4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
22 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Portions Copyright 2011 Martin Matuska
24 * Portions Copyright 2012 Pawel Jakub Dawidek <pawel@dawidek.net>
25 * Copyright (c) 2012, Joyent, Inc. All rights reserved.
26 * Copyright 2011 Nexenta Systems, Inc. All rights reserved.
27 * Copyright (c) 2012 by Delphix. All rights reserved.
28 * Copyright (c) 2012, Joyent, Inc. All rights reserved.
31 #include <sys/types.h>
32 #include <sys/param.h>
33 #include <sys/errno.h>
36 #include <sys/modctl.h>
41 #include <sys/cmn_err.h>
43 #include <sys/zfs_ioctl.h>
44 #include <sys/zfs_vfsops.h>
45 #include <sys/zfs_znode.h>
48 #include <sys/spa_impl.h>
50 #include <sys/priv_impl.h>
52 #include <sys/dsl_dir.h>
53 #include <sys/dsl_dataset.h>
54 #include <sys/dsl_prop.h>
55 #include <sys/dsl_deleg.h>
56 #include <sys/dmu_objset.h>
57 #include <sys/dmu_impl.h>
59 #include <sys/sunddi.h>
60 #include <sys/sunldi.h>
61 #include <sys/policy.h>
63 #include <sys/nvpair.h>
64 #include <sys/pathname.h>
65 #include <sys/mount.h>
67 #include <sys/fs/zfs.h>
68 #include <sys/zfs_ctldir.h>
69 #include <sys/zfs_dir.h>
70 #include <sys/zfs_onexit.h>
72 #include <sys/dsl_scan.h>
73 #include <sharefs/share.h>
74 #include <sys/dmu_objset.h>
75 #include <sys/fm/util.h>
77 #include <linux/miscdevice.h>
79 #include "zfs_namecheck.h"
81 #include "zfs_deleg.h"
82 #include "zfs_comutil.h"
84 kmutex_t zfsdev_state_lock;
85 list_t zfsdev_state_list;
87 extern void zfs_init(void);
88 extern void zfs_fini(void);
90 typedef int zfs_ioc_func_t(zfs_cmd_t *);
91 typedef int zfs_secpolicy_func_t(zfs_cmd_t *, cred_t *);
97 } zfs_ioc_namecheck_t;
100 POOL_CHECK_NONE = 1 << 0,
101 POOL_CHECK_SUSPENDED = 1 << 1,
102 POOL_CHECK_READONLY = 1 << 2
103 } zfs_ioc_poolcheck_t;
105 typedef struct zfs_ioc_vec {
106 zfs_ioc_func_t *zvec_func;
107 zfs_secpolicy_func_t *zvec_secpolicy;
108 zfs_ioc_namecheck_t zvec_namecheck;
109 boolean_t zvec_his_log;
110 zfs_ioc_poolcheck_t zvec_pool_check;
113 /* This array is indexed by zfs_userquota_prop_t */
114 static const char *userquota_perms[] = {
115 ZFS_DELEG_PERM_USERUSED,
116 ZFS_DELEG_PERM_USERQUOTA,
117 ZFS_DELEG_PERM_GROUPUSED,
118 ZFS_DELEG_PERM_GROUPQUOTA,
121 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc);
122 static int zfs_check_settable(const char *name, nvpair_t *property,
124 static int zfs_check_clearable(char *dataset, nvlist_t *props,
126 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *,
128 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t **);
131 history_str_free(char *buf)
133 kmem_free(buf, HIS_MAX_RECORD_LEN);
137 history_str_get(zfs_cmd_t *zc)
141 if (zc->zc_history == 0)
144 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP | KM_NODEBUG);
145 if (copyinstr((void *)(uintptr_t)zc->zc_history,
146 buf, HIS_MAX_RECORD_LEN, NULL) != 0) {
147 history_str_free(buf);
151 buf[HIS_MAX_RECORD_LEN -1] = '\0';
157 * Check to see if the named dataset is currently defined as bootable
160 zfs_is_bootfs(const char *name)
164 if (dmu_objset_hold(name, FTAG, &os) == 0) {
166 ret = (dmu_objset_id(os) == spa_bootfs(dmu_objset_spa(os)));
167 dmu_objset_rele(os, FTAG);
174 * zfs_earlier_version
176 * Return non-zero if the spa version is less than requested version.
179 zfs_earlier_version(const char *name, int version)
183 if (spa_open(name, &spa, FTAG) == 0) {
184 if (spa_version(spa) < version) {
185 spa_close(spa, FTAG);
188 spa_close(spa, FTAG);
194 * zpl_earlier_version
196 * Return TRUE if the ZPL version is less than requested version.
199 zpl_earlier_version(const char *name, int version)
202 boolean_t rc = B_TRUE;
204 if (dmu_objset_hold(name, FTAG, &os) == 0) {
207 if (dmu_objset_type(os) != DMU_OST_ZFS) {
208 dmu_objset_rele(os, FTAG);
211 /* XXX reading from non-owned objset */
212 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0)
213 rc = zplversion < version;
214 dmu_objset_rele(os, FTAG);
220 zfs_log_history(zfs_cmd_t *zc)
225 if ((buf = history_str_get(zc)) == NULL)
228 if (spa_open(zc->zc_name, &spa, FTAG) == 0) {
229 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY)
230 (void) spa_history_log(spa, buf, LOG_CMD_NORMAL);
231 spa_close(spa, FTAG);
233 history_str_free(buf);
237 * Policy for top-level read operations (list pools). Requires no privileges,
238 * and can be used in the local zone, as there is no associated dataset.
242 zfs_secpolicy_none(zfs_cmd_t *zc, cred_t *cr)
248 * Policy for dataset read operations (list children, get statistics). Requires
249 * no privileges, but must be visible in the local zone.
253 zfs_secpolicy_read(zfs_cmd_t *zc, cred_t *cr)
255 if (INGLOBALZONE(curproc) ||
256 zone_dataset_visible(zc->zc_name, NULL))
263 zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr)
268 * The dataset must be visible by this zone -- check this first
269 * so they don't see EPERM on something they shouldn't know about.
271 if (!INGLOBALZONE(curproc) &&
272 !zone_dataset_visible(dataset, &writable))
275 if (INGLOBALZONE(curproc)) {
277 * If the fs is zoned, only root can access it from the
280 if (secpolicy_zfs(cr) && zoned)
284 * If we are in a local zone, the 'zoned' property must be set.
289 /* must be writable by this zone */
297 zfs_dozonecheck(const char *dataset, cred_t *cr)
301 if (dsl_prop_get_integer(dataset, "zoned", &zoned, NULL))
304 return (zfs_dozonecheck_impl(dataset, zoned, cr));
308 zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr)
312 rw_enter(&ds->ds_dir->dd_pool->dp_config_rwlock, RW_READER);
313 if (dsl_prop_get_ds(ds, "zoned", 8, 1, &zoned, NULL)) {
314 rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock);
317 rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock);
319 return (zfs_dozonecheck_impl(dataset, zoned, cr));
323 * If name ends in a '@', then require recursive permissions.
326 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
329 boolean_t descendent = B_FALSE;
333 at = strchr(name, '@');
334 if (at != NULL && at[1] == '\0') {
339 error = dsl_dataset_hold(name, FTAG, &ds);
345 error = zfs_dozonecheck_ds(name, ds, cr);
347 error = secpolicy_zfs(cr);
349 error = dsl_deleg_access_impl(ds, descendent, perm, cr);
352 dsl_dataset_rele(ds, FTAG);
357 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds,
358 const char *perm, cred_t *cr)
362 error = zfs_dozonecheck_ds(name, ds, cr);
364 error = secpolicy_zfs(cr);
366 error = dsl_deleg_access_impl(ds, B_FALSE, perm, cr);
372 * Policy for setting the security label property.
374 * Returns 0 for success, non-zero for access and other errors.
377 zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr)
380 char ds_hexsl[MAXNAMELEN];
381 bslabel_t ds_sl, new_sl;
382 boolean_t new_default = FALSE;
384 int needed_priv = -1;
387 /* First get the existing dataset label. */
388 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL),
389 1, sizeof (ds_hexsl), &ds_hexsl, NULL);
393 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0)
396 /* The label must be translatable */
397 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0))
401 * In a non-global zone, disallow attempts to set a label that
402 * doesn't match that of the zone; otherwise no other checks
405 if (!INGLOBALZONE(curproc)) {
406 if (new_default || !blequal(&new_sl, CR_SL(CRED())))
412 * For global-zone datasets (i.e., those whose zoned property is
413 * "off", verify that the specified new label is valid for the
416 if (dsl_prop_get_integer(name,
417 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL))
420 if (zfs_check_global_label(name, strval) != 0)
425 * If the existing dataset label is nondefault, check if the
426 * dataset is mounted (label cannot be changed while mounted).
427 * Get the zfs_sb_t; if there isn't one, then the dataset isn't
428 * mounted (or isn't a dataset, doesn't exist, ...).
430 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) {
432 static char *setsl_tag = "setsl_tag";
435 * Try to own the dataset; abort if there is any error,
436 * (e.g., already mounted, in use, or other error).
438 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE,
443 dmu_objset_disown(os, setsl_tag);
446 needed_priv = PRIV_FILE_DOWNGRADE_SL;
450 if (hexstr_to_label(strval, &new_sl) != 0)
453 if (blstrictdom(&ds_sl, &new_sl))
454 needed_priv = PRIV_FILE_DOWNGRADE_SL;
455 else if (blstrictdom(&new_sl, &ds_sl))
456 needed_priv = PRIV_FILE_UPGRADE_SL;
458 /* dataset currently has a default label */
460 needed_priv = PRIV_FILE_UPGRADE_SL;
464 if (needed_priv != -1)
465 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL));
469 #endif /* HAVE_MLSLABEL */
473 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval,
479 * Check permissions for special properties.
486 * Disallow setting of 'zoned' from within a local zone.
488 if (!INGLOBALZONE(curproc))
493 if (!INGLOBALZONE(curproc)) {
495 char setpoint[MAXNAMELEN];
497 * Unprivileged users are allowed to modify the
498 * quota on things *under* (ie. contained by)
499 * the thing they own.
501 if (dsl_prop_get_integer(dsname, "zoned", &zoned,
504 if (!zoned || strlen(dsname) <= strlen(setpoint))
509 case ZFS_PROP_MLSLABEL:
510 if (!is_system_labeled())
513 if (nvpair_value_string(propval, &strval) == 0) {
516 err = zfs_set_slabel_policy(dsname, strval, CRED());
523 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr));
527 zfs_secpolicy_fsacl(zfs_cmd_t *zc, cred_t *cr)
531 error = zfs_dozonecheck(zc->zc_name, cr);
536 * permission to set permissions will be evaluated later in
537 * dsl_deleg_can_allow()
543 zfs_secpolicy_rollback(zfs_cmd_t *zc, cred_t *cr)
545 return (zfs_secpolicy_write_perms(zc->zc_name,
546 ZFS_DELEG_PERM_ROLLBACK, cr));
550 zfs_secpolicy_send(zfs_cmd_t *zc, cred_t *cr)
559 * Generate the current snapshot name from the given objsetid, then
560 * use that name for the secpolicy/zone checks.
562 cp = strchr(zc->zc_name, '@');
565 error = spa_open(zc->zc_name, &spa, FTAG);
569 dp = spa_get_dsl(spa);
570 rw_enter(&dp->dp_config_rwlock, RW_READER);
571 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
572 rw_exit(&dp->dp_config_rwlock);
573 spa_close(spa, FTAG);
577 dsl_dataset_name(ds, zc->zc_name);
579 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds,
580 ZFS_DELEG_PERM_SEND, cr);
581 dsl_dataset_rele(ds, FTAG);
586 #ifdef HAVE_SMB_SHARE
588 zfs_secpolicy_deleg_share(zfs_cmd_t *zc, cred_t *cr)
593 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
594 NO_FOLLOW, NULL, &vp)) != 0)
597 /* Now make sure mntpnt and dataset are ZFS */
599 if (vp->v_vfsp->vfs_fstype != zfsfstype ||
600 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
601 zc->zc_name) != 0)) {
607 return (dsl_deleg_access(zc->zc_name,
608 ZFS_DELEG_PERM_SHARE, cr));
610 #endif /* HAVE_SMB_SHARE */
613 zfs_secpolicy_share(zfs_cmd_t *zc, cred_t *cr)
615 #ifdef HAVE_SMB_SHARE
616 if (!INGLOBALZONE(curproc))
619 if (secpolicy_nfs(cr) == 0) {
622 return (zfs_secpolicy_deleg_share(zc, cr));
626 #endif /* HAVE_SMB_SHARE */
630 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, cred_t *cr)
632 #ifdef HAVE_SMB_SHARE
633 if (!INGLOBALZONE(curproc))
636 if (secpolicy_smb(cr) == 0) {
639 return (zfs_secpolicy_deleg_share(zc, cr));
643 #endif /* HAVE_SMB_SHARE */
647 zfs_get_parent(const char *datasetname, char *parent, int parentsize)
652 * Remove the @bla or /bla from the end of the name to get the parent.
654 (void) strncpy(parent, datasetname, parentsize);
655 cp = strrchr(parent, '@');
659 cp = strrchr(parent, '/');
669 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr)
673 if ((error = zfs_secpolicy_write_perms(name,
674 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
677 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr));
681 zfs_secpolicy_destroy(zfs_cmd_t *zc, cred_t *cr)
683 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr));
687 * Destroying snapshots with delegated permissions requires
688 * descendent mount and destroy permissions.
