu_objset_userspace_upgrade(os); 3846 dmu_objset_rele(os, FTAG); 3847 } 3848 3849 return (error); 3850 } 3851 3852 /* 3853 * We don't want to have a hard dependency 3854 * against some special symbols in sharefs 3855 * nfs, and smbsrv. Determine them if needed when 3856 * the first file system is shared. 3857 * Neither sharefs, nfs or smbsrv are unloadable modules. 3858 */ 3859 int (*znfsexport_fs)(void *arg); 3860 int (*zshare_fs)(enum sharefs_sys_op, share_t *, uint32_t); 3861 int (*zsmbexport_fs)(void *arg, boolean_t add_share); 3862 3863 int zfs_nfsshare_inited; 3864 int zfs_smbshare_inited; 3865 3866 ddi_modhandle_t nfs_mod; 3867 ddi_modhandle_t sharefs_mod; 3868 ddi_modhandle_t smbsrv_mod; 3869 kmutex_t zfs_share_lock; 3870 3871 static int 3872 zfs_init_sharefs() 3873 { 3874 int error; 3875 3876 ASSERT(MUTEX_HELD(&zfs_share_lock)); 3877 /* Both NFS and SMB shares also require sharetab support. */ 3878 if (sharefs_mod == NULL && ((sharefs_mod = 3879 ddi_modopen("fs/sharefs", 3880 KRTLD_MODE_FIRST, &error)) == NULL)) { 3881 return (ENOSYS); 3882 } 3883 if (zshare_fs == NULL && ((zshare_fs = 3884 (int (*)(enum sharefs_sys_op, share_t *, uint32_t)) 3885 ddi_modsym(sharefs_mod, "sharefs_impl", &error)) == NULL)) { 3886 return (ENOSYS); 3887 } 3888 return (0); 3889 } 3890 3891 static int 3892 zfs_ioc_share(zfs_cmd_t *zc) 3893 { 3894 int error; 3895 int opcode; 3896 3897 switch (zc->zc_share.z_sharetype) { 3898 case ZFS_SHARE_NFS: 3899 case ZFS_UNSHARE_NFS: 3900 if (zfs_nfsshare_inited == 0) { 3901 mutex_enter(&zfs_share_lock); 3902 if (nfs_mod == NULL && ((nfs_mod = ddi_modopen("fs/nfs", 3903 KRTLD_MODE_FIRST, &error)) == NULL)) { 3904 mutex_exit(&zfs_share_lock); 3905 return (ENOSYS); 3906 } 3907 if (znfsexport_fs == NULL && 3908 ((znfsexport_fs = (int (*)(void *)) 3909 ddi_modsym(nfs_mod, 3910 "nfs_export", &error)) == NULL)) { 3911 mutex_exit(&zfs_share_lock); 3912 return (ENOSYS); 3913 } 3914 error = zfs_init_sharefs(); 3915 if (error) { 3916 mutex_exit(&zfs_share_lock); 3917 return (ENOSYS); 3918 } 3919 zfs_nfsshare_inited = 1; 3920 mutex_exit(&zfs_share_lock); 3921 } 3922 break; 3923 case ZFS_SHARE_SMB: 3924 case ZFS_UNSHARE_SMB: 3925 if (zfs_smbshare_inited == 0) { 3926 mutex_enter(&zfs_share_lock); 3927 if (smbsrv_mod == NULL && ((smbsrv_mod = 3928 ddi_modopen("drv/smbsrv", 3929 KRTLD_MODE_FIRST, &error)) == NULL)) { 3930 mutex_exit(&zfs_share_lock); 3931 return (ENOSYS); 3932 } 3933 if (zsmbexport_fs == NULL && ((zsmbexport_fs = 3934 (int (*)(void *, boolean_t))ddi_modsym(smbsrv_mod, 3935 "smb_server_share", &error)) == NULL)) { 3936 mutex_exit(&zfs_share_lock); 3937 return (ENOSYS); 3938 } 3939 error = zfs_init_sharefs(); 3940 if (error) { 3941 mutex_exit(&zfs_share_lock); 3942 return (ENOSYS); 3943 } 3944 zfs_smbshare_inited = 1; 3945 mutex_exit(&zfs_share_lock); 3946 } 3947 break; 3948 default: 3949 return (EINVAL); 3950 } 3951 3952 switch (zc->zc_share.z_sharetype) { 3953 case ZFS_SHARE_NFS: 3954 case ZFS_UNSHARE_NFS: 3955 if (error = 3956 znfsexport_fs((void *) 3957 (uintptr_t)zc->zc_share.z_exportdata)) 3958 return (error); 3959 break; 3960 case ZFS_SHARE_SMB: 3961 case ZFS_UNSHARE_SMB: 3962 if (error = zsmbexport_fs((void *) 3963 (uintptr_t)zc->zc_share.z_exportdata, 3964 zc->zc_share.z_sharetype == ZFS_SHARE_SMB ? 