1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. 24 * Copyright (c) 2011, 2020 by Delphix. All rights reserved. 25 * Copyright (c) 2012, Joyent, Inc. All rights reserved. 26 * Copyright (c) 2012 Pawel Jakub Dawidek <pawel@dawidek.net>. 27 * All rights reserved 28 * Copyright (c) 2013 Steven Hartland. All rights reserved. 29 * Copyright 2015, OmniTI Computer Consulting, Inc. All rights reserved. 30 * Copyright 2016 Igor Kozhukhov <ikozhukhov@gmail.com> 31 * Copyright (c) 2018, loli10K <ezomori.nozomu@gmail.com>. All rights reserved. 32 * Copyright (c) 2019 Datto Inc. 33 */ 34 35 #include <assert.h> 36 #include <ctype.h> 37 #include <errno.h> 38 #include <libintl.h> 39 #include <stdio.h> 40 #include <stdlib.h> 41 #include <strings.h> 42 #include <unistd.h> 43 #include <stddef.h> 44 #include <fcntl.h> 45 #include <sys/mount.h> 46 #include <sys/mntent.h> 47 #include <sys/mnttab.h> 48 #include <sys/avl.h> 49 #include <sys/debug.h> 50 #include <sys/stat.h> 51 #include <stddef.h> 52 #include <pthread.h> 53 #include <umem.h> 54 #include <time.h> 55 56 #include <libzfs.h> 57 #include <libzfs_core.h> 58 #include <libzutil.h> 59 60 #include "zfs_namecheck.h" 61 #include "zfs_prop.h" 62 #include "zfs_fletcher.h" 63 #include "libzfs_impl.h" 64 #include <cityhash.h> 65 #include <zlib.h> 66 #include <sys/zio_checksum.h> 67 #include <sys/dsl_crypt.h> 68 #include <sys/ddt.h> 69 #include <sys/socket.h> 70 #include <sys/sha2.h> 71 72 static int zfs_receive_impl(libzfs_handle_t *, const char *, const char *, 73 recvflags_t *, int, const char *, nvlist_t *, avl_tree_t *, char **, 74 const char *, nvlist_t *); 75 static int guid_to_name_redact_snaps(libzfs_handle_t *hdl, const char *parent, 76 uint64_t guid, boolean_t bookmark_ok, uint64_t *redact_snap_guids, 77 uint64_t num_redact_snaps, char *name); 78 static int guid_to_name(libzfs_handle_t *, const char *, 79 uint64_t, boolean_t, char *); 80 81 typedef struct progress_arg { 82 zfs_handle_t *pa_zhp; 83 int pa_fd; 84 boolean_t pa_parsable; 85 boolean_t pa_estimate; 86 int pa_verbosity; 87 } progress_arg_t; 88 89 static int 90 dump_record(dmu_replay_record_t *drr, void *payload, int payload_len, 91 zio_cksum_t *zc, int outfd) 92 { 93 ASSERT3U(offsetof(dmu_replay_record_t, drr_u.drr_checksum.drr_checksum), 94 ==, sizeof (dmu_replay_record_t) - sizeof (zio_cksum_t)); 95 fletcher_4_incremental_native(drr, 96 offsetof(dmu_replay_record_t, drr_u.drr_checksum.drr_checksum), zc); 97 if (drr->drr_type != DRR_BEGIN) { 98 ASSERT(ZIO_CHECKSUM_IS_ZERO(&drr->drr_u. 99 drr_checksum.drr_checksum)); 100 drr->drr_u.drr_checksum.drr_checksum = *zc; 101 } 102 fletcher_4_incremental_native(&drr->drr_u.drr_checksum.drr_checksum, 103 sizeof (zio_cksum_t), zc); 104 if (write(outfd, drr, sizeof (*drr)) == -1) 105 return (errno); 106 if (payload_len != 0) { 107 fletcher_4_incremental_native(payload, payload_len, zc); 108 if (write(outfd, payload, payload_len) == -1) 109 return (errno); 110 } 111 return (0); 112 } 113 114 /* 115 * Routines for dealing with the AVL tree of fs-nvlists 116 */ 117 typedef struct fsavl_node { 118 avl_node_t fn_node; 119 nvlist_t *fn_nvfs; 120 char *fn_snapname; 121 uint64_t fn_guid; 122 } fsavl_node_t; 123 124 static int 125 fsavl_compare(const void *arg1, const void *arg2) 126 { 127 const fsavl_node_t *fn1 = (const fsavl_node_t *)arg1; 128 const fsavl_node_t *fn2 = (const fsavl_node_t *)arg2; 129 130 return (TREE_CMP(fn1->fn_guid, fn2->fn_guid)); 131 } 132 133 /* 134 * Given the GUID of a snapshot, find its containing filesystem and 135 * (optionally) name. 136 */ 137 static nvlist_t * 138 fsavl_find(avl_tree_t *avl, uint64_t snapguid, char **snapname) 139 { 140 fsavl_node_t fn_find; 141 fsavl_node_t *fn; 142 143 fn_find.fn_guid = snapguid; 144 145 fn = avl_find(avl, &fn_find, NULL); 146 if (fn) { 147 if (snapname) 148 *snapname = fn->fn_snapname; 149 return (fn->fn_nvfs); 150 } 151 return (NULL); 152 } 153 154 static void 155 fsavl_destroy(avl_tree_t *avl) 156 { 157 fsavl_node_t *fn; 158 void *cookie; 159 160 if (avl == NULL) 161 return; 162 163 cookie = NULL; 164 while ((fn = avl_destroy_nodes(avl, &cookie)) != NULL) 165 free(fn); 166 avl_destroy(avl); 167 free(avl); 168 } 169 170 /* 171 * Given an nvlist, produce an avl tree of snapshots, ordered by guid 172 */ 173 static avl_tree_t * 174 fsavl_create(nvlist_t *fss) 175 { 176 avl_tree_t *fsavl; 177 nvpair_t *fselem = NULL; 178 179 if ((fsavl = malloc(sizeof (avl_tree_t))) == NULL) 180 return (NULL); 181 182 avl_create(fsavl, fsavl_compare, sizeof (fsavl_node_t), 183 offsetof(fsavl_node_t, fn_node)); 184 185 while ((fselem = nvlist_next_nvpair(fss, fselem)) != NULL) { 186 nvlist_t *nvfs, *snaps; 187 nvpair_t *snapelem = NULL; 188 189 nvfs = fnvpair_value_nvlist(fselem); 190 snaps = fnvlist_lookup_nvlist(nvfs, "snaps"); 191 192 while ((snapelem = 193 nvlist_next_nvpair(snaps, snapelem)) != NULL) { 194 fsavl_node_t *fn; 195 uint64_t guid; 196 197 guid = fnvpair_value_uint64(snapelem); 198 if ((fn = malloc(sizeof (fsavl_node_t))) == NULL) { 199 fsavl_destroy(fsavl); 200 return (NULL); 201 } 202 fn->fn_nvfs = nvfs; 203 fn->fn_snapname = nvpair_name(snapelem); 204 fn->fn_guid = guid; 205 206 /* 207 * Note: if there are multiple snaps with the 208 * same GUID, we ignore all but one. 209 */ 210 if (avl_find(fsavl, fn, NULL) == NULL) 211 avl_add(fsavl, fn); 212 else 213 free(fn); 214 } 215 } 216 217 return (fsavl); 218 } 219 220 /* 221 * Routines for dealing with the giant nvlist of fs-nvlists, etc. 222 */ 223 typedef struct send_data { 224 /* 225 * assigned inside every recursive call, 226 * restored from *_save on return: 227 * 228 * guid of fromsnap snapshot in parent dataset 229 * txg of fromsnap snapshot in current dataset 230 * txg of tosnap snapshot in current dataset 231 */ 232 233 uint64_t parent_fromsnap_guid; 234 uint64_t fromsnap_txg; 235 uint64_t tosnap_txg; 236 237 /* the nvlists get accumulated during depth-first traversal */ 238 nvlist_t *parent_snaps; 239 nvlist_t *fss; 240 nvlist_t *snapprops; 241 nvlist_t *snapholds; /* user holds */ 242 243 /* send-receive configuration, does not change during traversal */ 244 const char *fsname; 245 const char *fromsnap; 246 const char *tosnap; 247 boolean_t recursive; 248 boolean_t raw; 249 boolean_t doall; 250 boolean_t replicate; 251 boolean_t verbose; 252 boolean_t backup; 253 boolean_t seenfrom; 254 boolean_t seento; 255 boolean_t holds; /* were holds requested with send -h */ 256 boolean_t props; 257 258 /* 259 * The header nvlist is of the following format: 260 * { 261 * "tosnap" -> string 262 * "fromsnap" -> string (if incremental) 263 * "fss" -> { 264 * id -> { 265 * 266 * "name" -> string (full name; for debugging) 267 * "parentfromsnap" -> number (guid of fromsnap in parent) 268 * 269 * "props" -> { name -> value (only if set here) } 270 * "snaps" -> { name (lastname) -> number (guid) } 271 * "snapprops" -> { name (lastname) -> { name -> value } } 272 * "snapholds" -> { name (lastname) -> { holdname -> crtime } } 273 * 274 * "origin" -> number (guid) (if clone) 275 * "is_encroot" -> boolean 276 * "sent" -> boolean (not on-disk) 277 * } 278 * } 279 * } 280 * 281 */ 282 } send_data_t; 283 284 static void 285 send_iterate_prop(zfs_handle_t *zhp, boolean_t received_only, nvlist_t *nv); 286 287 static int 288 send_iterate_snap(zfs_handle_t *zhp, void *arg) 289 { 290 send_data_t *sd = arg; 291 uint64_t guid = zhp->zfs_dmustats.dds_guid; 292 uint64_t txg = zhp->zfs_dmustats.dds_creation_txg; 293 char *snapname; 294 nvlist_t *nv; 295 boolean_t isfromsnap, istosnap, istosnapwithnofrom; 296 297 snapname = strrchr(zhp->zfs_name, '@')+1; 298 isfromsnap = (sd->fromsnap != NULL && 299 strcmp(sd->fromsnap, snapname) == 0); 300 istosnap = (sd->tosnap != NULL && (strcmp(sd->tosnap, snapname) == 0)); 301 istosnapwithnofrom = (istosnap && sd->fromsnap == NULL); 302 303 if (sd->tosnap_txg != 0 && txg > sd->tosnap_txg) { 304 if (sd->verbose) { 305 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 306 "skipping snapshot %s because it was created " 307 "after the destination snapshot (%s)\n"), 308 zhp->zfs_name, sd->tosnap); 309 } 310 zfs_close(zhp); 311 return (0); 312 } 313 314 fnvlist_add_uint64(sd->parent_snaps, snapname, guid); 315 /* 316 * NB: if there is no fromsnap here (it's a newly created fs in 317 * an incremental replication), we will substitute the tosnap. 318 */ 319 if (isfromsnap || (sd->parent_fromsnap_guid == 0 && istosnap)) { 320 sd->parent_fromsnap_guid = guid; 321 } 322 323 if (!sd->recursive) { 324 325 /* 326 * To allow a doall stream to work properly 327 * with a NULL fromsnap 328 */ 329 if (sd->doall && sd->fromsnap == NULL && !sd->seenfrom) { 330 sd->seenfrom = B_TRUE; 331 } 332 333 if (!sd->seenfrom && isfromsnap) { 334 sd->seenfrom = B_TRUE; 335 zfs_close(zhp); 336 return (0); 337 } 338 339 if ((sd->seento || !sd->seenfrom) && !istosnapwithnofrom) { 340 zfs_close(zhp); 341 return (0); 342 } 343 344 if (istosnap) 345 sd->seento = B_TRUE; 346 } 347 348 nv = fnvlist_alloc(); 349 send_iterate_prop(zhp, sd->backup, nv); 350 fnvlist_add_nvlist(sd->snapprops, snapname, nv); 351 fnvlist_free(nv); 352 if (sd->holds) { 353 nvlist_t *holds = fnvlist_alloc(); 354 int err = lzc_get_holds(zhp->zfs_name, &holds); 355 if (err == 0) { 356 fnvlist_add_nvlist(sd->snapholds, snapname, holds); 357 } 358 fnvlist_free(holds); 359 } 360 361 zfs_close(zhp); 362 return (0); 363 } 364 365 static void 366 send_iterate_prop(zfs_handle_t *zhp, boolean_t received_only, nvlist_t *nv) 367 { 368 nvlist_t *props = NULL; 369 nvpair_t *elem = NULL; 370 371 if (received_only) 372 props = zfs_get_recvd_props(zhp); 373 else 374 props = zhp->zfs_props; 375 376 while ((elem = nvlist_next_nvpair(props, elem)) != NULL) { 377 char *propname = nvpair_name(elem); 378 zfs_prop_t prop = zfs_name_to_prop(propname); 379 nvlist_t *propnv; 380 381 if (!zfs_prop_user(propname)) { 382 /* 383 * Realistically, this should never happen. However, 384 * we want the ability to add DSL properties without 385 * needing to make incompatible version changes. We 386 * need to ignore unknown properties to allow older 387 * software to still send datasets containing these 388 * properties, with the unknown properties elided. 389 */ 390 if (prop == ZPROP_INVAL) 391 continue; 392 393 if (zfs_prop_readonly(prop)) 394 continue; 395 } 396 397 verify(nvpair_value_nvlist(elem, &propnv) == 0); 398 if (prop == ZFS_PROP_QUOTA || prop == ZFS_PROP_RESERVATION || 399 prop == ZFS_PROP_REFQUOTA || 400 prop == ZFS_PROP_REFRESERVATION) { 401 char *source; 402 uint64_t value; 403 verify(nvlist_lookup_uint64(propnv, 404 ZPROP_VALUE, &value) == 0); 405 if (zhp->zfs_type == ZFS_TYPE_SNAPSHOT) 406 continue; 407 /* 408 * May have no source before SPA_VERSION_RECVD_PROPS, 409 * but is still modifiable. 410 */ 411 if (nvlist_lookup_string(propnv, 412 ZPROP_SOURCE, &source) == 0) { 413 if ((strcmp(source, zhp->zfs_name) != 0) && 414 (strcmp(source, 415 ZPROP_SOURCE_VAL_RECVD) != 0)) 416 continue; 417 } 418 } else { 419 char *source; 420 if (nvlist_lookup_string(propnv, 421 ZPROP_SOURCE, &source) != 0) 422 continue; 423 if ((strcmp(source, zhp->zfs_name) != 0) && 424 (strcmp(source, ZPROP_SOURCE_VAL_RECVD) != 0)) 425 continue; 426 } 427 428 if (zfs_prop_user(propname) || 429 zfs_prop_get_type(prop) == PROP_TYPE_STRING) { 430 char *value; 431 value = fnvlist_lookup_string(propnv, ZPROP_VALUE); 432 fnvlist_add_string(nv, propname, value); 433 } else { 434 uint64_t value; 435 value = fnvlist_lookup_uint64(propnv, ZPROP_VALUE); 436 fnvlist_add_uint64(nv, propname, value); 437 } 438 } 439 } 440 441 /* 442 * returns snapshot creation txg 443 * and returns 0 if the snapshot does not exist 444 */ 445 static uint64_t 446 get_snap_txg(libzfs_handle_t *hdl, const char *fs, const char *snap) 447 { 448 char name[ZFS_MAX_DATASET_NAME_LEN]; 449 uint64_t txg = 0; 450 451 if (fs == NULL || fs[0] == '\0' || snap == NULL || snap[0] == '\0') 452 return (txg); 453 454 (void) snprintf(name, sizeof (name), "%s@%s", fs, snap); 455 if (zfs_dataset_exists(hdl, name, ZFS_TYPE_SNAPSHOT)) { 456 zfs_handle_t *zhp = zfs_open(hdl, name, ZFS_TYPE_SNAPSHOT); 457 if (zhp != NULL) { 458 txg = zfs_prop_get_int(zhp, ZFS_PROP_CREATETXG); 459 zfs_close(zhp); 460 } 461 } 462 463 return (txg); 464 } 465 466 /* 467 * recursively generate nvlists describing datasets. See comment 468 * for the data structure send_data_t above for description of contents 469 * of the nvlist. 470 */ 471 static int 472 send_iterate_fs(zfs_handle_t *zhp, void *arg) 473 { 474 send_data_t *sd = arg; 475 nvlist_t *nvfs = NULL, *nv = NULL; 476 int rv = 0; 477 uint64_t min_txg = 0, max_txg = 0; 478 uint64_t parent_fromsnap_guid_save = sd->parent_fromsnap_guid; 479 uint64_t fromsnap_txg_save = sd->fromsnap_txg; 480 uint64_t tosnap_txg_save = sd->tosnap_txg; 481 uint64_t txg = zhp->zfs_dmustats.dds_creation_txg; 482 uint64_t guid = zhp->zfs_dmustats.dds_guid; 483 uint64_t fromsnap_txg, tosnap_txg; 484 char guidstring[64]; 485 486 fromsnap_txg = get_snap_txg(zhp->zfs_hdl, zhp->zfs_name, sd->fromsnap); 487 if (fromsnap_txg != 0) 488 sd->fromsnap_txg = fromsnap_txg; 489 490 tosnap_txg = get_snap_txg(zhp->zfs_hdl, zhp->zfs_name, sd->tosnap); 491 if (tosnap_txg != 0) 492 sd->tosnap_txg = tosnap_txg; 493 494 /* 495 * on the send side, if the current dataset does not have tosnap, 496 * perform two additional checks: 497 * 498 * - skip sending the current dataset if it was created later than 499 * the parent tosnap 500 * - return error if the current dataset was created earlier than 501 * the parent tosnap 502 */ 503 if (sd->tosnap != NULL && tosnap_txg == 0) { 504 if (sd->tosnap_txg != 0 && txg > sd->tosnap_txg) { 505 if (sd->verbose) { 506 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 507 "skipping dataset %s: snapshot %s does " 508 "not exist\n"), zhp->zfs_name, sd->tosnap); 509 } 510 } else { 511 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 512 "cannot send %s@%s%s: snapshot %s@%s does not " 513 "exist\n"), sd->fsname, sd->tosnap, sd->recursive ? 514 dgettext(TEXT_DOMAIN, " recursively") : "", 515 zhp->zfs_name, sd->tosnap); 516 rv = EZFS_NOENT; 517 } 518 goto out; 519 } 520 521 nvfs = fnvlist_alloc(); 522 fnvlist_add_string(nvfs, "name", zhp->zfs_name); 523 fnvlist_add_uint64(nvfs, "parentfromsnap", 524 sd->parent_fromsnap_guid); 525 526 if (zhp->zfs_dmustats.dds_origin[0]) { 527 zfs_handle_t *origin = zfs_open(zhp->zfs_hdl, 528 zhp->zfs_dmustats.dds_origin, ZFS_TYPE_SNAPSHOT); 529 if (origin == NULL) { 530 rv = -1; 531 goto out; 532 } 533 fnvlist_add_uint64(nvfs, "origin", 534 origin->zfs_dmustats.dds_guid); 535 536 zfs_close(origin); 537 } 538 539 /* iterate over props */ 540 if (sd->props || sd->backup || sd->recursive) { 541 nv = fnvlist_alloc(); 542 send_iterate_prop(zhp, sd->backup, nv); 543 } 544 if (zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION) != ZIO_CRYPT_OFF) { 545 boolean_t encroot; 546 547 /* determine if this dataset is an encryption root */ 548 if (zfs_crypto_get_encryption_root(zhp, &encroot, NULL) != 0) { 549 rv = -1; 550 goto out; 551 } 552 553 if (encroot) 554 fnvlist_add_boolean(nvfs, "is_encroot"); 555 556 /* 557 * Encrypted datasets can only be sent with properties if 558 * the raw flag is specified because the receive side doesn't 559 * currently have a mechanism for recursively asking the user 560 * for new encryption parameters. 561 */ 562 if (!sd->raw) { 563 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 564 "cannot send %s@%s: encrypted dataset %s may not " 565 "be sent with properties without the raw flag\n"), 566 sd->fsname, sd->tosnap, zhp->zfs_name); 567 rv = -1; 568 goto out; 569 } 570 571 } 572 573 if (nv != NULL) 574 fnvlist_add_nvlist(nvfs, "props", nv); 575 576 /* iterate over snaps, and set sd->parent_fromsnap_guid */ 577 sd->parent_fromsnap_guid = 0; 578 sd->parent_snaps = fnvlist_alloc(); 579 sd->snapprops = fnvlist_alloc(); 580 if (sd->holds) 581 sd->snapholds = fnvlist_alloc(); 582 583 /* 584 * If this is a "doall" send, a replicate send or we're just trying 585 * to gather a list of previous snapshots, iterate through all the 586 * snaps in the txg range. Otherwise just look at the one we're 587 * interested in. 588 */ 589 if (sd->doall || sd->replicate || sd->tosnap == NULL) { 590 if (!sd->replicate && fromsnap_txg != 0) 591 min_txg = fromsnap_txg; 592 if (!sd->replicate && tosnap_txg != 0) 593 max_txg = tosnap_txg; 594 (void) zfs_iter_snapshots_sorted(zhp, send_iterate_snap, sd, 595 min_txg, max_txg); 596 } else { 597 char snapname[MAXPATHLEN] = { 0 }; 598 zfs_handle_t *snap; 599 600 (void) snprintf(snapname, sizeof (snapname), "%s@%s", 601 zhp->zfs_name, sd->tosnap); 602 if (sd->fromsnap != NULL) 603 sd->seenfrom = B_TRUE; 604 snap = zfs_open(zhp->zfs_hdl, snapname, 605 ZFS_TYPE_SNAPSHOT); 606 if (snap != NULL) 607 (void) send_iterate_snap(snap, sd); 608 } 609 610 fnvlist_add_nvlist(nvfs, "snaps", sd->parent_snaps); 611 fnvlist_add_nvlist(nvfs, "snapprops", sd->snapprops); 612 if (sd->holds) 613 fnvlist_add_nvlist(nvfs, "snapholds", sd->snapholds); 614 fnvlist_free(sd->parent_snaps); 615 fnvlist_free(sd->snapprops); 616 fnvlist_free(sd->snapholds); 617 618 /* Do not allow the size of the properties list to exceed the limit */ 619 if ((fnvlist_size(nvfs) + fnvlist_size(sd->fss)) > 620 zhp->zfs_hdl->libzfs_max_nvlist) { 621 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 622 "warning: cannot send %s@%s: the size of the list of " 623 "snapshots and properties is too large to be received " 624 "successfully.\n" 625 "Select a smaller number of snapshots to send.\n"), 626 zhp->zfs_name, sd->tosnap); 627 rv = EZFS_NOSPC; 628 goto out; 629 } 630 /* add this fs to nvlist */ 631 (void) snprintf(guidstring, sizeof (guidstring), 632 "0x%llx", (longlong_t)guid); 633 fnvlist_add_nvlist(sd->fss, guidstring, nvfs); 634 635 /* iterate over children */ 636 if (sd->recursive) 637 rv = zfs_iter_filesystems(zhp, send_iterate_fs, sd); 638 639 out: 640 sd->parent_fromsnap_guid = parent_fromsnap_guid_save; 641 sd->fromsnap_txg = fromsnap_txg_save; 642 sd->tosnap_txg = tosnap_txg_save; 643 fnvlist_free(nv); 644 fnvlist_free(nvfs); 645 646 zfs_close(zhp); 647 return (rv); 648 } 649 650 static int 651 gather_nvlist(libzfs_handle_t *hdl, const char *fsname, const char *fromsnap, 652 const char *tosnap, boolean_t recursive, boolean_t raw, boolean_t doall, 653 boolean_t replicate, boolean_t verbose, boolean_t backup, boolean_t holds, 654 boolean_t props, nvlist_t **nvlp, avl_tree_t **avlp) 655 { 656 zfs_handle_t *zhp; 657 send_data_t sd = { 0 }; 658 int error; 659 660 zhp = zfs_open(hdl, fsname, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME); 661 if (zhp == NULL) 662 return (EZFS_BADTYPE); 663 664 sd.fss = fnvlist_alloc(); 665 sd.fsname = fsname; 666 sd.fromsnap = fromsnap; 667 sd.tosnap = tosnap; 668 sd.recursive = recursive; 669 sd.raw = raw; 670 sd.doall = doall; 671 sd.replicate = replicate; 672 sd.verbose = verbose; 673 sd.backup = backup; 674 sd.holds = holds; 675 sd.props = props; 676 677 if ((error = send_iterate_fs(zhp, &sd)) != 0) { 678 fnvlist_free(sd.fss); 679 if (avlp != NULL) 680 *avlp = NULL; 681 *nvlp = NULL; 682 return (error); 683 } 684 685 if (avlp != NULL && (*avlp = fsavl_create(sd.fss)) == NULL) { 686 fnvlist_free(sd.fss); 687 *nvlp = NULL; 688 return (EZFS_NOMEM); 689 } 690 691 *nvlp = sd.fss; 692 return (0); 693 } 694 695 /* 696 * Routines specific to "zfs send" 697 */ 698 typedef struct send_dump_data { 699 /* these are all just the short snapname (the part after the @) */ 700 const char *fromsnap; 701 const char *tosnap; 702 char prevsnap[ZFS_MAX_DATASET_NAME_LEN]; 703 uint64_t prevsnap_obj; 704 boolean_t seenfrom, seento, replicate, doall, fromorigin; 705 boolean_t dryrun, parsable, progress, embed_data, std_out; 706 boolean_t large_block, compress, raw, holds; 707 int outfd; 708 boolean_t err; 709 nvlist_t *fss; 710 nvlist_t *snapholds; 711 avl_tree_t *fsavl; 712 snapfilter_cb_t *filter_cb; 713 void *filter_cb_arg; 714 nvlist_t *debugnv; 715 char holdtag[ZFS_MAX_DATASET_NAME_LEN]; 716 int cleanup_fd; 717 int verbosity; 718 uint64_t size; 719 } send_dump_data_t; 720 721 static int 722 zfs_send_space(zfs_handle_t *zhp, const char *snapname, const char *from, 723 enum lzc_send_flags flags, uint64_t *spacep) 724 { 725 libzfs_handle_t *hdl = zhp->zfs_hdl; 726 int error; 727 728 assert(snapname != NULL); 729 error = lzc_send_space(snapname, from, flags, spacep); 730 731 if (error != 0) { 732 char errbuf[1024]; 733 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN, 734 "warning: cannot estimate space for '%s'"), snapname); 735 736 switch (error) { 737 case EXDEV: 738 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 739 "not an earlier snapshot from the same fs")); 740 return (zfs_error(hdl, EZFS_CROSSTARGET, errbuf)); 741 742 case ENOENT: 743 if (zfs_dataset_exists(hdl, snapname, 744 ZFS_TYPE_SNAPSHOT)) { 745 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 746 "incremental source (%s) does not exist"), 747 snapname); 748 } 749 return (zfs_error(hdl, EZFS_NOENT, errbuf)); 750 751 case EDQUOT: 752 case EFBIG: 753 case EIO: 754 case ENOLINK: 755 case ENOSPC: 756 case ENOSTR: 757 case ENXIO: 758 case EPIPE: 759 case ERANGE: 760 case EFAULT: 761 case EROFS: 762 case EINVAL: 763 zfs_error_aux(hdl, strerror(error)); 764 return (zfs_error(hdl, EZFS_BADBACKUP, errbuf)); 765 766 default: 767 return (zfs_standard_error(hdl, error, errbuf)); 768 } 769 } 770 771 return (0); 772 } 773 774 /* 775 * Dumps a backup of the given snapshot (incremental from fromsnap if it's not 776 * NULL) to the file descriptor specified by outfd. 