Print this page
*** NO COMMENTS ***
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/fs/zfs/zfs_ioctl.c
+++ new/usr/src/uts/common/fs/zfs/zfs_ioctl.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
23 23 */
24 24
25 25 #include <sys/types.h>
26 26 #include <sys/param.h>
27 27 #include <sys/errno.h>
28 28 #include <sys/uio.h>
29 29 #include <sys/buf.h>
30 30 #include <sys/modctl.h>
31 31 #include <sys/open.h>
32 32 #include <sys/file.h>
33 33 #include <sys/kmem.h>
34 34 #include <sys/conf.h>
35 35 #include <sys/cmn_err.h>
36 36 #include <sys/stat.h>
37 37 #include <sys/zfs_ioctl.h>
38 38 #include <sys/zfs_vfsops.h>
39 39 #include <sys/zfs_znode.h>
40 40 #include <sys/zap.h>
41 41 #include <sys/spa.h>
42 42 #include <sys/spa_impl.h>
43 43 #include <sys/vdev.h>
44 44 #include <sys/priv_impl.h>
45 45 #include <sys/dmu.h>
46 46 #include <sys/dsl_dir.h>
47 47 #include <sys/dsl_dataset.h>
48 48 #include <sys/dsl_prop.h>
49 49 #include <sys/dsl_deleg.h>
50 50 #include <sys/dmu_objset.h>
51 51 #include <sys/ddi.h>
52 52 #include <sys/sunddi.h>
53 53 #include <sys/sunldi.h>
54 54 #include <sys/policy.h>
55 55 #include <sys/zone.h>
56 56 #include <sys/nvpair.h>
57 57 #include <sys/pathname.h>
58 58 #include <sys/mount.h>
59 59 #include <sys/sdt.h>
60 60 #include <sys/fs/zfs.h>
61 61 #include <sys/zfs_ctldir.h>
62 62 #include <sys/zfs_dir.h>
63 63 #include <sys/zfs_onexit.h>
64 64 #include <sys/zvol.h>
65 65 #include <sys/dsl_scan.h>
66 66 #include <sharefs/share.h>
67 67 #include <sys/dmu_objset.h>
68 68
69 69 #include "zfs_namecheck.h"
70 70 #include "zfs_prop.h"
71 71 #include "zfs_deleg.h"
72 72 #include "zfs_comutil.h"
73 73
74 74 extern struct modlfs zfs_modlfs;
75 75
76 76 extern void zfs_init(void);
77 77 extern void zfs_fini(void);
78 78
79 79 ldi_ident_t zfs_li = NULL;
80 80 dev_info_t *zfs_dip;
81 81
82 82 typedef int zfs_ioc_func_t(zfs_cmd_t *);
83 83 typedef int zfs_secpolicy_func_t(zfs_cmd_t *, cred_t *);
84 84
85 85 typedef enum {
86 86 NO_NAME,
87 87 POOL_NAME,
88 88 DATASET_NAME
89 89 } zfs_ioc_namecheck_t;
90 90
91 91 typedef enum {
92 92 POOL_CHECK_NONE = 1 << 0,
93 93 POOL_CHECK_SUSPENDED = 1 << 1,
94 94 POOL_CHECK_READONLY = 1 << 2
95 95 } zfs_ioc_poolcheck_t;
96 96
97 97 typedef struct zfs_ioc_vec {
98 98 zfs_ioc_func_t *zvec_func;
99 99 zfs_secpolicy_func_t *zvec_secpolicy;
100 100 zfs_ioc_namecheck_t zvec_namecheck;
101 101 boolean_t zvec_his_log;
102 102 zfs_ioc_poolcheck_t zvec_pool_check;
103 103 } zfs_ioc_vec_t;
104 104
105 105 /* This array is indexed by zfs_userquota_prop_t */
106 106 static const char *userquota_perms[] = {
107 107 ZFS_DELEG_PERM_USERUSED,
108 108 ZFS_DELEG_PERM_USERQUOTA,
109 109 ZFS_DELEG_PERM_GROUPUSED,
110 110 ZFS_DELEG_PERM_GROUPQUOTA,
111 111 };
112 112
113 113 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc);
114 114 static int zfs_check_settable(const char *name, nvpair_t *property,
115 115 cred_t *cr);
116 116 static int zfs_check_clearable(char *dataset, nvlist_t *props,
117 117 nvlist_t **errors);
118 118 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *,
119 119 boolean_t *);
120 120 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t **);
121 121
122 122 /* _NOTE(PRINTFLIKE(4)) - this is printf-like, but lint is too whiney */
123 123 void
124 124 __dprintf(const char *file, const char *func, int line, const char *fmt, ...)
125 125 {
126 126 const char *newfile;
127 127 char buf[512];
128 128 va_list adx;
129 129
130 130 /*
131 131 * Get rid of annoying "../common/" prefix to filename.
132 132 */
133 133 newfile = strrchr(file, '/');
134 134 if (newfile != NULL) {
135 135 newfile = newfile + 1; /* Get rid of leading / */
136 136 } else {
137 137 newfile = file;
138 138 }
139 139
140 140 va_start(adx, fmt);
141 141 (void) vsnprintf(buf, sizeof (buf), fmt, adx);
142 142 va_end(adx);
143 143
144 144 /*
145 145 * To get this data, use the zfs-dprintf probe as so:
146 146 * dtrace -q -n 'zfs-dprintf \
147 147 * /stringof(arg0) == "dbuf.c"/ \
148 148 * {printf("%s: %s", stringof(arg1), stringof(arg3))}'
149 149 * arg0 = file name
150 150 * arg1 = function name
151 151 * arg2 = line number
152 152 * arg3 = message
153 153 */
154 154 DTRACE_PROBE4(zfs__dprintf,
155 155 char *, newfile, char *, func, int, line, char *, buf);
156 156 }
157 157
158 158 static void
159 159 history_str_free(char *buf)
160 160 {
161 161 kmem_free(buf, HIS_MAX_RECORD_LEN);
162 162 }
163 163
164 164 static char *
165 165 history_str_get(zfs_cmd_t *zc)
166 166 {
167 167 char *buf;
168 168
169 169 if (zc->zc_history == NULL)
170 170 return (NULL);
171 171
172 172 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP);
173 173 if (copyinstr((void *)(uintptr_t)zc->zc_history,
174 174 buf, HIS_MAX_RECORD_LEN, NULL) != 0) {
175 175 history_str_free(buf);
176 176 return (NULL);
177 177 }
178 178
179 179 buf[HIS_MAX_RECORD_LEN -1] = '\0';
180 180
181 181 return (buf);
182 182 }
183 183
184 184 /*
185 185 * Check to see if the named dataset is currently defined as bootable
186 186 */
187 187 static boolean_t
188 188 zfs_is_bootfs(const char *name)
189 189 {
190 190 objset_t *os;
191 191
192 192 if (dmu_objset_hold(name, FTAG, &os) == 0) {
193 193 boolean_t ret;
194 194 ret = (dmu_objset_id(os) == spa_bootfs(dmu_objset_spa(os)));
195 195 dmu_objset_rele(os, FTAG);
196 196 return (ret);
197 197 }
198 198 return (B_FALSE);
199 199 }
200 200
201 201 /*
202 202 * zfs_earlier_version
203 203 *
204 204 * Return non-zero if the spa version is less than requested version.
205 205 */
206 206 static int
207 207 zfs_earlier_version(const char *name, int version)
208 208 {
209 209 spa_t *spa;
210 210
211 211 if (spa_open(name, &spa, FTAG) == 0) {
212 212 if (spa_version(spa) < version) {
213 213 spa_close(spa, FTAG);
214 214 return (1);
215 215 }
216 216 spa_close(spa, FTAG);
217 217 }
218 218 return (0);
219 219 }
220 220
221 221 /*
222 222 * zpl_earlier_version
223 223 *
224 224 * Return TRUE if the ZPL version is less than requested version.
225 225 */
226 226 static boolean_t
227 227 zpl_earlier_version(const char *name, int version)
228 228 {
229 229 objset_t *os;
230 230 boolean_t rc = B_TRUE;
231 231
232 232 if (dmu_objset_hold(name, FTAG, &os) == 0) {
233 233 uint64_t zplversion;
234 234
235 235 if (dmu_objset_type(os) != DMU_OST_ZFS) {
236 236 dmu_objset_rele(os, FTAG);
237 237 return (B_TRUE);
238 238 }
239 239 /* XXX reading from non-owned objset */
240 240 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0)
241 241 rc = zplversion < version;
242 242 dmu_objset_rele(os, FTAG);
243 243 }
244 244 return (rc);
245 245 }
246 246
247 247 static void
248 248 zfs_log_history(zfs_cmd_t *zc)
249 249 {
250 250 spa_t *spa;
251 251 char *buf;
252 252
253 253 if ((buf = history_str_get(zc)) == NULL)
254 254 return;
255 255
256 256 if (spa_open(zc->zc_name, &spa, FTAG) == 0) {
257 257 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY)
258 258 (void) spa_history_log(spa, buf, LOG_CMD_NORMAL);
259 259 spa_close(spa, FTAG);
260 260 }
261 261 history_str_free(buf);
262 262 }
263 263
264 264 /*
265 265 * Policy for top-level read operations (list pools). Requires no privileges,
266 266 * and can be used in the local zone, as there is no associated dataset.
267 267 */
268 268 /* ARGSUSED */
269 269 static int
270 270 zfs_secpolicy_none(zfs_cmd_t *zc, cred_t *cr)
271 271 {
272 272 return (0);
273 273 }
274 274
275 275 /*
276 276 * Policy for dataset read operations (list children, get statistics). Requires
277 277 * no privileges, but must be visible in the local zone.
278 278 */
279 279 /* ARGSUSED */
280 280 static int
281 281 zfs_secpolicy_read(zfs_cmd_t *zc, cred_t *cr)
282 282 {
283 283 if (INGLOBALZONE(curproc) ||
284 284 zone_dataset_visible(zc->zc_name, NULL))
285 285 return (0);
286 286
287 287 return (ENOENT);
288 288 }
289 289
290 290 static int
291 291 zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr)
292 292 {
293 293 int writable = 1;
294 294
295 295 /*
296 296 * The dataset must be visible by this zone -- check this first
297 297 * so they don't see EPERM on something they shouldn't know about.
298 298 */
299 299 if (!INGLOBALZONE(curproc) &&
300 300 !zone_dataset_visible(dataset, &writable))
301 301 return (ENOENT);
302 302
303 303 if (INGLOBALZONE(curproc)) {
304 304 /*
305 305 * If the fs is zoned, only root can access it from the
306 306 * global zone.
307 307 */
308 308 if (secpolicy_zfs(cr) && zoned)
309 309 return (EPERM);
310 310 } else {
311 311 /*
312 312 * If we are in a local zone, the 'zoned' property must be set.
313 313 */
314 314 if (!zoned)
315 315 return (EPERM);
316 316
317 317 /* must be writable by this zone */
318 318 if (!writable)
319 319 return (EPERM);
320 320 }
321 321 return (0);
322 322 }
323 323
324 324 static int
325 325 zfs_dozonecheck(const char *dataset, cred_t *cr)
326 326 {
327 327 uint64_t zoned;
328 328
329 329 if (dsl_prop_get_integer(dataset, "zoned", &zoned, NULL))
330 330 return (ENOENT);
331 331
332 332 return (zfs_dozonecheck_impl(dataset, zoned, cr));
333 333 }
334 334
335 335 static int
336 336 zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr)
337 337 {
338 338 uint64_t zoned;
339 339
340 340 rw_enter(&ds->ds_dir->dd_pool->dp_config_rwlock, RW_READER);
341 341 if (dsl_prop_get_ds(ds, "zoned", 8, 1, &zoned, NULL)) {
342 342 rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock);
343 343 return (ENOENT);
344 344 }
345 345 rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock);
346 346
347 347 return (zfs_dozonecheck_impl(dataset, zoned, cr));
348 348 }
349 349
350 350 int
351 351 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
352 352 {
353 353 int error;
354 354
355 355 error = zfs_dozonecheck(name, cr);
356 356 if (error == 0) {
357 357 error = secpolicy_zfs(cr);
358 358 if (error)
359 359 error = dsl_deleg_access(name, perm, cr);
360 360 }
361 361 return (error);
362 362 }
363 363
364 364 int
365 365 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds,
366 366 const char *perm, cred_t *cr)
367 367 {
368 368 int error;
369 369
370 370 error = zfs_dozonecheck_ds(name, ds, cr);
371 371 if (error == 0) {
372 372 error = secpolicy_zfs(cr);
373 373 if (error)
374 374 error = dsl_deleg_access_impl(ds, perm, cr);
375 375 }
376 376 return (error);
377 377 }
378 378
379 379 /*
380 380 * Policy for setting the security label property.
381 381 *
382 382 * Returns 0 for success, non-zero for access and other errors.
383 383 */
384 384 static int
385 385 zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr)
386 386 {
387 387 char ds_hexsl[MAXNAMELEN];
388 388 bslabel_t ds_sl, new_sl;
389 389 boolean_t new_default = FALSE;
390 390 uint64_t zoned;
391 391 int needed_priv = -1;
392 392 int error;
393 393
394 394 /* First get the existing dataset label. */
395 395 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL),
396 396 1, sizeof (ds_hexsl), &ds_hexsl, NULL);
397 397 if (error)
398 398 return (EPERM);
399 399
400 400 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0)
401 401 new_default = TRUE;
402 402
403 403 /* The label must be translatable */
404 404 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0))
405 405 return (EINVAL);
406 406
407 407 /*
408 408 * In a non-global zone, disallow attempts to set a label that
409 409 * doesn't match that of the zone; otherwise no other checks
410 410 * are needed.
411 411 */
412 412 if (!INGLOBALZONE(curproc)) {
413 413 if (new_default || !blequal(&new_sl, CR_SL(CRED())))
414 414 return (EPERM);
415 415 return (0);
416 416 }
417 417
418 418 /*
419 419 * For global-zone datasets (i.e., those whose zoned property is
420 420 * "off", verify that the specified new label is valid for the
421 421 * global zone.
422 422 */
423 423 if (dsl_prop_get_integer(name,
424 424 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL))
425 425 return (EPERM);
426 426 if (!zoned) {
427 427 if (zfs_check_global_label(name, strval) != 0)
428 428 return (EPERM);
429 429 }
430 430
431 431 /*
432 432 * If the existing dataset label is nondefault, check if the
433 433 * dataset is mounted (label cannot be changed while mounted).
434 434 * Get the zfsvfs; if there isn't one, then the dataset isn't
435 435 * mounted (or isn't a dataset, doesn't exist, ...).
436 436 */
437 437 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) {
438 438 objset_t *os;
439 439 static char *setsl_tag = "setsl_tag";
440 440
441 441 /*
442 442 * Try to own the dataset; abort if there is any error,
443 443 * (e.g., already mounted, in use, or other error).
444 444 */
445 445 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE,
446 446 setsl_tag, &os);
447 447 if (error)
448 448 return (EPERM);
449 449
450 450 dmu_objset_disown(os, setsl_tag);
451 451
452 452 if (new_default) {
453 453 needed_priv = PRIV_FILE_DOWNGRADE_SL;
454 454 goto out_check;
455 455 }
456 456
457 457 if (hexstr_to_label(strval, &new_sl) != 0)
458 458 return (EPERM);
459 459
460 460 if (blstrictdom(&ds_sl, &new_sl))
461 461 needed_priv = PRIV_FILE_DOWNGRADE_SL;
462 462 else if (blstrictdom(&new_sl, &ds_sl))
463 463 needed_priv = PRIV_FILE_UPGRADE_SL;
464 464 } else {
465 465 /* dataset currently has a default label */
466 466 if (!new_default)
467 467 needed_priv = PRIV_FILE_UPGRADE_SL;
468 468 }
469 469
470 470 out_check:
471 471 if (needed_priv != -1)
472 472 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL));
473 473 return (0);
474 474 }
475 475
476 476 static int
477 477 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval,
478 478 cred_t *cr)
479 479 {
480 480 char *strval;
481 481
482 482 /*
483 483 * Check permissions for special properties.
484 484 */
485 485 switch (prop) {
486 486 case ZFS_PROP_ZONED:
487 487 /*
488 488 * Disallow setting of 'zoned' from within a local zone.
489 489 */
490 490 if (!INGLOBALZONE(curproc))
491 491 return (EPERM);
492 492 break;
493 493
494 494 case ZFS_PROP_QUOTA:
495 495 if (!INGLOBALZONE(curproc)) {
496 496 uint64_t zoned;
497 497 char setpoint[MAXNAMELEN];
498 498 /*
499 499 * Unprivileged users are allowed to modify the
500 500 * quota on things *under* (ie. contained by)
501 501 * the thing they own.
502 502 */
503 503 if (dsl_prop_get_integer(dsname, "zoned", &zoned,
504 504 setpoint))
505 505 return (EPERM);
506 506 if (!zoned || strlen(dsname) <= strlen(setpoint))
507 507 return (EPERM);
508 508 }
509 509 break;
510 510
511 511 case ZFS_PROP_MLSLABEL:
512 512 if (!is_system_labeled())
513 513 return (EPERM);
514 514
515 515 if (nvpair_value_string(propval, &strval) == 0) {
516 516 int err;
517 517
518 518 err = zfs_set_slabel_policy(dsname, strval, CRED());
519 519 if (err != 0)
520 520 return (err);
521 521 }
522 522 break;
523 523 }
524 524
525 525 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr));
526 526 }
527 527
528 528 int
529 529 zfs_secpolicy_fsacl(zfs_cmd_t *zc, cred_t *cr)
530 530 {
531 531 int error;
532 532
533 533 error = zfs_dozonecheck(zc->zc_name, cr);
534 534 if (error)
535 535 return (error);
536 536
537 537 /*
538 538 * permission to set permissions will be evaluated later in
539 539 * dsl_deleg_can_allow()
540 540 */
541 541 return (0);
542 542 }
543 543
544 544 int
545 545 zfs_secpolicy_rollback(zfs_cmd_t *zc, cred_t *cr)
546 546 {
547 547 return (zfs_secpolicy_write_perms(zc->zc_name,
548 548 ZFS_DELEG_PERM_ROLLBACK, cr));
549 549 }
550 550
551 551 int
552 552 zfs_secpolicy_send(zfs_cmd_t *zc, cred_t *cr)
553 553 {
554 554 spa_t *spa;
555 555 dsl_pool_t *dp;
556 556 dsl_dataset_t *ds;
557 557 char *cp;
558 558 int error;
559 559
560 560 /*
561 561 * Generate the current snapshot name from the given objsetid, then
562 562 * use that name for the secpolicy/zone checks.
563 563 */
564 564 cp = strchr(zc->zc_name, '@');
565 565 if (cp == NULL)
566 566 return (EINVAL);
567 567 error = spa_open(zc->zc_name, &spa, FTAG);
568 568 if (error)
569 569 return (error);
570 570
571 571 dp = spa_get_dsl(spa);
572 572 rw_enter(&dp->dp_config_rwlock, RW_READER);
573 573 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
574 574 rw_exit(&dp->dp_config_rwlock);
575 575 spa_close(spa, FTAG);
576 576 if (error)
577 577 return (error);
578 578
579 579 dsl_dataset_name(ds, zc->zc_name);
580 580
581 581 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds,
582 582 ZFS_DELEG_PERM_SEND, cr);
583 583 dsl_dataset_rele(ds, FTAG);
584 584
585 585 return (error);
586 586 }
587 587
588 588 static int
589 589 zfs_secpolicy_deleg_share(zfs_cmd_t *zc, cred_t *cr)
590 590 {
591 591 vnode_t *vp;
592 592 int error;
593 593
594 594 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
595 595 NO_FOLLOW, NULL, &vp)) != 0)
596 596 return (error);
597 597
598 598 /* Now make sure mntpnt and dataset are ZFS */
599 599
600 600 if (vp->v_vfsp->vfs_fstype != zfsfstype ||
601 601 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
602 602 zc->zc_name) != 0)) {
603 603 VN_RELE(vp);
604 604 return (EPERM);
605 605 }
606 606
607 607 VN_RELE(vp);
608 608 return (dsl_deleg_access(zc->zc_name,
609 609 ZFS_DELEG_PERM_SHARE, cr));
610 610 }
611 611
612 612 int
613 613 zfs_secpolicy_share(zfs_cmd_t *zc, cred_t *cr)
614 614 {
615 615 if (!INGLOBALZONE(curproc))
616 616 return (EPERM);
617 617
618 618 if (secpolicy_nfs(cr) == 0) {
619 619 return (0);
620 620 } else {
621 621 return (zfs_secpolicy_deleg_share(zc, cr));
622 622 }
623 623 }
624 624
625 625 int
626 626 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, cred_t *cr)
627 627 {
628 628 if (!INGLOBALZONE(curproc))
629 629 return (EPERM);
630 630
631 631 if (secpolicy_smb(cr) == 0) {
632 632 return (0);
633 633 } else {
634 634 return (zfs_secpolicy_deleg_share(zc, cr));
635 635 }
636 636 }
637 637
638 638 static int
639 639 zfs_get_parent(const char *datasetname, char *parent, int parentsize)
640 640 {
641 641 char *cp;
642 642
643 643 /*
644 644 * Remove the @bla or /bla from the end of the name to get the parent.
645 645 */
646 646 (void) strncpy(parent, datasetname, parentsize);
647 647 cp = strrchr(parent, '@');
648 648 if (cp != NULL) {
649 649 cp[0] = '\0';
650 650 } else {
651 651 cp = strrchr(parent, '/');
652 652 if (cp == NULL)
653 653 return (ENOENT);
654 654 cp[0] = '\0';
655 655 }
656 656
657 657 return (0);
658 658 }
659 659
660 660 int
661 661 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr)
662 662 {
663 663 int error;
664 664
665 665 if ((error = zfs_secpolicy_write_perms(name,
666 666 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
667 667 return (error);
668 668
669 669 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr));
670 670 }
671 671
672 672 static int
673 673 zfs_secpolicy_destroy(zfs_cmd_t *zc, cred_t *cr)
674 674 {
675 675 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr));
676 676 }
677 677
|
↓ open down ↓ |
677 lines elided |
↑ open up ↑ |
678 678 /*
679 679 * Destroying snapshots with delegated permissions requires
680 680 * descendent mount and destroy permissions.
681 681 * Reassemble the full filesystem@snap name so dsl_deleg_access()
682 682 * can do the correct permission check.
683 683 *
684 684 * Since this routine is used when doing a recursive destroy of snapshots
685 685 * and destroying snapshots requires descendent permissions, a successfull
686 686 * check of the top level snapshot applies to snapshots of all descendent
687 687 * datasets as well.
688 + *
689 + * The target snapshot may not exist when doing a recursive destroy.
690 + * In this case fallback to permissions of the parent dataset.
