1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. 24 * Copyright (c) 2011-2012 Pawel Jakub Dawidek. All rights reserved. 25 * Copyright 2013 Martin Matuska <mm@FreeBSD.org>. All rights reserved. 26 * Copyright 2014 Xin Li <delphij@FreeBSD.org>. All rights reserved. 27 * Copyright 2015, OmniTI Computer Consulting, Inc. All rights reserved. 28 * Copyright 2015 Nexenta Systems, Inc. All rights reserved. 29 * Copyright (c) 2014, 2016 Joyent, Inc. All rights reserved. 30 * Copyright (c) 2011, 2015 by Delphix. All rights reserved. 31 * Copyright (c) 2013 by Saso Kiselkov. All rights reserved. 32 * Copyright (c) 2013 Steven Hartland. All rights reserved. 33 * Copyright (c) 2014 Integros [integros.com] 34 * Copyright 2016 Toomas Soome <tsoome@me.com> 35 */ 36 37 /* 38 * ZFS ioctls. 39 * 40 * This file handles the ioctls to /dev/zfs, used for configuring ZFS storage 41 * pools and filesystems, e.g. with /sbin/zfs and /sbin/zpool. 42 * 43 * There are two ways that we handle ioctls: the legacy way where almost 44 * all of the logic is in the ioctl callback, and the new way where most 45 * of the marshalling is handled in the common entry point, zfsdev_ioctl(). 46 * 47 * Non-legacy ioctls should be registered by calling 48 * zfs_ioctl_register() from zfs_ioctl_init(). The ioctl is invoked 49 * from userland by lzc_ioctl(). 50 * 51 * The registration arguments are as follows: 52 * 53 * const char *name 54 * The name of the ioctl. This is used for history logging. If the 55 * ioctl returns successfully (the callback returns 0), and allow_log 56 * is true, then a history log entry will be recorded with the input & 57 * output nvlists. The log entry can be printed with "zpool history -i". 58 * 59 * zfs_ioc_t ioc 60 * The ioctl request number, which userland will pass to ioctl(2). 61 * The ioctl numbers can change from release to release, because 62 * the caller (libzfs) must be matched to the kernel. 63 * 64 * zfs_secpolicy_func_t *secpolicy 65 * This function will be called before the zfs_ioc_func_t, to 66 * determine if this operation is permitted. It should return EPERM 67 * on failure, and 0 on success. Checks include determining if the 68 * dataset is visible in this zone, and if the user has either all 69 * zfs privileges in the zone (SYS_MOUNT), or has been granted permission 70 * to do this operation on this dataset with "zfs allow". 71 * 72 * zfs_ioc_namecheck_t namecheck 73 * This specifies what to expect in the zfs_cmd_t:zc_name -- a pool 74 * name, a dataset name, or nothing. If the name is not well-formed, 75 * the ioctl will fail and the callback will not be called. 76 * Therefore, the callback can assume that the name is well-formed 77 * (e.g. is null-terminated, doesn't have more than one '@' character, 78 * doesn't have invalid characters). 79 * 80 * zfs_ioc_poolcheck_t pool_check 81 * This specifies requirements on the pool state. If the pool does 82 * not meet them (is suspended or is readonly), the ioctl will fail 83 * and the callback will not be called. If any checks are specified 84 * (i.e. it is not POOL_CHECK_NONE), namecheck must not be NO_NAME. 85 * Multiple checks can be or-ed together (e.g. POOL_CHECK_SUSPENDED | 86 * POOL_CHECK_READONLY). 87 * 88 * boolean_t smush_outnvlist 89 * If smush_outnvlist is true, then the output is presumed to be a 90 * list of errors, and it will be "smushed" down to fit into the 91 * caller's buffer, by removing some entries and replacing them with a 92 * single "N_MORE_ERRORS" entry indicating how many were removed. See 93 * nvlist_smush() for details. If smush_outnvlist is false, and the 94 * outnvlist does not fit into the userland-provided buffer, then the 95 * ioctl will fail with ENOMEM. 96 * 97 * zfs_ioc_func_t *func 98 * The callback function that will perform the operation. 99 * 100 * The callback should return 0 on success, or an error number on 101 * failure. If the function fails, the userland ioctl will return -1, 102 * and errno will be set to the callback's return value. The callback 103 * will be called with the following arguments: 104 * 105 * const char *name 106 * The name of the pool or dataset to operate on, from 107 * zfs_cmd_t:zc_name. The 'namecheck' argument specifies the 108 * expected type (pool, dataset, or none). 109 * 110 * nvlist_t *innvl 111 * The input nvlist, deserialized from zfs_cmd_t:zc_nvlist_src. Or 112 * NULL if no input nvlist was provided. Changes to this nvlist are 113 * ignored. If the input nvlist could not be deserialized, the 114 * ioctl will fail and the callback will not be called. 115 * 116 * nvlist_t *outnvl 117 * The output nvlist, initially empty. The callback can fill it in, 118 * and it will be returned to userland by serializing it into 119 * zfs_cmd_t:zc_nvlist_dst. If it is non-empty, and serialization 120 * fails (e.g. because the caller didn't supply a large enough 121 * buffer), then the overall ioctl will fail. See the 122 * 'smush_nvlist' argument above for additional behaviors. 123 * 124 * There are two typical uses of the output nvlist: 125 * - To return state, e.g. property values. In this case, 126 * smush_outnvlist should be false. If the buffer was not large 127 * enough, the caller will reallocate a larger buffer and try 128 * the ioctl again. 129 * 130 * - To return multiple errors from an ioctl which makes on-disk 131 * changes. In this case, smush_outnvlist should be true. 132 * Ioctls which make on-disk modifications should generally not 133 * use the outnvl if they succeed, because the caller can not 134 * distinguish between the operation failing, and 135 * deserialization failing. 136 */ 137 #ifdef __FreeBSD__ 138 #include "opt_kstack_pages.h" 139 #endif 140 141 #include <sys/types.h> 142 #include <sys/param.h> 143 #include <sys/systm.h> 144 #include <sys/open.h> 145 #include <sys/conf.h> 146 #include <sys/kernel.h> 147 #include <sys/lock.h> 148 #include <sys/malloc.h> 149 #include <sys/mutex.h> 150 #include <sys/proc.h> 151 #include <sys/errno.h> 152 #include <sys/uio.h> 153 #include <sys/buf.h> 154 #include <sys/file.h> 155 #include <sys/kmem.h> 156 #include <sys/conf.h> 157 #include <sys/cmn_err.h> 158 #include <sys/stat.h> 159 #include <sys/zfs_ioctl.h> 160 #include <sys/zfs_vfsops.h> 161 #include <sys/zfs_znode.h> 162 #include <sys/zap.h> 163 #include <sys/spa.h> 164 #include <sys/spa_impl.h> 165 #include <sys/vdev.h> 166 #include <sys/dmu.h> 167 #include <sys/dsl_dir.h> 168 #include <sys/dsl_dataset.h> 169 #include <sys/dsl_prop.h> 170 #include <sys/dsl_deleg.h> 171 #include <sys/dmu_objset.h> 172 #include <sys/dmu_impl.h> 173 #include <sys/dmu_tx.h> 174 #include <sys/sunddi.h> 175 #include <sys/policy.h> 176 #include <sys/zone.h> 177 #include <sys/nvpair.h> 178 #include <sys/mount.h> 179 #ifdef __FreeBSD__ 180 #include <sys/taskqueue.h> 181 #endif 182 #ifdef __NetBSD__ 183 #include <sys/callb.h> 184 #include <sys/taskq.h> 185 #endif 186 #include <sys/sdt.h> 187 #include <sys/varargs.h> 188 #include <sys/fs/zfs.h> 189 #include <sys/zfs_ctldir.h> 190 #include <sys/zfs_dir.h> 191 #include <sys/zfs_onexit.h> 192 #include <sys/zvol.h> 193 #include <sys/dsl_scan.h> 194 #include <sys/dmu_objset.h> 195 #include <sys/dmu_send.h> 196 #include <sys/dsl_destroy.h> 197 #include <sys/dsl_bookmark.h> 198 #include <sys/dsl_userhold.h> 199 #include <sys/zfeature.h> 200 #include <sys/zio_checksum.h> 201 202 #include "zfs_namecheck.h" 203 #include "zfs_prop.h" 204 #include "zfs_deleg.h" 205 #include "zfs_comutil.h" 206 #include "zfs_ioctl_compat.h" 207 208 #ifdef __FreeBSD__ 209 CTASSERT(sizeof(zfs_cmd_t) < IOCPARM_MAX); 210 static struct cdev *zfsdev; 211 #endif 212 213 #ifdef __NetBSD__ 214 static int zfs_cmajor = -1; 215 static int zfs_bmajor = -1; 216 dev_info_t *zfs_dip; 217 218 #define ddi_driver_major(x) zfs_cmajor 219 220 #define zfs_init() /* nothing */ 221 #define zfs_fini() /* nothing */ 222 223 #define vfs_busy(x, y) vfs_busy(x) 224 #define vfs_rel(x) vfs_rele(x) 225 #endif 226 227 uint_t zfs_fsyncer_key; 228 extern uint_t rrw_tsd_key; 229 static uint_t zfs_allow_log_key; 230 extern uint_t zfs_geom_probe_vdev_key; 231 232 typedef int zfs_ioc_legacy_func_t(zfs_cmd_t *); 233 typedef int zfs_ioc_func_t(const char *, nvlist_t *, nvlist_t *); 234 typedef int zfs_secpolicy_func_t(zfs_cmd_t *, nvlist_t *, cred_t *); 235 236 typedef enum { 237 NO_NAME, 238 POOL_NAME, 239 DATASET_NAME 240 } zfs_ioc_namecheck_t; 241 242 typedef enum { 243 POOL_CHECK_NONE = 1 << 0, 244 POOL_CHECK_SUSPENDED = 1 << 1, 245 POOL_CHECK_READONLY = 1 << 2, 246 } zfs_ioc_poolcheck_t; 247 248 typedef struct zfs_ioc_vec { 249 zfs_ioc_legacy_func_t *zvec_legacy_func; 250 zfs_ioc_func_t *zvec_func; 251 zfs_secpolicy_func_t *zvec_secpolicy; 252 zfs_ioc_namecheck_t zvec_namecheck; 253 boolean_t zvec_allow_log; 254 zfs_ioc_poolcheck_t zvec_pool_check; 255 boolean_t zvec_smush_outnvlist; 256 const char *zvec_name; 257 } zfs_ioc_vec_t; 258 259 /* This array is indexed by zfs_userquota_prop_t */ 260 static const char *userquota_perms[] = { 261 ZFS_DELEG_PERM_USERUSED, 262 ZFS_DELEG_PERM_USERQUOTA, 263 ZFS_DELEG_PERM_GROUPUSED, 264 ZFS_DELEG_PERM_GROUPQUOTA, 265 }; 266 267 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc); 268 static int zfs_check_settable(const char *name, nvpair_t *property, 269 cred_t *cr); 270 static int zfs_check_clearable(char *dataset, nvlist_t *props, 271 nvlist_t **errors); 272 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *, 273 boolean_t *); 274 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t *); 275 static int get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp); 276 277 #ifdef __FreeBSD__ 278 static void zfsdev_close(void *data); 279 #endif 280 281 static int zfs_prop_activate_feature(spa_t *spa, spa_feature_t feature); 282 283 /* _NOTE(PRINTFLIKE(4)) - this is printf-like, but lint is too whiney */ 284 void 285 __dprintf(const char *file, const char *func, int line, const char *fmt, ...) 286 { 287 const char *newfile; 288 char buf[512]; 289 va_list adx; 290 291 /* 292 * Get rid of annoying "../common/" prefix to filename. 293 */ 294 newfile = strrchr(file, '/'); 295 if (newfile != NULL) { 296 newfile = newfile + 1; /* Get rid of leading / */ 297 } else { 298 newfile = file; 299 } 300 301 va_start(adx, fmt); 302 (void) vsnprintf(buf, sizeof (buf), fmt, adx); 303 va_end(adx); 304 305 /* 306 * To get this data, use the zfs-dprintf probe as so: 307 * dtrace -q -n 'zfs-dprintf \ 308 * /stringof(arg0) == "dbuf.c"/ \ 309 * {printf("%s: %s", stringof(arg1), stringof(arg3))}' 310 * arg0 = file name 311 * arg1 = function name 312 * arg2 = line number 313 * arg3 = message 314 */ 315 DTRACE_PROBE4(zfs__dprintf, 316 char *, newfile, char *, func, int, line, char *, buf); 317 } 318 319 static void 320 history_str_free(char *buf) 321 { 322 kmem_free(buf, HIS_MAX_RECORD_LEN); 323 } 324 325 static char * 326 history_str_get(zfs_cmd_t *zc) 327 { 328 char *buf; 329 330 if (zc->zc_history == 0) 331 return (NULL); 332 333 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP); 334 if (copyinstr((void *)(uintptr_t)zc->zc_history, 335 buf, HIS_MAX_RECORD_LEN, NULL) != 0) { 336 history_str_free(buf); 337 return (NULL); 338 } 339 340 buf[HIS_MAX_RECORD_LEN -1] = '\0'; 341 342 return (buf); 343 } 344 345 /* 346 * Check to see if the named dataset is currently defined as bootable 347 */ 348 static boolean_t 349 zfs_is_bootfs(const char *name) 350 { 351 objset_t *os; 352 353 if (dmu_objset_hold(name, FTAG, &os) == 0) { 354 boolean_t ret; 355 ret = (dmu_objset_id(os) == spa_bootfs(dmu_objset_spa(os))); 356 dmu_objset_rele(os, FTAG); 357 return (ret); 358 } 359 return (B_FALSE); 360 } 361 362 /* 363 * Return non-zero if the spa version is less than requested version. 364 */ 365 static int 366 zfs_earlier_version(const char *name, int version) 367 { 368 spa_t *spa; 369 370 if (spa_open(name, &spa, FTAG) == 0) { 371 if (spa_version(spa) < version) { 372 spa_close(spa, FTAG); 373 return (1); 374 } 375 spa_close(spa, FTAG); 376 } 377 return (0); 378 } 379 380 /* 381 * Return TRUE if the ZPL version is less than requested version. 382 */ 383 static boolean_t 384 zpl_earlier_version(const char *name, int version) 385 { 386 objset_t *os; 387 boolean_t rc = B_TRUE; 388 389 if (dmu_objset_hold(name, FTAG, &os) == 0) { 390 uint64_t zplversion; 391 392 if (dmu_objset_type(os) != DMU_OST_ZFS) { 393 dmu_objset_rele(os, FTAG); 394 return (B_TRUE); 395 } 396 /* XXX reading from non-owned objset */ 397 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0) 398 rc = zplversion < version; 399 dmu_objset_rele(os, FTAG); 400 } 401 return (rc); 402 } 403 404 static void 405 zfs_log_history(zfs_cmd_t *zc) 406 { 407 spa_t *spa; 408 char *buf; 409 410 if ((buf = history_str_get(zc)) == NULL) 411 return; 412 413 if (spa_open(zc->zc_name, &spa, FTAG) == 0) { 414 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY) 415 (void) spa_history_log(spa, buf); 416 spa_close(spa, FTAG); 417 } 418 history_str_free(buf); 419 } 420 421 /* 422 * Policy for top-level read operations (list pools). Requires no privileges, 423 * and can be used in the local zone, as there is no associated dataset. 424 */ 425 /* ARGSUSED */ 426 static int 427 zfs_secpolicy_none(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 428 { 429 return (0); 430 } 431 432 /* 433 * Policy for dataset read operations (list children, get statistics). Requires 434 * no privileges, but must be visible in the local zone. 435 */ 436 /* ARGSUSED */ 437 static int 438 zfs_secpolicy_read(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 439 { 440 if (INGLOBALZONE(curthread) || 441 zone_dataset_visible(zc->zc_name, NULL)) 442 return (0); 443 444 return (SET_ERROR(ENOENT)); 445 } 446 447 static int 448 zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr) 449 { 450 int writable = 1; 451 452 /* 453 * The dataset must be visible by this zone -- check this first 454 * so they don't see EPERM on something they shouldn't know about. 455 */ 456 if (!INGLOBALZONE(curthread) && 457 !zone_dataset_visible(dataset, &writable)) 458 return (SET_ERROR(ENOENT)); 459 460 if (INGLOBALZONE(curthread)) { 461 /* 462 * If the fs is zoned, only root can access it from the 463 * global zone. 464 */ 465 if (secpolicy_zfs(cr) && zoned) 466 return (SET_ERROR(EPERM)); 467 } else { 468 /* 469 * If we are in a local zone, the 'zoned' property must be set. 470 */ 471 if (!zoned) 472 return (SET_ERROR(EPERM)); 473 474 /* must be writable by this zone */ 475 if (!writable) 476 return (SET_ERROR(EPERM)); 477 } 478 return (0); 479 } 480 481 static int 482 zfs_dozonecheck(const char *dataset, cred_t *cr) 483 { 484 uint64_t zoned; 485 486 #ifdef __NetBSD__ 487 zoned = 0; 488 #else 489 if (dsl_prop_get_integer(dataset, "jailed", &zoned, NULL)) 490 return (SET_ERROR(ENOENT)); 491 #endif 492 493 return (zfs_dozonecheck_impl(dataset, zoned, cr)); 494 } 495 496 static int 497 zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr) 498 { 499 uint64_t zoned; 500 501 #ifdef __NetBSD__ 502 zoned = 0; 503 #else 504 if (dsl_prop_get_int_ds(ds, "jailed", &zoned)) 505 return (SET_ERROR(ENOENT)); 506 #endif 507 508 return (zfs_dozonecheck_impl(dataset, zoned, cr)); 509 } 510 511 static int 512 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds, 513 const char *perm, cred_t *cr) 514 { 515 int error; 516 517 error = zfs_dozonecheck_ds(name, ds, cr); 518 if (error == 0) { 519 error = secpolicy_zfs(cr); 520 if (error != 0) 521 error = dsl_deleg_access_impl(ds, perm, cr); 522 } 523 return (error); 524 } 525 526 static int 527 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr) 528 { 529 int error; 530 dsl_dataset_t *ds; 531 dsl_pool_t *dp; 532 533 /* 534 * First do a quick check for root in the global zone, which 535 * is allowed to do all write_perms. This ensures that zfs_ioc_* 536 * will get to handle nonexistent datasets. 537 */ 538 if (INGLOBALZONE(curthread) && secpolicy_zfs(cr) == 0) 539 return (0); 540 541 error = dsl_pool_hold(name, FTAG, &dp); 542 if (error != 0) 543 return (error); 544 545 error = dsl_dataset_hold(dp, name, FTAG, &ds); 546 if (error != 0) { 547 dsl_pool_rele(dp, FTAG); 548 return (error); 549 } 550 551 error = zfs_secpolicy_write_perms_ds(name, ds, perm, cr); 552 553 dsl_dataset_rele(ds, FTAG); 554 dsl_pool_rele(dp, FTAG); 555 return (error); 556 } 557 558 #ifdef SECLABEL 559 /* 560 * Policy for setting the security label property. 561 * 562 * Returns 0 for success, non-zero for access and other errors. 563 */ 564 static int 565 zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr) 566 { 567 char ds_hexsl[MAXNAMELEN]; 568 bslabel_t ds_sl, new_sl; 569 boolean_t new_default = FALSE; 570 uint64_t zoned; 571 int needed_priv = -1; 572 int error; 573 574 /* First get the existing dataset label. */ 575 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL), 576 1, sizeof (ds_hexsl), &ds_hexsl, NULL); 577 if (error != 0) 578 return (SET_ERROR(EPERM)); 579 580 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0) 581 new_default = TRUE; 582 583 /* The label must be translatable */ 584 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0)) 585 return (SET_ERROR(EINVAL)); 586 587 /* 588 * In a non-global zone, disallow attempts to set a label that 589 * doesn't match that of the zone; otherwise no other checks 590 * are needed. 591 */ 592 if (!INGLOBALZONE(curproc)) { 593 if (new_default || !blequal(&new_sl, CR_SL(CRED()))) 594 return (SET_ERROR(EPERM)); 595 return (0); 596 } 597 598 /* 599 * For global-zone datasets (i.e., those whose zoned property is 600 * "off", verify that the specified new label is valid for the 601 * global zone. 602 */ 603 if (dsl_prop_get_integer(name, 604 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL)) 605 return (SET_ERROR(EPERM)); 606 if (!zoned) { 607 if (zfs_check_global_label(name, strval) != 0) 608 return (SET_ERROR(EPERM)); 609 } 610 611 /* 612 * If the existing dataset label is nondefault, check if the 613 * dataset is mounted (label cannot be changed while mounted). 614 * Get the zfsvfs; if there isn't one, then the dataset isn't 615 * mounted (or isn't a dataset, doesn't exist, ...). 616 */ 617 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) { 618 objset_t *os; 619 static char *setsl_tag = "setsl_tag"; 620 621 /* 622 * Try to own the dataset; abort if there is any error, 623 * (e.g., already mounted, in use, or other error). 624 */ 625 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE, 626 setsl_tag, &os); 627 if (error != 0) 628 return (SET_ERROR(EPERM)); 629 630 dmu_objset_disown(os, setsl_tag); 631 632 if (new_default) { 633 needed_priv = PRIV_FILE_DOWNGRADE_SL; 634 goto out_check; 635 } 636 637 if (hexstr_to_label(strval, &new_sl) != 0) 638 return (SET_ERROR(EPERM)); 639 640 if (blstrictdom(&ds_sl, &new_sl)) 641 needed_priv = PRIV_FILE_DOWNGRADE_SL; 642 else if (blstrictdom(&new_sl, &ds_sl)) 643 needed_priv = PRIV_FILE_UPGRADE_SL; 644 } else { 645 /* dataset currently has a default label */ 646 if (!new_default) 647 needed_priv = PRIV_FILE_UPGRADE_SL; 648 } 649 650 out_check: 651 if (needed_priv != -1) 652 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL)); 653 return (0); 654 } 655 #endif /* SECLABEL */ 656 657 static int 658 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval, 659 cred_t *cr) 660 { 661 char *strval; 662 663 /* 664 * Check permissions for special properties. 665 */ 666 switch (prop) { 667 case ZFS_PROP_ZONED: 668 /* 669 * Disallow setting of 'zoned' from within a local zone. 670 */ 671 if (!INGLOBALZONE(curthread)) 672 return (SET_ERROR(EPERM)); 673 break; 674 675 case ZFS_PROP_QUOTA: 676 case ZFS_PROP_FILESYSTEM_LIMIT: 677 case ZFS_PROP_SNAPSHOT_LIMIT: 678 if (!INGLOBALZONE(curthread)) { 679 uint64_t zoned; 680 char setpoint[ZFS_MAX_DATASET_NAME_LEN]; 681 /* 682 * Unprivileged users are allowed to modify the 683 * limit on things *under* (ie. contained by) 684 * the thing they own. 685 */ 686 if (dsl_prop_get_integer(dsname, "jailed", &zoned, 687 setpoint)) 688 return (SET_ERROR(EPERM)); 689 if (!zoned || strlen(dsname) <= strlen(setpoint)) 690 return (SET_ERROR(EPERM)); 691 } 692 break; 693 694 case ZFS_PROP_MLSLABEL: 695 #ifdef SECLABEL 696 if (!is_system_labeled()) 697 return (SET_ERROR(EPERM)); 698 699 if (nvpair_value_string(propval, &strval) == 0) { 700 int err; 701 702 err = zfs_set_slabel_policy(dsname, strval, CRED()); 703 if (err != 0) 704 return (err); 705 } 706 #else 707 return (EOPNOTSUPP); 708 #endif 709 break; 710 } 711 712 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr)); 713 } 714 715 /* ARGSUSED */ 716 static int 717 zfs_secpolicy_set_fsacl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 718 { 719 int error; 720 721 error = zfs_dozonecheck(zc->zc_name, cr); 722 if (error != 0) 723 return (error); 724 725 /* 726 * permission to set permissions will be evaluated later in 727 * dsl_deleg_can_allow() 728 */ 729 return (0); 730 } 731 732 /* ARGSUSED */ 733 static int 734 zfs_secpolicy_rollback(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 735 { 736 return (zfs_secpolicy_write_perms(zc->zc_name, 737 ZFS_DELEG_PERM_ROLLBACK, cr)); 738 } 739 740 /* ARGSUSED */ 741 static int 742 zfs_secpolicy_send(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 743 { 744 dsl_pool_t *dp; 745 dsl_dataset_t *ds; 746 char *cp; 747 int error; 748 749 /* 750 * Generate the current snapshot name from the given objsetid, then 751 * use that name for the secpolicy/zone checks. 752 */ 753 cp = strchr(zc->zc_name, '@'); 754 if (cp == NULL) 755 return (SET_ERROR(EINVAL)); 756 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 757 if (error != 0) 758 return (error); 759 760 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds); 761 if (error != 0) { 762 dsl_pool_rele(dp, FTAG); 763 return (error); 764 } 765 766 dsl_dataset_name(ds, zc->zc_name); 767 768 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds, 769 ZFS_DELEG_PERM_SEND, cr); 770 dsl_dataset_rele(ds, FTAG); 771 dsl_pool_rele(dp, FTAG); 772 773 return (error); 774 } 775 776 /* ARGSUSED */ 777 static int 778 zfs_secpolicy_send_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 779 { 780 return (zfs_secpolicy_write_perms(zc->zc_name, 781 ZFS_DELEG_PERM_SEND, cr)); 782 } 783 784 /* ARGSUSED */ 785 static int 786 zfs_secpolicy_deleg_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 787 { 788 vnode_t *vp; 789 int error; 790 791 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE, 792 NO_FOLLOW, NULL, &vp)) != 0) 793 return (error); 794 795 /* Now make sure mntpnt and dataset are ZFS */ 796 797 if (strcmp(vp->v_vfsp->mnt_stat.f_fstypename, "zfs") != 0 || 798 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource), 799 zc->zc_name) != 0)) { 800 VN_RELE(vp); 801 return (SET_ERROR(EPERM)); 802 } 803 804 VN_RELE(vp); 805 return (dsl_deleg_access(zc->zc_name, 806 ZFS_DELEG_PERM_SHARE, cr)); 807 } 808 809 int 810 zfs_secpolicy_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 811 { 812 if (!INGLOBALZONE(curthread)) 813 return (SET_ERROR(EPERM)); 814 815 if (secpolicy_nfs(cr) == 0) { 816 return (0); 817 } else { 818 return (zfs_secpolicy_deleg_share(zc, innvl, cr)); 819 } 820 } 821 822 int 823 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 824 { 825 if (!INGLOBALZONE(curthread)) 826 return (SET_ERROR(EPERM)); 827 828 if (secpolicy_smb(cr) == 0) { 829 return (0); 830 } else { 831 return (zfs_secpolicy_deleg_share(zc, innvl, cr)); 832 } 833 } 834 835 static int 836 zfs_get_parent(const char *datasetname, char *parent, int parentsize) 837 { 838 char *cp; 839 840 /* 841 * Remove the @bla or /bla from the end of the name to get the parent. 842 */ 843 (void) strncpy(parent, datasetname, parentsize); 844 cp = strrchr(parent, '@'); 845 if (cp != NULL) { 846 cp[0] = '\0'; 847 } else { 848 cp = strrchr(parent, '/'); 849 if (cp == NULL) 850 return (SET_ERROR(ENOENT)); 851 cp[0] = '\0'; 852 } 853 854 return (0); 855 } 856 857 int 858 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr) 859 { 860 int error; 861 862 if ((error = zfs_secpolicy_write_perms(name, 863 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 864 return (error); 865 866 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr)); 867 } 868 869 /* ARGSUSED */ 870 static int 871 zfs_secpolicy_destroy(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 872 { 873 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr)); 874 } 875 876 /* 877 * Destroying snapshots with delegated permissions requires 878 * descendant mount and destroy permissions. 