4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or https://opensource.org/licenses/CDDL-1.0.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
23 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Portions Copyright 2011 Martin Matuska
25 * Copyright 2015, OmniTI Computer Consulting, Inc. All rights reserved.
26 * Portions Copyright 2012 Pawel Jakub Dawidek <pawel@dawidek.net>
27 * Copyright (c) 2014, 2016 Joyent, Inc. All rights reserved.
28 * Copyright 2016 Nexenta Systems, Inc. All rights reserved.
29 * Copyright (c) 2014, Joyent, Inc. All rights reserved.
30 * Copyright (c) 2011, 2020 by Delphix. All rights reserved.
31 * Copyright (c) 2013 by Saso Kiselkov. All rights reserved.
32 * Copyright (c) 2013 Steven Hartland. All rights reserved.
33 * Copyright (c) 2014 Integros [integros.com]
34 * Copyright 2016 Toomas Soome <tsoome@me.com>
35 * Copyright (c) 2016 Actifio, Inc. All rights reserved.
36 * Copyright (c) 2018, loli10K <ezomori.nozomu@gmail.com>. All rights reserved.
37 * Copyright 2017 RackTop Systems.
38 * Copyright (c) 2017 Open-E, Inc. All Rights Reserved.
39 * Copyright (c) 2019 Datto Inc.
40 * Copyright (c) 2019, 2020 by Christian Schwarz. All rights reserved.
41 * Copyright (c) 2019, 2021, Klara Inc.
42 * Copyright (c) 2019, Allan Jude
48 * This file handles the ioctls to /dev/zfs, used for configuring ZFS storage
49 * pools and filesystems, e.g. with /sbin/zfs and /sbin/zpool.
51 * There are two ways that we handle ioctls: the legacy way where almost
52 * all of the logic is in the ioctl callback, and the new way where most
53 * of the marshalling is handled in the common entry point, zfsdev_ioctl().
55 * Non-legacy ioctls should be registered by calling
56 * zfs_ioctl_register() from zfs_ioctl_init(). The ioctl is invoked
57 * from userland by lzc_ioctl().
59 * The registration arguments are as follows:
62 * The name of the ioctl. This is used for history logging. If the
63 * ioctl returns successfully (the callback returns 0), and allow_log
64 * is true, then a history log entry will be recorded with the input &
65 * output nvlists. The log entry can be printed with "zpool history -i".
68 * The ioctl request number, which userland will pass to ioctl(2).
69 * We want newer versions of libzfs and libzfs_core to run against
70 * existing zfs kernel modules (i.e. a deferred reboot after an update).
71 * Therefore the ioctl numbers cannot change from release to release.
73 * zfs_secpolicy_func_t *secpolicy
74 * This function will be called before the zfs_ioc_func_t, to
75 * determine if this operation is permitted. It should return EPERM
76 * on failure, and 0 on success. Checks include determining if the
77 * dataset is visible in this zone, and if the user has either all
78 * zfs privileges in the zone (SYS_MOUNT), or has been granted permission
79 * to do this operation on this dataset with "zfs allow".
81 * zfs_ioc_namecheck_t namecheck
82 * This specifies what to expect in the zfs_cmd_t:zc_name -- a pool
83 * name, a dataset name, or nothing. If the name is not well-formed,
84 * the ioctl will fail and the callback will not be called.
85 * Therefore, the callback can assume that the name is well-formed
86 * (e.g. is null-terminated, doesn't have more than one '@' character,
87 * doesn't have invalid characters).
89 * zfs_ioc_poolcheck_t pool_check
90 * This specifies requirements on the pool state. If the pool does
91 * not meet them (is suspended or is readonly), the ioctl will fail
92 * and the callback will not be called. If any checks are specified
93 * (i.e. it is not POOL_CHECK_NONE), namecheck must not be NO_NAME.
94 * Multiple checks can be or-ed together (e.g. POOL_CHECK_SUSPENDED |
95 * POOL_CHECK_READONLY).
97 * zfs_ioc_key_t *nvl_keys
98 * The list of expected/allowable innvl input keys. This list is used
99 * to validate the nvlist input to the ioctl.
101 * boolean_t smush_outnvlist
102 * If smush_outnvlist is true, then the output is presumed to be a
103 * list of errors, and it will be "smushed" down to fit into the
104 * caller's buffer, by removing some entries and replacing them with a
105 * single "N_MORE_ERRORS" entry indicating how many were removed. See
106 * nvlist_smush() for details. If smush_outnvlist is false, and the
107 * outnvlist does not fit into the userland-provided buffer, then the
108 * ioctl will fail with ENOMEM.
110 * zfs_ioc_func_t *func
111 * The callback function that will perform the operation.
113 * The callback should return 0 on success, or an error number on
114 * failure. If the function fails, the userland ioctl will return -1,
115 * and errno will be set to the callback's return value. The callback
116 * will be called with the following arguments:
119 * The name of the pool or dataset to operate on, from
120 * zfs_cmd_t:zc_name. The 'namecheck' argument specifies the
121 * expected type (pool, dataset, or none).
124 * The input nvlist, deserialized from zfs_cmd_t:zc_nvlist_src. Or
125 * NULL if no input nvlist was provided. Changes to this nvlist are
126 * ignored. If the input nvlist could not be deserialized, the
127 * ioctl will fail and the callback will not be called.
130 * The output nvlist, initially empty. The callback can fill it in,
131 * and it will be returned to userland by serializing it into
132 * zfs_cmd_t:zc_nvlist_dst. If it is non-empty, and serialization
133 * fails (e.g. because the caller didn't supply a large enough
134 * buffer), then the overall ioctl will fail. See the
135 * 'smush_nvlist' argument above for additional behaviors.
137 * There are two typical uses of the output nvlist:
138 * - To return state, e.g. property values. In this case,
139 * smush_outnvlist should be false. If the buffer was not large
140 * enough, the caller will reallocate a larger buffer and try
143 * - To return multiple errors from an ioctl which makes on-disk
144 * changes. In this case, smush_outnvlist should be true.
145 * Ioctls which make on-disk modifications should generally not
146 * use the outnvl if they succeed, because the caller can not
147 * distinguish between the operation failing, and
148 * deserialization failing.
150 * IOCTL Interface Errors
152 * The following ioctl input errors can be returned:
153 * ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
154 * ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
155 * ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
156 * ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
159 #include <sys/types.h>
160 #include <sys/param.h>
161 #include <sys/errno.h>
162 #include <sys/uio_impl.h>
163 #include <sys/file.h>
164 #include <sys/kmem.h>
165 #include <sys/cmn_err.h>
166 #include <sys/stat.h>
167 #include <sys/zfs_ioctl.h>
168 #include <sys/zfs_quota.h>
169 #include <sys/zfs_vfsops.h>
170 #include <sys/zfs_znode.h>
173 #include <sys/spa_impl.h>
174 #include <sys/vdev.h>
175 #include <sys/vdev_impl.h>
177 #include <sys/dsl_dir.h>
178 #include <sys/dsl_dataset.h>
179 #include <sys/dsl_prop.h>
180 #include <sys/dsl_deleg.h>
181 #include <sys/dmu_objset.h>
182 #include <sys/dmu_impl.h>
183 #include <sys/dmu_redact.h>
184 #include <sys/dmu_tx.h>
185 #include <sys/sunddi.h>
186 #include <sys/policy.h>
187 #include <sys/zone.h>
188 #include <sys/nvpair.h>
189 #include <sys/pathname.h>
190 #include <sys/fs/zfs.h>
191 #include <sys/zfs_ctldir.h>
192 #include <sys/zfs_dir.h>
193 #include <sys/zfs_onexit.h>
194 #include <sys/zvol.h>
195 #include <sys/dsl_scan.h>
196 #include <sys/fm/util.h>
197 #include <sys/dsl_crypt.h>
198 #include <sys/rrwlock.h>
199 #include <sys/zfs_file.h>
201 #include <sys/dmu_recv.h>
202 #include <sys/dmu_send.h>
203 #include <sys/dmu_recv.h>
204 #include <sys/dsl_destroy.h>
205 #include <sys/dsl_bookmark.h>
206 #include <sys/dsl_userhold.h>
207 #include <sys/zfeature.h>
209 #include <sys/zio_checksum.h>
210 #include <sys/vdev_removal.h>
211 #include <sys/vdev_impl.h>
212 #include <sys/vdev_initialize.h>
213 #include <sys/vdev_trim.h>
215 #include "zfs_namecheck.h"
216 #include "zfs_prop.h"
217 #include "zfs_deleg.h"
218 #include "zfs_comutil.h"
220 #include <sys/lua/lua.h>
221 #include <sys/lua/lauxlib.h>
222 #include <sys/zfs_ioctl_impl.h>
224 kmutex_t zfsdev_state_lock;
225 static zfsdev_state_t *zfsdev_state_list;
228 * Limit maximum nvlist size. We don't want users passing in insane values
229 * for zc->zc_nvlist_src_size, since we will need to allocate that much memory.
230 * Defaults to 0=auto which is handled by platform code.
232 unsigned long zfs_max_nvlist_src_size = 0;
235 * When logging the output nvlist of an ioctl in the on-disk history, limit
236 * the logged size to this many bytes. This must be less than DMU_MAX_ACCESS.
237 * This applies primarily to zfs_ioc_channel_program().
239 static unsigned long zfs_history_output_max = 1024 * 1024;
241 uint_t zfs_fsyncer_key;
242 uint_t zfs_allow_log_key;
244 /* DATA_TYPE_ANY is used when zkey_type can vary. */
245 #define DATA_TYPE_ANY DATA_TYPE_UNKNOWN
247 typedef struct zfs_ioc_vec {
248 zfs_ioc_legacy_func_t *zvec_legacy_func;
249 zfs_ioc_func_t *zvec_func;
250 zfs_secpolicy_func_t *zvec_secpolicy;
251 zfs_ioc_namecheck_t zvec_namecheck;
252 boolean_t zvec_allow_log;
253 zfs_ioc_poolcheck_t zvec_pool_check;
254 boolean_t zvec_smush_outnvlist;
255 const char *zvec_name;
256 const zfs_ioc_key_t *zvec_nvl_keys;
257 size_t zvec_nvl_key_count;
260 /* This array is indexed by zfs_userquota_prop_t */
261 static const char *userquota_perms[] = {
262 ZFS_DELEG_PERM_USERUSED,
263 ZFS_DELEG_PERM_USERQUOTA,
264 ZFS_DELEG_PERM_GROUPUSED,
265 ZFS_DELEG_PERM_GROUPQUOTA,
266 ZFS_DELEG_PERM_USEROBJUSED,
267 ZFS_DELEG_PERM_USEROBJQUOTA,
268 ZFS_DELEG_PERM_GROUPOBJUSED,
269 ZFS_DELEG_PERM_GROUPOBJQUOTA,
270 ZFS_DELEG_PERM_PROJECTUSED,
271 ZFS_DELEG_PERM_PROJECTQUOTA,
272 ZFS_DELEG_PERM_PROJECTOBJUSED,
273 ZFS_DELEG_PERM_PROJECTOBJQUOTA,
276 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc);
277 static int zfs_ioc_id_quota_upgrade(zfs_cmd_t *zc);
278 static int zfs_check_settable(const char *name, nvpair_t *property,
280 static int zfs_check_clearable(const char *dataset, nvlist_t *props,
282 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *,
284 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t *);
285 static int get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp);
288 history_str_free(char *buf)
290 kmem_free(buf, HIS_MAX_RECORD_LEN);
294 history_str_get(zfs_cmd_t *zc)
298 if (zc->zc_history == 0)
301 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP);
302 if (copyinstr((void *)(uintptr_t)zc->zc_history,
303 buf, HIS_MAX_RECORD_LEN, NULL) != 0) {
304 history_str_free(buf);
308 buf[HIS_MAX_RECORD_LEN -1] = '\0';
314 * Return non-zero if the spa version is less than requested version.
317 zfs_earlier_version(const char *name, int version)
321 if (spa_open(name, &spa, FTAG) == 0) {
322 if (spa_version(spa) < version) {
323 spa_close(spa, FTAG);
326 spa_close(spa, FTAG);
332 * Return TRUE if the ZPL version is less than requested version.
335 zpl_earlier_version(const char *name, int version)
338 boolean_t rc = B_TRUE;
340 if (dmu_objset_hold(name, FTAG, &os) == 0) {
343 if (dmu_objset_type(os) != DMU_OST_ZFS) {
344 dmu_objset_rele(os, FTAG);
347 /* XXX reading from non-owned objset */
348 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0)
349 rc = zplversion < version;
350 dmu_objset_rele(os, FTAG);
356 zfs_log_history(zfs_cmd_t *zc)
361 if ((buf = history_str_get(zc)) == NULL)
364 if (spa_open(zc->zc_name, &spa, FTAG) == 0) {
365 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY)
366 (void) spa_history_log(spa, buf);
367 spa_close(spa, FTAG);
369 history_str_free(buf);
373 * Policy for top-level read operations (list pools). Requires no privileges,
374 * and can be used in the local zone, as there is no associated dataset.
377 zfs_secpolicy_none(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
379 (void) zc, (void) innvl, (void) cr;
384 * Policy for dataset read operations (list children, get statistics). Requires
385 * no privileges, but must be visible in the local zone.
388 zfs_secpolicy_read(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
390 (void) innvl, (void) cr;
391 if (INGLOBALZONE(curproc) ||
392 zone_dataset_visible(zc->zc_name, NULL))
395 return (SET_ERROR(ENOENT));
399 zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr)
404 * The dataset must be visible by this zone -- check this first
405 * so they don't see EPERM on something they shouldn't know about.
407 if (!INGLOBALZONE(curproc) &&
408 !zone_dataset_visible(dataset, &writable))
409 return (SET_ERROR(ENOENT));
411 if (INGLOBALZONE(curproc)) {
413 * If the fs is zoned, only root can access it from the
416 if (secpolicy_zfs(cr) && zoned)
417 return (SET_ERROR(EPERM));
420 * If we are in a local zone, the 'zoned' property must be set.
423 return (SET_ERROR(EPERM));
425 /* must be writable by this zone */
427 return (SET_ERROR(EPERM));
433 zfs_dozonecheck(const char *dataset, cred_t *cr)
437 if (dsl_prop_get_integer(dataset, zfs_prop_to_name(ZFS_PROP_ZONED),
439 return (SET_ERROR(ENOENT));
441 return (zfs_dozonecheck_impl(dataset, zoned, cr));
445 zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr)
449 if (dsl_prop_get_int_ds(ds, zfs_prop_to_name(ZFS_PROP_ZONED), &zoned))
450 return (SET_ERROR(ENOENT));
452 return (zfs_dozonecheck_impl(dataset, zoned, cr));
456 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds,
457 const char *perm, cred_t *cr)
461 error = zfs_dozonecheck_ds(name, ds, cr);
463 error = secpolicy_zfs(cr);
465 error = dsl_deleg_access_impl(ds, perm, cr);
471 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
478 * First do a quick check for root in the global zone, which
479 * is allowed to do all write_perms. This ensures that zfs_ioc_*
480 * will get to handle nonexistent datasets.
482 if (INGLOBALZONE(curproc) && secpolicy_zfs(cr) == 0)
485 error = dsl_pool_hold(name, FTAG, &dp);
489 error = dsl_dataset_hold(dp, name, FTAG, &ds);
491 dsl_pool_rele(dp, FTAG);
495 error = zfs_secpolicy_write_perms_ds(name, ds, perm, cr);
497 dsl_dataset_rele(ds, FTAG);
498 dsl_pool_rele(dp, FTAG);
503 * Policy for setting the security label property.
505 * Returns 0 for success, non-zero for access and other errors.
508 zfs_set_slabel_policy(const char *name, const char *strval, cred_t *cr)
511 char ds_hexsl[MAXNAMELEN];
512 bslabel_t ds_sl, new_sl;
513 boolean_t new_default = FALSE;
515 int needed_priv = -1;
518 /* First get the existing dataset label. */
519 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL),
520 1, sizeof (ds_hexsl), &ds_hexsl, NULL);
522 return (SET_ERROR(EPERM));
524 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0)
527 /* The label must be translatable */
528 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0))
529 return (SET_ERROR(EINVAL));
532 * In a non-global zone, disallow attempts to set a label that
533 * doesn't match that of the zone; otherwise no other checks
536 if (!INGLOBALZONE(curproc)) {
537 if (new_default || !blequal(&new_sl, CR_SL(CRED())))
538 return (SET_ERROR(EPERM));
543 * For global-zone datasets (i.e., those whose zoned property is
544 * "off", verify that the specified new label is valid for the
547 if (dsl_prop_get_integer(name,
548 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL))
549 return (SET_ERROR(EPERM));
551 if (zfs_check_global_label(name, strval) != 0)
552 return (SET_ERROR(EPERM));
556 * If the existing dataset label is nondefault, check if the
557 * dataset is mounted (label cannot be changed while mounted).
558 * Get the zfsvfs_t; if there isn't one, then the dataset isn't
559 * mounted (or isn't a dataset, doesn't exist, ...).
561 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) {
563 static const char *setsl_tag = "setsl_tag";
566 * Try to own the dataset; abort if there is any error,
567 * (e.g., already mounted, in use, or other error).
569 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE, B_TRUE,
572 return (SET_ERROR(EPERM));
574 dmu_objset_disown(os, B_TRUE, setsl_tag);
577 needed_priv = PRIV_FILE_DOWNGRADE_SL;
581 if (hexstr_to_label(strval, &new_sl) != 0)
582 return (SET_ERROR(EPERM));
584 if (blstrictdom(&ds_sl, &new_sl))
585 needed_priv = PRIV_FILE_DOWNGRADE_SL;
586 else if (blstrictdom(&new_sl, &ds_sl))
587 needed_priv = PRIV_FILE_UPGRADE_SL;
589 /* dataset currently has a default label */
591 needed_priv = PRIV_FILE_UPGRADE_SL;
595 if (needed_priv != -1)
596 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL));
599 return (SET_ERROR(ENOTSUP));
600 #endif /* HAVE_MLSLABEL */
604 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval,
610 * Check permissions for special properties.
617 * Disallow setting of 'zoned' from within a local zone.
619 if (!INGLOBALZONE(curproc))
620 return (SET_ERROR(EPERM));
624 case ZFS_PROP_FILESYSTEM_LIMIT:
625 case ZFS_PROP_SNAPSHOT_LIMIT:
626 if (!INGLOBALZONE(curproc)) {
628 char setpoint[ZFS_MAX_DATASET_NAME_LEN];
630 * Unprivileged users are allowed to modify the
631 * limit on things *under* (ie. contained by)
632 * the thing they own.
634 if (dsl_prop_get_integer(dsname,
635 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, setpoint))
636 return (SET_ERROR(EPERM));
637 if (!zoned || strlen(dsname) <= strlen(setpoint))
638 return (SET_ERROR(EPERM));
642 case ZFS_PROP_MLSLABEL:
643 if (!is_system_labeled())
644 return (SET_ERROR(EPERM));
646 if (nvpair_value_string(propval, &strval) == 0) {
649 err = zfs_set_slabel_policy(dsname, strval, CRED());
656 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr));
660 zfs_secpolicy_set_fsacl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
663 * permission to set permissions will be evaluated later in
664 * dsl_deleg_can_allow()
667 return (zfs_dozonecheck(zc->zc_name, cr));
671 zfs_secpolicy_rollback(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
674 return (zfs_secpolicy_write_perms(zc->zc_name,
675 ZFS_DELEG_PERM_ROLLBACK, cr));
679 zfs_secpolicy_send(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
688 * Generate the current snapshot name from the given objsetid, then
689 * use that name for the secpolicy/zone checks.
691 cp = strchr(zc->zc_name, '@');
693 return (SET_ERROR(EINVAL));
694 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
698 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
700 dsl_pool_rele(dp, FTAG);
704 dsl_dataset_name(ds, zc->zc_name);
706 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds,
707 ZFS_DELEG_PERM_SEND, cr);
708 dsl_dataset_rele(ds, FTAG);
709 dsl_pool_rele(dp, FTAG);
715 zfs_secpolicy_send_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
718 return (zfs_secpolicy_write_perms(zc->zc_name,
719 ZFS_DELEG_PERM_SEND, cr));
723 zfs_secpolicy_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
725 (void) zc, (void) innvl, (void) cr;
726 return (SET_ERROR(ENOTSUP));
730 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
732 (void) zc, (void) innvl, (void) cr;
733 return (SET_ERROR(ENOTSUP));
737 zfs_get_parent(const char *datasetname, char *parent, int parentsize)
742 * Remove the @bla or /bla from the end of the name to get the parent.
744 (void) strncpy(parent, datasetname, parentsize);
745 cp = strrchr(parent, '@');
749 cp = strrchr(parent, '/');
751 return (SET_ERROR(ENOENT));
759 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr)
763 if ((error = zfs_secpolicy_write_perms(name,
764 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
767 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr));
771 zfs_secpolicy_destroy(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
774 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr));
778 * Destroying snapshots with delegated permissions requires
779 * descendant mount and destroy permissions.
782 zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
786 nvpair_t *pair, *nextpair;
789 snaps = fnvlist_lookup_nvlist(innvl, "snaps");
791 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
793 nextpair = nvlist_next_nvpair(snaps, pair);
794 error = zfs_secpolicy_destroy_perms(nvpair_name(pair), cr);
795 if (error == ENOENT) {
797 * Ignore any snapshots that don't exist (we consider
798 * them "already destroyed"). Remove the name from the
799 * nvl here in case the snapshot is created between
800 * now and when we try to destroy it (in which case
801 * we don't want to destroy it since we haven't
802 * checked for permission).
804 fnvlist_remove_nvpair(snaps, pair);
815 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr)
817 char parentname[ZFS_MAX_DATASET_NAME_LEN];
820 if ((error = zfs_secpolicy_write_perms(from,
821 ZFS_DELEG_PERM_RENAME, cr)) != 0)
824 if ((error = zfs_secpolicy_write_perms(from,
825 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
828 if ((error = zfs_get_parent(to, parentname,
829 sizeof (parentname))) != 0)
832 if ((error = zfs_secpolicy_write_perms(parentname,
833 ZFS_DELEG_PERM_CREATE, cr)) != 0)
836 if ((error = zfs_secpolicy_write_perms(parentname,
837 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
844 zfs_secpolicy_rename(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
847 return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr));
851 zfs_secpolicy_promote(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
855 dsl_dataset_t *clone;
858 error = zfs_secpolicy_write_perms(zc->zc_name,
859 ZFS_DELEG_PERM_PROMOTE, cr);
863 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
867 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &clone);
870 char parentname[ZFS_MAX_DATASET_NAME_LEN];
871 dsl_dataset_t *origin = NULL;
875 error = dsl_dataset_hold_obj(dd->dd_pool,
876 dsl_dir_phys(dd)->dd_origin_obj, FTAG, &origin);
878 dsl_dataset_rele(clone, FTAG);
879 dsl_pool_rele(dp, FTAG);
883 error = zfs_secpolicy_write_perms_ds(zc->zc_name, clone,
884 ZFS_DELEG_PERM_MOUNT, cr);
886 dsl_dataset_name(origin, parentname);
888 error = zfs_secpolicy_write_perms_ds(parentname, origin,
889 ZFS_DELEG_PERM_PROMOTE, cr);
891 dsl_dataset_rele(clone, FTAG);
892 dsl_dataset_rele(origin, FTAG);
894 dsl_pool_rele(dp, FTAG);
899 zfs_secpolicy_recv(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
904 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
905 ZFS_DELEG_PERM_RECEIVE, cr)) != 0)
908 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
909 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
912 return (zfs_secpolicy_write_perms(zc->zc_name,
913 ZFS_DELEG_PERM_CREATE, cr));
917 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr)
919 return (zfs_secpolicy_write_perms(name,
920 ZFS_DELEG_PERM_SNAPSHOT, cr));
924 * Check for permission to create each snapshot in the nvlist.
927 zfs_secpolicy_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
934 snaps = fnvlist_lookup_nvlist(innvl, "snaps");
936 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
937 pair = nvlist_next_nvpair(snaps, pair)) {
938 char *name = nvpair_name(pair);
939 char *atp = strchr(name, '@');
942 error = SET_ERROR(EINVAL);
946 error = zfs_secpolicy_snapshot_perms(name, cr);
955 * Check for permission to create each bookmark in the nvlist.
958 zfs_secpolicy_bookmark(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
963 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL);
964 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
965 char *name = nvpair_name(pair);
966 char *hashp = strchr(name, '#');
969 error = SET_ERROR(EINVAL);
973 error = zfs_secpolicy_write_perms(name,
974 ZFS_DELEG_PERM_BOOKMARK, cr);
983 zfs_secpolicy_destroy_bookmarks(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
986 nvpair_t *pair, *nextpair;
989 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL;
991 char *name = nvpair_name(pair);
992 char *hashp = strchr(name, '#');
993 nextpair = nvlist_next_nvpair(innvl, pair);
996 error = SET_ERROR(EINVAL);
1001 error = zfs_secpolicy_write_perms(name,
1002 ZFS_DELEG_PERM_DESTROY, cr);
1004 if (error == ENOENT) {
1006 * Ignore any filesystems that don't exist (we consider
1007 * their bookmarks "already destroyed"). Remove
1008 * the name from the nvl here in case the filesystem
1009 * is created between now and when we try to destroy
1010 * the bookmark (in which case we don't want to
1011 * destroy it since we haven't checked for permission).
1013 fnvlist_remove_nvpair(innvl, pair);
1024 zfs_secpolicy_log_history(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1026 (void) zc, (void) innvl, (void) cr;
1028 * Even root must have a proper TSD so that we know what pool
1031 if (tsd_get(zfs_allow_log_key) == NULL)
1032 return (SET_ERROR(EPERM));
1037 zfs_secpolicy_create_clone(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1039 char parentname[ZFS_MAX_DATASET_NAME_LEN];
1043 if ((error = zfs_get_parent(zc->zc_name, parentname,
1044 sizeof (parentname))) != 0)
1047 if (nvlist_lookup_string(innvl, "origin", &origin) == 0 &&
1048 (error = zfs_secpolicy_write_perms(origin,
1049 ZFS_DELEG_PERM_CLONE, cr)) != 0)
1052 if ((error = zfs_secpolicy_write_perms(parentname,
1053 ZFS_DELEG_PERM_CREATE, cr)) != 0)
1056 return (zfs_secpolicy_write_perms(parentname,
1057 ZFS_DELEG_PERM_MOUNT, cr));
1061 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires
1062 * SYS_CONFIG privilege, which is not available in a local zone.
1065 zfs_secpolicy_config(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1067 (void) zc, (void) innvl;
1069 if (secpolicy_sys_config(cr, B_FALSE) != 0)
1070 return (SET_ERROR(EPERM));
1076 * Policy for object to name lookups.
