fs/zfs/zfs_ioctl.c

789Sahrens/*
789Sahrens * CDDL HEADER START
789Sahrens *
789Sahrens * The contents of this file are subject to the terms of the
1485Slling * Common Development and Distribution License (the "License").
1485Slling * You may not use this file except in compliance with the License.
789Sahrens *
789Sahrens * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
789Sahrens * or http://www.opensolaris.org/os/licensing.
789Sahrens * See the License for the specific language governing permissions
789Sahrens * and limitations under the License.
789Sahrens *
789Sahrens * When distributing Covered Code, include this CDDL HEADER in each
789Sahrens * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
789Sahrens * If applicable, add the following below this CDDL HEADER, with the
789Sahrens * fields enclosed by brackets "[]" replaced with your own identifying
789Sahrens * information: Portions Copyright [yyyy] [name of copyright owner]
789Sahrens *
789Sahrens * CDDL HEADER END
789Sahrens */
789Sahrens/*
12296SLin.Ling@Sun.COM * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
789Sahrens */
789Sahrens
789Sahrens#include <sys/types.h>
789Sahrens#include <sys/param.h>
789Sahrens#include <sys/errno.h>
789Sahrens#include <sys/uio.h>
789Sahrens#include <sys/buf.h>
789Sahrens#include <sys/modctl.h>
789Sahrens#include <sys/open.h>
789Sahrens#include <sys/file.h>
789Sahrens#include <sys/kmem.h>
789Sahrens#include <sys/conf.h>
789Sahrens#include <sys/cmn_err.h>
789Sahrens#include <sys/stat.h>
789Sahrens#include <sys/zfs_ioctl.h>
10972SRic.Aleshire@Sun.COM#include <sys/zfs_vfsops.h>
5331Samw#include <sys/zfs_znode.h>
789Sahrens#include <sys/zap.h>
789Sahrens#include <sys/spa.h>
3912Slling#include <sys/spa_impl.h>
789Sahrens#include <sys/vdev.h>
10972SRic.Aleshire@Sun.COM#include <sys/priv_impl.h>
789Sahrens#include <sys/dmu.h>
789Sahrens#include <sys/dsl_dir.h>
789Sahrens#include <sys/dsl_dataset.h>
789Sahrens#include <sys/dsl_prop.h>
4543Smarks#include <sys/dsl_deleg.h>
4543Smarks#include <sys/dmu_objset.h>
789Sahrens#include <sys/ddi.h>
789Sahrens#include <sys/sunddi.h>
789Sahrens#include <sys/sunldi.h>
789Sahrens#include <sys/policy.h>
789Sahrens#include <sys/zone.h>
789Sahrens#include <sys/nvpair.h>
789Sahrens#include <sys/pathname.h>
789Sahrens#include <sys/mount.h>
789Sahrens#include <sys/sdt.h>
789Sahrens#include <sys/fs/zfs.h>
789Sahrens#include <sys/zfs_ctldir.h>
5331Samw#include <sys/zfs_dir.h>
12527SChris.Kirby@oracle.com#include <sys/zfs_onexit.h>
2885Sahrens#include <sys/zvol.h>
12296SLin.Ling@Sun.COM#include <sys/dsl_scan.h>
4543Smarks#include <sharefs/share.h>
5326Sek110237#include <sys/dmu_objset.h>
789Sahrens
789Sahrens#include "zfs_namecheck.h"
2676Seschrock#include "zfs_prop.h"
4543Smarks#include "zfs_deleg.h"
11935SMark.Shellenbaum@Sun.COM#include "zfs_comutil.h"
789Sahrens
789Sahrensextern struct modlfs zfs_modlfs;
789Sahrens
789Sahrensextern void zfs_init(void);
789Sahrensextern void zfs_fini(void);
789Sahrens
789Sahrensldi_ident_t zfs_li = NULL;
789Sahrensdev_info_t *zfs_dip;
789Sahrens
789Sahrenstypedef int zfs_ioc_func_t(zfs_cmd_t *);
4543Smarkstypedef int zfs_secpolicy_func_t(zfs_cmd_t *, cred_t *);
789Sahrens
9234SGeorge.Wilson@Sun.COMtypedef enum {
9234SGeorge.Wilson@Sun.COM	NO_NAME,
9234SGeorge.Wilson@Sun.COM	POOL_NAME,
9234SGeorge.Wilson@Sun.COM	DATASET_NAME
9234SGeorge.Wilson@Sun.COM} zfs_ioc_namecheck_t;
9234SGeorge.Wilson@Sun.COM
*13049SGeorge.Wilson@Sun.COMtypedef enum {
*13049SGeorge.Wilson@Sun.COM	POOL_CHECK_NONE		= 1 << 0,
*13049SGeorge.Wilson@Sun.COM	POOL_CHECK_SUSPENDED	= 1 << 1,
*13049SGeorge.Wilson@Sun.COM	POOL_CHECK_READONLY	= 1 << 2
*13049SGeorge.Wilson@Sun.COM} zfs_ioc_poolcheck_t;
*13049SGeorge.Wilson@Sun.COM
789Sahrenstypedef struct zfs_ioc_vec {
789Sahrens	zfs_ioc_func_t		*zvec_func;
789Sahrens	zfs_secpolicy_func_t	*zvec_secpolicy;
9234SGeorge.Wilson@Sun.COM	zfs_ioc_namecheck_t	zvec_namecheck;
4543Smarks	boolean_t		zvec_his_log;
*13049SGeorge.Wilson@Sun.COM	zfs_ioc_poolcheck_t	zvec_pool_check;
789Sahrens} zfs_ioc_vec_t;
789Sahrens
9396SMatthew.Ahrens@Sun.COM/* This array is indexed by zfs_userquota_prop_t */
9396SMatthew.Ahrens@Sun.COMstatic const char *userquota_perms[] = {
9396SMatthew.Ahrens@Sun.COM	ZFS_DELEG_PERM_USERUSED,
9396SMatthew.Ahrens@Sun.COM	ZFS_DELEG_PERM_USERQUOTA,
9396SMatthew.Ahrens@Sun.COM	ZFS_DELEG_PERM_GROUPUSED,
9396SMatthew.Ahrens@Sun.COM	ZFS_DELEG_PERM_GROUPQUOTA,
9396SMatthew.Ahrens@Sun.COM};
9396SMatthew.Ahrens@Sun.COM
9396SMatthew.Ahrens@Sun.COMstatic int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc);
11022STom.Erickson@Sun.COMstatic int zfs_check_settable(const char *name, nvpair_t *property,
11022STom.Erickson@Sun.COM    cred_t *cr);
11022STom.Erickson@Sun.COMstatic int zfs_check_clearable(char *dataset, nvlist_t *props,
11022STom.Erickson@Sun.COM    nvlist_t **errors);
7184Stimhstatic int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *,
7184Stimh    boolean_t *);
11022STom.Erickson@Sun.COMint zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t **);
7184Stimh
789Sahrens/* _NOTE(PRINTFLIKE(4)) - this is printf-like, but lint is too whiney */
789Sahrensvoid
789Sahrens__dprintf(const char *file, const char *func, int line, const char *fmt, ...)
789Sahrens{
789Sahrens	const char *newfile;
12296SLin.Ling@Sun.COM	char buf[512];
789Sahrens	va_list adx;
789Sahrens
789Sahrens	/*
789Sahrens	 * Get rid of annoying "../common/" prefix to filename.
789Sahrens	 */
789Sahrens	newfile = strrchr(file, '/');
789Sahrens	if (newfile != NULL) {
789Sahrens		newfile = newfile + 1; /* Get rid of leading / */
789Sahrens	} else {
789Sahrens		newfile = file;
789Sahrens	}
789Sahrens
789Sahrens	va_start(adx, fmt);
789Sahrens	(void) vsnprintf(buf, sizeof (buf), fmt, adx);
789Sahrens	va_end(adx);
789Sahrens
789Sahrens	/*
789Sahrens	 * To get this data, use the zfs-dprintf probe as so:
789Sahrens	 * dtrace -q -n 'zfs-dprintf \
789Sahrens	 *	/stringof(arg0) == "dbuf.c"/ \
789Sahrens	 *	{printf("%s: %s", stringof(arg1), stringof(arg3))}'
789Sahrens	 * arg0 = file name
789Sahrens	 * arg1 = function name
789Sahrens	 * arg2 = line number
789Sahrens	 * arg3 = message
789Sahrens	 */
789Sahrens	DTRACE_PROBE4(zfs__dprintf,
789Sahrens	    char *, newfile, char *, func, int, line, char *, buf);
789Sahrens}
789Sahrens
4543Smarksstatic void
4715Sek110237history_str_free(char *buf)
4715Sek110237{
4715Sek110237	kmem_free(buf, HIS_MAX_RECORD_LEN);
4715Sek110237}
4715Sek110237
4715Sek110237static char *
4715Sek110237history_str_get(zfs_cmd_t *zc)
4715Sek110237{
4715Sek110237	char *buf;
4715Sek110237
4715Sek110237	if (zc->zc_history == NULL)
4715Sek110237		return (NULL);
4715Sek110237
4715Sek110237	buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP);
4715Sek110237	if (copyinstr((void *)(uintptr_t)zc->zc_history,
4715Sek110237	    buf, HIS_MAX_RECORD_LEN, NULL) != 0) {
4715Sek110237		history_str_free(buf);
4715Sek110237		return (NULL);
4715Sek110237	}
4715Sek110237
4715Sek110237	buf[HIS_MAX_RECORD_LEN -1] = '\0';
4715Sek110237
4715Sek110237	return (buf);
4715Sek110237}
4715Sek110237
5375Stimh/*
7042Sgw25295 * Check to see if the named dataset is currently defined as bootable
7042Sgw25295 */
7042Sgw25295static boolean_t
7042Sgw25295zfs_is_bootfs(const char *name)
7042Sgw25295{
10298SMatthew.Ahrens@Sun.COM	objset_t *os;
10298SMatthew.Ahrens@Sun.COM
10298SMatthew.Ahrens@Sun.COM	if (dmu_objset_hold(name, FTAG, &os) == 0) {
10298SMatthew.Ahrens@Sun.COM		boolean_t ret;
10922SJeff.Bonwick@Sun.COM		ret = (dmu_objset_id(os) == spa_bootfs(dmu_objset_spa(os)));
10298SMatthew.Ahrens@Sun.COM		dmu_objset_rele(os, FTAG);
10298SMatthew.Ahrens@Sun.COM		return (ret);
7042Sgw25295	}
10298SMatthew.Ahrens@Sun.COM	return (B_FALSE);
7042Sgw25295}
7042Sgw25295
7042Sgw25295/*
7184Stimh * zfs_earlier_version
5375Stimh *
5375Stimh *	Return non-zero if the spa version is less than requested version.
5375Stimh */
5331Samwstatic int
7184Stimhzfs_earlier_version(const char *name, int version)
5331Samw{
5331Samw	spa_t *spa;
5331Samw
5331Samw	if (spa_open(name, &spa, FTAG) == 0) {
5331Samw		if (spa_version(spa) < version) {
5331Samw			spa_close(spa, FTAG);
5331Samw			return (1);
5331Samw		}
5331Samw		spa_close(spa, FTAG);
5331Samw	}
5331Samw	return (0);
5331Samw}
5331Samw
5977Smarks/*
6689Smaybee * zpl_earlier_version
5977Smarks *
6689Smaybee * Return TRUE if the ZPL version is less than requested version.
5977Smarks */
6689Smaybeestatic boolean_t
6689Smaybeezpl_earlier_version(const char *name, int version)
5977Smarks{
5977Smarks	objset_t *os;
6689Smaybee	boolean_t rc = B_TRUE;
5977Smarks
10298SMatthew.Ahrens@Sun.COM	if (dmu_objset_hold(name, FTAG, &os) == 0) {
6689Smaybee		uint64_t zplversion;
6689Smaybee
10298SMatthew.Ahrens@Sun.COM		if (dmu_objset_type(os) != DMU_OST_ZFS) {
10298SMatthew.Ahrens@Sun.COM			dmu_objset_rele(os, FTAG);
10298SMatthew.Ahrens@Sun.COM			return (B_TRUE);
10298SMatthew.Ahrens@Sun.COM		}
10298SMatthew.Ahrens@Sun.COM		/* XXX reading from non-owned objset */
6689Smaybee		if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0)
6689Smaybee			rc = zplversion < version;
10298SMatthew.Ahrens@Sun.COM		dmu_objset_rele(os, FTAG);
5977Smarks	}
5977Smarks	return (rc);
5977Smarks}
5977Smarks
4715Sek110237static void
4543Smarkszfs_log_history(zfs_cmd_t *zc)
4543Smarks{
4543Smarks	spa_t *spa;
4603Sahrens	char *buf;
4543Smarks
4715Sek110237	if ((buf = history_str_get(zc)) == NULL)
4577Sahrens		return;
4577Sahrens
4715Sek110237	if (spa_open(zc->zc_name, &spa, FTAG) == 0) {
4715Sek110237		if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY)
4715Sek110237			(void) spa_history_log(spa, buf, LOG_CMD_NORMAL);
4715Sek110237		spa_close(spa, FTAG);
4543Smarks	}
4715Sek110237	history_str_free(buf);
4543Smarks}
4543Smarks
789Sahrens/*
789Sahrens * Policy for top-level read operations (list pools).  Requires no privileges,
789Sahrens * and can be used in the local zone, as there is no associated dataset.
789Sahrens */
789Sahrens/* ARGSUSED */
789Sahrensstatic int
4543Smarkszfs_secpolicy_none(zfs_cmd_t *zc, cred_t *cr)
789Sahrens{
789Sahrens	return (0);
789Sahrens}
789Sahrens
789Sahrens/*
789Sahrens * Policy for dataset read operations (list children, get statistics).  Requires
789Sahrens * no privileges, but must be visible in the local zone.
789Sahrens */
789Sahrens/* ARGSUSED */
789Sahrensstatic int
4543Smarkszfs_secpolicy_read(zfs_cmd_t *zc, cred_t *cr)
789Sahrens{
789Sahrens	if (INGLOBALZONE(curproc) ||
4543Smarks	    zone_dataset_visible(zc->zc_name, NULL))
789Sahrens		return (0);
789Sahrens
789Sahrens	return (ENOENT);
789Sahrens}
789Sahrens
789Sahrensstatic int
12786SChris.Kirby@oracle.comzfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr)
789Sahrens{
789Sahrens	int writable = 1;
789Sahrens
789Sahrens	/*
789Sahrens	 * The dataset must be visible by this zone -- check this first
789Sahrens	 * so they don't see EPERM on something they shouldn't know about.
789Sahrens	 */
789Sahrens	if (!INGLOBALZONE(curproc) &&
789Sahrens	    !zone_dataset_visible(dataset, &writable))
789Sahrens		return (ENOENT);
789Sahrens
789Sahrens	if (INGLOBALZONE(curproc)) {
789Sahrens		/*
789Sahrens		 * If the fs is zoned, only root can access it from the
789Sahrens		 * global zone.
789Sahrens		 */
789Sahrens		if (secpolicy_zfs(cr) && zoned)
789Sahrens			return (EPERM);
789Sahrens	} else {
789Sahrens		/*
789Sahrens		 * If we are in a local zone, the 'zoned' property must be set.
789Sahrens		 */
789Sahrens		if (!zoned)
789Sahrens			return (EPERM);
789Sahrens
789Sahrens		/* must be writable by this zone */
789Sahrens		if (!writable)
789Sahrens			return (EPERM);
789Sahrens	}
789Sahrens	return (0);
789Sahrens}
789Sahrens
12786SChris.Kirby@oracle.comstatic int
12786SChris.Kirby@oracle.comzfs_dozonecheck(const char *dataset, cred_t *cr)
12786SChris.Kirby@oracle.com{
12786SChris.Kirby@oracle.com	uint64_t zoned;
12786SChris.Kirby@oracle.com
12786SChris.Kirby@oracle.com	if (dsl_prop_get_integer(dataset, "zoned", &zoned, NULL))
12786SChris.Kirby@oracle.com		return (ENOENT);
12786SChris.Kirby@oracle.com
12786SChris.Kirby@oracle.com	return (zfs_dozonecheck_impl(dataset, zoned, cr));
12786SChris.Kirby@oracle.com}
12786SChris.Kirby@oracle.com
12786SChris.Kirby@oracle.comstatic int
12786SChris.Kirby@oracle.comzfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr)
12786SChris.Kirby@oracle.com{
12786SChris.Kirby@oracle.com	uint64_t zoned;
12786SChris.Kirby@oracle.com
12786SChris.Kirby@oracle.com	rw_enter(&ds->ds_dir->dd_pool->dp_config_rwlock, RW_READER);
12786SChris.Kirby@oracle.com	if (dsl_prop_get_ds(ds, "zoned", 8, 1, &zoned, NULL)) {
12786SChris.Kirby@oracle.com		rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock);
12786SChris.Kirby@oracle.com		return (ENOENT);
12786SChris.Kirby@oracle.com	}
12786SChris.Kirby@oracle.com	rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock);
12786SChris.Kirby@oracle.com
12786SChris.Kirby@oracle.com	return (zfs_dozonecheck_impl(dataset, zoned, cr));
12786SChris.Kirby@oracle.com}
12786SChris.Kirby@oracle.com
789Sahrensint
4543Smarkszfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
789Sahrens{
789Sahrens	int error;
789Sahrens
4543Smarks	error = zfs_dozonecheck(name, cr);
4543Smarks	if (error == 0) {
4543Smarks		error = secpolicy_zfs(cr);
4670Sahrens		if (error)
4543Smarks			error = dsl_deleg_access(name, perm, cr);
4543Smarks	}
4543Smarks	return (error);
4543Smarks}
4543Smarks
12786SChris.Kirby@oracle.comint
12786SChris.Kirby@oracle.comzfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds,
12786SChris.Kirby@oracle.com    const char *perm, cred_t *cr)
12786SChris.Kirby@oracle.com{
12786SChris.Kirby@oracle.com	int error;
12786SChris.Kirby@oracle.com
12786SChris.Kirby@oracle.com	error = zfs_dozonecheck_ds(name, ds, cr);
12786SChris.Kirby@oracle.com	if (error == 0) {
12786SChris.Kirby@oracle.com		error = secpolicy_zfs(cr);
12786SChris.Kirby@oracle.com		if (error)
12786SChris.Kirby@oracle.com			error = dsl_deleg_access_impl(ds, perm, cr);
12786SChris.Kirby@oracle.com	}
12786SChris.Kirby@oracle.com	return (error);
12786SChris.Kirby@oracle.com}
12786SChris.Kirby@oracle.com
10972SRic.Aleshire@Sun.COM/*
10972SRic.Aleshire@Sun.COM * Policy for setting the security label property.
10972SRic.Aleshire@Sun.COM *
10972SRic.Aleshire@Sun.COM * Returns 0 for success, non-zero for access and other errors.
10972SRic.Aleshire@Sun.COM */
10972SRic.Aleshire@Sun.COMstatic int
11022STom.Erickson@Sun.COMzfs_set_slabel_policy(const char *name, char *strval, cred_t *cr)
10972SRic.Aleshire@Sun.COM{
10972SRic.Aleshire@Sun.COM	char		ds_hexsl[MAXNAMELEN];
10972SRic.Aleshire@Sun.COM	bslabel_t	ds_sl, new_sl;
10972SRic.Aleshire@Sun.COM	boolean_t	new_default = FALSE;
10972SRic.Aleshire@Sun.COM	uint64_t	zoned;
10972SRic.Aleshire@Sun.COM	int		needed_priv = -1;
10972SRic.Aleshire@Sun.COM	int		error;
10972SRic.Aleshire@Sun.COM
10972SRic.Aleshire@Sun.COM	/* First get the existing dataset label. */
10972SRic.Aleshire@Sun.COM	error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL),
10972SRic.Aleshire@Sun.COM	    1, sizeof (ds_hexsl), &ds_hexsl, NULL);
10972SRic.Aleshire@Sun.COM	if (error)
10972SRic.Aleshire@Sun.COM		return (EPERM);
10972SRic.Aleshire@Sun.COM
10972SRic.Aleshire@Sun.COM	if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0)
10972SRic.Aleshire@Sun.COM		new_default = TRUE;
10972SRic.Aleshire@Sun.COM
10972SRic.Aleshire@Sun.COM	/* The label must be translatable */
10972SRic.Aleshire@Sun.COM	if (!new_default && (hexstr_to_label(strval, &new_sl) != 0))
10972SRic.Aleshire@Sun.COM		return (EINVAL);
10972SRic.Aleshire@Sun.COM
10972SRic.Aleshire@Sun.COM	/*
10972SRic.Aleshire@Sun.COM	 * In a non-global zone, disallow attempts to set a label that
10972SRic.Aleshire@Sun.COM	 * doesn't match that of the zone; otherwise no other checks
10972SRic.Aleshire@Sun.COM	 * are needed.
10972SRic.Aleshire@Sun.COM	 */
10972SRic.Aleshire@Sun.COM	if (!INGLOBALZONE(curproc)) {
10972SRic.Aleshire@Sun.COM		if (new_default || !blequal(&new_sl, CR_SL(CRED())))
10972SRic.Aleshire@Sun.COM			return (EPERM);
10972SRic.Aleshire@Sun.COM		return (0);
10972SRic.Aleshire@Sun.COM	}
10972SRic.Aleshire@Sun.COM
10972SRic.Aleshire@Sun.COM	/*
10972SRic.Aleshire@Sun.COM	 * For global-zone datasets (i.e., those whose zoned property is
10972SRic.Aleshire@Sun.COM	 * "off", verify that the specified new label is valid for the
10972SRic.Aleshire@Sun.COM	 * global zone.
10972SRic.Aleshire@Sun.COM	 */
10972SRic.Aleshire@Sun.COM	if (dsl_prop_get_integer(name,
10972SRic.Aleshire@Sun.COM	    zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL))
10972SRic.Aleshire@Sun.COM		return (EPERM);
10972SRic.Aleshire@Sun.COM	if (!zoned) {
10972SRic.Aleshire@Sun.COM		if (zfs_check_global_label(name, strval) != 0)
10972SRic.Aleshire@Sun.COM			return (EPERM);
10972SRic.Aleshire@Sun.COM	}
10972SRic.Aleshire@Sun.COM
10972SRic.Aleshire@Sun.COM	/*
10972SRic.Aleshire@Sun.COM	 * If the existing dataset label is nondefault, check if the
10972SRic.Aleshire@Sun.COM	 * dataset is mounted (label cannot be changed while mounted).
10972SRic.Aleshire@Sun.COM	 * Get the zfsvfs; if there isn't one, then the dataset isn't
10972SRic.Aleshire@Sun.COM	 * mounted (or isn't a dataset, doesn't exist, ...).
10972SRic.Aleshire@Sun.COM	 */
10972SRic.Aleshire@Sun.COM	if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) {
11022STom.Erickson@Sun.COM		objset_t *os;
11022STom.Erickson@Sun.COM		static char *setsl_tag = "setsl_tag";
11022STom.Erickson@Sun.COM
10972SRic.Aleshire@Sun.COM		/*
10972SRic.Aleshire@Sun.COM		 * Try to own the dataset; abort if there is any error,
10972SRic.Aleshire@Sun.COM		 * (e.g., already mounted, in use, or other error).
10972SRic.Aleshire@Sun.COM		 */
10972SRic.Aleshire@Sun.COM		error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE,
11022STom.Erickson@Sun.COM		    setsl_tag, &os);
10972SRic.Aleshire@Sun.COM		if (error)
10972SRic.Aleshire@Sun.COM			return (EPERM);
10972SRic.Aleshire@Sun.COM
11022STom.Erickson@Sun.COM		dmu_objset_disown(os, setsl_tag);
11022STom.Erickson@Sun.COM
10972SRic.Aleshire@Sun.COM		if (new_default) {
10972SRic.Aleshire@Sun.COM			needed_priv = PRIV_FILE_DOWNGRADE_SL;
10972SRic.Aleshire@Sun.COM			goto out_check;
10972SRic.Aleshire@Sun.COM		}
10972SRic.Aleshire@Sun.COM
10972SRic.Aleshire@Sun.COM		if (hexstr_to_label(strval, &new_sl) != 0)
10972SRic.Aleshire@Sun.COM			return (EPERM);
10972SRic.Aleshire@Sun.COM
10972SRic.Aleshire@Sun.COM		if (blstrictdom(&ds_sl, &new_sl))
10972SRic.Aleshire@Sun.COM			needed_priv = PRIV_FILE_DOWNGRADE_SL;
10972SRic.Aleshire@Sun.COM		else if (blstrictdom(&new_sl, &ds_sl))
10972SRic.Aleshire@Sun.COM			needed_priv = PRIV_FILE_UPGRADE_SL;
10972SRic.Aleshire@Sun.COM	} else {
10972SRic.Aleshire@Sun.COM		/* dataset currently has a default label */
10972SRic.Aleshire@Sun.COM		if (!new_default)
10972SRic.Aleshire@Sun.COM			needed_priv = PRIV_FILE_UPGRADE_SL;
10972SRic.Aleshire@Sun.COM	}
10972SRic.Aleshire@Sun.COM
10972SRic.Aleshire@Sun.COMout_check:
10972SRic.Aleshire@Sun.COM	if (needed_priv != -1)
10972SRic.Aleshire@Sun.COM		return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL));
10972SRic.Aleshire@Sun.COM	return (0);
10972SRic.Aleshire@Sun.COM}
10972SRic.Aleshire@Sun.COM
4543Smarksstatic int
11022STom.Erickson@Sun.COMzfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval,
11022STom.Erickson@Sun.COM    cred_t *cr)
4543Smarks{
11022STom.Erickson@Sun.COM	char *strval;
11022STom.Erickson@Sun.COM
4543Smarks	/*
4543Smarks	 * Check permissions for special properties.
4543Smarks	 */
4543Smarks	switch (prop) {
4543Smarks	case ZFS_PROP_ZONED:
4543Smarks		/*
4543Smarks		 * Disallow setting of 'zoned' from within a local zone.
4543Smarks		 */
4543Smarks		if (!INGLOBALZONE(curproc))
4543Smarks			return (EPERM);
4543Smarks		break;
789Sahrens
4543Smarks	case ZFS_PROP_QUOTA:
4543Smarks		if (!INGLOBALZONE(curproc)) {
4543Smarks			uint64_t zoned;
4543Smarks			char setpoint[MAXNAMELEN];
4543Smarks			/*
4543Smarks			 * Unprivileged users are allowed to modify the
4543Smarks			 * quota on things *under* (ie. contained by)
4543Smarks			 * the thing they own.
4543Smarks			 */
11022STom.Erickson@Sun.COM			if (dsl_prop_get_integer(dsname, "zoned", &zoned,
4543Smarks			    setpoint))
4543Smarks				return (EPERM);
11022STom.Erickson@Sun.COM			if (!zoned || strlen(dsname) <= strlen(setpoint))
4543Smarks				return (EPERM);
4543Smarks		}
4670Sahrens		break;
10972SRic.Aleshire@Sun.COM
10972SRic.Aleshire@Sun.COM	case ZFS_PROP_MLSLABEL:
10972SRic.Aleshire@Sun.COM		if (!is_system_labeled())
10972SRic.Aleshire@Sun.COM			return (EPERM);
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM		if (nvpair_value_string(propval, &strval) == 0) {
11022STom.Erickson@Sun.COM			int err;
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM			err = zfs_set_slabel_policy(dsname, strval, CRED());
11022STom.Erickson@Sun.COM			if (err != 0)
11022STom.Erickson@Sun.COM				return (err);
11022STom.Erickson@Sun.COM		}
10972SRic.Aleshire@Sun.COM		break;
4543Smarks	}
4543Smarks
11022STom.Erickson@Sun.COM	return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr));
789Sahrens}
789Sahrens
4543Smarksint
4543Smarkszfs_secpolicy_fsacl(zfs_cmd_t *zc, cred_t *cr)
4543Smarks{
4543Smarks	int error;
4543Smarks
4543Smarks	error = zfs_dozonecheck(zc->zc_name, cr);
4543Smarks	if (error)
4543Smarks		return (error);
4543Smarks
4543Smarks	/*
4543Smarks	 * permission to set permissions will be evaluated later in
4543Smarks	 * dsl_deleg_can_allow()
4543Smarks	 */
4543Smarks	return (0);
4543Smarks}
4543Smarks
4543Smarksint
4543Smarkszfs_secpolicy_rollback(zfs_cmd_t *zc, cred_t *cr)
4543Smarks{
10588SEric.Taylor@Sun.COM	return (zfs_secpolicy_write_perms(zc->zc_name,
10588SEric.Taylor@Sun.COM	    ZFS_DELEG_PERM_ROLLBACK, cr));
4543Smarks}
4543Smarks
4543Smarksint
4543Smarkszfs_secpolicy_send(zfs_cmd_t *zc, cred_t *cr)
4543Smarks{
12786SChris.Kirby@oracle.com	spa_t *spa;
12786SChris.Kirby@oracle.com	dsl_pool_t *dp;
12786SChris.Kirby@oracle.com	dsl_dataset_t *ds;
12786SChris.Kirby@oracle.com	char *cp;
12786SChris.Kirby@oracle.com	int error;
12786SChris.Kirby@oracle.com
12786SChris.Kirby@oracle.com	/*
12786SChris.Kirby@oracle.com	 * Generate the current snapshot name from the given objsetid, then
12786SChris.Kirby@oracle.com	 * use that name for the secpolicy/zone checks.
12786SChris.Kirby@oracle.com	 */
12786SChris.Kirby@oracle.com	cp = strchr(zc->zc_name, '@');
12786SChris.Kirby@oracle.com	if (cp == NULL)
12786SChris.Kirby@oracle.com		return (EINVAL);
12786SChris.Kirby@oracle.com	error = spa_open(zc->zc_name, &spa, FTAG);
12786SChris.Kirby@oracle.com	if (error)
12786SChris.Kirby@oracle.com		return (error);
12786SChris.Kirby@oracle.com
12786SChris.Kirby@oracle.com	dp = spa_get_dsl(spa);
12786SChris.Kirby@oracle.com	rw_enter(&dp->dp_config_rwlock, RW_READER);
12786SChris.Kirby@oracle.com	error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
12786SChris.Kirby@oracle.com	rw_exit(&dp->dp_config_rwlock);
12786SChris.Kirby@oracle.com	spa_close(spa, FTAG);
12786SChris.Kirby@oracle.com	if (error)
12786SChris.Kirby@oracle.com		return (error);
12786SChris.Kirby@oracle.com
12786SChris.Kirby@oracle.com	dsl_dataset_name(ds, zc->zc_name);
12786SChris.Kirby@oracle.com
12786SChris.Kirby@oracle.com	error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds,
12786SChris.Kirby@oracle.com	    ZFS_DELEG_PERM_SEND, cr);
12786SChris.Kirby@oracle.com	dsl_dataset_rele(ds, FTAG);
12786SChris.Kirby@oracle.com
12786SChris.Kirby@oracle.com	return (error);
4543Smarks}
4543Smarks
8845Samw@Sun.COMstatic int
8845Samw@Sun.COMzfs_secpolicy_deleg_share(zfs_cmd_t *zc, cred_t *cr)
8845Samw@Sun.COM{
8845Samw@Sun.COM	vnode_t *vp;
8845Samw@Sun.COM	int error;
8845Samw@Sun.COM
8845Samw@Sun.COM	if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
8845Samw@Sun.COM	    NO_FOLLOW, NULL, &vp)) != 0)
8845Samw@Sun.COM		return (error);
8845Samw@Sun.COM
8845Samw@Sun.COM	/* Now make sure mntpnt and dataset are ZFS */
8845Samw@Sun.COM
8845Samw@Sun.COM	if (vp->v_vfsp->vfs_fstype != zfsfstype ||
8845Samw@Sun.COM	    (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
8845Samw@Sun.COM	    zc->zc_name) != 0)) {
8845Samw@Sun.COM		VN_RELE(vp);
8845Samw@Sun.COM		return (EPERM);
8845Samw@Sun.COM	}
8845Samw@Sun.COM
8845Samw@Sun.COM	VN_RELE(vp);
8845Samw@Sun.COM	return (dsl_deleg_access(zc->zc_name,
8845Samw@Sun.COM	    ZFS_DELEG_PERM_SHARE, cr));
8845Samw@Sun.COM}
8845Samw@Sun.COM
4543Smarksint
4543Smarkszfs_secpolicy_share(zfs_cmd_t *zc, cred_t *cr)
4543Smarks{
4543Smarks	if (!INGLOBALZONE(curproc))
4543Smarks		return (EPERM);
4543Smarks
5367Sahrens	if (secpolicy_nfs(cr) == 0) {
4543Smarks		return (0);
4543Smarks	} else {
8845Samw@Sun.COM		return (zfs_secpolicy_deleg_share(zc, cr));
8845Samw@Sun.COM	}
8845Samw@Sun.COM}
8845Samw@Sun.COM
8845Samw@Sun.COMint
8845Samw@Sun.COMzfs_secpolicy_smb_acl(zfs_cmd_t *zc, cred_t *cr)
8845Samw@Sun.COM{
8845Samw@Sun.COM	if (!INGLOBALZONE(curproc))
8845Samw@Sun.COM		return (EPERM);
8845Samw@Sun.COM
8845Samw@Sun.COM	if (secpolicy_smb(cr) == 0) {
8845Samw@Sun.COM		return (0);
8845Samw@Sun.COM	} else {
8845Samw@Sun.COM		return (zfs_secpolicy_deleg_share(zc, cr));
4543Smarks	}
4543Smarks}
4543Smarks
789Sahrensstatic int
4543Smarkszfs_get_parent(const char *datasetname, char *parent, int parentsize)
789Sahrens{
789Sahrens	char *cp;
789Sahrens
789Sahrens	/*
789Sahrens	 * Remove the @bla or /bla from the end of the name to get the parent.
789Sahrens	 */
4543Smarks	(void) strncpy(parent, datasetname, parentsize);
4543Smarks	cp = strrchr(parent, '@');
789Sahrens	if (cp != NULL) {
789Sahrens		cp[0] = '\0';
789Sahrens	} else {
4543Smarks		cp = strrchr(parent, '/');
789Sahrens		if (cp == NULL)
789Sahrens			return (ENOENT);
789Sahrens		cp[0] = '\0';
789Sahrens	}
789Sahrens
4543Smarks	return (0);
4543Smarks}
4543Smarks
4543Smarksint
4543Smarkszfs_secpolicy_destroy_perms(const char *name, cred_t *cr)
4543Smarks{
4543Smarks	int error;
4543Smarks
4543Smarks	if ((error = zfs_secpolicy_write_perms(name,
4543Smarks	    ZFS_DELEG_PERM_MOUNT, cr)) != 0)
4543Smarks		return (error);
4543Smarks
4543Smarks	return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr));
4543Smarks}
4543Smarks
4543Smarksstatic int
4543Smarkszfs_secpolicy_destroy(zfs_cmd_t *zc, cred_t *cr)
4543Smarks{
4543Smarks	return (zfs_secpolicy_destroy_perms(zc->zc_name, cr));
4543Smarks}
4543Smarks
4543Smarks/*
11314Swilliam.gorrell@sun.com * Destroying snapshots with delegated permissions requires
11314Swilliam.gorrell@sun.com * descendent mount and destroy permissions.