879 */ 880 /* ARGSUSED */ 881 static int 882 zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 883 { 884 nvlist_t *snaps; 885 nvpair_t *pair, *nextpair; 886 int error = 0; 887 888 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0) 889 return (SET_ERROR(EINVAL)); 890 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 891 pair = nextpair) { 892 nextpair = nvlist_next_nvpair(snaps, pair); 893 error = zfs_secpolicy_destroy_perms(nvpair_name(pair), cr); 894 if (error == ENOENT) { 895 /* 896 * Ignore any snapshots that don't exist (we consider 897 * them "already destroyed"). Remove the name from the 898 * nvl here in case the snapshot is created between 899 * now and when we try to destroy it (in which case 900 * we don't want to destroy it since we haven't 901 * checked for permission). 902 */ 903 fnvlist_remove_nvpair(snaps, pair); 904 error = 0; 905 } 906 if (error != 0) 907 break; 908 } 909 910 return (error); 911 } 912 913 int 914 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr) 915 { 916 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 917 int error; 918 919 if ((error = zfs_secpolicy_write_perms(from, 920 ZFS_DELEG_PERM_RENAME, cr)) != 0) 921 return (error); 922 923 if ((error = zfs_secpolicy_write_perms(from, 924 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 925 return (error); 926 927 if ((error = zfs_get_parent(to, parentname, 928 sizeof (parentname))) != 0) 929 return (error); 930 931 if ((error = zfs_secpolicy_write_perms(parentname, 932 ZFS_DELEG_PERM_CREATE, cr)) != 0) 933 return (error); 934 935 if ((error = zfs_secpolicy_write_perms(parentname, 936 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 937 return (error); 938 939 return (error); 940 } 941 942 /* ARGSUSED */ 943 static int 944 zfs_secpolicy_rename(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 945 { 946 char *at = NULL; 947 int error; 948 949 if ((zc->zc_cookie & 1) != 0) { 950 /* 951 * This is recursive rename, so the starting snapshot might 952 * not exist. Check file system or volume permission instead. 953 */ 954 at = strchr(zc->zc_name, '@'); 955 if (at == NULL) 956 return (EINVAL); 957 *at = '\0'; 958 } 959 960 error = zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr); 961 962 if (at != NULL) 963 *at = '@'; 964 965 return (error); 966 } 967 968 /* ARGSUSED */ 969 static int 970 zfs_secpolicy_promote(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 971 { 972 dsl_pool_t *dp; 973 dsl_dataset_t *clone; 974 int error; 975 976 error = zfs_secpolicy_write_perms(zc->zc_name, 977 ZFS_DELEG_PERM_PROMOTE, cr); 978 if (error != 0) 979 return (error); 980 981 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 982 if (error != 0) 983 return (error); 984 985 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &clone); 986 987 if (error == 0) { 988 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 989 dsl_dataset_t *origin = NULL; 990 dsl_dir_t *dd; 991 dd = clone->ds_dir; 992 993 error = dsl_dataset_hold_obj(dd->dd_pool, 994 dsl_dir_phys(dd)->dd_origin_obj, FTAG, &origin); 995 if (error != 0) { 996 dsl_dataset_rele(clone, FTAG); 997 dsl_pool_rele(dp, FTAG); 998 return (error); 999 } 1000 1001 error = zfs_secpolicy_write_perms_ds(zc->zc_name, clone, 1002 ZFS_DELEG_PERM_MOUNT, cr); 1003 1004 dsl_dataset_name(origin, parentname); 1005 if (error == 0) { 1006 error = zfs_secpolicy_write_perms_ds(parentname, origin, 1007 ZFS_DELEG_PERM_PROMOTE, cr); 1008 } 1009 dsl_dataset_rele(clone, FTAG); 1010 dsl_dataset_rele(origin, FTAG); 1011 } 1012 dsl_pool_rele(dp, FTAG); 1013 return (error); 1014 } 1015 1016 /* ARGSUSED */ 1017 static int 1018 zfs_secpolicy_recv(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1019 { 1020 int error; 1021 1022 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 1023 ZFS_DELEG_PERM_RECEIVE, cr)) != 0) 1024 return (error); 1025 1026 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 1027 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 1028 return (error); 1029 1030 return (zfs_secpolicy_write_perms(zc->zc_name, 1031 ZFS_DELEG_PERM_CREATE, cr)); 1032 } 1033 1034 int 1035 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr) 1036 { 1037 return (zfs_secpolicy_write_perms(name, 1038 ZFS_DELEG_PERM_SNAPSHOT, cr)); 1039 } 1040 1041 /* 1042 * Check for permission to create each snapshot in the nvlist. 1043 */ 1044 /* ARGSUSED */ 1045 static int 1046 zfs_secpolicy_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1047 { 1048 nvlist_t *snaps; 1049 int error; 1050 nvpair_t *pair; 1051 1052 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0) 1053 return (SET_ERROR(EINVAL)); 1054 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 1055 pair = nvlist_next_nvpair(snaps, pair)) { 1056 char *name = nvpair_name(pair); 1057 char *atp = strchr(name, '@'); 1058 1059 if (atp == NULL) { 1060 error = SET_ERROR(EINVAL); 1061 break; 1062 } 1063 *atp = '\0'; 1064 error = zfs_secpolicy_snapshot_perms(name, cr); 1065 *atp = '@'; 1066 if (error != 0) 1067 break; 1068 } 1069 return (error); 1070 } 1071 1072 /* 1073 * Check for permission to create each snapshot in the nvlist. 1074 */ 1075 /* ARGSUSED */ 1076 static int 1077 zfs_secpolicy_bookmark(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1078 { 1079 int error = 0; 1080 1081 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL); 1082 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) { 1083 char *name = nvpair_name(pair); 1084 char *hashp = strchr(name, '#'); 1085 1086 if (hashp == NULL) { 1087 error = SET_ERROR(EINVAL); 1088 break; 1089 } 1090 *hashp = '\0'; 1091 error = zfs_secpolicy_write_perms(name, 1092 ZFS_DELEG_PERM_BOOKMARK, cr); 1093 *hashp = '#'; 1094 if (error != 0) 1095 break; 1096 } 1097 return (error); 1098 } 1099 1100 /* ARGSUSED */ 1101 static int 1102 zfs_secpolicy_destroy_bookmarks(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1103 { 1104 nvpair_t *pair, *nextpair; 1105 int error = 0; 1106 1107 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL; 1108 pair = nextpair) { 1109 char *name = nvpair_name(pair); 1110 char *hashp = strchr(name, '#'); 1111 nextpair = nvlist_next_nvpair(innvl, pair); 1112 1113 if (hashp == NULL) { 1114 error = SET_ERROR(EINVAL); 1115 break; 1116 } 1117 1118 *hashp = '\0'; 1119 error = zfs_secpolicy_write_perms(name, 1120 ZFS_DELEG_PERM_DESTROY, cr); 1121 *hashp = '#'; 1122 if (error == ENOENT) { 1123 /* 1124 * Ignore any filesystems that don't exist (we consider 1125 * their bookmarks "already destroyed"). Remove 1126 * the name from the nvl here in case the filesystem 1127 * is created between now and when we try to destroy 1128 * the bookmark (in which case we don't want to 1129 * destroy it since we haven't checked for permission). 1130 */ 1131 fnvlist_remove_nvpair(innvl, pair); 1132 error = 0; 1133 } 1134 if (error != 0) 1135 break; 1136 } 1137 1138 return (error); 1139 } 1140 1141 /* ARGSUSED */ 1142 static int 1143 zfs_secpolicy_log_history(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1144 { 1145 /* 1146 * Even root must have a proper TSD so that we know what pool 1147 * to log to. 1148 */ 1149 if (tsd_get(zfs_allow_log_key) == NULL) 1150 return (SET_ERROR(EPERM)); 1151 return (0); 1152 } 1153 1154 static int 1155 zfs_secpolicy_create_clone(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1156 { 1157 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 1158 int error; 1159 char *origin; 1160 1161 if ((error = zfs_get_parent(zc->zc_name, parentname, 1162 sizeof (parentname))) != 0) 1163 return (error); 1164 1165 if (nvlist_lookup_string(innvl, "origin", &origin) == 0 && 1166 (error = zfs_secpolicy_write_perms(origin, 1167 ZFS_DELEG_PERM_CLONE, cr)) != 0) 1168 return (error); 1169 1170 if ((error = zfs_secpolicy_write_perms(parentname, 1171 ZFS_DELEG_PERM_CREATE, cr)) != 0) 1172 return (error); 1173 1174 return (zfs_secpolicy_write_perms(parentname, 1175 ZFS_DELEG_PERM_MOUNT, cr)); 1176 } 1177 1178 /* 1179 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires 1180 * SYS_CONFIG privilege, which is not available in a local zone. 1181 */ 1182 /* ARGSUSED */ 1183 static int 1184 zfs_secpolicy_config(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1185 { 1186 if (secpolicy_sys_config(cr, B_FALSE) != 0) 1187 return (SET_ERROR(EPERM)); 1188 1189 return (0); 1190 } 1191 1192 /* 1193 * Policy for object to name lookups. 1194 */ 1195 /* ARGSUSED */ 1196 static int 1197 zfs_secpolicy_diff(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1198 { 1199 int error; 1200 1201 if ((error = secpolicy_sys_config(cr, B_FALSE)) == 0) 1202 return (0); 1203 1204 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr); 1205 return (error); 1206 } 1207 1208 /* 1209 * Policy for fault injection. Requires all privileges. 1210 */ 1211 /* ARGSUSED */ 1212 static int 1213 zfs_secpolicy_inject(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1214 { 1215 return (secpolicy_zinject(cr)); 1216 } 1217 1218 /* ARGSUSED */ 1219 static int 1220 zfs_secpolicy_inherit_prop(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1221 { 1222 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value); 1223 1224 if (prop == ZPROP_INVAL) { 1225 if (!zfs_prop_user(zc->zc_value)) 1226 return (SET_ERROR(EINVAL)); 1227 return (zfs_secpolicy_write_perms(zc->zc_name, 1228 ZFS_DELEG_PERM_USERPROP, cr)); 1229 } else { 1230 return (zfs_secpolicy_setprop(zc->zc_name, prop, 1231 NULL, cr)); 1232 } 1233 } 1234 1235 static int 1236 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1237 { 1238 int err = zfs_secpolicy_read(zc, innvl, cr); 1239 if (err) 1240 return (err); 1241 1242 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 1243 return (SET_ERROR(EINVAL)); 1244 1245 if (zc->zc_value[0] == 0) { 1246 /* 1247 * They are asking about a posix uid/gid. If it's 1248 * themself, allow it. 1249 */ 1250 if (zc->zc_objset_type == ZFS_PROP_USERUSED || 1251 zc->zc_objset_type == ZFS_PROP_USERQUOTA) { 1252 if (zc->zc_guid == crgetuid(cr)) 1253 return (0); 1254 } else { 1255 if (groupmember(zc->zc_guid, cr)) 1256 return (0); 1257 } 1258 } 1259 1260 return (zfs_secpolicy_write_perms(zc->zc_name, 1261 userquota_perms[zc->zc_objset_type], cr)); 1262 } 1263 1264 static int 1265 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1266 { 1267 int err = zfs_secpolicy_read(zc, innvl, cr); 1268 if (err) 1269 return (err); 1270 1271 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 1272 return (SET_ERROR(EINVAL)); 1273 1274 return (zfs_secpolicy_write_perms(zc->zc_name, 1275 userquota_perms[zc->zc_objset_type], cr)); 1276 } 1277 1278 /* ARGSUSED */ 1279 static int 1280 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1281 { 1282 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION, 1283 NULL, cr)); 1284 } 1285 1286 /* ARGSUSED */ 1287 static int 1288 zfs_secpolicy_hold(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1289 { 1290 nvpair_t *pair; 1291 nvlist_t *holds; 1292 int error; 1293 1294 error = nvlist_lookup_nvlist(innvl, "holds", &holds); 1295 if (error != 0) 1296 return (SET_ERROR(EINVAL)); 1297 1298 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL; 1299 pair = nvlist_next_nvpair(holds, pair)) { 1300 char fsname[ZFS_MAX_DATASET_NAME_LEN]; 1301 error = dmu_fsname(nvpair_name(pair), fsname); 1302 if (error != 0) 1303 return (error); 1304 error = zfs_secpolicy_write_perms(fsname, 1305 ZFS_DELEG_PERM_HOLD, cr); 1306 if (error != 0) 1307 return (error); 1308 } 1309 return (0); 1310 } 1311 1312 /* ARGSUSED */ 1313 static int 1314 zfs_secpolicy_release(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1315 { 1316 nvpair_t *pair; 1317 int error; 1318 1319 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL; 1320 pair = nvlist_next_nvpair(innvl, pair)) { 1321 char fsname[ZFS_MAX_DATASET_NAME_LEN]; 1322 error = dmu_fsname(nvpair_name(pair), fsname); 1323 if (error != 0) 1324 return (error); 1325 error = zfs_secpolicy_write_perms(fsname, 1326 ZFS_DELEG_PERM_RELEASE, cr); 1327 if (error != 0) 1328 return (error); 1329 } 1330 return (0); 1331 } 1332 1333 /* 1334 * Policy for allowing temporary snapshots to be taken or released 1335 */ 1336 static int 1337 zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1338 { 1339 /* 1340 * A temporary snapshot is the same as a snapshot, 1341 * hold, destroy and release all rolled into one. 1342 * Delegated diff alone is sufficient that we allow this. 1343 */ 1344 int error; 1345 1346 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 1347 ZFS_DELEG_PERM_DIFF, cr)) == 0) 1348 return (0); 1349 1350 error = zfs_secpolicy_snapshot_perms(zc->zc_name, cr); 1351 if (error == 0) 1352 error = zfs_secpolicy_hold(zc, innvl, cr); 1353 if (error == 0) 1354 error = zfs_secpolicy_release(zc, innvl, cr); 1355 if (error == 0) 1356 error = zfs_secpolicy_destroy(zc, innvl, cr); 1357 return (error); 1358 } 1359 1360 /* 1361 * Returns the nvlist as specified by the user in the zfs_cmd_t. 1362 */ 1363 static int 1364 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp) 1365 { 1366 char *packed; 1367 int error; 1368 nvlist_t *list = NULL; 1369 1370 /* 1371 * Read in and unpack the user-supplied nvlist. 1372 */ 1373 if (size == 0) 1374 return (SET_ERROR(EINVAL)); 1375 1376 packed = kmem_alloc(size, KM_SLEEP); 1377 1378 if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size, 1379 iflag)) != 0) { 1380 kmem_free(packed, size); 1381 return (SET_ERROR(EFAULT)); 1382 } 1383 1384 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) { 1385 kmem_free(packed, size); 1386 return (error); 1387 } 1388 1389 kmem_free(packed, size); 1390 1391 *nvp = list; 1392 return (0); 1393 } 1394 1395 /* 1396 * Reduce the size of this nvlist until it can be serialized in 'max' bytes. 1397 * Entries will be removed from the end of the nvlist, and one int32 entry 1398 * named "N_MORE_ERRORS" will be added indicating how many entries were 1399 * removed. 1400 */ 1401 static int 1402 nvlist_smush(nvlist_t *errors, size_t max) 1403 { 1404 size_t size; 1405 1406 size = fnvlist_size(errors); 1407 1408 if (size > max) { 1409 nvpair_t *more_errors; 1410 int n = 0; 1411 1412 if (max < 1024) 1413 return (SET_ERROR(ENOMEM)); 1414 1415 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, 0); 1416 more_errors = nvlist_prev_nvpair(errors, NULL); 1417 1418 do { 1419 nvpair_t *pair = nvlist_prev_nvpair(errors, 1420 more_errors); 1421 fnvlist_remove_nvpair(errors, pair); 1422 n++; 1423 size = fnvlist_size(errors); 1424 } while (size > max); 1425 1426 fnvlist_remove_nvpair(errors, more_errors); 1427 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, n); 1428 ASSERT3U(fnvlist_size(errors), <=, max); 1429 } 1430 1431 return (0); 1432 } 1433 1434 static int 1435 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl) 1436 { 1437 char *packed = NULL; 1438 int error = 0; 1439 size_t size; 1440 1441 size = fnvlist_size(nvl); 1442 1443 if (size > zc->zc_nvlist_dst_size) { 1444 /* 1445 * Solaris returns ENOMEM here, because even if an error is 1446 * returned from an ioctl(2), new zc_nvlist_dst_size will be 1447 * passed to the userland. This is not the case for FreeBSD. 1448 * We need to return 0, so the kernel will copy the 1449 * zc_nvlist_dst_size back and the userland can discover that a 1450 * bigger buffer is needed. 1451 */ 1452 error = 0; 1453 } else { 1454 packed = fnvlist_pack(nvl, &size); 1455 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst, 1456 size, zc->zc_iflags) != 0) 1457 error = SET_ERROR(EFAULT); 1458 fnvlist_pack_free(packed, size); 1459 } 1460 1461 zc->zc_nvlist_dst_size = size; 1462 zc->zc_nvlist_dst_filled = B_TRUE; 1463 return (error); 1464 } 1465 1466 static int 1467 getzfsvfs(const char *dsname, zfsvfs_t **zfvp) 1468 { 1469 objset_t *os; 1470 vfs_t *vfsp; 1471 int error; 1472 1473 error = dmu_objset_hold(dsname, FTAG, &os); 1474 if (error != 0) 1475 return (error); 1476 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1477 dmu_objset_rele(os, FTAG); 1478 return (SET_ERROR(EINVAL)); 1479 } 1480 1481 mutex_enter(&os->os_user_ptr_lock); 1482 *zfvp = dmu_objset_get_user(os); 1483 if (*zfvp) { 1484 vfsp = (*zfvp)->z_vfs; 1485 vfs_ref(vfsp); 1486 } else { 1487 error = SET_ERROR(ESRCH); 1488 } 1489 mutex_exit(&os->os_user_ptr_lock); 1490 dmu_objset_rele(os, FTAG); 1491 if (error == 0) { 1492 error = vfs_busy(vfsp, 0); 1493 vfs_rel(vfsp); 1494 if (error != 0) { 1495 *zfvp = NULL; 1496 error = SET_ERROR(ESRCH); 1497 } 1498 } 1499 return (error); 1500 } 1501 1502 /* 1503 * Find a zfsvfs_t for a mounted filesystem, or create our own, in which 1504 * case its z_vfs will be NULL, and it will be opened as the owner. 1505 * If 'writer' is set, the z_teardown_lock will be held for RW_WRITER, 1506 * which prevents all vnode ops from running. 1507 */ 1508 static int 1509 zfsvfs_hold(const char *name, void *tag, zfsvfs_t **zfvp, boolean_t writer) 1510 { 1511 int error = 0; 1512 1513 if (getzfsvfs(name, zfvp) != 0) 1514 error = zfsvfs_create(name, zfvp); 1515 if (error == 0) { 1516 rrm_enter(&(*zfvp)->z_teardown_lock, (writer) ? RW_WRITER : 1517 RW_READER, tag); 1518 if ((*zfvp)->z_unmounted) { 1519 /* 1520 * XXX we could probably try again, since the unmounting 1521 * thread should be just about to disassociate the 1522 * objset from the zfsvfs. 1523 */ 1524 rrm_exit(&(*zfvp)->z_teardown_lock, tag); 1525 return (SET_ERROR(EBUSY)); 1526 } 1527 } 1528 return (error); 1529 } 1530 1531 static void 1532 zfsvfs_rele(zfsvfs_t *zfsvfs, void *tag) 1533 { 1534 rrm_exit(&zfsvfs->z_teardown_lock, tag); 1535 1536 if (zfsvfs->z_vfs) { 1537 #ifdef illumos 1538 VFS_RELE(zfsvfs->z_vfs); 1539 #else 1540 vfs_unbusy(zfsvfs->z_vfs); 1541 #endif 1542 } else { 1543 dmu_objset_disown(zfsvfs->z_os, zfsvfs); 1544 zfsvfs_free(zfsvfs); 1545 } 1546 } 1547 1548 static int 1549 zfs_ioc_pool_create(zfs_cmd_t *zc) 1550 { 1551 int error; 1552 nvlist_t *config, *props = NULL; 1553 nvlist_t *rootprops = NULL; 1554 nvlist_t *zplprops = NULL; 1555 1556 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1557 zc->zc_iflags, &config)) 1558 return (error); 1559 1560 if (zc->zc_nvlist_src_size != 0 && (error = 1561 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1562 zc->zc_iflags, &props))) { 1563 nvlist_free(config); 1564 return (error); 1565 } 1566 1567 if (props) { 1568 nvlist_t *nvl = NULL; 1569 uint64_t version = SPA_VERSION; 1570 1571 (void) nvlist_lookup_uint64(props, 1572 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version); 1573 if (!SPA_VERSION_IS_SUPPORTED(version)) { 1574 error = SET_ERROR(EINVAL); 1575 goto pool_props_bad; 1576 } 1577 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl); 1578 if (nvl) { 1579 error = nvlist_dup(nvl, &rootprops, KM_SLEEP); 1580 if (error != 0) { 1581 nvlist_free(config); 1582 nvlist_free(props); 1583 return (error); 1584 } 1585 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS); 1586 } 1587 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 1588 error = zfs_fill_zplprops_root(version, rootprops, 1589 zplprops, NULL); 1590 if (error != 0) 1591 goto pool_props_bad; 1592 } 1593 1594 error = spa_create(zc->zc_name, config, props, zplprops); 1595 1596 /* 1597 * Set the remaining root properties 1598 */ 1599 if (!error && (error = zfs_set_prop_nvlist(zc->zc_name, 1600 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0) 1601 (void) spa_destroy(zc->zc_name); 1602 1603 pool_props_bad: 1604 nvlist_free(rootprops); 1605 nvlist_free(zplprops); 1606 nvlist_free(config); 1607 nvlist_free(props); 1608 1609 return (error); 1610 } 1611 1612 static int 1613 zfs_ioc_pool_destroy(zfs_cmd_t *zc) 1614 { 1615 int error; 1616 zfs_log_history(zc); 1617 error = spa_destroy(zc->zc_name); 1618 if (error == 0) 1619 zvol_remove_minors(zc->zc_name); 1620 return (error); 1621 } 1622 1623 static int 1624 zfs_ioc_pool_import(zfs_cmd_t *zc) 1625 { 1626 nvlist_t *config, *props = NULL; 1627 uint64_t guid; 1628 int error; 1629 1630 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1631 zc->zc_iflags, &config)) != 0) 1632 return (error); 1633 1634 if (zc->zc_nvlist_src_size != 0 && (error = 1635 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1636 zc->zc_iflags, &props))) { 1637 nvlist_free(config); 1638 return (error); 1639 } 1640 1641 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 || 1642 guid != zc->zc_guid) 1643 error = SET_ERROR(EINVAL); 1644 else 1645 error = spa_import(zc->zc_name, config, props, zc->zc_cookie); 1646 1647 if (zc->zc_nvlist_dst != 0) { 1648 int err; 1649 1650 if ((err = put_nvlist(zc, config)) != 0) 1651 error = err; 1652 } 1653 1654 nvlist_free(config); 1655 1656 nvlist_free(props); 1657 1658 return (error); 1659 } 1660 1661 static int 1662 zfs_ioc_pool_export(zfs_cmd_t *zc) 1663 { 1664 int error; 1665 boolean_t force = (boolean_t)zc->zc_cookie; 1666 boolean_t hardforce = (boolean_t)zc->zc_guid; 1667 1668 zfs_log_history(zc); 1669 error = spa_export(zc->zc_name, NULL, force, hardforce); 1670 if (error == 0) 1671 zvol_remove_minors(zc->zc_name); 1672 return (error); 1673 } 1674 1675 static int 1676 zfs_ioc_pool_configs(zfs_cmd_t *zc) 1677 { 1678 nvlist_t *configs; 1679 int error; 1680 1681 if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL) 1682 return (SET_ERROR(EEXIST)); 1683 1684 error = put_nvlist(zc, configs); 1685 1686 nvlist_free(configs); 1687 1688 return (error); 1689 } 1690 1691 /* 1692 * inputs: 1693 * zc_name name of the pool 1694 * 1695 * outputs: 1696 * zc_cookie real errno 1697 * zc_nvlist_dst config nvlist 1698 * zc_nvlist_dst_size size of config nvlist 1699 */ 1700 static int 1701 zfs_ioc_pool_stats(zfs_cmd_t *zc) 1702 { 1703 nvlist_t *config; 1704 int error; 1705 int ret = 0; 1706 1707 error = spa_get_stats(zc->zc_name, &config, zc->zc_value, 1708 sizeof (zc->zc_value)); 1709 1710 if (config != NULL) { 1711 ret = put_nvlist(zc, config); 1712 nvlist_free(config); 1713 1714 /* 1715 * The config may be present even if 'error' is non-zero. 1716 * In this case we return success, and preserve the real errno 1717 * in 'zc_cookie'. 1718 */ 1719 zc->zc_cookie = error; 1720 } else { 1721 ret = error; 1722 } 1723 1724 return (ret); 1725 } 1726 1727 /* 1728 * Try to import the given pool, returning pool stats as appropriate so that 1729 * user land knows which devices are available and overall pool health. 1730 */ 1731 static int 1732 zfs_ioc_pool_tryimport(zfs_cmd_t *zc) 1733 { 1734 nvlist_t *tryconfig, *config; 1735 int error; 1736 1737 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1738 zc->zc_iflags, &tryconfig)) != 0) 1739 return (error); 1740 1741 config = spa_tryimport(tryconfig); 1742 1743 nvlist_free(tryconfig); 1744 1745 if (config == NULL) 1746 return (SET_ERROR(EINVAL)); 1747 1748 error = put_nvlist(zc, config); 1749 nvlist_free(config); 1750 1751 return (error); 1752 } 1753 1754 /* 1755 * inputs: 1756 * zc_name name of the pool 1757 * zc_cookie scan func (pool_scan_func_t) 1758 */ 1759 static int 1760 zfs_ioc_pool_scan(zfs_cmd_t *zc) 1761 { 1762 spa_t *spa; 1763 int error; 1764 1765 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1766 return (error); 1767 1768 if (zc->zc_cookie == POOL_SCAN_NONE) 1769 error = spa_scan_stop(spa); 1770 else 1771 error = spa_scan(spa, zc->zc_cookie); 1772 1773 spa_close(spa, FTAG); 1774 1775 return (error); 1776 } 1777 1778 static int 1779 zfs_ioc_pool_freeze(zfs_cmd_t *zc) 1780 { 1781 spa_t *spa; 1782 int error; 1783 1784 error = spa_open(zc->zc_name, &spa, FTAG); 1785 if (error == 0) { 1786 spa_freeze(spa); 1787 spa_close(spa, FTAG); 1788 } 1789 return (error); 1790 } 1791 1792 static int 1793 zfs_ioc_pool_upgrade(zfs_cmd_t *zc) 1794 { 1795 spa_t *spa; 1796 int error; 1797 1798 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1799 return (error); 1800 1801 if (zc->zc_cookie < spa_version(spa) || 1802 !SPA_VERSION_IS_SUPPORTED(zc->zc_cookie)) { 1803 spa_close(spa, FTAG); 1804 return (SET_ERROR(EINVAL)); 1805 } 1806 1807 spa_upgrade(spa, zc->zc_cookie); 1808 spa_close(spa, FTAG); 1809 1810 return (error); 1811 } 1812 1813 static int 1814 zfs_ioc_pool_get_history(zfs_cmd_t *zc) 1815 { 1816 spa_t *spa; 1817 char *hist_buf; 1818 uint64_t size; 1819 int error; 1820 1821 if ((size = zc->zc_history_len) == 0) 1822 return (SET_ERROR(EINVAL)); 1823 1824 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1825 return (error); 1826 1827 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) { 1828 spa_close(spa, FTAG); 1829 return (SET_ERROR(ENOTSUP)); 1830 } 1831 1832 hist_buf = kmem_alloc(size, KM_SLEEP); 1833 if ((error = spa_history_get(spa, &zc->zc_history_offset, 1834 &zc->zc_history_len, hist_buf)) == 0) { 1835 error = ddi_copyout(hist_buf, 1836 (void *)(uintptr_t)zc->zc_history, 1837 zc->zc_history_len, zc->zc_iflags); 1838 } 1839 1840 spa_close(spa, FTAG); 1841 kmem_free(hist_buf, size); 1842 return (error); 1843 } 1844 1845 static int 1846 zfs_ioc_pool_reguid(zfs_cmd_t *zc) 1847 { 1848 spa_t *spa; 1849 int error; 1850 1851 error = spa_open(zc->zc_name, &spa, FTAG); 1852 if (error == 0) { 1853 error = spa_change_guid(spa); 1854 spa_close(spa, FTAG); 1855 } 1856 return (error); 1857 } 1858 1859 static int 1860 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc) 1861 { 1862 return (dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value)); 1863 } 1864 1865 /* 1866 * inputs: 1867 * zc_name name of filesystem 1868 * zc_obj object to find 1869 * 1870 * outputs: 1871 * zc_value name of object 1872 */ 1873 static int 1874 zfs_ioc_obj_to_path(zfs_cmd_t *zc) 1875 { 1876 objset_t *os; 1877 int error; 1878 1879 /* XXX reading from objset not owned */ 1880 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0) 1881 return (error); 1882 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1883 dmu_objset_rele(os, FTAG); 1884 return (SET_ERROR(EINVAL)); 1885 } 1886 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value, 1887 sizeof (zc->zc_value)); 1888 dmu_objset_rele(os, FTAG); 1889 1890 return (error); 1891 } 1892 1893 /* 1894 * inputs: 1895 * zc_name name of filesystem 1896 * zc_obj object to find 1897 * 1898 * outputs: 1899 * zc_stat stats on object 1900 * zc_value path to object 1901 */ 1902 static int 1903 zfs_ioc_obj_to_stats(zfs_cmd_t *zc) 1904 { 1905 objset_t *os; 1906 int error; 1907 1908 /* XXX reading from objset not owned */ 1909 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0) 1910 return (error); 1911 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1912 dmu_objset_rele(os, FTAG); 1913 return (SET_ERROR(EINVAL)); 1914 } 1915 error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value, 1916 sizeof (zc->zc_value)); 1917 dmu_objset_rele(os, FTAG); 1918 1919 return (error); 1920 } 1921 1922 static int 1923 zfs_ioc_vdev_add(zfs_cmd_t *zc) 1924 { 1925 spa_t *spa; 1926 int error; 1927 nvlist_t *config, **l2cache, **spares; 1928 uint_t nl2cache = 0, nspares = 0; 1929 1930 error = spa_open(zc->zc_name, &spa, FTAG); 1931 if (error != 0) 1932 return (error); 1933 1934 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1935 zc->zc_iflags, &config); 1936 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_L2CACHE, 1937 &l2cache, &nl2cache); 1938 1939 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_SPARES, 1940 &spares, &nspares); 1941 1942 #ifdef illumos 1943 /* 1944 * A root pool with concatenated devices is not supported. 