4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
23 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Portions Copyright 2011 Martin Matuska
25 * Copyright 2015, OmniTI Computer Consulting, Inc. All rights reserved.
26 * Portions Copyright 2012 Pawel Jakub Dawidek <pawel@dawidek.net>
27 * Copyright (c) 2014, 2016 Joyent, Inc. All rights reserved.
28 * Copyright 2016 Nexenta Systems, Inc. All rights reserved.
29 * Copyright (c) 2014, Joyent, Inc. All rights reserved.
30 * Copyright (c) 2011, 2020 by Delphix. All rights reserved.
31 * Copyright (c) 2013 by Saso Kiselkov. All rights reserved.
32 * Copyright (c) 2013 Steven Hartland. All rights reserved.
33 * Copyright (c) 2014 Integros [integros.com]
34 * Copyright 2016 Toomas Soome <tsoome@me.com>
35 * Copyright (c) 2016 Actifio, Inc. All rights reserved.
36 * Copyright (c) 2018, loli10K <ezomori.nozomu@gmail.com>. All rights reserved.
37 * Copyright 2017 RackTop Systems.
38 * Copyright (c) 2017 Open-E, Inc. All Rights Reserved.
39 * Copyright (c) 2019 Datto Inc.
40 * Copyright (c) 2019, 2020 by Christian Schwarz. All rights reserved.
46 * This file handles the ioctls to /dev/zfs, used for configuring ZFS storage
47 * pools and filesystems, e.g. with /sbin/zfs and /sbin/zpool.
49 * There are two ways that we handle ioctls: the legacy way where almost
50 * all of the logic is in the ioctl callback, and the new way where most
51 * of the marshalling is handled in the common entry point, zfsdev_ioctl().
53 * Non-legacy ioctls should be registered by calling
54 * zfs_ioctl_register() from zfs_ioctl_init(). The ioctl is invoked
55 * from userland by lzc_ioctl().
57 * The registration arguments are as follows:
60 * The name of the ioctl. This is used for history logging. If the
61 * ioctl returns successfully (the callback returns 0), and allow_log
62 * is true, then a history log entry will be recorded with the input &
63 * output nvlists. The log entry can be printed with "zpool history -i".
66 * The ioctl request number, which userland will pass to ioctl(2).
67 * We want newer versions of libzfs and libzfs_core to run against
68 * existing zfs kernel modules (i.e. a deferred reboot after an update).
69 * Therefore the ioctl numbers cannot change from release to release.
71 * zfs_secpolicy_func_t *secpolicy
72 * This function will be called before the zfs_ioc_func_t, to
73 * determine if this operation is permitted. It should return EPERM
74 * on failure, and 0 on success. Checks include determining if the
75 * dataset is visible in this zone, and if the user has either all
76 * zfs privileges in the zone (SYS_MOUNT), or has been granted permission
77 * to do this operation on this dataset with "zfs allow".
79 * zfs_ioc_namecheck_t namecheck
80 * This specifies what to expect in the zfs_cmd_t:zc_name -- a pool
81 * name, a dataset name, or nothing. If the name is not well-formed,
82 * the ioctl will fail and the callback will not be called.
83 * Therefore, the callback can assume that the name is well-formed
84 * (e.g. is null-terminated, doesn't have more than one '@' character,
85 * doesn't have invalid characters).
87 * zfs_ioc_poolcheck_t pool_check
88 * This specifies requirements on the pool state. If the pool does
89 * not meet them (is suspended or is readonly), the ioctl will fail
90 * and the callback will not be called. If any checks are specified
91 * (i.e. it is not POOL_CHECK_NONE), namecheck must not be NO_NAME.
92 * Multiple checks can be or-ed together (e.g. POOL_CHECK_SUSPENDED |
93 * POOL_CHECK_READONLY).
95 * zfs_ioc_key_t *nvl_keys
96 * The list of expected/allowable innvl input keys. This list is used
97 * to validate the nvlist input to the ioctl.
99 * boolean_t smush_outnvlist
100 * If smush_outnvlist is true, then the output is presumed to be a
101 * list of errors, and it will be "smushed" down to fit into the
102 * caller's buffer, by removing some entries and replacing them with a
103 * single "N_MORE_ERRORS" entry indicating how many were removed. See
104 * nvlist_smush() for details. If smush_outnvlist is false, and the
105 * outnvlist does not fit into the userland-provided buffer, then the
106 * ioctl will fail with ENOMEM.
108 * zfs_ioc_func_t *func
109 * The callback function that will perform the operation.
111 * The callback should return 0 on success, or an error number on
112 * failure. If the function fails, the userland ioctl will return -1,
113 * and errno will be set to the callback's return value. The callback
114 * will be called with the following arguments:
117 * The name of the pool or dataset to operate on, from
118 * zfs_cmd_t:zc_name. The 'namecheck' argument specifies the
119 * expected type (pool, dataset, or none).
122 * The input nvlist, deserialized from zfs_cmd_t:zc_nvlist_src. Or
123 * NULL if no input nvlist was provided. Changes to this nvlist are
124 * ignored. If the input nvlist could not be deserialized, the
125 * ioctl will fail and the callback will not be called.
128 * The output nvlist, initially empty. The callback can fill it in,
129 * and it will be returned to userland by serializing it into
130 * zfs_cmd_t:zc_nvlist_dst. If it is non-empty, and serialization
131 * fails (e.g. because the caller didn't supply a large enough
132 * buffer), then the overall ioctl will fail. See the
133 * 'smush_nvlist' argument above for additional behaviors.
135 * There are two typical uses of the output nvlist:
136 * - To return state, e.g. property values. In this case,
137 * smush_outnvlist should be false. If the buffer was not large
138 * enough, the caller will reallocate a larger buffer and try
141 * - To return multiple errors from an ioctl which makes on-disk
142 * changes. In this case, smush_outnvlist should be true.
143 * Ioctls which make on-disk modifications should generally not
144 * use the outnvl if they succeed, because the caller can not
145 * distinguish between the operation failing, and
146 * deserialization failing.
148 * IOCTL Interface Errors
150 * The following ioctl input errors can be returned:
151 * ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
152 * ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
153 * ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
154 * ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
157 #include <sys/types.h>
158 #include <sys/param.h>
159 #include <sys/errno.h>
161 #include <sys/file.h>
162 #include <sys/kmem.h>
163 #include <sys/cmn_err.h>
164 #include <sys/stat.h>
165 #include <sys/zfs_ioctl.h>
166 #include <sys/zfs_quota.h>
167 #include <sys/zfs_vfsops.h>
168 #include <sys/zfs_znode.h>
171 #include <sys/spa_impl.h>
172 #include <sys/vdev.h>
173 #include <sys/vdev_impl.h>
175 #include <sys/dsl_dir.h>
176 #include <sys/dsl_dataset.h>
177 #include <sys/dsl_prop.h>
178 #include <sys/dsl_deleg.h>
179 #include <sys/dmu_objset.h>
180 #include <sys/dmu_impl.h>
181 #include <sys/dmu_redact.h>
182 #include <sys/dmu_tx.h>
183 #include <sys/sunddi.h>
184 #include <sys/policy.h>
185 #include <sys/zone.h>
186 #include <sys/nvpair.h>
187 #include <sys/pathname.h>
188 #include <sys/fs/zfs.h>
189 #include <sys/zfs_ctldir.h>
190 #include <sys/zfs_dir.h>
191 #include <sys/zfs_onexit.h>
192 #include <sys/zvol.h>
193 #include <sys/dsl_scan.h>
194 #include <sys/fm/util.h>
195 #include <sys/dsl_crypt.h>
196 #include <sys/rrwlock.h>
197 #include <sys/zfs_file.h>
199 #include <sys/dmu_recv.h>
200 #include <sys/dmu_send.h>
201 #include <sys/dmu_recv.h>
202 #include <sys/dsl_destroy.h>
203 #include <sys/dsl_bookmark.h>
204 #include <sys/dsl_userhold.h>
205 #include <sys/zfeature.h>
207 #include <sys/zio_checksum.h>
208 #include <sys/vdev_removal.h>
209 #include <sys/vdev_impl.h>
210 #include <sys/vdev_initialize.h>
211 #include <sys/vdev_trim.h>
213 #include "zfs_namecheck.h"
214 #include "zfs_prop.h"
215 #include "zfs_deleg.h"
216 #include "zfs_comutil.h"
218 #include <sys/lua/lua.h>
219 #include <sys/lua/lauxlib.h>
220 #include <sys/zfs_ioctl_impl.h>
222 kmutex_t zfsdev_state_lock;
223 zfsdev_state_t *zfsdev_state_list;
225 extern void zfs_init(void);
226 extern void zfs_fini(void);
229 * Limit maximum nvlist size. We don't want users passing in insane values
230 * for zc->zc_nvlist_src_size, since we will need to allocate that much memory.
232 #define MAX_NVLIST_SRC_SIZE KMALLOC_MAX_SIZE
234 uint_t zfs_fsyncer_key;
235 uint_t zfs_allow_log_key;
237 /* DATA_TYPE_ANY is used when zkey_type can vary. */
238 #define DATA_TYPE_ANY DATA_TYPE_UNKNOWN
240 typedef struct zfs_ioc_vec {
241 zfs_ioc_legacy_func_t *zvec_legacy_func;
242 zfs_ioc_func_t *zvec_func;
243 zfs_secpolicy_func_t *zvec_secpolicy;
244 zfs_ioc_namecheck_t zvec_namecheck;
245 boolean_t zvec_allow_log;
246 zfs_ioc_poolcheck_t zvec_pool_check;
247 boolean_t zvec_smush_outnvlist;
248 const char *zvec_name;
249 const zfs_ioc_key_t *zvec_nvl_keys;
250 size_t zvec_nvl_key_count;
253 /* This array is indexed by zfs_userquota_prop_t */
254 static const char *userquota_perms[] = {
255 ZFS_DELEG_PERM_USERUSED,
256 ZFS_DELEG_PERM_USERQUOTA,
257 ZFS_DELEG_PERM_GROUPUSED,
258 ZFS_DELEG_PERM_GROUPQUOTA,
259 ZFS_DELEG_PERM_USEROBJUSED,
260 ZFS_DELEG_PERM_USEROBJQUOTA,
261 ZFS_DELEG_PERM_GROUPOBJUSED,
262 ZFS_DELEG_PERM_GROUPOBJQUOTA,
263 ZFS_DELEG_PERM_PROJECTUSED,
264 ZFS_DELEG_PERM_PROJECTQUOTA,
265 ZFS_DELEG_PERM_PROJECTOBJUSED,
266 ZFS_DELEG_PERM_PROJECTOBJQUOTA,
269 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc);
270 static int zfs_ioc_id_quota_upgrade(zfs_cmd_t *zc);
271 static int zfs_check_settable(const char *name, nvpair_t *property,
273 static int zfs_check_clearable(char *dataset, nvlist_t *props,
275 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *,
277 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t *);
278 static int get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp);
281 history_str_free(char *buf)
283 kmem_free(buf, HIS_MAX_RECORD_LEN);
287 history_str_get(zfs_cmd_t *zc)
291 if (zc->zc_history == 0)
294 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP);
295 if (copyinstr((void *)(uintptr_t)zc->zc_history,
296 buf, HIS_MAX_RECORD_LEN, NULL) != 0) {
297 history_str_free(buf);
301 buf[HIS_MAX_RECORD_LEN -1] = '\0';
307 * Check to see if the named dataset is currently defined as bootable
310 zfs_is_bootfs(const char *name)
314 if (dmu_objset_hold(name, FTAG, &os) == 0) {
316 ret = (dmu_objset_id(os) == spa_bootfs(dmu_objset_spa(os)));
317 dmu_objset_rele(os, FTAG);
324 * Return non-zero if the spa version is less than requested version.
327 zfs_earlier_version(const char *name, int version)
331 if (spa_open(name, &spa, FTAG) == 0) {
332 if (spa_version(spa) < version) {
333 spa_close(spa, FTAG);
336 spa_close(spa, FTAG);
342 * Return TRUE if the ZPL version is less than requested version.
345 zpl_earlier_version(const char *name, int version)
348 boolean_t rc = B_TRUE;
350 if (dmu_objset_hold(name, FTAG, &os) == 0) {
353 if (dmu_objset_type(os) != DMU_OST_ZFS) {
354 dmu_objset_rele(os, FTAG);
357 /* XXX reading from non-owned objset */
358 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0)
359 rc = zplversion < version;
360 dmu_objset_rele(os, FTAG);
366 zfs_log_history(zfs_cmd_t *zc)
371 if ((buf = history_str_get(zc)) == NULL)
374 if (spa_open(zc->zc_name, &spa, FTAG) == 0) {
375 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY)
376 (void) spa_history_log(spa, buf);
377 spa_close(spa, FTAG);
379 history_str_free(buf);
383 * Policy for top-level read operations (list pools). Requires no privileges,
384 * and can be used in the local zone, as there is no associated dataset.
388 zfs_secpolicy_none(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
394 * Policy for dataset read operations (list children, get statistics). Requires
395 * no privileges, but must be visible in the local zone.
399 zfs_secpolicy_read(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
401 if (INGLOBALZONE(curproc) ||
402 zone_dataset_visible(zc->zc_name, NULL))
405 return (SET_ERROR(ENOENT));
409 zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr)
414 * The dataset must be visible by this zone -- check this first
415 * so they don't see EPERM on something they shouldn't know about.
417 if (!INGLOBALZONE(curproc) &&
418 !zone_dataset_visible(dataset, &writable))
419 return (SET_ERROR(ENOENT));
421 if (INGLOBALZONE(curproc)) {
423 * If the fs is zoned, only root can access it from the
426 if (secpolicy_zfs(cr) && zoned)
427 return (SET_ERROR(EPERM));
430 * If we are in a local zone, the 'zoned' property must be set.
433 return (SET_ERROR(EPERM));
435 /* must be writable by this zone */
437 return (SET_ERROR(EPERM));
443 zfs_dozonecheck(const char *dataset, cred_t *cr)
447 if (dsl_prop_get_integer(dataset, zfs_prop_to_name(ZFS_PROP_ZONED),
449 return (SET_ERROR(ENOENT));
451 return (zfs_dozonecheck_impl(dataset, zoned, cr));
455 zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr)
459 if (dsl_prop_get_int_ds(ds, zfs_prop_to_name(ZFS_PROP_ZONED), &zoned))
460 return (SET_ERROR(ENOENT));
462 return (zfs_dozonecheck_impl(dataset, zoned, cr));
466 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds,
467 const char *perm, cred_t *cr)
471 error = zfs_dozonecheck_ds(name, ds, cr);
473 error = secpolicy_zfs(cr);
475 error = dsl_deleg_access_impl(ds, perm, cr);
481 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
488 * First do a quick check for root in the global zone, which
489 * is allowed to do all write_perms. This ensures that zfs_ioc_*
490 * will get to handle nonexistent datasets.
492 if (INGLOBALZONE(curproc) && secpolicy_zfs(cr) == 0)
495 error = dsl_pool_hold(name, FTAG, &dp);
499 error = dsl_dataset_hold(dp, name, FTAG, &ds);
501 dsl_pool_rele(dp, FTAG);
505 error = zfs_secpolicy_write_perms_ds(name, ds, perm, cr);
507 dsl_dataset_rele(ds, FTAG);
508 dsl_pool_rele(dp, FTAG);
513 * Policy for setting the security label property.
515 * Returns 0 for success, non-zero for access and other errors.
518 zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr)
521 char ds_hexsl[MAXNAMELEN];
522 bslabel_t ds_sl, new_sl;
523 boolean_t new_default = FALSE;
525 int needed_priv = -1;
528 /* First get the existing dataset label. */
529 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL),
530 1, sizeof (ds_hexsl), &ds_hexsl, NULL);
532 return (SET_ERROR(EPERM));
534 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0)
537 /* The label must be translatable */
538 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0))
539 return (SET_ERROR(EINVAL));
542 * In a non-global zone, disallow attempts to set a label that
543 * doesn't match that of the zone; otherwise no other checks
546 if (!INGLOBALZONE(curproc)) {
547 if (new_default || !blequal(&new_sl, CR_SL(CRED())))
548 return (SET_ERROR(EPERM));
553 * For global-zone datasets (i.e., those whose zoned property is
554 * "off", verify that the specified new label is valid for the
557 if (dsl_prop_get_integer(name,
558 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL))
559 return (SET_ERROR(EPERM));
561 if (zfs_check_global_label(name, strval) != 0)
562 return (SET_ERROR(EPERM));
566 * If the existing dataset label is nondefault, check if the
567 * dataset is mounted (label cannot be changed while mounted).
568 * Get the zfsvfs_t; if there isn't one, then the dataset isn't
569 * mounted (or isn't a dataset, doesn't exist, ...).
571 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) {
573 static char *setsl_tag = "setsl_tag";
576 * Try to own the dataset; abort if there is any error,
577 * (e.g., already mounted, in use, or other error).
579 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE, B_TRUE,
582 return (SET_ERROR(EPERM));
584 dmu_objset_disown(os, B_TRUE, setsl_tag);
587 needed_priv = PRIV_FILE_DOWNGRADE_SL;
591 if (hexstr_to_label(strval, &new_sl) != 0)
592 return (SET_ERROR(EPERM));
594 if (blstrictdom(&ds_sl, &new_sl))
595 needed_priv = PRIV_FILE_DOWNGRADE_SL;
596 else if (blstrictdom(&new_sl, &ds_sl))
597 needed_priv = PRIV_FILE_UPGRADE_SL;
599 /* dataset currently has a default label */
601 needed_priv = PRIV_FILE_UPGRADE_SL;
605 if (needed_priv != -1)
606 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL));
609 return (SET_ERROR(ENOTSUP));
610 #endif /* HAVE_MLSLABEL */
614 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval,
620 * Check permissions for special properties.
627 * Disallow setting of 'zoned' from within a local zone.
629 if (!INGLOBALZONE(curproc))
630 return (SET_ERROR(EPERM));
634 case ZFS_PROP_FILESYSTEM_LIMIT:
635 case ZFS_PROP_SNAPSHOT_LIMIT:
636 if (!INGLOBALZONE(curproc)) {
638 char setpoint[ZFS_MAX_DATASET_NAME_LEN];
640 * Unprivileged users are allowed to modify the
641 * limit on things *under* (ie. contained by)
642 * the thing they own.
644 if (dsl_prop_get_integer(dsname,
645 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, setpoint))
646 return (SET_ERROR(EPERM));
647 if (!zoned || strlen(dsname) <= strlen(setpoint))
648 return (SET_ERROR(EPERM));
652 case ZFS_PROP_MLSLABEL:
653 if (!is_system_labeled())
654 return (SET_ERROR(EPERM));
656 if (nvpair_value_string(propval, &strval) == 0) {
659 err = zfs_set_slabel_policy(dsname, strval, CRED());
666 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr));
671 zfs_secpolicy_set_fsacl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
675 error = zfs_dozonecheck(zc->zc_name, cr);
680 * permission to set permissions will be evaluated later in
681 * dsl_deleg_can_allow()
688 zfs_secpolicy_rollback(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
690 return (zfs_secpolicy_write_perms(zc->zc_name,
691 ZFS_DELEG_PERM_ROLLBACK, cr));
696 zfs_secpolicy_send(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
704 * Generate the current snapshot name from the given objsetid, then
705 * use that name for the secpolicy/zone checks.
707 cp = strchr(zc->zc_name, '@');
709 return (SET_ERROR(EINVAL));
710 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
714 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
716 dsl_pool_rele(dp, FTAG);
720 dsl_dataset_name(ds, zc->zc_name);
722 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds,
723 ZFS_DELEG_PERM_SEND, cr);
724 dsl_dataset_rele(ds, FTAG);
725 dsl_pool_rele(dp, FTAG);
732 zfs_secpolicy_send_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
734 return (zfs_secpolicy_write_perms(zc->zc_name,
735 ZFS_DELEG_PERM_SEND, cr));
739 zfs_secpolicy_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
741 return (SET_ERROR(ENOTSUP));
745 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
747 return (SET_ERROR(ENOTSUP));
751 zfs_get_parent(const char *datasetname, char *parent, int parentsize)
756 * Remove the @bla or /bla from the end of the name to get the parent.
758 (void) strncpy(parent, datasetname, parentsize);
759 cp = strrchr(parent, '@');
763 cp = strrchr(parent, '/');
765 return (SET_ERROR(ENOENT));
773 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr)
777 if ((error = zfs_secpolicy_write_perms(name,
778 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
781 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr));
786 zfs_secpolicy_destroy(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
788 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr));
792 * Destroying snapshots with delegated permissions requires
793 * descendant mount and destroy permissions.
797 zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
800 nvpair_t *pair, *nextpair;
803 snaps = fnvlist_lookup_nvlist(innvl, "snaps");
805 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
807 nextpair = nvlist_next_nvpair(snaps, pair);
808 error = zfs_secpolicy_destroy_perms(nvpair_name(pair), cr);
809 if (error == ENOENT) {
811 * Ignore any snapshots that don't exist (we consider
812 * them "already destroyed"). Remove the name from the
813 * nvl here in case the snapshot is created between
814 * now and when we try to destroy it (in which case
815 * we don't want to destroy it since we haven't
816 * checked for permission).
818 fnvlist_remove_nvpair(snaps, pair);
829 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr)
831 char parentname[ZFS_MAX_DATASET_NAME_LEN];
834 if ((error = zfs_secpolicy_write_perms(from,
835 ZFS_DELEG_PERM_RENAME, cr)) != 0)
838 if ((error = zfs_secpolicy_write_perms(from,
839 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
842 if ((error = zfs_get_parent(to, parentname,
843 sizeof (parentname))) != 0)
846 if ((error = zfs_secpolicy_write_perms(parentname,
847 ZFS_DELEG_PERM_CREATE, cr)) != 0)
850 if ((error = zfs_secpolicy_write_perms(parentname,
851 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
859 zfs_secpolicy_rename(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
861 return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr));
866 zfs_secpolicy_promote(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
869 dsl_dataset_t *clone;
872 error = zfs_secpolicy_write_perms(zc->zc_name,
873 ZFS_DELEG_PERM_PROMOTE, cr);
877 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
881 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &clone);
884 char parentname[ZFS_MAX_DATASET_NAME_LEN];
885 dsl_dataset_t *origin = NULL;
889 error = dsl_dataset_hold_obj(dd->dd_pool,
890 dsl_dir_phys(dd)->dd_origin_obj, FTAG, &origin);
892 dsl_dataset_rele(clone, FTAG);
893 dsl_pool_rele(dp, FTAG);
897 error = zfs_secpolicy_write_perms_ds(zc->zc_name, clone,
898 ZFS_DELEG_PERM_MOUNT, cr);
900 dsl_dataset_name(origin, parentname);
902 error = zfs_secpolicy_write_perms_ds(parentname, origin,
903 ZFS_DELEG_PERM_PROMOTE, cr);
905 dsl_dataset_rele(clone, FTAG);
906 dsl_dataset_rele(origin, FTAG);
908 dsl_pool_rele(dp, FTAG);
914 zfs_secpolicy_recv(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
918 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
919 ZFS_DELEG_PERM_RECEIVE, cr)) != 0)
922 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
923 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
926 return (zfs_secpolicy_write_perms(zc->zc_name,
927 ZFS_DELEG_PERM_CREATE, cr));
932 zfs_secpolicy_recv_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
934 return (zfs_secpolicy_recv(zc, innvl, cr));
938 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr)
940 return (zfs_secpolicy_write_perms(name,
941 ZFS_DELEG_PERM_SNAPSHOT, cr));
945 * Check for permission to create each snapshot in the nvlist.
949 zfs_secpolicy_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
955 snaps = fnvlist_lookup_nvlist(innvl, "snaps");
957 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
958 pair = nvlist_next_nvpair(snaps, pair)) {
959 char *name = nvpair_name(pair);
960 char *atp = strchr(name, '@');
963 error = SET_ERROR(EINVAL);
967 error = zfs_secpolicy_snapshot_perms(name, cr);
976 * Check for permission to create each bookmark in the nvlist.
980 zfs_secpolicy_bookmark(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
984 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL);
985 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
986 char *name = nvpair_name(pair);
987 char *hashp = strchr(name, '#');
990 error = SET_ERROR(EINVAL);
994 error = zfs_secpolicy_write_perms(name,
995 ZFS_DELEG_PERM_BOOKMARK, cr);
1005 zfs_secpolicy_destroy_bookmarks(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1007 nvpair_t *pair, *nextpair;
1010 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL;
1012 char *name = nvpair_name(pair);
1013 char *hashp = strchr(name, '#');
1014 nextpair = nvlist_next_nvpair(innvl, pair);
1016 if (hashp == NULL) {
1017 error = SET_ERROR(EINVAL);
1022 error = zfs_secpolicy_write_perms(name,
1023 ZFS_DELEG_PERM_DESTROY, cr);
1025 if (error == ENOENT) {
1027 * Ignore any filesystems that don't exist (we consider
1028 * their bookmarks "already destroyed"). Remove
1029 * the name from the nvl here in case the filesystem
1030 * is created between now and when we try to destroy
1031 * the bookmark (in which case we don't want to
1032 * destroy it since we haven't checked for permission).