777 */ 778 static int 779 dump_ioctl(zfs_handle_t *zhp, const char *fromsnap, uint64_t fromsnap_obj, 780 boolean_t fromorigin, int outfd, enum lzc_send_flags flags, 781 nvlist_t *debugnv) 782 { 783 zfs_cmd_t zc = {"\0"}; 784 libzfs_handle_t *hdl = zhp->zfs_hdl; 785 nvlist_t *thisdbg; 786 787 assert(zhp->zfs_type == ZFS_TYPE_SNAPSHOT); 788 assert(fromsnap_obj == 0 || !fromorigin); 789 790 (void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name)); 791 zc.zc_cookie = outfd; 792 zc.zc_obj = fromorigin; 793 zc.zc_sendobj = zfs_prop_get_int(zhp, ZFS_PROP_OBJSETID); 794 zc.zc_fromobj = fromsnap_obj; 795 zc.zc_flags = flags; 796 797 thisdbg = fnvlist_alloc(); 798 if (fromsnap && fromsnap[0] != '\0') { 799 fnvlist_add_string(thisdbg, "fromsnap", fromsnap); 800 } 801 802 if (zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_SEND, &zc) != 0) { 803 char errbuf[1024]; 804 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN, 805 "warning: cannot send '%s'"), zhp->zfs_name); 806 807 fnvlist_add_uint64(thisdbg, "error", errno); 808 if (debugnv) { 809 fnvlist_add_nvlist(debugnv, zhp->zfs_name, thisdbg); 810 } 811 fnvlist_free(thisdbg); 812 813 switch (errno) { 814 case EXDEV: 815 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 816 "not an earlier snapshot from the same fs")); 817 return (zfs_error(hdl, EZFS_CROSSTARGET, errbuf)); 818 819 case EACCES: 820 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 821 "source key must be loaded")); 822 return (zfs_error(hdl, EZFS_CRYPTOFAILED, errbuf)); 823 824 case ENOENT: 825 if (zfs_dataset_exists(hdl, zc.zc_name, 826 ZFS_TYPE_SNAPSHOT)) { 827 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 828 "incremental source (@%s) does not exist"), 829 zc.zc_value); 830 } 831 return (zfs_error(hdl, EZFS_NOENT, errbuf)); 832 833 case EDQUOT: 834 case EFBIG: 835 case EIO: 836 case ENOLINK: 837 case ENOSPC: 838 case ENOSTR: 839 case ENXIO: 840 case EPIPE: 841 case ERANGE: 842 case EFAULT: 843 case EROFS: 844 zfs_error_aux(hdl, strerror(errno)); 845 return (zfs_error(hdl, EZFS_BADBACKUP, errbuf)); 846 847 default: 848 return (zfs_standard_error(hdl, errno, errbuf)); 849 } 850 } 851 852 if (debugnv) 853 fnvlist_add_nvlist(debugnv, zhp->zfs_name, thisdbg); 854 fnvlist_free(thisdbg); 855 856 return (0); 857 } 858 859 static void 860 gather_holds(zfs_handle_t *zhp, send_dump_data_t *sdd) 861 { 862 assert(zhp->zfs_type == ZFS_TYPE_SNAPSHOT); 863 864 /* 865 * zfs_send() only sets snapholds for sends that need them, 866 * e.g. replication and doall. 867 */ 868 if (sdd->snapholds == NULL) 869 return; 870 871 fnvlist_add_string(sdd->snapholds, zhp->zfs_name, sdd->holdtag); 872 } 873 874 int 875 zfs_send_progress(zfs_handle_t *zhp, int fd, uint64_t *bytes_written, 876 uint64_t *blocks_visited) 877 { 878 zfs_cmd_t zc = {"\0"}; 879 880 (void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name)); 881 zc.zc_cookie = fd; 882 if (zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_SEND_PROGRESS, &zc) != 0) 883 return (errno); 884 if (bytes_written != NULL) 885 *bytes_written = zc.zc_cookie; 886 if (blocks_visited != NULL) 887 *blocks_visited = zc.zc_objset_type; 888 return (0); 889 } 890 891 static void * 892 send_progress_thread(void *arg) 893 { 894 progress_arg_t *pa = arg; 895 zfs_handle_t *zhp = pa->pa_zhp; 896 uint64_t bytes; 897 uint64_t blocks; 898 char buf[16]; 899 time_t t; 900 struct tm *tm; 901 boolean_t firstloop = B_TRUE; 902 903 /* 904 * Print the progress from ZFS_IOC_SEND_PROGRESS every second. 905 */ 906 for (;;) { 907 int err; 908 (void) sleep(1); 909 if ((err = zfs_send_progress(zhp, pa->pa_fd, &bytes, 910 &blocks)) != 0) { 911 if (err == EINTR || err == ENOENT) 912 return ((void *)0); 913 return ((void *)(uintptr_t)err); 914 } 915 916 if (firstloop && !pa->pa_parsable) { 917 (void) fprintf(stderr, 918 "TIME %s %sSNAPSHOT %s\n", 919 pa->pa_estimate ? "BYTES" : " SENT", 920 pa->pa_verbosity >= 2 ? " BLOCKS " : "", 921 zhp->zfs_name); 922 firstloop = B_FALSE; 923 } 924 925 (void) time(&t); 926 tm = localtime(&t); 927 928 if (pa->pa_verbosity >= 2 && pa->pa_parsable) { 929 (void) fprintf(stderr, 930 "%02d:%02d:%02d\t%llu\t%llu\t%s\n", 931 tm->tm_hour, tm->tm_min, tm->tm_sec, 932 (u_longlong_t)bytes, (u_longlong_t)blocks, 933 zhp->zfs_name); 934 } else if (pa->pa_verbosity >= 2) { 935 zfs_nicenum(bytes, buf, sizeof (buf)); 936 (void) fprintf(stderr, 937 "%02d:%02d:%02d %5s %8llu %s\n", 938 tm->tm_hour, tm->tm_min, tm->tm_sec, 939 buf, (u_longlong_t)blocks, zhp->zfs_name); 940 } else if (pa->pa_parsable) { 941 (void) fprintf(stderr, "%02d:%02d:%02d\t%llu\t%s\n", 942 tm->tm_hour, tm->tm_min, tm->tm_sec, 943 (u_longlong_t)bytes, zhp->zfs_name); 944 } else { 945 zfs_nicebytes(bytes, buf, sizeof (buf)); 946 (void) fprintf(stderr, "%02d:%02d:%02d %5s %s\n", 947 tm->tm_hour, tm->tm_min, tm->tm_sec, 948 buf, zhp->zfs_name); 949 } 950 } 951 } 952 953 static void 954 send_print_verbose(FILE *fout, const char *tosnap, const char *fromsnap, 955 uint64_t size, boolean_t parsable) 956 { 957 if (parsable) { 958 if (fromsnap != NULL) { 959 (void) fprintf(fout, "incremental\t%s\t%s", 960 fromsnap, tosnap); 961 } else { 962 (void) fprintf(fout, "full\t%s", 963 tosnap); 964 } 965 } else { 966 if (fromsnap != NULL) { 967 if (strchr(fromsnap, '@') == NULL && 968 strchr(fromsnap, '#') == NULL) { 969 (void) fprintf(fout, dgettext(TEXT_DOMAIN, 970 "send from @%s to %s"), 971 fromsnap, tosnap); 972 } else { 973 (void) fprintf(fout, dgettext(TEXT_DOMAIN, 974 "send from %s to %s"), 975 fromsnap, tosnap); 976 } 977 } else { 978 (void) fprintf(fout, dgettext(TEXT_DOMAIN, 979 "full send of %s"), 980 tosnap); 981 } 982 } 983 984 if (parsable) { 985 (void) fprintf(fout, "\t%llu", 986 (longlong_t)size); 987 } else if (size != 0) { 988 char buf[16]; 989 zfs_nicebytes(size, buf, sizeof (buf)); 990 (void) fprintf(fout, dgettext(TEXT_DOMAIN, 991 " estimated size is %s"), buf); 992 } 993 (void) fprintf(fout, "\n"); 994 } 995 996 static int 997 dump_snapshot(zfs_handle_t *zhp, void *arg) 998 { 999 send_dump_data_t *sdd = arg; 1000 progress_arg_t pa = { 0 }; 1001 pthread_t tid; 1002 char *thissnap; 1003 enum lzc_send_flags flags = 0; 1004 int err; 1005 boolean_t isfromsnap, istosnap, fromorigin; 1006 boolean_t exclude = B_FALSE; 1007 FILE *fout = sdd->std_out ? stdout : stderr; 1008 1009 err = 0; 1010 thissnap = strchr(zhp->zfs_name, '@') + 1; 1011 isfromsnap = (sdd->fromsnap != NULL && 1012 strcmp(sdd->fromsnap, thissnap) == 0); 1013 1014 if (!sdd->seenfrom && isfromsnap) { 1015 gather_holds(zhp, sdd); 1016 sdd->seenfrom = B_TRUE; 1017 (void) strlcpy(sdd->prevsnap, thissnap, 1018 sizeof (sdd->prevsnap)); 1019 sdd->prevsnap_obj = zfs_prop_get_int(zhp, ZFS_PROP_OBJSETID); 1020 zfs_close(zhp); 1021 return (0); 1022 } 1023 1024 if (sdd->seento || !sdd->seenfrom) { 1025 zfs_close(zhp); 1026 return (0); 1027 } 1028 1029 istosnap = (strcmp(sdd->tosnap, thissnap) == 0); 1030 if (istosnap) 1031 sdd->seento = B_TRUE; 1032 1033 if (sdd->large_block) 1034 flags |= LZC_SEND_FLAG_LARGE_BLOCK; 1035 if (sdd->embed_data) 1036 flags |= LZC_SEND_FLAG_EMBED_DATA; 1037 if (sdd->compress) 1038 flags |= LZC_SEND_FLAG_COMPRESS; 1039 if (sdd->raw) 1040 flags |= LZC_SEND_FLAG_RAW; 1041 1042 if (!sdd->doall && !isfromsnap && !istosnap) { 1043 if (sdd->replicate) { 1044 char *snapname; 1045 nvlist_t *snapprops; 1046 /* 1047 * Filter out all intermediate snapshots except origin 1048 * snapshots needed to replicate clones. 1049 */ 1050 nvlist_t *nvfs = fsavl_find(sdd->fsavl, 1051 zhp->zfs_dmustats.dds_guid, &snapname); 1052 1053 snapprops = fnvlist_lookup_nvlist(nvfs, "snapprops"); 1054 snapprops = fnvlist_lookup_nvlist(snapprops, thissnap); 1055 exclude = !nvlist_exists(snapprops, "is_clone_origin"); 1056 } else { 1057 exclude = B_TRUE; 1058 } 1059 } 1060 1061 /* 1062 * If a filter function exists, call it to determine whether 1063 * this snapshot will be sent. 1064 */ 1065 if (exclude || (sdd->filter_cb != NULL && 1066 sdd->filter_cb(zhp, sdd->filter_cb_arg) == B_FALSE)) { 1067 /* 1068 * This snapshot is filtered out. Don't send it, and don't 1069 * set prevsnap_obj, so it will be as if this snapshot didn't 1070 * exist, and the next accepted snapshot will be sent as 1071 * an incremental from the last accepted one, or as the 1072 * first (and full) snapshot in the case of a replication, 1073 * non-incremental send. 1074 */ 1075 zfs_close(zhp); 1076 return (0); 1077 } 1078 1079 gather_holds(zhp, sdd); 1080 fromorigin = sdd->prevsnap[0] == '\0' && 1081 (sdd->fromorigin || sdd->replicate); 1082 1083 if (sdd->verbosity != 0) { 1084 uint64_t size = 0; 1085 char fromds[ZFS_MAX_DATASET_NAME_LEN]; 1086 1087 if (sdd->prevsnap[0] != '\0') { 1088 (void) strlcpy(fromds, zhp->zfs_name, sizeof (fromds)); 1089 *(strchr(fromds, '@') + 1) = '\0'; 1090 (void) strlcat(fromds, sdd->prevsnap, sizeof (fromds)); 1091 } 1092 if (zfs_send_space(zhp, zhp->zfs_name, 1093 sdd->prevsnap[0] ? fromds : NULL, flags, &size) != 0) { 1094 size = 0; /* cannot estimate send space */ 1095 } else { 1096 send_print_verbose(fout, zhp->zfs_name, 1097 sdd->prevsnap[0] ? sdd->prevsnap : NULL, 1098 size, sdd->parsable); 1099 } 1100 sdd->size += size; 1101 } 1102 1103 if (!sdd->dryrun) { 1104 /* 1105 * If progress reporting is requested, spawn a new thread to 1106 * poll ZFS_IOC_SEND_PROGRESS at a regular interval. 1107 */ 1108 if (sdd->progress) { 1109 pa.pa_zhp = zhp; 1110 pa.pa_fd = sdd->outfd; 1111 pa.pa_parsable = sdd->parsable; 1112 pa.pa_estimate = B_FALSE; 1113 pa.pa_verbosity = sdd->verbosity; 1114 1115 if ((err = pthread_create(&tid, NULL, 1116 send_progress_thread, &pa)) != 0) { 1117 zfs_close(zhp); 1118 return (err); 1119 } 1120 } 1121 1122 err = dump_ioctl(zhp, sdd->prevsnap, sdd->prevsnap_obj, 1123 fromorigin, sdd->outfd, flags, sdd->debugnv); 1124 1125 if (sdd->progress) { 1126 void *status = NULL; 1127 (void) pthread_cancel(tid); 1128 (void) pthread_join(tid, &status); 1129 int error = (int)(uintptr_t)status; 1130 if (error != 0 && status != PTHREAD_CANCELED) { 1131 char errbuf[1024]; 1132 (void) snprintf(errbuf, sizeof (errbuf), 1133 dgettext(TEXT_DOMAIN, 1134 "progress thread exited nonzero")); 1135 return (zfs_standard_error(zhp->zfs_hdl, error, 1136 errbuf)); 1137 } 1138 } 1139 } 1140 1141 (void) strcpy(sdd->prevsnap, thissnap); 1142 sdd->prevsnap_obj = zfs_prop_get_int(zhp, ZFS_PROP_OBJSETID); 1143 zfs_close(zhp); 1144 return (err); 1145 } 1146 1147 static int 1148 dump_filesystem(zfs_handle_t *zhp, void *arg) 1149 { 1150 int rv = 0; 1151 send_dump_data_t *sdd = arg; 1152 boolean_t missingfrom = B_FALSE; 1153 zfs_cmd_t zc = {"\0"}; 1154 uint64_t min_txg = 0, max_txg = 0; 1155 1156 (void) snprintf(zc.zc_name, sizeof (zc.zc_name), "%s@%s", 1157 zhp->zfs_name, sdd->tosnap); 1158 if (zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_OBJSET_STATS, &zc) != 0) { 1159 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1160 "WARNING: could not send %s@%s: does not exist\n"), 1161 zhp->zfs_name, sdd->tosnap); 1162 sdd->err = B_TRUE; 1163 return (0); 1164 } 1165 1166 if (sdd->replicate && sdd->fromsnap) { 1167 /* 1168 * If this fs does not have fromsnap, and we're doing 1169 * recursive, we need to send a full stream from the 1170 * beginning (or an incremental from the origin if this 1171 * is a clone). If we're doing non-recursive, then let 1172 * them get the error. 1173 */ 1174 (void) snprintf(zc.zc_name, sizeof (zc.zc_name), "%s@%s", 1175 zhp->zfs_name, sdd->fromsnap); 1176 if (zfs_ioctl(zhp->zfs_hdl, 1177 ZFS_IOC_OBJSET_STATS, &zc) != 0) { 1178 missingfrom = B_TRUE; 1179 } 1180 } 1181 1182 sdd->seenfrom = sdd->seento = sdd->prevsnap[0] = 0; 1183 sdd->prevsnap_obj = 0; 1184 if (sdd->fromsnap == NULL || missingfrom) 1185 sdd->seenfrom = B_TRUE; 1186 1187 1188 1189 /* 1190 * Iterate through all snapshots and process the ones we will be 1191 * sending. If we only have a "from" and "to" snapshot to deal 1192 * with, we can avoid iterating through all the other snapshots. 1193 */ 1194 if (sdd->doall || sdd->replicate || sdd->tosnap == NULL) { 1195 if (!sdd->replicate && sdd->fromsnap != NULL) 1196 min_txg = get_snap_txg(zhp->zfs_hdl, zhp->zfs_name, 1197 sdd->fromsnap); 1198 if (!sdd->replicate && sdd->tosnap != NULL) 1199 max_txg = get_snap_txg(zhp->zfs_hdl, zhp->zfs_name, 1200 sdd->tosnap); 1201 rv = zfs_iter_snapshots_sorted(zhp, dump_snapshot, arg, 1202 min_txg, max_txg); 1203 } else { 1204 char snapname[MAXPATHLEN] = { 0 }; 1205 zfs_handle_t *snap; 1206 1207 if (!sdd->seenfrom) { 1208 (void) snprintf(snapname, sizeof (snapname), 1209 "%s@%s", zhp->zfs_name, sdd->fromsnap); 1210 snap = zfs_open(zhp->zfs_hdl, snapname, 1211 ZFS_TYPE_SNAPSHOT); 1212 if (snap != NULL) 1213 rv = dump_snapshot(snap, sdd); 1214 else 1215 rv = -1; 1216 } 1217 1218 if (rv == 0) { 1219 (void) snprintf(snapname, sizeof (snapname), 1220 "%s@%s", zhp->zfs_name, sdd->tosnap); 1221 snap = zfs_open(zhp->zfs_hdl, snapname, 1222 ZFS_TYPE_SNAPSHOT); 1223 if (snap != NULL) 1224 rv = dump_snapshot(snap, sdd); 1225 else 1226 rv = -1; 1227 } 1228 } 1229 1230 if (!sdd->seenfrom) { 1231 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1232 "WARNING: could not send %s@%s:\n" 1233 "incremental source (%s@%s) does not exist\n"), 1234 zhp->zfs_name, sdd->tosnap, 1235 zhp->zfs_name, sdd->fromsnap); 1236 sdd->err = B_TRUE; 1237 } else if (!sdd->seento) { 1238 if (sdd->fromsnap) { 1239 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1240 "WARNING: could not send %s@%s:\n" 1241 "incremental source (%s@%s) " 1242 "is not earlier than it\n"), 1243 zhp->zfs_name, sdd->tosnap, 1244 zhp->zfs_name, sdd->fromsnap); 1245 } else { 1246 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1247 "WARNING: " 1248 "could not send %s@%s: does not exist\n"), 1249 zhp->zfs_name, sdd->tosnap); 1250 } 1251 sdd->err = B_TRUE; 1252 } 1253 1254 return (rv); 1255 } 1256 1257 static int 1258 dump_filesystems(zfs_handle_t *rzhp, void *arg) 1259 { 1260 send_dump_data_t *sdd = arg; 1261 nvpair_t *fspair; 1262 boolean_t needagain, progress; 1263 1264 if (!sdd->replicate) 1265 return (dump_filesystem(rzhp, sdd)); 1266 1267 /* Mark the clone origin snapshots. */ 1268 for (fspair = nvlist_next_nvpair(sdd->fss, NULL); fspair; 1269 fspair = nvlist_next_nvpair(sdd->fss, fspair)) { 1270 nvlist_t *nvfs; 1271 uint64_t origin_guid = 0; 1272 1273 nvfs = fnvpair_value_nvlist(fspair); 1274 (void) nvlist_lookup_uint64(nvfs, "origin", &origin_guid); 1275 if (origin_guid != 0) { 1276 char *snapname; 1277 nvlist_t *origin_nv = fsavl_find(sdd->fsavl, 1278 origin_guid, &snapname); 1279 if (origin_nv != NULL) { 1280 nvlist_t *snapprops; 1281 snapprops = fnvlist_lookup_nvlist(origin_nv, 1282 "snapprops"); 1283 snapprops = fnvlist_lookup_nvlist(snapprops, 1284 snapname); 1285 fnvlist_add_boolean(snapprops, 1286 "is_clone_origin"); 1287 } 1288 } 1289 } 1290 again: 1291 needagain = progress = B_FALSE; 1292 for (fspair = nvlist_next_nvpair(sdd->fss, NULL); fspair; 1293 fspair = nvlist_next_nvpair(sdd->fss, fspair)) { 1294 nvlist_t *fslist, *parent_nv; 1295 char *fsname; 1296 zfs_handle_t *zhp; 1297 int err; 1298 uint64_t origin_guid = 0; 1299 uint64_t parent_guid = 0; 1300 1301 fslist = fnvpair_value_nvlist(fspair); 1302 if (nvlist_lookup_boolean(fslist, "sent") == 0) 1303 continue; 1304 1305 fsname = fnvlist_lookup_string(fslist, "name"); 1306 (void) nvlist_lookup_uint64(fslist, "origin", &origin_guid); 1307 (void) nvlist_lookup_uint64(fslist, "parentfromsnap", 1308 &parent_guid); 1309 1310 if (parent_guid != 0) { 1311 parent_nv = fsavl_find(sdd->fsavl, parent_guid, NULL); 1312 if (!nvlist_exists(parent_nv, "sent")) { 1313 /* parent has not been sent; skip this one */ 1314 needagain = B_TRUE; 1315 continue; 1316 } 1317 } 1318 1319 if (origin_guid != 0) { 1320 nvlist_t *origin_nv = fsavl_find(sdd->fsavl, 1321 origin_guid, NULL); 1322 if (origin_nv != NULL && 1323 !nvlist_exists(origin_nv, "sent")) { 1324 /* 1325 * origin has not been sent yet; 1326 * skip this clone. 1327 */ 1328 needagain = B_TRUE; 1329 continue; 1330 } 1331 } 1332 1333 zhp = zfs_open(rzhp->zfs_hdl, fsname, ZFS_TYPE_DATASET); 1334 if (zhp == NULL) 1335 return (-1); 1336 err = dump_filesystem(zhp, sdd); 1337 fnvlist_add_boolean(fslist, "sent"); 1338 progress = B_TRUE; 1339 zfs_close(zhp); 1340 if (err) 1341 return (err); 1342 } 1343 if (needagain) { 1344 assert(progress); 1345 goto again; 1346 } 1347 1348 /* clean out the sent flags in case we reuse this fss */ 1349 for (fspair = nvlist_next_nvpair(sdd->fss, NULL); fspair; 1350 fspair = nvlist_next_nvpair(sdd->fss, fspair)) { 1351 nvlist_t *fslist; 1352 1353 fslist = fnvpair_value_nvlist(fspair); 1354 (void) nvlist_remove_all(fslist, "sent"); 1355 } 1356 1357 return (0); 1358 } 1359 1360 nvlist_t * 1361 zfs_send_resume_token_to_nvlist(libzfs_handle_t *hdl, const char *token) 1362 { 1363 unsigned int version; 1364 int nread, i; 1365 unsigned long long checksum, packed_len; 1366 1367 /* 1368 * Decode token header, which is: 1369 * <token version>-<checksum of payload>-<uncompressed payload length> 1370 * Note that the only supported token version is 1. 