4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
23 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Portions Copyright 2011 Martin Matuska
25 * Copyright 2015, OmniTI Computer Consulting, Inc. All rights reserved.
26 * Portions Copyright 2012 Pawel Jakub Dawidek <pawel@dawidek.net>
27 * Copyright (c) 2014, 2016 Joyent, Inc. All rights reserved.
28 * Copyright 2016 Nexenta Systems, Inc. All rights reserved.
29 * Copyright (c) 2014, Joyent, Inc. All rights reserved.
30 * Copyright (c) 2011, 2017 by Delphix. All rights reserved.
31 * Copyright (c) 2013 by Saso Kiselkov. All rights reserved.
32 * Copyright (c) 2013 Steven Hartland. All rights reserved.
33 * Copyright (c) 2014 Integros [integros.com]
34 * Copyright 2016 Toomas Soome <tsoome@me.com>
35 * Copyright (c) 2016 Actifio, Inc. All rights reserved.
36 * Copyright (c) 2017, loli10K <ezomori.nozomu@gmail.com>. All rights reserved.
37 * Copyright (c) 2017 Datto Inc. All rights reserved.
38 * Copyright 2017 RackTop Systems.
39 * Copyright (c) 2017 Open-E, Inc. All Rights Reserved.
45 * This file handles the ioctls to /dev/zfs, used for configuring ZFS storage
46 * pools and filesystems, e.g. with /sbin/zfs and /sbin/zpool.
48 * There are two ways that we handle ioctls: the legacy way where almost
49 * all of the logic is in the ioctl callback, and the new way where most
50 * of the marshalling is handled in the common entry point, zfsdev_ioctl().
52 * Non-legacy ioctls should be registered by calling
53 * zfs_ioctl_register() from zfs_ioctl_init(). The ioctl is invoked
54 * from userland by lzc_ioctl().
56 * The registration arguments are as follows:
59 * The name of the ioctl. This is used for history logging. If the
60 * ioctl returns successfully (the callback returns 0), and allow_log
61 * is true, then a history log entry will be recorded with the input &
62 * output nvlists. The log entry can be printed with "zpool history -i".
65 * The ioctl request number, which userland will pass to ioctl(2).
66 * The ioctl numbers can change from release to release, because
67 * the caller (libzfs) must be matched to the kernel.
69 * zfs_secpolicy_func_t *secpolicy
70 * This function will be called before the zfs_ioc_func_t, to
71 * determine if this operation is permitted. It should return EPERM
72 * on failure, and 0 on success. Checks include determining if the
73 * dataset is visible in this zone, and if the user has either all
74 * zfs privileges in the zone (SYS_MOUNT), or has been granted permission
75 * to do this operation on this dataset with "zfs allow".
77 * zfs_ioc_namecheck_t namecheck
78 * This specifies what to expect in the zfs_cmd_t:zc_name -- a pool
79 * name, a dataset name, or nothing. If the name is not well-formed,
80 * the ioctl will fail and the callback will not be called.
81 * Therefore, the callback can assume that the name is well-formed
82 * (e.g. is null-terminated, doesn't have more than one '@' character,
83 * doesn't have invalid characters).
85 * zfs_ioc_poolcheck_t pool_check
86 * This specifies requirements on the pool state. If the pool does
87 * not meet them (is suspended or is readonly), the ioctl will fail
88 * and the callback will not be called. If any checks are specified
89 * (i.e. it is not POOL_CHECK_NONE), namecheck must not be NO_NAME.
90 * Multiple checks can be or-ed together (e.g. POOL_CHECK_SUSPENDED |
91 * POOL_CHECK_READONLY).
93 * boolean_t smush_outnvlist
94 * If smush_outnvlist is true, then the output is presumed to be a
95 * list of errors, and it will be "smushed" down to fit into the
96 * caller's buffer, by removing some entries and replacing them with a
97 * single "N_MORE_ERRORS" entry indicating how many were removed. See
98 * nvlist_smush() for details. If smush_outnvlist is false, and the
99 * outnvlist does not fit into the userland-provided buffer, then the
100 * ioctl will fail with ENOMEM.
102 * zfs_ioc_func_t *func
103 * The callback function that will perform the operation.
105 * The callback should return 0 on success, or an error number on
106 * failure. If the function fails, the userland ioctl will return -1,
107 * and errno will be set to the callback's return value. The callback
108 * will be called with the following arguments:
111 * The name of the pool or dataset to operate on, from
112 * zfs_cmd_t:zc_name. The 'namecheck' argument specifies the
113 * expected type (pool, dataset, or none).
116 * The input nvlist, deserialized from zfs_cmd_t:zc_nvlist_src. Or
117 * NULL if no input nvlist was provided. Changes to this nvlist are
118 * ignored. If the input nvlist could not be deserialized, the
119 * ioctl will fail and the callback will not be called.
122 * The output nvlist, initially empty. The callback can fill it in,
123 * and it will be returned to userland by serializing it into
124 * zfs_cmd_t:zc_nvlist_dst. If it is non-empty, and serialization
125 * fails (e.g. because the caller didn't supply a large enough
126 * buffer), then the overall ioctl will fail. See the
127 * 'smush_nvlist' argument above for additional behaviors.
129 * There are two typical uses of the output nvlist:
130 * - To return state, e.g. property values. In this case,
131 * smush_outnvlist should be false. If the buffer was not large
132 * enough, the caller will reallocate a larger buffer and try
135 * - To return multiple errors from an ioctl which makes on-disk
136 * changes. In this case, smush_outnvlist should be true.
137 * Ioctls which make on-disk modifications should generally not
138 * use the outnvl if they succeed, because the caller can not
139 * distinguish between the operation failing, and
140 * deserialization failing.
143 #include <sys/types.h>
144 #include <sys/param.h>
145 #include <sys/errno.h>
148 #include <sys/modctl.h>
149 #include <sys/open.h>
150 #include <sys/file.h>
151 #include <sys/kmem.h>
152 #include <sys/conf.h>
153 #include <sys/cmn_err.h>
154 #include <sys/stat.h>
155 #include <sys/zfs_ioctl.h>
156 #include <sys/zfs_vfsops.h>
157 #include <sys/zfs_znode.h>
160 #include <sys/spa_impl.h>
161 #include <sys/vdev.h>
162 #include <sys/vdev_impl.h>
163 #include <sys/priv_impl.h>
165 #include <sys/dsl_dir.h>
166 #include <sys/dsl_dataset.h>
167 #include <sys/dsl_prop.h>
168 #include <sys/dsl_deleg.h>
169 #include <sys/dmu_objset.h>
170 #include <sys/dmu_impl.h>
171 #include <sys/dmu_tx.h>
173 #include <sys/sunddi.h>
174 #include <sys/sunldi.h>
175 #include <sys/policy.h>
176 #include <sys/zone.h>
177 #include <sys/nvpair.h>
178 #include <sys/pathname.h>
179 #include <sys/mount.h>
181 #include <sys/fs/zfs.h>
182 #include <sys/zfs_ctldir.h>
183 #include <sys/zfs_dir.h>
184 #include <sys/zfs_onexit.h>
185 #include <sys/zvol.h>
186 #include <sys/dsl_scan.h>
187 #include <sharefs/share.h>
188 #include <sys/fm/util.h>
189 #include <sys/dsl_crypt.h>
191 #include <sys/dmu_send.h>
192 #include <sys/dsl_destroy.h>
193 #include <sys/dsl_bookmark.h>
194 #include <sys/dsl_userhold.h>
195 #include <sys/zfeature.h>
197 #include <sys/zio_checksum.h>
198 #include <sys/vdev_removal.h>
200 #include <linux/miscdevice.h>
201 #include <linux/slab.h>
203 #include "zfs_namecheck.h"
204 #include "zfs_prop.h"
205 #include "zfs_deleg.h"
206 #include "zfs_comutil.h"
208 #include <sys/lua/lua.h>
209 #include <sys/lua/lauxlib.h>
212 * Limit maximum nvlist size. We don't want users passing in insane values
213 * for zc->zc_nvlist_src_size, since we will need to allocate that much memory.
215 #define MAX_NVLIST_SRC_SIZE KMALLOC_MAX_SIZE
217 kmutex_t zfsdev_state_lock;
218 zfsdev_state_t *zfsdev_state_list;
220 extern void zfs_init(void);
221 extern void zfs_fini(void);
223 uint_t zfs_fsyncer_key;
224 extern uint_t rrw_tsd_key;
225 static uint_t zfs_allow_log_key;
227 typedef int zfs_ioc_legacy_func_t(zfs_cmd_t *);
228 typedef int zfs_ioc_func_t(const char *, nvlist_t *, nvlist_t *);
229 typedef int zfs_secpolicy_func_t(zfs_cmd_t *, nvlist_t *, cred_t *);
235 } zfs_ioc_namecheck_t;
238 POOL_CHECK_NONE = 1 << 0,
239 POOL_CHECK_SUSPENDED = 1 << 1,
240 POOL_CHECK_READONLY = 1 << 2,
241 } zfs_ioc_poolcheck_t;
243 typedef struct zfs_ioc_vec {
244 zfs_ioc_legacy_func_t *zvec_legacy_func;
245 zfs_ioc_func_t *zvec_func;
246 zfs_secpolicy_func_t *zvec_secpolicy;
247 zfs_ioc_namecheck_t zvec_namecheck;
248 boolean_t zvec_allow_log;
249 zfs_ioc_poolcheck_t zvec_pool_check;
250 boolean_t zvec_smush_outnvlist;
251 const char *zvec_name;
254 /* This array is indexed by zfs_userquota_prop_t */
255 static const char *userquota_perms[] = {
256 ZFS_DELEG_PERM_USERUSED,
257 ZFS_DELEG_PERM_USERQUOTA,
258 ZFS_DELEG_PERM_GROUPUSED,
259 ZFS_DELEG_PERM_GROUPQUOTA,
260 ZFS_DELEG_PERM_USEROBJUSED,
261 ZFS_DELEG_PERM_USEROBJQUOTA,
262 ZFS_DELEG_PERM_GROUPOBJUSED,
263 ZFS_DELEG_PERM_GROUPOBJQUOTA,
264 ZFS_DELEG_PERM_PROJECTUSED,
265 ZFS_DELEG_PERM_PROJECTQUOTA,
266 ZFS_DELEG_PERM_PROJECTOBJUSED,
267 ZFS_DELEG_PERM_PROJECTOBJQUOTA,
270 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc);
271 static int zfs_ioc_id_quota_upgrade(zfs_cmd_t *zc);
272 static int zfs_check_settable(const char *name, nvpair_t *property,
274 static int zfs_check_clearable(char *dataset, nvlist_t *props,
276 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *,
278 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t *);
279 static int get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp);
282 history_str_free(char *buf)
284 kmem_free(buf, HIS_MAX_RECORD_LEN);
288 history_str_get(zfs_cmd_t *zc)
292 if (zc->zc_history == 0)
295 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP);
296 if (copyinstr((void *)(uintptr_t)zc->zc_history,
297 buf, HIS_MAX_RECORD_LEN, NULL) != 0) {
298 history_str_free(buf);
302 buf[HIS_MAX_RECORD_LEN -1] = '\0';
308 * Check to see if the named dataset is currently defined as bootable
311 zfs_is_bootfs(const char *name)
315 if (dmu_objset_hold(name, FTAG, &os) == 0) {
317 ret = (dmu_objset_id(os) == spa_bootfs(dmu_objset_spa(os)));
318 dmu_objset_rele(os, FTAG);
325 * Return non-zero if the spa version is less than requested version.
328 zfs_earlier_version(const char *name, int version)
332 if (spa_open(name, &spa, FTAG) == 0) {
333 if (spa_version(spa) < version) {
334 spa_close(spa, FTAG);
337 spa_close(spa, FTAG);
343 * Return TRUE if the ZPL version is less than requested version.
346 zpl_earlier_version(const char *name, int version)
349 boolean_t rc = B_TRUE;
351 if (dmu_objset_hold(name, FTAG, &os) == 0) {
354 if (dmu_objset_type(os) != DMU_OST_ZFS) {
355 dmu_objset_rele(os, FTAG);
358 /* XXX reading from non-owned objset */
359 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0)
360 rc = zplversion < version;
361 dmu_objset_rele(os, FTAG);
367 zfs_log_history(zfs_cmd_t *zc)
372 if ((buf = history_str_get(zc)) == NULL)
375 if (spa_open(zc->zc_name, &spa, FTAG) == 0) {
376 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY)
377 (void) spa_history_log(spa, buf);
378 spa_close(spa, FTAG);
380 history_str_free(buf);
384 * Policy for top-level read operations (list pools). Requires no privileges,
385 * and can be used in the local zone, as there is no associated dataset.
389 zfs_secpolicy_none(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
395 * Policy for dataset read operations (list children, get statistics). Requires
396 * no privileges, but must be visible in the local zone.
400 zfs_secpolicy_read(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
402 if (INGLOBALZONE(curproc) ||
403 zone_dataset_visible(zc->zc_name, NULL))
406 return (SET_ERROR(ENOENT));
410 zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr)
415 * The dataset must be visible by this zone -- check this first
416 * so they don't see EPERM on something they shouldn't know about.
418 if (!INGLOBALZONE(curproc) &&
419 !zone_dataset_visible(dataset, &writable))
420 return (SET_ERROR(ENOENT));
422 if (INGLOBALZONE(curproc)) {
424 * If the fs is zoned, only root can access it from the
427 if (secpolicy_zfs(cr) && zoned)
428 return (SET_ERROR(EPERM));
431 * If we are in a local zone, the 'zoned' property must be set.
434 return (SET_ERROR(EPERM));
436 /* must be writable by this zone */
438 return (SET_ERROR(EPERM));
444 zfs_dozonecheck(const char *dataset, cred_t *cr)
448 if (dsl_prop_get_integer(dataset, "zoned", &zoned, NULL))
449 return (SET_ERROR(ENOENT));
451 return (zfs_dozonecheck_impl(dataset, zoned, cr));
455 zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr)
459 if (dsl_prop_get_int_ds(ds, "zoned", &zoned))
460 return (SET_ERROR(ENOENT));
462 return (zfs_dozonecheck_impl(dataset, zoned, cr));
466 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds,
467 const char *perm, cred_t *cr)
471 error = zfs_dozonecheck_ds(name, ds, cr);
473 error = secpolicy_zfs(cr);
475 error = dsl_deleg_access_impl(ds, perm, cr);
481 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
488 * First do a quick check for root in the global zone, which
489 * is allowed to do all write_perms. This ensures that zfs_ioc_*
490 * will get to handle nonexistent datasets.
492 if (INGLOBALZONE(curproc) && secpolicy_zfs(cr) == 0)
495 error = dsl_pool_hold(name, FTAG, &dp);
499 error = dsl_dataset_hold(dp, name, FTAG, &ds);
501 dsl_pool_rele(dp, FTAG);
505 error = zfs_secpolicy_write_perms_ds(name, ds, perm, cr);
507 dsl_dataset_rele(ds, FTAG);
508 dsl_pool_rele(dp, FTAG);
513 * Policy for setting the security label property.
515 * Returns 0 for success, non-zero for access and other errors.
518 zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr)
521 char ds_hexsl[MAXNAMELEN];
522 bslabel_t ds_sl, new_sl;
523 boolean_t new_default = FALSE;
525 int needed_priv = -1;
528 /* First get the existing dataset label. */
529 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL),
530 1, sizeof (ds_hexsl), &ds_hexsl, NULL);
532 return (SET_ERROR(EPERM));
534 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0)
537 /* The label must be translatable */
538 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0))
539 return (SET_ERROR(EINVAL));
542 * In a non-global zone, disallow attempts to set a label that
543 * doesn't match that of the zone; otherwise no other checks
546 if (!INGLOBALZONE(curproc)) {
547 if (new_default || !blequal(&new_sl, CR_SL(CRED())))
548 return (SET_ERROR(EPERM));
553 * For global-zone datasets (i.e., those whose zoned property is
554 * "off", verify that the specified new label is valid for the
557 if (dsl_prop_get_integer(name,
558 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL))
559 return (SET_ERROR(EPERM));
561 if (zfs_check_global_label(name, strval) != 0)
562 return (SET_ERROR(EPERM));
566 * If the existing dataset label is nondefault, check if the
567 * dataset is mounted (label cannot be changed while mounted).
568 * Get the zfsvfs_t; if there isn't one, then the dataset isn't
569 * mounted (or isn't a dataset, doesn't exist, ...).
571 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) {
573 static char *setsl_tag = "setsl_tag";
576 * Try to own the dataset; abort if there is any error,
577 * (e.g., already mounted, in use, or other error).
579 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE, B_TRUE,
582 return (SET_ERROR(EPERM));
584 dmu_objset_disown(os, B_TRUE, setsl_tag);
587 needed_priv = PRIV_FILE_DOWNGRADE_SL;
591 if (hexstr_to_label(strval, &new_sl) != 0)
592 return (SET_ERROR(EPERM));
594 if (blstrictdom(&ds_sl, &new_sl))
595 needed_priv = PRIV_FILE_DOWNGRADE_SL;
596 else if (blstrictdom(&new_sl, &ds_sl))
597 needed_priv = PRIV_FILE_UPGRADE_SL;
599 /* dataset currently has a default label */
601 needed_priv = PRIV_FILE_UPGRADE_SL;
605 if (needed_priv != -1)
606 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL));
609 return (SET_ERROR(ENOTSUP));
610 #endif /* HAVE_MLSLABEL */
614 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval,
620 * Check permissions for special properties.
627 * Disallow setting of 'zoned' from within a local zone.
629 if (!INGLOBALZONE(curproc))
630 return (SET_ERROR(EPERM));
634 case ZFS_PROP_FILESYSTEM_LIMIT:
635 case ZFS_PROP_SNAPSHOT_LIMIT:
636 if (!INGLOBALZONE(curproc)) {
638 char setpoint[ZFS_MAX_DATASET_NAME_LEN];
640 * Unprivileged users are allowed to modify the
641 * limit on things *under* (ie. contained by)
642 * the thing they own.
644 if (dsl_prop_get_integer(dsname, "zoned", &zoned,
646 return (SET_ERROR(EPERM));
647 if (!zoned || strlen(dsname) <= strlen(setpoint))
648 return (SET_ERROR(EPERM));
652 case ZFS_PROP_MLSLABEL:
653 if (!is_system_labeled())
654 return (SET_ERROR(EPERM));
656 if (nvpair_value_string(propval, &strval) == 0) {
659 err = zfs_set_slabel_policy(dsname, strval, CRED());
666 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr));
671 zfs_secpolicy_set_fsacl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
675 error = zfs_dozonecheck(zc->zc_name, cr);
680 * permission to set permissions will be evaluated later in
681 * dsl_deleg_can_allow()
688 zfs_secpolicy_rollback(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
690 return (zfs_secpolicy_write_perms(zc->zc_name,
691 ZFS_DELEG_PERM_ROLLBACK, cr));
696 zfs_secpolicy_send(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
704 * Generate the current snapshot name from the given objsetid, then
705 * use that name for the secpolicy/zone checks.
707 cp = strchr(zc->zc_name, '@');
709 return (SET_ERROR(EINVAL));
710 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
714 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
716 dsl_pool_rele(dp, FTAG);
720 dsl_dataset_name(ds, zc->zc_name);
722 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds,
723 ZFS_DELEG_PERM_SEND, cr);
724 dsl_dataset_rele(ds, FTAG);
725 dsl_pool_rele(dp, FTAG);
732 zfs_secpolicy_send_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
734 return (zfs_secpolicy_write_perms(zc->zc_name,
735 ZFS_DELEG_PERM_SEND, cr));
738 #ifdef HAVE_SMB_SHARE
741 zfs_secpolicy_deleg_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
746 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
747 NO_FOLLOW, NULL, &vp)) != 0)
750 /* Now make sure mntpnt and dataset are ZFS */
752 if (vp->v_vfsp->vfs_fstype != zfsfstype ||
753 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
754 zc->zc_name) != 0)) {
756 return (SET_ERROR(EPERM));
760 return (dsl_deleg_access(zc->zc_name,
761 ZFS_DELEG_PERM_SHARE, cr));
763 #endif /* HAVE_SMB_SHARE */
766 zfs_secpolicy_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
768 #ifdef HAVE_SMB_SHARE
769 if (!INGLOBALZONE(curproc))
770 return (SET_ERROR(EPERM));
772 if (secpolicy_nfs(cr) == 0) {
775 return (zfs_secpolicy_deleg_share(zc, innvl, cr));
778 return (SET_ERROR(ENOTSUP));
779 #endif /* HAVE_SMB_SHARE */
783 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
785 #ifdef HAVE_SMB_SHARE
786 if (!INGLOBALZONE(curproc))
787 return (SET_ERROR(EPERM));
789 if (secpolicy_smb(cr) == 0) {
792 return (zfs_secpolicy_deleg_share(zc, innvl, cr));
795 return (SET_ERROR(ENOTSUP));
796 #endif /* HAVE_SMB_SHARE */
800 zfs_get_parent(const char *datasetname, char *parent, int parentsize)
805 * Remove the @bla or /bla from the end of the name to get the parent.
807 (void) strncpy(parent, datasetname, parentsize);
808 cp = strrchr(parent, '@');
812 cp = strrchr(parent, '/');
814 return (SET_ERROR(ENOENT));
822 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr)
826 if ((error = zfs_secpolicy_write_perms(name,
827 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
830 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr));
835 zfs_secpolicy_destroy(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
837 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr));
841 * Destroying snapshots with delegated permissions requires
842 * descendant mount and destroy permissions.
846 zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
849 nvpair_t *pair, *nextpair;
852 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
853 return (SET_ERROR(EINVAL));
854 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
856 nextpair = nvlist_next_nvpair(snaps, pair);
857 error = zfs_secpolicy_destroy_perms(nvpair_name(pair), cr);
858 if (error == ENOENT) {
860 * Ignore any snapshots that don't exist (we consider
861 * them "already destroyed"). Remove the name from the
862 * nvl here in case the snapshot is created between
863 * now and when we try to destroy it (in which case
864 * we don't want to destroy it since we haven't
865 * checked for permission).
