4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
23 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Portions Copyright 2011 Martin Matuska
25 * Copyright 2015, OmniTI Computer Consulting, Inc. All rights reserved.
26 * Portions Copyright 2012 Pawel Jakub Dawidek <pawel@dawidek.net>
27 * Copyright (c) 2014, 2016 Joyent, Inc. All rights reserved.
28 * Copyright 2016 Nexenta Systems, Inc. All rights reserved.
29 * Copyright (c) 2014, Joyent, Inc. All rights reserved.
30 * Copyright (c) 2011, 2020 by Delphix. All rights reserved.
31 * Copyright (c) 2013 by Saso Kiselkov. All rights reserved.
32 * Copyright (c) 2013 Steven Hartland. All rights reserved.
33 * Copyright (c) 2014 Integros [integros.com]
34 * Copyright 2016 Toomas Soome <tsoome@me.com>
35 * Copyright (c) 2016 Actifio, Inc. All rights reserved.
36 * Copyright (c) 2018, loli10K <ezomori.nozomu@gmail.com>. All rights reserved.
37 * Copyright 2017 RackTop Systems.
38 * Copyright (c) 2017 Open-E, Inc. All Rights Reserved.
39 * Copyright (c) 2019 Datto Inc.
40 * Copyright (c) 2019, 2020 by Christian Schwarz. All rights reserved.
41 * Copyright (c) 2019, Klara Inc.
42 * Copyright (c) 2019, Allan Jude
48 * This file handles the ioctls to /dev/zfs, used for configuring ZFS storage
49 * pools and filesystems, e.g. with /sbin/zfs and /sbin/zpool.
51 * There are two ways that we handle ioctls: the legacy way where almost
52 * all of the logic is in the ioctl callback, and the new way where most
53 * of the marshalling is handled in the common entry point, zfsdev_ioctl().
55 * Non-legacy ioctls should be registered by calling
56 * zfs_ioctl_register() from zfs_ioctl_init(). The ioctl is invoked
57 * from userland by lzc_ioctl().
59 * The registration arguments are as follows:
62 * The name of the ioctl. This is used for history logging. If the
63 * ioctl returns successfully (the callback returns 0), and allow_log
64 * is true, then a history log entry will be recorded with the input &
65 * output nvlists. The log entry can be printed with "zpool history -i".
68 * The ioctl request number, which userland will pass to ioctl(2).
69 * We want newer versions of libzfs and libzfs_core to run against
70 * existing zfs kernel modules (i.e. a deferred reboot after an update).
71 * Therefore the ioctl numbers cannot change from release to release.
73 * zfs_secpolicy_func_t *secpolicy
74 * This function will be called before the zfs_ioc_func_t, to
75 * determine if this operation is permitted. It should return EPERM
76 * on failure, and 0 on success. Checks include determining if the
77 * dataset is visible in this zone, and if the user has either all
78 * zfs privileges in the zone (SYS_MOUNT), or has been granted permission
79 * to do this operation on this dataset with "zfs allow".
81 * zfs_ioc_namecheck_t namecheck
82 * This specifies what to expect in the zfs_cmd_t:zc_name -- a pool
83 * name, a dataset name, or nothing. If the name is not well-formed,
84 * the ioctl will fail and the callback will not be called.
85 * Therefore, the callback can assume that the name is well-formed
86 * (e.g. is null-terminated, doesn't have more than one '@' character,
87 * doesn't have invalid characters).
89 * zfs_ioc_poolcheck_t pool_check
90 * This specifies requirements on the pool state. If the pool does
91 * not meet them (is suspended or is readonly), the ioctl will fail
92 * and the callback will not be called. If any checks are specified
93 * (i.e. it is not POOL_CHECK_NONE), namecheck must not be NO_NAME.
94 * Multiple checks can be or-ed together (e.g. POOL_CHECK_SUSPENDED |
95 * POOL_CHECK_READONLY).
97 * zfs_ioc_key_t *nvl_keys
98 * The list of expected/allowable innvl input keys. This list is used
99 * to validate the nvlist input to the ioctl.
101 * boolean_t smush_outnvlist
102 * If smush_outnvlist is true, then the output is presumed to be a
103 * list of errors, and it will be "smushed" down to fit into the
104 * caller's buffer, by removing some entries and replacing them with a
105 * single "N_MORE_ERRORS" entry indicating how many were removed. See
106 * nvlist_smush() for details. If smush_outnvlist is false, and the
107 * outnvlist does not fit into the userland-provided buffer, then the
108 * ioctl will fail with ENOMEM.
110 * zfs_ioc_func_t *func
111 * The callback function that will perform the operation.
113 * The callback should return 0 on success, or an error number on
114 * failure. If the function fails, the userland ioctl will return -1,
115 * and errno will be set to the callback's return value. The callback
116 * will be called with the following arguments:
119 * The name of the pool or dataset to operate on, from
120 * zfs_cmd_t:zc_name. The 'namecheck' argument specifies the
121 * expected type (pool, dataset, or none).
124 * The input nvlist, deserialized from zfs_cmd_t:zc_nvlist_src. Or
125 * NULL if no input nvlist was provided. Changes to this nvlist are
126 * ignored. If the input nvlist could not be deserialized, the
127 * ioctl will fail and the callback will not be called.
130 * The output nvlist, initially empty. The callback can fill it in,
131 * and it will be returned to userland by serializing it into
132 * zfs_cmd_t:zc_nvlist_dst. If it is non-empty, and serialization
133 * fails (e.g. because the caller didn't supply a large enough
134 * buffer), then the overall ioctl will fail. See the
135 * 'smush_nvlist' argument above for additional behaviors.
137 * There are two typical uses of the output nvlist:
138 * - To return state, e.g. property values. In this case,
139 * smush_outnvlist should be false. If the buffer was not large
140 * enough, the caller will reallocate a larger buffer and try
143 * - To return multiple errors from an ioctl which makes on-disk
144 * changes. In this case, smush_outnvlist should be true.
145 * Ioctls which make on-disk modifications should generally not
146 * use the outnvl if they succeed, because the caller can not
147 * distinguish between the operation failing, and
148 * deserialization failing.
150 * IOCTL Interface Errors
152 * The following ioctl input errors can be returned:
153 * ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
154 * ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
155 * ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
156 * ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
159 #include <sys/types.h>
160 #include <sys/param.h>
161 #include <sys/errno.h>
162 #include <sys/uio_impl.h>
163 #include <sys/file.h>
164 #include <sys/kmem.h>
165 #include <sys/cmn_err.h>
166 #include <sys/stat.h>
167 #include <sys/zfs_ioctl.h>
168 #include <sys/zfs_quota.h>
169 #include <sys/zfs_vfsops.h>
170 #include <sys/zfs_znode.h>
173 #include <sys/spa_impl.h>
174 #include <sys/vdev.h>
175 #include <sys/vdev_impl.h>
177 #include <sys/dsl_dir.h>
178 #include <sys/dsl_dataset.h>
179 #include <sys/dsl_prop.h>
180 #include <sys/dsl_deleg.h>
181 #include <sys/dmu_objset.h>
182 #include <sys/dmu_impl.h>
183 #include <sys/dmu_redact.h>
184 #include <sys/dmu_tx.h>
185 #include <sys/sunddi.h>
186 #include <sys/policy.h>
187 #include <sys/zone.h>
188 #include <sys/nvpair.h>
189 #include <sys/pathname.h>
190 #include <sys/fs/zfs.h>
191 #include <sys/zfs_ctldir.h>
192 #include <sys/zfs_dir.h>
193 #include <sys/zfs_onexit.h>
194 #include <sys/zvol.h>
195 #include <sys/dsl_scan.h>
196 #include <sys/fm/util.h>
197 #include <sys/dsl_crypt.h>
198 #include <sys/rrwlock.h>
199 #include <sys/zfs_file.h>
201 #include <sys/dmu_recv.h>
202 #include <sys/dmu_send.h>
203 #include <sys/dmu_recv.h>
204 #include <sys/dsl_destroy.h>
205 #include <sys/dsl_bookmark.h>
206 #include <sys/dsl_userhold.h>
207 #include <sys/zfeature.h>
209 #include <sys/zio_checksum.h>
210 #include <sys/vdev_removal.h>
211 #include <sys/vdev_impl.h>
212 #include <sys/vdev_initialize.h>
213 #include <sys/vdev_trim.h>
215 #include "zfs_namecheck.h"
216 #include "zfs_prop.h"
217 #include "zfs_deleg.h"
218 #include "zfs_comutil.h"
220 #include <sys/lua/lua.h>
221 #include <sys/lua/lauxlib.h>
222 #include <sys/zfs_ioctl_impl.h>
224 kmutex_t zfsdev_state_lock;
225 zfsdev_state_t *zfsdev_state_list;
228 * Limit maximum nvlist size. We don't want users passing in insane values
229 * for zc->zc_nvlist_src_size, since we will need to allocate that much memory.
230 * Defaults to 0=auto which is handled by platform code.
232 unsigned long zfs_max_nvlist_src_size = 0;
235 * When logging the output nvlist of an ioctl in the on-disk history, limit
236 * the logged size to this many bytes. This must be less than DMU_MAX_ACCESS.
237 * This applies primarily to zfs_ioc_channel_program().
239 unsigned long zfs_history_output_max = 1024 * 1024;
241 uint_t zfs_fsyncer_key;
242 uint_t zfs_allow_log_key;
244 /* DATA_TYPE_ANY is used when zkey_type can vary. */
245 #define DATA_TYPE_ANY DATA_TYPE_UNKNOWN
247 typedef struct zfs_ioc_vec {
248 zfs_ioc_legacy_func_t *zvec_legacy_func;
249 zfs_ioc_func_t *zvec_func;
250 zfs_secpolicy_func_t *zvec_secpolicy;
251 zfs_ioc_namecheck_t zvec_namecheck;
252 boolean_t zvec_allow_log;
253 zfs_ioc_poolcheck_t zvec_pool_check;
254 boolean_t zvec_smush_outnvlist;
255 const char *zvec_name;
256 const zfs_ioc_key_t *zvec_nvl_keys;
257 size_t zvec_nvl_key_count;
260 /* This array is indexed by zfs_userquota_prop_t */
261 static const char *userquota_perms[] = {
262 ZFS_DELEG_PERM_USERUSED,
263 ZFS_DELEG_PERM_USERQUOTA,
264 ZFS_DELEG_PERM_GROUPUSED,
265 ZFS_DELEG_PERM_GROUPQUOTA,
266 ZFS_DELEG_PERM_USEROBJUSED,
267 ZFS_DELEG_PERM_USEROBJQUOTA,
268 ZFS_DELEG_PERM_GROUPOBJUSED,
269 ZFS_DELEG_PERM_GROUPOBJQUOTA,
270 ZFS_DELEG_PERM_PROJECTUSED,
271 ZFS_DELEG_PERM_PROJECTQUOTA,
272 ZFS_DELEG_PERM_PROJECTOBJUSED,
273 ZFS_DELEG_PERM_PROJECTOBJQUOTA,
276 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc);
277 static int zfs_ioc_id_quota_upgrade(zfs_cmd_t *zc);
278 static int zfs_check_settable(const char *name, nvpair_t *property,
280 static int zfs_check_clearable(const char *dataset, nvlist_t *props,
282 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *,
284 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t *);
285 static int get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp);
288 history_str_free(char *buf)
290 kmem_free(buf, HIS_MAX_RECORD_LEN);
294 history_str_get(zfs_cmd_t *zc)
298 if (zc->zc_history == 0)
301 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP);
302 if (copyinstr((void *)(uintptr_t)zc->zc_history,
303 buf, HIS_MAX_RECORD_LEN, NULL) != 0) {
304 history_str_free(buf);
308 buf[HIS_MAX_RECORD_LEN -1] = '\0';
314 * Return non-zero if the spa version is less than requested version.
317 zfs_earlier_version(const char *name, int version)
321 if (spa_open(name, &spa, FTAG) == 0) {
322 if (spa_version(spa) < version) {
323 spa_close(spa, FTAG);
326 spa_close(spa, FTAG);
332 * Return TRUE if the ZPL version is less than requested version.
335 zpl_earlier_version(const char *name, int version)
338 boolean_t rc = B_TRUE;
340 if (dmu_objset_hold(name, FTAG, &os) == 0) {
343 if (dmu_objset_type(os) != DMU_OST_ZFS) {
344 dmu_objset_rele(os, FTAG);
347 /* XXX reading from non-owned objset */
348 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0)
349 rc = zplversion < version;
350 dmu_objset_rele(os, FTAG);
356 zfs_log_history(zfs_cmd_t *zc)
361 if ((buf = history_str_get(zc)) == NULL)
364 if (spa_open(zc->zc_name, &spa, FTAG) == 0) {
365 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY)
366 (void) spa_history_log(spa, buf);
367 spa_close(spa, FTAG);
369 history_str_free(buf);
373 * Policy for top-level read operations (list pools). Requires no privileges,
374 * and can be used in the local zone, as there is no associated dataset.
378 zfs_secpolicy_none(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
384 * Policy for dataset read operations (list children, get statistics). Requires
385 * no privileges, but must be visible in the local zone.
389 zfs_secpolicy_read(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
391 if (INGLOBALZONE(curproc) ||
392 zone_dataset_visible(zc->zc_name, NULL))
395 return (SET_ERROR(ENOENT));
399 zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr)
404 * The dataset must be visible by this zone -- check this first
405 * so they don't see EPERM on something they shouldn't know about.
407 if (!INGLOBALZONE(curproc) &&
408 !zone_dataset_visible(dataset, &writable))
409 return (SET_ERROR(ENOENT));
411 if (INGLOBALZONE(curproc)) {
413 * If the fs is zoned, only root can access it from the
416 if (secpolicy_zfs(cr) && zoned)
417 return (SET_ERROR(EPERM));
420 * If we are in a local zone, the 'zoned' property must be set.
423 return (SET_ERROR(EPERM));
425 /* must be writable by this zone */
427 return (SET_ERROR(EPERM));
433 zfs_dozonecheck(const char *dataset, cred_t *cr)
437 if (dsl_prop_get_integer(dataset, zfs_prop_to_name(ZFS_PROP_ZONED),
439 return (SET_ERROR(ENOENT));
441 return (zfs_dozonecheck_impl(dataset, zoned, cr));
445 zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr)
449 if (dsl_prop_get_int_ds(ds, zfs_prop_to_name(ZFS_PROP_ZONED), &zoned))
450 return (SET_ERROR(ENOENT));
452 return (zfs_dozonecheck_impl(dataset, zoned, cr));
456 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds,
457 const char *perm, cred_t *cr)
461 error = zfs_dozonecheck_ds(name, ds, cr);
463 error = secpolicy_zfs(cr);
465 error = dsl_deleg_access_impl(ds, perm, cr);
471 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
478 * First do a quick check for root in the global zone, which
479 * is allowed to do all write_perms. This ensures that zfs_ioc_*
480 * will get to handle nonexistent datasets.
482 if (INGLOBALZONE(curproc) && secpolicy_zfs(cr) == 0)
485 error = dsl_pool_hold(name, FTAG, &dp);
489 error = dsl_dataset_hold(dp, name, FTAG, &ds);
491 dsl_pool_rele(dp, FTAG);
495 error = zfs_secpolicy_write_perms_ds(name, ds, perm, cr);
497 dsl_dataset_rele(ds, FTAG);
498 dsl_pool_rele(dp, FTAG);
503 * Policy for setting the security label property.
505 * Returns 0 for success, non-zero for access and other errors.
508 zfs_set_slabel_policy(const char *name, const char *strval, cred_t *cr)
511 char ds_hexsl[MAXNAMELEN];
512 bslabel_t ds_sl, new_sl;
513 boolean_t new_default = FALSE;
515 int needed_priv = -1;
518 /* First get the existing dataset label. */
519 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL),
520 1, sizeof (ds_hexsl), &ds_hexsl, NULL);
522 return (SET_ERROR(EPERM));
524 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0)
527 /* The label must be translatable */
528 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0))
529 return (SET_ERROR(EINVAL));
532 * In a non-global zone, disallow attempts to set a label that
533 * doesn't match that of the zone; otherwise no other checks
536 if (!INGLOBALZONE(curproc)) {
537 if (new_default || !blequal(&new_sl, CR_SL(CRED())))
538 return (SET_ERROR(EPERM));
543 * For global-zone datasets (i.e., those whose zoned property is
544 * "off", verify that the specified new label is valid for the
547 if (dsl_prop_get_integer(name,
548 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL))
549 return (SET_ERROR(EPERM));
551 if (zfs_check_global_label(name, strval) != 0)
552 return (SET_ERROR(EPERM));
556 * If the existing dataset label is nondefault, check if the
557 * dataset is mounted (label cannot be changed while mounted).
558 * Get the zfsvfs_t; if there isn't one, then the dataset isn't
559 * mounted (or isn't a dataset, doesn't exist, ...).
561 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) {
563 static const char *setsl_tag = "setsl_tag";
566 * Try to own the dataset; abort if there is any error,
567 * (e.g., already mounted, in use, or other error).
569 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE, B_TRUE,
572 return (SET_ERROR(EPERM));
574 dmu_objset_disown(os, B_TRUE, setsl_tag);
577 needed_priv = PRIV_FILE_DOWNGRADE_SL;
581 if (hexstr_to_label(strval, &new_sl) != 0)
582 return (SET_ERROR(EPERM));
584 if (blstrictdom(&ds_sl, &new_sl))
585 needed_priv = PRIV_FILE_DOWNGRADE_SL;
586 else if (blstrictdom(&new_sl, &ds_sl))
587 needed_priv = PRIV_FILE_UPGRADE_SL;
589 /* dataset currently has a default label */
591 needed_priv = PRIV_FILE_UPGRADE_SL;
595 if (needed_priv != -1)
596 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL));
599 return (SET_ERROR(ENOTSUP));
600 #endif /* HAVE_MLSLABEL */
604 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval,
610 * Check permissions for special properties.
617 * Disallow setting of 'zoned' from within a local zone.
619 if (!INGLOBALZONE(curproc))
620 return (SET_ERROR(EPERM));
624 case ZFS_PROP_FILESYSTEM_LIMIT:
625 case ZFS_PROP_SNAPSHOT_LIMIT:
626 if (!INGLOBALZONE(curproc)) {
628 char setpoint[ZFS_MAX_DATASET_NAME_LEN];
630 * Unprivileged users are allowed to modify the
631 * limit on things *under* (ie. contained by)
632 * the thing they own.
634 if (dsl_prop_get_integer(dsname,
635 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, setpoint))
636 return (SET_ERROR(EPERM));
637 if (!zoned || strlen(dsname) <= strlen(setpoint))
638 return (SET_ERROR(EPERM));
642 case ZFS_PROP_MLSLABEL:
643 if (!is_system_labeled())
644 return (SET_ERROR(EPERM));
646 if (nvpair_value_string(propval, &strval) == 0) {
649 err = zfs_set_slabel_policy(dsname, strval, CRED());
656 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr));
661 zfs_secpolicy_set_fsacl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
665 error = zfs_dozonecheck(zc->zc_name, cr);
670 * permission to set permissions will be evaluated later in
671 * dsl_deleg_can_allow()
678 zfs_secpolicy_rollback(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
680 return (zfs_secpolicy_write_perms(zc->zc_name,
681 ZFS_DELEG_PERM_ROLLBACK, cr));
686 zfs_secpolicy_send(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
694 * Generate the current snapshot name from the given objsetid, then
695 * use that name for the secpolicy/zone checks.
697 cp = strchr(zc->zc_name, '@');
699 return (SET_ERROR(EINVAL));
700 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
704 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
706 dsl_pool_rele(dp, FTAG);
710 dsl_dataset_name(ds, zc->zc_name);
712 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds,
713 ZFS_DELEG_PERM_SEND, cr);
714 dsl_dataset_rele(ds, FTAG);
715 dsl_pool_rele(dp, FTAG);
722 zfs_secpolicy_send_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
724 return (zfs_secpolicy_write_perms(zc->zc_name,
725 ZFS_DELEG_PERM_SEND, cr));
729 zfs_secpolicy_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
731 return (SET_ERROR(ENOTSUP));
735 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
737 return (SET_ERROR(ENOTSUP));
741 zfs_get_parent(const char *datasetname, char *parent, int parentsize)
746 * Remove the @bla or /bla from the end of the name to get the parent.
748 (void) strncpy(parent, datasetname, parentsize);
749 cp = strrchr(parent, '@');
753 cp = strrchr(parent, '/');
755 return (SET_ERROR(ENOENT));
763 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr)
767 if ((error = zfs_secpolicy_write_perms(name,
768 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
771 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr));
776 zfs_secpolicy_destroy(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
778 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr));
782 * Destroying snapshots with delegated permissions requires
783 * descendant mount and destroy permissions.
787 zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
790 nvpair_t *pair, *nextpair;
793 snaps = fnvlist_lookup_nvlist(innvl, "snaps");
795 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
797 nextpair = nvlist_next_nvpair(snaps, pair);
798 error = zfs_secpolicy_destroy_perms(nvpair_name(pair), cr);
799 if (error == ENOENT) {
801 * Ignore any snapshots that don't exist (we consider
802 * them "already destroyed"). Remove the name from the
803 * nvl here in case the snapshot is created between
804 * now and when we try to destroy it (in which case
805 * we don't want to destroy it since we haven't
806 * checked for permission).
808 fnvlist_remove_nvpair(snaps, pair);
819 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr)
821 char parentname[ZFS_MAX_DATASET_NAME_LEN];
824 if ((error = zfs_secpolicy_write_perms(from,
825 ZFS_DELEG_PERM_RENAME, cr)) != 0)
828 if ((error = zfs_secpolicy_write_perms(from,
829 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
832 if ((error = zfs_get_parent(to, parentname,
833 sizeof (parentname))) != 0)
836 if ((error = zfs_secpolicy_write_perms(parentname,
837 ZFS_DELEG_PERM_CREATE, cr)) != 0)
840 if ((error = zfs_secpolicy_write_perms(parentname,
841 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
849 zfs_secpolicy_rename(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
851 return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr));
856 zfs_secpolicy_promote(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
859 dsl_dataset_t *clone;
862 error = zfs_secpolicy_write_perms(zc->zc_name,
863 ZFS_DELEG_PERM_PROMOTE, cr);
867 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
871 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &clone);
874 char parentname[ZFS_MAX_DATASET_NAME_LEN];
875 dsl_dataset_t *origin = NULL;
879 error = dsl_dataset_hold_obj(dd->dd_pool,
880 dsl_dir_phys(dd)->dd_origin_obj, FTAG, &origin);
882 dsl_dataset_rele(clone, FTAG);
883 dsl_pool_rele(dp, FTAG);
887 error = zfs_secpolicy_write_perms_ds(zc->zc_name, clone,
888 ZFS_DELEG_PERM_MOUNT, cr);
890 dsl_dataset_name(origin, parentname);
892 error = zfs_secpolicy_write_perms_ds(parentname, origin,
893 ZFS_DELEG_PERM_PROMOTE, cr);
895 dsl_dataset_rele(clone, FTAG);
896 dsl_dataset_rele(origin, FTAG);
898 dsl_pool_rele(dp, FTAG);
904 zfs_secpolicy_recv(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
908 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
909 ZFS_DELEG_PERM_RECEIVE, cr)) != 0)
912 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
913 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
916 return (zfs_secpolicy_write_perms(zc->zc_name,
917 ZFS_DELEG_PERM_CREATE, cr));
922 zfs_secpolicy_recv_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
924 return (zfs_secpolicy_recv(zc, innvl, cr));
928 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr)
930 return (zfs_secpolicy_write_perms(name,
931 ZFS_DELEG_PERM_SNAPSHOT, cr));
935 * Check for permission to create each snapshot in the nvlist.
939 zfs_secpolicy_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
945 snaps = fnvlist_lookup_nvlist(innvl, "snaps");
947 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
948 pair = nvlist_next_nvpair(snaps, pair)) {
949 char *name = nvpair_name(pair);
950 char *atp = strchr(name, '@');
953 error = SET_ERROR(EINVAL);
957 error = zfs_secpolicy_snapshot_perms(name, cr);
966 * Check for permission to create each bookmark in the nvlist.
970 zfs_secpolicy_bookmark(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
974 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL);
975 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
976 char *name = nvpair_name(pair);
977 char *hashp = strchr(name, '#');
980 error = SET_ERROR(EINVAL);
984 error = zfs_secpolicy_write_perms(name,
985 ZFS_DELEG_PERM_BOOKMARK, cr);
995 zfs_secpolicy_destroy_bookmarks(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
997 nvpair_t *pair, *nextpair;
1000 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL;
1002 char *name = nvpair_name(pair);
1003 char *hashp = strchr(name, '#');
1004 nextpair = nvlist_next_nvpair(innvl, pair);
1006 if (hashp == NULL) {
1007 error = SET_ERROR(EINVAL);
1012 error = zfs_secpolicy_write_perms(name,
1013 ZFS_DELEG_PERM_DESTROY, cr);
1015 if (error == ENOENT) {
1017 * Ignore any filesystems that don't exist (we consider
1018 * their bookmarks "already destroyed"). Remove
1019 * the name from the nvl here in case the filesystem
1020 * is created between now and when we try to destroy
1021 * the bookmark (in which case we don't want to
1022 * destroy it since we haven't checked for permission).
1024 fnvlist_remove_nvpair(innvl, pair);
1036 zfs_secpolicy_log_history(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1039 * Even root must have a proper TSD so that we know what pool
1042 if (tsd_get(zfs_allow_log_key) == NULL)
1043 return (SET_ERROR(EPERM));
1048 zfs_secpolicy_create_clone(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1050 char parentname[ZFS_MAX_DATASET_NAME_LEN];
1054 if ((error = zfs_get_parent(zc->zc_name, parentname,
1055 sizeof (parentname))) != 0)
1058 if (nvlist_lookup_string(innvl, "origin", &origin) == 0 &&
1059 (error = zfs_secpolicy_write_perms(origin,
1060 ZFS_DELEG_PERM_CLONE, cr)) != 0)
1063 if ((error = zfs_secpolicy_write_perms(parentname,
1064 ZFS_DELEG_PERM_CREATE, cr)) != 0)
1067 return (zfs_secpolicy_write_perms(parentname,
1068 ZFS_DELEG_PERM_MOUNT, cr));
1072 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires
1073 * SYS_CONFIG privilege, which is not available in a local zone.
