4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
23 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Copyright (c) 2011-2012 Pawel Jakub Dawidek <pawel@dawidek.net>.
25 * All rights reserved.
26 * Portions Copyright 2011 Martin Matuska <mm@FreeBSD.org>
27 * Copyright 2011 Nexenta Systems, Inc. All rights reserved.
28 * Copyright (c) 2012 by Delphix. All rights reserved.
29 * Copyright (c) 2012, Joyent, Inc. All rights reserved.
32 #include <sys/types.h>
33 #include <sys/param.h>
34 #include <sys/systm.h>
36 #include <sys/kernel.h>
38 #include <sys/malloc.h>
39 #include <sys/mutex.h>
41 #include <sys/errno.h>
47 #include <sys/cmn_err.h>
49 #include <sys/zfs_ioctl.h>
50 #include <sys/zfs_vfsops.h>
51 #include <sys/zfs_znode.h>
54 #include <sys/spa_impl.h>
57 #include <sys/dsl_dir.h>
58 #include <sys/dsl_dataset.h>
59 #include <sys/dsl_prop.h>
60 #include <sys/dsl_deleg.h>
61 #include <sys/dmu_objset.h>
62 #include <sys/dmu_impl.h>
63 #include <sys/sunddi.h>
64 #include <sys/policy.h>
66 #include <sys/nvpair.h>
67 #include <sys/mount.h>
68 #include <sys/taskqueue.h>
70 #include <sys/varargs.h>
71 #include <sys/fs/zfs.h>
72 #include <sys/zfs_ctldir.h>
73 #include <sys/zfs_dir.h>
74 #include <sys/zfs_onexit.h>
76 #include <sys/dsl_scan.h>
77 #include <sys/dmu_objset.h>
79 #include "zfs_namecheck.h"
81 #include "zfs_deleg.h"
82 #include "zfs_comutil.h"
83 #include "zfs_ioctl_compat.h"
85 CTASSERT(sizeof(zfs_cmd_t) < IOCPARM_MAX);
87 static int snapshot_list_prefetch;
88 SYSCTL_DECL(_vfs_zfs);
89 TUNABLE_INT("vfs.zfs.snapshot_list_prefetch", &snapshot_list_prefetch);
90 SYSCTL_INT(_vfs_zfs, OID_AUTO, snapshot_list_prefetch, CTLFLAG_RW,
91 &snapshot_list_prefetch, 0, "Prefetch data when listing snapshots");
93 static struct cdev *zfsdev;
95 extern void zfs_init(void);
96 extern void zfs_fini(void);
98 typedef int zfs_ioc_func_t(zfs_cmd_t *);
99 typedef int zfs_secpolicy_func_t(zfs_cmd_t *, cred_t *);
105 } zfs_ioc_namecheck_t;
107 typedef struct zfs_ioc_vec {
108 zfs_ioc_func_t *zvec_func;
109 zfs_secpolicy_func_t *zvec_secpolicy;
110 zfs_ioc_namecheck_t zvec_namecheck;
111 boolean_t zvec_his_log;
112 boolean_t zvec_pool_check;
115 /* This array is indexed by zfs_userquota_prop_t */
116 static const char *userquota_perms[] = {
117 ZFS_DELEG_PERM_USERUSED,
118 ZFS_DELEG_PERM_USERQUOTA,
119 ZFS_DELEG_PERM_GROUPUSED,
120 ZFS_DELEG_PERM_GROUPQUOTA,
123 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc);
124 static int zfs_check_settable(const char *name, nvpair_t *property,
126 static int zfs_check_clearable(char *dataset, nvlist_t *props,
128 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *,
130 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t **);
132 static void zfsdev_close(void *data);
134 /* _NOTE(PRINTFLIKE(4)) - this is printf-like, but lint is too whiney */
136 __dprintf(const char *file, const char *func, int line, const char *fmt, ...)
143 * Get rid of annoying "../common/" prefix to filename.
145 newfile = strrchr(file, '/');
146 if (newfile != NULL) {
147 newfile = newfile + 1; /* Get rid of leading / */
153 (void) vsnprintf(buf, sizeof (buf), fmt, adx);
157 * To get this data, use the zfs-dprintf probe as so:
158 * dtrace -q -n 'zfs-dprintf \
159 * /stringof(arg0) == "dbuf.c"/ \
160 * {printf("%s: %s", stringof(arg1), stringof(arg3))}'
162 * arg1 = function name
166 DTRACE_PROBE4(zfs__dprintf,
167 char *, newfile, char *, func, int, line, char *, buf);
171 history_str_free(char *buf)
173 kmem_free(buf, HIS_MAX_RECORD_LEN);
177 history_str_get(zfs_cmd_t *zc)
181 if (zc->zc_history == 0)
184 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP);
185 if (copyinstr((void *)(uintptr_t)zc->zc_history,
186 buf, HIS_MAX_RECORD_LEN, NULL) != 0) {
187 history_str_free(buf);
191 buf[HIS_MAX_RECORD_LEN -1] = '\0';
197 * Check to see if the named dataset is currently defined as bootable
200 zfs_is_bootfs(const char *name)
204 if (dmu_objset_hold(name, FTAG, &os) == 0) {
206 ret = (dmu_objset_id(os) == spa_bootfs(dmu_objset_spa(os)));
207 dmu_objset_rele(os, FTAG);
214 * zfs_earlier_version
216 * Return non-zero if the spa version is less than requested version.
219 zfs_earlier_version(const char *name, int version)
223 if (spa_open(name, &spa, FTAG) == 0) {
224 if (spa_version(spa) < version) {
225 spa_close(spa, FTAG);
228 spa_close(spa, FTAG);
234 * zpl_earlier_version
236 * Return TRUE if the ZPL version is less than requested version.
239 zpl_earlier_version(const char *name, int version)
242 boolean_t rc = B_TRUE;
244 if (dmu_objset_hold(name, FTAG, &os) == 0) {
247 if (dmu_objset_type(os) != DMU_OST_ZFS) {
248 dmu_objset_rele(os, FTAG);
251 /* XXX reading from non-owned objset */
252 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0)
253 rc = zplversion < version;
254 dmu_objset_rele(os, FTAG);
260 zfs_log_history(zfs_cmd_t *zc)
265 if ((buf = history_str_get(zc)) == NULL)
268 if (spa_open(zc->zc_name, &spa, FTAG) == 0) {
269 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY)
270 (void) spa_history_log(spa, buf, LOG_CMD_NORMAL);
271 spa_close(spa, FTAG);
273 history_str_free(buf);
277 * Policy for top-level read operations (list pools). Requires no privileges,
278 * and can be used in the local zone, as there is no associated dataset.
282 zfs_secpolicy_none(zfs_cmd_t *zc, cred_t *cr)
288 * Policy for dataset read operations (list children, get statistics). Requires
289 * no privileges, but must be visible in the local zone.
293 zfs_secpolicy_read(zfs_cmd_t *zc, cred_t *cr)
295 if (INGLOBALZONE(curthread) ||
296 zone_dataset_visible(zc->zc_name, NULL))
303 zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr)
308 * The dataset must be visible by this zone -- check this first
309 * so they don't see EPERM on something they shouldn't know about.
311 if (!INGLOBALZONE(curthread) &&
312 !zone_dataset_visible(dataset, &writable))
315 if (INGLOBALZONE(curthread)) {
317 * If the fs is zoned, only root can access it from the
320 if (secpolicy_zfs(cr) && zoned)
324 * If we are in a local zone, the 'zoned' property must be set.
329 /* must be writable by this zone */
337 zfs_dozonecheck(const char *dataset, cred_t *cr)
341 if (dsl_prop_get_integer(dataset, "jailed", &zoned, NULL))
344 return (zfs_dozonecheck_impl(dataset, zoned, cr));
348 zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr)
352 rw_enter(&ds->ds_dir->dd_pool->dp_config_rwlock, RW_READER);
353 if (dsl_prop_get_ds(ds, "jailed", 8, 1, &zoned, NULL)) {
354 rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock);
357 rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock);
359 return (zfs_dozonecheck_impl(dataset, zoned, cr));
363 * If name ends in a '@', then require recursive permissions.
366 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
369 boolean_t descendent = B_FALSE;
373 at = strchr(name, '@');
374 if (at != NULL && at[1] == '\0') {
379 error = dsl_dataset_hold(name, FTAG, &ds);
385 error = zfs_dozonecheck_ds(name, ds, cr);
387 error = secpolicy_zfs(cr);
389 error = dsl_deleg_access_impl(ds, descendent, perm, cr);
392 dsl_dataset_rele(ds, FTAG);
397 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds,
398 const char *perm, cred_t *cr)
402 error = zfs_dozonecheck_ds(name, ds, cr);
404 error = secpolicy_zfs(cr);
406 error = dsl_deleg_access_impl(ds, B_FALSE, perm, cr);
413 * Policy for setting the security label property.
415 * Returns 0 for success, non-zero for access and other errors.
418 zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr)
420 char ds_hexsl[MAXNAMELEN];
421 bslabel_t ds_sl, new_sl;
422 boolean_t new_default = FALSE;
424 int needed_priv = -1;
427 /* First get the existing dataset label. */
428 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL),
429 1, sizeof (ds_hexsl), &ds_hexsl, NULL);
433 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0)
436 /* The label must be translatable */
437 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0))
441 * In a non-global zone, disallow attempts to set a label that
442 * doesn't match that of the zone; otherwise no other checks
445 if (!INGLOBALZONE(curproc)) {
446 if (new_default || !blequal(&new_sl, CR_SL(CRED())))
452 * For global-zone datasets (i.e., those whose zoned property is
453 * "off", verify that the specified new label is valid for the
456 if (dsl_prop_get_integer(name,
457 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL))
460 if (zfs_check_global_label(name, strval) != 0)
465 * If the existing dataset label is nondefault, check if the
466 * dataset is mounted (label cannot be changed while mounted).
467 * Get the zfsvfs; if there isn't one, then the dataset isn't
468 * mounted (or isn't a dataset, doesn't exist, ...).
470 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) {
472 static char *setsl_tag = "setsl_tag";
475 * Try to own the dataset; abort if there is any error,
476 * (e.g., already mounted, in use, or other error).
478 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE,
483 dmu_objset_disown(os, setsl_tag);
486 needed_priv = PRIV_FILE_DOWNGRADE_SL;
490 if (hexstr_to_label(strval, &new_sl) != 0)
493 if (blstrictdom(&ds_sl, &new_sl))
494 needed_priv = PRIV_FILE_DOWNGRADE_SL;
495 else if (blstrictdom(&new_sl, &ds_sl))
496 needed_priv = PRIV_FILE_UPGRADE_SL;
498 /* dataset currently has a default label */
500 needed_priv = PRIV_FILE_UPGRADE_SL;
504 if (needed_priv != -1)
505 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL));
508 #endif /* SECLABEL */
511 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval,
517 * Check permissions for special properties.
522 * Disallow setting of 'zoned' from within a local zone.
524 if (!INGLOBALZONE(curthread))
529 if (!INGLOBALZONE(curthread)) {
531 char setpoint[MAXNAMELEN];
533 * Unprivileged users are allowed to modify the
534 * quota on things *under* (ie. contained by)
535 * the thing they own.
537 if (dsl_prop_get_integer(dsname, "jailed", &zoned,
540 if (!zoned || strlen(dsname) <= strlen(setpoint))
545 case ZFS_PROP_MLSLABEL:
547 if (!is_system_labeled())
550 if (nvpair_value_string(propval, &strval) == 0) {
553 err = zfs_set_slabel_policy(dsname, strval, CRED());
563 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr));
567 zfs_secpolicy_fsacl(zfs_cmd_t *zc, cred_t *cr)
571 error = zfs_dozonecheck(zc->zc_name, cr);
576 * permission to set permissions will be evaluated later in
577 * dsl_deleg_can_allow()
583 zfs_secpolicy_rollback(zfs_cmd_t *zc, cred_t *cr)
585 return (zfs_secpolicy_write_perms(zc->zc_name,
586 ZFS_DELEG_PERM_ROLLBACK, cr));
590 zfs_secpolicy_send(zfs_cmd_t *zc, cred_t *cr)
599 * Generate the current snapshot name from the given objsetid, then
600 * use that name for the secpolicy/zone checks.
602 cp = strchr(zc->zc_name, '@');
605 error = spa_open(zc->zc_name, &spa, FTAG);
609 dp = spa_get_dsl(spa);
610 rw_enter(&dp->dp_config_rwlock, RW_READER);
611 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
612 rw_exit(&dp->dp_config_rwlock);
613 spa_close(spa, FTAG);
617 dsl_dataset_name(ds, zc->zc_name);
619 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds,
620 ZFS_DELEG_PERM_SEND, cr);
621 dsl_dataset_rele(ds, FTAG);
627 zfs_secpolicy_deleg_share(zfs_cmd_t *zc, cred_t *cr)
632 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
633 NO_FOLLOW, NULL, &vp)) != 0)
636 /* Now make sure mntpnt and dataset are ZFS */
638 if (strcmp(vp->v_vfsp->mnt_stat.f_fstypename, "zfs") != 0 ||
639 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
640 zc->zc_name) != 0)) {
646 return (dsl_deleg_access(zc->zc_name,
647 ZFS_DELEG_PERM_SHARE, cr));
651 zfs_secpolicy_share(zfs_cmd_t *zc, cred_t *cr)
653 if (!INGLOBALZONE(curthread))
656 if (secpolicy_nfs(cr) == 0) {
659 return (zfs_secpolicy_deleg_share(zc, cr));
664 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, cred_t *cr)
666 if (!INGLOBALZONE(curthread))
669 if (secpolicy_smb(cr) == 0) {
672 return (zfs_secpolicy_deleg_share(zc, cr));
677 zfs_get_parent(const char *datasetname, char *parent, int parentsize)
682 * Remove the @bla or /bla from the end of the name to get the parent.
684 (void) strncpy(parent, datasetname, parentsize);
685 cp = strrchr(parent, '@');
689 cp = strrchr(parent, '/');
699 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr)
703 if ((error = zfs_secpolicy_write_perms(name,
704 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
707 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr));
711 zfs_secpolicy_destroy(zfs_cmd_t *zc, cred_t *cr)
713 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr));
717 * Destroying snapshots with delegated permissions requires
718 * descendent mount and destroy permissions.
721 zfs_secpolicy_destroy_recursive(zfs_cmd_t *zc, cred_t *cr)
726 dsname = kmem_asprintf("%s@", zc->zc_name);
728 error = zfs_secpolicy_destroy_perms(dsname, cr);
731 error = zfs_secpolicy_destroy_perms(zc->zc_name, cr);
738 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr)
740 char parentname[MAXNAMELEN];
743 if ((error = zfs_secpolicy_write_perms(from,
744 ZFS_DELEG_PERM_RENAME, cr)) != 0)
747 if ((error = zfs_secpolicy_write_perms(from,
748 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
751 if ((error = zfs_get_parent(to, parentname,
752 sizeof (parentname))) != 0)
755 if ((error = zfs_secpolicy_write_perms(parentname,
756 ZFS_DELEG_PERM_CREATE, cr)) != 0)
759 if ((error = zfs_secpolicy_write_perms(parentname,
760 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
767 zfs_secpolicy_rename(zfs_cmd_t *zc, cred_t *cr)
772 if ((zc->zc_cookie & 1) != 0) {
774 * This is recursive rename, so the starting snapshot might
775 * not exist. Check file system or volume permission instead.