867 fnvlist_remove_nvpair(snaps, pair);
878 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr)
880 char parentname[ZFS_MAX_DATASET_NAME_LEN];
883 if ((error = zfs_secpolicy_write_perms(from,
884 ZFS_DELEG_PERM_RENAME, cr)) != 0)
887 if ((error = zfs_secpolicy_write_perms(from,
888 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
891 if ((error = zfs_get_parent(to, parentname,
892 sizeof (parentname))) != 0)
895 if ((error = zfs_secpolicy_write_perms(parentname,
896 ZFS_DELEG_PERM_CREATE, cr)) != 0)
899 if ((error = zfs_secpolicy_write_perms(parentname,
900 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
908 zfs_secpolicy_rename(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
910 return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr));
915 zfs_secpolicy_promote(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
918 dsl_dataset_t *clone;
921 error = zfs_secpolicy_write_perms(zc->zc_name,
922 ZFS_DELEG_PERM_PROMOTE, cr);
926 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
930 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &clone);
933 char parentname[ZFS_MAX_DATASET_NAME_LEN];
934 dsl_dataset_t *origin = NULL;
938 error = dsl_dataset_hold_obj(dd->dd_pool,
939 dsl_dir_phys(dd)->dd_origin_obj, FTAG, &origin);
941 dsl_dataset_rele(clone, FTAG);
942 dsl_pool_rele(dp, FTAG);
946 error = zfs_secpolicy_write_perms_ds(zc->zc_name, clone,
947 ZFS_DELEG_PERM_MOUNT, cr);
949 dsl_dataset_name(origin, parentname);
951 error = zfs_secpolicy_write_perms_ds(parentname, origin,
952 ZFS_DELEG_PERM_PROMOTE, cr);
954 dsl_dataset_rele(clone, FTAG);
955 dsl_dataset_rele(origin, FTAG);
957 dsl_pool_rele(dp, FTAG);
963 zfs_secpolicy_recv(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
967 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
968 ZFS_DELEG_PERM_RECEIVE, cr)) != 0)
971 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
972 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
975 return (zfs_secpolicy_write_perms(zc->zc_name,
976 ZFS_DELEG_PERM_CREATE, cr));
981 zfs_secpolicy_recv_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
983 return (zfs_secpolicy_recv(zc, innvl, cr));
987 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr)
989 return (zfs_secpolicy_write_perms(name,
990 ZFS_DELEG_PERM_SNAPSHOT, cr));
994 * Check for permission to create each snapshot in the nvlist.
998 zfs_secpolicy_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1004 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
1005 return (SET_ERROR(EINVAL));
1006 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
1007 pair = nvlist_next_nvpair(snaps, pair)) {
1008 char *name = nvpair_name(pair);
1009 char *atp = strchr(name, '@');
1012 error = SET_ERROR(EINVAL);
1016 error = zfs_secpolicy_snapshot_perms(name, cr);
1025 * Check for permission to create each snapshot in the nvlist.
1029 zfs_secpolicy_bookmark(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1033 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL);
1034 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
1035 char *name = nvpair_name(pair);
1036 char *hashp = strchr(name, '#');
1038 if (hashp == NULL) {
1039 error = SET_ERROR(EINVAL);
1043 error = zfs_secpolicy_write_perms(name,
1044 ZFS_DELEG_PERM_BOOKMARK, cr);
1054 zfs_secpolicy_remap(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1056 return (zfs_secpolicy_write_perms(zc->zc_name,
1057 ZFS_DELEG_PERM_REMAP, cr));
1062 zfs_secpolicy_destroy_bookmarks(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1064 nvpair_t *pair, *nextpair;
1067 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL;
1069 char *name = nvpair_name(pair);
1070 char *hashp = strchr(name, '#');
1071 nextpair = nvlist_next_nvpair(innvl, pair);
1073 if (hashp == NULL) {
1074 error = SET_ERROR(EINVAL);
1079 error = zfs_secpolicy_write_perms(name,
1080 ZFS_DELEG_PERM_DESTROY, cr);
1082 if (error == ENOENT) {
1084 * Ignore any filesystems that don't exist (we consider
1085 * their bookmarks "already destroyed"). Remove
1086 * the name from the nvl here in case the filesystem
1087 * is created between now and when we try to destroy
1088 * the bookmark (in which case we don't want to
1089 * destroy it since we haven't checked for permission).
1091 fnvlist_remove_nvpair(innvl, pair);
1103 zfs_secpolicy_log_history(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1106 * Even root must have a proper TSD so that we know what pool
1109 if (tsd_get(zfs_allow_log_key) == NULL)
1110 return (SET_ERROR(EPERM));
1115 zfs_secpolicy_create_clone(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1117 char parentname[ZFS_MAX_DATASET_NAME_LEN];
1121 if ((error = zfs_get_parent(zc->zc_name, parentname,
1122 sizeof (parentname))) != 0)
1125 if (nvlist_lookup_string(innvl, "origin", &origin) == 0 &&
1126 (error = zfs_secpolicy_write_perms(origin,
1127 ZFS_DELEG_PERM_CLONE, cr)) != 0)
1130 if ((error = zfs_secpolicy_write_perms(parentname,
1131 ZFS_DELEG_PERM_CREATE, cr)) != 0)
1134 return (zfs_secpolicy_write_perms(parentname,
1135 ZFS_DELEG_PERM_MOUNT, cr));
1139 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires
1140 * SYS_CONFIG privilege, which is not available in a local zone.
1144 zfs_secpolicy_config(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1146 if (secpolicy_sys_config(cr, B_FALSE) != 0)
1147 return (SET_ERROR(EPERM));
1153 * Policy for object to name lookups.
1157 zfs_secpolicy_diff(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1161 if ((error = secpolicy_sys_config(cr, B_FALSE)) == 0)
1164 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr);
1169 * Policy for fault injection. Requires all privileges.
1173 zfs_secpolicy_inject(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1175 return (secpolicy_zinject(cr));
1180 zfs_secpolicy_inherit_prop(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1182 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value);
1184 if (prop == ZPROP_INVAL) {
1185 if (!zfs_prop_user(zc->zc_value))
1186 return (SET_ERROR(EINVAL));
1187 return (zfs_secpolicy_write_perms(zc->zc_name,
1188 ZFS_DELEG_PERM_USERPROP, cr));
1190 return (zfs_secpolicy_setprop(zc->zc_name, prop,
1196 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1198 int err = zfs_secpolicy_read(zc, innvl, cr);
1202 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1203 return (SET_ERROR(EINVAL));
1205 if (zc->zc_value[0] == 0) {
1207 * They are asking about a posix uid/gid. If it's
1208 * themself, allow it.
1210 if (zc->zc_objset_type == ZFS_PROP_USERUSED ||
1211 zc->zc_objset_type == ZFS_PROP_USERQUOTA ||
1212 zc->zc_objset_type == ZFS_PROP_USEROBJUSED ||
1213 zc->zc_objset_type == ZFS_PROP_USEROBJQUOTA) {
1214 if (zc->zc_guid == crgetuid(cr))
1216 } else if (zc->zc_objset_type == ZFS_PROP_GROUPUSED ||
1217 zc->zc_objset_type == ZFS_PROP_GROUPQUOTA ||
1218 zc->zc_objset_type == ZFS_PROP_GROUPOBJUSED ||
1219 zc->zc_objset_type == ZFS_PROP_GROUPOBJQUOTA) {
1220 if (groupmember(zc->zc_guid, cr))
1223 /* else is for project quota/used */
1226 return (zfs_secpolicy_write_perms(zc->zc_name,
1227 userquota_perms[zc->zc_objset_type], cr));
1231 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1233 int err = zfs_secpolicy_read(zc, innvl, cr);
1237 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1238 return (SET_ERROR(EINVAL));
1240 return (zfs_secpolicy_write_perms(zc->zc_name,
1241 userquota_perms[zc->zc_objset_type], cr));
1246 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1248 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION,
1254 zfs_secpolicy_hold(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1260 error = nvlist_lookup_nvlist(innvl, "holds", &holds);
1262 return (SET_ERROR(EINVAL));
1264 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL;
1265 pair = nvlist_next_nvpair(holds, pair)) {
1266 char fsname[ZFS_MAX_DATASET_NAME_LEN];
1267 error = dmu_fsname(nvpair_name(pair), fsname);
1270 error = zfs_secpolicy_write_perms(fsname,
1271 ZFS_DELEG_PERM_HOLD, cr);
1280 zfs_secpolicy_release(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1285 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL;
1286 pair = nvlist_next_nvpair(innvl, pair)) {
1287 char fsname[ZFS_MAX_DATASET_NAME_LEN];
1288 error = dmu_fsname(nvpair_name(pair), fsname);
1291 error = zfs_secpolicy_write_perms(fsname,
1292 ZFS_DELEG_PERM_RELEASE, cr);
1300 * Policy for allowing temporary snapshots to be taken or released
1303 zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1306 * A temporary snapshot is the same as a snapshot,
1307 * hold, destroy and release all rolled into one.
1308 * Delegated diff alone is sufficient that we allow this.
1312 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
1313 ZFS_DELEG_PERM_DIFF, cr)) == 0)
1316 error = zfs_secpolicy_snapshot_perms(zc->zc_name, cr);
1318 error = zfs_secpolicy_hold(zc, innvl, cr);
1320 error = zfs_secpolicy_release(zc, innvl, cr);
1322 error = zfs_secpolicy_destroy(zc, innvl, cr);
1327 zfs_secpolicy_load_key(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1329 return (zfs_secpolicy_write_perms(zc->zc_name,
1330 ZFS_DELEG_PERM_LOAD_KEY, cr));
1334 zfs_secpolicy_change_key(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1336 return (zfs_secpolicy_write_perms(zc->zc_name,
1337 ZFS_DELEG_PERM_CHANGE_KEY, cr));
1341 * Returns the nvlist as specified by the user in the zfs_cmd_t.
1344 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp)
1348 nvlist_t *list = NULL;
1351 * Read in and unpack the user-supplied nvlist.
1354 return (SET_ERROR(EINVAL));
1356 packed = vmem_alloc(size, KM_SLEEP);
1358 if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size,
1360 vmem_free(packed, size);
1361 return (SET_ERROR(EFAULT));
1364 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) {
1365 vmem_free(packed, size);
1369 vmem_free(packed, size);
1376 * Reduce the size of this nvlist until it can be serialized in 'max' bytes.
1377 * Entries will be removed from the end of the nvlist, and one int32 entry
1378 * named "N_MORE_ERRORS" will be added indicating how many entries were
1382 nvlist_smush(nvlist_t *errors, size_t max)
1386 size = fnvlist_size(errors);
1389 nvpair_t *more_errors;
1393 return (SET_ERROR(ENOMEM));
1395 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, 0);
1396 more_errors = nvlist_prev_nvpair(errors, NULL);
1399 nvpair_t *pair = nvlist_prev_nvpair(errors,
1401 fnvlist_remove_nvpair(errors, pair);
1403 size = fnvlist_size(errors);
1404 } while (size > max);
1406 fnvlist_remove_nvpair(errors, more_errors);
1407 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, n);
1408 ASSERT3U(fnvlist_size(errors), <=, max);
1415 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl)
1417 char *packed = NULL;
1421 size = fnvlist_size(nvl);
1423 if (size > zc->zc_nvlist_dst_size) {
1424 error = SET_ERROR(ENOMEM);
1426 packed = fnvlist_pack(nvl, &size);
1427 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst,
1428 size, zc->zc_iflags) != 0)
1429 error = SET_ERROR(EFAULT);
1430 fnvlist_pack_free(packed, size);
1433 zc->zc_nvlist_dst_size = size;
1434 zc->zc_nvlist_dst_filled = B_TRUE;
1439 getzfsvfs_impl(objset_t *os, zfsvfs_t **zfvp)
1442 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1443 return (SET_ERROR(EINVAL));
1446 mutex_enter(&os->os_user_ptr_lock);
1447 *zfvp = dmu_objset_get_user(os);
1448 /* bump s_active only when non-zero to prevent umount race */
1449 if (*zfvp == NULL || (*zfvp)->z_sb == NULL ||
1450 !atomic_inc_not_zero(&((*zfvp)->z_sb->s_active))) {
1451 error = SET_ERROR(ESRCH);
1453 mutex_exit(&os->os_user_ptr_lock);
1458 getzfsvfs(const char *dsname, zfsvfs_t **zfvp)
1463 error = dmu_objset_hold(dsname, FTAG, &os);
1467 error = getzfsvfs_impl(os, zfvp);
1468 dmu_objset_rele(os, FTAG);
1473 * Find a zfsvfs_t for a mounted filesystem, or create our own, in which
1474 * case its z_sb will be NULL, and it will be opened as the owner.
1475 * If 'writer' is set, the z_teardown_lock will be held for RW_WRITER,
1476 * which prevents all inode ops from running.
1479 zfsvfs_hold(const char *name, void *tag, zfsvfs_t **zfvp, boolean_t writer)
1483 if (getzfsvfs(name, zfvp) != 0)
1484 error = zfsvfs_create(name, B_FALSE, zfvp);
1486 rrm_enter(&(*zfvp)->z_teardown_lock, (writer) ? RW_WRITER :
1488 if ((*zfvp)->z_unmounted) {
1490 * XXX we could probably try again, since the unmounting
1491 * thread should be just about to disassociate the
1492 * objset from the zfsvfs.
1494 rrm_exit(&(*zfvp)->z_teardown_lock, tag);
1495 return (SET_ERROR(EBUSY));
1502 zfsvfs_rele(zfsvfs_t *zfsvfs, void *tag)
1504 rrm_exit(&zfsvfs->z_teardown_lock, tag);
1507 deactivate_super(zfsvfs->z_sb);
1509 dmu_objset_disown(zfsvfs->z_os, B_TRUE, zfsvfs);
1510 zfsvfs_free(zfsvfs);
1515 zfs_ioc_pool_create(zfs_cmd_t *zc)
1518 nvlist_t *config, *props = NULL;
1519 nvlist_t *rootprops = NULL;
1520 nvlist_t *zplprops = NULL;
1521 dsl_crypto_params_t *dcp = NULL;
1522 char *spa_name = zc->zc_name;
1524 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1525 zc->zc_iflags, &config)))
1528 if (zc->zc_nvlist_src_size != 0 && (error =
1529 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1530 zc->zc_iflags, &props))) {
1531 nvlist_free(config);
1536 nvlist_t *nvl = NULL;
1537 nvlist_t *hidden_args = NULL;
1538 uint64_t version = SPA_VERSION;
1541 (void) nvlist_lookup_uint64(props,
1542 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version);
1543 if (!SPA_VERSION_IS_SUPPORTED(version)) {
1544 error = SET_ERROR(EINVAL);
1545 goto pool_props_bad;
1547 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl);
1549 error = nvlist_dup(nvl, &rootprops, KM_SLEEP);
1551 nvlist_free(config);
1555 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS);
1558 (void) nvlist_lookup_nvlist(props, ZPOOL_HIDDEN_ARGS,
1560 error = dsl_crypto_params_create_nvlist(DCP_CMD_NONE,
1561 rootprops, hidden_args, &dcp);
1563 nvlist_free(config);
1567 (void) nvlist_remove_all(props, ZPOOL_HIDDEN_ARGS);
1569 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1570 error = zfs_fill_zplprops_root(version, rootprops,
1573 goto pool_props_bad;
1575 if (nvlist_lookup_string(props,
1576 zpool_prop_to_name(ZPOOL_PROP_TNAME), &tname) == 0)
1580 error = spa_create(zc->zc_name, config, props, zplprops, dcp);
1583 * Set the remaining root properties
1585 if (!error && (error = zfs_set_prop_nvlist(spa_name,
1586 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0)
1587 (void) spa_destroy(spa_name);
1590 nvlist_free(rootprops);
1591 nvlist_free(zplprops);
1592 nvlist_free(config);
1594 dsl_crypto_params_free(dcp, !!error);
1600 zfs_ioc_pool_destroy(zfs_cmd_t *zc)
1603 zfs_log_history(zc);
1604 error = spa_destroy(zc->zc_name);
1610 zfs_ioc_pool_import(zfs_cmd_t *zc)
1612 nvlist_t *config, *props = NULL;
1616 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1617 zc->zc_iflags, &config)) != 0)
1620 if (zc->zc_nvlist_src_size != 0 && (error =
1621 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1622 zc->zc_iflags, &props))) {
1623 nvlist_free(config);
1627 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 ||
1628 guid != zc->zc_guid)
1629 error = SET_ERROR(EINVAL);
1631 error = spa_import(zc->zc_name, config, props, zc->zc_cookie);
1633 if (zc->zc_nvlist_dst != 0) {
1636 if ((err = put_nvlist(zc, config)) != 0)
1640 nvlist_free(config);
1647 zfs_ioc_pool_export(zfs_cmd_t *zc)
1650 boolean_t force = (boolean_t)zc->zc_cookie;
1651 boolean_t hardforce = (boolean_t)zc->zc_guid;
1653 zfs_log_history(zc);
1654 error = spa_export(zc->zc_name, NULL, force, hardforce);
1660 zfs_ioc_pool_configs(zfs_cmd_t *zc)
1665 if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL)
1666 return (SET_ERROR(EEXIST));
1668 error = put_nvlist(zc, configs);
1670 nvlist_free(configs);
1677 * zc_name name of the pool
1680 * zc_cookie real errno
1681 * zc_nvlist_dst config nvlist
1682 * zc_nvlist_dst_size size of config nvlist
1685 zfs_ioc_pool_stats(zfs_cmd_t *zc)
1691 error = spa_get_stats(zc->zc_name, &config, zc->zc_value,
1692 sizeof (zc->zc_value));
1694 if (config != NULL) {
1695 ret = put_nvlist(zc, config);
1696 nvlist_free(config);
1699 * The config may be present even if 'error' is non-zero.
1700 * In this case we return success, and preserve the real errno
1703 zc->zc_cookie = error;
1712 * Try to import the given pool, returning pool stats as appropriate so that
1713 * user land knows which devices are available and overall pool health.
1716 zfs_ioc_pool_tryimport(zfs_cmd_t *zc)
1718 nvlist_t *tryconfig, *config = NULL;
1721 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1722 zc->zc_iflags, &tryconfig)) != 0)
1725 config = spa_tryimport(tryconfig);
1727 nvlist_free(tryconfig);
1730 return (SET_ERROR(EINVAL));
1732 error = put_nvlist(zc, config);
1733 nvlist_free(config);
1740 * zc_name name of the pool
1741 * zc_cookie scan func (pool_scan_func_t)
1742 * zc_flags scrub pause/resume flag (pool_scrub_cmd_t)
1745 zfs_ioc_pool_scan(zfs_cmd_t *zc)
1750 if (zc->zc_flags >= POOL_SCRUB_FLAGS_END)
1751 return (SET_ERROR(EINVAL));
1753 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1756 if (zc->zc_flags == POOL_SCRUB_PAUSE)
1757 error = spa_scrub_pause_resume(spa, POOL_SCRUB_PAUSE);
1758 else if (zc->zc_cookie == POOL_SCAN_NONE)
1759 error = spa_scan_stop(spa);
1761 error = spa_scan(spa, zc->zc_cookie);
1763 spa_close(spa, FTAG);
1769 zfs_ioc_pool_freeze(zfs_cmd_t *zc)
1774 error = spa_open(zc->zc_name, &spa, FTAG);
1777 spa_close(spa, FTAG);
1783 zfs_ioc_pool_upgrade(zfs_cmd_t *zc)
1788 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1791 if (zc->zc_cookie < spa_version(spa) ||
1792 !SPA_VERSION_IS_SUPPORTED(zc->zc_cookie)) {
1793 spa_close(spa, FTAG);
1794 return (SET_ERROR(EINVAL));
1797 spa_upgrade(spa, zc->zc_cookie);
1798 spa_close(spa, FTAG);
1804 zfs_ioc_pool_get_history(zfs_cmd_t *zc)
1811 if ((size = zc->zc_history_len) == 0)
1812 return (SET_ERROR(EINVAL));
1814 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1817 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
1818 spa_close(spa, FTAG);
1819 return (SET_ERROR(ENOTSUP));
1822 hist_buf = vmem_alloc(size, KM_SLEEP);
1823 if ((error = spa_history_get(spa, &zc->zc_history_offset,
1824 &zc->zc_history_len, hist_buf)) == 0) {
1825 error = ddi_copyout(hist_buf,
1826 (void *)(uintptr_t)zc->zc_history,
1827 zc->zc_history_len, zc->zc_iflags);
1830 spa_close(spa, FTAG);
1831 vmem_free(hist_buf, size);
1836 zfs_ioc_pool_reguid(zfs_cmd_t *zc)
1841 error = spa_open(zc->zc_name, &spa, FTAG);
1843 error = spa_change_guid(spa);
1844 spa_close(spa, FTAG);
1850 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc)
1852 return (dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value));
1857 * zc_name name of filesystem
1858 * zc_obj object to find
1861 * zc_value name of object
1864 zfs_ioc_obj_to_path(zfs_cmd_t *zc)
1869 /* XXX reading from objset not owned */
1870 if ((error = dmu_objset_hold_flags(zc->zc_name, B_TRUE,
1873 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1874 dmu_objset_rele_flags(os, B_TRUE, FTAG);
1875 return (SET_ERROR(EINVAL));
1877 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value,
1878 sizeof (zc->zc_value));
1879 dmu_objset_rele_flags(os, B_TRUE, FTAG);
1886 * zc_name name of filesystem
1887 * zc_obj object to find
1890 * zc_stat stats on object
1891 * zc_value path to object
1894 zfs_ioc_obj_to_stats(zfs_cmd_t *zc)
1899 /* XXX reading from objset not owned */
1900 if ((error = dmu_objset_hold_flags(zc->zc_name, B_TRUE,
1903 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1904 dmu_objset_rele_flags(os, B_TRUE, FTAG);
1905 return (SET_ERROR(EINVAL));
1907 error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value,
1908 sizeof (zc->zc_value));
1909 dmu_objset_rele_flags(os, B_TRUE, FTAG);
1915 zfs_ioc_vdev_add(zfs_cmd_t *zc)
1921 error = spa_open(zc->zc_name, &spa, FTAG);
1925 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1926 zc->zc_iflags, &config);
1928 error = spa_vdev_add(spa, config);
1929 nvlist_free(config);
1931 spa_close(spa, FTAG);
1937 * zc_name name of the pool
1938 * zc_guid guid of vdev to remove
1939 * zc_cookie cancel removal
1942 zfs_ioc_vdev_remove(zfs_cmd_t *zc)
1947 error = spa_open(zc->zc_name, &spa, FTAG);
1950 if (zc->zc_cookie != 0) {
1951 error = spa_vdev_remove_cancel(spa);
1953 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE);
1955 spa_close(spa, FTAG);
1960 zfs_ioc_vdev_set_state(zfs_cmd_t *zc)
1964 vdev_state_t newstate = VDEV_STATE_UNKNOWN;
1966 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1968 switch (zc->zc_cookie) {
1969 case VDEV_STATE_ONLINE:
1970 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate);
1973 case VDEV_STATE_OFFLINE:
1974 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj);
1977 case VDEV_STATE_FAULTED:
1978 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1979 zc->zc_obj != VDEV_AUX_EXTERNAL &&
1980 zc->zc_obj != VDEV_AUX_EXTERNAL_PERSIST)
1981 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1983 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj);
1986 case VDEV_STATE_DEGRADED:
1987 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1988 zc->zc_obj != VDEV_AUX_EXTERNAL)
1989 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1991 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj);
1995 error = SET_ERROR(EINVAL);
1997 zc->zc_cookie = newstate;
1998 spa_close(spa, FTAG);
2003 zfs_ioc_vdev_attach(zfs_cmd_t *zc)
2006 int replacing = zc->zc_cookie;
2010 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
2013 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
2014 zc->zc_iflags, &config)) == 0) {
2015 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing);
2016 nvlist_free(config);
2019 spa_close(spa, FTAG);
2024 zfs_ioc_vdev_detach(zfs_cmd_t *zc)
2029 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
2032 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE);
2034 spa_close(spa, FTAG);
2039 zfs_ioc_vdev_split(zfs_cmd_t *zc)
2042 nvlist_t *config, *props = NULL;
2044 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT);
2046 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
2049 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
2050 zc->zc_iflags, &config))) {
2051 spa_close(spa, FTAG);
2055 if (zc->zc_nvlist_src_size != 0 && (error =
2056 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2057 zc->zc_iflags, &props))) {
2058 spa_close(spa, FTAG);
2059 nvlist_free(config);
2063 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp);
2065 spa_close(spa, FTAG);
2067 nvlist_free(config);
2074 zfs_ioc_vdev_setpath(zfs_cmd_t *zc)
2077 char *path = zc->zc_value;
2078 uint64_t guid = zc->zc_guid;
2081 error = spa_open(zc->zc_name, &spa, FTAG);
2085 error = spa_vdev_setpath(spa, guid, path);
2086 spa_close(spa, FTAG);
2091 zfs_ioc_vdev_setfru(zfs_cmd_t *zc)
2094 char *fru = zc->zc_value;
2095 uint64_t guid = zc->zc_guid;
2098 error = spa_open(zc->zc_name, &spa, FTAG);
2102 error = spa_vdev_setfru(spa, guid, fru);
2103 spa_close(spa, FTAG);
2108 zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os)
2113 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
2115 if (zc->zc_nvlist_dst != 0 &&
2116 (error = dsl_prop_get_all(os, &nv)) == 0) {
2117 dmu_objset_stats(os, nv);
2119 * NB: zvol_get_stats() will read the objset contents,
2120 * which we aren't supposed to do with a
2121 * DS_MODE_USER hold, because it could be
2122 * inconsistent. So this is a bit of a workaround...