3965 B_TRUE: B_FALSE)) { 3966 return (error); 3967 } 3968 break; 3969 } 3970 3971 opcode = (zc->zc_share.z_sharetype == ZFS_SHARE_NFS || 3972 zc->zc_share.z_sharetype == ZFS_SHARE_SMB) ? 3973 SHAREFS_ADD : SHAREFS_REMOVE; 3974 3975 /* 3976 * Add or remove share from sharetab 3977 */ 3978 error = zshare_fs(opcode, 3979 (void *)(uintptr_t)zc->zc_share.z_sharedata, 3980 zc->zc_share.z_sharemax); 3981 3982 return (error); 3983 3984 } 3985 3986 ace_t full_access[] = { 3987 {(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0} 3988 }; 3989 3990 /* 3991 * Remove all ACL files in shares dir 3992 */ 3993 static int 3994 zfs_smb_acl_purge(znode_t *dzp) 3995 { 3996 zap_cursor_t zc; 3997 zap_attribute_t zap; 3998 zfsvfs_t *zfsvfs = dzp->z_zfsvfs; 3999 int error; 4000 4001 for (zap_cursor_init(&zc, zfsvfs->z_os, dzp->z_id); 4002 (error = zap_cursor_retrieve(&zc, &zap)) == 0; 4003 zap_cursor_advance(&zc)) { 4004 if ((error = VOP_REMOVE(ZTOV(dzp), zap.za_name, kcred, 4005 NULL, 0)) != 0) 4006 break; 4007 } 4008 zap_cursor_fini(&zc); 4009 return (error); 4010 } 4011 4012 static int 4013 zfs_ioc_smb_acl(zfs_cmd_t *zc) 4014 { 4015 vnode_t *vp; 4016 znode_t *dzp; 4017 vnode_t *resourcevp = NULL; 4018 znode_t *sharedir; 4019 zfsvfs_t *zfsvfs; 4020 nvlist_t *nvlist; 4021 char *src, *target; 4022 vattr_t vattr; 4023 vsecattr_t vsec; 4024 int error = 0; 4025 4026 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE, 4027 NO_FOLLOW, NULL, &vp)) != 0) 4028 return (error); 4029 4030 /* Now make sure mntpnt and dataset are ZFS */ 4031 4032 if (vp->v_vfsp->vfs_fstype != zfsfstype || 4033 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource), 4034 zc->zc_name) != 0)) { 4035 VN_RELE(vp); 4036 return (EINVAL); 4037 } 4038 4039 dzp = VTOZ(vp); 4040 zfsvfs = dzp->z_zfsvfs; 4041 ZFS_ENTER(zfsvfs); 4042 4043 /* 4044 * Create share dir if its missing. 4045 */ 4046 mutex_enter(&zfsvfs->z_lock); 4047 if (zfsvfs->z_shares_dir == 0) { 4048 dmu_tx_t *tx; 4049 4050 tx = dmu_tx_create(zfsvfs->z_os); 4051 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, TRUE, 4052 ZFS_SHARES_DIR); 4053 dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL); 4054 error = dmu_tx_assign(tx, TXG_WAIT); 4055 if (error) { 4056 dmu_tx_abort(tx); 4057 } else { 4058 error = zfs_create_share_dir(zfsvfs, tx); 4059 dmu_tx_commit(tx); 4060 } 4061 if (error) { 4062 mutex_exit(&zfsvfs->z_lock); 4063 VN_RELE(vp); 4064 ZFS_EXIT(zfsvfs); 4065 return (error); 4066 } 4067 } 4068 mutex_exit(&zfsvfs->z_lock); 4069 4070 ASSERT(zfsvfs->z_shares_dir); 4071 if ((error = zfs_zget(zfsvfs, zfsvfs->z_shares_dir, &sharedir)) != 0) { 4072 VN_RELE(vp); 4073 ZFS_EXIT(zfsvfs); 4074 return (error); 4075 } 4076 4077 switch (zc->zc_cookie) { 4078 case ZFS_SMB_ACL_ADD: 4079 vattr.va_mask = AT_MODE|AT_UID|AT_GID|AT_TYPE; 4080 vattr.va_type = VREG; 4081 vattr.va_mode = S_IFREG|0777; 4082 vattr.va_uid = 0; 4083 vattr.va_gid = 0; 4084 4085 vsec.vsa_mask = VSA_ACE; 4086 vsec.vsa_aclentp = &full_access; 4087 vsec.vsa_aclentsz = sizeof (full_access); 4088 vsec.vsa_aclcnt = 1; 4089 4090 error = VOP_CREATE(ZTOV(sharedir), zc->zc_string, 4091 &vattr, EXCL, 0, &resourcevp, kcred, 0, NULL, &vsec); 4092 if (resourcevp) 4093 VN_RELE(resourcevp); 4094 break; 4095 4096 case ZFS_SMB_ACL_REMOVE: 4097 error = VOP_REMOVE(ZTOV(sharedir), zc->zc_string, kcred, 4098 NULL, 0); 4099 break; 4100 4101 case ZFS_SMB_ACL_RENAME: 4102 if ((error = get_nvlist(zc->zc_nvlist_src, 4103 zc->zc_nvlist_src_size, zc->zc_iflags, &nvlist)) != 0) { 4104 VN_RELE(vp); 4105 ZFS_EXIT(zfsvfs); 4106 return (error); 4107 } 4108 if (nvlist_lookup_string(nvlist, ZFS_SMB_ACL_SRC, &src) || 4109 nvlist_lookup_string(nvlist, ZFS_SMB_ACL_TARGET, 4110 &target)) { 4111 VN_RELE(vp); 4112 VN_RELE(ZTOV(sharedir)); 4113 ZFS_EXIT(zfsvfs); 4114 return (error); 4115 } 4116 error = VOP_RENAME(ZTOV(sharedir), src, ZTOV(sharedir), target, 4117 kcred, NULL, 0); 4118 nvlist_free(nvlist); 4119 break; 4120 4121 case ZFS_SMB_ACL_PURGE: 4122 error = zfs_smb_acl_purge(sharedir); 4123 break; 4124 4125 default: 4126 error = EINVAL; 4127 break; 4128 } 4129 4130 VN_RELE(vp); 4131 VN_RELE(ZTOV(sharedir)); 4132 4133 ZFS_EXIT(zfsvfs); 4134 4135 return (error); 4136 } 4137 4138 /* 4139 * inputs: 4140 * zc_name name of filesystem 4141 * zc_value short name of snap 4142 * zc_string user-supplied tag for this reference 4143 * zc_cookie recursive flag 4144 * zc_temphold set if hold is temporary 4145 * 4146 * outputs: none 4147 */ 4148 static int 4149 zfs_ioc_hold(zfs_cmd_t *zc) 4150 { 4151 boolean_t recursive = zc->zc_cookie; 4152 4153 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0) 4154 return (EINVAL); 4155 4156 return (dsl_dataset_user_hold(zc->zc_name, zc->zc_value, 4157 zc->zc_string, recursive, zc->zc_temphold)); 4158 } 4159 4160 /* 4161 * inputs: 4162 * zc_name name of dataset from which we're releasing a user reference 4163 * zc_value short name of snap 4164 * zc_string user-supplied tag for this reference 4165 * zc_cookie recursive flag 4166 * 4167 * outputs: none 4168 */ 4169 static int 4170 zfs_ioc_release(zfs_cmd_t *zc) 4171 { 4172 boolean_t recursive = zc->zc_cookie; 4173 4174 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0) 4175 return (EINVAL); 4176 4177 return (dsl_dataset_user_release(zc->zc_name, zc->zc_value, 4178 zc->zc_string, recursive)); 4179 } 4180 4181 /* 4182 * inputs: 4183 * zc_name name of filesystem 4184 * 4185 * outputs: 4186 * zc_nvlist_src{_size} nvlist of snapshot holds 4187 */ 4188 static int 4189 zfs_ioc_get_holds(zfs_cmd_t *zc) 4190 { 4191 nvlist_t *nvp; 4192 int error; 4193 4194 if ((error = dsl_dataset_get_holds(zc->zc_name, &nvp)) == 0) { 4195 error = put_nvlist(zc, nvp); 4196 nvlist_free(nvp); 4197 } 4198 4199 return (error); 4200 } 4201 4202 /* 4203 * pool create, destroy, and export don't log the history as part of 4204 * zfsdev_ioctl, but rather zfs_ioc_pool_create, and zfs_ioc_pool_export 4205 * do the logging of those commands. 4206 */ 4207 static zfs_ioc_vec_t zfs_ioc_vec[] = { 4208 { zfs_ioc_pool_create, zfs_secpolicy_config, POOL_NAME, B_FALSE, 4209 B_FALSE }, 4210 { zfs_ioc_pool_destroy, zfs_secpolicy_config, POOL_NAME, B_FALSE, 4211 B_FALSE }, 4212 { zfs_ioc_pool_import, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4213 B_FALSE }, 4214 { zfs_ioc_pool_export, zfs_secpolicy_config, POOL_NAME, B_FALSE, 4215 B_FALSE }, 4216 { zfs_ioc_pool_configs, zfs_secpolicy_none, NO_NAME, B_FALSE, 4217 B_FALSE }, 4218 { zfs_ioc_pool_stats, zfs_secpolicy_read, POOL_NAME, B_FALSE, 4219 B_FALSE }, 4220 { zfs_ioc_pool_tryimport, zfs_secpolicy_config, NO_NAME, B_FALSE, 4221 B_FALSE }, 4222 { zfs_ioc_pool_scrub, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4223 B_TRUE }, 4224 { zfs_ioc_pool_freeze, zfs_secpolicy_config, NO_NAME, B_FALSE, 4225 B_FALSE }, 4226 { zfs_ioc_pool_upgrade, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4227 B_TRUE }, 4228 { zfs_ioc_pool_get_history, zfs_secpolicy_config, POOL_NAME, B_FALSE, 4229 B_FALSE }, 4230 { zfs_ioc_vdev_add, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4231 B_TRUE }, 4232 { zfs_ioc_vdev_remove, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4233 B_TRUE }, 4234 { zfs_ioc_vdev_set_state, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4235 B_FALSE }, 4236 { zfs_ioc_vdev_attach, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4237 B_TRUE }, 4238 { zfs_ioc_vdev_detach, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4239 B_TRUE }, 4240 { zfs_ioc_vdev_setpath, zfs_secpolicy_config, POOL_NAME, B_FALSE, 4241 B_TRUE }, 4242 { zfs_ioc_vdev_setfru, zfs_secpolicy_config, POOL_NAME, B_FALSE, 4243 B_TRUE }, 4244 { zfs_ioc_objset_stats, zfs_secpolicy_read, DATASET_NAME, B_FALSE, 4245 B_FALSE }, 4246 { zfs_ioc_objset_zplprops, zfs_secpolicy_read, DATASET_NAME, B_FALSE, 4247 B_FALSE }, 4248 { zfs_ioc_dataset_list_next, zfs_secpolicy_read, DATASET_NAME, B_FALSE, 4249 B_FALSE }, 4250 { zfs_ioc_snapshot_list_next, zfs_secpolicy_read, DATASET_NAME, B_FALSE, 4251 B_FALSE }, 4252 { zfs_ioc_set_prop, zfs_secpolicy_none, DATASET_NAME, B_TRUE, B_TRUE }, 4253 { zfs_ioc_create, zfs_secpolicy_create, DATASET_NAME, B_TRUE, B_TRUE }, 4254 { zfs_ioc_destroy, zfs_secpolicy_destroy, DATASET_NAME, B_TRUE, 4255 B_TRUE}, 4256 { zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME, B_TRUE, 4257 B_TRUE }, 4258 { zfs_ioc_rename, zfs_secpolicy_rename, DATASET_NAME, B_TRUE, B_TRUE }, 4259 { zfs_ioc_recv, zfs_secpolicy_receive, DATASET_NAME, B_TRUE, B_TRUE }, 4260 { zfs_ioc_send, zfs_secpolicy_send, DATASET_NAME, B_TRUE, B_FALSE }, 4261 { zfs_ioc_inject_fault, zfs_secpolicy_inject, NO_NAME, B_FALSE, 4262 B_FALSE }, 4263 { zfs_ioc_clear_fault, zfs_secpolicy_inject, NO_NAME, B_FALSE, 4264 B_FALSE }, 4265 { zfs_ioc_inject_list_next, zfs_secpolicy_inject, NO_NAME, B_FALSE, 4266 B_FALSE }, 4267 { zfs_ioc_error_log, zfs_secpolicy_inject, POOL_NAME, B_FALSE, 4268 B_FALSE }, 4269 { zfs_ioc_clear, zfs_secpolicy_config, POOL_NAME, B_TRUE, B_FALSE }, 4270 { zfs_ioc_promote, zfs_secpolicy_promote, DATASET_NAME, B_TRUE, 4271 B_TRUE }, 4272 { zfs_ioc_destroy_snaps, zfs_secpolicy_destroy, DATASET_NAME, B_TRUE, 4273 B_TRUE }, 4274 { zfs_ioc_snapshot, zfs_secpolicy_snapshot, DATASET_NAME, B_TRUE, 4275 B_TRUE }, 4276 { zfs_ioc_dsobj_to_dsname, zfs_secpolicy_config, POOL_NAME, B_FALSE, 4277 B_FALSE }, 4278 { zfs_ioc_obj_to_path, zfs_secpolicy_config, DATASET_NAME, B_FALSE, 4279 B_TRUE }, 4280 { zfs_ioc_pool_set_props, zfs_secpolicy_config, POOL_NAME, B_TRUE, 4281 B_TRUE }, 4282 { zfs_ioc_pool_get_props, zfs_secpolicy_read, POOL_NAME, B_FALSE, 4283 B_FALSE }, 4284 { zfs_ioc_set_fsacl, zfs_secpolicy_fsacl, DATASET_NAME, B_TRUE, 4285 B_TRUE }, 4286 { zfs_ioc_get_fsacl, zfs_secpolicy_read, DATASET_NAME, B_FALSE, 4287 B_FALSE }, 4288 { zfs_ioc_iscsi_perm_check, zfs_secpolicy_iscsi, DATASET_NAME, B_FALSE, 4289 B_FALSE }, 4290 { zfs_ioc_share, zfs_secpolicy_share, DATASET_NAME, B_FALSE, B_FALSE }, 4291 { zfs_ioc_inherit_prop, zfs_secpolicy_inherit, DATASET_NAME, B_TRUE, 4292 B_TRUE }, 4293 { zfs_ioc_smb_acl, zfs_secpolicy_smb_acl, DATASET_NAME, B_FALSE, 4294 B_FALSE }, 4295 { zfs_ioc_userspace_one, zfs_secpolicy_userspace_one, 4296 DATASET_NAME, B_FALSE, B_FALSE }, 4297 { zfs_ioc_userspace_many, zfs_secpolicy_userspace_many, 4298 DATASET_NAME, B_FALSE, B_FALSE }, 4299 { zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade, 4300 DATASET_NAME, B_FALSE, B_TRUE }, 4301 { zfs_ioc_hold, zfs_secpolicy_hold, DATASET_NAME, B_TRUE, B_TRUE }, 4302 { zfs_ioc_release, zfs_secpolicy_release, DATASET_NAME, B_TRUE, 4303 B_TRUE }, 4304 { zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME, B_FALSE, 4305 B_TRUE }, 4306 { zfs_ioc_objset_recvd_props, zfs_secpolicy_read, DATASET_NAME, B_FALSE, 4307 B_FALSE } 4308 }; 4309 4310 int 4311 pool_status_check(const char *name, zfs_ioc_namecheck_t type) 4312 { 4313 spa_t *spa; 4314 int error; 4315 4316 ASSERT(type == POOL_NAME || type == DATASET_NAME); 4317 4318 error = spa_open(name, &spa, FTAG); 4319 if (error == 0) { 4320 if (spa_suspended(spa)) 4321 error = EAGAIN; 4322 spa_close(spa, FTAG); 4323 } 4324 return (error); 4325 } 4326 4327 static int 4328 zfsdev_ioctl(dev_t dev, int cmd, intptr_t arg, int flag, cred_t *cr, int *rvalp) 4329 { 4330 zfs_cmd_t *zc; 4331 uint_t vec; 4332 int error, rc; 4333 4334 if (getminor(dev) != 0) 4335 return (zvol_ioctl(dev, cmd, arg, flag, cr, rvalp)); 4336 4337 vec = cmd - ZFS_IOC; 4338 ASSERT3U(getmajor(dev), ==, ddi_driver_major(zfs_dip)); 4339 4340 if (vec >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0])) 4341 return (EINVAL); 4342 4343 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP); 4344 4345 error = ddi_copyin((void *)arg, zc, sizeof (zfs_cmd_t), flag); 4346 4347 if ((error == 0) && !