1034 fnvlist_remove_nvpair(innvl, pair);
1046 zfs_secpolicy_log_history(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1049 * Even root must have a proper TSD so that we know what pool
1052 if (tsd_get(zfs_allow_log_key) == NULL)
1053 return (SET_ERROR(EPERM));
1058 zfs_secpolicy_create_clone(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1060 char parentname[ZFS_MAX_DATASET_NAME_LEN];
1064 if ((error = zfs_get_parent(zc->zc_name, parentname,
1065 sizeof (parentname))) != 0)
1068 if (nvlist_lookup_string(innvl, "origin", &origin) == 0 &&
1069 (error = zfs_secpolicy_write_perms(origin,
1070 ZFS_DELEG_PERM_CLONE, cr)) != 0)
1073 if ((error = zfs_secpolicy_write_perms(parentname,
1074 ZFS_DELEG_PERM_CREATE, cr)) != 0)
1077 return (zfs_secpolicy_write_perms(parentname,
1078 ZFS_DELEG_PERM_MOUNT, cr));
1082 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires
1083 * SYS_CONFIG privilege, which is not available in a local zone.
1087 zfs_secpolicy_config(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1089 if (secpolicy_sys_config(cr, B_FALSE) != 0)
1090 return (SET_ERROR(EPERM));
1096 * Policy for object to name lookups.
1100 zfs_secpolicy_diff(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1104 if ((error = secpolicy_sys_config(cr, B_FALSE)) == 0)
1107 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr);
1112 * Policy for fault injection. Requires all privileges.
1116 zfs_secpolicy_inject(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1118 return (secpolicy_zinject(cr));
1123 zfs_secpolicy_inherit_prop(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1125 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value);
1127 if (prop == ZPROP_INVAL) {
1128 if (!zfs_prop_user(zc->zc_value))
1129 return (SET_ERROR(EINVAL));
1130 return (zfs_secpolicy_write_perms(zc->zc_name,
1131 ZFS_DELEG_PERM_USERPROP, cr));
1133 return (zfs_secpolicy_setprop(zc->zc_name, prop,
1139 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1141 int err = zfs_secpolicy_read(zc, innvl, cr);
1145 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1146 return (SET_ERROR(EINVAL));
1148 if (zc->zc_value[0] == 0) {
1150 * They are asking about a posix uid/gid. If it's
1151 * themself, allow it.
1153 if (zc->zc_objset_type == ZFS_PROP_USERUSED ||
1154 zc->zc_objset_type == ZFS_PROP_USERQUOTA ||
1155 zc->zc_objset_type == ZFS_PROP_USEROBJUSED ||
1156 zc->zc_objset_type == ZFS_PROP_USEROBJQUOTA) {
1157 if (zc->zc_guid == crgetuid(cr))
1159 } else if (zc->zc_objset_type == ZFS_PROP_GROUPUSED ||
1160 zc->zc_objset_type == ZFS_PROP_GROUPQUOTA ||
1161 zc->zc_objset_type == ZFS_PROP_GROUPOBJUSED ||
1162 zc->zc_objset_type == ZFS_PROP_GROUPOBJQUOTA) {
1163 if (groupmember(zc->zc_guid, cr))
1166 /* else is for project quota/used */
1169 return (zfs_secpolicy_write_perms(zc->zc_name,
1170 userquota_perms[zc->zc_objset_type], cr));
1174 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1176 int err = zfs_secpolicy_read(zc, innvl, cr);
1180 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1181 return (SET_ERROR(EINVAL));
1183 return (zfs_secpolicy_write_perms(zc->zc_name,
1184 userquota_perms[zc->zc_objset_type], cr));
1189 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1191 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION,
1197 zfs_secpolicy_hold(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1203 holds = fnvlist_lookup_nvlist(innvl, "holds");
1205 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL;
1206 pair = nvlist_next_nvpair(holds, pair)) {
1207 char fsname[ZFS_MAX_DATASET_NAME_LEN];
1208 error = dmu_fsname(nvpair_name(pair), fsname);
1211 error = zfs_secpolicy_write_perms(fsname,
1212 ZFS_DELEG_PERM_HOLD, cr);
1221 zfs_secpolicy_release(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1226 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL;
1227 pair = nvlist_next_nvpair(innvl, pair)) {
1228 char fsname[ZFS_MAX_DATASET_NAME_LEN];
1229 error = dmu_fsname(nvpair_name(pair), fsname);
1232 error = zfs_secpolicy_write_perms(fsname,
1233 ZFS_DELEG_PERM_RELEASE, cr);
1241 * Policy for allowing temporary snapshots to be taken or released
1244 zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1247 * A temporary snapshot is the same as a snapshot,
1248 * hold, destroy and release all rolled into one.
1249 * Delegated diff alone is sufficient that we allow this.
1253 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
1254 ZFS_DELEG_PERM_DIFF, cr)) == 0)
1257 error = zfs_secpolicy_snapshot_perms(zc->zc_name, cr);
1259 if (innvl != NULL) {
1261 error = zfs_secpolicy_hold(zc, innvl, cr);
1263 error = zfs_secpolicy_release(zc, innvl, cr);
1265 error = zfs_secpolicy_destroy(zc, innvl, cr);
1271 zfs_secpolicy_load_key(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1273 return (zfs_secpolicy_write_perms(zc->zc_name,
1274 ZFS_DELEG_PERM_LOAD_KEY, cr));
1278 zfs_secpolicy_change_key(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1280 return (zfs_secpolicy_write_perms(zc->zc_name,
1281 ZFS_DELEG_PERM_CHANGE_KEY, cr));
1285 * Returns the nvlist as specified by the user in the zfs_cmd_t.
1288 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp)
1292 nvlist_t *list = NULL;
1295 * Read in and unpack the user-supplied nvlist.
1298 return (SET_ERROR(EINVAL));
1300 packed = vmem_alloc(size, KM_SLEEP);
1302 if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size,
1304 vmem_free(packed, size);
1305 return (SET_ERROR(EFAULT));
1308 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) {
1309 vmem_free(packed, size);
1313 vmem_free(packed, size);
1320 * Reduce the size of this nvlist until it can be serialized in 'max' bytes.
1321 * Entries will be removed from the end of the nvlist, and one int32 entry
1322 * named "N_MORE_ERRORS" will be added indicating how many entries were
1326 nvlist_smush(nvlist_t *errors, size_t max)
1330 size = fnvlist_size(errors);
1333 nvpair_t *more_errors;
1337 return (SET_ERROR(ENOMEM));
1339 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, 0);
1340 more_errors = nvlist_prev_nvpair(errors, NULL);
1343 nvpair_t *pair = nvlist_prev_nvpair(errors,
1345 fnvlist_remove_nvpair(errors, pair);
1347 size = fnvlist_size(errors);
1348 } while (size > max);
1350 fnvlist_remove_nvpair(errors, more_errors);
1351 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, n);
1352 ASSERT3U(fnvlist_size(errors), <=, max);
1359 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl)
1361 char *packed = NULL;
1365 size = fnvlist_size(nvl);
1367 if (size > zc->zc_nvlist_dst_size) {
1368 error = SET_ERROR(ENOMEM);
1370 packed = fnvlist_pack(nvl, &size);
1371 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst,
1372 size, zc->zc_iflags) != 0)
1373 error = SET_ERROR(EFAULT);
1374 fnvlist_pack_free(packed, size);
1377 zc->zc_nvlist_dst_size = size;
1378 zc->zc_nvlist_dst_filled = B_TRUE;
1383 getzfsvfs_impl(objset_t *os, zfsvfs_t **zfvp)
1386 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1387 return (SET_ERROR(EINVAL));
1390 mutex_enter(&os->os_user_ptr_lock);
1391 *zfvp = dmu_objset_get_user(os);
1392 /* bump s_active only when non-zero to prevent umount race */
1393 error = zfs_vfs_ref(zfvp);
1394 mutex_exit(&os->os_user_ptr_lock);
1399 getzfsvfs(const char *dsname, zfsvfs_t **zfvp)
1404 error = dmu_objset_hold(dsname, FTAG, &os);
1408 error = getzfsvfs_impl(os, zfvp);
1409 dmu_objset_rele(os, FTAG);
1414 * Find a zfsvfs_t for a mounted filesystem, or create our own, in which
1415 * case its z_sb will be NULL, and it will be opened as the owner.
1416 * If 'writer' is set, the z_teardown_lock will be held for RW_WRITER,
1417 * which prevents all inode ops from running.
1420 zfsvfs_hold(const char *name, void *tag, zfsvfs_t **zfvp, boolean_t writer)
1424 if (getzfsvfs(name, zfvp) != 0)
1425 error = zfsvfs_create(name, B_FALSE, zfvp);
1427 rrm_enter(&(*zfvp)->z_teardown_lock, (writer) ? RW_WRITER :
1429 if ((*zfvp)->z_unmounted) {
1431 * XXX we could probably try again, since the unmounting
1432 * thread should be just about to disassociate the
1433 * objset from the zfsvfs.
1435 rrm_exit(&(*zfvp)->z_teardown_lock, tag);
1436 return (SET_ERROR(EBUSY));
1443 zfsvfs_rele(zfsvfs_t *zfsvfs, void *tag)
1445 rrm_exit(&zfsvfs->z_teardown_lock, tag);
1447 if (zfs_vfs_held(zfsvfs)) {
1448 zfs_vfs_rele(zfsvfs);
1450 dmu_objset_disown(zfsvfs->z_os, B_TRUE, zfsvfs);
1451 zfsvfs_free(zfsvfs);
1456 zfs_ioc_pool_create(zfs_cmd_t *zc)
1459 nvlist_t *config, *props = NULL;
1460 nvlist_t *rootprops = NULL;
1461 nvlist_t *zplprops = NULL;
1462 dsl_crypto_params_t *dcp = NULL;
1463 char *spa_name = zc->zc_name;
1464 boolean_t unload_wkey = B_TRUE;
1466 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1467 zc->zc_iflags, &config)))
1470 if (zc->zc_nvlist_src_size != 0 && (error =
1471 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1472 zc->zc_iflags, &props))) {
1473 nvlist_free(config);
1478 nvlist_t *nvl = NULL;
1479 nvlist_t *hidden_args = NULL;
1480 uint64_t version = SPA_VERSION;
1483 (void) nvlist_lookup_uint64(props,
1484 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version);
1485 if (!SPA_VERSION_IS_SUPPORTED(version)) {
1486 error = SET_ERROR(EINVAL);
1487 goto pool_props_bad;
1489 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl);
1491 error = nvlist_dup(nvl, &rootprops, KM_SLEEP);
1493 goto pool_props_bad;
1494 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS);
1497 (void) nvlist_lookup_nvlist(props, ZPOOL_HIDDEN_ARGS,
1499 error = dsl_crypto_params_create_nvlist(DCP_CMD_NONE,
1500 rootprops, hidden_args, &dcp);
1502 goto pool_props_bad;
1503 (void) nvlist_remove_all(props, ZPOOL_HIDDEN_ARGS);
1505 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1506 error = zfs_fill_zplprops_root(version, rootprops,
1509 goto pool_props_bad;
1511 if (nvlist_lookup_string(props,
1512 zpool_prop_to_name(ZPOOL_PROP_TNAME), &tname) == 0)
1516 error = spa_create(zc->zc_name, config, props, zplprops, dcp);
1519 * Set the remaining root properties
1521 if (!error && (error = zfs_set_prop_nvlist(spa_name,
1522 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0) {
1523 (void) spa_destroy(spa_name);
1524 unload_wkey = B_FALSE; /* spa_destroy() unloads wrapping keys */
1528 nvlist_free(rootprops);
1529 nvlist_free(zplprops);
1530 nvlist_free(config);
1532 dsl_crypto_params_free(dcp, unload_wkey && !!error);
1538 zfs_ioc_pool_destroy(zfs_cmd_t *zc)
1541 zfs_log_history(zc);
1542 error = spa_destroy(zc->zc_name);
1548 zfs_ioc_pool_import(zfs_cmd_t *zc)
1550 nvlist_t *config, *props = NULL;
1554 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1555 zc->zc_iflags, &config)) != 0)
1558 if (zc->zc_nvlist_src_size != 0 && (error =
1559 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1560 zc->zc_iflags, &props))) {
1561 nvlist_free(config);
1565 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 ||
1566 guid != zc->zc_guid)
1567 error = SET_ERROR(EINVAL);
1569 error = spa_import(zc->zc_name, config, props, zc->zc_cookie);
1571 if (zc->zc_nvlist_dst != 0) {
1574 if ((err = put_nvlist(zc, config)) != 0)
1578 nvlist_free(config);
1585 zfs_ioc_pool_export(zfs_cmd_t *zc)
1588 boolean_t force = (boolean_t)zc->zc_cookie;
1589 boolean_t hardforce = (boolean_t)zc->zc_guid;
1591 zfs_log_history(zc);
1592 error = spa_export(zc->zc_name, NULL, force, hardforce);
1598 zfs_ioc_pool_configs(zfs_cmd_t *zc)
1603 if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL)
1604 return (SET_ERROR(EEXIST));
1606 error = put_nvlist(zc, configs);
1608 nvlist_free(configs);
1615 * zc_name name of the pool
1618 * zc_cookie real errno
1619 * zc_nvlist_dst config nvlist
1620 * zc_nvlist_dst_size size of config nvlist
1623 zfs_ioc_pool_stats(zfs_cmd_t *zc)
1629 error = spa_get_stats(zc->zc_name, &config, zc->zc_value,
1630 sizeof (zc->zc_value));
1632 if (config != NULL) {
1633 ret = put_nvlist(zc, config);
1634 nvlist_free(config);
1637 * The config may be present even if 'error' is non-zero.
1638 * In this case we return success, and preserve the real errno
1641 zc->zc_cookie = error;
1650 * Try to import the given pool, returning pool stats as appropriate so that
1651 * user land knows which devices are available and overall pool health.
1654 zfs_ioc_pool_tryimport(zfs_cmd_t *zc)
1656 nvlist_t *tryconfig, *config = NULL;
1659 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1660 zc->zc_iflags, &tryconfig)) != 0)
1663 config = spa_tryimport(tryconfig);
1665 nvlist_free(tryconfig);
1668 return (SET_ERROR(EINVAL));
1670 error = put_nvlist(zc, config);
1671 nvlist_free(config);
1678 * zc_name name of the pool
1679 * zc_cookie scan func (pool_scan_func_t)
1680 * zc_flags scrub pause/resume flag (pool_scrub_cmd_t)
1683 zfs_ioc_pool_scan(zfs_cmd_t *zc)
1688 if (zc->zc_flags >= POOL_SCRUB_FLAGS_END)
1689 return (SET_ERROR(EINVAL));
1691 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1694 if (zc->zc_flags == POOL_SCRUB_PAUSE)
1695 error = spa_scrub_pause_resume(spa, POOL_SCRUB_PAUSE);
1696 else if (zc->zc_cookie == POOL_SCAN_NONE)
1697 error = spa_scan_stop(spa);
1699 error = spa_scan(spa, zc->zc_cookie);
1701 spa_close(spa, FTAG);
1707 zfs_ioc_pool_freeze(zfs_cmd_t *zc)
1712 error = spa_open(zc->zc_name, &spa, FTAG);
1715 spa_close(spa, FTAG);
1721 zfs_ioc_pool_upgrade(zfs_cmd_t *zc)
1726 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1729 if (zc->zc_cookie < spa_version(spa) ||
1730 !SPA_VERSION_IS_SUPPORTED(zc->zc_cookie)) {
1731 spa_close(spa, FTAG);
1732 return (SET_ERROR(EINVAL));
1735 spa_upgrade(spa, zc->zc_cookie);
1736 spa_close(spa, FTAG);
1742 zfs_ioc_pool_get_history(zfs_cmd_t *zc)
1749 if ((size = zc->zc_history_len) == 0)
1750 return (SET_ERROR(EINVAL));
1752 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1755 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
1756 spa_close(spa, FTAG);
1757 return (SET_ERROR(ENOTSUP));
1760 hist_buf = vmem_alloc(size, KM_SLEEP);
1761 if ((error = spa_history_get(spa, &zc->zc_history_offset,
1762 &zc->zc_history_len, hist_buf)) == 0) {
1763 error = ddi_copyout(hist_buf,
1764 (void *)(uintptr_t)zc->zc_history,
1765 zc->zc_history_len, zc->zc_iflags);
1768 spa_close(spa, FTAG);
1769 vmem_free(hist_buf, size);
1774 zfs_ioc_pool_reguid(zfs_cmd_t *zc)
1779 error = spa_open(zc->zc_name, &spa, FTAG);
1781 error = spa_change_guid(spa);
1782 spa_close(spa, FTAG);
1788 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc)
1790 return (dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value));
1795 * zc_name name of filesystem
1796 * zc_obj object to find
1799 * zc_value name of object
1802 zfs_ioc_obj_to_path(zfs_cmd_t *zc)
1807 /* XXX reading from objset not owned */
1808 if ((error = dmu_objset_hold_flags(zc->zc_name, B_TRUE,
1811 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1812 dmu_objset_rele_flags(os, B_TRUE, FTAG);
1813 return (SET_ERROR(EINVAL));
1815 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value,
1816 sizeof (zc->zc_value));
1817 dmu_objset_rele_flags(os, B_TRUE, FTAG);
1824 * zc_name name of filesystem
1825 * zc_obj object to find
1828 * zc_stat stats on object
1829 * zc_value path to object
1832 zfs_ioc_obj_to_stats(zfs_cmd_t *zc)
1837 /* XXX reading from objset not owned */
1838 if ((error = dmu_objset_hold_flags(zc->zc_name, B_TRUE,
1841 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1842 dmu_objset_rele_flags(os, B_TRUE, FTAG);
1843 return (SET_ERROR(EINVAL));
1845 error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value,
1846 sizeof (zc->zc_value));
1847 dmu_objset_rele_flags(os, B_TRUE, FTAG);
1853 zfs_ioc_vdev_add(zfs_cmd_t *zc)
1859 error = spa_open(zc->zc_name, &spa, FTAG);
1863 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1864 zc->zc_iflags, &config);
1866 error = spa_vdev_add(spa, config);
1867 nvlist_free(config);
1869 spa_close(spa, FTAG);
1875 * zc_name name of the pool
1876 * zc_guid guid of vdev to remove
1877 * zc_cookie cancel removal
1880 zfs_ioc_vdev_remove(zfs_cmd_t *zc)
1885 error = spa_open(zc->zc_name, &spa, FTAG);
1888 if (zc->zc_cookie != 0) {
1889 error = spa_vdev_remove_cancel(spa);
1891 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE);
1893 spa_close(spa, FTAG);
1898 zfs_ioc_vdev_set_state(zfs_cmd_t *zc)
1902 vdev_state_t newstate = VDEV_STATE_UNKNOWN;
1904 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1906 switch (zc->zc_cookie) {
1907 case VDEV_STATE_ONLINE:
1908 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate);
1911 case VDEV_STATE_OFFLINE:
1912 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj);
1915 case VDEV_STATE_FAULTED:
1916 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1917 zc->zc_obj != VDEV_AUX_EXTERNAL &&
1918 zc->zc_obj != VDEV_AUX_EXTERNAL_PERSIST)
1919 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1921 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj);
1924 case VDEV_STATE_DEGRADED:
1925 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1926 zc->zc_obj != VDEV_AUX_EXTERNAL)
1927 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1929 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj);
1933 error = SET_ERROR(EINVAL);
1935 zc->zc_cookie = newstate;
1936 spa_close(spa, FTAG);
1941 zfs_ioc_vdev_attach(zfs_cmd_t *zc)
1944 int replacing = zc->zc_cookie;
1948 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1951 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1952 zc->zc_iflags, &config)) == 0) {
1953 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing);
1954 nvlist_free(config);
1957 spa_close(spa, FTAG);
1962 zfs_ioc_vdev_detach(zfs_cmd_t *zc)
1967 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1970 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE);
1972 spa_close(spa, FTAG);
1977 zfs_ioc_vdev_split(zfs_cmd_t *zc)
1980 nvlist_t *config, *props = NULL;
1982 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT);
1984 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1987 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1988 zc->zc_iflags, &config))) {
1989 spa_close(spa, FTAG);
1993 if (zc->zc_nvlist_src_size != 0 && (error =
1994 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1995 zc->zc_iflags, &props))) {
1996 spa_close(spa, FTAG);
1997 nvlist_free(config);
2001 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp);
2003 spa_close(spa, FTAG);
2005 nvlist_free(config);
2012 zfs_ioc_vdev_setpath(zfs_cmd_t *zc)
2015 char *path = zc->zc_value;
2016 uint64_t guid = zc->zc_guid;
2019 error = spa_open(zc->zc_name, &spa, FTAG);
2023 error = spa_vdev_setpath(spa, guid, path);
2024 spa_close(spa, FTAG);
2029 zfs_ioc_vdev_setfru(zfs_cmd_t *zc)
2032 char *fru = zc->zc_value;
2033 uint64_t guid = zc->zc_guid;
2036 error = spa_open(zc->zc_name, &spa, FTAG);
2040 error = spa_vdev_setfru(spa, guid, fru);
2041 spa_close(spa, FTAG);
2046 zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os)
2051 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
2053 if (zc->zc_nvlist_dst != 0 &&
2054 (error = dsl_prop_get_all(os, &nv)) == 0) {
2055 dmu_objset_stats(os, nv);
2057 * NB: zvol_get_stats() will read the objset contents,
2058 * which we aren't supposed to do with a
2059 * DS_MODE_USER hold, because it could be
2060 * inconsistent. So this is a bit of a workaround...
2061 * XXX reading without owning
2063 if (!zc->zc_objset_stats.dds_inconsistent &&
2064 dmu_objset_type(os) == DMU_OST_ZVOL) {
2065 error = zvol_get_stats(os, nv);
2073 error = put_nvlist(zc, nv);
2082 * zc_name name of filesystem
2083 * zc_nvlist_dst_size size of buffer for property nvlist
2086 * zc_objset_stats stats
2087 * zc_nvlist_dst property nvlist
2088 * zc_nvlist_dst_size size of property nvlist
2091 zfs_ioc_objset_stats(zfs_cmd_t *zc)
2096 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2098 error = zfs_ioc_objset_stats_impl(zc, os);
2099 dmu_objset_rele(os, FTAG);
2107 * zc_name name of filesystem
2108 * zc_nvlist_dst_size size of buffer for property nvlist
2111 * zc_nvlist_dst received property nvlist
2112 * zc_nvlist_dst_size size of received property nvlist
2114 * Gets received properties (distinct from local properties on or after
2115 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from
2116 * local property values.
2119 zfs_ioc_objset_recvd_props(zfs_cmd_t *zc)
2125 * Without this check, we would return local property values if the
2126 * caller has not already received properties on or after
2127 * SPA_VERSION_RECVD_PROPS.
2129 if (!dsl_prop_get_hasrecvd(zc->zc_name))
2130 return (SET_ERROR(ENOTSUP));
2132 if (zc->zc_nvlist_dst != 0 &&
2133 (error = dsl_prop_get_received(zc->zc_name, &nv)) == 0) {
2134 error = put_nvlist(zc, nv);
2142 nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop)
2148 * zfs_get_zplprop() will either find a value or give us
2149 * the default value (if there is one).
2151 if ((error = zfs_get_zplprop(os, prop, &value)) != 0)
2153 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0);
2159 * zc_name name of filesystem
2160 * zc_nvlist_dst_size size of buffer for zpl property nvlist
2163 * zc_nvlist_dst zpl property nvlist
2164 * zc_nvlist_dst_size size of zpl property nvlist
2167 zfs_ioc_objset_zplprops(zfs_cmd_t *zc)
2172 /* XXX reading without owning */
2173 if ((err = dmu_objset_hold(zc->zc_name, FTAG, &os)))
2176 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
2179 * NB: nvl_add_zplprop() will read the objset contents,
2180 * which we aren't supposed to do with a DS_MODE_USER
2181 * hold, because it could be inconsistent.
2183 if (zc->zc_nvlist_dst != 0 &&
2184 !zc->zc_objset_stats.dds_inconsistent &&
2185 dmu_objset_type(os) == DMU_OST_ZFS) {
2188 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2189 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 &&
2190 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 &&
2191 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 &&
2192 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0)
2193 err = put_nvlist(zc, nv);
2196 err = SET_ERROR(ENOENT);
2198 dmu_objset_rele(os, FTAG);
2204 * zc_name name of filesystem
2205 * zc_cookie zap cursor
2206 * zc_nvlist_dst_size size of buffer for property nvlist
2209 * zc_name name of next filesystem
2210 * zc_cookie zap cursor
2211 * zc_objset_stats stats
2212 * zc_nvlist_dst property nvlist
2213 * zc_nvlist_dst_size size of property nvlist
2216 zfs_ioc_dataset_list_next(zfs_cmd_t *zc)
2221 size_t orig_len = strlen(zc->zc_name);
2224 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os))) {
2225 if (error == ENOENT)
2226 error = SET_ERROR(ESRCH);
2230 p = strrchr(zc->zc_name, '/');
2231 if (p == NULL || p[1] != '\0')
2232 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name));
2233 p = zc->zc_name + strlen(zc->zc_name);
2236 error = dmu_dir_list_next(os,
2237 sizeof (zc->zc_name) - (p - zc->zc_name), p,
2238 NULL, &zc->zc_cookie);
2239 if (error == ENOENT)
2240 error = SET_ERROR(ESRCH);
2241 } while (error == 0 && zfs_dataset_name_hidden(zc->zc_name));
2242 dmu_objset_rele(os, FTAG);
2245 * If it's an internal dataset (ie. with a '$' in its name),
2246 * don't try to get stats for it, otherwise we'll return ENOENT.