2123 * XXX reading with out owning
2125 if (!zc->zc_objset_stats.dds_inconsistent &&
2126 dmu_objset_type(os) == DMU_OST_ZVOL) {
2127 error = zvol_get_stats(os, nv);
2135 error = put_nvlist(zc, nv);
2144 * zc_name name of filesystem
2145 * zc_nvlist_dst_size size of buffer for property nvlist
2148 * zc_objset_stats stats
2149 * zc_nvlist_dst property nvlist
2150 * zc_nvlist_dst_size size of property nvlist
2153 zfs_ioc_objset_stats(zfs_cmd_t *zc)
2158 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2160 error = zfs_ioc_objset_stats_impl(zc, os);
2161 dmu_objset_rele(os, FTAG);
2169 * zc_name name of filesystem
2170 * zc_nvlist_dst_size size of buffer for property nvlist
2173 * zc_nvlist_dst received property nvlist
2174 * zc_nvlist_dst_size size of received property nvlist
2176 * Gets received properties (distinct from local properties on or after
2177 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from
2178 * local property values.
2181 zfs_ioc_objset_recvd_props(zfs_cmd_t *zc)
2187 * Without this check, we would return local property values if the
2188 * caller has not already received properties on or after
2189 * SPA_VERSION_RECVD_PROPS.
2191 if (!dsl_prop_get_hasrecvd(zc->zc_name))
2192 return (SET_ERROR(ENOTSUP));
2194 if (zc->zc_nvlist_dst != 0 &&
2195 (error = dsl_prop_get_received(zc->zc_name, &nv)) == 0) {
2196 error = put_nvlist(zc, nv);
2204 nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop)
2210 * zfs_get_zplprop() will either find a value or give us
2211 * the default value (if there is one).
2213 if ((error = zfs_get_zplprop(os, prop, &value)) != 0)
2215 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0);
2221 * zc_name name of filesystem
2222 * zc_nvlist_dst_size size of buffer for zpl property nvlist
2225 * zc_nvlist_dst zpl property nvlist
2226 * zc_nvlist_dst_size size of zpl property nvlist
2229 zfs_ioc_objset_zplprops(zfs_cmd_t *zc)
2234 /* XXX reading without owning */
2235 if ((err = dmu_objset_hold(zc->zc_name, FTAG, &os)))
2238 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
2241 * NB: nvl_add_zplprop() will read the objset contents,
2242 * which we aren't supposed to do with a DS_MODE_USER
2243 * hold, because it could be inconsistent.
2245 if (zc->zc_nvlist_dst != 0 &&
2246 !zc->zc_objset_stats.dds_inconsistent &&
2247 dmu_objset_type(os) == DMU_OST_ZFS) {
2250 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2251 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 &&
2252 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 &&
2253 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 &&
2254 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0)
2255 err = put_nvlist(zc, nv);
2258 err = SET_ERROR(ENOENT);
2260 dmu_objset_rele(os, FTAG);
2265 dataset_name_hidden(const char *name)
2268 * Skip over datasets that are not visible in this zone,
2269 * internal datasets (which have a $ in their name), and
2270 * temporary datasets (which have a % in their name).
2272 if (strchr(name, '$') != NULL)
2274 if (strchr(name, '%') != NULL)
2276 if (!INGLOBALZONE(curproc) && !zone_dataset_visible(name, NULL))
2283 * zc_name name of filesystem
2284 * zc_cookie zap cursor
2285 * zc_nvlist_dst_size size of buffer for property nvlist
2288 * zc_name name of next filesystem
2289 * zc_cookie zap cursor
2290 * zc_objset_stats stats
2291 * zc_nvlist_dst property nvlist
2292 * zc_nvlist_dst_size size of property nvlist
2295 zfs_ioc_dataset_list_next(zfs_cmd_t *zc)
2300 size_t orig_len = strlen(zc->zc_name);
2303 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os))) {
2304 if (error == ENOENT)
2305 error = SET_ERROR(ESRCH);
2309 p = strrchr(zc->zc_name, '/');
2310 if (p == NULL || p[1] != '\0')
2311 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name));
2312 p = zc->zc_name + strlen(zc->zc_name);
2315 error = dmu_dir_list_next(os,
2316 sizeof (zc->zc_name) - (p - zc->zc_name), p,
2317 NULL, &zc->zc_cookie);
2318 if (error == ENOENT)
2319 error = SET_ERROR(ESRCH);
2320 } while (error == 0 && dataset_name_hidden(zc->zc_name));
2321 dmu_objset_rele(os, FTAG);
2324 * If it's an internal dataset (ie. with a '$' in its name),
2325 * don't try to get stats for it, otherwise we'll return ENOENT.
2327 if (error == 0 && strchr(zc->zc_name, '$') == NULL) {
2328 error = zfs_ioc_objset_stats(zc); /* fill in the stats */
2329 if (error == ENOENT) {
2330 /* We lost a race with destroy, get the next one. */
2331 zc->zc_name[orig_len] = '\0';
2340 * zc_name name of filesystem
2341 * zc_cookie zap cursor
2342 * zc_nvlist_dst_size size of buffer for property nvlist
2345 * zc_name name of next snapshot
2346 * zc_objset_stats stats
2347 * zc_nvlist_dst property nvlist
2348 * zc_nvlist_dst_size size of property nvlist
2351 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc)
2356 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2358 return (error == ENOENT ? ESRCH : error);
2362 * A dataset name of maximum length cannot have any snapshots,
2363 * so exit immediately.
2365 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >=
2366 ZFS_MAX_DATASET_NAME_LEN) {
2367 dmu_objset_rele(os, FTAG);
2368 return (SET_ERROR(ESRCH));
2371 error = dmu_snapshot_list_next(os,
2372 sizeof (zc->zc_name) - strlen(zc->zc_name),
2373 zc->zc_name + strlen(zc->zc_name), &zc->zc_obj, &zc->zc_cookie,
2376 if (error == 0 && !zc->zc_simple) {
2378 dsl_pool_t *dp = os->os_dsl_dataset->ds_dir->dd_pool;
2380 error = dsl_dataset_hold_obj(dp, zc->zc_obj, FTAG, &ds);
2384 error = dmu_objset_from_ds(ds, &ossnap);
2386 error = zfs_ioc_objset_stats_impl(zc, ossnap);
2387 dsl_dataset_rele(ds, FTAG);
2389 } else if (error == ENOENT) {
2390 error = SET_ERROR(ESRCH);
2393 dmu_objset_rele(os, FTAG);
2394 /* if we failed, undo the @ that we tacked on to zc_name */
2396 *strchr(zc->zc_name, '@') = '\0';
2401 zfs_prop_set_userquota(const char *dsname, nvpair_t *pair)
2403 const char *propname = nvpair_name(pair);
2405 unsigned int vallen;
2408 zfs_userquota_prop_t type;
2414 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2416 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2417 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2419 return (SET_ERROR(EINVAL));
2423 * A correctly constructed propname is encoded as
2424 * userquota@<rid>-<domain>.
2426 if ((dash = strchr(propname, '-')) == NULL ||
2427 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 ||
2429 return (SET_ERROR(EINVAL));
2436 err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE);
2438 err = zfs_set_userquota(zfsvfs, type, domain, rid, quota);
2439 zfsvfs_rele(zfsvfs, FTAG);
2446 * If the named property is one that has a special function to set its value,
2447 * return 0 on success and a positive error code on failure; otherwise if it is
2448 * not one of the special properties handled by this function, return -1.
2450 * XXX: It would be better for callers of the property interface if we handled
2451 * these special cases in dsl_prop.c (in the dsl layer).
2454 zfs_prop_set_special(const char *dsname, zprop_source_t source,
2457 const char *propname = nvpair_name(pair);
2458 zfs_prop_t prop = zfs_name_to_prop(propname);
2459 uint64_t intval = 0;
2460 char *strval = NULL;
2463 if (prop == ZPROP_INVAL) {
2464 if (zfs_prop_userquota(propname))
2465 return (zfs_prop_set_userquota(dsname, pair));
2469 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2471 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2472 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2476 /* all special properties are numeric except for keylocation */
2477 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING) {
2478 strval = fnvpair_value_string(pair);
2480 intval = fnvpair_value_uint64(pair);
2484 case ZFS_PROP_QUOTA:
2485 err = dsl_dir_set_quota(dsname, source, intval);
2487 case ZFS_PROP_REFQUOTA:
2488 err = dsl_dataset_set_refquota(dsname, source, intval);
2490 case ZFS_PROP_FILESYSTEM_LIMIT:
2491 case ZFS_PROP_SNAPSHOT_LIMIT:
2492 if (intval == UINT64_MAX) {
2493 /* clearing the limit, just do it */
2496 err = dsl_dir_activate_fs_ss_limit(dsname);
2499 * Set err to -1 to force the zfs_set_prop_nvlist code down the
2500 * default path to set the value in the nvlist.
2505 case ZFS_PROP_KEYLOCATION:
2506 err = dsl_crypto_can_set_keylocation(dsname, strval);
2509 * Set err to -1 to force the zfs_set_prop_nvlist code down the
2510 * default path to set the value in the nvlist.
2515 case ZFS_PROP_RESERVATION:
2516 err = dsl_dir_set_reservation(dsname, source, intval);
2518 case ZFS_PROP_REFRESERVATION:
2519 err = dsl_dataset_set_refreservation(dsname, source, intval);
2521 case ZFS_PROP_VOLSIZE:
2522 err = zvol_set_volsize(dsname, intval);
2524 case ZFS_PROP_SNAPDEV:
2525 err = zvol_set_snapdev(dsname, source, intval);
2527 case ZFS_PROP_VOLMODE:
2528 err = zvol_set_volmode(dsname, source, intval);
2530 case ZFS_PROP_VERSION:
2534 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0)
2537 err = zfs_set_version(zfsvfs, intval);
2538 zfsvfs_rele(zfsvfs, FTAG);
2540 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) {
2543 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
2544 (void) strcpy(zc->zc_name, dsname);
2545 (void) zfs_ioc_userspace_upgrade(zc);
2546 (void) zfs_ioc_id_quota_upgrade(zc);
2547 kmem_free(zc, sizeof (zfs_cmd_t));
2559 * This function is best effort. If it fails to set any of the given properties,
2560 * it continues to set as many as it can and returns the last error
2561 * encountered. If the caller provides a non-NULL errlist, it will be filled in
2562 * with the list of names of all the properties that failed along with the
2563 * corresponding error numbers.
2565 * If every property is set successfully, zero is returned and errlist is not
2569 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl,
2578 nvlist_t *genericnvl = fnvlist_alloc();
2579 nvlist_t *retrynvl = fnvlist_alloc();
2582 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2583 const char *propname = nvpair_name(pair);
2584 zfs_prop_t prop = zfs_name_to_prop(propname);
2587 /* decode the property value */
2589 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2591 attrs = fnvpair_value_nvlist(pair);
2592 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2594 err = SET_ERROR(EINVAL);
2597 /* Validate value type */
2598 if (err == 0 && source == ZPROP_SRC_INHERITED) {
2599 /* inherited properties are expected to be booleans */
2600 if (nvpair_type(propval) != DATA_TYPE_BOOLEAN)
2601 err = SET_ERROR(EINVAL);
2602 } else if (err == 0 && prop == ZPROP_INVAL) {
2603 if (zfs_prop_user(propname)) {
2604 if (nvpair_type(propval) != DATA_TYPE_STRING)
2605 err = SET_ERROR(EINVAL);
2606 } else if (zfs_prop_userquota(propname)) {
2607 if (nvpair_type(propval) !=
2608 DATA_TYPE_UINT64_ARRAY)
2609 err = SET_ERROR(EINVAL);
2611 err = SET_ERROR(EINVAL);
2613 } else if (err == 0) {
2614 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2615 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING)
2616 err = SET_ERROR(EINVAL);
2617 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) {
2620 intval = fnvpair_value_uint64(propval);
2622 switch (zfs_prop_get_type(prop)) {
2623 case PROP_TYPE_NUMBER:
2625 case PROP_TYPE_STRING:
2626 err = SET_ERROR(EINVAL);
2628 case PROP_TYPE_INDEX:
2629 if (zfs_prop_index_to_string(prop,
2630 intval, &unused) != 0)
2631 err = SET_ERROR(EINVAL);
2635 "unknown property type");
2638 err = SET_ERROR(EINVAL);
2642 /* Validate permissions */
2644 err = zfs_check_settable(dsname, pair, CRED());
2647 if (source == ZPROP_SRC_INHERITED)
2648 err = -1; /* does not need special handling */
2650 err = zfs_prop_set_special(dsname, source,
2654 * For better performance we build up a list of
2655 * properties to set in a single transaction.
2657 err = nvlist_add_nvpair(genericnvl, pair);
2658 } else if (err != 0 && nvl != retrynvl) {
2660 * This may be a spurious error caused by
2661 * receiving quota and reservation out of order.
2662 * Try again in a second pass.
2664 err = nvlist_add_nvpair(retrynvl, pair);
2669 if (errlist != NULL)
2670 fnvlist_add_int32(errlist, propname, err);
2675 if (nvl != retrynvl && !nvlist_empty(retrynvl)) {
2680 if (!nvlist_empty(genericnvl) &&
2681 dsl_props_set(dsname, source, genericnvl) != 0) {
2683 * If this fails, we still want to set as many properties as we
2684 * can, so try setting them individually.
2687 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) {
2688 const char *propname = nvpair_name(pair);
2692 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2694 attrs = fnvpair_value_nvlist(pair);
2695 propval = fnvlist_lookup_nvpair(attrs,
2699 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2700 strval = fnvpair_value_string(propval);
2701 err = dsl_prop_set_string(dsname, propname,
2703 } else if (nvpair_type(propval) == DATA_TYPE_BOOLEAN) {
2704 err = dsl_prop_inherit(dsname, propname,
2707 intval = fnvpair_value_uint64(propval);
2708 err = dsl_prop_set_int(dsname, propname, source,
2713 if (errlist != NULL) {
2714 fnvlist_add_int32(errlist, propname,
2721 nvlist_free(genericnvl);
2722 nvlist_free(retrynvl);
2728 * Check that all the properties are valid user properties.
2731 zfs_check_userprops(const char *fsname, nvlist_t *nvl)
2733 nvpair_t *pair = NULL;
2736 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2737 const char *propname = nvpair_name(pair);
2739 if (!zfs_prop_user(propname) ||
2740 nvpair_type(pair) != DATA_TYPE_STRING)
2741 return (SET_ERROR(EINVAL));
2743 if ((error = zfs_secpolicy_write_perms(fsname,
2744 ZFS_DELEG_PERM_USERPROP, CRED())))
2747 if (strlen(propname) >= ZAP_MAXNAMELEN)
2748 return (SET_ERROR(ENAMETOOLONG));
2750 if (strlen(fnvpair_value_string(pair)) >= ZAP_MAXVALUELEN)
2751 return (SET_ERROR(E2BIG));
2757 props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops)
2761 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2764 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) {
2765 if (nvlist_exists(skipped, nvpair_name(pair)))
2768 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0);
2773 clear_received_props(const char *dsname, nvlist_t *props,
2777 nvlist_t *cleared_props = NULL;
2778 props_skip(props, skipped, &cleared_props);
2779 if (!nvlist_empty(cleared_props)) {
2781 * Acts on local properties until the dataset has received
2782 * properties at least once on or after SPA_VERSION_RECVD_PROPS.
2784 zprop_source_t flags = (ZPROP_SRC_NONE |
2785 (dsl_prop_get_hasrecvd(dsname) ? ZPROP_SRC_RECEIVED : 0));
2786 err = zfs_set_prop_nvlist(dsname, flags, cleared_props, NULL);
2788 nvlist_free(cleared_props);
2794 * zc_name name of filesystem
2795 * zc_value name of property to set
2796 * zc_nvlist_src{_size} nvlist of properties to apply
2797 * zc_cookie received properties flag
2800 * zc_nvlist_dst{_size} error for each unapplied received property
2803 zfs_ioc_set_prop(zfs_cmd_t *zc)
2806 boolean_t received = zc->zc_cookie;
2807 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED :
2812 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2813 zc->zc_iflags, &nvl)) != 0)
2817 nvlist_t *origprops;
2819 if (dsl_prop_get_received(zc->zc_name, &origprops) == 0) {
2820 (void) clear_received_props(zc->zc_name,
2822 nvlist_free(origprops);
2825 error = dsl_prop_set_hasrecvd(zc->zc_name);
2828 errors = fnvlist_alloc();
2830 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, errors);
2832 if (zc->zc_nvlist_dst != 0 && errors != NULL) {
2833 (void) put_nvlist(zc, errors);
2836 nvlist_free(errors);
2843 * zc_name name of filesystem
2844 * zc_value name of property to inherit
2845 * zc_cookie revert to received value if TRUE
2850 zfs_ioc_inherit_prop(zfs_cmd_t *zc)
2852 const char *propname = zc->zc_value;
2853 zfs_prop_t prop = zfs_name_to_prop(propname);
2854 boolean_t received = zc->zc_cookie;
2855 zprop_source_t source = (received
2856 ? ZPROP_SRC_NONE /* revert to received value, if any */
2857 : ZPROP_SRC_INHERITED); /* explicitly inherit */
2865 * Only check this in the non-received case. We want to allow
2866 * 'inherit -S' to revert non-inheritable properties like quota
2867 * and reservation to the received or default values even though
2868 * they are not considered inheritable.
2870 if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop))
2871 return (SET_ERROR(EINVAL));
2874 if (prop == ZPROP_INVAL) {
2875 if (!zfs_prop_user(propname))
2876 return (SET_ERROR(EINVAL));
2878 type = PROP_TYPE_STRING;
2879 } else if (prop == ZFS_PROP_VOLSIZE || prop == ZFS_PROP_VERSION) {
2880 return (SET_ERROR(EINVAL));
2882 type = zfs_prop_get_type(prop);
2886 * zfs_prop_set_special() expects properties in the form of an
2887 * nvpair with type info.
2889 dummy = fnvlist_alloc();
2892 case PROP_TYPE_STRING:
2893 VERIFY(0 == nvlist_add_string(dummy, propname, ""));
2895 case PROP_TYPE_NUMBER:
2896 case PROP_TYPE_INDEX:
2897 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0));
2900 err = SET_ERROR(EINVAL);
2904 pair = nvlist_next_nvpair(dummy, NULL);
2906 err = SET_ERROR(EINVAL);
2908 err = zfs_prop_set_special(zc->zc_name, source, pair);
2909 if (err == -1) /* property is not "special", needs handling */
2910 err = dsl_prop_inherit(zc->zc_name, zc->zc_value,
2920 zfs_ioc_pool_set_props(zfs_cmd_t *zc)
2927 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2928 zc->zc_iflags, &props)))
2932 * If the only property is the configfile, then just do a spa_lookup()
2933 * to handle the faulted case.