688 691 */
689 692 static int
690 693 zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, cred_t *cr)
691 694 {
692 695 int error;
693 696 char *dsname;
694 697
695 698 dsname = kmem_asprintf("%s@%s", zc->zc_name, zc->zc_value);
696 699
697 700 error = zfs_secpolicy_destroy_perms(dsname, cr);
698 701
702 + if (error == ENOENT)
703 + error = zfs_secpolicy_destroy_perms(zc->zc_name, cr);
704 +
699 705 strfree(dsname);
700 706 return (error);
701 707 }
702 708
703 709 int
704 710 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr)
705 711 {
706 712 char parentname[MAXNAMELEN];
707 713 int error;
708 714
709 715 if ((error = zfs_secpolicy_write_perms(from,
710 716 ZFS_DELEG_PERM_RENAME, cr)) != 0)
711 717 return (error);
712 718
713 719 if ((error = zfs_secpolicy_write_perms(from,
714 720 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
715 721 return (error);
716 722
717 723 if ((error = zfs_get_parent(to, parentname,
718 724 sizeof (parentname))) != 0)
719 725 return (error);
720 726
721 727 if ((error = zfs_secpolicy_write_perms(parentname,
722 728 ZFS_DELEG_PERM_CREATE, cr)) != 0)
723 729 return (error);
724 730
725 731 if ((error = zfs_secpolicy_write_perms(parentname,
726 732 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
727 733 return (error);
728 734
729 735 return (error);
730 736 }
731 737
732 738 static int
733 739 zfs_secpolicy_rename(zfs_cmd_t *zc, cred_t *cr)
734 740 {
735 741 return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr));
736 742 }
737 743
738 744 static int
739 745 zfs_secpolicy_promote(zfs_cmd_t *zc, cred_t *cr)
740 746 {
741 747 char parentname[MAXNAMELEN];
742 748 objset_t *clone;
743 749 int error;
744 750
745 751 error = zfs_secpolicy_write_perms(zc->zc_name,
746 752 ZFS_DELEG_PERM_PROMOTE, cr);
747 753 if (error)
748 754 return (error);
749 755
750 756 error = dmu_objset_hold(zc->zc_name, FTAG, &clone);
751 757
752 758 if (error == 0) {
753 759 dsl_dataset_t *pclone = NULL;
754 760 dsl_dir_t *dd;
755 761 dd = clone->os_dsl_dataset->ds_dir;
756 762
757 763 rw_enter(&dd->dd_pool->dp_config_rwlock, RW_READER);
758 764 error = dsl_dataset_hold_obj(dd->dd_pool,
759 765 dd->dd_phys->dd_origin_obj, FTAG, &pclone);
760 766 rw_exit(&dd->dd_pool->dp_config_rwlock);
761 767 if (error) {
762 768 dmu_objset_rele(clone, FTAG);
763 769 return (error);
764 770 }
765 771
766 772 error = zfs_secpolicy_write_perms(zc->zc_name,
767 773 ZFS_DELEG_PERM_MOUNT, cr);
768 774
769 775 dsl_dataset_name(pclone, parentname);
770 776 dmu_objset_rele(clone, FTAG);
771 777 dsl_dataset_rele(pclone, FTAG);
772 778 if (error == 0)
773 779 error = zfs_secpolicy_write_perms(parentname,
774 780 ZFS_DELEG_PERM_PROMOTE, cr);
775 781 }
776 782 return (error);
777 783 }
778 784
779 785 static int
780 786 zfs_secpolicy_receive(zfs_cmd_t *zc, cred_t *cr)
781 787 {
782 788 int error;
783 789
784 790 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
785 791 ZFS_DELEG_PERM_RECEIVE, cr)) != 0)
786 792 return (error);
787 793
788 794 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
789 795 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
790 796 return (error);
791 797
792 798 return (zfs_secpolicy_write_perms(zc->zc_name,
793 799 ZFS_DELEG_PERM_CREATE, cr));
794 800 }
795 801
796 802 int
797 803 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr)
798 804 {
799 805 return (zfs_secpolicy_write_perms(name,
800 806 ZFS_DELEG_PERM_SNAPSHOT, cr));
801 807 }
802 808
803 809 static int
804 810 zfs_secpolicy_snapshot(zfs_cmd_t *zc, cred_t *cr)
805 811 {
806 812
807 813 return (zfs_secpolicy_snapshot_perms(zc->zc_name, cr));
808 814 }
809 815
810 816 static int
811 817 zfs_secpolicy_create(zfs_cmd_t *zc, cred_t *cr)
812 818 {
813 819 char parentname[MAXNAMELEN];
814 820 int error;
815 821
816 822 if ((error = zfs_get_parent(zc->zc_name, parentname,
817 823 sizeof (parentname))) != 0)
818 824 return (error);
819 825
820 826 if (zc->zc_value[0] != '\0') {
821 827 if ((error = zfs_secpolicy_write_perms(zc->zc_value,
822 828 ZFS_DELEG_PERM_CLONE, cr)) != 0)
823 829 return (error);
824 830 }
825 831
826 832 if ((error = zfs_secpolicy_write_perms(parentname,
827 833 ZFS_DELEG_PERM_CREATE, cr)) != 0)
828 834 return (error);
829 835
830 836 error = zfs_secpolicy_write_perms(parentname,
831 837 ZFS_DELEG_PERM_MOUNT, cr);
832 838
833 839 return (error);
834 840 }
835 841
836 842 static int
837 843 zfs_secpolicy_umount(zfs_cmd_t *zc, cred_t *cr)
838 844 {
839 845 int error;
840 846
841 847 error = secpolicy_fs_unmount(cr, NULL);
842 848 if (error) {
843 849 error = dsl_deleg_access(zc->zc_name, ZFS_DELEG_PERM_MOUNT, cr);
844 850 }
845 851 return (error);
846 852 }
847 853
848 854 /*
849 855 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires
850 856 * SYS_CONFIG privilege, which is not available in a local zone.
851 857 */
852 858 /* ARGSUSED */
853 859 static int
854 860 zfs_secpolicy_config(zfs_cmd_t *zc, cred_t *cr)
855 861 {
856 862 if (secpolicy_sys_config(cr, B_FALSE) != 0)
857 863 return (EPERM);
858 864
859 865 return (0);
860 866 }
861 867
862 868 /*
863 869 * Policy for object to name lookups.
864 870 */
865 871 /* ARGSUSED */
866 872 static int
867 873 zfs_secpolicy_diff(zfs_cmd_t *zc, cred_t *cr)
868 874 {
869 875 int error;
870 876
871 877 if ((error = secpolicy_sys_config(cr, B_FALSE)) == 0)
872 878 return (0);
873 879
874 880 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr);
875 881 return (error);
876 882 }
877 883
878 884 /*
879 885 * Policy for fault injection. Requires all privileges.
880 886 */
881 887 /* ARGSUSED */
882 888 static int
883 889 zfs_secpolicy_inject(zfs_cmd_t *zc, cred_t *cr)
884 890 {
885 891 return (secpolicy_zinject(cr));
886 892 }
887 893
888 894 static int
889 895 zfs_secpolicy_inherit(zfs_cmd_t *zc, cred_t *cr)
890 896 {
891 897 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value);
892 898
893 899 if (prop == ZPROP_INVAL) {
894 900 if (!zfs_prop_user(zc->zc_value))
895 901 return (EINVAL);
896 902 return (zfs_secpolicy_write_perms(zc->zc_name,
897 903 ZFS_DELEG_PERM_USERPROP, cr));
898 904 } else {
899 905 return (zfs_secpolicy_setprop(zc->zc_name, prop,
900 906 NULL, cr));
901 907 }
902 908 }
903 909
904 910 static int
905 911 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, cred_t *cr)
906 912 {
907 913 int err = zfs_secpolicy_read(zc, cr);
908 914 if (err)
909 915 return (err);
910 916
911 917 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
912 918 return (EINVAL);
913 919
914 920 if (zc->zc_value[0] == 0) {
915 921 /*
916 922 * They are asking about a posix uid/gid. If it's
917 923 * themself, allow it.
918 924 */
919 925 if (zc->zc_objset_type == ZFS_PROP_USERUSED ||
920 926 zc->zc_objset_type == ZFS_PROP_USERQUOTA) {
921 927 if (zc->zc_guid == crgetuid(cr))
922 928 return (0);
923 929 } else {
924 930 if (groupmember(zc->zc_guid, cr))
925 931 return (0);
926 932 }
927 933 }
928 934
929 935 return (zfs_secpolicy_write_perms(zc->zc_name,
930 936 userquota_perms[zc->zc_objset_type], cr));
931 937 }
932 938
933 939 static int
934 940 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, cred_t *cr)
935 941 {
936 942 int err = zfs_secpolicy_read(zc, cr);
937 943 if (err)
938 944 return (err);
939 945
940 946 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
941 947 return (EINVAL);
942 948
943 949 return (zfs_secpolicy_write_perms(zc->zc_name,
944 950 userquota_perms[zc->zc_objset_type], cr));
945 951 }
946 952
947 953 static int
948 954 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, cred_t *cr)
949 955 {
950 956 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION,
951 957 NULL, cr));
952 958 }
953 959
954 960 static int
955 961 zfs_secpolicy_hold(zfs_cmd_t *zc, cred_t *cr)
956 962 {
957 963 return (zfs_secpolicy_write_perms(zc->zc_name,
958 964 ZFS_DELEG_PERM_HOLD, cr));
959 965 }
960 966
961 967 static int
962 968 zfs_secpolicy_release(zfs_cmd_t *zc, cred_t *cr)
963 969 {
964 970 return (zfs_secpolicy_write_perms(zc->zc_name,
965 971 ZFS_DELEG_PERM_RELEASE, cr));
966 972 }
967 973
968 974 /*
969 975 * Policy for allowing temporary snapshots to be taken or released
970 976 */
971 977 static int
972 978 zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, cred_t *cr)
973 979 {
974 980 /*
975 981 * A temporary snapshot is the same as a snapshot,
976 982 * hold, destroy and release all rolled into one.
977 983 * Delegated diff alone is sufficient that we allow this.
978 984 */
979 985 int error;
980 986
981 987 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
982 988 ZFS_DELEG_PERM_DIFF, cr)) == 0)
983 989 return (0);
984 990
985 991 error = zfs_secpolicy_snapshot(zc, cr);
986 992 if (!error)
987 993 error = zfs_secpolicy_hold(zc, cr);
988 994 if (!error)
989 995 error = zfs_secpolicy_release(zc, cr);
990 996 if (!error)
991 997 error = zfs_secpolicy_destroy(zc, cr);
992 998 return (error);
993 999 }
994 1000
995 1001 /*
996 1002 * Returns the nvlist as specified by the user in the zfs_cmd_t.
997 1003 */
998 1004 static int
999 1005 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp)
1000 1006 {
1001 1007 char *packed;
1002 1008 int error;
1003 1009 nvlist_t *list = NULL;
1004 1010
1005 1011 /*
1006 1012 * Read in and unpack the user-supplied nvlist.
1007 1013 */
1008 1014 if (size == 0)
1009 1015 return (EINVAL);
1010 1016
1011 1017 packed = kmem_alloc(size, KM_SLEEP);
1012 1018
1013 1019 if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size,
1014 1020 iflag)) != 0) {
1015 1021 kmem_free(packed, size);
1016 1022 return (error);
1017 1023 }
1018 1024
1019 1025 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) {
1020 1026 kmem_free(packed, size);
1021 1027 return (error);
1022 1028 }
1023 1029
1024 1030 kmem_free(packed, size);
1025 1031
1026 1032 *nvp = list;
1027 1033 return (0);
1028 1034 }
1029 1035
1030 1036 static int
1031 1037 fit_error_list(zfs_cmd_t *zc, nvlist_t **errors)
1032 1038 {
1033 1039 size_t size;
1034 1040
1035 1041 VERIFY(nvlist_size(*errors, &size, NV_ENCODE_NATIVE) == 0);
1036 1042
1037 1043 if (size > zc->zc_nvlist_dst_size) {
1038 1044 nvpair_t *more_errors;
1039 1045 int n = 0;
1040 1046
1041 1047 if (zc->zc_nvlist_dst_size < 1024)
1042 1048 return (ENOMEM);
1043 1049
1044 1050 VERIFY(nvlist_add_int32(*errors, ZPROP_N_MORE_ERRORS, 0) == 0);
1045 1051 more_errors = nvlist_prev_nvpair(*errors, NULL);
1046 1052
1047 1053 do {
1048 1054 nvpair_t *pair = nvlist_prev_nvpair(*errors,
1049 1055 more_errors);
1050 1056 VERIFY(nvlist_remove_nvpair(*errors, pair) == 0);
1051 1057 n++;
1052 1058 VERIFY(nvlist_size(*errors, &size,
1053 1059 NV_ENCODE_NATIVE) == 0);
1054 1060 } while (size > zc->zc_nvlist_dst_size);
1055 1061
1056 1062 VERIFY(nvlist_remove_nvpair(*errors, more_errors) == 0);
1057 1063 VERIFY(nvlist_add_int32(*errors, ZPROP_N_MORE_ERRORS, n) == 0);
1058 1064 ASSERT(nvlist_size(*errors, &size, NV_ENCODE_NATIVE) == 0);
1059 1065 ASSERT(size <= zc->zc_nvlist_dst_size);
1060 1066 }
1061 1067
1062 1068 return (0);
1063 1069 }
1064 1070
1065 1071 static int
1066 1072 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl)
1067 1073 {
1068 1074 char *packed = NULL;
1069 1075 int error = 0;
1070 1076 size_t size;
1071 1077
1072 1078 VERIFY(nvlist_size(nvl, &size, NV_ENCODE_NATIVE) == 0);
1073 1079
1074 1080 if (size > zc->zc_nvlist_dst_size) {
1075 1081 error = ENOMEM;
1076 1082 } else {
1077 1083 packed = kmem_alloc(size, KM_SLEEP);
1078 1084 VERIFY(nvlist_pack(nvl, &packed, &size, NV_ENCODE_NATIVE,
1079 1085 KM_SLEEP) == 0);
1080 1086 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst,
1081 1087 size, zc->zc_iflags) != 0)
1082 1088 error = EFAULT;
1083 1089 kmem_free(packed, size);
1084 1090 }
1085 1091
1086 1092 zc->zc_nvlist_dst_size = size;
1087 1093 return (error);
1088 1094 }
1089 1095
1090 1096 static int
1091 1097 getzfsvfs(const char *dsname, zfsvfs_t **zfvp)
1092 1098 {
1093 1099 objset_t *os;
1094 1100 int error;
1095 1101
1096 1102 error = dmu_objset_hold(dsname, FTAG, &os);
1097 1103 if (error)
1098 1104 return (error);
1099 1105 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1100 1106 dmu_objset_rele(os, FTAG);
1101 1107 return (EINVAL);
1102 1108 }
1103 1109
1104 1110 mutex_enter(&os->os_user_ptr_lock);
1105 1111 *zfvp = dmu_objset_get_user(os);
1106 1112 if (*zfvp) {
1107 1113 VFS_HOLD((*zfvp)->z_vfs);
1108 1114 } else {
1109 1115 error = ESRCH;
1110 1116 }
1111 1117 mutex_exit(&os->os_user_ptr_lock);
1112 1118 dmu_objset_rele(os, FTAG);
1113 1119 return (error);
1114 1120 }
1115 1121
1116 1122 /*
1117 1123 * Find a zfsvfs_t for a mounted filesystem, or create our own, in which
1118 1124 * case its z_vfs will be NULL, and it will be opened as the owner.
1119 1125 */
1120 1126 static int
1121 1127 zfsvfs_hold(const char *name, void *tag, zfsvfs_t **zfvp, boolean_t writer)
1122 1128 {
1123 1129 int error = 0;
1124 1130
1125 1131 if (getzfsvfs(name, zfvp) != 0)
1126 1132 error = zfsvfs_create(name, zfvp);
1127 1133 if (error == 0) {
1128 1134 rrw_enter(&(*zfvp)->z_teardown_lock, (writer) ? RW_WRITER :
1129 1135 RW_READER, tag);
1130 1136 if ((*zfvp)->z_unmounted) {
1131 1137 /*
1132 1138 * XXX we could probably try again, since the unmounting
1133 1139 * thread should be just about to disassociate the
1134 1140 * objset from the zfsvfs.
1135 1141 */
1136 1142 rrw_exit(&(*zfvp)->z_teardown_lock, tag);
1137 1143 return (EBUSY);
1138 1144 }
1139 1145 }
1140 1146 return (error);
1141 1147 }
1142 1148
1143 1149 static void
1144 1150 zfsvfs_rele(zfsvfs_t *zfsvfs, void *tag)
1145 1151 {
1146 1152 rrw_exit(&zfsvfs->z_teardown_lock, tag);
1147 1153
1148 1154 if (zfsvfs->z_vfs) {
1149 1155 VFS_RELE(zfsvfs->z_vfs);
1150 1156 } else {
1151 1157 dmu_objset_disown(zfsvfs->z_os, zfsvfs);
1152 1158 zfsvfs_free(zfsvfs);
1153 1159 }
1154 1160 }
1155 1161
1156 1162 static int
1157 1163 zfs_ioc_pool_create(zfs_cmd_t *zc)
1158 1164 {
1159 1165 int error;
1160 1166 nvlist_t *config, *props = NULL;
1161 1167 nvlist_t *rootprops = NULL;
1162 1168 nvlist_t *zplprops = NULL;
1163 1169 char *buf;
1164 1170
1165 1171 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1166 1172 zc->zc_iflags, &config))
1167 1173 return (error);
1168 1174
1169 1175 if (zc->zc_nvlist_src_size != 0 && (error =
1170 1176 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1171 1177 zc->zc_iflags, &props))) {
1172 1178 nvlist_free(config);
1173 1179 return (error);
1174 1180 }
1175 1181
1176 1182 if (props) {
1177 1183 nvlist_t *nvl = NULL;
1178 1184 uint64_t version = SPA_VERSION;
1179 1185
1180 1186 (void) nvlist_lookup_uint64(props,
1181 1187 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version);
1182 1188 if (version < SPA_VERSION_INITIAL || version > SPA_VERSION) {
1183 1189 error = EINVAL;
1184 1190 goto pool_props_bad;
1185 1191 }
1186 1192 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl);
1187 1193 if (nvl) {
1188 1194 error = nvlist_dup(nvl, &rootprops, KM_SLEEP);
1189 1195 if (error != 0) {
1190 1196 nvlist_free(config);
1191 1197 nvlist_free(props);
1192 1198 return (error);
1193 1199 }
1194 1200 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS);
1195 1201 }
1196 1202 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1197 1203 error = zfs_fill_zplprops_root(version, rootprops,
1198 1204 zplprops, NULL);
1199 1205 if (error)
1200 1206 goto pool_props_bad;
1201 1207 }
1202 1208
1203 1209 buf = history_str_get(zc);
1204 1210
1205 1211 error = spa_create(zc->zc_name, config, props, buf, zplprops);
1206 1212
1207 1213 /*
1208 1214 * Set the remaining root properties
1209 1215 */
1210 1216 if (!error && (error = zfs_set_prop_nvlist(zc->zc_name,
1211 1217 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0)
1212 1218 (void) spa_destroy(zc->zc_name);
1213 1219
1214 1220 if (buf != NULL)
1215 1221 history_str_free(buf);
1216 1222
1217 1223 pool_props_bad:
1218 1224 nvlist_free(rootprops);
1219 1225 nvlist_free(zplprops);
1220 1226 nvlist_free(config);
1221 1227 nvlist_free(props);
1222 1228
1223 1229 return (error);
1224 1230 }
1225 1231
1226 1232 static int
1227 1233 zfs_ioc_pool_destroy(zfs_cmd_t *zc)
1228 1234 {
1229 1235 int error;
1230 1236 zfs_log_history(zc);
1231 1237 error = spa_destroy(zc->zc_name);
1232 1238 if (error == 0)
1233 1239 zvol_remove_minors(zc->zc_name);
1234 1240 return (error);
1235 1241 }
1236 1242
1237 1243 static int
1238 1244 zfs_ioc_pool_import(zfs_cmd_t *zc)
1239 1245 {
1240 1246 nvlist_t *config, *props = NULL;
1241 1247 uint64_t guid;
1242 1248 int error;
1243 1249
1244 1250 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1245 1251 zc->zc_iflags, &config)) != 0)
1246 1252 return (error);
1247 1253
1248 1254 if (zc->zc_nvlist_src_size != 0 && (error =
1249 1255 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1250 1256 zc->zc_iflags, &props))) {
1251 1257 nvlist_free(config);
1252 1258 return (error);
1253 1259 }
1254 1260
1255 1261 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 ||
1256 1262 guid != zc->zc_guid)
1257 1263 error = EINVAL;
1258 1264 else
1259 1265 error = spa_import(zc->zc_name, config, props, zc->zc_cookie);
1260 1266
1261 1267 if (zc->zc_nvlist_dst != 0) {
1262 1268 int err;
1263 1269
1264 1270 if ((err = put_nvlist(zc, config)) != 0)
1265 1271 error = err;
1266 1272 }
1267 1273
1268 1274 nvlist_free(config);
1269 1275
1270 1276 if (props)
1271 1277 nvlist_free(props);
1272 1278
1273 1279 return (error);
1274 1280 }
1275 1281
1276 1282 static int
1277 1283 zfs_ioc_pool_export(zfs_cmd_t *zc)
1278 1284 {
1279 1285 int error;
1280 1286 boolean_t force = (boolean_t)zc->zc_cookie;
1281 1287 boolean_t hardforce = (boolean_t)zc->zc_guid;
1282 1288
1283 1289 zfs_log_history(zc);
1284 1290 error = spa_export(zc->zc_name, NULL, force, hardforce);
1285 1291 if (error == 0)
1286 1292 zvol_remove_minors(zc->zc_name);
1287 1293 return (error);
1288 1294 }
1289 1295
1290 1296 static int
1291 1297 zfs_ioc_pool_configs(zfs_cmd_t *zc)
1292 1298 {
1293 1299 nvlist_t *configs;
1294 1300 int error;
1295 1301
1296 1302 if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL)
1297 1303 return (EEXIST);
1298 1304
1299 1305 error = put_nvlist(zc, configs);
1300 1306
1301 1307 nvlist_free(configs);
1302 1308
1303 1309 return (error);
1304 1310 }
1305 1311
1306 1312 static int
1307 1313 zfs_ioc_pool_stats(zfs_cmd_t *zc)
1308 1314 {
1309 1315 nvlist_t *config;
1310 1316 int error;
1311 1317 int ret = 0;
1312 1318
1313 1319 error = spa_get_stats(zc->zc_name, &config, zc->zc_value,
1314 1320 sizeof (zc->zc_value));
1315 1321
1316 1322 if (config != NULL) {
1317 1323 ret = put_nvlist(zc, config);
1318 1324 nvlist_free(config);
1319 1325
1320 1326 /*
1321 1327 * The config may be present even if 'error' is non-zero.
1322 1328 * In this case we return success, and preserve the real errno
1323 1329 * in 'zc_cookie'.
1324 1330 */
1325 1331 zc->zc_cookie = error;
1326 1332 } else {
1327 1333 ret = error;
1328 1334 }
1329 1335
1330 1336 return (ret);
1331 1337 }
1332 1338
1333 1339 /*
1334 1340 * Try to import the given pool, returning pool stats as appropriate so that
1335 1341 * user land knows which devices are available and overall pool health.