1079 zfs_secpolicy_diff(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1084 if ((error = secpolicy_sys_config(cr, B_FALSE)) == 0)
1087 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr);
1092 * Policy for fault injection. Requires all privileges.
1095 zfs_secpolicy_inject(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1097 (void) zc, (void) innvl;
1098 return (secpolicy_zinject(cr));
1102 zfs_secpolicy_inherit_prop(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1105 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value);
1107 if (prop == ZPROP_USERPROP) {
1108 if (!zfs_prop_user(zc->zc_value))
1109 return (SET_ERROR(EINVAL));
1110 return (zfs_secpolicy_write_perms(zc->zc_name,
1111 ZFS_DELEG_PERM_USERPROP, cr));
1113 return (zfs_secpolicy_setprop(zc->zc_name, prop,
1119 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1121 int err = zfs_secpolicy_read(zc, innvl, cr);
1125 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1126 return (SET_ERROR(EINVAL));
1128 if (zc->zc_value[0] == 0) {
1130 * They are asking about a posix uid/gid. If it's
1131 * themself, allow it.
1133 if (zc->zc_objset_type == ZFS_PROP_USERUSED ||
1134 zc->zc_objset_type == ZFS_PROP_USERQUOTA ||
1135 zc->zc_objset_type == ZFS_PROP_USEROBJUSED ||
1136 zc->zc_objset_type == ZFS_PROP_USEROBJQUOTA) {
1137 if (zc->zc_guid == crgetuid(cr))
1139 } else if (zc->zc_objset_type == ZFS_PROP_GROUPUSED ||
1140 zc->zc_objset_type == ZFS_PROP_GROUPQUOTA ||
1141 zc->zc_objset_type == ZFS_PROP_GROUPOBJUSED ||
1142 zc->zc_objset_type == ZFS_PROP_GROUPOBJQUOTA) {
1143 if (groupmember(zc->zc_guid, cr))
1146 /* else is for project quota/used */
1149 return (zfs_secpolicy_write_perms(zc->zc_name,
1150 userquota_perms[zc->zc_objset_type], cr));
1154 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1156 int err = zfs_secpolicy_read(zc, innvl, cr);
1160 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1161 return (SET_ERROR(EINVAL));
1163 return (zfs_secpolicy_write_perms(zc->zc_name,
1164 userquota_perms[zc->zc_objset_type], cr));
1168 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1171 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION,
1176 zfs_secpolicy_hold(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1183 holds = fnvlist_lookup_nvlist(innvl, "holds");
1185 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL;
1186 pair = nvlist_next_nvpair(holds, pair)) {
1187 char fsname[ZFS_MAX_DATASET_NAME_LEN];
1188 error = dmu_fsname(nvpair_name(pair), fsname);
1191 error = zfs_secpolicy_write_perms(fsname,
1192 ZFS_DELEG_PERM_HOLD, cr);
1200 zfs_secpolicy_release(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1206 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL;
1207 pair = nvlist_next_nvpair(innvl, pair)) {
1208 char fsname[ZFS_MAX_DATASET_NAME_LEN];
1209 error = dmu_fsname(nvpair_name(pair), fsname);
1212 error = zfs_secpolicy_write_perms(fsname,
1213 ZFS_DELEG_PERM_RELEASE, cr);
1221 * Policy for allowing temporary snapshots to be taken or released
1224 zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1227 * A temporary snapshot is the same as a snapshot,
1228 * hold, destroy and release all rolled into one.
1229 * Delegated diff alone is sufficient that we allow this.
1233 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
1234 ZFS_DELEG_PERM_DIFF, cr)) == 0)
1237 error = zfs_secpolicy_snapshot_perms(zc->zc_name, cr);
1239 if (innvl != NULL) {
1241 error = zfs_secpolicy_hold(zc, innvl, cr);
1243 error = zfs_secpolicy_release(zc, innvl, cr);
1245 error = zfs_secpolicy_destroy(zc, innvl, cr);
1251 zfs_secpolicy_load_key(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1253 return (zfs_secpolicy_write_perms(zc->zc_name,
1254 ZFS_DELEG_PERM_LOAD_KEY, cr));
1258 zfs_secpolicy_change_key(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1260 return (zfs_secpolicy_write_perms(zc->zc_name,
1261 ZFS_DELEG_PERM_CHANGE_KEY, cr));
1265 * Returns the nvlist as specified by the user in the zfs_cmd_t.
1268 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp)
1272 nvlist_t *list = NULL;
1275 * Read in and unpack the user-supplied nvlist.
1278 return (SET_ERROR(EINVAL));
1280 packed = vmem_alloc(size, KM_SLEEP);
1282 if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size,
1284 vmem_free(packed, size);
1285 return (SET_ERROR(EFAULT));
1288 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) {
1289 vmem_free(packed, size);
1293 vmem_free(packed, size);
1300 * Reduce the size of this nvlist until it can be serialized in 'max' bytes.
1301 * Entries will be removed from the end of the nvlist, and one int32 entry
1302 * named "N_MORE_ERRORS" will be added indicating how many entries were
1306 nvlist_smush(nvlist_t *errors, size_t max)
1310 size = fnvlist_size(errors);
1313 nvpair_t *more_errors;
1317 return (SET_ERROR(ENOMEM));
1319 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, 0);
1320 more_errors = nvlist_prev_nvpair(errors, NULL);
1323 nvpair_t *pair = nvlist_prev_nvpair(errors,
1325 fnvlist_remove_nvpair(errors, pair);
1327 size = fnvlist_size(errors);
1328 } while (size > max);
1330 fnvlist_remove_nvpair(errors, more_errors);
1331 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, n);
1332 ASSERT3U(fnvlist_size(errors), <=, max);
1339 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl)
1341 char *packed = NULL;
1345 size = fnvlist_size(nvl);
1347 if (size > zc->zc_nvlist_dst_size) {
1348 error = SET_ERROR(ENOMEM);
1350 packed = fnvlist_pack(nvl, &size);
1351 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst,
1352 size, zc->zc_iflags) != 0)
1353 error = SET_ERROR(EFAULT);
1354 fnvlist_pack_free(packed, size);
1357 zc->zc_nvlist_dst_size = size;
1358 zc->zc_nvlist_dst_filled = B_TRUE;
1363 getzfsvfs_impl(objset_t *os, zfsvfs_t **zfvp)
1366 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1367 return (SET_ERROR(EINVAL));
1370 mutex_enter(&os->os_user_ptr_lock);
1371 *zfvp = dmu_objset_get_user(os);
1372 /* bump s_active only when non-zero to prevent umount race */
1373 error = zfs_vfs_ref(zfvp);
1374 mutex_exit(&os->os_user_ptr_lock);
1379 getzfsvfs(const char *dsname, zfsvfs_t **zfvp)
1384 error = dmu_objset_hold(dsname, FTAG, &os);
1388 error = getzfsvfs_impl(os, zfvp);
1389 dmu_objset_rele(os, FTAG);
1394 * Find a zfsvfs_t for a mounted filesystem, or create our own, in which
1395 * case its z_sb will be NULL, and it will be opened as the owner.
1396 * If 'writer' is set, the z_teardown_lock will be held for RW_WRITER,
1397 * which prevents all inode ops from running.
1400 zfsvfs_hold(const char *name, const void *tag, zfsvfs_t **zfvp,
1405 if (getzfsvfs(name, zfvp) != 0)
1406 error = zfsvfs_create(name, B_FALSE, zfvp);
1409 ZFS_TEARDOWN_ENTER_WRITE(*zfvp, tag);
1411 ZFS_TEARDOWN_ENTER_READ(*zfvp, tag);
1412 if ((*zfvp)->z_unmounted) {
1414 * XXX we could probably try again, since the unmounting
1415 * thread should be just about to disassociate the
1416 * objset from the zfsvfs.
1418 ZFS_TEARDOWN_EXIT(*zfvp, tag);
1419 return (SET_ERROR(EBUSY));
1426 zfsvfs_rele(zfsvfs_t *zfsvfs, const void *tag)
1428 ZFS_TEARDOWN_EXIT(zfsvfs, tag);
1430 if (zfs_vfs_held(zfsvfs)) {
1431 zfs_vfs_rele(zfsvfs);
1433 dmu_objset_disown(zfsvfs->z_os, B_TRUE, zfsvfs);
1434 zfsvfs_free(zfsvfs);
1439 zfs_ioc_pool_create(zfs_cmd_t *zc)
1442 nvlist_t *config, *props = NULL;
1443 nvlist_t *rootprops = NULL;
1444 nvlist_t *zplprops = NULL;
1445 dsl_crypto_params_t *dcp = NULL;
1446 const char *spa_name = zc->zc_name;
1447 boolean_t unload_wkey = B_TRUE;
1449 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1450 zc->zc_iflags, &config)))
1453 if (zc->zc_nvlist_src_size != 0 && (error =
1454 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1455 zc->zc_iflags, &props))) {
1456 nvlist_free(config);
1461 nvlist_t *nvl = NULL;
1462 nvlist_t *hidden_args = NULL;
1463 uint64_t version = SPA_VERSION;
1466 (void) nvlist_lookup_uint64(props,
1467 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version);
1468 if (!SPA_VERSION_IS_SUPPORTED(version)) {
1469 error = SET_ERROR(EINVAL);
1470 goto pool_props_bad;
1472 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl);
1474 error = nvlist_dup(nvl, &rootprops, KM_SLEEP);
1476 goto pool_props_bad;
1477 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS);
1480 (void) nvlist_lookup_nvlist(props, ZPOOL_HIDDEN_ARGS,
1482 error = dsl_crypto_params_create_nvlist(DCP_CMD_NONE,
1483 rootprops, hidden_args, &dcp);
1485 goto pool_props_bad;
1486 (void) nvlist_remove_all(props, ZPOOL_HIDDEN_ARGS);
1488 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1489 error = zfs_fill_zplprops_root(version, rootprops,
1492 goto pool_props_bad;
1494 if (nvlist_lookup_string(props,
1495 zpool_prop_to_name(ZPOOL_PROP_TNAME), &tname) == 0)
1499 error = spa_create(zc->zc_name, config, props, zplprops, dcp);
1502 * Set the remaining root properties
1504 if (!error && (error = zfs_set_prop_nvlist(spa_name,
1505 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0) {
1506 (void) spa_destroy(spa_name);
1507 unload_wkey = B_FALSE; /* spa_destroy() unloads wrapping keys */
1511 nvlist_free(rootprops);
1512 nvlist_free(zplprops);
1513 nvlist_free(config);
1515 dsl_crypto_params_free(dcp, unload_wkey && !!error);
1521 zfs_ioc_pool_destroy(zfs_cmd_t *zc)
1524 zfs_log_history(zc);
1525 error = spa_destroy(zc->zc_name);
1531 zfs_ioc_pool_import(zfs_cmd_t *zc)
1533 nvlist_t *config, *props = NULL;
1537 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1538 zc->zc_iflags, &config)) != 0)
1541 if (zc->zc_nvlist_src_size != 0 && (error =
1542 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1543 zc->zc_iflags, &props))) {
1544 nvlist_free(config);
1548 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 ||
1549 guid != zc->zc_guid)
1550 error = SET_ERROR(EINVAL);
1552 error = spa_import(zc->zc_name, config, props, zc->zc_cookie);
1554 if (zc->zc_nvlist_dst != 0) {
1557 if ((err = put_nvlist(zc, config)) != 0)
1561 nvlist_free(config);
1568 zfs_ioc_pool_export(zfs_cmd_t *zc)
1571 boolean_t force = (boolean_t)zc->zc_cookie;
1572 boolean_t hardforce = (boolean_t)zc->zc_guid;
1574 zfs_log_history(zc);
1575 error = spa_export(zc->zc_name, NULL, force, hardforce);
1581 zfs_ioc_pool_configs(zfs_cmd_t *zc)
1586 if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL)
1587 return (SET_ERROR(EEXIST));
1589 error = put_nvlist(zc, configs);
1591 nvlist_free(configs);
1598 * zc_name name of the pool
1601 * zc_cookie real errno
1602 * zc_nvlist_dst config nvlist
1603 * zc_nvlist_dst_size size of config nvlist
1606 zfs_ioc_pool_stats(zfs_cmd_t *zc)
1612 error = spa_get_stats(zc->zc_name, &config, zc->zc_value,
1613 sizeof (zc->zc_value));
1615 if (config != NULL) {
1616 ret = put_nvlist(zc, config);
1617 nvlist_free(config);
1620 * The config may be present even if 'error' is non-zero.
1621 * In this case we return success, and preserve the real errno
1624 zc->zc_cookie = error;
1633 * Try to import the given pool, returning pool stats as appropriate so that
1634 * user land knows which devices are available and overall pool health.
1637 zfs_ioc_pool_tryimport(zfs_cmd_t *zc)
1639 nvlist_t *tryconfig, *config = NULL;
1642 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1643 zc->zc_iflags, &tryconfig)) != 0)
1646 config = spa_tryimport(tryconfig);
1648 nvlist_free(tryconfig);
1651 return (SET_ERROR(EINVAL));
1653 error = put_nvlist(zc, config);
1654 nvlist_free(config);
1661 * zc_name name of the pool
1662 * zc_cookie scan func (pool_scan_func_t)
1663 * zc_flags scrub pause/resume flag (pool_scrub_cmd_t)
1666 zfs_ioc_pool_scan(zfs_cmd_t *zc)
1671 if (zc->zc_flags >= POOL_SCRUB_FLAGS_END)
1672 return (SET_ERROR(EINVAL));
1674 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1677 if (zc->zc_flags == POOL_SCRUB_PAUSE)
1678 error = spa_scrub_pause_resume(spa, POOL_SCRUB_PAUSE);
1679 else if (zc->zc_cookie == POOL_SCAN_NONE)
1680 error = spa_scan_stop(spa);
1682 error = spa_scan(spa, zc->zc_cookie);
1684 spa_close(spa, FTAG);
1690 zfs_ioc_pool_freeze(zfs_cmd_t *zc)
1695 error = spa_open(zc->zc_name, &spa, FTAG);
1698 spa_close(spa, FTAG);
1704 zfs_ioc_pool_upgrade(zfs_cmd_t *zc)
1709 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1712 if (zc->zc_cookie < spa_version(spa) ||
1713 !SPA_VERSION_IS_SUPPORTED(zc->zc_cookie)) {
1714 spa_close(spa, FTAG);
1715 return (SET_ERROR(EINVAL));
1718 spa_upgrade(spa, zc->zc_cookie);
1719 spa_close(spa, FTAG);
1725 zfs_ioc_pool_get_history(zfs_cmd_t *zc)
1732 if ((size = zc->zc_history_len) == 0)
1733 return (SET_ERROR(EINVAL));
1735 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1738 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
1739 spa_close(spa, FTAG);
1740 return (SET_ERROR(ENOTSUP));
1743 hist_buf = vmem_alloc(size, KM_SLEEP);
1744 if ((error = spa_history_get(spa, &zc->zc_history_offset,
1745 &zc->zc_history_len, hist_buf)) == 0) {
1746 error = ddi_copyout(hist_buf,
1747 (void *)(uintptr_t)zc->zc_history,
1748 zc->zc_history_len, zc->zc_iflags);
1751 spa_close(spa, FTAG);
1752 vmem_free(hist_buf, size);
1757 zfs_ioc_pool_reguid(zfs_cmd_t *zc)
1762 error = spa_open(zc->zc_name, &spa, FTAG);
1764 error = spa_change_guid(spa);
1765 spa_close(spa, FTAG);
1771 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc)
1773 return (dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value));
1778 * zc_name name of filesystem
1779 * zc_obj object to find
1782 * zc_value name of object
1785 zfs_ioc_obj_to_path(zfs_cmd_t *zc)
1790 /* XXX reading from objset not owned */
1791 if ((error = dmu_objset_hold_flags(zc->zc_name, B_TRUE,
1794 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1795 dmu_objset_rele_flags(os, B_TRUE, FTAG);
1796 return (SET_ERROR(EINVAL));
1798 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value,
1799 sizeof (zc->zc_value));
1800 dmu_objset_rele_flags(os, B_TRUE, FTAG);
1807 * zc_name name of filesystem
1808 * zc_obj object to find
1811 * zc_stat stats on object
1812 * zc_value path to object
1815 zfs_ioc_obj_to_stats(zfs_cmd_t *zc)
1820 /* XXX reading from objset not owned */
1821 if ((error = dmu_objset_hold_flags(zc->zc_name, B_TRUE,
1824 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1825 dmu_objset_rele_flags(os, B_TRUE, FTAG);
1826 return (SET_ERROR(EINVAL));
1828 error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value,
1829 sizeof (zc->zc_value));
1830 dmu_objset_rele_flags(os, B_TRUE, FTAG);
1836 zfs_ioc_vdev_add(zfs_cmd_t *zc)
1842 error = spa_open(zc->zc_name, &spa, FTAG);
1846 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1847 zc->zc_iflags, &config);
1849 error = spa_vdev_add(spa, config);
1850 nvlist_free(config);
1852 spa_close(spa, FTAG);
1858 * zc_name name of the pool
1859 * zc_guid guid of vdev to remove
1860 * zc_cookie cancel removal
1863 zfs_ioc_vdev_remove(zfs_cmd_t *zc)
1868 error = spa_open(zc->zc_name, &spa, FTAG);
1871 if (zc->zc_cookie != 0) {
1872 error = spa_vdev_remove_cancel(spa);
1874 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE);
1876 spa_close(spa, FTAG);
1881 zfs_ioc_vdev_set_state(zfs_cmd_t *zc)
1885 vdev_state_t newstate = VDEV_STATE_UNKNOWN;
1887 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1889 switch (zc->zc_cookie) {
1890 case VDEV_STATE_ONLINE:
1891 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate);
1894 case VDEV_STATE_OFFLINE:
1895 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj);
1898 case VDEV_STATE_FAULTED:
1899 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1900 zc->zc_obj != VDEV_AUX_EXTERNAL &&
1901 zc->zc_obj != VDEV_AUX_EXTERNAL_PERSIST)
1902 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1904 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj);
1907 case VDEV_STATE_DEGRADED:
1908 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1909 zc->zc_obj != VDEV_AUX_EXTERNAL)
1910 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1912 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj);
1916 error = SET_ERROR(EINVAL);
1918 zc->zc_cookie = newstate;
1919 spa_close(spa, FTAG);
1924 zfs_ioc_vdev_attach(zfs_cmd_t *zc)
1928 int replacing = zc->zc_cookie;
1929 int rebuild = zc->zc_simple;
1932 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1935 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1936 zc->zc_iflags, &config)) == 0) {
1937 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing,
1939 nvlist_free(config);
1942 spa_close(spa, FTAG);
1947 zfs_ioc_vdev_detach(zfs_cmd_t *zc)
1952 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1955 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE);
1957 spa_close(spa, FTAG);
1962 zfs_ioc_vdev_split(zfs_cmd_t *zc)
1965 nvlist_t *config, *props = NULL;
1967 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT);
1969 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1972 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1973 zc->zc_iflags, &config))) {
1974 spa_close(spa, FTAG);
1978 if (zc->zc_nvlist_src_size != 0 && (error =
1979 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1980 zc->zc_iflags, &props))) {
1981 spa_close(spa, FTAG);
1982 nvlist_free(config);
1986 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp);
1988 spa_close(spa, FTAG);
1990 nvlist_free(config);
1997 zfs_ioc_vdev_setpath(zfs_cmd_t *zc)
2000 const char *path = zc->zc_value;
2001 uint64_t guid = zc->zc_guid;
2004 error = spa_open(zc->zc_name, &spa, FTAG);
2008 error = spa_vdev_setpath(spa, guid, path);
2009 spa_close(spa, FTAG);
2014 zfs_ioc_vdev_setfru(zfs_cmd_t *zc)
2017 const char *fru = zc->zc_value;
2018 uint64_t guid = zc->zc_guid;
2021 error = spa_open(zc->zc_name, &spa, FTAG);
2025 error = spa_vdev_setfru(spa, guid, fru);
2026 spa_close(spa, FTAG);
2031 zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os)
2036 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
2038 if (zc->zc_nvlist_dst != 0 &&
2039 (error = dsl_prop_get_all(os, &nv)) == 0) {
2040 dmu_objset_stats(os, nv);
2042 * NB: zvol_get_stats() will read the objset contents,
2043 * which we aren't supposed to do with a
2044 * DS_MODE_USER hold, because it could be
2045 * inconsistent. So this is a bit of a workaround...
2046 * XXX reading without owning
2048 if (!zc->zc_objset_stats.dds_inconsistent &&
2049 dmu_objset_type(os) == DMU_OST_ZVOL) {
2050 error = zvol_get_stats(os, nv);
2058 error = put_nvlist(zc, nv);
2067 * zc_name name of filesystem
2068 * zc_nvlist_dst_size size of buffer for property nvlist
2071 * zc_objset_stats stats
2072 * zc_nvlist_dst property nvlist
2073 * zc_nvlist_dst_size size of property nvlist
2076 zfs_ioc_objset_stats(zfs_cmd_t *zc)
2081 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2083 error = zfs_ioc_objset_stats_impl(zc, os);
2084 dmu_objset_rele(os, FTAG);
2092 * zc_name name of filesystem
2093 * zc_nvlist_dst_size size of buffer for property nvlist
2096 * zc_nvlist_dst received property nvlist
2097 * zc_nvlist_dst_size size of received property nvlist
2099 * Gets received properties (distinct from local properties on or after
2100 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from
2101 * local property values.
2104 zfs_ioc_objset_recvd_props(zfs_cmd_t *zc)
2110 * Without this check, we would return local property values if the
2111 * caller has not already received properties on or after
2112 * SPA_VERSION_RECVD_PROPS.
2114 if (!dsl_prop_get_hasrecvd(zc->zc_name))
2115 return (SET_ERROR(ENOTSUP));
2117 if (zc->zc_nvlist_dst != 0 &&
2118 (error = dsl_prop_get_received(zc->zc_name, &nv)) == 0) {
2119 error = put_nvlist(zc, nv);
2127 nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop)
2133 * zfs_get_zplprop() will either find a value or give us
2134 * the default value (if there is one).
2136 if ((error = zfs_get_zplprop(os, prop, &value)) != 0)
2138 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0);
2144 * zc_name name of filesystem
2145 * zc_nvlist_dst_size size of buffer for zpl property nvlist
2148 * zc_nvlist_dst zpl property nvlist
2149 * zc_nvlist_dst_size size of zpl property nvlist
2152 zfs_ioc_objset_zplprops(zfs_cmd_t *zc)
2157 /* XXX reading without owning */
2158 if ((err = dmu_objset_hold(zc->zc_name, FTAG, &os)))
2161 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
2164 * NB: nvl_add_zplprop() will read the objset contents,
2165 * which we aren't supposed to do with a DS_MODE_USER
2166 * hold, because it could be inconsistent.
2168 if (zc->zc_nvlist_dst != 0 &&
2169 !zc->zc_objset_stats.dds_inconsistent &&
2170 dmu_objset_type(os) == DMU_OST_ZFS) {
2173 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2174 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 &&
2175 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 &&
2176 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 &&
2177 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0)
2178 err = put_nvlist(zc, nv);
2181 err = SET_ERROR(ENOENT);
2183 dmu_objset_rele(os, FTAG);
2189 * zc_name name of filesystem
2190 * zc_cookie zap cursor
2191 * zc_nvlist_dst_size size of buffer for property nvlist
2194 * zc_name name of next filesystem
2195 * zc_cookie zap cursor
2196 * zc_objset_stats stats
2197 * zc_nvlist_dst property nvlist
2198 * zc_nvlist_dst_size size of property nvlist
2201 zfs_ioc_dataset_list_next(zfs_cmd_t *zc)
2206 size_t orig_len = strlen(zc->zc_name);
2209 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os))) {
2210 if (error == ENOENT)
2211 error = SET_ERROR(ESRCH);
2215 p = strrchr(zc->zc_name, '/');
2216 if (p == NULL || p[1] != '\0')
2217 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name));
2218 p = zc->zc_name + strlen(zc->zc_name);
2221 error = dmu_dir_list_next(os,
2222 sizeof (zc->zc_name) - (p - zc->zc_name), p,
2223 NULL, &zc->zc_cookie);
2224 if (error == ENOENT)
2225 error = SET_ERROR(ESRCH);
2226 } while (error == 0 && zfs_dataset_name_hidden(zc->zc_name));
2227 dmu_objset_rele(os, FTAG);
2230 * If it's an internal dataset (ie. with a '$' in its name),
2231 * don't try to get stats for it, otherwise we'll return ENOENT.
2233 if (error == 0 && strchr(zc->zc_name, '$') == NULL) {
2234 error = zfs_ioc_objset_stats(zc); /* fill in the stats */
2235 if (error == ENOENT) {
2236 /* We lost a race with destroy, get the next one. */
2237 zc->zc_name[orig_len] = '\0';
2246 * zc_name name of filesystem
2247 * zc_cookie zap cursor
2248 * zc_nvlist_src iteration range nvlist
2249 * zc_nvlist_src_size size of iteration range nvlist
2252 * zc_name name of next snapshot
2253 * zc_objset_stats stats
2254 * zc_nvlist_dst property nvlist
2255 * zc_nvlist_dst_size size of property nvlist
2258 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc)
2261 objset_t *os, *ossnap;
2263 uint64_t min_txg = 0, max_txg = 0;
2265 if (zc->zc_nvlist_src_size != 0) {
2266 nvlist_t *props = NULL;
2267 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2268 zc->zc_iflags, &props);
2271 (void) nvlist_lookup_uint64(props, SNAP_ITER_MIN_TXG,
2273 (void) nvlist_lookup_uint64(props, SNAP_ITER_MAX_TXG,
2278 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2280 return (error == ENOENT ? SET_ERROR(ESRCH) : error);
2284 * A dataset name of maximum length cannot have any snapshots,
2285 * so exit immediately.