777 at = strchr(zc->zc_name, '@');
783 error = zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr);
792 zfs_secpolicy_promote(zfs_cmd_t *zc, cred_t *cr)
794 char parentname[MAXNAMELEN];
798 error = zfs_secpolicy_write_perms(zc->zc_name,
799 ZFS_DELEG_PERM_PROMOTE, cr);
803 error = dmu_objset_hold(zc->zc_name, FTAG, &clone);
806 dsl_dataset_t *pclone = NULL;
808 dd = clone->os_dsl_dataset->ds_dir;
810 rw_enter(&dd->dd_pool->dp_config_rwlock, RW_READER);
811 error = dsl_dataset_hold_obj(dd->dd_pool,
812 dd->dd_phys->dd_origin_obj, FTAG, &pclone);
813 rw_exit(&dd->dd_pool->dp_config_rwlock);
815 dmu_objset_rele(clone, FTAG);
819 error = zfs_secpolicy_write_perms(zc->zc_name,
820 ZFS_DELEG_PERM_MOUNT, cr);
822 dsl_dataset_name(pclone, parentname);
823 dmu_objset_rele(clone, FTAG);
824 dsl_dataset_rele(pclone, FTAG);
826 error = zfs_secpolicy_write_perms(parentname,
827 ZFS_DELEG_PERM_PROMOTE, cr);
833 zfs_secpolicy_receive(zfs_cmd_t *zc, cred_t *cr)
837 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
838 ZFS_DELEG_PERM_RECEIVE, cr)) != 0)
841 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
842 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
845 return (zfs_secpolicy_write_perms(zc->zc_name,
846 ZFS_DELEG_PERM_CREATE, cr));
850 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr)
852 return (zfs_secpolicy_write_perms(name,
853 ZFS_DELEG_PERM_SNAPSHOT, cr));
857 zfs_secpolicy_snapshot(zfs_cmd_t *zc, cred_t *cr)
860 return (zfs_secpolicy_snapshot_perms(zc->zc_name, cr));
864 zfs_secpolicy_create(zfs_cmd_t *zc, cred_t *cr)
866 char parentname[MAXNAMELEN];
869 if ((error = zfs_get_parent(zc->zc_name, parentname,
870 sizeof (parentname))) != 0)
873 if (zc->zc_value[0] != '\0') {
874 if ((error = zfs_secpolicy_write_perms(zc->zc_value,
875 ZFS_DELEG_PERM_CLONE, cr)) != 0)
879 if ((error = zfs_secpolicy_write_perms(parentname,
880 ZFS_DELEG_PERM_CREATE, cr)) != 0)
883 error = zfs_secpolicy_write_perms(parentname,
884 ZFS_DELEG_PERM_MOUNT, cr);
890 zfs_secpolicy_umount(zfs_cmd_t *zc, cred_t *cr)
894 error = secpolicy_fs_unmount(cr, NULL);
896 error = dsl_deleg_access(zc->zc_name, ZFS_DELEG_PERM_MOUNT, cr);
902 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires
903 * SYS_CONFIG privilege, which is not available in a local zone.
907 zfs_secpolicy_config(zfs_cmd_t *zc, cred_t *cr)
909 if (secpolicy_sys_config(cr, B_FALSE) != 0)
916 * Policy for object to name lookups.
920 zfs_secpolicy_diff(zfs_cmd_t *zc, cred_t *cr)
924 if ((error = secpolicy_sys_config(cr, B_FALSE)) == 0)
927 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr);
932 * Policy for fault injection. Requires all privileges.
936 zfs_secpolicy_inject(zfs_cmd_t *zc, cred_t *cr)
938 return (secpolicy_zinject(cr));
942 zfs_secpolicy_inherit(zfs_cmd_t *zc, cred_t *cr)
944 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value);
946 if (prop == ZPROP_INVAL) {
947 if (!zfs_prop_user(zc->zc_value))
949 return (zfs_secpolicy_write_perms(zc->zc_name,
950 ZFS_DELEG_PERM_USERPROP, cr));
952 return (zfs_secpolicy_setprop(zc->zc_name, prop,
958 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, cred_t *cr)
960 int err = zfs_secpolicy_read(zc, cr);
964 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
967 if (zc->zc_value[0] == 0) {
969 * They are asking about a posix uid/gid. If it's
970 * themself, allow it.
972 if (zc->zc_objset_type == ZFS_PROP_USERUSED ||
973 zc->zc_objset_type == ZFS_PROP_USERQUOTA) {
974 if (zc->zc_guid == crgetuid(cr))
977 if (groupmember(zc->zc_guid, cr))
982 return (zfs_secpolicy_write_perms(zc->zc_name,
983 userquota_perms[zc->zc_objset_type], cr));
987 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, cred_t *cr)
989 int err = zfs_secpolicy_read(zc, cr);
993 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
996 return (zfs_secpolicy_write_perms(zc->zc_name,
997 userquota_perms[zc->zc_objset_type], cr));
1001 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, cred_t *cr)
1003 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION,
1008 zfs_secpolicy_hold(zfs_cmd_t *zc, cred_t *cr)
1010 return (zfs_secpolicy_write_perms(zc->zc_name,
1011 ZFS_DELEG_PERM_HOLD, cr));
1015 zfs_secpolicy_release(zfs_cmd_t *zc, cred_t *cr)
1017 return (zfs_secpolicy_write_perms(zc->zc_name,
1018 ZFS_DELEG_PERM_RELEASE, cr));
1022 * Policy for allowing temporary snapshots to be taken or released
1025 zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, cred_t *cr)
1028 * A temporary snapshot is the same as a snapshot,
1029 * hold, destroy and release all rolled into one.
1030 * Delegated diff alone is sufficient that we allow this.
1034 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
1035 ZFS_DELEG_PERM_DIFF, cr)) == 0)
1038 error = zfs_secpolicy_snapshot(zc, cr);
1040 error = zfs_secpolicy_hold(zc, cr);
1042 error = zfs_secpolicy_release(zc, cr);
1044 error = zfs_secpolicy_destroy(zc, cr);
1049 * Returns the nvlist as specified by the user in the zfs_cmd_t.
1052 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp)
1056 nvlist_t *list = NULL;
1059 * Read in and unpack the user-supplied nvlist.
1064 packed = kmem_alloc(size, KM_SLEEP);
1066 if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size,
1068 kmem_free(packed, size);
1072 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) {
1073 kmem_free(packed, size);
1077 kmem_free(packed, size);
1084 fit_error_list(zfs_cmd_t *zc, nvlist_t **errors)
1088 VERIFY(nvlist_size(*errors, &size, NV_ENCODE_NATIVE) == 0);
1090 if (size > zc->zc_nvlist_dst_size) {
1091 nvpair_t *more_errors;
1094 if (zc->zc_nvlist_dst_size < 1024)
1097 VERIFY(nvlist_add_int32(*errors, ZPROP_N_MORE_ERRORS, 0) == 0);
1098 more_errors = nvlist_prev_nvpair(*errors, NULL);
1101 nvpair_t *pair = nvlist_prev_nvpair(*errors,
1103 VERIFY(nvlist_remove_nvpair(*errors, pair) == 0);
1105 VERIFY(nvlist_size(*errors, &size,
1106 NV_ENCODE_NATIVE) == 0);
1107 } while (size > zc->zc_nvlist_dst_size);
1109 VERIFY(nvlist_remove_nvpair(*errors, more_errors) == 0);
1110 VERIFY(nvlist_add_int32(*errors, ZPROP_N_MORE_ERRORS, n) == 0);
1111 ASSERT(nvlist_size(*errors, &size, NV_ENCODE_NATIVE) == 0);
1112 ASSERT(size <= zc->zc_nvlist_dst_size);
1119 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl)
1121 char *packed = NULL;
1125 VERIFY(nvlist_size(nvl, &size, NV_ENCODE_NATIVE) == 0);
1127 if (size > zc->zc_nvlist_dst_size) {
1129 * Solaris returns ENOMEM here, because even if an error is
1130 * returned from an ioctl(2), new zc_nvlist_dst_size will be
1131 * passed to the userland. This is not the case for FreeBSD.
1132 * We need to return 0, so the kernel will copy the
1133 * zc_nvlist_dst_size back and the userland can discover that a
1134 * bigger buffer is needed.
1138 packed = kmem_alloc(size, KM_SLEEP);
1139 VERIFY(nvlist_pack(nvl, &packed, &size, NV_ENCODE_NATIVE,
1141 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst,
1142 size, zc->zc_iflags) != 0)
1144 kmem_free(packed, size);
1147 zc->zc_nvlist_dst_size = size;
1152 getzfsvfs(const char *dsname, zfsvfs_t **zfvp)
1157 error = dmu_objset_hold(dsname, FTAG, &os);
1160 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1161 dmu_objset_rele(os, FTAG);
1165 mutex_enter(&os->os_user_ptr_lock);
1166 *zfvp = dmu_objset_get_user(os);
1168 VFS_HOLD((*zfvp)->z_vfs);
1172 mutex_exit(&os->os_user_ptr_lock);
1173 dmu_objset_rele(os, FTAG);
1178 * Find a zfsvfs_t for a mounted filesystem, or create our own, in which
1179 * case its z_vfs will be NULL, and it will be opened as the owner.
1180 * If 'writer' is set, the z_teardown_lock will be held for RW_WRITER,
1181 * which prevents all vnode ops from running.
1184 zfsvfs_hold(const char *name, void *tag, zfsvfs_t **zfvp, boolean_t writer)
1188 if (getzfsvfs(name, zfvp) != 0)
1189 error = zfsvfs_create(name, zfvp);
1191 rrw_enter(&(*zfvp)->z_teardown_lock, (writer) ? RW_WRITER :
1193 if ((*zfvp)->z_unmounted) {
1195 * XXX we could probably try again, since the unmounting
1196 * thread should be just about to disassociate the
1197 * objset from the zfsvfs.
1199 rrw_exit(&(*zfvp)->z_teardown_lock, tag);
1207 zfsvfs_rele(zfsvfs_t *zfsvfs, void *tag)
1209 rrw_exit(&zfsvfs->z_teardown_lock, tag);
1211 if (zfsvfs->z_vfs) {
1212 VFS_RELE(zfsvfs->z_vfs);
1214 dmu_objset_disown(zfsvfs->z_os, zfsvfs);
1215 zfsvfs_free(zfsvfs);
1220 zfs_ioc_pool_create(zfs_cmd_t *zc)
1223 nvlist_t *config, *props = NULL;
1224 nvlist_t *rootprops = NULL;
1225 nvlist_t *zplprops = NULL;
1228 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1229 zc->zc_iflags, &config))
1232 if (zc->zc_nvlist_src_size != 0 && (error =
1233 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1234 zc->zc_iflags, &props))) {
1235 nvlist_free(config);
1240 nvlist_t *nvl = NULL;
1241 uint64_t version = SPA_VERSION;
1243 (void) nvlist_lookup_uint64(props,
1244 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version);
1245 if (!SPA_VERSION_IS_SUPPORTED(version)) {
1247 goto pool_props_bad;
1249 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl);
1251 error = nvlist_dup(nvl, &rootprops, KM_SLEEP);
1253 nvlist_free(config);
1257 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS);
1259 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1260 error = zfs_fill_zplprops_root(version, rootprops,
1263 goto pool_props_bad;
1266 buf = history_str_get(zc);
1268 error = spa_create(zc->zc_name, config, props, buf, zplprops);
1271 * Set the remaining root properties
1273 if (!error && (error = zfs_set_prop_nvlist(zc->zc_name,
1274 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0)
1275 (void) spa_destroy(zc->zc_name);
1278 history_str_free(buf);
1281 nvlist_free(rootprops);
1282 nvlist_free(zplprops);
1283 nvlist_free(config);
1290 zfs_ioc_pool_destroy(zfs_cmd_t *zc)
1293 zfs_log_history(zc);
1294 error = spa_destroy(zc->zc_name);
1296 zvol_remove_minors(zc->zc_name);
1301 zfs_ioc_pool_import(zfs_cmd_t *zc)
1303 nvlist_t *config, *props = NULL;
1307 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1308 zc->zc_iflags, &config)) != 0)
1311 if (zc->zc_nvlist_src_size != 0 && (error =
1312 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1313 zc->zc_iflags, &props))) {
1314 nvlist_free(config);
1318 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 ||
1319 guid != zc->zc_guid)
1322 error = spa_import(zc->zc_name, config, props, zc->zc_cookie);
1324 if (zc->zc_nvlist_dst != 0) {
1327 if ((err = put_nvlist(zc, config)) != 0)
1331 nvlist_free(config);
1340 zfs_ioc_pool_export(zfs_cmd_t *zc)
1343 boolean_t force = (boolean_t)zc->zc_cookie;
1344 boolean_t hardforce = (boolean_t)zc->zc_guid;
1346 zfs_log_history(zc);
1347 error = spa_export(zc->zc_name, NULL, force, hardforce);
1349 zvol_remove_minors(zc->zc_name);
1354 zfs_ioc_pool_configs(zfs_cmd_t *zc)
1359 if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL)
1362 error = put_nvlist(zc, configs);
1364 nvlist_free(configs);
1371 * zc_name name of the pool
1374 * zc_cookie real errno
1375 * zc_nvlist_dst config nvlist
1376 * zc_nvlist_dst_size size of config nvlist
1379 zfs_ioc_pool_stats(zfs_cmd_t *zc)
1385 error = spa_get_stats(zc->zc_name, &config, zc->zc_value,
1386 sizeof (zc->zc_value));
1388 if (config != NULL) {
1389 ret = put_nvlist(zc, config);
1390 nvlist_free(config);
1393 * The config may be present even if 'error' is non-zero.
1394 * In this case we return success, and preserve the real errno
1397 zc->zc_cookie = error;
1406 * Try to import the given pool, returning pool stats as appropriate so that
1407 * user land knows which devices are available and overall pool health.
1410 zfs_ioc_pool_tryimport(zfs_cmd_t *zc)
1412 nvlist_t *tryconfig, *config;
1415 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1416 zc->zc_iflags, &tryconfig)) != 0)
1419 config = spa_tryimport(tryconfig);
1421 nvlist_free(tryconfig);
1426 error = put_nvlist(zc, config);
1427 nvlist_free(config);
1434 * zc_name name of the pool
1435 * zc_cookie scan func (pool_scan_func_t)
1438 zfs_ioc_pool_scan(zfs_cmd_t *zc)
1443 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1446 if (zc->zc_cookie == POOL_SCAN_NONE)
1447 error = spa_scan_stop(spa);
1449 error = spa_scan(spa, zc->zc_cookie);
1451 spa_close(spa, FTAG);
1457 zfs_ioc_pool_freeze(zfs_cmd_t *zc)
1462 error = spa_open(zc->zc_name, &spa, FTAG);
1465 spa_close(spa, FTAG);
1471 zfs_ioc_pool_upgrade(zfs_cmd_t *zc)
1476 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1479 if (zc->zc_cookie < spa_version(spa) ||
1480 !SPA_VERSION_IS_SUPPORTED(zc->zc_cookie)) {
1481 spa_close(spa, FTAG);
1485 spa_upgrade(spa, zc->zc_cookie);
1486 spa_close(spa, FTAG);
1492 zfs_ioc_pool_get_history(zfs_cmd_t *zc)
1499 if ((size = zc->zc_history_len) == 0)
1502 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1505 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
1506 spa_close(spa, FTAG);
1510 hist_buf = kmem_alloc(size, KM_SLEEP);
1511 if ((error = spa_history_get(spa, &zc->zc_history_offset,
1512 &zc->zc_history_len, hist_buf)) == 0) {
1513 error = ddi_copyout(hist_buf,
1514 (void *)(uintptr_t)zc->zc_history,
1515 zc->zc_history_len, zc->zc_iflags);
1518 spa_close(spa, FTAG);
1519 kmem_free(hist_buf, size);
1524 zfs_ioc_pool_reguid(zfs_cmd_t *zc)
1529 error = spa_open(zc->zc_name, &spa, FTAG);
1531 error = spa_change_guid(spa);
1532 spa_close(spa, FTAG);
1538 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc)
1542 if (error = dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value))
1550 * zc_name name of filesystem
1551 * zc_obj object to find
1554 * zc_value name of object
1557 zfs_ioc_obj_to_path(zfs_cmd_t *zc)
1562 /* XXX reading from objset not owned */
1563 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0)
1565 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1566 dmu_objset_rele(os, FTAG);
1569 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value,
1570 sizeof (zc->zc_value));
1571 dmu_objset_rele(os, FTAG);
1578 * zc_name name of filesystem
1579 * zc_obj object to find
1582 * zc_stat stats on object
1583 * zc_value path to object
1586 zfs_ioc_obj_to_stats(zfs_cmd_t *zc)
1591 /* XXX reading from objset not owned */
1592 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0)
1594 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1595 dmu_objset_rele(os, FTAG);
1598 error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value,
1599 sizeof (zc->zc_value));
1600 dmu_objset_rele(os, FTAG);
1606 zfs_ioc_vdev_add(zfs_cmd_t *zc)
1610 nvlist_t *config, **l2cache, **spares;
1611 uint_t nl2cache = 0, nspares = 0;
1613 error = spa_open(zc->zc_name, &spa, FTAG);
1617 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1618 zc->zc_iflags, &config);
1619 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_L2CACHE,
1620 &l2cache, &nl2cache);
1622 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_SPARES,
1626 * A root pool with concatenated devices is not supported.
