4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
22 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
25 #include <sys/types.h>
26 #include <sys/param.h>
27 #include <sys/errno.h>
30 #include <sys/modctl.h>
35 #include <sys/cmn_err.h>
37 #include <sys/zfs_ioctl.h>
38 #include <sys/zfs_vfsops.h>
39 #include <sys/zfs_znode.h>
42 #include <sys/spa_impl.h>
44 #include <sys/priv_impl.h>
46 #include <sys/dsl_dir.h>
47 #include <sys/dsl_dataset.h>
48 #include <sys/dsl_prop.h>
49 #include <sys/dsl_deleg.h>
50 #include <sys/dmu_objset.h>
52 #include <sys/sunddi.h>
53 #include <sys/sunldi.h>
54 #include <sys/policy.h>
56 #include <sys/nvpair.h>
57 #include <sys/pathname.h>
58 #include <sys/mount.h>
60 #include <sys/fs/zfs.h>
61 #include <sys/zfs_ctldir.h>
62 #include <sys/zfs_dir.h>
63 #include <sys/zfs_onexit.h>
65 #include <sys/dsl_scan.h>
66 #include <sharefs/share.h>
67 #include <sys/dmu_objset.h>
69 #include "zfs_namecheck.h"
71 #include "zfs_deleg.h"
72 #include "zfs_comutil.h"
74 extern struct modlfs zfs_modlfs;
76 extern void zfs_init(void);
77 extern void zfs_fini(void);
79 ldi_ident_t zfs_li = NULL;
82 typedef int zfs_ioc_func_t(zfs_cmd_t *);
83 typedef int zfs_secpolicy_func_t(zfs_cmd_t *, cred_t *);
89 } zfs_ioc_namecheck_t;
92 POOL_CHECK_NONE = 1 << 0,
93 POOL_CHECK_SUSPENDED = 1 << 1,
94 POOL_CHECK_READONLY = 1 << 2
95 } zfs_ioc_poolcheck_t;
97 typedef struct zfs_ioc_vec {
98 zfs_ioc_func_t *zvec_func;
99 zfs_secpolicy_func_t *zvec_secpolicy;
100 zfs_ioc_namecheck_t zvec_namecheck;
101 boolean_t zvec_his_log;
102 zfs_ioc_poolcheck_t zvec_pool_check;
105 /* This array is indexed by zfs_userquota_prop_t */
106 static const char *userquota_perms[] = {
107 ZFS_DELEG_PERM_USERUSED,
108 ZFS_DELEG_PERM_USERQUOTA,
109 ZFS_DELEG_PERM_GROUPUSED,
110 ZFS_DELEG_PERM_GROUPQUOTA,
113 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc);
114 static int zfs_check_settable(const char *name, nvpair_t *property,
116 static int zfs_check_clearable(char *dataset, nvlist_t *props,
118 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *,
120 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t **);
122 /* _NOTE(PRINTFLIKE(4)) - this is printf-like, but lint is too whiney */
124 __dprintf(const char *file, const char *func, int line, const char *fmt, ...)
131 * Get rid of annoying "../common/" prefix to filename.
133 newfile = strrchr(file, '/');
134 if (newfile != NULL) {
135 newfile = newfile + 1; /* Get rid of leading / */
141 (void) vsnprintf(buf, sizeof (buf), fmt, adx);
145 * To get this data, use the zfs-dprintf probe as so:
146 * dtrace -q -n 'zfs-dprintf \
147 * /stringof(arg0) == "dbuf.c"/ \
148 * {printf("%s: %s", stringof(arg1), stringof(arg3))}'
150 * arg1 = function name
154 DTRACE_PROBE4(zfs__dprintf,
155 char *, newfile, char *, func, int, line, char *, buf);
159 history_str_free(char *buf)
161 kmem_free(buf, HIS_MAX_RECORD_LEN);
165 history_str_get(zfs_cmd_t *zc)
169 if (zc->zc_history == 0)
172 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP);
173 if (copyinstr((void *)(uintptr_t)zc->zc_history,
174 buf, HIS_MAX_RECORD_LEN, NULL) != 0) {
175 history_str_free(buf);
179 buf[HIS_MAX_RECORD_LEN -1] = '\0';
185 * Check to see if the named dataset is currently defined as bootable
188 zfs_is_bootfs(const char *name)
192 if (dmu_objset_hold(name, FTAG, &os) == 0) {
194 ret = (dmu_objset_id(os) == spa_bootfs(dmu_objset_spa(os)));
195 dmu_objset_rele(os, FTAG);
202 * zfs_earlier_version
204 * Return non-zero if the spa version is less than requested version.
207 zfs_earlier_version(const char *name, int version)
211 if (spa_open(name, &spa, FTAG) == 0) {
212 if (spa_version(spa) < version) {
213 spa_close(spa, FTAG);
216 spa_close(spa, FTAG);
222 * zpl_earlier_version
224 * Return TRUE if the ZPL version is less than requested version.
227 zpl_earlier_version(const char *name, int version)
230 boolean_t rc = B_TRUE;
232 if (dmu_objset_hold(name, FTAG, &os) == 0) {
235 if (dmu_objset_type(os) != DMU_OST_ZFS) {
236 dmu_objset_rele(os, FTAG);
239 /* XXX reading from non-owned objset */
240 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0)
241 rc = zplversion < version;
242 dmu_objset_rele(os, FTAG);
248 zfs_log_history(zfs_cmd_t *zc)
253 if ((buf = history_str_get(zc)) == NULL)
256 if (spa_open(zc->zc_name, &spa, FTAG) == 0) {
257 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY)
258 (void) spa_history_log(spa, buf, LOG_CMD_NORMAL);
259 spa_close(spa, FTAG);
261 history_str_free(buf);
265 * Policy for top-level read operations (list pools). Requires no privileges,
266 * and can be used in the local zone, as there is no associated dataset.
270 zfs_secpolicy_none(zfs_cmd_t *zc, cred_t *cr)
276 * Policy for dataset read operations (list children, get statistics). Requires
277 * no privileges, but must be visible in the local zone.
281 zfs_secpolicy_read(zfs_cmd_t *zc, cred_t *cr)
283 if (INGLOBALZONE(curproc) ||
284 zone_dataset_visible(zc->zc_name, NULL))
291 zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr)
296 * The dataset must be visible by this zone -- check this first
297 * so they don't see EPERM on something they shouldn't know about.
299 if (!INGLOBALZONE(curproc) &&
300 !zone_dataset_visible(dataset, &writable))
303 if (INGLOBALZONE(curproc)) {
305 * If the fs is zoned, only root can access it from the
308 if (secpolicy_zfs(cr) && zoned)
312 * If we are in a local zone, the 'zoned' property must be set.
317 /* must be writable by this zone */
325 zfs_dozonecheck(const char *dataset, cred_t *cr)
329 if (dsl_prop_get_integer(dataset, "zoned", &zoned, NULL))
332 return (zfs_dozonecheck_impl(dataset, zoned, cr));
336 zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr)
340 rw_enter(&ds->ds_dir->dd_pool->dp_config_rwlock, RW_READER);
341 if (dsl_prop_get_ds(ds, "zoned", 8, 1, &zoned, NULL)) {
342 rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock);
345 rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock);
347 return (zfs_dozonecheck_impl(dataset, zoned, cr));
351 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
355 error = zfs_dozonecheck(name, cr);
357 error = secpolicy_zfs(cr);
359 error = dsl_deleg_access(name, perm, cr);
365 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds,
366 const char *perm, cred_t *cr)
370 error = zfs_dozonecheck_ds(name, ds, cr);
372 error = secpolicy_zfs(cr);
374 error = dsl_deleg_access_impl(ds, perm, cr);
380 * Policy for setting the security label property.
382 * Returns 0 for success, non-zero for access and other errors.
385 zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr)
388 char ds_hexsl[MAXNAMELEN];
389 bslabel_t ds_sl, new_sl;
390 boolean_t new_default = FALSE;
392 int needed_priv = -1;
395 /* First get the existing dataset label. */
396 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL),
397 1, sizeof (ds_hexsl), &ds_hexsl, NULL);
401 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0)
404 /* The label must be translatable */
405 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0))
409 * In a non-global zone, disallow attempts to set a label that
410 * doesn't match that of the zone; otherwise no other checks
413 if (!INGLOBALZONE(curproc)) {
414 if (new_default || !blequal(&new_sl, CR_SL(CRED())))
420 * For global-zone datasets (i.e., those whose zoned property is
421 * "off", verify that the specified new label is valid for the
424 if (dsl_prop_get_integer(name,
425 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL))
428 if (zfs_check_global_label(name, strval) != 0)
433 * If the existing dataset label is nondefault, check if the
434 * dataset is mounted (label cannot be changed while mounted).
435 * Get the zfsvfs; if there isn't one, then the dataset isn't
436 * mounted (or isn't a dataset, doesn't exist, ...).
438 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) {
440 static char *setsl_tag = "setsl_tag";
443 * Try to own the dataset; abort if there is any error,
444 * (e.g., already mounted, in use, or other error).
446 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE,
451 dmu_objset_disown(os, setsl_tag);
454 needed_priv = PRIV_FILE_DOWNGRADE_SL;
458 if (hexstr_to_label(strval, &new_sl) != 0)
461 if (blstrictdom(&ds_sl, &new_sl))
462 needed_priv = PRIV_FILE_DOWNGRADE_SL;
463 else if (blstrictdom(&new_sl, &ds_sl))
464 needed_priv = PRIV_FILE_UPGRADE_SL;
466 /* dataset currently has a default label */
468 needed_priv = PRIV_FILE_UPGRADE_SL;
472 if (needed_priv != -1)
473 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL));
477 #endif /* HAVE_MLSLABEL */
481 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval,
487 * Check permissions for special properties.
494 * Disallow setting of 'zoned' from within a local zone.
496 if (!INGLOBALZONE(curproc))
501 if (!INGLOBALZONE(curproc)) {
503 char setpoint[MAXNAMELEN];
505 * Unprivileged users are allowed to modify the
506 * quota on things *under* (ie. contained by)
507 * the thing they own.
509 if (dsl_prop_get_integer(dsname, "zoned", &zoned,
512 if (!zoned || strlen(dsname) <= strlen(setpoint))
517 case ZFS_PROP_MLSLABEL:
518 if (!is_system_labeled())
521 if (nvpair_value_string(propval, &strval) == 0) {
524 err = zfs_set_slabel_policy(dsname, strval, CRED());
531 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr));
535 zfs_secpolicy_fsacl(zfs_cmd_t *zc, cred_t *cr)
539 error = zfs_dozonecheck(zc->zc_name, cr);
544 * permission to set permissions will be evaluated later in
545 * dsl_deleg_can_allow()
551 zfs_secpolicy_rollback(zfs_cmd_t *zc, cred_t *cr)
553 return (zfs_secpolicy_write_perms(zc->zc_name,
554 ZFS_DELEG_PERM_ROLLBACK, cr));
558 zfs_secpolicy_send(zfs_cmd_t *zc, cred_t *cr)
567 * Generate the current snapshot name from the given objsetid, then
568 * use that name for the secpolicy/zone checks.
570 cp = strchr(zc->zc_name, '@');
573 error = spa_open(zc->zc_name, &spa, FTAG);
577 dp = spa_get_dsl(spa);
578 rw_enter(&dp->dp_config_rwlock, RW_READER);
579 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
580 rw_exit(&dp->dp_config_rwlock);
581 spa_close(spa, FTAG);
585 dsl_dataset_name(ds, zc->zc_name);
587 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds,
588 ZFS_DELEG_PERM_SEND, cr);
589 dsl_dataset_rele(ds, FTAG);
595 zfs_secpolicy_deleg_share(zfs_cmd_t *zc, cred_t *cr)
600 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
601 NO_FOLLOW, NULL, &vp)) != 0)
604 /* Now make sure mntpnt and dataset are ZFS */
606 if (vp->v_vfsp->vfs_fstype != zfsfstype ||
607 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
608 zc->zc_name) != 0)) {
614 return (dsl_deleg_access(zc->zc_name,
615 ZFS_DELEG_PERM_SHARE, cr));
619 zfs_secpolicy_share(zfs_cmd_t *zc, cred_t *cr)
621 if (!INGLOBALZONE(curproc))
624 if (secpolicy_nfs(cr) == 0) {
627 return (zfs_secpolicy_deleg_share(zc, cr));
632 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, cred_t *cr)
634 if (!INGLOBALZONE(curproc))
637 if (secpolicy_smb(cr) == 0) {
640 return (zfs_secpolicy_deleg_share(zc, cr));
645 zfs_get_parent(const char *datasetname, char *parent, int parentsize)
650 * Remove the @bla or /bla from the end of the name to get the parent.
652 (void) strncpy(parent, datasetname, parentsize);
653 cp = strrchr(parent, '@');
657 cp = strrchr(parent, '/');
667 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr)
671 if ((error = zfs_secpolicy_write_perms(name,
672 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
675 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr));
679 zfs_secpolicy_destroy(zfs_cmd_t *zc, cred_t *cr)
681 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr));
685 * Destroying snapshots with delegated permissions requires
686 * descendent mount and destroy permissions.
687 * Reassemble the full filesystem@snap name so dsl_deleg_access()
688 * can do the correct permission check.