2287 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >=
2288 ZFS_MAX_DATASET_NAME_LEN) {
2289 dmu_objset_rele(os, FTAG);
2290 return (SET_ERROR(ESRCH));
2293 while (error == 0) {
2294 if (issig(JUSTLOOKING) && issig(FORREAL)) {
2295 error = SET_ERROR(EINTR);
2299 error = dmu_snapshot_list_next(os,
2300 sizeof (zc->zc_name) - strlen(zc->zc_name),
2301 zc->zc_name + strlen(zc->zc_name), &zc->zc_obj,
2302 &zc->zc_cookie, NULL);
2303 if (error == ENOENT) {
2304 error = SET_ERROR(ESRCH);
2306 } else if (error != 0) {
2310 error = dsl_dataset_hold_obj(dmu_objset_pool(os), zc->zc_obj,
2315 if ((min_txg != 0 && dsl_get_creationtxg(ds) < min_txg) ||
2316 (max_txg != 0 && dsl_get_creationtxg(ds) > max_txg)) {
2317 dsl_dataset_rele(ds, FTAG);
2318 /* undo snapshot name append */
2319 *(strchr(zc->zc_name, '@') + 1) = '\0';
2324 if (zc->zc_simple) {
2325 zc->zc_objset_stats.dds_creation_txg =
2326 dsl_get_creationtxg(ds);
2327 dsl_dataset_rele(ds, FTAG);
2331 if ((error = dmu_objset_from_ds(ds, &ossnap)) != 0) {
2332 dsl_dataset_rele(ds, FTAG);
2335 if ((error = zfs_ioc_objset_stats_impl(zc, ossnap)) != 0) {
2336 dsl_dataset_rele(ds, FTAG);
2339 dsl_dataset_rele(ds, FTAG);
2343 dmu_objset_rele(os, FTAG);
2344 /* if we failed, undo the @ that we tacked on to zc_name */
2346 *strchr(zc->zc_name, '@') = '\0';
2351 zfs_prop_set_userquota(const char *dsname, nvpair_t *pair)
2353 const char *propname = nvpair_name(pair);
2355 unsigned int vallen;
2356 const char *dash, *domain;
2357 zfs_userquota_prop_t type;
2363 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2365 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2366 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2368 return (SET_ERROR(EINVAL));
2372 * A correctly constructed propname is encoded as
2373 * userquota@<rid>-<domain>.
2375 if ((dash = strchr(propname, '-')) == NULL ||
2376 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 ||
2378 return (SET_ERROR(EINVAL));
2385 err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE);
2387 err = zfs_set_userquota(zfsvfs, type, domain, rid, quota);
2388 zfsvfs_rele(zfsvfs, FTAG);
2395 * If the named property is one that has a special function to set its value,
2396 * return 0 on success and a positive error code on failure; otherwise if it is
2397 * not one of the special properties handled by this function, return -1.
2399 * XXX: It would be better for callers of the property interface if we handled
2400 * these special cases in dsl_prop.c (in the dsl layer).
2403 zfs_prop_set_special(const char *dsname, zprop_source_t source,
2406 const char *propname = nvpair_name(pair);
2407 zfs_prop_t prop = zfs_name_to_prop(propname);
2408 uint64_t intval = 0;
2409 const char *strval = NULL;
2412 if (prop == ZPROP_USERPROP) {
2413 if (zfs_prop_userquota(propname))
2414 return (zfs_prop_set_userquota(dsname, pair));
2418 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2420 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2421 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2425 /* all special properties are numeric except for keylocation */
2426 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING) {
2427 strval = fnvpair_value_string(pair);
2429 intval = fnvpair_value_uint64(pair);
2433 case ZFS_PROP_QUOTA:
2434 err = dsl_dir_set_quota(dsname, source, intval);
2436 case ZFS_PROP_REFQUOTA:
2437 err = dsl_dataset_set_refquota(dsname, source, intval);
2439 case ZFS_PROP_FILESYSTEM_LIMIT:
2440 case ZFS_PROP_SNAPSHOT_LIMIT:
2441 if (intval == UINT64_MAX) {
2442 /* clearing the limit, just do it */
2445 err = dsl_dir_activate_fs_ss_limit(dsname);
2448 * Set err to -1 to force the zfs_set_prop_nvlist code down the
2449 * default path to set the value in the nvlist.
2454 case ZFS_PROP_KEYLOCATION:
2455 err = dsl_crypto_can_set_keylocation(dsname, strval);
2458 * Set err to -1 to force the zfs_set_prop_nvlist code down the
2459 * default path to set the value in the nvlist.
2464 case ZFS_PROP_RESERVATION:
2465 err = dsl_dir_set_reservation(dsname, source, intval);
2467 case ZFS_PROP_REFRESERVATION:
2468 err = dsl_dataset_set_refreservation(dsname, source, intval);
2470 case ZFS_PROP_COMPRESSION:
2471 err = dsl_dataset_set_compression(dsname, source, intval);
2473 * Set err to -1 to force the zfs_set_prop_nvlist code down the
2474 * default path to set the value in the nvlist.
2479 case ZFS_PROP_VOLSIZE:
2480 err = zvol_set_volsize(dsname, intval);
2482 case ZFS_PROP_SNAPDEV:
2483 err = zvol_set_snapdev(dsname, source, intval);
2485 case ZFS_PROP_VOLMODE:
2486 err = zvol_set_volmode(dsname, source, intval);
2488 case ZFS_PROP_VERSION:
2492 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0)
2495 err = zfs_set_version(zfsvfs, intval);
2496 zfsvfs_rele(zfsvfs, FTAG);
2498 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) {
2501 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
2502 (void) strlcpy(zc->zc_name, dsname,
2503 sizeof (zc->zc_name));
2504 (void) zfs_ioc_userspace_upgrade(zc);
2505 (void) zfs_ioc_id_quota_upgrade(zc);
2506 kmem_free(zc, sizeof (zfs_cmd_t));
2518 zfs_is_namespace_prop(zfs_prop_t prop)
2522 case ZFS_PROP_ATIME:
2523 case ZFS_PROP_RELATIME:
2524 case ZFS_PROP_DEVICES:
2526 case ZFS_PROP_SETUID:
2527 case ZFS_PROP_READONLY:
2528 case ZFS_PROP_XATTR:
2529 case ZFS_PROP_NBMAND:
2538 * This function is best effort. If it fails to set any of the given properties,
2539 * it continues to set as many as it can and returns the last error
2540 * encountered. If the caller provides a non-NULL errlist, it will be filled in
2541 * with the list of names of all the properties that failed along with the
2542 * corresponding error numbers.
2544 * If every property is set successfully, zero is returned and errlist is not
2548 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl,
2557 boolean_t should_update_mount_cache = B_FALSE;
2559 nvlist_t *genericnvl = fnvlist_alloc();
2560 nvlist_t *retrynvl = fnvlist_alloc();
2563 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2564 const char *propname = nvpair_name(pair);
2565 zfs_prop_t prop = zfs_name_to_prop(propname);
2568 /* decode the property value */
2570 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2572 attrs = fnvpair_value_nvlist(pair);
2573 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2575 err = SET_ERROR(EINVAL);
2578 /* Validate value type */
2579 if (err == 0 && source == ZPROP_SRC_INHERITED) {
2580 /* inherited properties are expected to be booleans */
2581 if (nvpair_type(propval) != DATA_TYPE_BOOLEAN)
2582 err = SET_ERROR(EINVAL);
2583 } else if (err == 0 && prop == ZPROP_USERPROP) {
2584 if (zfs_prop_user(propname)) {
2585 if (nvpair_type(propval) != DATA_TYPE_STRING)
2586 err = SET_ERROR(EINVAL);
2587 } else if (zfs_prop_userquota(propname)) {
2588 if (nvpair_type(propval) !=
2589 DATA_TYPE_UINT64_ARRAY)
2590 err = SET_ERROR(EINVAL);
2592 err = SET_ERROR(EINVAL);
2594 } else if (err == 0) {
2595 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2596 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING)
2597 err = SET_ERROR(EINVAL);
2598 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) {
2601 intval = fnvpair_value_uint64(propval);
2603 switch (zfs_prop_get_type(prop)) {
2604 case PROP_TYPE_NUMBER:
2606 case PROP_TYPE_STRING:
2607 err = SET_ERROR(EINVAL);
2609 case PROP_TYPE_INDEX:
2610 if (zfs_prop_index_to_string(prop,
2611 intval, &unused) != 0)
2613 SET_ERROR(ZFS_ERR_BADPROP);
2617 "unknown property type");
2620 err = SET_ERROR(EINVAL);
2624 /* Validate permissions */
2626 err = zfs_check_settable(dsname, pair, CRED());
2629 if (source == ZPROP_SRC_INHERITED)
2630 err = -1; /* does not need special handling */
2632 err = zfs_prop_set_special(dsname, source,
2636 * For better performance we build up a list of
2637 * properties to set in a single transaction.
2639 err = nvlist_add_nvpair(genericnvl, pair);
2640 } else if (err != 0 && nvl != retrynvl) {
2642 * This may be a spurious error caused by
2643 * receiving quota and reservation out of order.
2644 * Try again in a second pass.
2646 err = nvlist_add_nvpair(retrynvl, pair);
2651 if (errlist != NULL)
2652 fnvlist_add_int32(errlist, propname, err);
2656 if (zfs_is_namespace_prop(prop))
2657 should_update_mount_cache = B_TRUE;
2660 if (nvl != retrynvl && !nvlist_empty(retrynvl)) {
2665 if (nvlist_empty(genericnvl))
2669 * Try to set them all in one batch.
2671 err = dsl_props_set(dsname, source, genericnvl);
2676 * If batching fails, we still want to set as many properties as we
2677 * can, so try setting them individually.
2680 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) {
2681 const char *propname = nvpair_name(pair);
2685 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2687 attrs = fnvpair_value_nvlist(pair);
2688 propval = fnvlist_lookup_nvpair(attrs, ZPROP_VALUE);
2691 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2692 strval = fnvpair_value_string(propval);
2693 err = dsl_prop_set_string(dsname, propname,
2695 } else if (nvpair_type(propval) == DATA_TYPE_BOOLEAN) {
2696 err = dsl_prop_inherit(dsname, propname, source);
2698 intval = fnvpair_value_uint64(propval);
2699 err = dsl_prop_set_int(dsname, propname, source,
2704 if (errlist != NULL) {
2705 fnvlist_add_int32(errlist, propname, err);
2712 if (should_update_mount_cache)
2713 zfs_ioctl_update_mount_cache(dsname);
2715 nvlist_free(genericnvl);
2716 nvlist_free(retrynvl);
2722 * Check that all the properties are valid user properties.
2725 zfs_check_userprops(nvlist_t *nvl)
2727 nvpair_t *pair = NULL;
2729 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2730 const char *propname = nvpair_name(pair);
2732 if (!zfs_prop_user(propname) ||
2733 nvpair_type(pair) != DATA_TYPE_STRING)
2734 return (SET_ERROR(EINVAL));
2736 if (strlen(propname) >= ZAP_MAXNAMELEN)
2737 return (SET_ERROR(ENAMETOOLONG));
2739 if (strlen(fnvpair_value_string(pair)) >= ZAP_MAXVALUELEN)
2740 return (SET_ERROR(E2BIG));
2746 props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops)
2750 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2753 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) {
2754 if (nvlist_exists(skipped, nvpair_name(pair)))
2757 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0);
2762 clear_received_props(const char *dsname, nvlist_t *props,
2766 nvlist_t *cleared_props = NULL;
2767 props_skip(props, skipped, &cleared_props);
2768 if (!nvlist_empty(cleared_props)) {
2770 * Acts on local properties until the dataset has received
2771 * properties at least once on or after SPA_VERSION_RECVD_PROPS.
2773 zprop_source_t flags = (ZPROP_SRC_NONE |
2774 (dsl_prop_get_hasrecvd(dsname) ? ZPROP_SRC_RECEIVED : 0));
2775 err = zfs_set_prop_nvlist(dsname, flags, cleared_props, NULL);
2777 nvlist_free(cleared_props);
2783 * zc_name name of filesystem
2784 * zc_value name of property to set
2785 * zc_nvlist_src{_size} nvlist of properties to apply
2786 * zc_cookie received properties flag
2789 * zc_nvlist_dst{_size} error for each unapplied received property
2792 zfs_ioc_set_prop(zfs_cmd_t *zc)
2795 boolean_t received = zc->zc_cookie;
2796 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED :
2801 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2802 zc->zc_iflags, &nvl)) != 0)
2806 nvlist_t *origprops;
2808 if (dsl_prop_get_received(zc->zc_name, &origprops) == 0) {
2809 (void) clear_received_props(zc->zc_name,
2811 nvlist_free(origprops);
2814 error = dsl_prop_set_hasrecvd(zc->zc_name);
2817 errors = fnvlist_alloc();
2819 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, errors);
2821 if (zc->zc_nvlist_dst != 0 && errors != NULL) {
2822 (void) put_nvlist(zc, errors);
2825 nvlist_free(errors);
2832 * zc_name name of filesystem
2833 * zc_value name of property to inherit
2834 * zc_cookie revert to received value if TRUE
2839 zfs_ioc_inherit_prop(zfs_cmd_t *zc)
2841 const char *propname = zc->zc_value;
2842 zfs_prop_t prop = zfs_name_to_prop(propname);
2843 boolean_t received = zc->zc_cookie;
2844 zprop_source_t source = (received
2845 ? ZPROP_SRC_NONE /* revert to received value, if any */
2846 : ZPROP_SRC_INHERITED); /* explicitly inherit */
2854 * Only check this in the non-received case. We want to allow
2855 * 'inherit -S' to revert non-inheritable properties like quota
2856 * and reservation to the received or default values even though
2857 * they are not considered inheritable.
2859 if (prop != ZPROP_USERPROP && !zfs_prop_inheritable(prop))
2860 return (SET_ERROR(EINVAL));
2863 if (prop == ZPROP_USERPROP) {
2864 if (!zfs_prop_user(propname))
2865 return (SET_ERROR(EINVAL));
2867 type = PROP_TYPE_STRING;
2868 } else if (prop == ZFS_PROP_VOLSIZE || prop == ZFS_PROP_VERSION) {
2869 return (SET_ERROR(EINVAL));
2871 type = zfs_prop_get_type(prop);
2875 * zfs_prop_set_special() expects properties in the form of an
2876 * nvpair with type info.
2878 dummy = fnvlist_alloc();
2881 case PROP_TYPE_STRING:
2882 VERIFY(0 == nvlist_add_string(dummy, propname, ""));
2884 case PROP_TYPE_NUMBER:
2885 case PROP_TYPE_INDEX:
2886 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0));
2889 err = SET_ERROR(EINVAL);
2893 pair = nvlist_next_nvpair(dummy, NULL);
2895 err = SET_ERROR(EINVAL);
2897 err = zfs_prop_set_special(zc->zc_name, source, pair);
2898 if (err == -1) /* property is not "special", needs handling */
2899 err = dsl_prop_inherit(zc->zc_name, zc->zc_value,
2909 zfs_ioc_pool_set_props(zfs_cmd_t *zc)
2916 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2917 zc->zc_iflags, &props)))
2921 * If the only property is the configfile, then just do a spa_lookup()
2922 * to handle the faulted case.
2924 pair = nvlist_next_nvpair(props, NULL);
2925 if (pair != NULL && strcmp(nvpair_name(pair),
2926 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 &&
2927 nvlist_next_nvpair(props, pair) == NULL) {
2928 mutex_enter(&spa_namespace_lock);
2929 if ((spa = spa_lookup(zc->zc_name)) != NULL) {
2930 spa_configfile_set(spa, props, B_FALSE);
2931 spa_write_cachefile(spa, B_FALSE, B_TRUE);
2933 mutex_exit(&spa_namespace_lock);
2940 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2945 error = spa_prop_set(spa, props);
2948 spa_close(spa, FTAG);
2954 zfs_ioc_pool_get_props(zfs_cmd_t *zc)
2958 nvlist_t *nvp = NULL;
2960 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2962 * If the pool is faulted, there may be properties we can still
2963 * get (such as altroot and cachefile), so attempt to get them
2966 mutex_enter(&spa_namespace_lock);
2967 if ((spa = spa_lookup(zc->zc_name)) != NULL)
2968 error = spa_prop_get(spa, &nvp);
2969 mutex_exit(&spa_namespace_lock);
2971 error = spa_prop_get(spa, &nvp);
2972 spa_close(spa, FTAG);
2975 if (error == 0 && zc->zc_nvlist_dst != 0)
2976 error = put_nvlist(zc, nvp);
2978 error = SET_ERROR(EFAULT);
2986 * "vdevprops_set_vdev" -> guid
2987 * "vdevprops_set_props" -> { prop -> value }
2990 * outnvl: propname -> error code (int32)
2992 static const zfs_ioc_key_t zfs_keys_vdev_set_props[] = {
2993 {ZPOOL_VDEV_PROPS_SET_VDEV, DATA_TYPE_UINT64, 0},
2994 {ZPOOL_VDEV_PROPS_SET_PROPS, DATA_TYPE_NVLIST, 0}
2998 zfs_ioc_vdev_set_props(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3005 /* Early validation */
3006 if (nvlist_lookup_uint64(innvl, ZPOOL_VDEV_PROPS_SET_VDEV,
3008 return (SET_ERROR(EINVAL));
3011 return (SET_ERROR(EINVAL));
3013 if ((error = spa_open(poolname, &spa, FTAG)) != 0)
3016 ASSERT(spa_writeable(spa));
3018 if ((vd = spa_lookup_by_guid(spa, vdev_guid, B_TRUE)) == NULL) {
3019 spa_close(spa, FTAG);
3020 return (SET_ERROR(ENOENT));
3023 error = vdev_prop_set(vd, innvl, outnvl);
3025 spa_close(spa, FTAG);
3032 * "vdevprops_get_vdev" -> guid
3033 * (optional) "vdevprops_get_props" -> { propname -> propid }
3036 * outnvl: propname -> value
3038 static const zfs_ioc_key_t zfs_keys_vdev_get_props[] = {
3039 {ZPOOL_VDEV_PROPS_GET_VDEV, DATA_TYPE_UINT64, 0},
3040 {ZPOOL_VDEV_PROPS_GET_PROPS, DATA_TYPE_NVLIST, ZK_OPTIONAL}
3044 zfs_ioc_vdev_get_props(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3051 /* Early validation */
3052 if (nvlist_lookup_uint64(innvl, ZPOOL_VDEV_PROPS_GET_VDEV,
3054 return (SET_ERROR(EINVAL));
3057 return (SET_ERROR(EINVAL));
3059 if ((error = spa_open(poolname, &spa, FTAG)) != 0)
3062 if ((vd = spa_lookup_by_guid(spa, vdev_guid, B_TRUE)) == NULL) {
3063 spa_close(spa, FTAG);
3064 return (SET_ERROR(ENOENT));
3067 error = vdev_prop_get(vd, innvl, outnvl);
3069 spa_close(spa, FTAG);
3076 * zc_name name of filesystem
3077 * zc_nvlist_src{_size} nvlist of delegated permissions
3078 * zc_perm_action allow/unallow flag
3083 zfs_ioc_set_fsacl(zfs_cmd_t *zc)
3086 nvlist_t *fsaclnv = NULL;
3088 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
3089 zc->zc_iflags, &fsaclnv)) != 0)
3093 * Verify nvlist is constructed correctly
3095 if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) {
3096 nvlist_free(fsaclnv);
3097 return (SET_ERROR(EINVAL));
3101 * If we don't have PRIV_SYS_MOUNT, then validate
3102 * that user is allowed to hand out each permission in
3106 error = secpolicy_zfs(CRED());
3108 if (zc->zc_perm_action == B_FALSE) {
3109 error = dsl_deleg_can_allow(zc->zc_name,
3112 error = dsl_deleg_can_unallow(zc->zc_name,
3118 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action);
3120 nvlist_free(fsaclnv);
3126 * zc_name name of filesystem
3129 * zc_nvlist_src{_size} nvlist of delegated permissions
3132 zfs_ioc_get_fsacl(zfs_cmd_t *zc)
3137 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) {
3138 error = put_nvlist(zc, nvp);
3146 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx)
3148 zfs_creat_t *zct = arg;
3150 zfs_create_fs(os, cr, zct->zct_zplprops, tx);
3153 #define ZFS_PROP_UNDEFINED ((uint64_t)-1)
3157 * os parent objset pointer (NULL if root fs)
3158 * fuids_ok fuids allowed in this version of the spa?
3159 * sa_ok SAs allowed in this version of the spa?
3160 * createprops list of properties requested by creator
3163 * zplprops values for the zplprops we attach to the master node object
3164 * is_ci true if requested file system will be purely case-insensitive
3166 * Determine the settings for utf8only, normalization and
3167 * casesensitivity. Specific values may have been requested by the
3168 * creator and/or we can inherit values from the parent dataset. If
3169 * the file system is of too early a vintage, a creator can not
3170 * request settings for these properties, even if the requested
3171 * setting is the default value. We don't actually want to create dsl
3172 * properties for these, so remove them from the source nvlist after
3176 zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver,
3177 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops,
3178 nvlist_t *zplprops, boolean_t *is_ci)
3180 uint64_t sense = ZFS_PROP_UNDEFINED;
3181 uint64_t norm = ZFS_PROP_UNDEFINED;
3182 uint64_t u8 = ZFS_PROP_UNDEFINED;
3185 ASSERT(zplprops != NULL);
3187 /* parent dataset must be a filesystem */
3188 if (os != NULL && os->os_phys->os_type != DMU_OST_ZFS)
3189 return (SET_ERROR(ZFS_ERR_WRONG_PARENT));
3192 * Pull out creator prop choices, if any.
3195 (void) nvlist_lookup_uint64(createprops,
3196 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver);
3197 (void) nvlist_lookup_uint64(createprops,
3198 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm);
3199 (void) nvlist_remove_all(createprops,
3200 zfs_prop_to_name(ZFS_PROP_NORMALIZE));
3201 (void) nvlist_lookup_uint64(createprops,
3202 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8);
3203 (void) nvlist_remove_all(createprops,
3204 zfs_prop_to_name(ZFS_PROP_UTF8ONLY));
3205 (void) nvlist_lookup_uint64(createprops,
3206 zfs_prop_to_name(ZFS_PROP_CASE), &sense);
3207 (void) nvlist_remove_all(createprops,
3208 zfs_prop_to_name(ZFS_PROP_CASE));
3212 * If the zpl version requested is whacky or the file system
3213 * or pool is version is too "young" to support normalization
3214 * and the creator tried to set a value for one of the props,
3217 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) ||
3218 (zplver >= ZPL_VERSION_FUID && !fuids_ok) ||
3219 (zplver >= ZPL_VERSION_SA && !sa_ok) ||
3220 (zplver < ZPL_VERSION_NORMALIZATION &&
3221 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED ||
3222 sense != ZFS_PROP_UNDEFINED)))
3223 return (SET_ERROR(ENOTSUP));
3226 * Put the version in the zplprops
3228 VERIFY(nvlist_add_uint64(zplprops,
3229 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0);
3231 if (norm == ZFS_PROP_UNDEFINED &&
3232 (error = zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm)) != 0)
3234 VERIFY(nvlist_add_uint64(zplprops,
3235 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0);
3238 * If we're normalizing, names must always be valid UTF-8 strings.
3242 if (u8 == ZFS_PROP_UNDEFINED &&
3243 (error = zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8)) != 0)
3245 VERIFY(nvlist_add_uint64(zplprops,
3246 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0);
3248 if (sense == ZFS_PROP_UNDEFINED &&
3249 (error = zfs_get_zplprop(os, ZFS_PROP_CASE, &sense)) != 0)
3251 VERIFY(nvlist_add_uint64(zplprops,
3252 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0);
3255 *is_ci = (sense == ZFS_CASE_INSENSITIVE);
3261 zfs_fill_zplprops(const char *dataset, nvlist_t *createprops,
3262 nvlist_t *zplprops, boolean_t *is_ci)
3264 boolean_t fuids_ok, sa_ok;
3265 uint64_t zplver = ZPL_VERSION;
3266 objset_t *os = NULL;
3267 char parentname[ZFS_MAX_DATASET_NAME_LEN];
3272 zfs_get_parent(dataset, parentname, sizeof (parentname));
3274 if ((error = spa_open(dataset, &spa, FTAG)) != 0)
3277 spa_vers = spa_version(spa);
3278 spa_close(spa, FTAG);
3280 zplver = zfs_zpl_version_map(spa_vers);
3281 fuids_ok = (zplver >= ZPL_VERSION_FUID);
3282 sa_ok = (zplver >= ZPL_VERSION_SA);
3285 * Open parent object set so we can inherit zplprop values.
3287 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0)
3290 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops,
3292 dmu_objset_rele(os, FTAG);
3297 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops,
3298 nvlist_t *zplprops, boolean_t *is_ci)
3302 uint64_t zplver = ZPL_VERSION;
3305 zplver = zfs_zpl_version_map(spa_vers);
3306 fuids_ok = (zplver >= ZPL_VERSION_FUID);
3307 sa_ok = (zplver >= ZPL_VERSION_SA);
3309 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok,
3310 createprops, zplprops, is_ci);
3316 * "type" -> dmu_objset_type_t (int32)
3317 * (optional) "props" -> { prop -> value }
3318 * (optional) "hidden_args" -> { "wkeydata" -> value }
3319 * raw uint8_t array of encryption wrapping key data (32 bytes)
3322 * outnvl: propname -> error code (int32)
3325 static const zfs_ioc_key_t zfs_keys_create[] = {
3326 {"type", DATA_TYPE_INT32, 0},
3327 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3328 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3332 zfs_ioc_create(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3335 zfs_creat_t zct = { 0 };
3336 nvlist_t *nvprops = NULL;
3337 nvlist_t *hidden_args = NULL;
3338 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx);
3339 dmu_objset_type_t type;
3340 boolean_t is_insensitive = B_FALSE;
3341 dsl_crypto_params_t *dcp = NULL;
3343 type = (dmu_objset_type_t)fnvlist_lookup_int32(innvl, "type");
3344 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3345 (void) nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args);
3349 cbfunc = zfs_create_cb;
3353 cbfunc = zvol_create_cb;
3360 if (strchr(fsname, '@') ||
3361 strchr(fsname, '%'))
3362 return (SET_ERROR(EINVAL));
3364 zct.zct_props = nvprops;
3367 return (SET_ERROR(EINVAL));
3369 if (type == DMU_OST_ZVOL) {
3370 uint64_t volsize, volblocksize;
3372 if (nvprops == NULL)
3373 return (SET_ERROR(EINVAL));
3374 if (nvlist_lookup_uint64(nvprops,
3375 zfs_prop_to_name(ZFS_PROP_VOLSIZE), &volsize) != 0)
3376 return (SET_ERROR(EINVAL));
3378 if ((error = nvlist_lookup_uint64(nvprops,
3379 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
3380 &volblocksize)) != 0 && error != ENOENT)
3381 return (SET_ERROR(EINVAL));
3384 volblocksize = zfs_prop_default_numeric(
3385 ZFS_PROP_VOLBLOCKSIZE);
3387 if ((error = zvol_check_volblocksize(fsname,
3388 volblocksize)) != 0 ||
3389 (error = zvol_check_volsize(volsize,
3390 volblocksize)) != 0)
3392 } else if (type == DMU_OST_ZFS) {
3396 * We have to have normalization and
3397 * case-folding flags correct when we do the
3398 * file system creation, so go figure them out
3401 VERIFY(nvlist_alloc(&zct.zct_zplprops,
3402 NV_UNIQUE_NAME, KM_SLEEP) == 0);
3403 error = zfs_fill_zplprops(fsname, nvprops,
3404 zct.zct_zplprops, &is_insensitive);
3406 nvlist_free(zct.zct_zplprops);
3411 error = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, nvprops,
3414 nvlist_free(zct.zct_zplprops);
3418 error = dmu_objset_create(fsname, type,
3419 is_insensitive ? DS_FLAG_CI_DATASET : 0, dcp, cbfunc, &zct);
3421 nvlist_free(zct.zct_zplprops);
3422 dsl_crypto_params_free(dcp, !!error);
3425 * It would be nice to do this atomically.