11314Swilliam.gorrell@sun.com * Reassemble the full filesystem@snap name so dsl_deleg_access()
11314Swilliam.gorrell@sun.com * can do the correct permission check.
11314Swilliam.gorrell@sun.com *
11314Swilliam.gorrell@sun.com * Since this routine is used when doing a recursive destroy of snapshots
11314Swilliam.gorrell@sun.com * and destroying snapshots requires descendent permissions, a successfull
11314Swilliam.gorrell@sun.com * check of the top level snapshot applies to snapshots of all descendent
11314Swilliam.gorrell@sun.com * datasets as well.
11314Swilliam.gorrell@sun.com */
11314Swilliam.gorrell@sun.comstatic int
11314Swilliam.gorrell@sun.comzfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, cred_t *cr)
11314Swilliam.gorrell@sun.com{
11314Swilliam.gorrell@sun.com	int error;
11314Swilliam.gorrell@sun.com	char *dsname;
11314Swilliam.gorrell@sun.com
11314Swilliam.gorrell@sun.com	dsname = kmem_asprintf("%s@%s", zc->zc_name, zc->zc_value);
11314Swilliam.gorrell@sun.com
11314Swilliam.gorrell@sun.com	error = zfs_secpolicy_destroy_perms(dsname, cr);
11314Swilliam.gorrell@sun.com
11314Swilliam.gorrell@sun.com	strfree(dsname);
11314Swilliam.gorrell@sun.com	return (error);
11314Swilliam.gorrell@sun.com}
11314Swilliam.gorrell@sun.com
4543Smarksint
4543Smarkszfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr)
4543Smarks{
11022STom.Erickson@Sun.COM	char	parentname[MAXNAMELEN];
4543Smarks	int	error;
4543Smarks
4543Smarks	if ((error = zfs_secpolicy_write_perms(from,
4543Smarks	    ZFS_DELEG_PERM_RENAME, cr)) != 0)
4543Smarks		return (error);
4543Smarks
4543Smarks	if ((error = zfs_secpolicy_write_perms(from,
4543Smarks	    ZFS_DELEG_PERM_MOUNT, cr)) != 0)
4543Smarks		return (error);
4543Smarks
4543Smarks	if ((error = zfs_get_parent(to, parentname,
4543Smarks	    sizeof (parentname))) != 0)
4543Smarks		return (error);
4543Smarks
4543Smarks	if ((error = zfs_secpolicy_write_perms(parentname,
4543Smarks	    ZFS_DELEG_PERM_CREATE, cr)) != 0)
4543Smarks		return (error);
4543Smarks
4543Smarks	if ((error = zfs_secpolicy_write_perms(parentname,
4543Smarks	    ZFS_DELEG_PERM_MOUNT, cr)) != 0)
4543Smarks		return (error);
4543Smarks
4543Smarks	return (error);
4543Smarks}
4543Smarks
4543Smarksstatic int
4543Smarkszfs_secpolicy_rename(zfs_cmd_t *zc, cred_t *cr)
4543Smarks{
4543Smarks	return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr));
4543Smarks}
4543Smarks
4543Smarksstatic int
4543Smarkszfs_secpolicy_promote(zfs_cmd_t *zc, cred_t *cr)
4543Smarks{
11022STom.Erickson@Sun.COM	char	parentname[MAXNAMELEN];
4543Smarks	objset_t *clone;
4543Smarks	int error;
4543Smarks
4543Smarks	error = zfs_secpolicy_write_perms(zc->zc_name,
4543Smarks	    ZFS_DELEG_PERM_PROMOTE, cr);
4543Smarks	if (error)
4543Smarks		return (error);
4543Smarks
10298SMatthew.Ahrens@Sun.COM	error = dmu_objset_hold(zc->zc_name, FTAG, &clone);
4543Smarks
4543Smarks	if (error == 0) {
4543Smarks		dsl_dataset_t *pclone = NULL;
4543Smarks		dsl_dir_t *dd;
10298SMatthew.Ahrens@Sun.COM		dd = clone->os_dsl_dataset->ds_dir;
4543Smarks
4543Smarks		rw_enter(&dd->dd_pool->dp_config_rwlock, RW_READER);
6689Smaybee		error = dsl_dataset_hold_obj(dd->dd_pool,
6689Smaybee		    dd->dd_phys->dd_origin_obj, FTAG, &pclone);
4543Smarks		rw_exit(&dd->dd_pool->dp_config_rwlock);
4543Smarks		if (error) {
10298SMatthew.Ahrens@Sun.COM			dmu_objset_rele(clone, FTAG);
4543Smarks			return (error);
4543Smarks		}
4543Smarks
4543Smarks		error = zfs_secpolicy_write_perms(zc->zc_name,
4543Smarks		    ZFS_DELEG_PERM_MOUNT, cr);
4543Smarks
4543Smarks		dsl_dataset_name(pclone, parentname);
10298SMatthew.Ahrens@Sun.COM		dmu_objset_rele(clone, FTAG);
6689Smaybee		dsl_dataset_rele(pclone, FTAG);
4543Smarks		if (error == 0)
4543Smarks			error = zfs_secpolicy_write_perms(parentname,
4543Smarks			    ZFS_DELEG_PERM_PROMOTE, cr);
4543Smarks	}
4543Smarks	return (error);
4543Smarks}
4543Smarks
4543Smarksstatic int
4543Smarkszfs_secpolicy_receive(zfs_cmd_t *zc, cred_t *cr)
4543Smarks{
4543Smarks	int error;
4543Smarks
4543Smarks	if ((error = zfs_secpolicy_write_perms(zc->zc_name,
4543Smarks	    ZFS_DELEG_PERM_RECEIVE, cr)) != 0)
4543Smarks		return (error);
4543Smarks
4543Smarks	if ((error = zfs_secpolicy_write_perms(zc->zc_name,
4543Smarks	    ZFS_DELEG_PERM_MOUNT, cr)) != 0)
4543Smarks		return (error);
4543Smarks
4543Smarks	return (zfs_secpolicy_write_perms(zc->zc_name,
4543Smarks	    ZFS_DELEG_PERM_CREATE, cr));
4543Smarks}
4543Smarks
4543Smarksint
4543Smarkszfs_secpolicy_snapshot_perms(const char *name, cred_t *cr)
4543Smarks{
10588SEric.Taylor@Sun.COM	return (zfs_secpolicy_write_perms(name,
10588SEric.Taylor@Sun.COM	    ZFS_DELEG_PERM_SNAPSHOT, cr));
4543Smarks}
4543Smarks
4543Smarksstatic int
4543Smarkszfs_secpolicy_snapshot(zfs_cmd_t *zc, cred_t *cr)
4543Smarks{
4543Smarks
4543Smarks	return (zfs_secpolicy_snapshot_perms(zc->zc_name, cr));
4543Smarks}
4543Smarks
4543Smarksstatic int
4543Smarkszfs_secpolicy_create(zfs_cmd_t *zc, cred_t *cr)
4543Smarks{
11022STom.Erickson@Sun.COM	char	parentname[MAXNAMELEN];
11022STom.Erickson@Sun.COM	int	error;
4543Smarks
4543Smarks	if ((error = zfs_get_parent(zc->zc_name, parentname,
4543Smarks	    sizeof (parentname))) != 0)
4543Smarks		return (error);
4543Smarks
4543Smarks	if (zc->zc_value[0] != '\0') {
4543Smarks		if ((error = zfs_secpolicy_write_perms(zc->zc_value,
4543Smarks		    ZFS_DELEG_PERM_CLONE, cr)) != 0)
4543Smarks			return (error);
4543Smarks	}
4543Smarks
4543Smarks	if ((error = zfs_secpolicy_write_perms(parentname,
4543Smarks	    ZFS_DELEG_PERM_CREATE, cr)) != 0)
4543Smarks		return (error);
4543Smarks
4543Smarks	error = zfs_secpolicy_write_perms(parentname,
4543Smarks	    ZFS_DELEG_PERM_MOUNT, cr);
4543Smarks
4543Smarks	return (error);
4543Smarks}
4543Smarks
4543Smarksstatic int
4543Smarkszfs_secpolicy_umount(zfs_cmd_t *zc, cred_t *cr)
4543Smarks{
4543Smarks	int error;
4543Smarks
4543Smarks	error = secpolicy_fs_unmount(cr, NULL);
4543Smarks	if (error) {
4543Smarks		error = dsl_deleg_access(zc->zc_name, ZFS_DELEG_PERM_MOUNT, cr);
4543Smarks	}
4543Smarks	return (error);
789Sahrens}
789Sahrens
789Sahrens/*
789Sahrens * Policy for pool operations - create/destroy pools, add vdevs, etc.  Requires
789Sahrens * SYS_CONFIG privilege, which is not available in a local zone.
789Sahrens */
789Sahrens/* ARGSUSED */
789Sahrensstatic int
4543Smarkszfs_secpolicy_config(zfs_cmd_t *zc, cred_t *cr)
789Sahrens{
789Sahrens	if (secpolicy_sys_config(cr, B_FALSE) != 0)
789Sahrens		return (EPERM);
789Sahrens
789Sahrens	return (0);
789Sahrens}
789Sahrens
789Sahrens/*
13043STim.Haley@Sun.COM * Policy for object to name lookups.
13043STim.Haley@Sun.COM */
13043STim.Haley@Sun.COM/* ARGSUSED */
13043STim.Haley@Sun.COMstatic int
13043STim.Haley@Sun.COMzfs_secpolicy_diff(zfs_cmd_t *zc, cred_t *cr)
13043STim.Haley@Sun.COM{
13043STim.Haley@Sun.COM	int error;
13043STim.Haley@Sun.COM
13043STim.Haley@Sun.COM	if ((error = secpolicy_sys_config(cr, B_FALSE)) == 0)
13043STim.Haley@Sun.COM		return (0);
13043STim.Haley@Sun.COM
13043STim.Haley@Sun.COM	error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr);
13043STim.Haley@Sun.COM	return (error);
13043STim.Haley@Sun.COM}
13043STim.Haley@Sun.COM
13043STim.Haley@Sun.COM/*
1544Seschrock * Policy for fault injection.  Requires all privileges.
1544Seschrock */
1544Seschrock/* ARGSUSED */
1544Seschrockstatic int
4543Smarkszfs_secpolicy_inject(zfs_cmd_t *zc, cred_t *cr)
1544Seschrock{
1544Seschrock	return (secpolicy_zinject(cr));
1544Seschrock}
1544Seschrock
4849Sahrensstatic int
4849Sahrenszfs_secpolicy_inherit(zfs_cmd_t *zc, cred_t *cr)
4849Sahrens{
4849Sahrens	zfs_prop_t prop = zfs_name_to_prop(zc->zc_value);
4849Sahrens
5094Slling	if (prop == ZPROP_INVAL) {
4849Sahrens		if (!zfs_prop_user(zc->zc_value))
4849Sahrens			return (EINVAL);
4849Sahrens		return (zfs_secpolicy_write_perms(zc->zc_name,
4849Sahrens		    ZFS_DELEG_PERM_USERPROP, cr));
4849Sahrens	} else {
11022STom.Erickson@Sun.COM		return (zfs_secpolicy_setprop(zc->zc_name, prop,
11022STom.Erickson@Sun.COM		    NULL, cr));
4849Sahrens	}
4849Sahrens}
4849Sahrens
9396SMatthew.Ahrens@Sun.COMstatic int
9396SMatthew.Ahrens@Sun.COMzfs_secpolicy_userspace_one(zfs_cmd_t *zc, cred_t *cr)
9396SMatthew.Ahrens@Sun.COM{
9396SMatthew.Ahrens@Sun.COM	int err = zfs_secpolicy_read(zc, cr);
9396SMatthew.Ahrens@Sun.COM	if (err)
9396SMatthew.Ahrens@Sun.COM		return (err);
9396SMatthew.Ahrens@Sun.COM
9396SMatthew.Ahrens@Sun.COM	if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
9396SMatthew.Ahrens@Sun.COM		return (EINVAL);
9396SMatthew.Ahrens@Sun.COM
9396SMatthew.Ahrens@Sun.COM	if (zc->zc_value[0] == 0) {
9396SMatthew.Ahrens@Sun.COM		/*
9396SMatthew.Ahrens@Sun.COM		 * They are asking about a posix uid/gid.  If it's
9396SMatthew.Ahrens@Sun.COM		 * themself, allow it.
9396SMatthew.Ahrens@Sun.COM		 */
9396SMatthew.Ahrens@Sun.COM		if (zc->zc_objset_type == ZFS_PROP_USERUSED ||
9396SMatthew.Ahrens@Sun.COM		    zc->zc_objset_type == ZFS_PROP_USERQUOTA) {
9396SMatthew.Ahrens@Sun.COM			if (zc->zc_guid == crgetuid(cr))
9396SMatthew.Ahrens@Sun.COM				return (0);
9396SMatthew.Ahrens@Sun.COM		} else {
9396SMatthew.Ahrens@Sun.COM			if (groupmember(zc->zc_guid, cr))
9396SMatthew.Ahrens@Sun.COM				return (0);
9396SMatthew.Ahrens@Sun.COM		}
9396SMatthew.Ahrens@Sun.COM	}
9396SMatthew.Ahrens@Sun.COM
9396SMatthew.Ahrens@Sun.COM	return (zfs_secpolicy_write_perms(zc->zc_name,
9396SMatthew.Ahrens@Sun.COM	    userquota_perms[zc->zc_objset_type], cr));
9396SMatthew.Ahrens@Sun.COM}
9396SMatthew.Ahrens@Sun.COM
9396SMatthew.Ahrens@Sun.COMstatic int
9396SMatthew.Ahrens@Sun.COMzfs_secpolicy_userspace_many(zfs_cmd_t *zc, cred_t *cr)
9396SMatthew.Ahrens@Sun.COM{
9396SMatthew.Ahrens@Sun.COM	int err = zfs_secpolicy_read(zc, cr);
9396SMatthew.Ahrens@Sun.COM	if (err)
9396SMatthew.Ahrens@Sun.COM		return (err);
9396SMatthew.Ahrens@Sun.COM
9396SMatthew.Ahrens@Sun.COM	if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
9396SMatthew.Ahrens@Sun.COM		return (EINVAL);
9396SMatthew.Ahrens@Sun.COM
9396SMatthew.Ahrens@Sun.COM	return (zfs_secpolicy_write_perms(zc->zc_name,
9396SMatthew.Ahrens@Sun.COM	    userquota_perms[zc->zc_objset_type], cr));
9396SMatthew.Ahrens@Sun.COM}
9396SMatthew.Ahrens@Sun.COM
9396SMatthew.Ahrens@Sun.COMstatic int
9396SMatthew.Ahrens@Sun.COMzfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, cred_t *cr)
9396SMatthew.Ahrens@Sun.COM{
11022STom.Erickson@Sun.COM	return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION,
11022STom.Erickson@Sun.COM	    NULL, cr));
9396SMatthew.Ahrens@Sun.COM}
9396SMatthew.Ahrens@Sun.COM
10242Schris.kirby@sun.comstatic int
10242Schris.kirby@sun.comzfs_secpolicy_hold(zfs_cmd_t *zc, cred_t *cr)
10242Schris.kirby@sun.com{
10242Schris.kirby@sun.com	return (zfs_secpolicy_write_perms(zc->zc_name,
10242Schris.kirby@sun.com	    ZFS_DELEG_PERM_HOLD, cr));
10242Schris.kirby@sun.com}
10242Schris.kirby@sun.com
10242Schris.kirby@sun.comstatic int
10242Schris.kirby@sun.comzfs_secpolicy_release(zfs_cmd_t *zc, cred_t *cr)
10242Schris.kirby@sun.com{
10242Schris.kirby@sun.com	return (zfs_secpolicy_write_perms(zc->zc_name,
10242Schris.kirby@sun.com	    ZFS_DELEG_PERM_RELEASE, cr));
10242Schris.kirby@sun.com}
10242Schris.kirby@sun.com
1544Seschrock/*
13043STim.Haley@Sun.COM * Policy for allowing temporary snapshots to be taken or released
13043STim.Haley@Sun.COM */
13043STim.Haley@Sun.COMstatic int
13043STim.Haley@Sun.COMzfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, cred_t *cr)
13043STim.Haley@Sun.COM{
13043STim.Haley@Sun.COM	/*
13043STim.Haley@Sun.COM	 * A temporary snapshot is the same as a snapshot,
13043STim.Haley@Sun.COM	 * hold, destroy and release all rolled into one.
13043STim.Haley@Sun.COM	 * Delegated diff alone is sufficient that we allow this.
13043STim.Haley@Sun.COM	 */
13043STim.Haley@Sun.COM	int error;
13043STim.Haley@Sun.COM
13043STim.Haley@Sun.COM	if ((error = zfs_secpolicy_write_perms(zc->zc_name,
13043STim.Haley@Sun.COM	    ZFS_DELEG_PERM_DIFF, cr)) == 0)
13043STim.Haley@Sun.COM		return (0);
13043STim.Haley@Sun.COM
13043STim.Haley@Sun.COM	error = zfs_secpolicy_snapshot(zc, cr);
13043STim.Haley@Sun.COM	if (!error)
13043STim.Haley@Sun.COM		error = zfs_secpolicy_hold(zc, cr);
13043STim.Haley@Sun.COM	if (!error)
13043STim.Haley@Sun.COM		error = zfs_secpolicy_release(zc, cr);
13043STim.Haley@Sun.COM	if (!error)
13043STim.Haley@Sun.COM		error = zfs_secpolicy_destroy(zc, cr);
13043STim.Haley@Sun.COM	return (error);
13043STim.Haley@Sun.COM}
13043STim.Haley@Sun.COM
13043STim.Haley@Sun.COM/*
789Sahrens * Returns the nvlist as specified by the user in the zfs_cmd_t.
789Sahrens */
789Sahrensstatic int
9643SEric.Taylor@Sun.COMget_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp)
789Sahrens{
789Sahrens	char *packed;
789Sahrens	int error;
5094Slling	nvlist_t *list = NULL;
789Sahrens
789Sahrens	/*
2676Seschrock	 * Read in and unpack the user-supplied nvlist.
789Sahrens	 */
5094Slling	if (size == 0)
789Sahrens		return (EINVAL);
789Sahrens
789Sahrens	packed = kmem_alloc(size, KM_SLEEP);
789Sahrens
9643SEric.Taylor@Sun.COM	if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size,
9643SEric.Taylor@Sun.COM	    iflag)) != 0) {
789Sahrens		kmem_free(packed, size);
789Sahrens		return (error);
789Sahrens	}
789Sahrens
5094Slling	if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) {
789Sahrens		kmem_free(packed, size);
789Sahrens		return (error);
789Sahrens	}
789Sahrens
789Sahrens	kmem_free(packed, size);
789Sahrens
5094Slling	*nvp = list;
789Sahrens	return (0);
789Sahrens}
789Sahrens
789Sahrensstatic int
11022STom.Erickson@Sun.COMfit_error_list(zfs_cmd_t *zc, nvlist_t **errors)
11022STom.Erickson@Sun.COM{
11022STom.Erickson@Sun.COM	size_t size;
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	VERIFY(nvlist_size(*errors, &size, NV_ENCODE_NATIVE) == 0);
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	if (size > zc->zc_nvlist_dst_size) {
11022STom.Erickson@Sun.COM		nvpair_t *more_errors;
11022STom.Erickson@Sun.COM		int n = 0;
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM		if (zc->zc_nvlist_dst_size < 1024)
11022STom.Erickson@Sun.COM			return (ENOMEM);
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM		VERIFY(nvlist_add_int32(*errors, ZPROP_N_MORE_ERRORS, 0) == 0);
11022STom.Erickson@Sun.COM		more_errors = nvlist_prev_nvpair(*errors, NULL);
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM		do {
11022STom.Erickson@Sun.COM			nvpair_t *pair = nvlist_prev_nvpair(*errors,
11022STom.Erickson@Sun.COM			    more_errors);
11022STom.Erickson@Sun.COM			VERIFY(nvlist_remove_nvpair(*errors, pair) == 0);
11022STom.Erickson@Sun.COM			n++;
11022STom.Erickson@Sun.COM			VERIFY(nvlist_size(*errors, &size,
11022STom.Erickson@Sun.COM			    NV_ENCODE_NATIVE) == 0);
11022STom.Erickson@Sun.COM		} while (size > zc->zc_nvlist_dst_size);
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM		VERIFY(nvlist_remove_nvpair(*errors, more_errors) == 0);
11022STom.Erickson@Sun.COM		VERIFY(nvlist_add_int32(*errors, ZPROP_N_MORE_ERRORS, n) == 0);
11022STom.Erickson@Sun.COM		ASSERT(nvlist_size(*errors, &size, NV_ENCODE_NATIVE) == 0);
11022STom.Erickson@Sun.COM		ASSERT(size <= zc->zc_nvlist_dst_size);
11022STom.Erickson@Sun.COM	}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	return (0);
11022STom.Erickson@Sun.COM}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COMstatic int
2676Seschrockput_nvlist(zfs_cmd_t *zc, nvlist_t *nvl)
2676Seschrock{
2676Seschrock	char *packed = NULL;
11807SSam.Falkner@Sun.COM	int error = 0;
2676Seschrock	size_t size;
2676Seschrock
2676Seschrock	VERIFY(nvlist_size(nvl, &size, NV_ENCODE_NATIVE) == 0);
2676Seschrock
2676Seschrock	if (size > zc->zc_nvlist_dst_size) {
2676Seschrock		error = ENOMEM;
2676Seschrock	} else {
4611Smarks		packed = kmem_alloc(size, KM_SLEEP);
2676Seschrock		VERIFY(nvlist_pack(nvl, &packed, &size, NV_ENCODE_NATIVE,
2676Seschrock		    KM_SLEEP) == 0);
11807SSam.Falkner@Sun.COM		if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst,
11807SSam.Falkner@Sun.COM		    size, zc->zc_iflags) != 0)
11807SSam.Falkner@Sun.COM			error = EFAULT;
2676Seschrock		kmem_free(packed, size);
2676Seschrock	}
2676Seschrock
2676Seschrock	zc->zc_nvlist_dst_size = size;
2676Seschrock	return (error);
2676Seschrock}
2676Seschrock
2676Seschrockstatic int
11185SSean.McEnroe@Sun.COMgetzfsvfs(const char *dsname, zfsvfs_t **zfvp)
9396SMatthew.Ahrens@Sun.COM{
9396SMatthew.Ahrens@Sun.COM	objset_t *os;
9396SMatthew.Ahrens@Sun.COM	int error;
9396SMatthew.Ahrens@Sun.COM
10298SMatthew.Ahrens@Sun.COM	error = dmu_objset_hold(dsname, FTAG, &os);
9396SMatthew.Ahrens@Sun.COM	if (error)
9396SMatthew.Ahrens@Sun.COM		return (error);
10298SMatthew.Ahrens@Sun.COM	if (dmu_objset_type(os) != DMU_OST_ZFS) {
10298SMatthew.Ahrens@Sun.COM		dmu_objset_rele(os, FTAG);
10298SMatthew.Ahrens@Sun.COM		return (EINVAL);
10298SMatthew.Ahrens@Sun.COM	}
10298SMatthew.Ahrens@Sun.COM
10298SMatthew.Ahrens@Sun.COM	mutex_enter(&os->os_user_ptr_lock);
11185SSean.McEnroe@Sun.COM	*zfvp = dmu_objset_get_user(os);
11185SSean.McEnroe@Sun.COM	if (*zfvp) {
11185SSean.McEnroe@Sun.COM		VFS_HOLD((*zfvp)->z_vfs);
9396SMatthew.Ahrens@Sun.COM	} else {
9396SMatthew.Ahrens@Sun.COM		error = ESRCH;
9396SMatthew.Ahrens@Sun.COM	}
10298SMatthew.Ahrens@Sun.COM	mutex_exit(&os->os_user_ptr_lock);
10298SMatthew.Ahrens@Sun.COM	dmu_objset_rele(os, FTAG);
9396SMatthew.Ahrens@Sun.COM	return (error);
9396SMatthew.Ahrens@Sun.COM}
9396SMatthew.Ahrens@Sun.COM
9396SMatthew.Ahrens@Sun.COM/*
9396SMatthew.Ahrens@Sun.COM * Find a zfsvfs_t for a mounted filesystem, or create our own, in which
9396SMatthew.Ahrens@Sun.COM * case its z_vfs will be NULL, and it will be opened as the owner.
9396SMatthew.Ahrens@Sun.COM */
9396SMatthew.Ahrens@Sun.COMstatic int
12620SMark.Shellenbaum@Oracle.COMzfsvfs_hold(const char *name, void *tag, zfsvfs_t **zfvp, boolean_t writer)
9396SMatthew.Ahrens@Sun.COM{
9396SMatthew.Ahrens@Sun.COM	int error = 0;
9396SMatthew.Ahrens@Sun.COM
11185SSean.McEnroe@Sun.COM	if (getzfsvfs(name, zfvp) != 0)
11185SSean.McEnroe@Sun.COM		error = zfsvfs_create(name, zfvp);
9396SMatthew.Ahrens@Sun.COM	if (error == 0) {
12620SMark.Shellenbaum@Oracle.COM		rrw_enter(&(*zfvp)->z_teardown_lock, (writer) ? RW_WRITER :
12620SMark.Shellenbaum@Oracle.COM		    RW_READER, tag);
11185SSean.McEnroe@Sun.COM		if ((*zfvp)->z_unmounted) {
9396SMatthew.Ahrens@Sun.COM			/*
9396SMatthew.Ahrens@Sun.COM			 * XXX we could probably try again, since the unmounting
9396SMatthew.Ahrens@Sun.COM			 * thread should be just about to disassociate the
9396SMatthew.Ahrens@Sun.COM			 * objset from the zfsvfs.
9396SMatthew.Ahrens@Sun.COM			 */
11185SSean.McEnroe@Sun.COM			rrw_exit(&(*zfvp)->z_teardown_lock, tag);
9396SMatthew.Ahrens@Sun.COM			return (EBUSY);
9396SMatthew.Ahrens@Sun.COM		}
9396SMatthew.Ahrens@Sun.COM	}
9396SMatthew.Ahrens@Sun.COM	return (error);
9396SMatthew.Ahrens@Sun.COM}
9396SMatthew.Ahrens@Sun.COM
9396SMatthew.Ahrens@Sun.COMstatic void
9396SMatthew.Ahrens@Sun.COMzfsvfs_rele(zfsvfs_t *zfsvfs, void *tag)
9396SMatthew.Ahrens@Sun.COM{
9396SMatthew.Ahrens@Sun.COM	rrw_exit(&zfsvfs->z_teardown_lock, tag);
9396SMatthew.Ahrens@Sun.COM
9396SMatthew.Ahrens@Sun.COM	if (zfsvfs->z_vfs) {
9396SMatthew.Ahrens@Sun.COM		VFS_RELE(zfsvfs->z_vfs);
9396SMatthew.Ahrens@Sun.COM	} else {
10298SMatthew.Ahrens@Sun.COM		dmu_objset_disown(zfsvfs->z_os, zfsvfs);
9396SMatthew.Ahrens@Sun.COM		zfsvfs_free(zfsvfs);
9396SMatthew.Ahrens@Sun.COM	}
9396SMatthew.Ahrens@Sun.COM}
9396SMatthew.Ahrens@Sun.COM
9396SMatthew.Ahrens@Sun.COMstatic int
789Sahrenszfs_ioc_pool_create(zfs_cmd_t *zc)
789Sahrens{
789Sahrens	int error;
5094Slling	nvlist_t *config, *props = NULL;
7184Stimh	nvlist_t *rootprops = NULL;
7184Stimh	nvlist_t *zplprops = NULL;
4715Sek110237	char *buf;
789Sahrens
5094Slling	if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
9643SEric.Taylor@Sun.COM	    zc->zc_iflags, &config))
4988Sek110237		return (error);
4715Sek110237
5094Slling	if (zc->zc_nvlist_src_size != 0 && (error =
9643SEric.Taylor@Sun.COM	    get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
9643SEric.Taylor@Sun.COM	    zc->zc_iflags, &props))) {
5094Slling		nvlist_free(config);
5094Slling		return (error);
5094Slling	}
5094Slling
7184Stimh	if (props) {
7184Stimh		nvlist_t *nvl = NULL;
7184Stimh		uint64_t version = SPA_VERSION;
7184Stimh
7184Stimh		(void) nvlist_lookup_uint64(props,
7184Stimh		    zpool_prop_to_name(ZPOOL_PROP_VERSION), &version);
7184Stimh		if (version < SPA_VERSION_INITIAL || version > SPA_VERSION) {
7184Stimh			error = EINVAL;
7184Stimh			goto pool_props_bad;
7184Stimh		}
7184Stimh		(void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl);
7184Stimh		if (nvl) {
7184Stimh			error = nvlist_dup(nvl, &rootprops, KM_SLEEP);
7184Stimh			if (error != 0) {
7184Stimh				nvlist_free(config);
7184Stimh				nvlist_free(props);
7184Stimh				return (error);
7184Stimh			}
7184Stimh			(void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS);
7184Stimh		}
7184Stimh		VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
7184Stimh		error = zfs_fill_zplprops_root(version, rootprops,
7184Stimh		    zplprops, NULL);
7184Stimh		if (error)
7184Stimh			goto pool_props_bad;
7184Stimh	}
7184Stimh
4988Sek110237	buf = history_str_get(zc);
789Sahrens
7184Stimh	error = spa_create(zc->zc_name, config, props, buf, zplprops);
7184Stimh
7184Stimh	/*
7184Stimh	 * Set the remaining root properties
7184Stimh	 */
11022STom.Erickson@Sun.COM	if (!error && (error = zfs_set_prop_nvlist(zc->zc_name,
11022STom.Erickson@Sun.COM	    ZPROP_SRC_LOCAL, rootprops, NULL)) != 0)
7184Stimh		(void) spa_destroy(zc->zc_name);
789Sahrens
4988Sek110237	if (buf != NULL)
4988Sek110237		history_str_free(buf);
5094Slling
7184Stimhpool_props_bad:
7184Stimh	nvlist_free(rootprops);
7184Stimh	nvlist_free(zplprops);
789Sahrens	nvlist_free(config);
7184Stimh	nvlist_free(props);
5094Slling
789Sahrens	return (error);
789Sahrens}
789Sahrens
789Sahrensstatic int
789Sahrenszfs_ioc_pool_destroy(zfs_cmd_t *zc)
789Sahrens{
4543Smarks	int error;
4543Smarks	zfs_log_history(zc);
4543Smarks	error = spa_destroy(zc->zc_name);
10588SEric.Taylor@Sun.COM	if (error == 0)
10588SEric.Taylor@Sun.COM		zvol_remove_minors(zc->zc_name);
4543Smarks	return (error);
789Sahrens}
789Sahrens
789Sahrensstatic int
789Sahrenszfs_ioc_pool_import(zfs_cmd_t *zc)
789Sahrens{
5094Slling	nvlist_t *config, *props = NULL;
789Sahrens	uint64_t guid;
10921STim.Haley@Sun.COM	int error;
789Sahrens
5094Slling	if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
9643SEric.Taylor@Sun.COM	    zc->zc_iflags, &config)) != 0)
789Sahrens		return (error);
789Sahrens
5094Slling	if (zc->zc_nvlist_src_size != 0 && (error =
9643SEric.Taylor@Sun.COM	    get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
9643SEric.Taylor@Sun.COM	    zc->zc_iflags, &props))) {
5094Slling		nvlist_free(config);
5094Slling		return (error);
5094Slling	}
5094Slling
789Sahrens	if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 ||
1544Seschrock	    guid != zc->zc_guid)
789Sahrens		error = EINVAL;
789Sahrens	else
12949SGeorge.Wilson@Sun.COM		error = spa_import(zc->zc_name, config, props, zc->zc_cookie);
12949SGeorge.Wilson@Sun.COM
12949SGeorge.Wilson@Sun.COM	if (zc->zc_nvlist_dst != 0) {
12949SGeorge.Wilson@Sun.COM		int err;
12949SGeorge.Wilson@Sun.COM
12949SGeorge.Wilson@Sun.COM		if ((err = put_nvlist(zc, config)) != 0)
12949SGeorge.Wilson@Sun.COM			error = err;
12949SGeorge.Wilson@Sun.COM	}
10921STim.Haley@Sun.COM
789Sahrens	nvlist_free(config);
789Sahrens
5094Slling	if (props)
5094Slling		nvlist_free(props);
5094Slling
789Sahrens	return (error);
789Sahrens}
789Sahrens
789Sahrensstatic int
789Sahrenszfs_ioc_pool_export(zfs_cmd_t *zc)
789Sahrens{
4543Smarks	int error;
7214Slling	boolean_t force = (boolean_t)zc->zc_cookie;
8211SGeorge.Wilson@Sun.COM	boolean_t hardforce = (boolean_t)zc->zc_guid;
7214Slling
4543Smarks	zfs_log_history(zc);
8211SGeorge.Wilson@Sun.COM	error = spa_export(zc->zc_name, NULL, force, hardforce);
10588SEric.Taylor@Sun.COM	if (error == 0)
10588SEric.Taylor@Sun.COM		zvol_remove_minors(zc->zc_name);
4543Smarks	return (error);
789Sahrens}
789Sahrens
789Sahrensstatic int
789Sahrenszfs_ioc_pool_configs(zfs_cmd_t *zc)
789Sahrens{
789Sahrens	nvlist_t *configs;
789Sahrens	int error;
789Sahrens
789Sahrens	if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL)
789Sahrens		return (EEXIST);
789Sahrens
2676Seschrock	error = put_nvlist(zc, configs);
789Sahrens
789Sahrens	nvlist_free(configs);
789Sahrens
789Sahrens	return (error);
789Sahrens}
789Sahrens
789Sahrensstatic int
789Sahrenszfs_ioc_pool_stats(zfs_cmd_t *zc)
789Sahrens{
789Sahrens	nvlist_t *config;
789Sahrens	int error;
1544Seschrock	int ret = 0;
789Sahrens
2676Seschrock	error = spa_get_stats(zc->zc_name, &config, zc->zc_value,
2676Seschrock	    sizeof (zc->zc_value));
789Sahrens
789Sahrens	if (config != NULL) {
2676Seschrock		ret = put_nvlist(zc, config);
789Sahrens		nvlist_free(config);
1544Seschrock
1544Seschrock		/*
1544Seschrock		 * The config may be present even if 'error' is non-zero.
1544Seschrock		 * In this case we return success, and preserve the real errno
1544Seschrock		 * in 'zc_cookie'.
1544Seschrock		 */
1544Seschrock		zc->zc_cookie = error;
789Sahrens	} else {
1544Seschrock		ret = error;
789Sahrens	}
789Sahrens
1544Seschrock	return (ret);
789Sahrens}
789Sahrens
789Sahrens/*
789Sahrens * Try to import the given pool, returning pool stats as appropriate so that
789Sahrens * user land knows which devices are available and overall pool health.