(flag & FKIOCTL)) 4348 error = zfs_ioc_vec[vec].zvec_secpolicy(zc, cr); 4349 4350 /* 4351 * Ensure that all pool/dataset names are valid before we pass down to 4352 * the lower layers. 4353 */ 4354 if (error == 0) { 4355 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0'; 4356 zc->zc_iflags = flag & FKIOCTL; 4357 switch (zfs_ioc_vec[vec].zvec_namecheck) { 4358 case POOL_NAME: 4359 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0) 4360 error = EINVAL; 4361 if (zfs_ioc_vec[vec].zvec_pool_check) 4362 error = pool_status_check(zc->zc_name, 4363 zfs_ioc_vec[vec].zvec_namecheck); 4364 break; 4365 4366 case DATASET_NAME: 4367 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0) 4368 error = EINVAL; 4369 if (zfs_ioc_vec[vec].zvec_pool_check) 4370 error = pool_status_check(zc->zc_name, 4371 zfs_ioc_vec[vec].zvec_namecheck); 4372 break; 4373 4374 case NO_NAME: 4375 break; 4376 } 4377 } 4378 4379 if (error == 0) 4380 error = zfs_ioc_vec[vec].zvec_func(zc); 4381 4382 rc = ddi_copyout(zc, (void *)arg, sizeof (zfs_cmd_t), flag); 4383 if (error == 0) { 4384 error = rc; 4385 if (zfs_ioc_vec[vec].zvec_his_log) 4386 zfs_log_history(zc); 4387 } 4388 4389 kmem_free(zc, sizeof (zfs_cmd_t)); 4390 return (error); 4391 } 4392 4393 static int 4394 zfs_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) 4395 { 4396 if (cmd != DDI_ATTACH) 4397 return (DDI_FAILURE); 4398 4399 if (ddi_create_minor_node(dip, "zfs", S_IFCHR, 0, 4400 DDI_PSEUDO, 0) == DDI_FAILURE) 4401 return (DDI_FAILURE); 4402 4403 zfs_dip = dip; 4404 4405 ddi_report_dev(dip); 4406 4407 return (DDI_SUCCESS); 4408 } 4409 4410 static int 4411 zfs_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) 4412 { 4413 if (spa_busy() || zfs_busy() || zvol_busy()) 4414 return (DDI_FAILURE); 4415 4416 if (cmd != DDI_DETACH) 4417 return (DDI_FAILURE); 4418 4419 zfs_dip = NULL; 4420 4421 ddi_prop_remove_all(dip); 4422 ddi_remove_minor_node(dip, NULL); 4423 4424 return (DDI_SUCCESS); 4425 } 4426 4427 /*ARGSUSED*/ 4428 static int 4429 zfs_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result) 4430 { 4431 switch (infocmd) { 4432 case DDI_INFO_DEVT2DEVINFO: 4433 *result = zfs_dip; 4434 return (DDI_SUCCESS); 4435 4436 case DDI_INFO_DEVT2INSTANCE: 4437 *result = (void *)0; 4438 return (DDI_SUCCESS); 4439 } 4440 4441 return (DDI_FAILURE); 4442 } 4443 4444 /* 4445 * OK, so this is a little weird. 4446 * 4447 * /dev/zfs is the control node, i.e. minor 0. 4448 * /dev/zvol/[r]dsk/pool/dataset are the zvols, minor > 0. 