1945 * Thus, can not add a device to a root pool. 1946 * 1947 * Intent log device can not be added to a rootpool because 1948 * during mountroot, zil is replayed, a seperated log device 1949 * can not be accessed during the mountroot time. 1950 * 1951 * l2cache and spare devices are ok to be added to a rootpool. 1952 */ 1953 if (spa_bootfs(spa) != 0 && nl2cache == 0 && nspares == 0) { 1954 nvlist_free(config); 1955 spa_close(spa, FTAG); 1956 return (SET_ERROR(EDOM)); 1957 } 1958 #endif /* illumos */ 1959 1960 if (error == 0) { 1961 error = spa_vdev_add(spa, config); 1962 nvlist_free(config); 1963 } 1964 spa_close(spa, FTAG); 1965 return (error); 1966 } 1967 1968 /* 1969 * inputs: 1970 * zc_name name of the pool 1971 * zc_nvlist_conf nvlist of devices to remove 1972 * zc_cookie to stop the remove? 1973 */ 1974 static int 1975 zfs_ioc_vdev_remove(zfs_cmd_t *zc) 1976 { 1977 spa_t *spa; 1978 int error; 1979 1980 error = spa_open(zc->zc_name, &spa, FTAG); 1981 if (error != 0) 1982 return (error); 1983 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE); 1984 spa_close(spa, FTAG); 1985 return (error); 1986 } 1987 1988 static int 1989 zfs_ioc_vdev_set_state(zfs_cmd_t *zc) 1990 { 1991 spa_t *spa; 1992 int error; 1993 vdev_state_t newstate = VDEV_STATE_UNKNOWN; 1994 1995 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1996 return (error); 1997 switch (zc->zc_cookie) { 1998 case VDEV_STATE_ONLINE: 1999 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate); 2000 break; 2001 2002 case VDEV_STATE_OFFLINE: 2003 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj); 2004 break; 2005 2006 case VDEV_STATE_FAULTED: 2007 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED && 2008 zc->zc_obj != VDEV_AUX_EXTERNAL) 2009 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED; 2010 2011 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj); 2012 break; 2013 2014 case VDEV_STATE_DEGRADED: 2015 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED && 2016 zc->zc_obj != VDEV_AUX_EXTERNAL) 2017 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED; 2018 2019 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj); 2020 break; 2021 2022 default: 2023 error = SET_ERROR(EINVAL); 2024 } 2025 zc->zc_cookie = newstate; 2026 spa_close(spa, FTAG); 2027 return (error); 2028 } 2029 2030 static int 2031 zfs_ioc_vdev_attach(zfs_cmd_t *zc) 2032 { 2033 spa_t *spa; 2034 int replacing = zc->zc_cookie; 2035 nvlist_t *config; 2036 int error; 2037 2038 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 2039 return (error); 2040 2041 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 2042 zc->zc_iflags, &config)) == 0) { 2043 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing); 2044 nvlist_free(config); 2045 } 2046 2047 spa_close(spa, FTAG); 2048 return (error); 2049 } 2050 2051 static int 2052 zfs_ioc_vdev_detach(zfs_cmd_t *zc) 2053 { 2054 spa_t *spa; 2055 int error; 2056 2057 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 2058 return (error); 2059 2060 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE); 2061 2062 spa_close(spa, FTAG); 2063 return (error); 2064 } 2065 2066 static int 2067 zfs_ioc_vdev_split(zfs_cmd_t *zc) 2068 { 2069 spa_t *spa; 2070 nvlist_t *config, *props = NULL; 2071 int error; 2072 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT); 2073 2074 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 2075 return (error); 2076 2077 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 2078 zc->zc_iflags, &config)) { 2079 spa_close(spa, FTAG); 2080 return (error); 2081 } 2082 2083 if (zc->zc_nvlist_src_size != 0 && (error = 2084 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2085 zc->zc_iflags, &props))) { 2086 spa_close(spa, FTAG); 2087 nvlist_free(config); 2088 return (error); 2089 } 2090 2091 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp); 2092 2093 spa_close(spa, FTAG); 2094 2095 nvlist_free(config); 2096 nvlist_free(props); 2097 2098 return (error); 2099 } 2100 2101 static int 2102 zfs_ioc_vdev_setpath(zfs_cmd_t *zc) 2103 { 2104 spa_t *spa; 2105 char *path = zc->zc_value; 2106 uint64_t guid = zc->zc_guid; 2107 int error; 2108 2109 error = spa_open(zc->zc_name, &spa, FTAG); 2110 if (error != 0) 2111 return (error); 2112 2113 error = spa_vdev_setpath(spa, guid, path); 2114 spa_close(spa, FTAG); 2115 return (error); 2116 } 2117 2118 static int 2119 zfs_ioc_vdev_setfru(zfs_cmd_t *zc) 2120 { 2121 spa_t *spa; 2122 char *fru = zc->zc_value; 2123 uint64_t guid = zc->zc_guid; 2124 int error; 2125 2126 error = spa_open(zc->zc_name, &spa, FTAG); 2127 if (error != 0) 2128 return (error); 2129 2130 error = spa_vdev_setfru(spa, guid, fru); 2131 spa_close(spa, FTAG); 2132 return (error); 2133 } 2134 2135 static int 2136 zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os) 2137 { 2138 int error = 0; 2139 nvlist_t *nv; 2140 2141 dmu_objset_fast_stat(os, &zc->zc_objset_stats); 2142 2143 if (zc->zc_nvlist_dst != 0 && 2144 (error = dsl_prop_get_all(os, &nv)) == 0) { 2145 dmu_objset_stats(os, nv); 2146 /* 2147 * NB: zvol_get_stats() will read the objset contents, 2148 * which we aren't supposed to do with a 2149 * DS_MODE_USER hold, because it could be 2150 * inconsistent. So this is a bit of a workaround... 2151 * XXX reading with out owning 2152 */ 2153 if (!zc->zc_objset_stats.dds_inconsistent && 2154 dmu_objset_type(os) == DMU_OST_ZVOL) { 2155 error = zvol_get_stats(os, nv); 2156 if (error == EIO) 2157 return (error); 2158 VERIFY0(error); 2159 } 2160 error = put_nvlist(zc, nv); 2161 nvlist_free(nv); 2162 } 2163 2164 return (error); 2165 } 2166 2167 /* 2168 * inputs: 2169 * zc_name name of filesystem 2170 * zc_nvlist_dst_size size of buffer for property nvlist 2171 * 2172 * outputs: 2173 * zc_objset_stats stats 2174 * zc_nvlist_dst property nvlist 2175 * zc_nvlist_dst_size size of property nvlist 2176 */ 2177 static int 2178 zfs_ioc_objset_stats(zfs_cmd_t *zc) 2179 { 2180 objset_t *os; 2181 int error; 2182 2183 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 2184 if (error == 0) { 2185 error = zfs_ioc_objset_stats_impl(zc, os); 2186 dmu_objset_rele(os, FTAG); 2187 } 2188 2189 if (error == ENOMEM) 2190 error = 0; 2191 return (error); 2192 } 2193 2194 /* 2195 * inputs: 2196 * zc_name name of filesystem 2197 * zc_nvlist_dst_size size of buffer for property nvlist 2198 * 2199 * outputs: 2200 * zc_nvlist_dst received property nvlist 2201 * zc_nvlist_dst_size size of received property nvlist 2202 * 2203 * Gets received properties (distinct from local properties on or after 2204 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from 2205 * local property values. 2206 */ 2207 static int 2208 zfs_ioc_objset_recvd_props(zfs_cmd_t *zc) 2209 { 2210 int error = 0; 2211 nvlist_t *nv; 2212 2213 /* 2214 * Without this check, we would return local property values if the 2215 * caller has not already received properties on or after 2216 * SPA_VERSION_RECVD_PROPS. 2217 */ 2218 if (!dsl_prop_get_hasrecvd(zc->zc_name)) 2219 return (SET_ERROR(ENOTSUP)); 2220 2221 if (zc->zc_nvlist_dst != 0 && 2222 (error = dsl_prop_get_received(zc->zc_name, &nv)) == 0) { 2223 error = put_nvlist(zc, nv); 2224 nvlist_free(nv); 2225 } 2226 2227 return (error); 2228 } 2229 2230 static int 2231 nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop) 2232 { 2233 uint64_t value; 2234 int error; 2235 2236 /* 2237 * zfs_get_zplprop() will either find a value or give us 2238 * the default value (if there is one). 2239 */ 2240 if ((error = zfs_get_zplprop(os, prop, &value)) != 0) 2241 return (error); 2242 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0); 2243 return (0); 2244 } 2245 2246 /* 2247 * inputs: 2248 * zc_name name of filesystem 2249 * zc_nvlist_dst_size size of buffer for zpl property nvlist 2250 * 2251 * outputs: 2252 * zc_nvlist_dst zpl property nvlist 2253 * zc_nvlist_dst_size size of zpl property nvlist 2254 */ 2255 static int 2256 zfs_ioc_objset_zplprops(zfs_cmd_t *zc) 2257 { 2258 objset_t *os; 2259 int err; 2260 2261 /* XXX reading without owning */ 2262 if (err = dmu_objset_hold(zc->zc_name, FTAG, &os)) 2263 return (err); 2264 2265 dmu_objset_fast_stat(os, &zc->zc_objset_stats); 2266 2267 /* 2268 * NB: nvl_add_zplprop() will read the objset contents, 2269 * which we aren't supposed to do with a DS_MODE_USER 2270 * hold, because it could be inconsistent. 2271 */ 2272 if (zc->zc_nvlist_dst != 0 && 2273 !zc->zc_objset_stats.dds_inconsistent && 2274 dmu_objset_type(os) == DMU_OST_ZFS) { 2275 nvlist_t *nv; 2276 2277 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2278 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 && 2279 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 && 2280 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 && 2281 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0) 2282 err = put_nvlist(zc, nv); 2283 nvlist_free(nv); 2284 } else { 2285 err = SET_ERROR(ENOENT); 2286 } 2287 dmu_objset_rele(os, FTAG); 2288 return (err); 2289 } 2290 2291 boolean_t 2292 dataset_name_hidden(const char *name) 2293 { 2294 /* 2295 * Skip over datasets that are not visible in this zone, 2296 * internal datasets (which have a $ in their name), and 2297 * temporary datasets (which have a % in their name). 2298 */ 2299 if (strchr(name, '$') != NULL) 2300 return (B_TRUE); 2301 if (strchr(name, '%') != NULL) 2302 return (B_TRUE); 2303 if (!INGLOBALZONE(curthread) && !zone_dataset_visible(name, NULL)) 2304 return (B_TRUE); 2305 return (B_FALSE); 2306 } 2307 2308 /* 2309 * inputs: 2310 * zc_name name of filesystem 2311 * zc_cookie zap cursor 2312 * zc_nvlist_dst_size size of buffer for property nvlist 2313 * 2314 * outputs: 2315 * zc_name name of next filesystem 2316 * zc_cookie zap cursor 2317 * zc_objset_stats stats 2318 * zc_nvlist_dst property nvlist 2319 * zc_nvlist_dst_size size of property nvlist 2320 */ 2321 static int 2322 zfs_ioc_dataset_list_next(zfs_cmd_t *zc) 2323 { 2324 objset_t *os; 2325 int error; 2326 char *p; 2327 size_t orig_len = strlen(zc->zc_name); 2328 2329 top: 2330 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os)) { 2331 if (error == ENOENT) 2332 error = SET_ERROR(ESRCH); 2333 return (error); 2334 } 2335 2336 p = strrchr(zc->zc_name, '/'); 2337 if (p == NULL || p[1] != '\0') 2338 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name)); 2339 p = zc->zc_name + strlen(zc->zc_name); 2340 2341 do { 2342 error = dmu_dir_list_next(os, 2343 sizeof (zc->zc_name) - (p - zc->zc_name), p, 2344 NULL, &zc->zc_cookie); 2345 if (error == ENOENT) 2346 error = SET_ERROR(ESRCH); 2347 } while (error == 0 && dataset_name_hidden(zc->zc_name)); 2348 dmu_objset_rele(os, FTAG); 2349 2350 /* 2351 * If it's an internal dataset (ie. with a '$' in its name), 2352 * don't try to get stats for it, otherwise we'll return ENOENT. 2353 */ 2354 if (error == 0 && strchr(zc->zc_name, '$') == NULL) { 2355 error = zfs_ioc_objset_stats(zc); /* fill in the stats */ 2356 if (error == ENOENT) { 2357 /* We lost a race with destroy, get the next one. */ 2358 zc->zc_name[orig_len] = '\0'; 2359 goto top; 2360 } 2361 } 2362 return (error); 2363 } 2364 2365 /* 2366 * inputs: 2367 * zc_name name of filesystem 2368 * zc_cookie zap cursor 2369 * zc_nvlist_dst_size size of buffer for property nvlist 2370 * zc_simple when set, only name is requested 2371 * 2372 * outputs: 2373 * zc_name name of next snapshot 2374 * zc_objset_stats stats 2375 * zc_nvlist_dst property nvlist 2376 * zc_nvlist_dst_size size of property nvlist 2377 */ 2378 static int 2379 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc) 2380 { 2381 objset_t *os; 2382 int error; 2383 2384 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 2385 if (error != 0) { 2386 return (error == ENOENT ? ESRCH : error); 2387 } 2388 2389 /* 2390 * A dataset name of maximum length cannot have any snapshots, 2391 * so exit immediately. 2392 */ 2393 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >= 2394 ZFS_MAX_DATASET_NAME_LEN) { 2395 dmu_objset_rele(os, FTAG); 2396 return (SET_ERROR(ESRCH)); 2397 } 2398 2399 error = dmu_snapshot_list_next(os, 2400 sizeof (zc->zc_name) - strlen(zc->zc_name), 2401 zc->zc_name + strlen(zc->zc_name), &zc->zc_obj, &zc->zc_cookie, 2402 NULL); 2403 2404 if (error == 0 && !zc->zc_simple) { 2405 dsl_dataset_t *ds; 2406 dsl_pool_t *dp = os->os_dsl_dataset->ds_dir->dd_pool; 2407 2408 error = dsl_dataset_hold_obj(dp, zc->zc_obj, FTAG, &ds); 2409 if (error == 0) { 2410 objset_t *ossnap; 2411 2412 error = dmu_objset_from_ds(ds, &ossnap); 2413 if (error == 0) 2414 error = zfs_ioc_objset_stats_impl(zc, ossnap); 2415 dsl_dataset_rele(ds, FTAG); 2416 } 2417 } else if (error == ENOENT) { 2418 error = SET_ERROR(ESRCH); 2419 } 2420 2421 dmu_objset_rele(os, FTAG); 2422 /* if we failed, undo the @ that we tacked on to zc_name */ 2423 if (error != 0) 2424 *strchr(zc->zc_name, '@') = '\0'; 2425 return (error); 2426 } 2427 2428 static int 2429 zfs_prop_set_userquota(const char *dsname, nvpair_t *pair) 2430 { 2431 const char *propname = nvpair_name(pair); 2432 uint64_t *valary; 2433 unsigned int vallen; 2434 const char *domain; 2435 char *dash; 2436 zfs_userquota_prop_t type; 2437 uint64_t rid; 2438 uint64_t quota; 2439 zfsvfs_t *zfsvfs; 2440 int err; 2441 2442 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2443 nvlist_t *attrs; 2444 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 2445 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2446 &pair) != 0) 2447 return (SET_ERROR(EINVAL)); 2448 } 2449 2450 /* 2451 * A correctly constructed propname is encoded as 2452 * userquota@<rid>-<domain>. 2453 */ 2454 if ((dash = strchr(propname, '-')) == NULL || 2455 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 || 2456 vallen != 3) 2457 return (SET_ERROR(EINVAL)); 2458 2459 domain = dash + 1; 2460 type = valary[0]; 2461 rid = valary[1]; 2462 quota = valary[2]; 2463 2464 err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE); 2465 if (err == 0) { 2466 err = zfs_set_userquota(zfsvfs, type, domain, rid, quota); 2467 zfsvfs_rele(zfsvfs, FTAG); 2468 } 2469 2470 return (err); 2471 } 2472 2473 /* 2474 * If the named property is one that has a special function to set its value, 2475 * return 0 on success and a positive error code on failure; otherwise if it is 2476 * not one of the special properties handled by this function, return -1. 2477 * 2478 * XXX: It would be better for callers of the property interface if we handled 2479 * these special cases in dsl_prop.c (in the dsl layer). 2480 */ 2481 static int 2482 zfs_prop_set_special(const char *dsname, zprop_source_t source, 2483 nvpair_t *pair) 2484 { 2485 const char *propname = nvpair_name(pair); 2486 zfs_prop_t prop = zfs_name_to_prop(propname); 2487 uint64_t intval; 2488 int err = -1; 2489 2490 if (prop == ZPROP_INVAL) { 2491 if (zfs_prop_userquota(propname)) 2492 return (zfs_prop_set_userquota(dsname, pair)); 2493 return (-1); 2494 } 2495 2496 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2497 nvlist_t *attrs; 2498 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 2499 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2500 &pair) == 0); 2501 } 2502 2503 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING) 2504 return (-1); 2505 2506 VERIFY(0 == nvpair_value_uint64(pair, &intval)); 2507 2508 switch (prop) { 2509 case ZFS_PROP_QUOTA: 2510 err = dsl_dir_set_quota(dsname, source, intval); 2511 break; 2512 case ZFS_PROP_REFQUOTA: 2513 err = dsl_dataset_set_refquota(dsname, source, intval); 2514 break; 2515 case ZFS_PROP_FILESYSTEM_LIMIT: 2516 case ZFS_PROP_SNAPSHOT_LIMIT: 2517 if (intval == UINT64_MAX) { 2518 /* clearing the limit, just do it */ 2519 err = 0; 2520 } else { 2521 err = dsl_dir_activate_fs_ss_limit(dsname); 2522 } 2523 /* 2524 * Set err to -1 to force the zfs_set_prop_nvlist code down the 2525 * default path to set the value in the nvlist. 2526 */ 2527 if (err == 0) 2528 err = -1; 2529 break; 2530 case ZFS_PROP_RESERVATION: 2531 err = dsl_dir_set_reservation(dsname, source, intval); 2532 break; 2533 case ZFS_PROP_REFRESERVATION: 2534 err = dsl_dataset_set_refreservation(dsname, source, intval); 2535 break; 2536 case ZFS_PROP_VOLSIZE: 2537 err = zvol_set_volsize(dsname, intval); 2538 break; 2539 case ZFS_PROP_VERSION: 2540 { 2541 zfsvfs_t *zfsvfs; 2542 2543 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0) 2544 break; 2545 2546 err = zfs_set_version(zfsvfs, intval); 2547 zfsvfs_rele(zfsvfs, FTAG); 2548 2549 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) { 2550 zfs_cmd_t *zc; 2551 2552 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP); 2553 (void) strcpy(zc->zc_name, dsname); 2554 (void) zfs_ioc_userspace_upgrade(zc); 2555 kmem_free(zc, sizeof (zfs_cmd_t)); 2556 } 2557 break; 2558 } 2559 default: 2560 err = -1; 2561 } 2562 2563 return (err); 2564 } 2565 2566 /* 2567 * This function is best effort. If it fails to set any of the given properties, 2568 * it continues to set as many as it can and returns the last error 2569 * encountered. If the caller provides a non-NULL errlist, it will be filled in 2570 * with the list of names of all the properties that failed along with the 2571 * corresponding error numbers. 2572 * 2573 * If every property is set successfully, zero is returned and errlist is not 2574 * modified. 2575 */ 2576 int 2577 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl, 2578 nvlist_t *errlist) 2579 { 2580 nvpair_t *pair; 2581 nvpair_t *propval; 2582 int rv = 0; 2583 uint64_t intval; 2584 char *strval; 2585 nvlist_t *genericnvl = fnvlist_alloc(); 2586 nvlist_t *retrynvl = fnvlist_alloc(); 2587 2588 retry: 2589 pair = NULL; 2590 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) { 2591 const char *propname = nvpair_name(pair); 2592 zfs_prop_t prop = zfs_name_to_prop(propname); 2593 int err = 0; 2594 2595 /* decode the property value */ 2596 propval = pair; 2597 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2598 nvlist_t *attrs; 2599 attrs = fnvpair_value_nvlist(pair); 2600 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2601 &propval) != 0) 2602 err = SET_ERROR(EINVAL); 2603 } 2604 2605 /* Validate value type */ 2606 if (err == 0 && prop == ZPROP_INVAL) { 2607 if (zfs_prop_user(propname)) { 2608 if (nvpair_type(propval) != DATA_TYPE_STRING) 2609 err = SET_ERROR(EINVAL); 2610 } else if (zfs_prop_userquota(propname)) { 2611 if (nvpair_type(propval) != 2612 DATA_TYPE_UINT64_ARRAY) 2613 err = SET_ERROR(EINVAL); 2614 } else { 2615 err = SET_ERROR(EINVAL); 2616 } 2617 } else if (err == 0) { 2618 if (nvpair_type(propval) == DATA_TYPE_STRING) { 2619 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING) 2620 err = SET_ERROR(EINVAL); 2621 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) { 2622 const char *unused; 2623 2624 intval = fnvpair_value_uint64(propval); 2625 2626 switch (zfs_prop_get_type(prop)) { 2627 case PROP_TYPE_NUMBER: 2628 break; 2629 case PROP_TYPE_STRING: 2630 err = SET_ERROR(EINVAL); 2631 break; 2632 case PROP_TYPE_INDEX: 2633 if (zfs_prop_index_to_string(prop, 2634 intval, &unused) != 0) 2635 err = SET_ERROR(EINVAL); 2636 break; 2637 default: 2638 cmn_err(CE_PANIC, 2639 "unknown property type"); 2640 } 2641 } else { 2642 err = SET_ERROR(EINVAL); 2643 } 2644 } 2645 2646 /* Validate permissions */ 2647 if (err == 0) 2648 err = zfs_check_settable(dsname, pair, CRED()); 2649 2650 if (err == 0) { 2651 err = zfs_prop_set_special(dsname, source, pair); 2652 if (err == -1) { 2653 /* 2654 * For better performance we build up a list of 2655 * properties to set in a single transaction. 2656 */ 2657 err = nvlist_add_nvpair(genericnvl, pair); 2658 } else if (err != 0 && nvl != retrynvl) { 2659 /* 2660 * This may be a spurious error caused by 2661 * receiving quota and reservation out of order. 2662 * Try again in a second pass. 2663 */ 2664 err = nvlist_add_nvpair(retrynvl, pair); 2665 } 2666 } 2667 2668 if (err != 0) { 2669 if (errlist != NULL) 2670 fnvlist_add_int32(errlist, propname, err); 2671 rv = err; 2672 } 2673 } 2674 2675 if (nvl != retrynvl && !nvlist_empty(retrynvl)) { 2676 nvl = retrynvl; 2677 goto retry; 2678 } 2679 2680 if (!nvlist_empty(genericnvl) && 2681 dsl_props_set(dsname, source, genericnvl) != 0) { 2682 /* 2683 * If this fails, we still want to set as many properties as we 2684 * can, so try setting them individually. 2685 */ 2686 pair = NULL; 2687 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) { 2688 const char *propname = nvpair_name(pair); 2689 int err = 0; 2690 2691 propval = pair; 2692 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2693 nvlist_t *attrs; 2694 attrs = fnvpair_value_nvlist(pair); 2695 propval = fnvlist_lookup_nvpair(attrs, 2696 ZPROP_VALUE); 2697 } 2698 2699 if (nvpair_type(propval) == DATA_TYPE_STRING) { 2700 strval = fnvpair_value_string(propval); 2701 err = dsl_prop_set_string(dsname, propname, 2702 source, strval); 2703 } else { 2704 intval = fnvpair_value_uint64(propval); 2705 err = dsl_prop_set_int(dsname, propname, source, 2706 intval); 2707 } 2708 2709 if (err != 0) { 2710 if (errlist != NULL) { 2711 fnvlist_add_int32(errlist, propname, 2712 err); 2713 } 2714 rv = err; 2715 } 2716 } 2717 } 2718 nvlist_free(genericnvl); 2719 nvlist_free(retrynvl); 2720 2721 return (rv); 2722 } 2723 2724 /* 2725 * Check that all the properties are valid user properties. 2726 */ 2727 static int 2728 zfs_check_userprops(const char *fsname, nvlist_t *nvl) 2729 { 2730 nvpair_t *pair = NULL; 2731 int error = 0; 2732 2733 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) { 2734 const char *propname = nvpair_name(pair); 2735 2736 if (!zfs_prop_user(propname) || 2737 nvpair_type(pair) != DATA_TYPE_STRING) 2738 return (SET_ERROR(EINVAL)); 2739 2740 if (error = zfs_secpolicy_write_perms(fsname, 2741 ZFS_DELEG_PERM_USERPROP, CRED())) 2742 return (error); 2743 2744 if (strlen(propname) >= ZAP_MAXNAMELEN) 2745 return (SET_ERROR(ENAMETOOLONG)); 2746 2747 if (strlen(fnvpair_value_string(pair)) >= ZAP_MAXVALUELEN) 2748 return (E2BIG); 2749 } 2750 return (0); 2751 } 2752 2753 static void 2754 props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops) 2755 { 2756 nvpair_t *pair; 2757 2758 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2759 2760 pair = NULL; 2761 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) { 2762 if (nvlist_exists(skipped, nvpair_name(pair))) 2763 continue; 2764 2765 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0); 2766 } 2767 } 2768 2769 static int 2770 clear_received_props(const char *dsname, nvlist_t *props, 2771 nvlist_t *skipped) 2772 { 2773 int err = 0; 2774 nvlist_t *cleared_props = NULL; 2775 props_skip(props, skipped, &cleared_props); 2776 if (!nvlist_empty(cleared_props)) { 2777 /* 2778 * Acts on local properties until the dataset has received 2779 * properties at least once on or after SPA_VERSION_RECVD_PROPS. 2780 */ 2781 zprop_source_t flags = (ZPROP_SRC_NONE | 2782 (dsl_prop_get_hasrecvd(dsname) ? ZPROP_SRC_RECEIVED : 0)); 2783 err = zfs_set_prop_nvlist(dsname, flags, cleared_props, NULL); 2784 } 2785 nvlist_free(cleared_props); 2786 return (err); 2787 } 2788 2789 /* 2790 * inputs: 2791 * zc_name name of filesystem 2792 * zc_value name of property to set 2793 * zc_nvlist_src{_size} nvlist of properties to apply 2794 * zc_cookie received properties flag 2795 * 2796 * outputs: 2797 * zc_nvlist_dst{_size} error for each unapplied received property 2798 */ 2799 static int 2800 zfs_ioc_set_prop(zfs_cmd_t *zc) 2801 { 2802 nvlist_t *nvl; 2803 boolean_t received = zc->zc_cookie; 2804 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED : 2805 ZPROP_SRC_LOCAL); 2806 nvlist_t *errors; 2807 int error; 2808 2809 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2810 zc->zc_iflags, &nvl)) != 0) 2811 return (error); 2812 2813 if (received) { 2814 nvlist_t *origprops; 2815 2816 if (dsl_prop_get_received(zc->zc_name, &origprops) == 0) { 2817 (void) clear_received_props(zc->zc_name, 2818 origprops, nvl); 2819 nvlist_free(origprops); 2820 } 2821 2822 error = dsl_prop_set_hasrecvd(zc->zc_name); 2823 } 2824 2825 errors = fnvlist_alloc(); 2826 if (error == 0) 2827 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, errors); 2828 2829 if (zc->zc_nvlist_dst != 0 && errors != NULL) { 2830 (void) put_nvlist(zc, errors); 2831 } 2832 2833 nvlist_free(errors); 2834 nvlist_free(nvl); 2835 return (error); 2836 } 2837 2838 /* 2839 * inputs: 2840 * zc_name name of filesystem 2841 * zc_value name of property to inherit 2842 * zc_cookie revert to received value if TRUE 2843 * 2844 * outputs: none 2845 */ 2846 static int 2847 zfs_ioc_inherit_prop(zfs_cmd_t *zc) 2848 { 2849 const char *propname = zc->zc_value; 2850 zfs_prop_t prop = zfs_name_to_prop(propname); 2851 boolean_t received = zc->zc_cookie; 2852 zprop_source_t source = (received 2853 ? ZPROP_SRC_NONE /* revert to received value, if any */ 2854 : ZPROP_SRC_INHERITED); /* explicitly inherit */ 2855 2856 if (received) { 2857 nvlist_t *dummy; 2858 nvpair_t *pair; 2859 zprop_type_t type; 2860 int err; 2861 2862 /* 2863 * zfs_prop_set_special() expects properties in the form of an 2864 * nvpair with type info. 2865 */ 2866 if (prop == ZPROP_INVAL) { 2867 if (!zfs_prop_user(propname)) 2868 return (SET_ERROR(EINVAL)); 2869 2870 type = PROP_TYPE_STRING; 2871 } else if (prop == ZFS_PROP_VOLSIZE || 2872 prop == ZFS_PROP_VERSION) { 2873 return (SET_ERROR(EINVAL)); 2874 } else { 2875 type = zfs_prop_get_type(prop); 2876 } 2877 2878 VERIFY(nvlist_alloc(&dummy, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2879 2880 switch (type) { 2881 case PROP_TYPE_STRING: 2882 VERIFY(0 == nvlist_add_string(dummy, propname, "")); 2883 break; 2884 case PROP_TYPE_NUMBER: 2885 case PROP_TYPE_INDEX: 2886 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0)); 2887 break; 2888 default: 2889 nvlist_free(dummy); 2890 return (SET_ERROR(EINVAL)); 2891 } 2892 2893 pair = nvlist_next_nvpair(dummy, NULL); 2894 err = zfs_prop_set_special(zc->zc_name, source, pair); 2895 nvlist_free(dummy); 2896 if (err != -1) 2897 return (err); /* special property already handled */ 2898 } else { 2899 /* 2900 * Only check this in the non-received case. We want to allow 2901 * 'inherit -S' to revert non-inheritable properties like quota 2902 * and reservation to the received or default values even though 2903 * they are not considered inheritable. 2904 */ 2905 if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop)) 2906 return (SET_ERROR(EINVAL)); 2907 } 2908 2909 /* property name has been validated by zfs_secpolicy_inherit_prop() */ 2910 return (dsl_prop_inherit(zc->zc_name, zc->zc_value, source)); 2911 } 2912 2913 static int 2914 zfs_ioc_pool_set_props(zfs_cmd_t *zc) 2915 { 2916 nvlist_t *props; 2917 spa_t *spa; 2918 int error; 2919 nvpair_t *pair; 2920 2921 if (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2922 zc->zc_iflags, &props)) 2923 return (error); 2924 2925 /* 2926 * If the only property is the configfile, then just do a spa_lookup() 2927 * to handle the faulted case. 2928 */ 2929 pair = nvlist_next_nvpair(props, NULL); 2930 if (pair != NULL && strcmp(nvpair_name(pair), 2931 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 && 2932 nvlist_next_nvpair(props, pair) == NULL) { 2933 mutex_enter(&spa_namespace_lock); 2934 if ((spa = spa_lookup(zc->zc_name)) != NULL) { 2935 spa_configfile_set(spa, props, B_FALSE); 2936 spa_config_sync(spa, B_FALSE, B_TRUE); 2937 } 2938 mutex_exit(&spa_namespace_lock); 2939 if (spa != NULL) { 2940 nvlist_free(props); 2941 return (0); 2942 } 2943 } 2944 2945 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) { 2946 nvlist_free(props); 2947 return (error); 2948 } 2949 2950 error = spa_prop_set(spa, props); 2951 2952 nvlist_free(props); 2953 spa_close(spa, FTAG); 2954 2955 return (error); 2956 } 2957 2958 static int 2959 zfs_ioc_pool_get_props(zfs_cmd_t *zc) 2960 { 2961 spa_t *spa; 2962 int error; 2963 nvlist_t *nvp = NULL; 2964 2965 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) { 2966 /* 2967 * If the pool is faulted, there may be properties we can still 2968 * get (such as altroot and cachefile), so attempt to get them 2969 * anyway. 2970 */ 2971 mutex_enter(&spa_namespace_lock); 2972 if ((spa = spa_lookup(zc->zc_name)) != NULL) 2973 error = spa_prop_get(spa, &nvp); 2974 mutex_exit(&spa_namespace_lock); 2975 } else { 2976 error = spa_prop_get(spa, &nvp); 2977 spa_close(spa, FTAG); 2978 } 2979 2980 if (error == 0 && zc->zc_nvlist_dst != 0) 2981 error = put_nvlist(zc, nvp); 2982 else 2983 error = SET_ERROR(EFAULT); 2984 2985 nvlist_free(nvp); 2986 return (error); 2987 } 2988 2989 /* 2990 * inputs: 2991 * zc_name name of filesystem 2992 * zc_nvlist_src{_size} nvlist of delegated permissions 2993 * zc_perm_action allow/unallow flag 2994 * 2995 * outputs: none 2996 */ 2997 static int 2998 zfs_ioc_set_fsacl(zfs_cmd_t *zc) 2999 { 3000 int error; 3001 nvlist_t *fsaclnv = NULL; 3002 3003 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 3004 zc->zc_iflags, &fsaclnv)) != 0) 3005 return (error); 3006 3007 /* 3008 * Verify nvlist is constructed correctly 3009 */ 3010 if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) { 3011 nvlist_free(fsaclnv); 3012 return (SET_ERROR(EINVAL)); 3013 } 3014 3015 /* 3016 * If we don't have PRIV_SYS_MOUNT, then validate 3017 * that user is allowed to hand out each permission in 3018 * the nvlist(s) 3019 */ 3020 3021 error = secpolicy_zfs(CRED()); 3022 if (error != 0) { 3023 if (zc->zc_perm_action == B_FALSE) { 3024 error = dsl_deleg_can_allow(zc->zc_name, 3025 fsaclnv, CRED()); 3026 } else { 3027 error = dsl_deleg_can_unallow(zc->zc_name, 3028 fsaclnv, CRED()); 3029 } 3030 } 3031 3032 if (error == 0) 3033 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action); 3034 3035 nvlist_free(fsaclnv); 3036 return (error); 3037 } 3038 3039 /* 3040 * inputs: 3041 * zc_name name of filesystem 3042 * 3043 * outputs: 3044 * zc_nvlist_src{_size} nvlist of delegated permissions 3045 */ 3046 static int 3047 zfs_ioc_get_fsacl(zfs_cmd_t *zc) 3048 { 3049 nvlist_t *nvp; 3050 int error; 3051 3052 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) { 3053 error = put_nvlist(zc, nvp); 3054 nvlist_free(nvp); 3055 } 3056 3057 return (error); 3058 } 3059 3060 /* 3061 * Search the vfs list for a specified resource. Returns a pointer to it 3062 * or NULL if no suitable entry is found. The caller of this routine 3063 * is responsible for releasing the returned vfs pointer. 3064 */ 3065 static vfs_t * 3066 zfs_get_vfs(const char *resource) 3067 { 3068 vfs_t *vfsp; 3069 3070 #ifdef __FreeBSD__ 3071 mtx_lock(&mountlist_mtx); 3072 TAILQ_FOREACH(vfsp, &mountlist, mnt_list) { 3073 if (strcmp(refstr_value(vfsp->vfs_resource), resource) == 0) { 3074 if (vfs_busy(vfsp, MBF_MNTLSTLOCK) != 0) 3075 vfsp = NULL; 3076 break; 3077 } 3078 } 3079 if (vfsp == NULL) 3080 mtx_unlock(&mountlist_mtx); 3081 #endif 3082 #ifdef __NetBSD__ 3083 mount_iterator_t *iter; 3084 3085 mountlist_iterator_init(&iter); 3086 while ((vfsp = mountlist_iterator_next(iter)) != NULL) { 3087 if (strcmp(refstr_value(vfsp->vfs_resource), resource) == 0) { 3088 if (vfs_busy(vfsp, 0) != 0) 3089 vfsp = NULL; 3090 break; 3091 } 3092 } 3093 mountlist_iterator_destroy(iter); 3094 #endif 3095 3096 return (vfsp); 3097 } 3098 3099 /* ARGSUSED */ 3100 static void 3101 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx) 3102 { 3103 zfs_creat_t *zct = arg; 3104 3105 zfs_create_fs(os, cr, zct->zct_zplprops, tx); 3106 } 3107 3108 #define ZFS_PROP_UNDEFINED ((uint64_t)-1) 3109 3110 /* 3111 * inputs: 3112 * os parent objset pointer (NULL if root fs) 3113 * fuids_ok fuids allowed in this version of the spa? 3114 * sa_ok SAs allowed in this version of the spa? 3115 * createprops list of properties requested by creator 3116 * 3117 * outputs: 3118 * zplprops values for the zplprops we attach to the master node object 3119 * is_ci true if requested file system will be purely case-insensitive 3120 * 3121 * Determine the settings for utf8only, normalization and 3122 * casesensitivity. Specific values may have been requested by the 3123 * creator and/or we can inherit values from the parent dataset. If 3124 * the file system is of too early a vintage, a creator can not 3125 * request settings for these properties, even if the requested 3126 * setting is the default value. We don't actually want to create dsl 3127 * properties for these, so remove them from the source nvlist after 3128 * processing. 3129 */ 3130 static int 3131 zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver, 3132 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops, 3133 nvlist_t *zplprops, boolean_t *is_ci) 3134 { 3135 uint64_t sense = ZFS_PROP_UNDEFINED; 3136 uint64_t norm = ZFS_PROP_UNDEFINED; 3137 uint64_t u8 = ZFS_PROP_UNDEFINED; 3138 3139 ASSERT(zplprops != NULL); 3140 3141 /* 3142 * Pull out creator prop choices, if any. 3143 */ 3144 if (createprops) { 3145 (void) nvlist_lookup_uint64(createprops, 3146 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver); 3147 (void) nvlist_lookup_uint64(createprops, 3148 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm); 3149 (void) nvlist_remove_all(createprops, 3150 zfs_prop_to_name(ZFS_PROP_NORMALIZE)); 3151 (void) nvlist_lookup_uint64(createprops, 3152 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8); 3153 (void) nvlist_remove_all(createprops, 3154 zfs_prop_to_name(ZFS_PROP_UTF8ONLY)); 3155 (void) nvlist_lookup_uint64(createprops, 3156 zfs_prop_to_name(ZFS_PROP_CASE), &sense); 3157 (void) nvlist_remove_all(createprops, 3158 zfs_prop_to_name(ZFS_PROP_CASE)); 3159 } 3160 3161 /* 3162 * If the zpl version requested is whacky or the file system 3163 * or pool is version is too "young" to support normalization 3164 * and the creator tried to set a value for one of the props, 3165 * error out. 3166 */ 3167 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) || 3168 (zplver >= ZPL_VERSION_FUID && !fuids_ok) || 3169 (zplver >= ZPL_VERSION_SA && !sa_ok) || 3170 (zplver < ZPL_VERSION_NORMALIZATION && 3171 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED || 3172 sense != ZFS_PROP_UNDEFINED))) 3173 return (SET_ERROR(ENOTSUP)); 3174 3175 /* 3176 * Put the version in the zplprops 3177 */ 3178 VERIFY(nvlist_add_uint64(zplprops, 3179 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0); 3180 3181 if (norm == ZFS_PROP_UNDEFINED) 3182 VERIFY(zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm) == 0); 3183 VERIFY(nvlist_add_uint64(zplprops, 3184 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0); 3185 3186 /* 3187 * If we're normalizing, names must always be valid UTF-8 strings. 3188 */ 3189 if (norm) 3190 u8 = 1; 3191 if (u8 == ZFS_PROP_UNDEFINED) 3192 VERIFY(zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8) == 0); 3193 VERIFY(nvlist_add_uint64(zplprops, 3194 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0); 3195 3196 if (sense == ZFS_PROP_UNDEFINED) 3197 VERIFY(zfs_get_zplprop(os, ZFS_PROP_CASE, &sense) == 0); 3198 VERIFY(nvlist_add_uint64(zplprops, 3199 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0); 3200 3201 if (is_ci) 3202 *is_ci = (sense == ZFS_CASE_INSENSITIVE); 3203 3204 return (0); 3205 } 3206 3207 static int 3208 zfs_fill_zplprops(const char *dataset, nvlist_t *createprops, 3209 nvlist_t *zplprops, boolean_t *is_ci) 3210 { 3211 boolean_t fuids_ok, sa_ok; 3212 uint64_t zplver = ZPL_VERSION; 3213 objset_t *os = NULL; 3214 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 3215 char *cp; 3216 spa_t *spa; 3217 uint64_t spa_vers; 3218 int error; 3219 3220 (void) strlcpy(parentname, dataset, sizeof (parentname)); 3221 cp = strrchr(parentname, '/'); 3222 ASSERT(cp != NULL); 3223 cp[0] = '\0'; 3224 3225 if ((error = spa_open(dataset, &spa, FTAG)) != 0) 3226 return (error); 3227 3228 spa_vers = spa_version(spa); 3229 spa_close(spa, FTAG); 3230 3231 zplver = zfs_zpl_version_map(spa_vers); 3232 fuids_ok = (zplver >= ZPL_VERSION_FUID); 3233 sa_ok = (zplver >= ZPL_VERSION_SA); 3234 3235 /* 3236 * Open parent object set so we can inherit zplprop values. 3237 */ 3238 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0) 3239 return (error); 3240 3241 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops, 3242 zplprops, is_ci); 3243 dmu_objset_rele(os, FTAG); 3244 return (error); 3245 } 3246 3247 static int 3248 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops, 3249 nvlist_t *zplprops, boolean_t *is_ci) 3250 { 3251 boolean_t fuids_ok; 3252 boolean_t sa_ok; 3253 uint64_t zplver = ZPL_VERSION; 3254 int error; 3255 3256 zplver = zfs_zpl_version_map(spa_vers); 3257 fuids_ok = (zplver >= ZPL_VERSION_FUID); 3258 sa_ok = (zplver >= ZPL_VERSION_SA); 3259 3260 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok, 3261 createprops, zplprops, is_ci); 3262 return (error); 3263 } 3264 3265 /* 3266 * innvl: { 3267 * "type" -> dmu_objset_type_t (int32) 3268 * (optional) "props" -> { prop -> value } 3269 * } 3270 * 3271 * outnvl: propname -> error code (int32) 3272 */ 3273 static int 3274 zfs_ioc_create(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3275 { 3276 int error = 0; 3277 zfs_creat_t zct = { 0 }; 3278 nvlist_t *nvprops = NULL; 3279 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx); 3280 int32_t type32; 3281 dmu_objset_type_t type; 3282 boolean_t is_insensitive = B_FALSE; 3283 3284 if (nvlist_lookup_int32(innvl, "type", &type32) != 0) 3285 return (SET_ERROR(EINVAL)); 3286 type = type32; 3287 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops); 3288 3289 switch (type) { 3290 case DMU_OST_ZFS: 3291 cbfunc = zfs_create_cb; 3292 break; 3293 3294 case DMU_OST_ZVOL: 3295 cbfunc = zvol_create_cb; 3296 break; 3297 3298 default: 3299 cbfunc = NULL; 3300 break; 3301 } 3302 if (strchr(fsname, '@') || 3303 strchr(fsname, '%')) 3304 return (SET_ERROR(EINVAL)); 3305 3306 zct.zct_props = nvprops; 3307 3308 if (cbfunc == NULL) 3309 return (SET_ERROR(EINVAL)); 3310 3311 if (type == DMU_OST_ZVOL) { 3312 uint64_t volsize, volblocksize; 3313 3314 if (nvprops == NULL) 3315 return (SET_ERROR(EINVAL)); 3316 if (nvlist_lookup_uint64(nvprops, 3317 zfs_prop_to_name(ZFS_PROP_VOLSIZE), &volsize) != 0) 3318 return (SET_ERROR(EINVAL)); 3319 3320 if ((error = nvlist_lookup_uint64(nvprops, 3321 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE), 3322 &volblocksize)) != 0 && error != ENOENT) 3323 return (SET_ERROR(EINVAL)); 3324 3325 if (error != 0) 3326 volblocksize = zfs_prop_default_numeric( 3327 ZFS_PROP_VOLBLOCKSIZE); 3328 3329 if ((error = zvol_check_volblocksize( 3330 volblocksize)) != 0 || 3331 (error = zvol_check_volsize(volsize, 3332 volblocksize)) != 0) 3333 return (error); 3334 } else if (type == DMU_OST_ZFS) { 3335 int error; 3336 3337 /* 3338 * We have to have normalization and 3339 * case-folding flags correct when we do the 3340 * file system creation, so go figure them out 3341 * now. 3342 */ 3343 VERIFY(nvlist_alloc(&zct.zct_zplprops, 3344 NV_UNIQUE_NAME, KM_SLEEP) == 0); 3345 error = zfs_fill_zplprops(fsname, nvprops, 3346 zct.zct_zplprops, &is_insensitive); 3347 if (error != 0) { 3348 nvlist_free(zct.zct_zplprops); 3349 return (error); 3350 } 3351 } 3352 3353 error = dmu_objset_create(fsname, type, 3354 is_insensitive ? DS_FLAG_CI_DATASET : 0, cbfunc, &zct); 3355 nvlist_free(zct.zct_zplprops); 3356 3357 /* 3358 * It would be nice to do this atomically. 3359 */ 3360 if (error == 0) { 3361 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL, 3362 nvprops, outnvl); 3363 if (error != 0) 3364 (void) dsl_destroy_head(fsname); 3365 } 3366 #ifdef __FreeBSD__ 3367 if (error == 0 && type == DMU_OST_ZVOL) 3368 zvol_create_minors(fsname); 3369 #endif 3370 return (error); 3371 } 3372 3373 /* 3374 * innvl: { 3375 * "origin" -> name of origin snapshot 3376 * (optional) "props" -> { prop -> value } 3377 * } 3378 * 3379 * outnvl: propname -> error code (int32) 3380 */ 3381 static int 3382 zfs_ioc_clone(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3383 { 3384 int error = 0; 3385 nvlist_t *nvprops = NULL; 3386 char *origin_name; 3387 3388 if (nvlist_lookup_string(innvl, "origin", &origin_name) != 0) 3389 return (SET_ERROR(EINVAL)); 3390 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops); 3391 3392 if (strchr(fsname, '@') || 3393 strchr(fsname, '%')) 3394 return (SET_ERROR(EINVAL)); 3395 3396 if (dataset_namecheck(origin_name, NULL, NULL) != 0) 3397 return (SET_ERROR(EINVAL)); 3398 error = dmu_objset_clone(fsname, origin_name); 3399 if (error != 0) 3400 return (error); 3401 3402 /* 3403 * It would be nice to do this atomically. 3404 */ 3405 if (error == 0) { 3406 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL, 3407 nvprops, outnvl); 3408 if (error != 0) 3409 (void) dsl_destroy_head(fsname); 3410 } 3411 #ifdef __FreeBSD__ 3412 if (error == 0) 3413 zvol_create_minors(fsname); 3414 #endif 3415 return (error); 3416 } 3417 3418 /* 3419 * innvl: { 3420 * "snaps" -> { snapshot1, snapshot2 } 3421 * (optional) "props" -> { prop -> value (string) } 3422 * } 3423 * 3424 * outnvl: snapshot -> error code (int32) 3425 */ 3426 static int 3427 zfs_ioc_snapshot(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3428 { 3429 nvlist_t *snaps; 3430 nvlist_t *props = NULL; 3431 int error, poollen; 3432 nvpair_t *pair; 3433 3434 (void) nvlist_lookup_nvlist(innvl, "props", &props); 3435 if ((error = zfs_check_userprops(poolname, props)) != 0) 3436 return (error); 3437 3438 if (!nvlist_empty(props) && 3439 zfs_earlier_version(poolname, SPA_VERSION_SNAP_PROPS)) 3440 return (SET_ERROR(ENOTSUP)); 3441 3442 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0) 3443 return (SET_ERROR(EINVAL)); 3444 poollen = strlen(poolname); 3445 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 3446 pair = nvlist_next_nvpair(snaps, pair)) { 3447 const char *name = nvpair_name(pair); 3448 const char *cp = strchr(name, '@'); 3449 3450 /* 3451 * The snap name must contain an @, and the part after it must 3452 * contain only valid characters. 3453 */ 3454 if (cp == NULL || 3455 zfs_component_namecheck(cp + 1, NULL, NULL) != 0) 3456 return (SET_ERROR(EINVAL)); 3457 3458 /* 3459 * The snap must be in the specified pool. 3460 */ 3461 if (strncmp(name, poolname, poollen) != 0 || 3462 (name[poollen] != '/' && name[poollen] != '@')) 3463 return (SET_ERROR(EXDEV)); 3464 3465 /* This must be the only snap of this fs. */ 3466 for (nvpair_t *pair2 = nvlist_next_nvpair(snaps, pair); 3467 pair2 != NULL; pair2 = nvlist_next_nvpair(snaps, pair2)) { 3468 if (strncmp(name, nvpair_name(pair2), cp - name + 1) 3469 == 0) { 3470 return (SET_ERROR(EXDEV)); 3471 } 3472 } 3473 } 3474 3475 error = dsl_dataset_snapshot(snaps, props, outnvl); 3476 return (error); 3477 } 3478 3479 /* 3480 * innvl: "message" -> string 3481 */ 3482 /* ARGSUSED */ 3483 static int 3484 zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl) 3485 { 3486 char *message; 3487 spa_t *spa; 3488 int error; 3489 char *poolname; 3490 3491 /* 3492 * The poolname in the ioctl is not set, we get it from the TSD, 3493 * which was set at the end of the last successful ioctl that allows 3494 * logging. The secpolicy func already checked that it is set. 3495 * Only one log ioctl is allowed after each successful ioctl, so 3496 * we clear the TSD here. 3497 */ 3498 poolname = tsd_get(zfs_allow_log_key); 3499 (void) tsd_set(zfs_allow_log_key, NULL); 3500 error = spa_open(poolname, &spa, FTAG); 3501 strfree(poolname); 3502 if (error != 0) 3503 return (error); 3504 3505 if (nvlist_lookup_string(innvl, "message", &message) != 0) { 3506 spa_close(spa, FTAG); 3507 return (SET_ERROR(EINVAL)); 3508 } 3509 3510 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) { 3511 spa_close(spa, FTAG); 3512 return (SET_ERROR(ENOTSUP)); 3513 } 3514 3515 error = spa_history_log(spa, message); 3516 spa_close(spa, FTAG); 3517 return (error); 3518 } 3519 3520 #ifdef __FreeBSD__ 3521 static int 3522 zfs_ioc_nextboot(const char *unused, nvlist_t *innvl, nvlist_t *outnvl) 3523 { 3524 char name[MAXNAMELEN]; 3525 spa_t *spa; 3526 vdev_t *vd; 3527 char *command; 3528 uint64_t pool_guid; 3529 uint64_t vdev_guid; 3530 int error; 3531 3532 if (nvlist_lookup_uint64(innvl, 3533 ZPOOL_CONFIG_POOL_GUID, &pool_guid) != 0) 3534 return (EINVAL); 3535 if (nvlist_lookup_uint64(innvl, 3536 ZPOOL_CONFIG_GUID, &vdev_guid) != 0) 3537 return (EINVAL); 3538 if (nvlist_lookup_string(innvl, 3539 "command", &command) != 0) 3540 return (EINVAL); 3541 3542 mutex_enter(&spa_namespace_lock); 3543 spa = spa_by_guid(pool_guid, vdev_guid); 3544 if (spa != NULL) 3545 strcpy(name, spa_name(spa)); 3546 mutex_exit(&spa_namespace_lock); 3547 if (spa == NULL) 3548 return (ENOENT); 3549 3550 if ((error = spa_open(name, &spa, FTAG)) != 0) 3551 return (error); 3552 spa_vdev_state_enter(spa, SCL_ALL); 3553 vd = spa_lookup_by_guid(spa, vdev_guid, B_TRUE); 3554 if (vd == NULL) { 3555 (void) spa_vdev_state_exit(spa, NULL, ENXIO); 3556 spa_close(spa, FTAG); 3557 return (ENODEV); 3558 } 3559 error = vdev_label_write_pad2(vd, command, strlen(command)); 3560 (void) spa_vdev_state_exit(spa, NULL, 0); 3561 txg_wait_synced(spa->spa_dsl_pool, 0); 3562 spa_close(spa, FTAG); 3563 return (error); 3564 } 3565 #endif 3566 3567 /* 3568 * The dp_config_rwlock must not be held when calling this, because the 3569 * unmount may need to write out data. 3570 * 3571 * This function is best-effort. Callers must deal gracefully if it 3572 * remains mounted (or is remounted after this call). 3573 * 3574 * Returns 0 if the argument is not a snapshot, or it is not currently a 3575 * filesystem, or we were able to unmount it. Returns error code otherwise. 3576 */ 3577 int 3578 zfs_unmount_snap(const char *snapname) 3579 { 3580 vfs_t *vfsp; 3581 zfsvfs_t *zfsvfs; 3582 int err; 3583 3584 if (strchr(snapname, '@') == NULL) 3585 return (0); 3586 3587 vfsp = zfs_get_vfs(snapname); 3588 if (vfsp == NULL) 3589 return (0); 3590 3591 zfsvfs = vfsp->vfs_data; 3592 ASSERT(!dsl_pool_config_held(dmu_objset_pool(zfsvfs->z_os))); 3593 3594 err = vn_vfswlock(vfsp->vfs_vnodecovered); 3595 #ifdef illumos 3596 VFS_RELE(vfsp); 3597 #else 3598 vfs_unbusy(vfsp); 3599 #endif 3600 if (err != 0) 3601 return (SET_ERROR(err)); 3602 3603 /* 3604 * Always force the unmount for snapshots. 3605 */ 3606 3607 #ifdef illumos 3608 (void) dounmount(vfsp, MS_FORCE, kcred); 3609 #else 3610 vfs_ref(vfsp); 3611 (void) dounmount(vfsp, MS_FORCE, curthread); 3612 #endif 3613 return (0); 3614 } 3615 3616 /* ARGSUSED */ 3617 static int 3618 zfs_unmount_snap_cb(const char *snapname, void *arg) 3619 { 3620 return (zfs_unmount_snap(snapname)); 3621 } 3622 3623 /* 3624 * When a clone is destroyed, its origin may also need to be destroyed, 3625 * in which case it must be unmounted. This routine will do that unmount 3626 * if necessary. 3627 */ 3628 void 3629 zfs_destroy_unmount_origin(const char *fsname) 3630 { 3631 int error; 3632 objset_t *os; 3633 dsl_dataset_t *ds; 3634 3635 error = dmu_objset_hold(fsname, FTAG, &os); 3636 if (error != 0) 3637 return; 3638 ds = dmu_objset_ds(os); 3639 if (dsl_dir_is_clone(ds->ds_dir) && DS_IS_DEFER_DESTROY(ds->ds_prev)) { 3640 char originname[ZFS_MAX_DATASET_NAME_LEN]; 3641 dsl_dataset_name(ds->ds_prev, originname); 3642 dmu_objset_rele(os, FTAG); 3643 (void) zfs_unmount_snap(originname); 3644 } else { 3645 dmu_objset_rele(os, FTAG); 3646 } 3647 } 3648 3649 /* 3650 * innvl: { 3651 * "snaps" -> { snapshot1, snapshot2 } 3652 * (optional boolean) "defer" 3653 * } 3654 * 3655 * outnvl: snapshot -> error code (int32) 3656 * 3657 */ 3658 /* ARGSUSED */ 3659 static int 3660 zfs_ioc_destroy_snaps(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3661 { 3662 int error, poollen; 3663 nvlist_t *snaps; 3664 nvpair_t *pair; 3665 boolean_t defer; 3666 3667 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0) 3668 return (SET_ERROR(EINVAL)); 3669 defer = nvlist_exists(innvl, "defer"); 3670 3671 poollen = strlen(poolname); 3672 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 3673 pair = nvlist_next_nvpair(snaps, pair)) { 3674 const char *name = nvpair_name(pair); 3675 3676 /* 3677 * The snap must be in the specified pool to prevent the 3678 * invalid removal of zvol minors below. 3679 */ 3680 if (strncmp(name, poolname, poollen) != 0 || 3681 (name[poollen] != '/' && name[poollen] != '@')) 3682 return (SET_ERROR(EXDEV)); 3683 3684 error = zfs_unmount_snap(name); 3685 if (error != 0) 3686 return (error); 3687 #if defined(__FreeBSD__) 3688 zvol_remove_minors(name); 3689 #endif 3690 } 3691 3692 return (dsl_destroy_snapshots_nvl(snaps, defer, outnvl)); 3693 } 3694 3695 /* 3696 * Create bookmarks. Bookmark names are of the form <fs>#<bmark>. 3697 * All bookmarks must be in the same pool. 3698 * 3699 * innvl: { 3700 * bookmark1 -> snapshot1, bookmark2 -> snapshot2 3701 * } 3702 * 3703 * outnvl: bookmark -> error code (int32) 3704 * 3705 */ 3706 /* ARGSUSED */ 3707 static int 3708 zfs_ioc_bookmark(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3709 { 3710 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL); 3711 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) { 3712 char *snap_name; 3713 3714 /* 3715 * Verify the snapshot argument. 3716 */ 3717 if (nvpair_value_string(pair, &snap_name) != 0) 3718 return (SET_ERROR(EINVAL)); 3719 3720 3721 /* Verify that the keys (bookmarks) are unique */ 3722 for (nvpair_t *pair2 = nvlist_next_nvpair(innvl, pair); 3723 pair2 != NULL; pair2 = nvlist_next_nvpair(innvl, pair2)) { 3724 if (strcmp(nvpair_name(pair), nvpair_name(pair2)) == 0) 3725 return (SET_ERROR(EINVAL)); 3726 } 3727 } 3728 3729 return (dsl_bookmark_create(innvl, outnvl)); 3730 } 3731 3732 /* 3733 * innvl: { 3734 * property 1, property 2, ... 3735 * } 3736 * 3737 * outnvl: { 3738 * bookmark name 1 -> { property 1, property 2, ... }, 3739 * bookmark name 2 -> { property 1, property 2, ... } 3740 * } 3741 * 3742 */ 3743 static int 3744 zfs_ioc_get_bookmarks(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3745 { 3746 return (dsl_get_bookmarks(fsname, innvl, outnvl)); 3747 } 3748 3749 /* 3750 * innvl: { 3751 * bookmark name 1, bookmark name 2 3752 * } 3753 * 3754 * outnvl: bookmark -> error code (int32) 3755 * 3756 */ 3757 static int 3758 zfs_ioc_destroy_bookmarks(const char *poolname, nvlist_t *innvl, 3759 nvlist_t *outnvl) 3760 { 3761 int error, poollen; 3762 3763 poollen = strlen(poolname); 3764 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL); 3765 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) { 3766 const char *name = nvpair_name(pair); 3767 const char *cp = strchr(name, '#'); 3768 3769 /* 3770 * The bookmark name must contain an #, and the part after it 3771 * must contain only valid characters. 3772 */ 3773 if (cp == NULL || 3774 zfs_component_namecheck(cp + 1, NULL, NULL) != 0) 3775 return (SET_ERROR(EINVAL)); 3776 3777 /* 3778 * The bookmark must be in the specified pool. 3779 */ 3780 if (strncmp(name, poolname, poollen) != 0 || 3781 (name[poollen] != '/' && name[poollen] != '#')) 3782 return (SET_ERROR(EXDEV)); 3783 } 3784 3785 error = dsl_bookmark_destroy(innvl, outnvl); 3786 return (error); 3787 } 3788 3789 /* 3790 * inputs: 3791 * zc_name name of dataset to destroy 3792 * zc_objset_type type of objset 3793 * zc_defer_destroy mark for deferred destroy 3794 * 3795 * outputs: none 3796 */ 3797 static int 3798 zfs_ioc_destroy(zfs_cmd_t *zc) 3799 { 3800 int err; 3801 3802 if (zc->zc_objset_type == DMU_OST_ZFS) { 3803 err = zfs_unmount_snap(zc->zc_name); 3804 if (err != 0) 3805 return (err); 3806 } 3807 3808 if (strchr(zc->zc_name, '@')) 3809 err = dsl_destroy_snapshot(zc->zc_name, zc->zc_defer_destroy); 3810 else 3811 err = dsl_destroy_head(zc->zc_name); 3812 if (zc->zc_objset_type == DMU_OST_ZVOL && err == 0) 3813 #ifdef __FreeBSD__ 3814 zvol_remove_minors(zc->zc_name); 3815 #else 3816 (void) zvol_remove_minor(zc->zc_name); 3817 #endif 3818 return (err); 3819 } 3820 3821 /* 3822 * fsname is name of dataset to rollback (to most recent snapshot) 3823 * 3824 * innvl is not used. 3825 * 3826 * outnvl: "target" -> name of most recent snapshot 3827 * } 3828 */ 3829 /* ARGSUSED */ 3830 static int 3831 zfs_ioc_rollback(const char *fsname, nvlist_t *args, nvlist_t *outnvl) 3832 { 3833 zfsvfs_t *zfsvfs; 3834 int error; 3835 3836 if (getzfsvfs(fsname, &zfsvfs) == 0) { 3837 dsl_dataset_t *ds; 3838 3839 ds = dmu_objset_ds(zfsvfs->z_os); 3840 error = zfs_suspend_fs(zfsvfs); 3841 if (error == 0) { 3842 int resume_err; 3843 3844 error = dsl_dataset_rollback(fsname, zfsvfs, outnvl); 3845 resume_err = zfs_resume_fs(zfsvfs, ds); 3846 error = error ? error : resume_err; 3847 } 3848 #ifdef illumos 3849 VFS_RELE(zfsvfs->z_vfs); 3850 #else 3851 vfs_unbusy(zfsvfs->z_vfs); 3852 #endif 3853 } else { 3854 error = dsl_dataset_rollback(fsname, NULL, outnvl); 3855 } 3856 return (error); 3857 } 3858 3859 static int 3860 recursive_unmount(const char *fsname, void *arg) 3861 { 3862 const char *snapname = arg; 3863 char fullname[ZFS_MAX_DATASET_NAME_LEN]; 3864 3865 (void) snprintf(fullname, sizeof (fullname), "%s@%s", fsname, snapname); 3866 return (zfs_unmount_snap(fullname)); 3867 } 3868 3869 /* 3870 * inputs: 3871 * zc_name old name of dataset 3872 * zc_value new name of dataset 3873 * zc_cookie recursive flag (only valid for snapshots) 3874 * 3875 * outputs: none 3876 */ 3877 static int 3878 zfs_ioc_rename(zfs_cmd_t *zc) 3879 { 3880 boolean_t recursive = zc->zc_cookie & 1; 3881 char *at; 3882 boolean_t allow_mounted = B_TRUE; 3883 3884 #ifdef __FreeBSD__ 3885 allow_mounted = (zc->zc_cookie & 2) != 0; 3886 #endif 3887 3888 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0'; 3889 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 || 3890 strchr(zc->zc_value, '%')) 3891 return (SET_ERROR(EINVAL)); 3892 3893 at = strchr(zc->zc_name, '@'); 3894 if (at != NULL) { 3895 /* snaps must be in same fs */ 3896 int error; 3897 3898 if (strncmp(zc->zc_name, zc->zc_value, at - zc->zc_name + 1)) 3899 return (SET_ERROR(EXDEV)); 3900 *at = '\0'; 3901 if (zc->zc_objset_type == DMU_OST_ZFS && !allow_mounted) { 3902 error = dmu_objset_find(zc->zc_name, 3903 recursive_unmount, at + 1, 3904 recursive ? DS_FIND_CHILDREN : 0); 3905 if (error != 0) { 3906 *at = '@'; 3907 return (error); 3908 } 3909 } 3910 error = dsl_dataset_rename_snapshot(zc->zc_name, 3911 at + 1, strchr(zc->zc_value, '@') + 1, recursive); 3912 *at = '@'; 3913 3914 return (error); 3915 } else { 3916 #ifdef illumos 3917 if (zc->zc_objset_type == DMU_OST_ZVOL) 3918 (void) zvol_remove_minor(zc->zc_name); 3919 #endif 3920 return (dsl_dir_rename(zc->zc_name, zc->zc_value)); 3921 } 3922 } 3923 3924 static int 3925 zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr) 3926 { 3927 const char *propname = nvpair_name(pair); 3928 boolean_t issnap = (strchr(dsname, '@') != NULL); 3929 zfs_prop_t prop = zfs_name_to_prop(propname); 3930 uint64_t intval; 3931 int err; 3932 3933 if (prop == ZPROP_INVAL) { 3934 if (zfs_prop_user(propname)) { 3935 if (err = zfs_secpolicy_write_perms(dsname, 3936 ZFS_DELEG_PERM_USERPROP, cr)) 3937 return (err); 3938 return (0); 3939 } 3940 3941 if (!issnap && zfs_prop_userquota(propname)) { 3942 const char *perm = NULL; 3943 const char *uq_prefix = 3944 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA]; 3945 const char *gq_prefix = 3946 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA]; 3947 3948 if (strncmp(propname, uq_prefix, 3949 strlen(uq_prefix)) == 0) { 3950 perm = ZFS_DELEG_PERM_USERQUOTA; 3951 } else if (strncmp(propname, gq_prefix, 3952 strlen(gq_prefix)) == 0) { 3953 perm = ZFS_DELEG_PERM_GROUPQUOTA; 3954 } else { 3955 /* USERUSED and GROUPUSED are read-only */ 3956 return (SET_ERROR(EINVAL)); 3957 } 3958 3959 if (err = zfs_secpolicy_write_perms(dsname, perm, cr)) 3960 return (err); 3961 return (0); 3962 } 3963 3964 return (SET_ERROR(EINVAL)); 3965 } 3966 3967 if (issnap) 3968 return (SET_ERROR(EINVAL)); 3969 3970 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 3971 /* 3972 * dsl_prop_get_all_impl() returns properties in this 3973 * format. 3974 */ 3975 nvlist_t *attrs; 3976 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 3977 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 3978 &pair) == 0); 3979 } 3980 3981 /* 3982 * Check that this value is valid for this pool version 3983 */ 3984 switch (prop) { 3985 case ZFS_PROP_COMPRESSION: 3986 /* 3987 * If the user specified gzip compression, make sure 3988 * the SPA supports it. We ignore any errors here since 3989 * we'll catch them later. 3990 */ 3991 if (nvpair_value_uint64(pair, &intval) == 0) { 3992 if (intval >= ZIO_COMPRESS_GZIP_1 && 3993 intval <= ZIO_COMPRESS_GZIP_9 && 3994 zfs_earlier_version(dsname, 3995 SPA_VERSION_GZIP_COMPRESSION)) { 3996 return (SET_ERROR(ENOTSUP)); 3997 } 3998 3999 if (intval == ZIO_COMPRESS_ZLE && 4000 zfs_earlier_version(dsname, 4001 SPA_VERSION_ZLE_COMPRESSION)) 4002 return (SET_ERROR(ENOTSUP)); 4003 4004 if (intval == ZIO_COMPRESS_LZ4) { 4005 spa_t *spa; 4006 4007 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 4008 return (err); 4009 4010 if (!spa_feature_is_enabled(spa, 4011 SPA_FEATURE_LZ4_COMPRESS)) { 4012 spa_close(spa, FTAG); 4013 return (SET_ERROR(ENOTSUP)); 4014 } 4015 spa_close(spa, FTAG); 4016 } 4017 4018 /* 4019 * If this is a bootable dataset then 4020 * verify that the compression algorithm 4021 * is supported for booting. We must return 4022 * something other than ENOTSUP since it 4023 * implies a downrev pool version. 4024 */ 4025 if (zfs_is_bootfs(dsname) && 4026 !BOOTFS_COMPRESS_VALID(intval)) { 4027 return (SET_ERROR(ERANGE)); 4028 } 4029 } 4030 break; 4031 4032 case ZFS_PROP_COPIES: 4033 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS)) 4034 return (SET_ERROR(ENOTSUP)); 4035 break; 4036 4037 case ZFS_PROP_RECORDSIZE: 4038 /* Record sizes above 128k need the feature to be enabled */ 4039 if (nvpair_value_uint64(pair, &intval) == 0 && 4040 intval > SPA_OLD_MAXBLOCKSIZE) { 4041 spa_t *spa; 4042 4043 /* 4044 * We don't allow setting the property above 1MB, 4045 * unless the tunable has been changed. 4046 */ 4047 if (intval > zfs_max_recordsize || 4048 intval > SPA_MAXBLOCKSIZE) 4049 return (SET_ERROR(ERANGE)); 4050 4051 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 4052 return (err); 4053 4054 if (!spa_feature_is_enabled(spa, 4055 SPA_FEATURE_LARGE_BLOCKS)) { 4056 spa_close(spa, FTAG); 4057 return (SET_ERROR(ENOTSUP)); 4058 } 4059 spa_close(spa, FTAG); 4060 } 4061 break; 4062 4063 case ZFS_PROP_SHARESMB: 4064 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID)) 4065 return (SET_ERROR(ENOTSUP)); 4066 break; 4067 4068 case ZFS_PROP_ACLINHERIT: 4069 if (nvpair_type(pair) == DATA_TYPE_UINT64 && 4070 nvpair_value_uint64(pair, &intval) == 0) { 4071 if (intval == ZFS_ACL_PASSTHROUGH_X && 4072 zfs_earlier_version(dsname, 4073 SPA_VERSION_PASSTHROUGH_X)) 4074 return (SET_ERROR(ENOTSUP)); 4075 } 4076 break; 4077 4078 case ZFS_PROP_CHECKSUM: 4079 case ZFS_PROP_DEDUP: 4080 { 4081 spa_feature_t feature; 4082 spa_t *spa; 4083 4084 /* dedup feature version checks */ 4085 if (prop == ZFS_PROP_DEDUP && 4086 zfs_earlier_version(dsname, SPA_VERSION_DEDUP)) 4087 return (SET_ERROR(ENOTSUP)); 4088 4089 if (nvpair_value_uint64(pair, &intval) != 0) 4090 return (SET_ERROR(EINVAL)); 4091 4092 /* check prop value is enabled in features */ 4093 feature = zio_checksum_to_feature(intval & ZIO_CHECKSUM_MASK); 4094 if (feature == SPA_FEATURE_NONE) 4095 break; 4096 4097 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 4098 return (err); 4099 /* 4100 * Salted checksums are not supported on root pools. 4101 */ 4102 if (spa_bootfs(spa) != 0 && 4103 intval < ZIO_CHECKSUM_FUNCTIONS && 4104 (zio_checksum_table[intval].ci_flags & 4105 ZCHECKSUM_FLAG_SALTED)) { 4106 spa_close(spa, FTAG); 4107 return (SET_ERROR(ERANGE)); 4108 } 4109 if (!spa_feature_is_enabled(spa, feature)) { 4110 spa_close(spa, FTAG); 4111 return (SET_ERROR(ENOTSUP)); 4112 } 4113 spa_close(spa, FTAG); 4114 break; 4115 } 4116 } 4117 4118 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED())); 4119 } 4120 4121 /* 4122 * Checks for a race condition to make sure we don't increment a feature flag 4123 * multiple times. 4124 */ 4125 static int 4126 zfs_prop_activate_feature_check(void *arg, dmu_tx_t *tx) 4127 { 4128 spa_t *spa = dmu_tx_pool(tx)->dp_spa; 4129 spa_feature_t *featurep = arg; 4130 4131 if (!spa_feature_is_active(spa, *featurep)) 4132 return (0); 4133 else 4134 return (SET_ERROR(EBUSY)); 4135 } 4136 4137 /* 4138 * The callback invoked on feature activation in the sync task caused by 4139 * zfs_prop_activate_feature. 4140 */ 4141 static void 4142 zfs_prop_activate_feature_sync(void *arg, dmu_tx_t *tx) 4143 { 4144 spa_t *spa = dmu_tx_pool(tx)->dp_spa; 4145 spa_feature_t *featurep = arg; 4146 4147 spa_feature_incr(spa, *featurep, tx); 4148 } 4149 4150 /* 4151 * Activates a feature on a pool in response to a property setting. This 4152 * creates a new sync task which modifies the pool to reflect the feature 4153 * as being active. 4154 */ 4155 static int 4156 zfs_prop_activate_feature(spa_t *spa, spa_feature_t feature) 4157 { 4158 int err; 4159 4160 /* EBUSY here indicates that the feature is already active */ 4161 err = dsl_sync_task(spa_name(spa), 4162 zfs_prop_activate_feature_check, zfs_prop_activate_feature_sync, 4163 &feature, 2, ZFS_SPACE_CHECK_RESERVED); 4164 4165 if (err != 0 && err != EBUSY) 4166 return (err); 4167 else 4168 return (0); 4169 } 4170 4171 /* 4172 * Removes properties from the given props list that fail permission checks 4173 * needed to clear them and to restore them in case of a receive error. For each 4174 * property, make sure we have both set and inherit permissions. 4175 * 4176 * Returns the first error encountered if any permission checks fail. If the 4177 * caller provides a non-NULL errlist, it also gives the complete list of names 4178 * of all the properties that failed a permission check along with the 4179 * corresponding error numbers. The caller is responsible for freeing the 4180 * returned errlist. 4181 * 4182 * If every property checks out successfully, zero is returned and the list 4183 * pointed at by errlist is NULL. 4184 */ 4185 static int 4186 zfs_check_clearable(char *dataset, nvlist_t *props, nvlist_t **errlist) 4187 { 4188 zfs_cmd_t *zc; 4189 nvpair_t *pair, *next_pair; 4190 nvlist_t *errors; 4191 int err, rv = 0; 4192 4193 if (props == NULL) 4194 return (0); 4195 4196 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0); 4197 4198 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP); 4199 (void) strcpy(zc->zc_name, dataset); 4200 pair = nvlist_next_nvpair(props, NULL); 4201 while (pair != NULL) { 4202 next_pair = nvlist_next_nvpair(props, pair); 4203 4204 (void) strcpy(zc->zc_value, nvpair_name(pair)); 4205 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 || 4206 (err = zfs_secpolicy_inherit_prop(zc, NULL, CRED())) != 0) { 4207 VERIFY(nvlist_remove_nvpair(props, pair) == 0); 4208 VERIFY(nvlist_add_int32(errors, 4209 zc->zc_value, err) == 0); 4210 } 4211 pair = next_pair; 4212 } 4213 kmem_free(zc, sizeof (zfs_cmd_t)); 4214 4215 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) { 4216 nvlist_free(errors); 4217 errors = NULL; 4218 } else { 4219 VERIFY(nvpair_value_int32(pair, &rv) == 0); 4220 } 4221 4222 if (errlist == NULL) 4223 nvlist_free(errors); 4224 else 4225 *errlist = errors; 4226 4227 return (rv); 4228 } 4229 4230 static boolean_t 4231 propval_equals(nvpair_t *p1, nvpair_t *p2) 4232 { 4233 if (nvpair_type(p1) == DATA_TYPE_NVLIST) { 4234 /* dsl_prop_get_all_impl() format */ 4235 nvlist_t *attrs; 4236 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0); 4237 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 4238 &p1) == 0); 4239 } 4240 4241 if (nvpair_type(p2) == DATA_TYPE_NVLIST) { 4242 nvlist_t *attrs; 4243 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0); 4244 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 4245 &p2) == 0); 4246 } 4247 4248 if (nvpair_type(p1) != nvpair_type(p2)) 4249 return (B_FALSE); 4250 4251 if (nvpair_type(p1) == DATA_TYPE_STRING) { 4252 char *valstr1, *valstr2; 4253 4254 VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0); 4255 VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0); 4256 return (strcmp(valstr1, valstr2) == 0); 4257 } else { 4258 uint64_t intval1, intval2; 4259 4260 VERIFY(nvpair_value_uint64(p1, &intval1) == 0); 4261 VERIFY(nvpair_value_uint64(p2, &intval2) == 0); 4262 return (intval1 == intval2); 4263 } 4264 } 4265 4266 /* 4267 * Remove properties from props if they are not going to change (as determined 4268 * by comparison with origprops). Remove them from origprops as well, since we 4269 * do not need to clear or restore properties that won't change. 4270 */ 4271 static void 4272 props_reduce(nvlist_t *props, nvlist_t *origprops) 4273 { 4274 nvpair_t *pair, *next_pair; 4275 4276 if (origprops == NULL) 4277 return; /* all props need to be received */ 4278 4279 pair = nvlist_next_nvpair(props, NULL); 4280 while (pair != NULL) { 4281 const char *propname = nvpair_name(pair); 4282 nvpair_t *match; 4283 4284 next_pair = nvlist_next_nvpair(props, pair); 4285 4286 if ((nvlist_lookup_nvpair(origprops, propname, 4287 &match) != 0) || !propval_equals(pair, match)) 4288 goto next; /* need to set received value */ 4289 4290 /* don't clear the existing received value */ 4291 (void) nvlist_remove_nvpair(origprops, match); 4292 /* don't bother receiving the property */ 4293 (void) nvlist_remove_nvpair(props, pair); 4294 next: 4295 pair = next_pair; 4296 } 4297 } 4298 4299 /* 4300 * Extract properties that cannot be set PRIOR to the receipt of a dataset. 4301 * For example, refquota cannot be set until after the receipt of a dataset, 4302 * because in replication streams, an older/earlier snapshot may exceed the 4303 * refquota. We want to receive the older/earlier snapshot, but setting 4304 * refquota pre-receipt will set the dsl's ACTUAL quota, which will prevent 4305 * the older/earlier snapshot from being received (with EDQUOT). 4306 * 4307 * The ZFS test "zfs_receive_011_pos" demonstrates such a scenario. 4308 * 4309 * libzfs will need to be judicious handling errors encountered by props 4310 * extracted by this function. 4311 */ 4312 static nvlist_t * 4313 extract_delay_props(nvlist_t *props) 4314 { 4315 nvlist_t *delayprops; 4316 nvpair_t *nvp, *tmp; 4317 static const zfs_prop_t delayable[] = { ZFS_PROP_REFQUOTA, 0 }; 4318 int i; 4319 4320 VERIFY(nvlist_alloc(&delayprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 4321 4322 for (nvp = nvlist_next_nvpair(props, NULL); nvp != NULL; 4323 nvp = nvlist_next_nvpair(props, nvp)) { 4324 /* 4325 * strcmp() is safe because zfs_prop_to_name() always returns 4326 * a bounded string. 4327 */ 4328 for (i = 0; delayable[i] != 0; i++) { 4329 if (strcmp(zfs_prop_to_name(delayable[i]), 4330 nvpair_name(nvp)) == 0) { 4331 break; 4332 } 4333 } 4334 if (delayable[i] != 0) { 4335 tmp = nvlist_prev_nvpair(props, nvp); 4336 VERIFY(nvlist_add_nvpair(delayprops, nvp) == 0); 4337 VERIFY(nvlist_remove_nvpair(props, nvp) == 0); 4338 nvp = tmp; 4339 } 4340 } 4341 4342 if (nvlist_empty(delayprops)) { 4343 nvlist_free(delayprops); 4344 delayprops = NULL; 4345 } 4346 return (delayprops); 4347 } 4348 4349 #ifdef DEBUG 4350 static boolean_t zfs_ioc_recv_inject_err; 4351 #endif 4352 4353 /* 4354 * inputs: 4355 * zc_name name of containing filesystem 4356 * zc_nvlist_src{_size} nvlist of properties to apply 4357 * zc_value name of snapshot to create 4358 * zc_string name of clone origin (if DRR_FLAG_CLONE) 4359 * zc_cookie file descriptor to recv from 4360 * zc_begin_record the BEGIN record of the stream (not byteswapped) 4361 * zc_guid force flag 4362 * zc_cleanup_fd cleanup-on-exit file descriptor 4363 * zc_action_handle handle for this guid/ds mapping (or zero on first call) 4364 * zc_resumable if data is incomplete assume sender will resume 4365 * 4366 * outputs: 4367 * zc_cookie number of bytes read 4368 * zc_nvlist_dst{_size} error for each unapplied received property 4369 * zc_obj zprop_errflags_t 4370 * zc_action_handle handle for this guid/ds mapping 4371 */ 4372 static int 4373 zfs_ioc_recv(zfs_cmd_t *zc) 4374 { 4375 file_t *fp; 4376 dmu_recv_cookie_t drc; 4377 boolean_t force = (boolean_t)zc->zc_guid; 4378 int fd; 4379 int error = 0; 4380 int props_error = 0; 4381 nvlist_t *errors; 4382 offset_t off; 4383 nvlist_t *props = NULL; /* sent properties */ 4384 nvlist_t *origprops = NULL; /* existing properties */ 4385 nvlist_t *delayprops = NULL; /* sent properties applied post-receive */ 4386 char *origin = NULL; 4387 char *tosnap; 4388 char tofs[ZFS_MAX_DATASET_NAME_LEN]; 4389 #ifdef __FreeBSD__ 4390 cap_rights_t rights; 4391 #endif 4392 boolean_t first_recvd_props = B_FALSE; 4393 4394 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 || 4395 strchr(zc->zc_value, '@') == NULL || 4396 strchr(zc->zc_value, '%')) 4397 return (SET_ERROR(EINVAL)); 4398 4399 (void) strcpy(tofs, zc->zc_value); 4400 tosnap = strchr(tofs, '@'); 4401 *tosnap++ = '\0'; 4402 4403 if (zc->zc_nvlist_src != 0 && 4404 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 4405 zc->zc_iflags, &props)) != 0) 4406 return (error); 4407 4408 fd = zc->zc_cookie; 4409 #ifdef __FreeBSD__ 4410 fget_read(curthread, fd, cap_rights_init(&rights, CAP_PREAD), &fp); 4411 #else 4412 fp = getf(fd); 4413 #endif 4414 if (fp == NULL) { 4415 nvlist_free(props); 4416 return (SET_ERROR(EBADF)); 4417 } 4418 4419 errors = fnvlist_alloc(); 4420 4421 if (zc->zc_string[0]) 4422 origin = zc->zc_string; 4423 4424 error = dmu_recv_begin(tofs, tosnap, 4425 &zc->zc_begin_record, force, zc->zc_resumable, origin, &drc); 4426 if (error != 0) 4427 goto out; 4428 4429 /* 4430 * Set properties before we receive the stream so that they are applied 4431 * to the new data. Note that we must call dmu_recv_stream() if 4432 * dmu_recv_begin() succeeds. 4433 */ 4434 if (props != NULL && !drc.drc_newfs) { 4435 if (spa_version(dsl_dataset_get_spa(drc.drc_ds)) >= 4436 SPA_VERSION_RECVD_PROPS && 4437 !dsl_prop_get_hasrecvd(tofs)) 4438 first_recvd_props = B_TRUE; 4439 4440 /* 4441 * If new received properties are supplied, they are to 4442 * completely replace the existing received properties, so stash 4443 * away the existing ones. 4444 */ 4445 if (dsl_prop_get_received(tofs, &origprops) == 0) { 4446 nvlist_t *errlist = NULL; 4447 /* 4448 * Don't bother writing a property if its value won't 4449 * change (and avoid the unnecessary security checks). 4450 * 4451 * The first receive after SPA_VERSION_RECVD_PROPS is a 4452 * special case where we blow away all local properties 4453 * regardless. 4454 */ 4455 if (!first_recvd_props) 4456 props_reduce(props, origprops); 4457 if (zfs_check_clearable(tofs, origprops, &errlist) != 0) 4458 (void) nvlist_merge(errors, errlist, 0); 4459 nvlist_free(errlist); 4460 4461 if (clear_received_props(tofs, origprops, 4462 first_recvd_props ? NULL : props) != 0) 4463 zc->zc_obj |= ZPROP_ERR_NOCLEAR; 4464 } else { 4465 zc->zc_obj |= ZPROP_ERR_NOCLEAR; 4466 } 4467 } 4468 4469 if (props != NULL) { 4470 props_error = dsl_prop_set_hasrecvd(tofs); 4471 4472 if (props_error == 0) { 4473 delayprops = extract_delay_props(props); 4474 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED, 4475 props, errors); 4476 } 4477 } 4478 4479 off = fp->f_offset; 4480 error = dmu_recv_stream(&drc, fp, &off, zc->zc_cleanup_fd, 4481 &zc->zc_action_handle); 4482 4483 if (error == 0) { 4484 zfsvfs_t *zfsvfs = NULL; 4485 4486 if (getzfsvfs(tofs, &zfsvfs) == 0) { 4487 /* online recv */ 4488 dsl_dataset_t *ds; 4489 int end_err; 4490 4491 ds = dmu_objset_ds(zfsvfs->z_os); 4492 error = zfs_suspend_fs(zfsvfs); 4493 /* 4494 * If the suspend fails, then the recv_end will 4495 * likely also fail, and clean up after itself. 4496 */ 4497 end_err = dmu_recv_end(&drc, zfsvfs); 4498 if (error == 0) 4499 error = zfs_resume_fs(zfsvfs, ds); 4500 error = error ? error : end_err; 4501 #ifdef illumos 4502 VFS_RELE(zfsvfs->z_vfs); 4503 #else 4504 vfs_unbusy(zfsvfs->z_vfs); 4505 #endif 4506 } else { 4507 error = dmu_recv_end(&drc, NULL); 4508 } 4509 4510 /* Set delayed properties now, after we're done receiving. */ 4511 if (delayprops != NULL && error == 0) { 4512 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED, 4513 delayprops, errors); 4514 } 4515 } 4516 4517 if (delayprops != NULL) { 4518 /* 4519 * Merge delayed props back in with initial props, in case 4520 * we're DEBUG and zfs_ioc_recv_inject_err is set (which means 4521 * we have to make sure clear_received_props() includes 4522 * the delayed properties). 4523 * 4524 * Since zfs_ioc_recv_inject_err is only in DEBUG kernels, 4525 * using ASSERT() will be just like a VERIFY. 4526 */ 4527 ASSERT(nvlist_merge(props, delayprops, 0) == 0); 4528 nvlist_free(delayprops); 4529 } 4530 4531 /* 4532 * Now that all props, initial and delayed, are set, report the prop 4533 * errors to the caller. 4534 */ 4535 if (zc->zc_nvlist_dst_size != 0 && 4536 (nvlist_smush(errors, zc->zc_nvlist_dst_size) != 0 || 4537 put_nvlist(zc, errors) != 0)) { 4538 /* 4539 * Caller made zc->zc_nvlist_dst less than the minimum expected 4540 * size or supplied an invalid address. 4541 */ 4542 props_error = SET_ERROR(EINVAL); 4543 } 4544 4545 zc->zc_cookie = off - fp->f_offset; 4546 if (off >= 0 && off <= MAXOFFSET_T) 4547 fp->f_offset = off; 4548 4549 #ifdef DEBUG 4550 if (zfs_ioc_recv_inject_err) { 4551 zfs_ioc_recv_inject_err = B_FALSE; 4552 error = 1; 4553 } 4554 #endif 4555 4556 #ifdef __FreeBSD__ 4557 if (error == 0) 4558 zvol_create_minors(tofs); 4559 #endif 4560 4561 /* 4562 * On error, restore the original props. 4563 */ 4564 if (error != 0 && props != NULL && !drc.drc_newfs) { 4565 if (clear_received_props(tofs, props, NULL) != 0) { 4566 /* 4567 * We failed to clear the received properties. 4568 * Since we may have left a $recvd value on the 4569 * system, we can't clear the $hasrecvd flag. 4570 */ 4571 zc->zc_obj |= ZPROP_ERR_NORESTORE; 4572 } else if (first_recvd_props) { 4573 dsl_prop_unset_hasrecvd(tofs); 4574 } 4575 4576 if (origprops == NULL && !drc.drc_newfs) { 4577 /* We failed to stash the original properties. */ 4578 zc->zc_obj |= ZPROP_ERR_NORESTORE; 4579 } 4580 4581 /* 4582 * dsl_props_set() will not convert RECEIVED to LOCAL on or 4583 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL 4584 * explictly if we're restoring local properties cleared in the 4585 * first new-style receive. 4586 */ 4587 if (origprops != NULL && 4588 zfs_set_prop_nvlist(tofs, (first_recvd_props ? 4589 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED), 4590 origprops, NULL) != 0) { 4591 /* 4592 * We stashed the original properties but failed to 4593 * restore them. 4594 */ 4595 zc->zc_obj |= ZPROP_ERR_NORESTORE; 4596 } 4597 } 4598 out: 4599 nvlist_free(props); 4600 nvlist_free(origprops); 4601 nvlist_free(errors); 4602 releasef(fd); 4603 4604 if (error == 0) 4605 error = props_error; 4606 4607 return (error); 4608 } 4609 4610 /* 4611 * inputs: 4612 * zc_name name of snapshot to send 4613 * zc_cookie file descriptor to send stream to 4614 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj) 4615 * zc_sendobj objsetid of snapshot to send 4616 * zc_fromobj objsetid of incremental fromsnap (may be zero) 4617 * zc_guid if set, estimate size of stream only. zc_cookie is ignored. 4618 * output size in zc_objset_type. 4619 * zc_flags lzc_send_flags 4620 * 4621 * outputs: 4622 * zc_objset_type estimated size, if zc_guid is set 4623 */ 4624 static int 4625 zfs_ioc_send(zfs_cmd_t *zc) 4626 { 4627 int error; 4628 offset_t off; 4629 boolean_t estimate = (zc->zc_guid != 0); 4630 boolean_t embedok = (zc->zc_flags & 0x1); 4631 boolean_t large_block_ok = (zc->zc_flags & 0x2); 4632 4633 if (zc->zc_obj != 0) { 4634 dsl_pool_t *dp; 4635 dsl_dataset_t *tosnap; 4636 4637 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 4638 if (error != 0) 4639 return (error); 4640 4641 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &tosnap); 4642 if (error != 0) { 4643 dsl_pool_rele(dp, FTAG); 4644 return (error); 4645 } 4646 4647 if (dsl_dir_is_clone(tosnap->ds_dir)) 4648 zc->zc_fromobj = 4649 dsl_dir_phys(tosnap->ds_dir)->dd_origin_obj; 4650 dsl_dataset_rele(tosnap, FTAG); 4651 dsl_pool_rele(dp, FTAG); 4652 } 4653 4654 if (estimate) { 4655 dsl_pool_t *dp; 4656 dsl_dataset_t *tosnap; 4657 dsl_dataset_t *fromsnap = NULL; 4658 4659 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 4660 if (error != 0) 4661 return (error); 4662 4663 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &tosnap); 4664 if (error != 0) { 4665 dsl_pool_rele(dp, FTAG); 4666 return (error); 4667 } 4668 4669 if (zc->zc_fromobj != 0) { 4670 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj, 4671 FTAG, &fromsnap); 4672 if (error != 0) { 4673 dsl_dataset_rele(tosnap, FTAG); 4674 dsl_pool_rele(dp, FTAG); 4675 return (error); 4676 } 4677 } 4678 4679 error = dmu_send_estimate(tosnap, fromsnap, 4680 &zc->zc_objset_type); 4681 4682 if (fromsnap != NULL) 4683 dsl_dataset_rele(fromsnap, FTAG); 4684 dsl_dataset_rele(tosnap, FTAG); 4685 dsl_pool_rele(dp, FTAG); 4686 } else { 4687 file_t *fp; 4688 #ifdef __FreeBSD__ 4689 cap_rights_t rights; 4690 4691 fget_write(curthread, zc->zc_cookie, 4692 cap_rights_init(&rights, CAP_WRITE), &fp); 4693 #else 4694 fp = getf(zc->zc_cookie); 4695 #endif 4696 if (fp == NULL) 4697 return (SET_ERROR(EBADF)); 4698 4699 off = fp->f_offset; 4700 error = dmu_send_obj(zc->zc_name, zc->zc_sendobj, 4701 zc->zc_fromobj, embedok, large_block_ok, 4702 #ifdef illumos 4703 zc->zc_cookie, fp->f_vnode, &off); 4704 #else 4705 zc->zc_cookie, fp, &off); 4706 #endif 4707 4708 if (off >= 0 && off <= MAXOFFSET_T) 4709 fp->f_offset = off; 4710 releasef(zc->zc_cookie); 4711 } 4712 return (error); 4713 } 4714 4715 /* 4716 * inputs: 4717 * zc_name name of snapshot on which to report progress 4718 * zc_cookie file descriptor of send stream 4719 * 4720 * outputs: 4721 * zc_cookie number of bytes written in send stream thus far 4722 */ 4723 static int 4724 zfs_ioc_send_progress(zfs_cmd_t *zc) 4725 { 4726 dsl_pool_t *dp; 4727 dsl_dataset_t *ds; 4728 dmu_sendarg_t *dsp = NULL; 4729 int error; 4730 4731 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 4732 if (error != 0) 4733 return (error); 4734 4735 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds); 4736 if (error != 0) { 4737 dsl_pool_rele(dp, FTAG); 4738 return (error); 4739 } 4740 4741 mutex_enter(&ds->ds_sendstream_lock); 4742 4743 /* 4744 * Iterate over all the send streams currently active on this dataset. 4745 * If there's one which matches the specified file descriptor _and_ the 4746 * stream was started by the current process, return the progress of 4747 * that stream. 4748 */ 4749 for (dsp = list_head(&ds->ds_sendstreams); dsp != NULL; 4750 dsp = list_next(&ds->ds_sendstreams, dsp)) { 4751 if (dsp->dsa_outfd == zc->zc_cookie && 4752 dsp->dsa_proc == curproc) 4753 break; 4754 } 4755 4756 if (dsp != NULL) 4757 zc->zc_cookie = *(dsp->dsa_off); 4758 else 4759 error = SET_ERROR(ENOENT); 4760 4761 mutex_exit(&ds->ds_sendstream_lock); 4762 dsl_dataset_rele(ds, FTAG); 4763 dsl_pool_rele(dp, FTAG); 4764 return (error); 4765 } 4766 4767 static int 4768 zfs_ioc_inject_fault(zfs_cmd_t *zc) 4769 { 4770 int id, error; 4771 4772 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id, 4773 &zc->zc_inject_record); 4774 4775 if (error == 0) 4776 zc->zc_guid = (uint64_t)id; 4777 4778 return (error); 4779 } 4780 4781 static int 4782 zfs_ioc_clear_fault(zfs_cmd_t *zc) 4783 { 4784 return (zio_clear_fault((int)zc->zc_guid)); 4785 } 4786 4787 static int 4788 zfs_ioc_inject_list_next(zfs_cmd_t *zc) 4789 { 4790 int id = (int)zc->zc_guid; 4791 int error; 4792 4793 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name), 4794 &zc->zc_inject_record); 4795 4796 zc->zc_guid = id; 4797 4798 return (error); 4799 } 4800 4801 static int 4802 zfs_ioc_error_log(zfs_cmd_t *zc) 4803 { 4804 spa_t *spa; 4805 int error; 4806 size_t count = (size_t)zc->zc_nvlist_dst_size; 4807 4808 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 4809 return (error); 4810 4811 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst, 4812 &count); 4813 if (error == 0) 4814 zc->zc_nvlist_dst_size = count; 4815 else 4816 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa); 4817 4818 spa_close(spa, FTAG); 4819 4820 return (error); 4821 } 4822 4823 static int 4824 zfs_ioc_clear(zfs_cmd_t *zc) 4825 { 4826 spa_t *spa; 4827 vdev_t *vd; 4828 int error; 4829 4830 /* 4831 * On zpool clear we also fix up missing slogs 4832 */ 4833 mutex_enter(&spa_namespace_lock); 4834 spa = spa_lookup(zc->zc_name); 4835 if (spa == NULL) { 4836 mutex_exit(&spa_namespace_lock); 4837 return (SET_ERROR(EIO)); 4838 } 4839 if (spa_get_log_state(spa) == SPA_LOG_MISSING) { 4840 /* we need to let spa_open/spa_load clear the chains */ 4841 spa_set_log_state(spa, SPA_LOG_CLEAR); 4842 } 4843 spa->spa_last_open_failed = 0; 4844 mutex_exit(&spa_namespace_lock); 4845 4846 if (zc->zc_cookie & ZPOOL_NO_REWIND) { 4847 error = spa_open(zc->zc_name, &spa, FTAG); 4848 } else { 4849 nvlist_t *policy; 4850 nvlist_t *config = NULL; 4851 4852 if (zc->zc_nvlist_src == 0) 4853 return (SET_ERROR(EINVAL)); 4854 4855 if ((error = get_nvlist(zc->zc_nvlist_src, 4856 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) { 4857 error = spa_open_rewind(zc->zc_name, &spa, FTAG, 4858 policy, &config); 4859 if (config != NULL) { 4860 int err; 4861 4862 if ((err = put_nvlist(zc, config)) != 0) 4863 error = err; 4864 nvlist_free(config); 4865 } 4866 nvlist_free(policy); 4867 } 4868 } 4869 4870 if (error != 0) 4871 return (error); 4872 4873 spa_vdev_state_enter(spa, SCL_NONE); 4874 4875 if (zc->zc_guid == 0) { 4876 vd = NULL; 4877 } else { 4878 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE); 4879 if (vd == NULL) { 4880 (void) spa_vdev_state_exit(spa, NULL, ENODEV); 4881 spa_close(spa, FTAG); 4882 return (SET_ERROR(ENODEV)); 4883 } 4884 } 4885 4886 vdev_clear(spa, vd); 4887 4888 (void) spa_vdev_state_exit(spa, NULL, 0); 4889 4890 /* 4891 * Resume any suspended I/Os. 4892 */ 4893 if (zio_resume(spa) != 0) 4894 error = SET_ERROR(EIO); 4895 4896 spa_close(spa, FTAG); 4897 4898 return (error); 4899 } 4900 4901 static int 4902 zfs_ioc_pool_reopen(zfs_cmd_t *zc) 4903 { 4904 spa_t *spa; 4905 int error; 4906 4907 error = spa_open(zc->zc_name, &spa, FTAG); 4908 if (error != 0) 4909 return (error); 4910 4911 spa_vdev_state_enter(spa, SCL_NONE); 4912 4913 /* 4914 * If a resilver is already in progress then set the 4915 * spa_scrub_reopen flag to B_TRUE so that we don't restart 4916 * the scan as a side effect of the reopen. Otherwise, let 4917 * vdev_open() decided if a resilver is required. 4918 */ 4919 spa->spa_scrub_reopen = dsl_scan_resilvering(spa->spa_dsl_pool); 4920 vdev_reopen(spa->spa_root_vdev); 4921 spa->spa_scrub_reopen = B_FALSE; 4922 4923 (void) spa_vdev_state_exit(spa, NULL, 0); 4924 spa_close(spa, FTAG); 4925 return (0); 4926 } 4927 /* 4928 * inputs: 4929 * zc_name name of filesystem 4930 * zc_value name of origin snapshot 4931 * 4932 * outputs: 4933 * zc_string name of conflicting snapshot, if there is one 4934 */ 4935 static int 4936 zfs_ioc_promote(zfs_cmd_t *zc) 4937 { 4938 char *cp; 4939 4940 /* 4941 * We don't need to unmount *all* the origin fs's snapshots, but 4942 * it's easier. 4943 */ 4944 cp = strchr(zc->zc_value, '@'); 4945 if (cp) 4946 *cp = '\0'; 4947 (void) dmu_objset_find(zc->zc_value, 4948 zfs_unmount_snap_cb, NULL, DS_FIND_SNAPSHOTS); 4949 return (dsl_dataset_promote(zc->zc_name, zc->zc_string)); 4950 } 4951 4952 /* 4953 * Retrieve a single {user|group}{used|quota}@... property. 4954 * 4955 * inputs: 4956 * zc_name name of filesystem 4957 * zc_objset_type zfs_userquota_prop_t 4958 * zc_value domain name (eg. "S-1-234-567-89") 4959 * zc_guid RID/UID/GID 4960 * 4961 * outputs: 4962 * zc_cookie property value 4963 */ 4964 static int 4965 zfs_ioc_userspace_one(zfs_cmd_t *zc) 4966 { 4967 zfsvfs_t *zfsvfs; 4968 int error; 4969 4970 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 4971 return (SET_ERROR(EINVAL)); 4972 4973 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE); 4974 if (error != 0) 4975 return (error); 4976 4977 error = zfs_userspace_one(zfsvfs, 4978 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie); 4979 zfsvfs_rele(zfsvfs, FTAG); 4980 4981 return (error); 4982 } 4983 4984 /* 4985 * inputs: 4986 * zc_name name of filesystem 4987 * zc_cookie zap cursor 4988 * zc_objset_type zfs_userquota_prop_t 4989 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist) 4990 * 4991 * outputs: 4992 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t) 4993 * zc_cookie zap cursor 4994 */ 4995 static int 4996 zfs_ioc_userspace_many(zfs_cmd_t *zc) 4997 { 4998 zfsvfs_t *zfsvfs; 4999 int bufsize = zc->zc_nvlist_dst_size; 5000 5001 if (bufsize <= 0) 5002 return (SET_ERROR(ENOMEM)); 5003 5004 int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE); 5005 if (error != 0) 5006 return (error); 5007 5008 void *buf = kmem_alloc(bufsize, KM_SLEEP); 5009 5010 error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie, 5011 buf, &zc->zc_nvlist_dst_size); 5012 5013 if (error == 0) { 5014 error = ddi_copyout(buf, 5015 (void *)(uintptr_t)zc->zc_nvlist_dst, 5016 zc->zc_nvlist_dst_size, zc->zc_iflags); 5017 } 5018 kmem_free(buf, bufsize); 5019 zfsvfs_rele(zfsvfs, FTAG); 5020 5021 return (error); 5022 } 5023 5024 /* 5025 * inputs: 5026 * zc_name name of filesystem 5027 * 5028 * outputs: 5029 * none 5030 */ 5031 static int 5032 zfs_ioc_userspace_upgrade(zfs_cmd_t *zc) 5033 { 5034 objset_t *os; 5035 int error = 0; 5036 zfsvfs_t *zfsvfs; 5037 5038 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) { 5039 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) { 5040 /* 5041 * If userused is not enabled, it may be because the 5042 * objset needs to be closed & reopened (to grow the 5043 * objset_phys_t). Suspend/resume the fs will do that. 5044 */ 5045 dsl_dataset_t *ds; 5046 5047 ds = dmu_objset_ds(zfsvfs->z_os); 5048 error = zfs_suspend_fs(zfsvfs); 5049 if (error == 0) { 5050 dmu_objset_refresh_ownership(zfsvfs->z_os, 5051 zfsvfs); 5052 error = zfs_resume_fs(zfsvfs, ds); 5053 } 5054 } 5055 if (error == 0) 5056 error = dmu_objset_userspace_upgrade(zfsvfs->z_os); 5057 #ifdef illumos 5058 VFS_RELE(zfsvfs->z_vfs); 5059 #else 5060 vfs_unbusy(zfsvfs->z_vfs); 5061 #endif 5062 } else { 5063 /* XXX kind of reading contents without owning */ 5064 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 5065 if (error != 0) 5066 return (error); 5067 5068 error = dmu_objset_userspace_upgrade(os); 5069 dmu_objset_rele(os, FTAG); 5070 } 5071 5072 return (error); 5073 } 5074 5075 #ifdef illumos 5076 /* 5077 * We don't want to have a hard dependency 5078 * against some special symbols in sharefs 5079 * nfs, and smbsrv. Determine them if needed when 5080 * the first file system is shared. 5081 * Neither sharefs, nfs or smbsrv are unloadable modules. 5082 */ 5083 int (*znfsexport_fs)(void *arg); 5084 int (*zshare_fs)(enum sharefs_sys_op, share_t *, uint32_t); 5085 int (*zsmbexport_fs)(void *arg, boolean_t add_share); 5086 5087 int zfs_nfsshare_inited; 5088 int zfs_smbshare_inited; 5089 5090 ddi_modhandle_t nfs_mod; 5091 ddi_modhandle_t sharefs_mod; 5092 ddi_modhandle_t smbsrv_mod; 5093 #endif /* illumos */ 5094 kmutex_t zfs_share_lock; 5095 5096 #ifdef illumos 5097 static int 5098 zfs_init_sharefs() 5099 { 5100 int error; 5101 5102 ASSERT(MUTEX_HELD(&zfs_share_lock)); 5103 /* Both NFS and SMB shares also require sharetab support. */ 5104 if (sharefs_mod == NULL && ((sharefs_mod = 5105 ddi_modopen("fs/sharefs", 5106 KRTLD_MODE_FIRST, &error)) == NULL)) { 5107 return (SET_ERROR(ENOSYS)); 5108 } 5109 if (zshare_fs == NULL && ((zshare_fs = 5110 (int (*)(enum sharefs_sys_op, share_t *, uint32_t)) 5111 ddi_modsym(sharefs_mod, "sharefs_impl", &error)) == NULL)) { 5112 return (SET_ERROR(ENOSYS)); 5113 } 5114 return (0); 5115 } 5116 #endif /* illumos */ 5117 5118 static int 5119 zfs_ioc_share(zfs_cmd_t *zc) 5120 { 5121 #ifdef illumos 5122 int error; 5123 int opcode; 5124 5125 switch (zc->zc_share.z_sharetype) { 5126 case ZFS_SHARE_NFS: 5127 case ZFS_UNSHARE_NFS: 5128 if (zfs_nfsshare_inited == 0) { 5129 mutex_enter(&zfs_share_lock); 5130 if (nfs_mod == NULL && ((nfs_mod = ddi_modopen("fs/nfs", 5131 KRTLD_MODE_FIRST, &error)) == NULL)) { 5132 mutex_exit(&zfs_share_lock); 5133 return (SET_ERROR(ENOSYS)); 5134 } 5135 if (znfsexport_fs == NULL && 5136 ((znfsexport_fs = (int (*)(void *)) 5137 ddi_modsym(nfs_mod, 5138 "nfs_export", &error)) == NULL)) { 5139 mutex_exit(&zfs_share_lock); 5140 return (SET_ERROR(ENOSYS)); 5141 } 5142 error = zfs_init_sharefs(); 5143 if (error != 0) { 5144 mutex_exit(&zfs_share_lock); 5145 return (SET_ERROR(ENOSYS)); 5146 } 5147 zfs_nfsshare_inited = 1; 5148 mutex_exit(&zfs_share_lock); 5149 } 5150 break; 5151 case ZFS_SHARE_SMB: 5152 case ZFS_UNSHARE_SMB: 5153 if (zfs_smbshare_inited == 0) { 5154 mutex_enter(&zfs_share_lock); 5155 if (smbsrv_mod == NULL && ((smbsrv_mod = 5156 ddi_modopen("drv/smbsrv", 5157 KRTLD_MODE_FIRST, &error)) == NULL)) { 5158 mutex_exit(&zfs_share_lock); 5159 return (SET_ERROR(ENOSYS)); 5160 } 5161 if (zsmbexport_fs == NULL && ((zsmbexport_fs = 5162 (int (*)(void *, boolean_t))ddi_modsym(smbsrv_mod, 5163 "smb_server_share", &error)) == NULL)) { 5164 mutex_exit(&zfs_share_lock); 5165 return (SET_ERROR(ENOSYS)); 5166 } 5167 error = zfs_init_sharefs(); 5168 if (error != 0) { 5169 mutex_exit(&zfs_share_lock); 5170 return (SET_ERROR(ENOSYS)); 5171 } 5172 zfs_smbshare_inited = 1; 5173 mutex_exit(&zfs_share_lock); 5174 } 5175 break; 5176 default: 5177 return (SET_ERROR(EINVAL)); 5178 } 5179 5180 switch (zc->zc_share.z_sharetype) { 5181 case ZFS_SHARE_NFS: 5182 case ZFS_UNSHARE_NFS: 5183 if (error = 5184 znfsexport_fs((void *) 5185 (uintptr_t)zc->zc_share.z_exportdata)) 5186 return (error); 5187 break; 5188 case ZFS_SHARE_SMB: 5189 case ZFS_UNSHARE_SMB: 5190 if (error = zsmbexport_fs((void *) 5191 (uintptr_t)zc->zc_share.z_exportdata, 5192 zc->zc_share.z_sharetype == ZFS_SHARE_SMB ? 5193 B_TRUE: B_FALSE)) { 5194 return (error); 5195 } 5196 break; 5197 } 5198 5199 opcode = (zc->zc_share.z_sharetype == ZFS_SHARE_NFS || 5200 zc->zc_share.z_sharetype == ZFS_SHARE_SMB) ? 5201 SHAREFS_ADD : SHAREFS_REMOVE; 5202 5203 /* 5204 * Add or remove share from sharetab 5205 */ 5206 error = zshare_fs(opcode, 5207 (void *)(uintptr_t)zc->zc_share.z_sharedata, 5208 zc->zc_share.z_sharemax); 5209 5210 return (error); 5211 5212 #else /* !illumos */ 5213 return (ENOSYS); 5214 #endif /* illumos */ 5215 } 5216 5217 ace_t full_access[] = { 5218 {(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0} 5219 }; 5220 5221 /* 5222 * inputs: 5223 * zc_name name of containing filesystem 5224 * zc_obj object # beyond which we want next in-use object # 5225 * 5226 * outputs: 5227 * zc_obj next in-use object # 5228 */ 5229 static int 5230 zfs_ioc_next_obj(zfs_cmd_t *zc) 5231 { 5232 objset_t *os = NULL; 5233 int error; 5234 5235 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 5236 if (error != 0) 5237 return (error); 5238 5239 error = dmu_object_next(os, &zc->zc_obj, B_FALSE, 5240 dsl_dataset_phys(os->os_dsl_dataset)->ds_prev_snap_txg); 5241 5242 dmu_objset_rele(os, FTAG); 5243 return (error); 5244 } 5245 5246 /* 5247 * inputs: 5248 * zc_name name of filesystem 5249 * zc_value prefix name for snapshot 5250 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process 5251 * 5252 * outputs: 5253 * zc_value short name of new snapshot 5254 */ 5255 static int 5256 zfs_ioc_tmp_snapshot(zfs_cmd_t *zc) 5257 { 5258 char *snap_name; 5259 char *hold_name; 5260 int error; 5261 minor_t minor; 5262 5263 error = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor); 5264 if (error != 0) 5265 return (error); 5266 5267 snap_name = kmem_asprintf("%s-%016llx", zc->zc_value, 5268 (u_longlong_t)ddi_get_lbolt64()); 5269 hold_name = kmem_asprintf("%%%s", zc->zc_value); 5270 5271 error = dsl_dataset_snapshot_tmp(zc->zc_name, snap_name, minor, 5272 hold_name); 5273 if (error == 0) 5274 (void) strcpy(zc->zc_value, snap_name); 5275 strfree(snap_name); 5276 strfree(hold_name); 5277 zfs_onexit_fd_rele(zc->zc_cleanup_fd); 5278 return (error); 5279 } 5280 5281 /* 5282 * inputs: 5283 * zc_name name of "to" snapshot 5284 * zc_value name of "from" snapshot 5285 * zc_cookie file descriptor to write diff data on 5286 * 5287 * outputs: 5288 * dmu_diff_record_t's to the file descriptor 5289 */ 5290 static int 5291 zfs_ioc_diff(zfs_cmd_t *zc) 5292 { 5293 file_t *fp; 5294 offset_t off; 5295 int error; 5296 5297 #ifdef __FreeBSD__ 5298 cap_rights_t rights; 5299 5300 fget_write(curthread, zc->zc_cookie, 5301 cap_rights_init(&rights, CAP_WRITE), &fp); 5302 #else 5303 fp = getf(zc->zc_cookie); 5304 #endif 5305 if (fp == NULL) 5306 return (SET_ERROR(EBADF)); 5307 5308 off = fp->f_offset; 5309 5310 #ifdef __FreeBSD__ 5311 error = dmu_diff(zc->zc_name, zc->zc_value, fp, &off); 5312 #else 5313 error = dmu_diff(zc->zc_name, zc->zc_value, fp->f_vnode, &off); 5314 #endif 5315 5316 if (off >= 0 && off <= MAXOFFSET_T) 5317 fp->f_offset = off; 5318 releasef(zc->zc_cookie); 5319 5320 return (error); 5321 } 5322 5323 #ifdef illumos 5324 /* 5325 * Remove all ACL files in shares dir 5326 */ 5327 static int 5328 zfs_smb_acl_purge(znode_t *dzp) 5329 { 5330 zap_cursor_t zc; 5331 zap_attribute_t zap; 5332 zfsvfs_t *zfsvfs = dzp->z_zfsvfs; 5333 int error; 5334 5335 for (zap_cursor_init(&zc, zfsvfs->z_os, dzp->z_id); 5336 (error = zap_cursor_retrieve(&zc, &zap)) == 0; 5337 zap_cursor_advance(&zc)) { 5338 if ((error = VOP_REMOVE(ZTOV(dzp), zap.za_name, kcred, 5339 NULL, 0)) != 0) 5340 break; 5341 } 5342 zap_cursor_fini(&zc); 5343 return (error); 5344 } 5345 #endif /* illumos */ 5346 5347 static int 5348 zfs_ioc_smb_acl(zfs_cmd_t *zc) 5349 { 5350 #ifdef illumos 5351 vnode_t *vp; 5352 znode_t *dzp; 5353 vnode_t *resourcevp = NULL; 5354 znode_t *sharedir; 5355 zfsvfs_t *zfsvfs; 5356 nvlist_t *nvlist; 5357 char *src, *target; 5358 vattr_t vattr; 5359 vsecattr_t vsec; 5360 int error = 0; 5361 5362 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE, 5363 NO_FOLLOW, NULL, &vp)) != 0) 5364 return (error); 5365 5366 /* Now make sure mntpnt and dataset are ZFS */ 5367 5368 if (strcmp(vp->v_vfsp->mnt_stat.f_fstypename, "zfs") != 0 || 5369 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource), 5370 zc->zc_name) != 0)) { 5371 VN_RELE(vp); 5372 return (SET_ERROR(EINVAL)); 5373 } 5374 5375 dzp = VTOZ(vp); 5376 zfsvfs = dzp->z_zfsvfs; 5377 ZFS_ENTER(zfsvfs); 5378 5379 /* 5380 * Create share dir if its missing. 5381 */ 5382 mutex_enter(&zfsvfs->z_lock); 5383 if (zfsvfs->z_shares_dir == 0) { 5384 dmu_tx_t *tx; 5385 5386 tx = dmu_tx_create(zfsvfs->z_os); 5387 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, TRUE, 5388 ZFS_SHARES_DIR); 5389 dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL); 5390 error = dmu_tx_assign(tx, TXG_WAIT); 5391 if (error != 0) { 5392 dmu_tx_abort(tx); 5393 } else { 5394 error = zfs_create_share_dir(zfsvfs, tx); 5395 dmu_tx_commit(tx); 5396 } 5397 if (error != 0) { 5398 mutex_exit(&zfsvfs->z_lock); 5399 VN_RELE(vp); 5400 ZFS_EXIT(zfsvfs); 5401 return (error); 5402 } 5403 } 5404 mutex_exit(&zfsvfs->z_lock); 5405 5406 ASSERT(zfsvfs->z_shares_dir); 5407 if ((error = zfs_zget(zfsvfs, zfsvfs->z_shares_dir, &sharedir)) != 0) { 5408 VN_RELE(vp); 5409 ZFS_EXIT(zfsvfs); 5410 return (error); 5411 } 5412 5413 switch (zc->zc_cookie) { 5414 case ZFS_SMB_ACL_ADD: 5415 vattr.va_mask = AT_MODE|AT_UID|AT_GID|AT_TYPE; 5416 vattr.va_type = VREG; 5417 vattr.va_mode = S_IFREG|0777; 5418 vattr.va_uid = 0; 5419 vattr.va_gid = 0; 5420 5421 vsec.vsa_mask = VSA_ACE; 5422 vsec.vsa_aclentp = &full_access; 5423 vsec.vsa_aclentsz = sizeof (full_access); 5424 vsec.vsa_aclcnt = 1; 5425 5426 error = VOP_CREATE(ZTOV(sharedir), zc->zc_string, 5427 &vattr, EXCL, 0, &resourcevp, kcred, 0, NULL, &vsec); 5428 if (resourcevp) 5429 VN_RELE(resourcevp); 5430 break; 5431 5432 case ZFS_SMB_ACL_REMOVE: 5433 error = VOP_REMOVE(ZTOV(sharedir), zc->zc_string, kcred, 5434 NULL, 0); 5435 break; 5436 5437 case ZFS_SMB_ACL_RENAME: 5438 if ((error = get_nvlist(zc->zc_nvlist_src, 5439 zc->zc_nvlist_src_size, zc->zc_iflags, &nvlist)) != 0) { 5440 VN_RELE(vp); 5441 VN_RELE(ZTOV(sharedir)); 5442 ZFS_EXIT(zfsvfs); 5443 return (error); 5444 } 5445 if (nvlist_lookup_string(nvlist, ZFS_SMB_ACL_SRC, &src) || 5446 nvlist_lookup_string(nvlist, ZFS_SMB_ACL_TARGET, 5447 &target)) { 5448 VN_RELE(vp); 5449 VN_RELE(ZTOV(sharedir)); 5450 ZFS_EXIT(zfsvfs); 5451 nvlist_free(nvlist); 5452 return (error); 5453 } 5454 error = VOP_RENAME(ZTOV(sharedir), src, ZTOV(sharedir), target, 5455 kcred, NULL, 0); 5456 nvlist_free(nvlist); 5457 break; 5458 5459 case ZFS_SMB_ACL_PURGE: 5460 error = zfs_smb_acl_purge(sharedir); 5461 break; 5462 5463 default: 5464 error = SET_ERROR(EINVAL); 5465 break; 5466 } 5467 5468 VN_RELE(vp); 5469 VN_RELE(ZTOV(sharedir)); 5470 5471 ZFS_EXIT(zfsvfs); 5472 5473 return (error); 5474 #else /* !illumos */ 5475 return (EOPNOTSUPP); 5476 #endif /* illumos */ 5477 } 5478 5479 /* 5480 * innvl: { 5481 * "holds" -> { snapname -> holdname (string), ... } 5482 * (optional) "cleanup_fd" -> fd (int32) 5483 * } 5484 * 5485 * outnvl: { 5486 * snapname -> error value (int32) 5487 * ... 5488 * } 5489 */ 5490 /* ARGSUSED */ 5491 static int 5492 zfs_ioc_hold(const char *pool, nvlist_t *args, nvlist_t *errlist) 5493 { 5494 nvpair_t *pair; 5495 nvlist_t *holds; 5496 int cleanup_fd = -1; 5497 int error; 5498 minor_t minor = 0; 5499 5500 error = nvlist_lookup_nvlist(args, "holds", &holds); 5501 if (error != 0) 5502 return (SET_ERROR(EINVAL)); 5503 5504 /* make sure the user didn't pass us any invalid (empty) tags */ 5505 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL; 5506 pair = nvlist_next_nvpair(holds, pair)) { 5507 char *htag; 5508 5509 error = nvpair_value_string(pair, &htag); 5510 if (error != 0) 5511 return (SET_ERROR(error)); 5512 5513 if (strlen(htag) == 0) 5514 return (SET_ERROR(EINVAL)); 5515 } 5516 5517 if (nvlist_lookup_int32(args, "cleanup_fd", &cleanup_fd) == 0) { 5518 error = zfs_onexit_fd_hold(cleanup_fd, &minor); 5519 if (error != 0) 5520 return (error); 5521 } 5522 5523 error = dsl_dataset_user_hold(holds, minor, errlist); 5524 if (minor != 0) 5525 zfs_onexit_fd_rele(cleanup_fd); 5526 return (error); 5527 } 5528 5529 /* 5530 * innvl is not used. 5531 * 5532 * outnvl: { 5533 * holdname -> time added (uint64 seconds since epoch) 5534 * ... 5535 * } 5536 */ 5537 /* ARGSUSED */ 5538 static int 5539 zfs_ioc_get_holds(const char *snapname, nvlist_t *args, nvlist_t *outnvl) 5540 { 5541 return (dsl_dataset_get_holds(snapname, outnvl)); 5542 } 5543 5544 /* 5545 * innvl: { 5546 * snapname -> { holdname, ... } 5547 * ... 5548 * } 5549 * 5550 * outnvl: { 5551 * snapname -> error value (int32) 5552 * ... 5553 * } 5554 */ 5555 /* ARGSUSED */ 5556 static int 5557 zfs_ioc_release(const char *pool, nvlist_t *holds, nvlist_t *errlist) 5558 { 5559 return (dsl_dataset_user_release(holds, errlist)); 5560 } 5561 5562 /* 5563 * inputs: 5564 * zc_name name of new filesystem or snapshot 5565 * zc_value full name of old snapshot 5566 * 5567 * outputs: 5568 * zc_cookie space in bytes 5569 * zc_objset_type compressed space in bytes 5570 * zc_perm_action uncompressed space in bytes 5571 */ 5572 static int 5573 zfs_ioc_space_written(zfs_cmd_t *zc) 5574 { 5575 int error; 5576 dsl_pool_t *dp; 5577 dsl_dataset_t *new, *old; 5578 5579 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 5580 if (error != 0) 5581 return (error); 5582 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &new); 5583 if (error != 0) { 5584 dsl_pool_rele(dp, FTAG); 5585 return (error); 5586 } 5587 error = dsl_dataset_hold(dp, zc->zc_value, FTAG, &old); 5588 if (error != 0) { 5589 dsl_dataset_rele(new, FTAG); 5590 dsl_pool_rele(dp, FTAG); 5591 return (error); 5592 } 5593 5594 error = dsl_dataset_space_written(old, new, &zc->zc_cookie, 5595 &zc->zc_objset_type, &zc->zc_perm_action); 5596 dsl_dataset_rele(old, FTAG); 5597 dsl_dataset_rele(new, FTAG); 5598 dsl_pool_rele(dp, FTAG); 5599 return (error); 5600 } 5601 5602 /* 5603 * innvl: { 5604 * "firstsnap" -> snapshot name 5605 * } 5606 * 5607 * outnvl: { 5608 * "used" -> space in bytes 5609 * "compressed" -> compressed space in bytes 5610 * "uncompressed" -> uncompressed space in bytes 5611 * } 5612 */ 5613 static int 5614 zfs_ioc_space_snaps(const char *lastsnap, nvlist_t *innvl, nvlist_t *outnvl) 5615 { 5616 int error; 5617 dsl_pool_t *dp; 5618 dsl_dataset_t *new, *old; 5619 char *firstsnap; 5620 uint64_t used, comp, uncomp; 5621 5622 if (nvlist_lookup_string(innvl, "firstsnap", &firstsnap) != 0) 5623 return (SET_ERROR(EINVAL)); 5624 5625 error = dsl_pool_hold(lastsnap, FTAG, &dp); 5626 if (error != 0) 5627 return (error); 5628 5629 error = dsl_dataset_hold(dp, lastsnap, FTAG, &new); 5630 if (error == 0 && !new->ds_is_snapshot) { 5631 dsl_dataset_rele(new, FTAG); 5632 error = SET_ERROR(EINVAL); 5633 } 5634 if (error != 0) { 5635 dsl_pool_rele(dp, FTAG); 5636 return (error); 5637 } 5638 error = dsl_dataset_hold(dp, firstsnap, FTAG, &old); 5639 if (error == 0 && !old->ds_is_snapshot) { 5640 dsl_dataset_rele(old, FTAG); 5641 error = SET_ERROR(EINVAL); 5642 } 5643 if (error != 0) { 5644 dsl_dataset_rele(new, FTAG); 5645 dsl_pool_rele(dp, FTAG); 5646 return (error); 5647 } 5648 5649 error = dsl_dataset_space_wouldfree(old, new, &used, &comp, &uncomp); 5650 dsl_dataset_rele(old, FTAG); 5651 dsl_dataset_rele(new, FTAG); 5652 dsl_pool_rele(dp, FTAG); 5653 fnvlist_add_uint64(outnvl, "used", used); 5654 fnvlist_add_uint64(outnvl, "compressed", comp); 5655 fnvlist_add_uint64(outnvl, "uncompressed", uncomp); 5656 return (error); 5657 } 5658 5659 #ifdef __FreeBSD__ 5660 5661 static int 5662 zfs_ioc_jail(zfs_cmd_t *zc) 5663 { 5664 5665 return (zone_dataset_attach(curthread->td_ucred, zc->zc_name, 5666 (int)zc->zc_jailid)); 5667 } 5668 5669 static int 5670 zfs_ioc_unjail(zfs_cmd_t *zc) 5671 { 5672 5673 return (zone_dataset_detach(curthread->td_ucred, zc->zc_name, 5674 (int)zc->zc_jailid)); 5675 } 5676 5677 #endif 5678 5679 /* 5680 * innvl: { 5681 * "fd" -> file descriptor to write stream to (int32) 5682 * (optional) "fromsnap" -> full snap name to send an incremental from 5683 * (optional) "largeblockok" -> (value ignored) 5684 * indicates that blocks > 128KB are permitted 5685 * (optional) "embedok" -> (value ignored) 5686 * presence indicates DRR_WRITE_EMBEDDED records are permitted 5687 * (optional) "resume_object" and "resume_offset" -> (uint64) 5688 * if present, resume send stream from specified object and offset. 5689 * } 5690 * 5691 * outnvl is unused 5692 */ 5693 /* ARGSUSED */ 5694 static int 5695 zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl) 5696 { 5697 int error; 5698 offset_t off; 5699 char *fromname = NULL; 5700 int fd; 5701 boolean_t largeblockok; 5702 boolean_t embedok; 5703 uint64_t resumeobj = 0; 5704 uint64_t resumeoff = 0; 5705 5706 error = nvlist_lookup_int32(innvl, "fd", &fd); 5707 if (error != 0) 5708 return (SET_ERROR(EINVAL)); 5709 5710 (void) nvlist_lookup_string(innvl, "fromsnap", &fromname); 5711 5712 largeblockok = nvlist_exists(innvl, "largeblockok"); 5713 embedok = nvlist_exists(innvl, "embedok"); 5714 5715 (void) nvlist_lookup_uint64(innvl, "resume_object", &resumeobj); 5716 (void) nvlist_lookup_uint64(innvl, "resume_offset", &resumeoff); 5717 5718 #ifdef __FreeBSD__ 5719 cap_rights_t rights; 5720 5721 fget_write(curthread, fd, cap_rights_init(&rights, CAP_WRITE), &fp); 5722 #else 5723 file_t *fp = getf(fd); 5724 #endif 5725 if (fp == NULL) 5726 return (SET_ERROR(EBADF)); 5727 5728 off = fp->f_offset; 5729 error = dmu_send(snapname, fromname, embedok, largeblockok, fd, 5730 #ifdef illumos 5731 resumeobj, resumeoff, fp->f_vnode, &off); 5732 #else 5733 resumeobj, resumeoff, fp, &off); 5734 #endif 5735 5736 #ifdef illumos 5737 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0) 5738 fp->f_offset = off; 5739 #else 5740 fp->f_offset = off; 5741 #endif 5742 5743 releasef(fd); 5744 return (error); 5745 } 5746 5747 /* 5748 * Determine approximately how large a zfs send stream will be -- the number 5749 * of bytes that will be written to the fd supplied to zfs_ioc_send_new(). 5750 * 5751 * innvl: { 5752 * (optional) "from" -> full snap or bookmark name to send an incremental 5753 * from 5754 * } 5755 * 5756 * outnvl: { 5757 * "space" -> bytes of space (uint64) 5758 * } 5759 */ 5760 static int 5761 zfs_ioc_send_space(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl) 5762 { 5763 dsl_pool_t *dp; 5764 dsl_dataset_t *tosnap; 5765 int error; 5766 char *fromname; 5767 uint64_t space; 5768 5769 error = dsl_pool_hold(snapname, FTAG, &dp); 5770 if (error != 0) 5771 return (error); 5772 5773 error = dsl_dataset_hold(dp, snapname, FTAG, &tosnap); 5774 if (error != 0) { 5775 dsl_pool_rele(dp, FTAG); 5776 return (error); 5777 } 5778 5779 error = nvlist_lookup_string(innvl, "from", &fromname); 5780 if (error == 0) { 5781 if (strchr(fromname, '@') != NULL) { 5782 /* 5783 * If from is a snapshot, hold it and use the more 5784 * efficient dmu_send_estimate to estimate send space 5785 * size using deadlists. 5786 */ 5787 dsl_dataset_t *fromsnap; 5788 error = dsl_dataset_hold(dp, fromname, FTAG, &fromsnap); 5789 if (error != 0) 5790 goto out; 5791 error = dmu_send_estimate(tosnap, fromsnap, &space); 5792 dsl_dataset_rele(fromsnap, FTAG); 5793 } else if (strchr(fromname, '#') != NULL) { 5794 /* 5795 * If from is a bookmark, fetch the creation TXG of the 5796 * snapshot it was created from and use that to find 5797 * blocks that were born after it. 5798 */ 5799 zfs_bookmark_phys_t frombm; 5800 5801 error = dsl_bookmark_lookup(dp, fromname, tosnap, 5802 &frombm); 5803 if (error != 0) 5804 goto out; 5805 error = dmu_send_estimate_from_txg(tosnap, 5806 frombm.zbm_creation_txg, &space); 5807 } else { 5808 /* 5809 * from is not properly formatted as a snapshot or 5810 * bookmark 5811 */ 5812 error = SET_ERROR(EINVAL); 5813 goto out; 5814 } 5815 } else { 5816 // If estimating the size of a full send, use dmu_send_estimate 5817 error = dmu_send_estimate(tosnap, NULL, &space); 5818 } 5819 5820 fnvlist_add_uint64(outnvl, "space", space); 5821 5822 out: 5823 dsl_dataset_rele(tosnap, FTAG); 5824 dsl_pool_rele(dp, FTAG); 5825 return (error); 5826 } 5827 5828 static zfs_ioc_vec_t zfs_ioc_vec[ZFS_IOC_LAST - ZFS_IOC_FIRST]; 5829 5830 static void 5831 zfs_ioctl_register_legacy(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 5832 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck, 5833 boolean_t log_history, zfs_ioc_poolcheck_t pool_check) 5834 { 5835 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST]; 5836 5837 ASSERT3U(ioc, >=, ZFS_IOC_FIRST); 5838 ASSERT3U(ioc, <, ZFS_IOC_LAST); 5839 ASSERT3P(vec->zvec_legacy_func, ==, NULL); 5840 ASSERT3P(vec->zvec_func, ==, NULL); 5841 5842 vec->zvec_legacy_func = func; 5843 vec->zvec_secpolicy = secpolicy; 5844 vec->zvec_namecheck = namecheck; 5845 vec->zvec_allow_log = log_history; 5846 vec->zvec_pool_check = pool_check; 5847 } 5848 5849 /* 5850 * See the block comment at the beginning of this file for details on 5851 * each argument to this function. 5852 */ 5853 static void 5854 zfs_ioctl_register(const char *name, zfs_ioc_t ioc, zfs_ioc_func_t *func, 5855 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck, 5856 zfs_ioc_poolcheck_t pool_check, boolean_t smush_outnvlist, 5857 boolean_t allow_log) 5858 { 5859 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST]; 5860 5861 ASSERT3U(ioc, >=, ZFS_IOC_FIRST); 5862 ASSERT3U(ioc, <, ZFS_IOC_LAST); 5863 ASSERT3P(vec->zvec_legacy_func, ==, NULL); 5864 ASSERT3P(vec->zvec_func, ==, NULL); 5865 5866 /* if we are logging, the name must be valid */ 5867 ASSERT(!allow_log || namecheck != NO_NAME); 5868 5869 vec->zvec_name = name; 5870 vec->zvec_func = func; 5871 vec->zvec_secpolicy = secpolicy; 5872 vec->zvec_namecheck = namecheck; 5873 vec->zvec_pool_check = pool_check; 5874 vec->zvec_smush_outnvlist = smush_outnvlist; 5875 vec->zvec_allow_log = allow_log; 5876 } 5877 5878 static void 5879 zfs_ioctl_register_pool(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 5880 zfs_secpolicy_func_t *secpolicy, boolean_t log_history, 5881 zfs_ioc_poolcheck_t pool_check) 5882 { 5883 zfs_ioctl_register_legacy(ioc, func, secpolicy, 5884 POOL_NAME, log_history, pool_check); 5885 } 5886 5887 static void 5888 zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 5889 zfs_secpolicy_func_t *secpolicy, zfs_ioc_poolcheck_t pool_check) 5890 { 5891 zfs_ioctl_register_legacy(ioc, func, secpolicy, 5892 DATASET_NAME, B_FALSE, pool_check); 5893 } 5894 5895 static void 5896 zfs_ioctl_register_pool_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func) 5897 { 5898 zfs_ioctl_register_legacy(ioc, func, zfs_secpolicy_config, 5899 POOL_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 5900 } 5901 5902 static void 5903 zfs_ioctl_register_pool_meta(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 5904 zfs_secpolicy_func_t *secpolicy) 5905 { 5906 zfs_ioctl_register_legacy(ioc, func, secpolicy, 5907 NO_NAME, B_FALSE, POOL_CHECK_NONE); 5908 } 5909 5910 static void 5911 zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc, 5912 zfs_ioc_legacy_func_t *func, zfs_secpolicy_func_t *secpolicy) 5913 { 5914 zfs_ioctl_register_legacy(ioc, func, secpolicy, 5915 DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED); 5916 } 5917 5918 static void 5919 zfs_ioctl_register_dataset_read(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func) 5920 { 5921 zfs_ioctl_register_dataset_read_secpolicy(ioc, func, 5922 zfs_secpolicy_read); 5923 } 5924 5925 static void 5926 zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 5927 zfs_secpolicy_func_t *secpolicy) 5928 { 5929 zfs_ioctl_register_legacy(ioc, func, secpolicy, 5930 DATASET_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 5931 } 5932 5933 static void 5934 zfs_ioctl_init(void) 5935 { 5936 zfs_ioctl_register("snapshot", ZFS_IOC_SNAPSHOT, 5937 zfs_ioc_snapshot, zfs_secpolicy_snapshot, POOL_NAME, 5938 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5939 5940 zfs_ioctl_register("log_history", ZFS_IOC_LOG_HISTORY, 5941 zfs_ioc_log_history, zfs_secpolicy_log_history, NO_NAME, 5942 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE); 5943 5944 zfs_ioctl_register("space_snaps", ZFS_IOC_SPACE_SNAPS, 5945 zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME, 5946 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE); 5947 5948 zfs_ioctl_register("send", ZFS_IOC_SEND_NEW, 5949 zfs_ioc_send_new, zfs_secpolicy_send_new, DATASET_NAME, 5950 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE); 5951 5952 zfs_ioctl_register("send_space", ZFS_IOC_SEND_SPACE, 5953 zfs_ioc_send_space, zfs_secpolicy_read, DATASET_NAME, 5954 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE); 5955 5956 zfs_ioctl_register("create", ZFS_IOC_CREATE, 5957 zfs_ioc_create, zfs_secpolicy_create_clone, DATASET_NAME, 5958 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5959 5960 zfs_ioctl_register("clone", ZFS_IOC_CLONE, 5961 zfs_ioc_clone, zfs_secpolicy_create_clone, DATASET_NAME, 5962 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5963 5964 zfs_ioctl_register("destroy_snaps", ZFS_IOC_DESTROY_SNAPS, 5965 zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, POOL_NAME, 5966 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5967 5968 zfs_ioctl_register("hold", ZFS_IOC_HOLD, 5969 zfs_ioc_hold, zfs_secpolicy_hold, POOL_NAME, 5970 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5971 zfs_ioctl_register("release", ZFS_IOC_RELEASE, 5972 zfs_ioc_release, zfs_secpolicy_release, POOL_NAME, 5973 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5974 5975 zfs_ioctl_register("get_holds", ZFS_IOC_GET_HOLDS, 5976 zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME, 5977 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE); 5978 5979 zfs_ioctl_register("rollback", ZFS_IOC_ROLLBACK, 5980 zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME, 5981 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE); 5982 5983 zfs_ioctl_register("bookmark", ZFS_IOC_BOOKMARK, 5984 zfs_ioc_bookmark, zfs_secpolicy_bookmark, POOL_NAME, 5985 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5986 5987 zfs_ioctl_register("get_bookmarks", ZFS_IOC_GET_BOOKMARKS, 5988 zfs_ioc_get_bookmarks, zfs_secpolicy_read, DATASET_NAME, 5989 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE); 5990 5991 zfs_ioctl_register("destroy_bookmarks", ZFS_IOC_DESTROY_BOOKMARKS, 5992 zfs_ioc_destroy_bookmarks, zfs_secpolicy_destroy_bookmarks, 5993 POOL_NAME, 5994 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5995 5996 /* IOCTLS that use the legacy function signature */ 5997 5998 zfs_ioctl_register_legacy(ZFS_IOC_POOL_FREEZE, zfs_ioc_pool_freeze, 5999 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_READONLY); 6000 6001 zfs_ioctl_register_pool(ZFS_IOC_POOL_CREATE, zfs_ioc_pool_create, 6002 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE); 6003 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SCAN, 6004 zfs_ioc_pool_scan); 6005 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_UPGRADE, 6006 zfs_ioc_pool_upgrade); 6007 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ADD, 6008 zfs_ioc_vdev_add); 6009 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_REMOVE, 6010 zfs_ioc_vdev_remove); 6011 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SET_STATE, 6012 zfs_ioc_vdev_set_state); 6013 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ATTACH, 6014 zfs_ioc_vdev_attach); 6015 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_DETACH, 6016 zfs_ioc_vdev_detach); 6017 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETPATH, 6018 zfs_ioc_vdev_setpath); 6019 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETFRU, 6020 zfs_ioc_vdev_setfru); 6021 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SET_PROPS, 6022 zfs_ioc_pool_set_props); 6023 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SPLIT, 6024 zfs_ioc_vdev_split); 6025 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_REGUID, 6026 zfs_ioc_pool_reguid); 6027 6028 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_CONFIGS, 6029 zfs_ioc_pool_configs, zfs_secpolicy_none); 6030 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_TRYIMPORT, 6031 zfs_ioc_pool_tryimport, zfs_secpolicy_config); 6032 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_FAULT, 6033 zfs_ioc_inject_fault, zfs_secpolicy_inject); 6034 zfs_ioctl_register_pool_meta(ZFS_IOC_CLEAR_FAULT, 6035 zfs_ioc_clear_fault, zfs_secpolicy_inject); 6036 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_LIST_NEXT, 6037 zfs_ioc_inject_list_next, zfs_secpolicy_inject); 6038 6039 /* 6040 * pool destroy, and export don't log the history as part of 6041 * zfsdev_ioctl, but rather zfs_ioc_pool_export 6042 * does the logging of those commands. 6043 */ 6044 zfs_ioctl_register_pool(ZFS_IOC_POOL_DESTROY, zfs_ioc_pool_destroy, 6045 zfs_secpolicy_config, B_FALSE, POOL_CHECK_NONE); 6046 zfs_ioctl_register_pool(ZFS_IOC_POOL_EXPORT, zfs_ioc_pool_export, 6047 zfs_secpolicy_config, B_FALSE, POOL_CHECK_NONE); 6048 6049 zfs_ioctl_register_pool(ZFS_IOC_POOL_STATS, zfs_ioc_pool_stats, 6050 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE); 6051 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_PROPS, zfs_ioc_pool_get_props, 6052 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE); 6053 6054 zfs_ioctl_register_pool(ZFS_IOC_ERROR_LOG, zfs_ioc_error_log, 6055 zfs_secpolicy_inject, B_FALSE, POOL_CHECK_NONE); 6056 zfs_ioctl_register_pool(ZFS_IOC_DSOBJ_TO_DSNAME, 6057 zfs_ioc_dsobj_to_dsname, 6058 zfs_secpolicy_diff, B_FALSE, POOL_CHECK_NONE); 6059 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_HISTORY, 6060 zfs_ioc_pool_get_history, 6061 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED); 6062 6063 zfs_ioctl_register_pool(ZFS_IOC_POOL_IMPORT, zfs_ioc_pool_import, 6064 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE); 6065 6066 zfs_ioctl_register_pool(ZFS_IOC_CLEAR, zfs_ioc_clear, 6067 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE); 6068 zfs_ioctl_register_pool(ZFS_IOC_POOL_REOPEN, zfs_ioc_pool_reopen, 6069 zfs_secpolicy_config, B_TRUE, POOL_CHECK_SUSPENDED); 6070 6071 zfs_ioctl_register_dataset_read(ZFS_IOC_SPACE_WRITTEN, 6072 zfs_ioc_space_written); 6073 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_RECVD_PROPS, 6074 zfs_ioc_objset_recvd_props); 6075 zfs_ioctl_register_dataset_read(ZFS_IOC_NEXT_OBJ, 6076 zfs_ioc_next_obj); 6077 zfs_ioctl_register_dataset_read(ZFS_IOC_GET_FSACL, 6078 zfs_ioc_get_fsacl); 6079 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_STATS, 6080 zfs_ioc_objset_stats); 6081 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_ZPLPROPS, 6082 zfs_ioc_objset_zplprops); 6083 zfs_ioctl_register_dataset_read(ZFS_IOC_DATASET_LIST_NEXT, 6084 zfs_ioc_dataset_list_next); 6085 zfs_ioctl_register_dataset_read(ZFS_IOC_SNAPSHOT_LIST_NEXT, 6086 zfs_ioc_snapshot_list_next); 6087 zfs_ioctl_register_dataset_read(ZFS_IOC_SEND_PROGRESS, 6088 zfs_ioc_send_progress); 6089 6090 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_DIFF, 6091 zfs_ioc_diff, zfs_secpolicy_diff); 6092 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_STATS, 6093 zfs_ioc_obj_to_stats, zfs_secpolicy_diff); 6094 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_PATH, 6095 zfs_ioc_obj_to_path, zfs_secpolicy_diff); 6096 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_ONE, 6097 zfs_ioc_userspace_one, zfs_secpolicy_userspace_one); 6098 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_MANY, 6099 zfs_ioc_userspace_many, zfs_secpolicy_userspace_many); 6100 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_SEND, 6101 zfs_ioc_send, zfs_secpolicy_send); 6102 6103 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_PROP, zfs_ioc_set_prop, 6104 zfs_secpolicy_none); 6105 zfs_ioctl_register_dataset_modify(ZFS_IOC_DESTROY, zfs_ioc_destroy, 6106 zfs_secpolicy_destroy); 6107 zfs_ioctl_register_dataset_modify(ZFS_IOC_RENAME, zfs_ioc_rename, 6108 zfs_secpolicy_rename); 6109 zfs_ioctl_register_dataset_modify(ZFS_IOC_RECV, zfs_ioc_recv, 6110 zfs_secpolicy_recv); 6111 zfs_ioctl_register_dataset_modify(ZFS_IOC_PROMOTE, zfs_ioc_promote, 6112 zfs_secpolicy_promote); 6113 zfs_ioctl_register_dataset_modify(ZFS_IOC_INHERIT_PROP, 6114 zfs_ioc_inherit_prop, zfs_secpolicy_inherit_prop); 6115 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_FSACL, zfs_ioc_set_fsacl, 6116 zfs_secpolicy_set_fsacl); 6117 6118 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SHARE, zfs_ioc_share, 6119 zfs_secpolicy_share, POOL_CHECK_NONE); 6120 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SMB_ACL, zfs_ioc_smb_acl, 6121 zfs_secpolicy_smb_acl, POOL_CHECK_NONE); 6122 zfs_ioctl_register_dataset_nolog(ZFS_IOC_USERSPACE_UPGRADE, 6123 zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade, 6124 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 6125 zfs_ioctl_register_dataset_nolog(ZFS_IOC_TMP_SNAPSHOT, 6126 zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot, 6127 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 6128 6129 #ifdef __FreeBSD__ 6130 zfs_ioctl_register_dataset_nolog(ZFS_IOC_JAIL, zfs_ioc_jail, 6131 zfs_secpolicy_config, POOL_CHECK_NONE); 6132 zfs_ioctl_register_dataset_nolog(ZFS_IOC_UNJAIL, zfs_ioc_unjail, 6133 zfs_secpolicy_config, POOL_CHECK_NONE); 6134 zfs_ioctl_register("fbsd_nextboot", ZFS_IOC_NEXTBOOT, 6135 zfs_ioc_nextboot, zfs_secpolicy_config, NO_NAME, 6136 POOL_CHECK_NONE, B_FALSE, B_FALSE); 6137 #endif 6138 } 6139 6140 int 6141 pool_status_check(const char *name, zfs_ioc_namecheck_t type, 6142 zfs_ioc_poolcheck_t check) 6143 { 6144 spa_t *spa; 6145 int error; 6146 6147 ASSERT(type == POOL_NAME || type == DATASET_NAME); 6148 6149 if (check & POOL_CHECK_NONE) 6150 return (0); 6151 6152 error = spa_open(name, &spa, FTAG); 6153 if (error == 0) { 6154 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa)) 6155 error = SET_ERROR(EAGAIN); 6156 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa)) 6157 error = SET_ERROR(EROFS); 6158 spa_close(spa, FTAG); 6159 } 6160 return (error); 6161 } 6162 6163 /* 6164 * Find a free minor number. 6165 */ 6166 minor_t 6167 zfsdev_minor_alloc(void) 6168 { 6169 static minor_t last_minor; 6170 minor_t m; 6171 6172 ASSERT(MUTEX_HELD(&spa_namespace_lock)); 6173 6174 for (m = last_minor + 1; m != last_minor; m++) { 6175 if (m > ZFSDEV_MAX_MINOR) 6176 m = 1; 6177 if (ddi_get_soft_state(zfsdev_state, m) == NULL) { 6178 last_minor = m; 6179 return (m); 6180 } 6181 } 6182 6183 return (0); 6184 } 6185 6186 #ifdef __FreeBSD__ 6187 static int 6188 zfs_ctldev_init(struct cdev *devp) 6189 #else 6190 static int 6191 zfs_ctldev_init(dev_t *devp) 6192 #endif 6193 { 6194 minor_t minor; 6195 zfs_soft_state_t *zs; 6196 6197 ASSERT(MUTEX_HELD(&spa_namespace_lock)); 6198 6199 minor = zfsdev_minor_alloc(); 6200 if (minor == 0) 6201 return (SET_ERROR(ENXIO)); 6202 6203 if (ddi_soft_state_zalloc(zfsdev_state, minor) != DDI_SUCCESS) 6204 return (SET_ERROR(EAGAIN)); 6205 6206 #ifdef __FreeBSD__ 6207 devfs_set_cdevpriv((void *)(uintptr_t)minor, zfsdev_close); 6208 #endif 6209 6210 zs = ddi_get_soft_state(zfsdev_state, minor); 6211 zs->zss_type = ZSST_CTLDEV; 6212 zfs_onexit_init((zfs_onexit_t **)&zs->zss_data); 6213 6214 return (0); 6215 } 6216 6217 static void 6218 zfs_ctldev_destroy(zfs_onexit_t *zo, minor_t minor) 6219 { 6220 ASSERT(MUTEX_HELD(&spa_namespace_lock)); 6221 6222 zfs_onexit_destroy(zo); 6223 ddi_soft_state_free(zfsdev_state, minor); 6224 } 6225 6226 void * 6227 zfsdev_get_soft_state(minor_t minor, enum zfs_soft_state_type which) 6228 { 6229 zfs_soft_state_t *zp; 6230 6231 zp = ddi_get_soft_state(zfsdev_state, minor); 6232 if (zp == NULL || zp->zss_type != which) 6233 return (NULL); 6234 6235 return (zp->zss_data); 6236 } 6237 6238 #ifdef __FreeBSD__ 6239 static int 6240 zfsdev_open(struct cdev *devp, int flag, int mode, struct thread *td) 6241 #endif 6242 #ifdef __NetBSD__ 6243 static int 6244 zfsdev_open(dev_t *devp, int flag, int otyp, cred_t *cr) 6245 #endif 6246 { 6247 int error = 0; 6248 6249 #ifndef __FreeBSD__ 6250 if (getminor(*devp) != 0) 6251 return (zvol_open(devp, flag, otyp, cr)); 6252 #endif 6253 6254 /* This is the control device. Allocate a new minor if requested. */ 6255 if (flag & FEXCL) { 6256 mutex_enter(&spa_namespace_lock); 6257 error = zfs_ctldev_init(devp); 6258 mutex_exit(&spa_namespace_lock); 6259 } 6260 6261 return (error); 6262 } 6263 6264 #ifdef __FreeBSD__ 6265 static void 6266 zfsdev_close(void *data) 6267 #endif 6268 #ifdef __NetBSD__ 6269 static int 6270 zfsdev_close(dev_t dev, int flag, int otyp, cred_t *cr) 6271 #endif 6272 { 6273 zfs_onexit_t *zo; 6274 #ifdef __FreeBSD__ 6275 minor_t minor = (minor_t)(uintptr_t)data; 6276 #endif 6277 #ifdef __NetBSD__ 6278 minor_t minor = getminor(dev); 6279 #endif 6280 6281 if (minor == 0) 6282 #ifdef __FreeBSD__ 6283 return; 6284 #else 6285 return (0); 6286 #endif 6287 6288 mutex_enter(&spa_namespace_lock); 6289 zo = zfsdev_get_soft_state(minor, ZSST_CTLDEV); 6290 if (zo == NULL) { 6291 mutex_exit(&spa_namespace_lock); 6292 #ifdef __FreeBSD__ 6293 return; 6294 #else 6295 return 0; 6296 #endif 6297 } 6298 zfs_ctldev_destroy(zo, minor); 6299 mutex_exit(&spa_namespace_lock); 6300 6301 #ifndef __FreeBSD__ 6302 return (0); 6303 #endif 6304 } 6305 6306 #ifdef __FreeBSD__ 6307 static int 6308 zfsdev_ioctl(struct cdev *dev, u_long zcmd, caddr_t arg, int flag, 6309 struct thread *td) 6310 #endif 6311 #ifdef __NetBSD__ 6312 static int 6313 zfsdev_ioctl(dev_t dev, int zcmd, intptr_t iarg, int flag, cred_t *cr, int *rvalp) 6314 #endif 6315 { 6316 zfs_cmd_t *zc; 6317 uint_t vecnum; 6318 int error, rc, len; 6319 zfs_iocparm_t *zc_iocparm; 6320 int cflag, cmd, oldvecnum; 6321 boolean_t newioc, compat; 6322 void *compat_zc = NULL; 6323 #ifdef __FreeBSD__ 6324 cred_t *cr = td->td_ucred; 6325 #endif 6326 const zfs_ioc_vec_t *vec; 6327 char *saved_poolname = NULL; 6328 nvlist_t *innvl = NULL; 6329 #ifdef __NetBSD__ 6330 caddr_t arg = (caddr_t)iarg; 6331 #endif 6332 6333 #if defined(illumos) || defined(__NetBSD__) 6334 minor_t minor = getminor(dev); 6335 6336 if (minor != 0 && 6337 zfsdev_get_soft_state(minor, ZSST_CTLDEV) == NULL) 6338 return (zvol_ioctl(dev, zcmd, iarg, flag, cr, rvalp)); 6339 #endif 6340 #ifdef illumos 6341 vecnum = cmd - ZFS_IOC_FIRST; 6342 ASSERT3U(getmajor(dev), ==, ddi_driver_major(zfs_dip)); 6343 #endif 6344 6345 cflag = ZFS_CMD_COMPAT_NONE; 6346 compat = B_FALSE; 6347 newioc = B_TRUE; /* "new" style (zfs_iocparm_t) ioctl */ 6348 len = IOCPARM_LEN(zcmd); 6349 vecnum = cmd = zcmd & 0xff; 6350 6351 /* 6352 * Check if we are talking to supported older binaries 6353 * and translate zfs_cmd if necessary 6354 */ 6355 if (len != sizeof(zfs_iocparm_t)) { 6356 newioc = B_FALSE; 6357 compat = B_TRUE; 6358 6359 vecnum = cmd; 6360 6361 switch (len) { 6362 case sizeof(zfs_cmd_zcmd_t): 6363 cflag = ZFS_CMD_COMPAT_LZC; 6364 break; 6365 case sizeof(zfs_cmd_deadman_t): 6366 cflag = ZFS_CMD_COMPAT_DEADMAN; 6367 break; 6368 case sizeof(zfs_cmd_v28_t): 6369 cflag = ZFS_CMD_COMPAT_V28; 6370 break; 6371 case sizeof(zfs_cmd_v15_t): 6372 cflag = ZFS_CMD_COMPAT_V15; 6373 vecnum = zfs_ioctl_v15_to_v28[cmd]; 6374 6375 /* 6376 * Return without further handling 6377 * if the command is blacklisted. 6378 */ 6379 if (vecnum == ZFS_IOC_COMPAT_PASS) 6380 return (0); 6381 else if (vecnum == ZFS_IOC_COMPAT_FAIL) 6382 return (ENOTSUP); 6383 break; 6384 default: 6385 return (EINVAL); 6386 } 6387 } 6388 6389 if (vecnum >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0])) 6390 return (SET_ERROR(EINVAL)); 6391 vec = &zfs_ioc_vec[vecnum]; 6392 6393 zc = kmem_zalloc(sizeof(zfs_cmd_t), KM_SLEEP); 6394 6395 #ifdef illumos 6396 error = ddi_copyin((void *)arg, zc, sizeof (zfs_cmd_t), flag); 6397 if (error != 0) { 6398 error = SET_ERROR(EFAULT); 6399 goto out; 6400 } 6401 #else /* !illumos */ 6402 6403 bzero(zc, sizeof(zfs_cmd_t)); 6404 6405 if (newioc) { 6406 zc_iocparm = (void *)arg; 6407 6408 switch (zc_iocparm->zfs_ioctl_version) { 6409 case ZFS_IOCVER_CURRENT: 6410 if (zc_iocparm->zfs_cmd_size != sizeof(zfs_cmd_t)) { 6411 error = SET_ERROR(EINVAL); 6412 goto out; 6413 } 6414 break; 6415 case ZFS_IOCVER_INLANES: 6416 if (zc_iocparm->zfs_cmd_size != sizeof(zfs_cmd_inlanes_t)) { 6417 error = SET_ERROR(EFAULT); 6418 goto out; 6419 } 6420 compat = B_TRUE; 6421 cflag = ZFS_CMD_COMPAT_INLANES; 6422 break; 6423 case ZFS_IOCVER_RESUME: 6424 if (zc_iocparm->zfs_cmd_size != sizeof(zfs_cmd_resume_t)) { 6425 error = SET_ERROR(EFAULT); 6426 goto out; 6427 } 6428 compat = B_TRUE; 6429 cflag = ZFS_CMD_COMPAT_RESUME; 6430 break; 6431 case ZFS_IOCVER_EDBP: 6432 if (zc_iocparm->zfs_cmd_size != sizeof(zfs_cmd_edbp_t)) { 6433 error = SET_ERROR(EFAULT); 6434 goto out; 6435 } 6436 compat = B_TRUE; 6437 cflag = ZFS_CMD_COMPAT_EDBP; 6438 break; 6439 case ZFS_IOCVER_ZCMD: 6440 if (zc_iocparm->zfs_cmd_size > sizeof(zfs_cmd_t) || 6441 zc_iocparm->zfs_cmd_size < sizeof(zfs_cmd_zcmd_t)) { 6442 error = SET_ERROR(EFAULT); 6443 goto out; 6444 } 6445 compat = B_TRUE; 6446 cflag = ZFS_CMD_COMPAT_ZCMD; 6447 break; 6448 default: 6449 error = SET_ERROR(EINVAL); 6450 goto out; 6451 /* NOTREACHED */ 6452 } 6453 6454 if (compat) { 6455 ASSERT(sizeof(zfs_cmd_t) >= zc_iocparm->zfs_cmd_size); 6456 compat_zc = kmem_zalloc(sizeof(zfs_cmd_t), KM_SLEEP); 6457 bzero(compat_zc, sizeof(zfs_cmd_t)); 6458 6459 error = ddi_copyin((void *)(uintptr_t)zc_iocparm->zfs_cmd, 6460 compat_zc, zc_iocparm->zfs_cmd_size, flag); 6461 if (error != 0) { 6462 error = SET_ERROR(EFAULT); 6463 goto out; 6464 } 6465 } else { 6466 error = ddi_copyin((void *)(uintptr_t)zc_iocparm->zfs_cmd, 6467 zc, zc_iocparm->zfs_cmd_size, flag); 6468 if (error != 0) { 6469 error = SET_ERROR(EFAULT); 6470 goto out; 6471 } 6472 } 6473 } 6474 6475 if (compat) { 6476 if (newioc) { 6477 ASSERT(compat_zc != NULL); 6478 zfs_cmd_compat_get(zc, compat_zc, cflag); 6479 } else { 6480 ASSERT(compat_zc == NULL); 6481 zfs_cmd_compat_get(zc, arg, cflag); 6482 } 6483 oldvecnum = vecnum; 6484 error = zfs_ioctl_compat_pre(zc, &vecnum, cflag); 6485 if (error != 0) 6486 goto out; 6487 if (oldvecnum != vecnum) 6488 vec = &zfs_ioc_vec[vecnum]; 6489 } 6490 #endif /* !illumos */ 6491 6492 zc->zc_iflags = flag & FKIOCTL; 6493 if (zc->zc_nvlist_src_size != 0) { 6494 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 6495 zc->zc_iflags, &innvl); 6496 if (error != 0) 6497 goto out; 6498 } 6499 6500 /* rewrite innvl for backwards compatibility */ 6501 if (compat) 6502 innvl = zfs_ioctl_compat_innvl(zc, innvl, vecnum, cflag); 6503 6504 /* 6505 * Ensure that all pool/dataset names are valid before we pass down to 6506 * the lower layers. 6507 */ 6508 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0'; 6509 switch (vec->zvec_namecheck) { 6510 case POOL_NAME: 6511 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0) 6512 error = SET_ERROR(EINVAL); 6513 else 6514 error = pool_status_check(zc->zc_name, 6515 vec->zvec_namecheck, vec->zvec_pool_check); 6516 break; 6517 6518 case DATASET_NAME: 6519 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0) 6520 error = SET_ERROR(EINVAL); 6521 else 6522 error = pool_status_check(zc->zc_name, 6523 vec->zvec_namecheck, vec->zvec_pool_check); 6524 break; 6525 6526 case NO_NAME: 6527 break; 6528 } 6529 6530 if (error == 0) 6531 error = vec->zvec_secpolicy(zc, innvl, cr); 6532 6533 if (error != 0) 6534 goto out; 6535 6536 /* legacy ioctls can modify zc_name */ 6537 len = strcspn(zc->zc_name, "/@#") + 1; 6538 saved_poolname = kmem_alloc(len, KM_SLEEP); 6539 (void) strlcpy(saved_poolname, zc->zc_name, len); 6540 6541 if (vec->zvec_func != NULL) { 6542 nvlist_t *outnvl; 6543 int puterror = 0; 6544 spa_t *spa; 6545 nvlist_t *lognv = NULL; 6546 6547 ASSERT(vec->zvec_legacy_func == NULL); 6548 6549 /* 6550 * Add the innvl to the lognv before calling the func, 6551 * in case the func changes the innvl. 6552 */ 6553 if (vec->zvec_allow_log) { 6554 lognv = fnvlist_alloc(); 6555 fnvlist_add_string(lognv, ZPOOL_HIST_IOCTL, 6556 vec->zvec_name); 6557 if (!nvlist_empty(innvl)) { 6558 fnvlist_add_nvlist(lognv, ZPOOL_HIST_INPUT_NVL, 6559 innvl); 6560 } 6561 } 6562 6563 outnvl = fnvlist_alloc(); 6564 error = vec->zvec_func(zc->zc_name, innvl, outnvl); 6565 6566 if (error == 0 && vec->zvec_allow_log && 6567 spa_open(zc->zc_name, &spa, FTAG) == 0) { 6568 if (!nvlist_empty(outnvl)) { 6569 fnvlist_add_nvlist(lognv, ZPOOL_HIST_OUTPUT_NVL, 6570 outnvl); 6571 } 6572 (void) spa_history_log_nvl(spa, lognv); 6573 spa_close(spa, FTAG); 6574 } 6575 fnvlist_free(lognv); 6576 6577 /* rewrite outnvl for backwards compatibility */ 6578 if (compat) 6579 outnvl = zfs_ioctl_compat_outnvl(zc, outnvl, vecnum, 6580 cflag); 6581 6582 if (!nvlist_empty(outnvl) || zc->zc_nvlist_dst_size != 0) { 6583 int smusherror = 0; 6584 if (vec->zvec_smush_outnvlist) { 6585 smusherror = nvlist_smush(outnvl, 6586 zc->zc_nvlist_dst_size); 6587 } 6588 if (smusherror == 0) 6589 puterror = put_nvlist(zc, outnvl); 6590 } 6591 6592 if (puterror != 0) 6593 error = puterror; 6594 6595 nvlist_free(outnvl); 6596 } else { 6597 error = vec->zvec_legacy_func(zc); 6598 } 6599 6600 out: 6601 nvlist_free(innvl); 6602 6603 #ifdef illumos 6604 rc = ddi_copyout(zc, (void *)arg, sizeof (zfs_cmd_t), flag); 6605 if (error == 0 && rc != 0) 6606 error = SET_ERROR(EFAULT); 6607 #else 6608 if (compat) { 6609 zfs_ioctl_compat_post(zc, cmd, cflag); 6610 if (newioc) { 6611 ASSERT(compat_zc != NULL); 6612 ASSERT(sizeof(zfs_cmd_t) >= zc_iocparm->zfs_cmd_size); 6613 6614 zfs_cmd_compat_put(zc, compat_zc, vecnum, cflag); 6615 rc = ddi_copyout(compat_zc, 6616 (void *)(uintptr_t)zc_iocparm->zfs_cmd, 6617 zc_iocparm->zfs_cmd_size, flag); 6618 if (error == 0 && rc != 0) 6619 error = SET_ERROR(EFAULT); 6620 kmem_free(compat_zc, sizeof (zfs_cmd_t)); 6621 } else { 6622 zfs_cmd_compat_put(zc, arg, vecnum, cflag); 6623 } 6624 } else { 6625 ASSERT(newioc); 6626 6627 rc = ddi_copyout(zc, (void *)(uintptr_t)zc_iocparm->zfs_cmd, 6628 sizeof (zfs_cmd_t), flag); 6629 if (error == 0 && rc != 0) 6630 error = SET_ERROR(EFAULT); 6631 } 6632 #endif 6633 if (error == 0 && vec->zvec_allow_log) { 6634 char *s = tsd_get(zfs_allow_log_key); 6635 if (s != NULL) 6636 strfree(s); 6637 (void) tsd_set(zfs_allow_log_key, saved_poolname); 6638 } else { 6639 if (saved_poolname != NULL) 6640 strfree(saved_poolname); 6641 } 6642 6643 kmem_free(zc, sizeof (zfs_cmd_t)); 6644 return (error); 6645 } 6646 6647 static void 6648 zfs_allow_log_destroy(void *arg) 6649 { 6650 char *poolname = arg; 6651 strfree(poolname); 6652 } 6653 6654 #ifdef illumos 6655 static int 6656 zfs_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) 6657 { 6658 if (cmd != DDI_ATTACH) 6659 return (DDI_FAILURE); 6660 6661 if (ddi_create_minor_node(dip, "zfs", S_IFCHR, 0, 6662 DDI_PSEUDO, 0) == DDI_FAILURE) 6663 return (DDI_FAILURE); 6664 6665 zfs_dip = dip; 6666 6667 ddi_report_dev(dip); 6668 6669 return (DDI_SUCCESS); 6670 } 6671 6672 static int 6673 zfs_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) 6674 { 6675 if (spa_busy() || zfs_busy() || zvol_busy()) 6676 return (DDI_FAILURE); 6677 6678 if (cmd != DDI_DETACH) 6679 return (DDI_FAILURE); 6680 6681 zfs_dip = NULL; 6682 6683 ddi_prop_remove_all(dip); 6684 ddi_remove_minor_node(dip, NULL); 6685 6686 return (DDI_SUCCESS); 6687 } 6688 6689 /*ARGSUSED*/ 6690 static int 6691 zfs_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result) 6692 { 6693 switch (infocmd) { 6694 case DDI_INFO_DEVT2DEVINFO: 6695 *result = zfs_dip; 6696 return (DDI_SUCCESS); 6697 6698 case DDI_INFO_DEVT2INSTANCE: 6699 *result = (void *)0; 6700 return (DDI_SUCCESS); 6701 } 6702 6703 return (DDI_FAILURE); 6704 } 6705 6706 /* 6707 * OK, so this is a little weird. 6708 * 6709 * /dev/zfs is the control node, i.e. minor 0. 6710 * /dev/zvol/[r]dsk/pool/dataset are the zvols, minor > 0. 6711 * 6712 * /dev/zfs has basically nothing to do except serve up ioctls, 6713 * so most of the standard driver entry points are in zvol.c. 6714 */ 6715 static struct cb_ops zfs_cb_ops = { 6716 zfsdev_open, /* open */ 6717 zfsdev_close, /* close */ 6718 zvol_strategy, /* strategy */ 6719 nodev, /* print */ 6720 zvol_dump, /* dump */ 6721 zvol_read, /* read */ 6722 zvol_write, /* write */ 6723 zfsdev_ioctl, /* ioctl */ 6724 nodev, /* devmap */ 6725 nodev, /* mmap */ 6726 nodev, /* segmap */ 6727 nochpoll, /* poll */ 6728 ddi_prop_op, /* prop_op */ 6729 NULL, /* streamtab */ 6730 D_NEW | D_MP | D_64BIT, /* Driver compatibility flag */ 6731 CB_REV, /* version */ 6732 nodev, /* async read */ 6733 nodev, /* async write */ 6734 }; 6735 6736 static struct dev_ops zfs_dev_ops = { 6737 DEVO_REV, /* version */ 6738 0, /* refcnt */ 6739 zfs_info, /* info */ 6740 nulldev, /* identify */ 6741 nulldev, /* probe */ 6742 zfs_attach, /* attach */ 6743 zfs_detach, /* detach */ 6744 nodev, /* reset */ 6745 &zfs_cb_ops, /* driver operations */ 6746 NULL, /* no bus operations */ 6747 NULL, /* power */ 6748 ddi_quiesce_not_needed, /* quiesce */ 6749 }; 6750 6751 static struct modldrv zfs_modldrv = { 6752 &mod_driverops, 6753 "ZFS storage pool", 6754 &zfs_dev_ops 6755 }; 6756 6757 static struct modlinkage modlinkage = { 6758 MODREV_1, 6759 (void *)&zfs_modlfs, 6760 (void *)&zfs_modldrv, 6761 NULL 6762 }; 6763 6764 int 6765 _init(void) 6766 { 6767 int error; 6768 6769 spa_init(FREAD | FWRITE); 6770 zfs_init(); 6771 zvol_init(); 6772 zfs_ioctl_init(); 6773 6774 if ((error = mod_install(&modlinkage)) != 0) { 6775 zvol_fini(); 6776 zfs_fini(); 6777 spa_fini(); 6778 return (error); 6779 } 6780 6781 tsd_create(&zfs_fsyncer_key, NULL); 6782 tsd_create(&zfs_putpages_key, NULL); 6783 tsd_create(&rrw_tsd_key, rrw_tsd_destroy); 6784 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy); 6785 6786 error = ldi_ident_from_mod(&modlinkage, &zfs_li); 6787 ASSERT(error == 0); 6788 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL); 6789 6790 return (0); 6791 } 6792 6793 int 6794 _fini(void) 6795 { 6796 int error; 6797 6798 if (spa_busy() || zfs_busy() || zvol_busy() || zio_injection_enabled) 6799 return (SET_ERROR(EBUSY)); 6800 6801 if ((error = mod_remove(&modlinkage)) != 0) 6802 return (error); 6803 6804 zvol_fini(); 6805 zfs_fini(); 6806 spa_fini(); 6807 if (zfs_nfsshare_inited) 6808 (void) ddi_modclose(nfs_mod); 6809 if (zfs_smbshare_inited) 6810 (void) ddi_modclose(smbsrv_mod); 6811 if (zfs_nfsshare_inited || zfs_smbshare_inited) 6812 (void) ddi_modclose(sharefs_mod); 6813 6814 tsd_destroy(&zfs_fsyncer_key); 6815 ldi_ident_release(zfs_li); 6816 zfs_li = NULL; 6817 mutex_destroy(&zfs_share_lock); 6818 6819 return (error); 6820 } 6821 6822 int 6823 _info(struct modinfo *modinfop) 6824 { 6825 return (mod_info(&modlinkage, modinfop)); 6826 } 6827 #endif /* illumos */ 6828 6829 #ifdef __FreeBSD__ 6830 static struct cdevsw zfs_cdevsw = { 6831 .d_version = D_VERSION, 6832 .d_open = zfsdev_open, 6833 .d_ioctl = zfsdev_ioctl, 6834 .d_name = ZFS_DEV_NAME 6835 }; 6836 6837 static void 6838 zfsdev_init(void) 6839 { 6840 zfsdev = make_dev(&zfs_cdevsw, 0x0, UID_ROOT, GID_OPERATOR, 0666, 6841 ZFS_DEV_NAME); 6842 } 6843 6844 static void 6845 zfsdev_fini(void) 6846 { 6847 if (zfsdev != NULL) 6848 destroy_dev(zfsdev); 6849 } 6850 6851 static struct root_hold_token *zfs_root_token; 6852 struct proc *zfsproc; 6853 6854 static int zfs__init(void); 6855 static int zfs__fini(void); 6856 static void zfs_shutdown(void *, int); 6857 6858 static eventhandler_tag zfs_shutdown_event_tag; 6859 6860 #define ZFS_MIN_KSTACK_PAGES 4 6861 6862 int 6863 zfs__init(void) 6864 { 6865 6866 #if KSTACK_PAGES < ZFS_MIN_KSTACK_PAGES 6867 printf("ZFS NOTICE: KSTACK_PAGES is %d which could result in stack " 6868 "overflow panic!\nPlease consider adding " 6869 "'options KSTACK_PAGES=%d' to your kernel config\n", KSTACK_PAGES, 6870 ZFS_MIN_KSTACK_PAGES); 6871 #endif 6872 zfs_root_token = root_mount_hold("ZFS"); 6873 6874 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL); 6875 6876 spa_init(FREAD | FWRITE); 6877 zfs_init(); 6878 zvol_init(); 6879 zfs_ioctl_init(); 6880 6881 tsd_create(&zfs_fsyncer_key, NULL); 6882 tsd_create(&rrw_tsd_key, rrw_tsd_destroy); 6883 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy); 6884 tsd_create(&zfs_geom_probe_vdev_key, NULL); 6885 6886 printf("ZFS storage pool version: features support (" SPA_VERSION_STRING ")\n"); 6887 root_mount_rel(zfs_root_token); 6888 6889 zfsdev_init(); 6890 6891 return (0); 6892 } 6893 6894 int 6895 zfs__fini(void) 6896 { 6897 if (spa_busy() || zfs_busy() || zvol_busy() || 6898 zio_injection_enabled) { 6899 return (EBUSY); 6900 } 6901 6902 zfsdev_fini(); 6903 zvol_fini(); 6904 zfs_fini(); 6905 spa_fini(); 6906 6907 tsd_destroy(&zfs_fsyncer_key); 6908 tsd_destroy(&rrw_tsd_key); 6909 tsd_destroy(&zfs_allow_log_key); 6910 6911 mutex_destroy(&zfs_share_lock); 6912 6913 return (0); 6914 } 6915 6916 static void 6917 zfs_shutdown(void *arg __unused, int howto __unused) 6918 { 6919 6920 /* 6921 * ZFS fini routines can not properly work in a panic-ed system. 6922 */ 6923 if (panicstr == NULL) 6924 (void)zfs__fini(); 6925 } 6926 6927 6928 static int 6929 zfs_modevent(module_t mod, int type, void *unused __unused) 6930 { 6931 int err; 6932 6933 switch (type) { 6934 case MOD_LOAD: 6935 err = zfs__init(); 6936 if (err == 0) 6937 zfs_shutdown_event_tag = EVENTHANDLER_REGISTER( 6938 shutdown_post_sync, zfs_shutdown, NULL, 6939 SHUTDOWN_PRI_FIRST); 6940 return (err); 6941 case MOD_UNLOAD: 6942 err = zfs__fini(); 6943 if (err == 0 && zfs_shutdown_event_tag != NULL) 6944 EVENTHANDLER_DEREGISTER(shutdown_post_sync, 6945 zfs_shutdown_event_tag); 6946 return (err); 6947 case MOD_SHUTDOWN: 6948 return (0); 6949 default: 6950 break; 6951 } 6952 return (EOPNOTSUPP); 6953 } 6954 6955 static moduledata_t zfs_mod = { 6956 "zfsctrl", 6957 zfs_modevent, 6958 0 6959 }; 6960 DECLARE_MODULE(zfsctrl, zfs_mod, SI_SUB_VFS, SI_ORDER_ANY); 6961 MODULE_VERSION(zfsctrl, 1); 6962 MODULE_DEPEND(zfsctrl, opensolaris, 1, 1, 1); 6963 MODULE_DEPEND(zfsctrl, krpc, 1, 1, 1); 6964 MODULE_DEPEND(zfsctrl, acl_nfs4, 1, 1, 1); 6965 6966 #endif /* __FreeBSD__ */ 6967 6968 #ifdef __NetBSD__ 6969 6970 #include <sys/module.h> 6971 #include <uvm/uvm_extern.h> 6972 6973 MODULE(MODULE_CLASS_DRIVER, zfs, "solaris"); 6974 6975 static int 6976 nb_zfsdev_copen(dev_t dev, int flag, int mode, lwp_t *l) 6977 { 6978 6979 return zfsdev_open(&dev, flag, OTYPCHR, kauth_cred_get()); 6980 } 6981 6982 static int 6983 nb_zfsdev_cclose(dev_t dev, int flag, int mode, lwp_t *l) 6984 { 6985 6986 return zfsdev_close(dev, flag, OTYPCHR, kauth_cred_get()); 6987 } 6988 6989 static int 6990 nb_zfsdev_bopen(dev_t dev, int flag, int mode, lwp_t *l) 6991 { 6992 6993 return zfsdev_open(&dev, flag, OTYPBLK, kauth_cred_get()); 6994 } 6995 6996 static int 6997 nb_zfsdev_bclose(dev_t dev, int flag, int mode, lwp_t *l) 6998 { 6999 7000 return zfsdev_close(dev, flag, OTYPBLK, kauth_cred_get()); 7001 } 7002 7003 static int 7004 nb_zvol_read(dev_t dev, struct uio *uio, int flag) 7005 { 7006 7007 return zvol_read(dev, uio, kauth_cred_get()); 7008 } 7009 7010 static int 7011 nb_zvol_write(dev_t dev, struct uio *uio, int flag) 7012 { 7013 7014 return zvol_write(dev, uio, kauth_cred_get()); 7015 } 7016 7017 static int 7018 nb_zfsdev_ioctl(dev_t dev, u_long cmd, void *argp, int flag, lwp_t *l) 7019 { 7020 int rval; 7021 7022 return zfsdev_ioctl(dev, cmd, (intptr_t)argp, flag, kauth_cred_get(), 7023 &rval); 7024 } 7025 7026 static void 7027 nb_zvol_strategy(struct buf *bp) 7028 { 7029 7030 (void) zvol_strategy(bp); 7031 } 7032 7033 const struct bdevsw zfs_bdevsw = { 7034 .d_open = nb_zfsdev_bopen, 7035 .d_close = nb_zfsdev_bclose, 7036 .d_strategy = nb_zvol_strategy, 7037 .d_ioctl = nb_zfsdev_ioctl, 7038 .d_dump = nodump, 7039 .d_psize = nosize, 7040 .d_flag = D_DISK | D_MPSAFE 7041 }; 7042 7043 const struct cdevsw zfs_cdevsw = { 7044 .d_open = nb_zfsdev_copen, 7045 .d_close = nb_zfsdev_cclose, 7046 .d_read = nb_zvol_read, 7047 .d_write = nb_zvol_write, 7048 .d_ioctl = nb_zfsdev_ioctl, 7049 .d_stop = nostop, 7050 .d_tty = notty, 7051 .d_poll = nopoll, 7052 .d_mmap = nommap, 7053 .d_kqfilter = nokqfilter, 7054 .d_flag = D_DISK | D_MPSAFE 7055 }; 7056 7057 /* ZFS should only be used on systems with enough memory. */ 7058 #define ZFS_MIN_MEGS 512 7059 7060 static int zfs_version_ioctl = ZFS_IOCVER_CURRENT; 7061 static int zfs_version_spa = SPA_VERSION; 7062 static struct sysctllog *zfs_sysctl_log; 7063 7064 static void 7065 zfs_sysctl_init(void) 7066 { 7067 const struct sysctlnode *rnode; 7068 7069 sysctl_createv(&zfs_sysctl_log, 0, NULL, &rnode, 7070 CTLFLAG_PERMANENT, 7071 CTLTYPE_NODE, "zfs", 7072 SYSCTL_DESCR("zfs"), 7073 NULL, 0, NULL, 0, 7074 CTL_VFS, CTL_CREATE, CTL_EOL); 7075 7076 sysctl_createv(&zfs_sysctl_log, 0, &rnode, &rnode, 7077 CTLFLAG_PERMANENT, 7078 CTLTYPE_NODE, "version", 7079 SYSCTL_DESCR("version"), 7080 NULL, 0, NULL, 0, 7081 CTL_CREATE, CTL_EOL); 7082 7083 sysctl_createv(&zfs_sysctl_log, 0, &rnode, NULL, 7084 CTLFLAG_PERMANENT|CTLFLAG_READONLY, 7085 CTLTYPE_INT, "ioctl", 7086 SYSCTL_DESCR("ZFS ioctl version"), 7087 NULL, 0, &zfs_version_ioctl, 0, 7088 CTL_CREATE, CTL_EOL); 7089 7090 sysctl_createv(&zfs_sysctl_log, 0, &rnode, NULL, 7091 CTLFLAG_PERMANENT|CTLFLAG_READONLY, 7092 CTLTYPE_INT, "spa", 7093 SYSCTL_DESCR("ZFS SPA version"), 7094 NULL, 0, &zfs_version_spa, 0, 7095 CTL_CREATE, CTL_EOL); 7096 } 7097 7098 static void 7099 zfs_sysctl_fini(void) 7100 { 7101 7102 sysctl_teardown(&zfs_sysctl_log); 7103 } 7104 7105 7106 static void 7107 zfs_loadvnode_destroy(void *arg) 7108 { 7109 7110 if (arg != NULL) 7111 panic("thread exiting with TSD loadvnode data %p", arg); 7112 } 7113 7114 static int 7115 zfs_modcmd(modcmd_t cmd, void *arg) 7116 { 7117 int error; 7118 int active, inactive; 7119 uint64_t availrmem; 7120 7121 extern struct vfsops zfs_vfsops; 7122 extern uint_t zfs_loadvnode_key; 7123 extern uint_t zfs_putpage_key; 7124 7125 switch (cmd) { 7126 case MODULE_CMD_INIT: 7127 if (!rootvnode) 7128 return EAGAIN; 7129 7130 /* XXXNETBSD trim is not supported yet */ 7131 zfs_trim_enabled = B_FALSE; 7132 7133 printf("WARNING: ZFS on NetBSD is under development\n"); 7134 availrmem = (uint64_t)physmem * PAGE_SIZE / 1048576; 7135 if (availrmem < ZFS_MIN_MEGS * 80 / 100) { 7136 printf("ERROR: at least %dMB of memory required to " 7137 "use ZFS\n", ZFS_MIN_MEGS); 7138 return ENOMEM; 7139 } 7140 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL); 7141 mutex_init(&zfs_debug_mtx, NULL, MUTEX_DEFAULT, NULL); 7142 7143 tsd_create(&zfs_fsyncer_key, NULL); 7144 tsd_create(&rrw_tsd_key, rrw_tsd_destroy); 7145 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy); 7146 tsd_create(&zfs_loadvnode_key, zfs_loadvnode_destroy); 7147 tsd_create(&zfs_putpage_key, NULL); 7148 7149 spa_init(FREAD | FWRITE); 7150 zfs_init(); 7151 zvol_init(); 7152 zfs_ioctl_init(); 7153 zfs_sysctl_init(); 7154 7155 error = devsw_attach("zfs", &zfs_bdevsw, &zfs_bmajor, 7156 &zfs_cdevsw, &zfs_cmajor); 7157 if (error != 0) { 7158 goto attacherr; 7159 } 7160 (void) vfs_attach(&zfs_vfsops); 7161 return error; 7162 7163 case MODULE_CMD_FINI: 7164 if (spa_busy() || zfs_busy() || zvol_busy() || 7165 zio_injection_enabled) 7166 return EBUSY; 7167 7168 error = vfs_detach(&zfs_vfsops); 7169 if (error) 7170 return error; 7171 7172 (void) devsw_detach(&zfs_bdevsw, &zfs_cdevsw); 7173 7174 attacherr: 7175 zfs_sysctl_fini(); 7176 zvol_fini(); 7177 zfs_fini(); 7178 spa_fini(); 7179 7180 tsd_destroy(&zfs_putpage_key); 7181 tsd_destroy(&zfs_loadvnode_key); 7182 tsd_destroy(&zfs_fsyncer_key); 7183 tsd_destroy(&rrw_tsd_key); 7184 tsd_destroy(&zfs_allow_log_key); 7185 7186 mutex_destroy(&zfs_debug_mtx); 7187 mutex_destroy(&zfs_share_lock); 7188 7189 return error; 7190 7191 case MODULE_CMD_AUTOUNLOAD: 7192 /* 7193 * We don't want to be autounloaded because unlike 7194 * other subsystems, we read our own configuration 7195 * from disk and provide things that might be used 7196 * later (zvols). 7197 */ 7198 return EBUSY; 7199 7200 default: 7201 return ENOTTY; 7202 } 7203 } 7204 7205 #endif /* __NetBSD__ */ 7206