789Sahrens */
789Sahrensstatic int
789Sahrenszfs_ioc_pool_tryimport(zfs_cmd_t *zc)
789Sahrens{
789Sahrens	nvlist_t *tryconfig, *config;
789Sahrens	int error;
789Sahrens
5094Slling	if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
9643SEric.Taylor@Sun.COM	    zc->zc_iflags, &tryconfig)) != 0)
789Sahrens		return (error);
789Sahrens
789Sahrens	config = spa_tryimport(tryconfig);
789Sahrens
789Sahrens	nvlist_free(tryconfig);
789Sahrens
789Sahrens	if (config == NULL)
789Sahrens		return (EINVAL);
789Sahrens
2676Seschrock	error = put_nvlist(zc, config);
789Sahrens	nvlist_free(config);
789Sahrens
789Sahrens	return (error);
789Sahrens}
789Sahrens
12296SLin.Ling@Sun.COM/*
12296SLin.Ling@Sun.COM * inputs:
12296SLin.Ling@Sun.COM * zc_name              name of the pool
12296SLin.Ling@Sun.COM * zc_cookie            scan func (pool_scan_func_t)
12296SLin.Ling@Sun.COM */
789Sahrensstatic int
12296SLin.Ling@Sun.COMzfs_ioc_pool_scan(zfs_cmd_t *zc)
789Sahrens{
789Sahrens	spa_t *spa;
789Sahrens	int error;
789Sahrens
2926Sek110237	if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
2926Sek110237		return (error);
2926Sek110237
12296SLin.Ling@Sun.COM	if (zc->zc_cookie == POOL_SCAN_NONE)
12296SLin.Ling@Sun.COM		error = spa_scan_stop(spa);
12296SLin.Ling@Sun.COM	else
12296SLin.Ling@Sun.COM		error = spa_scan(spa, zc->zc_cookie);
2926Sek110237
2926Sek110237	spa_close(spa, FTAG);
2926Sek110237
789Sahrens	return (error);
789Sahrens}
789Sahrens
789Sahrensstatic int
789Sahrenszfs_ioc_pool_freeze(zfs_cmd_t *zc)
789Sahrens{
789Sahrens	spa_t *spa;
789Sahrens	int error;
789Sahrens
789Sahrens	error = spa_open(zc->zc_name, &spa, FTAG);
789Sahrens	if (error == 0) {
789Sahrens		spa_freeze(spa);
789Sahrens		spa_close(spa, FTAG);
789Sahrens	}
789Sahrens	return (error);
789Sahrens}
789Sahrens
789Sahrensstatic int
1760Seschrockzfs_ioc_pool_upgrade(zfs_cmd_t *zc)
1760Seschrock{
1760Seschrock	spa_t *spa;
1760Seschrock	int error;
1760Seschrock
2926Sek110237	if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
2926Sek110237		return (error);
2926Sek110237
5118Slling	if (zc->zc_cookie < spa_version(spa) || zc->zc_cookie > SPA_VERSION) {
5118Slling		spa_close(spa, FTAG);
5118Slling		return (EINVAL);
5118Slling	}
5118Slling
5094Slling	spa_upgrade(spa, zc->zc_cookie);
2926Sek110237	spa_close(spa, FTAG);
2926Sek110237
2926Sek110237	return (error);
2926Sek110237}
2926Sek110237
2926Sek110237static int
2926Sek110237zfs_ioc_pool_get_history(zfs_cmd_t *zc)
2926Sek110237{
2926Sek110237	spa_t *spa;
2926Sek110237	char *hist_buf;
2926Sek110237	uint64_t size;
2926Sek110237	int error;
2926Sek110237
2926Sek110237	if ((size = zc->zc_history_len) == 0)
2926Sek110237		return (EINVAL);
2926Sek110237
2926Sek110237	if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
2926Sek110237		return (error);
2926Sek110237
4577Sahrens	if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
3863Sek110237		spa_close(spa, FTAG);
3863Sek110237		return (ENOTSUP);
3863Sek110237	}
3863Sek110237
2926Sek110237	hist_buf = kmem_alloc(size, KM_SLEEP);
2926Sek110237	if ((error = spa_history_get(spa, &zc->zc_history_offset,
2926Sek110237	    &zc->zc_history_len, hist_buf)) == 0) {
9643SEric.Taylor@Sun.COM		error = ddi_copyout(hist_buf,
9643SEric.Taylor@Sun.COM		    (void *)(uintptr_t)zc->zc_history,
9643SEric.Taylor@Sun.COM		    zc->zc_history_len, zc->zc_iflags);
2926Sek110237	}
2926Sek110237
2926Sek110237	spa_close(spa, FTAG);
2926Sek110237	kmem_free(hist_buf, size);
2926Sek110237	return (error);
2926Sek110237}
2926Sek110237
2926Sek110237static int
3444Sek110237zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc)
3444Sek110237{
3444Sek110237	int error;
3444Sek110237
3912Slling	if (error = dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value))
3444Sek110237		return (error);
3444Sek110237
3444Sek110237	return (0);
3444Sek110237}
3444Sek110237
10298SMatthew.Ahrens@Sun.COM/*
10298SMatthew.Ahrens@Sun.COM * inputs:
10298SMatthew.Ahrens@Sun.COM * zc_name		name of filesystem
10298SMatthew.Ahrens@Sun.COM * zc_obj		object to find
10298SMatthew.Ahrens@Sun.COM *
10298SMatthew.Ahrens@Sun.COM * outputs:
10298SMatthew.Ahrens@Sun.COM * zc_value		name of object
10298SMatthew.Ahrens@Sun.COM */
3444Sek110237static int
3444Sek110237zfs_ioc_obj_to_path(zfs_cmd_t *zc)
3444Sek110237{
10298SMatthew.Ahrens@Sun.COM	objset_t *os;
3444Sek110237	int error;
3444Sek110237
10298SMatthew.Ahrens@Sun.COM	/* XXX reading from objset not owned */
10298SMatthew.Ahrens@Sun.COM	if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0)
3444Sek110237		return (error);
10298SMatthew.Ahrens@Sun.COM	if (dmu_objset_type(os) != DMU_OST_ZFS) {
10298SMatthew.Ahrens@Sun.COM		dmu_objset_rele(os, FTAG);
10298SMatthew.Ahrens@Sun.COM		return (EINVAL);
10298SMatthew.Ahrens@Sun.COM	}
10298SMatthew.Ahrens@Sun.COM	error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value,
3444Sek110237	    sizeof (zc->zc_value));
10298SMatthew.Ahrens@Sun.COM	dmu_objset_rele(os, FTAG);
3444Sek110237
3444Sek110237	return (error);
3444Sek110237}
3444Sek110237
13043STim.Haley@Sun.COM/*
13043STim.Haley@Sun.COM * inputs:
13043STim.Haley@Sun.COM * zc_name		name of filesystem
13043STim.Haley@Sun.COM * zc_obj		object to find
13043STim.Haley@Sun.COM *
13043STim.Haley@Sun.COM * outputs:
13043STim.Haley@Sun.COM * zc_stat		stats on object
13043STim.Haley@Sun.COM * zc_value		path to object
13043STim.Haley@Sun.COM */
13043STim.Haley@Sun.COMstatic int
13043STim.Haley@Sun.COMzfs_ioc_obj_to_stats(zfs_cmd_t *zc)
13043STim.Haley@Sun.COM{
13043STim.Haley@Sun.COM	objset_t *os;
13043STim.Haley@Sun.COM	int error;
13043STim.Haley@Sun.COM
13043STim.Haley@Sun.COM	/* XXX reading from objset not owned */
13043STim.Haley@Sun.COM	if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0)
13043STim.Haley@Sun.COM		return (error);
13043STim.Haley@Sun.COM	if (dmu_objset_type(os) != DMU_OST_ZFS) {
13043STim.Haley@Sun.COM		dmu_objset_rele(os, FTAG);
13043STim.Haley@Sun.COM		return (EINVAL);
13043STim.Haley@Sun.COM	}
13043STim.Haley@Sun.COM	error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value,
13043STim.Haley@Sun.COM	    sizeof (zc->zc_value));
13043STim.Haley@Sun.COM	dmu_objset_rele(os, FTAG);
13043STim.Haley@Sun.COM
13043STim.Haley@Sun.COM	return (error);
13043STim.Haley@Sun.COM}
13043STim.Haley@Sun.COM
3444Sek110237static int
789Sahrenszfs_ioc_vdev_add(zfs_cmd_t *zc)
789Sahrens{
789Sahrens	spa_t *spa;
789Sahrens	int error;
6423Sgw25295	nvlist_t *config, **l2cache, **spares;
6423Sgw25295	uint_t nl2cache = 0, nspares = 0;
789Sahrens
789Sahrens	error = spa_open(zc->zc_name, &spa, FTAG);
789Sahrens	if (error != 0)
789Sahrens		return (error);
789Sahrens
5450Sbrendan	error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
9643SEric.Taylor@Sun.COM	    zc->zc_iflags, &config);
5450Sbrendan	(void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_L2CACHE,
5450Sbrendan	    &l2cache, &nl2cache);
5450Sbrendan
6423Sgw25295	(void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_SPARES,
6423Sgw25295	    &spares, &nspares);
6423Sgw25295
3912Slling	/*
3912Slling	 * A root pool with concatenated devices is not supported.
6423Sgw25295	 * Thus, can not add a device to a root pool.
6423Sgw25295	 *
6423Sgw25295	 * Intent log device can not be added to a rootpool because
6423Sgw25295	 * during mountroot, zil is replayed, a seperated log device
6423Sgw25295	 * can not be accessed during the mountroot time.
6423Sgw25295	 *
6423Sgw25295	 * l2cache and spare devices are ok to be added to a rootpool.
3912Slling	 */
10922SJeff.Bonwick@Sun.COM	if (spa_bootfs(spa) != 0 && nl2cache == 0 && nspares == 0) {
11422SMark.Musante@Sun.COM		nvlist_free(config);
3912Slling		spa_close(spa, FTAG);
3912Slling		return (EDOM);
3912Slling	}
3912Slling
5450Sbrendan	if (error == 0) {
789Sahrens		error = spa_vdev_add(spa, config);
789Sahrens		nvlist_free(config);
789Sahrens	}
789Sahrens	spa_close(spa, FTAG);
789Sahrens	return (error);
789Sahrens}
789Sahrens
12296SLin.Ling@Sun.COM/*
12296SLin.Ling@Sun.COM * inputs:
12296SLin.Ling@Sun.COM * zc_name		name of the pool
12296SLin.Ling@Sun.COM * zc_nvlist_conf	nvlist of devices to remove
12296SLin.Ling@Sun.COM * zc_cookie		to stop the remove?
12296SLin.Ling@Sun.COM */
789Sahrensstatic int
789Sahrenszfs_ioc_vdev_remove(zfs_cmd_t *zc)
789Sahrens{
2082Seschrock	spa_t *spa;
2082Seschrock	int error;
2082Seschrock
2082Seschrock	error = spa_open(zc->zc_name, &spa, FTAG);
2082Seschrock	if (error != 0)
2082Seschrock		return (error);
2082Seschrock	error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE);
2082Seschrock	spa_close(spa, FTAG);
2082Seschrock	return (error);
789Sahrens}
789Sahrens
789Sahrensstatic int
4451Seschrockzfs_ioc_vdev_set_state(zfs_cmd_t *zc)
789Sahrens{
789Sahrens	spa_t *spa;
789Sahrens	int error;
4451Seschrock	vdev_state_t newstate = VDEV_STATE_UNKNOWN;
789Sahrens
2926Sek110237	if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
789Sahrens		return (error);
4451Seschrock	switch (zc->zc_cookie) {
4451Seschrock	case VDEV_STATE_ONLINE:
4451Seschrock		error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate);
4451Seschrock		break;
4451Seschrock
4451Seschrock	case VDEV_STATE_OFFLINE:
4451Seschrock		error = vdev_offline(spa, zc->zc_guid, zc->zc_obj);
4451Seschrock		break;
789Sahrens
4451Seschrock	case VDEV_STATE_FAULTED:
10817SEric.Schrock@Sun.COM		if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
10817SEric.Schrock@Sun.COM		    zc->zc_obj != VDEV_AUX_EXTERNAL)
10817SEric.Schrock@Sun.COM			zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
10817SEric.Schrock@Sun.COM
10817SEric.Schrock@Sun.COM		error = vdev_fault(spa, zc->zc_guid, zc->zc_obj);
4451Seschrock		break;
789Sahrens
4451Seschrock	case VDEV_STATE_DEGRADED:
10817SEric.Schrock@Sun.COM		if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
10817SEric.Schrock@Sun.COM		    zc->zc_obj != VDEV_AUX_EXTERNAL)
10817SEric.Schrock@Sun.COM			zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
10817SEric.Schrock@Sun.COM
10817SEric.Schrock@Sun.COM		error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj);
4451Seschrock		break;
4451Seschrock
4451Seschrock	default:
4451Seschrock		error = EINVAL;
4451Seschrock	}
4451Seschrock	zc->zc_cookie = newstate;
789Sahrens	spa_close(spa, FTAG);
789Sahrens	return (error);
789Sahrens}
789Sahrens
789Sahrensstatic int
789Sahrenszfs_ioc_vdev_attach(zfs_cmd_t *zc)
789Sahrens{
789Sahrens	spa_t *spa;
789Sahrens	int replacing = zc->zc_cookie;
789Sahrens	nvlist_t *config;
789Sahrens	int error;
789Sahrens
2926Sek110237	if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
789Sahrens		return (error);
789Sahrens
5094Slling	if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
9643SEric.Taylor@Sun.COM	    zc->zc_iflags, &config)) == 0) {
1544Seschrock		error = spa_vdev_attach(spa, zc->zc_guid, config, replacing);
789Sahrens		nvlist_free(config);
789Sahrens	}
789Sahrens
789Sahrens	spa_close(spa, FTAG);
789Sahrens	return (error);
789Sahrens}
789Sahrens
789Sahrensstatic int
789Sahrenszfs_ioc_vdev_detach(zfs_cmd_t *zc)
789Sahrens{
789Sahrens	spa_t *spa;
789Sahrens	int error;
789Sahrens
2926Sek110237	if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
789Sahrens		return (error);
789Sahrens
8241SJeff.Bonwick@Sun.COM	error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE);
789Sahrens
789Sahrens	spa_close(spa, FTAG);
789Sahrens	return (error);
789Sahrens}
789Sahrens
789Sahrensstatic int
11422SMark.Musante@Sun.COMzfs_ioc_vdev_split(zfs_cmd_t *zc)
11422SMark.Musante@Sun.COM{
11422SMark.Musante@Sun.COM	spa_t *spa;
11422SMark.Musante@Sun.COM	nvlist_t *config, *props = NULL;
11422SMark.Musante@Sun.COM	int error;
11422SMark.Musante@Sun.COM	boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT);
11422SMark.Musante@Sun.COM
11422SMark.Musante@Sun.COM	if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
11422SMark.Musante@Sun.COM		return (error);
11422SMark.Musante@Sun.COM
11422SMark.Musante@Sun.COM	if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
11422SMark.Musante@Sun.COM	    zc->zc_iflags, &config)) {
11422SMark.Musante@Sun.COM		spa_close(spa, FTAG);
11422SMark.Musante@Sun.COM		return (error);
11422SMark.Musante@Sun.COM	}
11422SMark.Musante@Sun.COM
11422SMark.Musante@Sun.COM	if (zc->zc_nvlist_src_size != 0 && (error =
11422SMark.Musante@Sun.COM	    get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
11422SMark.Musante@Sun.COM	    zc->zc_iflags, &props))) {
11422SMark.Musante@Sun.COM		spa_close(spa, FTAG);
11422SMark.Musante@Sun.COM		nvlist_free(config);
11422SMark.Musante@Sun.COM		return (error);
11422SMark.Musante@Sun.COM	}
11422SMark.Musante@Sun.COM
11422SMark.Musante@Sun.COM	error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp);
11422SMark.Musante@Sun.COM
11422SMark.Musante@Sun.COM	spa_close(spa, FTAG);
11422SMark.Musante@Sun.COM
11422SMark.Musante@Sun.COM	nvlist_free(config);
11422SMark.Musante@Sun.COM	nvlist_free(props);
11422SMark.Musante@Sun.COM
11422SMark.Musante@Sun.COM	return (error);
11422SMark.Musante@Sun.COM}
11422SMark.Musante@Sun.COM
11422SMark.Musante@Sun.COMstatic int
1354Seschrockzfs_ioc_vdev_setpath(zfs_cmd_t *zc)
1354Seschrock{
1354Seschrock	spa_t *spa;
2676Seschrock	char *path = zc->zc_value;
1544Seschrock	uint64_t guid = zc->zc_guid;
1354Seschrock	int error;
1354Seschrock
1354Seschrock	error = spa_open(zc->zc_name, &spa, FTAG);
1354Seschrock	if (error != 0)
1354Seschrock		return (error);
1354Seschrock
1354Seschrock	error = spa_vdev_setpath(spa, guid, path);
1354Seschrock	spa_close(spa, FTAG);
1354Seschrock	return (error);
1354Seschrock}
1354Seschrock
9425SEric.Schrock@Sun.COMstatic int
9425SEric.Schrock@Sun.COMzfs_ioc_vdev_setfru(zfs_cmd_t *zc)
9425SEric.Schrock@Sun.COM{
9425SEric.Schrock@Sun.COM	spa_t *spa;
9425SEric.Schrock@Sun.COM	char *fru = zc->zc_value;
9425SEric.Schrock@Sun.COM	uint64_t guid = zc->zc_guid;
9425SEric.Schrock@Sun.COM	int error;
9425SEric.Schrock@Sun.COM
9425SEric.Schrock@Sun.COM	error = spa_open(zc->zc_name, &spa, FTAG);
9425SEric.Schrock@Sun.COM	if (error != 0)
9425SEric.Schrock@Sun.COM		return (error);
9425SEric.Schrock@Sun.COM
9425SEric.Schrock@Sun.COM	error = spa_vdev_setfru(spa, guid, fru);
9425SEric.Schrock@Sun.COM	spa_close(spa, FTAG);
9425SEric.Schrock@Sun.COM	return (error);
9425SEric.Schrock@Sun.COM}
9425SEric.Schrock@Sun.COM
1354Seschrockstatic int
12786SChris.Kirby@oracle.comzfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os)
789Sahrens{
12786SChris.Kirby@oracle.com	int error = 0;
1356Seschrock	nvlist_t *nv;
789Sahrens
2885Sahrens	dmu_objset_fast_stat(os, &zc->zc_objset_stats);
789Sahrens
2856Snd150628	if (zc->zc_nvlist_dst != 0 &&
11022STom.Erickson@Sun.COM	    (error = dsl_prop_get_all(os, &nv)) == 0) {
2885Sahrens		dmu_objset_stats(os, nv);
3087Sahrens		/*
5147Srm160521		 * NB: zvol_get_stats() will read the objset contents,
3087Sahrens		 * which we aren't supposed to do with a
6689Smaybee		 * DS_MODE_USER hold, because it could be
3087Sahrens		 * inconsistent.  So this is a bit of a workaround...
10298SMatthew.Ahrens@Sun.COM		 * XXX reading with out owning
3087Sahrens		 */
4577Sahrens		if (!zc->zc_objset_stats.dds_inconsistent) {
4577Sahrens			if (dmu_objset_type(os) == DMU_OST_ZVOL)
4577Sahrens				VERIFY(zvol_get_stats(os, nv) == 0);
4577Sahrens		}
2676Seschrock		error = put_nvlist(zc, nv);
1356Seschrock		nvlist_free(nv);
1356Seschrock	}
789Sahrens
12786SChris.Kirby@oracle.com	return (error);
12786SChris.Kirby@oracle.com}
12786SChris.Kirby@oracle.com
12786SChris.Kirby@oracle.com/*
12786SChris.Kirby@oracle.com * inputs:
12786SChris.Kirby@oracle.com * zc_name		name of filesystem
12786SChris.Kirby@oracle.com * zc_nvlist_dst_size	size of buffer for property nvlist
12786SChris.Kirby@oracle.com *
12786SChris.Kirby@oracle.com * outputs:
12786SChris.Kirby@oracle.com * zc_objset_stats	stats
12786SChris.Kirby@oracle.com * zc_nvlist_dst	property nvlist
12786SChris.Kirby@oracle.com * zc_nvlist_dst_size	size of property nvlist
12786SChris.Kirby@oracle.com */
12786SChris.Kirby@oracle.comstatic int
12786SChris.Kirby@oracle.comzfs_ioc_objset_stats(zfs_cmd_t *zc)
12786SChris.Kirby@oracle.com{
12786SChris.Kirby@oracle.com	objset_t *os = NULL;
12786SChris.Kirby@oracle.com	int error;
12786SChris.Kirby@oracle.com
12786SChris.Kirby@oracle.com	if (error = dmu_objset_hold(zc->zc_name, FTAG, &os))
12786SChris.Kirby@oracle.com		return (error);
12786SChris.Kirby@oracle.com
12786SChris.Kirby@oracle.com	error = zfs_ioc_objset_stats_impl(zc, os);
12786SChris.Kirby@oracle.com
10298SMatthew.Ahrens@Sun.COM	dmu_objset_rele(os, FTAG);
12786SChris.Kirby@oracle.com
789Sahrens	return (error);
789Sahrens}
789Sahrens
11022STom.Erickson@Sun.COM/*
11022STom.Erickson@Sun.COM * inputs:
11022STom.Erickson@Sun.COM * zc_name		name of filesystem
11022STom.Erickson@Sun.COM * zc_nvlist_dst_size	size of buffer for property nvlist
11022STom.Erickson@Sun.COM *
11022STom.Erickson@Sun.COM * outputs:
11022STom.Erickson@Sun.COM * zc_nvlist_dst	received property nvlist
11022STom.Erickson@Sun.COM * zc_nvlist_dst_size	size of received property nvlist
11022STom.Erickson@Sun.COM *
11022STom.Erickson@Sun.COM * Gets received properties (distinct from local properties on or after
11022STom.Erickson@Sun.COM * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from
11022STom.Erickson@Sun.COM * local property values.
11022STom.Erickson@Sun.COM */
11022STom.Erickson@Sun.COMstatic int
11022STom.Erickson@Sun.COMzfs_ioc_objset_recvd_props(zfs_cmd_t *zc)
11022STom.Erickson@Sun.COM{
11022STom.Erickson@Sun.COM	objset_t *os = NULL;
11022STom.Erickson@Sun.COM	int error;
11022STom.Erickson@Sun.COM	nvlist_t *nv;
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	if (error = dmu_objset_hold(zc->zc_name, FTAG, &os))
11022STom.Erickson@Sun.COM		return (error);
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	/*
11022STom.Erickson@Sun.COM	 * Without this check, we would return local property values if the
11022STom.Erickson@Sun.COM	 * caller has not already received properties on or after
11022STom.Erickson@Sun.COM	 * SPA_VERSION_RECVD_PROPS.
11022STom.Erickson@Sun.COM	 */
11022STom.Erickson@Sun.COM	if (!dsl_prop_get_hasrecvd(os)) {
11022STom.Erickson@Sun.COM		dmu_objset_rele(os, FTAG);
11022STom.Erickson@Sun.COM		return (ENOTSUP);
11022STom.Erickson@Sun.COM	}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	if (zc->zc_nvlist_dst != 0 &&
11022STom.Erickson@Sun.COM	    (error = dsl_prop_get_received(os, &nv)) == 0) {
11022STom.Erickson@Sun.COM		error = put_nvlist(zc, nv);
11022STom.Erickson@Sun.COM		nvlist_free(nv);
11022STom.Erickson@Sun.COM	}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	dmu_objset_rele(os, FTAG);
11022STom.Erickson@Sun.COM	return (error);
11022STom.Erickson@Sun.COM}
11022STom.Erickson@Sun.COM
5498Stimhstatic int
5498Stimhnvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop)
5498Stimh{
5498Stimh	uint64_t value;
5498Stimh	int error;
5498Stimh
5498Stimh	/*
5498Stimh	 * zfs_get_zplprop() will either find a value or give us
5498Stimh	 * the default value (if there is one).
5498Stimh	 */
5498Stimh	if ((error = zfs_get_zplprop(os, prop, &value)) != 0)
5498Stimh		return (error);
5498Stimh	VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0);
5498Stimh	return (0);
5498Stimh}
5498Stimh
5498Stimh/*
5498Stimh * inputs:
5498Stimh * zc_name		name of filesystem
5498Stimh * zc_nvlist_dst_size	size of buffer for zpl property nvlist
5498Stimh *
5498Stimh * outputs:
5498Stimh * zc_nvlist_dst	zpl property nvlist
5498Stimh * zc_nvlist_dst_size	size of zpl property nvlist
5498Stimh */
5498Stimhstatic int
5498Stimhzfs_ioc_objset_zplprops(zfs_cmd_t *zc)
5498Stimh{
5498Stimh	objset_t *os;
5498Stimh	int err;
5498Stimh
10298SMatthew.Ahrens@Sun.COM	/* XXX reading without owning */
10298SMatthew.Ahrens@Sun.COM	if (err = dmu_objset_hold(zc->zc_name, FTAG, &os))
5498Stimh		return (err);
5498Stimh
5498Stimh	dmu_objset_fast_stat(os, &zc->zc_objset_stats);
5498Stimh
5498Stimh	/*
5498Stimh	 * NB: nvl_add_zplprop() will read the objset contents,
6689Smaybee	 * which we aren't supposed to do with a DS_MODE_USER
6689Smaybee	 * hold, because it could be inconsistent.
5498Stimh	 */
5498Stimh	if (zc->zc_nvlist_dst != NULL &&
5498Stimh	    !zc->zc_objset_stats.dds_inconsistent &&
5498Stimh	    dmu_objset_type(os) == DMU_OST_ZFS) {
5498Stimh		nvlist_t *nv;
5498Stimh
5498Stimh		VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0);
5498Stimh		if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 &&
5498Stimh		    (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 &&
5498Stimh		    (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 &&
5498Stimh		    (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0)
5498Stimh			err = put_nvlist(zc, nv);
5498Stimh		nvlist_free(nv);
5498Stimh	} else {
5498Stimh		err = ENOENT;
5498Stimh	}
10298SMatthew.Ahrens@Sun.COM	dmu_objset_rele(os, FTAG);
5498Stimh	return (err);
5498Stimh}
5498Stimh
9396SMatthew.Ahrens@Sun.COMstatic boolean_t
9396SMatthew.Ahrens@Sun.COMdataset_name_hidden(const char *name)
9396SMatthew.Ahrens@Sun.COM{
9396SMatthew.Ahrens@Sun.COM	/*
9396SMatthew.Ahrens@Sun.COM	 * Skip over datasets that are not visible in this zone,
9396SMatthew.Ahrens@Sun.COM	 * internal datasets (which have a $ in their name), and
9396SMatthew.Ahrens@Sun.COM	 * temporary datasets (which have a % in their name).
9396SMatthew.Ahrens@Sun.COM	 */
9396SMatthew.Ahrens@Sun.COM	if (strchr(name, '$') != NULL)
9396SMatthew.Ahrens@Sun.COM		return (B_TRUE);
9396SMatthew.Ahrens@Sun.COM	if (strchr(name, '%') != NULL)
9396SMatthew.Ahrens@Sun.COM		return (B_TRUE);
9396SMatthew.Ahrens@Sun.COM	if (!INGLOBALZONE(curproc) && !zone_dataset_visible(name, NULL))
9396SMatthew.Ahrens@Sun.COM		return (B_TRUE);
9396SMatthew.Ahrens@Sun.COM	return (B_FALSE);
9396SMatthew.Ahrens@Sun.COM}
9396SMatthew.Ahrens@Sun.COM
5367Sahrens/*
5367Sahrens * inputs:
5367Sahrens * zc_name		name of filesystem
5367Sahrens * zc_cookie		zap cursor
5367Sahrens * zc_nvlist_dst_size	size of buffer for property nvlist
5367Sahrens *
5367Sahrens * outputs:
5367Sahrens * zc_name		name of next filesystem
9396SMatthew.Ahrens@Sun.COM * zc_cookie		zap cursor
5367Sahrens * zc_objset_stats	stats
5367Sahrens * zc_nvlist_dst	property nvlist
5367Sahrens * zc_nvlist_dst_size	size of property nvlist
5367Sahrens */
789Sahrensstatic int
789Sahrenszfs_ioc_dataset_list_next(zfs_cmd_t *zc)
789Sahrens{
885Sahrens	objset_t *os;
789Sahrens	int error;
789Sahrens	char *p;
11546SChris.Kirby@sun.com	size_t orig_len = strlen(zc->zc_name);
11546SChris.Kirby@sun.com
11546SChris.Kirby@sun.comtop:
10298SMatthew.Ahrens@Sun.COM	if (error = dmu_objset_hold(zc->zc_name, FTAG, &os)) {
885Sahrens		if (error == ENOENT)
885Sahrens			error = ESRCH;
885Sahrens		return (error);
789Sahrens	}
789Sahrens
789Sahrens	p = strrchr(zc->zc_name, '/');
789Sahrens	if (p == NULL || p[1] != '\0')
789Sahrens		(void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name));
789Sahrens	p = zc->zc_name + strlen(zc->zc_name);
789Sahrens
8697SRichard.Morris@Sun.COM	/*
8697SRichard.Morris@Sun.COM	 * Pre-fetch the datasets.  dmu_objset_prefetch() always returns 0
8697SRichard.Morris@Sun.COM	 * but is not declared void because its called by dmu_objset_find().
8697SRichard.Morris@Sun.COM	 */
8415SRichard.Morris@Sun.COM	if (zc->zc_cookie == 0) {
8415SRichard.Morris@Sun.COM		uint64_t cookie = 0;
8415SRichard.Morris@Sun.COM		int len = sizeof (zc->zc_name) - (p - zc->zc_name);
8415SRichard.Morris@Sun.COM
8415SRichard.Morris@Sun.COM		while (dmu_dir_list_next(os, len, p, NULL, &cookie) == 0)
8697SRichard.Morris@Sun.COM			(void) dmu_objset_prefetch(p, NULL);
8415SRichard.Morris@Sun.COM	}
8415SRichard.Morris@Sun.COM
789Sahrens	do {
885Sahrens		error = dmu_dir_list_next(os,
885Sahrens		    sizeof (zc->zc_name) - (p - zc->zc_name), p,
885Sahrens		    NULL, &zc->zc_cookie);
789Sahrens		if (error == ENOENT)
789Sahrens			error = ESRCH;
10588SEric.Taylor@Sun.COM	} while (error == 0 && dataset_name_hidden(zc->zc_name) &&
10588SEric.Taylor@Sun.COM	    !(zc->zc_iflags & FKIOCTL));
10298SMatthew.Ahrens@Sun.COM	dmu_objset_rele(os, FTAG);
789Sahrens
10588SEric.Taylor@Sun.COM	/*
10588SEric.Taylor@Sun.COM	 * If it's an internal dataset (ie. with a '$' in its name),
10588SEric.Taylor@Sun.COM	 * don't try to get stats for it, otherwise we'll return ENOENT.
10588SEric.Taylor@Sun.COM	 */
11546SChris.Kirby@sun.com	if (error == 0 && strchr(zc->zc_name, '$') == NULL) {
885Sahrens		error = zfs_ioc_objset_stats(zc); /* fill in the stats */
11546SChris.Kirby@sun.com		if (error == ENOENT) {
11546SChris.Kirby@sun.com			/* We lost a race with destroy, get the next one. */
11546SChris.Kirby@sun.com			zc->zc_name[orig_len] = '\0';
11546SChris.Kirby@sun.com			goto top;
11546SChris.Kirby@sun.com		}
11546SChris.Kirby@sun.com	}
789Sahrens	return (error);
789Sahrens}
789Sahrens
5367Sahrens/*
5367Sahrens * inputs:
5367Sahrens * zc_name		name of filesystem
5367Sahrens * zc_cookie		zap cursor
5367Sahrens * zc_nvlist_dst_size	size of buffer for property nvlist
5367Sahrens *
5367Sahrens * outputs:
5367Sahrens * zc_name		name of next snapshot
5367Sahrens * zc_objset_stats	stats
5367Sahrens * zc_nvlist_dst	property nvlist
5367Sahrens * zc_nvlist_dst_size	size of property nvlist
5367Sahrens */
789Sahrensstatic int
789Sahrenszfs_ioc_snapshot_list_next(zfs_cmd_t *zc)
789Sahrens{
885Sahrens	objset_t *os;
789Sahrens	int error;
789Sahrens
11546SChris.Kirby@sun.comtop:
10474SRichard.Morris@Sun.COM	if (zc->zc_cookie == 0)
10474SRichard.Morris@Sun.COM		(void) dmu_objset_find(zc->zc_name, dmu_objset_prefetch,
10474SRichard.Morris@Sun.COM		    NULL, DS_FIND_SNAPSHOTS);
10474SRichard.Morris@Sun.COM
10298SMatthew.Ahrens@Sun.COM	error = dmu_objset_hold(zc->zc_name, FTAG, &os);
6689Smaybee	if (error)
6689Smaybee		return (error == ENOENT ? ESRCH : error);
789Sahrens
1003Slling	/*
1003Slling	 * A dataset name of maximum length cannot have any snapshots,
1003Slling	 * so exit immediately.
1003Slling	 */
1003Slling	if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >= MAXNAMELEN) {
10298SMatthew.Ahrens@Sun.COM		dmu_objset_rele(os, FTAG);
1003Slling		return (ESRCH);
789Sahrens	}
789Sahrens
885Sahrens	error = dmu_snapshot_list_next(os,
885Sahrens	    sizeof (zc->zc_name) - strlen(zc->zc_name),
12786SChris.Kirby@oracle.com	    zc->zc_name + strlen(zc->zc_name), &zc->zc_obj, &zc->zc_cookie,
12786SChris.Kirby@oracle.com	    NULL);
12786SChris.Kirby@oracle.com
11546SChris.Kirby@sun.com	if (error == 0) {
12786SChris.Kirby@oracle.com		dsl_dataset_t *ds;
12786SChris.Kirby@oracle.com		dsl_pool_t *dp = os->os_dsl_dataset->ds_dir->dd_pool;
12786SChris.Kirby@oracle.com
12786SChris.Kirby@oracle.com		/*
12786SChris.Kirby@oracle.com		 * Since we probably don't have a hold on this snapshot,
12786SChris.Kirby@oracle.com		 * it's possible that the objsetid could have been destroyed
12786SChris.Kirby@oracle.com		 * and reused for a new objset. It's OK if this happens during
12786SChris.Kirby@oracle.com		 * a zfs send operation, since the new createtxg will be
12786SChris.Kirby@oracle.com		 * beyond the range we're interested in.