690 * Since this routine is used when doing a recursive destroy of snapshots
691 * and destroying snapshots requires descendent permissions, a successfull
692 * check of the top level snapshot applies to snapshots of all descendent
696 zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, cred_t *cr)
701 dsname = kmem_asprintf("%s@%s", zc->zc_name, zc->zc_value);
703 error = zfs_secpolicy_destroy_perms(dsname, cr);
710 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr)
712 char parentname[MAXNAMELEN];
715 if ((error = zfs_secpolicy_write_perms(from,
716 ZFS_DELEG_PERM_RENAME, cr)) != 0)
719 if ((error = zfs_secpolicy_write_perms(from,
720 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
723 if ((error = zfs_get_parent(to, parentname,
724 sizeof (parentname))) != 0)
727 if ((error = zfs_secpolicy_write_perms(parentname,
728 ZFS_DELEG_PERM_CREATE, cr)) != 0)
731 if ((error = zfs_secpolicy_write_perms(parentname,
732 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
739 zfs_secpolicy_rename(zfs_cmd_t *zc, cred_t *cr)
741 return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr));
745 zfs_secpolicy_promote(zfs_cmd_t *zc, cred_t *cr)
747 char parentname[MAXNAMELEN];
751 error = zfs_secpolicy_write_perms(zc->zc_name,
752 ZFS_DELEG_PERM_PROMOTE, cr);
756 error = dmu_objset_hold(zc->zc_name, FTAG, &clone);
759 dsl_dataset_t *pclone = NULL;
761 dd = clone->os_dsl_dataset->ds_dir;
763 rw_enter(&dd->dd_pool->dp_config_rwlock, RW_READER);
764 error = dsl_dataset_hold_obj(dd->dd_pool,
765 dd->dd_phys->dd_origin_obj, FTAG, &pclone);
766 rw_exit(&dd->dd_pool->dp_config_rwlock);
768 dmu_objset_rele(clone, FTAG);
772 error = zfs_secpolicy_write_perms(zc->zc_name,
773 ZFS_DELEG_PERM_MOUNT, cr);
775 dsl_dataset_name(pclone, parentname);
776 dmu_objset_rele(clone, FTAG);
777 dsl_dataset_rele(pclone, FTAG);
779 error = zfs_secpolicy_write_perms(parentname,
780 ZFS_DELEG_PERM_PROMOTE, cr);
786 zfs_secpolicy_receive(zfs_cmd_t *zc, cred_t *cr)
790 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
791 ZFS_DELEG_PERM_RECEIVE, cr)) != 0)
794 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
795 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
798 return (zfs_secpolicy_write_perms(zc->zc_name,
799 ZFS_DELEG_PERM_CREATE, cr));
803 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr)
805 return (zfs_secpolicy_write_perms(name,
806 ZFS_DELEG_PERM_SNAPSHOT, cr));
810 zfs_secpolicy_snapshot(zfs_cmd_t *zc, cred_t *cr)
813 return (zfs_secpolicy_snapshot_perms(zc->zc_name, cr));
817 zfs_secpolicy_create(zfs_cmd_t *zc, cred_t *cr)
819 char parentname[MAXNAMELEN];
822 if ((error = zfs_get_parent(zc->zc_name, parentname,
823 sizeof (parentname))) != 0)
826 if (zc->zc_value[0] != '\0') {
827 if ((error = zfs_secpolicy_write_perms(zc->zc_value,
828 ZFS_DELEG_PERM_CLONE, cr)) != 0)
832 if ((error = zfs_secpolicy_write_perms(parentname,
833 ZFS_DELEG_PERM_CREATE, cr)) != 0)
836 error = zfs_secpolicy_write_perms(parentname,
837 ZFS_DELEG_PERM_MOUNT, cr);
843 zfs_secpolicy_umount(zfs_cmd_t *zc, cred_t *cr)
847 error = secpolicy_fs_unmount(cr, NULL);
849 error = dsl_deleg_access(zc->zc_name, ZFS_DELEG_PERM_MOUNT, cr);
855 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires
856 * SYS_CONFIG privilege, which is not available in a local zone.
860 zfs_secpolicy_config(zfs_cmd_t *zc, cred_t *cr)
862 if (secpolicy_sys_config(cr, B_FALSE) != 0)
869 * Policy for object to name lookups.
873 zfs_secpolicy_diff(zfs_cmd_t *zc, cred_t *cr)
877 if ((error = secpolicy_sys_config(cr, B_FALSE)) == 0)
880 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr);
885 * Policy for fault injection. Requires all privileges.
889 zfs_secpolicy_inject(zfs_cmd_t *zc, cred_t *cr)
891 return (secpolicy_zinject(cr));
895 zfs_secpolicy_inherit(zfs_cmd_t *zc, cred_t *cr)
897 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value);
899 if (prop == ZPROP_INVAL) {
900 if (!zfs_prop_user(zc->zc_value))
902 return (zfs_secpolicy_write_perms(zc->zc_name,
903 ZFS_DELEG_PERM_USERPROP, cr));
905 return (zfs_secpolicy_setprop(zc->zc_name, prop,
911 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, cred_t *cr)
913 int err = zfs_secpolicy_read(zc, cr);
917 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
920 if (zc->zc_value[0] == 0) {
922 * They are asking about a posix uid/gid. If it's
923 * themself, allow it.
925 if (zc->zc_objset_type == ZFS_PROP_USERUSED ||
926 zc->zc_objset_type == ZFS_PROP_USERQUOTA) {
927 if (zc->zc_guid == crgetuid(cr))
930 if (groupmember(zc->zc_guid, cr))
935 return (zfs_secpolicy_write_perms(zc->zc_name,
936 userquota_perms[zc->zc_objset_type], cr));
940 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, cred_t *cr)
942 int err = zfs_secpolicy_read(zc, cr);
946 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
949 return (zfs_secpolicy_write_perms(zc->zc_name,
950 userquota_perms[zc->zc_objset_type], cr));
954 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, cred_t *cr)
956 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION,
961 zfs_secpolicy_hold(zfs_cmd_t *zc, cred_t *cr)
963 return (zfs_secpolicy_write_perms(zc->zc_name,
964 ZFS_DELEG_PERM_HOLD, cr));
968 zfs_secpolicy_release(zfs_cmd_t *zc, cred_t *cr)
970 return (zfs_secpolicy_write_perms(zc->zc_name,
971 ZFS_DELEG_PERM_RELEASE, cr));
975 * Policy for allowing temporary snapshots to be taken or released
978 zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, cred_t *cr)
981 * A temporary snapshot is the same as a snapshot,
982 * hold, destroy and release all rolled into one.
983 * Delegated diff alone is sufficient that we allow this.
987 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
988 ZFS_DELEG_PERM_DIFF, cr)) == 0)
991 error = zfs_secpolicy_snapshot(zc, cr);
993 error = zfs_secpolicy_hold(zc, cr);
995 error = zfs_secpolicy_release(zc, cr);
997 error = zfs_secpolicy_destroy(zc, cr);
1002 * Returns the nvlist as specified by the user in the zfs_cmd_t.
1005 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp)
1009 nvlist_t *list = NULL;
1012 * Read in and unpack the user-supplied nvlist.
1017 packed = kmem_alloc(size, KM_SLEEP);
1019 if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size,
1021 kmem_free(packed, size);
1025 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) {
1026 kmem_free(packed, size);
1030 kmem_free(packed, size);
1037 fit_error_list(zfs_cmd_t *zc, nvlist_t **errors)
1041 VERIFY(nvlist_size(*errors, &size, NV_ENCODE_NATIVE) == 0);
1043 if (size > zc->zc_nvlist_dst_size) {
1044 nvpair_t *more_errors;
1047 if (zc->zc_nvlist_dst_size < 1024)
1050 VERIFY(nvlist_add_int32(*errors, ZPROP_N_MORE_ERRORS, 0) == 0);
1051 more_errors = nvlist_prev_nvpair(*errors, NULL);
1054 nvpair_t *pair = nvlist_prev_nvpair(*errors,
1056 VERIFY(nvlist_remove_nvpair(*errors, pair) == 0);
1058 VERIFY(nvlist_size(*errors, &size,
1059 NV_ENCODE_NATIVE) == 0);
1060 } while (size > zc->zc_nvlist_dst_size);
1062 VERIFY(nvlist_remove_nvpair(*errors, more_errors) == 0);
1063 VERIFY(nvlist_add_int32(*errors, ZPROP_N_MORE_ERRORS, n) == 0);
1064 ASSERT(nvlist_size(*errors, &size, NV_ENCODE_NATIVE) == 0);
1065 ASSERT(size <= zc->zc_nvlist_dst_size);
1072 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl)
1074 char *packed = NULL;
1078 VERIFY(nvlist_size(nvl, &size, NV_ENCODE_NATIVE) == 0);
1080 if (size > zc->zc_nvlist_dst_size) {
1083 packed = kmem_alloc(size, KM_SLEEP);
1084 VERIFY(nvlist_pack(nvl, &packed, &size, NV_ENCODE_NATIVE,
1086 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst,
1087 size, zc->zc_iflags) != 0)
1089 kmem_free(packed, size);
1092 zc->zc_nvlist_dst_size = size;
1097 getzfsvfs(const char *dsname, zfsvfs_t **zfvp)
1102 error = dmu_objset_hold(dsname, FTAG, &os);
1105 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1106 dmu_objset_rele(os, FTAG);
1110 mutex_enter(&os->os_user_ptr_lock);
1111 *zfvp = dmu_objset_get_user(os);
1113 VFS_HOLD((*zfvp)->z_vfs);
1117 mutex_exit(&os->os_user_ptr_lock);
1118 dmu_objset_rele(os, FTAG);
1123 * Find a zfsvfs_t for a mounted filesystem, or create our own, in which
1124 * case its z_vfs will be NULL, and it will be opened as the owner.
1127 zfsvfs_hold(const char *name, void *tag, zfsvfs_t **zfvp, boolean_t writer)
1131 if (getzfsvfs(name, zfvp) != 0)
1132 error = zfsvfs_create(name, zfvp);
1134 rrw_enter(&(*zfvp)->z_teardown_lock, (writer) ? RW_WRITER :
1136 if ((*zfvp)->z_unmounted) {
1138 * XXX we could probably try again, since the unmounting
1139 * thread should be just about to disassociate the
1140 * objset from the zfsvfs.
1142 rrw_exit(&(*zfvp)->z_teardown_lock, tag);
1150 zfsvfs_rele(zfsvfs_t *zfsvfs, void *tag)
1152 rrw_exit(&zfsvfs->z_teardown_lock, tag);
1154 if (zfsvfs->z_vfs) {
1155 VFS_RELE(zfsvfs->z_vfs);
1157 dmu_objset_disown(zfsvfs->z_os, zfsvfs);
1158 zfsvfs_free(zfsvfs);
1163 zfs_ioc_pool_create(zfs_cmd_t *zc)
1166 nvlist_t *config, *props = NULL;
1167 nvlist_t *rootprops = NULL;
1168 nvlist_t *zplprops = NULL;
1171 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1172 zc->zc_iflags, &config)))
1175 if (zc->zc_nvlist_src_size != 0 && (error =
1176 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1177 zc->zc_iflags, &props))) {
1178 nvlist_free(config);
1183 nvlist_t *nvl = NULL;
1184 uint64_t version = SPA_VERSION;
1186 (void) nvlist_lookup_uint64(props,
1187 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version);
1188 if (version < SPA_VERSION_INITIAL || version > SPA_VERSION) {
1190 goto pool_props_bad;
1192 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl);
1194 error = nvlist_dup(nvl, &rootprops, KM_SLEEP);
1196 nvlist_free(config);
1200 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS);
1202 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1203 error = zfs_fill_zplprops_root(version, rootprops,
1206 goto pool_props_bad;
1209 buf = history_str_get(zc);
1211 error = spa_create(zc->zc_name, config, props, buf, zplprops);
1214 * Set the remaining root properties
1216 if (!error && (error = zfs_set_prop_nvlist(zc->zc_name,
1217 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0)
1218 (void) spa_destroy(zc->zc_name);
1221 history_str_free(buf);
1224 nvlist_free(rootprops);
1225 nvlist_free(zplprops);
1226 nvlist_free(config);
1233 zfs_ioc_pool_destroy(zfs_cmd_t *zc)
1236 zfs_log_history(zc);
1237 error = spa_destroy(zc->zc_name);
1239 zvol_remove_minors(zc->zc_name);
1244 zfs_ioc_pool_import(zfs_cmd_t *zc)
1246 nvlist_t *config, *props = NULL;
1250 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1251 zc->zc_iflags, &config)) != 0)
1254 if (zc->zc_nvlist_src_size != 0 && (error =
1255 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1256 zc->zc_iflags, &props))) {
1257 nvlist_free(config);
1261 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 ||
1262 guid != zc->zc_guid)
1265 error = spa_import(zc->zc_name, config, props, zc->zc_cookie);
1267 if (zc->zc_nvlist_dst != 0) {
1270 if ((err = put_nvlist(zc, config)) != 0)
1274 nvlist_free(config);
1283 zfs_ioc_pool_export(zfs_cmd_t *zc)
1286 boolean_t force = (boolean_t)zc->zc_cookie;
1287 boolean_t hardforce = (boolean_t)zc->zc_guid;
1289 zfs_log_history(zc);
1290 error = spa_export(zc->zc_name, NULL, force, hardforce);
1292 zvol_remove_minors(zc->zc_name);
1297 zfs_ioc_pool_configs(zfs_cmd_t *zc)
1302 if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL)
1305 error = put_nvlist(zc, configs);
1307 nvlist_free(configs);
1313 zfs_ioc_pool_stats(zfs_cmd_t *zc)
1319 error = spa_get_stats(zc->zc_name, &config, zc->zc_value,
1320 sizeof (zc->zc_value));
1322 if (config != NULL) {
1323 ret = put_nvlist(zc, config);
1324 nvlist_free(config);
1327 * The config may be present even if 'error' is non-zero.
1328 * In this case we return success, and preserve the real errno
1331 zc->zc_cookie = error;
1340 * Try to import the given pool, returning pool stats as appropriate so that
1341 * user land knows which devices are available and overall pool health.
1344 zfs_ioc_pool_tryimport(zfs_cmd_t *zc)
1346 nvlist_t *tryconfig, *config;
1349 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1350 zc->zc_iflags, &tryconfig)) != 0)
1353 config = spa_tryimport(tryconfig);
1355 nvlist_free(tryconfig);
1360 error = put_nvlist(zc, config);
1361 nvlist_free(config);
1368 * zc_name name of the pool
1369 * zc_cookie scan func (pool_scan_func_t)
1372 zfs_ioc_pool_scan(zfs_cmd_t *zc)
1377 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1380 if (zc->zc_cookie == POOL_SCAN_NONE)
1381 error = spa_scan_stop(spa);
1383 error = spa_scan(spa, zc->zc_cookie);
1385 spa_close(spa, FTAG);
1391 zfs_ioc_pool_freeze(zfs_cmd_t *zc)
1396 error = spa_open(zc->zc_name, &spa, FTAG);
1399 spa_close(spa, FTAG);
1405 zfs_ioc_pool_upgrade(zfs_cmd_t *zc)
1410 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1413 if (zc->zc_cookie < spa_version(spa) || zc->zc_cookie > SPA_VERSION) {
1414 spa_close(spa, FTAG);
1418 spa_upgrade(spa, zc->zc_cookie);
1419 spa_close(spa, FTAG);
1425 zfs_ioc_pool_get_history(zfs_cmd_t *zc)
1432 if ((size = zc->zc_history_len) == 0)
1435 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1438 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
1439 spa_close(spa, FTAG);
1443 hist_buf = kmem_alloc(size, KM_SLEEP);
1444 if ((error = spa_history_get(spa, &zc->zc_history_offset,
1445 &zc->zc_history_len, hist_buf)) == 0) {
1446 error = ddi_copyout(hist_buf,
1447 (void *)(uintptr_t)zc->zc_history,
1448 zc->zc_history_len, zc->zc_iflags);
1451 spa_close(spa, FTAG);
1452 kmem_free(hist_buf, size);
1457 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc)
1461 if ((error = dsl_dsobj_to_dsname(zc->zc_name,zc->zc_obj,zc->zc_value)))
1469 * zc_name name of filesystem
1470 * zc_obj object to find
1473 * zc_value name of object
1476 zfs_ioc_obj_to_path(zfs_cmd_t *zc)
1481 /* XXX reading from objset not owned */
1482 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0)
1484 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1485 dmu_objset_rele(os, FTAG);
1488 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value,
1489 sizeof (zc->zc_value));
1490 dmu_objset_rele(os, FTAG);
1497 * zc_name name of filesystem
1498 * zc_obj object to find
1501 * zc_stat stats on object
1502 * zc_value path to object
1505 zfs_ioc_obj_to_stats(zfs_cmd_t *zc)
1510 /* XXX reading from objset not owned */
1511 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0)
1513 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1514 dmu_objset_rele(os, FTAG);
1517 error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value,
1518 sizeof (zc->zc_value));
1519 dmu_objset_rele(os, FTAG);
1525 zfs_ioc_vdev_add(zfs_cmd_t *zc)
1529 nvlist_t *config, **l2cache, **spares;
1530 uint_t nl2cache = 0, nspares = 0;
1532 error = spa_open(zc->zc_name, &spa, FTAG);
1536 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1537 zc->zc_iflags, &config);
1538 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_L2CACHE,
1539 &l2cache, &nl2cache);
1541 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_SPARES,
1545 * A root pool with concatenated devices is not supported.