2248 if (error == 0 && strchr(zc->zc_name, '$') == NULL) {
2249 error = zfs_ioc_objset_stats(zc); /* fill in the stats */
2250 if (error == ENOENT) {
2251 /* We lost a race with destroy, get the next one. */
2252 zc->zc_name[orig_len] = '\0';
2261 * zc_name name of filesystem
2262 * zc_cookie zap cursor
2263 * zc_nvlist_src iteration range nvlist
2264 * zc_nvlist_src_size size of iteration range nvlist
2267 * zc_name name of next snapshot
2268 * zc_objset_stats stats
2269 * zc_nvlist_dst property nvlist
2270 * zc_nvlist_dst_size size of property nvlist
2273 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc)
2276 objset_t *os, *ossnap;
2278 uint64_t min_txg = 0, max_txg = 0;
2280 if (zc->zc_nvlist_src_size != 0) {
2281 nvlist_t *props = NULL;
2282 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2283 zc->zc_iflags, &props);
2286 (void) nvlist_lookup_uint64(props, SNAP_ITER_MIN_TXG,
2288 (void) nvlist_lookup_uint64(props, SNAP_ITER_MAX_TXG,
2293 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2295 return (error == ENOENT ? SET_ERROR(ESRCH) : error);
2299 * A dataset name of maximum length cannot have any snapshots,
2300 * so exit immediately.
2302 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >=
2303 ZFS_MAX_DATASET_NAME_LEN) {
2304 dmu_objset_rele(os, FTAG);
2305 return (SET_ERROR(ESRCH));
2308 while (error == 0) {
2309 if (issig(JUSTLOOKING) && issig(FORREAL)) {
2310 error = SET_ERROR(EINTR);
2314 error = dmu_snapshot_list_next(os,
2315 sizeof (zc->zc_name) - strlen(zc->zc_name),
2316 zc->zc_name + strlen(zc->zc_name), &zc->zc_obj,
2317 &zc->zc_cookie, NULL);
2318 if (error == ENOENT) {
2319 error = SET_ERROR(ESRCH);
2321 } else if (error != 0) {
2325 error = dsl_dataset_hold_obj(dmu_objset_pool(os), zc->zc_obj,
2330 if ((min_txg != 0 && dsl_get_creationtxg(ds) < min_txg) ||
2331 (max_txg != 0 && dsl_get_creationtxg(ds) > max_txg)) {
2332 dsl_dataset_rele(ds, FTAG);
2333 /* undo snapshot name append */
2334 *(strchr(zc->zc_name, '@') + 1) = '\0';
2339 if (zc->zc_simple) {
2340 dsl_dataset_rele(ds, FTAG);
2344 if ((error = dmu_objset_from_ds(ds, &ossnap)) != 0) {
2345 dsl_dataset_rele(ds, FTAG);
2348 if ((error = zfs_ioc_objset_stats_impl(zc, ossnap)) != 0) {
2349 dsl_dataset_rele(ds, FTAG);
2352 dsl_dataset_rele(ds, FTAG);
2356 dmu_objset_rele(os, FTAG);
2357 /* if we failed, undo the @ that we tacked on to zc_name */
2359 *strchr(zc->zc_name, '@') = '\0';
2364 zfs_prop_set_userquota(const char *dsname, nvpair_t *pair)
2366 const char *propname = nvpair_name(pair);
2368 unsigned int vallen;
2371 zfs_userquota_prop_t type;
2377 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2379 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2380 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2382 return (SET_ERROR(EINVAL));
2386 * A correctly constructed propname is encoded as
2387 * userquota@<rid>-<domain>.
2389 if ((dash = strchr(propname, '-')) == NULL ||
2390 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 ||
2392 return (SET_ERROR(EINVAL));
2399 err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE);
2401 err = zfs_set_userquota(zfsvfs, type, domain, rid, quota);
2402 zfsvfs_rele(zfsvfs, FTAG);
2409 * If the named property is one that has a special function to set its value,
2410 * return 0 on success and a positive error code on failure; otherwise if it is
2411 * not one of the special properties handled by this function, return -1.
2413 * XXX: It would be better for callers of the property interface if we handled
2414 * these special cases in dsl_prop.c (in the dsl layer).
2417 zfs_prop_set_special(const char *dsname, zprop_source_t source,
2420 const char *propname = nvpair_name(pair);
2421 zfs_prop_t prop = zfs_name_to_prop(propname);
2422 uint64_t intval = 0;
2423 char *strval = NULL;
2426 if (prop == ZPROP_INVAL) {
2427 if (zfs_prop_userquota(propname))
2428 return (zfs_prop_set_userquota(dsname, pair));
2432 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2434 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2435 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2439 /* all special properties are numeric except for keylocation */
2440 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING) {
2441 strval = fnvpair_value_string(pair);
2443 intval = fnvpair_value_uint64(pair);
2447 case ZFS_PROP_QUOTA:
2448 err = dsl_dir_set_quota(dsname, source, intval);
2450 case ZFS_PROP_REFQUOTA:
2451 err = dsl_dataset_set_refquota(dsname, source, intval);
2453 case ZFS_PROP_FILESYSTEM_LIMIT:
2454 case ZFS_PROP_SNAPSHOT_LIMIT:
2455 if (intval == UINT64_MAX) {
2456 /* clearing the limit, just do it */
2459 err = dsl_dir_activate_fs_ss_limit(dsname);
2462 * Set err to -1 to force the zfs_set_prop_nvlist code down the
2463 * default path to set the value in the nvlist.
2468 case ZFS_PROP_KEYLOCATION:
2469 err = dsl_crypto_can_set_keylocation(dsname, strval);
2472 * Set err to -1 to force the zfs_set_prop_nvlist code down the
2473 * default path to set the value in the nvlist.
2478 case ZFS_PROP_RESERVATION:
2479 err = dsl_dir_set_reservation(dsname, source, intval);
2481 case ZFS_PROP_REFRESERVATION:
2482 err = dsl_dataset_set_refreservation(dsname, source, intval);
2484 case ZFS_PROP_VOLSIZE:
2485 err = zvol_set_volsize(dsname, intval);
2487 case ZFS_PROP_SNAPDEV:
2488 err = zvol_set_snapdev(dsname, source, intval);
2490 case ZFS_PROP_VOLMODE:
2491 err = zvol_set_volmode(dsname, source, intval);
2493 case ZFS_PROP_VERSION:
2497 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0)
2500 err = zfs_set_version(zfsvfs, intval);
2501 zfsvfs_rele(zfsvfs, FTAG);
2503 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) {
2506 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
2507 (void) strlcpy(zc->zc_name, dsname,
2508 sizeof (zc->zc_name));
2509 (void) zfs_ioc_userspace_upgrade(zc);
2510 (void) zfs_ioc_id_quota_upgrade(zc);
2511 kmem_free(zc, sizeof (zfs_cmd_t));
2523 * This function is best effort. If it fails to set any of the given properties,
2524 * it continues to set as many as it can and returns the last error
2525 * encountered. If the caller provides a non-NULL errlist, it will be filled in
2526 * with the list of names of all the properties that failed along with the
2527 * corresponding error numbers.
2529 * If every property is set successfully, zero is returned and errlist is not
2533 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl,
2542 nvlist_t *genericnvl = fnvlist_alloc();
2543 nvlist_t *retrynvl = fnvlist_alloc();
2546 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2547 const char *propname = nvpair_name(pair);
2548 zfs_prop_t prop = zfs_name_to_prop(propname);
2551 /* decode the property value */
2553 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2555 attrs = fnvpair_value_nvlist(pair);
2556 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2558 err = SET_ERROR(EINVAL);
2561 /* Validate value type */
2562 if (err == 0 && source == ZPROP_SRC_INHERITED) {
2563 /* inherited properties are expected to be booleans */
2564 if (nvpair_type(propval) != DATA_TYPE_BOOLEAN)
2565 err = SET_ERROR(EINVAL);
2566 } else if (err == 0 && prop == ZPROP_INVAL) {
2567 if (zfs_prop_user(propname)) {
2568 if (nvpair_type(propval) != DATA_TYPE_STRING)
2569 err = SET_ERROR(EINVAL);
2570 } else if (zfs_prop_userquota(propname)) {
2571 if (nvpair_type(propval) !=
2572 DATA_TYPE_UINT64_ARRAY)
2573 err = SET_ERROR(EINVAL);
2575 err = SET_ERROR(EINVAL);
2577 } else if (err == 0) {
2578 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2579 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING)
2580 err = SET_ERROR(EINVAL);
2581 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) {
2584 intval = fnvpair_value_uint64(propval);
2586 switch (zfs_prop_get_type(prop)) {
2587 case PROP_TYPE_NUMBER:
2589 case PROP_TYPE_STRING:
2590 err = SET_ERROR(EINVAL);
2592 case PROP_TYPE_INDEX:
2593 if (zfs_prop_index_to_string(prop,
2594 intval, &unused) != 0)
2595 err = SET_ERROR(EINVAL);
2599 "unknown property type");
2602 err = SET_ERROR(EINVAL);
2606 /* Validate permissions */
2608 err = zfs_check_settable(dsname, pair, CRED());
2611 if (source == ZPROP_SRC_INHERITED)
2612 err = -1; /* does not need special handling */
2614 err = zfs_prop_set_special(dsname, source,
2618 * For better performance we build up a list of
2619 * properties to set in a single transaction.
2621 err = nvlist_add_nvpair(genericnvl, pair);
2622 } else if (err != 0 && nvl != retrynvl) {
2624 * This may be a spurious error caused by
2625 * receiving quota and reservation out of order.
2626 * Try again in a second pass.
2628 err = nvlist_add_nvpair(retrynvl, pair);
2633 if (errlist != NULL)
2634 fnvlist_add_int32(errlist, propname, err);
2639 if (nvl != retrynvl && !nvlist_empty(retrynvl)) {
2644 if (!nvlist_empty(genericnvl) &&
2645 dsl_props_set(dsname, source, genericnvl) != 0) {
2647 * If this fails, we still want to set as many properties as we
2648 * can, so try setting them individually.
2651 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) {
2652 const char *propname = nvpair_name(pair);
2656 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2658 attrs = fnvpair_value_nvlist(pair);
2659 propval = fnvlist_lookup_nvpair(attrs,
2663 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2664 strval = fnvpair_value_string(propval);
2665 err = dsl_prop_set_string(dsname, propname,
2667 } else if (nvpair_type(propval) == DATA_TYPE_BOOLEAN) {
2668 err = dsl_prop_inherit(dsname, propname,
2671 intval = fnvpair_value_uint64(propval);
2672 err = dsl_prop_set_int(dsname, propname, source,
2677 if (errlist != NULL) {
2678 fnvlist_add_int32(errlist, propname,
2685 nvlist_free(genericnvl);
2686 nvlist_free(retrynvl);
2692 * Check that all the properties are valid user properties.
2695 zfs_check_userprops(nvlist_t *nvl)
2697 nvpair_t *pair = NULL;
2699 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2700 const char *propname = nvpair_name(pair);
2702 if (!zfs_prop_user(propname) ||
2703 nvpair_type(pair) != DATA_TYPE_STRING)
2704 return (SET_ERROR(EINVAL));
2706 if (strlen(propname) >= ZAP_MAXNAMELEN)
2707 return (SET_ERROR(ENAMETOOLONG));
2709 if (strlen(fnvpair_value_string(pair)) >= ZAP_MAXVALUELEN)
2710 return (SET_ERROR(E2BIG));
2716 props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops)
2720 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2723 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) {
2724 if (nvlist_exists(skipped, nvpair_name(pair)))
2727 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0);
2732 clear_received_props(const char *dsname, nvlist_t *props,
2736 nvlist_t *cleared_props = NULL;
2737 props_skip(props, skipped, &cleared_props);
2738 if (!nvlist_empty(cleared_props)) {
2740 * Acts on local properties until the dataset has received
2741 * properties at least once on or after SPA_VERSION_RECVD_PROPS.
2743 zprop_source_t flags = (ZPROP_SRC_NONE |
2744 (dsl_prop_get_hasrecvd(dsname) ? ZPROP_SRC_RECEIVED : 0));
2745 err = zfs_set_prop_nvlist(dsname, flags, cleared_props, NULL);
2747 nvlist_free(cleared_props);
2753 * zc_name name of filesystem
2754 * zc_value name of property to set
2755 * zc_nvlist_src{_size} nvlist of properties to apply
2756 * zc_cookie received properties flag
2759 * zc_nvlist_dst{_size} error for each unapplied received property
2762 zfs_ioc_set_prop(zfs_cmd_t *zc)
2765 boolean_t received = zc->zc_cookie;
2766 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED :
2771 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2772 zc->zc_iflags, &nvl)) != 0)
2776 nvlist_t *origprops;
2778 if (dsl_prop_get_received(zc->zc_name, &origprops) == 0) {
2779 (void) clear_received_props(zc->zc_name,
2781 nvlist_free(origprops);
2784 error = dsl_prop_set_hasrecvd(zc->zc_name);
2787 errors = fnvlist_alloc();
2789 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, errors);
2791 if (zc->zc_nvlist_dst != 0 && errors != NULL) {
2792 (void) put_nvlist(zc, errors);
2795 nvlist_free(errors);
2802 * zc_name name of filesystem
2803 * zc_value name of property to inherit
2804 * zc_cookie revert to received value if TRUE
2809 zfs_ioc_inherit_prop(zfs_cmd_t *zc)
2811 const char *propname = zc->zc_value;
2812 zfs_prop_t prop = zfs_name_to_prop(propname);
2813 boolean_t received = zc->zc_cookie;
2814 zprop_source_t source = (received
2815 ? ZPROP_SRC_NONE /* revert to received value, if any */
2816 : ZPROP_SRC_INHERITED); /* explicitly inherit */
2824 * Only check this in the non-received case. We want to allow
2825 * 'inherit -S' to revert non-inheritable properties like quota
2826 * and reservation to the received or default values even though
2827 * they are not considered inheritable.
2829 if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop))
2830 return (SET_ERROR(EINVAL));
2833 if (prop == ZPROP_INVAL) {
2834 if (!zfs_prop_user(propname))
2835 return (SET_ERROR(EINVAL));
2837 type = PROP_TYPE_STRING;
2838 } else if (prop == ZFS_PROP_VOLSIZE || prop == ZFS_PROP_VERSION) {
2839 return (SET_ERROR(EINVAL));
2841 type = zfs_prop_get_type(prop);
2845 * zfs_prop_set_special() expects properties in the form of an
2846 * nvpair with type info.
2848 dummy = fnvlist_alloc();
2851 case PROP_TYPE_STRING:
2852 VERIFY(0 == nvlist_add_string(dummy, propname, ""));
2854 case PROP_TYPE_NUMBER:
2855 case PROP_TYPE_INDEX:
2856 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0));
2859 err = SET_ERROR(EINVAL);
2863 pair = nvlist_next_nvpair(dummy, NULL);
2865 err = SET_ERROR(EINVAL);
2867 err = zfs_prop_set_special(zc->zc_name, source, pair);
2868 if (err == -1) /* property is not "special", needs handling */
2869 err = dsl_prop_inherit(zc->zc_name, zc->zc_value,
2879 zfs_ioc_pool_set_props(zfs_cmd_t *zc)
2886 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2887 zc->zc_iflags, &props)))
2891 * If the only property is the configfile, then just do a spa_lookup()
2892 * to handle the faulted case.
2894 pair = nvlist_next_nvpair(props, NULL);
2895 if (pair != NULL && strcmp(nvpair_name(pair),
2896 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 &&
2897 nvlist_next_nvpair(props, pair) == NULL) {
2898 mutex_enter(&spa_namespace_lock);
2899 if ((spa = spa_lookup(zc->zc_name)) != NULL) {
2900 spa_configfile_set(spa, props, B_FALSE);
2901 spa_write_cachefile(spa, B_FALSE, B_TRUE);
2903 mutex_exit(&spa_namespace_lock);
2910 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2915 error = spa_prop_set(spa, props);
2918 spa_close(spa, FTAG);
2924 zfs_ioc_pool_get_props(zfs_cmd_t *zc)
2928 nvlist_t *nvp = NULL;
2930 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2932 * If the pool is faulted, there may be properties we can still
2933 * get (such as altroot and cachefile), so attempt to get them
2936 mutex_enter(&spa_namespace_lock);
2937 if ((spa = spa_lookup(zc->zc_name)) != NULL)
2938 error = spa_prop_get(spa, &nvp);
2939 mutex_exit(&spa_namespace_lock);
2941 error = spa_prop_get(spa, &nvp);
2942 spa_close(spa, FTAG);
2945 if (error == 0 && zc->zc_nvlist_dst != 0)
2946 error = put_nvlist(zc, nvp);
2948 error = SET_ERROR(EFAULT);
2956 * zc_name name of filesystem
2957 * zc_nvlist_src{_size} nvlist of delegated permissions
2958 * zc_perm_action allow/unallow flag
2963 zfs_ioc_set_fsacl(zfs_cmd_t *zc)
2966 nvlist_t *fsaclnv = NULL;
2968 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2969 zc->zc_iflags, &fsaclnv)) != 0)
2973 * Verify nvlist is constructed correctly
2975 if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) {
2976 nvlist_free(fsaclnv);
2977 return (SET_ERROR(EINVAL));
2981 * If we don't have PRIV_SYS_MOUNT, then validate
2982 * that user is allowed to hand out each permission in
2986 error = secpolicy_zfs(CRED());
2988 if (zc->zc_perm_action == B_FALSE) {
2989 error = dsl_deleg_can_allow(zc->zc_name,
2992 error = dsl_deleg_can_unallow(zc->zc_name,
2998 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action);
3000 nvlist_free(fsaclnv);
3006 * zc_name name of filesystem
3009 * zc_nvlist_src{_size} nvlist of delegated permissions
3012 zfs_ioc_get_fsacl(zfs_cmd_t *zc)
3017 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) {
3018 error = put_nvlist(zc, nvp);
3027 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx)
3029 zfs_creat_t *zct = arg;
3031 zfs_create_fs(os, cr, zct->zct_zplprops, tx);
3034 #define ZFS_PROP_UNDEFINED ((uint64_t)-1)
3038 * os parent objset pointer (NULL if root fs)
3039 * fuids_ok fuids allowed in this version of the spa?
3040 * sa_ok SAs allowed in this version of the spa?
3041 * createprops list of properties requested by creator
3044 * zplprops values for the zplprops we attach to the master node object
3045 * is_ci true if requested file system will be purely case-insensitive
3047 * Determine the settings for utf8only, normalization and
3048 * casesensitivity. Specific values may have been requested by the
3049 * creator and/or we can inherit values from the parent dataset. If
3050 * the file system is of too early a vintage, a creator can not
3051 * request settings for these properties, even if the requested
3052 * setting is the default value. We don't actually want to create dsl
3053 * properties for these, so remove them from the source nvlist after
3057 zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver,
3058 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops,
3059 nvlist_t *zplprops, boolean_t *is_ci)
3061 uint64_t sense = ZFS_PROP_UNDEFINED;
3062 uint64_t norm = ZFS_PROP_UNDEFINED;
3063 uint64_t u8 = ZFS_PROP_UNDEFINED;
3066 ASSERT(zplprops != NULL);
3068 /* parent dataset must be a filesystem */
3069 if (os != NULL && os->os_phys->os_type != DMU_OST_ZFS)
3070 return (SET_ERROR(ZFS_ERR_WRONG_PARENT));
3073 * Pull out creator prop choices, if any.
3076 (void) nvlist_lookup_uint64(createprops,
3077 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver);
3078 (void) nvlist_lookup_uint64(createprops,
3079 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm);
3080 (void) nvlist_remove_all(createprops,
3081 zfs_prop_to_name(ZFS_PROP_NORMALIZE));
3082 (void) nvlist_lookup_uint64(createprops,
3083 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8);
3084 (void) nvlist_remove_all(createprops,
3085 zfs_prop_to_name(ZFS_PROP_UTF8ONLY));
3086 (void) nvlist_lookup_uint64(createprops,
3087 zfs_prop_to_name(ZFS_PROP_CASE), &sense);
3088 (void) nvlist_remove_all(createprops,
3089 zfs_prop_to_name(ZFS_PROP_CASE));
3093 * If the zpl version requested is whacky or the file system
3094 * or pool is version is too "young" to support normalization
3095 * and the creator tried to set a value for one of the props,
3098 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) ||
3099 (zplver >= ZPL_VERSION_FUID && !fuids_ok) ||
3100 (zplver >= ZPL_VERSION_SA && !sa_ok) ||
3101 (zplver < ZPL_VERSION_NORMALIZATION &&
3102 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED ||
3103 sense != ZFS_PROP_UNDEFINED)))
3104 return (SET_ERROR(ENOTSUP));
3107 * Put the version in the zplprops
3109 VERIFY(nvlist_add_uint64(zplprops,
3110 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0);
3112 if (norm == ZFS_PROP_UNDEFINED &&
3113 (error = zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm)) != 0)
3115 VERIFY(nvlist_add_uint64(zplprops,
3116 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0);
3119 * If we're normalizing, names must always be valid UTF-8 strings.
3123 if (u8 == ZFS_PROP_UNDEFINED &&
3124 (error = zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8)) != 0)
3126 VERIFY(nvlist_add_uint64(zplprops,
3127 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0);
3129 if (sense == ZFS_PROP_UNDEFINED &&
3130 (error = zfs_get_zplprop(os, ZFS_PROP_CASE, &sense)) != 0)
3132 VERIFY(nvlist_add_uint64(zplprops,
3133 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0);
3136 *is_ci = (sense == ZFS_CASE_INSENSITIVE);
3142 zfs_fill_zplprops(const char *dataset, nvlist_t *createprops,
3143 nvlist_t *zplprops, boolean_t *is_ci)
3145 boolean_t fuids_ok, sa_ok;
3146 uint64_t zplver = ZPL_VERSION;
3147 objset_t *os = NULL;
3148 char parentname[ZFS_MAX_DATASET_NAME_LEN];
3153 zfs_get_parent(dataset, parentname, sizeof (parentname));
3155 if ((error = spa_open(dataset, &spa, FTAG)) != 0)
3158 spa_vers = spa_version(spa);
3159 spa_close(spa, FTAG);
3161 zplver = zfs_zpl_version_map(spa_vers);
3162 fuids_ok = (zplver >= ZPL_VERSION_FUID);
3163 sa_ok = (zplver >= ZPL_VERSION_SA);
3166 * Open parent object set so we can inherit zplprop values.
3168 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0)
3171 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops,
3173 dmu_objset_rele(os, FTAG);
3178 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops,
3179 nvlist_t *zplprops, boolean_t *is_ci)
3183 uint64_t zplver = ZPL_VERSION;
3186 zplver = zfs_zpl_version_map(spa_vers);
3187 fuids_ok = (zplver >= ZPL_VERSION_FUID);
3188 sa_ok = (zplver >= ZPL_VERSION_SA);
3190 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok,
3191 createprops, zplprops, is_ci);
3197 * "type" -> dmu_objset_type_t (int32)
3198 * (optional) "props" -> { prop -> value }
3199 * (optional) "hidden_args" -> { "wkeydata" -> value }
3200 * raw uint8_t array of encryption wrapping key data (32 bytes)
3203 * outnvl: propname -> error code (int32)
3206 static const zfs_ioc_key_t zfs_keys_create[] = {
3207 {"type", DATA_TYPE_INT32, 0},
3208 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3209 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3213 zfs_ioc_create(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3216 zfs_creat_t zct = { 0 };
3217 nvlist_t *nvprops = NULL;
3218 nvlist_t *hidden_args = NULL;
3219 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx);
3220 dmu_objset_type_t type;
3221 boolean_t is_insensitive = B_FALSE;
3222 dsl_crypto_params_t *dcp = NULL;
3224 type = (dmu_objset_type_t)fnvlist_lookup_int32(innvl, "type");
3225 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3226 (void) nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args);
3230 cbfunc = zfs_create_cb;
3234 cbfunc = zvol_create_cb;
3241 if (strchr(fsname, '@') ||
3242 strchr(fsname, '%'))
3243 return (SET_ERROR(EINVAL));
3245 zct.zct_props = nvprops;
3248 return (SET_ERROR(EINVAL));
3250 if (type == DMU_OST_ZVOL) {
3251 uint64_t volsize, volblocksize;
3253 if (nvprops == NULL)
3254 return (SET_ERROR(EINVAL));
3255 if (nvlist_lookup_uint64(nvprops,
3256 zfs_prop_to_name(ZFS_PROP_VOLSIZE), &volsize) != 0)
3257 return (SET_ERROR(EINVAL));
3259 if ((error = nvlist_lookup_uint64(nvprops,
3260 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
3261 &volblocksize)) != 0 && error != ENOENT)
3262 return (SET_ERROR(EINVAL));
3265 volblocksize = zfs_prop_default_numeric(
3266 ZFS_PROP_VOLBLOCKSIZE);
3268 if ((error = zvol_check_volblocksize(fsname,
3269 volblocksize)) != 0 ||
3270 (error = zvol_check_volsize(volsize,
3271 volblocksize)) != 0)
3273 } else if (type == DMU_OST_ZFS) {
3277 * We have to have normalization and
3278 * case-folding flags correct when we do the
3279 * file system creation, so go figure them out
3282 VERIFY(nvlist_alloc(&zct.zct_zplprops,
3283 NV_UNIQUE_NAME, KM_SLEEP) == 0);
3284 error = zfs_fill_zplprops(fsname, nvprops,
3285 zct.zct_zplprops, &is_insensitive);
3287 nvlist_free(zct.zct_zplprops);
3292 error = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, nvprops,
3295 nvlist_free(zct.zct_zplprops);
3299 error = dmu_objset_create(fsname, type,
3300 is_insensitive ? DS_FLAG_CI_DATASET : 0, dcp, cbfunc, &zct);
3302 nvlist_free(zct.zct_zplprops);
3303 dsl_crypto_params_free(dcp, !!error);
3306 * It would be nice to do this atomically.