1627 * Thus, can not add a device to a root pool.
1629 * Intent log device can not be added to a rootpool because
1630 * during mountroot, zil is replayed, a seperated log device
1631 * can not be accessed during the mountroot time.
1633 * l2cache and spare devices are ok to be added to a rootpool.
1635 if (spa_bootfs(spa) != 0 && nl2cache == 0 && nspares == 0) {
1636 nvlist_free(config);
1637 spa_close(spa, FTAG);
1642 error = spa_vdev_add(spa, config);
1643 nvlist_free(config);
1645 spa_close(spa, FTAG);
1651 * zc_name name of the pool
1652 * zc_nvlist_conf nvlist of devices to remove
1653 * zc_cookie to stop the remove?
1656 zfs_ioc_vdev_remove(zfs_cmd_t *zc)
1661 error = spa_open(zc->zc_name, &spa, FTAG);
1664 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE);
1665 spa_close(spa, FTAG);
1670 zfs_ioc_vdev_set_state(zfs_cmd_t *zc)
1674 vdev_state_t newstate = VDEV_STATE_UNKNOWN;
1676 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1678 switch (zc->zc_cookie) {
1679 case VDEV_STATE_ONLINE:
1680 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate);
1683 case VDEV_STATE_OFFLINE:
1684 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj);
1687 case VDEV_STATE_FAULTED:
1688 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1689 zc->zc_obj != VDEV_AUX_EXTERNAL)
1690 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1692 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj);
1695 case VDEV_STATE_DEGRADED:
1696 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1697 zc->zc_obj != VDEV_AUX_EXTERNAL)
1698 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1700 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj);
1706 zc->zc_cookie = newstate;
1707 spa_close(spa, FTAG);
1712 zfs_ioc_vdev_attach(zfs_cmd_t *zc)
1715 int replacing = zc->zc_cookie;
1719 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1722 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1723 zc->zc_iflags, &config)) == 0) {
1724 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing);
1725 nvlist_free(config);
1728 spa_close(spa, FTAG);
1733 zfs_ioc_vdev_detach(zfs_cmd_t *zc)
1738 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1741 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE);
1743 spa_close(spa, FTAG);
1748 zfs_ioc_vdev_split(zfs_cmd_t *zc)
1751 nvlist_t *config, *props = NULL;
1753 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT);
1755 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1758 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1759 zc->zc_iflags, &config)) {
1760 spa_close(spa, FTAG);
1764 if (zc->zc_nvlist_src_size != 0 && (error =
1765 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1766 zc->zc_iflags, &props))) {
1767 spa_close(spa, FTAG);
1768 nvlist_free(config);
1772 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp);
1774 spa_close(spa, FTAG);
1776 nvlist_free(config);
1783 zfs_ioc_vdev_setpath(zfs_cmd_t *zc)
1786 char *path = zc->zc_value;
1787 uint64_t guid = zc->zc_guid;
1790 error = spa_open(zc->zc_name, &spa, FTAG);
1794 error = spa_vdev_setpath(spa, guid, path);
1795 spa_close(spa, FTAG);
1800 zfs_ioc_vdev_setfru(zfs_cmd_t *zc)
1803 char *fru = zc->zc_value;
1804 uint64_t guid = zc->zc_guid;
1807 error = spa_open(zc->zc_name, &spa, FTAG);
1811 error = spa_vdev_setfru(spa, guid, fru);
1812 spa_close(spa, FTAG);
1817 zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os)
1822 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
1824 if (zc->zc_nvlist_dst != 0 &&
1825 (error = dsl_prop_get_all(os, &nv)) == 0) {
1826 dmu_objset_stats(os, nv);
1828 * NB: zvol_get_stats() will read the objset contents,
1829 * which we aren't supposed to do with a
1830 * DS_MODE_USER hold, because it could be
1831 * inconsistent. So this is a bit of a workaround...
1832 * XXX reading with out owning
1834 if (!zc->zc_objset_stats.dds_inconsistent &&
1835 dmu_objset_type(os) == DMU_OST_ZVOL) {
1836 error = zvol_get_stats(os, nv);
1841 error = put_nvlist(zc, nv);
1850 * zc_name name of filesystem
1851 * zc_nvlist_dst_size size of buffer for property nvlist
1854 * zc_objset_stats stats
1855 * zc_nvlist_dst property nvlist
1856 * zc_nvlist_dst_size size of property nvlist
1859 zfs_ioc_objset_stats(zfs_cmd_t *zc)
1861 objset_t *os = NULL;
1864 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os))
1867 error = zfs_ioc_objset_stats_impl(zc, os);
1869 dmu_objset_rele(os, FTAG);
1871 if (error == ENOMEM)
1878 * zc_name name of filesystem
1879 * zc_nvlist_dst_size size of buffer for property nvlist
1882 * zc_nvlist_dst received property nvlist
1883 * zc_nvlist_dst_size size of received property nvlist
1885 * Gets received properties (distinct from local properties on or after
1886 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from
1887 * local property values.
1890 zfs_ioc_objset_recvd_props(zfs_cmd_t *zc)
1892 objset_t *os = NULL;
1896 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os))
1900 * Without this check, we would return local property values if the
1901 * caller has not already received properties on or after
1902 * SPA_VERSION_RECVD_PROPS.
1904 if (!dsl_prop_get_hasrecvd(os)) {
1905 dmu_objset_rele(os, FTAG);
1909 if (zc->zc_nvlist_dst != 0 &&
1910 (error = dsl_prop_get_received(os, &nv)) == 0) {
1911 error = put_nvlist(zc, nv);
1915 dmu_objset_rele(os, FTAG);
1920 nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop)
1926 * zfs_get_zplprop() will either find a value or give us
1927 * the default value (if there is one).
1929 if ((error = zfs_get_zplprop(os, prop, &value)) != 0)
1931 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0);
1937 * zc_name name of filesystem
1938 * zc_nvlist_dst_size size of buffer for zpl property nvlist
1941 * zc_nvlist_dst zpl property nvlist
1942 * zc_nvlist_dst_size size of zpl property nvlist
1945 zfs_ioc_objset_zplprops(zfs_cmd_t *zc)
1950 /* XXX reading without owning */
1951 if (err = dmu_objset_hold(zc->zc_name, FTAG, &os))
1954 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
1957 * NB: nvl_add_zplprop() will read the objset contents,
1958 * which we aren't supposed to do with a DS_MODE_USER
1959 * hold, because it could be inconsistent.
1961 if (zc->zc_nvlist_dst != 0 &&
1962 !zc->zc_objset_stats.dds_inconsistent &&
1963 dmu_objset_type(os) == DMU_OST_ZFS) {
1966 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1967 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 &&
1968 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 &&
1969 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 &&
1970 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0)
1971 err = put_nvlist(zc, nv);
1976 dmu_objset_rele(os, FTAG);
1981 dataset_name_hidden(const char *name)
1984 * Skip over datasets that are not visible in this zone,
1985 * internal datasets (which have a $ in their name), and
1986 * temporary datasets (which have a % in their name).
1988 if (strchr(name, '$') != NULL)
1990 if (strchr(name, '%') != NULL)
1992 if (!INGLOBALZONE(curthread) && !zone_dataset_visible(name, NULL))
1999 * zc_name name of filesystem
2000 * zc_cookie zap cursor
2001 * zc_nvlist_dst_size size of buffer for property nvlist
2004 * zc_name name of next filesystem
2005 * zc_cookie zap cursor
2006 * zc_objset_stats stats
2007 * zc_nvlist_dst property nvlist
2008 * zc_nvlist_dst_size size of property nvlist
2011 zfs_ioc_dataset_list_next(zfs_cmd_t *zc)
2016 size_t orig_len = strlen(zc->zc_name);
2019 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os)) {
2020 if (error == ENOENT)
2025 p = strrchr(zc->zc_name, '/');
2026 if (p == NULL || p[1] != '\0')
2027 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name));
2028 p = zc->zc_name + strlen(zc->zc_name);
2031 * Pre-fetch the datasets. dmu_objset_prefetch() always returns 0
2032 * but is not declared void because its called by dmu_objset_find().
2034 if (zc->zc_cookie == 0) {
2035 uint64_t cookie = 0;
2036 int len = sizeof (zc->zc_name) - (p - zc->zc_name);
2038 while (dmu_dir_list_next(os, len, p, NULL, &cookie) == 0) {
2039 if (!dataset_name_hidden(zc->zc_name))
2040 (void) dmu_objset_prefetch(zc->zc_name, NULL);
2045 error = dmu_dir_list_next(os,
2046 sizeof (zc->zc_name) - (p - zc->zc_name), p,
2047 NULL, &zc->zc_cookie);
2048 if (error == ENOENT)
2050 } while (error == 0 && dataset_name_hidden(zc->zc_name));
2051 dmu_objset_rele(os, FTAG);
2054 * If it's an internal dataset (ie. with a '$' in its name),
2055 * don't try to get stats for it, otherwise we'll return ENOENT.
2057 if (error == 0 && strchr(zc->zc_name, '$') == NULL) {
2058 error = zfs_ioc_objset_stats(zc); /* fill in the stats */
2059 if (error == ENOENT) {
2060 /* We lost a race with destroy, get the next one. */
2061 zc->zc_name[orig_len] = '\0';
2070 * zc_name name of filesystem
2071 * zc_cookie zap cursor
2072 * zc_nvlist_dst_size size of buffer for property nvlist
2073 * zc_simple when set, only name is requested
2076 * zc_name name of next snapshot
2077 * zc_objset_stats stats
2078 * zc_nvlist_dst property nvlist
2079 * zc_nvlist_dst_size size of property nvlist
2082 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc)
2088 if (snapshot_list_prefetch && zc->zc_cookie == 0 && !zc->zc_simple)
2089 (void) dmu_objset_find(zc->zc_name, dmu_objset_prefetch,
2090 NULL, DS_FIND_SNAPSHOTS);
2092 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2094 return (error == ENOENT ? ESRCH : error);
2097 * A dataset name of maximum length cannot have any snapshots,
2098 * so exit immediately.
2100 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >= MAXNAMELEN) {
2101 dmu_objset_rele(os, FTAG);
2105 error = dmu_snapshot_list_next(os,
2106 sizeof (zc->zc_name) - strlen(zc->zc_name),
2107 zc->zc_name + strlen(zc->zc_name), &zc->zc_obj, &zc->zc_cookie,
2110 if (error == 0 && !zc->zc_simple) {
2112 dsl_pool_t *dp = os->os_dsl_dataset->ds_dir->dd_pool;
2115 * Since we probably don't have a hold on this snapshot,
2116 * it's possible that the objsetid could have been destroyed
2117 * and reused for a new objset. It's OK if this happens during
2118 * a zfs send operation, since the new createtxg will be
2119 * beyond the range we're interested in.
2121 rw_enter(&dp->dp_config_rwlock, RW_READER);
2122 error = dsl_dataset_hold_obj(dp, zc->zc_obj, FTAG, &ds);
2123 rw_exit(&dp->dp_config_rwlock);
2125 if (error == ENOENT) {
2126 /* Racing with destroy, get the next one. */
2127 *strchr(zc->zc_name, '@') = '\0';
2128 dmu_objset_rele(os, FTAG);
2134 error = dmu_objset_from_ds(ds, &ossnap);
2136 error = zfs_ioc_objset_stats_impl(zc, ossnap);
2137 dsl_dataset_rele(ds, FTAG);
2139 } else if (error == ENOENT) {
2143 dmu_objset_rele(os, FTAG);
2144 /* if we failed, undo the @ that we tacked on to zc_name */
2146 *strchr(zc->zc_name, '@') = '\0';
2151 zfs_prop_set_userquota(const char *dsname, nvpair_t *pair)
2153 const char *propname = nvpair_name(pair);
2155 unsigned int vallen;
2158 zfs_userquota_prop_t type;
2164 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2166 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2167 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2173 * A correctly constructed propname is encoded as
2174 * userquota@<rid>-<domain>.
2176 if ((dash = strchr(propname, '-')) == NULL ||
2177 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 ||
2186 err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE);
2188 err = zfs_set_userquota(zfsvfs, type, domain, rid, quota);
2189 zfsvfs_rele(zfsvfs, FTAG);
2196 * If the named property is one that has a special function to set its value,
2197 * return 0 on success and a positive error code on failure; otherwise if it is
2198 * not one of the special properties handled by this function, return -1.
2200 * XXX: It would be better for callers of the property interface if we handled
2201 * these special cases in dsl_prop.c (in the dsl layer).
2204 zfs_prop_set_special(const char *dsname, zprop_source_t source,
2207 const char *propname = nvpair_name(pair);
2208 zfs_prop_t prop = zfs_name_to_prop(propname);
2212 if (prop == ZPROP_INVAL) {
2213 if (zfs_prop_userquota(propname))
2214 return (zfs_prop_set_userquota(dsname, pair));
2218 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2220 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2221 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2225 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING)
2228 VERIFY(0 == nvpair_value_uint64(pair, &intval));
2231 case ZFS_PROP_QUOTA:
2232 err = dsl_dir_set_quota(dsname, source, intval);
2234 case ZFS_PROP_REFQUOTA:
2235 err = dsl_dataset_set_quota(dsname, source, intval);
2237 case ZFS_PROP_RESERVATION:
2238 err = dsl_dir_set_reservation(dsname, source, intval);
2240 case ZFS_PROP_REFRESERVATION:
2241 err = dsl_dataset_set_reservation(dsname, source, intval);
2243 case ZFS_PROP_VOLSIZE:
2244 err = zvol_set_volsize(dsname, ddi_driver_major(zfs_dip),
2247 case ZFS_PROP_VERSION:
2251 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0)
2254 err = zfs_set_version(zfsvfs, intval);
2255 zfsvfs_rele(zfsvfs, FTAG);
2257 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) {
2260 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
2261 (void) strcpy(zc->zc_name, dsname);
2262 (void) zfs_ioc_userspace_upgrade(zc);
2263 kmem_free(zc, sizeof (zfs_cmd_t));
2276 * This function is best effort. If it fails to set any of the given properties,
2277 * it continues to set as many as it can and returns the first error
2278 * encountered. If the caller provides a non-NULL errlist, it also gives the
2279 * complete list of names of all the properties it failed to set along with the
2280 * corresponding error numbers. The caller is responsible for freeing the
2283 * If every property is set successfully, zero is returned and the list pointed
2284 * at by errlist is NULL.