1546 * Thus, can not add a device to a root pool.
1548 * Intent log device can not be added to a rootpool because
1549 * during mountroot, zil is replayed, a seperated log device
1550 * can not be accessed during the mountroot time.
1552 * l2cache and spare devices are ok to be added to a rootpool.
1554 if (spa_bootfs(spa) != 0 && nl2cache == 0 && nspares == 0) {
1555 nvlist_free(config);
1556 spa_close(spa, FTAG);
1561 error = spa_vdev_add(spa, config);
1562 nvlist_free(config);
1564 spa_close(spa, FTAG);
1570 * zc_name name of the pool
1571 * zc_nvlist_conf nvlist of devices to remove
1572 * zc_cookie to stop the remove?
1575 zfs_ioc_vdev_remove(zfs_cmd_t *zc)
1580 error = spa_open(zc->zc_name, &spa, FTAG);
1583 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE);
1584 spa_close(spa, FTAG);
1589 zfs_ioc_vdev_set_state(zfs_cmd_t *zc)
1593 vdev_state_t newstate = VDEV_STATE_UNKNOWN;
1595 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1597 switch (zc->zc_cookie) {
1598 case VDEV_STATE_ONLINE:
1599 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate);
1602 case VDEV_STATE_OFFLINE:
1603 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj);
1606 case VDEV_STATE_FAULTED:
1607 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1608 zc->zc_obj != VDEV_AUX_EXTERNAL)
1609 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1611 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj);
1614 case VDEV_STATE_DEGRADED:
1615 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1616 zc->zc_obj != VDEV_AUX_EXTERNAL)
1617 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1619 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj);
1625 zc->zc_cookie = newstate;
1626 spa_close(spa, FTAG);
1631 zfs_ioc_vdev_attach(zfs_cmd_t *zc)
1634 int replacing = zc->zc_cookie;
1638 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1641 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1642 zc->zc_iflags, &config)) == 0) {
1643 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing);
1644 nvlist_free(config);
1647 spa_close(spa, FTAG);
1652 zfs_ioc_vdev_detach(zfs_cmd_t *zc)
1657 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1660 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE);
1662 spa_close(spa, FTAG);
1667 zfs_ioc_vdev_split(zfs_cmd_t *zc)
1670 nvlist_t *config, *props = NULL;
1672 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT);
1674 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1677 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1678 zc->zc_iflags, &config))) {
1679 spa_close(spa, FTAG);
1683 if (zc->zc_nvlist_src_size != 0 && (error =
1684 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1685 zc->zc_iflags, &props))) {
1686 spa_close(spa, FTAG);
1687 nvlist_free(config);
1691 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp);
1693 spa_close(spa, FTAG);
1695 nvlist_free(config);
1702 zfs_ioc_vdev_setpath(zfs_cmd_t *zc)
1705 char *path = zc->zc_value;
1706 uint64_t guid = zc->zc_guid;
1709 error = spa_open(zc->zc_name, &spa, FTAG);
1713 error = spa_vdev_setpath(spa, guid, path);
1714 spa_close(spa, FTAG);
1719 zfs_ioc_vdev_setfru(zfs_cmd_t *zc)
1722 char *fru = zc->zc_value;
1723 uint64_t guid = zc->zc_guid;
1726 error = spa_open(zc->zc_name, &spa, FTAG);
1730 error = spa_vdev_setfru(spa, guid, fru);
1731 spa_close(spa, FTAG);
1736 zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os)
1741 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
1743 if (zc->zc_nvlist_dst != 0 &&
1744 (error = dsl_prop_get_all(os, &nv)) == 0) {
1745 dmu_objset_stats(os, nv);
1747 * NB: zvol_get_stats() will read the objset contents,
1748 * which we aren't supposed to do with a
1749 * DS_MODE_USER hold, because it could be
1750 * inconsistent. So this is a bit of a workaround...
1751 * XXX reading with out owning
1753 if (!zc->zc_objset_stats.dds_inconsistent) {
1754 if (dmu_objset_type(os) == DMU_OST_ZVOL)
1755 error = zvol_get_stats(os, nv);
1758 error = put_nvlist(zc, nv);
1767 * zc_name name of filesystem
1768 * zc_nvlist_dst_size size of buffer for property nvlist
1771 * zc_objset_stats stats
1772 * zc_nvlist_dst property nvlist
1773 * zc_nvlist_dst_size size of property nvlist
1776 zfs_ioc_objset_stats(zfs_cmd_t *zc)
1778 objset_t *os = NULL;
1781 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)))
1784 error = zfs_ioc_objset_stats_impl(zc, os);
1786 dmu_objset_rele(os, FTAG);
1793 * zc_name name of filesystem
1794 * zc_nvlist_dst_size size of buffer for property nvlist
1797 * zc_nvlist_dst received property nvlist
1798 * zc_nvlist_dst_size size of received property nvlist
1800 * Gets received properties (distinct from local properties on or after
1801 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from
1802 * local property values.
1805 zfs_ioc_objset_recvd_props(zfs_cmd_t *zc)
1807 objset_t *os = NULL;
1811 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)))
1815 * Without this check, we would return local property values if the
1816 * caller has not already received properties on or after
1817 * SPA_VERSION_RECVD_PROPS.
1819 if (!dsl_prop_get_hasrecvd(os)) {
1820 dmu_objset_rele(os, FTAG);
1824 if (zc->zc_nvlist_dst != 0 &&
1825 (error = dsl_prop_get_received(os, &nv)) == 0) {
1826 error = put_nvlist(zc, nv);
1830 dmu_objset_rele(os, FTAG);
1835 nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop)
1841 * zfs_get_zplprop() will either find a value or give us
1842 * the default value (if there is one).
1844 if ((error = zfs_get_zplprop(os, prop, &value)) != 0)
1846 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0);
1852 * zc_name name of filesystem
1853 * zc_nvlist_dst_size size of buffer for zpl property nvlist
1856 * zc_nvlist_dst zpl property nvlist
1857 * zc_nvlist_dst_size size of zpl property nvlist
1860 zfs_ioc_objset_zplprops(zfs_cmd_t *zc)
1865 /* XXX reading without owning */
1866 if ((err = dmu_objset_hold(zc->zc_name, FTAG, &os)))
1869 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
1872 * NB: nvl_add_zplprop() will read the objset contents,
1873 * which we aren't supposed to do with a DS_MODE_USER
1874 * hold, because it could be inconsistent.
1876 if (zc->zc_nvlist_dst != 0 &&
1877 !zc->zc_objset_stats.dds_inconsistent &&
1878 dmu_objset_type(os) == DMU_OST_ZFS) {
1881 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1882 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 &&
1883 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 &&
1884 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 &&
1885 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0)
1886 err = put_nvlist(zc, nv);
1891 dmu_objset_rele(os, FTAG);
1896 dataset_name_hidden(const char *name)
1899 * Skip over datasets that are not visible in this zone,
1900 * internal datasets (which have a $ in their name), and
1901 * temporary datasets (which have a % in their name).
1903 if (strchr(name, '$') != NULL)
1905 if (strchr(name, '%') != NULL)
1907 if (!INGLOBALZONE(curproc) && !zone_dataset_visible(name, NULL))
1914 * zc_name name of filesystem
1915 * zc_cookie zap cursor
1916 * zc_nvlist_dst_size size of buffer for property nvlist
1919 * zc_name name of next filesystem
1920 * zc_cookie zap cursor
1921 * zc_objset_stats stats
1922 * zc_nvlist_dst property nvlist
1923 * zc_nvlist_dst_size size of property nvlist
1926 zfs_ioc_dataset_list_next(zfs_cmd_t *zc)
1931 size_t orig_len = strlen(zc->zc_name);
1934 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os))) {
1935 if (error == ENOENT)
1940 p = strrchr(zc->zc_name, '/');
1941 if (p == NULL || p[1] != '\0')
1942 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name));
1943 p = zc->zc_name + strlen(zc->zc_name);
1946 * Pre-fetch the datasets. dmu_objset_prefetch() always returns 0
1947 * but is not declared void because its called by dmu_objset_find().
1949 if (zc->zc_cookie == 0) {
1950 uint64_t cookie = 0;
1951 int len = sizeof (zc->zc_name) - (p - zc->zc_name);
1953 while (dmu_dir_list_next(os, len, p, NULL, &cookie) == 0)
1954 (void) dmu_objset_prefetch(p, NULL);
1958 error = dmu_dir_list_next(os,
1959 sizeof (zc->zc_name) - (p - zc->zc_name), p,
1960 NULL, &zc->zc_cookie);
1961 if (error == ENOENT)
1963 } while (error == 0 && dataset_name_hidden(zc->zc_name) &&
1964 !(zc->zc_iflags & FKIOCTL));
1965 dmu_objset_rele(os, FTAG);
1968 * If it's an internal dataset (ie. with a '$' in its name),
1969 * don't try to get stats for it, otherwise we'll return ENOENT.
1971 if (error == 0 && strchr(zc->zc_name, '$') == NULL) {
1972 error = zfs_ioc_objset_stats(zc); /* fill in the stats */
1973 if (error == ENOENT) {
1974 /* We lost a race with destroy, get the next one. */
1975 zc->zc_name[orig_len] = '\0';
1984 * zc_name name of filesystem
1985 * zc_cookie zap cursor
1986 * zc_nvlist_dst_size size of buffer for property nvlist
1989 * zc_name name of next snapshot
1990 * zc_objset_stats stats
1991 * zc_nvlist_dst property nvlist
1992 * zc_nvlist_dst_size size of property nvlist
1995 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc)
2001 if (zc->zc_cookie == 0)
2002 (void) dmu_objset_find(zc->zc_name, dmu_objset_prefetch,
2003 NULL, DS_FIND_SNAPSHOTS);
2005 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2007 return (error == ENOENT ? ESRCH : error);
2010 * A dataset name of maximum length cannot have any snapshots,
2011 * so exit immediately.
2013 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >= MAXNAMELEN) {
2014 dmu_objset_rele(os, FTAG);
2018 error = dmu_snapshot_list_next(os,
2019 sizeof (zc->zc_name) - strlen(zc->zc_name),
2020 zc->zc_name + strlen(zc->zc_name), &zc->zc_obj, &zc->zc_cookie,
2025 dsl_pool_t *dp = os->os_dsl_dataset->ds_dir->dd_pool;
2028 * Since we probably don't have a hold on this snapshot,
2029 * it's possible that the objsetid could have been destroyed
2030 * and reused for a new objset. It's OK if this happens during
2031 * a zfs send operation, since the new createtxg will be
2032 * beyond the range we're interested in.
2034 rw_enter(&dp->dp_config_rwlock, RW_READER);
2035 error = dsl_dataset_hold_obj(dp, zc->zc_obj, FTAG, &ds);
2036 rw_exit(&dp->dp_config_rwlock);
2038 if (error == ENOENT) {
2039 /* Racing with destroy, get the next one. */
2040 *strchr(zc->zc_name, '@') = '\0';
2041 dmu_objset_rele(os, FTAG);
2047 error = dmu_objset_from_ds(ds, &ossnap);
2049 error = zfs_ioc_objset_stats_impl(zc, ossnap);
2050 dsl_dataset_rele(ds, FTAG);
2052 } else if (error == ENOENT) {
2056 dmu_objset_rele(os, FTAG);
2057 /* if we failed, undo the @ that we tacked on to zc_name */
2059 *strchr(zc->zc_name, '@') = '\0';
2064 zfs_prop_set_userquota(const char *dsname, nvpair_t *pair)
2066 const char *propname = nvpair_name(pair);
2068 unsigned int vallen;
2071 zfs_userquota_prop_t type;
2077 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2079 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2080 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2086 * A correctly constructed propname is encoded as
2087 * userquota@<rid>-<domain>.
2089 if ((dash = strchr(propname, '-')) == NULL ||
2090 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 ||
2099 err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE);
2101 err = zfs_set_userquota(zfsvfs, type, domain, rid, quota);
2102 zfsvfs_rele(zfsvfs, FTAG);
2109 * If the named property is one that has a special function to set its value,
2110 * return 0 on success and a positive error code on failure; otherwise if it is
2111 * not one of the special properties handled by this function, return -1.
2113 * XXX: It would be better for callers of the property interface if we handled
2114 * these special cases in dsl_prop.c (in the dsl layer).