691 zfs_secpolicy_destroy_recursive(zfs_cmd_t *zc, cred_t *cr)
696 dsname = kmem_asprintf("%s@", zc->zc_name);
698 error = zfs_secpolicy_destroy_perms(dsname, cr);
700 error = zfs_secpolicy_destroy_perms(zc->zc_name, cr);
707 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr)
709 char parentname[MAXNAMELEN];
712 if ((error = zfs_secpolicy_write_perms(from,
713 ZFS_DELEG_PERM_RENAME, cr)) != 0)
716 if ((error = zfs_secpolicy_write_perms(from,
717 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
720 if ((error = zfs_get_parent(to, parentname,
721 sizeof (parentname))) != 0)
724 if ((error = zfs_secpolicy_write_perms(parentname,
725 ZFS_DELEG_PERM_CREATE, cr)) != 0)
728 if ((error = zfs_secpolicy_write_perms(parentname,
729 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
736 zfs_secpolicy_rename(zfs_cmd_t *zc, cred_t *cr)
738 return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr));
742 zfs_secpolicy_promote(zfs_cmd_t *zc, cred_t *cr)
744 char parentname[MAXNAMELEN];
748 error = zfs_secpolicy_write_perms(zc->zc_name,
749 ZFS_DELEG_PERM_PROMOTE, cr);
753 error = dmu_objset_hold(zc->zc_name, FTAG, &clone);
756 dsl_dataset_t *pclone = NULL;
758 dd = clone->os_dsl_dataset->ds_dir;
760 rw_enter(&dd->dd_pool->dp_config_rwlock, RW_READER);
761 error = dsl_dataset_hold_obj(dd->dd_pool,
762 dd->dd_phys->dd_origin_obj, FTAG, &pclone);
763 rw_exit(&dd->dd_pool->dp_config_rwlock);
765 dmu_objset_rele(clone, FTAG);
769 error = zfs_secpolicy_write_perms(zc->zc_name,
770 ZFS_DELEG_PERM_MOUNT, cr);
772 dsl_dataset_name(pclone, parentname);
773 dmu_objset_rele(clone, FTAG);
774 dsl_dataset_rele(pclone, FTAG);
776 error = zfs_secpolicy_write_perms(parentname,
777 ZFS_DELEG_PERM_PROMOTE, cr);
783 zfs_secpolicy_receive(zfs_cmd_t *zc, cred_t *cr)
787 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
788 ZFS_DELEG_PERM_RECEIVE, cr)) != 0)
791 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
792 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
795 return (zfs_secpolicy_write_perms(zc->zc_name,
796 ZFS_DELEG_PERM_CREATE, cr));
800 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr)
802 return (zfs_secpolicy_write_perms(name,
803 ZFS_DELEG_PERM_SNAPSHOT, cr));
807 zfs_secpolicy_snapshot(zfs_cmd_t *zc, cred_t *cr)
810 return (zfs_secpolicy_snapshot_perms(zc->zc_name, cr));
814 zfs_secpolicy_create(zfs_cmd_t *zc, cred_t *cr)
816 char parentname[MAXNAMELEN];
819 if ((error = zfs_get_parent(zc->zc_name, parentname,
820 sizeof (parentname))) != 0)
823 if (zc->zc_value[0] != '\0') {
824 if ((error = zfs_secpolicy_write_perms(zc->zc_value,
825 ZFS_DELEG_PERM_CLONE, cr)) != 0)
829 if ((error = zfs_secpolicy_write_perms(parentname,
830 ZFS_DELEG_PERM_CREATE, cr)) != 0)
833 error = zfs_secpolicy_write_perms(parentname,
834 ZFS_DELEG_PERM_MOUNT, cr);
840 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires
841 * SYS_CONFIG privilege, which is not available in a local zone.
845 zfs_secpolicy_config(zfs_cmd_t *zc, cred_t *cr)
847 if (secpolicy_sys_config(cr, B_FALSE) != 0)
854 * Policy for object to name lookups.
858 zfs_secpolicy_diff(zfs_cmd_t *zc, cred_t *cr)
862 if ((error = secpolicy_sys_config(cr, B_FALSE)) == 0)
865 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr);
870 * Policy for fault injection. Requires all privileges.
874 zfs_secpolicy_inject(zfs_cmd_t *zc, cred_t *cr)
876 return (secpolicy_zinject(cr));
880 zfs_secpolicy_inherit(zfs_cmd_t *zc, cred_t *cr)
882 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value);
884 if (prop == ZPROP_INVAL) {
885 if (!zfs_prop_user(zc->zc_value))
887 return (zfs_secpolicy_write_perms(zc->zc_name,
888 ZFS_DELEG_PERM_USERPROP, cr));
890 return (zfs_secpolicy_setprop(zc->zc_name, prop,
896 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, cred_t *cr)
898 int err = zfs_secpolicy_read(zc, cr);
902 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
905 if (zc->zc_value[0] == 0) {
907 * They are asking about a posix uid/gid. If it's
908 * themself, allow it.
910 if (zc->zc_objset_type == ZFS_PROP_USERUSED ||
911 zc->zc_objset_type == ZFS_PROP_USERQUOTA) {
912 if (zc->zc_guid == crgetuid(cr))
915 if (groupmember(zc->zc_guid, cr))
920 return (zfs_secpolicy_write_perms(zc->zc_name,
921 userquota_perms[zc->zc_objset_type], cr));
925 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, cred_t *cr)
927 int err = zfs_secpolicy_read(zc, cr);
931 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
934 return (zfs_secpolicy_write_perms(zc->zc_name,
935 userquota_perms[zc->zc_objset_type], cr));
939 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, cred_t *cr)
941 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION,
946 zfs_secpolicy_hold(zfs_cmd_t *zc, cred_t *cr)
948 return (zfs_secpolicy_write_perms(zc->zc_name,
949 ZFS_DELEG_PERM_HOLD, cr));
953 zfs_secpolicy_release(zfs_cmd_t *zc, cred_t *cr)
955 return (zfs_secpolicy_write_perms(zc->zc_name,
956 ZFS_DELEG_PERM_RELEASE, cr));
960 * Policy for allowing temporary snapshots to be taken or released
963 zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, cred_t *cr)
966 * A temporary snapshot is the same as a snapshot,
967 * hold, destroy and release all rolled into one.
968 * Delegated diff alone is sufficient that we allow this.
972 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
973 ZFS_DELEG_PERM_DIFF, cr)) == 0)
976 error = zfs_secpolicy_snapshot(zc, cr);
978 error = zfs_secpolicy_hold(zc, cr);
980 error = zfs_secpolicy_release(zc, cr);
982 error = zfs_secpolicy_destroy(zc, cr);
987 * Returns the nvlist as specified by the user in the zfs_cmd_t.
990 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp)
994 nvlist_t *list = NULL;
997 * Read in and unpack the user-supplied nvlist.
1002 packed = kmem_alloc(size, KM_SLEEP | KM_NODEBUG);
1004 if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size,
1006 kmem_free(packed, size);
1010 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) {
1011 kmem_free(packed, size);
1015 kmem_free(packed, size);
1022 fit_error_list(zfs_cmd_t *zc, nvlist_t **errors)
1026 VERIFY(nvlist_size(*errors, &size, NV_ENCODE_NATIVE) == 0);
1028 if (size > zc->zc_nvlist_dst_size) {
1029 nvpair_t *more_errors;
1032 if (zc->zc_nvlist_dst_size < 1024)
1035 VERIFY(nvlist_add_int32(*errors, ZPROP_N_MORE_ERRORS, 0) == 0);
1036 more_errors = nvlist_prev_nvpair(*errors, NULL);
1039 nvpair_t *pair = nvlist_prev_nvpair(*errors,
1041 VERIFY(nvlist_remove_nvpair(*errors, pair) == 0);
1043 VERIFY(nvlist_size(*errors, &size,
1044 NV_ENCODE_NATIVE) == 0);
1045 } while (size > zc->zc_nvlist_dst_size);
1047 VERIFY(nvlist_remove_nvpair(*errors, more_errors) == 0);
1048 VERIFY(nvlist_add_int32(*errors, ZPROP_N_MORE_ERRORS, n) == 0);
1049 ASSERT(nvlist_size(*errors, &size, NV_ENCODE_NATIVE) == 0);
1050 ASSERT(size <= zc->zc_nvlist_dst_size);
1057 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl)
1059 char *packed = NULL;
1063 VERIFY(nvlist_size(nvl, &size, NV_ENCODE_NATIVE) == 0);
1065 if (size > zc->zc_nvlist_dst_size) {
1068 packed = kmem_alloc(size, KM_SLEEP | KM_NODEBUG);
1069 VERIFY(nvlist_pack(nvl, &packed, &size, NV_ENCODE_NATIVE,
1071 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst,
1072 size, zc->zc_iflags) != 0)
1074 kmem_free(packed, size);
1077 zc->zc_nvlist_dst_size = size;
1082 get_zfs_sb(const char *dsname, zfs_sb_t **zsbp)
1087 error = dmu_objset_hold(dsname, FTAG, &os);
1090 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1091 dmu_objset_rele(os, FTAG);
1095 mutex_enter(&os->os_user_ptr_lock);
1096 *zsbp = dmu_objset_get_user(os);
1097 if (*zsbp && (*zsbp)->z_sb) {
1098 atomic_inc(&((*zsbp)->z_sb->s_active));
1102 mutex_exit(&os->os_user_ptr_lock);
1103 dmu_objset_rele(os, FTAG);
1108 * Find a zfs_sb_t for a mounted filesystem, or create our own, in which
1109 * case its z_sb will be NULL, and it will be opened as the owner.
1112 zfs_sb_hold(const char *name, void *tag, zfs_sb_t **zsbp, boolean_t writer)
1116 if (get_zfs_sb(name, zsbp) != 0)
1117 error = zfs_sb_create(name, zsbp);
1119 rrw_enter(&(*zsbp)->z_teardown_lock, (writer) ? RW_WRITER :
1121 if ((*zsbp)->z_unmounted) {
1123 * XXX we could probably try again, since the unmounting
1124 * thread should be just about to disassociate the
1125 * objset from the zfsvfs.
1127 rrw_exit(&(*zsbp)->z_teardown_lock, tag);
1135 zfs_sb_rele(zfs_sb_t *zsb, void *tag)
1137 rrw_exit(&zsb->z_teardown_lock, tag);
1140 deactivate_super(zsb->z_sb);
1142 dmu_objset_disown(zsb->z_os, zsb);
1148 zfs_ioc_pool_create(zfs_cmd_t *zc)
1151 nvlist_t *config, *props = NULL;
1152 nvlist_t *rootprops = NULL;
1153 nvlist_t *zplprops = NULL;
1156 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1157 zc->zc_iflags, &config)))
1160 if (zc->zc_nvlist_src_size != 0 && (error =
1161 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1162 zc->zc_iflags, &props))) {
1163 nvlist_free(config);
1168 nvlist_t *nvl = NULL;
1169 uint64_t version = SPA_VERSION;
1171 (void) nvlist_lookup_uint64(props,
1172 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version);
1173 if (version < SPA_VERSION_INITIAL || version > SPA_VERSION) {
1175 goto pool_props_bad;
1177 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl);
1179 error = nvlist_dup(nvl, &rootprops, KM_SLEEP);
1181 nvlist_free(config);
1185 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS);
1187 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1188 error = zfs_fill_zplprops_root(version, rootprops,
1191 goto pool_props_bad;
1194 buf = history_str_get(zc);
1196 error = spa_create(zc->zc_name, config, props, buf, zplprops);
1199 * Set the remaining root properties
1201 if (!error && (error = zfs_set_prop_nvlist(zc->zc_name,
1202 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0)
1203 (void) spa_destroy(zc->zc_name);
1206 history_str_free(buf);
1209 nvlist_free(rootprops);
1210 nvlist_free(zplprops);
1211 nvlist_free(config);
1218 zfs_ioc_pool_destroy(zfs_cmd_t *zc)
1221 zfs_log_history(zc);
1222 error = spa_destroy(zc->zc_name);
1224 zvol_remove_minors(zc->zc_name);
1229 zfs_ioc_pool_import(zfs_cmd_t *zc)
1231 nvlist_t *config, *props = NULL;
1235 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1236 zc->zc_iflags, &config)) != 0)
1239 if (zc->zc_nvlist_src_size != 0 && (error =
1240 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1241 zc->zc_iflags, &props))) {
1242 nvlist_free(config);
1246 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 ||
1247 guid != zc->zc_guid)
1250 error = spa_import(zc->zc_name, config, props, zc->zc_cookie);
1252 if (zc->zc_nvlist_dst != 0) {
1255 if ((err = put_nvlist(zc, config)) != 0)
1260 zvol_create_minors(zc->zc_name);
1262 nvlist_free(config);
1271 zfs_ioc_pool_export(zfs_cmd_t *zc)
1274 boolean_t force = (boolean_t)zc->zc_cookie;
1275 boolean_t hardforce = (boolean_t)zc->zc_guid;
1277 zfs_log_history(zc);
1278 error = spa_export(zc->zc_name, NULL, force, hardforce);
1280 zvol_remove_minors(zc->zc_name);
1285 zfs_ioc_pool_configs(zfs_cmd_t *zc)
1290 if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL)
1293 error = put_nvlist(zc, configs);
1295 nvlist_free(configs);
1301 zfs_ioc_pool_stats(zfs_cmd_t *zc)
1307 error = spa_get_stats(zc->zc_name, &config, zc->zc_value,
1308 sizeof (zc->zc_value));
1310 if (config != NULL) {
1311 ret = put_nvlist(zc, config);
1312 nvlist_free(config);
1315 * The config may be present even if 'error' is non-zero.
1316 * In this case we return success, and preserve the real errno
1319 zc->zc_cookie = error;
1328 * Try to import the given pool, returning pool stats as appropriate so that
1329 * user land knows which devices are available and overall pool health.
1332 zfs_ioc_pool_tryimport(zfs_cmd_t *zc)
1334 nvlist_t *tryconfig, *config;
1337 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1338 zc->zc_iflags, &tryconfig)) != 0)
1341 config = spa_tryimport(tryconfig);
1343 nvlist_free(tryconfig);
1348 error = put_nvlist(zc, config);
1349 nvlist_free(config);
1356 * zc_name name of the pool
1357 * zc_cookie scan func (pool_scan_func_t)
1360 zfs_ioc_pool_scan(zfs_cmd_t *zc)
1365 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1368 if (zc->zc_cookie == POOL_SCAN_NONE)
1369 error = spa_scan_stop(spa);
1371 error = spa_scan(spa, zc->zc_cookie);
1373 spa_close(spa, FTAG);
1379 zfs_ioc_pool_freeze(zfs_cmd_t *zc)
1384 error = spa_open(zc->zc_name, &spa, FTAG);
1387 spa_close(spa, FTAG);
1393 zfs_ioc_pool_upgrade(zfs_cmd_t *zc)
1398 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1401 if (zc->zc_cookie < spa_version(spa) || zc->zc_cookie > SPA_VERSION) {
1402 spa_close(spa, FTAG);
1406 spa_upgrade(spa, zc->zc_cookie);
1407 spa_close(spa, FTAG);
1413 zfs_ioc_pool_get_history(zfs_cmd_t *zc)
1420 if ((size = zc->zc_history_len) == 0)
1423 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1426 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
1427 spa_close(spa, FTAG);
1431 hist_buf = vmem_alloc(size, KM_SLEEP);
1432 if ((error = spa_history_get(spa, &zc->zc_history_offset,
1433 &zc->zc_history_len, hist_buf)) == 0) {
1434 error = ddi_copyout(hist_buf,
1435 (void *)(uintptr_t)zc->zc_history,
1436 zc->zc_history_len, zc->zc_iflags);
1439 spa_close(spa, FTAG);
1440 vmem_free(hist_buf, size);
1445 zfs_ioc_pool_reguid(zfs_cmd_t *zc)
1450 error = spa_open(zc->zc_name, &spa, FTAG);
1452 error = spa_change_guid(spa);
1453 spa_close(spa, FTAG);
1459 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc)
1463 if ((error = dsl_dsobj_to_dsname(zc->zc_name,zc->zc_obj,zc->zc_value)))
1471 * zc_name name of filesystem
1472 * zc_obj object to find
1475 * zc_value name of object
1478 zfs_ioc_obj_to_path(zfs_cmd_t *zc)
1483 /* XXX reading from objset not owned */
1484 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0)
1486 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1487 dmu_objset_rele(os, FTAG);
1490 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value,
1491 sizeof (zc->zc_value));
1492 dmu_objset_rele(os, FTAG);
1499 * zc_name name of filesystem
1500 * zc_obj object to find
1503 * zc_stat stats on object
1504 * zc_value path to object
1507 zfs_ioc_obj_to_stats(zfs_cmd_t *zc)
1512 /* XXX reading from objset not owned */
1513 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0)
1515 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1516 dmu_objset_rele(os, FTAG);
1519 error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value,
1520 sizeof (zc->zc_value));
1521 dmu_objset_rele(os, FTAG);
1527 zfs_ioc_vdev_add(zfs_cmd_t *zc)
1531 nvlist_t *config, **l2cache, **spares;
1532 uint_t nl2cache = 0, nspares = 0;
1534 error = spa_open(zc->zc_name, &spa, FTAG);
1538 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1539 zc->zc_iflags, &config);
1540 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_L2CACHE,
1541 &l2cache, &nl2cache);
1543 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_SPARES,
1547 * A root pool with concatenated devices is not supported.