3309 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3316 * Volumes will return EBUSY and cannot be destroyed
3317 * until all asynchronous minor handling (e.g. from
3318 * setting the volmode property) has completed. Wait for
3319 * the spa_zvol_taskq to drain then retry.
3321 error2 = dsl_destroy_head(fsname);
3322 while ((error2 == EBUSY) && (type == DMU_OST_ZVOL)) {
3323 error2 = spa_open(fsname, &spa, FTAG);
3325 taskq_wait(spa->spa_zvol_taskq);
3326 spa_close(spa, FTAG);
3328 error2 = dsl_destroy_head(fsname);
3337 * "origin" -> name of origin snapshot
3338 * (optional) "props" -> { prop -> value }
3339 * (optional) "hidden_args" -> { "wkeydata" -> value }
3340 * raw uint8_t array of encryption wrapping key data (32 bytes)
3344 * outnvl: propname -> error code (int32)
3346 static const zfs_ioc_key_t zfs_keys_clone[] = {
3347 {"origin", DATA_TYPE_STRING, 0},
3348 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3349 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3353 zfs_ioc_clone(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3356 nvlist_t *nvprops = NULL;
3359 origin_name = fnvlist_lookup_string(innvl, "origin");
3360 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3362 if (strchr(fsname, '@') ||
3363 strchr(fsname, '%'))
3364 return (SET_ERROR(EINVAL));
3366 if (dataset_namecheck(origin_name, NULL, NULL) != 0)
3367 return (SET_ERROR(EINVAL));
3369 error = dmu_objset_clone(fsname, origin_name);
3372 * It would be nice to do this atomically.
3375 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3378 (void) dsl_destroy_head(fsname);
3383 static const zfs_ioc_key_t zfs_keys_remap[] = {
3389 zfs_ioc_remap(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3391 /* This IOCTL is no longer supported. */
3397 * "snaps" -> { snapshot1, snapshot2 }
3398 * (optional) "props" -> { prop -> value (string) }
3401 * outnvl: snapshot -> error code (int32)
3403 static const zfs_ioc_key_t zfs_keys_snapshot[] = {
3404 {"snaps", DATA_TYPE_NVLIST, 0},
3405 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3409 zfs_ioc_snapshot(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3412 nvlist_t *props = NULL;
3416 (void) nvlist_lookup_nvlist(innvl, "props", &props);
3417 if (!nvlist_empty(props) &&
3418 zfs_earlier_version(poolname, SPA_VERSION_SNAP_PROPS))
3419 return (SET_ERROR(ENOTSUP));
3420 if ((error = zfs_check_userprops(props)) != 0)
3423 snaps = fnvlist_lookup_nvlist(innvl, "snaps");
3424 poollen = strlen(poolname);
3425 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3426 pair = nvlist_next_nvpair(snaps, pair)) {
3427 const char *name = nvpair_name(pair);
3428 char *cp = strchr(name, '@');
3431 * The snap name must contain an @, and the part after it must
3432 * contain only valid characters.
3435 zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
3436 return (SET_ERROR(EINVAL));
3439 * The snap must be in the specified pool.
3441 if (strncmp(name, poolname, poollen) != 0 ||
3442 (name[poollen] != '/' && name[poollen] != '@'))
3443 return (SET_ERROR(EXDEV));
3446 * Check for permission to set the properties on the fs.
3448 if (!nvlist_empty(props)) {
3450 error = zfs_secpolicy_write_perms(name,
3451 ZFS_DELEG_PERM_USERPROP, CRED());
3457 /* This must be the only snap of this fs. */
3458 for (nvpair_t *pair2 = nvlist_next_nvpair(snaps, pair);
3459 pair2 != NULL; pair2 = nvlist_next_nvpair(snaps, pair2)) {
3460 if (strncmp(name, nvpair_name(pair2), cp - name + 1)
3462 return (SET_ERROR(EXDEV));
3467 error = dsl_dataset_snapshot(snaps, props, outnvl);
3473 * innvl: "message" -> string
3475 static const zfs_ioc_key_t zfs_keys_log_history[] = {
3476 {"message", DATA_TYPE_STRING, 0},
3481 zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl)
3489 * The poolname in the ioctl is not set, we get it from the TSD,
3490 * which was set at the end of the last successful ioctl that allows
3491 * logging. The secpolicy func already checked that it is set.
3492 * Only one log ioctl is allowed after each successful ioctl, so
3493 * we clear the TSD here.
3495 poolname = tsd_get(zfs_allow_log_key);
3496 if (poolname == NULL)
3497 return (SET_ERROR(EINVAL));
3498 (void) tsd_set(zfs_allow_log_key, NULL);
3499 error = spa_open(poolname, &spa, FTAG);
3500 kmem_strfree(poolname);
3504 message = fnvlist_lookup_string(innvl, "message");
3506 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
3507 spa_close(spa, FTAG);
3508 return (SET_ERROR(ENOTSUP));
3511 error = spa_history_log(spa, message);
3512 spa_close(spa, FTAG);
3517 * This ioctl is used to set the bootenv configuration on the current
3518 * pool. This configuration is stored in the second padding area of the label,
3519 * and it is used by the GRUB bootloader used on Linux to store the contents
3520 * of the grubenv file. The file is stored as raw ASCII, and is protected by
3521 * an embedded checksum. By default, GRUB will check if the boot filesystem
3522 * supports storing the environment data in a special location, and if so,
3523 * will invoke filesystem specific logic to retrieve it. This can be overridden
3524 * by a variable, should the user so desire.
3527 static const zfs_ioc_key_t zfs_keys_set_bootenv[] = {
3528 {"envmap", DATA_TYPE_STRING, 0},
3532 zfs_ioc_set_bootenv(const char *name, nvlist_t *innvl, nvlist_t *outnvl)
3538 envmap = fnvlist_lookup_string(innvl, "envmap");
3539 if ((error = spa_open(name, &spa, FTAG)) != 0)
3541 spa_vdev_state_enter(spa, SCL_ALL);
3542 error = vdev_label_write_bootenv(spa->spa_root_vdev, envmap);
3543 (void) spa_vdev_state_exit(spa, NULL, 0);
3544 spa_close(spa, FTAG);
3548 static const zfs_ioc_key_t zfs_keys_get_bootenv[] = {
3554 zfs_ioc_get_bootenv(const char *name, nvlist_t *innvl, nvlist_t *outnvl)
3559 if ((error = spa_open(name, &spa, FTAG)) != 0)
3561 spa_vdev_state_enter(spa, SCL_ALL);
3562 error = vdev_label_read_bootenv(spa->spa_root_vdev, outnvl);
3563 (void) spa_vdev_state_exit(spa, NULL, 0);
3564 spa_close(spa, FTAG);
3569 * The dp_config_rwlock must not be held when calling this, because the
3570 * unmount may need to write out data.
3572 * This function is best-effort. Callers must deal gracefully if it
3573 * remains mounted (or is remounted after this call).
3575 * Returns 0 if the argument is not a snapshot, or it is not currently a
3576 * filesystem, or we were able to unmount it. Returns error code otherwise.
3579 zfs_unmount_snap(const char *snapname)
3581 if (strchr(snapname, '@') == NULL)
3584 (void) zfsctl_snapshot_unmount((char *)snapname, MNT_FORCE);
3589 zfs_unmount_snap_cb(const char *snapname, void *arg)
3591 zfs_unmount_snap(snapname);
3596 * When a clone is destroyed, its origin may also need to be destroyed,
3597 * in which case it must be unmounted. This routine will do that unmount
3601 zfs_destroy_unmount_origin(const char *fsname)
3607 error = dmu_objset_hold(fsname, FTAG, &os);
3610 ds = dmu_objset_ds(os);
3611 if (dsl_dir_is_clone(ds->ds_dir) && DS_IS_DEFER_DESTROY(ds->ds_prev)) {
3612 char originname[ZFS_MAX_DATASET_NAME_LEN];
3613 dsl_dataset_name(ds->ds_prev, originname);
3614 dmu_objset_rele(os, FTAG);
3615 zfs_unmount_snap(originname);
3617 dmu_objset_rele(os, FTAG);
3623 * "snaps" -> { snapshot1, snapshot2 }
3624 * (optional boolean) "defer"
3627 * outnvl: snapshot -> error code (int32)
3629 static const zfs_ioc_key_t zfs_keys_destroy_snaps[] = {
3630 {"snaps", DATA_TYPE_NVLIST, 0},
3631 {"defer", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
3636 zfs_ioc_destroy_snaps(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3644 snaps = fnvlist_lookup_nvlist(innvl, "snaps");
3645 defer = nvlist_exists(innvl, "defer");
3647 poollen = strlen(poolname);
3648 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3649 pair = nvlist_next_nvpair(snaps, pair)) {
3650 const char *name = nvpair_name(pair);
3653 * The snap must be in the specified pool to prevent the
3654 * invalid removal of zvol minors below.
3656 if (strncmp(name, poolname, poollen) != 0 ||
3657 (name[poollen] != '/' && name[poollen] != '@'))
3658 return (SET_ERROR(EXDEV));
3660 zfs_unmount_snap(nvpair_name(pair));
3661 if (spa_open(name, &spa, FTAG) == 0) {
3662 zvol_remove_minors(spa, name, B_TRUE);
3663 spa_close(spa, FTAG);
3667 return (dsl_destroy_snapshots_nvl(snaps, defer, outnvl));
3671 * Create bookmarks. The bookmark names are of the form <fs>#<bmark>.
3672 * All bookmarks and snapshots must be in the same pool.
3673 * dsl_bookmark_create_nvl_validate describes the nvlist schema in more detail.
3676 * new_bookmark1 -> existing_snapshot,
3677 * new_bookmark2 -> existing_bookmark,
3680 * outnvl: bookmark -> error code (int32)
3683 static const zfs_ioc_key_t zfs_keys_bookmark[] = {
3684 {"<bookmark>...", DATA_TYPE_STRING, ZK_WILDCARDLIST},
3689 zfs_ioc_bookmark(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3691 return (dsl_bookmark_create(innvl, outnvl));
3696 * property 1, property 2, ...
3700 * bookmark name 1 -> { property 1, property 2, ... },
3701 * bookmark name 2 -> { property 1, property 2, ... }
3705 static const zfs_ioc_key_t zfs_keys_get_bookmarks[] = {
3706 {"<property>...", DATA_TYPE_BOOLEAN, ZK_WILDCARDLIST | ZK_OPTIONAL},
3710 zfs_ioc_get_bookmarks(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3712 return (dsl_get_bookmarks(fsname, innvl, outnvl));
3716 * innvl is not used.
3719 * property 1, property 2, ...
3723 static const zfs_ioc_key_t zfs_keys_get_bookmark_props[] = {
3729 zfs_ioc_get_bookmark_props(const char *bookmark, nvlist_t *innvl,
3732 char fsname[ZFS_MAX_DATASET_NAME_LEN];
3735 bmname = strchr(bookmark, '#');
3737 return (SET_ERROR(EINVAL));
3740 (void) strlcpy(fsname, bookmark, sizeof (fsname));
3741 *(strchr(fsname, '#')) = '\0';
3743 return (dsl_get_bookmark_props(fsname, bmname, outnvl));
3748 * bookmark name 1, bookmark name 2
3751 * outnvl: bookmark -> error code (int32)
3754 static const zfs_ioc_key_t zfs_keys_destroy_bookmarks[] = {
3755 {"<bookmark>...", DATA_TYPE_BOOLEAN, ZK_WILDCARDLIST},
3759 zfs_ioc_destroy_bookmarks(const char *poolname, nvlist_t *innvl,
3764 poollen = strlen(poolname);
3765 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL);
3766 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
3767 const char *name = nvpair_name(pair);
3768 const char *cp = strchr(name, '#');
3771 * The bookmark name must contain an #, and the part after it
3772 * must contain only valid characters.
3775 zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
3776 return (SET_ERROR(EINVAL));
3779 * The bookmark must be in the specified pool.
3781 if (strncmp(name, poolname, poollen) != 0 ||
3782 (name[poollen] != '/' && name[poollen] != '#'))
3783 return (SET_ERROR(EXDEV));
3786 error = dsl_bookmark_destroy(innvl, outnvl);
3790 static const zfs_ioc_key_t zfs_keys_channel_program[] = {
3791 {"program", DATA_TYPE_STRING, 0},
3792 {"arg", DATA_TYPE_ANY, 0},
3793 {"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
3794 {"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
3795 {"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
3799 zfs_ioc_channel_program(const char *poolname, nvlist_t *innvl,
3803 uint64_t instrlimit, memlimit;
3804 boolean_t sync_flag;
3805 nvpair_t *nvarg = NULL;
3807 program = fnvlist_lookup_string(innvl, ZCP_ARG_PROGRAM);
3808 if (0 != nvlist_lookup_boolean_value(innvl, ZCP_ARG_SYNC, &sync_flag)) {
3811 if (0 != nvlist_lookup_uint64(innvl, ZCP_ARG_INSTRLIMIT, &instrlimit)) {
3812 instrlimit = ZCP_DEFAULT_INSTRLIMIT;
3814 if (0 != nvlist_lookup_uint64(innvl, ZCP_ARG_MEMLIMIT, &memlimit)) {
3815 memlimit = ZCP_DEFAULT_MEMLIMIT;
3817 nvarg = fnvlist_lookup_nvpair(innvl, ZCP_ARG_ARGLIST);
3819 if (instrlimit == 0 || instrlimit > zfs_lua_max_instrlimit)
3820 return (SET_ERROR(EINVAL));
3821 if (memlimit == 0 || memlimit > zfs_lua_max_memlimit)
3822 return (SET_ERROR(EINVAL));
3824 return (zcp_eval(poolname, program, sync_flag, instrlimit, memlimit,
3832 static const zfs_ioc_key_t zfs_keys_pool_checkpoint[] = {
3838 zfs_ioc_pool_checkpoint(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3840 return (spa_checkpoint(poolname));
3847 static const zfs_ioc_key_t zfs_keys_pool_discard_checkpoint[] = {
3853 zfs_ioc_pool_discard_checkpoint(const char *poolname, nvlist_t *innvl,
3856 return (spa_checkpoint_discard(poolname));
3861 * zc_name name of dataset to destroy
3862 * zc_defer_destroy mark for deferred destroy
3867 zfs_ioc_destroy(zfs_cmd_t *zc)
3870 dmu_objset_type_t ost;
3873 err = dmu_objset_hold(zc->zc_name, FTAG, &os);
3876 ost = dmu_objset_type(os);
3877 dmu_objset_rele(os, FTAG);
3879 if (ost == DMU_OST_ZFS)
3880 zfs_unmount_snap(zc->zc_name);
3882 if (strchr(zc->zc_name, '@')) {
3883 err = dsl_destroy_snapshot(zc->zc_name, zc->zc_defer_destroy);
3885 err = dsl_destroy_head(zc->zc_name);
3886 if (err == EEXIST) {
3888 * It is possible that the given DS may have
3889 * hidden child (%recv) datasets - "leftovers"
3890 * resulting from the previously interrupted
3893 * 6 extra bytes for /%recv
3895 char namebuf[ZFS_MAX_DATASET_NAME_LEN + 6];
3897 if (snprintf(namebuf, sizeof (namebuf), "%s/%s",
3898 zc->zc_name, recv_clone_name) >=
3900 return (SET_ERROR(EINVAL));
3903 * Try to remove the hidden child (%recv) and after
3904 * that try to remove the target dataset.
3905 * If the hidden child (%recv) does not exist
3906 * the original error (EEXIST) will be returned
3908 err = dsl_destroy_head(namebuf);
3910 err = dsl_destroy_head(zc->zc_name);
3911 else if (err == ENOENT)
3912 err = SET_ERROR(EEXIST);
3921 * "initialize_command" -> POOL_INITIALIZE_{CANCEL|START|SUSPEND} (uint64)
3922 * "initialize_vdevs": { -> guids to initialize (nvlist)
3923 * "vdev_path_1": vdev_guid_1, (uint64),
3924 * "vdev_path_2": vdev_guid_2, (uint64),
3930 * "initialize_vdevs": { -> initialization errors (nvlist)
3931 * "vdev_path_1": errno, see function body for possible errnos (uint64)
3932 * "vdev_path_2": errno, ... (uint64)
3937 * EINVAL is returned for an unknown commands or if any of the provided vdev
3938 * guids have be specified with a type other than uint64.
3940 static const zfs_ioc_key_t zfs_keys_pool_initialize[] = {
3941 {ZPOOL_INITIALIZE_COMMAND, DATA_TYPE_UINT64, 0},
3942 {ZPOOL_INITIALIZE_VDEVS, DATA_TYPE_NVLIST, 0}
3946 zfs_ioc_pool_initialize(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3949 if (nvlist_lookup_uint64(innvl, ZPOOL_INITIALIZE_COMMAND,
3951 return (SET_ERROR(EINVAL));
3954 if (!(cmd_type == POOL_INITIALIZE_CANCEL ||
3955 cmd_type == POOL_INITIALIZE_START ||
3956 cmd_type == POOL_INITIALIZE_SUSPEND)) {
3957 return (SET_ERROR(EINVAL));
3960 nvlist_t *vdev_guids;
3961 if (nvlist_lookup_nvlist(innvl, ZPOOL_INITIALIZE_VDEVS,
3962 &vdev_guids) != 0) {
3963 return (SET_ERROR(EINVAL));
3966 for (nvpair_t *pair = nvlist_next_nvpair(vdev_guids, NULL);
3967 pair != NULL; pair = nvlist_next_nvpair(vdev_guids, pair)) {
3969 if (nvpair_value_uint64(pair, &vdev_guid) != 0) {
3970 return (SET_ERROR(EINVAL));
3975 int error = spa_open(poolname, &spa, FTAG);
3979 nvlist_t *vdev_errlist = fnvlist_alloc();
3980 int total_errors = spa_vdev_initialize(spa, vdev_guids, cmd_type,
3983 if (fnvlist_size(vdev_errlist) > 0) {
3984 fnvlist_add_nvlist(outnvl, ZPOOL_INITIALIZE_VDEVS,
3987 fnvlist_free(vdev_errlist);
3989 spa_close(spa, FTAG);
3990 return (total_errors > 0 ? EINVAL : 0);
3995 * "trim_command" -> POOL_TRIM_{CANCEL|START|SUSPEND} (uint64)
3996 * "trim_vdevs": { -> guids to TRIM (nvlist)
3997 * "vdev_path_1": vdev_guid_1, (uint64),
3998 * "vdev_path_2": vdev_guid_2, (uint64),
4001 * "trim_rate" -> Target TRIM rate in bytes/sec.
4002 * "trim_secure" -> Set to request a secure TRIM.
4006 * "trim_vdevs": { -> TRIM errors (nvlist)
4007 * "vdev_path_1": errno, see function body for possible errnos (uint64)
4008 * "vdev_path_2": errno, ... (uint64)
4013 * EINVAL is returned for an unknown commands or if any of the provided vdev
4014 * guids have be specified with a type other than uint64.
4016 static const zfs_ioc_key_t zfs_keys_pool_trim[] = {
4017 {ZPOOL_TRIM_COMMAND, DATA_TYPE_UINT64, 0},
4018 {ZPOOL_TRIM_VDEVS, DATA_TYPE_NVLIST, 0},
4019 {ZPOOL_TRIM_RATE, DATA_TYPE_UINT64, ZK_OPTIONAL},
4020 {ZPOOL_TRIM_SECURE, DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
4024 zfs_ioc_pool_trim(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
4027 if (nvlist_lookup_uint64(innvl, ZPOOL_TRIM_COMMAND, &cmd_type) != 0)
4028 return (SET_ERROR(EINVAL));
4030 if (!(cmd_type == POOL_TRIM_CANCEL ||
4031 cmd_type == POOL_TRIM_START ||
4032 cmd_type == POOL_TRIM_SUSPEND)) {
4033 return (SET_ERROR(EINVAL));
4036 nvlist_t *vdev_guids;
4037 if (nvlist_lookup_nvlist(innvl, ZPOOL_TRIM_VDEVS, &vdev_guids) != 0)
4038 return (SET_ERROR(EINVAL));
4040 for (nvpair_t *pair = nvlist_next_nvpair(vdev_guids, NULL);
4041 pair != NULL; pair = nvlist_next_nvpair(vdev_guids, pair)) {
4043 if (nvpair_value_uint64(pair, &vdev_guid) != 0) {
4044 return (SET_ERROR(EINVAL));
4048 /* Optional, defaults to maximum rate when not provided */
4050 if (nvlist_lookup_uint64(innvl, ZPOOL_TRIM_RATE, &rate) != 0)
4053 /* Optional, defaults to standard TRIM when not provided */
4055 if (nvlist_lookup_boolean_value(innvl, ZPOOL_TRIM_SECURE,
4061 int error = spa_open(poolname, &spa, FTAG);
4065 nvlist_t *vdev_errlist = fnvlist_alloc();
4066 int total_errors = spa_vdev_trim(spa, vdev_guids, cmd_type,
4067 rate, !!zfs_trim_metaslab_skip, secure, vdev_errlist);
4069 if (fnvlist_size(vdev_errlist) > 0)
4070 fnvlist_add_nvlist(outnvl, ZPOOL_TRIM_VDEVS, vdev_errlist);
4072 fnvlist_free(vdev_errlist);
4074 spa_close(spa, FTAG);
4075 return (total_errors > 0 ? EINVAL : 0);
4079 * This ioctl waits for activity of a particular type to complete. If there is
4080 * no activity of that type in progress, it returns immediately, and the
4081 * returned value "waited" is false. If there is activity in progress, and no
4082 * tag is passed in, the ioctl blocks until all activity of that type is
4083 * complete, and then returns with "waited" set to true.
4085 * If a tag is provided, it identifies a particular instance of an activity to
4086 * wait for. Currently, this is only valid for use with 'initialize', because
4087 * that is the only activity for which there can be multiple instances running
4088 * concurrently. In the case of 'initialize', the tag corresponds to the guid of
4089 * the vdev on which to wait.
4091 * If a thread waiting in the ioctl receives a signal, the call will return
4092 * immediately, and the return value will be EINTR.
4095 * "wait_activity" -> int32_t
4096 * (optional) "wait_tag" -> uint64_t
4099 * outnvl: "waited" -> boolean_t
4101 static const zfs_ioc_key_t zfs_keys_pool_wait[] = {
4102 {ZPOOL_WAIT_ACTIVITY, DATA_TYPE_INT32, 0},
4103 {ZPOOL_WAIT_TAG, DATA_TYPE_UINT64, ZK_OPTIONAL},
4107 zfs_ioc_wait(const char *name, nvlist_t *innvl, nvlist_t *outnvl)
4114 if (nvlist_lookup_int32(innvl, ZPOOL_WAIT_ACTIVITY, &activity) != 0)
4117 if (nvlist_lookup_uint64(innvl, ZPOOL_WAIT_TAG, &tag) == 0)
4118 error = spa_wait_tag(name, activity, tag, &waited);
4120 error = spa_wait(name, activity, &waited);
4123 fnvlist_add_boolean_value(outnvl, ZPOOL_WAIT_WAITED, waited);
4129 * This ioctl waits for activity of a particular type to complete. If there is
4130 * no activity of that type in progress, it returns immediately, and the
4131 * returned value "waited" is false. If there is activity in progress, and no
4132 * tag is passed in, the ioctl blocks until all activity of that type is
4133 * complete, and then returns with "waited" set to true.
4135 * If a thread waiting in the ioctl receives a signal, the call will return
4136 * immediately, and the return value will be EINTR.
4139 * "wait_activity" -> int32_t
4142 * outnvl: "waited" -> boolean_t
4144 static const zfs_ioc_key_t zfs_keys_fs_wait[] = {
4145 {ZFS_WAIT_ACTIVITY, DATA_TYPE_INT32, 0},
4149 zfs_ioc_wait_fs(const char *name, nvlist_t *innvl, nvlist_t *outnvl)
4152 boolean_t waited = B_FALSE;
4158 if (nvlist_lookup_int32(innvl, ZFS_WAIT_ACTIVITY, &activity) != 0)
4159 return (SET_ERROR(EINVAL));
4161 if (activity >= ZFS_WAIT_NUM_ACTIVITIES || activity < 0)
4162 return (SET_ERROR(EINVAL));
4164 if ((error = dsl_pool_hold(name, FTAG, &dp)) != 0)
4167 if ((error = dsl_dataset_hold(dp, name, FTAG, &ds)) != 0) {
4168 dsl_pool_rele(dp, FTAG);
4173 mutex_enter(&dd->dd_activity_lock);
4174 dd->dd_activity_waiters++;
4177 * We get a long-hold here so that the dsl_dataset_t and dsl_dir_t
4178 * aren't evicted while we're waiting. Normally this is prevented by
4179 * holding the pool, but we can't do that while we're waiting since
4180 * that would prevent TXGs from syncing out. Some of the functionality
4181 * of long-holds (e.g. preventing deletion) is unnecessary for this
4182 * case, since we would cancel the waiters before proceeding with a
4183 * deletion. An alternative mechanism for keeping the dataset around
4184 * could be developed but this is simpler.