1371 */ 1372 nread = sscanf(token, "%u-%llx-%llx-", 1373 &version, &checksum, &packed_len); 1374 if (nread != 3) { 1375 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1376 "resume token is corrupt (invalid format)")); 1377 return (NULL); 1378 } 1379 1380 if (version != ZFS_SEND_RESUME_TOKEN_VERSION) { 1381 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1382 "resume token is corrupt (invalid version %u)"), 1383 version); 1384 return (NULL); 1385 } 1386 1387 /* convert hexadecimal representation to binary */ 1388 token = strrchr(token, '-') + 1; 1389 int len = strlen(token) / 2; 1390 unsigned char *compressed = zfs_alloc(hdl, len); 1391 for (i = 0; i < len; i++) { 1392 nread = sscanf(token + i * 2, "%2hhx", compressed + i); 1393 if (nread != 1) { 1394 free(compressed); 1395 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1396 "resume token is corrupt " 1397 "(payload is not hex-encoded)")); 1398 return (NULL); 1399 } 1400 } 1401 1402 /* verify checksum */ 1403 zio_cksum_t cksum; 1404 fletcher_4_native_varsize(compressed, len, &cksum); 1405 if (cksum.zc_word[0] != checksum) { 1406 free(compressed); 1407 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1408 "resume token is corrupt (incorrect checksum)")); 1409 return (NULL); 1410 } 1411 1412 /* uncompress */ 1413 void *packed = zfs_alloc(hdl, packed_len); 1414 uLongf packed_len_long = packed_len; 1415 if (uncompress(packed, &packed_len_long, compressed, len) != Z_OK || 1416 packed_len_long != packed_len) { 1417 free(packed); 1418 free(compressed); 1419 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1420 "resume token is corrupt (decompression failed)")); 1421 return (NULL); 1422 } 1423 1424 /* unpack nvlist */ 1425 nvlist_t *nv; 1426 int error = nvlist_unpack(packed, packed_len, &nv, KM_SLEEP); 1427 free(packed); 1428 free(compressed); 1429 if (error != 0) { 1430 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1431 "resume token is corrupt (nvlist_unpack failed)")); 1432 return (NULL); 1433 } 1434 return (nv); 1435 } 1436 static enum lzc_send_flags 1437 lzc_flags_from_sendflags(const sendflags_t *flags) 1438 { 1439 enum lzc_send_flags lzc_flags = 0; 1440 if (flags->largeblock) 1441 lzc_flags |= LZC_SEND_FLAG_LARGE_BLOCK; 1442 if (flags->embed_data) 1443 lzc_flags |= LZC_SEND_FLAG_EMBED_DATA; 1444 if (flags->compress) 1445 lzc_flags |= LZC_SEND_FLAG_COMPRESS; 1446 if (flags->raw) 1447 lzc_flags |= LZC_SEND_FLAG_RAW; 1448 if (flags->saved) 1449 lzc_flags |= LZC_SEND_FLAG_SAVED; 1450 return (lzc_flags); 1451 } 1452 1453 static int 1454 estimate_size(zfs_handle_t *zhp, const char *from, int fd, sendflags_t *flags, 1455 uint64_t resumeobj, uint64_t resumeoff, uint64_t bytes, 1456 const char *redactbook, char *errbuf) 1457 { 1458 uint64_t size; 1459 FILE *fout = flags->dryrun ? stdout : stderr; 1460 progress_arg_t pa = { 0 }; 1461 int err = 0; 1462 pthread_t ptid; 1463 1464 if (flags->progress) { 1465 pa.pa_zhp = zhp; 1466 pa.pa_fd = fd; 1467 pa.pa_parsable = flags->parsable; 1468 pa.pa_estimate = B_TRUE; 1469 pa.pa_verbosity = flags->verbosity; 1470 1471 err = pthread_create(&ptid, NULL, 1472 send_progress_thread, &pa); 1473 if (err != 0) { 1474 zfs_error_aux(zhp->zfs_hdl, strerror(errno)); 1475 return (zfs_error(zhp->zfs_hdl, 1476 EZFS_THREADCREATEFAILED, errbuf)); 1477 } 1478 } 1479 1480 err = lzc_send_space_resume_redacted(zhp->zfs_name, from, 1481 lzc_flags_from_sendflags(flags), resumeobj, resumeoff, bytes, 1482 redactbook, fd, &size); 1483 1484 if (flags->progress) { 1485 void *status = NULL; 1486 (void) pthread_cancel(ptid); 1487 (void) pthread_join(ptid, &status); 1488 int error = (int)(uintptr_t)status; 1489 if (error != 0 && status != PTHREAD_CANCELED) { 1490 char errbuf[1024]; 1491 (void) snprintf(errbuf, sizeof (errbuf), 1492 dgettext(TEXT_DOMAIN, "progress thread exited " 1493 "nonzero")); 1494 return (zfs_standard_error(zhp->zfs_hdl, error, 1495 errbuf)); 1496 } 1497 } 1498 1499 if (err != 0) { 1500 zfs_error_aux(zhp->zfs_hdl, strerror(err)); 1501 return (zfs_error(zhp->zfs_hdl, EZFS_BADBACKUP, 1502 errbuf)); 1503 } 1504 send_print_verbose(fout, zhp->zfs_name, from, size, 1505 flags->parsable); 1506 1507 if (flags->parsable) { 1508 (void) fprintf(fout, "size\t%llu\n", (longlong_t)size); 1509 } else { 1510 char buf[16]; 1511 zfs_nicenum(size, buf, sizeof (buf)); 1512 (void) fprintf(fout, dgettext(TEXT_DOMAIN, 1513 "total estimated size is %s\n"), buf); 1514 } 1515 return (0); 1516 } 1517 1518 static boolean_t 1519 redact_snaps_contains(const uint64_t *snaps, uint64_t num_snaps, uint64_t guid) 1520 { 1521 for (int i = 0; i < num_snaps; i++) { 1522 if (snaps[i] == guid) 1523 return (B_TRUE); 1524 } 1525 return (B_FALSE); 1526 } 1527 1528 static boolean_t 1529 redact_snaps_equal(const uint64_t *snaps1, uint64_t num_snaps1, 1530 const uint64_t *snaps2, uint64_t num_snaps2) 1531 { 1532 if (num_snaps1 != num_snaps2) 1533 return (B_FALSE); 1534 for (int i = 0; i < num_snaps1; i++) { 1535 if (!redact_snaps_contains(snaps2, num_snaps2, snaps1[i])) 1536 return (B_FALSE); 1537 } 1538 return (B_TRUE); 1539 } 1540 1541 /* 1542 * Check that the list of redaction snapshots in the bookmark matches the send 1543 * we're resuming, and return whether or not it's complete. 1544 * 1545 * Note that the caller needs to free the contents of *bookname with free() if 1546 * this function returns successfully. 1547 */ 1548 static int 1549 find_redact_book(libzfs_handle_t *hdl, const char *path, 1550 const uint64_t *redact_snap_guids, int num_redact_snaps, 1551 char **bookname) 1552 { 1553 char errbuf[1024]; 1554 int error = 0; 1555 nvlist_t *props = fnvlist_alloc(); 1556 nvlist_t *bmarks; 1557 1558 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN, 1559 "cannot resume send")); 1560 1561 fnvlist_add_boolean(props, "redact_complete"); 1562 fnvlist_add_boolean(props, zfs_prop_to_name(ZFS_PROP_REDACT_SNAPS)); 1563 error = lzc_get_bookmarks(path, props, &bmarks); 1564 fnvlist_free(props); 1565 if (error != 0) { 1566 if (error == ESRCH) { 1567 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1568 "nonexistent redaction bookmark provided")); 1569 } else if (error == ENOENT) { 1570 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1571 "dataset to be sent no longer exists")); 1572 } else { 1573 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1574 "unknown error: %s"), strerror(error)); 1575 } 1576 return (zfs_error(hdl, EZFS_BADPROP, errbuf)); 1577 } 1578 nvpair_t *pair; 1579 for (pair = nvlist_next_nvpair(bmarks, NULL); pair; 1580 pair = nvlist_next_nvpair(bmarks, pair)) { 1581 1582 nvlist_t *bmark = fnvpair_value_nvlist(pair); 1583 nvlist_t *vallist = fnvlist_lookup_nvlist(bmark, 1584 zfs_prop_to_name(ZFS_PROP_REDACT_SNAPS)); 1585 uint_t len = 0; 1586 uint64_t *bmarksnaps = fnvlist_lookup_uint64_array(vallist, 1587 ZPROP_VALUE, &len); 1588 if (redact_snaps_equal(redact_snap_guids, 1589 num_redact_snaps, bmarksnaps, len)) { 1590 break; 1591 } 1592 } 1593 if (pair == NULL) { 1594 fnvlist_free(bmarks); 1595 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1596 "no appropriate redaction bookmark exists")); 1597 return (zfs_error(hdl, EZFS_BADPROP, errbuf)); 1598 } 1599 char *name = nvpair_name(pair); 1600 nvlist_t *bmark = fnvpair_value_nvlist(pair); 1601 nvlist_t *vallist = fnvlist_lookup_nvlist(bmark, "redact_complete"); 1602 boolean_t complete = fnvlist_lookup_boolean_value(vallist, 1603 ZPROP_VALUE); 1604 if (!complete) { 1605 fnvlist_free(bmarks); 1606 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1607 "incomplete redaction bookmark provided")); 1608 return (zfs_error(hdl, EZFS_BADPROP, errbuf)); 1609 } 1610 *bookname = strndup(name, ZFS_MAX_DATASET_NAME_LEN); 1611 ASSERT3P(*bookname, !=, NULL); 1612 fnvlist_free(bmarks); 1613 return (0); 1614 } 1615 1616 static int 1617 zfs_send_resume_impl(libzfs_handle_t *hdl, sendflags_t *flags, int outfd, 1618 nvlist_t *resume_nvl) 1619 { 1620 char errbuf[1024]; 1621 char *toname; 1622 char *fromname = NULL; 1623 uint64_t resumeobj, resumeoff, toguid, fromguid, bytes; 1624 zfs_handle_t *zhp; 1625 int error = 0; 1626 char name[ZFS_MAX_DATASET_NAME_LEN]; 1627 enum lzc_send_flags lzc_flags = 0; 1628 FILE *fout = (flags->verbosity > 0 && flags->dryrun) ? stdout : stderr; 1629 uint64_t *redact_snap_guids = NULL; 1630 int num_redact_snaps = 0; 1631 char *redact_book = NULL; 1632 1633 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN, 1634 "cannot resume send")); 1635 1636 if (flags->verbosity != 0) { 1637 (void) fprintf(fout, dgettext(TEXT_DOMAIN, 1638 "resume token contents:\n")); 1639 nvlist_print(fout, resume_nvl); 1640 } 1641 1642 if (nvlist_lookup_string(resume_nvl, "toname", &toname) != 0 || 1643 nvlist_lookup_uint64(resume_nvl, "object", &resumeobj) != 0 || 1644 nvlist_lookup_uint64(resume_nvl, "offset", &resumeoff) != 0 || 1645 nvlist_lookup_uint64(resume_nvl, "bytes", &bytes) != 0 || 1646 nvlist_lookup_uint64(resume_nvl, "toguid", &toguid) != 0) { 1647 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1648 "resume token is corrupt")); 1649 return (zfs_error(hdl, EZFS_FAULT, errbuf)); 1650 } 1651 fromguid = 0; 1652 (void) nvlist_lookup_uint64(resume_nvl, "fromguid", &fromguid); 1653 1654 if (flags->largeblock || nvlist_exists(resume_nvl, "largeblockok")) 1655 lzc_flags |= LZC_SEND_FLAG_LARGE_BLOCK; 1656 if (flags->embed_data || nvlist_exists(resume_nvl, "embedok")) 1657 lzc_flags |= LZC_SEND_FLAG_EMBED_DATA; 1658 if (flags->compress || nvlist_exists(resume_nvl, "compressok")) 1659 lzc_flags |= LZC_SEND_FLAG_COMPRESS; 1660 if (flags->raw || nvlist_exists(resume_nvl, "rawok")) 1661 lzc_flags |= LZC_SEND_FLAG_RAW; 1662 if (flags->saved || nvlist_exists(resume_nvl, "savedok")) 1663 lzc_flags |= LZC_SEND_FLAG_SAVED; 1664 1665 if (flags->saved) { 1666 (void) strcpy(name, toname); 1667 } else { 1668 error = guid_to_name(hdl, toname, toguid, B_FALSE, name); 1669 if (error != 0) { 1670 if (zfs_dataset_exists(hdl, toname, ZFS_TYPE_DATASET)) { 1671 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1672 "'%s' is no longer the same snapshot " 1673 "used in the initial send"), toname); 1674 } else { 1675 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1676 "'%s' used in the initial send no " 1677 "longer exists"), toname); 1678 } 1679 return (zfs_error(hdl, EZFS_BADPATH, errbuf)); 1680 } 1681 } 1682 1683 zhp = zfs_open(hdl, name, ZFS_TYPE_DATASET); 1684 if (zhp == NULL) { 1685 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1686 "unable to access '%s'"), name); 1687 return (zfs_error(hdl, EZFS_BADPATH, errbuf)); 1688 } 1689 1690 if (nvlist_lookup_uint64_array(resume_nvl, "book_redact_snaps", 1691 &redact_snap_guids, (uint_t *)&num_redact_snaps) != 0) { 1692 num_redact_snaps = -1; 1693 } 1694 1695 if (fromguid != 0) { 1696 if (guid_to_name_redact_snaps(hdl, toname, fromguid, B_TRUE, 1697 redact_snap_guids, num_redact_snaps, name) != 0) { 1698 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1699 "incremental source %#llx no longer exists"), 1700 (longlong_t)fromguid); 1701 return (zfs_error(hdl, EZFS_BADPATH, errbuf)); 1702 } 1703 fromname = name; 1704 } 1705 1706 redact_snap_guids = NULL; 1707 1708 if (nvlist_lookup_uint64_array(resume_nvl, 1709 zfs_prop_to_name(ZFS_PROP_REDACT_SNAPS), &redact_snap_guids, 1710 (uint_t *)&num_redact_snaps) == 0) { 1711 char path[ZFS_MAX_DATASET_NAME_LEN]; 1712 1713 (void) strlcpy(path, toname, sizeof (path)); 1714 char *at = strchr(path, '@'); 1715 ASSERT3P(at, !=, NULL); 1716 1717 *at = '\0'; 1718 1719 if ((error = find_redact_book(hdl, path, redact_snap_guids, 1720 num_redact_snaps, &redact_book)) != 0) { 1721 return (error); 1722 } 1723 } 1724 1725 if (flags->verbosity != 0) { 1726 /* 1727 * Some of these may have come from the resume token, set them 1728 * here for size estimate purposes. 1729 */ 1730 sendflags_t tmpflags = *flags; 1731 if (lzc_flags & LZC_SEND_FLAG_LARGE_BLOCK) 1732 tmpflags.largeblock = B_TRUE; 1733 if (lzc_flags & LZC_SEND_FLAG_COMPRESS) 1734 tmpflags.compress = B_TRUE; 1735 if (lzc_flags & LZC_SEND_FLAG_EMBED_DATA) 1736 tmpflags.embed_data = B_TRUE; 1737 error = estimate_size(zhp, fromname, outfd, &tmpflags, 1738 resumeobj, resumeoff, bytes, redact_book, errbuf); 1739 } 1740 1741 if (!flags->dryrun) { 1742 progress_arg_t pa = { 0 }; 1743 pthread_t tid; 1744 /* 1745 * If progress reporting is requested, spawn a new thread to 1746 * poll ZFS_IOC_SEND_PROGRESS at a regular interval. 1747 */ 1748 if (flags->progress) { 1749 pa.pa_zhp = zhp; 1750 pa.pa_fd = outfd; 1751 pa.pa_parsable = flags->parsable; 1752 pa.pa_estimate = B_FALSE; 1753 pa.pa_verbosity = flags->verbosity; 1754 1755 error = pthread_create(&tid, NULL, 1756 send_progress_thread, &pa); 1757 if (error != 0) { 1758 if (redact_book != NULL) 1759 free(redact_book); 1760 zfs_close(zhp); 1761 return (error); 1762 } 1763 } 1764 1765 error = lzc_send_resume_redacted(zhp->zfs_name, fromname, outfd, 1766 lzc_flags, resumeobj, resumeoff, redact_book); 1767 if (redact_book != NULL) 1768 free(redact_book); 1769 1770 if (flags->progress) { 1771 void *status = NULL; 1772 (void) pthread_cancel(tid); 1773 (void) pthread_join(tid, &status); 1774 int error = (int)(uintptr_t)status; 1775 if (error != 0 && status != PTHREAD_CANCELED) { 1776 char errbuf[1024]; 1777 (void) snprintf(errbuf, sizeof (errbuf), 1778 dgettext(TEXT_DOMAIN, 1779 "progress thread exited nonzero")); 1780 return (zfs_standard_error(hdl, error, errbuf)); 1781 } 1782 } 1783 1784 char errbuf[1024]; 1785 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN, 1786 "warning: cannot send '%s'"), zhp->zfs_name); 1787 1788 zfs_close(zhp); 1789 1790 switch (error) { 1791 case 0: 1792 return (0); 1793 case EACCES: 1794 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1795 "source key must be loaded")); 1796 return (zfs_error(hdl, EZFS_CRYPTOFAILED, errbuf)); 1797 case ESRCH: 1798 if (lzc_exists(zhp->zfs_name)) { 1799 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1800 "incremental source could not be found")); 1801 } 1802 return (zfs_error(hdl, EZFS_NOENT, errbuf)); 1803 1804 case EXDEV: 1805 case ENOENT: 1806 case EDQUOT: 1807 case EFBIG: 1808 case EIO: 1809 case ENOLINK: 1810 case ENOSPC: 1811 case ENOSTR: 1812 case ENXIO: 1813 case EPIPE: 1814 case ERANGE: 1815 case EFAULT: 1816 case EROFS: 1817 zfs_error_aux(hdl, strerror(errno)); 1818 return (zfs_error(hdl, EZFS_BADBACKUP, errbuf)); 1819 1820 default: 1821 return (zfs_standard_error(hdl, errno, errbuf)); 1822 } 1823 } else { 1824 if (redact_book != NULL) 1825 free(redact_book); 1826 } 1827 1828 zfs_close(zhp); 1829 1830 return (error); 1831 } 1832 1833 int 1834 zfs_send_resume(libzfs_handle_t *hdl, sendflags_t *flags, int outfd, 1835 const char *resume_token) 1836 { 1837 int ret; 1838 char errbuf[1024]; 1839 nvlist_t *resume_nvl; 1840 1841 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN, 1842 "cannot resume send")); 1843 1844 resume_nvl = zfs_send_resume_token_to_nvlist(hdl, resume_token); 1845 if (resume_nvl == NULL) { 1846 /* 1847 * zfs_error_aux has already been set by 1848 * zfs_send_resume_token_to_nvlist() 1849 */ 1850 return (zfs_error(hdl, EZFS_FAULT, errbuf)); 1851 } 1852 1853 ret = zfs_send_resume_impl(hdl, flags, outfd, resume_nvl); 1854 fnvlist_free(resume_nvl); 1855 1856 return (ret); 1857 } 1858 1859 int 1860 zfs_send_saved(zfs_handle_t *zhp, sendflags_t *flags, int outfd, 1861 const char *resume_token) 1862 { 1863 int ret; 1864 libzfs_handle_t *hdl = zhp->zfs_hdl; 1865 nvlist_t *saved_nvl = NULL, *resume_nvl = NULL; 1866 uint64_t saved_guid = 0, resume_guid = 0; 1867 uint64_t obj = 0, off = 0, bytes = 0; 1868 char token_buf[ZFS_MAXPROPLEN]; 1869 char errbuf[1024]; 1870 1871 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN, 1872 "saved send failed")); 1873 1874 ret = zfs_prop_get(zhp, ZFS_PROP_RECEIVE_RESUME_TOKEN, 1875 token_buf, sizeof (token_buf), NULL, NULL, 0, B_TRUE); 1876 if (ret != 0) 1877 goto out; 1878 1879 saved_nvl = zfs_send_resume_token_to_nvlist(hdl, token_buf); 1880 if (saved_nvl == NULL) { 1881 /* 1882 * zfs_error_aux has already been set by 1883 * zfs_send_resume_token_to_nvlist() 1884 */ 1885 ret = zfs_error(hdl, EZFS_FAULT, errbuf); 1886 goto out; 1887 } 1888 1889 /* 1890 * If a resume token is provided we use the object and offset 1891 * from that instead of the default, which starts from the 1892 * beginning. 1893 */ 1894 if (resume_token != NULL) { 1895 resume_nvl = zfs_send_resume_token_to_nvlist(hdl, 1896 resume_token); 1897 if (resume_nvl == NULL) { 1898 ret = zfs_error(hdl, EZFS_FAULT, errbuf); 1899 goto out; 1900 } 1901 1902 if (nvlist_lookup_uint64(resume_nvl, "object", &obj) != 0 || 1903 nvlist_lookup_uint64(resume_nvl, "offset", &off) != 0 || 1904 nvlist_lookup_uint64(resume_nvl, "bytes", &bytes) != 0 || 1905 nvlist_lookup_uint64(resume_nvl, "toguid", 1906 &resume_guid) != 0) { 1907 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1908 "provided resume token is corrupt")); 1909 ret = zfs_error(hdl, EZFS_FAULT, errbuf); 1910 goto out; 1911 } 1912 1913 if (nvlist_lookup_uint64(saved_nvl, "toguid", 1914 &saved_guid)) { 1915 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1916 "dataset's resume token is corrupt")); 1917 ret = zfs_error(hdl, EZFS_FAULT, errbuf); 1918 goto out; 1919 } 1920 1921 if (resume_guid != saved_guid) { 1922 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 1923 "provided resume token does not match dataset")); 1924 ret = zfs_error(hdl, EZFS_BADBACKUP, errbuf); 1925 goto out; 1926 } 1927 } 1928 1929 (void) nvlist_remove_all(saved_nvl, "object"); 1930 fnvlist_add_uint64(saved_nvl, "object", obj); 1931 1932 (void) nvlist_remove_all(saved_nvl, "offset"); 1933 fnvlist_add_uint64(saved_nvl, "offset", off); 1934 1935 (void) nvlist_remove_all(saved_nvl, "bytes"); 1936 fnvlist_add_uint64(saved_nvl, "bytes", bytes); 1937 1938 (void) nvlist_remove_all(saved_nvl, "toname"); 1939 fnvlist_add_string(saved_nvl, "toname", zhp->zfs_name); 1940 1941 ret = zfs_send_resume_impl(hdl, flags, outfd, saved_nvl); 1942 1943 out: 1944 fnvlist_free(saved_nvl); 1945 fnvlist_free(resume_nvl); 1946 return (ret); 1947 } 1948 1949 /* 1950 * This function informs the target system that the recursive send is complete. 1951 * The record is also expected in the case of a send -p. 1952 */ 1953 static int 1954 send_conclusion_record(int fd, zio_cksum_t *zc) 1955 { 1956 dmu_replay_record_t drr = { 0 }; 1957 drr.drr_type = DRR_END; 1958 if (zc != NULL) 1959 drr.drr_u.drr_end.drr_checksum = *zc; 1960 if (write(fd, &drr, sizeof (drr)) == -1) { 1961 return (errno); 1962 } 1963 return (0); 1964 } 1965 1966 /* 1967 * This function is responsible for sending the records that contain the 1968 * necessary information for the target system's libzfs to be able to set the 1969 * properties of the filesystem being received, or to be able to prepare for 1970 * a recursive receive. 1971 * 1972 * The "zhp" argument is the handle of the snapshot we are sending 1973 * (the "tosnap"). The "from" argument is the short snapshot name (the part 1974 * after the @) of the incremental source. 