1548 * Thus, can not add a device to a root pool.
1550 * Intent log device can not be added to a rootpool because
1551 * during mountroot, zil is replayed, a seperated log device
1552 * can not be accessed during the mountroot time.
1554 * l2cache and spare devices are ok to be added to a rootpool.
1556 if (spa_bootfs(spa) != 0 && nl2cache == 0 && nspares == 0) {
1557 nvlist_free(config);
1558 spa_close(spa, FTAG);
1563 error = spa_vdev_add(spa, config);
1564 nvlist_free(config);
1566 spa_close(spa, FTAG);
1572 * zc_name name of the pool
1573 * zc_nvlist_conf nvlist of devices to remove
1574 * zc_cookie to stop the remove?
1577 zfs_ioc_vdev_remove(zfs_cmd_t *zc)
1582 error = spa_open(zc->zc_name, &spa, FTAG);
1585 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE);
1586 spa_close(spa, FTAG);
1591 zfs_ioc_vdev_set_state(zfs_cmd_t *zc)
1595 vdev_state_t newstate = VDEV_STATE_UNKNOWN;
1597 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1599 switch (zc->zc_cookie) {
1600 case VDEV_STATE_ONLINE:
1601 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate);
1604 case VDEV_STATE_OFFLINE:
1605 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj);
1608 case VDEV_STATE_FAULTED:
1609 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1610 zc->zc_obj != VDEV_AUX_EXTERNAL)
1611 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1613 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj);
1616 case VDEV_STATE_DEGRADED:
1617 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1618 zc->zc_obj != VDEV_AUX_EXTERNAL)
1619 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1621 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj);
1627 zc->zc_cookie = newstate;
1628 spa_close(spa, FTAG);
1633 zfs_ioc_vdev_attach(zfs_cmd_t *zc)
1636 int replacing = zc->zc_cookie;
1640 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1643 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1644 zc->zc_iflags, &config)) == 0) {
1645 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing);
1646 nvlist_free(config);
1649 spa_close(spa, FTAG);
1654 zfs_ioc_vdev_detach(zfs_cmd_t *zc)
1659 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1662 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE);
1664 spa_close(spa, FTAG);
1669 zfs_ioc_vdev_split(zfs_cmd_t *zc)
1672 nvlist_t *config, *props = NULL;
1674 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT);
1676 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1679 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1680 zc->zc_iflags, &config))) {
1681 spa_close(spa, FTAG);
1685 if (zc->zc_nvlist_src_size != 0 && (error =
1686 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1687 zc->zc_iflags, &props))) {
1688 spa_close(spa, FTAG);
1689 nvlist_free(config);
1693 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp);
1695 spa_close(spa, FTAG);
1697 nvlist_free(config);
1704 zfs_ioc_vdev_setpath(zfs_cmd_t *zc)
1707 char *path = zc->zc_value;
1708 uint64_t guid = zc->zc_guid;
1711 error = spa_open(zc->zc_name, &spa, FTAG);
1715 error = spa_vdev_setpath(spa, guid, path);
1716 spa_close(spa, FTAG);
1721 zfs_ioc_vdev_setfru(zfs_cmd_t *zc)
1724 char *fru = zc->zc_value;
1725 uint64_t guid = zc->zc_guid;
1728 error = spa_open(zc->zc_name, &spa, FTAG);
1732 error = spa_vdev_setfru(spa, guid, fru);
1733 spa_close(spa, FTAG);
1738 zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os)
1743 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
1745 if (zc->zc_nvlist_dst != 0 &&
1746 (error = dsl_prop_get_all(os, &nv)) == 0) {
1747 dmu_objset_stats(os, nv);
1749 * NB: zvol_get_stats() will read the objset contents,
1750 * which we aren't supposed to do with a
1751 * DS_MODE_USER hold, because it could be
1752 * inconsistent. So this is a bit of a workaround...
1753 * XXX reading with out owning
1755 if (!zc->zc_objset_stats.dds_inconsistent &&
1756 dmu_objset_type(os) == DMU_OST_ZVOL) {
1757 error = zvol_get_stats(os, nv);
1760 VERIFY3S(error, ==, 0);
1763 error = put_nvlist(zc, nv);
1772 * zc_name name of filesystem
1773 * zc_nvlist_dst_size size of buffer for property nvlist
1776 * zc_objset_stats stats
1777 * zc_nvlist_dst property nvlist
1778 * zc_nvlist_dst_size size of property nvlist
1781 zfs_ioc_objset_stats(zfs_cmd_t *zc)
1783 objset_t *os = NULL;
1786 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)))
1789 error = zfs_ioc_objset_stats_impl(zc, os);
1791 dmu_objset_rele(os, FTAG);
1798 * zc_name name of filesystem
1799 * zc_nvlist_dst_size size of buffer for property nvlist
1802 * zc_nvlist_dst received property nvlist
1803 * zc_nvlist_dst_size size of received property nvlist
1805 * Gets received properties (distinct from local properties on or after
1806 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from
1807 * local property values.
1810 zfs_ioc_objset_recvd_props(zfs_cmd_t *zc)
1812 objset_t *os = NULL;
1816 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)))
1820 * Without this check, we would return local property values if the
1821 * caller has not already received properties on or after
1822 * SPA_VERSION_RECVD_PROPS.
1824 if (!dsl_prop_get_hasrecvd(os)) {
1825 dmu_objset_rele(os, FTAG);
1829 if (zc->zc_nvlist_dst != 0 &&
1830 (error = dsl_prop_get_received(os, &nv)) == 0) {
1831 error = put_nvlist(zc, nv);
1835 dmu_objset_rele(os, FTAG);
1840 nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop)
1846 * zfs_get_zplprop() will either find a value or give us
1847 * the default value (if there is one).
1849 if ((error = zfs_get_zplprop(os, prop, &value)) != 0)
1851 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0);
1857 * zc_name name of filesystem
1858 * zc_nvlist_dst_size size of buffer for zpl property nvlist
1861 * zc_nvlist_dst zpl property nvlist
1862 * zc_nvlist_dst_size size of zpl property nvlist
1865 zfs_ioc_objset_zplprops(zfs_cmd_t *zc)
1870 /* XXX reading without owning */
1871 if ((err = dmu_objset_hold(zc->zc_name, FTAG, &os)))
1874 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
1877 * NB: nvl_add_zplprop() will read the objset contents,
1878 * which we aren't supposed to do with a DS_MODE_USER
1879 * hold, because it could be inconsistent.
1881 if (zc->zc_nvlist_dst != 0 &&
1882 !zc->zc_objset_stats.dds_inconsistent &&
1883 dmu_objset_type(os) == DMU_OST_ZFS) {
1886 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1887 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 &&
1888 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 &&
1889 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 &&
1890 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0)
1891 err = put_nvlist(zc, nv);
1896 dmu_objset_rele(os, FTAG);
1901 dataset_name_hidden(const char *name)
1904 * Skip over datasets that are not visible in this zone,
1905 * internal datasets (which have a $ in their name), and
1906 * temporary datasets (which have a % in their name).
1908 if (strchr(name, '$') != NULL)
1910 if (strchr(name, '%') != NULL)
1912 if (!INGLOBALZONE(curproc) && !zone_dataset_visible(name, NULL))
1919 * zc_name name of filesystem
1920 * zc_cookie zap cursor
1921 * zc_nvlist_dst_size size of buffer for property nvlist
1924 * zc_name name of next filesystem
1925 * zc_cookie zap cursor
1926 * zc_objset_stats stats
1927 * zc_nvlist_dst property nvlist
1928 * zc_nvlist_dst_size size of property nvlist
1931 zfs_ioc_dataset_list_next(zfs_cmd_t *zc)
1936 size_t orig_len = strlen(zc->zc_name);
1939 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os))) {
1940 if (error == ENOENT)
1945 p = strrchr(zc->zc_name, '/');
1946 if (p == NULL || p[1] != '\0')
1947 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name));
1948 p = zc->zc_name + strlen(zc->zc_name);
1951 * Pre-fetch the datasets. dmu_objset_prefetch() always returns 0
1952 * but is not declared void because its called by dmu_objset_find().
1954 if (zc->zc_cookie == 0) {
1955 uint64_t cookie = 0;
1956 int len = sizeof (zc->zc_name) - (p - zc->zc_name);
1958 while (dmu_dir_list_next(os, len, p, NULL, &cookie) == 0) {
1959 if (!dataset_name_hidden(zc->zc_name))
1960 (void) dmu_objset_prefetch(zc->zc_name, NULL);
1965 error = dmu_dir_list_next(os,
1966 sizeof (zc->zc_name) - (p - zc->zc_name), p,
1967 NULL, &zc->zc_cookie);
1968 if (error == ENOENT)
1970 } while (error == 0 && dataset_name_hidden(zc->zc_name));
1971 dmu_objset_rele(os, FTAG);
1974 * If it's an internal dataset (ie. with a '$' in its name),
1975 * don't try to get stats for it, otherwise we'll return ENOENT.
1977 if (error == 0 && strchr(zc->zc_name, '$') == NULL) {
1978 error = zfs_ioc_objset_stats(zc); /* fill in the stats */
1979 if (error == ENOENT) {
1980 /* We lost a race with destroy, get the next one. */
1981 zc->zc_name[orig_len] = '\0';
1990 * zc_name name of filesystem
1991 * zc_cookie zap cursor
1992 * zc_nvlist_dst_size size of buffer for property nvlist
1995 * zc_name name of next snapshot
1996 * zc_objset_stats stats
1997 * zc_nvlist_dst property nvlist
1998 * zc_nvlist_dst_size size of property nvlist
2001 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc)
2007 if (zc->zc_cookie == 0 && !zc->zc_simple)
2008 (void) dmu_objset_find(zc->zc_name, dmu_objset_prefetch,
2009 NULL, DS_FIND_SNAPSHOTS);
2011 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2013 return (error == ENOENT ? ESRCH : error);
2016 * A dataset name of maximum length cannot have any snapshots,
2017 * so exit immediately.
2019 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >= MAXNAMELEN) {
2020 dmu_objset_rele(os, FTAG);
2024 error = dmu_snapshot_list_next(os,
2025 sizeof (zc->zc_name) - strlen(zc->zc_name),
2026 zc->zc_name + strlen(zc->zc_name), &zc->zc_obj, &zc->zc_cookie,
2029 if (error == 0 && !zc->zc_simple) {
2031 dsl_pool_t *dp = os->os_dsl_dataset->ds_dir->dd_pool;
2034 * Since we probably don't have a hold on this snapshot,
2035 * it's possible that the objsetid could have been destroyed
2036 * and reused for a new objset. It's OK if this happens during
2037 * a zfs send operation, since the new createtxg will be
2038 * beyond the range we're interested in.
2040 rw_enter(&dp->dp_config_rwlock, RW_READER);
2041 error = dsl_dataset_hold_obj(dp, zc->zc_obj, FTAG, &ds);
2042 rw_exit(&dp->dp_config_rwlock);
2044 if (error == ENOENT) {
2045 /* Racing with destroy, get the next one. */
2046 *strchr(zc->zc_name, '@') = '\0';
2047 dmu_objset_rele(os, FTAG);
2053 error = dmu_objset_from_ds(ds, &ossnap);
2055 error = zfs_ioc_objset_stats_impl(zc, ossnap);
2056 dsl_dataset_rele(ds, FTAG);
2058 } else if (error == ENOENT) {
2062 dmu_objset_rele(os, FTAG);
2063 /* if we failed, undo the @ that we tacked on to zc_name */
2065 *strchr(zc->zc_name, '@') = '\0';
2070 zfs_prop_set_userquota(const char *dsname, nvpair_t *pair)
2072 const char *propname = nvpair_name(pair);
2074 unsigned int vallen;
2077 zfs_userquota_prop_t type;
2083 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2085 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2086 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2092 * A correctly constructed propname is encoded as
2093 * userquota@<rid>-<domain>.
2095 if ((dash = strchr(propname, '-')) == NULL ||
2096 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 ||
2105 err = zfs_sb_hold(dsname, FTAG, &zsb, B_FALSE);
2107 err = zfs_set_userquota(zsb, type, domain, rid, quota);
2108 zfs_sb_rele(zsb, FTAG);
2115 * If the named property is one that has a special function to set its value,
2116 * return 0 on success and a positive error code on failure; otherwise if it is
2117 * not one of the special properties handled by this function, return -1.
2119 * XXX: It would be better for callers of the property interface if we handled
2120 * these special cases in dsl_prop.c (in the dsl layer).