1077 zfs_secpolicy_config(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1079 if (secpolicy_sys_config(cr, B_FALSE) != 0)
1080 return (SET_ERROR(EPERM));
1086 * Policy for object to name lookups.
1090 zfs_secpolicy_diff(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1094 if ((error = secpolicy_sys_config(cr, B_FALSE)) == 0)
1097 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr);
1102 * Policy for fault injection. Requires all privileges.
1106 zfs_secpolicy_inject(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1108 return (secpolicy_zinject(cr));
1113 zfs_secpolicy_inherit_prop(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1115 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value);
1117 if (prop == ZPROP_INVAL) {
1118 if (!zfs_prop_user(zc->zc_value))
1119 return (SET_ERROR(EINVAL));
1120 return (zfs_secpolicy_write_perms(zc->zc_name,
1121 ZFS_DELEG_PERM_USERPROP, cr));
1123 return (zfs_secpolicy_setprop(zc->zc_name, prop,
1129 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1131 int err = zfs_secpolicy_read(zc, innvl, cr);
1135 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1136 return (SET_ERROR(EINVAL));
1138 if (zc->zc_value[0] == 0) {
1140 * They are asking about a posix uid/gid. If it's
1141 * themself, allow it.
1143 if (zc->zc_objset_type == ZFS_PROP_USERUSED ||
1144 zc->zc_objset_type == ZFS_PROP_USERQUOTA ||
1145 zc->zc_objset_type == ZFS_PROP_USEROBJUSED ||
1146 zc->zc_objset_type == ZFS_PROP_USEROBJQUOTA) {
1147 if (zc->zc_guid == crgetuid(cr))
1149 } else if (zc->zc_objset_type == ZFS_PROP_GROUPUSED ||
1150 zc->zc_objset_type == ZFS_PROP_GROUPQUOTA ||
1151 zc->zc_objset_type == ZFS_PROP_GROUPOBJUSED ||
1152 zc->zc_objset_type == ZFS_PROP_GROUPOBJQUOTA) {
1153 if (groupmember(zc->zc_guid, cr))
1156 /* else is for project quota/used */
1159 return (zfs_secpolicy_write_perms(zc->zc_name,
1160 userquota_perms[zc->zc_objset_type], cr));
1164 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1166 int err = zfs_secpolicy_read(zc, innvl, cr);
1170 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1171 return (SET_ERROR(EINVAL));
1173 return (zfs_secpolicy_write_perms(zc->zc_name,
1174 userquota_perms[zc->zc_objset_type], cr));
1179 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1181 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION,
1187 zfs_secpolicy_hold(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1193 holds = fnvlist_lookup_nvlist(innvl, "holds");
1195 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL;
1196 pair = nvlist_next_nvpair(holds, pair)) {
1197 char fsname[ZFS_MAX_DATASET_NAME_LEN];
1198 error = dmu_fsname(nvpair_name(pair), fsname);
1201 error = zfs_secpolicy_write_perms(fsname,
1202 ZFS_DELEG_PERM_HOLD, cr);
1211 zfs_secpolicy_release(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1216 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL;
1217 pair = nvlist_next_nvpair(innvl, pair)) {
1218 char fsname[ZFS_MAX_DATASET_NAME_LEN];
1219 error = dmu_fsname(nvpair_name(pair), fsname);
1222 error = zfs_secpolicy_write_perms(fsname,
1223 ZFS_DELEG_PERM_RELEASE, cr);
1231 * Policy for allowing temporary snapshots to be taken or released
1234 zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1237 * A temporary snapshot is the same as a snapshot,
1238 * hold, destroy and release all rolled into one.
1239 * Delegated diff alone is sufficient that we allow this.
1243 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
1244 ZFS_DELEG_PERM_DIFF, cr)) == 0)
1247 error = zfs_secpolicy_snapshot_perms(zc->zc_name, cr);
1249 if (innvl != NULL) {
1251 error = zfs_secpolicy_hold(zc, innvl, cr);
1253 error = zfs_secpolicy_release(zc, innvl, cr);
1255 error = zfs_secpolicy_destroy(zc, innvl, cr);
1261 zfs_secpolicy_load_key(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1263 return (zfs_secpolicy_write_perms(zc->zc_name,
1264 ZFS_DELEG_PERM_LOAD_KEY, cr));
1268 zfs_secpolicy_change_key(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1270 return (zfs_secpolicy_write_perms(zc->zc_name,
1271 ZFS_DELEG_PERM_CHANGE_KEY, cr));
1275 * Returns the nvlist as specified by the user in the zfs_cmd_t.
1278 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp)
1282 nvlist_t *list = NULL;
1285 * Read in and unpack the user-supplied nvlist.
1288 return (SET_ERROR(EINVAL));
1290 packed = vmem_alloc(size, KM_SLEEP);
1292 if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size,
1294 vmem_free(packed, size);
1295 return (SET_ERROR(EFAULT));
1298 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) {
1299 vmem_free(packed, size);
1303 vmem_free(packed, size);
1310 * Reduce the size of this nvlist until it can be serialized in 'max' bytes.
1311 * Entries will be removed from the end of the nvlist, and one int32 entry
1312 * named "N_MORE_ERRORS" will be added indicating how many entries were
1316 nvlist_smush(nvlist_t *errors, size_t max)
1320 size = fnvlist_size(errors);
1323 nvpair_t *more_errors;
1327 return (SET_ERROR(ENOMEM));
1329 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, 0);
1330 more_errors = nvlist_prev_nvpair(errors, NULL);
1333 nvpair_t *pair = nvlist_prev_nvpair(errors,
1335 fnvlist_remove_nvpair(errors, pair);
1337 size = fnvlist_size(errors);
1338 } while (size > max);
1340 fnvlist_remove_nvpair(errors, more_errors);
1341 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, n);
1342 ASSERT3U(fnvlist_size(errors), <=, max);
1349 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl)
1351 char *packed = NULL;
1355 size = fnvlist_size(nvl);
1357 if (size > zc->zc_nvlist_dst_size) {
1358 error = SET_ERROR(ENOMEM);
1360 packed = fnvlist_pack(nvl, &size);
1361 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst,
1362 size, zc->zc_iflags) != 0)
1363 error = SET_ERROR(EFAULT);
1364 fnvlist_pack_free(packed, size);
1367 zc->zc_nvlist_dst_size = size;
1368 zc->zc_nvlist_dst_filled = B_TRUE;
1373 getzfsvfs_impl(objset_t *os, zfsvfs_t **zfvp)
1376 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1377 return (SET_ERROR(EINVAL));
1380 mutex_enter(&os->os_user_ptr_lock);
1381 *zfvp = dmu_objset_get_user(os);
1382 /* bump s_active only when non-zero to prevent umount race */
1383 error = zfs_vfs_ref(zfvp);
1384 mutex_exit(&os->os_user_ptr_lock);
1389 getzfsvfs(const char *dsname, zfsvfs_t **zfvp)
1394 error = dmu_objset_hold(dsname, FTAG, &os);
1398 error = getzfsvfs_impl(os, zfvp);
1399 dmu_objset_rele(os, FTAG);
1404 * Find a zfsvfs_t for a mounted filesystem, or create our own, in which
1405 * case its z_sb will be NULL, and it will be opened as the owner.
1406 * If 'writer' is set, the z_teardown_lock will be held for RW_WRITER,
1407 * which prevents all inode ops from running.
1410 zfsvfs_hold(const char *name, void *tag, zfsvfs_t **zfvp, boolean_t writer)
1414 if (getzfsvfs(name, zfvp) != 0)
1415 error = zfsvfs_create(name, B_FALSE, zfvp);
1418 ZFS_TEARDOWN_ENTER_WRITE(*zfvp, tag);
1420 ZFS_TEARDOWN_ENTER_READ(*zfvp, tag);
1421 if ((*zfvp)->z_unmounted) {
1423 * XXX we could probably try again, since the unmounting
1424 * thread should be just about to disassociate the
1425 * objset from the zfsvfs.
1427 ZFS_TEARDOWN_EXIT(*zfvp, tag);
1428 return (SET_ERROR(EBUSY));
1435 zfsvfs_rele(zfsvfs_t *zfsvfs, void *tag)
1437 ZFS_TEARDOWN_EXIT(zfsvfs, tag);
1439 if (zfs_vfs_held(zfsvfs)) {
1440 zfs_vfs_rele(zfsvfs);
1442 dmu_objset_disown(zfsvfs->z_os, B_TRUE, zfsvfs);
1443 zfsvfs_free(zfsvfs);
1448 zfs_ioc_pool_create(zfs_cmd_t *zc)
1451 nvlist_t *config, *props = NULL;
1452 nvlist_t *rootprops = NULL;
1453 nvlist_t *zplprops = NULL;
1454 dsl_crypto_params_t *dcp = NULL;
1455 const char *spa_name = zc->zc_name;
1456 boolean_t unload_wkey = B_TRUE;
1458 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1459 zc->zc_iflags, &config)))
1462 if (zc->zc_nvlist_src_size != 0 && (error =
1463 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1464 zc->zc_iflags, &props))) {
1465 nvlist_free(config);
1470 nvlist_t *nvl = NULL;
1471 nvlist_t *hidden_args = NULL;
1472 uint64_t version = SPA_VERSION;
1475 (void) nvlist_lookup_uint64(props,
1476 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version);
1477 if (!SPA_VERSION_IS_SUPPORTED(version)) {
1478 error = SET_ERROR(EINVAL);
1479 goto pool_props_bad;
1481 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl);
1483 error = nvlist_dup(nvl, &rootprops, KM_SLEEP);
1485 goto pool_props_bad;
1486 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS);
1489 (void) nvlist_lookup_nvlist(props, ZPOOL_HIDDEN_ARGS,
1491 error = dsl_crypto_params_create_nvlist(DCP_CMD_NONE,
1492 rootprops, hidden_args, &dcp);
1494 goto pool_props_bad;
1495 (void) nvlist_remove_all(props, ZPOOL_HIDDEN_ARGS);
1497 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1498 error = zfs_fill_zplprops_root(version, rootprops,
1501 goto pool_props_bad;
1503 if (nvlist_lookup_string(props,
1504 zpool_prop_to_name(ZPOOL_PROP_TNAME), &tname) == 0)
1508 error = spa_create(zc->zc_name, config, props, zplprops, dcp);
1511 * Set the remaining root properties
1513 if (!error && (error = zfs_set_prop_nvlist(spa_name,
1514 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0) {
1515 (void) spa_destroy(spa_name);
1516 unload_wkey = B_FALSE; /* spa_destroy() unloads wrapping keys */
1520 nvlist_free(rootprops);
1521 nvlist_free(zplprops);
1522 nvlist_free(config);
1524 dsl_crypto_params_free(dcp, unload_wkey && !!error);
1530 zfs_ioc_pool_destroy(zfs_cmd_t *zc)
1533 zfs_log_history(zc);
1534 error = spa_destroy(zc->zc_name);
1540 zfs_ioc_pool_import(zfs_cmd_t *zc)
1542 nvlist_t *config, *props = NULL;
1546 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1547 zc->zc_iflags, &config)) != 0)
1550 if (zc->zc_nvlist_src_size != 0 && (error =
1551 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1552 zc->zc_iflags, &props))) {
1553 nvlist_free(config);
1557 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 ||
1558 guid != zc->zc_guid)
1559 error = SET_ERROR(EINVAL);
1561 error = spa_import(zc->zc_name, config, props, zc->zc_cookie);
1563 if (zc->zc_nvlist_dst != 0) {
1566 if ((err = put_nvlist(zc, config)) != 0)
1570 nvlist_free(config);
1577 zfs_ioc_pool_export(zfs_cmd_t *zc)
1580 boolean_t force = (boolean_t)zc->zc_cookie;
1581 boolean_t hardforce = (boolean_t)zc->zc_guid;
1583 zfs_log_history(zc);
1584 error = spa_export(zc->zc_name, NULL, force, hardforce);
1590 zfs_ioc_pool_configs(zfs_cmd_t *zc)
1595 if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL)
1596 return (SET_ERROR(EEXIST));
1598 error = put_nvlist(zc, configs);
1600 nvlist_free(configs);
1607 * zc_name name of the pool
1610 * zc_cookie real errno
1611 * zc_nvlist_dst config nvlist
1612 * zc_nvlist_dst_size size of config nvlist
1615 zfs_ioc_pool_stats(zfs_cmd_t *zc)
1621 error = spa_get_stats(zc->zc_name, &config, zc->zc_value,
1622 sizeof (zc->zc_value));
1624 if (config != NULL) {
1625 ret = put_nvlist(zc, config);
1626 nvlist_free(config);
1629 * The config may be present even if 'error' is non-zero.
1630 * In this case we return success, and preserve the real errno
1633 zc->zc_cookie = error;
1642 * Try to import the given pool, returning pool stats as appropriate so that
1643 * user land knows which devices are available and overall pool health.
1646 zfs_ioc_pool_tryimport(zfs_cmd_t *zc)
1648 nvlist_t *tryconfig, *config = NULL;
1651 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1652 zc->zc_iflags, &tryconfig)) != 0)
1655 config = spa_tryimport(tryconfig);
1657 nvlist_free(tryconfig);
1660 return (SET_ERROR(EINVAL));
1662 error = put_nvlist(zc, config);
1663 nvlist_free(config);
1670 * zc_name name of the pool
1671 * zc_cookie scan func (pool_scan_func_t)
1672 * zc_flags scrub pause/resume flag (pool_scrub_cmd_t)
1675 zfs_ioc_pool_scan(zfs_cmd_t *zc)
1680 if (zc->zc_flags >= POOL_SCRUB_FLAGS_END)
1681 return (SET_ERROR(EINVAL));
1683 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1686 if (zc->zc_flags == POOL_SCRUB_PAUSE)
1687 error = spa_scrub_pause_resume(spa, POOL_SCRUB_PAUSE);
1688 else if (zc->zc_cookie == POOL_SCAN_NONE)
1689 error = spa_scan_stop(spa);
1691 error = spa_scan(spa, zc->zc_cookie);
1693 spa_close(spa, FTAG);
1699 zfs_ioc_pool_freeze(zfs_cmd_t *zc)
1704 error = spa_open(zc->zc_name, &spa, FTAG);
1707 spa_close(spa, FTAG);
1713 zfs_ioc_pool_upgrade(zfs_cmd_t *zc)
1718 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1721 if (zc->zc_cookie < spa_version(spa) ||
1722 !SPA_VERSION_IS_SUPPORTED(zc->zc_cookie)) {
1723 spa_close(spa, FTAG);
1724 return (SET_ERROR(EINVAL));
1727 spa_upgrade(spa, zc->zc_cookie);
1728 spa_close(spa, FTAG);
1734 zfs_ioc_pool_get_history(zfs_cmd_t *zc)
1741 if ((size = zc->zc_history_len) == 0)
1742 return (SET_ERROR(EINVAL));
1744 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1747 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
1748 spa_close(spa, FTAG);
1749 return (SET_ERROR(ENOTSUP));
1752 hist_buf = vmem_alloc(size, KM_SLEEP);
1753 if ((error = spa_history_get(spa, &zc->zc_history_offset,
1754 &zc->zc_history_len, hist_buf)) == 0) {
1755 error = ddi_copyout(hist_buf,
1756 (void *)(uintptr_t)zc->zc_history,
1757 zc->zc_history_len, zc->zc_iflags);
1760 spa_close(spa, FTAG);
1761 vmem_free(hist_buf, size);
1766 zfs_ioc_pool_reguid(zfs_cmd_t *zc)
1771 error = spa_open(zc->zc_name, &spa, FTAG);
1773 error = spa_change_guid(spa);
1774 spa_close(spa, FTAG);
1780 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc)
1782 return (dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value));
1787 * zc_name name of filesystem
1788 * zc_obj object to find
1791 * zc_value name of object
1794 zfs_ioc_obj_to_path(zfs_cmd_t *zc)
1799 /* XXX reading from objset not owned */
1800 if ((error = dmu_objset_hold_flags(zc->zc_name, B_TRUE,
1803 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1804 dmu_objset_rele_flags(os, B_TRUE, FTAG);
1805 return (SET_ERROR(EINVAL));
1807 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value,
1808 sizeof (zc->zc_value));
1809 dmu_objset_rele_flags(os, B_TRUE, FTAG);
1816 * zc_name name of filesystem
1817 * zc_obj object to find
1820 * zc_stat stats on object
1821 * zc_value path to object
1824 zfs_ioc_obj_to_stats(zfs_cmd_t *zc)
1829 /* XXX reading from objset not owned */
1830 if ((error = dmu_objset_hold_flags(zc->zc_name, B_TRUE,
1833 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1834 dmu_objset_rele_flags(os, B_TRUE, FTAG);
1835 return (SET_ERROR(EINVAL));
1837 error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value,
1838 sizeof (zc->zc_value));
1839 dmu_objset_rele_flags(os, B_TRUE, FTAG);
1845 zfs_ioc_vdev_add(zfs_cmd_t *zc)
1851 error = spa_open(zc->zc_name, &spa, FTAG);
1855 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1856 zc->zc_iflags, &config);
1858 error = spa_vdev_add(spa, config);
1859 nvlist_free(config);
1861 spa_close(spa, FTAG);
1867 * zc_name name of the pool
1868 * zc_guid guid of vdev to remove
1869 * zc_cookie cancel removal
1872 zfs_ioc_vdev_remove(zfs_cmd_t *zc)
1877 error = spa_open(zc->zc_name, &spa, FTAG);
1880 if (zc->zc_cookie != 0) {
1881 error = spa_vdev_remove_cancel(spa);
1883 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE);
1885 spa_close(spa, FTAG);
1890 zfs_ioc_vdev_set_state(zfs_cmd_t *zc)
1894 vdev_state_t newstate = VDEV_STATE_UNKNOWN;
1896 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1898 switch (zc->zc_cookie) {
1899 case VDEV_STATE_ONLINE:
1900 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate);
1903 case VDEV_STATE_OFFLINE:
1904 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj);
1907 case VDEV_STATE_FAULTED:
1908 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1909 zc->zc_obj != VDEV_AUX_EXTERNAL &&
1910 zc->zc_obj != VDEV_AUX_EXTERNAL_PERSIST)
1911 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1913 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj);
1916 case VDEV_STATE_DEGRADED:
1917 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1918 zc->zc_obj != VDEV_AUX_EXTERNAL)
1919 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1921 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj);
1925 error = SET_ERROR(EINVAL);
1927 zc->zc_cookie = newstate;
1928 spa_close(spa, FTAG);
1933 zfs_ioc_vdev_attach(zfs_cmd_t *zc)
1937 int replacing = zc->zc_cookie;
1938 int rebuild = zc->zc_simple;
1941 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1944 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1945 zc->zc_iflags, &config)) == 0) {
1946 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing,
1948 nvlist_free(config);
1951 spa_close(spa, FTAG);
1956 zfs_ioc_vdev_detach(zfs_cmd_t *zc)
1961 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1964 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE);
1966 spa_close(spa, FTAG);
1971 zfs_ioc_vdev_split(zfs_cmd_t *zc)
1974 nvlist_t *config, *props = NULL;
1976 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT);
1978 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1981 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1982 zc->zc_iflags, &config))) {
1983 spa_close(spa, FTAG);
1987 if (zc->zc_nvlist_src_size != 0 && (error =
1988 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1989 zc->zc_iflags, &props))) {
1990 spa_close(spa, FTAG);
1991 nvlist_free(config);
1995 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp);
1997 spa_close(spa, FTAG);
1999 nvlist_free(config);
2006 zfs_ioc_vdev_setpath(zfs_cmd_t *zc)
2009 const char *path = zc->zc_value;
2010 uint64_t guid = zc->zc_guid;
2013 error = spa_open(zc->zc_name, &spa, FTAG);
2017 error = spa_vdev_setpath(spa, guid, path);
2018 spa_close(spa, FTAG);
2023 zfs_ioc_vdev_setfru(zfs_cmd_t *zc)
2026 const char *fru = zc->zc_value;
2027 uint64_t guid = zc->zc_guid;
2030 error = spa_open(zc->zc_name, &spa, FTAG);
2034 error = spa_vdev_setfru(spa, guid, fru);
2035 spa_close(spa, FTAG);
2040 zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os)
2045 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
2047 if (zc->zc_nvlist_dst != 0 &&
2048 (error = dsl_prop_get_all(os, &nv)) == 0) {
2049 dmu_objset_stats(os, nv);
2051 * NB: zvol_get_stats() will read the objset contents,
2052 * which we aren't supposed to do with a
2053 * DS_MODE_USER hold, because it could be
2054 * inconsistent. So this is a bit of a workaround...
2055 * XXX reading without owning
2057 if (!zc->zc_objset_stats.dds_inconsistent &&
2058 dmu_objset_type(os) == DMU_OST_ZVOL) {
2059 error = zvol_get_stats(os, nv);
2067 error = put_nvlist(zc, nv);
2076 * zc_name name of filesystem
2077 * zc_nvlist_dst_size size of buffer for property nvlist
2080 * zc_objset_stats stats
2081 * zc_nvlist_dst property nvlist
2082 * zc_nvlist_dst_size size of property nvlist
2085 zfs_ioc_objset_stats(zfs_cmd_t *zc)
2090 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2092 error = zfs_ioc_objset_stats_impl(zc, os);
2093 dmu_objset_rele(os, FTAG);
2101 * zc_name name of filesystem
2102 * zc_nvlist_dst_size size of buffer for property nvlist
2105 * zc_nvlist_dst received property nvlist
2106 * zc_nvlist_dst_size size of received property nvlist
2108 * Gets received properties (distinct from local properties on or after
2109 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from
2110 * local property values.
2113 zfs_ioc_objset_recvd_props(zfs_cmd_t *zc)
2119 * Without this check, we would return local property values if the
2120 * caller has not already received properties on or after
2121 * SPA_VERSION_RECVD_PROPS.
2123 if (!dsl_prop_get_hasrecvd(zc->zc_name))
2124 return (SET_ERROR(ENOTSUP));
2126 if (zc->zc_nvlist_dst != 0 &&
2127 (error = dsl_prop_get_received(zc->zc_name, &nv)) == 0) {
2128 error = put_nvlist(zc, nv);
2136 nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop)
2142 * zfs_get_zplprop() will either find a value or give us
2143 * the default value (if there is one).
2145 if ((error = zfs_get_zplprop(os, prop, &value)) != 0)
2147 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0);
2153 * zc_name name of filesystem
2154 * zc_nvlist_dst_size size of buffer for zpl property nvlist
2157 * zc_nvlist_dst zpl property nvlist
2158 * zc_nvlist_dst_size size of zpl property nvlist
2161 zfs_ioc_objset_zplprops(zfs_cmd_t *zc)
2166 /* XXX reading without owning */
2167 if ((err = dmu_objset_hold(zc->zc_name, FTAG, &os)))
2170 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
2173 * NB: nvl_add_zplprop() will read the objset contents,
2174 * which we aren't supposed to do with a DS_MODE_USER
2175 * hold, because it could be inconsistent.
2177 if (zc->zc_nvlist_dst != 0 &&
2178 !zc->zc_objset_stats.dds_inconsistent &&
2179 dmu_objset_type(os) == DMU_OST_ZFS) {
2182 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2183 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 &&
2184 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 &&
2185 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 &&
2186 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0)
2187 err = put_nvlist(zc, nv);
2190 err = SET_ERROR(ENOENT);
2192 dmu_objset_rele(os, FTAG);
2198 * zc_name name of filesystem
2199 * zc_cookie zap cursor
2200 * zc_nvlist_dst_size size of buffer for property nvlist
2203 * zc_name name of next filesystem
2204 * zc_cookie zap cursor
2205 * zc_objset_stats stats
2206 * zc_nvlist_dst property nvlist
2207 * zc_nvlist_dst_size size of property nvlist
2210 zfs_ioc_dataset_list_next(zfs_cmd_t *zc)
2215 size_t orig_len = strlen(zc->zc_name);
2218 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os))) {
2219 if (error == ENOENT)
2220 error = SET_ERROR(ESRCH);
2224 p = strrchr(zc->zc_name, '/');
2225 if (p == NULL || p[1] != '\0')
2226 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name));
2227 p = zc->zc_name + strlen(zc->zc_name);
2230 error = dmu_dir_list_next(os,
2231 sizeof (zc->zc_name) - (p - zc->zc_name), p,
2232 NULL, &zc->zc_cookie);
2233 if (error == ENOENT)
2234 error = SET_ERROR(ESRCH);
2235 } while (error == 0 && zfs_dataset_name_hidden(zc->zc_name));
2236 dmu_objset_rele(os, FTAG);
2239 * If it's an internal dataset (ie. with a '$' in its name),
2240 * don't try to get stats for it, otherwise we'll return ENOENT.
2242 if (error == 0 && strchr(zc->zc_name, '$') == NULL) {
2243 error = zfs_ioc_objset_stats(zc); /* fill in the stats */
2244 if (error == ENOENT) {
2245 /* We lost a race with destroy, get the next one. */
2246 zc->zc_name[orig_len] = '\0';
2255 * zc_name name of filesystem
2256 * zc_cookie zap cursor
2257 * zc_nvlist_src iteration range nvlist
2258 * zc_nvlist_src_size size of iteration range nvlist
2261 * zc_name name of next snapshot
2262 * zc_objset_stats stats
2263 * zc_nvlist_dst property nvlist
2264 * zc_nvlist_dst_size size of property nvlist
2267 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc)
2270 objset_t *os, *ossnap;
2272 uint64_t min_txg = 0, max_txg = 0;
2274 if (zc->zc_nvlist_src_size != 0) {
2275 nvlist_t *props = NULL;
2276 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2277 zc->zc_iflags, &props);
2280 (void) nvlist_lookup_uint64(props, SNAP_ITER_MIN_TXG,
2282 (void) nvlist_lookup_uint64(props, SNAP_ITER_MAX_TXG,
2287 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2289 return (error == ENOENT ? SET_ERROR(ESRCH) : error);
2293 * A dataset name of maximum length cannot have any snapshots,
2294 * so exit immediately.