1336 1342 */
1337 1343 static int
1338 1344 zfs_ioc_pool_tryimport(zfs_cmd_t *zc)
1339 1345 {
1340 1346 nvlist_t *tryconfig, *config;
1341 1347 int error;
1342 1348
1343 1349 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1344 1350 zc->zc_iflags, &tryconfig)) != 0)
1345 1351 return (error);
1346 1352
1347 1353 config = spa_tryimport(tryconfig);
1348 1354
1349 1355 nvlist_free(tryconfig);
1350 1356
1351 1357 if (config == NULL)
1352 1358 return (EINVAL);
1353 1359
1354 1360 error = put_nvlist(zc, config);
1355 1361 nvlist_free(config);
1356 1362
1357 1363 return (error);
1358 1364 }
1359 1365
1360 1366 /*
1361 1367 * inputs:
1362 1368 * zc_name name of the pool
1363 1369 * zc_cookie scan func (pool_scan_func_t)
1364 1370 */
1365 1371 static int
1366 1372 zfs_ioc_pool_scan(zfs_cmd_t *zc)
1367 1373 {
1368 1374 spa_t *spa;
1369 1375 int error;
1370 1376
1371 1377 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1372 1378 return (error);
1373 1379
1374 1380 if (zc->zc_cookie == POOL_SCAN_NONE)
1375 1381 error = spa_scan_stop(spa);
1376 1382 else
1377 1383 error = spa_scan(spa, zc->zc_cookie);
1378 1384
1379 1385 spa_close(spa, FTAG);
1380 1386
1381 1387 return (error);
1382 1388 }
1383 1389
1384 1390 static int
1385 1391 zfs_ioc_pool_freeze(zfs_cmd_t *zc)
1386 1392 {
1387 1393 spa_t *spa;
1388 1394 int error;
1389 1395
1390 1396 error = spa_open(zc->zc_name, &spa, FTAG);
1391 1397 if (error == 0) {
1392 1398 spa_freeze(spa);
1393 1399 spa_close(spa, FTAG);
1394 1400 }
1395 1401 return (error);
1396 1402 }
1397 1403
1398 1404 static int
1399 1405 zfs_ioc_pool_upgrade(zfs_cmd_t *zc)
1400 1406 {
1401 1407 spa_t *spa;
1402 1408 int error;
1403 1409
1404 1410 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1405 1411 return (error);
1406 1412
1407 1413 if (zc->zc_cookie < spa_version(spa) || zc->zc_cookie > SPA_VERSION) {
1408 1414 spa_close(spa, FTAG);
1409 1415 return (EINVAL);
1410 1416 }
1411 1417
1412 1418 spa_upgrade(spa, zc->zc_cookie);
1413 1419 spa_close(spa, FTAG);
1414 1420
1415 1421 return (error);
1416 1422 }
1417 1423
1418 1424 static int
1419 1425 zfs_ioc_pool_get_history(zfs_cmd_t *zc)
1420 1426 {
1421 1427 spa_t *spa;
1422 1428 char *hist_buf;
1423 1429 uint64_t size;
1424 1430 int error;
1425 1431
1426 1432 if ((size = zc->zc_history_len) == 0)
1427 1433 return (EINVAL);
1428 1434
1429 1435 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1430 1436 return (error);
1431 1437
1432 1438 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
1433 1439 spa_close(spa, FTAG);
1434 1440 return (ENOTSUP);
1435 1441 }
1436 1442
1437 1443 hist_buf = kmem_alloc(size, KM_SLEEP);
1438 1444 if ((error = spa_history_get(spa, &zc->zc_history_offset,
1439 1445 &zc->zc_history_len, hist_buf)) == 0) {
1440 1446 error = ddi_copyout(hist_buf,
1441 1447 (void *)(uintptr_t)zc->zc_history,
1442 1448 zc->zc_history_len, zc->zc_iflags);
1443 1449 }
1444 1450
1445 1451 spa_close(spa, FTAG);
1446 1452 kmem_free(hist_buf, size);
1447 1453 return (error);
1448 1454 }
1449 1455
1450 1456 static int
1451 1457 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc)
1452 1458 {
1453 1459 int error;
1454 1460
1455 1461 if (error = dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value))
1456 1462 return (error);
1457 1463
1458 1464 return (0);
1459 1465 }
1460 1466
1461 1467 /*
1462 1468 * inputs:
1463 1469 * zc_name name of filesystem
1464 1470 * zc_obj object to find
1465 1471 *
1466 1472 * outputs:
1467 1473 * zc_value name of object
1468 1474 */
1469 1475 static int
1470 1476 zfs_ioc_obj_to_path(zfs_cmd_t *zc)
1471 1477 {
1472 1478 objset_t *os;
1473 1479 int error;
1474 1480
1475 1481 /* XXX reading from objset not owned */
1476 1482 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0)
1477 1483 return (error);
1478 1484 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1479 1485 dmu_objset_rele(os, FTAG);
1480 1486 return (EINVAL);
1481 1487 }
1482 1488 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value,
1483 1489 sizeof (zc->zc_value));
1484 1490 dmu_objset_rele(os, FTAG);
1485 1491
1486 1492 return (error);
1487 1493 }
1488 1494
1489 1495 /*
1490 1496 * inputs:
1491 1497 * zc_name name of filesystem
1492 1498 * zc_obj object to find
1493 1499 *
1494 1500 * outputs:
1495 1501 * zc_stat stats on object
1496 1502 * zc_value path to object
1497 1503 */
1498 1504 static int
1499 1505 zfs_ioc_obj_to_stats(zfs_cmd_t *zc)
1500 1506 {
1501 1507 objset_t *os;
1502 1508 int error;
1503 1509
1504 1510 /* XXX reading from objset not owned */
1505 1511 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0)
1506 1512 return (error);
1507 1513 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1508 1514 dmu_objset_rele(os, FTAG);
1509 1515 return (EINVAL);
1510 1516 }
1511 1517 error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value,
1512 1518 sizeof (zc->zc_value));
1513 1519 dmu_objset_rele(os, FTAG);
1514 1520
1515 1521 return (error);
1516 1522 }
1517 1523
1518 1524 static int
1519 1525 zfs_ioc_vdev_add(zfs_cmd_t *zc)
1520 1526 {
1521 1527 spa_t *spa;
1522 1528 int error;
1523 1529 nvlist_t *config, **l2cache, **spares;
1524 1530 uint_t nl2cache = 0, nspares = 0;
1525 1531
1526 1532 error = spa_open(zc->zc_name, &spa, FTAG);
1527 1533 if (error != 0)
1528 1534 return (error);
1529 1535
1530 1536 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1531 1537 zc->zc_iflags, &config);
1532 1538 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_L2CACHE,
1533 1539 &l2cache, &nl2cache);
1534 1540
1535 1541 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_SPARES,
1536 1542 &spares, &nspares);
1537 1543
1538 1544 /*
1539 1545 * A root pool with concatenated devices is not supported.
1540 1546 * Thus, can not add a device to a root pool.
1541 1547 *
1542 1548 * Intent log device can not be added to a rootpool because
1543 1549 * during mountroot, zil is replayed, a seperated log device
1544 1550 * can not be accessed during the mountroot time.
1545 1551 *
1546 1552 * l2cache and spare devices are ok to be added to a rootpool.
1547 1553 */
1548 1554 if (spa_bootfs(spa) != 0 && nl2cache == 0 && nspares == 0) {
1549 1555 nvlist_free(config);
1550 1556 spa_close(spa, FTAG);
1551 1557 return (EDOM);
1552 1558 }
1553 1559
1554 1560 if (error == 0) {
1555 1561 error = spa_vdev_add(spa, config);
1556 1562 nvlist_free(config);
1557 1563 }
1558 1564 spa_close(spa, FTAG);
1559 1565 return (error);
1560 1566 }
1561 1567
1562 1568 /*
1563 1569 * inputs:
1564 1570 * zc_name name of the pool
1565 1571 * zc_nvlist_conf nvlist of devices to remove
1566 1572 * zc_cookie to stop the remove?
1567 1573 */
1568 1574 static int
1569 1575 zfs_ioc_vdev_remove(zfs_cmd_t *zc)
1570 1576 {
1571 1577 spa_t *spa;
1572 1578 int error;
1573 1579
1574 1580 error = spa_open(zc->zc_name, &spa, FTAG);
1575 1581 if (error != 0)
1576 1582 return (error);
1577 1583 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE);
1578 1584 spa_close(spa, FTAG);
1579 1585 return (error);
1580 1586 }
1581 1587
1582 1588 static int
1583 1589 zfs_ioc_vdev_set_state(zfs_cmd_t *zc)
1584 1590 {
1585 1591 spa_t *spa;
1586 1592 int error;
1587 1593 vdev_state_t newstate = VDEV_STATE_UNKNOWN;
1588 1594
1589 1595 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1590 1596 return (error);
1591 1597 switch (zc->zc_cookie) {
1592 1598 case VDEV_STATE_ONLINE:
1593 1599 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate);
1594 1600 break;
1595 1601
1596 1602 case VDEV_STATE_OFFLINE:
1597 1603 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj);
1598 1604 break;
1599 1605
1600 1606 case VDEV_STATE_FAULTED:
1601 1607 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1602 1608 zc->zc_obj != VDEV_AUX_EXTERNAL)
1603 1609 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1604 1610
1605 1611 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj);
1606 1612 break;
1607 1613
1608 1614 case VDEV_STATE_DEGRADED:
1609 1615 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1610 1616 zc->zc_obj != VDEV_AUX_EXTERNAL)
1611 1617 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1612 1618
1613 1619 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj);
1614 1620 break;
1615 1621
1616 1622 default:
1617 1623 error = EINVAL;
1618 1624 }
1619 1625 zc->zc_cookie = newstate;
1620 1626 spa_close(spa, FTAG);
1621 1627 return (error);
1622 1628 }
1623 1629
1624 1630 static int
1625 1631 zfs_ioc_vdev_attach(zfs_cmd_t *zc)
1626 1632 {
1627 1633 spa_t *spa;
1628 1634 int replacing = zc->zc_cookie;
1629 1635 nvlist_t *config;
1630 1636 int error;
1631 1637
1632 1638 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1633 1639 return (error);
1634 1640
1635 1641 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1636 1642 zc->zc_iflags, &config)) == 0) {
1637 1643 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing);
1638 1644 nvlist_free(config);
1639 1645 }
1640 1646
1641 1647 spa_close(spa, FTAG);
1642 1648 return (error);
1643 1649 }
1644 1650
1645 1651 static int
1646 1652 zfs_ioc_vdev_detach(zfs_cmd_t *zc)
1647 1653 {
1648 1654 spa_t *spa;
1649 1655 int error;
1650 1656
1651 1657 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1652 1658 return (error);
1653 1659
1654 1660 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE);
1655 1661
1656 1662 spa_close(spa, FTAG);
1657 1663 return (error);
1658 1664 }
1659 1665
1660 1666 static int
1661 1667 zfs_ioc_vdev_split(zfs_cmd_t *zc)
1662 1668 {
1663 1669 spa_t *spa;
1664 1670 nvlist_t *config, *props = NULL;
1665 1671 int error;
1666 1672 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT);
1667 1673
1668 1674 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1669 1675 return (error);
1670 1676
1671 1677 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1672 1678 zc->zc_iflags, &config)) {
1673 1679 spa_close(spa, FTAG);
1674 1680 return (error);
1675 1681 }
1676 1682
1677 1683 if (zc->zc_nvlist_src_size != 0 && (error =
1678 1684 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1679 1685 zc->zc_iflags, &props))) {
1680 1686 spa_close(spa, FTAG);
1681 1687 nvlist_free(config);
1682 1688 return (error);
1683 1689 }
1684 1690
1685 1691 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp);
1686 1692
1687 1693 spa_close(spa, FTAG);
1688 1694
1689 1695 nvlist_free(config);
1690 1696 nvlist_free(props);
1691 1697
1692 1698 return (error);
1693 1699 }
1694 1700
1695 1701 static int
1696 1702 zfs_ioc_vdev_setpath(zfs_cmd_t *zc)
1697 1703 {
1698 1704 spa_t *spa;
1699 1705 char *path = zc->zc_value;
1700 1706 uint64_t guid = zc->zc_guid;
1701 1707 int error;
1702 1708
1703 1709 error = spa_open(zc->zc_name, &spa, FTAG);
1704 1710 if (error != 0)
1705 1711 return (error);
1706 1712
1707 1713 error = spa_vdev_setpath(spa, guid, path);
1708 1714 spa_close(spa, FTAG);
1709 1715 return (error);
1710 1716 }
1711 1717
1712 1718 static int
1713 1719 zfs_ioc_vdev_setfru(zfs_cmd_t *zc)
1714 1720 {
1715 1721 spa_t *spa;
1716 1722 char *fru = zc->zc_value;
1717 1723 uint64_t guid = zc->zc_guid;
1718 1724 int error;
1719 1725
1720 1726 error = spa_open(zc->zc_name, &spa, FTAG);
1721 1727 if (error != 0)
1722 1728 return (error);
1723 1729
1724 1730 error = spa_vdev_setfru(spa, guid, fru);
1725 1731 spa_close(spa, FTAG);
1726 1732 return (error);
1727 1733 }
1728 1734
1729 1735 static int
1730 1736 zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os)
1731 1737 {
1732 1738 int error = 0;
1733 1739 nvlist_t *nv;
1734 1740
1735 1741 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
1736 1742
1737 1743 if (zc->zc_nvlist_dst != 0 &&
1738 1744 (error = dsl_prop_get_all(os, &nv)) == 0) {
1739 1745 dmu_objset_stats(os, nv);
1740 1746 /*
1741 1747 * NB: zvol_get_stats() will read the objset contents,
1742 1748 * which we aren't supposed to do with a
1743 1749 * DS_MODE_USER hold, because it could be
1744 1750 * inconsistent. So this is a bit of a workaround...
1745 1751 * XXX reading with out owning
1746 1752 */
1747 1753 if (!zc->zc_objset_stats.dds_inconsistent) {
1748 1754 if (dmu_objset_type(os) == DMU_OST_ZVOL)
1749 1755 VERIFY(zvol_get_stats(os, nv) == 0);
1750 1756 }
1751 1757 error = put_nvlist(zc, nv);
1752 1758 nvlist_free(nv);
1753 1759 }
1754 1760
1755 1761 return (error);
1756 1762 }
1757 1763
1758 1764 /*
1759 1765 * inputs:
1760 1766 * zc_name name of filesystem
1761 1767 * zc_nvlist_dst_size size of buffer for property nvlist
1762 1768 *
1763 1769 * outputs:
1764 1770 * zc_objset_stats stats
1765 1771 * zc_nvlist_dst property nvlist
1766 1772 * zc_nvlist_dst_size size of property nvlist
1767 1773 */
1768 1774 static int
1769 1775 zfs_ioc_objset_stats(zfs_cmd_t *zc)
1770 1776 {
1771 1777 objset_t *os = NULL;
1772 1778 int error;
1773 1779
1774 1780 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os))
1775 1781 return (error);
1776 1782
1777 1783 error = zfs_ioc_objset_stats_impl(zc, os);
1778 1784
1779 1785 dmu_objset_rele(os, FTAG);
1780 1786
1781 1787 return (error);
1782 1788 }
1783 1789
1784 1790 /*
1785 1791 * inputs:
1786 1792 * zc_name name of filesystem
1787 1793 * zc_nvlist_dst_size size of buffer for property nvlist
1788 1794 *
1789 1795 * outputs:
1790 1796 * zc_nvlist_dst received property nvlist
1791 1797 * zc_nvlist_dst_size size of received property nvlist
1792 1798 *
1793 1799 * Gets received properties (distinct from local properties on or after
1794 1800 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from
1795 1801 * local property values.
1796 1802 */
1797 1803 static int
1798 1804 zfs_ioc_objset_recvd_props(zfs_cmd_t *zc)
1799 1805 {
1800 1806 objset_t *os = NULL;
1801 1807 int error;
1802 1808 nvlist_t *nv;
1803 1809
1804 1810 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os))
1805 1811 return (error);
1806 1812
1807 1813 /*
1808 1814 * Without this check, we would return local property values if the
1809 1815 * caller has not already received properties on or after
1810 1816 * SPA_VERSION_RECVD_PROPS.
1811 1817 */
1812 1818 if (!dsl_prop_get_hasrecvd(os)) {
1813 1819 dmu_objset_rele(os, FTAG);
1814 1820 return (ENOTSUP);
1815 1821 }
1816 1822
1817 1823 if (zc->zc_nvlist_dst != 0 &&
1818 1824 (error = dsl_prop_get_received(os, &nv)) == 0) {
1819 1825 error = put_nvlist(zc, nv);
1820 1826 nvlist_free(nv);
1821 1827 }
1822 1828
1823 1829 dmu_objset_rele(os, FTAG);
1824 1830 return (error);
1825 1831 }
1826 1832
1827 1833 static int
1828 1834 nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop)
1829 1835 {
1830 1836 uint64_t value;
1831 1837 int error;
1832 1838
1833 1839 /*
1834 1840 * zfs_get_zplprop() will either find a value or give us
1835 1841 * the default value (if there is one).
1836 1842 */
1837 1843 if ((error = zfs_get_zplprop(os, prop, &value)) != 0)
1838 1844 return (error);
1839 1845 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0);
1840 1846 return (0);
1841 1847 }
1842 1848
1843 1849 /*
1844 1850 * inputs:
1845 1851 * zc_name name of filesystem
1846 1852 * zc_nvlist_dst_size size of buffer for zpl property nvlist
1847 1853 *
1848 1854 * outputs:
1849 1855 * zc_nvlist_dst zpl property nvlist
1850 1856 * zc_nvlist_dst_size size of zpl property nvlist
1851 1857 */
1852 1858 static int
1853 1859 zfs_ioc_objset_zplprops(zfs_cmd_t *zc)
1854 1860 {
1855 1861 objset_t *os;
1856 1862 int err;
1857 1863
1858 1864 /* XXX reading without owning */
1859 1865 if (err = dmu_objset_hold(zc->zc_name, FTAG, &os))
1860 1866 return (err);
1861 1867
1862 1868 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
1863 1869
1864 1870 /*
1865 1871 * NB: nvl_add_zplprop() will read the objset contents,
1866 1872 * which we aren't supposed to do with a DS_MODE_USER
1867 1873 * hold, because it could be inconsistent.
1868 1874 */
1869 1875 if (zc->zc_nvlist_dst != NULL &&
1870 1876 !zc->zc_objset_stats.dds_inconsistent &&
1871 1877 dmu_objset_type(os) == DMU_OST_ZFS) {
1872 1878 nvlist_t *nv;
1873 1879
1874 1880 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1875 1881 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 &&
1876 1882 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 &&
1877 1883 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 &&
1878 1884 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0)
1879 1885 err = put_nvlist(zc, nv);
1880 1886 nvlist_free(nv);
1881 1887 } else {
1882 1888 err = ENOENT;
1883 1889 }
1884 1890 dmu_objset_rele(os, FTAG);
1885 1891 return (err);
1886 1892 }
1887 1893
1888 1894 static boolean_t
1889 1895 dataset_name_hidden(const char *name)
1890 1896 {
1891 1897 /*
1892 1898 * Skip over datasets that are not visible in this zone,
1893 1899 * internal datasets (which have a $ in their name), and
1894 1900 * temporary datasets (which have a % in their name).
1895 1901 */
1896 1902 if (strchr(name, '$') != NULL)
1897 1903 return (B_TRUE);
1898 1904 if (strchr(name, '%') != NULL)
1899 1905 return (B_TRUE);
1900 1906 if (!INGLOBALZONE(curproc) && !zone_dataset_visible(name, NULL))
1901 1907 return (B_TRUE);
1902 1908 return (B_FALSE);
1903 1909 }
1904 1910
1905 1911 /*
1906 1912 * inputs:
1907 1913 * zc_name name of filesystem
1908 1914 * zc_cookie zap cursor
1909 1915 * zc_nvlist_dst_size size of buffer for property nvlist
1910 1916 *
1911 1917 * outputs:
1912 1918 * zc_name name of next filesystem
1913 1919 * zc_cookie zap cursor
1914 1920 * zc_objset_stats stats
1915 1921 * zc_nvlist_dst property nvlist
1916 1922 * zc_nvlist_dst_size size of property nvlist
1917 1923 */
1918 1924 static int
1919 1925 zfs_ioc_dataset_list_next(zfs_cmd_t *zc)
1920 1926 {
1921 1927 objset_t *os;
1922 1928 int error;
1923 1929 char *p;
1924 1930 size_t orig_len = strlen(zc->zc_name);
1925 1931
1926 1932 top:
1927 1933 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os)) {
1928 1934 if (error == ENOENT)
1929 1935 error = ESRCH;
1930 1936 return (error);
1931 1937 }
1932 1938
1933 1939 p = strrchr(zc->zc_name, '/');
1934 1940 if (p == NULL || p[1] != '\0')
1935 1941 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name));
1936 1942 p = zc->zc_name + strlen(zc->zc_name);
1937 1943
1938 1944 /*
1939 1945 * Pre-fetch the datasets. dmu_objset_prefetch() always returns 0
1940 1946 * but is not declared void because its called by dmu_objset_find().
1941 1947 */
1942 1948 if (zc->zc_cookie == 0) {
1943 1949 uint64_t cookie = 0;
1944 1950 int len = sizeof (zc->zc_name) - (p - zc->zc_name);
1945 1951
1946 1952 while (dmu_dir_list_next(os, len, p, NULL, &cookie) == 0)
1947 1953 (void) dmu_objset_prefetch(p, NULL);
1948 1954 }
1949 1955
1950 1956 do {
1951 1957 error = dmu_dir_list_next(os,
1952 1958 sizeof (zc->zc_name) - (p - zc->zc_name), p,
1953 1959 NULL, &zc->zc_cookie);
1954 1960 if (error == ENOENT)
1955 1961 error = ESRCH;
1956 1962 } while (error == 0 && dataset_name_hidden(zc->zc_name) &&
1957 1963 !(zc->zc_iflags & FKIOCTL));
1958 1964 dmu_objset_rele(os, FTAG);
1959 1965
1960 1966 /*
1961 1967 * If it's an internal dataset (ie. with a '$' in its name),
1962 1968 * don't try to get stats for it, otherwise we'll return ENOENT.
1963 1969 */
1964 1970 if (error == 0 && strchr(zc->zc_name, '$') == NULL) {
1965 1971 error = zfs_ioc_objset_stats(zc); /* fill in the stats */
1966 1972 if (error == ENOENT) {
1967 1973 /* We lost a race with destroy, get the next one. */
1968 1974 zc->zc_name[orig_len] = '\0';
1969 1975 goto top;
1970 1976 }
1971 1977 }
1972 1978 return (error);
1973 1979 }
1974 1980
1975 1981 /*
1976 1982 * inputs:
1977 1983 * zc_name name of filesystem
1978 1984 * zc_cookie zap cursor
1979 1985 * zc_nvlist_dst_size size of buffer for property nvlist
1980 1986 *
1981 1987 * outputs:
1982 1988 * zc_name name of next snapshot
1983 1989 * zc_objset_stats stats
1984 1990 * zc_nvlist_dst property nvlist
1985 1991 * zc_nvlist_dst_size size of property nvlist
1986 1992 */
1987 1993 static int
1988 1994 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc)
1989 1995 {
1990 1996 objset_t *os;
1991 1997 int error;
1992 1998
1993 1999 top:
1994 2000 if (zc->zc_cookie == 0)
1995 2001 (void) dmu_objset_find(zc->zc_name, dmu_objset_prefetch,
1996 2002 NULL, DS_FIND_SNAPSHOTS);
1997 2003
1998 2004 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
1999 2005 if (error)
2000 2006 return (error == ENOENT ? ESRCH : error);
2001 2007
2002 2008 /*
2003 2009 * A dataset name of maximum length cannot have any snapshots,
2004 2010 * so exit immediately.
2005 2011 */
2006 2012 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >= MAXNAMELEN) {
2007 2013 dmu_objset_rele(os, FTAG);
2008 2014 return (ESRCH);
2009 2015 }
2010 2016
2011 2017 error = dmu_snapshot_list_next(os,
2012 2018 sizeof (zc->zc_name) - strlen(zc->zc_name),
2013 2019 zc->zc_name + strlen(zc->zc_name), &zc->zc_obj, &zc->zc_cookie,
2014 2020 NULL);
2015 2021
2016 2022 if (error == 0) {
2017 2023 dsl_dataset_t *ds;
2018 2024 dsl_pool_t *dp = os->os_dsl_dataset->ds_dir->dd_pool;
2019 2025
2020 2026 /*
2021 2027 * Since we probably don't have a hold on this snapshot,
2022 2028 * it's possible that the objsetid could have been destroyed
2023 2029 * and reused for a new objset. It's OK if this happens during
2024 2030 * a zfs send operation, since the new createtxg will be
2025 2031 * beyond the range we're interested in.
2026 2032 */
2027 2033 rw_enter(&dp->dp_config_rwlock, RW_READER);
2028 2034 error = dsl_dataset_hold_obj(dp, zc->zc_obj, FTAG, &ds);
2029 2035 rw_exit(&dp->dp_config_rwlock);
2030 2036 if (error) {
2031 2037 if (error == ENOENT) {
2032 2038 /* Racing with destroy, get the next one. */
2033 2039 *strchr(zc->zc_name, '@') = '\0';
2034 2040 dmu_objset_rele(os, FTAG);
2035 2041 goto top;
2036 2042 }
2037 2043 } else {
2038 2044 objset_t *ossnap;
2039 2045
2040 2046 error = dmu_objset_from_ds(ds, &ossnap);
2041 2047 if (error == 0)
2042 2048 error = zfs_ioc_objset_stats_impl(zc, ossnap);
2043 2049 dsl_dataset_rele(ds, FTAG);
2044 2050 }
2045 2051 } else if (error == ENOENT) {
2046 2052 error = ESRCH;
2047 2053 }
2048 2054
2049 2055 dmu_objset_rele(os, FTAG);
2050 2056 /* if we failed, undo the @ that we tacked on to zc_name */
2051 2057 if (error)
2052 2058 *strchr(zc->zc_name, '@') = '\0';
2053 2059 return (error);
2054 2060 }
2055 2061
2056 2062 static int
2057 2063 zfs_prop_set_userquota(const char *dsname, nvpair_t *pair)
2058 2064 {
2059 2065 const char *propname = nvpair_name(pair);
2060 2066 uint64_t *valary;
2061 2067 unsigned int vallen;
2062 2068 const char *domain;
2063 2069 char *dash;
2064 2070 zfs_userquota_prop_t type;
2065 2071 uint64_t rid;
2066 2072 uint64_t quota;
2067 2073 zfsvfs_t *zfsvfs;
2068 2074 int err;
2069 2075
2070 2076 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2071 2077 nvlist_t *attrs;
2072 2078 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2073 2079 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2074 2080 &pair) != 0)
2075 2081 return (EINVAL);
2076 2082 }
2077 2083
2078 2084 /*
2079 2085 * A correctly constructed propname is encoded as
2080 2086 * userquota@<rid>-<domain>.
2081 2087 */
2082 2088 if ((dash = strchr(propname, '-')) == NULL ||
2083 2089 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 ||
2084 2090 vallen != 3)
2085 2091 return (EINVAL);
2086 2092
2087 2093 domain = dash + 1;
2088 2094 type = valary[0];
2089 2095 rid = valary[1];
2090 2096 quota = valary[2];
2091 2097
2092 2098 err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE);
2093 2099 if (err == 0) {
2094 2100 err = zfs_set_userquota(zfsvfs, type, domain, rid, quota);
2095 2101 zfsvfs_rele(zfsvfs, FTAG);
2096 2102 }
2097 2103
2098 2104 return (err);
2099 2105 }
2100 2106
2101 2107 /*
2102 2108 * If the named property is one that has a special function to set its value,
2103 2109 * return 0 on success and a positive error code on failure; otherwise if it is
2104 2110 * not one of the special properties handled by this function, return -1.
