4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
23 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Portions Copyright 2011 Martin Matuska
25 * Portions Copyright 2012 Pawel Jakub Dawidek <pawel@dawidek.net>
26 * Copyright (c) 2012, Joyent, Inc. All rights reserved.
27 * Copyright 2011 Nexenta Systems, Inc. All rights reserved.
28 * Copyright (c) 2012, Joyent, Inc. All rights reserved.
29 * Copyright (c) 201i3 by Delphix. All rights reserved.
30 * Copyright (c) 2013 by Saso Kiselkov. All rights reserved.
36 * This file handles the ioctls to /dev/zfs, used for configuring ZFS storage
37 * pools and filesystems, e.g. with /sbin/zfs and /sbin/zpool.
39 * There are two ways that we handle ioctls: the legacy way where almost
40 * all of the logic is in the ioctl callback, and the new way where most
41 * of the marshalling is handled in the common entry point, zfsdev_ioctl().
43 * Non-legacy ioctls should be registered by calling
44 * zfs_ioctl_register() from zfs_ioctl_init(). The ioctl is invoked
45 * from userland by lzc_ioctl().
47 * The registration arguments are as follows:
50 * The name of the ioctl. This is used for history logging. If the
51 * ioctl returns successfully (the callback returns 0), and allow_log
52 * is true, then a history log entry will be recorded with the input &
53 * output nvlists. The log entry can be printed with "zpool history -i".
56 * The ioctl request number, which userland will pass to ioctl(2).
57 * The ioctl numbers can change from release to release, because
58 * the caller (libzfs) must be matched to the kernel.
60 * zfs_secpolicy_func_t *secpolicy
61 * This function will be called before the zfs_ioc_func_t, to
62 * determine if this operation is permitted. It should return EPERM
63 * on failure, and 0 on success. Checks include determining if the
64 * dataset is visible in this zone, and if the user has either all
65 * zfs privileges in the zone (SYS_MOUNT), or has been granted permission
66 * to do this operation on this dataset with "zfs allow".
68 * zfs_ioc_namecheck_t namecheck
69 * This specifies what to expect in the zfs_cmd_t:zc_name -- a pool
70 * name, a dataset name, or nothing. If the name is not well-formed,
71 * the ioctl will fail and the callback will not be called.
72 * Therefore, the callback can assume that the name is well-formed
73 * (e.g. is null-terminated, doesn't have more than one '@' character,
74 * doesn't have invalid characters).
76 * zfs_ioc_poolcheck_t pool_check
77 * This specifies requirements on the pool state. If the pool does
78 * not meet them (is suspended or is readonly), the ioctl will fail
79 * and the callback will not be called. If any checks are specified
80 * (i.e. it is not POOL_CHECK_NONE), namecheck must not be NO_NAME.
81 * Multiple checks can be or-ed together (e.g. POOL_CHECK_SUSPENDED |
82 * POOL_CHECK_READONLY).
84 * boolean_t smush_outnvlist
85 * If smush_outnvlist is true, then the output is presumed to be a
86 * list of errors, and it will be "smushed" down to fit into the
87 * caller's buffer, by removing some entries and replacing them with a
88 * single "N_MORE_ERRORS" entry indicating how many were removed. See
89 * nvlist_smush() for details. If smush_outnvlist is false, and the
90 * outnvlist does not fit into the userland-provided buffer, then the
91 * ioctl will fail with ENOMEM.
93 * zfs_ioc_func_t *func
94 * The callback function that will perform the operation.
96 * The callback should return 0 on success, or an error number on
97 * failure. If the function fails, the userland ioctl will return -1,
98 * and errno will be set to the callback's return value. The callback
99 * will be called with the following arguments:
102 * The name of the pool or dataset to operate on, from
103 * zfs_cmd_t:zc_name. The 'namecheck' argument specifies the
104 * expected type (pool, dataset, or none).
107 * The input nvlist, deserialized from zfs_cmd_t:zc_nvlist_src. Or
108 * NULL if no input nvlist was provided. Changes to this nvlist are
109 * ignored. If the input nvlist could not be deserialized, the
110 * ioctl will fail and the callback will not be called.
113 * The output nvlist, initially empty. The callback can fill it in,
114 * and it will be returned to userland by serializing it into
115 * zfs_cmd_t:zc_nvlist_dst. If it is non-empty, and serialization
116 * fails (e.g. because the caller didn't supply a large enough
117 * buffer), then the overall ioctl will fail. See the
118 * 'smush_nvlist' argument above for additional behaviors.
120 * There are two typical uses of the output nvlist:
121 * - To return state, e.g. property values. In this case,
122 * smush_outnvlist should be false. If the buffer was not large
123 * enough, the caller will reallocate a larger buffer and try
126 * - To return multiple errors from an ioctl which makes on-disk
127 * changes. In this case, smush_outnvlist should be true.
128 * Ioctls which make on-disk modifications should generally not
129 * use the outnvl if they succeed, because the caller can not
130 * distinguish between the operation failing, and
131 * deserialization failing.
134 #include <sys/types.h>
135 #include <sys/param.h>
136 #include <sys/errno.h>
139 #include <sys/modctl.h>
140 #include <sys/open.h>
141 #include <sys/file.h>
142 #include <sys/kmem.h>
143 #include <sys/conf.h>
144 #include <sys/cmn_err.h>
145 #include <sys/stat.h>
146 #include <sys/zfs_ioctl.h>
147 #include <sys/zfs_vfsops.h>
148 #include <sys/zfs_znode.h>
151 #include <sys/spa_impl.h>
152 #include <sys/vdev.h>
153 #include <sys/priv_impl.h>
155 #include <sys/dsl_dir.h>
156 #include <sys/dsl_dataset.h>
157 #include <sys/dsl_prop.h>
158 #include <sys/dsl_deleg.h>
159 #include <sys/dmu_objset.h>
160 #include <sys/dmu_impl.h>
161 #include <sys/dmu_tx.h>
163 #include <sys/sunddi.h>
164 #include <sys/sunldi.h>
165 #include <sys/policy.h>
166 #include <sys/zone.h>
167 #include <sys/nvpair.h>
168 #include <sys/pathname.h>
169 #include <sys/mount.h>
171 #include <sys/fs/zfs.h>
172 #include <sys/zfs_ctldir.h>
173 #include <sys/zfs_dir.h>
174 #include <sys/zfs_onexit.h>
175 #include <sys/zvol.h>
176 #include <sys/dsl_scan.h>
177 #include <sharefs/share.h>
178 #include <sys/fm/util.h>
180 #include <sys/dmu_send.h>
181 #include <sys/dsl_destroy.h>
182 #include <sys/dsl_userhold.h>
183 #include <sys/zfeature.h>
185 #include <linux/miscdevice.h>
187 #include "zfs_namecheck.h"
188 #include "zfs_prop.h"
189 #include "zfs_deleg.h"
190 #include "zfs_comutil.h"
192 kmutex_t zfsdev_state_lock;
193 list_t zfsdev_state_list;
195 extern void zfs_init(void);
196 extern void zfs_fini(void);
198 uint_t zfs_fsyncer_key;
199 extern uint_t rrw_tsd_key;
200 static uint_t zfs_allow_log_key;
202 typedef int zfs_ioc_legacy_func_t(zfs_cmd_t *);
203 typedef int zfs_ioc_func_t(const char *, nvlist_t *, nvlist_t *);
204 typedef int zfs_secpolicy_func_t(zfs_cmd_t *, nvlist_t *, cred_t *);
210 } zfs_ioc_namecheck_t;
213 POOL_CHECK_NONE = 1 << 0,
214 POOL_CHECK_SUSPENDED = 1 << 1,
215 POOL_CHECK_READONLY = 1 << 2,
216 } zfs_ioc_poolcheck_t;
218 typedef struct zfs_ioc_vec {
219 zfs_ioc_legacy_func_t *zvec_legacy_func;
220 zfs_ioc_func_t *zvec_func;
221 zfs_secpolicy_func_t *zvec_secpolicy;
222 zfs_ioc_namecheck_t zvec_namecheck;
223 boolean_t zvec_allow_log;
224 zfs_ioc_poolcheck_t zvec_pool_check;
225 boolean_t zvec_smush_outnvlist;
226 const char *zvec_name;
229 /* This array is indexed by zfs_userquota_prop_t */
230 static const char *userquota_perms[] = {
231 ZFS_DELEG_PERM_USERUSED,
232 ZFS_DELEG_PERM_USERQUOTA,
233 ZFS_DELEG_PERM_GROUPUSED,
234 ZFS_DELEG_PERM_GROUPQUOTA,
237 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc);
238 static int zfs_check_settable(const char *name, nvpair_t *property,
240 static int zfs_check_clearable(char *dataset, nvlist_t *props,
242 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *,
244 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t *);
245 static int get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp);
247 static int zfs_prop_activate_feature(spa_t *spa, zfeature_info_t *feature);
250 history_str_free(char *buf)
252 kmem_free(buf, HIS_MAX_RECORD_LEN);
256 history_str_get(zfs_cmd_t *zc)
260 if (zc->zc_history == 0)
263 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP | KM_NODEBUG);
264 if (copyinstr((void *)(uintptr_t)zc->zc_history,
265 buf, HIS_MAX_RECORD_LEN, NULL) != 0) {
266 history_str_free(buf);
270 buf[HIS_MAX_RECORD_LEN -1] = '\0';
276 * Check to see if the named dataset is currently defined as bootable
279 zfs_is_bootfs(const char *name)
283 if (dmu_objset_hold(name, FTAG, &os) == 0) {
285 ret = (dmu_objset_id(os) == spa_bootfs(dmu_objset_spa(os)));
286 dmu_objset_rele(os, FTAG);
293 * zfs_earlier_version
295 * Return non-zero if the spa version is less than requested version.
298 zfs_earlier_version(const char *name, int version)
302 if (spa_open(name, &spa, FTAG) == 0) {
303 if (spa_version(spa) < version) {
304 spa_close(spa, FTAG);
307 spa_close(spa, FTAG);
313 * zpl_earlier_version
315 * Return TRUE if the ZPL version is less than requested version.
318 zpl_earlier_version(const char *name, int version)
321 boolean_t rc = B_TRUE;
323 if (dmu_objset_hold(name, FTAG, &os) == 0) {
326 if (dmu_objset_type(os) != DMU_OST_ZFS) {
327 dmu_objset_rele(os, FTAG);
330 /* XXX reading from non-owned objset */
331 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0)
332 rc = zplversion < version;
333 dmu_objset_rele(os, FTAG);
339 zfs_log_history(zfs_cmd_t *zc)
344 if ((buf = history_str_get(zc)) == NULL)
347 if (spa_open(zc->zc_name, &spa, FTAG) == 0) {
348 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY)
349 (void) spa_history_log(spa, buf);
350 spa_close(spa, FTAG);
352 history_str_free(buf);
356 * Policy for top-level read operations (list pools). Requires no privileges,
357 * and can be used in the local zone, as there is no associated dataset.
361 zfs_secpolicy_none(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
367 * Policy for dataset read operations (list children, get statistics). Requires
368 * no privileges, but must be visible in the local zone.
372 zfs_secpolicy_read(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
374 if (INGLOBALZONE(curproc) ||
375 zone_dataset_visible(zc->zc_name, NULL))
378 return (SET_ERROR(ENOENT));
382 zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr)
387 * The dataset must be visible by this zone -- check this first
388 * so they don't see EPERM on something they shouldn't know about.
390 if (!INGLOBALZONE(curproc) &&
391 !zone_dataset_visible(dataset, &writable))
392 return (SET_ERROR(ENOENT));
394 if (INGLOBALZONE(curproc)) {
396 * If the fs is zoned, only root can access it from the
399 if (secpolicy_zfs(cr) && zoned)
400 return (SET_ERROR(EPERM));
403 * If we are in a local zone, the 'zoned' property must be set.
406 return (SET_ERROR(EPERM));
408 /* must be writable by this zone */
410 return (SET_ERROR(EPERM));
416 zfs_dozonecheck(const char *dataset, cred_t *cr)
420 if (dsl_prop_get_integer(dataset, "zoned", &zoned, NULL))
421 return (SET_ERROR(ENOENT));
423 return (zfs_dozonecheck_impl(dataset, zoned, cr));
427 zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr)
431 if (dsl_prop_get_int_ds(ds, "zoned", &zoned))
432 return (SET_ERROR(ENOENT));
434 return (zfs_dozonecheck_impl(dataset, zoned, cr));
438 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds,
439 const char *perm, cred_t *cr)
443 error = zfs_dozonecheck_ds(name, ds, cr);
445 error = secpolicy_zfs(cr);
447 error = dsl_deleg_access_impl(ds, perm, cr);
453 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
459 error = dsl_pool_hold(name, FTAG, &dp);
463 error = dsl_dataset_hold(dp, name, FTAG, &ds);
465 dsl_pool_rele(dp, FTAG);
469 error = zfs_secpolicy_write_perms_ds(name, ds, perm, cr);
471 dsl_dataset_rele(ds, FTAG);
472 dsl_pool_rele(dp, FTAG);
477 * Policy for setting the security label property.
479 * Returns 0 for success, non-zero for access and other errors.
482 zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr)
485 char ds_hexsl[MAXNAMELEN];
486 bslabel_t ds_sl, new_sl;
487 boolean_t new_default = FALSE;
489 int needed_priv = -1;
492 /* First get the existing dataset label. */
493 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL),
494 1, sizeof (ds_hexsl), &ds_hexsl, NULL);
496 return (SET_ERROR(EPERM));
498 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0)
501 /* The label must be translatable */
502 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0))
503 return (SET_ERROR(EINVAL));
506 * In a non-global zone, disallow attempts to set a label that
507 * doesn't match that of the zone; otherwise no other checks
510 if (!INGLOBALZONE(curproc)) {
511 if (new_default || !blequal(&new_sl, CR_SL(CRED())))
512 return (SET_ERROR(EPERM));
517 * For global-zone datasets (i.e., those whose zoned property is
518 * "off", verify that the specified new label is valid for the
521 if (dsl_prop_get_integer(name,
522 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL))
523 return (SET_ERROR(EPERM));
525 if (zfs_check_global_label(name, strval) != 0)
526 return (SET_ERROR(EPERM));
530 * If the existing dataset label is nondefault, check if the
531 * dataset is mounted (label cannot be changed while mounted).
532 * Get the zfs_sb_t; if there isn't one, then the dataset isn't
533 * mounted (or isn't a dataset, doesn't exist, ...).
535 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) {
537 static char *setsl_tag = "setsl_tag";
540 * Try to own the dataset; abort if there is any error,
541 * (e.g., already mounted, in use, or other error).
543 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE,
546 return (SET_ERROR(EPERM));
548 dmu_objset_disown(os, setsl_tag);
551 needed_priv = PRIV_FILE_DOWNGRADE_SL;
555 if (hexstr_to_label(strval, &new_sl) != 0)
556 return (SET_ERROR(EPERM));
558 if (blstrictdom(&ds_sl, &new_sl))
559 needed_priv = PRIV_FILE_DOWNGRADE_SL;
560 else if (blstrictdom(&new_sl, &ds_sl))
561 needed_priv = PRIV_FILE_UPGRADE_SL;
563 /* dataset currently has a default label */
565 needed_priv = PRIV_FILE_UPGRADE_SL;
569 if (needed_priv != -1)
570 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL));
574 #endif /* HAVE_MLSLABEL */
578 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval,
584 * Check permissions for special properties.
591 * Disallow setting of 'zoned' from within a local zone.
593 if (!INGLOBALZONE(curproc))
594 return (SET_ERROR(EPERM));
598 if (!INGLOBALZONE(curproc)) {
600 char setpoint[MAXNAMELEN];
602 * Unprivileged users are allowed to modify the
603 * quota on things *under* (ie. contained by)
604 * the thing they own.
606 if (dsl_prop_get_integer(dsname, "zoned", &zoned,
608 return (SET_ERROR(EPERM));
609 if (!zoned || strlen(dsname) <= strlen(setpoint))
610 return (SET_ERROR(EPERM));
614 case ZFS_PROP_MLSLABEL:
615 if (!is_system_labeled())
616 return (SET_ERROR(EPERM));
618 if (nvpair_value_string(propval, &strval) == 0) {
621 err = zfs_set_slabel_policy(dsname, strval, CRED());
628 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr));
633 zfs_secpolicy_set_fsacl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
637 error = zfs_dozonecheck(zc->zc_name, cr);
642 * permission to set permissions will be evaluated later in
643 * dsl_deleg_can_allow()
650 zfs_secpolicy_rollback(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
652 return (zfs_secpolicy_write_perms(zc->zc_name,
653 ZFS_DELEG_PERM_ROLLBACK, cr));
658 zfs_secpolicy_send(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
666 * Generate the current snapshot name from the given objsetid, then
667 * use that name for the secpolicy/zone checks.