2117 zfs_prop_set_special(const char *dsname, zprop_source_t source,
2120 const char *propname = nvpair_name(pair);
2121 zfs_prop_t prop = zfs_name_to_prop(propname);
2125 if (prop == ZPROP_INVAL) {
2126 if (zfs_prop_userquota(propname))
2127 return (zfs_prop_set_userquota(dsname, pair));
2131 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2133 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2134 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2138 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING)
2141 VERIFY(0 == nvpair_value_uint64(pair, &intval));
2144 case ZFS_PROP_QUOTA:
2145 err = dsl_dir_set_quota(dsname, source, intval);
2147 case ZFS_PROP_REFQUOTA:
2148 err = dsl_dataset_set_quota(dsname, source, intval);
2150 case ZFS_PROP_RESERVATION:
2151 err = dsl_dir_set_reservation(dsname, source, intval);
2153 case ZFS_PROP_REFRESERVATION:
2154 err = dsl_dataset_set_reservation(dsname, source, intval);
2156 case ZFS_PROP_VOLSIZE:
2157 err = zvol_set_volsize(dsname, ddi_driver_major(zfs_dip),
2160 case ZFS_PROP_VERSION:
2164 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0)
2167 err = zfs_set_version(zfsvfs, intval);
2168 zfsvfs_rele(zfsvfs, FTAG);
2170 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) {
2173 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
2174 (void) strcpy(zc->zc_name, dsname);
2175 (void) zfs_ioc_userspace_upgrade(zc);
2176 kmem_free(zc, sizeof (zfs_cmd_t));
2189 * This function is best effort. If it fails to set any of the given properties,
2190 * it continues to set as many as it can and returns the first error
2191 * encountered. If the caller provides a non-NULL errlist, it also gives the
2192 * complete list of names of all the properties it failed to set along with the
2193 * corresponding error numbers. The caller is responsible for freeing the
2196 * If every property is set successfully, zero is returned and the list pointed
2197 * at by errlist is NULL.
2200 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl,
2208 nvlist_t *genericnvl;
2212 VERIFY(nvlist_alloc(&genericnvl, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2213 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2214 VERIFY(nvlist_alloc(&retrynvl, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2218 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2219 const char *propname = nvpair_name(pair);
2220 zfs_prop_t prop = zfs_name_to_prop(propname);
2223 /* decode the property value */
2225 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2227 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2228 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2233 /* Validate value type */
2234 if (err == 0 && prop == ZPROP_INVAL) {
2235 if (zfs_prop_user(propname)) {
2236 if (nvpair_type(propval) != DATA_TYPE_STRING)
2238 } else if (zfs_prop_userquota(propname)) {
2239 if (nvpair_type(propval) !=
2240 DATA_TYPE_UINT64_ARRAY)
2243 } else if (err == 0) {
2244 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2245 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING)
2247 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) {
2250 VERIFY(nvpair_value_uint64(propval,
2253 switch (zfs_prop_get_type(prop)) {
2254 case PROP_TYPE_NUMBER:
2256 case PROP_TYPE_STRING:
2259 case PROP_TYPE_INDEX:
2260 if (zfs_prop_index_to_string(prop,
2261 intval, &unused) != 0)
2266 "unknown property type");
2273 /* Validate permissions */
2275 err = zfs_check_settable(dsname, pair, CRED());
2278 err = zfs_prop_set_special(dsname, source, pair);
2281 * For better performance we build up a list of
2282 * properties to set in a single transaction.
2284 err = nvlist_add_nvpair(genericnvl, pair);
2285 } else if (err != 0 && nvl != retrynvl) {
2287 * This may be a spurious error caused by
2288 * receiving quota and reservation out of order.
2289 * Try again in a second pass.
2291 err = nvlist_add_nvpair(retrynvl, pair);
2296 VERIFY(nvlist_add_int32(errors, propname, err) == 0);
2299 if (nvl != retrynvl && !nvlist_empty(retrynvl)) {
2304 if (!nvlist_empty(genericnvl) &&
2305 dsl_props_set(dsname, source, genericnvl) != 0) {
2307 * If this fails, we still want to set as many properties as we
2308 * can, so try setting them individually.
2311 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) {
2312 const char *propname = nvpair_name(pair);
2316 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2318 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2319 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2323 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2324 VERIFY(nvpair_value_string(propval,
2326 err = dsl_prop_set(dsname, propname, source, 1,
2327 strlen(strval) + 1, strval);
2329 VERIFY(nvpair_value_uint64(propval,
2331 err = dsl_prop_set(dsname, propname, source, 8,
2336 VERIFY(nvlist_add_int32(errors, propname,
2341 nvlist_free(genericnvl);
2342 nvlist_free(retrynvl);
2344 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
2345 nvlist_free(errors);
2348 VERIFY(nvpair_value_int32(pair, &rv) == 0);
2351 if (errlist == NULL)
2352 nvlist_free(errors);
2360 * Check that all the properties are valid user properties.
2363 zfs_check_userprops(char *fsname, nvlist_t *nvl)
2365 nvpair_t *pair = NULL;
2368 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2369 const char *propname = nvpair_name(pair);
2372 if (!zfs_prop_user(propname) ||
2373 nvpair_type(pair) != DATA_TYPE_STRING)
2376 if ((error = zfs_secpolicy_write_perms(fsname,
2377 ZFS_DELEG_PERM_USERPROP, CRED())))
2380 if (strlen(propname) >= ZAP_MAXNAMELEN)
2381 return (ENAMETOOLONG);
2383 VERIFY(nvpair_value_string(pair, &valstr) == 0);
2384 if (strlen(valstr) >= ZAP_MAXVALUELEN)
2391 props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops)
2395 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2398 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) {
2399 if (nvlist_exists(skipped, nvpair_name(pair)))
2402 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0);
2407 clear_received_props(objset_t *os, const char *fs, nvlist_t *props,
2411 nvlist_t *cleared_props = NULL;
2412 props_skip(props, skipped, &cleared_props);
2413 if (!nvlist_empty(cleared_props)) {
2415 * Acts on local properties until the dataset has received
2416 * properties at least once on or after SPA_VERSION_RECVD_PROPS.
2418 zprop_source_t flags = (ZPROP_SRC_NONE |
2419 (dsl_prop_get_hasrecvd(os) ? ZPROP_SRC_RECEIVED : 0));
2420 err = zfs_set_prop_nvlist(fs, flags, cleared_props, NULL);
2422 nvlist_free(cleared_props);
2428 * zc_name name of filesystem
2429 * zc_value name of property to set
2430 * zc_nvlist_src{_size} nvlist of properties to apply
2431 * zc_cookie received properties flag
2434 * zc_nvlist_dst{_size} error for each unapplied received property
2437 zfs_ioc_set_prop(zfs_cmd_t *zc)
2440 boolean_t received = zc->zc_cookie;
2441 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED :
2443 nvlist_t *errors = NULL;
2446 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2447 zc->zc_iflags, &nvl)) != 0)
2451 nvlist_t *origprops;
2454 if (dmu_objset_hold(zc->zc_name, FTAG, &os) == 0) {
2455 if (dsl_prop_get_received(os, &origprops) == 0) {
2456 (void) clear_received_props(os,
2457 zc->zc_name, origprops, nvl);
2458 nvlist_free(origprops);
2461 dsl_prop_set_hasrecvd(os);
2462 dmu_objset_rele(os, FTAG);
2466 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, &errors);
2468 if (zc->zc_nvlist_dst != 0 && errors != NULL) {
2469 (void) put_nvlist(zc, errors);
2472 nvlist_free(errors);
2479 * zc_name name of filesystem
2480 * zc_value name of property to inherit
2481 * zc_cookie revert to received value if TRUE
2486 zfs_ioc_inherit_prop(zfs_cmd_t *zc)
2488 const char *propname = zc->zc_value;
2489 zfs_prop_t prop = zfs_name_to_prop(propname);
2490 boolean_t received = zc->zc_cookie;
2491 zprop_source_t source = (received
2492 ? ZPROP_SRC_NONE /* revert to received value, if any */
2493 : ZPROP_SRC_INHERITED); /* explicitly inherit */
2502 * zfs_prop_set_special() expects properties in the form of an
2503 * nvpair with type info.
2505 if (prop == ZPROP_INVAL) {
2506 if (!zfs_prop_user(propname))
2509 type = PROP_TYPE_STRING;
2510 } else if (prop == ZFS_PROP_VOLSIZE ||
2511 prop == ZFS_PROP_VERSION) {
2514 type = zfs_prop_get_type(prop);
2517 VERIFY(nvlist_alloc(&dummy, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2520 case PROP_TYPE_STRING:
2521 VERIFY(0 == nvlist_add_string(dummy, propname, ""));
2523 case PROP_TYPE_NUMBER:
2524 case PROP_TYPE_INDEX:
2525 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0));
2532 pair = nvlist_next_nvpair(dummy, NULL);
2533 err = zfs_prop_set_special(zc->zc_name, source, pair);
2536 return (err); /* special property already handled */
2539 * Only check this in the non-received case. We want to allow
2540 * 'inherit -S' to revert non-inheritable properties like quota
2541 * and reservation to the received or default values even though
2542 * they are not considered inheritable.
2544 if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop))
2548 /* the property name has been validated by zfs_secpolicy_inherit() */
2549 return (dsl_prop_set(zc->zc_name, zc->zc_value, source, 0, 0, NULL));
2553 zfs_ioc_pool_set_props(zfs_cmd_t *zc)
2560 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2561 zc->zc_iflags, &props)))
2565 * If the only property is the configfile, then just do a spa_lookup()
2566 * to handle the faulted case.
2568 pair = nvlist_next_nvpair(props, NULL);
2569 if (pair != NULL && strcmp(nvpair_name(pair),
2570 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 &&
2571 nvlist_next_nvpair(props, pair) == NULL) {
2572 mutex_enter(&spa_namespace_lock);
2573 if ((spa = spa_lookup(zc->zc_name)) != NULL) {
2574 spa_configfile_set(spa, props, B_FALSE);
2575 spa_config_sync(spa, B_FALSE, B_TRUE);
2577 mutex_exit(&spa_namespace_lock);
2584 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2589 error = spa_prop_set(spa, props);
2592 spa_close(spa, FTAG);
2598 zfs_ioc_pool_get_props(zfs_cmd_t *zc)
2602 nvlist_t *nvp = NULL;
2604 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2606 * If the pool is faulted, there may be properties we can still
2607 * get (such as altroot and cachefile), so attempt to get them
2610 mutex_enter(&spa_namespace_lock);
2611 if ((spa = spa_lookup(zc->zc_name)) != NULL)
2612 error = spa_prop_get(spa, &nvp);
2613 mutex_exit(&spa_namespace_lock);
2615 error = spa_prop_get(spa, &nvp);
2616 spa_close(spa, FTAG);
2619 if (error == 0 && zc->zc_nvlist_dst != 0)
2620 error = put_nvlist(zc, nvp);
2630 * zc_name name of filesystem
2631 * zc_nvlist_src{_size} nvlist of delegated permissions
2632 * zc_perm_action allow/unallow flag
2637 zfs_ioc_set_fsacl(zfs_cmd_t *zc)
2640 nvlist_t *fsaclnv = NULL;
2642 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2643 zc->zc_iflags, &fsaclnv)) != 0)
2647 * Verify nvlist is constructed correctly
2649 if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) {
2650 nvlist_free(fsaclnv);
2655 * If we don't have PRIV_SYS_MOUNT, then validate
2656 * that user is allowed to hand out each permission in
2660 error = secpolicy_zfs(CRED());
2662 if (zc->zc_perm_action == B_FALSE) {
2663 error = dsl_deleg_can_allow(zc->zc_name,
2666 error = dsl_deleg_can_unallow(zc->zc_name,
2672 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action);
2674 nvlist_free(fsaclnv);
2680 * zc_name name of filesystem
2683 * zc_nvlist_src{_size} nvlist of delegated permissions
2686 zfs_ioc_get_fsacl(zfs_cmd_t *zc)
2691 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) {
2692 error = put_nvlist(zc, nvp);
2700 * Search the vfs list for a specified resource. Returns a pointer to it
2701 * or NULL if no suitable entry is found. The caller of this routine
2702 * is responsible for releasing the returned vfs pointer.
2705 zfs_get_vfs(const char *resource)
2708 struct vfs *vfs_found = NULL;
2710 vfs_list_read_lock();
2713 if (strcmp(refstr_value(vfsp->vfs_resource), resource) == 0) {
2718 vfsp = vfsp->vfs_next;
2719 } while (vfsp != rootvfs);
2726 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx)
2728 zfs_creat_t *zct = arg;
2730 zfs_create_fs(os, cr, zct->zct_zplprops, tx);
2733 #define ZFS_PROP_UNDEFINED ((uint64_t)-1)
2737 * createprops list of properties requested by creator
2738 * default_zplver zpl version to use if unspecified in createprops
2739 * fuids_ok fuids allowed in this version of the spa?
2740 * os parent objset pointer (NULL if root fs)
2743 * zplprops values for the zplprops we attach to the master node object
2744 * is_ci true if requested file system will be purely case-insensitive
2746 * Determine the settings for utf8only, normalization and
2747 * casesensitivity. Specific values may have been requested by the
2748 * creator and/or we can inherit values from the parent dataset. If
2749 * the file system is of too early a vintage, a creator can not
2750 * request settings for these properties, even if the requested
2751 * setting is the default value. We don't actually want to create dsl
2752 * properties for these, so remove them from the source nvlist after
2756 zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver,
2757 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops,
2758 nvlist_t *zplprops, boolean_t *is_ci)
2760 uint64_t sense = ZFS_PROP_UNDEFINED;
2761 uint64_t norm = ZFS_PROP_UNDEFINED;
2762 uint64_t u8 = ZFS_PROP_UNDEFINED;
2764 ASSERT(zplprops != NULL);
2767 * Pull out creator prop choices, if any.
2770 (void) nvlist_lookup_uint64(createprops,
2771 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver);
2772 (void) nvlist_lookup_uint64(createprops,
2773 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm);
2774 (void) nvlist_remove_all(createprops,
2775 zfs_prop_to_name(ZFS_PROP_NORMALIZE));
2776 (void) nvlist_lookup_uint64(createprops,
2777 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8);
2778 (void) nvlist_remove_all(createprops,
2779 zfs_prop_to_name(ZFS_PROP_UTF8ONLY));
2780 (void) nvlist_lookup_uint64(createprops,
2781 zfs_prop_to_name(ZFS_PROP_CASE), &sense);
2782 (void) nvlist_remove_all(createprops,
2783 zfs_prop_to_name(ZFS_PROP_CASE));
2787 * If the zpl version requested is whacky or the file system
2788 * or pool is version is too "young" to support normalization
2789 * and the creator tried to set a value for one of the props,
2792 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) ||
2793 (zplver >= ZPL_VERSION_FUID && !fuids_ok) ||
2794 (zplver >= ZPL_VERSION_SA && !sa_ok) ||
2795 (zplver < ZPL_VERSION_NORMALIZATION &&
2796 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED ||
2797 sense != ZFS_PROP_UNDEFINED)))
2801 * Put the version in the zplprops
2803 VERIFY(nvlist_add_uint64(zplprops,
2804 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0);
2806 if (norm == ZFS_PROP_UNDEFINED)
2807 VERIFY(zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm) == 0);
2808 VERIFY(nvlist_add_uint64(zplprops,
2809 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0);
2812 * If we're normalizing, names must always be valid UTF-8 strings.