1975 */ 1976 static int 1977 send_prelim_records(zfs_handle_t *zhp, const char *from, int fd, 1978 boolean_t gather_props, boolean_t recursive, boolean_t verbose, 1979 boolean_t dryrun, boolean_t raw, boolean_t replicate, boolean_t backup, 1980 boolean_t holds, boolean_t props, boolean_t doall, 1981 nvlist_t **fssp, avl_tree_t **fsavlp) 1982 { 1983 int err = 0; 1984 char *packbuf = NULL; 1985 size_t buflen = 0; 1986 zio_cksum_t zc = { {0} }; 1987 int featureflags = 0; 1988 /* name of filesystem/volume that contains snapshot we are sending */ 1989 char tofs[ZFS_MAX_DATASET_NAME_LEN]; 1990 /* short name of snap we are sending */ 1991 char *tosnap = ""; 1992 1993 char errbuf[1024]; 1994 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN, 1995 "warning: cannot send '%s'"), zhp->zfs_name); 1996 if (zhp->zfs_type == ZFS_TYPE_FILESYSTEM && zfs_prop_get_int(zhp, 1997 ZFS_PROP_VERSION) >= ZPL_VERSION_SA) { 1998 featureflags |= DMU_BACKUP_FEATURE_SA_SPILL; 1999 } 2000 2001 if (holds) 2002 featureflags |= DMU_BACKUP_FEATURE_HOLDS; 2003 2004 (void) strlcpy(tofs, zhp->zfs_name, ZFS_MAX_DATASET_NAME_LEN); 2005 char *at = strchr(tofs, '@'); 2006 if (at != NULL) { 2007 *at = '\0'; 2008 tosnap = at + 1; 2009 } 2010 2011 if (gather_props) { 2012 nvlist_t *hdrnv = fnvlist_alloc(); 2013 nvlist_t *fss = NULL; 2014 2015 if (from != NULL) 2016 fnvlist_add_string(hdrnv, "fromsnap", from); 2017 fnvlist_add_string(hdrnv, "tosnap", tosnap); 2018 if (!recursive) 2019 fnvlist_add_boolean(hdrnv, "not_recursive"); 2020 2021 if (raw) { 2022 fnvlist_add_boolean(hdrnv, "raw"); 2023 } 2024 2025 if ((err = gather_nvlist(zhp->zfs_hdl, tofs, 2026 from, tosnap, recursive, raw, doall, replicate, verbose, 2027 backup, holds, props, &fss, fsavlp)) != 0) { 2028 return (zfs_error(zhp->zfs_hdl, EZFS_BADBACKUP, 2029 errbuf)); 2030 } 2031 /* 2032 * Do not allow the size of the properties list to exceed 2033 * the limit 2034 */ 2035 if ((fnvlist_size(fss) + fnvlist_size(hdrnv)) > 2036 zhp->zfs_hdl->libzfs_max_nvlist) { 2037 (void) snprintf(errbuf, sizeof (errbuf), 2038 dgettext(TEXT_DOMAIN, "warning: cannot send '%s': " 2039 "the size of the list of snapshots and properties " 2040 "is too large to be received successfully.\n" 2041 "Select a smaller number of snapshots to send.\n"), 2042 zhp->zfs_name); 2043 return (zfs_error(zhp->zfs_hdl, EZFS_NOSPC, 2044 errbuf)); 2045 } 2046 fnvlist_add_nvlist(hdrnv, "fss", fss); 2047 VERIFY0(nvlist_pack(hdrnv, &packbuf, &buflen, NV_ENCODE_XDR, 2048 0)); 2049 if (fssp != NULL) { 2050 *fssp = fss; 2051 } else { 2052 fnvlist_free(fss); 2053 } 2054 fnvlist_free(hdrnv); 2055 } 2056 2057 if (!dryrun) { 2058 dmu_replay_record_t drr = { 0 }; 2059 /* write first begin record */ 2060 drr.drr_type = DRR_BEGIN; 2061 drr.drr_u.drr_begin.drr_magic = DMU_BACKUP_MAGIC; 2062 DMU_SET_STREAM_HDRTYPE(drr.drr_u.drr_begin. 2063 drr_versioninfo, DMU_COMPOUNDSTREAM); 2064 DMU_SET_FEATUREFLAGS(drr.drr_u.drr_begin. 2065 drr_versioninfo, featureflags); 2066 if (snprintf(drr.drr_u.drr_begin.drr_toname, 2067 sizeof (drr.drr_u.drr_begin.drr_toname), "%s@%s", tofs, 2068 tosnap) >= sizeof (drr.drr_u.drr_begin.drr_toname)) { 2069 return (zfs_error(zhp->zfs_hdl, EZFS_BADBACKUP, 2070 errbuf)); 2071 } 2072 drr.drr_payloadlen = buflen; 2073 2074 err = dump_record(&drr, packbuf, buflen, &zc, fd); 2075 free(packbuf); 2076 if (err != 0) { 2077 zfs_error_aux(zhp->zfs_hdl, strerror(err)); 2078 return (zfs_error(zhp->zfs_hdl, EZFS_BADBACKUP, 2079 errbuf)); 2080 } 2081 err = send_conclusion_record(fd, &zc); 2082 if (err != 0) { 2083 zfs_error_aux(zhp->zfs_hdl, strerror(err)); 2084 return (zfs_error(zhp->zfs_hdl, EZFS_BADBACKUP, 2085 errbuf)); 2086 } 2087 } 2088 return (0); 2089 } 2090 2091 /* 2092 * Generate a send stream. The "zhp" argument is the filesystem/volume 2093 * that contains the snapshot to send. The "fromsnap" argument is the 2094 * short name (the part after the '@') of the snapshot that is the 2095 * incremental source to send from (if non-NULL). The "tosnap" argument 2096 * is the short name of the snapshot to send. 2097 * 2098 * The content of the send stream is the snapshot identified by 2099 * 'tosnap'. Incremental streams are requested in two ways: 2100 * - from the snapshot identified by "fromsnap" (if non-null) or 2101 * - from the origin of the dataset identified by zhp, which must 2102 * be a clone. In this case, "fromsnap" is null and "fromorigin" 2103 * is TRUE. 2104 * 2105 * The send stream is recursive (i.e. dumps a hierarchy of snapshots) and 2106 * uses a special header (with a hdrtype field of DMU_COMPOUNDSTREAM) 2107 * if "replicate" is set. If "doall" is set, dump all the intermediate 2108 * snapshots. The DMU_COMPOUNDSTREAM header is used in the "doall" 2109 * case too. If "props" is set, send properties. 2110 */ 2111 int 2112 zfs_send(zfs_handle_t *zhp, const char *fromsnap, const char *tosnap, 2113 sendflags_t *flags, int outfd, snapfilter_cb_t filter_func, 2114 void *cb_arg, nvlist_t **debugnvp) 2115 { 2116 char errbuf[1024]; 2117 send_dump_data_t sdd = { 0 }; 2118 int err = 0; 2119 nvlist_t *fss = NULL; 2120 avl_tree_t *fsavl = NULL; 2121 static uint64_t holdseq; 2122 int spa_version; 2123 int featureflags = 0; 2124 FILE *fout; 2125 2126 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN, 2127 "cannot send '%s'"), zhp->zfs_name); 2128 2129 if (fromsnap && fromsnap[0] == '\0') { 2130 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, 2131 "zero-length incremental source")); 2132 return (zfs_error(zhp->zfs_hdl, EZFS_NOENT, errbuf)); 2133 } 2134 2135 if (zhp->zfs_type == ZFS_TYPE_FILESYSTEM) { 2136 uint64_t version; 2137 version = zfs_prop_get_int(zhp, ZFS_PROP_VERSION); 2138 if (version >= ZPL_VERSION_SA) { 2139 featureflags |= DMU_BACKUP_FEATURE_SA_SPILL; 2140 } 2141 } 2142 2143 if (flags->holds) 2144 featureflags |= DMU_BACKUP_FEATURE_HOLDS; 2145 2146 if (flags->replicate || flags->doall || flags->props || 2147 flags->holds || flags->backup) { 2148 char full_tosnap_name[ZFS_MAX_DATASET_NAME_LEN]; 2149 if (snprintf(full_tosnap_name, sizeof (full_tosnap_name), 2150 "%s@%s", zhp->zfs_name, tosnap) >= 2151 sizeof (full_tosnap_name)) { 2152 err = EINVAL; 2153 goto stderr_out; 2154 } 2155 zfs_handle_t *tosnap = zfs_open(zhp->zfs_hdl, 2156 full_tosnap_name, ZFS_TYPE_SNAPSHOT); 2157 if (tosnap == NULL) { 2158 err = -1; 2159 goto err_out; 2160 } 2161 err = send_prelim_records(tosnap, fromsnap, outfd, 2162 flags->replicate || flags->props || flags->holds, 2163 flags->replicate, flags->verbosity > 0, flags->dryrun, 2164 flags->raw, flags->replicate, flags->backup, flags->holds, 2165 flags->props, flags->doall, &fss, &fsavl); 2166 zfs_close(tosnap); 2167 if (err != 0) 2168 goto err_out; 2169 } 2170 2171 /* dump each stream */ 2172 sdd.fromsnap = fromsnap; 2173 sdd.tosnap = tosnap; 2174 sdd.outfd = outfd; 2175 sdd.replicate = flags->replicate; 2176 sdd.doall = flags->doall; 2177 sdd.fromorigin = flags->fromorigin; 2178 sdd.fss = fss; 2179 sdd.fsavl = fsavl; 2180 sdd.verbosity = flags->verbosity; 2181 sdd.parsable = flags->parsable; 2182 sdd.progress = flags->progress; 2183 sdd.dryrun = flags->dryrun; 2184 sdd.large_block = flags->largeblock; 2185 sdd.embed_data = flags->embed_data; 2186 sdd.compress = flags->compress; 2187 sdd.raw = flags->raw; 2188 sdd.holds = flags->holds; 2189 sdd.filter_cb = filter_func; 2190 sdd.filter_cb_arg = cb_arg; 2191 if (debugnvp) 2192 sdd.debugnv = *debugnvp; 2193 if (sdd.verbosity != 0 && sdd.dryrun) 2194 sdd.std_out = B_TRUE; 2195 fout = sdd.std_out ? stdout : stderr; 2196 2197 /* 2198 * Some flags require that we place user holds on the datasets that are 2199 * being sent so they don't get destroyed during the send. We can skip 2200 * this step if the pool is imported read-only since the datasets cannot 2201 * be destroyed. 2202 */ 2203 if (!flags->dryrun && !zpool_get_prop_int(zfs_get_pool_handle(zhp), 2204 ZPOOL_PROP_READONLY, NULL) && 2205 zfs_spa_version(zhp, &spa_version) == 0 && 2206 spa_version >= SPA_VERSION_USERREFS && 2207 (flags->doall || flags->replicate)) { 2208 ++holdseq; 2209 (void) snprintf(sdd.holdtag, sizeof (sdd.holdtag), 2210 ".send-%d-%llu", getpid(), (u_longlong_t)holdseq); 2211 sdd.cleanup_fd = open(ZFS_DEV, O_RDWR); 2212 if (sdd.cleanup_fd < 0) { 2213 err = errno; 2214 goto stderr_out; 2215 } 2216 sdd.snapholds = fnvlist_alloc(); 2217 } else { 2218 sdd.cleanup_fd = -1; 2219 sdd.snapholds = NULL; 2220 } 2221 2222 if (flags->verbosity != 0 || sdd.snapholds != NULL) { 2223 /* 2224 * Do a verbose no-op dry run to get all the verbose output 2225 * or to gather snapshot hold's before generating any data, 2226 * then do a non-verbose real run to generate the streams. 2227 */ 2228 sdd.dryrun = B_TRUE; 2229 err = dump_filesystems(zhp, &sdd); 2230 2231 if (err != 0) 2232 goto stderr_out; 2233 2234 if (flags->verbosity != 0) { 2235 if (flags->parsable) { 2236 (void) fprintf(fout, "size\t%llu\n", 2237 (longlong_t)sdd.size); 2238 } else { 2239 char buf[16]; 2240 zfs_nicebytes(sdd.size, buf, sizeof (buf)); 2241 (void) fprintf(fout, dgettext(TEXT_DOMAIN, 2242 "total estimated size is %s\n"), buf); 2243 } 2244 } 2245 2246 /* Ensure no snaps found is treated as an error. */ 2247 if (!sdd.seento) { 2248 err = ENOENT; 2249 goto err_out; 2250 } 2251 2252 /* Skip the second run if dryrun was requested. */ 2253 if (flags->dryrun) 2254 goto err_out; 2255 2256 if (sdd.snapholds != NULL) { 2257 err = zfs_hold_nvl(zhp, sdd.cleanup_fd, sdd.snapholds); 2258 if (err != 0) 2259 goto stderr_out; 2260 2261 fnvlist_free(sdd.snapholds); 2262 sdd.snapholds = NULL; 2263 } 2264 2265 sdd.dryrun = B_FALSE; 2266 sdd.verbosity = 0; 2267 } 2268 2269 err = dump_filesystems(zhp, &sdd); 2270 fsavl_destroy(fsavl); 2271 fnvlist_free(fss); 2272 2273 /* Ensure no snaps found is treated as an error. */ 2274 if (err == 0 && !sdd.seento) 2275 err = ENOENT; 2276 2277 if (sdd.cleanup_fd != -1) { 2278 VERIFY(0 == close(sdd.cleanup_fd)); 2279 sdd.cleanup_fd = -1; 2280 } 2281 2282 if (!flags->dryrun && (flags->replicate || flags->doall || 2283 flags->props || flags->backup || flags->holds)) { 2284 /* 2285 * write final end record. NB: want to do this even if 2286 * there was some error, because it might not be totally 2287 * failed. 2288 */ 2289 err = send_conclusion_record(outfd, NULL); 2290 if (err != 0) 2291 return (zfs_standard_error(zhp->zfs_hdl, err, errbuf)); 2292 } 2293 2294 return (err || sdd.err); 2295 2296 stderr_out: 2297 err = zfs_standard_error(zhp->zfs_hdl, err, errbuf); 2298 err_out: 2299 fsavl_destroy(fsavl); 2300 fnvlist_free(fss); 2301 fnvlist_free(sdd.snapholds); 2302 2303 if (sdd.cleanup_fd != -1) 2304 VERIFY(0 == close(sdd.cleanup_fd)); 2305 return (err); 2306 } 2307 2308 static zfs_handle_t * 2309 name_to_dir_handle(libzfs_handle_t *hdl, const char *snapname) 2310 { 2311 char dirname[ZFS_MAX_DATASET_NAME_LEN]; 2312 (void) strlcpy(dirname, snapname, ZFS_MAX_DATASET_NAME_LEN); 2313 char *c = strchr(dirname, '@'); 2314 if (c != NULL) 2315 *c = '\0'; 2316 return (zfs_open(hdl, dirname, ZFS_TYPE_DATASET)); 2317 } 2318 2319 /* 2320 * Returns B_TRUE if earlier is an earlier snapshot in later's timeline; either 2321 * an earlier snapshot in the same filesystem, or a snapshot before later's 2322 * origin, or it's origin's origin, etc. 2323 */ 2324 static boolean_t 2325 snapshot_is_before(zfs_handle_t *earlier, zfs_handle_t *later) 2326 { 2327 boolean_t ret; 2328 uint64_t later_txg = 2329 (later->zfs_type == ZFS_TYPE_FILESYSTEM || 2330 later->zfs_type == ZFS_TYPE_VOLUME ? 2331 UINT64_MAX : zfs_prop_get_int(later, ZFS_PROP_CREATETXG)); 2332 uint64_t earlier_txg = zfs_prop_get_int(earlier, ZFS_PROP_CREATETXG); 2333 2334 if (earlier_txg >= later_txg) 2335 return (B_FALSE); 2336 2337 zfs_handle_t *earlier_dir = name_to_dir_handle(earlier->zfs_hdl, 2338 earlier->zfs_name); 2339 zfs_handle_t *later_dir = name_to_dir_handle(later->zfs_hdl, 2340 later->zfs_name); 2341 2342 if (strcmp(earlier_dir->zfs_name, later_dir->zfs_name) == 0) { 2343 zfs_close(earlier_dir); 2344 zfs_close(later_dir); 2345 return (B_TRUE); 2346 } 2347 2348 char clonename[ZFS_MAX_DATASET_NAME_LEN]; 2349 if (zfs_prop_get(later_dir, ZFS_PROP_ORIGIN, clonename, 2350 ZFS_MAX_DATASET_NAME_LEN, NULL, NULL, 0, B_TRUE) != 0) { 2351 zfs_close(earlier_dir); 2352 zfs_close(later_dir); 2353 return (B_FALSE); 2354 } 2355 2356 zfs_handle_t *origin = zfs_open(earlier->zfs_hdl, clonename, 2357 ZFS_TYPE_DATASET); 2358 uint64_t origin_txg = zfs_prop_get_int(origin, ZFS_PROP_CREATETXG); 2359 2360 /* 2361 * If "earlier" is exactly the origin, then 2362 * snapshot_is_before(earlier, origin) will return false (because 2363 * they're the same). 2364 */ 2365 if (origin_txg == earlier_txg && 2366 strcmp(origin->zfs_name, earlier->zfs_name) == 0) { 2367 zfs_close(earlier_dir); 2368 zfs_close(later_dir); 2369 zfs_close(origin); 2370 return (B_TRUE); 2371 } 2372 zfs_close(earlier_dir); 2373 zfs_close(later_dir); 2374 2375 ret = snapshot_is_before(earlier, origin); 2376 zfs_close(origin); 2377 return (ret); 2378 } 2379 2380 /* 2381 * The "zhp" argument is the handle of the dataset to send (typically a 2382 * snapshot). The "from" argument is the full name of the snapshot or 2383 * bookmark that is the incremental source. 2384 */ 2385 int 2386 zfs_send_one(zfs_handle_t *zhp, const char *from, int fd, sendflags_t *flags, 2387 const char *redactbook) 2388 { 2389 int err; 2390 libzfs_handle_t *hdl = zhp->zfs_hdl; 2391 char *name = zhp->zfs_name; 2392 int orig_fd = fd; 2393 pthread_t ptid; 2394 progress_arg_t pa = { 0 }; 2395 2396 char errbuf[1024]; 2397 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN, 2398 "warning: cannot send '%s'"), name); 2399 2400 if (from != NULL && strchr(from, '@')) { 2401 zfs_handle_t *from_zhp = zfs_open(hdl, from, 2402 ZFS_TYPE_DATASET); 2403 if (from_zhp == NULL) 2404 return (-1); 2405 if (!snapshot_is_before(from_zhp, zhp)) { 2406 zfs_close(from_zhp); 2407 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 2408 "not an earlier snapshot from the same fs")); 2409 return (zfs_error(hdl, EZFS_CROSSTARGET, errbuf)); 2410 } 2411 zfs_close(from_zhp); 2412 } 2413 2414 if (redactbook != NULL) { 2415 char bookname[ZFS_MAX_DATASET_NAME_LEN]; 2416 nvlist_t *redact_snaps; 2417 zfs_handle_t *book_zhp; 2418 char *at, *pound; 2419 int dsnamelen; 2420 2421 pound = strchr(redactbook, '#'); 2422 if (pound != NULL) 2423 redactbook = pound + 1; 2424 at = strchr(name, '@'); 2425 if (at == NULL) { 2426 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 2427 "cannot do a redacted send to a filesystem")); 2428 return (zfs_error(hdl, EZFS_BADTYPE, errbuf)); 2429 } 2430 dsnamelen = at - name; 2431 if (snprintf(bookname, sizeof (bookname), "%.*s#%s", 2432 dsnamelen, name, redactbook) 2433 >= sizeof (bookname)) { 2434 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 2435 "invalid bookmark name")); 2436 return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf)); 2437 } 2438 book_zhp = zfs_open(hdl, bookname, ZFS_TYPE_BOOKMARK); 2439 if (book_zhp == NULL) 2440 return (-1); 2441 if (nvlist_lookup_nvlist(book_zhp->zfs_props, 2442 zfs_prop_to_name(ZFS_PROP_REDACT_SNAPS), 2443 &redact_snaps) != 0 || redact_snaps == NULL) { 2444 zfs_close(book_zhp); 2445 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 2446 "not a redaction bookmark")); 2447 return (zfs_error(hdl, EZFS_BADTYPE, errbuf)); 2448 } 2449 zfs_close(book_zhp); 2450 } 2451 2452 /* 2453 * Send fs properties 2454 */ 2455 if (flags->props || flags->holds || flags->backup) { 2456 /* 2457 * Note: the header generated by send_prelim_records() 2458 * assumes that the incremental source is in the same 2459 * filesystem/volume as the target (which is a requirement 2460 * when doing "zfs send -R"). But that isn't always the 2461 * case here (e.g. send from snap in origin, or send from 2462 * bookmark). We pass from=NULL, which will omit this 2463 * information from the prelim records; it isn't used 2464 * when receiving this type of stream. 2465 */ 2466 err = send_prelim_records(zhp, NULL, fd, B_TRUE, B_FALSE, 2467 flags->verbosity > 0, flags->dryrun, flags->raw, 2468 flags->replicate, flags->backup, flags->holds, 2469 flags->props, flags->doall, NULL, NULL); 2470 if (err != 0) 2471 return (err); 2472 } 2473 2474 /* 2475 * Perform size estimate if verbose was specified. 2476 */ 2477 if (flags->verbosity != 0) { 2478 err = estimate_size(zhp, from, fd, flags, 0, 0, 0, redactbook, 2479 errbuf); 2480 if (err != 0) 2481 return (err); 2482 } 2483 2484 if (flags->dryrun) 2485 return (0); 2486 2487 /* 2488 * If progress reporting is requested, spawn a new thread to poll 2489 * ZFS_IOC_SEND_PROGRESS at a regular interval. 2490 */ 2491 if (flags->progress) { 2492 pa.pa_zhp = zhp; 2493 pa.pa_fd = fd; 2494 pa.pa_parsable = flags->parsable; 2495 pa.pa_estimate = B_FALSE; 2496 pa.pa_verbosity = flags->verbosity; 2497 2498 err = pthread_create(&ptid, NULL, 2499 send_progress_thread, &pa); 2500 if (err != 0) { 2501 zfs_error_aux(zhp->zfs_hdl, strerror(errno)); 2502 return (zfs_error(zhp->zfs_hdl, 2503 EZFS_THREADCREATEFAILED, errbuf)); 2504 } 2505 } 2506 2507 err = lzc_send_redacted(name, from, fd, 2508 lzc_flags_from_sendflags(flags), redactbook); 2509 2510 if (flags->progress) { 2511 void *status = NULL; 2512 if (err != 0) 2513 (void) pthread_cancel(ptid); 2514 (void) pthread_join(ptid, &status); 2515 int error = (int)(uintptr_t)status; 2516 if (error != 0 && status != PTHREAD_CANCELED) { 2517 char errbuf[1024]; 2518 (void) snprintf(errbuf, sizeof (errbuf), 2519 dgettext(TEXT_DOMAIN, "progress thread exited " 2520 "nonzero")); 2521 return (zfs_standard_error(hdl, error, errbuf)); 2522 } 2523 } 2524 2525 if (flags->props || flags->holds || flags->backup) { 2526 /* Write the final end record. */ 2527 err = send_conclusion_record(orig_fd, NULL); 2528 if (err != 0) 2529 return (zfs_standard_error(hdl, err, errbuf)); 2530 } 2531 if (err != 0) { 2532 switch (errno) { 2533 case EXDEV: 2534 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 2535 "not an earlier snapshot from the same fs")); 2536 return (zfs_error(hdl, EZFS_CROSSTARGET, errbuf)); 2537 2538 case ENOENT: 2539 case ESRCH: 2540 if (lzc_exists(name)) { 2541 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 2542 "incremental source (%s) does not exist"), 2543 from); 2544 } 2545 return (zfs_error(hdl, EZFS_NOENT, errbuf)); 2546 2547 case EACCES: 2548 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 2549 "dataset key must be loaded")); 2550 return (zfs_error(hdl, EZFS_CRYPTOFAILED, errbuf)); 2551 2552 case EBUSY: 2553 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 2554 "target is busy; if a filesystem, " 2555 "it must not be mounted")); 2556 return (zfs_error(hdl, EZFS_BUSY, errbuf)); 2557 2558 case EDQUOT: 2559 case EFAULT: 2560 case EFBIG: 2561 case EINVAL: 2562 case EIO: 2563 case ENOLINK: 2564 case ENOSPC: 2565 case ENOSTR: 2566 case ENXIO: 2567 case EPIPE: 2568 case ERANGE: 2569 case EROFS: 2570 zfs_error_aux(hdl, strerror(errno)); 2571 return (zfs_error(hdl, EZFS_BADBACKUP, errbuf)); 2572 2573 default: 2574 return (zfs_standard_error(hdl, errno, errbuf)); 2575 } 2576 } 2577 return (err != 0); 2578 } 2579 2580 /* 2581 * Routines specific to "zfs recv" 2582 */ 2583 2584 static int 2585 recv_read(libzfs_handle_t *hdl, int fd, void *buf, int ilen, 2586 boolean_t byteswap, zio_cksum_t *zc) 2587 { 2588 char *cp = buf; 2589 int rv; 2590 int len = ilen; 2591 2592 do { 2593 rv = read(fd, cp, len); 2594 cp += rv; 2595 len -= rv; 2596 } while (rv > 0); 2597 2598 if (rv < 0 || len != 0) { 2599 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 2600 "failed to read from stream")); 2601 return (zfs_error(hdl, EZFS_BADSTREAM, dgettext(TEXT_DOMAIN, 2602 "cannot receive"))); 2603 } 2604 2605 if (zc) { 2606 if (byteswap) 2607 fletcher_4_incremental_byteswap(buf, ilen, zc); 2608 else 2609 fletcher_4_incremental_native(buf, ilen, zc); 2610 } 2611 return (0); 2612 } 2613 2614 static int 2615 recv_read_nvlist(libzfs_handle_t *hdl, int fd, int len, nvlist_t **nvp, 2616 boolean_t byteswap, zio_cksum_t *zc) 2617 { 2618 char *buf; 2619 int err; 2620 2621 buf = zfs_alloc(hdl, len); 2622 if (buf == NULL) 2623 return (ENOMEM); 2624 2625 if (len > hdl->libzfs_max_nvlist) { 2626 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "nvlist too large")); 2627 free(buf); 2628 return (ENOMEM); 2629 } 2630 2631 err = recv_read(hdl, fd, buf, len, byteswap, zc); 2632 if (err != 0) { 2633 free(buf); 2634 return (err); 2635 } 2636 2637 err = nvlist_unpack(buf, len, nvp, 0); 2638 free(buf); 2639 if (err != 0) { 2640 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "invalid " 2641 "stream (malformed nvlist)")); 2642 return (EINVAL); 2643 } 2644 return (0); 2645 } 2646 2647 /* 2648 * Returns the grand origin (origin of origin of origin...) of a given handle. 