2287 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl,
2295 nvlist_t *genericnvl;
2299 VERIFY(nvlist_alloc(&genericnvl, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2300 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2301 VERIFY(nvlist_alloc(&retrynvl, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2305 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2306 const char *propname = nvpair_name(pair);
2307 zfs_prop_t prop = zfs_name_to_prop(propname);
2310 /* decode the property value */
2312 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2314 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2315 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2320 /* Validate value type */
2321 if (err == 0 && prop == ZPROP_INVAL) {
2322 if (zfs_prop_user(propname)) {
2323 if (nvpair_type(propval) != DATA_TYPE_STRING)
2325 } else if (zfs_prop_userquota(propname)) {
2326 if (nvpair_type(propval) !=
2327 DATA_TYPE_UINT64_ARRAY)
2332 } else if (err == 0) {
2333 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2334 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING)
2336 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) {
2339 VERIFY(nvpair_value_uint64(propval,
2342 switch (zfs_prop_get_type(prop)) {
2343 case PROP_TYPE_NUMBER:
2345 case PROP_TYPE_STRING:
2348 case PROP_TYPE_INDEX:
2349 if (zfs_prop_index_to_string(prop,
2350 intval, &unused) != 0)
2355 "unknown property type");
2362 /* Validate permissions */
2364 err = zfs_check_settable(dsname, pair, CRED());
2367 err = zfs_prop_set_special(dsname, source, pair);
2370 * For better performance we build up a list of
2371 * properties to set in a single transaction.
2373 err = nvlist_add_nvpair(genericnvl, pair);
2374 } else if (err != 0 && nvl != retrynvl) {
2376 * This may be a spurious error caused by
2377 * receiving quota and reservation out of order.
2378 * Try again in a second pass.
2380 err = nvlist_add_nvpair(retrynvl, pair);
2385 VERIFY(nvlist_add_int32(errors, propname, err) == 0);
2388 if (nvl != retrynvl && !nvlist_empty(retrynvl)) {
2393 if (!nvlist_empty(genericnvl) &&
2394 dsl_props_set(dsname, source, genericnvl) != 0) {
2396 * If this fails, we still want to set as many properties as we
2397 * can, so try setting them individually.
2400 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) {
2401 const char *propname = nvpair_name(pair);
2405 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2407 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2408 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2412 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2413 VERIFY(nvpair_value_string(propval,
2415 err = dsl_prop_set(dsname, propname, source, 1,
2416 strlen(strval) + 1, strval);
2418 VERIFY(nvpair_value_uint64(propval,
2420 err = dsl_prop_set(dsname, propname, source, 8,
2425 VERIFY(nvlist_add_int32(errors, propname,
2430 nvlist_free(genericnvl);
2431 nvlist_free(retrynvl);
2433 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
2434 nvlist_free(errors);
2437 VERIFY(nvpair_value_int32(pair, &rv) == 0);
2440 if (errlist == NULL)
2441 nvlist_free(errors);
2449 * Check that all the properties are valid user properties.
2452 zfs_check_userprops(char *fsname, nvlist_t *nvl)
2454 nvpair_t *pair = NULL;
2457 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2458 const char *propname = nvpair_name(pair);
2461 if (!zfs_prop_user(propname) ||
2462 nvpair_type(pair) != DATA_TYPE_STRING)
2465 if (error = zfs_secpolicy_write_perms(fsname,
2466 ZFS_DELEG_PERM_USERPROP, CRED()))
2469 if (strlen(propname) >= ZAP_MAXNAMELEN)
2470 return (ENAMETOOLONG);
2472 VERIFY(nvpair_value_string(pair, &valstr) == 0);
2473 if (strlen(valstr) >= ZAP_MAXVALUELEN)
2480 props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops)
2484 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2487 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) {
2488 if (nvlist_exists(skipped, nvpair_name(pair)))
2491 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0);
2496 clear_received_props(objset_t *os, const char *fs, nvlist_t *props,
2500 nvlist_t *cleared_props = NULL;
2501 props_skip(props, skipped, &cleared_props);
2502 if (!nvlist_empty(cleared_props)) {
2504 * Acts on local properties until the dataset has received
2505 * properties at least once on or after SPA_VERSION_RECVD_PROPS.
2507 zprop_source_t flags = (ZPROP_SRC_NONE |
2508 (dsl_prop_get_hasrecvd(os) ? ZPROP_SRC_RECEIVED : 0));
2509 err = zfs_set_prop_nvlist(fs, flags, cleared_props, NULL);
2511 nvlist_free(cleared_props);
2517 * zc_name name of filesystem
2518 * zc_value name of property to set
2519 * zc_nvlist_src{_size} nvlist of properties to apply
2520 * zc_cookie received properties flag
2523 * zc_nvlist_dst{_size} error for each unapplied received property
2526 zfs_ioc_set_prop(zfs_cmd_t *zc)
2529 boolean_t received = zc->zc_cookie;
2530 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED :
2532 nvlist_t *errors = NULL;
2535 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2536 zc->zc_iflags, &nvl)) != 0)
2540 nvlist_t *origprops;
2543 if (dmu_objset_hold(zc->zc_name, FTAG, &os) == 0) {
2544 if (dsl_prop_get_received(os, &origprops) == 0) {
2545 (void) clear_received_props(os,
2546 zc->zc_name, origprops, nvl);
2547 nvlist_free(origprops);
2550 dsl_prop_set_hasrecvd(os);
2551 dmu_objset_rele(os, FTAG);
2555 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, &errors);
2557 if (zc->zc_nvlist_dst != 0 && errors != NULL) {
2558 (void) put_nvlist(zc, errors);
2561 nvlist_free(errors);
2568 * zc_name name of filesystem
2569 * zc_value name of property to inherit
2570 * zc_cookie revert to received value if TRUE
2575 zfs_ioc_inherit_prop(zfs_cmd_t *zc)
2577 const char *propname = zc->zc_value;
2578 zfs_prop_t prop = zfs_name_to_prop(propname);
2579 boolean_t received = zc->zc_cookie;
2580 zprop_source_t source = (received
2581 ? ZPROP_SRC_NONE /* revert to received value, if any */
2582 : ZPROP_SRC_INHERITED); /* explicitly inherit */
2591 * zfs_prop_set_special() expects properties in the form of an
2592 * nvpair with type info.
2594 if (prop == ZPROP_INVAL) {
2595 if (!zfs_prop_user(propname))
2598 type = PROP_TYPE_STRING;
2599 } else if (prop == ZFS_PROP_VOLSIZE ||
2600 prop == ZFS_PROP_VERSION) {
2603 type = zfs_prop_get_type(prop);
2606 VERIFY(nvlist_alloc(&dummy, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2609 case PROP_TYPE_STRING:
2610 VERIFY(0 == nvlist_add_string(dummy, propname, ""));
2612 case PROP_TYPE_NUMBER:
2613 case PROP_TYPE_INDEX:
2614 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0));
2621 pair = nvlist_next_nvpair(dummy, NULL);
2622 err = zfs_prop_set_special(zc->zc_name, source, pair);
2625 return (err); /* special property already handled */
2628 * Only check this in the non-received case. We want to allow
2629 * 'inherit -S' to revert non-inheritable properties like quota
2630 * and reservation to the received or default values even though
2631 * they are not considered inheritable.
2633 if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop))
2637 /* the property name has been validated by zfs_secpolicy_inherit() */
2638 return (dsl_prop_set(zc->zc_name, zc->zc_value, source, 0, 0, NULL));
2642 zfs_ioc_pool_set_props(zfs_cmd_t *zc)
2649 if (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2650 zc->zc_iflags, &props))
2654 * If the only property is the configfile, then just do a spa_lookup()
2655 * to handle the faulted case.
2657 pair = nvlist_next_nvpair(props, NULL);
2658 if (pair != NULL && strcmp(nvpair_name(pair),
2659 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 &&
2660 nvlist_next_nvpair(props, pair) == NULL) {
2661 mutex_enter(&spa_namespace_lock);
2662 if ((spa = spa_lookup(zc->zc_name)) != NULL) {
2663 spa_configfile_set(spa, props, B_FALSE);
2664 spa_config_sync(spa, B_FALSE, B_TRUE);
2666 mutex_exit(&spa_namespace_lock);
2673 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2678 error = spa_prop_set(spa, props);
2681 spa_close(spa, FTAG);
2687 zfs_ioc_pool_get_props(zfs_cmd_t *zc)
2691 nvlist_t *nvp = NULL;
2693 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2695 * If the pool is faulted, there may be properties we can still
2696 * get (such as altroot and cachefile), so attempt to get them
2699 mutex_enter(&spa_namespace_lock);
2700 if ((spa = spa_lookup(zc->zc_name)) != NULL)
2701 error = spa_prop_get(spa, &nvp);
2702 mutex_exit(&spa_namespace_lock);
2704 error = spa_prop_get(spa, &nvp);
2705 spa_close(spa, FTAG);
2708 if (error == 0 && zc->zc_nvlist_dst != 0)
2709 error = put_nvlist(zc, nvp);
2719 * zc_name name of filesystem
2720 * zc_nvlist_src{_size} nvlist of delegated permissions
2721 * zc_perm_action allow/unallow flag
2726 zfs_ioc_set_fsacl(zfs_cmd_t *zc)
2729 nvlist_t *fsaclnv = NULL;
2731 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2732 zc->zc_iflags, &fsaclnv)) != 0)
2736 * Verify nvlist is constructed correctly
2738 if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) {
2739 nvlist_free(fsaclnv);
2744 * If we don't have PRIV_SYS_MOUNT, then validate
2745 * that user is allowed to hand out each permission in
2749 error = secpolicy_zfs(CRED());
2751 if (zc->zc_perm_action == B_FALSE) {
2752 error = dsl_deleg_can_allow(zc->zc_name,
2755 error = dsl_deleg_can_unallow(zc->zc_name,
2761 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action);
2763 nvlist_free(fsaclnv);
2769 * zc_name name of filesystem
2772 * zc_nvlist_src{_size} nvlist of delegated permissions
2775 zfs_ioc_get_fsacl(zfs_cmd_t *zc)
2780 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) {
2781 error = put_nvlist(zc, nvp);
2789 * Search the vfs list for a specified resource. Returns a pointer to it
2790 * or NULL if no suitable entry is found. The caller of this routine
2791 * is responsible for releasing the returned vfs pointer.
2794 zfs_get_vfs(const char *resource)
2798 mtx_lock(&mountlist_mtx);
2799 TAILQ_FOREACH(vfsp, &mountlist, mnt_list) {
2800 if (strcmp(refstr_value(vfsp->vfs_resource), resource) == 0) {
2805 mtx_unlock(&mountlist_mtx);
2811 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx)
2813 zfs_creat_t *zct = arg;
2815 zfs_create_fs(os, cr, zct->zct_zplprops, tx);
2818 #define ZFS_PROP_UNDEFINED ((uint64_t)-1)
2822 * createprops list of properties requested by creator
2823 * default_zplver zpl version to use if unspecified in createprops
2824 * fuids_ok fuids allowed in this version of the spa?
2825 * os parent objset pointer (NULL if root fs)
2828 * zplprops values for the zplprops we attach to the master node object
2829 * is_ci true if requested file system will be purely case-insensitive
2831 * Determine the settings for utf8only, normalization and
2832 * casesensitivity. Specific values may have been requested by the
2833 * creator and/or we can inherit values from the parent dataset. If
2834 * the file system is of too early a vintage, a creator can not
2835 * request settings for these properties, even if the requested
2836 * setting is the default value. We don't actually want to create dsl
2837 * properties for these, so remove them from the source nvlist after
2841 zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver,
2842 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops,
2843 nvlist_t *zplprops, boolean_t *is_ci)
2845 uint64_t sense = ZFS_PROP_UNDEFINED;
2846 uint64_t norm = ZFS_PROP_UNDEFINED;
2847 uint64_t u8 = ZFS_PROP_UNDEFINED;
2849 ASSERT(zplprops != NULL);
2852 * Pull out creator prop choices, if any.
2855 (void) nvlist_lookup_uint64(createprops,
2856 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver);
2857 (void) nvlist_lookup_uint64(createprops,
2858 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm);
2859 (void) nvlist_remove_all(createprops,
2860 zfs_prop_to_name(ZFS_PROP_NORMALIZE));
2861 (void) nvlist_lookup_uint64(createprops,
2862 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8);
2863 (void) nvlist_remove_all(createprops,
2864 zfs_prop_to_name(ZFS_PROP_UTF8ONLY));
2865 (void) nvlist_lookup_uint64(createprops,
2866 zfs_prop_to_name(ZFS_PROP_CASE), &sense);
2867 (void) nvlist_remove_all(createprops,
2868 zfs_prop_to_name(ZFS_PROP_CASE));
2872 * If the zpl version requested is whacky or the file system
2873 * or pool is version is too "young" to support normalization
2874 * and the creator tried to set a value for one of the props,
2877 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) ||
2878 (zplver >= ZPL_VERSION_FUID && !fuids_ok) ||
2879 (zplver >= ZPL_VERSION_SA && !sa_ok) ||
2880 (zplver < ZPL_VERSION_NORMALIZATION &&
2881 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED ||
2882 sense != ZFS_PROP_UNDEFINED)))
2886 * Put the version in the zplprops
2888 VERIFY(nvlist_add_uint64(zplprops,
2889 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0);
2891 if (norm == ZFS_PROP_UNDEFINED)
2892 VERIFY(zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm) == 0);
2893 VERIFY(nvlist_add_uint64(zplprops,
2894 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0);
2897 * If we're normalizing, names must always be valid UTF-8 strings.
2901 if (u8 == ZFS_PROP_UNDEFINED)
2902 VERIFY(zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8) == 0);
2903 VERIFY(nvlist_add_uint64(zplprops,
2904 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0);
2906 if (sense == ZFS_PROP_UNDEFINED)
2907 VERIFY(zfs_get_zplprop(os, ZFS_PROP_CASE, &sense) == 0);
2908 VERIFY(nvlist_add_uint64(zplprops,
2909 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0);
2912 *is_ci = (sense == ZFS_CASE_INSENSITIVE);
2918 zfs_fill_zplprops(const char *dataset, nvlist_t *createprops,
2919 nvlist_t *zplprops, boolean_t *is_ci)
2921 boolean_t fuids_ok, sa_ok;
2922 uint64_t zplver = ZPL_VERSION;
2923 objset_t *os = NULL;
2924 char parentname[MAXNAMELEN];
2930 (void) strlcpy(parentname, dataset, sizeof (parentname));
2931 cp = strrchr(parentname, '/');
2935 if ((error = spa_open(dataset, &spa, FTAG)) != 0)
2938 spa_vers = spa_version(spa);
2939 spa_close(spa, FTAG);
2941 zplver = zfs_zpl_version_map(spa_vers);
2942 fuids_ok = (zplver >= ZPL_VERSION_FUID);
2943 sa_ok = (zplver >= ZPL_VERSION_SA);
2946 * Open parent object set so we can inherit zplprop values.
2948 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0)
2951 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops,
2953 dmu_objset_rele(os, FTAG);
2958 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops,
2959 nvlist_t *zplprops, boolean_t *is_ci)
2963 uint64_t zplver = ZPL_VERSION;
2966 zplver = zfs_zpl_version_map(spa_vers);
2967 fuids_ok = (zplver >= ZPL_VERSION_FUID);
2968 sa_ok = (zplver >= ZPL_VERSION_SA);
2970 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok,
2971 createprops, zplprops, is_ci);
2977 * zc_objset_type type of objset to create (fs vs zvol)
2978 * zc_name name of new objset
2979 * zc_value name of snapshot to clone from (may be empty)
2980 * zc_nvlist_src{_size} nvlist of properties to apply
2985 zfs_ioc_create(zfs_cmd_t *zc)
2990 nvlist_t *nvprops = NULL;
2991 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx);
2992 dmu_objset_type_t type = zc->zc_objset_type;
2997 cbfunc = zfs_create_cb;
3001 cbfunc = zvol_create_cb;
3008 if (strchr(zc->zc_name, '@') ||
3009 strchr(zc->zc_name, '%'))
3012 if (zc->zc_nvlist_src != 0 &&
3013 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
3014 zc->zc_iflags, &nvprops)) != 0)
3017 zct.zct_zplprops = NULL;
3018 zct.zct_props = nvprops;
3020 if (zc->zc_value[0] != '\0') {
3022 * We're creating a clone of an existing snapshot.