3428 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3435 * Volumes will return EBUSY and cannot be destroyed
3436 * until all asynchronous minor handling (e.g. from
3437 * setting the volmode property) has completed. Wait for
3438 * the spa_zvol_taskq to drain then retry.
3440 error2 = dsl_destroy_head(fsname);
3441 while ((error2 == EBUSY) && (type == DMU_OST_ZVOL)) {
3442 error2 = spa_open(fsname, &spa, FTAG);
3444 taskq_wait(spa->spa_zvol_taskq);
3445 spa_close(spa, FTAG);
3447 error2 = dsl_destroy_head(fsname);
3456 * "origin" -> name of origin snapshot
3457 * (optional) "props" -> { prop -> value }
3458 * (optional) "hidden_args" -> { "wkeydata" -> value }
3459 * raw uint8_t array of encryption wrapping key data (32 bytes)
3463 * outnvl: propname -> error code (int32)
3465 static const zfs_ioc_key_t zfs_keys_clone[] = {
3466 {"origin", DATA_TYPE_STRING, 0},
3467 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3468 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3472 zfs_ioc_clone(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3475 nvlist_t *nvprops = NULL;
3476 const char *origin_name;
3478 origin_name = fnvlist_lookup_string(innvl, "origin");
3479 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3481 if (strchr(fsname, '@') ||
3482 strchr(fsname, '%'))
3483 return (SET_ERROR(EINVAL));
3485 if (dataset_namecheck(origin_name, NULL, NULL) != 0)
3486 return (SET_ERROR(EINVAL));
3488 error = dmu_objset_clone(fsname, origin_name);
3491 * It would be nice to do this atomically.
3494 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3497 (void) dsl_destroy_head(fsname);
3502 static const zfs_ioc_key_t zfs_keys_remap[] = {
3507 zfs_ioc_remap(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3509 /* This IOCTL is no longer supported. */
3510 (void) fsname, (void) innvl, (void) outnvl;
3516 * "snaps" -> { snapshot1, snapshot2 }
3517 * (optional) "props" -> { prop -> value (string) }
3520 * outnvl: snapshot -> error code (int32)
3522 static const zfs_ioc_key_t zfs_keys_snapshot[] = {
3523 {"snaps", DATA_TYPE_NVLIST, 0},
3524 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3528 zfs_ioc_snapshot(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3531 nvlist_t *props = NULL;
3535 (void) nvlist_lookup_nvlist(innvl, "props", &props);
3536 if (!nvlist_empty(props) &&
3537 zfs_earlier_version(poolname, SPA_VERSION_SNAP_PROPS))
3538 return (SET_ERROR(ENOTSUP));
3539 if ((error = zfs_check_userprops(props)) != 0)
3542 snaps = fnvlist_lookup_nvlist(innvl, "snaps");
3543 poollen = strlen(poolname);
3544 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3545 pair = nvlist_next_nvpair(snaps, pair)) {
3546 const char *name = nvpair_name(pair);
3547 char *cp = strchr(name, '@');
3550 * The snap name must contain an @, and the part after it must
3551 * contain only valid characters.
3554 zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
3555 return (SET_ERROR(EINVAL));
3558 * The snap must be in the specified pool.
3560 if (strncmp(name, poolname, poollen) != 0 ||
3561 (name[poollen] != '/' && name[poollen] != '@'))
3562 return (SET_ERROR(EXDEV));
3565 * Check for permission to set the properties on the fs.
3567 if (!nvlist_empty(props)) {
3569 error = zfs_secpolicy_write_perms(name,
3570 ZFS_DELEG_PERM_USERPROP, CRED());
3576 /* This must be the only snap of this fs. */
3577 for (nvpair_t *pair2 = nvlist_next_nvpair(snaps, pair);
3578 pair2 != NULL; pair2 = nvlist_next_nvpair(snaps, pair2)) {
3579 if (strncmp(name, nvpair_name(pair2), cp - name + 1)
3581 return (SET_ERROR(EXDEV));
3586 error = dsl_dataset_snapshot(snaps, props, outnvl);
3592 * innvl: "message" -> string
3594 static const zfs_ioc_key_t zfs_keys_log_history[] = {
3595 {"message", DATA_TYPE_STRING, 0},
3599 zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl)
3601 (void) unused, (void) outnvl;
3602 const char *message;
3608 * The poolname in the ioctl is not set, we get it from the TSD,
3609 * which was set at the end of the last successful ioctl that allows
3610 * logging. The secpolicy func already checked that it is set.
3611 * Only one log ioctl is allowed after each successful ioctl, so
3612 * we clear the TSD here.
3614 poolname = tsd_get(zfs_allow_log_key);
3615 if (poolname == NULL)
3616 return (SET_ERROR(EINVAL));
3617 (void) tsd_set(zfs_allow_log_key, NULL);
3618 error = spa_open(poolname, &spa, FTAG);
3619 kmem_strfree(poolname);
3623 message = fnvlist_lookup_string(innvl, "message");
3625 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
3626 spa_close(spa, FTAG);
3627 return (SET_ERROR(ENOTSUP));
3630 error = spa_history_log(spa, message);
3631 spa_close(spa, FTAG);
3636 * This ioctl is used to set the bootenv configuration on the current
3637 * pool. This configuration is stored in the second padding area of the label,
3638 * and it is used by the bootloader(s) to store the bootloader and/or system
3640 * The data is stored as nvlist data stream, and is protected by
3641 * an embedded checksum.
3642 * The version can have two possible values:
3643 * VB_RAW: nvlist should have key GRUB_ENVMAP, value DATA_TYPE_STRING.
3644 * VB_NVLIST: nvlist with arbitrary <key, value> pairs.
3646 static const zfs_ioc_key_t zfs_keys_set_bootenv[] = {
3647 {"version", DATA_TYPE_UINT64, 0},
3648 {"<keys>", DATA_TYPE_ANY, ZK_OPTIONAL | ZK_WILDCARDLIST},
3652 zfs_ioc_set_bootenv(const char *name, nvlist_t *innvl, nvlist_t *outnvl)
3657 if ((error = spa_open(name, &spa, FTAG)) != 0)
3659 spa_vdev_state_enter(spa, SCL_ALL);
3660 error = vdev_label_write_bootenv(spa->spa_root_vdev, innvl);
3661 (void) spa_vdev_state_exit(spa, NULL, 0);
3662 spa_close(spa, FTAG);
3666 static const zfs_ioc_key_t zfs_keys_get_bootenv[] = {
3671 zfs_ioc_get_bootenv(const char *name, nvlist_t *innvl, nvlist_t *outnvl)
3676 if ((error = spa_open(name, &spa, FTAG)) != 0)
3678 spa_vdev_state_enter(spa, SCL_ALL);
3679 error = vdev_label_read_bootenv(spa->spa_root_vdev, outnvl);
3680 (void) spa_vdev_state_exit(spa, NULL, 0);
3681 spa_close(spa, FTAG);
3686 * The dp_config_rwlock must not be held when calling this, because the
3687 * unmount may need to write out data.
3689 * This function is best-effort. Callers must deal gracefully if it
3690 * remains mounted (or is remounted after this call).
3692 * Returns 0 if the argument is not a snapshot, or it is not currently a
3693 * filesystem, or we were able to unmount it. Returns error code otherwise.
3696 zfs_unmount_snap(const char *snapname)
3698 if (strchr(snapname, '@') == NULL)
3701 (void) zfsctl_snapshot_unmount(snapname, MNT_FORCE);
3705 zfs_unmount_snap_cb(const char *snapname, void *arg)
3708 zfs_unmount_snap(snapname);
3713 * When a clone is destroyed, its origin may also need to be destroyed,
3714 * in which case it must be unmounted. This routine will do that unmount
3718 zfs_destroy_unmount_origin(const char *fsname)
3724 error = dmu_objset_hold(fsname, FTAG, &os);
3727 ds = dmu_objset_ds(os);
3728 if (dsl_dir_is_clone(ds->ds_dir) && DS_IS_DEFER_DESTROY(ds->ds_prev)) {
3729 char originname[ZFS_MAX_DATASET_NAME_LEN];
3730 dsl_dataset_name(ds->ds_prev, originname);
3731 dmu_objset_rele(os, FTAG);
3732 zfs_unmount_snap(originname);
3734 dmu_objset_rele(os, FTAG);
3740 * "snaps" -> { snapshot1, snapshot2 }
3741 * (optional boolean) "defer"
3744 * outnvl: snapshot -> error code (int32)
3746 static const zfs_ioc_key_t zfs_keys_destroy_snaps[] = {
3747 {"snaps", DATA_TYPE_NVLIST, 0},
3748 {"defer", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
3752 zfs_ioc_destroy_snaps(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3760 snaps = fnvlist_lookup_nvlist(innvl, "snaps");
3761 defer = nvlist_exists(innvl, "defer");
3763 poollen = strlen(poolname);
3764 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3765 pair = nvlist_next_nvpair(snaps, pair)) {
3766 const char *name = nvpair_name(pair);
3769 * The snap must be in the specified pool to prevent the
3770 * invalid removal of zvol minors below.
3772 if (strncmp(name, poolname, poollen) != 0 ||
3773 (name[poollen] != '/' && name[poollen] != '@'))
3774 return (SET_ERROR(EXDEV));
3776 zfs_unmount_snap(nvpair_name(pair));
3777 if (spa_open(name, &spa, FTAG) == 0) {
3778 zvol_remove_minors(spa, name, B_TRUE);
3779 spa_close(spa, FTAG);
3783 return (dsl_destroy_snapshots_nvl(snaps, defer, outnvl));
3787 * Create bookmarks. The bookmark names are of the form <fs>#<bmark>.
3788 * All bookmarks and snapshots must be in the same pool.
3789 * dsl_bookmark_create_nvl_validate describes the nvlist schema in more detail.
3792 * new_bookmark1 -> existing_snapshot,
3793 * new_bookmark2 -> existing_bookmark,
3796 * outnvl: bookmark -> error code (int32)
3799 static const zfs_ioc_key_t zfs_keys_bookmark[] = {
3800 {"<bookmark>...", DATA_TYPE_STRING, ZK_WILDCARDLIST},
3804 zfs_ioc_bookmark(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3807 return (dsl_bookmark_create(innvl, outnvl));
3812 * property 1, property 2, ...
3816 * bookmark name 1 -> { property 1, property 2, ... },
3817 * bookmark name 2 -> { property 1, property 2, ... }
3821 static const zfs_ioc_key_t zfs_keys_get_bookmarks[] = {
3822 {"<property>...", DATA_TYPE_BOOLEAN, ZK_WILDCARDLIST | ZK_OPTIONAL},
3826 zfs_ioc_get_bookmarks(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3828 return (dsl_get_bookmarks(fsname, innvl, outnvl));
3832 * innvl is not used.
3835 * property 1, property 2, ...
3839 static const zfs_ioc_key_t zfs_keys_get_bookmark_props[] = {
3844 zfs_ioc_get_bookmark_props(const char *bookmark, nvlist_t *innvl,
3848 char fsname[ZFS_MAX_DATASET_NAME_LEN];
3851 bmname = strchr(bookmark, '#');
3853 return (SET_ERROR(EINVAL));
3856 (void) strlcpy(fsname, bookmark, sizeof (fsname));
3857 *(strchr(fsname, '#')) = '\0';
3859 return (dsl_get_bookmark_props(fsname, bmname, outnvl));
3864 * bookmark name 1, bookmark name 2
3867 * outnvl: bookmark -> error code (int32)
3870 static const zfs_ioc_key_t zfs_keys_destroy_bookmarks[] = {
3871 {"<bookmark>...", DATA_TYPE_BOOLEAN, ZK_WILDCARDLIST},
3875 zfs_ioc_destroy_bookmarks(const char *poolname, nvlist_t *innvl,
3880 poollen = strlen(poolname);
3881 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL);
3882 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
3883 const char *name = nvpair_name(pair);
3884 const char *cp = strchr(name, '#');
3887 * The bookmark name must contain an #, and the part after it
3888 * must contain only valid characters.
3891 zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
3892 return (SET_ERROR(EINVAL));
3895 * The bookmark must be in the specified pool.
3897 if (strncmp(name, poolname, poollen) != 0 ||
3898 (name[poollen] != '/' && name[poollen] != '#'))
3899 return (SET_ERROR(EXDEV));
3902 error = dsl_bookmark_destroy(innvl, outnvl);
3906 static const zfs_ioc_key_t zfs_keys_channel_program[] = {
3907 {"program", DATA_TYPE_STRING, 0},
3908 {"arg", DATA_TYPE_ANY, 0},
3909 {"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
3910 {"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
3911 {"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
3915 zfs_ioc_channel_program(const char *poolname, nvlist_t *innvl,
3919 uint64_t instrlimit, memlimit;
3920 boolean_t sync_flag;
3921 nvpair_t *nvarg = NULL;
3923 program = fnvlist_lookup_string(innvl, ZCP_ARG_PROGRAM);
3924 if (0 != nvlist_lookup_boolean_value(innvl, ZCP_ARG_SYNC, &sync_flag)) {
3927 if (0 != nvlist_lookup_uint64(innvl, ZCP_ARG_INSTRLIMIT, &instrlimit)) {
3928 instrlimit = ZCP_DEFAULT_INSTRLIMIT;
3930 if (0 != nvlist_lookup_uint64(innvl, ZCP_ARG_MEMLIMIT, &memlimit)) {
3931 memlimit = ZCP_DEFAULT_MEMLIMIT;
3933 nvarg = fnvlist_lookup_nvpair(innvl, ZCP_ARG_ARGLIST);
3935 if (instrlimit == 0 || instrlimit > zfs_lua_max_instrlimit)
3936 return (SET_ERROR(EINVAL));
3937 if (memlimit == 0 || memlimit > zfs_lua_max_memlimit)
3938 return (SET_ERROR(EINVAL));
3940 return (zcp_eval(poolname, program, sync_flag, instrlimit, memlimit,
3948 static const zfs_ioc_key_t zfs_keys_pool_checkpoint[] = {
3953 zfs_ioc_pool_checkpoint(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3955 (void) innvl, (void) outnvl;
3956 return (spa_checkpoint(poolname));
3963 static const zfs_ioc_key_t zfs_keys_pool_discard_checkpoint[] = {
3968 zfs_ioc_pool_discard_checkpoint(const char *poolname, nvlist_t *innvl,
3971 (void) innvl, (void) outnvl;
3972 return (spa_checkpoint_discard(poolname));
3977 * zc_name name of dataset to destroy
3978 * zc_defer_destroy mark for deferred destroy
3983 zfs_ioc_destroy(zfs_cmd_t *zc)
3986 dmu_objset_type_t ost;
3989 err = dmu_objset_hold(zc->zc_name, FTAG, &os);
3992 ost = dmu_objset_type(os);
3993 dmu_objset_rele(os, FTAG);
3995 if (ost == DMU_OST_ZFS)
3996 zfs_unmount_snap(zc->zc_name);
3998 if (strchr(zc->zc_name, '@')) {
3999 err = dsl_destroy_snapshot(zc->zc_name, zc->zc_defer_destroy);
4001 err = dsl_destroy_head(zc->zc_name);
4002 if (err == EEXIST) {
4004 * It is possible that the given DS may have
4005 * hidden child (%recv) datasets - "leftovers"
4006 * resulting from the previously interrupted
4009 * 6 extra bytes for /%recv
4011 char namebuf[ZFS_MAX_DATASET_NAME_LEN + 6];
4013 if (snprintf(namebuf, sizeof (namebuf), "%s/%s",
4014 zc->zc_name, recv_clone_name) >=
4016 return (SET_ERROR(EINVAL));
4019 * Try to remove the hidden child (%recv) and after
4020 * that try to remove the target dataset.
4021 * If the hidden child (%recv) does not exist
4022 * the original error (EEXIST) will be returned
4024 err = dsl_destroy_head(namebuf);
4026 err = dsl_destroy_head(zc->zc_name);
4027 else if (err == ENOENT)
4028 err = SET_ERROR(EEXIST);
4037 * "initialize_command" -> POOL_INITIALIZE_{CANCEL|START|SUSPEND} (uint64)
4038 * "initialize_vdevs": { -> guids to initialize (nvlist)
4039 * "vdev_path_1": vdev_guid_1, (uint64),
4040 * "vdev_path_2": vdev_guid_2, (uint64),
4046 * "initialize_vdevs": { -> initialization errors (nvlist)
4047 * "vdev_path_1": errno, see function body for possible errnos (uint64)
4048 * "vdev_path_2": errno, ... (uint64)
4053 * EINVAL is returned for an unknown commands or if any of the provided vdev
4054 * guids have be specified with a type other than uint64.
4056 static const zfs_ioc_key_t zfs_keys_pool_initialize[] = {
4057 {ZPOOL_INITIALIZE_COMMAND, DATA_TYPE_UINT64, 0},
4058 {ZPOOL_INITIALIZE_VDEVS, DATA_TYPE_NVLIST, 0}
4062 zfs_ioc_pool_initialize(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
4065 if (nvlist_lookup_uint64(innvl, ZPOOL_INITIALIZE_COMMAND,
4067 return (SET_ERROR(EINVAL));
4070 if (!(cmd_type == POOL_INITIALIZE_CANCEL ||
4071 cmd_type == POOL_INITIALIZE_START ||
4072 cmd_type == POOL_INITIALIZE_SUSPEND)) {
4073 return (SET_ERROR(EINVAL));
4076 nvlist_t *vdev_guids;
4077 if (nvlist_lookup_nvlist(innvl, ZPOOL_INITIALIZE_VDEVS,
4078 &vdev_guids) != 0) {
4079 return (SET_ERROR(EINVAL));
4082 for (nvpair_t *pair = nvlist_next_nvpair(vdev_guids, NULL);
4083 pair != NULL; pair = nvlist_next_nvpair(vdev_guids, pair)) {
4085 if (nvpair_value_uint64(pair, &vdev_guid) != 0) {
4086 return (SET_ERROR(EINVAL));
4091 int error = spa_open(poolname, &spa, FTAG);
4095 nvlist_t *vdev_errlist = fnvlist_alloc();
4096 int total_errors = spa_vdev_initialize(spa, vdev_guids, cmd_type,
4099 if (fnvlist_size(vdev_errlist) > 0) {
4100 fnvlist_add_nvlist(outnvl, ZPOOL_INITIALIZE_VDEVS,
4103 fnvlist_free(vdev_errlist);
4105 spa_close(spa, FTAG);
4106 return (total_errors > 0 ? SET_ERROR(EINVAL) : 0);
4111 * "trim_command" -> POOL_TRIM_{CANCEL|START|SUSPEND} (uint64)
4112 * "trim_vdevs": { -> guids to TRIM (nvlist)
4113 * "vdev_path_1": vdev_guid_1, (uint64),
4114 * "vdev_path_2": vdev_guid_2, (uint64),
4117 * "trim_rate" -> Target TRIM rate in bytes/sec.
4118 * "trim_secure" -> Set to request a secure TRIM.
4122 * "trim_vdevs": { -> TRIM errors (nvlist)
4123 * "vdev_path_1": errno, see function body for possible errnos (uint64)
4124 * "vdev_path_2": errno, ... (uint64)
4129 * EINVAL is returned for an unknown commands or if any of the provided vdev
4130 * guids have be specified with a type other than uint64.
4132 static const zfs_ioc_key_t zfs_keys_pool_trim[] = {
4133 {ZPOOL_TRIM_COMMAND, DATA_TYPE_UINT64, 0},
4134 {ZPOOL_TRIM_VDEVS, DATA_TYPE_NVLIST, 0},
4135 {ZPOOL_TRIM_RATE, DATA_TYPE_UINT64, ZK_OPTIONAL},
4136 {ZPOOL_TRIM_SECURE, DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
4140 zfs_ioc_pool_trim(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
4143 if (nvlist_lookup_uint64(innvl, ZPOOL_TRIM_COMMAND, &cmd_type) != 0)
4144 return (SET_ERROR(EINVAL));
4146 if (!(cmd_type == POOL_TRIM_CANCEL ||
4147 cmd_type == POOL_TRIM_START ||
4148 cmd_type == POOL_TRIM_SUSPEND)) {
4149 return (SET_ERROR(EINVAL));
4152 nvlist_t *vdev_guids;
4153 if (nvlist_lookup_nvlist(innvl, ZPOOL_TRIM_VDEVS, &vdev_guids) != 0)
4154 return (SET_ERROR(EINVAL));
4156 for (nvpair_t *pair = nvlist_next_nvpair(vdev_guids, NULL);
4157 pair != NULL; pair = nvlist_next_nvpair(vdev_guids, pair)) {
4159 if (nvpair_value_uint64(pair, &vdev_guid) != 0) {
4160 return (SET_ERROR(EINVAL));
4164 /* Optional, defaults to maximum rate when not provided */
4166 if (nvlist_lookup_uint64(innvl, ZPOOL_TRIM_RATE, &rate) != 0)
4169 /* Optional, defaults to standard TRIM when not provided */
4171 if (nvlist_lookup_boolean_value(innvl, ZPOOL_TRIM_SECURE,
4177 int error = spa_open(poolname, &spa, FTAG);
4181 nvlist_t *vdev_errlist = fnvlist_alloc();
4182 int total_errors = spa_vdev_trim(spa, vdev_guids, cmd_type,
4183 rate, !!zfs_trim_metaslab_skip, secure, vdev_errlist);
4185 if (fnvlist_size(vdev_errlist) > 0)
4186 fnvlist_add_nvlist(outnvl, ZPOOL_TRIM_VDEVS, vdev_errlist);
4188 fnvlist_free(vdev_errlist);
4190 spa_close(spa, FTAG);
4191 return (total_errors > 0 ? SET_ERROR(EINVAL) : 0);
4195 * This ioctl waits for activity of a particular type to complete. If there is
4196 * no activity of that type in progress, it returns immediately, and the
4197 * returned value "waited" is false. If there is activity in progress, and no
4198 * tag is passed in, the ioctl blocks until all activity of that type is
4199 * complete, and then returns with "waited" set to true.
4201 * If a tag is provided, it identifies a particular instance of an activity to
4202 * wait for. Currently, this is only valid for use with 'initialize', because
4203 * that is the only activity for which there can be multiple instances running
4204 * concurrently. In the case of 'initialize', the tag corresponds to the guid of
4205 * the vdev on which to wait.
4207 * If a thread waiting in the ioctl receives a signal, the call will return
4208 * immediately, and the return value will be EINTR.
4211 * "wait_activity" -> int32_t
4212 * (optional) "wait_tag" -> uint64_t
4215 * outnvl: "waited" -> boolean_t
4217 static const zfs_ioc_key_t zfs_keys_pool_wait[] = {
4218 {ZPOOL_WAIT_ACTIVITY, DATA_TYPE_INT32, 0},
4219 {ZPOOL_WAIT_TAG, DATA_TYPE_UINT64, ZK_OPTIONAL},
4223 zfs_ioc_wait(const char *name, nvlist_t *innvl, nvlist_t *outnvl)
4230 if (nvlist_lookup_int32(innvl, ZPOOL_WAIT_ACTIVITY, &activity) != 0)
4233 if (nvlist_lookup_uint64(innvl, ZPOOL_WAIT_TAG, &tag) == 0)
4234 error = spa_wait_tag(name, activity, tag, &waited);
4236 error = spa_wait(name, activity, &waited);
4239 fnvlist_add_boolean_value(outnvl, ZPOOL_WAIT_WAITED, waited);
4245 * This ioctl waits for activity of a particular type to complete. If there is
4246 * no activity of that type in progress, it returns immediately, and the
4247 * returned value "waited" is false. If there is activity in progress, and no
4248 * tag is passed in, the ioctl blocks until all activity of that type is
4249 * complete, and then returns with "waited" set to true.
4251 * If a thread waiting in the ioctl receives a signal, the call will return
4252 * immediately, and the return value will be EINTR.
4255 * "wait_activity" -> int32_t
4258 * outnvl: "waited" -> boolean_t
4260 static const zfs_ioc_key_t zfs_keys_fs_wait[] = {
4261 {ZFS_WAIT_ACTIVITY, DATA_TYPE_INT32, 0},
4265 zfs_ioc_wait_fs(const char *name, nvlist_t *innvl, nvlist_t *outnvl)
4268 boolean_t waited = B_FALSE;
4274 if (nvlist_lookup_int32(innvl, ZFS_WAIT_ACTIVITY, &activity) != 0)
4275 return (SET_ERROR(EINVAL));
4277 if (activity >= ZFS_WAIT_NUM_ACTIVITIES || activity < 0)
4278 return (SET_ERROR(EINVAL));
4280 if ((error = dsl_pool_hold(name, FTAG, &dp)) != 0)
4283 if ((error = dsl_dataset_hold(dp, name, FTAG, &ds)) != 0) {
4284 dsl_pool_rele(dp, FTAG);
4289 mutex_enter(&dd->dd_activity_lock);
4290 dd->dd_activity_waiters++;
4293 * We get a long-hold here so that the dsl_dataset_t and dsl_dir_t
4294 * aren't evicted while we're waiting. Normally this is prevented by
4295 * holding the pool, but we can't do that while we're waiting since
4296 * that would prevent TXGs from syncing out. Some of the functionality
4297 * of long-holds (e.g. preventing deletion) is unnecessary for this
4298 * case, since we would cancel the waiters before proceeding with a
4299 * deletion. An alternative mechanism for keeping the dataset around
4300 * could be developed but this is simpler.
4302 dsl_dataset_long_hold(ds, FTAG);
4303 dsl_pool_rele(dp, FTAG);
4305 error = dsl_dir_wait(dd, ds, activity, &waited);
4307 dsl_dataset_long_rele(ds, FTAG);
4308 dd->dd_activity_waiters--;
4309 if (dd->dd_activity_waiters == 0)
4310 cv_signal(&dd->dd_activity_cv);
4311 mutex_exit(&dd->dd_activity_lock);
4313 dsl_dataset_rele(ds, FTAG);
4316 fnvlist_add_boolean_value(outnvl, ZFS_WAIT_WAITED, waited);
4322 * fsname is name of dataset to rollback (to most recent snapshot)
4324 * innvl may contain name of expected target snapshot
4326 * outnvl: "target" -> name of most recent snapshot
4329 static const zfs_ioc_key_t zfs_keys_rollback[] = {
4330 {"target", DATA_TYPE_STRING, ZK_OPTIONAL},
4334 zfs_ioc_rollback(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
4337 zvol_state_handle_t *zv;
4338 char *target = NULL;
4341 (void) nvlist_lookup_string(innvl, "target", &target);
4342 if (target != NULL) {
4343 const char *cp = strchr(target, '@');
4346 * The snap name must contain an @, and the part after it must
4347 * contain only valid characters.