2649 * If this dataset is not a clone, it simply returns a copy of the original 2650 * handle. 2651 */ 2652 static zfs_handle_t * 2653 recv_open_grand_origin(zfs_handle_t *zhp) 2654 { 2655 char origin[ZFS_MAX_DATASET_NAME_LEN]; 2656 zprop_source_t src; 2657 zfs_handle_t *ozhp = zfs_handle_dup(zhp); 2658 2659 while (ozhp != NULL) { 2660 if (zfs_prop_get(ozhp, ZFS_PROP_ORIGIN, origin, 2661 sizeof (origin), &src, NULL, 0, B_FALSE) != 0) 2662 break; 2663 2664 (void) zfs_close(ozhp); 2665 ozhp = zfs_open(zhp->zfs_hdl, origin, ZFS_TYPE_FILESYSTEM); 2666 } 2667 2668 return (ozhp); 2669 } 2670 2671 static int 2672 recv_rename_impl(zfs_handle_t *zhp, const char *name, const char *newname) 2673 { 2674 int err; 2675 zfs_handle_t *ozhp = NULL; 2676 2677 /* 2678 * Attempt to rename the dataset. If it fails with EACCES we have 2679 * attempted to rename the dataset outside of its encryption root. 2680 * Force the dataset to become an encryption root and try again. 2681 */ 2682 err = lzc_rename(name, newname); 2683 if (err == EACCES) { 2684 ozhp = recv_open_grand_origin(zhp); 2685 if (ozhp == NULL) { 2686 err = ENOENT; 2687 goto out; 2688 } 2689 2690 err = lzc_change_key(ozhp->zfs_name, DCP_CMD_FORCE_NEW_KEY, 2691 NULL, NULL, 0); 2692 if (err != 0) 2693 goto out; 2694 2695 err = lzc_rename(name, newname); 2696 } 2697 2698 out: 2699 if (ozhp != NULL) 2700 zfs_close(ozhp); 2701 return (err); 2702 } 2703 2704 static int 2705 recv_rename(libzfs_handle_t *hdl, const char *name, const char *tryname, 2706 int baselen, char *newname, recvflags_t *flags) 2707 { 2708 static int seq; 2709 int err; 2710 prop_changelist_t *clp = NULL; 2711 zfs_handle_t *zhp = NULL; 2712 2713 zhp = zfs_open(hdl, name, ZFS_TYPE_DATASET); 2714 if (zhp == NULL) { 2715 err = -1; 2716 goto out; 2717 } 2718 clp = changelist_gather(zhp, ZFS_PROP_NAME, 0, 2719 flags->force ? MS_FORCE : 0); 2720 if (clp == NULL) { 2721 err = -1; 2722 goto out; 2723 } 2724 err = changelist_prefix(clp); 2725 if (err) 2726 goto out; 2727 2728 if (tryname) { 2729 (void) strcpy(newname, tryname); 2730 if (flags->verbose) { 2731 (void) printf("attempting rename %s to %s\n", 2732 name, newname); 2733 } 2734 err = recv_rename_impl(zhp, name, newname); 2735 if (err == 0) 2736 changelist_rename(clp, name, tryname); 2737 } else { 2738 err = ENOENT; 2739 } 2740 2741 if (err != 0 && strncmp(name + baselen, "recv-", 5) != 0) { 2742 seq++; 2743 2744 (void) snprintf(newname, ZFS_MAX_DATASET_NAME_LEN, 2745 "%.*srecv-%u-%u", baselen, name, getpid(), seq); 2746 2747 if (flags->verbose) { 2748 (void) printf("failed - trying rename %s to %s\n", 2749 name, newname); 2750 } 2751 err = recv_rename_impl(zhp, name, newname); 2752 if (err == 0) 2753 changelist_rename(clp, name, newname); 2754 if (err && flags->verbose) { 2755 (void) printf("failed (%u) - " 2756 "will try again on next pass\n", errno); 2757 } 2758 err = EAGAIN; 2759 } else if (flags->verbose) { 2760 if (err == 0) 2761 (void) printf("success\n"); 2762 else 2763 (void) printf("failed (%u)\n", errno); 2764 } 2765 2766 (void) changelist_postfix(clp); 2767 2768 out: 2769 if (clp != NULL) 2770 changelist_free(clp); 2771 if (zhp != NULL) 2772 zfs_close(zhp); 2773 2774 return (err); 2775 } 2776 2777 static int 2778 recv_promote(libzfs_handle_t *hdl, const char *fsname, 2779 const char *origin_fsname, recvflags_t *flags) 2780 { 2781 int err; 2782 zfs_cmd_t zc = {"\0"}; 2783 zfs_handle_t *zhp = NULL, *ozhp = NULL; 2784 2785 if (flags->verbose) 2786 (void) printf("promoting %s\n", fsname); 2787 2788 (void) strlcpy(zc.zc_value, origin_fsname, sizeof (zc.zc_value)); 2789 (void) strlcpy(zc.zc_name, fsname, sizeof (zc.zc_name)); 2790 2791 /* 2792 * Attempt to promote the dataset. If it fails with EACCES the 2793 * promotion would cause this dataset to leave its encryption root. 2794 * Force the origin to become an encryption root and try again. 2795 */ 2796 err = zfs_ioctl(hdl, ZFS_IOC_PROMOTE, &zc); 2797 if (err == EACCES) { 2798 zhp = zfs_open(hdl, fsname, ZFS_TYPE_DATASET); 2799 if (zhp == NULL) { 2800 err = -1; 2801 goto out; 2802 } 2803 2804 ozhp = recv_open_grand_origin(zhp); 2805 if (ozhp == NULL) { 2806 err = -1; 2807 goto out; 2808 } 2809 2810 err = lzc_change_key(ozhp->zfs_name, DCP_CMD_FORCE_NEW_KEY, 2811 NULL, NULL, 0); 2812 if (err != 0) 2813 goto out; 2814 2815 err = zfs_ioctl(hdl, ZFS_IOC_PROMOTE, &zc); 2816 } 2817 2818 out: 2819 if (zhp != NULL) 2820 zfs_close(zhp); 2821 if (ozhp != NULL) 2822 zfs_close(ozhp); 2823 2824 return (err); 2825 } 2826 2827 static int 2828 recv_destroy(libzfs_handle_t *hdl, const char *name, int baselen, 2829 char *newname, recvflags_t *flags) 2830 { 2831 int err = 0; 2832 prop_changelist_t *clp; 2833 zfs_handle_t *zhp; 2834 boolean_t defer = B_FALSE; 2835 int spa_version; 2836 2837 zhp = zfs_open(hdl, name, ZFS_TYPE_DATASET); 2838 if (zhp == NULL) 2839 return (-1); 2840 clp = changelist_gather(zhp, ZFS_PROP_NAME, 0, 2841 flags->force ? MS_FORCE : 0); 2842 if (zfs_get_type(zhp) == ZFS_TYPE_SNAPSHOT && 2843 zfs_spa_version(zhp, &spa_version) == 0 && 2844 spa_version >= SPA_VERSION_USERREFS) 2845 defer = B_TRUE; 2846 zfs_close(zhp); 2847 if (clp == NULL) 2848 return (-1); 2849 err = changelist_prefix(clp); 2850 if (err) 2851 return (err); 2852 2853 if (flags->verbose) 2854 (void) printf("attempting destroy %s\n", name); 2855 if (zhp->zfs_type == ZFS_TYPE_SNAPSHOT) { 2856 nvlist_t *nv = fnvlist_alloc(); 2857 fnvlist_add_boolean(nv, name); 2858 err = lzc_destroy_snaps(nv, defer, NULL); 2859 fnvlist_free(nv); 2860 } else { 2861 err = lzc_destroy(name); 2862 } 2863 if (err == 0) { 2864 if (flags->verbose) 2865 (void) printf("success\n"); 2866 changelist_remove(clp, name); 2867 } 2868 2869 (void) changelist_postfix(clp); 2870 changelist_free(clp); 2871 2872 /* 2873 * Deferred destroy might destroy the snapshot or only mark it to be 2874 * destroyed later, and it returns success in either case. 2875 */ 2876 if (err != 0 || (defer && zfs_dataset_exists(hdl, name, 2877 ZFS_TYPE_SNAPSHOT))) { 2878 err = recv_rename(hdl, name, NULL, baselen, newname, flags); 2879 } 2880 2881 return (err); 2882 } 2883 2884 typedef struct guid_to_name_data { 2885 uint64_t guid; 2886 boolean_t bookmark_ok; 2887 char *name; 2888 char *skip; 2889 uint64_t *redact_snap_guids; 2890 uint64_t num_redact_snaps; 2891 } guid_to_name_data_t; 2892 2893 static boolean_t 2894 redact_snaps_match(zfs_handle_t *zhp, guid_to_name_data_t *gtnd) 2895 { 2896 uint64_t *bmark_snaps; 2897 uint_t bmark_num_snaps; 2898 nvlist_t *nvl; 2899 if (zhp->zfs_type != ZFS_TYPE_BOOKMARK) 2900 return (B_FALSE); 2901 2902 nvl = fnvlist_lookup_nvlist(zhp->zfs_props, 2903 zfs_prop_to_name(ZFS_PROP_REDACT_SNAPS)); 2904 bmark_snaps = fnvlist_lookup_uint64_array(nvl, ZPROP_VALUE, 2905 &bmark_num_snaps); 2906 if (bmark_num_snaps != gtnd->num_redact_snaps) 2907 return (B_FALSE); 2908 int i = 0; 2909 for (; i < bmark_num_snaps; i++) { 2910 int j = 0; 2911 for (; j < bmark_num_snaps; j++) { 2912 if (bmark_snaps[i] == gtnd->redact_snap_guids[j]) 2913 break; 2914 } 2915 if (j == bmark_num_snaps) 2916 break; 2917 } 2918 return (i == bmark_num_snaps); 2919 } 2920 2921 static int 2922 guid_to_name_cb(zfs_handle_t *zhp, void *arg) 2923 { 2924 guid_to_name_data_t *gtnd = arg; 2925 const char *slash; 2926 int err; 2927 2928 if (gtnd->skip != NULL && 2929 (slash = strrchr(zhp->zfs_name, '/')) != NULL && 2930 strcmp(slash + 1, gtnd->skip) == 0) { 2931 zfs_close(zhp); 2932 return (0); 2933 } 2934 2935 if (zfs_prop_get_int(zhp, ZFS_PROP_GUID) == gtnd->guid && 2936 (gtnd->num_redact_snaps == -1 || redact_snaps_match(zhp, gtnd))) { 2937 (void) strcpy(gtnd->name, zhp->zfs_name); 2938 zfs_close(zhp); 2939 return (EEXIST); 2940 } 2941 2942 err = zfs_iter_children(zhp, guid_to_name_cb, gtnd); 2943 if (err != EEXIST && gtnd->bookmark_ok) 2944 err = zfs_iter_bookmarks(zhp, guid_to_name_cb, gtnd); 2945 zfs_close(zhp); 2946 return (err); 2947 } 2948 2949 /* 2950 * Attempt to find the local dataset associated with this guid. In the case of 2951 * multiple matches, we attempt to find the "best" match by searching 2952 * progressively larger portions of the hierarchy. This allows one to send a 2953 * tree of datasets individually and guarantee that we will find the source 2954 * guid within that hierarchy, even if there are multiple matches elsewhere. 2955 * 2956 * If num_redact_snaps is not -1, we attempt to find a redaction bookmark with 2957 * the specified number of redaction snapshots. If num_redact_snaps isn't 0 or 2958 * -1, then redact_snap_guids will be an array of the guids of the snapshots the 2959 * redaction bookmark was created with. If num_redact_snaps is -1, then we will 2960 * attempt to find a snapshot or bookmark (if bookmark_ok is passed) with the 2961 * given guid. Note that a redaction bookmark can be returned if 2962 * num_redact_snaps == -1. 2963 */ 2964 static int 2965 guid_to_name_redact_snaps(libzfs_handle_t *hdl, const char *parent, 2966 uint64_t guid, boolean_t bookmark_ok, uint64_t *redact_snap_guids, 2967 uint64_t num_redact_snaps, char *name) 2968 { 2969 char pname[ZFS_MAX_DATASET_NAME_LEN]; 2970 guid_to_name_data_t gtnd; 2971 2972 gtnd.guid = guid; 2973 gtnd.bookmark_ok = bookmark_ok; 2974 gtnd.name = name; 2975 gtnd.skip = NULL; 2976 gtnd.redact_snap_guids = redact_snap_guids; 2977 gtnd.num_redact_snaps = num_redact_snaps; 2978 2979 /* 2980 * Search progressively larger portions of the hierarchy, starting 2981 * with the filesystem specified by 'parent'. This will 2982 * select the "most local" version of the origin snapshot in the case 2983 * that there are multiple matching snapshots in the system. 2984 */ 2985 (void) strlcpy(pname, parent, sizeof (pname)); 2986 char *cp = strrchr(pname, '@'); 2987 if (cp == NULL) 2988 cp = strchr(pname, '\0'); 2989 for (; cp != NULL; cp = strrchr(pname, '/')) { 2990 /* Chop off the last component and open the parent */ 2991 *cp = '\0'; 2992 zfs_handle_t *zhp = make_dataset_handle(hdl, pname); 2993 2994 if (zhp == NULL) 2995 continue; 2996 int err = guid_to_name_cb(zfs_handle_dup(zhp), >nd); 2997 if (err != EEXIST) 2998 err = zfs_iter_children(zhp, guid_to_name_cb, >nd); 2999 if (err != EEXIST && bookmark_ok) 3000 err = zfs_iter_bookmarks(zhp, guid_to_name_cb, >nd); 3001 zfs_close(zhp); 3002 if (err == EEXIST) 3003 return (0); 3004 3005 /* 3006 * Remember the last portion of the dataset so we skip it next 3007 * time through (as we've already searched that portion of the 3008 * hierarchy). 3009 */ 3010 gtnd.skip = strrchr(pname, '/') + 1; 3011 } 3012 3013 return (ENOENT); 3014 } 3015 3016 static int 3017 guid_to_name(libzfs_handle_t *hdl, const char *parent, uint64_t guid, 3018 boolean_t bookmark_ok, char *name) 3019 { 3020 return (guid_to_name_redact_snaps(hdl, parent, guid, bookmark_ok, NULL, 3021 -1, name)); 3022 } 3023 3024 /* 3025 * Return +1 if guid1 is before guid2, 0 if they are the same, and -1 if 3026 * guid1 is after guid2. 3027 */ 3028 static int 3029 created_before(libzfs_handle_t *hdl, avl_tree_t *avl, 3030 uint64_t guid1, uint64_t guid2) 3031 { 3032 nvlist_t *nvfs; 3033 char *fsname = NULL, *snapname = NULL; 3034 char buf[ZFS_MAX_DATASET_NAME_LEN]; 3035 int rv; 3036 zfs_handle_t *guid1hdl, *guid2hdl; 3037 uint64_t create1, create2; 3038 3039 if (guid2 == 0) 3040 return (0); 3041 if (guid1 == 0) 3042 return (1); 3043 3044 nvfs = fsavl_find(avl, guid1, &snapname); 3045 fsname = fnvlist_lookup_string(nvfs, "name"); 3046 (void) snprintf(buf, sizeof (buf), "%s@%s", fsname, snapname); 3047 guid1hdl = zfs_open(hdl, buf, ZFS_TYPE_SNAPSHOT); 3048 if (guid1hdl == NULL) 3049 return (-1); 3050 3051 nvfs = fsavl_find(avl, guid2, &snapname); 3052 fsname = fnvlist_lookup_string(nvfs, "name"); 3053 (void) snprintf(buf, sizeof (buf), "%s@%s", fsname, snapname); 3054 guid2hdl = zfs_open(hdl, buf, ZFS_TYPE_SNAPSHOT); 3055 if (guid2hdl == NULL) { 3056 zfs_close(guid1hdl); 3057 return (-1); 3058 } 3059 3060 create1 = zfs_prop_get_int(guid1hdl, ZFS_PROP_CREATETXG); 3061 create2 = zfs_prop_get_int(guid2hdl, ZFS_PROP_CREATETXG); 3062 3063 if (create1 < create2) 3064 rv = -1; 3065 else if (create1 > create2) 3066 rv = +1; 3067 else 3068 rv = 0; 3069 3070 zfs_close(guid1hdl); 3071 zfs_close(guid2hdl); 3072 3073 return (rv); 3074 } 3075 3076 /* 3077 * This function reestablishes the hierarchy of encryption roots after a 3078 * recursive incremental receive has completed. This must be done after the 3079 * second call to recv_incremental_replication() has renamed and promoted all 3080 * sent datasets to their final locations in the dataset hierarchy. 3081 */ 3082 static int 3083 recv_fix_encryption_hierarchy(libzfs_handle_t *hdl, const char *top_zfs, 3084 nvlist_t *stream_nv, avl_tree_t *stream_avl) 3085 { 3086 int err; 3087 nvpair_t *fselem = NULL; 3088 nvlist_t *stream_fss; 3089 3090 stream_fss = fnvlist_lookup_nvlist(stream_nv, "fss"); 3091 3092 while ((fselem = nvlist_next_nvpair(stream_fss, fselem)) != NULL) { 3093 zfs_handle_t *zhp = NULL; 3094 uint64_t crypt; 3095 nvlist_t *snaps, *props, *stream_nvfs = NULL; 3096 nvpair_t *snapel = NULL; 3097 boolean_t is_encroot, is_clone, stream_encroot; 3098 char *cp; 3099 char *stream_keylocation = NULL; 3100 char keylocation[MAXNAMELEN]; 3101 char fsname[ZFS_MAX_DATASET_NAME_LEN]; 3102 3103 keylocation[0] = '\0'; 3104 stream_nvfs = fnvpair_value_nvlist(fselem); 3105 snaps = fnvlist_lookup_nvlist(stream_nvfs, "snaps"); 3106 props = fnvlist_lookup_nvlist(stream_nvfs, "props"); 3107 stream_encroot = nvlist_exists(stream_nvfs, "is_encroot"); 3108 3109 /* find a snapshot from the stream that exists locally */ 3110 err = ENOENT; 3111 while ((snapel = nvlist_next_nvpair(snaps, snapel)) != NULL) { 3112 uint64_t guid; 3113 3114 guid = fnvpair_value_uint64(snapel); 3115 err = guid_to_name(hdl, top_zfs, guid, B_FALSE, 3116 fsname); 3117 if (err == 0) 3118 break; 3119 } 3120 3121 if (err != 0) 3122 continue; 3123 3124 cp = strchr(fsname, '@'); 3125 if (cp != NULL) 3126 *cp = '\0'; 3127 3128 zhp = zfs_open(hdl, fsname, ZFS_TYPE_DATASET); 3129 if (zhp == NULL) { 3130 err = ENOENT; 3131 goto error; 3132 } 3133 3134 crypt = zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION); 3135 is_clone = zhp->zfs_dmustats.dds_origin[0] != '\0'; 3136 (void) zfs_crypto_get_encryption_root(zhp, &is_encroot, NULL); 3137 3138 /* we don't need to do anything for unencrypted datasets */ 3139 if (crypt == ZIO_CRYPT_OFF) { 3140 zfs_close(zhp); 3141 continue; 3142 } 3143 3144 /* 3145 * If the dataset is flagged as an encryption root, was not 3146 * received as a clone and is not currently an encryption root, 3147 * force it to become one. Fixup the keylocation if necessary. 3148 */ 3149 if (stream_encroot) { 3150 if (!is_clone && !is_encroot) { 3151 err = lzc_change_key(fsname, 3152 DCP_CMD_FORCE_NEW_KEY, NULL, NULL, 0); 3153 if (err != 0) { 3154 zfs_close(zhp); 3155 goto error; 3156 } 3157 } 3158 3159 stream_keylocation = fnvlist_lookup_string(props, 3160 zfs_prop_to_name(ZFS_PROP_KEYLOCATION)); 3161 3162 /* 3163 * Refresh the properties in case the call to 3164 * lzc_change_key() changed the value. 3165 */ 3166 zfs_refresh_properties(zhp); 3167 err = zfs_prop_get(zhp, ZFS_PROP_KEYLOCATION, 3168 keylocation, sizeof (keylocation), NULL, NULL, 3169 0, B_TRUE); 3170 if (err != 0) { 3171 zfs_close(zhp); 3172 goto error; 3173 } 3174 3175 if (strcmp(keylocation, stream_keylocation) != 0) { 3176 err = zfs_prop_set(zhp, 3177 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), 3178 stream_keylocation); 3179 if (err != 0) { 3180 zfs_close(zhp); 3181 goto error; 3182 } 3183 } 3184 } 3185 3186 /* 3187 * If the dataset is not flagged as an encryption root and is 3188 * currently an encryption root, force it to inherit from its 3189 * parent. The root of a raw send should never be 3190 * force-inherited. 3191 */ 3192 if (!stream_encroot && is_encroot && 3193 strcmp(top_zfs, fsname) != 0) { 3194 err = lzc_change_key(fsname, DCP_CMD_FORCE_INHERIT, 3195 NULL, NULL, 0); 3196 if (err != 0) { 3197 zfs_close(zhp); 3198 goto error; 3199 } 3200 } 3201 3202 zfs_close(zhp); 3203 } 3204 3205 return (0); 3206 3207 error: 3208 return (err); 3209 } 3210 3211 static int 3212 recv_incremental_replication(libzfs_handle_t *hdl, const char *tofs, 3213 recvflags_t *flags, nvlist_t *stream_nv, avl_tree_t *stream_avl, 3214 nvlist_t *renamed) 3215 { 3216 nvlist_t *local_nv, *deleted = NULL; 3217 avl_tree_t *local_avl; 3218 nvpair_t *fselem, *nextfselem; 3219 char *fromsnap; 3220 char newname[ZFS_MAX_DATASET_NAME_LEN]; 3221 char guidname[32]; 3222 int error; 3223 boolean_t needagain, progress, recursive; 3224 char *s1, *s2; 3225 3226 fromsnap = fnvlist_lookup_string(stream_nv, "fromsnap"); 3227 3228 recursive = (nvlist_lookup_boolean(stream_nv, "not_recursive") == 3229 ENOENT); 3230 3231 if (flags->dryrun) 3232 return (0); 3233 3234 again: 3235 needagain = progress = B_FALSE; 3236 3237 deleted = fnvlist_alloc(); 3238 3239 if ((error = gather_nvlist(hdl, tofs, fromsnap, NULL, 3240 recursive, B_TRUE, B_FALSE, recursive, B_FALSE, B_FALSE, 3241 B_FALSE, B_TRUE, &local_nv, &local_avl)) != 0) 3242 return (error); 3243 3244 /* 3245 * Process deletes and renames 3246 */ 3247 for (fselem = nvlist_next_nvpair(local_nv, NULL); 3248 fselem; fselem = nextfselem) { 3249 nvlist_t *nvfs, *snaps; 3250 nvlist_t *stream_nvfs = NULL; 3251 nvpair_t *snapelem, *nextsnapelem; 3252 uint64_t fromguid = 0; 3253 uint64_t originguid = 0; 3254 uint64_t stream_originguid = 0; 3255 uint64_t parent_fromsnap_guid, stream_parent_fromsnap_guid; 3256 char *fsname, *stream_fsname; 3257 3258 nextfselem = nvlist_next_nvpair(local_nv, fselem); 3259 3260 nvfs = fnvpair_value_nvlist(fselem); 3261 snaps = fnvlist_lookup_nvlist(nvfs, "snaps"); 3262 fsname = fnvlist_lookup_string(nvfs, "name"); 3263 parent_fromsnap_guid = fnvlist_lookup_uint64(nvfs, 3264 "parentfromsnap"); 3265 (void) nvlist_lookup_uint64(nvfs, "origin", &originguid); 3266 3267 /* 3268 * First find the stream's fs, so we can check for 3269 * a different origin (due to "zfs promote") 3270 */ 3271 for (snapelem = nvlist_next_nvpair(snaps, NULL); 3272 snapelem; snapelem = nvlist_next_nvpair(snaps, snapelem)) { 3273 uint64_t thisguid; 3274 3275 thisguid = fnvpair_value_uint64(snapelem); 3276 stream_nvfs = fsavl_find(stream_avl, thisguid, NULL); 3277 3278 if (stream_nvfs != NULL) 3279 break; 3280 } 3281 3282 /* check for promote */ 3283 (void) nvlist_lookup_uint64(stream_nvfs, "origin", 3284 &stream_originguid); 3285 if (stream_nvfs && originguid != stream_originguid) { 3286 switch (created_before(hdl, local_avl, 3287 stream_originguid, originguid)) { 3288 case 1: { 3289 /* promote it! */ 3290 nvlist_t *origin_nvfs; 3291 char *origin_fsname; 3292 3293 origin_nvfs = fsavl_find(local_avl, originguid, 3294 NULL); 3295 origin_fsname = fnvlist_lookup_string( 3296 origin_nvfs, "name"); 3297 error = recv_promote(hdl, fsname, origin_fsname, 3298 flags); 3299 if (error == 0) 3300 progress = B_TRUE; 3301 break; 3302 } 3303 default: 3304 break; 3305 case -1: 3306 fsavl_destroy(local_avl); 3307 fnvlist_free(local_nv); 3308 return (-1); 3309 } 3310 /* 3311 * We had/have the wrong origin, therefore our 3312 * list of snapshots is wrong. Need to handle 3313 * them on the next pass. 3314 */ 3315 needagain = B_TRUE; 3316 continue; 3317 } 3318 3319 for (snapelem = nvlist_next_nvpair(snaps, NULL); 3320 snapelem; snapelem = nextsnapelem) { 3321 uint64_t thisguid; 3322 char *stream_snapname; 3323 nvlist_t *found, *props; 3324 3325 nextsnapelem = nvlist_next_nvpair(snaps, snapelem); 3326 3327 thisguid = fnvpair_value_uint64(snapelem); 3328 found = fsavl_find(stream_avl, thisguid, 3329 &stream_snapname); 3330 3331 /* check for delete */ 3332 if (found == NULL) { 3333 char name[ZFS_MAX_DATASET_NAME_LEN]; 3334 3335 if (!flags->force) 3336 continue; 3337 3338 (void) snprintf(name, sizeof (name), "%s@%s", 3339 fsname, nvpair_name(snapelem)); 3340 3341 error = recv_destroy(hdl, name, 3342 strlen(fsname)+1, newname, flags); 3343 if (error) 3344 needagain = B_TRUE; 3345 else 3346 progress = B_TRUE; 3347 sprintf(guidname, "%llu", 3348 (u_longlong_t)thisguid); 3349 nvlist_add_boolean(deleted, guidname); 3350 continue; 3351 } 3352 3353 stream_nvfs = found; 3354 3355 if (0 == nvlist_lookup_nvlist(stream_nvfs, "snapprops", 3356 &props) && 0 == nvlist_lookup_nvlist(props, 3357 stream_snapname, &props)) { 3358 zfs_cmd_t zc = {"\0"}; 3359 3360 zc.zc_cookie = B_TRUE; /* received */ 3361 (void) snprintf(zc.zc_name, sizeof (zc.zc_name), 3362 "%s@%s", fsname, nvpair_name(snapelem)); 3363 if (zcmd_write_src_nvlist(hdl, &zc, 3364 props) == 0) { 3365 (void) zfs_ioctl(hdl, 3366 ZFS_IOC_SET_PROP, &zc); 3367 zcmd_free_nvlists(&zc); 3368 } 3369 } 3370 3371 /* check for different snapname */ 3372 if (strcmp(nvpair_name(snapelem), 3373 stream_snapname) != 0) { 3374 char name[ZFS_MAX_DATASET_NAME_LEN]; 3375 char tryname[ZFS_MAX_DATASET_NAME_LEN]; 3376 3377 (void) snprintf(name, sizeof (name), "%s@%s", 3378 fsname, nvpair_name(snapelem)); 3379 (void) snprintf(tryname, sizeof (name), "%s@%s", 3380 fsname, stream_snapname); 3381 3382 error = recv_rename(hdl, name, tryname, 3383 strlen(fsname)+1, newname, flags); 3384 if (error) 3385 needagain = B_TRUE; 3386 else 3387 progress = B_TRUE; 3388 } 3389 3390 if (strcmp(stream_snapname, fromsnap) == 0) 3391 fromguid = thisguid; 3392 } 3393 3394 /* check for delete */ 3395 if (stream_nvfs == NULL) { 3396 if (!flags->force) 3397 continue; 3398 3399 error = recv_destroy(hdl, fsname, strlen(tofs)+1, 3400 newname, flags); 3401 if (error) 3402 needagain = B_TRUE; 3403 else 3404 progress = B_TRUE; 3405 sprintf(guidname, "%llu", 3406 (u_longlong_t)parent_fromsnap_guid); 3407 nvlist_add_boolean(deleted, guidname); 3408 continue; 3409 } 3410 3411 if (fromguid == 0) { 3412 if (flags->verbose) { 3413 (void) printf("local fs %s does not have " 3414 "fromsnap (%s in stream); must have " 3415 "been deleted locally; ignoring\n", 3416 fsname, fromsnap); 3417 } 3418 continue; 3419 } 3420 3421 stream_fsname = fnvlist_lookup_string(stream_nvfs, "name"); 3422 stream_parent_fromsnap_guid = fnvlist_lookup_uint64( 3423 stream_nvfs, "parentfromsnap"); 3424 3425 s1 = strrchr(fsname, '/'); 3426 s2 = strrchr(stream_fsname, '/'); 3427 3428 /* 3429 * Check if we're going to rename based on parent guid change 3430 * and the current parent guid was also deleted. If it was then 3431 * rename will fail and is likely unneeded, so avoid this and 3432 * force an early retry to determine the new 3433 * parent_fromsnap_guid. 3434 */ 3435 if (stream_parent_fromsnap_guid != 0 && 3436 parent_fromsnap_guid != 0 && 3437 stream_parent_fromsnap_guid != parent_fromsnap_guid) { 3438 sprintf(guidname, "%llu", 3439 (u_longlong_t)parent_fromsnap_guid); 3440 if (nvlist_exists(deleted, guidname)) { 3441 progress = B_TRUE; 3442 needagain = B_TRUE; 3443 goto doagain; 3444 } 3445 } 3446 3447 /* 3448 * Check for rename. If the exact receive path is specified, it 3449 * does not count as a rename, but we still need to check the 3450 * datasets beneath it. 3451 */ 3452 if ((stream_parent_fromsnap_guid != 0 && 3453 parent_fromsnap_guid != 0 && 3454 stream_parent_fromsnap_guid != parent_fromsnap_guid) || 3455 ((flags->isprefix || strcmp(tofs, fsname) != 0) && 3456 (s1 != NULL) && (s2 != NULL) && strcmp(s1, s2) != 0)) { 3457 nvlist_t *parent; 3458 char tryname[ZFS_MAX_DATASET_NAME_LEN]; 3459 3460 parent = fsavl_find(local_avl, 3461 stream_parent_fromsnap_guid, NULL); 3462 /* 3463 * NB: parent might not be found if we used the 3464 * tosnap for stream_parent_fromsnap_guid, 3465 * because the parent is a newly-created fs; 3466 * we'll be able to rename it after we recv the 3467 * new fs. 3468 */ 3469 if (parent != NULL) { 3470 char *pname; 3471 3472 pname = fnvlist_lookup_string(parent, "name"); 3473 (void) snprintf(tryname, sizeof (tryname), 3474 "%s%s", pname, strrchr(stream_fsname, '/')); 3475 } else { 3476 tryname[0] = '\0'; 3477 if (flags->verbose) { 3478 (void) printf("local fs %s new parent " 3479 "not found\n", fsname); 3480 } 3481 } 3482 3483 newname[0] = '\0'; 3484 3485 error = recv_rename(hdl, fsname, tryname, 3486 strlen(tofs)+1, newname, flags); 3487 3488 if (renamed != NULL && newname[0] != '\0') { 3489 fnvlist_add_boolean(renamed, newname); 3490 } 3491 3492 if (error) 3493 needagain = B_TRUE; 3494 else 3495 progress = B_TRUE; 3496 } 3497 } 3498 3499 doagain: 3500 fsavl_destroy(local_avl); 3501 fnvlist_free(local_nv); 3502 fnvlist_free(deleted); 3503 3504 if (needagain && progress) { 3505 /* do another pass to fix up temporary names */ 3506 if (flags->verbose) 3507 (void) printf("another pass:\n"); 3508 goto again; 3509 } 3510 3511 return (needagain || error != 0); 3512 } 3513 3514 static int 3515 zfs_receive_package(libzfs_handle_t *hdl, int fd, const char *destname, 3516 recvflags_t *flags, dmu_replay_record_t *drr, zio_cksum_t *zc, 3517 char **top_zfs, nvlist_t *cmdprops) 3518 { 3519 nvlist_t *stream_nv = NULL; 3520 avl_tree_t *stream_avl = NULL; 3521 char *fromsnap = NULL; 3522 char *sendsnap = NULL; 3523 char *cp; 3524 char tofs[ZFS_MAX_DATASET_NAME_LEN]; 3525 char sendfs[ZFS_MAX_DATASET_NAME_LEN]; 3526 char errbuf[1024]; 3527 dmu_replay_record_t drre; 3528 int error; 3529 boolean_t anyerr = B_FALSE; 3530 boolean_t softerr = B_FALSE; 3531 boolean_t recursive, raw; 3532 3533 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN, 3534 "cannot receive")); 3535 3536 assert(drr->drr_type == DRR_BEGIN); 3537 assert(drr->drr_u.drr_begin.drr_magic == DMU_BACKUP_MAGIC); 3538 assert(DMU_GET_STREAM_HDRTYPE(drr->drr_u.drr_begin.drr_versioninfo) == 3539 DMU_COMPOUNDSTREAM); 3540 3541 /* 3542 * Read in the nvlist from the stream. 3543 */ 3544 if (drr->drr_payloadlen != 0) { 3545 error = recv_read_nvlist(hdl, fd, drr->drr_payloadlen, 3546 &stream_nv, flags->byteswap, zc); 3547 if (error) { 3548 error = zfs_error(hdl, EZFS_BADSTREAM, errbuf); 3549 goto out; 3550 } 3551 } 3552 3553 recursive = (nvlist_lookup_boolean(stream_nv, "not_recursive") == 3554 ENOENT); 3555 raw = (nvlist_lookup_boolean(stream_nv, "raw") == 0); 3556 3557 if (recursive && strchr(destname, '@')) { 3558 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 3559 "cannot specify snapshot name for multi-snapshot stream")); 3560 error = zfs_error(hdl, EZFS_BADSTREAM, errbuf); 3561 goto out; 3562 } 3563 3564 /* 3565 * Read in the end record and verify checksum. 3566 */ 3567 if (0 != (error = recv_read(hdl, fd, &drre, sizeof (drre), 3568 flags->byteswap, NULL))) 3569 goto out; 3570 if (flags->byteswap) { 3571 drre.drr_type = BSWAP_32(drre.drr_type); 3572 drre.drr_u.drr_end.drr_checksum.zc_word[0] = 3573 BSWAP_64(drre.drr_u.drr_end.drr_checksum.zc_word[0]); 3574 drre.drr_u.drr_end.drr_checksum.zc_word[1] = 3575 BSWAP_64(drre.drr_u.drr_end.drr_checksum.zc_word[1]); 3576 drre.drr_u.drr_end.drr_checksum.zc_word[2] = 3577 BSWAP_64(drre.drr_u.drr_end.drr_checksum.zc_word[2]); 3578 drre.drr_u.drr_end.drr_checksum.zc_word[3] = 3579 BSWAP_64(drre.drr_u.drr_end.drr_checksum.zc_word[3]); 3580 } 3581 if (drre.drr_type != DRR_END) { 3582 error = zfs_error(hdl, EZFS_BADSTREAM, errbuf); 3583 goto out; 3584 } 3585 if (!ZIO_CHECKSUM_EQUAL(drre.drr_u.drr_end.drr_checksum, *zc)) { 3586 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 3587 "incorrect header checksum")); 3588 error = zfs_error(hdl, EZFS_BADSTREAM, errbuf); 3589 goto out; 3590 } 3591 3592 (void) nvlist_lookup_string(stream_nv, "fromsnap", &fromsnap); 3593 3594 if (drr->drr_payloadlen != 0) { 3595 nvlist_t *stream_fss; 3596 3597 stream_fss = fnvlist_lookup_nvlist(stream_nv, "fss"); 3598 if ((stream_avl = fsavl_create(stream_fss)) == NULL) { 3599 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 3600 "couldn't allocate avl tree")); 3601 error = zfs_error(hdl, EZFS_NOMEM, errbuf); 3602 goto out; 3603 } 3604 3605 if (fromsnap != NULL && recursive) { 3606 nvlist_t *renamed = NULL; 3607 nvpair_t *pair = NULL; 3608 3609 (void) strlcpy(tofs, destname, sizeof (tofs)); 3610 if (flags->isprefix) { 3611 struct drr_begin *drrb = &drr->drr_u.drr_begin; 3612 int i; 3613 3614 if (flags->istail) { 3615 cp = strrchr(drrb->drr_toname, '/'); 3616 if (cp == NULL) { 3617 (void) strlcat(tofs, "/", 3618 sizeof (tofs)); 3619 i = 0; 3620 } else { 3621 i = (cp - drrb->drr_toname); 3622 } 3623 } else { 3624 i = strcspn(drrb->drr_toname, "/@"); 3625 } 3626 /* zfs_receive_one() will create_parents() */ 3627 (void) strlcat(tofs, &drrb->drr_toname[i], 3628 sizeof (tofs)); 3629 *strchr(tofs, '@') = '\0'; 3630 } 3631 3632 if (!flags->dryrun && !flags->nomount) { 3633 renamed = fnvlist_alloc(); 3634 } 3635 3636 softerr = recv_incremental_replication(hdl, tofs, flags, 3637 stream_nv, stream_avl, renamed); 3638 3639 /* Unmount renamed filesystems before receiving. */ 3640 while ((pair = nvlist_next_nvpair(renamed, 3641 pair)) != NULL) { 3642 zfs_handle_t *zhp; 3643 prop_changelist_t *clp = NULL; 3644 3645 zhp = zfs_open(hdl, nvpair_name(pair), 3646 ZFS_TYPE_FILESYSTEM); 3647 if (zhp != NULL) { 3648 clp = changelist_gather(zhp, 3649 ZFS_PROP_MOUNTPOINT, 0, 3650 flags->forceunmount ? MS_FORCE : 0); 3651 zfs_close(zhp); 3652 if (clp != NULL) { 3653 softerr |= 3654 changelist_prefix(clp); 3655 changelist_free(clp); 3656 } 3657 } 3658 } 3659 3660 fnvlist_free(renamed); 3661 } 3662 } 3663 3664 /* 3665 * Get the fs specified by the first path in the stream (the top level 3666 * specified by 'zfs send') and pass it to each invocation of 3667 * zfs_receive_one(). 3668 */ 3669 (void) strlcpy(sendfs, drr->drr_u.drr_begin.drr_toname, 3670 sizeof (sendfs)); 3671 if ((cp = strchr(sendfs, '@')) != NULL) { 3672 *cp = '\0'; 3673 /* 3674 * Find the "sendsnap", the final snapshot in a replication 3675 * stream. zfs_receive_one() handles certain errors 3676 * differently, depending on if the contained stream is the 3677 * last one or not. 3678 */ 3679 sendsnap = (cp + 1); 3680 } 3681 3682 /* Finally, receive each contained stream */ 3683 do { 3684 /* 3685 * we should figure out if it has a recoverable 3686 * error, in which case do a recv_skip() and drive on. 3687 * Note, if we fail due to already having this guid, 3688 * zfs_receive_one() will take care of it (ie, 3689 * recv_skip() and return 0). 3690 */ 3691 error = zfs_receive_impl(hdl, destname, NULL, flags, fd, 3692 sendfs, stream_nv, stream_avl, top_zfs, sendsnap, cmdprops); 3693 if (error == ENODATA) { 3694 error = 0; 3695 break; 3696 } 3697 anyerr |= error; 3698 } while (error == 0); 3699 3700 if (drr->drr_payloadlen != 0 && recursive && fromsnap != NULL) { 3701 /* 3702 * Now that we have the fs's they sent us, try the 3703 * renames again. 3704 */ 3705 softerr = recv_incremental_replication(hdl, tofs, flags, 3706 stream_nv, stream_avl, NULL); 3707 } 3708 3709 if (raw && softerr == 0 && *top_zfs != NULL) { 3710 softerr = recv_fix_encryption_hierarchy(hdl, *top_zfs, 3711 stream_nv, stream_avl); 3712 } 3713 3714 out: 3715 fsavl_destroy(stream_avl); 3716 fnvlist_free(stream_nv); 3717 if (softerr) 3718 error = -2; 3719 if (anyerr) 3720 error = -1; 3721 return (error); 3722 } 3723 3724 static void 3725 trunc_prop_errs(int truncated) 3726 { 3727 ASSERT(truncated != 0); 3728 3729 if (truncated == 1) 3730 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 3731 "1 more property could not be set\n")); 3732 else 3733 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 3734 "%d more properties could not be set\n"), truncated); 3735 } 3736 3737 static int 3738 recv_skip(libzfs_handle_t *hdl, int fd, boolean_t byteswap) 3739 { 3740 dmu_replay_record_t *drr; 3741 void *buf = zfs_alloc(hdl, SPA_MAXBLOCKSIZE); 3742 uint64_t payload_size; 3743 char errbuf[1024]; 3744 3745 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN, 3746 "cannot receive")); 3747 3748 /* XXX would be great to use lseek if possible... */ 3749 drr = buf; 3750 3751 while (recv_read(hdl, fd, drr, sizeof (dmu_replay_record_t), 3752 byteswap, NULL) == 0) { 3753 if (byteswap) 3754 drr->drr_type = BSWAP_32(drr->drr_type); 3755 3756 switch (drr->drr_type) { 3757 case DRR_BEGIN: 3758 if (drr->drr_payloadlen != 0) { 3759 (void) recv_read(hdl, fd, buf, 3760 drr->drr_payloadlen, B_FALSE, NULL); 3761 } 3762 break; 3763 3764 case DRR_END: 3765 free(buf); 3766 return (0); 3767 3768 case DRR_OBJECT: 3769 if (byteswap) { 3770 drr->drr_u.drr_object.drr_bonuslen = 3771 BSWAP_32(drr->drr_u.drr_object. 3772 drr_bonuslen); 3773 drr->drr_u.drr_object.drr_raw_bonuslen = 3774 BSWAP_32(drr->drr_u.drr_object. 3775 drr_raw_bonuslen); 3776 } 3777 3778 payload_size = 3779 DRR_OBJECT_PAYLOAD_SIZE(&drr->drr_u.drr_object); 3780 (void) recv_read(hdl, fd, buf, payload_size, 3781 B_FALSE, NULL); 3782 break; 3783 3784 case DRR_WRITE: 3785 if (byteswap) { 3786 drr->drr_u.drr_write.drr_logical_size = 3787 BSWAP_64( 3788 drr->drr_u.drr_write.drr_logical_size); 3789 drr->drr_u.drr_write.drr_compressed_size = 3790 BSWAP_64( 3791 drr->drr_u.drr_write.drr_compressed_size); 3792 } 3793 payload_size = 3794 DRR_WRITE_PAYLOAD_SIZE(&drr->drr_u.drr_write); 3795 assert(payload_size <= SPA_MAXBLOCKSIZE); 3796 (void) recv_read(hdl, fd, buf, 3797 payload_size, B_FALSE, NULL); 3798 break; 3799 case DRR_SPILL: 3800 if (byteswap) { 3801 drr->drr_u.drr_spill.drr_length = 3802 BSWAP_64(drr->drr_u.drr_spill.drr_length); 3803 drr->drr_u.drr_spill.drr_compressed_size = 3804 BSWAP_64(drr->drr_u.drr_spill. 3805 drr_compressed_size); 3806 } 3807 3808 payload_size = 3809 DRR_SPILL_PAYLOAD_SIZE(&drr->drr_u.drr_spill); 3810 (void) recv_read(hdl, fd, buf, payload_size, 3811 B_FALSE, NULL); 3812 break; 3813 case DRR_WRITE_EMBEDDED: 3814 if (byteswap) { 3815 drr->drr_u.drr_write_embedded.drr_psize = 3816 BSWAP_32(drr->drr_u.drr_write_embedded. 3817 drr_psize); 3818 } 3819 (void) recv_read(hdl, fd, buf, 3820 P2ROUNDUP(drr->drr_u.drr_write_embedded.drr_psize, 3821 8), B_FALSE, NULL); 3822 break; 3823 case DRR_OBJECT_RANGE: 3824 case DRR_WRITE_BYREF: 3825 case DRR_FREEOBJECTS: 3826 case DRR_FREE: 3827 break; 3828 3829 default: 3830 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 3831 "invalid record type")); 3832 free(buf); 3833 return (zfs_error(hdl, EZFS_BADSTREAM, errbuf)); 3834 } 3835 } 3836 3837 free(buf); 3838 return (-1); 3839 } 3840 3841 static void 3842 recv_ecksum_set_aux(libzfs_handle_t *hdl, const char *target_snap, 3843 boolean_t resumable, boolean_t checksum) 3844 { 3845 char target_fs[ZFS_MAX_DATASET_NAME_LEN]; 3846 3847 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, (checksum ? 3848 "checksum mismatch" : "incomplete stream"))); 3849 3850 if (!resumable) 3851 return; 3852 (void) strlcpy(target_fs, target_snap, sizeof (target_fs)); 3853 *strchr(target_fs, '@') = '\0'; 3854 zfs_handle_t *zhp = zfs_open(hdl, target_fs, 3855 ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME); 3856 if (zhp == NULL) 3857 return; 3858 3859 char token_buf[ZFS_MAXPROPLEN]; 3860 int error = zfs_prop_get(zhp, ZFS_PROP_RECEIVE_RESUME_TOKEN, 3861 token_buf, sizeof (token_buf), 3862 NULL, NULL, 0, B_TRUE); 3863 if (error == 0) { 3864 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 3865 "checksum mismatch or incomplete stream.\n" 3866 "Partially received snapshot is saved.\n" 3867 "A resuming stream can be generated on the sending " 3868 "system by running:\n" 3869 " zfs send -t %s"), 3870 token_buf); 3871 } 3872 zfs_close(zhp); 3873 } 3874 3875 /* 3876 * Prepare a new nvlist of properties that are to override (-o) or be excluded 3877 * (-x) from the received dataset 3878 * recvprops: received properties from the send stream 3879 * cmdprops: raw input properties from command line 3880 * origprops: properties, both locally-set and received, currently set on the 3881 * target dataset if it exists, NULL otherwise. 3882 * oxprops: valid output override (-o) and excluded (-x) properties 3883 */ 3884 static int 3885 zfs_setup_cmdline_props(libzfs_handle_t *hdl, zfs_type_t type, 3886 char *fsname, boolean_t zoned, boolean_t recursive, boolean_t newfs, 3887 boolean_t raw, boolean_t toplevel, nvlist_t *recvprops, nvlist_t *cmdprops, 3888 nvlist_t *origprops, nvlist_t **oxprops, uint8_t **wkeydata_out, 3889 uint_t *wkeylen_out, const char *errbuf) 3890 { 3891 nvpair_t *nvp; 3892 nvlist_t *oprops, *voprops; 3893 zfs_handle_t *zhp = NULL; 3894 zpool_handle_t *zpool_hdl = NULL; 3895 char *cp; 3896 int ret = 0; 3897 char namebuf[ZFS_MAX_DATASET_NAME_LEN]; 3898 3899 if (nvlist_empty(cmdprops)) 3900 return (0); /* No properties to override or exclude */ 3901 3902 *oxprops = fnvlist_alloc(); 3903 oprops = fnvlist_alloc(); 3904 3905 strlcpy(namebuf, fsname, ZFS_MAX_DATASET_NAME_LEN); 3906 3907 /* 3908 * Get our dataset handle. The target dataset may not exist yet. 3909 */ 3910 if (zfs_dataset_exists(hdl, namebuf, ZFS_TYPE_DATASET)) { 3911 zhp = zfs_open(hdl, namebuf, ZFS_TYPE_DATASET); 3912 if (zhp == NULL) { 3913 ret = -1; 3914 goto error; 3915 } 3916 } 3917 3918 /* open the zpool handle */ 3919 cp = strchr(namebuf, '/'); 3920 if (cp != NULL) 3921 *cp = '\0'; 3922 zpool_hdl = zpool_open(hdl, namebuf); 3923 if (zpool_hdl == NULL) { 3924 ret = -1; 3925 goto error; 3926 } 3927 3928 /* restore namebuf to match fsname for later use */ 3929 if (cp != NULL) 3930 *cp = '/'; 3931 3932 /* 3933 * first iteration: process excluded (-x) properties now and gather 3934 * added (-o) properties to be later processed by zfs_valid_proplist() 3935 */ 3936 nvp = NULL; 3937 while ((nvp = nvlist_next_nvpair(cmdprops, nvp)) != NULL) { 3938 const char *name = nvpair_name(nvp); 3939 zfs_prop_t prop = zfs_name_to_prop(name); 3940 3941 /* "origin" is processed separately, don't handle it here */ 3942 if (prop == ZFS_PROP_ORIGIN) 3943 continue; 3944 3945 /* 3946 * we're trying to override or exclude a property that does not 3947 * make sense for this type of dataset, but we don't want to 3948 * fail if the receive is recursive: this comes in handy when 3949 * the send stream contains, for instance, a child ZVOL and 3950 * we're trying to receive it with "-o atime=on" 3951 */ 3952 if (!zfs_prop_valid_for_type(prop, type, B_FALSE) && 3953 !zfs_prop_user(name)) { 3954 if (recursive) 3955 continue; 3956 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 3957 "property '%s' does not apply to datasets of this " 3958 "type"), name); 3959 ret = zfs_error(hdl, EZFS_BADPROP, errbuf); 3960 goto error; 3961 } 3962 3963 /* raw streams can't override encryption properties */ 3964 if ((zfs_prop_encryption_key_param(prop) || 3965 prop == ZFS_PROP_ENCRYPTION) && raw) { 3966 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 3967 "encryption property '%s' cannot " 3968 "be set or excluded for raw streams."), name); 3969 ret = zfs_error(hdl, EZFS_BADPROP, errbuf); 3970 goto error; 3971 } 3972 3973 /* incremental streams can only exclude encryption properties */ 3974 if ((zfs_prop_encryption_key_param(prop) || 3975 prop == ZFS_PROP_ENCRYPTION) && !newfs && 3976 nvpair_type(nvp) != DATA_TYPE_BOOLEAN) { 3977 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 3978 "encryption property '%s' cannot " 3979 "be set for incremental streams."), name); 3980 ret = zfs_error(hdl, EZFS_BADPROP, errbuf); 3981 goto error; 3982 } 3983 3984 switch (nvpair_type(nvp)) { 3985 case DATA_TYPE_BOOLEAN: /* -x property */ 3986 /* 3987 * DATA_TYPE_BOOLEAN is the way we're asked to "exclude" 3988 * a property: this is done by forcing an explicit 3989 * inherit on the destination so the effective value is 3990 * not the one we received from the send stream. 