3024 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
3025 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0) {
3026 nvlist_free(nvprops);
3030 error = dmu_objset_hold(zc->zc_value, FTAG, &clone);
3032 nvlist_free(nvprops);
3036 error = dmu_objset_clone(zc->zc_name, dmu_objset_ds(clone), 0);
3037 dmu_objset_rele(clone, FTAG);
3039 nvlist_free(nvprops);
3043 boolean_t is_insensitive = B_FALSE;
3045 if (cbfunc == NULL) {
3046 nvlist_free(nvprops);
3050 if (type == DMU_OST_ZVOL) {
3051 uint64_t volsize, volblocksize;
3053 if (nvprops == NULL ||
3054 nvlist_lookup_uint64(nvprops,
3055 zfs_prop_to_name(ZFS_PROP_VOLSIZE),
3057 nvlist_free(nvprops);
3061 if ((error = nvlist_lookup_uint64(nvprops,
3062 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
3063 &volblocksize)) != 0 && error != ENOENT) {
3064 nvlist_free(nvprops);
3069 volblocksize = zfs_prop_default_numeric(
3070 ZFS_PROP_VOLBLOCKSIZE);
3072 if ((error = zvol_check_volblocksize(
3073 volblocksize)) != 0 ||
3074 (error = zvol_check_volsize(volsize,
3075 volblocksize)) != 0) {
3076 nvlist_free(nvprops);
3079 } else if (type == DMU_OST_ZFS) {
3083 * We have to have normalization and
3084 * case-folding flags correct when we do the
3085 * file system creation, so go figure them out
3088 VERIFY(nvlist_alloc(&zct.zct_zplprops,
3089 NV_UNIQUE_NAME, KM_SLEEP) == 0);
3090 error = zfs_fill_zplprops(zc->zc_name, nvprops,
3091 zct.zct_zplprops, &is_insensitive);
3093 nvlist_free(nvprops);
3094 nvlist_free(zct.zct_zplprops);
3098 error = dmu_objset_create(zc->zc_name, type,
3099 is_insensitive ? DS_FLAG_CI_DATASET : 0, cbfunc, &zct);
3100 nvlist_free(zct.zct_zplprops);
3104 * It would be nice to do this atomically.
3107 error = zfs_set_prop_nvlist(zc->zc_name, ZPROP_SRC_LOCAL,
3110 (void) dmu_objset_destroy(zc->zc_name, B_FALSE);
3112 nvlist_free(nvprops);
3114 if (error == 0 && type == DMU_OST_ZVOL)
3115 zvol_create_minors(zc->zc_name);
3122 * zc_name name of filesystem
3123 * zc_value short name of snapshot
3124 * zc_cookie recursive flag
3125 * zc_nvlist_src[_size] property list
3128 * zc_value short snapname (i.e. part after the '@')
3131 zfs_ioc_snapshot(zfs_cmd_t *zc)
3133 nvlist_t *nvprops = NULL;
3135 boolean_t recursive = zc->zc_cookie;
3137 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
3140 if (zc->zc_nvlist_src != 0 &&
3141 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
3142 zc->zc_iflags, &nvprops)) != 0)
3145 error = zfs_check_userprops(zc->zc_name, nvprops);
3149 if (!nvlist_empty(nvprops) &&
3150 zfs_earlier_version(zc->zc_name, SPA_VERSION_SNAP_PROPS)) {
3155 error = dmu_objset_snapshot(zc->zc_name, zc->zc_value, NULL,
3156 nvprops, recursive, B_FALSE, -1);
3159 nvlist_free(nvprops);
3164 zfs_unmount_snap(const char *name, void *arg)
3169 char *snapname = arg;
3170 char *fullname = kmem_asprintf("%s@%s", name, snapname);
3171 vfsp = zfs_get_vfs(fullname);
3173 } else if (strchr(name, '@')) {
3174 vfsp = zfs_get_vfs(name);
3179 * Always force the unmount for snapshots.
3181 int flag = MS_FORCE;
3184 if ((err = vn_vfswlock(vfsp->vfs_vnodecovered)) != 0) {
3189 mtx_lock(&Giant); /* dounmount() */
3190 dounmount(vfsp, flag, curthread);
3191 mtx_unlock(&Giant); /* dounmount() */
3198 * zc_name name of filesystem, snaps must be under it
3199 * zc_nvlist_src[_size] full names of snapshots to destroy
3200 * zc_defer_destroy mark for deferred destroy
3203 * zc_name on failure, name of failed snapshot
3206 zfs_ioc_destroy_snaps_nvl(zfs_cmd_t *zc)
3212 if ((err = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
3213 zc->zc_iflags, &nvl)) != 0) {
3218 * We are probably called by older binaries,
3219 * allocate and populate nvlist with recursive snapshots
3221 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
3223 VERIFY(nvlist_alloc(&nvl, NV_UNIQUE_NAME, KM_SLEEP) == 0);
3224 err = dmu_get_recursive_snaps_nvl(zc->zc_name,
3230 #endif /* __FreeBSD__ */
3233 len = strlen(zc->zc_name);
3234 for (pair = nvlist_next_nvpair(nvl, NULL); pair != NULL;
3235 pair = nvlist_next_nvpair(nvl, pair)) {
3236 const char *name = nvpair_name(pair);
3238 * The snap name must be underneath the zc_name. This ensures
3239 * that our permission checks were legitimate.
3241 if (strncmp(zc->zc_name, name, len) != 0 ||
3242 (name[len] != '@' && name[len] != '/')) {
3247 (void) zfs_unmount_snap(name, NULL);
3248 (void) zvol_remove_minor(name);
3251 err = dmu_snapshots_destroy_nvl(nvl, zc->zc_defer_destroy,
3259 * zc_name name of dataset to destroy
3260 * zc_objset_type type of objset
3261 * zc_defer_destroy mark for deferred destroy
3266 zfs_ioc_destroy(zfs_cmd_t *zc)
3269 if (strchr(zc->zc_name, '@') && zc->zc_objset_type == DMU_OST_ZFS) {
3270 err = zfs_unmount_snap(zc->zc_name, NULL);
3275 err = dmu_objset_destroy(zc->zc_name, zc->zc_defer_destroy);
3276 if (zc->zc_objset_type == DMU_OST_ZVOL && err == 0)
3277 (void) zvol_remove_minor(zc->zc_name);
3283 * zc_name name of dataset to rollback (to most recent snapshot)
3288 zfs_ioc_rollback(zfs_cmd_t *zc)
3290 dsl_dataset_t *ds, *clone;
3295 error = dsl_dataset_hold(zc->zc_name, FTAG, &ds);
3299 /* must not be a snapshot */
3300 if (dsl_dataset_is_snapshot(ds)) {
3301 dsl_dataset_rele(ds, FTAG);
3305 /* must have a most recent snapshot */
3306 if (ds->ds_phys->ds_prev_snap_txg < TXG_INITIAL) {
3307 dsl_dataset_rele(ds, FTAG);
3312 * Create clone of most recent snapshot.
3314 clone_name = kmem_asprintf("%s/%%rollback", zc->zc_name);
3315 error = dmu_objset_clone(clone_name, ds->ds_prev, DS_FLAG_INCONSISTENT);
3319 error = dsl_dataset_own(clone_name, B_TRUE, FTAG, &clone);
3326 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) {
3327 error = zfs_suspend_fs(zfsvfs);
3331 if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) {
3332 error = dsl_dataset_clone_swap(clone, ds,
3334 dsl_dataset_disown(ds, FTAG);
3339 resume_err = zfs_resume_fs(zfsvfs, zc->zc_name);
3340 error = error ? error : resume_err;
3342 VFS_RELE(zfsvfs->z_vfs);
3344 if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) {
3345 error = dsl_dataset_clone_swap(clone, ds, B_TRUE);
3346 dsl_dataset_disown(ds, FTAG);
3354 * Destroy clone (which also closes it).
3356 (void) dsl_dataset_destroy(clone, FTAG, B_FALSE);
3359 strfree(clone_name);
3361 dsl_dataset_rele(ds, FTAG);
3367 * zc_name old name of dataset
3368 * zc_value new name of dataset
3369 * zc_cookie recursive flag (only valid for snapshots)
3374 zfs_ioc_rename(zfs_cmd_t *zc)
3378 if (zc->zc_cookie & 1)
3379 flags |= ZFS_RENAME_RECURSIVE;
3380 if (zc->zc_cookie & 2)
3381 flags |= ZFS_RENAME_ALLOW_MOUNTED;
3383 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
3384 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
3385 strchr(zc->zc_value, '%'))
3389 * Unmount snapshot unless we're doing a recursive rename,
3390 * in which case the dataset code figures out which snapshots
3393 if (!(flags & ZFS_RENAME_RECURSIVE) &&
3394 strchr(zc->zc_name, '@') != NULL &&
3395 zc->zc_objset_type == DMU_OST_ZFS) {
3396 int err = zfs_unmount_snap(zc->zc_name, NULL);
3400 return (dmu_objset_rename(zc->zc_name, zc->zc_value, flags));
3404 zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr)
3406 const char *propname = nvpair_name(pair);
3407 boolean_t issnap = (strchr(dsname, '@') != NULL);
3408 zfs_prop_t prop = zfs_name_to_prop(propname);
3412 if (prop == ZPROP_INVAL) {
3413 if (zfs_prop_user(propname)) {
3414 if (err = zfs_secpolicy_write_perms(dsname,
3415 ZFS_DELEG_PERM_USERPROP, cr))
3420 if (!issnap && zfs_prop_userquota(propname)) {
3421 const char *perm = NULL;
3422 const char *uq_prefix =
3423 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA];
3424 const char *gq_prefix =
3425 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA];
3427 if (strncmp(propname, uq_prefix,
3428 strlen(uq_prefix)) == 0) {
3429 perm = ZFS_DELEG_PERM_USERQUOTA;
3430 } else if (strncmp(propname, gq_prefix,
3431 strlen(gq_prefix)) == 0) {
3432 perm = ZFS_DELEG_PERM_GROUPQUOTA;
3434 /* USERUSED and GROUPUSED are read-only */
3438 if (err = zfs_secpolicy_write_perms(dsname, perm, cr))
3449 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
3451 * dsl_prop_get_all_impl() returns properties in this
3455 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
3456 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3461 * Check that this value is valid for this pool version
3464 case ZFS_PROP_COMPRESSION:
3466 * If the user specified gzip compression, make sure
3467 * the SPA supports it. We ignore any errors here since
3468 * we'll catch them later.
3470 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
3471 nvpair_value_uint64(pair, &intval) == 0) {
3472 if (intval >= ZIO_COMPRESS_GZIP_1 &&
3473 intval <= ZIO_COMPRESS_GZIP_9 &&
3474 zfs_earlier_version(dsname,
3475 SPA_VERSION_GZIP_COMPRESSION)) {
3479 if (intval == ZIO_COMPRESS_ZLE &&
3480 zfs_earlier_version(dsname,
3481 SPA_VERSION_ZLE_COMPRESSION))
3485 * If this is a bootable dataset then
3486 * verify that the compression algorithm
3487 * is supported for booting. We must return
3488 * something other than ENOTSUP since it
3489 * implies a downrev pool version.
3491 if (zfs_is_bootfs(dsname) &&
3492 !BOOTFS_COMPRESS_VALID(intval)) {
3498 case ZFS_PROP_COPIES:
3499 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS))
3503 case ZFS_PROP_DEDUP:
3504 if (zfs_earlier_version(dsname, SPA_VERSION_DEDUP))
3508 case ZFS_PROP_SHARESMB:
3509 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID))
3513 case ZFS_PROP_ACLINHERIT:
3514 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
3515 nvpair_value_uint64(pair, &intval) == 0) {
3516 if (intval == ZFS_ACL_PASSTHROUGH_X &&
3517 zfs_earlier_version(dsname,
3518 SPA_VERSION_PASSTHROUGH_X))
3524 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED()));
3528 * Removes properties from the given props list that fail permission checks
3529 * needed to clear them and to restore them in case of a receive error. For each
3530 * property, make sure we have both set and inherit permissions.
3532 * Returns the first error encountered if any permission checks fail. If the
3533 * caller provides a non-NULL errlist, it also gives the complete list of names
3534 * of all the properties that failed a permission check along with the
3535 * corresponding error numbers. The caller is responsible for freeing the
3538 * If every property checks out successfully, zero is returned and the list
3539 * pointed at by errlist is NULL.
3542 zfs_check_clearable(char *dataset, nvlist_t *props, nvlist_t **errlist)
3545 nvpair_t *pair, *next_pair;
3552 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
3554 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP);
3555 (void) strcpy(zc->zc_name, dataset);
3556 pair = nvlist_next_nvpair(props, NULL);
3557 while (pair != NULL) {
3558 next_pair = nvlist_next_nvpair(props, pair);
3560 (void) strcpy(zc->zc_value, nvpair_name(pair));
3561 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 ||
3562 (err = zfs_secpolicy_inherit(zc, CRED())) != 0) {
3563 VERIFY(nvlist_remove_nvpair(props, pair) == 0);
3564 VERIFY(nvlist_add_int32(errors,
3565 zc->zc_value, err) == 0);
3569 kmem_free(zc, sizeof (zfs_cmd_t));
3571 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
3572 nvlist_free(errors);
3575 VERIFY(nvpair_value_int32(pair, &rv) == 0);
3578 if (errlist == NULL)
3579 nvlist_free(errors);
3587 propval_equals(nvpair_t *p1, nvpair_t *p2)
3589 if (nvpair_type(p1) == DATA_TYPE_NVLIST) {
3590 /* dsl_prop_get_all_impl() format */
3592 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0);
3593 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3597 if (nvpair_type(p2) == DATA_TYPE_NVLIST) {
3599 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0);
3600 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3604 if (nvpair_type(p1) != nvpair_type(p2))
3607 if (nvpair_type(p1) == DATA_TYPE_STRING) {
3608 char *valstr1, *valstr2;
3610 VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0);
3611 VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0);
3612 return (strcmp(valstr1, valstr2) == 0);
3614 uint64_t intval1, intval2;
3616 VERIFY(nvpair_value_uint64(p1, &intval1) == 0);
3617 VERIFY(nvpair_value_uint64(p2, &intval2) == 0);
3618 return (intval1 == intval2);
3623 * Remove properties from props if they are not going to change (as determined
3624 * by comparison with origprops). Remove them from origprops as well, since we
3625 * do not need to clear or restore properties that won't change.