4186 dsl_dataset_long_hold(ds, FTAG);
4187 dsl_pool_rele(dp, FTAG);
4189 error = dsl_dir_wait(dd, ds, activity, &waited);
4191 dsl_dataset_long_rele(ds, FTAG);
4192 dd->dd_activity_waiters--;
4193 if (dd->dd_activity_waiters == 0)
4194 cv_signal(&dd->dd_activity_cv);
4195 mutex_exit(&dd->dd_activity_lock);
4197 dsl_dataset_rele(ds, FTAG);
4200 fnvlist_add_boolean_value(outnvl, ZFS_WAIT_WAITED, waited);
4206 * fsname is name of dataset to rollback (to most recent snapshot)
4208 * innvl may contain name of expected target snapshot
4210 * outnvl: "target" -> name of most recent snapshot
4213 static const zfs_ioc_key_t zfs_keys_rollback[] = {
4214 {"target", DATA_TYPE_STRING, ZK_OPTIONAL},
4219 zfs_ioc_rollback(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
4222 zvol_state_handle_t *zv;
4223 char *target = NULL;
4226 (void) nvlist_lookup_string(innvl, "target", &target);
4227 if (target != NULL) {
4228 const char *cp = strchr(target, '@');
4231 * The snap name must contain an @, and the part after it must
4232 * contain only valid characters.
4235 zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
4236 return (SET_ERROR(EINVAL));
4239 if (getzfsvfs(fsname, &zfsvfs) == 0) {
4242 ds = dmu_objset_ds(zfsvfs->z_os);
4243 error = zfs_suspend_fs(zfsvfs);
4247 error = dsl_dataset_rollback(fsname, target, zfsvfs,
4249 resume_err = zfs_resume_fs(zfsvfs, ds);
4250 error = error ? error : resume_err;
4252 zfs_vfs_rele(zfsvfs);
4253 } else if ((zv = zvol_suspend(fsname)) != NULL) {
4254 error = dsl_dataset_rollback(fsname, target, zvol_tag(zv),
4258 error = dsl_dataset_rollback(fsname, target, NULL, outnvl);
4264 recursive_unmount(const char *fsname, void *arg)
4266 const char *snapname = arg;
4269 fullname = kmem_asprintf("%s@%s", fsname, snapname);
4270 zfs_unmount_snap(fullname);
4271 kmem_strfree(fullname);
4278 * snapname is the snapshot to redact.
4280 * "bookname" -> (string)
4281 * shortname of the redaction bookmark to generate
4282 * "snapnv" -> (nvlist, values ignored)
4283 * snapshots to redact snapname with respect to
4290 static const zfs_ioc_key_t zfs_keys_redact[] = {
4291 {"bookname", DATA_TYPE_STRING, 0},
4292 {"snapnv", DATA_TYPE_NVLIST, 0},
4295 zfs_ioc_redact(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
4297 nvlist_t *redactnvl = NULL;
4298 char *redactbook = NULL;
4300 if (nvlist_lookup_nvlist(innvl, "snapnv", &redactnvl) != 0)
4301 return (SET_ERROR(EINVAL));
4302 if (fnvlist_num_pairs(redactnvl) == 0)
4303 return (SET_ERROR(ENXIO));
4304 if (nvlist_lookup_string(innvl, "bookname", &redactbook) != 0)
4305 return (SET_ERROR(EINVAL));
4307 return (dmu_redact_snap(snapname, redactnvl, redactbook));
4312 * zc_name old name of dataset
4313 * zc_value new name of dataset
4314 * zc_cookie recursive flag (only valid for snapshots)
4319 zfs_ioc_rename(zfs_cmd_t *zc)
4322 dmu_objset_type_t ost;
4323 boolean_t recursive = zc->zc_cookie & 1;
4327 /* "zfs rename" from and to ...%recv datasets should both fail */
4328 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
4329 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
4330 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0 ||
4331 dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
4332 strchr(zc->zc_name, '%') || strchr(zc->zc_value, '%'))
4333 return (SET_ERROR(EINVAL));
4335 err = dmu_objset_hold(zc->zc_name, FTAG, &os);
4338 ost = dmu_objset_type(os);
4339 dmu_objset_rele(os, FTAG);
4341 at = strchr(zc->zc_name, '@');
4343 /* snaps must be in same fs */
4346 if (strncmp(zc->zc_name, zc->zc_value, at - zc->zc_name + 1))
4347 return (SET_ERROR(EXDEV));
4349 if (ost == DMU_OST_ZFS) {
4350 error = dmu_objset_find(zc->zc_name,
4351 recursive_unmount, at + 1,
4352 recursive ? DS_FIND_CHILDREN : 0);
4358 error = dsl_dataset_rename_snapshot(zc->zc_name,
4359 at + 1, strchr(zc->zc_value, '@') + 1, recursive);
4364 return (dsl_dir_rename(zc->zc_name, zc->zc_value));
4369 zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr)
4371 const char *propname = nvpair_name(pair);
4372 boolean_t issnap = (strchr(dsname, '@') != NULL);
4373 zfs_prop_t prop = zfs_name_to_prop(propname);
4377 if (prop == ZPROP_INVAL) {
4378 if (zfs_prop_user(propname)) {
4379 if ((err = zfs_secpolicy_write_perms(dsname,
4380 ZFS_DELEG_PERM_USERPROP, cr)))
4385 if (!issnap && zfs_prop_userquota(propname)) {
4386 const char *perm = NULL;
4387 const char *uq_prefix =
4388 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA];
4389 const char *gq_prefix =
4390 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA];
4391 const char *uiq_prefix =
4392 zfs_userquota_prop_prefixes[ZFS_PROP_USEROBJQUOTA];
4393 const char *giq_prefix =
4394 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPOBJQUOTA];
4395 const char *pq_prefix =
4396 zfs_userquota_prop_prefixes[ZFS_PROP_PROJECTQUOTA];
4397 const char *piq_prefix = zfs_userquota_prop_prefixes[\
4398 ZFS_PROP_PROJECTOBJQUOTA];
4400 if (strncmp(propname, uq_prefix,
4401 strlen(uq_prefix)) == 0) {
4402 perm = ZFS_DELEG_PERM_USERQUOTA;
4403 } else if (strncmp(propname, uiq_prefix,
4404 strlen(uiq_prefix)) == 0) {
4405 perm = ZFS_DELEG_PERM_USEROBJQUOTA;
4406 } else if (strncmp(propname, gq_prefix,
4407 strlen(gq_prefix)) == 0) {
4408 perm = ZFS_DELEG_PERM_GROUPQUOTA;
4409 } else if (strncmp(propname, giq_prefix,
4410 strlen(giq_prefix)) == 0) {
4411 perm = ZFS_DELEG_PERM_GROUPOBJQUOTA;
4412 } else if (strncmp(propname, pq_prefix,
4413 strlen(pq_prefix)) == 0) {
4414 perm = ZFS_DELEG_PERM_PROJECTQUOTA;
4415 } else if (strncmp(propname, piq_prefix,
4416 strlen(piq_prefix)) == 0) {
4417 perm = ZFS_DELEG_PERM_PROJECTOBJQUOTA;
4419 /* {USER|GROUP|PROJECT}USED are read-only */
4420 return (SET_ERROR(EINVAL));
4423 if ((err = zfs_secpolicy_write_perms(dsname, perm, cr)))
4428 return (SET_ERROR(EINVAL));
4432 return (SET_ERROR(EINVAL));
4434 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
4436 * dsl_prop_get_all_impl() returns properties in this
4440 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
4441 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
4446 * Check that this value is valid for this pool version
4449 case ZFS_PROP_COMPRESSION:
4451 * If the user specified gzip compression, make sure
4452 * the SPA supports it. We ignore any errors here since
4453 * we'll catch them later.
4455 if (nvpair_value_uint64(pair, &intval) == 0) {
4456 if (intval >= ZIO_COMPRESS_GZIP_1 &&
4457 intval <= ZIO_COMPRESS_GZIP_9 &&
4458 zfs_earlier_version(dsname,
4459 SPA_VERSION_GZIP_COMPRESSION)) {
4460 return (SET_ERROR(ENOTSUP));
4463 if (intval == ZIO_COMPRESS_ZLE &&
4464 zfs_earlier_version(dsname,
4465 SPA_VERSION_ZLE_COMPRESSION))
4466 return (SET_ERROR(ENOTSUP));
4468 if (intval == ZIO_COMPRESS_LZ4) {
4471 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4474 if (!spa_feature_is_enabled(spa,
4475 SPA_FEATURE_LZ4_COMPRESS)) {
4476 spa_close(spa, FTAG);
4477 return (SET_ERROR(ENOTSUP));
4479 spa_close(spa, FTAG);
4483 * If this is a bootable dataset then
4484 * verify that the compression algorithm
4485 * is supported for booting. We must return
4486 * something other than ENOTSUP since it
4487 * implies a downrev pool version.
4489 if (zfs_is_bootfs(dsname) &&
4490 !BOOTFS_COMPRESS_VALID(intval)) {
4491 return (SET_ERROR(ERANGE));
4496 case ZFS_PROP_COPIES:
4497 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS))
4498 return (SET_ERROR(ENOTSUP));
4501 case ZFS_PROP_VOLBLOCKSIZE:
4502 case ZFS_PROP_RECORDSIZE:
4503 /* Record sizes above 128k need the feature to be enabled */
4504 if (nvpair_value_uint64(pair, &intval) == 0 &&
4505 intval > SPA_OLD_MAXBLOCKSIZE) {
4509 * We don't allow setting the property above 1MB,
4510 * unless the tunable has been changed.
4512 if (intval > zfs_max_recordsize ||
4513 intval > SPA_MAXBLOCKSIZE)
4514 return (SET_ERROR(ERANGE));
4516 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4519 if (!spa_feature_is_enabled(spa,
4520 SPA_FEATURE_LARGE_BLOCKS)) {
4521 spa_close(spa, FTAG);
4522 return (SET_ERROR(ENOTSUP));
4524 spa_close(spa, FTAG);
4528 case ZFS_PROP_DNODESIZE:
4529 /* Dnode sizes above 512 need the feature to be enabled */
4530 if (nvpair_value_uint64(pair, &intval) == 0 &&
4531 intval != ZFS_DNSIZE_LEGACY) {
4535 * If this is a bootable dataset then
4536 * we don't allow large (>512B) dnodes,
4537 * because GRUB doesn't support them.
4539 if (zfs_is_bootfs(dsname) &&
4540 intval != ZFS_DNSIZE_LEGACY) {
4541 return (SET_ERROR(EDOM));
4544 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4547 if (!spa_feature_is_enabled(spa,
4548 SPA_FEATURE_LARGE_DNODE)) {
4549 spa_close(spa, FTAG);
4550 return (SET_ERROR(ENOTSUP));
4552 spa_close(spa, FTAG);
4556 case ZFS_PROP_SPECIAL_SMALL_BLOCKS:
4558 * This property could require the allocation classes
4559 * feature to be active for setting, however we allow
4560 * it so that tests of settable properties succeed.
4561 * The CLI will issue a warning in this case.
4565 case ZFS_PROP_SHARESMB:
4566 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID))
4567 return (SET_ERROR(ENOTSUP));
4570 case ZFS_PROP_ACLINHERIT:
4571 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
4572 nvpair_value_uint64(pair, &intval) == 0) {
4573 if (intval == ZFS_ACL_PASSTHROUGH_X &&
4574 zfs_earlier_version(dsname,
4575 SPA_VERSION_PASSTHROUGH_X))
4576 return (SET_ERROR(ENOTSUP));
4579 case ZFS_PROP_CHECKSUM:
4580 case ZFS_PROP_DEDUP:
4582 spa_feature_t feature;
4586 /* dedup feature version checks */
4587 if (prop == ZFS_PROP_DEDUP &&
4588 zfs_earlier_version(dsname, SPA_VERSION_DEDUP))
4589 return (SET_ERROR(ENOTSUP));
4591 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
4592 nvpair_value_uint64(pair, &intval) == 0) {
4593 /* check prop value is enabled in features */
4594 feature = zio_checksum_to_feature(
4595 intval & ZIO_CHECKSUM_MASK);
4596 if (feature == SPA_FEATURE_NONE)
4599 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4602 if (!spa_feature_is_enabled(spa, feature)) {
4603 spa_close(spa, FTAG);
4604 return (SET_ERROR(ENOTSUP));
4606 spa_close(spa, FTAG);
4615 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED()));
4619 * Removes properties from the given props list that fail permission checks
4620 * needed to clear them and to restore them in case of a receive error. For each
4621 * property, make sure we have both set and inherit permissions.
4623 * Returns the first error encountered if any permission checks fail. If the
4624 * caller provides a non-NULL errlist, it also gives the complete list of names
4625 * of all the properties that failed a permission check along with the
4626 * corresponding error numbers. The caller is responsible for freeing the
4629 * If every property checks out successfully, zero is returned and the list
4630 * pointed at by errlist is NULL.
4633 zfs_check_clearable(char *dataset, nvlist_t *props, nvlist_t **errlist)
4636 nvpair_t *pair, *next_pair;
4643 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
4645 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP);
4646 (void) strlcpy(zc->zc_name, dataset, sizeof (zc->zc_name));
4647 pair = nvlist_next_nvpair(props, NULL);
4648 while (pair != NULL) {
4649 next_pair = nvlist_next_nvpair(props, pair);
4651 (void) strlcpy(zc->zc_value, nvpair_name(pair),
4652 sizeof (zc->zc_value));
4653 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 ||
4654 (err = zfs_secpolicy_inherit_prop(zc, NULL, CRED())) != 0) {
4655 VERIFY(nvlist_remove_nvpair(props, pair) == 0);
4656 VERIFY(nvlist_add_int32(errors,
4657 zc->zc_value, err) == 0);
4661 kmem_free(zc, sizeof (zfs_cmd_t));
4663 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
4664 nvlist_free(errors);
4667 VERIFY(nvpair_value_int32(pair, &rv) == 0);
4670 if (errlist == NULL)
4671 nvlist_free(errors);
4679 propval_equals(nvpair_t *p1, nvpair_t *p2)
4681 if (nvpair_type(p1) == DATA_TYPE_NVLIST) {
4682 /* dsl_prop_get_all_impl() format */
4684 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0);
4685 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
4689 if (nvpair_type(p2) == DATA_TYPE_NVLIST) {
4691 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0);
4692 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
4696 if (nvpair_type(p1) != nvpair_type(p2))
4699 if (nvpair_type(p1) == DATA_TYPE_STRING) {
4700 char *valstr1, *valstr2;
4702 VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0);
4703 VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0);
4704 return (strcmp(valstr1, valstr2) == 0);
4706 uint64_t intval1, intval2;
4708 VERIFY(nvpair_value_uint64(p1, &intval1) == 0);
4709 VERIFY(nvpair_value_uint64(p2, &intval2) == 0);
4710 return (intval1 == intval2);
4715 * Remove properties from props if they are not going to change (as determined
4716 * by comparison with origprops). Remove them from origprops as well, since we
4717 * do not need to clear or restore properties that won't change.
4720 props_reduce(nvlist_t *props, nvlist_t *origprops)
4722 nvpair_t *pair, *next_pair;
4724 if (origprops == NULL)
4725 return; /* all props need to be received */
4727 pair = nvlist_next_nvpair(props, NULL);
4728 while (pair != NULL) {
4729 const char *propname = nvpair_name(pair);
4732 next_pair = nvlist_next_nvpair(props, pair);
4734 if ((nvlist_lookup_nvpair(origprops, propname,
4735 &match) != 0) || !propval_equals(pair, match))
4736 goto next; /* need to set received value */
4738 /* don't clear the existing received value */
4739 (void) nvlist_remove_nvpair(origprops, match);
4740 /* don't bother receiving the property */
4741 (void) nvlist_remove_nvpair(props, pair);
4748 * Extract properties that cannot be set PRIOR to the receipt of a dataset.
4749 * For example, refquota cannot be set until after the receipt of a dataset,
4750 * because in replication streams, an older/earlier snapshot may exceed the
4751 * refquota. We want to receive the older/earlier snapshot, but setting
4752 * refquota pre-receipt will set the dsl's ACTUAL quota, which will prevent
4753 * the older/earlier snapshot from being received (with EDQUOT).
4755 * The ZFS test "zfs_receive_011_pos" demonstrates such a scenario.
4757 * libzfs will need to be judicious handling errors encountered by props
4758 * extracted by this function.
4761 extract_delay_props(nvlist_t *props)
4763 nvlist_t *delayprops;
4764 nvpair_t *nvp, *tmp;
4765 static const zfs_prop_t delayable[] = {
4767 ZFS_PROP_KEYLOCATION,
4772 VERIFY(nvlist_alloc(&delayprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
4774 for (nvp = nvlist_next_nvpair(props, NULL); nvp != NULL;
4775 nvp = nvlist_next_nvpair(props, nvp)) {
4777 * strcmp() is safe because zfs_prop_to_name() always returns
4780 for (i = 0; delayable[i] != 0; i++) {
4781 if (strcmp(zfs_prop_to_name(delayable[i]),
4782 nvpair_name(nvp)) == 0) {
4786 if (delayable[i] != 0) {
4787 tmp = nvlist_prev_nvpair(props, nvp);
4788 VERIFY(nvlist_add_nvpair(delayprops, nvp) == 0);
4789 VERIFY(nvlist_remove_nvpair(props, nvp) == 0);
4794 if (nvlist_empty(delayprops)) {
4795 nvlist_free(delayprops);
4798 return (delayprops);
4802 zfs_allow_log_destroy(void *arg)
4804 char *poolname = arg;
4806 if (poolname != NULL)
4807 kmem_strfree(poolname);
4811 static boolean_t zfs_ioc_recv_inject_err;
4815 * nvlist 'errors' is always allocated. It will contain descriptions of
4816 * encountered errors, if any. It's the callers responsibility to free.
4819 zfs_ioc_recv_impl(char *tofs, char *tosnap, char *origin, nvlist_t *recvprops,
4820 nvlist_t *localprops, nvlist_t *hidden_args, boolean_t force,
4821 boolean_t resumable, int input_fd,
4822 dmu_replay_record_t *begin_record, uint64_t *read_bytes,
4823 uint64_t *errflags, nvlist_t **errors)
4825 dmu_recv_cookie_t drc;
4827 int props_error = 0;
4829 nvlist_t *local_delayprops = NULL;
4830 nvlist_t *recv_delayprops = NULL;
4831 nvlist_t *origprops = NULL; /* existing properties */
4832 nvlist_t *origrecvd = NULL; /* existing received properties */
4833 boolean_t first_recvd_props = B_FALSE;
4834 boolean_t tofs_was_redacted;
4835 zfs_file_t *input_fp;
4839 *errors = fnvlist_alloc();
4842 if ((error = zfs_file_get(input_fd, &input_fp)))
4845 noff = off = zfs_file_off(input_fp);
4846 error = dmu_recv_begin(tofs, tosnap, begin_record, force,
4847 resumable, localprops, hidden_args, origin, &drc, input_fp,
4851 tofs_was_redacted = dsl_get_redacted(drc.drc_ds);
4854 * Set properties before we receive the stream so that they are applied
4855 * to the new data. Note that we must call dmu_recv_stream() if
4856 * dmu_recv_begin() succeeds.
4858 if (recvprops != NULL && !drc.drc_newfs) {
4859 if (spa_version(dsl_dataset_get_spa(drc.drc_ds)) >=
4860 SPA_VERSION_RECVD_PROPS &&
4861 !dsl_prop_get_hasrecvd(tofs))
4862 first_recvd_props = B_TRUE;
4865 * If new received properties are supplied, they are to
4866 * completely replace the existing received properties,
4867 * so stash away the existing ones.
4869 if (dsl_prop_get_received(tofs, &origrecvd) == 0) {
4870 nvlist_t *errlist = NULL;
4872 * Don't bother writing a property if its value won't
4873 * change (and avoid the unnecessary security checks).
4875 * The first receive after SPA_VERSION_RECVD_PROPS is a
4876 * special case where we blow away all local properties
4879 if (!first_recvd_props)
4880 props_reduce(recvprops, origrecvd);
4881 if (zfs_check_clearable(tofs, origrecvd, &errlist) != 0)
4882 (void) nvlist_merge(*errors, errlist, 0);
4883 nvlist_free(errlist);
4885 if (clear_received_props(tofs, origrecvd,
4886 first_recvd_props ? NULL : recvprops) != 0)
4887 *errflags |= ZPROP_ERR_NOCLEAR;
4889 *errflags |= ZPROP_ERR_NOCLEAR;
4894 * Stash away existing properties so we can restore them on error unless
4895 * we're doing the first receive after SPA_VERSION_RECVD_PROPS, in which
4896 * case "origrecvd" will take care of that.
4898 if (localprops != NULL && !drc.drc_newfs && !first_recvd_props) {
4900 if (dmu_objset_hold(tofs, FTAG, &os) == 0) {
4901 if (dsl_prop_get_all(os, &origprops) != 0) {
4902 *errflags |= ZPROP_ERR_NOCLEAR;
4904 dmu_objset_rele(os, FTAG);
4906 *errflags |= ZPROP_ERR_NOCLEAR;
4910 if (recvprops != NULL) {
4911 props_error = dsl_prop_set_hasrecvd(tofs);
4913 if (props_error == 0) {
4914 recv_delayprops = extract_delay_props(recvprops);
4915 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
4916 recvprops, *errors);
4920 if (localprops != NULL) {
4921 nvlist_t *oprops = fnvlist_alloc();
4922 nvlist_t *xprops = fnvlist_alloc();
4923 nvpair_t *nvp = NULL;
4925 while ((nvp = nvlist_next_nvpair(localprops, nvp)) != NULL) {
4926 if (nvpair_type(nvp) == DATA_TYPE_BOOLEAN) {
4928 const char *name = nvpair_name(nvp);
4929 zfs_prop_t prop = zfs_name_to_prop(name);
4930 if (prop != ZPROP_INVAL) {
4931 if (!zfs_prop_inheritable(prop))
4933 } else if (!zfs_prop_user(name))
4935 fnvlist_add_boolean(xprops, name);
4937 /* -o property=value */
4938 fnvlist_add_nvpair(oprops, nvp);
4942 local_delayprops = extract_delay_props(oprops);
4943 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL,
4945 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED,
4948 nvlist_free(oprops);
4949 nvlist_free(xprops);
4952 error = dmu_recv_stream(&drc, &off);
4955 zfsvfs_t *zfsvfs = NULL;
4956 zvol_state_handle_t *zv = NULL;
4958 if (getzfsvfs(tofs, &zfsvfs) == 0) {
4962 boolean_t stream_is_redacted = DMU_GET_FEATUREFLAGS(
4963 begin_record->drr_u.drr_begin.
4964 drr_versioninfo) & DMU_BACKUP_FEATURE_REDACTED;
4966 ds = dmu_objset_ds(zfsvfs->z_os);
4967 error = zfs_suspend_fs(zfsvfs);
4969 * If the suspend fails, then the recv_end will
4970 * likely also fail, and clean up after itself.
4972 end_err = dmu_recv_end(&drc, zfsvfs);
4974 * If the dataset was not redacted, but we received a
4975 * redacted stream onto it, we need to unmount the
4976 * dataset. Otherwise, resume the filesystem.
4978 if (error == 0 && !drc.drc_newfs &&
4979 stream_is_redacted && !tofs_was_redacted) {
4980 error = zfs_end_fs(zfsvfs, ds);
4981 } else if (error == 0) {
4982 error = zfs_resume_fs(zfsvfs, ds);
4984 error = error ? error : end_err;
4985 zfs_vfs_rele(zfsvfs);
4986 } else if ((zv = zvol_suspend(tofs)) != NULL) {
4987 error = dmu_recv_end(&drc, zvol_tag(zv));
4990 error = dmu_recv_end(&drc, NULL);
4993 /* Set delayed properties now, after we're done receiving. */
4994 if (recv_delayprops != NULL && error == 0) {
4995 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
4996 recv_delayprops, *errors);
4998 if (local_delayprops != NULL && error == 0) {
4999 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL,
5000 local_delayprops, *errors);
5005 * Merge delayed props back in with initial props, in case
5006 * we're DEBUG and zfs_ioc_recv_inject_err is set (which means
5007 * we have to make sure clear_received_props() includes
5008 * the delayed properties).
5010 * Since zfs_ioc_recv_inject_err is only in DEBUG kernels,
5011 * using ASSERT() will be just like a VERIFY.
5013 if (recv_delayprops != NULL) {
5014 ASSERT(nvlist_merge(recvprops, recv_delayprops, 0) == 0);
5015 nvlist_free(recv_delayprops);
5017 if (local_delayprops != NULL) {
5018 ASSERT(nvlist_merge(localprops, local_delayprops, 0) == 0);
5019 nvlist_free(local_delayprops);
5021 *read_bytes = off - noff;
5024 if (zfs_ioc_recv_inject_err) {
5025 zfs_ioc_recv_inject_err = B_FALSE;
5031 * On error, restore the original props.
5033 if (error != 0 && recvprops != NULL && !drc.drc_newfs) {
5034 if (clear_received_props(tofs, recvprops, NULL) != 0) {
5036 * We failed to clear the received properties.
5037 * Since we may have left a $recvd value on the
5038 * system, we can't clear the $hasrecvd flag.
5040 *errflags |= ZPROP_ERR_NORESTORE;
5041 } else if (first_recvd_props) {
5042 dsl_prop_unset_hasrecvd(tofs);
5045 if (origrecvd == NULL && !drc.drc_newfs) {
5046 /* We failed to stash the original properties. */
5047 *errflags |= ZPROP_ERR_NORESTORE;
5051 * dsl_props_set() will not convert RECEIVED to LOCAL on or
5052 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL
5053 * explicitly if we're restoring local properties cleared in the
5054 * first new-style receive.
5056 if (origrecvd != NULL &&
5057 zfs_set_prop_nvlist(tofs, (first_recvd_props ?