669 cp = strchr(zc->zc_name, '@');
671 return (SET_ERROR(EINVAL));
672 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
676 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
678 dsl_pool_rele(dp, FTAG);
682 dsl_dataset_name(ds, zc->zc_name);
684 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds,
685 ZFS_DELEG_PERM_SEND, cr);
686 dsl_dataset_rele(ds, FTAG);
687 dsl_pool_rele(dp, FTAG);
694 zfs_secpolicy_send_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
696 return (zfs_secpolicy_write_perms(zc->zc_name,
697 ZFS_DELEG_PERM_SEND, cr));
700 #ifdef HAVE_SMB_SHARE
703 zfs_secpolicy_deleg_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
708 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
709 NO_FOLLOW, NULL, &vp)) != 0)
712 /* Now make sure mntpnt and dataset are ZFS */
714 if (vp->v_vfsp->vfs_fstype != zfsfstype ||
715 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
716 zc->zc_name) != 0)) {
718 return (SET_ERROR(EPERM));
722 return (dsl_deleg_access(zc->zc_name,
723 ZFS_DELEG_PERM_SHARE, cr));
725 #endif /* HAVE_SMB_SHARE */
728 zfs_secpolicy_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
730 #ifdef HAVE_SMB_SHARE
731 if (!INGLOBALZONE(curproc))
732 return (SET_ERROR(EPERM));
734 if (secpolicy_nfs(cr) == 0) {
737 return (zfs_secpolicy_deleg_share(zc, innvl, cr));
740 return (SET_ERROR(ENOTSUP));
741 #endif /* HAVE_SMB_SHARE */
745 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
747 #ifdef HAVE_SMB_SHARE
748 if (!INGLOBALZONE(curproc))
749 return (SET_ERROR(EPERM));
751 if (secpolicy_smb(cr) == 0) {
754 return (zfs_secpolicy_deleg_share(zc, innvl, cr));
757 return (SET_ERROR(ENOTSUP));
758 #endif /* HAVE_SMB_SHARE */
762 zfs_get_parent(const char *datasetname, char *parent, int parentsize)
767 * Remove the @bla or /bla from the end of the name to get the parent.
769 (void) strncpy(parent, datasetname, parentsize);
770 cp = strrchr(parent, '@');
774 cp = strrchr(parent, '/');
776 return (SET_ERROR(ENOENT));
784 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr)
788 if ((error = zfs_secpolicy_write_perms(name,
789 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
792 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr));
797 zfs_secpolicy_destroy(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
799 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr));
803 * Destroying snapshots with delegated permissions requires
804 * descendant mount and destroy permissions.
808 zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
811 nvpair_t *pair, *nextpair;
814 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
815 return (SET_ERROR(EINVAL));
816 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
821 error = dsl_pool_hold(nvpair_name(pair), FTAG, &dp);
824 nextpair = nvlist_next_nvpair(snaps, pair);
825 error = dsl_dataset_hold(dp, nvpair_name(pair), FTAG, &ds);
827 dsl_dataset_rele(ds, FTAG);
828 dsl_pool_rele(dp, FTAG);
831 error = zfs_secpolicy_destroy_perms(nvpair_name(pair),
833 } else if (error == ENOENT) {
835 * Ignore any snapshots that don't exist (we consider
836 * them "already destroyed"). Remove the name from the
837 * nvl here in case the snapshot is created between
838 * now and when we try to destroy it (in which case
839 * we don't want to destroy it since we haven't
840 * checked for permission).
842 fnvlist_remove_nvpair(snaps, pair);
853 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr)
855 char parentname[MAXNAMELEN];
858 if ((error = zfs_secpolicy_write_perms(from,
859 ZFS_DELEG_PERM_RENAME, cr)) != 0)
862 if ((error = zfs_secpolicy_write_perms(from,
863 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
866 if ((error = zfs_get_parent(to, parentname,
867 sizeof (parentname))) != 0)
870 if ((error = zfs_secpolicy_write_perms(parentname,
871 ZFS_DELEG_PERM_CREATE, cr)) != 0)
874 if ((error = zfs_secpolicy_write_perms(parentname,
875 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
883 zfs_secpolicy_rename(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
885 return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr));
890 zfs_secpolicy_promote(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
893 dsl_dataset_t *clone;
896 error = zfs_secpolicy_write_perms(zc->zc_name,
897 ZFS_DELEG_PERM_PROMOTE, cr);
901 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
905 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &clone);
908 char parentname[MAXNAMELEN];
909 dsl_dataset_t *origin = NULL;
913 error = dsl_dataset_hold_obj(dd->dd_pool,
914 dd->dd_phys->dd_origin_obj, FTAG, &origin);
916 dsl_dataset_rele(clone, FTAG);
917 dsl_pool_rele(dp, FTAG);
921 error = zfs_secpolicy_write_perms_ds(zc->zc_name, clone,
922 ZFS_DELEG_PERM_MOUNT, cr);
924 dsl_dataset_name(origin, parentname);
926 error = zfs_secpolicy_write_perms_ds(parentname, origin,
927 ZFS_DELEG_PERM_PROMOTE, cr);
929 dsl_dataset_rele(clone, FTAG);
930 dsl_dataset_rele(origin, FTAG);
932 dsl_pool_rele(dp, FTAG);
938 zfs_secpolicy_recv(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
942 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
943 ZFS_DELEG_PERM_RECEIVE, cr)) != 0)
946 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
947 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
950 return (zfs_secpolicy_write_perms(zc->zc_name,
951 ZFS_DELEG_PERM_CREATE, cr));
955 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr)
957 return (zfs_secpolicy_write_perms(name,
958 ZFS_DELEG_PERM_SNAPSHOT, cr));
962 * Check for permission to create each snapshot in the nvlist.
966 zfs_secpolicy_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
972 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
973 return (SET_ERROR(EINVAL));
974 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
975 pair = nvlist_next_nvpair(snaps, pair)) {
976 char *name = nvpair_name(pair);
977 char *atp = strchr(name, '@');
980 error = SET_ERROR(EINVAL);
984 error = zfs_secpolicy_snapshot_perms(name, cr);
994 zfs_secpolicy_log_history(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
997 * Even root must have a proper TSD so that we know what pool
1000 if (tsd_get(zfs_allow_log_key) == NULL)
1001 return (SET_ERROR(EPERM));
1006 zfs_secpolicy_create_clone(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1008 char parentname[MAXNAMELEN];
1012 if ((error = zfs_get_parent(zc->zc_name, parentname,
1013 sizeof (parentname))) != 0)
1016 if (nvlist_lookup_string(innvl, "origin", &origin) == 0 &&
1017 (error = zfs_secpolicy_write_perms(origin,
1018 ZFS_DELEG_PERM_CLONE, cr)) != 0)
1021 if ((error = zfs_secpolicy_write_perms(parentname,
1022 ZFS_DELEG_PERM_CREATE, cr)) != 0)
1025 return (zfs_secpolicy_write_perms(parentname,
1026 ZFS_DELEG_PERM_MOUNT, cr));
1030 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires
1031 * SYS_CONFIG privilege, which is not available in a local zone.
1035 zfs_secpolicy_config(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1037 if (secpolicy_sys_config(cr, B_FALSE) != 0)
1038 return (SET_ERROR(EPERM));
1044 * Policy for object to name lookups.
1048 zfs_secpolicy_diff(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1052 if ((error = secpolicy_sys_config(cr, B_FALSE)) == 0)
1055 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr);
1060 * Policy for fault injection. Requires all privileges.
1064 zfs_secpolicy_inject(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1066 return (secpolicy_zinject(cr));
1071 zfs_secpolicy_inherit_prop(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1073 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value);
1075 if (prop == ZPROP_INVAL) {
1076 if (!zfs_prop_user(zc->zc_value))
1077 return (SET_ERROR(EINVAL));
1078 return (zfs_secpolicy_write_perms(zc->zc_name,
1079 ZFS_DELEG_PERM_USERPROP, cr));
1081 return (zfs_secpolicy_setprop(zc->zc_name, prop,
1087 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1089 int err = zfs_secpolicy_read(zc, innvl, cr);
1093 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1094 return (SET_ERROR(EINVAL));
1096 if (zc->zc_value[0] == 0) {
1098 * They are asking about a posix uid/gid. If it's
1099 * themself, allow it.
1101 if (zc->zc_objset_type == ZFS_PROP_USERUSED ||
1102 zc->zc_objset_type == ZFS_PROP_USERQUOTA) {
1103 if (zc->zc_guid == crgetuid(cr))
1106 if (groupmember(zc->zc_guid, cr))
1111 return (zfs_secpolicy_write_perms(zc->zc_name,
1112 userquota_perms[zc->zc_objset_type], cr));
1116 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1118 int err = zfs_secpolicy_read(zc, innvl, cr);
1122 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1123 return (SET_ERROR(EINVAL));
1125 return (zfs_secpolicy_write_perms(zc->zc_name,
1126 userquota_perms[zc->zc_objset_type], cr));
1131 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1133 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION,
1139 zfs_secpolicy_hold(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1145 error = nvlist_lookup_nvlist(innvl, "holds", &holds);
1147 return (SET_ERROR(EINVAL));
1149 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL;
1150 pair = nvlist_next_nvpair(holds, pair)) {
1151 char fsname[MAXNAMELEN];
1152 error = dmu_fsname(nvpair_name(pair), fsname);
1155 error = zfs_secpolicy_write_perms(fsname,
1156 ZFS_DELEG_PERM_HOLD, cr);
1165 zfs_secpolicy_release(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1170 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL;
1171 pair = nvlist_next_nvpair(innvl, pair)) {
1172 char fsname[MAXNAMELEN];
1173 error = dmu_fsname(nvpair_name(pair), fsname);
1176 error = zfs_secpolicy_write_perms(fsname,
1177 ZFS_DELEG_PERM_RELEASE, cr);
1185 * Policy for allowing temporary snapshots to be taken or released
1188 zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1191 * A temporary snapshot is the same as a snapshot,
1192 * hold, destroy and release all rolled into one.
1193 * Delegated diff alone is sufficient that we allow this.
1197 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
1198 ZFS_DELEG_PERM_DIFF, cr)) == 0)
1201 error = zfs_secpolicy_snapshot_perms(zc->zc_name, cr);
1203 error = zfs_secpolicy_hold(zc, innvl, cr);
1205 error = zfs_secpolicy_release(zc, innvl, cr);
1207 error = zfs_secpolicy_destroy(zc, innvl, cr);
1212 * Returns the nvlist as specified by the user in the zfs_cmd_t.
1215 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp)
1219 nvlist_t *list = NULL;
1222 * Read in and unpack the user-supplied nvlist.
1225 return (SET_ERROR(EINVAL));
1227 packed = kmem_alloc(size, KM_SLEEP | KM_NODEBUG);
1229 if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size,
1231 kmem_free(packed, size);
1235 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) {
1236 kmem_free(packed, size);
1240 kmem_free(packed, size);
1247 * Reduce the size of this nvlist until it can be serialized in 'max' bytes.
1248 * Entries will be removed from the end of the nvlist, and one int32 entry
1249 * named "N_MORE_ERRORS" will be added indicating how many entries were
1253 nvlist_smush(nvlist_t *errors, size_t max)
1257 size = fnvlist_size(errors);
1260 nvpair_t *more_errors;
1264 return (SET_ERROR(ENOMEM));
1266 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, 0);
1267 more_errors = nvlist_prev_nvpair(errors, NULL);
1270 nvpair_t *pair = nvlist_prev_nvpair(errors,
1272 fnvlist_remove_nvpair(errors, pair);
1274 size = fnvlist_size(errors);
1275 } while (size > max);
1277 fnvlist_remove_nvpair(errors, more_errors);
1278 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, n);
1279 ASSERT3U(fnvlist_size(errors), <=, max);
1286 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl)
1288 char *packed = NULL;
1292 size = fnvlist_size(nvl);
1294 if (size > zc->zc_nvlist_dst_size) {
1295 error = SET_ERROR(ENOMEM);
1297 packed = fnvlist_pack(nvl, &size);
1298 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst,
1299 size, zc->zc_iflags) != 0)
1300 error = SET_ERROR(EFAULT);
1301 fnvlist_pack_free(packed, size);
1304 zc->zc_nvlist_dst_size = size;
1305 zc->zc_nvlist_dst_filled = B_TRUE;
1310 get_zfs_sb(const char *dsname, zfs_sb_t **zsbp)
1315 error = dmu_objset_hold(dsname, FTAG, &os);
1318 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1319 dmu_objset_rele(os, FTAG);
1320 return (SET_ERROR(EINVAL));
1323 mutex_enter(&os->os_user_ptr_lock);
1324 *zsbp = dmu_objset_get_user(os);
1325 if (*zsbp && (*zsbp)->z_sb) {
1326 atomic_inc(&((*zsbp)->z_sb->s_active));
1328 error = SET_ERROR(ESRCH);
1330 mutex_exit(&os->os_user_ptr_lock);
1331 dmu_objset_rele(os, FTAG);
1336 * Find a zfs_sb_t for a mounted filesystem, or create our own, in which
1337 * case its z_sb will be NULL, and it will be opened as the owner.
1338 * If 'writer' is set, the z_teardown_lock will be held for RW_WRITER,
1339 * which prevents all inode ops from running.
1342 zfs_sb_hold(const char *name, void *tag, zfs_sb_t **zsbp, boolean_t writer)
1346 if (get_zfs_sb(name, zsbp) != 0)
1347 error = zfs_sb_create(name, zsbp);
1349 rrw_enter(&(*zsbp)->z_teardown_lock, (writer) ? RW_WRITER :
1351 if ((*zsbp)->z_unmounted) {
1353 * XXX we could probably try again, since the unmounting
1354 * thread should be just about to disassociate the
1355 * objset from the zfsvfs.
1357 rrw_exit(&(*zsbp)->z_teardown_lock, tag);
1358 return (SET_ERROR(EBUSY));
1365 zfs_sb_rele(zfs_sb_t *zsb, void *tag)
1367 rrw_exit(&zsb->z_teardown_lock, tag);
1370 deactivate_super(zsb->z_sb);
1372 dmu_objset_disown(zsb->z_os, zsb);
1378 zfs_ioc_pool_create(zfs_cmd_t *zc)
1381 nvlist_t *config, *props = NULL;
1382 nvlist_t *rootprops = NULL;
1383 nvlist_t *zplprops = NULL;
1385 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1386 zc->zc_iflags, &config)))
1389 if (zc->zc_nvlist_src_size != 0 && (error =
1390 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1391 zc->zc_iflags, &props))) {
1392 nvlist_free(config);
1397 nvlist_t *nvl = NULL;
1398 uint64_t version = SPA_VERSION;
1400 (void) nvlist_lookup_uint64(props,
1401 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version);
1402 if (!SPA_VERSION_IS_SUPPORTED(version)) {
1403 error = SET_ERROR(EINVAL);
1404 goto pool_props_bad;
1406 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl);
1408 error = nvlist_dup(nvl, &rootprops, KM_SLEEP);
1410 nvlist_free(config);
1414 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS);
1416 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1417 error = zfs_fill_zplprops_root(version, rootprops,
1420 goto pool_props_bad;
1423 error = spa_create(zc->zc_name, config, props, zplprops);
1426 * Set the remaining root properties
1428 if (!error && (error = zfs_set_prop_nvlist(zc->zc_name,
1429 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0)
1430 (void) spa_destroy(zc->zc_name);
1433 nvlist_free(rootprops);
1434 nvlist_free(zplprops);
1435 nvlist_free(config);
1442 zfs_ioc_pool_destroy(zfs_cmd_t *zc)
1445 zfs_log_history(zc);
1446 error = spa_destroy(zc->zc_name);
1448 zvol_remove_minors(zc->zc_name);
1453 zfs_ioc_pool_import(zfs_cmd_t *zc)
1455 nvlist_t *config, *props = NULL;
1459 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1460 zc->zc_iflags, &config)) != 0)
1463 if (zc->zc_nvlist_src_size != 0 && (error =
1464 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1465 zc->zc_iflags, &props))) {
1466 nvlist_free(config);
1470 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 ||
1471 guid != zc->zc_guid)
1472 error = SET_ERROR(EINVAL);
1474 error = spa_import(zc->zc_name, config, props, zc->zc_cookie);
1476 if (zc->zc_nvlist_dst != 0) {
1479 if ((err = put_nvlist(zc, config)) != 0)
1483 nvlist_free(config);
1492 zfs_ioc_pool_export(zfs_cmd_t *zc)
1495 boolean_t force = (boolean_t)zc->zc_cookie;
1496 boolean_t hardforce = (boolean_t)zc->zc_guid;
1498 zfs_log_history(zc);
1499 error = spa_export(zc->zc_name, NULL, force, hardforce);
1501 zvol_remove_minors(zc->zc_name);
1506 zfs_ioc_pool_configs(zfs_cmd_t *zc)
1511 if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL)
1512 return (SET_ERROR(EEXIST));
1514 error = put_nvlist(zc, configs);
1516 nvlist_free(configs);
1523 * zc_name name of the pool
1526 * zc_cookie real errno
1527 * zc_nvlist_dst config nvlist
1528 * zc_nvlist_dst_size size of config nvlist
1531 zfs_ioc_pool_stats(zfs_cmd_t *zc)
1537 error = spa_get_stats(zc->zc_name, &config, zc->zc_value,
1538 sizeof (zc->zc_value));
1540 if (config != NULL) {
1541 ret = put_nvlist(zc, config);
1542 nvlist_free(config);
1545 * The config may be present even if 'error' is non-zero.
1546 * In this case we return success, and preserve the real errno
1549 zc->zc_cookie = error;
1558 * Try to import the given pool, returning pool stats as appropriate so that
1559 * user land knows which devices are available and overall pool health.