3628 props_reduce(nvlist_t *props, nvlist_t *origprops)
3630 nvpair_t *pair, *next_pair;
3632 if (origprops == NULL)
3633 return; /* all props need to be received */
3635 pair = nvlist_next_nvpair(props, NULL);
3636 while (pair != NULL) {
3637 const char *propname = nvpair_name(pair);
3640 next_pair = nvlist_next_nvpair(props, pair);
3642 if ((nvlist_lookup_nvpair(origprops, propname,
3643 &match) != 0) || !propval_equals(pair, match))
3644 goto next; /* need to set received value */
3646 /* don't clear the existing received value */
3647 (void) nvlist_remove_nvpair(origprops, match);
3648 /* don't bother receiving the property */
3649 (void) nvlist_remove_nvpair(props, pair);
3656 static boolean_t zfs_ioc_recv_inject_err;
3661 * zc_name name of containing filesystem
3662 * zc_nvlist_src{_size} nvlist of properties to apply
3663 * zc_value name of snapshot to create
3664 * zc_string name of clone origin (if DRR_FLAG_CLONE)
3665 * zc_cookie file descriptor to recv from
3666 * zc_begin_record the BEGIN record of the stream (not byteswapped)
3667 * zc_guid force flag
3668 * zc_cleanup_fd cleanup-on-exit file descriptor
3669 * zc_action_handle handle for this guid/ds mapping (or zero on first call)
3672 * zc_cookie number of bytes read
3673 * zc_nvlist_dst{_size} error for each unapplied received property
3674 * zc_obj zprop_errflags_t
3675 * zc_action_handle handle for this guid/ds mapping
3678 zfs_ioc_recv(zfs_cmd_t *zc)
3682 dmu_recv_cookie_t drc;
3683 boolean_t force = (boolean_t)zc->zc_guid;
3686 int props_error = 0;
3689 nvlist_t *props = NULL; /* sent properties */
3690 nvlist_t *origprops = NULL; /* existing properties */
3691 objset_t *origin = NULL;
3693 char tofs[ZFS_MAXNAMELEN];
3694 boolean_t first_recvd_props = B_FALSE;
3696 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
3697 strchr(zc->zc_value, '@') == NULL ||
3698 strchr(zc->zc_value, '%'))
3701 (void) strcpy(tofs, zc->zc_value);
3702 tosnap = strchr(tofs, '@');
3705 if (zc->zc_nvlist_src != 0 &&
3706 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
3707 zc->zc_iflags, &props)) != 0)
3717 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
3719 if (props && dmu_objset_hold(tofs, FTAG, &os) == 0) {
3720 if ((spa_version(os->os_spa) >= SPA_VERSION_RECVD_PROPS) &&
3721 !dsl_prop_get_hasrecvd(os)) {
3722 first_recvd_props = B_TRUE;
3726 * If new received properties are supplied, they are to
3727 * completely replace the existing received properties, so stash
3728 * away the existing ones.
3730 if (dsl_prop_get_received(os, &origprops) == 0) {
3731 nvlist_t *errlist = NULL;
3733 * Don't bother writing a property if its value won't
3734 * change (and avoid the unnecessary security checks).
3736 * The first receive after SPA_VERSION_RECVD_PROPS is a
3737 * special case where we blow away all local properties
3740 if (!first_recvd_props)
3741 props_reduce(props, origprops);
3742 if (zfs_check_clearable(tofs, origprops,
3744 (void) nvlist_merge(errors, errlist, 0);
3745 nvlist_free(errlist);
3748 dmu_objset_rele(os, FTAG);
3751 if (zc->zc_string[0]) {
3752 error = dmu_objset_hold(zc->zc_string, FTAG, &origin);
3757 error = dmu_recv_begin(tofs, tosnap, zc->zc_top_ds,
3758 &zc->zc_begin_record, force, origin, &drc);
3760 dmu_objset_rele(origin, FTAG);
3765 * Set properties before we receive the stream so that they are applied
3766 * to the new data. Note that we must call dmu_recv_stream() if
3767 * dmu_recv_begin() succeeds.
3772 if (dmu_objset_from_ds(drc.drc_logical_ds, &os) == 0) {
3773 if (drc.drc_newfs) {
3774 if (spa_version(os->os_spa) >=
3775 SPA_VERSION_RECVD_PROPS)
3776 first_recvd_props = B_TRUE;
3777 } else if (origprops != NULL) {
3778 if (clear_received_props(os, tofs, origprops,
3779 first_recvd_props ? NULL : props) != 0)
3780 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3782 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3784 dsl_prop_set_hasrecvd(os);
3785 } else if (!drc.drc_newfs) {
3786 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3789 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
3791 (void) nvlist_merge(errors, errlist, 0);
3792 nvlist_free(errlist);
3795 if (fit_error_list(zc, &errors) != 0 || put_nvlist(zc, errors) != 0) {
3797 * Caller made zc->zc_nvlist_dst less than the minimum expected
3798 * size or supplied an invalid address.
3800 props_error = EINVAL;
3804 error = dmu_recv_stream(&drc, fp, &off, zc->zc_cleanup_fd,
3805 &zc->zc_action_handle);
3808 zfsvfs_t *zfsvfs = NULL;
3810 if (getzfsvfs(tofs, &zfsvfs) == 0) {
3814 error = zfs_suspend_fs(zfsvfs);
3816 * If the suspend fails, then the recv_end will
3817 * likely also fail, and clean up after itself.
3819 end_err = dmu_recv_end(&drc);
3821 error = zfs_resume_fs(zfsvfs, tofs);
3822 error = error ? error : end_err;
3823 VFS_RELE(zfsvfs->z_vfs);
3825 error = dmu_recv_end(&drc);
3829 zc->zc_cookie = off - fp->f_offset;
3830 if (off >= 0 && off <= MAXOFFSET_T)
3834 if (zfs_ioc_recv_inject_err) {
3835 zfs_ioc_recv_inject_err = B_FALSE;
3840 * On error, restore the original props.
3842 if (error && props) {
3843 if (dmu_objset_hold(tofs, FTAG, &os) == 0) {
3844 if (clear_received_props(os, tofs, props, NULL) != 0) {
3846 * We failed to clear the received properties.
3847 * Since we may have left a $recvd value on the
3848 * system, we can't clear the $hasrecvd flag.
3850 zc->zc_obj |= ZPROP_ERR_NORESTORE;
3851 } else if (first_recvd_props) {
3852 dsl_prop_unset_hasrecvd(os);
3854 dmu_objset_rele(os, FTAG);
3855 } else if (!drc.drc_newfs) {
3856 /* We failed to clear the received properties. */
3857 zc->zc_obj |= ZPROP_ERR_NORESTORE;
3860 if (origprops == NULL && !drc.drc_newfs) {
3861 /* We failed to stash the original properties. */
3862 zc->zc_obj |= ZPROP_ERR_NORESTORE;
3866 * dsl_props_set() will not convert RECEIVED to LOCAL on or
3867 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL
3868 * explictly if we're restoring local properties cleared in the
3869 * first new-style receive.
3871 if (origprops != NULL &&
3872 zfs_set_prop_nvlist(tofs, (first_recvd_props ?
3873 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED),
3874 origprops, NULL) != 0) {
3876 * We stashed the original properties but failed to
3879 zc->zc_obj |= ZPROP_ERR_NORESTORE;
3884 nvlist_free(origprops);
3885 nvlist_free(errors);
3889 error = props_error;
3896 * zc_name name of snapshot to send
3897 * zc_cookie file descriptor to send stream to
3898 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj)
3899 * zc_sendobj objsetid of snapshot to send
3900 * zc_fromobj objsetid of incremental fromsnap (may be zero)
3901 * zc_guid if set, estimate size of stream only. zc_cookie is ignored.
3902 * output size in zc_objset_type.
3907 zfs_ioc_send(zfs_cmd_t *zc)
3909 objset_t *fromsnap = NULL;
3914 dsl_dataset_t *dsfrom = NULL;
3917 boolean_t estimate = (zc->zc_guid != 0);
3919 error = spa_open(zc->zc_name, &spa, FTAG);
3923 dp = spa_get_dsl(spa);
3924 rw_enter(&dp->dp_config_rwlock, RW_READER);
3925 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
3926 rw_exit(&dp->dp_config_rwlock);
3928 spa_close(spa, FTAG);
3932 error = dmu_objset_from_ds(ds, &tosnap);
3934 dsl_dataset_rele(ds, FTAG);
3935 spa_close(spa, FTAG);
3939 if (zc->zc_fromobj != 0) {
3940 rw_enter(&dp->dp_config_rwlock, RW_READER);
3941 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj, FTAG, &dsfrom);
3942 rw_exit(&dp->dp_config_rwlock);
3943 spa_close(spa, FTAG);
3945 dsl_dataset_rele(ds, FTAG);
3948 error = dmu_objset_from_ds(dsfrom, &fromsnap);
3950 dsl_dataset_rele(dsfrom, FTAG);
3951 dsl_dataset_rele(ds, FTAG);
3955 spa_close(spa, FTAG);
3959 error = dmu_send_estimate(tosnap, fromsnap, zc->zc_obj,
3960 &zc->zc_objset_type);
3962 file_t *fp = getf(zc->zc_cookie);
3964 dsl_dataset_rele(ds, FTAG);
3966 dsl_dataset_rele(dsfrom, FTAG);
3971 error = dmu_send(tosnap, fromsnap, zc->zc_obj,
3972 zc->zc_cookie, fp, &off);
3974 if (off >= 0 && off <= MAXOFFSET_T)
3976 releasef(zc->zc_cookie);
3979 dsl_dataset_rele(dsfrom, FTAG);
3980 dsl_dataset_rele(ds, FTAG);
3986 * zc_name name of snapshot on which to report progress
3987 * zc_cookie file descriptor of send stream
3990 * zc_cookie number of bytes written in send stream thus far
3993 zfs_ioc_send_progress(zfs_cmd_t *zc)
3996 dmu_sendarg_t *dsp = NULL;
3999 if ((error = dsl_dataset_hold(zc->zc_name, FTAG, &ds)) != 0)
4002 mutex_enter(&ds->ds_sendstream_lock);
4005 * Iterate over all the send streams currently active on this dataset.
4006 * If there's one which matches the specified file descriptor _and_ the
4007 * stream was started by the current process, return the progress of
4010 for (dsp = list_head(&ds->ds_sendstreams); dsp != NULL;
4011 dsp = list_next(&ds->ds_sendstreams, dsp)) {
4012 if (dsp->dsa_outfd == zc->zc_cookie &&
4013 dsp->dsa_proc == curproc)
4018 zc->zc_cookie = *(dsp->dsa_off);
4022 mutex_exit(&ds->ds_sendstream_lock);
4023 dsl_dataset_rele(ds, FTAG);
4028 zfs_ioc_inject_fault(zfs_cmd_t *zc)
4032 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id,
4033 &zc->zc_inject_record);
4036 zc->zc_guid = (uint64_t)id;
4042 zfs_ioc_clear_fault(zfs_cmd_t *zc)
4044 return (zio_clear_fault((int)zc->zc_guid));
4048 zfs_ioc_inject_list_next(zfs_cmd_t *zc)
4050 int id = (int)zc->zc_guid;
4053 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name),
4054 &zc->zc_inject_record);
4062 zfs_ioc_error_log(zfs_cmd_t *zc)
4066 size_t count = (size_t)zc->zc_nvlist_dst_size;
4068 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
4071 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst,
4074 zc->zc_nvlist_dst_size = count;
4076 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa);
4078 spa_close(spa, FTAG);
4084 zfs_ioc_clear(zfs_cmd_t *zc)
4091 * On zpool clear we also fix up missing slogs
4093 mutex_enter(&spa_namespace_lock);
4094 spa = spa_lookup(zc->zc_name);
4096 mutex_exit(&spa_namespace_lock);
4099 if (spa_get_log_state(spa) == SPA_LOG_MISSING) {
4100 /* we need to let spa_open/spa_load clear the chains */
4101 spa_set_log_state(spa, SPA_LOG_CLEAR);
4103 spa->spa_last_open_failed = 0;
4104 mutex_exit(&spa_namespace_lock);
4106 if (zc->zc_cookie & ZPOOL_NO_REWIND) {
4107 error = spa_open(zc->zc_name, &spa, FTAG);
4110 nvlist_t *config = NULL;
4112 if (zc->zc_nvlist_src == 0)
4115 if ((error = get_nvlist(zc->zc_nvlist_src,
4116 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) {
4117 error = spa_open_rewind(zc->zc_name, &spa, FTAG,
4119 if (config != NULL) {
4122 if ((err = put_nvlist(zc, config)) != 0)
4124 nvlist_free(config);
4126 nvlist_free(policy);
4133 spa_vdev_state_enter(spa, SCL_NONE);
4135 if (zc->zc_guid == 0) {
4138 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE);
4140 (void) spa_vdev_state_exit(spa, NULL, ENODEV);
4141 spa_close(spa, FTAG);
4146 vdev_clear(spa, vd);
4148 (void) spa_vdev_state_exit(spa, NULL, 0);
4151 * Resume any suspended I/Os.
4153 if (zio_resume(spa) != 0)
4156 spa_close(spa, FTAG);
4162 zfs_ioc_pool_reopen(zfs_cmd_t *zc)
4167 error = spa_open(zc->zc_name, &spa, FTAG);
4171 spa_vdev_state_enter(spa, SCL_NONE);
4174 * If a resilver is already in progress then set the
4175 * spa_scrub_reopen flag to B_TRUE so that we don't restart
4176 * the scan as a side effect of the reopen. Otherwise, let
4177 * vdev_open() decided if a resilver is required.
4179 spa->spa_scrub_reopen = dsl_scan_resilvering(spa->spa_dsl_pool);
4180 vdev_reopen(spa->spa_root_vdev);
4181 spa->spa_scrub_reopen = B_FALSE;
4183 (void) spa_vdev_state_exit(spa, NULL, 0);
4184 spa_close(spa, FTAG);
4189 * zc_name name of filesystem
4190 * zc_value name of origin snapshot
4193 * zc_string name of conflicting snapshot, if there is one
4196 zfs_ioc_promote(zfs_cmd_t *zc)
4201 * We don't need to unmount *all* the origin fs's snapshots, but
4204 cp = strchr(zc->zc_value, '@');
4207 (void) dmu_objset_find(zc->zc_value,
4208 zfs_unmount_snap, NULL, DS_FIND_SNAPSHOTS);
4209 return (dsl_dataset_promote(zc->zc_name, zc->zc_string));
4213 * Retrieve a single {user|group}{used|quota}@... property.
4216 * zc_name name of filesystem
4217 * zc_objset_type zfs_userquota_prop_t
4218 * zc_value domain name (eg. "S-1-234-567-89")
4219 * zc_guid RID/UID/GID
4222 * zc_cookie property value
4225 zfs_ioc_userspace_one(zfs_cmd_t *zc)
4230 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
4233 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
4237 error = zfs_userspace_one(zfsvfs,
4238 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie);
4239 zfsvfs_rele(zfsvfs, FTAG);
4246 * zc_name name of filesystem
4247 * zc_cookie zap cursor
4248 * zc_objset_type zfs_userquota_prop_t
4249 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist)
4252 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t)
4253 * zc_cookie zap cursor
4256 zfs_ioc_userspace_many(zfs_cmd_t *zc)
4259 int bufsize = zc->zc_nvlist_dst_size;
4264 int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
4268 void *buf = kmem_alloc(bufsize, KM_SLEEP);
4270 error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie,
4271 buf, &zc->zc_nvlist_dst_size);
4274 error = ddi_copyout(buf,
4275 (void *)(uintptr_t)zc->zc_nvlist_dst,
4276 zc->zc_nvlist_dst_size, zc->zc_iflags);
4278 kmem_free(buf, bufsize);
4279 zfsvfs_rele(zfsvfs, FTAG);
4286 * zc_name name of filesystem
4292 zfs_ioc_userspace_upgrade(zfs_cmd_t *zc)
4298 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) {
4299 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) {
4301 * If userused is not enabled, it may be because the
4302 * objset needs to be closed & reopened (to grow the
4303 * objset_phys_t). Suspend/resume the fs will do that.