4449 * 4450 * /dev/zfs has basically nothing to do except serve up ioctls, 4451 * so most of the standard driver entry points are in zvol.c. 4452 */ 4453 static struct cb_ops zfs_cb_ops = { 4454 zvol_open, /* open */ 4455 zvol_close, /* close */ 4456 zvol_strategy, /* strategy */ 4457 nodev, /* print */ 4458 zvol_dump, /* dump */ 4459 zvol_read, /* read */ 4460 zvol_write, /* write */ 4461 zfsdev_ioctl, /* ioctl */ 4462 nodev, /* devmap */ 4463 nodev, /* mmap */ 4464 nodev, /* segmap */ 4465 nochpoll, /* poll */ 4466 ddi_prop_op, /* prop_op */ 4467 NULL, /* streamtab */ 4468 D_NEW | D_MP | D_64BIT, /* Driver compatibility flag */ 4469 CB_REV, /* version */ 4470 nodev, /* async read */ 4471 nodev, /* async write */ 4472 }; 4473 4474 static struct dev_ops zfs_dev_ops = { 4475 DEVO_REV, /* version */ 4476 0, /* refcnt */ 4477 zfs_info, /* info */ 4478 nulldev, /* identify */ 4479 nulldev, /* probe */ 4480 zfs_attach, /* attach */ 4481 zfs_detach, /* detach */ 4482 nodev, /* reset */ 4483 &zfs_cb_ops, /* driver operations */ 4484 NULL, /* no bus operations */ 4485 NULL, /* power */ 4486 ddi_quiesce_not_needed, /* quiesce */ 4487 }; 4488 4489 static struct modldrv zfs_modldrv = { 4490 &mod_driverops, 4491 "ZFS storage pool", 4492 &zfs_dev_ops 4493 }; 4494 4495 static struct modlinkage modlinkage = { 4496 MODREV_1, 4497 (void *)&zfs_modlfs, 4498 (void *)&zfs_modldrv, 4499 NULL 4500 }; 4501 4502 4503 uint_t zfs_fsyncer_key; 4504 extern uint_t rrw_tsd_key; 4505 4506 int 4507 _init(void) 4508 { 4509 int error; 4510 4511 spa_init(FREAD | FWRITE); 4512 zfs_init(); 4513 zvol_init(); 4514 4515 if ((error = mod_install(&modlinkage)) != 0) { 4516 zvol_fini(); 4517 zfs_fini(); 4518 spa_fini(); 4519 return (error); 4520 } 4521 4522 tsd_create(&zfs_fsyncer_key, NULL); 4523 tsd_create(&rrw_tsd_key, NULL); 4524 4525 error = ldi_ident_from_mod(&modlinkage, &zfs_li); 4526 ASSERT(error == 0); 4527 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL); 4528 4529 return (0); 4530 } 4531 4532 int 4533 _fini(void) 4534 { 4535 int error; 4536 4537 if (spa_busy() || zfs_busy() || zvol_busy() || zio_injection_enabled) 4538 return (EBUSY); 4539 4540 if ((error = mod_remove(&modlinkage)) != 0) 4541 return (error); 4542 4543 zvol_fini(); 4544 zfs_fini(); 4545 spa_fini(); 4546 if (zfs_nfsshare_inited) 4547 (void) ddi_modclose(nfs_mod); 4548 if (zfs_smbshare_inited) 4549 (void) ddi_modclose(smbsrv_mod); 4550 if (zfs_nfsshare_inited || zfs_smbshare_inited) 4551 (void) ddi_modclose(sharefs_mod); 4552 4553 tsd_destroy(&zfs_fsyncer_key); 4554 ldi_ident_release(zfs_li); 4555 zfs_li = NULL; 4556 mutex_destroy(&zfs_share_lock); 4557 4558 return (error); 4559 } 4560 4561 int 4562 _info(struct modinfo *modinfop) 4563 { 4564 return (mod_info(&modlinkage, modinfop)); 4565 } 4566
Indexes created Thu Nov 26 17:27:16 UTC 2009
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
Copyright © 1995-2008 Sun Microsystems, Inc.