2105 2111 *
2106 2112 * XXX: It would be better for callers of the property interface if we handled
2107 2113 * these special cases in dsl_prop.c (in the dsl layer).
2108 2114 */
2109 2115 static int
2110 2116 zfs_prop_set_special(const char *dsname, zprop_source_t source,
2111 2117 nvpair_t *pair)
2112 2118 {
2113 2119 const char *propname = nvpair_name(pair);
2114 2120 zfs_prop_t prop = zfs_name_to_prop(propname);
2115 2121 uint64_t intval;
2116 2122 int err;
2117 2123
2118 2124 if (prop == ZPROP_INVAL) {
2119 2125 if (zfs_prop_userquota(propname))
2120 2126 return (zfs_prop_set_userquota(dsname, pair));
2121 2127 return (-1);
2122 2128 }
2123 2129
2124 2130 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2125 2131 nvlist_t *attrs;
2126 2132 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2127 2133 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2128 2134 &pair) == 0);
2129 2135 }
2130 2136
2131 2137 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING)
2132 2138 return (-1);
2133 2139
2134 2140 VERIFY(0 == nvpair_value_uint64(pair, &intval));
2135 2141
2136 2142 switch (prop) {
2137 2143 case ZFS_PROP_QUOTA:
2138 2144 err = dsl_dir_set_quota(dsname, source, intval);
2139 2145 break;
2140 2146 case ZFS_PROP_REFQUOTA:
2141 2147 err = dsl_dataset_set_quota(dsname, source, intval);
2142 2148 break;
2143 2149 case ZFS_PROP_RESERVATION:
2144 2150 err = dsl_dir_set_reservation(dsname, source, intval);
2145 2151 break;
2146 2152 case ZFS_PROP_REFRESERVATION:
2147 2153 err = dsl_dataset_set_reservation(dsname, source, intval);
2148 2154 break;
2149 2155 case ZFS_PROP_VOLSIZE:
2150 2156 err = zvol_set_volsize(dsname, ddi_driver_major(zfs_dip),
2151 2157 intval);
2152 2158 break;
2153 2159 case ZFS_PROP_VERSION:
2154 2160 {
2155 2161 zfsvfs_t *zfsvfs;
2156 2162
2157 2163 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0)
2158 2164 break;
2159 2165
2160 2166 err = zfs_set_version(zfsvfs, intval);
2161 2167 zfsvfs_rele(zfsvfs, FTAG);
2162 2168
2163 2169 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) {
2164 2170 zfs_cmd_t *zc;
2165 2171
2166 2172 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
2167 2173 (void) strcpy(zc->zc_name, dsname);
2168 2174 (void) zfs_ioc_userspace_upgrade(zc);
2169 2175 kmem_free(zc, sizeof (zfs_cmd_t));
2170 2176 }
2171 2177 break;
2172 2178 }
2173 2179
2174 2180 default:
2175 2181 err = -1;
2176 2182 }
2177 2183
2178 2184 return (err);
2179 2185 }
2180 2186
2181 2187 /*
2182 2188 * This function is best effort. If it fails to set any of the given properties,
2183 2189 * it continues to set as many as it can and returns the first error
2184 2190 * encountered. If the caller provides a non-NULL errlist, it also gives the
2185 2191 * complete list of names of all the properties it failed to set along with the
2186 2192 * corresponding error numbers. The caller is responsible for freeing the
2187 2193 * returned errlist.
2188 2194 *
2189 2195 * If every property is set successfully, zero is returned and the list pointed
2190 2196 * at by errlist is NULL.
2191 2197 */
2192 2198 int
2193 2199 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl,
2194 2200 nvlist_t **errlist)
2195 2201 {
2196 2202 nvpair_t *pair;
2197 2203 nvpair_t *propval;
2198 2204 int rv = 0;
2199 2205 uint64_t intval;
2200 2206 char *strval;
2201 2207 nvlist_t *genericnvl;
2202 2208 nvlist_t *errors;
2203 2209 nvlist_t *retrynvl;
2204 2210
2205 2211 VERIFY(nvlist_alloc(&genericnvl, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2206 2212 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2207 2213 VERIFY(nvlist_alloc(&retrynvl, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2208 2214
2209 2215 retry:
2210 2216 pair = NULL;
2211 2217 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2212 2218 const char *propname = nvpair_name(pair);
2213 2219 zfs_prop_t prop = zfs_name_to_prop(propname);
2214 2220 int err = 0;
2215 2221
2216 2222 /* decode the property value */
2217 2223 propval = pair;
2218 2224 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2219 2225 nvlist_t *attrs;
2220 2226 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2221 2227 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2222 2228 &propval) != 0)
2223 2229 err = EINVAL;
2224 2230 }
2225 2231
2226 2232 /* Validate value type */
2227 2233 if (err == 0 && prop == ZPROP_INVAL) {
2228 2234 if (zfs_prop_user(propname)) {
2229 2235 if (nvpair_type(propval) != DATA_TYPE_STRING)
2230 2236 err = EINVAL;
2231 2237 } else if (zfs_prop_userquota(propname)) {
2232 2238 if (nvpair_type(propval) !=
2233 2239 DATA_TYPE_UINT64_ARRAY)
2234 2240 err = EINVAL;
2235 2241 }
2236 2242 } else if (err == 0) {
2237 2243 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2238 2244 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING)
2239 2245 err = EINVAL;
2240 2246 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) {
2241 2247 const char *unused;
2242 2248
2243 2249 VERIFY(nvpair_value_uint64(propval,
2244 2250 &intval) == 0);
2245 2251
2246 2252 switch (zfs_prop_get_type(prop)) {
2247 2253 case PROP_TYPE_NUMBER:
2248 2254 break;
2249 2255 case PROP_TYPE_STRING:
2250 2256 err = EINVAL;
2251 2257 break;
2252 2258 case PROP_TYPE_INDEX:
2253 2259 if (zfs_prop_index_to_string(prop,
2254 2260 intval, &unused) != 0)
2255 2261 err = EINVAL;
2256 2262 break;
2257 2263 default:
2258 2264 cmn_err(CE_PANIC,
2259 2265 "unknown property type");
2260 2266 }
2261 2267 } else {
2262 2268 err = EINVAL;
2263 2269 }
2264 2270 }
2265 2271
2266 2272 /* Validate permissions */
2267 2273 if (err == 0)
2268 2274 err = zfs_check_settable(dsname, pair, CRED());
2269 2275
2270 2276 if (err == 0) {
2271 2277 err = zfs_prop_set_special(dsname, source, pair);
2272 2278 if (err == -1) {
2273 2279 /*
2274 2280 * For better performance we build up a list of
2275 2281 * properties to set in a single transaction.
2276 2282 */
2277 2283 err = nvlist_add_nvpair(genericnvl, pair);
2278 2284 } else if (err != 0 && nvl != retrynvl) {
2279 2285 /*
2280 2286 * This may be a spurious error caused by
2281 2287 * receiving quota and reservation out of order.
2282 2288 * Try again in a second pass.
2283 2289 */
2284 2290 err = nvlist_add_nvpair(retrynvl, pair);
2285 2291 }
2286 2292 }
2287 2293
2288 2294 if (err != 0)
2289 2295 VERIFY(nvlist_add_int32(errors, propname, err) == 0);
2290 2296 }
2291 2297
2292 2298 if (nvl != retrynvl && !nvlist_empty(retrynvl)) {
2293 2299 nvl = retrynvl;
2294 2300 goto retry;
2295 2301 }
2296 2302
2297 2303 if (!nvlist_empty(genericnvl) &&
2298 2304 dsl_props_set(dsname, source, genericnvl) != 0) {
2299 2305 /*
2300 2306 * If this fails, we still want to set as many properties as we
2301 2307 * can, so try setting them individually.
2302 2308 */
2303 2309 pair = NULL;
2304 2310 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) {
2305 2311 const char *propname = nvpair_name(pair);
2306 2312 int err = 0;
2307 2313
2308 2314 propval = pair;
2309 2315 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2310 2316 nvlist_t *attrs;
2311 2317 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2312 2318 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2313 2319 &propval) == 0);
2314 2320 }
2315 2321
2316 2322 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2317 2323 VERIFY(nvpair_value_string(propval,
2318 2324 &strval) == 0);
2319 2325 err = dsl_prop_set(dsname, propname, source, 1,
2320 2326 strlen(strval) + 1, strval);
2321 2327 } else {
2322 2328 VERIFY(nvpair_value_uint64(propval,
2323 2329 &intval) == 0);
2324 2330 err = dsl_prop_set(dsname, propname, source, 8,
2325 2331 1, &intval);
2326 2332 }
2327 2333
2328 2334 if (err != 0) {
2329 2335 VERIFY(nvlist_add_int32(errors, propname,
2330 2336 err) == 0);
2331 2337 }
2332 2338 }
2333 2339 }
2334 2340 nvlist_free(genericnvl);
2335 2341 nvlist_free(retrynvl);
2336 2342
2337 2343 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
2338 2344 nvlist_free(errors);
2339 2345 errors = NULL;
2340 2346 } else {
2341 2347 VERIFY(nvpair_value_int32(pair, &rv) == 0);
2342 2348 }
2343 2349
2344 2350 if (errlist == NULL)
2345 2351 nvlist_free(errors);
2346 2352 else
2347 2353 *errlist = errors;
2348 2354
2349 2355 return (rv);
2350 2356 }
2351 2357
2352 2358 /*
2353 2359 * Check that all the properties are valid user properties.
2354 2360 */
2355 2361 static int
2356 2362 zfs_check_userprops(char *fsname, nvlist_t *nvl)
2357 2363 {
2358 2364 nvpair_t *pair = NULL;
2359 2365 int error = 0;
2360 2366
2361 2367 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2362 2368 const char *propname = nvpair_name(pair);
2363 2369 char *valstr;
2364 2370
2365 2371 if (!zfs_prop_user(propname) ||
2366 2372 nvpair_type(pair) != DATA_TYPE_STRING)
2367 2373 return (EINVAL);
2368 2374
2369 2375 if (error = zfs_secpolicy_write_perms(fsname,
2370 2376 ZFS_DELEG_PERM_USERPROP, CRED()))
2371 2377 return (error);
2372 2378
2373 2379 if (strlen(propname) >= ZAP_MAXNAMELEN)
2374 2380 return (ENAMETOOLONG);
2375 2381
2376 2382 VERIFY(nvpair_value_string(pair, &valstr) == 0);
2377 2383 if (strlen(valstr) >= ZAP_MAXVALUELEN)
2378 2384 return (E2BIG);
2379 2385 }
2380 2386 return (0);
2381 2387 }
2382 2388
2383 2389 static void
2384 2390 props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops)
2385 2391 {
2386 2392 nvpair_t *pair;
2387 2393
2388 2394 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2389 2395
2390 2396 pair = NULL;
2391 2397 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) {
2392 2398 if (nvlist_exists(skipped, nvpair_name(pair)))
2393 2399 continue;
2394 2400
2395 2401 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0);
2396 2402 }
2397 2403 }
2398 2404
2399 2405 static int
2400 2406 clear_received_props(objset_t *os, const char *fs, nvlist_t *props,
2401 2407 nvlist_t *skipped)
2402 2408 {
2403 2409 int err = 0;
2404 2410 nvlist_t *cleared_props = NULL;
2405 2411 props_skip(props, skipped, &cleared_props);
2406 2412 if (!nvlist_empty(cleared_props)) {
2407 2413 /*
2408 2414 * Acts on local properties until the dataset has received
2409 2415 * properties at least once on or after SPA_VERSION_RECVD_PROPS.
2410 2416 */
2411 2417 zprop_source_t flags = (ZPROP_SRC_NONE |
2412 2418 (dsl_prop_get_hasrecvd(os) ? ZPROP_SRC_RECEIVED : 0));
2413 2419 err = zfs_set_prop_nvlist(fs, flags, cleared_props, NULL);
2414 2420 }
2415 2421 nvlist_free(cleared_props);
2416 2422 return (err);
2417 2423 }
2418 2424
2419 2425 /*
2420 2426 * inputs:
2421 2427 * zc_name name of filesystem
2422 2428 * zc_value name of property to set
2423 2429 * zc_nvlist_src{_size} nvlist of properties to apply
2424 2430 * zc_cookie received properties flag
2425 2431 *
2426 2432 * outputs:
2427 2433 * zc_nvlist_dst{_size} error for each unapplied received property
2428 2434 */
2429 2435 static int
2430 2436 zfs_ioc_set_prop(zfs_cmd_t *zc)
2431 2437 {
2432 2438 nvlist_t *nvl;
2433 2439 boolean_t received = zc->zc_cookie;
2434 2440 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED :
2435 2441 ZPROP_SRC_LOCAL);
2436 2442 nvlist_t *errors = NULL;
2437 2443 int error;
2438 2444
2439 2445 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2440 2446 zc->zc_iflags, &nvl)) != 0)
2441 2447 return (error);
2442 2448
2443 2449 if (received) {
2444 2450 nvlist_t *origprops;
2445 2451 objset_t *os;
2446 2452
2447 2453 if (dmu_objset_hold(zc->zc_name, FTAG, &os) == 0) {
2448 2454 if (dsl_prop_get_received(os, &origprops) == 0) {
2449 2455 (void) clear_received_props(os,
2450 2456 zc->zc_name, origprops, nvl);
2451 2457 nvlist_free(origprops);
2452 2458 }
2453 2459
2454 2460 dsl_prop_set_hasrecvd(os);
2455 2461 dmu_objset_rele(os, FTAG);
2456 2462 }
2457 2463 }
2458 2464
2459 2465 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, &errors);
2460 2466
2461 2467 if (zc->zc_nvlist_dst != NULL && errors != NULL) {
2462 2468 (void) put_nvlist(zc, errors);
2463 2469 }
2464 2470
2465 2471 nvlist_free(errors);
2466 2472 nvlist_free(nvl);
2467 2473 return (error);
2468 2474 }
2469 2475
2470 2476 /*
2471 2477 * inputs:
2472 2478 * zc_name name of filesystem
2473 2479 * zc_value name of property to inherit
2474 2480 * zc_cookie revert to received value if TRUE
2475 2481 *
2476 2482 * outputs: none
2477 2483 */
2478 2484 static int
2479 2485 zfs_ioc_inherit_prop(zfs_cmd_t *zc)
2480 2486 {
2481 2487 const char *propname = zc->zc_value;
2482 2488 zfs_prop_t prop = zfs_name_to_prop(propname);
2483 2489 boolean_t received = zc->zc_cookie;
2484 2490 zprop_source_t source = (received
2485 2491 ? ZPROP_SRC_NONE /* revert to received value, if any */
2486 2492 : ZPROP_SRC_INHERITED); /* explicitly inherit */
2487 2493
2488 2494 if (received) {
2489 2495 nvlist_t *dummy;
2490 2496 nvpair_t *pair;
2491 2497 zprop_type_t type;
2492 2498 int err;
2493 2499
2494 2500 /*
2495 2501 * zfs_prop_set_special() expects properties in the form of an
2496 2502 * nvpair with type info.
2497 2503 */
2498 2504 if (prop == ZPROP_INVAL) {
2499 2505 if (!zfs_prop_user(propname))
2500 2506 return (EINVAL);
2501 2507
2502 2508 type = PROP_TYPE_STRING;
2503 2509 } else if (prop == ZFS_PROP_VOLSIZE ||
2504 2510 prop == ZFS_PROP_VERSION) {
2505 2511 return (EINVAL);
2506 2512 } else {
2507 2513 type = zfs_prop_get_type(prop);
2508 2514 }
2509 2515
2510 2516 VERIFY(nvlist_alloc(&dummy, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2511 2517
2512 2518 switch (type) {
2513 2519 case PROP_TYPE_STRING:
2514 2520 VERIFY(0 == nvlist_add_string(dummy, propname, ""));
2515 2521 break;
2516 2522 case PROP_TYPE_NUMBER:
2517 2523 case PROP_TYPE_INDEX:
2518 2524 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0));
2519 2525 break;
2520 2526 default:
2521 2527 nvlist_free(dummy);
2522 2528 return (EINVAL);
2523 2529 }
2524 2530
2525 2531 pair = nvlist_next_nvpair(dummy, NULL);
2526 2532 err = zfs_prop_set_special(zc->zc_name, source, pair);
2527 2533 nvlist_free(dummy);
2528 2534 if (err != -1)
2529 2535 return (err); /* special property already handled */
2530 2536 } else {
2531 2537 /*
2532 2538 * Only check this in the non-received case. We want to allow
2533 2539 * 'inherit -S' to revert non-inheritable properties like quota
2534 2540 * and reservation to the received or default values even though
2535 2541 * they are not considered inheritable.
2536 2542 */
2537 2543 if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop))
2538 2544 return (EINVAL);
2539 2545 }
2540 2546
2541 2547 /* the property name has been validated by zfs_secpolicy_inherit() */
2542 2548 return (dsl_prop_set(zc->zc_name, zc->zc_value, source, 0, 0, NULL));
2543 2549 }
2544 2550
2545 2551 static int
2546 2552 zfs_ioc_pool_set_props(zfs_cmd_t *zc)
2547 2553 {
2548 2554 nvlist_t *props;
2549 2555 spa_t *spa;
2550 2556 int error;
2551 2557 nvpair_t *pair;
2552 2558
2553 2559 if (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2554 2560 zc->zc_iflags, &props))
2555 2561 return (error);
2556 2562
2557 2563 /*
2558 2564 * If the only property is the configfile, then just do a spa_lookup()
2559 2565 * to handle the faulted case.
2560 2566 */
2561 2567 pair = nvlist_next_nvpair(props, NULL);
2562 2568 if (pair != NULL && strcmp(nvpair_name(pair),
2563 2569 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 &&
2564 2570 nvlist_next_nvpair(props, pair) == NULL) {
2565 2571 mutex_enter(&spa_namespace_lock);
2566 2572 if ((spa = spa_lookup(zc->zc_name)) != NULL) {
2567 2573 spa_configfile_set(spa, props, B_FALSE);
2568 2574 spa_config_sync(spa, B_FALSE, B_TRUE);
2569 2575 }
2570 2576 mutex_exit(&spa_namespace_lock);
2571 2577 if (spa != NULL) {
2572 2578 nvlist_free(props);
2573 2579 return (0);
2574 2580 }
2575 2581 }
2576 2582
2577 2583 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2578 2584 nvlist_free(props);
2579 2585 return (error);
2580 2586 }
2581 2587
2582 2588 error = spa_prop_set(spa, props);
2583 2589
2584 2590 nvlist_free(props);
2585 2591 spa_close(spa, FTAG);
2586 2592
2587 2593 return (error);
2588 2594 }
2589 2595
2590 2596 static int
2591 2597 zfs_ioc_pool_get_props(zfs_cmd_t *zc)
2592 2598 {
2593 2599 spa_t *spa;
2594 2600 int error;
2595 2601 nvlist_t *nvp = NULL;
2596 2602
2597 2603 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2598 2604 /*
2599 2605 * If the pool is faulted, there may be properties we can still
2600 2606 * get (such as altroot and cachefile), so attempt to get them
2601 2607 * anyway.
2602 2608 */
2603 2609 mutex_enter(&spa_namespace_lock);
2604 2610 if ((spa = spa_lookup(zc->zc_name)) != NULL)
2605 2611 error = spa_prop_get(spa, &nvp);
2606 2612 mutex_exit(&spa_namespace_lock);
2607 2613 } else {
2608 2614 error = spa_prop_get(spa, &nvp);
2609 2615 spa_close(spa, FTAG);
2610 2616 }
2611 2617
2612 2618 if (error == 0 && zc->zc_nvlist_dst != NULL)
2613 2619 error = put_nvlist(zc, nvp);
2614 2620 else
2615 2621 error = EFAULT;
2616 2622
2617 2623 nvlist_free(nvp);
2618 2624 return (error);
2619 2625 }
2620 2626
2621 2627 /*
2622 2628 * inputs:
2623 2629 * zc_name name of filesystem
2624 2630 * zc_nvlist_src{_size} nvlist of delegated permissions
2625 2631 * zc_perm_action allow/unallow flag
2626 2632 *
2627 2633 * outputs: none
2628 2634 */
2629 2635 static int
2630 2636 zfs_ioc_set_fsacl(zfs_cmd_t *zc)
2631 2637 {
2632 2638 int error;
2633 2639 nvlist_t *fsaclnv = NULL;
2634 2640
2635 2641 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2636 2642 zc->zc_iflags, &fsaclnv)) != 0)
2637 2643 return (error);
2638 2644
2639 2645 /*
2640 2646 * Verify nvlist is constructed correctly
2641 2647 */
2642 2648 if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) {
2643 2649 nvlist_free(fsaclnv);
2644 2650 return (EINVAL);
2645 2651 }
2646 2652
2647 2653 /*
2648 2654 * If we don't have PRIV_SYS_MOUNT, then validate
2649 2655 * that user is allowed to hand out each permission in
2650 2656 * the nvlist(s)
2651 2657 */
2652 2658
2653 2659 error = secpolicy_zfs(CRED());
2654 2660 if (error) {
2655 2661 if (zc->zc_perm_action == B_FALSE) {
2656 2662 error = dsl_deleg_can_allow(zc->zc_name,
2657 2663 fsaclnv, CRED());
2658 2664 } else {
2659 2665 error = dsl_deleg_can_unallow(zc->zc_name,
2660 2666 fsaclnv, CRED());
2661 2667 }
2662 2668 }
2663 2669
2664 2670 if (error == 0)
2665 2671 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action);
2666 2672
2667 2673 nvlist_free(fsaclnv);
2668 2674 return (error);
2669 2675 }
2670 2676
2671 2677 /*
2672 2678 * inputs:
2673 2679 * zc_name name of filesystem
2674 2680 *
2675 2681 * outputs:
2676 2682 * zc_nvlist_src{_size} nvlist of delegated permissions
2677 2683 */
2678 2684 static int
2679 2685 zfs_ioc_get_fsacl(zfs_cmd_t *zc)
2680 2686 {
2681 2687 nvlist_t *nvp;
2682 2688 int error;
2683 2689
2684 2690 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) {
2685 2691 error = put_nvlist(zc, nvp);
2686 2692 nvlist_free(nvp);
2687 2693 }
2688 2694
2689 2695 return (error);
2690 2696 }
2691 2697
2692 2698 /*
2693 2699 * Search the vfs list for a specified resource. Returns a pointer to it
2694 2700 * or NULL if no suitable entry is found. The caller of this routine
2695 2701 * is responsible for releasing the returned vfs pointer.
2696 2702 */
2697 2703 static vfs_t *
2698 2704 zfs_get_vfs(const char *resource)
2699 2705 {
2700 2706 struct vfs *vfsp;
2701 2707 struct vfs *vfs_found = NULL;
2702 2708
2703 2709 vfs_list_read_lock();
2704 2710 vfsp = rootvfs;
2705 2711 do {
2706 2712 if (strcmp(refstr_value(vfsp->vfs_resource), resource) == 0) {
2707 2713 VFS_HOLD(vfsp);
2708 2714 vfs_found = vfsp;
2709 2715 break;
2710 2716 }
2711 2717 vfsp = vfsp->vfs_next;
2712 2718 } while (vfsp != rootvfs);
2713 2719 vfs_list_unlock();
2714 2720 return (vfs_found);
2715 2721 }
2716 2722
2717 2723 /* ARGSUSED */
2718 2724 static void
2719 2725 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx)
2720 2726 {
2721 2727 zfs_creat_t *zct = arg;
2722 2728
2723 2729 zfs_create_fs(os, cr, zct->zct_zplprops, tx);
2724 2730 }
2725 2731
2726 2732 #define ZFS_PROP_UNDEFINED ((uint64_t)-1)
2727 2733
2728 2734 /*
2729 2735 * inputs:
2730 2736 * createprops list of properties requested by creator
2731 2737 * default_zplver zpl version to use if unspecified in createprops
2732 2738 * fuids_ok fuids allowed in this version of the spa?
2733 2739 * os parent objset pointer (NULL if root fs)
2734 2740 *
2735 2741 * outputs:
2736 2742 * zplprops values for the zplprops we attach to the master node object
2737 2743 * is_ci true if requested file system will be purely case-insensitive
2738 2744 *
2739 2745 * Determine the settings for utf8only, normalization and
2740 2746 * casesensitivity. Specific values may have been requested by the
2741 2747 * creator and/or we can inherit values from the parent dataset. If
2742 2748 * the file system is of too early a vintage, a creator can not
2743 2749 * request settings for these properties, even if the requested
2744 2750 * setting is the default value. We don't actually want to create dsl
2745 2751 * properties for these, so remove them from the source nvlist after
2746 2752 * processing.