12786SChris.Kirby@oracle.com		 */
12786SChris.Kirby@oracle.com		rw_enter(&dp->dp_config_rwlock, RW_READER);
12786SChris.Kirby@oracle.com		error = dsl_dataset_hold_obj(dp, zc->zc_obj, FTAG, &ds);
12786SChris.Kirby@oracle.com		rw_exit(&dp->dp_config_rwlock);
12786SChris.Kirby@oracle.com		if (error) {
12786SChris.Kirby@oracle.com			if (error == ENOENT) {
12786SChris.Kirby@oracle.com				/* Racing with destroy, get the next one. */
12786SChris.Kirby@oracle.com				*strchr(zc->zc_name, '@') = '\0';
12786SChris.Kirby@oracle.com				dmu_objset_rele(os, FTAG);
12786SChris.Kirby@oracle.com				goto top;
12786SChris.Kirby@oracle.com			}
12786SChris.Kirby@oracle.com		} else {
12786SChris.Kirby@oracle.com			objset_t *ossnap;
12786SChris.Kirby@oracle.com
12786SChris.Kirby@oracle.com			error = dmu_objset_from_ds(ds, &ossnap);
12786SChris.Kirby@oracle.com			if (error == 0)
12786SChris.Kirby@oracle.com				error = zfs_ioc_objset_stats_impl(zc, ossnap);
12786SChris.Kirby@oracle.com			dsl_dataset_rele(ds, FTAG);
11546SChris.Kirby@sun.com		}
11546SChris.Kirby@sun.com	} else if (error == ENOENT) {
6689Smaybee		error = ESRCH;
11546SChris.Kirby@sun.com	}
789Sahrens
12786SChris.Kirby@oracle.com	dmu_objset_rele(os, FTAG);
5367Sahrens	/* if we failed, undo the @ that we tacked on to zc_name */
6689Smaybee	if (error)
5367Sahrens		*strchr(zc->zc_name, '@') = '\0';
789Sahrens	return (error);
789Sahrens}
789Sahrens
11022STom.Erickson@Sun.COMstatic int
11022STom.Erickson@Sun.COMzfs_prop_set_userquota(const char *dsname, nvpair_t *pair)
11022STom.Erickson@Sun.COM{
11022STom.Erickson@Sun.COM	const char *propname = nvpair_name(pair);
11022STom.Erickson@Sun.COM	uint64_t *valary;
11022STom.Erickson@Sun.COM	unsigned int vallen;
11022STom.Erickson@Sun.COM	const char *domain;
11933STim.Haley@Sun.COM	char *dash;
11022STom.Erickson@Sun.COM	zfs_userquota_prop_t type;
11022STom.Erickson@Sun.COM	uint64_t rid;
11022STom.Erickson@Sun.COM	uint64_t quota;
11022STom.Erickson@Sun.COM	zfsvfs_t *zfsvfs;
11022STom.Erickson@Sun.COM	int err;
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
11022STom.Erickson@Sun.COM		nvlist_t *attrs;
11022STom.Erickson@Sun.COM		VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
11933STim.Haley@Sun.COM		if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
11933STim.Haley@Sun.COM		    &pair) != 0)
11933STim.Haley@Sun.COM			return (EINVAL);
11022STom.Erickson@Sun.COM	}
11022STom.Erickson@Sun.COM
11933STim.Haley@Sun.COM	/*
11933STim.Haley@Sun.COM	 * A correctly constructed propname is encoded as
11933STim.Haley@Sun.COM	 * userquota@<rid>-<domain>.
11933STim.Haley@Sun.COM	 */
11933STim.Haley@Sun.COM	if ((dash = strchr(propname, '-')) == NULL ||
11933STim.Haley@Sun.COM	    nvpair_value_uint64_array(pair, &valary, &vallen) != 0 ||
11933STim.Haley@Sun.COM	    vallen != 3)
11933STim.Haley@Sun.COM		return (EINVAL);
11933STim.Haley@Sun.COM
11933STim.Haley@Sun.COM	domain = dash + 1;
11022STom.Erickson@Sun.COM	type = valary[0];
11022STom.Erickson@Sun.COM	rid = valary[1];
11022STom.Erickson@Sun.COM	quota = valary[2];
11022STom.Erickson@Sun.COM
12620SMark.Shellenbaum@Oracle.COM	err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE);
11022STom.Erickson@Sun.COM	if (err == 0) {
11022STom.Erickson@Sun.COM		err = zfs_set_userquota(zfsvfs, type, domain, rid, quota);
11022STom.Erickson@Sun.COM		zfsvfs_rele(zfsvfs, FTAG);
11022STom.Erickson@Sun.COM	}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	return (err);
11022STom.Erickson@Sun.COM}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM/*
11022STom.Erickson@Sun.COM * If the named property is one that has a special function to set its value,
11022STom.Erickson@Sun.COM * return 0 on success and a positive error code on failure; otherwise if it is
11022STom.Erickson@Sun.COM * not one of the special properties handled by this function, return -1.
11022STom.Erickson@Sun.COM *
11933STim.Haley@Sun.COM * XXX: It would be better for callers of the property interface if we handled
11022STom.Erickson@Sun.COM * these special cases in dsl_prop.c (in the dsl layer).
11022STom.Erickson@Sun.COM */
11022STom.Erickson@Sun.COMstatic int
11022STom.Erickson@Sun.COMzfs_prop_set_special(const char *dsname, zprop_source_t source,
11022STom.Erickson@Sun.COM    nvpair_t *pair)
789Sahrens{
11022STom.Erickson@Sun.COM	const char *propname = nvpair_name(pair);
11022STom.Erickson@Sun.COM	zfs_prop_t prop = zfs_name_to_prop(propname);
11022STom.Erickson@Sun.COM	uint64_t intval;
11022STom.Erickson@Sun.COM	int err;
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	if (prop == ZPROP_INVAL) {
11022STom.Erickson@Sun.COM		if (zfs_prop_userquota(propname))
11022STom.Erickson@Sun.COM			return (zfs_prop_set_userquota(dsname, pair));
11022STom.Erickson@Sun.COM		return (-1);
11022STom.Erickson@Sun.COM	}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
11022STom.Erickson@Sun.COM		nvlist_t *attrs;
11022STom.Erickson@Sun.COM		VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
11022STom.Erickson@Sun.COM		VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
11022STom.Erickson@Sun.COM		    &pair) == 0);
11022STom.Erickson@Sun.COM	}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	if (zfs_prop_get_type(prop) == PROP_TYPE_STRING)
11022STom.Erickson@Sun.COM		return (-1);
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	VERIFY(0 == nvpair_value_uint64(pair, &intval));
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	switch (prop) {
11022STom.Erickson@Sun.COM	case ZFS_PROP_QUOTA:
11022STom.Erickson@Sun.COM		err = dsl_dir_set_quota(dsname, source, intval);
11022STom.Erickson@Sun.COM		break;
11022STom.Erickson@Sun.COM	case ZFS_PROP_REFQUOTA:
11022STom.Erickson@Sun.COM		err = dsl_dataset_set_quota(dsname, source, intval);
11022STom.Erickson@Sun.COM		break;
11022STom.Erickson@Sun.COM	case ZFS_PROP_RESERVATION:
11022STom.Erickson@Sun.COM		err = dsl_dir_set_reservation(dsname, source, intval);
11022STom.Erickson@Sun.COM		break;
11022STom.Erickson@Sun.COM	case ZFS_PROP_REFRESERVATION:
11022STom.Erickson@Sun.COM		err = dsl_dataset_set_reservation(dsname, source, intval);
11022STom.Erickson@Sun.COM		break;
11022STom.Erickson@Sun.COM	case ZFS_PROP_VOLSIZE:
11022STom.Erickson@Sun.COM		err = zvol_set_volsize(dsname, ddi_driver_major(zfs_dip),
11022STom.Erickson@Sun.COM		    intval);
11022STom.Erickson@Sun.COM		break;
11022STom.Erickson@Sun.COM	case ZFS_PROP_VERSION:
11022STom.Erickson@Sun.COM	{
11022STom.Erickson@Sun.COM		zfsvfs_t *zfsvfs;
11022STom.Erickson@Sun.COM
12620SMark.Shellenbaum@Oracle.COM		if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0)
11022STom.Erickson@Sun.COM			break;
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM		err = zfs_set_version(zfsvfs, intval);
11022STom.Erickson@Sun.COM		zfsvfs_rele(zfsvfs, FTAG);
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM		if (err == 0 && intval >= ZPL_VERSION_USERSPACE) {
11147SGeorge.Wilson@Sun.COM			zfs_cmd_t *zc;
11147SGeorge.Wilson@Sun.COM
11147SGeorge.Wilson@Sun.COM			zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
11147SGeorge.Wilson@Sun.COM			(void) strcpy(zc->zc_name, dsname);
11147SGeorge.Wilson@Sun.COM			(void) zfs_ioc_userspace_upgrade(zc);
11147SGeorge.Wilson@Sun.COM			kmem_free(zc, sizeof (zfs_cmd_t));
11022STom.Erickson@Sun.COM		}
11022STom.Erickson@Sun.COM		break;
11022STom.Erickson@Sun.COM	}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	default:
11022STom.Erickson@Sun.COM		err = -1;
11022STom.Erickson@Sun.COM	}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	return (err);
11022STom.Erickson@Sun.COM}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM/*
11022STom.Erickson@Sun.COM * This function is best effort. If it fails to set any of the given properties,
11022STom.Erickson@Sun.COM * it continues to set as many as it can and returns the first error
11022STom.Erickson@Sun.COM * encountered. If the caller provides a non-NULL errlist, it also gives the
11022STom.Erickson@Sun.COM * complete list of names of all the properties it failed to set along with the
11022STom.Erickson@Sun.COM * corresponding error numbers. The caller is responsible for freeing the
11022STom.Erickson@Sun.COM * returned errlist.
11022STom.Erickson@Sun.COM *
11022STom.Erickson@Sun.COM * If every property is set successfully, zero is returned and the list pointed
11022STom.Erickson@Sun.COM * at by errlist is NULL.
11022STom.Erickson@Sun.COM */
11022STom.Erickson@Sun.COMint
11022STom.Erickson@Sun.COMzfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl,
11022STom.Erickson@Sun.COM    nvlist_t **errlist)
11022STom.Erickson@Sun.COM{
11022STom.Erickson@Sun.COM	nvpair_t *pair;
11022STom.Erickson@Sun.COM	nvpair_t *propval;
11045STom.Erickson@Sun.COM	int rv = 0;
2676Seschrock	uint64_t intval;
2676Seschrock	char *strval;
8697SRichard.Morris@Sun.COM	nvlist_t *genericnvl;
11022STom.Erickson@Sun.COM	nvlist_t *errors;
11022STom.Erickson@Sun.COM	nvlist_t *retrynvl;
4543Smarks
8697SRichard.Morris@Sun.COM	VERIFY(nvlist_alloc(&genericnvl, NV_UNIQUE_NAME, KM_SLEEP) == 0);
11022STom.Erickson@Sun.COM	VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
11022STom.Erickson@Sun.COM	VERIFY(nvlist_alloc(&retrynvl, NV_UNIQUE_NAME, KM_SLEEP) == 0);
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COMretry:
11022STom.Erickson@Sun.COM	pair = NULL;
11022STom.Erickson@Sun.COM	while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
11022STom.Erickson@Sun.COM		const char *propname = nvpair_name(pair);
4670Sahrens		zfs_prop_t prop = zfs_name_to_prop(propname);
11181STom.Erickson@Sun.COM		int err = 0;
4543Smarks
11022STom.Erickson@Sun.COM		/* decode the property value */
11022STom.Erickson@Sun.COM		propval = pair;
11022STom.Erickson@Sun.COM		if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
11022STom.Erickson@Sun.COM			nvlist_t *attrs;
11022STom.Erickson@Sun.COM			VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
11933STim.Haley@Sun.COM			if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
11933STim.Haley@Sun.COM			    &propval) != 0)
11933STim.Haley@Sun.COM				err = EINVAL;
4543Smarks		}
2676Seschrock
11022STom.Erickson@Sun.COM		/* Validate value type */
11933STim.Haley@Sun.COM		if (err == 0 && prop == ZPROP_INVAL) {
11022STom.Erickson@Sun.COM			if (zfs_prop_user(propname)) {
11022STom.Erickson@Sun.COM				if (nvpair_type(propval) != DATA_TYPE_STRING)
11022STom.Erickson@Sun.COM					err = EINVAL;
11022STom.Erickson@Sun.COM			} else if (zfs_prop_userquota(propname)) {
11022STom.Erickson@Sun.COM				if (nvpair_type(propval) !=
11022STom.Erickson@Sun.COM				    DATA_TYPE_UINT64_ARRAY)
11022STom.Erickson@Sun.COM					err = EINVAL;
9396SMatthew.Ahrens@Sun.COM			}
11933STim.Haley@Sun.COM		} else if (err == 0) {
11022STom.Erickson@Sun.COM			if (nvpair_type(propval) == DATA_TYPE_STRING) {
11022STom.Erickson@Sun.COM				if (zfs_prop_get_type(prop) != PROP_TYPE_STRING)
11022STom.Erickson@Sun.COM					err = EINVAL;
11022STom.Erickson@Sun.COM			} else if (nvpair_type(propval) == DATA_TYPE_UINT64) {
2885Sahrens				const char *unused;
2885Sahrens
11022STom.Erickson@Sun.COM				VERIFY(nvpair_value_uint64(propval,
11022STom.Erickson@Sun.COM				    &intval) == 0);
2676Seschrock
2676Seschrock				switch (zfs_prop_get_type(prop)) {
4787Sahrens				case PROP_TYPE_NUMBER:
2676Seschrock					break;
4787Sahrens				case PROP_TYPE_STRING:
11022STom.Erickson@Sun.COM					err = EINVAL;
11022STom.Erickson@Sun.COM					break;
4787Sahrens				case PROP_TYPE_INDEX:
2717Seschrock					if (zfs_prop_index_to_string(prop,
11022STom.Erickson@Sun.COM					    intval, &unused) != 0)
11022STom.Erickson@Sun.COM						err = EINVAL;
2676Seschrock					break;
2676Seschrock				default:
4577Sahrens					cmn_err(CE_PANIC,
4577Sahrens					    "unknown property type");
2676Seschrock				}
2676Seschrock			} else {
11022STom.Erickson@Sun.COM				err = EINVAL;
11022STom.Erickson@Sun.COM			}
11022STom.Erickson@Sun.COM		}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM		/* Validate permissions */
11022STom.Erickson@Sun.COM		if (err == 0)
11022STom.Erickson@Sun.COM			err = zfs_check_settable(dsname, pair, CRED());
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM		if (err == 0) {
11022STom.Erickson@Sun.COM			err = zfs_prop_set_special(dsname, source, pair);
11022STom.Erickson@Sun.COM			if (err == -1) {
11022STom.Erickson@Sun.COM				/*
11022STom.Erickson@Sun.COM				 * For better performance we build up a list of
11022STom.Erickson@Sun.COM				 * properties to set in a single transaction.
11022STom.Erickson@Sun.COM				 */
11022STom.Erickson@Sun.COM				err = nvlist_add_nvpair(genericnvl, pair);
11022STom.Erickson@Sun.COM			} else if (err != 0 && nvl != retrynvl) {
11022STom.Erickson@Sun.COM				/*
11022STom.Erickson@Sun.COM				 * This may be a spurious error caused by
11022STom.Erickson@Sun.COM				 * receiving quota and reservation out of order.
11022STom.Erickson@Sun.COM				 * Try again in a second pass.
11022STom.Erickson@Sun.COM				 */
11022STom.Erickson@Sun.COM				err = nvlist_add_nvpair(retrynvl, pair);
2676Seschrock			}
11022STom.Erickson@Sun.COM		}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM		if (err != 0)
11022STom.Erickson@Sun.COM			VERIFY(nvlist_add_int32(errors, propname, err) == 0);
11022STom.Erickson@Sun.COM	}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	if (nvl != retrynvl && !nvlist_empty(retrynvl)) {
11022STom.Erickson@Sun.COM		nvl = retrynvl;
11022STom.Erickson@Sun.COM		goto retry;
11022STom.Erickson@Sun.COM	}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	if (!nvlist_empty(genericnvl) &&
11022STom.Erickson@Sun.COM	    dsl_props_set(dsname, source, genericnvl) != 0) {
11022STom.Erickson@Sun.COM		/*
11022STom.Erickson@Sun.COM		 * If this fails, we still want to set as many properties as we
11022STom.Erickson@Sun.COM		 * can, so try setting them individually.
11022STom.Erickson@Sun.COM		 */
11022STom.Erickson@Sun.COM		pair = NULL;
11022STom.Erickson@Sun.COM		while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) {
11022STom.Erickson@Sun.COM			const char *propname = nvpair_name(pair);
11181STom.Erickson@Sun.COM			int err = 0;
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM			propval = pair;
11022STom.Erickson@Sun.COM			if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
11022STom.Erickson@Sun.COM				nvlist_t *attrs;
11022STom.Erickson@Sun.COM				VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
11022STom.Erickson@Sun.COM				VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
11022STom.Erickson@Sun.COM				    &propval) == 0);
11022STom.Erickson@Sun.COM			}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM			if (nvpair_type(propval) == DATA_TYPE_STRING) {
11022STom.Erickson@Sun.COM				VERIFY(nvpair_value_string(propval,
11022STom.Erickson@Sun.COM				    &strval) == 0);
11022STom.Erickson@Sun.COM				err = dsl_prop_set(dsname, propname, source, 1,
11022STom.Erickson@Sun.COM				    strlen(strval) + 1, strval);
11022STom.Erickson@Sun.COM			} else {
11022STom.Erickson@Sun.COM				VERIFY(nvpair_value_uint64(propval,
11022STom.Erickson@Sun.COM				    &intval) == 0);
11022STom.Erickson@Sun.COM				err = dsl_prop_set(dsname, propname, source, 8,
11022STom.Erickson@Sun.COM				    1, &intval);
11022STom.Erickson@Sun.COM			}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM			if (err != 0) {
11022STom.Erickson@Sun.COM				VERIFY(nvlist_add_int32(errors, propname,
11022STom.Erickson@Sun.COM				    err) == 0);
11022STom.Erickson@Sun.COM			}
2676Seschrock		}
2676Seschrock	}
11022STom.Erickson@Sun.COM	nvlist_free(genericnvl);
11022STom.Erickson@Sun.COM	nvlist_free(retrynvl);
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
11022STom.Erickson@Sun.COM		nvlist_free(errors);
11022STom.Erickson@Sun.COM		errors = NULL;
11022STom.Erickson@Sun.COM	} else {
11022STom.Erickson@Sun.COM		VERIFY(nvpair_value_int32(pair, &rv) == 0);
8697SRichard.Morris@Sun.COM	}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	if (errlist == NULL)
11022STom.Erickson@Sun.COM		nvlist_free(errors);
11022STom.Erickson@Sun.COM	else
11022STom.Erickson@Sun.COM		*errlist = errors;
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	return (rv);
789Sahrens}
789Sahrens
5367Sahrens/*
9355SMatthew.Ahrens@Sun.COM * Check that all the properties are valid user properties.
9355SMatthew.Ahrens@Sun.COM */
9355SMatthew.Ahrens@Sun.COMstatic int
9355SMatthew.Ahrens@Sun.COMzfs_check_userprops(char *fsname, nvlist_t *nvl)
9355SMatthew.Ahrens@Sun.COM{
11022STom.Erickson@Sun.COM	nvpair_t *pair = NULL;
9355SMatthew.Ahrens@Sun.COM	int error = 0;
9355SMatthew.Ahrens@Sun.COM
11022STom.Erickson@Sun.COM	while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
11022STom.Erickson@Sun.COM		const char *propname = nvpair_name(pair);
9355SMatthew.Ahrens@Sun.COM		char *valstr;
9355SMatthew.Ahrens@Sun.COM
9355SMatthew.Ahrens@Sun.COM		if (!zfs_prop_user(propname) ||
11022STom.Erickson@Sun.COM		    nvpair_type(pair) != DATA_TYPE_STRING)
9355SMatthew.Ahrens@Sun.COM			return (EINVAL);
9355SMatthew.Ahrens@Sun.COM
9355SMatthew.Ahrens@Sun.COM		if (error = zfs_secpolicy_write_perms(fsname,
9355SMatthew.Ahrens@Sun.COM		    ZFS_DELEG_PERM_USERPROP, CRED()))
9355SMatthew.Ahrens@Sun.COM			return (error);
9355SMatthew.Ahrens@Sun.COM
9355SMatthew.Ahrens@Sun.COM		if (strlen(propname) >= ZAP_MAXNAMELEN)
9355SMatthew.Ahrens@Sun.COM			return (ENAMETOOLONG);
9355SMatthew.Ahrens@Sun.COM
11022STom.Erickson@Sun.COM		VERIFY(nvpair_value_string(pair, &valstr) == 0);
9355SMatthew.Ahrens@Sun.COM		if (strlen(valstr) >= ZAP_MAXVALUELEN)
9355SMatthew.Ahrens@Sun.COM			return (E2BIG);
9355SMatthew.Ahrens@Sun.COM	}
9355SMatthew.Ahrens@Sun.COM	return (0);
9355SMatthew.Ahrens@Sun.COM}
9355SMatthew.Ahrens@Sun.COM
11022STom.Erickson@Sun.COMstatic void
11022STom.Erickson@Sun.COMprops_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops)
11022STom.Erickson@Sun.COM{
11022STom.Erickson@Sun.COM	nvpair_t *pair;
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	pair = NULL;
11022STom.Erickson@Sun.COM	while ((pair = nvlist_next_nvpair(props, pair)) != NULL) {
11022STom.Erickson@Sun.COM		if (nvlist_exists(skipped, nvpair_name(pair)))
11022STom.Erickson@Sun.COM			continue;
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM		VERIFY(nvlist_add_nvpair(*newprops, pair) == 0);
11022STom.Erickson@Sun.COM	}
11022STom.Erickson@Sun.COM}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COMstatic int
11022STom.Erickson@Sun.COMclear_received_props(objset_t *os, const char *fs, nvlist_t *props,
11022STom.Erickson@Sun.COM    nvlist_t *skipped)
11022STom.Erickson@Sun.COM{
11022STom.Erickson@Sun.COM	int err = 0;
11022STom.Erickson@Sun.COM	nvlist_t *cleared_props = NULL;
11022STom.Erickson@Sun.COM	props_skip(props, skipped, &cleared_props);
11022STom.Erickson@Sun.COM	if (!nvlist_empty(cleared_props)) {
11022STom.Erickson@Sun.COM		/*
11022STom.Erickson@Sun.COM		 * Acts on local properties until the dataset has received
11022STom.Erickson@Sun.COM		 * properties at least once on or after SPA_VERSION_RECVD_PROPS.
11022STom.Erickson@Sun.COM		 */
11022STom.Erickson@Sun.COM		zprop_source_t flags = (ZPROP_SRC_NONE |
11022STom.Erickson@Sun.COM		    (dsl_prop_get_hasrecvd(os) ? ZPROP_SRC_RECEIVED : 0));
11022STom.Erickson@Sun.COM		err = zfs_set_prop_nvlist(fs, flags, cleared_props, NULL);
11022STom.Erickson@Sun.COM	}
11022STom.Erickson@Sun.COM	nvlist_free(cleared_props);
11022STom.Erickson@Sun.COM	return (err);
11022STom.Erickson@Sun.COM}
11022STom.Erickson@Sun.COM
9355SMatthew.Ahrens@Sun.COM/*
5367Sahrens * inputs:
5367Sahrens * zc_name		name of filesystem
8697SRichard.Morris@Sun.COM * zc_value		name of property to set
5367Sahrens * zc_nvlist_src{_size}	nvlist of properties to apply
11022STom.Erickson@Sun.COM * zc_cookie		received properties flag
5367Sahrens *
11022STom.Erickson@Sun.COM * outputs:
11022STom.Erickson@Sun.COM * zc_nvlist_dst{_size} error for each unapplied received property
5367Sahrens */
789Sahrensstatic int
2676Seschrockzfs_ioc_set_prop(zfs_cmd_t *zc)
789Sahrens{
2676Seschrock	nvlist_t *nvl;
11022STom.Erickson@Sun.COM	boolean_t received = zc->zc_cookie;
11022STom.Erickson@Sun.COM	zprop_source_t source = (received ? ZPROP_SRC_RECEIVED :
11022STom.Erickson@Sun.COM	    ZPROP_SRC_LOCAL);
11022STom.Erickson@Sun.COM	nvlist_t *errors = NULL;
2676Seschrock	int error;
789Sahrens
5094Slling	if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
9643SEric.Taylor@Sun.COM	    zc->zc_iflags, &nvl)) != 0)
2676Seschrock		return (error);
2676Seschrock
11022STom.Erickson@Sun.COM	if (received) {
7265Sahrens		nvlist_t *origprops;
7265Sahrens		objset_t *os;
7265Sahrens
10298SMatthew.Ahrens@Sun.COM		if (dmu_objset_hold(zc->zc_name, FTAG, &os) == 0) {
11022STom.Erickson@Sun.COM			if (dsl_prop_get_received(os, &origprops) == 0) {
11022STom.Erickson@Sun.COM				(void) clear_received_props(os,
11022STom.Erickson@Sun.COM				    zc->zc_name, origprops, nvl);
7265Sahrens				nvlist_free(origprops);
7265Sahrens			}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM			dsl_prop_set_hasrecvd(os);
10298SMatthew.Ahrens@Sun.COM			dmu_objset_rele(os, FTAG);
7265Sahrens		}
7265Sahrens	}
7265Sahrens
11022STom.Erickson@Sun.COM	error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, &errors);
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	if (zc->zc_nvlist_dst != NULL && errors != NULL) {
11022STom.Erickson@Sun.COM		(void) put_nvlist(zc, errors);
11022STom.Erickson@Sun.COM	}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	nvlist_free(errors);
2676Seschrock	nvlist_free(nvl);
2676Seschrock	return (error);
789Sahrens}
789Sahrens
5367Sahrens/*
5367Sahrens * inputs:
5367Sahrens * zc_name		name of filesystem
5367Sahrens * zc_value		name of property to inherit
11022STom.Erickson@Sun.COM * zc_cookie		revert to received value if TRUE
5367Sahrens *
5367Sahrens * outputs:		none
5367Sahrens */
789Sahrensstatic int
4849Sahrenszfs_ioc_inherit_prop(zfs_cmd_t *zc)
4849Sahrens{
11022STom.Erickson@Sun.COM	const char *propname = zc->zc_value;
11022STom.Erickson@Sun.COM	zfs_prop_t prop = zfs_name_to_prop(propname);
11022STom.Erickson@Sun.COM	boolean_t received = zc->zc_cookie;
11022STom.Erickson@Sun.COM	zprop_source_t source = (received
11022STom.Erickson@Sun.COM	    ? ZPROP_SRC_NONE		/* revert to received value, if any */
11022STom.Erickson@Sun.COM	    : ZPROP_SRC_INHERITED);	/* explicitly inherit */
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	if (received) {
11022STom.Erickson@Sun.COM		nvlist_t *dummy;
11022STom.Erickson@Sun.COM		nvpair_t *pair;
11022STom.Erickson@Sun.COM		zprop_type_t type;
11022STom.Erickson@Sun.COM		int err;
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM		/*
11022STom.Erickson@Sun.COM		 * zfs_prop_set_special() expects properties in the form of an
11022STom.Erickson@Sun.COM		 * nvpair with type info.
11022STom.Erickson@Sun.COM		 */
11022STom.Erickson@Sun.COM		if (prop == ZPROP_INVAL) {
11022STom.Erickson@Sun.COM			if (!zfs_prop_user(propname))
11022STom.Erickson@Sun.COM				return (EINVAL);
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM			type = PROP_TYPE_STRING;
11515STom.Erickson@Sun.COM		} else if (prop == ZFS_PROP_VOLSIZE ||
11515STom.Erickson@Sun.COM		    prop == ZFS_PROP_VERSION) {
11515STom.Erickson@Sun.COM			return (EINVAL);
11022STom.Erickson@Sun.COM		} else {
11022STom.Erickson@Sun.COM			type = zfs_prop_get_type(prop);
11022STom.Erickson@Sun.COM		}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM		VERIFY(nvlist_alloc(&dummy, NV_UNIQUE_NAME, KM_SLEEP) == 0);
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM		switch (type) {
11022STom.Erickson@Sun.COM		case PROP_TYPE_STRING:
11022STom.Erickson@Sun.COM			VERIFY(0 == nvlist_add_string(dummy, propname, ""));
11022STom.Erickson@Sun.COM			break;
11022STom.Erickson@Sun.COM		case PROP_TYPE_NUMBER:
11022STom.Erickson@Sun.COM		case PROP_TYPE_INDEX:
11022STom.Erickson@Sun.COM			VERIFY(0 == nvlist_add_uint64(dummy, propname, 0));
11022STom.Erickson@Sun.COM			break;
11022STom.Erickson@Sun.COM		default:
11022STom.Erickson@Sun.COM			nvlist_free(dummy);
11022STom.Erickson@Sun.COM			return (EINVAL);
11022STom.Erickson@Sun.COM		}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM		pair = nvlist_next_nvpair(dummy, NULL);
11022STom.Erickson@Sun.COM		err = zfs_prop_set_special(zc->zc_name, source, pair);
11022STom.Erickson@Sun.COM		nvlist_free(dummy);
11022STom.Erickson@Sun.COM		if (err != -1)
11022STom.Erickson@Sun.COM			return (err); /* special property already handled */
11022STom.Erickson@Sun.COM	} else {
11022STom.Erickson@Sun.COM		/*
11022STom.Erickson@Sun.COM		 * Only check this in the non-received case. We want to allow
11022STom.Erickson@Sun.COM		 * 'inherit -S' to revert non-inheritable properties like quota
11022STom.Erickson@Sun.COM		 * and reservation to the received or default values even though
11022STom.Erickson@Sun.COM		 * they are not considered inheritable.
11022STom.Erickson@Sun.COM		 */
11022STom.Erickson@Sun.COM		if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop))
11022STom.Erickson@Sun.COM			return (EINVAL);
11022STom.Erickson@Sun.COM	}
11022STom.Erickson@Sun.COM
4849Sahrens	/* the property name has been validated by zfs_secpolicy_inherit() */
11022STom.Erickson@Sun.COM	return (dsl_prop_set(zc->zc_name, zc->zc_value, source, 0, 0, NULL));
4849Sahrens}
4849Sahrens
4849Sahrensstatic int
4098Sllingzfs_ioc_pool_set_props(zfs_cmd_t *zc)
3912Slling{
5094Slling	nvlist_t *props;
3912Slling	spa_t *spa;
5094Slling	int error;
11022STom.Erickson@Sun.COM	nvpair_t *pair;
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	if (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
11022STom.Erickson@Sun.COM	    zc->zc_iflags, &props))
3912Slling		return (error);
3912Slling
8525SEric.Schrock@Sun.COM	/*
8525SEric.Schrock@Sun.COM	 * If the only property is the configfile, then just do a spa_lookup()
8525SEric.Schrock@Sun.COM	 * to handle the faulted case.
8525SEric.Schrock@Sun.COM	 */
11022STom.Erickson@Sun.COM	pair = nvlist_next_nvpair(props, NULL);
11022STom.Erickson@Sun.COM	if (pair != NULL && strcmp(nvpair_name(pair),
8525SEric.Schrock@Sun.COM	    zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 &&
11022STom.Erickson@Sun.COM	    nvlist_next_nvpair(props, pair) == NULL) {
8525SEric.Schrock@Sun.COM		mutex_enter(&spa_namespace_lock);
8525SEric.Schrock@Sun.COM		if ((spa = spa_lookup(zc->zc_name)) != NULL) {
8525SEric.Schrock@Sun.COM			spa_configfile_set(spa, props, B_FALSE);
8525SEric.Schrock@Sun.COM			spa_config_sync(spa, B_FALSE, B_TRUE);
8525SEric.Schrock@Sun.COM		}
8525SEric.Schrock@Sun.COM		mutex_exit(&spa_namespace_lock);
10672SEric.Schrock@Sun.COM		if (spa != NULL) {
10672SEric.Schrock@Sun.COM			nvlist_free(props);
8525SEric.Schrock@Sun.COM			return (0);
10672SEric.Schrock@Sun.COM		}
8525SEric.Schrock@Sun.COM	}
8525SEric.Schrock@Sun.COM
3912Slling	if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
5094Slling		nvlist_free(props);
3912Slling		return (error);
3912Slling	}
3912Slling
5094Slling	error = spa_prop_set(spa, props);
3912Slling
5094Slling	nvlist_free(props);
3912Slling	spa_close(spa, FTAG);
3912Slling
3912Slling	return (error);
3912Slling}
3912Slling
3912Sllingstatic int
4098Sllingzfs_ioc_pool_get_props(zfs_cmd_t *zc)
3912Slling{
3912Slling	spa_t *spa;
3912Slling	int error;
3912Slling	nvlist_t *nvp = NULL;
3912Slling
8525SEric.Schrock@Sun.COM	if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
8525SEric.Schrock@Sun.COM		/*
8525SEric.Schrock@Sun.COM		 * If the pool is faulted, there may be properties we can still
8525SEric.Schrock@Sun.COM		 * get (such as altroot and cachefile), so attempt to get them
8525SEric.Schrock@Sun.COM		 * anyway.
8525SEric.Schrock@Sun.COM		 */
8525SEric.Schrock@Sun.COM		mutex_enter(&spa_namespace_lock);
8525SEric.Schrock@Sun.COM		if ((spa = spa_lookup(zc->zc_name)) != NULL)
8525SEric.Schrock@Sun.COM			error = spa_prop_get(spa, &nvp);
8525SEric.Schrock@Sun.COM		mutex_exit(&spa_namespace_lock);
8525SEric.Schrock@Sun.COM	} else {
8525SEric.Schrock@Sun.COM		error = spa_prop_get(spa, &nvp);
8525SEric.Schrock@Sun.COM		spa_close(spa, FTAG);
8525SEric.Schrock@Sun.COM	}
3912Slling
3912Slling	if (error == 0 && zc->zc_nvlist_dst != NULL)
3912Slling		error = put_nvlist(zc, nvp);
3912Slling	else
3912Slling		error = EFAULT;
3912Slling
8525SEric.Schrock@Sun.COM	nvlist_free(nvp);
3912Slling	return (error);
3912Slling}
3912Slling
5367Sahrens/*
5367Sahrens * inputs:
5367Sahrens * zc_name		name of filesystem
5367Sahrens * zc_nvlist_src{_size}	nvlist of delegated permissions
5367Sahrens * zc_perm_action	allow/unallow flag
5367Sahrens *
5367Sahrens * outputs:		none
5367Sahrens */
4543Smarksstatic int
4543Smarkszfs_ioc_set_fsacl(zfs_cmd_t *zc)
4543Smarks{
4543Smarks	int error;
4543Smarks	nvlist_t *fsaclnv = NULL;
4543Smarks
5094Slling	if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
9643SEric.Taylor@Sun.COM	    zc->zc_iflags, &fsaclnv)) != 0)
4543Smarks		return (error);
4543Smarks
4543Smarks	/*
4543Smarks	 * Verify nvlist is constructed correctly
4543Smarks	 */
4543Smarks	if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) {
4543Smarks		nvlist_free(fsaclnv);
4543Smarks		return (EINVAL);
4543Smarks	}
4543Smarks
4543Smarks	/*
4543Smarks	 * If we don't have PRIV_SYS_MOUNT, then validate
4543Smarks	 * that user is allowed to hand out each permission in
4543Smarks	 * the nvlist(s)
4543Smarks	 */
4543Smarks
4787Sahrens	error = secpolicy_zfs(CRED());
4543Smarks	if (error) {
4787Sahrens		if (zc->zc_perm_action == B_FALSE) {
4787Sahrens			error = dsl_deleg_can_allow(zc->zc_name,
4787Sahrens			    fsaclnv, CRED());
4787Sahrens		} else {
4787Sahrens			error = dsl_deleg_can_unallow(zc->zc_name,
4787Sahrens			    fsaclnv, CRED());
4787Sahrens		}
4543Smarks	}
4543Smarks
4543Smarks	if (error == 0)
4543Smarks		error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action);
4543Smarks
4543Smarks	nvlist_free(fsaclnv);
4543Smarks	return (error);
4543Smarks}
4543Smarks
5367Sahrens/*
5367Sahrens * inputs:
5367Sahrens * zc_name		name of filesystem
5367Sahrens *
5367Sahrens * outputs:
5367Sahrens * zc_nvlist_src{_size}	nvlist of delegated permissions
5367Sahrens */
4543Smarksstatic int
4543Smarkszfs_ioc_get_fsacl(zfs_cmd_t *zc)
4543Smarks{
4543Smarks	nvlist_t *nvp;
4543Smarks	int error;
4543Smarks
4543Smarks	if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) {
4543Smarks		error = put_nvlist(zc, nvp);
4543Smarks		nvlist_free(nvp);
4543Smarks	}
4543Smarks
4543Smarks	return (error);
4543Smarks}
4543Smarks
5367Sahrens/*
789Sahrens * Search the vfs list for a specified resource.  Returns a pointer to it
789Sahrens * or NULL if no suitable entry is found. The caller of this routine
789Sahrens * is responsible for releasing the returned vfs pointer.
