4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
23 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Portions Copyright 2011 Martin Matuska
25 * Copyright 2015, OmniTI Computer Consulting, Inc. All rights reserved.
26 * Portions Copyright 2012 Pawel Jakub Dawidek <pawel@dawidek.net>
27 * Copyright (c) 2014, 2016 Joyent, Inc. All rights reserved.
28 * Copyright 2016 Nexenta Systems, Inc. All rights reserved.
29 * Copyright (c) 2014, Joyent, Inc. All rights reserved.
30 * Copyright (c) 2011, 2020 by Delphix. All rights reserved.
31 * Copyright (c) 2013 by Saso Kiselkov. All rights reserved.
32 * Copyright (c) 2013 Steven Hartland. All rights reserved.
33 * Copyright (c) 2014 Integros [integros.com]
34 * Copyright 2016 Toomas Soome <tsoome@me.com>
35 * Copyright (c) 2016 Actifio, Inc. All rights reserved.
36 * Copyright (c) 2018, loli10K <ezomori.nozomu@gmail.com>. All rights reserved.
37 * Copyright 2017 RackTop Systems.
38 * Copyright (c) 2017 Open-E, Inc. All Rights Reserved.
39 * Copyright (c) 2019 Datto Inc.
40 * Copyright (c) 2019, 2020 by Christian Schwarz. All rights reserved.
41 * Copyright (c) 2019, Klara Inc.
42 * Copyright (c) 2019, Allan Jude
48 * This file handles the ioctls to /dev/zfs, used for configuring ZFS storage
49 * pools and filesystems, e.g. with /sbin/zfs and /sbin/zpool.
51 * There are two ways that we handle ioctls: the legacy way where almost
52 * all of the logic is in the ioctl callback, and the new way where most
53 * of the marshalling is handled in the common entry point, zfsdev_ioctl().
55 * Non-legacy ioctls should be registered by calling
56 * zfs_ioctl_register() from zfs_ioctl_init(). The ioctl is invoked
57 * from userland by lzc_ioctl().
59 * The registration arguments are as follows:
62 * The name of the ioctl. This is used for history logging. If the
63 * ioctl returns successfully (the callback returns 0), and allow_log
64 * is true, then a history log entry will be recorded with the input &
65 * output nvlists. The log entry can be printed with "zpool history -i".
68 * The ioctl request number, which userland will pass to ioctl(2).
69 * We want newer versions of libzfs and libzfs_core to run against
70 * existing zfs kernel modules (i.e. a deferred reboot after an update).
71 * Therefore the ioctl numbers cannot change from release to release.
73 * zfs_secpolicy_func_t *secpolicy
74 * This function will be called before the zfs_ioc_func_t, to
75 * determine if this operation is permitted. It should return EPERM
76 * on failure, and 0 on success. Checks include determining if the
77 * dataset is visible in this zone, and if the user has either all
78 * zfs privileges in the zone (SYS_MOUNT), or has been granted permission
79 * to do this operation on this dataset with "zfs allow".
81 * zfs_ioc_namecheck_t namecheck
82 * This specifies what to expect in the zfs_cmd_t:zc_name -- a pool
83 * name, a dataset name, or nothing. If the name is not well-formed,
84 * the ioctl will fail and the callback will not be called.
85 * Therefore, the callback can assume that the name is well-formed
86 * (e.g. is null-terminated, doesn't have more than one '@' character,
87 * doesn't have invalid characters).
89 * zfs_ioc_poolcheck_t pool_check
90 * This specifies requirements on the pool state. If the pool does
91 * not meet them (is suspended or is readonly), the ioctl will fail
92 * and the callback will not be called. If any checks are specified
93 * (i.e. it is not POOL_CHECK_NONE), namecheck must not be NO_NAME.
94 * Multiple checks can be or-ed together (e.g. POOL_CHECK_SUSPENDED |
95 * POOL_CHECK_READONLY).
97 * zfs_ioc_key_t *nvl_keys
98 * The list of expected/allowable innvl input keys. This list is used
99 * to validate the nvlist input to the ioctl.
101 * boolean_t smush_outnvlist
102 * If smush_outnvlist is true, then the output is presumed to be a
103 * list of errors, and it will be "smushed" down to fit into the
104 * caller's buffer, by removing some entries and replacing them with a
105 * single "N_MORE_ERRORS" entry indicating how many were removed. See
106 * nvlist_smush() for details. If smush_outnvlist is false, and the
107 * outnvlist does not fit into the userland-provided buffer, then the
108 * ioctl will fail with ENOMEM.
110 * zfs_ioc_func_t *func
111 * The callback function that will perform the operation.
113 * The callback should return 0 on success, or an error number on
114 * failure. If the function fails, the userland ioctl will return -1,
115 * and errno will be set to the callback's return value. The callback
116 * will be called with the following arguments:
119 * The name of the pool or dataset to operate on, from
120 * zfs_cmd_t:zc_name. The 'namecheck' argument specifies the
121 * expected type (pool, dataset, or none).
124 * The input nvlist, deserialized from zfs_cmd_t:zc_nvlist_src. Or
125 * NULL if no input nvlist was provided. Changes to this nvlist are
126 * ignored. If the input nvlist could not be deserialized, the
127 * ioctl will fail and the callback will not be called.
130 * The output nvlist, initially empty. The callback can fill it in,
131 * and it will be returned to userland by serializing it into
132 * zfs_cmd_t:zc_nvlist_dst. If it is non-empty, and serialization
133 * fails (e.g. because the caller didn't supply a large enough
134 * buffer), then the overall ioctl will fail. See the
135 * 'smush_nvlist' argument above for additional behaviors.
137 * There are two typical uses of the output nvlist:
138 * - To return state, e.g. property values. In this case,
139 * smush_outnvlist should be false. If the buffer was not large
140 * enough, the caller will reallocate a larger buffer and try
143 * - To return multiple errors from an ioctl which makes on-disk
144 * changes. In this case, smush_outnvlist should be true.
145 * Ioctls which make on-disk modifications should generally not
146 * use the outnvl if they succeed, because the caller can not
147 * distinguish between the operation failing, and
148 * deserialization failing.
150 * IOCTL Interface Errors
152 * The following ioctl input errors can be returned:
153 * ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
154 * ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
155 * ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
156 * ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
159 #include <sys/types.h>
160 #include <sys/param.h>
161 #include <sys/errno.h>
163 #include <sys/file.h>
164 #include <sys/kmem.h>
165 #include <sys/cmn_err.h>
166 #include <sys/stat.h>
167 #include <sys/zfs_ioctl.h>
168 #include <sys/zfs_quota.h>
169 #include <sys/zfs_vfsops.h>
170 #include <sys/zfs_znode.h>
173 #include <sys/spa_impl.h>
174 #include <sys/vdev.h>
175 #include <sys/vdev_impl.h>
177 #include <sys/dsl_dir.h>
178 #include <sys/dsl_dataset.h>
179 #include <sys/dsl_prop.h>
180 #include <sys/dsl_deleg.h>
181 #include <sys/dmu_objset.h>
182 #include <sys/dmu_impl.h>
183 #include <sys/dmu_redact.h>
184 #include <sys/dmu_tx.h>
185 #include <sys/sunddi.h>
186 #include <sys/policy.h>
187 #include <sys/zone.h>
188 #include <sys/nvpair.h>
189 #include <sys/pathname.h>
190 #include <sys/fs/zfs.h>
191 #include <sys/zfs_ctldir.h>
192 #include <sys/zfs_dir.h>
193 #include <sys/zfs_onexit.h>
194 #include <sys/zvol.h>
195 #include <sys/dsl_scan.h>
196 #include <sys/fm/util.h>
197 #include <sys/dsl_crypt.h>
198 #include <sys/rrwlock.h>
199 #include <sys/zfs_file.h>
201 #include <sys/dmu_recv.h>
202 #include <sys/dmu_send.h>
203 #include <sys/dmu_recv.h>
204 #include <sys/dsl_destroy.h>
205 #include <sys/dsl_bookmark.h>
206 #include <sys/dsl_userhold.h>
207 #include <sys/zfeature.h>
209 #include <sys/zio_checksum.h>
210 #include <sys/vdev_removal.h>
211 #include <sys/vdev_impl.h>
212 #include <sys/vdev_initialize.h>
213 #include <sys/vdev_trim.h>
215 #include "zfs_namecheck.h"
216 #include "zfs_prop.h"
217 #include "zfs_deleg.h"
218 #include "zfs_comutil.h"
220 #include <sys/lua/lua.h>
221 #include <sys/lua/lauxlib.h>
222 #include <sys/zfs_ioctl_impl.h>
224 kmutex_t zfsdev_state_lock;
225 zfsdev_state_t *zfsdev_state_list;
228 * Limit maximum nvlist size. We don't want users passing in insane values
229 * for zc->zc_nvlist_src_size, since we will need to allocate that much memory.
230 * Defaults to 0=auto which is handled by platform code.
232 unsigned long zfs_max_nvlist_src_size = 0;
235 * When logging the output nvlist of an ioctl in the on-disk history, limit
236 * the logged size to this many bytes. This must be less then DMU_MAX_ACCESS.
237 * This applies primarily to zfs_ioc_channel_program().
239 unsigned long zfs_history_output_max = 1024 * 1024;
241 uint_t zfs_fsyncer_key;
242 uint_t zfs_allow_log_key;
244 /* DATA_TYPE_ANY is used when zkey_type can vary. */
245 #define DATA_TYPE_ANY DATA_TYPE_UNKNOWN
247 typedef struct zfs_ioc_vec {
248 zfs_ioc_legacy_func_t *zvec_legacy_func;
249 zfs_ioc_func_t *zvec_func;
250 zfs_secpolicy_func_t *zvec_secpolicy;
251 zfs_ioc_namecheck_t zvec_namecheck;
252 boolean_t zvec_allow_log;
253 zfs_ioc_poolcheck_t zvec_pool_check;
254 boolean_t zvec_smush_outnvlist;
255 const char *zvec_name;
256 const zfs_ioc_key_t *zvec_nvl_keys;
257 size_t zvec_nvl_key_count;
260 /* This array is indexed by zfs_userquota_prop_t */
261 static const char *userquota_perms[] = {
262 ZFS_DELEG_PERM_USERUSED,
263 ZFS_DELEG_PERM_USERQUOTA,
264 ZFS_DELEG_PERM_GROUPUSED,
265 ZFS_DELEG_PERM_GROUPQUOTA,
266 ZFS_DELEG_PERM_USEROBJUSED,
267 ZFS_DELEG_PERM_USEROBJQUOTA,
268 ZFS_DELEG_PERM_GROUPOBJUSED,
269 ZFS_DELEG_PERM_GROUPOBJQUOTA,
270 ZFS_DELEG_PERM_PROJECTUSED,
271 ZFS_DELEG_PERM_PROJECTQUOTA,
272 ZFS_DELEG_PERM_PROJECTOBJUSED,
273 ZFS_DELEG_PERM_PROJECTOBJQUOTA,
276 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc);
277 static int zfs_ioc_id_quota_upgrade(zfs_cmd_t *zc);
278 static int zfs_check_settable(const char *name, nvpair_t *property,
280 static int zfs_check_clearable(const char *dataset, nvlist_t *props,
282 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *,
284 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t *);
285 static int get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp);
288 history_str_free(char *buf)
290 kmem_free(buf, HIS_MAX_RECORD_LEN);
294 history_str_get(zfs_cmd_t *zc)
298 if (zc->zc_history == 0)
301 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP);
302 if (copyinstr((void *)(uintptr_t)zc->zc_history,
303 buf, HIS_MAX_RECORD_LEN, NULL) != 0) {
304 history_str_free(buf);
308 buf[HIS_MAX_RECORD_LEN -1] = '\0';
314 * Return non-zero if the spa version is less than requested version.
317 zfs_earlier_version(const char *name, int version)
321 if (spa_open(name, &spa, FTAG) == 0) {
322 if (spa_version(spa) < version) {
323 spa_close(spa, FTAG);
326 spa_close(spa, FTAG);
332 * Return TRUE if the ZPL version is less than requested version.
335 zpl_earlier_version(const char *name, int version)
338 boolean_t rc = B_TRUE;
340 if (dmu_objset_hold(name, FTAG, &os) == 0) {
343 if (dmu_objset_type(os) != DMU_OST_ZFS) {
344 dmu_objset_rele(os, FTAG);
347 /* XXX reading from non-owned objset */
348 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0)
349 rc = zplversion < version;
350 dmu_objset_rele(os, FTAG);
356 zfs_log_history(zfs_cmd_t *zc)
361 if ((buf = history_str_get(zc)) == NULL)
364 if (spa_open(zc->zc_name, &spa, FTAG) == 0) {
365 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY)
366 (void) spa_history_log(spa, buf);
367 spa_close(spa, FTAG);
369 history_str_free(buf);
373 * Policy for top-level read operations (list pools). Requires no privileges,
374 * and can be used in the local zone, as there is no associated dataset.
378 zfs_secpolicy_none(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
384 * Policy for dataset read operations (list children, get statistics). Requires
385 * no privileges, but must be visible in the local zone.
389 zfs_secpolicy_read(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
391 if (INGLOBALZONE(curproc) ||
392 zone_dataset_visible(zc->zc_name, NULL))
395 return (SET_ERROR(ENOENT));
399 zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr)
404 * The dataset must be visible by this zone -- check this first
405 * so they don't see EPERM on something they shouldn't know about.
407 if (!INGLOBALZONE(curproc) &&
408 !zone_dataset_visible(dataset, &writable))
409 return (SET_ERROR(ENOENT));
411 if (INGLOBALZONE(curproc)) {
413 * If the fs is zoned, only root can access it from the
416 if (secpolicy_zfs(cr) && zoned)
417 return (SET_ERROR(EPERM));
420 * If we are in a local zone, the 'zoned' property must be set.
423 return (SET_ERROR(EPERM));
425 /* must be writable by this zone */
427 return (SET_ERROR(EPERM));
433 zfs_dozonecheck(const char *dataset, cred_t *cr)
437 if (dsl_prop_get_integer(dataset, zfs_prop_to_name(ZFS_PROP_ZONED),
439 return (SET_ERROR(ENOENT));
441 return (zfs_dozonecheck_impl(dataset, zoned, cr));
445 zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr)
449 if (dsl_prop_get_int_ds(ds, zfs_prop_to_name(ZFS_PROP_ZONED), &zoned))
450 return (SET_ERROR(ENOENT));
452 return (zfs_dozonecheck_impl(dataset, zoned, cr));
456 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds,
457 const char *perm, cred_t *cr)
461 error = zfs_dozonecheck_ds(name, ds, cr);
463 error = secpolicy_zfs(cr);
465 error = dsl_deleg_access_impl(ds, perm, cr);
471 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
478 * First do a quick check for root in the global zone, which
479 * is allowed to do all write_perms. This ensures that zfs_ioc_*
480 * will get to handle nonexistent datasets.
482 if (INGLOBALZONE(curproc) && secpolicy_zfs(cr) == 0)
485 error = dsl_pool_hold(name, FTAG, &dp);
489 error = dsl_dataset_hold(dp, name, FTAG, &ds);
491 dsl_pool_rele(dp, FTAG);
495 error = zfs_secpolicy_write_perms_ds(name, ds, perm, cr);
497 dsl_dataset_rele(ds, FTAG);
498 dsl_pool_rele(dp, FTAG);
503 * Policy for setting the security label property.
505 * Returns 0 for success, non-zero for access and other errors.
508 zfs_set_slabel_policy(const char *name, const char *strval, cred_t *cr)
511 char ds_hexsl[MAXNAMELEN];
512 bslabel_t ds_sl, new_sl;
513 boolean_t new_default = FALSE;
515 int needed_priv = -1;
518 /* First get the existing dataset label. */
519 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL),
520 1, sizeof (ds_hexsl), &ds_hexsl, NULL);
522 return (SET_ERROR(EPERM));
524 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0)
527 /* The label must be translatable */
528 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0))
529 return (SET_ERROR(EINVAL));
532 * In a non-global zone, disallow attempts to set a label that
533 * doesn't match that of the zone; otherwise no other checks
536 if (!INGLOBALZONE(curproc)) {
537 if (new_default || !blequal(&new_sl, CR_SL(CRED())))
538 return (SET_ERROR(EPERM));
543 * For global-zone datasets (i.e., those whose zoned property is
544 * "off", verify that the specified new label is valid for the
547 if (dsl_prop_get_integer(name,
548 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL))
549 return (SET_ERROR(EPERM));
551 if (zfs_check_global_label(name, strval) != 0)
552 return (SET_ERROR(EPERM));
556 * If the existing dataset label is nondefault, check if the
557 * dataset is mounted (label cannot be changed while mounted).
558 * Get the zfsvfs_t; if there isn't one, then the dataset isn't
559 * mounted (or isn't a dataset, doesn't exist, ...).
561 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) {
563 static const char *setsl_tag = "setsl_tag";
566 * Try to own the dataset; abort if there is any error,
567 * (e.g., already mounted, in use, or other error).
569 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE, B_TRUE,
572 return (SET_ERROR(EPERM));
574 dmu_objset_disown(os, B_TRUE, setsl_tag);
577 needed_priv = PRIV_FILE_DOWNGRADE_SL;
581 if (hexstr_to_label(strval, &new_sl) != 0)
582 return (SET_ERROR(EPERM));
584 if (blstrictdom(&ds_sl, &new_sl))
585 needed_priv = PRIV_FILE_DOWNGRADE_SL;
586 else if (blstrictdom(&new_sl, &ds_sl))
587 needed_priv = PRIV_FILE_UPGRADE_SL;
589 /* dataset currently has a default label */
591 needed_priv = PRIV_FILE_UPGRADE_SL;
595 if (needed_priv != -1)
596 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL));
599 return (SET_ERROR(ENOTSUP));
600 #endif /* HAVE_MLSLABEL */
604 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval,
610 * Check permissions for special properties.
617 * Disallow setting of 'zoned' from within a local zone.
619 if (!INGLOBALZONE(curproc))
620 return (SET_ERROR(EPERM));
624 case ZFS_PROP_FILESYSTEM_LIMIT:
625 case ZFS_PROP_SNAPSHOT_LIMIT:
626 if (!INGLOBALZONE(curproc)) {
628 char setpoint[ZFS_MAX_DATASET_NAME_LEN];
630 * Unprivileged users are allowed to modify the
631 * limit on things *under* (ie. contained by)
632 * the thing they own.
634 if (dsl_prop_get_integer(dsname,
635 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, setpoint))
636 return (SET_ERROR(EPERM));
637 if (!zoned || strlen(dsname) <= strlen(setpoint))
638 return (SET_ERROR(EPERM));
642 case ZFS_PROP_MLSLABEL:
643 if (!is_system_labeled())
644 return (SET_ERROR(EPERM));
646 if (nvpair_value_string(propval, &strval) == 0) {
649 err = zfs_set_slabel_policy(dsname, strval, CRED());
656 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr));
661 zfs_secpolicy_set_fsacl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
665 error = zfs_dozonecheck(zc->zc_name, cr);
670 * permission to set permissions will be evaluated later in
671 * dsl_deleg_can_allow()
678 zfs_secpolicy_rollback(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
680 return (zfs_secpolicy_write_perms(zc->zc_name,
681 ZFS_DELEG_PERM_ROLLBACK, cr));
686 zfs_secpolicy_send(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
694 * Generate the current snapshot name from the given objsetid, then
695 * use that name for the secpolicy/zone checks.
697 cp = strchr(zc->zc_name, '@');
699 return (SET_ERROR(EINVAL));
700 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
704 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
706 dsl_pool_rele(dp, FTAG);
710 dsl_dataset_name(ds, zc->zc_name);
712 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds,
713 ZFS_DELEG_PERM_SEND, cr);
714 dsl_dataset_rele(ds, FTAG);
715 dsl_pool_rele(dp, FTAG);
722 zfs_secpolicy_send_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
724 return (zfs_secpolicy_write_perms(zc->zc_name,
725 ZFS_DELEG_PERM_SEND, cr));
729 zfs_secpolicy_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
731 return (SET_ERROR(ENOTSUP));
735 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
737 return (SET_ERROR(ENOTSUP));
741 zfs_get_parent(const char *datasetname, char *parent, int parentsize)
746 * Remove the @bla or /bla from the end of the name to get the parent.
748 (void) strncpy(parent, datasetname, parentsize);
749 cp = strrchr(parent, '@');
753 cp = strrchr(parent, '/');
755 return (SET_ERROR(ENOENT));
763 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr)
767 if ((error = zfs_secpolicy_write_perms(name,
768 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
771 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr));
776 zfs_secpolicy_destroy(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
778 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr));
782 * Destroying snapshots with delegated permissions requires
783 * descendant mount and destroy permissions.
787 zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
790 nvpair_t *pair, *nextpair;
793 snaps = fnvlist_lookup_nvlist(innvl, "snaps");
795 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
797 nextpair = nvlist_next_nvpair(snaps, pair);
798 error = zfs_secpolicy_destroy_perms(nvpair_name(pair), cr);
799 if (error == ENOENT) {
801 * Ignore any snapshots that don't exist (we consider
802 * them "already destroyed"). Remove the name from the
803 * nvl here in case the snapshot is created between
804 * now and when we try to destroy it (in which case
805 * we don't want to destroy it since we haven't
806 * checked for permission).
808 fnvlist_remove_nvpair(snaps, pair);
819 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr)
821 char parentname[ZFS_MAX_DATASET_NAME_LEN];
824 if ((error = zfs_secpolicy_write_perms(from,
825 ZFS_DELEG_PERM_RENAME, cr)) != 0)
828 if ((error = zfs_secpolicy_write_perms(from,
829 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
832 if ((error = zfs_get_parent(to, parentname,
833 sizeof (parentname))) != 0)
836 if ((error = zfs_secpolicy_write_perms(parentname,
837 ZFS_DELEG_PERM_CREATE, cr)) != 0)
840 if ((error = zfs_secpolicy_write_perms(parentname,
841 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
849 zfs_secpolicy_rename(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
851 return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr));
856 zfs_secpolicy_promote(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
859 dsl_dataset_t *clone;
862 error = zfs_secpolicy_write_perms(zc->zc_name,
863 ZFS_DELEG_PERM_PROMOTE, cr);
867 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
871 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &clone);
874 char parentname[ZFS_MAX_DATASET_NAME_LEN];
875 dsl_dataset_t *origin = NULL;
879 error = dsl_dataset_hold_obj(dd->dd_pool,
880 dsl_dir_phys(dd)->dd_origin_obj, FTAG, &origin);
882 dsl_dataset_rele(clone, FTAG);
883 dsl_pool_rele(dp, FTAG);
887 error = zfs_secpolicy_write_perms_ds(zc->zc_name, clone,
888 ZFS_DELEG_PERM_MOUNT, cr);
890 dsl_dataset_name(origin, parentname);
892 error = zfs_secpolicy_write_perms_ds(parentname, origin,
893 ZFS_DELEG_PERM_PROMOTE, cr);
895 dsl_dataset_rele(clone, FTAG);
896 dsl_dataset_rele(origin, FTAG);
898 dsl_pool_rele(dp, FTAG);
904 zfs_secpolicy_recv(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
908 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
909 ZFS_DELEG_PERM_RECEIVE, cr)) != 0)
912 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
913 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
916 return (zfs_secpolicy_write_perms(zc->zc_name,
917 ZFS_DELEG_PERM_CREATE, cr));
922 zfs_secpolicy_recv_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
924 return (zfs_secpolicy_recv(zc, innvl, cr));
928 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr)
930 return (zfs_secpolicy_write_perms(name,
931 ZFS_DELEG_PERM_SNAPSHOT, cr));
935 * Check for permission to create each snapshot in the nvlist.
939 zfs_secpolicy_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
945 snaps = fnvlist_lookup_nvlist(innvl, "snaps");
947 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
948 pair = nvlist_next_nvpair(snaps, pair)) {
949 char *name = nvpair_name(pair);
950 char *atp = strchr(name, '@');
953 error = SET_ERROR(EINVAL);
957 error = zfs_secpolicy_snapshot_perms(name, cr);
966 * Check for permission to create each bookmark in the nvlist.
970 zfs_secpolicy_bookmark(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
974 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL);
975 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
976 char *name = nvpair_name(pair);
977 char *hashp = strchr(name, '#');
980 error = SET_ERROR(EINVAL);
984 error = zfs_secpolicy_write_perms(name,
985 ZFS_DELEG_PERM_BOOKMARK, cr);
995 zfs_secpolicy_destroy_bookmarks(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
997 nvpair_t *pair, *nextpair;
1000 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL;
1002 char *name = nvpair_name(pair);
1003 char *hashp = strchr(name, '#');
1004 nextpair = nvlist_next_nvpair(innvl, pair);
1006 if (hashp == NULL) {
1007 error = SET_ERROR(EINVAL);
1012 error = zfs_secpolicy_write_perms(name,
1013 ZFS_DELEG_PERM_DESTROY, cr);
1015 if (error == ENOENT) {
1017 * Ignore any filesystems that don't exist (we consider
1018 * their bookmarks "already destroyed"). Remove
1019 * the name from the nvl here in case the filesystem
1020 * is created between now and when we try to destroy
1021 * the bookmark (in which case we don't want to
1022 * destroy it since we haven't checked for permission).
1024 fnvlist_remove_nvpair(innvl, pair);
1036 zfs_secpolicy_log_history(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1039 * Even root must have a proper TSD so that we know what pool
1042 if (tsd_get(zfs_allow_log_key) == NULL)
1043 return (SET_ERROR(EPERM));
1048 zfs_secpolicy_create_clone(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1050 char parentname[ZFS_MAX_DATASET_NAME_LEN];
1054 if ((error = zfs_get_parent(zc->zc_name, parentname,
1055 sizeof (parentname))) != 0)
1058 if (nvlist_lookup_string(innvl, "origin", &origin) == 0 &&
1059 (error = zfs_secpolicy_write_perms(origin,
1060 ZFS_DELEG_PERM_CLONE, cr)) != 0)
1063 if ((error = zfs_secpolicy_write_perms(parentname,
1064 ZFS_DELEG_PERM_CREATE, cr)) != 0)
1067 return (zfs_secpolicy_write_perms(parentname,
1068 ZFS_DELEG_PERM_MOUNT, cr));
1072 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires
1073 * SYS_CONFIG privilege, which is not available in a local zone.
1077 zfs_secpolicy_config(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1079 if (secpolicy_sys_config(cr, B_FALSE) != 0)
1080 return (SET_ERROR(EPERM));
1086 * Policy for object to name lookups.
1090 zfs_secpolicy_diff(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1094 if ((error = secpolicy_sys_config(cr, B_FALSE)) == 0)
1097 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr);
1102 * Policy for fault injection. Requires all privileges.
1106 zfs_secpolicy_inject(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1108 return (secpolicy_zinject(cr));
1113 zfs_secpolicy_inherit_prop(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1115 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value);
1117 if (prop == ZPROP_INVAL) {
1118 if (!zfs_prop_user(zc->zc_value))
1119 return (SET_ERROR(EINVAL));
1120 return (zfs_secpolicy_write_perms(zc->zc_name,
1121 ZFS_DELEG_PERM_USERPROP, cr));
1123 return (zfs_secpolicy_setprop(zc->zc_name, prop,
1129 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1131 int err = zfs_secpolicy_read(zc, innvl, cr);
1135 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1136 return (SET_ERROR(EINVAL));
1138 if (zc->zc_value[0] == 0) {
1140 * They are asking about a posix uid/gid. If it's
1141 * themself, allow it.
1143 if (zc->zc_objset_type == ZFS_PROP_USERUSED ||
1144 zc->zc_objset_type == ZFS_PROP_USERQUOTA ||
1145 zc->zc_objset_type == ZFS_PROP_USEROBJUSED ||
1146 zc->zc_objset_type == ZFS_PROP_USEROBJQUOTA) {
1147 if (zc->zc_guid == crgetuid(cr))
1149 } else if (zc->zc_objset_type == ZFS_PROP_GROUPUSED ||
1150 zc->zc_objset_type == ZFS_PROP_GROUPQUOTA ||
1151 zc->zc_objset_type == ZFS_PROP_GROUPOBJUSED ||
1152 zc->zc_objset_type == ZFS_PROP_GROUPOBJQUOTA) {
1153 if (groupmember(zc->zc_guid, cr))
1156 /* else is for project quota/used */
1159 return (zfs_secpolicy_write_perms(zc->zc_name,
1160 userquota_perms[zc->zc_objset_type], cr));
1164 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1166 int err = zfs_secpolicy_read(zc, innvl, cr);
1170 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1171 return (SET_ERROR(EINVAL));
1173 return (zfs_secpolicy_write_perms(zc->zc_name,
1174 userquota_perms[zc->zc_objset_type], cr));
1179 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1181 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION,
1187 zfs_secpolicy_hold(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1193 holds = fnvlist_lookup_nvlist(innvl, "holds");
1195 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL;
1196 pair = nvlist_next_nvpair(holds, pair)) {
1197 char fsname[ZFS_MAX_DATASET_NAME_LEN];
1198 error = dmu_fsname(nvpair_name(pair), fsname);
1201 error = zfs_secpolicy_write_perms(fsname,
1202 ZFS_DELEG_PERM_HOLD, cr);
1211 zfs_secpolicy_release(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1216 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL;
1217 pair = nvlist_next_nvpair(innvl, pair)) {
1218 char fsname[ZFS_MAX_DATASET_NAME_LEN];
1219 error = dmu_fsname(nvpair_name(pair), fsname);
1222 error = zfs_secpolicy_write_perms(fsname,
1223 ZFS_DELEG_PERM_RELEASE, cr);
1231 * Policy for allowing temporary snapshots to be taken or released
1234 zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1237 * A temporary snapshot is the same as a snapshot,
1238 * hold, destroy and release all rolled into one.
1239 * Delegated diff alone is sufficient that we allow this.
1243 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
1244 ZFS_DELEG_PERM_DIFF, cr)) == 0)
1247 error = zfs_secpolicy_snapshot_perms(zc->zc_name, cr);
1249 if (innvl != NULL) {
1251 error = zfs_secpolicy_hold(zc, innvl, cr);
1253 error = zfs_secpolicy_release(zc, innvl, cr);
1255 error = zfs_secpolicy_destroy(zc, innvl, cr);
1261 zfs_secpolicy_load_key(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1263 return (zfs_secpolicy_write_perms(zc->zc_name,
1264 ZFS_DELEG_PERM_LOAD_KEY, cr));
1268 zfs_secpolicy_change_key(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1270 return (zfs_secpolicy_write_perms(zc->zc_name,
1271 ZFS_DELEG_PERM_CHANGE_KEY, cr));
1275 * Returns the nvlist as specified by the user in the zfs_cmd_t.
1278 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp)
1282 nvlist_t *list = NULL;
1285 * Read in and unpack the user-supplied nvlist.
1288 return (SET_ERROR(EINVAL));
1290 packed = vmem_alloc(size, KM_SLEEP);
1292 if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size,
1294 vmem_free(packed, size);
1295 return (SET_ERROR(EFAULT));
1298 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) {
1299 vmem_free(packed, size);
1303 vmem_free(packed, size);
1310 * Reduce the size of this nvlist until it can be serialized in 'max' bytes.
1311 * Entries will be removed from the end of the nvlist, and one int32 entry
1312 * named "N_MORE_ERRORS" will be added indicating how many entries were
1316 nvlist_smush(nvlist_t *errors, size_t max)
1320 size = fnvlist_size(errors);
1323 nvpair_t *more_errors;
1327 return (SET_ERROR(ENOMEM));
1329 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, 0);
1330 more_errors = nvlist_prev_nvpair(errors, NULL);
1333 nvpair_t *pair = nvlist_prev_nvpair(errors,
1335 fnvlist_remove_nvpair(errors, pair);
1337 size = fnvlist_size(errors);
1338 } while (size > max);
1340 fnvlist_remove_nvpair(errors, more_errors);
1341 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, n);
1342 ASSERT3U(fnvlist_size(errors), <=, max);
1349 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl)
1351 char *packed = NULL;
1355 size = fnvlist_size(nvl);
1357 if (size > zc->zc_nvlist_dst_size) {
1358 error = SET_ERROR(ENOMEM);
1360 packed = fnvlist_pack(nvl, &size);
1361 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst,
1362 size, zc->zc_iflags) != 0)
1363 error = SET_ERROR(EFAULT);
1364 fnvlist_pack_free(packed, size);
1367 zc->zc_nvlist_dst_size = size;
1368 zc->zc_nvlist_dst_filled = B_TRUE;
1373 getzfsvfs_impl(objset_t *os, zfsvfs_t **zfvp)
1376 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1377 return (SET_ERROR(EINVAL));
1380 mutex_enter(&os->os_user_ptr_lock);
1381 *zfvp = dmu_objset_get_user(os);
1382 /* bump s_active only when non-zero to prevent umount race */
1383 error = zfs_vfs_ref(zfvp);
1384 mutex_exit(&os->os_user_ptr_lock);
1389 getzfsvfs(const char *dsname, zfsvfs_t **zfvp)
1394 error = dmu_objset_hold(dsname, FTAG, &os);
1398 error = getzfsvfs_impl(os, zfvp);
1399 dmu_objset_rele(os, FTAG);
1404 * Find a zfsvfs_t for a mounted filesystem, or create our own, in which
1405 * case its z_sb will be NULL, and it will be opened as the owner.
1406 * If 'writer' is set, the z_teardown_lock will be held for RW_WRITER,
1407 * which prevents all inode ops from running.
1410 zfsvfs_hold(const char *name, void *tag, zfsvfs_t **zfvp, boolean_t writer)
1414 if (getzfsvfs(name, zfvp) != 0)
1415 error = zfsvfs_create(name, B_FALSE, zfvp);
1417 rrm_enter(&(*zfvp)->z_teardown_lock, (writer) ? RW_WRITER :
1419 if ((*zfvp)->z_unmounted) {
1421 * XXX we could probably try again, since the unmounting
1422 * thread should be just about to disassociate the
1423 * objset from the zfsvfs.
1425 rrm_exit(&(*zfvp)->z_teardown_lock, tag);
1426 return (SET_ERROR(EBUSY));
1433 zfsvfs_rele(zfsvfs_t *zfsvfs, void *tag)
1435 rrm_exit(&zfsvfs->z_teardown_lock, tag);
1437 if (zfs_vfs_held(zfsvfs)) {
1438 zfs_vfs_rele(zfsvfs);
1440 dmu_objset_disown(zfsvfs->z_os, B_TRUE, zfsvfs);
1441 zfsvfs_free(zfsvfs);
1446 zfs_ioc_pool_create(zfs_cmd_t *zc)
1449 nvlist_t *config, *props = NULL;
1450 nvlist_t *rootprops = NULL;
1451 nvlist_t *zplprops = NULL;
1452 dsl_crypto_params_t *dcp = NULL;
1453 const char *spa_name = zc->zc_name;
1454 boolean_t unload_wkey = B_TRUE;
1456 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1457 zc->zc_iflags, &config)))
1460 if (zc->zc_nvlist_src_size != 0 && (error =
1461 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1462 zc->zc_iflags, &props))) {
1463 nvlist_free(config);
1468 nvlist_t *nvl = NULL;
1469 nvlist_t *hidden_args = NULL;
1470 uint64_t version = SPA_VERSION;
1473 (void) nvlist_lookup_uint64(props,
1474 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version);
1475 if (!SPA_VERSION_IS_SUPPORTED(version)) {
1476 error = SET_ERROR(EINVAL);
1477 goto pool_props_bad;
1479 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl);
1481 error = nvlist_dup(nvl, &rootprops, KM_SLEEP);
1483 goto pool_props_bad;
1484 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS);
1487 (void) nvlist_lookup_nvlist(props, ZPOOL_HIDDEN_ARGS,
1489 error = dsl_crypto_params_create_nvlist(DCP_CMD_NONE,
1490 rootprops, hidden_args, &dcp);
1492 goto pool_props_bad;
1493 (void) nvlist_remove_all(props, ZPOOL_HIDDEN_ARGS);
1495 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1496 error = zfs_fill_zplprops_root(version, rootprops,
1499 goto pool_props_bad;
1501 if (nvlist_lookup_string(props,
1502 zpool_prop_to_name(ZPOOL_PROP_TNAME), &tname) == 0)
1506 error = spa_create(zc->zc_name, config, props, zplprops, dcp);
1509 * Set the remaining root properties
1511 if (!error && (error = zfs_set_prop_nvlist(spa_name,
1512 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0) {
1513 (void) spa_destroy(spa_name);
1514 unload_wkey = B_FALSE; /* spa_destroy() unloads wrapping keys */
1518 nvlist_free(rootprops);
1519 nvlist_free(zplprops);
1520 nvlist_free(config);
1522 dsl_crypto_params_free(dcp, unload_wkey && !!error);
1528 zfs_ioc_pool_destroy(zfs_cmd_t *zc)
1531 zfs_log_history(zc);
1532 error = spa_destroy(zc->zc_name);
1538 zfs_ioc_pool_import(zfs_cmd_t *zc)
1540 nvlist_t *config, *props = NULL;
1544 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1545 zc->zc_iflags, &config)) != 0)
1548 if (zc->zc_nvlist_src_size != 0 && (error =
1549 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1550 zc->zc_iflags, &props))) {
1551 nvlist_free(config);
1555 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 ||
1556 guid != zc->zc_guid)
1557 error = SET_ERROR(EINVAL);
1559 error = spa_import(zc->zc_name, config, props, zc->zc_cookie);
1561 if (zc->zc_nvlist_dst != 0) {
1564 if ((err = put_nvlist(zc, config)) != 0)
1568 nvlist_free(config);
1575 zfs_ioc_pool_export(zfs_cmd_t *zc)
1578 boolean_t force = (boolean_t)zc->zc_cookie;
1579 boolean_t hardforce = (boolean_t)zc->zc_guid;
1581 zfs_log_history(zc);
1582 error = spa_export(zc->zc_name, NULL, force, hardforce);
1588 zfs_ioc_pool_configs(zfs_cmd_t *zc)
1593 if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL)
1594 return (SET_ERROR(EEXIST));
1596 error = put_nvlist(zc, configs);
1598 nvlist_free(configs);
1605 * zc_name name of the pool
1608 * zc_cookie real errno
1609 * zc_nvlist_dst config nvlist
1610 * zc_nvlist_dst_size size of config nvlist
1613 zfs_ioc_pool_stats(zfs_cmd_t *zc)
1619 error = spa_get_stats(zc->zc_name, &config, zc->zc_value,
1620 sizeof (zc->zc_value));
1622 if (config != NULL) {
1623 ret = put_nvlist(zc, config);
1624 nvlist_free(config);
1627 * The config may be present even if 'error' is non-zero.
1628 * In this case we return success, and preserve the real errno
1631 zc->zc_cookie = error;
1640 * Try to import the given pool, returning pool stats as appropriate so that
1641 * user land knows which devices are available and overall pool health.
1644 zfs_ioc_pool_tryimport(zfs_cmd_t *zc)
1646 nvlist_t *tryconfig, *config = NULL;
1649 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1650 zc->zc_iflags, &tryconfig)) != 0)
1653 config = spa_tryimport(tryconfig);
1655 nvlist_free(tryconfig);
1658 return (SET_ERROR(EINVAL));
1660 error = put_nvlist(zc, config);
1661 nvlist_free(config);
1668 * zc_name name of the pool
1669 * zc_cookie scan func (pool_scan_func_t)
1670 * zc_flags scrub pause/resume flag (pool_scrub_cmd_t)
1673 zfs_ioc_pool_scan(zfs_cmd_t *zc)
1678 if (zc->zc_flags >= POOL_SCRUB_FLAGS_END)
1679 return (SET_ERROR(EINVAL));
1681 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1684 if (zc->zc_flags == POOL_SCRUB_PAUSE)
1685 error = spa_scrub_pause_resume(spa, POOL_SCRUB_PAUSE);
1686 else if (zc->zc_cookie == POOL_SCAN_NONE)
1687 error = spa_scan_stop(spa);
1689 error = spa_scan(spa, zc->zc_cookie);
1691 spa_close(spa, FTAG);
1697 zfs_ioc_pool_freeze(zfs_cmd_t *zc)
1702 error = spa_open(zc->zc_name, &spa, FTAG);
1705 spa_close(spa, FTAG);
1711 zfs_ioc_pool_upgrade(zfs_cmd_t *zc)
1716 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1719 if (zc->zc_cookie < spa_version(spa) ||
1720 !SPA_VERSION_IS_SUPPORTED(zc->zc_cookie)) {
1721 spa_close(spa, FTAG);
1722 return (SET_ERROR(EINVAL));
1725 spa_upgrade(spa, zc->zc_cookie);
1726 spa_close(spa, FTAG);
1732 zfs_ioc_pool_get_history(zfs_cmd_t *zc)
1739 if ((size = zc->zc_history_len) == 0)
1740 return (SET_ERROR(EINVAL));
1742 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1745 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
1746 spa_close(spa, FTAG);
1747 return (SET_ERROR(ENOTSUP));
1750 hist_buf = vmem_alloc(size, KM_SLEEP);
1751 if ((error = spa_history_get(spa, &zc->zc_history_offset,
1752 &zc->zc_history_len, hist_buf)) == 0) {
1753 error = ddi_copyout(hist_buf,
1754 (void *)(uintptr_t)zc->zc_history,
1755 zc->zc_history_len, zc->zc_iflags);
1758 spa_close(spa, FTAG);
1759 vmem_free(hist_buf, size);
1764 zfs_ioc_pool_reguid(zfs_cmd_t *zc)
1769 error = spa_open(zc->zc_name, &spa, FTAG);
1771 error = spa_change_guid(spa);
1772 spa_close(spa, FTAG);
1778 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc)
1780 return (dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value));
1785 * zc_name name of filesystem
1786 * zc_obj object to find
1789 * zc_value name of object
1792 zfs_ioc_obj_to_path(zfs_cmd_t *zc)
1797 /* XXX reading from objset not owned */
1798 if ((error = dmu_objset_hold_flags(zc->zc_name, B_TRUE,
1801 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1802 dmu_objset_rele_flags(os, B_TRUE, FTAG);
1803 return (SET_ERROR(EINVAL));
1805 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value,
1806 sizeof (zc->zc_value));
1807 dmu_objset_rele_flags(os, B_TRUE, FTAG);
1814 * zc_name name of filesystem
1815 * zc_obj object to find
1818 * zc_stat stats on object
1819 * zc_value path to object
1822 zfs_ioc_obj_to_stats(zfs_cmd_t *zc)
1827 /* XXX reading from objset not owned */
1828 if ((error = dmu_objset_hold_flags(zc->zc_name, B_TRUE,
1831 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1832 dmu_objset_rele_flags(os, B_TRUE, FTAG);
1833 return (SET_ERROR(EINVAL));
1835 error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value,
1836 sizeof (zc->zc_value));
1837 dmu_objset_rele_flags(os, B_TRUE, FTAG);
1843 zfs_ioc_vdev_add(zfs_cmd_t *zc)
1849 error = spa_open(zc->zc_name, &spa, FTAG);
1853 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1854 zc->zc_iflags, &config);
1856 error = spa_vdev_add(spa, config);
1857 nvlist_free(config);
1859 spa_close(spa, FTAG);
1865 * zc_name name of the pool
1866 * zc_guid guid of vdev to remove
1867 * zc_cookie cancel removal
1870 zfs_ioc_vdev_remove(zfs_cmd_t *zc)
1875 error = spa_open(zc->zc_name, &spa, FTAG);
1878 if (zc->zc_cookie != 0) {
1879 error = spa_vdev_remove_cancel(spa);
1881 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE);
1883 spa_close(spa, FTAG);
1888 zfs_ioc_vdev_set_state(zfs_cmd_t *zc)
1892 vdev_state_t newstate = VDEV_STATE_UNKNOWN;
1894 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1896 switch (zc->zc_cookie) {
1897 case VDEV_STATE_ONLINE:
1898 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate);
1901 case VDEV_STATE_OFFLINE:
1902 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj);
1905 case VDEV_STATE_FAULTED:
1906 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1907 zc->zc_obj != VDEV_AUX_EXTERNAL &&
1908 zc->zc_obj != VDEV_AUX_EXTERNAL_PERSIST)
1909 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1911 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj);
1914 case VDEV_STATE_DEGRADED:
1915 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1916 zc->zc_obj != VDEV_AUX_EXTERNAL)
1917 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1919 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj);
1923 error = SET_ERROR(EINVAL);
1925 zc->zc_cookie = newstate;
1926 spa_close(spa, FTAG);
1931 zfs_ioc_vdev_attach(zfs_cmd_t *zc)
1935 int replacing = zc->zc_cookie;
1936 int rebuild = zc->zc_simple;
1939 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1942 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1943 zc->zc_iflags, &config)) == 0) {
1944 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing,
1946 nvlist_free(config);
1949 spa_close(spa, FTAG);
1954 zfs_ioc_vdev_detach(zfs_cmd_t *zc)
1959 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1962 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE);
1964 spa_close(spa, FTAG);
1969 zfs_ioc_vdev_split(zfs_cmd_t *zc)
1972 nvlist_t *config, *props = NULL;
1974 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT);
1976 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1979 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1980 zc->zc_iflags, &config))) {
1981 spa_close(spa, FTAG);
1985 if (zc->zc_nvlist_src_size != 0 && (error =
1986 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1987 zc->zc_iflags, &props))) {
1988 spa_close(spa, FTAG);
1989 nvlist_free(config);
1993 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp);
1995 spa_close(spa, FTAG);
1997 nvlist_free(config);
2004 zfs_ioc_vdev_setpath(zfs_cmd_t *zc)
2007 const char *path = zc->zc_value;
2008 uint64_t guid = zc->zc_guid;
2011 error = spa_open(zc->zc_name, &spa, FTAG);
2015 error = spa_vdev_setpath(spa, guid, path);
2016 spa_close(spa, FTAG);
2021 zfs_ioc_vdev_setfru(zfs_cmd_t *zc)
2024 const char *fru = zc->zc_value;
2025 uint64_t guid = zc->zc_guid;
2028 error = spa_open(zc->zc_name, &spa, FTAG);
2032 error = spa_vdev_setfru(spa, guid, fru);
2033 spa_close(spa, FTAG);
2038 zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os)
2043 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
2045 if (zc->zc_nvlist_dst != 0 &&
2046 (error = dsl_prop_get_all(os, &nv)) == 0) {
2047 dmu_objset_stats(os, nv);
2049 * NB: zvol_get_stats() will read the objset contents,
2050 * which we aren't supposed to do with a
2051 * DS_MODE_USER hold, because it could be
2052 * inconsistent. So this is a bit of a workaround...
2053 * XXX reading without owning
2055 if (!zc->zc_objset_stats.dds_inconsistent &&
2056 dmu_objset_type(os) == DMU_OST_ZVOL) {
2057 error = zvol_get_stats(os, nv);
2065 error = put_nvlist(zc, nv);
2074 * zc_name name of filesystem
2075 * zc_nvlist_dst_size size of buffer for property nvlist
2078 * zc_objset_stats stats
2079 * zc_nvlist_dst property nvlist
2080 * zc_nvlist_dst_size size of property nvlist
2083 zfs_ioc_objset_stats(zfs_cmd_t *zc)
2088 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2090 error = zfs_ioc_objset_stats_impl(zc, os);
2091 dmu_objset_rele(os, FTAG);
2099 * zc_name name of filesystem
2100 * zc_nvlist_dst_size size of buffer for property nvlist
2103 * zc_nvlist_dst received property nvlist
2104 * zc_nvlist_dst_size size of received property nvlist
2106 * Gets received properties (distinct from local properties on or after
2107 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from
2108 * local property values.
2111 zfs_ioc_objset_recvd_props(zfs_cmd_t *zc)
2117 * Without this check, we would return local property values if the
2118 * caller has not already received properties on or after
2119 * SPA_VERSION_RECVD_PROPS.
2121 if (!dsl_prop_get_hasrecvd(zc->zc_name))
2122 return (SET_ERROR(ENOTSUP));
2124 if (zc->zc_nvlist_dst != 0 &&
2125 (error = dsl_prop_get_received(zc->zc_name, &nv)) == 0) {
2126 error = put_nvlist(zc, nv);
2134 nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop)
2140 * zfs_get_zplprop() will either find a value or give us
2141 * the default value (if there is one).
2143 if ((error = zfs_get_zplprop(os, prop, &value)) != 0)
2145 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0);
2151 * zc_name name of filesystem
2152 * zc_nvlist_dst_size size of buffer for zpl property nvlist
2155 * zc_nvlist_dst zpl property nvlist
2156 * zc_nvlist_dst_size size of zpl property nvlist
2159 zfs_ioc_objset_zplprops(zfs_cmd_t *zc)
2164 /* XXX reading without owning */
2165 if ((err = dmu_objset_hold(zc->zc_name, FTAG, &os)))
2168 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
2171 * NB: nvl_add_zplprop() will read the objset contents,
2172 * which we aren't supposed to do with a DS_MODE_USER
2173 * hold, because it could be inconsistent.
2175 if (zc->zc_nvlist_dst != 0 &&
2176 !zc->zc_objset_stats.dds_inconsistent &&
2177 dmu_objset_type(os) == DMU_OST_ZFS) {
2180 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2181 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 &&
2182 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 &&
2183 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 &&
2184 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0)
2185 err = put_nvlist(zc, nv);
2188 err = SET_ERROR(ENOENT);
2190 dmu_objset_rele(os, FTAG);
2196 * zc_name name of filesystem
2197 * zc_cookie zap cursor
2198 * zc_nvlist_dst_size size of buffer for property nvlist
2201 * zc_name name of next filesystem
2202 * zc_cookie zap cursor
2203 * zc_objset_stats stats
2204 * zc_nvlist_dst property nvlist
2205 * zc_nvlist_dst_size size of property nvlist
2208 zfs_ioc_dataset_list_next(zfs_cmd_t *zc)
2213 size_t orig_len = strlen(zc->zc_name);
2216 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os))) {
2217 if (error == ENOENT)
2218 error = SET_ERROR(ESRCH);
2222 p = strrchr(zc->zc_name, '/');
2223 if (p == NULL || p[1] != '\0')
2224 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name));
2225 p = zc->zc_name + strlen(zc->zc_name);
2228 error = dmu_dir_list_next(os,
2229 sizeof (zc->zc_name) - (p - zc->zc_name), p,
2230 NULL, &zc->zc_cookie);
2231 if (error == ENOENT)
2232 error = SET_ERROR(ESRCH);
2233 } while (error == 0 && zfs_dataset_name_hidden(zc->zc_name));
2234 dmu_objset_rele(os, FTAG);
2237 * If it's an internal dataset (ie. with a '$' in its name),
2238 * don't try to get stats for it, otherwise we'll return ENOENT.
2240 if (error == 0 && strchr(zc->zc_name, '$') == NULL) {
2241 error = zfs_ioc_objset_stats(zc); /* fill in the stats */
2242 if (error == ENOENT) {
2243 /* We lost a race with destroy, get the next one. */
2244 zc->zc_name[orig_len] = '\0';
2253 * zc_name name of filesystem
2254 * zc_cookie zap cursor
2255 * zc_nvlist_src iteration range nvlist
2256 * zc_nvlist_src_size size of iteration range nvlist
2259 * zc_name name of next snapshot
2260 * zc_objset_stats stats
2261 * zc_nvlist_dst property nvlist
2262 * zc_nvlist_dst_size size of property nvlist
2265 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc)
2268 objset_t *os, *ossnap;
2270 uint64_t min_txg = 0, max_txg = 0;
2272 if (zc->zc_nvlist_src_size != 0) {
2273 nvlist_t *props = NULL;
2274 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2275 zc->zc_iflags, &props);
2278 (void) nvlist_lookup_uint64(props, SNAP_ITER_MIN_TXG,
2280 (void) nvlist_lookup_uint64(props, SNAP_ITER_MAX_TXG,
2285 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2287 return (error == ENOENT ? SET_ERROR(ESRCH) : error);
2291 * A dataset name of maximum length cannot have any snapshots,
2292 * so exit immediately.
2294 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >=
2295 ZFS_MAX_DATASET_NAME_LEN) {
2296 dmu_objset_rele(os, FTAG);
2297 return (SET_ERROR(ESRCH));
2300 while (error == 0) {
2301 if (issig(JUSTLOOKING) && issig(FORREAL)) {
2302 error = SET_ERROR(EINTR);
2306 error = dmu_snapshot_list_next(os,
2307 sizeof (zc->zc_name) - strlen(zc->zc_name),
2308 zc->zc_name + strlen(zc->zc_name), &zc->zc_obj,
2309 &zc->zc_cookie, NULL);
2310 if (error == ENOENT) {
2311 error = SET_ERROR(ESRCH);
2313 } else if (error != 0) {
2317 error = dsl_dataset_hold_obj(dmu_objset_pool(os), zc->zc_obj,
2322 if ((min_txg != 0 && dsl_get_creationtxg(ds) < min_txg) ||
2323 (max_txg != 0 && dsl_get_creationtxg(ds) > max_txg)) {
2324 dsl_dataset_rele(ds, FTAG);
2325 /* undo snapshot name append */
2326 *(strchr(zc->zc_name, '@') + 1) = '\0';
2331 if (zc->zc_simple) {
2332 dsl_dataset_rele(ds, FTAG);
2336 if ((error = dmu_objset_from_ds(ds, &ossnap)) != 0) {
2337 dsl_dataset_rele(ds, FTAG);
2340 if ((error = zfs_ioc_objset_stats_impl(zc, ossnap)) != 0) {
2341 dsl_dataset_rele(ds, FTAG);
2344 dsl_dataset_rele(ds, FTAG);
2348 dmu_objset_rele(os, FTAG);
2349 /* if we failed, undo the @ that we tacked on to zc_name */
2351 *strchr(zc->zc_name, '@') = '\0';
2356 zfs_prop_set_userquota(const char *dsname, nvpair_t *pair)
2358 const char *propname = nvpair_name(pair);
2360 unsigned int vallen;
2361 const char *dash, *domain;
2362 zfs_userquota_prop_t type;
2368 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2370 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2371 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2373 return (SET_ERROR(EINVAL));
2377 * A correctly constructed propname is encoded as
2378 * userquota@<rid>-<domain>.
2380 if ((dash = strchr(propname, '-')) == NULL ||
2381 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 ||
2383 return (SET_ERROR(EINVAL));
2390 err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE);
2392 err = zfs_set_userquota(zfsvfs, type, domain, rid, quota);
2393 zfsvfs_rele(zfsvfs, FTAG);
2400 * If the named property is one that has a special function to set its value,
2401 * return 0 on success and a positive error code on failure; otherwise if it is
2402 * not one of the special properties handled by this function, return -1.
2404 * XXX: It would be better for callers of the property interface if we handled
2405 * these special cases in dsl_prop.c (in the dsl layer).
2408 zfs_prop_set_special(const char *dsname, zprop_source_t source,
2411 const char *propname = nvpair_name(pair);
2412 zfs_prop_t prop = zfs_name_to_prop(propname);
2413 uint64_t intval = 0;
2414 const char *strval = NULL;
2417 if (prop == ZPROP_INVAL) {
2418 if (zfs_prop_userquota(propname))
2419 return (zfs_prop_set_userquota(dsname, pair));
2423 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2425 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2426 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2430 /* all special properties are numeric except for keylocation */
2431 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING) {
2432 strval = fnvpair_value_string(pair);
2434 intval = fnvpair_value_uint64(pair);
2438 case ZFS_PROP_QUOTA:
2439 err = dsl_dir_set_quota(dsname, source, intval);
2441 case ZFS_PROP_REFQUOTA:
2442 err = dsl_dataset_set_refquota(dsname, source, intval);
2444 case ZFS_PROP_FILESYSTEM_LIMIT:
2445 case ZFS_PROP_SNAPSHOT_LIMIT:
2446 if (intval == UINT64_MAX) {
2447 /* clearing the limit, just do it */
2450 err = dsl_dir_activate_fs_ss_limit(dsname);
2453 * Set err to -1 to force the zfs_set_prop_nvlist code down the
2454 * default path to set the value in the nvlist.
2459 case ZFS_PROP_KEYLOCATION:
2460 err = dsl_crypto_can_set_keylocation(dsname, strval);
2463 * Set err to -1 to force the zfs_set_prop_nvlist code down the
2464 * default path to set the value in the nvlist.
2469 case ZFS_PROP_RESERVATION:
2470 err = dsl_dir_set_reservation(dsname, source, intval);
2472 case ZFS_PROP_REFRESERVATION:
2473 err = dsl_dataset_set_refreservation(dsname, source, intval);
2475 case ZFS_PROP_COMPRESSION:
2476 err = dsl_dataset_set_compression(dsname, source, intval);
2478 * Set err to -1 to force the zfs_set_prop_nvlist code down the
2479 * default path to set the value in the nvlist.
2484 case ZFS_PROP_VOLSIZE:
2485 err = zvol_set_volsize(dsname, intval);
2487 case ZFS_PROP_SNAPDEV:
2488 err = zvol_set_snapdev(dsname, source, intval);
2490 case ZFS_PROP_VOLMODE:
2491 err = zvol_set_volmode(dsname, source, intval);
2493 case ZFS_PROP_VERSION:
2497 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0)
2500 err = zfs_set_version(zfsvfs, intval);
2501 zfsvfs_rele(zfsvfs, FTAG);
2503 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) {
2506 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
2507 (void) strlcpy(zc->zc_name, dsname,
2508 sizeof (zc->zc_name));
2509 (void) zfs_ioc_userspace_upgrade(zc);
2510 (void) zfs_ioc_id_quota_upgrade(zc);
2511 kmem_free(zc, sizeof (zfs_cmd_t));
2523 * This function is best effort. If it fails to set any of the given properties,
2524 * it continues to set as many as it can and returns the last error
2525 * encountered. If the caller provides a non-NULL errlist, it will be filled in
2526 * with the list of names of all the properties that failed along with the
2527 * corresponding error numbers.
2529 * If every property is set successfully, zero is returned and errlist is not
2533 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl,
2542 nvlist_t *genericnvl = fnvlist_alloc();
2543 nvlist_t *retrynvl = fnvlist_alloc();
2546 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2547 const char *propname = nvpair_name(pair);
2548 zfs_prop_t prop = zfs_name_to_prop(propname);
2551 /* decode the property value */
2553 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2555 attrs = fnvpair_value_nvlist(pair);
2556 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2558 err = SET_ERROR(EINVAL);
2561 /* Validate value type */
2562 if (err == 0 && source == ZPROP_SRC_INHERITED) {
2563 /* inherited properties are expected to be booleans */
2564 if (nvpair_type(propval) != DATA_TYPE_BOOLEAN)
2565 err = SET_ERROR(EINVAL);
2566 } else if (err == 0 && prop == ZPROP_INVAL) {
2567 if (zfs_prop_user(propname)) {
2568 if (nvpair_type(propval) != DATA_TYPE_STRING)
2569 err = SET_ERROR(EINVAL);
2570 } else if (zfs_prop_userquota(propname)) {
2571 if (nvpair_type(propval) !=
2572 DATA_TYPE_UINT64_ARRAY)
2573 err = SET_ERROR(EINVAL);
2575 err = SET_ERROR(EINVAL);
2577 } else if (err == 0) {
2578 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2579 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING)
2580 err = SET_ERROR(EINVAL);
2581 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) {
2584 intval = fnvpair_value_uint64(propval);
2586 switch (zfs_prop_get_type(prop)) {
2587 case PROP_TYPE_NUMBER:
2589 case PROP_TYPE_STRING:
2590 err = SET_ERROR(EINVAL);
2592 case PROP_TYPE_INDEX:
2593 if (zfs_prop_index_to_string(prop,
2594 intval, &unused) != 0)
2596 SET_ERROR(ZFS_ERR_BADPROP);
2600 "unknown property type");
2603 err = SET_ERROR(EINVAL);
2607 /* Validate permissions */
2609 err = zfs_check_settable(dsname, pair, CRED());
2612 if (source == ZPROP_SRC_INHERITED)
2613 err = -1; /* does not need special handling */
2615 err = zfs_prop_set_special(dsname, source,
2619 * For better performance we build up a list of
2620 * properties to set in a single transaction.
2622 err = nvlist_add_nvpair(genericnvl, pair);
2623 } else if (err != 0 && nvl != retrynvl) {
2625 * This may be a spurious error caused by
2626 * receiving quota and reservation out of order.
2627 * Try again in a second pass.
2629 err = nvlist_add_nvpair(retrynvl, pair);
2634 if (errlist != NULL)
2635 fnvlist_add_int32(errlist, propname, err);
2640 if (nvl != retrynvl && !nvlist_empty(retrynvl)) {
2645 if (!nvlist_empty(genericnvl) &&
2646 dsl_props_set(dsname, source, genericnvl) != 0) {
2648 * If this fails, we still want to set as many properties as we
2649 * can, so try setting them individually.
2652 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) {
2653 const char *propname = nvpair_name(pair);
2657 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2659 attrs = fnvpair_value_nvlist(pair);
2660 propval = fnvlist_lookup_nvpair(attrs,
2664 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2665 strval = fnvpair_value_string(propval);
2666 err = dsl_prop_set_string(dsname, propname,
2668 } else if (nvpair_type(propval) == DATA_TYPE_BOOLEAN) {
2669 err = dsl_prop_inherit(dsname, propname,
2672 intval = fnvpair_value_uint64(propval);
2673 err = dsl_prop_set_int(dsname, propname, source,
2678 if (errlist != NULL) {
2679 fnvlist_add_int32(errlist, propname,
2686 nvlist_free(genericnvl);
2687 nvlist_free(retrynvl);
2693 * Check that all the properties are valid user properties.
2696 zfs_check_userprops(nvlist_t *nvl)
2698 nvpair_t *pair = NULL;
2700 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2701 const char *propname = nvpair_name(pair);
2703 if (!zfs_prop_user(propname) ||
2704 nvpair_type(pair) != DATA_TYPE_STRING)
2705 return (SET_ERROR(EINVAL));
2707 if (strlen(propname) >= ZAP_MAXNAMELEN)
2708 return (SET_ERROR(ENAMETOOLONG));
2710 if (strlen(fnvpair_value_string(pair)) >= ZAP_MAXVALUELEN)
2711 return (SET_ERROR(E2BIG));
2717 props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops)
2721 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2724 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) {
2725 if (nvlist_exists(skipped, nvpair_name(pair)))
2728 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0);
2733 clear_received_props(const char *dsname, nvlist_t *props,
2737 nvlist_t *cleared_props = NULL;
2738 props_skip(props, skipped, &cleared_props);
2739 if (!nvlist_empty(cleared_props)) {
2741 * Acts on local properties until the dataset has received
2742 * properties at least once on or after SPA_VERSION_RECVD_PROPS.
2744 zprop_source_t flags = (ZPROP_SRC_NONE |
2745 (dsl_prop_get_hasrecvd(dsname) ? ZPROP_SRC_RECEIVED : 0));
2746 err = zfs_set_prop_nvlist(dsname, flags, cleared_props, NULL);
2748 nvlist_free(cleared_props);
2754 * zc_name name of filesystem
2755 * zc_value name of property to set
2756 * zc_nvlist_src{_size} nvlist of properties to apply
2757 * zc_cookie received properties flag
2760 * zc_nvlist_dst{_size} error for each unapplied received property
2763 zfs_ioc_set_prop(zfs_cmd_t *zc)
2766 boolean_t received = zc->zc_cookie;
2767 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED :
2772 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2773 zc->zc_iflags, &nvl)) != 0)
2777 nvlist_t *origprops;
2779 if (dsl_prop_get_received(zc->zc_name, &origprops) == 0) {
2780 (void) clear_received_props(zc->zc_name,
2782 nvlist_free(origprops);
2785 error = dsl_prop_set_hasrecvd(zc->zc_name);
2788 errors = fnvlist_alloc();
2790 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, errors);
2792 if (zc->zc_nvlist_dst != 0 && errors != NULL) {
2793 (void) put_nvlist(zc, errors);
2796 nvlist_free(errors);
2803 * zc_name name of filesystem
2804 * zc_value name of property to inherit
2805 * zc_cookie revert to received value if TRUE
2810 zfs_ioc_inherit_prop(zfs_cmd_t *zc)
2812 const char *propname = zc->zc_value;
2813 zfs_prop_t prop = zfs_name_to_prop(propname);
2814 boolean_t received = zc->zc_cookie;
2815 zprop_source_t source = (received
2816 ? ZPROP_SRC_NONE /* revert to received value, if any */
2817 : ZPROP_SRC_INHERITED); /* explicitly inherit */
2825 * Only check this in the non-received case. We want to allow
2826 * 'inherit -S' to revert non-inheritable properties like quota
2827 * and reservation to the received or default values even though
2828 * they are not considered inheritable.
2830 if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop))
2831 return (SET_ERROR(EINVAL));
2834 if (prop == ZPROP_INVAL) {
2835 if (!zfs_prop_user(propname))
2836 return (SET_ERROR(EINVAL));
2838 type = PROP_TYPE_STRING;
2839 } else if (prop == ZFS_PROP_VOLSIZE || prop == ZFS_PROP_VERSION) {
2840 return (SET_ERROR(EINVAL));
2842 type = zfs_prop_get_type(prop);
2846 * zfs_prop_set_special() expects properties in the form of an
2847 * nvpair with type info.
2849 dummy = fnvlist_alloc();
2852 case PROP_TYPE_STRING:
2853 VERIFY(0 == nvlist_add_string(dummy, propname, ""));
2855 case PROP_TYPE_NUMBER:
2856 case PROP_TYPE_INDEX:
2857 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0));
2860 err = SET_ERROR(EINVAL);
2864 pair = nvlist_next_nvpair(dummy, NULL);
2866 err = SET_ERROR(EINVAL);
2868 err = zfs_prop_set_special(zc->zc_name, source, pair);
2869 if (err == -1) /* property is not "special", needs handling */
2870 err = dsl_prop_inherit(zc->zc_name, zc->zc_value,
2880 zfs_ioc_pool_set_props(zfs_cmd_t *zc)
2887 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2888 zc->zc_iflags, &props)))
2892 * If the only property is the configfile, then just do a spa_lookup()
2893 * to handle the faulted case.
2895 pair = nvlist_next_nvpair(props, NULL);
2896 if (pair != NULL && strcmp(nvpair_name(pair),
2897 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 &&
2898 nvlist_next_nvpair(props, pair) == NULL) {
2899 mutex_enter(&spa_namespace_lock);
2900 if ((spa = spa_lookup(zc->zc_name)) != NULL) {
2901 spa_configfile_set(spa, props, B_FALSE);
2902 spa_write_cachefile(spa, B_FALSE, B_TRUE);
2904 mutex_exit(&spa_namespace_lock);
2911 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2916 error = spa_prop_set(spa, props);
2919 spa_close(spa, FTAG);
2925 zfs_ioc_pool_get_props(zfs_cmd_t *zc)
2929 nvlist_t *nvp = NULL;
2931 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2933 * If the pool is faulted, there may be properties we can still
2934 * get (such as altroot and cachefile), so attempt to get them
2937 mutex_enter(&spa_namespace_lock);
2938 if ((spa = spa_lookup(zc->zc_name)) != NULL)
2939 error = spa_prop_get(spa, &nvp);
2940 mutex_exit(&spa_namespace_lock);
2942 error = spa_prop_get(spa, &nvp);
2943 spa_close(spa, FTAG);
2946 if (error == 0 && zc->zc_nvlist_dst != 0)
2947 error = put_nvlist(zc, nvp);
2949 error = SET_ERROR(EFAULT);
2957 * zc_name name of filesystem
2958 * zc_nvlist_src{_size} nvlist of delegated permissions
2959 * zc_perm_action allow/unallow flag
2964 zfs_ioc_set_fsacl(zfs_cmd_t *zc)
2967 nvlist_t *fsaclnv = NULL;
2969 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2970 zc->zc_iflags, &fsaclnv)) != 0)
2974 * Verify nvlist is constructed correctly
2976 if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) {
2977 nvlist_free(fsaclnv);
2978 return (SET_ERROR(EINVAL));
2982 * If we don't have PRIV_SYS_MOUNT, then validate
2983 * that user is allowed to hand out each permission in
2987 error = secpolicy_zfs(CRED());
2989 if (zc->zc_perm_action == B_FALSE) {
2990 error = dsl_deleg_can_allow(zc->zc_name,
2993 error = dsl_deleg_can_unallow(zc->zc_name,
2999 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action);
3001 nvlist_free(fsaclnv);
3007 * zc_name name of filesystem
3010 * zc_nvlist_src{_size} nvlist of delegated permissions
3013 zfs_ioc_get_fsacl(zfs_cmd_t *zc)
3018 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) {
3019 error = put_nvlist(zc, nvp);
3028 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx)
3030 zfs_creat_t *zct = arg;
3032 zfs_create_fs(os, cr, zct->zct_zplprops, tx);
3035 #define ZFS_PROP_UNDEFINED ((uint64_t)-1)
3039 * os parent objset pointer (NULL if root fs)
3040 * fuids_ok fuids allowed in this version of the spa?
3041 * sa_ok SAs allowed in this version of the spa?
3042 * createprops list of properties requested by creator
3045 * zplprops values for the zplprops we attach to the master node object
3046 * is_ci true if requested file system will be purely case-insensitive
3048 * Determine the settings for utf8only, normalization and
3049 * casesensitivity. Specific values may have been requested by the
3050 * creator and/or we can inherit values from the parent dataset. If
3051 * the file system is of too early a vintage, a creator can not
3052 * request settings for these properties, even if the requested
3053 * setting is the default value. We don't actually want to create dsl
3054 * properties for these, so remove them from the source nvlist after
3058 zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver,
3059 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops,
3060 nvlist_t *zplprops, boolean_t *is_ci)
3062 uint64_t sense = ZFS_PROP_UNDEFINED;
3063 uint64_t norm = ZFS_PROP_UNDEFINED;
3064 uint64_t u8 = ZFS_PROP_UNDEFINED;
3067 ASSERT(zplprops != NULL);
3069 /* parent dataset must be a filesystem */
3070 if (os != NULL && os->os_phys->os_type != DMU_OST_ZFS)
3071 return (SET_ERROR(ZFS_ERR_WRONG_PARENT));
3074 * Pull out creator prop choices, if any.
3077 (void) nvlist_lookup_uint64(createprops,
3078 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver);
3079 (void) nvlist_lookup_uint64(createprops,
3080 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm);
3081 (void) nvlist_remove_all(createprops,
3082 zfs_prop_to_name(ZFS_PROP_NORMALIZE));
3083 (void) nvlist_lookup_uint64(createprops,
3084 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8);
3085 (void) nvlist_remove_all(createprops,
3086 zfs_prop_to_name(ZFS_PROP_UTF8ONLY));
3087 (void) nvlist_lookup_uint64(createprops,
3088 zfs_prop_to_name(ZFS_PROP_CASE), &sense);
3089 (void) nvlist_remove_all(createprops,
3090 zfs_prop_to_name(ZFS_PROP_CASE));
3094 * If the zpl version requested is whacky or the file system
3095 * or pool is version is too "young" to support normalization
3096 * and the creator tried to set a value for one of the props,
3099 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) ||
3100 (zplver >= ZPL_VERSION_FUID && !fuids_ok) ||
3101 (zplver >= ZPL_VERSION_SA && !sa_ok) ||
3102 (zplver < ZPL_VERSION_NORMALIZATION &&
3103 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED ||
3104 sense != ZFS_PROP_UNDEFINED)))
3105 return (SET_ERROR(ENOTSUP));
3108 * Put the version in the zplprops
3110 VERIFY(nvlist_add_uint64(zplprops,
3111 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0);
3113 if (norm == ZFS_PROP_UNDEFINED &&
3114 (error = zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm)) != 0)
3116 VERIFY(nvlist_add_uint64(zplprops,
3117 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0);
3120 * If we're normalizing, names must always be valid UTF-8 strings.
3124 if (u8 == ZFS_PROP_UNDEFINED &&
3125 (error = zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8)) != 0)
3127 VERIFY(nvlist_add_uint64(zplprops,
3128 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0);
3130 if (sense == ZFS_PROP_UNDEFINED &&
3131 (error = zfs_get_zplprop(os, ZFS_PROP_CASE, &sense)) != 0)
3133 VERIFY(nvlist_add_uint64(zplprops,
3134 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0);
3137 *is_ci = (sense == ZFS_CASE_INSENSITIVE);
3143 zfs_fill_zplprops(const char *dataset, nvlist_t *createprops,
3144 nvlist_t *zplprops, boolean_t *is_ci)
3146 boolean_t fuids_ok, sa_ok;
3147 uint64_t zplver = ZPL_VERSION;
3148 objset_t *os = NULL;
3149 char parentname[ZFS_MAX_DATASET_NAME_LEN];
3154 zfs_get_parent(dataset, parentname, sizeof (parentname));
3156 if ((error = spa_open(dataset, &spa, FTAG)) != 0)
3159 spa_vers = spa_version(spa);
3160 spa_close(spa, FTAG);
3162 zplver = zfs_zpl_version_map(spa_vers);
3163 fuids_ok = (zplver >= ZPL_VERSION_FUID);
3164 sa_ok = (zplver >= ZPL_VERSION_SA);
3167 * Open parent object set so we can inherit zplprop values.
3169 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0)
3172 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops,
3174 dmu_objset_rele(os, FTAG);
3179 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops,
3180 nvlist_t *zplprops, boolean_t *is_ci)
3184 uint64_t zplver = ZPL_VERSION;
3187 zplver = zfs_zpl_version_map(spa_vers);
3188 fuids_ok = (zplver >= ZPL_VERSION_FUID);
3189 sa_ok = (zplver >= ZPL_VERSION_SA);
3191 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok,
3192 createprops, zplprops, is_ci);
3198 * "type" -> dmu_objset_type_t (int32)
3199 * (optional) "props" -> { prop -> value }
3200 * (optional) "hidden_args" -> { "wkeydata" -> value }
3201 * raw uint8_t array of encryption wrapping key data (32 bytes)
3204 * outnvl: propname -> error code (int32)
3207 static const zfs_ioc_key_t zfs_keys_create[] = {
3208 {"type", DATA_TYPE_INT32, 0},
3209 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3210 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3214 zfs_ioc_create(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3217 zfs_creat_t zct = { 0 };
3218 nvlist_t *nvprops = NULL;
3219 nvlist_t *hidden_args = NULL;
3220 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx);
3221 dmu_objset_type_t type;
3222 boolean_t is_insensitive = B_FALSE;
3223 dsl_crypto_params_t *dcp = NULL;
3225 type = (dmu_objset_type_t)fnvlist_lookup_int32(innvl, "type");
3226 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3227 (void) nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args);
3231 cbfunc = zfs_create_cb;
3235 cbfunc = zvol_create_cb;
3242 if (strchr(fsname, '@') ||
3243 strchr(fsname, '%'))
3244 return (SET_ERROR(EINVAL));
3246 zct.zct_props = nvprops;
3249 return (SET_ERROR(EINVAL));
3251 if (type == DMU_OST_ZVOL) {
3252 uint64_t volsize, volblocksize;
3254 if (nvprops == NULL)
3255 return (SET_ERROR(EINVAL));
3256 if (nvlist_lookup_uint64(nvprops,
3257 zfs_prop_to_name(ZFS_PROP_VOLSIZE), &volsize) != 0)
3258 return (SET_ERROR(EINVAL));
3260 if ((error = nvlist_lookup_uint64(nvprops,
3261 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
3262 &volblocksize)) != 0 && error != ENOENT)
3263 return (SET_ERROR(EINVAL));
3266 volblocksize = zfs_prop_default_numeric(
3267 ZFS_PROP_VOLBLOCKSIZE);
3269 if ((error = zvol_check_volblocksize(fsname,
3270 volblocksize)) != 0 ||
3271 (error = zvol_check_volsize(volsize,
3272 volblocksize)) != 0)
3274 } else if (type == DMU_OST_ZFS) {
3278 * We have to have normalization and
3279 * case-folding flags correct when we do the
3280 * file system creation, so go figure them out
3283 VERIFY(nvlist_alloc(&zct.zct_zplprops,
3284 NV_UNIQUE_NAME, KM_SLEEP) == 0);
3285 error = zfs_fill_zplprops(fsname, nvprops,
3286 zct.zct_zplprops, &is_insensitive);
3288 nvlist_free(zct.zct_zplprops);
3293 error = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, nvprops,
3296 nvlist_free(zct.zct_zplprops);
3300 error = dmu_objset_create(fsname, type,
3301 is_insensitive ? DS_FLAG_CI_DATASET : 0, dcp, cbfunc, &zct);
3303 nvlist_free(zct.zct_zplprops);
3304 dsl_crypto_params_free(dcp, !!error);
3307 * It would be nice to do this atomically.
3310 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3317 * Volumes will return EBUSY and cannot be destroyed
3318 * until all asynchronous minor handling (e.g. from
3319 * setting the volmode property) has completed. Wait for
3320 * the spa_zvol_taskq to drain then retry.