2747 2753 */
2748 2754 static int
2749 2755 zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver,
2750 2756 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops,
2751 2757 nvlist_t *zplprops, boolean_t *is_ci)
2752 2758 {
2753 2759 uint64_t sense = ZFS_PROP_UNDEFINED;
2754 2760 uint64_t norm = ZFS_PROP_UNDEFINED;
2755 2761 uint64_t u8 = ZFS_PROP_UNDEFINED;
2756 2762
2757 2763 ASSERT(zplprops != NULL);
2758 2764
2759 2765 /*
2760 2766 * Pull out creator prop choices, if any.
2761 2767 */
2762 2768 if (createprops) {
2763 2769 (void) nvlist_lookup_uint64(createprops,
2764 2770 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver);
2765 2771 (void) nvlist_lookup_uint64(createprops,
2766 2772 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm);
2767 2773 (void) nvlist_remove_all(createprops,
2768 2774 zfs_prop_to_name(ZFS_PROP_NORMALIZE));
2769 2775 (void) nvlist_lookup_uint64(createprops,
2770 2776 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8);
2771 2777 (void) nvlist_remove_all(createprops,
2772 2778 zfs_prop_to_name(ZFS_PROP_UTF8ONLY));
2773 2779 (void) nvlist_lookup_uint64(createprops,
2774 2780 zfs_prop_to_name(ZFS_PROP_CASE), &sense);
2775 2781 (void) nvlist_remove_all(createprops,
2776 2782 zfs_prop_to_name(ZFS_PROP_CASE));
2777 2783 }
2778 2784
2779 2785 /*
2780 2786 * If the zpl version requested is whacky or the file system
2781 2787 * or pool is version is too "young" to support normalization
2782 2788 * and the creator tried to set a value for one of the props,
2783 2789 * error out.
2784 2790 */
2785 2791 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) ||
2786 2792 (zplver >= ZPL_VERSION_FUID && !fuids_ok) ||
2787 2793 (zplver >= ZPL_VERSION_SA && !sa_ok) ||
2788 2794 (zplver < ZPL_VERSION_NORMALIZATION &&
2789 2795 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED ||
2790 2796 sense != ZFS_PROP_UNDEFINED)))
2791 2797 return (ENOTSUP);
2792 2798
2793 2799 /*
2794 2800 * Put the version in the zplprops
2795 2801 */
2796 2802 VERIFY(nvlist_add_uint64(zplprops,
2797 2803 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0);
2798 2804
2799 2805 if (norm == ZFS_PROP_UNDEFINED)
2800 2806 VERIFY(zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm) == 0);
2801 2807 VERIFY(nvlist_add_uint64(zplprops,
2802 2808 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0);
2803 2809
2804 2810 /*
2805 2811 * If we're normalizing, names must always be valid UTF-8 strings.
2806 2812 */
2807 2813 if (norm)
2808 2814 u8 = 1;
2809 2815 if (u8 == ZFS_PROP_UNDEFINED)
2810 2816 VERIFY(zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8) == 0);
2811 2817 VERIFY(nvlist_add_uint64(zplprops,
2812 2818 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0);
2813 2819
2814 2820 if (sense == ZFS_PROP_UNDEFINED)
2815 2821 VERIFY(zfs_get_zplprop(os, ZFS_PROP_CASE, &sense) == 0);
2816 2822 VERIFY(nvlist_add_uint64(zplprops,
2817 2823 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0);
2818 2824
2819 2825 if (is_ci)
2820 2826 *is_ci = (sense == ZFS_CASE_INSENSITIVE);
2821 2827
2822 2828 return (0);
2823 2829 }
2824 2830
2825 2831 static int
2826 2832 zfs_fill_zplprops(const char *dataset, nvlist_t *createprops,
2827 2833 nvlist_t *zplprops, boolean_t *is_ci)
2828 2834 {
2829 2835 boolean_t fuids_ok, sa_ok;
2830 2836 uint64_t zplver = ZPL_VERSION;
2831 2837 objset_t *os = NULL;
2832 2838 char parentname[MAXNAMELEN];
2833 2839 char *cp;
2834 2840 spa_t *spa;
2835 2841 uint64_t spa_vers;
2836 2842 int error;
2837 2843
2838 2844 (void) strlcpy(parentname, dataset, sizeof (parentname));
2839 2845 cp = strrchr(parentname, '/');
2840 2846 ASSERT(cp != NULL);
2841 2847 cp[0] = '\0';
2842 2848
2843 2849 if ((error = spa_open(dataset, &spa, FTAG)) != 0)
2844 2850 return (error);
2845 2851
2846 2852 spa_vers = spa_version(spa);
2847 2853 spa_close(spa, FTAG);
2848 2854
2849 2855 zplver = zfs_zpl_version_map(spa_vers);
2850 2856 fuids_ok = (zplver >= ZPL_VERSION_FUID);
2851 2857 sa_ok = (zplver >= ZPL_VERSION_SA);
2852 2858
2853 2859 /*
2854 2860 * Open parent object set so we can inherit zplprop values.
2855 2861 */
2856 2862 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0)
2857 2863 return (error);
2858 2864
2859 2865 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops,
2860 2866 zplprops, is_ci);
2861 2867 dmu_objset_rele(os, FTAG);
2862 2868 return (error);
2863 2869 }
2864 2870
2865 2871 static int
2866 2872 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops,
2867 2873 nvlist_t *zplprops, boolean_t *is_ci)
2868 2874 {
2869 2875 boolean_t fuids_ok;
2870 2876 boolean_t sa_ok;
2871 2877 uint64_t zplver = ZPL_VERSION;
2872 2878 int error;
2873 2879
2874 2880 zplver = zfs_zpl_version_map(spa_vers);
2875 2881 fuids_ok = (zplver >= ZPL_VERSION_FUID);
2876 2882 sa_ok = (zplver >= ZPL_VERSION_SA);
2877 2883
2878 2884 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok,
2879 2885 createprops, zplprops, is_ci);
2880 2886 return (error);
2881 2887 }
2882 2888
2883 2889 /*
2884 2890 * inputs:
2885 2891 * zc_objset_type type of objset to create (fs vs zvol)
2886 2892 * zc_name name of new objset
2887 2893 * zc_value name of snapshot to clone from (may be empty)
2888 2894 * zc_nvlist_src{_size} nvlist of properties to apply
2889 2895 *
2890 2896 * outputs: none
2891 2897 */
2892 2898 static int
2893 2899 zfs_ioc_create(zfs_cmd_t *zc)
2894 2900 {
2895 2901 objset_t *clone;
2896 2902 int error = 0;
2897 2903 zfs_creat_t zct;
2898 2904 nvlist_t *nvprops = NULL;
2899 2905 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx);
2900 2906 dmu_objset_type_t type = zc->zc_objset_type;
2901 2907
2902 2908 switch (type) {
2903 2909
2904 2910 case DMU_OST_ZFS:
2905 2911 cbfunc = zfs_create_cb;
2906 2912 break;
2907 2913
2908 2914 case DMU_OST_ZVOL:
2909 2915 cbfunc = zvol_create_cb;
2910 2916 break;
2911 2917
2912 2918 default:
2913 2919 cbfunc = NULL;
2914 2920 break;
2915 2921 }
2916 2922 if (strchr(zc->zc_name, '@') ||
2917 2923 strchr(zc->zc_name, '%'))
2918 2924 return (EINVAL);
2919 2925
2920 2926 if (zc->zc_nvlist_src != NULL &&
2921 2927 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2922 2928 zc->zc_iflags, &nvprops)) != 0)
2923 2929 return (error);
2924 2930
2925 2931 zct.zct_zplprops = NULL;
2926 2932 zct.zct_props = nvprops;
2927 2933
2928 2934 if (zc->zc_value[0] != '\0') {
2929 2935 /*
2930 2936 * We're creating a clone of an existing snapshot.
2931 2937 */
2932 2938 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
2933 2939 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0) {
2934 2940 nvlist_free(nvprops);
2935 2941 return (EINVAL);
2936 2942 }
2937 2943
2938 2944 error = dmu_objset_hold(zc->zc_value, FTAG, &clone);
2939 2945 if (error) {
2940 2946 nvlist_free(nvprops);
2941 2947 return (error);
2942 2948 }
2943 2949
2944 2950 error = dmu_objset_clone(zc->zc_name, dmu_objset_ds(clone), 0);
2945 2951 dmu_objset_rele(clone, FTAG);
2946 2952 if (error) {
2947 2953 nvlist_free(nvprops);
2948 2954 return (error);
2949 2955 }
2950 2956 } else {
2951 2957 boolean_t is_insensitive = B_FALSE;
2952 2958
2953 2959 if (cbfunc == NULL) {
2954 2960 nvlist_free(nvprops);
2955 2961 return (EINVAL);
2956 2962 }
2957 2963
2958 2964 if (type == DMU_OST_ZVOL) {
2959 2965 uint64_t volsize, volblocksize;
2960 2966
2961 2967 if (nvprops == NULL ||
2962 2968 nvlist_lookup_uint64(nvprops,
2963 2969 zfs_prop_to_name(ZFS_PROP_VOLSIZE),
2964 2970 &volsize) != 0) {
2965 2971 nvlist_free(nvprops);
2966 2972 return (EINVAL);
2967 2973 }
2968 2974
2969 2975 if ((error = nvlist_lookup_uint64(nvprops,
2970 2976 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
2971 2977 &volblocksize)) != 0 && error != ENOENT) {
2972 2978 nvlist_free(nvprops);
2973 2979 return (EINVAL);
2974 2980 }
2975 2981
2976 2982 if (error != 0)
2977 2983 volblocksize = zfs_prop_default_numeric(
2978 2984 ZFS_PROP_VOLBLOCKSIZE);
2979 2985
2980 2986 if ((error = zvol_check_volblocksize(
2981 2987 volblocksize)) != 0 ||
2982 2988 (error = zvol_check_volsize(volsize,
2983 2989 volblocksize)) != 0) {
2984 2990 nvlist_free(nvprops);
2985 2991 return (error);
2986 2992 }
2987 2993 } else if (type == DMU_OST_ZFS) {
2988 2994 int error;
2989 2995
2990 2996 /*
2991 2997 * We have to have normalization and
2992 2998 * case-folding flags correct when we do the
2993 2999 * file system creation, so go figure them out
2994 3000 * now.
2995 3001 */
2996 3002 VERIFY(nvlist_alloc(&zct.zct_zplprops,
2997 3003 NV_UNIQUE_NAME, KM_SLEEP) == 0);
2998 3004 error = zfs_fill_zplprops(zc->zc_name, nvprops,
2999 3005 zct.zct_zplprops, &is_insensitive);
3000 3006 if (error != 0) {
3001 3007 nvlist_free(nvprops);
3002 3008 nvlist_free(zct.zct_zplprops);
3003 3009 return (error);
3004 3010 }
3005 3011 }
3006 3012 error = dmu_objset_create(zc->zc_name, type,
3007 3013 is_insensitive ? DS_FLAG_CI_DATASET : 0, cbfunc, &zct);
3008 3014 nvlist_free(zct.zct_zplprops);
3009 3015 }
3010 3016
3011 3017 /*
3012 3018 * It would be nice to do this atomically.
3013 3019 */
3014 3020 if (error == 0) {
3015 3021 error = zfs_set_prop_nvlist(zc->zc_name, ZPROP_SRC_LOCAL,
3016 3022 nvprops, NULL);
3017 3023 if (error != 0)
3018 3024 (void) dmu_objset_destroy(zc->zc_name, B_FALSE);
3019 3025 }
3020 3026 nvlist_free(nvprops);
3021 3027 return (error);
3022 3028 }
3023 3029
3024 3030 /*
3025 3031 * inputs:
3026 3032 * zc_name name of filesystem
3027 3033 * zc_value short name of snapshot
3028 3034 * zc_cookie recursive flag
3029 3035 * zc_nvlist_src[_size] property list
3030 3036 *
3031 3037 * outputs:
3032 3038 * zc_value short snapname (i.e. part after the '@')
3033 3039 */
3034 3040 static int
3035 3041 zfs_ioc_snapshot(zfs_cmd_t *zc)
3036 3042 {
3037 3043 nvlist_t *nvprops = NULL;
3038 3044 int error;
3039 3045 boolean_t recursive = zc->zc_cookie;
3040 3046
3041 3047 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
3042 3048 return (EINVAL);
3043 3049
3044 3050 if (zc->zc_nvlist_src != NULL &&
3045 3051 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
3046 3052 zc->zc_iflags, &nvprops)) != 0)
3047 3053 return (error);
3048 3054
3049 3055 error = zfs_check_userprops(zc->zc_name, nvprops);
3050 3056 if (error)
3051 3057 goto out;
3052 3058
3053 3059 if (!nvlist_empty(nvprops) &&
3054 3060 zfs_earlier_version(zc->zc_name, SPA_VERSION_SNAP_PROPS)) {
3055 3061 error = ENOTSUP;
3056 3062 goto out;
3057 3063 }
3058 3064
3059 3065 error = dmu_objset_snapshot(zc->zc_name, zc->zc_value, NULL,
3060 3066 nvprops, recursive, B_FALSE, -1);
3061 3067
3062 3068 out:
3063 3069 nvlist_free(nvprops);
3064 3070 return (error);
3065 3071 }
3066 3072
3067 3073 int
3068 3074 zfs_unmount_snap(const char *name, void *arg)
3069 3075 {
3070 3076 vfs_t *vfsp = NULL;
3071 3077
3072 3078 if (arg) {
3073 3079 char *snapname = arg;
3074 3080 char *fullname = kmem_asprintf("%s@%s", name, snapname);
3075 3081 vfsp = zfs_get_vfs(fullname);
3076 3082 strfree(fullname);
3077 3083 } else if (strchr(name, '@')) {
3078 3084 vfsp = zfs_get_vfs(name);
3079 3085 }
3080 3086
3081 3087 if (vfsp) {
3082 3088 /*
3083 3089 * Always force the unmount for snapshots.
3084 3090 */
3085 3091 int flag = MS_FORCE;
3086 3092 int err;
3087 3093
3088 3094 if ((err = vn_vfswlock(vfsp->vfs_vnodecovered)) != 0) {
3089 3095 VFS_RELE(vfsp);
3090 3096 return (err);
3091 3097 }
3092 3098 VFS_RELE(vfsp);
3093 3099 if ((err = dounmount(vfsp, flag, kcred)) != 0)
3094 3100 return (err);
3095 3101 }
3096 3102 return (0);
3097 3103 }
3098 3104
3099 3105 /*
3100 3106 * inputs:
3101 3107 * zc_name name of filesystem
3102 3108 * zc_value short name of snapshot
3103 3109 * zc_defer_destroy mark for deferred destroy
3104 3110 *
3105 3111 * outputs: none
3106 3112 */
3107 3113 static int
3108 3114 zfs_ioc_destroy_snaps(zfs_cmd_t *zc)
3109 3115 {
3110 3116 int err;
3111 3117
3112 3118 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
3113 3119 return (EINVAL);
3114 3120 err = dmu_objset_find(zc->zc_name,
3115 3121 zfs_unmount_snap, zc->zc_value, DS_FIND_CHILDREN);
3116 3122 if (err)
3117 3123 return (err);
3118 3124 return (dmu_snapshots_destroy(zc->zc_name, zc->zc_value,
3119 3125 zc->zc_defer_destroy));
3120 3126 }
3121 3127
3122 3128 /*
3123 3129 * inputs:
3124 3130 * zc_name name of dataset to destroy
3125 3131 * zc_objset_type type of objset
3126 3132 * zc_defer_destroy mark for deferred destroy
3127 3133 *
3128 3134 * outputs: none
3129 3135 */
3130 3136 static int
3131 3137 zfs_ioc_destroy(zfs_cmd_t *zc)
3132 3138 {
3133 3139 int err;
3134 3140 if (strchr(zc->zc_name, '@') && zc->zc_objset_type == DMU_OST_ZFS) {
3135 3141 err = zfs_unmount_snap(zc->zc_name, NULL);
3136 3142 if (err)
3137 3143 return (err);
3138 3144 }
3139 3145
3140 3146 err = dmu_objset_destroy(zc->zc_name, zc->zc_defer_destroy);
3141 3147 if (zc->zc_objset_type == DMU_OST_ZVOL && err == 0)
3142 3148 (void) zvol_remove_minor(zc->zc_name);
3143 3149 return (err);
3144 3150 }
3145 3151
3146 3152 /*
3147 3153 * inputs:
3148 3154 * zc_name name of dataset to rollback (to most recent snapshot)
3149 3155 *
3150 3156 * outputs: none
3151 3157 */
3152 3158 static int
3153 3159 zfs_ioc_rollback(zfs_cmd_t *zc)
3154 3160 {
3155 3161 dsl_dataset_t *ds, *clone;
3156 3162 int error;
3157 3163 zfsvfs_t *zfsvfs;
3158 3164 char *clone_name;
3159 3165
3160 3166 error = dsl_dataset_hold(zc->zc_name, FTAG, &ds);
3161 3167 if (error)
3162 3168 return (error);
3163 3169
3164 3170 /* must not be a snapshot */
3165 3171 if (dsl_dataset_is_snapshot(ds)) {
3166 3172 dsl_dataset_rele(ds, FTAG);
3167 3173 return (EINVAL);
3168 3174 }
3169 3175
3170 3176 /* must have a most recent snapshot */
3171 3177 if (ds->ds_phys->ds_prev_snap_txg < TXG_INITIAL) {
3172 3178 dsl_dataset_rele(ds, FTAG);
3173 3179 return (EINVAL);
3174 3180 }
3175 3181
3176 3182 /*
3177 3183 * Create clone of most recent snapshot.
3178 3184 */
3179 3185 clone_name = kmem_asprintf("%s/%%rollback", zc->zc_name);
3180 3186 error = dmu_objset_clone(clone_name, ds->ds_prev, DS_FLAG_INCONSISTENT);
3181 3187 if (error)
3182 3188 goto out;
3183 3189
3184 3190 error = dsl_dataset_own(clone_name, B_TRUE, FTAG, &clone);
3185 3191 if (error)
3186 3192 goto out;
3187 3193
3188 3194 /*
3189 3195 * Do clone swap.
3190 3196 */
3191 3197 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) {
3192 3198 error = zfs_suspend_fs(zfsvfs);
3193 3199 if (error == 0) {
3194 3200 int resume_err;
3195 3201
3196 3202 if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) {
3197 3203 error = dsl_dataset_clone_swap(clone, ds,
3198 3204 B_TRUE);
3199 3205 dsl_dataset_disown(ds, FTAG);
3200 3206 ds = NULL;
3201 3207 } else {
3202 3208 error = EBUSY;
3203 3209 }
3204 3210 resume_err = zfs_resume_fs(zfsvfs, zc->zc_name);
3205 3211 error = error ? error : resume_err;
3206 3212 }
3207 3213 VFS_RELE(zfsvfs->z_vfs);
3208 3214 } else {
3209 3215 if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) {
3210 3216 error = dsl_dataset_clone_swap(clone, ds, B_TRUE);
3211 3217 dsl_dataset_disown(ds, FTAG);
3212 3218 ds = NULL;
3213 3219 } else {
3214 3220 error = EBUSY;
3215 3221 }
3216 3222 }
3217 3223
3218 3224 /*
3219 3225 * Destroy clone (which also closes it).
3220 3226 */
3221 3227 (void) dsl_dataset_destroy(clone, FTAG, B_FALSE);
3222 3228
3223 3229 out:
3224 3230 strfree(clone_name);
3225 3231 if (ds)
3226 3232 dsl_dataset_rele(ds, FTAG);
3227 3233 return (error);
3228 3234 }
3229 3235
3230 3236 /*
3231 3237 * inputs:
3232 3238 * zc_name old name of dataset
3233 3239 * zc_value new name of dataset
3234 3240 * zc_cookie recursive flag (only valid for snapshots)
3235 3241 *
3236 3242 * outputs: none
3237 3243 */
3238 3244 static int
3239 3245 zfs_ioc_rename(zfs_cmd_t *zc)
3240 3246 {
3241 3247 boolean_t recursive = zc->zc_cookie & 1;
3242 3248
3243 3249 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
3244 3250 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
3245 3251 strchr(zc->zc_value, '%'))
3246 3252 return (EINVAL);
3247 3253
3248 3254 /*
3249 3255 * Unmount snapshot unless we're doing a recursive rename,
3250 3256 * in which case the dataset code figures out which snapshots
3251 3257 * to unmount.
3252 3258 */
3253 3259 if (!recursive && strchr(zc->zc_name, '@') != NULL &&
3254 3260 zc->zc_objset_type == DMU_OST_ZFS) {
3255 3261 int err = zfs_unmount_snap(zc->zc_name, NULL);
3256 3262 if (err)
3257 3263 return (err);
3258 3264 }
3259 3265 if (zc->zc_objset_type == DMU_OST_ZVOL)
3260 3266 (void) zvol_remove_minor(zc->zc_name);
3261 3267 return (dmu_objset_rename(zc->zc_name, zc->zc_value, recursive));
3262 3268 }
3263 3269
3264 3270 static int
3265 3271 zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr)
3266 3272 {
3267 3273 const char *propname = nvpair_name(pair);
3268 3274 boolean_t issnap = (strchr(dsname, '@') != NULL);
3269 3275 zfs_prop_t prop = zfs_name_to_prop(propname);
3270 3276 uint64_t intval;
3271 3277 int err;
3272 3278
3273 3279 if (prop == ZPROP_INVAL) {
3274 3280 if (zfs_prop_user(propname)) {
3275 3281 if (err = zfs_secpolicy_write_perms(dsname,
3276 3282 ZFS_DELEG_PERM_USERPROP, cr))
3277 3283 return (err);
3278 3284 return (0);
3279 3285 }
3280 3286
3281 3287 if (!issnap && zfs_prop_userquota(propname)) {
3282 3288 const char *perm = NULL;
3283 3289 const char *uq_prefix =
3284 3290 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA];
3285 3291 const char *gq_prefix =
3286 3292 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA];
3287 3293
3288 3294 if (strncmp(propname, uq_prefix,
3289 3295 strlen(uq_prefix)) == 0) {
3290 3296 perm = ZFS_DELEG_PERM_USERQUOTA;
3291 3297 } else if (strncmp(propname, gq_prefix,
3292 3298 strlen(gq_prefix)) == 0) {
3293 3299 perm = ZFS_DELEG_PERM_GROUPQUOTA;
3294 3300 } else {
3295 3301 /* USERUSED and GROUPUSED are read-only */
3296 3302 return (EINVAL);
3297 3303 }
3298 3304
3299 3305 if (err = zfs_secpolicy_write_perms(dsname, perm, cr))
3300 3306 return (err);
3301 3307 return (0);
3302 3308 }
3303 3309
3304 3310 return (EINVAL);
3305 3311 }
3306 3312
3307 3313 if (issnap)
3308 3314 return (EINVAL);
3309 3315
3310 3316 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
3311 3317 /*
3312 3318 * dsl_prop_get_all_impl() returns properties in this
3313 3319 * format.
3314 3320 */
3315 3321 nvlist_t *attrs;
3316 3322 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
3317 3323 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3318 3324 &pair) == 0);
3319 3325 }
3320 3326
3321 3327 /*
3322 3328 * Check that this value is valid for this pool version
3323 3329 */
3324 3330 switch (prop) {
3325 3331 case ZFS_PROP_COMPRESSION:
3326 3332 /*
3327 3333 * If the user specified gzip compression, make sure
3328 3334 * the SPA supports it. We ignore any errors here since
3329 3335 * we'll catch them later.
3330 3336 */
3331 3337 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
3332 3338 nvpair_value_uint64(pair, &intval) == 0) {
3333 3339 if (intval >= ZIO_COMPRESS_GZIP_1 &&
3334 3340 intval <= ZIO_COMPRESS_GZIP_9 &&
3335 3341 zfs_earlier_version(dsname,
3336 3342 SPA_VERSION_GZIP_COMPRESSION)) {
3337 3343 return (ENOTSUP);
3338 3344 }
3339 3345
3340 3346 if (intval == ZIO_COMPRESS_ZLE &&
3341 3347 zfs_earlier_version(dsname,
3342 3348 SPA_VERSION_ZLE_COMPRESSION))
3343 3349 return (ENOTSUP);
3344 3350
3345 3351 /*
3346 3352 * If this is a bootable dataset then
3347 3353 * verify that the compression algorithm
3348 3354 * is supported for booting. We must return
3349 3355 * something other than ENOTSUP since it
3350 3356 * implies a downrev pool version.
