1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Portions Copyright 2011 Martin Matuska
25 * Copyright 2015, OmniTI Computer Consulting, Inc. All rights reserved.
26 * Portions Copyright 2012 Pawel Jakub Dawidek <[email protected]>
27 * Copyright (c) 2014, 2016 Joyent, Inc. All rights reserved.
28 * Copyright 2016 Nexenta Systems, Inc. All rights reserved.
29 * Copyright (c) 2014, Joyent, Inc. All rights reserved.
30 * Copyright (c) 2011, 2020 by Delphix. All rights reserved.
31 * Copyright (c) 2013 by Saso Kiselkov. All rights reserved.
32 * Copyright (c) 2013 Steven Hartland. All rights reserved.
33 * Copyright (c) 2014 Integros [integros.com]
34 * Copyright 2016 Toomas Soome <[email protected]>
35 * Copyright (c) 2016 Actifio, Inc. All rights reserved.
36 * Copyright (c) 2018, loli10K <[email protected]>. All rights reserved.
37 * Copyright 2017 RackTop Systems.
38 * Copyright (c) 2017 Open-E, Inc. All Rights Reserved.
39 * Copyright (c) 2019 Datto Inc.
40 * Copyright (c) 2019, 2020 by Christian Schwarz. All rights reserved.
41 * Copyright (c) 2019, Klara Inc.
42 * Copyright (c) 2019, Allan Jude
43 */
44
45 /*
46 * ZFS ioctls.
47 *
48 * This file handles the ioctls to /dev/zfs, used for configuring ZFS storage
49 * pools and filesystems, e.g. with /sbin/zfs and /sbin/zpool.
50 *
51 * There are two ways that we handle ioctls: the legacy way where almost
52 * all of the logic is in the ioctl callback, and the new way where most
53 * of the marshalling is handled in the common entry point, zfsdev_ioctl().
54 *
55 * Non-legacy ioctls should be registered by calling
56 * zfs_ioctl_register() from zfs_ioctl_init(). The ioctl is invoked
57 * from userland by lzc_ioctl().
58 *
59 * The registration arguments are as follows:
60 *
61 * const char *name
62 * The name of the ioctl. This is used for history logging. If the
63 * ioctl returns successfully (the callback returns 0), and allow_log
64 * is true, then a history log entry will be recorded with the input &
65 * output nvlists. The log entry can be printed with "zpool history -i".
66 *
67 * zfs_ioc_t ioc
68 * The ioctl request number, which userland will pass to ioctl(2).
69 * We want newer versions of libzfs and libzfs_core to run against
70 * existing zfs kernel modules (i.e. a deferred reboot after an update).
71 * Therefore the ioctl numbers cannot change from release to release.
72 *
73 * zfs_secpolicy_func_t *secpolicy
74 * This function will be called before the zfs_ioc_func_t, to
75 * determine if this operation is permitted. It should return EPERM
76 * on failure, and 0 on success. Checks include determining if the
77 * dataset is visible in this zone, and if the user has either all
78 * zfs privileges in the zone (SYS_MOUNT), or has been granted permission
79 * to do this operation on this dataset with "zfs allow".
80 *
81 * zfs_ioc_namecheck_t namecheck
82 * This specifies what to expect in the zfs_cmd_t:zc_name -- a pool
83 * name, a dataset name, or nothing. If the name is not well-formed,
84 * the ioctl will fail and the callback will not be called.
85 * Therefore, the callback can assume that the name is well-formed
86 * (e.g. is null-terminated, doesn't have more than one '@' character,
87 * doesn't have invalid characters).
88 *
89 * zfs_ioc_poolcheck_t pool_check
90 * This specifies requirements on the pool state. If the pool does
91 * not meet them (is suspended or is readonly), the ioctl will fail
92 * and the callback will not be called. If any checks are specified
93 * (i.e. it is not POOL_CHECK_NONE), namecheck must not be NO_NAME.
94 * Multiple checks can be or-ed together (e.g. POOL_CHECK_SUSPENDED |
95 * POOL_CHECK_READONLY).
96 *
97 * zfs_ioc_key_t *nvl_keys
98 * The list of expected/allowable innvl input keys. This list is used
99 * to validate the nvlist input to the ioctl.
100 *
101 * boolean_t smush_outnvlist
102 * If smush_outnvlist is true, then the output is presumed to be a
103 * list of errors, and it will be "smushed" down to fit into the
104 * caller's buffer, by removing some entries and replacing them with a
105 * single "N_MORE_ERRORS" entry indicating how many were removed. See
106 * nvlist_smush() for details. If smush_outnvlist is false, and the
107 * outnvlist does not fit into the userland-provided buffer, then the
108 * ioctl will fail with ENOMEM.
109 *
110 * zfs_ioc_func_t *func
111 * The callback function that will perform the operation.
112 *
113 * The callback should return 0 on success, or an error number on
114 * failure. If the function fails, the userland ioctl will return -1,
115 * and errno will be set to the callback's return value. The callback
116 * will be called with the following arguments:
117 *
118 * const char *name
119 * The name of the pool or dataset to operate on, from
120 * zfs_cmd_t:zc_name. The 'namecheck' argument specifies the
121 * expected type (pool, dataset, or none).
122 *
123 * nvlist_t *innvl
124 * The input nvlist, deserialized from zfs_cmd_t:zc_nvlist_src. Or
125 * NULL if no input nvlist was provided. Changes to this nvlist are
126 * ignored. If the input nvlist could not be deserialized, the
127 * ioctl will fail and the callback will not be called.
128 *
129 * nvlist_t *outnvl
130 * The output nvlist, initially empty. The callback can fill it in,
131 * and it will be returned to userland by serializing it into
132 * zfs_cmd_t:zc_nvlist_dst. If it is non-empty, and serialization
133 * fails (e.g. because the caller didn't supply a large enough
134 * buffer), then the overall ioctl will fail. See the
135 * 'smush_nvlist' argument above for additional behaviors.
136 *
137 * There are two typical uses of the output nvlist:
138 * - To return state, e.g. property values. In this case,
139 * smush_outnvlist should be false. If the buffer was not large
140 * enough, the caller will reallocate a larger buffer and try
141 * the ioctl again.
142 *
143 * - To return multiple errors from an ioctl which makes on-disk
144 * changes. In this case, smush_outnvlist should be true.
145 * Ioctls which make on-disk modifications should generally not
146 * use the outnvl if they succeed, because the caller can not
147 * distinguish between the operation failing, and
148 * deserialization failing.
149 *
150 * IOCTL Interface Errors
151 *
152 * The following ioctl input errors can be returned:
153 * ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
154 * ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
155 * ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
156 * ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
157 */
158
159 #include <sys/types.h>
160 #include <sys/param.h>
161 #include <sys/errno.h>
162 #include <sys/uio.h>
163 #include <sys/file.h>
164 #include <sys/kmem.h>
165 #include <sys/cmn_err.h>
166 #include <sys/stat.h>
167 #include <sys/zfs_ioctl.h>
168 #include <sys/zfs_quota.h>
169 #include <sys/zfs_vfsops.h>
170 #include <sys/zfs_znode.h>
171 #include <sys/zap.h>
172 #include <sys/spa.h>
173 #include <sys/spa_impl.h>
174 #include <sys/vdev.h>
175 #include <sys/vdev_impl.h>
176 #include <sys/dmu.h>
177 #include <sys/dsl_dir.h>
178 #include <sys/dsl_dataset.h>
179 #include <sys/dsl_prop.h>
180 #include <sys/dsl_deleg.h>
181 #include <sys/dmu_objset.h>
182 #include <sys/dmu_impl.h>
183 #include <sys/dmu_redact.h>
184 #include <sys/dmu_tx.h>
185 #include <sys/sunddi.h>
186 #include <sys/policy.h>
187 #include <sys/zone.h>
188 #include <sys/nvpair.h>
189 #include <sys/pathname.h>
190 #include <sys/fs/zfs.h>
191 #include <sys/zfs_ctldir.h>
192 #include <sys/zfs_dir.h>
193 #include <sys/zfs_onexit.h>
194 #include <sys/zvol.h>
195 #include <sys/dsl_scan.h>
196 #include <sys/fm/util.h>
197 #include <sys/dsl_crypt.h>
198 #include <sys/rrwlock.h>
199 #include <sys/zfs_file.h>
200
201 #include <sys/dmu_recv.h>
202 #include <sys/dmu_send.h>
203 #include <sys/dmu_recv.h>
204 #include <sys/dsl_destroy.h>
205 #include <sys/dsl_bookmark.h>
206 #include <sys/dsl_userhold.h>
207 #include <sys/zfeature.h>
208 #include <sys/zcp.h>
209 #include <sys/zio_checksum.h>
210 #include <sys/vdev_removal.h>
211 #include <sys/vdev_impl.h>
212 #include <sys/vdev_initialize.h>
213 #include <sys/vdev_trim.h>
214
215 #include "zfs_namecheck.h"
216 #include "zfs_prop.h"
217 #include "zfs_deleg.h"
218 #include "zfs_comutil.h"
219
220 #include <sys/lua/lua.h>
221 #include <sys/lua/lauxlib.h>
222 #include <sys/zfs_ioctl_impl.h>
223
224 kmutex_t zfsdev_state_lock;
225 zfsdev_state_t *zfsdev_state_list;
226
227 /*
228 * Limit maximum nvlist size. We don't want users passing in insane values
229 * for zc->zc_nvlist_src_size, since we will need to allocate that much memory.
230 * Defaults to 0=auto which is handled by platform code.
231 */
232 unsigned long zfs_max_nvlist_src_size = 0;
233
234 /*
235 * When logging the output nvlist of an ioctl in the on-disk history, limit
236 * the logged size to this many bytes. This must be less then DMU_MAX_ACCESS.
237 * This applies primarily to zfs_ioc_channel_program().
238 */
239 unsigned long zfs_history_output_max = 1024 * 1024;
240
241 uint_t zfs_fsyncer_key;
242 uint_t zfs_allow_log_key;
243
244 /* DATA_TYPE_ANY is used when zkey_type can vary. */
245 #define DATA_TYPE_ANY DATA_TYPE_UNKNOWN
246
247 typedef struct zfs_ioc_vec {
248 zfs_ioc_legacy_func_t *zvec_legacy_func;
249 zfs_ioc_func_t *zvec_func;
250 zfs_secpolicy_func_t *zvec_secpolicy;
251 zfs_ioc_namecheck_t zvec_namecheck;
252 boolean_t zvec_allow_log;
253 zfs_ioc_poolcheck_t zvec_pool_check;
254 boolean_t zvec_smush_outnvlist;
255 const char *zvec_name;
256 const zfs_ioc_key_t *zvec_nvl_keys;
257 size_t zvec_nvl_key_count;
258 } zfs_ioc_vec_t;
259
260 /* This array is indexed by zfs_userquota_prop_t */
261 static const char *userquota_perms[] = {
262 ZFS_DELEG_PERM_USERUSED,
263 ZFS_DELEG_PERM_USERQUOTA,
264 ZFS_DELEG_PERM_GROUPUSED,
265 ZFS_DELEG_PERM_GROUPQUOTA,
266 ZFS_DELEG_PERM_USEROBJUSED,
267 ZFS_DELEG_PERM_USEROBJQUOTA,
268 ZFS_DELEG_PERM_GROUPOBJUSED,
269 ZFS_DELEG_PERM_GROUPOBJQUOTA,
270 ZFS_DELEG_PERM_PROJECTUSED,
271 ZFS_DELEG_PERM_PROJECTQUOTA,
272 ZFS_DELEG_PERM_PROJECTOBJUSED,
273 ZFS_DELEG_PERM_PROJECTOBJQUOTA,
274 };
275
276 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc);
277 static int zfs_ioc_id_quota_upgrade(zfs_cmd_t *zc);
278 static int zfs_check_settable(const char *name, nvpair_t *property,
279 cred_t *cr);
280 static int zfs_check_clearable(const char *dataset, nvlist_t *props,
281 nvlist_t **errors);
282 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *,
283 boolean_t *);
284 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t *);
285 static int get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp);
286
287 static void
history_str_free(char * buf)288 history_str_free(char *buf)
289 {
290 kmem_free(buf, HIS_MAX_RECORD_LEN);
291 }
292
293 static char *
history_str_get(zfs_cmd_t * zc)294 history_str_get(zfs_cmd_t *zc)
295 {
296 char *buf;
297
298 if (zc->zc_history == 0)
299 return (NULL);
300
301 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP);
302 if (copyinstr((void *)(uintptr_t)zc->zc_history,
303 buf, HIS_MAX_RECORD_LEN, NULL) != 0) {
304 history_str_free(buf);
305 return (NULL);
306 }
307
308 buf[HIS_MAX_RECORD_LEN -1] = '\0';
309
310 return (buf);
311 }
312
313 /*
314 * Return non-zero if the spa version is less than requested version.
315 */
316 static int
zfs_earlier_version(const char * name,int version)317 zfs_earlier_version(const char *name, int version)
318 {
319 spa_t *spa;
320
321 if (spa_open(name, &spa, FTAG) == 0) {
322 if (spa_version(spa) < version) {
323 spa_close(spa, FTAG);
324 return (1);
325 }
326 spa_close(spa, FTAG);
327 }
328 return (0);
329 }
330
331 /*
332 * Return TRUE if the ZPL version is less than requested version.
333 */
334 static boolean_t
zpl_earlier_version(const char * name,int version)335 zpl_earlier_version(const char *name, int version)
336 {
337 objset_t *os;
338 boolean_t rc = B_TRUE;
339
340 if (dmu_objset_hold(name, FTAG, &os) == 0) {
341 uint64_t zplversion;
342
343 if (dmu_objset_type(os) != DMU_OST_ZFS) {
344 dmu_objset_rele(os, FTAG);
345 return (B_TRUE);
346 }
347 /* XXX reading from non-owned objset */
348 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0)
349 rc = zplversion < version;
350 dmu_objset_rele(os, FTAG);
351 }
352 return (rc);
353 }
354
355 static void
zfs_log_history(zfs_cmd_t * zc)356 zfs_log_history(zfs_cmd_t *zc)
357 {
358 spa_t *spa;
359 char *buf;
360
361 if ((buf = history_str_get(zc)) == NULL)
362 return;
363
364 if (spa_open(zc->zc_name, &spa, FTAG) == 0) {
365 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY)
366 (void) spa_history_log(spa, buf);
367 spa_close(spa, FTAG);
368 }
369 history_str_free(buf);
370 }
371
372 /*
373 * Policy for top-level read operations (list pools). Requires no privileges,
374 * and can be used in the local zone, as there is no associated dataset.
375 */
376 /* ARGSUSED */
377 static int
zfs_secpolicy_none(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)378 zfs_secpolicy_none(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
379 {
380 return (0);
381 }
382
383 /*
384 * Policy for dataset read operations (list children, get statistics). Requires
385 * no privileges, but must be visible in the local zone.
386 */
387 /* ARGSUSED */
388 static int
zfs_secpolicy_read(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)389 zfs_secpolicy_read(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
390 {
391 if (INGLOBALZONE(curproc) ||
392 zone_dataset_visible(zc->zc_name, NULL))
393 return (0);
394
395 return (SET_ERROR(ENOENT));
396 }
397
398 static int
zfs_dozonecheck_impl(const char * dataset,uint64_t zoned,cred_t * cr)399 zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr)
400 {
401 int writable = 1;
402
403 /*
404 * The dataset must be visible by this zone -- check this first
405 * so they don't see EPERM on something they shouldn't know about.
406 */
407 if (!INGLOBALZONE(curproc) &&
408 !zone_dataset_visible(dataset, &writable))
409 return (SET_ERROR(ENOENT));
410
411 if (INGLOBALZONE(curproc)) {
412 /*
413 * If the fs is zoned, only root can access it from the
414 * global zone.
415 */
416 if (secpolicy_zfs(cr) && zoned)
417 return (SET_ERROR(EPERM));
418 } else {
419 /*
420 * If we are in a local zone, the 'zoned' property must be set.
421 */
422 if (!zoned)
423 return (SET_ERROR(EPERM));
424
425 /* must be writable by this zone */
426 if (!writable)
427 return (SET_ERROR(EPERM));
428 }
429 return (0);
430 }
431
432 static int
zfs_dozonecheck(const char * dataset,cred_t * cr)433 zfs_dozonecheck(const char *dataset, cred_t *cr)
434 {
435 uint64_t zoned;
436
437 if (dsl_prop_get_integer(dataset, zfs_prop_to_name(ZFS_PROP_ZONED),
438 &zoned, NULL))
439 return (SET_ERROR(ENOENT));
440
441 return (zfs_dozonecheck_impl(dataset, zoned, cr));
442 }
443
444 static int
zfs_dozonecheck_ds(const char * dataset,dsl_dataset_t * ds,cred_t * cr)445 zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr)
446 {
447 uint64_t zoned;
448
449 if (dsl_prop_get_int_ds(ds, zfs_prop_to_name(ZFS_PROP_ZONED), &zoned))
450 return (SET_ERROR(ENOENT));
451
452 return (zfs_dozonecheck_impl(dataset, zoned, cr));
453 }
454
455 static int
zfs_secpolicy_write_perms_ds(const char * name,dsl_dataset_t * ds,const char * perm,cred_t * cr)456 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds,
457 const char *perm, cred_t *cr)
458 {
459 int error;
460
461 error = zfs_dozonecheck_ds(name, ds, cr);
462 if (error == 0) {
463 error = secpolicy_zfs(cr);
464 if (error != 0)
465 error = dsl_deleg_access_impl(ds, perm, cr);
466 }
467 return (error);
468 }
469
470 static int
zfs_secpolicy_write_perms(const char * name,const char * perm,cred_t * cr)471 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
472 {
473 int error;
474 dsl_dataset_t *ds;
475 dsl_pool_t *dp;
476
477 /*
478 * First do a quick check for root in the global zone, which
479 * is allowed to do all write_perms. This ensures that zfs_ioc_*
480 * will get to handle nonexistent datasets.
481 */
482 if (INGLOBALZONE(curproc) && secpolicy_zfs(cr) == 0)
483 return (0);
484
485 error = dsl_pool_hold(name, FTAG, &dp);
486 if (error != 0)
487 return (error);
488
489 error = dsl_dataset_hold(dp, name, FTAG, &ds);
490 if (error != 0) {
491 dsl_pool_rele(dp, FTAG);
492 return (error);
493 }
494
495 error = zfs_secpolicy_write_perms_ds(name, ds, perm, cr);
496
497 dsl_dataset_rele(ds, FTAG);
498 dsl_pool_rele(dp, FTAG);
499 return (error);
500 }
501
502 /*
503 * Policy for setting the security label property.
504 *
505 * Returns 0 for success, non-zero for access and other errors.
506 */
507 static int
zfs_set_slabel_policy(const char * name,const char * strval,cred_t * cr)508 zfs_set_slabel_policy(const char *name, const char *strval, cred_t *cr)
509 {
510 #ifdef HAVE_MLSLABEL
511 char ds_hexsl[MAXNAMELEN];
512 bslabel_t ds_sl, new_sl;
513 boolean_t new_default = FALSE;
514 uint64_t zoned;
515 int needed_priv = -1;
516 int error;
517
518 /* First get the existing dataset label. */
519 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL),
520 1, sizeof (ds_hexsl), &ds_hexsl, NULL);
521 if (error != 0)
522 return (SET_ERROR(EPERM));
523
524 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0)
525 new_default = TRUE;
526
527 /* The label must be translatable */
528 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0))
529 return (SET_ERROR(EINVAL));
530
531 /*
532 * In a non-global zone, disallow attempts to set a label that
533 * doesn't match that of the zone; otherwise no other checks
534 * are needed.
535 */
536 if (!INGLOBALZONE(curproc)) {
537 if (new_default || !blequal(&new_sl, CR_SL(CRED())))
538 return (SET_ERROR(EPERM));
539 return (0);
540 }
541
542 /*
543 * For global-zone datasets (i.e., those whose zoned property is
544 * "off", verify that the specified new label is valid for the
545 * global zone.
546 */
547 if (dsl_prop_get_integer(name,
548 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL))
549 return (SET_ERROR(EPERM));
550 if (!zoned) {
551 if (zfs_check_global_label(name, strval) != 0)
552 return (SET_ERROR(EPERM));
553 }
554
555 /*
556 * If the existing dataset label is nondefault, check if the
557 * dataset is mounted (label cannot be changed while mounted).
558 * Get the zfsvfs_t; if there isn't one, then the dataset isn't
559 * mounted (or isn't a dataset, doesn't exist, ...).
560 */
561 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) {
562 objset_t *os;
563 static const char *setsl_tag = "setsl_tag";
564
565 /*
566 * Try to own the dataset; abort if there is any error,
567 * (e.g., already mounted, in use, or other error).
568 */
569 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE, B_TRUE,
570 setsl_tag, &os);
571 if (error != 0)
572 return (SET_ERROR(EPERM));
573
574 dmu_objset_disown(os, B_TRUE, setsl_tag);
575
576 if (new_default) {
577 needed_priv = PRIV_FILE_DOWNGRADE_SL;
578 goto out_check;
579 }
580
581 if (hexstr_to_label(strval, &new_sl) != 0)
582 return (SET_ERROR(EPERM));
583
584 if (blstrictdom(&ds_sl, &new_sl))
585 needed_priv = PRIV_FILE_DOWNGRADE_SL;
586 else if (blstrictdom(&new_sl, &ds_sl))
587 needed_priv = PRIV_FILE_UPGRADE_SL;
588 } else {
589 /* dataset currently has a default label */
590 if (!new_default)
591 needed_priv = PRIV_FILE_UPGRADE_SL;
592 }
593
594 out_check:
595 if (needed_priv != -1)
596 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL));
597 return (0);
598 #else
599 return (SET_ERROR(ENOTSUP));
600 #endif /* HAVE_MLSLABEL */
601 }
602
603 static int
zfs_secpolicy_setprop(const char * dsname,zfs_prop_t prop,nvpair_t * propval,cred_t * cr)604 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval,
605 cred_t *cr)
606 {
607 char *strval;
608
609 /*
610 * Check permissions for special properties.
611 */
612 switch (prop) {
613 default:
614 break;
615 case ZFS_PROP_ZONED:
616 /*
617 * Disallow setting of 'zoned' from within a local zone.
618 */
619 if (!INGLOBALZONE(curproc))
620 return (SET_ERROR(EPERM));
621 break;
622
623 case ZFS_PROP_QUOTA:
624 case ZFS_PROP_FILESYSTEM_LIMIT:
625 case ZFS_PROP_SNAPSHOT_LIMIT:
626 if (!INGLOBALZONE(curproc)) {
627 uint64_t zoned;
628 char setpoint[ZFS_MAX_DATASET_NAME_LEN];
629 /*
630 * Unprivileged users are allowed to modify the
631 * limit on things *under* (ie. contained by)
632 * the thing they own.
633 */
634 if (dsl_prop_get_integer(dsname,
635 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, setpoint))
636 return (SET_ERROR(EPERM));
637 if (!zoned || strlen(dsname) <= strlen(setpoint))
638 return (SET_ERROR(EPERM));
639 }
640 break;
641
642 case ZFS_PROP_MLSLABEL:
643 if (!is_system_labeled())
644 return (SET_ERROR(EPERM));
645
646 if (nvpair_value_string(propval, &strval) == 0) {
647 int err;
648
649 err = zfs_set_slabel_policy(dsname, strval, CRED());
650 if (err != 0)
651 return (err);
652 }
653 break;
654 }
655
656 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr));
657 }
658
659 /* ARGSUSED */
660 static int
zfs_secpolicy_set_fsacl(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)661 zfs_secpolicy_set_fsacl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
662 {
663 int error;
664
665 error = zfs_dozonecheck(zc->zc_name, cr);
666 if (error != 0)
667 return (error);
668
669 /*
670 * permission to set permissions will be evaluated later in
671 * dsl_deleg_can_allow()
672 */
673 return (0);
674 }
675
676 /* ARGSUSED */
677 static int
zfs_secpolicy_rollback(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)678 zfs_secpolicy_rollback(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
679 {
680 return (zfs_secpolicy_write_perms(zc->zc_name,
681 ZFS_DELEG_PERM_ROLLBACK, cr));
682 }
683
684 /* ARGSUSED */
685 static int
zfs_secpolicy_send(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)686 zfs_secpolicy_send(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
687 {
688 dsl_pool_t *dp;
689 dsl_dataset_t *ds;
690 const char *cp;
691 int error;
692
693 /*
694 * Generate the current snapshot name from the given objsetid, then
695 * use that name for the secpolicy/zone checks.
696 */
697 cp = strchr(zc->zc_name, '@');
698 if (cp == NULL)
699 return (SET_ERROR(EINVAL));
700 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
701 if (error != 0)
702 return (error);
703
704 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
705 if (error != 0) {
706 dsl_pool_rele(dp, FTAG);
707 return (error);
708 }
709
710 dsl_dataset_name(ds, zc->zc_name);
711
712 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds,
713 ZFS_DELEG_PERM_SEND, cr);
714 dsl_dataset_rele(ds, FTAG);
715 dsl_pool_rele(dp, FTAG);
716
717 return (error);
718 }
719
720 /* ARGSUSED */
721 static int
zfs_secpolicy_send_new(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)722 zfs_secpolicy_send_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
723 {
724 return (zfs_secpolicy_write_perms(zc->zc_name,
725 ZFS_DELEG_PERM_SEND, cr));
726 }
727
728 static int
zfs_secpolicy_share(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)729 zfs_secpolicy_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
730 {
731 return (SET_ERROR(ENOTSUP));
732 }
733
734 static int
zfs_secpolicy_smb_acl(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)735 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
736 {
737 return (SET_ERROR(ENOTSUP));
738 }
739
740 static int
zfs_get_parent(const char * datasetname,char * parent,int parentsize)741 zfs_get_parent(const char *datasetname, char *parent, int parentsize)
742 {
743 char *cp;
744
745 /*
746 * Remove the @bla or /bla from the end of the name to get the parent.
747 */
748 (void) strncpy(parent, datasetname, parentsize);
749 cp = strrchr(parent, '@');
750 if (cp != NULL) {
751 cp[0] = '\0';
752 } else {
753 cp = strrchr(parent, '/');
754 if (cp == NULL)
755 return (SET_ERROR(ENOENT));
756 cp[0] = '\0';
757 }
758
759 return (0);
760 }
761
762 int
zfs_secpolicy_destroy_perms(const char * name,cred_t * cr)763 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr)
764 {
765 int error;
766
767 if ((error = zfs_secpolicy_write_perms(name,
768 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
769 return (error);
770
771 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr));
772 }
773
774 /* ARGSUSED */
775 static int
zfs_secpolicy_destroy(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)776 zfs_secpolicy_destroy(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
777 {
778 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr));
779 }
780
781 /*
782 * Destroying snapshots with delegated permissions requires
783 * descendant mount and destroy permissions.
784 */
785 /* ARGSUSED */
786 static int
zfs_secpolicy_destroy_snaps(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)787 zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
788 {
789 nvlist_t *snaps;
790 nvpair_t *pair, *nextpair;
791 int error = 0;
792
793 snaps = fnvlist_lookup_nvlist(innvl, "snaps");
794
795 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
796 pair = nextpair) {
797 nextpair = nvlist_next_nvpair(snaps, pair);
798 error = zfs_secpolicy_destroy_perms(nvpair_name(pair), cr);
799 if (error == ENOENT) {
800 /*
801 * Ignore any snapshots that don't exist (we consider
802 * them "already destroyed"). Remove the name from the
803 * nvl here in case the snapshot is created between
804 * now and when we try to destroy it (in which case
805 * we don't want to destroy it since we haven't
806 * checked for permission).
807 */
808 fnvlist_remove_nvpair(snaps, pair);
809 error = 0;
810 }
811 if (error != 0)
812 break;
813 }
814
815 return (error);
816 }
817
818 int
zfs_secpolicy_rename_perms(const char * from,const char * to,cred_t * cr)819 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr)
820 {
821 char parentname[ZFS_MAX_DATASET_NAME_LEN];
822 int error;
823
824 if ((error = zfs_secpolicy_write_perms(from,
825 ZFS_DELEG_PERM_RENAME, cr)) != 0)
826 return (error);
827
828 if ((error = zfs_secpolicy_write_perms(from,
829 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
830 return (error);
831
832 if ((error = zfs_get_parent(to, parentname,
833 sizeof (parentname))) != 0)
834 return (error);
835
836 if ((error = zfs_secpolicy_write_perms(parentname,
837 ZFS_DELEG_PERM_CREATE, cr)) != 0)
838 return (error);
839
840 if ((error = zfs_secpolicy_write_perms(parentname,
841 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
842 return (error);
843
844 return (error);
845 }
846
847 /* ARGSUSED */
848 static int
zfs_secpolicy_rename(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)849 zfs_secpolicy_rename(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
850 {
851 return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr));
852 }
853
854 /* ARGSUSED */
855 static int
zfs_secpolicy_promote(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)856 zfs_secpolicy_promote(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
857 {
858 dsl_pool_t *dp;
859 dsl_dataset_t *clone;
860 int error;
861
862 error = zfs_secpolicy_write_perms(zc->zc_name,
863 ZFS_DELEG_PERM_PROMOTE, cr);
864 if (error != 0)
865 return (error);
866
867 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
868 if (error != 0)
869 return (error);
870
871 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &clone);
872
873 if (error == 0) {
874 char parentname[ZFS_MAX_DATASET_NAME_LEN];
875 dsl_dataset_t *origin = NULL;
876 dsl_dir_t *dd;
877 dd = clone->ds_dir;
878
879 error = dsl_dataset_hold_obj(dd->dd_pool,
880 dsl_dir_phys(dd)->dd_origin_obj, FTAG, &origin);
881 if (error != 0) {
882 dsl_dataset_rele(clone, FTAG);
883 dsl_pool_rele(dp, FTAG);
884 return (error);
885 }
886
887 error = zfs_secpolicy_write_perms_ds(zc->zc_name, clone,
888 ZFS_DELEG_PERM_MOUNT, cr);
889
890 dsl_dataset_name(origin, parentname);
891 if (error == 0) {
892 error = zfs_secpolicy_write_perms_ds(parentname, origin,
893 ZFS_DELEG_PERM_PROMOTE, cr);
894 }
895 dsl_dataset_rele(clone, FTAG);
896 dsl_dataset_rele(origin, FTAG);
897 }
898 dsl_pool_rele(dp, FTAG);
899 return (error);
900 }
901
902 /* ARGSUSED */
903 static int
zfs_secpolicy_recv(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)904 zfs_secpolicy_recv(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
905 {
906 int error;
907
908 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
909 ZFS_DELEG_PERM_RECEIVE, cr)) != 0)
910 return (error);
911
912 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
913 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
914 return (error);
915
916 return (zfs_secpolicy_write_perms(zc->zc_name,
917 ZFS_DELEG_PERM_CREATE, cr));
918 }
919
920 /* ARGSUSED */
921 static int
zfs_secpolicy_recv_new(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)922 zfs_secpolicy_recv_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
923 {
924 return (zfs_secpolicy_recv(zc, innvl, cr));
925 }
926
927 int
zfs_secpolicy_snapshot_perms(const char * name,cred_t * cr)928 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr)
929 {
930 return (zfs_secpolicy_write_perms(name,
931 ZFS_DELEG_PERM_SNAPSHOT, cr));
932 }
933
934 /*
935 * Check for permission to create each snapshot in the nvlist.
936 */
937 /* ARGSUSED */
938 static int
zfs_secpolicy_snapshot(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)939 zfs_secpolicy_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
940 {
941 nvlist_t *snaps;
942 int error = 0;
943 nvpair_t *pair;
944
945 snaps = fnvlist_lookup_nvlist(innvl, "snaps");
946
947 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
948 pair = nvlist_next_nvpair(snaps, pair)) {
949 char *name = nvpair_name(pair);
950 char *atp = strchr(name, '@');
951
952 if (atp == NULL) {
953 error = SET_ERROR(EINVAL);
954 break;
955 }
956 *atp = '\0';
957 error = zfs_secpolicy_snapshot_perms(name, cr);
958 *atp = '@';
959 if (error != 0)
960 break;
961 }
962 return (error);
963 }
964
965 /*
966 * Check for permission to create each bookmark in the nvlist.
967 */
968 /* ARGSUSED */
969 static int
zfs_secpolicy_bookmark(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)970 zfs_secpolicy_bookmark(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
971 {
972 int error = 0;
973
974 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL);
975 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
976 char *name = nvpair_name(pair);
977 char *hashp = strchr(name, '#');
978
979 if (hashp == NULL) {
980 error = SET_ERROR(EINVAL);
981 break;
982 }
983 *hashp = '\0';
984 error = zfs_secpolicy_write_perms(name,
985 ZFS_DELEG_PERM_BOOKMARK, cr);
986 *hashp = '#';
987 if (error != 0)
988 break;
989 }
990 return (error);
991 }
992
993 /* ARGSUSED */
994 static int
zfs_secpolicy_destroy_bookmarks(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)995 zfs_secpolicy_destroy_bookmarks(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
996 {
997 nvpair_t *pair, *nextpair;
998 int error = 0;
999
1000 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL;
1001 pair = nextpair) {
1002 char *name = nvpair_name(pair);
1003 char *hashp = strchr(name, '#');
1004 nextpair = nvlist_next_nvpair(innvl, pair);
1005
1006 if (hashp == NULL) {
1007 error = SET_ERROR(EINVAL);
1008 break;
1009 }
1010
1011 *hashp = '\0';
1012 error = zfs_secpolicy_write_perms(name,
1013 ZFS_DELEG_PERM_DESTROY, cr);
1014 *hashp = '#';
1015 if (error == ENOENT) {
1016 /*
1017 * Ignore any filesystems that don't exist (we consider
1018 * their bookmarks "already destroyed"). Remove
1019 * the name from the nvl here in case the filesystem
1020 * is created between now and when we try to destroy
1021 * the bookmark (in which case we don't want to
1022 * destroy it since we haven't checked for permission).
1023 */
1024 fnvlist_remove_nvpair(innvl, pair);
1025 error = 0;
1026 }
1027 if (error != 0)
1028 break;
1029 }
1030
1031 return (error);
1032 }
1033
1034 /* ARGSUSED */
1035 static int
zfs_secpolicy_log_history(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1036 zfs_secpolicy_log_history(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1037 {
1038 /*
1039 * Even root must have a proper TSD so that we know what pool
1040 * to log to.
1041 */
1042 if (tsd_get(zfs_allow_log_key) == NULL)
1043 return (SET_ERROR(EPERM));
1044 return (0);
1045 }
1046
1047 static int
zfs_secpolicy_create_clone(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1048 zfs_secpolicy_create_clone(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1049 {
1050 char parentname[ZFS_MAX_DATASET_NAME_LEN];
1051 int error;
1052 char *origin;
1053
1054 if ((error = zfs_get_parent(zc->zc_name, parentname,
1055 sizeof (parentname))) != 0)
1056 return (error);
1057
1058 if (nvlist_lookup_string(innvl, "origin", &origin) == 0 &&
1059 (error = zfs_secpolicy_write_perms(origin,
1060 ZFS_DELEG_PERM_CLONE, cr)) != 0)
1061 return (error);
1062
1063 if ((error = zfs_secpolicy_write_perms(parentname,
1064 ZFS_DELEG_PERM_CREATE, cr)) != 0)
1065 return (error);
1066
1067 return (zfs_secpolicy_write_perms(parentname,
1068 ZFS_DELEG_PERM_MOUNT, cr));
1069 }
1070
1071 /*
1072 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires
1073 * SYS_CONFIG privilege, which is not available in a local zone.