2935 pair = nvlist_next_nvpair(props, NULL);
2936 if (pair != NULL && strcmp(nvpair_name(pair),
2937 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 &&
2938 nvlist_next_nvpair(props, pair) == NULL) {
2939 mutex_enter(&spa_namespace_lock);
2940 if ((spa = spa_lookup(zc->zc_name)) != NULL) {
2941 spa_configfile_set(spa, props, B_FALSE);
2942 spa_write_cachefile(spa, B_FALSE, B_TRUE);
2944 mutex_exit(&spa_namespace_lock);
2951 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2956 error = spa_prop_set(spa, props);
2959 spa_close(spa, FTAG);
2965 zfs_ioc_pool_get_props(zfs_cmd_t *zc)
2969 nvlist_t *nvp = NULL;
2971 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2973 * If the pool is faulted, there may be properties we can still
2974 * get (such as altroot and cachefile), so attempt to get them
2977 mutex_enter(&spa_namespace_lock);
2978 if ((spa = spa_lookup(zc->zc_name)) != NULL)
2979 error = spa_prop_get(spa, &nvp);
2980 mutex_exit(&spa_namespace_lock);
2982 error = spa_prop_get(spa, &nvp);
2983 spa_close(spa, FTAG);
2986 if (error == 0 && zc->zc_nvlist_dst != 0)
2987 error = put_nvlist(zc, nvp);
2989 error = SET_ERROR(EFAULT);
2997 * zc_name name of filesystem
2998 * zc_nvlist_src{_size} nvlist of delegated permissions
2999 * zc_perm_action allow/unallow flag
3004 zfs_ioc_set_fsacl(zfs_cmd_t *zc)
3007 nvlist_t *fsaclnv = NULL;
3009 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
3010 zc->zc_iflags, &fsaclnv)) != 0)
3014 * Verify nvlist is constructed correctly
3016 if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) {
3017 nvlist_free(fsaclnv);
3018 return (SET_ERROR(EINVAL));
3022 * If we don't have PRIV_SYS_MOUNT, then validate
3023 * that user is allowed to hand out each permission in
3027 error = secpolicy_zfs(CRED());
3029 if (zc->zc_perm_action == B_FALSE) {
3030 error = dsl_deleg_can_allow(zc->zc_name,
3033 error = dsl_deleg_can_unallow(zc->zc_name,
3039 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action);
3041 nvlist_free(fsaclnv);
3047 * zc_name name of filesystem
3050 * zc_nvlist_src{_size} nvlist of delegated permissions
3053 zfs_ioc_get_fsacl(zfs_cmd_t *zc)
3058 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) {
3059 error = put_nvlist(zc, nvp);
3068 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx)
3070 zfs_creat_t *zct = arg;
3072 zfs_create_fs(os, cr, zct->zct_zplprops, tx);
3075 #define ZFS_PROP_UNDEFINED ((uint64_t)-1)
3079 * os parent objset pointer (NULL if root fs)
3080 * fuids_ok fuids allowed in this version of the spa?
3081 * sa_ok SAs allowed in this version of the spa?
3082 * createprops list of properties requested by creator
3085 * zplprops values for the zplprops we attach to the master node object
3086 * is_ci true if requested file system will be purely case-insensitive
3088 * Determine the settings for utf8only, normalization and
3089 * casesensitivity. Specific values may have been requested by the
3090 * creator and/or we can inherit values from the parent dataset. If
3091 * the file system is of too early a vintage, a creator can not
3092 * request settings for these properties, even if the requested
3093 * setting is the default value. We don't actually want to create dsl
3094 * properties for these, so remove them from the source nvlist after
3098 zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver,
3099 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops,
3100 nvlist_t *zplprops, boolean_t *is_ci)
3102 uint64_t sense = ZFS_PROP_UNDEFINED;
3103 uint64_t norm = ZFS_PROP_UNDEFINED;
3104 uint64_t u8 = ZFS_PROP_UNDEFINED;
3107 ASSERT(zplprops != NULL);
3109 if (os != NULL && os->os_phys->os_type != DMU_OST_ZFS)
3110 return (SET_ERROR(EINVAL));
3113 * Pull out creator prop choices, if any.
3116 (void) nvlist_lookup_uint64(createprops,
3117 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver);
3118 (void) nvlist_lookup_uint64(createprops,
3119 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm);
3120 (void) nvlist_remove_all(createprops,
3121 zfs_prop_to_name(ZFS_PROP_NORMALIZE));
3122 (void) nvlist_lookup_uint64(createprops,
3123 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8);
3124 (void) nvlist_remove_all(createprops,
3125 zfs_prop_to_name(ZFS_PROP_UTF8ONLY));
3126 (void) nvlist_lookup_uint64(createprops,
3127 zfs_prop_to_name(ZFS_PROP_CASE), &sense);
3128 (void) nvlist_remove_all(createprops,
3129 zfs_prop_to_name(ZFS_PROP_CASE));
3133 * If the zpl version requested is whacky or the file system
3134 * or pool is version is too "young" to support normalization
3135 * and the creator tried to set a value for one of the props,
3138 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) ||
3139 (zplver >= ZPL_VERSION_FUID && !fuids_ok) ||
3140 (zplver >= ZPL_VERSION_SA && !sa_ok) ||
3141 (zplver < ZPL_VERSION_NORMALIZATION &&
3142 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED ||
3143 sense != ZFS_PROP_UNDEFINED)))
3144 return (SET_ERROR(ENOTSUP));
3147 * Put the version in the zplprops
3149 VERIFY(nvlist_add_uint64(zplprops,
3150 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0);
3152 if (norm == ZFS_PROP_UNDEFINED &&
3153 (error = zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm)) != 0)
3155 VERIFY(nvlist_add_uint64(zplprops,
3156 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0);
3159 * If we're normalizing, names must always be valid UTF-8 strings.
3163 if (u8 == ZFS_PROP_UNDEFINED &&
3164 (error = zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8)) != 0)
3166 VERIFY(nvlist_add_uint64(zplprops,
3167 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0);
3169 if (sense == ZFS_PROP_UNDEFINED &&
3170 (error = zfs_get_zplprop(os, ZFS_PROP_CASE, &sense)) != 0)
3172 VERIFY(nvlist_add_uint64(zplprops,
3173 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0);
3176 *is_ci = (sense == ZFS_CASE_INSENSITIVE);
3182 zfs_fill_zplprops(const char *dataset, nvlist_t *createprops,
3183 nvlist_t *zplprops, boolean_t *is_ci)
3185 boolean_t fuids_ok, sa_ok;
3186 uint64_t zplver = ZPL_VERSION;
3187 objset_t *os = NULL;
3188 char parentname[ZFS_MAX_DATASET_NAME_LEN];
3194 (void) strlcpy(parentname, dataset, sizeof (parentname));
3195 cp = strrchr(parentname, '/');
3199 if ((error = spa_open(dataset, &spa, FTAG)) != 0)
3202 spa_vers = spa_version(spa);
3203 spa_close(spa, FTAG);
3205 zplver = zfs_zpl_version_map(spa_vers);
3206 fuids_ok = (zplver >= ZPL_VERSION_FUID);
3207 sa_ok = (zplver >= ZPL_VERSION_SA);
3210 * Open parent object set so we can inherit zplprop values.
3212 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0)
3215 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops,
3217 dmu_objset_rele(os, FTAG);
3222 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops,
3223 nvlist_t *zplprops, boolean_t *is_ci)
3227 uint64_t zplver = ZPL_VERSION;
3230 zplver = zfs_zpl_version_map(spa_vers);
3231 fuids_ok = (zplver >= ZPL_VERSION_FUID);
3232 sa_ok = (zplver >= ZPL_VERSION_SA);
3234 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok,
3235 createprops, zplprops, is_ci);
3241 * "type" -> dmu_objset_type_t (int32)
3242 * (optional) "props" -> { prop -> value }
3243 * (optional) "hidden_args" -> { "wkeydata" -> value }
3244 * raw uint8_t array of encryption wrapping key data (32 bytes)
3247 * outnvl: propname -> error code (int32)
3250 zfs_ioc_create(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3253 zfs_creat_t zct = { 0 };
3254 nvlist_t *nvprops = NULL;
3255 nvlist_t *hidden_args = NULL;
3256 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx);
3258 dmu_objset_type_t type;
3259 boolean_t is_insensitive = B_FALSE;
3260 dsl_crypto_params_t *dcp = NULL;
3262 if (nvlist_lookup_int32(innvl, "type", &type32) != 0)
3263 return (SET_ERROR(EINVAL));
3265 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3266 (void) nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args);
3270 cbfunc = zfs_create_cb;
3274 cbfunc = zvol_create_cb;
3281 if (strchr(fsname, '@') ||
3282 strchr(fsname, '%'))
3283 return (SET_ERROR(EINVAL));
3285 zct.zct_props = nvprops;
3288 return (SET_ERROR(EINVAL));
3290 if (type == DMU_OST_ZVOL) {
3291 uint64_t volsize, volblocksize;
3293 if (nvprops == NULL)
3294 return (SET_ERROR(EINVAL));
3295 if (nvlist_lookup_uint64(nvprops,
3296 zfs_prop_to_name(ZFS_PROP_VOLSIZE), &volsize) != 0)
3297 return (SET_ERROR(EINVAL));
3299 if ((error = nvlist_lookup_uint64(nvprops,
3300 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
3301 &volblocksize)) != 0 && error != ENOENT)
3302 return (SET_ERROR(EINVAL));
3305 volblocksize = zfs_prop_default_numeric(
3306 ZFS_PROP_VOLBLOCKSIZE);
3308 if ((error = zvol_check_volblocksize(fsname,
3309 volblocksize)) != 0 ||
3310 (error = zvol_check_volsize(volsize,
3311 volblocksize)) != 0)
3313 } else if (type == DMU_OST_ZFS) {
3317 * We have to have normalization and
3318 * case-folding flags correct when we do the
3319 * file system creation, so go figure them out
3322 VERIFY(nvlist_alloc(&zct.zct_zplprops,
3323 NV_UNIQUE_NAME, KM_SLEEP) == 0);
3324 error = zfs_fill_zplprops(fsname, nvprops,
3325 zct.zct_zplprops, &is_insensitive);
3327 nvlist_free(zct.zct_zplprops);
3332 error = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, nvprops,
3335 nvlist_free(zct.zct_zplprops);
3339 error = dmu_objset_create(fsname, type,
3340 is_insensitive ? DS_FLAG_CI_DATASET : 0, dcp, cbfunc, &zct);
3342 nvlist_free(zct.zct_zplprops);
3343 dsl_crypto_params_free(dcp, !!error);
3346 * It would be nice to do this atomically.
3349 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3356 * Volumes will return EBUSY and cannot be destroyed
3357 * until all asynchronous minor handling has completed.
3358 * Wait for the spa_zvol_taskq to drain then retry.
3360 error2 = dsl_destroy_head(fsname);
3361 while ((error2 == EBUSY) && (type == DMU_OST_ZVOL)) {
3362 error2 = spa_open(fsname, &spa, FTAG);
3364 taskq_wait(spa->spa_zvol_taskq);
3365 spa_close(spa, FTAG);
3367 error2 = dsl_destroy_head(fsname);
3376 * "origin" -> name of origin snapshot
3377 * (optional) "props" -> { prop -> value }
3378 * (optional) "hidden_args" -> { "wkeydata" -> value }
3379 * raw uint8_t array of encryption wrapping key data (32 bytes)
3383 * outnvl: propname -> error code (int32)
3386 zfs_ioc_clone(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3389 nvlist_t *nvprops = NULL;
3392 if (nvlist_lookup_string(innvl, "origin", &origin_name) != 0)
3393 return (SET_ERROR(EINVAL));
3394 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3396 if (strchr(fsname, '@') ||
3397 strchr(fsname, '%'))
3398 return (SET_ERROR(EINVAL));
3400 if (dataset_namecheck(origin_name, NULL, NULL) != 0)
3401 return (SET_ERROR(EINVAL));
3403 error = dmu_objset_clone(fsname, origin_name);
3406 * It would be nice to do this atomically.
3409 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3412 (void) dsl_destroy_head(fsname);
3419 zfs_ioc_remap(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3421 if (strchr(fsname, '@') ||
3422 strchr(fsname, '%'))
3423 return (SET_ERROR(EINVAL));
3425 return (dmu_objset_remap_indirects(fsname));
3430 * "snaps" -> { snapshot1, snapshot2 }
3431 * (optional) "props" -> { prop -> value (string) }
3434 * outnvl: snapshot -> error code (int32)
3437 zfs_ioc_snapshot(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3440 nvlist_t *props = NULL;
3444 (void) nvlist_lookup_nvlist(innvl, "props", &props);
3445 if ((error = zfs_check_userprops(poolname, props)) != 0)
3448 if (!nvlist_empty(props) &&
3449 zfs_earlier_version(poolname, SPA_VERSION_SNAP_PROPS))
3450 return (SET_ERROR(ENOTSUP));
3452 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
3453 return (SET_ERROR(EINVAL));
3454 poollen = strlen(poolname);
3455 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3456 pair = nvlist_next_nvpair(snaps, pair)) {
3457 const char *name = nvpair_name(pair);
3458 const char *cp = strchr(name, '@');
3461 * The snap name must contain an @, and the part after it must
3462 * contain only valid characters.
3465 zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
3466 return (SET_ERROR(EINVAL));
3469 * The snap must be in the specified pool.
3471 if (strncmp(name, poolname, poollen) != 0 ||
3472 (name[poollen] != '/' && name[poollen] != '@'))
3473 return (SET_ERROR(EXDEV));
3475 /* This must be the only snap of this fs. */
3476 for (nvpair_t *pair2 = nvlist_next_nvpair(snaps, pair);
3477 pair2 != NULL; pair2 = nvlist_next_nvpair(snaps, pair2)) {
3478 if (strncmp(name, nvpair_name(pair2), cp - name + 1)
3480 return (SET_ERROR(EXDEV));
3485 error = dsl_dataset_snapshot(snaps, props, outnvl);
3491 * innvl: "message" -> string
3495 zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl)
3503 * The poolname in the ioctl is not set, we get it from the TSD,
3504 * which was set at the end of the last successful ioctl that allows
3505 * logging. The secpolicy func already checked that it is set.
3506 * Only one log ioctl is allowed after each successful ioctl, so
3507 * we clear the TSD here.
3509 poolname = tsd_get(zfs_allow_log_key);
3510 if (poolname == NULL)
3511 return (SET_ERROR(EINVAL));
3512 (void) tsd_set(zfs_allow_log_key, NULL);
3513 error = spa_open(poolname, &spa, FTAG);
3518 if (nvlist_lookup_string(innvl, "message", &message) != 0) {
3519 spa_close(spa, FTAG);
3520 return (SET_ERROR(EINVAL));
3523 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
3524 spa_close(spa, FTAG);
3525 return (SET_ERROR(ENOTSUP));
3528 error = spa_history_log(spa, message);
3529 spa_close(spa, FTAG);
3534 * The dp_config_rwlock must not be held when calling this, because the
3535 * unmount may need to write out data.
3537 * This function is best-effort. Callers must deal gracefully if it
3538 * remains mounted (or is remounted after this call).
3540 * Returns 0 if the argument is not a snapshot, or it is not currently a
3541 * filesystem, or we were able to unmount it. Returns error code otherwise.
3544 zfs_unmount_snap(const char *snapname)
3546 if (strchr(snapname, '@') == NULL)
3549 (void) zfsctl_snapshot_unmount((char *)snapname, MNT_FORCE);
3554 zfs_unmount_snap_cb(const char *snapname, void *arg)
3556 zfs_unmount_snap(snapname);
3561 * When a clone is destroyed, its origin may also need to be destroyed,
3562 * in which case it must be unmounted. This routine will do that unmount
3566 zfs_destroy_unmount_origin(const char *fsname)
3572 error = dmu_objset_hold(fsname, FTAG, &os);
3575 ds = dmu_objset_ds(os);
3576 if (dsl_dir_is_clone(ds->ds_dir) && DS_IS_DEFER_DESTROY(ds->ds_prev)) {
3577 char originname[ZFS_MAX_DATASET_NAME_LEN];
3578 dsl_dataset_name(ds->ds_prev, originname);
3579 dmu_objset_rele(os, FTAG);
3580 zfs_unmount_snap(originname);
3582 dmu_objset_rele(os, FTAG);
3588 * "snaps" -> { snapshot1, snapshot2 }
3589 * (optional boolean) "defer"
3592 * outnvl: snapshot -> error code (int32)
3596 zfs_ioc_destroy_snaps(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3602 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
3603 return (SET_ERROR(EINVAL));
3604 defer = nvlist_exists(innvl, "defer");
3606 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3607 pair = nvlist_next_nvpair(snaps, pair)) {
3608 zfs_unmount_snap(nvpair_name(pair));
3611 return (dsl_destroy_snapshots_nvl(snaps, defer, outnvl));
3615 * Create bookmarks. Bookmark names are of the form <fs>#<bmark>.
3616 * All bookmarks must be in the same pool.
3619 * bookmark1 -> snapshot1, bookmark2 -> snapshot2
3622 * outnvl: bookmark -> error code (int32)
3627 zfs_ioc_bookmark(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3629 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL);
3630 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
3634 * Verify the snapshot argument.
3636 if (nvpair_value_string(pair, &snap_name) != 0)
3637 return (SET_ERROR(EINVAL));
3640 /* Verify that the keys (bookmarks) are unique */
3641 for (nvpair_t *pair2 = nvlist_next_nvpair(innvl, pair);
3642 pair2 != NULL; pair2 = nvlist_next_nvpair(innvl, pair2)) {
3643 if (strcmp(nvpair_name(pair), nvpair_name(pair2)) == 0)
3644 return (SET_ERROR(EINVAL));
3648 return (dsl_bookmark_create(innvl, outnvl));
3653 * property 1, property 2, ...
3657 * bookmark name 1 -> { property 1, property 2, ... },
3658 * bookmark name 2 -> { property 1, property 2, ... }
3663 zfs_ioc_get_bookmarks(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3665 return (dsl_get_bookmarks(fsname, innvl, outnvl));
3670 * bookmark name 1, bookmark name 2
3673 * outnvl: bookmark -> error code (int32)
3677 zfs_ioc_destroy_bookmarks(const char *poolname, nvlist_t *innvl,
3682 poollen = strlen(poolname);
3683 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL);
3684 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
3685 const char *name = nvpair_name(pair);
3686 const char *cp = strchr(name, '#');
3689 * The bookmark name must contain an #, and the part after it
3690 * must contain only valid characters.
3693 zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
3694 return (SET_ERROR(EINVAL));
3697 * The bookmark must be in the specified pool.
3699 if (strncmp(name, poolname, poollen) != 0 ||
3700 (name[poollen] != '/' && name[poollen] != '#'))
3701 return (SET_ERROR(EXDEV));
3704 error = dsl_bookmark_destroy(innvl, outnvl);
3709 zfs_ioc_channel_program(const char *poolname, nvlist_t *innvl,
3713 uint64_t instrlimit, memlimit;
3714 boolean_t sync_flag;
3715 nvpair_t *nvarg = NULL;
3717 if (0 != nvlist_lookup_string(innvl, ZCP_ARG_PROGRAM, &program)) {
3720 if (0 != nvlist_lookup_boolean_value(innvl, ZCP_ARG_SYNC, &sync_flag)) {
3723 if (0 != nvlist_lookup_uint64(innvl, ZCP_ARG_INSTRLIMIT, &instrlimit)) {
3724 instrlimit = ZCP_DEFAULT_INSTRLIMIT;
3726 if (0 != nvlist_lookup_uint64(innvl, ZCP_ARG_MEMLIMIT, &memlimit)) {
3727 memlimit = ZCP_DEFAULT_MEMLIMIT;
3729 if (0 != nvlist_lookup_nvpair(innvl, ZCP_ARG_ARGLIST, &nvarg)) {
3733 if (instrlimit == 0 || instrlimit > zfs_lua_max_instrlimit)
3735 if (memlimit == 0 || memlimit > zfs_lua_max_memlimit)
3738 return (zcp_eval(poolname, program, sync_flag, instrlimit, memlimit,
3744 * zc_name name of dataset to destroy
3745 * zc_objset_type type of objset
3746 * zc_defer_destroy mark for deferred destroy
3751 zfs_ioc_destroy(zfs_cmd_t *zc)
3755 if (zc->zc_objset_type == DMU_OST_ZFS)
3756 zfs_unmount_snap(zc->zc_name);
3758 if (strchr(zc->zc_name, '@')) {
3759 err = dsl_destroy_snapshot(zc->zc_name, zc->zc_defer_destroy);
3761 err = dsl_destroy_head(zc->zc_name);
3762 if (err == EEXIST) {
3764 * It is possible that the given DS may have
3765 * hidden child (%recv) datasets - "leftovers"
3766 * resulting from the previously interrupted
3769 * 6 extra bytes for /%recv
3771 char namebuf[ZFS_MAX_DATASET_NAME_LEN + 6];
3773 if (snprintf(namebuf, sizeof (namebuf), "%s/%s",
3774 zc->zc_name, recv_clone_name) >=
3776 return (SET_ERROR(EINVAL));
3779 * Try to remove the hidden child (%recv) and after
3780 * that try to remove the target dataset.
3781 * If the hidden child (%recv) does not exist
3782 * the original error (EEXIST) will be returned
3784 err = dsl_destroy_head(namebuf);
3786 err = dsl_destroy_head(zc->zc_name);
3787 else if (err == ENOENT)
3788 err = SET_ERROR(EEXIST);
3796 * fsname is name of dataset to rollback (to most recent snapshot)
3798 * innvl may contain name of expected target snapshot
3800 * outnvl: "target" -> name of most recent snapshot
3805 zfs_ioc_rollback(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3809 char *target = NULL;
3812 (void) nvlist_lookup_string(innvl, "target", &target);
3813 if (target != NULL) {
3814 const char *cp = strchr(target, '@');
3817 * The snap name must contain an @, and the part after it must
3818 * contain only valid characters.