2816 if (u8 == ZFS_PROP_UNDEFINED)
2817 VERIFY(zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8) == 0);
2818 VERIFY(nvlist_add_uint64(zplprops,
2819 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0);
2821 if (sense == ZFS_PROP_UNDEFINED)
2822 VERIFY(zfs_get_zplprop(os, ZFS_PROP_CASE, &sense) == 0);
2823 VERIFY(nvlist_add_uint64(zplprops,
2824 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0);
2827 *is_ci = (sense == ZFS_CASE_INSENSITIVE);
2833 zfs_fill_zplprops(const char *dataset, nvlist_t *createprops,
2834 nvlist_t *zplprops, boolean_t *is_ci)
2836 boolean_t fuids_ok, sa_ok;
2837 uint64_t zplver = ZPL_VERSION;
2838 objset_t *os = NULL;
2839 char parentname[MAXNAMELEN];
2845 (void) strlcpy(parentname, dataset, sizeof (parentname));
2846 cp = strrchr(parentname, '/');
2850 if ((error = spa_open(dataset, &spa, FTAG)) != 0)
2853 spa_vers = spa_version(spa);
2854 spa_close(spa, FTAG);
2856 zplver = zfs_zpl_version_map(spa_vers);
2857 fuids_ok = (zplver >= ZPL_VERSION_FUID);
2858 sa_ok = (zplver >= ZPL_VERSION_SA);
2861 * Open parent object set so we can inherit zplprop values.
2863 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0)
2866 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops,
2868 dmu_objset_rele(os, FTAG);
2873 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops,
2874 nvlist_t *zplprops, boolean_t *is_ci)
2878 uint64_t zplver = ZPL_VERSION;
2881 zplver = zfs_zpl_version_map(spa_vers);
2882 fuids_ok = (zplver >= ZPL_VERSION_FUID);
2883 sa_ok = (zplver >= ZPL_VERSION_SA);
2885 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok,
2886 createprops, zplprops, is_ci);
2892 * zc_objset_type type of objset to create (fs vs zvol)
2893 * zc_name name of new objset
2894 * zc_value name of snapshot to clone from (may be empty)
2895 * zc_nvlist_src{_size} nvlist of properties to apply
2900 zfs_ioc_create(zfs_cmd_t *zc)
2905 nvlist_t *nvprops = NULL;
2906 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx);
2907 dmu_objset_type_t type = zc->zc_objset_type;
2912 cbfunc = zfs_create_cb;
2916 cbfunc = zvol_create_cb;
2923 if (strchr(zc->zc_name, '@') ||
2924 strchr(zc->zc_name, '%'))
2927 if (zc->zc_nvlist_src != 0 &&
2928 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2929 zc->zc_iflags, &nvprops)) != 0)
2932 zct.zct_zplprops = NULL;
2933 zct.zct_props = nvprops;
2935 if (zc->zc_value[0] != '\0') {
2937 * We're creating a clone of an existing snapshot.
2939 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
2940 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0) {
2941 nvlist_free(nvprops);
2945 error = dmu_objset_hold(zc->zc_value, FTAG, &clone);
2947 nvlist_free(nvprops);
2951 error = dmu_objset_clone(zc->zc_name, dmu_objset_ds(clone), 0);
2952 dmu_objset_rele(clone, FTAG);
2954 nvlist_free(nvprops);
2958 boolean_t is_insensitive = B_FALSE;
2960 if (cbfunc == NULL) {
2961 nvlist_free(nvprops);
2965 if (type == DMU_OST_ZVOL) {
2966 uint64_t volsize, volblocksize;
2968 if (nvprops == NULL ||
2969 nvlist_lookup_uint64(nvprops,
2970 zfs_prop_to_name(ZFS_PROP_VOLSIZE),
2972 nvlist_free(nvprops);
2976 if ((error = nvlist_lookup_uint64(nvprops,
2977 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
2978 &volblocksize)) != 0 && error != ENOENT) {
2979 nvlist_free(nvprops);
2984 volblocksize = zfs_prop_default_numeric(
2985 ZFS_PROP_VOLBLOCKSIZE);
2987 if ((error = zvol_check_volblocksize(
2988 volblocksize)) != 0 ||
2989 (error = zvol_check_volsize(volsize,
2990 volblocksize)) != 0) {
2991 nvlist_free(nvprops);
2994 } else if (type == DMU_OST_ZFS) {
2998 * We have to have normalization and
2999 * case-folding flags correct when we do the
3000 * file system creation, so go figure them out
3003 VERIFY(nvlist_alloc(&zct.zct_zplprops,
3004 NV_UNIQUE_NAME, KM_SLEEP) == 0);
3005 error = zfs_fill_zplprops(zc->zc_name, nvprops,
3006 zct.zct_zplprops, &is_insensitive);
3008 nvlist_free(nvprops);
3009 nvlist_free(zct.zct_zplprops);
3013 error = dmu_objset_create(zc->zc_name, type,
3014 is_insensitive ? DS_FLAG_CI_DATASET : 0, cbfunc, &zct);
3015 nvlist_free(zct.zct_zplprops);
3019 * It would be nice to do this atomically.
3022 error = zfs_set_prop_nvlist(zc->zc_name, ZPROP_SRC_LOCAL,
3025 (void) dmu_objset_destroy(zc->zc_name, B_FALSE);
3027 nvlist_free(nvprops);
3033 * zc_name name of filesystem
3034 * zc_value short name of snapshot
3035 * zc_cookie recursive flag
3036 * zc_nvlist_src[_size] property list
3039 * zc_value short snapname (i.e. part after the '@')
3042 zfs_ioc_snapshot(zfs_cmd_t *zc)
3044 nvlist_t *nvprops = NULL;
3046 boolean_t recursive = zc->zc_cookie;
3048 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
3051 if (zc->zc_nvlist_src != 0 &&
3052 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
3053 zc->zc_iflags, &nvprops)) != 0)
3056 error = zfs_check_userprops(zc->zc_name, nvprops);
3060 if (!nvlist_empty(nvprops) &&
3061 zfs_earlier_version(zc->zc_name, SPA_VERSION_SNAP_PROPS)) {
3066 error = dmu_objset_snapshot(zc->zc_name, zc->zc_value, NULL,
3067 nvprops, recursive, B_FALSE, -1);
3070 nvlist_free(nvprops);
3075 zfs_unmount_snap(const char *name, void *arg)
3080 char *snapname = arg;
3081 char *fullname = kmem_asprintf("%s@%s", name, snapname);
3082 vfsp = zfs_get_vfs(fullname);
3084 } else if (strchr(name, '@')) {
3085 vfsp = zfs_get_vfs(name);
3090 * Always force the unmount for snapshots.
3092 int flag = MS_FORCE;
3095 if ((err = vn_vfswlock(vfsp->vfs_vnodecovered)) != 0) {
3100 if ((err = dounmount(vfsp, flag, kcred)) != 0)
3108 * zc_name name of filesystem
3109 * zc_value short name of snapshot
3110 * zc_defer_destroy mark for deferred destroy
3115 zfs_ioc_destroy_snaps(zfs_cmd_t *zc)
3119 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
3121 err = dmu_objset_find(zc->zc_name,
3122 zfs_unmount_snap, zc->zc_value, DS_FIND_CHILDREN);
3125 return (dmu_snapshots_destroy(zc->zc_name, zc->zc_value,
3126 zc->zc_defer_destroy));
3131 * zc_name name of dataset to destroy
3132 * zc_objset_type type of objset
3133 * zc_defer_destroy mark for deferred destroy
3138 zfs_ioc_destroy(zfs_cmd_t *zc)
3141 if (strchr(zc->zc_name, '@') && zc->zc_objset_type == DMU_OST_ZFS) {
3142 err = zfs_unmount_snap(zc->zc_name, NULL);
3147 err = dmu_objset_destroy(zc->zc_name, zc->zc_defer_destroy);
3148 if (zc->zc_objset_type == DMU_OST_ZVOL && err == 0)
3149 (void) zvol_remove_minor(zc->zc_name);
3155 * zc_name name of dataset to rollback (to most recent snapshot)
3160 zfs_ioc_rollback(zfs_cmd_t *zc)
3162 dsl_dataset_t *ds, *clone;
3167 error = dsl_dataset_hold(zc->zc_name, FTAG, &ds);
3171 /* must not be a snapshot */
3172 if (dsl_dataset_is_snapshot(ds)) {
3173 dsl_dataset_rele(ds, FTAG);
3177 /* must have a most recent snapshot */
3178 if (ds->ds_phys->ds_prev_snap_txg < TXG_INITIAL) {
3179 dsl_dataset_rele(ds, FTAG);
3184 * Create clone of most recent snapshot.
3186 clone_name = kmem_asprintf("%s/%%rollback", zc->zc_name);
3187 error = dmu_objset_clone(clone_name, ds->ds_prev, DS_FLAG_INCONSISTENT);
3191 error = dsl_dataset_own(clone_name, B_TRUE, FTAG, &clone);
3198 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) {
3199 error = zfs_suspend_fs(zfsvfs);
3203 if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) {
3204 error = dsl_dataset_clone_swap(clone, ds,
3206 dsl_dataset_disown(ds, FTAG);
3211 resume_err = zfs_resume_fs(zfsvfs, zc->zc_name);
3212 error = error ? error : resume_err;
3214 VFS_RELE(zfsvfs->z_vfs);
3216 if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) {
3217 error = dsl_dataset_clone_swap(clone, ds, B_TRUE);
3218 dsl_dataset_disown(ds, FTAG);
3226 * Destroy clone (which also closes it).
3228 (void) dsl_dataset_destroy(clone, FTAG, B_FALSE);
3231 strfree(clone_name);
3233 dsl_dataset_rele(ds, FTAG);
3239 * zc_name old name of dataset
3240 * zc_value new name of dataset
3241 * zc_cookie recursive flag (only valid for snapshots)
3246 zfs_ioc_rename(zfs_cmd_t *zc)
3248 boolean_t recursive = zc->zc_cookie & 1;
3250 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
3251 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
3252 strchr(zc->zc_value, '%'))
3256 * Unmount snapshot unless we're doing a recursive rename,
3257 * in which case the dataset code figures out which snapshots
3260 if (!recursive && strchr(zc->zc_name, '@') != NULL &&
3261 zc->zc_objset_type == DMU_OST_ZFS) {
3262 int err = zfs_unmount_snap(zc->zc_name, NULL);
3266 if (zc->zc_objset_type == DMU_OST_ZVOL)
3267 (void) zvol_remove_minor(zc->zc_name);
3268 return (dmu_objset_rename(zc->zc_name, zc->zc_value, recursive));
3272 zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr)
3274 const char *propname = nvpair_name(pair);
3275 boolean_t issnap = (strchr(dsname, '@') != NULL);
3276 zfs_prop_t prop = zfs_name_to_prop(propname);
3280 if (prop == ZPROP_INVAL) {
3281 if (zfs_prop_user(propname)) {
3282 if ((err = zfs_secpolicy_write_perms(dsname,
3283 ZFS_DELEG_PERM_USERPROP, cr)))
3288 if (!issnap && zfs_prop_userquota(propname)) {
3289 const char *perm = NULL;
3290 const char *uq_prefix =
3291 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA];
3292 const char *gq_prefix =
3293 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA];
3295 if (strncmp(propname, uq_prefix,
3296 strlen(uq_prefix)) == 0) {
3297 perm = ZFS_DELEG_PERM_USERQUOTA;
3298 } else if (strncmp(propname, gq_prefix,
3299 strlen(gq_prefix)) == 0) {
3300 perm = ZFS_DELEG_PERM_GROUPQUOTA;
3302 /* USERUSED and GROUPUSED are read-only */
3306 if ((err = zfs_secpolicy_write_perms(dsname, perm, cr)))
3317 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
3319 * dsl_prop_get_all_impl() returns properties in this
3323 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
3324 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3329 * Check that this value is valid for this pool version
3332 case ZFS_PROP_COMPRESSION:
3334 * If the user specified gzip compression, make sure
3335 * the SPA supports it. We ignore any errors here since
3336 * we'll catch them later.
3338 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
3339 nvpair_value_uint64(pair, &intval) == 0) {
3340 if (intval >= ZIO_COMPRESS_GZIP_1 &&
3341 intval <= ZIO_COMPRESS_GZIP_9 &&
3342 zfs_earlier_version(dsname,
3343 SPA_VERSION_GZIP_COMPRESSION)) {
3347 if (intval == ZIO_COMPRESS_ZLE &&
3348 zfs_earlier_version(dsname,
3349 SPA_VERSION_ZLE_COMPRESSION))
3353 * If this is a bootable dataset then
3354 * verify that the compression algorithm
3355 * is supported for booting. We must return
3356 * something other than ENOTSUP since it
3357 * implies a downrev pool version.
3359 if (zfs_is_bootfs(dsname) &&
3360 !BOOTFS_COMPRESS_VALID(intval)) {
3366 case ZFS_PROP_COPIES:
3367 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS))
3371 case ZFS_PROP_DEDUP:
3372 if (zfs_earlier_version(dsname, SPA_VERSION_DEDUP))
3376 case ZFS_PROP_SHARESMB:
3377 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID))
3381 case ZFS_PROP_ACLINHERIT:
3382 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
3383 nvpair_value_uint64(pair, &intval) == 0) {
3384 if (intval == ZFS_ACL_PASSTHROUGH_X &&
3385 zfs_earlier_version(dsname,
3386 SPA_VERSION_PASSTHROUGH_X))
3394 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED()));
3398 * Removes properties from the given props list that fail permission checks
3399 * needed to clear them and to restore them in case of a receive error. For each
3400 * property, make sure we have both set and inherit permissions.
3402 * Returns the first error encountered if any permission checks fail. If the
3403 * caller provides a non-NULL errlist, it also gives the complete list of names
3404 * of all the properties that failed a permission check along with the
3405 * corresponding error numbers. The caller is responsible for freeing the
3408 * If every property checks out successfully, zero is returned and the list
3409 * pointed at by errlist is NULL.