4350 zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
4351 return (SET_ERROR(EINVAL));
4354 if (getzfsvfs(fsname, &zfsvfs) == 0) {
4357 ds = dmu_objset_ds(zfsvfs->z_os);
4358 error = zfs_suspend_fs(zfsvfs);
4362 error = dsl_dataset_rollback(fsname, target, zfsvfs,
4364 resume_err = zfs_resume_fs(zfsvfs, ds);
4365 error = error ? error : resume_err;
4367 zfs_vfs_rele(zfsvfs);
4368 } else if ((zv = zvol_suspend(fsname)) != NULL) {
4369 error = dsl_dataset_rollback(fsname, target, zvol_tag(zv),
4373 error = dsl_dataset_rollback(fsname, target, NULL, outnvl);
4379 recursive_unmount(const char *fsname, void *arg)
4381 const char *snapname = arg;
4384 fullname = kmem_asprintf("%s@%s", fsname, snapname);
4385 zfs_unmount_snap(fullname);
4386 kmem_strfree(fullname);
4393 * snapname is the snapshot to redact.
4395 * "bookname" -> (string)
4396 * shortname of the redaction bookmark to generate
4397 * "snapnv" -> (nvlist, values ignored)
4398 * snapshots to redact snapname with respect to
4404 static const zfs_ioc_key_t zfs_keys_redact[] = {
4405 {"bookname", DATA_TYPE_STRING, 0},
4406 {"snapnv", DATA_TYPE_NVLIST, 0},
4410 zfs_ioc_redact(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
4413 nvlist_t *redactnvl = NULL;
4414 char *redactbook = NULL;
4416 if (nvlist_lookup_nvlist(innvl, "snapnv", &redactnvl) != 0)
4417 return (SET_ERROR(EINVAL));
4418 if (fnvlist_num_pairs(redactnvl) == 0)
4419 return (SET_ERROR(ENXIO));
4420 if (nvlist_lookup_string(innvl, "bookname", &redactbook) != 0)
4421 return (SET_ERROR(EINVAL));
4423 return (dmu_redact_snap(snapname, redactnvl, redactbook));
4428 * zc_name old name of dataset
4429 * zc_value new name of dataset
4430 * zc_cookie recursive flag (only valid for snapshots)
4435 zfs_ioc_rename(zfs_cmd_t *zc)
4438 dmu_objset_type_t ost;
4439 boolean_t recursive = zc->zc_cookie & 1;
4440 boolean_t nounmount = !!(zc->zc_cookie & 2);
4444 /* "zfs rename" from and to ...%recv datasets should both fail */
4445 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
4446 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
4447 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0 ||
4448 dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
4449 strchr(zc->zc_name, '%') || strchr(zc->zc_value, '%'))
4450 return (SET_ERROR(EINVAL));
4452 err = dmu_objset_hold(zc->zc_name, FTAG, &os);
4455 ost = dmu_objset_type(os);
4456 dmu_objset_rele(os, FTAG);
4458 at = strchr(zc->zc_name, '@');
4460 /* snaps must be in same fs */
4463 if (strncmp(zc->zc_name, zc->zc_value, at - zc->zc_name + 1))
4464 return (SET_ERROR(EXDEV));
4466 if (ost == DMU_OST_ZFS && !nounmount) {
4467 error = dmu_objset_find(zc->zc_name,
4468 recursive_unmount, at + 1,
4469 recursive ? DS_FIND_CHILDREN : 0);
4475 error = dsl_dataset_rename_snapshot(zc->zc_name,
4476 at + 1, strchr(zc->zc_value, '@') + 1, recursive);
4481 return (dsl_dir_rename(zc->zc_name, zc->zc_value));
4486 zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr)
4488 const char *propname = nvpair_name(pair);
4489 boolean_t issnap = (strchr(dsname, '@') != NULL);
4490 zfs_prop_t prop = zfs_name_to_prop(propname);
4491 uint64_t intval, compval;
4494 if (prop == ZPROP_USERPROP) {
4495 if (zfs_prop_user(propname)) {
4496 if ((err = zfs_secpolicy_write_perms(dsname,
4497 ZFS_DELEG_PERM_USERPROP, cr)))
4502 if (!issnap && zfs_prop_userquota(propname)) {
4503 const char *perm = NULL;
4504 const char *uq_prefix =
4505 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA];
4506 const char *gq_prefix =
4507 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA];
4508 const char *uiq_prefix =
4509 zfs_userquota_prop_prefixes[ZFS_PROP_USEROBJQUOTA];
4510 const char *giq_prefix =
4511 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPOBJQUOTA];
4512 const char *pq_prefix =
4513 zfs_userquota_prop_prefixes[ZFS_PROP_PROJECTQUOTA];
4514 const char *piq_prefix = zfs_userquota_prop_prefixes[\
4515 ZFS_PROP_PROJECTOBJQUOTA];
4517 if (strncmp(propname, uq_prefix,
4518 strlen(uq_prefix)) == 0) {
4519 perm = ZFS_DELEG_PERM_USERQUOTA;
4520 } else if (strncmp(propname, uiq_prefix,
4521 strlen(uiq_prefix)) == 0) {
4522 perm = ZFS_DELEG_PERM_USEROBJQUOTA;
4523 } else if (strncmp(propname, gq_prefix,
4524 strlen(gq_prefix)) == 0) {
4525 perm = ZFS_DELEG_PERM_GROUPQUOTA;
4526 } else if (strncmp(propname, giq_prefix,
4527 strlen(giq_prefix)) == 0) {
4528 perm = ZFS_DELEG_PERM_GROUPOBJQUOTA;
4529 } else if (strncmp(propname, pq_prefix,
4530 strlen(pq_prefix)) == 0) {
4531 perm = ZFS_DELEG_PERM_PROJECTQUOTA;
4532 } else if (strncmp(propname, piq_prefix,
4533 strlen(piq_prefix)) == 0) {
4534 perm = ZFS_DELEG_PERM_PROJECTOBJQUOTA;
4536 /* {USER|GROUP|PROJECT}USED are read-only */
4537 return (SET_ERROR(EINVAL));
4540 if ((err = zfs_secpolicy_write_perms(dsname, perm, cr)))
4545 return (SET_ERROR(EINVAL));
4549 return (SET_ERROR(EINVAL));
4551 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
4553 * dsl_prop_get_all_impl() returns properties in this
4557 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
4558 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
4563 * Check that this value is valid for this pool version
4566 case ZFS_PROP_COMPRESSION:
4568 * If the user specified gzip compression, make sure
4569 * the SPA supports it. We ignore any errors here since
4570 * we'll catch them later.
4572 if (nvpair_value_uint64(pair, &intval) == 0) {
4573 compval = ZIO_COMPRESS_ALGO(intval);
4574 if (compval >= ZIO_COMPRESS_GZIP_1 &&
4575 compval <= ZIO_COMPRESS_GZIP_9 &&
4576 zfs_earlier_version(dsname,
4577 SPA_VERSION_GZIP_COMPRESSION)) {
4578 return (SET_ERROR(ENOTSUP));
4581 if (compval == ZIO_COMPRESS_ZLE &&
4582 zfs_earlier_version(dsname,
4583 SPA_VERSION_ZLE_COMPRESSION))
4584 return (SET_ERROR(ENOTSUP));
4586 if (compval == ZIO_COMPRESS_LZ4) {
4589 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4592 if (!spa_feature_is_enabled(spa,
4593 SPA_FEATURE_LZ4_COMPRESS)) {
4594 spa_close(spa, FTAG);
4595 return (SET_ERROR(ENOTSUP));
4597 spa_close(spa, FTAG);
4600 if (compval == ZIO_COMPRESS_ZSTD) {
4603 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4606 if (!spa_feature_is_enabled(spa,
4607 SPA_FEATURE_ZSTD_COMPRESS)) {
4608 spa_close(spa, FTAG);
4609 return (SET_ERROR(ENOTSUP));
4611 spa_close(spa, FTAG);
4616 case ZFS_PROP_COPIES:
4617 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS))
4618 return (SET_ERROR(ENOTSUP));
4621 case ZFS_PROP_VOLBLOCKSIZE:
4622 case ZFS_PROP_RECORDSIZE:
4623 /* Record sizes above 128k need the feature to be enabled */
4624 if (nvpair_value_uint64(pair, &intval) == 0 &&
4625 intval > SPA_OLD_MAXBLOCKSIZE) {
4629 * We don't allow setting the property above 1MB,
4630 * unless the tunable has been changed.
4632 if (intval > zfs_max_recordsize ||
4633 intval > SPA_MAXBLOCKSIZE)
4634 return (SET_ERROR(ERANGE));
4636 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4639 if (!spa_feature_is_enabled(spa,
4640 SPA_FEATURE_LARGE_BLOCKS)) {
4641 spa_close(spa, FTAG);
4642 return (SET_ERROR(ENOTSUP));
4644 spa_close(spa, FTAG);
4648 case ZFS_PROP_DNODESIZE:
4649 /* Dnode sizes above 512 need the feature to be enabled */
4650 if (nvpair_value_uint64(pair, &intval) == 0 &&
4651 intval != ZFS_DNSIZE_LEGACY) {
4654 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4657 if (!spa_feature_is_enabled(spa,
4658 SPA_FEATURE_LARGE_DNODE)) {
4659 spa_close(spa, FTAG);
4660 return (SET_ERROR(ENOTSUP));
4662 spa_close(spa, FTAG);
4666 case ZFS_PROP_SPECIAL_SMALL_BLOCKS:
4668 * This property could require the allocation classes
4669 * feature to be active for setting, however we allow
4670 * it so that tests of settable properties succeed.
4671 * The CLI will issue a warning in this case.
4675 case ZFS_PROP_SHARESMB:
4676 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID))
4677 return (SET_ERROR(ENOTSUP));
4680 case ZFS_PROP_ACLINHERIT:
4681 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
4682 nvpair_value_uint64(pair, &intval) == 0) {
4683 if (intval == ZFS_ACL_PASSTHROUGH_X &&
4684 zfs_earlier_version(dsname,
4685 SPA_VERSION_PASSTHROUGH_X))
4686 return (SET_ERROR(ENOTSUP));
4689 case ZFS_PROP_CHECKSUM:
4690 case ZFS_PROP_DEDUP:
4692 spa_feature_t feature;
4696 /* dedup feature version checks */
4697 if (prop == ZFS_PROP_DEDUP &&
4698 zfs_earlier_version(dsname, SPA_VERSION_DEDUP))
4699 return (SET_ERROR(ENOTSUP));
4701 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
4702 nvpair_value_uint64(pair, &intval) == 0) {
4703 /* check prop value is enabled in features */
4704 feature = zio_checksum_to_feature(
4705 intval & ZIO_CHECKSUM_MASK);
4706 if (feature == SPA_FEATURE_NONE)
4709 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4712 if (!spa_feature_is_enabled(spa, feature)) {
4713 spa_close(spa, FTAG);
4714 return (SET_ERROR(ENOTSUP));
4716 spa_close(spa, FTAG);
4725 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED()));
4729 * Removes properties from the given props list that fail permission checks
4730 * needed to clear them and to restore them in case of a receive error. For each
4731 * property, make sure we have both set and inherit permissions.
4733 * Returns the first error encountered if any permission checks fail. If the
4734 * caller provides a non-NULL errlist, it also gives the complete list of names
4735 * of all the properties that failed a permission check along with the
4736 * corresponding error numbers. The caller is responsible for freeing the
4739 * If every property checks out successfully, zero is returned and the list
4740 * pointed at by errlist is NULL.
4743 zfs_check_clearable(const char *dataset, nvlist_t *props, nvlist_t **errlist)
4746 nvpair_t *pair, *next_pair;
4753 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
4755 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP);
4756 (void) strlcpy(zc->zc_name, dataset, sizeof (zc->zc_name));
4757 pair = nvlist_next_nvpair(props, NULL);
4758 while (pair != NULL) {
4759 next_pair = nvlist_next_nvpair(props, pair);
4761 (void) strlcpy(zc->zc_value, nvpair_name(pair),
4762 sizeof (zc->zc_value));
4763 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 ||
4764 (err = zfs_secpolicy_inherit_prop(zc, NULL, CRED())) != 0) {
4765 VERIFY(nvlist_remove_nvpair(props, pair) == 0);
4766 VERIFY(nvlist_add_int32(errors,
4767 zc->zc_value, err) == 0);
4771 kmem_free(zc, sizeof (zfs_cmd_t));
4773 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
4774 nvlist_free(errors);
4777 VERIFY(nvpair_value_int32(pair, &rv) == 0);
4780 if (errlist == NULL)
4781 nvlist_free(errors);
4789 propval_equals(nvpair_t *p1, nvpair_t *p2)
4791 if (nvpair_type(p1) == DATA_TYPE_NVLIST) {
4792 /* dsl_prop_get_all_impl() format */
4794 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0);
4795 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
4799 if (nvpair_type(p2) == DATA_TYPE_NVLIST) {
4801 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0);
4802 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
4806 if (nvpair_type(p1) != nvpair_type(p2))
4809 if (nvpair_type(p1) == DATA_TYPE_STRING) {
4810 char *valstr1, *valstr2;
4812 VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0);
4813 VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0);
4814 return (strcmp(valstr1, valstr2) == 0);
4816 uint64_t intval1, intval2;
4818 VERIFY(nvpair_value_uint64(p1, &intval1) == 0);
4819 VERIFY(nvpair_value_uint64(p2, &intval2) == 0);
4820 return (intval1 == intval2);
4825 * Remove properties from props if they are not going to change (as determined
4826 * by comparison with origprops). Remove them from origprops as well, since we
4827 * do not need to clear or restore properties that won't change.
4830 props_reduce(nvlist_t *props, nvlist_t *origprops)
4832 nvpair_t *pair, *next_pair;
4834 if (origprops == NULL)
4835 return; /* all props need to be received */
4837 pair = nvlist_next_nvpair(props, NULL);
4838 while (pair != NULL) {
4839 const char *propname = nvpair_name(pair);
4842 next_pair = nvlist_next_nvpair(props, pair);
4844 if ((nvlist_lookup_nvpair(origprops, propname,
4845 &match) != 0) || !propval_equals(pair, match))
4846 goto next; /* need to set received value */
4848 /* don't clear the existing received value */
4849 (void) nvlist_remove_nvpair(origprops, match);
4850 /* don't bother receiving the property */
4851 (void) nvlist_remove_nvpair(props, pair);
4858 * Extract properties that cannot be set PRIOR to the receipt of a dataset.
4859 * For example, refquota cannot be set until after the receipt of a dataset,
4860 * because in replication streams, an older/earlier snapshot may exceed the
4861 * refquota. We want to receive the older/earlier snapshot, but setting
4862 * refquota pre-receipt will set the dsl's ACTUAL quota, which will prevent
4863 * the older/earlier snapshot from being received (with EDQUOT).
4865 * The ZFS test "zfs_receive_011_pos" demonstrates such a scenario.
4867 * libzfs will need to be judicious handling errors encountered by props
4868 * extracted by this function.
4871 extract_delay_props(nvlist_t *props)
4873 nvlist_t *delayprops;
4874 nvpair_t *nvp, *tmp;
4875 static const zfs_prop_t delayable[] = {
4877 ZFS_PROP_KEYLOCATION,
4882 VERIFY(nvlist_alloc(&delayprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
4884 for (nvp = nvlist_next_nvpair(props, NULL); nvp != NULL;
4885 nvp = nvlist_next_nvpair(props, nvp)) {
4887 * strcmp() is safe because zfs_prop_to_name() always returns
4890 for (i = 0; delayable[i] != 0; i++) {
4891 if (strcmp(zfs_prop_to_name(delayable[i]),
4892 nvpair_name(nvp)) == 0) {
4896 if (delayable[i] != 0) {
4897 tmp = nvlist_prev_nvpair(props, nvp);
4898 VERIFY(nvlist_add_nvpair(delayprops, nvp) == 0);
4899 VERIFY(nvlist_remove_nvpair(props, nvp) == 0);
4904 if (nvlist_empty(delayprops)) {
4905 nvlist_free(delayprops);
4908 return (delayprops);
4912 zfs_allow_log_destroy(void *arg)
4914 char *poolname = arg;
4916 if (poolname != NULL)
4917 kmem_strfree(poolname);
4921 static boolean_t zfs_ioc_recv_inject_err;
4925 * nvlist 'errors' is always allocated. It will contain descriptions of
4926 * encountered errors, if any. It's the callers responsibility to free.
4929 zfs_ioc_recv_impl(char *tofs, char *tosnap, char *origin, nvlist_t *recvprops,
4930 nvlist_t *localprops, nvlist_t *hidden_args, boolean_t force,
4931 boolean_t resumable, int input_fd,
4932 dmu_replay_record_t *begin_record, uint64_t *read_bytes,
4933 uint64_t *errflags, nvlist_t **errors)
4935 dmu_recv_cookie_t drc;
4937 int props_error = 0;
4939 nvlist_t *local_delayprops = NULL;
4940 nvlist_t *recv_delayprops = NULL;
4941 nvlist_t *origprops = NULL; /* existing properties */
4942 nvlist_t *origrecvd = NULL; /* existing received properties */
4943 boolean_t first_recvd_props = B_FALSE;
4944 boolean_t tofs_was_redacted;
4945 zfs_file_t *input_fp;
4949 *errors = fnvlist_alloc();
4952 if ((input_fp = zfs_file_get(input_fd)) == NULL)
4953 return (SET_ERROR(EBADF));
4955 noff = off = zfs_file_off(input_fp);
4956 error = dmu_recv_begin(tofs, tosnap, begin_record, force,
4957 resumable, localprops, hidden_args, origin, &drc, input_fp,
4961 tofs_was_redacted = dsl_get_redacted(drc.drc_ds);
4964 * Set properties before we receive the stream so that they are applied
4965 * to the new data. Note that we must call dmu_recv_stream() if
4966 * dmu_recv_begin() succeeds.
4968 if (recvprops != NULL && !drc.drc_newfs) {
4969 if (spa_version(dsl_dataset_get_spa(drc.drc_ds)) >=
4970 SPA_VERSION_RECVD_PROPS &&
4971 !dsl_prop_get_hasrecvd(tofs))
4972 first_recvd_props = B_TRUE;
4975 * If new received properties are supplied, they are to
4976 * completely replace the existing received properties,
4977 * so stash away the existing ones.
4979 if (dsl_prop_get_received(tofs, &origrecvd) == 0) {
4980 nvlist_t *errlist = NULL;
4982 * Don't bother writing a property if its value won't
4983 * change (and avoid the unnecessary security checks).
4985 * The first receive after SPA_VERSION_RECVD_PROPS is a
4986 * special case where we blow away all local properties
4989 if (!first_recvd_props)
4990 props_reduce(recvprops, origrecvd);
4991 if (zfs_check_clearable(tofs, origrecvd, &errlist) != 0)
4992 (void) nvlist_merge(*errors, errlist, 0);
4993 nvlist_free(errlist);
4995 if (clear_received_props(tofs, origrecvd,
4996 first_recvd_props ? NULL : recvprops) != 0)
4997 *errflags |= ZPROP_ERR_NOCLEAR;
4999 *errflags |= ZPROP_ERR_NOCLEAR;
5004 * Stash away existing properties so we can restore them on error unless
5005 * we're doing the first receive after SPA_VERSION_RECVD_PROPS, in which
5006 * case "origrecvd" will take care of that.
5008 if (localprops != NULL && !drc.drc_newfs && !first_recvd_props) {
5010 if (dmu_objset_hold(tofs, FTAG, &os) == 0) {
5011 if (dsl_prop_get_all(os, &origprops) != 0) {
5012 *errflags |= ZPROP_ERR_NOCLEAR;
5014 dmu_objset_rele(os, FTAG);
5016 *errflags |= ZPROP_ERR_NOCLEAR;
5020 if (recvprops != NULL) {
5021 props_error = dsl_prop_set_hasrecvd(tofs);
5023 if (props_error == 0) {
5024 recv_delayprops = extract_delay_props(recvprops);
5025 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
5026 recvprops, *errors);
5030 if (localprops != NULL) {
5031 nvlist_t *oprops = fnvlist_alloc();
5032 nvlist_t *xprops = fnvlist_alloc();
5033 nvpair_t *nvp = NULL;
5035 while ((nvp = nvlist_next_nvpair(localprops, nvp)) != NULL) {
5036 if (nvpair_type(nvp) == DATA_TYPE_BOOLEAN) {
5038 const char *name = nvpair_name(nvp);
5039 zfs_prop_t prop = zfs_name_to_prop(name);
5040 if (prop != ZPROP_USERPROP) {
5041 if (!zfs_prop_inheritable(prop))
5043 } else if (!zfs_prop_user(name))
5045 fnvlist_add_boolean(xprops, name);
5047 /* -o property=value */
5048 fnvlist_add_nvpair(oprops, nvp);
5052 local_delayprops = extract_delay_props(oprops);
5053 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL,
5055 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED,
5058 nvlist_free(oprops);
5059 nvlist_free(xprops);
5062 error = dmu_recv_stream(&drc, &off);
5065 zfsvfs_t *zfsvfs = NULL;
5066 zvol_state_handle_t *zv = NULL;
5068 if (getzfsvfs(tofs, &zfsvfs) == 0) {
5072 boolean_t stream_is_redacted = DMU_GET_FEATUREFLAGS(
5073 begin_record->drr_u.drr_begin.
5074 drr_versioninfo) & DMU_BACKUP_FEATURE_REDACTED;
5076 ds = dmu_objset_ds(zfsvfs->z_os);
5077 error = zfs_suspend_fs(zfsvfs);
5079 * If the suspend fails, then the recv_end will
5080 * likely also fail, and clean up after itself.
5082 end_err = dmu_recv_end(&drc, zfsvfs);
5084 * If the dataset was not redacted, but we received a
5085 * redacted stream onto it, we need to unmount the
5086 * dataset. Otherwise, resume the filesystem.
5088 if (error == 0 && !drc.drc_newfs &&
5089 stream_is_redacted && !tofs_was_redacted) {
5090 error = zfs_end_fs(zfsvfs, ds);
5091 } else if (error == 0) {
5092 error = zfs_resume_fs(zfsvfs, ds);
5094 error = error ? error : end_err;
5095 zfs_vfs_rele(zfsvfs);
5096 } else if ((zv = zvol_suspend(tofs)) != NULL) {
5097 error = dmu_recv_end(&drc, zvol_tag(zv));
5100 error = dmu_recv_end(&drc, NULL);
5103 /* Set delayed properties now, after we're done receiving. */
5104 if (recv_delayprops != NULL && error == 0) {
5105 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
5106 recv_delayprops, *errors);
5108 if (local_delayprops != NULL && error == 0) {
5109 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL,
5110 local_delayprops, *errors);
5115 * Merge delayed props back in with initial props, in case
5116 * we're DEBUG and zfs_ioc_recv_inject_err is set (which means
5117 * we have to make sure clear_received_props() includes
5118 * the delayed properties).
5120 * Since zfs_ioc_recv_inject_err is only in DEBUG kernels,
5121 * using ASSERT() will be just like a VERIFY.
5123 if (recv_delayprops != NULL) {
5124 ASSERT(nvlist_merge(recvprops, recv_delayprops, 0) == 0);
5125 nvlist_free(recv_delayprops);
5127 if (local_delayprops != NULL) {
5128 ASSERT(nvlist_merge(localprops, local_delayprops, 0) == 0);
5129 nvlist_free(local_delayprops);
5131 *read_bytes = off - noff;
5134 if (zfs_ioc_recv_inject_err) {
5135 zfs_ioc_recv_inject_err = B_FALSE;
5141 * On error, restore the original props.
5143 if (error != 0 && recvprops != NULL && !drc.drc_newfs) {
5144 if (clear_received_props(tofs, recvprops, NULL) != 0) {
5146 * We failed to clear the received properties.
5147 * Since we may have left a $recvd value on the
5148 * system, we can't clear the $hasrecvd flag.
5150 *errflags |= ZPROP_ERR_NORESTORE;
5151 } else if (first_recvd_props) {
5152 dsl_prop_unset_hasrecvd(tofs);
5155 if (origrecvd == NULL && !drc.drc_newfs) {
5156 /* We failed to stash the original properties. */
5157 *errflags |= ZPROP_ERR_NORESTORE;
5161 * dsl_props_set() will not convert RECEIVED to LOCAL on or
5162 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL
5163 * explicitly if we're restoring local properties cleared in the
5164 * first new-style receive.
5166 if (origrecvd != NULL &&
5167 zfs_set_prop_nvlist(tofs, (first_recvd_props ?
5168 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED),
5169 origrecvd, NULL) != 0) {
5171 * We stashed the original properties but failed to
5174 *errflags |= ZPROP_ERR_NORESTORE;
5177 if (error != 0 && localprops != NULL && !drc.drc_newfs &&
5178 !first_recvd_props) {
5180 nvlist_t *inheritprops;
5183 if (origprops == NULL) {
5184 /* We failed to stash the original properties. */
5185 *errflags |= ZPROP_ERR_NORESTORE;
5189 /* Restore original props */
5190 setprops = fnvlist_alloc();
5191 inheritprops = fnvlist_alloc();
5193 while ((nvp = nvlist_next_nvpair(localprops, nvp)) != NULL) {
5194 const char *name = nvpair_name(nvp);
5198 if (!nvlist_exists(origprops, name)) {
5200 * Property was not present or was explicitly
5201 * inherited before the receive, restore this.