1074 */
1075 /* ARGSUSED */
1076 int
zfs_secpolicy_config(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1077 zfs_secpolicy_config(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1078 {
1079 if (secpolicy_sys_config(cr, B_FALSE) != 0)
1080 return (SET_ERROR(EPERM));
1081
1082 return (0);
1083 }
1084
1085 /*
1086 * Policy for object to name lookups.
1087 */
1088 /* ARGSUSED */
1089 static int
zfs_secpolicy_diff(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1090 zfs_secpolicy_diff(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1091 {
1092 int error;
1093
1094 if ((error = secpolicy_sys_config(cr, B_FALSE)) == 0)
1095 return (0);
1096
1097 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr);
1098 return (error);
1099 }
1100
1101 /*
1102 * Policy for fault injection. Requires all privileges.
1103 */
1104 /* ARGSUSED */
1105 static int
zfs_secpolicy_inject(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1106 zfs_secpolicy_inject(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1107 {
1108 return (secpolicy_zinject(cr));
1109 }
1110
1111 /* ARGSUSED */
1112 static int
zfs_secpolicy_inherit_prop(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1113 zfs_secpolicy_inherit_prop(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1114 {
1115 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value);
1116
1117 if (prop == ZPROP_INVAL) {
1118 if (!zfs_prop_user(zc->zc_value))
1119 return (SET_ERROR(EINVAL));
1120 return (zfs_secpolicy_write_perms(zc->zc_name,
1121 ZFS_DELEG_PERM_USERPROP, cr));
1122 } else {
1123 return (zfs_secpolicy_setprop(zc->zc_name, prop,
1124 NULL, cr));
1125 }
1126 }
1127
1128 static int
zfs_secpolicy_userspace_one(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1129 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1130 {
1131 int err = zfs_secpolicy_read(zc, innvl, cr);
1132 if (err)
1133 return (err);
1134
1135 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1136 return (SET_ERROR(EINVAL));
1137
1138 if (zc->zc_value[0] == 0) {
1139 /*
1140 * They are asking about a posix uid/gid. If it's
1141 * themself, allow it.
1142 */
1143 if (zc->zc_objset_type == ZFS_PROP_USERUSED ||
1144 zc->zc_objset_type == ZFS_PROP_USERQUOTA ||
1145 zc->zc_objset_type == ZFS_PROP_USEROBJUSED ||
1146 zc->zc_objset_type == ZFS_PROP_USEROBJQUOTA) {
1147 if (zc->zc_guid == crgetuid(cr))
1148 return (0);
1149 } else if (zc->zc_objset_type == ZFS_PROP_GROUPUSED ||
1150 zc->zc_objset_type == ZFS_PROP_GROUPQUOTA ||
1151 zc->zc_objset_type == ZFS_PROP_GROUPOBJUSED ||
1152 zc->zc_objset_type == ZFS_PROP_GROUPOBJQUOTA) {
1153 if (groupmember(zc->zc_guid, cr))
1154 return (0);
1155 }
1156 /* else is for project quota/used */
1157 }
1158
1159 return (zfs_secpolicy_write_perms(zc->zc_name,
1160 userquota_perms[zc->zc_objset_type], cr));
1161 }
1162
1163 static int
zfs_secpolicy_userspace_many(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1164 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1165 {
1166 int err = zfs_secpolicy_read(zc, innvl, cr);
1167 if (err)
1168 return (err);
1169
1170 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1171 return (SET_ERROR(EINVAL));
1172
1173 return (zfs_secpolicy_write_perms(zc->zc_name,
1174 userquota_perms[zc->zc_objset_type], cr));
1175 }
1176
1177 /* ARGSUSED */
1178 static int
zfs_secpolicy_userspace_upgrade(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1179 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1180 {
1181 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION,
1182 NULL, cr));
1183 }
1184
1185 /* ARGSUSED */
1186 static int
zfs_secpolicy_hold(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1187 zfs_secpolicy_hold(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1188 {
1189 nvpair_t *pair;
1190 nvlist_t *holds;
1191 int error;
1192
1193 holds = fnvlist_lookup_nvlist(innvl, "holds");
1194
1195 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL;
1196 pair = nvlist_next_nvpair(holds, pair)) {
1197 char fsname[ZFS_MAX_DATASET_NAME_LEN];
1198 error = dmu_fsname(nvpair_name(pair), fsname);
1199 if (error != 0)
1200 return (error);
1201 error = zfs_secpolicy_write_perms(fsname,
1202 ZFS_DELEG_PERM_HOLD, cr);
1203 if (error != 0)
1204 return (error);
1205 }
1206 return (0);
1207 }
1208
1209 /* ARGSUSED */
1210 static int
zfs_secpolicy_release(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1211 zfs_secpolicy_release(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1212 {
1213 nvpair_t *pair;
1214 int error;
1215
1216 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL;
1217 pair = nvlist_next_nvpair(innvl, pair)) {
1218 char fsname[ZFS_MAX_DATASET_NAME_LEN];
1219 error = dmu_fsname(nvpair_name(pair), fsname);
1220 if (error != 0)
1221 return (error);
1222 error = zfs_secpolicy_write_perms(fsname,
1223 ZFS_DELEG_PERM_RELEASE, cr);
1224 if (error != 0)
1225 return (error);
1226 }
1227 return (0);
1228 }
1229
1230 /*
1231 * Policy for allowing temporary snapshots to be taken or released
1232 */
1233 static int
zfs_secpolicy_tmp_snapshot(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1234 zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1235 {
1236 /*
1237 * A temporary snapshot is the same as a snapshot,
1238 * hold, destroy and release all rolled into one.
1239 * Delegated diff alone is sufficient that we allow this.
1240 */
1241 int error;
1242
1243 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
1244 ZFS_DELEG_PERM_DIFF, cr)) == 0)
1245 return (0);
1246
1247 error = zfs_secpolicy_snapshot_perms(zc->zc_name, cr);
1248
1249 if (innvl != NULL) {
1250 if (error == 0)
1251 error = zfs_secpolicy_hold(zc, innvl, cr);
1252 if (error == 0)
1253 error = zfs_secpolicy_release(zc, innvl, cr);
1254 if (error == 0)
1255 error = zfs_secpolicy_destroy(zc, innvl, cr);
1256 }
1257 return (error);
1258 }
1259
1260 static int
zfs_secpolicy_load_key(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1261 zfs_secpolicy_load_key(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1262 {
1263 return (zfs_secpolicy_write_perms(zc->zc_name,
1264 ZFS_DELEG_PERM_LOAD_KEY, cr));
1265 }
1266
1267 static int
zfs_secpolicy_change_key(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1268 zfs_secpolicy_change_key(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1269 {
1270 return (zfs_secpolicy_write_perms(zc->zc_name,
1271 ZFS_DELEG_PERM_CHANGE_KEY, cr));
1272 }
1273
1274 /*
1275 * Returns the nvlist as specified by the user in the zfs_cmd_t.
1276 */
1277 static int
get_nvlist(uint64_t nvl,uint64_t size,int iflag,nvlist_t ** nvp)1278 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp)
1279 {
1280 char *packed;
1281 int error;
1282 nvlist_t *list = NULL;
1283
1284 /*
1285 * Read in and unpack the user-supplied nvlist.
1286 */
1287 if (size == 0)
1288 return (SET_ERROR(EINVAL));
1289
1290 packed = vmem_alloc(size, KM_SLEEP);
1291
1292 if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size,
1293 iflag)) != 0) {
1294 vmem_free(packed, size);
1295 return (SET_ERROR(EFAULT));
1296 }
1297
1298 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) {
1299 vmem_free(packed, size);
1300 return (error);
1301 }
1302
1303 vmem_free(packed, size);
1304
1305 *nvp = list;
1306 return (0);
1307 }
1308
1309 /*
1310 * Reduce the size of this nvlist until it can be serialized in 'max' bytes.
1311 * Entries will be removed from the end of the nvlist, and one int32 entry
1312 * named "N_MORE_ERRORS" will be added indicating how many entries were
1313 * removed.
1314 */
1315 static int
nvlist_smush(nvlist_t * errors,size_t max)1316 nvlist_smush(nvlist_t *errors, size_t max)
1317 {
1318 size_t size;
1319
1320 size = fnvlist_size(errors);
1321
1322 if (size > max) {
1323 nvpair_t *more_errors;
1324 int n = 0;
1325
1326 if (max < 1024)
1327 return (SET_ERROR(ENOMEM));
1328
1329 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, 0);
1330 more_errors = nvlist_prev_nvpair(errors, NULL);
1331
1332 do {
1333 nvpair_t *pair = nvlist_prev_nvpair(errors,
1334 more_errors);
1335 fnvlist_remove_nvpair(errors, pair);
1336 n++;
1337 size = fnvlist_size(errors);
1338 } while (size > max);
1339
1340 fnvlist_remove_nvpair(errors, more_errors);
1341 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, n);
1342 ASSERT3U(fnvlist_size(errors), <=, max);
1343 }
1344
1345 return (0);
1346 }
1347
1348 static int
put_nvlist(zfs_cmd_t * zc,nvlist_t * nvl)1349 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl)
1350 {
1351 char *packed = NULL;
1352 int error = 0;
1353 size_t size;
1354
1355 size = fnvlist_size(nvl);
1356
1357 if (size > zc->zc_nvlist_dst_size) {
1358 error = SET_ERROR(ENOMEM);
1359 } else {
1360 packed = fnvlist_pack(nvl, &size);
1361 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst,
1362 size, zc->zc_iflags) != 0)
1363 error = SET_ERROR(EFAULT);
1364 fnvlist_pack_free(packed, size);
1365 }
1366
1367 zc->zc_nvlist_dst_size = size;
1368 zc->zc_nvlist_dst_filled = B_TRUE;
1369 return (error);
1370 }
1371
1372 int
getzfsvfs_impl(objset_t * os,zfsvfs_t ** zfvp)1373 getzfsvfs_impl(objset_t *os, zfsvfs_t **zfvp)
1374 {
1375 int error = 0;
1376 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1377 return (SET_ERROR(EINVAL));
1378 }
1379
1380 mutex_enter(&os->os_user_ptr_lock);
1381 *zfvp = dmu_objset_get_user(os);
1382 /* bump s_active only when non-zero to prevent umount race */
1383 error = zfs_vfs_ref(zfvp);
1384 mutex_exit(&os->os_user_ptr_lock);
1385 return (error);
1386 }
1387
1388 int
getzfsvfs(const char * dsname,zfsvfs_t ** zfvp)1389 getzfsvfs(const char *dsname, zfsvfs_t **zfvp)
1390 {
1391 objset_t *os;
1392 int error;
1393
1394 error = dmu_objset_hold(dsname, FTAG, &os);
1395 if (error != 0)
1396 return (error);
1397
1398 error = getzfsvfs_impl(os, zfvp);
1399 dmu_objset_rele(os, FTAG);
1400 return (error);
1401 }
1402
1403 /*
1404 * Find a zfsvfs_t for a mounted filesystem, or create our own, in which
1405 * case its z_sb will be NULL, and it will be opened as the owner.
1406 * If 'writer' is set, the z_teardown_lock will be held for RW_WRITER,
1407 * which prevents all inode ops from running.
1408 */
1409 static int
zfsvfs_hold(const char * name,void * tag,zfsvfs_t ** zfvp,boolean_t writer)1410 zfsvfs_hold(const char *name, void *tag, zfsvfs_t **zfvp, boolean_t writer)
1411 {
1412 int error = 0;
1413
1414 if (getzfsvfs(name, zfvp) != 0)
1415 error = zfsvfs_create(name, B_FALSE, zfvp);
1416 if (error == 0) {
1417 if (writer)
1418 ZFS_TEARDOWN_ENTER_WRITE(*zfvp, tag);
1419 else
1420 ZFS_TEARDOWN_ENTER_READ(*zfvp, tag);
1421 if ((*zfvp)->z_unmounted) {
1422 /*
1423 * XXX we could probably try again, since the unmounting
1424 * thread should be just about to disassociate the
1425 * objset from the zfsvfs.
1426 */
1427 ZFS_TEARDOWN_EXIT(*zfvp, tag);
1428 return (SET_ERROR(EBUSY));
1429 }
1430 }
1431 return (error);
1432 }
1433
1434 static void
zfsvfs_rele(zfsvfs_t * zfsvfs,void * tag)1435 zfsvfs_rele(zfsvfs_t *zfsvfs, void *tag)
1436 {
1437 ZFS_TEARDOWN_EXIT(zfsvfs, tag);
1438
1439 if (zfs_vfs_held(zfsvfs)) {
1440 zfs_vfs_rele(zfsvfs);
1441 } else {
1442 dmu_objset_disown(zfsvfs->z_os, B_TRUE, zfsvfs);
1443 zfsvfs_free(zfsvfs);
1444 }
1445 }
1446
1447 static int
zfs_ioc_pool_create(zfs_cmd_t * zc)1448 zfs_ioc_pool_create(zfs_cmd_t *zc)
1449 {
1450 int error;
1451 nvlist_t *config, *props = NULL;
1452 nvlist_t *rootprops = NULL;
1453 nvlist_t *zplprops = NULL;
1454 dsl_crypto_params_t *dcp = NULL;
1455 const char *spa_name = zc->zc_name;
1456 boolean_t unload_wkey = B_TRUE;
1457
1458 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1459 zc->zc_iflags, &config)))
1460 return (error);
1461
1462 if (zc->zc_nvlist_src_size != 0 && (error =
1463 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1464 zc->zc_iflags, &props))) {
1465 nvlist_free(config);
1466 return (error);
1467 }
1468
1469 if (props) {
1470 nvlist_t *nvl = NULL;
1471 nvlist_t *hidden_args = NULL;
1472 uint64_t version = SPA_VERSION;
1473 char *tname;
1474
1475 (void) nvlist_lookup_uint64(props,
1476 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version);
1477 if (!SPA_VERSION_IS_SUPPORTED(version)) {
1478 error = SET_ERROR(EINVAL);
1479 goto pool_props_bad;
1480 }
1481 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl);
1482 if (nvl) {
1483 error = nvlist_dup(nvl, &rootprops, KM_SLEEP);
1484 if (error != 0)
1485 goto pool_props_bad;
1486 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS);
1487 }
1488
1489 (void) nvlist_lookup_nvlist(props, ZPOOL_HIDDEN_ARGS,
1490 &hidden_args);
1491 error = dsl_crypto_params_create_nvlist(DCP_CMD_NONE,
1492 rootprops, hidden_args, &dcp);
1493 if (error != 0)
1494 goto pool_props_bad;
1495 (void) nvlist_remove_all(props, ZPOOL_HIDDEN_ARGS);
1496
1497 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1498 error = zfs_fill_zplprops_root(version, rootprops,
1499 zplprops, NULL);
1500 if (error != 0)
1501 goto pool_props_bad;
1502
1503 if (nvlist_lookup_string(props,
1504 zpool_prop_to_name(ZPOOL_PROP_TNAME), &tname) == 0)
1505 spa_name = tname;
1506 }
1507
1508 error = spa_create(zc->zc_name, config, props, zplprops, dcp);
1509
1510 /*
1511 * Set the remaining root properties
1512 */
1513 if (!error && (error = zfs_set_prop_nvlist(spa_name,
1514 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0) {
1515 (void) spa_destroy(spa_name);
1516 unload_wkey = B_FALSE; /* spa_destroy() unloads wrapping keys */
1517 }
1518
1519 pool_props_bad:
1520 nvlist_free(rootprops);
1521 nvlist_free(zplprops);
1522 nvlist_free(config);
1523 nvlist_free(props);
1524 dsl_crypto_params_free(dcp, unload_wkey && !!error);
1525
1526 return (error);
1527 }
1528
1529 static int
zfs_ioc_pool_destroy(zfs_cmd_t * zc)1530 zfs_ioc_pool_destroy(zfs_cmd_t *zc)
1531 {
1532 int error;
1533 zfs_log_history(zc);
1534 error = spa_destroy(zc->zc_name);
1535
1536 return (error);
1537 }
1538
1539 static int
zfs_ioc_pool_import(zfs_cmd_t * zc)1540 zfs_ioc_pool_import(zfs_cmd_t *zc)
1541 {
1542 nvlist_t *config, *props = NULL;
1543 uint64_t guid;
1544 int error;
1545
1546 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1547 zc->zc_iflags, &config)) != 0)
1548 return (error);
1549
1550 if (zc->zc_nvlist_src_size != 0 && (error =
1551 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1552 zc->zc_iflags, &props))) {
1553 nvlist_free(config);
1554 return (error);
1555 }
1556
1557 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 ||
1558 guid != zc->zc_guid)
1559 error = SET_ERROR(EINVAL);
1560 else
1561 error = spa_import(zc->zc_name, config, props, zc->zc_cookie);
1562
1563 if (zc->zc_nvlist_dst != 0) {
1564 int err;
1565
1566 if ((err = put_nvlist(zc, config)) != 0)
1567 error = err;
1568 }
1569
1570 nvlist_free(config);
1571 nvlist_free(props);
1572
1573 return (error);
1574 }
1575
1576 static int
zfs_ioc_pool_export(zfs_cmd_t * zc)1577 zfs_ioc_pool_export(zfs_cmd_t *zc)
1578 {
1579 int error;
1580 boolean_t force = (boolean_t)zc->zc_cookie;
1581 boolean_t hardforce = (boolean_t)zc->zc_guid;
1582
1583 zfs_log_history(zc);
1584 error = spa_export(zc->zc_name, NULL, force, hardforce);
1585
1586 return (error);
1587 }
1588
1589 static int
zfs_ioc_pool_configs(zfs_cmd_t * zc)1590 zfs_ioc_pool_configs(zfs_cmd_t *zc)
1591 {
1592 nvlist_t *configs;
1593 int error;
1594
1595 if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL)
1596 return (SET_ERROR(EEXIST));
1597
1598 error = put_nvlist(zc, configs);
1599
1600 nvlist_free(configs);
1601
1602 return (error);
1603 }
1604
1605 /*
1606 * inputs:
1607 * zc_name name of the pool
1608 *
1609 * outputs:
1610 * zc_cookie real errno
1611 * zc_nvlist_dst config nvlist
1612 * zc_nvlist_dst_size size of config nvlist
1613 */
1614 static int
zfs_ioc_pool_stats(zfs_cmd_t * zc)1615 zfs_ioc_pool_stats(zfs_cmd_t *zc)
1616 {
1617 nvlist_t *config;
1618 int error;
1619 int ret = 0;
1620
1621 error = spa_get_stats(zc->zc_name, &config, zc->zc_value,
1622 sizeof (zc->zc_value));
1623
1624 if (config != NULL) {
1625 ret = put_nvlist(zc, config);
1626 nvlist_free(config);
1627
1628 /*
1629 * The config may be present even if 'error' is non-zero.
1630 * In this case we return success, and preserve the real errno
1631 * in 'zc_cookie'.
1632 */
1633 zc->zc_cookie = error;
1634 } else {
1635 ret = error;
1636 }
1637
1638 return (ret);
1639 }
1640
1641 /*
1642 * Try to import the given pool, returning pool stats as appropriate so that
1643 * user land knows which devices are available and overall pool health.
1644 */
1645 static int
zfs_ioc_pool_tryimport(zfs_cmd_t * zc)1646 zfs_ioc_pool_tryimport(zfs_cmd_t *zc)
1647 {
1648 nvlist_t *tryconfig, *config = NULL;
1649 int error;
1650
1651 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1652 zc->zc_iflags, &tryconfig)) != 0)
1653 return (error);
1654
1655 config = spa_tryimport(tryconfig);
1656
1657 nvlist_free(tryconfig);
1658
1659 if (config == NULL)
1660 return (SET_ERROR(EINVAL));
1661
1662 error = put_nvlist(zc, config);
1663 nvlist_free(config);
1664
1665 return (error);
1666 }
1667
1668 /*
1669 * inputs:
1670 * zc_name name of the pool
1671 * zc_cookie scan func (pool_scan_func_t)
1672 * zc_flags scrub pause/resume flag (pool_scrub_cmd_t)
1673 */
1674 static int
zfs_ioc_pool_scan(zfs_cmd_t * zc)1675 zfs_ioc_pool_scan(zfs_cmd_t *zc)
1676 {
1677 spa_t *spa;
1678 int error;
1679
1680 if (zc->zc_flags >= POOL_SCRUB_FLAGS_END)
1681 return (SET_ERROR(EINVAL));
1682
1683 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1684 return (error);
1685
1686 if (zc->zc_flags == POOL_SCRUB_PAUSE)
1687 error = spa_scrub_pause_resume(spa, POOL_SCRUB_PAUSE);
1688 else if (zc->zc_cookie == POOL_SCAN_NONE)
1689 error = spa_scan_stop(spa);
1690 else
1691 error = spa_scan(spa, zc->zc_cookie);
1692
1693 spa_close(spa, FTAG);
1694
1695 return (error);
1696 }
1697
1698 static int
zfs_ioc_pool_freeze(zfs_cmd_t * zc)1699 zfs_ioc_pool_freeze(zfs_cmd_t *zc)
1700 {
1701 spa_t *spa;
1702 int error;
1703
1704 error = spa_open(zc->zc_name, &spa, FTAG);
1705 if (error == 0) {
1706 spa_freeze(spa);
1707 spa_close(spa, FTAG);
1708 }
1709 return (error);
1710 }
1711
1712 static int
zfs_ioc_pool_upgrade(zfs_cmd_t * zc)1713 zfs_ioc_pool_upgrade(zfs_cmd_t *zc)
1714 {
1715 spa_t *spa;
1716 int error;
1717
1718 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1719 return (error);
1720
1721 if (zc->zc_cookie < spa_version(spa) ||
1722 !SPA_VERSION_IS_SUPPORTED(zc->zc_cookie)) {
1723 spa_close(spa, FTAG);
1724 return (SET_ERROR(EINVAL));
1725 }
1726
1727 spa_upgrade(spa, zc->zc_cookie);
1728 spa_close(spa, FTAG);
1729
1730 return (error);
1731 }
1732
1733 static int
zfs_ioc_pool_get_history(zfs_cmd_t * zc)1734 zfs_ioc_pool_get_history(zfs_cmd_t *zc)
1735 {
1736 spa_t *spa;
1737 char *hist_buf;
1738 uint64_t size;
1739 int error;
1740
1741 if ((size = zc->zc_history_len) == 0)
1742 return (SET_ERROR(EINVAL));
1743
1744 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1745 return (error);
1746
1747 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
1748 spa_close(spa, FTAG);
1749 return (SET_ERROR(ENOTSUP));
1750 }
1751
1752 hist_buf = vmem_alloc(size, KM_SLEEP);
1753 if ((error = spa_history_get(spa, &zc->zc_history_offset,
1754 &zc->zc_history_len, hist_buf)) == 0) {
1755 error = ddi_copyout(hist_buf,
1756 (void *)(uintptr_t)zc->zc_history,
1757 zc->zc_history_len, zc->zc_iflags);
1758 }
1759
1760 spa_close(spa, FTAG);
1761 vmem_free(hist_buf, size);
1762 return (error);
1763 }
1764
1765 static int
zfs_ioc_pool_reguid(zfs_cmd_t * zc)1766 zfs_ioc_pool_reguid(zfs_cmd_t *zc)
1767 {
1768 spa_t *spa;
1769 int error;
1770
1771 error = spa_open(zc->zc_name, &spa, FTAG);
1772 if (error == 0) {
1773 error = spa_change_guid(spa);
1774 spa_close(spa, FTAG);
1775 }
1776 return (error);
1777 }
1778
1779 static int
zfs_ioc_dsobj_to_dsname(zfs_cmd_t * zc)1780 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc)
1781 {
1782 return (dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value));
1783 }
1784
1785 /*
1786 * inputs:
1787 * zc_name name of filesystem
1788 * zc_obj object to find
1789 *
1790 * outputs:
1791 * zc_value name of object
1792 */
1793 static int
zfs_ioc_obj_to_path(zfs_cmd_t * zc)1794 zfs_ioc_obj_to_path(zfs_cmd_t *zc)
1795 {
1796 objset_t *os;
1797 int error;
1798
1799 /* XXX reading from objset not owned */
1800 if ((error = dmu_objset_hold_flags(zc->zc_name, B_TRUE,
1801 FTAG, &os)) != 0)
1802 return (error);
1803 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1804 dmu_objset_rele_flags(os, B_TRUE, FTAG);
1805 return (SET_ERROR(EINVAL));
1806 }
1807 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value,
1808 sizeof (zc->zc_value));
1809 dmu_objset_rele_flags(os, B_TRUE, FTAG);
1810
1811 return (error);
1812 }
1813
1814 /*
1815 * inputs:
1816 * zc_name name of filesystem
1817 * zc_obj object to find
1818 *
1819 * outputs:
1820 * zc_stat stats on object
1821 * zc_value path to object
1822 */
1823 static int
zfs_ioc_obj_to_stats(zfs_cmd_t * zc)1824 zfs_ioc_obj_to_stats(zfs_cmd_t *zc)
1825 {
1826 objset_t *os;
1827 int error;
1828
1829 /* XXX reading from objset not owned */
1830 if ((error = dmu_objset_hold_flags(zc->zc_name, B_TRUE,
1831 FTAG, &os)) != 0)
1832 return (error);
1833 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1834 dmu_objset_rele_flags(os, B_TRUE, FTAG);
1835 return (SET_ERROR(EINVAL));
1836 }
1837 error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value,
1838 sizeof (zc->zc_value));
1839 dmu_objset_rele_flags(os, B_TRUE, FTAG);
1840
1841 return (error);
1842 }
1843
1844 static int
zfs_ioc_vdev_add(zfs_cmd_t * zc)1845 zfs_ioc_vdev_add(zfs_cmd_t *zc)
1846 {
1847 spa_t *spa;
1848 int error;
1849 nvlist_t *config;
1850
1851 error = spa_open(zc->zc_name, &spa, FTAG);
1852 if (error != 0)
1853 return (error);
1854
1855 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1856 zc->zc_iflags, &config);
1857 if (error == 0) {
1858 error = spa_vdev_add(spa, config);
1859 nvlist_free(config);
1860 }
1861 spa_close(spa, FTAG);
1862 return (error);
1863 }
1864
1865 /*
1866 * inputs:
1867 * zc_name name of the pool
1868 * zc_guid guid of vdev to remove
1869 * zc_cookie cancel removal
1870 */
1871 static int
zfs_ioc_vdev_remove(zfs_cmd_t * zc)1872 zfs_ioc_vdev_remove(zfs_cmd_t *zc)
1873 {
1874 spa_t *spa;
1875 int error;
1876
1877 error = spa_open(zc->zc_name, &spa, FTAG);
1878 if (error != 0)
1879 return (error);
1880 if (zc->zc_cookie != 0) {
1881 error = spa_vdev_remove_cancel(spa);
1882 } else {
1883 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE);
1884 }
1885 spa_close(spa, FTAG);
1886 return (error);
1887 }
1888
1889 static int
zfs_ioc_vdev_set_state(zfs_cmd_t * zc)1890 zfs_ioc_vdev_set_state(zfs_cmd_t *zc)
1891 {
1892 spa_t *spa;
1893 int error;
1894 vdev_state_t newstate = VDEV_STATE_UNKNOWN;
1895
1896 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1897 return (error);
1898 switch (zc->zc_cookie) {
1899 case VDEV_STATE_ONLINE:
1900 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate);
1901 break;
1902
1903 case VDEV_STATE_OFFLINE:
1904 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj);
1905 break;
1906
1907 case VDEV_STATE_FAULTED:
1908 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1909 zc->zc_obj != VDEV_AUX_EXTERNAL &&
1910 zc->zc_obj != VDEV_AUX_EXTERNAL_PERSIST)
1911 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1912
1913 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj);
1914 break;
1915
1916 case VDEV_STATE_DEGRADED:
1917 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1918 zc->zc_obj != VDEV_AUX_EXTERNAL)
1919 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1920
1921 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj);
1922 break;
1923
1924 default:
1925 error = SET_ERROR(EINVAL);
1926 }
1927 zc->zc_cookie = newstate;
1928 spa_close(spa, FTAG);
1929 return (error);
1930 }
1931
1932 static int
zfs_ioc_vdev_attach(zfs_cmd_t * zc)1933 zfs_ioc_vdev_attach(zfs_cmd_t *zc)
1934 {
1935 spa_t *spa;
1936 nvlist_t *config;
1937 int replacing = zc->zc_cookie;
1938 int rebuild = zc->zc_simple;
1939 int error;
1940
1941 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1942 return (error);
1943
1944 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1945 zc->zc_iflags, &config)) == 0) {
1946 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing,
1947 rebuild);
1948 nvlist_free(config);
1949 }
1950
1951 spa_close(spa, FTAG);
1952 return (error);
1953 }
1954
1955 static int
zfs_ioc_vdev_detach(zfs_cmd_t * zc)1956 zfs_ioc_vdev_detach(zfs_cmd_t *zc)
1957 {
1958 spa_t *spa;
1959 int error;
1960
1961 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1962 return (error);
1963
1964 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE);
1965
1966 spa_close(spa, FTAG);
1967 return (error);
1968 }
1969
1970 static int
zfs_ioc_vdev_split(zfs_cmd_t * zc)1971 zfs_ioc_vdev_split(zfs_cmd_t *zc)
1972 {
1973 spa_t *spa;
1974 nvlist_t *config, *props = NULL;
1975 int error;
1976 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT);
1977
1978 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1979 return (error);
1980
1981 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1982 zc->zc_iflags, &config))) {
1983 spa_close(spa, FTAG);
1984 return (error);
1985 }
1986
1987 if (zc->zc_nvlist_src_size != 0 && (error =
1988 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1989 zc->zc_iflags, &props))) {
1990 spa_close(spa, FTAG);
1991 nvlist_free(config);
1992 return (error);
1993 }
1994
1995 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp);
1996
1997 spa_close(spa, FTAG);
1998
1999 nvlist_free(config);
2000 nvlist_free(props);
2001
2002 return (error);
2003 }
2004
2005 static int
zfs_ioc_vdev_setpath(zfs_cmd_t * zc)2006 zfs_ioc_vdev_setpath(zfs_cmd_t *zc)
2007 {
2008 spa_t *spa;
2009 const char *path = zc->zc_value;
2010 uint64_t guid = zc->zc_guid;
2011 int error;
2012
2013 error = spa_open(zc->zc_name, &spa, FTAG);
2014 if (error != 0)
2015 return (error);
2016
2017 error = spa_vdev_setpath(spa, guid, path);
2018 spa_close(spa, FTAG);
2019 return (error);
2020 }
2021
2022 static int
zfs_ioc_vdev_setfru(zfs_cmd_t * zc)2023 zfs_ioc_vdev_setfru(zfs_cmd_t *zc)
2024 {
2025 spa_t *spa;
2026 const char *fru = zc->zc_value;
2027 uint64_t guid = zc->zc_guid;
2028 int error;
2029
2030 error = spa_open(zc->zc_name, &spa, FTAG);
2031 if (error != 0)
2032 return (error);
2033
2034 error = spa_vdev_setfru(spa, guid, fru);
2035 spa_close(spa, FTAG);
2036 return (error);
2037 }
2038
2039 static int
zfs_ioc_objset_stats_impl(zfs_cmd_t * zc,objset_t * os)2040 zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os)
2041 {
2042 int error = 0;
2043 nvlist_t *nv;
2044
2045 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
2046
2047 if (zc->zc_nvlist_dst != 0 &&
2048 (error = dsl_prop_get_all(os, &nv)) == 0) {
2049 dmu_objset_stats(os, nv);
2050 /*
2051 * NB: zvol_get_stats() will read the objset contents,
2052 * which we aren't supposed to do with a
2053 * DS_MODE_USER hold, because it could be
2054 * inconsistent. So this is a bit of a workaround...
2055 * XXX reading without owning
2056 */
2057 if (!zc->zc_objset_stats.dds_inconsistent &&
2058 dmu_objset_type(os) == DMU_OST_ZVOL) {
2059 error = zvol_get_stats(os, nv);
2060 if (error == EIO) {
2061 nvlist_free(nv);
2062 return (error);
2063 }
2064 VERIFY0(error);
2065 }
2066 if (error == 0)
2067 error = put_nvlist(zc, nv);
2068 nvlist_free(nv);
2069 }
2070
2071 return (error);
2072 }
2073
2074 /*
2075 * inputs:
2076 * zc_name name of filesystem
2077 * zc_nvlist_dst_size size of buffer for property nvlist
2078 *
2079 * outputs:
2080 * zc_objset_stats stats
2081 * zc_nvlist_dst property nvlist
2082 * zc_nvlist_dst_size size of property nvlist
2083 */
2084 static int
zfs_ioc_objset_stats(zfs_cmd_t * zc)2085 zfs_ioc_objset_stats(zfs_cmd_t *zc)
2086 {
2087 objset_t *os;
2088 int error;
2089
2090 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2091 if (error == 0) {
2092 error = zfs_ioc_objset_stats_impl(zc, os);
2093 dmu_objset_rele(os, FTAG);
2094 }
2095
2096 return (error);
2097 }
2098
2099 /*
2100 * inputs:
2101 * zc_name name of filesystem
2102 * zc_nvlist_dst_size size of buffer for property nvlist
2103 *
2104 * outputs:
2105 * zc_nvlist_dst received property nvlist
2106 * zc_nvlist_dst_size size of received property nvlist
2107 *
2108 * Gets received properties (distinct from local properties on or after
2109 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from
2110 * local property values.
2111 */
2112 static int
zfs_ioc_objset_recvd_props(zfs_cmd_t * zc)2113 zfs_ioc_objset_recvd_props(zfs_cmd_t *zc)
2114 {
2115 int error = 0;
2116 nvlist_t *nv;
2117
2118 /*
2119 * Without this check, we would return local property values if the
2120 * caller has not already received properties on or after
2121 * SPA_VERSION_RECVD_PROPS.
2122 */
2123 if (!dsl_prop_get_hasrecvd(zc->zc_name))
2124 return (SET_ERROR(ENOTSUP));
2125
2126 if (zc->zc_nvlist_dst != 0 &&
2127 (error = dsl_prop_get_received(zc->zc_name, &nv)) == 0) {
2128 error = put_nvlist(zc, nv);
2129 nvlist_free(nv);
2130 }
2131
2132 return (error);
2133 }
2134
2135 static int
nvl_add_zplprop(objset_t * os,nvlist_t * props,zfs_prop_t prop)2136 nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop)
2137 {
2138 uint64_t value;
2139 int error;
2140
2141 /*
2142 * zfs_get_zplprop() will either find a value or give us
2143 * the default value (if there is one).
2144 */
2145 if ((error = zfs_get_zplprop(os, prop, &value)) != 0)
2146 return (error);
2147 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0);
2148 return (0);
2149 }
2150
2151 /*
2152 * inputs:
2153 * zc_name name of filesystem
2154 * zc_nvlist_dst_size size of buffer for zpl property nvlist
2155 *
2156 * outputs:
2157 * zc_nvlist_dst zpl property nvlist
2158 * zc_nvlist_dst_size size of zpl property nvlist
2159 */
2160 static int
zfs_ioc_objset_zplprops(zfs_cmd_t * zc)2161 zfs_ioc_objset_zplprops(zfs_cmd_t *zc)
2162 {
2163 objset_t *os;
2164 int err;
2165
2166 /* XXX reading without owning */
2167 if ((err = dmu_objset_hold(zc->zc_name, FTAG, &os)))
2168 return (err);
2169
2170 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
2171
2172 /*
2173 * NB: nvl_add_zplprop() will read the objset contents,
2174 * which we aren't supposed to do with a DS_MODE_USER
2175 * hold, because it could be inconsistent.
2176 */
2177 if (zc->zc_nvlist_dst != 0 &&
2178 !zc->zc_objset_stats.dds_inconsistent &&
2179 dmu_objset_type(os) == DMU_OST_ZFS) {
2180 nvlist_t *nv;
2181
2182 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2183 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 &&
2184 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 &&
2185 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 &&
2186 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0)
2187 err = put_nvlist(zc, nv);
2188 nvlist_free(nv);
2189 } else {
2190 err = SET_ERROR(ENOENT);
2191 }
2192 dmu_objset_rele(os, FTAG);
2193 return (err);
2194 }
2195
2196 /*
2197 * inputs:
2198 * zc_name name of filesystem
2199 * zc_cookie zap cursor
2200 * zc_nvlist_dst_size size of buffer for property nvlist
2201 *
2202 * outputs:
2203 * zc_name name of next filesystem
2204 * zc_cookie zap cursor
2205 * zc_objset_stats stats
2206 * zc_nvlist_dst property nvlist
2207 * zc_nvlist_dst_size size of property nvlist
2208 */
2209 static int
zfs_ioc_dataset_list_next(zfs_cmd_t * zc)2210 zfs_ioc_dataset_list_next(zfs_cmd_t *zc)
2211 {
2212 objset_t *os;
2213 int error;
2214 char *p;
2215 size_t orig_len = strlen(zc->zc_name);
2216
2217 top:
2218 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os))) {
2219 if (error == ENOENT)
2220 error = SET_ERROR(ESRCH);
2221 return (error);
2222 }
2223
2224 p = strrchr(zc->zc_name, '/');
2225 if (p == NULL || p[1] != '\0')
2226 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name));
2227 p = zc->zc_name + strlen(zc->zc_name);
2228
2229 do {
2230 error = dmu_dir_list_next(os,
2231 sizeof (zc->zc_name) - (p - zc->zc_name), p,
2232 NULL, &zc->zc_cookie);
2233 if (error == ENOENT)
2234 error = SET_ERROR(ESRCH);
2235 } while (error == 0 && zfs_dataset_name_hidden(zc->zc_name));
2236 dmu_objset_rele(os, FTAG);
2237
2238 /*
2239 * If it's an internal dataset (ie. with a '$' in its name),
2240 * don't try to get stats for it, otherwise we'll return ENOENT.
2241 */
2242 if (error == 0 && strchr(zc->zc_name, '$') == NULL) {
2243 error = zfs_ioc_objset_stats(zc); /* fill in the stats */
2244 if (error == ENOENT) {
2245 /* We lost a race with destroy, get the next one. */
2246 zc->zc_name[orig_len] = '\0';
2247 goto top;
2248 }
2249 }
2250 return (error);
2251 }
2252
2253 /*
2254 * inputs:
2255 * zc_name name of filesystem
2256 * zc_cookie zap cursor
2257 * zc_nvlist_src iteration range nvlist
2258 * zc_nvlist_src_size size of iteration range nvlist
2259 *
2260 * outputs:
2261 * zc_name name of next snapshot
2262 * zc_objset_stats stats
2263 * zc_nvlist_dst property nvlist
2264 * zc_nvlist_dst_size size of property nvlist
2265 */
2266 static int
zfs_ioc_snapshot_list_next(zfs_cmd_t * zc)2267 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc)
2268 {
2269 int error;
2270 objset_t *os, *ossnap;
2271 dsl_dataset_t *ds;
2272 uint64_t min_txg = 0, max_txg = 0;
2273
2274 if (zc->zc_nvlist_src_size != 0) {
2275 nvlist_t *props = NULL;
2276 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2277 zc->zc_iflags, &props);
2278 if (error != 0)
2279 return (error);
2280 (void) nvlist_lookup_uint64(props, SNAP_ITER_MIN_TXG,
2281 &min_txg);
2282 (void) nvlist_lookup_uint64(props, SNAP_ITER_MAX_TXG,
2283 &max_txg);
2284 nvlist_free(props);
2285 }
2286
2287 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2288 if (error != 0) {
2289 return (error == ENOENT ? SET_ERROR(ESRCH) : error);
2290 }
2291
2292 /*
2293 * A dataset name of maximum length cannot have any snapshots,
2294 * so exit immediately.
2295 */
2296 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >=
2297 ZFS_MAX_DATASET_NAME_LEN) {
2298 dmu_objset_rele(os, FTAG);
2299 return (SET_ERROR(ESRCH));
2300 }
2301
2302 while (error == 0) {
2303 if (issig(JUSTLOOKING) && issig(FORREAL)) {
2304 error = SET_ERROR(EINTR);
2305 break;
2306 }
2307
2308 error = dmu_snapshot_list_next(os,
2309 sizeof (zc->zc_name) - strlen(zc->zc_name),
2310 zc->zc_name + strlen(zc->zc_name), &zc->zc_obj,
2311 &zc->zc_cookie, NULL);
2312 if (error == ENOENT) {
2313 error = SET_ERROR(ESRCH);
2314 break;
2315 } else if (error != 0) {
2316 break;
2317 }
2318
2319 error = dsl_dataset_hold_obj(dmu_objset_pool(os), zc->zc_obj,
2320 FTAG, &ds);
2321 if (error != 0)
2322 break;
2323
2324 if ((min_txg != 0 && dsl_get_creationtxg(ds) < min_txg) ||
2325 (max_txg != 0 && dsl_get_creationtxg(ds) > max_txg)) {
2326 dsl_dataset_rele(ds, FTAG);
2327 /* undo snapshot name append */
2328 *(strchr(zc->zc_name, '@') + 1) = '\0';
2329 /* skip snapshot */
2330 continue;
2331 }
2332
2333 if (zc->zc_simple) {
2334 dsl_dataset_rele(ds, FTAG);
2335 break;
2336 }
2337
2338 if ((error = dmu_objset_from_ds(ds, &ossnap)) != 0) {
2339 dsl_dataset_rele(ds, FTAG);
2340 break;
2341 }
2342 if ((error = zfs_ioc_objset_stats_impl(zc, ossnap)) != 0) {
2343 dsl_dataset_rele(ds, FTAG);
2344 break;
2345 }
2346 dsl_dataset_rele(ds, FTAG);
2347 break;
2348 }
2349
2350 dmu_objset_rele(os, FTAG);
2351 /* if we failed, undo the @ that we tacked on to zc_name */
2352 if (error != 0)
2353 *strchr(zc->zc_name, '@') = '\0';
2354 return (error);
2355 }
2356
2357 static int
zfs_prop_set_userquota(const char * dsname,nvpair_t * pair)2358 zfs_prop_set_userquota(const char *dsname, nvpair_t *pair)
2359 {
2360 const char *propname = nvpair_name(pair);
2361 uint64_t *valary;
2362 unsigned int vallen;
2363 const char *dash, *domain;
2364 zfs_userquota_prop_t type;
2365 uint64_t rid;
2366 uint64_t quota;
2367 zfsvfs_t *zfsvfs;
2368 int err;
2369
2370 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2371 nvlist_t *attrs;
2372 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2373 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2374 &pair) != 0)
2375 return (SET_ERROR(EINVAL));
2376 }
2377
2378 /*
2379 * A correctly constructed propname is encoded as
2380 * userquota@<rid>-<domain>.
2381 */
2382 if ((dash = strchr(propname, '-')) == NULL ||
2383 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 ||
2384 vallen != 3)
2385 return (SET_ERROR(EINVAL));
2386
2387 domain = dash + 1;
2388 type = valary[0];
2389 rid = valary[1];
2390 quota = valary[2];
2391
2392 err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE);
2393 if (err == 0) {
2394 err = zfs_set_userquota(zfsvfs, type, domain, rid, quota);
2395 zfsvfs_rele(zfsvfs, FTAG);
2396 }
2397
2398 return (err);
2399 }
2400
2401 /*
2402 * If the named property is one that has a special function to set its value,
2403 * return 0 on success and a positive error code on failure; otherwise if it is
2404 * not one of the special properties handled by this function, return -1.
2405 *
2406 * XXX: It would be better for callers of the property interface if we handled
2407 * these special cases in dsl_prop.c (in the dsl layer).
2408 */
2409 static int
zfs_prop_set_special(const char * dsname,zprop_source_t source,nvpair_t * pair)2410 zfs_prop_set_special(const char *dsname, zprop_source_t source,
2411 nvpair_t *pair)
2412 {
2413 const char *propname = nvpair_name(pair);
2414 zfs_prop_t prop = zfs_name_to_prop(propname);
2415 uint64_t intval = 0;
2416 const char *strval = NULL;
2417 int err = -1;
2418
2419 if (prop == ZPROP_INVAL) {
2420 if (zfs_prop_userquota(propname))
2421 return (zfs_prop_set_userquota(dsname, pair));
2422 return (-1);
2423 }
2424
2425 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2426 nvlist_t *attrs;
2427 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2428 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2429 &pair) == 0);
2430 }
2431
2432 /* all special properties are numeric except for keylocation */
2433 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING) {
2434 strval = fnvpair_value_string(pair);
2435 } else {
2436 intval = fnvpair_value_uint64(pair);
2437 }
2438
2439 switch (prop) {
2440 case ZFS_PROP_QUOTA:
2441 err = dsl_dir_set_quota(dsname, source, intval);
2442 break;
2443 case ZFS_PROP_REFQUOTA:
2444 err = dsl_dataset_set_refquota(dsname, source, intval);
2445 break;
2446 case ZFS_PROP_FILESYSTEM_LIMIT:
2447 case ZFS_PROP_SNAPSHOT_LIMIT:
2448 if (intval == UINT64_MAX) {
2449 /* clearing the limit, just do it */
2450 err = 0;
2451 } else {
2452 err = dsl_dir_activate_fs_ss_limit(dsname);
2453 }
2454 /*
2455 * Set err to -1 to force the zfs_set_prop_nvlist code down the
2456 * default path to set the value in the nvlist.
2457 */
2458 if (err == 0)
2459 err = -1;
2460 break;
2461 case ZFS_PROP_KEYLOCATION:
2462 err = dsl_crypto_can_set_keylocation(dsname, strval);
2463
2464 /*
2465 * Set err to -1 to force the zfs_set_prop_nvlist code down the
2466 * default path to set the value in the nvlist.
2467 */
2468 if (err == 0)
2469 err = -1;
2470 break;
2471 case ZFS_PROP_RESERVATION:
2472 err = dsl_dir_set_reservation(dsname, source, intval);
2473 break;
2474 case ZFS_PROP_REFRESERVATION:
2475 err = dsl_dataset_set_refreservation(dsname, source, intval);
2476 break;
2477 case ZFS_PROP_COMPRESSION:
2478 err = dsl_dataset_set_compression(dsname, source, intval);
2479 /*
2480 * Set err to -1 to force the zfs_set_prop_nvlist code down the
2481 * default path to set the value in the nvlist.
2482 */
2483 if (err == 0)
2484 err = -1;
2485 break;
2486 case ZFS_PROP_VOLSIZE:
2487 err = zvol_set_volsize(dsname, intval);
2488 break;
2489 case ZFS_PROP_SNAPDEV:
2490 err = zvol_set_snapdev(dsname, source, intval);
2491 break;
2492 case ZFS_PROP_VOLMODE:
2493 err = zvol_set_volmode(dsname, source, intval);
2494 break;
2495 case ZFS_PROP_VERSION:
2496 {
2497 zfsvfs_t *zfsvfs;
2498
2499 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0)
2500 break;
2501
2502 err = zfs_set_version(zfsvfs, intval);
2503 zfsvfs_rele(zfsvfs, FTAG);
2504
2505 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) {
2506 zfs_cmd_t *zc;
2507
2508 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
2509 (void) strlcpy(zc->zc_name, dsname,
2510 sizeof (zc->zc_name));
2511 (void) zfs_ioc_userspace_upgrade(zc);
2512 (void) zfs_ioc_id_quota_upgrade(zc);
2513 kmem_free(zc, sizeof (zfs_cmd_t));
2514 }
2515 break;
2516 }
2517 default:
2518 err = -1;
2519 }
2520
2521 return (err);
2522 }
2523
2524 /*
2525 * This function is best effort. If it fails to set any of the given properties,
2526 * it continues to set as many as it can and returns the last error
2527 * encountered. If the caller provides a non-NULL errlist, it will be filled in
2528 * with the list of names of all the properties that failed along with the
2529 * corresponding error numbers.
2530 *
2531 * If every property is set successfully, zero is returned and errlist is not
2532 * modified.
2533 */
2534 int
zfs_set_prop_nvlist(const char * dsname,zprop_source_t source,nvlist_t * nvl,nvlist_t * errlist)2535 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl,
2536 nvlist_t *errlist)
2537 {
2538 nvpair_t *pair;
2539 nvpair_t *propval;
2540 int rv = 0;
2541 uint64_t intval;
2542 const char *strval;
2543
2544 nvlist_t *genericnvl = fnvlist_alloc();
2545 nvlist_t *retrynvl = fnvlist_alloc();
2546 retry:
2547 pair = NULL;
2548 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2549 const char *propname = nvpair_name(pair);
2550 zfs_prop_t prop = zfs_name_to_prop(propname);
2551 int err = 0;
2552
2553 /* decode the property value */
2554 propval = pair;
2555 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2556 nvlist_t *attrs;
2557 attrs = fnvpair_value_nvlist(pair);
2558 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2559 &propval) != 0)
2560 err = SET_ERROR(EINVAL);
2561 }
2562
2563 /* Validate value type */
2564 if (err == 0 && source == ZPROP_SRC_INHERITED) {
2565 /* inherited properties are expected to be booleans */
2566 if (nvpair_type(propval) != DATA_TYPE_BOOLEAN)
2567 err = SET_ERROR(EINVAL);
2568 } else if (err == 0 && prop == ZPROP_INVAL) {
2569 if (zfs_prop_user(propname)) {
2570 if (nvpair_type(propval) != DATA_TYPE_STRING)
2571 err = SET_ERROR(EINVAL);
2572 } else if (zfs_prop_userquota(propname)) {
2573 if (nvpair_type(propval) !=
2574 DATA_TYPE_UINT64_ARRAY)
2575 err = SET_ERROR(EINVAL);
2576 } else {
2577 err = SET_ERROR(EINVAL);
2578 }
2579 } else if (err == 0) {
2580 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2581 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING)
2582 err = SET_ERROR(EINVAL);
2583 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) {
2584 const char *unused;
2585
2586 intval = fnvpair_value_uint64(propval);
2587
2588 switch (zfs_prop_get_type(prop)) {
2589 case PROP_TYPE_NUMBER:
2590 break;
2591 case PROP_TYPE_STRING:
2592 err = SET_ERROR(EINVAL);
2593 break;
2594 case PROP_TYPE_INDEX:
2595 if (zfs_prop_index_to_string(prop,
2596 intval, &unused) != 0)
2597 err =
2598 SET_ERROR(ZFS_ERR_BADPROP);
2599 break;
2600 default:
2601 cmn_err(CE_PANIC,
2602 "unknown property type");
2603 }
2604 } else {
2605 err = SET_ERROR(EINVAL);
2606 }
2607 }
2608
2609 /* Validate permissions */
2610 if (err == 0)
2611 err = zfs_check_settable(dsname, pair, CRED());
2612
2613 if (err == 0) {
2614 if (source == ZPROP_SRC_INHERITED)
2615 err = -1; /* does not need special handling */
2616 else
2617 err = zfs_prop_set_special(dsname, source,
2618 pair);
2619 if (err == -1) {
2620 /*
2621 * For better performance we build up a list of
2622 * properties to set in a single transaction.
2623 */
2624 err = nvlist_add_nvpair(genericnvl, pair);
2625 } else if (err != 0 && nvl != retrynvl) {
2626 /*
2627 * This may be a spurious error caused by
2628 * receiving quota and reservation out of order.
2629 * Try again in a second pass.
2630 */
2631 err = nvlist_add_nvpair(retrynvl, pair);
2632 }
2633 }
2634
2635 if (err != 0) {
2636 if (errlist != NULL)
2637 fnvlist_add_int32(errlist, propname, err);
2638 rv = err;
2639 }
2640 }
2641
2642 if (nvl != retrynvl && !nvlist_empty(retrynvl)) {
2643 nvl = retrynvl;
2644 goto retry;
2645 }
2646
2647 if (!nvlist_empty(genericnvl) &&
2648 dsl_props_set(dsname, source, genericnvl) != 0) {
2649 /*
2650 * If this fails, we still want to set as many properties as we
2651 * can, so try setting them individually.
2652 */
2653 pair = NULL;
2654 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) {
2655 const char *propname = nvpair_name(pair);
2656 int err = 0;
2657
2658 propval = pair;
2659 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2660 nvlist_t *attrs;
2661 attrs = fnvpair_value_nvlist(pair);
2662 propval = fnvlist_lookup_nvpair(attrs,
2663 ZPROP_VALUE);
2664 }
2665
2666 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2667 strval = fnvpair_value_string(propval);
2668 err = dsl_prop_set_string(dsname, propname,
2669 source, strval);
2670 } else if (nvpair_type(propval) == DATA_TYPE_BOOLEAN) {
2671 err = dsl_prop_inherit(dsname, propname,
2672 source);
2673 } else {
2674 intval = fnvpair_value_uint64(propval);
2675 err = dsl_prop_set_int(dsname, propname, source,
2676 intval);
2677 }
2678
2679 if (err != 0) {
2680 if (errlist != NULL) {
2681 fnvlist_add_int32(errlist, propname,
2682 err);
2683 }
2684 rv = err;
2685 }
2686 }
2687 }
2688 nvlist_free(genericnvl);
2689 nvlist_free(retrynvl);
2690
2691 return (rv);
2692 }
2693
2694 /*
2695 * Check that all the properties are valid user properties.
2696 */
2697 static int
zfs_check_userprops(nvlist_t * nvl)2698 zfs_check_userprops(nvlist_t *nvl)
2699 {
2700 nvpair_t *pair = NULL;
2701
2702 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2703 const char *propname = nvpair_name(pair);
2704
2705 if (!zfs_prop_user(propname) ||
2706 nvpair_type(pair) != DATA_TYPE_STRING)
2707 return (SET_ERROR(EINVAL));
2708
2709 if (strlen(propname) >= ZAP_MAXNAMELEN)
2710 return (SET_ERROR(ENAMETOOLONG));
2711
2712 if (strlen(fnvpair_value_string(pair)) >= ZAP_MAXVALUELEN)
2713 return (SET_ERROR(E2BIG));
2714 }
2715 return (0);
2716 }
2717
2718 static void
props_skip(nvlist_t * props,nvlist_t * skipped,nvlist_t ** newprops)2719 props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops)
2720 {
2721 nvpair_t *pair;
2722
2723 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2724
2725 pair = NULL;
2726 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) {
2727 if (nvlist_exists(skipped, nvpair_name(pair)))
2728 continue;
2729
2730 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0);
2731 }
2732 }
2733
2734 static int
clear_received_props(const char * dsname,nvlist_t * props,nvlist_t * skipped)2735 clear_received_props(const char *dsname, nvlist_t *props,
2736 nvlist_t *skipped)
2737 {
2738 int err = 0;
2739 nvlist_t *cleared_props = NULL;
2740 props_skip(props, skipped, &cleared_props);
2741 if (!nvlist_empty(cleared_props)) {
2742 /*
2743 * Acts on local properties until the dataset has received
2744 * properties at least once on or after SPA_VERSION_RECVD_PROPS.
2745 */
2746 zprop_source_t flags = (ZPROP_SRC_NONE |
2747 (dsl_prop_get_hasrecvd(dsname) ? ZPROP_SRC_RECEIVED : 0));
2748 err = zfs_set_prop_nvlist(dsname, flags, cleared_props, NULL);
2749 }
2750 nvlist_free(cleared_props);
2751 return (err);
2752 }
2753
2754 /*
2755 * inputs:
2756 * zc_name name of filesystem
2757 * zc_value name of property to set
2758 * zc_nvlist_src{_size} nvlist of properties to apply
2759 * zc_cookie received properties flag
2760 *
2761 * outputs:
2762 * zc_nvlist_dst{_size} error for each unapplied received property
2763 */
2764 static int
zfs_ioc_set_prop(zfs_cmd_t * zc)2765 zfs_ioc_set_prop(zfs_cmd_t *zc)
2766 {
2767 nvlist_t *nvl;
2768 boolean_t received = zc->zc_cookie;
2769 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED :
2770 ZPROP_SRC_LOCAL);
2771 nvlist_t *errors;
2772 int error;
2773
2774 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2775 zc->zc_iflags, &nvl)) != 0)
2776 return (error);
2777
2778 if (received) {
2779 nvlist_t *origprops;
2780
2781 if (dsl_prop_get_received(zc->zc_name, &origprops) == 0) {
2782 (void) clear_received_props(zc->zc_name,
2783 origprops, nvl);
2784 nvlist_free(origprops);
2785 }
2786
2787 error = dsl_prop_set_hasrecvd(zc->zc_name);
2788 }
2789
2790 errors = fnvlist_alloc();
2791 if (error == 0)
2792 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, errors);
2793
2794 if (zc->zc_nvlist_dst != 0 && errors != NULL) {
2795 (void) put_nvlist(zc, errors);
2796 }
2797
2798 nvlist_free(errors);
2799 nvlist_free(nvl);
2800 return (error);
2801 }
2802
2803 /*
2804 * inputs:
2805 * zc_name name of filesystem
2806 * zc_value name of property to inherit
2807 * zc_cookie revert to received value if TRUE
2808 *
2809 * outputs: none
2810 */
2811 static int
zfs_ioc_inherit_prop(zfs_cmd_t * zc)2812 zfs_ioc_inherit_prop(zfs_cmd_t *zc)
2813 {
2814 const char *propname = zc->zc_value;
2815 zfs_prop_t prop = zfs_name_to_prop(propname);
2816 boolean_t received = zc->zc_cookie;
2817 zprop_source_t source = (received
2818 ? ZPROP_SRC_NONE /* revert to received value, if any */
2819 : ZPROP_SRC_INHERITED); /* explicitly inherit */
2820 nvlist_t *dummy;
2821 nvpair_t *pair;
2822 zprop_type_t type;
2823 int err;
2824
2825 if (!received) {
2826 /*
2827 * Only check this in the non-received case. We want to allow
2828 * 'inherit -S' to revert non-inheritable properties like quota
2829 * and reservation to the received or default values even though
2830 * they are not considered inheritable.
2831 */
2832 if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop))
2833 return (SET_ERROR(EINVAL));
2834 }
2835
2836 if (prop == ZPROP_INVAL) {
2837 if (!zfs_prop_user(propname))
2838 return (SET_ERROR(EINVAL));
2839
2840 type = PROP_TYPE_STRING;
2841 } else if (prop == ZFS_PROP_VOLSIZE || prop == ZFS_PROP_VERSION) {
2842 return (SET_ERROR(EINVAL));
2843 } else {
2844 type = zfs_prop_get_type(prop);
2845 }
2846
2847 /*
2848 * zfs_prop_set_special() expects properties in the form of an
2849 * nvpair with type info.
2850 */
2851 dummy = fnvlist_alloc();
2852
2853 switch (type) {
2854 case PROP_TYPE_STRING:
2855 VERIFY(0 == nvlist_add_string(dummy, propname, ""));
2856 break;
2857 case PROP_TYPE_NUMBER:
2858 case PROP_TYPE_INDEX:
2859 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0));
2860 break;
2861 default:
2862 err = SET_ERROR(EINVAL);
2863 goto errout;
2864 }
2865
2866 pair = nvlist_next_nvpair(dummy, NULL);
2867 if (pair == NULL) {
2868 err = SET_ERROR(EINVAL);
2869 } else {
2870 err = zfs_prop_set_special(zc->zc_name, source, pair);
2871 if (err == -1) /* property is not "special", needs handling */
2872 err = dsl_prop_inherit(zc->zc_name, zc->zc_value,
2873 source);
2874 }
2875
2876 errout:
2877 nvlist_free(dummy);
2878 return (err);
2879 }
2880
2881 static int
zfs_ioc_pool_set_props(zfs_cmd_t * zc)2882 zfs_ioc_pool_set_props(zfs_cmd_t *zc)
2883 {
2884 nvlist_t *props;
2885 spa_t *spa;
2886 int error;
2887 nvpair_t *pair;
2888
2889 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2890 zc->zc_iflags, &props)))
2891 return (error);
2892
2893 /*
2894 * If the only property is the configfile, then just do a spa_lookup()
2895 * to handle the faulted case.
2896 */
2897 pair = nvlist_next_nvpair(props, NULL);
2898 if (pair != NULL && strcmp(nvpair_name(pair),
2899 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 &&
2900 nvlist_next_nvpair(props, pair) == NULL) {
2901 mutex_enter(&spa_namespace_lock);
2902 if ((spa = spa_lookup(zc->zc_name)) != NULL) {
2903 spa_configfile_set(spa, props, B_FALSE);
2904 spa_write_cachefile(spa, B_FALSE, B_TRUE);
2905 }
2906 mutex_exit(&spa_namespace_lock);
2907 if (spa != NULL) {
2908 nvlist_free(props);
2909 return (0);
2910 }
2911 }
2912
2913 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2914 nvlist_free(props);
2915 return (error);
2916 }
2917
2918 error = spa_prop_set(spa, props);
2919
2920 nvlist_free(props);
2921 spa_close(spa, FTAG);
2922
2923 return (error);
2924 }
2925
2926 static int
zfs_ioc_pool_get_props(zfs_cmd_t * zc)2927 zfs_ioc_pool_get_props(zfs_cmd_t *zc)
2928 {
2929 spa_t *spa;
2930 int error;
2931 nvlist_t *nvp = NULL;
2932
2933 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2934 /*
2935 * If the pool is faulted, there may be properties we can still
2936 * get (such as altroot and cachefile), so attempt to get them
2937 * anyway.
2938 */
2939 mutex_enter(&spa_namespace_lock);
2940 if ((spa = spa_lookup(zc->zc_name)) != NULL)
2941 error = spa_prop_get(spa, &nvp);
2942 mutex_exit(&spa_namespace_lock);
2943 } else {
2944 error = spa_prop_get(spa, &nvp);
2945 spa_close(spa, FTAG);
2946 }
2947
2948 if (error == 0 && zc->zc_nvlist_dst != 0)
2949 error = put_nvlist(zc, nvp);
2950 else
2951 error = SET_ERROR(EFAULT);
2952
2953 nvlist_free(nvp);
2954 return (error);
2955 }
2956
2957 /*
2958 * inputs:
2959 * zc_name name of filesystem
2960 * zc_nvlist_src{_size} nvlist of delegated permissions
2961 * zc_perm_action allow/unallow flag
2962 *
2963 * outputs: none
2964 */
2965 static int
zfs_ioc_set_fsacl(zfs_cmd_t * zc)2966 zfs_ioc_set_fsacl(zfs_cmd_t *zc)
2967 {
2968 int error;
2969 nvlist_t *fsaclnv = NULL;
2970
2971 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2972 zc->zc_iflags, &fsaclnv)) != 0)
2973 return (error);
2974
2975 /*
2976 * Verify nvlist is constructed correctly
2977 */
2978 if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) {
2979 nvlist_free(fsaclnv);
2980 return (SET_ERROR(EINVAL));
2981 }
2982
2983 /*
2984 * If we don't have PRIV_SYS_MOUNT, then validate
2985 * that user is allowed to hand out each permission in
2986 * the nvlist(s)
2987 */
2988
2989 error = secpolicy_zfs(CRED());
2990 if (error != 0) {
2991 if (zc->zc_perm_action == B_FALSE) {
2992 error = dsl_deleg_can_allow(zc->zc_name,
2993 fsaclnv, CRED());
2994 } else {
2995 error = dsl_deleg_can_unallow(zc->zc_name,
2996 fsaclnv, CRED());
2997 }
2998 }
2999
3000 if (error == 0)
3001 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action);
3002
3003 nvlist_free(fsaclnv);
3004 return (error);
3005 }
3006
3007 /*
3008 * inputs:
3009 * zc_name name of filesystem
3010 *
3011 * outputs:
3012 * zc_nvlist_src{_size} nvlist of delegated permissions
3013 */
3014 static int
zfs_ioc_get_fsacl(zfs_cmd_t * zc)3015 zfs_ioc_get_fsacl(zfs_cmd_t *zc)
3016 {
3017 nvlist_t *nvp;
3018 int error;
3019
3020 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) {
3021 error = put_nvlist(zc, nvp);
3022 nvlist_free(nvp);
3023 }
3024
3025 return (error);
3026 }
3027
3028 /* ARGSUSED */
3029 static void
zfs_create_cb(objset_t * os,void * arg,cred_t * cr,dmu_tx_t * tx)3030 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx)
3031 {
3032 zfs_creat_t *zct = arg;
3033
3034 zfs_create_fs(os, cr, zct->zct_zplprops, tx);
3035 }
3036
3037 #define ZFS_PROP_UNDEFINED ((uint64_t)-1)
3038
3039 /*
3040 * inputs:
3041 * os parent objset pointer (NULL if root fs)
3042 * fuids_ok fuids allowed in this version of the spa?
3043 * sa_ok SAs allowed in this version of the spa?
3044 * createprops list of properties requested by creator
3045 *
3046 * outputs:
3047 * zplprops values for the zplprops we attach to the master node object
3048 * is_ci true if requested file system will be purely case-insensitive
3049 *
3050 * Determine the settings for utf8only, normalization and
3051 * casesensitivity. Specific values may have been requested by the
3052 * creator and/or we can inherit values from the parent dataset. If
3053 * the file system is of too early a vintage, a creator can not
3054 * request settings for these properties, even if the requested
3055 * setting is the default value. We don't actually want to create dsl
3056 * properties for these, so remove them from the source nvlist after
3057 * processing.
3058 */
3059 static int
zfs_fill_zplprops_impl(objset_t * os,uint64_t zplver,boolean_t fuids_ok,boolean_t sa_ok,nvlist_t * createprops,nvlist_t * zplprops,boolean_t * is_ci)3060 zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver,
3061 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops,
3062 nvlist_t *zplprops, boolean_t *is_ci)
3063 {
3064 uint64_t sense = ZFS_PROP_UNDEFINED;
3065 uint64_t norm = ZFS_PROP_UNDEFINED;
3066 uint64_t u8 = ZFS_PROP_UNDEFINED;
3067 int error;
3068
3069 ASSERT(zplprops != NULL);
3070
3071 /* parent dataset must be a filesystem */
3072 if (os != NULL && os->os_phys->os_type != DMU_OST_ZFS)
3073 return (SET_ERROR(ZFS_ERR_WRONG_PARENT));
3074
3075 /*
3076 * Pull out creator prop choices, if any.
3077 */
3078 if (createprops) {
3079 (void) nvlist_lookup_uint64(createprops,
3080 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver);
3081 (void) nvlist_lookup_uint64(createprops,
3082 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm);
3083 (void) nvlist_remove_all(createprops,
3084 zfs_prop_to_name(ZFS_PROP_NORMALIZE));
3085 (void) nvlist_lookup_uint64(createprops,
3086 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8);
3087 (void) nvlist_remove_all(createprops,
3088 zfs_prop_to_name(ZFS_PROP_UTF8ONLY));
3089 (void) nvlist_lookup_uint64(createprops,
3090 zfs_prop_to_name(ZFS_PROP_CASE), &sense);
3091 (void) nvlist_remove_all(createprops,
3092 zfs_prop_to_name(ZFS_PROP_CASE));
3093 }
3094
3095 /*
3096 * If the zpl version requested is whacky or the file system
3097 * or pool is version is too "young" to support normalization
3098 * and the creator tried to set a value for one of the props,
3099 * error out.
3100 */
3101 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) ||
3102 (zplver >= ZPL_VERSION_FUID && !fuids_ok) ||
3103 (zplver >= ZPL_VERSION_SA && !sa_ok) ||
3104 (zplver < ZPL_VERSION_NORMALIZATION &&
3105 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED ||
3106 sense != ZFS_PROP_UNDEFINED)))
3107 return (SET_ERROR(ENOTSUP));
3108
3109 /*
3110 * Put the version in the zplprops
3111 */
3112 VERIFY(nvlist_add_uint64(zplprops,
3113 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0);
3114
3115 if (norm == ZFS_PROP_UNDEFINED &&
3116 (error = zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm)) != 0)
3117 return (error);
3118 VERIFY(nvlist_add_uint64(zplprops,
3119 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0);
3120
3121 /*
3122 * If we're normalizing, names must always be valid UTF-8 strings.
3123 */
3124 if (norm)
3125 u8 = 1;
3126 if (u8 == ZFS_PROP_UNDEFINED &&
3127 (error = zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8)) != 0)
3128 return (error);
3129 VERIFY(nvlist_add_uint64(zplprops,
3130 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0);
3131
3132 if (sense == ZFS_PROP_UNDEFINED &&
3133 (error = zfs_get_zplprop(os, ZFS_PROP_CASE, &sense)) != 0)
3134 return (error);
3135 VERIFY(nvlist_add_uint64(zplprops,
3136 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0);
3137
3138 if (is_ci)
3139 *is_ci = (sense == ZFS_CASE_INSENSITIVE);
3140
3141 return (0);
3142 }
3143
3144 static int
zfs_fill_zplprops(const char * dataset,nvlist_t * createprops,nvlist_t * zplprops,boolean_t * is_ci)3145 zfs_fill_zplprops(const char *dataset, nvlist_t *createprops,
3146 nvlist_t *zplprops, boolean_t *is_ci)
3147 {
3148 boolean_t fuids_ok, sa_ok;
3149 uint64_t zplver = ZPL_VERSION;
3150 objset_t *os = NULL;
3151 char parentname[ZFS_MAX_DATASET_NAME_LEN];
3152 spa_t *spa;
3153 uint64_t spa_vers;
3154 int error;
3155
3156 zfs_get_parent(dataset, parentname, sizeof (parentname));
3157
3158 if ((error = spa_open(dataset, &spa, FTAG)) != 0)
3159 return (error);
3160
3161 spa_vers = spa_version(spa);
3162 spa_close(spa, FTAG);
3163
3164 zplver = zfs_zpl_version_map(spa_vers);
3165 fuids_ok = (zplver >= ZPL_VERSION_FUID);
3166 sa_ok = (zplver >= ZPL_VERSION_SA);
3167
3168 /*
3169 * Open parent object set so we can inherit zplprop values.
3170 */
3171 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0)
3172 return (error);
3173
3174 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops,
3175 zplprops, is_ci);
3176 dmu_objset_rele(os, FTAG);
3177 return (error);
3178 }
3179
3180 static int
zfs_fill_zplprops_root(uint64_t spa_vers,nvlist_t * createprops,nvlist_t * zplprops,boolean_t * is_ci)3181 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops,
3182 nvlist_t *zplprops, boolean_t *is_ci)
3183 {
3184 boolean_t fuids_ok;
3185 boolean_t sa_ok;
3186 uint64_t zplver = ZPL_VERSION;
3187 int error;
3188
3189 zplver = zfs_zpl_version_map(spa_vers);
3190 fuids_ok = (zplver >= ZPL_VERSION_FUID);
3191 sa_ok = (zplver >= ZPL_VERSION_SA);
3192
3193 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok,
3194 createprops, zplprops, is_ci);
3195 return (error);
3196 }
3197
3198 /*
3199 * innvl: {
3200 * "type" -> dmu_objset_type_t (int32)
3201 * (optional) "props" -> { prop -> value }
3202 * (optional) "hidden_args" -> { "wkeydata" -> value }
3203 * raw uint8_t array of encryption wrapping key data (32 bytes)
3204 * }
3205 *
3206 * outnvl: propname -> error code (int32)
3207 */
3208
3209 static const zfs_ioc_key_t zfs_keys_create[] = {
3210 {"type", DATA_TYPE_INT32, 0},
3211 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3212 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3213 };
3214
3215 static int
zfs_ioc_create(const char * fsname,nvlist_t * innvl,nvlist_t * outnvl)3216 zfs_ioc_create(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3217 {
3218 int error = 0;
3219 zfs_creat_t zct = { 0 };
3220 nvlist_t *nvprops = NULL;
3221 nvlist_t *hidden_args = NULL;
3222 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx);
3223 dmu_objset_type_t type;
3224 boolean_t is_insensitive = B_FALSE;
3225 dsl_crypto_params_t *dcp = NULL;
3226
3227 type = (dmu_objset_type_t)fnvlist_lookup_int32(innvl, "type");
3228 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3229 (void) nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args);
3230
3231 switch (type) {
3232 case DMU_OST_ZFS:
3233 cbfunc = zfs_create_cb;
3234 break;
3235
3236 case DMU_OST_ZVOL:
3237 cbfunc = zvol_create_cb;
3238 break;
3239
3240 default:
3241 cbfunc = NULL;
3242 break;
3243 }
3244 if (strchr(fsname, '@') ||
3245 strchr(fsname, '%'))
3246 return (SET_ERROR(EINVAL));
3247
3248 zct.zct_props = nvprops;
3249
3250 if (cbfunc == NULL)
3251 return (SET_ERROR(EINVAL));
3252
3253 if (type == DMU_OST_ZVOL) {
3254 uint64_t volsize, volblocksize;
3255
3256 if (nvprops == NULL)
3257 return (SET_ERROR(EINVAL));
3258 if (nvlist_lookup_uint64(nvprops,
3259 zfs_prop_to_name(ZFS_PROP_VOLSIZE), &volsize) != 0)
3260 return (SET_ERROR(EINVAL));
3261
3262 if ((error = nvlist_lookup_uint64(nvprops,
3263 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
3264 &volblocksize)) != 0 && error != ENOENT)
3265 return (SET_ERROR(EINVAL));
3266
3267 if (error != 0)
3268 volblocksize = zfs_prop_default_numeric(
3269 ZFS_PROP_VOLBLOCKSIZE);
3270
3271 if ((error = zvol_check_volblocksize(fsname,
3272 volblocksize)) != 0 ||
3273 (error = zvol_check_volsize(volsize,
3274 volblocksize)) != 0)
3275 return (error);
3276 } else if (type == DMU_OST_ZFS) {
3277 int error;
3278
3279 /*
3280 * We have to have normalization and
3281 * case-folding flags correct when we do the
3282 * file system creation, so go figure them out
3283 * now.
3284 */
3285 VERIFY(nvlist_alloc(&zct.zct_zplprops,
3286 NV_UNIQUE_NAME, KM_SLEEP) == 0);
3287 error = zfs_fill_zplprops(fsname, nvprops,
3288 zct.zct_zplprops, &is_insensitive);
3289 if (error != 0) {
3290 nvlist_free(zct.zct_zplprops);
3291 return (error);
3292 }
3293 }
3294
3295 error = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, nvprops,
3296 hidden_args, &dcp);
3297 if (error != 0) {
3298 nvlist_free(zct.zct_zplprops);
3299 return (error);
3300 }
3301
3302 error = dmu_objset_create(fsname, type,
3303 is_insensitive ? DS_FLAG_CI_DATASET : 0, dcp, cbfunc, &zct);
3304
3305 nvlist_free(zct.zct_zplprops);
3306 dsl_crypto_params_free(dcp, !!error);
3307
3308 /*
3309 * It would be nice to do this atomically.
3310 */
3311 if (error == 0) {
3312 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3313 nvprops, outnvl);
3314 if (error != 0) {
3315 spa_t *spa;
3316 int error2;
3317
3318 /*
3319 * Volumes will return EBUSY and cannot be destroyed
3320 * until all asynchronous minor handling (e.g. from
3321 * setting the volmode property) has completed. Wait for
3322 * the spa_zvol_taskq to drain then retry.
3323 */
3324 error2 = dsl_destroy_head(fsname);
3325 while ((error2 == EBUSY) && (type == DMU_OST_ZVOL)) {
3326 error2 = spa_open(fsname, &spa, FTAG);
3327 if (error2 == 0) {
3328 taskq_wait(spa->spa_zvol_taskq);
3329 spa_close(spa, FTAG);
3330 }
3331 error2 = dsl_destroy_head(fsname);
3332 }
3333 }
3334 }
3335 return (error);
3336 }
3337
3338 /*
3339 * innvl: {
3340 * "origin" -> name of origin snapshot
3341 * (optional) "props" -> { prop -> value }
3342 * (optional) "hidden_args" -> { "wkeydata" -> value }
3343 * raw uint8_t array of encryption wrapping key data (32 bytes)
3344 * }
3345 *
3346 * outputs:
3347 * outnvl: propname -> error code (int32)
3348 */
3349 static const zfs_ioc_key_t zfs_keys_clone[] = {
3350 {"origin", DATA_TYPE_STRING, 0},
3351 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3352 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3353 };
3354
3355 static int
zfs_ioc_clone(const char * fsname,nvlist_t * innvl,nvlist_t * outnvl)3356 zfs_ioc_clone(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3357 {
3358 int error = 0;
3359 nvlist_t *nvprops = NULL;
3360 const char *origin_name;
3361
3362 origin_name = fnvlist_lookup_string(innvl, "origin");
3363 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3364
3365 if (strchr(fsname, '@') ||
3366 strchr(fsname, '%'))
3367 return (SET_ERROR(EINVAL));
3368
3369 if (dataset_namecheck(origin_name, NULL, NULL) != 0)
3370 return (SET_ERROR(EINVAL));
3371
3372 error = dmu_objset_clone(fsname, origin_name);
3373
3374 /*
3375 * It would be nice to do this atomically.
3376 */
3377 if (error == 0) {
3378 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3379 nvprops, outnvl);
3380 if (error != 0)
3381 (void) dsl_destroy_head(fsname);
3382 }
3383 return (error);
3384 }
3385
3386 static const zfs_ioc_key_t zfs_keys_remap[] = {
3387 /* no nvl keys */
3388 };
3389
3390 /* ARGSUSED */
3391 static int
zfs_ioc_remap(const char * fsname,nvlist_t * innvl,nvlist_t * outnvl)3392 zfs_ioc_remap(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3393 {
3394 /* This IOCTL is no longer supported. */
3395 return (0);
3396 }
3397
3398 /*
3399 * innvl: {
3400 * "snaps" -> { snapshot1, snapshot2 }
3401 * (optional) "props" -> { prop -> value (string) }
3402 * }
3403 *
3404 * outnvl: snapshot -> error code (int32)
3405 */
3406 static const zfs_ioc_key_t zfs_keys_snapshot[] = {
3407 {"snaps", DATA_TYPE_NVLIST, 0},
3408 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3409 };
3410
3411 static int
zfs_ioc_snapshot(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)3412 zfs_ioc_snapshot(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3413 {
3414 nvlist_t *snaps;
3415 nvlist_t *props = NULL;
3416 int error, poollen;
3417 nvpair_t *pair;
3418
3419 (void) nvlist_lookup_nvlist(innvl, "props", &props);
3420 if (!nvlist_empty(props) &&
3421 zfs_earlier_version(poolname, SPA_VERSION_SNAP_PROPS))
3422 return (SET_ERROR(ENOTSUP));
3423 if ((error = zfs_check_userprops(props)) != 0)
3424 return (error);
3425
3426 snaps = fnvlist_lookup_nvlist(innvl, "snaps");
3427 poollen = strlen(poolname);
3428 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3429 pair = nvlist_next_nvpair(snaps, pair)) {
3430 const char *name = nvpair_name(pair);
3431 char *cp = strchr(name, '@');
3432
3433 /*
3434 * The snap name must contain an @, and the part after it must
3435 * contain only valid characters.
3436 */
3437 if (cp == NULL ||
3438 zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
3439 return (SET_ERROR(EINVAL));
3440
3441 /*
3442 * The snap must be in the specified pool.
3443 */
3444 if (strncmp(name, poolname, poollen) != 0 ||
3445 (name[poollen] != '/' && name[poollen] != '@'))
3446 return (SET_ERROR(EXDEV));
3447
3448 /*
3449 * Check for permission to set the properties on the fs.
3450 */
3451 if (!nvlist_empty(props)) {
3452 *cp = '\0';
3453 error = zfs_secpolicy_write_perms(name,
3454 ZFS_DELEG_PERM_USERPROP, CRED());
3455 *cp = '@';
3456 if (error != 0)
3457 return (error);
3458 }
3459
3460 /* This must be the only snap of this fs. */
3461 for (nvpair_t *pair2 = nvlist_next_nvpair(snaps, pair);
3462 pair2 != NULL; pair2 = nvlist_next_nvpair(snaps, pair2)) {
3463 if (strncmp(name, nvpair_name(pair2), cp - name + 1)
3464 == 0) {
3465 return (SET_ERROR(EXDEV));
3466 }
3467 }
3468 }
3469
3470 error = dsl_dataset_snapshot(snaps, props, outnvl);
3471
3472 return (error);
3473 }
3474
3475 /*
3476 * innvl: "message" -> string
3477 */
3478 static const zfs_ioc_key_t zfs_keys_log_history[] = {
3479 {"message", DATA_TYPE_STRING, 0},
3480 };
3481
3482 /* ARGSUSED */
3483 static int
zfs_ioc_log_history(const char * unused,nvlist_t * innvl,nvlist_t * outnvl)3484 zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl)
3485 {
3486 const char *message;
3487 char *poolname;
3488 spa_t *spa;
3489 int error;
3490
3491 /*
3492 * The poolname in the ioctl is not set, we get it from the TSD,
3493 * which was set at the end of the last successful ioctl that allows
3494 * logging. The secpolicy func already checked that it is set.
3495 * Only one log ioctl is allowed after each successful ioctl, so
3496 * we clear the TSD here.
3497 */
3498 poolname = tsd_get(zfs_allow_log_key);
3499 if (poolname == NULL)
3500 return (SET_ERROR(EINVAL));
3501 (void) tsd_set(zfs_allow_log_key, NULL);
3502 error = spa_open(poolname, &spa, FTAG);
3503 kmem_strfree(poolname);
3504 if (error != 0)
3505 return (error);
3506
3507 message = fnvlist_lookup_string(innvl, "message");
3508
3509 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
3510 spa_close(spa, FTAG);
3511 return (SET_ERROR(ENOTSUP));
3512 }
3513
3514 error = spa_history_log(spa, message);
3515 spa_close(spa, FTAG);
3516 return (error);
3517 }
3518
3519 /*
3520 * This ioctl is used to set the bootenv configuration on the current
3521 * pool. This configuration is stored in the second padding area of the label,
3522 * and it is used by the bootloader(s) to store the bootloader and/or system
3523 * specific data.
3524 * The data is stored as nvlist data stream, and is protected by
3525 * an embedded checksum.
3526 * The version can have two possible values:
3527 * VB_RAW: nvlist should have key GRUB_ENVMAP, value DATA_TYPE_STRING.
3528 * VB_NVLIST: nvlist with arbitrary <key, value> pairs.
3529 */
3530 static const zfs_ioc_key_t zfs_keys_set_bootenv[] = {
3531 {"version", DATA_TYPE_UINT64, 0},
3532 {"<keys>", DATA_TYPE_ANY, ZK_OPTIONAL | ZK_WILDCARDLIST},
3533 };
3534
3535 static int
zfs_ioc_set_bootenv(const char * name,nvlist_t * innvl,nvlist_t * outnvl)3536 zfs_ioc_set_bootenv(const char *name, nvlist_t *innvl, nvlist_t *outnvl)
3537 {
3538 int error;
3539 spa_t *spa;
3540
3541 if ((error = spa_open(name, &spa, FTAG)) != 0)
3542 return (error);
3543 spa_vdev_state_enter(spa, SCL_ALL);
3544 error = vdev_label_write_bootenv(spa->spa_root_vdev, innvl);
3545 (void) spa_vdev_state_exit(spa, NULL, 0);
3546 spa_close(spa, FTAG);
3547 return (error);
3548 }
3549
3550 static const zfs_ioc_key_t zfs_keys_get_bootenv[] = {
3551 /* no nvl keys */
3552 };
3553
3554 static int
zfs_ioc_get_bootenv(const char * name,nvlist_t * innvl,nvlist_t * outnvl)3555 zfs_ioc_get_bootenv(const char *name, nvlist_t *innvl, nvlist_t *outnvl)
3556 {
3557 spa_t *spa;
3558 int error;
3559
3560 if ((error = spa_open(name, &spa, FTAG)) != 0)
3561 return (error);
3562 spa_vdev_state_enter(spa, SCL_ALL);
3563 error = vdev_label_read_bootenv(spa->spa_root_vdev, outnvl);
3564 (void) spa_vdev_state_exit(spa, NULL, 0);
3565 spa_close(spa, FTAG);
3566 return (error);
3567 }
3568
3569 /*
3570 * The dp_config_rwlock must not be held when calling this, because the
3571 * unmount may need to write out data.
3572 *
3573 * This function is best-effort. Callers must deal gracefully if it
3574 * remains mounted (or is remounted after this call).
3575 *
3576 * Returns 0 if the argument is not a snapshot, or it is not currently a
3577 * filesystem, or we were able to unmount it. Returns error code otherwise.
3578 */
3579 void
zfs_unmount_snap(const char * snapname)3580 zfs_unmount_snap(const char *snapname)
3581 {
3582 if (strchr(snapname, '@') == NULL)
3583 return;
3584
3585 (void) zfsctl_snapshot_unmount(snapname, MNT_FORCE);
3586 }
3587
3588 /* ARGSUSED */
3589 static int
zfs_unmount_snap_cb(const char * snapname,void * arg)3590 zfs_unmount_snap_cb(const char *snapname, void *arg)
3591 {
3592 zfs_unmount_snap(snapname);
3593 return (0);
3594 }
3595
3596 /*
3597 * When a clone is destroyed, its origin may also need to be destroyed,
3598 * in which case it must be unmounted. This routine will do that unmount
3599 * if necessary.
3600 */
3601 void
zfs_destroy_unmount_origin(const char * fsname)3602 zfs_destroy_unmount_origin(const char *fsname)
3603 {
3604 int error;
3605 objset_t *os;
3606 dsl_dataset_t *ds;
3607
3608 error = dmu_objset_hold(fsname, FTAG, &os);
3609 if (error != 0)
3610 return;
3611 ds = dmu_objset_ds(os);
3612 if (dsl_dir_is_clone(ds->ds_dir) && DS_IS_DEFER_DESTROY(ds->ds_prev)) {
3613 char originname[ZFS_MAX_DATASET_NAME_LEN];
3614 dsl_dataset_name(ds->ds_prev, originname);
3615 dmu_objset_rele(os, FTAG);
3616 zfs_unmount_snap(originname);
3617 } else {
3618 dmu_objset_rele(os, FTAG);
3619 }
3620 }
3621
3622 /*
3623 * innvl: {
3624 * "snaps" -> { snapshot1, snapshot2 }
3625 * (optional boolean) "defer"
3626 * }
3627 *
3628 * outnvl: snapshot -> error code (int32)
3629 */
3630 static const zfs_ioc_key_t zfs_keys_destroy_snaps[] = {
3631 {"snaps", DATA_TYPE_NVLIST, 0},
3632 {"defer", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
3633 };
3634
3635 /* ARGSUSED */
3636 static int
zfs_ioc_destroy_snaps(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)3637 zfs_ioc_destroy_snaps(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3638 {
3639 int poollen;
3640 nvlist_t *snaps;
3641 nvpair_t *pair;
3642 boolean_t defer;
3643 spa_t *spa;
3644
3645 snaps = fnvlist_lookup_nvlist(innvl, "snaps");
3646 defer = nvlist_exists(innvl, "defer");
3647
3648 poollen = strlen(poolname);
3649 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3650 pair = nvlist_next_nvpair(snaps, pair)) {
3651 const char *name = nvpair_name(pair);
3652
3653 /*
3654 * The snap must be in the specified pool to prevent the
3655 * invalid removal of zvol minors below.
3656 */
3657 if (strncmp(name, poolname, poollen) != 0 ||
3658 (name[poollen] != '/' && name[poollen] != '@'))
3659 return (SET_ERROR(EXDEV));
3660
3661 zfs_unmount_snap(nvpair_name(pair));
3662 if (spa_open(name, &spa, FTAG) == 0) {
3663 zvol_remove_minors(spa, name, B_TRUE);
3664 spa_close(spa, FTAG);
3665 }
3666 }
3667
3668 return (dsl_destroy_snapshots_nvl(snaps, defer, outnvl));
3669 }
3670
3671 /*
3672 * Create bookmarks. The bookmark names are of the form <fs>#<bmark>.
3673 * All bookmarks and snapshots must be in the same pool.
3674 * dsl_bookmark_create_nvl_validate describes the nvlist schema in more detail.
3675 *
3676 * innvl: {
3677 * new_bookmark1 -> existing_snapshot,
3678 * new_bookmark2 -> existing_bookmark,
3679 * }
3680 *
3681 * outnvl: bookmark -> error code (int32)
3682 *
3683 */
3684 static const zfs_ioc_key_t zfs_keys_bookmark[] = {
3685 {"<bookmark>...", DATA_TYPE_STRING, ZK_WILDCARDLIST},
3686 };
3687
3688 /* ARGSUSED */
3689 static int
zfs_ioc_bookmark(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)3690 zfs_ioc_bookmark(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3691 {
3692 return (dsl_bookmark_create(innvl, outnvl));
3693 }
3694
3695 /*
3696 * innvl: {
3697 * property 1, property 2, ...
3698 * }
3699 *
3700 * outnvl: {
3701 * bookmark name 1 -> { property 1, property 2, ... },
3702 * bookmark name 2 -> { property 1, property 2, ... }
3703 * }
3704 *
3705 */
3706 static const zfs_ioc_key_t zfs_keys_get_bookmarks[] = {
3707 {"<property>...", DATA_TYPE_BOOLEAN, ZK_WILDCARDLIST | ZK_OPTIONAL},
3708 };
3709
3710 static int
zfs_ioc_get_bookmarks(const char * fsname,nvlist_t * innvl,nvlist_t * outnvl)3711 zfs_ioc_get_bookmarks(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3712 {
3713 return (dsl_get_bookmarks(fsname, innvl, outnvl));
3714 }
3715
3716 /*
3717 * innvl is not used.
3718 *
3719 * outnvl: {
3720 * property 1, property 2, ...
3721 * }
3722 *
3723 */
3724 static const zfs_ioc_key_t zfs_keys_get_bookmark_props[] = {
3725 /* no nvl keys */
3726 };
3727
3728 /* ARGSUSED */
3729 static int
zfs_ioc_get_bookmark_props(const char * bookmark,nvlist_t * innvl,nvlist_t * outnvl)3730 zfs_ioc_get_bookmark_props(const char *bookmark, nvlist_t *innvl,
3731 nvlist_t *outnvl)
3732 {
3733 char fsname[ZFS_MAX_DATASET_NAME_LEN];
3734 char *bmname;
3735
3736 bmname = strchr(bookmark, '#');
3737 if (bmname == NULL)
3738 return (SET_ERROR(EINVAL));
3739 bmname++;
3740
3741 (void) strlcpy(fsname, bookmark, sizeof (fsname));
3742 *(strchr(fsname, '#')) = '\0';
3743
3744 return (dsl_get_bookmark_props(fsname, bmname, outnvl));
3745 }
3746
3747 /*
3748 * innvl: {
3749 * bookmark name 1, bookmark name 2
3750 * }
3751 *
3752 * outnvl: bookmark -> error code (int32)
3753 *
3754 */
3755 static const zfs_ioc_key_t zfs_keys_destroy_bookmarks[] = {
3756 {"<bookmark>...", DATA_TYPE_BOOLEAN, ZK_WILDCARDLIST},
3757 };
3758
3759 static int
zfs_ioc_destroy_bookmarks(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)3760 zfs_ioc_destroy_bookmarks(const char *poolname, nvlist_t *innvl,
3761 nvlist_t *outnvl)
3762 {
3763 int error, poollen;
3764
3765 poollen = strlen(poolname);
3766 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL);
3767 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
3768 const char *name = nvpair_name(pair);
3769 const char *cp = strchr(name, '#');
3770
3771 /*
3772 * The bookmark name must contain an #, and the part after it
3773 * must contain only valid characters.
3774 */
3775 if (cp == NULL ||
3776 zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
3777 return (SET_ERROR(EINVAL));
3778
3779 /*
3780 * The bookmark must be in the specified pool.
3781 */
3782 if (strncmp(name, poolname, poollen) != 0 ||
3783 (name[poollen] != '/' && name[poollen] != '#'))
3784 return (SET_ERROR(EXDEV));
3785 }
3786
3787 error = dsl_bookmark_destroy(innvl, outnvl);
3788 return (error);
3789 }
3790
3791 static const zfs_ioc_key_t zfs_keys_channel_program[] = {
3792 {"program", DATA_TYPE_STRING, 0},
3793 {"arg", DATA_TYPE_ANY, 0},
3794 {"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
3795 {"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
3796 {"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
3797 };
3798
3799 static int
zfs_ioc_channel_program(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)3800 zfs_ioc_channel_program(const char *poolname, nvlist_t *innvl,
3801 nvlist_t *outnvl)
3802 {
3803 char *program;
3804 uint64_t instrlimit, memlimit;
3805 boolean_t sync_flag;
3806 nvpair_t *nvarg = NULL;
3807
3808 program = fnvlist_lookup_string(innvl, ZCP_ARG_PROGRAM);
3809 if (0 != nvlist_lookup_boolean_value(innvl, ZCP_ARG_SYNC, &sync_flag)) {
3810 sync_flag = B_TRUE;
3811 }
3812 if (0 != nvlist_lookup_uint64(innvl, ZCP_ARG_INSTRLIMIT, &instrlimit)) {
3813 instrlimit = ZCP_DEFAULT_INSTRLIMIT;
3814 }
3815 if (0 != nvlist_lookup_uint64(innvl, ZCP_ARG_MEMLIMIT, &memlimit)) {
3816 memlimit = ZCP_DEFAULT_MEMLIMIT;
3817 }
3818 nvarg = fnvlist_lookup_nvpair(innvl, ZCP_ARG_ARGLIST);
3819
3820 if (instrlimit == 0 || instrlimit > zfs_lua_max_instrlimit)
3821 return (SET_ERROR(EINVAL));
3822 if (memlimit == 0 || memlimit > zfs_lua_max_memlimit)
3823 return (SET_ERROR(EINVAL));
3824
3825 return (zcp_eval(poolname, program, sync_flag, instrlimit, memlimit,
3826 nvarg, outnvl));
3827 }
3828
3829 /*
3830 * innvl: unused
3831 * outnvl: empty
3832 */
3833 static const zfs_ioc_key_t zfs_keys_pool_checkpoint[] = {
3834 /* no nvl keys */
3835 };
3836
3837 /* ARGSUSED */
3838 static int
zfs_ioc_pool_checkpoint(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)3839 zfs_ioc_pool_checkpoint(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3840 {
3841 return (spa_checkpoint(poolname));
3842 }
3843
3844 /*
3845 * innvl: unused
3846 * outnvl: empty
3847 */
3848 static const zfs_ioc_key_t zfs_keys_pool_discard_checkpoint[] = {
3849 /* no nvl keys */
3850 };
3851
3852 /* ARGSUSED */
3853 static int
zfs_ioc_pool_discard_checkpoint(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)3854 zfs_ioc_pool_discard_checkpoint(const char *poolname, nvlist_t *innvl,
3855 nvlist_t *outnvl)
3856 {
3857 return (spa_checkpoint_discard(poolname));
3858 }
3859
3860 /*
3861 * inputs:
3862 * zc_name name of dataset to destroy
3863 * zc_defer_destroy mark for deferred destroy
3864 *
3865 * outputs: none
3866 */
3867 static int
zfs_ioc_destroy(zfs_cmd_t * zc)3868 zfs_ioc_destroy(zfs_cmd_t *zc)
3869 {
3870 objset_t *os;
3871 dmu_objset_type_t ost;
3872 int err;
3873
3874 err = dmu_objset_hold(zc->zc_name, FTAG, &os);
3875 if (err != 0)
3876 return (err);
3877 ost = dmu_objset_type(os);
3878 dmu_objset_rele(os, FTAG);
3879
3880 if (ost == DMU_OST_ZFS)
3881 zfs_unmount_snap(zc->zc_name);
3882
3883 if (strchr(zc->zc_name, '@')) {
3884 err = dsl_destroy_snapshot(zc->zc_name, zc->zc_defer_destroy);
3885 } else {
3886 err = dsl_destroy_head(zc->zc_name);
3887 if (err == EEXIST) {
3888 /*
3889 * It is possible that the given DS may have
3890 * hidden child (%recv) datasets - "leftovers"
3891 * resulting from the previously interrupted
3892 * 'zfs receive'.
3893 *
3894 * 6 extra bytes for /%recv
3895 */
3896 char namebuf[ZFS_MAX_DATASET_NAME_LEN + 6];
3897
3898 if (snprintf(namebuf, sizeof (namebuf), "%s/%s",
3899 zc->zc_name, recv_clone_name) >=
3900 sizeof (namebuf))
3901 return (SET_ERROR(EINVAL));
3902
3903 /*
3904 * Try to remove the hidden child (%recv) and after
3905 * that try to remove the target dataset.
3906 * If the hidden child (%recv) does not exist
3907 * the original error (EEXIST) will be returned
3908 */
3909 err = dsl_destroy_head(namebuf);
3910 if (err == 0)
3911 err = dsl_destroy_head(zc->zc_name);
3912 else if (err == ENOENT)
3913 err = SET_ERROR(EEXIST);
3914 }
3915 }
3916
3917 return (err);
3918 }
3919
3920 /*
3921 * innvl: {
3922 * "initialize_command" -> POOL_INITIALIZE_{CANCEL|START|SUSPEND} (uint64)
3923 * "initialize_vdevs": { -> guids to initialize (nvlist)
3924 * "vdev_path_1": vdev_guid_1, (uint64),
3925 * "vdev_path_2": vdev_guid_2, (uint64),
3926 * ...
3927 * },
3928 * }
3929 *
3930 * outnvl: {
3931 * "initialize_vdevs": { -> initialization errors (nvlist)
3932 * "vdev_path_1": errno, see function body for possible errnos (uint64)
3933 * "vdev_path_2": errno, ... (uint64)
3934 * ...
3935 * }
3936 * }
3937 *
3938 * EINVAL is returned for an unknown commands or if any of the provided vdev
3939 * guids have be specified with a type other than uint64.
3940 */
3941 static const zfs_ioc_key_t zfs_keys_pool_initialize[] = {
3942 {ZPOOL_INITIALIZE_COMMAND, DATA_TYPE_UINT64, 0},
3943 {ZPOOL_INITIALIZE_VDEVS, DATA_TYPE_NVLIST, 0}
3944 };
3945
3946 static int
zfs_ioc_pool_initialize(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)3947 zfs_ioc_pool_initialize(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3948 {
3949 uint64_t cmd_type;
3950 if (nvlist_lookup_uint64(innvl, ZPOOL_INITIALIZE_COMMAND,
3951 &cmd_type) != 0) {
3952 return (SET_ERROR(EINVAL));
3953 }
3954
3955 if (!(cmd_type == POOL_INITIALIZE_CANCEL ||
3956 cmd_type == POOL_INITIALIZE_START ||
3957 cmd_type == POOL_INITIALIZE_SUSPEND)) {
3958 return (SET_ERROR(EINVAL));
3959 }
3960
3961 nvlist_t *vdev_guids;
3962 if (nvlist_lookup_nvlist(innvl, ZPOOL_INITIALIZE_VDEVS,
3963 &vdev_guids) != 0) {
3964 return (SET_ERROR(EINVAL));
3965 }
3966
3967 for (nvpair_t *pair = nvlist_next_nvpair(vdev_guids, NULL);
3968 pair != NULL; pair = nvlist_next_nvpair(vdev_guids, pair)) {
3969 uint64_t vdev_guid;
3970 if (nvpair_value_uint64(pair, &vdev_guid) != 0) {
3971 return (SET_ERROR(EINVAL));
3972 }
3973 }
3974
3975 spa_t *spa;
3976 int error = spa_open(poolname, &spa, FTAG);
3977 if (error != 0)
3978 return (error);
3979
3980 nvlist_t *vdev_errlist = fnvlist_alloc();
3981 int total_errors = spa_vdev_initialize(spa, vdev_guids, cmd_type,
3982 vdev_errlist);
3983
3984 if (fnvlist_size(vdev_errlist) > 0) {
3985 fnvlist_add_nvlist(outnvl, ZPOOL_INITIALIZE_VDEVS,
3986 vdev_errlist);
3987 }
3988 fnvlist_free(vdev_errlist);
3989
3990 spa_close(spa, FTAG);
3991 return (total_errors > 0 ? EINVAL : 0);
3992 }
3993
3994 /*
3995 * innvl: {
3996 * "trim_command" -> POOL_TRIM_{CANCEL|START|SUSPEND} (uint64)
3997 * "trim_vdevs": { -> guids to TRIM (nvlist)
3998 * "vdev_path_1": vdev_guid_1, (uint64),
3999 * "vdev_path_2": vdev_guid_2, (uint64),
4000 * ...
4001 * },
4002 * "trim_rate" -> Target TRIM rate in bytes/sec.
4003 * "trim_secure" -> Set to request a secure TRIM.
4004 * }
4005 *
4006 * outnvl: {
4007 * "trim_vdevs": { -> TRIM errors (nvlist)
4008 * "vdev_path_1": errno, see function body for possible errnos (uint64)
4009 * "vdev_path_2": errno, ... (uint64)
4010 * ...
4011 * }
4012 * }
4013 *
4014 * EINVAL is returned for an unknown commands or if any of the provided vdev
4015 * guids have be specified with a type other than uint64.
4016 */
4017 static const zfs_ioc_key_t zfs_keys_pool_trim[] = {
4018 {ZPOOL_TRIM_COMMAND, DATA_TYPE_UINT64, 0},
4019 {ZPOOL_TRIM_VDEVS, DATA_TYPE_NVLIST, 0},
4020 {ZPOOL_TRIM_RATE, DATA_TYPE_UINT64, ZK_OPTIONAL},
4021 {ZPOOL_TRIM_SECURE, DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
4022 };
4023
4024 static int
zfs_ioc_pool_trim(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)4025 zfs_ioc_pool_trim(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
4026 {
4027 uint64_t cmd_type;
4028 if (nvlist_lookup_uint64(innvl, ZPOOL_TRIM_COMMAND, &cmd_type) != 0)
4029 return (SET_ERROR(EINVAL));
4030
4031 if (!(cmd_type == POOL_TRIM_CANCEL ||
4032 cmd_type == POOL_TRIM_START ||
4033 cmd_type == POOL_TRIM_SUSPEND)) {
4034 return (SET_ERROR(EINVAL));
4035 }
4036
4037 nvlist_t *vdev_guids;
4038 if (nvlist_lookup_nvlist(innvl, ZPOOL_TRIM_VDEVS, &vdev_guids) != 0)
4039 return (SET_ERROR(EINVAL));
4040
4041 for (nvpair_t *pair = nvlist_next_nvpair(vdev_guids, NULL);
4042 pair != NULL; pair = nvlist_next_nvpair(vdev_guids, pair)) {
4043 uint64_t vdev_guid;
4044 if (nvpair_value_uint64(pair, &vdev_guid) != 0) {
4045 return (SET_ERROR(EINVAL));
4046 }
4047 }
4048
4049 /* Optional, defaults to maximum rate when not provided */
4050 uint64_t rate;
4051 if (nvlist_lookup_uint64(innvl, ZPOOL_TRIM_RATE, &rate) != 0)
4052 rate = 0;
4053
4054 /* Optional, defaults to standard TRIM when not provided */
4055 boolean_t secure;
4056 if (nvlist_lookup_boolean_value(innvl, ZPOOL_TRIM_SECURE,
4057 &secure) != 0) {
4058 secure = B_FALSE;
4059 }
4060
4061 spa_t *spa;
4062 int error = spa_open(poolname, &spa, FTAG);
4063 if (error != 0)
4064 return (error);
4065
4066 nvlist_t *vdev_errlist = fnvlist_alloc();
4067 int total_errors = spa_vdev_trim(spa, vdev_guids, cmd_type,
4068 rate, !!zfs_trim_metaslab_skip, secure, vdev_errlist);
4069
4070 if (fnvlist_size(vdev_errlist) > 0)
4071 fnvlist_add_nvlist(outnvl, ZPOOL_TRIM_VDEVS, vdev_errlist);
4072
4073 fnvlist_free(vdev_errlist);
4074
4075 spa_close(spa, FTAG);
4076 return (total_errors > 0 ? EINVAL : 0);
4077 }
4078
4079 /*
4080 * This ioctl waits for activity of a particular type to complete. If there is
4081 * no activity of that type in progress, it returns immediately, and the
4082 * returned value "waited" is false. If there is activity in progress, and no
4083 * tag is passed in, the ioctl blocks until all activity of that type is
4084 * complete, and then returns with "waited" set to true.
4085 *
4086 * If a tag is provided, it identifies a particular instance of an activity to
4087 * wait for. Currently, this is only valid for use with 'initialize', because
4088 * that is the only activity for which there can be multiple instances running
4089 * concurrently. In the case of 'initialize', the tag corresponds to the guid of
4090 * the vdev on which to wait.
4091 *
4092 * If a thread waiting in the ioctl receives a signal, the call will return
4093 * immediately, and the return value will be EINTR.
4094 *
4095 * innvl: {
4096 * "wait_activity" -> int32_t
4097 * (optional) "wait_tag" -> uint64_t
4098 * }
4099 *
4100 * outnvl: "waited" -> boolean_t
4101 */
4102 static const zfs_ioc_key_t zfs_keys_pool_wait[] = {
4103 {ZPOOL_WAIT_ACTIVITY, DATA_TYPE_INT32, 0},
4104 {ZPOOL_WAIT_TAG, DATA_TYPE_UINT64, ZK_OPTIONAL},
4105 };
4106
4107 static int
zfs_ioc_wait(const char * name,nvlist_t * innvl,nvlist_t * outnvl)4108 zfs_ioc_wait(const char *name, nvlist_t *innvl, nvlist_t *outnvl)
4109 {
4110 int32_t activity;
4111 uint64_t tag;
4112 boolean_t waited;
4113 int error;
4114
4115 if (nvlist_lookup_int32(innvl, ZPOOL_WAIT_ACTIVITY, &activity) != 0)
4116 return (EINVAL);
4117
4118 if (nvlist_lookup_uint64(innvl, ZPOOL_WAIT_TAG, &tag) == 0)
4119 error = spa_wait_tag(name, activity, tag, &waited);
4120 else
4121 error = spa_wait(name, activity, &waited);
4122
4123 if (error == 0)
4124 fnvlist_add_boolean_value(outnvl, ZPOOL_WAIT_WAITED, waited);
4125
4126 return (error);
4127 }
4128
4129 /*
4130 * This ioctl waits for activity of a particular type to complete. If there is
4131 * no activity of that type in progress, it returns immediately, and the
4132 * returned value "waited" is false. If there is activity in progress, and no
4133 * tag is passed in, the ioctl blocks until all activity of that type is
4134 * complete, and then returns with "waited" set to true.
4135 *
4136 * If a thread waiting in the ioctl receives a signal, the call will return
4137 * immediately, and the return value will be EINTR.
4138 *
4139 * innvl: {
4140 * "wait_activity" -> int32_t
4141 * }
4142 *
4143 * outnvl: "waited" -> boolean_t
4144 */
4145 static const zfs_ioc_key_t zfs_keys_fs_wait[] = {
4146 {ZFS_WAIT_ACTIVITY, DATA_TYPE_INT32, 0},
4147 };
4148
4149 static int
zfs_ioc_wait_fs(const char * name,nvlist_t * innvl,nvlist_t * outnvl)4150 zfs_ioc_wait_fs(const char *name, nvlist_t *innvl, nvlist_t *outnvl)
4151 {
4152 int32_t activity;
4153 boolean_t waited = B_FALSE;
4154 int error;
4155 dsl_pool_t *dp;
4156 dsl_dir_t *dd;
4157 dsl_dataset_t *ds;
4158
4159 if (nvlist_lookup_int32(innvl, ZFS_WAIT_ACTIVITY, &activity) != 0)
4160 return (SET_ERROR(EINVAL));
4161
4162 if (activity >= ZFS_WAIT_NUM_ACTIVITIES || activity < 0)
4163 return (SET_ERROR(EINVAL));
4164
4165 if ((error = dsl_pool_hold(name, FTAG, &dp)) != 0)
4166 return (error);
4167
4168 if ((error = dsl_dataset_hold(dp, name, FTAG, &ds)) != 0) {
4169 dsl_pool_rele(dp, FTAG);
4170 return (error);
4171 }
4172
4173 dd = ds->ds_dir;
4174 mutex_enter(&dd->dd_activity_lock);
4175 dd->dd_activity_waiters++;
4176
4177 /*
4178 * We get a long-hold here so that the dsl_dataset_t and dsl_dir_t
4179 * aren't evicted while we're waiting. Normally this is prevented by
4180 * holding the pool, but we can't do that while we're waiting since
4181 * that would prevent TXGs from syncing out. Some of the functionality
4182 * of long-holds (e.g. preventing deletion) is unnecessary for this
4183 * case, since we would cancel the waiters before proceeding with a
4184 * deletion. An alternative mechanism for keeping the dataset around
4185 * could be developed but this is simpler.
4186 */
4187 dsl_dataset_long_hold(ds, FTAG);
4188 dsl_pool_rele(dp, FTAG);
4189
4190 error = dsl_dir_wait(dd, ds, activity, &waited);
4191
4192 dsl_dataset_long_rele(ds, FTAG);
4193 dd->dd_activity_waiters--;
4194 if (dd->dd_activity_waiters == 0)
4195 cv_signal(&dd->dd_activity_cv);
4196 mutex_exit(&dd->dd_activity_lock);
4197
4198 dsl_dataset_rele(ds, FTAG);
4199
4200 if (error == 0)
4201 fnvlist_add_boolean_value(outnvl, ZFS_WAIT_WAITED, waited);
4202
4203 return (error);
4204 }
4205
4206 /*
4207 * fsname is name of dataset to rollback (to most recent snapshot)
4208 *
4209 * innvl may contain name of expected target snapshot
4210 *
4211 * outnvl: "target" -> name of most recent snapshot
4212 * }
4213 */
4214 static const zfs_ioc_key_t zfs_keys_rollback[] = {
4215 {"target", DATA_TYPE_STRING, ZK_OPTIONAL},
4216 };
4217
4218 /* ARGSUSED */
4219 static int
zfs_ioc_rollback(const char * fsname,nvlist_t * innvl,nvlist_t * outnvl)4220 zfs_ioc_rollback(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
4221 {
4222 zfsvfs_t *zfsvfs;
4223 zvol_state_handle_t *zv;
4224 char *target = NULL;
4225 int error;
4226
4227 (void) nvlist_lookup_string(innvl, "target", &target);
4228 if (target != NULL) {
4229 const char *cp = strchr(target, '@');
4230
4231 /*
4232 * The snap name must contain an @, and the part after it must
4233 * contain only valid characters.
4234 */
4235 if (cp == NULL ||
4236 zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
4237 return (SET_ERROR(EINVAL));
4238 }
4239
4240 if (getzfsvfs(fsname, &zfsvfs) == 0) {
4241 dsl_dataset_t *ds;
4242
4243 ds = dmu_objset_ds(zfsvfs->z_os);
4244 error = zfs_suspend_fs(zfsvfs);
4245 if (error == 0) {
4246 int resume_err;
4247
4248 error = dsl_dataset_rollback(fsname, target, zfsvfs,
4249 outnvl);
4250 resume_err = zfs_resume_fs(zfsvfs, ds);
4251 error = error ? error : resume_err;
4252 }
4253 zfs_vfs_rele(zfsvfs);
4254 } else if ((zv = zvol_suspend(fsname)) != NULL) {
4255 error = dsl_dataset_rollback(fsname, target, zvol_tag(zv),
4256 outnvl);
4257 zvol_resume(zv);
4258 } else {
4259 error = dsl_dataset_rollback(fsname, target, NULL, outnvl);
4260 }
4261 return (error);
4262 }
4263
4264 static int
recursive_unmount(const char * fsname,void * arg)4265 recursive_unmount(const char *fsname, void *arg)
4266 {
4267 const char *snapname = arg;
4268 char *fullname;
4269
4270 fullname = kmem_asprintf("%s@%s", fsname, snapname);
4271 zfs_unmount_snap(fullname);
4272 kmem_strfree(fullname);
4273
4274 return (0);
4275 }
4276
4277 /*
4278 *
4279 * snapname is the snapshot to redact.
4280 * innvl: {
4281 * "bookname" -> (string)
4282 * shortname of the redaction bookmark to generate
4283 * "snapnv" -> (nvlist, values ignored)
4284 * snapshots to redact snapname with respect to
4285 * }
4286 *
4287 * outnvl is unused
4288 */
4289
4290 /* ARGSUSED */
4291 static const zfs_ioc_key_t zfs_keys_redact[] = {
4292 {"bookname", DATA_TYPE_STRING, 0},
4293 {"snapnv", DATA_TYPE_NVLIST, 0},
4294 };
4295 static int
zfs_ioc_redact(const char * snapname,nvlist_t * innvl,nvlist_t * outnvl)4296 zfs_ioc_redact(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
4297 {
4298 nvlist_t *redactnvl = NULL;
4299 char *redactbook = NULL;
4300
4301 if (nvlist_lookup_nvlist(innvl, "snapnv", &redactnvl) != 0)
4302 return (SET_ERROR(EINVAL));
4303 if (fnvlist_num_pairs(redactnvl) == 0)
4304 return (SET_ERROR(ENXIO));
4305 if (nvlist_lookup_string(innvl, "bookname", &redactbook) != 0)
4306 return (SET_ERROR(EINVAL));
4307
4308 return (dmu_redact_snap(snapname, redactnvl, redactbook));
4309 }
4310
4311 /*
4312 * inputs:
4313 * zc_name old name of dataset
4314 * zc_value new name of dataset
4315 * zc_cookie recursive flag (only valid for snapshots)
4316 *
4317 * outputs: none
4318 */
4319 static int
zfs_ioc_rename(zfs_cmd_t * zc)4320 zfs_ioc_rename(zfs_cmd_t *zc)
4321 {
4322 objset_t *os;
4323 dmu_objset_type_t ost;
4324 boolean_t recursive = zc->zc_cookie & 1;
4325 boolean_t nounmount = !!(zc->zc_cookie & 2);
4326 char *at;
4327 int err;
4328
4329 /* "zfs rename" from and to ...%recv datasets should both fail */
4330 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
4331 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
4332 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0 ||
4333 dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
4334 strchr(zc->zc_name, '%') || strchr(zc->zc_value, '%'))
4335 return (SET_ERROR(EINVAL));
4336
4337 err = dmu_objset_hold(zc->zc_name, FTAG, &os);
4338 if (err != 0)
4339 return (err);
4340 ost = dmu_objset_type(os);
4341 dmu_objset_rele(os, FTAG);
4342
4343 at = strchr(zc->zc_name, '@');
4344 if (at != NULL) {
4345 /* snaps must be in same fs */
4346 int error;
4347
4348 if (strncmp(zc->zc_name, zc->zc_value, at - zc->zc_name + 1))
4349 return (SET_ERROR(EXDEV));
4350 *at = '\0';
4351 if (ost == DMU_OST_ZFS && !nounmount) {
4352 error = dmu_objset_find(zc->zc_name,
4353 recursive_unmount, at + 1,
4354 recursive ? DS_FIND_CHILDREN : 0);
4355 if (error != 0) {
4356 *at = '@';
4357 return (error);
4358 }
4359 }
4360 error = dsl_dataset_rename_snapshot(zc->zc_name,
4361 at + 1, strchr(zc->zc_value, '@') + 1, recursive);
4362 *at = '@';
4363
4364 return (error);
4365 } else {
4366 return (dsl_dir_rename(zc->zc_name, zc->zc_value));
4367 }
4368 }
4369
4370 static int
zfs_check_settable(const char * dsname,nvpair_t * pair,cred_t * cr)4371 zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr)
4372 {
4373 const char *propname = nvpair_name(pair);
4374 boolean_t issnap = (strchr(dsname, '@') != NULL);
4375 zfs_prop_t prop = zfs_name_to_prop(propname);
4376 uint64_t intval, compval;
4377 int err;
4378
4379 if (prop == ZPROP_INVAL) {
4380 if (zfs_prop_user(propname)) {
4381 if ((err = zfs_secpolicy_write_perms(dsname,
4382 ZFS_DELEG_PERM_USERPROP, cr)))
4383 return (err);
4384 return (0);
4385 }
4386
4387 if (!issnap && zfs_prop_userquota(propname)) {
4388 const char *perm = NULL;
4389 const char *uq_prefix =
4390 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA];
4391 const char *gq_prefix =
4392 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA];
4393 const char *uiq_prefix =
4394 zfs_userquota_prop_prefixes[ZFS_PROP_USEROBJQUOTA];
4395 const char *giq_prefix =
4396 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPOBJQUOTA];
4397 const char *pq_prefix =
4398 zfs_userquota_prop_prefixes[ZFS_PROP_PROJECTQUOTA];
4399 const char *piq_prefix = zfs_userquota_prop_prefixes[\
4400 ZFS_PROP_PROJECTOBJQUOTA];
4401
4402 if (strncmp(propname, uq_prefix,
4403 strlen(uq_prefix)) == 0) {
4404 perm = ZFS_DELEG_PERM_USERQUOTA;
4405 } else if (strncmp(propname, uiq_prefix,
4406 strlen(uiq_prefix)) == 0) {
4407 perm = ZFS_DELEG_PERM_USEROBJQUOTA;
4408 } else if (strncmp(propname, gq_prefix,
4409 strlen(gq_prefix)) == 0) {
4410 perm = ZFS_DELEG_PERM_GROUPQUOTA;
4411 } else if (strncmp(propname, giq_prefix,
4412 strlen(giq_prefix)) == 0) {
4413 perm = ZFS_DELEG_PERM_GROUPOBJQUOTA;
4414 } else if (strncmp(propname, pq_prefix,
4415 strlen(pq_prefix)) == 0) {
4416 perm = ZFS_DELEG_PERM_PROJECTQUOTA;
4417 } else if (strncmp(propname, piq_prefix,
4418 strlen(piq_prefix)) == 0) {
4419 perm = ZFS_DELEG_PERM_PROJECTOBJQUOTA;
4420 } else {
4421 /* {USER|GROUP|PROJECT}USED are read-only */
4422 return (SET_ERROR(EINVAL));
4423 }
4424
4425 if ((err = zfs_secpolicy_write_perms(dsname, perm, cr)))
4426 return (err);
4427 return (0);
4428 }
4429
4430 return (SET_ERROR(EINVAL));
4431 }
4432
4433 if (issnap)
4434 return (SET_ERROR(EINVAL));
4435
4436 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
4437 /*
4438 * dsl_prop_get_all_impl() returns properties in this
4439 * format.
4440 */
4441 nvlist_t *attrs;
4442 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
4443 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
4444 &pair) == 0);
4445 }
4446
4447 /*
4448 * Check that this value is valid for this pool version
4449 */
4450 switch (prop) {
4451 case ZFS_PROP_COMPRESSION:
4452 /*
4453 * If the user specified gzip compression, make sure
4454 * the SPA supports it. We ignore any errors here since
4455 * we'll catch them later.
4456 */
4457 if (nvpair_value_uint64(pair, &intval) == 0) {
4458 compval = ZIO_COMPRESS_ALGO(intval);
4459 if (compval >= ZIO_COMPRESS_GZIP_1 &&
4460 compval <= ZIO_COMPRESS_GZIP_9 &&
4461 zfs_earlier_version(dsname,
4462 SPA_VERSION_GZIP_COMPRESSION)) {
4463 return (SET_ERROR(ENOTSUP));
4464 }
4465
4466 if (compval == ZIO_COMPRESS_ZLE &&
4467 zfs_earlier_version(dsname,
4468 SPA_VERSION_ZLE_COMPRESSION))
4469 return (SET_ERROR(ENOTSUP));
4470
4471 if (compval == ZIO_COMPRESS_LZ4) {
4472 spa_t *spa;
4473
4474 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4475 return (err);
4476
4477 if (!spa_feature_is_enabled(spa,
4478 SPA_FEATURE_LZ4_COMPRESS)) {
4479 spa_close(spa, FTAG);
4480 return (SET_ERROR(ENOTSUP));
4481 }
4482 spa_close(spa, FTAG);
4483 }
4484
4485 if (compval == ZIO_COMPRESS_ZSTD) {
4486 spa_t *spa;
4487
4488 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4489 return (err);
4490
4491 if (!spa_feature_is_enabled(spa,
4492 SPA_FEATURE_ZSTD_COMPRESS)) {
4493 spa_close(spa, FTAG);
4494 return (SET_ERROR(ENOTSUP));
4495 }
4496 spa_close(spa, FTAG);
4497 }
4498 }
4499 break;
4500
4501 case ZFS_PROP_COPIES:
4502 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS))
4503 return (SET_ERROR(ENOTSUP));
4504 break;
4505
4506 case ZFS_PROP_VOLBLOCKSIZE:
4507 case ZFS_PROP_RECORDSIZE:
4508 /* Record sizes above 128k need the feature to be enabled */
4509 if (nvpair_value_uint64(pair, &intval) == 0 &&
4510 intval > SPA_OLD_MAXBLOCKSIZE) {
4511 spa_t *spa;
4512
4513 /*
4514 * We don't allow setting the property above 1MB,
4515 * unless the tunable has been changed.
4516 */
4517 if (intval > zfs_max_recordsize ||
4518 intval > SPA_MAXBLOCKSIZE)
4519 return (SET_ERROR(ERANGE));
4520
4521 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4522 return (err);
4523
4524 if (!spa_feature_is_enabled(spa,
4525 SPA_FEATURE_LARGE_BLOCKS)) {
4526 spa_close(spa, FTAG);
4527 return (SET_ERROR(ENOTSUP));
4528 }
4529 spa_close(spa, FTAG);
4530 }
4531 break;
4532
4533 case ZFS_PROP_DNODESIZE:
4534 /* Dnode sizes above 512 need the feature to be enabled */
4535 if (nvpair_value_uint64(pair, &intval) == 0 &&
4536 intval != ZFS_DNSIZE_LEGACY) {
4537 spa_t *spa;
4538
4539 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4540 return (err);
4541
4542 if (!spa_feature_is_enabled(spa,
4543 SPA_FEATURE_LARGE_DNODE)) {
4544 spa_close(spa, FTAG);
4545 return (SET_ERROR(ENOTSUP));
4546 }
4547 spa_close(spa, FTAG);
4548 }
4549 break;
4550
4551 case ZFS_PROP_SPECIAL_SMALL_BLOCKS:
4552 /*
4553 * This property could require the allocation classes
4554 * feature to be active for setting, however we allow
4555 * it so that tests of settable properties succeed.
4556 * The CLI will issue a warning in this case.
4557 */
4558 break;
4559
4560 case ZFS_PROP_SHARESMB:
4561 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID))
4562 return (SET_ERROR(ENOTSUP));
4563 break;
4564
4565 case ZFS_PROP_ACLINHERIT:
4566 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
4567 nvpair_value_uint64(pair, &intval) == 0) {
4568 if (intval == ZFS_ACL_PASSTHROUGH_X &&
4569 zfs_earlier_version(dsname,
4570 SPA_VERSION_PASSTHROUGH_X))
4571 return (SET_ERROR(ENOTSUP));
4572 }
4573 break;
4574 case ZFS_PROP_CHECKSUM:
4575 case ZFS_PROP_DEDUP:
4576 {
4577 spa_feature_t feature;
4578 spa_t *spa;
4579 int err;
4580
4581 /* dedup feature version checks */
4582 if (prop == ZFS_PROP_DEDUP &&
4583 zfs_earlier_version(dsname, SPA_VERSION_DEDUP))
4584 return (SET_ERROR(ENOTSUP));
4585
4586 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
4587 nvpair_value_uint64(pair, &intval) == 0) {
4588 /* check prop value is enabled in features */
4589 feature = zio_checksum_to_feature(
4590 intval & ZIO_CHECKSUM_MASK);
4591 if (feature == SPA_FEATURE_NONE)
4592 break;
4593
4594 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4595 return (err);
4596
4597 if (!spa_feature_is_enabled(spa, feature)) {
4598 spa_close(spa, FTAG);
4599 return (SET_ERROR(ENOTSUP));
4600 }
4601 spa_close(spa, FTAG);
4602 }
4603 break;
4604 }
4605
4606 default:
4607 break;
4608 }
4609
4610 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED()));
4611 }
4612
4613 /*
4614 * Removes properties from the given props list that fail permission checks
4615 * needed to clear them and to restore them in case of a receive error. For each
4616 * property, make sure we have both set and inherit permissions.
4617 *
4618 * Returns the first error encountered if any permission checks fail. If the
4619 * caller provides a non-NULL errlist, it also gives the complete list of names
4620 * of all the properties that failed a permission check along with the
4621 * corresponding error numbers. The caller is responsible for freeing the
4622 * returned errlist.
4623 *
4624 * If every property checks out successfully, zero is returned and the list
4625 * pointed at by errlist is NULL.
4626 */
4627 static int
zfs_check_clearable(const char * dataset,nvlist_t * props,nvlist_t ** errlist)4628 zfs_check_clearable(const char *dataset, nvlist_t *props, nvlist_t **errlist)
4629 {
4630 zfs_cmd_t *zc;
4631 nvpair_t *pair, *next_pair;
4632 nvlist_t *errors;
4633 int err, rv = 0;
4634
4635 if (props == NULL)
4636 return (0);
4637
4638 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
4639
4640 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP);
4641 (void) strlcpy(zc->zc_name, dataset, sizeof (zc->zc_name));
4642 pair = nvlist_next_nvpair(props, NULL);
4643 while (pair != NULL) {
4644 next_pair = nvlist_next_nvpair(props, pair);
4645
4646 (void) strlcpy(zc->zc_value, nvpair_name(pair),
4647 sizeof (zc->zc_value));
4648 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 ||
4649 (err = zfs_secpolicy_inherit_prop(zc, NULL, CRED())) != 0) {
4650 VERIFY(nvlist_remove_nvpair(props, pair) == 0);
4651 VERIFY(nvlist_add_int32(errors,
4652 zc->zc_value, err) == 0);
4653 }
4654 pair = next_pair;
4655 }
4656 kmem_free(zc, sizeof (zfs_cmd_t));
4657
4658 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
4659 nvlist_free(errors);
4660 errors = NULL;
4661 } else {
4662 VERIFY(nvpair_value_int32(pair, &rv) == 0);
4663 }
4664
4665 if (errlist == NULL)
4666 nvlist_free(errors);
4667 else
4668 *errlist = errors;
4669
4670 return (rv);
4671 }
4672
4673 static boolean_t
propval_equals(nvpair_t * p1,nvpair_t * p2)4674 propval_equals(nvpair_t *p1, nvpair_t *p2)
4675 {
4676 if (nvpair_type(p1) == DATA_TYPE_NVLIST) {
4677 /* dsl_prop_get_all_impl() format */
4678 nvlist_t *attrs;
4679 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0);
4680 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
4681 &p1) == 0);
4682 }
4683
4684 if (nvpair_type(p2) == DATA_TYPE_NVLIST) {
4685 nvlist_t *attrs;
4686 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0);
4687 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
4688 &p2) == 0);
4689 }
4690
4691 if (nvpair_type(p1) != nvpair_type(p2))
4692 return (B_FALSE);
4693
4694 if (nvpair_type(p1) == DATA_TYPE_STRING) {
4695 char *valstr1, *valstr2;
4696
4697 VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0);
4698 VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0);
4699 return (strcmp(valstr1, valstr2) == 0);
4700 } else {
4701 uint64_t intval1, intval2;
4702
4703 VERIFY(nvpair_value_uint64(p1, &intval1) == 0);
4704 VERIFY(nvpair_value_uint64(p2, &intval2) == 0);
4705 return (intval1 == intval2);
4706 }
4707 }
4708
4709 /*
4710 * Remove properties from props if they are not going to change (as determined
4711 * by comparison with origprops). Remove them from origprops as well, since we
4712 * do not need to clear or restore properties that won't change.
4713 */
4714 static void
props_reduce(nvlist_t * props,nvlist_t * origprops)4715 props_reduce(nvlist_t *props, nvlist_t *origprops)
4716 {
4717 nvpair_t *pair, *next_pair;
4718
4719 if (origprops == NULL)
4720 return; /* all props need to be received */
4721
4722 pair = nvlist_next_nvpair(props, NULL);
4723 while (pair != NULL) {
4724 const char *propname = nvpair_name(pair);
4725 nvpair_t *match;
4726
4727 next_pair = nvlist_next_nvpair(props, pair);
4728
4729 if ((nvlist_lookup_nvpair(origprops, propname,
4730 &match) != 0) || !propval_equals(pair, match))
4731 goto next; /* need to set received value */
4732
4733 /* don't clear the existing received value */
4734 (void) nvlist_remove_nvpair(origprops, match);
4735 /* don't bother receiving the property */
4736 (void) nvlist_remove_nvpair(props, pair);
4737 next:
4738 pair = next_pair;
4739 }
4740 }
4741
4742 /*
4743 * Extract properties that cannot be set PRIOR to the receipt of a dataset.
4744 * For example, refquota cannot be set until after the receipt of a dataset,
4745 * because in replication streams, an older/earlier snapshot may exceed the
4746 * refquota. We want to receive the older/earlier snapshot, but setting
4747 * refquota pre-receipt will set the dsl's ACTUAL quota, which will prevent
4748 * the older/earlier snapshot from being received (with EDQUOT).
4749 *
4750 * The ZFS test "zfs_receive_011_pos" demonstrates such a scenario.
4751 *
4752 * libzfs will need to be judicious handling errors encountered by props
4753 * extracted by this function.
4754 */
4755 static nvlist_t *
extract_delay_props(nvlist_t * props)4756 extract_delay_props(nvlist_t *props)
4757 {
4758 nvlist_t *delayprops;
4759 nvpair_t *nvp, *tmp;
4760 static const zfs_prop_t delayable[] = {
4761 ZFS_PROP_REFQUOTA,
4762 ZFS_PROP_KEYLOCATION,
4763 0
4764 };
4765 int i;
4766
4767 VERIFY(nvlist_alloc(&delayprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
4768
4769 for (nvp = nvlist_next_nvpair(props, NULL); nvp != NULL;
4770 nvp = nvlist_next_nvpair(props, nvp)) {
4771 /*
4772 * strcmp() is safe because zfs_prop_to_name() always returns
4773 * a bounded string.
4774 */
4775 for (i = 0; delayable[i] != 0; i++) {
4776 if (strcmp(zfs_prop_to_name(delayable[i]),
4777 nvpair_name(nvp)) == 0) {
4778 break;
4779 }
4780 }
4781 if (delayable[i] != 0) {
4782 tmp = nvlist_prev_nvpair(props, nvp);
4783 VERIFY(nvlist_add_nvpair(delayprops, nvp) == 0);
4784 VERIFY(nvlist_remove_nvpair(props, nvp) == 0);
4785 nvp = tmp;
4786 }
4787 }
4788
4789 if (nvlist_empty(delayprops)) {
4790 nvlist_free(delayprops);
4791 delayprops = NULL;
4792 }
4793 return (delayprops);
4794 }
4795
4796 static void
zfs_allow_log_destroy(void * arg)4797 zfs_allow_log_destroy(void *arg)
4798 {
4799 char *poolname = arg;
4800
4801 if (poolname != NULL)
4802 kmem_strfree(poolname);
4803 }
4804
4805 #ifdef ZFS_DEBUG
4806 static boolean_t zfs_ioc_recv_inject_err;
4807 #endif
4808
4809 /*
4810 * nvlist 'errors' is always allocated. It will contain descriptions of
4811 * encountered errors, if any. It's the callers responsibility to free.
4812 */
4813 static int
zfs_ioc_recv_impl(char * tofs,char * tosnap,char * origin,nvlist_t * recvprops,nvlist_t * localprops,nvlist_t * hidden_args,boolean_t force,boolean_t resumable,int input_fd,dmu_replay_record_t * begin_record,uint64_t * read_bytes,uint64_t * errflags,nvlist_t ** errors)4814 zfs_ioc_recv_impl(char *tofs, char *tosnap, char *origin, nvlist_t *recvprops,
4815 nvlist_t *localprops, nvlist_t *hidden_args, boolean_t force,
4816 boolean_t resumable, int input_fd,
4817 dmu_replay_record_t *begin_record, uint64_t *read_bytes,
4818 uint64_t *errflags, nvlist_t **errors)
4819 {
4820 dmu_recv_cookie_t drc;
4821 int error = 0;
4822 int props_error = 0;
4823 offset_t off, noff;
4824 nvlist_t *local_delayprops = NULL;
4825 nvlist_t *recv_delayprops = NULL;
4826 nvlist_t *origprops = NULL; /* existing properties */
4827 nvlist_t *origrecvd = NULL; /* existing received properties */
4828 boolean_t first_recvd_props = B_FALSE;
4829 boolean_t tofs_was_redacted;
4830 zfs_file_t *input_fp;
4831
4832 *read_bytes = 0;
4833 *errflags = 0;
4834 *errors = fnvlist_alloc();
4835 off = 0;
4836
4837 if ((error = zfs_file_get(input_fd, &input_fp)))
4838 return (error);
4839
4840 noff = off = zfs_file_off(input_fp);
4841 error = dmu_recv_begin(tofs, tosnap, begin_record, force,
4842 resumable, localprops, hidden_args, origin, &drc, input_fp,
4843 &off);
4844 if (error != 0)
4845 goto out;
4846 tofs_was_redacted = dsl_get_redacted(drc.drc_ds);
4847
4848 /*
4849 * Set properties before we receive the stream so that they are applied
4850 * to the new data. Note that we must call dmu_recv_stream() if
4851 * dmu_recv_begin() succeeds.
4852 */
4853 if (recvprops != NULL && !drc.drc_newfs) {
4854 if (spa_version(dsl_dataset_get_spa(drc.drc_ds)) >=
4855 SPA_VERSION_RECVD_PROPS &&
4856 !dsl_prop_get_hasrecvd(tofs))
4857 first_recvd_props = B_TRUE;
4858
4859 /*
4860 * If new received properties are supplied, they are to
4861 * completely replace the existing received properties,
4862 * so stash away the existing ones.
4863 */
4864 if (dsl_prop_get_received(tofs, &origrecvd) == 0) {
4865 nvlist_t *errlist = NULL;
4866 /*
4867 * Don't bother writing a property if its value won't
4868 * change (and avoid the unnecessary security checks).
4869 *
4870 * The first receive after SPA_VERSION_RECVD_PROPS is a
4871 * special case where we blow away all local properties
4872 * regardless.
4873 */
4874 if (!first_recvd_props)
4875 props_reduce(recvprops, origrecvd);
4876 if (zfs_check_clearable(tofs, origrecvd, &errlist) != 0)
4877 (void) nvlist_merge(*errors, errlist, 0);
4878 nvlist_free(errlist);
4879
4880 if (clear_received_props(tofs, origrecvd,
4881 first_recvd_props ? NULL : recvprops) != 0)
4882 *errflags |= ZPROP_ERR_NOCLEAR;
4883 } else {
4884 *errflags |= ZPROP_ERR_NOCLEAR;
4885 }
4886 }
4887
4888 /*
4889 * Stash away existing properties so we can restore them on error unless
4890 * we're doing the first receive after SPA_VERSION_RECVD_PROPS, in which
4891 * case "origrecvd" will take care of that.
4892 */
4893 if (localprops != NULL && !drc.drc_newfs && !first_recvd_props) {
4894 objset_t *os;
4895 if (dmu_objset_hold(tofs, FTAG, &os) == 0) {
4896 if (dsl_prop_get_all(os, &origprops) != 0) {
4897 *errflags |= ZPROP_ERR_NOCLEAR;
4898 }
4899 dmu_objset_rele(os, FTAG);
4900 } else {
4901 *errflags |= ZPROP_ERR_NOCLEAR;
4902 }
4903 }
4904
4905 if (recvprops != NULL) {
4906 props_error = dsl_prop_set_hasrecvd(tofs);
4907
4908 if (props_error == 0) {
4909 recv_delayprops = extract_delay_props(recvprops);
4910 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
4911 recvprops, *errors);
4912 }
4913 }
4914
4915 if (localprops != NULL) {
4916 nvlist_t *oprops = fnvlist_alloc();
4917 nvlist_t *xprops = fnvlist_alloc();
4918 nvpair_t *nvp = NULL;
4919
4920 while ((nvp = nvlist_next_nvpair(localprops, nvp)) != NULL) {
4921 if (nvpair_type(nvp) == DATA_TYPE_BOOLEAN) {
4922 /* -x property */
4923 const char *name = nvpair_name(nvp);
4924 zfs_prop_t prop = zfs_name_to_prop(name);
4925 if (prop != ZPROP_INVAL) {
4926 if (!zfs_prop_inheritable(prop))
4927 continue;
4928 } else if (!zfs_prop_user(name))
4929 continue;
4930 fnvlist_add_boolean(xprops, name);
4931 } else {
4932 /* -o property=value */
4933 fnvlist_add_nvpair(oprops, nvp);
4934 }
4935 }
4936
4937 local_delayprops = extract_delay_props(oprops);
4938 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL,
4939 oprops, *errors);
4940 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED,
4941 xprops, *errors);
4942
4943 nvlist_free(oprops);
4944 nvlist_free(xprops);
4945 }
4946
4947 error = dmu_recv_stream(&drc, &off);
4948
4949 if (error == 0) {
4950 zfsvfs_t *zfsvfs = NULL;
4951 zvol_state_handle_t *zv = NULL;
4952
4953 if (getzfsvfs(tofs, &zfsvfs) == 0) {
4954 /* online recv */
4955 dsl_dataset_t *ds;
4956 int end_err;
4957 boolean_t stream_is_redacted = DMU_GET_FEATUREFLAGS(
4958 begin_record->drr_u.drr_begin.
4959 drr_versioninfo) & DMU_BACKUP_FEATURE_REDACTED;
4960
4961 ds = dmu_objset_ds(zfsvfs->z_os);
4962 error = zfs_suspend_fs(zfsvfs);
4963 /*
4964 * If the suspend fails, then the recv_end will
4965 * likely also fail, and clean up after itself.
4966 */
4967 end_err = dmu_recv_end(&drc, zfsvfs);
4968 /*
4969 * If the dataset was not redacted, but we received a
4970 * redacted stream onto it, we need to unmount the
4971 * dataset. Otherwise, resume the filesystem.
4972 */
4973 if (error == 0 && !drc.drc_newfs &&
4974 stream_is_redacted && !tofs_was_redacted) {
4975 error = zfs_end_fs(zfsvfs, ds);
4976 } else if (error == 0) {
4977 error = zfs_resume_fs(zfsvfs, ds);
4978 }
4979 error = error ? error : end_err;
4980 zfs_vfs_rele(zfsvfs);
4981 } else if ((zv = zvol_suspend(tofs)) != NULL) {
4982 error = dmu_recv_end(&drc, zvol_tag(zv));
4983 zvol_resume(zv);
4984 } else {
4985 error = dmu_recv_end(&drc, NULL);
4986 }
4987
4988 /* Set delayed properties now, after we're done receiving. */
4989 if (recv_delayprops != NULL && error == 0) {
4990 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
4991 recv_delayprops, *errors);
4992 }
4993 if (local_delayprops != NULL && error == 0) {
4994 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL,
4995 local_delayprops, *errors);
4996 }
4997 }
4998
4999 /*
5000 * Merge delayed props back in with initial props, in case
5001 * we're DEBUG and zfs_ioc_recv_inject_err is set (which means
5002 * we have to make sure clear_received_props() includes
5003 * the delayed properties).
5004 *
5005 * Since zfs_ioc_recv_inject_err is only in DEBUG kernels,
5006 * using ASSERT() will be just like a VERIFY.
5007 */
5008 if (recv_delayprops != NULL) {
5009 ASSERT(nvlist_merge(recvprops, recv_delayprops, 0) == 0);
5010 nvlist_free(recv_delayprops);
5011 }
5012 if (local_delayprops != NULL) {
5013 ASSERT(nvlist_merge(localprops, local_delayprops, 0) == 0);
5014 nvlist_free(local_delayprops);
5015 }
5016 *read_bytes = off - noff;
5017
5018 #ifdef ZFS_DEBUG
5019 if (zfs_ioc_recv_inject_err) {
5020 zfs_ioc_recv_inject_err = B_FALSE;
5021 error = 1;
5022 }
5023 #endif
5024
5025 /*
5026 * On error, restore the original props.
5027 */
5028 if (error != 0 && recvprops != NULL && !drc.drc_newfs) {
5029 if (clear_received_props(tofs, recvprops, NULL) != 0) {
5030 /*
5031 * We failed to clear the received properties.
5032 * Since we may have left a $recvd value on the
5033 * system, we can't clear the $hasrecvd flag.
5034 */
5035 *errflags |= ZPROP_ERR_NORESTORE;
5036 } else if (first_recvd_props) {
5037 dsl_prop_unset_hasrecvd(tofs);
5038 }
5039
5040 if (origrecvd == NULL && !drc.drc_newfs) {
5041 /* We failed to stash the original properties. */
5042 *errflags |= ZPROP_ERR_NORESTORE;
5043 }
5044
5045 /*
5046 * dsl_props_set() will not convert RECEIVED to LOCAL on or
5047 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL
5048 * explicitly if we're restoring local properties cleared in the
5049 * first new-style receive.
5050 */
5051 if (origrecvd != NULL &&
5052 zfs_set_prop_nvlist(tofs, (first_recvd_props ?
5053 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED),
5054 origrecvd, NULL) != 0) {
5055 /*
5056 * We stashed the original properties but failed to
5057 * restore them.
5058 */
5059 *errflags |= ZPROP_ERR_NORESTORE;
5060 }
5061 }
5062 if (error != 0 && localprops != NULL && !drc.drc_newfs &&
5063 !first_recvd_props) {
5064 nvlist_t *setprops;
5065 nvlist_t *inheritprops;
5066 nvpair_t *nvp;
5067
5068 if (origprops == NULL) {
5069 /* We failed to stash the original properties. */
5070 *errflags |= ZPROP_ERR_NORESTORE;
5071 goto out;
5072 }
5073
5074 /* Restore original props */
5075 setprops = fnvlist_alloc();
5076 inheritprops = fnvlist_alloc();
5077 nvp = NULL;
5078 while ((nvp = nvlist_next_nvpair(localprops, nvp)) != NULL) {
5079 const char *name = nvpair_name(nvp);
5080 const char *source;
5081 nvlist_t *attrs;
5082
5083 if (!nvlist_exists(origprops, name)) {
5084 /*
5085 * Property was not present or was explicitly
5086 * inherited before the receive, restore this.
5087 */
5088 fnvlist_add_boolean(inheritprops, name);
5089 continue;
5090 }
5091 attrs = fnvlist_lookup_nvlist(origprops, name);
5092 source = fnvlist_lookup_string(attrs, ZPROP_SOURCE);
5093
5094 /* Skip received properties */
5095 if (strcmp(source, ZPROP_SOURCE_VAL_RECVD) == 0)
5096 continue;
5097
5098 if (strcmp(source, tofs) == 0) {
5099 /* Property was locally set */
5100 fnvlist_add_nvlist(setprops, name, attrs);
5101 } else {
5102 /* Property was implicitly inherited */
5103 fnvlist_add_boolean(inheritprops, name);
5104 }
5105 }
5106
5107 if (zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL, setprops,
5108 NULL) != 0)
5109 *errflags |= ZPROP_ERR_NORESTORE;
5110 if (zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED, inheritprops,
5111 NULL) != 0)
5112 *errflags |= ZPROP_ERR_NORESTORE;
5113
5114 nvlist_free(setprops);
5115 nvlist_free(inheritprops);
5116 }
5117 out:
5118 zfs_file_put(input_fd);
5119 nvlist_free(origrecvd);
5120 nvlist_free(origprops);
5121
5122 if (error == 0)
5123 error = props_error;
5124
5125 return (error);
5126 }
5127
5128 /*
5129 * inputs:
5130 * zc_name name of containing filesystem (unused)
5131 * zc_nvlist_src{_size} nvlist of properties to apply
5132 * zc_nvlist_conf{_size} nvlist of properties to exclude
5133 * (DATA_TYPE_BOOLEAN) and override (everything else)
5134 * zc_value name of snapshot to create
5135 * zc_string name of clone origin (if DRR_FLAG_CLONE)
5136 * zc_cookie file descriptor to recv from
5137 * zc_begin_record the BEGIN record of the stream (not byteswapped)
5138 * zc_guid force flag
5139 *
5140 * outputs:
5141 * zc_cookie number of bytes read
5142 * zc_obj zprop_errflags_t
5143 * zc_nvlist_dst{_size} error for each unapplied received property
5144 */
5145 static int
zfs_ioc_recv(zfs_cmd_t * zc)5146 zfs_ioc_recv(zfs_cmd_t *zc)
5147 {
5148 dmu_replay_record_t begin_record;
5149 nvlist_t *errors = NULL;
5150 nvlist_t *recvdprops = NULL;
5151 nvlist_t *localprops = NULL;
5152 char *origin = NULL;
5153 char *tosnap;
5154 char tofs[ZFS_MAX_DATASET_NAME_LEN];
5155 int error = 0;
5156
5157 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
5158 strchr(zc->zc_value, '@') == NULL ||
5159 strchr(zc->zc_value, '%'))
5160 return (SET_ERROR(EINVAL));
5161
5162 (void) strlcpy(tofs, zc->zc_value, sizeof (tofs));
5163 tosnap = strchr(tofs, '@');
5164 *tosnap++ = '\0';
5165
5166 if (zc->zc_nvlist_src != 0 &&
5167 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
5168 zc->zc_iflags, &recvdprops)) != 0)
5169 return (error);
5170
5171 if (zc->zc_nvlist_conf != 0 &&
5172 (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
5173 zc->zc_iflags, &localprops)) != 0)
5174 return (error);
5175
5176 if (zc->zc_string[0])
5177 origin = zc->zc_string;
5178
5179 begin_record.drr_type = DRR_BEGIN;
5180 begin_record.drr_payloadlen = 0;
5181 begin_record.drr_u.drr_begin = zc->zc_begin_record;
5182
5183 error = zfs_ioc_recv_impl(tofs, tosnap, origin, recvdprops, localprops,
5184 NULL, zc->zc_guid, B_FALSE, zc->zc_cookie, &begin_record,
5185 &zc->zc_cookie, &zc->zc_obj, &errors);
5186 nvlist_free(recvdprops);
5187 nvlist_free(localprops);
5188
5189 /*
5190 * Now that all props, initial and delayed, are set, report the prop
5191 * errors to the caller.
5192 */
5193 if (zc->zc_nvlist_dst_size != 0 && errors != NULL &&
5194 (nvlist_smush(errors, zc->zc_nvlist_dst_size) != 0 ||
5195 put_nvlist(zc, errors) != 0)) {
5196 /*
5197 * Caller made zc->zc_nvlist_dst less than the minimum expected
5198 * size or supplied an invalid address.
5199 */
5200 error = SET_ERROR(EINVAL);
5201 }
5202
5203 nvlist_free(errors);
5204
5205 return (error);
5206 }
5207
5208 /*
5209 * innvl: {
5210 * "snapname" -> full name of the snapshot to create
5211 * (optional) "props" -> received properties to set (nvlist)
5212 * (optional) "localprops" -> override and exclude properties (nvlist)
5213 * (optional) "origin" -> name of clone origin (DRR_FLAG_CLONE)
5214 * "begin_record" -> non-byteswapped dmu_replay_record_t
5215 * "input_fd" -> file descriptor to read stream from (int32)
5216 * (optional) "force" -> force flag (value ignored)
5217 * (optional) "resumable" -> resumable flag (value ignored)
5218 * (optional) "cleanup_fd" -> unused
5219 * (optional) "action_handle" -> unused
5220 * (optional) "hidden_args" -> { "wkeydata" -> value }
5221 * }
5222 *
5223 * outnvl: {
5224 * "read_bytes" -> number of bytes read
5225 * "error_flags" -> zprop_errflags_t
5226 * "errors" -> error for each unapplied received property (nvlist)
5227 * }
5228 */
5229 static const zfs_ioc_key_t zfs_keys_recv_new[] = {
5230 {"snapname", DATA_TYPE_STRING, 0},
5231 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
5232 {"localprops", DATA_TYPE_NVLIST, ZK_OPTIONAL},
5233 {"origin", DATA_TYPE_STRING, ZK_OPTIONAL},
5234 {"begin_record", DATA_TYPE_BYTE_ARRAY, 0},
5235 {"input_fd", DATA_TYPE_INT32, 0},
5236 {"force", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
5237 {"resumable", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
5238 {"cleanup_fd", DATA_TYPE_INT32, ZK_OPTIONAL},
5239 {"action_handle", DATA_TYPE_UINT64, ZK_OPTIONAL},
5240 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
5241 };
5242
5243 static int
zfs_ioc_recv_new(const char * fsname,nvlist_t * innvl,nvlist_t * outnvl)5244 zfs_ioc_recv_new(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
5245 {
5246 dmu_replay_record_t *begin_record;
5247 uint_t begin_record_size;
5248 nvlist_t *errors = NULL;
5249 nvlist_t *recvprops = NULL;
5250 nvlist_t *localprops = NULL;
5251 nvlist_t *hidden_args = NULL;
5252 char *snapname;
5253 char *origin = NULL;
5254 char *tosnap;
5255 char tofs[ZFS_MAX_DATASET_NAME_LEN];
5256 boolean_t force;
5257 boolean_t resumable;
5258 uint64_t read_bytes = 0;
5259 uint64_t errflags = 0;
5260 int input_fd = -1;
5261 int error;
5262
5263 snapname = fnvlist_lookup_string(innvl, "snapname");
5264
5265 if (dataset_namecheck(snapname, NULL, NULL) != 0 ||
5266 strchr(snapname, '@') == NULL ||
5267 strchr(snapname, '%'))
5268 return (SET_ERROR(EINVAL));
5269
5270 (void) strlcpy(tofs, snapname, sizeof (tofs));
5271 tosnap = strchr(tofs, '@');
5272 *tosnap++ = '\0';
5273
5274 error = nvlist_lookup_string(innvl, "origin", &origin);
5275 if (error && error != ENOENT)
5276 return (error);
5277
5278 error = nvlist_lookup_byte_array(innvl, "begin_record",
5279 (uchar_t **)&begin_record, &begin_record_size);
5280 if (error != 0 || begin_record_size != sizeof (*begin_record))
5281 return (SET_ERROR(EINVAL));
5282
5283 input_fd = fnvlist_lookup_int32(innvl, "input_fd");
5284
5285 force = nvlist_exists(innvl, "force");
5286 resumable = nvlist_exists(innvl, "resumable");
5287
5288 /* we still use "props" here for backwards compatibility */
5289 error = nvlist_lookup_nvlist(innvl, "props", &recvprops);
5290 if (error && error != ENOENT)
5291 return (error);
5292
5293 error = nvlist_lookup_nvlist(innvl, "localprops", &localprops);
5294 if (error && error != ENOENT)
5295 return (error);
5296
5297 error = nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args);
5298 if (error && error != ENOENT)
5299 return (error);
5300
5301 error = zfs_ioc_recv_impl(tofs, tosnap, origin, recvprops, localprops,
5302 hidden_args, force, resumable, input_fd, begin_record,
5303 &read_bytes, &errflags, &errors);
5304
5305 fnvlist_add_uint64(outnvl, "read_bytes", read_bytes);
5306 fnvlist_add_uint64(outnvl, "error_flags", errflags);
5307 fnvlist_add_nvlist(outnvl, "errors", errors);
5308
5309 nvlist_free(errors);
5310 nvlist_free(recvprops);
5311 nvlist_free(localprops);
5312
5313 return (error);
5314 }
5315
5316 typedef struct dump_bytes_io {
5317 zfs_file_t *dbi_fp;
5318 caddr_t dbi_buf;
5319 int dbi_len;
5320 int dbi_err;
5321 } dump_bytes_io_t;
5322
5323 static void
dump_bytes_cb(void * arg)5324 dump_bytes_cb(void *arg)
5325 {
5326 dump_bytes_io_t *dbi = (dump_bytes_io_t *)arg;
5327 zfs_file_t *fp;
5328 caddr_t buf;
5329
5330 fp = dbi->dbi_fp;
5331 buf = dbi->dbi_buf;
5332
5333 dbi->dbi_err = zfs_file_write(fp, buf, dbi->dbi_len, NULL);
5334 }
5335
5336 static int
dump_bytes(objset_t * os,void * buf,int len,void * arg)5337 dump_bytes(objset_t *os, void *buf, int len, void *arg)
5338 {
5339 dump_bytes_io_t dbi;
5340
5341 dbi.dbi_fp = arg;
5342 dbi.dbi_buf = buf;
5343 dbi.dbi_len = len;
5344
5345 #if defined(HAVE_LARGE_STACKS)
5346 dump_bytes_cb(&dbi);
5347 #else
5348 /*
5349 * The vn_rdwr() call is performed in a taskq to ensure that there is
5350 * always enough stack space to write safely to the target filesystem.
5351 * The ZIO_TYPE_FREE threads are used because there can be a lot of
5352 * them and they are used in vdev_file.c for a similar purpose.
5353 */
5354 spa_taskq_dispatch_sync(dmu_objset_spa(os), ZIO_TYPE_FREE,
5355 ZIO_TASKQ_ISSUE, dump_bytes_cb, &dbi, TQ_SLEEP);
5356 #endif /* HAVE_LARGE_STACKS */
5357
5358 return (dbi.dbi_err);
5359 }
5360
5361 /*
5362 * inputs:
5363 * zc_name name of snapshot to send
5364 * zc_cookie file descriptor to send stream to
5365 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj)
5366 * zc_sendobj objsetid of snapshot to send
5367 * zc_fromobj objsetid of incremental fromsnap (may be zero)
5368 * zc_guid if set, estimate size of stream only. zc_cookie is ignored.
5369 * output size in zc_objset_type.
5370 * zc_flags lzc_send_flags
5371 *
5372 * outputs:
5373 * zc_objset_type estimated size, if zc_guid is set
5374 *
5375 * NOTE: This is no longer the preferred interface, any new functionality
5376 * should be added to zfs_ioc_send_new() instead.
5377 */
5378 static int
zfs_ioc_send(zfs_cmd_t * zc)5379 zfs_ioc_send(zfs_cmd_t *zc)
5380 {
5381 int error;
5382 offset_t off;
5383 boolean_t estimate = (zc->zc_guid != 0);
5384 boolean_t embedok = (zc->zc_flags & 0x1);
5385 boolean_t large_block_ok = (zc->zc_flags & 0x2);
5386 boolean_t compressok = (zc->zc_flags & 0x4);
5387 boolean_t rawok = (zc->zc_flags & 0x8);
5388 boolean_t savedok = (zc->zc_flags & 0x10);
5389
5390 if (zc->zc_obj != 0) {
5391 dsl_pool_t *dp;
5392 dsl_dataset_t *tosnap;
5393
5394 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
5395 if (error != 0)
5396 return (error);
5397
5398 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &tosnap);
5399 if (error != 0) {
5400 dsl_pool_rele(dp, FTAG);
5401 return (error);
5402 }
5403
5404 if (dsl_dir_is_clone(tosnap->ds_dir))
5405 zc->zc_fromobj =
5406 dsl_dir_phys(tosnap->ds_dir)->dd_origin_obj;
5407 dsl_dataset_rele(tosnap, FTAG);
5408 dsl_pool_rele(dp, FTAG);
5409 }
5410
5411 if (estimate) {
5412 dsl_pool_t *dp;
5413 dsl_dataset_t *tosnap;
5414 dsl_dataset_t *fromsnap = NULL;
5415
5416 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
5417 if (error != 0)
5418 return (error);
5419
5420 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj,
5421 FTAG, &tosnap);
5422 if (error != 0) {
5423 dsl_pool_rele(dp, FTAG);
5424 return (error);
5425 }
5426
5427 if (zc->zc_fromobj != 0) {
5428 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj,
5429 FTAG, &fromsnap);
5430 if (error != 0) {
5431 dsl_dataset_rele(tosnap, FTAG);
5432 dsl_pool_rele(dp, FTAG);
5433 return (error);
5434 }
5435 }
5436
5437 error = dmu_send_estimate_fast(tosnap, fromsnap, NULL,
5438 compressok || rawok, savedok, &zc->zc_objset_type);
5439
5440 if (fromsnap != NULL)
5441 dsl_dataset_rele(fromsnap, FTAG);
5442 dsl_dataset_rele(tosnap, FTAG);
5443 dsl_pool_rele(dp, FTAG);
5444 } else {
5445 zfs_file_t *fp;
5446 dmu_send_outparams_t out = {0};
5447
5448 if ((error = zfs_file_get(zc->zc_cookie, &fp)))
5449 return (error);
5450
5451 off = zfs_file_off(fp);
5452 out.dso_outfunc = dump_bytes;
5453 out.dso_arg = fp;
5454 out.dso_dryrun = B_FALSE;
5455 error = dmu_send_obj(zc->zc_name, zc->zc_sendobj,
5456 zc->zc_fromobj, embedok, large_block_ok, compressok,
5457 rawok, savedok, zc->zc_cookie, &off, &out);
5458
5459 zfs_file_put(zc->zc_cookie);
5460 }
5461 return (error);
5462 }
5463
5464 /*
5465 * inputs:
5466 * zc_name name of snapshot on which to report progress
5467 * zc_cookie file descriptor of send stream
5468 *
5469 * outputs:
5470 * zc_cookie number of bytes written in send stream thus far
5471 * zc_objset_type logical size of data traversed by send thus far
5472 */
5473 static int
zfs_ioc_send_progress(zfs_cmd_t * zc)5474 zfs_ioc_send_progress(zfs_cmd_t *zc)
5475 {
5476 dsl_pool_t *dp;
5477 dsl_dataset_t *ds;
5478 dmu_sendstatus_t *dsp = NULL;
5479 int error;
5480
5481 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
5482 if (error != 0)
5483 return (error);
5484
5485 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds);
5486 if (error != 0) {
5487 dsl_pool_rele(dp, FTAG);
5488 return (error);
5489 }
5490
5491 mutex_enter(&ds->ds_sendstream_lock);
5492
5493 /*
5494 * Iterate over all the send streams currently active on this dataset.
5495 * If there's one which matches the specified file descriptor _and_ the
5496 * stream was started by the current process, return the progress of
5497 * that stream.
5498 */
5499
5500 for (dsp = list_head(&ds->ds_sendstreams); dsp != NULL;
5501 dsp = list_next(&ds->ds_sendstreams, dsp)) {
5502 if (dsp->dss_outfd == zc->zc_cookie &&
5503 zfs_proc_is_caller(dsp->dss_proc))
5504 break;
5505 }
5506
5507 if (dsp != NULL) {
5508 zc->zc_cookie = atomic_cas_64((volatile uint64_t *)dsp->dss_off,
5509 0, 0);
5510 /* This is the closest thing we have to atomic_read_64. */
5511 zc->zc_objset_type = atomic_cas_64(&dsp->dss_blocks, 0, 0);
5512 } else {
5513 error = SET_ERROR(ENOENT);
5514 }
5515
5516 mutex_exit(&ds->ds_sendstream_lock);
5517 dsl_dataset_rele(ds, FTAG);
5518 dsl_pool_rele(dp, FTAG);
5519 return (error);
5520 }
5521
5522 static int
zfs_ioc_inject_fault(zfs_cmd_t * zc)5523 zfs_ioc_inject_fault(zfs_cmd_t *zc)
5524 {
5525 int id, error;
5526
5527 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id,
5528 &zc->zc_inject_record);
5529
5530 if (error == 0)
5531 zc->zc_guid = (uint64_t)id;
5532
5533 return (error);
5534 }
5535
5536 static int
zfs_ioc_clear_fault(zfs_cmd_t * zc)5537 zfs_ioc_clear_fault(zfs_cmd_t *zc)
5538 {
5539 return (zio_clear_fault((int)zc->zc_guid));
5540 }
5541
5542 static int
zfs_ioc_inject_list_next(zfs_cmd_t * zc)5543 zfs_ioc_inject_list_next(zfs_cmd_t *zc)
5544 {
5545 int id = (int)zc->zc_guid;
5546 int error;
5547
5548 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name),
5549 &zc->zc_inject_record);
5550
5551 zc->zc_guid = id;
5552
5553 return (error);
5554 }
5555
5556 static int
zfs_ioc_error_log(zfs_cmd_t * zc)5557 zfs_ioc_error_log(zfs_cmd_t *zc)
5558 {
5559 spa_t *spa;
5560 int error;
5561 size_t count = (size_t)zc->zc_nvlist_dst_size;
5562
5563 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
5564 return (error);
5565
5566 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst,
5567 &count);
5568 if (error == 0)
5569 zc->zc_nvlist_dst_size = count;
5570 else
5571 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa);
5572
5573 spa_close(spa, FTAG);
5574
5575 return (error);
5576 }
5577
5578 static int
zfs_ioc_clear(zfs_cmd_t * zc)5579 zfs_ioc_clear(zfs_cmd_t *zc)
5580 {
5581 spa_t *spa;
5582 vdev_t *vd;
5583 int error;
5584
5585 /*
5586 * On zpool clear we also fix up missing slogs
5587 */
5588 mutex_enter(&spa_namespace_lock);
5589 spa = spa_lookup(zc->zc_name);
5590 if (spa == NULL) {
5591 mutex_exit(&spa_namespace_lock);
5592 return (SET_ERROR(EIO));
5593 }
5594 if (spa_get_log_state(spa) == SPA_LOG_MISSING) {
5595 /* we need to let spa_open/spa_load clear the chains */
5596 spa_set_log_state(spa, SPA_LOG_CLEAR);
5597 }
5598 spa->spa_last_open_failed = 0;
5599 mutex_exit(&spa_namespace_lock);
5600
5601 if (zc->zc_cookie & ZPOOL_NO_REWIND) {
5602 error = spa_open(zc->zc_name, &spa, FTAG);
5603 } else {
5604 nvlist_t *policy;
5605 nvlist_t *config = NULL;
5606
5607 if (zc->zc_nvlist_src == 0)
5608 return (SET_ERROR(EINVAL));
5609
5610 if ((error = get_nvlist(zc->zc_nvlist_src,
5611 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) {
5612 error = spa_open_rewind(zc->zc_name, &spa, FTAG,
5613 policy, &config);
5614 if (config != NULL) {
5615 int err;
5616
5617 if ((err = put_nvlist(zc, config)) != 0)
5618 error = err;
5619 nvlist_free(config);
5620 }
5621 nvlist_free(policy);
5622 }
5623 }
5624
5625 if (error != 0)
5626 return (error);
5627
5628 /*
5629 * If multihost is enabled, resuming I/O is unsafe as another
5630 * host may have imported the pool.
5631 */
5632 if (spa_multihost(spa) && spa_suspended(spa))
5633 return (SET_ERROR(EINVAL));
5634
5635 spa_vdev_state_enter(spa, SCL_NONE);
5636
5637 if (zc->zc_guid == 0) {
5638 vd = NULL;
5639 } else {
5640 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE);
5641 if (vd == NULL) {
5642 error = SET_ERROR(ENODEV);
5643 (void) spa_vdev_state_exit(spa, NULL, error);
5644 spa_close(spa, FTAG);
5645 return (error);
5646 }
5647 }
5648
5649 vdev_clear(spa, vd);
5650
5651 (void) spa_vdev_state_exit(spa, spa_suspended(spa) ?
5652 NULL : spa->spa_root_vdev, 0);
5653
5654 /*
5655 * Resume any suspended I/Os.
5656 */
5657 if (zio_resume(spa) != 0)
5658 error = SET_ERROR(EIO);
5659
5660 spa_close(spa, FTAG);
5661
5662 return (error);
5663 }
5664
5665 /*
5666 * Reopen all the vdevs associated with the pool.
5667 *
5668 * innvl: {
5669 * "scrub_restart" -> when true and scrub is running, allow to restart
5670 * scrub as the side effect of the reopen (boolean).
5671 * }
5672 *
5673 * outnvl is unused
5674 */
5675 static const zfs_ioc_key_t zfs_keys_pool_reopen[] = {
5676 {"scrub_restart", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
5677 };
5678
5679 /* ARGSUSED */
5680 static int
zfs_ioc_pool_reopen(const char * pool,nvlist_t * innvl,nvlist_t * outnvl)5681 zfs_ioc_pool_reopen(const char *pool, nvlist_t *innvl, nvlist_t *outnvl)
5682 {
5683 spa_t *spa;
5684 int error;
5685 boolean_t rc, scrub_restart = B_TRUE;
5686
5687 if (innvl) {
5688 error = nvlist_lookup_boolean_value(innvl,
5689 "scrub_restart", &rc);
5690 if (error == 0)
5691 scrub_restart = rc;
5692 }
5693
5694 error = spa_open(pool, &spa, FTAG);
5695 if (error != 0)
5696 return (error);
5697
5698 spa_vdev_state_enter(spa, SCL_NONE);
5699
5700 /*
5701 * If the scrub_restart flag is B_FALSE and a scrub is already
5702 * in progress then set spa_scrub_reopen flag to B_TRUE so that
5703 * we don't restart the scrub as a side effect of the reopen.
5704 * Otherwise, let vdev_open() decided if a resilver is required.
5705 */
5706
5707 spa->spa_scrub_reopen = (!scrub_restart &&
5708 dsl_scan_scrubbing(spa->spa_dsl_pool));
5709 vdev_reopen(spa->spa_root_vdev);
5710 spa->spa_scrub_reopen = B_FALSE;
5711
5712 (void) spa_vdev_state_exit(spa, NULL, 0);
5713 spa_close(spa, FTAG);
5714 return (0);
5715 }
5716
5717 /*
5718 * inputs:
5719 * zc_name name of filesystem
5720 *
5721 * outputs:
5722 * zc_string name of conflicting snapshot, if there is one
5723 */
5724 static int
zfs_ioc_promote(zfs_cmd_t * zc)5725 zfs_ioc_promote(zfs_cmd_t *zc)
5726 {
5727 dsl_pool_t *dp;
5728 dsl_dataset_t *ds, *ods;
5729 char origin[ZFS_MAX_DATASET_NAME_LEN];
5730 char *cp;
5731 int error;
5732
5733 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
5734 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0 ||
5735 strchr(zc->zc_name, '%'))
5736 return (SET_ERROR(EINVAL));
5737
5738 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
5739 if (error != 0)
5740 return (error);
5741
5742 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds);
5743 if (error != 0) {
5744 dsl_pool_rele(dp, FTAG);
5745 return (error);
5746 }
5747
5748 if (!dsl_dir_is_clone(ds->ds_dir)) {
5749 dsl_dataset_rele(ds, FTAG);
5750 dsl_pool_rele(dp, FTAG);
5751 return (SET_ERROR(EINVAL));
5752 }
5753
5754 error = dsl_dataset_hold_obj(dp,
5755 dsl_dir_phys(ds->ds_dir)->dd_origin_obj, FTAG, &ods);
5756 if (error != 0) {
5757 dsl_dataset_rele(ds, FTAG);
5758 dsl_pool_rele(dp, FTAG);
5759 return (error);
5760 }
5761
5762 dsl_dataset_name(ods, origin);
5763 dsl_dataset_rele(ods, FTAG);
5764 dsl_dataset_rele(ds, FTAG);
5765 dsl_pool_rele(dp, FTAG);
5766
5767 /*
5768 * We don't need to unmount *all* the origin fs's snapshots, but
5769 * it's easier.
5770 */
5771 cp = strchr(origin, '@');
5772 if (cp)
5773 *cp = '\0';
5774 (void) dmu_objset_find(origin,
5775 zfs_unmount_snap_cb, NULL, DS_FIND_SNAPSHOTS);
5776 return (dsl_dataset_promote(zc->zc_name, zc->zc_string));
5777 }
5778
5779 /*
5780 * Retrieve a single {user|group|project}{used|quota}@... property.
5781 *
5782 * inputs:
5783 * zc_name name of filesystem
5784 * zc_objset_type zfs_userquota_prop_t
5785 * zc_value domain name (eg. "S-1-234-567-89")
5786 * zc_guid RID/UID/GID
5787 *
5788 * outputs:
5789 * zc_cookie property value
5790 */
5791 static int
zfs_ioc_userspace_one(zfs_cmd_t * zc)5792 zfs_ioc_userspace_one(zfs_cmd_t *zc)
5793 {
5794 zfsvfs_t *zfsvfs;
5795 int error;
5796
5797 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
5798 return (SET_ERROR(EINVAL));
5799
5800 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
5801 if (error != 0)
5802 return (error);
5803
5804 error = zfs_userspace_one(zfsvfs,
5805 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie);
5806 zfsvfs_rele(zfsvfs, FTAG);
5807
5808 return (error);
5809 }
5810
5811 /*
5812 * inputs:
5813 * zc_name name of filesystem
5814 * zc_cookie zap cursor
5815 * zc_objset_type zfs_userquota_prop_t
5816 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist)
5817 *
5818 * outputs:
5819 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t)
5820 * zc_cookie zap cursor
5821 */
5822 static int
zfs_ioc_userspace_many(zfs_cmd_t * zc)5823 zfs_ioc_userspace_many(zfs_cmd_t *zc)
5824 {
5825 zfsvfs_t *zfsvfs;
5826 int bufsize = zc->zc_nvlist_dst_size;
5827
5828 if (bufsize <= 0)
5829 return (SET_ERROR(ENOMEM));
5830
5831 int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
5832 if (error != 0)
5833 return (error);
5834
5835 void *buf = vmem_alloc(bufsize, KM_SLEEP);
5836
5837 error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie,
5838 buf, &zc->zc_nvlist_dst_size);
5839
5840 if (error == 0) {
5841 error = xcopyout(buf,
5842 (void *)(uintptr_t)zc->zc_nvlist_dst,
5843 zc->zc_nvlist_dst_size);
5844 }
5845 vmem_free(buf, bufsize);
5846 zfsvfs_rele(zfsvfs, FTAG);
5847
5848 return (error);
5849 }
5850
5851 /*
5852 * inputs:
5853 * zc_name name of filesystem
5854 *
5855 * outputs:
5856 * none
5857 */
5858 static int
zfs_ioc_userspace_upgrade(zfs_cmd_t * zc)5859 zfs_ioc_userspace_upgrade(zfs_cmd_t *zc)
5860 {
5861 int error = 0;
5862 zfsvfs_t *zfsvfs;
5863
5864 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) {
5865 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) {
5866 /*
5867 * If userused is not enabled, it may be because the
5868 * objset needs to be closed & reopened (to grow the
5869 * objset_phys_t). Suspend/resume the fs will do that.
5870 */
5871 dsl_dataset_t *ds, *newds;
5872
5873 ds = dmu_objset_ds(zfsvfs->z_os);
5874 error = zfs_suspend_fs(zfsvfs);
5875 if (error == 0) {
5876 dmu_objset_refresh_ownership(ds, &newds,
5877 B_TRUE, zfsvfs);
5878 error = zfs_resume_fs(zfsvfs, newds);
5879 }
5880 }
5881 if (error == 0) {
5882 mutex_enter(&zfsvfs->z_os->os_upgrade_lock);
5883 if (zfsvfs->z_os->os_upgrade_id == 0) {
5884 /* clear potential error code and retry */
5885 zfsvfs->z_os->os_upgrade_status = 0;
5886 mutex_exit(&zfsvfs->z_os->os_upgrade_lock);
5887
5888 dsl_pool_config_enter(
5889 dmu_objset_pool(zfsvfs->z_os), FTAG);
5890 dmu_objset_userspace_upgrade(zfsvfs->z_os);
5891 dsl_pool_config_exit(
5892 dmu_objset_pool(zfsvfs->z_os), FTAG);
5893 } else {
5894 mutex_exit(&zfsvfs->z_os->os_upgrade_lock);
5895 }
5896
5897 taskq_wait_id(zfsvfs->z_os->os_spa->spa_upgrade_taskq,
5898 zfsvfs->z_os->os_upgrade_id);
5899 error = zfsvfs->z_os->os_upgrade_status;
5900 }
5901 zfs_vfs_rele(zfsvfs);
5902 } else {
5903 objset_t *os;
5904
5905 /* XXX kind of reading contents without owning */
5906 error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, FTAG, &os);
5907 if (error != 0)
5908 return (error);
5909
5910 mutex_enter(&os->os_upgrade_lock);
5911 if (os->os_upgrade_id == 0) {
5912 /* clear potential error code and retry */
5913 os->os_upgrade_status = 0;
5914 mutex_exit(&os->os_upgrade_lock);
5915
5916 dmu_objset_userspace_upgrade(os);
5917 } else {
5918 mutex_exit(&os->os_upgrade_lock);
5919 }
5920
5921 dsl_pool_rele(dmu_objset_pool(os), FTAG);
5922
5923 taskq_wait_id(os->os_spa->spa_upgrade_taskq, os->os_upgrade_id);
5924 error = os->os_upgrade_status;
5925
5926 dsl_dataset_rele_flags(dmu_objset_ds(os), DS_HOLD_FLAG_DECRYPT,
5927 FTAG);
5928 }
5929 return (error);
5930 }
5931
5932 /*
5933 * inputs:
5934 * zc_name name of filesystem
5935 *
5936 * outputs:
5937 * none
5938 */
5939 static int
zfs_ioc_id_quota_upgrade(zfs_cmd_t * zc)5940 zfs_ioc_id_quota_upgrade(zfs_cmd_t *zc)
5941 {
5942 objset_t *os;
5943 int error;
5944
5945 error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, FTAG, &os);
5946 if (error != 0)
5947 return (error);
5948
5949 if (dmu_objset_userobjspace_upgradable(os) ||
5950 dmu_objset_projectquota_upgradable(os)) {
5951 mutex_enter(&os->os_upgrade_lock);
5952 if (os->os_upgrade_id == 0) {
5953 /* clear potential error code and retry */
5954 os->os_upgrade_status = 0;
5955 mutex_exit(&os->os_upgrade_lock);
5956
5957 dmu_objset_id_quota_upgrade(os);
5958 } else {
5959 mutex_exit(&os->os_upgrade_lock);
5960 }
5961
5962 dsl_pool_rele(dmu_objset_pool(os), FTAG);
5963
5964 taskq_wait_id(os->os_spa->spa_upgrade_taskq, os->os_upgrade_id);
5965 error = os->os_upgrade_status;
5966 } else {
5967 dsl_pool_rele(dmu_objset_pool(os), FTAG);
5968 }
5969
5970 dsl_dataset_rele_flags(dmu_objset_ds(os), DS_HOLD_FLAG_DECRYPT, FTAG);
5971
5972 return (error);
5973 }
5974
5975 static int
zfs_ioc_share(zfs_cmd_t * zc)5976 zfs_ioc_share(zfs_cmd_t *zc)
5977 {
5978 return (SET_ERROR(ENOSYS));
5979 }
5980
5981 ace_t full_access[] = {
5982 {(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0}
5983 };
5984
5985 /*
5986 * inputs:
5987 * zc_name name of containing filesystem
5988 * zc_obj object # beyond which we want next in-use object #
5989 *
5990 * outputs:
5991 * zc_obj next in-use object #
5992 */
5993 static int
zfs_ioc_next_obj(zfs_cmd_t * zc)5994 zfs_ioc_next_obj(zfs_cmd_t *zc)
5995 {
5996 objset_t *os = NULL;
5997 int error;
5998
5999 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
6000 if (error != 0)
6001 return (error);
6002
6003 error = dmu_object_next(os, &zc->zc_obj, B_FALSE, 0);
6004
6005 dmu_objset_rele(os, FTAG);
6006 return (error);
6007 }
6008
6009 /*
6010 * inputs:
6011 * zc_name name of filesystem
6012 * zc_value prefix name for snapshot
6013 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process
6014 *
6015 * outputs:
6016 * zc_value short name of new snapshot
6017 */
6018 static int
zfs_ioc_tmp_snapshot(zfs_cmd_t * zc)6019 zfs_ioc_tmp_snapshot(zfs_cmd_t *zc)
6020 {
6021 char *snap_name;
6022 char *hold_name;
6023 int error;
6024 minor_t minor;
6025
6026 error = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor);
6027 if (error != 0)
6028 return (error);
6029
6030 snap_name = kmem_asprintf("%s-%016llx", zc->zc_value,
6031 (u_longlong_t)ddi_get_lbolt64());
6032 hold_name = kmem_asprintf("%%%s", zc->zc_value);
6033
6034 error = dsl_dataset_snapshot_tmp(zc->zc_name, snap_name, minor,
6035 hold_name);
6036 if (error == 0)
6037 (void) strlcpy(zc->zc_value, snap_name,
6038 sizeof (zc->zc_value));
6039 kmem_strfree(snap_name);
6040 kmem_strfree(hold_name);
6041 zfs_onexit_fd_rele(zc->zc_cleanup_fd);
6042 return (error);
6043 }
6044
6045 /*
6046 * inputs:
6047 * zc_name name of "to" snapshot
6048 * zc_value name of "from" snapshot
6049 * zc_cookie file descriptor to write diff data on
6050 *
6051 * outputs:
6052 * dmu_diff_record_t's to the file descriptor
6053 */
6054 static int
zfs_ioc_diff(zfs_cmd_t * zc)6055 zfs_ioc_diff(zfs_cmd_t *zc)
6056 {
6057 zfs_file_t *fp;
6058 offset_t off;
6059 int error;
6060
6061 if ((error = zfs_file_get(zc->zc_cookie, &fp)))
6062 return (error);
6063
6064 off = zfs_file_off(fp);
6065 error = dmu_diff(zc->zc_name, zc->zc_value, fp, &off);
6066
6067 zfs_file_put(zc->zc_cookie);
6068
6069 return (error);
6070 }
6071
6072 static int
zfs_ioc_smb_acl(zfs_cmd_t * zc)6073 zfs_ioc_smb_acl(zfs_cmd_t *zc)
6074 {
6075 return (SET_ERROR(ENOTSUP));
6076 }
6077
6078 /*
6079 * innvl: {
6080 * "holds" -> { snapname -> holdname (string), ... }
6081 * (optional) "cleanup_fd" -> fd (int32)
6082 * }
6083 *
6084 * outnvl: {
6085 * snapname -> error value (int32)
6086 * ...
6087 * }
6088 */
6089 static const zfs_ioc_key_t zfs_keys_hold[] = {
6090 {"holds", DATA_TYPE_NVLIST, 0},
6091 {"cleanup_fd", DATA_TYPE_INT32, ZK_OPTIONAL},
6092 };
6093
6094 /* ARGSUSED */
6095 static int
zfs_ioc_hold(const char * pool,nvlist_t * args,nvlist_t * errlist)6096 zfs_ioc_hold(const char *pool, nvlist_t *args, nvlist_t *errlist)
6097 {
6098 nvpair_t *pair;
6099 nvlist_t *holds;
6100 int cleanup_fd = -1;
6101 int error;
6102 minor_t minor = 0;
6103
6104 holds = fnvlist_lookup_nvlist(args, "holds");
6105
6106 /* make sure the user didn't pass us any invalid (empty) tags */
6107 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL;
6108 pair = nvlist_next_nvpair(holds, pair)) {
6109 char *htag;
6110
6111 error = nvpair_value_string(pair, &htag);
6112 if (error != 0)
6113 return (SET_ERROR(error));
6114
6115 if (strlen(htag) == 0)
6116 return (SET_ERROR(EINVAL));
6117 }
6118
6119 if (nvlist_lookup_int32(args, "cleanup_fd", &cleanup_fd) == 0) {
6120 error = zfs_onexit_fd_hold(cleanup_fd, &minor);
6121 if (error != 0)
6122 return (SET_ERROR(error));
6123 }
6124
6125 error = dsl_dataset_user_hold(holds, minor, errlist);
6126 if (minor != 0)
6127 zfs_onexit_fd_rele(cleanup_fd);
6128 return (SET_ERROR(error));
6129 }
6130
6131 /*
6132 * innvl is not used.
6133 *
6134 * outnvl: {
6135 * holdname -> time added (uint64 seconds since epoch)
6136 * ...
6137 * }
6138 */
6139 static const zfs_ioc_key_t zfs_keys_get_holds[] = {
6140 /* no nvl keys */
6141 };
6142
6143 /* ARGSUSED */
6144 static int
zfs_ioc_get_holds(const char * snapname,nvlist_t * args,nvlist_t * outnvl)6145 zfs_ioc_get_holds(const char *snapname, nvlist_t *args, nvlist_t *outnvl)
6146 {
6147 return (dsl_dataset_get_holds(snapname, outnvl));
6148 }
6149
6150 /*
6151 * innvl: {
6152 * snapname -> { holdname, ... }
6153 * ...
6154 * }
6155 *
6156 * outnvl: {
6157 * snapname -> error value (int32)
6158 * ...
6159 * }
6160 */
6161 static const zfs_ioc_key_t zfs_keys_release[] = {
6162 {"<snapname>...", DATA_TYPE_NVLIST, ZK_WILDCARDLIST},
6163 };
6164
6165 /* ARGSUSED */
6166 static int
zfs_ioc_release(const char * pool,nvlist_t * holds,nvlist_t * errlist)6167 zfs_ioc_release(const char *pool, nvlist_t *holds, nvlist_t *errlist)
6168 {
6169 return (dsl_dataset_user_release(holds, errlist));
6170 }
6171
6172 /*
6173 * inputs:
6174 * zc_guid flags (ZEVENT_NONBLOCK)
6175 * zc_cleanup_fd zevent file descriptor
6176 *
6177 * outputs:
6178 * zc_nvlist_dst next nvlist event
6179 * zc_cookie dropped events since last get
6180 */
6181 static int
zfs_ioc_events_next(zfs_cmd_t * zc)6182 zfs_ioc_events_next(zfs_cmd_t *zc)
6183 {
6184 zfs_zevent_t *ze;
6185 nvlist_t *event = NULL;
6186 minor_t minor;
6187 uint64_t dropped = 0;
6188 int error;
6189
6190 error = zfs_zevent_fd_hold(zc->zc_cleanup_fd, &minor, &ze);
6191 if (error != 0)
6192 return (error);
6193
6194 do {
6195 error = zfs_zevent_next(ze, &event,
6196 &zc->zc_nvlist_dst_size, &dropped);
6197 if (event != NULL) {
6198 zc->zc_cookie = dropped;
6199 error = put_nvlist(zc, event);
6200 nvlist_free(event);
6201 }
6202
6203 if (zc->zc_guid & ZEVENT_NONBLOCK)
6204 break;
6205
6206 if ((error == 0) || (error != ENOENT))
6207 break;
6208
6209 error = zfs_zevent_wait(ze);
6210 if (error != 0)
6211 break;
6212 } while (1);
6213
6214 zfs_zevent_fd_rele(zc->zc_cleanup_fd);
6215
6216 return (error);
6217 }
6218
6219 /*
6220 * outputs:
6221 * zc_cookie cleared events count
6222 */
6223 static int
zfs_ioc_events_clear(zfs_cmd_t * zc)6224 zfs_ioc_events_clear(zfs_cmd_t *zc)
6225 {
6226 int count;
6227
6228 zfs_zevent_drain_all(&count);
6229 zc->zc_cookie = count;
6230
6231 return (0);
6232 }
6233
6234 /*
6235 * inputs:
6236 * zc_guid eid | ZEVENT_SEEK_START | ZEVENT_SEEK_END
6237 * zc_cleanup zevent file descriptor
6238 */
6239 static int
zfs_ioc_events_seek(zfs_cmd_t * zc)6240 zfs_ioc_events_seek(zfs_cmd_t *zc)
6241 {
6242 zfs_zevent_t *ze;
6243 minor_t minor;
6244 int error;
6245
6246 error = zfs_zevent_fd_hold(zc->zc_cleanup_fd, &minor, &ze);
6247 if (error != 0)
6248 return (error);
6249
6250 error = zfs_zevent_seek(ze, zc->zc_guid);
6251 zfs_zevent_fd_rele(zc->zc_cleanup_fd);
6252
6253 return (error);
6254 }
6255
6256 /*
6257 * inputs:
6258 * zc_name name of later filesystem or snapshot
6259 * zc_value full name of old snapshot or bookmark
6260 *
6261 * outputs:
6262 * zc_cookie space in bytes
6263 * zc_objset_type compressed space in bytes
6264 * zc_perm_action uncompressed space in bytes
6265 */
6266 static int
zfs_ioc_space_written(zfs_cmd_t * zc)6267 zfs_ioc_space_written(zfs_cmd_t *zc)
6268 {
6269 int error;
6270 dsl_pool_t *dp;
6271 dsl_dataset_t *new;
6272
6273 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
6274 if (error != 0)
6275 return (error);
6276 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &new);
6277 if (error != 0) {
6278 dsl_pool_rele(dp, FTAG);
6279 return (error);
6280 }
6281 if (strchr(zc->zc_value, '#') != NULL) {
6282 zfs_bookmark_phys_t bmp;
6283 error = dsl_bookmark_lookup(dp, zc->zc_value,
6284 new, &bmp);
6285 if (error == 0) {
6286 error = dsl_dataset_space_written_bookmark(&bmp, new,
6287 &zc->zc_cookie,
6288 &zc->zc_objset_type, &zc->zc_perm_action);
6289 }
6290 } else {
6291 dsl_dataset_t *old;
6292 error = dsl_dataset_hold(dp, zc->zc_value, FTAG, &old);
6293
6294 if (error == 0) {
6295 error = dsl_dataset_space_written(old, new,
6296 &zc->zc_cookie,
6297 &zc->zc_objset_type, &zc->zc_perm_action);
6298 dsl_dataset_rele(old, FTAG);
6299 }
6300 }
6301 dsl_dataset_rele(new, FTAG);
6302 dsl_pool_rele(dp, FTAG);
6303 return (error);
6304 }
6305
6306 /*
6307 * innvl: {
6308 * "firstsnap" -> snapshot name
6309 * }
6310 *
6311 * outnvl: {
6312 * "used" -> space in bytes
6313 * "compressed" -> compressed space in bytes
6314 * "uncompressed" -> uncompressed space in bytes
6315 * }
6316 */
6317 static const zfs_ioc_key_t zfs_keys_space_snaps[] = {
6318 {"firstsnap", DATA_TYPE_STRING, 0},
6319 };
6320
6321 static int
zfs_ioc_space_snaps(const char * lastsnap,nvlist_t * innvl,nvlist_t * outnvl)6322 zfs_ioc_space_snaps(const char *lastsnap, nvlist_t *innvl, nvlist_t *outnvl)
6323 {
6324 int error;
6325 dsl_pool_t *dp;
6326 dsl_dataset_t *new, *old;
6327 char *firstsnap;
6328 uint64_t used, comp, uncomp;
6329
6330 firstsnap = fnvlist_lookup_string(innvl, "firstsnap");
6331
6332 error = dsl_pool_hold(lastsnap, FTAG, &dp);
6333 if (error != 0)
6334 return (error);
6335
6336 error = dsl_dataset_hold(dp, lastsnap, FTAG, &new);
6337 if (error == 0 && !new->ds_is_snapshot) {
6338 dsl_dataset_rele(new, FTAG);
6339 error = SET_ERROR(EINVAL);
6340 }
6341 if (error != 0) {
6342 dsl_pool_rele(dp, FTAG);
6343 return (error);
6344 }
6345 error = dsl_dataset_hold(dp, firstsnap, FTAG, &old);
6346 if (error == 0 && !old->ds_is_snapshot) {
6347 dsl_dataset_rele(old, FTAG);
6348 error = SET_ERROR(EINVAL);
6349 }
6350 if (error != 0) {
6351 dsl_dataset_rele(new, FTAG);
6352 dsl_pool_rele(dp, FTAG);
6353 return (error);
6354 }
6355
6356 error = dsl_dataset_space_wouldfree(old, new, &used, &comp, &uncomp);
6357 dsl_dataset_rele(old, FTAG);
6358 dsl_dataset_rele(new, FTAG);
6359 dsl_pool_rele(dp, FTAG);
6360 fnvlist_add_uint64(outnvl, "used", used);
6361 fnvlist_add_uint64(outnvl, "compressed", comp);
6362 fnvlist_add_uint64(outnvl, "uncompressed", uncomp);
6363 return (error);
6364 }
6365
6366 /*
6367 * innvl: {
6368 * "fd" -> file descriptor to write stream to (int32)
6369 * (optional) "fromsnap" -> full snap name to send an incremental from
6370 * (optional) "largeblockok" -> (value ignored)
6371 * indicates that blocks > 128KB are permitted
6372 * (optional) "embedok" -> (value ignored)
6373 * presence indicates DRR_WRITE_EMBEDDED records are permitted
6374 * (optional) "compressok" -> (value ignored)
6375 * presence indicates compressed DRR_WRITE records are permitted
6376 * (optional) "rawok" -> (value ignored)
6377 * presence indicates raw encrypted records should be used.
6378 * (optional) "savedok" -> (value ignored)
6379 * presence indicates we should send a partially received snapshot
6380 * (optional) "resume_object" and "resume_offset" -> (uint64)
6381 * if present, resume send stream from specified object and offset.
6382 * (optional) "redactbook" -> (string)
6383 * if present, use this bookmark's redaction list to generate a redacted
6384 * send stream
6385 * }
6386 *
6387 * outnvl is unused
6388 */
6389 static const zfs_ioc_key_t zfs_keys_send_new[] = {
6390 {"fd", DATA_TYPE_INT32, 0},
6391 {"fromsnap", DATA_TYPE_STRING, ZK_OPTIONAL},
6392 {"largeblockok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6393 {"embedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6394 {"compressok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6395 {"rawok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6396 {"savedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6397 {"resume_object", DATA_TYPE_UINT64, ZK_OPTIONAL},
6398 {"resume_offset", DATA_TYPE_UINT64, ZK_OPTIONAL},
6399 {"redactbook", DATA_TYPE_STRING, ZK_OPTIONAL},
6400 };
6401
6402 /* ARGSUSED */
6403 static int
zfs_ioc_send_new(const char * snapname,nvlist_t * innvl,nvlist_t * outnvl)6404 zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
6405 {
6406 int error;
6407 offset_t off;
6408 char *fromname = NULL;
6409 int fd;
6410 zfs_file_t *fp;
6411 boolean_t largeblockok;
6412 boolean_t embedok;
6413 boolean_t compressok;
6414 boolean_t rawok;
6415 boolean_t savedok;
6416 uint64_t resumeobj = 0;
6417 uint64_t resumeoff = 0;
6418 char *redactbook = NULL;
6419
6420 fd = fnvlist_lookup_int32(innvl, "fd");
6421
6422 (void) nvlist_lookup_string(innvl, "fromsnap", &fromname);
6423
6424 largeblockok = nvlist_exists(innvl, "largeblockok");
6425 embedok = nvlist_exists(innvl, "embedok");
6426 compressok = nvlist_exists(innvl, "compressok");
6427 rawok = nvlist_exists(innvl, "rawok");
6428 savedok = nvlist_exists(innvl, "savedok");
6429
6430 (void) nvlist_lookup_uint64(innvl, "resume_object", &resumeobj);
6431 (void) nvlist_lookup_uint64(innvl, "resume_offset", &resumeoff);
6432
6433 (void) nvlist_lookup_string(innvl, "redactbook", &redactbook);
6434
6435 if ((error = zfs_file_get(fd, &fp)))
6436 return (error);
6437
6438 off = zfs_file_off(fp);
6439
6440 dmu_send_outparams_t out = {0};
6441 out.dso_outfunc = dump_bytes;
6442 out.dso_arg = fp;
6443 out.dso_dryrun = B_FALSE;
6444 error = dmu_send(snapname, fromname, embedok, largeblockok,
6445 compressok, rawok, savedok, resumeobj, resumeoff,
6446 redactbook, fd, &off, &out);
6447
6448 zfs_file_put(fd);
6449 return (error);
6450 }
6451
6452 /* ARGSUSED */
6453 static int
send_space_sum(objset_t * os,void * buf,int len,void * arg)6454 send_space_sum(objset_t *os, void *buf, int len, void *arg)
6455 {
6456 uint64_t *size = arg;
6457 *size += len;
6458 return (0);
6459 }
6460
6461 /*
6462 * Determine approximately how large a zfs send stream will be -- the number
6463 * of bytes that will be written to the fd supplied to zfs_ioc_send_new().
6464 *
6465 * innvl: {
6466 * (optional) "from" -> full snap or bookmark name to send an incremental
6467 * from
6468 * (optional) "largeblockok" -> (value ignored)
6469 * indicates that blocks > 128KB are permitted
6470 * (optional) "embedok" -> (value ignored)
6471 * presence indicates DRR_WRITE_EMBEDDED records are permitted
6472 * (optional) "compressok" -> (value ignored)
6473 * presence indicates compressed DRR_WRITE records are permitted
6474 * (optional) "rawok" -> (value ignored)
6475 * presence indicates raw encrypted records should be used.
6476 * (optional) "resume_object" and "resume_offset" -> (uint64)
6477 * if present, resume send stream from specified object and offset.
6478 * (optional) "fd" -> file descriptor to use as a cookie for progress
6479 * tracking (int32)
6480 * }
6481 *
6482 * outnvl: {
6483 * "space" -> bytes of space (uint64)
6484 * }
6485 */
6486 static const zfs_ioc_key_t zfs_keys_send_space[] = {
6487 {"from", DATA_TYPE_STRING, ZK_OPTIONAL},
6488 {"fromsnap", DATA_TYPE_STRING, ZK_OPTIONAL},
6489 {"largeblockok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6490 {"embedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6491 {"compressok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6492 {"rawok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6493 {"fd", DATA_TYPE_INT32, ZK_OPTIONAL},
6494 {"redactbook", DATA_TYPE_STRING, ZK_OPTIONAL},
6495 {"resume_object", DATA_TYPE_UINT64, ZK_OPTIONAL},
6496 {"resume_offset", DATA_TYPE_UINT64, ZK_OPTIONAL},
6497 {"bytes", DATA_TYPE_UINT64, ZK_OPTIONAL},
6498 };
6499
6500 static int
zfs_ioc_send_space(const char * snapname,nvlist_t * innvl,nvlist_t * outnvl)6501 zfs_ioc_send_space(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
6502 {
6503 dsl_pool_t *dp;
6504 dsl_dataset_t *tosnap;
6505 dsl_dataset_t *fromsnap = NULL;
6506 int error;
6507 char *fromname = NULL;
6508 char *redactlist_book = NULL;
6509 boolean_t largeblockok;
6510 boolean_t embedok;
6511 boolean_t compressok;
6512 boolean_t rawok;
6513 boolean_t savedok;
6514 uint64_t space = 0;
6515 boolean_t full_estimate = B_FALSE;
6516 uint64_t resumeobj = 0;
6517 uint64_t resumeoff = 0;
6518 uint64_t resume_bytes = 0;
6519 int32_t fd = -1;
6520 zfs_bookmark_phys_t zbm = {0};
6521
6522 error = dsl_pool_hold(snapname, FTAG, &dp);
6523 if (error != 0)
6524 return (error);
6525
6526 error = dsl_dataset_hold(dp, snapname, FTAG, &tosnap);
6527 if (error != 0) {
6528 dsl_pool_rele(dp, FTAG);
6529 return (error);
6530 }
6531 (void) nvlist_lookup_int32(innvl, "fd", &fd);
6532
6533 largeblockok = nvlist_exists(innvl, "largeblockok");
6534 embedok = nvlist_exists(innvl, "embedok");
6535 compressok = nvlist_exists(innvl, "compressok");
6536 rawok = nvlist_exists(innvl, "rawok");
6537 savedok = nvlist_exists(innvl, "savedok");
6538 boolean_t from = (nvlist_lookup_string(innvl, "from", &fromname) == 0);
6539 boolean_t altbook = (nvlist_lookup_string(innvl, "redactbook",
6540 &redactlist_book) == 0);
6541
6542 (void) nvlist_lookup_uint64(innvl, "resume_object", &resumeobj);
6543 (void) nvlist_lookup_uint64(innvl, "resume_offset", &resumeoff);
6544 (void) nvlist_lookup_uint64(innvl, "bytes", &resume_bytes);
6545
6546 if (altbook) {
6547 full_estimate = B_TRUE;
6548 } else if (from) {
6549 if (strchr(fromname, '#')) {
6550 error = dsl_bookmark_lookup(dp, fromname, tosnap, &zbm);
6551
6552 /*
6553 * dsl_bookmark_lookup() will fail with EXDEV if
6554 * the from-bookmark and tosnap are at the same txg.
6555 * However, it's valid to do a send (and therefore,
6556 * a send estimate) from and to the same time point,
6557 * if the bookmark is redacted (the incremental send
6558 * can change what's redacted on the target). In
6559 * this case, dsl_bookmark_lookup() fills in zbm
6560 * but returns EXDEV. Ignore this error.
6561 */
6562 if (error == EXDEV && zbm.zbm_redaction_obj != 0 &&
6563 zbm.zbm_guid ==
6564 dsl_dataset_phys(tosnap)->ds_guid)
6565 error = 0;
6566
6567 if (error != 0) {
6568 dsl_dataset_rele(tosnap, FTAG);
6569 dsl_pool_rele(dp, FTAG);
6570 return (error);
6571 }
6572 if (zbm.zbm_redaction_obj != 0 || !(zbm.zbm_flags &
6573 ZBM_FLAG_HAS_FBN)) {
6574 full_estimate = B_TRUE;
6575 }
6576 } else if (strchr(fromname, '@')) {
6577 error = dsl_dataset_hold(dp, fromname, FTAG, &fromsnap);
6578 if (error != 0) {
6579 dsl_dataset_rele(tosnap, FTAG);
6580 dsl_pool_rele(dp, FTAG);
6581 return (error);
6582 }
6583
6584 if (!dsl_dataset_is_before(tosnap, fromsnap, 0)) {
6585 full_estimate = B_TRUE;
6586 dsl_dataset_rele(fromsnap, FTAG);
6587 }
6588 } else {
6589 /*
6590 * from is not properly formatted as a snapshot or
6591 * bookmark
6592 */
6593 dsl_dataset_rele(tosnap, FTAG);
6594 dsl_pool_rele(dp, FTAG);
6595 return (SET_ERROR(EINVAL));
6596 }
6597 }
6598
6599 if (full_estimate) {
6600 dmu_send_outparams_t out = {0};
6601 offset_t off = 0;
6602 out.dso_outfunc = send_space_sum;
6603 out.dso_arg = &space;
6604 out.dso_dryrun = B_TRUE;
6605 /*
6606 * We have to release these holds so dmu_send can take them. It
6607 * will do all the error checking we need.
6608 */
6609 dsl_dataset_rele(tosnap, FTAG);
6610 dsl_pool_rele(dp, FTAG);
6611 error = dmu_send(snapname, fromname, embedok, largeblockok,
6612 compressok, rawok, savedok, resumeobj, resumeoff,
6613 redactlist_book, fd, &off, &out);
6614 } else {
6615 error = dmu_send_estimate_fast(tosnap, fromsnap,
6616 (from && strchr(fromname, '#') != NULL ? &zbm : NULL),
6617 compressok || rawok, savedok, &space);
6618 space -= resume_bytes;
6619 if (fromsnap != NULL)
6620 dsl_dataset_rele(fromsnap, FTAG);
6621 dsl_dataset_rele(tosnap, FTAG);
6622 dsl_pool_rele(dp, FTAG);
6623 }
6624
6625 fnvlist_add_uint64(outnvl, "space", space);
6626
6627 return (error);
6628 }
6629
6630 /*
6631 * Sync the currently open TXG to disk for the specified pool.
6632 * This is somewhat similar to 'zfs_sync()'.
6633 * For cases that do not result in error this ioctl will wait for
6634 * the currently open TXG to commit before returning back to the caller.
6635 *
6636 * innvl: {
6637 * "force" -> when true, force uberblock update even if there is no dirty data.
6638 * In addition this will cause the vdev configuration to be written
6639 * out including updating the zpool cache file. (boolean_t)
6640 * }
6641 *
6642 * onvl is unused
6643 */
6644 static const zfs_ioc_key_t zfs_keys_pool_sync[] = {
6645 {"force", DATA_TYPE_BOOLEAN_VALUE, 0},
6646 };
6647
6648 /* ARGSUSED */
6649 static int
zfs_ioc_pool_sync(const char * pool,nvlist_t * innvl,nvlist_t * onvl)6650 zfs_ioc_pool_sync(const char *pool, nvlist_t *innvl, nvlist_t *onvl)
6651 {
6652 int err;
6653 boolean_t rc, force = B_FALSE;
6654 spa_t *spa;
6655
6656 if ((err = spa_open(pool, &spa, FTAG)) != 0)
6657 return (err);
6658
6659 if (innvl) {
6660 err = nvlist_lookup_boolean_value(innvl, "force", &rc);
6661 if (err == 0)
6662 force = rc;
6663 }
6664
6665 if (force) {
6666 spa_config_enter(spa, SCL_CONFIG, FTAG, RW_WRITER);
6667 vdev_config_dirty(spa->spa_root_vdev);
6668 spa_config_exit(spa, SCL_CONFIG, FTAG);
6669 }
6670 txg_wait_synced(spa_get_dsl(spa), 0);
6671
6672 spa_close(spa, FTAG);
6673
6674 return (0);
6675 }
6676
6677 /*
6678 * Load a user's wrapping key into the kernel.
6679 * innvl: {
6680 * "hidden_args" -> { "wkeydata" -> value }
6681 * raw uint8_t array of encryption wrapping key data (32 bytes)
6682 * (optional) "noop" -> (value ignored)
6683 * presence indicated key should only be verified, not loaded
6684 * }
6685 */
6686 static const zfs_ioc_key_t zfs_keys_load_key[] = {
6687 {"hidden_args", DATA_TYPE_NVLIST, 0},
6688 {"noop", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6689 };
6690
6691 /* ARGSUSED */
6692 static int
zfs_ioc_load_key(const char * dsname,nvlist_t * innvl,nvlist_t * outnvl)6693 zfs_ioc_load_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl)
6694 {
6695 int ret;
6696 dsl_crypto_params_t *dcp = NULL;
6697 nvlist_t *hidden_args;
6698 boolean_t noop = nvlist_exists(innvl, "noop");
6699
6700 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) {
6701 ret = SET_ERROR(EINVAL);
6702 goto error;
6703 }
6704
6705 hidden_args = fnvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS);
6706
6707 ret = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, NULL,
6708 hidden_args, &dcp);
6709 if (ret != 0)
6710 goto error;
6711
6712 ret = spa_keystore_load_wkey(dsname, dcp, noop);
6713 if (ret != 0)
6714 goto error;
6715
6716 dsl_crypto_params_free(dcp, noop);
6717
6718 return (0);
6719
6720 error:
6721 dsl_crypto_params_free(dcp, B_TRUE);
6722 return (ret);
6723 }
6724
6725 /*
6726 * Unload a user's wrapping key from the kernel.
6727 * Both innvl and outnvl are unused.
6728 */
6729 static const zfs_ioc_key_t zfs_keys_unload_key[] = {
6730 /* no nvl keys */
6731 };
6732
6733 /* ARGSUSED */
6734 static int
zfs_ioc_unload_key(const char * dsname,nvlist_t * innvl,nvlist_t * outnvl)6735 zfs_ioc_unload_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl)
6736 {
6737 int ret = 0;
6738
6739 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) {
6740 ret = (SET_ERROR(EINVAL));
6741 goto out;
6742 }
6743
6744 ret = spa_keystore_unload_wkey(dsname);
6745 if (ret != 0)
6746 goto out;
6747
6748 out:
6749 return (ret);
6750 }
6751
6752 /*
6753 * Changes a user's wrapping key used to decrypt a dataset. The keyformat,
6754 * keylocation, pbkdf2salt, and pbkdf2iters properties can also be specified
6755 * here to change how the key is derived in userspace.
6756 *
6757 * innvl: {
6758 * "hidden_args" (optional) -> { "wkeydata" -> value }
6759 * raw uint8_t array of new encryption wrapping key data (32 bytes)
6760 * "props" (optional) -> { prop -> value }
6761 * }
6762 *
6763 * outnvl is unused
6764 */
6765 static const zfs_ioc_key_t zfs_keys_change_key[] = {
6766 {"crypt_cmd", DATA_TYPE_UINT64, ZK_OPTIONAL},
6767 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
6768 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
6769 };
6770
6771 /* ARGSUSED */
6772 static int
zfs_ioc_change_key(const char * dsname,nvlist_t * innvl,nvlist_t * outnvl)6773 zfs_ioc_change_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl)
6774 {
6775 int ret;
6776 uint64_t cmd = DCP_CMD_NONE;
6777 dsl_crypto_params_t *dcp = NULL;
6778 nvlist_t *args = NULL, *hidden_args = NULL;
6779
6780 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) {
6781 ret = (SET_ERROR(EINVAL));
6782 goto error;
6783 }
6784
6785 (void) nvlist_lookup_uint64(innvl, "crypt_cmd", &cmd);
6786 (void) nvlist_lookup_nvlist(innvl, "props", &args);
6787 (void) nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args);
6788
6789 ret = dsl_crypto_params_create_nvlist(cmd, args, hidden_args, &dcp);
6790 if (ret != 0)
6791 goto error;
6792
6793 ret = spa_keystore_change_key(dsname, dcp);
6794 if (ret != 0)
6795 goto error;
6796
6797 dsl_crypto_params_free(dcp, B_FALSE);
6798
6799 return (0);
6800
6801 error:
6802 dsl_crypto_params_free(dcp, B_TRUE);
6803 return (ret);
6804 }
6805
6806 static zfs_ioc_vec_t zfs_ioc_vec[ZFS_IOC_LAST - ZFS_IOC_FIRST];
6807
6808 static void
zfs_ioctl_register_legacy(zfs_ioc_t ioc,zfs_ioc_legacy_func_t * func,zfs_secpolicy_func_t * secpolicy,zfs_ioc_namecheck_t namecheck,boolean_t log_history,zfs_ioc_poolcheck_t pool_check)6809 zfs_ioctl_register_legacy(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
6810 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
6811 boolean_t log_history, zfs_ioc_poolcheck_t pool_check)
6812 {
6813 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
6814
6815 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
6816 ASSERT3U(ioc, <, ZFS_IOC_LAST);
6817 ASSERT3P(vec->zvec_legacy_func, ==, NULL);
6818 ASSERT3P(vec->zvec_func, ==, NULL);
6819
6820 vec->zvec_legacy_func = func;
6821 vec->zvec_secpolicy = secpolicy;
6822 vec->zvec_namecheck = namecheck;
6823 vec->zvec_allow_log = log_history;
6824 vec->zvec_pool_check = pool_check;
6825 }
6826
6827 /*
6828 * See the block comment at the beginning of this file for details on
6829 * each argument to this function.
6830 */
6831 void
zfs_ioctl_register(const char * name,zfs_ioc_t ioc,zfs_ioc_func_t * func,zfs_secpolicy_func_t * secpolicy,zfs_ioc_namecheck_t namecheck,zfs_ioc_poolcheck_t pool_check,boolean_t smush_outnvlist,boolean_t allow_log,const zfs_ioc_key_t * nvl_keys,size_t num_keys)6832 zfs_ioctl_register(const char *name, zfs_ioc_t ioc, zfs_ioc_func_t *func,
6833 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
6834 zfs_ioc_poolcheck_t pool_check, boolean_t smush_outnvlist,
6835 boolean_t allow_log, const zfs_ioc_key_t *nvl_keys, size_t num_keys)
6836 {
6837 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
6838
6839 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
6840 ASSERT3U(ioc, <, ZFS_IOC_LAST);
6841 ASSERT3P(vec->zvec_legacy_func, ==, NULL);
6842 ASSERT3P(vec->zvec_func, ==, NULL);
6843
6844 /* if we are logging, the name must be valid */
6845 ASSERT(!allow_log || namecheck != NO_NAME);
6846
6847 vec->zvec_name = name;
6848 vec->zvec_func = func;
6849 vec->zvec_secpolicy = secpolicy;
6850 vec->zvec_namecheck = namecheck;
6851 vec->zvec_pool_check = pool_check;
6852 vec->zvec_smush_outnvlist = smush_outnvlist;
6853 vec->zvec_allow_log = allow_log;
6854 vec->zvec_nvl_keys = nvl_keys;
6855 vec->zvec_nvl_key_count = num_keys;
6856 }
6857
6858 static void
zfs_ioctl_register_pool(zfs_ioc_t ioc,zfs_ioc_legacy_func_t * func,zfs_secpolicy_func_t * secpolicy,boolean_t log_history,zfs_ioc_poolcheck_t pool_check)6859 zfs_ioctl_register_pool(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
6860 zfs_secpolicy_func_t *secpolicy, boolean_t log_history,
6861 zfs_ioc_poolcheck_t pool_check)
6862 {
6863 zfs_ioctl_register_legacy(ioc, func, secpolicy,
6864 POOL_NAME, log_history, pool_check);
6865 }
6866
6867 void
zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc,zfs_ioc_legacy_func_t * func,zfs_secpolicy_func_t * secpolicy,zfs_ioc_poolcheck_t pool_check)6868 zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
6869 zfs_secpolicy_func_t *secpolicy, zfs_ioc_poolcheck_t pool_check)
6870 {
6871 zfs_ioctl_register_legacy(ioc, func, secpolicy,
6872 DATASET_NAME, B_FALSE, pool_check);
6873 }
6874
6875 static void
zfs_ioctl_register_pool_modify(zfs_ioc_t ioc,zfs_ioc_legacy_func_t * func)6876 zfs_ioctl_register_pool_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
6877 {
6878 zfs_ioctl_register_legacy(ioc, func, zfs_secpolicy_config,
6879 POOL_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
6880 }
6881
6882 static void
zfs_ioctl_register_pool_meta(zfs_ioc_t ioc,zfs_ioc_legacy_func_t * func,zfs_secpolicy_func_t * secpolicy)6883 zfs_ioctl_register_pool_meta(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
6884 zfs_secpolicy_func_t *secpolicy)
6885 {
6886 zfs_ioctl_register_legacy(ioc, func, secpolicy,
6887 NO_NAME, B_FALSE, POOL_CHECK_NONE);
6888 }
6889
6890 static void
zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc,zfs_ioc_legacy_func_t * func,zfs_secpolicy_func_t * secpolicy)6891 zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc,
6892 zfs_ioc_legacy_func_t *func, zfs_secpolicy_func_t *secpolicy)
6893 {
6894 zfs_ioctl_register_legacy(ioc, func, secpolicy,
6895 DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED);
6896 }
6897
6898 static void
zfs_ioctl_register_dataset_read(zfs_ioc_t ioc,zfs_ioc_legacy_func_t * func)6899 zfs_ioctl_register_dataset_read(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
6900 {
6901 zfs_ioctl_register_dataset_read_secpolicy(ioc, func,
6902 zfs_secpolicy_read);
6903 }
6904
6905 static void
zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc,zfs_ioc_legacy_func_t * func,zfs_secpolicy_func_t * secpolicy)6906 zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
6907 zfs_secpolicy_func_t *secpolicy)
6908 {
6909 zfs_ioctl_register_legacy(ioc, func, secpolicy,
6910 DATASET_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
6911 }
6912
6913 static void
zfs_ioctl_init(void)6914 zfs_ioctl_init(void)
6915 {
6916 zfs_ioctl_register("snapshot", ZFS_IOC_SNAPSHOT,
6917 zfs_ioc_snapshot, zfs_secpolicy_snapshot, POOL_NAME,
6918 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
6919 zfs_keys_snapshot, ARRAY_SIZE(zfs_keys_snapshot));
6920
6921 zfs_ioctl_register("log_history", ZFS_IOC_LOG_HISTORY,
6922 zfs_ioc_log_history, zfs_secpolicy_log_history, NO_NAME,
6923 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
6924 zfs_keys_log_history, ARRAY_SIZE(zfs_keys_log_history));
6925
6926 zfs_ioctl_register("space_snaps", ZFS_IOC_SPACE_SNAPS,
6927 zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME,
6928 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
6929 zfs_keys_space_snaps, ARRAY_SIZE(zfs_keys_space_snaps));
6930
6931 zfs_ioctl_register("send", ZFS_IOC_SEND_NEW,
6932 zfs_ioc_send_new, zfs_secpolicy_send_new, DATASET_NAME,
6933 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
6934 zfs_keys_send_new, ARRAY_SIZE(zfs_keys_send_new));
6935
6936 zfs_ioctl_register("send_space", ZFS_IOC_SEND_SPACE,
6937 zfs_ioc_send_space, zfs_secpolicy_read, DATASET_NAME,
6938 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
6939 zfs_keys_send_space, ARRAY_SIZE(zfs_keys_send_space));
6940
6941 zfs_ioctl_register("create", ZFS_IOC_CREATE,
6942 zfs_ioc_create, zfs_secpolicy_create_clone, DATASET_NAME,
6943 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
6944 zfs_keys_create, ARRAY_SIZE(zfs_keys_create));
6945
6946 zfs_ioctl_register("clone", ZFS_IOC_CLONE,
6947 zfs_ioc_clone, zfs_secpolicy_create_clone, DATASET_NAME,
6948 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
6949 zfs_keys_clone, ARRAY_SIZE(zfs_keys_clone));
6950
6951 zfs_ioctl_register("remap", ZFS_IOC_REMAP,
6952 zfs_ioc_remap, zfs_secpolicy_none, DATASET_NAME,
6953 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE,
6954 zfs_keys_remap, ARRAY_SIZE(zfs_keys_remap));
6955
6956 zfs_ioctl_register("destroy_snaps", ZFS_IOC_DESTROY_SNAPS,
6957 zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, POOL_NAME,
6958 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
6959 zfs_keys_destroy_snaps, ARRAY_SIZE(zfs_keys_destroy_snaps));
6960
6961 zfs_ioctl_register("hold", ZFS_IOC_HOLD,
6962 zfs_ioc_hold, zfs_secpolicy_hold, POOL_NAME,
6963 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
6964 zfs_keys_hold, ARRAY_SIZE(zfs_keys_hold));
6965 zfs_ioctl_register("release", ZFS_IOC_RELEASE,
6966 zfs_ioc_release, zfs_secpolicy_release, POOL_NAME,
6967 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
6968 zfs_keys_release, ARRAY_SIZE(zfs_keys_release));
6969
6970 zfs_ioctl_register("get_holds", ZFS_IOC_GET_HOLDS,
6971 zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME,
6972 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
6973 zfs_keys_get_holds, ARRAY_SIZE(zfs_keys_get_holds));
6974
6975 zfs_ioctl_register("rollback", ZFS_IOC_ROLLBACK,
6976 zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME,
6977 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE,
6978 zfs_keys_rollback, ARRAY_SIZE(zfs_keys_rollback));
6979
6980 zfs_ioctl_register("bookmark", ZFS_IOC_BOOKMARK,
6981 zfs_ioc_bookmark, zfs_secpolicy_bookmark, POOL_NAME,
6982 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
6983 zfs_keys_bookmark, ARRAY_SIZE(zfs_keys_bookmark));
6984
6985 zfs_ioctl_register("get_bookmarks", ZFS_IOC_GET_BOOKMARKS,
6986 zfs_ioc_get_bookmarks, zfs_secpolicy_read, DATASET_NAME,
6987 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
6988 zfs_keys_get_bookmarks, ARRAY_SIZE(zfs_keys_get_bookmarks));
6989
6990 zfs_ioctl_register("get_bookmark_props", ZFS_IOC_GET_BOOKMARK_PROPS,
6991 zfs_ioc_get_bookmark_props, zfs_secpolicy_read, ENTITY_NAME,
6992 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE, zfs_keys_get_bookmark_props,
6993 ARRAY_SIZE(zfs_keys_get_bookmark_props));
6994
6995 zfs_ioctl_register("destroy_bookmarks", ZFS_IOC_DESTROY_BOOKMARKS,
6996 zfs_ioc_destroy_bookmarks, zfs_secpolicy_destroy_bookmarks,
6997 POOL_NAME,
6998 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
6999 zfs_keys_destroy_bookmarks,
7000 ARRAY_SIZE(zfs_keys_destroy_bookmarks));
7001
7002 zfs_ioctl_register("receive", ZFS_IOC_RECV_NEW,
7003 zfs_ioc_recv_new, zfs_secpolicy_recv_new, DATASET_NAME,
7004 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7005 zfs_keys_recv_new, ARRAY_SIZE(zfs_keys_recv_new));
7006 zfs_ioctl_register("load-key", ZFS_IOC_LOAD_KEY,
7007 zfs_ioc_load_key, zfs_secpolicy_load_key,
7008 DATASET_NAME, POOL_CHECK_SUSPENDED, B_TRUE, B_TRUE,
7009 zfs_keys_load_key, ARRAY_SIZE(zfs_keys_load_key));
7010 zfs_ioctl_register("unload-key", ZFS_IOC_UNLOAD_KEY,
7011 zfs_ioc_unload_key, zfs_secpolicy_load_key,
7012 DATASET_NAME, POOL_CHECK_SUSPENDED, B_TRUE, B_TRUE,
7013 zfs_keys_unload_key, ARRAY_SIZE(zfs_keys_unload_key));
7014 zfs_ioctl_register("change-key", ZFS_IOC_CHANGE_KEY,
7015 zfs_ioc_change_key, zfs_secpolicy_change_key,
7016 DATASET_NAME, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY,
7017 B_TRUE, B_TRUE, zfs_keys_change_key,
7018 ARRAY_SIZE(zfs_keys_change_key));
7019
7020 zfs_ioctl_register("sync", ZFS_IOC_POOL_SYNC,
7021 zfs_ioc_pool_sync, zfs_secpolicy_none, POOL_NAME,
7022 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
7023 zfs_keys_pool_sync, ARRAY_SIZE(zfs_keys_pool_sync));
7024 zfs_ioctl_register("reopen", ZFS_IOC_POOL_REOPEN, zfs_ioc_pool_reopen,
7025 zfs_secpolicy_config, POOL_NAME, POOL_CHECK_SUSPENDED, B_TRUE,
7026 B_TRUE, zfs_keys_pool_reopen, ARRAY_SIZE(zfs_keys_pool_reopen));
7027
7028 zfs_ioctl_register("channel_program", ZFS_IOC_CHANNEL_PROGRAM,
7029 zfs_ioc_channel_program, zfs_secpolicy_config,
7030 POOL_NAME, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE,
7031 B_TRUE, zfs_keys_channel_program,
7032 ARRAY_SIZE(zfs_keys_channel_program));
7033
7034 zfs_ioctl_register("redact", ZFS_IOC_REDACT,
7035 zfs_ioc_redact, zfs_secpolicy_config, DATASET_NAME,
7036 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7037 zfs_keys_redact, ARRAY_SIZE(zfs_keys_redact));
7038
7039 zfs_ioctl_register("zpool_checkpoint", ZFS_IOC_POOL_CHECKPOINT,
7040 zfs_ioc_pool_checkpoint, zfs_secpolicy_config, POOL_NAME,
7041 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7042 zfs_keys_pool_checkpoint, ARRAY_SIZE(zfs_keys_pool_checkpoint));
7043
7044 zfs_ioctl_register("zpool_discard_checkpoint",
7045 ZFS_IOC_POOL_DISCARD_CHECKPOINT, zfs_ioc_pool_discard_checkpoint,
7046 zfs_secpolicy_config, POOL_NAME,
7047 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7048 zfs_keys_pool_discard_checkpoint,
7049 ARRAY_SIZE(zfs_keys_pool_discard_checkpoint));
7050
7051 zfs_ioctl_register("initialize", ZFS_IOC_POOL_INITIALIZE,
7052 zfs_ioc_pool_initialize, zfs_secpolicy_config, POOL_NAME,
7053 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7054 zfs_keys_pool_initialize, ARRAY_SIZE(zfs_keys_pool_initialize));
7055
7056 zfs_ioctl_register("trim", ZFS_IOC_POOL_TRIM,
7057 zfs_ioc_pool_trim, zfs_secpolicy_config, POOL_NAME,
7058 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7059 zfs_keys_pool_trim, ARRAY_SIZE(zfs_keys_pool_trim));
7060
7061 zfs_ioctl_register("wait", ZFS_IOC_WAIT,
7062 zfs_ioc_wait, zfs_secpolicy_none, POOL_NAME,
7063 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
7064 zfs_keys_pool_wait, ARRAY_SIZE(zfs_keys_pool_wait));
7065
7066 zfs_ioctl_register("wait_fs", ZFS_IOC_WAIT_FS,
7067 zfs_ioc_wait_fs, zfs_secpolicy_none, DATASET_NAME,
7068 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
7069 zfs_keys_fs_wait, ARRAY_SIZE(zfs_keys_fs_wait));
7070
7071 zfs_ioctl_register("set_bootenv", ZFS_IOC_SET_BOOTENV,
7072 zfs_ioc_set_bootenv, zfs_secpolicy_config, POOL_NAME,
7073 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE,
7074 zfs_keys_set_bootenv, ARRAY_SIZE(zfs_keys_set_bootenv));
7075
7076 zfs_ioctl_register("get_bootenv", ZFS_IOC_GET_BOOTENV,
7077 zfs_ioc_get_bootenv, zfs_secpolicy_none, POOL_NAME,
7078 POOL_CHECK_SUSPENDED, B_FALSE, B_TRUE,
7079 zfs_keys_get_bootenv, ARRAY_SIZE(zfs_keys_get_bootenv));
7080
7081 /* IOCTLS that use the legacy function signature */
7082
7083 zfs_ioctl_register_legacy(ZFS_IOC_POOL_FREEZE, zfs_ioc_pool_freeze,
7084 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_READONLY);
7085
7086 zfs_ioctl_register_pool(ZFS_IOC_POOL_CREATE, zfs_ioc_pool_create,
7087 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
7088 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SCAN,
7089 zfs_ioc_pool_scan);
7090 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_UPGRADE,
7091 zfs_ioc_pool_upgrade);
7092 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ADD,
7093 zfs_ioc_vdev_add);
7094 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_REMOVE,
7095 zfs_ioc_vdev_remove);
7096 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SET_STATE,
7097 zfs_ioc_vdev_set_state);
7098 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ATTACH,
7099 zfs_ioc_vdev_attach);
7100 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_DETACH,
7101 zfs_ioc_vdev_detach);
7102 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETPATH,
7103 zfs_ioc_vdev_setpath);
7104 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETFRU,
7105 zfs_ioc_vdev_setfru);
7106 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SET_PROPS,
7107 zfs_ioc_pool_set_props);
7108 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SPLIT,
7109 zfs_ioc_vdev_split);
7110 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_REGUID,
7111 zfs_ioc_pool_reguid);
7112
7113 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_CONFIGS,
7114 zfs_ioc_pool_configs, zfs_secpolicy_none);
7115 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_TRYIMPORT,
7116 zfs_ioc_pool_tryimport, zfs_secpolicy_config);
7117 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_FAULT,
7118 zfs_ioc_inject_fault, zfs_secpolicy_inject);
7119 zfs_ioctl_register_pool_meta(ZFS_IOC_CLEAR_FAULT,
7120 zfs_ioc_clear_fault, zfs_secpolicy_inject);
7121 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_LIST_NEXT,
7122 zfs_ioc_inject_list_next, zfs_secpolicy_inject);
7123
7124 /*
7125 * pool destroy, and export don't log the history as part of
7126 * zfsdev_ioctl, but rather zfs_ioc_pool_export
7127 * does the logging of those commands.
7128 */
7129 zfs_ioctl_register_pool(ZFS_IOC_POOL_DESTROY, zfs_ioc_pool_destroy,
7130 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
7131 zfs_ioctl_register_pool(ZFS_IOC_POOL_EXPORT, zfs_ioc_pool_export,
7132 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
7133
7134 zfs_ioctl_register_pool(ZFS_IOC_POOL_STATS, zfs_ioc_pool_stats,
7135 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
7136 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_PROPS, zfs_ioc_pool_get_props,
7137 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
7138
7139 zfs_ioctl_register_pool(ZFS_IOC_ERROR_LOG, zfs_ioc_error_log,
7140 zfs_secpolicy_inject, B_FALSE, POOL_CHECK_SUSPENDED);
7141 zfs_ioctl_register_pool(ZFS_IOC_DSOBJ_TO_DSNAME,
7142 zfs_ioc_dsobj_to_dsname,
7143 zfs_secpolicy_diff, B_FALSE, POOL_CHECK_SUSPENDED);
7144 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_HISTORY,
7145 zfs_ioc_pool_get_history,
7146 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
7147
7148 zfs_ioctl_register_pool(ZFS_IOC_POOL_IMPORT, zfs_ioc_pool_import,
7149 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
7150
7151 zfs_ioctl_register_pool(ZFS_IOC_CLEAR, zfs_ioc_clear,
7152 zfs_secpolicy_config, B_TRUE, POOL_CHECK_READONLY);
7153
7154 zfs_ioctl_register_dataset_read(ZFS_IOC_SPACE_WRITTEN,
7155 zfs_ioc_space_written);
7156 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_RECVD_PROPS,
7157 zfs_ioc_objset_recvd_props);
7158 zfs_ioctl_register_dataset_read(ZFS_IOC_NEXT_OBJ,
7159 zfs_ioc_next_obj);
7160 zfs_ioctl_register_dataset_read(ZFS_IOC_GET_FSACL,
7161 zfs_ioc_get_fsacl);
7162 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_STATS,
7163 zfs_ioc_objset_stats);
7164 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_ZPLPROPS,
7165 zfs_ioc_objset_zplprops);
7166 zfs_ioctl_register_dataset_read(ZFS_IOC_DATASET_LIST_NEXT,
7167 zfs_ioc_dataset_list_next);
7168 zfs_ioctl_register_dataset_read(ZFS_IOC_SNAPSHOT_LIST_NEXT,
7169 zfs_ioc_snapshot_list_next);
7170 zfs_ioctl_register_dataset_read(ZFS_IOC_SEND_PROGRESS,
7171 zfs_ioc_send_progress);
7172
7173 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_DIFF,
7174 zfs_ioc_diff, zfs_secpolicy_diff);
7175 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_STATS,
7176 zfs_ioc_obj_to_stats, zfs_secpolicy_diff);
7177 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_PATH,
7178 zfs_ioc_obj_to_path, zfs_secpolicy_diff);
7179 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_ONE,
7180 zfs_ioc_userspace_one, zfs_secpolicy_userspace_one);
7181 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_MANY,
7182 zfs_ioc_userspace_many, zfs_secpolicy_userspace_many);
7183 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_SEND,
7184 zfs_ioc_send, zfs_secpolicy_send);
7185
7186 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_PROP, zfs_ioc_set_prop,
7187 zfs_secpolicy_none);
7188 zfs_ioctl_register_dataset_modify(ZFS_IOC_DESTROY, zfs_ioc_destroy,
7189 zfs_secpolicy_destroy);
7190 zfs_ioctl_register_dataset_modify(ZFS_IOC_RENAME, zfs_ioc_rename,
7191 zfs_secpolicy_rename);
7192 zfs_ioctl_register_dataset_modify(ZFS_IOC_RECV, zfs_ioc_recv,
7193 zfs_secpolicy_recv);
7194 zfs_ioctl_register_dataset_modify(ZFS_IOC_PROMOTE, zfs_ioc_promote,
7195 zfs_secpolicy_promote);
7196 zfs_ioctl_register_dataset_modify(ZFS_IOC_INHERIT_PROP,
7197 zfs_ioc_inherit_prop, zfs_secpolicy_inherit_prop);
7198 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_FSACL, zfs_ioc_set_fsacl,
7199 zfs_secpolicy_set_fsacl);
7200
7201 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SHARE, zfs_ioc_share,
7202 zfs_secpolicy_share, POOL_CHECK_NONE);
7203 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SMB_ACL, zfs_ioc_smb_acl,
7204 zfs_secpolicy_smb_acl, POOL_CHECK_NONE);
7205 zfs_ioctl_register_dataset_nolog(ZFS_IOC_USERSPACE_UPGRADE,
7206 zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade,
7207 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
7208 zfs_ioctl_register_dataset_nolog(ZFS_IOC_TMP_SNAPSHOT,
7209 zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot,
7210 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
7211
7212 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_NEXT, zfs_ioc_events_next,
7213 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
7214 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_CLEAR, zfs_ioc_events_clear,
7215 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
7216 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_SEEK, zfs_ioc_events_seek,
7217 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
7218
7219 zfs_ioctl_init_os();
7220 }
7221
7222 /*
7223 * Verify that for non-legacy ioctls the input nvlist
7224 * pairs match against the expected input.
7225 *
7226 * Possible errors are:
7227 * ZFS_ERR_IOC_ARG_UNAVAIL An unrecognized nvpair was encountered
7228 * ZFS_ERR_IOC_ARG_REQUIRED A required nvpair is missing
7229 * ZFS_ERR_IOC_ARG_BADTYPE Invalid type for nvpair
7230 */
7231 static int
zfs_check_input_nvpairs(nvlist_t * innvl,const zfs_ioc_vec_t * vec)7232 zfs_check_input_nvpairs(nvlist_t *innvl, const zfs_ioc_vec_t *vec)
7233 {
7234 const zfs_ioc_key_t *nvl_keys = vec->zvec_nvl_keys;
7235 boolean_t required_keys_found = B_FALSE;
7236
7237 /*
7238 * examine each input pair
7239 */
7240 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL);
7241 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
7242 char *name = nvpair_name(pair);
7243 data_type_t type = nvpair_type(pair);
7244 boolean_t identified = B_FALSE;
7245
7246 /*
7247 * check pair against the documented names and type
7248 */
7249 for (int k = 0; k < vec->zvec_nvl_key_count; k++) {
7250 /* if not a wild card name, check for an exact match */
7251 if ((nvl_keys[k].zkey_flags & ZK_WILDCARDLIST) == 0 &&
7252 strcmp(nvl_keys[k].zkey_name, name) != 0)
7253 continue;
7254
7255 identified = B_TRUE;
7256
7257 if (nvl_keys[k].zkey_type != DATA_TYPE_ANY &&
7258 nvl_keys[k].zkey_type != type) {
7259 return (SET_ERROR(ZFS_ERR_IOC_ARG_BADTYPE));
7260 }
7261
7262 if (nvl_keys[k].zkey_flags & ZK_OPTIONAL)
7263 continue;
7264
7265 required_keys_found = B_TRUE;
7266 break;
7267 }
7268
7269 /* allow an 'optional' key, everything else is invalid */
7270 if (!identified &&
7271 (strcmp(name, "optional") != 0 ||
7272 type != DATA_TYPE_NVLIST)) {
7273 return (SET_ERROR(ZFS_ERR_IOC_ARG_UNAVAIL));
7274 }
7275 }
7276
7277 /* verify that all required keys were found */
7278 for (int k = 0; k < vec->zvec_nvl_key_count; k++) {
7279 if (nvl_keys[k].zkey_flags & ZK_OPTIONAL)
7280 continue;
7281
7282 if (nvl_keys[k].zkey_flags & ZK_WILDCARDLIST) {
7283 /* at least one non-optional key is expected here */
7284 if (!required_keys_found)
7285 return (SET_ERROR(ZFS_ERR_IOC_ARG_REQUIRED));
7286 continue;
7287 }
7288
7289 if (!nvlist_exists(innvl, nvl_keys[k].zkey_name))
7290 return (SET_ERROR(ZFS_ERR_IOC_ARG_REQUIRED));
7291 }
7292
7293 return (0);
7294 }
7295
7296 static int
pool_status_check(const char * name,zfs_ioc_namecheck_t type,zfs_ioc_poolcheck_t check)7297 pool_status_check(const char *name, zfs_ioc_namecheck_t type,
7298 zfs_ioc_poolcheck_t check)
7299 {
7300 spa_t *spa;
7301 int error;
7302
7303 ASSERT(type == POOL_NAME || type == DATASET_NAME ||
7304 type == ENTITY_NAME);
7305
7306 if (check & POOL_CHECK_NONE)
7307 return (0);
7308
7309 error = spa_open(name, &spa, FTAG);
7310 if (error == 0) {
7311 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa))
7312 error = SET_ERROR(EAGAIN);
7313 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa))
7314 error = SET_ERROR(EROFS);
7315 spa_close(spa, FTAG);
7316 }
7317 return (error);
7318 }
7319
7320 int
zfsdev_getminor(int fd,minor_t * minorp)7321 zfsdev_getminor(int fd, minor_t *minorp)
7322 {
7323 zfsdev_state_t *zs, *fpd;
7324 zfs_file_t *fp;
7325 int rc;
7326
7327 ASSERT(!MUTEX_HELD(&zfsdev_state_lock));
7328
7329 if ((rc = zfs_file_get(fd, &fp)))
7330 return (rc);
7331
7332 fpd = zfs_file_private(fp);
7333 if (fpd == NULL)
7334 return (SET_ERROR(EBADF));
7335
7336 mutex_enter(&zfsdev_state_lock);
7337
7338 for (zs = zfsdev_state_list; zs != NULL; zs = zs->zs_next) {
7339
7340 if (zs->zs_minor == -1)
7341 continue;
7342
7343 if (fpd == zs) {
7344 *minorp = fpd->zs_minor;
7345 mutex_exit(&zfsdev_state_lock);
7346 return (0);
7347 }
7348 }
7349
7350 mutex_exit(&zfsdev_state_lock);
7351
7352 return (SET_ERROR(EBADF));
7353 }
7354
7355 static void *
zfsdev_get_state_impl(minor_t minor,enum zfsdev_state_type which)7356 zfsdev_get_state_impl(minor_t minor, enum zfsdev_state_type which)
7357 {
7358 zfsdev_state_t *zs;
7359
7360 for (zs = zfsdev_state_list; zs != NULL; zs = zs->zs_next) {
7361 if (zs->zs_minor == minor) {
7362 smp_rmb();
7363 switch (which) {
7364 case ZST_ONEXIT:
7365 return (zs->zs_onexit);
7366 case ZST_ZEVENT:
7367 return (zs->zs_zevent);
7368 case ZST_ALL:
7369 return (zs);
7370 }
7371 }
7372 }
7373
7374 return (NULL);
7375 }
7376
7377 void *
zfsdev_get_state(minor_t minor,enum zfsdev_state_type which)7378 zfsdev_get_state(minor_t minor, enum zfsdev_state_type which)
7379 {
7380 void *ptr;
7381
7382 ptr = zfsdev_get_state_impl(minor, which);
7383
7384 return (ptr);
7385 }
7386
7387 /*
7388 * Find a free minor number. The zfsdev_state_list is expected to
7389 * be short since it is only a list of currently open file handles.
7390 */
7391 minor_t
zfsdev_minor_alloc(void)7392 zfsdev_minor_alloc(void)
7393 {
7394 static minor_t last_minor = 0;
7395 minor_t m;
7396
7397 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
7398
7399 for (m = last_minor + 1; m != last_minor; m++) {
7400 if (m > ZFSDEV_MAX_MINOR)
7401 m = 1;
7402 if (zfsdev_get_state_impl(m, ZST_ALL) == NULL) {
7403 last_minor = m;
7404 return (m);
7405 }
7406 }
7407
7408 return (0);
7409 }
7410
7411 long
zfsdev_ioctl_common(uint_t vecnum,zfs_cmd_t * zc,int flag)7412 zfsdev_ioctl_common(uint_t vecnum, zfs_cmd_t *zc, int flag)
7413 {
7414 int error, cmd;
7415 const zfs_ioc_vec_t *vec;
7416 char *saved_poolname = NULL;
7417 uint64_t max_nvlist_src_size;
7418 size_t saved_poolname_len = 0;
7419 nvlist_t *innvl = NULL;
7420 fstrans_cookie_t cookie;
7421
7422 cmd = vecnum;
7423 error = 0;
7424 if (vecnum >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0]))
7425 return (SET_ERROR(ZFS_ERR_IOC_CMD_UNAVAIL));
7426
7427 vec = &zfs_ioc_vec[vecnum];
7428
7429 /*
7430 * The registered ioctl list may be sparse, verify that either
7431 * a normal or legacy handler are registered.
7432 */
7433 if (vec->zvec_func == NULL && vec->zvec_legacy_func == NULL)
7434 return (SET_ERROR(ZFS_ERR_IOC_CMD_UNAVAIL));
7435
7436 zc->zc_iflags = flag & FKIOCTL;
7437 max_nvlist_src_size = zfs_max_nvlist_src_size_os();
7438 if (zc->zc_nvlist_src_size > max_nvlist_src_size) {
7439 /*
7440 * Make sure the user doesn't pass in an insane value for
7441 * zc_nvlist_src_size. We have to check, since we will end
7442 * up allocating that much memory inside of get_nvlist(). This
7443 * prevents a nefarious user from allocating tons of kernel
7444 * memory.
7445 *
7446 * Also, we return EINVAL instead of ENOMEM here. The reason
7447 * being that returning ENOMEM from an ioctl() has a special
7448 * connotation; that the user's size value is too small and
7449 * needs to be expanded to hold the nvlist. See
7450 * zcmd_expand_dst_nvlist() for details.
7451 */
7452 error = SET_ERROR(EINVAL); /* User's size too big */
7453
7454 } else if (zc->zc_nvlist_src_size != 0) {
7455 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
7456 zc->zc_iflags, &innvl);
7457 if (error != 0)
7458 goto out;
7459 }
7460
7461 /*
7462 * Ensure that all pool/dataset names are valid before we pass down to
7463 * the lower layers.
7464 */
7465 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
7466 switch (vec->zvec_namecheck) {
7467 case POOL_NAME:
7468 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0)
7469 error = SET_ERROR(EINVAL);
7470 else
7471 error = pool_status_check(zc->zc_name,
7472 vec->zvec_namecheck, vec->zvec_pool_check);
7473 break;
7474
7475 case DATASET_NAME:
7476 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0)
7477 error = SET_ERROR(EINVAL);
7478 else
7479 error = pool_status_check(zc->zc_name,
7480 vec->zvec_namecheck, vec->zvec_pool_check);
7481 break;
7482
7483 case ENTITY_NAME:
7484 if (entity_namecheck(zc->zc_name, NULL, NULL) != 0) {
7485 error = SET_ERROR(EINVAL);
7486 } else {
7487 error = pool_status_check(zc->zc_name,
7488 vec->zvec_namecheck, vec->zvec_pool_check);
7489 }
7490 break;
7491
7492 case NO_NAME:
7493 break;
7494 }
7495 /*
7496 * Ensure that all input pairs are valid before we pass them down
7497 * to the lower layers.
7498 *
7499 * The vectored functions can use fnvlist_lookup_{type} for any
7500 * required pairs since zfs_check_input_nvpairs() confirmed that
7501 * they exist and are of the correct type.
7502 */
7503 if (error == 0 && vec->zvec_func != NULL) {
7504 error = zfs_check_input_nvpairs(innvl, vec);
7505 if (error != 0)
7506 goto out;
7507 }
7508
7509 if (error == 0) {
7510 cookie = spl_fstrans_mark();
7511 error = vec->zvec_secpolicy(zc, innvl, CRED());
7512 spl_fstrans_unmark(cookie);
7513 }
7514
7515 if (error != 0)
7516 goto out;
7517
7518 /* legacy ioctls can modify zc_name */
7519 /*
7520 * Can't use kmem_strdup() as we might truncate the string and
7521 * kmem_strfree() would then free with incorrect size.
7522 */
7523 saved_poolname_len = strlen(zc->zc_name) + 1;
7524 saved_poolname = kmem_alloc(saved_poolname_len, KM_SLEEP);
7525
7526 strlcpy(saved_poolname, zc->zc_name, saved_poolname_len);
7527 saved_poolname[strcspn(saved_poolname, "/@#")] = '\0';
7528
7529 if (vec->zvec_func != NULL) {
7530 nvlist_t *outnvl;
7531 int puterror = 0;
7532 spa_t *spa;
7533 nvlist_t *lognv = NULL;
7534
7535 ASSERT(vec->zvec_legacy_func == NULL);
7536
7537 /*
7538 * Add the innvl to the lognv before calling the func,
7539 * in case the func changes the innvl.
7540 */
7541 if (vec->zvec_allow_log) {
7542 lognv = fnvlist_alloc();
7543 fnvlist_add_string(lognv, ZPOOL_HIST_IOCTL,
7544 vec->zvec_name);
7545 if (!nvlist_empty(innvl)) {
7546 fnvlist_add_nvlist(lognv, ZPOOL_HIST_INPUT_NVL,
7547 innvl);
7548 }
7549 }
7550
7551 outnvl = fnvlist_alloc();
7552 cookie = spl_fstrans_mark();
7553 error = vec->zvec_func(zc->zc_name, innvl, outnvl);
7554 spl_fstrans_unmark(cookie);
7555
7556 /*
7557 * Some commands can partially execute, modify state, and still
7558 * return an error. In these cases, attempt to record what
7559 * was modified.
7560 */
7561 if ((error == 0 ||
7562 (cmd == ZFS_IOC_CHANNEL_PROGRAM && error != EINVAL)) &&
7563 vec->zvec_allow_log &&
7564 spa_open(zc->zc_name, &spa, FTAG) == 0) {
7565 if (!nvlist_empty(outnvl)) {
7566 size_t out_size = fnvlist_size(outnvl);
7567 if (out_size > zfs_history_output_max) {
7568 fnvlist_add_int64(lognv,
7569 ZPOOL_HIST_OUTPUT_SIZE, out_size);
7570 } else {
7571 fnvlist_add_nvlist(lognv,
7572 ZPOOL_HIST_OUTPUT_NVL, outnvl);
7573 }
7574 }
7575 if (error != 0) {
7576 fnvlist_add_int64(lognv, ZPOOL_HIST_ERRNO,
7577 error);
7578 }
7579 (void) spa_history_log_nvl(spa, lognv);
7580 spa_close(spa, FTAG);
7581 }
7582 fnvlist_free(lognv);
7583
7584 if (!nvlist_empty(outnvl) || zc->zc_nvlist_dst_size != 0) {
7585 int smusherror = 0;
7586 if (vec->zvec_smush_outnvlist) {
7587 smusherror = nvlist_smush(outnvl,
7588 zc->zc_nvlist_dst_size);
7589 }
7590 if (smusherror == 0)
7591 puterror = put_nvlist(zc, outnvl);
7592 }
7593
7594 if (puterror != 0)
7595 error = puterror;
7596
7597 nvlist_free(outnvl);
7598 } else {
7599 cookie = spl_fstrans_mark();
7600 error = vec->zvec_legacy_func(zc);
7601 spl_fstrans_unmark(cookie);
7602 }
7603
7604 out:
7605 nvlist_free(innvl);
7606 if (error == 0 && vec->zvec_allow_log) {
7607 char *s = tsd_get(zfs_allow_log_key);
7608 if (s != NULL)
7609 kmem_strfree(s);
7610 (void) tsd_set(zfs_allow_log_key, kmem_strdup(saved_poolname));
7611 }
7612 if (saved_poolname != NULL)
7613 kmem_free(saved_poolname, saved_poolname_len);
7614
7615 return (error);
7616 }
7617
7618 int
zfs_kmod_init(void)7619 zfs_kmod_init(void)
7620 {
7621 int error;
7622
7623 if ((error = zvol_init()) != 0)
7624 return (error);
7625
7626 spa_init(SPA_MODE_READ | SPA_MODE_WRITE);
7627 zfs_init();
7628
7629 zfs_ioctl_init();
7630
7631 mutex_init(&zfsdev_state_lock, NULL, MUTEX_DEFAULT, NULL);
7632 zfsdev_state_list = kmem_zalloc(sizeof (zfsdev_state_t), KM_SLEEP);
7633 zfsdev_state_list->zs_minor = -1;
7634
7635 if ((error = zfsdev_attach()) != 0)
7636 goto out;
7637
7638 tsd_create(&zfs_fsyncer_key, NULL);
7639 tsd_create(&rrw_tsd_key, rrw_tsd_destroy);
7640 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy);
7641
7642 return (0);
7643 out:
7644 zfs_fini();
7645 spa_fini();
7646 zvol_fini();
7647
7648 return (error);
7649 }
7650
7651 void
zfs_kmod_fini(void)7652 zfs_kmod_fini(void)
7653 {
7654 zfsdev_state_t *zs, *zsnext = NULL;
7655
7656 zfsdev_detach();
7657
7658 mutex_destroy(&zfsdev_state_lock);
7659
7660 for (zs = zfsdev_state_list; zs != NULL; zs = zsnext) {
7661 zsnext = zs->zs_next;
7662 if (zs->zs_onexit)
7663 zfs_onexit_destroy(zs->zs_onexit);
7664 if (zs->zs_zevent)
7665 zfs_zevent_destroy(zs->zs_zevent);
7666 kmem_free(zs, sizeof (zfsdev_state_t));
7667 }
7668
7669 zfs_ereport_taskq_fini(); /* run before zfs_fini() on Linux */
7670 zfs_fini();
7671 spa_fini();
7672 zvol_fini();
7673
7674 tsd_destroy(&zfs_fsyncer_key);
7675 tsd_destroy(&rrw_tsd_key);
7676 tsd_destroy(&zfs_allow_log_key);
7677 }
7678
7679 /* BEGIN CSTYLED */
7680 ZFS_MODULE_PARAM(zfs, zfs_, max_nvlist_src_size, ULONG, ZMOD_RW,
7681 "Maximum size in bytes allowed for src nvlist passed with ZFS ioctls");
7682
7683 ZFS_MODULE_PARAM(zfs, zfs_, history_output_max, ULONG, ZMOD_RW,
7684 "Maximum size in bytes of ZFS ioctl output that will be logged");
7685 /* END CSTYLED */
7686