789Sahrens */
789Sahrensstatic vfs_t *
789Sahrenszfs_get_vfs(const char *resource)
789Sahrens{
789Sahrens	struct vfs *vfsp;
789Sahrens	struct vfs *vfs_found = NULL;
789Sahrens
789Sahrens	vfs_list_read_lock();
789Sahrens	vfsp = rootvfs;
789Sahrens	do {
789Sahrens		if (strcmp(refstr_value(vfsp->vfs_resource), resource) == 0) {
789Sahrens			VFS_HOLD(vfsp);
789Sahrens			vfs_found = vfsp;
789Sahrens			break;
789Sahrens		}
789Sahrens		vfsp = vfsp->vfs_next;
789Sahrens	} while (vfsp != rootvfs);
789Sahrens	vfs_list_unlock();
789Sahrens	return (vfs_found);
789Sahrens}
789Sahrens
4543Smarks/* ARGSUSED */
789Sahrensstatic void
4543Smarkszfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx)
789Sahrens{
5331Samw	zfs_creat_t *zct = arg;
5498Stimh
5498Stimh	zfs_create_fs(os, cr, zct->zct_zplprops, tx);
5331Samw}
5331Samw
5498Stimh#define	ZFS_PROP_UNDEFINED	((uint64_t)-1)
5498Stimh
5331Samw/*
5498Stimh * inputs:
7184Stimh * createprops		list of properties requested by creator
7184Stimh * default_zplver	zpl version to use if unspecified in createprops
7184Stimh * fuids_ok		fuids allowed in this version of the spa?
7184Stimh * os			parent objset pointer (NULL if root fs)
5331Samw *
5498Stimh * outputs:
5498Stimh * zplprops	values for the zplprops we attach to the master node object
7184Stimh * is_ci	true if requested file system will be purely case-insensitive
5331Samw *
5498Stimh * Determine the settings for utf8only, normalization and
5498Stimh * casesensitivity.  Specific values may have been requested by the
5498Stimh * creator and/or we can inherit values from the parent dataset.  If
5498Stimh * the file system is of too early a vintage, a creator can not
5498Stimh * request settings for these properties, even if the requested
5498Stimh * setting is the default value.  We don't actually want to create dsl
5498Stimh * properties for these, so remove them from the source nvlist after
5498Stimh * processing.
5331Samw */
5331Samwstatic int
9396SMatthew.Ahrens@Sun.COMzfs_fill_zplprops_impl(objset_t *os, uint64_t zplver,
11935SMark.Shellenbaum@Sun.COM    boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops,
11935SMark.Shellenbaum@Sun.COM    nvlist_t *zplprops, boolean_t *is_ci)
5331Samw{
5498Stimh	uint64_t sense = ZFS_PROP_UNDEFINED;
5498Stimh	uint64_t norm = ZFS_PROP_UNDEFINED;
5498Stimh	uint64_t u8 = ZFS_PROP_UNDEFINED;
5498Stimh
5498Stimh	ASSERT(zplprops != NULL);
5498Stimh
5375Stimh	/*
5498Stimh	 * Pull out creator prop choices, if any.
5375Stimh	 */
5498Stimh	if (createprops) {
5498Stimh		(void) nvlist_lookup_uint64(createprops,
7184Stimh		    zfs_prop_to_name(ZFS_PROP_VERSION), &zplver);
7184Stimh		(void) nvlist_lookup_uint64(createprops,
5498Stimh		    zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm);
5498Stimh		(void) nvlist_remove_all(createprops,
5498Stimh		    zfs_prop_to_name(ZFS_PROP_NORMALIZE));
5498Stimh		(void) nvlist_lookup_uint64(createprops,
5498Stimh		    zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8);
5498Stimh		(void) nvlist_remove_all(createprops,
5498Stimh		    zfs_prop_to_name(ZFS_PROP_UTF8ONLY));
5498Stimh		(void) nvlist_lookup_uint64(createprops,
5498Stimh		    zfs_prop_to_name(ZFS_PROP_CASE), &sense);
5498Stimh		(void) nvlist_remove_all(createprops,
5498Stimh		    zfs_prop_to_name(ZFS_PROP_CASE));
5331Samw	}
5331Samw
5375Stimh	/*
7184Stimh	 * If the zpl version requested is whacky or the file system
7184Stimh	 * or pool is version is too "young" to support normalization
7184Stimh	 * and the creator tried to set a value for one of the props,
7184Stimh	 * error out.
5498Stimh	 */
7184Stimh	if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) ||
7184Stimh	    (zplver >= ZPL_VERSION_FUID && !fuids_ok) ||
11935SMark.Shellenbaum@Sun.COM	    (zplver >= ZPL_VERSION_SA && !sa_ok) ||
7184Stimh	    (zplver < ZPL_VERSION_NORMALIZATION &&
5498Stimh	    (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED ||
7184Stimh	    sense != ZFS_PROP_UNDEFINED)))
5498Stimh		return (ENOTSUP);
5498Stimh
5498Stimh	/*
5498Stimh	 * Put the version in the zplprops
5498Stimh	 */
5498Stimh	VERIFY(nvlist_add_uint64(zplprops,
5498Stimh	    zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0);
5498Stimh
5498Stimh	if (norm == ZFS_PROP_UNDEFINED)
5498Stimh		VERIFY(zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm) == 0);
5498Stimh	VERIFY(nvlist_add_uint64(zplprops,
5498Stimh	    zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0);
5498Stimh
5498Stimh	/*
5498Stimh	 * If we're normalizing, names must always be valid UTF-8 strings.
5498Stimh	 */
5498Stimh	if (norm)
5498Stimh		u8 = 1;
5498Stimh	if (u8 == ZFS_PROP_UNDEFINED)
5498Stimh		VERIFY(zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8) == 0);
5498Stimh	VERIFY(nvlist_add_uint64(zplprops,
5498Stimh	    zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0);
5498Stimh
5498Stimh	if (sense == ZFS_PROP_UNDEFINED)
5498Stimh		VERIFY(zfs_get_zplprop(os, ZFS_PROP_CASE, &sense) == 0);
5498Stimh	VERIFY(nvlist_add_uint64(zplprops,
5498Stimh	    zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0);
5498Stimh
6492Stimh	if (is_ci)
6492Stimh		*is_ci = (sense == ZFS_CASE_INSENSITIVE);
6492Stimh
7184Stimh	return (0);
7184Stimh}
7184Stimh
7184Stimhstatic int
7184Stimhzfs_fill_zplprops(const char *dataset, nvlist_t *createprops,
7184Stimh    nvlist_t *zplprops, boolean_t *is_ci)
7184Stimh{
11935SMark.Shellenbaum@Sun.COM	boolean_t fuids_ok, sa_ok;
7184Stimh	uint64_t zplver = ZPL_VERSION;
7184Stimh	objset_t *os = NULL;
7184Stimh	char parentname[MAXNAMELEN];
7184Stimh	char *cp;
11935SMark.Shellenbaum@Sun.COM	spa_t *spa;
11935SMark.Shellenbaum@Sun.COM	uint64_t spa_vers;
7184Stimh	int error;
7184Stimh
7184Stimh	(void) strlcpy(parentname, dataset, sizeof (parentname));
7184Stimh	cp = strrchr(parentname, '/');
7184Stimh	ASSERT(cp != NULL);
7184Stimh	cp[0] = '\0';
7184Stimh
11935SMark.Shellenbaum@Sun.COM	if ((error = spa_open(dataset, &spa, FTAG)) != 0)
11935SMark.Shellenbaum@Sun.COM		return (error);
11935SMark.Shellenbaum@Sun.COM
11935SMark.Shellenbaum@Sun.COM	spa_vers = spa_version(spa);
11935SMark.Shellenbaum@Sun.COM	spa_close(spa, FTAG);
11935SMark.Shellenbaum@Sun.COM
11935SMark.Shellenbaum@Sun.COM	zplver = zfs_zpl_version_map(spa_vers);
11935SMark.Shellenbaum@Sun.COM	fuids_ok = (zplver >= ZPL_VERSION_FUID);
11935SMark.Shellenbaum@Sun.COM	sa_ok = (zplver >= ZPL_VERSION_SA);
7184Stimh
7184Stimh	/*
7184Stimh	 * Open parent object set so we can inherit zplprop values.
7184Stimh	 */
10298SMatthew.Ahrens@Sun.COM	if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0)
7184Stimh		return (error);
7184Stimh
11935SMark.Shellenbaum@Sun.COM	error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops,
7184Stimh	    zplprops, is_ci);
10298SMatthew.Ahrens@Sun.COM	dmu_objset_rele(os, FTAG);
7184Stimh	return (error);
7184Stimh}
7184Stimh
7184Stimhstatic int
7184Stimhzfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops,
7184Stimh    nvlist_t *zplprops, boolean_t *is_ci)
7184Stimh{
11935SMark.Shellenbaum@Sun.COM	boolean_t fuids_ok;
11935SMark.Shellenbaum@Sun.COM	boolean_t sa_ok;
7184Stimh	uint64_t zplver = ZPL_VERSION;
7184Stimh	int error;
7184Stimh
11935SMark.Shellenbaum@Sun.COM	zplver = zfs_zpl_version_map(spa_vers);
11935SMark.Shellenbaum@Sun.COM	fuids_ok = (zplver >= ZPL_VERSION_FUID);
11935SMark.Shellenbaum@Sun.COM	sa_ok = (zplver >= ZPL_VERSION_SA);
11935SMark.Shellenbaum@Sun.COM
11935SMark.Shellenbaum@Sun.COM	error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok,
11935SMark.Shellenbaum@Sun.COM	    createprops, zplprops, is_ci);
7184Stimh	return (error);
789Sahrens}
789Sahrens
5367Sahrens/*
5367Sahrens * inputs:
5367Sahrens * zc_objset_type	type of objset to create (fs vs zvol)
5367Sahrens * zc_name		name of new objset
5367Sahrens * zc_value		name of snapshot to clone from (may be empty)
5367Sahrens * zc_nvlist_src{_size}	nvlist of properties to apply
5367Sahrens *
5498Stimh * outputs: none
5367Sahrens */
789Sahrensstatic int
789Sahrenszfs_ioc_create(zfs_cmd_t *zc)
789Sahrens{
789Sahrens	objset_t *clone;
789Sahrens	int error = 0;
5331Samw	zfs_creat_t zct;
4543Smarks	nvlist_t *nvprops = NULL;
4543Smarks	void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx);
789Sahrens	dmu_objset_type_t type = zc->zc_objset_type;
789Sahrens
789Sahrens	switch (type) {
789Sahrens
789Sahrens	case DMU_OST_ZFS:
789Sahrens		cbfunc = zfs_create_cb;
789Sahrens		break;
789Sahrens
789Sahrens	case DMU_OST_ZVOL:
789Sahrens		cbfunc = zvol_create_cb;
789Sahrens		break;
789Sahrens
789Sahrens	default:
2199Sahrens		cbfunc = NULL;
6423Sgw25295		break;
2199Sahrens	}
5326Sek110237	if (strchr(zc->zc_name, '@') ||
5326Sek110237	    strchr(zc->zc_name, '%'))
789Sahrens		return (EINVAL);
789Sahrens
2676Seschrock	if (zc->zc_nvlist_src != NULL &&
5094Slling	    (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
9643SEric.Taylor@Sun.COM	    zc->zc_iflags, &nvprops)) != 0)
2676Seschrock		return (error);
2676Seschrock
5498Stimh	zct.zct_zplprops = NULL;
5331Samw	zct.zct_props = nvprops;
5331Samw
2676Seschrock	if (zc->zc_value[0] != '\0') {
789Sahrens		/*
789Sahrens		 * We're creating a clone of an existing snapshot.
789Sahrens		 */
2676Seschrock		zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
2676Seschrock		if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0) {
4543Smarks			nvlist_free(nvprops);
789Sahrens			return (EINVAL);
2676Seschrock		}
789Sahrens
10298SMatthew.Ahrens@Sun.COM		error = dmu_objset_hold(zc->zc_value, FTAG, &clone);
2676Seschrock		if (error) {
4543Smarks			nvlist_free(nvprops);
789Sahrens			return (error);
2676Seschrock		}
6492Stimh
10272SMatthew.Ahrens@Sun.COM		error = dmu_objset_clone(zc->zc_name, dmu_objset_ds(clone), 0);
10298SMatthew.Ahrens@Sun.COM		dmu_objset_rele(clone, FTAG);
5331Samw		if (error) {
5331Samw			nvlist_free(nvprops);
5331Samw			return (error);
5331Samw		}
789Sahrens	} else {
6492Stimh		boolean_t is_insensitive = B_FALSE;
6492Stimh
2676Seschrock		if (cbfunc == NULL) {
4543Smarks			nvlist_free(nvprops);
2199Sahrens			return (EINVAL);
2676Seschrock		}
2676Seschrock
789Sahrens		if (type == DMU_OST_ZVOL) {
2676Seschrock			uint64_t volsize, volblocksize;
2676Seschrock
4543Smarks			if (nvprops == NULL ||
4543Smarks			    nvlist_lookup_uint64(nvprops,
2676Seschrock			    zfs_prop_to_name(ZFS_PROP_VOLSIZE),
2676Seschrock			    &volsize) != 0) {
4543Smarks				nvlist_free(nvprops);
2676Seschrock				return (EINVAL);
2676Seschrock			}
2676Seschrock
4543Smarks			if ((error = nvlist_lookup_uint64(nvprops,
2676Seschrock			    zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
2676Seschrock			    &volblocksize)) != 0 && error != ENOENT) {
4543Smarks				nvlist_free(nvprops);
2676Seschrock				return (EINVAL);
2676Seschrock			}
1133Seschrock
2676Seschrock			if (error != 0)
2676Seschrock				volblocksize = zfs_prop_default_numeric(
2676Seschrock				    ZFS_PROP_VOLBLOCKSIZE);
2676Seschrock
2676Seschrock			if ((error = zvol_check_volblocksize(
2676Seschrock			    volblocksize)) != 0 ||
2676Seschrock			    (error = zvol_check_volsize(volsize,
2676Seschrock			    volblocksize)) != 0) {
4543Smarks				nvlist_free(nvprops);
789Sahrens				return (error);
2676Seschrock			}
4577Sahrens		} else if (type == DMU_OST_ZFS) {
5331Samw			int error;
5331Samw
5498Stimh			/*
5331Samw			 * We have to have normalization and
5331Samw			 * case-folding flags correct when we do the
5331Samw			 * file system creation, so go figure them out
5498Stimh			 * now.
5331Samw			 */
5498Stimh			VERIFY(nvlist_alloc(&zct.zct_zplprops,
5498Stimh			    NV_UNIQUE_NAME, KM_SLEEP) == 0);
5498Stimh			error = zfs_fill_zplprops(zc->zc_name, nvprops,
7184Stimh			    zct.zct_zplprops, &is_insensitive);
5331Samw			if (error != 0) {
5331Samw				nvlist_free(nvprops);
5498Stimh				nvlist_free(zct.zct_zplprops);
5331Samw				return (error);
4577Sahrens			}
2676Seschrock		}
10272SMatthew.Ahrens@Sun.COM		error = dmu_objset_create(zc->zc_name, type,
6492Stimh		    is_insensitive ? DS_FLAG_CI_DATASET : 0, cbfunc, &zct);
5498Stimh		nvlist_free(zct.zct_zplprops);
789Sahrens	}
2676Seschrock
2676Seschrock	/*
2676Seschrock	 * It would be nice to do this atomically.
2676Seschrock	 */
2676Seschrock	if (error == 0) {
11022STom.Erickson@Sun.COM		error = zfs_set_prop_nvlist(zc->zc_name, ZPROP_SRC_LOCAL,
11022STom.Erickson@Sun.COM		    nvprops, NULL);
11022STom.Erickson@Sun.COM		if (error != 0)
10242Schris.kirby@sun.com			(void) dmu_objset_destroy(zc->zc_name, B_FALSE);
2676Seschrock	}
4543Smarks	nvlist_free(nvprops);
789Sahrens	return (error);
789Sahrens}
789Sahrens
5367Sahrens/*
5367Sahrens * inputs:
5367Sahrens * zc_name	name of filesystem
5367Sahrens * zc_value	short name of snapshot
5367Sahrens * zc_cookie	recursive flag
9396SMatthew.Ahrens@Sun.COM * zc_nvlist_src[_size] property list
5367Sahrens *
10588SEric.Taylor@Sun.COM * outputs:
10588SEric.Taylor@Sun.COM * zc_value	short snapname (i.e. part after the '@')
5367Sahrens */
789Sahrensstatic int
2199Sahrenszfs_ioc_snapshot(zfs_cmd_t *zc)
2199Sahrens{
7265Sahrens	nvlist_t *nvprops = NULL;
7265Sahrens	int error;
7265Sahrens	boolean_t recursive = zc->zc_cookie;
7265Sahrens
2676Seschrock	if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
2199Sahrens		return (EINVAL);
7265Sahrens
7265Sahrens	if (zc->zc_nvlist_src != NULL &&
7265Sahrens	    (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
9643SEric.Taylor@Sun.COM	    zc->zc_iflags, &nvprops)) != 0)
7265Sahrens		return (error);
7265Sahrens
9355SMatthew.Ahrens@Sun.COM	error = zfs_check_userprops(zc->zc_name, nvprops);
9355SMatthew.Ahrens@Sun.COM	if (error)
9355SMatthew.Ahrens@Sun.COM		goto out;
9355SMatthew.Ahrens@Sun.COM
11022STom.Erickson@Sun.COM	if (!nvlist_empty(nvprops) &&
9355SMatthew.Ahrens@Sun.COM	    zfs_earlier_version(zc->zc_name, SPA_VERSION_SNAP_PROPS)) {
9355SMatthew.Ahrens@Sun.COM		error = ENOTSUP;
9355SMatthew.Ahrens@Sun.COM		goto out;
7265Sahrens	}
9355SMatthew.Ahrens@Sun.COM
13043STim.Haley@Sun.COM	error = dmu_objset_snapshot(zc->zc_name, zc->zc_value, NULL,
13043STim.Haley@Sun.COM	    nvprops, recursive, B_FALSE, -1);
9355SMatthew.Ahrens@Sun.COM
9355SMatthew.Ahrens@Sun.COMout:
7265Sahrens	nvlist_free(nvprops);
7265Sahrens	return (error);
2199Sahrens}
2199Sahrens
4007Smmusanteint
11209SMatthew.Ahrens@Sun.COMzfs_unmount_snap(const char *name, void *arg)
789Sahrens{
2417Sahrens	vfs_t *vfsp = NULL;
2199Sahrens
6689Smaybee	if (arg) {
6689Smaybee		char *snapname = arg;
11209SMatthew.Ahrens@Sun.COM		char *fullname = kmem_asprintf("%s@%s", name, snapname);
11209SMatthew.Ahrens@Sun.COM		vfsp = zfs_get_vfs(fullname);
11209SMatthew.Ahrens@Sun.COM		strfree(fullname);
2417Sahrens	} else if (strchr(name, '@')) {
2199Sahrens		vfsp = zfs_get_vfs(name);
2199Sahrens	}
2199Sahrens
2199Sahrens	if (vfsp) {
2199Sahrens		/*
2199Sahrens		 * Always force the unmount for snapshots.
2199Sahrens		 */
2199Sahrens		int flag = MS_FORCE;
789Sahrens		int err;
789Sahrens
2199Sahrens		if ((err = vn_vfswlock(vfsp->vfs_vnodecovered)) != 0) {
2199Sahrens			VFS_RELE(vfsp);
2199Sahrens			return (err);
2199Sahrens		}
2199Sahrens		VFS_RELE(vfsp);
2199Sahrens		if ((err = dounmount(vfsp, flag, kcred)) != 0)
2199Sahrens			return (err);
2199Sahrens	}
2199Sahrens	return (0);
2199Sahrens}
2199Sahrens
5367Sahrens/*
5367Sahrens * inputs:
10242Schris.kirby@sun.com * zc_name		name of filesystem
10242Schris.kirby@sun.com * zc_value		short name of snapshot
10242Schris.kirby@sun.com * zc_defer_destroy	mark for deferred destroy
5367Sahrens *
5367Sahrens * outputs:	none
5367Sahrens */
2199Sahrensstatic int
2199Sahrenszfs_ioc_destroy_snaps(zfs_cmd_t *zc)
2199Sahrens{
2199Sahrens	int err;
789Sahrens
2676Seschrock	if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
2199Sahrens		return (EINVAL);
2199Sahrens	err = dmu_objset_find(zc->zc_name,
2676Seschrock	    zfs_unmount_snap, zc->zc_value, DS_FIND_CHILDREN);
2199Sahrens	if (err)
2199Sahrens		return (err);
10242Schris.kirby@sun.com	return (dmu_snapshots_destroy(zc->zc_name, zc->zc_value,
10242Schris.kirby@sun.com	    zc->zc_defer_destroy));
2199Sahrens}
2199Sahrens
5367Sahrens/*
5367Sahrens * inputs:
5367Sahrens * zc_name		name of dataset to destroy
5367Sahrens * zc_objset_type	type of objset
10242Schris.kirby@sun.com * zc_defer_destroy	mark for deferred destroy
5367Sahrens *
5367Sahrens * outputs:		none
5367Sahrens */
2199Sahrensstatic int
2199Sahrenszfs_ioc_destroy(zfs_cmd_t *zc)
2199Sahrens{
10588SEric.Taylor@Sun.COM	int err;
2199Sahrens	if (strchr(zc->zc_name, '@') && zc->zc_objset_type == DMU_OST_ZFS) {
10588SEric.Taylor@Sun.COM		err = zfs_unmount_snap(zc->zc_name, NULL);
2199Sahrens		if (err)
2199Sahrens			return (err);
789Sahrens	}
789Sahrens
10588SEric.Taylor@Sun.COM	err = dmu_objset_destroy(zc->zc_name, zc->zc_defer_destroy);
10588SEric.Taylor@Sun.COM	if (zc->zc_objset_type == DMU_OST_ZVOL && err == 0)
10693Schris.kirby@sun.com		(void) zvol_remove_minor(zc->zc_name);
10588SEric.Taylor@Sun.COM	return (err);
789Sahrens}
789Sahrens
5367Sahrens/*
5367Sahrens * inputs:
5446Sahrens * zc_name	name of dataset to rollback (to most recent snapshot)
5367Sahrens *
5367Sahrens * outputs:	none
5367Sahrens */
789Sahrensstatic int
789Sahrenszfs_ioc_rollback(zfs_cmd_t *zc)
789Sahrens{
10272SMatthew.Ahrens@Sun.COM	dsl_dataset_t *ds, *clone;
5446Sahrens	int error;
10272SMatthew.Ahrens@Sun.COM	zfsvfs_t *zfsvfs;
10272SMatthew.Ahrens@Sun.COM	char *clone_name;
10272SMatthew.Ahrens@Sun.COM
10272SMatthew.Ahrens@Sun.COM	error = dsl_dataset_hold(zc->zc_name, FTAG, &ds);
10272SMatthew.Ahrens@Sun.COM	if (error)
10272SMatthew.Ahrens@Sun.COM		return (error);
10272SMatthew.Ahrens@Sun.COM
10272SMatthew.Ahrens@Sun.COM	/* must not be a snapshot */
10272SMatthew.Ahrens@Sun.COM	if (dsl_dataset_is_snapshot(ds)) {
10272SMatthew.Ahrens@Sun.COM		dsl_dataset_rele(ds, FTAG);
10272SMatthew.Ahrens@Sun.COM		return (EINVAL);
10272SMatthew.Ahrens@Sun.COM	}
10272SMatthew.Ahrens@Sun.COM
10272SMatthew.Ahrens@Sun.COM	/* must have a most recent snapshot */
10272SMatthew.Ahrens@Sun.COM	if (ds->ds_phys->ds_prev_snap_txg < TXG_INITIAL) {
10272SMatthew.Ahrens@Sun.COM		dsl_dataset_rele(ds, FTAG);
10272SMatthew.Ahrens@Sun.COM		return (EINVAL);
10272SMatthew.Ahrens@Sun.COM	}
5446Sahrens
5446Sahrens	/*
10272SMatthew.Ahrens@Sun.COM	 * Create clone of most recent snapshot.
5446Sahrens	 */
10272SMatthew.Ahrens@Sun.COM	clone_name = kmem_asprintf("%s/%%rollback", zc->zc_name);
10272SMatthew.Ahrens@Sun.COM	error = dmu_objset_clone(clone_name, ds->ds_prev, DS_FLAG_INCONSISTENT);
5446Sahrens	if (error)
10272SMatthew.Ahrens@Sun.COM		goto out;
10272SMatthew.Ahrens@Sun.COM
10298SMatthew.Ahrens@Sun.COM	error = dsl_dataset_own(clone_name, B_TRUE, FTAG, &clone);
10272SMatthew.Ahrens@Sun.COM	if (error)
10272SMatthew.Ahrens@Sun.COM		goto out;
10272SMatthew.Ahrens@Sun.COM
10272SMatthew.Ahrens@Sun.COM	/*
10272SMatthew.Ahrens@Sun.COM	 * Do clone swap.
10272SMatthew.Ahrens@Sun.COM	 */
9396SMatthew.Ahrens@Sun.COM	if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) {
10298SMatthew.Ahrens@Sun.COM		error = zfs_suspend_fs(zfsvfs);
6083Sek110237		if (error == 0) {
6083Sek110237			int resume_err;
6083Sek110237
10272SMatthew.Ahrens@Sun.COM			if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) {
10272SMatthew.Ahrens@Sun.COM				error = dsl_dataset_clone_swap(clone, ds,
10272SMatthew.Ahrens@Sun.COM				    B_TRUE);
10272SMatthew.Ahrens@Sun.COM				dsl_dataset_disown(ds, FTAG);
10272SMatthew.Ahrens@Sun.COM				ds = NULL;
10272SMatthew.Ahrens@Sun.COM			} else {
10272SMatthew.Ahrens@Sun.COM				error = EBUSY;
10272SMatthew.Ahrens@Sun.COM			}
10298SMatthew.Ahrens@Sun.COM			resume_err = zfs_resume_fs(zfsvfs, zc->zc_name);
6083Sek110237			error = error ? error : resume_err;
6083Sek110237		}
5446Sahrens		VFS_RELE(zfsvfs->z_vfs);
5446Sahrens	} else {
10272SMatthew.Ahrens@Sun.COM		if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) {
10272SMatthew.Ahrens@Sun.COM			error = dsl_dataset_clone_swap(clone, ds, B_TRUE);
10272SMatthew.Ahrens@Sun.COM			dsl_dataset_disown(ds, FTAG);
10272SMatthew.Ahrens@Sun.COM			ds = NULL;
10272SMatthew.Ahrens@Sun.COM		} else {
10272SMatthew.Ahrens@Sun.COM			error = EBUSY;
10272SMatthew.Ahrens@Sun.COM		}
5446Sahrens	}
10272SMatthew.Ahrens@Sun.COM
10272SMatthew.Ahrens@Sun.COM	/*
10272SMatthew.Ahrens@Sun.COM	 * Destroy clone (which also closes it).
10272SMatthew.Ahrens@Sun.COM	 */
10272SMatthew.Ahrens@Sun.COM	(void) dsl_dataset_destroy(clone, FTAG, B_FALSE);
10272SMatthew.Ahrens@Sun.COM
10272SMatthew.Ahrens@Sun.COMout:
10272SMatthew.Ahrens@Sun.COM	strfree(clone_name);
10272SMatthew.Ahrens@Sun.COM	if (ds)
10272SMatthew.Ahrens@Sun.COM		dsl_dataset_rele(ds, FTAG);
5446Sahrens	return (error);
789Sahrens}
789Sahrens
5367Sahrens/*
5367Sahrens * inputs:
5367Sahrens * zc_name	old name of dataset
5367Sahrens * zc_value	new name of dataset
5367Sahrens * zc_cookie	recursive flag (only valid for snapshots)
5367Sahrens *
5367Sahrens * outputs:	none
5367Sahrens */
789Sahrensstatic int
789Sahrenszfs_ioc_rename(zfs_cmd_t *zc)
789Sahrens{
4490Svb160487	boolean_t recursive = zc->zc_cookie & 1;
4007Smmusante
2676Seschrock	zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
5326Sek110237	if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
5326Sek110237	    strchr(zc->zc_value, '%'))
789Sahrens		return (EINVAL);
789Sahrens
4007Smmusante	/*
4007Smmusante	 * Unmount snapshot unless we're doing a recursive rename,
4007Smmusante	 * in which case the dataset code figures out which snapshots
4007Smmusante	 * to unmount.
4007Smmusante	 */
4007Smmusante	if (!recursive && strchr(zc->zc_name, '@') != NULL &&
789Sahrens	    zc->zc_objset_type == DMU_OST_ZFS) {
2199Sahrens		int err = zfs_unmount_snap(zc->zc_name, NULL);
2199Sahrens		if (err)
2199Sahrens			return (err);
789Sahrens	}
10588SEric.Taylor@Sun.COM	if (zc->zc_objset_type == DMU_OST_ZVOL)
10588SEric.Taylor@Sun.COM		(void) zvol_remove_minor(zc->zc_name);
4007Smmusante	return (dmu_objset_rename(zc->zc_name, zc->zc_value, recursive));
789Sahrens}
789Sahrens
11022STom.Erickson@Sun.COMstatic int
11022STom.Erickson@Sun.COMzfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr)
11022STom.Erickson@Sun.COM{
11022STom.Erickson@Sun.COM	const char *propname = nvpair_name(pair);
11022STom.Erickson@Sun.COM	boolean_t issnap = (strchr(dsname, '@') != NULL);
11022STom.Erickson@Sun.COM	zfs_prop_t prop = zfs_name_to_prop(propname);
11022STom.Erickson@Sun.COM	uint64_t intval;
11022STom.Erickson@Sun.COM	int err;
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	if (prop == ZPROP_INVAL) {
11022STom.Erickson@Sun.COM		if (zfs_prop_user(propname)) {
11022STom.Erickson@Sun.COM			if (err = zfs_secpolicy_write_perms(dsname,
11022STom.Erickson@Sun.COM			    ZFS_DELEG_PERM_USERPROP, cr))
11022STom.Erickson@Sun.COM				return (err);
11022STom.Erickson@Sun.COM			return (0);
11022STom.Erickson@Sun.COM		}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM		if (!issnap && zfs_prop_userquota(propname)) {
11022STom.Erickson@Sun.COM			const char *perm = NULL;
11022STom.Erickson@Sun.COM			const char *uq_prefix =
11022STom.Erickson@Sun.COM			    zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA];
11022STom.Erickson@Sun.COM			const char *gq_prefix =
11022STom.Erickson@Sun.COM			    zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA];
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM			if (strncmp(propname, uq_prefix,
11022STom.Erickson@Sun.COM			    strlen(uq_prefix)) == 0) {
11022STom.Erickson@Sun.COM				perm = ZFS_DELEG_PERM_USERQUOTA;
11022STom.Erickson@Sun.COM			} else if (strncmp(propname, gq_prefix,
11022STom.Erickson@Sun.COM			    strlen(gq_prefix)) == 0) {
11022STom.Erickson@Sun.COM				perm = ZFS_DELEG_PERM_GROUPQUOTA;
11022STom.Erickson@Sun.COM			} else {
11022STom.Erickson@Sun.COM				/* USERUSED and GROUPUSED are read-only */
11022STom.Erickson@Sun.COM				return (EINVAL);
11022STom.Erickson@Sun.COM			}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM			if (err = zfs_secpolicy_write_perms(dsname, perm, cr))
11022STom.Erickson@Sun.COM				return (err);
11022STom.Erickson@Sun.COM			return (0);
11022STom.Erickson@Sun.COM		}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM		return (EINVAL);
11022STom.Erickson@Sun.COM	}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	if (issnap)
11022STom.Erickson@Sun.COM		return (EINVAL);
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
11022STom.Erickson@Sun.COM		/*
11022STom.Erickson@Sun.COM		 * dsl_prop_get_all_impl() returns properties in this
11022STom.Erickson@Sun.COM		 * format.
11022STom.Erickson@Sun.COM		 */
11022STom.Erickson@Sun.COM		nvlist_t *attrs;
11022STom.Erickson@Sun.COM		VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
11022STom.Erickson@Sun.COM		VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
11022STom.Erickson@Sun.COM		    &pair) == 0);
11022STom.Erickson@Sun.COM	}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	/*
11022STom.Erickson@Sun.COM	 * Check that this value is valid for this pool version
11022STom.Erickson@Sun.COM	 */
11022STom.Erickson@Sun.COM	switch (prop) {
11022STom.Erickson@Sun.COM	case ZFS_PROP_COMPRESSION:
11022STom.Erickson@Sun.COM		/*
11022STom.Erickson@Sun.COM		 * If the user specified gzip compression, make sure
11022STom.Erickson@Sun.COM		 * the SPA supports it. We ignore any errors here since
11022STom.Erickson@Sun.COM		 * we'll catch them later.
11022STom.Erickson@Sun.COM		 */
11022STom.Erickson@Sun.COM		if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
11022STom.Erickson@Sun.COM		    nvpair_value_uint64(pair, &intval) == 0) {
11022STom.Erickson@Sun.COM			if (intval >= ZIO_COMPRESS_GZIP_1 &&
11022STom.Erickson@Sun.COM			    intval <= ZIO_COMPRESS_GZIP_9 &&
11022STom.Erickson@Sun.COM			    zfs_earlier_version(dsname,
11022STom.Erickson@Sun.COM			    SPA_VERSION_GZIP_COMPRESSION)) {
11022STom.Erickson@Sun.COM				return (ENOTSUP);
11022STom.Erickson@Sun.COM			}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM			if (intval == ZIO_COMPRESS_ZLE &&
11022STom.Erickson@Sun.COM			    zfs_earlier_version(dsname,
11022STom.Erickson@Sun.COM			    SPA_VERSION_ZLE_COMPRESSION))
11022STom.Erickson@Sun.COM				return (ENOTSUP);
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM			/*
11022STom.Erickson@Sun.COM			 * If this is a bootable dataset then
11022STom.Erickson@Sun.COM			 * verify that the compression algorithm
11022STom.Erickson@Sun.COM			 * is supported for booting. We must return
11022STom.Erickson@Sun.COM			 * something other than ENOTSUP since it
11022STom.Erickson@Sun.COM			 * implies a downrev pool version.