5203 fnvlist_add_boolean(inheritprops, name);
5206 attrs = fnvlist_lookup_nvlist(origprops, name);
5207 source = fnvlist_lookup_string(attrs, ZPROP_SOURCE);
5209 /* Skip received properties */
5210 if (strcmp(source, ZPROP_SOURCE_VAL_RECVD) == 0)
5213 if (strcmp(source, tofs) == 0) {
5214 /* Property was locally set */
5215 fnvlist_add_nvlist(setprops, name, attrs);
5217 /* Property was implicitly inherited */
5218 fnvlist_add_boolean(inheritprops, name);
5222 if (zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL, setprops,
5224 *errflags |= ZPROP_ERR_NORESTORE;
5225 if (zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED, inheritprops,
5227 *errflags |= ZPROP_ERR_NORESTORE;
5229 nvlist_free(setprops);
5230 nvlist_free(inheritprops);
5233 zfs_file_put(input_fp);
5234 nvlist_free(origrecvd);
5235 nvlist_free(origprops);
5238 error = props_error;
5245 * zc_name name of containing filesystem (unused)
5246 * zc_nvlist_src{_size} nvlist of properties to apply
5247 * zc_nvlist_conf{_size} nvlist of properties to exclude
5248 * (DATA_TYPE_BOOLEAN) and override (everything else)
5249 * zc_value name of snapshot to create
5250 * zc_string name of clone origin (if DRR_FLAG_CLONE)
5251 * zc_cookie file descriptor to recv from
5252 * zc_begin_record the BEGIN record of the stream (not byteswapped)
5253 * zc_guid force flag
5256 * zc_cookie number of bytes read
5257 * zc_obj zprop_errflags_t
5258 * zc_nvlist_dst{_size} error for each unapplied received property
5261 zfs_ioc_recv(zfs_cmd_t *zc)
5263 dmu_replay_record_t begin_record;
5264 nvlist_t *errors = NULL;
5265 nvlist_t *recvdprops = NULL;
5266 nvlist_t *localprops = NULL;
5267 char *origin = NULL;
5269 char tofs[ZFS_MAX_DATASET_NAME_LEN];
5272 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
5273 strchr(zc->zc_value, '@') == NULL ||
5274 strchr(zc->zc_value, '%'))
5275 return (SET_ERROR(EINVAL));
5277 (void) strlcpy(tofs, zc->zc_value, sizeof (tofs));
5278 tosnap = strchr(tofs, '@');
5281 if (zc->zc_nvlist_src != 0 &&
5282 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
5283 zc->zc_iflags, &recvdprops)) != 0)
5286 if (zc->zc_nvlist_conf != 0 &&
5287 (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
5288 zc->zc_iflags, &localprops)) != 0)
5291 if (zc->zc_string[0])
5292 origin = zc->zc_string;
5294 begin_record.drr_type = DRR_BEGIN;
5295 begin_record.drr_payloadlen = 0;
5296 begin_record.drr_u.drr_begin = zc->zc_begin_record;
5298 error = zfs_ioc_recv_impl(tofs, tosnap, origin, recvdprops, localprops,
5299 NULL, zc->zc_guid, B_FALSE, zc->zc_cookie, &begin_record,
5300 &zc->zc_cookie, &zc->zc_obj, &errors);
5301 nvlist_free(recvdprops);
5302 nvlist_free(localprops);
5305 * Now that all props, initial and delayed, are set, report the prop
5306 * errors to the caller.
5308 if (zc->zc_nvlist_dst_size != 0 && errors != NULL &&
5309 (nvlist_smush(errors, zc->zc_nvlist_dst_size) != 0 ||
5310 put_nvlist(zc, errors) != 0)) {
5312 * Caller made zc->zc_nvlist_dst less than the minimum expected
5313 * size or supplied an invalid address.
5315 error = SET_ERROR(EINVAL);
5318 nvlist_free(errors);
5325 * "snapname" -> full name of the snapshot to create
5326 * (optional) "props" -> received properties to set (nvlist)
5327 * (optional) "localprops" -> override and exclude properties (nvlist)
5328 * (optional) "origin" -> name of clone origin (DRR_FLAG_CLONE)
5329 * "begin_record" -> non-byteswapped dmu_replay_record_t
5330 * "input_fd" -> file descriptor to read stream from (int32)
5331 * (optional) "force" -> force flag (value ignored)
5332 * (optional) "resumable" -> resumable flag (value ignored)
5333 * (optional) "cleanup_fd" -> unused
5334 * (optional) "action_handle" -> unused
5335 * (optional) "hidden_args" -> { "wkeydata" -> value }
5339 * "read_bytes" -> number of bytes read
5340 * "error_flags" -> zprop_errflags_t
5341 * "errors" -> error for each unapplied received property (nvlist)
5344 static const zfs_ioc_key_t zfs_keys_recv_new[] = {
5345 {"snapname", DATA_TYPE_STRING, 0},
5346 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
5347 {"localprops", DATA_TYPE_NVLIST, ZK_OPTIONAL},
5348 {"origin", DATA_TYPE_STRING, ZK_OPTIONAL},
5349 {"begin_record", DATA_TYPE_BYTE_ARRAY, 0},
5350 {"input_fd", DATA_TYPE_INT32, 0},
5351 {"force", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
5352 {"resumable", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
5353 {"cleanup_fd", DATA_TYPE_INT32, ZK_OPTIONAL},
5354 {"action_handle", DATA_TYPE_UINT64, ZK_OPTIONAL},
5355 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
5359 zfs_ioc_recv_new(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
5361 dmu_replay_record_t *begin_record;
5362 uint_t begin_record_size;
5363 nvlist_t *errors = NULL;
5364 nvlist_t *recvprops = NULL;
5365 nvlist_t *localprops = NULL;
5366 nvlist_t *hidden_args = NULL;
5368 char *origin = NULL;
5370 char tofs[ZFS_MAX_DATASET_NAME_LEN];
5372 boolean_t resumable;
5373 uint64_t read_bytes = 0;
5374 uint64_t errflags = 0;
5378 snapname = fnvlist_lookup_string(innvl, "snapname");
5380 if (dataset_namecheck(snapname, NULL, NULL) != 0 ||
5381 strchr(snapname, '@') == NULL ||
5382 strchr(snapname, '%'))
5383 return (SET_ERROR(EINVAL));
5385 (void) strlcpy(tofs, snapname, sizeof (tofs));
5386 tosnap = strchr(tofs, '@');
5389 error = nvlist_lookup_string(innvl, "origin", &origin);
5390 if (error && error != ENOENT)
5393 error = nvlist_lookup_byte_array(innvl, "begin_record",
5394 (uchar_t **)&begin_record, &begin_record_size);
5395 if (error != 0 || begin_record_size != sizeof (*begin_record))
5396 return (SET_ERROR(EINVAL));
5398 input_fd = fnvlist_lookup_int32(innvl, "input_fd");
5400 force = nvlist_exists(innvl, "force");
5401 resumable = nvlist_exists(innvl, "resumable");
5403 /* we still use "props" here for backwards compatibility */
5404 error = nvlist_lookup_nvlist(innvl, "props", &recvprops);
5405 if (error && error != ENOENT)
5408 error = nvlist_lookup_nvlist(innvl, "localprops", &localprops);
5409 if (error && error != ENOENT)
5412 error = nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args);
5413 if (error && error != ENOENT)
5416 error = zfs_ioc_recv_impl(tofs, tosnap, origin, recvprops, localprops,
5417 hidden_args, force, resumable, input_fd, begin_record,
5418 &read_bytes, &errflags, &errors);
5420 fnvlist_add_uint64(outnvl, "read_bytes", read_bytes);
5421 fnvlist_add_uint64(outnvl, "error_flags", errflags);
5422 fnvlist_add_nvlist(outnvl, "errors", errors);
5424 nvlist_free(errors);
5425 nvlist_free(recvprops);
5426 nvlist_free(localprops);
5431 typedef struct dump_bytes_io {
5439 dump_bytes_cb(void *arg)
5441 dump_bytes_io_t *dbi = (dump_bytes_io_t *)arg;
5448 dbi->dbi_err = zfs_file_write(fp, buf, dbi->dbi_len, NULL);
5452 dump_bytes(objset_t *os, void *buf, int len, void *arg)
5454 dump_bytes_io_t dbi;
5460 #if defined(HAVE_LARGE_STACKS)
5461 dump_bytes_cb(&dbi);
5464 * The vn_rdwr() call is performed in a taskq to ensure that there is
5465 * always enough stack space to write safely to the target filesystem.
5466 * The ZIO_TYPE_FREE threads are used because there can be a lot of
5467 * them and they are used in vdev_file.c for a similar purpose.
5469 spa_taskq_dispatch_sync(dmu_objset_spa(os), ZIO_TYPE_FREE,
5470 ZIO_TASKQ_ISSUE, dump_bytes_cb, &dbi, TQ_SLEEP);
5471 #endif /* HAVE_LARGE_STACKS */
5473 return (dbi.dbi_err);
5478 * zc_name name of snapshot to send
5479 * zc_cookie file descriptor to send stream to
5480 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj)
5481 * zc_sendobj objsetid of snapshot to send
5482 * zc_fromobj objsetid of incremental fromsnap (may be zero)
5483 * zc_guid if set, estimate size of stream only. zc_cookie is ignored.
5484 * output size in zc_objset_type.
5485 * zc_flags lzc_send_flags
5488 * zc_objset_type estimated size, if zc_guid is set
5490 * NOTE: This is no longer the preferred interface, any new functionality
5491 * should be added to zfs_ioc_send_new() instead.
5494 zfs_ioc_send(zfs_cmd_t *zc)
5498 boolean_t estimate = (zc->zc_guid != 0);
5499 boolean_t embedok = (zc->zc_flags & 0x1);
5500 boolean_t large_block_ok = (zc->zc_flags & 0x2);
5501 boolean_t compressok = (zc->zc_flags & 0x4);
5502 boolean_t rawok = (zc->zc_flags & 0x8);
5503 boolean_t savedok = (zc->zc_flags & 0x10);
5505 if (zc->zc_obj != 0) {
5507 dsl_dataset_t *tosnap;
5509 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
5513 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &tosnap);
5515 dsl_pool_rele(dp, FTAG);
5519 if (dsl_dir_is_clone(tosnap->ds_dir))
5521 dsl_dir_phys(tosnap->ds_dir)->dd_origin_obj;
5522 dsl_dataset_rele(tosnap, FTAG);
5523 dsl_pool_rele(dp, FTAG);
5528 dsl_dataset_t *tosnap;
5529 dsl_dataset_t *fromsnap = NULL;
5531 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
5535 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj,
5538 dsl_pool_rele(dp, FTAG);
5542 if (zc->zc_fromobj != 0) {
5543 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj,
5546 dsl_dataset_rele(tosnap, FTAG);
5547 dsl_pool_rele(dp, FTAG);
5552 error = dmu_send_estimate_fast(tosnap, fromsnap, NULL,
5553 compressok || rawok, savedok, &zc->zc_objset_type);
5555 if (fromsnap != NULL)
5556 dsl_dataset_rele(fromsnap, FTAG);
5557 dsl_dataset_rele(tosnap, FTAG);
5558 dsl_pool_rele(dp, FTAG);
5561 dmu_send_outparams_t out = {0};
5563 if ((fp = zfs_file_get(zc->zc_cookie)) == NULL)
5564 return (SET_ERROR(EBADF));
5566 off = zfs_file_off(fp);
5567 out.dso_outfunc = dump_bytes;
5569 out.dso_dryrun = B_FALSE;
5570 error = dmu_send_obj(zc->zc_name, zc->zc_sendobj,
5571 zc->zc_fromobj, embedok, large_block_ok, compressok,
5572 rawok, savedok, zc->zc_cookie, &off, &out);
5581 * zc_name name of snapshot on which to report progress
5582 * zc_cookie file descriptor of send stream
5585 * zc_cookie number of bytes written in send stream thus far
5586 * zc_objset_type logical size of data traversed by send thus far
5589 zfs_ioc_send_progress(zfs_cmd_t *zc)
5593 dmu_sendstatus_t *dsp = NULL;
5596 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
5600 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds);
5602 dsl_pool_rele(dp, FTAG);
5606 mutex_enter(&ds->ds_sendstream_lock);
5609 * Iterate over all the send streams currently active on this dataset.
5610 * If there's one which matches the specified file descriptor _and_ the
5611 * stream was started by the current process, return the progress of
5615 for (dsp = list_head(&ds->ds_sendstreams); dsp != NULL;
5616 dsp = list_next(&ds->ds_sendstreams, dsp)) {
5617 if (dsp->dss_outfd == zc->zc_cookie &&
5618 zfs_proc_is_caller(dsp->dss_proc))
5623 zc->zc_cookie = atomic_cas_64((volatile uint64_t *)dsp->dss_off,
5625 /* This is the closest thing we have to atomic_read_64. */
5626 zc->zc_objset_type = atomic_cas_64(&dsp->dss_blocks, 0, 0);
5628 error = SET_ERROR(ENOENT);
5631 mutex_exit(&ds->ds_sendstream_lock);
5632 dsl_dataset_rele(ds, FTAG);
5633 dsl_pool_rele(dp, FTAG);
5638 zfs_ioc_inject_fault(zfs_cmd_t *zc)
5642 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id,
5643 &zc->zc_inject_record);
5646 zc->zc_guid = (uint64_t)id;
5652 zfs_ioc_clear_fault(zfs_cmd_t *zc)
5654 return (zio_clear_fault((int)zc->zc_guid));
5658 zfs_ioc_inject_list_next(zfs_cmd_t *zc)
5660 int id = (int)zc->zc_guid;
5663 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name),
5664 &zc->zc_inject_record);
5672 zfs_ioc_error_log(zfs_cmd_t *zc)
5676 uint64_t count = zc->zc_nvlist_dst_size;
5678 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
5681 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst,
5684 zc->zc_nvlist_dst_size = count;
5686 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa);
5688 spa_close(spa, FTAG);
5694 zfs_ioc_clear(zfs_cmd_t *zc)
5701 * On zpool clear we also fix up missing slogs
5703 mutex_enter(&spa_namespace_lock);
5704 spa = spa_lookup(zc->zc_name);
5706 mutex_exit(&spa_namespace_lock);
5707 return (SET_ERROR(EIO));
5709 if (spa_get_log_state(spa) == SPA_LOG_MISSING) {
5710 /* we need to let spa_open/spa_load clear the chains */
5711 spa_set_log_state(spa, SPA_LOG_CLEAR);
5713 spa->spa_last_open_failed = 0;
5714 mutex_exit(&spa_namespace_lock);
5716 if (zc->zc_cookie & ZPOOL_NO_REWIND) {
5717 error = spa_open(zc->zc_name, &spa, FTAG);
5720 nvlist_t *config = NULL;
5722 if (zc->zc_nvlist_src == 0)
5723 return (SET_ERROR(EINVAL));
5725 if ((error = get_nvlist(zc->zc_nvlist_src,
5726 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) {
5727 error = spa_open_rewind(zc->zc_name, &spa, FTAG,
5729 if (config != NULL) {
5732 if ((err = put_nvlist(zc, config)) != 0)
5734 nvlist_free(config);
5736 nvlist_free(policy);
5744 * If multihost is enabled, resuming I/O is unsafe as another
5745 * host may have imported the pool.
5747 if (spa_multihost(spa) && spa_suspended(spa))
5748 return (SET_ERROR(EINVAL));
5750 spa_vdev_state_enter(spa, SCL_NONE);
5752 if (zc->zc_guid == 0) {
5755 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE);
5757 error = SET_ERROR(ENODEV);
5758 (void) spa_vdev_state_exit(spa, NULL, error);
5759 spa_close(spa, FTAG);
5764 vdev_clear(spa, vd);
5766 (void) spa_vdev_state_exit(spa, spa_suspended(spa) ?
5767 NULL : spa->spa_root_vdev, 0);
5770 * Resume any suspended I/Os.
5772 if (zio_resume(spa) != 0)
5773 error = SET_ERROR(EIO);
5775 spa_close(spa, FTAG);
5781 * Reopen all the vdevs associated with the pool.
5784 * "scrub_restart" -> when true and scrub is running, allow to restart
5785 * scrub as the side effect of the reopen (boolean).
5790 static const zfs_ioc_key_t zfs_keys_pool_reopen[] = {
5791 {"scrub_restart", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
5795 zfs_ioc_pool_reopen(const char *pool, nvlist_t *innvl, nvlist_t *outnvl)
5800 boolean_t rc, scrub_restart = B_TRUE;
5803 error = nvlist_lookup_boolean_value(innvl,
5804 "scrub_restart", &rc);
5809 error = spa_open(pool, &spa, FTAG);
5813 spa_vdev_state_enter(spa, SCL_NONE);
5816 * If the scrub_restart flag is B_FALSE and a scrub is already
5817 * in progress then set spa_scrub_reopen flag to B_TRUE so that
5818 * we don't restart the scrub as a side effect of the reopen.
5819 * Otherwise, let vdev_open() decided if a resilver is required.
5822 spa->spa_scrub_reopen = (!scrub_restart &&
5823 dsl_scan_scrubbing(spa->spa_dsl_pool));
5824 vdev_reopen(spa->spa_root_vdev);
5825 spa->spa_scrub_reopen = B_FALSE;
5827 (void) spa_vdev_state_exit(spa, NULL, 0);
5828 spa_close(spa, FTAG);
5834 * zc_name name of filesystem
5837 * zc_string name of conflicting snapshot, if there is one
5840 zfs_ioc_promote(zfs_cmd_t *zc)
5843 dsl_dataset_t *ds, *ods;
5844 char origin[ZFS_MAX_DATASET_NAME_LEN];
5848 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
5849 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0 ||
5850 strchr(zc->zc_name, '%'))
5851 return (SET_ERROR(EINVAL));
5853 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
5857 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds);
5859 dsl_pool_rele(dp, FTAG);
5863 if (!dsl_dir_is_clone(ds->ds_dir)) {
5864 dsl_dataset_rele(ds, FTAG);
5865 dsl_pool_rele(dp, FTAG);
5866 return (SET_ERROR(EINVAL));
5869 error = dsl_dataset_hold_obj(dp,
5870 dsl_dir_phys(ds->ds_dir)->dd_origin_obj, FTAG, &ods);
5872 dsl_dataset_rele(ds, FTAG);
5873 dsl_pool_rele(dp, FTAG);
5877 dsl_dataset_name(ods, origin);
5878 dsl_dataset_rele(ods, FTAG);
5879 dsl_dataset_rele(ds, FTAG);
5880 dsl_pool_rele(dp, FTAG);
5883 * We don't need to unmount *all* the origin fs's snapshots, but
5886 cp = strchr(origin, '@');
5889 (void) dmu_objset_find(origin,
5890 zfs_unmount_snap_cb, NULL, DS_FIND_SNAPSHOTS);
5891 return (dsl_dataset_promote(zc->zc_name, zc->zc_string));
5895 * Retrieve a single {user|group|project}{used|quota}@... property.
5898 * zc_name name of filesystem
5899 * zc_objset_type zfs_userquota_prop_t
5900 * zc_value domain name (eg. "S-1-234-567-89")
5901 * zc_guid RID/UID/GID
5904 * zc_cookie property value
5907 zfs_ioc_userspace_one(zfs_cmd_t *zc)
5912 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
5913 return (SET_ERROR(EINVAL));
5915 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
5919 error = zfs_userspace_one(zfsvfs,
5920 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie);
5921 zfsvfs_rele(zfsvfs, FTAG);
5928 * zc_name name of filesystem
5929 * zc_cookie zap cursor
5930 * zc_objset_type zfs_userquota_prop_t
5931 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist)
5934 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t)
5935 * zc_cookie zap cursor
5938 zfs_ioc_userspace_many(zfs_cmd_t *zc)
5941 int bufsize = zc->zc_nvlist_dst_size;
5944 return (SET_ERROR(ENOMEM));
5946 int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
5950 void *buf = vmem_alloc(bufsize, KM_SLEEP);
5952 error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie,
5953 buf, &zc->zc_nvlist_dst_size);
5956 error = xcopyout(buf,
5957 (void *)(uintptr_t)zc->zc_nvlist_dst,
5958 zc->zc_nvlist_dst_size);
5960 vmem_free(buf, bufsize);
5961 zfsvfs_rele(zfsvfs, FTAG);
5968 * zc_name name of filesystem
5974 zfs_ioc_userspace_upgrade(zfs_cmd_t *zc)
5979 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) {
5980 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) {
5982 * If userused is not enabled, it may be because the
5983 * objset needs to be closed & reopened (to grow the
5984 * objset_phys_t). Suspend/resume the fs will do that.
5986 dsl_dataset_t *ds, *newds;
5988 ds = dmu_objset_ds(zfsvfs->z_os);
5989 error = zfs_suspend_fs(zfsvfs);
5991 dmu_objset_refresh_ownership(ds, &newds,
5993 error = zfs_resume_fs(zfsvfs, newds);
5997 mutex_enter(&zfsvfs->z_os->os_upgrade_lock);
5998 if (zfsvfs->z_os->os_upgrade_id == 0) {
5999 /* clear potential error code and retry */
6000 zfsvfs->z_os->os_upgrade_status = 0;
6001 mutex_exit(&zfsvfs->z_os->os_upgrade_lock);
6003 dsl_pool_config_enter(
6004 dmu_objset_pool(zfsvfs->z_os), FTAG);
6005 dmu_objset_userspace_upgrade(zfsvfs->z_os);
6006 dsl_pool_config_exit(
6007 dmu_objset_pool(zfsvfs->z_os), FTAG);
6009 mutex_exit(&zfsvfs->z_os->os_upgrade_lock);
6012 taskq_wait_id(zfsvfs->z_os->os_spa->spa_upgrade_taskq,
6013 zfsvfs->z_os->os_upgrade_id);
6014 error = zfsvfs->z_os->os_upgrade_status;
6016 zfs_vfs_rele(zfsvfs);
6020 /* XXX kind of reading contents without owning */
6021 error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, FTAG, &os);
6025 mutex_enter(&os->os_upgrade_lock);
6026 if (os->os_upgrade_id == 0) {
6027 /* clear potential error code and retry */
6028 os->os_upgrade_status = 0;
6029 mutex_exit(&os->os_upgrade_lock);
6031 dmu_objset_userspace_upgrade(os);
6033 mutex_exit(&os->os_upgrade_lock);
6036 dsl_pool_rele(dmu_objset_pool(os), FTAG);
6038 taskq_wait_id(os->os_spa->spa_upgrade_taskq, os->os_upgrade_id);
6039 error = os->os_upgrade_status;
6041 dsl_dataset_rele_flags(dmu_objset_ds(os), DS_HOLD_FLAG_DECRYPT,
6049 * zc_name name of filesystem
6055 zfs_ioc_id_quota_upgrade(zfs_cmd_t *zc)
6060 error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, FTAG, &os);
6064 if (dmu_objset_userobjspace_upgradable(os) ||
6065 dmu_objset_projectquota_upgradable(os)) {
6066 mutex_enter(&os->os_upgrade_lock);
6067 if (os->os_upgrade_id == 0) {
6068 /* clear potential error code and retry */
6069 os->os_upgrade_status = 0;
6070 mutex_exit(&os->os_upgrade_lock);
6072 dmu_objset_id_quota_upgrade(os);
6074 mutex_exit(&os->os_upgrade_lock);
6077 dsl_pool_rele(dmu_objset_pool(os), FTAG);
6079 taskq_wait_id(os->os_spa->spa_upgrade_taskq, os->os_upgrade_id);
6080 error = os->os_upgrade_status;
6082 dsl_pool_rele(dmu_objset_pool(os), FTAG);
6085 dsl_dataset_rele_flags(dmu_objset_ds(os), DS_HOLD_FLAG_DECRYPT, FTAG);
6091 zfs_ioc_share(zfs_cmd_t *zc)
6093 return (SET_ERROR(ENOSYS));
6098 * zc_name name of containing filesystem
6099 * zc_obj object # beyond which we want next in-use object #
6102 * zc_obj next in-use object #
6105 zfs_ioc_next_obj(zfs_cmd_t *zc)
6107 objset_t *os = NULL;
6110 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
6114 error = dmu_object_next(os, &zc->zc_obj, B_FALSE, 0);
6116 dmu_objset_rele(os, FTAG);
6122 * zc_name name of filesystem
6123 * zc_value prefix name for snapshot
6124 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process
6127 * zc_value short name of new snapshot
6130 zfs_ioc_tmp_snapshot(zfs_cmd_t *zc)
6136 zfs_file_t *fp = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor);
6138 return (SET_ERROR(EBADF));
6140 snap_name = kmem_asprintf("%s-%016llx", zc->zc_value,
6141 (u_longlong_t)ddi_get_lbolt64());
6142 hold_name = kmem_asprintf("%%%s", zc->zc_value);
6144 int error = dsl_dataset_snapshot_tmp(zc->zc_name, snap_name, minor,
6147 (void) strlcpy(zc->zc_value, snap_name,
6148 sizeof (zc->zc_value));
6149 kmem_strfree(snap_name);
6150 kmem_strfree(hold_name);
6151 zfs_onexit_fd_rele(fp);
6157 * zc_name name of "to" snapshot
6158 * zc_value name of "from" snapshot
6159 * zc_cookie file descriptor to write diff data on
6162 * dmu_diff_record_t's to the file descriptor
6165 zfs_ioc_diff(zfs_cmd_t *zc)
6171 if ((fp = zfs_file_get(zc->zc_cookie)) == NULL)
6172 return (SET_ERROR(EBADF));
6174 off = zfs_file_off(fp);
6175 error = dmu_diff(zc->zc_name, zc->zc_value, fp, &off);
6183 zfs_ioc_smb_acl(zfs_cmd_t *zc)
6185 return (SET_ERROR(ENOTSUP));
6190 * "holds" -> { snapname -> holdname (string), ... }
6191 * (optional) "cleanup_fd" -> fd (int32)
6195 * snapname -> error value (int32)
6199 static const zfs_ioc_key_t zfs_keys_hold[] = {
6200 {"holds", DATA_TYPE_NVLIST, 0},
6201 {"cleanup_fd", DATA_TYPE_INT32, ZK_OPTIONAL},
6205 zfs_ioc_hold(const char *pool, nvlist_t *args, nvlist_t *errlist)
6210 int cleanup_fd = -1;
6213 zfs_file_t *fp = NULL;
6215 holds = fnvlist_lookup_nvlist(args, "holds");
6217 /* make sure the user didn't pass us any invalid (empty) tags */
6218 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL;
6219 pair = nvlist_next_nvpair(holds, pair)) {
6222 error = nvpair_value_string(pair, &htag);
6224 return (SET_ERROR(error));
6226 if (strlen(htag) == 0)
6227 return (SET_ERROR(EINVAL));
6230 if (nvlist_lookup_int32(args, "cleanup_fd", &cleanup_fd) == 0) {
6231 fp = zfs_onexit_fd_hold(cleanup_fd, &minor);
6233 return (SET_ERROR(EBADF));
6236 error = dsl_dataset_user_hold(holds, minor, errlist);
6238 ASSERT3U(minor, !=, 0);
6239 zfs_onexit_fd_rele(fp);
6241 return (SET_ERROR(error));
6245 * innvl is not used.