1562 zfs_ioc_pool_tryimport(zfs_cmd_t *zc)
1564 nvlist_t *tryconfig, *config;
1567 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1568 zc->zc_iflags, &tryconfig)) != 0)
1571 config = spa_tryimport(tryconfig);
1573 nvlist_free(tryconfig);
1576 return (SET_ERROR(EINVAL));
1578 error = put_nvlist(zc, config);
1579 nvlist_free(config);
1586 * zc_name name of the pool
1587 * zc_cookie scan func (pool_scan_func_t)
1590 zfs_ioc_pool_scan(zfs_cmd_t *zc)
1595 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1598 if (zc->zc_cookie == POOL_SCAN_NONE)
1599 error = spa_scan_stop(spa);
1601 error = spa_scan(spa, zc->zc_cookie);
1603 spa_close(spa, FTAG);
1609 zfs_ioc_pool_freeze(zfs_cmd_t *zc)
1614 error = spa_open(zc->zc_name, &spa, FTAG);
1617 spa_close(spa, FTAG);
1623 zfs_ioc_pool_upgrade(zfs_cmd_t *zc)
1628 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1631 if (zc->zc_cookie < spa_version(spa) ||
1632 !SPA_VERSION_IS_SUPPORTED(zc->zc_cookie)) {
1633 spa_close(spa, FTAG);
1634 return (SET_ERROR(EINVAL));
1637 spa_upgrade(spa, zc->zc_cookie);
1638 spa_close(spa, FTAG);
1644 zfs_ioc_pool_get_history(zfs_cmd_t *zc)
1651 if ((size = zc->zc_history_len) == 0)
1652 return (SET_ERROR(EINVAL));
1654 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1657 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
1658 spa_close(spa, FTAG);
1659 return (SET_ERROR(ENOTSUP));
1662 hist_buf = vmem_alloc(size, KM_SLEEP);
1663 if ((error = spa_history_get(spa, &zc->zc_history_offset,
1664 &zc->zc_history_len, hist_buf)) == 0) {
1665 error = ddi_copyout(hist_buf,
1666 (void *)(uintptr_t)zc->zc_history,
1667 zc->zc_history_len, zc->zc_iflags);
1670 spa_close(spa, FTAG);
1671 vmem_free(hist_buf, size);
1676 zfs_ioc_pool_reguid(zfs_cmd_t *zc)
1681 error = spa_open(zc->zc_name, &spa, FTAG);
1683 error = spa_change_guid(spa);
1684 spa_close(spa, FTAG);
1690 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc)
1692 return (dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value));
1697 * zc_name name of filesystem
1698 * zc_obj object to find
1701 * zc_value name of object
1704 zfs_ioc_obj_to_path(zfs_cmd_t *zc)
1709 /* XXX reading from objset not owned */
1710 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0)
1712 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1713 dmu_objset_rele(os, FTAG);
1714 return (SET_ERROR(EINVAL));
1716 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value,
1717 sizeof (zc->zc_value));
1718 dmu_objset_rele(os, FTAG);
1725 * zc_name name of filesystem
1726 * zc_obj object to find
1729 * zc_stat stats on object
1730 * zc_value path to object
1733 zfs_ioc_obj_to_stats(zfs_cmd_t *zc)
1738 /* XXX reading from objset not owned */
1739 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0)
1741 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1742 dmu_objset_rele(os, FTAG);
1743 return (SET_ERROR(EINVAL));
1745 error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value,
1746 sizeof (zc->zc_value));
1747 dmu_objset_rele(os, FTAG);
1753 zfs_ioc_vdev_add(zfs_cmd_t *zc)
1757 nvlist_t *config, **l2cache, **spares;
1758 uint_t nl2cache = 0, nspares = 0;
1760 error = spa_open(zc->zc_name, &spa, FTAG);
1764 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1765 zc->zc_iflags, &config);
1766 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_L2CACHE,
1767 &l2cache, &nl2cache);
1769 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_SPARES,
1773 * A root pool with concatenated devices is not supported.
1774 * Thus, can not add a device to a root pool.
1776 * Intent log device can not be added to a rootpool because
1777 * during mountroot, zil is replayed, a seperated log device
1778 * can not be accessed during the mountroot time.
1780 * l2cache and spare devices are ok to be added to a rootpool.
1782 if (spa_bootfs(spa) != 0 && nl2cache == 0 && nspares == 0) {
1783 nvlist_free(config);
1784 spa_close(spa, FTAG);
1785 return (SET_ERROR(EDOM));
1789 error = spa_vdev_add(spa, config);
1790 nvlist_free(config);
1792 spa_close(spa, FTAG);
1798 * zc_name name of the pool
1799 * zc_nvlist_conf nvlist of devices to remove
1800 * zc_cookie to stop the remove?
1803 zfs_ioc_vdev_remove(zfs_cmd_t *zc)
1808 error = spa_open(zc->zc_name, &spa, FTAG);
1811 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE);
1812 spa_close(spa, FTAG);
1817 zfs_ioc_vdev_set_state(zfs_cmd_t *zc)
1821 vdev_state_t newstate = VDEV_STATE_UNKNOWN;
1823 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1825 switch (zc->zc_cookie) {
1826 case VDEV_STATE_ONLINE:
1827 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate);
1830 case VDEV_STATE_OFFLINE:
1831 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj);
1834 case VDEV_STATE_FAULTED:
1835 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1836 zc->zc_obj != VDEV_AUX_EXTERNAL)
1837 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1839 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj);
1842 case VDEV_STATE_DEGRADED:
1843 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1844 zc->zc_obj != VDEV_AUX_EXTERNAL)
1845 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1847 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj);
1851 error = SET_ERROR(EINVAL);
1853 zc->zc_cookie = newstate;
1854 spa_close(spa, FTAG);
1859 zfs_ioc_vdev_attach(zfs_cmd_t *zc)
1862 int replacing = zc->zc_cookie;
1866 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1869 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1870 zc->zc_iflags, &config)) == 0) {
1871 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing);
1872 nvlist_free(config);
1875 spa_close(spa, FTAG);
1880 zfs_ioc_vdev_detach(zfs_cmd_t *zc)
1885 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1888 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE);
1890 spa_close(spa, FTAG);
1895 zfs_ioc_vdev_split(zfs_cmd_t *zc)
1898 nvlist_t *config, *props = NULL;
1900 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT);
1902 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1905 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1906 zc->zc_iflags, &config))) {
1907 spa_close(spa, FTAG);
1911 if (zc->zc_nvlist_src_size != 0 && (error =
1912 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1913 zc->zc_iflags, &props))) {
1914 spa_close(spa, FTAG);
1915 nvlist_free(config);
1919 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp);
1921 spa_close(spa, FTAG);
1923 nvlist_free(config);
1930 zfs_ioc_vdev_setpath(zfs_cmd_t *zc)
1933 char *path = zc->zc_value;
1934 uint64_t guid = zc->zc_guid;
1937 error = spa_open(zc->zc_name, &spa, FTAG);
1941 error = spa_vdev_setpath(spa, guid, path);
1942 spa_close(spa, FTAG);
1947 zfs_ioc_vdev_setfru(zfs_cmd_t *zc)
1950 char *fru = zc->zc_value;
1951 uint64_t guid = zc->zc_guid;
1954 error = spa_open(zc->zc_name, &spa, FTAG);
1958 error = spa_vdev_setfru(spa, guid, fru);
1959 spa_close(spa, FTAG);
1964 zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os)
1969 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
1971 if (zc->zc_nvlist_dst != 0 &&
1972 (error = dsl_prop_get_all(os, &nv)) == 0) {
1973 dmu_objset_stats(os, nv);
1975 * NB: zvol_get_stats() will read the objset contents,
1976 * which we aren't supposed to do with a
1977 * DS_MODE_USER hold, because it could be
1978 * inconsistent. So this is a bit of a workaround...
1979 * XXX reading with out owning
1981 if (!zc->zc_objset_stats.dds_inconsistent &&
1982 dmu_objset_type(os) == DMU_OST_ZVOL) {
1983 error = zvol_get_stats(os, nv);
1989 error = put_nvlist(zc, nv);
1998 * zc_name name of filesystem
1999 * zc_nvlist_dst_size size of buffer for property nvlist
2002 * zc_objset_stats stats
2003 * zc_nvlist_dst property nvlist
2004 * zc_nvlist_dst_size size of property nvlist
2007 zfs_ioc_objset_stats(zfs_cmd_t *zc)
2012 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2014 error = zfs_ioc_objset_stats_impl(zc, os);
2015 dmu_objset_rele(os, FTAG);
2023 * zc_name name of filesystem
2024 * zc_nvlist_dst_size size of buffer for property nvlist
2027 * zc_nvlist_dst received property nvlist
2028 * zc_nvlist_dst_size size of received property nvlist
2030 * Gets received properties (distinct from local properties on or after
2031 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from
2032 * local property values.
2035 zfs_ioc_objset_recvd_props(zfs_cmd_t *zc)
2041 * Without this check, we would return local property values if the
2042 * caller has not already received properties on or after
2043 * SPA_VERSION_RECVD_PROPS.
2045 if (!dsl_prop_get_hasrecvd(zc->zc_name))
2046 return (SET_ERROR(ENOTSUP));
2048 if (zc->zc_nvlist_dst != 0 &&
2049 (error = dsl_prop_get_received(zc->zc_name, &nv)) == 0) {
2050 error = put_nvlist(zc, nv);
2058 nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop)
2064 * zfs_get_zplprop() will either find a value or give us
2065 * the default value (if there is one).
2067 if ((error = zfs_get_zplprop(os, prop, &value)) != 0)
2069 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0);
2075 * zc_name name of filesystem
2076 * zc_nvlist_dst_size size of buffer for zpl property nvlist
2079 * zc_nvlist_dst zpl property nvlist
2080 * zc_nvlist_dst_size size of zpl property nvlist
2083 zfs_ioc_objset_zplprops(zfs_cmd_t *zc)
2088 /* XXX reading without owning */
2089 if ((err = dmu_objset_hold(zc->zc_name, FTAG, &os)))
2092 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
2095 * NB: nvl_add_zplprop() will read the objset contents,
2096 * which we aren't supposed to do with a DS_MODE_USER
2097 * hold, because it could be inconsistent.
2099 if (zc->zc_nvlist_dst != 0 &&
2100 !zc->zc_objset_stats.dds_inconsistent &&
2101 dmu_objset_type(os) == DMU_OST_ZFS) {
2104 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2105 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 &&
2106 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 &&
2107 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 &&
2108 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0)
2109 err = put_nvlist(zc, nv);
2112 err = SET_ERROR(ENOENT);
2114 dmu_objset_rele(os, FTAG);
2119 dataset_name_hidden(const char *name)
2122 * Skip over datasets that are not visible in this zone,
2123 * internal datasets (which have a $ in their name), and
2124 * temporary datasets (which have a % in their name).
2126 if (strchr(name, '$') != NULL)
2128 if (strchr(name, '%') != NULL)
2130 if (!INGLOBALZONE(curproc) && !zone_dataset_visible(name, NULL))
2137 * zc_name name of filesystem
2138 * zc_cookie zap cursor
2139 * zc_nvlist_dst_size size of buffer for property nvlist
2142 * zc_name name of next filesystem
2143 * zc_cookie zap cursor
2144 * zc_objset_stats stats
2145 * zc_nvlist_dst property nvlist
2146 * zc_nvlist_dst_size size of property nvlist
2149 zfs_ioc_dataset_list_next(zfs_cmd_t *zc)
2154 size_t orig_len = strlen(zc->zc_name);
2157 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os))) {
2158 if (error == ENOENT)
2159 error = SET_ERROR(ESRCH);
2163 p = strrchr(zc->zc_name, '/');
2164 if (p == NULL || p[1] != '\0')
2165 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name));
2166 p = zc->zc_name + strlen(zc->zc_name);
2169 error = dmu_dir_list_next(os,
2170 sizeof (zc->zc_name) - (p - zc->zc_name), p,
2171 NULL, &zc->zc_cookie);
2172 if (error == ENOENT)
2173 error = SET_ERROR(ESRCH);
2174 } while (error == 0 && dataset_name_hidden(zc->zc_name));
2175 dmu_objset_rele(os, FTAG);
2178 * If it's an internal dataset (ie. with a '$' in its name),
2179 * don't try to get stats for it, otherwise we'll return ENOENT.
2181 if (error == 0 && strchr(zc->zc_name, '$') == NULL) {
2182 error = zfs_ioc_objset_stats(zc); /* fill in the stats */
2183 if (error == ENOENT) {
2184 /* We lost a race with destroy, get the next one. */
2185 zc->zc_name[orig_len] = '\0';
2194 * zc_name name of filesystem
2195 * zc_cookie zap cursor
2196 * zc_nvlist_dst_size size of buffer for property nvlist
2199 * zc_name name of next snapshot
2200 * zc_objset_stats stats
2201 * zc_nvlist_dst property nvlist
2202 * zc_nvlist_dst_size size of property nvlist
2205 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc)
2210 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2212 return (error == ENOENT ? ESRCH : error);
2216 * A dataset name of maximum length cannot have any snapshots,
2217 * so exit immediately.
2219 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >= MAXNAMELEN) {
2220 dmu_objset_rele(os, FTAG);
2221 return (SET_ERROR(ESRCH));
2224 error = dmu_snapshot_list_next(os,
2225 sizeof (zc->zc_name) - strlen(zc->zc_name),
2226 zc->zc_name + strlen(zc->zc_name), &zc->zc_obj, &zc->zc_cookie,
2229 if (error == 0 && !zc->zc_simple) {
2231 dsl_pool_t *dp = os->os_dsl_dataset->ds_dir->dd_pool;
2233 error = dsl_dataset_hold_obj(dp, zc->zc_obj, FTAG, &ds);
2237 error = dmu_objset_from_ds(ds, &ossnap);
2239 error = zfs_ioc_objset_stats_impl(zc, ossnap);
2240 dsl_dataset_rele(ds, FTAG);
2242 } else if (error == ENOENT) {
2243 error = SET_ERROR(ESRCH);
2246 dmu_objset_rele(os, FTAG);
2247 /* if we failed, undo the @ that we tacked on to zc_name */
2249 *strchr(zc->zc_name, '@') = '\0';
2254 zfs_prop_set_userquota(const char *dsname, nvpair_t *pair)
2256 const char *propname = nvpair_name(pair);
2258 unsigned int vallen;
2261 zfs_userquota_prop_t type;
2267 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2269 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2270 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2272 return (SET_ERROR(EINVAL));
2276 * A correctly constructed propname is encoded as
2277 * userquota@<rid>-<domain>.
2279 if ((dash = strchr(propname, '-')) == NULL ||
2280 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 ||
2282 return (SET_ERROR(EINVAL));
2289 err = zfs_sb_hold(dsname, FTAG, &zsb, B_FALSE);
2291 err = zfs_set_userquota(zsb, type, domain, rid, quota);
2292 zfs_sb_rele(zsb, FTAG);
2299 * If the named property is one that has a special function to set its value,
2300 * return 0 on success and a positive error code on failure; otherwise if it is
2301 * not one of the special properties handled by this function, return -1.
2303 * XXX: It would be better for callers of the property interface if we handled
2304 * these special cases in dsl_prop.c (in the dsl layer).
2307 zfs_prop_set_special(const char *dsname, zprop_source_t source,
2310 const char *propname = nvpair_name(pair);
2311 zfs_prop_t prop = zfs_name_to_prop(propname);
2315 if (prop == ZPROP_INVAL) {
2316 if (zfs_prop_userquota(propname))
2317 return (zfs_prop_set_userquota(dsname, pair));
2321 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2323 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2324 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2328 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING)
2331 VERIFY(0 == nvpair_value_uint64(pair, &intval));
2334 case ZFS_PROP_QUOTA:
2335 err = dsl_dir_set_quota(dsname, source, intval);
2337 case ZFS_PROP_REFQUOTA:
2338 err = dsl_dataset_set_refquota(dsname, source, intval);
2340 case ZFS_PROP_RESERVATION:
2341 err = dsl_dir_set_reservation(dsname, source, intval);
2343 case ZFS_PROP_REFRESERVATION:
2344 err = dsl_dataset_set_refreservation(dsname, source, intval);
2346 case ZFS_PROP_VOLSIZE:
2347 err = zvol_set_volsize(dsname, intval);
2349 case ZFS_PROP_SNAPDEV:
2350 err = zvol_set_snapdev(dsname, intval);
2352 case ZFS_PROP_VERSION:
2356 if ((err = zfs_sb_hold(dsname, FTAG, &zsb, B_TRUE)) != 0)
2359 err = zfs_set_version(zsb, intval);
2360 zfs_sb_rele(zsb, FTAG);
2362 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) {
2365 zc = kmem_zalloc(sizeof (zfs_cmd_t),
2366 KM_SLEEP | KM_NODEBUG);
2367 (void) strcpy(zc->zc_name, dsname);
2368 (void) zfs_ioc_userspace_upgrade(zc);
2369 kmem_free(zc, sizeof (zfs_cmd_t));
2373 case ZFS_PROP_COMPRESSION:
2375 if (intval == ZIO_COMPRESS_LZ4) {
2376 zfeature_info_t *feature =
2377 &spa_feature_table[SPA_FEATURE_LZ4_COMPRESS];
2380 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
2384 * Setting the LZ4 compression algorithm activates
2387 if (!spa_feature_is_active(spa, feature)) {
2388 if ((err = zfs_prop_activate_feature(spa,
2390 spa_close(spa, FTAG);
2395 spa_close(spa, FTAG);
2398 * We still want the default set action to be performed in the
2399 * caller, we only performed zfeature settings here.