3351 3357 */
3352 3358 if (zfs_is_bootfs(dsname) &&
3353 3359 !BOOTFS_COMPRESS_VALID(intval)) {
3354 3360 return (ERANGE);
3355 3361 }
3356 3362 }
3357 3363 break;
3358 3364
3359 3365 case ZFS_PROP_COPIES:
3360 3366 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS))
3361 3367 return (ENOTSUP);
3362 3368 break;
3363 3369
3364 3370 case ZFS_PROP_DEDUP:
3365 3371 if (zfs_earlier_version(dsname, SPA_VERSION_DEDUP))
3366 3372 return (ENOTSUP);
3367 3373 break;
3368 3374
3369 3375 case ZFS_PROP_SHARESMB:
3370 3376 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID))
3371 3377 return (ENOTSUP);
3372 3378 break;
3373 3379
3374 3380 case ZFS_PROP_ACLINHERIT:
3375 3381 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
3376 3382 nvpair_value_uint64(pair, &intval) == 0) {
3377 3383 if (intval == ZFS_ACL_PASSTHROUGH_X &&
3378 3384 zfs_earlier_version(dsname,
3379 3385 SPA_VERSION_PASSTHROUGH_X))
3380 3386 return (ENOTSUP);
3381 3387 }
3382 3388 break;
3383 3389 }
3384 3390
3385 3391 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED()));
3386 3392 }
3387 3393
3388 3394 /*
3389 3395 * Removes properties from the given props list that fail permission checks
3390 3396 * needed to clear them and to restore them in case of a receive error. For each
3391 3397 * property, make sure we have both set and inherit permissions.
3392 3398 *
3393 3399 * Returns the first error encountered if any permission checks fail. If the
3394 3400 * caller provides a non-NULL errlist, it also gives the complete list of names
3395 3401 * of all the properties that failed a permission check along with the
3396 3402 * corresponding error numbers. The caller is responsible for freeing the
3397 3403 * returned errlist.
3398 3404 *
3399 3405 * If every property checks out successfully, zero is returned and the list
3400 3406 * pointed at by errlist is NULL.
3401 3407 */
3402 3408 static int
3403 3409 zfs_check_clearable(char *dataset, nvlist_t *props, nvlist_t **errlist)
3404 3410 {
3405 3411 zfs_cmd_t *zc;
3406 3412 nvpair_t *pair, *next_pair;
3407 3413 nvlist_t *errors;
3408 3414 int err, rv = 0;
3409 3415
3410 3416 if (props == NULL)
3411 3417 return (0);
3412 3418
3413 3419 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
3414 3420
3415 3421 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP);
3416 3422 (void) strcpy(zc->zc_name, dataset);
3417 3423 pair = nvlist_next_nvpair(props, NULL);
3418 3424 while (pair != NULL) {
3419 3425 next_pair = nvlist_next_nvpair(props, pair);
3420 3426
3421 3427 (void) strcpy(zc->zc_value, nvpair_name(pair));
3422 3428 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 ||
3423 3429 (err = zfs_secpolicy_inherit(zc, CRED())) != 0) {
3424 3430 VERIFY(nvlist_remove_nvpair(props, pair) == 0);
3425 3431 VERIFY(nvlist_add_int32(errors,
3426 3432 zc->zc_value, err) == 0);
3427 3433 }
3428 3434 pair = next_pair;
3429 3435 }
3430 3436 kmem_free(zc, sizeof (zfs_cmd_t));
3431 3437
3432 3438 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
3433 3439 nvlist_free(errors);
3434 3440 errors = NULL;
3435 3441 } else {
3436 3442 VERIFY(nvpair_value_int32(pair, &rv) == 0);
3437 3443 }
3438 3444
3439 3445 if (errlist == NULL)
3440 3446 nvlist_free(errors);
3441 3447 else
3442 3448 *errlist = errors;
3443 3449
3444 3450 return (rv);
3445 3451 }
3446 3452
3447 3453 static boolean_t
3448 3454 propval_equals(nvpair_t *p1, nvpair_t *p2)
3449 3455 {
3450 3456 if (nvpair_type(p1) == DATA_TYPE_NVLIST) {
3451 3457 /* dsl_prop_get_all_impl() format */
3452 3458 nvlist_t *attrs;
3453 3459 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0);
3454 3460 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3455 3461 &p1) == 0);
3456 3462 }
3457 3463
3458 3464 if (nvpair_type(p2) == DATA_TYPE_NVLIST) {
3459 3465 nvlist_t *attrs;
3460 3466 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0);
3461 3467 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3462 3468 &p2) == 0);
3463 3469 }
3464 3470
3465 3471 if (nvpair_type(p1) != nvpair_type(p2))
3466 3472 return (B_FALSE);
3467 3473
3468 3474 if (nvpair_type(p1) == DATA_TYPE_STRING) {
3469 3475 char *valstr1, *valstr2;
3470 3476
3471 3477 VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0);
3472 3478 VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0);
3473 3479 return (strcmp(valstr1, valstr2) == 0);
3474 3480 } else {
3475 3481 uint64_t intval1, intval2;
3476 3482
3477 3483 VERIFY(nvpair_value_uint64(p1, &intval1) == 0);
3478 3484 VERIFY(nvpair_value_uint64(p2, &intval2) == 0);
3479 3485 return (intval1 == intval2);
3480 3486 }
3481 3487 }
3482 3488
3483 3489 /*
3484 3490 * Remove properties from props if they are not going to change (as determined
3485 3491 * by comparison with origprops). Remove them from origprops as well, since we
3486 3492 * do not need to clear or restore properties that won't change.
3487 3493 */
3488 3494 static void
3489 3495 props_reduce(nvlist_t *props, nvlist_t *origprops)
3490 3496 {
3491 3497 nvpair_t *pair, *next_pair;
3492 3498
3493 3499 if (origprops == NULL)
3494 3500 return; /* all props need to be received */
3495 3501
3496 3502 pair = nvlist_next_nvpair(props, NULL);
3497 3503 while (pair != NULL) {
3498 3504 const char *propname = nvpair_name(pair);
3499 3505 nvpair_t *match;
3500 3506
3501 3507 next_pair = nvlist_next_nvpair(props, pair);
3502 3508
3503 3509 if ((nvlist_lookup_nvpair(origprops, propname,
3504 3510 &match) != 0) || !propval_equals(pair, match))
3505 3511 goto next; /* need to set received value */
3506 3512
3507 3513 /* don't clear the existing received value */
3508 3514 (void) nvlist_remove_nvpair(origprops, match);
3509 3515 /* don't bother receiving the property */
3510 3516 (void) nvlist_remove_nvpair(props, pair);
3511 3517 next:
3512 3518 pair = next_pair;
3513 3519 }
3514 3520 }
3515 3521
3516 3522 #ifdef DEBUG
3517 3523 static boolean_t zfs_ioc_recv_inject_err;
3518 3524 #endif
3519 3525
3520 3526 /*
3521 3527 * inputs:
3522 3528 * zc_name name of containing filesystem
3523 3529 * zc_nvlist_src{_size} nvlist of properties to apply
3524 3530 * zc_value name of snapshot to create
3525 3531 * zc_string name of clone origin (if DRR_FLAG_CLONE)
3526 3532 * zc_cookie file descriptor to recv from
3527 3533 * zc_begin_record the BEGIN record of the stream (not byteswapped)
3528 3534 * zc_guid force flag
3529 3535 * zc_cleanup_fd cleanup-on-exit file descriptor
3530 3536 * zc_action_handle handle for this guid/ds mapping (or zero on first call)
3531 3537 *
3532 3538 * outputs:
3533 3539 * zc_cookie number of bytes read
3534 3540 * zc_nvlist_dst{_size} error for each unapplied received property
3535 3541 * zc_obj zprop_errflags_t
3536 3542 * zc_action_handle handle for this guid/ds mapping
3537 3543 */
3538 3544 static int
3539 3545 zfs_ioc_recv(zfs_cmd_t *zc)
3540 3546 {
3541 3547 file_t *fp;
3542 3548 objset_t *os;
3543 3549 dmu_recv_cookie_t drc;
3544 3550 boolean_t force = (boolean_t)zc->zc_guid;
3545 3551 int fd;
3546 3552 int error = 0;
3547 3553 int props_error = 0;
3548 3554 nvlist_t *errors;
3549 3555 offset_t off;
3550 3556 nvlist_t *props = NULL; /* sent properties */
3551 3557 nvlist_t *origprops = NULL; /* existing properties */
3552 3558 objset_t *origin = NULL;
3553 3559 char *tosnap;
3554 3560 char tofs[ZFS_MAXNAMELEN];
3555 3561 boolean_t first_recvd_props = B_FALSE;
3556 3562
3557 3563 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
3558 3564 strchr(zc->zc_value, '@') == NULL ||
3559 3565 strchr(zc->zc_value, '%'))
3560 3566 return (EINVAL);
3561 3567
3562 3568 (void) strcpy(tofs, zc->zc_value);
3563 3569 tosnap = strchr(tofs, '@');
3564 3570 *tosnap++ = '\0';
3565 3571
3566 3572 if (zc->zc_nvlist_src != NULL &&
3567 3573 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
3568 3574 zc->zc_iflags, &props)) != 0)
3569 3575 return (error);
3570 3576
3571 3577 fd = zc->zc_cookie;
3572 3578 fp = getf(fd);
3573 3579 if (fp == NULL) {
3574 3580 nvlist_free(props);
3575 3581 return (EBADF);
3576 3582 }
3577 3583
3578 3584 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
3579 3585
3580 3586 if (props && dmu_objset_hold(tofs, FTAG, &os) == 0) {
3581 3587 if ((spa_version(os->os_spa) >= SPA_VERSION_RECVD_PROPS) &&
3582 3588 !dsl_prop_get_hasrecvd(os)) {
3583 3589 first_recvd_props = B_TRUE;
3584 3590 }
3585 3591
3586 3592 /*
3587 3593 * If new received properties are supplied, they are to
3588 3594 * completely replace the existing received properties, so stash
3589 3595 * away the existing ones.
3590 3596 */
3591 3597 if (dsl_prop_get_received(os, &origprops) == 0) {
3592 3598 nvlist_t *errlist = NULL;
3593 3599 /*
3594 3600 * Don't bother writing a property if its value won't
3595 3601 * change (and avoid the unnecessary security checks).
3596 3602 *
3597 3603 * The first receive after SPA_VERSION_RECVD_PROPS is a
3598 3604 * special case where we blow away all local properties
3599 3605 * regardless.
3600 3606 */
3601 3607 if (!first_recvd_props)
3602 3608 props_reduce(props, origprops);
3603 3609 if (zfs_check_clearable(tofs, origprops,
3604 3610 &errlist) != 0)
3605 3611 (void) nvlist_merge(errors, errlist, 0);
3606 3612 nvlist_free(errlist);
3607 3613 }
3608 3614
3609 3615 dmu_objset_rele(os, FTAG);
3610 3616 }
3611 3617
3612 3618 if (zc->zc_string[0]) {
3613 3619 error = dmu_objset_hold(zc->zc_string, FTAG, &origin);
3614 3620 if (error)
3615 3621 goto out;
3616 3622 }
3617 3623
3618 3624 error = dmu_recv_begin(tofs, tosnap, zc->zc_top_ds,
3619 3625 &zc->zc_begin_record, force, origin, &drc);
3620 3626 if (origin)
3621 3627 dmu_objset_rele(origin, FTAG);
3622 3628 if (error)
3623 3629 goto out;
3624 3630
3625 3631 /*
3626 3632 * Set properties before we receive the stream so that they are applied
3627 3633 * to the new data. Note that we must call dmu_recv_stream() if
3628 3634 * dmu_recv_begin() succeeds.
3629 3635 */
3630 3636 if (props) {
3631 3637 nvlist_t *errlist;
3632 3638
3633 3639 if (dmu_objset_from_ds(drc.drc_logical_ds, &os) == 0) {
3634 3640 if (drc.drc_newfs) {
3635 3641 if (spa_version(os->os_spa) >=
3636 3642 SPA_VERSION_RECVD_PROPS)
3637 3643 first_recvd_props = B_TRUE;
3638 3644 } else if (origprops != NULL) {
3639 3645 if (clear_received_props(os, tofs, origprops,
3640 3646 first_recvd_props ? NULL : props) != 0)
3641 3647 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3642 3648 } else {
3643 3649 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3644 3650 }
3645 3651 dsl_prop_set_hasrecvd(os);
3646 3652 } else if (!drc.drc_newfs) {
3647 3653 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3648 3654 }
3649 3655
3650 3656 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
3651 3657 props, &errlist);
3652 3658 (void) nvlist_merge(errors, errlist, 0);
3653 3659 nvlist_free(errlist);
3654 3660 }
3655 3661
3656 3662 if (fit_error_list(zc, &errors) != 0 || put_nvlist(zc, errors) != 0) {
3657 3663 /*
3658 3664 * Caller made zc->zc_nvlist_dst less than the minimum expected
3659 3665 * size or supplied an invalid address.
3660 3666 */
3661 3667 props_error = EINVAL;
3662 3668 }
3663 3669
3664 3670 off = fp->f_offset;
3665 3671 error = dmu_recv_stream(&drc, fp->f_vnode, &off, zc->zc_cleanup_fd,
3666 3672 &zc->zc_action_handle);
3667 3673
3668 3674 if (error == 0) {
3669 3675 zfsvfs_t *zfsvfs = NULL;
3670 3676
3671 3677 if (getzfsvfs(tofs, &zfsvfs) == 0) {
3672 3678 /* online recv */
3673 3679 int end_err;
3674 3680
3675 3681 error = zfs_suspend_fs(zfsvfs);
3676 3682 /*
3677 3683 * If the suspend fails, then the recv_end will
3678 3684 * likely also fail, and clean up after itself.
3679 3685 */
3680 3686 end_err = dmu_recv_end(&drc);
3681 3687 if (error == 0)
3682 3688 error = zfs_resume_fs(zfsvfs, tofs);
3683 3689 error = error ? error : end_err;
3684 3690 VFS_RELE(zfsvfs->z_vfs);
3685 3691 } else {
3686 3692 error = dmu_recv_end(&drc);
3687 3693 }
3688 3694 }
3689 3695
3690 3696 zc->zc_cookie = off - fp->f_offset;
3691 3697 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
3692 3698 fp->f_offset = off;
3693 3699
3694 3700 #ifdef DEBUG
3695 3701 if (zfs_ioc_recv_inject_err) {
3696 3702 zfs_ioc_recv_inject_err = B_FALSE;
3697 3703 error = 1;
3698 3704 }
3699 3705 #endif
3700 3706 /*
3701 3707 * On error, restore the original props.
3702 3708 */
3703 3709 if (error && props) {
3704 3710 if (dmu_objset_hold(tofs, FTAG, &os) == 0) {
3705 3711 if (clear_received_props(os, tofs, props, NULL) != 0) {
3706 3712 /*
3707 3713 * We failed to clear the received properties.
3708 3714 * Since we may have left a $recvd value on the
3709 3715 * system, we can't clear the $hasrecvd flag.
3710 3716 */
3711 3717 zc->zc_obj |= ZPROP_ERR_NORESTORE;
3712 3718 } else if (first_recvd_props) {
3713 3719 dsl_prop_unset_hasrecvd(os);
3714 3720 }
3715 3721 dmu_objset_rele(os, FTAG);
3716 3722 } else if (!drc.drc_newfs) {
3717 3723 /* We failed to clear the received properties. */
3718 3724 zc->zc_obj |= ZPROP_ERR_NORESTORE;
3719 3725 }
3720 3726
3721 3727 if (origprops == NULL && !drc.drc_newfs) {
3722 3728 /* We failed to stash the original properties. */
3723 3729 zc->zc_obj |= ZPROP_ERR_NORESTORE;
3724 3730 }
3725 3731
3726 3732 /*
3727 3733 * dsl_props_set() will not convert RECEIVED to LOCAL on or
3728 3734 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL
3729 3735 * explictly if we're restoring local properties cleared in the
3730 3736 * first new-style receive.
3731 3737 */
3732 3738 if (origprops != NULL &&
3733 3739 zfs_set_prop_nvlist(tofs, (first_recvd_props ?
3734 3740 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED),
3735 3741 origprops, NULL) != 0) {
3736 3742 /*
3737 3743 * We stashed the original properties but failed to
3738 3744 * restore them.
3739 3745 */
3740 3746 zc->zc_obj |= ZPROP_ERR_NORESTORE;
3741 3747 }
3742 3748 }
3743 3749 out:
3744 3750 nvlist_free(props);
3745 3751 nvlist_free(origprops);
3746 3752 nvlist_free(errors);
3747 3753 releasef(fd);
3748 3754
3749 3755 if (error == 0)
3750 3756 error = props_error;
3751 3757
3752 3758 return (error);
3753 3759 }
3754 3760
3755 3761 /*
3756 3762 * inputs:
3757 3763 * zc_name name of snapshot to send
3758 3764 * zc_cookie file descriptor to send stream to
3759 3765 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj)
3760 3766 * zc_sendobj objsetid of snapshot to send
3761 3767 * zc_fromobj objsetid of incremental fromsnap (may be zero)
3762 3768 *
3763 3769 * outputs: none
3764 3770 */
3765 3771 static int
3766 3772 zfs_ioc_send(zfs_cmd_t *zc)
3767 3773 {
3768 3774 objset_t *fromsnap = NULL;
3769 3775 objset_t *tosnap;
3770 3776 file_t *fp;
3771 3777 int error;
3772 3778 offset_t off;
3773 3779 dsl_dataset_t *ds;
3774 3780 dsl_dataset_t *dsfrom = NULL;
3775 3781 spa_t *spa;
3776 3782 dsl_pool_t *dp;
3777 3783
3778 3784 error = spa_open(zc->zc_name, &spa, FTAG);
3779 3785 if (error)
3780 3786 return (error);
3781 3787
3782 3788 dp = spa_get_dsl(spa);
3783 3789 rw_enter(&dp->dp_config_rwlock, RW_READER);
3784 3790 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
3785 3791 rw_exit(&dp->dp_config_rwlock);
3786 3792 if (error) {
3787 3793 spa_close(spa, FTAG);
3788 3794 return (error);
3789 3795 }
3790 3796
3791 3797 error = dmu_objset_from_ds(ds, &tosnap);
3792 3798 if (error) {
3793 3799 dsl_dataset_rele(ds, FTAG);
3794 3800 spa_close(spa, FTAG);
3795 3801 return (error);
3796 3802 }
3797 3803
3798 3804 if (zc->zc_fromobj != 0) {
3799 3805 rw_enter(&dp->dp_config_rwlock, RW_READER);
3800 3806 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj, FTAG, &dsfrom);
3801 3807 rw_exit(&dp->dp_config_rwlock);
3802 3808 spa_close(spa, FTAG);
3803 3809 if (error) {
3804 3810 dsl_dataset_rele(ds, FTAG);
3805 3811 return (error);
3806 3812 }
3807 3813 error = dmu_objset_from_ds(dsfrom, &fromsnap);
3808 3814 if (error) {
3809 3815 dsl_dataset_rele(dsfrom, FTAG);
3810 3816 dsl_dataset_rele(ds, FTAG);
3811 3817 return (error);
3812 3818 }
3813 3819 } else {
3814 3820 spa_close(spa, FTAG);
3815 3821 }
3816 3822
3817 3823 fp = getf(zc->zc_cookie);
3818 3824 if (fp == NULL) {
3819 3825 dsl_dataset_rele(ds, FTAG);
3820 3826 if (dsfrom)
3821 3827 dsl_dataset_rele(dsfrom, FTAG);
3822 3828 return (EBADF);
3823 3829 }
3824 3830
3825 3831 off = fp->f_offset;
3826 3832 error = dmu_sendbackup(tosnap, fromsnap, zc->zc_obj, fp->f_vnode, &off);
3827 3833
3828 3834 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
3829 3835 fp->f_offset = off;
3830 3836 releasef(zc->zc_cookie);
3831 3837 if (dsfrom)
3832 3838 dsl_dataset_rele(dsfrom, FTAG);
3833 3839 dsl_dataset_rele(ds, FTAG);
3834 3840 return (error);
3835 3841 }
3836 3842
3837 3843 static int
3838 3844 zfs_ioc_inject_fault(zfs_cmd_t *zc)
3839 3845 {
3840 3846 int id, error;
3841 3847
3842 3848 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id,
3843 3849 &zc->zc_inject_record);
3844 3850
3845 3851 if (error == 0)
3846 3852 zc->zc_guid = (uint64_t)id;
3847 3853
3848 3854 return (error);
3849 3855 }
3850 3856
3851 3857 static int
3852 3858 zfs_ioc_clear_fault(zfs_cmd_t *zc)
3853 3859 {
3854 3860 return (zio_clear_fault((int)zc->zc_guid));
3855 3861 }
3856 3862
3857 3863 static int
3858 3864 zfs_ioc_inject_list_next(zfs_cmd_t *zc)
3859 3865 {
3860 3866 int id = (int)zc->zc_guid;
3861 3867 int error;
3862 3868
3863 3869 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name),
3864 3870 &zc->zc_inject_record);
3865 3871
3866 3872 zc->zc_guid = id;
3867 3873
3868 3874 return (error);
3869 3875 }
3870 3876
3871 3877 static int
3872 3878 zfs_ioc_error_log(zfs_cmd_t *zc)
3873 3879 {
3874 3880 spa_t *spa;
3875 3881 int error;
3876 3882 size_t count = (size_t)zc->zc_nvlist_dst_size;
3877 3883
3878 3884 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
3879 3885 return (error);
3880 3886
3881 3887 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst,
3882 3888 &count);
3883 3889 if (error == 0)
3884 3890 zc->zc_nvlist_dst_size = count;
3885 3891 else
3886 3892 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa);
3887 3893
3888 3894 spa_close(spa, FTAG);
3889 3895
3890 3896 return (error);
3891 3897 }
3892 3898
3893 3899 static int
3894 3900 zfs_ioc_clear(zfs_cmd_t *zc)
3895 3901 {
3896 3902 spa_t *spa;
3897 3903 vdev_t *vd;
3898 3904 int error;
3899 3905
3900 3906 /*
3901 3907 * On zpool clear we also fix up missing slogs
3902 3908 */
3903 3909 mutex_enter(&spa_namespace_lock);
3904 3910 spa = spa_lookup(zc->zc_name);
3905 3911 if (spa == NULL) {
3906 3912 mutex_exit(&spa_namespace_lock);
3907 3913 return (EIO);
3908 3914 }
3909 3915 if (spa_get_log_state(spa) == SPA_LOG_MISSING) {
3910 3916 /* we need to let spa_open/spa_load clear the chains */
3911 3917 spa_set_log_state(spa, SPA_LOG_CLEAR);
3912 3918 }
3913 3919 spa->spa_last_open_failed = 0;
3914 3920 mutex_exit(&spa_namespace_lock);
3915 3921
3916 3922 if (zc->zc_cookie & ZPOOL_NO_REWIND) {
3917 3923 error = spa_open(zc->zc_name, &spa, FTAG);
3918 3924 } else {
3919 3925 nvlist_t *policy;
3920 3926 nvlist_t *config = NULL;
3921 3927
3922 3928 if (zc->zc_nvlist_src == NULL)
3923 3929 return (EINVAL);
3924 3930
3925 3931 if ((error = get_nvlist(zc->zc_nvlist_src,
3926 3932 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) {
3927 3933 error = spa_open_rewind(zc->zc_name, &spa, FTAG,
3928 3934 policy, &config);
3929 3935 if (config != NULL) {
3930 3936 int err;
3931 3937
3932 3938 if ((err = put_nvlist(zc, config)) != 0)
3933 3939 error = err;
3934 3940 nvlist_free(config);
3935 3941 }
3936 3942 nvlist_free(policy);
3937 3943 }
3938 3944 }
3939 3945
3940 3946 if (error)
3941 3947 return (error);
3942 3948
3943 3949 spa_vdev_state_enter(spa, SCL_NONE);
3944 3950
3945 3951 if (zc->zc_guid == 0) {
3946 3952 vd = NULL;
3947 3953 } else {
3948 3954 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE);
3949 3955 if (vd == NULL) {
3950 3956 (void) spa_vdev_state_exit(spa, NULL, ENODEV);
3951 3957 spa_close(spa, FTAG);
3952 3958 return (ENODEV);
3953 3959 }
3954 3960 }
3955 3961
3956 3962 vdev_clear(spa, vd);
3957 3963
3958 3964 (void) spa_vdev_state_exit(spa, NULL, 0);
3959 3965
3960 3966 /*
3961 3967 * Resume any suspended I/Os.