3991 * We do this only if the property is not already 3992 * locally-set, in which case its value will take 3993 * priority over the received anyway. 3994 */ 3995 if (nvlist_exists(origprops, name)) { 3996 nvlist_t *attrs; 3997 char *source = NULL; 3998 3999 attrs = fnvlist_lookup_nvlist(origprops, name); 4000 if (nvlist_lookup_string(attrs, 4001 ZPROP_SOURCE, &source) == 0 && 4002 strcmp(source, ZPROP_SOURCE_VAL_RECVD) != 0) 4003 continue; 4004 } 4005 /* 4006 * We can't force an explicit inherit on non-inheritable 4007 * properties: if we're asked to exclude this kind of 4008 * values we remove them from "recvprops" input nvlist. 4009 */ 4010 if (!zfs_prop_inheritable(prop) && 4011 !zfs_prop_user(name) && /* can be inherited too */ 4012 nvlist_exists(recvprops, name)) 4013 fnvlist_remove(recvprops, name); 4014 else 4015 fnvlist_add_nvpair(*oxprops, nvp); 4016 break; 4017 case DATA_TYPE_STRING: /* -o property=value */ 4018 fnvlist_add_nvpair(oprops, nvp); 4019 break; 4020 default: 4021 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 4022 "property '%s' must be a string or boolean"), name); 4023 ret = zfs_error(hdl, EZFS_BADPROP, errbuf); 4024 goto error; 4025 } 4026 } 4027 4028 if (toplevel) { 4029 /* convert override strings properties to native */ 4030 if ((voprops = zfs_valid_proplist(hdl, ZFS_TYPE_DATASET, 4031 oprops, zoned, zhp, zpool_hdl, B_FALSE, errbuf)) == NULL) { 4032 ret = zfs_error(hdl, EZFS_BADPROP, errbuf); 4033 goto error; 4034 } 4035 4036 /* 4037 * zfs_crypto_create() requires the parent name. Get it 4038 * by truncating the fsname copy stored in namebuf. 4039 */ 4040 cp = strrchr(namebuf, '/'); 4041 if (cp != NULL) 4042 *cp = '\0'; 4043 4044 if (!raw && zfs_crypto_create(hdl, namebuf, voprops, NULL, 4045 B_FALSE, wkeydata_out, wkeylen_out) != 0) { 4046 fnvlist_free(voprops); 4047 ret = zfs_error(hdl, EZFS_CRYPTOFAILED, errbuf); 4048 goto error; 4049 } 4050 4051 /* second pass: process "-o" properties */ 4052 fnvlist_merge(*oxprops, voprops); 4053 fnvlist_free(voprops); 4054 } else { 4055 /* override props on child dataset are inherited */ 4056 nvp = NULL; 4057 while ((nvp = nvlist_next_nvpair(oprops, nvp)) != NULL) { 4058 const char *name = nvpair_name(nvp); 4059 fnvlist_add_boolean(*oxprops, name); 4060 } 4061 } 4062 4063 error: 4064 if (zhp != NULL) 4065 zfs_close(zhp); 4066 if (zpool_hdl != NULL) 4067 zpool_close(zpool_hdl); 4068 fnvlist_free(oprops); 4069 return (ret); 4070 } 4071 4072 /* 4073 * Restores a backup of tosnap from the file descriptor specified by infd. 4074 */ 4075 static int 4076 zfs_receive_one(libzfs_handle_t *hdl, int infd, const char *tosnap, 4077 const char *originsnap, recvflags_t *flags, dmu_replay_record_t *drr, 4078 dmu_replay_record_t *drr_noswap, const char *sendfs, nvlist_t *stream_nv, 4079 avl_tree_t *stream_avl, char **top_zfs, 4080 const char *finalsnap, nvlist_t *cmdprops) 4081 { 4082 time_t begin_time; 4083 int ioctl_err, ioctl_errno, err; 4084 char *cp; 4085 struct drr_begin *drrb = &drr->drr_u.drr_begin; 4086 char errbuf[1024]; 4087 const char *chopprefix; 4088 boolean_t newfs = B_FALSE; 4089 boolean_t stream_wantsnewfs, stream_resumingnewfs; 4090 boolean_t newprops = B_FALSE; 4091 uint64_t read_bytes = 0; 4092 uint64_t errflags = 0; 4093 uint64_t parent_snapguid = 0; 4094 prop_changelist_t *clp = NULL; 4095 nvlist_t *snapprops_nvlist = NULL; 4096 nvlist_t *snapholds_nvlist = NULL; 4097 zprop_errflags_t prop_errflags; 4098 nvlist_t *prop_errors = NULL; 4099 boolean_t recursive; 4100 char *snapname = NULL; 4101 char destsnap[MAXPATHLEN * 2]; 4102 char origin[MAXNAMELEN]; 4103 char name[MAXPATHLEN]; 4104 char tmp_keylocation[MAXNAMELEN]; 4105 nvlist_t *rcvprops = NULL; /* props received from the send stream */ 4106 nvlist_t *oxprops = NULL; /* override (-o) and exclude (-x) props */ 4107 nvlist_t *origprops = NULL; /* original props (if destination exists) */ 4108 zfs_type_t type; 4109 boolean_t toplevel = B_FALSE; 4110 boolean_t zoned = B_FALSE; 4111 boolean_t hastoken = B_FALSE; 4112 boolean_t redacted; 4113 uint8_t *wkeydata = NULL; 4114 uint_t wkeylen = 0; 4115 4116 begin_time = time(NULL); 4117 bzero(origin, MAXNAMELEN); 4118 bzero(tmp_keylocation, MAXNAMELEN); 4119 4120 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN, 4121 "cannot receive")); 4122 4123 recursive = (nvlist_lookup_boolean(stream_nv, "not_recursive") == 4124 ENOENT); 4125 4126 /* Did the user request holds be skipped via zfs recv -k? */ 4127 boolean_t holds = flags->holds && !flags->skipholds; 4128 4129 if (stream_avl != NULL) { 4130 char *keylocation = NULL; 4131 nvlist_t *lookup = NULL; 4132 nvlist_t *fs = fsavl_find(stream_avl, drrb->drr_toguid, 4133 &snapname); 4134 4135 (void) nvlist_lookup_uint64(fs, "parentfromsnap", 4136 &parent_snapguid); 4137 err = nvlist_lookup_nvlist(fs, "props", &rcvprops); 4138 if (err) { 4139 rcvprops = fnvlist_alloc(); 4140 newprops = B_TRUE; 4141 } 4142 4143 /* 4144 * The keylocation property may only be set on encryption roots, 4145 * but this dataset might not become an encryption root until 4146 * recv_fix_encryption_hierarchy() is called. That function 4147 * will fixup the keylocation anyway, so we temporarily unset 4148 * the keylocation for now to avoid any errors from the receive 4149 * ioctl. 4150 */ 4151 err = nvlist_lookup_string(rcvprops, 4152 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &keylocation); 4153 if (err == 0) { 4154 strcpy(tmp_keylocation, keylocation); 4155 (void) nvlist_remove_all(rcvprops, 4156 zfs_prop_to_name(ZFS_PROP_KEYLOCATION)); 4157 } 4158 4159 if (flags->canmountoff) { 4160 fnvlist_add_uint64(rcvprops, 4161 zfs_prop_to_name(ZFS_PROP_CANMOUNT), 0); 4162 } else if (newprops) { /* nothing in rcvprops, eliminate it */ 4163 fnvlist_free(rcvprops); 4164 rcvprops = NULL; 4165 newprops = B_FALSE; 4166 } 4167 if (0 == nvlist_lookup_nvlist(fs, "snapprops", &lookup)) { 4168 snapprops_nvlist = fnvlist_lookup_nvlist(lookup, 4169 snapname); 4170 } 4171 if (holds) { 4172 if (0 == nvlist_lookup_nvlist(fs, "snapholds", 4173 &lookup)) { 4174 snapholds_nvlist = fnvlist_lookup_nvlist( 4175 lookup, snapname); 4176 } 4177 } 4178 } 4179 4180 cp = NULL; 4181 4182 /* 4183 * Determine how much of the snapshot name stored in the stream 4184 * we are going to tack on to the name they specified on the 4185 * command line, and how much we are going to chop off. 4186 * 4187 * If they specified a snapshot, chop the entire name stored in 4188 * the stream. 4189 */ 4190 if (flags->istail) { 4191 /* 4192 * A filesystem was specified with -e. We want to tack on only 4193 * the tail of the sent snapshot path. 4194 */ 4195 if (strchr(tosnap, '@')) { 4196 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "invalid " 4197 "argument - snapshot not allowed with -e")); 4198 err = zfs_error(hdl, EZFS_INVALIDNAME, errbuf); 4199 goto out; 4200 } 4201 4202 chopprefix = strrchr(sendfs, '/'); 4203 4204 if (chopprefix == NULL) { 4205 /* 4206 * The tail is the poolname, so we need to 4207 * prepend a path separator. 4208 */ 4209 int len = strlen(drrb->drr_toname); 4210 cp = malloc(len + 2); 4211 cp[0] = '/'; 4212 (void) strcpy(&cp[1], drrb->drr_toname); 4213 chopprefix = cp; 4214 } else { 4215 chopprefix = drrb->drr_toname + (chopprefix - sendfs); 4216 } 4217 } else if (flags->isprefix) { 4218 /* 4219 * A filesystem was specified with -d. We want to tack on 4220 * everything but the first element of the sent snapshot path 4221 * (all but the pool name). 4222 */ 4223 if (strchr(tosnap, '@')) { 4224 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "invalid " 4225 "argument - snapshot not allowed with -d")); 4226 err = zfs_error(hdl, EZFS_INVALIDNAME, errbuf); 4227 goto out; 4228 } 4229 4230 chopprefix = strchr(drrb->drr_toname, '/'); 4231 if (chopprefix == NULL) 4232 chopprefix = strchr(drrb->drr_toname, '@'); 4233 } else if (strchr(tosnap, '@') == NULL) { 4234 /* 4235 * If a filesystem was specified without -d or -e, we want to 4236 * tack on everything after the fs specified by 'zfs send'. 4237 */ 4238 chopprefix = drrb->drr_toname + strlen(sendfs); 4239 } else { 4240 /* A snapshot was specified as an exact path (no -d or -e). */ 4241 if (recursive) { 4242 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 4243 "cannot specify snapshot name for multi-snapshot " 4244 "stream")); 4245 err = zfs_error(hdl, EZFS_BADSTREAM, errbuf); 4246 goto out; 4247 } 4248 chopprefix = drrb->drr_toname + strlen(drrb->drr_toname); 4249 } 4250 4251 ASSERT(strstr(drrb->drr_toname, sendfs) == drrb->drr_toname); 4252 ASSERT(chopprefix > drrb->drr_toname || strchr(sendfs, '/') == NULL); 4253 ASSERT(chopprefix <= drrb->drr_toname + strlen(drrb->drr_toname) || 4254 strchr(sendfs, '/') == NULL); 4255 ASSERT(chopprefix[0] == '/' || chopprefix[0] == '@' || 4256 chopprefix[0] == '\0'); 4257 4258 /* 4259 * Determine name of destination snapshot. 4260 */ 4261 (void) strlcpy(destsnap, tosnap, sizeof (destsnap)); 4262 (void) strlcat(destsnap, chopprefix, sizeof (destsnap)); 4263 free(cp); 4264 if (!zfs_name_valid(destsnap, ZFS_TYPE_SNAPSHOT)) { 4265 err = zfs_error(hdl, EZFS_INVALIDNAME, errbuf); 4266 goto out; 4267 } 4268 4269 /* 4270 * Determine the name of the origin snapshot. 4271 */ 4272 if (originsnap) { 4273 (void) strlcpy(origin, originsnap, sizeof (origin)); 4274 if (flags->verbose) 4275 (void) printf("using provided clone origin %s\n", 4276 origin); 4277 } else if (drrb->drr_flags & DRR_FLAG_CLONE) { 4278 if (guid_to_name(hdl, destsnap, 4279 drrb->drr_fromguid, B_FALSE, origin) != 0) { 4280 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 4281 "local origin for clone %s does not exist"), 4282 destsnap); 4283 err = zfs_error(hdl, EZFS_NOENT, errbuf); 4284 goto out; 4285 } 4286 if (flags->verbose) 4287 (void) printf("found clone origin %s\n", origin); 4288 } 4289 4290 if ((DMU_GET_FEATUREFLAGS(drrb->drr_versioninfo) & 4291 DMU_BACKUP_FEATURE_DEDUP)) { 4292 (void) fprintf(stderr, 4293 gettext("ERROR: \"zfs receive\" no longer supports " 4294 "deduplicated send streams. Use\n" 4295 "the \"zstream redup\" command to convert this stream " 4296 "to a regular,\n" 4297 "non-deduplicated stream.\n")); 4298 err = zfs_error(hdl, EZFS_NOTSUP, errbuf); 4299 goto out; 4300 } 4301 4302 boolean_t resuming = DMU_GET_FEATUREFLAGS(drrb->drr_versioninfo) & 4303 DMU_BACKUP_FEATURE_RESUMING; 4304 boolean_t raw = DMU_GET_FEATUREFLAGS(drrb->drr_versioninfo) & 4305 DMU_BACKUP_FEATURE_RAW; 4306 boolean_t embedded = DMU_GET_FEATUREFLAGS(drrb->drr_versioninfo) & 4307 DMU_BACKUP_FEATURE_EMBED_DATA; 4308 stream_wantsnewfs = (drrb->drr_fromguid == 0 || 4309 (drrb->drr_flags & DRR_FLAG_CLONE) || originsnap) && !resuming; 4310 stream_resumingnewfs = (drrb->drr_fromguid == 0 || 4311 (drrb->drr_flags & DRR_FLAG_CLONE) || originsnap) && resuming; 4312 4313 if (stream_wantsnewfs) { 4314 /* 4315 * if the parent fs does not exist, look for it based on 4316 * the parent snap GUID 4317 */ 4318 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN, 4319 "cannot receive new filesystem stream")); 4320 4321 (void) strcpy(name, destsnap); 4322 cp = strrchr(name, '/'); 4323 if (cp) 4324 *cp = '\0'; 4325 if (cp && 4326 !zfs_dataset_exists(hdl, name, ZFS_TYPE_DATASET)) { 4327 char suffix[ZFS_MAX_DATASET_NAME_LEN]; 4328 (void) strcpy(suffix, strrchr(destsnap, '/')); 4329 if (guid_to_name(hdl, name, parent_snapguid, 4330 B_FALSE, destsnap) == 0) { 4331 *strchr(destsnap, '@') = '\0'; 4332 (void) strcat(destsnap, suffix); 4333 } 4334 } 4335 } else { 4336 /* 4337 * If the fs does not exist, look for it based on the 4338 * fromsnap GUID. 4339 */ 4340 if (resuming) { 4341 (void) snprintf(errbuf, sizeof (errbuf), 4342 dgettext(TEXT_DOMAIN, 4343 "cannot receive resume stream")); 4344 } else { 4345 (void) snprintf(errbuf, sizeof (errbuf), 4346 dgettext(TEXT_DOMAIN, 4347 "cannot receive incremental stream")); 4348 } 4349 4350 (void) strcpy(name, destsnap); 4351 *strchr(name, '@') = '\0'; 4352 4353 /* 4354 * If the exact receive path was specified and this is the 4355 * topmost path in the stream, then if the fs does not exist we 4356 * should look no further. 4357 */ 4358 if ((flags->isprefix || (*(chopprefix = drrb->drr_toname + 4359 strlen(sendfs)) != '\0' && *chopprefix != '@')) && 4360 !zfs_dataset_exists(hdl, name, ZFS_TYPE_DATASET)) { 4361 char snap[ZFS_MAX_DATASET_NAME_LEN]; 4362 (void) strcpy(snap, strchr(destsnap, '@')); 4363 if (guid_to_name(hdl, name, drrb->drr_fromguid, 4364 B_FALSE, destsnap) == 0) { 4365 *strchr(destsnap, '@') = '\0'; 4366 (void) strcat(destsnap, snap); 4367 } 4368 } 4369 } 4370 4371 (void) strcpy(name, destsnap); 4372 *strchr(name, '@') = '\0'; 4373 4374 redacted = DMU_GET_FEATUREFLAGS(drrb->drr_versioninfo) & 4375 DMU_BACKUP_FEATURE_REDACTED; 4376 4377 if (zfs_dataset_exists(hdl, name, ZFS_TYPE_DATASET)) { 4378 zfs_cmd_t zc = {"\0"}; 4379 zfs_handle_t *zhp; 4380 boolean_t encrypted; 4381 4382 (void) strcpy(zc.zc_name, name); 4383 4384 /* 4385 * Destination fs exists. It must be one of these cases: 4386 * - an incremental send stream 4387 * - the stream specifies a new fs (full stream or clone) 4388 * and they want us to blow away the existing fs (and 4389 * have therefore specified -F and removed any snapshots) 4390 * - we are resuming a failed receive. 4391 */ 4392 if (stream_wantsnewfs) { 4393 boolean_t is_volume = drrb->drr_type == DMU_OST_ZVOL; 4394 if (!flags->force) { 4395 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 4396 "destination '%s' exists\n" 4397 "must specify -F to overwrite it"), name); 4398 err = zfs_error(hdl, EZFS_EXISTS, errbuf); 4399 goto out; 4400 } 4401 if (zfs_ioctl(hdl, ZFS_IOC_SNAPSHOT_LIST_NEXT, 4402 &zc) == 0) { 4403 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 4404 "destination has snapshots (eg. %s)\n" 4405 "must destroy them to overwrite it"), 4406 zc.zc_name); 4407 err = zfs_error(hdl, EZFS_EXISTS, errbuf); 4408 goto out; 4409 } 4410 if (is_volume && strrchr(name, '/') == NULL) { 4411 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 4412 "destination %s is the root dataset\n" 4413 "cannot overwrite with a ZVOL"), 4414 name); 4415 err = zfs_error(hdl, EZFS_EXISTS, errbuf); 4416 goto out; 4417 } 4418 if (is_volume && 4419 zfs_ioctl(hdl, ZFS_IOC_DATASET_LIST_NEXT, 4420 &zc) == 0) { 4421 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 4422 "destination has children (eg. %s)\n" 4423 "cannot overwrite with a ZVOL"), 4424 zc.zc_name); 4425 err = zfs_error(hdl, EZFS_WRONG_PARENT, errbuf); 4426 goto out; 4427 } 4428 } 4429 4430 if ((zhp = zfs_open(hdl, name, 4431 ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME)) == NULL) { 4432 err = -1; 4433 goto out; 4434 } 4435 4436 if (stream_wantsnewfs && 4437 zhp->zfs_dmustats.dds_origin[0]) { 4438 zfs_close(zhp); 4439 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 4440 "destination '%s' is a clone\n" 4441 "must destroy it to overwrite it"), name); 4442 err = zfs_error(hdl, EZFS_EXISTS, errbuf); 4443 goto out; 4444 } 4445 4446 /* 4447 * Raw sends can not be performed as an incremental on top 4448 * of existing unencrypted datasets. zfs recv -F can't be 4449 * used to blow away an existing encrypted filesystem. This 4450 * is because it would require the dsl dir to point to the 4451 * new key (or lack of a key) and the old key at the same 4452 * time. The -F flag may still be used for deleting 4453 * intermediate snapshots that would otherwise prevent the 4454 * receive from working. 4455 */ 4456 encrypted = zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION) != 4457 ZIO_CRYPT_OFF; 4458 if (!stream_wantsnewfs && !encrypted && raw) { 4459 zfs_close(zhp); 4460 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 4461 "cannot perform raw receive on top of " 4462 "existing unencrypted dataset")); 4463 err = zfs_error(hdl, EZFS_BADRESTORE, errbuf); 4464 goto out; 4465 } 4466 4467 if (stream_wantsnewfs && flags->force && 4468 ((raw && !encrypted) || encrypted)) { 4469 zfs_close(zhp); 4470 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 4471 "zfs receive -F cannot be used to destroy an " 4472 "encrypted filesystem or overwrite an " 4473 "unencrypted one with an encrypted one")); 4474 err = zfs_error(hdl, EZFS_BADRESTORE, errbuf); 4475 goto out; 4476 } 4477 4478 if (!flags->dryrun && zhp->zfs_type == ZFS_TYPE_FILESYSTEM && 4479 (stream_wantsnewfs || stream_resumingnewfs)) { 4480 /* We can't do online recv in this case */ 4481 clp = changelist_gather(zhp, ZFS_PROP_NAME, 0, 4482 flags->forceunmount ? MS_FORCE : 0); 4483 if (clp == NULL) { 4484 zfs_close(zhp); 4485 err = -1; 4486 goto out; 4487 } 4488 if (changelist_prefix(clp) != 0) { 4489 changelist_free(clp); 4490 zfs_close(zhp); 4491 err = -1; 4492 goto out; 4493 } 4494 } 4495 4496 /* 4497 * If we are resuming a newfs, set newfs here so that we will 4498 * mount it if the recv succeeds this time. We can tell 4499 * that it was a newfs on the first recv because the fs 4500 * itself will be inconsistent (if the fs existed when we 4501 * did the first recv, we would have received it into 4502 * .../%recv). 4503 */ 4504 if (resuming && zfs_prop_get_int(zhp, ZFS_PROP_INCONSISTENT)) 4505 newfs = B_TRUE; 4506 4507 /* we want to know if we're zoned when validating -o|-x props */ 4508 zoned = zfs_prop_get_int(zhp, ZFS_PROP_ZONED); 4509 4510 /* may need this info later, get it now we have zhp around */ 4511 if (zfs_prop_get(zhp, ZFS_PROP_RECEIVE_RESUME_TOKEN, NULL, 0, 4512 NULL, NULL, 0, B_TRUE) == 0) 4513 hastoken = B_TRUE; 4514 4515 /* gather existing properties on destination */ 4516 origprops = fnvlist_alloc(); 4517 fnvlist_merge(origprops, zhp->zfs_props); 4518 fnvlist_merge(origprops, zhp->zfs_user_props); 4519 4520 zfs_close(zhp); 4521 } else { 4522 zfs_handle_t *zhp; 4523 4524 /* 4525 * Destination filesystem does not exist. Therefore we better 4526 * be creating a new filesystem (either from a full backup, or 4527 * a clone). It would therefore be invalid if the user 4528 * specified only the pool name (i.e. if the destination name 4529 * contained no slash character). 4530 */ 4531 cp = strrchr(name, '/'); 4532 4533 if (!stream_wantsnewfs || cp == NULL) { 4534 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 4535 "destination '%s' does not exist"), name); 4536 err = zfs_error(hdl, EZFS_NOENT, errbuf); 4537 goto out; 4538 } 4539 4540 /* 4541 * Trim off the final dataset component so we perform the 4542 * recvbackup ioctl to the filesystems's parent. 4543 */ 4544 *cp = '\0'; 4545 4546 if (flags->isprefix && !flags->istail && !flags->dryrun && 4547 create_parents(hdl, destsnap, strlen(tosnap)) != 0) { 4548 err = zfs_error(hdl, EZFS_BADRESTORE, errbuf); 4549 goto out; 4550 } 4551 4552 /* validate parent */ 4553 zhp = zfs_open(hdl, name, ZFS_TYPE_DATASET); 4554 if (zhp == NULL) { 4555 err = zfs_error(hdl, EZFS_BADRESTORE, errbuf); 4556 goto out; 4557 } 4558 if (zfs_get_type(zhp) != ZFS_TYPE_FILESYSTEM) { 4559 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 4560 "parent '%s' is not a filesystem"), name); 4561 err = zfs_error(hdl, EZFS_WRONG_PARENT, errbuf); 4562 zfs_close(zhp); 4563 goto out; 4564 } 4565 4566 zfs_close(zhp); 4567 4568 newfs = B_TRUE; 4569 *cp = '/'; 4570 } 4571 4572 if (flags->verbose) { 4573 (void) printf("%s %s stream of %s into %s\n", 4574 flags->dryrun ? "would receive" : "receiving", 4575 drrb->drr_fromguid ? "incremental" : "full", 4576 drrb->drr_toname, destsnap); 4577 (void) fflush(stdout); 4578 } 4579 4580 if (flags->dryrun) { 4581 void *buf = zfs_alloc(hdl, SPA_MAXBLOCKSIZE); 4582 4583 /* 4584 * We have read the DRR_BEGIN record, but we have 4585 * not yet read the payload. For non-dryrun sends 4586 * this will be done by the kernel, so we must 4587 * emulate that here, before attempting to read 4588 * more records. 