5058 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED),
5059 origrecvd, NULL) != 0) {
5061 * We stashed the original properties but failed to
5064 *errflags |= ZPROP_ERR_NORESTORE;
5067 if (error != 0 && localprops != NULL && !drc.drc_newfs &&
5068 !first_recvd_props) {
5070 nvlist_t *inheritprops;
5073 if (origprops == NULL) {
5074 /* We failed to stash the original properties. */
5075 *errflags |= ZPROP_ERR_NORESTORE;
5079 /* Restore original props */
5080 setprops = fnvlist_alloc();
5081 inheritprops = fnvlist_alloc();
5083 while ((nvp = nvlist_next_nvpair(localprops, nvp)) != NULL) {
5084 const char *name = nvpair_name(nvp);
5088 if (!nvlist_exists(origprops, name)) {
5090 * Property was not present or was explicitly
5091 * inherited before the receive, restore this.
5093 fnvlist_add_boolean(inheritprops, name);
5096 attrs = fnvlist_lookup_nvlist(origprops, name);
5097 source = fnvlist_lookup_string(attrs, ZPROP_SOURCE);
5099 /* Skip received properties */
5100 if (strcmp(source, ZPROP_SOURCE_VAL_RECVD) == 0)
5103 if (strcmp(source, tofs) == 0) {
5104 /* Property was locally set */
5105 fnvlist_add_nvlist(setprops, name, attrs);
5107 /* Property was implicitly inherited */
5108 fnvlist_add_boolean(inheritprops, name);
5112 if (zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL, setprops,
5114 *errflags |= ZPROP_ERR_NORESTORE;
5115 if (zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED, inheritprops,
5117 *errflags |= ZPROP_ERR_NORESTORE;
5119 nvlist_free(setprops);
5120 nvlist_free(inheritprops);
5123 zfs_file_put(input_fd);
5124 nvlist_free(origrecvd);
5125 nvlist_free(origprops);
5128 error = props_error;
5135 * zc_name name of containing filesystem (unused)
5136 * zc_nvlist_src{_size} nvlist of properties to apply
5137 * zc_nvlist_conf{_size} nvlist of properties to exclude
5138 * (DATA_TYPE_BOOLEAN) and override (everything else)
5139 * zc_value name of snapshot to create
5140 * zc_string name of clone origin (if DRR_FLAG_CLONE)
5141 * zc_cookie file descriptor to recv from
5142 * zc_begin_record the BEGIN record of the stream (not byteswapped)
5143 * zc_guid force flag
5146 * zc_cookie number of bytes read
5147 * zc_obj zprop_errflags_t
5148 * zc_nvlist_dst{_size} error for each unapplied received property
5151 zfs_ioc_recv(zfs_cmd_t *zc)
5153 dmu_replay_record_t begin_record;
5154 nvlist_t *errors = NULL;
5155 nvlist_t *recvdprops = NULL;
5156 nvlist_t *localprops = NULL;
5157 char *origin = NULL;
5159 char tofs[ZFS_MAX_DATASET_NAME_LEN];
5162 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
5163 strchr(zc->zc_value, '@') == NULL ||
5164 strchr(zc->zc_value, '%'))
5165 return (SET_ERROR(EINVAL));
5167 (void) strlcpy(tofs, zc->zc_value, sizeof (tofs));
5168 tosnap = strchr(tofs, '@');
5171 if (zc->zc_nvlist_src != 0 &&
5172 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
5173 zc->zc_iflags, &recvdprops)) != 0)
5176 if (zc->zc_nvlist_conf != 0 &&
5177 (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
5178 zc->zc_iflags, &localprops)) != 0)
5181 if (zc->zc_string[0])
5182 origin = zc->zc_string;
5184 begin_record.drr_type = DRR_BEGIN;
5185 begin_record.drr_payloadlen = 0;
5186 begin_record.drr_u.drr_begin = zc->zc_begin_record;
5188 error = zfs_ioc_recv_impl(tofs, tosnap, origin, recvdprops, localprops,
5189 NULL, zc->zc_guid, B_FALSE, zc->zc_cookie, &begin_record,
5190 &zc->zc_cookie, &zc->zc_obj, &errors);
5191 nvlist_free(recvdprops);
5192 nvlist_free(localprops);
5195 * Now that all props, initial and delayed, are set, report the prop
5196 * errors to the caller.
5198 if (zc->zc_nvlist_dst_size != 0 && errors != NULL &&
5199 (nvlist_smush(errors, zc->zc_nvlist_dst_size) != 0 ||
5200 put_nvlist(zc, errors) != 0)) {
5202 * Caller made zc->zc_nvlist_dst less than the minimum expected
5203 * size or supplied an invalid address.
5205 error = SET_ERROR(EINVAL);
5208 nvlist_free(errors);
5215 * "snapname" -> full name of the snapshot to create
5216 * (optional) "props" -> received properties to set (nvlist)
5217 * (optional) "localprops" -> override and exclude properties (nvlist)
5218 * (optional) "origin" -> name of clone origin (DRR_FLAG_CLONE)
5219 * "begin_record" -> non-byteswapped dmu_replay_record_t
5220 * "input_fd" -> file descriptor to read stream from (int32)
5221 * (optional) "force" -> force flag (value ignored)
5222 * (optional) "resumable" -> resumable flag (value ignored)
5223 * (optional) "cleanup_fd" -> unused
5224 * (optional) "action_handle" -> unused
5225 * (optional) "hidden_args" -> { "wkeydata" -> value }
5229 * "read_bytes" -> number of bytes read
5230 * "error_flags" -> zprop_errflags_t
5231 * "errors" -> error for each unapplied received property (nvlist)
5234 static const zfs_ioc_key_t zfs_keys_recv_new[] = {
5235 {"snapname", DATA_TYPE_STRING, 0},
5236 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
5237 {"localprops", DATA_TYPE_NVLIST, ZK_OPTIONAL},
5238 {"origin", DATA_TYPE_STRING, ZK_OPTIONAL},
5239 {"begin_record", DATA_TYPE_BYTE_ARRAY, 0},
5240 {"input_fd", DATA_TYPE_INT32, 0},
5241 {"force", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
5242 {"resumable", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
5243 {"cleanup_fd", DATA_TYPE_INT32, ZK_OPTIONAL},
5244 {"action_handle", DATA_TYPE_UINT64, ZK_OPTIONAL},
5245 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
5249 zfs_ioc_recv_new(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
5251 dmu_replay_record_t *begin_record;
5252 uint_t begin_record_size;
5253 nvlist_t *errors = NULL;
5254 nvlist_t *recvprops = NULL;
5255 nvlist_t *localprops = NULL;
5256 nvlist_t *hidden_args = NULL;
5258 char *origin = NULL;
5260 char tofs[ZFS_MAX_DATASET_NAME_LEN];
5262 boolean_t resumable;
5263 uint64_t read_bytes = 0;
5264 uint64_t errflags = 0;
5268 snapname = fnvlist_lookup_string(innvl, "snapname");
5270 if (dataset_namecheck(snapname, NULL, NULL) != 0 ||
5271 strchr(snapname, '@') == NULL ||
5272 strchr(snapname, '%'))
5273 return (SET_ERROR(EINVAL));
5275 (void) strlcpy(tofs, snapname, sizeof (tofs));
5276 tosnap = strchr(tofs, '@');
5279 error = nvlist_lookup_string(innvl, "origin", &origin);
5280 if (error && error != ENOENT)
5283 error = nvlist_lookup_byte_array(innvl, "begin_record",
5284 (uchar_t **)&begin_record, &begin_record_size);
5285 if (error != 0 || begin_record_size != sizeof (*begin_record))
5286 return (SET_ERROR(EINVAL));
5288 input_fd = fnvlist_lookup_int32(innvl, "input_fd");
5290 force = nvlist_exists(innvl, "force");
5291 resumable = nvlist_exists(innvl, "resumable");
5293 /* we still use "props" here for backwards compatibility */
5294 error = nvlist_lookup_nvlist(innvl, "props", &recvprops);
5295 if (error && error != ENOENT)
5298 error = nvlist_lookup_nvlist(innvl, "localprops", &localprops);
5299 if (error && error != ENOENT)
5302 error = nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args);
5303 if (error && error != ENOENT)
5306 error = zfs_ioc_recv_impl(tofs, tosnap, origin, recvprops, localprops,
5307 hidden_args, force, resumable, input_fd, begin_record,
5308 &read_bytes, &errflags, &errors);
5310 fnvlist_add_uint64(outnvl, "read_bytes", read_bytes);
5311 fnvlist_add_uint64(outnvl, "error_flags", errflags);
5312 fnvlist_add_nvlist(outnvl, "errors", errors);
5314 nvlist_free(errors);
5315 nvlist_free(recvprops);
5316 nvlist_free(localprops);
5321 typedef struct dump_bytes_io {
5329 dump_bytes_cb(void *arg)
5331 dump_bytes_io_t *dbi = (dump_bytes_io_t *)arg;
5338 dbi->dbi_err = zfs_file_write(fp, buf, dbi->dbi_len, NULL);
5342 dump_bytes(objset_t *os, void *buf, int len, void *arg)
5344 dump_bytes_io_t dbi;
5350 #if defined(HAVE_LARGE_STACKS)
5351 dump_bytes_cb(&dbi);
5354 * The vn_rdwr() call is performed in a taskq to ensure that there is
5355 * always enough stack space to write safely to the target filesystem.
5356 * The ZIO_TYPE_FREE threads are used because there can be a lot of
5357 * them and they are used in vdev_file.c for a similar purpose.
5359 spa_taskq_dispatch_sync(dmu_objset_spa(os), ZIO_TYPE_FREE,
5360 ZIO_TASKQ_ISSUE, dump_bytes_cb, &dbi, TQ_SLEEP);
5361 #endif /* HAVE_LARGE_STACKS */
5363 return (dbi.dbi_err);
5368 * zc_name name of snapshot to send
5369 * zc_cookie file descriptor to send stream to
5370 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj)
5371 * zc_sendobj objsetid of snapshot to send
5372 * zc_fromobj objsetid of incremental fromsnap (may be zero)
5373 * zc_guid if set, estimate size of stream only. zc_cookie is ignored.
5374 * output size in zc_objset_type.
5375 * zc_flags lzc_send_flags
5378 * zc_objset_type estimated size, if zc_guid is set
5380 * NOTE: This is no longer the preferred interface, any new functionality
5381 * should be added to zfs_ioc_send_new() instead.
5384 zfs_ioc_send(zfs_cmd_t *zc)
5388 boolean_t estimate = (zc->zc_guid != 0);
5389 boolean_t embedok = (zc->zc_flags & 0x1);
5390 boolean_t large_block_ok = (zc->zc_flags & 0x2);
5391 boolean_t compressok = (zc->zc_flags & 0x4);
5392 boolean_t rawok = (zc->zc_flags & 0x8);
5393 boolean_t savedok = (zc->zc_flags & 0x10);
5395 if (zc->zc_obj != 0) {
5397 dsl_dataset_t *tosnap;
5399 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
5403 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &tosnap);
5405 dsl_pool_rele(dp, FTAG);
5409 if (dsl_dir_is_clone(tosnap->ds_dir))
5411 dsl_dir_phys(tosnap->ds_dir)->dd_origin_obj;
5412 dsl_dataset_rele(tosnap, FTAG);
5413 dsl_pool_rele(dp, FTAG);
5418 dsl_dataset_t *tosnap;
5419 dsl_dataset_t *fromsnap = NULL;
5421 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
5425 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj,
5428 dsl_pool_rele(dp, FTAG);
5432 if (zc->zc_fromobj != 0) {
5433 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj,
5436 dsl_dataset_rele(tosnap, FTAG);
5437 dsl_pool_rele(dp, FTAG);
5442 error = dmu_send_estimate_fast(tosnap, fromsnap, NULL,
5443 compressok || rawok, savedok, &zc->zc_objset_type);
5445 if (fromsnap != NULL)
5446 dsl_dataset_rele(fromsnap, FTAG);
5447 dsl_dataset_rele(tosnap, FTAG);
5448 dsl_pool_rele(dp, FTAG);
5451 dmu_send_outparams_t out = {0};
5453 if ((error = zfs_file_get(zc->zc_cookie, &fp)))
5456 off = zfs_file_off(fp);
5457 out.dso_outfunc = dump_bytes;
5459 out.dso_dryrun = B_FALSE;
5460 error = dmu_send_obj(zc->zc_name, zc->zc_sendobj,
5461 zc->zc_fromobj, embedok, large_block_ok, compressok,
5462 rawok, savedok, zc->zc_cookie, &off, &out);
5464 zfs_file_put(zc->zc_cookie);
5471 * zc_name name of snapshot on which to report progress
5472 * zc_cookie file descriptor of send stream
5475 * zc_cookie number of bytes written in send stream thus far
5476 * zc_objset_type logical size of data traversed by send thus far
5479 zfs_ioc_send_progress(zfs_cmd_t *zc)
5483 dmu_sendstatus_t *dsp = NULL;
5486 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
5490 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds);
5492 dsl_pool_rele(dp, FTAG);
5496 mutex_enter(&ds->ds_sendstream_lock);
5499 * Iterate over all the send streams currently active on this dataset.
5500 * If there's one which matches the specified file descriptor _and_ the
5501 * stream was started by the current process, return the progress of
5505 for (dsp = list_head(&ds->ds_sendstreams); dsp != NULL;
5506 dsp = list_next(&ds->ds_sendstreams, dsp)) {
5507 if (dsp->dss_outfd == zc->zc_cookie &&
5508 zfs_proc_is_caller(dsp->dss_proc))
5513 zc->zc_cookie = atomic_cas_64((volatile uint64_t *)dsp->dss_off,
5515 /* This is the closest thing we have to atomic_read_64. */
5516 zc->zc_objset_type = atomic_cas_64(&dsp->dss_blocks, 0, 0);
5518 error = SET_ERROR(ENOENT);
5521 mutex_exit(&ds->ds_sendstream_lock);
5522 dsl_dataset_rele(ds, FTAG);
5523 dsl_pool_rele(dp, FTAG);
5528 zfs_ioc_inject_fault(zfs_cmd_t *zc)
5532 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id,
5533 &zc->zc_inject_record);
5536 zc->zc_guid = (uint64_t)id;
5542 zfs_ioc_clear_fault(zfs_cmd_t *zc)
5544 return (zio_clear_fault((int)zc->zc_guid));
5548 zfs_ioc_inject_list_next(zfs_cmd_t *zc)
5550 int id = (int)zc->zc_guid;
5553 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name),
5554 &zc->zc_inject_record);
5562 zfs_ioc_error_log(zfs_cmd_t *zc)
5566 size_t count = (size_t)zc->zc_nvlist_dst_size;
5568 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
5571 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst,
5574 zc->zc_nvlist_dst_size = count;
5576 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa);
5578 spa_close(spa, FTAG);
5584 zfs_ioc_clear(zfs_cmd_t *zc)
5591 * On zpool clear we also fix up missing slogs
5593 mutex_enter(&spa_namespace_lock);
5594 spa = spa_lookup(zc->zc_name);
5596 mutex_exit(&spa_namespace_lock);
5597 return (SET_ERROR(EIO));
5599 if (spa_get_log_state(spa) == SPA_LOG_MISSING) {
5600 /* we need to let spa_open/spa_load clear the chains */
5601 spa_set_log_state(spa, SPA_LOG_CLEAR);
5603 spa->spa_last_open_failed = 0;
5604 mutex_exit(&spa_namespace_lock);
5606 if (zc->zc_cookie & ZPOOL_NO_REWIND) {
5607 error = spa_open(zc->zc_name, &spa, FTAG);
5610 nvlist_t *config = NULL;
5612 if (zc->zc_nvlist_src == 0)
5613 return (SET_ERROR(EINVAL));
5615 if ((error = get_nvlist(zc->zc_nvlist_src,
5616 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) {
5617 error = spa_open_rewind(zc->zc_name, &spa, FTAG,
5619 if (config != NULL) {
5622 if ((err = put_nvlist(zc, config)) != 0)
5624 nvlist_free(config);
5626 nvlist_free(policy);
5634 * If multihost is enabled, resuming I/O is unsafe as another
5635 * host may have imported the pool.
5637 if (spa_multihost(spa) && spa_suspended(spa))
5638 return (SET_ERROR(EINVAL));
5640 spa_vdev_state_enter(spa, SCL_NONE);
5642 if (zc->zc_guid == 0) {
5645 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE);
5647 error = SET_ERROR(ENODEV);
5648 (void) spa_vdev_state_exit(spa, NULL, error);
5649 spa_close(spa, FTAG);
5654 vdev_clear(spa, vd);
5656 (void) spa_vdev_state_exit(spa, spa_suspended(spa) ?
5657 NULL : spa->spa_root_vdev, 0);
5660 * Resume any suspended I/Os.
5662 if (zio_resume(spa) != 0)
5663 error = SET_ERROR(EIO);
5665 spa_close(spa, FTAG);
5671 * Reopen all the vdevs associated with the pool.
5674 * "scrub_restart" -> when true and scrub is running, allow to restart
5675 * scrub as the side effect of the reopen (boolean).
5680 static const zfs_ioc_key_t zfs_keys_pool_reopen[] = {
5681 {"scrub_restart", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
5686 zfs_ioc_pool_reopen(const char *pool, nvlist_t *innvl, nvlist_t *outnvl)
5690 boolean_t rc, scrub_restart = B_TRUE;
5693 error = nvlist_lookup_boolean_value(innvl,
5694 "scrub_restart", &rc);
5699 error = spa_open(pool, &spa, FTAG);
5703 spa_vdev_state_enter(spa, SCL_NONE);
5706 * If the scrub_restart flag is B_FALSE and a scrub is already
5707 * in progress then set spa_scrub_reopen flag to B_TRUE so that
5708 * we don't restart the scrub as a side effect of the reopen.
5709 * Otherwise, let vdev_open() decided if a resilver is required.
5712 spa->spa_scrub_reopen = (!scrub_restart &&
5713 dsl_scan_scrubbing(spa->spa_dsl_pool));
5714 vdev_reopen(spa->spa_root_vdev);
5715 spa->spa_scrub_reopen = B_FALSE;
5717 (void) spa_vdev_state_exit(spa, NULL, 0);
5718 spa_close(spa, FTAG);
5724 * zc_name name of filesystem
5727 * zc_string name of conflicting snapshot, if there is one
5730 zfs_ioc_promote(zfs_cmd_t *zc)
5733 dsl_dataset_t *ds, *ods;
5734 char origin[ZFS_MAX_DATASET_NAME_LEN];
5738 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
5739 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0 ||
5740 strchr(zc->zc_name, '%'))
5741 return (SET_ERROR(EINVAL));
5743 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
5747 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds);
5749 dsl_pool_rele(dp, FTAG);
5753 if (!dsl_dir_is_clone(ds->ds_dir)) {
5754 dsl_dataset_rele(ds, FTAG);
5755 dsl_pool_rele(dp, FTAG);
5756 return (SET_ERROR(EINVAL));
5759 error = dsl_dataset_hold_obj(dp,
5760 dsl_dir_phys(ds->ds_dir)->dd_origin_obj, FTAG, &ods);
5762 dsl_dataset_rele(ds, FTAG);
5763 dsl_pool_rele(dp, FTAG);
5767 dsl_dataset_name(ods, origin);
5768 dsl_dataset_rele(ods, FTAG);
5769 dsl_dataset_rele(ds, FTAG);
5770 dsl_pool_rele(dp, FTAG);
5773 * We don't need to unmount *all* the origin fs's snapshots, but
5776 cp = strchr(origin, '@');
5779 (void) dmu_objset_find(origin,
5780 zfs_unmount_snap_cb, NULL, DS_FIND_SNAPSHOTS);
5781 return (dsl_dataset_promote(zc->zc_name, zc->zc_string));
5785 * Retrieve a single {user|group|project}{used|quota}@... property.
5788 * zc_name name of filesystem
5789 * zc_objset_type zfs_userquota_prop_t
5790 * zc_value domain name (eg. "S-1-234-567-89")
5791 * zc_guid RID/UID/GID
5794 * zc_cookie property value
5797 zfs_ioc_userspace_one(zfs_cmd_t *zc)
5802 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
5803 return (SET_ERROR(EINVAL));
5805 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
5809 error = zfs_userspace_one(zfsvfs,
5810 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie);
5811 zfsvfs_rele(zfsvfs, FTAG);
5818 * zc_name name of filesystem
5819 * zc_cookie zap cursor
5820 * zc_objset_type zfs_userquota_prop_t
5821 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist)
5824 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t)
5825 * zc_cookie zap cursor
5828 zfs_ioc_userspace_many(zfs_cmd_t *zc)
5831 int bufsize = zc->zc_nvlist_dst_size;
5834 return (SET_ERROR(ENOMEM));
5836 int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
5840 void *buf = vmem_alloc(bufsize, KM_SLEEP);
5842 error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie,
5843 buf, &zc->zc_nvlist_dst_size);
5846 error = xcopyout(buf,
5847 (void *)(uintptr_t)zc->zc_nvlist_dst,
5848 zc->zc_nvlist_dst_size);
5850 vmem_free(buf, bufsize);
5851 zfsvfs_rele(zfsvfs, FTAG);
5858 * zc_name name of filesystem
5864 zfs_ioc_userspace_upgrade(zfs_cmd_t *zc)
5870 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) {
5871 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) {
5873 * If userused is not enabled, it may be because the
5874 * objset needs to be closed & reopened (to grow the
5875 * objset_phys_t). Suspend/resume the fs will do that.
5877 dsl_dataset_t *ds, *newds;
5879 ds = dmu_objset_ds(zfsvfs->z_os);
5880 error = zfs_suspend_fs(zfsvfs);
5882 dmu_objset_refresh_ownership(ds, &newds,
5884 error = zfs_resume_fs(zfsvfs, newds);
5888 error = dmu_objset_userspace_upgrade(zfsvfs->z_os);
5889 zfs_vfs_rele(zfsvfs);
5891 /* XXX kind of reading contents without owning */
5892 error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, FTAG, &os);
5896 error = dmu_objset_userspace_upgrade(os);
5897 dmu_objset_rele_flags(os, B_TRUE, FTAG);
5905 * zc_name name of filesystem
5911 zfs_ioc_id_quota_upgrade(zfs_cmd_t *zc)
5916 error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, FTAG, &os);
5920 if (dmu_objset_userobjspace_upgradable(os) ||
5921 dmu_objset_projectquota_upgradable(os)) {
5922 mutex_enter(&os->os_upgrade_lock);
5923 if (os->os_upgrade_id == 0) {
5924 /* clear potential error code and retry */
5925 os->os_upgrade_status = 0;
5926 mutex_exit(&os->os_upgrade_lock);
5928 dmu_objset_id_quota_upgrade(os);
5930 mutex_exit(&os->os_upgrade_lock);
5933 dsl_pool_rele(dmu_objset_pool(os), FTAG);
5935 taskq_wait_id(os->os_spa->spa_upgrade_taskq, os->os_upgrade_id);
5936 error = os->os_upgrade_status;
5938 dsl_pool_rele(dmu_objset_pool(os), FTAG);
5941 dsl_dataset_rele_flags(dmu_objset_ds(os), DS_HOLD_FLAG_DECRYPT, FTAG);
5947 zfs_ioc_share(zfs_cmd_t *zc)
5949 return (SET_ERROR(ENOSYS));
5952 ace_t full_access[] = {
5953 {(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0}
5958 * zc_name name of containing filesystem
5959 * zc_obj object # beyond which we want next in-use object #
5962 * zc_obj next in-use object #
5965 zfs_ioc_next_obj(zfs_cmd_t *zc)
5967 objset_t *os = NULL;
5970 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
5974 error = dmu_object_next(os, &zc->zc_obj, B_FALSE, 0);
5976 dmu_objset_rele(os, FTAG);
5982 * zc_name name of filesystem
5983 * zc_value prefix name for snapshot
5984 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process
5987 * zc_value short name of new snapshot
5990 zfs_ioc_tmp_snapshot(zfs_cmd_t *zc)
5997 error = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor);
6001 snap_name = kmem_asprintf("%s-%016llx", zc->zc_value,
6002 (u_longlong_t)ddi_get_lbolt64());
6003 hold_name = kmem_asprintf("%%%s", zc->zc_value);
6005 error = dsl_dataset_snapshot_tmp(zc->zc_name, snap_name, minor,
6008 (void) strlcpy(zc->zc_value, snap_name,
6009 sizeof (zc->zc_value));
6010 kmem_strfree(snap_name);
6011 kmem_strfree(hold_name);
6012 zfs_onexit_fd_rele(zc->zc_cleanup_fd);
6018 * zc_name name of "to" snapshot
6019 * zc_value name of "from" snapshot
6020 * zc_cookie file descriptor to write diff data on
6023 * dmu_diff_record_t's to the file descriptor
6026 zfs_ioc_diff(zfs_cmd_t *zc)
6032 if ((error = zfs_file_get(zc->zc_cookie, &fp)))
6035 off = zfs_file_off(fp);
6036 error = dmu_diff(zc->zc_name, zc->zc_value, fp, &off);
6038 zfs_file_put(zc->zc_cookie);
6044 zfs_ioc_smb_acl(zfs_cmd_t *zc)
6046 return (SET_ERROR(ENOTSUP));
6051 * "holds" -> { snapname -> holdname (string), ... }
6052 * (optional) "cleanup_fd" -> fd (int32)
6056 * snapname -> error value (int32)
6060 static const zfs_ioc_key_t zfs_keys_hold[] = {
6061 {"holds", DATA_TYPE_NVLIST, 0},
6062 {"cleanup_fd", DATA_TYPE_INT32, ZK_OPTIONAL},
6067 zfs_ioc_hold(const char *pool, nvlist_t *args, nvlist_t *errlist)
6071 int cleanup_fd = -1;
6075 holds = fnvlist_lookup_nvlist(args, "holds");
6077 /* make sure the user didn't pass us any invalid (empty) tags */
6078 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL;
6079 pair = nvlist_next_nvpair(holds, pair)) {
6082 error = nvpair_value_string(pair, &htag);
6084 return (SET_ERROR(error));
6086 if (strlen(htag) == 0)
6087 return (SET_ERROR(EINVAL));
6090 if (nvlist_lookup_int32(args, "cleanup_fd", &cleanup_fd) == 0) {
6091 error = zfs_onexit_fd_hold(cleanup_fd, &minor);
6093 return (SET_ERROR(error));
6096 error = dsl_dataset_user_hold(holds, minor, errlist);
6098 zfs_onexit_fd_rele(cleanup_fd);
6099 return (SET_ERROR(error));
6103 * innvl is not used.