3962 3968 */
3963 3969 if (zio_resume(spa) != 0)
3964 3970 error = EIO;
3965 3971
3966 3972 spa_close(spa, FTAG);
3967 3973
3968 3974 return (error);
3969 3975 }
3970 3976
3971 3977 /*
3972 3978 * inputs:
3973 3979 * zc_name name of filesystem
3974 3980 * zc_value name of origin snapshot
3975 3981 *
3976 3982 * outputs:
3977 3983 * zc_string name of conflicting snapshot, if there is one
3978 3984 */
3979 3985 static int
3980 3986 zfs_ioc_promote(zfs_cmd_t *zc)
3981 3987 {
3982 3988 char *cp;
3983 3989
3984 3990 /*
3985 3991 * We don't need to unmount *all* the origin fs's snapshots, but
3986 3992 * it's easier.
3987 3993 */
3988 3994 cp = strchr(zc->zc_value, '@');
3989 3995 if (cp)
3990 3996 *cp = '\0';
3991 3997 (void) dmu_objset_find(zc->zc_value,
3992 3998 zfs_unmount_snap, NULL, DS_FIND_SNAPSHOTS);
3993 3999 return (dsl_dataset_promote(zc->zc_name, zc->zc_string));
3994 4000 }
3995 4001
3996 4002 /*
3997 4003 * Retrieve a single {user|group}{used|quota}@... property.
3998 4004 *
3999 4005 * inputs:
4000 4006 * zc_name name of filesystem
4001 4007 * zc_objset_type zfs_userquota_prop_t
4002 4008 * zc_value domain name (eg. "S-1-234-567-89")
4003 4009 * zc_guid RID/UID/GID
4004 4010 *
4005 4011 * outputs:
4006 4012 * zc_cookie property value
4007 4013 */
4008 4014 static int
4009 4015 zfs_ioc_userspace_one(zfs_cmd_t *zc)
4010 4016 {
4011 4017 zfsvfs_t *zfsvfs;
4012 4018 int error;
4013 4019
4014 4020 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
4015 4021 return (EINVAL);
4016 4022
4017 4023 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
4018 4024 if (error)
4019 4025 return (error);
4020 4026
4021 4027 error = zfs_userspace_one(zfsvfs,
4022 4028 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie);
4023 4029 zfsvfs_rele(zfsvfs, FTAG);
4024 4030
4025 4031 return (error);
4026 4032 }
4027 4033
4028 4034 /*
4029 4035 * inputs:
4030 4036 * zc_name name of filesystem
4031 4037 * zc_cookie zap cursor
4032 4038 * zc_objset_type zfs_userquota_prop_t
4033 4039 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist)
4034 4040 *
4035 4041 * outputs:
4036 4042 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t)
4037 4043 * zc_cookie zap cursor
4038 4044 */
4039 4045 static int
4040 4046 zfs_ioc_userspace_many(zfs_cmd_t *zc)
4041 4047 {
4042 4048 zfsvfs_t *zfsvfs;
4043 4049 int bufsize = zc->zc_nvlist_dst_size;
4044 4050
4045 4051 if (bufsize <= 0)
4046 4052 return (ENOMEM);
4047 4053
4048 4054 int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
4049 4055 if (error)
4050 4056 return (error);
4051 4057
4052 4058 void *buf = kmem_alloc(bufsize, KM_SLEEP);
4053 4059
4054 4060 error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie,
4055 4061 buf, &zc->zc_nvlist_dst_size);
4056 4062
4057 4063 if (error == 0) {
4058 4064 error = xcopyout(buf,
4059 4065 (void *)(uintptr_t)zc->zc_nvlist_dst,
4060 4066 zc->zc_nvlist_dst_size);
4061 4067 }
4062 4068 kmem_free(buf, bufsize);
4063 4069 zfsvfs_rele(zfsvfs, FTAG);
4064 4070
4065 4071 return (error);
4066 4072 }
4067 4073
4068 4074 /*
4069 4075 * inputs:
4070 4076 * zc_name name of filesystem
4071 4077 *
4072 4078 * outputs:
4073 4079 * none
4074 4080 */
4075 4081 static int
4076 4082 zfs_ioc_userspace_upgrade(zfs_cmd_t *zc)
4077 4083 {
4078 4084 objset_t *os;
4079 4085 int error = 0;
4080 4086 zfsvfs_t *zfsvfs;
4081 4087
4082 4088 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) {
4083 4089 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) {
4084 4090 /*
4085 4091 * If userused is not enabled, it may be because the
4086 4092 * objset needs to be closed & reopened (to grow the
4087 4093 * objset_phys_t). Suspend/resume the fs will do that.
4088 4094 */
4089 4095 error = zfs_suspend_fs(zfsvfs);
4090 4096 if (error == 0)
4091 4097 error = zfs_resume_fs(zfsvfs, zc->zc_name);
4092 4098 }
4093 4099 if (error == 0)
4094 4100 error = dmu_objset_userspace_upgrade(zfsvfs->z_os);
4095 4101 VFS_RELE(zfsvfs->z_vfs);
4096 4102 } else {
4097 4103 /* XXX kind of reading contents without owning */
4098 4104 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
4099 4105 if (error)
4100 4106 return (error);
4101 4107
4102 4108 error = dmu_objset_userspace_upgrade(os);
4103 4109 dmu_objset_rele(os, FTAG);
4104 4110 }
4105 4111
4106 4112 return (error);
4107 4113 }
4108 4114
4109 4115 /*
4110 4116 * We don't want to have a hard dependency
4111 4117 * against some special symbols in sharefs
4112 4118 * nfs, and smbsrv. Determine them if needed when
4113 4119 * the first file system is shared.
4114 4120 * Neither sharefs, nfs or smbsrv are unloadable modules.
4115 4121 */
4116 4122 int (*znfsexport_fs)(void *arg);
4117 4123 int (*zshare_fs)(enum sharefs_sys_op, share_t *, uint32_t);
4118 4124 int (*zsmbexport_fs)(void *arg, boolean_t add_share);
4119 4125
4120 4126 int zfs_nfsshare_inited;
4121 4127 int zfs_smbshare_inited;
4122 4128
4123 4129 ddi_modhandle_t nfs_mod;
4124 4130 ddi_modhandle_t sharefs_mod;
4125 4131 ddi_modhandle_t smbsrv_mod;
4126 4132 kmutex_t zfs_share_lock;
4127 4133
4128 4134 static int
4129 4135 zfs_init_sharefs()
4130 4136 {
4131 4137 int error;
4132 4138
4133 4139 ASSERT(MUTEX_HELD(&zfs_share_lock));
4134 4140 /* Both NFS and SMB shares also require sharetab support. */
4135 4141 if (sharefs_mod == NULL && ((sharefs_mod =
4136 4142 ddi_modopen("fs/sharefs",
4137 4143 KRTLD_MODE_FIRST, &error)) == NULL)) {
4138 4144 return (ENOSYS);
4139 4145 }
4140 4146 if (zshare_fs == NULL && ((zshare_fs =
4141 4147 (int (*)(enum sharefs_sys_op, share_t *, uint32_t))
4142 4148 ddi_modsym(sharefs_mod, "sharefs_impl", &error)) == NULL)) {
4143 4149 return (ENOSYS);
4144 4150 }
4145 4151 return (0);
4146 4152 }
4147 4153
4148 4154 static int
4149 4155 zfs_ioc_share(zfs_cmd_t *zc)
4150 4156 {
4151 4157 int error;
4152 4158 int opcode;
4153 4159
4154 4160 switch (zc->zc_share.z_sharetype) {
4155 4161 case ZFS_SHARE_NFS:
4156 4162 case ZFS_UNSHARE_NFS:
4157 4163 if (zfs_nfsshare_inited == 0) {
4158 4164 mutex_enter(&zfs_share_lock);
4159 4165 if (nfs_mod == NULL && ((nfs_mod = ddi_modopen("fs/nfs",
4160 4166 KRTLD_MODE_FIRST, &error)) == NULL)) {
4161 4167 mutex_exit(&zfs_share_lock);
4162 4168 return (ENOSYS);
4163 4169 }
4164 4170 if (znfsexport_fs == NULL &&
4165 4171 ((znfsexport_fs = (int (*)(void *))
4166 4172 ddi_modsym(nfs_mod,
4167 4173 "nfs_export", &error)) == NULL)) {
4168 4174 mutex_exit(&zfs_share_lock);
4169 4175 return (ENOSYS);
4170 4176 }
4171 4177 error = zfs_init_sharefs();
4172 4178 if (error) {
4173 4179 mutex_exit(&zfs_share_lock);
4174 4180 return (ENOSYS);
4175 4181 }
4176 4182 zfs_nfsshare_inited = 1;
4177 4183 mutex_exit(&zfs_share_lock);
4178 4184 }
4179 4185 break;
4180 4186 case ZFS_SHARE_SMB:
4181 4187 case ZFS_UNSHARE_SMB:
4182 4188 if (zfs_smbshare_inited == 0) {
4183 4189 mutex_enter(&zfs_share_lock);
4184 4190 if (smbsrv_mod == NULL && ((smbsrv_mod =
4185 4191 ddi_modopen("drv/smbsrv",
4186 4192 KRTLD_MODE_FIRST, &error)) == NULL)) {
4187 4193 mutex_exit(&zfs_share_lock);
4188 4194 return (ENOSYS);
4189 4195 }
4190 4196 if (zsmbexport_fs == NULL && ((zsmbexport_fs =
4191 4197 (int (*)(void *, boolean_t))ddi_modsym(smbsrv_mod,
4192 4198 "smb_server_share", &error)) == NULL)) {
4193 4199 mutex_exit(&zfs_share_lock);
4194 4200 return (ENOSYS);
4195 4201 }
4196 4202 error = zfs_init_sharefs();
4197 4203 if (error) {
4198 4204 mutex_exit(&zfs_share_lock);
4199 4205 return (ENOSYS);
4200 4206 }
4201 4207 zfs_smbshare_inited = 1;
4202 4208 mutex_exit(&zfs_share_lock);
4203 4209 }
4204 4210 break;
4205 4211 default:
4206 4212 return (EINVAL);
4207 4213 }
4208 4214
4209 4215 switch (zc->zc_share.z_sharetype) {
4210 4216 case ZFS_SHARE_NFS:
4211 4217 case ZFS_UNSHARE_NFS:
4212 4218 if (error =
4213 4219 znfsexport_fs((void *)
4214 4220 (uintptr_t)zc->zc_share.z_exportdata))
4215 4221 return (error);
4216 4222 break;
4217 4223 case ZFS_SHARE_SMB:
4218 4224 case ZFS_UNSHARE_SMB:
4219 4225 if (error = zsmbexport_fs((void *)
4220 4226 (uintptr_t)zc->zc_share.z_exportdata,
4221 4227 zc->zc_share.z_sharetype == ZFS_SHARE_SMB ?
4222 4228 B_TRUE: B_FALSE)) {
4223 4229 return (error);
4224 4230 }
4225 4231 break;
4226 4232 }
4227 4233
4228 4234 opcode = (zc->zc_share.z_sharetype == ZFS_SHARE_NFS ||
4229 4235 zc->zc_share.z_sharetype == ZFS_SHARE_SMB) ?
4230 4236 SHAREFS_ADD : SHAREFS_REMOVE;
4231 4237
4232 4238 /*
4233 4239 * Add or remove share from sharetab
4234 4240 */
4235 4241 error = zshare_fs(opcode,
4236 4242 (void *)(uintptr_t)zc->zc_share.z_sharedata,
4237 4243 zc->zc_share.z_sharemax);
4238 4244
4239 4245 return (error);
4240 4246
4241 4247 }
4242 4248
4243 4249 ace_t full_access[] = {
4244 4250 {(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0}
4245 4251 };
4246 4252
4247 4253 /*
4248 4254 * inputs:
4249 4255 * zc_name name of containing filesystem
4250 4256 * zc_obj object # beyond which we want next in-use object #
4251 4257 *
4252 4258 * outputs:
4253 4259 * zc_obj next in-use object #
4254 4260 */
4255 4261 static int
4256 4262 zfs_ioc_next_obj(zfs_cmd_t *zc)
4257 4263 {
4258 4264 objset_t *os = NULL;
4259 4265 int error;
4260 4266
4261 4267 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
4262 4268 if (error)
4263 4269 return (error);
4264 4270
4265 4271 error = dmu_object_next(os, &zc->zc_obj, B_FALSE,
4266 4272 os->os_dsl_dataset->ds_phys->ds_prev_snap_txg);
4267 4273
4268 4274 dmu_objset_rele(os, FTAG);
4269 4275 return (error);
4270 4276 }
4271 4277
4272 4278 /*
4273 4279 * inputs:
4274 4280 * zc_name name of filesystem
4275 4281 * zc_value prefix name for snapshot
4276 4282 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process
4277 4283 *
4278 4284 * outputs:
4279 4285 */
4280 4286 static int
4281 4287 zfs_ioc_tmp_snapshot(zfs_cmd_t *zc)
4282 4288 {
4283 4289 char *snap_name;
4284 4290 int error;
4285 4291
4286 4292 snap_name = kmem_asprintf("%s-%016llx", zc->zc_value,
4287 4293 (u_longlong_t)ddi_get_lbolt64());
4288 4294
4289 4295 if (strlen(snap_name) >= MAXNAMELEN) {
4290 4296 strfree(snap_name);
4291 4297 return (E2BIG);
4292 4298 }
4293 4299
4294 4300 error = dmu_objset_snapshot(zc->zc_name, snap_name, snap_name,
4295 4301 NULL, B_FALSE, B_TRUE, zc->zc_cleanup_fd);
4296 4302 if (error != 0) {
4297 4303 strfree(snap_name);
4298 4304 return (error);
4299 4305 }
4300 4306
4301 4307 (void) strcpy(zc->zc_value, snap_name);
4302 4308 strfree(snap_name);
4303 4309 return (0);
4304 4310 }
4305 4311
4306 4312 /*
4307 4313 * inputs:
4308 4314 * zc_name name of "to" snapshot
4309 4315 * zc_value name of "from" snapshot
4310 4316 * zc_cookie file descriptor to write diff data on
4311 4317 *
4312 4318 * outputs:
4313 4319 * dmu_diff_record_t's to the file descriptor
4314 4320 */
4315 4321 static int
4316 4322 zfs_ioc_diff(zfs_cmd_t *zc)
4317 4323 {
4318 4324 objset_t *fromsnap;
4319 4325 objset_t *tosnap;
4320 4326 file_t *fp;
4321 4327 offset_t off;
4322 4328 int error;
4323 4329
4324 4330 error = dmu_objset_hold(zc->zc_name, FTAG, &tosnap);
4325 4331 if (error)
4326 4332 return (error);
4327 4333
4328 4334 error = dmu_objset_hold(zc->zc_value, FTAG, &fromsnap);
4329 4335 if (error) {
4330 4336 dmu_objset_rele(tosnap, FTAG);
4331 4337 return (error);
4332 4338 }
4333 4339
4334 4340 fp = getf(zc->zc_cookie);
4335 4341 if (fp == NULL) {
4336 4342 dmu_objset_rele(fromsnap, FTAG);
4337 4343 dmu_objset_rele(tosnap, FTAG);
4338 4344 return (EBADF);
4339 4345 }
4340 4346
4341 4347 off = fp->f_offset;
4342 4348
4343 4349 error = dmu_diff(tosnap, fromsnap, fp->f_vnode, &off);
4344 4350
4345 4351 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
4346 4352 fp->f_offset = off;
4347 4353 releasef(zc->zc_cookie);
4348 4354
4349 4355 dmu_objset_rele(fromsnap, FTAG);
4350 4356 dmu_objset_rele(tosnap, FTAG);
4351 4357 return (error);
4352 4358 }
4353 4359
4354 4360 /*
4355 4361 * Remove all ACL files in shares dir
4356 4362 */
4357 4363 static int
4358 4364 zfs_smb_acl_purge(znode_t *dzp)
4359 4365 {
4360 4366 zap_cursor_t zc;
4361 4367 zap_attribute_t zap;
4362 4368 zfsvfs_t *zfsvfs = dzp->z_zfsvfs;
4363 4369 int error;
4364 4370
4365 4371 for (zap_cursor_init(&zc, zfsvfs->z_os, dzp->z_id);
4366 4372 (error = zap_cursor_retrieve(&zc, &zap)) == 0;
4367 4373 zap_cursor_advance(&zc)) {
4368 4374 if ((error = VOP_REMOVE(ZTOV(dzp), zap.za_name, kcred,
4369 4375 NULL, 0)) != 0)
4370 4376 break;
4371 4377 }
4372 4378 zap_cursor_fini(&zc);
4373 4379 return (error);
4374 4380 }
4375 4381
4376 4382 static int
4377 4383 zfs_ioc_smb_acl(zfs_cmd_t *zc)
4378 4384 {
4379 4385 vnode_t *vp;
4380 4386 znode_t *dzp;
4381 4387 vnode_t *resourcevp = NULL;
4382 4388 znode_t *sharedir;
4383 4389 zfsvfs_t *zfsvfs;
4384 4390 nvlist_t *nvlist;
4385 4391 char *src, *target;
4386 4392 vattr_t vattr;
4387 4393 vsecattr_t vsec;
4388 4394 int error = 0;
4389 4395
4390 4396 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
4391 4397 NO_FOLLOW, NULL, &vp)) != 0)
4392 4398 return (error);
4393 4399
4394 4400 /* Now make sure mntpnt and dataset are ZFS */
4395 4401
4396 4402 if (vp->v_vfsp->vfs_fstype != zfsfstype ||
4397 4403 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
4398 4404 zc->zc_name) != 0)) {
4399 4405 VN_RELE(vp);
4400 4406 return (EINVAL);
4401 4407 }
4402 4408
4403 4409 dzp = VTOZ(vp);
4404 4410 zfsvfs = dzp->z_zfsvfs;
4405 4411 ZFS_ENTER(zfsvfs);
4406 4412
4407 4413 /*
4408 4414 * Create share dir if its missing.
4409 4415 */
4410 4416 mutex_enter(&zfsvfs->z_lock);
4411 4417 if (zfsvfs->z_shares_dir == 0) {
4412 4418 dmu_tx_t *tx;
4413 4419
4414 4420 tx = dmu_tx_create(zfsvfs->z_os);
4415 4421 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, TRUE,
4416 4422 ZFS_SHARES_DIR);
4417 4423 dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL);
4418 4424 error = dmu_tx_assign(tx, TXG_WAIT);
4419 4425 if (error) {
4420 4426 dmu_tx_abort(tx);
4421 4427 } else {
4422 4428 error = zfs_create_share_dir(zfsvfs, tx);
4423 4429 dmu_tx_commit(tx);
4424 4430 }
4425 4431 if (error) {
4426 4432 mutex_exit(&zfsvfs->z_lock);
4427 4433 VN_RELE(vp);
4428 4434 ZFS_EXIT(zfsvfs);
4429 4435 return (error);
4430 4436 }
4431 4437 }
4432 4438 mutex_exit(&zfsvfs->z_lock);
4433 4439
4434 4440 ASSERT(zfsvfs->z_shares_dir);
4435 4441 if ((error = zfs_zget(zfsvfs, zfsvfs->z_shares_dir, &sharedir)) != 0) {
4436 4442 VN_RELE(vp);
4437 4443 ZFS_EXIT(zfsvfs);
4438 4444 return (error);
4439 4445 }
4440 4446
4441 4447 switch (zc->zc_cookie) {
4442 4448 case ZFS_SMB_ACL_ADD:
4443 4449 vattr.va_mask = AT_MODE|AT_UID|AT_GID|AT_TYPE;
4444 4450 vattr.va_type = VREG;
4445 4451 vattr.va_mode = S_IFREG|0777;
4446 4452 vattr.va_uid = 0;
4447 4453 vattr.va_gid = 0;
4448 4454
4449 4455 vsec.vsa_mask = VSA_ACE;
4450 4456 vsec.vsa_aclentp = &full_access;
4451 4457 vsec.vsa_aclentsz = sizeof (full_access);
4452 4458 vsec.vsa_aclcnt = 1;
4453 4459
4454 4460 error = VOP_CREATE(ZTOV(sharedir), zc->zc_string,
4455 4461 &vattr, EXCL, 0, &resourcevp, kcred, 0, NULL, &vsec);
4456 4462 if (resourcevp)
4457 4463 VN_RELE(resourcevp);
4458 4464 break;
4459 4465
4460 4466 case ZFS_SMB_ACL_REMOVE:
4461 4467 error = VOP_REMOVE(ZTOV(sharedir), zc->zc_string, kcred,
4462 4468 NULL, 0);
4463 4469 break;
4464 4470
4465 4471 case ZFS_SMB_ACL_RENAME:
4466 4472 if ((error = get_nvlist(zc->zc_nvlist_src,
4467 4473 zc->zc_nvlist_src_size, zc->zc_iflags, &nvlist)) != 0) {
4468 4474 VN_RELE(vp);
4469 4475 ZFS_EXIT(zfsvfs);
4470 4476 return (error);
4471 4477 }
4472 4478 if (nvlist_lookup_string(nvlist, ZFS_SMB_ACL_SRC, &src) ||
4473 4479 nvlist_lookup_string(nvlist, ZFS_SMB_ACL_TARGET,
4474 4480 &target)) {
4475 4481 VN_RELE(vp);
4476 4482 VN_RELE(ZTOV(sharedir));
4477 4483 ZFS_EXIT(zfsvfs);
4478 4484 nvlist_free(nvlist);
4479 4485 return (error);
4480 4486 }
4481 4487 error = VOP_RENAME(ZTOV(sharedir), src, ZTOV(sharedir), target,
4482 4488 kcred, NULL, 0);
4483 4489 nvlist_free(nvlist);
4484 4490 break;
4485 4491
4486 4492 case ZFS_SMB_ACL_PURGE:
4487 4493 error = zfs_smb_acl_purge(sharedir);
4488 4494 break;
4489 4495
4490 4496 default:
4491 4497 error = EINVAL;
4492 4498 break;
4493 4499 }
4494 4500
4495 4501 VN_RELE(vp);
4496 4502 VN_RELE(ZTOV(sharedir));
4497 4503
4498 4504 ZFS_EXIT(zfsvfs);
4499 4505
4500 4506 return (error);
4501 4507 }
4502 4508
4503 4509 /*
4504 4510 * inputs:
4505 4511 * zc_name name of filesystem
4506 4512 * zc_value short name of snap
4507 4513 * zc_string user-supplied tag for this hold
4508 4514 * zc_cookie recursive flag
4509 4515 * zc_temphold set if hold is temporary
4510 4516 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process
4511 4517 * zc_sendobj if non-zero, the objid for zc_name@zc_value
4512 4518 * zc_createtxg if zc_sendobj is non-zero, snap must have zc_createtxg
4513 4519 *
4514 4520 * outputs: none
4515 4521 */
4516 4522 static int
4517 4523 zfs_ioc_hold(zfs_cmd_t *zc)
4518 4524 {
4519 4525 boolean_t recursive = zc->zc_cookie;
4520 4526 spa_t *spa;
4521 4527 dsl_pool_t *dp;
4522 4528 dsl_dataset_t *ds;
4523 4529 int error;
4524 4530 minor_t minor = 0;
4525 4531
4526 4532 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
4527 4533 return (EINVAL);
4528 4534
4529 4535 if (zc->zc_sendobj == 0) {
4530 4536 return (dsl_dataset_user_hold(zc->zc_name, zc->zc_value,
4531 4537 zc->zc_string, recursive, zc->zc_temphold,
4532 4538 zc->zc_cleanup_fd));
4533 4539 }
4534 4540
4535 4541 if (recursive)
4536 4542 return (EINVAL);
4537 4543
4538 4544 error = spa_open(zc->zc_name, &spa, FTAG);
4539 4545 if (error)
4540 4546 return (error);
4541 4547
4542 4548 dp = spa_get_dsl(spa);
4543 4549 rw_enter(&dp->dp_config_rwlock, RW_READER);
4544 4550 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
4545 4551 rw_exit(&dp->dp_config_rwlock);
4546 4552 spa_close(spa, FTAG);
4547 4553 if (error)
4548 4554 return (error);
4549 4555
4550 4556 /*
4551 4557 * Until we have a hold on this snapshot, it's possible that
4552 4558 * zc_sendobj could've been destroyed and reused as part
4553 4559 * of a later txg. Make sure we're looking at the right object.