2296 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >=
2297 ZFS_MAX_DATASET_NAME_LEN) {
2298 dmu_objset_rele(os, FTAG);
2299 return (SET_ERROR(ESRCH));
2302 while (error == 0) {
2303 if (issig(JUSTLOOKING) && issig(FORREAL)) {
2304 error = SET_ERROR(EINTR);
2308 error = dmu_snapshot_list_next(os,
2309 sizeof (zc->zc_name) - strlen(zc->zc_name),
2310 zc->zc_name + strlen(zc->zc_name), &zc->zc_obj,
2311 &zc->zc_cookie, NULL);
2312 if (error == ENOENT) {
2313 error = SET_ERROR(ESRCH);
2315 } else if (error != 0) {
2319 error = dsl_dataset_hold_obj(dmu_objset_pool(os), zc->zc_obj,
2324 if ((min_txg != 0 && dsl_get_creationtxg(ds) < min_txg) ||
2325 (max_txg != 0 && dsl_get_creationtxg(ds) > max_txg)) {
2326 dsl_dataset_rele(ds, FTAG);
2327 /* undo snapshot name append */
2328 *(strchr(zc->zc_name, '@') + 1) = '\0';
2333 if (zc->zc_simple) {
2334 dsl_dataset_rele(ds, FTAG);
2338 if ((error = dmu_objset_from_ds(ds, &ossnap)) != 0) {
2339 dsl_dataset_rele(ds, FTAG);
2342 if ((error = zfs_ioc_objset_stats_impl(zc, ossnap)) != 0) {
2343 dsl_dataset_rele(ds, FTAG);
2346 dsl_dataset_rele(ds, FTAG);
2350 dmu_objset_rele(os, FTAG);
2351 /* if we failed, undo the @ that we tacked on to zc_name */
2353 *strchr(zc->zc_name, '@') = '\0';
2358 zfs_prop_set_userquota(const char *dsname, nvpair_t *pair)
2360 const char *propname = nvpair_name(pair);
2362 unsigned int vallen;
2363 const char *dash, *domain;
2364 zfs_userquota_prop_t type;
2370 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2372 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2373 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2375 return (SET_ERROR(EINVAL));
2379 * A correctly constructed propname is encoded as
2380 * userquota@<rid>-<domain>.
2382 if ((dash = strchr(propname, '-')) == NULL ||
2383 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 ||
2385 return (SET_ERROR(EINVAL));
2392 err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE);
2394 err = zfs_set_userquota(zfsvfs, type, domain, rid, quota);
2395 zfsvfs_rele(zfsvfs, FTAG);
2402 * If the named property is one that has a special function to set its value,
2403 * return 0 on success and a positive error code on failure; otherwise if it is
2404 * not one of the special properties handled by this function, return -1.
2406 * XXX: It would be better for callers of the property interface if we handled
2407 * these special cases in dsl_prop.c (in the dsl layer).
2410 zfs_prop_set_special(const char *dsname, zprop_source_t source,
2413 const char *propname = nvpair_name(pair);
2414 zfs_prop_t prop = zfs_name_to_prop(propname);
2415 uint64_t intval = 0;
2416 const char *strval = NULL;
2419 if (prop == ZPROP_INVAL) {
2420 if (zfs_prop_userquota(propname))
2421 return (zfs_prop_set_userquota(dsname, pair));
2425 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2427 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2428 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2432 /* all special properties are numeric except for keylocation */
2433 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING) {
2434 strval = fnvpair_value_string(pair);
2436 intval = fnvpair_value_uint64(pair);
2440 case ZFS_PROP_QUOTA:
2441 err = dsl_dir_set_quota(dsname, source, intval);
2443 case ZFS_PROP_REFQUOTA:
2444 err = dsl_dataset_set_refquota(dsname, source, intval);
2446 case ZFS_PROP_FILESYSTEM_LIMIT:
2447 case ZFS_PROP_SNAPSHOT_LIMIT:
2448 if (intval == UINT64_MAX) {
2449 /* clearing the limit, just do it */
2452 err = dsl_dir_activate_fs_ss_limit(dsname);
2455 * Set err to -1 to force the zfs_set_prop_nvlist code down the
2456 * default path to set the value in the nvlist.
2461 case ZFS_PROP_KEYLOCATION:
2462 err = dsl_crypto_can_set_keylocation(dsname, strval);
2465 * Set err to -1 to force the zfs_set_prop_nvlist code down the
2466 * default path to set the value in the nvlist.
2471 case ZFS_PROP_RESERVATION:
2472 err = dsl_dir_set_reservation(dsname, source, intval);
2474 case ZFS_PROP_REFRESERVATION:
2475 err = dsl_dataset_set_refreservation(dsname, source, intval);
2477 case ZFS_PROP_COMPRESSION:
2478 err = dsl_dataset_set_compression(dsname, source, intval);
2480 * Set err to -1 to force the zfs_set_prop_nvlist code down the
2481 * default path to set the value in the nvlist.
2486 case ZFS_PROP_VOLSIZE:
2487 err = zvol_set_volsize(dsname, intval);
2489 case ZFS_PROP_SNAPDEV:
2490 err = zvol_set_snapdev(dsname, source, intval);
2492 case ZFS_PROP_VOLMODE:
2493 err = zvol_set_volmode(dsname, source, intval);
2495 case ZFS_PROP_VERSION:
2499 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0)
2502 err = zfs_set_version(zfsvfs, intval);
2503 zfsvfs_rele(zfsvfs, FTAG);
2505 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) {
2508 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
2509 (void) strlcpy(zc->zc_name, dsname,
2510 sizeof (zc->zc_name));
2511 (void) zfs_ioc_userspace_upgrade(zc);
2512 (void) zfs_ioc_id_quota_upgrade(zc);
2513 kmem_free(zc, sizeof (zfs_cmd_t));
2525 * This function is best effort. If it fails to set any of the given properties,
2526 * it continues to set as many as it can and returns the last error
2527 * encountered. If the caller provides a non-NULL errlist, it will be filled in
2528 * with the list of names of all the properties that failed along with the
2529 * corresponding error numbers.
2531 * If every property is set successfully, zero is returned and errlist is not
2535 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl,
2544 nvlist_t *genericnvl = fnvlist_alloc();
2545 nvlist_t *retrynvl = fnvlist_alloc();
2548 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2549 const char *propname = nvpair_name(pair);
2550 zfs_prop_t prop = zfs_name_to_prop(propname);
2553 /* decode the property value */
2555 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2557 attrs = fnvpair_value_nvlist(pair);
2558 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2560 err = SET_ERROR(EINVAL);
2563 /* Validate value type */
2564 if (err == 0 && source == ZPROP_SRC_INHERITED) {
2565 /* inherited properties are expected to be booleans */
2566 if (nvpair_type(propval) != DATA_TYPE_BOOLEAN)
2567 err = SET_ERROR(EINVAL);
2568 } else if (err == 0 && prop == ZPROP_INVAL) {
2569 if (zfs_prop_user(propname)) {
2570 if (nvpair_type(propval) != DATA_TYPE_STRING)
2571 err = SET_ERROR(EINVAL);
2572 } else if (zfs_prop_userquota(propname)) {
2573 if (nvpair_type(propval) !=
2574 DATA_TYPE_UINT64_ARRAY)
2575 err = SET_ERROR(EINVAL);
2577 err = SET_ERROR(EINVAL);
2579 } else if (err == 0) {
2580 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2581 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING)
2582 err = SET_ERROR(EINVAL);
2583 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) {
2586 intval = fnvpair_value_uint64(propval);
2588 switch (zfs_prop_get_type(prop)) {
2589 case PROP_TYPE_NUMBER:
2591 case PROP_TYPE_STRING:
2592 err = SET_ERROR(EINVAL);
2594 case PROP_TYPE_INDEX:
2595 if (zfs_prop_index_to_string(prop,
2596 intval, &unused) != 0)
2598 SET_ERROR(ZFS_ERR_BADPROP);
2602 "unknown property type");
2605 err = SET_ERROR(EINVAL);
2609 /* Validate permissions */
2611 err = zfs_check_settable(dsname, pair, CRED());
2614 if (source == ZPROP_SRC_INHERITED)
2615 err = -1; /* does not need special handling */
2617 err = zfs_prop_set_special(dsname, source,
2621 * For better performance we build up a list of
2622 * properties to set in a single transaction.
2624 err = nvlist_add_nvpair(genericnvl, pair);
2625 } else if (err != 0 && nvl != retrynvl) {
2627 * This may be a spurious error caused by
2628 * receiving quota and reservation out of order.
2629 * Try again in a second pass.
2631 err = nvlist_add_nvpair(retrynvl, pair);
2636 if (errlist != NULL)
2637 fnvlist_add_int32(errlist, propname, err);
2642 if (nvl != retrynvl && !nvlist_empty(retrynvl)) {
2647 if (!nvlist_empty(genericnvl) &&
2648 dsl_props_set(dsname, source, genericnvl) != 0) {
2650 * If this fails, we still want to set as many properties as we
2651 * can, so try setting them individually.
2654 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) {
2655 const char *propname = nvpair_name(pair);
2659 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2661 attrs = fnvpair_value_nvlist(pair);
2662 propval = fnvlist_lookup_nvpair(attrs,
2666 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2667 strval = fnvpair_value_string(propval);
2668 err = dsl_prop_set_string(dsname, propname,
2670 } else if (nvpair_type(propval) == DATA_TYPE_BOOLEAN) {
2671 err = dsl_prop_inherit(dsname, propname,
2674 intval = fnvpair_value_uint64(propval);
2675 err = dsl_prop_set_int(dsname, propname, source,
2680 if (errlist != NULL) {
2681 fnvlist_add_int32(errlist, propname,
2688 nvlist_free(genericnvl);
2689 nvlist_free(retrynvl);
2695 * Check that all the properties are valid user properties.
2698 zfs_check_userprops(nvlist_t *nvl)
2700 nvpair_t *pair = NULL;
2702 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2703 const char *propname = nvpair_name(pair);
2705 if (!zfs_prop_user(propname) ||
2706 nvpair_type(pair) != DATA_TYPE_STRING)
2707 return (SET_ERROR(EINVAL));
2709 if (strlen(propname) >= ZAP_MAXNAMELEN)
2710 return (SET_ERROR(ENAMETOOLONG));
2712 if (strlen(fnvpair_value_string(pair)) >= ZAP_MAXVALUELEN)
2713 return (SET_ERROR(E2BIG));
2719 props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops)
2723 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2726 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) {
2727 if (nvlist_exists(skipped, nvpair_name(pair)))
2730 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0);
2735 clear_received_props(const char *dsname, nvlist_t *props,
2739 nvlist_t *cleared_props = NULL;
2740 props_skip(props, skipped, &cleared_props);
2741 if (!nvlist_empty(cleared_props)) {
2743 * Acts on local properties until the dataset has received
2744 * properties at least once on or after SPA_VERSION_RECVD_PROPS.
2746 zprop_source_t flags = (ZPROP_SRC_NONE |
2747 (dsl_prop_get_hasrecvd(dsname) ? ZPROP_SRC_RECEIVED : 0));
2748 err = zfs_set_prop_nvlist(dsname, flags, cleared_props, NULL);
2750 nvlist_free(cleared_props);
2756 * zc_name name of filesystem
2757 * zc_value name of property to set
2758 * zc_nvlist_src{_size} nvlist of properties to apply
2759 * zc_cookie received properties flag
2762 * zc_nvlist_dst{_size} error for each unapplied received property
2765 zfs_ioc_set_prop(zfs_cmd_t *zc)
2768 boolean_t received = zc->zc_cookie;
2769 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED :
2774 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2775 zc->zc_iflags, &nvl)) != 0)
2779 nvlist_t *origprops;
2781 if (dsl_prop_get_received(zc->zc_name, &origprops) == 0) {
2782 (void) clear_received_props(zc->zc_name,
2784 nvlist_free(origprops);
2787 error = dsl_prop_set_hasrecvd(zc->zc_name);
2790 errors = fnvlist_alloc();
2792 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, errors);
2794 if (zc->zc_nvlist_dst != 0 && errors != NULL) {
2795 (void) put_nvlist(zc, errors);
2798 nvlist_free(errors);
2805 * zc_name name of filesystem
2806 * zc_value name of property to inherit
2807 * zc_cookie revert to received value if TRUE
2812 zfs_ioc_inherit_prop(zfs_cmd_t *zc)
2814 const char *propname = zc->zc_value;
2815 zfs_prop_t prop = zfs_name_to_prop(propname);
2816 boolean_t received = zc->zc_cookie;
2817 zprop_source_t source = (received
2818 ? ZPROP_SRC_NONE /* revert to received value, if any */
2819 : ZPROP_SRC_INHERITED); /* explicitly inherit */
2827 * Only check this in the non-received case. We want to allow
2828 * 'inherit -S' to revert non-inheritable properties like quota
2829 * and reservation to the received or default values even though
2830 * they are not considered inheritable.
2832 if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop))
2833 return (SET_ERROR(EINVAL));
2836 if (prop == ZPROP_INVAL) {
2837 if (!zfs_prop_user(propname))
2838 return (SET_ERROR(EINVAL));
2840 type = PROP_TYPE_STRING;
2841 } else if (prop == ZFS_PROP_VOLSIZE || prop == ZFS_PROP_VERSION) {
2842 return (SET_ERROR(EINVAL));
2844 type = zfs_prop_get_type(prop);
2848 * zfs_prop_set_special() expects properties in the form of an
2849 * nvpair with type info.
2851 dummy = fnvlist_alloc();
2854 case PROP_TYPE_STRING:
2855 VERIFY(0 == nvlist_add_string(dummy, propname, ""));
2857 case PROP_TYPE_NUMBER:
2858 case PROP_TYPE_INDEX:
2859 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0));
2862 err = SET_ERROR(EINVAL);
2866 pair = nvlist_next_nvpair(dummy, NULL);
2868 err = SET_ERROR(EINVAL);
2870 err = zfs_prop_set_special(zc->zc_name, source, pair);
2871 if (err == -1) /* property is not "special", needs handling */
2872 err = dsl_prop_inherit(zc->zc_name, zc->zc_value,
2882 zfs_ioc_pool_set_props(zfs_cmd_t *zc)
2889 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2890 zc->zc_iflags, &props)))
2894 * If the only property is the configfile, then just do a spa_lookup()
2895 * to handle the faulted case.
2897 pair = nvlist_next_nvpair(props, NULL);
2898 if (pair != NULL && strcmp(nvpair_name(pair),
2899 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 &&
2900 nvlist_next_nvpair(props, pair) == NULL) {
2901 mutex_enter(&spa_namespace_lock);
2902 if ((spa = spa_lookup(zc->zc_name)) != NULL) {
2903 spa_configfile_set(spa, props, B_FALSE);
2904 spa_write_cachefile(spa, B_FALSE, B_TRUE);
2906 mutex_exit(&spa_namespace_lock);
2913 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2918 error = spa_prop_set(spa, props);
2921 spa_close(spa, FTAG);
2927 zfs_ioc_pool_get_props(zfs_cmd_t *zc)
2931 nvlist_t *nvp = NULL;
2933 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2935 * If the pool is faulted, there may be properties we can still
2936 * get (such as altroot and cachefile), so attempt to get them
2939 mutex_enter(&spa_namespace_lock);
2940 if ((spa = spa_lookup(zc->zc_name)) != NULL)
2941 error = spa_prop_get(spa, &nvp);
2942 mutex_exit(&spa_namespace_lock);
2944 error = spa_prop_get(spa, &nvp);
2945 spa_close(spa, FTAG);
2948 if (error == 0 && zc->zc_nvlist_dst != 0)
2949 error = put_nvlist(zc, nvp);
2951 error = SET_ERROR(EFAULT);
2959 * zc_name name of filesystem
2960 * zc_nvlist_src{_size} nvlist of delegated permissions
2961 * zc_perm_action allow/unallow flag
2966 zfs_ioc_set_fsacl(zfs_cmd_t *zc)
2969 nvlist_t *fsaclnv = NULL;
2971 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2972 zc->zc_iflags, &fsaclnv)) != 0)
2976 * Verify nvlist is constructed correctly
2978 if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) {
2979 nvlist_free(fsaclnv);
2980 return (SET_ERROR(EINVAL));
2984 * If we don't have PRIV_SYS_MOUNT, then validate
2985 * that user is allowed to hand out each permission in
2989 error = secpolicy_zfs(CRED());
2991 if (zc->zc_perm_action == B_FALSE) {
2992 error = dsl_deleg_can_allow(zc->zc_name,
2995 error = dsl_deleg_can_unallow(zc->zc_name,
3001 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action);
3003 nvlist_free(fsaclnv);
3009 * zc_name name of filesystem
3012 * zc_nvlist_src{_size} nvlist of delegated permissions
3015 zfs_ioc_get_fsacl(zfs_cmd_t *zc)
3020 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) {
3021 error = put_nvlist(zc, nvp);
3030 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx)
3032 zfs_creat_t *zct = arg;
3034 zfs_create_fs(os, cr, zct->zct_zplprops, tx);
3037 #define ZFS_PROP_UNDEFINED ((uint64_t)-1)
3041 * os parent objset pointer (NULL if root fs)
3042 * fuids_ok fuids allowed in this version of the spa?
3043 * sa_ok SAs allowed in this version of the spa?
3044 * createprops list of properties requested by creator
3047 * zplprops values for the zplprops we attach to the master node object
3048 * is_ci true if requested file system will be purely case-insensitive
3050 * Determine the settings for utf8only, normalization and
3051 * casesensitivity. Specific values may have been requested by the
3052 * creator and/or we can inherit values from the parent dataset. If
3053 * the file system is of too early a vintage, a creator can not
3054 * request settings for these properties, even if the requested
3055 * setting is the default value. We don't actually want to create dsl
3056 * properties for these, so remove them from the source nvlist after
3060 zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver,
3061 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops,
3062 nvlist_t *zplprops, boolean_t *is_ci)
3064 uint64_t sense = ZFS_PROP_UNDEFINED;
3065 uint64_t norm = ZFS_PROP_UNDEFINED;
3066 uint64_t u8 = ZFS_PROP_UNDEFINED;
3069 ASSERT(zplprops != NULL);
3071 /* parent dataset must be a filesystem */
3072 if (os != NULL && os->os_phys->os_type != DMU_OST_ZFS)
3073 return (SET_ERROR(ZFS_ERR_WRONG_PARENT));
3076 * Pull out creator prop choices, if any.
3079 (void) nvlist_lookup_uint64(createprops,
3080 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver);
3081 (void) nvlist_lookup_uint64(createprops,
3082 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm);
3083 (void) nvlist_remove_all(createprops,
3084 zfs_prop_to_name(ZFS_PROP_NORMALIZE));
3085 (void) nvlist_lookup_uint64(createprops,
3086 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8);
3087 (void) nvlist_remove_all(createprops,
3088 zfs_prop_to_name(ZFS_PROP_UTF8ONLY));
3089 (void) nvlist_lookup_uint64(createprops,
3090 zfs_prop_to_name(ZFS_PROP_CASE), &sense);
3091 (void) nvlist_remove_all(createprops,
3092 zfs_prop_to_name(ZFS_PROP_CASE));
3096 * If the zpl version requested is whacky or the file system
3097 * or pool is version is too "young" to support normalization
3098 * and the creator tried to set a value for one of the props,
3101 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) ||
3102 (zplver >= ZPL_VERSION_FUID && !fuids_ok) ||
3103 (zplver >= ZPL_VERSION_SA && !sa_ok) ||
3104 (zplver < ZPL_VERSION_NORMALIZATION &&
3105 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED ||
3106 sense != ZFS_PROP_UNDEFINED)))
3107 return (SET_ERROR(ENOTSUP));
3110 * Put the version in the zplprops
3112 VERIFY(nvlist_add_uint64(zplprops,
3113 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0);
3115 if (norm == ZFS_PROP_UNDEFINED &&
3116 (error = zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm)) != 0)
3118 VERIFY(nvlist_add_uint64(zplprops,
3119 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0);
3122 * If we're normalizing, names must always be valid UTF-8 strings.
3126 if (u8 == ZFS_PROP_UNDEFINED &&
3127 (error = zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8)) != 0)
3129 VERIFY(nvlist_add_uint64(zplprops,
3130 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0);
3132 if (sense == ZFS_PROP_UNDEFINED &&
3133 (error = zfs_get_zplprop(os, ZFS_PROP_CASE, &sense)) != 0)
3135 VERIFY(nvlist_add_uint64(zplprops,
3136 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0);
3139 *is_ci = (sense == ZFS_CASE_INSENSITIVE);
3145 zfs_fill_zplprops(const char *dataset, nvlist_t *createprops,
3146 nvlist_t *zplprops, boolean_t *is_ci)
3148 boolean_t fuids_ok, sa_ok;
3149 uint64_t zplver = ZPL_VERSION;
3150 objset_t *os = NULL;
3151 char parentname[ZFS_MAX_DATASET_NAME_LEN];
3156 zfs_get_parent(dataset, parentname, sizeof (parentname));
3158 if ((error = spa_open(dataset, &spa, FTAG)) != 0)
3161 spa_vers = spa_version(spa);
3162 spa_close(spa, FTAG);
3164 zplver = zfs_zpl_version_map(spa_vers);
3165 fuids_ok = (zplver >= ZPL_VERSION_FUID);
3166 sa_ok = (zplver >= ZPL_VERSION_SA);
3169 * Open parent object set so we can inherit zplprop values.
3171 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0)
3174 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops,
3176 dmu_objset_rele(os, FTAG);
3181 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops,
3182 nvlist_t *zplprops, boolean_t *is_ci)
3186 uint64_t zplver = ZPL_VERSION;
3189 zplver = zfs_zpl_version_map(spa_vers);
3190 fuids_ok = (zplver >= ZPL_VERSION_FUID);
3191 sa_ok = (zplver >= ZPL_VERSION_SA);
3193 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok,
3194 createprops, zplprops, is_ci);
3200 * "type" -> dmu_objset_type_t (int32)
3201 * (optional) "props" -> { prop -> value }
3202 * (optional) "hidden_args" -> { "wkeydata" -> value }
3203 * raw uint8_t array of encryption wrapping key data (32 bytes)
3206 * outnvl: propname -> error code (int32)
3209 static const zfs_ioc_key_t zfs_keys_create[] = {
3210 {"type", DATA_TYPE_INT32, 0},
3211 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3212 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3216 zfs_ioc_create(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3219 zfs_creat_t zct = { 0 };
3220 nvlist_t *nvprops = NULL;
3221 nvlist_t *hidden_args = NULL;
3222 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx);
3223 dmu_objset_type_t type;
3224 boolean_t is_insensitive = B_FALSE;
3225 dsl_crypto_params_t *dcp = NULL;
3227 type = (dmu_objset_type_t)fnvlist_lookup_int32(innvl, "type");
3228 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3229 (void) nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args);
3233 cbfunc = zfs_create_cb;
3237 cbfunc = zvol_create_cb;
3244 if (strchr(fsname, '@') ||
3245 strchr(fsname, '%'))
3246 return (SET_ERROR(EINVAL));
3248 zct.zct_props = nvprops;
3251 return (SET_ERROR(EINVAL));
3253 if (type == DMU_OST_ZVOL) {
3254 uint64_t volsize, volblocksize;
3256 if (nvprops == NULL)
3257 return (SET_ERROR(EINVAL));
3258 if (nvlist_lookup_uint64(nvprops,
3259 zfs_prop_to_name(ZFS_PROP_VOLSIZE), &volsize) != 0)
3260 return (SET_ERROR(EINVAL));
3262 if ((error = nvlist_lookup_uint64(nvprops,
3263 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
3264 &volblocksize)) != 0 && error != ENOENT)
3265 return (SET_ERROR(EINVAL));
3268 volblocksize = zfs_prop_default_numeric(
3269 ZFS_PROP_VOLBLOCKSIZE);
3271 if ((error = zvol_check_volblocksize(fsname,
3272 volblocksize)) != 0 ||
3273 (error = zvol_check_volsize(volsize,
3274 volblocksize)) != 0)
3276 } else if (type == DMU_OST_ZFS) {
3280 * We have to have normalization and
3281 * case-folding flags correct when we do the
3282 * file system creation, so go figure them out
3285 VERIFY(nvlist_alloc(&zct.zct_zplprops,
3286 NV_UNIQUE_NAME, KM_SLEEP) == 0);
3287 error = zfs_fill_zplprops(fsname, nvprops,
3288 zct.zct_zplprops, &is_insensitive);
3290 nvlist_free(zct.zct_zplprops);
3295 error = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, nvprops,
3298 nvlist_free(zct.zct_zplprops);
3302 error = dmu_objset_create(fsname, type,
3303 is_insensitive ? DS_FLAG_CI_DATASET : 0, dcp, cbfunc, &zct);
3305 nvlist_free(zct.zct_zplprops);
3306 dsl_crypto_params_free(dcp, !!error);
3309 * It would be nice to do this atomically.
3312 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3319 * Volumes will return EBUSY and cannot be destroyed
3320 * until all asynchronous minor handling (e.g. from
3321 * setting the volmode property) has completed. Wait for
3322 * the spa_zvol_taskq to drain then retry.