3821 zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
3822 return (SET_ERROR(EINVAL));
3825 if (getzfsvfs(fsname, &zfsvfs) == 0) {
3828 ds = dmu_objset_ds(zfsvfs->z_os);
3829 error = zfs_suspend_fs(zfsvfs);
3833 error = dsl_dataset_rollback(fsname, target, zfsvfs,
3835 resume_err = zfs_resume_fs(zfsvfs, ds);
3836 error = error ? error : resume_err;
3838 deactivate_super(zfsvfs->z_sb);
3839 } else if ((zv = zvol_suspend(fsname)) != NULL) {
3840 error = dsl_dataset_rollback(fsname, target, zvol_tag(zv),
3844 error = dsl_dataset_rollback(fsname, target, NULL, outnvl);
3850 recursive_unmount(const char *fsname, void *arg)
3852 const char *snapname = arg;
3855 fullname = kmem_asprintf("%s@%s", fsname, snapname);
3856 zfs_unmount_snap(fullname);
3864 * zc_name old name of dataset
3865 * zc_value new name of dataset
3866 * zc_cookie recursive flag (only valid for snapshots)
3871 zfs_ioc_rename(zfs_cmd_t *zc)
3873 boolean_t recursive = zc->zc_cookie & 1;
3876 /* "zfs rename" from and to ...%recv datasets should both fail */
3877 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
3878 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
3879 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0 ||
3880 dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
3881 strchr(zc->zc_name, '%') || strchr(zc->zc_value, '%'))
3882 return (SET_ERROR(EINVAL));
3884 at = strchr(zc->zc_name, '@');
3886 /* snaps must be in same fs */
3889 if (strncmp(zc->zc_name, zc->zc_value, at - zc->zc_name + 1))
3890 return (SET_ERROR(EXDEV));
3892 if (zc->zc_objset_type == DMU_OST_ZFS) {
3893 error = dmu_objset_find(zc->zc_name,
3894 recursive_unmount, at + 1,
3895 recursive ? DS_FIND_CHILDREN : 0);
3901 error = dsl_dataset_rename_snapshot(zc->zc_name,
3902 at + 1, strchr(zc->zc_value, '@') + 1, recursive);
3907 return (dsl_dir_rename(zc->zc_name, zc->zc_value));
3912 zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr)
3914 const char *propname = nvpair_name(pair);
3915 boolean_t issnap = (strchr(dsname, '@') != NULL);
3916 zfs_prop_t prop = zfs_name_to_prop(propname);
3920 if (prop == ZPROP_INVAL) {
3921 if (zfs_prop_user(propname)) {
3922 if ((err = zfs_secpolicy_write_perms(dsname,
3923 ZFS_DELEG_PERM_USERPROP, cr)))
3928 if (!issnap && zfs_prop_userquota(propname)) {
3929 const char *perm = NULL;
3930 const char *uq_prefix =
3931 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA];
3932 const char *gq_prefix =
3933 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA];
3934 const char *uiq_prefix =
3935 zfs_userquota_prop_prefixes[ZFS_PROP_USEROBJQUOTA];
3936 const char *giq_prefix =
3937 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPOBJQUOTA];
3938 const char *pq_prefix =
3939 zfs_userquota_prop_prefixes[ZFS_PROP_PROJECTQUOTA];
3940 const char *piq_prefix = zfs_userquota_prop_prefixes[\
3941 ZFS_PROP_PROJECTOBJQUOTA];
3943 if (strncmp(propname, uq_prefix,
3944 strlen(uq_prefix)) == 0) {
3945 perm = ZFS_DELEG_PERM_USERQUOTA;
3946 } else if (strncmp(propname, uiq_prefix,
3947 strlen(uiq_prefix)) == 0) {
3948 perm = ZFS_DELEG_PERM_USEROBJQUOTA;
3949 } else if (strncmp(propname, gq_prefix,
3950 strlen(gq_prefix)) == 0) {
3951 perm = ZFS_DELEG_PERM_GROUPQUOTA;
3952 } else if (strncmp(propname, giq_prefix,
3953 strlen(giq_prefix)) == 0) {
3954 perm = ZFS_DELEG_PERM_GROUPOBJQUOTA;
3955 } else if (strncmp(propname, pq_prefix,
3956 strlen(pq_prefix)) == 0) {
3957 perm = ZFS_DELEG_PERM_PROJECTQUOTA;
3958 } else if (strncmp(propname, piq_prefix,
3959 strlen(piq_prefix)) == 0) {
3960 perm = ZFS_DELEG_PERM_PROJECTOBJQUOTA;
3962 /* {USER|GROUP|PROJECT}USED are read-only */
3963 return (SET_ERROR(EINVAL));
3966 if ((err = zfs_secpolicy_write_perms(dsname, perm, cr)))
3971 return (SET_ERROR(EINVAL));
3975 return (SET_ERROR(EINVAL));
3977 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
3979 * dsl_prop_get_all_impl() returns properties in this
3983 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
3984 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3989 * Check that this value is valid for this pool version
3992 case ZFS_PROP_COMPRESSION:
3994 * If the user specified gzip compression, make sure
3995 * the SPA supports it. We ignore any errors here since
3996 * we'll catch them later.
3998 if (nvpair_value_uint64(pair, &intval) == 0) {
3999 if (intval >= ZIO_COMPRESS_GZIP_1 &&
4000 intval <= ZIO_COMPRESS_GZIP_9 &&
4001 zfs_earlier_version(dsname,
4002 SPA_VERSION_GZIP_COMPRESSION)) {
4003 return (SET_ERROR(ENOTSUP));
4006 if (intval == ZIO_COMPRESS_ZLE &&
4007 zfs_earlier_version(dsname,
4008 SPA_VERSION_ZLE_COMPRESSION))
4009 return (SET_ERROR(ENOTSUP));
4011 if (intval == ZIO_COMPRESS_LZ4) {
4014 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4017 if (!spa_feature_is_enabled(spa,
4018 SPA_FEATURE_LZ4_COMPRESS)) {
4019 spa_close(spa, FTAG);
4020 return (SET_ERROR(ENOTSUP));
4022 spa_close(spa, FTAG);
4026 * If this is a bootable dataset then
4027 * verify that the compression algorithm
4028 * is supported for booting. We must return
4029 * something other than ENOTSUP since it
4030 * implies a downrev pool version.
4032 if (zfs_is_bootfs(dsname) &&
4033 !BOOTFS_COMPRESS_VALID(intval)) {
4034 return (SET_ERROR(ERANGE));
4039 case ZFS_PROP_COPIES:
4040 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS))
4041 return (SET_ERROR(ENOTSUP));
4044 case ZFS_PROP_VOLBLOCKSIZE:
4045 case ZFS_PROP_RECORDSIZE:
4046 /* Record sizes above 128k need the feature to be enabled */
4047 if (nvpair_value_uint64(pair, &intval) == 0 &&
4048 intval > SPA_OLD_MAXBLOCKSIZE) {
4052 * We don't allow setting the property above 1MB,
4053 * unless the tunable has been changed.
4055 if (intval > zfs_max_recordsize ||
4056 intval > SPA_MAXBLOCKSIZE)
4057 return (SET_ERROR(ERANGE));
4059 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4062 if (!spa_feature_is_enabled(spa,
4063 SPA_FEATURE_LARGE_BLOCKS)) {
4064 spa_close(spa, FTAG);
4065 return (SET_ERROR(ENOTSUP));
4067 spa_close(spa, FTAG);
4071 case ZFS_PROP_DNODESIZE:
4072 /* Dnode sizes above 512 need the feature to be enabled */
4073 if (nvpair_value_uint64(pair, &intval) == 0 &&
4074 intval != ZFS_DNSIZE_LEGACY) {
4078 * If this is a bootable dataset then
4079 * we don't allow large (>512B) dnodes,
4080 * because GRUB doesn't support them.
4082 if (zfs_is_bootfs(dsname) &&
4083 intval != ZFS_DNSIZE_LEGACY) {
4084 return (SET_ERROR(EDOM));
4087 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4090 if (!spa_feature_is_enabled(spa,
4091 SPA_FEATURE_LARGE_DNODE)) {
4092 spa_close(spa, FTAG);
4093 return (SET_ERROR(ENOTSUP));
4095 spa_close(spa, FTAG);
4099 case ZFS_PROP_SHARESMB:
4100 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID))
4101 return (SET_ERROR(ENOTSUP));
4104 case ZFS_PROP_ACLINHERIT:
4105 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
4106 nvpair_value_uint64(pair, &intval) == 0) {
4107 if (intval == ZFS_ACL_PASSTHROUGH_X &&
4108 zfs_earlier_version(dsname,
4109 SPA_VERSION_PASSTHROUGH_X))
4110 return (SET_ERROR(ENOTSUP));
4113 case ZFS_PROP_CHECKSUM:
4114 case ZFS_PROP_DEDUP:
4116 spa_feature_t feature;
4121 /* dedup feature version checks */
4122 if (prop == ZFS_PROP_DEDUP &&
4123 zfs_earlier_version(dsname, SPA_VERSION_DEDUP))
4124 return (SET_ERROR(ENOTSUP));
4126 if (nvpair_value_uint64(pair, &intval) != 0)
4127 return (SET_ERROR(EINVAL));
4129 /* check prop value is enabled in features */
4130 feature = zio_checksum_to_feature(intval & ZIO_CHECKSUM_MASK);
4131 if (feature == SPA_FEATURE_NONE)
4134 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4137 * Salted checksums are not supported on root pools.
4139 if (spa_bootfs(spa) != 0 &&
4140 intval < ZIO_CHECKSUM_FUNCTIONS &&
4141 (zio_checksum_table[intval].ci_flags &
4142 ZCHECKSUM_FLAG_SALTED)) {
4143 spa_close(spa, FTAG);
4144 return (SET_ERROR(ERANGE));
4146 if (!spa_feature_is_enabled(spa, feature)) {
4147 spa_close(spa, FTAG);
4148 return (SET_ERROR(ENOTSUP));
4150 spa_close(spa, FTAG);
4158 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED()));
4162 * Removes properties from the given props list that fail permission checks
4163 * needed to clear them and to restore them in case of a receive error. For each
4164 * property, make sure we have both set and inherit permissions.
4166 * Returns the first error encountered if any permission checks fail. If the
4167 * caller provides a non-NULL errlist, it also gives the complete list of names
4168 * of all the properties that failed a permission check along with the
4169 * corresponding error numbers. The caller is responsible for freeing the
4172 * If every property checks out successfully, zero is returned and the list
4173 * pointed at by errlist is NULL.
4176 zfs_check_clearable(char *dataset, nvlist_t *props, nvlist_t **errlist)
4179 nvpair_t *pair, *next_pair;
4186 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
4188 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP);
4189 (void) strlcpy(zc->zc_name, dataset, sizeof (zc->zc_name));
4190 pair = nvlist_next_nvpair(props, NULL);
4191 while (pair != NULL) {
4192 next_pair = nvlist_next_nvpair(props, pair);
4194 (void) strlcpy(zc->zc_value, nvpair_name(pair),
4195 sizeof (zc->zc_value));
4196 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 ||
4197 (err = zfs_secpolicy_inherit_prop(zc, NULL, CRED())) != 0) {
4198 VERIFY(nvlist_remove_nvpair(props, pair) == 0);
4199 VERIFY(nvlist_add_int32(errors,
4200 zc->zc_value, err) == 0);
4204 kmem_free(zc, sizeof (zfs_cmd_t));
4206 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
4207 nvlist_free(errors);
4210 VERIFY(nvpair_value_int32(pair, &rv) == 0);
4213 if (errlist == NULL)
4214 nvlist_free(errors);
4222 propval_equals(nvpair_t *p1, nvpair_t *p2)
4224 if (nvpair_type(p1) == DATA_TYPE_NVLIST) {
4225 /* dsl_prop_get_all_impl() format */
4227 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0);
4228 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
4232 if (nvpair_type(p2) == DATA_TYPE_NVLIST) {
4234 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0);
4235 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
4239 if (nvpair_type(p1) != nvpair_type(p2))
4242 if (nvpair_type(p1) == DATA_TYPE_STRING) {
4243 char *valstr1, *valstr2;
4245 VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0);
4246 VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0);
4247 return (strcmp(valstr1, valstr2) == 0);
4249 uint64_t intval1, intval2;
4251 VERIFY(nvpair_value_uint64(p1, &intval1) == 0);
4252 VERIFY(nvpair_value_uint64(p2, &intval2) == 0);
4253 return (intval1 == intval2);
4258 * Remove properties from props if they are not going to change (as determined
4259 * by comparison with origprops). Remove them from origprops as well, since we
4260 * do not need to clear or restore properties that won't change.
4263 props_reduce(nvlist_t *props, nvlist_t *origprops)
4265 nvpair_t *pair, *next_pair;
4267 if (origprops == NULL)
4268 return; /* all props need to be received */
4270 pair = nvlist_next_nvpair(props, NULL);
4271 while (pair != NULL) {
4272 const char *propname = nvpair_name(pair);
4275 next_pair = nvlist_next_nvpair(props, pair);
4277 if ((nvlist_lookup_nvpair(origprops, propname,
4278 &match) != 0) || !propval_equals(pair, match))
4279 goto next; /* need to set received value */
4281 /* don't clear the existing received value */
4282 (void) nvlist_remove_nvpair(origprops, match);
4283 /* don't bother receiving the property */
4284 (void) nvlist_remove_nvpair(props, pair);
4291 * Extract properties that cannot be set PRIOR to the receipt of a dataset.
4292 * For example, refquota cannot be set until after the receipt of a dataset,
4293 * because in replication streams, an older/earlier snapshot may exceed the
4294 * refquota. We want to receive the older/earlier snapshot, but setting
4295 * refquota pre-receipt will set the dsl's ACTUAL quota, which will prevent
4296 * the older/earlier snapshot from being received (with EDQUOT).
4298 * The ZFS test "zfs_receive_011_pos" demonstrates such a scenario.
4300 * libzfs will need to be judicious handling errors encountered by props
4301 * extracted by this function.
4304 extract_delay_props(nvlist_t *props)
4306 nvlist_t *delayprops;
4307 nvpair_t *nvp, *tmp;
4308 static const zfs_prop_t delayable[] = {
4310 ZFS_PROP_KEYLOCATION,
4315 VERIFY(nvlist_alloc(&delayprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
4317 for (nvp = nvlist_next_nvpair(props, NULL); nvp != NULL;
4318 nvp = nvlist_next_nvpair(props, nvp)) {
4320 * strcmp() is safe because zfs_prop_to_name() always returns
4323 for (i = 0; delayable[i] != 0; i++) {
4324 if (strcmp(zfs_prop_to_name(delayable[i]),
4325 nvpair_name(nvp)) == 0) {
4329 if (delayable[i] != 0) {
4330 tmp = nvlist_prev_nvpair(props, nvp);
4331 VERIFY(nvlist_add_nvpair(delayprops, nvp) == 0);
4332 VERIFY(nvlist_remove_nvpair(props, nvp) == 0);
4337 if (nvlist_empty(delayprops)) {
4338 nvlist_free(delayprops);
4341 return (delayprops);
4345 static boolean_t zfs_ioc_recv_inject_err;
4349 * nvlist 'errors' is always allocated. It will contain descriptions of
4350 * encountered errors, if any. It's the callers responsibility to free.
4353 zfs_ioc_recv_impl(char *tofs, char *tosnap, char *origin, nvlist_t *recvprops,
4354 nvlist_t *localprops, boolean_t force, boolean_t resumable, int input_fd,
4355 dmu_replay_record_t *begin_record, int cleanup_fd, uint64_t *read_bytes,
4356 uint64_t *errflags, uint64_t *action_handle, nvlist_t **errors)
4358 dmu_recv_cookie_t drc;
4360 int props_error = 0;
4362 nvlist_t *delayprops = NULL; /* sent properties applied post-receive */
4363 nvlist_t *origprops = NULL; /* existing properties */
4364 nvlist_t *origrecvd = NULL; /* existing received properties */
4365 boolean_t first_recvd_props = B_FALSE;
4370 *errors = fnvlist_alloc();
4372 input_fp = getf(input_fd);
4373 if (input_fp == NULL)
4374 return (SET_ERROR(EBADF));
4376 error = dmu_recv_begin(tofs, tosnap,
4377 begin_record, force, resumable, origin, &drc);
4382 * Set properties before we receive the stream so that they are applied
4383 * to the new data. Note that we must call dmu_recv_stream() if
4384 * dmu_recv_begin() succeeds.
4386 if (recvprops != NULL && !drc.drc_newfs) {
4387 if (spa_version(dsl_dataset_get_spa(drc.drc_ds)) >=
4388 SPA_VERSION_RECVD_PROPS &&
4389 !dsl_prop_get_hasrecvd(tofs))
4390 first_recvd_props = B_TRUE;
4393 * If new received properties are supplied, they are to
4394 * completely replace the existing received properties, so stash
4395 * away the existing ones.
4397 if (dsl_prop_get_received(tofs, &origrecvd) == 0) {
4398 nvlist_t *errlist = NULL;
4400 * Don't bother writing a property if its value won't
4401 * change (and avoid the unnecessary security checks).
4403 * The first receive after SPA_VERSION_RECVD_PROPS is a
4404 * special case where we blow away all local properties
4407 if (!first_recvd_props)
4408 props_reduce(recvprops, origrecvd);
4409 if (zfs_check_clearable(tofs, origrecvd, &errlist) != 0)
4410 (void) nvlist_merge(*errors, errlist, 0);
4411 nvlist_free(errlist);
4413 if (clear_received_props(tofs, origrecvd,
4414 first_recvd_props ? NULL : recvprops) != 0)
4415 *errflags |= ZPROP_ERR_NOCLEAR;
4417 *errflags |= ZPROP_ERR_NOCLEAR;
4422 * Stash away existing properties so we can restore them on error unless
4423 * we're doing the first receive after SPA_VERSION_RECVD_PROPS, in which
4424 * case "origrecvd" will take care of that.
4426 if (localprops != NULL && !drc.drc_newfs && !first_recvd_props) {
4428 if (dmu_objset_hold(tofs, FTAG, &os) == 0) {
4429 if (dsl_prop_get_all(os, &origprops) != 0) {
4430 *errflags |= ZPROP_ERR_NOCLEAR;
4432 dmu_objset_rele(os, FTAG);
4434 *errflags |= ZPROP_ERR_NOCLEAR;
4438 if (recvprops != NULL) {
4439 props_error = dsl_prop_set_hasrecvd(tofs);
4441 if (props_error == 0) {
4442 delayprops = extract_delay_props(recvprops);
4443 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
4444 recvprops, *errors);
4448 if (localprops != NULL) {
4449 nvlist_t *oprops = fnvlist_alloc();
4450 nvlist_t *xprops = fnvlist_alloc();
4451 nvpair_t *nvp = NULL;
4453 while ((nvp = nvlist_next_nvpair(localprops, nvp)) != NULL) {
4454 if (nvpair_type(nvp) == DATA_TYPE_BOOLEAN) {
4456 const char *name = nvpair_name(nvp);
4457 zfs_prop_t prop = zfs_name_to_prop(name);
4458 if (prop != ZPROP_INVAL) {
4459 if (!zfs_prop_inheritable(prop))
4461 } else if (!zfs_prop_user(name))
4463 fnvlist_add_boolean(xprops, name);
4465 /* -o property=value */
4466 fnvlist_add_nvpair(oprops, nvp);
4469 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL,
4471 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED,
4474 nvlist_free(oprops);
4475 nvlist_free(xprops);
4478 off = input_fp->f_offset;
4479 error = dmu_recv_stream(&drc, input_fp->f_vnode, &off, cleanup_fd,
4483 zfsvfs_t *zfsvfs = NULL;
4484 zvol_state_t *zv = NULL;
4486 if (getzfsvfs(tofs, &zfsvfs) == 0) {
4491 ds = dmu_objset_ds(zfsvfs->z_os);
4492 error = zfs_suspend_fs(zfsvfs);
4494 * If the suspend fails, then the recv_end will
4495 * likely also fail, and clean up after itself.
4497 end_err = dmu_recv_end(&drc, zfsvfs);
4499 error = zfs_resume_fs(zfsvfs, ds);
4500 error = error ? error : end_err;
4501 deactivate_super(zfsvfs->z_sb);
4502 } else if ((zv = zvol_suspend(tofs)) != NULL) {
4503 error = dmu_recv_end(&drc, zvol_tag(zv));
4506 error = dmu_recv_end(&drc, NULL);
4509 /* Set delayed properties now, after we're done receiving. */
4510 if (delayprops != NULL && error == 0) {
4511 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
4512 delayprops, *errors);
4516 if (delayprops != NULL) {
4518 * Merge delayed props back in with initial props, in case
4519 * we're DEBUG and zfs_ioc_recv_inject_err is set (which means
4520 * we have to make sure clear_received_props() includes
4521 * the delayed properties).
4523 * Since zfs_ioc_recv_inject_err is only in DEBUG kernels,
4524 * using ASSERT() will be just like a VERIFY.
4526 ASSERT(nvlist_merge(recvprops, delayprops, 0) == 0);
4527 nvlist_free(delayprops);
4531 *read_bytes = off - input_fp->f_offset;
4532 if (VOP_SEEK(input_fp->f_vnode, input_fp->f_offset, &off, NULL) == 0)
4533 input_fp->f_offset = off;
4536 if (zfs_ioc_recv_inject_err) {
4537 zfs_ioc_recv_inject_err = B_FALSE;
4543 * On error, restore the original props.
4545 if (error != 0 && recvprops != NULL && !drc.drc_newfs) {
4546 if (clear_received_props(tofs, recvprops, NULL) != 0) {
4548 * We failed to clear the received properties.
4549 * Since we may have left a $recvd value on the
4550 * system, we can't clear the $hasrecvd flag.
4552 *errflags |= ZPROP_ERR_NORESTORE;
4553 } else if (first_recvd_props) {
4554 dsl_prop_unset_hasrecvd(tofs);
4557 if (origrecvd == NULL && !drc.drc_newfs) {
4558 /* We failed to stash the original properties. */
4559 *errflags |= ZPROP_ERR_NORESTORE;
4563 * dsl_props_set() will not convert RECEIVED to LOCAL on or
4564 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL
4565 * explicitly if we're restoring local properties cleared in the
4566 * first new-style receive.
4568 if (origrecvd != NULL &&
4569 zfs_set_prop_nvlist(tofs, (first_recvd_props ?
4570 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED),
4571 origrecvd, NULL) != 0) {
4573 * We stashed the original properties but failed to
4576 *errflags |= ZPROP_ERR_NORESTORE;
4579 if (error != 0 && localprops != NULL && !drc.drc_newfs &&
4580 !first_recvd_props) {
4582 nvlist_t *inheritprops;
4585 if (origprops == NULL) {
4586 /* We failed to stash the original properties. */
4587 *errflags |= ZPROP_ERR_NORESTORE;
4591 /* Restore original props */
4592 setprops = fnvlist_alloc();
4593 inheritprops = fnvlist_alloc();
4595 while ((nvp = nvlist_next_nvpair(localprops, nvp)) != NULL) {
4596 const char *name = nvpair_name(nvp);
4600 if (!nvlist_exists(origprops, name)) {
4602 * Property was not present or was explicitly
4603 * inherited before the receive, restore this.