11022STom.Erickson@Sun.COM			 */
11022STom.Erickson@Sun.COM			if (zfs_is_bootfs(dsname) &&
11022STom.Erickson@Sun.COM			    !BOOTFS_COMPRESS_VALID(intval)) {
11022STom.Erickson@Sun.COM				return (ERANGE);
11022STom.Erickson@Sun.COM			}
11022STom.Erickson@Sun.COM		}
11022STom.Erickson@Sun.COM		break;
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	case ZFS_PROP_COPIES:
11022STom.Erickson@Sun.COM		if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS))
11022STom.Erickson@Sun.COM			return (ENOTSUP);
11022STom.Erickson@Sun.COM		break;
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	case ZFS_PROP_DEDUP:
11022STom.Erickson@Sun.COM		if (zfs_earlier_version(dsname, SPA_VERSION_DEDUP))
11022STom.Erickson@Sun.COM			return (ENOTSUP);
11022STom.Erickson@Sun.COM		break;
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	case ZFS_PROP_SHARESMB:
11022STom.Erickson@Sun.COM		if (zpl_earlier_version(dsname, ZPL_VERSION_FUID))
11022STom.Erickson@Sun.COM			return (ENOTSUP);
11022STom.Erickson@Sun.COM		break;
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	case ZFS_PROP_ACLINHERIT:
11022STom.Erickson@Sun.COM		if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
11022STom.Erickson@Sun.COM		    nvpair_value_uint64(pair, &intval) == 0) {
11022STom.Erickson@Sun.COM			if (intval == ZFS_ACL_PASSTHROUGH_X &&
11022STom.Erickson@Sun.COM			    zfs_earlier_version(dsname,
11022STom.Erickson@Sun.COM			    SPA_VERSION_PASSTHROUGH_X))
11022STom.Erickson@Sun.COM				return (ENOTSUP);
11022STom.Erickson@Sun.COM		}
11022STom.Erickson@Sun.COM		break;
11022STom.Erickson@Sun.COM	}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	return (zfs_secpolicy_setprop(dsname, prop, pair, CRED()));
11022STom.Erickson@Sun.COM}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM/*
11022STom.Erickson@Sun.COM * Removes properties from the given props list that fail permission checks
11022STom.Erickson@Sun.COM * needed to clear them and to restore them in case of a receive error. For each
11022STom.Erickson@Sun.COM * property, make sure we have both set and inherit permissions.
11022STom.Erickson@Sun.COM *
11022STom.Erickson@Sun.COM * Returns the first error encountered if any permission checks fail. If the
11022STom.Erickson@Sun.COM * caller provides a non-NULL errlist, it also gives the complete list of names
11022STom.Erickson@Sun.COM * of all the properties that failed a permission check along with the
11022STom.Erickson@Sun.COM * corresponding error numbers. The caller is responsible for freeing the
11022STom.Erickson@Sun.COM * returned errlist.
11022STom.Erickson@Sun.COM *
11022STom.Erickson@Sun.COM * If every property checks out successfully, zero is returned and the list
11022STom.Erickson@Sun.COM * pointed at by errlist is NULL.
11022STom.Erickson@Sun.COM */
11022STom.Erickson@Sun.COMstatic int
11022STom.Erickson@Sun.COMzfs_check_clearable(char *dataset, nvlist_t *props, nvlist_t **errlist)
6689Smaybee{
6689Smaybee	zfs_cmd_t *zc;
11022STom.Erickson@Sun.COM	nvpair_t *pair, *next_pair;
11022STom.Erickson@Sun.COM	nvlist_t *errors;
11022STom.Erickson@Sun.COM	int err, rv = 0;
6689Smaybee
6689Smaybee	if (props == NULL)
11022STom.Erickson@Sun.COM		return (0);
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
11022STom.Erickson@Sun.COM
6689Smaybee	zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP);
6689Smaybee	(void) strcpy(zc->zc_name, dataset);
11022STom.Erickson@Sun.COM	pair = nvlist_next_nvpair(props, NULL);
11022STom.Erickson@Sun.COM	while (pair != NULL) {
11022STom.Erickson@Sun.COM		next_pair = nvlist_next_nvpair(props, pair);
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM		(void) strcpy(zc->zc_value, nvpair_name(pair));
11022STom.Erickson@Sun.COM		if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 ||
11022STom.Erickson@Sun.COM		    (err = zfs_secpolicy_inherit(zc, CRED())) != 0) {
11022STom.Erickson@Sun.COM			VERIFY(nvlist_remove_nvpair(props, pair) == 0);
11022STom.Erickson@Sun.COM			VERIFY(nvlist_add_int32(errors,
11022STom.Erickson@Sun.COM			    zc->zc_value, err) == 0);
11022STom.Erickson@Sun.COM		}
11022STom.Erickson@Sun.COM		pair = next_pair;
6689Smaybee	}
6689Smaybee	kmem_free(zc, sizeof (zfs_cmd_t));
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
11022STom.Erickson@Sun.COM		nvlist_free(errors);
11022STom.Erickson@Sun.COM		errors = NULL;
11022STom.Erickson@Sun.COM	} else {
11022STom.Erickson@Sun.COM		VERIFY(nvpair_value_int32(pair, &rv) == 0);
11022STom.Erickson@Sun.COM	}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	if (errlist == NULL)
11022STom.Erickson@Sun.COM		nvlist_free(errors);
11022STom.Erickson@Sun.COM	else
11022STom.Erickson@Sun.COM		*errlist = errors;
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	return (rv);
6689Smaybee}
6689Smaybee
11022STom.Erickson@Sun.COMstatic boolean_t
11022STom.Erickson@Sun.COMpropval_equals(nvpair_t *p1, nvpair_t *p2)
11022STom.Erickson@Sun.COM{
11022STom.Erickson@Sun.COM	if (nvpair_type(p1) == DATA_TYPE_NVLIST) {
11022STom.Erickson@Sun.COM		/* dsl_prop_get_all_impl() format */
11022STom.Erickson@Sun.COM		nvlist_t *attrs;
11022STom.Erickson@Sun.COM		VERIFY(nvpair_value_nvlist(p1, &attrs) == 0);
11022STom.Erickson@Sun.COM		VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
11022STom.Erickson@Sun.COM		    &p1) == 0);
11022STom.Erickson@Sun.COM	}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	if (nvpair_type(p2) == DATA_TYPE_NVLIST) {
11022STom.Erickson@Sun.COM		nvlist_t *attrs;
11022STom.Erickson@Sun.COM		VERIFY(nvpair_value_nvlist(p2, &attrs) == 0);
11022STom.Erickson@Sun.COM		VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
11022STom.Erickson@Sun.COM		    &p2) == 0);
11022STom.Erickson@Sun.COM	}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	if (nvpair_type(p1) != nvpair_type(p2))
11022STom.Erickson@Sun.COM		return (B_FALSE);
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	if (nvpair_type(p1) == DATA_TYPE_STRING) {
11022STom.Erickson@Sun.COM		char *valstr1, *valstr2;
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM		VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0);
11022STom.Erickson@Sun.COM		VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0);
11022STom.Erickson@Sun.COM		return (strcmp(valstr1, valstr2) == 0);
11022STom.Erickson@Sun.COM	} else {
11022STom.Erickson@Sun.COM		uint64_t intval1, intval2;
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM		VERIFY(nvpair_value_uint64(p1, &intval1) == 0);
11022STom.Erickson@Sun.COM		VERIFY(nvpair_value_uint64(p2, &intval2) == 0);
11022STom.Erickson@Sun.COM		return (intval1 == intval2);
11022STom.Erickson@Sun.COM	}
11022STom.Erickson@Sun.COM}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM/*
11022STom.Erickson@Sun.COM * Remove properties from props if they are not going to change (as determined
11022STom.Erickson@Sun.COM * by comparison with origprops). Remove them from origprops as well, since we
11022STom.Erickson@Sun.COM * do not need to clear or restore properties that won't change.
11022STom.Erickson@Sun.COM */
11022STom.Erickson@Sun.COMstatic void
11022STom.Erickson@Sun.COMprops_reduce(nvlist_t *props, nvlist_t *origprops)
11022STom.Erickson@Sun.COM{
11022STom.Erickson@Sun.COM	nvpair_t *pair, *next_pair;
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	if (origprops == NULL)
11022STom.Erickson@Sun.COM		return; /* all props need to be received */
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	pair = nvlist_next_nvpair(props, NULL);
11022STom.Erickson@Sun.COM	while (pair != NULL) {
11022STom.Erickson@Sun.COM		const char *propname = nvpair_name(pair);
11022STom.Erickson@Sun.COM		nvpair_t *match;
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM		next_pair = nvlist_next_nvpair(props, pair);
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM		if ((nvlist_lookup_nvpair(origprops, propname,
11022STom.Erickson@Sun.COM		    &match) != 0) || !propval_equals(pair, match))
11022STom.Erickson@Sun.COM			goto next; /* need to set received value */
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM		/* don't clear the existing received value */
11022STom.Erickson@Sun.COM		(void) nvlist_remove_nvpair(origprops, match);
11022STom.Erickson@Sun.COM		/* don't bother receiving the property */
11022STom.Erickson@Sun.COM		(void) nvlist_remove_nvpair(props, pair);
11022STom.Erickson@Sun.COMnext:
11022STom.Erickson@Sun.COM		pair = next_pair;
11022STom.Erickson@Sun.COM	}
11022STom.Erickson@Sun.COM}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM#ifdef	DEBUG
11022STom.Erickson@Sun.COMstatic boolean_t zfs_ioc_recv_inject_err;
11022STom.Erickson@Sun.COM#endif
11022STom.Erickson@Sun.COM
5367Sahrens/*
5367Sahrens * inputs:
5367Sahrens * zc_name		name of containing filesystem
5367Sahrens * zc_nvlist_src{_size}	nvlist of properties to apply
5367Sahrens * zc_value		name of snapshot to create
5367Sahrens * zc_string		name of clone origin (if DRR_FLAG_CLONE)
5367Sahrens * zc_cookie		file descriptor to recv from
5367Sahrens * zc_begin_record	the BEGIN record of the stream (not byteswapped)
5367Sahrens * zc_guid		force flag
12527SChris.Kirby@oracle.com * zc_cleanup_fd	cleanup-on-exit file descriptor
12527SChris.Kirby@oracle.com * zc_action_handle	handle for this guid/ds mapping (or zero on first call)
5367Sahrens *
5367Sahrens * outputs:
5367Sahrens * zc_cookie		number of bytes read
11022STom.Erickson@Sun.COM * zc_nvlist_dst{_size} error for each unapplied received property
11022STom.Erickson@Sun.COM * zc_obj		zprop_errflags_t
12527SChris.Kirby@oracle.com * zc_action_handle	handle for this guid/ds mapping
5367Sahrens */
789Sahrensstatic int
5367Sahrenszfs_ioc_recv(zfs_cmd_t *zc)
789Sahrens{
789Sahrens	file_t *fp;
5326Sek110237	objset_t *os;
5367Sahrens	dmu_recv_cookie_t drc;
5326Sek110237	boolean_t force = (boolean_t)zc->zc_guid;
11022STom.Erickson@Sun.COM	int fd;
11022STom.Erickson@Sun.COM	int error = 0;
11022STom.Erickson@Sun.COM	int props_error = 0;
11022STom.Erickson@Sun.COM	nvlist_t *errors;
5367Sahrens	offset_t off;
11022STom.Erickson@Sun.COM	nvlist_t *props = NULL; /* sent properties */
11022STom.Erickson@Sun.COM	nvlist_t *origprops = NULL; /* existing properties */
5367Sahrens	objset_t *origin = NULL;
5367Sahrens	char *tosnap;
5367Sahrens	char tofs[ZFS_MAXNAMELEN];
11022STom.Erickson@Sun.COM	boolean_t first_recvd_props = B_FALSE;
789Sahrens
3265Sahrens	if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
5326Sek110237	    strchr(zc->zc_value, '@') == NULL ||
5326Sek110237	    strchr(zc->zc_value, '%'))
3265Sahrens		return (EINVAL);
3265Sahrens
5367Sahrens	(void) strcpy(tofs, zc->zc_value);
5367Sahrens	tosnap = strchr(tofs, '@');
11022STom.Erickson@Sun.COM	*tosnap++ = '\0';
5367Sahrens
5367Sahrens	if (zc->zc_nvlist_src != NULL &&
5367Sahrens	    (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
9643SEric.Taylor@Sun.COM	    zc->zc_iflags, &props)) != 0)
5367Sahrens		return (error);
5367Sahrens
789Sahrens	fd = zc->zc_cookie;
789Sahrens	fp = getf(fd);
5367Sahrens	if (fp == NULL) {
5367Sahrens		nvlist_free(props);
789Sahrens		return (EBADF);
5367Sahrens	}
5326Sek110237
11022STom.Erickson@Sun.COM	VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
11022STom.Erickson@Sun.COM
10298SMatthew.Ahrens@Sun.COM	if (props && dmu_objset_hold(tofs, FTAG, &os) == 0) {
11022STom.Erickson@Sun.COM		if ((spa_version(os->os_spa) >= SPA_VERSION_RECVD_PROPS) &&
11022STom.Erickson@Sun.COM		    !dsl_prop_get_hasrecvd(os)) {
11022STom.Erickson@Sun.COM			first_recvd_props = B_TRUE;
11022STom.Erickson@Sun.COM		}
11022STom.Erickson@Sun.COM
6689Smaybee		/*
11022STom.Erickson@Sun.COM		 * If new received properties are supplied, they are to
11022STom.Erickson@Sun.COM		 * completely replace the existing received properties, so stash
11022STom.Erickson@Sun.COM		 * away the existing ones.
6689Smaybee		 */
11022STom.Erickson@Sun.COM		if (dsl_prop_get_received(os, &origprops) == 0) {
11022STom.Erickson@Sun.COM			nvlist_t *errlist = NULL;
11022STom.Erickson@Sun.COM			/*
11022STom.Erickson@Sun.COM			 * Don't bother writing a property if its value won't
11022STom.Erickson@Sun.COM			 * change (and avoid the unnecessary security checks).
11022STom.Erickson@Sun.COM			 *
11022STom.Erickson@Sun.COM			 * The first receive after SPA_VERSION_RECVD_PROPS is a
11022STom.Erickson@Sun.COM			 * special case where we blow away all local properties
11022STom.Erickson@Sun.COM			 * regardless.
11022STom.Erickson@Sun.COM			 */
11022STom.Erickson@Sun.COM			if (!first_recvd_props)
11022STom.Erickson@Sun.COM				props_reduce(props, origprops);
11022STom.Erickson@Sun.COM			if (zfs_check_clearable(tofs, origprops,
11022STom.Erickson@Sun.COM			    &errlist) != 0)
11022STom.Erickson@Sun.COM				(void) nvlist_merge(errors, errlist, 0);
11022STom.Erickson@Sun.COM			nvlist_free(errlist);
11022STom.Erickson@Sun.COM		}
10298SMatthew.Ahrens@Sun.COM
10298SMatthew.Ahrens@Sun.COM		dmu_objset_rele(os, FTAG);
5326Sek110237	}
5326Sek110237
5367Sahrens	if (zc->zc_string[0]) {
10298SMatthew.Ahrens@Sun.COM		error = dmu_objset_hold(zc->zc_string, FTAG, &origin);
6689Smaybee		if (error)
6689Smaybee			goto out;
5367Sahrens	}
5367Sahrens
11007SLori.Alt@Sun.COM	error = dmu_recv_begin(tofs, tosnap, zc->zc_top_ds,
11007SLori.Alt@Sun.COM	    &zc->zc_begin_record, force, origin, &drc);
5367Sahrens	if (origin)
10298SMatthew.Ahrens@Sun.COM		dmu_objset_rele(origin, FTAG);
6689Smaybee	if (error)
6689Smaybee		goto out;
5326Sek110237
5326Sek110237	/*
11022STom.Erickson@Sun.COM	 * Set properties before we receive the stream so that they are applied
11022STom.Erickson@Sun.COM	 * to the new data. Note that we must call dmu_recv_stream() if
11022STom.Erickson@Sun.COM	 * dmu_recv_begin() succeeds.
5326Sek110237	 */
5367Sahrens	if (props) {
11022STom.Erickson@Sun.COM		nvlist_t *errlist;
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM		if (dmu_objset_from_ds(drc.drc_logical_ds, &os) == 0) {
11022STom.Erickson@Sun.COM			if (drc.drc_newfs) {
11022STom.Erickson@Sun.COM				if (spa_version(os->os_spa) >=
11022STom.Erickson@Sun.COM				    SPA_VERSION_RECVD_PROPS)
11022STom.Erickson@Sun.COM					first_recvd_props = B_TRUE;
11022STom.Erickson@Sun.COM			} else if (origprops != NULL) {
11022STom.Erickson@Sun.COM				if (clear_received_props(os, tofs, origprops,
11022STom.Erickson@Sun.COM				    first_recvd_props ? NULL : props) != 0)
11022STom.Erickson@Sun.COM					zc->zc_obj |= ZPROP_ERR_NOCLEAR;
11022STom.Erickson@Sun.COM			} else {
11022STom.Erickson@Sun.COM				zc->zc_obj |= ZPROP_ERR_NOCLEAR;
11022STom.Erickson@Sun.COM			}
11022STom.Erickson@Sun.COM			dsl_prop_set_hasrecvd(os);
11022STom.Erickson@Sun.COM		} else if (!drc.drc_newfs) {
11022STom.Erickson@Sun.COM			zc->zc_obj |= ZPROP_ERR_NOCLEAR;
11022STom.Erickson@Sun.COM		}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM		(void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
11022STom.Erickson@Sun.COM		    props, &errlist);
11022STom.Erickson@Sun.COM		(void) nvlist_merge(errors, errlist, 0);
11022STom.Erickson@Sun.COM		nvlist_free(errlist);
11022STom.Erickson@Sun.COM	}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	if (fit_error_list(zc, &errors) != 0 || put_nvlist(zc, errors) != 0) {
6689Smaybee		/*
11022STom.Erickson@Sun.COM		 * Caller made zc->zc_nvlist_dst less than the minimum expected
11022STom.Erickson@Sun.COM		 * size or supplied an invalid address.
6689Smaybee		 */
11022STom.Erickson@Sun.COM		props_error = EINVAL;
5367Sahrens	}
5367Sahrens
5367Sahrens	off = fp->f_offset;
12527SChris.Kirby@oracle.com	error = dmu_recv_stream(&drc, fp->f_vnode, &off, zc->zc_cleanup_fd,
12527SChris.Kirby@oracle.com	    &zc->zc_action_handle);
5367Sahrens
10204SMatthew.Ahrens@Sun.COM	if (error == 0) {
10204SMatthew.Ahrens@Sun.COM		zfsvfs_t *zfsvfs = NULL;
10204SMatthew.Ahrens@Sun.COM
10204SMatthew.Ahrens@Sun.COM		if (getzfsvfs(tofs, &zfsvfs) == 0) {
10204SMatthew.Ahrens@Sun.COM			/* online recv */
10204SMatthew.Ahrens@Sun.COM			int end_err;
10298SMatthew.Ahrens@Sun.COM
10298SMatthew.Ahrens@Sun.COM			error = zfs_suspend_fs(zfsvfs);
10204SMatthew.Ahrens@Sun.COM			/*
10204SMatthew.Ahrens@Sun.COM			 * If the suspend fails, then the recv_end will
10204SMatthew.Ahrens@Sun.COM			 * likely also fail, and clean up after itself.
10204SMatthew.Ahrens@Sun.COM			 */
10204SMatthew.Ahrens@Sun.COM			end_err = dmu_recv_end(&drc);
11812SGeorge.Wilson@Sun.COM			if (error == 0)
11812SGeorge.Wilson@Sun.COM				error = zfs_resume_fs(zfsvfs, tofs);
10204SMatthew.Ahrens@Sun.COM			error = error ? error : end_err;
10204SMatthew.Ahrens@Sun.COM			VFS_RELE(zfsvfs->z_vfs);
10204SMatthew.Ahrens@Sun.COM		} else {
6689Smaybee			error = dmu_recv_end(&drc);
5367Sahrens		}
6083Sek110237	}
5367Sahrens
5367Sahrens	zc->zc_cookie = off - fp->f_offset;
5367Sahrens	if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
5367Sahrens		fp->f_offset = off;
2885Sahrens
11022STom.Erickson@Sun.COM#ifdef	DEBUG
11022STom.Erickson@Sun.COM	if (zfs_ioc_recv_inject_err) {
11022STom.Erickson@Sun.COM		zfs_ioc_recv_inject_err = B_FALSE;
11022STom.Erickson@Sun.COM		error = 1;
11022STom.Erickson@Sun.COM	}
11022STom.Erickson@Sun.COM#endif
6689Smaybee	/*
6689Smaybee	 * On error, restore the original props.
6689Smaybee	 */
6689Smaybee	if (error && props) {
11022STom.Erickson@Sun.COM		if (dmu_objset_hold(tofs, FTAG, &os) == 0) {
11022STom.Erickson@Sun.COM			if (clear_received_props(os, tofs, props, NULL) != 0) {
11022STom.Erickson@Sun.COM				/*
11022STom.Erickson@Sun.COM				 * We failed to clear the received properties.
11022STom.Erickson@Sun.COM				 * Since we may have left a $recvd value on the
11022STom.Erickson@Sun.COM				 * system, we can't clear the $hasrecvd flag.
11022STom.Erickson@Sun.COM				 */
11022STom.Erickson@Sun.COM				zc->zc_obj |= ZPROP_ERR_NORESTORE;
11022STom.Erickson@Sun.COM			} else if (first_recvd_props) {
11022STom.Erickson@Sun.COM				dsl_prop_unset_hasrecvd(os);
11022STom.Erickson@Sun.COM			}
11022STom.Erickson@Sun.COM			dmu_objset_rele(os, FTAG);
11022STom.Erickson@Sun.COM		} else if (!drc.drc_newfs) {
11022STom.Erickson@Sun.COM			/* We failed to clear the received properties. */
11022STom.Erickson@Sun.COM			zc->zc_obj |= ZPROP_ERR_NORESTORE;
11022STom.Erickson@Sun.COM		}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM		if (origprops == NULL && !drc.drc_newfs) {
11022STom.Erickson@Sun.COM			/* We failed to stash the original properties. */
11022STom.Erickson@Sun.COM			zc->zc_obj |= ZPROP_ERR_NORESTORE;
11022STom.Erickson@Sun.COM		}
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM		/*
11022STom.Erickson@Sun.COM		 * dsl_props_set() will not convert RECEIVED to LOCAL on or
11022STom.Erickson@Sun.COM		 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL
11022STom.Erickson@Sun.COM		 * explictly if we're restoring local properties cleared in the
11022STom.Erickson@Sun.COM		 * first new-style receive.
11022STom.Erickson@Sun.COM		 */
11022STom.Erickson@Sun.COM		if (origprops != NULL &&
11022STom.Erickson@Sun.COM		    zfs_set_prop_nvlist(tofs, (first_recvd_props ?
11022STom.Erickson@Sun.COM		    ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED),
11022STom.Erickson@Sun.COM		    origprops, NULL) != 0) {
11022STom.Erickson@Sun.COM			/*
11022STom.Erickson@Sun.COM			 * We stashed the original properties but failed to
11022STom.Erickson@Sun.COM			 * restore them.
11022STom.Erickson@Sun.COM			 */
11022STom.Erickson@Sun.COM			zc->zc_obj |= ZPROP_ERR_NORESTORE;
11022STom.Erickson@Sun.COM		}
6689Smaybee	}
6689Smaybeeout:
6689Smaybee	nvlist_free(props);
6689Smaybee	nvlist_free(origprops);
11022STom.Erickson@Sun.COM	nvlist_free(errors);
789Sahrens	releasef(fd);
11022STom.Erickson@Sun.COM
11022STom.Erickson@Sun.COM	if (error == 0)
11022STom.Erickson@Sun.COM		error = props_error;
11022STom.Erickson@Sun.COM
789Sahrens	return (error);
789Sahrens}
789Sahrens
5367Sahrens/*
5367Sahrens * inputs:
5367Sahrens * zc_name	name of snapshot to send
5367Sahrens * zc_cookie	file descriptor to send stream to
12786SChris.Kirby@oracle.com * zc_obj	fromorigin flag (mutually exclusive with zc_fromobj)
12786SChris.Kirby@oracle.com * zc_sendobj	objsetid of snapshot to send
12786SChris.Kirby@oracle.com * zc_fromobj	objsetid of incremental fromsnap (may be zero)
5367Sahrens *
5367Sahrens * outputs: none
5367Sahrens */
789Sahrensstatic int
5367Sahrenszfs_ioc_send(zfs_cmd_t *zc)
789Sahrens{
789Sahrens	objset_t *fromsnap = NULL;
789Sahrens	objset_t *tosnap;
789Sahrens	file_t *fp;
789Sahrens	int error;
5367Sahrens	offset_t off;
12786SChris.Kirby@oracle.com	dsl_dataset_t *ds;
12786SChris.Kirby@oracle.com	dsl_dataset_t *dsfrom = NULL;
12786SChris.Kirby@oracle.com	spa_t *spa;
12786SChris.Kirby@oracle.com	dsl_pool_t *dp;
12786SChris.Kirby@oracle.com
12786SChris.Kirby@oracle.com	error = spa_open(zc->zc_name, &spa, FTAG);
789Sahrens	if (error)
789Sahrens		return (error);
789Sahrens
12786SChris.Kirby@oracle.com	dp = spa_get_dsl(spa);
12786SChris.Kirby@oracle.com	rw_enter(&dp->dp_config_rwlock, RW_READER);
12786SChris.Kirby@oracle.com	error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
12786SChris.Kirby@oracle.com	rw_exit(&dp->dp_config_rwlock);
12786SChris.Kirby@oracle.com	if (error) {
12786SChris.Kirby@oracle.com		spa_close(spa, FTAG);
12786SChris.Kirby@oracle.com		return (error);
12786SChris.Kirby@oracle.com	}
12786SChris.Kirby@oracle.com
12786SChris.Kirby@oracle.com	error = dmu_objset_from_ds(ds, &tosnap);
12786SChris.Kirby@oracle.com	if (error) {
12786SChris.Kirby@oracle.com		dsl_dataset_rele(ds, FTAG);
12786SChris.Kirby@oracle.com		spa_close(spa, FTAG);
12786SChris.Kirby@oracle.com		return (error);
12786SChris.Kirby@oracle.com	}
12786SChris.Kirby@oracle.com
12786SChris.Kirby@oracle.com	if (zc->zc_fromobj != 0) {
12786SChris.Kirby@oracle.com		rw_enter(&dp->dp_config_rwlock, RW_READER);
12786SChris.Kirby@oracle.com		error = dsl_dataset_hold_obj(dp, zc->zc_fromobj, FTAG, &dsfrom);
12786SChris.Kirby@oracle.com		rw_exit(&dp->dp_config_rwlock);
12786SChris.Kirby@oracle.com		spa_close(spa, FTAG);
789Sahrens		if (error) {
12786SChris.Kirby@oracle.com			dsl_dataset_rele(ds, FTAG);
789Sahrens			return (error);
789Sahrens		}
12786SChris.Kirby@oracle.com		error = dmu_objset_from_ds(dsfrom, &fromsnap);
12786SChris.Kirby@oracle.com		if (error) {
12786SChris.Kirby@oracle.com			dsl_dataset_rele(dsfrom, FTAG);
12786SChris.Kirby@oracle.com			dsl_dataset_rele(ds, FTAG);
12786SChris.Kirby@oracle.com			return (error);
12786SChris.Kirby@oracle.com		}
12786SChris.Kirby@oracle.com	} else {
12786SChris.Kirby@oracle.com		spa_close(spa, FTAG);
789Sahrens	}
789Sahrens
789Sahrens	fp = getf(zc->zc_cookie);
789Sahrens	if (fp == NULL) {
12786SChris.Kirby@oracle.com		dsl_dataset_rele(ds, FTAG);
12786SChris.Kirby@oracle.com		if (dsfrom)
12786SChris.Kirby@oracle.com			dsl_dataset_rele(dsfrom, FTAG);
789Sahrens		return (EBADF);
789Sahrens	}
789Sahrens
5367Sahrens	off = fp->f_offset;
5367Sahrens	error = dmu_sendbackup(tosnap, fromsnap, zc->zc_obj, fp->f_vnode, &off);
5367Sahrens
5367Sahrens	if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
5367Sahrens		fp->f_offset = off;
789Sahrens	releasef(zc->zc_cookie);
12786SChris.Kirby@oracle.com	if (dsfrom)
12786SChris.Kirby@oracle.com		dsl_dataset_rele(dsfrom, FTAG);
12786SChris.Kirby@oracle.com	dsl_dataset_rele(ds, FTAG);
789Sahrens	return (error);
789Sahrens}
789Sahrens
1544Seschrockstatic int
1544Seschrockzfs_ioc_inject_fault(zfs_cmd_t *zc)
1544Seschrock{
1544Seschrock	int id, error;
1544Seschrock
1544Seschrock	error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id,
1544Seschrock	    &zc->zc_inject_record);
1544Seschrock
1544Seschrock	if (error == 0)
1544Seschrock		zc->zc_guid = (uint64_t)id;
1544Seschrock
1544Seschrock	return (error);
1544Seschrock}
1544Seschrock
1544Seschrockstatic int
1544Seschrockzfs_ioc_clear_fault(zfs_cmd_t *zc)
1544Seschrock{
1544Seschrock	return (zio_clear_fault((int)zc->zc_guid));
1544Seschrock}
1544Seschrock
1544Seschrockstatic int
1544Seschrockzfs_ioc_inject_list_next(zfs_cmd_t *zc)
1544Seschrock{
1544Seschrock	int id = (int)zc->zc_guid;
1544Seschrock	int error;
1544Seschrock
1544Seschrock	error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name),
1544Seschrock	    &zc->zc_inject_record);
1544Seschrock
1544Seschrock	zc->zc_guid = id;
1544Seschrock
1544Seschrock	return (error);
1544Seschrock}
1544Seschrock
1544Seschrockstatic int
1544Seschrockzfs_ioc_error_log(zfs_cmd_t *zc)
1544Seschrock{
1544Seschrock	spa_t *spa;
1544Seschrock	int error;
2676Seschrock	size_t count = (size_t)zc->zc_nvlist_dst_size;
1544Seschrock
1544Seschrock	if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1544Seschrock		return (error);
1544Seschrock
2676Seschrock	error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst,
1544Seschrock	    &count);
1544Seschrock	if (error == 0)
2676Seschrock		zc->zc_nvlist_dst_size = count;
1544Seschrock	else
2676Seschrock		zc->zc_nvlist_dst_size = spa_get_errlog_size(spa);
1544Seschrock
1544Seschrock	spa_close(spa, FTAG);
1544Seschrock
1544Seschrock	return (error);
1544Seschrock}
1544Seschrock
1544Seschrockstatic int
1544Seschrockzfs_ioc_clear(zfs_cmd_t *zc)
1544Seschrock{
1544Seschrock	spa_t *spa;
1544Seschrock	vdev_t *vd;
1544Seschrock	int error;
1544Seschrock
7294Sperrin	/*
7294Sperrin	 * On zpool clear we also fix up missing slogs
7294Sperrin	 */
7294Sperrin	mutex_enter(&spa_namespace_lock);
7294Sperrin	spa = spa_lookup(zc->zc_name);
7294Sperrin	if (spa == NULL) {
7294Sperrin		mutex_exit(&spa_namespace_lock);
7294Sperrin		return (EIO);
7294Sperrin	}
10922SJeff.Bonwick@Sun.COM	if (spa_get_log_state(spa) == SPA_LOG_MISSING) {
7294Sperrin		/* we need to let spa_open/spa_load clear the chains */
10922SJeff.Bonwick@Sun.COM		spa_set_log_state(spa, SPA_LOG_CLEAR);
7294Sperrin	}
10921STim.Haley@Sun.COM	spa->spa_last_open_failed = 0;
7294Sperrin	mutex_exit(&spa_namespace_lock);
7294Sperrin
11727SVictor.Latushkin@Sun.COM	if (zc->zc_cookie & ZPOOL_NO_REWIND) {
10921STim.Haley@Sun.COM		error = spa_open(zc->zc_name, &spa, FTAG);
10921STim.Haley@Sun.COM	} else {
10921STim.Haley@Sun.COM		nvlist_t *policy;
10921STim.Haley@Sun.COM		nvlist_t *config = NULL;
10921STim.Haley@Sun.COM
10921STim.Haley@Sun.COM		if (zc->zc_nvlist_src == NULL)
10921STim.Haley@Sun.COM			return (EINVAL);
10921STim.Haley@Sun.COM
10921STim.Haley@Sun.COM		if ((error = get_nvlist(zc->zc_nvlist_src,
10921STim.Haley@Sun.COM		    zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) {
10921STim.Haley@Sun.COM			error = spa_open_rewind(zc->zc_name, &spa, FTAG,
10921STim.Haley@Sun.COM			    policy, &config);
10921STim.Haley@Sun.COM			if (config != NULL) {
12949SGeorge.Wilson@Sun.COM				int err;
12949SGeorge.Wilson@Sun.COM
12949SGeorge.Wilson@Sun.COM				if ((err = put_nvlist(zc, config)) != 0)
12949SGeorge.Wilson@Sun.COM					error = err;
10921STim.Haley@Sun.COM				nvlist_free(config);
10921STim.Haley@Sun.COM			}
10921STim.Haley@Sun.COM			nvlist_free(policy);
10921STim.Haley@Sun.COM		}
10921STim.Haley@Sun.COM	}
10921STim.Haley@Sun.COM
10921STim.Haley@Sun.COM	if (error)
1544Seschrock		return (error);
1544Seschrock
10685SGeorge.Wilson@Sun.COM	spa_vdev_state_enter(spa, SCL_NONE);
1544Seschrock
2676Seschrock	if (zc->zc_guid == 0) {
1544Seschrock		vd = NULL;
6643Seschrock	} else {
6643Seschrock		vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE);
5450Sbrendan		if (vd == NULL) {
7754SJeff.Bonwick@Sun.COM			(void) spa_vdev_state_exit(spa, NULL, ENODEV);
5450Sbrendan			spa_close(spa, FTAG);
5450Sbrendan			return (ENODEV);
5450Sbrendan		}
1544Seschrock	}
1544Seschrock
7754SJeff.Bonwick@Sun.COM	vdev_clear(spa, vd);
7754SJeff.Bonwick@Sun.COM
7754SJeff.Bonwick@Sun.COM	(void) spa_vdev_state_exit(spa, NULL, 0);
7754SJeff.Bonwick@Sun.COM
7754SJeff.Bonwick@Sun.COM	/*
7754SJeff.Bonwick@Sun.COM	 * Resume any suspended I/Os.