4305 error = zfs_suspend_fs(zfsvfs);
4307 error = zfs_resume_fs(zfsvfs, zc->zc_name);
4310 error = dmu_objset_userspace_upgrade(zfsvfs->z_os);
4311 VFS_RELE(zfsvfs->z_vfs);
4313 /* XXX kind of reading contents without owning */
4314 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
4318 error = dmu_objset_userspace_upgrade(os);
4319 dmu_objset_rele(os, FTAG);
4327 * We don't want to have a hard dependency
4328 * against some special symbols in sharefs
4329 * nfs, and smbsrv. Determine them if needed when
4330 * the first file system is shared.
4331 * Neither sharefs, nfs or smbsrv are unloadable modules.
4333 int (*znfsexport_fs)(void *arg);
4334 int (*zshare_fs)(enum sharefs_sys_op, share_t *, uint32_t);
4335 int (*zsmbexport_fs)(void *arg, boolean_t add_share);
4337 int zfs_nfsshare_inited;
4338 int zfs_smbshare_inited;
4340 ddi_modhandle_t nfs_mod;
4341 ddi_modhandle_t sharefs_mod;
4342 ddi_modhandle_t smbsrv_mod;
4344 kmutex_t zfs_share_lock;
4352 ASSERT(MUTEX_HELD(&zfs_share_lock));
4353 /* Both NFS and SMB shares also require sharetab support. */
4354 if (sharefs_mod == NULL && ((sharefs_mod =
4355 ddi_modopen("fs/sharefs",
4356 KRTLD_MODE_FIRST, &error)) == NULL)) {
4359 if (zshare_fs == NULL && ((zshare_fs =
4360 (int (*)(enum sharefs_sys_op, share_t *, uint32_t))
4361 ddi_modsym(sharefs_mod, "sharefs_impl", &error)) == NULL)) {
4369 zfs_ioc_share(zfs_cmd_t *zc)
4375 switch (zc->zc_share.z_sharetype) {
4377 case ZFS_UNSHARE_NFS:
4378 if (zfs_nfsshare_inited == 0) {
4379 mutex_enter(&zfs_share_lock);
4380 if (nfs_mod == NULL && ((nfs_mod = ddi_modopen("fs/nfs",
4381 KRTLD_MODE_FIRST, &error)) == NULL)) {
4382 mutex_exit(&zfs_share_lock);
4385 if (znfsexport_fs == NULL &&
4386 ((znfsexport_fs = (int (*)(void *))
4388 "nfs_export", &error)) == NULL)) {
4389 mutex_exit(&zfs_share_lock);
4392 error = zfs_init_sharefs();
4394 mutex_exit(&zfs_share_lock);
4397 zfs_nfsshare_inited = 1;
4398 mutex_exit(&zfs_share_lock);
4402 case ZFS_UNSHARE_SMB:
4403 if (zfs_smbshare_inited == 0) {
4404 mutex_enter(&zfs_share_lock);
4405 if (smbsrv_mod == NULL && ((smbsrv_mod =
4406 ddi_modopen("drv/smbsrv",
4407 KRTLD_MODE_FIRST, &error)) == NULL)) {
4408 mutex_exit(&zfs_share_lock);
4411 if (zsmbexport_fs == NULL && ((zsmbexport_fs =
4412 (int (*)(void *, boolean_t))ddi_modsym(smbsrv_mod,
4413 "smb_server_share", &error)) == NULL)) {
4414 mutex_exit(&zfs_share_lock);
4417 error = zfs_init_sharefs();
4419 mutex_exit(&zfs_share_lock);
4422 zfs_smbshare_inited = 1;
4423 mutex_exit(&zfs_share_lock);
4430 switch (zc->zc_share.z_sharetype) {
4432 case ZFS_UNSHARE_NFS:
4434 znfsexport_fs((void *)
4435 (uintptr_t)zc->zc_share.z_exportdata))
4439 case ZFS_UNSHARE_SMB:
4440 if (error = zsmbexport_fs((void *)
4441 (uintptr_t)zc->zc_share.z_exportdata,
4442 zc->zc_share.z_sharetype == ZFS_SHARE_SMB ?
4449 opcode = (zc->zc_share.z_sharetype == ZFS_SHARE_NFS ||
4450 zc->zc_share.z_sharetype == ZFS_SHARE_SMB) ?
4451 SHAREFS_ADD : SHAREFS_REMOVE;
4454 * Add or remove share from sharetab
4456 error = zshare_fs(opcode,
4457 (void *)(uintptr_t)zc->zc_share.z_sharedata,
4458 zc->zc_share.z_sharemax);
4467 ace_t full_access[] = {
4468 {(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0}
4473 * zc_name name of containing filesystem
4474 * zc_obj object # beyond which we want next in-use object #
4477 * zc_obj next in-use object #
4480 zfs_ioc_next_obj(zfs_cmd_t *zc)
4482 objset_t *os = NULL;
4485 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
4489 error = dmu_object_next(os, &zc->zc_obj, B_FALSE,
4490 os->os_dsl_dataset->ds_phys->ds_prev_snap_txg);
4492 dmu_objset_rele(os, FTAG);
4498 * zc_name name of filesystem
4499 * zc_value prefix name for snapshot
4500 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process
4505 zfs_ioc_tmp_snapshot(zfs_cmd_t *zc)
4510 snap_name = kmem_asprintf("%s-%016llx", zc->zc_value,
4511 (u_longlong_t)ddi_get_lbolt64());
4513 if (strlen(snap_name) >= MAXNAMELEN) {
4518 error = dmu_objset_snapshot(zc->zc_name, snap_name, snap_name,
4519 NULL, B_FALSE, B_TRUE, zc->zc_cleanup_fd);
4525 (void) strcpy(zc->zc_value, snap_name);
4532 * zc_name name of "to" snapshot
4533 * zc_value name of "from" snapshot
4534 * zc_cookie file descriptor to write diff data on
4537 * dmu_diff_record_t's to the file descriptor
4540 zfs_ioc_diff(zfs_cmd_t *zc)
4548 error = dmu_objset_hold(zc->zc_name, FTAG, &tosnap);
4552 error = dmu_objset_hold(zc->zc_value, FTAG, &fromsnap);
4554 dmu_objset_rele(tosnap, FTAG);
4558 fp = getf(zc->zc_cookie);
4560 dmu_objset_rele(fromsnap, FTAG);
4561 dmu_objset_rele(tosnap, FTAG);
4567 error = dmu_diff(tosnap, fromsnap, fp, &off);
4569 if (off >= 0 && off <= MAXOFFSET_T)
4571 releasef(zc->zc_cookie);
4573 dmu_objset_rele(fromsnap, FTAG);
4574 dmu_objset_rele(tosnap, FTAG);
4580 * Remove all ACL files in shares dir
4583 zfs_smb_acl_purge(znode_t *dzp)
4586 zap_attribute_t zap;
4587 zfsvfs_t *zfsvfs = dzp->z_zfsvfs;
4590 for (zap_cursor_init(&zc, zfsvfs->z_os, dzp->z_id);
4591 (error = zap_cursor_retrieve(&zc, &zap)) == 0;
4592 zap_cursor_advance(&zc)) {
4593 if ((error = VOP_REMOVE(ZTOV(dzp), zap.za_name, kcred,
4597 zap_cursor_fini(&zc);
4603 zfs_ioc_smb_acl(zfs_cmd_t *zc)
4608 vnode_t *resourcevp = NULL;
4617 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
4618 NO_FOLLOW, NULL, &vp)) != 0)
4621 /* Now make sure mntpnt and dataset are ZFS */
4623 if (strcmp(vp->v_vfsp->mnt_stat.f_fstypename, "zfs") != 0 ||
4624 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
4625 zc->zc_name) != 0)) {
4631 zfsvfs = dzp->z_zfsvfs;
4635 * Create share dir if its missing.
4637 mutex_enter(&zfsvfs->z_lock);
4638 if (zfsvfs->z_shares_dir == 0) {
4641 tx = dmu_tx_create(zfsvfs->z_os);
4642 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, TRUE,
4644 dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL);
4645 error = dmu_tx_assign(tx, TXG_WAIT);
4649 error = zfs_create_share_dir(zfsvfs, tx);
4653 mutex_exit(&zfsvfs->z_lock);
4659 mutex_exit(&zfsvfs->z_lock);
4661 ASSERT(zfsvfs->z_shares_dir);
4662 if ((error = zfs_zget(zfsvfs, zfsvfs->z_shares_dir, &sharedir)) != 0) {
4668 switch (zc->zc_cookie) {
4669 case ZFS_SMB_ACL_ADD:
4670 vattr.va_mask = AT_MODE|AT_UID|AT_GID|AT_TYPE;
4671 vattr.va_type = VREG;
4672 vattr.va_mode = S_IFREG|0777;
4676 vsec.vsa_mask = VSA_ACE;
4677 vsec.vsa_aclentp = &full_access;
4678 vsec.vsa_aclentsz = sizeof (full_access);
4679 vsec.vsa_aclcnt = 1;
4681 error = VOP_CREATE(ZTOV(sharedir), zc->zc_string,
4682 &vattr, EXCL, 0, &resourcevp, kcred, 0, NULL, &vsec);
4684 VN_RELE(resourcevp);
4687 case ZFS_SMB_ACL_REMOVE:
4688 error = VOP_REMOVE(ZTOV(sharedir), zc->zc_string, kcred,
4692 case ZFS_SMB_ACL_RENAME:
4693 if ((error = get_nvlist(zc->zc_nvlist_src,
4694 zc->zc_nvlist_src_size, zc->zc_iflags, &nvlist)) != 0) {
4699 if (nvlist_lookup_string(nvlist, ZFS_SMB_ACL_SRC, &src) ||
4700 nvlist_lookup_string(nvlist, ZFS_SMB_ACL_TARGET,
4703 VN_RELE(ZTOV(sharedir));
4705 nvlist_free(nvlist);
4708 error = VOP_RENAME(ZTOV(sharedir), src, ZTOV(sharedir), target,
4710 nvlist_free(nvlist);
4713 case ZFS_SMB_ACL_PURGE:
4714 error = zfs_smb_acl_purge(sharedir);
4723 VN_RELE(ZTOV(sharedir));
4729 return (EOPNOTSUPP);
4735 * zc_name name of filesystem
4736 * zc_value short name of snap
4737 * zc_string user-supplied tag for this hold
4738 * zc_cookie recursive flag
4739 * zc_temphold set if hold is temporary
4740 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process
4741 * zc_sendobj if non-zero, the objid for zc_name@zc_value
4742 * zc_createtxg if zc_sendobj is non-zero, snap must have zc_createtxg
4747 zfs_ioc_hold(zfs_cmd_t *zc)
4749 boolean_t recursive = zc->zc_cookie;
4756 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
4759 if (zc->zc_sendobj == 0) {
4760 return (dsl_dataset_user_hold(zc->zc_name, zc->zc_value,
4761 zc->zc_string, recursive, zc->zc_temphold,
4762 zc->zc_cleanup_fd));
4768 error = spa_open(zc->zc_name, &spa, FTAG);
4772 dp = spa_get_dsl(spa);
4773 rw_enter(&dp->dp_config_rwlock, RW_READER);
4774 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
4775 rw_exit(&dp->dp_config_rwlock);
4776 spa_close(spa, FTAG);
4781 * Until we have a hold on this snapshot, it's possible that
4782 * zc_sendobj could've been destroyed and reused as part
4783 * of a later txg. Make sure we're looking at the right object.
4785 if (zc->zc_createtxg != ds->ds_phys->ds_creation_txg) {
4786 dsl_dataset_rele(ds, FTAG);
4790 if (zc->zc_cleanup_fd != -1 && zc->zc_temphold) {
4791 error = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor);
4793 dsl_dataset_rele(ds, FTAG);
4798 error = dsl_dataset_user_hold_for_send(ds, zc->zc_string,
4802 dsl_register_onexit_hold_cleanup(ds, zc->zc_string,
4805 zfs_onexit_fd_rele(zc->zc_cleanup_fd);
4807 dsl_dataset_rele(ds, FTAG);
4814 * zc_name name of dataset from which we're releasing a user hold
4815 * zc_value short name of snap
4816 * zc_string user-supplied tag for this hold
4817 * zc_cookie recursive flag
4822 zfs_ioc_release(zfs_cmd_t *zc)
4824 boolean_t recursive = zc->zc_cookie;
4826 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
4829 return (dsl_dataset_user_release(zc->zc_name, zc->zc_value,
4830 zc->zc_string, recursive));
4835 * zc_name name of filesystem
4838 * zc_nvlist_src{_size} nvlist of snapshot holds
4841 zfs_ioc_get_holds(zfs_cmd_t *zc)
4846 if ((error = dsl_dataset_get_holds(zc->zc_name, &nvp)) == 0) {
4847 error = put_nvlist(zc, nvp);
4856 * zc_name name of new filesystem or snapshot
4857 * zc_value full name of old snapshot
4860 * zc_cookie space in bytes
4861 * zc_objset_type compressed space in bytes
4862 * zc_perm_action uncompressed space in bytes
4865 zfs_ioc_space_written(zfs_cmd_t *zc)
4868 dsl_dataset_t *new, *old;
4870 error = dsl_dataset_hold(zc->zc_name, FTAG, &new);
4873 error = dsl_dataset_hold(zc->zc_value, FTAG, &old);
4875 dsl_dataset_rele(new, FTAG);
4879 error = dsl_dataset_space_written(old, new, &zc->zc_cookie,
4880 &zc->zc_objset_type, &zc->zc_perm_action);
4881 dsl_dataset_rele(old, FTAG);
4882 dsl_dataset_rele(new, FTAG);
4888 * zc_name full name of last snapshot
4889 * zc_value full name of first snapshot
4892 * zc_cookie space in bytes
4893 * zc_objset_type compressed space in bytes
4894 * zc_perm_action uncompressed space in bytes
4897 zfs_ioc_space_snaps(zfs_cmd_t *zc)
4900 dsl_dataset_t *new, *old;
4902 error = dsl_dataset_hold(zc->zc_name, FTAG, &new);
4905 error = dsl_dataset_hold(zc->zc_value, FTAG, &old);
4907 dsl_dataset_rele(new, FTAG);
4911 error = dsl_dataset_space_wouldfree(old, new, &zc->zc_cookie,
4912 &zc->zc_objset_type, &zc->zc_perm_action);
4913 dsl_dataset_rele(old, FTAG);
4914 dsl_dataset_rele(new, FTAG);
4919 * pool create, destroy, and export don't log the history as part of
4920 * zfsdev_ioctl, but rather zfs_ioc_pool_create, and zfs_ioc_pool_export
4921 * do the logging of those commands.