2123 zfs_prop_set_special(const char *dsname, zprop_source_t source,
2126 const char *propname = nvpair_name(pair);
2127 zfs_prop_t prop = zfs_name_to_prop(propname);
2131 if (prop == ZPROP_INVAL) {
2132 if (zfs_prop_userquota(propname))
2133 return (zfs_prop_set_userquota(dsname, pair));
2137 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2139 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2140 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2144 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING)
2147 VERIFY(0 == nvpair_value_uint64(pair, &intval));
2150 case ZFS_PROP_QUOTA:
2151 err = dsl_dir_set_quota(dsname, source, intval);
2153 case ZFS_PROP_REFQUOTA:
2154 err = dsl_dataset_set_quota(dsname, source, intval);
2156 case ZFS_PROP_RESERVATION:
2157 err = dsl_dir_set_reservation(dsname, source, intval);
2159 case ZFS_PROP_REFRESERVATION:
2160 err = dsl_dataset_set_reservation(dsname, source, intval);
2162 case ZFS_PROP_VOLSIZE:
2163 err = zvol_set_volsize(dsname, intval);
2165 case ZFS_PROP_VERSION:
2169 if ((err = zfs_sb_hold(dsname, FTAG, &zsb, B_TRUE)) != 0)
2172 err = zfs_set_version(zsb, intval);
2173 zfs_sb_rele(zsb, FTAG);
2175 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) {
2178 zc = kmem_zalloc(sizeof (zfs_cmd_t),
2179 KM_SLEEP | KM_NODEBUG);
2180 (void) strcpy(zc->zc_name, dsname);
2181 (void) zfs_ioc_userspace_upgrade(zc);
2182 kmem_free(zc, sizeof (zfs_cmd_t));
2195 * This function is best effort. If it fails to set any of the given properties,
2196 * it continues to set as many as it can and returns the first error
2197 * encountered. If the caller provides a non-NULL errlist, it also gives the
2198 * complete list of names of all the properties it failed to set along with the
2199 * corresponding error numbers. The caller is responsible for freeing the
2202 * If every property is set successfully, zero is returned and the list pointed
2203 * at by errlist is NULL.
2206 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl,
2214 nvlist_t *genericnvl;
2218 VERIFY(nvlist_alloc(&genericnvl, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2219 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2220 VERIFY(nvlist_alloc(&retrynvl, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2224 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2225 const char *propname = nvpair_name(pair);
2226 zfs_prop_t prop = zfs_name_to_prop(propname);
2229 /* decode the property value */
2231 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2233 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2234 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2239 /* Validate value type */
2240 if (err == 0 && prop == ZPROP_INVAL) {
2241 if (zfs_prop_user(propname)) {
2242 if (nvpair_type(propval) != DATA_TYPE_STRING)
2244 } else if (zfs_prop_userquota(propname)) {
2245 if (nvpair_type(propval) !=
2246 DATA_TYPE_UINT64_ARRAY)
2251 } else if (err == 0) {
2252 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2253 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING)
2255 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) {
2258 VERIFY(nvpair_value_uint64(propval,
2261 switch (zfs_prop_get_type(prop)) {
2262 case PROP_TYPE_NUMBER:
2264 case PROP_TYPE_STRING:
2267 case PROP_TYPE_INDEX:
2268 if (zfs_prop_index_to_string(prop,
2269 intval, &unused) != 0)
2274 "unknown property type");
2281 /* Validate permissions */
2283 err = zfs_check_settable(dsname, pair, CRED());
2286 err = zfs_prop_set_special(dsname, source, pair);
2289 * For better performance we build up a list of
2290 * properties to set in a single transaction.
2292 err = nvlist_add_nvpair(genericnvl, pair);
2293 } else if (err != 0 && nvl != retrynvl) {
2295 * This may be a spurious error caused by
2296 * receiving quota and reservation out of order.
2297 * Try again in a second pass.
2299 err = nvlist_add_nvpair(retrynvl, pair);
2304 VERIFY(nvlist_add_int32(errors, propname, err) == 0);
2307 if (nvl != retrynvl && !nvlist_empty(retrynvl)) {
2312 if (!nvlist_empty(genericnvl) &&
2313 dsl_props_set(dsname, source, genericnvl) != 0) {
2315 * If this fails, we still want to set as many properties as we
2316 * can, so try setting them individually.
2319 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) {
2320 const char *propname = nvpair_name(pair);
2324 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2326 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2327 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2331 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2332 VERIFY(nvpair_value_string(propval,
2334 err = dsl_prop_set(dsname, propname, source, 1,
2335 strlen(strval) + 1, strval);
2337 VERIFY(nvpair_value_uint64(propval,
2339 err = dsl_prop_set(dsname, propname, source, 8,
2344 VERIFY(nvlist_add_int32(errors, propname,
2349 nvlist_free(genericnvl);
2350 nvlist_free(retrynvl);
2352 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
2353 nvlist_free(errors);
2356 VERIFY(nvpair_value_int32(pair, &rv) == 0);
2359 if (errlist == NULL)
2360 nvlist_free(errors);
2368 * Check that all the properties are valid user properties.
2371 zfs_check_userprops(char *fsname, nvlist_t *nvl)
2373 nvpair_t *pair = NULL;
2376 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2377 const char *propname = nvpair_name(pair);
2380 if (!zfs_prop_user(propname) ||
2381 nvpair_type(pair) != DATA_TYPE_STRING)
2384 if ((error = zfs_secpolicy_write_perms(fsname,
2385 ZFS_DELEG_PERM_USERPROP, CRED())))
2388 if (strlen(propname) >= ZAP_MAXNAMELEN)
2389 return (ENAMETOOLONG);
2391 VERIFY(nvpair_value_string(pair, &valstr) == 0);
2392 if (strlen(valstr) >= ZAP_MAXVALUELEN)
2399 props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops)
2403 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2406 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) {
2407 if (nvlist_exists(skipped, nvpair_name(pair)))
2410 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0);
2415 clear_received_props(objset_t *os, const char *fs, nvlist_t *props,
2419 nvlist_t *cleared_props = NULL;
2420 props_skip(props, skipped, &cleared_props);
2421 if (!nvlist_empty(cleared_props)) {
2423 * Acts on local properties until the dataset has received
2424 * properties at least once on or after SPA_VERSION_RECVD_PROPS.
2426 zprop_source_t flags = (ZPROP_SRC_NONE |
2427 (dsl_prop_get_hasrecvd(os) ? ZPROP_SRC_RECEIVED : 0));
2428 err = zfs_set_prop_nvlist(fs, flags, cleared_props, NULL);
2430 nvlist_free(cleared_props);
2436 * zc_name name of filesystem
2437 * zc_value name of property to set
2438 * zc_nvlist_src{_size} nvlist of properties to apply
2439 * zc_cookie received properties flag
2442 * zc_nvlist_dst{_size} error for each unapplied received property
2445 zfs_ioc_set_prop(zfs_cmd_t *zc)
2448 boolean_t received = zc->zc_cookie;
2449 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED :
2451 nvlist_t *errors = NULL;
2454 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2455 zc->zc_iflags, &nvl)) != 0)
2459 nvlist_t *origprops;
2462 if (dmu_objset_hold(zc->zc_name, FTAG, &os) == 0) {
2463 if (dsl_prop_get_received(os, &origprops) == 0) {
2464 (void) clear_received_props(os,
2465 zc->zc_name, origprops, nvl);
2466 nvlist_free(origprops);
2469 dsl_prop_set_hasrecvd(os);
2470 dmu_objset_rele(os, FTAG);
2474 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, &errors);
2476 if (zc->zc_nvlist_dst != 0 && errors != NULL) {
2477 (void) put_nvlist(zc, errors);
2480 nvlist_free(errors);
2487 * zc_name name of filesystem
2488 * zc_value name of property to inherit
2489 * zc_cookie revert to received value if TRUE
2494 zfs_ioc_inherit_prop(zfs_cmd_t *zc)
2496 const char *propname = zc->zc_value;
2497 zfs_prop_t prop = zfs_name_to_prop(propname);
2498 boolean_t received = zc->zc_cookie;
2499 zprop_source_t source = (received
2500 ? ZPROP_SRC_NONE /* revert to received value, if any */
2501 : ZPROP_SRC_INHERITED); /* explicitly inherit */
2510 * zfs_prop_set_special() expects properties in the form of an
2511 * nvpair with type info.
2513 if (prop == ZPROP_INVAL) {
2514 if (!zfs_prop_user(propname))
2517 type = PROP_TYPE_STRING;
2518 } else if (prop == ZFS_PROP_VOLSIZE ||
2519 prop == ZFS_PROP_VERSION) {
2522 type = zfs_prop_get_type(prop);
2525 VERIFY(nvlist_alloc(&dummy, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2528 case PROP_TYPE_STRING:
2529 VERIFY(0 == nvlist_add_string(dummy, propname, ""));
2531 case PROP_TYPE_NUMBER:
2532 case PROP_TYPE_INDEX:
2533 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0));
2540 pair = nvlist_next_nvpair(dummy, NULL);
2541 err = zfs_prop_set_special(zc->zc_name, source, pair);
2544 return (err); /* special property already handled */
2547 * Only check this in the non-received case. We want to allow
2548 * 'inherit -S' to revert non-inheritable properties like quota
2549 * and reservation to the received or default values even though
2550 * they are not considered inheritable.
2552 if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop))
2556 /* the property name has been validated by zfs_secpolicy_inherit() */
2557 return (dsl_prop_set(zc->zc_name, zc->zc_value, source, 0, 0, NULL));
2561 zfs_ioc_pool_set_props(zfs_cmd_t *zc)
2568 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2569 zc->zc_iflags, &props)))
2573 * If the only property is the configfile, then just do a spa_lookup()
2574 * to handle the faulted case.
2576 pair = nvlist_next_nvpair(props, NULL);
2577 if (pair != NULL && strcmp(nvpair_name(pair),
2578 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 &&
2579 nvlist_next_nvpair(props, pair) == NULL) {
2580 mutex_enter(&spa_namespace_lock);
2581 if ((spa = spa_lookup(zc->zc_name)) != NULL) {
2582 spa_configfile_set(spa, props, B_FALSE);
2583 spa_config_sync(spa, B_FALSE, B_TRUE);
2585 mutex_exit(&spa_namespace_lock);
2592 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2597 error = spa_prop_set(spa, props);
2600 spa_close(spa, FTAG);
2606 zfs_ioc_pool_get_props(zfs_cmd_t *zc)
2610 nvlist_t *nvp = NULL;
2612 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2614 * If the pool is faulted, there may be properties we can still
2615 * get (such as altroot and cachefile), so attempt to get them
2618 mutex_enter(&spa_namespace_lock);
2619 if ((spa = spa_lookup(zc->zc_name)) != NULL)
2620 error = spa_prop_get(spa, &nvp);
2621 mutex_exit(&spa_namespace_lock);
2623 error = spa_prop_get(spa, &nvp);
2624 spa_close(spa, FTAG);
2627 if (error == 0 && zc->zc_nvlist_dst != 0)
2628 error = put_nvlist(zc, nvp);
2638 * zc_name name of volume
2643 zfs_ioc_create_minor(zfs_cmd_t *zc)
2645 return (zvol_create_minor(zc->zc_name));
2650 * zc_name name of volume
2655 zfs_ioc_remove_minor(zfs_cmd_t *zc)
2657 return (zvol_remove_minor(zc->zc_name));
2662 * zc_name name of filesystem
2663 * zc_nvlist_src{_size} nvlist of delegated permissions
2664 * zc_perm_action allow/unallow flag
2669 zfs_ioc_set_fsacl(zfs_cmd_t *zc)
2672 nvlist_t *fsaclnv = NULL;
2674 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2675 zc->zc_iflags, &fsaclnv)) != 0)
2679 * Verify nvlist is constructed correctly
2681 if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) {
2682 nvlist_free(fsaclnv);
2687 * If we don't have PRIV_SYS_MOUNT, then validate
2688 * that user is allowed to hand out each permission in
2692 error = secpolicy_zfs(CRED());
2694 if (zc->zc_perm_action == B_FALSE) {
2695 error = dsl_deleg_can_allow(zc->zc_name,
2698 error = dsl_deleg_can_unallow(zc->zc_name,
2704 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action);
2706 nvlist_free(fsaclnv);
2712 * zc_name name of filesystem
2715 * zc_nvlist_src{_size} nvlist of delegated permissions
2718 zfs_ioc_get_fsacl(zfs_cmd_t *zc)
2723 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) {
2724 error = put_nvlist(zc, nvp);
2733 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx)
2735 zfs_creat_t *zct = arg;
2737 zfs_create_fs(os, cr, zct->zct_zplprops, tx);
2740 #define ZFS_PROP_UNDEFINED ((uint64_t)-1)
2744 * createprops list of properties requested by creator
2745 * default_zplver zpl version to use if unspecified in createprops
2746 * fuids_ok fuids allowed in this version of the spa?
2747 * os parent objset pointer (NULL if root fs)
2750 * zplprops values for the zplprops we attach to the master node object
2751 * is_ci true if requested file system will be purely case-insensitive
2753 * Determine the settings for utf8only, normalization and
2754 * casesensitivity. Specific values may have been requested by the
2755 * creator and/or we can inherit values from the parent dataset. If
2756 * the file system is of too early a vintage, a creator can not
2757 * request settings for these properties, even if the requested
2758 * setting is the default value. We don't actually want to create dsl
2759 * properties for these, so remove them from the source nvlist after
2763 zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver,
2764 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops,
2765 nvlist_t *zplprops, boolean_t *is_ci)
2767 uint64_t sense = ZFS_PROP_UNDEFINED;
2768 uint64_t norm = ZFS_PROP_UNDEFINED;
2769 uint64_t u8 = ZFS_PROP_UNDEFINED;
2772 ASSERT(zplprops != NULL);
2775 * Pull out creator prop choices, if any.
2778 (void) nvlist_lookup_uint64(createprops,
2779 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver);
2780 (void) nvlist_lookup_uint64(createprops,
2781 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm);
2782 (void) nvlist_remove_all(createprops,
2783 zfs_prop_to_name(ZFS_PROP_NORMALIZE));
2784 (void) nvlist_lookup_uint64(createprops,
2785 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8);
2786 (void) nvlist_remove_all(createprops,
2787 zfs_prop_to_name(ZFS_PROP_UTF8ONLY));
2788 (void) nvlist_lookup_uint64(createprops,
2789 zfs_prop_to_name(ZFS_PROP_CASE), &sense);
2790 (void) nvlist_remove_all(createprops,
2791 zfs_prop_to_name(ZFS_PROP_CASE));
2795 * If the zpl version requested is whacky or the file system
2796 * or pool is version is too "young" to support normalization
2797 * and the creator tried to set a value for one of the props,
2800 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) ||
2801 (zplver >= ZPL_VERSION_FUID && !fuids_ok) ||
2802 (zplver >= ZPL_VERSION_SA && !sa_ok) ||
2803 (zplver < ZPL_VERSION_NORMALIZATION &&
2804 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED ||
2805 sense != ZFS_PROP_UNDEFINED)))
2809 * Put the version in the zplprops
2811 VERIFY(nvlist_add_uint64(zplprops,
2812 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0);
2814 if (norm == ZFS_PROP_UNDEFINED &&
2815 (error = zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm)) != 0)
2817 VERIFY(nvlist_add_uint64(zplprops,
2818 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0);
2821 * If we're normalizing, names must always be valid UTF-8 strings.
2825 if (u8 == ZFS_PROP_UNDEFINED &&
2826 (error = zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8)) != 0)
2828 VERIFY(nvlist_add_uint64(zplprops,
2829 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0);
2831 if (sense == ZFS_PROP_UNDEFINED &&
2832 (error = zfs_get_zplprop(os, ZFS_PROP_CASE, &sense)) != 0)
2834 VERIFY(nvlist_add_uint64(zplprops,
2835 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0);
2838 *is_ci = (sense == ZFS_CASE_INSENSITIVE);
2844 zfs_fill_zplprops(const char *dataset, nvlist_t *createprops,
2845 nvlist_t *zplprops, boolean_t *is_ci)
2847 boolean_t fuids_ok, sa_ok;
2848 uint64_t zplver = ZPL_VERSION;
2849 objset_t *os = NULL;
2850 char parentname[MAXNAMELEN];
2856 (void) strlcpy(parentname, dataset, sizeof (parentname));
2857 cp = strrchr(parentname, '/');
2861 if ((error = spa_open(dataset, &spa, FTAG)) != 0)
2864 spa_vers = spa_version(spa);
2865 spa_close(spa, FTAG);
2867 zplver = zfs_zpl_version_map(spa_vers);
2868 fuids_ok = (zplver >= ZPL_VERSION_FUID);
2869 sa_ok = (zplver >= ZPL_VERSION_SA);
2872 * Open parent object set so we can inherit zplprop values.
2874 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0)
2877 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops,
2879 dmu_objset_rele(os, FTAG);
2884 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops,
2885 nvlist_t *zplprops, boolean_t *is_ci)
2889 uint64_t zplver = ZPL_VERSION;
2892 zplver = zfs_zpl_version_map(spa_vers);
2893 fuids_ok = (zplver >= ZPL_VERSION_FUID);
2894 sa_ok = (zplver >= ZPL_VERSION_SA);
2896 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok,
2897 createprops, zplprops, is_ci);
2903 * zc_objset_type type of objset to create (fs vs zvol)
2904 * zc_name name of new objset
2905 * zc_value name of snapshot to clone from (may be empty)
2906 * zc_nvlist_src{_size} nvlist of properties to apply
2911 zfs_ioc_create(zfs_cmd_t *zc)
2916 nvlist_t *nvprops = NULL;
2917 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx);
2918 dmu_objset_type_t type = zc->zc_objset_type;
2923 cbfunc = zfs_create_cb;
2927 cbfunc = zvol_create_cb;
2934 if (strchr(zc->zc_name, '@') ||
2935 strchr(zc->zc_name, '%'))
2938 if (zc->zc_nvlist_src != 0 &&
2939 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2940 zc->zc_iflags, &nvprops)) != 0)
2943 zct.zct_zplprops = NULL;
2944 zct.zct_props = nvprops;
2946 if (zc->zc_value[0] != '\0') {
2948 * We're creating a clone of an existing snapshot.
2950 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
2951 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0) {
2952 nvlist_free(nvprops);
2956 error = dmu_objset_hold(zc->zc_value, FTAG, &clone);
2958 nvlist_free(nvprops);
2962 error = dmu_objset_clone(zc->zc_name, dmu_objset_ds(clone), 0);
2963 dmu_objset_rele(clone, FTAG);
2965 nvlist_free(nvprops);
2969 boolean_t is_insensitive = B_FALSE;
2971 if (cbfunc == NULL) {
2972 nvlist_free(nvprops);
2976 if (type == DMU_OST_ZVOL) {
2977 uint64_t volsize, volblocksize;
2979 if (nvprops == NULL ||
2980 nvlist_lookup_uint64(nvprops,
2981 zfs_prop_to_name(ZFS_PROP_VOLSIZE),
2983 nvlist_free(nvprops);
2987 if ((error = nvlist_lookup_uint64(nvprops,
2988 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
2989 &volblocksize)) != 0 && error != ENOENT) {
2990 nvlist_free(nvprops);
2995 volblocksize = zfs_prop_default_numeric(
2996 ZFS_PROP_VOLBLOCKSIZE);
2998 if ((error = zvol_check_volblocksize(
2999 volblocksize)) != 0 ||
3000 (error = zvol_check_volsize(volsize,
3001 volblocksize)) != 0) {
3002 nvlist_free(nvprops);
3005 } else if (type == DMU_OST_ZFS) {
3009 * We have to have normalization and
3010 * case-folding flags correct when we do the
3011 * file system creation, so go figure them out
3014 VERIFY(nvlist_alloc(&zct.zct_zplprops,
3015 NV_UNIQUE_NAME, KM_SLEEP) == 0);
3016 error = zfs_fill_zplprops(zc->zc_name, nvprops,
3017 zct.zct_zplprops, &is_insensitive);
3019 nvlist_free(nvprops);
3020 nvlist_free(zct.zct_zplprops);
3024 error = dmu_objset_create(zc->zc_name, type,
3025 is_insensitive ? DS_FLAG_CI_DATASET : 0, cbfunc, &zct);
3026 nvlist_free(zct.zct_zplprops);
3030 * It would be nice to do this atomically.
3033 error = zfs_set_prop_nvlist(zc->zc_name, ZPROP_SRC_LOCAL,
3036 (void) dmu_objset_destroy(zc->zc_name, B_FALSE);
3038 nvlist_free(nvprops);
3044 * zc_name name of filesystem
3045 * zc_value short name of snapshot
3046 * zc_cookie recursive flag
3047 * zc_nvlist_src[_size] property list
3050 * zc_value short snapname (i.e. part after the '@')
3053 zfs_ioc_snapshot(zfs_cmd_t *zc)
3055 nvlist_t *nvprops = NULL;
3057 boolean_t recursive = zc->zc_cookie;
3059 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
3062 if (zc->zc_nvlist_src != 0 &&
3063 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
3064 zc->zc_iflags, &nvprops)) != 0)
3067 error = zfs_check_userprops(zc->zc_name, nvprops);
3071 if (!nvlist_empty(nvprops) &&
3072 zfs_earlier_version(zc->zc_name, SPA_VERSION_SNAP_PROPS)) {
3077 error = dmu_objset_snapshot(zc->zc_name, zc->zc_value, NULL,
3078 nvprops, recursive, B_FALSE, -1);
3081 nvlist_free(nvprops);
3087 * name dataset name, or when 'arg == NULL' the full snapshot name
3088 * arg short snapshot name (i.e. part after the '@')
3091 zfs_unmount_snap(const char *name, void *arg)
3093 zfs_sb_t *zsb = NULL;
3101 dsname = strdup(name);
3102 snapname = strdup(arg);
3104 ptr = strchr(name, '@');
3106 dsname = strdup(name);
3107 dsname[ptr - name] = '\0';
3108 snapname = strdup(ptr + 1);
3114 fullname = kmem_asprintf("%s@%s", dsname, snapname);
3116 error = zfs_sb_hold(dsname, FTAG, &zsb, B_FALSE);
3118 error = zfsctl_unmount_snapshot(zsb, fullname, MNT_FORCE);
3119 zfs_sb_rele(zsb, FTAG);
3121 /* Allow ENOENT for consistency with upstream */
3122 if (error == ENOENT)
3135 * zc_name name of filesystem, snaps must be under it
3136 * zc_nvlist_src[_size] full names of snapshots to destroy
3137 * zc_defer_destroy mark for deferred destroy
3140 * zc_name on failure, name of failed snapshot
3143 zfs_ioc_destroy_snaps_nvl(zfs_cmd_t *zc)
3149 if ((err = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
3150 zc->zc_iflags, &nvl)) != 0)
3153 len = strlen(zc->zc_name);
3154 for (pair = nvlist_next_nvpair(nvl, NULL); pair != NULL;
3155 pair = nvlist_next_nvpair(nvl, pair)) {
3156 const char *name = nvpair_name(pair);
3158 * The snap name must be underneath the zc_name. This ensures
3159 * that our permission checks were legitimate.
3161 if (strncmp(zc->zc_name, name, len) != 0 ||
3162 (name[len] != '@' && name[len] != '/')) {
3167 (void) zfs_unmount_snap(name, NULL);
3168 (void) zvol_remove_minor(name);
3171 err = dmu_snapshots_destroy_nvl(nvl, zc->zc_defer_destroy,
3179 * zc_name name of dataset to destroy
3180 * zc_objset_type type of objset
3181 * zc_defer_destroy mark for deferred destroy
3186 zfs_ioc_destroy(zfs_cmd_t *zc)
3189 if (strchr(zc->zc_name, '@') && zc->zc_objset_type == DMU_OST_ZFS) {
3190 err = zfs_unmount_snap(zc->zc_name, NULL);
3195 err = dmu_objset_destroy(zc->zc_name, zc->zc_defer_destroy);
3196 if (zc->zc_objset_type == DMU_OST_ZVOL && err == 0)
3197 (void) zvol_remove_minor(zc->zc_name);
3203 * zc_name name of dataset to rollback (to most recent snapshot)
3208 zfs_ioc_rollback(zfs_cmd_t *zc)
3210 dsl_dataset_t *ds, *clone;
3215 error = dsl_dataset_hold(zc->zc_name, FTAG, &ds);
3219 /* must not be a snapshot */
3220 if (dsl_dataset_is_snapshot(ds)) {
3221 dsl_dataset_rele(ds, FTAG);
3225 /* must have a most recent snapshot */
3226 if (ds->ds_phys->ds_prev_snap_txg < TXG_INITIAL) {
3227 dsl_dataset_rele(ds, FTAG);
3232 * Create clone of most recent snapshot.
3234 clone_name = kmem_asprintf("%s/%%rollback", zc->zc_name);
3235 error = dmu_objset_clone(clone_name, ds->ds_prev, DS_FLAG_INCONSISTENT);
3239 error = dsl_dataset_own(clone_name, B_TRUE, FTAG, &clone);
3246 if (get_zfs_sb(zc->zc_name, &zsb) == 0) {
3247 error = zfs_suspend_fs(zsb);
3251 if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) {
3252 error = dsl_dataset_clone_swap(clone, ds,
3254 dsl_dataset_disown(ds, FTAG);
3259 resume_err = zfs_resume_fs(zsb, zc->zc_name);
3260 error = error ? error : resume_err;
3262 deactivate_super(zsb->z_sb);
3264 if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) {
3265 error = dsl_dataset_clone_swap(clone, ds, B_TRUE);
3266 dsl_dataset_disown(ds, FTAG);
3274 * Destroy clone (which also closes it).
3276 (void) dsl_dataset_destroy(clone, FTAG, B_FALSE);
3279 strfree(clone_name);
3281 dsl_dataset_rele(ds, FTAG);
3287 * zc_name old name of dataset
3288 * zc_value new name of dataset
3289 * zc_cookie recursive flag (only valid for snapshots)
3294 zfs_ioc_rename(zfs_cmd_t *zc)
3296 boolean_t recursive = zc->zc_cookie & 1;
3299 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
3300 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
3301 strchr(zc->zc_value, '%'))
3305 * Unmount snapshot unless we're doing a recursive rename,
3306 * in which case the dataset code figures out which snapshots
3309 if (!recursive && strchr(zc->zc_name, '@') != NULL &&
3310 zc->zc_objset_type == DMU_OST_ZFS) {
3311 err = zfs_unmount_snap(zc->zc_name, NULL);
3316 err = dmu_objset_rename(zc->zc_name, zc->zc_value, recursive);
3317 if ((err == 0) && (zc->zc_objset_type == DMU_OST_ZVOL)) {
3318 (void) zvol_remove_minor(zc->zc_name);
3319 (void) zvol_create_minor(zc->zc_value);
3326 zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr)
3328 const char *propname = nvpair_name(pair);
3329 boolean_t issnap = (strchr(dsname, '@') != NULL);
3330 zfs_prop_t prop = zfs_name_to_prop(propname);
3334 if (prop == ZPROP_INVAL) {
3335 if (zfs_prop_user(propname)) {
3336 if ((err = zfs_secpolicy_write_perms(dsname,
3337 ZFS_DELEG_PERM_USERPROP, cr)))
3342 if (!issnap && zfs_prop_userquota(propname)) {
3343 const char *perm = NULL;
3344 const char *uq_prefix =
3345 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA];
3346 const char *gq_prefix =
3347 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA];
3349 if (strncmp(propname, uq_prefix,
3350 strlen(uq_prefix)) == 0) {
3351 perm = ZFS_DELEG_PERM_USERQUOTA;
3352 } else if (strncmp(propname, gq_prefix,
3353 strlen(gq_prefix)) == 0) {
3354 perm = ZFS_DELEG_PERM_GROUPQUOTA;
3356 /* USERUSED and GROUPUSED are read-only */
3360 if ((err = zfs_secpolicy_write_perms(dsname, perm, cr)))
3371 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
3373 * dsl_prop_get_all_impl() returns properties in this
3377 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
3378 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3383 * Check that this value is valid for this pool version
3386 case ZFS_PROP_COMPRESSION:
3388 * If the user specified gzip compression, make sure
3389 * the SPA supports it. We ignore any errors here since
3390 * we'll catch them later.
3392 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
3393 nvpair_value_uint64(pair, &intval) == 0) {
3394 if (intval >= ZIO_COMPRESS_GZIP_1 &&
3395 intval <= ZIO_COMPRESS_GZIP_9 &&
3396 zfs_earlier_version(dsname,
3397 SPA_VERSION_GZIP_COMPRESSION)) {
3401 if (intval == ZIO_COMPRESS_ZLE &&
3402 zfs_earlier_version(dsname,
3403 SPA_VERSION_ZLE_COMPRESSION))
3407 * If this is a bootable dataset then
3408 * verify that the compression algorithm
3409 * is supported for booting. We must return
3410 * something other than ENOTSUP since it
3411 * implies a downrev pool version.
3413 if (zfs_is_bootfs(dsname) &&
3414 !BOOTFS_COMPRESS_VALID(intval)) {
3420 case ZFS_PROP_COPIES:
3421 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS))
3425 case ZFS_PROP_DEDUP:
3426 if (zfs_earlier_version(dsname, SPA_VERSION_DEDUP))
3430 case ZFS_PROP_SHARESMB:
3431 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID))
3435 case ZFS_PROP_ACLINHERIT:
3436 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
3437 nvpair_value_uint64(pair, &intval) == 0) {
3438 if (intval == ZFS_ACL_PASSTHROUGH_X &&
3439 zfs_earlier_version(dsname,
3440 SPA_VERSION_PASSTHROUGH_X))
3448 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED()));
3452 * Removes properties from the given props list that fail permission checks
3453 * needed to clear them and to restore them in case of a receive error. For each
3454 * property, make sure we have both set and inherit permissions.
3456 * Returns the first error encountered if any permission checks fail. If the
3457 * caller provides a non-NULL errlist, it also gives the complete list of names
3458 * of all the properties that failed a permission check along with the
3459 * corresponding error numbers. The caller is responsible for freeing the
3462 * If every property checks out successfully, zero is returned and the list
3463 * pointed at by errlist is NULL.
3466 zfs_check_clearable(char *dataset, nvlist_t *props, nvlist_t **errlist)
3469 nvpair_t *pair, *next_pair;
3476 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
3478 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP | KM_NODEBUG);
3479 (void) strcpy(zc->zc_name, dataset);
3480 pair = nvlist_next_nvpair(props, NULL);
3481 while (pair != NULL) {
3482 next_pair = nvlist_next_nvpair(props, pair);
3484 (void) strcpy(zc->zc_value, nvpair_name(pair));
3485 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 ||
3486 (err = zfs_secpolicy_inherit(zc, CRED())) != 0) {
3487 VERIFY(nvlist_remove_nvpair(props, pair) == 0);
3488 VERIFY(nvlist_add_int32(errors,
3489 zc->zc_value, err) == 0);
3493 kmem_free(zc, sizeof (zfs_cmd_t));
3495 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
3496 nvlist_free(errors);
3499 VERIFY(nvpair_value_int32(pair, &rv) == 0);
3502 if (errlist == NULL)
3503 nvlist_free(errors);
3511 propval_equals(nvpair_t *p1, nvpair_t *p2)
3513 if (nvpair_type(p1) == DATA_TYPE_NVLIST) {
3514 /* dsl_prop_get_all_impl() format */
3516 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0);
3517 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3521 if (nvpair_type(p2) == DATA_TYPE_NVLIST) {
3523 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0);
3524 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3528 if (nvpair_type(p1) != nvpair_type(p2))
3531 if (nvpair_type(p1) == DATA_TYPE_STRING) {
3532 char *valstr1, *valstr2;
3534 VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0);
3535 VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0);
3536 return (strcmp(valstr1, valstr2) == 0);
3538 uint64_t intval1, intval2;
3540 VERIFY(nvpair_value_uint64(p1, &intval1) == 0);
3541 VERIFY(nvpair_value_uint64(p2, &intval2) == 0);
3542 return (intval1 == intval2);
3547 * Remove properties from props if they are not going to change (as determined
3548 * by comparison with origprops). Remove them from origprops as well, since we
3549 * do not need to clear or restore properties that won't change.
3552 props_reduce(nvlist_t *props, nvlist_t *origprops)
3554 nvpair_t *pair, *next_pair;
3556 if (origprops == NULL)
3557 return; /* all props need to be received */
3559 pair = nvlist_next_nvpair(props, NULL);
3560 while (pair != NULL) {
3561 const char *propname = nvpair_name(pair);
3564 next_pair = nvlist_next_nvpair(props, pair);
3566 if ((nvlist_lookup_nvpair(origprops, propname,
3567 &match) != 0) || !propval_equals(pair, match))
3568 goto next; /* need to set received value */
3570 /* don't clear the existing received value */
3571 (void) nvlist_remove_nvpair(origprops, match);
3572 /* don't bother receiving the property */
3573 (void) nvlist_remove_nvpair(props, pair);
3580 static boolean_t zfs_ioc_recv_inject_err;
3585 * zc_name name of containing filesystem
3586 * zc_nvlist_src{_size} nvlist of properties to apply
3587 * zc_value name of snapshot to create
3588 * zc_string name of clone origin (if DRR_FLAG_CLONE)
3589 * zc_cookie file descriptor to recv from
3590 * zc_begin_record the BEGIN record of the stream (not byteswapped)
3591 * zc_guid force flag
3592 * zc_cleanup_fd cleanup-on-exit file descriptor
3593 * zc_action_handle handle for this guid/ds mapping (or zero on first call)
3596 * zc_cookie number of bytes read
3597 * zc_nvlist_dst{_size} error for each unapplied received property
3598 * zc_obj zprop_errflags_t
3599 * zc_action_handle handle for this guid/ds mapping
3602 zfs_ioc_recv(zfs_cmd_t *zc)
3606 dmu_recv_cookie_t drc;
3607 boolean_t force = (boolean_t)zc->zc_guid;
3610 int props_error = 0;
3613 nvlist_t *props = NULL; /* sent properties */
3614 nvlist_t *origprops = NULL; /* existing properties */
3615 objset_t *origin = NULL;
3617 char tofs[ZFS_MAXNAMELEN];
3618 boolean_t first_recvd_props = B_FALSE;
3620 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
3621 strchr(zc->zc_value, '@') == NULL ||
3622 strchr(zc->zc_value, '%'))
3625 (void) strcpy(tofs, zc->zc_value);
3626 tosnap = strchr(tofs, '@');
3629 if (zc->zc_nvlist_src != 0 &&
3630 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
3631 zc->zc_iflags, &props)) != 0)
3641 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
3643 if (props && dmu_objset_hold(tofs, FTAG, &os) == 0) {
3644 if ((spa_version(os->os_spa) >= SPA_VERSION_RECVD_PROPS) &&
3645 !dsl_prop_get_hasrecvd(os)) {
3646 first_recvd_props = B_TRUE;
3650 * If new received properties are supplied, they are to
3651 * completely replace the existing received properties, so stash
3652 * away the existing ones.
3654 if (dsl_prop_get_received(os, &origprops) == 0) {
3655 nvlist_t *errlist = NULL;
3657 * Don't bother writing a property if its value won't
3658 * change (and avoid the unnecessary security checks).
3660 * The first receive after SPA_VERSION_RECVD_PROPS is a
3661 * special case where we blow away all local properties
3664 if (!first_recvd_props)
3665 props_reduce(props, origprops);
3666 if (zfs_check_clearable(tofs, origprops,
3668 (void) nvlist_merge(errors, errlist, 0);
3669 nvlist_free(errlist);
3672 dmu_objset_rele(os, FTAG);
3675 if (zc->zc_string[0]) {
3676 error = dmu_objset_hold(zc->zc_string, FTAG, &origin);
3681 error = dmu_recv_begin(tofs, tosnap, zc->zc_top_ds,
3682 &zc->zc_begin_record, force, origin, &drc);
3684 dmu_objset_rele(origin, FTAG);
3689 * Set properties before we receive the stream so that they are applied
3690 * to the new data. Note that we must call dmu_recv_stream() if
3691 * dmu_recv_begin() succeeds.
3696 if (dmu_objset_from_ds(drc.drc_logical_ds, &os) == 0) {
3697 if (drc.drc_newfs) {
3698 if (spa_version(os->os_spa) >=
3699 SPA_VERSION_RECVD_PROPS)
3700 first_recvd_props = B_TRUE;
3701 } else if (origprops != NULL) {
3702 if (clear_received_props(os, tofs, origprops,
3703 first_recvd_props ? NULL : props) != 0)
3704 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3706 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3708 dsl_prop_set_hasrecvd(os);
3709 } else if (!drc.drc_newfs) {
3710 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3713 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
3715 (void) nvlist_merge(errors, errlist, 0);
3716 nvlist_free(errlist);
3719 if (fit_error_list(zc, &errors) != 0 || put_nvlist(zc, errors) != 0) {
3721 * Caller made zc->zc_nvlist_dst less than the minimum expected
3722 * size or supplied an invalid address.
3724 props_error = EINVAL;
3728 error = dmu_recv_stream(&drc, fp->f_vnode, &off, zc->zc_cleanup_fd,
3729 &zc->zc_action_handle);
3732 zfs_sb_t *zsb = NULL;
3734 if (get_zfs_sb(tofs, &zsb) == 0) {
3738 error = zfs_suspend_fs(zsb);
3740 * If the suspend fails, then the recv_end will
3741 * likely also fail, and clean up after itself.
3743 end_err = dmu_recv_end(&drc);
3745 error = zfs_resume_fs(zsb, tofs);
3746 error = error ? error : end_err;
3747 deactivate_super(zsb->z_sb);
3749 error = dmu_recv_end(&drc);
3753 zc->zc_cookie = off - fp->f_offset;
3754 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
3758 if (zfs_ioc_recv_inject_err) {
3759 zfs_ioc_recv_inject_err = B_FALSE;
3764 * On error, restore the original props.
3766 if (error && props) {
3767 if (dmu_objset_hold(tofs, FTAG, &os) == 0) {
3768 if (clear_received_props(os, tofs, props, NULL) != 0) {
3770 * We failed to clear the received properties.
3771 * Since we may have left a $recvd value on the
3772 * system, we can't clear the $hasrecvd flag.
3774 zc->zc_obj |= ZPROP_ERR_NORESTORE;
3775 } else if (first_recvd_props) {
3776 dsl_prop_unset_hasrecvd(os);
3778 dmu_objset_rele(os, FTAG);
3779 } else if (!drc.drc_newfs) {
3780 /* We failed to clear the received properties. */
3781 zc->zc_obj |= ZPROP_ERR_NORESTORE;
3784 if (origprops == NULL && !drc.drc_newfs) {
3785 /* We failed to stash the original properties. */
3786 zc->zc_obj |= ZPROP_ERR_NORESTORE;
3790 * dsl_props_set() will not convert RECEIVED to LOCAL on or
3791 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL
3792 * explictly if we're restoring local properties cleared in the
3793 * first new-style receive.
3795 if (origprops != NULL &&
3796 zfs_set_prop_nvlist(tofs, (first_recvd_props ?
3797 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED),
3798 origprops, NULL) != 0) {
3800 * We stashed the original properties but failed to
3803 zc->zc_obj |= ZPROP_ERR_NORESTORE;
3808 nvlist_free(origprops);
3809 nvlist_free(errors);
3813 error = props_error;
3820 * zc_name name of snapshot to send
3821 * zc_cookie file descriptor to send stream to
3822 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj)
3823 * zc_sendobj objsetid of snapshot to send
3824 * zc_fromobj objsetid of incremental fromsnap (may be zero)
3825 * zc_guid if set, estimate size of stream only. zc_cookie is ignored.
3826 * output size in zc_objset_type.
3831 zfs_ioc_send(zfs_cmd_t *zc)
3833 objset_t *fromsnap = NULL;
3838 dsl_dataset_t *dsfrom = NULL;
3841 boolean_t estimate = (zc->zc_guid != 0);
3843 error = spa_open(zc->zc_name, &spa, FTAG);
3847 dp = spa_get_dsl(spa);
3848 rw_enter(&dp->dp_config_rwlock, RW_READER);
3849 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
3850 rw_exit(&dp->dp_config_rwlock);
3852 spa_close(spa, FTAG);
3856 error = dmu_objset_from_ds(ds, &tosnap);
3858 dsl_dataset_rele(ds, FTAG);
3859 spa_close(spa, FTAG);
3863 if (zc->zc_fromobj != 0) {
3864 rw_enter(&dp->dp_config_rwlock, RW_READER);
3865 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj, FTAG, &dsfrom);
3866 rw_exit(&dp->dp_config_rwlock);
3867 spa_close(spa, FTAG);
3869 dsl_dataset_rele(ds, FTAG);
3872 error = dmu_objset_from_ds(dsfrom, &fromsnap);
3874 dsl_dataset_rele(dsfrom, FTAG);
3875 dsl_dataset_rele(ds, FTAG);
3879 spa_close(spa, FTAG);
3883 error = dmu_send_estimate(tosnap, fromsnap, zc->zc_obj,
3884 &zc->zc_objset_type);
3886 file_t *fp = getf(zc->zc_cookie);
3888 dsl_dataset_rele(ds, FTAG);
3890 dsl_dataset_rele(dsfrom, FTAG);
3895 error = dmu_send(tosnap, fromsnap, zc->zc_obj,
3896 zc->zc_cookie, fp->f_vnode, &off);
3898 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
3900 releasef(zc->zc_cookie);
3903 dsl_dataset_rele(dsfrom, FTAG);
3904 dsl_dataset_rele(ds, FTAG);
3910 * zc_name name of snapshot on which to report progress
3911 * zc_cookie file descriptor of send stream
3914 * zc_cookie number of bytes written in send stream thus far
3917 zfs_ioc_send_progress(zfs_cmd_t *zc)
3920 dmu_sendarg_t *dsp = NULL;
3923 if ((error = dsl_dataset_hold(zc->zc_name, FTAG, &ds)) != 0)
3926 mutex_enter(&ds->ds_sendstream_lock);
3929 * Iterate over all the send streams currently active on this dataset.
3930 * If there's one which matches the specified file descriptor _and_ the
3931 * stream was started by the current process, return the progress of
3935 for (dsp = list_head(&ds->ds_sendstreams); dsp != NULL;
3936 dsp = list_next(&ds->ds_sendstreams, dsp)) {
3937 if (dsp->dsa_outfd == zc->zc_cookie &&
3938 dsp->dsa_proc->group_leader == curproc->group_leader)
3943 zc->zc_cookie = *(dsp->dsa_off);
3947 mutex_exit(&ds->ds_sendstream_lock);
3948 dsl_dataset_rele(ds, FTAG);
3953 zfs_ioc_inject_fault(zfs_cmd_t *zc)
3957 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id,
3958 &zc->zc_inject_record);
3961 zc->zc_guid = (uint64_t)id;
3967 zfs_ioc_clear_fault(zfs_cmd_t *zc)
3969 return (zio_clear_fault((int)zc->zc_guid));
3973 zfs_ioc_inject_list_next(zfs_cmd_t *zc)
3975 int id = (int)zc->zc_guid;
3978 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name),
3979 &zc->zc_inject_record);
3987 zfs_ioc_error_log(zfs_cmd_t *zc)
3991 size_t count = (size_t)zc->zc_nvlist_dst_size;
3993 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
3996 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst,
3999 zc->zc_nvlist_dst_size = count;
4001 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa);
4003 spa_close(spa, FTAG);
4009 zfs_ioc_clear(zfs_cmd_t *zc)
4016 * On zpool clear we also fix up missing slogs
4018 mutex_enter(&spa_namespace_lock);
4019 spa = spa_lookup(zc->zc_name);
4021 mutex_exit(&spa_namespace_lock);
4024 if (spa_get_log_state(spa) == SPA_LOG_MISSING) {
4025 /* we need to let spa_open/spa_load clear the chains */
4026 spa_set_log_state(spa, SPA_LOG_CLEAR);
4028 spa->spa_last_open_failed = 0;
4029 mutex_exit(&spa_namespace_lock);
4031 if (zc->zc_cookie & ZPOOL_NO_REWIND) {
4032 error = spa_open(zc->zc_name, &spa, FTAG);
4035 nvlist_t *config = NULL;
4037 if (zc->zc_nvlist_src == 0)
4040 if ((error = get_nvlist(zc->zc_nvlist_src,
4041 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) {
4042 error = spa_open_rewind(zc->zc_name, &spa, FTAG,
4044 if (config != NULL) {
4047 if ((err = put_nvlist(zc, config)) != 0)
4049 nvlist_free(config);
4051 nvlist_free(policy);
4058 spa_vdev_state_enter(spa, SCL_NONE);
4060 if (zc->zc_guid == 0) {
4063 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE);
4065 (void) spa_vdev_state_exit(spa, NULL, ENODEV);
4066 spa_close(spa, FTAG);
4071 vdev_clear(spa, vd);
4073 (void) spa_vdev_state_exit(spa, NULL, 0);
4076 * Resume any suspended I/Os.
4078 if (zio_resume(spa) != 0)
4081 spa_close(spa, FTAG);
4087 zfs_ioc_pool_reopen(zfs_cmd_t *zc)
4092 error = spa_open(zc->zc_name, &spa, FTAG);
4096 spa_vdev_state_enter(spa, SCL_NONE);
4099 * If a resilver is already in progress then set the
4100 * spa_scrub_reopen flag to B_TRUE so that we don't restart
4101 * the scan as a side effect of the reopen. Otherwise, let
4102 * vdev_open() decided if a resilver is required.
4104 spa->spa_scrub_reopen = dsl_scan_resilvering(spa->spa_dsl_pool);
4105 vdev_reopen(spa->spa_root_vdev);
4106 spa->spa_scrub_reopen = B_FALSE;
4108 (void) spa_vdev_state_exit(spa, NULL, 0);
4109 spa_close(spa, FTAG);
4114 * zc_name name of filesystem
4115 * zc_value name of origin snapshot
4118 * zc_string name of conflicting snapshot, if there is one
4121 zfs_ioc_promote(zfs_cmd_t *zc)
4126 * We don't need to unmount *all* the origin fs's snapshots, but
4129 cp = strchr(zc->zc_value, '@');
4132 (void) dmu_objset_find(zc->zc_value,
4133 zfs_unmount_snap, NULL, DS_FIND_SNAPSHOTS);
4134 return (dsl_dataset_promote(zc->zc_name, zc->zc_string));
4138 * Retrieve a single {user|group}{used|quota}@... property.
4141 * zc_name name of filesystem
4142 * zc_objset_type zfs_userquota_prop_t
4143 * zc_value domain name (eg. "S-1-234-567-89")
4144 * zc_guid RID/UID/GID
4147 * zc_cookie property value
4150 zfs_ioc_userspace_one(zfs_cmd_t *zc)
4155 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
4158 error = zfs_sb_hold(zc->zc_name, FTAG, &zsb, B_FALSE);
4162 error = zfs_userspace_one(zsb,
4163 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie);
4164 zfs_sb_rele(zsb, FTAG);
4171 * zc_name name of filesystem
4172 * zc_cookie zap cursor
4173 * zc_objset_type zfs_userquota_prop_t
4174 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist)
4177 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t)
4178 * zc_cookie zap cursor
4181 zfs_ioc_userspace_many(zfs_cmd_t *zc)
4184 int bufsize = zc->zc_nvlist_dst_size;
4191 error = zfs_sb_hold(zc->zc_name, FTAG, &zsb, B_FALSE);
4195 buf = vmem_alloc(bufsize, KM_SLEEP);
4197 error = zfs_userspace_many(zsb, zc->zc_objset_type, &zc->zc_cookie,
4198 buf, &zc->zc_nvlist_dst_size);
4201 error = xcopyout(buf,
4202 (void *)(uintptr_t)zc->zc_nvlist_dst,
4203 zc->zc_nvlist_dst_size);
4205 vmem_free(buf, bufsize);
4206 zfs_sb_rele(zsb, FTAG);
4213 * zc_name name of filesystem
4219 zfs_ioc_userspace_upgrade(zfs_cmd_t *zc)
4225 if (get_zfs_sb(zc->zc_name, &zsb) == 0) {
4226 if (!dmu_objset_userused_enabled(zsb->z_os)) {
4228 * If userused is not enabled, it may be because the
4229 * objset needs to be closed & reopened (to grow the
4230 * objset_phys_t). Suspend/resume the fs will do that.
4232 error = zfs_suspend_fs(zsb);
4234 error = zfs_resume_fs(zsb, zc->zc_name);
4237 error = dmu_objset_userspace_upgrade(zsb->z_os);
4238 deactivate_super(zsb->z_sb);
4240 /* XXX kind of reading contents without owning */
4241 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
4245 error = dmu_objset_userspace_upgrade(os);
4246 dmu_objset_rele(os, FTAG);
4253 zfs_ioc_share(zfs_cmd_t *zc)
4258 ace_t full_access[] = {
4259 {(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0}
4264 * zc_name name of containing filesystem
4265 * zc_obj object # beyond which we want next in-use object #
4268 * zc_obj next in-use object #
4271 zfs_ioc_next_obj(zfs_cmd_t *zc)
4273 objset_t *os = NULL;
4276 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
4280 error = dmu_object_next(os, &zc->zc_obj, B_FALSE,
4281 os->os_dsl_dataset->ds_phys->ds_prev_snap_txg);
4283 dmu_objset_rele(os, FTAG);
4289 * zc_name name of filesystem
4290 * zc_value prefix name for snapshot
4291 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process
4296 zfs_ioc_tmp_snapshot(zfs_cmd_t *zc)
4301 snap_name = kmem_asprintf("%s-%016llx", zc->zc_value,
4302 (u_longlong_t)ddi_get_lbolt64());
4304 if (strlen(snap_name) >= MAXNAMELEN) {
4309 error = dmu_objset_snapshot(zc->zc_name, snap_name, snap_name,
4310 NULL, B_FALSE, B_TRUE, zc->zc_cleanup_fd);
4316 (void) strcpy(zc->zc_value, snap_name);
4323 * zc_name name of "to" snapshot
4324 * zc_value name of "from" snapshot
4325 * zc_cookie file descriptor to write diff data on
4328 * dmu_diff_record_t's to the file descriptor
4331 zfs_ioc_diff(zfs_cmd_t *zc)
4339 error = dmu_objset_hold(zc->zc_name, FTAG, &tosnap);
4343 error = dmu_objset_hold(zc->zc_value, FTAG, &fromsnap);
4345 dmu_objset_rele(tosnap, FTAG);
4349 fp = getf(zc->zc_cookie);
4351 dmu_objset_rele(fromsnap, FTAG);
4352 dmu_objset_rele(tosnap, FTAG);
4358 error = dmu_diff(tosnap, fromsnap, fp->f_vnode, &off);
4360 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
4362 releasef(zc->zc_cookie);
4364 dmu_objset_rele(fromsnap, FTAG);
4365 dmu_objset_rele(tosnap, FTAG);
4370 * Remove all ACL files in shares dir
4372 #ifdef HAVE_SMB_SHARE
4374 zfs_smb_acl_purge(znode_t *dzp)
4377 zap_attribute_t zap;
4378 zfs_sb_t *zsb = ZTOZSB(dzp);
4381 for (zap_cursor_init(&zc, zsb->z_os, dzp->z_id);
4382 (error = zap_cursor_retrieve(&zc, &zap)) == 0;
4383 zap_cursor_advance(&zc)) {
4384 if ((error = VOP_REMOVE(ZTOV(dzp), zap.za_name, kcred,
4388 zap_cursor_fini(&zc);
4391 #endif /* HAVE_SMB_SHARE */
4394 zfs_ioc_smb_acl(zfs_cmd_t *zc)
4396 #ifdef HAVE_SMB_SHARE
4399 vnode_t *resourcevp = NULL;
4408 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
4409 NO_FOLLOW, NULL, &vp)) != 0)
4412 /* Now make sure mntpnt and dataset are ZFS */
4414 if (vp->v_vfsp->vfs_fstype != zfsfstype ||
4415 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
4416 zc->zc_name) != 0)) {
4426 * Create share dir if its missing.
4428 mutex_enter(&zsb->z_lock);
4429 if (zsb->z_shares_dir == 0) {
4432 tx = dmu_tx_create(zsb->z_os);
4433 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, TRUE,
4435 dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL);
4436 error = dmu_tx_assign(tx, TXG_WAIT);
4440 error = zfs_create_share_dir(zsb, tx);
4444 mutex_exit(&zsb->z_lock);
4450 mutex_exit(&zsb->z_lock);
4452 ASSERT(zsb->z_shares_dir);
4453 if ((error = zfs_zget(zsb, zsb->z_shares_dir, &sharedir)) != 0) {
4459 switch (zc->zc_cookie) {
4460 case ZFS_SMB_ACL_ADD:
4461 vattr.va_mask = AT_MODE|AT_UID|AT_GID|AT_TYPE;
4462 vattr.va_mode = S_IFREG|0777;
4466 vsec.vsa_mask = VSA_ACE;
4467 vsec.vsa_aclentp = &full_access;
4468 vsec.vsa_aclentsz = sizeof (full_access);
4469 vsec.vsa_aclcnt = 1;
4471 error = VOP_CREATE(ZTOV(sharedir), zc->zc_string,
4472 &vattr, EXCL, 0, &resourcevp, kcred, 0, NULL, &vsec);
4474 VN_RELE(resourcevp);
4477 case ZFS_SMB_ACL_REMOVE:
4478 error = VOP_REMOVE(ZTOV(sharedir), zc->zc_string, kcred,
4482 case ZFS_SMB_ACL_RENAME:
4483 if ((error = get_nvlist(zc->zc_nvlist_src,
4484 zc->zc_nvlist_src_size, zc->zc_iflags, &nvlist)) != 0) {
4489 if (nvlist_lookup_string(nvlist, ZFS_SMB_ACL_SRC, &src) ||
4490 nvlist_lookup_string(nvlist, ZFS_SMB_ACL_TARGET,
4493 VN_RELE(ZTOV(sharedir));
4495 nvlist_free(nvlist);
4498 error = VOP_RENAME(ZTOV(sharedir), src, ZTOV(sharedir), target,
4500 nvlist_free(nvlist);
4503 case ZFS_SMB_ACL_PURGE:
4504 error = zfs_smb_acl_purge(sharedir);
4513 VN_RELE(ZTOV(sharedir));
4520 #endif /* HAVE_SMB_SHARE */
4525 * zc_name name of filesystem
4526 * zc_value short name of snap
4527 * zc_string user-supplied tag for this hold
4528 * zc_cookie recursive flag
4529 * zc_temphold set if hold is temporary
4530 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process
4531 * zc_sendobj if non-zero, the objid for zc_name@zc_value
4532 * zc_createtxg if zc_sendobj is non-zero, snap must have zc_createtxg
4537 zfs_ioc_hold(zfs_cmd_t *zc)
4539 boolean_t recursive = zc->zc_cookie;
4546 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
4549 if (zc->zc_sendobj == 0) {
4550 return (dsl_dataset_user_hold(zc->zc_name, zc->zc_value,
4551 zc->zc_string, recursive, zc->zc_temphold,
4552 zc->zc_cleanup_fd));
4558 error = spa_open(zc->zc_name, &spa, FTAG);
4562 dp = spa_get_dsl(spa);
4563 rw_enter(&dp->dp_config_rwlock, RW_READER);
4564 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
4565 rw_exit(&dp->dp_config_rwlock);
4566 spa_close(spa, FTAG);
4571 * Until we have a hold on this snapshot, it's possible that
4572 * zc_sendobj could've been destroyed and reused as part
4573 * of a later txg. Make sure we're looking at the right object.
4575 if (zc->zc_createtxg != ds->ds_phys->ds_creation_txg) {
4576 dsl_dataset_rele(ds, FTAG);
4580 if (zc->zc_cleanup_fd != -1 && zc->zc_temphold) {
4581 error = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor);
4583 dsl_dataset_rele(ds, FTAG);
4588 error = dsl_dataset_user_hold_for_send(ds, zc->zc_string,
4592 dsl_register_onexit_hold_cleanup(ds, zc->zc_string,
4595 zfs_onexit_fd_rele(zc->zc_cleanup_fd);
4597 dsl_dataset_rele(ds, FTAG);
4604 * zc_name name of dataset from which we're releasing a user hold
4605 * zc_value short name of snap
4606 * zc_string user-supplied tag for this hold
4607 * zc_cookie recursive flag
4612 zfs_ioc_release(zfs_cmd_t *zc)
4614 boolean_t recursive = zc->zc_cookie;
4616 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
4619 return (dsl_dataset_user_release(zc->zc_name, zc->zc_value,
4620 zc->zc_string, recursive));
4625 * zc_name name of filesystem
4628 * zc_nvlist_src{_size} nvlist of snapshot holds
4631 zfs_ioc_get_holds(zfs_cmd_t *zc)
4636 if ((error = dsl_dataset_get_holds(zc->zc_name, &nvp)) == 0) {
4637 error = put_nvlist(zc, nvp);
4646 * zc_guid flags (ZEVENT_NONBLOCK)
4649 * zc_nvlist_dst next nvlist event
4650 * zc_cookie dropped events since last get
4651 * zc_cleanup_fd cleanup-on-exit file descriptor
4654 zfs_ioc_events_next(zfs_cmd_t *zc)
4657 nvlist_t *event = NULL;
4659 uint64_t dropped = 0;
4662 error = zfs_zevent_fd_hold(zc->zc_cleanup_fd, &minor, &ze);
4667 error = zfs_zevent_next(ze, &event,
4668 &zc->zc_nvlist_dst_size, &dropped);
4669 if (event != NULL) {
4670 zc->zc_cookie = dropped;
4671 error = put_nvlist(zc, event);
4675 if (zc->zc_guid & ZEVENT_NONBLOCK)
4678 if ((error == 0) || (error != ENOENT))
4681 error = zfs_zevent_wait(ze);
4686 zfs_zevent_fd_rele(zc->zc_cleanup_fd);
4693 * zc_cookie cleared events count
4696 zfs_ioc_events_clear(zfs_cmd_t *zc)
4700 zfs_zevent_drain_all(&count);
4701 zc->zc_cookie = count;
4708 * zc_name name of new filesystem or snapshot
4709 * zc_value full name of old snapshot
4712 * zc_cookie space in bytes
4713 * zc_objset_type compressed space in bytes
4714 * zc_perm_action uncompressed space in bytes
4717 zfs_ioc_space_written(zfs_cmd_t *zc)
4720 dsl_dataset_t *new, *old;
4722 error = dsl_dataset_hold(zc->zc_name, FTAG, &new);
4725 error = dsl_dataset_hold(zc->zc_value, FTAG, &old);
4727 dsl_dataset_rele(new, FTAG);
4731 error = dsl_dataset_space_written(old, new, &zc->zc_cookie,
4732 &zc->zc_objset_type, &zc->zc_perm_action);
4733 dsl_dataset_rele(old, FTAG);
4734 dsl_dataset_rele(new, FTAG);
4740 * zc_name full name of last snapshot
4741 * zc_value full name of first snapshot
4744 * zc_cookie space in bytes
4745 * zc_objset_type compressed space in bytes
4746 * zc_perm_action uncompressed space in bytes
4749 zfs_ioc_space_snaps(zfs_cmd_t *zc)
4752 dsl_dataset_t *new, *old;
4754 error = dsl_dataset_hold(zc->zc_name, FTAG, &new);
4757 error = dsl_dataset_hold(zc->zc_value, FTAG, &old);
4759 dsl_dataset_rele(new, FTAG);
4763 error = dsl_dataset_space_wouldfree(old, new, &zc->zc_cookie,
4764 &zc->zc_objset_type, &zc->zc_perm_action);
4765 dsl_dataset_rele(old, FTAG);
4766 dsl_dataset_rele(new, FTAG);
4771 * pool create, destroy, and export don't log the history as part of
4772 * zfsdev_ioctl, but rather zfs_ioc_pool_create, and zfs_ioc_pool_export
4773 * do the logging of those commands.
4775 static zfs_ioc_vec_t zfs_ioc_vec[] = {
4776 { zfs_ioc_pool_create, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4778 { zfs_ioc_pool_destroy, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4780 { zfs_ioc_pool_import, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4782 { zfs_ioc_pool_export, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4784 { zfs_ioc_pool_configs, zfs_secpolicy_none, NO_NAME, B_FALSE,
4786 { zfs_ioc_pool_stats, zfs_secpolicy_read, POOL_NAME, B_FALSE,
4788 { zfs_ioc_pool_tryimport, zfs_secpolicy_config, NO_NAME, B_FALSE,
4790 { zfs_ioc_pool_scan, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4791 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4792 { zfs_ioc_pool_freeze, zfs_secpolicy_config, NO_NAME, B_FALSE,
4793 POOL_CHECK_READONLY },
4794 { zfs_ioc_pool_upgrade, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4795 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4796 { zfs_ioc_pool_get_history, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4798 { zfs_ioc_vdev_add, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4799 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4800 { zfs_ioc_vdev_remove, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4801 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4802 { zfs_ioc_vdev_set_state, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4803 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4804 { zfs_ioc_vdev_attach, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4805 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4806 { zfs_ioc_vdev_detach, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4807 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4808 { zfs_ioc_vdev_setpath, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4809 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4810 { zfs_ioc_vdev_setfru, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4811 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4812 { zfs_ioc_objset_stats, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4813 POOL_CHECK_SUSPENDED },
4814 { zfs_ioc_objset_zplprops, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4816 { zfs_ioc_dataset_list_next, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4817 POOL_CHECK_SUSPENDED },
4818 { zfs_ioc_snapshot_list_next, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4819 POOL_CHECK_SUSPENDED },
4820 { zfs_ioc_set_prop, zfs_secpolicy_none, DATASET_NAME, B_TRUE,
4821 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4822 { zfs_ioc_create_minor, zfs_secpolicy_config, DATASET_NAME, B_FALSE,
4824 { zfs_ioc_remove_minor, zfs_secpolicy_config, DATASET_NAME, B_FALSE,
4826 { zfs_ioc_create, zfs_secpolicy_create, DATASET_NAME, B_TRUE,
4827 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4828 { zfs_ioc_destroy, zfs_secpolicy_destroy, DATASET_NAME, B_TRUE,
4829 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4830 { zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME, B_TRUE,
4831 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4832 { zfs_ioc_rename, zfs_secpolicy_rename, DATASET_NAME, B_TRUE,
4833 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4834 { zfs_ioc_recv, zfs_secpolicy_receive, DATASET_NAME, B_TRUE,
4835 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4836 { zfs_ioc_send, zfs_secpolicy_send, DATASET_NAME, B_FALSE,
4838 { zfs_ioc_inject_fault, zfs_secpolicy_inject, NO_NAME, B_FALSE,
4840 { zfs_ioc_clear_fault, zfs_secpolicy_inject, NO_NAME, B_FALSE,
4842 { zfs_ioc_inject_list_next, zfs_secpolicy_inject, NO_NAME, B_FALSE,
4844 { zfs_ioc_error_log, zfs_secpolicy_inject, POOL_NAME, B_FALSE,
4846 { zfs_ioc_clear, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4848 { zfs_ioc_promote, zfs_secpolicy_promote, DATASET_NAME, B_TRUE,
4849 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4850 { zfs_ioc_destroy_snaps_nvl, zfs_secpolicy_destroy_recursive,
4851 DATASET_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4852 { zfs_ioc_snapshot, zfs_secpolicy_snapshot, DATASET_NAME, B_TRUE,
4853 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4854 { zfs_ioc_dsobj_to_dsname, zfs_secpolicy_diff, POOL_NAME, B_FALSE,
4856 { zfs_ioc_obj_to_path, zfs_secpolicy_diff, DATASET_NAME, B_FALSE,
4857 POOL_CHECK_SUSPENDED },
4858 { zfs_ioc_pool_set_props, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4859 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4860 { zfs_ioc_pool_get_props, zfs_secpolicy_read, POOL_NAME, B_FALSE,
4862 { zfs_ioc_set_fsacl, zfs_secpolicy_fsacl, DATASET_NAME, B_TRUE,
4863 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4864 { zfs_ioc_get_fsacl, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4866 { zfs_ioc_share, zfs_secpolicy_share, DATASET_NAME, B_FALSE,
4868 { zfs_ioc_inherit_prop, zfs_secpolicy_inherit, DATASET_NAME, B_TRUE,
4869 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4870 { zfs_ioc_smb_acl, zfs_secpolicy_smb_acl, DATASET_NAME, B_FALSE,
4872 { zfs_ioc_userspace_one, zfs_secpolicy_userspace_one, DATASET_NAME,
4873 B_FALSE, POOL_CHECK_NONE },
4874 { zfs_ioc_userspace_many, zfs_secpolicy_userspace_many, DATASET_NAME,
4875 B_FALSE, POOL_CHECK_NONE },
4876 { zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade,
4877 DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4878 { zfs_ioc_hold, zfs_secpolicy_hold, DATASET_NAME, B_TRUE,
4879 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4880 { zfs_ioc_release, zfs_secpolicy_release, DATASET_NAME, B_TRUE,
4881 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4882 { zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4883 POOL_CHECK_SUSPENDED },
4884 { zfs_ioc_objset_recvd_props, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4886 { zfs_ioc_vdev_split, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4887 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4888 { zfs_ioc_next_obj, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4890 { zfs_ioc_diff, zfs_secpolicy_diff, DATASET_NAME, B_FALSE,
4892 { zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot, DATASET_NAME,
4893 B_FALSE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4894 { zfs_ioc_obj_to_stats, zfs_secpolicy_diff, DATASET_NAME, B_FALSE,
4895 POOL_CHECK_SUSPENDED },
4896 { zfs_ioc_events_next, zfs_secpolicy_config, NO_NAME, B_FALSE,
4898 { zfs_ioc_events_clear, zfs_secpolicy_config, NO_NAME, B_FALSE,
4900 { zfs_ioc_pool_reguid, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4901 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4902 { zfs_ioc_space_written, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4903 POOL_CHECK_SUSPENDED },
4904 { zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4905 POOL_CHECK_SUSPENDED },
4906 { zfs_ioc_pool_reopen, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4907 POOL_CHECK_SUSPENDED },
4908 { zfs_ioc_send_progress, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4913 pool_status_check(const char *name, zfs_ioc_namecheck_t type,
4914 zfs_ioc_poolcheck_t check)
4919 ASSERT(type == POOL_NAME || type == DATASET_NAME);
4921 if (check & POOL_CHECK_NONE)
4924 error = spa_open(name, &spa, FTAG);
4926 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa))
4928 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa))
4930 spa_close(spa, FTAG);
4936 zfsdev_get_state_impl(minor_t minor, enum zfsdev_state_type which)
4940 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
4942 for (zs = list_head(&zfsdev_state_list); zs != NULL;
4943 zs = list_next(&zfsdev_state_list, zs)) {
4944 if (zs->zs_minor == minor) {
4946 case ZST_ONEXIT: return (zs->zs_onexit);
4947 case ZST_ZEVENT: return (zs->zs_zevent);
4948 case ZST_ALL: return (zs);
4957 zfsdev_get_state(minor_t minor, enum zfsdev_state_type which)
4961 mutex_enter(&zfsdev_state_lock);
4962 ptr = zfsdev_get_state_impl(minor, which);
4963 mutex_exit(&zfsdev_state_lock);
4969 zfsdev_getminor(struct file *filp)
4971 ASSERT(filp != NULL);
4972 ASSERT(filp->private_data != NULL);
4974 return (((zfsdev_state_t *)filp->private_data)->zs_minor);
4978 * Find a free minor number. The zfsdev_state_list is expected to
4979 * be short since it is only a list of currently open file handles.
4982 zfsdev_minor_alloc(void)
4984 static minor_t last_minor = 0;
4987 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
4989 for (m = last_minor + 1; m != last_minor; m++) {
4990 if (m > ZFSDEV_MAX_MINOR)
4992 if (zfsdev_get_state_impl(m, ZST_ALL) == NULL) {
5002 zfsdev_state_init(struct file *filp)
5007 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
5009 minor = zfsdev_minor_alloc();
5013 zs = kmem_zalloc( sizeof(zfsdev_state_t), KM_SLEEP);
5018 zs->zs_minor = minor;
5019 filp->private_data = zs;
5021 zfs_onexit_init((zfs_onexit_t **)&zs->zs_onexit);
5022 zfs_zevent_init((zfs_zevent_t **)&zs->zs_zevent);
5024 list_insert_tail(&zfsdev_state_list, zs);
5030 zfsdev_state_destroy(struct file *filp)
5034 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
5035 ASSERT(filp->private_data != NULL);
5037 zs = filp->private_data;
5038 zfs_onexit_destroy(zs->zs_onexit);
5039 zfs_zevent_destroy(zs->zs_zevent);
5041 list_remove(&zfsdev_state_list, zs);
5042 kmem_free(zs, sizeof(zfsdev_state_t));
5048 zfsdev_open(struct inode *ino, struct file *filp)
5052 mutex_enter(&zfsdev_state_lock);
5053 error = zfsdev_state_init(filp);
5054 mutex_exit(&zfsdev_state_lock);
5060 zfsdev_release(struct inode *ino, struct file *filp)
5064 mutex_enter(&zfsdev_state_lock);
5065 error = zfsdev_state_destroy(filp);
5066 mutex_exit(&zfsdev_state_lock);
5072 zfsdev_ioctl(struct file *filp, unsigned cmd, unsigned long arg)
5076 int error, rc, flag = 0;
5078 vec = cmd - ZFS_IOC;
5079 if (vec >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0]))
5082 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP | KM_NODEBUG);
5084 error = ddi_copyin((void *)arg, zc, sizeof (zfs_cmd_t), flag);
5088 if ((error == 0) && !(flag & FKIOCTL))
5089 error = zfs_ioc_vec[vec].zvec_secpolicy(zc, CRED());
5092 * Ensure that all pool/dataset names are valid before we pass down to
5096 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
5097 zc->zc_iflags = flag & FKIOCTL;
5098 switch (zfs_ioc_vec[vec].zvec_namecheck) {
5100 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0)
5102 error = pool_status_check(zc->zc_name,
5103 zfs_ioc_vec[vec].zvec_namecheck,
5104 zfs_ioc_vec[vec].zvec_pool_check);
5108 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0)
5110 error = pool_status_check(zc->zc_name,
5111 zfs_ioc_vec[vec].zvec_namecheck,
5112 zfs_ioc_vec[vec].zvec_pool_check);
5121 error = zfs_ioc_vec[vec].zvec_func(zc);
5123 rc = ddi_copyout(zc, (void *)arg, sizeof (zfs_cmd_t), flag);
5127 if (zfs_ioc_vec[vec].zvec_his_log)
5128 zfs_log_history(zc);
5131 kmem_free(zc, sizeof (zfs_cmd_t));
5135 #ifdef CONFIG_COMPAT
5137 zfsdev_compat_ioctl(struct file *filp, unsigned cmd, unsigned long arg)
5139 return zfsdev_ioctl(filp, cmd, arg);
5142 #define zfsdev_compat_ioctl NULL
5145 static const struct file_operations zfsdev_fops = {
5146 .open = zfsdev_open,
5147 .release = zfsdev_release,
5148 .unlocked_ioctl = zfsdev_ioctl,
5149 .compat_ioctl = zfsdev_compat_ioctl,
5150 .owner = THIS_MODULE,
5153 static struct miscdevice zfs_misc = {
5154 .minor = MISC_DYNAMIC_MINOR,
5156 .fops = &zfsdev_fops,
5164 mutex_init(&zfsdev_state_lock, NULL, MUTEX_DEFAULT, NULL);
5165 list_create(&zfsdev_state_list, sizeof (zfsdev_state_t),
5166 offsetof(zfsdev_state_t, zs_next));
5168 error = misc_register(&zfs_misc);
5170 printk(KERN_INFO "ZFS: misc_register() failed %d\n", error);
5182 error = misc_deregister(&zfs_misc);
5184 printk(KERN_INFO "ZFS: misc_deregister() failed %d\n", error);
5186 mutex_destroy(&zfsdev_state_lock);
5187 list_destroy(&zfsdev_state_list);
5190 uint_t zfs_fsyncer_key;
5191 extern uint_t rrw_tsd_key;
5194 #define ZFS_DEBUG_STR " (DEBUG mode)"
5196 #define ZFS_DEBUG_STR ""
5204 spa_init(FREAD | FWRITE);
5207 if ((error = zvol_init()) != 0)
5210 if ((error = zfs_attach()) != 0)
5213 tsd_create(&zfs_fsyncer_key, NULL);
5214 tsd_create(&rrw_tsd_key, NULL);
5216 printk(KERN_NOTICE "ZFS: Loaded module v%s-%s%s, "
5217 "ZFS pool version %s, ZFS filesystem version %s\n",
5218 ZFS_META_VERSION, ZFS_META_RELEASE, ZFS_DEBUG_STR,
5219 SPA_VERSION_STRING, ZPL_VERSION_STRING);
5228 printk(KERN_NOTICE "ZFS: Failed to Load ZFS Filesystem v%s-%s%s"
5229 ", rc = %d\n", ZFS_META_VERSION, ZFS_META_RELEASE,
5230 ZFS_DEBUG_STR, error);
5243 tsd_destroy(&zfs_fsyncer_key);
5244 tsd_destroy(&rrw_tsd_key);
5246 printk(KERN_NOTICE "ZFS: Unloaded module v%s-%s%s\n",
5247 ZFS_META_VERSION, ZFS_META_RELEASE, ZFS_DEBUG_STR);
5253 spl_module_init(_init);
5254 spl_module_exit(_fini);
5256 MODULE_DESCRIPTION("ZFS");
5257 MODULE_AUTHOR(ZFS_META_AUTHOR);
5258 MODULE_LICENSE(ZFS_META_LICENSE);
5259 #endif /* HAVE_SPL */
git://git.camperquake.de / zfs.git / blob