6106 * holdname -> time added (uint64 seconds since epoch)
6110 static const zfs_ioc_key_t zfs_keys_get_holds[] = {
6116 zfs_ioc_get_holds(const char *snapname, nvlist_t *args, nvlist_t *outnvl)
6118 return (dsl_dataset_get_holds(snapname, outnvl));
6123 * snapname -> { holdname, ... }
6128 * snapname -> error value (int32)
6132 static const zfs_ioc_key_t zfs_keys_release[] = {
6133 {"<snapname>...", DATA_TYPE_NVLIST, ZK_WILDCARDLIST},
6138 zfs_ioc_release(const char *pool, nvlist_t *holds, nvlist_t *errlist)
6140 return (dsl_dataset_user_release(holds, errlist));
6145 * zc_guid flags (ZEVENT_NONBLOCK)
6146 * zc_cleanup_fd zevent file descriptor
6149 * zc_nvlist_dst next nvlist event
6150 * zc_cookie dropped events since last get
6153 zfs_ioc_events_next(zfs_cmd_t *zc)
6156 nvlist_t *event = NULL;
6158 uint64_t dropped = 0;
6161 error = zfs_zevent_fd_hold(zc->zc_cleanup_fd, &minor, &ze);
6166 error = zfs_zevent_next(ze, &event,
6167 &zc->zc_nvlist_dst_size, &dropped);
6168 if (event != NULL) {
6169 zc->zc_cookie = dropped;
6170 error = put_nvlist(zc, event);
6174 if (zc->zc_guid & ZEVENT_NONBLOCK)
6177 if ((error == 0) || (error != ENOENT))
6180 error = zfs_zevent_wait(ze);
6185 zfs_zevent_fd_rele(zc->zc_cleanup_fd);
6192 * zc_cookie cleared events count
6195 zfs_ioc_events_clear(zfs_cmd_t *zc)
6199 zfs_zevent_drain_all(&count);
6200 zc->zc_cookie = count;
6207 * zc_guid eid | ZEVENT_SEEK_START | ZEVENT_SEEK_END
6208 * zc_cleanup zevent file descriptor
6211 zfs_ioc_events_seek(zfs_cmd_t *zc)
6217 error = zfs_zevent_fd_hold(zc->zc_cleanup_fd, &minor, &ze);
6221 error = zfs_zevent_seek(ze, zc->zc_guid);
6222 zfs_zevent_fd_rele(zc->zc_cleanup_fd);
6229 * zc_name name of later filesystem or snapshot
6230 * zc_value full name of old snapshot or bookmark
6233 * zc_cookie space in bytes
6234 * zc_objset_type compressed space in bytes
6235 * zc_perm_action uncompressed space in bytes
6238 zfs_ioc_space_written(zfs_cmd_t *zc)
6244 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
6247 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &new);
6249 dsl_pool_rele(dp, FTAG);
6252 if (strchr(zc->zc_value, '#') != NULL) {
6253 zfs_bookmark_phys_t bmp;
6254 error = dsl_bookmark_lookup(dp, zc->zc_value,
6257 error = dsl_dataset_space_written_bookmark(&bmp, new,
6259 &zc->zc_objset_type, &zc->zc_perm_action);
6263 error = dsl_dataset_hold(dp, zc->zc_value, FTAG, &old);
6266 error = dsl_dataset_space_written(old, new,
6268 &zc->zc_objset_type, &zc->zc_perm_action);
6269 dsl_dataset_rele(old, FTAG);
6272 dsl_dataset_rele(new, FTAG);
6273 dsl_pool_rele(dp, FTAG);
6279 * "firstsnap" -> snapshot name
6283 * "used" -> space in bytes
6284 * "compressed" -> compressed space in bytes
6285 * "uncompressed" -> uncompressed space in bytes
6288 static const zfs_ioc_key_t zfs_keys_space_snaps[] = {
6289 {"firstsnap", DATA_TYPE_STRING, 0},
6293 zfs_ioc_space_snaps(const char *lastsnap, nvlist_t *innvl, nvlist_t *outnvl)
6297 dsl_dataset_t *new, *old;
6299 uint64_t used, comp, uncomp;
6301 firstsnap = fnvlist_lookup_string(innvl, "firstsnap");
6303 error = dsl_pool_hold(lastsnap, FTAG, &dp);
6307 error = dsl_dataset_hold(dp, lastsnap, FTAG, &new);
6308 if (error == 0 && !new->ds_is_snapshot) {
6309 dsl_dataset_rele(new, FTAG);
6310 error = SET_ERROR(EINVAL);
6313 dsl_pool_rele(dp, FTAG);
6316 error = dsl_dataset_hold(dp, firstsnap, FTAG, &old);
6317 if (error == 0 && !old->ds_is_snapshot) {
6318 dsl_dataset_rele(old, FTAG);
6319 error = SET_ERROR(EINVAL);
6322 dsl_dataset_rele(new, FTAG);
6323 dsl_pool_rele(dp, FTAG);
6327 error = dsl_dataset_space_wouldfree(old, new, &used, &comp, &uncomp);
6328 dsl_dataset_rele(old, FTAG);
6329 dsl_dataset_rele(new, FTAG);
6330 dsl_pool_rele(dp, FTAG);
6331 fnvlist_add_uint64(outnvl, "used", used);
6332 fnvlist_add_uint64(outnvl, "compressed", comp);
6333 fnvlist_add_uint64(outnvl, "uncompressed", uncomp);
6339 * "fd" -> file descriptor to write stream to (int32)
6340 * (optional) "fromsnap" -> full snap name to send an incremental from
6341 * (optional) "largeblockok" -> (value ignored)
6342 * indicates that blocks > 128KB are permitted
6343 * (optional) "embedok" -> (value ignored)
6344 * presence indicates DRR_WRITE_EMBEDDED records are permitted
6345 * (optional) "compressok" -> (value ignored)
6346 * presence indicates compressed DRR_WRITE records are permitted
6347 * (optional) "rawok" -> (value ignored)
6348 * presence indicates raw encrypted records should be used.
6349 * (optional) "savedok" -> (value ignored)
6350 * presence indicates we should send a partially received snapshot
6351 * (optional) "resume_object" and "resume_offset" -> (uint64)
6352 * if present, resume send stream from specified object and offset.
6353 * (optional) "redactbook" -> (string)
6354 * if present, use this bookmark's redaction list to generate a redacted
6360 static const zfs_ioc_key_t zfs_keys_send_new[] = {
6361 {"fd", DATA_TYPE_INT32, 0},
6362 {"fromsnap", DATA_TYPE_STRING, ZK_OPTIONAL},
6363 {"largeblockok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6364 {"embedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6365 {"compressok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6366 {"rawok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6367 {"savedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6368 {"resume_object", DATA_TYPE_UINT64, ZK_OPTIONAL},
6369 {"resume_offset", DATA_TYPE_UINT64, ZK_OPTIONAL},
6370 {"redactbook", DATA_TYPE_STRING, ZK_OPTIONAL},
6375 zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
6379 char *fromname = NULL;
6382 boolean_t largeblockok;
6384 boolean_t compressok;
6387 uint64_t resumeobj = 0;
6388 uint64_t resumeoff = 0;
6389 char *redactbook = NULL;
6391 fd = fnvlist_lookup_int32(innvl, "fd");
6393 (void) nvlist_lookup_string(innvl, "fromsnap", &fromname);
6395 largeblockok = nvlist_exists(innvl, "largeblockok");
6396 embedok = nvlist_exists(innvl, "embedok");
6397 compressok = nvlist_exists(innvl, "compressok");
6398 rawok = nvlist_exists(innvl, "rawok");
6399 savedok = nvlist_exists(innvl, "savedok");
6401 (void) nvlist_lookup_uint64(innvl, "resume_object", &resumeobj);
6402 (void) nvlist_lookup_uint64(innvl, "resume_offset", &resumeoff);
6404 (void) nvlist_lookup_string(innvl, "redactbook", &redactbook);
6406 if ((error = zfs_file_get(fd, &fp)))
6409 off = zfs_file_off(fp);
6411 dmu_send_outparams_t out = {0};
6412 out.dso_outfunc = dump_bytes;
6414 out.dso_dryrun = B_FALSE;
6415 error = dmu_send(snapname, fromname, embedok, largeblockok,
6416 compressok, rawok, savedok, resumeobj, resumeoff,
6417 redactbook, fd, &off, &out);
6425 send_space_sum(objset_t *os, void *buf, int len, void *arg)
6427 uint64_t *size = arg;
6433 * Determine approximately how large a zfs send stream will be -- the number
6434 * of bytes that will be written to the fd supplied to zfs_ioc_send_new().
6437 * (optional) "from" -> full snap or bookmark name to send an incremental
6439 * (optional) "largeblockok" -> (value ignored)
6440 * indicates that blocks > 128KB are permitted
6441 * (optional) "embedok" -> (value ignored)
6442 * presence indicates DRR_WRITE_EMBEDDED records are permitted
6443 * (optional) "compressok" -> (value ignored)
6444 * presence indicates compressed DRR_WRITE records are permitted
6445 * (optional) "rawok" -> (value ignored)
6446 * presence indicates raw encrypted records should be used.
6447 * (optional) "fd" -> file descriptor to use as a cookie for progress
6452 * "space" -> bytes of space (uint64)
6455 static const zfs_ioc_key_t zfs_keys_send_space[] = {
6456 {"from", DATA_TYPE_STRING, ZK_OPTIONAL},
6457 {"fromsnap", DATA_TYPE_STRING, ZK_OPTIONAL},
6458 {"largeblockok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6459 {"embedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6460 {"compressok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6461 {"rawok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6462 {"fd", DATA_TYPE_INT32, ZK_OPTIONAL},
6463 {"redactbook", DATA_TYPE_STRING, ZK_OPTIONAL},
6464 {"resumeobj", DATA_TYPE_UINT64, ZK_OPTIONAL},
6465 {"resumeoff", DATA_TYPE_UINT64, ZK_OPTIONAL},
6466 {"bytes", DATA_TYPE_UINT64, ZK_OPTIONAL},
6470 zfs_ioc_send_space(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
6473 dsl_dataset_t *tosnap;
6474 dsl_dataset_t *fromsnap = NULL;
6476 char *fromname = NULL;
6477 char *redactlist_book = NULL;
6478 boolean_t largeblockok;
6480 boolean_t compressok;
6484 boolean_t full_estimate = B_FALSE;
6485 uint64_t resumeobj = 0;
6486 uint64_t resumeoff = 0;
6487 uint64_t resume_bytes = 0;
6489 zfs_bookmark_phys_t zbm = {0};
6491 error = dsl_pool_hold(snapname, FTAG, &dp);
6495 error = dsl_dataset_hold(dp, snapname, FTAG, &tosnap);
6497 dsl_pool_rele(dp, FTAG);
6500 (void) nvlist_lookup_int32(innvl, "fd", &fd);
6502 largeblockok = nvlist_exists(innvl, "largeblockok");
6503 embedok = nvlist_exists(innvl, "embedok");
6504 compressok = nvlist_exists(innvl, "compressok");
6505 rawok = nvlist_exists(innvl, "rawok");
6506 savedok = nvlist_exists(innvl, "savedok");
6507 boolean_t from = (nvlist_lookup_string(innvl, "from", &fromname) == 0);
6508 boolean_t altbook = (nvlist_lookup_string(innvl, "redactbook",
6509 &redactlist_book) == 0);
6511 (void) nvlist_lookup_uint64(innvl, "resume_object", &resumeobj);
6512 (void) nvlist_lookup_uint64(innvl, "resume_offset", &resumeoff);
6513 (void) nvlist_lookup_uint64(innvl, "bytes", &resume_bytes);
6516 full_estimate = B_TRUE;
6518 if (strchr(fromname, '#')) {
6519 error = dsl_bookmark_lookup(dp, fromname, tosnap, &zbm);
6522 * dsl_bookmark_lookup() will fail with EXDEV if
6523 * the from-bookmark and tosnap are at the same txg.
6524 * However, it's valid to do a send (and therefore,
6525 * a send estimate) from and to the same time point,
6526 * if the bookmark is redacted (the incremental send
6527 * can change what's redacted on the target). In
6528 * this case, dsl_bookmark_lookup() fills in zbm
6529 * but returns EXDEV. Ignore this error.
6531 if (error == EXDEV && zbm.zbm_redaction_obj != 0 &&
6533 dsl_dataset_phys(tosnap)->ds_guid)
6537 dsl_dataset_rele(tosnap, FTAG);
6538 dsl_pool_rele(dp, FTAG);
6541 if (zbm.zbm_redaction_obj != 0 || !(zbm.zbm_flags &
6542 ZBM_FLAG_HAS_FBN)) {
6543 full_estimate = B_TRUE;
6545 } else if (strchr(fromname, '@')) {
6546 error = dsl_dataset_hold(dp, fromname, FTAG, &fromsnap);
6548 dsl_dataset_rele(tosnap, FTAG);
6549 dsl_pool_rele(dp, FTAG);
6553 if (!dsl_dataset_is_before(tosnap, fromsnap, 0)) {
6554 full_estimate = B_TRUE;
6555 dsl_dataset_rele(fromsnap, FTAG);
6559 * from is not properly formatted as a snapshot or
6562 dsl_dataset_rele(tosnap, FTAG);
6563 dsl_pool_rele(dp, FTAG);
6564 return (SET_ERROR(EINVAL));
6568 if (full_estimate) {
6569 dmu_send_outparams_t out = {0};
6571 out.dso_outfunc = send_space_sum;
6572 out.dso_arg = &space;
6573 out.dso_dryrun = B_TRUE;
6575 * We have to release these holds so dmu_send can take them. It
6576 * will do all the error checking we need.
6578 dsl_dataset_rele(tosnap, FTAG);
6579 dsl_pool_rele(dp, FTAG);
6580 error = dmu_send(snapname, fromname, embedok, largeblockok,
6581 compressok, rawok, savedok, resumeobj, resumeoff,
6582 redactlist_book, fd, &off, &out);
6584 error = dmu_send_estimate_fast(tosnap, fromsnap,
6585 (from && strchr(fromname, '#') != NULL ? &zbm : NULL),
6586 compressok || rawok, savedok, &space);
6587 space -= resume_bytes;
6588 if (fromsnap != NULL)
6589 dsl_dataset_rele(fromsnap, FTAG);
6590 dsl_dataset_rele(tosnap, FTAG);
6591 dsl_pool_rele(dp, FTAG);
6594 fnvlist_add_uint64(outnvl, "space", space);
6600 * Sync the currently open TXG to disk for the specified pool.
6601 * This is somewhat similar to 'zfs_sync()'.
6602 * For cases that do not result in error this ioctl will wait for
6603 * the currently open TXG to commit before returning back to the caller.
6606 * "force" -> when true, force uberblock update even if there is no dirty data.
6607 * In addition this will cause the vdev configuration to be written
6608 * out including updating the zpool cache file. (boolean_t)
6613 static const zfs_ioc_key_t zfs_keys_pool_sync[] = {
6614 {"force", DATA_TYPE_BOOLEAN_VALUE, 0},
6619 zfs_ioc_pool_sync(const char *pool, nvlist_t *innvl, nvlist_t *onvl)
6622 boolean_t force = B_FALSE;
6625 if ((err = spa_open(pool, &spa, FTAG)) != 0)
6629 force = fnvlist_lookup_boolean_value(innvl, "force");
6632 spa_config_enter(spa, SCL_CONFIG, FTAG, RW_WRITER);
6633 vdev_config_dirty(spa->spa_root_vdev);
6634 spa_config_exit(spa, SCL_CONFIG, FTAG);
6636 txg_wait_synced(spa_get_dsl(spa), 0);
6638 spa_close(spa, FTAG);
6644 * Load a user's wrapping key into the kernel.
6646 * "hidden_args" -> { "wkeydata" -> value }
6647 * raw uint8_t array of encryption wrapping key data (32 bytes)
6648 * (optional) "noop" -> (value ignored)
6649 * presence indicated key should only be verified, not loaded
6652 static const zfs_ioc_key_t zfs_keys_load_key[] = {
6653 {"hidden_args", DATA_TYPE_NVLIST, 0},
6654 {"noop", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6659 zfs_ioc_load_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl)
6662 dsl_crypto_params_t *dcp = NULL;
6663 nvlist_t *hidden_args;
6664 boolean_t noop = nvlist_exists(innvl, "noop");
6666 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) {
6667 ret = SET_ERROR(EINVAL);
6671 hidden_args = fnvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS);
6673 ret = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, NULL,
6678 ret = spa_keystore_load_wkey(dsname, dcp, noop);
6682 dsl_crypto_params_free(dcp, noop);
6687 dsl_crypto_params_free(dcp, B_TRUE);
6692 * Unload a user's wrapping key from the kernel.
6693 * Both innvl and outnvl are unused.
6695 static const zfs_ioc_key_t zfs_keys_unload_key[] = {
6701 zfs_ioc_unload_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl)
6705 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) {
6706 ret = (SET_ERROR(EINVAL));
6710 ret = spa_keystore_unload_wkey(dsname);
6719 * Changes a user's wrapping key used to decrypt a dataset. The keyformat,
6720 * keylocation, pbkdf2salt, and pbkdf2iters properties can also be specified
6721 * here to change how the key is derived in userspace.
6724 * "hidden_args" (optional) -> { "wkeydata" -> value }
6725 * raw uint8_t array of new encryption wrapping key data (32 bytes)
6726 * "props" (optional) -> { prop -> value }
6731 static const zfs_ioc_key_t zfs_keys_change_key[] = {
6732 {"crypt_cmd", DATA_TYPE_UINT64, ZK_OPTIONAL},
6733 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
6734 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
6739 zfs_ioc_change_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl)
6742 uint64_t cmd = DCP_CMD_NONE;
6743 dsl_crypto_params_t *dcp = NULL;
6744 nvlist_t *args = NULL, *hidden_args = NULL;
6746 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) {
6747 ret = (SET_ERROR(EINVAL));
6751 (void) nvlist_lookup_uint64(innvl, "crypt_cmd", &cmd);
6752 (void) nvlist_lookup_nvlist(innvl, "props", &args);
6753 (void) nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args);
6755 ret = dsl_crypto_params_create_nvlist(cmd, args, hidden_args, &dcp);
6759 ret = spa_keystore_change_key(dsname, dcp);
6763 dsl_crypto_params_free(dcp, B_FALSE);
6768 dsl_crypto_params_free(dcp, B_TRUE);
6772 static zfs_ioc_vec_t zfs_ioc_vec[ZFS_IOC_LAST - ZFS_IOC_FIRST];
6775 zfs_ioctl_register_legacy(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
6776 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
6777 boolean_t log_history, zfs_ioc_poolcheck_t pool_check)
6779 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
6781 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
6782 ASSERT3U(ioc, <, ZFS_IOC_LAST);
6783 ASSERT3P(vec->zvec_legacy_func, ==, NULL);
6784 ASSERT3P(vec->zvec_func, ==, NULL);
6786 vec->zvec_legacy_func = func;
6787 vec->zvec_secpolicy = secpolicy;
6788 vec->zvec_namecheck = namecheck;
6789 vec->zvec_allow_log = log_history;
6790 vec->zvec_pool_check = pool_check;
6794 * See the block comment at the beginning of this file for details on
6795 * each argument to this function.