2413 * This function is best effort. If it fails to set any of the given properties,
2414 * it continues to set as many as it can and returns the last error
2415 * encountered. If the caller provides a non-NULL errlist, it will be filled in
2416 * with the list of names of all the properties that failed along with the
2417 * corresponding error numbers.
2419 * If every property is set successfully, zero is returned and errlist is not
2423 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl,
2432 nvlist_t *genericnvl = fnvlist_alloc();
2433 nvlist_t *retrynvl = fnvlist_alloc();
2436 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2437 const char *propname = nvpair_name(pair);
2438 zfs_prop_t prop = zfs_name_to_prop(propname);
2441 /* decode the property value */
2443 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2445 attrs = fnvpair_value_nvlist(pair);
2446 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2448 err = SET_ERROR(EINVAL);
2451 /* Validate value type */
2452 if (err == 0 && prop == ZPROP_INVAL) {
2453 if (zfs_prop_user(propname)) {
2454 if (nvpair_type(propval) != DATA_TYPE_STRING)
2455 err = SET_ERROR(EINVAL);
2456 } else if (zfs_prop_userquota(propname)) {
2457 if (nvpair_type(propval) !=
2458 DATA_TYPE_UINT64_ARRAY)
2459 err = SET_ERROR(EINVAL);
2461 err = SET_ERROR(EINVAL);
2463 } else if (err == 0) {
2464 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2465 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING)
2466 err = SET_ERROR(EINVAL);
2467 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) {
2470 intval = fnvpair_value_uint64(propval);
2472 switch (zfs_prop_get_type(prop)) {
2473 case PROP_TYPE_NUMBER:
2475 case PROP_TYPE_STRING:
2476 err = SET_ERROR(EINVAL);
2478 case PROP_TYPE_INDEX:
2479 if (zfs_prop_index_to_string(prop,
2480 intval, &unused) != 0)
2481 err = SET_ERROR(EINVAL);
2485 "unknown property type");
2488 err = SET_ERROR(EINVAL);
2492 /* Validate permissions */
2494 err = zfs_check_settable(dsname, pair, CRED());
2497 err = zfs_prop_set_special(dsname, source, pair);
2500 * For better performance we build up a list of
2501 * properties to set in a single transaction.
2503 err = nvlist_add_nvpair(genericnvl, pair);
2504 } else if (err != 0 && nvl != retrynvl) {
2506 * This may be a spurious error caused by
2507 * receiving quota and reservation out of order.
2508 * Try again in a second pass.
2510 err = nvlist_add_nvpair(retrynvl, pair);
2515 if (errlist != NULL)
2516 fnvlist_add_int32(errlist, propname, err);
2521 if (nvl != retrynvl && !nvlist_empty(retrynvl)) {
2526 if (!nvlist_empty(genericnvl) &&
2527 dsl_props_set(dsname, source, genericnvl) != 0) {
2529 * If this fails, we still want to set as many properties as we
2530 * can, so try setting them individually.
2533 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) {
2534 const char *propname = nvpair_name(pair);
2538 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2540 attrs = fnvpair_value_nvlist(pair);
2541 propval = fnvlist_lookup_nvpair(attrs,
2545 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2546 strval = fnvpair_value_string(propval);
2547 err = dsl_prop_set_string(dsname, propname,
2550 intval = fnvpair_value_uint64(propval);
2551 err = dsl_prop_set_int(dsname, propname, source,
2556 if (errlist != NULL) {
2557 fnvlist_add_int32(errlist, propname,
2564 nvlist_free(genericnvl);
2565 nvlist_free(retrynvl);
2571 * Check that all the properties are valid user properties.
2574 zfs_check_userprops(const char *fsname, nvlist_t *nvl)
2576 nvpair_t *pair = NULL;
2579 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2580 const char *propname = nvpair_name(pair);
2583 if (!zfs_prop_user(propname) ||
2584 nvpair_type(pair) != DATA_TYPE_STRING)
2585 return (SET_ERROR(EINVAL));
2587 if ((error = zfs_secpolicy_write_perms(fsname,
2588 ZFS_DELEG_PERM_USERPROP, CRED())))
2591 if (strlen(propname) >= ZAP_MAXNAMELEN)
2592 return (SET_ERROR(ENAMETOOLONG));
2594 VERIFY(nvpair_value_string(pair, &valstr) == 0);
2595 if (strlen(valstr) >= ZAP_MAXVALUELEN)
2596 return (SET_ERROR(E2BIG));
2602 props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops)
2606 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2609 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) {
2610 if (nvlist_exists(skipped, nvpair_name(pair)))
2613 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0);
2618 clear_received_props(const char *dsname, nvlist_t *props,
2622 nvlist_t *cleared_props = NULL;
2623 props_skip(props, skipped, &cleared_props);
2624 if (!nvlist_empty(cleared_props)) {
2626 * Acts on local properties until the dataset has received
2627 * properties at least once on or after SPA_VERSION_RECVD_PROPS.
2629 zprop_source_t flags = (ZPROP_SRC_NONE |
2630 (dsl_prop_get_hasrecvd(dsname) ? ZPROP_SRC_RECEIVED : 0));
2631 err = zfs_set_prop_nvlist(dsname, flags, cleared_props, NULL);
2633 nvlist_free(cleared_props);
2639 * zc_name name of filesystem
2640 * zc_value name of property to set
2641 * zc_nvlist_src{_size} nvlist of properties to apply
2642 * zc_cookie received properties flag
2645 * zc_nvlist_dst{_size} error for each unapplied received property
2648 zfs_ioc_set_prop(zfs_cmd_t *zc)
2651 boolean_t received = zc->zc_cookie;
2652 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED :
2657 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2658 zc->zc_iflags, &nvl)) != 0)
2662 nvlist_t *origprops;
2664 if (dsl_prop_get_received(zc->zc_name, &origprops) == 0) {
2665 (void) clear_received_props(zc->zc_name,
2667 nvlist_free(origprops);
2670 error = dsl_prop_set_hasrecvd(zc->zc_name);
2673 errors = fnvlist_alloc();
2675 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, errors);
2677 if (zc->zc_nvlist_dst != 0 && errors != NULL) {
2678 (void) put_nvlist(zc, errors);
2681 nvlist_free(errors);
2688 * zc_name name of filesystem
2689 * zc_value name of property to inherit
2690 * zc_cookie revert to received value if TRUE
2695 zfs_ioc_inherit_prop(zfs_cmd_t *zc)
2697 const char *propname = zc->zc_value;
2698 zfs_prop_t prop = zfs_name_to_prop(propname);
2699 boolean_t received = zc->zc_cookie;
2700 zprop_source_t source = (received
2701 ? ZPROP_SRC_NONE /* revert to received value, if any */
2702 : ZPROP_SRC_INHERITED); /* explicitly inherit */
2711 * zfs_prop_set_special() expects properties in the form of an
2712 * nvpair with type info.
2714 if (prop == ZPROP_INVAL) {
2715 if (!zfs_prop_user(propname))
2716 return (SET_ERROR(EINVAL));
2718 type = PROP_TYPE_STRING;
2719 } else if (prop == ZFS_PROP_VOLSIZE ||
2720 prop == ZFS_PROP_VERSION) {
2721 return (SET_ERROR(EINVAL));
2723 type = zfs_prop_get_type(prop);
2726 VERIFY(nvlist_alloc(&dummy, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2729 case PROP_TYPE_STRING:
2730 VERIFY(0 == nvlist_add_string(dummy, propname, ""));
2732 case PROP_TYPE_NUMBER:
2733 case PROP_TYPE_INDEX:
2734 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0));
2738 return (SET_ERROR(EINVAL));
2741 pair = nvlist_next_nvpair(dummy, NULL);
2742 err = zfs_prop_set_special(zc->zc_name, source, pair);
2745 return (err); /* special property already handled */
2748 * Only check this in the non-received case. We want to allow
2749 * 'inherit -S' to revert non-inheritable properties like quota
2750 * and reservation to the received or default values even though
2751 * they are not considered inheritable.
2753 if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop))
2754 return (SET_ERROR(EINVAL));
2757 /* property name has been validated by zfs_secpolicy_inherit_prop() */
2758 return (dsl_prop_inherit(zc->zc_name, zc->zc_value, source));
2762 zfs_ioc_pool_set_props(zfs_cmd_t *zc)
2769 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2770 zc->zc_iflags, &props)))
2774 * If the only property is the configfile, then just do a spa_lookup()
2775 * to handle the faulted case.
2777 pair = nvlist_next_nvpair(props, NULL);
2778 if (pair != NULL && strcmp(nvpair_name(pair),
2779 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 &&
2780 nvlist_next_nvpair(props, pair) == NULL) {
2781 mutex_enter(&spa_namespace_lock);
2782 if ((spa = spa_lookup(zc->zc_name)) != NULL) {
2783 spa_configfile_set(spa, props, B_FALSE);
2784 spa_config_sync(spa, B_FALSE, B_TRUE);
2786 mutex_exit(&spa_namespace_lock);
2793 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2798 error = spa_prop_set(spa, props);
2801 spa_close(spa, FTAG);
2807 zfs_ioc_pool_get_props(zfs_cmd_t *zc)
2811 nvlist_t *nvp = NULL;
2813 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2815 * If the pool is faulted, there may be properties we can still
2816 * get (such as altroot and cachefile), so attempt to get them
2819 mutex_enter(&spa_namespace_lock);
2820 if ((spa = spa_lookup(zc->zc_name)) != NULL)
2821 error = spa_prop_get(spa, &nvp);
2822 mutex_exit(&spa_namespace_lock);
2824 error = spa_prop_get(spa, &nvp);
2825 spa_close(spa, FTAG);
2828 if (error == 0 && zc->zc_nvlist_dst != 0)
2829 error = put_nvlist(zc, nvp);
2831 error = SET_ERROR(EFAULT);
2839 * zc_name name of volume
2844 zfs_ioc_create_minor(zfs_cmd_t *zc)
2846 return (zvol_create_minor(zc->zc_name));
2851 * zc_name name of volume
2856 zfs_ioc_remove_minor(zfs_cmd_t *zc)
2858 return (zvol_remove_minor(zc->zc_name));
2863 * zc_name name of filesystem
2864 * zc_nvlist_src{_size} nvlist of delegated permissions
2865 * zc_perm_action allow/unallow flag
2870 zfs_ioc_set_fsacl(zfs_cmd_t *zc)
2873 nvlist_t *fsaclnv = NULL;
2875 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2876 zc->zc_iflags, &fsaclnv)) != 0)
2880 * Verify nvlist is constructed correctly
2882 if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) {
2883 nvlist_free(fsaclnv);
2884 return (SET_ERROR(EINVAL));
2888 * If we don't have PRIV_SYS_MOUNT, then validate
2889 * that user is allowed to hand out each permission in
2893 error = secpolicy_zfs(CRED());
2895 if (zc->zc_perm_action == B_FALSE) {
2896 error = dsl_deleg_can_allow(zc->zc_name,
2899 error = dsl_deleg_can_unallow(zc->zc_name,
2905 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action);
2907 nvlist_free(fsaclnv);
2913 * zc_name name of filesystem
2916 * zc_nvlist_src{_size} nvlist of delegated permissions
2919 zfs_ioc_get_fsacl(zfs_cmd_t *zc)
2924 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) {
2925 error = put_nvlist(zc, nvp);
2934 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx)
2936 zfs_creat_t *zct = arg;
2938 zfs_create_fs(os, cr, zct->zct_zplprops, tx);
2941 #define ZFS_PROP_UNDEFINED ((uint64_t)-1)
2945 * createprops list of properties requested by creator
2946 * default_zplver zpl version to use if unspecified in createprops
2947 * fuids_ok fuids allowed in this version of the spa?
2948 * os parent objset pointer (NULL if root fs)
2951 * zplprops values for the zplprops we attach to the master node object
2952 * is_ci true if requested file system will be purely case-insensitive
2954 * Determine the settings for utf8only, normalization and
2955 * casesensitivity. Specific values may have been requested by the
2956 * creator and/or we can inherit values from the parent dataset. If
2957 * the file system is of too early a vintage, a creator can not
2958 * request settings for these properties, even if the requested
2959 * setting is the default value. We don't actually want to create dsl
2960 * properties for these, so remove them from the source nvlist after
2964 zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver,
2965 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops,
2966 nvlist_t *zplprops, boolean_t *is_ci)
2968 uint64_t sense = ZFS_PROP_UNDEFINED;
2969 uint64_t norm = ZFS_PROP_UNDEFINED;
2970 uint64_t u8 = ZFS_PROP_UNDEFINED;
2973 ASSERT(zplprops != NULL);
2976 * Pull out creator prop choices, if any.
2979 (void) nvlist_lookup_uint64(createprops,
2980 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver);
2981 (void) nvlist_lookup_uint64(createprops,
2982 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm);
2983 (void) nvlist_remove_all(createprops,
2984 zfs_prop_to_name(ZFS_PROP_NORMALIZE));
2985 (void) nvlist_lookup_uint64(createprops,
2986 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8);
2987 (void) nvlist_remove_all(createprops,
2988 zfs_prop_to_name(ZFS_PROP_UTF8ONLY));
2989 (void) nvlist_lookup_uint64(createprops,
2990 zfs_prop_to_name(ZFS_PROP_CASE), &sense);
2991 (void) nvlist_remove_all(createprops,
2992 zfs_prop_to_name(ZFS_PROP_CASE));
2996 * If the zpl version requested is whacky or the file system
2997 * or pool is version is too "young" to support normalization
2998 * and the creator tried to set a value for one of the props,
3001 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) ||
3002 (zplver >= ZPL_VERSION_FUID && !fuids_ok) ||
3003 (zplver >= ZPL_VERSION_SA && !sa_ok) ||
3004 (zplver < ZPL_VERSION_NORMALIZATION &&
3005 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED ||
3006 sense != ZFS_PROP_UNDEFINED)))
3007 return (SET_ERROR(ENOTSUP));
3010 * Put the version in the zplprops
3012 VERIFY(nvlist_add_uint64(zplprops,
3013 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0);
3015 if (norm == ZFS_PROP_UNDEFINED &&
3016 (error = zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm)) != 0)
3018 VERIFY(nvlist_add_uint64(zplprops,
3019 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0);
3022 * If we're normalizing, names must always be valid UTF-8 strings.
3026 if (u8 == ZFS_PROP_UNDEFINED &&
3027 (error = zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8)) != 0)
3029 VERIFY(nvlist_add_uint64(zplprops,
3030 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0);
3032 if (sense == ZFS_PROP_UNDEFINED &&
3033 (error = zfs_get_zplprop(os, ZFS_PROP_CASE, &sense)) != 0)
3035 VERIFY(nvlist_add_uint64(zplprops,
3036 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0);
3039 *is_ci = (sense == ZFS_CASE_INSENSITIVE);
3045 zfs_fill_zplprops(const char *dataset, nvlist_t *createprops,
3046 nvlist_t *zplprops, boolean_t *is_ci)
3048 boolean_t fuids_ok, sa_ok;
3049 uint64_t zplver = ZPL_VERSION;
3050 objset_t *os = NULL;
3051 char parentname[MAXNAMELEN];
3057 (void) strlcpy(parentname, dataset, sizeof (parentname));
3058 cp = strrchr(parentname, '/');
3062 if ((error = spa_open(dataset, &spa, FTAG)) != 0)
3065 spa_vers = spa_version(spa);
3066 spa_close(spa, FTAG);
3068 zplver = zfs_zpl_version_map(spa_vers);
3069 fuids_ok = (zplver >= ZPL_VERSION_FUID);
3070 sa_ok = (zplver >= ZPL_VERSION_SA);
3073 * Open parent object set so we can inherit zplprop values.
3075 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0)
3078 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops,
3080 dmu_objset_rele(os, FTAG);
3085 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops,
3086 nvlist_t *zplprops, boolean_t *is_ci)
3090 uint64_t zplver = ZPL_VERSION;
3093 zplver = zfs_zpl_version_map(spa_vers);
3094 fuids_ok = (zplver >= ZPL_VERSION_FUID);
3095 sa_ok = (zplver >= ZPL_VERSION_SA);
3097 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok,
3098 createprops, zplprops, is_ci);
3104 * "type" -> dmu_objset_type_t (int32)
3105 * (optional) "props" -> { prop -> value }
3108 * outnvl: propname -> error code (int32)
3111 zfs_ioc_create(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3114 zfs_creat_t zct = { 0 };
3115 nvlist_t *nvprops = NULL;
3116 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx);
3118 dmu_objset_type_t type;
3119 boolean_t is_insensitive = B_FALSE;
3121 if (nvlist_lookup_int32(innvl, "type", &type32) != 0)
3122 return (SET_ERROR(EINVAL));
3124 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3128 cbfunc = zfs_create_cb;
3132 cbfunc = zvol_create_cb;
3139 if (strchr(fsname, '@') ||
3140 strchr(fsname, '%'))
3141 return (SET_ERROR(EINVAL));
3143 zct.zct_props = nvprops;
3146 return (SET_ERROR(EINVAL));
3148 if (type == DMU_OST_ZVOL) {
3149 uint64_t volsize, volblocksize;
3151 if (nvprops == NULL)
3152 return (SET_ERROR(EINVAL));
3153 if (nvlist_lookup_uint64(nvprops,
3154 zfs_prop_to_name(ZFS_PROP_VOLSIZE), &volsize) != 0)
3155 return (SET_ERROR(EINVAL));
3157 if ((error = nvlist_lookup_uint64(nvprops,
3158 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
3159 &volblocksize)) != 0 && error != ENOENT)
3160 return (SET_ERROR(EINVAL));
3163 volblocksize = zfs_prop_default_numeric(
3164 ZFS_PROP_VOLBLOCKSIZE);
3166 if ((error = zvol_check_volblocksize(
3167 volblocksize)) != 0 ||
3168 (error = zvol_check_volsize(volsize,
3169 volblocksize)) != 0)
3171 } else if (type == DMU_OST_ZFS) {
3175 * We have to have normalization and
3176 * case-folding flags correct when we do the
3177 * file system creation, so go figure them out
3180 VERIFY(nvlist_alloc(&zct.zct_zplprops,
3181 NV_UNIQUE_NAME, KM_SLEEP) == 0);
3182 error = zfs_fill_zplprops(fsname, nvprops,
3183 zct.zct_zplprops, &is_insensitive);
3185 nvlist_free(zct.zct_zplprops);
3190 error = dmu_objset_create(fsname, type,
3191 is_insensitive ? DS_FLAG_CI_DATASET : 0, cbfunc, &zct);
3192 nvlist_free(zct.zct_zplprops);
3195 * It would be nice to do this atomically.