4605 fnvlist_add_boolean(inheritprops, name);
4608 attrs = fnvlist_lookup_nvlist(origprops, name);
4609 source = fnvlist_lookup_string(attrs, ZPROP_SOURCE);
4611 /* Skip received properties */
4612 if (strcmp(source, ZPROP_SOURCE_VAL_RECVD) == 0)
4615 if (strcmp(source, tofs) == 0) {
4616 /* Property was locally set */
4617 fnvlist_add_nvlist(setprops, name, attrs);
4619 /* Property was implicitly inherited */
4620 fnvlist_add_boolean(inheritprops, name);
4624 if (zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL, setprops,
4626 *errflags |= ZPROP_ERR_NORESTORE;
4627 if (zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED, inheritprops,
4629 *errflags |= ZPROP_ERR_NORESTORE;
4631 nvlist_free(setprops);
4632 nvlist_free(inheritprops);
4636 nvlist_free(origrecvd);
4637 nvlist_free(origprops);
4640 error = props_error;
4647 * zc_name name of containing filesystem (unused)
4648 * zc_nvlist_src{_size} nvlist of properties to apply
4649 * zc_nvlist_conf{_size} nvlist of properties to exclude
4650 * (DATA_TYPE_BOOLEAN) and override (everything else)
4651 * zc_value name of snapshot to create
4652 * zc_string name of clone origin (if DRR_FLAG_CLONE)
4653 * zc_cookie file descriptor to recv from
4654 * zc_begin_record the BEGIN record of the stream (not byteswapped)
4655 * zc_guid force flag
4656 * zc_cleanup_fd cleanup-on-exit file descriptor
4657 * zc_action_handle handle for this guid/ds mapping (or zero on first call)
4660 * zc_cookie number of bytes read
4661 * zc_obj zprop_errflags_t
4662 * zc_action_handle handle for this guid/ds mapping
4663 * zc_nvlist_dst{_size} error for each unapplied received property
4666 zfs_ioc_recv(zfs_cmd_t *zc)
4668 dmu_replay_record_t begin_record;
4669 nvlist_t *errors = NULL;
4670 nvlist_t *recvdprops = NULL;
4671 nvlist_t *localprops = NULL;
4672 char *origin = NULL;
4674 char tofs[ZFS_MAX_DATASET_NAME_LEN];
4677 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
4678 strchr(zc->zc_value, '@') == NULL ||
4679 strchr(zc->zc_value, '%'))
4680 return (SET_ERROR(EINVAL));
4682 (void) strlcpy(tofs, zc->zc_value, sizeof (tofs));
4683 tosnap = strchr(tofs, '@');
4686 if (zc->zc_nvlist_src != 0 &&
4687 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
4688 zc->zc_iflags, &recvdprops)) != 0)
4691 if (zc->zc_nvlist_conf != 0 &&
4692 (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
4693 zc->zc_iflags, &localprops)) != 0)
4696 if (zc->zc_string[0])
4697 origin = zc->zc_string;
4699 begin_record.drr_type = DRR_BEGIN;
4700 begin_record.drr_payloadlen = 0;
4701 begin_record.drr_u.drr_begin = zc->zc_begin_record;
4703 error = zfs_ioc_recv_impl(tofs, tosnap, origin, recvdprops, localprops,
4704 zc->zc_guid, B_FALSE, zc->zc_cookie, &begin_record,
4705 zc->zc_cleanup_fd, &zc->zc_cookie, &zc->zc_obj,
4706 &zc->zc_action_handle, &errors);
4707 nvlist_free(recvdprops);
4708 nvlist_free(localprops);
4711 * Now that all props, initial and delayed, are set, report the prop
4712 * errors to the caller.
4714 if (zc->zc_nvlist_dst_size != 0 && errors != NULL &&
4715 (nvlist_smush(errors, zc->zc_nvlist_dst_size) != 0 ||
4716 put_nvlist(zc, errors) != 0)) {
4718 * Caller made zc->zc_nvlist_dst less than the minimum expected
4719 * size or supplied an invalid address.
4721 error = SET_ERROR(EINVAL);
4724 nvlist_free(errors);
4731 * "snapname" -> full name of the snapshot to create
4732 * (optional) "props" -> received properties to set (nvlist)
4733 * (optional) "localprops" -> override and exclude properties (nvlist)
4734 * (optional) "origin" -> name of clone origin (DRR_FLAG_CLONE)
4735 * "begin_record" -> non-byteswapped dmu_replay_record_t
4736 * "input_fd" -> file descriptor to read stream from (int32)
4737 * (optional) "force" -> force flag (value ignored)
4738 * (optional) "resumable" -> resumable flag (value ignored)
4739 * (optional) "cleanup_fd" -> cleanup-on-exit file descriptor
4740 * (optional) "action_handle" -> handle for this guid/ds mapping
4744 * "read_bytes" -> number of bytes read
4745 * "error_flags" -> zprop_errflags_t
4746 * "action_handle" -> handle for this guid/ds mapping
4747 * "errors" -> error for each unapplied received property (nvlist)
4751 zfs_ioc_recv_new(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
4753 dmu_replay_record_t *begin_record;
4754 uint_t begin_record_size;
4755 nvlist_t *errors = NULL;
4756 nvlist_t *recvprops = NULL;
4757 nvlist_t *localprops = NULL;
4758 char *snapname = NULL;
4759 char *origin = NULL;
4761 char tofs[ZFS_MAX_DATASET_NAME_LEN];
4763 boolean_t resumable;
4764 uint64_t action_handle = 0;
4765 uint64_t read_bytes = 0;
4766 uint64_t errflags = 0;
4768 int cleanup_fd = -1;
4771 error = nvlist_lookup_string(innvl, "snapname", &snapname);
4773 return (SET_ERROR(EINVAL));
4775 if (dataset_namecheck(snapname, NULL, NULL) != 0 ||
4776 strchr(snapname, '@') == NULL ||
4777 strchr(snapname, '%'))
4778 return (SET_ERROR(EINVAL));
4780 (void) strcpy(tofs, snapname);
4781 tosnap = strchr(tofs, '@');
4784 error = nvlist_lookup_string(innvl, "origin", &origin);
4785 if (error && error != ENOENT)
4788 error = nvlist_lookup_byte_array(innvl, "begin_record",
4789 (uchar_t **)&begin_record, &begin_record_size);
4790 if (error != 0 || begin_record_size != sizeof (*begin_record))
4791 return (SET_ERROR(EINVAL));
4793 error = nvlist_lookup_int32(innvl, "input_fd", &input_fd);
4795 return (SET_ERROR(EINVAL));
4797 force = nvlist_exists(innvl, "force");
4798 resumable = nvlist_exists(innvl, "resumable");
4800 error = nvlist_lookup_int32(innvl, "cleanup_fd", &cleanup_fd);
4801 if (error && error != ENOENT)
4804 error = nvlist_lookup_uint64(innvl, "action_handle", &action_handle);
4805 if (error && error != ENOENT)
4808 /* we still use "props" here for backwards compatibility */
4809 error = nvlist_lookup_nvlist(innvl, "props", &recvprops);
4810 if (error && error != ENOENT)
4813 error = nvlist_lookup_nvlist(innvl, "localprops", &localprops);
4814 if (error && error != ENOENT)
4817 error = zfs_ioc_recv_impl(tofs, tosnap, origin, recvprops, localprops,
4818 force, resumable, input_fd, begin_record, cleanup_fd, &read_bytes,
4819 &errflags, &action_handle, &errors);
4821 fnvlist_add_uint64(outnvl, "read_bytes", read_bytes);
4822 fnvlist_add_uint64(outnvl, "error_flags", errflags);
4823 fnvlist_add_uint64(outnvl, "action_handle", action_handle);
4824 fnvlist_add_nvlist(outnvl, "errors", errors);
4826 nvlist_free(errors);
4827 nvlist_free(recvprops);
4828 nvlist_free(localprops);
4835 * zc_name name of snapshot to send
4836 * zc_cookie file descriptor to send stream to
4837 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj)
4838 * zc_sendobj objsetid of snapshot to send
4839 * zc_fromobj objsetid of incremental fromsnap (may be zero)
4840 * zc_guid if set, estimate size of stream only. zc_cookie is ignored.
4841 * output size in zc_objset_type.
4842 * zc_flags lzc_send_flags
4845 * zc_objset_type estimated size, if zc_guid is set
4847 * NOTE: This is no longer the preferred interface, any new functionality
4848 * should be added to zfs_ioc_send_new() instead.
4851 zfs_ioc_send(zfs_cmd_t *zc)
4855 boolean_t estimate = (zc->zc_guid != 0);
4856 boolean_t embedok = (zc->zc_flags & 0x1);
4857 boolean_t large_block_ok = (zc->zc_flags & 0x2);
4858 boolean_t compressok = (zc->zc_flags & 0x4);
4859 boolean_t rawok = (zc->zc_flags & 0x8);
4861 if (zc->zc_obj != 0) {
4863 dsl_dataset_t *tosnap;
4865 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
4869 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &tosnap);
4871 dsl_pool_rele(dp, FTAG);
4875 if (dsl_dir_is_clone(tosnap->ds_dir))
4877 dsl_dir_phys(tosnap->ds_dir)->dd_origin_obj;
4878 dsl_dataset_rele(tosnap, FTAG);
4879 dsl_pool_rele(dp, FTAG);
4884 dsl_dataset_t *tosnap;
4885 dsl_dataset_t *fromsnap = NULL;
4887 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
4891 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj,
4894 dsl_pool_rele(dp, FTAG);
4898 if (zc->zc_fromobj != 0) {
4899 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj,
4902 dsl_dataset_rele(tosnap, FTAG);
4903 dsl_pool_rele(dp, FTAG);
4908 error = dmu_send_estimate(tosnap, fromsnap, compressok || rawok,
4909 &zc->zc_objset_type);
4911 if (fromsnap != NULL)
4912 dsl_dataset_rele(fromsnap, FTAG);
4913 dsl_dataset_rele(tosnap, FTAG);
4914 dsl_pool_rele(dp, FTAG);
4916 file_t *fp = getf(zc->zc_cookie);
4918 return (SET_ERROR(EBADF));
4921 error = dmu_send_obj(zc->zc_name, zc->zc_sendobj,
4922 zc->zc_fromobj, embedok, large_block_ok, compressok, rawok,
4923 zc->zc_cookie, fp->f_vnode, &off);
4925 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
4927 releasef(zc->zc_cookie);
4934 * zc_name name of snapshot on which to report progress
4935 * zc_cookie file descriptor of send stream
4938 * zc_cookie number of bytes written in send stream thus far
4941 zfs_ioc_send_progress(zfs_cmd_t *zc)
4945 dmu_sendarg_t *dsp = NULL;
4948 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
4952 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds);
4954 dsl_pool_rele(dp, FTAG);
4958 mutex_enter(&ds->ds_sendstream_lock);
4961 * Iterate over all the send streams currently active on this dataset.
4962 * If there's one which matches the specified file descriptor _and_ the
4963 * stream was started by the current process, return the progress of
4967 for (dsp = list_head(&ds->ds_sendstreams); dsp != NULL;
4968 dsp = list_next(&ds->ds_sendstreams, dsp)) {
4969 if (dsp->dsa_outfd == zc->zc_cookie &&
4970 dsp->dsa_proc->group_leader == curproc->group_leader)
4975 zc->zc_cookie = *(dsp->dsa_off);
4977 error = SET_ERROR(ENOENT);
4979 mutex_exit(&ds->ds_sendstream_lock);
4980 dsl_dataset_rele(ds, FTAG);
4981 dsl_pool_rele(dp, FTAG);
4986 zfs_ioc_inject_fault(zfs_cmd_t *zc)
4990 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id,
4991 &zc->zc_inject_record);
4994 zc->zc_guid = (uint64_t)id;
5000 zfs_ioc_clear_fault(zfs_cmd_t *zc)
5002 return (zio_clear_fault((int)zc->zc_guid));
5006 zfs_ioc_inject_list_next(zfs_cmd_t *zc)
5008 int id = (int)zc->zc_guid;
5011 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name),
5012 &zc->zc_inject_record);
5020 zfs_ioc_error_log(zfs_cmd_t *zc)
5024 size_t count = (size_t)zc->zc_nvlist_dst_size;
5026 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
5029 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst,
5032 zc->zc_nvlist_dst_size = count;
5034 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa);
5036 spa_close(spa, FTAG);
5042 zfs_ioc_clear(zfs_cmd_t *zc)
5049 * On zpool clear we also fix up missing slogs
5051 mutex_enter(&spa_namespace_lock);
5052 spa = spa_lookup(zc->zc_name);
5054 mutex_exit(&spa_namespace_lock);
5055 return (SET_ERROR(EIO));
5057 if (spa_get_log_state(spa) == SPA_LOG_MISSING) {
5058 /* we need to let spa_open/spa_load clear the chains */
5059 spa_set_log_state(spa, SPA_LOG_CLEAR);
5061 spa->spa_last_open_failed = 0;
5062 mutex_exit(&spa_namespace_lock);
5064 if (zc->zc_cookie & ZPOOL_NO_REWIND) {
5065 error = spa_open(zc->zc_name, &spa, FTAG);
5068 nvlist_t *config = NULL;
5070 if (zc->zc_nvlist_src == 0)
5071 return (SET_ERROR(EINVAL));
5073 if ((error = get_nvlist(zc->zc_nvlist_src,
5074 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) {
5075 error = spa_open_rewind(zc->zc_name, &spa, FTAG,
5077 if (config != NULL) {
5080 if ((err = put_nvlist(zc, config)) != 0)
5082 nvlist_free(config);
5084 nvlist_free(policy);
5091 spa_vdev_state_enter(spa, SCL_NONE);
5093 if (zc->zc_guid == 0) {
5096 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE);
5098 (void) spa_vdev_state_exit(spa, NULL, ENODEV);
5099 spa_close(spa, FTAG);
5100 return (SET_ERROR(ENODEV));
5104 vdev_clear(spa, vd);
5106 (void) spa_vdev_state_exit(spa, spa_suspended(spa) ?
5107 NULL : spa->spa_root_vdev, 0);
5110 * Resume any suspended I/Os.
5112 if (zio_resume(spa) != 0)
5113 error = SET_ERROR(EIO);
5115 spa_close(spa, FTAG);
5121 * Reopen all the vdevs associated with the pool.
5124 * "scrub_restart" -> when true and scrub is running, allow to restart
5125 * scrub as the side effect of the reopen (boolean).
5132 zfs_ioc_pool_reopen(const char *pool, nvlist_t *innvl, nvlist_t *outnvl)
5136 boolean_t scrub_restart = B_TRUE;
5139 if (nvlist_lookup_boolean_value(innvl, "scrub_restart",
5140 &scrub_restart) != 0) {
5141 return (SET_ERROR(EINVAL));
5145 error = spa_open(pool, &spa, FTAG);
5149 spa_vdev_state_enter(spa, SCL_NONE);
5152 * If the scrub_restart flag is B_FALSE and a scrub is already
5153 * in progress then set spa_scrub_reopen flag to B_TRUE so that
5154 * we don't restart the scrub as a side effect of the reopen.
5155 * Otherwise, let vdev_open() decided if a resilver is required.
5158 spa->spa_scrub_reopen = (!scrub_restart &&
5159 dsl_scan_scrubbing(spa->spa_dsl_pool));
5160 vdev_reopen(spa->spa_root_vdev);
5161 spa->spa_scrub_reopen = B_FALSE;
5163 (void) spa_vdev_state_exit(spa, NULL, 0);
5164 spa_close(spa, FTAG);
5170 * zc_name name of filesystem
5173 * zc_string name of conflicting snapshot, if there is one
5176 zfs_ioc_promote(zfs_cmd_t *zc)
5179 dsl_dataset_t *ds, *ods;
5180 char origin[ZFS_MAX_DATASET_NAME_LEN];
5184 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
5185 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0 ||
5186 strchr(zc->zc_name, '%'))
5187 return (SET_ERROR(EINVAL));
5189 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
5193 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds);
5195 dsl_pool_rele(dp, FTAG);
5199 if (!dsl_dir_is_clone(ds->ds_dir)) {
5200 dsl_dataset_rele(ds, FTAG);
5201 dsl_pool_rele(dp, FTAG);
5202 return (SET_ERROR(EINVAL));
5205 error = dsl_dataset_hold_obj(dp,
5206 dsl_dir_phys(ds->ds_dir)->dd_origin_obj, FTAG, &ods);
5208 dsl_dataset_rele(ds, FTAG);
5209 dsl_pool_rele(dp, FTAG);
5213 dsl_dataset_name(ods, origin);
5214 dsl_dataset_rele(ods, FTAG);
5215 dsl_dataset_rele(ds, FTAG);
5216 dsl_pool_rele(dp, FTAG);
5219 * We don't need to unmount *all* the origin fs's snapshots, but
5222 cp = strchr(origin, '@');
5225 (void) dmu_objset_find(origin,
5226 zfs_unmount_snap_cb, NULL, DS_FIND_SNAPSHOTS);
5227 return (dsl_dataset_promote(zc->zc_name, zc->zc_string));
5231 * Retrieve a single {user|group|project}{used|quota}@... property.
5234 * zc_name name of filesystem
5235 * zc_objset_type zfs_userquota_prop_t
5236 * zc_value domain name (eg. "S-1-234-567-89")
5237 * zc_guid RID/UID/GID
5240 * zc_cookie property value
5243 zfs_ioc_userspace_one(zfs_cmd_t *zc)
5248 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
5249 return (SET_ERROR(EINVAL));
5251 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
5255 error = zfs_userspace_one(zfsvfs,
5256 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie);
5257 zfsvfs_rele(zfsvfs, FTAG);
5264 * zc_name name of filesystem
5265 * zc_cookie zap cursor
5266 * zc_objset_type zfs_userquota_prop_t
5267 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist)
5270 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t)
5271 * zc_cookie zap cursor
5274 zfs_ioc_userspace_many(zfs_cmd_t *zc)
5277 int bufsize = zc->zc_nvlist_dst_size;
5280 return (SET_ERROR(ENOMEM));
5282 int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
5286 void *buf = vmem_alloc(bufsize, KM_SLEEP);
5288 error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie,
5289 buf, &zc->zc_nvlist_dst_size);
5292 error = xcopyout(buf,
5293 (void *)(uintptr_t)zc->zc_nvlist_dst,
5294 zc->zc_nvlist_dst_size);
5296 vmem_free(buf, bufsize);
5297 zfsvfs_rele(zfsvfs, FTAG);
5304 * zc_name name of filesystem
5310 zfs_ioc_userspace_upgrade(zfs_cmd_t *zc)
5316 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) {
5317 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) {
5319 * If userused is not enabled, it may be because the
5320 * objset needs to be closed & reopened (to grow the
5321 * objset_phys_t). Suspend/resume the fs will do that.
5323 dsl_dataset_t *ds, *newds;
5325 ds = dmu_objset_ds(zfsvfs->z_os);
5326 error = zfs_suspend_fs(zfsvfs);
5328 dmu_objset_refresh_ownership(ds, &newds,
5330 error = zfs_resume_fs(zfsvfs, newds);
5334 error = dmu_objset_userspace_upgrade(zfsvfs->z_os);
5335 deactivate_super(zfsvfs->z_sb);
5337 /* XXX kind of reading contents without owning */
5338 error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, FTAG, &os);
5342 error = dmu_objset_userspace_upgrade(os);
5343 dmu_objset_rele_flags(os, B_TRUE, FTAG);
5351 * zc_name name of filesystem
5357 zfs_ioc_id_quota_upgrade(zfs_cmd_t *zc)
5362 error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, FTAG, &os);
5366 if (dmu_objset_userobjspace_upgradable(os) ||
5367 dmu_objset_projectquota_upgradable(os)) {
5368 mutex_enter(&os->os_upgrade_lock);
5369 if (os->os_upgrade_id == 0) {
5370 /* clear potential error code and retry */
5371 os->os_upgrade_status = 0;
5372 mutex_exit(&os->os_upgrade_lock);
5374 dmu_objset_id_quota_upgrade(os);
5376 mutex_exit(&os->os_upgrade_lock);
5379 dsl_pool_rele(dmu_objset_pool(os), FTAG);
5381 taskq_wait_id(os->os_spa->spa_upgrade_taskq, os->os_upgrade_id);
5382 error = os->os_upgrade_status;
5384 dsl_pool_rele(dmu_objset_pool(os), FTAG);
5387 dsl_dataset_rele_flags(dmu_objset_ds(os), DS_HOLD_FLAG_DECRYPT, FTAG);
5393 zfs_ioc_share(zfs_cmd_t *zc)
5395 return (SET_ERROR(ENOSYS));
5398 ace_t full_access[] = {
5399 {(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0}
5404 * zc_name name of containing filesystem
5405 * zc_obj object # beyond which we want next in-use object #
5408 * zc_obj next in-use object #
5411 zfs_ioc_next_obj(zfs_cmd_t *zc)
5413 objset_t *os = NULL;
5416 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
5420 error = dmu_object_next(os, &zc->zc_obj, B_FALSE, 0);
5422 dmu_objset_rele(os, FTAG);
5428 * zc_name name of filesystem
5429 * zc_value prefix name for snapshot
5430 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process
5433 * zc_value short name of new snapshot
5436 zfs_ioc_tmp_snapshot(zfs_cmd_t *zc)
5443 error = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor);
5447 snap_name = kmem_asprintf("%s-%016llx", zc->zc_value,
5448 (u_longlong_t)ddi_get_lbolt64());
5449 hold_name = kmem_asprintf("%%%s", zc->zc_value);
5451 error = dsl_dataset_snapshot_tmp(zc->zc_name, snap_name, minor,
5454 (void) strlcpy(zc->zc_value, snap_name,
5455 sizeof (zc->zc_value));
5458 zfs_onexit_fd_rele(zc->zc_cleanup_fd);
5464 * zc_name name of "to" snapshot
5465 * zc_value name of "from" snapshot
5466 * zc_cookie file descriptor to write diff data on
5469 * dmu_diff_record_t's to the file descriptor
5472 zfs_ioc_diff(zfs_cmd_t *zc)
5478 fp = getf(zc->zc_cookie);
5480 return (SET_ERROR(EBADF));
5484 error = dmu_diff(zc->zc_name, zc->zc_value, fp->f_vnode, &off);
5486 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
5488 releasef(zc->zc_cookie);
5494 * Remove all ACL files in shares dir
5496 #ifdef HAVE_SMB_SHARE
5498 zfs_smb_acl_purge(znode_t *dzp)
5501 zap_attribute_t zap;
5502 zfsvfs_t *zfsvfs = ZTOZSB(dzp);
5505 for (zap_cursor_init(&zc, zfsvfs->z_os, dzp->z_id);
5506 (error = zap_cursor_retrieve(&zc, &zap)) == 0;
5507 zap_cursor_advance(&zc)) {
5508 if ((error = VOP_REMOVE(ZTOV(dzp), zap.za_name, kcred,
5512 zap_cursor_fini(&zc);
5515 #endif /* HAVE_SMB_SHARE */
5518 zfs_ioc_smb_acl(zfs_cmd_t *zc)
5520 #ifdef HAVE_SMB_SHARE
5523 vnode_t *resourcevp = NULL;
5532 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
5533 NO_FOLLOW, NULL, &vp)) != 0)
5536 /* Now make sure mntpnt and dataset are ZFS */
5538 if (vp->v_vfsp->vfs_fstype != zfsfstype ||
5539 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
5540 zc->zc_name) != 0)) {
5542 return (SET_ERROR(EINVAL));
5546 zfsvfs = ZTOZSB(dzp);
5550 * Create share dir if its missing.
5552 mutex_enter(&zfsvfs->z_lock);
5553 if (zfsvfs->z_shares_dir == 0) {
5556 tx = dmu_tx_create(zfsvfs->z_os);
5557 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, TRUE,
5559 dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL);
5560 error = dmu_tx_assign(tx, TXG_WAIT);
5564 error = zfs_create_share_dir(zfsvfs, tx);
5568 mutex_exit(&zfsvfs->z_lock);
5574 mutex_exit(&zfsvfs->z_lock);
5576 ASSERT(zfsvfs->z_shares_dir);
5577 if ((error = zfs_zget(zfsvfs, zfsvfs->z_shares_dir, &sharedir)) != 0) {
5583 switch (zc->zc_cookie) {
5584 case ZFS_SMB_ACL_ADD:
5585 vattr.va_mask = AT_MODE|AT_UID|AT_GID|AT_TYPE;
5586 vattr.va_mode = S_IFREG|0777;
5590 vsec.vsa_mask = VSA_ACE;
5591 vsec.vsa_aclentp = &full_access;
5592 vsec.vsa_aclentsz = sizeof (full_access);
5593 vsec.vsa_aclcnt = 1;
5595 error = VOP_CREATE(ZTOV(sharedir), zc->zc_string,
5596 &vattr, EXCL, 0, &resourcevp, kcred, 0, NULL, &vsec);
5598 VN_RELE(resourcevp);
5601 case ZFS_SMB_ACL_REMOVE:
5602 error = VOP_REMOVE(ZTOV(sharedir), zc->zc_string, kcred,
5606 case ZFS_SMB_ACL_RENAME:
5607 if ((error = get_nvlist(zc->zc_nvlist_src,
5608 zc->zc_nvlist_src_size, zc->zc_iflags, &nvlist)) != 0) {
5610 VN_RELE(ZTOV(sharedir));
5614 if (nvlist_lookup_string(nvlist, ZFS_SMB_ACL_SRC, &src) ||
5615 nvlist_lookup_string(nvlist, ZFS_SMB_ACL_TARGET,
5618 VN_RELE(ZTOV(sharedir));
5620 nvlist_free(nvlist);
5623 error = VOP_RENAME(ZTOV(sharedir), src, ZTOV(sharedir), target,
5625 nvlist_free(nvlist);
5628 case ZFS_SMB_ACL_PURGE:
5629 error = zfs_smb_acl_purge(sharedir);
5633 error = SET_ERROR(EINVAL);
5638 VN_RELE(ZTOV(sharedir));
5644 return (SET_ERROR(ENOTSUP));
5645 #endif /* HAVE_SMB_SHARE */
5650 * "holds" -> { snapname -> holdname (string), ... }
5651 * (optional) "cleanup_fd" -> fd (int32)
5655 * snapname -> error value (int32)
5661 zfs_ioc_hold(const char *pool, nvlist_t *args, nvlist_t *errlist)
5665 int cleanup_fd = -1;
5669 error = nvlist_lookup_nvlist(args, "holds", &holds);
5671 return (SET_ERROR(EINVAL));
5673 /* make sure the user didn't pass us any invalid (empty) tags */
5674 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL;
5675 pair = nvlist_next_nvpair(holds, pair)) {
5678 error = nvpair_value_string(pair, &htag);
5680 return (SET_ERROR(error));
5682 if (strlen(htag) == 0)
5683 return (SET_ERROR(EINVAL));
5686 if (nvlist_lookup_int32(args, "cleanup_fd", &cleanup_fd) == 0) {
5687 error = zfs_onexit_fd_hold(cleanup_fd, &minor);
5692 error = dsl_dataset_user_hold(holds, minor, errlist);
5694 zfs_onexit_fd_rele(cleanup_fd);
5699 * innvl is not used.
5702 * holdname -> time added (uint64 seconds since epoch)
5708 zfs_ioc_get_holds(const char *snapname, nvlist_t *args, nvlist_t *outnvl)
5710 ASSERT3P(args, ==, NULL);
5711 return (dsl_dataset_get_holds(snapname, outnvl));
5716 * snapname -> { holdname, ... }
5721 * snapname -> error value (int32)
5727 zfs_ioc_release(const char *pool, nvlist_t *holds, nvlist_t *errlist)
5729 return (dsl_dataset_user_release(holds, errlist));
5734 * zc_guid flags (ZEVENT_NONBLOCK)
5735 * zc_cleanup_fd zevent file descriptor
5738 * zc_nvlist_dst next nvlist event
5739 * zc_cookie dropped events since last get
5742 zfs_ioc_events_next(zfs_cmd_t *zc)
5745 nvlist_t *event = NULL;
5747 uint64_t dropped = 0;
5750 error = zfs_zevent_fd_hold(zc->zc_cleanup_fd, &minor, &ze);
5755 error = zfs_zevent_next(ze, &event,
5756 &zc->zc_nvlist_dst_size, &dropped);
5757 if (event != NULL) {
5758 zc->zc_cookie = dropped;
5759 error = put_nvlist(zc, event);
5763 if (zc->zc_guid & ZEVENT_NONBLOCK)
5766 if ((error == 0) || (error != ENOENT))
5769 error = zfs_zevent_wait(ze);
5774 zfs_zevent_fd_rele(zc->zc_cleanup_fd);
5781 * zc_cookie cleared events count
5784 zfs_ioc_events_clear(zfs_cmd_t *zc)
5788 zfs_zevent_drain_all(&count);
5789 zc->zc_cookie = count;
5796 * zc_guid eid | ZEVENT_SEEK_START | ZEVENT_SEEK_END
5797 * zc_cleanup zevent file descriptor
5800 zfs_ioc_events_seek(zfs_cmd_t *zc)
5806 error = zfs_zevent_fd_hold(zc->zc_cleanup_fd, &minor, &ze);
5810 error = zfs_zevent_seek(ze, zc->zc_guid);
5811 zfs_zevent_fd_rele(zc->zc_cleanup_fd);
5818 * zc_name name of new filesystem or snapshot
5819 * zc_value full name of old snapshot
5822 * zc_cookie space in bytes
5823 * zc_objset_type compressed space in bytes
5824 * zc_perm_action uncompressed space in bytes
5827 zfs_ioc_space_written(zfs_cmd_t *zc)
5831 dsl_dataset_t *new, *old;
5833 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
5836 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &new);
5838 dsl_pool_rele(dp, FTAG);
5841 error = dsl_dataset_hold(dp, zc->zc_value, FTAG, &old);
5843 dsl_dataset_rele(new, FTAG);
5844 dsl_pool_rele(dp, FTAG);
5848 error = dsl_dataset_space_written(old, new, &zc->zc_cookie,
5849 &zc->zc_objset_type, &zc->zc_perm_action);
5850 dsl_dataset_rele(old, FTAG);
5851 dsl_dataset_rele(new, FTAG);
5852 dsl_pool_rele(dp, FTAG);
5858 * "firstsnap" -> snapshot name
5862 * "used" -> space in bytes
5863 * "compressed" -> compressed space in bytes
5864 * "uncompressed" -> uncompressed space in bytes
5868 zfs_ioc_space_snaps(const char *lastsnap, nvlist_t *innvl, nvlist_t *outnvl)
5872 dsl_dataset_t *new, *old;
5874 uint64_t used, comp, uncomp;
5876 if (nvlist_lookup_string(innvl, "firstsnap", &firstsnap) != 0)
5877 return (SET_ERROR(EINVAL));
5879 error = dsl_pool_hold(lastsnap, FTAG, &dp);
5883 error = dsl_dataset_hold(dp, lastsnap, FTAG, &new);
5884 if (error == 0 && !new->ds_is_snapshot) {
5885 dsl_dataset_rele(new, FTAG);
5886 error = SET_ERROR(EINVAL);
5889 dsl_pool_rele(dp, FTAG);
5892 error = dsl_dataset_hold(dp, firstsnap, FTAG, &old);
5893 if (error == 0 && !old->ds_is_snapshot) {
5894 dsl_dataset_rele(old, FTAG);
5895 error = SET_ERROR(EINVAL);
5898 dsl_dataset_rele(new, FTAG);
5899 dsl_pool_rele(dp, FTAG);
5903 error = dsl_dataset_space_wouldfree(old, new, &used, &comp, &uncomp);
5904 dsl_dataset_rele(old, FTAG);
5905 dsl_dataset_rele(new, FTAG);
5906 dsl_pool_rele(dp, FTAG);
5907 fnvlist_add_uint64(outnvl, "used", used);
5908 fnvlist_add_uint64(outnvl, "compressed", comp);
5909 fnvlist_add_uint64(outnvl, "uncompressed", uncomp);
5915 * "fd" -> file descriptor to write stream to (int32)
5916 * (optional) "fromsnap" -> full snap name to send an incremental from
5917 * (optional) "largeblockok" -> (value ignored)
5918 * indicates that blocks > 128KB are permitted
5919 * (optional) "embedok" -> (value ignored)
5920 * presence indicates DRR_WRITE_EMBEDDED records are permitted
5921 * (optional) "compressok" -> (value ignored)
5922 * presence indicates compressed DRR_WRITE records are permitted
5923 * (optional) "rawok" -> (value ignored)
5924 * presence indicates raw encrypted records should be used.
5925 * (optional) "resume_object" and "resume_offset" -> (uint64)
5926 * if present, resume send stream from specified object and offset.
5933 zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
5937 char *fromname = NULL;
5940 boolean_t largeblockok;
5942 boolean_t compressok;
5944 uint64_t resumeobj = 0;
5945 uint64_t resumeoff = 0;
5947 error = nvlist_lookup_int32(innvl, "fd", &fd);
5949 return (SET_ERROR(EINVAL));
5951 (void) nvlist_lookup_string(innvl, "fromsnap", &fromname);
5953 largeblockok = nvlist_exists(innvl, "largeblockok");
5954 embedok = nvlist_exists(innvl, "embedok");
5955 compressok = nvlist_exists(innvl, "compressok");
5956 rawok = nvlist_exists(innvl, "rawok");
5958 (void) nvlist_lookup_uint64(innvl, "resume_object", &resumeobj);
5959 (void) nvlist_lookup_uint64(innvl, "resume_offset", &resumeoff);
5961 if ((fp = getf(fd)) == NULL)
5962 return (SET_ERROR(EBADF));
5965 error = dmu_send(snapname, fromname, embedok, largeblockok, compressok,
5966 rawok, fd, resumeobj, resumeoff, fp->f_vnode, &off);
5968 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
5976 * Determine approximately how large a zfs send stream will be -- the number
5977 * of bytes that will be written to the fd supplied to zfs_ioc_send_new().
5980 * (optional) "from" -> full snap or bookmark name to send an incremental
5982 * (optional) "largeblockok" -> (value ignored)
5983 * indicates that blocks > 128KB are permitted
5984 * (optional) "embedok" -> (value ignored)
5985 * presence indicates DRR_WRITE_EMBEDDED records are permitted
5986 * (optional) "compressok" -> (value ignored)
5987 * presence indicates compressed DRR_WRITE records are permitted
5988 * (optional) "rawok" -> (value ignored)
5989 * presence indicates raw encrypted records should be used.
5993 * "space" -> bytes of space (uint64)
5997 zfs_ioc_send_space(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
6000 dsl_dataset_t *tosnap;
6003 boolean_t compressok;
6007 error = dsl_pool_hold(snapname, FTAG, &dp);
6011 error = dsl_dataset_hold(dp, snapname, FTAG, &tosnap);
6013 dsl_pool_rele(dp, FTAG);
6017 compressok = nvlist_exists(innvl, "compressok");
6018 rawok = nvlist_exists(innvl, "rawok");
6020 error = nvlist_lookup_string(innvl, "from", &fromname);
6022 if (strchr(fromname, '@') != NULL) {
6024 * If from is a snapshot, hold it and use the more
6025 * efficient dmu_send_estimate to estimate send space
6026 * size using deadlists.
6028 dsl_dataset_t *fromsnap;
6029 error = dsl_dataset_hold(dp, fromname, FTAG, &fromsnap);
6032 error = dmu_send_estimate(tosnap, fromsnap,
6033 compressok || rawok, &space);
6034 dsl_dataset_rele(fromsnap, FTAG);
6035 } else if (strchr(fromname, '#') != NULL) {
6037 * If from is a bookmark, fetch the creation TXG of the
6038 * snapshot it was created from and use that to find
6039 * blocks that were born after it.
6041 zfs_bookmark_phys_t frombm;
6043 error = dsl_bookmark_lookup(dp, fromname, tosnap,
6047 error = dmu_send_estimate_from_txg(tosnap,
6048 frombm.zbm_creation_txg, compressok || rawok,
6052 * from is not properly formatted as a snapshot or
6055 error = SET_ERROR(EINVAL);
6060 * If estimating the size of a full send, use dmu_send_estimate.
6062 error = dmu_send_estimate(tosnap, NULL, compressok || rawok,
6066 fnvlist_add_uint64(outnvl, "space", space);
6069 dsl_dataset_rele(tosnap, FTAG);
6070 dsl_pool_rele(dp, FTAG);
6075 * Sync the currently open TXG to disk for the specified pool.
6076 * This is somewhat similar to 'zfs_sync()'.
6077 * For cases that do not result in error this ioctl will wait for
6078 * the currently open TXG to commit before returning back to the caller.
6081 * "force" -> when true, force uberblock update even if there is no dirty data.
6082 * In addition this will cause the vdev configuration to be written
6083 * out including updating the zpool cache file. (boolean_t)
6090 zfs_ioc_pool_sync(const char *pool, nvlist_t *innvl, nvlist_t *onvl)
6093 boolean_t force = B_FALSE;
6096 if ((err = spa_open(pool, &spa, FTAG)) != 0)
6100 if (nvlist_lookup_boolean_value(innvl, "force", &force) != 0) {
6101 err = SET_ERROR(EINVAL);
6107 spa_config_enter(spa, SCL_CONFIG, FTAG, RW_WRITER);
6108 vdev_config_dirty(spa->spa_root_vdev);
6109 spa_config_exit(spa, SCL_CONFIG, FTAG);
6111 txg_wait_synced(spa_get_dsl(spa), 0);
6113 spa_close(spa, FTAG);
6119 * Load a user's wrapping key into the kernel.
6121 * "hidden_args" -> { "wkeydata" -> value }
6122 * raw uint8_t array of encryption wrapping key data (32 bytes)
6123 * (optional) "noop" -> (value ignored)
6124 * presence indicated key should only be verified, not loaded
6129 zfs_ioc_load_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl)
6132 dsl_crypto_params_t *dcp = NULL;
6133 nvlist_t *hidden_args;
6134 boolean_t noop = nvlist_exists(innvl, "noop");
6136 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) {
6137 ret = SET_ERROR(EINVAL);
6141 ret = nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args);
6143 ret = SET_ERROR(EINVAL);
6147 ret = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, NULL,
6152 ret = spa_keystore_load_wkey(dsname, dcp, noop);
6156 dsl_crypto_params_free(dcp, noop);
6161 dsl_crypto_params_free(dcp, B_TRUE);
6166 * Unload a user's wrapping key from the kernel.
6167 * Both innvl and outnvl are unused.
6171 zfs_ioc_unload_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl)
6175 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) {
6176 ret = (SET_ERROR(EINVAL));
6180 ret = spa_keystore_unload_wkey(dsname);
6189 * Changes a user's wrapping key used to decrypt a dataset. The keyformat,
6190 * keylocation, pbkdf2salt, and pbkdf2iters properties can also be specified
6191 * here to change how the key is derived in userspace.
6194 * "hidden_args" (optional) -> { "wkeydata" -> value }
6195 * raw uint8_t array of new encryption wrapping key data (32 bytes)
6196 * "props" (optional) -> { prop -> value }
6203 zfs_ioc_change_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl)
6206 uint64_t cmd = DCP_CMD_NONE;
6207 dsl_crypto_params_t *dcp = NULL;
6208 nvlist_t *args = NULL, *hidden_args = NULL;
6210 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) {
6211 ret = (SET_ERROR(EINVAL));
6215 (void) nvlist_lookup_uint64(innvl, "crypt_cmd", &cmd);
6216 (void) nvlist_lookup_nvlist(innvl, "props", &args);
6217 (void) nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args);
6219 ret = dsl_crypto_params_create_nvlist(cmd, args, hidden_args, &dcp);
6223 ret = spa_keystore_change_key(dsname, dcp);
6227 dsl_crypto_params_free(dcp, B_FALSE);
6232 dsl_crypto_params_free(dcp, B_TRUE);
6236 static zfs_ioc_vec_t zfs_ioc_vec[ZFS_IOC_LAST - ZFS_IOC_FIRST];
6239 zfs_ioctl_register_legacy(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
6240 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
6241 boolean_t log_history, zfs_ioc_poolcheck_t pool_check)
6243 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
6245 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
6246 ASSERT3U(ioc, <, ZFS_IOC_LAST);
6247 ASSERT3P(vec->zvec_legacy_func, ==, NULL);
6248 ASSERT3P(vec->zvec_func, ==, NULL);
6250 vec->zvec_legacy_func = func;
6251 vec->zvec_secpolicy = secpolicy;
6252 vec->zvec_namecheck = namecheck;
6253 vec->zvec_allow_log = log_history;
6254 vec->zvec_pool_check = pool_check;
6258 * See the block comment at the beginning of this file for details on
6259 * each argument to this function.
6262 zfs_ioctl_register(const char *name, zfs_ioc_t ioc, zfs_ioc_func_t *func,
6263 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
6264 zfs_ioc_poolcheck_t pool_check, boolean_t smush_outnvlist,
6265 boolean_t allow_log)
6267 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
6269 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
6270 ASSERT3U(ioc, <, ZFS_IOC_LAST);
6271 ASSERT3P(vec->zvec_legacy_func, ==, NULL);
6272 ASSERT3P(vec->zvec_func, ==, NULL);
6274 /* if we are logging, the name must be valid */
6275 ASSERT(!allow_log || namecheck != NO_NAME);
6277 vec->zvec_name = name;
6278 vec->zvec_func = func;
6279 vec->zvec_secpolicy = secpolicy;
6280 vec->zvec_namecheck = namecheck;
6281 vec->zvec_pool_check = pool_check;
6282 vec->zvec_smush_outnvlist = smush_outnvlist;
6283 vec->zvec_allow_log = allow_log;
6287 zfs_ioctl_register_pool(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
6288 zfs_secpolicy_func_t *secpolicy, boolean_t log_history,
6289 zfs_ioc_poolcheck_t pool_check)
6291 zfs_ioctl_register_legacy(ioc, func, secpolicy,
6292 POOL_NAME, log_history, pool_check);
6296 zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
6297 zfs_secpolicy_func_t *secpolicy, zfs_ioc_poolcheck_t pool_check)
6299 zfs_ioctl_register_legacy(ioc, func, secpolicy,
6300 DATASET_NAME, B_FALSE, pool_check);
6304 zfs_ioctl_register_pool_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
6306 zfs_ioctl_register_legacy(ioc, func, zfs_secpolicy_config,
6307 POOL_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
6311 zfs_ioctl_register_pool_meta(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
6312 zfs_secpolicy_func_t *secpolicy)
6314 zfs_ioctl_register_legacy(ioc, func, secpolicy,
6315 NO_NAME, B_FALSE, POOL_CHECK_NONE);
6319 zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc,
6320 zfs_ioc_legacy_func_t *func, zfs_secpolicy_func_t *secpolicy)
6322 zfs_ioctl_register_legacy(ioc, func, secpolicy,
6323 DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED);
6327 zfs_ioctl_register_dataset_read(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
6329 zfs_ioctl_register_dataset_read_secpolicy(ioc, func,
6330 zfs_secpolicy_read);
6334 zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
6335 zfs_secpolicy_func_t *secpolicy)
6337 zfs_ioctl_register_legacy(ioc, func, secpolicy,
6338 DATASET_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
6342 zfs_ioctl_init(void)
6344 zfs_ioctl_register("snapshot", ZFS_IOC_SNAPSHOT,
6345 zfs_ioc_snapshot, zfs_secpolicy_snapshot, POOL_NAME,
6346 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
6348 zfs_ioctl_register("log_history", ZFS_IOC_LOG_HISTORY,
6349 zfs_ioc_log_history, zfs_secpolicy_log_history, NO_NAME,
6350 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE);
6352 zfs_ioctl_register("space_snaps", ZFS_IOC_SPACE_SNAPS,
6353 zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME,
6354 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
6356 zfs_ioctl_register("send", ZFS_IOC_SEND_NEW,
6357 zfs_ioc_send_new, zfs_secpolicy_send_new, DATASET_NAME,
6358 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
6360 zfs_ioctl_register("send_space", ZFS_IOC_SEND_SPACE,
6361 zfs_ioc_send_space, zfs_secpolicy_read, DATASET_NAME,
6362 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
6364 zfs_ioctl_register("create", ZFS_IOC_CREATE,
6365 zfs_ioc_create, zfs_secpolicy_create_clone, DATASET_NAME,
6366 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
6368 zfs_ioctl_register("clone", ZFS_IOC_CLONE,
6369 zfs_ioc_clone, zfs_secpolicy_create_clone, DATASET_NAME,
6370 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
6372 zfs_ioctl_register("remap", ZFS_IOC_REMAP,
6373 zfs_ioc_remap, zfs_secpolicy_remap, DATASET_NAME,
6374 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE);
6376 zfs_ioctl_register("destroy_snaps", ZFS_IOC_DESTROY_SNAPS,
6377 zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, POOL_NAME,
6378 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
6380 zfs_ioctl_register("hold", ZFS_IOC_HOLD,
6381 zfs_ioc_hold, zfs_secpolicy_hold, POOL_NAME,
6382 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
6383 zfs_ioctl_register("release", ZFS_IOC_RELEASE,
6384 zfs_ioc_release, zfs_secpolicy_release, POOL_NAME,
6385 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
6387 zfs_ioctl_register("get_holds", ZFS_IOC_GET_HOLDS,
6388 zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME,
6389 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
6391 zfs_ioctl_register("rollback", ZFS_IOC_ROLLBACK,
6392 zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME,
6393 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE);
6395 zfs_ioctl_register("bookmark", ZFS_IOC_BOOKMARK,
6396 zfs_ioc_bookmark, zfs_secpolicy_bookmark, POOL_NAME,
6397 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
6399 zfs_ioctl_register("get_bookmarks", ZFS_IOC_GET_BOOKMARKS,
6400 zfs_ioc_get_bookmarks, zfs_secpolicy_read, DATASET_NAME,
6401 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
6403 zfs_ioctl_register("destroy_bookmarks", ZFS_IOC_DESTROY_BOOKMARKS,
6404 zfs_ioc_destroy_bookmarks, zfs_secpolicy_destroy_bookmarks,
6406 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
6408 zfs_ioctl_register("receive", ZFS_IOC_RECV_NEW,
6409 zfs_ioc_recv_new, zfs_secpolicy_recv_new, DATASET_NAME,
6410 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
6411 zfs_ioctl_register("load-key", ZFS_IOC_LOAD_KEY,
6412 zfs_ioc_load_key, zfs_secpolicy_load_key,
6413 DATASET_NAME, POOL_CHECK_SUSPENDED, B_TRUE, B_TRUE);
6414 zfs_ioctl_register("unload-key", ZFS_IOC_UNLOAD_KEY,
6415 zfs_ioc_unload_key, zfs_secpolicy_load_key,
6416 DATASET_NAME, POOL_CHECK_SUSPENDED, B_TRUE, B_TRUE);
6417 zfs_ioctl_register("change-key", ZFS_IOC_CHANGE_KEY,
6418 zfs_ioc_change_key, zfs_secpolicy_change_key,
6419 DATASET_NAME, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY,
6422 zfs_ioctl_register("sync", ZFS_IOC_POOL_SYNC,
6423 zfs_ioc_pool_sync, zfs_secpolicy_none, POOL_NAME,
6424 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE);
6425 zfs_ioctl_register("reopen", ZFS_IOC_POOL_REOPEN, zfs_ioc_pool_reopen,
6426 zfs_secpolicy_config, POOL_NAME, POOL_CHECK_SUSPENDED, B_TRUE,
6429 zfs_ioctl_register("channel_program", ZFS_IOC_CHANNEL_PROGRAM,
6430 zfs_ioc_channel_program, zfs_secpolicy_config,
6431 POOL_NAME, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE,
6434 /* IOCTLS that use the legacy function signature */
6436 zfs_ioctl_register_legacy(ZFS_IOC_POOL_FREEZE, zfs_ioc_pool_freeze,
6437 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_READONLY);
6439 zfs_ioctl_register_pool(ZFS_IOC_POOL_CREATE, zfs_ioc_pool_create,
6440 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
6441 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SCAN,
6443 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_UPGRADE,
6444 zfs_ioc_pool_upgrade);
6445 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ADD,
6447 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_REMOVE,
6448 zfs_ioc_vdev_remove);
6449 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SET_STATE,
6450 zfs_ioc_vdev_set_state);
6451 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ATTACH,
6452 zfs_ioc_vdev_attach);
6453 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_DETACH,
6454 zfs_ioc_vdev_detach);
6455 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETPATH,
6456 zfs_ioc_vdev_setpath);
6457 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETFRU,
6458 zfs_ioc_vdev_setfru);
6459 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SET_PROPS,
6460 zfs_ioc_pool_set_props);
6461 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SPLIT,
6462 zfs_ioc_vdev_split);
6463 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_REGUID,
6464 zfs_ioc_pool_reguid);
6466 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_CONFIGS,
6467 zfs_ioc_pool_configs, zfs_secpolicy_none);
6468 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_TRYIMPORT,
6469 zfs_ioc_pool_tryimport, zfs_secpolicy_config);
6470 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_FAULT,
6471 zfs_ioc_inject_fault, zfs_secpolicy_inject);
6472 zfs_ioctl_register_pool_meta(ZFS_IOC_CLEAR_FAULT,
6473 zfs_ioc_clear_fault, zfs_secpolicy_inject);
6474 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_LIST_NEXT,
6475 zfs_ioc_inject_list_next, zfs_secpolicy_inject);
6478 * pool destroy, and export don't log the history as part of
6479 * zfsdev_ioctl, but rather zfs_ioc_pool_export
6480 * does the logging of those commands.
6482 zfs_ioctl_register_pool(ZFS_IOC_POOL_DESTROY, zfs_ioc_pool_destroy,
6483 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
6484 zfs_ioctl_register_pool(ZFS_IOC_POOL_EXPORT, zfs_ioc_pool_export,
6485 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
6487 zfs_ioctl_register_pool(ZFS_IOC_POOL_STATS, zfs_ioc_pool_stats,
6488 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
6489 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_PROPS, zfs_ioc_pool_get_props,
6490 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
6492 zfs_ioctl_register_pool(ZFS_IOC_ERROR_LOG, zfs_ioc_error_log,
6493 zfs_secpolicy_inject, B_FALSE, POOL_CHECK_SUSPENDED);
6494 zfs_ioctl_register_pool(ZFS_IOC_DSOBJ_TO_DSNAME,
6495 zfs_ioc_dsobj_to_dsname,
6496 zfs_secpolicy_diff, B_FALSE, POOL_CHECK_SUSPENDED);
6497 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_HISTORY,
6498 zfs_ioc_pool_get_history,
6499 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
6501 zfs_ioctl_register_pool(ZFS_IOC_POOL_IMPORT, zfs_ioc_pool_import,
6502 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
6504 zfs_ioctl_register_pool(ZFS_IOC_CLEAR, zfs_ioc_clear,
6505 zfs_secpolicy_config, B_TRUE, POOL_CHECK_READONLY);
6507 zfs_ioctl_register_dataset_read(ZFS_IOC_SPACE_WRITTEN,
6508 zfs_ioc_space_written);
6509 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_RECVD_PROPS,
6510 zfs_ioc_objset_recvd_props);
6511 zfs_ioctl_register_dataset_read(ZFS_IOC_NEXT_OBJ,
6513 zfs_ioctl_register_dataset_read(ZFS_IOC_GET_FSACL,
6515 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_STATS,
6516 zfs_ioc_objset_stats);
6517 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_ZPLPROPS,
6518 zfs_ioc_objset_zplprops);
6519 zfs_ioctl_register_dataset_read(ZFS_IOC_DATASET_LIST_NEXT,
6520 zfs_ioc_dataset_list_next);
6521 zfs_ioctl_register_dataset_read(ZFS_IOC_SNAPSHOT_LIST_NEXT,
6522 zfs_ioc_snapshot_list_next);
6523 zfs_ioctl_register_dataset_read(ZFS_IOC_SEND_PROGRESS,
6524 zfs_ioc_send_progress);
6526 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_DIFF,
6527 zfs_ioc_diff, zfs_secpolicy_diff);
6528 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_STATS,
6529 zfs_ioc_obj_to_stats, zfs_secpolicy_diff);
6530 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_PATH,
6531 zfs_ioc_obj_to_path, zfs_secpolicy_diff);
6532 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_ONE,
6533 zfs_ioc_userspace_one, zfs_secpolicy_userspace_one);
6534 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_MANY,
6535 zfs_ioc_userspace_many, zfs_secpolicy_userspace_many);
6536 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_SEND,
6537 zfs_ioc_send, zfs_secpolicy_send);
6539 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_PROP, zfs_ioc_set_prop,
6540 zfs_secpolicy_none);
6541 zfs_ioctl_register_dataset_modify(ZFS_IOC_DESTROY, zfs_ioc_destroy,
6542 zfs_secpolicy_destroy);
6543 zfs_ioctl_register_dataset_modify(ZFS_IOC_RENAME, zfs_ioc_rename,
6544 zfs_secpolicy_rename);
6545 zfs_ioctl_register_dataset_modify(ZFS_IOC_RECV, zfs_ioc_recv,
6546 zfs_secpolicy_recv);
6547 zfs_ioctl_register_dataset_modify(ZFS_IOC_PROMOTE, zfs_ioc_promote,
6548 zfs_secpolicy_promote);
6549 zfs_ioctl_register_dataset_modify(ZFS_IOC_INHERIT_PROP,
6550 zfs_ioc_inherit_prop, zfs_secpolicy_inherit_prop);
6551 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_FSACL, zfs_ioc_set_fsacl,
6552 zfs_secpolicy_set_fsacl);
6554 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SHARE, zfs_ioc_share,
6555 zfs_secpolicy_share, POOL_CHECK_NONE);
6556 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SMB_ACL, zfs_ioc_smb_acl,
6557 zfs_secpolicy_smb_acl, POOL_CHECK_NONE);
6558 zfs_ioctl_register_dataset_nolog(ZFS_IOC_USERSPACE_UPGRADE,
6559 zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade,
6560 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
6561 zfs_ioctl_register_dataset_nolog(ZFS_IOC_TMP_SNAPSHOT,
6562 zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot,
6563 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
6568 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_NEXT, zfs_ioc_events_next,
6569 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
6570 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_CLEAR, zfs_ioc_events_clear,
6571 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
6572 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_SEEK, zfs_ioc_events_seek,
6573 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
6577 pool_status_check(const char *name, zfs_ioc_namecheck_t type,
6578 zfs_ioc_poolcheck_t check)
6583 ASSERT(type == POOL_NAME || type == DATASET_NAME);
6585 if (check & POOL_CHECK_NONE)
6588 error = spa_open(name, &spa, FTAG);
6590 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa))
6591 error = SET_ERROR(EAGAIN);
6592 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa))
6593 error = SET_ERROR(EROFS);
6594 spa_close(spa, FTAG);
6600 zfsdev_get_state_impl(minor_t minor, enum zfsdev_state_type which)
6604 for (zs = zfsdev_state_list; zs != NULL; zs = zs->zs_next) {
6605 if (zs->zs_minor == minor) {
6609 return (zs->zs_onexit);
6611 return (zs->zs_zevent);
6622 zfsdev_get_state(minor_t minor, enum zfsdev_state_type which)
6626 ptr = zfsdev_get_state_impl(minor, which);
6632 zfsdev_getminor(struct file *filp, minor_t *minorp)
6634 zfsdev_state_t *zs, *fpd;
6636 ASSERT(filp != NULL);
6637 ASSERT(!MUTEX_HELD(&zfsdev_state_lock));
6639 fpd = filp->private_data;
6641 return (SET_ERROR(EBADF));
6643 mutex_enter(&zfsdev_state_lock);
6645 for (zs = zfsdev_state_list; zs != NULL; zs = zs->zs_next) {
6647 if (zs->zs_minor == -1)
6651 *minorp = fpd->zs_minor;
6652 mutex_exit(&zfsdev_state_lock);
6657 mutex_exit(&zfsdev_state_lock);
6659 return (SET_ERROR(EBADF));
6663 * Find a free minor number. The zfsdev_state_list is expected to
6664 * be short since it is only a list of currently open file handles.
6667 zfsdev_minor_alloc(void)
6669 static minor_t last_minor = 0;
6672 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
6674 for (m = last_minor + 1; m != last_minor; m++) {
6675 if (m > ZFSDEV_MAX_MINOR)
6677 if (zfsdev_get_state_impl(m, ZST_ALL) == NULL) {
6687 zfsdev_state_init(struct file *filp)
6689 zfsdev_state_t *zs, *zsprev = NULL;
6691 boolean_t newzs = B_FALSE;
6693 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
6695 minor = zfsdev_minor_alloc();
6697 return (SET_ERROR(ENXIO));
6699 for (zs = zfsdev_state_list; zs != NULL; zs = zs->zs_next) {
6700 if (zs->zs_minor == -1)
6706 zs = kmem_zalloc(sizeof (zfsdev_state_t), KM_SLEEP);
6711 filp->private_data = zs;
6713 zfs_onexit_init((zfs_onexit_t **)&zs->zs_onexit);
6714 zfs_zevent_init((zfs_zevent_t **)&zs->zs_zevent);
6718 * In order to provide for lock-free concurrent read access
6719 * to the minor list in zfsdev_get_state_impl(), new entries
6720 * must be completely written before linking them into the
6721 * list whereas existing entries are already linked; the last
6722 * operation must be updating zs_minor (from -1 to the new
6726 zs->zs_minor = minor;
6728 zsprev->zs_next = zs;
6731 zs->zs_minor = minor;
6738 zfsdev_state_destroy(struct file *filp)
6742 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
6743 ASSERT(filp->private_data != NULL);
6745 zs = filp->private_data;
6747 zfs_onexit_destroy(zs->zs_onexit);
6748 zfs_zevent_destroy(zs->zs_zevent);
6754 zfsdev_open(struct inode *ino, struct file *filp)
6758 mutex_enter(&zfsdev_state_lock);
6759 error = zfsdev_state_init(filp);
6760 mutex_exit(&zfsdev_state_lock);
6766 zfsdev_release(struct inode *ino, struct file *filp)
6770 mutex_enter(&zfsdev_state_lock);
6771 error = zfsdev_state_destroy(filp);
6772 mutex_exit(&zfsdev_state_lock);
6778 zfsdev_ioctl(struct file *filp, unsigned cmd, unsigned long arg)
6782 int error, rc, flag = 0;
6783 const zfs_ioc_vec_t *vec;
6784 char *saved_poolname = NULL;
6785 nvlist_t *innvl = NULL;
6786 fstrans_cookie_t cookie;
6788 vecnum = cmd - ZFS_IOC_FIRST;
6789 if (vecnum >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0]))
6790 return (-SET_ERROR(EINVAL));
6791 vec = &zfs_ioc_vec[vecnum];
6794 * The registered ioctl list may be sparse, verify that either
6795 * a normal or legacy handler are registered.
6797 if (vec->zvec_func == NULL && vec->zvec_legacy_func == NULL)
6798 return (-SET_ERROR(EINVAL));
6800 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
6802 error = ddi_copyin((void *)arg, zc, sizeof (zfs_cmd_t), flag);
6804 error = SET_ERROR(EFAULT);
6808 zc->zc_iflags = flag & FKIOCTL;
6809 if (zc->zc_nvlist_src_size > MAX_NVLIST_SRC_SIZE) {
6811 * Make sure the user doesn't pass in an insane value for
6812 * zc_nvlist_src_size. We have to check, since we will end
6813 * up allocating that much memory inside of get_nvlist(). This
6814 * prevents a nefarious user from allocating tons of kernel
6817 * Also, we return EINVAL instead of ENOMEM here. The reason
6818 * being that returning ENOMEM from an ioctl() has a special
6819 * connotation; that the user's size value is too small and
6820 * needs to be expanded to hold the nvlist. See
6821 * zcmd_expand_dst_nvlist() for details.
6823 error = SET_ERROR(EINVAL); /* User's size too big */
6825 } else if (zc->zc_nvlist_src_size != 0) {
6826 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
6827 zc->zc_iflags, &innvl);
6833 * Ensure that all pool/dataset names are valid before we pass down to
6836 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
6837 switch (vec->zvec_namecheck) {
6839 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0)
6840 error = SET_ERROR(EINVAL);
6842 error = pool_status_check(zc->zc_name,
6843 vec->zvec_namecheck, vec->zvec_pool_check);
6847 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0)
6848 error = SET_ERROR(EINVAL);
6850 error = pool_status_check(zc->zc_name,
6851 vec->zvec_namecheck, vec->zvec_pool_check);
6860 cookie = spl_fstrans_mark();
6861 error = vec->zvec_secpolicy(zc, innvl, CRED());
6862 spl_fstrans_unmark(cookie);
6868 /* legacy ioctls can modify zc_name */
6869 saved_poolname = strdup(zc->zc_name);
6870 if (saved_poolname == NULL) {
6871 error = SET_ERROR(ENOMEM);
6874 saved_poolname[strcspn(saved_poolname, "/@#")] = '\0';
6877 if (vec->zvec_func != NULL) {
6881 nvlist_t *lognv = NULL;
6883 ASSERT(vec->zvec_legacy_func == NULL);
6886 * Add the innvl to the lognv before calling the func,
6887 * in case the func changes the innvl.
6889 if (vec->zvec_allow_log) {
6890 lognv = fnvlist_alloc();
6891 fnvlist_add_string(lognv, ZPOOL_HIST_IOCTL,
6893 if (!nvlist_empty(innvl)) {
6894 fnvlist_add_nvlist(lognv, ZPOOL_HIST_INPUT_NVL,
6899 outnvl = fnvlist_alloc();
6900 cookie = spl_fstrans_mark();
6901 error = vec->zvec_func(zc->zc_name, innvl, outnvl);
6902 spl_fstrans_unmark(cookie);
6905 * Some commands can partially execute, modify state, and still
6906 * return an error. In these cases, attempt to record what
6910 (cmd == ZFS_IOC_CHANNEL_PROGRAM && error != EINVAL)) &&
6911 vec->zvec_allow_log &&
6912 spa_open(zc->zc_name, &spa, FTAG) == 0) {
6913 if (!nvlist_empty(outnvl)) {
6914 fnvlist_add_nvlist(lognv, ZPOOL_HIST_OUTPUT_NVL,
6918 fnvlist_add_int64(lognv, ZPOOL_HIST_ERRNO,
6921 (void) spa_history_log_nvl(spa, lognv);
6922 spa_close(spa, FTAG);
6924 fnvlist_free(lognv);
6926 if (!nvlist_empty(outnvl) || zc->zc_nvlist_dst_size != 0) {
6928 if (vec->zvec_smush_outnvlist) {
6929 smusherror = nvlist_smush(outnvl,
6930 zc->zc_nvlist_dst_size);
6932 if (smusherror == 0)
6933 puterror = put_nvlist(zc, outnvl);
6939 nvlist_free(outnvl);
6941 cookie = spl_fstrans_mark();
6942 error = vec->zvec_legacy_func(zc);
6943 spl_fstrans_unmark(cookie);
6948 rc = ddi_copyout(zc, (void *)arg, sizeof (zfs_cmd_t), flag);
6949 if (error == 0 && rc != 0)
6950 error = SET_ERROR(EFAULT);
6951 if (error == 0 && vec->zvec_allow_log) {
6952 char *s = tsd_get(zfs_allow_log_key);
6955 (void) tsd_set(zfs_allow_log_key, saved_poolname);
6957 if (saved_poolname != NULL)
6958 strfree(saved_poolname);
6961 kmem_free(zc, sizeof (zfs_cmd_t));
6965 #ifdef CONFIG_COMPAT
6967 zfsdev_compat_ioctl(struct file *filp, unsigned cmd, unsigned long arg)
6969 return (zfsdev_ioctl(filp, cmd, arg));
6972 #define zfsdev_compat_ioctl NULL
6975 static const struct file_operations zfsdev_fops = {
6976 .open = zfsdev_open,
6977 .release = zfsdev_release,
6978 .unlocked_ioctl = zfsdev_ioctl,
6979 .compat_ioctl = zfsdev_compat_ioctl,
6980 .owner = THIS_MODULE,
6983 static struct miscdevice zfs_misc = {
6986 .fops = &zfsdev_fops,
6989 MODULE_ALIAS_MISCDEV(ZFS_MINOR);
6990 MODULE_ALIAS("devname:zfs");
6997 mutex_init(&zfsdev_state_lock, NULL, MUTEX_DEFAULT, NULL);
6998 zfsdev_state_list = kmem_zalloc(sizeof (zfsdev_state_t), KM_SLEEP);
6999 zfsdev_state_list->zs_minor = -1;
7001 error = misc_register(&zfs_misc);
7002 if (error == -EBUSY) {
7004 * Fallback to dynamic minor allocation in the event of a
7005 * collision with a reserved minor in linux/miscdevice.h.
7006 * In this case the kernel modules must be manually loaded.
7008 printk(KERN_INFO "ZFS: misc_register() with static minor %d "
7009 "failed %d, retrying with MISC_DYNAMIC_MINOR\n",
7012 zfs_misc.minor = MISC_DYNAMIC_MINOR;
7013 error = misc_register(&zfs_misc);
7017 printk(KERN_INFO "ZFS: misc_register() failed %d\n", error);
7025 zfsdev_state_t *zs, *zsprev = NULL;
7027 misc_deregister(&zfs_misc);
7028 mutex_destroy(&zfsdev_state_lock);
7030 for (zs = zfsdev_state_list; zs != NULL; zs = zs->zs_next) {
7032 kmem_free(zsprev, sizeof (zfsdev_state_t));
7036 kmem_free(zsprev, sizeof (zfsdev_state_t));
7040 zfs_allow_log_destroy(void *arg)
7042 char *poolname = arg;
7044 if (poolname != NULL)
7049 #define ZFS_DEBUG_STR " (DEBUG mode)"
7051 #define ZFS_DEBUG_STR ""
7059 error = -vn_set_pwd("/");
7062 "ZFS: Warning unable to set pwd to '/': %d\n", error);
7066 if ((error = -zvol_init()) != 0)
7069 spa_init(FREAD | FWRITE);
7074 if ((error = zfs_attach()) != 0)
7077 tsd_create(&zfs_fsyncer_key, NULL);
7078 tsd_create(&rrw_tsd_key, rrw_tsd_destroy);
7079 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy);
7081 printk(KERN_NOTICE "ZFS: Loaded module v%s-%s%s, "
7082 "ZFS pool version %s, ZFS filesystem version %s\n",
7083 ZFS_META_VERSION, ZFS_META_RELEASE, ZFS_DEBUG_STR,
7084 SPA_VERSION_STRING, ZPL_VERSION_STRING);
7085 #ifndef CONFIG_FS_POSIX_ACL
7086 printk(KERN_NOTICE "ZFS: Posix ACLs disabled by kernel\n");
7087 #endif /* CONFIG_FS_POSIX_ACL */
7095 printk(KERN_NOTICE "ZFS: Failed to Load ZFS Filesystem v%s-%s%s"
7096 ", rc = %d\n", ZFS_META_VERSION, ZFS_META_RELEASE,
7097 ZFS_DEBUG_STR, error);
7110 tsd_destroy(&zfs_fsyncer_key);
7111 tsd_destroy(&rrw_tsd_key);
7112 tsd_destroy(&zfs_allow_log_key);
7114 printk(KERN_NOTICE "ZFS: Unloaded module v%s-%s%s\n",
7115 ZFS_META_VERSION, ZFS_META_RELEASE, ZFS_DEBUG_STR);
7122 MODULE_DESCRIPTION("ZFS");
7123 MODULE_AUTHOR(ZFS_META_AUTHOR);
7124 MODULE_LICENSE(ZFS_META_LICENSE);
7125 MODULE_VERSION(ZFS_META_VERSION "-" ZFS_META_RELEASE);
7126 #endif /* HAVE_SPL */