4589 */ 4590 err = recv_read(hdl, infd, buf, drr->drr_payloadlen, 4591 flags->byteswap, NULL); 4592 free(buf); 4593 if (err != 0) 4594 goto out; 4595 4596 err = recv_skip(hdl, infd, flags->byteswap); 4597 goto out; 4598 } 4599 4600 /* 4601 * If this is the top-level dataset, record it so we can use it 4602 * for recursive operations later. 4603 */ 4604 if (top_zfs != NULL && 4605 (*top_zfs == NULL || strcmp(*top_zfs, name) == 0)) { 4606 toplevel = B_TRUE; 4607 if (*top_zfs == NULL) 4608 *top_zfs = zfs_strdup(hdl, name); 4609 } 4610 4611 if (drrb->drr_type == DMU_OST_ZVOL) { 4612 type = ZFS_TYPE_VOLUME; 4613 } else if (drrb->drr_type == DMU_OST_ZFS) { 4614 type = ZFS_TYPE_FILESYSTEM; 4615 } else { 4616 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 4617 "invalid record type: 0x%d"), drrb->drr_type); 4618 err = zfs_error(hdl, EZFS_BADSTREAM, errbuf); 4619 goto out; 4620 } 4621 if ((err = zfs_setup_cmdline_props(hdl, type, name, zoned, recursive, 4622 stream_wantsnewfs, raw, toplevel, rcvprops, cmdprops, origprops, 4623 &oxprops, &wkeydata, &wkeylen, errbuf)) != 0) 4624 goto out; 4625 4626 /* 4627 * When sending with properties (zfs send -p), the encryption property 4628 * is not included because it is a SETONCE property and therefore 4629 * treated as read only. However, we are always able to determine its 4630 * value because raw sends will include it in the DRR_BDEGIN payload 4631 * and non-raw sends with properties are not allowed for encrypted 4632 * datasets. Therefore, if this is a non-raw properties stream, we can 4633 * infer that the value should be ZIO_CRYPT_OFF and manually add that 4634 * to the received properties. 4635 */ 4636 if (stream_wantsnewfs && !raw && rcvprops != NULL && 4637 !nvlist_exists(cmdprops, zfs_prop_to_name(ZFS_PROP_ENCRYPTION))) { 4638 if (oxprops == NULL) 4639 oxprops = fnvlist_alloc(); 4640 fnvlist_add_uint64(oxprops, 4641 zfs_prop_to_name(ZFS_PROP_ENCRYPTION), ZIO_CRYPT_OFF); 4642 } 4643 4644 err = ioctl_err = lzc_receive_with_cmdprops(destsnap, rcvprops, 4645 oxprops, wkeydata, wkeylen, origin, flags->force, flags->resumable, 4646 raw, infd, drr_noswap, -1, &read_bytes, &errflags, 4647 NULL, &prop_errors); 4648 ioctl_errno = ioctl_err; 4649 prop_errflags = errflags; 4650 4651 if (err == 0) { 4652 nvpair_t *prop_err = NULL; 4653 4654 while ((prop_err = nvlist_next_nvpair(prop_errors, 4655 prop_err)) != NULL) { 4656 char tbuf[1024]; 4657 zfs_prop_t prop; 4658 int intval; 4659 4660 prop = zfs_name_to_prop(nvpair_name(prop_err)); 4661 (void) nvpair_value_int32(prop_err, &intval); 4662 if (strcmp(nvpair_name(prop_err), 4663 ZPROP_N_MORE_ERRORS) == 0) { 4664 trunc_prop_errs(intval); 4665 break; 4666 } else if (snapname == NULL || finalsnap == NULL || 4667 strcmp(finalsnap, snapname) == 0 || 4668 strcmp(nvpair_name(prop_err), 4669 zfs_prop_to_name(ZFS_PROP_REFQUOTA)) != 0) { 4670 /* 4671 * Skip the special case of, for example, 4672 * "refquota", errors on intermediate 4673 * snapshots leading up to a final one. 4674 * That's why we have all of the checks above. 4675 * 4676 * See zfs_ioctl.c's extract_delay_props() for 4677 * a list of props which can fail on 4678 * intermediate snapshots, but shouldn't 4679 * affect the overall receive. 4680 */ 4681 (void) snprintf(tbuf, sizeof (tbuf), 4682 dgettext(TEXT_DOMAIN, 4683 "cannot receive %s property on %s"), 4684 nvpair_name(prop_err), name); 4685 zfs_setprop_error(hdl, prop, intval, tbuf); 4686 } 4687 } 4688 } 4689 4690 if (err == 0 && snapprops_nvlist) { 4691 zfs_cmd_t zc = {"\0"}; 4692 4693 (void) strcpy(zc.zc_name, destsnap); 4694 zc.zc_cookie = B_TRUE; /* received */ 4695 if (zcmd_write_src_nvlist(hdl, &zc, snapprops_nvlist) == 0) { 4696 (void) zfs_ioctl(hdl, ZFS_IOC_SET_PROP, &zc); 4697 zcmd_free_nvlists(&zc); 4698 } 4699 } 4700 if (err == 0 && snapholds_nvlist) { 4701 nvpair_t *pair; 4702 nvlist_t *holds, *errors = NULL; 4703 int cleanup_fd = -1; 4704 4705 VERIFY(0 == nvlist_alloc(&holds, 0, KM_SLEEP)); 4706 for (pair = nvlist_next_nvpair(snapholds_nvlist, NULL); 4707 pair != NULL; 4708 pair = nvlist_next_nvpair(snapholds_nvlist, pair)) { 4709 fnvlist_add_string(holds, destsnap, nvpair_name(pair)); 4710 } 4711 (void) lzc_hold(holds, cleanup_fd, &errors); 4712 fnvlist_free(snapholds_nvlist); 4713 fnvlist_free(holds); 4714 } 4715 4716 if (err && (ioctl_errno == ENOENT || ioctl_errno == EEXIST)) { 4717 /* 4718 * It may be that this snapshot already exists, 4719 * in which case we want to consume & ignore it 4720 * rather than failing. 4721 */ 4722 avl_tree_t *local_avl; 4723 nvlist_t *local_nv, *fs; 4724 cp = strchr(destsnap, '@'); 4725 4726 /* 4727 * XXX Do this faster by just iterating over snaps in 4728 * this fs. Also if zc_value does not exist, we will 4729 * get a strange "does not exist" error message. 4730 */ 4731 *cp = '\0'; 4732 if (gather_nvlist(hdl, destsnap, NULL, NULL, B_FALSE, B_TRUE, 4733 B_FALSE, B_FALSE, B_FALSE, B_FALSE, B_FALSE, B_TRUE, 4734 &local_nv, &local_avl) == 0) { 4735 *cp = '@'; 4736 fs = fsavl_find(local_avl, drrb->drr_toguid, NULL); 4737 fsavl_destroy(local_avl); 4738 fnvlist_free(local_nv); 4739 4740 if (fs != NULL) { 4741 if (flags->verbose) { 4742 (void) printf("snap %s already exists; " 4743 "ignoring\n", destsnap); 4744 } 4745 err = ioctl_err = recv_skip(hdl, infd, 4746 flags->byteswap); 4747 } 4748 } 4749 *cp = '@'; 4750 } 4751 4752 if (ioctl_err != 0) { 4753 switch (ioctl_errno) { 4754 case ENODEV: 4755 cp = strchr(destsnap, '@'); 4756 *cp = '\0'; 4757 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 4758 "most recent snapshot of %s does not\n" 4759 "match incremental source"), destsnap); 4760 (void) zfs_error(hdl, EZFS_BADRESTORE, errbuf); 4761 *cp = '@'; 4762 break; 4763 case ETXTBSY: 4764 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 4765 "destination %s has been modified\n" 4766 "since most recent snapshot"), name); 4767 (void) zfs_error(hdl, EZFS_BADRESTORE, errbuf); 4768 break; 4769 case EACCES: 4770 if (raw && stream_wantsnewfs) { 4771 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 4772 "failed to create encryption key")); 4773 } else if (raw && !stream_wantsnewfs) { 4774 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 4775 "encryption key does not match " 4776 "existing key")); 4777 } else { 4778 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 4779 "inherited key must be loaded")); 4780 } 4781 (void) zfs_error(hdl, EZFS_CRYPTOFAILED, errbuf); 4782 break; 4783 case EEXIST: 4784 cp = strchr(destsnap, '@'); 4785 if (newfs) { 4786 /* it's the containing fs that exists */ 4787 *cp = '\0'; 4788 } 4789 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 4790 "destination already exists")); 4791 (void) zfs_error_fmt(hdl, EZFS_EXISTS, 4792 dgettext(TEXT_DOMAIN, "cannot restore to %s"), 4793 destsnap); 4794 *cp = '@'; 4795 break; 4796 case EINVAL: 4797 if (flags->resumable) { 4798 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 4799 "kernel modules must be upgraded to " 4800 "receive this stream.")); 4801 } else if (embedded && !raw) { 4802 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 4803 "incompatible embedded data stream " 4804 "feature with encrypted receive.")); 4805 } 4806 (void) zfs_error(hdl, EZFS_BADSTREAM, errbuf); 4807 break; 4808 case ECKSUM: 4809 case ZFS_ERR_STREAM_TRUNCATED: 4810 recv_ecksum_set_aux(hdl, destsnap, flags->resumable, 4811 ioctl_err == ECKSUM); 4812 (void) zfs_error(hdl, EZFS_BADSTREAM, errbuf); 4813 break; 4814 case ZFS_ERR_STREAM_LARGE_BLOCK_MISMATCH: 4815 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 4816 "incremental send stream requires -L " 4817 "(--large-block), to match previous receive.")); 4818 (void) zfs_error(hdl, EZFS_BADSTREAM, errbuf); 4819 break; 4820 case ENOTSUP: 4821 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 4822 "pool must be upgraded to receive this stream.")); 4823 (void) zfs_error(hdl, EZFS_BADVERSION, errbuf); 4824 break; 4825 case EDQUOT: 4826 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 4827 "destination %s space quota exceeded."), name); 4828 (void) zfs_error(hdl, EZFS_NOSPC, errbuf); 4829 break; 4830 case ZFS_ERR_FROM_IVSET_GUID_MISSING: 4831 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 4832 "IV set guid missing. See errata %u at " 4833 "https://openzfs.github.io/openzfs-docs/msg/" 4834 "ZFS-8000-ER."), 4835 ZPOOL_ERRATA_ZOL_8308_ENCRYPTION); 4836 (void) zfs_error(hdl, EZFS_BADSTREAM, errbuf); 4837 break; 4838 case ZFS_ERR_FROM_IVSET_GUID_MISMATCH: 4839 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 4840 "IV set guid mismatch. See the 'zfs receive' " 4841 "man page section\n discussing the limitations " 4842 "of raw encrypted send streams.")); 4843 (void) zfs_error(hdl, EZFS_BADSTREAM, errbuf); 4844 break; 4845 case ZFS_ERR_SPILL_BLOCK_FLAG_MISSING: 4846 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 4847 "Spill block flag missing for raw send.\n" 4848 "The zfs software on the sending system must " 4849 "be updated.")); 4850 (void) zfs_error(hdl, EZFS_BADSTREAM, errbuf); 4851 break; 4852 case EBUSY: 4853 if (hastoken) { 4854 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 4855 "destination %s contains " 4856 "partially-complete state from " 4857 "\"zfs receive -s\"."), name); 4858 (void) zfs_error(hdl, EZFS_BUSY, errbuf); 4859 break; 4860 } 4861 /* fallthru */ 4862 default: 4863 (void) zfs_standard_error(hdl, ioctl_errno, errbuf); 4864 } 4865 } 4866 4867 /* 4868 * Mount the target filesystem (if created). Also mount any 4869 * children of the target filesystem if we did a replication 4870 * receive (indicated by stream_avl being non-NULL). 4871 */ 4872 if (clp) { 4873 if (!flags->nomount) 4874 err |= changelist_postfix(clp); 4875 changelist_free(clp); 4876 } 4877 4878 if ((newfs || stream_avl) && type == ZFS_TYPE_FILESYSTEM && !redacted) 4879 flags->domount = B_TRUE; 4880 4881 if (prop_errflags & ZPROP_ERR_NOCLEAR) { 4882 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, "Warning: " 4883 "failed to clear unreceived properties on %s"), name); 4884 (void) fprintf(stderr, "\n"); 4885 } 4886 if (prop_errflags & ZPROP_ERR_NORESTORE) { 4887 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, "Warning: " 4888 "failed to restore original properties on %s"), name); 4889 (void) fprintf(stderr, "\n"); 4890 } 4891 4892 if (err || ioctl_err) { 4893 err = -1; 4894 goto out; 4895 } 4896 4897 if (flags->verbose) { 4898 char buf1[64]; 4899 char buf2[64]; 4900 uint64_t bytes = read_bytes; 4901 time_t delta = time(NULL) - begin_time; 4902 if (delta == 0) 4903 delta = 1; 4904 zfs_nicebytes(bytes, buf1, sizeof (buf1)); 4905 zfs_nicebytes(bytes/delta, buf2, sizeof (buf1)); 4906 4907 (void) printf("received %s stream in %lld seconds (%s/sec)\n", 4908 buf1, (longlong_t)delta, buf2); 4909 } 4910 4911 err = 0; 4912 out: 4913 if (prop_errors != NULL) 4914 fnvlist_free(prop_errors); 4915 4916 if (tmp_keylocation[0] != '\0') { 4917 fnvlist_add_string(rcvprops, 4918 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), tmp_keylocation); 4919 } 4920 4921 if (newprops) 4922 fnvlist_free(rcvprops); 4923 4924 fnvlist_free(oxprops); 4925 fnvlist_free(origprops); 4926 4927 return (err); 4928 } 4929 4930 /* 4931 * Check properties we were asked to override (both -o|-x) 4932 */ 4933 static boolean_t 4934 zfs_receive_checkprops(libzfs_handle_t *hdl, nvlist_t *props, 4935 const char *errbuf) 4936 { 4937 nvpair_t *nvp; 4938 zfs_prop_t prop; 4939 const char *name; 4940 4941 nvp = NULL; 4942 while ((nvp = nvlist_next_nvpair(props, nvp)) != NULL) { 4943 name = nvpair_name(nvp); 4944 prop = zfs_name_to_prop(name); 4945 4946 if (prop == ZPROP_INVAL) { 4947 if (!zfs_prop_user(name)) { 4948 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 4949 "invalid property '%s'"), name); 4950 return (B_FALSE); 4951 } 4952 continue; 4953 } 4954 /* 4955 * "origin" is readonly but is used to receive datasets as 4956 * clones so we don't raise an error here 4957 */ 4958 if (prop == ZFS_PROP_ORIGIN) 4959 continue; 4960 4961 /* encryption params have their own verification later */ 4962 if (prop == ZFS_PROP_ENCRYPTION || 4963 zfs_prop_encryption_key_param(prop)) 4964 continue; 4965 4966 /* 4967 * cannot override readonly, set-once and other specific 4968 * settable properties 4969 */ 4970 if (zfs_prop_readonly(prop) || prop == ZFS_PROP_VERSION || 4971 prop == ZFS_PROP_VOLSIZE) { 4972 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 4973 "invalid property '%s'"), name); 4974 return (B_FALSE); 4975 } 4976 } 4977 4978 return (B_TRUE); 4979 } 4980 4981 static int 4982 zfs_receive_impl(libzfs_handle_t *hdl, const char *tosnap, 4983 const char *originsnap, recvflags_t *flags, int infd, const char *sendfs, 4984 nvlist_t *stream_nv, avl_tree_t *stream_avl, char **top_zfs, 4985 const char *finalsnap, nvlist_t *cmdprops) 4986 { 4987 int err; 4988 dmu_replay_record_t drr, drr_noswap; 4989 struct drr_begin *drrb = &drr.drr_u.drr_begin; 4990 char errbuf[1024]; 4991 zio_cksum_t zcksum = { { 0 } }; 4992 uint64_t featureflags; 4993 int hdrtype; 4994 4995 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN, 4996 "cannot receive")); 4997 4998 /* check cmdline props, raise an error if they cannot be received */ 4999 if (!zfs_receive_checkprops(hdl, cmdprops, errbuf)) { 5000 return (zfs_error(hdl, EZFS_BADPROP, errbuf)); 5001 } 5002 5003 if (flags->isprefix && 5004 !zfs_dataset_exists(hdl, tosnap, ZFS_TYPE_DATASET)) { 5005 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "specified fs " 5006 "(%s) does not exist"), tosnap); 5007 return (zfs_error(hdl, EZFS_NOENT, errbuf)); 5008 } 5009 if (originsnap && 5010 !zfs_dataset_exists(hdl, originsnap, ZFS_TYPE_DATASET)) { 5011 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "specified origin fs " 5012 "(%s) does not exist"), originsnap); 5013 return (zfs_error(hdl, EZFS_NOENT, errbuf)); 5014 } 5015 5016 /* read in the BEGIN record */ 5017 if (0 != (err = recv_read(hdl, infd, &drr, sizeof (drr), B_FALSE, 5018 &zcksum))) 5019 return (err); 5020 5021 if (drr.drr_type == DRR_END || drr.drr_type == BSWAP_32(DRR_END)) { 5022 /* It's the double end record at the end of a package */ 5023 return (ENODATA); 5024 } 5025 5026 /* the kernel needs the non-byteswapped begin record */ 5027 drr_noswap = drr; 5028 5029 flags->byteswap = B_FALSE; 5030 if (drrb->drr_magic == BSWAP_64(DMU_BACKUP_MAGIC)) { 5031 /* 5032 * We computed the checksum in the wrong byteorder in 5033 * recv_read() above; do it again correctly. 5034 */ 5035 bzero(&zcksum, sizeof (zio_cksum_t)); 5036 fletcher_4_incremental_byteswap(&drr, sizeof (drr), &zcksum); 5037 flags->byteswap = B_TRUE; 5038 5039 drr.drr_type = BSWAP_32(drr.drr_type); 5040 drr.drr_payloadlen = BSWAP_32(drr.drr_payloadlen); 5041 drrb->drr_magic = BSWAP_64(drrb->drr_magic); 5042 drrb->drr_versioninfo = BSWAP_64(drrb->drr_versioninfo); 5043 drrb->drr_creation_time = BSWAP_64(drrb->drr_creation_time); 5044 drrb->drr_type = BSWAP_32(drrb->drr_type); 5045 drrb->drr_flags = BSWAP_32(drrb->drr_flags); 5046 drrb->drr_toguid = BSWAP_64(drrb->drr_toguid); 5047 drrb->drr_fromguid = BSWAP_64(drrb->drr_fromguid); 5048 } 5049 5050 if (drrb->drr_magic != DMU_BACKUP_MAGIC || drr.drr_type != DRR_BEGIN) { 5051 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "invalid " 5052 "stream (bad magic number)")); 5053 return (zfs_error(hdl, EZFS_BADSTREAM, errbuf)); 5054 } 5055 5056 featureflags = DMU_GET_FEATUREFLAGS(drrb->drr_versioninfo); 5057 hdrtype = DMU_GET_STREAM_HDRTYPE(drrb->drr_versioninfo); 5058 5059 if (!DMU_STREAM_SUPPORTED(featureflags) || 5060 (hdrtype != DMU_SUBSTREAM && hdrtype != DMU_COMPOUNDSTREAM)) { 5061 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, 5062 "stream has unsupported feature, feature flags = %lx"), 5063 featureflags); 5064 return (zfs_error(hdl, EZFS_BADSTREAM, errbuf)); 5065 } 5066 5067 /* Holds feature is set once in the compound stream header. */ 5068 if (featureflags & DMU_BACKUP_FEATURE_HOLDS) 5069 flags->holds = B_TRUE; 5070 5071 if (strchr(drrb->drr_toname, '@') == NULL) { 5072 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "invalid " 5073 "stream (bad snapshot name)")); 5074 return (zfs_error(hdl, EZFS_BADSTREAM, errbuf)); 5075 } 5076 5077 if (DMU_GET_STREAM_HDRTYPE(drrb->drr_versioninfo) == DMU_SUBSTREAM) { 5078 char nonpackage_sendfs[ZFS_MAX_DATASET_NAME_LEN]; 5079 if (sendfs == NULL) { 5080 /* 5081 * We were not called from zfs_receive_package(). Get 5082 * the fs specified by 'zfs send'. 5083 */ 5084 char *cp; 5085 (void) strlcpy(nonpackage_sendfs, 5086 drr.drr_u.drr_begin.drr_toname, 5087 sizeof (nonpackage_sendfs)); 5088 if ((cp = strchr(nonpackage_sendfs, '@')) != NULL) 5089 *cp = '\0'; 5090 sendfs = nonpackage_sendfs; 5091 VERIFY(finalsnap == NULL); 5092 } 5093 return (zfs_receive_one(hdl, infd, tosnap, originsnap, flags, 5094 &drr, &drr_noswap, sendfs, stream_nv, stream_avl, top_zfs, 5095 finalsnap, cmdprops)); 5096 } else { 5097 assert(DMU_GET_STREAM_HDRTYPE(drrb->drr_versioninfo) == 5098 DMU_COMPOUNDSTREAM); 5099 return (zfs_receive_package(hdl, infd, tosnap, flags, &drr, 5100 &zcksum, top_zfs, cmdprops)); 5101 } 5102 } 5103 5104 /* 5105 * Restores a backup of tosnap from the file descriptor specified by infd. 5106 * Return 0 on total success, -2 if some things couldn't be 5107 * destroyed/renamed/promoted, -1 if some things couldn't be received. 5108 * (-1 will override -2, if -1 and the resumable flag was specified the 5109 * transfer can be resumed if the sending side supports it). 5110 */ 5111 int 5112 zfs_receive(libzfs_handle_t *hdl, const char *tosnap, nvlist_t *props, 5113 recvflags_t *flags, int infd, avl_tree_t *stream_avl) 5114 { 5115 char *top_zfs = NULL; 5116 int err; 5117 struct stat sb; 5118 char *originsnap = NULL; 5119 5120 /* 5121 * The only way fstat can fail is if we do not have a valid file 5122 * descriptor. 5123 */ 5124 if (fstat(infd, &sb) == -1) { 5125 perror("fstat"); 5126 return (-2); 5127 } 5128 5129 /* 5130 * It is not uncommon for gigabytes to be processed in zfs receive. 5131 * Speculatively increase the buffer size if supported by the platform. 5132 */ 5133 if (S_ISFIFO(sb.st_mode)) 5134 libzfs_set_pipe_max(infd); 5135 5136 if (props) { 5137 err = nvlist_lookup_string(props, "origin", &originsnap); 5138 if (err && err != ENOENT) 5139 return (err); 5140 } 5141 5142 err = zfs_receive_impl(hdl, tosnap, originsnap, flags, infd, NULL, NULL, 5143 stream_avl, &top_zfs, NULL, props); 5144 5145 if (err == 0 && !flags->nomount && flags->domount && top_zfs) { 5146 zfs_handle_t *zhp = NULL; 5147 prop_changelist_t *clp = NULL; 5148 5149 zhp = zfs_open(hdl, top_zfs, 5150 ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME); 5151 if (zhp == NULL) { 5152 err = -1; 5153 goto out; 5154 } else { 5155 if (zhp->zfs_type == ZFS_TYPE_VOLUME) { 5156 zfs_close(zhp); 5157 goto out; 5158 } 5159 5160 clp = changelist_gather(zhp, ZFS_PROP_MOUNTPOINT, 5161 CL_GATHER_MOUNT_ALWAYS, 5162 flags->forceunmount ? MS_FORCE : 0); 5163 zfs_close(zhp); 5164 if (clp == NULL) { 5165 err = -1; 5166 goto out; 5167 } 5168 5169 /* mount and share received datasets */ 5170 err = changelist_postfix(clp); 5171 changelist_free(clp); 5172 if (err != 0) 5173 err = -1; 5174 } 5175 } 5176 5177 out: 5178 if (top_zfs) 5179 free(top_zfs); 5180 5181 return (err); 5182 } 5183