3324 error2 = dsl_destroy_head(fsname);
3325 while ((error2 == EBUSY) && (type == DMU_OST_ZVOL)) {
3326 error2 = spa_open(fsname, &spa, FTAG);
3328 taskq_wait(spa->spa_zvol_taskq);
3329 spa_close(spa, FTAG);
3331 error2 = dsl_destroy_head(fsname);
3340 * "origin" -> name of origin snapshot
3341 * (optional) "props" -> { prop -> value }
3342 * (optional) "hidden_args" -> { "wkeydata" -> value }
3343 * raw uint8_t array of encryption wrapping key data (32 bytes)
3347 * outnvl: propname -> error code (int32)
3349 static const zfs_ioc_key_t zfs_keys_clone[] = {
3350 {"origin", DATA_TYPE_STRING, 0},
3351 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3352 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3356 zfs_ioc_clone(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3359 nvlist_t *nvprops = NULL;
3360 const char *origin_name;
3362 origin_name = fnvlist_lookup_string(innvl, "origin");
3363 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3365 if (strchr(fsname, '@') ||
3366 strchr(fsname, '%'))
3367 return (SET_ERROR(EINVAL));
3369 if (dataset_namecheck(origin_name, NULL, NULL) != 0)
3370 return (SET_ERROR(EINVAL));
3372 error = dmu_objset_clone(fsname, origin_name);
3375 * It would be nice to do this atomically.
3378 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3381 (void) dsl_destroy_head(fsname);
3386 static const zfs_ioc_key_t zfs_keys_remap[] = {
3392 zfs_ioc_remap(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3394 /* This IOCTL is no longer supported. */
3400 * "snaps" -> { snapshot1, snapshot2 }
3401 * (optional) "props" -> { prop -> value (string) }
3404 * outnvl: snapshot -> error code (int32)
3406 static const zfs_ioc_key_t zfs_keys_snapshot[] = {
3407 {"snaps", DATA_TYPE_NVLIST, 0},
3408 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3412 zfs_ioc_snapshot(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3415 nvlist_t *props = NULL;
3419 (void) nvlist_lookup_nvlist(innvl, "props", &props);
3420 if (!nvlist_empty(props) &&
3421 zfs_earlier_version(poolname, SPA_VERSION_SNAP_PROPS))
3422 return (SET_ERROR(ENOTSUP));
3423 if ((error = zfs_check_userprops(props)) != 0)
3426 snaps = fnvlist_lookup_nvlist(innvl, "snaps");
3427 poollen = strlen(poolname);
3428 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3429 pair = nvlist_next_nvpair(snaps, pair)) {
3430 const char *name = nvpair_name(pair);
3431 char *cp = strchr(name, '@');
3434 * The snap name must contain an @, and the part after it must
3435 * contain only valid characters.
3438 zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
3439 return (SET_ERROR(EINVAL));
3442 * The snap must be in the specified pool.
3444 if (strncmp(name, poolname, poollen) != 0 ||
3445 (name[poollen] != '/' && name[poollen] != '@'))
3446 return (SET_ERROR(EXDEV));
3449 * Check for permission to set the properties on the fs.
3451 if (!nvlist_empty(props)) {
3453 error = zfs_secpolicy_write_perms(name,
3454 ZFS_DELEG_PERM_USERPROP, CRED());
3460 /* This must be the only snap of this fs. */
3461 for (nvpair_t *pair2 = nvlist_next_nvpair(snaps, pair);
3462 pair2 != NULL; pair2 = nvlist_next_nvpair(snaps, pair2)) {
3463 if (strncmp(name, nvpair_name(pair2), cp - name + 1)
3465 return (SET_ERROR(EXDEV));
3470 error = dsl_dataset_snapshot(snaps, props, outnvl);
3476 * innvl: "message" -> string
3478 static const zfs_ioc_key_t zfs_keys_log_history[] = {
3479 {"message", DATA_TYPE_STRING, 0},
3484 zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl)
3486 const char *message;
3492 * The poolname in the ioctl is not set, we get it from the TSD,
3493 * which was set at the end of the last successful ioctl that allows
3494 * logging. The secpolicy func already checked that it is set.
3495 * Only one log ioctl is allowed after each successful ioctl, so
3496 * we clear the TSD here.
3498 poolname = tsd_get(zfs_allow_log_key);
3499 if (poolname == NULL)
3500 return (SET_ERROR(EINVAL));
3501 (void) tsd_set(zfs_allow_log_key, NULL);
3502 error = spa_open(poolname, &spa, FTAG);
3503 kmem_strfree(poolname);
3507 message = fnvlist_lookup_string(innvl, "message");
3509 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
3510 spa_close(spa, FTAG);
3511 return (SET_ERROR(ENOTSUP));
3514 error = spa_history_log(spa, message);
3515 spa_close(spa, FTAG);
3520 * This ioctl is used to set the bootenv configuration on the current
3521 * pool. This configuration is stored in the second padding area of the label,
3522 * and it is used by the bootloader(s) to store the bootloader and/or system
3524 * The data is stored as nvlist data stream, and is protected by
3525 * an embedded checksum.
3526 * The version can have two possible values:
3527 * VB_RAW: nvlist should have key GRUB_ENVMAP, value DATA_TYPE_STRING.
3528 * VB_NVLIST: nvlist with arbitrary <key, value> pairs.
3530 static const zfs_ioc_key_t zfs_keys_set_bootenv[] = {
3531 {"version", DATA_TYPE_UINT64, 0},
3532 {"<keys>", DATA_TYPE_ANY, ZK_OPTIONAL | ZK_WILDCARDLIST},
3536 zfs_ioc_set_bootenv(const char *name, nvlist_t *innvl, nvlist_t *outnvl)
3541 if ((error = spa_open(name, &spa, FTAG)) != 0)
3543 spa_vdev_state_enter(spa, SCL_ALL);
3544 error = vdev_label_write_bootenv(spa->spa_root_vdev, innvl);
3545 (void) spa_vdev_state_exit(spa, NULL, 0);
3546 spa_close(spa, FTAG);
3550 static const zfs_ioc_key_t zfs_keys_get_bootenv[] = {
3555 zfs_ioc_get_bootenv(const char *name, nvlist_t *innvl, nvlist_t *outnvl)
3560 if ((error = spa_open(name, &spa, FTAG)) != 0)
3562 spa_vdev_state_enter(spa, SCL_ALL);
3563 error = vdev_label_read_bootenv(spa->spa_root_vdev, outnvl);
3564 (void) spa_vdev_state_exit(spa, NULL, 0);
3565 spa_close(spa, FTAG);
3570 * The dp_config_rwlock must not be held when calling this, because the
3571 * unmount may need to write out data.
3573 * This function is best-effort. Callers must deal gracefully if it
3574 * remains mounted (or is remounted after this call).
3576 * Returns 0 if the argument is not a snapshot, or it is not currently a
3577 * filesystem, or we were able to unmount it. Returns error code otherwise.
3580 zfs_unmount_snap(const char *snapname)
3582 if (strchr(snapname, '@') == NULL)
3585 (void) zfsctl_snapshot_unmount(snapname, MNT_FORCE);
3590 zfs_unmount_snap_cb(const char *snapname, void *arg)
3592 zfs_unmount_snap(snapname);
3597 * When a clone is destroyed, its origin may also need to be destroyed,
3598 * in which case it must be unmounted. This routine will do that unmount
3602 zfs_destroy_unmount_origin(const char *fsname)
3608 error = dmu_objset_hold(fsname, FTAG, &os);
3611 ds = dmu_objset_ds(os);
3612 if (dsl_dir_is_clone(ds->ds_dir) && DS_IS_DEFER_DESTROY(ds->ds_prev)) {
3613 char originname[ZFS_MAX_DATASET_NAME_LEN];
3614 dsl_dataset_name(ds->ds_prev, originname);
3615 dmu_objset_rele(os, FTAG);
3616 zfs_unmount_snap(originname);
3618 dmu_objset_rele(os, FTAG);
3624 * "snaps" -> { snapshot1, snapshot2 }
3625 * (optional boolean) "defer"
3628 * outnvl: snapshot -> error code (int32)
3630 static const zfs_ioc_key_t zfs_keys_destroy_snaps[] = {
3631 {"snaps", DATA_TYPE_NVLIST, 0},
3632 {"defer", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
3637 zfs_ioc_destroy_snaps(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3645 snaps = fnvlist_lookup_nvlist(innvl, "snaps");
3646 defer = nvlist_exists(innvl, "defer");
3648 poollen = strlen(poolname);
3649 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3650 pair = nvlist_next_nvpair(snaps, pair)) {
3651 const char *name = nvpair_name(pair);
3654 * The snap must be in the specified pool to prevent the
3655 * invalid removal of zvol minors below.
3657 if (strncmp(name, poolname, poollen) != 0 ||
3658 (name[poollen] != '/' && name[poollen] != '@'))
3659 return (SET_ERROR(EXDEV));
3661 zfs_unmount_snap(nvpair_name(pair));
3662 if (spa_open(name, &spa, FTAG) == 0) {
3663 zvol_remove_minors(spa, name, B_TRUE);
3664 spa_close(spa, FTAG);
3668 return (dsl_destroy_snapshots_nvl(snaps, defer, outnvl));
3672 * Create bookmarks. The bookmark names are of the form <fs>#<bmark>.
3673 * All bookmarks and snapshots must be in the same pool.
3674 * dsl_bookmark_create_nvl_validate describes the nvlist schema in more detail.
3677 * new_bookmark1 -> existing_snapshot,
3678 * new_bookmark2 -> existing_bookmark,
3681 * outnvl: bookmark -> error code (int32)
3684 static const zfs_ioc_key_t zfs_keys_bookmark[] = {
3685 {"<bookmark>...", DATA_TYPE_STRING, ZK_WILDCARDLIST},
3690 zfs_ioc_bookmark(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3692 return (dsl_bookmark_create(innvl, outnvl));
3697 * property 1, property 2, ...
3701 * bookmark name 1 -> { property 1, property 2, ... },
3702 * bookmark name 2 -> { property 1, property 2, ... }
3706 static const zfs_ioc_key_t zfs_keys_get_bookmarks[] = {
3707 {"<property>...", DATA_TYPE_BOOLEAN, ZK_WILDCARDLIST | ZK_OPTIONAL},
3711 zfs_ioc_get_bookmarks(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3713 return (dsl_get_bookmarks(fsname, innvl, outnvl));
3717 * innvl is not used.
3720 * property 1, property 2, ...
3724 static const zfs_ioc_key_t zfs_keys_get_bookmark_props[] = {
3730 zfs_ioc_get_bookmark_props(const char *bookmark, nvlist_t *innvl,
3733 char fsname[ZFS_MAX_DATASET_NAME_LEN];
3736 bmname = strchr(bookmark, '#');
3738 return (SET_ERROR(EINVAL));
3741 (void) strlcpy(fsname, bookmark, sizeof (fsname));
3742 *(strchr(fsname, '#')) = '\0';
3744 return (dsl_get_bookmark_props(fsname, bmname, outnvl));
3749 * bookmark name 1, bookmark name 2
3752 * outnvl: bookmark -> error code (int32)
3755 static const zfs_ioc_key_t zfs_keys_destroy_bookmarks[] = {
3756 {"<bookmark>...", DATA_TYPE_BOOLEAN, ZK_WILDCARDLIST},
3760 zfs_ioc_destroy_bookmarks(const char *poolname, nvlist_t *innvl,
3765 poollen = strlen(poolname);
3766 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL);
3767 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
3768 const char *name = nvpair_name(pair);
3769 const char *cp = strchr(name, '#');
3772 * The bookmark name must contain an #, and the part after it
3773 * must contain only valid characters.
3776 zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
3777 return (SET_ERROR(EINVAL));
3780 * The bookmark must be in the specified pool.
3782 if (strncmp(name, poolname, poollen) != 0 ||
3783 (name[poollen] != '/' && name[poollen] != '#'))
3784 return (SET_ERROR(EXDEV));
3787 error = dsl_bookmark_destroy(innvl, outnvl);
3791 static const zfs_ioc_key_t zfs_keys_channel_program[] = {
3792 {"program", DATA_TYPE_STRING, 0},
3793 {"arg", DATA_TYPE_ANY, 0},
3794 {"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
3795 {"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
3796 {"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
3800 zfs_ioc_channel_program(const char *poolname, nvlist_t *innvl,
3804 uint64_t instrlimit, memlimit;
3805 boolean_t sync_flag;
3806 nvpair_t *nvarg = NULL;
3808 program = fnvlist_lookup_string(innvl, ZCP_ARG_PROGRAM);
3809 if (0 != nvlist_lookup_boolean_value(innvl, ZCP_ARG_SYNC, &sync_flag)) {
3812 if (0 != nvlist_lookup_uint64(innvl, ZCP_ARG_INSTRLIMIT, &instrlimit)) {
3813 instrlimit = ZCP_DEFAULT_INSTRLIMIT;
3815 if (0 != nvlist_lookup_uint64(innvl, ZCP_ARG_MEMLIMIT, &memlimit)) {
3816 memlimit = ZCP_DEFAULT_MEMLIMIT;
3818 nvarg = fnvlist_lookup_nvpair(innvl, ZCP_ARG_ARGLIST);
3820 if (instrlimit == 0 || instrlimit > zfs_lua_max_instrlimit)
3821 return (SET_ERROR(EINVAL));
3822 if (memlimit == 0 || memlimit > zfs_lua_max_memlimit)
3823 return (SET_ERROR(EINVAL));
3825 return (zcp_eval(poolname, program, sync_flag, instrlimit, memlimit,
3833 static const zfs_ioc_key_t zfs_keys_pool_checkpoint[] = {
3839 zfs_ioc_pool_checkpoint(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3841 return (spa_checkpoint(poolname));
3848 static const zfs_ioc_key_t zfs_keys_pool_discard_checkpoint[] = {
3854 zfs_ioc_pool_discard_checkpoint(const char *poolname, nvlist_t *innvl,
3857 return (spa_checkpoint_discard(poolname));
3862 * zc_name name of dataset to destroy
3863 * zc_defer_destroy mark for deferred destroy
3868 zfs_ioc_destroy(zfs_cmd_t *zc)
3871 dmu_objset_type_t ost;
3874 err = dmu_objset_hold(zc->zc_name, FTAG, &os);
3877 ost = dmu_objset_type(os);
3878 dmu_objset_rele(os, FTAG);
3880 if (ost == DMU_OST_ZFS)
3881 zfs_unmount_snap(zc->zc_name);
3883 if (strchr(zc->zc_name, '@')) {
3884 err = dsl_destroy_snapshot(zc->zc_name, zc->zc_defer_destroy);
3886 err = dsl_destroy_head(zc->zc_name);
3887 if (err == EEXIST) {
3889 * It is possible that the given DS may have
3890 * hidden child (%recv) datasets - "leftovers"
3891 * resulting from the previously interrupted
3894 * 6 extra bytes for /%recv
3896 char namebuf[ZFS_MAX_DATASET_NAME_LEN + 6];
3898 if (snprintf(namebuf, sizeof (namebuf), "%s/%s",
3899 zc->zc_name, recv_clone_name) >=
3901 return (SET_ERROR(EINVAL));
3904 * Try to remove the hidden child (%recv) and after
3905 * that try to remove the target dataset.
3906 * If the hidden child (%recv) does not exist
3907 * the original error (EEXIST) will be returned
3909 err = dsl_destroy_head(namebuf);
3911 err = dsl_destroy_head(zc->zc_name);
3912 else if (err == ENOENT)
3913 err = SET_ERROR(EEXIST);
3922 * "initialize_command" -> POOL_INITIALIZE_{CANCEL|START|SUSPEND} (uint64)
3923 * "initialize_vdevs": { -> guids to initialize (nvlist)
3924 * "vdev_path_1": vdev_guid_1, (uint64),
3925 * "vdev_path_2": vdev_guid_2, (uint64),
3931 * "initialize_vdevs": { -> initialization errors (nvlist)
3932 * "vdev_path_1": errno, see function body for possible errnos (uint64)
3933 * "vdev_path_2": errno, ... (uint64)
3938 * EINVAL is returned for an unknown commands or if any of the provided vdev
3939 * guids have be specified with a type other than uint64.
3941 static const zfs_ioc_key_t zfs_keys_pool_initialize[] = {
3942 {ZPOOL_INITIALIZE_COMMAND, DATA_TYPE_UINT64, 0},
3943 {ZPOOL_INITIALIZE_VDEVS, DATA_TYPE_NVLIST, 0}
3947 zfs_ioc_pool_initialize(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3950 if (nvlist_lookup_uint64(innvl, ZPOOL_INITIALIZE_COMMAND,
3952 return (SET_ERROR(EINVAL));
3955 if (!(cmd_type == POOL_INITIALIZE_CANCEL ||
3956 cmd_type == POOL_INITIALIZE_START ||
3957 cmd_type == POOL_INITIALIZE_SUSPEND)) {
3958 return (SET_ERROR(EINVAL));
3961 nvlist_t *vdev_guids;
3962 if (nvlist_lookup_nvlist(innvl, ZPOOL_INITIALIZE_VDEVS,
3963 &vdev_guids) != 0) {
3964 return (SET_ERROR(EINVAL));
3967 for (nvpair_t *pair = nvlist_next_nvpair(vdev_guids, NULL);
3968 pair != NULL; pair = nvlist_next_nvpair(vdev_guids, pair)) {
3970 if (nvpair_value_uint64(pair, &vdev_guid) != 0) {
3971 return (SET_ERROR(EINVAL));
3976 int error = spa_open(poolname, &spa, FTAG);
3980 nvlist_t *vdev_errlist = fnvlist_alloc();
3981 int total_errors = spa_vdev_initialize(spa, vdev_guids, cmd_type,
3984 if (fnvlist_size(vdev_errlist) > 0) {
3985 fnvlist_add_nvlist(outnvl, ZPOOL_INITIALIZE_VDEVS,
3988 fnvlist_free(vdev_errlist);
3990 spa_close(spa, FTAG);
3991 return (total_errors > 0 ? SET_ERROR(EINVAL) : 0);
3996 * "trim_command" -> POOL_TRIM_{CANCEL|START|SUSPEND} (uint64)
3997 * "trim_vdevs": { -> guids to TRIM (nvlist)
3998 * "vdev_path_1": vdev_guid_1, (uint64),
3999 * "vdev_path_2": vdev_guid_2, (uint64),
4002 * "trim_rate" -> Target TRIM rate in bytes/sec.
4003 * "trim_secure" -> Set to request a secure TRIM.
4007 * "trim_vdevs": { -> TRIM errors (nvlist)
4008 * "vdev_path_1": errno, see function body for possible errnos (uint64)
4009 * "vdev_path_2": errno, ... (uint64)
4014 * EINVAL is returned for an unknown commands or if any of the provided vdev
4015 * guids have be specified with a type other than uint64.
4017 static const zfs_ioc_key_t zfs_keys_pool_trim[] = {
4018 {ZPOOL_TRIM_COMMAND, DATA_TYPE_UINT64, 0},
4019 {ZPOOL_TRIM_VDEVS, DATA_TYPE_NVLIST, 0},
4020 {ZPOOL_TRIM_RATE, DATA_TYPE_UINT64, ZK_OPTIONAL},
4021 {ZPOOL_TRIM_SECURE, DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
4025 zfs_ioc_pool_trim(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
4028 if (nvlist_lookup_uint64(innvl, ZPOOL_TRIM_COMMAND, &cmd_type) != 0)
4029 return (SET_ERROR(EINVAL));
4031 if (!(cmd_type == POOL_TRIM_CANCEL ||
4032 cmd_type == POOL_TRIM_START ||
4033 cmd_type == POOL_TRIM_SUSPEND)) {
4034 return (SET_ERROR(EINVAL));
4037 nvlist_t *vdev_guids;
4038 if (nvlist_lookup_nvlist(innvl, ZPOOL_TRIM_VDEVS, &vdev_guids) != 0)
4039 return (SET_ERROR(EINVAL));
4041 for (nvpair_t *pair = nvlist_next_nvpair(vdev_guids, NULL);
4042 pair != NULL; pair = nvlist_next_nvpair(vdev_guids, pair)) {
4044 if (nvpair_value_uint64(pair, &vdev_guid) != 0) {
4045 return (SET_ERROR(EINVAL));
4049 /* Optional, defaults to maximum rate when not provided */
4051 if (nvlist_lookup_uint64(innvl, ZPOOL_TRIM_RATE, &rate) != 0)
4054 /* Optional, defaults to standard TRIM when not provided */
4056 if (nvlist_lookup_boolean_value(innvl, ZPOOL_TRIM_SECURE,
4062 int error = spa_open(poolname, &spa, FTAG);
4066 nvlist_t *vdev_errlist = fnvlist_alloc();
4067 int total_errors = spa_vdev_trim(spa, vdev_guids, cmd_type,
4068 rate, !!zfs_trim_metaslab_skip, secure, vdev_errlist);
4070 if (fnvlist_size(vdev_errlist) > 0)
4071 fnvlist_add_nvlist(outnvl, ZPOOL_TRIM_VDEVS, vdev_errlist);
4073 fnvlist_free(vdev_errlist);
4075 spa_close(spa, FTAG);
4076 return (total_errors > 0 ? SET_ERROR(EINVAL) : 0);
4080 * This ioctl waits for activity of a particular type to complete. If there is
4081 * no activity of that type in progress, it returns immediately, and the
4082 * returned value "waited" is false. If there is activity in progress, and no
4083 * tag is passed in, the ioctl blocks until all activity of that type is
4084 * complete, and then returns with "waited" set to true.
4086 * If a tag is provided, it identifies a particular instance of an activity to
4087 * wait for. Currently, this is only valid for use with 'initialize', because
4088 * that is the only activity for which there can be multiple instances running
4089 * concurrently. In the case of 'initialize', the tag corresponds to the guid of
4090 * the vdev on which to wait.
4092 * If a thread waiting in the ioctl receives a signal, the call will return
4093 * immediately, and the return value will be EINTR.
4096 * "wait_activity" -> int32_t
4097 * (optional) "wait_tag" -> uint64_t
4100 * outnvl: "waited" -> boolean_t
4102 static const zfs_ioc_key_t zfs_keys_pool_wait[] = {
4103 {ZPOOL_WAIT_ACTIVITY, DATA_TYPE_INT32, 0},
4104 {ZPOOL_WAIT_TAG, DATA_TYPE_UINT64, ZK_OPTIONAL},
4108 zfs_ioc_wait(const char *name, nvlist_t *innvl, nvlist_t *outnvl)
4115 if (nvlist_lookup_int32(innvl, ZPOOL_WAIT_ACTIVITY, &activity) != 0)
4118 if (nvlist_lookup_uint64(innvl, ZPOOL_WAIT_TAG, &tag) == 0)
4119 error = spa_wait_tag(name, activity, tag, &waited);
4121 error = spa_wait(name, activity, &waited);
4124 fnvlist_add_boolean_value(outnvl, ZPOOL_WAIT_WAITED, waited);
4130 * This ioctl waits for activity of a particular type to complete. If there is
4131 * no activity of that type in progress, it returns immediately, and the
4132 * returned value "waited" is false. If there is activity in progress, and no
4133 * tag is passed in, the ioctl blocks until all activity of that type is
4134 * complete, and then returns with "waited" set to true.
4136 * If a thread waiting in the ioctl receives a signal, the call will return
4137 * immediately, and the return value will be EINTR.
4140 * "wait_activity" -> int32_t
4143 * outnvl: "waited" -> boolean_t
4145 static const zfs_ioc_key_t zfs_keys_fs_wait[] = {
4146 {ZFS_WAIT_ACTIVITY, DATA_TYPE_INT32, 0},
4150 zfs_ioc_wait_fs(const char *name, nvlist_t *innvl, nvlist_t *outnvl)
4153 boolean_t waited = B_FALSE;
4159 if (nvlist_lookup_int32(innvl, ZFS_WAIT_ACTIVITY, &activity) != 0)
4160 return (SET_ERROR(EINVAL));
4162 if (activity >= ZFS_WAIT_NUM_ACTIVITIES || activity < 0)
4163 return (SET_ERROR(EINVAL));
4165 if ((error = dsl_pool_hold(name, FTAG, &dp)) != 0)
4168 if ((error = dsl_dataset_hold(dp, name, FTAG, &ds)) != 0) {
4169 dsl_pool_rele(dp, FTAG);
4174 mutex_enter(&dd->dd_activity_lock);
4175 dd->dd_activity_waiters++;
4178 * We get a long-hold here so that the dsl_dataset_t and dsl_dir_t
4179 * aren't evicted while we're waiting. Normally this is prevented by
4180 * holding the pool, but we can't do that while we're waiting since
4181 * that would prevent TXGs from syncing out. Some of the functionality
4182 * of long-holds (e.g. preventing deletion) is unnecessary for this
4183 * case, since we would cancel the waiters before proceeding with a
4184 * deletion. An alternative mechanism for keeping the dataset around
4185 * could be developed but this is simpler.
4187 dsl_dataset_long_hold(ds, FTAG);
4188 dsl_pool_rele(dp, FTAG);
4190 error = dsl_dir_wait(dd, ds, activity, &waited);
4192 dsl_dataset_long_rele(ds, FTAG);
4193 dd->dd_activity_waiters--;
4194 if (dd->dd_activity_waiters == 0)
4195 cv_signal(&dd->dd_activity_cv);
4196 mutex_exit(&dd->dd_activity_lock);
4198 dsl_dataset_rele(ds, FTAG);
4201 fnvlist_add_boolean_value(outnvl, ZFS_WAIT_WAITED, waited);
4207 * fsname is name of dataset to rollback (to most recent snapshot)
4209 * innvl may contain name of expected target snapshot
4211 * outnvl: "target" -> name of most recent snapshot
4214 static const zfs_ioc_key_t zfs_keys_rollback[] = {
4215 {"target", DATA_TYPE_STRING, ZK_OPTIONAL},
4220 zfs_ioc_rollback(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
4223 zvol_state_handle_t *zv;
4224 char *target = NULL;
4227 (void) nvlist_lookup_string(innvl, "target", &target);
4228 if (target != NULL) {
4229 const char *cp = strchr(target, '@');
4232 * The snap name must contain an @, and the part after it must
4233 * contain only valid characters.
4236 zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
4237 return (SET_ERROR(EINVAL));
4240 if (getzfsvfs(fsname, &zfsvfs) == 0) {
4243 ds = dmu_objset_ds(zfsvfs->z_os);
4244 error = zfs_suspend_fs(zfsvfs);
4248 error = dsl_dataset_rollback(fsname, target, zfsvfs,
4250 resume_err = zfs_resume_fs(zfsvfs, ds);
4251 error = error ? error : resume_err;
4253 zfs_vfs_rele(zfsvfs);
4254 } else if ((zv = zvol_suspend(fsname)) != NULL) {
4255 error = dsl_dataset_rollback(fsname, target, zvol_tag(zv),
4259 error = dsl_dataset_rollback(fsname, target, NULL, outnvl);
4265 recursive_unmount(const char *fsname, void *arg)
4267 const char *snapname = arg;
4270 fullname = kmem_asprintf("%s@%s", fsname, snapname);
4271 zfs_unmount_snap(fullname);
4272 kmem_strfree(fullname);
4279 * snapname is the snapshot to redact.
4281 * "bookname" -> (string)
4282 * shortname of the redaction bookmark to generate
4283 * "snapnv" -> (nvlist, values ignored)
4284 * snapshots to redact snapname with respect to
4291 static const zfs_ioc_key_t zfs_keys_redact[] = {
4292 {"bookname", DATA_TYPE_STRING, 0},
4293 {"snapnv", DATA_TYPE_NVLIST, 0},
4296 zfs_ioc_redact(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
4298 nvlist_t *redactnvl = NULL;
4299 char *redactbook = NULL;
4301 if (nvlist_lookup_nvlist(innvl, "snapnv", &redactnvl) != 0)
4302 return (SET_ERROR(EINVAL));
4303 if (fnvlist_num_pairs(redactnvl) == 0)
4304 return (SET_ERROR(ENXIO));
4305 if (nvlist_lookup_string(innvl, "bookname", &redactbook) != 0)
4306 return (SET_ERROR(EINVAL));
4308 return (dmu_redact_snap(snapname, redactnvl, redactbook));
4313 * zc_name old name of dataset
4314 * zc_value new name of dataset
4315 * zc_cookie recursive flag (only valid for snapshots)
4320 zfs_ioc_rename(zfs_cmd_t *zc)
4323 dmu_objset_type_t ost;
4324 boolean_t recursive = zc->zc_cookie & 1;
4325 boolean_t nounmount = !!(zc->zc_cookie & 2);
4329 /* "zfs rename" from and to ...%recv datasets should both fail */
4330 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
4331 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
4332 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0 ||
4333 dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
4334 strchr(zc->zc_name, '%') || strchr(zc->zc_value, '%'))
4335 return (SET_ERROR(EINVAL));
4337 err = dmu_objset_hold(zc->zc_name, FTAG, &os);
4340 ost = dmu_objset_type(os);
4341 dmu_objset_rele(os, FTAG);
4343 at = strchr(zc->zc_name, '@');
4345 /* snaps must be in same fs */
4348 if (strncmp(zc->zc_name, zc->zc_value, at - zc->zc_name + 1))
4349 return (SET_ERROR(EXDEV));
4351 if (ost == DMU_OST_ZFS && !nounmount) {
4352 error = dmu_objset_find(zc->zc_name,
4353 recursive_unmount, at + 1,
4354 recursive ? DS_FIND_CHILDREN : 0);
4360 error = dsl_dataset_rename_snapshot(zc->zc_name,
4361 at + 1, strchr(zc->zc_value, '@') + 1, recursive);
4366 return (dsl_dir_rename(zc->zc_name, zc->zc_value));
4371 zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr)
4373 const char *propname = nvpair_name(pair);
4374 boolean_t issnap = (strchr(dsname, '@') != NULL);
4375 zfs_prop_t prop = zfs_name_to_prop(propname);
4376 uint64_t intval, compval;
4379 if (prop == ZPROP_INVAL) {
4380 if (zfs_prop_user(propname)) {
4381 if ((err = zfs_secpolicy_write_perms(dsname,
4382 ZFS_DELEG_PERM_USERPROP, cr)))
4387 if (!issnap && zfs_prop_userquota(propname)) {
4388 const char *perm = NULL;
4389 const char *uq_prefix =
4390 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA];
4391 const char *gq_prefix =
4392 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA];
4393 const char *uiq_prefix =
4394 zfs_userquota_prop_prefixes[ZFS_PROP_USEROBJQUOTA];
4395 const char *giq_prefix =
4396 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPOBJQUOTA];
4397 const char *pq_prefix =
4398 zfs_userquota_prop_prefixes[ZFS_PROP_PROJECTQUOTA];
4399 const char *piq_prefix = zfs_userquota_prop_prefixes[\
4400 ZFS_PROP_PROJECTOBJQUOTA];
4402 if (strncmp(propname, uq_prefix,
4403 strlen(uq_prefix)) == 0) {
4404 perm = ZFS_DELEG_PERM_USERQUOTA;
4405 } else if (strncmp(propname, uiq_prefix,
4406 strlen(uiq_prefix)) == 0) {
4407 perm = ZFS_DELEG_PERM_USEROBJQUOTA;
4408 } else if (strncmp(propname, gq_prefix,
4409 strlen(gq_prefix)) == 0) {
4410 perm = ZFS_DELEG_PERM_GROUPQUOTA;
4411 } else if (strncmp(propname, giq_prefix,
4412 strlen(giq_prefix)) == 0) {
4413 perm = ZFS_DELEG_PERM_GROUPOBJQUOTA;
4414 } else if (strncmp(propname, pq_prefix,
4415 strlen(pq_prefix)) == 0) {
4416 perm = ZFS_DELEG_PERM_PROJECTQUOTA;
4417 } else if (strncmp(propname, piq_prefix,
4418 strlen(piq_prefix)) == 0) {
4419 perm = ZFS_DELEG_PERM_PROJECTOBJQUOTA;
4421 /* {USER|GROUP|PROJECT}USED are read-only */
4422 return (SET_ERROR(EINVAL));
4425 if ((err = zfs_secpolicy_write_perms(dsname, perm, cr)))
4430 return (SET_ERROR(EINVAL));
4434 return (SET_ERROR(EINVAL));
4436 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
4438 * dsl_prop_get_all_impl() returns properties in this
4442 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
4443 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
4448 * Check that this value is valid for this pool version
4451 case ZFS_PROP_COMPRESSION:
4453 * If the user specified gzip compression, make sure
4454 * the SPA supports it. We ignore any errors here since
4455 * we'll catch them later.
4457 if (nvpair_value_uint64(pair, &intval) == 0) {
4458 compval = ZIO_COMPRESS_ALGO(intval);
4459 if (compval >= ZIO_COMPRESS_GZIP_1 &&
4460 compval <= ZIO_COMPRESS_GZIP_9 &&
4461 zfs_earlier_version(dsname,
4462 SPA_VERSION_GZIP_COMPRESSION)) {
4463 return (SET_ERROR(ENOTSUP));
4466 if (compval == ZIO_COMPRESS_ZLE &&
4467 zfs_earlier_version(dsname,
4468 SPA_VERSION_ZLE_COMPRESSION))
4469 return (SET_ERROR(ENOTSUP));
4471 if (compval == ZIO_COMPRESS_LZ4) {
4474 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4477 if (!spa_feature_is_enabled(spa,
4478 SPA_FEATURE_LZ4_COMPRESS)) {
4479 spa_close(spa, FTAG);
4480 return (SET_ERROR(ENOTSUP));
4482 spa_close(spa, FTAG);
4485 if (compval == ZIO_COMPRESS_ZSTD) {
4488 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4491 if (!spa_feature_is_enabled(spa,
4492 SPA_FEATURE_ZSTD_COMPRESS)) {
4493 spa_close(spa, FTAG);
4494 return (SET_ERROR(ENOTSUP));
4496 spa_close(spa, FTAG);
4501 case ZFS_PROP_COPIES:
4502 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS))
4503 return (SET_ERROR(ENOTSUP));
4506 case ZFS_PROP_VOLBLOCKSIZE:
4507 case ZFS_PROP_RECORDSIZE:
4508 /* Record sizes above 128k need the feature to be enabled */
4509 if (nvpair_value_uint64(pair, &intval) == 0 &&
4510 intval > SPA_OLD_MAXBLOCKSIZE) {
4514 * We don't allow setting the property above 1MB,
4515 * unless the tunable has been changed.
4517 if (intval > zfs_max_recordsize ||
4518 intval > SPA_MAXBLOCKSIZE)
4519 return (SET_ERROR(ERANGE));
4521 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4524 if (!spa_feature_is_enabled(spa,
4525 SPA_FEATURE_LARGE_BLOCKS)) {
4526 spa_close(spa, FTAG);
4527 return (SET_ERROR(ENOTSUP));
4529 spa_close(spa, FTAG);
4533 case ZFS_PROP_DNODESIZE:
4534 /* Dnode sizes above 512 need the feature to be enabled */
4535 if (nvpair_value_uint64(pair, &intval) == 0 &&
4536 intval != ZFS_DNSIZE_LEGACY) {
4539 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4542 if (!spa_feature_is_enabled(spa,
4543 SPA_FEATURE_LARGE_DNODE)) {
4544 spa_close(spa, FTAG);
4545 return (SET_ERROR(ENOTSUP));
4547 spa_close(spa, FTAG);
4551 case ZFS_PROP_SPECIAL_SMALL_BLOCKS:
4553 * This property could require the allocation classes
4554 * feature to be active for setting, however we allow
4555 * it so that tests of settable properties succeed.
4556 * The CLI will issue a warning in this case.
4560 case ZFS_PROP_SHARESMB:
4561 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID))
4562 return (SET_ERROR(ENOTSUP));
4565 case ZFS_PROP_ACLINHERIT:
4566 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
4567 nvpair_value_uint64(pair, &intval) == 0) {
4568 if (intval == ZFS_ACL_PASSTHROUGH_X &&
4569 zfs_earlier_version(dsname,
4570 SPA_VERSION_PASSTHROUGH_X))
4571 return (SET_ERROR(ENOTSUP));
4574 case ZFS_PROP_CHECKSUM:
4575 case ZFS_PROP_DEDUP:
4577 spa_feature_t feature;
4581 /* dedup feature version checks */
4582 if (prop == ZFS_PROP_DEDUP &&
4583 zfs_earlier_version(dsname, SPA_VERSION_DEDUP))
4584 return (SET_ERROR(ENOTSUP));
4586 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
4587 nvpair_value_uint64(pair, &intval) == 0) {
4588 /* check prop value is enabled in features */
4589 feature = zio_checksum_to_feature(
4590 intval & ZIO_CHECKSUM_MASK);
4591 if (feature == SPA_FEATURE_NONE)
4594 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4597 if (!spa_feature_is_enabled(spa, feature)) {
4598 spa_close(spa, FTAG);
4599 return (SET_ERROR(ENOTSUP));
4601 spa_close(spa, FTAG);
4610 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED()));
4614 * Removes properties from the given props list that fail permission checks
4615 * needed to clear them and to restore them in case of a receive error. For each
4616 * property, make sure we have both set and inherit permissions.
4618 * Returns the first error encountered if any permission checks fail. If the
4619 * caller provides a non-NULL errlist, it also gives the complete list of names
4620 * of all the properties that failed a permission check along with the
4621 * corresponding error numbers. The caller is responsible for freeing the
4624 * If every property checks out successfully, zero is returned and the list
4625 * pointed at by errlist is NULL.
4628 zfs_check_clearable(const char *dataset, nvlist_t *props, nvlist_t **errlist)
4631 nvpair_t *pair, *next_pair;
4638 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
4640 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP);
4641 (void) strlcpy(zc->zc_name, dataset, sizeof (zc->zc_name));
4642 pair = nvlist_next_nvpair(props, NULL);
4643 while (pair != NULL) {
4644 next_pair = nvlist_next_nvpair(props, pair);
4646 (void) strlcpy(zc->zc_value, nvpair_name(pair),
4647 sizeof (zc->zc_value));
4648 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 ||
4649 (err = zfs_secpolicy_inherit_prop(zc, NULL, CRED())) != 0) {
4650 VERIFY(nvlist_remove_nvpair(props, pair) == 0);
4651 VERIFY(nvlist_add_int32(errors,
4652 zc->zc_value, err) == 0);
4656 kmem_free(zc, sizeof (zfs_cmd_t));
4658 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
4659 nvlist_free(errors);
4662 VERIFY(nvpair_value_int32(pair, &rv) == 0);
4665 if (errlist == NULL)
4666 nvlist_free(errors);
4674 propval_equals(nvpair_t *p1, nvpair_t *p2)
4676 if (nvpair_type(p1) == DATA_TYPE_NVLIST) {
4677 /* dsl_prop_get_all_impl() format */
4679 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0);
4680 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
4684 if (nvpair_type(p2) == DATA_TYPE_NVLIST) {
4686 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0);
4687 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
4691 if (nvpair_type(p1) != nvpair_type(p2))
4694 if (nvpair_type(p1) == DATA_TYPE_STRING) {
4695 char *valstr1, *valstr2;
4697 VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0);
4698 VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0);
4699 return (strcmp(valstr1, valstr2) == 0);
4701 uint64_t intval1, intval2;
4703 VERIFY(nvpair_value_uint64(p1, &intval1) == 0);
4704 VERIFY(nvpair_value_uint64(p2, &intval2) == 0);
4705 return (intval1 == intval2);
4710 * Remove properties from props if they are not going to change (as determined
4711 * by comparison with origprops). Remove them from origprops as well, since we
4712 * do not need to clear or restore properties that won't change.
4715 props_reduce(nvlist_t *props, nvlist_t *origprops)
4717 nvpair_t *pair, *next_pair;
4719 if (origprops == NULL)
4720 return; /* all props need to be received */
4722 pair = nvlist_next_nvpair(props, NULL);
4723 while (pair != NULL) {
4724 const char *propname = nvpair_name(pair);
4727 next_pair = nvlist_next_nvpair(props, pair);
4729 if ((nvlist_lookup_nvpair(origprops, propname,
4730 &match) != 0) || !propval_equals(pair, match))
4731 goto next; /* need to set received value */
4733 /* don't clear the existing received value */
4734 (void) nvlist_remove_nvpair(origprops, match);
4735 /* don't bother receiving the property */
4736 (void) nvlist_remove_nvpair(props, pair);
4743 * Extract properties that cannot be set PRIOR to the receipt of a dataset.
4744 * For example, refquota cannot be set until after the receipt of a dataset,
4745 * because in replication streams, an older/earlier snapshot may exceed the
4746 * refquota. We want to receive the older/earlier snapshot, but setting
4747 * refquota pre-receipt will set the dsl's ACTUAL quota, which will prevent
4748 * the older/earlier snapshot from being received (with EDQUOT).
4750 * The ZFS test "zfs_receive_011_pos" demonstrates such a scenario.
4752 * libzfs will need to be judicious handling errors encountered by props
4753 * extracted by this function.
4756 extract_delay_props(nvlist_t *props)
4758 nvlist_t *delayprops;
4759 nvpair_t *nvp, *tmp;
4760 static const zfs_prop_t delayable[] = {
4762 ZFS_PROP_KEYLOCATION,
4767 VERIFY(nvlist_alloc(&delayprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
4769 for (nvp = nvlist_next_nvpair(props, NULL); nvp != NULL;
4770 nvp = nvlist_next_nvpair(props, nvp)) {
4772 * strcmp() is safe because zfs_prop_to_name() always returns
4775 for (i = 0; delayable[i] != 0; i++) {
4776 if (strcmp(zfs_prop_to_name(delayable[i]),
4777 nvpair_name(nvp)) == 0) {
4781 if (delayable[i] != 0) {
4782 tmp = nvlist_prev_nvpair(props, nvp);
4783 VERIFY(nvlist_add_nvpair(delayprops, nvp) == 0);
4784 VERIFY(nvlist_remove_nvpair(props, nvp) == 0);
4789 if (nvlist_empty(delayprops)) {
4790 nvlist_free(delayprops);
4793 return (delayprops);
4797 zfs_allow_log_destroy(void *arg)
4799 char *poolname = arg;
4801 if (poolname != NULL)
4802 kmem_strfree(poolname);
4806 static boolean_t zfs_ioc_recv_inject_err;
4810 * nvlist 'errors' is always allocated. It will contain descriptions of
4811 * encountered errors, if any. It's the callers responsibility to free.
4814 zfs_ioc_recv_impl(char *tofs, char *tosnap, char *origin, nvlist_t *recvprops,
4815 nvlist_t *localprops, nvlist_t *hidden_args, boolean_t force,
4816 boolean_t resumable, int input_fd,
4817 dmu_replay_record_t *begin_record, uint64_t *read_bytes,
4818 uint64_t *errflags, nvlist_t **errors)
4820 dmu_recv_cookie_t drc;
4822 int props_error = 0;
4824 nvlist_t *local_delayprops = NULL;
4825 nvlist_t *recv_delayprops = NULL;
4826 nvlist_t *origprops = NULL; /* existing properties */
4827 nvlist_t *origrecvd = NULL; /* existing received properties */
4828 boolean_t first_recvd_props = B_FALSE;
4829 boolean_t tofs_was_redacted;
4830 zfs_file_t *input_fp;
4834 *errors = fnvlist_alloc();
4837 if ((error = zfs_file_get(input_fd, &input_fp)))
4840 noff = off = zfs_file_off(input_fp);
4841 error = dmu_recv_begin(tofs, tosnap, begin_record, force,
4842 resumable, localprops, hidden_args, origin, &drc, input_fp,
4846 tofs_was_redacted = dsl_get_redacted(drc.drc_ds);
4849 * Set properties before we receive the stream so that they are applied
4850 * to the new data. Note that we must call dmu_recv_stream() if
4851 * dmu_recv_begin() succeeds.
4853 if (recvprops != NULL && !drc.drc_newfs) {
4854 if (spa_version(dsl_dataset_get_spa(drc.drc_ds)) >=
4855 SPA_VERSION_RECVD_PROPS &&
4856 !dsl_prop_get_hasrecvd(tofs))
4857 first_recvd_props = B_TRUE;
4860 * If new received properties are supplied, they are to
4861 * completely replace the existing received properties,
4862 * so stash away the existing ones.
4864 if (dsl_prop_get_received(tofs, &origrecvd) == 0) {
4865 nvlist_t *errlist = NULL;
4867 * Don't bother writing a property if its value won't
4868 * change (and avoid the unnecessary security checks).
4870 * The first receive after SPA_VERSION_RECVD_PROPS is a
4871 * special case where we blow away all local properties
4874 if (!first_recvd_props)
4875 props_reduce(recvprops, origrecvd);
4876 if (zfs_check_clearable(tofs, origrecvd, &errlist) != 0)
4877 (void) nvlist_merge(*errors, errlist, 0);
4878 nvlist_free(errlist);
4880 if (clear_received_props(tofs, origrecvd,
4881 first_recvd_props ? NULL : recvprops) != 0)
4882 *errflags |= ZPROP_ERR_NOCLEAR;
4884 *errflags |= ZPROP_ERR_NOCLEAR;
4889 * Stash away existing properties so we can restore them on error unless
4890 * we're doing the first receive after SPA_VERSION_RECVD_PROPS, in which
4891 * case "origrecvd" will take care of that.
4893 if (localprops != NULL && !drc.drc_newfs && !first_recvd_props) {
4895 if (dmu_objset_hold(tofs, FTAG, &os) == 0) {
4896 if (dsl_prop_get_all(os, &origprops) != 0) {
4897 *errflags |= ZPROP_ERR_NOCLEAR;
4899 dmu_objset_rele(os, FTAG);
4901 *errflags |= ZPROP_ERR_NOCLEAR;
4905 if (recvprops != NULL) {
4906 props_error = dsl_prop_set_hasrecvd(tofs);
4908 if (props_error == 0) {
4909 recv_delayprops = extract_delay_props(recvprops);
4910 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
4911 recvprops, *errors);
4915 if (localprops != NULL) {
4916 nvlist_t *oprops = fnvlist_alloc();
4917 nvlist_t *xprops = fnvlist_alloc();
4918 nvpair_t *nvp = NULL;
4920 while ((nvp = nvlist_next_nvpair(localprops, nvp)) != NULL) {
4921 if (nvpair_type(nvp) == DATA_TYPE_BOOLEAN) {
4923 const char *name = nvpair_name(nvp);
4924 zfs_prop_t prop = zfs_name_to_prop(name);
4925 if (prop != ZPROP_INVAL) {
4926 if (!zfs_prop_inheritable(prop))
4928 } else if (!zfs_prop_user(name))
4930 fnvlist_add_boolean(xprops, name);
4932 /* -o property=value */
4933 fnvlist_add_nvpair(oprops, nvp);
4937 local_delayprops = extract_delay_props(oprops);
4938 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL,
4940 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED,
4943 nvlist_free(oprops);
4944 nvlist_free(xprops);
4947 error = dmu_recv_stream(&drc, &off);
4950 zfsvfs_t *zfsvfs = NULL;
4951 zvol_state_handle_t *zv = NULL;
4953 if (getzfsvfs(tofs, &zfsvfs) == 0) {
4957 boolean_t stream_is_redacted = DMU_GET_FEATUREFLAGS(
4958 begin_record->drr_u.drr_begin.
4959 drr_versioninfo) & DMU_BACKUP_FEATURE_REDACTED;
4961 ds = dmu_objset_ds(zfsvfs->z_os);
4962 error = zfs_suspend_fs(zfsvfs);
4964 * If the suspend fails, then the recv_end will
4965 * likely also fail, and clean up after itself.
4967 end_err = dmu_recv_end(&drc, zfsvfs);
4969 * If the dataset was not redacted, but we received a
4970 * redacted stream onto it, we need to unmount the
4971 * dataset. Otherwise, resume the filesystem.
4973 if (error == 0 && !drc.drc_newfs &&
4974 stream_is_redacted && !tofs_was_redacted) {
4975 error = zfs_end_fs(zfsvfs, ds);
4976 } else if (error == 0) {
4977 error = zfs_resume_fs(zfsvfs, ds);
4979 error = error ? error : end_err;
4980 zfs_vfs_rele(zfsvfs);
4981 } else if ((zv = zvol_suspend(tofs)) != NULL) {
4982 error = dmu_recv_end(&drc, zvol_tag(zv));
4985 error = dmu_recv_end(&drc, NULL);
4988 /* Set delayed properties now, after we're done receiving. */
4989 if (recv_delayprops != NULL && error == 0) {
4990 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
4991 recv_delayprops, *errors);
4993 if (local_delayprops != NULL && error == 0) {
4994 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL,
4995 local_delayprops, *errors);
5000 * Merge delayed props back in with initial props, in case
5001 * we're DEBUG and zfs_ioc_recv_inject_err is set (which means
5002 * we have to make sure clear_received_props() includes
5003 * the delayed properties).
5005 * Since zfs_ioc_recv_inject_err is only in DEBUG kernels,
5006 * using ASSERT() will be just like a VERIFY.
5008 if (recv_delayprops != NULL) {
5009 ASSERT(nvlist_merge(recvprops, recv_delayprops, 0) == 0);
5010 nvlist_free(recv_delayprops);
5012 if (local_delayprops != NULL) {
5013 ASSERT(nvlist_merge(localprops, local_delayprops, 0) == 0);
5014 nvlist_free(local_delayprops);
5016 *read_bytes = off - noff;
5019 if (zfs_ioc_recv_inject_err) {
5020 zfs_ioc_recv_inject_err = B_FALSE;
5026 * On error, restore the original props.
5028 if (error != 0 && recvprops != NULL && !drc.drc_newfs) {
5029 if (clear_received_props(tofs, recvprops, NULL) != 0) {
5031 * We failed to clear the received properties.
5032 * Since we may have left a $recvd value on the
5033 * system, we can't clear the $hasrecvd flag.
5035 *errflags |= ZPROP_ERR_NORESTORE;
5036 } else if (first_recvd_props) {
5037 dsl_prop_unset_hasrecvd(tofs);
5040 if (origrecvd == NULL && !drc.drc_newfs) {
5041 /* We failed to stash the original properties. */
5042 *errflags |= ZPROP_ERR_NORESTORE;
5046 * dsl_props_set() will not convert RECEIVED to LOCAL on or
5047 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL
5048 * explicitly if we're restoring local properties cleared in the
5049 * first new-style receive.
5051 if (origrecvd != NULL &&
5052 zfs_set_prop_nvlist(tofs, (first_recvd_props ?
5053 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED),
5054 origrecvd, NULL) != 0) {
5056 * We stashed the original properties but failed to
5059 *errflags |= ZPROP_ERR_NORESTORE;
5062 if (error != 0 && localprops != NULL && !drc.drc_newfs &&
5063 !first_recvd_props) {
5065 nvlist_t *inheritprops;
5068 if (origprops == NULL) {
5069 /* We failed to stash the original properties. */
5070 *errflags |= ZPROP_ERR_NORESTORE;
5074 /* Restore original props */
5075 setprops = fnvlist_alloc();
5076 inheritprops = fnvlist_alloc();
5078 while ((nvp = nvlist_next_nvpair(localprops, nvp)) != NULL) {
5079 const char *name = nvpair_name(nvp);
5083 if (!nvlist_exists(origprops, name)) {
5085 * Property was not present or was explicitly
5086 * inherited before the receive, restore this.
5088 fnvlist_add_boolean(inheritprops, name);
5091 attrs = fnvlist_lookup_nvlist(origprops, name);
5092 source = fnvlist_lookup_string(attrs, ZPROP_SOURCE);
5094 /* Skip received properties */
5095 if (strcmp(source, ZPROP_SOURCE_VAL_RECVD) == 0)
5098 if (strcmp(source, tofs) == 0) {
5099 /* Property was locally set */
5100 fnvlist_add_nvlist(setprops, name, attrs);
5102 /* Property was implicitly inherited */
5103 fnvlist_add_boolean(inheritprops, name);
5107 if (zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL, setprops,
5109 *errflags |= ZPROP_ERR_NORESTORE;
5110 if (zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED, inheritprops,
5112 *errflags |= ZPROP_ERR_NORESTORE;
5114 nvlist_free(setprops);
5115 nvlist_free(inheritprops);
5118 zfs_file_put(input_fd);
5119 nvlist_free(origrecvd);
5120 nvlist_free(origprops);
5123 error = props_error;
5130 * zc_name name of containing filesystem (unused)
5131 * zc_nvlist_src{_size} nvlist of properties to apply
5132 * zc_nvlist_conf{_size} nvlist of properties to exclude
5133 * (DATA_TYPE_BOOLEAN) and override (everything else)
5134 * zc_value name of snapshot to create
5135 * zc_string name of clone origin (if DRR_FLAG_CLONE)
5136 * zc_cookie file descriptor to recv from
5137 * zc_begin_record the BEGIN record of the stream (not byteswapped)
5138 * zc_guid force flag
5141 * zc_cookie number of bytes read
5142 * zc_obj zprop_errflags_t
5143 * zc_nvlist_dst{_size} error for each unapplied received property
5146 zfs_ioc_recv(zfs_cmd_t *zc)
5148 dmu_replay_record_t begin_record;
5149 nvlist_t *errors = NULL;
5150 nvlist_t *recvdprops = NULL;
5151 nvlist_t *localprops = NULL;
5152 char *origin = NULL;
5154 char tofs[ZFS_MAX_DATASET_NAME_LEN];
5157 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
5158 strchr(zc->zc_value, '@') == NULL ||
5159 strchr(zc->zc_value, '%'))
5160 return (SET_ERROR(EINVAL));
5162 (void) strlcpy(tofs, zc->zc_value, sizeof (tofs));
5163 tosnap = strchr(tofs, '@');
5166 if (zc->zc_nvlist_src != 0 &&
5167 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
5168 zc->zc_iflags, &recvdprops)) != 0)
5171 if (zc->zc_nvlist_conf != 0 &&
5172 (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
5173 zc->zc_iflags, &localprops)) != 0)
5176 if (zc->zc_string[0])
5177 origin = zc->zc_string;
5179 begin_record.drr_type = DRR_BEGIN;
5180 begin_record.drr_payloadlen = 0;
5181 begin_record.drr_u.drr_begin = zc->zc_begin_record;
5183 error = zfs_ioc_recv_impl(tofs, tosnap, origin, recvdprops, localprops,
5184 NULL, zc->zc_guid, B_FALSE, zc->zc_cookie, &begin_record,
5185 &zc->zc_cookie, &zc->zc_obj, &errors);
5186 nvlist_free(recvdprops);
5187 nvlist_free(localprops);
5190 * Now that all props, initial and delayed, are set, report the prop
5191 * errors to the caller.
5193 if (zc->zc_nvlist_dst_size != 0 && errors != NULL &&
5194 (nvlist_smush(errors, zc->zc_nvlist_dst_size) != 0 ||
5195 put_nvlist(zc, errors) != 0)) {
5197 * Caller made zc->zc_nvlist_dst less than the minimum expected
5198 * size or supplied an invalid address.
5200 error = SET_ERROR(EINVAL);
5203 nvlist_free(errors);
5210 * "snapname" -> full name of the snapshot to create
5211 * (optional) "props" -> received properties to set (nvlist)
5212 * (optional) "localprops" -> override and exclude properties (nvlist)
5213 * (optional) "origin" -> name of clone origin (DRR_FLAG_CLONE)
5214 * "begin_record" -> non-byteswapped dmu_replay_record_t
5215 * "input_fd" -> file descriptor to read stream from (int32)
5216 * (optional) "force" -> force flag (value ignored)
5217 * (optional) "resumable" -> resumable flag (value ignored)
5218 * (optional) "cleanup_fd" -> unused
5219 * (optional) "action_handle" -> unused
5220 * (optional) "hidden_args" -> { "wkeydata" -> value }
5224 * "read_bytes" -> number of bytes read
5225 * "error_flags" -> zprop_errflags_t
5226 * "errors" -> error for each unapplied received property (nvlist)
5229 static const zfs_ioc_key_t zfs_keys_recv_new[] = {
5230 {"snapname", DATA_TYPE_STRING, 0},
5231 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
5232 {"localprops", DATA_TYPE_NVLIST, ZK_OPTIONAL},
5233 {"origin", DATA_TYPE_STRING, ZK_OPTIONAL},
5234 {"begin_record", DATA_TYPE_BYTE_ARRAY, 0},
5235 {"input_fd", DATA_TYPE_INT32, 0},
5236 {"force", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
5237 {"resumable", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
5238 {"cleanup_fd", DATA_TYPE_INT32, ZK_OPTIONAL},
5239 {"action_handle", DATA_TYPE_UINT64, ZK_OPTIONAL},
5240 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
5244 zfs_ioc_recv_new(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
5246 dmu_replay_record_t *begin_record;
5247 uint_t begin_record_size;
5248 nvlist_t *errors = NULL;
5249 nvlist_t *recvprops = NULL;
5250 nvlist_t *localprops = NULL;
5251 nvlist_t *hidden_args = NULL;
5253 char *origin = NULL;
5255 char tofs[ZFS_MAX_DATASET_NAME_LEN];
5257 boolean_t resumable;
5258 uint64_t read_bytes = 0;
5259 uint64_t errflags = 0;
5263 snapname = fnvlist_lookup_string(innvl, "snapname");
5265 if (dataset_namecheck(snapname, NULL, NULL) != 0 ||
5266 strchr(snapname, '@') == NULL ||
5267 strchr(snapname, '%'))
5268 return (SET_ERROR(EINVAL));
5270 (void) strlcpy(tofs, snapname, sizeof (tofs));
5271 tosnap = strchr(tofs, '@');
5274 error = nvlist_lookup_string(innvl, "origin", &origin);
5275 if (error && error != ENOENT)
5278 error = nvlist_lookup_byte_array(innvl, "begin_record",
5279 (uchar_t **)&begin_record, &begin_record_size);
5280 if (error != 0 || begin_record_size != sizeof (*begin_record))
5281 return (SET_ERROR(EINVAL));
5283 input_fd = fnvlist_lookup_int32(innvl, "input_fd");
5285 force = nvlist_exists(innvl, "force");
5286 resumable = nvlist_exists(innvl, "resumable");
5288 /* we still use "props" here for backwards compatibility */
5289 error = nvlist_lookup_nvlist(innvl, "props", &recvprops);
5290 if (error && error != ENOENT)
5293 error = nvlist_lookup_nvlist(innvl, "localprops", &localprops);
5294 if (error && error != ENOENT)
5297 error = nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args);
5298 if (error && error != ENOENT)
5301 error = zfs_ioc_recv_impl(tofs, tosnap, origin, recvprops, localprops,
5302 hidden_args, force, resumable, input_fd, begin_record,
5303 &read_bytes, &errflags, &errors);
5305 fnvlist_add_uint64(outnvl, "read_bytes", read_bytes);
5306 fnvlist_add_uint64(outnvl, "error_flags", errflags);
5307 fnvlist_add_nvlist(outnvl, "errors", errors);
5309 nvlist_free(errors);
5310 nvlist_free(recvprops);
5311 nvlist_free(localprops);
5316 typedef struct dump_bytes_io {
5324 dump_bytes_cb(void *arg)
5326 dump_bytes_io_t *dbi = (dump_bytes_io_t *)arg;
5333 dbi->dbi_err = zfs_file_write(fp, buf, dbi->dbi_len, NULL);
5337 dump_bytes(objset_t *os, void *buf, int len, void *arg)
5339 dump_bytes_io_t dbi;
5345 #if defined(HAVE_LARGE_STACKS)
5346 dump_bytes_cb(&dbi);
5349 * The vn_rdwr() call is performed in a taskq to ensure that there is
5350 * always enough stack space to write safely to the target filesystem.
5351 * The ZIO_TYPE_FREE threads are used because there can be a lot of
5352 * them and they are used in vdev_file.c for a similar purpose.
5354 spa_taskq_dispatch_sync(dmu_objset_spa(os), ZIO_TYPE_FREE,
5355 ZIO_TASKQ_ISSUE, dump_bytes_cb, &dbi, TQ_SLEEP);
5356 #endif /* HAVE_LARGE_STACKS */
5358 return (dbi.dbi_err);
5363 * zc_name name of snapshot to send
5364 * zc_cookie file descriptor to send stream to
5365 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj)
5366 * zc_sendobj objsetid of snapshot to send
5367 * zc_fromobj objsetid of incremental fromsnap (may be zero)
5368 * zc_guid if set, estimate size of stream only. zc_cookie is ignored.
5369 * output size in zc_objset_type.
5370 * zc_flags lzc_send_flags
5373 * zc_objset_type estimated size, if zc_guid is set
5375 * NOTE: This is no longer the preferred interface, any new functionality
5376 * should be added to zfs_ioc_send_new() instead.
5379 zfs_ioc_send(zfs_cmd_t *zc)
5383 boolean_t estimate = (zc->zc_guid != 0);
5384 boolean_t embedok = (zc->zc_flags & 0x1);
5385 boolean_t large_block_ok = (zc->zc_flags & 0x2);
5386 boolean_t compressok = (zc->zc_flags & 0x4);
5387 boolean_t rawok = (zc->zc_flags & 0x8);
5388 boolean_t savedok = (zc->zc_flags & 0x10);
5390 if (zc->zc_obj != 0) {
5392 dsl_dataset_t *tosnap;
5394 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
5398 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &tosnap);
5400 dsl_pool_rele(dp, FTAG);
5404 if (dsl_dir_is_clone(tosnap->ds_dir))
5406 dsl_dir_phys(tosnap->ds_dir)->dd_origin_obj;
5407 dsl_dataset_rele(tosnap, FTAG);
5408 dsl_pool_rele(dp, FTAG);
5413 dsl_dataset_t *tosnap;
5414 dsl_dataset_t *fromsnap = NULL;
5416 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
5420 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj,
5423 dsl_pool_rele(dp, FTAG);
5427 if (zc->zc_fromobj != 0) {
5428 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj,
5431 dsl_dataset_rele(tosnap, FTAG);
5432 dsl_pool_rele(dp, FTAG);
5437 error = dmu_send_estimate_fast(tosnap, fromsnap, NULL,
5438 compressok || rawok, savedok, &zc->zc_objset_type);
5440 if (fromsnap != NULL)
5441 dsl_dataset_rele(fromsnap, FTAG);
5442 dsl_dataset_rele(tosnap, FTAG);
5443 dsl_pool_rele(dp, FTAG);
5446 dmu_send_outparams_t out = {0};
5448 if ((error = zfs_file_get(zc->zc_cookie, &fp)))
5451 off = zfs_file_off(fp);
5452 out.dso_outfunc = dump_bytes;
5454 out.dso_dryrun = B_FALSE;
5455 error = dmu_send_obj(zc->zc_name, zc->zc_sendobj,
5456 zc->zc_fromobj, embedok, large_block_ok, compressok,
5457 rawok, savedok, zc->zc_cookie, &off, &out);
5459 zfs_file_put(zc->zc_cookie);
5466 * zc_name name of snapshot on which to report progress
5467 * zc_cookie file descriptor of send stream
5470 * zc_cookie number of bytes written in send stream thus far
5471 * zc_objset_type logical size of data traversed by send thus far
5474 zfs_ioc_send_progress(zfs_cmd_t *zc)
5478 dmu_sendstatus_t *dsp = NULL;
5481 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
5485 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds);
5487 dsl_pool_rele(dp, FTAG);
5491 mutex_enter(&ds->ds_sendstream_lock);
5494 * Iterate over all the send streams currently active on this dataset.
5495 * If there's one which matches the specified file descriptor _and_ the
5496 * stream was started by the current process, return the progress of
5500 for (dsp = list_head(&ds->ds_sendstreams); dsp != NULL;
5501 dsp = list_next(&ds->ds_sendstreams, dsp)) {
5502 if (dsp->dss_outfd == zc->zc_cookie &&
5503 zfs_proc_is_caller(dsp->dss_proc))
5508 zc->zc_cookie = atomic_cas_64((volatile uint64_t *)dsp->dss_off,
5510 /* This is the closest thing we have to atomic_read_64. */
5511 zc->zc_objset_type = atomic_cas_64(&dsp->dss_blocks, 0, 0);
5513 error = SET_ERROR(ENOENT);
5516 mutex_exit(&ds->ds_sendstream_lock);
5517 dsl_dataset_rele(ds, FTAG);
5518 dsl_pool_rele(dp, FTAG);
5523 zfs_ioc_inject_fault(zfs_cmd_t *zc)
5527 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id,
5528 &zc->zc_inject_record);
5531 zc->zc_guid = (uint64_t)id;
5537 zfs_ioc_clear_fault(zfs_cmd_t *zc)
5539 return (zio_clear_fault((int)zc->zc_guid));
5543 zfs_ioc_inject_list_next(zfs_cmd_t *zc)
5545 int id = (int)zc->zc_guid;
5548 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name),
5549 &zc->zc_inject_record);
5557 zfs_ioc_error_log(zfs_cmd_t *zc)
5561 size_t count = (size_t)zc->zc_nvlist_dst_size;
5563 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
5566 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst,
5569 zc->zc_nvlist_dst_size = count;
5571 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa);
5573 spa_close(spa, FTAG);
5579 zfs_ioc_clear(zfs_cmd_t *zc)
5586 * On zpool clear we also fix up missing slogs
5588 mutex_enter(&spa_namespace_lock);
5589 spa = spa_lookup(zc->zc_name);
5591 mutex_exit(&spa_namespace_lock);
5592 return (SET_ERROR(EIO));
5594 if (spa_get_log_state(spa) == SPA_LOG_MISSING) {
5595 /* we need to let spa_open/spa_load clear the chains */
5596 spa_set_log_state(spa, SPA_LOG_CLEAR);
5598 spa->spa_last_open_failed = 0;
5599 mutex_exit(&spa_namespace_lock);
5601 if (zc->zc_cookie & ZPOOL_NO_REWIND) {
5602 error = spa_open(zc->zc_name, &spa, FTAG);
5605 nvlist_t *config = NULL;
5607 if (zc->zc_nvlist_src == 0)
5608 return (SET_ERROR(EINVAL));
5610 if ((error = get_nvlist(zc->zc_nvlist_src,
5611 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) {
5612 error = spa_open_rewind(zc->zc_name, &spa, FTAG,
5614 if (config != NULL) {
5617 if ((err = put_nvlist(zc, config)) != 0)
5619 nvlist_free(config);
5621 nvlist_free(policy);
5629 * If multihost is enabled, resuming I/O is unsafe as another
5630 * host may have imported the pool.
5632 if (spa_multihost(spa) && spa_suspended(spa))
5633 return (SET_ERROR(EINVAL));
5635 spa_vdev_state_enter(spa, SCL_NONE);
5637 if (zc->zc_guid == 0) {
5640 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE);
5642 error = SET_ERROR(ENODEV);
5643 (void) spa_vdev_state_exit(spa, NULL, error);
5644 spa_close(spa, FTAG);
5649 vdev_clear(spa, vd);
5651 (void) spa_vdev_state_exit(spa, spa_suspended(spa) ?
5652 NULL : spa->spa_root_vdev, 0);
5655 * Resume any suspended I/Os.
5657 if (zio_resume(spa) != 0)
5658 error = SET_ERROR(EIO);
5660 spa_close(spa, FTAG);
5666 * Reopen all the vdevs associated with the pool.
5669 * "scrub_restart" -> when true and scrub is running, allow to restart
5670 * scrub as the side effect of the reopen (boolean).
5675 static const zfs_ioc_key_t zfs_keys_pool_reopen[] = {
5676 {"scrub_restart", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
5681 zfs_ioc_pool_reopen(const char *pool, nvlist_t *innvl, nvlist_t *outnvl)
5685 boolean_t rc, scrub_restart = B_TRUE;
5688 error = nvlist_lookup_boolean_value(innvl,
5689 "scrub_restart", &rc);
5694 error = spa_open(pool, &spa, FTAG);
5698 spa_vdev_state_enter(spa, SCL_NONE);
5701 * If the scrub_restart flag is B_FALSE and a scrub is already
5702 * in progress then set spa_scrub_reopen flag to B_TRUE so that
5703 * we don't restart the scrub as a side effect of the reopen.
5704 * Otherwise, let vdev_open() decided if a resilver is required.
5707 spa->spa_scrub_reopen = (!scrub_restart &&
5708 dsl_scan_scrubbing(spa->spa_dsl_pool));
5709 vdev_reopen(spa->spa_root_vdev);
5710 spa->spa_scrub_reopen = B_FALSE;
5712 (void) spa_vdev_state_exit(spa, NULL, 0);
5713 spa_close(spa, FTAG);
5719 * zc_name name of filesystem
5722 * zc_string name of conflicting snapshot, if there is one
5725 zfs_ioc_promote(zfs_cmd_t *zc)
5728 dsl_dataset_t *ds, *ods;
5729 char origin[ZFS_MAX_DATASET_NAME_LEN];
5733 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
5734 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0 ||
5735 strchr(zc->zc_name, '%'))
5736 return (SET_ERROR(EINVAL));
5738 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
5742 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds);
5744 dsl_pool_rele(dp, FTAG);
5748 if (!dsl_dir_is_clone(ds->ds_dir)) {
5749 dsl_dataset_rele(ds, FTAG);
5750 dsl_pool_rele(dp, FTAG);
5751 return (SET_ERROR(EINVAL));
5754 error = dsl_dataset_hold_obj(dp,
5755 dsl_dir_phys(ds->ds_dir)->dd_origin_obj, FTAG, &ods);
5757 dsl_dataset_rele(ds, FTAG);
5758 dsl_pool_rele(dp, FTAG);
5762 dsl_dataset_name(ods, origin);
5763 dsl_dataset_rele(ods, FTAG);
5764 dsl_dataset_rele(ds, FTAG);
5765 dsl_pool_rele(dp, FTAG);
5768 * We don't need to unmount *all* the origin fs's snapshots, but
5771 cp = strchr(origin, '@');
5774 (void) dmu_objset_find(origin,
5775 zfs_unmount_snap_cb, NULL, DS_FIND_SNAPSHOTS);
5776 return (dsl_dataset_promote(zc->zc_name, zc->zc_string));
5780 * Retrieve a single {user|group|project}{used|quota}@... property.
5783 * zc_name name of filesystem
5784 * zc_objset_type zfs_userquota_prop_t
5785 * zc_value domain name (eg. "S-1-234-567-89")
5786 * zc_guid RID/UID/GID
5789 * zc_cookie property value
5792 zfs_ioc_userspace_one(zfs_cmd_t *zc)
5797 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
5798 return (SET_ERROR(EINVAL));
5800 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
5804 error = zfs_userspace_one(zfsvfs,
5805 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie);
5806 zfsvfs_rele(zfsvfs, FTAG);
5813 * zc_name name of filesystem
5814 * zc_cookie zap cursor
5815 * zc_objset_type zfs_userquota_prop_t
5816 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist)
5819 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t)
5820 * zc_cookie zap cursor
5823 zfs_ioc_userspace_many(zfs_cmd_t *zc)
5826 int bufsize = zc->zc_nvlist_dst_size;
5829 return (SET_ERROR(ENOMEM));
5831 int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
5835 void *buf = vmem_alloc(bufsize, KM_SLEEP);
5837 error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie,
5838 buf, &zc->zc_nvlist_dst_size);
5841 error = xcopyout(buf,
5842 (void *)(uintptr_t)zc->zc_nvlist_dst,
5843 zc->zc_nvlist_dst_size);
5845 vmem_free(buf, bufsize);
5846 zfsvfs_rele(zfsvfs, FTAG);
5853 * zc_name name of filesystem
5859 zfs_ioc_userspace_upgrade(zfs_cmd_t *zc)
5864 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) {
5865 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) {
5867 * If userused is not enabled, it may be because the
5868 * objset needs to be closed & reopened (to grow the
5869 * objset_phys_t). Suspend/resume the fs will do that.
5871 dsl_dataset_t *ds, *newds;
5873 ds = dmu_objset_ds(zfsvfs->z_os);
5874 error = zfs_suspend_fs(zfsvfs);
5876 dmu_objset_refresh_ownership(ds, &newds,
5878 error = zfs_resume_fs(zfsvfs, newds);
5882 mutex_enter(&zfsvfs->z_os->os_upgrade_lock);
5883 if (zfsvfs->z_os->os_upgrade_id == 0) {
5884 /* clear potential error code and retry */
5885 zfsvfs->z_os->os_upgrade_status = 0;
5886 mutex_exit(&zfsvfs->z_os->os_upgrade_lock);
5888 dsl_pool_config_enter(
5889 dmu_objset_pool(zfsvfs->z_os), FTAG);
5890 dmu_objset_userspace_upgrade(zfsvfs->z_os);
5891 dsl_pool_config_exit(
5892 dmu_objset_pool(zfsvfs->z_os), FTAG);
5894 mutex_exit(&zfsvfs->z_os->os_upgrade_lock);
5897 taskq_wait_id(zfsvfs->z_os->os_spa->spa_upgrade_taskq,
5898 zfsvfs->z_os->os_upgrade_id);
5899 error = zfsvfs->z_os->os_upgrade_status;
5901 zfs_vfs_rele(zfsvfs);
5905 /* XXX kind of reading contents without owning */
5906 error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, FTAG, &os);
5910 mutex_enter(&os->os_upgrade_lock);
5911 if (os->os_upgrade_id == 0) {
5912 /* clear potential error code and retry */
5913 os->os_upgrade_status = 0;
5914 mutex_exit(&os->os_upgrade_lock);
5916 dmu_objset_userspace_upgrade(os);
5918 mutex_exit(&os->os_upgrade_lock);
5921 dsl_pool_rele(dmu_objset_pool(os), FTAG);
5923 taskq_wait_id(os->os_spa->spa_upgrade_taskq, os->os_upgrade_id);
5924 error = os->os_upgrade_status;
5926 dsl_dataset_rele_flags(dmu_objset_ds(os), DS_HOLD_FLAG_DECRYPT,
5934 * zc_name name of filesystem
5940 zfs_ioc_id_quota_upgrade(zfs_cmd_t *zc)
5945 error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, FTAG, &os);
5949 if (dmu_objset_userobjspace_upgradable(os) ||
5950 dmu_objset_projectquota_upgradable(os)) {
5951 mutex_enter(&os->os_upgrade_lock);
5952 if (os->os_upgrade_id == 0) {
5953 /* clear potential error code and retry */
5954 os->os_upgrade_status = 0;
5955 mutex_exit(&os->os_upgrade_lock);
5957 dmu_objset_id_quota_upgrade(os);
5959 mutex_exit(&os->os_upgrade_lock);
5962 dsl_pool_rele(dmu_objset_pool(os), FTAG);
5964 taskq_wait_id(os->os_spa->spa_upgrade_taskq, os->os_upgrade_id);
5965 error = os->os_upgrade_status;
5967 dsl_pool_rele(dmu_objset_pool(os), FTAG);
5970 dsl_dataset_rele_flags(dmu_objset_ds(os), DS_HOLD_FLAG_DECRYPT, FTAG);
5976 zfs_ioc_share(zfs_cmd_t *zc)
5978 return (SET_ERROR(ENOSYS));
5981 ace_t full_access[] = {
5982 {(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0}
5987 * zc_name name of containing filesystem
5988 * zc_obj object # beyond which we want next in-use object #
5991 * zc_obj next in-use object #
5994 zfs_ioc_next_obj(zfs_cmd_t *zc)
5996 objset_t *os = NULL;
5999 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
6003 error = dmu_object_next(os, &zc->zc_obj, B_FALSE, 0);
6005 dmu_objset_rele(os, FTAG);
6011 * zc_name name of filesystem
6012 * zc_value prefix name for snapshot
6013 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process
6016 * zc_value short name of new snapshot
6019 zfs_ioc_tmp_snapshot(zfs_cmd_t *zc)
6026 error = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor);
6030 snap_name = kmem_asprintf("%s-%016llx", zc->zc_value,
6031 (u_longlong_t)ddi_get_lbolt64());
6032 hold_name = kmem_asprintf("%%%s", zc->zc_value);
6034 error = dsl_dataset_snapshot_tmp(zc->zc_name, snap_name, minor,
6037 (void) strlcpy(zc->zc_value, snap_name,
6038 sizeof (zc->zc_value));
6039 kmem_strfree(snap_name);
6040 kmem_strfree(hold_name);
6041 zfs_onexit_fd_rele(zc->zc_cleanup_fd);
6047 * zc_name name of "to" snapshot
6048 * zc_value name of "from" snapshot
6049 * zc_cookie file descriptor to write diff data on
6052 * dmu_diff_record_t's to the file descriptor
6055 zfs_ioc_diff(zfs_cmd_t *zc)
6061 if ((error = zfs_file_get(zc->zc_cookie, &fp)))
6064 off = zfs_file_off(fp);
6065 error = dmu_diff(zc->zc_name, zc->zc_value, fp, &off);
6067 zfs_file_put(zc->zc_cookie);
6073 zfs_ioc_smb_acl(zfs_cmd_t *zc)
6075 return (SET_ERROR(ENOTSUP));
6080 * "holds" -> { snapname -> holdname (string), ... }
6081 * (optional) "cleanup_fd" -> fd (int32)
6085 * snapname -> error value (int32)
6089 static const zfs_ioc_key_t zfs_keys_hold[] = {
6090 {"holds", DATA_TYPE_NVLIST, 0},
6091 {"cleanup_fd", DATA_TYPE_INT32, ZK_OPTIONAL},
6096 zfs_ioc_hold(const char *pool, nvlist_t *args, nvlist_t *errlist)
6100 int cleanup_fd = -1;
6104 holds = fnvlist_lookup_nvlist(args, "holds");
6106 /* make sure the user didn't pass us any invalid (empty) tags */
6107 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL;
6108 pair = nvlist_next_nvpair(holds, pair)) {
6111 error = nvpair_value_string(pair, &htag);
6113 return (SET_ERROR(error));
6115 if (strlen(htag) == 0)
6116 return (SET_ERROR(EINVAL));
6119 if (nvlist_lookup_int32(args, "cleanup_fd", &cleanup_fd) == 0) {
6120 error = zfs_onexit_fd_hold(cleanup_fd, &minor);
6122 return (SET_ERROR(error));
6125 error = dsl_dataset_user_hold(holds, minor, errlist);
6127 zfs_onexit_fd_rele(cleanup_fd);
6128 return (SET_ERROR(error));
6132 * innvl is not used.
6135 * holdname -> time added (uint64 seconds since epoch)
6139 static const zfs_ioc_key_t zfs_keys_get_holds[] = {
6145 zfs_ioc_get_holds(const char *snapname, nvlist_t *args, nvlist_t *outnvl)
6147 return (dsl_dataset_get_holds(snapname, outnvl));
6152 * snapname -> { holdname, ... }
6157 * snapname -> error value (int32)
6161 static const zfs_ioc_key_t zfs_keys_release[] = {
6162 {"<snapname>...", DATA_TYPE_NVLIST, ZK_WILDCARDLIST},
6167 zfs_ioc_release(const char *pool, nvlist_t *holds, nvlist_t *errlist)
6169 return (dsl_dataset_user_release(holds, errlist));
6174 * zc_guid flags (ZEVENT_NONBLOCK)
6175 * zc_cleanup_fd zevent file descriptor
6178 * zc_nvlist_dst next nvlist event
6179 * zc_cookie dropped events since last get
6182 zfs_ioc_events_next(zfs_cmd_t *zc)
6185 nvlist_t *event = NULL;
6187 uint64_t dropped = 0;
6190 error = zfs_zevent_fd_hold(zc->zc_cleanup_fd, &minor, &ze);
6195 error = zfs_zevent_next(ze, &event,
6196 &zc->zc_nvlist_dst_size, &dropped);
6197 if (event != NULL) {
6198 zc->zc_cookie = dropped;
6199 error = put_nvlist(zc, event);
6203 if (zc->zc_guid & ZEVENT_NONBLOCK)
6206 if ((error == 0) || (error != ENOENT))
6209 error = zfs_zevent_wait(ze);
6214 zfs_zevent_fd_rele(zc->zc_cleanup_fd);
6221 * zc_cookie cleared events count
6224 zfs_ioc_events_clear(zfs_cmd_t *zc)
6228 zfs_zevent_drain_all(&count);
6229 zc->zc_cookie = count;
6236 * zc_guid eid | ZEVENT_SEEK_START | ZEVENT_SEEK_END
6237 * zc_cleanup zevent file descriptor
6240 zfs_ioc_events_seek(zfs_cmd_t *zc)
6246 error = zfs_zevent_fd_hold(zc->zc_cleanup_fd, &minor, &ze);
6250 error = zfs_zevent_seek(ze, zc->zc_guid);
6251 zfs_zevent_fd_rele(zc->zc_cleanup_fd);
6258 * zc_name name of later filesystem or snapshot
6259 * zc_value full name of old snapshot or bookmark
6262 * zc_cookie space in bytes
6263 * zc_objset_type compressed space in bytes
6264 * zc_perm_action uncompressed space in bytes
6267 zfs_ioc_space_written(zfs_cmd_t *zc)
6273 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
6276 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &new);
6278 dsl_pool_rele(dp, FTAG);
6281 if (strchr(zc->zc_value, '#') != NULL) {
6282 zfs_bookmark_phys_t bmp;
6283 error = dsl_bookmark_lookup(dp, zc->zc_value,
6286 error = dsl_dataset_space_written_bookmark(&bmp, new,
6288 &zc->zc_objset_type, &zc->zc_perm_action);
6292 error = dsl_dataset_hold(dp, zc->zc_value, FTAG, &old);
6295 error = dsl_dataset_space_written(old, new,
6297 &zc->zc_objset_type, &zc->zc_perm_action);
6298 dsl_dataset_rele(old, FTAG);
6301 dsl_dataset_rele(new, FTAG);
6302 dsl_pool_rele(dp, FTAG);
6308 * "firstsnap" -> snapshot name
6312 * "used" -> space in bytes
6313 * "compressed" -> compressed space in bytes
6314 * "uncompressed" -> uncompressed space in bytes
6317 static const zfs_ioc_key_t zfs_keys_space_snaps[] = {
6318 {"firstsnap", DATA_TYPE_STRING, 0},
6322 zfs_ioc_space_snaps(const char *lastsnap, nvlist_t *innvl, nvlist_t *outnvl)
6326 dsl_dataset_t *new, *old;
6328 uint64_t used, comp, uncomp;
6330 firstsnap = fnvlist_lookup_string(innvl, "firstsnap");
6332 error = dsl_pool_hold(lastsnap, FTAG, &dp);
6336 error = dsl_dataset_hold(dp, lastsnap, FTAG, &new);
6337 if (error == 0 && !new->ds_is_snapshot) {
6338 dsl_dataset_rele(new, FTAG);
6339 error = SET_ERROR(EINVAL);
6342 dsl_pool_rele(dp, FTAG);
6345 error = dsl_dataset_hold(dp, firstsnap, FTAG, &old);
6346 if (error == 0 && !old->ds_is_snapshot) {
6347 dsl_dataset_rele(old, FTAG);
6348 error = SET_ERROR(EINVAL);
6351 dsl_dataset_rele(new, FTAG);
6352 dsl_pool_rele(dp, FTAG);
6356 error = dsl_dataset_space_wouldfree(old, new, &used, &comp, &uncomp);
6357 dsl_dataset_rele(old, FTAG);
6358 dsl_dataset_rele(new, FTAG);
6359 dsl_pool_rele(dp, FTAG);
6360 fnvlist_add_uint64(outnvl, "used", used);
6361 fnvlist_add_uint64(outnvl, "compressed", comp);
6362 fnvlist_add_uint64(outnvl, "uncompressed", uncomp);
6368 * "fd" -> file descriptor to write stream to (int32)
6369 * (optional) "fromsnap" -> full snap name to send an incremental from
6370 * (optional) "largeblockok" -> (value ignored)
6371 * indicates that blocks > 128KB are permitted
6372 * (optional) "embedok" -> (value ignored)
6373 * presence indicates DRR_WRITE_EMBEDDED records are permitted
6374 * (optional) "compressok" -> (value ignored)
6375 * presence indicates compressed DRR_WRITE records are permitted
6376 * (optional) "rawok" -> (value ignored)
6377 * presence indicates raw encrypted records should be used.
6378 * (optional) "savedok" -> (value ignored)
6379 * presence indicates we should send a partially received snapshot
6380 * (optional) "resume_object" and "resume_offset" -> (uint64)
6381 * if present, resume send stream from specified object and offset.
6382 * (optional) "redactbook" -> (string)
6383 * if present, use this bookmark's redaction list to generate a redacted
6389 static const zfs_ioc_key_t zfs_keys_send_new[] = {
6390 {"fd", DATA_TYPE_INT32, 0},
6391 {"fromsnap", DATA_TYPE_STRING, ZK_OPTIONAL},
6392 {"largeblockok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6393 {"embedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6394 {"compressok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6395 {"rawok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6396 {"savedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6397 {"resume_object", DATA_TYPE_UINT64, ZK_OPTIONAL},
6398 {"resume_offset", DATA_TYPE_UINT64, ZK_OPTIONAL},
6399 {"redactbook", DATA_TYPE_STRING, ZK_OPTIONAL},
6404 zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
6408 char *fromname = NULL;
6411 boolean_t largeblockok;
6413 boolean_t compressok;
6416 uint64_t resumeobj = 0;
6417 uint64_t resumeoff = 0;
6418 char *redactbook = NULL;
6420 fd = fnvlist_lookup_int32(innvl, "fd");
6422 (void) nvlist_lookup_string(innvl, "fromsnap", &fromname);
6424 largeblockok = nvlist_exists(innvl, "largeblockok");
6425 embedok = nvlist_exists(innvl, "embedok");
6426 compressok = nvlist_exists(innvl, "compressok");
6427 rawok = nvlist_exists(innvl, "rawok");
6428 savedok = nvlist_exists(innvl, "savedok");
6430 (void) nvlist_lookup_uint64(innvl, "resume_object", &resumeobj);
6431 (void) nvlist_lookup_uint64(innvl, "resume_offset", &resumeoff);
6433 (void) nvlist_lookup_string(innvl, "redactbook", &redactbook);
6435 if ((error = zfs_file_get(fd, &fp)))
6438 off = zfs_file_off(fp);
6440 dmu_send_outparams_t out = {0};
6441 out.dso_outfunc = dump_bytes;
6443 out.dso_dryrun = B_FALSE;
6444 error = dmu_send(snapname, fromname, embedok, largeblockok,
6445 compressok, rawok, savedok, resumeobj, resumeoff,
6446 redactbook, fd, &off, &out);
6454 send_space_sum(objset_t *os, void *buf, int len, void *arg)
6456 uint64_t *size = arg;
6462 * Determine approximately how large a zfs send stream will be -- the number
6463 * of bytes that will be written to the fd supplied to zfs_ioc_send_new().
6466 * (optional) "from" -> full snap or bookmark name to send an incremental
6468 * (optional) "largeblockok" -> (value ignored)
6469 * indicates that blocks > 128KB are permitted
6470 * (optional) "embedok" -> (value ignored)
6471 * presence indicates DRR_WRITE_EMBEDDED records are permitted
6472 * (optional) "compressok" -> (value ignored)
6473 * presence indicates compressed DRR_WRITE records are permitted
6474 * (optional) "rawok" -> (value ignored)
6475 * presence indicates raw encrypted records should be used.
6476 * (optional) "resume_object" and "resume_offset" -> (uint64)
6477 * if present, resume send stream from specified object and offset.
6478 * (optional) "fd" -> file descriptor to use as a cookie for progress
6483 * "space" -> bytes of space (uint64)
6486 static const zfs_ioc_key_t zfs_keys_send_space[] = {
6487 {"from", DATA_TYPE_STRING, ZK_OPTIONAL},
6488 {"fromsnap", DATA_TYPE_STRING, ZK_OPTIONAL},
6489 {"largeblockok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6490 {"embedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6491 {"compressok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6492 {"rawok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6493 {"fd", DATA_TYPE_INT32, ZK_OPTIONAL},
6494 {"redactbook", DATA_TYPE_STRING, ZK_OPTIONAL},
6495 {"resume_object", DATA_TYPE_UINT64, ZK_OPTIONAL},
6496 {"resume_offset", DATA_TYPE_UINT64, ZK_OPTIONAL},
6497 {"bytes", DATA_TYPE_UINT64, ZK_OPTIONAL},
6501 zfs_ioc_send_space(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
6504 dsl_dataset_t *tosnap;
6505 dsl_dataset_t *fromsnap = NULL;
6507 char *fromname = NULL;
6508 char *redactlist_book = NULL;
6509 boolean_t largeblockok;
6511 boolean_t compressok;
6515 boolean_t full_estimate = B_FALSE;
6516 uint64_t resumeobj = 0;
6517 uint64_t resumeoff = 0;
6518 uint64_t resume_bytes = 0;
6520 zfs_bookmark_phys_t zbm = {0};
6522 error = dsl_pool_hold(snapname, FTAG, &dp);
6526 error = dsl_dataset_hold(dp, snapname, FTAG, &tosnap);
6528 dsl_pool_rele(dp, FTAG);
6531 (void) nvlist_lookup_int32(innvl, "fd", &fd);
6533 largeblockok = nvlist_exists(innvl, "largeblockok");
6534 embedok = nvlist_exists(innvl, "embedok");
6535 compressok = nvlist_exists(innvl, "compressok");
6536 rawok = nvlist_exists(innvl, "rawok");
6537 savedok = nvlist_exists(innvl, "savedok");
6538 boolean_t from = (nvlist_lookup_string(innvl, "from", &fromname) == 0);
6539 boolean_t altbook = (nvlist_lookup_string(innvl, "redactbook",
6540 &redactlist_book) == 0);
6542 (void) nvlist_lookup_uint64(innvl, "resume_object", &resumeobj);
6543 (void) nvlist_lookup_uint64(innvl, "resume_offset", &resumeoff);
6544 (void) nvlist_lookup_uint64(innvl, "bytes", &resume_bytes);
6547 full_estimate = B_TRUE;
6549 if (strchr(fromname, '#')) {
6550 error = dsl_bookmark_lookup(dp, fromname, tosnap, &zbm);
6553 * dsl_bookmark_lookup() will fail with EXDEV if
6554 * the from-bookmark and tosnap are at the same txg.
6555 * However, it's valid to do a send (and therefore,
6556 * a send estimate) from and to the same time point,
6557 * if the bookmark is redacted (the incremental send
6558 * can change what's redacted on the target). In
6559 * this case, dsl_bookmark_lookup() fills in zbm
6560 * but returns EXDEV. Ignore this error.
6562 if (error == EXDEV && zbm.zbm_redaction_obj != 0 &&
6564 dsl_dataset_phys(tosnap)->ds_guid)
6568 dsl_dataset_rele(tosnap, FTAG);
6569 dsl_pool_rele(dp, FTAG);
6572 if (zbm.zbm_redaction_obj != 0 || !(zbm.zbm_flags &
6573 ZBM_FLAG_HAS_FBN)) {
6574 full_estimate = B_TRUE;
6576 } else if (strchr(fromname, '@')) {
6577 error = dsl_dataset_hold(dp, fromname, FTAG, &fromsnap);
6579 dsl_dataset_rele(tosnap, FTAG);
6580 dsl_pool_rele(dp, FTAG);
6584 if (!dsl_dataset_is_before(tosnap, fromsnap, 0)) {
6585 full_estimate = B_TRUE;
6586 dsl_dataset_rele(fromsnap, FTAG);
6590 * from is not properly formatted as a snapshot or
6593 dsl_dataset_rele(tosnap, FTAG);
6594 dsl_pool_rele(dp, FTAG);
6595 return (SET_ERROR(EINVAL));
6599 if (full_estimate) {
6600 dmu_send_outparams_t out = {0};
6602 out.dso_outfunc = send_space_sum;
6603 out.dso_arg = &space;
6604 out.dso_dryrun = B_TRUE;
6606 * We have to release these holds so dmu_send can take them. It
6607 * will do all the error checking we need.
6609 dsl_dataset_rele(tosnap, FTAG);
6610 dsl_pool_rele(dp, FTAG);
6611 error = dmu_send(snapname, fromname, embedok, largeblockok,
6612 compressok, rawok, savedok, resumeobj, resumeoff,
6613 redactlist_book, fd, &off, &out);
6615 error = dmu_send_estimate_fast(tosnap, fromsnap,
6616 (from && strchr(fromname, '#') != NULL ? &zbm : NULL),
6617 compressok || rawok, savedok, &space);
6618 space -= resume_bytes;
6619 if (fromsnap != NULL)
6620 dsl_dataset_rele(fromsnap, FTAG);
6621 dsl_dataset_rele(tosnap, FTAG);
6622 dsl_pool_rele(dp, FTAG);
6625 fnvlist_add_uint64(outnvl, "space", space);
6631 * Sync the currently open TXG to disk for the specified pool.
6632 * This is somewhat similar to 'zfs_sync()'.
6633 * For cases that do not result in error this ioctl will wait for
6634 * the currently open TXG to commit before returning back to the caller.
6637 * "force" -> when true, force uberblock update even if there is no dirty data.
6638 * In addition this will cause the vdev configuration to be written
6639 * out including updating the zpool cache file. (boolean_t)
6644 static const zfs_ioc_key_t zfs_keys_pool_sync[] = {
6645 {"force", DATA_TYPE_BOOLEAN_VALUE, 0},
6650 zfs_ioc_pool_sync(const char *pool, nvlist_t *innvl, nvlist_t *onvl)
6653 boolean_t rc, force = B_FALSE;
6656 if ((err = spa_open(pool, &spa, FTAG)) != 0)
6660 err = nvlist_lookup_boolean_value(innvl, "force", &rc);
6666 spa_config_enter(spa, SCL_CONFIG, FTAG, RW_WRITER);
6667 vdev_config_dirty(spa->spa_root_vdev);
6668 spa_config_exit(spa, SCL_CONFIG, FTAG);
6670 txg_wait_synced(spa_get_dsl(spa), 0);
6672 spa_close(spa, FTAG);
6678 * Load a user's wrapping key into the kernel.
6680 * "hidden_args" -> { "wkeydata" -> value }
6681 * raw uint8_t array of encryption wrapping key data (32 bytes)
6682 * (optional) "noop" -> (value ignored)
6683 * presence indicated key should only be verified, not loaded
6686 static const zfs_ioc_key_t zfs_keys_load_key[] = {
6687 {"hidden_args", DATA_TYPE_NVLIST, 0},
6688 {"noop", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6693 zfs_ioc_load_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl)
6696 dsl_crypto_params_t *dcp = NULL;
6697 nvlist_t *hidden_args;
6698 boolean_t noop = nvlist_exists(innvl, "noop");
6700 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) {
6701 ret = SET_ERROR(EINVAL);
6705 hidden_args = fnvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS);
6707 ret = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, NULL,
6712 ret = spa_keystore_load_wkey(dsname, dcp, noop);
6716 dsl_crypto_params_free(dcp, noop);
6721 dsl_crypto_params_free(dcp, B_TRUE);
6726 * Unload a user's wrapping key from the kernel.
6727 * Both innvl and outnvl are unused.
6729 static const zfs_ioc_key_t zfs_keys_unload_key[] = {
6735 zfs_ioc_unload_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl)
6739 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) {
6740 ret = (SET_ERROR(EINVAL));
6744 ret = spa_keystore_unload_wkey(dsname);
6753 * Changes a user's wrapping key used to decrypt a dataset. The keyformat,
6754 * keylocation, pbkdf2salt, and pbkdf2iters properties can also be specified
6755 * here to change how the key is derived in userspace.
6758 * "hidden_args" (optional) -> { "wkeydata" -> value }
6759 * raw uint8_t array of new encryption wrapping key data (32 bytes)
6760 * "props" (optional) -> { prop -> value }
6765 static const zfs_ioc_key_t zfs_keys_change_key[] = {
6766 {"crypt_cmd", DATA_TYPE_UINT64, ZK_OPTIONAL},
6767 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
6768 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
6773 zfs_ioc_change_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl)
6776 uint64_t cmd = DCP_CMD_NONE;
6777 dsl_crypto_params_t *dcp = NULL;
6778 nvlist_t *args = NULL, *hidden_args = NULL;
6780 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) {
6781 ret = (SET_ERROR(EINVAL));
6785 (void) nvlist_lookup_uint64(innvl, "crypt_cmd", &cmd);
6786 (void) nvlist_lookup_nvlist(innvl, "props", &args);
6787 (void) nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args);
6789 ret = dsl_crypto_params_create_nvlist(cmd, args, hidden_args, &dcp);
6793 ret = spa_keystore_change_key(dsname, dcp);
6797 dsl_crypto_params_free(dcp, B_FALSE);
6802 dsl_crypto_params_free(dcp, B_TRUE);
6806 static zfs_ioc_vec_t zfs_ioc_vec[ZFS_IOC_LAST - ZFS_IOC_FIRST];
6809 zfs_ioctl_register_legacy(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
6810 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
6811 boolean_t log_history, zfs_ioc_poolcheck_t pool_check)
6813 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
6815 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
6816 ASSERT3U(ioc, <, ZFS_IOC_LAST);
6817 ASSERT3P(vec->zvec_legacy_func, ==, NULL);
6818 ASSERT3P(vec->zvec_func, ==, NULL);
6820 vec->zvec_legacy_func = func;
6821 vec->zvec_secpolicy = secpolicy;
6822 vec->zvec_namecheck = namecheck;
6823 vec->zvec_allow_log = log_history;
6824 vec->zvec_pool_check = pool_check;
6828 * See the block comment at the beginning of this file for details on
6829 * each argument to this function.