6798 zfs_ioctl_register(const char *name, zfs_ioc_t ioc, zfs_ioc_func_t *func,
6799 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
6800 zfs_ioc_poolcheck_t pool_check, boolean_t smush_outnvlist,
6801 boolean_t allow_log, const zfs_ioc_key_t *nvl_keys, size_t num_keys)
6803 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
6805 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
6806 ASSERT3U(ioc, <, ZFS_IOC_LAST);
6807 ASSERT3P(vec->zvec_legacy_func, ==, NULL);
6808 ASSERT3P(vec->zvec_func, ==, NULL);
6810 /* if we are logging, the name must be valid */
6811 ASSERT(!allow_log || namecheck != NO_NAME);
6813 vec->zvec_name = name;
6814 vec->zvec_func = func;
6815 vec->zvec_secpolicy = secpolicy;
6816 vec->zvec_namecheck = namecheck;
6817 vec->zvec_pool_check = pool_check;
6818 vec->zvec_smush_outnvlist = smush_outnvlist;
6819 vec->zvec_allow_log = allow_log;
6820 vec->zvec_nvl_keys = nvl_keys;
6821 vec->zvec_nvl_key_count = num_keys;
6825 zfs_ioctl_register_pool(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
6826 zfs_secpolicy_func_t *secpolicy, boolean_t log_history,
6827 zfs_ioc_poolcheck_t pool_check)
6829 zfs_ioctl_register_legacy(ioc, func, secpolicy,
6830 POOL_NAME, log_history, pool_check);
6834 zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
6835 zfs_secpolicy_func_t *secpolicy, zfs_ioc_poolcheck_t pool_check)
6837 zfs_ioctl_register_legacy(ioc, func, secpolicy,
6838 DATASET_NAME, B_FALSE, pool_check);
6842 zfs_ioctl_register_pool_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
6844 zfs_ioctl_register_legacy(ioc, func, zfs_secpolicy_config,
6845 POOL_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
6849 zfs_ioctl_register_pool_meta(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
6850 zfs_secpolicy_func_t *secpolicy)
6852 zfs_ioctl_register_legacy(ioc, func, secpolicy,
6853 NO_NAME, B_FALSE, POOL_CHECK_NONE);
6857 zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc,
6858 zfs_ioc_legacy_func_t *func, zfs_secpolicy_func_t *secpolicy)
6860 zfs_ioctl_register_legacy(ioc, func, secpolicy,
6861 DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED);
6865 zfs_ioctl_register_dataset_read(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
6867 zfs_ioctl_register_dataset_read_secpolicy(ioc, func,
6868 zfs_secpolicy_read);
6872 zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
6873 zfs_secpolicy_func_t *secpolicy)
6875 zfs_ioctl_register_legacy(ioc, func, secpolicy,
6876 DATASET_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
6880 zfs_ioctl_init(void)
6882 zfs_ioctl_register("snapshot", ZFS_IOC_SNAPSHOT,
6883 zfs_ioc_snapshot, zfs_secpolicy_snapshot, POOL_NAME,
6884 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
6885 zfs_keys_snapshot, ARRAY_SIZE(zfs_keys_snapshot));
6887 zfs_ioctl_register("log_history", ZFS_IOC_LOG_HISTORY,
6888 zfs_ioc_log_history, zfs_secpolicy_log_history, NO_NAME,
6889 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
6890 zfs_keys_log_history, ARRAY_SIZE(zfs_keys_log_history));
6892 zfs_ioctl_register("space_snaps", ZFS_IOC_SPACE_SNAPS,
6893 zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME,
6894 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
6895 zfs_keys_space_snaps, ARRAY_SIZE(zfs_keys_space_snaps));
6897 zfs_ioctl_register("send", ZFS_IOC_SEND_NEW,
6898 zfs_ioc_send_new, zfs_secpolicy_send_new, DATASET_NAME,
6899 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
6900 zfs_keys_send_new, ARRAY_SIZE(zfs_keys_send_new));
6902 zfs_ioctl_register("send_space", ZFS_IOC_SEND_SPACE,
6903 zfs_ioc_send_space, zfs_secpolicy_read, DATASET_NAME,
6904 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
6905 zfs_keys_send_space, ARRAY_SIZE(zfs_keys_send_space));
6907 zfs_ioctl_register("create", ZFS_IOC_CREATE,
6908 zfs_ioc_create, zfs_secpolicy_create_clone, DATASET_NAME,
6909 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
6910 zfs_keys_create, ARRAY_SIZE(zfs_keys_create));
6912 zfs_ioctl_register("clone", ZFS_IOC_CLONE,
6913 zfs_ioc_clone, zfs_secpolicy_create_clone, DATASET_NAME,
6914 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
6915 zfs_keys_clone, ARRAY_SIZE(zfs_keys_clone));
6917 zfs_ioctl_register("remap", ZFS_IOC_REMAP,
6918 zfs_ioc_remap, zfs_secpolicy_none, DATASET_NAME,
6919 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE,
6920 zfs_keys_remap, ARRAY_SIZE(zfs_keys_remap));
6922 zfs_ioctl_register("destroy_snaps", ZFS_IOC_DESTROY_SNAPS,
6923 zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, POOL_NAME,
6924 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
6925 zfs_keys_destroy_snaps, ARRAY_SIZE(zfs_keys_destroy_snaps));
6927 zfs_ioctl_register("hold", ZFS_IOC_HOLD,
6928 zfs_ioc_hold, zfs_secpolicy_hold, POOL_NAME,
6929 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
6930 zfs_keys_hold, ARRAY_SIZE(zfs_keys_hold));
6931 zfs_ioctl_register("release", ZFS_IOC_RELEASE,
6932 zfs_ioc_release, zfs_secpolicy_release, POOL_NAME,
6933 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
6934 zfs_keys_release, ARRAY_SIZE(zfs_keys_release));
6936 zfs_ioctl_register("get_holds", ZFS_IOC_GET_HOLDS,
6937 zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME,
6938 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
6939 zfs_keys_get_holds, ARRAY_SIZE(zfs_keys_get_holds));
6941 zfs_ioctl_register("rollback", ZFS_IOC_ROLLBACK,
6942 zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME,
6943 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE,
6944 zfs_keys_rollback, ARRAY_SIZE(zfs_keys_rollback));
6946 zfs_ioctl_register("bookmark", ZFS_IOC_BOOKMARK,
6947 zfs_ioc_bookmark, zfs_secpolicy_bookmark, POOL_NAME,
6948 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
6949 zfs_keys_bookmark, ARRAY_SIZE(zfs_keys_bookmark));
6951 zfs_ioctl_register("get_bookmarks", ZFS_IOC_GET_BOOKMARKS,
6952 zfs_ioc_get_bookmarks, zfs_secpolicy_read, DATASET_NAME,
6953 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
6954 zfs_keys_get_bookmarks, ARRAY_SIZE(zfs_keys_get_bookmarks));
6956 zfs_ioctl_register("get_bookmark_props", ZFS_IOC_GET_BOOKMARK_PROPS,
6957 zfs_ioc_get_bookmark_props, zfs_secpolicy_read, ENTITY_NAME,
6958 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE, zfs_keys_get_bookmark_props,
6959 ARRAY_SIZE(zfs_keys_get_bookmark_props));
6961 zfs_ioctl_register("destroy_bookmarks", ZFS_IOC_DESTROY_BOOKMARKS,
6962 zfs_ioc_destroy_bookmarks, zfs_secpolicy_destroy_bookmarks,
6964 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
6965 zfs_keys_destroy_bookmarks,
6966 ARRAY_SIZE(zfs_keys_destroy_bookmarks));
6968 zfs_ioctl_register("receive", ZFS_IOC_RECV_NEW,
6969 zfs_ioc_recv_new, zfs_secpolicy_recv_new, DATASET_NAME,
6970 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
6971 zfs_keys_recv_new, ARRAY_SIZE(zfs_keys_recv_new));
6972 zfs_ioctl_register("load-key", ZFS_IOC_LOAD_KEY,
6973 zfs_ioc_load_key, zfs_secpolicy_load_key,
6974 DATASET_NAME, POOL_CHECK_SUSPENDED, B_TRUE, B_TRUE,
6975 zfs_keys_load_key, ARRAY_SIZE(zfs_keys_load_key));
6976 zfs_ioctl_register("unload-key", ZFS_IOC_UNLOAD_KEY,
6977 zfs_ioc_unload_key, zfs_secpolicy_load_key,
6978 DATASET_NAME, POOL_CHECK_SUSPENDED, B_TRUE, B_TRUE,
6979 zfs_keys_unload_key, ARRAY_SIZE(zfs_keys_unload_key));
6980 zfs_ioctl_register("change-key", ZFS_IOC_CHANGE_KEY,
6981 zfs_ioc_change_key, zfs_secpolicy_change_key,
6982 DATASET_NAME, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY,
6983 B_TRUE, B_TRUE, zfs_keys_change_key,
6984 ARRAY_SIZE(zfs_keys_change_key));
6986 zfs_ioctl_register("sync", ZFS_IOC_POOL_SYNC,
6987 zfs_ioc_pool_sync, zfs_secpolicy_none, POOL_NAME,
6988 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
6989 zfs_keys_pool_sync, ARRAY_SIZE(zfs_keys_pool_sync));
6990 zfs_ioctl_register("reopen", ZFS_IOC_POOL_REOPEN, zfs_ioc_pool_reopen,
6991 zfs_secpolicy_config, POOL_NAME, POOL_CHECK_SUSPENDED, B_TRUE,
6992 B_TRUE, zfs_keys_pool_reopen, ARRAY_SIZE(zfs_keys_pool_reopen));
6994 zfs_ioctl_register("channel_program", ZFS_IOC_CHANNEL_PROGRAM,
6995 zfs_ioc_channel_program, zfs_secpolicy_config,
6996 POOL_NAME, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE,
6997 B_TRUE, zfs_keys_channel_program,
6998 ARRAY_SIZE(zfs_keys_channel_program));
7000 zfs_ioctl_register("redact", ZFS_IOC_REDACT,
7001 zfs_ioc_redact, zfs_secpolicy_config, DATASET_NAME,
7002 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7003 zfs_keys_redact, ARRAY_SIZE(zfs_keys_redact));
7005 zfs_ioctl_register("zpool_checkpoint", ZFS_IOC_POOL_CHECKPOINT,
7006 zfs_ioc_pool_checkpoint, zfs_secpolicy_config, POOL_NAME,
7007 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7008 zfs_keys_pool_checkpoint, ARRAY_SIZE(zfs_keys_pool_checkpoint));
7010 zfs_ioctl_register("zpool_discard_checkpoint",
7011 ZFS_IOC_POOL_DISCARD_CHECKPOINT, zfs_ioc_pool_discard_checkpoint,
7012 zfs_secpolicy_config, POOL_NAME,
7013 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7014 zfs_keys_pool_discard_checkpoint,
7015 ARRAY_SIZE(zfs_keys_pool_discard_checkpoint));
7017 zfs_ioctl_register("initialize", ZFS_IOC_POOL_INITIALIZE,
7018 zfs_ioc_pool_initialize, zfs_secpolicy_config, POOL_NAME,
7019 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7020 zfs_keys_pool_initialize, ARRAY_SIZE(zfs_keys_pool_initialize));
7022 zfs_ioctl_register("trim", ZFS_IOC_POOL_TRIM,
7023 zfs_ioc_pool_trim, zfs_secpolicy_config, POOL_NAME,
7024 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7025 zfs_keys_pool_trim, ARRAY_SIZE(zfs_keys_pool_trim));
7027 zfs_ioctl_register("wait", ZFS_IOC_WAIT,
7028 zfs_ioc_wait, zfs_secpolicy_none, POOL_NAME,
7029 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
7030 zfs_keys_pool_wait, ARRAY_SIZE(zfs_keys_pool_wait));
7032 zfs_ioctl_register("wait_fs", ZFS_IOC_WAIT_FS,
7033 zfs_ioc_wait_fs, zfs_secpolicy_none, DATASET_NAME,
7034 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
7035 zfs_keys_fs_wait, ARRAY_SIZE(zfs_keys_fs_wait));
7037 zfs_ioctl_register("set_bootenv", ZFS_IOC_SET_BOOTENV,
7038 zfs_ioc_set_bootenv, zfs_secpolicy_config, POOL_NAME,
7039 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE,
7040 zfs_keys_set_bootenv, ARRAY_SIZE(zfs_keys_set_bootenv));
7042 zfs_ioctl_register("get_bootenv", ZFS_IOC_GET_BOOTENV,
7043 zfs_ioc_get_bootenv, zfs_secpolicy_none, POOL_NAME,
7044 POOL_CHECK_SUSPENDED, B_FALSE, B_TRUE,
7045 zfs_keys_get_bootenv, ARRAY_SIZE(zfs_keys_get_bootenv));
7047 /* IOCTLS that use the legacy function signature */
7049 zfs_ioctl_register_legacy(ZFS_IOC_POOL_FREEZE, zfs_ioc_pool_freeze,
7050 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_READONLY);
7052 zfs_ioctl_register_pool(ZFS_IOC_POOL_CREATE, zfs_ioc_pool_create,
7053 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
7054 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SCAN,
7056 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_UPGRADE,
7057 zfs_ioc_pool_upgrade);
7058 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ADD,
7060 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_REMOVE,
7061 zfs_ioc_vdev_remove);
7062 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SET_STATE,
7063 zfs_ioc_vdev_set_state);
7064 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ATTACH,
7065 zfs_ioc_vdev_attach);
7066 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_DETACH,
7067 zfs_ioc_vdev_detach);
7068 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETPATH,
7069 zfs_ioc_vdev_setpath);
7070 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETFRU,
7071 zfs_ioc_vdev_setfru);
7072 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SET_PROPS,
7073 zfs_ioc_pool_set_props);
7074 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SPLIT,
7075 zfs_ioc_vdev_split);
7076 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_REGUID,
7077 zfs_ioc_pool_reguid);
7079 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_CONFIGS,
7080 zfs_ioc_pool_configs, zfs_secpolicy_none);
7081 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_TRYIMPORT,
7082 zfs_ioc_pool_tryimport, zfs_secpolicy_config);
7083 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_FAULT,
7084 zfs_ioc_inject_fault, zfs_secpolicy_inject);
7085 zfs_ioctl_register_pool_meta(ZFS_IOC_CLEAR_FAULT,
7086 zfs_ioc_clear_fault, zfs_secpolicy_inject);
7087 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_LIST_NEXT,
7088 zfs_ioc_inject_list_next, zfs_secpolicy_inject);
7091 * pool destroy, and export don't log the history as part of
7092 * zfsdev_ioctl, but rather zfs_ioc_pool_export
7093 * does the logging of those commands.
7095 zfs_ioctl_register_pool(ZFS_IOC_POOL_DESTROY, zfs_ioc_pool_destroy,
7096 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
7097 zfs_ioctl_register_pool(ZFS_IOC_POOL_EXPORT, zfs_ioc_pool_export,
7098 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
7100 zfs_ioctl_register_pool(ZFS_IOC_POOL_STATS, zfs_ioc_pool_stats,
7101 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
7102 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_PROPS, zfs_ioc_pool_get_props,
7103 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
7105 zfs_ioctl_register_pool(ZFS_IOC_ERROR_LOG, zfs_ioc_error_log,
7106 zfs_secpolicy_inject, B_FALSE, POOL_CHECK_SUSPENDED);
7107 zfs_ioctl_register_pool(ZFS_IOC_DSOBJ_TO_DSNAME,
7108 zfs_ioc_dsobj_to_dsname,
7109 zfs_secpolicy_diff, B_FALSE, POOL_CHECK_SUSPENDED);
7110 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_HISTORY,
7111 zfs_ioc_pool_get_history,
7112 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
7114 zfs_ioctl_register_pool(ZFS_IOC_POOL_IMPORT, zfs_ioc_pool_import,
7115 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
7117 zfs_ioctl_register_pool(ZFS_IOC_CLEAR, zfs_ioc_clear,
7118 zfs_secpolicy_config, B_TRUE, POOL_CHECK_READONLY);
7120 zfs_ioctl_register_dataset_read(ZFS_IOC_SPACE_WRITTEN,
7121 zfs_ioc_space_written);
7122 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_RECVD_PROPS,
7123 zfs_ioc_objset_recvd_props);
7124 zfs_ioctl_register_dataset_read(ZFS_IOC_NEXT_OBJ,
7126 zfs_ioctl_register_dataset_read(ZFS_IOC_GET_FSACL,
7128 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_STATS,
7129 zfs_ioc_objset_stats);
7130 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_ZPLPROPS,
7131 zfs_ioc_objset_zplprops);
7132 zfs_ioctl_register_dataset_read(ZFS_IOC_DATASET_LIST_NEXT,
7133 zfs_ioc_dataset_list_next);
7134 zfs_ioctl_register_dataset_read(ZFS_IOC_SNAPSHOT_LIST_NEXT,
7135 zfs_ioc_snapshot_list_next);
7136 zfs_ioctl_register_dataset_read(ZFS_IOC_SEND_PROGRESS,
7137 zfs_ioc_send_progress);
7139 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_DIFF,
7140 zfs_ioc_diff, zfs_secpolicy_diff);
7141 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_STATS,
7142 zfs_ioc_obj_to_stats, zfs_secpolicy_diff);
7143 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_PATH,
7144 zfs_ioc_obj_to_path, zfs_secpolicy_diff);
7145 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_ONE,
7146 zfs_ioc_userspace_one, zfs_secpolicy_userspace_one);
7147 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_MANY,
7148 zfs_ioc_userspace_many, zfs_secpolicy_userspace_many);
7149 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_SEND,
7150 zfs_ioc_send, zfs_secpolicy_send);
7152 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_PROP, zfs_ioc_set_prop,
7153 zfs_secpolicy_none);
7154 zfs_ioctl_register_dataset_modify(ZFS_IOC_DESTROY, zfs_ioc_destroy,
7155 zfs_secpolicy_destroy);
7156 zfs_ioctl_register_dataset_modify(ZFS_IOC_RENAME, zfs_ioc_rename,
7157 zfs_secpolicy_rename);
7158 zfs_ioctl_register_dataset_modify(ZFS_IOC_RECV, zfs_ioc_recv,
7159 zfs_secpolicy_recv);
7160 zfs_ioctl_register_dataset_modify(ZFS_IOC_PROMOTE, zfs_ioc_promote,
7161 zfs_secpolicy_promote);
7162 zfs_ioctl_register_dataset_modify(ZFS_IOC_INHERIT_PROP,
7163 zfs_ioc_inherit_prop, zfs_secpolicy_inherit_prop);
7164 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_FSACL, zfs_ioc_set_fsacl,
7165 zfs_secpolicy_set_fsacl);
7167 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SHARE, zfs_ioc_share,
7168 zfs_secpolicy_share, POOL_CHECK_NONE);
7169 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SMB_ACL, zfs_ioc_smb_acl,
7170 zfs_secpolicy_smb_acl, POOL_CHECK_NONE);
7171 zfs_ioctl_register_dataset_nolog(ZFS_IOC_USERSPACE_UPGRADE,
7172 zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade,
7173 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
7174 zfs_ioctl_register_dataset_nolog(ZFS_IOC_TMP_SNAPSHOT,
7175 zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot,
7176 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
7178 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_NEXT, zfs_ioc_events_next,
7179 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
7180 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_CLEAR, zfs_ioc_events_clear,
7181 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
7182 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_SEEK, zfs_ioc_events_seek,
7183 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
7185 zfs_ioctl_init_os();
7189 * Verify that for non-legacy ioctls the input nvlist
7190 * pairs match against the expected input.
7192 * Possible errors are:
7193 * ZFS_ERR_IOC_ARG_UNAVAIL An unrecognized nvpair was encountered
7194 * ZFS_ERR_IOC_ARG_REQUIRED A required nvpair is missing
7195 * ZFS_ERR_IOC_ARG_BADTYPE Invalid type for nvpair
7198 zfs_check_input_nvpairs(nvlist_t *innvl, const zfs_ioc_vec_t *vec)
7200 const zfs_ioc_key_t *nvl_keys = vec->zvec_nvl_keys;
7201 boolean_t required_keys_found = B_FALSE;
7204 * examine each input pair
7206 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL);
7207 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
7208 char *name = nvpair_name(pair);
7209 data_type_t type = nvpair_type(pair);
7210 boolean_t identified = B_FALSE;
7213 * check pair against the documented names and type
7215 for (int k = 0; k < vec->zvec_nvl_key_count; k++) {
7216 /* if not a wild card name, check for an exact match */
7217 if ((nvl_keys[k].zkey_flags & ZK_WILDCARDLIST) == 0 &&
7218 strcmp(nvl_keys[k].zkey_name, name) != 0)
7221 identified = B_TRUE;
7223 if (nvl_keys[k].zkey_type != DATA_TYPE_ANY &&
7224 nvl_keys[k].zkey_type != type) {
7225 return (SET_ERROR(ZFS_ERR_IOC_ARG_BADTYPE));
7228 if (nvl_keys[k].zkey_flags & ZK_OPTIONAL)
7231 required_keys_found = B_TRUE;
7235 /* allow an 'optional' key, everything else is invalid */
7237 (strcmp(name, "optional") != 0 ||
7238 type != DATA_TYPE_NVLIST)) {
7239 return (SET_ERROR(ZFS_ERR_IOC_ARG_UNAVAIL));
7243 /* verify that all required keys were found */
7244 for (int k = 0; k < vec->zvec_nvl_key_count; k++) {
7245 if (nvl_keys[k].zkey_flags & ZK_OPTIONAL)
7248 if (nvl_keys[k].zkey_flags & ZK_WILDCARDLIST) {
7249 /* at least one non-optional key is expected here */
7250 if (!required_keys_found)
7251 return (SET_ERROR(ZFS_ERR_IOC_ARG_REQUIRED));
7255 if (!nvlist_exists(innvl, nvl_keys[k].zkey_name))
7256 return (SET_ERROR(ZFS_ERR_IOC_ARG_REQUIRED));
7263 pool_status_check(const char *name, zfs_ioc_namecheck_t type,
7264 zfs_ioc_poolcheck_t check)
7269 ASSERT(type == POOL_NAME || type == DATASET_NAME ||
7270 type == ENTITY_NAME);
7272 if (check & POOL_CHECK_NONE)
7275 error = spa_open(name, &spa, FTAG);
7277 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa))
7278 error = SET_ERROR(EAGAIN);
7279 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa))
7280 error = SET_ERROR(EROFS);
7281 spa_close(spa, FTAG);
7287 zfsdev_getminor(int fd, minor_t *minorp)
7289 zfsdev_state_t *zs, *fpd;
7293 ASSERT(!MUTEX_HELD(&zfsdev_state_lock));
7295 if ((rc = zfs_file_get(fd, &fp)))
7298 fpd = zfs_file_private(fp);
7300 return (SET_ERROR(EBADF));
7302 mutex_enter(&zfsdev_state_lock);
7304 for (zs = zfsdev_state_list; zs != NULL; zs = zs->zs_next) {
7306 if (zs->zs_minor == -1)
7310 *minorp = fpd->zs_minor;
7311 mutex_exit(&zfsdev_state_lock);
7316 mutex_exit(&zfsdev_state_lock);
7318 return (SET_ERROR(EBADF));
7322 zfsdev_get_state_impl(minor_t minor, enum zfsdev_state_type which)
7326 for (zs = zfsdev_state_list; zs != NULL; zs = zs->zs_next) {
7327 if (zs->zs_minor == minor) {
7331 return (zs->zs_onexit);
7333 return (zs->zs_zevent);
7344 zfsdev_get_state(minor_t minor, enum zfsdev_state_type which)
7348 ptr = zfsdev_get_state_impl(minor, which);
7354 * Find a free minor number. The zfsdev_state_list is expected to
7355 * be short since it is only a list of currently open file handles.
7358 zfsdev_minor_alloc(void)
7360 static minor_t last_minor = 0;
7363 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
7365 for (m = last_minor + 1; m != last_minor; m++) {
7366 if (m > ZFSDEV_MAX_MINOR)
7368 if (zfsdev_get_state_impl(m, ZST_ALL) == NULL) {
7378 zfsdev_ioctl_common(uint_t vecnum, zfs_cmd_t *zc, int flag)
7381 const zfs_ioc_vec_t *vec;
7382 char *saved_poolname = NULL;
7383 size_t saved_poolname_len = 0;
7384 nvlist_t *innvl = NULL;
7385 fstrans_cookie_t cookie;
7389 if (vecnum >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0]))
7390 return (SET_ERROR(ZFS_ERR_IOC_CMD_UNAVAIL));
7392 vec = &zfs_ioc_vec[vecnum];
7395 * The registered ioctl list may be sparse, verify that either
7396 * a normal or legacy handler are registered.
7398 if (vec->zvec_func == NULL && vec->zvec_legacy_func == NULL)
7399 return (SET_ERROR(ZFS_ERR_IOC_CMD_UNAVAIL));
7401 zc->zc_iflags = flag & FKIOCTL;
7402 if (zc->zc_nvlist_src_size > MAX_NVLIST_SRC_SIZE) {
7404 * Make sure the user doesn't pass in an insane value for
7405 * zc_nvlist_src_size. We have to check, since we will end
7406 * up allocating that much memory inside of get_nvlist(). This
7407 * prevents a nefarious user from allocating tons of kernel
7410 * Also, we return EINVAL instead of ENOMEM here. The reason
7411 * being that returning ENOMEM from an ioctl() has a special
7412 * connotation; that the user's size value is too small and
7413 * needs to be expanded to hold the nvlist. See
7414 * zcmd_expand_dst_nvlist() for details.
7416 error = SET_ERROR(EINVAL); /* User's size too big */
7418 } else if (zc->zc_nvlist_src_size != 0) {
7419 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
7420 zc->zc_iflags, &innvl);
7426 * Ensure that all pool/dataset names are valid before we pass down to
7429 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
7430 switch (vec->zvec_namecheck) {
7432 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0)
7433 error = SET_ERROR(EINVAL);
7435 error = pool_status_check(zc->zc_name,
7436 vec->zvec_namecheck, vec->zvec_pool_check);
7440 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0)
7441 error = SET_ERROR(EINVAL);
7443 error = pool_status_check(zc->zc_name,
7444 vec->zvec_namecheck, vec->zvec_pool_check);
7448 if (entity_namecheck(zc->zc_name, NULL, NULL) != 0) {
7449 error = SET_ERROR(EINVAL);
7451 error = pool_status_check(zc->zc_name,
7452 vec->zvec_namecheck, vec->zvec_pool_check);
7460 * Ensure that all input pairs are valid before we pass them down
7461 * to the lower layers.
7463 * The vectored functions can use fnvlist_lookup_{type} for any
7464 * required pairs since zfs_check_input_nvpairs() confirmed that
7465 * they exist and are of the correct type.
7467 if (error == 0 && vec->zvec_func != NULL) {
7468 error = zfs_check_input_nvpairs(innvl, vec);
7474 cookie = spl_fstrans_mark();
7475 error = vec->zvec_secpolicy(zc, innvl, CRED());
7476 spl_fstrans_unmark(cookie);
7482 /* legacy ioctls can modify zc_name */
7484 * Can't use kmem_strdup() as we might truncate the string and
7485 * kmem_strfree() would then free with incorrect size.
7487 saved_poolname_len = strlen(zc->zc_name) + 1;
7488 saved_poolname = kmem_alloc(saved_poolname_len, KM_SLEEP);
7490 strlcpy(saved_poolname, zc->zc_name, saved_poolname_len);
7491 saved_poolname[strcspn(saved_poolname, "/@#")] = '\0';
7493 if (vec->zvec_func != NULL) {
7497 nvlist_t *lognv = NULL;
7499 ASSERT(vec->zvec_legacy_func == NULL);
7502 * Add the innvl to the lognv before calling the func,
7503 * in case the func changes the innvl.
7505 if (vec->zvec_allow_log) {
7506 lognv = fnvlist_alloc();
7507 fnvlist_add_string(lognv, ZPOOL_HIST_IOCTL,
7509 if (!nvlist_empty(innvl)) {
7510 fnvlist_add_nvlist(lognv, ZPOOL_HIST_INPUT_NVL,
7515 outnvl = fnvlist_alloc();
7516 cookie = spl_fstrans_mark();
7517 error = vec->zvec_func(zc->zc_name, innvl, outnvl);
7518 spl_fstrans_unmark(cookie);
7521 * Some commands can partially execute, modify state, and still
7522 * return an error. In these cases, attempt to record what
7526 (cmd == ZFS_IOC_CHANNEL_PROGRAM && error != EINVAL)) &&
7527 vec->zvec_allow_log &&
7528 spa_open(zc->zc_name, &spa, FTAG) == 0) {
7529 if (!nvlist_empty(outnvl)) {
7530 fnvlist_add_nvlist(lognv, ZPOOL_HIST_OUTPUT_NVL,
7534 fnvlist_add_int64(lognv, ZPOOL_HIST_ERRNO,
7537 (void) spa_history_log_nvl(spa, lognv);
7538 spa_close(spa, FTAG);
7540 fnvlist_free(lognv);
7542 if (!nvlist_empty(outnvl) || zc->zc_nvlist_dst_size != 0) {
7544 if (vec->zvec_smush_outnvlist) {
7545 smusherror = nvlist_smush(outnvl,
7546 zc->zc_nvlist_dst_size);
7548 if (smusherror == 0)
7549 puterror = put_nvlist(zc, outnvl);
7555 nvlist_free(outnvl);
7557 cookie = spl_fstrans_mark();
7558 error = vec->zvec_legacy_func(zc);
7559 spl_fstrans_unmark(cookie);
7564 if (error == 0 && vec->zvec_allow_log) {
7565 char *s = tsd_get(zfs_allow_log_key);
7568 (void) tsd_set(zfs_allow_log_key, kmem_strdup(saved_poolname));
7570 if (saved_poolname != NULL)
7571 kmem_free(saved_poolname, saved_poolname_len);
7581 if ((error = zvol_init()) != 0)
7584 spa_init(SPA_MODE_READ | SPA_MODE_WRITE);
7589 mutex_init(&zfsdev_state_lock, NULL, MUTEX_DEFAULT, NULL);
7590 zfsdev_state_list = kmem_zalloc(sizeof (zfsdev_state_t), KM_SLEEP);
7591 zfsdev_state_list->zs_minor = -1;
7593 if ((error = zfsdev_attach()) != 0)
7596 tsd_create(&zfs_fsyncer_key, NULL);
7597 tsd_create(&rrw_tsd_key, rrw_tsd_destroy);
7598 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy);
7612 zfsdev_state_t *zs, *zsprev = NULL;
7616 mutex_destroy(&zfsdev_state_lock);
7618 for (zs = zfsdev_state_list; zs != NULL; zs = zs->zs_next) {
7620 kmem_free(zsprev, sizeof (zfsdev_state_t));
7624 kmem_free(zsprev, sizeof (zfsdev_state_t));
7630 tsd_destroy(&zfs_fsyncer_key);
7631 tsd_destroy(&rrw_tsd_key);
7632 tsd_destroy(&zfs_allow_log_key);
projects / FreeBSD / FreeBSD.git / blob