3412 zfs_check_clearable(char *dataset, nvlist_t *props, nvlist_t **errlist)
3415 nvpair_t *pair, *next_pair;
3422 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
3424 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP);
3425 (void) strcpy(zc->zc_name, dataset);
3426 pair = nvlist_next_nvpair(props, NULL);
3427 while (pair != NULL) {
3428 next_pair = nvlist_next_nvpair(props, pair);
3430 (void) strcpy(zc->zc_value, nvpair_name(pair));
3431 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 ||
3432 (err = zfs_secpolicy_inherit(zc, CRED())) != 0) {
3433 VERIFY(nvlist_remove_nvpair(props, pair) == 0);
3434 VERIFY(nvlist_add_int32(errors,
3435 zc->zc_value, err) == 0);
3439 kmem_free(zc, sizeof (zfs_cmd_t));
3441 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
3442 nvlist_free(errors);
3445 VERIFY(nvpair_value_int32(pair, &rv) == 0);
3448 if (errlist == NULL)
3449 nvlist_free(errors);
3457 propval_equals(nvpair_t *p1, nvpair_t *p2)
3459 if (nvpair_type(p1) == DATA_TYPE_NVLIST) {
3460 /* dsl_prop_get_all_impl() format */
3462 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0);
3463 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3467 if (nvpair_type(p2) == DATA_TYPE_NVLIST) {
3469 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0);
3470 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3474 if (nvpair_type(p1) != nvpair_type(p2))
3477 if (nvpair_type(p1) == DATA_TYPE_STRING) {
3478 char *valstr1, *valstr2;
3480 VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0);
3481 VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0);
3482 return (strcmp(valstr1, valstr2) == 0);
3484 uint64_t intval1, intval2;
3486 VERIFY(nvpair_value_uint64(p1, &intval1) == 0);
3487 VERIFY(nvpair_value_uint64(p2, &intval2) == 0);
3488 return (intval1 == intval2);
3493 * Remove properties from props if they are not going to change (as determined
3494 * by comparison with origprops). Remove them from origprops as well, since we
3495 * do not need to clear or restore properties that won't change.
3498 props_reduce(nvlist_t *props, nvlist_t *origprops)
3500 nvpair_t *pair, *next_pair;
3502 if (origprops == NULL)
3503 return; /* all props need to be received */
3505 pair = nvlist_next_nvpair(props, NULL);
3506 while (pair != NULL) {
3507 const char *propname = nvpair_name(pair);
3510 next_pair = nvlist_next_nvpair(props, pair);
3512 if ((nvlist_lookup_nvpair(origprops, propname,
3513 &match) != 0) || !propval_equals(pair, match))
3514 goto next; /* need to set received value */
3516 /* don't clear the existing received value */
3517 (void) nvlist_remove_nvpair(origprops, match);
3518 /* don't bother receiving the property */
3519 (void) nvlist_remove_nvpair(props, pair);
3526 static boolean_t zfs_ioc_recv_inject_err;
3531 * zc_name name of containing filesystem
3532 * zc_nvlist_src{_size} nvlist of properties to apply
3533 * zc_value name of snapshot to create
3534 * zc_string name of clone origin (if DRR_FLAG_CLONE)
3535 * zc_cookie file descriptor to recv from
3536 * zc_begin_record the BEGIN record of the stream (not byteswapped)
3537 * zc_guid force flag
3538 * zc_cleanup_fd cleanup-on-exit file descriptor
3539 * zc_action_handle handle for this guid/ds mapping (or zero on first call)
3542 * zc_cookie number of bytes read
3543 * zc_nvlist_dst{_size} error for each unapplied received property
3544 * zc_obj zprop_errflags_t
3545 * zc_action_handle handle for this guid/ds mapping
3548 zfs_ioc_recv(zfs_cmd_t *zc)
3552 dmu_recv_cookie_t drc;
3553 boolean_t force = (boolean_t)zc->zc_guid;
3556 int props_error = 0;
3559 nvlist_t *props = NULL; /* sent properties */
3560 nvlist_t *origprops = NULL; /* existing properties */
3561 objset_t *origin = NULL;
3563 char tofs[ZFS_MAXNAMELEN];
3564 boolean_t first_recvd_props = B_FALSE;
3566 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
3567 strchr(zc->zc_value, '@') == NULL ||
3568 strchr(zc->zc_value, '%'))
3571 (void) strcpy(tofs, zc->zc_value);
3572 tosnap = strchr(tofs, '@');
3575 if (zc->zc_nvlist_src != 0 &&
3576 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
3577 zc->zc_iflags, &props)) != 0)
3587 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
3589 if (props && dmu_objset_hold(tofs, FTAG, &os) == 0) {
3590 if ((spa_version(os->os_spa) >= SPA_VERSION_RECVD_PROPS) &&
3591 !dsl_prop_get_hasrecvd(os)) {
3592 first_recvd_props = B_TRUE;
3596 * If new received properties are supplied, they are to
3597 * completely replace the existing received properties, so stash
3598 * away the existing ones.
3600 if (dsl_prop_get_received(os, &origprops) == 0) {
3601 nvlist_t *errlist = NULL;
3603 * Don't bother writing a property if its value won't
3604 * change (and avoid the unnecessary security checks).
3606 * The first receive after SPA_VERSION_RECVD_PROPS is a
3607 * special case where we blow away all local properties
3610 if (!first_recvd_props)
3611 props_reduce(props, origprops);
3612 if (zfs_check_clearable(tofs, origprops,
3614 (void) nvlist_merge(errors, errlist, 0);
3615 nvlist_free(errlist);
3618 dmu_objset_rele(os, FTAG);
3621 if (zc->zc_string[0]) {
3622 error = dmu_objset_hold(zc->zc_string, FTAG, &origin);
3627 error = dmu_recv_begin(tofs, tosnap, zc->zc_top_ds,
3628 &zc->zc_begin_record, force, origin, &drc);
3630 dmu_objset_rele(origin, FTAG);
3635 * Set properties before we receive the stream so that they are applied
3636 * to the new data. Note that we must call dmu_recv_stream() if
3637 * dmu_recv_begin() succeeds.
3642 if (dmu_objset_from_ds(drc.drc_logical_ds, &os) == 0) {
3643 if (drc.drc_newfs) {
3644 if (spa_version(os->os_spa) >=
3645 SPA_VERSION_RECVD_PROPS)
3646 first_recvd_props = B_TRUE;
3647 } else if (origprops != NULL) {
3648 if (clear_received_props(os, tofs, origprops,
3649 first_recvd_props ? NULL : props) != 0)
3650 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3652 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3654 dsl_prop_set_hasrecvd(os);
3655 } else if (!drc.drc_newfs) {
3656 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3659 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
3661 (void) nvlist_merge(errors, errlist, 0);
3662 nvlist_free(errlist);
3665 if (fit_error_list(zc, &errors) != 0 || put_nvlist(zc, errors) != 0) {
3667 * Caller made zc->zc_nvlist_dst less than the minimum expected
3668 * size or supplied an invalid address.
3670 props_error = EINVAL;
3674 error = dmu_recv_stream(&drc, fp->f_vnode, &off, zc->zc_cleanup_fd,
3675 &zc->zc_action_handle);
3678 zfsvfs_t *zfsvfs = NULL;
3680 if (getzfsvfs(tofs, &zfsvfs) == 0) {
3684 error = zfs_suspend_fs(zfsvfs);
3686 * If the suspend fails, then the recv_end will
3687 * likely also fail, and clean up after itself.
3689 end_err = dmu_recv_end(&drc);
3691 error = zfs_resume_fs(zfsvfs, tofs);
3692 error = error ? error : end_err;
3693 VFS_RELE(zfsvfs->z_vfs);
3695 error = dmu_recv_end(&drc);
3699 zc->zc_cookie = off - fp->f_offset;
3700 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
3704 if (zfs_ioc_recv_inject_err) {
3705 zfs_ioc_recv_inject_err = B_FALSE;
3710 * On error, restore the original props.
3712 if (error && props) {
3713 if (dmu_objset_hold(tofs, FTAG, &os) == 0) {
3714 if (clear_received_props(os, tofs, props, NULL) != 0) {
3716 * We failed to clear the received properties.
3717 * Since we may have left a $recvd value on the
3718 * system, we can't clear the $hasrecvd flag.
3720 zc->zc_obj |= ZPROP_ERR_NORESTORE;
3721 } else if (first_recvd_props) {
3722 dsl_prop_unset_hasrecvd(os);
3724 dmu_objset_rele(os, FTAG);
3725 } else if (!drc.drc_newfs) {
3726 /* We failed to clear the received properties. */
3727 zc->zc_obj |= ZPROP_ERR_NORESTORE;
3730 if (origprops == NULL && !drc.drc_newfs) {
3731 /* We failed to stash the original properties. */
3732 zc->zc_obj |= ZPROP_ERR_NORESTORE;
3736 * dsl_props_set() will not convert RECEIVED to LOCAL on or
3737 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL
3738 * explictly if we're restoring local properties cleared in the
3739 * first new-style receive.
3741 if (origprops != NULL &&
3742 zfs_set_prop_nvlist(tofs, (first_recvd_props ?
3743 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED),
3744 origprops, NULL) != 0) {
3746 * We stashed the original properties but failed to
3749 zc->zc_obj |= ZPROP_ERR_NORESTORE;
3754 nvlist_free(origprops);
3755 nvlist_free(errors);
3759 error = props_error;
3766 * zc_name name of snapshot to send
3767 * zc_cookie file descriptor to send stream to
3768 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj)
3769 * zc_sendobj objsetid of snapshot to send
3770 * zc_fromobj objsetid of incremental fromsnap (may be zero)
3775 zfs_ioc_send(zfs_cmd_t *zc)
3777 objset_t *fromsnap = NULL;
3783 dsl_dataset_t *dsfrom = NULL;
3787 error = spa_open(zc->zc_name, &spa, FTAG);
3791 dp = spa_get_dsl(spa);
3792 rw_enter(&dp->dp_config_rwlock, RW_READER);
3793 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
3794 rw_exit(&dp->dp_config_rwlock);
3796 spa_close(spa, FTAG);
3800 error = dmu_objset_from_ds(ds, &tosnap);
3802 dsl_dataset_rele(ds, FTAG);
3803 spa_close(spa, FTAG);
3807 if (zc->zc_fromobj != 0) {
3808 rw_enter(&dp->dp_config_rwlock, RW_READER);
3809 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj, FTAG, &dsfrom);
3810 rw_exit(&dp->dp_config_rwlock);
3811 spa_close(spa, FTAG);
3813 dsl_dataset_rele(ds, FTAG);
3816 error = dmu_objset_from_ds(dsfrom, &fromsnap);
3818 dsl_dataset_rele(dsfrom, FTAG);
3819 dsl_dataset_rele(ds, FTAG);
3823 spa_close(spa, FTAG);
3826 fp = getf(zc->zc_cookie);
3828 dsl_dataset_rele(ds, FTAG);
3830 dsl_dataset_rele(dsfrom, FTAG);
3835 error = dmu_sendbackup(tosnap, fromsnap, zc->zc_obj, fp->f_vnode, &off);
3837 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
3839 releasef(zc->zc_cookie);
3841 dsl_dataset_rele(dsfrom, FTAG);
3842 dsl_dataset_rele(ds, FTAG);
3847 zfs_ioc_inject_fault(zfs_cmd_t *zc)
3851 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id,
3852 &zc->zc_inject_record);
3855 zc->zc_guid = (uint64_t)id;
3861 zfs_ioc_clear_fault(zfs_cmd_t *zc)
3863 return (zio_clear_fault((int)zc->zc_guid));
3867 zfs_ioc_inject_list_next(zfs_cmd_t *zc)
3869 int id = (int)zc->zc_guid;
3872 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name),
3873 &zc->zc_inject_record);
3881 zfs_ioc_error_log(zfs_cmd_t *zc)
3885 size_t count = (size_t)zc->zc_nvlist_dst_size;
3887 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
3890 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst,
3893 zc->zc_nvlist_dst_size = count;
3895 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa);
3897 spa_close(spa, FTAG);
3903 zfs_ioc_clear(zfs_cmd_t *zc)
3910 * On zpool clear we also fix up missing slogs
3912 mutex_enter(&spa_namespace_lock);
3913 spa = spa_lookup(zc->zc_name);
3915 mutex_exit(&spa_namespace_lock);
3918 if (spa_get_log_state(spa) == SPA_LOG_MISSING) {
3919 /* we need to let spa_open/spa_load clear the chains */
3920 spa_set_log_state(spa, SPA_LOG_CLEAR);
3922 spa->spa_last_open_failed = 0;
3923 mutex_exit(&spa_namespace_lock);
3925 if (zc->zc_cookie & ZPOOL_NO_REWIND) {
3926 error = spa_open(zc->zc_name, &spa, FTAG);
3929 nvlist_t *config = NULL;
3931 if (zc->zc_nvlist_src == 0)
3934 if ((error = get_nvlist(zc->zc_nvlist_src,
3935 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) {
3936 error = spa_open_rewind(zc->zc_name, &spa, FTAG,
3938 if (config != NULL) {
3941 if ((err = put_nvlist(zc, config)) != 0)
3943 nvlist_free(config);
3945 nvlist_free(policy);
3952 spa_vdev_state_enter(spa, SCL_NONE);
3954 if (zc->zc_guid == 0) {
3957 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE);
3959 (void) spa_vdev_state_exit(spa, NULL, ENODEV);
3960 spa_close(spa, FTAG);
3965 vdev_clear(spa, vd);
3967 (void) spa_vdev_state_exit(spa, NULL, 0);
3970 * Resume any suspended I/Os.
3972 if (zio_resume(spa) != 0)
3975 spa_close(spa, FTAG);
3982 * zc_name name of filesystem
3983 * zc_value name of origin snapshot
3986 * zc_string name of conflicting snapshot, if there is one
3989 zfs_ioc_promote(zfs_cmd_t *zc)
3994 * We don't need to unmount *all* the origin fs's snapshots, but
3997 cp = strchr(zc->zc_value, '@');
4000 (void) dmu_objset_find(zc->zc_value,
4001 zfs_unmount_snap, NULL, DS_FIND_SNAPSHOTS);
4002 return (dsl_dataset_promote(zc->zc_name, zc->zc_string));
4006 * Retrieve a single {user|group}{used|quota}@... property.
4009 * zc_name name of filesystem
4010 * zc_objset_type zfs_userquota_prop_t
4011 * zc_value domain name (eg. "S-1-234-567-89")
4012 * zc_guid RID/UID/GID
4015 * zc_cookie property value
4018 zfs_ioc_userspace_one(zfs_cmd_t *zc)
4023 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
4026 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
4030 error = zfs_userspace_one(zfsvfs,
4031 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie);
4032 zfsvfs_rele(zfsvfs, FTAG);
4039 * zc_name name of filesystem
4040 * zc_cookie zap cursor
4041 * zc_objset_type zfs_userquota_prop_t
4042 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist)
4045 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t)
4046 * zc_cookie zap cursor
4049 zfs_ioc_userspace_many(zfs_cmd_t *zc)
4052 int bufsize = zc->zc_nvlist_dst_size;
4057 int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
4061 void *buf = kmem_alloc(bufsize, KM_SLEEP);
4063 error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie,
4064 buf, &zc->zc_nvlist_dst_size);
4067 error = xcopyout(buf,
4068 (void *)(uintptr_t)zc->zc_nvlist_dst,
4069 zc->zc_nvlist_dst_size);
4071 kmem_free(buf, bufsize);
4072 zfsvfs_rele(zfsvfs, FTAG);
4079 * zc_name name of filesystem
4085 zfs_ioc_userspace_upgrade(zfs_cmd_t *zc)
4091 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) {
4092 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) {
4094 * If userused is not enabled, it may be because the
4095 * objset needs to be closed & reopened (to grow the
4096 * objset_phys_t). Suspend/resume the fs will do that.
4098 error = zfs_suspend_fs(zfsvfs);
4100 error = zfs_resume_fs(zfsvfs, zc->zc_name);
4103 error = dmu_objset_userspace_upgrade(zfsvfs->z_os);
4104 VFS_RELE(zfsvfs->z_vfs);
4106 /* XXX kind of reading contents without owning */
4107 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
4111 error = dmu_objset_userspace_upgrade(os);
4112 dmu_objset_rele(os, FTAG);
4119 * We don't want to have a hard dependency
4120 * against some special symbols in sharefs
4121 * nfs, and smbsrv. Determine them if needed when
4122 * the first file system is shared.
4123 * Neither sharefs, nfs or smbsrv are unloadable modules.
4125 int (*znfsexport_fs)(void *arg);
4126 int (*zshare_fs)(enum sharefs_sys_op, share_t *, uint32_t);
4127 int (*zsmbexport_fs)(void *arg, boolean_t add_share);
4129 int zfs_nfsshare_inited;
4130 int zfs_smbshare_inited;
4132 ddi_modhandle_t nfs_mod;
4133 ddi_modhandle_t sharefs_mod;
4134 ddi_modhandle_t smbsrv_mod;
4135 kmutex_t zfs_share_lock;
4142 ASSERT(MUTEX_HELD(&zfs_share_lock));
4143 /* Both NFS and SMB shares also require sharetab support. */
4144 if (sharefs_mod == NULL && ((sharefs_mod =
4145 ddi_modopen("fs/sharefs",
4146 KRTLD_MODE_FIRST, &error)) == NULL)) {
4149 if (zshare_fs == NULL && ((zshare_fs =
4150 (int (*)(enum sharefs_sys_op, share_t *, uint32_t))
4151 ddi_modsym(sharefs_mod, "sharefs_impl", &error)) == NULL)) {
4158 zfs_ioc_share(zfs_cmd_t *zc)
4163 switch (zc->zc_share.z_sharetype) {
4165 case ZFS_UNSHARE_NFS:
4166 if (zfs_nfsshare_inited == 0) {
4167 mutex_enter(&zfs_share_lock);
4168 if (nfs_mod == NULL && ((nfs_mod = ddi_modopen("fs/nfs",
4169 KRTLD_MODE_FIRST, &error)) == NULL)) {
4170 mutex_exit(&zfs_share_lock);
4173 if (znfsexport_fs == NULL &&
4174 ((znfsexport_fs = (int (*)(void *))
4176 "nfs_export", &error)) == NULL)) {
4177 mutex_exit(&zfs_share_lock);
4180 error = zfs_init_sharefs();
4182 mutex_exit(&zfs_share_lock);
4185 zfs_nfsshare_inited = 1;
4186 mutex_exit(&zfs_share_lock);
4190 case ZFS_UNSHARE_SMB:
4191 if (zfs_smbshare_inited == 0) {
4192 mutex_enter(&zfs_share_lock);
4193 if (smbsrv_mod == NULL && ((smbsrv_mod =
4194 ddi_modopen("drv/smbsrv",
4195 KRTLD_MODE_FIRST, &error)) == NULL)) {
4196 mutex_exit(&zfs_share_lock);
4199 if (zsmbexport_fs == NULL && ((zsmbexport_fs =
4200 (int (*)(void *, boolean_t))ddi_modsym(smbsrv_mod,
4201 "smb_server_share", &error)) == NULL)) {
4202 mutex_exit(&zfs_share_lock);
4205 error = zfs_init_sharefs();
4207 mutex_exit(&zfs_share_lock);
4210 zfs_smbshare_inited = 1;
4211 mutex_exit(&zfs_share_lock);
4218 switch (zc->zc_share.z_sharetype) {
4220 case ZFS_UNSHARE_NFS:
4222 znfsexport_fs((void *)
4223 (uintptr_t)zc->zc_share.z_exportdata))
4227 case ZFS_UNSHARE_SMB:
4228 if (error = zsmbexport_fs((void *)
4229 (uintptr_t)zc->zc_share.z_exportdata,
4230 zc->zc_share.z_sharetype == ZFS_SHARE_SMB ?
4237 opcode = (zc->zc_share.z_sharetype == ZFS_SHARE_NFS ||
4238 zc->zc_share.z_sharetype == ZFS_SHARE_SMB) ?
4239 SHAREFS_ADD : SHAREFS_REMOVE;
4242 * Add or remove share from sharetab
4244 error = zshare_fs(opcode,
4245 (void *)(uintptr_t)zc->zc_share.z_sharedata,
4246 zc->zc_share.z_sharemax);
4252 ace_t full_access[] = {
4253 {(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0}
4258 * zc_name name of containing filesystem
4259 * zc_obj object # beyond which we want next in-use object #
4262 * zc_obj next in-use object #
4265 zfs_ioc_next_obj(zfs_cmd_t *zc)
4267 objset_t *os = NULL;
4270 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
4274 error = dmu_object_next(os, &zc->zc_obj, B_FALSE,
4275 os->os_dsl_dataset->ds_phys->ds_prev_snap_txg);
4277 dmu_objset_rele(os, FTAG);
4283 * zc_name name of filesystem
4284 * zc_value prefix name for snapshot
4285 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process
4290 zfs_ioc_tmp_snapshot(zfs_cmd_t *zc)
4295 snap_name = kmem_asprintf("%s-%016llx", zc->zc_value,
4296 (u_longlong_t)ddi_get_lbolt64());
4298 if (strlen(snap_name) >= MAXNAMELEN) {
4303 error = dmu_objset_snapshot(zc->zc_name, snap_name, snap_name,
4304 NULL, B_FALSE, B_TRUE, zc->zc_cleanup_fd);
4310 (void) strcpy(zc->zc_value, snap_name);
4317 * zc_name name of "to" snapshot
4318 * zc_value name of "from" snapshot
4319 * zc_cookie file descriptor to write diff data on
4322 * dmu_diff_record_t's to the file descriptor
4325 zfs_ioc_diff(zfs_cmd_t *zc)
4333 error = dmu_objset_hold(zc->zc_name, FTAG, &tosnap);
4337 error = dmu_objset_hold(zc->zc_value, FTAG, &fromsnap);
4339 dmu_objset_rele(tosnap, FTAG);
4343 fp = getf(zc->zc_cookie);
4345 dmu_objset_rele(fromsnap, FTAG);
4346 dmu_objset_rele(tosnap, FTAG);
4352 error = dmu_diff(tosnap, fromsnap, fp->f_vnode, &off);
4354 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
4356 releasef(zc->zc_cookie);
4358 dmu_objset_rele(fromsnap, FTAG);
4359 dmu_objset_rele(tosnap, FTAG);
4364 * Remove all ACL files in shares dir
4367 zfs_smb_acl_purge(znode_t *dzp)
4370 zap_attribute_t zap;
4371 zfsvfs_t *zfsvfs = dzp->z_zfsvfs;
4374 for (zap_cursor_init(&zc, zfsvfs->z_os, dzp->z_id);
4375 (error = zap_cursor_retrieve(&zc, &zap)) == 0;
4376 zap_cursor_advance(&zc)) {
4377 if ((error = VOP_REMOVE(ZTOV(dzp), zap.za_name, kcred,
4381 zap_cursor_fini(&zc);
4386 zfs_ioc_smb_acl(zfs_cmd_t *zc)
4390 vnode_t *resourcevp = NULL;
4399 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
4400 NO_FOLLOW, NULL, &vp)) != 0)
4403 /* Now make sure mntpnt and dataset are ZFS */
4405 if (vp->v_vfsp->vfs_fstype != zfsfstype ||
4406 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
4407 zc->zc_name) != 0)) {
4413 zfsvfs = dzp->z_zfsvfs;
4417 * Create share dir if its missing.
4419 mutex_enter(&zfsvfs->z_lock);
4420 if (zfsvfs->z_shares_dir == 0) {
4423 tx = dmu_tx_create(zfsvfs->z_os);
4424 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, TRUE,
4426 dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL);
4427 error = dmu_tx_assign(tx, TXG_WAIT);
4431 error = zfs_create_share_dir(zfsvfs, tx);
4435 mutex_exit(&zfsvfs->z_lock);
4441 mutex_exit(&zfsvfs->z_lock);
4443 ASSERT(zfsvfs->z_shares_dir);
4444 if ((error = zfs_zget(zfsvfs, zfsvfs->z_shares_dir, &sharedir)) != 0) {
4450 switch (zc->zc_cookie) {
4451 case ZFS_SMB_ACL_ADD:
4452 vattr.va_mask = AT_MODE|AT_UID|AT_GID|AT_TYPE;
4453 vattr.va_type = VREG;
4454 vattr.va_mode = S_IFREG|0777;
4458 vsec.vsa_mask = VSA_ACE;
4459 vsec.vsa_aclentp = &full_access;
4460 vsec.vsa_aclentsz = sizeof (full_access);
4461 vsec.vsa_aclcnt = 1;
4463 error = VOP_CREATE(ZTOV(sharedir), zc->zc_string,
4464 &vattr, EXCL, 0, &resourcevp, kcred, 0, NULL, &vsec);
4466 VN_RELE(resourcevp);
4469 case ZFS_SMB_ACL_REMOVE:
4470 error = VOP_REMOVE(ZTOV(sharedir), zc->zc_string, kcred,
4474 case ZFS_SMB_ACL_RENAME:
4475 if ((error = get_nvlist(zc->zc_nvlist_src,
4476 zc->zc_nvlist_src_size, zc->zc_iflags, &nvlist)) != 0) {
4481 if (nvlist_lookup_string(nvlist, ZFS_SMB_ACL_SRC, &src) ||
4482 nvlist_lookup_string(nvlist, ZFS_SMB_ACL_TARGET,
4485 VN_RELE(ZTOV(sharedir));
4487 nvlist_free(nvlist);
4490 error = VOP_RENAME(ZTOV(sharedir), src, ZTOV(sharedir), target,
4492 nvlist_free(nvlist);
4495 case ZFS_SMB_ACL_PURGE:
4496 error = zfs_smb_acl_purge(sharedir);
4505 VN_RELE(ZTOV(sharedir));
4514 * zc_name name of filesystem
4515 * zc_value short name of snap
4516 * zc_string user-supplied tag for this hold
4517 * zc_cookie recursive flag
4518 * zc_temphold set if hold is temporary
4519 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process
4520 * zc_sendobj if non-zero, the objid for zc_name@zc_value
4521 * zc_createtxg if zc_sendobj is non-zero, snap must have zc_createtxg
4526 zfs_ioc_hold(zfs_cmd_t *zc)
4528 boolean_t recursive = zc->zc_cookie;
4535 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
4538 if (zc->zc_sendobj == 0) {
4539 return (dsl_dataset_user_hold(zc->zc_name, zc->zc_value,
4540 zc->zc_string, recursive, zc->zc_temphold,
4541 zc->zc_cleanup_fd));
4547 error = spa_open(zc->zc_name, &spa, FTAG);
4551 dp = spa_get_dsl(spa);
4552 rw_enter(&dp->dp_config_rwlock, RW_READER);
4553 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
4554 rw_exit(&dp->dp_config_rwlock);
4555 spa_close(spa, FTAG);
4560 * Until we have a hold on this snapshot, it's possible that
4561 * zc_sendobj could've been destroyed and reused as part
4562 * of a later txg. Make sure we're looking at the right object.
4564 if (zc->zc_createtxg != ds->ds_phys->ds_creation_txg) {
4565 dsl_dataset_rele(ds, FTAG);
4569 if (zc->zc_cleanup_fd != -1 && zc->zc_temphold) {
4570 error = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor);
4572 dsl_dataset_rele(ds, FTAG);
4577 error = dsl_dataset_user_hold_for_send(ds, zc->zc_string,
4581 dsl_register_onexit_hold_cleanup(ds, zc->zc_string,
4584 zfs_onexit_fd_rele(zc->zc_cleanup_fd);
4586 dsl_dataset_rele(ds, FTAG);
4593 * zc_name name of dataset from which we're releasing a user hold
4594 * zc_value short name of snap
4595 * zc_string user-supplied tag for this hold
4596 * zc_cookie recursive flag
4601 zfs_ioc_release(zfs_cmd_t *zc)
4603 boolean_t recursive = zc->zc_cookie;
4605 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
4608 return (dsl_dataset_user_release(zc->zc_name, zc->zc_value,
4609 zc->zc_string, recursive));
4614 * zc_name name of filesystem
4617 * zc_nvlist_src{_size} nvlist of snapshot holds
4620 zfs_ioc_get_holds(zfs_cmd_t *zc)
4625 if ((error = dsl_dataset_get_holds(zc->zc_name, &nvp)) == 0) {
4626 error = put_nvlist(zc, nvp);
4635 * zc_guid flags (ZEVENT_NONBLOCK)
4638 * zc_nvlist_dst next nvlist event
4639 * zc_cookie dropped events since last get
4640 * zc_cleanup_fd cleanup-on-exit file descriptor
4643 zfs_ioc_events_next(zfs_cmd_t *zc)
4646 nvlist_t *event = NULL;
4648 uint64_t dropped = 0;
4651 error = zfs_zevent_fd_hold(zc->zc_cleanup_fd, &minor, &ze);
4656 error = zfs_zevent_next(ze, &event, &dropped);
4657 if (event != NULL) {
4658 zc->zc_cookie = dropped;
4659 error = put_nvlist(zc, event);
4663 if (zc->zc_guid & ZEVENT_NONBLOCK)
4666 if ((error == 0) || (error != ENOENT))
4669 error = zfs_zevent_wait(ze);
4674 zfs_zevent_fd_rele(zc->zc_cleanup_fd);
4681 * zc_cookie cleared events count
4684 zfs_ioc_events_clear(zfs_cmd_t *zc)
4688 zfs_zevent_drain_all(&count);
4689 zc->zc_cookie = count;
4695 * pool create, destroy, and export don't log the history as part of
4696 * zfsdev_ioctl, but rather zfs_ioc_pool_create, and zfs_ioc_pool_export
4697 * do the logging of those commands.
4699 static zfs_ioc_vec_t zfs_ioc_vec[] = {
4700 { zfs_ioc_pool_create, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4702 { zfs_ioc_pool_destroy, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4704 { zfs_ioc_pool_import, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4706 { zfs_ioc_pool_export, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4708 { zfs_ioc_pool_configs, zfs_secpolicy_none, NO_NAME, B_FALSE,
4710 { zfs_ioc_pool_stats, zfs_secpolicy_read, POOL_NAME, B_FALSE,
4712 { zfs_ioc_pool_tryimport, zfs_secpolicy_config, NO_NAME, B_FALSE,
4714 { zfs_ioc_pool_scan, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4715 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4716 { zfs_ioc_pool_freeze, zfs_secpolicy_config, NO_NAME, B_FALSE,
4717 POOL_CHECK_READONLY },
4718 { zfs_ioc_pool_upgrade, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4719 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4720 { zfs_ioc_pool_get_history, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4722 { zfs_ioc_vdev_add, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4723 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4724 { zfs_ioc_vdev_remove, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4725 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4726 { zfs_ioc_vdev_set_state, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4727 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4728 { zfs_ioc_vdev_attach, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4729 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4730 { zfs_ioc_vdev_detach, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4731 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4732 { zfs_ioc_vdev_setpath, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4733 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4734 { zfs_ioc_vdev_setfru, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4735 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4736 { zfs_ioc_objset_stats, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4737 POOL_CHECK_SUSPENDED },
4738 { zfs_ioc_objset_zplprops, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4740 { zfs_ioc_dataset_list_next, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4741 POOL_CHECK_SUSPENDED },
4742 { zfs_ioc_snapshot_list_next, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4743 POOL_CHECK_SUSPENDED },
4744 { zfs_ioc_set_prop, zfs_secpolicy_none, DATASET_NAME, B_TRUE,
4745 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4746 { zfs_ioc_create, zfs_secpolicy_create, DATASET_NAME, B_TRUE,
4747 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4748 { zfs_ioc_destroy, zfs_secpolicy_destroy, DATASET_NAME, B_TRUE,
4749 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4750 { zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME, B_TRUE,
4751 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4752 { zfs_ioc_rename, zfs_secpolicy_rename, DATASET_NAME, B_TRUE,
4753 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4754 { zfs_ioc_recv, zfs_secpolicy_receive, DATASET_NAME, B_TRUE,
4755 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4756 { zfs_ioc_send, zfs_secpolicy_send, DATASET_NAME, B_TRUE,
4758 { zfs_ioc_inject_fault, zfs_secpolicy_inject, NO_NAME, B_FALSE,
4760 { zfs_ioc_clear_fault, zfs_secpolicy_inject, NO_NAME, B_FALSE,
4762 { zfs_ioc_inject_list_next, zfs_secpolicy_inject, NO_NAME, B_FALSE,
4764 { zfs_ioc_error_log, zfs_secpolicy_inject, POOL_NAME, B_FALSE,
4766 { zfs_ioc_clear, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4768 { zfs_ioc_promote, zfs_secpolicy_promote, DATASET_NAME, B_TRUE,
4769 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4770 { zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, DATASET_NAME,
4771 B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4772 { zfs_ioc_snapshot, zfs_secpolicy_snapshot, DATASET_NAME, B_TRUE,
4773 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4774 { zfs_ioc_dsobj_to_dsname, zfs_secpolicy_diff, POOL_NAME, B_FALSE,
4776 { zfs_ioc_obj_to_path, zfs_secpolicy_diff, DATASET_NAME, B_FALSE,
4777 POOL_CHECK_SUSPENDED },
4778 { zfs_ioc_pool_set_props, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4779 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4780 { zfs_ioc_pool_get_props, zfs_secpolicy_read, POOL_NAME, B_FALSE,
4782 { zfs_ioc_set_fsacl, zfs_secpolicy_fsacl, DATASET_NAME, B_TRUE,
4783 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4784 { zfs_ioc_get_fsacl, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4786 { zfs_ioc_share, zfs_secpolicy_share, DATASET_NAME, B_FALSE,
4788 { zfs_ioc_inherit_prop, zfs_secpolicy_inherit, DATASET_NAME, B_TRUE,
4789 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4790 { zfs_ioc_smb_acl, zfs_secpolicy_smb_acl, DATASET_NAME, B_FALSE,
4792 { zfs_ioc_userspace_one, zfs_secpolicy_userspace_one, DATASET_NAME,
4793 B_FALSE, POOL_CHECK_NONE },
4794 { zfs_ioc_userspace_many, zfs_secpolicy_userspace_many, DATASET_NAME,
4795 B_FALSE, POOL_CHECK_NONE },
4796 { zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade,
4797 DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4798 { zfs_ioc_hold, zfs_secpolicy_hold, DATASET_NAME, B_TRUE,
4799 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4800 { zfs_ioc_release, zfs_secpolicy_release, DATASET_NAME, B_TRUE,
4801 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4802 { zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4803 POOL_CHECK_SUSPENDED },
4804 { zfs_ioc_objset_recvd_props, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4806 { zfs_ioc_vdev_split, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4807 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4808 { zfs_ioc_next_obj, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4810 { zfs_ioc_diff, zfs_secpolicy_diff, DATASET_NAME, B_FALSE,
4812 { zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot, DATASET_NAME,
4813 B_FALSE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4814 { zfs_ioc_obj_to_stats, zfs_secpolicy_diff, DATASET_NAME, B_FALSE,
4815 POOL_CHECK_SUSPENDED },
4816 { zfs_ioc_events_next, zfs_secpolicy_config, NO_NAME, B_FALSE,
4818 { zfs_ioc_events_clear, zfs_secpolicy_config, NO_NAME, B_FALSE,
4823 pool_status_check(const char *name, zfs_ioc_namecheck_t type,
4824 zfs_ioc_poolcheck_t check)
4829 ASSERT(type == POOL_NAME || type == DATASET_NAME);
4831 if (check & POOL_CHECK_NONE)
4834 error = spa_open(name, &spa, FTAG);
4836 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa))
4838 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa))
4840 spa_close(spa, FTAG);
4846 * Find a free minor number.
4849 zfsdev_minor_alloc(void)
4851 static minor_t last_minor;
4854 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
4856 for (m = last_minor + 1; m != last_minor; m++) {
4857 if (m > ZFSDEV_MAX_MINOR)
4859 if (ddi_get_soft_state(zfsdev_state, m) == NULL) {
4869 zfs_ctldev_init(dev_t *devp)
4872 zfs_soft_state_t *zs;
4874 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
4875 ASSERT(getminor(*devp) == 0);
4877 minor = zfsdev_minor_alloc();
4881 if (ddi_soft_state_zalloc(zfsdev_state, minor) != DDI_SUCCESS)
4884 *devp = makedevice(getemajor(*devp), minor);
4886 zs = ddi_get_soft_state(zfsdev_state, minor);
4887 zs->zss_type = ZSST_CTLDEV;
4888 zfs_onexit_init((zfs_onexit_t **)&zs->zss_data);
4894 zfs_ctldev_destroy(zfs_onexit_t *zo, minor_t minor)
4896 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
4898 zfs_onexit_destroy(zo);
4899 ddi_soft_state_free(zfsdev_state, minor);
4903 zfsdev_get_soft_state(minor_t minor, enum zfs_soft_state_type which)
4905 zfs_soft_state_t *zp;
4907 zp = ddi_get_soft_state(zfsdev_state, minor);
4908 if (zp == NULL || zp->zss_type != which)
4911 return (zp->zss_data);
4915 zfsdev_open(dev_t *devp, int flag, int otyp, cred_t *cr)
4919 if (getminor(*devp) != 0)
4920 return (zvol_open(devp, flag, otyp, cr));
4922 /* This is the control device. Allocate a new minor if requested. */
4924 mutex_enter(&zfsdev_state_lock);
4925 error = zfs_ctldev_init(devp);
4926 mutex_exit(&zfsdev_state_lock);
4933 zfsdev_close(dev_t dev, int flag, int otyp, cred_t *cr)
4936 minor_t minor = getminor(dev);
4941 mutex_enter(&zfsdev_state_lock);
4942 zo = zfsdev_get_soft_state(minor, ZSST_CTLDEV);
4944 mutex_exit(&zfsdev_state_lock);
4945 return (zvol_close(dev, flag, otyp, cr));
4947 zfs_ctldev_destroy(zo, minor);
4948 mutex_exit(&zfsdev_state_lock);
4954 zfsdev_ioctl(dev_t dev, int cmd, intptr_t arg, int flag, cred_t *cr, int *rvalp)
4959 minor_t minor = getminor(dev);
4962 zfsdev_get_soft_state(minor, ZSST_CTLDEV) == NULL)
4963 return (zvol_ioctl(dev, cmd, arg, flag, cr, rvalp));
4965 vec = cmd - ZFS_IOC;
4966 ASSERT3U(getmajor(dev), ==, ddi_driver_major(zfs_dip));
4968 if (vec >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0]))
4971 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
4973 error = ddi_copyin((void *)arg, zc, sizeof (zfs_cmd_t), flag);
4977 if ((error == 0) && !(flag & FKIOCTL))
4978 error = zfs_ioc_vec[vec].zvec_secpolicy(zc, cr);
4981 * Ensure that all pool/dataset names are valid before we pass down to
4985 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
4986 zc->zc_iflags = flag & FKIOCTL;
4987 switch (zfs_ioc_vec[vec].zvec_namecheck) {
4989 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0)
4991 error = pool_status_check(zc->zc_name,
4992 zfs_ioc_vec[vec].zvec_namecheck,
4993 zfs_ioc_vec[vec].zvec_pool_check);
4997 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0)
4999 error = pool_status_check(zc->zc_name,
5000 zfs_ioc_vec[vec].zvec_namecheck,
5001 zfs_ioc_vec[vec].zvec_pool_check);
5010 error = zfs_ioc_vec[vec].zvec_func(zc);
5012 rc = ddi_copyout(zc, (void *)arg, sizeof (zfs_cmd_t), flag);
5016 if (zfs_ioc_vec[vec].zvec_his_log)
5017 zfs_log_history(zc);
5020 kmem_free(zc, sizeof (zfs_cmd_t));
5025 zfs_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
5027 if (cmd != DDI_ATTACH)
5028 return (DDI_FAILURE);
5030 if (ddi_create_minor_node(dip, "zfs", S_IFCHR, 0,
5031 DDI_PSEUDO, 0) == DDI_FAILURE)
5032 return (DDI_FAILURE);
5036 ddi_report_dev(dip);
5038 return (DDI_SUCCESS);
5042 zfs_detach(dev_info_t *dip, ddi_detach_cmd_t cmd)
5044 if (spa_busy() || zfs_busy() || zvol_busy())
5045 return (DDI_FAILURE);
5047 if (cmd != DDI_DETACH)
5048 return (DDI_FAILURE);
5052 ddi_prop_remove_all(dip);
5053 ddi_remove_minor_node(dip, NULL);
5055 return (DDI_SUCCESS);
5060 zfs_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result)
5063 case DDI_INFO_DEVT2DEVINFO:
5065 return (DDI_SUCCESS);
5067 case DDI_INFO_DEVT2INSTANCE:
5068 *result = (void *)0;
5069 return (DDI_SUCCESS);
5072 return (DDI_FAILURE);
5076 * OK, so this is a little weird.
5078 * /dev/zfs is the control node, i.e. minor 0.
5079 * /dev/zvol/[r]dsk/pool/dataset are the zvols, minor > 0.
5081 * /dev/zfs has basically nothing to do except serve up ioctls,
5082 * so most of the standard driver entry points are in zvol.c.
5084 static struct cb_ops zfs_cb_ops = {
5085 zfsdev_open, /* open */
5086 zfsdev_close, /* close */
5087 zvol_strategy, /* strategy */
5089 zvol_dump, /* dump */
5090 zvol_read, /* read */
5091 zvol_write, /* write */
5092 zfsdev_ioctl, /* ioctl */
5096 nochpoll, /* poll */
5097 ddi_prop_op, /* prop_op */
5098 NULL, /* streamtab */
5099 D_NEW | D_MP | D_64BIT, /* Driver compatibility flag */
5100 CB_REV, /* version */
5101 nodev, /* async read */
5102 nodev, /* async write */
5105 static struct dev_ops zfs_dev_ops = {
5106 DEVO_REV, /* version */
5108 zfs_info, /* info */
5109 nulldev, /* identify */
5110 nulldev, /* probe */
5111 zfs_attach, /* attach */
5112 zfs_detach, /* detach */
5114 &zfs_cb_ops, /* driver operations */
5115 NULL, /* no bus operations */
5117 ddi_quiesce_not_needed, /* quiesce */
5120 static struct modldrv zfs_modldrv = {
5126 static struct modlinkage modlinkage = {
5128 (void *)&zfs_modlfs,
5129 (void *)&zfs_modldrv,
5134 uint_t zfs_fsyncer_key;
5135 extern uint_t rrw_tsd_key;
5142 spa_init(FREAD | FWRITE);
5146 if ((error = mod_install(&modlinkage)) != 0) {
5153 tsd_create(&zfs_fsyncer_key, NULL);
5154 tsd_create(&rrw_tsd_key, NULL);
5156 error = ldi_ident_from_mod(&modlinkage, &zfs_li);
5158 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL);
5168 if (spa_busy() || zfs_busy() || zvol_busy() || zio_injection_enabled)
5171 if ((error = mod_remove(&modlinkage)) != 0)
5177 if (zfs_nfsshare_inited)
5178 (void) ddi_modclose(nfs_mod);
5179 if (zfs_smbshare_inited)
5180 (void) ddi_modclose(smbsrv_mod);
5181 if (zfs_nfsshare_inited || zfs_smbshare_inited)
5182 (void) ddi_modclose(sharefs_mod);
5184 tsd_destroy(&zfs_fsyncer_key);
5185 ldi_ident_release(zfs_li);
5187 mutex_destroy(&zfs_share_lock);
5193 _info(struct modinfo *modinfop)
5195 return (mod_info(&modlinkage, modinfop));