6832 zfs_ioctl_register(const char *name, zfs_ioc_t ioc, zfs_ioc_func_t *func,
6833 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
6834 zfs_ioc_poolcheck_t pool_check, boolean_t smush_outnvlist,
6835 boolean_t allow_log, const zfs_ioc_key_t *nvl_keys, size_t num_keys)
6837 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
6839 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
6840 ASSERT3U(ioc, <, ZFS_IOC_LAST);
6841 ASSERT3P(vec->zvec_legacy_func, ==, NULL);
6842 ASSERT3P(vec->zvec_func, ==, NULL);
6844 /* if we are logging, the name must be valid */
6845 ASSERT(!allow_log || namecheck != NO_NAME);
6847 vec->zvec_name = name;
6848 vec->zvec_func = func;
6849 vec->zvec_secpolicy = secpolicy;
6850 vec->zvec_namecheck = namecheck;
6851 vec->zvec_pool_check = pool_check;
6852 vec->zvec_smush_outnvlist = smush_outnvlist;
6853 vec->zvec_allow_log = allow_log;
6854 vec->zvec_nvl_keys = nvl_keys;
6855 vec->zvec_nvl_key_count = num_keys;
6859 zfs_ioctl_register_pool(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
6860 zfs_secpolicy_func_t *secpolicy, boolean_t log_history,
6861 zfs_ioc_poolcheck_t pool_check)
6863 zfs_ioctl_register_legacy(ioc, func, secpolicy,
6864 POOL_NAME, log_history, pool_check);
6868 zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
6869 zfs_secpolicy_func_t *secpolicy, zfs_ioc_poolcheck_t pool_check)
6871 zfs_ioctl_register_legacy(ioc, func, secpolicy,
6872 DATASET_NAME, B_FALSE, pool_check);
6876 zfs_ioctl_register_pool_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
6878 zfs_ioctl_register_legacy(ioc, func, zfs_secpolicy_config,
6879 POOL_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
6883 zfs_ioctl_register_pool_meta(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
6884 zfs_secpolicy_func_t *secpolicy)
6886 zfs_ioctl_register_legacy(ioc, func, secpolicy,
6887 NO_NAME, B_FALSE, POOL_CHECK_NONE);
6891 zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc,
6892 zfs_ioc_legacy_func_t *func, zfs_secpolicy_func_t *secpolicy)
6894 zfs_ioctl_register_legacy(ioc, func, secpolicy,
6895 DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED);
6899 zfs_ioctl_register_dataset_read(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
6901 zfs_ioctl_register_dataset_read_secpolicy(ioc, func,
6902 zfs_secpolicy_read);
6906 zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
6907 zfs_secpolicy_func_t *secpolicy)
6909 zfs_ioctl_register_legacy(ioc, func, secpolicy,
6910 DATASET_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
6914 zfs_ioctl_init(void)
6916 zfs_ioctl_register("snapshot", ZFS_IOC_SNAPSHOT,
6917 zfs_ioc_snapshot, zfs_secpolicy_snapshot, POOL_NAME,
6918 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
6919 zfs_keys_snapshot, ARRAY_SIZE(zfs_keys_snapshot));
6921 zfs_ioctl_register("log_history", ZFS_IOC_LOG_HISTORY,
6922 zfs_ioc_log_history, zfs_secpolicy_log_history, NO_NAME,
6923 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
6924 zfs_keys_log_history, ARRAY_SIZE(zfs_keys_log_history));
6926 zfs_ioctl_register("space_snaps", ZFS_IOC_SPACE_SNAPS,
6927 zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME,
6928 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
6929 zfs_keys_space_snaps, ARRAY_SIZE(zfs_keys_space_snaps));
6931 zfs_ioctl_register("send", ZFS_IOC_SEND_NEW,
6932 zfs_ioc_send_new, zfs_secpolicy_send_new, DATASET_NAME,
6933 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
6934 zfs_keys_send_new, ARRAY_SIZE(zfs_keys_send_new));
6936 zfs_ioctl_register("send_space", ZFS_IOC_SEND_SPACE,
6937 zfs_ioc_send_space, zfs_secpolicy_read, DATASET_NAME,
6938 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
6939 zfs_keys_send_space, ARRAY_SIZE(zfs_keys_send_space));
6941 zfs_ioctl_register("create", ZFS_IOC_CREATE,
6942 zfs_ioc_create, zfs_secpolicy_create_clone, DATASET_NAME,
6943 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
6944 zfs_keys_create, ARRAY_SIZE(zfs_keys_create));
6946 zfs_ioctl_register("clone", ZFS_IOC_CLONE,
6947 zfs_ioc_clone, zfs_secpolicy_create_clone, DATASET_NAME,
6948 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
6949 zfs_keys_clone, ARRAY_SIZE(zfs_keys_clone));
6951 zfs_ioctl_register("remap", ZFS_IOC_REMAP,
6952 zfs_ioc_remap, zfs_secpolicy_none, DATASET_NAME,
6953 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE,
6954 zfs_keys_remap, ARRAY_SIZE(zfs_keys_remap));
6956 zfs_ioctl_register("destroy_snaps", ZFS_IOC_DESTROY_SNAPS,
6957 zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, POOL_NAME,
6958 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
6959 zfs_keys_destroy_snaps, ARRAY_SIZE(zfs_keys_destroy_snaps));
6961 zfs_ioctl_register("hold", ZFS_IOC_HOLD,
6962 zfs_ioc_hold, zfs_secpolicy_hold, POOL_NAME,
6963 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
6964 zfs_keys_hold, ARRAY_SIZE(zfs_keys_hold));
6965 zfs_ioctl_register("release", ZFS_IOC_RELEASE,
6966 zfs_ioc_release, zfs_secpolicy_release, POOL_NAME,
6967 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
6968 zfs_keys_release, ARRAY_SIZE(zfs_keys_release));
6970 zfs_ioctl_register("get_holds", ZFS_IOC_GET_HOLDS,
6971 zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME,
6972 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
6973 zfs_keys_get_holds, ARRAY_SIZE(zfs_keys_get_holds));
6975 zfs_ioctl_register("rollback", ZFS_IOC_ROLLBACK,
6976 zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME,
6977 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE,
6978 zfs_keys_rollback, ARRAY_SIZE(zfs_keys_rollback));
6980 zfs_ioctl_register("bookmark", ZFS_IOC_BOOKMARK,
6981 zfs_ioc_bookmark, zfs_secpolicy_bookmark, POOL_NAME,
6982 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
6983 zfs_keys_bookmark, ARRAY_SIZE(zfs_keys_bookmark));
6985 zfs_ioctl_register("get_bookmarks", ZFS_IOC_GET_BOOKMARKS,
6986 zfs_ioc_get_bookmarks, zfs_secpolicy_read, DATASET_NAME,
6987 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
6988 zfs_keys_get_bookmarks, ARRAY_SIZE(zfs_keys_get_bookmarks));
6990 zfs_ioctl_register("get_bookmark_props", ZFS_IOC_GET_BOOKMARK_PROPS,
6991 zfs_ioc_get_bookmark_props, zfs_secpolicy_read, ENTITY_NAME,
6992 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE, zfs_keys_get_bookmark_props,
6993 ARRAY_SIZE(zfs_keys_get_bookmark_props));
6995 zfs_ioctl_register("destroy_bookmarks", ZFS_IOC_DESTROY_BOOKMARKS,
6996 zfs_ioc_destroy_bookmarks, zfs_secpolicy_destroy_bookmarks,
6998 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
6999 zfs_keys_destroy_bookmarks,
7000 ARRAY_SIZE(zfs_keys_destroy_bookmarks));
7002 zfs_ioctl_register("receive", ZFS_IOC_RECV_NEW,
7003 zfs_ioc_recv_new, zfs_secpolicy_recv_new, DATASET_NAME,
7004 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7005 zfs_keys_recv_new, ARRAY_SIZE(zfs_keys_recv_new));
7006 zfs_ioctl_register("load-key", ZFS_IOC_LOAD_KEY,
7007 zfs_ioc_load_key, zfs_secpolicy_load_key,
7008 DATASET_NAME, POOL_CHECK_SUSPENDED, B_TRUE, B_TRUE,
7009 zfs_keys_load_key, ARRAY_SIZE(zfs_keys_load_key));
7010 zfs_ioctl_register("unload-key", ZFS_IOC_UNLOAD_KEY,
7011 zfs_ioc_unload_key, zfs_secpolicy_load_key,
7012 DATASET_NAME, POOL_CHECK_SUSPENDED, B_TRUE, B_TRUE,
7013 zfs_keys_unload_key, ARRAY_SIZE(zfs_keys_unload_key));
7014 zfs_ioctl_register("change-key", ZFS_IOC_CHANGE_KEY,
7015 zfs_ioc_change_key, zfs_secpolicy_change_key,
7016 DATASET_NAME, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY,
7017 B_TRUE, B_TRUE, zfs_keys_change_key,
7018 ARRAY_SIZE(zfs_keys_change_key));
7020 zfs_ioctl_register("sync", ZFS_IOC_POOL_SYNC,
7021 zfs_ioc_pool_sync, zfs_secpolicy_none, POOL_NAME,
7022 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
7023 zfs_keys_pool_sync, ARRAY_SIZE(zfs_keys_pool_sync));
7024 zfs_ioctl_register("reopen", ZFS_IOC_POOL_REOPEN, zfs_ioc_pool_reopen,
7025 zfs_secpolicy_config, POOL_NAME, POOL_CHECK_SUSPENDED, B_TRUE,
7026 B_TRUE, zfs_keys_pool_reopen, ARRAY_SIZE(zfs_keys_pool_reopen));
7028 zfs_ioctl_register("channel_program", ZFS_IOC_CHANNEL_PROGRAM,
7029 zfs_ioc_channel_program, zfs_secpolicy_config,
7030 POOL_NAME, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE,
7031 B_TRUE, zfs_keys_channel_program,
7032 ARRAY_SIZE(zfs_keys_channel_program));
7034 zfs_ioctl_register("redact", ZFS_IOC_REDACT,
7035 zfs_ioc_redact, zfs_secpolicy_config, DATASET_NAME,
7036 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7037 zfs_keys_redact, ARRAY_SIZE(zfs_keys_redact));
7039 zfs_ioctl_register("zpool_checkpoint", ZFS_IOC_POOL_CHECKPOINT,
7040 zfs_ioc_pool_checkpoint, zfs_secpolicy_config, POOL_NAME,
7041 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7042 zfs_keys_pool_checkpoint, ARRAY_SIZE(zfs_keys_pool_checkpoint));
7044 zfs_ioctl_register("zpool_discard_checkpoint",
7045 ZFS_IOC_POOL_DISCARD_CHECKPOINT, zfs_ioc_pool_discard_checkpoint,
7046 zfs_secpolicy_config, POOL_NAME,
7047 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7048 zfs_keys_pool_discard_checkpoint,
7049 ARRAY_SIZE(zfs_keys_pool_discard_checkpoint));
7051 zfs_ioctl_register("initialize", ZFS_IOC_POOL_INITIALIZE,
7052 zfs_ioc_pool_initialize, zfs_secpolicy_config, POOL_NAME,
7053 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7054 zfs_keys_pool_initialize, ARRAY_SIZE(zfs_keys_pool_initialize));
7056 zfs_ioctl_register("trim", ZFS_IOC_POOL_TRIM,
7057 zfs_ioc_pool_trim, zfs_secpolicy_config, POOL_NAME,
7058 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7059 zfs_keys_pool_trim, ARRAY_SIZE(zfs_keys_pool_trim));
7061 zfs_ioctl_register("wait", ZFS_IOC_WAIT,
7062 zfs_ioc_wait, zfs_secpolicy_none, POOL_NAME,
7063 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
7064 zfs_keys_pool_wait, ARRAY_SIZE(zfs_keys_pool_wait));
7066 zfs_ioctl_register("wait_fs", ZFS_IOC_WAIT_FS,
7067 zfs_ioc_wait_fs, zfs_secpolicy_none, DATASET_NAME,
7068 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
7069 zfs_keys_fs_wait, ARRAY_SIZE(zfs_keys_fs_wait));
7071 zfs_ioctl_register("set_bootenv", ZFS_IOC_SET_BOOTENV,
7072 zfs_ioc_set_bootenv, zfs_secpolicy_config, POOL_NAME,
7073 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE,
7074 zfs_keys_set_bootenv, ARRAY_SIZE(zfs_keys_set_bootenv));
7076 zfs_ioctl_register("get_bootenv", ZFS_IOC_GET_BOOTENV,
7077 zfs_ioc_get_bootenv, zfs_secpolicy_none, POOL_NAME,
7078 POOL_CHECK_SUSPENDED, B_FALSE, B_TRUE,
7079 zfs_keys_get_bootenv, ARRAY_SIZE(zfs_keys_get_bootenv));
7081 /* IOCTLS that use the legacy function signature */
7083 zfs_ioctl_register_legacy(ZFS_IOC_POOL_FREEZE, zfs_ioc_pool_freeze,
7084 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_READONLY);
7086 zfs_ioctl_register_pool(ZFS_IOC_POOL_CREATE, zfs_ioc_pool_create,
7087 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
7088 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SCAN,
7090 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_UPGRADE,
7091 zfs_ioc_pool_upgrade);
7092 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ADD,
7094 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_REMOVE,
7095 zfs_ioc_vdev_remove);
7096 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SET_STATE,
7097 zfs_ioc_vdev_set_state);
7098 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ATTACH,
7099 zfs_ioc_vdev_attach);
7100 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_DETACH,
7101 zfs_ioc_vdev_detach);
7102 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETPATH,
7103 zfs_ioc_vdev_setpath);
7104 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETFRU,
7105 zfs_ioc_vdev_setfru);
7106 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SET_PROPS,
7107 zfs_ioc_pool_set_props);
7108 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SPLIT,
7109 zfs_ioc_vdev_split);
7110 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_REGUID,
7111 zfs_ioc_pool_reguid);
7113 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_CONFIGS,
7114 zfs_ioc_pool_configs, zfs_secpolicy_none);
7115 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_TRYIMPORT,
7116 zfs_ioc_pool_tryimport, zfs_secpolicy_config);
7117 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_FAULT,
7118 zfs_ioc_inject_fault, zfs_secpolicy_inject);
7119 zfs_ioctl_register_pool_meta(ZFS_IOC_CLEAR_FAULT,
7120 zfs_ioc_clear_fault, zfs_secpolicy_inject);
7121 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_LIST_NEXT,
7122 zfs_ioc_inject_list_next, zfs_secpolicy_inject);
7125 * pool destroy, and export don't log the history as part of
7126 * zfsdev_ioctl, but rather zfs_ioc_pool_export
7127 * does the logging of those commands.
7129 zfs_ioctl_register_pool(ZFS_IOC_POOL_DESTROY, zfs_ioc_pool_destroy,
7130 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
7131 zfs_ioctl_register_pool(ZFS_IOC_POOL_EXPORT, zfs_ioc_pool_export,
7132 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
7134 zfs_ioctl_register_pool(ZFS_IOC_POOL_STATS, zfs_ioc_pool_stats,
7135 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
7136 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_PROPS, zfs_ioc_pool_get_props,
7137 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
7139 zfs_ioctl_register_pool(ZFS_IOC_ERROR_LOG, zfs_ioc_error_log,
7140 zfs_secpolicy_inject, B_FALSE, POOL_CHECK_SUSPENDED);
7141 zfs_ioctl_register_pool(ZFS_IOC_DSOBJ_TO_DSNAME,
7142 zfs_ioc_dsobj_to_dsname,
7143 zfs_secpolicy_diff, B_FALSE, POOL_CHECK_SUSPENDED);
7144 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_HISTORY,
7145 zfs_ioc_pool_get_history,
7146 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
7148 zfs_ioctl_register_pool(ZFS_IOC_POOL_IMPORT, zfs_ioc_pool_import,
7149 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
7151 zfs_ioctl_register_pool(ZFS_IOC_CLEAR, zfs_ioc_clear,
7152 zfs_secpolicy_config, B_TRUE, POOL_CHECK_READONLY);
7154 zfs_ioctl_register_dataset_read(ZFS_IOC_SPACE_WRITTEN,
7155 zfs_ioc_space_written);
7156 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_RECVD_PROPS,
7157 zfs_ioc_objset_recvd_props);
7158 zfs_ioctl_register_dataset_read(ZFS_IOC_NEXT_OBJ,
7160 zfs_ioctl_register_dataset_read(ZFS_IOC_GET_FSACL,
7162 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_STATS,
7163 zfs_ioc_objset_stats);
7164 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_ZPLPROPS,
7165 zfs_ioc_objset_zplprops);
7166 zfs_ioctl_register_dataset_read(ZFS_IOC_DATASET_LIST_NEXT,
7167 zfs_ioc_dataset_list_next);
7168 zfs_ioctl_register_dataset_read(ZFS_IOC_SNAPSHOT_LIST_NEXT,
7169 zfs_ioc_snapshot_list_next);
7170 zfs_ioctl_register_dataset_read(ZFS_IOC_SEND_PROGRESS,
7171 zfs_ioc_send_progress);
7173 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_DIFF,
7174 zfs_ioc_diff, zfs_secpolicy_diff);
7175 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_STATS,
7176 zfs_ioc_obj_to_stats, zfs_secpolicy_diff);
7177 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_PATH,
7178 zfs_ioc_obj_to_path, zfs_secpolicy_diff);
7179 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_ONE,
7180 zfs_ioc_userspace_one, zfs_secpolicy_userspace_one);
7181 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_MANY,
7182 zfs_ioc_userspace_many, zfs_secpolicy_userspace_many);
7183 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_SEND,
7184 zfs_ioc_send, zfs_secpolicy_send);
7186 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_PROP, zfs_ioc_set_prop,
7187 zfs_secpolicy_none);
7188 zfs_ioctl_register_dataset_modify(ZFS_IOC_DESTROY, zfs_ioc_destroy,
7189 zfs_secpolicy_destroy);
7190 zfs_ioctl_register_dataset_modify(ZFS_IOC_RENAME, zfs_ioc_rename,
7191 zfs_secpolicy_rename);
7192 zfs_ioctl_register_dataset_modify(ZFS_IOC_RECV, zfs_ioc_recv,
7193 zfs_secpolicy_recv);
7194 zfs_ioctl_register_dataset_modify(ZFS_IOC_PROMOTE, zfs_ioc_promote,
7195 zfs_secpolicy_promote);
7196 zfs_ioctl_register_dataset_modify(ZFS_IOC_INHERIT_PROP,
7197 zfs_ioc_inherit_prop, zfs_secpolicy_inherit_prop);
7198 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_FSACL, zfs_ioc_set_fsacl,
7199 zfs_secpolicy_set_fsacl);
7201 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SHARE, zfs_ioc_share,
7202 zfs_secpolicy_share, POOL_CHECK_NONE);
7203 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SMB_ACL, zfs_ioc_smb_acl,
7204 zfs_secpolicy_smb_acl, POOL_CHECK_NONE);
7205 zfs_ioctl_register_dataset_nolog(ZFS_IOC_USERSPACE_UPGRADE,
7206 zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade,
7207 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
7208 zfs_ioctl_register_dataset_nolog(ZFS_IOC_TMP_SNAPSHOT,
7209 zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot,
7210 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
7212 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_NEXT, zfs_ioc_events_next,
7213 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
7214 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_CLEAR, zfs_ioc_events_clear,
7215 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
7216 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_SEEK, zfs_ioc_events_seek,
7217 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
7219 zfs_ioctl_init_os();
7223 * Verify that for non-legacy ioctls the input nvlist
7224 * pairs match against the expected input.
7226 * Possible errors are:
7227 * ZFS_ERR_IOC_ARG_UNAVAIL An unrecognized nvpair was encountered
7228 * ZFS_ERR_IOC_ARG_REQUIRED A required nvpair is missing
7229 * ZFS_ERR_IOC_ARG_BADTYPE Invalid type for nvpair
7232 zfs_check_input_nvpairs(nvlist_t *innvl, const zfs_ioc_vec_t *vec)
7234 const zfs_ioc_key_t *nvl_keys = vec->zvec_nvl_keys;
7235 boolean_t required_keys_found = B_FALSE;
7238 * examine each input pair
7240 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL);
7241 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
7242 char *name = nvpair_name(pair);
7243 data_type_t type = nvpair_type(pair);
7244 boolean_t identified = B_FALSE;
7247 * check pair against the documented names and type
7249 for (int k = 0; k < vec->zvec_nvl_key_count; k++) {
7250 /* if not a wild card name, check for an exact match */
7251 if ((nvl_keys[k].zkey_flags & ZK_WILDCARDLIST) == 0 &&
7252 strcmp(nvl_keys[k].zkey_name, name) != 0)
7255 identified = B_TRUE;
7257 if (nvl_keys[k].zkey_type != DATA_TYPE_ANY &&
7258 nvl_keys[k].zkey_type != type) {
7259 return (SET_ERROR(ZFS_ERR_IOC_ARG_BADTYPE));
7262 if (nvl_keys[k].zkey_flags & ZK_OPTIONAL)
7265 required_keys_found = B_TRUE;
7269 /* allow an 'optional' key, everything else is invalid */
7271 (strcmp(name, "optional") != 0 ||
7272 type != DATA_TYPE_NVLIST)) {
7273 return (SET_ERROR(ZFS_ERR_IOC_ARG_UNAVAIL));
7277 /* verify that all required keys were found */
7278 for (int k = 0; k < vec->zvec_nvl_key_count; k++) {
7279 if (nvl_keys[k].zkey_flags & ZK_OPTIONAL)
7282 if (nvl_keys[k].zkey_flags & ZK_WILDCARDLIST) {
7283 /* at least one non-optional key is expected here */
7284 if (!required_keys_found)
7285 return (SET_ERROR(ZFS_ERR_IOC_ARG_REQUIRED));
7289 if (!nvlist_exists(innvl, nvl_keys[k].zkey_name))
7290 return (SET_ERROR(ZFS_ERR_IOC_ARG_REQUIRED));
7297 pool_status_check(const char *name, zfs_ioc_namecheck_t type,
7298 zfs_ioc_poolcheck_t check)
7303 ASSERT(type == POOL_NAME || type == DATASET_NAME ||
7304 type == ENTITY_NAME);
7306 if (check & POOL_CHECK_NONE)
7309 error = spa_open(name, &spa, FTAG);
7311 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa))
7312 error = SET_ERROR(EAGAIN);
7313 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa))
7314 error = SET_ERROR(EROFS);
7315 spa_close(spa, FTAG);
7321 zfsdev_getminor(int fd, minor_t *minorp)
7323 zfsdev_state_t *zs, *fpd;
7327 ASSERT(!MUTEX_HELD(&zfsdev_state_lock));
7329 if ((rc = zfs_file_get(fd, &fp)))
7332 fpd = zfs_file_private(fp);
7334 return (SET_ERROR(EBADF));
7336 mutex_enter(&zfsdev_state_lock);
7338 for (zs = zfsdev_state_list; zs != NULL; zs = zs->zs_next) {
7340 if (zs->zs_minor == -1)
7344 *minorp = fpd->zs_minor;
7345 mutex_exit(&zfsdev_state_lock);
7350 mutex_exit(&zfsdev_state_lock);
7352 return (SET_ERROR(EBADF));
7356 zfsdev_get_state_impl(minor_t minor, enum zfsdev_state_type which)
7360 for (zs = zfsdev_state_list; zs != NULL; zs = zs->zs_next) {
7361 if (zs->zs_minor == minor) {
7365 return (zs->zs_onexit);
7367 return (zs->zs_zevent);
7378 zfsdev_get_state(minor_t minor, enum zfsdev_state_type which)
7382 ptr = zfsdev_get_state_impl(minor, which);
7388 * Find a free minor number. The zfsdev_state_list is expected to
7389 * be short since it is only a list of currently open file handles.
7392 zfsdev_minor_alloc(void)
7394 static minor_t last_minor = 0;
7397 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
7399 for (m = last_minor + 1; m != last_minor; m++) {
7400 if (m > ZFSDEV_MAX_MINOR)
7402 if (zfsdev_get_state_impl(m, ZST_ALL) == NULL) {
7412 zfsdev_ioctl_common(uint_t vecnum, zfs_cmd_t *zc, int flag)
7415 const zfs_ioc_vec_t *vec;
7416 char *saved_poolname = NULL;
7417 uint64_t max_nvlist_src_size;
7418 size_t saved_poolname_len = 0;
7419 nvlist_t *innvl = NULL;
7420 fstrans_cookie_t cookie;
7421 hrtime_t start_time = gethrtime();
7425 if (vecnum >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0]))
7426 return (SET_ERROR(ZFS_ERR_IOC_CMD_UNAVAIL));
7428 vec = &zfs_ioc_vec[vecnum];
7431 * The registered ioctl list may be sparse, verify that either
7432 * a normal or legacy handler are registered.
7434 if (vec->zvec_func == NULL && vec->zvec_legacy_func == NULL)
7435 return (SET_ERROR(ZFS_ERR_IOC_CMD_UNAVAIL));
7437 zc->zc_iflags = flag & FKIOCTL;
7438 max_nvlist_src_size = zfs_max_nvlist_src_size_os();
7439 if (zc->zc_nvlist_src_size > max_nvlist_src_size) {
7441 * Make sure the user doesn't pass in an insane value for
7442 * zc_nvlist_src_size. We have to check, since we will end
7443 * up allocating that much memory inside of get_nvlist(). This
7444 * prevents a nefarious user from allocating tons of kernel
7447 * Also, we return EINVAL instead of ENOMEM here. The reason
7448 * being that returning ENOMEM from an ioctl() has a special
7449 * connotation; that the user's size value is too small and
7450 * needs to be expanded to hold the nvlist. See
7451 * zcmd_expand_dst_nvlist() for details.
7453 error = SET_ERROR(EINVAL); /* User's size too big */
7455 } else if (zc->zc_nvlist_src_size != 0) {
7456 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
7457 zc->zc_iflags, &innvl);
7463 * Ensure that all pool/dataset names are valid before we pass down to
7466 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
7467 switch (vec->zvec_namecheck) {
7469 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0)
7470 error = SET_ERROR(EINVAL);
7472 error = pool_status_check(zc->zc_name,
7473 vec->zvec_namecheck, vec->zvec_pool_check);
7477 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0)
7478 error = SET_ERROR(EINVAL);
7480 error = pool_status_check(zc->zc_name,
7481 vec->zvec_namecheck, vec->zvec_pool_check);
7485 if (entity_namecheck(zc->zc_name, NULL, NULL) != 0) {
7486 error = SET_ERROR(EINVAL);
7488 error = pool_status_check(zc->zc_name,
7489 vec->zvec_namecheck, vec->zvec_pool_check);
7497 * Ensure that all input pairs are valid before we pass them down
7498 * to the lower layers.
7500 * The vectored functions can use fnvlist_lookup_{type} for any
7501 * required pairs since zfs_check_input_nvpairs() confirmed that
7502 * they exist and are of the correct type.
7504 if (error == 0 && vec->zvec_func != NULL) {
7505 error = zfs_check_input_nvpairs(innvl, vec);
7511 cookie = spl_fstrans_mark();
7512 error = vec->zvec_secpolicy(zc, innvl, CRED());
7513 spl_fstrans_unmark(cookie);
7519 /* legacy ioctls can modify zc_name */
7521 * Can't use kmem_strdup() as we might truncate the string and
7522 * kmem_strfree() would then free with incorrect size.
7524 saved_poolname_len = strlen(zc->zc_name) + 1;
7525 saved_poolname = kmem_alloc(saved_poolname_len, KM_SLEEP);
7527 strlcpy(saved_poolname, zc->zc_name, saved_poolname_len);
7528 saved_poolname[strcspn(saved_poolname, "/@#")] = '\0';
7530 if (vec->zvec_func != NULL) {
7534 nvlist_t *lognv = NULL;
7536 ASSERT(vec->zvec_legacy_func == NULL);
7539 * Add the innvl to the lognv before calling the func,
7540 * in case the func changes the innvl.
7542 if (vec->zvec_allow_log) {
7543 lognv = fnvlist_alloc();
7544 fnvlist_add_string(lognv, ZPOOL_HIST_IOCTL,
7546 if (!nvlist_empty(innvl)) {
7547 fnvlist_add_nvlist(lognv, ZPOOL_HIST_INPUT_NVL,
7552 outnvl = fnvlist_alloc();
7553 cookie = spl_fstrans_mark();
7554 error = vec->zvec_func(zc->zc_name, innvl, outnvl);
7555 spl_fstrans_unmark(cookie);
7558 * Some commands can partially execute, modify state, and still
7559 * return an error. In these cases, attempt to record what
7563 (cmd == ZFS_IOC_CHANNEL_PROGRAM && error != EINVAL)) &&
7564 vec->zvec_allow_log &&
7565 spa_open(zc->zc_name, &spa, FTAG) == 0) {
7566 if (!nvlist_empty(outnvl)) {
7567 size_t out_size = fnvlist_size(outnvl);
7568 if (out_size > zfs_history_output_max) {
7569 fnvlist_add_int64(lognv,
7570 ZPOOL_HIST_OUTPUT_SIZE, out_size);
7572 fnvlist_add_nvlist(lognv,
7573 ZPOOL_HIST_OUTPUT_NVL, outnvl);
7577 fnvlist_add_int64(lognv, ZPOOL_HIST_ERRNO,
7580 fnvlist_add_int64(lognv, ZPOOL_HIST_ELAPSED_NS,
7581 gethrtime() - start_time);
7582 (void) spa_history_log_nvl(spa, lognv);
7583 spa_close(spa, FTAG);
7585 fnvlist_free(lognv);
7587 if (!nvlist_empty(outnvl) || zc->zc_nvlist_dst_size != 0) {
7589 if (vec->zvec_smush_outnvlist) {
7590 smusherror = nvlist_smush(outnvl,
7591 zc->zc_nvlist_dst_size);
7593 if (smusherror == 0)
7594 puterror = put_nvlist(zc, outnvl);
7600 nvlist_free(outnvl);
7602 cookie = spl_fstrans_mark();
7603 error = vec->zvec_legacy_func(zc);
7604 spl_fstrans_unmark(cookie);
7609 if (error == 0 && vec->zvec_allow_log) {
7610 char *s = tsd_get(zfs_allow_log_key);
7613 (void) tsd_set(zfs_allow_log_key, kmem_strdup(saved_poolname));
7615 if (saved_poolname != NULL)
7616 kmem_free(saved_poolname, saved_poolname_len);
7626 if ((error = zvol_init()) != 0)
7629 spa_init(SPA_MODE_READ | SPA_MODE_WRITE);
7634 mutex_init(&zfsdev_state_lock, NULL, MUTEX_DEFAULT, NULL);
7635 zfsdev_state_list = kmem_zalloc(sizeof (zfsdev_state_t), KM_SLEEP);
7636 zfsdev_state_list->zs_minor = -1;
7638 if ((error = zfsdev_attach()) != 0)
7641 tsd_create(&zfs_fsyncer_key, NULL);
7642 tsd_create(&rrw_tsd_key, rrw_tsd_destroy);
7643 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy);
7657 zfsdev_state_t *zs, *zsnext = NULL;
7661 mutex_destroy(&zfsdev_state_lock);
7663 for (zs = zfsdev_state_list; zs != NULL; zs = zsnext) {
7664 zsnext = zs->zs_next;
7666 zfs_onexit_destroy(zs->zs_onexit);
7668 zfs_zevent_destroy(zs->zs_zevent);
7669 kmem_free(zs, sizeof (zfsdev_state_t));
7672 zfs_ereport_taskq_fini(); /* run before zfs_fini() on Linux */
7677 tsd_destroy(&zfs_fsyncer_key);
7678 tsd_destroy(&rrw_tsd_key);
7679 tsd_destroy(&zfs_allow_log_key);
7683 ZFS_MODULE_PARAM(zfs, zfs_, max_nvlist_src_size, ULONG, ZMOD_RW,
7684 "Maximum size in bytes allowed for src nvlist passed with ZFS ioctls");
7686 ZFS_MODULE_PARAM(zfs, zfs_, history_output_max, ULONG, ZMOD_RW,
7687 "Maximum size in bytes of ZFS ioctl output that will be logged");