3322 error2 = dsl_destroy_head(fsname);
3323 while ((error2 == EBUSY) && (type == DMU_OST_ZVOL)) {
3324 error2 = spa_open(fsname, &spa, FTAG);
3326 taskq_wait(spa->spa_zvol_taskq);
3327 spa_close(spa, FTAG);
3329 error2 = dsl_destroy_head(fsname);
3338 * "origin" -> name of origin snapshot
3339 * (optional) "props" -> { prop -> value }
3340 * (optional) "hidden_args" -> { "wkeydata" -> value }
3341 * raw uint8_t array of encryption wrapping key data (32 bytes)
3345 * outnvl: propname -> error code (int32)
3347 static const zfs_ioc_key_t zfs_keys_clone[] = {
3348 {"origin", DATA_TYPE_STRING, 0},
3349 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3350 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3354 zfs_ioc_clone(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3357 nvlist_t *nvprops = NULL;
3358 const char *origin_name;
3360 origin_name = fnvlist_lookup_string(innvl, "origin");
3361 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3363 if (strchr(fsname, '@') ||
3364 strchr(fsname, '%'))
3365 return (SET_ERROR(EINVAL));
3367 if (dataset_namecheck(origin_name, NULL, NULL) != 0)
3368 return (SET_ERROR(EINVAL));
3370 error = dmu_objset_clone(fsname, origin_name);
3373 * It would be nice to do this atomically.
3376 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3379 (void) dsl_destroy_head(fsname);
3384 static const zfs_ioc_key_t zfs_keys_remap[] = {
3390 zfs_ioc_remap(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3392 /* This IOCTL is no longer supported. */
3398 * "snaps" -> { snapshot1, snapshot2 }
3399 * (optional) "props" -> { prop -> value (string) }
3402 * outnvl: snapshot -> error code (int32)
3404 static const zfs_ioc_key_t zfs_keys_snapshot[] = {
3405 {"snaps", DATA_TYPE_NVLIST, 0},
3406 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3410 zfs_ioc_snapshot(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3413 nvlist_t *props = NULL;
3417 (void) nvlist_lookup_nvlist(innvl, "props", &props);
3418 if (!nvlist_empty(props) &&
3419 zfs_earlier_version(poolname, SPA_VERSION_SNAP_PROPS))
3420 return (SET_ERROR(ENOTSUP));
3421 if ((error = zfs_check_userprops(props)) != 0)
3424 snaps = fnvlist_lookup_nvlist(innvl, "snaps");
3425 poollen = strlen(poolname);
3426 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3427 pair = nvlist_next_nvpair(snaps, pair)) {
3428 const char *name = nvpair_name(pair);
3429 char *cp = strchr(name, '@');
3432 * The snap name must contain an @, and the part after it must
3433 * contain only valid characters.
3436 zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
3437 return (SET_ERROR(EINVAL));
3440 * The snap must be in the specified pool.
3442 if (strncmp(name, poolname, poollen) != 0 ||
3443 (name[poollen] != '/' && name[poollen] != '@'))
3444 return (SET_ERROR(EXDEV));
3447 * Check for permission to set the properties on the fs.
3449 if (!nvlist_empty(props)) {
3451 error = zfs_secpolicy_write_perms(name,
3452 ZFS_DELEG_PERM_USERPROP, CRED());
3458 /* This must be the only snap of this fs. */
3459 for (nvpair_t *pair2 = nvlist_next_nvpair(snaps, pair);
3460 pair2 != NULL; pair2 = nvlist_next_nvpair(snaps, pair2)) {
3461 if (strncmp(name, nvpair_name(pair2), cp - name + 1)
3463 return (SET_ERROR(EXDEV));
3468 error = dsl_dataset_snapshot(snaps, props, outnvl);
3474 * innvl: "message" -> string
3476 static const zfs_ioc_key_t zfs_keys_log_history[] = {
3477 {"message", DATA_TYPE_STRING, 0},
3482 zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl)
3484 const char *message;
3490 * The poolname in the ioctl is not set, we get it from the TSD,
3491 * which was set at the end of the last successful ioctl that allows
3492 * logging. The secpolicy func already checked that it is set.
3493 * Only one log ioctl is allowed after each successful ioctl, so
3494 * we clear the TSD here.
3496 poolname = tsd_get(zfs_allow_log_key);
3497 if (poolname == NULL)
3498 return (SET_ERROR(EINVAL));
3499 (void) tsd_set(zfs_allow_log_key, NULL);
3500 error = spa_open(poolname, &spa, FTAG);
3501 kmem_strfree(poolname);
3505 message = fnvlist_lookup_string(innvl, "message");
3507 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
3508 spa_close(spa, FTAG);
3509 return (SET_ERROR(ENOTSUP));
3512 error = spa_history_log(spa, message);
3513 spa_close(spa, FTAG);
3518 * This ioctl is used to set the bootenv configuration on the current
3519 * pool. This configuration is stored in the second padding area of the label,
3520 * and it is used by the bootloader(s) to store the bootloader and/or system
3522 * The data is stored as nvlist data stream, and is protected by
3523 * an embedded checksum.
3524 * The version can have two possible values:
3525 * VB_RAW: nvlist should have key GRUB_ENVMAP, value DATA_TYPE_STRING.
3526 * VB_NVLIST: nvlist with arbitrary <key, value> pairs.
3528 static const zfs_ioc_key_t zfs_keys_set_bootenv[] = {
3529 {"version", DATA_TYPE_UINT64, 0},
3530 {"<keys>", DATA_TYPE_ANY, ZK_OPTIONAL | ZK_WILDCARDLIST},
3534 zfs_ioc_set_bootenv(const char *name, nvlist_t *innvl, nvlist_t *outnvl)
3539 if ((error = spa_open(name, &spa, FTAG)) != 0)
3541 spa_vdev_state_enter(spa, SCL_ALL);
3542 error = vdev_label_write_bootenv(spa->spa_root_vdev, innvl);
3543 (void) spa_vdev_state_exit(spa, NULL, 0);
3544 spa_close(spa, FTAG);
3548 static const zfs_ioc_key_t zfs_keys_get_bootenv[] = {
3553 zfs_ioc_get_bootenv(const char *name, nvlist_t *innvl, nvlist_t *outnvl)
3558 if ((error = spa_open(name, &spa, FTAG)) != 0)
3560 spa_vdev_state_enter(spa, SCL_ALL);
3561 error = vdev_label_read_bootenv(spa->spa_root_vdev, outnvl);
3562 (void) spa_vdev_state_exit(spa, NULL, 0);
3563 spa_close(spa, FTAG);
3568 * The dp_config_rwlock must not be held when calling this, because the
3569 * unmount may need to write out data.
3571 * This function is best-effort. Callers must deal gracefully if it
3572 * remains mounted (or is remounted after this call).
3574 * Returns 0 if the argument is not a snapshot, or it is not currently a
3575 * filesystem, or we were able to unmount it. Returns error code otherwise.
3578 zfs_unmount_snap(const char *snapname)
3580 if (strchr(snapname, '@') == NULL)
3583 (void) zfsctl_snapshot_unmount(snapname, MNT_FORCE);
3588 zfs_unmount_snap_cb(const char *snapname, void *arg)
3590 zfs_unmount_snap(snapname);
3595 * When a clone is destroyed, its origin may also need to be destroyed,
3596 * in which case it must be unmounted. This routine will do that unmount
3600 zfs_destroy_unmount_origin(const char *fsname)
3606 error = dmu_objset_hold(fsname, FTAG, &os);
3609 ds = dmu_objset_ds(os);
3610 if (dsl_dir_is_clone(ds->ds_dir) && DS_IS_DEFER_DESTROY(ds->ds_prev)) {
3611 char originname[ZFS_MAX_DATASET_NAME_LEN];
3612 dsl_dataset_name(ds->ds_prev, originname);
3613 dmu_objset_rele(os, FTAG);
3614 zfs_unmount_snap(originname);
3616 dmu_objset_rele(os, FTAG);
3622 * "snaps" -> { snapshot1, snapshot2 }
3623 * (optional boolean) "defer"
3626 * outnvl: snapshot -> error code (int32)
3628 static const zfs_ioc_key_t zfs_keys_destroy_snaps[] = {
3629 {"snaps", DATA_TYPE_NVLIST, 0},
3630 {"defer", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
3635 zfs_ioc_destroy_snaps(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3643 snaps = fnvlist_lookup_nvlist(innvl, "snaps");
3644 defer = nvlist_exists(innvl, "defer");
3646 poollen = strlen(poolname);
3647 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3648 pair = nvlist_next_nvpair(snaps, pair)) {
3649 const char *name = nvpair_name(pair);
3652 * The snap must be in the specified pool to prevent the
3653 * invalid removal of zvol minors below.
3655 if (strncmp(name, poolname, poollen) != 0 ||
3656 (name[poollen] != '/' && name[poollen] != '@'))
3657 return (SET_ERROR(EXDEV));
3659 zfs_unmount_snap(nvpair_name(pair));
3660 if (spa_open(name, &spa, FTAG) == 0) {
3661 zvol_remove_minors(spa, name, B_TRUE);
3662 spa_close(spa, FTAG);
3666 return (dsl_destroy_snapshots_nvl(snaps, defer, outnvl));
3670 * Create bookmarks. The bookmark names are of the form <fs>#<bmark>.
3671 * All bookmarks and snapshots must be in the same pool.
3672 * dsl_bookmark_create_nvl_validate describes the nvlist schema in more detail.
3675 * new_bookmark1 -> existing_snapshot,
3676 * new_bookmark2 -> existing_bookmark,
3679 * outnvl: bookmark -> error code (int32)
3682 static const zfs_ioc_key_t zfs_keys_bookmark[] = {
3683 {"<bookmark>...", DATA_TYPE_STRING, ZK_WILDCARDLIST},
3688 zfs_ioc_bookmark(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3690 return (dsl_bookmark_create(innvl, outnvl));
3695 * property 1, property 2, ...
3699 * bookmark name 1 -> { property 1, property 2, ... },
3700 * bookmark name 2 -> { property 1, property 2, ... }
3704 static const zfs_ioc_key_t zfs_keys_get_bookmarks[] = {
3705 {"<property>...", DATA_TYPE_BOOLEAN, ZK_WILDCARDLIST | ZK_OPTIONAL},
3709 zfs_ioc_get_bookmarks(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3711 return (dsl_get_bookmarks(fsname, innvl, outnvl));
3715 * innvl is not used.
3718 * property 1, property 2, ...
3722 static const zfs_ioc_key_t zfs_keys_get_bookmark_props[] = {
3728 zfs_ioc_get_bookmark_props(const char *bookmark, nvlist_t *innvl,
3731 char fsname[ZFS_MAX_DATASET_NAME_LEN];
3734 bmname = strchr(bookmark, '#');
3736 return (SET_ERROR(EINVAL));
3739 (void) strlcpy(fsname, bookmark, sizeof (fsname));
3740 *(strchr(fsname, '#')) = '\0';
3742 return (dsl_get_bookmark_props(fsname, bmname, outnvl));
3747 * bookmark name 1, bookmark name 2
3750 * outnvl: bookmark -> error code (int32)
3753 static const zfs_ioc_key_t zfs_keys_destroy_bookmarks[] = {
3754 {"<bookmark>...", DATA_TYPE_BOOLEAN, ZK_WILDCARDLIST},
3758 zfs_ioc_destroy_bookmarks(const char *poolname, nvlist_t *innvl,
3763 poollen = strlen(poolname);
3764 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL);
3765 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
3766 const char *name = nvpair_name(pair);
3767 const char *cp = strchr(name, '#');
3770 * The bookmark name must contain an #, and the part after it
3771 * must contain only valid characters.
3774 zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
3775 return (SET_ERROR(EINVAL));
3778 * The bookmark must be in the specified pool.
3780 if (strncmp(name, poolname, poollen) != 0 ||
3781 (name[poollen] != '/' && name[poollen] != '#'))
3782 return (SET_ERROR(EXDEV));
3785 error = dsl_bookmark_destroy(innvl, outnvl);
3789 static const zfs_ioc_key_t zfs_keys_channel_program[] = {
3790 {"program", DATA_TYPE_STRING, 0},
3791 {"arg", DATA_TYPE_ANY, 0},
3792 {"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
3793 {"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
3794 {"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
3798 zfs_ioc_channel_program(const char *poolname, nvlist_t *innvl,
3802 uint64_t instrlimit, memlimit;
3803 boolean_t sync_flag;
3804 nvpair_t *nvarg = NULL;
3806 program = fnvlist_lookup_string(innvl, ZCP_ARG_PROGRAM);
3807 if (0 != nvlist_lookup_boolean_value(innvl, ZCP_ARG_SYNC, &sync_flag)) {
3810 if (0 != nvlist_lookup_uint64(innvl, ZCP_ARG_INSTRLIMIT, &instrlimit)) {
3811 instrlimit = ZCP_DEFAULT_INSTRLIMIT;
3813 if (0 != nvlist_lookup_uint64(innvl, ZCP_ARG_MEMLIMIT, &memlimit)) {
3814 memlimit = ZCP_DEFAULT_MEMLIMIT;
3816 nvarg = fnvlist_lookup_nvpair(innvl, ZCP_ARG_ARGLIST);
3818 if (instrlimit == 0 || instrlimit > zfs_lua_max_instrlimit)
3819 return (SET_ERROR(EINVAL));
3820 if (memlimit == 0 || memlimit > zfs_lua_max_memlimit)
3821 return (SET_ERROR(EINVAL));
3823 return (zcp_eval(poolname, program, sync_flag, instrlimit, memlimit,
3831 static const zfs_ioc_key_t zfs_keys_pool_checkpoint[] = {
3837 zfs_ioc_pool_checkpoint(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3839 return (spa_checkpoint(poolname));
3846 static const zfs_ioc_key_t zfs_keys_pool_discard_checkpoint[] = {
3852 zfs_ioc_pool_discard_checkpoint(const char *poolname, nvlist_t *innvl,
3855 return (spa_checkpoint_discard(poolname));
3860 * zc_name name of dataset to destroy
3861 * zc_defer_destroy mark for deferred destroy
3866 zfs_ioc_destroy(zfs_cmd_t *zc)
3869 dmu_objset_type_t ost;
3872 err = dmu_objset_hold(zc->zc_name, FTAG, &os);
3875 ost = dmu_objset_type(os);
3876 dmu_objset_rele(os, FTAG);
3878 if (ost == DMU_OST_ZFS)
3879 zfs_unmount_snap(zc->zc_name);
3881 if (strchr(zc->zc_name, '@')) {
3882 err = dsl_destroy_snapshot(zc->zc_name, zc->zc_defer_destroy);
3884 err = dsl_destroy_head(zc->zc_name);
3885 if (err == EEXIST) {
3887 * It is possible that the given DS may have
3888 * hidden child (%recv) datasets - "leftovers"
3889 * resulting from the previously interrupted
3892 * 6 extra bytes for /%recv
3894 char namebuf[ZFS_MAX_DATASET_NAME_LEN + 6];
3896 if (snprintf(namebuf, sizeof (namebuf), "%s/%s",
3897 zc->zc_name, recv_clone_name) >=
3899 return (SET_ERROR(EINVAL));
3902 * Try to remove the hidden child (%recv) and after
3903 * that try to remove the target dataset.
3904 * If the hidden child (%recv) does not exist
3905 * the original error (EEXIST) will be returned
3907 err = dsl_destroy_head(namebuf);
3909 err = dsl_destroy_head(zc->zc_name);
3910 else if (err == ENOENT)
3911 err = SET_ERROR(EEXIST);
3920 * "initialize_command" -> POOL_INITIALIZE_{CANCEL|START|SUSPEND} (uint64)
3921 * "initialize_vdevs": { -> guids to initialize (nvlist)
3922 * "vdev_path_1": vdev_guid_1, (uint64),
3923 * "vdev_path_2": vdev_guid_2, (uint64),
3929 * "initialize_vdevs": { -> initialization errors (nvlist)
3930 * "vdev_path_1": errno, see function body for possible errnos (uint64)
3931 * "vdev_path_2": errno, ... (uint64)
3936 * EINVAL is returned for an unknown commands or if any of the provided vdev
3937 * guids have be specified with a type other than uint64.
3939 static const zfs_ioc_key_t zfs_keys_pool_initialize[] = {
3940 {ZPOOL_INITIALIZE_COMMAND, DATA_TYPE_UINT64, 0},
3941 {ZPOOL_INITIALIZE_VDEVS, DATA_TYPE_NVLIST, 0}
3945 zfs_ioc_pool_initialize(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3948 if (nvlist_lookup_uint64(innvl, ZPOOL_INITIALIZE_COMMAND,
3950 return (SET_ERROR(EINVAL));
3953 if (!(cmd_type == POOL_INITIALIZE_CANCEL ||
3954 cmd_type == POOL_INITIALIZE_START ||
3955 cmd_type == POOL_INITIALIZE_SUSPEND)) {
3956 return (SET_ERROR(EINVAL));
3959 nvlist_t *vdev_guids;
3960 if (nvlist_lookup_nvlist(innvl, ZPOOL_INITIALIZE_VDEVS,
3961 &vdev_guids) != 0) {
3962 return (SET_ERROR(EINVAL));
3965 for (nvpair_t *pair = nvlist_next_nvpair(vdev_guids, NULL);
3966 pair != NULL; pair = nvlist_next_nvpair(vdev_guids, pair)) {
3968 if (nvpair_value_uint64(pair, &vdev_guid) != 0) {
3969 return (SET_ERROR(EINVAL));
3974 int error = spa_open(poolname, &spa, FTAG);
3978 nvlist_t *vdev_errlist = fnvlist_alloc();
3979 int total_errors = spa_vdev_initialize(spa, vdev_guids, cmd_type,
3982 if (fnvlist_size(vdev_errlist) > 0) {
3983 fnvlist_add_nvlist(outnvl, ZPOOL_INITIALIZE_VDEVS,
3986 fnvlist_free(vdev_errlist);
3988 spa_close(spa, FTAG);
3989 return (total_errors > 0 ? EINVAL : 0);
3994 * "trim_command" -> POOL_TRIM_{CANCEL|START|SUSPEND} (uint64)
3995 * "trim_vdevs": { -> guids to TRIM (nvlist)
3996 * "vdev_path_1": vdev_guid_1, (uint64),
3997 * "vdev_path_2": vdev_guid_2, (uint64),
4000 * "trim_rate" -> Target TRIM rate in bytes/sec.
4001 * "trim_secure" -> Set to request a secure TRIM.
4005 * "trim_vdevs": { -> TRIM errors (nvlist)
4006 * "vdev_path_1": errno, see function body for possible errnos (uint64)
4007 * "vdev_path_2": errno, ... (uint64)
4012 * EINVAL is returned for an unknown commands or if any of the provided vdev
4013 * guids have be specified with a type other than uint64.
4015 static const zfs_ioc_key_t zfs_keys_pool_trim[] = {
4016 {ZPOOL_TRIM_COMMAND, DATA_TYPE_UINT64, 0},
4017 {ZPOOL_TRIM_VDEVS, DATA_TYPE_NVLIST, 0},
4018 {ZPOOL_TRIM_RATE, DATA_TYPE_UINT64, ZK_OPTIONAL},
4019 {ZPOOL_TRIM_SECURE, DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
4023 zfs_ioc_pool_trim(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
4026 if (nvlist_lookup_uint64(innvl, ZPOOL_TRIM_COMMAND, &cmd_type) != 0)
4027 return (SET_ERROR(EINVAL));
4029 if (!(cmd_type == POOL_TRIM_CANCEL ||
4030 cmd_type == POOL_TRIM_START ||
4031 cmd_type == POOL_TRIM_SUSPEND)) {
4032 return (SET_ERROR(EINVAL));
4035 nvlist_t *vdev_guids;
4036 if (nvlist_lookup_nvlist(innvl, ZPOOL_TRIM_VDEVS, &vdev_guids) != 0)
4037 return (SET_ERROR(EINVAL));
4039 for (nvpair_t *pair = nvlist_next_nvpair(vdev_guids, NULL);
4040 pair != NULL; pair = nvlist_next_nvpair(vdev_guids, pair)) {
4042 if (nvpair_value_uint64(pair, &vdev_guid) != 0) {
4043 return (SET_ERROR(EINVAL));
4047 /* Optional, defaults to maximum rate when not provided */
4049 if (nvlist_lookup_uint64(innvl, ZPOOL_TRIM_RATE, &rate) != 0)
4052 /* Optional, defaults to standard TRIM when not provided */
4054 if (nvlist_lookup_boolean_value(innvl, ZPOOL_TRIM_SECURE,
4060 int error = spa_open(poolname, &spa, FTAG);
4064 nvlist_t *vdev_errlist = fnvlist_alloc();
4065 int total_errors = spa_vdev_trim(spa, vdev_guids, cmd_type,
4066 rate, !!zfs_trim_metaslab_skip, secure, vdev_errlist);
4068 if (fnvlist_size(vdev_errlist) > 0)
4069 fnvlist_add_nvlist(outnvl, ZPOOL_TRIM_VDEVS, vdev_errlist);
4071 fnvlist_free(vdev_errlist);
4073 spa_close(spa, FTAG);
4074 return (total_errors > 0 ? EINVAL : 0);
4078 * This ioctl waits for activity of a particular type to complete. If there is
4079 * no activity of that type in progress, it returns immediately, and the
4080 * returned value "waited" is false. If there is activity in progress, and no
4081 * tag is passed in, the ioctl blocks until all activity of that type is
4082 * complete, and then returns with "waited" set to true.
4084 * If a tag is provided, it identifies a particular instance of an activity to
4085 * wait for. Currently, this is only valid for use with 'initialize', because
4086 * that is the only activity for which there can be multiple instances running
4087 * concurrently. In the case of 'initialize', the tag corresponds to the guid of
4088 * the vdev on which to wait.
4090 * If a thread waiting in the ioctl receives a signal, the call will return
4091 * immediately, and the return value will be EINTR.
4094 * "wait_activity" -> int32_t
4095 * (optional) "wait_tag" -> uint64_t
4098 * outnvl: "waited" -> boolean_t
4100 static const zfs_ioc_key_t zfs_keys_pool_wait[] = {
4101 {ZPOOL_WAIT_ACTIVITY, DATA_TYPE_INT32, 0},
4102 {ZPOOL_WAIT_TAG, DATA_TYPE_UINT64, ZK_OPTIONAL},
4106 zfs_ioc_wait(const char *name, nvlist_t *innvl, nvlist_t *outnvl)
4113 if (nvlist_lookup_int32(innvl, ZPOOL_WAIT_ACTIVITY, &activity) != 0)
4116 if (nvlist_lookup_uint64(innvl, ZPOOL_WAIT_TAG, &tag) == 0)
4117 error = spa_wait_tag(name, activity, tag, &waited);
4119 error = spa_wait(name, activity, &waited);
4122 fnvlist_add_boolean_value(outnvl, ZPOOL_WAIT_WAITED, waited);
4128 * This ioctl waits for activity of a particular type to complete. If there is
4129 * no activity of that type in progress, it returns immediately, and the
4130 * returned value "waited" is false. If there is activity in progress, and no
4131 * tag is passed in, the ioctl blocks until all activity of that type is
4132 * complete, and then returns with "waited" set to true.
4134 * If a thread waiting in the ioctl receives a signal, the call will return
4135 * immediately, and the return value will be EINTR.
4138 * "wait_activity" -> int32_t
4141 * outnvl: "waited" -> boolean_t
4143 static const zfs_ioc_key_t zfs_keys_fs_wait[] = {
4144 {ZFS_WAIT_ACTIVITY, DATA_TYPE_INT32, 0},
4148 zfs_ioc_wait_fs(const char *name, nvlist_t *innvl, nvlist_t *outnvl)
4151 boolean_t waited = B_FALSE;
4157 if (nvlist_lookup_int32(innvl, ZFS_WAIT_ACTIVITY, &activity) != 0)
4158 return (SET_ERROR(EINVAL));
4160 if (activity >= ZFS_WAIT_NUM_ACTIVITIES || activity < 0)
4161 return (SET_ERROR(EINVAL));
4163 if ((error = dsl_pool_hold(name, FTAG, &dp)) != 0)
4166 if ((error = dsl_dataset_hold(dp, name, FTAG, &ds)) != 0) {
4167 dsl_pool_rele(dp, FTAG);
4172 mutex_enter(&dd->dd_activity_lock);
4173 dd->dd_activity_waiters++;
4176 * We get a long-hold here so that the dsl_dataset_t and dsl_dir_t
4177 * aren't evicted while we're waiting. Normally this is prevented by
4178 * holding the pool, but we can't do that while we're waiting since
4179 * that would prevent TXGs from syncing out. Some of the functionality
4180 * of long-holds (e.g. preventing deletion) is unnecessary for this
4181 * case, since we would cancel the waiters before proceeding with a
4182 * deletion. An alternative mechanism for keeping the dataset around
4183 * could be developed but this is simpler.
4185 dsl_dataset_long_hold(ds, FTAG);
4186 dsl_pool_rele(dp, FTAG);
4188 error = dsl_dir_wait(dd, ds, activity, &waited);
4190 dsl_dataset_long_rele(ds, FTAG);
4191 dd->dd_activity_waiters--;
4192 if (dd->dd_activity_waiters == 0)
4193 cv_signal(&dd->dd_activity_cv);
4194 mutex_exit(&dd->dd_activity_lock);
4196 dsl_dataset_rele(ds, FTAG);
4199 fnvlist_add_boolean_value(outnvl, ZFS_WAIT_WAITED, waited);
4205 * fsname is name of dataset to rollback (to most recent snapshot)
4207 * innvl may contain name of expected target snapshot
4209 * outnvl: "target" -> name of most recent snapshot
4212 static const zfs_ioc_key_t zfs_keys_rollback[] = {
4213 {"target", DATA_TYPE_STRING, ZK_OPTIONAL},
4218 zfs_ioc_rollback(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
4221 zvol_state_handle_t *zv;
4222 char *target = NULL;
4225 (void) nvlist_lookup_string(innvl, "target", &target);
4226 if (target != NULL) {
4227 const char *cp = strchr(target, '@');
4230 * The snap name must contain an @, and the part after it must
4231 * contain only valid characters.
4234 zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
4235 return (SET_ERROR(EINVAL));
4238 if (getzfsvfs(fsname, &zfsvfs) == 0) {
4241 ds = dmu_objset_ds(zfsvfs->z_os);
4242 error = zfs_suspend_fs(zfsvfs);
4246 error = dsl_dataset_rollback(fsname, target, zfsvfs,
4248 resume_err = zfs_resume_fs(zfsvfs, ds);
4249 error = error ? error : resume_err;
4251 zfs_vfs_rele(zfsvfs);
4252 } else if ((zv = zvol_suspend(fsname)) != NULL) {
4253 error = dsl_dataset_rollback(fsname, target, zvol_tag(zv),
4257 error = dsl_dataset_rollback(fsname, target, NULL, outnvl);
4263 recursive_unmount(const char *fsname, void *arg)
4265 const char *snapname = arg;
4268 fullname = kmem_asprintf("%s@%s", fsname, snapname);
4269 zfs_unmount_snap(fullname);
4270 kmem_strfree(fullname);
4277 * snapname is the snapshot to redact.
4279 * "bookname" -> (string)
4280 * shortname of the redaction bookmark to generate
4281 * "snapnv" -> (nvlist, values ignored)
4282 * snapshots to redact snapname with respect to
4289 static const zfs_ioc_key_t zfs_keys_redact[] = {
4290 {"bookname", DATA_TYPE_STRING, 0},
4291 {"snapnv", DATA_TYPE_NVLIST, 0},
4294 zfs_ioc_redact(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
4296 nvlist_t *redactnvl = NULL;
4297 char *redactbook = NULL;
4299 if (nvlist_lookup_nvlist(innvl, "snapnv", &redactnvl) != 0)
4300 return (SET_ERROR(EINVAL));
4301 if (fnvlist_num_pairs(redactnvl) == 0)
4302 return (SET_ERROR(ENXIO));
4303 if (nvlist_lookup_string(innvl, "bookname", &redactbook) != 0)
4304 return (SET_ERROR(EINVAL));
4306 return (dmu_redact_snap(snapname, redactnvl, redactbook));
4311 * zc_name old name of dataset
4312 * zc_value new name of dataset
4313 * zc_cookie recursive flag (only valid for snapshots)
4318 zfs_ioc_rename(zfs_cmd_t *zc)
4321 dmu_objset_type_t ost;
4322 boolean_t recursive = zc->zc_cookie & 1;
4323 boolean_t nounmount = !!(zc->zc_cookie & 2);
4327 /* "zfs rename" from and to ...%recv datasets should both fail */
4328 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
4329 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
4330 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0 ||
4331 dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
4332 strchr(zc->zc_name, '%') || strchr(zc->zc_value, '%'))
4333 return (SET_ERROR(EINVAL));
4335 err = dmu_objset_hold(zc->zc_name, FTAG, &os);
4338 ost = dmu_objset_type(os);
4339 dmu_objset_rele(os, FTAG);
4341 at = strchr(zc->zc_name, '@');
4343 /* snaps must be in same fs */
4346 if (strncmp(zc->zc_name, zc->zc_value, at - zc->zc_name + 1))
4347 return (SET_ERROR(EXDEV));
4349 if (ost == DMU_OST_ZFS && !nounmount) {
4350 error = dmu_objset_find(zc->zc_name,
4351 recursive_unmount, at + 1,
4352 recursive ? DS_FIND_CHILDREN : 0);
4358 error = dsl_dataset_rename_snapshot(zc->zc_name,
4359 at + 1, strchr(zc->zc_value, '@') + 1, recursive);
4364 return (dsl_dir_rename(zc->zc_name, zc->zc_value));
4369 zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr)
4371 const char *propname = nvpair_name(pair);
4372 boolean_t issnap = (strchr(dsname, '@') != NULL);
4373 zfs_prop_t prop = zfs_name_to_prop(propname);
4374 uint64_t intval, compval;
4377 if (prop == ZPROP_INVAL) {
4378 if (zfs_prop_user(propname)) {
4379 if ((err = zfs_secpolicy_write_perms(dsname,
4380 ZFS_DELEG_PERM_USERPROP, cr)))
4385 if (!issnap && zfs_prop_userquota(propname)) {
4386 const char *perm = NULL;
4387 const char *uq_prefix =
4388 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA];
4389 const char *gq_prefix =
4390 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA];
4391 const char *uiq_prefix =
4392 zfs_userquota_prop_prefixes[ZFS_PROP_USEROBJQUOTA];
4393 const char *giq_prefix =
4394 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPOBJQUOTA];
4395 const char *pq_prefix =
4396 zfs_userquota_prop_prefixes[ZFS_PROP_PROJECTQUOTA];
4397 const char *piq_prefix = zfs_userquota_prop_prefixes[\
4398 ZFS_PROP_PROJECTOBJQUOTA];
4400 if (strncmp(propname, uq_prefix,
4401 strlen(uq_prefix)) == 0) {
4402 perm = ZFS_DELEG_PERM_USERQUOTA;
4403 } else if (strncmp(propname, uiq_prefix,
4404 strlen(uiq_prefix)) == 0) {
4405 perm = ZFS_DELEG_PERM_USEROBJQUOTA;
4406 } else if (strncmp(propname, gq_prefix,
4407 strlen(gq_prefix)) == 0) {
4408 perm = ZFS_DELEG_PERM_GROUPQUOTA;
4409 } else if (strncmp(propname, giq_prefix,
4410 strlen(giq_prefix)) == 0) {
4411 perm = ZFS_DELEG_PERM_GROUPOBJQUOTA;
4412 } else if (strncmp(propname, pq_prefix,
4413 strlen(pq_prefix)) == 0) {
4414 perm = ZFS_DELEG_PERM_PROJECTQUOTA;
4415 } else if (strncmp(propname, piq_prefix,
4416 strlen(piq_prefix)) == 0) {
4417 perm = ZFS_DELEG_PERM_PROJECTOBJQUOTA;
4419 /* {USER|GROUP|PROJECT}USED are read-only */
4420 return (SET_ERROR(EINVAL));
4423 if ((err = zfs_secpolicy_write_perms(dsname, perm, cr)))
4428 return (SET_ERROR(EINVAL));
4432 return (SET_ERROR(EINVAL));
4434 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
4436 * dsl_prop_get_all_impl() returns properties in this
4440 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
4441 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
4446 * Check that this value is valid for this pool version
4449 case ZFS_PROP_COMPRESSION:
4451 * If the user specified gzip compression, make sure
4452 * the SPA supports it. We ignore any errors here since
4453 * we'll catch them later.
4455 if (nvpair_value_uint64(pair, &intval) == 0) {
4456 compval = ZIO_COMPRESS_ALGO(intval);
4457 if (compval >= ZIO_COMPRESS_GZIP_1 &&
4458 compval <= ZIO_COMPRESS_GZIP_9 &&
4459 zfs_earlier_version(dsname,
4460 SPA_VERSION_GZIP_COMPRESSION)) {
4461 return (SET_ERROR(ENOTSUP));
4464 if (compval == ZIO_COMPRESS_ZLE &&
4465 zfs_earlier_version(dsname,
4466 SPA_VERSION_ZLE_COMPRESSION))
4467 return (SET_ERROR(ENOTSUP));
4469 if (compval == ZIO_COMPRESS_LZ4) {
4472 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4475 if (!spa_feature_is_enabled(spa,
4476 SPA_FEATURE_LZ4_COMPRESS)) {
4477 spa_close(spa, FTAG);
4478 return (SET_ERROR(ENOTSUP));
4480 spa_close(spa, FTAG);
4483 if (compval == ZIO_COMPRESS_ZSTD) {
4486 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4489 if (!spa_feature_is_enabled(spa,
4490 SPA_FEATURE_ZSTD_COMPRESS)) {
4491 spa_close(spa, FTAG);
4492 return (SET_ERROR(ENOTSUP));
4494 spa_close(spa, FTAG);
4499 case ZFS_PROP_COPIES:
4500 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS))
4501 return (SET_ERROR(ENOTSUP));
4504 case ZFS_PROP_VOLBLOCKSIZE:
4505 case ZFS_PROP_RECORDSIZE:
4506 /* Record sizes above 128k need the feature to be enabled */
4507 if (nvpair_value_uint64(pair, &intval) == 0 &&
4508 intval > SPA_OLD_MAXBLOCKSIZE) {
4512 * We don't allow setting the property above 1MB,
4513 * unless the tunable has been changed.
4515 if (intval > zfs_max_recordsize ||
4516 intval > SPA_MAXBLOCKSIZE)
4517 return (SET_ERROR(ERANGE));
4519 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4522 if (!spa_feature_is_enabled(spa,
4523 SPA_FEATURE_LARGE_BLOCKS)) {
4524 spa_close(spa, FTAG);
4525 return (SET_ERROR(ENOTSUP));
4527 spa_close(spa, FTAG);
4531 case ZFS_PROP_DNODESIZE:
4532 /* Dnode sizes above 512 need the feature to be enabled */
4533 if (nvpair_value_uint64(pair, &intval) == 0 &&
4534 intval != ZFS_DNSIZE_LEGACY) {
4537 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4540 if (!spa_feature_is_enabled(spa,
4541 SPA_FEATURE_LARGE_DNODE)) {
4542 spa_close(spa, FTAG);
4543 return (SET_ERROR(ENOTSUP));
4545 spa_close(spa, FTAG);
4549 case ZFS_PROP_SPECIAL_SMALL_BLOCKS:
4551 * This property could require the allocation classes
4552 * feature to be active for setting, however we allow
4553 * it so that tests of settable properties succeed.
4554 * The CLI will issue a warning in this case.
4558 case ZFS_PROP_SHARESMB:
4559 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID))
4560 return (SET_ERROR(ENOTSUP));
4563 case ZFS_PROP_ACLINHERIT:
4564 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
4565 nvpair_value_uint64(pair, &intval) == 0) {
4566 if (intval == ZFS_ACL_PASSTHROUGH_X &&
4567 zfs_earlier_version(dsname,
4568 SPA_VERSION_PASSTHROUGH_X))
4569 return (SET_ERROR(ENOTSUP));
4572 case ZFS_PROP_CHECKSUM:
4573 case ZFS_PROP_DEDUP:
4575 spa_feature_t feature;
4579 /* dedup feature version checks */
4580 if (prop == ZFS_PROP_DEDUP &&
4581 zfs_earlier_version(dsname, SPA_VERSION_DEDUP))
4582 return (SET_ERROR(ENOTSUP));
4584 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
4585 nvpair_value_uint64(pair, &intval) == 0) {
4586 /* check prop value is enabled in features */
4587 feature = zio_checksum_to_feature(
4588 intval & ZIO_CHECKSUM_MASK);
4589 if (feature == SPA_FEATURE_NONE)
4592 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4595 if (!spa_feature_is_enabled(spa, feature)) {
4596 spa_close(spa, FTAG);
4597 return (SET_ERROR(ENOTSUP));
4599 spa_close(spa, FTAG);
4608 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED()));
4612 * Removes properties from the given props list that fail permission checks
4613 * needed to clear them and to restore them in case of a receive error. For each
4614 * property, make sure we have both set and inherit permissions.
4616 * Returns the first error encountered if any permission checks fail. If the
4617 * caller provides a non-NULL errlist, it also gives the complete list of names
4618 * of all the properties that failed a permission check along with the
4619 * corresponding error numbers. The caller is responsible for freeing the
4622 * If every property checks out successfully, zero is returned and the list
4623 * pointed at by errlist is NULL.
4626 zfs_check_clearable(const char *dataset, nvlist_t *props, nvlist_t **errlist)
4629 nvpair_t *pair, *next_pair;
4636 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
4638 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP);
4639 (void) strlcpy(zc->zc_name, dataset, sizeof (zc->zc_name));
4640 pair = nvlist_next_nvpair(props, NULL);
4641 while (pair != NULL) {
4642 next_pair = nvlist_next_nvpair(props, pair);
4644 (void) strlcpy(zc->zc_value, nvpair_name(pair),
4645 sizeof (zc->zc_value));
4646 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 ||
4647 (err = zfs_secpolicy_inherit_prop(zc, NULL, CRED())) != 0) {
4648 VERIFY(nvlist_remove_nvpair(props, pair) == 0);
4649 VERIFY(nvlist_add_int32(errors,
4650 zc->zc_value, err) == 0);
4654 kmem_free(zc, sizeof (zfs_cmd_t));
4656 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
4657 nvlist_free(errors);
4660 VERIFY(nvpair_value_int32(pair, &rv) == 0);
4663 if (errlist == NULL)
4664 nvlist_free(errors);
4672 propval_equals(nvpair_t *p1, nvpair_t *p2)
4674 if (nvpair_type(p1) == DATA_TYPE_NVLIST) {
4675 /* dsl_prop_get_all_impl() format */
4677 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0);
4678 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
4682 if (nvpair_type(p2) == DATA_TYPE_NVLIST) {
4684 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0);
4685 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
4689 if (nvpair_type(p1) != nvpair_type(p2))
4692 if (nvpair_type(p1) == DATA_TYPE_STRING) {
4693 char *valstr1, *valstr2;
4695 VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0);
4696 VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0);
4697 return (strcmp(valstr1, valstr2) == 0);
4699 uint64_t intval1, intval2;
4701 VERIFY(nvpair_value_uint64(p1, &intval1) == 0);
4702 VERIFY(nvpair_value_uint64(p2, &intval2) == 0);
4703 return (intval1 == intval2);
4708 * Remove properties from props if they are not going to change (as determined
4709 * by comparison with origprops). Remove them from origprops as well, since we
4710 * do not need to clear or restore properties that won't change.
4713 props_reduce(nvlist_t *props, nvlist_t *origprops)
4715 nvpair_t *pair, *next_pair;
4717 if (origprops == NULL)
4718 return; /* all props need to be received */
4720 pair = nvlist_next_nvpair(props, NULL);
4721 while (pair != NULL) {
4722 const char *propname = nvpair_name(pair);
4725 next_pair = nvlist_next_nvpair(props, pair);
4727 if ((nvlist_lookup_nvpair(origprops, propname,
4728 &match) != 0) || !propval_equals(pair, match))
4729 goto next; /* need to set received value */
4731 /* don't clear the existing received value */
4732 (void) nvlist_remove_nvpair(origprops, match);
4733 /* don't bother receiving the property */
4734 (void) nvlist_remove_nvpair(props, pair);
4741 * Extract properties that cannot be set PRIOR to the receipt of a dataset.
4742 * For example, refquota cannot be set until after the receipt of a dataset,
4743 * because in replication streams, an older/earlier snapshot may exceed the
4744 * refquota. We want to receive the older/earlier snapshot, but setting
4745 * refquota pre-receipt will set the dsl's ACTUAL quota, which will prevent
4746 * the older/earlier snapshot from being received (with EDQUOT).
4748 * The ZFS test "zfs_receive_011_pos" demonstrates such a scenario.
4750 * libzfs will need to be judicious handling errors encountered by props
4751 * extracted by this function.
4754 extract_delay_props(nvlist_t *props)
4756 nvlist_t *delayprops;
4757 nvpair_t *nvp, *tmp;
4758 static const zfs_prop_t delayable[] = {
4760 ZFS_PROP_KEYLOCATION,
4765 VERIFY(nvlist_alloc(&delayprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
4767 for (nvp = nvlist_next_nvpair(props, NULL); nvp != NULL;
4768 nvp = nvlist_next_nvpair(props, nvp)) {
4770 * strcmp() is safe because zfs_prop_to_name() always returns
4773 for (i = 0; delayable[i] != 0; i++) {
4774 if (strcmp(zfs_prop_to_name(delayable[i]),
4775 nvpair_name(nvp)) == 0) {
4779 if (delayable[i] != 0) {
4780 tmp = nvlist_prev_nvpair(props, nvp);
4781 VERIFY(nvlist_add_nvpair(delayprops, nvp) == 0);
4782 VERIFY(nvlist_remove_nvpair(props, nvp) == 0);
4787 if (nvlist_empty(delayprops)) {
4788 nvlist_free(delayprops);
4791 return (delayprops);
4795 zfs_allow_log_destroy(void *arg)
4797 char *poolname = arg;
4799 if (poolname != NULL)
4800 kmem_strfree(poolname);
4804 static boolean_t zfs_ioc_recv_inject_err;
4808 * nvlist 'errors' is always allocated. It will contain descriptions of
4809 * encountered errors, if any. It's the callers responsibility to free.
4812 zfs_ioc_recv_impl(char *tofs, char *tosnap, char *origin, nvlist_t *recvprops,
4813 nvlist_t *localprops, nvlist_t *hidden_args, boolean_t force,
4814 boolean_t resumable, int input_fd,
4815 dmu_replay_record_t *begin_record, uint64_t *read_bytes,
4816 uint64_t *errflags, nvlist_t **errors)
4818 dmu_recv_cookie_t drc;
4820 int props_error = 0;
4822 nvlist_t *local_delayprops = NULL;
4823 nvlist_t *recv_delayprops = NULL;
4824 nvlist_t *origprops = NULL; /* existing properties */
4825 nvlist_t *origrecvd = NULL; /* existing received properties */
4826 boolean_t first_recvd_props = B_FALSE;
4827 boolean_t tofs_was_redacted;
4828 zfs_file_t *input_fp;
4832 *errors = fnvlist_alloc();
4835 if ((error = zfs_file_get(input_fd, &input_fp)))
4838 noff = off = zfs_file_off(input_fp);
4839 error = dmu_recv_begin(tofs, tosnap, begin_record, force,
4840 resumable, localprops, hidden_args, origin, &drc, input_fp,
4844 tofs_was_redacted = dsl_get_redacted(drc.drc_ds);
4847 * Set properties before we receive the stream so that they are applied
4848 * to the new data. Note that we must call dmu_recv_stream() if
4849 * dmu_recv_begin() succeeds.
4851 if (recvprops != NULL && !drc.drc_newfs) {
4852 if (spa_version(dsl_dataset_get_spa(drc.drc_ds)) >=
4853 SPA_VERSION_RECVD_PROPS &&
4854 !dsl_prop_get_hasrecvd(tofs))
4855 first_recvd_props = B_TRUE;
4858 * If new received properties are supplied, they are to
4859 * completely replace the existing received properties,
4860 * so stash away the existing ones.
4862 if (dsl_prop_get_received(tofs, &origrecvd) == 0) {
4863 nvlist_t *errlist = NULL;
4865 * Don't bother writing a property if its value won't
4866 * change (and avoid the unnecessary security checks).
4868 * The first receive after SPA_VERSION_RECVD_PROPS is a
4869 * special case where we blow away all local properties
4872 if (!first_recvd_props)
4873 props_reduce(recvprops, origrecvd);
4874 if (zfs_check_clearable(tofs, origrecvd, &errlist) != 0)
4875 (void) nvlist_merge(*errors, errlist, 0);
4876 nvlist_free(errlist);
4878 if (clear_received_props(tofs, origrecvd,
4879 first_recvd_props ? NULL : recvprops) != 0)
4880 *errflags |= ZPROP_ERR_NOCLEAR;
4882 *errflags |= ZPROP_ERR_NOCLEAR;
4887 * Stash away existing properties so we can restore them on error unless
4888 * we're doing the first receive after SPA_VERSION_RECVD_PROPS, in which
4889 * case "origrecvd" will take care of that.
4891 if (localprops != NULL && !drc.drc_newfs && !first_recvd_props) {
4893 if (dmu_objset_hold(tofs, FTAG, &os) == 0) {
4894 if (dsl_prop_get_all(os, &origprops) != 0) {
4895 *errflags |= ZPROP_ERR_NOCLEAR;
4897 dmu_objset_rele(os, FTAG);
4899 *errflags |= ZPROP_ERR_NOCLEAR;
4903 if (recvprops != NULL) {
4904 props_error = dsl_prop_set_hasrecvd(tofs);
4906 if (props_error == 0) {
4907 recv_delayprops = extract_delay_props(recvprops);
4908 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
4909 recvprops, *errors);
4913 if (localprops != NULL) {
4914 nvlist_t *oprops = fnvlist_alloc();
4915 nvlist_t *xprops = fnvlist_alloc();
4916 nvpair_t *nvp = NULL;
4918 while ((nvp = nvlist_next_nvpair(localprops, nvp)) != NULL) {
4919 if (nvpair_type(nvp) == DATA_TYPE_BOOLEAN) {
4921 const char *name = nvpair_name(nvp);
4922 zfs_prop_t prop = zfs_name_to_prop(name);
4923 if (prop != ZPROP_INVAL) {
4924 if (!zfs_prop_inheritable(prop))
4926 } else if (!zfs_prop_user(name))
4928 fnvlist_add_boolean(xprops, name);
4930 /* -o property=value */
4931 fnvlist_add_nvpair(oprops, nvp);
4935 local_delayprops = extract_delay_props(oprops);
4936 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL,
4938 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED,
4941 nvlist_free(oprops);
4942 nvlist_free(xprops);
4945 error = dmu_recv_stream(&drc, &off);
4948 zfsvfs_t *zfsvfs = NULL;
4949 zvol_state_handle_t *zv = NULL;
4951 if (getzfsvfs(tofs, &zfsvfs) == 0) {
4955 boolean_t stream_is_redacted = DMU_GET_FEATUREFLAGS(
4956 begin_record->drr_u.drr_begin.
4957 drr_versioninfo) & DMU_BACKUP_FEATURE_REDACTED;
4959 ds = dmu_objset_ds(zfsvfs->z_os);
4960 error = zfs_suspend_fs(zfsvfs);
4962 * If the suspend fails, then the recv_end will
4963 * likely also fail, and clean up after itself.
4965 end_err = dmu_recv_end(&drc, zfsvfs);
4967 * If the dataset was not redacted, but we received a
4968 * redacted stream onto it, we need to unmount the
4969 * dataset. Otherwise, resume the filesystem.
4971 if (error == 0 && !drc.drc_newfs &&
4972 stream_is_redacted && !tofs_was_redacted) {
4973 error = zfs_end_fs(zfsvfs, ds);
4974 } else if (error == 0) {
4975 error = zfs_resume_fs(zfsvfs, ds);
4977 error = error ? error : end_err;
4978 zfs_vfs_rele(zfsvfs);
4979 } else if ((zv = zvol_suspend(tofs)) != NULL) {
4980 error = dmu_recv_end(&drc, zvol_tag(zv));
4983 error = dmu_recv_end(&drc, NULL);
4986 /* Set delayed properties now, after we're done receiving. */
4987 if (recv_delayprops != NULL && error == 0) {
4988 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
4989 recv_delayprops, *errors);
4991 if (local_delayprops != NULL && error == 0) {
4992 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL,
4993 local_delayprops, *errors);
4998 * Merge delayed props back in with initial props, in case
4999 * we're DEBUG and zfs_ioc_recv_inject_err is set (which means
5000 * we have to make sure clear_received_props() includes
5001 * the delayed properties).
5003 * Since zfs_ioc_recv_inject_err is only in DEBUG kernels,
5004 * using ASSERT() will be just like a VERIFY.
5006 if (recv_delayprops != NULL) {
5007 ASSERT(nvlist_merge(recvprops, recv_delayprops, 0) == 0);
5008 nvlist_free(recv_delayprops);
5010 if (local_delayprops != NULL) {
5011 ASSERT(nvlist_merge(localprops, local_delayprops, 0) == 0);
5012 nvlist_free(local_delayprops);
5014 *read_bytes = off - noff;
5017 if (zfs_ioc_recv_inject_err) {
5018 zfs_ioc_recv_inject_err = B_FALSE;
5024 * On error, restore the original props.
5026 if (error != 0 && recvprops != NULL && !drc.drc_newfs) {
5027 if (clear_received_props(tofs, recvprops, NULL) != 0) {
5029 * We failed to clear the received properties.
5030 * Since we may have left a $recvd value on the
5031 * system, we can't clear the $hasrecvd flag.
5033 *errflags |= ZPROP_ERR_NORESTORE;
5034 } else if (first_recvd_props) {
5035 dsl_prop_unset_hasrecvd(tofs);
5038 if (origrecvd == NULL && !drc.drc_newfs) {
5039 /* We failed to stash the original properties. */
5040 *errflags |= ZPROP_ERR_NORESTORE;
5044 * dsl_props_set() will not convert RECEIVED to LOCAL on or
5045 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL
5046 * explicitly if we're restoring local properties cleared in the
5047 * first new-style receive.
5049 if (origrecvd != NULL &&
5050 zfs_set_prop_nvlist(tofs, (first_recvd_props ?
5051 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED),
5052 origrecvd, NULL) != 0) {
5054 * We stashed the original properties but failed to
5057 *errflags |= ZPROP_ERR_NORESTORE;
5060 if (error != 0 && localprops != NULL && !drc.drc_newfs &&
5061 !first_recvd_props) {
5063 nvlist_t *inheritprops;
5066 if (origprops == NULL) {
5067 /* We failed to stash the original properties. */
5068 *errflags |= ZPROP_ERR_NORESTORE;
5072 /* Restore original props */
5073 setprops = fnvlist_alloc();
5074 inheritprops = fnvlist_alloc();
5076 while ((nvp = nvlist_next_nvpair(localprops, nvp)) != NULL) {
5077 const char *name = nvpair_name(nvp);
5081 if (!nvlist_exists(origprops, name)) {
5083 * Property was not present or was explicitly
5084 * inherited before the receive, restore this.
5086 fnvlist_add_boolean(inheritprops, name);
5089 attrs = fnvlist_lookup_nvlist(origprops, name);
5090 source = fnvlist_lookup_string(attrs, ZPROP_SOURCE);
5092 /* Skip received properties */
5093 if (strcmp(source, ZPROP_SOURCE_VAL_RECVD) == 0)
5096 if (strcmp(source, tofs) == 0) {
5097 /* Property was locally set */
5098 fnvlist_add_nvlist(setprops, name, attrs);
5100 /* Property was implicitly inherited */
5101 fnvlist_add_boolean(inheritprops, name);
5105 if (zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL, setprops,
5107 *errflags |= ZPROP_ERR_NORESTORE;
5108 if (zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED, inheritprops,
5110 *errflags |= ZPROP_ERR_NORESTORE;
5112 nvlist_free(setprops);
5113 nvlist_free(inheritprops);
5116 zfs_file_put(input_fd);
5117 nvlist_free(origrecvd);
5118 nvlist_free(origprops);
5121 error = props_error;
5128 * zc_name name of containing filesystem (unused)
5129 * zc_nvlist_src{_size} nvlist of properties to apply
5130 * zc_nvlist_conf{_size} nvlist of properties to exclude
5131 * (DATA_TYPE_BOOLEAN) and override (everything else)
5132 * zc_value name of snapshot to create
5133 * zc_string name of clone origin (if DRR_FLAG_CLONE)
5134 * zc_cookie file descriptor to recv from
5135 * zc_begin_record the BEGIN record of the stream (not byteswapped)
5136 * zc_guid force flag
5139 * zc_cookie number of bytes read
5140 * zc_obj zprop_errflags_t
5141 * zc_nvlist_dst{_size} error for each unapplied received property
5144 zfs_ioc_recv(zfs_cmd_t *zc)
5146 dmu_replay_record_t begin_record;
5147 nvlist_t *errors = NULL;
5148 nvlist_t *recvdprops = NULL;
5149 nvlist_t *localprops = NULL;
5150 char *origin = NULL;
5152 char tofs[ZFS_MAX_DATASET_NAME_LEN];
5155 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
5156 strchr(zc->zc_value, '@') == NULL ||
5157 strchr(zc->zc_value, '%'))
5158 return (SET_ERROR(EINVAL));
5160 (void) strlcpy(tofs, zc->zc_value, sizeof (tofs));
5161 tosnap = strchr(tofs, '@');
5164 if (zc->zc_nvlist_src != 0 &&
5165 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
5166 zc->zc_iflags, &recvdprops)) != 0)
5169 if (zc->zc_nvlist_conf != 0 &&
5170 (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
5171 zc->zc_iflags, &localprops)) != 0)
5174 if (zc->zc_string[0])
5175 origin = zc->zc_string;
5177 begin_record.drr_type = DRR_BEGIN;
5178 begin_record.drr_payloadlen = 0;
5179 begin_record.drr_u.drr_begin = zc->zc_begin_record;
5181 error = zfs_ioc_recv_impl(tofs, tosnap, origin, recvdprops, localprops,
5182 NULL, zc->zc_guid, B_FALSE, zc->zc_cookie, &begin_record,
5183 &zc->zc_cookie, &zc->zc_obj, &errors);
5184 nvlist_free(recvdprops);
5185 nvlist_free(localprops);
5188 * Now that all props, initial and delayed, are set, report the prop
5189 * errors to the caller.
5191 if (zc->zc_nvlist_dst_size != 0 && errors != NULL &&
5192 (nvlist_smush(errors, zc->zc_nvlist_dst_size) != 0 ||
5193 put_nvlist(zc, errors) != 0)) {
5195 * Caller made zc->zc_nvlist_dst less than the minimum expected
5196 * size or supplied an invalid address.
5198 error = SET_ERROR(EINVAL);
5201 nvlist_free(errors);
5208 * "snapname" -> full name of the snapshot to create
5209 * (optional) "props" -> received properties to set (nvlist)
5210 * (optional) "localprops" -> override and exclude properties (nvlist)
5211 * (optional) "origin" -> name of clone origin (DRR_FLAG_CLONE)
5212 * "begin_record" -> non-byteswapped dmu_replay_record_t
5213 * "input_fd" -> file descriptor to read stream from (int32)
5214 * (optional) "force" -> force flag (value ignored)
5215 * (optional) "resumable" -> resumable flag (value ignored)
5216 * (optional) "cleanup_fd" -> unused
5217 * (optional) "action_handle" -> unused
5218 * (optional) "hidden_args" -> { "wkeydata" -> value }
5222 * "read_bytes" -> number of bytes read
5223 * "error_flags" -> zprop_errflags_t
5224 * "errors" -> error for each unapplied received property (nvlist)
5227 static const zfs_ioc_key_t zfs_keys_recv_new[] = {
5228 {"snapname", DATA_TYPE_STRING, 0},
5229 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
5230 {"localprops", DATA_TYPE_NVLIST, ZK_OPTIONAL},
5231 {"origin", DATA_TYPE_STRING, ZK_OPTIONAL},
5232 {"begin_record", DATA_TYPE_BYTE_ARRAY, 0},
5233 {"input_fd", DATA_TYPE_INT32, 0},
5234 {"force", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
5235 {"resumable", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
5236 {"cleanup_fd", DATA_TYPE_INT32, ZK_OPTIONAL},
5237 {"action_handle", DATA_TYPE_UINT64, ZK_OPTIONAL},
5238 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
5242 zfs_ioc_recv_new(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
5244 dmu_replay_record_t *begin_record;
5245 uint_t begin_record_size;
5246 nvlist_t *errors = NULL;
5247 nvlist_t *recvprops = NULL;
5248 nvlist_t *localprops = NULL;
5249 nvlist_t *hidden_args = NULL;
5251 char *origin = NULL;
5253 char tofs[ZFS_MAX_DATASET_NAME_LEN];
5255 boolean_t resumable;
5256 uint64_t read_bytes = 0;
5257 uint64_t errflags = 0;
5261 snapname = fnvlist_lookup_string(innvl, "snapname");
5263 if (dataset_namecheck(snapname, NULL, NULL) != 0 ||
5264 strchr(snapname, '@') == NULL ||
5265 strchr(snapname, '%'))
5266 return (SET_ERROR(EINVAL));
5268 (void) strlcpy(tofs, snapname, sizeof (tofs));
5269 tosnap = strchr(tofs, '@');
5272 error = nvlist_lookup_string(innvl, "origin", &origin);
5273 if (error && error != ENOENT)
5276 error = nvlist_lookup_byte_array(innvl, "begin_record",
5277 (uchar_t **)&begin_record, &begin_record_size);
5278 if (error != 0 || begin_record_size != sizeof (*begin_record))
5279 return (SET_ERROR(EINVAL));
5281 input_fd = fnvlist_lookup_int32(innvl, "input_fd");
5283 force = nvlist_exists(innvl, "force");
5284 resumable = nvlist_exists(innvl, "resumable");
5286 /* we still use "props" here for backwards compatibility */
5287 error = nvlist_lookup_nvlist(innvl, "props", &recvprops);
5288 if (error && error != ENOENT)
5291 error = nvlist_lookup_nvlist(innvl, "localprops", &localprops);
5292 if (error && error != ENOENT)
5295 error = nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args);
5296 if (error && error != ENOENT)
5299 error = zfs_ioc_recv_impl(tofs, tosnap, origin, recvprops, localprops,
5300 hidden_args, force, resumable, input_fd, begin_record,
5301 &read_bytes, &errflags, &errors);
5303 fnvlist_add_uint64(outnvl, "read_bytes", read_bytes);
5304 fnvlist_add_uint64(outnvl, "error_flags", errflags);
5305 fnvlist_add_nvlist(outnvl, "errors", errors);
5307 nvlist_free(errors);
5308 nvlist_free(recvprops);
5309 nvlist_free(localprops);
5314 typedef struct dump_bytes_io {
5322 dump_bytes_cb(void *arg)
5324 dump_bytes_io_t *dbi = (dump_bytes_io_t *)arg;
5331 dbi->dbi_err = zfs_file_write(fp, buf, dbi->dbi_len, NULL);
5335 dump_bytes(objset_t *os, void *buf, int len, void *arg)
5337 dump_bytes_io_t dbi;
5343 #if defined(HAVE_LARGE_STACKS)
5344 dump_bytes_cb(&dbi);
5347 * The vn_rdwr() call is performed in a taskq to ensure that there is
5348 * always enough stack space to write safely to the target filesystem.
5349 * The ZIO_TYPE_FREE threads are used because there can be a lot of
5350 * them and they are used in vdev_file.c for a similar purpose.
5352 spa_taskq_dispatch_sync(dmu_objset_spa(os), ZIO_TYPE_FREE,
5353 ZIO_TASKQ_ISSUE, dump_bytes_cb, &dbi, TQ_SLEEP);
5354 #endif /* HAVE_LARGE_STACKS */
5356 return (dbi.dbi_err);
5361 * zc_name name of snapshot to send
5362 * zc_cookie file descriptor to send stream to
5363 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj)
5364 * zc_sendobj objsetid of snapshot to send
5365 * zc_fromobj objsetid of incremental fromsnap (may be zero)
5366 * zc_guid if set, estimate size of stream only. zc_cookie is ignored.
5367 * output size in zc_objset_type.
5368 * zc_flags lzc_send_flags
5371 * zc_objset_type estimated size, if zc_guid is set
5373 * NOTE: This is no longer the preferred interface, any new functionality
5374 * should be added to zfs_ioc_send_new() instead.
5377 zfs_ioc_send(zfs_cmd_t *zc)
5381 boolean_t estimate = (zc->zc_guid != 0);
5382 boolean_t embedok = (zc->zc_flags & 0x1);
5383 boolean_t large_block_ok = (zc->zc_flags & 0x2);
5384 boolean_t compressok = (zc->zc_flags & 0x4);
5385 boolean_t rawok = (zc->zc_flags & 0x8);
5386 boolean_t savedok = (zc->zc_flags & 0x10);
5388 if (zc->zc_obj != 0) {
5390 dsl_dataset_t *tosnap;
5392 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
5396 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &tosnap);
5398 dsl_pool_rele(dp, FTAG);
5402 if (dsl_dir_is_clone(tosnap->ds_dir))
5404 dsl_dir_phys(tosnap->ds_dir)->dd_origin_obj;
5405 dsl_dataset_rele(tosnap, FTAG);
5406 dsl_pool_rele(dp, FTAG);
5411 dsl_dataset_t *tosnap;
5412 dsl_dataset_t *fromsnap = NULL;
5414 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
5418 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj,
5421 dsl_pool_rele(dp, FTAG);
5425 if (zc->zc_fromobj != 0) {
5426 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj,
5429 dsl_dataset_rele(tosnap, FTAG);
5430 dsl_pool_rele(dp, FTAG);
5435 error = dmu_send_estimate_fast(tosnap, fromsnap, NULL,
5436 compressok || rawok, savedok, &zc->zc_objset_type);
5438 if (fromsnap != NULL)
5439 dsl_dataset_rele(fromsnap, FTAG);
5440 dsl_dataset_rele(tosnap, FTAG);
5441 dsl_pool_rele(dp, FTAG);
5444 dmu_send_outparams_t out = {0};
5446 if ((error = zfs_file_get(zc->zc_cookie, &fp)))
5449 off = zfs_file_off(fp);
5450 out.dso_outfunc = dump_bytes;
5452 out.dso_dryrun = B_FALSE;
5453 error = dmu_send_obj(zc->zc_name, zc->zc_sendobj,
5454 zc->zc_fromobj, embedok, large_block_ok, compressok,
5455 rawok, savedok, zc->zc_cookie, &off, &out);
5457 zfs_file_put(zc->zc_cookie);
5464 * zc_name name of snapshot on which to report progress
5465 * zc_cookie file descriptor of send stream
5468 * zc_cookie number of bytes written in send stream thus far
5469 * zc_objset_type logical size of data traversed by send thus far
5472 zfs_ioc_send_progress(zfs_cmd_t *zc)
5476 dmu_sendstatus_t *dsp = NULL;
5479 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
5483 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds);
5485 dsl_pool_rele(dp, FTAG);
5489 mutex_enter(&ds->ds_sendstream_lock);
5492 * Iterate over all the send streams currently active on this dataset.
5493 * If there's one which matches the specified file descriptor _and_ the
5494 * stream was started by the current process, return the progress of
5498 for (dsp = list_head(&ds->ds_sendstreams); dsp != NULL;
5499 dsp = list_next(&ds->ds_sendstreams, dsp)) {
5500 if (dsp->dss_outfd == zc->zc_cookie &&
5501 zfs_proc_is_caller(dsp->dss_proc))
5506 zc->zc_cookie = atomic_cas_64((volatile uint64_t *)dsp->dss_off,
5508 /* This is the closest thing we have to atomic_read_64. */
5509 zc->zc_objset_type = atomic_cas_64(&dsp->dss_blocks, 0, 0);
5511 error = SET_ERROR(ENOENT);
5514 mutex_exit(&ds->ds_sendstream_lock);
5515 dsl_dataset_rele(ds, FTAG);
5516 dsl_pool_rele(dp, FTAG);
5521 zfs_ioc_inject_fault(zfs_cmd_t *zc)
5525 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id,
5526 &zc->zc_inject_record);
5529 zc->zc_guid = (uint64_t)id;
5535 zfs_ioc_clear_fault(zfs_cmd_t *zc)
5537 return (zio_clear_fault((int)zc->zc_guid));
5541 zfs_ioc_inject_list_next(zfs_cmd_t *zc)
5543 int id = (int)zc->zc_guid;
5546 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name),
5547 &zc->zc_inject_record);
5555 zfs_ioc_error_log(zfs_cmd_t *zc)
5559 size_t count = (size_t)zc->zc_nvlist_dst_size;
5561 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
5564 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst,
5567 zc->zc_nvlist_dst_size = count;
5569 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa);
5571 spa_close(spa, FTAG);
5577 zfs_ioc_clear(zfs_cmd_t *zc)
5584 * On zpool clear we also fix up missing slogs
5586 mutex_enter(&spa_namespace_lock);
5587 spa = spa_lookup(zc->zc_name);
5589 mutex_exit(&spa_namespace_lock);
5590 return (SET_ERROR(EIO));
5592 if (spa_get_log_state(spa) == SPA_LOG_MISSING) {
5593 /* we need to let spa_open/spa_load clear the chains */
5594 spa_set_log_state(spa, SPA_LOG_CLEAR);
5596 spa->spa_last_open_failed = 0;
5597 mutex_exit(&spa_namespace_lock);
5599 if (zc->zc_cookie & ZPOOL_NO_REWIND) {
5600 error = spa_open(zc->zc_name, &spa, FTAG);
5603 nvlist_t *config = NULL;
5605 if (zc->zc_nvlist_src == 0)
5606 return (SET_ERROR(EINVAL));
5608 if ((error = get_nvlist(zc->zc_nvlist_src,
5609 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) {
5610 error = spa_open_rewind(zc->zc_name, &spa, FTAG,
5612 if (config != NULL) {
5615 if ((err = put_nvlist(zc, config)) != 0)
5617 nvlist_free(config);
5619 nvlist_free(policy);
5627 * If multihost is enabled, resuming I/O is unsafe as another
5628 * host may have imported the pool.
5630 if (spa_multihost(spa) && spa_suspended(spa))
5631 return (SET_ERROR(EINVAL));
5633 spa_vdev_state_enter(spa, SCL_NONE);
5635 if (zc->zc_guid == 0) {
5638 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE);
5640 error = SET_ERROR(ENODEV);
5641 (void) spa_vdev_state_exit(spa, NULL, error);
5642 spa_close(spa, FTAG);
5647 vdev_clear(spa, vd);
5649 (void) spa_vdev_state_exit(spa, spa_suspended(spa) ?
5650 NULL : spa->spa_root_vdev, 0);
5653 * Resume any suspended I/Os.
5655 if (zio_resume(spa) != 0)
5656 error = SET_ERROR(EIO);
5658 spa_close(spa, FTAG);
5664 * Reopen all the vdevs associated with the pool.
5667 * "scrub_restart" -> when true and scrub is running, allow to restart
5668 * scrub as the side effect of the reopen (boolean).
5673 static const zfs_ioc_key_t zfs_keys_pool_reopen[] = {
5674 {"scrub_restart", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
5679 zfs_ioc_pool_reopen(const char *pool, nvlist_t *innvl, nvlist_t *outnvl)
5683 boolean_t rc, scrub_restart = B_TRUE;
5686 error = nvlist_lookup_boolean_value(innvl,
5687 "scrub_restart", &rc);
5692 error = spa_open(pool, &spa, FTAG);
5696 spa_vdev_state_enter(spa, SCL_NONE);
5699 * If the scrub_restart flag is B_FALSE and a scrub is already
5700 * in progress then set spa_scrub_reopen flag to B_TRUE so that
5701 * we don't restart the scrub as a side effect of the reopen.
5702 * Otherwise, let vdev_open() decided if a resilver is required.
5705 spa->spa_scrub_reopen = (!scrub_restart &&
5706 dsl_scan_scrubbing(spa->spa_dsl_pool));
5707 vdev_reopen(spa->spa_root_vdev);
5708 spa->spa_scrub_reopen = B_FALSE;
5710 (void) spa_vdev_state_exit(spa, NULL, 0);
5711 spa_close(spa, FTAG);
5717 * zc_name name of filesystem
5720 * zc_string name of conflicting snapshot, if there is one
5723 zfs_ioc_promote(zfs_cmd_t *zc)
5726 dsl_dataset_t *ds, *ods;
5727 char origin[ZFS_MAX_DATASET_NAME_LEN];
5731 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
5732 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0 ||
5733 strchr(zc->zc_name, '%'))
5734 return (SET_ERROR(EINVAL));
5736 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
5740 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds);
5742 dsl_pool_rele(dp, FTAG);
5746 if (!dsl_dir_is_clone(ds->ds_dir)) {
5747 dsl_dataset_rele(ds, FTAG);
5748 dsl_pool_rele(dp, FTAG);
5749 return (SET_ERROR(EINVAL));
5752 error = dsl_dataset_hold_obj(dp,
5753 dsl_dir_phys(ds->ds_dir)->dd_origin_obj, FTAG, &ods);
5755 dsl_dataset_rele(ds, FTAG);
5756 dsl_pool_rele(dp, FTAG);
5760 dsl_dataset_name(ods, origin);
5761 dsl_dataset_rele(ods, FTAG);
5762 dsl_dataset_rele(ds, FTAG);
5763 dsl_pool_rele(dp, FTAG);
5766 * We don't need to unmount *all* the origin fs's snapshots, but
5769 cp = strchr(origin, '@');
5772 (void) dmu_objset_find(origin,
5773 zfs_unmount_snap_cb, NULL, DS_FIND_SNAPSHOTS);
5774 return (dsl_dataset_promote(zc->zc_name, zc->zc_string));
5778 * Retrieve a single {user|group|project}{used|quota}@... property.
5781 * zc_name name of filesystem
5782 * zc_objset_type zfs_userquota_prop_t
5783 * zc_value domain name (eg. "S-1-234-567-89")
5784 * zc_guid RID/UID/GID
5787 * zc_cookie property value
5790 zfs_ioc_userspace_one(zfs_cmd_t *zc)
5795 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
5796 return (SET_ERROR(EINVAL));
5798 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
5802 error = zfs_userspace_one(zfsvfs,
5803 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie);
5804 zfsvfs_rele(zfsvfs, FTAG);
5811 * zc_name name of filesystem
5812 * zc_cookie zap cursor
5813 * zc_objset_type zfs_userquota_prop_t
5814 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist)
5817 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t)
5818 * zc_cookie zap cursor
5821 zfs_ioc_userspace_many(zfs_cmd_t *zc)
5824 int bufsize = zc->zc_nvlist_dst_size;
5827 return (SET_ERROR(ENOMEM));
5829 int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
5833 void *buf = vmem_alloc(bufsize, KM_SLEEP);
5835 error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie,
5836 buf, &zc->zc_nvlist_dst_size);
5839 error = xcopyout(buf,
5840 (void *)(uintptr_t)zc->zc_nvlist_dst,
5841 zc->zc_nvlist_dst_size);
5843 vmem_free(buf, bufsize);
5844 zfsvfs_rele(zfsvfs, FTAG);
5851 * zc_name name of filesystem
5857 zfs_ioc_userspace_upgrade(zfs_cmd_t *zc)
5862 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) {
5863 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) {
5865 * If userused is not enabled, it may be because the
5866 * objset needs to be closed & reopened (to grow the
5867 * objset_phys_t). Suspend/resume the fs will do that.
5869 dsl_dataset_t *ds, *newds;
5871 ds = dmu_objset_ds(zfsvfs->z_os);
5872 error = zfs_suspend_fs(zfsvfs);
5874 dmu_objset_refresh_ownership(ds, &newds,
5876 error = zfs_resume_fs(zfsvfs, newds);
5880 mutex_enter(&zfsvfs->z_os->os_upgrade_lock);
5881 if (zfsvfs->z_os->os_upgrade_id == 0) {
5882 /* clear potential error code and retry */
5883 zfsvfs->z_os->os_upgrade_status = 0;
5884 mutex_exit(&zfsvfs->z_os->os_upgrade_lock);
5886 dsl_pool_config_enter(
5887 dmu_objset_pool(zfsvfs->z_os), FTAG);
5888 dmu_objset_userspace_upgrade(zfsvfs->z_os);
5889 dsl_pool_config_exit(
5890 dmu_objset_pool(zfsvfs->z_os), FTAG);
5892 mutex_exit(&zfsvfs->z_os->os_upgrade_lock);
5895 taskq_wait_id(zfsvfs->z_os->os_spa->spa_upgrade_taskq,
5896 zfsvfs->z_os->os_upgrade_id);
5897 error = zfsvfs->z_os->os_upgrade_status;
5899 zfs_vfs_rele(zfsvfs);
5903 /* XXX kind of reading contents without owning */
5904 error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, FTAG, &os);
5908 mutex_enter(&os->os_upgrade_lock);
5909 if (os->os_upgrade_id == 0) {
5910 /* clear potential error code and retry */
5911 os->os_upgrade_status = 0;
5912 mutex_exit(&os->os_upgrade_lock);
5914 dmu_objset_userspace_upgrade(os);
5916 mutex_exit(&os->os_upgrade_lock);
5919 dsl_pool_rele(dmu_objset_pool(os), FTAG);
5921 taskq_wait_id(os->os_spa->spa_upgrade_taskq, os->os_upgrade_id);
5922 error = os->os_upgrade_status;
5924 dsl_dataset_rele_flags(dmu_objset_ds(os), DS_HOLD_FLAG_DECRYPT,
5932 * zc_name name of filesystem
5938 zfs_ioc_id_quota_upgrade(zfs_cmd_t *zc)
5943 error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, FTAG, &os);
5947 if (dmu_objset_userobjspace_upgradable(os) ||
5948 dmu_objset_projectquota_upgradable(os)) {
5949 mutex_enter(&os->os_upgrade_lock);
5950 if (os->os_upgrade_id == 0) {
5951 /* clear potential error code and retry */
5952 os->os_upgrade_status = 0;
5953 mutex_exit(&os->os_upgrade_lock);
5955 dmu_objset_id_quota_upgrade(os);
5957 mutex_exit(&os->os_upgrade_lock);
5960 dsl_pool_rele(dmu_objset_pool(os), FTAG);
5962 taskq_wait_id(os->os_spa->spa_upgrade_taskq, os->os_upgrade_id);
5963 error = os->os_upgrade_status;
5965 dsl_pool_rele(dmu_objset_pool(os), FTAG);
5968 dsl_dataset_rele_flags(dmu_objset_ds(os), DS_HOLD_FLAG_DECRYPT, FTAG);
5974 zfs_ioc_share(zfs_cmd_t *zc)
5976 return (SET_ERROR(ENOSYS));
5979 ace_t full_access[] = {
5980 {(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0}
5985 * zc_name name of containing filesystem
5986 * zc_obj object # beyond which we want next in-use object #
5989 * zc_obj next in-use object #
5992 zfs_ioc_next_obj(zfs_cmd_t *zc)
5994 objset_t *os = NULL;
5997 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
6001 error = dmu_object_next(os, &zc->zc_obj, B_FALSE, 0);
6003 dmu_objset_rele(os, FTAG);
6009 * zc_name name of filesystem
6010 * zc_value prefix name for snapshot
6011 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process
6014 * zc_value short name of new snapshot
6017 zfs_ioc_tmp_snapshot(zfs_cmd_t *zc)
6024 error = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor);
6028 snap_name = kmem_asprintf("%s-%016llx", zc->zc_value,
6029 (u_longlong_t)ddi_get_lbolt64());
6030 hold_name = kmem_asprintf("%%%s", zc->zc_value);
6032 error = dsl_dataset_snapshot_tmp(zc->zc_name, snap_name, minor,
6035 (void) strlcpy(zc->zc_value, snap_name,
6036 sizeof (zc->zc_value));
6037 kmem_strfree(snap_name);
6038 kmem_strfree(hold_name);
6039 zfs_onexit_fd_rele(zc->zc_cleanup_fd);
6045 * zc_name name of "to" snapshot
6046 * zc_value name of "from" snapshot
6047 * zc_cookie file descriptor to write diff data on
6050 * dmu_diff_record_t's to the file descriptor
6053 zfs_ioc_diff(zfs_cmd_t *zc)
6059 if ((error = zfs_file_get(zc->zc_cookie, &fp)))
6062 off = zfs_file_off(fp);
6063 error = dmu_diff(zc->zc_name, zc->zc_value, fp, &off);
6065 zfs_file_put(zc->zc_cookie);
6071 zfs_ioc_smb_acl(zfs_cmd_t *zc)
6073 return (SET_ERROR(ENOTSUP));
6078 * "holds" -> { snapname -> holdname (string), ... }
6079 * (optional) "cleanup_fd" -> fd (int32)
6083 * snapname -> error value (int32)
6087 static const zfs_ioc_key_t zfs_keys_hold[] = {
6088 {"holds", DATA_TYPE_NVLIST, 0},
6089 {"cleanup_fd", DATA_TYPE_INT32, ZK_OPTIONAL},
6094 zfs_ioc_hold(const char *pool, nvlist_t *args, nvlist_t *errlist)
6098 int cleanup_fd = -1;
6102 holds = fnvlist_lookup_nvlist(args, "holds");
6104 /* make sure the user didn't pass us any invalid (empty) tags */
6105 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL;
6106 pair = nvlist_next_nvpair(holds, pair)) {
6109 error = nvpair_value_string(pair, &htag);
6111 return (SET_ERROR(error));
6113 if (strlen(htag) == 0)
6114 return (SET_ERROR(EINVAL));
6117 if (nvlist_lookup_int32(args, "cleanup_fd", &cleanup_fd) == 0) {
6118 error = zfs_onexit_fd_hold(cleanup_fd, &minor);
6120 return (SET_ERROR(error));
6123 error = dsl_dataset_user_hold(holds, minor, errlist);
6125 zfs_onexit_fd_rele(cleanup_fd);
6126 return (SET_ERROR(error));
6130 * innvl is not used.
6133 * holdname -> time added (uint64 seconds since epoch)
6137 static const zfs_ioc_key_t zfs_keys_get_holds[] = {
6143 zfs_ioc_get_holds(const char *snapname, nvlist_t *args, nvlist_t *outnvl)
6145 return (dsl_dataset_get_holds(snapname, outnvl));
6150 * snapname -> { holdname, ... }
6155 * snapname -> error value (int32)
6159 static const zfs_ioc_key_t zfs_keys_release[] = {
6160 {"<snapname>...", DATA_TYPE_NVLIST, ZK_WILDCARDLIST},
6165 zfs_ioc_release(const char *pool, nvlist_t *holds, nvlist_t *errlist)
6167 return (dsl_dataset_user_release(holds, errlist));
6172 * zc_guid flags (ZEVENT_NONBLOCK)
6173 * zc_cleanup_fd zevent file descriptor
6176 * zc_nvlist_dst next nvlist event
6177 * zc_cookie dropped events since last get
6180 zfs_ioc_events_next(zfs_cmd_t *zc)
6183 nvlist_t *event = NULL;
6185 uint64_t dropped = 0;
6188 error = zfs_zevent_fd_hold(zc->zc_cleanup_fd, &minor, &ze);
6193 error = zfs_zevent_next(ze, &event,
6194 &zc->zc_nvlist_dst_size, &dropped);
6195 if (event != NULL) {
6196 zc->zc_cookie = dropped;
6197 error = put_nvlist(zc, event);
6201 if (zc->zc_guid & ZEVENT_NONBLOCK)
6204 if ((error == 0) || (error != ENOENT))
6207 error = zfs_zevent_wait(ze);
6212 zfs_zevent_fd_rele(zc->zc_cleanup_fd);
6219 * zc_cookie cleared events count
6222 zfs_ioc_events_clear(zfs_cmd_t *zc)
6226 zfs_zevent_drain_all(&count);
6227 zc->zc_cookie = count;
6234 * zc_guid eid | ZEVENT_SEEK_START | ZEVENT_SEEK_END
6235 * zc_cleanup zevent file descriptor
6238 zfs_ioc_events_seek(zfs_cmd_t *zc)
6244 error = zfs_zevent_fd_hold(zc->zc_cleanup_fd, &minor, &ze);
6248 error = zfs_zevent_seek(ze, zc->zc_guid);
6249 zfs_zevent_fd_rele(zc->zc_cleanup_fd);
6256 * zc_name name of later filesystem or snapshot
6257 * zc_value full name of old snapshot or bookmark
6260 * zc_cookie space in bytes
6261 * zc_objset_type compressed space in bytes
6262 * zc_perm_action uncompressed space in bytes
6265 zfs_ioc_space_written(zfs_cmd_t *zc)
6271 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
6274 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &new);
6276 dsl_pool_rele(dp, FTAG);
6279 if (strchr(zc->zc_value, '#') != NULL) {
6280 zfs_bookmark_phys_t bmp;
6281 error = dsl_bookmark_lookup(dp, zc->zc_value,
6284 error = dsl_dataset_space_written_bookmark(&bmp, new,
6286 &zc->zc_objset_type, &zc->zc_perm_action);
6290 error = dsl_dataset_hold(dp, zc->zc_value, FTAG, &old);
6293 error = dsl_dataset_space_written(old, new,
6295 &zc->zc_objset_type, &zc->zc_perm_action);
6296 dsl_dataset_rele(old, FTAG);
6299 dsl_dataset_rele(new, FTAG);
6300 dsl_pool_rele(dp, FTAG);
6306 * "firstsnap" -> snapshot name
6310 * "used" -> space in bytes
6311 * "compressed" -> compressed space in bytes
6312 * "uncompressed" -> uncompressed space in bytes
6315 static const zfs_ioc_key_t zfs_keys_space_snaps[] = {
6316 {"firstsnap", DATA_TYPE_STRING, 0},
6320 zfs_ioc_space_snaps(const char *lastsnap, nvlist_t *innvl, nvlist_t *outnvl)
6324 dsl_dataset_t *new, *old;
6326 uint64_t used, comp, uncomp;
6328 firstsnap = fnvlist_lookup_string(innvl, "firstsnap");
6330 error = dsl_pool_hold(lastsnap, FTAG, &dp);
6334 error = dsl_dataset_hold(dp, lastsnap, FTAG, &new);
6335 if (error == 0 && !new->ds_is_snapshot) {
6336 dsl_dataset_rele(new, FTAG);
6337 error = SET_ERROR(EINVAL);
6340 dsl_pool_rele(dp, FTAG);
6343 error = dsl_dataset_hold(dp, firstsnap, FTAG, &old);
6344 if (error == 0 && !old->ds_is_snapshot) {
6345 dsl_dataset_rele(old, FTAG);
6346 error = SET_ERROR(EINVAL);
6349 dsl_dataset_rele(new, FTAG);
6350 dsl_pool_rele(dp, FTAG);
6354 error = dsl_dataset_space_wouldfree(old, new, &used, &comp, &uncomp);
6355 dsl_dataset_rele(old, FTAG);
6356 dsl_dataset_rele(new, FTAG);
6357 dsl_pool_rele(dp, FTAG);
6358 fnvlist_add_uint64(outnvl, "used", used);
6359 fnvlist_add_uint64(outnvl, "compressed", comp);
6360 fnvlist_add_uint64(outnvl, "uncompressed", uncomp);
6366 * "fd" -> file descriptor to write stream to (int32)
6367 * (optional) "fromsnap" -> full snap name to send an incremental from
6368 * (optional) "largeblockok" -> (value ignored)
6369 * indicates that blocks > 128KB are permitted
6370 * (optional) "embedok" -> (value ignored)
6371 * presence indicates DRR_WRITE_EMBEDDED records are permitted
6372 * (optional) "compressok" -> (value ignored)
6373 * presence indicates compressed DRR_WRITE records are permitted
6374 * (optional) "rawok" -> (value ignored)
6375 * presence indicates raw encrypted records should be used.
6376 * (optional) "savedok" -> (value ignored)
6377 * presence indicates we should send a partially received snapshot
6378 * (optional) "resume_object" and "resume_offset" -> (uint64)
6379 * if present, resume send stream from specified object and offset.
6380 * (optional) "redactbook" -> (string)
6381 * if present, use this bookmark's redaction list to generate a redacted
6387 static const zfs_ioc_key_t zfs_keys_send_new[] = {
6388 {"fd", DATA_TYPE_INT32, 0},
6389 {"fromsnap", DATA_TYPE_STRING, ZK_OPTIONAL},
6390 {"largeblockok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6391 {"embedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6392 {"compressok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6393 {"rawok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6394 {"savedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6395 {"resume_object", DATA_TYPE_UINT64, ZK_OPTIONAL},
6396 {"resume_offset", DATA_TYPE_UINT64, ZK_OPTIONAL},
6397 {"redactbook", DATA_TYPE_STRING, ZK_OPTIONAL},
6402 zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
6406 char *fromname = NULL;
6409 boolean_t largeblockok;
6411 boolean_t compressok;
6414 uint64_t resumeobj = 0;
6415 uint64_t resumeoff = 0;
6416 char *redactbook = NULL;
6418 fd = fnvlist_lookup_int32(innvl, "fd");
6420 (void) nvlist_lookup_string(innvl, "fromsnap", &fromname);
6422 largeblockok = nvlist_exists(innvl, "largeblockok");
6423 embedok = nvlist_exists(innvl, "embedok");
6424 compressok = nvlist_exists(innvl, "compressok");
6425 rawok = nvlist_exists(innvl, "rawok");
6426 savedok = nvlist_exists(innvl, "savedok");
6428 (void) nvlist_lookup_uint64(innvl, "resume_object", &resumeobj);
6429 (void) nvlist_lookup_uint64(innvl, "resume_offset", &resumeoff);
6431 (void) nvlist_lookup_string(innvl, "redactbook", &redactbook);
6433 if ((error = zfs_file_get(fd, &fp)))
6436 off = zfs_file_off(fp);
6438 dmu_send_outparams_t out = {0};
6439 out.dso_outfunc = dump_bytes;
6441 out.dso_dryrun = B_FALSE;
6442 error = dmu_send(snapname, fromname, embedok, largeblockok,
6443 compressok, rawok, savedok, resumeobj, resumeoff,
6444 redactbook, fd, &off, &out);
6452 send_space_sum(objset_t *os, void *buf, int len, void *arg)
6454 uint64_t *size = arg;
6460 * Determine approximately how large a zfs send stream will be -- the number
6461 * of bytes that will be written to the fd supplied to zfs_ioc_send_new().
6464 * (optional) "from" -> full snap or bookmark name to send an incremental
6466 * (optional) "largeblockok" -> (value ignored)
6467 * indicates that blocks > 128KB are permitted
6468 * (optional) "embedok" -> (value ignored)
6469 * presence indicates DRR_WRITE_EMBEDDED records are permitted
6470 * (optional) "compressok" -> (value ignored)
6471 * presence indicates compressed DRR_WRITE records are permitted
6472 * (optional) "rawok" -> (value ignored)
6473 * presence indicates raw encrypted records should be used.
6474 * (optional) "resume_object" and "resume_offset" -> (uint64)
6475 * if present, resume send stream from specified object and offset.
6476 * (optional) "fd" -> file descriptor to use as a cookie for progress
6481 * "space" -> bytes of space (uint64)
6484 static const zfs_ioc_key_t zfs_keys_send_space[] = {
6485 {"from", DATA_TYPE_STRING, ZK_OPTIONAL},
6486 {"fromsnap", DATA_TYPE_STRING, ZK_OPTIONAL},
6487 {"largeblockok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6488 {"embedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6489 {"compressok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6490 {"rawok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6491 {"fd", DATA_TYPE_INT32, ZK_OPTIONAL},
6492 {"redactbook", DATA_TYPE_STRING, ZK_OPTIONAL},
6493 {"resume_object", DATA_TYPE_UINT64, ZK_OPTIONAL},
6494 {"resume_offset", DATA_TYPE_UINT64, ZK_OPTIONAL},
6495 {"bytes", DATA_TYPE_UINT64, ZK_OPTIONAL},
6499 zfs_ioc_send_space(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
6502 dsl_dataset_t *tosnap;
6503 dsl_dataset_t *fromsnap = NULL;
6505 char *fromname = NULL;
6506 char *redactlist_book = NULL;
6507 boolean_t largeblockok;
6509 boolean_t compressok;
6513 boolean_t full_estimate = B_FALSE;
6514 uint64_t resumeobj = 0;
6515 uint64_t resumeoff = 0;
6516 uint64_t resume_bytes = 0;
6518 zfs_bookmark_phys_t zbm = {0};
6520 error = dsl_pool_hold(snapname, FTAG, &dp);
6524 error = dsl_dataset_hold(dp, snapname, FTAG, &tosnap);
6526 dsl_pool_rele(dp, FTAG);
6529 (void) nvlist_lookup_int32(innvl, "fd", &fd);
6531 largeblockok = nvlist_exists(innvl, "largeblockok");
6532 embedok = nvlist_exists(innvl, "embedok");
6533 compressok = nvlist_exists(innvl, "compressok");
6534 rawok = nvlist_exists(innvl, "rawok");
6535 savedok = nvlist_exists(innvl, "savedok");
6536 boolean_t from = (nvlist_lookup_string(innvl, "from", &fromname) == 0);
6537 boolean_t altbook = (nvlist_lookup_string(innvl, "redactbook",
6538 &redactlist_book) == 0);
6540 (void) nvlist_lookup_uint64(innvl, "resume_object", &resumeobj);
6541 (void) nvlist_lookup_uint64(innvl, "resume_offset", &resumeoff);
6542 (void) nvlist_lookup_uint64(innvl, "bytes", &resume_bytes);
6545 full_estimate = B_TRUE;
6547 if (strchr(fromname, '#')) {
6548 error = dsl_bookmark_lookup(dp, fromname, tosnap, &zbm);
6551 * dsl_bookmark_lookup() will fail with EXDEV if
6552 * the from-bookmark and tosnap are at the same txg.
6553 * However, it's valid to do a send (and therefore,
6554 * a send estimate) from and to the same time point,
6555 * if the bookmark is redacted (the incremental send
6556 * can change what's redacted on the target). In
6557 * this case, dsl_bookmark_lookup() fills in zbm
6558 * but returns EXDEV. Ignore this error.
6560 if (error == EXDEV && zbm.zbm_redaction_obj != 0 &&
6562 dsl_dataset_phys(tosnap)->ds_guid)
6566 dsl_dataset_rele(tosnap, FTAG);
6567 dsl_pool_rele(dp, FTAG);
6570 if (zbm.zbm_redaction_obj != 0 || !(zbm.zbm_flags &
6571 ZBM_FLAG_HAS_FBN)) {
6572 full_estimate = B_TRUE;
6574 } else if (strchr(fromname, '@')) {
6575 error = dsl_dataset_hold(dp, fromname, FTAG, &fromsnap);
6577 dsl_dataset_rele(tosnap, FTAG);
6578 dsl_pool_rele(dp, FTAG);
6582 if (!dsl_dataset_is_before(tosnap, fromsnap, 0)) {
6583 full_estimate = B_TRUE;
6584 dsl_dataset_rele(fromsnap, FTAG);
6588 * from is not properly formatted as a snapshot or
6591 dsl_dataset_rele(tosnap, FTAG);
6592 dsl_pool_rele(dp, FTAG);
6593 return (SET_ERROR(EINVAL));
6597 if (full_estimate) {
6598 dmu_send_outparams_t out = {0};
6600 out.dso_outfunc = send_space_sum;
6601 out.dso_arg = &space;
6602 out.dso_dryrun = B_TRUE;
6604 * We have to release these holds so dmu_send can take them. It
6605 * will do all the error checking we need.
6607 dsl_dataset_rele(tosnap, FTAG);
6608 dsl_pool_rele(dp, FTAG);
6609 error = dmu_send(snapname, fromname, embedok, largeblockok,
6610 compressok, rawok, savedok, resumeobj, resumeoff,
6611 redactlist_book, fd, &off, &out);
6613 error = dmu_send_estimate_fast(tosnap, fromsnap,
6614 (from && strchr(fromname, '#') != NULL ? &zbm : NULL),
6615 compressok || rawok, savedok, &space);
6616 space -= resume_bytes;
6617 if (fromsnap != NULL)
6618 dsl_dataset_rele(fromsnap, FTAG);
6619 dsl_dataset_rele(tosnap, FTAG);
6620 dsl_pool_rele(dp, FTAG);
6623 fnvlist_add_uint64(outnvl, "space", space);
6629 * Sync the currently open TXG to disk for the specified pool.
6630 * This is somewhat similar to 'zfs_sync()'.
6631 * For cases that do not result in error this ioctl will wait for
6632 * the currently open TXG to commit before returning back to the caller.
6635 * "force" -> when true, force uberblock update even if there is no dirty data.
6636 * In addition this will cause the vdev configuration to be written
6637 * out including updating the zpool cache file. (boolean_t)
6642 static const zfs_ioc_key_t zfs_keys_pool_sync[] = {
6643 {"force", DATA_TYPE_BOOLEAN_VALUE, 0},
6648 zfs_ioc_pool_sync(const char *pool, nvlist_t *innvl, nvlist_t *onvl)
6651 boolean_t rc, force = B_FALSE;
6654 if ((err = spa_open(pool, &spa, FTAG)) != 0)
6658 err = nvlist_lookup_boolean_value(innvl, "force", &rc);
6664 spa_config_enter(spa, SCL_CONFIG, FTAG, RW_WRITER);
6665 vdev_config_dirty(spa->spa_root_vdev);
6666 spa_config_exit(spa, SCL_CONFIG, FTAG);
6668 txg_wait_synced(spa_get_dsl(spa), 0);
6670 spa_close(spa, FTAG);
6676 * Load a user's wrapping key into the kernel.
6678 * "hidden_args" -> { "wkeydata" -> value }
6679 * raw uint8_t array of encryption wrapping key data (32 bytes)
6680 * (optional) "noop" -> (value ignored)
6681 * presence indicated key should only be verified, not loaded
6684 static const zfs_ioc_key_t zfs_keys_load_key[] = {
6685 {"hidden_args", DATA_TYPE_NVLIST, 0},
6686 {"noop", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6691 zfs_ioc_load_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl)
6694 dsl_crypto_params_t *dcp = NULL;
6695 nvlist_t *hidden_args;
6696 boolean_t noop = nvlist_exists(innvl, "noop");
6698 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) {
6699 ret = SET_ERROR(EINVAL);
6703 hidden_args = fnvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS);
6705 ret = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, NULL,
6710 ret = spa_keystore_load_wkey(dsname, dcp, noop);
6714 dsl_crypto_params_free(dcp, noop);
6719 dsl_crypto_params_free(dcp, B_TRUE);
6724 * Unload a user's wrapping key from the kernel.
6725 * Both innvl and outnvl are unused.
6727 static const zfs_ioc_key_t zfs_keys_unload_key[] = {
6733 zfs_ioc_unload_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl)
6737 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) {
6738 ret = (SET_ERROR(EINVAL));
6742 ret = spa_keystore_unload_wkey(dsname);
6751 * Changes a user's wrapping key used to decrypt a dataset. The keyformat,
6752 * keylocation, pbkdf2salt, and pbkdf2iters properties can also be specified
6753 * here to change how the key is derived in userspace.
6756 * "hidden_args" (optional) -> { "wkeydata" -> value }
6757 * raw uint8_t array of new encryption wrapping key data (32 bytes)
6758 * "props" (optional) -> { prop -> value }
6763 static const zfs_ioc_key_t zfs_keys_change_key[] = {
6764 {"crypt_cmd", DATA_TYPE_UINT64, ZK_OPTIONAL},
6765 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
6766 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
6771 zfs_ioc_change_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl)
6774 uint64_t cmd = DCP_CMD_NONE;
6775 dsl_crypto_params_t *dcp = NULL;
6776 nvlist_t *args = NULL, *hidden_args = NULL;
6778 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) {
6779 ret = (SET_ERROR(EINVAL));
6783 (void) nvlist_lookup_uint64(innvl, "crypt_cmd", &cmd);
6784 (void) nvlist_lookup_nvlist(innvl, "props", &args);
6785 (void) nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args);
6787 ret = dsl_crypto_params_create_nvlist(cmd, args, hidden_args, &dcp);
6791 ret = spa_keystore_change_key(dsname, dcp);
6795 dsl_crypto_params_free(dcp, B_FALSE);
6800 dsl_crypto_params_free(dcp, B_TRUE);
6804 static zfs_ioc_vec_t zfs_ioc_vec[ZFS_IOC_LAST - ZFS_IOC_FIRST];
6807 zfs_ioctl_register_legacy(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
6808 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
6809 boolean_t log_history, zfs_ioc_poolcheck_t pool_check)
6811 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
6813 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
6814 ASSERT3U(ioc, <, ZFS_IOC_LAST);
6815 ASSERT3P(vec->zvec_legacy_func, ==, NULL);
6816 ASSERT3P(vec->zvec_func, ==, NULL);
6818 vec->zvec_legacy_func = func;
6819 vec->zvec_secpolicy = secpolicy;
6820 vec->zvec_namecheck = namecheck;
6821 vec->zvec_allow_log = log_history;
6822 vec->zvec_pool_check = pool_check;
6826 * See the block comment at the beginning of this file for details on
6827 * each argument to this function.
6830 zfs_ioctl_register(const char *name, zfs_ioc_t ioc, zfs_ioc_func_t *func,
6831 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
6832 zfs_ioc_poolcheck_t pool_check, boolean_t smush_outnvlist,
6833 boolean_t allow_log, const zfs_ioc_key_t *nvl_keys, size_t num_keys)
6835 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
6837 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
6838 ASSERT3U(ioc, <, ZFS_IOC_LAST);
6839 ASSERT3P(vec->zvec_legacy_func, ==, NULL);
6840 ASSERT3P(vec->zvec_func, ==, NULL);
6842 /* if we are logging, the name must be valid */
6843 ASSERT(!allow_log || namecheck != NO_NAME);
6845 vec->zvec_name = name;
6846 vec->zvec_func = func;
6847 vec->zvec_secpolicy = secpolicy;
6848 vec->zvec_namecheck = namecheck;
6849 vec->zvec_pool_check = pool_check;
6850 vec->zvec_smush_outnvlist = smush_outnvlist;
6851 vec->zvec_allow_log = allow_log;
6852 vec->zvec_nvl_keys = nvl_keys;
6853 vec->zvec_nvl_key_count = num_keys;
6857 zfs_ioctl_register_pool(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
6858 zfs_secpolicy_func_t *secpolicy, boolean_t log_history,
6859 zfs_ioc_poolcheck_t pool_check)
6861 zfs_ioctl_register_legacy(ioc, func, secpolicy,
6862 POOL_NAME, log_history, pool_check);
6866 zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
6867 zfs_secpolicy_func_t *secpolicy, zfs_ioc_poolcheck_t pool_check)
6869 zfs_ioctl_register_legacy(ioc, func, secpolicy,
6870 DATASET_NAME, B_FALSE, pool_check);
6874 zfs_ioctl_register_pool_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
6876 zfs_ioctl_register_legacy(ioc, func, zfs_secpolicy_config,
6877 POOL_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
6881 zfs_ioctl_register_pool_meta(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
6882 zfs_secpolicy_func_t *secpolicy)
6884 zfs_ioctl_register_legacy(ioc, func, secpolicy,
6885 NO_NAME, B_FALSE, POOL_CHECK_NONE);
6889 zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc,
6890 zfs_ioc_legacy_func_t *func, zfs_secpolicy_func_t *secpolicy)
6892 zfs_ioctl_register_legacy(ioc, func, secpolicy,
6893 DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED);
6897 zfs_ioctl_register_dataset_read(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
6899 zfs_ioctl_register_dataset_read_secpolicy(ioc, func,
6900 zfs_secpolicy_read);
6904 zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
6905 zfs_secpolicy_func_t *secpolicy)
6907 zfs_ioctl_register_legacy(ioc, func, secpolicy,
6908 DATASET_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
6912 zfs_ioctl_init(void)
6914 zfs_ioctl_register("snapshot", ZFS_IOC_SNAPSHOT,
6915 zfs_ioc_snapshot, zfs_secpolicy_snapshot, POOL_NAME,
6916 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
6917 zfs_keys_snapshot, ARRAY_SIZE(zfs_keys_snapshot));
6919 zfs_ioctl_register("log_history", ZFS_IOC_LOG_HISTORY,
6920 zfs_ioc_log_history, zfs_secpolicy_log_history, NO_NAME,
6921 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
6922 zfs_keys_log_history, ARRAY_SIZE(zfs_keys_log_history));
6924 zfs_ioctl_register("space_snaps", ZFS_IOC_SPACE_SNAPS,
6925 zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME,
6926 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
6927 zfs_keys_space_snaps, ARRAY_SIZE(zfs_keys_space_snaps));
6929 zfs_ioctl_register("send", ZFS_IOC_SEND_NEW,
6930 zfs_ioc_send_new, zfs_secpolicy_send_new, DATASET_NAME,
6931 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
6932 zfs_keys_send_new, ARRAY_SIZE(zfs_keys_send_new));
6934 zfs_ioctl_register("send_space", ZFS_IOC_SEND_SPACE,
6935 zfs_ioc_send_space, zfs_secpolicy_read, DATASET_NAME,
6936 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
6937 zfs_keys_send_space, ARRAY_SIZE(zfs_keys_send_space));
6939 zfs_ioctl_register("create", ZFS_IOC_CREATE,
6940 zfs_ioc_create, zfs_secpolicy_create_clone, DATASET_NAME,
6941 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
6942 zfs_keys_create, ARRAY_SIZE(zfs_keys_create));
6944 zfs_ioctl_register("clone", ZFS_IOC_CLONE,
6945 zfs_ioc_clone, zfs_secpolicy_create_clone, DATASET_NAME,
6946 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
6947 zfs_keys_clone, ARRAY_SIZE(zfs_keys_clone));
6949 zfs_ioctl_register("remap", ZFS_IOC_REMAP,
6950 zfs_ioc_remap, zfs_secpolicy_none, DATASET_NAME,
6951 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE,
6952 zfs_keys_remap, ARRAY_SIZE(zfs_keys_remap));
6954 zfs_ioctl_register("destroy_snaps", ZFS_IOC_DESTROY_SNAPS,
6955 zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, POOL_NAME,
6956 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
6957 zfs_keys_destroy_snaps, ARRAY_SIZE(zfs_keys_destroy_snaps));
6959 zfs_ioctl_register("hold", ZFS_IOC_HOLD,
6960 zfs_ioc_hold, zfs_secpolicy_hold, POOL_NAME,
6961 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
6962 zfs_keys_hold, ARRAY_SIZE(zfs_keys_hold));
6963 zfs_ioctl_register("release", ZFS_IOC_RELEASE,
6964 zfs_ioc_release, zfs_secpolicy_release, POOL_NAME,
6965 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
6966 zfs_keys_release, ARRAY_SIZE(zfs_keys_release));
6968 zfs_ioctl_register("get_holds", ZFS_IOC_GET_HOLDS,
6969 zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME,
6970 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
6971 zfs_keys_get_holds, ARRAY_SIZE(zfs_keys_get_holds));
6973 zfs_ioctl_register("rollback", ZFS_IOC_ROLLBACK,
6974 zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME,
6975 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE,
6976 zfs_keys_rollback, ARRAY_SIZE(zfs_keys_rollback));
6978 zfs_ioctl_register("bookmark", ZFS_IOC_BOOKMARK,
6979 zfs_ioc_bookmark, zfs_secpolicy_bookmark, POOL_NAME,
6980 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
6981 zfs_keys_bookmark, ARRAY_SIZE(zfs_keys_bookmark));
6983 zfs_ioctl_register("get_bookmarks", ZFS_IOC_GET_BOOKMARKS,
6984 zfs_ioc_get_bookmarks, zfs_secpolicy_read, DATASET_NAME,
6985 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
6986 zfs_keys_get_bookmarks, ARRAY_SIZE(zfs_keys_get_bookmarks));
6988 zfs_ioctl_register("get_bookmark_props", ZFS_IOC_GET_BOOKMARK_PROPS,
6989 zfs_ioc_get_bookmark_props, zfs_secpolicy_read, ENTITY_NAME,
6990 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE, zfs_keys_get_bookmark_props,
6991 ARRAY_SIZE(zfs_keys_get_bookmark_props));
6993 zfs_ioctl_register("destroy_bookmarks", ZFS_IOC_DESTROY_BOOKMARKS,
6994 zfs_ioc_destroy_bookmarks, zfs_secpolicy_destroy_bookmarks,
6996 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
6997 zfs_keys_destroy_bookmarks,
6998 ARRAY_SIZE(zfs_keys_destroy_bookmarks));
7000 zfs_ioctl_register("receive", ZFS_IOC_RECV_NEW,
7001 zfs_ioc_recv_new, zfs_secpolicy_recv_new, DATASET_NAME,
7002 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7003 zfs_keys_recv_new, ARRAY_SIZE(zfs_keys_recv_new));
7004 zfs_ioctl_register("load-key", ZFS_IOC_LOAD_KEY,
7005 zfs_ioc_load_key, zfs_secpolicy_load_key,
7006 DATASET_NAME, POOL_CHECK_SUSPENDED, B_TRUE, B_TRUE,
7007 zfs_keys_load_key, ARRAY_SIZE(zfs_keys_load_key));
7008 zfs_ioctl_register("unload-key", ZFS_IOC_UNLOAD_KEY,
7009 zfs_ioc_unload_key, zfs_secpolicy_load_key,
7010 DATASET_NAME, POOL_CHECK_SUSPENDED, B_TRUE, B_TRUE,
7011 zfs_keys_unload_key, ARRAY_SIZE(zfs_keys_unload_key));
7012 zfs_ioctl_register("change-key", ZFS_IOC_CHANGE_KEY,
7013 zfs_ioc_change_key, zfs_secpolicy_change_key,
7014 DATASET_NAME, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY,
7015 B_TRUE, B_TRUE, zfs_keys_change_key,
7016 ARRAY_SIZE(zfs_keys_change_key));
7018 zfs_ioctl_register("sync", ZFS_IOC_POOL_SYNC,
7019 zfs_ioc_pool_sync, zfs_secpolicy_none, POOL_NAME,
7020 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
7021 zfs_keys_pool_sync, ARRAY_SIZE(zfs_keys_pool_sync));
7022 zfs_ioctl_register("reopen", ZFS_IOC_POOL_REOPEN, zfs_ioc_pool_reopen,
7023 zfs_secpolicy_config, POOL_NAME, POOL_CHECK_SUSPENDED, B_TRUE,
7024 B_TRUE, zfs_keys_pool_reopen, ARRAY_SIZE(zfs_keys_pool_reopen));
7026 zfs_ioctl_register("channel_program", ZFS_IOC_CHANNEL_PROGRAM,
7027 zfs_ioc_channel_program, zfs_secpolicy_config,
7028 POOL_NAME, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE,
7029 B_TRUE, zfs_keys_channel_program,
7030 ARRAY_SIZE(zfs_keys_channel_program));
7032 zfs_ioctl_register("redact", ZFS_IOC_REDACT,
7033 zfs_ioc_redact, zfs_secpolicy_config, DATASET_NAME,
7034 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7035 zfs_keys_redact, ARRAY_SIZE(zfs_keys_redact));
7037 zfs_ioctl_register("zpool_checkpoint", ZFS_IOC_POOL_CHECKPOINT,
7038 zfs_ioc_pool_checkpoint, zfs_secpolicy_config, POOL_NAME,
7039 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7040 zfs_keys_pool_checkpoint, ARRAY_SIZE(zfs_keys_pool_checkpoint));
7042 zfs_ioctl_register("zpool_discard_checkpoint",
7043 ZFS_IOC_POOL_DISCARD_CHECKPOINT, zfs_ioc_pool_discard_checkpoint,
7044 zfs_secpolicy_config, POOL_NAME,
7045 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7046 zfs_keys_pool_discard_checkpoint,
7047 ARRAY_SIZE(zfs_keys_pool_discard_checkpoint));
7049 zfs_ioctl_register("initialize", ZFS_IOC_POOL_INITIALIZE,
7050 zfs_ioc_pool_initialize, zfs_secpolicy_config, POOL_NAME,
7051 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7052 zfs_keys_pool_initialize, ARRAY_SIZE(zfs_keys_pool_initialize));
7054 zfs_ioctl_register("trim", ZFS_IOC_POOL_TRIM,
7055 zfs_ioc_pool_trim, zfs_secpolicy_config, POOL_NAME,
7056 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7057 zfs_keys_pool_trim, ARRAY_SIZE(zfs_keys_pool_trim));
7059 zfs_ioctl_register("wait", ZFS_IOC_WAIT,
7060 zfs_ioc_wait, zfs_secpolicy_none, POOL_NAME,
7061 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
7062 zfs_keys_pool_wait, ARRAY_SIZE(zfs_keys_pool_wait));
7064 zfs_ioctl_register("wait_fs", ZFS_IOC_WAIT_FS,
7065 zfs_ioc_wait_fs, zfs_secpolicy_none, DATASET_NAME,
7066 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
7067 zfs_keys_fs_wait, ARRAY_SIZE(zfs_keys_fs_wait));
7069 zfs_ioctl_register("set_bootenv", ZFS_IOC_SET_BOOTENV,
7070 zfs_ioc_set_bootenv, zfs_secpolicy_config, POOL_NAME,
7071 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE,
7072 zfs_keys_set_bootenv, ARRAY_SIZE(zfs_keys_set_bootenv));
7074 zfs_ioctl_register("get_bootenv", ZFS_IOC_GET_BOOTENV,
7075 zfs_ioc_get_bootenv, zfs_secpolicy_none, POOL_NAME,
7076 POOL_CHECK_SUSPENDED, B_FALSE, B_TRUE,
7077 zfs_keys_get_bootenv, ARRAY_SIZE(zfs_keys_get_bootenv));
7079 /* IOCTLS that use the legacy function signature */
7081 zfs_ioctl_register_legacy(ZFS_IOC_POOL_FREEZE, zfs_ioc_pool_freeze,
7082 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_READONLY);
7084 zfs_ioctl_register_pool(ZFS_IOC_POOL_CREATE, zfs_ioc_pool_create,
7085 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
7086 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SCAN,
7088 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_UPGRADE,
7089 zfs_ioc_pool_upgrade);
7090 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ADD,
7092 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_REMOVE,
7093 zfs_ioc_vdev_remove);
7094 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SET_STATE,
7095 zfs_ioc_vdev_set_state);
7096 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ATTACH,
7097 zfs_ioc_vdev_attach);
7098 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_DETACH,
7099 zfs_ioc_vdev_detach);
7100 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETPATH,
7101 zfs_ioc_vdev_setpath);
7102 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETFRU,
7103 zfs_ioc_vdev_setfru);
7104 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SET_PROPS,
7105 zfs_ioc_pool_set_props);
7106 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SPLIT,
7107 zfs_ioc_vdev_split);
7108 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_REGUID,
7109 zfs_ioc_pool_reguid);
7111 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_CONFIGS,
7112 zfs_ioc_pool_configs, zfs_secpolicy_none);
7113 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_TRYIMPORT,
7114 zfs_ioc_pool_tryimport, zfs_secpolicy_config);
7115 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_FAULT,
7116 zfs_ioc_inject_fault, zfs_secpolicy_inject);
7117 zfs_ioctl_register_pool_meta(ZFS_IOC_CLEAR_FAULT,
7118 zfs_ioc_clear_fault, zfs_secpolicy_inject);
7119 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_LIST_NEXT,
7120 zfs_ioc_inject_list_next, zfs_secpolicy_inject);
7123 * pool destroy, and export don't log the history as part of
7124 * zfsdev_ioctl, but rather zfs_ioc_pool_export
7125 * does the logging of those commands.
7127 zfs_ioctl_register_pool(ZFS_IOC_POOL_DESTROY, zfs_ioc_pool_destroy,
7128 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
7129 zfs_ioctl_register_pool(ZFS_IOC_POOL_EXPORT, zfs_ioc_pool_export,
7130 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
7132 zfs_ioctl_register_pool(ZFS_IOC_POOL_STATS, zfs_ioc_pool_stats,
7133 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
7134 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_PROPS, zfs_ioc_pool_get_props,
7135 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
7137 zfs_ioctl_register_pool(ZFS_IOC_ERROR_LOG, zfs_ioc_error_log,
7138 zfs_secpolicy_inject, B_FALSE, POOL_CHECK_SUSPENDED);
7139 zfs_ioctl_register_pool(ZFS_IOC_DSOBJ_TO_DSNAME,
7140 zfs_ioc_dsobj_to_dsname,
7141 zfs_secpolicy_diff, B_FALSE, POOL_CHECK_SUSPENDED);
7142 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_HISTORY,
7143 zfs_ioc_pool_get_history,
7144 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
7146 zfs_ioctl_register_pool(ZFS_IOC_POOL_IMPORT, zfs_ioc_pool_import,
7147 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
7149 zfs_ioctl_register_pool(ZFS_IOC_CLEAR, zfs_ioc_clear,
7150 zfs_secpolicy_config, B_TRUE, POOL_CHECK_READONLY);
7152 zfs_ioctl_register_dataset_read(ZFS_IOC_SPACE_WRITTEN,
7153 zfs_ioc_space_written);
7154 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_RECVD_PROPS,
7155 zfs_ioc_objset_recvd_props);
7156 zfs_ioctl_register_dataset_read(ZFS_IOC_NEXT_OBJ,
7158 zfs_ioctl_register_dataset_read(ZFS_IOC_GET_FSACL,
7160 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_STATS,
7161 zfs_ioc_objset_stats);
7162 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_ZPLPROPS,
7163 zfs_ioc_objset_zplprops);
7164 zfs_ioctl_register_dataset_read(ZFS_IOC_DATASET_LIST_NEXT,
7165 zfs_ioc_dataset_list_next);
7166 zfs_ioctl_register_dataset_read(ZFS_IOC_SNAPSHOT_LIST_NEXT,
7167 zfs_ioc_snapshot_list_next);
7168 zfs_ioctl_register_dataset_read(ZFS_IOC_SEND_PROGRESS,
7169 zfs_ioc_send_progress);
7171 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_DIFF,
7172 zfs_ioc_diff, zfs_secpolicy_diff);
7173 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_STATS,
7174 zfs_ioc_obj_to_stats, zfs_secpolicy_diff);
7175 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_PATH,
7176 zfs_ioc_obj_to_path, zfs_secpolicy_diff);
7177 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_ONE,
7178 zfs_ioc_userspace_one, zfs_secpolicy_userspace_one);
7179 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_MANY,
7180 zfs_ioc_userspace_many, zfs_secpolicy_userspace_many);
7181 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_SEND,
7182 zfs_ioc_send, zfs_secpolicy_send);
7184 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_PROP, zfs_ioc_set_prop,
7185 zfs_secpolicy_none);
7186 zfs_ioctl_register_dataset_modify(ZFS_IOC_DESTROY, zfs_ioc_destroy,
7187 zfs_secpolicy_destroy);
7188 zfs_ioctl_register_dataset_modify(ZFS_IOC_RENAME, zfs_ioc_rename,
7189 zfs_secpolicy_rename);
7190 zfs_ioctl_register_dataset_modify(ZFS_IOC_RECV, zfs_ioc_recv,
7191 zfs_secpolicy_recv);
7192 zfs_ioctl_register_dataset_modify(ZFS_IOC_PROMOTE, zfs_ioc_promote,
7193 zfs_secpolicy_promote);
7194 zfs_ioctl_register_dataset_modify(ZFS_IOC_INHERIT_PROP,
7195 zfs_ioc_inherit_prop, zfs_secpolicy_inherit_prop);
7196 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_FSACL, zfs_ioc_set_fsacl,
7197 zfs_secpolicy_set_fsacl);
7199 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SHARE, zfs_ioc_share,
7200 zfs_secpolicy_share, POOL_CHECK_NONE);
7201 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SMB_ACL, zfs_ioc_smb_acl,
7202 zfs_secpolicy_smb_acl, POOL_CHECK_NONE);
7203 zfs_ioctl_register_dataset_nolog(ZFS_IOC_USERSPACE_UPGRADE,
7204 zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade,
7205 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
7206 zfs_ioctl_register_dataset_nolog(ZFS_IOC_TMP_SNAPSHOT,
7207 zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot,
7208 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
7210 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_NEXT, zfs_ioc_events_next,
7211 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
7212 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_CLEAR, zfs_ioc_events_clear,
7213 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
7214 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_SEEK, zfs_ioc_events_seek,
7215 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
7217 zfs_ioctl_init_os();
7221 * Verify that for non-legacy ioctls the input nvlist
7222 * pairs match against the expected input.
7224 * Possible errors are:
7225 * ZFS_ERR_IOC_ARG_UNAVAIL An unrecognized nvpair was encountered
7226 * ZFS_ERR_IOC_ARG_REQUIRED A required nvpair is missing
7227 * ZFS_ERR_IOC_ARG_BADTYPE Invalid type for nvpair
7230 zfs_check_input_nvpairs(nvlist_t *innvl, const zfs_ioc_vec_t *vec)
7232 const zfs_ioc_key_t *nvl_keys = vec->zvec_nvl_keys;
7233 boolean_t required_keys_found = B_FALSE;
7236 * examine each input pair
7238 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL);
7239 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
7240 char *name = nvpair_name(pair);
7241 data_type_t type = nvpair_type(pair);
7242 boolean_t identified = B_FALSE;
7245 * check pair against the documented names and type
7247 for (int k = 0; k < vec->zvec_nvl_key_count; k++) {
7248 /* if not a wild card name, check for an exact match */
7249 if ((nvl_keys[k].zkey_flags & ZK_WILDCARDLIST) == 0 &&
7250 strcmp(nvl_keys[k].zkey_name, name) != 0)
7253 identified = B_TRUE;
7255 if (nvl_keys[k].zkey_type != DATA_TYPE_ANY &&
7256 nvl_keys[k].zkey_type != type) {
7257 return (SET_ERROR(ZFS_ERR_IOC_ARG_BADTYPE));
7260 if (nvl_keys[k].zkey_flags & ZK_OPTIONAL)
7263 required_keys_found = B_TRUE;
7267 /* allow an 'optional' key, everything else is invalid */
7269 (strcmp(name, "optional") != 0 ||
7270 type != DATA_TYPE_NVLIST)) {
7271 return (SET_ERROR(ZFS_ERR_IOC_ARG_UNAVAIL));
7275 /* verify that all required keys were found */
7276 for (int k = 0; k < vec->zvec_nvl_key_count; k++) {
7277 if (nvl_keys[k].zkey_flags & ZK_OPTIONAL)
7280 if (nvl_keys[k].zkey_flags & ZK_WILDCARDLIST) {
7281 /* at least one non-optional key is expected here */
7282 if (!required_keys_found)
7283 return (SET_ERROR(ZFS_ERR_IOC_ARG_REQUIRED));
7287 if (!nvlist_exists(innvl, nvl_keys[k].zkey_name))
7288 return (SET_ERROR(ZFS_ERR_IOC_ARG_REQUIRED));
7295 pool_status_check(const char *name, zfs_ioc_namecheck_t type,
7296 zfs_ioc_poolcheck_t check)
7301 ASSERT(type == POOL_NAME || type == DATASET_NAME ||
7302 type == ENTITY_NAME);
7304 if (check & POOL_CHECK_NONE)
7307 error = spa_open(name, &spa, FTAG);
7309 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa))
7310 error = SET_ERROR(EAGAIN);
7311 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa))
7312 error = SET_ERROR(EROFS);
7313 spa_close(spa, FTAG);
7319 zfsdev_getminor(int fd, minor_t *minorp)
7321 zfsdev_state_t *zs, *fpd;
7325 ASSERT(!MUTEX_HELD(&zfsdev_state_lock));
7327 if ((rc = zfs_file_get(fd, &fp)))
7330 fpd = zfs_file_private(fp);
7332 return (SET_ERROR(EBADF));
7334 mutex_enter(&zfsdev_state_lock);
7336 for (zs = zfsdev_state_list; zs != NULL; zs = zs->zs_next) {
7338 if (zs->zs_minor == -1)
7342 *minorp = fpd->zs_minor;
7343 mutex_exit(&zfsdev_state_lock);
7348 mutex_exit(&zfsdev_state_lock);
7350 return (SET_ERROR(EBADF));
7354 zfsdev_get_state_impl(minor_t minor, enum zfsdev_state_type which)
7358 for (zs = zfsdev_state_list; zs != NULL; zs = zs->zs_next) {
7359 if (zs->zs_minor == minor) {
7363 return (zs->zs_onexit);
7365 return (zs->zs_zevent);
7376 zfsdev_get_state(minor_t minor, enum zfsdev_state_type which)
7380 ptr = zfsdev_get_state_impl(minor, which);
7386 * Find a free minor number. The zfsdev_state_list is expected to
7387 * be short since it is only a list of currently open file handles.
7390 zfsdev_minor_alloc(void)
7392 static minor_t last_minor = 0;
7395 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
7397 for (m = last_minor + 1; m != last_minor; m++) {
7398 if (m > ZFSDEV_MAX_MINOR)
7400 if (zfsdev_get_state_impl(m, ZST_ALL) == NULL) {
7410 zfsdev_ioctl_common(uint_t vecnum, zfs_cmd_t *zc, int flag)
7413 const zfs_ioc_vec_t *vec;
7414 char *saved_poolname = NULL;
7415 uint64_t max_nvlist_src_size;
7416 size_t saved_poolname_len = 0;
7417 nvlist_t *innvl = NULL;
7418 fstrans_cookie_t cookie;
7419 hrtime_t start_time = gethrtime();
7423 if (vecnum >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0]))
7424 return (SET_ERROR(ZFS_ERR_IOC_CMD_UNAVAIL));
7426 vec = &zfs_ioc_vec[vecnum];
7429 * The registered ioctl list may be sparse, verify that either
7430 * a normal or legacy handler are registered.
7432 if (vec->zvec_func == NULL && vec->zvec_legacy_func == NULL)
7433 return (SET_ERROR(ZFS_ERR_IOC_CMD_UNAVAIL));
7435 zc->zc_iflags = flag & FKIOCTL;
7436 max_nvlist_src_size = zfs_max_nvlist_src_size_os();
7437 if (zc->zc_nvlist_src_size > max_nvlist_src_size) {
7439 * Make sure the user doesn't pass in an insane value for
7440 * zc_nvlist_src_size. We have to check, since we will end
7441 * up allocating that much memory inside of get_nvlist(). This
7442 * prevents a nefarious user from allocating tons of kernel
7445 * Also, we return EINVAL instead of ENOMEM here. The reason
7446 * being that returning ENOMEM from an ioctl() has a special
7447 * connotation; that the user's size value is too small and
7448 * needs to be expanded to hold the nvlist. See
7449 * zcmd_expand_dst_nvlist() for details.
7451 error = SET_ERROR(EINVAL); /* User's size too big */
7453 } else if (zc->zc_nvlist_src_size != 0) {
7454 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
7455 zc->zc_iflags, &innvl);
7461 * Ensure that all pool/dataset names are valid before we pass down to
7464 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
7465 switch (vec->zvec_namecheck) {
7467 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0)
7468 error = SET_ERROR(EINVAL);
7470 error = pool_status_check(zc->zc_name,
7471 vec->zvec_namecheck, vec->zvec_pool_check);
7475 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0)
7476 error = SET_ERROR(EINVAL);
7478 error = pool_status_check(zc->zc_name,
7479 vec->zvec_namecheck, vec->zvec_pool_check);
7483 if (entity_namecheck(zc->zc_name, NULL, NULL) != 0) {
7484 error = SET_ERROR(EINVAL);
7486 error = pool_status_check(zc->zc_name,
7487 vec->zvec_namecheck, vec->zvec_pool_check);
7495 * Ensure that all input pairs are valid before we pass them down
7496 * to the lower layers.
7498 * The vectored functions can use fnvlist_lookup_{type} for any
7499 * required pairs since zfs_check_input_nvpairs() confirmed that
7500 * they exist and are of the correct type.
7502 if (error == 0 && vec->zvec_func != NULL) {
7503 error = zfs_check_input_nvpairs(innvl, vec);
7509 cookie = spl_fstrans_mark();
7510 error = vec->zvec_secpolicy(zc, innvl, CRED());
7511 spl_fstrans_unmark(cookie);
7517 /* legacy ioctls can modify zc_name */
7519 * Can't use kmem_strdup() as we might truncate the string and
7520 * kmem_strfree() would then free with incorrect size.
7522 saved_poolname_len = strlen(zc->zc_name) + 1;
7523 saved_poolname = kmem_alloc(saved_poolname_len, KM_SLEEP);
7525 strlcpy(saved_poolname, zc->zc_name, saved_poolname_len);
7526 saved_poolname[strcspn(saved_poolname, "/@#")] = '\0';
7528 if (vec->zvec_func != NULL) {
7532 nvlist_t *lognv = NULL;
7534 ASSERT(vec->zvec_legacy_func == NULL);
7537 * Add the innvl to the lognv before calling the func,
7538 * in case the func changes the innvl.
7540 if (vec->zvec_allow_log) {
7541 lognv = fnvlist_alloc();
7542 fnvlist_add_string(lognv, ZPOOL_HIST_IOCTL,
7544 if (!nvlist_empty(innvl)) {
7545 fnvlist_add_nvlist(lognv, ZPOOL_HIST_INPUT_NVL,
7550 outnvl = fnvlist_alloc();
7551 cookie = spl_fstrans_mark();
7552 error = vec->zvec_func(zc->zc_name, innvl, outnvl);
7553 spl_fstrans_unmark(cookie);
7556 * Some commands can partially execute, modify state, and still
7557 * return an error. In these cases, attempt to record what
7561 (cmd == ZFS_IOC_CHANNEL_PROGRAM && error != EINVAL)) &&
7562 vec->zvec_allow_log &&
7563 spa_open(zc->zc_name, &spa, FTAG) == 0) {
7564 if (!nvlist_empty(outnvl)) {
7565 size_t out_size = fnvlist_size(outnvl);
7566 if (out_size > zfs_history_output_max) {
7567 fnvlist_add_int64(lognv,
7568 ZPOOL_HIST_OUTPUT_SIZE, out_size);
7570 fnvlist_add_nvlist(lognv,
7571 ZPOOL_HIST_OUTPUT_NVL, outnvl);
7575 fnvlist_add_int64(lognv, ZPOOL_HIST_ERRNO,
7578 fnvlist_add_int64(lognv, ZPOOL_HIST_ELAPSED_NS,
7579 gethrtime() - start_time);
7580 (void) spa_history_log_nvl(spa, lognv);
7581 spa_close(spa, FTAG);
7583 fnvlist_free(lognv);
7585 if (!nvlist_empty(outnvl) || zc->zc_nvlist_dst_size != 0) {
7587 if (vec->zvec_smush_outnvlist) {
7588 smusherror = nvlist_smush(outnvl,
7589 zc->zc_nvlist_dst_size);
7591 if (smusherror == 0)
7592 puterror = put_nvlist(zc, outnvl);
7598 nvlist_free(outnvl);
7600 cookie = spl_fstrans_mark();
7601 error = vec->zvec_legacy_func(zc);
7602 spl_fstrans_unmark(cookie);
7607 if (error == 0 && vec->zvec_allow_log) {
7608 char *s = tsd_get(zfs_allow_log_key);
7611 (void) tsd_set(zfs_allow_log_key, kmem_strdup(saved_poolname));
7613 if (saved_poolname != NULL)
7614 kmem_free(saved_poolname, saved_poolname_len);
7624 if ((error = zvol_init()) != 0)
7627 spa_init(SPA_MODE_READ | SPA_MODE_WRITE);
7632 mutex_init(&zfsdev_state_lock, NULL, MUTEX_DEFAULT, NULL);
7633 zfsdev_state_list = kmem_zalloc(sizeof (zfsdev_state_t), KM_SLEEP);
7634 zfsdev_state_list->zs_minor = -1;
7636 if ((error = zfsdev_attach()) != 0)
7639 tsd_create(&zfs_fsyncer_key, NULL);
7640 tsd_create(&rrw_tsd_key, rrw_tsd_destroy);
7641 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy);
7655 zfsdev_state_t *zs, *zsnext = NULL;
7659 mutex_destroy(&zfsdev_state_lock);
7661 for (zs = zfsdev_state_list; zs != NULL; zs = zsnext) {
7662 zsnext = zs->zs_next;
7664 zfs_onexit_destroy(zs->zs_onexit);
7666 zfs_zevent_destroy(zs->zs_zevent);
7667 kmem_free(zs, sizeof (zfsdev_state_t));
7670 zfs_ereport_taskq_fini(); /* run before zfs_fini() on Linux */
7675 tsd_destroy(&zfs_fsyncer_key);
7676 tsd_destroy(&rrw_tsd_key);
7677 tsd_destroy(&zfs_allow_log_key);
7681 ZFS_MODULE_PARAM(zfs, zfs_, max_nvlist_src_size, ULONG, ZMOD_RW,
7682 "Maximum size in bytes allowed for src nvlist passed with ZFS ioctls");
7684 ZFS_MODULE_PARAM(zfs, zfs_, history_output_max, ULONG, ZMOD_RW,
7685 "Maximum size in bytes of ZFS ioctl output that will be logged");