7754SJeff.Bonwick@Sun.COM	 */
9234SGeorge.Wilson@Sun.COM	if (zio_resume(spa) != 0)
9234SGeorge.Wilson@Sun.COM		error = EIO;
1544Seschrock
1544Seschrock	spa_close(spa, FTAG);
1544Seschrock
9234SGeorge.Wilson@Sun.COM	return (error);
1544Seschrock}
1544Seschrock
5367Sahrens/*
5367Sahrens * inputs:
5367Sahrens * zc_name	name of filesystem
5367Sahrens * zc_value	name of origin snapshot
5367Sahrens *
10588SEric.Taylor@Sun.COM * outputs:
10588SEric.Taylor@Sun.COM * zc_string	name of conflicting snapshot, if there is one
5367Sahrens */
1544Seschrockstatic int
2082Seschrockzfs_ioc_promote(zfs_cmd_t *zc)
2082Seschrock{
2417Sahrens	char *cp;
2417Sahrens
2417Sahrens	/*
2417Sahrens	 * We don't need to unmount *all* the origin fs's snapshots, but
2417Sahrens	 * it's easier.
2417Sahrens	 */
2676Seschrock	cp = strchr(zc->zc_value, '@');
2417Sahrens	if (cp)
2417Sahrens		*cp = '\0';
2676Seschrock	(void) dmu_objset_find(zc->zc_value,
2417Sahrens	    zfs_unmount_snap, NULL, DS_FIND_SNAPSHOTS);
10588SEric.Taylor@Sun.COM	return (dsl_dataset_promote(zc->zc_name, zc->zc_string));
2082Seschrock}
2082Seschrock
4543Smarks/*
9396SMatthew.Ahrens@Sun.COM * Retrieve a single {user|group}{used|quota}@... property.
9396SMatthew.Ahrens@Sun.COM *
9396SMatthew.Ahrens@Sun.COM * inputs:
9396SMatthew.Ahrens@Sun.COM * zc_name	name of filesystem
9396SMatthew.Ahrens@Sun.COM * zc_objset_type zfs_userquota_prop_t
9396SMatthew.Ahrens@Sun.COM * zc_value	domain name (eg. "S-1-234-567-89")
9396SMatthew.Ahrens@Sun.COM * zc_guid	RID/UID/GID
9396SMatthew.Ahrens@Sun.COM *
9396SMatthew.Ahrens@Sun.COM * outputs:
9396SMatthew.Ahrens@Sun.COM * zc_cookie	property value
9396SMatthew.Ahrens@Sun.COM */
9396SMatthew.Ahrens@Sun.COMstatic int
9396SMatthew.Ahrens@Sun.COMzfs_ioc_userspace_one(zfs_cmd_t *zc)
9396SMatthew.Ahrens@Sun.COM{
9396SMatthew.Ahrens@Sun.COM	zfsvfs_t *zfsvfs;
9396SMatthew.Ahrens@Sun.COM	int error;
9396SMatthew.Ahrens@Sun.COM
9396SMatthew.Ahrens@Sun.COM	if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
9396SMatthew.Ahrens@Sun.COM		return (EINVAL);
9396SMatthew.Ahrens@Sun.COM
12620SMark.Shellenbaum@Oracle.COM	error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
9396SMatthew.Ahrens@Sun.COM	if (error)
9396SMatthew.Ahrens@Sun.COM		return (error);
9396SMatthew.Ahrens@Sun.COM
9396SMatthew.Ahrens@Sun.COM	error = zfs_userspace_one(zfsvfs,
9396SMatthew.Ahrens@Sun.COM	    zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie);
9396SMatthew.Ahrens@Sun.COM	zfsvfs_rele(zfsvfs, FTAG);
9396SMatthew.Ahrens@Sun.COM
9396SMatthew.Ahrens@Sun.COM	return (error);
9396SMatthew.Ahrens@Sun.COM}
9396SMatthew.Ahrens@Sun.COM
9396SMatthew.Ahrens@Sun.COM/*
9396SMatthew.Ahrens@Sun.COM * inputs:
9396SMatthew.Ahrens@Sun.COM * zc_name		name of filesystem
9396SMatthew.Ahrens@Sun.COM * zc_cookie		zap cursor
9396SMatthew.Ahrens@Sun.COM * zc_objset_type	zfs_userquota_prop_t
9396SMatthew.Ahrens@Sun.COM * zc_nvlist_dst[_size] buffer to fill (not really an nvlist)
9396SMatthew.Ahrens@Sun.COM *
9396SMatthew.Ahrens@Sun.COM * outputs:
9396SMatthew.Ahrens@Sun.COM * zc_nvlist_dst[_size]	data buffer (array of zfs_useracct_t)
9396SMatthew.Ahrens@Sun.COM * zc_cookie	zap cursor
9396SMatthew.Ahrens@Sun.COM */
9396SMatthew.Ahrens@Sun.COMstatic int
9396SMatthew.Ahrens@Sun.COMzfs_ioc_userspace_many(zfs_cmd_t *zc)
9396SMatthew.Ahrens@Sun.COM{
9396SMatthew.Ahrens@Sun.COM	zfsvfs_t *zfsvfs;
11933STim.Haley@Sun.COM	int bufsize = zc->zc_nvlist_dst_size;
11933STim.Haley@Sun.COM
11933STim.Haley@Sun.COM	if (bufsize <= 0)
11933STim.Haley@Sun.COM		return (ENOMEM);
11933STim.Haley@Sun.COM
12620SMark.Shellenbaum@Oracle.COM	int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
9396SMatthew.Ahrens@Sun.COM	if (error)
9396SMatthew.Ahrens@Sun.COM		return (error);
9396SMatthew.Ahrens@Sun.COM
9396SMatthew.Ahrens@Sun.COM	void *buf = kmem_alloc(bufsize, KM_SLEEP);
9396SMatthew.Ahrens@Sun.COM
9396SMatthew.Ahrens@Sun.COM	error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie,
9396SMatthew.Ahrens@Sun.COM	    buf, &zc->zc_nvlist_dst_size);
9396SMatthew.Ahrens@Sun.COM
9396SMatthew.Ahrens@Sun.COM	if (error == 0) {
9396SMatthew.Ahrens@Sun.COM		error = xcopyout(buf,
9396SMatthew.Ahrens@Sun.COM		    (void *)(uintptr_t)zc->zc_nvlist_dst,
9396SMatthew.Ahrens@Sun.COM		    zc->zc_nvlist_dst_size);
9396SMatthew.Ahrens@Sun.COM	}
9396SMatthew.Ahrens@Sun.COM	kmem_free(buf, bufsize);
9396SMatthew.Ahrens@Sun.COM	zfsvfs_rele(zfsvfs, FTAG);
9396SMatthew.Ahrens@Sun.COM
9396SMatthew.Ahrens@Sun.COM	return (error);
9396SMatthew.Ahrens@Sun.COM}
9396SMatthew.Ahrens@Sun.COM
9396SMatthew.Ahrens@Sun.COM/*
9396SMatthew.Ahrens@Sun.COM * inputs:
9396SMatthew.Ahrens@Sun.COM * zc_name		name of filesystem
9396SMatthew.Ahrens@Sun.COM *
9396SMatthew.Ahrens@Sun.COM * outputs:
9396SMatthew.Ahrens@Sun.COM * none
9396SMatthew.Ahrens@Sun.COM */
9396SMatthew.Ahrens@Sun.COMstatic int
9396SMatthew.Ahrens@Sun.COMzfs_ioc_userspace_upgrade(zfs_cmd_t *zc)
9396SMatthew.Ahrens@Sun.COM{
9396SMatthew.Ahrens@Sun.COM	objset_t *os;
11422SMark.Musante@Sun.COM	int error = 0;
9396SMatthew.Ahrens@Sun.COM	zfsvfs_t *zfsvfs;
9396SMatthew.Ahrens@Sun.COM
9396SMatthew.Ahrens@Sun.COM	if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) {
10298SMatthew.Ahrens@Sun.COM		if (!dmu_objset_userused_enabled(zfsvfs->z_os)) {
9396SMatthew.Ahrens@Sun.COM			/*
9396SMatthew.Ahrens@Sun.COM			 * If userused is not enabled, it may be because the
9396SMatthew.Ahrens@Sun.COM			 * objset needs to be closed & reopened (to grow the
9396SMatthew.Ahrens@Sun.COM			 * objset_phys_t).  Suspend/resume the fs will do that.
9396SMatthew.Ahrens@Sun.COM			 */
10298SMatthew.Ahrens@Sun.COM			error = zfs_suspend_fs(zfsvfs);
10298SMatthew.Ahrens@Sun.COM			if (error == 0)
10298SMatthew.Ahrens@Sun.COM				error = zfs_resume_fs(zfsvfs, zc->zc_name);
9396SMatthew.Ahrens@Sun.COM		}
9396SMatthew.Ahrens@Sun.COM		if (error == 0)
9396SMatthew.Ahrens@Sun.COM			error = dmu_objset_userspace_upgrade(zfsvfs->z_os);
9396SMatthew.Ahrens@Sun.COM		VFS_RELE(zfsvfs->z_vfs);
9396SMatthew.Ahrens@Sun.COM	} else {
10298SMatthew.Ahrens@Sun.COM		/* XXX kind of reading contents without owning */
10298SMatthew.Ahrens@Sun.COM		error = dmu_objset_hold(zc->zc_name, FTAG, &os);
9396SMatthew.Ahrens@Sun.COM		if (error)
9396SMatthew.Ahrens@Sun.COM			return (error);
9396SMatthew.Ahrens@Sun.COM
9396SMatthew.Ahrens@Sun.COM		error = dmu_objset_userspace_upgrade(os);
10298SMatthew.Ahrens@Sun.COM		dmu_objset_rele(os, FTAG);
9396SMatthew.Ahrens@Sun.COM	}
9396SMatthew.Ahrens@Sun.COM
9396SMatthew.Ahrens@Sun.COM	return (error);
9396SMatthew.Ahrens@Sun.COM}
9396SMatthew.Ahrens@Sun.COM
9396SMatthew.Ahrens@Sun.COM/*
4543Smarks * We don't want to have a hard dependency
4543Smarks * against some special symbols in sharefs
5331Samw * nfs, and smbsrv.  Determine them if needed when
4543Smarks * the first file system is shared.
5331Samw * Neither sharefs, nfs or smbsrv are unloadable modules.
4543Smarks */
5331Samwint (*znfsexport_fs)(void *arg);
4543Smarksint (*zshare_fs)(enum sharefs_sys_op, share_t *, uint32_t);
5331Samwint (*zsmbexport_fs)(void *arg, boolean_t add_share);
5331Samw
5331Samwint zfs_nfsshare_inited;
5331Samwint zfs_smbshare_inited;
5331Samw
4543Smarksddi_modhandle_t nfs_mod;
4543Smarksddi_modhandle_t sharefs_mod;
5331Samwddi_modhandle_t smbsrv_mod;
4543Smarkskmutex_t zfs_share_lock;
4543Smarks
4543Smarksstatic int
5331Samwzfs_init_sharefs()
5331Samw{
5331Samw	int error;
5331Samw
5331Samw	ASSERT(MUTEX_HELD(&zfs_share_lock));
5331Samw	/* Both NFS and SMB shares also require sharetab support. */
5331Samw	if (sharefs_mod == NULL && ((sharefs_mod =
5331Samw	    ddi_modopen("fs/sharefs",
5331Samw	    KRTLD_MODE_FIRST, &error)) == NULL)) {
5331Samw		return (ENOSYS);
5331Samw	}
5331Samw	if (zshare_fs == NULL && ((zshare_fs =
5331Samw	    (int (*)(enum sharefs_sys_op, share_t *, uint32_t))
5331Samw	    ddi_modsym(sharefs_mod, "sharefs_impl", &error)) == NULL)) {
5331Samw		return (ENOSYS);
5331Samw	}
5331Samw	return (0);
5331Samw}
5331Samw
5331Samwstatic int
4543Smarkszfs_ioc_share(zfs_cmd_t *zc)
4543Smarks{
4543Smarks	int error;
4543Smarks	int opcode;
4543Smarks
5331Samw	switch (zc->zc_share.z_sharetype) {
5331Samw	case ZFS_SHARE_NFS:
5331Samw	case ZFS_UNSHARE_NFS:
5331Samw		if (zfs_nfsshare_inited == 0) {
5331Samw			mutex_enter(&zfs_share_lock);
5331Samw			if (nfs_mod == NULL && ((nfs_mod = ddi_modopen("fs/nfs",
5331Samw			    KRTLD_MODE_FIRST, &error)) == NULL)) {
5331Samw				mutex_exit(&zfs_share_lock);
5331Samw				return (ENOSYS);
5331Samw			}
5331Samw			if (znfsexport_fs == NULL &&
5331Samw			    ((znfsexport_fs = (int (*)(void *))
5331Samw			    ddi_modsym(nfs_mod,
5331Samw			    "nfs_export", &error)) == NULL)) {
5331Samw				mutex_exit(&zfs_share_lock);
5331Samw				return (ENOSYS);
5331Samw			}
5331Samw			error = zfs_init_sharefs();
5331Samw			if (error) {
5331Samw				mutex_exit(&zfs_share_lock);
5331Samw				return (ENOSYS);
5331Samw			}
5331Samw			zfs_nfsshare_inited = 1;
4543Smarks			mutex_exit(&zfs_share_lock);
4543Smarks		}
5331Samw		break;
5331Samw	case ZFS_SHARE_SMB:
5331Samw	case ZFS_UNSHARE_SMB:
5331Samw		if (zfs_smbshare_inited == 0) {
5331Samw			mutex_enter(&zfs_share_lock);
5331Samw			if (smbsrv_mod == NULL && ((smbsrv_mod =
5331Samw			    ddi_modopen("drv/smbsrv",
5331Samw			    KRTLD_MODE_FIRST, &error)) == NULL)) {
5331Samw				mutex_exit(&zfs_share_lock);
5331Samw				return (ENOSYS);
5331Samw			}
5331Samw			if (zsmbexport_fs == NULL && ((zsmbexport_fs =
5331Samw			    (int (*)(void *, boolean_t))ddi_modsym(smbsrv_mod,
6139Sjb150015			    "smb_server_share", &error)) == NULL)) {
5331Samw				mutex_exit(&zfs_share_lock);
5331Samw				return (ENOSYS);
5331Samw			}
5331Samw			error = zfs_init_sharefs();
5331Samw			if (error) {
5331Samw				mutex_exit(&zfs_share_lock);
5331Samw				return (ENOSYS);
5331Samw			}
5331Samw			zfs_smbshare_inited = 1;
4543Smarks			mutex_exit(&zfs_share_lock);
4543Smarks		}
5331Samw		break;
5331Samw	default:
5331Samw		return (EINVAL);
4543Smarks	}
4543Smarks
5331Samw	switch (zc->zc_share.z_sharetype) {
5331Samw	case ZFS_SHARE_NFS:
5331Samw	case ZFS_UNSHARE_NFS:
5331Samw		if (error =
5331Samw		    znfsexport_fs((void *)
5331Samw		    (uintptr_t)zc->zc_share.z_exportdata))
5331Samw			return (error);
5331Samw		break;
5331Samw	case ZFS_SHARE_SMB:
5331Samw	case ZFS_UNSHARE_SMB:
5331Samw		if (error = zsmbexport_fs((void *)
5331Samw		    (uintptr_t)zc->zc_share.z_exportdata,
5331Samw		    zc->zc_share.z_sharetype == ZFS_SHARE_SMB ?
8845Samw@Sun.COM		    B_TRUE: B_FALSE)) {
5331Samw			return (error);
5331Samw		}
5331Samw		break;
5331Samw	}
5331Samw
5331Samw	opcode = (zc->zc_share.z_sharetype == ZFS_SHARE_NFS ||
5331Samw	    zc->zc_share.z_sharetype == ZFS_SHARE_SMB) ?
4543Smarks	    SHAREFS_ADD : SHAREFS_REMOVE;
4543Smarks
5331Samw	/*
5331Samw	 * Add or remove share from sharetab
5331Samw	 */
4543Smarks	error = zshare_fs(opcode,
4543Smarks	    (void *)(uintptr_t)zc->zc_share.z_sharedata,
4543Smarks	    zc->zc_share.z_sharemax);
4543Smarks
4543Smarks	return (error);
4543Smarks
4543Smarks}
4543Smarks
8845Samw@Sun.COMace_t full_access[] = {
8845Samw@Sun.COM	{(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0}
8845Samw@Sun.COM};
8845Samw@Sun.COM
8845Samw@Sun.COM/*
13043STim.Haley@Sun.COM * inputs:
13043STim.Haley@Sun.COM * zc_name		name of containing filesystem
13043STim.Haley@Sun.COM * zc_obj		object # beyond which we want next in-use object #
13043STim.Haley@Sun.COM *
13043STim.Haley@Sun.COM * outputs:
13043STim.Haley@Sun.COM * zc_obj		next in-use object #
13043STim.Haley@Sun.COM */
13043STim.Haley@Sun.COMstatic int
13043STim.Haley@Sun.COMzfs_ioc_next_obj(zfs_cmd_t *zc)
13043STim.Haley@Sun.COM{
13043STim.Haley@Sun.COM	objset_t *os = NULL;
13043STim.Haley@Sun.COM	int error;
13043STim.Haley@Sun.COM
13043STim.Haley@Sun.COM	error = dmu_objset_hold(zc->zc_name, FTAG, &os);
13043STim.Haley@Sun.COM	if (error)
13043STim.Haley@Sun.COM		return (error);
13043STim.Haley@Sun.COM
13043STim.Haley@Sun.COM	error = dmu_object_next(os, &zc->zc_obj, B_FALSE,
13043STim.Haley@Sun.COM	    os->os_dsl_dataset->ds_phys->ds_prev_snap_txg);
13043STim.Haley@Sun.COM
13043STim.Haley@Sun.COM	dmu_objset_rele(os, FTAG);
13043STim.Haley@Sun.COM	return (error);
13043STim.Haley@Sun.COM}
13043STim.Haley@Sun.COM
13043STim.Haley@Sun.COM/*
13043STim.Haley@Sun.COM * inputs:
13043STim.Haley@Sun.COM * zc_name		name of filesystem
13043STim.Haley@Sun.COM * zc_value		prefix name for snapshot
13043STim.Haley@Sun.COM * zc_cleanup_fd	cleanup-on-exit file descriptor for calling process
13043STim.Haley@Sun.COM *
13043STim.Haley@Sun.COM * outputs:
13043STim.Haley@Sun.COM */
13043STim.Haley@Sun.COMstatic int
13043STim.Haley@Sun.COMzfs_ioc_tmp_snapshot(zfs_cmd_t *zc)
13043STim.Haley@Sun.COM{
13043STim.Haley@Sun.COM	char *snap_name;
13043STim.Haley@Sun.COM	int error;
13043STim.Haley@Sun.COM
13043STim.Haley@Sun.COM	snap_name = kmem_asprintf("%s-%016llx", zc->zc_value,
13043STim.Haley@Sun.COM	    (u_longlong_t)ddi_get_lbolt64());
13043STim.Haley@Sun.COM
13043STim.Haley@Sun.COM	if (strlen(snap_name) >= MAXNAMELEN) {
13043STim.Haley@Sun.COM		strfree(snap_name);
13043STim.Haley@Sun.COM		return (E2BIG);
13043STim.Haley@Sun.COM	}
13043STim.Haley@Sun.COM
13043STim.Haley@Sun.COM	error = dmu_objset_snapshot(zc->zc_name, snap_name, snap_name,
13043STim.Haley@Sun.COM	    NULL, B_FALSE, B_TRUE, zc->zc_cleanup_fd);
13043STim.Haley@Sun.COM	if (error != 0) {
13043STim.Haley@Sun.COM		strfree(snap_name);
13043STim.Haley@Sun.COM		return (error);
13043STim.Haley@Sun.COM	}
13043STim.Haley@Sun.COM
13043STim.Haley@Sun.COM	(void) strcpy(zc->zc_value, snap_name);
13043STim.Haley@Sun.COM	strfree(snap_name);
13043STim.Haley@Sun.COM	return (0);
13043STim.Haley@Sun.COM}
13043STim.Haley@Sun.COM
13043STim.Haley@Sun.COM/*
13043STim.Haley@Sun.COM * inputs:
13043STim.Haley@Sun.COM * zc_name		name of "to" snapshot
13043STim.Haley@Sun.COM * zc_value		name of "from" snapshot
13043STim.Haley@Sun.COM * zc_cookie		file descriptor to write diff data on
13043STim.Haley@Sun.COM *
13043STim.Haley@Sun.COM * outputs:
13043STim.Haley@Sun.COM * dmu_diff_record_t's to the file descriptor
13043STim.Haley@Sun.COM */
13043STim.Haley@Sun.COMstatic int
13043STim.Haley@Sun.COMzfs_ioc_diff(zfs_cmd_t *zc)
13043STim.Haley@Sun.COM{
13043STim.Haley@Sun.COM	objset_t *fromsnap;
13043STim.Haley@Sun.COM	objset_t *tosnap;
13043STim.Haley@Sun.COM	file_t *fp;
13043STim.Haley@Sun.COM	offset_t off;
13043STim.Haley@Sun.COM	int error;
13043STim.Haley@Sun.COM
13043STim.Haley@Sun.COM	error = dmu_objset_hold(zc->zc_name, FTAG, &tosnap);
13043STim.Haley@Sun.COM	if (error)
13043STim.Haley@Sun.COM		return (error);
13043STim.Haley@Sun.COM
13043STim.Haley@Sun.COM	error = dmu_objset_hold(zc->zc_value, FTAG, &fromsnap);
13043STim.Haley@Sun.COM	if (error) {
13043STim.Haley@Sun.COM		dmu_objset_rele(tosnap, FTAG);
13043STim.Haley@Sun.COM		return (error);
13043STim.Haley@Sun.COM	}
13043STim.Haley@Sun.COM
13043STim.Haley@Sun.COM	fp = getf(zc->zc_cookie);
13043STim.Haley@Sun.COM	if (fp == NULL) {
13043STim.Haley@Sun.COM		dmu_objset_rele(fromsnap, FTAG);
13043STim.Haley@Sun.COM		dmu_objset_rele(tosnap, FTAG);
13043STim.Haley@Sun.COM		return (EBADF);
13043STim.Haley@Sun.COM	}
13043STim.Haley@Sun.COM
13043STim.Haley@Sun.COM	off = fp->f_offset;
13043STim.Haley@Sun.COM
13043STim.Haley@Sun.COM	error = dmu_diff(tosnap, fromsnap, fp->f_vnode, &off);
13043STim.Haley@Sun.COM
13043STim.Haley@Sun.COM	if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
13043STim.Haley@Sun.COM		fp->f_offset = off;
13043STim.Haley@Sun.COM	releasef(zc->zc_cookie);
13043STim.Haley@Sun.COM
13043STim.Haley@Sun.COM	dmu_objset_rele(fromsnap, FTAG);
13043STim.Haley@Sun.COM	dmu_objset_rele(tosnap, FTAG);
13043STim.Haley@Sun.COM	return (error);
13043STim.Haley@Sun.COM}
13043STim.Haley@Sun.COM
13043STim.Haley@Sun.COM/*
8845Samw@Sun.COM * Remove all ACL files in shares dir
8845Samw@Sun.COM */
8845Samw@Sun.COMstatic int
8845Samw@Sun.COMzfs_smb_acl_purge(znode_t *dzp)
8845Samw@Sun.COM{
8845Samw@Sun.COM	zap_cursor_t	zc;
8845Samw@Sun.COM	zap_attribute_t	zap;
8845Samw@Sun.COM	zfsvfs_t *zfsvfs = dzp->z_zfsvfs;
8845Samw@Sun.COM	int error;
8845Samw@Sun.COM
8845Samw@Sun.COM	for (zap_cursor_init(&zc, zfsvfs->z_os, dzp->z_id);
8845Samw@Sun.COM	    (error = zap_cursor_retrieve(&zc, &zap)) == 0;
8845Samw@Sun.COM	    zap_cursor_advance(&zc)) {
8845Samw@Sun.COM		if ((error = VOP_REMOVE(ZTOV(dzp), zap.za_name, kcred,
8845Samw@Sun.COM		    NULL, 0)) != 0)
8845Samw@Sun.COM			break;
8845Samw@Sun.COM	}
8845Samw@Sun.COM	zap_cursor_fini(&zc);
8845Samw@Sun.COM	return (error);
8845Samw@Sun.COM}
8845Samw@Sun.COM
8845Samw@Sun.COMstatic int
8845Samw@Sun.COMzfs_ioc_smb_acl(zfs_cmd_t *zc)
8845Samw@Sun.COM{
8845Samw@Sun.COM	vnode_t *vp;
8845Samw@Sun.COM	znode_t *dzp;
8845Samw@Sun.COM	vnode_t *resourcevp = NULL;
8845Samw@Sun.COM	znode_t *sharedir;
8845Samw@Sun.COM	zfsvfs_t *zfsvfs;
8845Samw@Sun.COM	nvlist_t *nvlist;
8845Samw@Sun.COM	char *src, *target;
8845Samw@Sun.COM	vattr_t vattr;
8845Samw@Sun.COM	vsecattr_t vsec;
8845Samw@Sun.COM	int error = 0;
8845Samw@Sun.COM
8845Samw@Sun.COM	if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
8845Samw@Sun.COM	    NO_FOLLOW, NULL, &vp)) != 0)
8845Samw@Sun.COM		return (error);
8845Samw@Sun.COM
8845Samw@Sun.COM	/* Now make sure mntpnt and dataset are ZFS */
8845Samw@Sun.COM
8845Samw@Sun.COM	if (vp->v_vfsp->vfs_fstype != zfsfstype ||
8845Samw@Sun.COM	    (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
8845Samw@Sun.COM	    zc->zc_name) != 0)) {
8845Samw@Sun.COM		VN_RELE(vp);
8845Samw@Sun.COM		return (EINVAL);
8845Samw@Sun.COM	}
8845Samw@Sun.COM
8845Samw@Sun.COM	dzp = VTOZ(vp);
8845Samw@Sun.COM	zfsvfs = dzp->z_zfsvfs;
8845Samw@Sun.COM	ZFS_ENTER(zfsvfs);
8845Samw@Sun.COM
9030SMark.Shellenbaum@Sun.COM	/*
9030SMark.Shellenbaum@Sun.COM	 * Create share dir if its missing.
9030SMark.Shellenbaum@Sun.COM	 */
9030SMark.Shellenbaum@Sun.COM	mutex_enter(&zfsvfs->z_lock);
9030SMark.Shellenbaum@Sun.COM	if (zfsvfs->z_shares_dir == 0) {
9030SMark.Shellenbaum@Sun.COM		dmu_tx_t *tx;
9030SMark.Shellenbaum@Sun.COM
9030SMark.Shellenbaum@Sun.COM		tx = dmu_tx_create(zfsvfs->z_os);
9030SMark.Shellenbaum@Sun.COM		dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, TRUE,
9030SMark.Shellenbaum@Sun.COM		    ZFS_SHARES_DIR);
9030SMark.Shellenbaum@Sun.COM		dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL);
9030SMark.Shellenbaum@Sun.COM		error = dmu_tx_assign(tx, TXG_WAIT);
9030SMark.Shellenbaum@Sun.COM		if (error) {
9030SMark.Shellenbaum@Sun.COM			dmu_tx_abort(tx);
9030SMark.Shellenbaum@Sun.COM		} else {
9030SMark.Shellenbaum@Sun.COM			error = zfs_create_share_dir(zfsvfs, tx);
9030SMark.Shellenbaum@Sun.COM			dmu_tx_commit(tx);
9030SMark.Shellenbaum@Sun.COM		}
9030SMark.Shellenbaum@Sun.COM		if (error) {
9030SMark.Shellenbaum@Sun.COM			mutex_exit(&zfsvfs->z_lock);
9030SMark.Shellenbaum@Sun.COM			VN_RELE(vp);
9030SMark.Shellenbaum@Sun.COM			ZFS_EXIT(zfsvfs);
9030SMark.Shellenbaum@Sun.COM			return (error);
9030SMark.Shellenbaum@Sun.COM		}
9030SMark.Shellenbaum@Sun.COM	}
9030SMark.Shellenbaum@Sun.COM	mutex_exit(&zfsvfs->z_lock);
9030SMark.Shellenbaum@Sun.COM
9030SMark.Shellenbaum@Sun.COM	ASSERT(zfsvfs->z_shares_dir);
8845Samw@Sun.COM	if ((error = zfs_zget(zfsvfs, zfsvfs->z_shares_dir, &sharedir)) != 0) {
9030SMark.Shellenbaum@Sun.COM		VN_RELE(vp);
8845Samw@Sun.COM		ZFS_EXIT(zfsvfs);
8845Samw@Sun.COM		return (error);
8845Samw@Sun.COM	}
8845Samw@Sun.COM
8845Samw@Sun.COM	switch (zc->zc_cookie) {
8845Samw@Sun.COM	case ZFS_SMB_ACL_ADD:
8845Samw@Sun.COM		vattr.va_mask = AT_MODE|AT_UID|AT_GID|AT_TYPE;
8845Samw@Sun.COM		vattr.va_type = VREG;
8845Samw@Sun.COM		vattr.va_mode = S_IFREG|0777;
8845Samw@Sun.COM		vattr.va_uid = 0;
8845Samw@Sun.COM		vattr.va_gid = 0;
8845Samw@Sun.COM
8845Samw@Sun.COM		vsec.vsa_mask = VSA_ACE;
8845Samw@Sun.COM		vsec.vsa_aclentp = &full_access;
8845Samw@Sun.COM		vsec.vsa_aclentsz = sizeof (full_access);
8845Samw@Sun.COM		vsec.vsa_aclcnt = 1;
8845Samw@Sun.COM
8845Samw@Sun.COM		error = VOP_CREATE(ZTOV(sharedir), zc->zc_string,
8845Samw@Sun.COM		    &vattr, EXCL, 0, &resourcevp, kcred, 0, NULL, &vsec);
8845Samw@Sun.COM		if (resourcevp)
8845Samw@Sun.COM			VN_RELE(resourcevp);
8845Samw@Sun.COM		break;
8845Samw@Sun.COM
8845Samw@Sun.COM	case ZFS_SMB_ACL_REMOVE:
8845Samw@Sun.COM		error = VOP_REMOVE(ZTOV(sharedir), zc->zc_string, kcred,
8845Samw@Sun.COM		    NULL, 0);
8845Samw@Sun.COM		break;
8845Samw@Sun.COM
8845Samw@Sun.COM	case ZFS_SMB_ACL_RENAME:
8845Samw@Sun.COM		if ((error = get_nvlist(zc->zc_nvlist_src,
9643SEric.Taylor@Sun.COM		    zc->zc_nvlist_src_size, zc->zc_iflags, &nvlist)) != 0) {
8845Samw@Sun.COM			VN_RELE(vp);
8845Samw@Sun.COM			ZFS_EXIT(zfsvfs);
8845Samw@Sun.COM			return (error);
8845Samw@Sun.COM		}
8845Samw@Sun.COM		if (nvlist_lookup_string(nvlist, ZFS_SMB_ACL_SRC, &src) ||
8845Samw@Sun.COM		    nvlist_lookup_string(nvlist, ZFS_SMB_ACL_TARGET,
8845Samw@Sun.COM		    &target)) {
8845Samw@Sun.COM			VN_RELE(vp);
9179SMark.Shellenbaum@Sun.COM			VN_RELE(ZTOV(sharedir));
8845Samw@Sun.COM			ZFS_EXIT(zfsvfs);
11422SMark.Musante@Sun.COM			nvlist_free(nvlist);
8845Samw@Sun.COM			return (error);
8845Samw@Sun.COM		}
8845Samw@Sun.COM		error = VOP_RENAME(ZTOV(sharedir), src, ZTOV(sharedir), target,
8845Samw@Sun.COM		    kcred, NULL, 0);
8845Samw@Sun.COM		nvlist_free(nvlist);
8845Samw@Sun.COM		break;
8845Samw@Sun.COM
8845Samw@Sun.COM	case ZFS_SMB_ACL_PURGE:
8845Samw@Sun.COM		error = zfs_smb_acl_purge(sharedir);
8845Samw@Sun.COM		break;
8845Samw@Sun.COM
8845Samw@Sun.COM	default:
8845Samw@Sun.COM		error = EINVAL;
8845Samw@Sun.COM		break;
8845Samw@Sun.COM	}
8845Samw@Sun.COM
8845Samw@Sun.COM	VN_RELE(vp);
8845Samw@Sun.COM	VN_RELE(ZTOV(sharedir));
8845Samw@Sun.COM
8845Samw@Sun.COM	ZFS_EXIT(zfsvfs);
8845Samw@Sun.COM
8845Samw@Sun.COM	return (error);
8845Samw@Sun.COM}
8845Samw@Sun.COM
4543Smarks/*
10242Schris.kirby@sun.com * inputs:
12527SChris.Kirby@oracle.com * zc_name		name of filesystem
12527SChris.Kirby@oracle.com * zc_value		short name of snap
12527SChris.Kirby@oracle.com * zc_string		user-supplied tag for this hold
12527SChris.Kirby@oracle.com * zc_cookie		recursive flag
12527SChris.Kirby@oracle.com * zc_temphold		set if hold is temporary
12527SChris.Kirby@oracle.com * zc_cleanup_fd	cleanup-on-exit file descriptor for calling process
12786SChris.Kirby@oracle.com * zc_sendobj		if non-zero, the objid for zc_name@zc_value
12786SChris.Kirby@oracle.com * zc_createtxg		if zc_sendobj is non-zero, snap must have zc_createtxg
10242Schris.kirby@sun.com *
10242Schris.kirby@sun.com * outputs:		none
10242Schris.kirby@sun.com */
10242Schris.kirby@sun.comstatic int
10242Schris.kirby@sun.comzfs_ioc_hold(zfs_cmd_t *zc)
10242Schris.kirby@sun.com{
10242Schris.kirby@sun.com	boolean_t recursive = zc->zc_cookie;
12786SChris.Kirby@oracle.com	spa_t *spa;
12786SChris.Kirby@oracle.com	dsl_pool_t *dp;
12786SChris.Kirby@oracle.com	dsl_dataset_t *ds;
12786SChris.Kirby@oracle.com	int error;
12786SChris.Kirby@oracle.com	minor_t minor = 0;
10242Schris.kirby@sun.com
10242Schris.kirby@sun.com	if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
10242Schris.kirby@sun.com		return (EINVAL);
10242Schris.kirby@sun.com
12786SChris.Kirby@oracle.com	if (zc->zc_sendobj == 0) {
12786SChris.Kirby@oracle.com		return (dsl_dataset_user_hold(zc->zc_name, zc->zc_value,
12786SChris.Kirby@oracle.com		    zc->zc_string, recursive, zc->zc_temphold,
12786SChris.Kirby@oracle.com		    zc->zc_cleanup_fd));
12786SChris.Kirby@oracle.com	}
12786SChris.Kirby@oracle.com
12786SChris.Kirby@oracle.com	if (recursive)
12786SChris.Kirby@oracle.com		return (EINVAL);
12786SChris.Kirby@oracle.com
12786SChris.Kirby@oracle.com	error = spa_open(zc->zc_name, &spa, FTAG);
12786SChris.Kirby@oracle.com	if (error)
12786SChris.Kirby@oracle.com		return (error);
12786SChris.Kirby@oracle.com
12786SChris.Kirby@oracle.com	dp = spa_get_dsl(spa);
12786SChris.Kirby@oracle.com	rw_enter(&dp->dp_config_rwlock, RW_READER);
12786SChris.Kirby@oracle.com	error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
12786SChris.Kirby@oracle.com	rw_exit(&dp->dp_config_rwlock);
12786SChris.Kirby@oracle.com	spa_close(spa, FTAG);
12786SChris.Kirby@oracle.com	if (error)
12786SChris.Kirby@oracle.com		return (error);
12786SChris.Kirby@oracle.com
12786SChris.Kirby@oracle.com	/*
12786SChris.Kirby@oracle.com	 * Until we have a hold on this snapshot, it's possible that
12786SChris.Kirby@oracle.com	 * zc_sendobj could've been destroyed and reused as part
12786SChris.Kirby@oracle.com	 * of a later txg.  Make sure we're looking at the right object.