6248 * holdname -> time added (uint64 seconds since epoch)
6252 static const zfs_ioc_key_t zfs_keys_get_holds[] = {
6257 zfs_ioc_get_holds(const char *snapname, nvlist_t *args, nvlist_t *outnvl)
6260 return (dsl_dataset_get_holds(snapname, outnvl));
6265 * snapname -> { holdname, ... }
6270 * snapname -> error value (int32)
6274 static const zfs_ioc_key_t zfs_keys_release[] = {
6275 {"<snapname>...", DATA_TYPE_NVLIST, ZK_WILDCARDLIST},
6279 zfs_ioc_release(const char *pool, nvlist_t *holds, nvlist_t *errlist)
6282 return (dsl_dataset_user_release(holds, errlist));
6287 * zc_guid flags (ZEVENT_NONBLOCK)
6288 * zc_cleanup_fd zevent file descriptor
6291 * zc_nvlist_dst next nvlist event
6292 * zc_cookie dropped events since last get
6295 zfs_ioc_events_next(zfs_cmd_t *zc)
6298 nvlist_t *event = NULL;
6300 uint64_t dropped = 0;
6303 zfs_file_t *fp = zfs_zevent_fd_hold(zc->zc_cleanup_fd, &minor, &ze);
6305 return (SET_ERROR(EBADF));
6308 error = zfs_zevent_next(ze, &event,
6309 &zc->zc_nvlist_dst_size, &dropped);
6310 if (event != NULL) {
6311 zc->zc_cookie = dropped;
6312 error = put_nvlist(zc, event);
6316 if (zc->zc_guid & ZEVENT_NONBLOCK)
6319 if ((error == 0) || (error != ENOENT))
6322 error = zfs_zevent_wait(ze);
6327 zfs_zevent_fd_rele(fp);
6334 * zc_cookie cleared events count
6337 zfs_ioc_events_clear(zfs_cmd_t *zc)
6341 zfs_zevent_drain_all(&count);
6342 zc->zc_cookie = count;
6349 * zc_guid eid | ZEVENT_SEEK_START | ZEVENT_SEEK_END
6350 * zc_cleanup zevent file descriptor
6353 zfs_ioc_events_seek(zfs_cmd_t *zc)
6359 zfs_file_t *fp = zfs_zevent_fd_hold(zc->zc_cleanup_fd, &minor, &ze);
6361 return (SET_ERROR(EBADF));
6363 error = zfs_zevent_seek(ze, zc->zc_guid);
6364 zfs_zevent_fd_rele(fp);
6371 * zc_name name of later filesystem or snapshot
6372 * zc_value full name of old snapshot or bookmark
6375 * zc_cookie space in bytes
6376 * zc_objset_type compressed space in bytes
6377 * zc_perm_action uncompressed space in bytes
6380 zfs_ioc_space_written(zfs_cmd_t *zc)
6386 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
6389 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &new);
6391 dsl_pool_rele(dp, FTAG);
6394 if (strchr(zc->zc_value, '#') != NULL) {
6395 zfs_bookmark_phys_t bmp;
6396 error = dsl_bookmark_lookup(dp, zc->zc_value,
6399 error = dsl_dataset_space_written_bookmark(&bmp, new,
6401 &zc->zc_objset_type, &zc->zc_perm_action);
6405 error = dsl_dataset_hold(dp, zc->zc_value, FTAG, &old);
6408 error = dsl_dataset_space_written(old, new,
6410 &zc->zc_objset_type, &zc->zc_perm_action);
6411 dsl_dataset_rele(old, FTAG);
6414 dsl_dataset_rele(new, FTAG);
6415 dsl_pool_rele(dp, FTAG);
6421 * "firstsnap" -> snapshot name
6425 * "used" -> space in bytes
6426 * "compressed" -> compressed space in bytes
6427 * "uncompressed" -> uncompressed space in bytes
6430 static const zfs_ioc_key_t zfs_keys_space_snaps[] = {
6431 {"firstsnap", DATA_TYPE_STRING, 0},
6435 zfs_ioc_space_snaps(const char *lastsnap, nvlist_t *innvl, nvlist_t *outnvl)
6439 dsl_dataset_t *new, *old;
6441 uint64_t used, comp, uncomp;
6443 firstsnap = fnvlist_lookup_string(innvl, "firstsnap");
6445 error = dsl_pool_hold(lastsnap, FTAG, &dp);
6449 error = dsl_dataset_hold(dp, lastsnap, FTAG, &new);
6450 if (error == 0 && !new->ds_is_snapshot) {
6451 dsl_dataset_rele(new, FTAG);
6452 error = SET_ERROR(EINVAL);
6455 dsl_pool_rele(dp, FTAG);
6458 error = dsl_dataset_hold(dp, firstsnap, FTAG, &old);
6459 if (error == 0 && !old->ds_is_snapshot) {
6460 dsl_dataset_rele(old, FTAG);
6461 error = SET_ERROR(EINVAL);
6464 dsl_dataset_rele(new, FTAG);
6465 dsl_pool_rele(dp, FTAG);
6469 error = dsl_dataset_space_wouldfree(old, new, &used, &comp, &uncomp);
6470 dsl_dataset_rele(old, FTAG);
6471 dsl_dataset_rele(new, FTAG);
6472 dsl_pool_rele(dp, FTAG);
6473 fnvlist_add_uint64(outnvl, "used", used);
6474 fnvlist_add_uint64(outnvl, "compressed", comp);
6475 fnvlist_add_uint64(outnvl, "uncompressed", uncomp);
6481 * "fd" -> file descriptor to write stream to (int32)
6482 * (optional) "fromsnap" -> full snap name to send an incremental from
6483 * (optional) "largeblockok" -> (value ignored)
6484 * indicates that blocks > 128KB are permitted
6485 * (optional) "embedok" -> (value ignored)
6486 * presence indicates DRR_WRITE_EMBEDDED records are permitted
6487 * (optional) "compressok" -> (value ignored)
6488 * presence indicates compressed DRR_WRITE records are permitted
6489 * (optional) "rawok" -> (value ignored)
6490 * presence indicates raw encrypted records should be used.
6491 * (optional) "savedok" -> (value ignored)
6492 * presence indicates we should send a partially received snapshot
6493 * (optional) "resume_object" and "resume_offset" -> (uint64)
6494 * if present, resume send stream from specified object and offset.
6495 * (optional) "redactbook" -> (string)
6496 * if present, use this bookmark's redaction list to generate a redacted
6502 static const zfs_ioc_key_t zfs_keys_send_new[] = {
6503 {"fd", DATA_TYPE_INT32, 0},
6504 {"fromsnap", DATA_TYPE_STRING, ZK_OPTIONAL},
6505 {"largeblockok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6506 {"embedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6507 {"compressok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6508 {"rawok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6509 {"savedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6510 {"resume_object", DATA_TYPE_UINT64, ZK_OPTIONAL},
6511 {"resume_offset", DATA_TYPE_UINT64, ZK_OPTIONAL},
6512 {"redactbook", DATA_TYPE_STRING, ZK_OPTIONAL},
6516 zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
6521 char *fromname = NULL;
6524 boolean_t largeblockok;
6526 boolean_t compressok;
6529 uint64_t resumeobj = 0;
6530 uint64_t resumeoff = 0;
6531 char *redactbook = NULL;
6533 fd = fnvlist_lookup_int32(innvl, "fd");
6535 (void) nvlist_lookup_string(innvl, "fromsnap", &fromname);
6537 largeblockok = nvlist_exists(innvl, "largeblockok");
6538 embedok = nvlist_exists(innvl, "embedok");
6539 compressok = nvlist_exists(innvl, "compressok");
6540 rawok = nvlist_exists(innvl, "rawok");
6541 savedok = nvlist_exists(innvl, "savedok");
6543 (void) nvlist_lookup_uint64(innvl, "resume_object", &resumeobj);
6544 (void) nvlist_lookup_uint64(innvl, "resume_offset", &resumeoff);
6546 (void) nvlist_lookup_string(innvl, "redactbook", &redactbook);
6548 if ((fp = zfs_file_get(fd)) == NULL)
6549 return (SET_ERROR(EBADF));
6551 off = zfs_file_off(fp);
6553 dmu_send_outparams_t out = {0};
6554 out.dso_outfunc = dump_bytes;
6556 out.dso_dryrun = B_FALSE;
6557 error = dmu_send(snapname, fromname, embedok, largeblockok,
6558 compressok, rawok, savedok, resumeobj, resumeoff,
6559 redactbook, fd, &off, &out);
6566 send_space_sum(objset_t *os, void *buf, int len, void *arg)
6568 (void) os, (void) buf;
6569 uint64_t *size = arg;
6576 * Determine approximately how large a zfs send stream will be -- the number
6577 * of bytes that will be written to the fd supplied to zfs_ioc_send_new().
6580 * (optional) "from" -> full snap or bookmark name to send an incremental
6582 * (optional) "largeblockok" -> (value ignored)
6583 * indicates that blocks > 128KB are permitted
6584 * (optional) "embedok" -> (value ignored)
6585 * presence indicates DRR_WRITE_EMBEDDED records are permitted
6586 * (optional) "compressok" -> (value ignored)
6587 * presence indicates compressed DRR_WRITE records are permitted
6588 * (optional) "rawok" -> (value ignored)
6589 * presence indicates raw encrypted records should be used.
6590 * (optional) "resume_object" and "resume_offset" -> (uint64)
6591 * if present, resume send stream from specified object and offset.
6592 * (optional) "fd" -> file descriptor to use as a cookie for progress
6597 * "space" -> bytes of space (uint64)
6600 static const zfs_ioc_key_t zfs_keys_send_space[] = {
6601 {"from", DATA_TYPE_STRING, ZK_OPTIONAL},
6602 {"fromsnap", DATA_TYPE_STRING, ZK_OPTIONAL},
6603 {"largeblockok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6604 {"embedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6605 {"compressok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6606 {"rawok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6607 {"fd", DATA_TYPE_INT32, ZK_OPTIONAL},
6608 {"redactbook", DATA_TYPE_STRING, ZK_OPTIONAL},
6609 {"resume_object", DATA_TYPE_UINT64, ZK_OPTIONAL},
6610 {"resume_offset", DATA_TYPE_UINT64, ZK_OPTIONAL},
6611 {"bytes", DATA_TYPE_UINT64, ZK_OPTIONAL},
6615 zfs_ioc_send_space(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
6618 dsl_dataset_t *tosnap;
6619 dsl_dataset_t *fromsnap = NULL;
6621 char *fromname = NULL;
6622 char *redactlist_book = NULL;
6623 boolean_t largeblockok;
6625 boolean_t compressok;
6629 boolean_t full_estimate = B_FALSE;
6630 uint64_t resumeobj = 0;
6631 uint64_t resumeoff = 0;
6632 uint64_t resume_bytes = 0;
6634 zfs_bookmark_phys_t zbm = {0};
6636 error = dsl_pool_hold(snapname, FTAG, &dp);
6640 error = dsl_dataset_hold(dp, snapname, FTAG, &tosnap);
6642 dsl_pool_rele(dp, FTAG);
6645 (void) nvlist_lookup_int32(innvl, "fd", &fd);
6647 largeblockok = nvlist_exists(innvl, "largeblockok");
6648 embedok = nvlist_exists(innvl, "embedok");
6649 compressok = nvlist_exists(innvl, "compressok");
6650 rawok = nvlist_exists(innvl, "rawok");
6651 savedok = nvlist_exists(innvl, "savedok");
6652 boolean_t from = (nvlist_lookup_string(innvl, "from", &fromname) == 0);
6653 boolean_t altbook = (nvlist_lookup_string(innvl, "redactbook",
6654 &redactlist_book) == 0);
6656 (void) nvlist_lookup_uint64(innvl, "resume_object", &resumeobj);
6657 (void) nvlist_lookup_uint64(innvl, "resume_offset", &resumeoff);
6658 (void) nvlist_lookup_uint64(innvl, "bytes", &resume_bytes);
6661 full_estimate = B_TRUE;
6663 if (strchr(fromname, '#')) {
6664 error = dsl_bookmark_lookup(dp, fromname, tosnap, &zbm);
6667 * dsl_bookmark_lookup() will fail with EXDEV if
6668 * the from-bookmark and tosnap are at the same txg.
6669 * However, it's valid to do a send (and therefore,
6670 * a send estimate) from and to the same time point,
6671 * if the bookmark is redacted (the incremental send
6672 * can change what's redacted on the target). In
6673 * this case, dsl_bookmark_lookup() fills in zbm
6674 * but returns EXDEV. Ignore this error.
6676 if (error == EXDEV && zbm.zbm_redaction_obj != 0 &&
6678 dsl_dataset_phys(tosnap)->ds_guid)
6682 dsl_dataset_rele(tosnap, FTAG);
6683 dsl_pool_rele(dp, FTAG);
6686 if (zbm.zbm_redaction_obj != 0 || !(zbm.zbm_flags &
6687 ZBM_FLAG_HAS_FBN)) {
6688 full_estimate = B_TRUE;
6690 } else if (strchr(fromname, '@')) {
6691 error = dsl_dataset_hold(dp, fromname, FTAG, &fromsnap);
6693 dsl_dataset_rele(tosnap, FTAG);
6694 dsl_pool_rele(dp, FTAG);
6698 if (!dsl_dataset_is_before(tosnap, fromsnap, 0)) {
6699 full_estimate = B_TRUE;
6700 dsl_dataset_rele(fromsnap, FTAG);
6704 * from is not properly formatted as a snapshot or
6707 dsl_dataset_rele(tosnap, FTAG);
6708 dsl_pool_rele(dp, FTAG);
6709 return (SET_ERROR(EINVAL));
6713 if (full_estimate) {
6714 dmu_send_outparams_t out = {0};
6716 out.dso_outfunc = send_space_sum;
6717 out.dso_arg = &space;
6718 out.dso_dryrun = B_TRUE;
6720 * We have to release these holds so dmu_send can take them. It
6721 * will do all the error checking we need.
6723 dsl_dataset_rele(tosnap, FTAG);
6724 dsl_pool_rele(dp, FTAG);
6725 error = dmu_send(snapname, fromname, embedok, largeblockok,
6726 compressok, rawok, savedok, resumeobj, resumeoff,
6727 redactlist_book, fd, &off, &out);
6729 error = dmu_send_estimate_fast(tosnap, fromsnap,
6730 (from && strchr(fromname, '#') != NULL ? &zbm : NULL),
6731 compressok || rawok, savedok, &space);
6732 space -= resume_bytes;
6733 if (fromsnap != NULL)
6734 dsl_dataset_rele(fromsnap, FTAG);
6735 dsl_dataset_rele(tosnap, FTAG);
6736 dsl_pool_rele(dp, FTAG);
6739 fnvlist_add_uint64(outnvl, "space", space);
6745 * Sync the currently open TXG to disk for the specified pool.
6746 * This is somewhat similar to 'zfs_sync()'.
6747 * For cases that do not result in error this ioctl will wait for
6748 * the currently open TXG to commit before returning back to the caller.
6751 * "force" -> when true, force uberblock update even if there is no dirty data.
6752 * In addition this will cause the vdev configuration to be written
6753 * out including updating the zpool cache file. (boolean_t)
6758 static const zfs_ioc_key_t zfs_keys_pool_sync[] = {
6759 {"force", DATA_TYPE_BOOLEAN_VALUE, 0},
6763 zfs_ioc_pool_sync(const char *pool, nvlist_t *innvl, nvlist_t *onvl)
6767 boolean_t rc, force = B_FALSE;
6770 if ((err = spa_open(pool, &spa, FTAG)) != 0)
6774 err = nvlist_lookup_boolean_value(innvl, "force", &rc);
6780 spa_config_enter(spa, SCL_CONFIG, FTAG, RW_WRITER);
6781 vdev_config_dirty(spa->spa_root_vdev);
6782 spa_config_exit(spa, SCL_CONFIG, FTAG);
6784 txg_wait_synced(spa_get_dsl(spa), 0);
6786 spa_close(spa, FTAG);
6792 * Load a user's wrapping key into the kernel.
6794 * "hidden_args" -> { "wkeydata" -> value }
6795 * raw uint8_t array of encryption wrapping key data (32 bytes)
6796 * (optional) "noop" -> (value ignored)
6797 * presence indicated key should only be verified, not loaded
6800 static const zfs_ioc_key_t zfs_keys_load_key[] = {
6801 {"hidden_args", DATA_TYPE_NVLIST, 0},
6802 {"noop", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6806 zfs_ioc_load_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl)
6810 dsl_crypto_params_t *dcp = NULL;
6811 nvlist_t *hidden_args;
6812 boolean_t noop = nvlist_exists(innvl, "noop");
6814 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) {
6815 ret = SET_ERROR(EINVAL);
6819 hidden_args = fnvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS);
6821 ret = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, NULL,
6826 ret = spa_keystore_load_wkey(dsname, dcp, noop);
6830 dsl_crypto_params_free(dcp, noop);
6835 dsl_crypto_params_free(dcp, B_TRUE);
6840 * Unload a user's wrapping key from the kernel.
6841 * Both innvl and outnvl are unused.
6843 static const zfs_ioc_key_t zfs_keys_unload_key[] = {
6848 zfs_ioc_unload_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl)
6850 (void) innvl, (void) outnvl;
6853 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) {
6854 ret = (SET_ERROR(EINVAL));
6858 ret = spa_keystore_unload_wkey(dsname);
6867 * Changes a user's wrapping key used to decrypt a dataset. The keyformat,
6868 * keylocation, pbkdf2salt, and pbkdf2iters properties can also be specified
6869 * here to change how the key is derived in userspace.
6872 * "hidden_args" (optional) -> { "wkeydata" -> value }
6873 * raw uint8_t array of new encryption wrapping key data (32 bytes)
6874 * "props" (optional) -> { prop -> value }
6879 static const zfs_ioc_key_t zfs_keys_change_key[] = {
6880 {"crypt_cmd", DATA_TYPE_UINT64, ZK_OPTIONAL},
6881 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
6882 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
6886 zfs_ioc_change_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl)
6890 uint64_t cmd = DCP_CMD_NONE;
6891 dsl_crypto_params_t *dcp = NULL;
6892 nvlist_t *args = NULL, *hidden_args = NULL;
6894 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) {
6895 ret = (SET_ERROR(EINVAL));
6899 (void) nvlist_lookup_uint64(innvl, "crypt_cmd", &cmd);
6900 (void) nvlist_lookup_nvlist(innvl, "props", &args);
6901 (void) nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args);
6903 ret = dsl_crypto_params_create_nvlist(cmd, args, hidden_args, &dcp);
6907 ret = spa_keystore_change_key(dsname, dcp);
6911 dsl_crypto_params_free(dcp, B_FALSE);
6916 dsl_crypto_params_free(dcp, B_TRUE);
6920 static zfs_ioc_vec_t zfs_ioc_vec[ZFS_IOC_LAST - ZFS_IOC_FIRST];
6923 zfs_ioctl_register_legacy(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
6924 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
6925 boolean_t log_history, zfs_ioc_poolcheck_t pool_check)
6927 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
6929 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
6930 ASSERT3U(ioc, <, ZFS_IOC_LAST);
6931 ASSERT3P(vec->zvec_legacy_func, ==, NULL);
6932 ASSERT3P(vec->zvec_func, ==, NULL);
6934 vec->zvec_legacy_func = func;
6935 vec->zvec_secpolicy = secpolicy;
6936 vec->zvec_namecheck = namecheck;
6937 vec->zvec_allow_log = log_history;
6938 vec->zvec_pool_check = pool_check;
6942 * See the block comment at the beginning of this file for details on
6943 * each argument to this function.
6946 zfs_ioctl_register(const char *name, zfs_ioc_t ioc, zfs_ioc_func_t *func,
6947 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
6948 zfs_ioc_poolcheck_t pool_check, boolean_t smush_outnvlist,
6949 boolean_t allow_log, const zfs_ioc_key_t *nvl_keys, size_t num_keys)
6951 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
6953 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
6954 ASSERT3U(ioc, <, ZFS_IOC_LAST);
6955 ASSERT3P(vec->zvec_legacy_func, ==, NULL);
6956 ASSERT3P(vec->zvec_func, ==, NULL);
6958 /* if we are logging, the name must be valid */
6959 ASSERT(!allow_log || namecheck != NO_NAME);
6961 vec->zvec_name = name;
6962 vec->zvec_func = func;
6963 vec->zvec_secpolicy = secpolicy;
6964 vec->zvec_namecheck = namecheck;
6965 vec->zvec_pool_check = pool_check;
6966 vec->zvec_smush_outnvlist = smush_outnvlist;
6967 vec->zvec_allow_log = allow_log;
6968 vec->zvec_nvl_keys = nvl_keys;
6969 vec->zvec_nvl_key_count = num_keys;
6973 zfs_ioctl_register_pool(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
6974 zfs_secpolicy_func_t *secpolicy, boolean_t log_history,
6975 zfs_ioc_poolcheck_t pool_check)
6977 zfs_ioctl_register_legacy(ioc, func, secpolicy,
6978 POOL_NAME, log_history, pool_check);
6982 zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
6983 zfs_secpolicy_func_t *secpolicy, zfs_ioc_poolcheck_t pool_check)
6985 zfs_ioctl_register_legacy(ioc, func, secpolicy,
6986 DATASET_NAME, B_FALSE, pool_check);
6990 zfs_ioctl_register_pool_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
6992 zfs_ioctl_register_legacy(ioc, func, zfs_secpolicy_config,
6993 POOL_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
6997 zfs_ioctl_register_pool_meta(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
6998 zfs_secpolicy_func_t *secpolicy)
7000 zfs_ioctl_register_legacy(ioc, func, secpolicy,
7001 NO_NAME, B_FALSE, POOL_CHECK_NONE);
7005 zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc,
7006 zfs_ioc_legacy_func_t *func, zfs_secpolicy_func_t *secpolicy)
7008 zfs_ioctl_register_legacy(ioc, func, secpolicy,
7009 DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED);
7013 zfs_ioctl_register_dataset_read(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
7015 zfs_ioctl_register_dataset_read_secpolicy(ioc, func,
7016 zfs_secpolicy_read);
7020 zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
7021 zfs_secpolicy_func_t *secpolicy)
7023 zfs_ioctl_register_legacy(ioc, func, secpolicy,
7024 DATASET_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
7028 zfs_ioctl_init(void)
7030 zfs_ioctl_register("snapshot", ZFS_IOC_SNAPSHOT,
7031 zfs_ioc_snapshot, zfs_secpolicy_snapshot, POOL_NAME,
7032 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7033 zfs_keys_snapshot, ARRAY_SIZE(zfs_keys_snapshot));
7035 zfs_ioctl_register("log_history", ZFS_IOC_LOG_HISTORY,
7036 zfs_ioc_log_history, zfs_secpolicy_log_history, NO_NAME,
7037 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
7038 zfs_keys_log_history, ARRAY_SIZE(zfs_keys_log_history));
7040 zfs_ioctl_register("space_snaps", ZFS_IOC_SPACE_SNAPS,
7041 zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME,
7042 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
7043 zfs_keys_space_snaps, ARRAY_SIZE(zfs_keys_space_snaps));
7045 zfs_ioctl_register("send", ZFS_IOC_SEND_NEW,
7046 zfs_ioc_send_new, zfs_secpolicy_send_new, DATASET_NAME,
7047 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
7048 zfs_keys_send_new, ARRAY_SIZE(zfs_keys_send_new));
7050 zfs_ioctl_register("send_space", ZFS_IOC_SEND_SPACE,
7051 zfs_ioc_send_space, zfs_secpolicy_read, DATASET_NAME,
7052 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
7053 zfs_keys_send_space, ARRAY_SIZE(zfs_keys_send_space));
7055 zfs_ioctl_register("create", ZFS_IOC_CREATE,
7056 zfs_ioc_create, zfs_secpolicy_create_clone, DATASET_NAME,
7057 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7058 zfs_keys_create, ARRAY_SIZE(zfs_keys_create));
7060 zfs_ioctl_register("clone", ZFS_IOC_CLONE,
7061 zfs_ioc_clone, zfs_secpolicy_create_clone, DATASET_NAME,
7062 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7063 zfs_keys_clone, ARRAY_SIZE(zfs_keys_clone));
7065 zfs_ioctl_register("remap", ZFS_IOC_REMAP,
7066 zfs_ioc_remap, zfs_secpolicy_none, DATASET_NAME,
7067 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE,
7068 zfs_keys_remap, ARRAY_SIZE(zfs_keys_remap));
7070 zfs_ioctl_register("destroy_snaps", ZFS_IOC_DESTROY_SNAPS,
7071 zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, POOL_NAME,
7072 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7073 zfs_keys_destroy_snaps, ARRAY_SIZE(zfs_keys_destroy_snaps));
7075 zfs_ioctl_register("hold", ZFS_IOC_HOLD,
7076 zfs_ioc_hold, zfs_secpolicy_hold, POOL_NAME,
7077 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7078 zfs_keys_hold, ARRAY_SIZE(zfs_keys_hold));
7079 zfs_ioctl_register("release", ZFS_IOC_RELEASE,
7080 zfs_ioc_release, zfs_secpolicy_release, POOL_NAME,
7081 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7082 zfs_keys_release, ARRAY_SIZE(zfs_keys_release));
7084 zfs_ioctl_register("get_holds", ZFS_IOC_GET_HOLDS,
7085 zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME,
7086 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
7087 zfs_keys_get_holds, ARRAY_SIZE(zfs_keys_get_holds));
7089 zfs_ioctl_register("rollback", ZFS_IOC_ROLLBACK,
7090 zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME,
7091 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE,
7092 zfs_keys_rollback, ARRAY_SIZE(zfs_keys_rollback));
7094 zfs_ioctl_register("bookmark", ZFS_IOC_BOOKMARK,
7095 zfs_ioc_bookmark, zfs_secpolicy_bookmark, POOL_NAME,
7096 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7097 zfs_keys_bookmark, ARRAY_SIZE(zfs_keys_bookmark));
7099 zfs_ioctl_register("get_bookmarks", ZFS_IOC_GET_BOOKMARKS,
7100 zfs_ioc_get_bookmarks, zfs_secpolicy_read, DATASET_NAME,
7101 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
7102 zfs_keys_get_bookmarks, ARRAY_SIZE(zfs_keys_get_bookmarks));
7104 zfs_ioctl_register("get_bookmark_props", ZFS_IOC_GET_BOOKMARK_PROPS,
7105 zfs_ioc_get_bookmark_props, zfs_secpolicy_read, ENTITY_NAME,
7106 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE, zfs_keys_get_bookmark_props,
7107 ARRAY_SIZE(zfs_keys_get_bookmark_props));
7109 zfs_ioctl_register("destroy_bookmarks", ZFS_IOC_DESTROY_BOOKMARKS,
7110 zfs_ioc_destroy_bookmarks, zfs_secpolicy_destroy_bookmarks,
7112 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7113 zfs_keys_destroy_bookmarks,
7114 ARRAY_SIZE(zfs_keys_destroy_bookmarks));
7116 zfs_ioctl_register("receive", ZFS_IOC_RECV_NEW,
7117 zfs_ioc_recv_new, zfs_secpolicy_recv, DATASET_NAME,
7118 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7119 zfs_keys_recv_new, ARRAY_SIZE(zfs_keys_recv_new));
7120 zfs_ioctl_register("load-key", ZFS_IOC_LOAD_KEY,
7121 zfs_ioc_load_key, zfs_secpolicy_load_key,
7122 DATASET_NAME, POOL_CHECK_SUSPENDED, B_TRUE, B_TRUE,
7123 zfs_keys_load_key, ARRAY_SIZE(zfs_keys_load_key));
7124 zfs_ioctl_register("unload-key", ZFS_IOC_UNLOAD_KEY,
7125 zfs_ioc_unload_key, zfs_secpolicy_load_key,
7126 DATASET_NAME, POOL_CHECK_SUSPENDED, B_TRUE, B_TRUE,
7127 zfs_keys_unload_key, ARRAY_SIZE(zfs_keys_unload_key));
7128 zfs_ioctl_register("change-key", ZFS_IOC_CHANGE_KEY,
7129 zfs_ioc_change_key, zfs_secpolicy_change_key,
7130 DATASET_NAME, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY,
7131 B_TRUE, B_TRUE, zfs_keys_change_key,
7132 ARRAY_SIZE(zfs_keys_change_key));
7134 zfs_ioctl_register("sync", ZFS_IOC_POOL_SYNC,
7135 zfs_ioc_pool_sync, zfs_secpolicy_none, POOL_NAME,
7136 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
7137 zfs_keys_pool_sync, ARRAY_SIZE(zfs_keys_pool_sync));
7138 zfs_ioctl_register("reopen", ZFS_IOC_POOL_REOPEN, zfs_ioc_pool_reopen,
7139 zfs_secpolicy_config, POOL_NAME, POOL_CHECK_SUSPENDED, B_TRUE,
7140 B_TRUE, zfs_keys_pool_reopen, ARRAY_SIZE(zfs_keys_pool_reopen));
7142 zfs_ioctl_register("channel_program", ZFS_IOC_CHANNEL_PROGRAM,
7143 zfs_ioc_channel_program, zfs_secpolicy_config,
7144 POOL_NAME, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE,
7145 B_TRUE, zfs_keys_channel_program,
7146 ARRAY_SIZE(zfs_keys_channel_program));
7148 zfs_ioctl_register("redact", ZFS_IOC_REDACT,
7149 zfs_ioc_redact, zfs_secpolicy_config, DATASET_NAME,
7150 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7151 zfs_keys_redact, ARRAY_SIZE(zfs_keys_redact));
7153 zfs_ioctl_register("zpool_checkpoint", ZFS_IOC_POOL_CHECKPOINT,
7154 zfs_ioc_pool_checkpoint, zfs_secpolicy_config, POOL_NAME,
7155 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7156 zfs_keys_pool_checkpoint, ARRAY_SIZE(zfs_keys_pool_checkpoint));
7158 zfs_ioctl_register("zpool_discard_checkpoint",
7159 ZFS_IOC_POOL_DISCARD_CHECKPOINT, zfs_ioc_pool_discard_checkpoint,
7160 zfs_secpolicy_config, POOL_NAME,
7161 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7162 zfs_keys_pool_discard_checkpoint,
7163 ARRAY_SIZE(zfs_keys_pool_discard_checkpoint));
7165 zfs_ioctl_register("initialize", ZFS_IOC_POOL_INITIALIZE,
7166 zfs_ioc_pool_initialize, zfs_secpolicy_config, POOL_NAME,
7167 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7168 zfs_keys_pool_initialize, ARRAY_SIZE(zfs_keys_pool_initialize));
7170 zfs_ioctl_register("trim", ZFS_IOC_POOL_TRIM,
7171 zfs_ioc_pool_trim, zfs_secpolicy_config, POOL_NAME,
7172 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7173 zfs_keys_pool_trim, ARRAY_SIZE(zfs_keys_pool_trim));
7175 zfs_ioctl_register("wait", ZFS_IOC_WAIT,
7176 zfs_ioc_wait, zfs_secpolicy_none, POOL_NAME,
7177 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
7178 zfs_keys_pool_wait, ARRAY_SIZE(zfs_keys_pool_wait));
7180 zfs_ioctl_register("wait_fs", ZFS_IOC_WAIT_FS,
7181 zfs_ioc_wait_fs, zfs_secpolicy_none, DATASET_NAME,
7182 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
7183 zfs_keys_fs_wait, ARRAY_SIZE(zfs_keys_fs_wait));
7185 zfs_ioctl_register("set_bootenv", ZFS_IOC_SET_BOOTENV,
7186 zfs_ioc_set_bootenv, zfs_secpolicy_config, POOL_NAME,
7187 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE,
7188 zfs_keys_set_bootenv, ARRAY_SIZE(zfs_keys_set_bootenv));
7190 zfs_ioctl_register("get_bootenv", ZFS_IOC_GET_BOOTENV,
7191 zfs_ioc_get_bootenv, zfs_secpolicy_none, POOL_NAME,
7192 POOL_CHECK_SUSPENDED, B_FALSE, B_TRUE,
7193 zfs_keys_get_bootenv, ARRAY_SIZE(zfs_keys_get_bootenv));
7195 zfs_ioctl_register("zpool_vdev_get_props", ZFS_IOC_VDEV_GET_PROPS,
7196 zfs_ioc_vdev_get_props, zfs_secpolicy_read, POOL_NAME,
7197 POOL_CHECK_NONE, B_FALSE, B_FALSE, zfs_keys_vdev_get_props,
7198 ARRAY_SIZE(zfs_keys_vdev_get_props));
7200 zfs_ioctl_register("zpool_vdev_set_props", ZFS_IOC_VDEV_SET_PROPS,
7201 zfs_ioc_vdev_set_props, zfs_secpolicy_config, POOL_NAME,
7202 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
7203 zfs_keys_vdev_set_props, ARRAY_SIZE(zfs_keys_vdev_set_props));
7205 /* IOCTLS that use the legacy function signature */
7207 zfs_ioctl_register_legacy(ZFS_IOC_POOL_FREEZE, zfs_ioc_pool_freeze,
7208 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_READONLY);
7210 zfs_ioctl_register_pool(ZFS_IOC_POOL_CREATE, zfs_ioc_pool_create,
7211 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
7212 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SCAN,
7214 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_UPGRADE,
7215 zfs_ioc_pool_upgrade);
7216 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ADD,
7218 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_REMOVE,
7219 zfs_ioc_vdev_remove);
7220 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SET_STATE,
7221 zfs_ioc_vdev_set_state);
7222 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ATTACH,
7223 zfs_ioc_vdev_attach);
7224 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_DETACH,
7225 zfs_ioc_vdev_detach);
7226 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETPATH,
7227 zfs_ioc_vdev_setpath);
7228 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETFRU,
7229 zfs_ioc_vdev_setfru);
7230 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SET_PROPS,
7231 zfs_ioc_pool_set_props);
7232 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SPLIT,
7233 zfs_ioc_vdev_split);
7234 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_REGUID,
7235 zfs_ioc_pool_reguid);
7237 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_CONFIGS,
7238 zfs_ioc_pool_configs, zfs_secpolicy_none);
7239 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_TRYIMPORT,
7240 zfs_ioc_pool_tryimport, zfs_secpolicy_config);
7241 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_FAULT,
7242 zfs_ioc_inject_fault, zfs_secpolicy_inject);
7243 zfs_ioctl_register_pool_meta(ZFS_IOC_CLEAR_FAULT,
7244 zfs_ioc_clear_fault, zfs_secpolicy_inject);
7245 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_LIST_NEXT,
7246 zfs_ioc_inject_list_next, zfs_secpolicy_inject);
7249 * pool destroy, and export don't log the history as part of
7250 * zfsdev_ioctl, but rather zfs_ioc_pool_export
7251 * does the logging of those commands.