4924 zfs_ioc_jail(zfs_cmd_t *zc)
4927 return (zone_dataset_attach(curthread->td_ucred, zc->zc_name,
4928 (int)zc->zc_jailid));
4932 zfs_ioc_unjail(zfs_cmd_t *zc)
4935 return (zone_dataset_detach(curthread->td_ucred, zc->zc_name,
4936 (int)zc->zc_jailid));
4939 static zfs_ioc_vec_t zfs_ioc_vec[] = {
4940 { zfs_ioc_pool_create, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4942 { zfs_ioc_pool_destroy, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4944 { zfs_ioc_pool_import, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4946 { zfs_ioc_pool_export, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4948 { zfs_ioc_pool_configs, zfs_secpolicy_none, NO_NAME, B_FALSE,
4950 { zfs_ioc_pool_stats, zfs_secpolicy_read, POOL_NAME, B_FALSE,
4952 { zfs_ioc_pool_tryimport, zfs_secpolicy_config, NO_NAME, B_FALSE,
4954 { zfs_ioc_pool_scan, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4956 { zfs_ioc_pool_freeze, zfs_secpolicy_config, NO_NAME, B_FALSE,
4958 { zfs_ioc_pool_upgrade, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4960 { zfs_ioc_pool_get_history, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4962 { zfs_ioc_vdev_add, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4964 { zfs_ioc_vdev_remove, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4966 { zfs_ioc_vdev_set_state, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4968 { zfs_ioc_vdev_attach, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4970 { zfs_ioc_vdev_detach, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4972 { zfs_ioc_vdev_setpath, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4974 { zfs_ioc_vdev_setfru, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4976 { zfs_ioc_objset_stats, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4978 { zfs_ioc_objset_zplprops, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4980 { zfs_ioc_dataset_list_next, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4982 { zfs_ioc_snapshot_list_next, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4984 { zfs_ioc_set_prop, zfs_secpolicy_none, DATASET_NAME, B_TRUE, B_TRUE },
4985 { zfs_ioc_create, zfs_secpolicy_create, DATASET_NAME, B_TRUE, B_TRUE },
4986 { zfs_ioc_destroy, zfs_secpolicy_destroy, DATASET_NAME, B_TRUE,
4988 { zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME, B_TRUE,
4990 { zfs_ioc_rename, zfs_secpolicy_rename, DATASET_NAME, B_TRUE, B_TRUE },
4991 { zfs_ioc_recv, zfs_secpolicy_receive, DATASET_NAME, B_TRUE, B_TRUE },
4992 { zfs_ioc_send, zfs_secpolicy_send, DATASET_NAME, B_FALSE, B_FALSE },
4993 { zfs_ioc_inject_fault, zfs_secpolicy_inject, NO_NAME, B_FALSE,
4995 { zfs_ioc_clear_fault, zfs_secpolicy_inject, NO_NAME, B_FALSE,
4997 { zfs_ioc_inject_list_next, zfs_secpolicy_inject, NO_NAME, B_FALSE,
4999 { zfs_ioc_error_log, zfs_secpolicy_inject, POOL_NAME, B_FALSE,
5001 { zfs_ioc_clear, zfs_secpolicy_config, POOL_NAME, B_TRUE, B_FALSE },
5002 { zfs_ioc_promote, zfs_secpolicy_promote, DATASET_NAME, B_TRUE,
5004 { zfs_ioc_destroy_snaps_nvl, zfs_secpolicy_destroy_recursive, DATASET_NAME,
5006 { zfs_ioc_snapshot, zfs_secpolicy_snapshot, DATASET_NAME, B_TRUE,
5008 { zfs_ioc_dsobj_to_dsname, zfs_secpolicy_diff, POOL_NAME, B_FALSE,
5010 { zfs_ioc_obj_to_path, zfs_secpolicy_diff, DATASET_NAME, B_FALSE,
5012 { zfs_ioc_pool_set_props, zfs_secpolicy_config, POOL_NAME, B_TRUE,
5014 { zfs_ioc_pool_get_props, zfs_secpolicy_read, POOL_NAME, B_FALSE,
5016 { zfs_ioc_set_fsacl, zfs_secpolicy_fsacl, DATASET_NAME, B_TRUE,
5018 { zfs_ioc_get_fsacl, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
5020 { zfs_ioc_share, zfs_secpolicy_share, DATASET_NAME, B_FALSE, B_FALSE },
5021 { zfs_ioc_inherit_prop, zfs_secpolicy_inherit, DATASET_NAME, B_TRUE,
5023 { zfs_ioc_smb_acl, zfs_secpolicy_smb_acl, DATASET_NAME, B_FALSE,
5025 { zfs_ioc_userspace_one, zfs_secpolicy_userspace_one,
5026 DATASET_NAME, B_FALSE, B_FALSE },
5027 { zfs_ioc_userspace_many, zfs_secpolicy_userspace_many,
5028 DATASET_NAME, B_FALSE, B_FALSE },
5029 { zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade,
5030 DATASET_NAME, B_FALSE, B_TRUE },
5031 { zfs_ioc_hold, zfs_secpolicy_hold, DATASET_NAME, B_TRUE, B_TRUE },
5032 { zfs_ioc_release, zfs_secpolicy_release, DATASET_NAME, B_TRUE,
5034 { zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
5036 { zfs_ioc_objset_recvd_props, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
5038 { zfs_ioc_vdev_split, zfs_secpolicy_config, POOL_NAME, B_TRUE,
5040 { zfs_ioc_next_obj, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
5042 { zfs_ioc_diff, zfs_secpolicy_diff, DATASET_NAME, B_FALSE, B_FALSE },
5043 { zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot, DATASET_NAME,
5045 { zfs_ioc_obj_to_stats, zfs_secpolicy_diff, DATASET_NAME, B_FALSE,
5047 { zfs_ioc_jail, zfs_secpolicy_config, DATASET_NAME, B_TRUE, B_FALSE },
5048 { zfs_ioc_unjail, zfs_secpolicy_config, DATASET_NAME, B_TRUE, B_FALSE },
5049 { zfs_ioc_pool_reguid, zfs_secpolicy_config, POOL_NAME, B_TRUE,
5051 { zfs_ioc_space_written, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
5053 { zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
5055 { zfs_ioc_send_progress, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
5057 { zfs_ioc_pool_reopen, zfs_secpolicy_config, POOL_NAME, B_TRUE,
5062 pool_status_check(const char *name, zfs_ioc_namecheck_t type)
5067 ASSERT(type == POOL_NAME || type == DATASET_NAME);
5069 error = spa_open(name, &spa, FTAG);
5071 if (spa_suspended(spa))
5073 spa_close(spa, FTAG);
5079 * Find a free minor number.
5082 zfsdev_minor_alloc(void)
5084 static minor_t last_minor;
5087 ASSERT(MUTEX_HELD(&spa_namespace_lock));
5089 for (m = last_minor + 1; m != last_minor; m++) {
5090 if (m > ZFSDEV_MAX_MINOR)
5092 if (ddi_get_soft_state(zfsdev_state, m) == NULL) {
5102 zfs_ctldev_init(struct cdev *devp)
5105 zfs_soft_state_t *zs;
5107 ASSERT(MUTEX_HELD(&spa_namespace_lock));
5109 minor = zfsdev_minor_alloc();
5113 if (ddi_soft_state_zalloc(zfsdev_state, minor) != DDI_SUCCESS)
5116 devfs_set_cdevpriv((void *)(uintptr_t)minor, zfsdev_close);
5118 zs = ddi_get_soft_state(zfsdev_state, minor);
5119 zs->zss_type = ZSST_CTLDEV;
5120 zfs_onexit_init((zfs_onexit_t **)&zs->zss_data);
5126 zfs_ctldev_destroy(zfs_onexit_t *zo, minor_t minor)
5128 ASSERT(MUTEX_HELD(&spa_namespace_lock));
5130 zfs_onexit_destroy(zo);
5131 ddi_soft_state_free(zfsdev_state, minor);
5135 zfsdev_get_soft_state(minor_t minor, enum zfs_soft_state_type which)
5137 zfs_soft_state_t *zp;
5139 zp = ddi_get_soft_state(zfsdev_state, minor);
5140 if (zp == NULL || zp->zss_type != which)
5143 return (zp->zss_data);
5147 zfsdev_open(struct cdev *devp, int flag, int mode, struct thread *td)
5152 if (getminor(*devp) != 0)
5153 return (zvol_open(devp, flag, otyp, cr));
5156 /* This is the control device. Allocate a new minor if requested. */
5158 mutex_enter(&spa_namespace_lock);
5159 error = zfs_ctldev_init(devp);
5160 mutex_exit(&spa_namespace_lock);
5167 zfsdev_close(void *data)
5170 minor_t minor = (minor_t)(uintptr_t)data;
5175 mutex_enter(&spa_namespace_lock);
5176 zo = zfsdev_get_soft_state(minor, ZSST_CTLDEV);
5178 mutex_exit(&spa_namespace_lock);
5181 zfs_ctldev_destroy(zo, minor);
5182 mutex_exit(&spa_namespace_lock);
5186 zfsdev_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
5191 int cflag, error, len;
5193 cflag = ZFS_CMD_COMPAT_NONE;
5194 len = IOCPARM_LEN(cmd);
5197 * Check if we have sufficient kernel memory allocated
5198 * for the zfs_cmd_t request. Bail out if not so we
5199 * will not access undefined memory region.
5201 if (len < sizeof(zfs_cmd_t))
5202 if (len == sizeof(zfs_cmd_v15_t)) {
5203 cflag = ZFS_CMD_COMPAT_V15;
5204 vec = zfs_ioctl_v15_to_v28[ZFS_IOC(cmd)];
5210 if (cflag != ZFS_CMD_COMPAT_NONE) {
5211 if (vec == ZFS_IOC_COMPAT_PASS)
5213 else if (vec == ZFS_IOC_COMPAT_FAIL)
5217 if (vec >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0]))
5220 if (cflag != ZFS_CMD_COMPAT_NONE) {
5221 zc = kmem_zalloc(sizeof(zfs_cmd_t), KM_SLEEP);
5222 bzero(zc, sizeof(zfs_cmd_t));
5223 zfs_cmd_compat_get(zc, addr, cflag);
5224 zfs_ioctl_compat_pre(zc, &vec, cflag);
5229 error = zfs_ioc_vec[vec].zvec_secpolicy(zc, td->td_ucred);
5232 * Ensure that all pool/dataset names are valid before we pass down to
5236 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
5237 zc->zc_iflags = flag & FKIOCTL;
5238 switch (zfs_ioc_vec[vec].zvec_namecheck) {
5240 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0)
5242 if (zfs_ioc_vec[vec].zvec_pool_check)
5243 error = pool_status_check(zc->zc_name,
5244 zfs_ioc_vec[vec].zvec_namecheck);
5248 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0)
5250 if (zfs_ioc_vec[vec].zvec_pool_check)
5251 error = pool_status_check(zc->zc_name,
5252 zfs_ioc_vec[vec].zvec_namecheck);
5261 error = zfs_ioc_vec[vec].zvec_func(zc);
5264 if (zfs_ioc_vec[vec].zvec_his_log)
5265 zfs_log_history(zc);
5268 if (cflag != ZFS_CMD_COMPAT_NONE) {
5269 zfs_ioctl_compat_post(zc, ZFS_IOC(cmd), cflag);
5270 zfs_cmd_compat_put(zc, addr, cflag);
5271 kmem_free(zc, sizeof(zfs_cmd_t));
5279 zfs_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
5281 if (cmd != DDI_ATTACH)
5282 return (DDI_FAILURE);
5284 if (ddi_create_minor_node(dip, "zfs", S_IFCHR, 0,
5285 DDI_PSEUDO, 0) == DDI_FAILURE)
5286 return (DDI_FAILURE);
5290 ddi_report_dev(dip);
5292 return (DDI_SUCCESS);
5296 zfs_detach(dev_info_t *dip, ddi_detach_cmd_t cmd)
5298 if (spa_busy() || zfs_busy() || zvol_busy())
5299 return (DDI_FAILURE);
5301 if (cmd != DDI_DETACH)
5302 return (DDI_FAILURE);
5306 ddi_prop_remove_all(dip);
5307 ddi_remove_minor_node(dip, NULL);
5309 return (DDI_SUCCESS);
5314 zfs_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result)
5317 case DDI_INFO_DEVT2DEVINFO:
5319 return (DDI_SUCCESS);
5321 case DDI_INFO_DEVT2INSTANCE:
5322 *result = (void *)0;
5323 return (DDI_SUCCESS);
5326 return (DDI_FAILURE);
5331 * OK, so this is a little weird.
5333 * /dev/zfs is the control node, i.e. minor 0.
5334 * /dev/zvol/[r]dsk/pool/dataset are the zvols, minor > 0.
5336 * /dev/zfs has basically nothing to do except serve up ioctls,
5337 * so most of the standard driver entry points are in zvol.c.
5340 static struct cb_ops zfs_cb_ops = {
5341 zfsdev_open, /* open */
5342 zfsdev_close, /* close */
5343 zvol_strategy, /* strategy */
5345 zvol_dump, /* dump */
5346 zvol_read, /* read */
5347 zvol_write, /* write */
5348 zfsdev_ioctl, /* ioctl */
5352 nochpoll, /* poll */
5353 ddi_prop_op, /* prop_op */
5354 NULL, /* streamtab */
5355 D_NEW | D_MP | D_64BIT, /* Driver compatibility flag */
5356 CB_REV, /* version */
5357 nodev, /* async read */
5358 nodev, /* async write */
5361 static struct dev_ops zfs_dev_ops = {
5362 DEVO_REV, /* version */
5364 zfs_info, /* info */
5365 nulldev, /* identify */
5366 nulldev, /* probe */
5367 zfs_attach, /* attach */
5368 zfs_detach, /* detach */
5370 &zfs_cb_ops, /* driver operations */
5371 NULL, /* no bus operations */
5373 ddi_quiesce_not_needed, /* quiesce */
5376 static struct modldrv zfs_modldrv = {
5382 static struct modlinkage modlinkage = {
5384 (void *)&zfs_modlfs,
5385 (void *)&zfs_modldrv,
5390 static struct cdevsw zfs_cdevsw = {
5391 .d_version = D_VERSION,
5392 .d_open = zfsdev_open,
5393 .d_ioctl = zfsdev_ioctl,
5394 .d_name = ZFS_DEV_NAME
5400 zfsdev = make_dev(&zfs_cdevsw, 0x0, UID_ROOT, GID_OPERATOR, 0666,
5408 destroy_dev(zfsdev);
5411 static struct root_hold_token *zfs_root_token;
5412 struct proc *zfsproc;
5414 uint_t zfs_fsyncer_key;
5415 extern uint_t rrw_tsd_key;
5423 spa_init(FREAD | FWRITE);
5427 if ((error = mod_install(&modlinkage)) != 0) {
5434 tsd_create(&zfs_fsyncer_key, NULL);
5435 tsd_create(&rrw_tsd_key, NULL);
5437 error = ldi_ident_from_mod(&modlinkage, &zfs_li);
5439 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL);
5449 if (spa_busy() || zfs_busy() || zvol_busy() || zio_injection_enabled)
5452 if ((error = mod_remove(&modlinkage)) != 0)
5458 if (zfs_nfsshare_inited)
5459 (void) ddi_modclose(nfs_mod);
5460 if (zfs_smbshare_inited)
5461 (void) ddi_modclose(smbsrv_mod);
5462 if (zfs_nfsshare_inited || zfs_smbshare_inited)
5463 (void) ddi_modclose(sharefs_mod);
5465 tsd_destroy(&zfs_fsyncer_key);
5466 ldi_ident_release(zfs_li);
5468 mutex_destroy(&zfs_share_lock);
5474 _info(struct modinfo *modinfop)
5476 return (mod_info(&modlinkage, modinfop));
5481 zfs_modevent(module_t mod, int type, void *unused __unused)
5487 zfs_root_token = root_mount_hold("ZFS");
5489 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL);
5491 spa_init(FREAD | FWRITE);
5495 tsd_create(&zfs_fsyncer_key, NULL);
5496 tsd_create(&rrw_tsd_key, NULL);
5498 printf("ZFS storage pool version: features support (" SPA_VERSION_STRING ")\n");
5499 root_mount_rel(zfs_root_token);
5504 if (spa_busy() || zfs_busy() || zvol_busy() ||
5505 zio_injection_enabled) {
5515 tsd_destroy(&zfs_fsyncer_key);
5516 tsd_destroy(&rrw_tsd_key);
5518 mutex_destroy(&zfs_share_lock);
5527 static moduledata_t zfs_mod = {
5532 DECLARE_MODULE(zfsctrl, zfs_mod, SI_SUB_VFS, SI_ORDER_ANY);
5533 MODULE_DEPEND(zfsctrl, opensolaris, 1, 1, 1);
5534 MODULE_DEPEND(zfsctrl, krpc, 1, 1, 1);
5535 MODULE_DEPEND(zfsctrl, acl_nfs4, 1, 1, 1);