12786SChris.Kirby@oracle.com	 */
12786SChris.Kirby@oracle.com	if (zc->zc_createtxg != ds->ds_phys->ds_creation_txg) {
12786SChris.Kirby@oracle.com		dsl_dataset_rele(ds, FTAG);
12786SChris.Kirby@oracle.com		return (ENOENT);
12786SChris.Kirby@oracle.com	}
12786SChris.Kirby@oracle.com
12786SChris.Kirby@oracle.com	if (zc->zc_cleanup_fd != -1 && zc->zc_temphold) {
12786SChris.Kirby@oracle.com		error = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor);
12786SChris.Kirby@oracle.com		if (error) {
12786SChris.Kirby@oracle.com			dsl_dataset_rele(ds, FTAG);
12786SChris.Kirby@oracle.com			return (error);
12786SChris.Kirby@oracle.com		}
12786SChris.Kirby@oracle.com	}
12786SChris.Kirby@oracle.com
12786SChris.Kirby@oracle.com	error = dsl_dataset_user_hold_for_send(ds, zc->zc_string,
12786SChris.Kirby@oracle.com	    zc->zc_temphold);
12786SChris.Kirby@oracle.com	if (minor != 0) {
12786SChris.Kirby@oracle.com		if (error == 0) {
12786SChris.Kirby@oracle.com			dsl_register_onexit_hold_cleanup(ds, zc->zc_string,
12786SChris.Kirby@oracle.com			    minor);
12786SChris.Kirby@oracle.com		}
12786SChris.Kirby@oracle.com		zfs_onexit_fd_rele(zc->zc_cleanup_fd);
12786SChris.Kirby@oracle.com	}
12786SChris.Kirby@oracle.com	dsl_dataset_rele(ds, FTAG);
12786SChris.Kirby@oracle.com
12786SChris.Kirby@oracle.com	return (error);
10242Schris.kirby@sun.com}
10242Schris.kirby@sun.com
10242Schris.kirby@sun.com/*
10242Schris.kirby@sun.com * inputs:
12527SChris.Kirby@oracle.com * zc_name	name of dataset from which we're releasing a user hold
10242Schris.kirby@sun.com * zc_value	short name of snap
12527SChris.Kirby@oracle.com * zc_string	user-supplied tag for this hold
10242Schris.kirby@sun.com * zc_cookie	recursive flag
10242Schris.kirby@sun.com *
12527SChris.Kirby@oracle.com * outputs:	none
10242Schris.kirby@sun.com */
10242Schris.kirby@sun.comstatic int
10242Schris.kirby@sun.comzfs_ioc_release(zfs_cmd_t *zc)
10242Schris.kirby@sun.com{
10242Schris.kirby@sun.com	boolean_t recursive = zc->zc_cookie;
10242Schris.kirby@sun.com
10242Schris.kirby@sun.com	if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
10242Schris.kirby@sun.com		return (EINVAL);
10242Schris.kirby@sun.com
10242Schris.kirby@sun.com	return (dsl_dataset_user_release(zc->zc_name, zc->zc_value,
10242Schris.kirby@sun.com	    zc->zc_string, recursive));
10242Schris.kirby@sun.com}
10242Schris.kirby@sun.com
10242Schris.kirby@sun.com/*
10242Schris.kirby@sun.com * inputs:
10242Schris.kirby@sun.com * zc_name		name of filesystem
10242Schris.kirby@sun.com *
10242Schris.kirby@sun.com * outputs:
10242Schris.kirby@sun.com * zc_nvlist_src{_size}	nvlist of snapshot holds
10242Schris.kirby@sun.com */
10242Schris.kirby@sun.comstatic int
10242Schris.kirby@sun.comzfs_ioc_get_holds(zfs_cmd_t *zc)
10242Schris.kirby@sun.com{
10242Schris.kirby@sun.com	nvlist_t *nvp;
10242Schris.kirby@sun.com	int error;
10242Schris.kirby@sun.com
10242Schris.kirby@sun.com	if ((error = dsl_dataset_get_holds(zc->zc_name, &nvp)) == 0) {
10242Schris.kirby@sun.com		error = put_nvlist(zc, nvp);
10242Schris.kirby@sun.com		nvlist_free(nvp);
10242Schris.kirby@sun.com	}
10242Schris.kirby@sun.com
10242Schris.kirby@sun.com	return (error);
10242Schris.kirby@sun.com}
10242Schris.kirby@sun.com
10242Schris.kirby@sun.com/*
4988Sek110237 * pool create, destroy, and export don't log the history as part of
4988Sek110237 * zfsdev_ioctl, but rather zfs_ioc_pool_create, and zfs_ioc_pool_export
4988Sek110237 * do the logging of those commands.
4543Smarks */
789Sahrensstatic zfs_ioc_vec_t zfs_ioc_vec[] = {
9234SGeorge.Wilson@Sun.COM	{ zfs_ioc_pool_create, zfs_secpolicy_config, POOL_NAME, B_FALSE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_NONE },
9234SGeorge.Wilson@Sun.COM	{ zfs_ioc_pool_destroy,	zfs_secpolicy_config, POOL_NAME, B_FALSE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_NONE },
9234SGeorge.Wilson@Sun.COM	{ zfs_ioc_pool_import, zfs_secpolicy_config, POOL_NAME, B_TRUE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_NONE },
9234SGeorge.Wilson@Sun.COM	{ zfs_ioc_pool_export, zfs_secpolicy_config, POOL_NAME, B_FALSE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_NONE },
9234SGeorge.Wilson@Sun.COM	{ zfs_ioc_pool_configs,	zfs_secpolicy_none, NO_NAME, B_FALSE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_NONE },
9234SGeorge.Wilson@Sun.COM	{ zfs_ioc_pool_stats, zfs_secpolicy_read, POOL_NAME, B_FALSE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_NONE },
9234SGeorge.Wilson@Sun.COM	{ zfs_ioc_pool_tryimport, zfs_secpolicy_config, NO_NAME, B_FALSE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_NONE },
12296SLin.Ling@Sun.COM	{ zfs_ioc_pool_scan, zfs_secpolicy_config, POOL_NAME, B_TRUE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
9234SGeorge.Wilson@Sun.COM	{ zfs_ioc_pool_freeze, zfs_secpolicy_config, NO_NAME, B_FALSE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_READONLY },
9234SGeorge.Wilson@Sun.COM	{ zfs_ioc_pool_upgrade,	zfs_secpolicy_config, POOL_NAME, B_TRUE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
9234SGeorge.Wilson@Sun.COM	{ zfs_ioc_pool_get_history, zfs_secpolicy_config, POOL_NAME, B_FALSE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_NONE },
9234SGeorge.Wilson@Sun.COM	{ zfs_ioc_vdev_add, zfs_secpolicy_config, POOL_NAME, B_TRUE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
9234SGeorge.Wilson@Sun.COM	{ zfs_ioc_vdev_remove, zfs_secpolicy_config, POOL_NAME, B_TRUE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
9234SGeorge.Wilson@Sun.COM	{ zfs_ioc_vdev_set_state, zfs_secpolicy_config,	POOL_NAME, B_TRUE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
9234SGeorge.Wilson@Sun.COM	{ zfs_ioc_vdev_attach, zfs_secpolicy_config, POOL_NAME, B_TRUE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
9234SGeorge.Wilson@Sun.COM	{ zfs_ioc_vdev_detach, zfs_secpolicy_config, POOL_NAME, B_TRUE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
9234SGeorge.Wilson@Sun.COM	{ zfs_ioc_vdev_setpath,	zfs_secpolicy_config, POOL_NAME, B_FALSE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
9425SEric.Schrock@Sun.COM	{ zfs_ioc_vdev_setfru,	zfs_secpolicy_config, POOL_NAME, B_FALSE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
9234SGeorge.Wilson@Sun.COM	{ zfs_ioc_objset_stats,	zfs_secpolicy_read, DATASET_NAME, B_FALSE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_SUSPENDED },
9234SGeorge.Wilson@Sun.COM	{ zfs_ioc_objset_zplprops, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_NONE },
9234SGeorge.Wilson@Sun.COM	{ zfs_ioc_dataset_list_next, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_SUSPENDED },
9234SGeorge.Wilson@Sun.COM	{ zfs_ioc_snapshot_list_next, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_SUSPENDED },
*13049SGeorge.Wilson@Sun.COM	{ zfs_ioc_set_prop, zfs_secpolicy_none, DATASET_NAME, B_TRUE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
*13049SGeorge.Wilson@Sun.COM	{ zfs_ioc_create, zfs_secpolicy_create, DATASET_NAME, B_TRUE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
9234SGeorge.Wilson@Sun.COM	{ zfs_ioc_destroy, zfs_secpolicy_destroy, DATASET_NAME, B_TRUE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
9234SGeorge.Wilson@Sun.COM	{ zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME, B_TRUE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
*13049SGeorge.Wilson@Sun.COM	{ zfs_ioc_rename, zfs_secpolicy_rename,	DATASET_NAME, B_TRUE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
*13049SGeorge.Wilson@Sun.COM	{ zfs_ioc_recv, zfs_secpolicy_receive, DATASET_NAME, B_TRUE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
*13049SGeorge.Wilson@Sun.COM	{ zfs_ioc_send, zfs_secpolicy_send, DATASET_NAME, B_TRUE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_NONE },
9234SGeorge.Wilson@Sun.COM	{ zfs_ioc_inject_fault,	zfs_secpolicy_inject, NO_NAME, B_FALSE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_NONE },
9234SGeorge.Wilson@Sun.COM	{ zfs_ioc_clear_fault, zfs_secpolicy_inject, NO_NAME, B_FALSE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_NONE },
9234SGeorge.Wilson@Sun.COM	{ zfs_ioc_inject_list_next, zfs_secpolicy_inject, NO_NAME, B_FALSE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_NONE },
9234SGeorge.Wilson@Sun.COM	{ zfs_ioc_error_log, zfs_secpolicy_inject, POOL_NAME, B_FALSE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_NONE },
*13049SGeorge.Wilson@Sun.COM	{ zfs_ioc_clear, zfs_secpolicy_config, POOL_NAME, B_TRUE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_NONE },
9234SGeorge.Wilson@Sun.COM	{ zfs_ioc_promote, zfs_secpolicy_promote, DATASET_NAME, B_TRUE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
11314Swilliam.gorrell@sun.com	{ zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, DATASET_NAME,
*13049SGeorge.Wilson@Sun.COM	    B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
9234SGeorge.Wilson@Sun.COM	{ zfs_ioc_snapshot, zfs_secpolicy_snapshot, DATASET_NAME, B_TRUE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
13043STim.Haley@Sun.COM	{ zfs_ioc_dsobj_to_dsname, zfs_secpolicy_diff, POOL_NAME, B_FALSE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_NONE },
13043STim.Haley@Sun.COM	{ zfs_ioc_obj_to_path, zfs_secpolicy_diff, DATASET_NAME, B_FALSE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_SUSPENDED },
9234SGeorge.Wilson@Sun.COM	{ zfs_ioc_pool_set_props, zfs_secpolicy_config,	POOL_NAME, B_TRUE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
9234SGeorge.Wilson@Sun.COM	{ zfs_ioc_pool_get_props, zfs_secpolicy_read, POOL_NAME, B_FALSE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_NONE },
9234SGeorge.Wilson@Sun.COM	{ zfs_ioc_set_fsacl, zfs_secpolicy_fsacl, DATASET_NAME, B_TRUE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
9234SGeorge.Wilson@Sun.COM	{ zfs_ioc_get_fsacl, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_NONE },
*13049SGeorge.Wilson@Sun.COM	{ zfs_ioc_share, zfs_secpolicy_share, DATASET_NAME, B_FALSE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_NONE },
9234SGeorge.Wilson@Sun.COM	{ zfs_ioc_inherit_prop, zfs_secpolicy_inherit, DATASET_NAME, B_TRUE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
9234SGeorge.Wilson@Sun.COM	{ zfs_ioc_smb_acl, zfs_secpolicy_smb_acl, DATASET_NAME, B_FALSE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_NONE },
*13049SGeorge.Wilson@Sun.COM	{ zfs_ioc_userspace_one, zfs_secpolicy_userspace_one, DATASET_NAME,
*13049SGeorge.Wilson@Sun.COM	    B_FALSE, POOL_CHECK_NONE },
*13049SGeorge.Wilson@Sun.COM	{ zfs_ioc_userspace_many, zfs_secpolicy_userspace_many, DATASET_NAME,
*13049SGeorge.Wilson@Sun.COM	    B_FALSE, POOL_CHECK_NONE },
9396SMatthew.Ahrens@Sun.COM	{ zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade,
*13049SGeorge.Wilson@Sun.COM	    DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
*13049SGeorge.Wilson@Sun.COM	{ zfs_ioc_hold, zfs_secpolicy_hold, DATASET_NAME, B_TRUE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
10242Schris.kirby@sun.com	{ zfs_ioc_release, zfs_secpolicy_release, DATASET_NAME, B_TRUE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
10242Schris.kirby@sun.com	{ zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_SUSPENDED },
11022STom.Erickson@Sun.COM	{ zfs_ioc_objset_recvd_props, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_NONE },
11422SMark.Musante@Sun.COM	{ zfs_ioc_vdev_split, zfs_secpolicy_config, POOL_NAME, B_TRUE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
13043STim.Haley@Sun.COM	{ zfs_ioc_next_obj, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_NONE },
*13049SGeorge.Wilson@Sun.COM	{ zfs_ioc_diff, zfs_secpolicy_diff, DATASET_NAME, B_FALSE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_NONE },
13043STim.Haley@Sun.COM	{ zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot, DATASET_NAME,
*13049SGeorge.Wilson@Sun.COM	    B_FALSE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
13043STim.Haley@Sun.COM	{ zfs_ioc_obj_to_stats, zfs_secpolicy_diff, DATASET_NAME, B_FALSE,
*13049SGeorge.Wilson@Sun.COM	    POOL_CHECK_SUSPENDED }
789Sahrens};
789Sahrens
9234SGeorge.Wilson@Sun.COMint
*13049SGeorge.Wilson@Sun.COMpool_status_check(const char *name, zfs_ioc_namecheck_t type,
*13049SGeorge.Wilson@Sun.COM    zfs_ioc_poolcheck_t check)
9234SGeorge.Wilson@Sun.COM{
9234SGeorge.Wilson@Sun.COM	spa_t *spa;
9234SGeorge.Wilson@Sun.COM	int error;
9234SGeorge.Wilson@Sun.COM
9234SGeorge.Wilson@Sun.COM	ASSERT(type == POOL_NAME || type == DATASET_NAME);
9234SGeorge.Wilson@Sun.COM
*13049SGeorge.Wilson@Sun.COM	if (check & POOL_CHECK_NONE)
*13049SGeorge.Wilson@Sun.COM		return (0);
*13049SGeorge.Wilson@Sun.COM
9396SMatthew.Ahrens@Sun.COM	error = spa_open(name, &spa, FTAG);
9234SGeorge.Wilson@Sun.COM	if (error == 0) {
*13049SGeorge.Wilson@Sun.COM		if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa))
9234SGeorge.Wilson@Sun.COM			error = EAGAIN;
*13049SGeorge.Wilson@Sun.COM		else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa))
*13049SGeorge.Wilson@Sun.COM			error = EROFS;
9234SGeorge.Wilson@Sun.COM		spa_close(spa, FTAG);
9234SGeorge.Wilson@Sun.COM	}
9234SGeorge.Wilson@Sun.COM	return (error);
9234SGeorge.Wilson@Sun.COM}
9234SGeorge.Wilson@Sun.COM
12527SChris.Kirby@oracle.com/*
12527SChris.Kirby@oracle.com * Find a free minor number.
12527SChris.Kirby@oracle.com */
12527SChris.Kirby@oracle.comminor_t
12527SChris.Kirby@oracle.comzfsdev_minor_alloc(void)
12527SChris.Kirby@oracle.com{
12527SChris.Kirby@oracle.com	static minor_t last_minor;
12527SChris.Kirby@oracle.com	minor_t m;
12527SChris.Kirby@oracle.com
12527SChris.Kirby@oracle.com	ASSERT(MUTEX_HELD(&zfsdev_state_lock));
12527SChris.Kirby@oracle.com
12527SChris.Kirby@oracle.com	for (m = last_minor + 1; m != last_minor; m++) {
12527SChris.Kirby@oracle.com		if (m > ZFSDEV_MAX_MINOR)
12527SChris.Kirby@oracle.com			m = 1;
12527SChris.Kirby@oracle.com		if (ddi_get_soft_state(zfsdev_state, m) == NULL) {
12527SChris.Kirby@oracle.com			last_minor = m;
12527SChris.Kirby@oracle.com			return (m);
12527SChris.Kirby@oracle.com		}
12527SChris.Kirby@oracle.com	}
12527SChris.Kirby@oracle.com
12527SChris.Kirby@oracle.com	return (0);
12527SChris.Kirby@oracle.com}
12527SChris.Kirby@oracle.com
12527SChris.Kirby@oracle.comstatic int
12527SChris.Kirby@oracle.comzfs_ctldev_init(dev_t *devp)
12527SChris.Kirby@oracle.com{
12527SChris.Kirby@oracle.com	minor_t minor;
12527SChris.Kirby@oracle.com	zfs_soft_state_t *zs;
12527SChris.Kirby@oracle.com
12527SChris.Kirby@oracle.com	ASSERT(MUTEX_HELD(&zfsdev_state_lock));
12527SChris.Kirby@oracle.com	ASSERT(getminor(*devp) == 0);
12527SChris.Kirby@oracle.com
12527SChris.Kirby@oracle.com	minor = zfsdev_minor_alloc();
12527SChris.Kirby@oracle.com	if (minor == 0)
12527SChris.Kirby@oracle.com		return (ENXIO);
12527SChris.Kirby@oracle.com
12527SChris.Kirby@oracle.com	if (ddi_soft_state_zalloc(zfsdev_state, minor) != DDI_SUCCESS)
12527SChris.Kirby@oracle.com		return (EAGAIN);
12527SChris.Kirby@oracle.com
12527SChris.Kirby@oracle.com	*devp = makedevice(getemajor(*devp), minor);
12527SChris.Kirby@oracle.com
12527SChris.Kirby@oracle.com	zs = ddi_get_soft_state(zfsdev_state, minor);
12527SChris.Kirby@oracle.com	zs->zss_type = ZSST_CTLDEV;
12527SChris.Kirby@oracle.com	zfs_onexit_init((zfs_onexit_t **)&zs->zss_data);
12527SChris.Kirby@oracle.com
12527SChris.Kirby@oracle.com	return (0);
12527SChris.Kirby@oracle.com}
12527SChris.Kirby@oracle.com
12527SChris.Kirby@oracle.comstatic void
12527SChris.Kirby@oracle.comzfs_ctldev_destroy(zfs_onexit_t *zo, minor_t minor)
12527SChris.Kirby@oracle.com{
12527SChris.Kirby@oracle.com	ASSERT(MUTEX_HELD(&zfsdev_state_lock));
12527SChris.Kirby@oracle.com
12527SChris.Kirby@oracle.com	zfs_onexit_destroy(zo);
12527SChris.Kirby@oracle.com	ddi_soft_state_free(zfsdev_state, minor);
12527SChris.Kirby@oracle.com}
12527SChris.Kirby@oracle.com
12527SChris.Kirby@oracle.comvoid *
12527SChris.Kirby@oracle.comzfsdev_get_soft_state(minor_t minor, enum zfs_soft_state_type which)
12527SChris.Kirby@oracle.com{
12527SChris.Kirby@oracle.com	zfs_soft_state_t *zp;
12527SChris.Kirby@oracle.com
12527SChris.Kirby@oracle.com	zp = ddi_get_soft_state(zfsdev_state, minor);
12527SChris.Kirby@oracle.com	if (zp == NULL || zp->zss_type != which)
12527SChris.Kirby@oracle.com		return (NULL);
12527SChris.Kirby@oracle.com
12527SChris.Kirby@oracle.com	return (zp->zss_data);
12527SChris.Kirby@oracle.com}
12527SChris.Kirby@oracle.com
12527SChris.Kirby@oracle.comstatic int
12527SChris.Kirby@oracle.comzfsdev_open(dev_t *devp, int flag, int otyp, cred_t *cr)
12527SChris.Kirby@oracle.com{
12527SChris.Kirby@oracle.com	int error = 0;
12527SChris.Kirby@oracle.com
12527SChris.Kirby@oracle.com	if (getminor(*devp) != 0)
12527SChris.Kirby@oracle.com		return (zvol_open(devp, flag, otyp, cr));
12527SChris.Kirby@oracle.com
12527SChris.Kirby@oracle.com	/* This is the control device. Allocate a new minor if requested. */
12527SChris.Kirby@oracle.com	if (flag & FEXCL) {
12527SChris.Kirby@oracle.com		mutex_enter(&zfsdev_state_lock);
12527SChris.Kirby@oracle.com		error = zfs_ctldev_init(devp);
12527SChris.Kirby@oracle.com		mutex_exit(&zfsdev_state_lock);
12527SChris.Kirby@oracle.com	}
12527SChris.Kirby@oracle.com
12527SChris.Kirby@oracle.com	return (error);
12527SChris.Kirby@oracle.com}
12527SChris.Kirby@oracle.com
12527SChris.Kirby@oracle.comstatic int
12527SChris.Kirby@oracle.comzfsdev_close(dev_t dev, int flag, int otyp, cred_t *cr)
12527SChris.Kirby@oracle.com{
12527SChris.Kirby@oracle.com	zfs_onexit_t *zo;
12527SChris.Kirby@oracle.com	minor_t minor = getminor(dev);
12527SChris.Kirby@oracle.com
12527SChris.Kirby@oracle.com	if (minor == 0)
12527SChris.Kirby@oracle.com		return (0);
12527SChris.Kirby@oracle.com
12527SChris.Kirby@oracle.com	mutex_enter(&zfsdev_state_lock);
12527SChris.Kirby@oracle.com	zo = zfsdev_get_soft_state(minor, ZSST_CTLDEV);
12527SChris.Kirby@oracle.com	if (zo == NULL) {
12527SChris.Kirby@oracle.com		mutex_exit(&zfsdev_state_lock);
12527SChris.Kirby@oracle.com		return (zvol_close(dev, flag, otyp, cr));
12527SChris.Kirby@oracle.com	}
12527SChris.Kirby@oracle.com	zfs_ctldev_destroy(zo, minor);
12527SChris.Kirby@oracle.com	mutex_exit(&zfsdev_state_lock);
12527SChris.Kirby@oracle.com
12527SChris.Kirby@oracle.com	return (0);
12527SChris.Kirby@oracle.com}
12527SChris.Kirby@oracle.com
789Sahrensstatic int
789Sahrenszfsdev_ioctl(dev_t dev, int cmd, intptr_t arg, int flag, cred_t *cr, int *rvalp)
789Sahrens{
789Sahrens	zfs_cmd_t *zc;
789Sahrens	uint_t vec;
2199Sahrens	int error, rc;
12527SChris.Kirby@oracle.com	minor_t minor = getminor(dev);
12527SChris.Kirby@oracle.com
12527SChris.Kirby@oracle.com	if (minor != 0 &&
12527SChris.Kirby@oracle.com	    zfsdev_get_soft_state(minor, ZSST_CTLDEV) == NULL)
789Sahrens		return (zvol_ioctl(dev, cmd, arg, flag, cr, rvalp));
789Sahrens
789Sahrens	vec = cmd - ZFS_IOC;
4787Sahrens	ASSERT3U(getmajor(dev), ==, ddi_driver_major(zfs_dip));
789Sahrens
789Sahrens	if (vec >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0]))
789Sahrens		return (EINVAL);
789Sahrens
789Sahrens	zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
789Sahrens
9643SEric.Taylor@Sun.COM	error = ddi_copyin((void *)arg, zc, sizeof (zfs_cmd_t), flag);
11807SSam.Falkner@Sun.COM	if (error != 0)
11807SSam.Falkner@Sun.COM		error = EFAULT;
789Sahrens
10588SEric.Taylor@Sun.COM	if ((error == 0) && !(flag & FKIOCTL))
4543Smarks		error = zfs_ioc_vec[vec].zvec_secpolicy(zc, cr);
789Sahrens
789Sahrens	/*
789Sahrens	 * Ensure that all pool/dataset names are valid before we pass down to
789Sahrens	 * the lower layers.
789Sahrens	 */
789Sahrens	if (error == 0) {
789Sahrens		zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
9643SEric.Taylor@Sun.COM		zc->zc_iflags = flag & FKIOCTL;
789Sahrens		switch (zfs_ioc_vec[vec].zvec_namecheck) {
4577Sahrens		case POOL_NAME:
789Sahrens			if (pool_namecheck(zc->zc_name, NULL, NULL) != 0)
789Sahrens				error = EINVAL;
*13049SGeorge.Wilson@Sun.COM			error = pool_status_check(zc->zc_name,
*13049SGeorge.Wilson@Sun.COM			    zfs_ioc_vec[vec].zvec_namecheck,
*13049SGeorge.Wilson@Sun.COM			    zfs_ioc_vec[vec].zvec_pool_check);
789Sahrens			break;
789Sahrens
4577Sahrens		case DATASET_NAME:
789Sahrens			if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0)
789Sahrens				error = EINVAL;
*13049SGeorge.Wilson@Sun.COM			error = pool_status_check(zc->zc_name,
*13049SGeorge.Wilson@Sun.COM			    zfs_ioc_vec[vec].zvec_namecheck,
*13049SGeorge.Wilson@Sun.COM			    zfs_ioc_vec[vec].zvec_pool_check);
789Sahrens			break;
2856Snd150628
4577Sahrens		case NO_NAME:
2856Snd150628			break;
789Sahrens		}
789Sahrens	}
789Sahrens
789Sahrens	if (error == 0)
789Sahrens		error = zfs_ioc_vec[vec].zvec_func(zc);
789Sahrens
9643SEric.Taylor@Sun.COM	rc = ddi_copyout(zc, (void *)arg, sizeof (zfs_cmd_t), flag);
4543Smarks	if (error == 0) {
11807SSam.Falkner@Sun.COM		if (rc != 0)
11807SSam.Falkner@Sun.COM			error = EFAULT;
9396SMatthew.Ahrens@Sun.COM		if (zfs_ioc_vec[vec].zvec_his_log)
4543Smarks			zfs_log_history(zc);
4543Smarks	}
789Sahrens
789Sahrens	kmem_free(zc, sizeof (zfs_cmd_t));
789Sahrens	return (error);
789Sahrens}
789Sahrens
789Sahrensstatic int
789Sahrenszfs_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
789Sahrens{
789Sahrens	if (cmd != DDI_ATTACH)
789Sahrens		return (DDI_FAILURE);
789Sahrens
789Sahrens	if (ddi_create_minor_node(dip, "zfs", S_IFCHR, 0,
789Sahrens	    DDI_PSEUDO, 0) == DDI_FAILURE)
789Sahrens		return (DDI_FAILURE);
789Sahrens
789Sahrens	zfs_dip = dip;
789Sahrens
789Sahrens	ddi_report_dev(dip);
789Sahrens
789Sahrens	return (DDI_SUCCESS);
789Sahrens}
789Sahrens
789Sahrensstatic int
789Sahrenszfs_detach(dev_info_t *dip, ddi_detach_cmd_t cmd)
789Sahrens{
789Sahrens	if (spa_busy() || zfs_busy() || zvol_busy())
789Sahrens		return (DDI_FAILURE);
789Sahrens
789Sahrens	if (cmd != DDI_DETACH)
789Sahrens		return (DDI_FAILURE);
789Sahrens
789Sahrens	zfs_dip = NULL;
789Sahrens
789Sahrens	ddi_prop_remove_all(dip);
789Sahrens	ddi_remove_minor_node(dip, NULL);
789Sahrens
789Sahrens	return (DDI_SUCCESS);
789Sahrens}
789Sahrens
789Sahrens/*ARGSUSED*/
789Sahrensstatic int
789Sahrenszfs_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result)
789Sahrens{
789Sahrens	switch (infocmd) {
789Sahrens	case DDI_INFO_DEVT2DEVINFO:
789Sahrens		*result = zfs_dip;
789Sahrens		return (DDI_SUCCESS);
789Sahrens
789Sahrens	case DDI_INFO_DEVT2INSTANCE:
849Sbonwick		*result = (void *)0;
789Sahrens		return (DDI_SUCCESS);
789Sahrens	}
789Sahrens
789Sahrens	return (DDI_FAILURE);
789Sahrens}
789Sahrens
789Sahrens/*
789Sahrens * OK, so this is a little weird.
789Sahrens *
789Sahrens * /dev/zfs is the control node, i.e. minor 0.
789Sahrens * /dev/zvol/[r]dsk/pool/dataset are the zvols, minor > 0.
789Sahrens *
789Sahrens * /dev/zfs has basically nothing to do except serve up ioctls,
789Sahrens * so most of the standard driver entry points are in zvol.c.
789Sahrens */
789Sahrensstatic struct cb_ops zfs_cb_ops = {
12527SChris.Kirby@oracle.com	zfsdev_open,	/* open */
12527SChris.Kirby@oracle.com	zfsdev_close,	/* close */
789Sahrens	zvol_strategy,	/* strategy */
789Sahrens	nodev,		/* print */
6423Sgw25295	zvol_dump,	/* dump */
789Sahrens	zvol_read,	/* read */
789Sahrens	zvol_write,	/* write */
789Sahrens	zfsdev_ioctl,	/* ioctl */
789Sahrens	nodev,		/* devmap */
789Sahrens	nodev,		/* mmap */
789Sahrens	nodev,		/* segmap */
789Sahrens	nochpoll,	/* poll */
789Sahrens	ddi_prop_op,	/* prop_op */
789Sahrens	NULL,		/* streamtab */
789Sahrens	D_NEW | D_MP | D_64BIT,		/* Driver compatibility flag */
789Sahrens	CB_REV,		/* version */
3638Sbillm	nodev,		/* async read */
3638Sbillm	nodev,		/* async write */
789Sahrens};
789Sahrens
789Sahrensstatic struct dev_ops zfs_dev_ops = {
789Sahrens	DEVO_REV,	/* version */
789Sahrens	0,		/* refcnt */
789Sahrens	zfs_info,	/* info */
789Sahrens	nulldev,	/* identify */
789Sahrens	nulldev,	/* probe */
789Sahrens	zfs_attach,	/* attach */
789Sahrens	zfs_detach,	/* detach */
789Sahrens	nodev,		/* reset */
789Sahrens	&zfs_cb_ops,	/* driver operations */
7656SSherry.Moore@Sun.COM	NULL,		/* no bus operations */
7656SSherry.Moore@Sun.COM	NULL,		/* power */
7656SSherry.Moore@Sun.COM	ddi_quiesce_not_needed,	/* quiesce */
789Sahrens};
789Sahrens
789Sahrensstatic struct modldrv zfs_modldrv = {
7656SSherry.Moore@Sun.COM	&mod_driverops,
7656SSherry.Moore@Sun.COM	"ZFS storage pool",
7656SSherry.Moore@Sun.COM	&zfs_dev_ops
789Sahrens};
789Sahrens
789Sahrensstatic struct modlinkage modlinkage = {
789Sahrens	MODREV_1,
789Sahrens	(void *)&zfs_modlfs,
789Sahrens	(void *)&zfs_modldrv,
789Sahrens	NULL
789Sahrens};
789Sahrens
4720Sfr157268
4720Sfr157268uint_t zfs_fsyncer_key;
5326Sek110237extern uint_t rrw_tsd_key;
4720Sfr157268
789Sahrensint
789Sahrens_init(void)
789Sahrens{
789Sahrens	int error;
789Sahrens
849Sbonwick	spa_init(FREAD | FWRITE);
849Sbonwick	zfs_init();
849Sbonwick	zvol_init();
849Sbonwick
849Sbonwick	if ((error = mod_install(&modlinkage)) != 0) {
849Sbonwick		zvol_fini();
849Sbonwick		zfs_fini();
849Sbonwick		spa_fini();
789Sahrens		return (error);
849Sbonwick	}
789Sahrens
4720Sfr157268	tsd_create(&zfs_fsyncer_key, NULL);
5326Sek110237	tsd_create(&rrw_tsd_key, NULL);
4720Sfr157268
789Sahrens	error = ldi_ident_from_mod(&modlinkage, &zfs_li);
789Sahrens	ASSERT(error == 0);
4543Smarks	mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL);
789Sahrens
789Sahrens	return (0);
789Sahrens}
789Sahrens
789Sahrensint
789Sahrens_fini(void)
789Sahrens{
789Sahrens	int error;
789Sahrens
1544Seschrock	if (spa_busy() || zfs_busy() || zvol_busy() || zio_injection_enabled)
789Sahrens		return (EBUSY);
789Sahrens
789Sahrens	if ((error = mod_remove(&modlinkage)) != 0)
789Sahrens		return (error);
789Sahrens
789Sahrens	zvol_fini();
789Sahrens	zfs_fini();
789Sahrens	spa_fini();
5331Samw	if (zfs_nfsshare_inited)
4543Smarks		(void) ddi_modclose(nfs_mod);
5331Samw	if (zfs_smbshare_inited)
5331Samw		(void) ddi_modclose(smbsrv_mod);
5331Samw	if (zfs_nfsshare_inited || zfs_smbshare_inited)
4543Smarks		(void) ddi_modclose(sharefs_mod);
789Sahrens
4720Sfr157268	tsd_destroy(&zfs_fsyncer_key);
789Sahrens	ldi_ident_release(zfs_li);
789Sahrens	zfs_li = NULL;
4543Smarks	mutex_destroy(&zfs_share_lock);
789Sahrens
789Sahrens	return (error);
789Sahrens}
789Sahrens
789Sahrensint
789Sahrens_info(struct modinfo *modinfop)
789Sahrens{
789Sahrens	return (mod_info(&modlinkage, modinfop));
789Sahrens}