7253 zfs_ioctl_register_pool(ZFS_IOC_POOL_DESTROY, zfs_ioc_pool_destroy,
7254 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
7255 zfs_ioctl_register_pool(ZFS_IOC_POOL_EXPORT, zfs_ioc_pool_export,
7256 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
7258 zfs_ioctl_register_pool(ZFS_IOC_POOL_STATS, zfs_ioc_pool_stats,
7259 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
7260 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_PROPS, zfs_ioc_pool_get_props,
7261 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
7263 zfs_ioctl_register_pool(ZFS_IOC_ERROR_LOG, zfs_ioc_error_log,
7264 zfs_secpolicy_inject, B_FALSE, POOL_CHECK_SUSPENDED);
7265 zfs_ioctl_register_pool(ZFS_IOC_DSOBJ_TO_DSNAME,
7266 zfs_ioc_dsobj_to_dsname,
7267 zfs_secpolicy_diff, B_FALSE, POOL_CHECK_SUSPENDED);
7268 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_HISTORY,
7269 zfs_ioc_pool_get_history,
7270 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
7272 zfs_ioctl_register_pool(ZFS_IOC_POOL_IMPORT, zfs_ioc_pool_import,
7273 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
7275 zfs_ioctl_register_pool(ZFS_IOC_CLEAR, zfs_ioc_clear,
7276 zfs_secpolicy_config, B_TRUE, POOL_CHECK_READONLY);
7278 zfs_ioctl_register_dataset_read(ZFS_IOC_SPACE_WRITTEN,
7279 zfs_ioc_space_written);
7280 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_RECVD_PROPS,
7281 zfs_ioc_objset_recvd_props);
7282 zfs_ioctl_register_dataset_read(ZFS_IOC_NEXT_OBJ,
7284 zfs_ioctl_register_dataset_read(ZFS_IOC_GET_FSACL,
7286 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_STATS,
7287 zfs_ioc_objset_stats);
7288 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_ZPLPROPS,
7289 zfs_ioc_objset_zplprops);
7290 zfs_ioctl_register_dataset_read(ZFS_IOC_DATASET_LIST_NEXT,
7291 zfs_ioc_dataset_list_next);
7292 zfs_ioctl_register_dataset_read(ZFS_IOC_SNAPSHOT_LIST_NEXT,
7293 zfs_ioc_snapshot_list_next);
7294 zfs_ioctl_register_dataset_read(ZFS_IOC_SEND_PROGRESS,
7295 zfs_ioc_send_progress);
7297 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_DIFF,
7298 zfs_ioc_diff, zfs_secpolicy_diff);
7299 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_STATS,
7300 zfs_ioc_obj_to_stats, zfs_secpolicy_diff);
7301 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_PATH,
7302 zfs_ioc_obj_to_path, zfs_secpolicy_diff);
7303 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_ONE,
7304 zfs_ioc_userspace_one, zfs_secpolicy_userspace_one);
7305 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_MANY,
7306 zfs_ioc_userspace_many, zfs_secpolicy_userspace_many);
7307 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_SEND,
7308 zfs_ioc_send, zfs_secpolicy_send);
7310 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_PROP, zfs_ioc_set_prop,
7311 zfs_secpolicy_none);
7312 zfs_ioctl_register_dataset_modify(ZFS_IOC_DESTROY, zfs_ioc_destroy,
7313 zfs_secpolicy_destroy);
7314 zfs_ioctl_register_dataset_modify(ZFS_IOC_RENAME, zfs_ioc_rename,
7315 zfs_secpolicy_rename);
7316 zfs_ioctl_register_dataset_modify(ZFS_IOC_RECV, zfs_ioc_recv,
7317 zfs_secpolicy_recv);
7318 zfs_ioctl_register_dataset_modify(ZFS_IOC_PROMOTE, zfs_ioc_promote,
7319 zfs_secpolicy_promote);
7320 zfs_ioctl_register_dataset_modify(ZFS_IOC_INHERIT_PROP,
7321 zfs_ioc_inherit_prop, zfs_secpolicy_inherit_prop);
7322 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_FSACL, zfs_ioc_set_fsacl,
7323 zfs_secpolicy_set_fsacl);
7325 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SHARE, zfs_ioc_share,
7326 zfs_secpolicy_share, POOL_CHECK_NONE);
7327 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SMB_ACL, zfs_ioc_smb_acl,
7328 zfs_secpolicy_smb_acl, POOL_CHECK_NONE);
7329 zfs_ioctl_register_dataset_nolog(ZFS_IOC_USERSPACE_UPGRADE,
7330 zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade,
7331 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
7332 zfs_ioctl_register_dataset_nolog(ZFS_IOC_TMP_SNAPSHOT,
7333 zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot,
7334 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
7336 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_NEXT, zfs_ioc_events_next,
7337 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
7338 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_CLEAR, zfs_ioc_events_clear,
7339 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
7340 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_SEEK, zfs_ioc_events_seek,
7341 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
7343 zfs_ioctl_init_os();
7347 * Verify that for non-legacy ioctls the input nvlist
7348 * pairs match against the expected input.
7350 * Possible errors are:
7351 * ZFS_ERR_IOC_ARG_UNAVAIL An unrecognized nvpair was encountered
7352 * ZFS_ERR_IOC_ARG_REQUIRED A required nvpair is missing
7353 * ZFS_ERR_IOC_ARG_BADTYPE Invalid type for nvpair
7356 zfs_check_input_nvpairs(nvlist_t *innvl, const zfs_ioc_vec_t *vec)
7358 const zfs_ioc_key_t *nvl_keys = vec->zvec_nvl_keys;
7359 boolean_t required_keys_found = B_FALSE;
7362 * examine each input pair
7364 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL);
7365 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
7366 char *name = nvpair_name(pair);
7367 data_type_t type = nvpair_type(pair);
7368 boolean_t identified = B_FALSE;
7371 * check pair against the documented names and type
7373 for (int k = 0; k < vec->zvec_nvl_key_count; k++) {
7374 /* if not a wild card name, check for an exact match */
7375 if ((nvl_keys[k].zkey_flags & ZK_WILDCARDLIST) == 0 &&
7376 strcmp(nvl_keys[k].zkey_name, name) != 0)
7379 identified = B_TRUE;
7381 if (nvl_keys[k].zkey_type != DATA_TYPE_ANY &&
7382 nvl_keys[k].zkey_type != type) {
7383 return (SET_ERROR(ZFS_ERR_IOC_ARG_BADTYPE));
7386 if (nvl_keys[k].zkey_flags & ZK_OPTIONAL)
7389 required_keys_found = B_TRUE;
7393 /* allow an 'optional' key, everything else is invalid */
7395 (strcmp(name, "optional") != 0 ||
7396 type != DATA_TYPE_NVLIST)) {
7397 return (SET_ERROR(ZFS_ERR_IOC_ARG_UNAVAIL));
7401 /* verify that all required keys were found */
7402 for (int k = 0; k < vec->zvec_nvl_key_count; k++) {
7403 if (nvl_keys[k].zkey_flags & ZK_OPTIONAL)
7406 if (nvl_keys[k].zkey_flags & ZK_WILDCARDLIST) {
7407 /* at least one non-optional key is expected here */
7408 if (!required_keys_found)
7409 return (SET_ERROR(ZFS_ERR_IOC_ARG_REQUIRED));
7413 if (!nvlist_exists(innvl, nvl_keys[k].zkey_name))
7414 return (SET_ERROR(ZFS_ERR_IOC_ARG_REQUIRED));
7421 pool_status_check(const char *name, zfs_ioc_namecheck_t type,
7422 zfs_ioc_poolcheck_t check)
7427 ASSERT(type == POOL_NAME || type == DATASET_NAME ||
7428 type == ENTITY_NAME);
7430 if (check & POOL_CHECK_NONE)
7433 error = spa_open(name, &spa, FTAG);
7435 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa))
7436 error = SET_ERROR(EAGAIN);
7437 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa))
7438 error = SET_ERROR(EROFS);
7439 spa_close(spa, FTAG);
7445 zfsdev_getminor(zfs_file_t *fp, minor_t *minorp)
7447 zfsdev_state_t *zs, *fpd;
7449 ASSERT(!MUTEX_HELD(&zfsdev_state_lock));
7451 fpd = zfs_file_private(fp);
7453 return (SET_ERROR(EBADF));
7455 mutex_enter(&zfsdev_state_lock);
7457 for (zs = zfsdev_state_list; zs != NULL; zs = zs->zs_next) {
7459 if (zs->zs_minor == -1)
7463 *minorp = fpd->zs_minor;
7464 mutex_exit(&zfsdev_state_lock);
7469 mutex_exit(&zfsdev_state_lock);
7471 return (SET_ERROR(EBADF));
7475 zfsdev_get_state(minor_t minor, enum zfsdev_state_type which)
7479 for (zs = zfsdev_state_list; zs != NULL; zs = zs->zs_next) {
7480 if (zs->zs_minor == minor) {
7484 return (zs->zs_onexit);
7486 return (zs->zs_zevent);
7497 * Find a free minor number. The zfsdev_state_list is expected to
7498 * be short since it is only a list of currently open file handles.
7501 zfsdev_minor_alloc(void)
7503 static minor_t last_minor = 0;
7506 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
7508 for (m = last_minor + 1; m != last_minor; m++) {
7509 if (m > ZFSDEV_MAX_MINOR)
7511 if (zfsdev_get_state(m, ZST_ALL) == NULL) {
7521 zfsdev_state_init(void *priv)
7523 zfsdev_state_t *zs, *zsprev = NULL;
7525 boolean_t newzs = B_FALSE;
7527 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
7529 minor = zfsdev_minor_alloc();
7531 return (SET_ERROR(ENXIO));
7533 for (zs = zfsdev_state_list; zs != NULL; zs = zs->zs_next) {
7534 if (zs->zs_minor == -1)
7540 zs = kmem_zalloc(sizeof (zfsdev_state_t), KM_SLEEP);
7544 zfsdev_private_set_state(priv, zs);
7546 zfs_onexit_init((zfs_onexit_t **)&zs->zs_onexit);
7547 zfs_zevent_init((zfs_zevent_t **)&zs->zs_zevent);
7550 * In order to provide for lock-free concurrent read access
7551 * to the minor list in zfsdev_get_state(), new entries
7552 * must be completely written before linking them into the
7553 * list whereas existing entries are already linked; the last
7554 * operation must be updating zs_minor (from -1 to the new
7558 zs->zs_minor = minor;
7560 zsprev->zs_next = zs;
7563 zs->zs_minor = minor;
7570 zfsdev_state_destroy(void *priv)
7572 zfsdev_state_t *zs = zfsdev_private_get_state(priv);
7575 ASSERT3S(zs->zs_minor, >, 0);
7578 * The last reference to this zfsdev file descriptor is being dropped.
7579 * We don't have to worry about lookup grabbing this state object, and
7580 * zfsdev_state_init() will not try to reuse this object until it is
7581 * invalidated by setting zs_minor to -1. Invalidation must be done
7582 * last, with a memory barrier to ensure ordering. This lets us avoid
7583 * taking the global zfsdev state lock around destruction.
7585 zfs_onexit_destroy(zs->zs_onexit);
7586 zfs_zevent_destroy(zs->zs_zevent);
7587 zs->zs_onexit = NULL;
7588 zs->zs_zevent = NULL;
7594 zfsdev_ioctl_common(uint_t vecnum, zfs_cmd_t *zc, int flag)
7597 const zfs_ioc_vec_t *vec;
7598 char *saved_poolname = NULL;
7599 uint64_t max_nvlist_src_size;
7600 size_t saved_poolname_len = 0;
7601 nvlist_t *innvl = NULL;
7602 fstrans_cookie_t cookie;
7603 hrtime_t start_time = gethrtime();
7607 if (vecnum >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0]))
7608 return (SET_ERROR(ZFS_ERR_IOC_CMD_UNAVAIL));
7610 vec = &zfs_ioc_vec[vecnum];
7613 * The registered ioctl list may be sparse, verify that either
7614 * a normal or legacy handler are registered.
7616 if (vec->zvec_func == NULL && vec->zvec_legacy_func == NULL)
7617 return (SET_ERROR(ZFS_ERR_IOC_CMD_UNAVAIL));
7619 zc->zc_iflags = flag & FKIOCTL;
7620 max_nvlist_src_size = zfs_max_nvlist_src_size_os();
7621 if (zc->zc_nvlist_src_size > max_nvlist_src_size) {
7623 * Make sure the user doesn't pass in an insane value for
7624 * zc_nvlist_src_size. We have to check, since we will end
7625 * up allocating that much memory inside of get_nvlist(). This
7626 * prevents a nefarious user from allocating tons of kernel
7629 * Also, we return EINVAL instead of ENOMEM here. The reason
7630 * being that returning ENOMEM from an ioctl() has a special
7631 * connotation; that the user's size value is too small and
7632 * needs to be expanded to hold the nvlist. See
7633 * zcmd_expand_dst_nvlist() for details.
7635 error = SET_ERROR(EINVAL); /* User's size too big */
7637 } else if (zc->zc_nvlist_src_size != 0) {
7638 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
7639 zc->zc_iflags, &innvl);
7645 * Ensure that all pool/dataset names are valid before we pass down to
7648 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
7649 switch (vec->zvec_namecheck) {
7651 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0)
7652 error = SET_ERROR(EINVAL);
7654 error = pool_status_check(zc->zc_name,
7655 vec->zvec_namecheck, vec->zvec_pool_check);
7659 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0)
7660 error = SET_ERROR(EINVAL);
7662 error = pool_status_check(zc->zc_name,
7663 vec->zvec_namecheck, vec->zvec_pool_check);
7667 if (entity_namecheck(zc->zc_name, NULL, NULL) != 0) {
7668 error = SET_ERROR(EINVAL);
7670 error = pool_status_check(zc->zc_name,
7671 vec->zvec_namecheck, vec->zvec_pool_check);
7679 * Ensure that all input pairs are valid before we pass them down
7680 * to the lower layers.
7682 * The vectored functions can use fnvlist_lookup_{type} for any
7683 * required pairs since zfs_check_input_nvpairs() confirmed that
7684 * they exist and are of the correct type.
7686 if (error == 0 && vec->zvec_func != NULL) {
7687 error = zfs_check_input_nvpairs(innvl, vec);
7693 cookie = spl_fstrans_mark();
7694 error = vec->zvec_secpolicy(zc, innvl, CRED());
7695 spl_fstrans_unmark(cookie);
7701 /* legacy ioctls can modify zc_name */
7703 * Can't use kmem_strdup() as we might truncate the string and
7704 * kmem_strfree() would then free with incorrect size.
7706 saved_poolname_len = strlen(zc->zc_name) + 1;
7707 saved_poolname = kmem_alloc(saved_poolname_len, KM_SLEEP);
7709 strlcpy(saved_poolname, zc->zc_name, saved_poolname_len);
7710 saved_poolname[strcspn(saved_poolname, "/@#")] = '\0';
7712 if (vec->zvec_func != NULL) {
7716 nvlist_t *lognv = NULL;
7718 ASSERT(vec->zvec_legacy_func == NULL);
7721 * Add the innvl to the lognv before calling the func,
7722 * in case the func changes the innvl.
7724 if (vec->zvec_allow_log) {
7725 lognv = fnvlist_alloc();
7726 fnvlist_add_string(lognv, ZPOOL_HIST_IOCTL,
7728 if (!nvlist_empty(innvl)) {
7729 fnvlist_add_nvlist(lognv, ZPOOL_HIST_INPUT_NVL,
7734 outnvl = fnvlist_alloc();
7735 cookie = spl_fstrans_mark();
7736 error = vec->zvec_func(zc->zc_name, innvl, outnvl);
7737 spl_fstrans_unmark(cookie);
7740 * Some commands can partially execute, modify state, and still
7741 * return an error. In these cases, attempt to record what
7745 (cmd == ZFS_IOC_CHANNEL_PROGRAM && error != EINVAL)) &&
7746 vec->zvec_allow_log &&
7747 spa_open(zc->zc_name, &spa, FTAG) == 0) {
7748 if (!nvlist_empty(outnvl)) {
7749 size_t out_size = fnvlist_size(outnvl);
7750 if (out_size > zfs_history_output_max) {
7751 fnvlist_add_int64(lognv,
7752 ZPOOL_HIST_OUTPUT_SIZE, out_size);
7754 fnvlist_add_nvlist(lognv,
7755 ZPOOL_HIST_OUTPUT_NVL, outnvl);
7759 fnvlist_add_int64(lognv, ZPOOL_HIST_ERRNO,
7762 fnvlist_add_int64(lognv, ZPOOL_HIST_ELAPSED_NS,
7763 gethrtime() - start_time);
7764 (void) spa_history_log_nvl(spa, lognv);
7765 spa_close(spa, FTAG);
7767 fnvlist_free(lognv);
7769 if (!nvlist_empty(outnvl) || zc->zc_nvlist_dst_size != 0) {
7771 if (vec->zvec_smush_outnvlist) {
7772 smusherror = nvlist_smush(outnvl,
7773 zc->zc_nvlist_dst_size);
7775 if (smusherror == 0)
7776 puterror = put_nvlist(zc, outnvl);
7782 nvlist_free(outnvl);
7784 cookie = spl_fstrans_mark();
7785 error = vec->zvec_legacy_func(zc);
7786 spl_fstrans_unmark(cookie);
7791 if (error == 0 && vec->zvec_allow_log) {
7792 char *s = tsd_get(zfs_allow_log_key);
7795 (void) tsd_set(zfs_allow_log_key, kmem_strdup(saved_poolname));
7797 if (saved_poolname != NULL)
7798 kmem_free(saved_poolname, saved_poolname_len);
7808 if ((error = zvol_init()) != 0)
7811 spa_init(SPA_MODE_READ | SPA_MODE_WRITE);
7816 mutex_init(&zfsdev_state_lock, NULL, MUTEX_DEFAULT, NULL);
7817 zfsdev_state_list = kmem_zalloc(sizeof (zfsdev_state_t), KM_SLEEP);
7818 zfsdev_state_list->zs_minor = -1;
7820 if ((error = zfsdev_attach()) != 0)
7823 tsd_create(&zfs_fsyncer_key, NULL);
7824 tsd_create(&rrw_tsd_key, rrw_tsd_destroy);
7825 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy);
7839 zfsdev_state_t *zs, *zsnext = NULL;
7843 mutex_destroy(&zfsdev_state_lock);
7845 for (zs = zfsdev_state_list; zs != NULL; zs = zsnext) {
7846 zsnext = zs->zs_next;
7848 zfs_onexit_destroy(zs->zs_onexit);
7850 zfs_zevent_destroy(zs->zs_zevent);
7851 kmem_free(zs, sizeof (zfsdev_state_t));
7854 zfs_ereport_taskq_fini(); /* run before zfs_fini() on Linux */
7859 tsd_destroy(&zfs_fsyncer_key);
7860 tsd_destroy(&rrw_tsd_key);
7861 tsd_destroy(&zfs_allow_log_key);
7864 ZFS_MODULE_PARAM(zfs, zfs_, max_nvlist_src_size, ULONG, ZMOD_RW,
7865 "Maximum size in bytes allowed for src nvlist passed with ZFS ioctls");
7867 ZFS_MODULE_PARAM(zfs, zfs_, history_output_max, ULONG, ZMOD_RW,
7868 "Maximum size in bytes of ZFS ioctl output that will be logged");