3198 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3201 (void) dsl_destroy_head(fsname);
3208 * "origin" -> name of origin snapshot
3209 * (optional) "props" -> { prop -> value }
3213 * outnvl: propname -> error code (int32)
3216 zfs_ioc_clone(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3219 nvlist_t *nvprops = NULL;
3222 if (nvlist_lookup_string(innvl, "origin", &origin_name) != 0)
3223 return (SET_ERROR(EINVAL));
3224 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3226 if (strchr(fsname, '@') ||
3227 strchr(fsname, '%'))
3228 return (SET_ERROR(EINVAL));
3230 if (dataset_namecheck(origin_name, NULL, NULL) != 0)
3231 return (SET_ERROR(EINVAL));
3232 error = dmu_objset_clone(fsname, origin_name);
3237 * It would be nice to do this atomically.
3240 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3243 (void) dsl_destroy_head(fsname);
3250 * "snaps" -> { snapshot1, snapshot2 }
3251 * (optional) "props" -> { prop -> value (string) }
3254 * outnvl: snapshot -> error code (int32)
3257 zfs_ioc_snapshot(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3260 nvlist_t *props = NULL;
3262 nvpair_t *pair, *pair2;
3264 (void) nvlist_lookup_nvlist(innvl, "props", &props);
3265 if ((error = zfs_check_userprops(poolname, props)) != 0)
3268 if (!nvlist_empty(props) &&
3269 zfs_earlier_version(poolname, SPA_VERSION_SNAP_PROPS))
3270 return (SET_ERROR(ENOTSUP));
3272 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
3273 return (SET_ERROR(EINVAL));
3274 poollen = strlen(poolname);
3275 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3276 pair = nvlist_next_nvpair(snaps, pair)) {
3277 const char *name = nvpair_name(pair);
3278 const char *cp = strchr(name, '@');
3281 * The snap name must contain an @, and the part after it must
3282 * contain only valid characters.
3284 if (cp == NULL || snapshot_namecheck(cp + 1, NULL, NULL) != 0)
3285 return (SET_ERROR(EINVAL));
3288 * The snap must be in the specified pool.
3290 if (strncmp(name, poolname, poollen) != 0 ||
3291 (name[poollen] != '/' && name[poollen] != '@'))
3292 return (SET_ERROR(EXDEV));
3294 /* This must be the only snap of this fs. */
3295 for (pair2 = nvlist_next_nvpair(snaps, pair);
3296 pair2 != NULL; pair2 = nvlist_next_nvpair(snaps, pair2)) {
3297 if (strncmp(name, nvpair_name(pair2), cp - name + 1)
3299 return (SET_ERROR(EXDEV));
3304 error = dsl_dataset_snapshot(snaps, props, outnvl);
3309 * innvl: "message" -> string
3313 zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl)
3321 * The poolname in the ioctl is not set, we get it from the TSD,
3322 * which was set at the end of the last successful ioctl that allows
3323 * logging. The secpolicy func already checked that it is set.
3324 * Only one log ioctl is allowed after each successful ioctl, so
3325 * we clear the TSD here.
3327 poolname = tsd_get(zfs_allow_log_key);
3328 (void) tsd_set(zfs_allow_log_key, NULL);
3329 error = spa_open(poolname, &spa, FTAG);
3334 if (nvlist_lookup_string(innvl, "message", &message) != 0) {
3335 spa_close(spa, FTAG);
3336 return (SET_ERROR(EINVAL));
3339 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
3340 spa_close(spa, FTAG);
3341 return (SET_ERROR(ENOTSUP));
3344 error = spa_history_log(spa, message);
3345 spa_close(spa, FTAG);
3350 * The dp_config_rwlock must not be held when calling this, because the
3351 * unmount may need to write out data.
3353 * This function is best-effort. Callers must deal gracefully if it
3354 * remains mounted (or is remounted after this call).
3357 zfs_unmount_snap(const char *snapname)
3359 zfs_sb_t *zsb = NULL;
3364 if ((ptr = strchr(snapname, '@')) == NULL)
3367 dsname = kmem_alloc(ptr - snapname + 1, KM_SLEEP);
3368 strlcpy(dsname, snapname, ptr - snapname + 1);
3369 fullname = strdup(snapname);
3371 if (zfs_sb_hold(dsname, FTAG, &zsb, B_FALSE) == 0) {
3372 ASSERT(!dsl_pool_config_held(dmu_objset_pool(zsb->z_os)));
3373 (void) zfsctl_unmount_snapshot(zsb, fullname, MNT_FORCE);
3374 zfs_sb_rele(zsb, FTAG);
3377 kmem_free(dsname, ptr - snapname + 1);
3385 zfs_unmount_snap_cb(const char *snapname, void *arg)
3387 zfs_unmount_snap(snapname);
3392 * When a clone is destroyed, its origin may also need to be destroyed,
3393 * in which case it must be unmounted. This routine will do that unmount
3397 zfs_destroy_unmount_origin(const char *fsname)
3403 error = dmu_objset_hold(fsname, FTAG, &os);
3406 ds = dmu_objset_ds(os);
3407 if (dsl_dir_is_clone(ds->ds_dir) && DS_IS_DEFER_DESTROY(ds->ds_prev)) {
3408 char originname[MAXNAMELEN];
3409 dsl_dataset_name(ds->ds_prev, originname);
3410 dmu_objset_rele(os, FTAG);
3411 zfs_unmount_snap(originname);
3413 dmu_objset_rele(os, FTAG);
3419 * "snaps" -> { snapshot1, snapshot2 }
3420 * (optional boolean) "defer"
3423 * outnvl: snapshot -> error code (int32)
3426 zfs_ioc_destroy_snaps(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3433 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
3434 return (SET_ERROR(EINVAL));
3435 defer = nvlist_exists(innvl, "defer");
3437 poollen = strlen(poolname);
3438 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3439 pair = nvlist_next_nvpair(snaps, pair)) {
3440 const char *name = nvpair_name(pair);
3443 * The snap must be in the specified pool.
3445 if (strncmp(name, poolname, poollen) != 0 ||
3446 (name[poollen] != '/' && name[poollen] != '@'))
3447 return (SET_ERROR(EXDEV));
3449 zfs_unmount_snap(name);
3450 (void) zvol_remove_minor(name);
3453 return (dsl_destroy_snapshots_nvl(snaps, defer, outnvl));
3458 * zc_name name of dataset to destroy
3459 * zc_objset_type type of objset
3460 * zc_defer_destroy mark for deferred destroy
3465 zfs_ioc_destroy(zfs_cmd_t *zc)
3468 if (strchr(zc->zc_name, '@') && zc->zc_objset_type == DMU_OST_ZFS)
3469 zfs_unmount_snap(zc->zc_name);
3471 if (strchr(zc->zc_name, '@'))
3472 err = dsl_destroy_snapshot(zc->zc_name, zc->zc_defer_destroy);
3474 err = dsl_destroy_head(zc->zc_name);
3475 if (zc->zc_objset_type == DMU_OST_ZVOL && err == 0)
3476 (void) zvol_remove_minor(zc->zc_name);
3482 * zc_name name of dataset to rollback (to most recent snapshot)
3487 zfs_ioc_rollback(zfs_cmd_t *zc)
3492 if (get_zfs_sb(zc->zc_name, &zsb) == 0) {
3493 error = zfs_suspend_fs(zsb);
3497 error = dsl_dataset_rollback(zc->zc_name);
3498 resume_err = zfs_resume_fs(zsb, zc->zc_name);
3499 error = error ? error : resume_err;
3501 deactivate_super(zsb->z_sb);
3503 error = dsl_dataset_rollback(zc->zc_name);
3509 recursive_unmount(const char *fsname, void *arg)
3511 const char *snapname = arg;
3514 fullname = kmem_asprintf("%s@%s", fsname, snapname);
3515 zfs_unmount_snap(fullname);
3522 * zc_name old name of dataset
3523 * zc_value new name of dataset
3524 * zc_cookie recursive flag (only valid for snapshots)
3529 zfs_ioc_rename(zfs_cmd_t *zc)
3531 boolean_t recursive = zc->zc_cookie & 1;
3535 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
3536 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
3537 strchr(zc->zc_value, '%'))
3538 return (SET_ERROR(EINVAL));
3540 at = strchr(zc->zc_name, '@');
3542 /* snaps must be in same fs */
3543 if (strncmp(zc->zc_name, zc->zc_value, at - zc->zc_name + 1))
3544 return (SET_ERROR(EXDEV));
3546 if (zc->zc_objset_type == DMU_OST_ZFS) {
3547 int error = dmu_objset_find(zc->zc_name,
3548 recursive_unmount, at + 1,
3549 recursive ? DS_FIND_CHILDREN : 0);
3553 return (dsl_dataset_rename_snapshot(zc->zc_name,
3554 at + 1, strchr(zc->zc_value, '@') + 1, recursive));
3556 err = dsl_dir_rename(zc->zc_name, zc->zc_value);
3557 if (!err && zc->zc_objset_type == DMU_OST_ZVOL) {
3558 (void) zvol_remove_minor(zc->zc_name);
3559 (void) zvol_create_minor(zc->zc_value);
3566 zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr)
3568 const char *propname = nvpair_name(pair);
3569 boolean_t issnap = (strchr(dsname, '@') != NULL);
3570 zfs_prop_t prop = zfs_name_to_prop(propname);
3574 if (prop == ZPROP_INVAL) {
3575 if (zfs_prop_user(propname)) {
3576 if ((err = zfs_secpolicy_write_perms(dsname,
3577 ZFS_DELEG_PERM_USERPROP, cr)))
3582 if (!issnap && zfs_prop_userquota(propname)) {
3583 const char *perm = NULL;
3584 const char *uq_prefix =
3585 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA];
3586 const char *gq_prefix =
3587 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA];
3589 if (strncmp(propname, uq_prefix,
3590 strlen(uq_prefix)) == 0) {
3591 perm = ZFS_DELEG_PERM_USERQUOTA;
3592 } else if (strncmp(propname, gq_prefix,
3593 strlen(gq_prefix)) == 0) {
3594 perm = ZFS_DELEG_PERM_GROUPQUOTA;
3596 /* USERUSED and GROUPUSED are read-only */
3597 return (SET_ERROR(EINVAL));
3600 if ((err = zfs_secpolicy_write_perms(dsname, perm, cr)))
3605 return (SET_ERROR(EINVAL));
3609 return (SET_ERROR(EINVAL));
3611 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
3613 * dsl_prop_get_all_impl() returns properties in this
3617 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
3618 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3623 * Check that this value is valid for this pool version
3626 case ZFS_PROP_COMPRESSION:
3628 * If the user specified gzip compression, make sure
3629 * the SPA supports it. We ignore any errors here since
3630 * we'll catch them later.
3632 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
3633 nvpair_value_uint64(pair, &intval) == 0) {
3634 if (intval >= ZIO_COMPRESS_GZIP_1 &&
3635 intval <= ZIO_COMPRESS_GZIP_9 &&
3636 zfs_earlier_version(dsname,
3637 SPA_VERSION_GZIP_COMPRESSION)) {
3638 return (SET_ERROR(ENOTSUP));
3641 if (intval == ZIO_COMPRESS_ZLE &&
3642 zfs_earlier_version(dsname,
3643 SPA_VERSION_ZLE_COMPRESSION))
3644 return (SET_ERROR(ENOTSUP));
3646 if (intval == ZIO_COMPRESS_LZ4) {
3647 zfeature_info_t *feature =
3649 SPA_FEATURE_LZ4_COMPRESS];
3652 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
3655 if (!spa_feature_is_enabled(spa, feature)) {
3656 spa_close(spa, FTAG);
3657 return (SET_ERROR(ENOTSUP));
3659 spa_close(spa, FTAG);
3663 * If this is a bootable dataset then
3664 * verify that the compression algorithm
3665 * is supported for booting. We must return
3666 * something other than ENOTSUP since it
3667 * implies a downrev pool version.
3669 if (zfs_is_bootfs(dsname) &&
3670 !BOOTFS_COMPRESS_VALID(intval)) {
3671 return (SET_ERROR(ERANGE));
3676 case ZFS_PROP_COPIES:
3677 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS))
3678 return (SET_ERROR(ENOTSUP));
3681 case ZFS_PROP_DEDUP:
3682 if (zfs_earlier_version(dsname, SPA_VERSION_DEDUP))
3683 return (SET_ERROR(ENOTSUP));
3686 case ZFS_PROP_SHARESMB:
3687 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID))
3688 return (SET_ERROR(ENOTSUP));
3691 case ZFS_PROP_ACLINHERIT:
3692 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
3693 nvpair_value_uint64(pair, &intval) == 0) {
3694 if (intval == ZFS_ACL_PASSTHROUGH_X &&
3695 zfs_earlier_version(dsname,
3696 SPA_VERSION_PASSTHROUGH_X))
3697 return (SET_ERROR(ENOTSUP));
3704 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED()));
3708 * Checks for a race condition to make sure we don't increment a feature flag
3712 zfs_prop_activate_feature_check(void *arg, dmu_tx_t *tx)
3714 spa_t *spa = dmu_tx_pool(tx)->dp_spa;
3715 zfeature_info_t *feature = arg;
3717 if (!spa_feature_is_active(spa, feature))
3720 return (SET_ERROR(EBUSY));
3724 * The callback invoked on feature activation in the sync task caused by
3725 * zfs_prop_activate_feature.
3728 zfs_prop_activate_feature_sync(void *arg, dmu_tx_t *tx)
3730 spa_t *spa = dmu_tx_pool(tx)->dp_spa;
3731 zfeature_info_t *feature = arg;
3733 spa_feature_incr(spa, feature, tx);
3737 * Activates a feature on a pool in response to a property setting. This
3738 * creates a new sync task which modifies the pool to reflect the feature
3742 zfs_prop_activate_feature(spa_t *spa, zfeature_info_t *feature)
3746 /* EBUSY here indicates that the feature is already active */
3747 err = dsl_sync_task(spa_name(spa),
3748 zfs_prop_activate_feature_check, zfs_prop_activate_feature_sync,
3751 if (err != 0 && err != EBUSY)
3758 * Removes properties from the given props list that fail permission checks
3759 * needed to clear them and to restore them in case of a receive error. For each
3760 * property, make sure we have both set and inherit permissions.
3762 * Returns the first error encountered if any permission checks fail. If the
3763 * caller provides a non-NULL errlist, it also gives the complete list of names
3764 * of all the properties that failed a permission check along with the
3765 * corresponding error numbers. The caller is responsible for freeing the
3768 * If every property checks out successfully, zero is returned and the list
3769 * pointed at by errlist is NULL.
3772 zfs_check_clearable(char *dataset, nvlist_t *props, nvlist_t **errlist)
3775 nvpair_t *pair, *next_pair;
3782 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
3784 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP | KM_NODEBUG);
3785 (void) strcpy(zc->zc_name, dataset);
3786 pair = nvlist_next_nvpair(props, NULL);
3787 while (pair != NULL) {
3788 next_pair = nvlist_next_nvpair(props, pair);
3790 (void) strcpy(zc->zc_value, nvpair_name(pair));
3791 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 ||
3792 (err = zfs_secpolicy_inherit_prop(zc, NULL, CRED())) != 0) {
3793 VERIFY(nvlist_remove_nvpair(props, pair) == 0);
3794 VERIFY(nvlist_add_int32(errors,
3795 zc->zc_value, err) == 0);
3799 kmem_free(zc, sizeof (zfs_cmd_t));
3801 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
3802 nvlist_free(errors);
3805 VERIFY(nvpair_value_int32(pair, &rv) == 0);
3808 if (errlist == NULL)
3809 nvlist_free(errors);
3817 propval_equals(nvpair_t *p1, nvpair_t *p2)
3819 if (nvpair_type(p1) == DATA_TYPE_NVLIST) {
3820 /* dsl_prop_get_all_impl() format */
3822 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0);
3823 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3827 if (nvpair_type(p2) == DATA_TYPE_NVLIST) {
3829 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0);
3830 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3834 if (nvpair_type(p1) != nvpair_type(p2))
3837 if (nvpair_type(p1) == DATA_TYPE_STRING) {
3838 char *valstr1, *valstr2;
3840 VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0);
3841 VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0);
3842 return (strcmp(valstr1, valstr2) == 0);
3844 uint64_t intval1, intval2;
3846 VERIFY(nvpair_value_uint64(p1, &intval1) == 0);
3847 VERIFY(nvpair_value_uint64(p2, &intval2) == 0);
3848 return (intval1 == intval2);
3853 * Remove properties from props if they are not going to change (as determined
3854 * by comparison with origprops). Remove them from origprops as well, since we
3855 * do not need to clear or restore properties that won't change.
3858 props_reduce(nvlist_t *props, nvlist_t *origprops)
3860 nvpair_t *pair, *next_pair;
3862 if (origprops == NULL)
3863 return; /* all props need to be received */
3865 pair = nvlist_next_nvpair(props, NULL);
3866 while (pair != NULL) {
3867 const char *propname = nvpair_name(pair);
3870 next_pair = nvlist_next_nvpair(props, pair);
3872 if ((nvlist_lookup_nvpair(origprops, propname,
3873 &match) != 0) || !propval_equals(pair, match))
3874 goto next; /* need to set received value */
3876 /* don't clear the existing received value */
3877 (void) nvlist_remove_nvpair(origprops, match);
3878 /* don't bother receiving the property */
3879 (void) nvlist_remove_nvpair(props, pair);
3886 static boolean_t zfs_ioc_recv_inject_err;
3891 * zc_name name of containing filesystem
3892 * zc_nvlist_src{_size} nvlist of properties to apply
3893 * zc_value name of snapshot to create
3894 * zc_string name of clone origin (if DRR_FLAG_CLONE)
3895 * zc_cookie file descriptor to recv from
3896 * zc_begin_record the BEGIN record of the stream (not byteswapped)
3897 * zc_guid force flag
3898 * zc_cleanup_fd cleanup-on-exit file descriptor
3899 * zc_action_handle handle for this guid/ds mapping (or zero on first call)
3902 * zc_cookie number of bytes read
3903 * zc_nvlist_dst{_size} error for each unapplied received property
3904 * zc_obj zprop_errflags_t
3905 * zc_action_handle handle for this guid/ds mapping
3908 zfs_ioc_recv(zfs_cmd_t *zc)
3911 dmu_recv_cookie_t drc;
3912 boolean_t force = (boolean_t)zc->zc_guid;
3915 int props_error = 0;
3918 nvlist_t *props = NULL; /* sent properties */
3919 nvlist_t *origprops = NULL; /* existing properties */
3920 char *origin = NULL;
3922 char tofs[ZFS_MAXNAMELEN];
3923 boolean_t first_recvd_props = B_FALSE;
3925 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
3926 strchr(zc->zc_value, '@') == NULL ||
3927 strchr(zc->zc_value, '%'))
3928 return (SET_ERROR(EINVAL));
3930 (void) strcpy(tofs, zc->zc_value);
3931 tosnap = strchr(tofs, '@');
3934 if (zc->zc_nvlist_src != 0 &&
3935 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
3936 zc->zc_iflags, &props)) != 0)
3943 return (SET_ERROR(EBADF));
3946 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
3948 if (zc->zc_string[0])
3949 origin = zc->zc_string;
3951 error = dmu_recv_begin(tofs, tosnap,
3952 &zc->zc_begin_record, force, origin, &drc);
3957 * Set properties before we receive the stream so that they are applied
3958 * to the new data. Note that we must call dmu_recv_stream() if
3959 * dmu_recv_begin() succeeds.
3961 if (props != NULL && !drc.drc_newfs) {
3962 if (spa_version(dsl_dataset_get_spa(drc.drc_ds)) >=
3963 SPA_VERSION_RECVD_PROPS &&
3964 !dsl_prop_get_hasrecvd(tofs))
3965 first_recvd_props = B_TRUE;
3968 * If new received properties are supplied, they are to
3969 * completely replace the existing received properties, so stash
3970 * away the existing ones.
3972 if (dsl_prop_get_received(tofs, &origprops) == 0) {
3973 nvlist_t *errlist = NULL;
3975 * Don't bother writing a property if its value won't
3976 * change (and avoid the unnecessary security checks).
3978 * The first receive after SPA_VERSION_RECVD_PROPS is a
3979 * special case where we blow away all local properties
3982 if (!first_recvd_props)
3983 props_reduce(props, origprops);
3984 if (zfs_check_clearable(tofs, origprops, &errlist) != 0)
3985 (void) nvlist_merge(errors, errlist, 0);
3986 nvlist_free(errlist);
3988 if (clear_received_props(tofs, origprops,
3989 first_recvd_props ? NULL : props) != 0)
3990 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3992 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3996 if (props != NULL) {
3997 props_error = dsl_prop_set_hasrecvd(tofs);
3999 if (props_error == 0) {
4000 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
4005 if (zc->zc_nvlist_dst_size != 0 &&
4006 (nvlist_smush(errors, zc->zc_nvlist_dst_size) != 0 ||
4007 put_nvlist(zc, errors) != 0)) {
4009 * Caller made zc->zc_nvlist_dst less than the minimum expected
4010 * size or supplied an invalid address.
4012 props_error = SET_ERROR(EINVAL);
4016 error = dmu_recv_stream(&drc, fp->f_vnode, &off, zc->zc_cleanup_fd,
4017 &zc->zc_action_handle);
4020 zfs_sb_t *zsb = NULL;
4022 if (get_zfs_sb(tofs, &zsb) == 0) {
4026 error = zfs_suspend_fs(zsb);
4028 * If the suspend fails, then the recv_end will
4029 * likely also fail, and clean up after itself.
4031 end_err = dmu_recv_end(&drc);
4033 error = zfs_resume_fs(zsb, tofs);
4034 error = error ? error : end_err;
4035 deactivate_super(zsb->z_sb);
4037 error = dmu_recv_end(&drc);
4041 zc->zc_cookie = off - fp->f_offset;
4042 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
4046 if (zfs_ioc_recv_inject_err) {
4047 zfs_ioc_recv_inject_err = B_FALSE;
4052 * On error, restore the original props.
4054 if (error != 0 && props != NULL && !drc.drc_newfs) {
4055 if (clear_received_props(tofs, props, NULL) != 0) {
4057 * We failed to clear the received properties.
4058 * Since we may have left a $recvd value on the
4059 * system, we can't clear the $hasrecvd flag.
4061 zc->zc_obj |= ZPROP_ERR_NORESTORE;
4062 } else if (first_recvd_props) {
4063 dsl_prop_unset_hasrecvd(tofs);
4066 if (origprops == NULL && !drc.drc_newfs) {
4067 /* We failed to stash the original properties. */
4068 zc->zc_obj |= ZPROP_ERR_NORESTORE;
4072 * dsl_props_set() will not convert RECEIVED to LOCAL on or
4073 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL
4074 * explictly if we're restoring local properties cleared in the
4075 * first new-style receive.
4077 if (origprops != NULL &&
4078 zfs_set_prop_nvlist(tofs, (first_recvd_props ?
4079 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED),
4080 origprops, NULL) != 0) {
4082 * We stashed the original properties but failed to
4085 zc->zc_obj |= ZPROP_ERR_NORESTORE;
4090 nvlist_free(origprops);
4091 nvlist_free(errors);
4095 error = props_error;
4102 * zc_name name of snapshot to send
4103 * zc_cookie file descriptor to send stream to
4104 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj)
4105 * zc_sendobj objsetid of snapshot to send
4106 * zc_fromobj objsetid of incremental fromsnap (may be zero)
4107 * zc_guid if set, estimate size of stream only. zc_cookie is ignored.
4108 * output size in zc_objset_type.
4113 zfs_ioc_send(zfs_cmd_t *zc)
4117 boolean_t estimate = (zc->zc_guid != 0);
4119 if (zc->zc_obj != 0) {
4121 dsl_dataset_t *tosnap;
4123 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
4127 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &tosnap);
4129 dsl_pool_rele(dp, FTAG);
4133 if (dsl_dir_is_clone(tosnap->ds_dir))
4134 zc->zc_fromobj = tosnap->ds_dir->dd_phys->dd_origin_obj;
4135 dsl_dataset_rele(tosnap, FTAG);
4136 dsl_pool_rele(dp, FTAG);
4141 dsl_dataset_t *tosnap;
4142 dsl_dataset_t *fromsnap = NULL;
4144 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
4148 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &tosnap);
4150 dsl_pool_rele(dp, FTAG);
4154 if (zc->zc_fromobj != 0) {
4155 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj,
4158 dsl_dataset_rele(tosnap, FTAG);
4159 dsl_pool_rele(dp, FTAG);
4164 error = dmu_send_estimate(tosnap, fromsnap,
4165 &zc->zc_objset_type);
4167 if (fromsnap != NULL)
4168 dsl_dataset_rele(fromsnap, FTAG);
4169 dsl_dataset_rele(tosnap, FTAG);
4170 dsl_pool_rele(dp, FTAG);
4172 file_t *fp = getf(zc->zc_cookie);
4174 return (SET_ERROR(EBADF));
4177 error = dmu_send_obj(zc->zc_name, zc->zc_sendobj,
4178 zc->zc_fromobj, zc->zc_cookie, fp->f_vnode, &off);
4180 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
4182 releasef(zc->zc_cookie);
4189 * zc_name name of snapshot on which to report progress
4190 * zc_cookie file descriptor of send stream
4193 * zc_cookie number of bytes written in send stream thus far
4196 zfs_ioc_send_progress(zfs_cmd_t *zc)
4200 dmu_sendarg_t *dsp = NULL;
4203 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
4207 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds);
4209 dsl_pool_rele(dp, FTAG);
4213 mutex_enter(&ds->ds_sendstream_lock);
4216 * Iterate over all the send streams currently active on this dataset.
4217 * If there's one which matches the specified file descriptor _and_ the
4218 * stream was started by the current process, return the progress of
4222 for (dsp = list_head(&ds->ds_sendstreams); dsp != NULL;
4223 dsp = list_next(&ds->ds_sendstreams, dsp)) {
4224 if (dsp->dsa_outfd == zc->zc_cookie &&
4225 dsp->dsa_proc->group_leader == curproc->group_leader)
4230 zc->zc_cookie = *(dsp->dsa_off);
4232 error = SET_ERROR(ENOENT);
4234 mutex_exit(&ds->ds_sendstream_lock);
4235 dsl_dataset_rele(ds, FTAG);
4236 dsl_pool_rele(dp, FTAG);
4241 zfs_ioc_inject_fault(zfs_cmd_t *zc)
4245 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id,
4246 &zc->zc_inject_record);
4249 zc->zc_guid = (uint64_t)id;
4255 zfs_ioc_clear_fault(zfs_cmd_t *zc)
4257 return (zio_clear_fault((int)zc->zc_guid));
4261 zfs_ioc_inject_list_next(zfs_cmd_t *zc)
4263 int id = (int)zc->zc_guid;
4266 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name),
4267 &zc->zc_inject_record);
4275 zfs_ioc_error_log(zfs_cmd_t *zc)
4279 size_t count = (size_t)zc->zc_nvlist_dst_size;
4281 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
4284 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst,
4287 zc->zc_nvlist_dst_size = count;
4289 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa);
4291 spa_close(spa, FTAG);
4297 zfs_ioc_clear(zfs_cmd_t *zc)
4304 * On zpool clear we also fix up missing slogs
4306 mutex_enter(&spa_namespace_lock);
4307 spa = spa_lookup(zc->zc_name);
4309 mutex_exit(&spa_namespace_lock);
4310 return (SET_ERROR(EIO));
4312 if (spa_get_log_state(spa) == SPA_LOG_MISSING) {
4313 /* we need to let spa_open/spa_load clear the chains */
4314 spa_set_log_state(spa, SPA_LOG_CLEAR);
4316 spa->spa_last_open_failed = 0;
4317 mutex_exit(&spa_namespace_lock);
4319 if (zc->zc_cookie & ZPOOL_NO_REWIND) {
4320 error = spa_open(zc->zc_name, &spa, FTAG);
4323 nvlist_t *config = NULL;
4325 if (zc->zc_nvlist_src == 0)
4326 return (SET_ERROR(EINVAL));
4328 if ((error = get_nvlist(zc->zc_nvlist_src,
4329 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) {
4330 error = spa_open_rewind(zc->zc_name, &spa, FTAG,
4332 if (config != NULL) {
4335 if ((err = put_nvlist(zc, config)) != 0)
4337 nvlist_free(config);
4339 nvlist_free(policy);
4346 spa_vdev_state_enter(spa, SCL_NONE);
4348 if (zc->zc_guid == 0) {
4351 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE);
4353 (void) spa_vdev_state_exit(spa, NULL, ENODEV);
4354 spa_close(spa, FTAG);
4355 return (SET_ERROR(ENODEV));
4359 vdev_clear(spa, vd);
4361 (void) spa_vdev_state_exit(spa, NULL, 0);
4364 * Resume any suspended I/Os.
4366 if (zio_resume(spa) != 0)
4367 error = SET_ERROR(EIO);
4369 spa_close(spa, FTAG);
4375 zfs_ioc_pool_reopen(zfs_cmd_t *zc)
4380 error = spa_open(zc->zc_name, &spa, FTAG);
4384 spa_vdev_state_enter(spa, SCL_NONE);
4387 * If a resilver is already in progress then set the
4388 * spa_scrub_reopen flag to B_TRUE so that we don't restart
4389 * the scan as a side effect of the reopen. Otherwise, let
4390 * vdev_open() decided if a resilver is required.
4392 spa->spa_scrub_reopen = dsl_scan_resilvering(spa->spa_dsl_pool);
4393 vdev_reopen(spa->spa_root_vdev);
4394 spa->spa_scrub_reopen = B_FALSE;
4396 (void) spa_vdev_state_exit(spa, NULL, 0);
4397 spa_close(spa, FTAG);
4402 * zc_name name of filesystem
4403 * zc_value name of origin snapshot
4406 * zc_string name of conflicting snapshot, if there is one
4409 zfs_ioc_promote(zfs_cmd_t *zc)
4414 * We don't need to unmount *all* the origin fs's snapshots, but
4417 cp = strchr(zc->zc_value, '@');
4420 (void) dmu_objset_find(zc->zc_value,
4421 zfs_unmount_snap_cb, NULL, DS_FIND_SNAPSHOTS);
4422 return (dsl_dataset_promote(zc->zc_name, zc->zc_string));
4426 * Retrieve a single {user|group}{used|quota}@... property.
4429 * zc_name name of filesystem
4430 * zc_objset_type zfs_userquota_prop_t
4431 * zc_value domain name (eg. "S-1-234-567-89")
4432 * zc_guid RID/UID/GID
4435 * zc_cookie property value
4438 zfs_ioc_userspace_one(zfs_cmd_t *zc)
4443 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
4444 return (SET_ERROR(EINVAL));
4446 error = zfs_sb_hold(zc->zc_name, FTAG, &zsb, B_FALSE);
4450 error = zfs_userspace_one(zsb,
4451 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie);
4452 zfs_sb_rele(zsb, FTAG);
4459 * zc_name name of filesystem
4460 * zc_cookie zap cursor
4461 * zc_objset_type zfs_userquota_prop_t
4462 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist)
4465 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t)
4466 * zc_cookie zap cursor
4469 zfs_ioc_userspace_many(zfs_cmd_t *zc)
4472 int bufsize = zc->zc_nvlist_dst_size;
4477 return (SET_ERROR(ENOMEM));
4479 error = zfs_sb_hold(zc->zc_name, FTAG, &zsb, B_FALSE);
4483 buf = vmem_alloc(bufsize, KM_SLEEP);
4485 error = zfs_userspace_many(zsb, zc->zc_objset_type, &zc->zc_cookie,
4486 buf, &zc->zc_nvlist_dst_size);
4489 error = xcopyout(buf,
4490 (void *)(uintptr_t)zc->zc_nvlist_dst,
4491 zc->zc_nvlist_dst_size);
4493 vmem_free(buf, bufsize);
4494 zfs_sb_rele(zsb, FTAG);
4501 * zc_name name of filesystem
4507 zfs_ioc_userspace_upgrade(zfs_cmd_t *zc)
4513 if (get_zfs_sb(zc->zc_name, &zsb) == 0) {
4514 if (!dmu_objset_userused_enabled(zsb->z_os)) {
4516 * If userused is not enabled, it may be because the
4517 * objset needs to be closed & reopened (to grow the
4518 * objset_phys_t). Suspend/resume the fs will do that.
4520 error = zfs_suspend_fs(zsb);
4522 error = zfs_resume_fs(zsb, zc->zc_name);
4525 error = dmu_objset_userspace_upgrade(zsb->z_os);
4526 deactivate_super(zsb->z_sb);
4528 /* XXX kind of reading contents without owning */
4529 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
4533 error = dmu_objset_userspace_upgrade(os);
4534 dmu_objset_rele(os, FTAG);
4541 zfs_ioc_share(zfs_cmd_t *zc)
4543 return (SET_ERROR(ENOSYS));
4546 ace_t full_access[] = {
4547 {(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0}
4552 * zc_name name of containing filesystem
4553 * zc_obj object # beyond which we want next in-use object #
4556 * zc_obj next in-use object #
4559 zfs_ioc_next_obj(zfs_cmd_t *zc)
4561 objset_t *os = NULL;
4564 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
4568 error = dmu_object_next(os, &zc->zc_obj, B_FALSE,
4569 os->os_dsl_dataset->ds_phys->ds_prev_snap_txg);
4571 dmu_objset_rele(os, FTAG);
4577 * zc_name name of filesystem
4578 * zc_value prefix name for snapshot
4579 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process
4582 * zc_value short name of new snapshot
4585 zfs_ioc_tmp_snapshot(zfs_cmd_t *zc)
4592 error = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor);
4596 snap_name = kmem_asprintf("%s-%016llx", zc->zc_value,
4597 (u_longlong_t)ddi_get_lbolt64());
4598 hold_name = kmem_asprintf("%%%s", zc->zc_value);
4600 error = dsl_dataset_snapshot_tmp(zc->zc_name, snap_name, minor,
4603 (void) strcpy(zc->zc_value, snap_name);
4606 zfs_onexit_fd_rele(zc->zc_cleanup_fd);
4612 * zc_name name of "to" snapshot
4613 * zc_value name of "from" snapshot
4614 * zc_cookie file descriptor to write diff data on
4617 * dmu_diff_record_t's to the file descriptor
4620 zfs_ioc_diff(zfs_cmd_t *zc)
4626 fp = getf(zc->zc_cookie);
4628 return (SET_ERROR(EBADF));
4632 error = dmu_diff(zc->zc_name, zc->zc_value, fp->f_vnode, &off);
4634 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
4636 releasef(zc->zc_cookie);
4642 * Remove all ACL files in shares dir
4644 #ifdef HAVE_SMB_SHARE
4646 zfs_smb_acl_purge(znode_t *dzp)
4649 zap_attribute_t zap;
4650 zfs_sb_t *zsb = ZTOZSB(dzp);
4653 for (zap_cursor_init(&zc, zsb->z_os, dzp->z_id);
4654 (error = zap_cursor_retrieve(&zc, &zap)) == 0;
4655 zap_cursor_advance(&zc)) {
4656 if ((error = VOP_REMOVE(ZTOV(dzp), zap.za_name, kcred,
4660 zap_cursor_fini(&zc);
4663 #endif /* HAVE_SMB_SHARE */
4666 zfs_ioc_smb_acl(zfs_cmd_t *zc)
4668 #ifdef HAVE_SMB_SHARE
4671 vnode_t *resourcevp = NULL;
4680 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
4681 NO_FOLLOW, NULL, &vp)) != 0)
4684 /* Now make sure mntpnt and dataset are ZFS */
4686 if (vp->v_vfsp->vfs_fstype != zfsfstype ||
4687 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
4688 zc->zc_name) != 0)) {
4690 return (SET_ERROR(EINVAL));
4698 * Create share dir if its missing.
4700 mutex_enter(&zsb->z_lock);
4701 if (zsb->z_shares_dir == 0) {
4704 tx = dmu_tx_create(zsb->z_os);
4705 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, TRUE,
4707 dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL);
4708 error = dmu_tx_assign(tx, TXG_WAIT);
4712 error = zfs_create_share_dir(zsb, tx);
4716 mutex_exit(&zsb->z_lock);
4722 mutex_exit(&zsb->z_lock);
4724 ASSERT(zsb->z_shares_dir);
4725 if ((error = zfs_zget(zsb, zsb->z_shares_dir, &sharedir)) != 0) {
4731 switch (zc->zc_cookie) {
4732 case ZFS_SMB_ACL_ADD:
4733 vattr.va_mask = AT_MODE|AT_UID|AT_GID|AT_TYPE;
4734 vattr.va_mode = S_IFREG|0777;
4738 vsec.vsa_mask = VSA_ACE;
4739 vsec.vsa_aclentp = &full_access;
4740 vsec.vsa_aclentsz = sizeof (full_access);
4741 vsec.vsa_aclcnt = 1;
4743 error = VOP_CREATE(ZTOV(sharedir), zc->zc_string,
4744 &vattr, EXCL, 0, &resourcevp, kcred, 0, NULL, &vsec);
4746 VN_RELE(resourcevp);
4749 case ZFS_SMB_ACL_REMOVE:
4750 error = VOP_REMOVE(ZTOV(sharedir), zc->zc_string, kcred,
4754 case ZFS_SMB_ACL_RENAME:
4755 if ((error = get_nvlist(zc->zc_nvlist_src,
4756 zc->zc_nvlist_src_size, zc->zc_iflags, &nvlist)) != 0) {
4761 if (nvlist_lookup_string(nvlist, ZFS_SMB_ACL_SRC, &src) ||
4762 nvlist_lookup_string(nvlist, ZFS_SMB_ACL_TARGET,
4765 VN_RELE(ZTOV(sharedir));
4767 nvlist_free(nvlist);
4770 error = VOP_RENAME(ZTOV(sharedir), src, ZTOV(sharedir), target,
4772 nvlist_free(nvlist);
4775 case ZFS_SMB_ACL_PURGE:
4776 error = zfs_smb_acl_purge(sharedir);
4780 error = SET_ERROR(EINVAL);
4785 VN_RELE(ZTOV(sharedir));
4791 return (SET_ERROR(ENOTSUP));
4792 #endif /* HAVE_SMB_SHARE */
4797 * "holds" -> { snapname -> holdname (string), ... }
4798 * (optional) "cleanup_fd" -> fd (int32)
4802 * snapname -> error value (int32)
4808 zfs_ioc_hold(const char *pool, nvlist_t *args, nvlist_t *errlist)
4811 int cleanup_fd = -1;
4815 error = nvlist_lookup_nvlist(args, "holds", &holds);
4817 return (SET_ERROR(EINVAL));
4819 if (nvlist_lookup_int32(args, "cleanup_fd", &cleanup_fd) == 0) {
4820 error = zfs_onexit_fd_hold(cleanup_fd, &minor);
4825 error = dsl_dataset_user_hold(holds, minor, errlist);
4827 zfs_onexit_fd_rele(cleanup_fd);
4832 * innvl is not used.
4835 * holdname -> time added (uint64 seconds since epoch)
4841 zfs_ioc_get_holds(const char *snapname, nvlist_t *args, nvlist_t *outnvl)
4843 return (dsl_dataset_get_holds(snapname, outnvl));
4848 * snapname -> { holdname, ... }
4853 * snapname -> error value (int32)
4859 zfs_ioc_release(const char *pool, nvlist_t *holds, nvlist_t *errlist)
4864 * The release may cause the snapshot to be destroyed; make sure it
4867 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL;
4868 pair = nvlist_next_nvpair(holds, pair))
4869 zfs_unmount_snap(nvpair_name(pair));
4871 return (dsl_dataset_user_release(holds, errlist));
4876 * zc_guid flags (ZEVENT_NONBLOCK)
4879 * zc_nvlist_dst next nvlist event
4880 * zc_cookie dropped events since last get
4881 * zc_cleanup_fd cleanup-on-exit file descriptor
4884 zfs_ioc_events_next(zfs_cmd_t *zc)
4887 nvlist_t *event = NULL;
4889 uint64_t dropped = 0;
4892 error = zfs_zevent_fd_hold(zc->zc_cleanup_fd, &minor, &ze);
4897 error = zfs_zevent_next(ze, &event,
4898 &zc->zc_nvlist_dst_size, &dropped);
4899 if (event != NULL) {
4900 zc->zc_cookie = dropped;
4901 error = put_nvlist(zc, event);
4905 if (zc->zc_guid & ZEVENT_NONBLOCK)
4908 if ((error == 0) || (error != ENOENT))
4911 error = zfs_zevent_wait(ze);
4916 zfs_zevent_fd_rele(zc->zc_cleanup_fd);
4923 * zc_cookie cleared events count
4926 zfs_ioc_events_clear(zfs_cmd_t *zc)
4930 zfs_zevent_drain_all(&count);
4931 zc->zc_cookie = count;
4938 * zc_name name of new filesystem or snapshot
4939 * zc_value full name of old snapshot
4942 * zc_cookie space in bytes
4943 * zc_objset_type compressed space in bytes
4944 * zc_perm_action uncompressed space in bytes
4947 zfs_ioc_space_written(zfs_cmd_t *zc)
4951 dsl_dataset_t *new, *old;
4953 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
4956 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &new);
4958 dsl_pool_rele(dp, FTAG);
4961 error = dsl_dataset_hold(dp, zc->zc_value, FTAG, &old);
4963 dsl_dataset_rele(new, FTAG);
4964 dsl_pool_rele(dp, FTAG);
4968 error = dsl_dataset_space_written(old, new, &zc->zc_cookie,
4969 &zc->zc_objset_type, &zc->zc_perm_action);
4970 dsl_dataset_rele(old, FTAG);
4971 dsl_dataset_rele(new, FTAG);
4972 dsl_pool_rele(dp, FTAG);
4978 * "firstsnap" -> snapshot name
4982 * "used" -> space in bytes
4983 * "compressed" -> compressed space in bytes
4984 * "uncompressed" -> uncompressed space in bytes
4988 zfs_ioc_space_snaps(const char *lastsnap, nvlist_t *innvl, nvlist_t *outnvl)
4992 dsl_dataset_t *new, *old;
4994 uint64_t used, comp, uncomp;
4996 if (nvlist_lookup_string(innvl, "firstsnap", &firstsnap) != 0)
4997 return (SET_ERROR(EINVAL));
4999 error = dsl_pool_hold(lastsnap, FTAG, &dp);
5003 error = dsl_dataset_hold(dp, lastsnap, FTAG, &new);
5005 dsl_pool_rele(dp, FTAG);
5008 error = dsl_dataset_hold(dp, firstsnap, FTAG, &old);
5010 dsl_dataset_rele(new, FTAG);
5011 dsl_pool_rele(dp, FTAG);
5015 error = dsl_dataset_space_wouldfree(old, new, &used, &comp, &uncomp);
5016 dsl_dataset_rele(old, FTAG);
5017 dsl_dataset_rele(new, FTAG);
5018 dsl_pool_rele(dp, FTAG);
5019 fnvlist_add_uint64(outnvl, "used", used);
5020 fnvlist_add_uint64(outnvl, "compressed", comp);
5021 fnvlist_add_uint64(outnvl, "uncompressed", uncomp);
5027 * "fd" -> file descriptor to write stream to (int32)
5028 * (optional) "fromsnap" -> full snap name to send an incremental from
5035 zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
5039 char *fromname = NULL;
5043 error = nvlist_lookup_int32(innvl, "fd", &fd);
5045 return (SET_ERROR(EINVAL));
5047 (void) nvlist_lookup_string(innvl, "fromsnap", &fromname);
5049 if ((fp = getf(fd)) == NULL)
5050 return (SET_ERROR(EBADF));
5053 error = dmu_send(snapname, fromname, fd, fp->f_vnode, &off);
5055 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
5063 * Determine approximately how large a zfs send stream will be -- the number
5064 * of bytes that will be written to the fd supplied to zfs_ioc_send_new().
5067 * (optional) "fromsnap" -> full snap name to send an incremental from
5071 * "space" -> bytes of space (uint64)
5075 zfs_ioc_send_space(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
5078 dsl_dataset_t *fromsnap = NULL;
5079 dsl_dataset_t *tosnap;
5084 error = dsl_pool_hold(snapname, FTAG, &dp);
5088 error = dsl_dataset_hold(dp, snapname, FTAG, &tosnap);
5090 dsl_pool_rele(dp, FTAG);
5094 error = nvlist_lookup_string(innvl, "fromsnap", &fromname);
5096 error = dsl_dataset_hold(dp, fromname, FTAG, &fromsnap);
5098 dsl_dataset_rele(tosnap, FTAG);
5099 dsl_pool_rele(dp, FTAG);
5104 error = dmu_send_estimate(tosnap, fromsnap, &space);
5105 fnvlist_add_uint64(outnvl, "space", space);
5107 if (fromsnap != NULL)
5108 dsl_dataset_rele(fromsnap, FTAG);
5109 dsl_dataset_rele(tosnap, FTAG);
5110 dsl_pool_rele(dp, FTAG);
5115 static zfs_ioc_vec_t zfs_ioc_vec[ZFS_IOC_LAST - ZFS_IOC_FIRST];
5118 zfs_ioctl_register_legacy(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5119 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
5120 boolean_t log_history, zfs_ioc_poolcheck_t pool_check)
5122 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
5124 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
5125 ASSERT3U(ioc, <, ZFS_IOC_LAST);
5126 ASSERT3P(vec->zvec_legacy_func, ==, NULL);
5127 ASSERT3P(vec->zvec_func, ==, NULL);
5129 vec->zvec_legacy_func = func;
5130 vec->zvec_secpolicy = secpolicy;
5131 vec->zvec_namecheck = namecheck;
5132 vec->zvec_allow_log = log_history;
5133 vec->zvec_pool_check = pool_check;
5137 * See the block comment at the beginning of this file for details on
5138 * each argument to this function.
5141 zfs_ioctl_register(const char *name, zfs_ioc_t ioc, zfs_ioc_func_t *func,
5142 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
5143 zfs_ioc_poolcheck_t pool_check, boolean_t smush_outnvlist,
5144 boolean_t allow_log)
5146 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
5148 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
5149 ASSERT3U(ioc, <, ZFS_IOC_LAST);
5150 ASSERT3P(vec->zvec_legacy_func, ==, NULL);
5151 ASSERT3P(vec->zvec_func, ==, NULL);
5153 /* if we are logging, the name must be valid */
5154 ASSERT(!allow_log || namecheck != NO_NAME);
5156 vec->zvec_name = name;
5157 vec->zvec_func = func;
5158 vec->zvec_secpolicy = secpolicy;
5159 vec->zvec_namecheck = namecheck;
5160 vec->zvec_pool_check = pool_check;
5161 vec->zvec_smush_outnvlist = smush_outnvlist;
5162 vec->zvec_allow_log = allow_log;
5166 zfs_ioctl_register_pool(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5167 zfs_secpolicy_func_t *secpolicy, boolean_t log_history,
5168 zfs_ioc_poolcheck_t pool_check)
5170 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5171 POOL_NAME, log_history, pool_check);
5175 zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5176 zfs_secpolicy_func_t *secpolicy, zfs_ioc_poolcheck_t pool_check)
5178 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5179 DATASET_NAME, B_FALSE, pool_check);
5183 zfs_ioctl_register_pool_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
5185 zfs_ioctl_register_legacy(ioc, func, zfs_secpolicy_config,
5186 POOL_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5190 zfs_ioctl_register_pool_meta(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5191 zfs_secpolicy_func_t *secpolicy)
5193 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5194 NO_NAME, B_FALSE, POOL_CHECK_NONE);
5198 zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc,
5199 zfs_ioc_legacy_func_t *func, zfs_secpolicy_func_t *secpolicy)
5201 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5202 DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED);
5206 zfs_ioctl_register_dataset_read(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
5208 zfs_ioctl_register_dataset_read_secpolicy(ioc, func,
5209 zfs_secpolicy_read);
5213 zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5214 zfs_secpolicy_func_t *secpolicy)
5216 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5217 DATASET_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5221 zfs_ioctl_init(void)
5223 zfs_ioctl_register("snapshot", ZFS_IOC_SNAPSHOT,
5224 zfs_ioc_snapshot, zfs_secpolicy_snapshot, POOL_NAME,
5225 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5227 zfs_ioctl_register("log_history", ZFS_IOC_LOG_HISTORY,
5228 zfs_ioc_log_history, zfs_secpolicy_log_history, NO_NAME,
5229 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE);
5231 zfs_ioctl_register("space_snaps", ZFS_IOC_SPACE_SNAPS,
5232 zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME,
5233 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5235 zfs_ioctl_register("send", ZFS_IOC_SEND_NEW,
5236 zfs_ioc_send_new, zfs_secpolicy_send_new, DATASET_NAME,
5237 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5239 zfs_ioctl_register("send_space", ZFS_IOC_SEND_SPACE,
5240 zfs_ioc_send_space, zfs_secpolicy_read, DATASET_NAME,
5241 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5243 zfs_ioctl_register("create", ZFS_IOC_CREATE,
5244 zfs_ioc_create, zfs_secpolicy_create_clone, DATASET_NAME,
5245 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5247 zfs_ioctl_register("clone", ZFS_IOC_CLONE,
5248 zfs_ioc_clone, zfs_secpolicy_create_clone, DATASET_NAME,
5249 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5251 zfs_ioctl_register("destroy_snaps", ZFS_IOC_DESTROY_SNAPS,
5252 zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, POOL_NAME,
5253 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5255 zfs_ioctl_register("hold", ZFS_IOC_HOLD,
5256 zfs_ioc_hold, zfs_secpolicy_hold, POOL_NAME,
5257 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5258 zfs_ioctl_register("release", ZFS_IOC_RELEASE,
5259 zfs_ioc_release, zfs_secpolicy_release, POOL_NAME,
5260 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5262 zfs_ioctl_register("get_holds", ZFS_IOC_GET_HOLDS,
5263 zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME,
5264 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5266 /* IOCTLS that use the legacy function signature */
5268 zfs_ioctl_register_legacy(ZFS_IOC_POOL_FREEZE, zfs_ioc_pool_freeze,
5269 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_READONLY);
5271 zfs_ioctl_register_pool(ZFS_IOC_POOL_CREATE, zfs_ioc_pool_create,
5272 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
5273 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SCAN,
5275 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_UPGRADE,
5276 zfs_ioc_pool_upgrade);
5277 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ADD,
5279 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_REMOVE,
5280 zfs_ioc_vdev_remove);
5281 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SET_STATE,
5282 zfs_ioc_vdev_set_state);
5283 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ATTACH,
5284 zfs_ioc_vdev_attach);
5285 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_DETACH,
5286 zfs_ioc_vdev_detach);
5287 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETPATH,
5288 zfs_ioc_vdev_setpath);
5289 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETFRU,
5290 zfs_ioc_vdev_setfru);
5291 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SET_PROPS,
5292 zfs_ioc_pool_set_props);
5293 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SPLIT,
5294 zfs_ioc_vdev_split);
5295 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_REGUID,
5296 zfs_ioc_pool_reguid);
5298 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_CONFIGS,
5299 zfs_ioc_pool_configs, zfs_secpolicy_none);
5300 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_TRYIMPORT,
5301 zfs_ioc_pool_tryimport, zfs_secpolicy_config);
5302 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_FAULT,
5303 zfs_ioc_inject_fault, zfs_secpolicy_inject);
5304 zfs_ioctl_register_pool_meta(ZFS_IOC_CLEAR_FAULT,
5305 zfs_ioc_clear_fault, zfs_secpolicy_inject);
5306 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_LIST_NEXT,
5307 zfs_ioc_inject_list_next, zfs_secpolicy_inject);
5310 * pool destroy, and export don't log the history as part of
5311 * zfsdev_ioctl, but rather zfs_ioc_pool_export
5312 * does the logging of those commands.
5314 zfs_ioctl_register_pool(ZFS_IOC_POOL_DESTROY, zfs_ioc_pool_destroy,
5315 zfs_secpolicy_config, B_FALSE, POOL_CHECK_NONE);
5316 zfs_ioctl_register_pool(ZFS_IOC_POOL_EXPORT, zfs_ioc_pool_export,
5317 zfs_secpolicy_config, B_FALSE, POOL_CHECK_NONE);
5319 zfs_ioctl_register_pool(ZFS_IOC_POOL_STATS, zfs_ioc_pool_stats,
5320 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
5321 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_PROPS, zfs_ioc_pool_get_props,
5322 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
5324 zfs_ioctl_register_pool(ZFS_IOC_ERROR_LOG, zfs_ioc_error_log,
5325 zfs_secpolicy_inject, B_FALSE, POOL_CHECK_SUSPENDED);
5326 zfs_ioctl_register_pool(ZFS_IOC_DSOBJ_TO_DSNAME,
5327 zfs_ioc_dsobj_to_dsname,
5328 zfs_secpolicy_diff, B_FALSE, POOL_CHECK_SUSPENDED);
5329 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_HISTORY,
5330 zfs_ioc_pool_get_history,
5331 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
5333 zfs_ioctl_register_pool(ZFS_IOC_POOL_IMPORT, zfs_ioc_pool_import,
5334 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
5336 zfs_ioctl_register_pool(ZFS_IOC_CLEAR, zfs_ioc_clear,
5337 zfs_secpolicy_config, B_TRUE, POOL_CHECK_SUSPENDED);
5338 zfs_ioctl_register_pool(ZFS_IOC_POOL_REOPEN, zfs_ioc_pool_reopen,
5339 zfs_secpolicy_config, B_TRUE, POOL_CHECK_SUSPENDED);
5341 zfs_ioctl_register_dataset_read(ZFS_IOC_SPACE_WRITTEN,
5342 zfs_ioc_space_written);
5343 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_RECVD_PROPS,
5344 zfs_ioc_objset_recvd_props);
5345 zfs_ioctl_register_dataset_read(ZFS_IOC_NEXT_OBJ,
5347 zfs_ioctl_register_dataset_read(ZFS_IOC_GET_FSACL,
5349 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_STATS,
5350 zfs_ioc_objset_stats);
5351 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_ZPLPROPS,
5352 zfs_ioc_objset_zplprops);
5353 zfs_ioctl_register_dataset_read(ZFS_IOC_DATASET_LIST_NEXT,
5354 zfs_ioc_dataset_list_next);
5355 zfs_ioctl_register_dataset_read(ZFS_IOC_SNAPSHOT_LIST_NEXT,
5356 zfs_ioc_snapshot_list_next);
5357 zfs_ioctl_register_dataset_read(ZFS_IOC_SEND_PROGRESS,
5358 zfs_ioc_send_progress);
5360 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_DIFF,
5361 zfs_ioc_diff, zfs_secpolicy_diff);
5362 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_STATS,
5363 zfs_ioc_obj_to_stats, zfs_secpolicy_diff);
5364 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_PATH,
5365 zfs_ioc_obj_to_path, zfs_secpolicy_diff);
5366 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_ONE,
5367 zfs_ioc_userspace_one, zfs_secpolicy_userspace_one);
5368 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_MANY,
5369 zfs_ioc_userspace_many, zfs_secpolicy_userspace_many);
5370 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_SEND,
5371 zfs_ioc_send, zfs_secpolicy_send);
5373 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_PROP, zfs_ioc_set_prop,
5374 zfs_secpolicy_none);
5375 zfs_ioctl_register_dataset_modify(ZFS_IOC_DESTROY, zfs_ioc_destroy,
5376 zfs_secpolicy_destroy);
5377 zfs_ioctl_register_dataset_modify(ZFS_IOC_ROLLBACK, zfs_ioc_rollback,
5378 zfs_secpolicy_rollback);
5379 zfs_ioctl_register_dataset_modify(ZFS_IOC_RENAME, zfs_ioc_rename,
5380 zfs_secpolicy_rename);
5381 zfs_ioctl_register_dataset_modify(ZFS_IOC_RECV, zfs_ioc_recv,
5382 zfs_secpolicy_recv);
5383 zfs_ioctl_register_dataset_modify(ZFS_IOC_PROMOTE, zfs_ioc_promote,
5384 zfs_secpolicy_promote);
5385 zfs_ioctl_register_dataset_modify(ZFS_IOC_INHERIT_PROP,
5386 zfs_ioc_inherit_prop, zfs_secpolicy_inherit_prop);
5387 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_FSACL, zfs_ioc_set_fsacl,
5388 zfs_secpolicy_set_fsacl);
5390 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SHARE, zfs_ioc_share,
5391 zfs_secpolicy_share, POOL_CHECK_NONE);
5392 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SMB_ACL, zfs_ioc_smb_acl,
5393 zfs_secpolicy_smb_acl, POOL_CHECK_NONE);
5394 zfs_ioctl_register_dataset_nolog(ZFS_IOC_USERSPACE_UPGRADE,
5395 zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade,
5396 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5397 zfs_ioctl_register_dataset_nolog(ZFS_IOC_TMP_SNAPSHOT,
5398 zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot,
5399 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5404 zfs_ioctl_register_legacy(ZFS_IOC_CREATE_MINOR, zfs_ioc_create_minor,
5405 zfs_secpolicy_config, DATASET_NAME, B_FALSE, POOL_CHECK_NONE);
5406 zfs_ioctl_register_legacy(ZFS_IOC_REMOVE_MINOR, zfs_ioc_remove_minor,
5407 zfs_secpolicy_config, DATASET_NAME, B_FALSE, POOL_CHECK_NONE);
5408 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_NEXT, zfs_ioc_events_next,
5409 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
5410 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_CLEAR, zfs_ioc_events_clear,
5411 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
5415 pool_status_check(const char *name, zfs_ioc_namecheck_t type,
5416 zfs_ioc_poolcheck_t check)
5421 ASSERT(type == POOL_NAME || type == DATASET_NAME);
5423 if (check & POOL_CHECK_NONE)
5426 error = spa_open(name, &spa, FTAG);
5428 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa))
5429 error = SET_ERROR(EAGAIN);
5430 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa))
5431 error = SET_ERROR(EROFS);
5432 spa_close(spa, FTAG);
5438 zfsdev_get_state_impl(minor_t minor, enum zfsdev_state_type which)
5442 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
5444 for (zs = list_head(&zfsdev_state_list); zs != NULL;
5445 zs = list_next(&zfsdev_state_list, zs)) {
5446 if (zs->zs_minor == minor) {
5448 case ZST_ONEXIT: return (zs->zs_onexit);
5449 case ZST_ZEVENT: return (zs->zs_zevent);
5450 case ZST_ALL: return (zs);
5459 zfsdev_get_state(minor_t minor, enum zfsdev_state_type which)
5463 mutex_enter(&zfsdev_state_lock);
5464 ptr = zfsdev_get_state_impl(minor, which);
5465 mutex_exit(&zfsdev_state_lock);
5471 zfsdev_getminor(struct file *filp)
5473 ASSERT(filp != NULL);
5474 ASSERT(filp->private_data != NULL);
5476 return (((zfsdev_state_t *)filp->private_data)->zs_minor);
5480 * Find a free minor number. The zfsdev_state_list is expected to
5481 * be short since it is only a list of currently open file handles.
5484 zfsdev_minor_alloc(void)
5486 static minor_t last_minor = 0;
5489 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
5491 for (m = last_minor + 1; m != last_minor; m++) {
5492 if (m > ZFSDEV_MAX_MINOR)
5494 if (zfsdev_get_state_impl(m, ZST_ALL) == NULL) {
5504 zfsdev_state_init(struct file *filp)
5509 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
5511 minor = zfsdev_minor_alloc();
5513 return (SET_ERROR(ENXIO));
5515 zs = kmem_zalloc( sizeof(zfsdev_state_t), KM_SLEEP);
5518 zs->zs_minor = minor;
5519 filp->private_data = zs;
5521 zfs_onexit_init((zfs_onexit_t **)&zs->zs_onexit);
5522 zfs_zevent_init((zfs_zevent_t **)&zs->zs_zevent);
5524 list_insert_tail(&zfsdev_state_list, zs);
5530 zfsdev_state_destroy(struct file *filp)
5534 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
5535 ASSERT(filp->private_data != NULL);
5537 zs = filp->private_data;
5538 zfs_onexit_destroy(zs->zs_onexit);
5539 zfs_zevent_destroy(zs->zs_zevent);
5541 list_remove(&zfsdev_state_list, zs);
5542 kmem_free(zs, sizeof(zfsdev_state_t));
5548 zfsdev_open(struct inode *ino, struct file *filp)
5552 mutex_enter(&zfsdev_state_lock);
5553 error = zfsdev_state_init(filp);
5554 mutex_exit(&zfsdev_state_lock);
5560 zfsdev_release(struct inode *ino, struct file *filp)
5564 mutex_enter(&zfsdev_state_lock);
5565 error = zfsdev_state_destroy(filp);
5566 mutex_exit(&zfsdev_state_lock);
5572 zfsdev_ioctl(struct file *filp, unsigned cmd, unsigned long arg)
5576 int error, rc, len, flag = 0;
5577 const zfs_ioc_vec_t *vec;
5578 char saved_poolname[MAXNAMELEN];
5579 nvlist_t *innvl = NULL;
5581 vecnum = cmd - ZFS_IOC_FIRST;
5582 if (vecnum >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0]))
5583 return (-SET_ERROR(EINVAL));
5584 vec = &zfs_ioc_vec[vecnum];
5586 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP | KM_NODEBUG);
5588 error = ddi_copyin((void *)arg, zc, sizeof (zfs_cmd_t), flag);
5590 error = SET_ERROR(EFAULT);
5594 zc->zc_iflags = flag & FKIOCTL;
5595 if (zc->zc_nvlist_src_size != 0) {
5596 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
5597 zc->zc_iflags, &innvl);
5603 * Ensure that all pool/dataset names are valid before we pass down to
5606 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
5607 switch (vec->zvec_namecheck) {
5609 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0)
5610 error = SET_ERROR(EINVAL);
5612 error = pool_status_check(zc->zc_name,
5613 vec->zvec_namecheck, vec->zvec_pool_check);
5617 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0)
5618 error = SET_ERROR(EINVAL);
5620 error = pool_status_check(zc->zc_name,
5621 vec->zvec_namecheck, vec->zvec_pool_check);
5629 if (error == 0 && !(flag & FKIOCTL))
5630 error = vec->zvec_secpolicy(zc, innvl, CRED());
5635 /* legacy ioctls can modify zc_name */
5636 (void) strlcpy(saved_poolname, zc->zc_name, sizeof(saved_poolname));
5637 len = strcspn(saved_poolname, "/@") + 1;
5638 saved_poolname[len] = '\0';
5640 if (vec->zvec_func != NULL) {
5644 nvlist_t *lognv = NULL;
5646 ASSERT(vec->zvec_legacy_func == NULL);
5649 * Add the innvl to the lognv before calling the func,
5650 * in case the func changes the innvl.
5652 if (vec->zvec_allow_log) {
5653 lognv = fnvlist_alloc();
5654 fnvlist_add_string(lognv, ZPOOL_HIST_IOCTL,
5656 if (!nvlist_empty(innvl)) {
5657 fnvlist_add_nvlist(lognv, ZPOOL_HIST_INPUT_NVL,
5662 VERIFY0(nvlist_alloc(&outnvl, NV_UNIQUE_NAME, KM_PUSHPAGE));
5663 error = vec->zvec_func(zc->zc_name, innvl, outnvl);
5665 if (error == 0 && vec->zvec_allow_log &&
5666 spa_open(zc->zc_name, &spa, FTAG) == 0) {
5667 if (!nvlist_empty(outnvl)) {
5668 fnvlist_add_nvlist(lognv, ZPOOL_HIST_OUTPUT_NVL,
5671 (void) spa_history_log_nvl(spa, lognv);
5672 spa_close(spa, FTAG);
5674 fnvlist_free(lognv);
5676 if (!nvlist_empty(outnvl) || zc->zc_nvlist_dst_size != 0) {
5678 if (vec->zvec_smush_outnvlist) {
5679 smusherror = nvlist_smush(outnvl,
5680 zc->zc_nvlist_dst_size);
5682 if (smusherror == 0)
5683 puterror = put_nvlist(zc, outnvl);
5689 nvlist_free(outnvl);
5691 error = vec->zvec_legacy_func(zc);
5696 rc = ddi_copyout(zc, (void *)arg, sizeof (zfs_cmd_t), flag);
5697 if (error == 0 && rc != 0)
5698 error = SET_ERROR(EFAULT);
5699 if (error == 0 && vec->zvec_allow_log) {
5700 char *s = tsd_get(zfs_allow_log_key);
5703 (void) tsd_set(zfs_allow_log_key, strdup(saved_poolname));
5706 kmem_free(zc, sizeof (zfs_cmd_t));
5710 #ifdef CONFIG_COMPAT
5712 zfsdev_compat_ioctl(struct file *filp, unsigned cmd, unsigned long arg)
5714 return zfsdev_ioctl(filp, cmd, arg);
5717 #define zfsdev_compat_ioctl NULL
5720 static const struct file_operations zfsdev_fops = {
5721 .open = zfsdev_open,
5722 .release = zfsdev_release,
5723 .unlocked_ioctl = zfsdev_ioctl,
5724 .compat_ioctl = zfsdev_compat_ioctl,
5725 .owner = THIS_MODULE,
5728 static struct miscdevice zfs_misc = {
5729 .minor = MISC_DYNAMIC_MINOR,
5731 .fops = &zfsdev_fops,
5739 mutex_init(&zfsdev_state_lock, NULL, MUTEX_DEFAULT, NULL);
5740 list_create(&zfsdev_state_list, sizeof (zfsdev_state_t),
5741 offsetof(zfsdev_state_t, zs_next));
5743 error = misc_register(&zfs_misc);
5745 printk(KERN_INFO "ZFS: misc_register() failed %d\n", error);
5757 error = misc_deregister(&zfs_misc);
5759 printk(KERN_INFO "ZFS: misc_deregister() failed %d\n", error);
5761 mutex_destroy(&zfsdev_state_lock);
5762 list_destroy(&zfsdev_state_list);
5766 zfs_allow_log_destroy(void *arg)
5768 char *poolname = arg;
5773 #define ZFS_DEBUG_STR " (DEBUG mode)"
5775 #define ZFS_DEBUG_STR ""
5783 spa_init(FREAD | FWRITE);
5786 if ((error = zvol_init()) != 0)
5791 if ((error = zfs_attach()) != 0)
5794 tsd_create(&zfs_fsyncer_key, NULL);
5795 tsd_create(&rrw_tsd_key, rrw_tsd_destroy);
5796 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy);
5798 printk(KERN_NOTICE "ZFS: Loaded module v%s-%s%s, "
5799 "ZFS pool version %s, ZFS filesystem version %s\n",
5800 ZFS_META_VERSION, ZFS_META_RELEASE, ZFS_DEBUG_STR,
5801 SPA_VERSION_STRING, ZPL_VERSION_STRING);
5810 printk(KERN_NOTICE "ZFS: Failed to Load ZFS Filesystem v%s-%s%s"
5811 ", rc = %d\n", ZFS_META_VERSION, ZFS_META_RELEASE,
5812 ZFS_DEBUG_STR, error);
5825 tsd_destroy(&zfs_fsyncer_key);
5826 tsd_destroy(&rrw_tsd_key);
5827 tsd_destroy(&zfs_allow_log_key);
5829 printk(KERN_NOTICE "ZFS: Unloaded module v%s-%s%s\n",
5830 ZFS_META_VERSION, ZFS_META_RELEASE, ZFS_DEBUG_STR);
5836 spl_module_init(_init);
5837 spl_module_exit(_fini);
5839 MODULE_DESCRIPTION("ZFS");
5840 MODULE_AUTHOR(ZFS_META_AUTHOR);
5841 MODULE_LICENSE(ZFS_META_LICENSE);
5842 #endif /* HAVE_SPL */