4554 4560 */
4555 4561 if (zc->zc_createtxg != ds->ds_phys->ds_creation_txg) {
4556 4562 dsl_dataset_rele(ds, FTAG);
4557 4563 return (ENOENT);
4558 4564 }
4559 4565
4560 4566 if (zc->zc_cleanup_fd != -1 && zc->zc_temphold) {
4561 4567 error = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor);
4562 4568 if (error) {
4563 4569 dsl_dataset_rele(ds, FTAG);
4564 4570 return (error);
4565 4571 }
4566 4572 }
4567 4573
4568 4574 error = dsl_dataset_user_hold_for_send(ds, zc->zc_string,
4569 4575 zc->zc_temphold);
4570 4576 if (minor != 0) {
4571 4577 if (error == 0) {
4572 4578 dsl_register_onexit_hold_cleanup(ds, zc->zc_string,
4573 4579 minor);
4574 4580 }
4575 4581 zfs_onexit_fd_rele(zc->zc_cleanup_fd);
4576 4582 }
4577 4583 dsl_dataset_rele(ds, FTAG);
4578 4584
4579 4585 return (error);
4580 4586 }
4581 4587
4582 4588 /*
4583 4589 * inputs:
4584 4590 * zc_name name of dataset from which we're releasing a user hold
4585 4591 * zc_value short name of snap
4586 4592 * zc_string user-supplied tag for this hold
4587 4593 * zc_cookie recursive flag
4588 4594 *
4589 4595 * outputs: none
4590 4596 */
4591 4597 static int
4592 4598 zfs_ioc_release(zfs_cmd_t *zc)
4593 4599 {
4594 4600 boolean_t recursive = zc->zc_cookie;
4595 4601
4596 4602 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
4597 4603 return (EINVAL);
4598 4604
4599 4605 return (dsl_dataset_user_release(zc->zc_name, zc->zc_value,
4600 4606 zc->zc_string, recursive));
4601 4607 }
4602 4608
4603 4609 /*
4604 4610 * inputs:
4605 4611 * zc_name name of filesystem
4606 4612 *
4607 4613 * outputs:
4608 4614 * zc_nvlist_src{_size} nvlist of snapshot holds
4609 4615 */
4610 4616 static int
4611 4617 zfs_ioc_get_holds(zfs_cmd_t *zc)
4612 4618 {
4613 4619 nvlist_t *nvp;
4614 4620 int error;
4615 4621
4616 4622 if ((error = dsl_dataset_get_holds(zc->zc_name, &nvp)) == 0) {
4617 4623 error = put_nvlist(zc, nvp);
4618 4624 nvlist_free(nvp);
4619 4625 }
4620 4626
4621 4627 return (error);
4622 4628 }
4623 4629
4624 4630 /*
4625 4631 * pool create, destroy, and export don't log the history as part of
4626 4632 * zfsdev_ioctl, but rather zfs_ioc_pool_create, and zfs_ioc_pool_export
4627 4633 * do the logging of those commands.
4628 4634 */
4629 4635 static zfs_ioc_vec_t zfs_ioc_vec[] = {
4630 4636 { zfs_ioc_pool_create, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4631 4637 POOL_CHECK_NONE },
4632 4638 { zfs_ioc_pool_destroy, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4633 4639 POOL_CHECK_NONE },
4634 4640 { zfs_ioc_pool_import, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4635 4641 POOL_CHECK_NONE },
4636 4642 { zfs_ioc_pool_export, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4637 4643 POOL_CHECK_NONE },
4638 4644 { zfs_ioc_pool_configs, zfs_secpolicy_none, NO_NAME, B_FALSE,
4639 4645 POOL_CHECK_NONE },
4640 4646 { zfs_ioc_pool_stats, zfs_secpolicy_read, POOL_NAME, B_FALSE,
4641 4647 POOL_CHECK_NONE },
4642 4648 { zfs_ioc_pool_tryimport, zfs_secpolicy_config, NO_NAME, B_FALSE,
4643 4649 POOL_CHECK_NONE },
4644 4650 { zfs_ioc_pool_scan, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4645 4651 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4646 4652 { zfs_ioc_pool_freeze, zfs_secpolicy_config, NO_NAME, B_FALSE,
4647 4653 POOL_CHECK_READONLY },
4648 4654 { zfs_ioc_pool_upgrade, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4649 4655 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4650 4656 { zfs_ioc_pool_get_history, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4651 4657 POOL_CHECK_NONE },
4652 4658 { zfs_ioc_vdev_add, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4653 4659 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4654 4660 { zfs_ioc_vdev_remove, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4655 4661 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4656 4662 { zfs_ioc_vdev_set_state, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4657 4663 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4658 4664 { zfs_ioc_vdev_attach, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4659 4665 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4660 4666 { zfs_ioc_vdev_detach, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4661 4667 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4662 4668 { zfs_ioc_vdev_setpath, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4663 4669 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4664 4670 { zfs_ioc_vdev_setfru, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4665 4671 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4666 4672 { zfs_ioc_objset_stats, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4667 4673 POOL_CHECK_SUSPENDED },
4668 4674 { zfs_ioc_objset_zplprops, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4669 4675 POOL_CHECK_NONE },
4670 4676 { zfs_ioc_dataset_list_next, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4671 4677 POOL_CHECK_SUSPENDED },
4672 4678 { zfs_ioc_snapshot_list_next, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4673 4679 POOL_CHECK_SUSPENDED },
4674 4680 { zfs_ioc_set_prop, zfs_secpolicy_none, DATASET_NAME, B_TRUE,
4675 4681 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4676 4682 { zfs_ioc_create, zfs_secpolicy_create, DATASET_NAME, B_TRUE,
4677 4683 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4678 4684 { zfs_ioc_destroy, zfs_secpolicy_destroy, DATASET_NAME, B_TRUE,
4679 4685 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4680 4686 { zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME, B_TRUE,
4681 4687 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4682 4688 { zfs_ioc_rename, zfs_secpolicy_rename, DATASET_NAME, B_TRUE,
4683 4689 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4684 4690 { zfs_ioc_recv, zfs_secpolicy_receive, DATASET_NAME, B_TRUE,
4685 4691 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4686 4692 { zfs_ioc_send, zfs_secpolicy_send, DATASET_NAME, B_TRUE,
4687 4693 POOL_CHECK_NONE },
4688 4694 { zfs_ioc_inject_fault, zfs_secpolicy_inject, NO_NAME, B_FALSE,
4689 4695 POOL_CHECK_NONE },
4690 4696 { zfs_ioc_clear_fault, zfs_secpolicy_inject, NO_NAME, B_FALSE,
4691 4697 POOL_CHECK_NONE },
4692 4698 { zfs_ioc_inject_list_next, zfs_secpolicy_inject, NO_NAME, B_FALSE,
4693 4699 POOL_CHECK_NONE },
4694 4700 { zfs_ioc_error_log, zfs_secpolicy_inject, POOL_NAME, B_FALSE,
4695 4701 POOL_CHECK_NONE },
4696 4702 { zfs_ioc_clear, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4697 4703 POOL_CHECK_NONE },
4698 4704 { zfs_ioc_promote, zfs_secpolicy_promote, DATASET_NAME, B_TRUE,
4699 4705 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4700 4706 { zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, DATASET_NAME,
4701 4707 B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4702 4708 { zfs_ioc_snapshot, zfs_secpolicy_snapshot, DATASET_NAME, B_TRUE,
4703 4709 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4704 4710 { zfs_ioc_dsobj_to_dsname, zfs_secpolicy_diff, POOL_NAME, B_FALSE,
4705 4711 POOL_CHECK_NONE },
4706 4712 { zfs_ioc_obj_to_path, zfs_secpolicy_diff, DATASET_NAME, B_FALSE,
4707 4713 POOL_CHECK_SUSPENDED },
4708 4714 { zfs_ioc_pool_set_props, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4709 4715 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4710 4716 { zfs_ioc_pool_get_props, zfs_secpolicy_read, POOL_NAME, B_FALSE,
4711 4717 POOL_CHECK_NONE },
4712 4718 { zfs_ioc_set_fsacl, zfs_secpolicy_fsacl, DATASET_NAME, B_TRUE,
4713 4719 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4714 4720 { zfs_ioc_get_fsacl, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4715 4721 POOL_CHECK_NONE },
4716 4722 { zfs_ioc_share, zfs_secpolicy_share, DATASET_NAME, B_FALSE,
4717 4723 POOL_CHECK_NONE },
4718 4724 { zfs_ioc_inherit_prop, zfs_secpolicy_inherit, DATASET_NAME, B_TRUE,
4719 4725 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4720 4726 { zfs_ioc_smb_acl, zfs_secpolicy_smb_acl, DATASET_NAME, B_FALSE,
4721 4727 POOL_CHECK_NONE },
4722 4728 { zfs_ioc_userspace_one, zfs_secpolicy_userspace_one, DATASET_NAME,
4723 4729 B_FALSE, POOL_CHECK_NONE },
4724 4730 { zfs_ioc_userspace_many, zfs_secpolicy_userspace_many, DATASET_NAME,
4725 4731 B_FALSE, POOL_CHECK_NONE },
4726 4732 { zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade,
4727 4733 DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4728 4734 { zfs_ioc_hold, zfs_secpolicy_hold, DATASET_NAME, B_TRUE,
4729 4735 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4730 4736 { zfs_ioc_release, zfs_secpolicy_release, DATASET_NAME, B_TRUE,
4731 4737 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4732 4738 { zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4733 4739 POOL_CHECK_SUSPENDED },
4734 4740 { zfs_ioc_objset_recvd_props, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4735 4741 POOL_CHECK_NONE },
4736 4742 { zfs_ioc_vdev_split, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4737 4743 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4738 4744 { zfs_ioc_next_obj, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4739 4745 POOL_CHECK_NONE },
4740 4746 { zfs_ioc_diff, zfs_secpolicy_diff, DATASET_NAME, B_FALSE,
4741 4747 POOL_CHECK_NONE },
4742 4748 { zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot, DATASET_NAME,
4743 4749 B_FALSE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4744 4750 { zfs_ioc_obj_to_stats, zfs_secpolicy_diff, DATASET_NAME, B_FALSE,
4745 4751 POOL_CHECK_SUSPENDED }
4746 4752 };
4747 4753
4748 4754 int
4749 4755 pool_status_check(const char *name, zfs_ioc_namecheck_t type,
4750 4756 zfs_ioc_poolcheck_t check)
4751 4757 {
4752 4758 spa_t *spa;
4753 4759 int error;
4754 4760
4755 4761 ASSERT(type == POOL_NAME || type == DATASET_NAME);
4756 4762
4757 4763 if (check & POOL_CHECK_NONE)
4758 4764 return (0);
4759 4765
4760 4766 error = spa_open(name, &spa, FTAG);
4761 4767 if (error == 0) {
4762 4768 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa))
4763 4769 error = EAGAIN;
4764 4770 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa))
4765 4771 error = EROFS;
4766 4772 spa_close(spa, FTAG);
4767 4773 }
4768 4774 return (error);
4769 4775 }
4770 4776
4771 4777 /*
4772 4778 * Find a free minor number.
4773 4779 */
4774 4780 minor_t
4775 4781 zfsdev_minor_alloc(void)
4776 4782 {
4777 4783 static minor_t last_minor;
4778 4784 minor_t m;
4779 4785
4780 4786 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
4781 4787
4782 4788 for (m = last_minor + 1; m != last_minor; m++) {
4783 4789 if (m > ZFSDEV_MAX_MINOR)
4784 4790 m = 1;
4785 4791 if (ddi_get_soft_state(zfsdev_state, m) == NULL) {
4786 4792 last_minor = m;
4787 4793 return (m);
4788 4794 }
4789 4795 }
4790 4796
4791 4797 return (0);
4792 4798 }
4793 4799
4794 4800 static int
4795 4801 zfs_ctldev_init(dev_t *devp)
4796 4802 {
4797 4803 minor_t minor;
4798 4804 zfs_soft_state_t *zs;
4799 4805
4800 4806 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
4801 4807 ASSERT(getminor(*devp) == 0);
4802 4808
4803 4809 minor = zfsdev_minor_alloc();
4804 4810 if (minor == 0)
4805 4811 return (ENXIO);
4806 4812
4807 4813 if (ddi_soft_state_zalloc(zfsdev_state, minor) != DDI_SUCCESS)
4808 4814 return (EAGAIN);
4809 4815
4810 4816 *devp = makedevice(getemajor(*devp), minor);
4811 4817
4812 4818 zs = ddi_get_soft_state(zfsdev_state, minor);
4813 4819 zs->zss_type = ZSST_CTLDEV;
4814 4820 zfs_onexit_init((zfs_onexit_t **)&zs->zss_data);
4815 4821
4816 4822 return (0);
4817 4823 }
4818 4824
4819 4825 static void
4820 4826 zfs_ctldev_destroy(zfs_onexit_t *zo, minor_t minor)
4821 4827 {
4822 4828 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
4823 4829
4824 4830 zfs_onexit_destroy(zo);
4825 4831 ddi_soft_state_free(zfsdev_state, minor);
4826 4832 }
4827 4833
4828 4834 void *
4829 4835 zfsdev_get_soft_state(minor_t minor, enum zfs_soft_state_type which)
4830 4836 {
4831 4837 zfs_soft_state_t *zp;
4832 4838
4833 4839 zp = ddi_get_soft_state(zfsdev_state, minor);
4834 4840 if (zp == NULL || zp->zss_type != which)
4835 4841 return (NULL);
4836 4842
4837 4843 return (zp->zss_data);
4838 4844 }
4839 4845
4840 4846 static int
4841 4847 zfsdev_open(dev_t *devp, int flag, int otyp, cred_t *cr)
4842 4848 {
4843 4849 int error = 0;
4844 4850
4845 4851 if (getminor(*devp) != 0)
4846 4852 return (zvol_open(devp, flag, otyp, cr));
4847 4853
4848 4854 /* This is the control device. Allocate a new minor if requested. */
4849 4855 if (flag & FEXCL) {
4850 4856 mutex_enter(&zfsdev_state_lock);
4851 4857 error = zfs_ctldev_init(devp);
4852 4858 mutex_exit(&zfsdev_state_lock);
4853 4859 }
4854 4860
4855 4861 return (error);
4856 4862 }
4857 4863
4858 4864 static int
4859 4865 zfsdev_close(dev_t dev, int flag, int otyp, cred_t *cr)
4860 4866 {
4861 4867 zfs_onexit_t *zo;
4862 4868 minor_t minor = getminor(dev);
4863 4869
4864 4870 if (minor == 0)
4865 4871 return (0);
4866 4872
4867 4873 mutex_enter(&zfsdev_state_lock);
4868 4874 zo = zfsdev_get_soft_state(minor, ZSST_CTLDEV);
4869 4875 if (zo == NULL) {
4870 4876 mutex_exit(&zfsdev_state_lock);
4871 4877 return (zvol_close(dev, flag, otyp, cr));
4872 4878 }
4873 4879 zfs_ctldev_destroy(zo, minor);
4874 4880 mutex_exit(&zfsdev_state_lock);
4875 4881
4876 4882 return (0);
4877 4883 }
4878 4884
4879 4885 static int
4880 4886 zfsdev_ioctl(dev_t dev, int cmd, intptr_t arg, int flag, cred_t *cr, int *rvalp)
4881 4887 {
4882 4888 zfs_cmd_t *zc;
4883 4889 uint_t vec;
4884 4890 int error, rc;
4885 4891 minor_t minor = getminor(dev);
4886 4892
4887 4893 if (minor != 0 &&
4888 4894 zfsdev_get_soft_state(minor, ZSST_CTLDEV) == NULL)
4889 4895 return (zvol_ioctl(dev, cmd, arg, flag, cr, rvalp));
4890 4896
4891 4897 vec = cmd - ZFS_IOC;
4892 4898 ASSERT3U(getmajor(dev), ==, ddi_driver_major(zfs_dip));
4893 4899
4894 4900 if (vec >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0]))
4895 4901 return (EINVAL);
4896 4902
4897 4903 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
4898 4904
4899 4905 error = ddi_copyin((void *)arg, zc, sizeof (zfs_cmd_t), flag);
4900 4906 if (error != 0)
4901 4907 error = EFAULT;
4902 4908
4903 4909 if ((error == 0) && !(flag & FKIOCTL))
4904 4910 error = zfs_ioc_vec[vec].zvec_secpolicy(zc, cr);
4905 4911
4906 4912 /*
4907 4913 * Ensure that all pool/dataset names are valid before we pass down to
4908 4914 * the lower layers.
4909 4915 */
4910 4916 if (error == 0) {
4911 4917 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
4912 4918 zc->zc_iflags = flag & FKIOCTL;
4913 4919 switch (zfs_ioc_vec[vec].zvec_namecheck) {
4914 4920 case POOL_NAME:
4915 4921 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0)
4916 4922 error = EINVAL;
4917 4923 error = pool_status_check(zc->zc_name,
4918 4924 zfs_ioc_vec[vec].zvec_namecheck,
4919 4925 zfs_ioc_vec[vec].zvec_pool_check);
4920 4926 break;
4921 4927
4922 4928 case DATASET_NAME:
4923 4929 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0)
4924 4930 error = EINVAL;
4925 4931 error = pool_status_check(zc->zc_name,
4926 4932 zfs_ioc_vec[vec].zvec_namecheck,
4927 4933 zfs_ioc_vec[vec].zvec_pool_check);
4928 4934 break;
4929 4935
4930 4936 case NO_NAME:
4931 4937 break;
4932 4938 }
4933 4939 }
4934 4940
4935 4941 if (error == 0)
4936 4942 error = zfs_ioc_vec[vec].zvec_func(zc);
4937 4943
4938 4944 rc = ddi_copyout(zc, (void *)arg, sizeof (zfs_cmd_t), flag);
4939 4945 if (error == 0) {
4940 4946 if (rc != 0)
4941 4947 error = EFAULT;
4942 4948 if (zfs_ioc_vec[vec].zvec_his_log)
4943 4949 zfs_log_history(zc);
4944 4950 }
4945 4951
4946 4952 kmem_free(zc, sizeof (zfs_cmd_t));
4947 4953 return (error);
4948 4954 }
4949 4955
4950 4956 static int
4951 4957 zfs_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
4952 4958 {
4953 4959 if (cmd != DDI_ATTACH)
4954 4960 return (DDI_FAILURE);
4955 4961
4956 4962 if (ddi_create_minor_node(dip, "zfs", S_IFCHR, 0,
4957 4963 DDI_PSEUDO, 0) == DDI_FAILURE)
4958 4964 return (DDI_FAILURE);
4959 4965
4960 4966 zfs_dip = dip;
4961 4967
4962 4968 ddi_report_dev(dip);
4963 4969
4964 4970 return (DDI_SUCCESS);
4965 4971 }
4966 4972
4967 4973 static int
4968 4974 zfs_detach(dev_info_t *dip, ddi_detach_cmd_t cmd)
4969 4975 {
4970 4976 if (spa_busy() || zfs_busy() || zvol_busy())
4971 4977 return (DDI_FAILURE);
4972 4978
4973 4979 if (cmd != DDI_DETACH)
4974 4980 return (DDI_FAILURE);
4975 4981
4976 4982 zfs_dip = NULL;
4977 4983
4978 4984 ddi_prop_remove_all(dip);
4979 4985 ddi_remove_minor_node(dip, NULL);
4980 4986
4981 4987 return (DDI_SUCCESS);
4982 4988 }
4983 4989
4984 4990 /*ARGSUSED*/
4985 4991 static int
4986 4992 zfs_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result)
4987 4993 {
4988 4994 switch (infocmd) {
4989 4995 case DDI_INFO_DEVT2DEVINFO:
4990 4996 *result = zfs_dip;
4991 4997 return (DDI_SUCCESS);
4992 4998
4993 4999 case DDI_INFO_DEVT2INSTANCE:
4994 5000 *result = (void *)0;
4995 5001 return (DDI_SUCCESS);
4996 5002 }
4997 5003
4998 5004 return (DDI_FAILURE);
4999 5005 }
5000 5006
5001 5007 /*
5002 5008 * OK, so this is a little weird.
5003 5009 *
5004 5010 * /dev/zfs is the control node, i.e. minor 0.
5005 5011 * /dev/zvol/[r]dsk/pool/dataset are the zvols, minor > 0.
5006 5012 *
5007 5013 * /dev/zfs has basically nothing to do except serve up ioctls,
5008 5014 * so most of the standard driver entry points are in zvol.c.
5009 5015 */
5010 5016 static struct cb_ops zfs_cb_ops = {
5011 5017 zfsdev_open, /* open */
5012 5018 zfsdev_close, /* close */
5013 5019 zvol_strategy, /* strategy */
5014 5020 nodev, /* print */
5015 5021 zvol_dump, /* dump */
5016 5022 zvol_read, /* read */
5017 5023 zvol_write, /* write */
5018 5024 zfsdev_ioctl, /* ioctl */
5019 5025 nodev, /* devmap */
5020 5026 nodev, /* mmap */
5021 5027 nodev, /* segmap */
5022 5028 nochpoll, /* poll */
5023 5029 ddi_prop_op, /* prop_op */
5024 5030 NULL, /* streamtab */
5025 5031 D_NEW | D_MP | D_64BIT, /* Driver compatibility flag */
5026 5032 CB_REV, /* version */
5027 5033 nodev, /* async read */
5028 5034 nodev, /* async write */
5029 5035 };
5030 5036
5031 5037 static struct dev_ops zfs_dev_ops = {
5032 5038 DEVO_REV, /* version */
5033 5039 0, /* refcnt */
5034 5040 zfs_info, /* info */
5035 5041 nulldev, /* identify */
5036 5042 nulldev, /* probe */
5037 5043 zfs_attach, /* attach */
5038 5044 zfs_detach, /* detach */
5039 5045 nodev, /* reset */
5040 5046 &zfs_cb_ops, /* driver operations */
5041 5047 NULL, /* no bus operations */
5042 5048 NULL, /* power */
5043 5049 ddi_quiesce_not_needed, /* quiesce */
5044 5050 };
5045 5051
5046 5052 static struct modldrv zfs_modldrv = {
5047 5053 &mod_driverops,
5048 5054 "ZFS storage pool",
5049 5055 &zfs_dev_ops
5050 5056 };
5051 5057
5052 5058 static struct modlinkage modlinkage = {
5053 5059 MODREV_1,
5054 5060 (void *)&zfs_modlfs,
5055 5061 (void *)&zfs_modldrv,
5056 5062 NULL
5057 5063 };
5058 5064
5059 5065
5060 5066 uint_t zfs_fsyncer_key;
5061 5067 extern uint_t rrw_tsd_key;
5062 5068
5063 5069 int
5064 5070 _init(void)
5065 5071 {
5066 5072 int error;
5067 5073
5068 5074 spa_init(FREAD | FWRITE);
5069 5075 zfs_init();
5070 5076 zvol_init();
5071 5077
5072 5078 if ((error = mod_install(&modlinkage)) != 0) {
5073 5079 zvol_fini();
5074 5080 zfs_fini();
5075 5081 spa_fini();
5076 5082 return (error);
5077 5083 }
5078 5084
5079 5085 tsd_create(&zfs_fsyncer_key, NULL);
5080 5086 tsd_create(&rrw_tsd_key, NULL);
5081 5087
5082 5088 error = ldi_ident_from_mod(&modlinkage, &zfs_li);
5083 5089 ASSERT(error == 0);
5084 5090 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL);
5085 5091
5086 5092 return (0);
5087 5093 }
5088 5094
5089 5095 int
5090 5096 _fini(void)
5091 5097 {
5092 5098 int error;
5093 5099
5094 5100 if (spa_busy() || zfs_busy() || zvol_busy() || zio_injection_enabled)
5095 5101 return (EBUSY);
5096 5102
5097 5103 if ((error = mod_remove(&modlinkage)) != 0)
5098 5104 return (error);
5099 5105
5100 5106 zvol_fini();
5101 5107 zfs_fini();
5102 5108 spa_fini();
5103 5109 if (zfs_nfsshare_inited)
5104 5110 (void) ddi_modclose(nfs_mod);
5105 5111 if (zfs_smbshare_inited)
5106 5112 (void) ddi_modclose(smbsrv_mod);
5107 5113 if (zfs_nfsshare_inited || zfs_smbshare_inited)
5108 5114 (void) ddi_modclose(sharefs_mod);
5109 5115
5110 5116 tsd_destroy(&zfs_fsyncer_key);
5111 5117 ldi_ident_release(zfs_li);
5112 5118 zfs_li = NULL;
5113 5119 mutex_destroy(&zfs_share_lock);
5114 5120
5115 5121 return (error);
5116 5122 }
5117 5123
5118 5124 int
5119 5125 _info(struct modinfo *modinfop)
5120 5126 {
5121 5127 return (mod_info(&modlinkage, modinfop));
5122 5128 }
|
↓ open down ↓ |
4414 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX