2008-11-20 23:01:55 +03:00
|
|
|
/*
|
|
|
|
* CDDL HEADER START
|
|
|
|
*
|
|
|
|
* The contents of this file are subject to the terms of the
|
|
|
|
* Common Development and Distribution License (the "License").
|
|
|
|
* You may not use this file except in compliance with the License.
|
|
|
|
*
|
|
|
|
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
|
|
|
* or http://www.opensolaris.org/os/licensing.
|
|
|
|
* See the License for the specific language governing permissions
|
|
|
|
* and limitations under the License.
|
|
|
|
*
|
|
|
|
* When distributing Covered Code, include this CDDL HEADER in each
|
|
|
|
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
|
|
|
* If applicable, add the following below this CDDL HEADER, with the
|
|
|
|
* fields enclosed by brackets "[]" replaced with your own identifying
|
|
|
|
* information: Portions Copyright [yyyy] [name of copyright owner]
|
|
|
|
*
|
|
|
|
* CDDL HEADER END
|
|
|
|
*/
|
2012-12-14 03:24:15 +04:00
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
/*
|
2010-05-29 00:45:14 +04:00
|
|
|
* Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
|
2012-04-08 21:18:48 +04:00
|
|
|
* Portions Copyright 2011 Martin Matuska
|
2016-06-09 22:24:29 +03:00
|
|
|
* Copyright 2015, OmniTI Computer Consulting, Inc. All rights reserved.
|
2012-05-29 21:50:50 +04:00
|
|
|
* Portions Copyright 2012 Pawel Jakub Dawidek <pawel@dawidek.net>
|
2017-01-31 21:24:23 +03:00
|
|
|
* Copyright (c) 2014, 2016 Joyent, Inc. All rights reserved.
|
2016-07-12 20:53:53 +03:00
|
|
|
* Copyright 2016 Nexenta Systems, Inc. All rights reserved.
|
2015-04-01 16:07:48 +03:00
|
|
|
* Copyright (c) 2014, Joyent, Inc. All rights reserved.
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
* Copyright (c) 2011, 2018 by Delphix. All rights reserved.
|
2013-01-23 13:54:30 +04:00
|
|
|
* Copyright (c) 2013 by Saso Kiselkov. All rights reserved.
|
2013-05-25 06:06:23 +04:00
|
|
|
* Copyright (c) 2013 Steven Hartland. All rights reserved.
|
2017-04-13 19:40:00 +03:00
|
|
|
* Copyright (c) 2014 Integros [integros.com]
|
|
|
|
* Copyright 2016 Toomas Soome <tsoome@me.com>
|
2014-03-22 13:07:14 +04:00
|
|
|
* Copyright (c) 2016 Actifio, Inc. All rights reserved.
|
2017-05-10 02:21:09 +03:00
|
|
|
* Copyright (c) 2017, loli10K <ezomori.nozomu@gmail.com>. All rights reserved.
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
* Copyright (c) 2017 Datto Inc. All rights reserved.
|
2017-06-27 02:56:09 +03:00
|
|
|
* Copyright 2017 RackTop Systems.
|
2017-10-26 22:26:09 +03:00
|
|
|
* Copyright (c) 2017 Open-E, Inc. All Rights Reserved.
|
2013-08-28 15:45:09 +04:00
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
|
|
|
* ZFS ioctls.
|
|
|
|
*
|
|
|
|
* This file handles the ioctls to /dev/zfs, used for configuring ZFS storage
|
|
|
|
* pools and filesystems, e.g. with /sbin/zfs and /sbin/zpool.
|
|
|
|
*
|
|
|
|
* There are two ways that we handle ioctls: the legacy way where almost
|
|
|
|
* all of the logic is in the ioctl callback, and the new way where most
|
|
|
|
* of the marshalling is handled in the common entry point, zfsdev_ioctl().
|
|
|
|
*
|
|
|
|
* Non-legacy ioctls should be registered by calling
|
|
|
|
* zfs_ioctl_register() from zfs_ioctl_init(). The ioctl is invoked
|
|
|
|
* from userland by lzc_ioctl().
|
|
|
|
*
|
|
|
|
* The registration arguments are as follows:
|
|
|
|
*
|
|
|
|
* const char *name
|
|
|
|
* The name of the ioctl. This is used for history logging. If the
|
|
|
|
* ioctl returns successfully (the callback returns 0), and allow_log
|
|
|
|
* is true, then a history log entry will be recorded with the input &
|
|
|
|
* output nvlists. The log entry can be printed with "zpool history -i".
|
|
|
|
*
|
|
|
|
* zfs_ioc_t ioc
|
|
|
|
* The ioctl request number, which userland will pass to ioctl(2).
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
* We want newer versions of libzfs and libzfs_core to run against
|
|
|
|
* existing zfs kernel modules (i.e. a deferred reboot after an update).
|
|
|
|
* Therefore the ioctl numbers cannot change from release to release.
|
2013-08-28 15:45:09 +04:00
|
|
|
*
|
|
|
|
* zfs_secpolicy_func_t *secpolicy
|
|
|
|
* This function will be called before the zfs_ioc_func_t, to
|
|
|
|
* determine if this operation is permitted. It should return EPERM
|
|
|
|
* on failure, and 0 on success. Checks include determining if the
|
|
|
|
* dataset is visible in this zone, and if the user has either all
|
|
|
|
* zfs privileges in the zone (SYS_MOUNT), or has been granted permission
|
|
|
|
* to do this operation on this dataset with "zfs allow".
|
|
|
|
*
|
|
|
|
* zfs_ioc_namecheck_t namecheck
|
|
|
|
* This specifies what to expect in the zfs_cmd_t:zc_name -- a pool
|
|
|
|
* name, a dataset name, or nothing. If the name is not well-formed,
|
|
|
|
* the ioctl will fail and the callback will not be called.
|
|
|
|
* Therefore, the callback can assume that the name is well-formed
|
|
|
|
* (e.g. is null-terminated, doesn't have more than one '@' character,
|
|
|
|
* doesn't have invalid characters).
|
|
|
|
*
|
|
|
|
* zfs_ioc_poolcheck_t pool_check
|
|
|
|
* This specifies requirements on the pool state. If the pool does
|
|
|
|
* not meet them (is suspended or is readonly), the ioctl will fail
|
|
|
|
* and the callback will not be called. If any checks are specified
|
|
|
|
* (i.e. it is not POOL_CHECK_NONE), namecheck must not be NO_NAME.
|
|
|
|
* Multiple checks can be or-ed together (e.g. POOL_CHECK_SUSPENDED |
|
|
|
|
* POOL_CHECK_READONLY).
|
|
|
|
*
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
* zfs_ioc_key_t *nvl_keys
|
|
|
|
* The list of expected/allowable innvl input keys. This list is used
|
|
|
|
* to validate the nvlist input to the ioctl.
|
|
|
|
*
|
2013-08-28 15:45:09 +04:00
|
|
|
* boolean_t smush_outnvlist
|
|
|
|
* If smush_outnvlist is true, then the output is presumed to be a
|
|
|
|
* list of errors, and it will be "smushed" down to fit into the
|
|
|
|
* caller's buffer, by removing some entries and replacing them with a
|
|
|
|
* single "N_MORE_ERRORS" entry indicating how many were removed. See
|
|
|
|
* nvlist_smush() for details. If smush_outnvlist is false, and the
|
|
|
|
* outnvlist does not fit into the userland-provided buffer, then the
|
|
|
|
* ioctl will fail with ENOMEM.
|
|
|
|
*
|
|
|
|
* zfs_ioc_func_t *func
|
|
|
|
* The callback function that will perform the operation.
|
|
|
|
*
|
|
|
|
* The callback should return 0 on success, or an error number on
|
|
|
|
* failure. If the function fails, the userland ioctl will return -1,
|
|
|
|
* and errno will be set to the callback's return value. The callback
|
|
|
|
* will be called with the following arguments:
|
|
|
|
*
|
|
|
|
* const char *name
|
|
|
|
* The name of the pool or dataset to operate on, from
|
|
|
|
* zfs_cmd_t:zc_name. The 'namecheck' argument specifies the
|
|
|
|
* expected type (pool, dataset, or none).
|
|
|
|
*
|
|
|
|
* nvlist_t *innvl
|
|
|
|
* The input nvlist, deserialized from zfs_cmd_t:zc_nvlist_src. Or
|
|
|
|
* NULL if no input nvlist was provided. Changes to this nvlist are
|
|
|
|
* ignored. If the input nvlist could not be deserialized, the
|
|
|
|
* ioctl will fail and the callback will not be called.
|
|
|
|
*
|
|
|
|
* nvlist_t *outnvl
|
|
|
|
* The output nvlist, initially empty. The callback can fill it in,
|
|
|
|
* and it will be returned to userland by serializing it into
|
|
|
|
* zfs_cmd_t:zc_nvlist_dst. If it is non-empty, and serialization
|
|
|
|
* fails (e.g. because the caller didn't supply a large enough
|
|
|
|
* buffer), then the overall ioctl will fail. See the
|
|
|
|
* 'smush_nvlist' argument above for additional behaviors.
|
|
|
|
*
|
|
|
|
* There are two typical uses of the output nvlist:
|
|
|
|
* - To return state, e.g. property values. In this case,
|
|
|
|
* smush_outnvlist should be false. If the buffer was not large
|
|
|
|
* enough, the caller will reallocate a larger buffer and try
|
|
|
|
* the ioctl again.
|
|
|
|
*
|
|
|
|
* - To return multiple errors from an ioctl which makes on-disk
|
|
|
|
* changes. In this case, smush_outnvlist should be true.
|
|
|
|
* Ioctls which make on-disk modifications should generally not
|
|
|
|
* use the outnvl if they succeed, because the caller can not
|
|
|
|
* distinguish between the operation failing, and
|
|
|
|
* deserialization failing.
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
*
|
|
|
|
* IOCTL Interface Errors
|
|
|
|
*
|
|
|
|
* The following ioctl input errors can be returned:
|
|
|
|
* ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
|
|
|
|
* ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
|
|
|
|
* ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
|
|
|
|
* ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
|
2011-11-12 02:07:54 +04:00
|
|
|
*/
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
#include <sys/types.h>
|
|
|
|
#include <sys/param.h>
|
|
|
|
#include <sys/errno.h>
|
|
|
|
#include <sys/uio.h>
|
|
|
|
#include <sys/file.h>
|
|
|
|
#include <sys/kmem.h>
|
|
|
|
#include <sys/cmn_err.h>
|
|
|
|
#include <sys/stat.h>
|
|
|
|
#include <sys/zfs_ioctl.h>
|
2010-05-29 00:45:14 +04:00
|
|
|
#include <sys/zfs_vfsops.h>
|
2008-11-20 23:01:55 +03:00
|
|
|
#include <sys/zfs_znode.h>
|
|
|
|
#include <sys/zap.h>
|
|
|
|
#include <sys/spa.h>
|
|
|
|
#include <sys/spa_impl.h>
|
|
|
|
#include <sys/vdev.h>
|
2017-05-19 22:30:16 +03:00
|
|
|
#include <sys/vdev_impl.h>
|
2008-11-20 23:01:55 +03:00
|
|
|
#include <sys/dmu.h>
|
|
|
|
#include <sys/dsl_dir.h>
|
|
|
|
#include <sys/dsl_dataset.h>
|
|
|
|
#include <sys/dsl_prop.h>
|
|
|
|
#include <sys/dsl_deleg.h>
|
|
|
|
#include <sys/dmu_objset.h>
|
2012-05-10 02:05:14 +04:00
|
|
|
#include <sys/dmu_impl.h>
|
2013-09-04 16:00:57 +04:00
|
|
|
#include <sys/dmu_tx.h>
|
2008-11-20 23:01:55 +03:00
|
|
|
#include <sys/sunddi.h>
|
|
|
|
#include <sys/policy.h>
|
|
|
|
#include <sys/zone.h>
|
|
|
|
#include <sys/nvpair.h>
|
|
|
|
#include <sys/pathname.h>
|
|
|
|
#include <sys/sdt.h>
|
|
|
|
#include <sys/fs/zfs.h>
|
2011-11-11 11:15:53 +04:00
|
|
|
#include <sys/zfs_ctldir.h>
|
2008-11-20 23:01:55 +03:00
|
|
|
#include <sys/zfs_dir.h>
|
2010-08-27 01:24:34 +04:00
|
|
|
#include <sys/zfs_onexit.h>
|
2008-11-20 23:01:55 +03:00
|
|
|
#include <sys/zvol.h>
|
2010-05-29 00:45:14 +04:00
|
|
|
#include <sys/dsl_scan.h>
|
2010-08-26 22:44:39 +04:00
|
|
|
#include <sys/fm/util.h>
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
#include <sys/dsl_crypt.h>
|
2010-08-26 22:44:39 +04:00
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
#include <sys/dmu_send.h>
|
|
|
|
#include <sys/dsl_destroy.h>
|
2013-12-12 02:33:41 +04:00
|
|
|
#include <sys/dsl_bookmark.h>
|
2013-09-04 16:00:57 +04:00
|
|
|
#include <sys/dsl_userhold.h>
|
2013-01-23 13:54:30 +04:00
|
|
|
#include <sys/zfeature.h>
|
2018-02-08 19:16:23 +03:00
|
|
|
#include <sys/zcp.h>
|
2016-06-16 01:47:05 +03:00
|
|
|
#include <sys/zio_checksum.h>
|
OpenZFS 7614, 9064 - zfs device evacuation/removal
OpenZFS 7614 - zfs device evacuation/removal
OpenZFS 9064 - remove_mirror should wait for device removal to complete
This project allows top-level vdevs to be removed from the storage pool
with "zpool remove", reducing the total amount of storage in the pool.
This operation copies all allocated regions of the device to be removed
onto other devices, recording the mapping from old to new location.
After the removal is complete, read and free operations to the removed
(now "indirect") vdev must be remapped and performed at the new location
on disk. The indirect mapping table is kept in memory whenever the pool
is loaded, so there is minimal performance overhead when doing operations
on the indirect vdev.
The size of the in-memory mapping table will be reduced when its entries
become "obsolete" because they are no longer used by any block pointers
in the pool. An entry becomes obsolete when all the blocks that use
it are freed. An entry can also become obsolete when all the snapshots
that reference it are deleted, and the block pointers that reference it
have been "remapped" in all filesystems/zvols (and clones). Whenever an
indirect block is written, all the block pointers in it will be "remapped"
to their new (concrete) locations if possible. This process can be
accelerated by using the "zfs remap" command to proactively rewrite all
indirect blocks that reference indirect (removed) vdevs.
Note that when a device is removed, we do not verify the checksum of
the data that is copied. This makes the process much faster, but if it
were used on redundant vdevs (i.e. mirror or raidz vdevs), it would be
possible to copy the wrong data, when we have the correct data on e.g.
the other side of the mirror.
At the moment, only mirrors and simple top-level vdevs can be removed
and no removal is allowed if any of the top-level vdevs are raidz.
Porting Notes:
* Avoid zero-sized kmem_alloc() in vdev_compact_children().
The device evacuation code adds a dependency that
vdev_compact_children() be able to properly empty the vdev_child
array by setting it to NULL and zeroing vdev_children. Under Linux,
kmem_alloc() and related functions return a sentinel pointer rather
than NULL for zero-sized allocations.
* Remove comment regarding "mpt" driver where zfs_remove_max_segment
is initialized to SPA_MAXBLOCKSIZE.
Change zfs_condense_indirect_commit_entry_delay_ticks to
zfs_condense_indirect_commit_entry_delay_ms for consistency with
most other tunables in which delays are specified in ms.
* ZTS changes:
Use set_tunable rather than mdb
Use zpool sync as appropriate
Use sync_pool instead of sync
Kill jobs during test_removal_with_operation to allow unmount/export
Don't add non-disk names such as "mirror" or "raidz" to $DISKS
Use $TEST_BASE_DIR instead of /tmp
Increase HZ from 100 to 1000 which is more common on Linux
removal_multiple_indirection.ksh
Reduce iterations in order to not time out on the code
coverage builders.
removal_resume_export:
Functionally, the test case is correct but there exists a race
where the kernel thread hasn't been fully started yet and is
not visible. Wait for up to 1 second for the removal thread
to be started before giving up on it. Also, increase the
amount of data copied in order that the removal not finish
before the export has a chance to fail.
* MMP compatibility, the concept of concrete versus non-concrete devices
has slightly changed the semantics of vdev_writeable(). Update
mmp_random_leaf_impl() accordingly.
* Updated dbuf_remap() to handle the org.zfsonlinux:large_dnode pool
feature which is not supported by OpenZFS.
* Added support for new vdev removal tracepoints.
* Test cases removal_with_zdb and removal_condense_export have been
intentionally disabled. When run manually they pass as intended,
but when running in the automated test environment they produce
unreliable results on the latest Fedora release.
They may work better once the upstream pool import refectoring is
merged into ZoL at which point they will be re-enabled.
Authored by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Alex Reece <alex@delphix.com>
Reviewed-by: George Wilson <george.wilson@delphix.com>
Reviewed-by: John Kennedy <john.kennedy@delphix.com>
Reviewed-by: Prakash Surya <prakash.surya@delphix.com>
Reviewed by: Richard Laager <rlaager@wiktel.com>
Reviewed by: Tim Chase <tim@chase2k.com>
Reviewed by: Brian Behlendorf <behlendorf1@llnl.gov>
Approved by: Garrett D'Amore <garrett@damore.org>
Ported-by: Tim Chase <tim@chase2k.com>
Signed-off-by: Tim Chase <tim@chase2k.com>
OpenZFS-issue: https://www.illumos.org/issues/7614
OpenZFS-commit: https://github.com/openzfs/openzfs/commit/f539f1eb
Closes #6900
2016-09-22 19:30:13 +03:00
|
|
|
#include <sys/vdev_removal.h>
|
2018-09-02 22:09:53 +03:00
|
|
|
#include <sys/zfs_sysfs.h>
|
2013-01-23 13:54:30 +04:00
|
|
|
|
2010-08-26 22:44:39 +04:00
|
|
|
#include <linux/miscdevice.h>
|
2016-06-07 19:16:52 +03:00
|
|
|
#include <linux/slab.h>
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
#include "zfs_namecheck.h"
|
|
|
|
#include "zfs_prop.h"
|
|
|
|
#include "zfs_deleg.h"
|
2010-05-29 00:45:14 +04:00
|
|
|
#include "zfs_comutil.h"
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2018-02-08 19:16:23 +03:00
|
|
|
#include <sys/lua/lua.h>
|
|
|
|
#include <sys/lua/lauxlib.h>
|
|
|
|
|
2016-06-07 19:16:52 +03:00
|
|
|
/*
|
|
|
|
* Limit maximum nvlist size. We don't want users passing in insane values
|
|
|
|
* for zc->zc_nvlist_src_size, since we will need to allocate that much memory.
|
|
|
|
*/
|
|
|
|
#define MAX_NVLIST_SRC_SIZE KMALLOC_MAX_SIZE
|
|
|
|
|
2010-08-26 22:44:39 +04:00
|
|
|
kmutex_t zfsdev_state_lock;
|
2014-05-08 18:51:01 +04:00
|
|
|
zfsdev_state_t *zfsdev_state_list;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
extern void zfs_init(void);
|
|
|
|
extern void zfs_fini(void);
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
uint_t zfs_fsyncer_key;
|
|
|
|
extern uint_t rrw_tsd_key;
|
|
|
|
static uint_t zfs_allow_log_key;
|
|
|
|
|
|
|
|
typedef int zfs_ioc_legacy_func_t(zfs_cmd_t *);
|
|
|
|
typedef int zfs_ioc_func_t(const char *, nvlist_t *, nvlist_t *);
|
|
|
|
typedef int zfs_secpolicy_func_t(zfs_cmd_t *, nvlist_t *, cred_t *);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
/*
|
|
|
|
* IOC Keys are used to document and validate user->kernel interface inputs.
|
|
|
|
* See zfs_keys_recv_new for an example declaration. Any key name that is not
|
|
|
|
* listed will be rejected as input.
|
|
|
|
*
|
|
|
|
* The keyname 'optional' is always allowed, and must be an nvlist if present.
|
|
|
|
* Arguments which older kernels can safely ignore can be placed under the
|
|
|
|
* "optional" key.
|
|
|
|
*
|
|
|
|
* When adding new keys to an existing ioc for new functionality, consider:
|
|
|
|
* - adding an entry into zfs_sysfs.c zfs_features[] list
|
|
|
|
* - updating the libzfs_input_check.c test utility
|
|
|
|
*
|
|
|
|
* Note: in the ZK_WILDCARDLIST case, the name serves as documentation
|
|
|
|
* for the expected name (bookmark, snapshot, property, etc) but there
|
|
|
|
* is no validation in the preflight zfs_check_input_nvpairs() check.
|
|
|
|
*/
|
|
|
|
typedef enum {
|
|
|
|
ZK_OPTIONAL = 1 << 0, /* pair is optional */
|
|
|
|
ZK_WILDCARDLIST = 1 << 1, /* one or more unspecified key names */
|
|
|
|
} ioc_key_flag_t;
|
|
|
|
|
|
|
|
/* DATA_TYPE_ANY is used when zkey_type can vary. */
|
|
|
|
#define DATA_TYPE_ANY DATA_TYPE_UNKNOWN
|
|
|
|
|
|
|
|
typedef struct zfs_ioc_key {
|
|
|
|
const char *zkey_name;
|
|
|
|
data_type_t zkey_type;
|
|
|
|
ioc_key_flag_t zkey_flags;
|
|
|
|
} zfs_ioc_key_t;
|
|
|
|
|
2009-07-03 02:44:48 +04:00
|
|
|
typedef enum {
|
|
|
|
NO_NAME,
|
|
|
|
POOL_NAME,
|
|
|
|
DATASET_NAME
|
|
|
|
} zfs_ioc_namecheck_t;
|
|
|
|
|
2010-08-27 01:24:34 +04:00
|
|
|
typedef enum {
|
|
|
|
POOL_CHECK_NONE = 1 << 0,
|
|
|
|
POOL_CHECK_SUSPENDED = 1 << 1,
|
2013-08-28 15:45:09 +04:00
|
|
|
POOL_CHECK_READONLY = 1 << 2,
|
2010-08-27 01:24:34 +04:00
|
|
|
} zfs_ioc_poolcheck_t;
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
typedef struct zfs_ioc_vec {
|
2013-08-28 15:45:09 +04:00
|
|
|
zfs_ioc_legacy_func_t *zvec_legacy_func;
|
2008-11-20 23:01:55 +03:00
|
|
|
zfs_ioc_func_t *zvec_func;
|
|
|
|
zfs_secpolicy_func_t *zvec_secpolicy;
|
2009-07-03 02:44:48 +04:00
|
|
|
zfs_ioc_namecheck_t zvec_namecheck;
|
2013-08-28 15:45:09 +04:00
|
|
|
boolean_t zvec_allow_log;
|
2010-08-27 01:24:34 +04:00
|
|
|
zfs_ioc_poolcheck_t zvec_pool_check;
|
2013-08-28 15:45:09 +04:00
|
|
|
boolean_t zvec_smush_outnvlist;
|
|
|
|
const char *zvec_name;
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
const zfs_ioc_key_t *zvec_nvl_keys;
|
|
|
|
size_t zvec_nvl_key_count;
|
2008-11-20 23:01:55 +03:00
|
|
|
} zfs_ioc_vec_t;
|
|
|
|
|
2009-07-03 02:44:48 +04:00
|
|
|
/* This array is indexed by zfs_userquota_prop_t */
|
|
|
|
static const char *userquota_perms[] = {
|
|
|
|
ZFS_DELEG_PERM_USERUSED,
|
|
|
|
ZFS_DELEG_PERM_USERQUOTA,
|
|
|
|
ZFS_DELEG_PERM_GROUPUSED,
|
|
|
|
ZFS_DELEG_PERM_GROUPQUOTA,
|
2016-10-04 21:46:10 +03:00
|
|
|
ZFS_DELEG_PERM_USEROBJUSED,
|
|
|
|
ZFS_DELEG_PERM_USEROBJQUOTA,
|
|
|
|
ZFS_DELEG_PERM_GROUPOBJUSED,
|
|
|
|
ZFS_DELEG_PERM_GROUPOBJQUOTA,
|
2018-02-14 01:54:54 +03:00
|
|
|
ZFS_DELEG_PERM_PROJECTUSED,
|
|
|
|
ZFS_DELEG_PERM_PROJECTQUOTA,
|
|
|
|
ZFS_DELEG_PERM_PROJECTOBJUSED,
|
|
|
|
ZFS_DELEG_PERM_PROJECTOBJQUOTA,
|
2009-07-03 02:44:48 +04:00
|
|
|
};
|
|
|
|
|
|
|
|
static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc);
|
2018-02-14 01:54:54 +03:00
|
|
|
static int zfs_ioc_id_quota_upgrade(zfs_cmd_t *zc);
|
2010-05-29 00:45:14 +04:00
|
|
|
static int zfs_check_settable(const char *name, nvpair_t *property,
|
|
|
|
cred_t *cr);
|
|
|
|
static int zfs_check_clearable(char *dataset, nvlist_t *props,
|
|
|
|
nvlist_t **errors);
|
2008-12-03 23:09:06 +03:00
|
|
|
static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *,
|
|
|
|
boolean_t *);
|
2013-08-28 15:45:09 +04:00
|
|
|
int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t *);
|
|
|
|
static int get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp);
|
2008-12-03 23:09:06 +03:00
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
static void
|
|
|
|
history_str_free(char *buf)
|
|
|
|
{
|
|
|
|
kmem_free(buf, HIS_MAX_RECORD_LEN);
|
|
|
|
}
|
|
|
|
|
|
|
|
static char *
|
|
|
|
history_str_get(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
char *buf;
|
|
|
|
|
2010-08-26 20:52:39 +04:00
|
|
|
if (zc->zc_history == 0)
|
2008-11-20 23:01:55 +03:00
|
|
|
return (NULL);
|
|
|
|
|
2014-12-03 22:56:32 +03:00
|
|
|
buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP);
|
2008-11-20 23:01:55 +03:00
|
|
|
if (copyinstr((void *)(uintptr_t)zc->zc_history,
|
|
|
|
buf, HIS_MAX_RECORD_LEN, NULL) != 0) {
|
|
|
|
history_str_free(buf);
|
|
|
|
return (NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
buf[HIS_MAX_RECORD_LEN -1] = '\0';
|
|
|
|
|
|
|
|
return (buf);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2008-12-03 23:09:06 +03:00
|
|
|
* Check to see if the named dataset is currently defined as bootable
|
|
|
|
*/
|
|
|
|
static boolean_t
|
|
|
|
zfs_is_bootfs(const char *name)
|
|
|
|
{
|
2010-05-29 00:45:14 +04:00
|
|
|
objset_t *os;
|
2008-12-03 23:09:06 +03:00
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
if (dmu_objset_hold(name, FTAG, &os) == 0) {
|
|
|
|
boolean_t ret;
|
|
|
|
ret = (dmu_objset_id(os) == spa_bootfs(dmu_objset_spa(os)));
|
|
|
|
dmu_objset_rele(os, FTAG);
|
|
|
|
return (ret);
|
2008-12-03 23:09:06 +03:00
|
|
|
}
|
2010-05-29 00:45:14 +04:00
|
|
|
return (B_FALSE);
|
2008-12-03 23:09:06 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2013-06-11 21:12:34 +04:00
|
|
|
* Return non-zero if the spa version is less than requested version.
|
2008-11-20 23:01:55 +03:00
|
|
|
*/
|
|
|
|
static int
|
2008-12-03 23:09:06 +03:00
|
|
|
zfs_earlier_version(const char *name, int version)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
|
|
|
spa_t *spa;
|
|
|
|
|
|
|
|
if (spa_open(name, &spa, FTAG) == 0) {
|
|
|
|
if (spa_version(spa) < version) {
|
|
|
|
spa_close(spa, FTAG);
|
|
|
|
return (1);
|
|
|
|
}
|
|
|
|
spa_close(spa, FTAG);
|
|
|
|
}
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2008-12-03 23:09:06 +03:00
|
|
|
* Return TRUE if the ZPL version is less than requested version.
|
2008-11-20 23:01:55 +03:00
|
|
|
*/
|
2008-12-03 23:09:06 +03:00
|
|
|
static boolean_t
|
|
|
|
zpl_earlier_version(const char *name, int version)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
|
|
|
objset_t *os;
|
2008-12-03 23:09:06 +03:00
|
|
|
boolean_t rc = B_TRUE;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
if (dmu_objset_hold(name, FTAG, &os) == 0) {
|
2008-12-03 23:09:06 +03:00
|
|
|
uint64_t zplversion;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
if (dmu_objset_type(os) != DMU_OST_ZFS) {
|
|
|
|
dmu_objset_rele(os, FTAG);
|
|
|
|
return (B_TRUE);
|
|
|
|
}
|
|
|
|
/* XXX reading from non-owned objset */
|
2008-12-03 23:09:06 +03:00
|
|
|
if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0)
|
|
|
|
rc = zplversion < version;
|
2010-05-29 00:45:14 +04:00
|
|
|
dmu_objset_rele(os, FTAG);
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
return (rc);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
zfs_log_history(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
spa_t *spa;
|
|
|
|
char *buf;
|
|
|
|
|
|
|
|
if ((buf = history_str_get(zc)) == NULL)
|
|
|
|
return;
|
|
|
|
|
|
|
|
if (spa_open(zc->zc_name, &spa, FTAG) == 0) {
|
|
|
|
if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY)
|
2013-08-28 15:45:09 +04:00
|
|
|
(void) spa_history_log(spa, buf);
|
2008-11-20 23:01:55 +03:00
|
|
|
spa_close(spa, FTAG);
|
|
|
|
}
|
|
|
|
history_str_free(buf);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Policy for top-level read operations (list pools). Requires no privileges,
|
|
|
|
* and can be used in the local zone, as there is no associated dataset.
|
|
|
|
*/
|
|
|
|
/* ARGSUSED */
|
|
|
|
static int
|
2013-08-28 15:45:09 +04:00
|
|
|
zfs_secpolicy_none(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Policy for dataset read operations (list children, get statistics). Requires
|
|
|
|
* no privileges, but must be visible in the local zone.
|
|
|
|
*/
|
|
|
|
/* ARGSUSED */
|
|
|
|
static int
|
2013-08-28 15:45:09 +04:00
|
|
|
zfs_secpolicy_read(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
|
|
|
if (INGLOBALZONE(curproc) ||
|
|
|
|
zone_dataset_visible(zc->zc_name, NULL))
|
|
|
|
return (0);
|
|
|
|
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(ENOENT));
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2010-08-27 01:24:34 +04:00
|
|
|
zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
|
|
|
int writable = 1;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* The dataset must be visible by this zone -- check this first
|
|
|
|
* so they don't see EPERM on something they shouldn't know about.
|
|
|
|
*/
|
|
|
|
if (!INGLOBALZONE(curproc) &&
|
|
|
|
!zone_dataset_visible(dataset, &writable))
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(ENOENT));
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
if (INGLOBALZONE(curproc)) {
|
|
|
|
/*
|
|
|
|
* If the fs is zoned, only root can access it from the
|
|
|
|
* global zone.
|
|
|
|
*/
|
|
|
|
if (secpolicy_zfs(cr) && zoned)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EPERM));
|
2008-11-20 23:01:55 +03:00
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* If we are in a local zone, the 'zoned' property must be set.
|
|
|
|
*/
|
|
|
|
if (!zoned)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EPERM));
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
/* must be writable by this zone */
|
|
|
|
if (!writable)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EPERM));
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
2010-08-27 01:24:34 +04:00
|
|
|
static int
|
|
|
|
zfs_dozonecheck(const char *dataset, cred_t *cr)
|
|
|
|
{
|
|
|
|
uint64_t zoned;
|
|
|
|
|
|
|
|
if (dsl_prop_get_integer(dataset, "zoned", &zoned, NULL))
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(ENOENT));
|
2010-08-27 01:24:34 +04:00
|
|
|
|
|
|
|
return (zfs_dozonecheck_impl(dataset, zoned, cr));
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr)
|
|
|
|
{
|
|
|
|
uint64_t zoned;
|
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
if (dsl_prop_get_int_ds(ds, "zoned", &zoned))
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(ENOENT));
|
2010-08-27 01:24:34 +04:00
|
|
|
|
|
|
|
return (zfs_dozonecheck_impl(dataset, zoned, cr));
|
|
|
|
}
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
static int
|
2013-09-04 16:00:57 +04:00
|
|
|
zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds,
|
|
|
|
const char *perm, cred_t *cr)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
|
|
|
int error;
|
|
|
|
|
2011-11-17 22:14:36 +04:00
|
|
|
error = zfs_dozonecheck_ds(name, ds, cr);
|
2008-11-20 23:01:55 +03:00
|
|
|
if (error == 0) {
|
|
|
|
error = secpolicy_zfs(cr);
|
2013-09-04 16:00:57 +04:00
|
|
|
if (error != 0)
|
2013-08-28 15:45:09 +04:00
|
|
|
error = dsl_deleg_access_impl(ds, perm, cr);
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
static int
|
2013-09-04 16:00:57 +04:00
|
|
|
zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
|
2010-08-27 01:24:34 +04:00
|
|
|
{
|
|
|
|
int error;
|
2013-09-04 16:00:57 +04:00
|
|
|
dsl_dataset_t *ds;
|
|
|
|
dsl_pool_t *dp;
|
2010-08-27 01:24:34 +04:00
|
|
|
|
2017-01-18 01:52:17 +03:00
|
|
|
/*
|
|
|
|
* First do a quick check for root in the global zone, which
|
|
|
|
* is allowed to do all write_perms. This ensures that zfs_ioc_*
|
|
|
|
* will get to handle nonexistent datasets.
|
|
|
|
*/
|
|
|
|
if (INGLOBALZONE(curproc) && secpolicy_zfs(cr) == 0)
|
|
|
|
return (0);
|
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
error = dsl_pool_hold(name, FTAG, &dp);
|
|
|
|
if (error != 0)
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
error = dsl_dataset_hold(dp, name, FTAG, &ds);
|
|
|
|
if (error != 0) {
|
|
|
|
dsl_pool_rele(dp, FTAG);
|
|
|
|
return (error);
|
2010-08-27 01:24:34 +04:00
|
|
|
}
|
2013-09-04 16:00:57 +04:00
|
|
|
|
|
|
|
error = zfs_secpolicy_write_perms_ds(name, ds, perm, cr);
|
|
|
|
|
|
|
|
dsl_dataset_rele(ds, FTAG);
|
|
|
|
dsl_pool_rele(dp, FTAG);
|
2010-08-27 01:24:34 +04:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
/*
|
|
|
|
* Policy for setting the security label property.
|
|
|
|
*
|
|
|
|
* Returns 0 for success, non-zero for access and other errors.
|
|
|
|
*/
|
2008-11-20 23:01:55 +03:00
|
|
|
static int
|
2010-05-29 00:45:14 +04:00
|
|
|
zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
2010-08-26 22:43:42 +04:00
|
|
|
#ifdef HAVE_MLSLABEL
|
2010-05-29 00:45:14 +04:00
|
|
|
char ds_hexsl[MAXNAMELEN];
|
|
|
|
bslabel_t ds_sl, new_sl;
|
|
|
|
boolean_t new_default = FALSE;
|
|
|
|
uint64_t zoned;
|
|
|
|
int needed_priv = -1;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
/* First get the existing dataset label. */
|
|
|
|
error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL),
|
|
|
|
1, sizeof (ds_hexsl), &ds_hexsl, NULL);
|
2013-09-04 16:00:57 +04:00
|
|
|
if (error != 0)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EPERM));
|
2010-05-29 00:45:14 +04:00
|
|
|
|
|
|
|
if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0)
|
|
|
|
new_default = TRUE;
|
|
|
|
|
|
|
|
/* The label must be translatable */
|
|
|
|
if (!new_default && (hexstr_to_label(strval, &new_sl) != 0))
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EINVAL));
|
2010-05-29 00:45:14 +04:00
|
|
|
|
|
|
|
/*
|
|
|
|
* In a non-global zone, disallow attempts to set a label that
|
|
|
|
* doesn't match that of the zone; otherwise no other checks
|
|
|
|
* are needed.
|
|
|
|
*/
|
|
|
|
if (!INGLOBALZONE(curproc)) {
|
|
|
|
if (new_default || !blequal(&new_sl, CR_SL(CRED())))
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EPERM));
|
2010-05-29 00:45:14 +04:00
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* For global-zone datasets (i.e., those whose zoned property is
|
|
|
|
* "off", verify that the specified new label is valid for the
|
|
|
|
* global zone.
|
|
|
|
*/
|
|
|
|
if (dsl_prop_get_integer(name,
|
|
|
|
zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL))
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EPERM));
|
2010-05-29 00:45:14 +04:00
|
|
|
if (!zoned) {
|
|
|
|
if (zfs_check_global_label(name, strval) != 0)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EPERM));
|
2010-05-29 00:45:14 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If the existing dataset label is nondefault, check if the
|
|
|
|
* dataset is mounted (label cannot be changed while mounted).
|
2017-03-08 03:21:37 +03:00
|
|
|
* Get the zfsvfs_t; if there isn't one, then the dataset isn't
|
2010-05-29 00:45:14 +04:00
|
|
|
* mounted (or isn't a dataset, doesn't exist, ...).
|
|
|
|
*/
|
|
|
|
if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) {
|
|
|
|
objset_t *os;
|
|
|
|
static char *setsl_tag = "setsl_tag";
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Try to own the dataset; abort if there is any error,
|
|
|
|
* (e.g., already mounted, in use, or other error).
|
|
|
|
*/
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE, B_TRUE,
|
2010-05-29 00:45:14 +04:00
|
|
|
setsl_tag, &os);
|
2013-09-04 16:00:57 +04:00
|
|
|
if (error != 0)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EPERM));
|
2010-05-29 00:45:14 +04:00
|
|
|
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
dmu_objset_disown(os, B_TRUE, setsl_tag);
|
2010-05-29 00:45:14 +04:00
|
|
|
|
|
|
|
if (new_default) {
|
|
|
|
needed_priv = PRIV_FILE_DOWNGRADE_SL;
|
|
|
|
goto out_check;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (hexstr_to_label(strval, &new_sl) != 0)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EPERM));
|
2010-05-29 00:45:14 +04:00
|
|
|
|
|
|
|
if (blstrictdom(&ds_sl, &new_sl))
|
|
|
|
needed_priv = PRIV_FILE_DOWNGRADE_SL;
|
|
|
|
else if (blstrictdom(&new_sl, &ds_sl))
|
|
|
|
needed_priv = PRIV_FILE_UPGRADE_SL;
|
|
|
|
} else {
|
|
|
|
/* dataset currently has a default label */
|
|
|
|
if (!new_default)
|
|
|
|
needed_priv = PRIV_FILE_UPGRADE_SL;
|
|
|
|
}
|
|
|
|
|
|
|
|
out_check:
|
|
|
|
if (needed_priv != -1)
|
|
|
|
return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL));
|
|
|
|
return (0);
|
2010-08-26 22:43:42 +04:00
|
|
|
#else
|
2017-08-03 07:16:12 +03:00
|
|
|
return (SET_ERROR(ENOTSUP));
|
2010-08-26 22:43:42 +04:00
|
|
|
#endif /* HAVE_MLSLABEL */
|
2010-05-29 00:45:14 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval,
|
|
|
|
cred_t *cr)
|
|
|
|
{
|
|
|
|
char *strval;
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
/*
|
|
|
|
* Check permissions for special properties.
|
|
|
|
*/
|
|
|
|
switch (prop) {
|
2010-08-26 20:52:41 +04:00
|
|
|
default:
|
|
|
|
break;
|
2008-11-20 23:01:55 +03:00
|
|
|
case ZFS_PROP_ZONED:
|
|
|
|
/*
|
|
|
|
* Disallow setting of 'zoned' from within a local zone.
|
|
|
|
*/
|
|
|
|
if (!INGLOBALZONE(curproc))
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EPERM));
|
2008-11-20 23:01:55 +03:00
|
|
|
break;
|
|
|
|
|
|
|
|
case ZFS_PROP_QUOTA:
|
2015-04-01 16:07:48 +03:00
|
|
|
case ZFS_PROP_FILESYSTEM_LIMIT:
|
|
|
|
case ZFS_PROP_SNAPSHOT_LIMIT:
|
2008-11-20 23:01:55 +03:00
|
|
|
if (!INGLOBALZONE(curproc)) {
|
|
|
|
uint64_t zoned;
|
2016-06-16 00:28:36 +03:00
|
|
|
char setpoint[ZFS_MAX_DATASET_NAME_LEN];
|
2008-11-20 23:01:55 +03:00
|
|
|
/*
|
|
|
|
* Unprivileged users are allowed to modify the
|
2015-04-01 16:07:48 +03:00
|
|
|
* limit on things *under* (ie. contained by)
|
2008-11-20 23:01:55 +03:00
|
|
|
* the thing they own.
|
|
|
|
*/
|
2010-05-29 00:45:14 +04:00
|
|
|
if (dsl_prop_get_integer(dsname, "zoned", &zoned,
|
2008-11-20 23:01:55 +03:00
|
|
|
setpoint))
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EPERM));
|
2010-05-29 00:45:14 +04:00
|
|
|
if (!zoned || strlen(dsname) <= strlen(setpoint))
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EPERM));
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
break;
|
2010-05-29 00:45:14 +04:00
|
|
|
|
|
|
|
case ZFS_PROP_MLSLABEL:
|
|
|
|
if (!is_system_labeled())
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EPERM));
|
2010-05-29 00:45:14 +04:00
|
|
|
|
|
|
|
if (nvpair_value_string(propval, &strval) == 0) {
|
|
|
|
int err;
|
|
|
|
|
|
|
|
err = zfs_set_slabel_policy(dsname, strval, CRED());
|
|
|
|
if (err != 0)
|
|
|
|
return (err);
|
|
|
|
}
|
|
|
|
break;
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr));
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
/* ARGSUSED */
|
|
|
|
static int
|
|
|
|
zfs_secpolicy_set_fsacl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
|
|
|
int error;
|
|
|
|
|
|
|
|
error = zfs_dozonecheck(zc->zc_name, cr);
|
2013-09-04 16:00:57 +04:00
|
|
|
if (error != 0)
|
2008-11-20 23:01:55 +03:00
|
|
|
return (error);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* permission to set permissions will be evaluated later in
|
|
|
|
* dsl_deleg_can_allow()
|
|
|
|
*/
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
/* ARGSUSED */
|
|
|
|
static int
|
|
|
|
zfs_secpolicy_rollback(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
2010-05-29 00:45:14 +04:00
|
|
|
return (zfs_secpolicy_write_perms(zc->zc_name,
|
|
|
|
ZFS_DELEG_PERM_ROLLBACK, cr));
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
/* ARGSUSED */
|
|
|
|
static int
|
|
|
|
zfs_secpolicy_send(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
2010-08-27 01:24:34 +04:00
|
|
|
dsl_pool_t *dp;
|
|
|
|
dsl_dataset_t *ds;
|
|
|
|
char *cp;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Generate the current snapshot name from the given objsetid, then
|
|
|
|
* use that name for the secpolicy/zone checks.
|
|
|
|
*/
|
|
|
|
cp = strchr(zc->zc_name, '@');
|
|
|
|
if (cp == NULL)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EINVAL));
|
2013-09-04 16:00:57 +04:00
|
|
|
error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
|
|
|
|
if (error != 0)
|
2010-08-27 01:24:34 +04:00
|
|
|
return (error);
|
|
|
|
|
|
|
|
error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
|
2013-09-04 16:00:57 +04:00
|
|
|
if (error != 0) {
|
|
|
|
dsl_pool_rele(dp, FTAG);
|
2010-08-27 01:24:34 +04:00
|
|
|
return (error);
|
2013-09-04 16:00:57 +04:00
|
|
|
}
|
2010-08-27 01:24:34 +04:00
|
|
|
|
|
|
|
dsl_dataset_name(ds, zc->zc_name);
|
|
|
|
|
|
|
|
error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds,
|
|
|
|
ZFS_DELEG_PERM_SEND, cr);
|
|
|
|
dsl_dataset_rele(ds, FTAG);
|
2013-09-04 16:00:57 +04:00
|
|
|
dsl_pool_rele(dp, FTAG);
|
2010-08-27 01:24:34 +04:00
|
|
|
|
|
|
|
return (error);
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
/* ARGSUSED */
|
|
|
|
static int
|
|
|
|
zfs_secpolicy_send_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
|
|
|
|
{
|
|
|
|
return (zfs_secpolicy_write_perms(zc->zc_name,
|
|
|
|
ZFS_DELEG_PERM_SEND, cr));
|
|
|
|
}
|
|
|
|
|
2011-07-02 23:34:12 +04:00
|
|
|
#ifdef HAVE_SMB_SHARE
|
2013-08-28 15:45:09 +04:00
|
|
|
/* ARGSUSED */
|
2009-07-03 02:44:48 +04:00
|
|
|
static int
|
2013-08-28 15:45:09 +04:00
|
|
|
zfs_secpolicy_deleg_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
|
2009-07-03 02:44:48 +04:00
|
|
|
{
|
|
|
|
vnode_t *vp;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
|
|
|
|
NO_FOLLOW, NULL, &vp)) != 0)
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
/* Now make sure mntpnt and dataset are ZFS */
|
|
|
|
|
|
|
|
if (vp->v_vfsp->vfs_fstype != zfsfstype ||
|
|
|
|
(strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
|
|
|
|
zc->zc_name) != 0)) {
|
|
|
|
VN_RELE(vp);
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EPERM));
|
2009-07-03 02:44:48 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
VN_RELE(vp);
|
|
|
|
return (dsl_deleg_access(zc->zc_name,
|
|
|
|
ZFS_DELEG_PERM_SHARE, cr));
|
|
|
|
}
|
2011-07-02 23:34:12 +04:00
|
|
|
#endif /* HAVE_SMB_SHARE */
|
2009-07-03 02:44:48 +04:00
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
int
|
2013-08-28 15:45:09 +04:00
|
|
|
zfs_secpolicy_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
2011-07-02 23:34:12 +04:00
|
|
|
#ifdef HAVE_SMB_SHARE
|
2008-11-20 23:01:55 +03:00
|
|
|
if (!INGLOBALZONE(curproc))
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EPERM));
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
if (secpolicy_nfs(cr) == 0) {
|
|
|
|
return (0);
|
|
|
|
} else {
|
2013-08-28 15:45:09 +04:00
|
|
|
return (zfs_secpolicy_deleg_share(zc, innvl, cr));
|
2009-07-03 02:44:48 +04:00
|
|
|
}
|
2010-08-26 22:44:39 +04:00
|
|
|
#else
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(ENOTSUP));
|
2011-07-02 23:34:12 +04:00
|
|
|
#endif /* HAVE_SMB_SHARE */
|
2009-07-03 02:44:48 +04:00
|
|
|
}
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2009-07-03 02:44:48 +04:00
|
|
|
int
|
2013-08-28 15:45:09 +04:00
|
|
|
zfs_secpolicy_smb_acl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
|
2009-07-03 02:44:48 +04:00
|
|
|
{
|
2011-07-02 23:34:12 +04:00
|
|
|
#ifdef HAVE_SMB_SHARE
|
2009-07-03 02:44:48 +04:00
|
|
|
if (!INGLOBALZONE(curproc))
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EPERM));
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2009-07-03 02:44:48 +04:00
|
|
|
if (secpolicy_smb(cr) == 0) {
|
|
|
|
return (0);
|
|
|
|
} else {
|
2013-08-28 15:45:09 +04:00
|
|
|
return (zfs_secpolicy_deleg_share(zc, innvl, cr));
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
2010-08-26 22:44:39 +04:00
|
|
|
#else
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(ENOTSUP));
|
2011-07-02 23:34:12 +04:00
|
|
|
#endif /* HAVE_SMB_SHARE */
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
zfs_get_parent(const char *datasetname, char *parent, int parentsize)
|
|
|
|
{
|
|
|
|
char *cp;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Remove the @bla or /bla from the end of the name to get the parent.
|
|
|
|
*/
|
|
|
|
(void) strncpy(parent, datasetname, parentsize);
|
|
|
|
cp = strrchr(parent, '@');
|
|
|
|
if (cp != NULL) {
|
|
|
|
cp[0] = '\0';
|
|
|
|
} else {
|
|
|
|
cp = strrchr(parent, '/');
|
|
|
|
if (cp == NULL)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(ENOENT));
|
2008-11-20 23:01:55 +03:00
|
|
|
cp[0] = '\0';
|
|
|
|
}
|
|
|
|
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
zfs_secpolicy_destroy_perms(const char *name, cred_t *cr)
|
|
|
|
{
|
|
|
|
int error;
|
|
|
|
|
|
|
|
if ((error = zfs_secpolicy_write_perms(name,
|
|
|
|
ZFS_DELEG_PERM_MOUNT, cr)) != 0)
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr));
|
|
|
|
}
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
/* ARGSUSED */
|
2008-11-20 23:01:55 +03:00
|
|
|
static int
|
2013-08-28 15:45:09 +04:00
|
|
|
zfs_secpolicy_destroy(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
|
|
|
return (zfs_secpolicy_destroy_perms(zc->zc_name, cr));
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2010-05-29 00:45:14 +04:00
|
|
|
* Destroying snapshots with delegated permissions requires
|
2013-08-28 15:45:09 +04:00
|
|
|
* descendant mount and destroy permissions.
|
2008-11-20 23:01:55 +03:00
|
|
|
*/
|
2013-08-28 15:45:09 +04:00
|
|
|
/* ARGSUSED */
|
2008-11-20 23:01:55 +03:00
|
|
|
static int
|
2013-08-28 15:45:09 +04:00
|
|
|
zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
2013-08-28 15:45:09 +04:00
|
|
|
nvlist_t *snaps;
|
|
|
|
nvpair_t *pair, *nextpair;
|
|
|
|
int error = 0;
|
2010-05-29 00:45:14 +04:00
|
|
|
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
snaps = fnvlist_lookup_nvlist(innvl, "snaps");
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
|
|
|
|
pair = nextpair) {
|
|
|
|
nextpair = nvlist_next_nvpair(snaps, pair);
|
2013-12-12 02:33:41 +04:00
|
|
|
error = zfs_secpolicy_destroy_perms(nvpair_name(pair), cr);
|
|
|
|
if (error == ENOENT) {
|
2013-08-28 15:45:09 +04:00
|
|
|
/*
|
|
|
|
* Ignore any snapshots that don't exist (we consider
|
|
|
|
* them "already destroyed"). Remove the name from the
|
|
|
|
* nvl here in case the snapshot is created between
|
|
|
|
* now and when we try to destroy it (in which case
|
|
|
|
* we don't want to destroy it since we haven't
|
|
|
|
* checked for permission).
|
|
|
|
*/
|
|
|
|
fnvlist_remove_nvpair(snaps, pair);
|
|
|
|
error = 0;
|
|
|
|
}
|
|
|
|
if (error != 0)
|
|
|
|
break;
|
|
|
|
}
|
2010-05-29 00:45:14 +04:00
|
|
|
|
|
|
|
return (error);
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr)
|
|
|
|
{
|
2016-06-16 00:28:36 +03:00
|
|
|
char parentname[ZFS_MAX_DATASET_NAME_LEN];
|
2008-11-20 23:01:55 +03:00
|
|
|
int error;
|
|
|
|
|
|
|
|
if ((error = zfs_secpolicy_write_perms(from,
|
|
|
|
ZFS_DELEG_PERM_RENAME, cr)) != 0)
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
if ((error = zfs_secpolicy_write_perms(from,
|
|
|
|
ZFS_DELEG_PERM_MOUNT, cr)) != 0)
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
if ((error = zfs_get_parent(to, parentname,
|
|
|
|
sizeof (parentname))) != 0)
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
if ((error = zfs_secpolicy_write_perms(parentname,
|
|
|
|
ZFS_DELEG_PERM_CREATE, cr)) != 0)
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
if ((error = zfs_secpolicy_write_perms(parentname,
|
|
|
|
ZFS_DELEG_PERM_MOUNT, cr)) != 0)
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
/* ARGSUSED */
|
2008-11-20 23:01:55 +03:00
|
|
|
static int
|
2013-08-28 15:45:09 +04:00
|
|
|
zfs_secpolicy_rename(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
|
|
|
return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr));
|
|
|
|
}
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
/* ARGSUSED */
|
2008-11-20 23:01:55 +03:00
|
|
|
static int
|
2013-08-28 15:45:09 +04:00
|
|
|
zfs_secpolicy_promote(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
2013-09-04 16:00:57 +04:00
|
|
|
dsl_pool_t *dp;
|
|
|
|
dsl_dataset_t *clone;
|
2008-11-20 23:01:55 +03:00
|
|
|
int error;
|
|
|
|
|
|
|
|
error = zfs_secpolicy_write_perms(zc->zc_name,
|
|
|
|
ZFS_DELEG_PERM_PROMOTE, cr);
|
2013-09-04 16:00:57 +04:00
|
|
|
if (error != 0)
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
|
|
|
|
if (error != 0)
|
2008-11-20 23:01:55 +03:00
|
|
|
return (error);
|
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &clone);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
if (error == 0) {
|
2016-06-16 00:28:36 +03:00
|
|
|
char parentname[ZFS_MAX_DATASET_NAME_LEN];
|
2013-09-04 16:00:57 +04:00
|
|
|
dsl_dataset_t *origin = NULL;
|
2008-11-20 23:01:55 +03:00
|
|
|
dsl_dir_t *dd;
|
2013-09-04 16:00:57 +04:00
|
|
|
dd = clone->ds_dir;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2008-12-03 23:09:06 +03:00
|
|
|
error = dsl_dataset_hold_obj(dd->dd_pool,
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dir_phys(dd)->dd_origin_obj, FTAG, &origin);
|
2013-09-04 16:00:57 +04:00
|
|
|
if (error != 0) {
|
|
|
|
dsl_dataset_rele(clone, FTAG);
|
|
|
|
dsl_pool_rele(dp, FTAG);
|
2008-11-20 23:01:55 +03:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
error = zfs_secpolicy_write_perms_ds(zc->zc_name, clone,
|
2008-11-20 23:01:55 +03:00
|
|
|
ZFS_DELEG_PERM_MOUNT, cr);
|
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
dsl_dataset_name(origin, parentname);
|
|
|
|
if (error == 0) {
|
|
|
|
error = zfs_secpolicy_write_perms_ds(parentname, origin,
|
2008-11-20 23:01:55 +03:00
|
|
|
ZFS_DELEG_PERM_PROMOTE, cr);
|
2013-09-04 16:00:57 +04:00
|
|
|
}
|
|
|
|
dsl_dataset_rele(clone, FTAG);
|
|
|
|
dsl_dataset_rele(origin, FTAG);
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
2013-09-04 16:00:57 +04:00
|
|
|
dsl_pool_rele(dp, FTAG);
|
2008-11-20 23:01:55 +03:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
/* ARGSUSED */
|
2008-11-20 23:01:55 +03:00
|
|
|
static int
|
2013-08-28 15:45:09 +04:00
|
|
|
zfs_secpolicy_recv(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
|
|
|
int error;
|
|
|
|
|
|
|
|
if ((error = zfs_secpolicy_write_perms(zc->zc_name,
|
|
|
|
ZFS_DELEG_PERM_RECEIVE, cr)) != 0)
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
if ((error = zfs_secpolicy_write_perms(zc->zc_name,
|
|
|
|
ZFS_DELEG_PERM_MOUNT, cr)) != 0)
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
return (zfs_secpolicy_write_perms(zc->zc_name,
|
|
|
|
ZFS_DELEG_PERM_CREATE, cr));
|
|
|
|
}
|
|
|
|
|
2016-06-10 03:04:12 +03:00
|
|
|
/* ARGSUSED */
|
|
|
|
static int
|
|
|
|
zfs_secpolicy_recv_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
|
|
|
|
{
|
|
|
|
return (zfs_secpolicy_recv(zc, innvl, cr));
|
|
|
|
}
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
int
|
|
|
|
zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr)
|
|
|
|
{
|
2010-05-29 00:45:14 +04:00
|
|
|
return (zfs_secpolicy_write_perms(name,
|
|
|
|
ZFS_DELEG_PERM_SNAPSHOT, cr));
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
/*
|
|
|
|
* Check for permission to create each snapshot in the nvlist.
|
|
|
|
*/
|
|
|
|
/* ARGSUSED */
|
2008-11-20 23:01:55 +03:00
|
|
|
static int
|
2013-08-28 15:45:09 +04:00
|
|
|
zfs_secpolicy_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
2013-08-28 15:45:09 +04:00
|
|
|
nvlist_t *snaps;
|
|
|
|
int error = 0;
|
|
|
|
nvpair_t *pair;
|
|
|
|
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
snaps = fnvlist_lookup_nvlist(innvl, "snaps");
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
|
|
|
|
pair = nvlist_next_nvpair(snaps, pair)) {
|
|
|
|
char *name = nvpair_name(pair);
|
|
|
|
char *atp = strchr(name, '@');
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
if (atp == NULL) {
|
2013-03-08 22:41:28 +04:00
|
|
|
error = SET_ERROR(EINVAL);
|
2013-08-28 15:45:09 +04:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
*atp = '\0';
|
|
|
|
error = zfs_secpolicy_snapshot_perms(name, cr);
|
|
|
|
*atp = '@';
|
|
|
|
if (error != 0)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2013-12-12 02:33:41 +04:00
|
|
|
/*
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
* Check for permission to create each bookmark in the nvlist.
|
2013-12-12 02:33:41 +04:00
|
|
|
*/
|
|
|
|
/* ARGSUSED */
|
|
|
|
static int
|
|
|
|
zfs_secpolicy_bookmark(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
|
|
|
|
{
|
|
|
|
int error = 0;
|
|
|
|
|
2017-11-04 23:25:13 +03:00
|
|
|
for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL);
|
2013-12-12 02:33:41 +04:00
|
|
|
pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
|
|
|
|
char *name = nvpair_name(pair);
|
|
|
|
char *hashp = strchr(name, '#');
|
|
|
|
|
|
|
|
if (hashp == NULL) {
|
|
|
|
error = SET_ERROR(EINVAL);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
*hashp = '\0';
|
|
|
|
error = zfs_secpolicy_write_perms(name,
|
|
|
|
ZFS_DELEG_PERM_BOOKMARK, cr);
|
|
|
|
*hashp = '#';
|
|
|
|
if (error != 0)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
OpenZFS 7614, 9064 - zfs device evacuation/removal
OpenZFS 7614 - zfs device evacuation/removal
OpenZFS 9064 - remove_mirror should wait for device removal to complete
This project allows top-level vdevs to be removed from the storage pool
with "zpool remove", reducing the total amount of storage in the pool.
This operation copies all allocated regions of the device to be removed
onto other devices, recording the mapping from old to new location.
After the removal is complete, read and free operations to the removed
(now "indirect") vdev must be remapped and performed at the new location
on disk. The indirect mapping table is kept in memory whenever the pool
is loaded, so there is minimal performance overhead when doing operations
on the indirect vdev.
The size of the in-memory mapping table will be reduced when its entries
become "obsolete" because they are no longer used by any block pointers
in the pool. An entry becomes obsolete when all the blocks that use
it are freed. An entry can also become obsolete when all the snapshots
that reference it are deleted, and the block pointers that reference it
have been "remapped" in all filesystems/zvols (and clones). Whenever an
indirect block is written, all the block pointers in it will be "remapped"
to their new (concrete) locations if possible. This process can be
accelerated by using the "zfs remap" command to proactively rewrite all
indirect blocks that reference indirect (removed) vdevs.
Note that when a device is removed, we do not verify the checksum of
the data that is copied. This makes the process much faster, but if it
were used on redundant vdevs (i.e. mirror or raidz vdevs), it would be
possible to copy the wrong data, when we have the correct data on e.g.
the other side of the mirror.
At the moment, only mirrors and simple top-level vdevs can be removed
and no removal is allowed if any of the top-level vdevs are raidz.
Porting Notes:
* Avoid zero-sized kmem_alloc() in vdev_compact_children().
The device evacuation code adds a dependency that
vdev_compact_children() be able to properly empty the vdev_child
array by setting it to NULL and zeroing vdev_children. Under Linux,
kmem_alloc() and related functions return a sentinel pointer rather
than NULL for zero-sized allocations.
* Remove comment regarding "mpt" driver where zfs_remove_max_segment
is initialized to SPA_MAXBLOCKSIZE.
Change zfs_condense_indirect_commit_entry_delay_ticks to
zfs_condense_indirect_commit_entry_delay_ms for consistency with
most other tunables in which delays are specified in ms.
* ZTS changes:
Use set_tunable rather than mdb
Use zpool sync as appropriate
Use sync_pool instead of sync
Kill jobs during test_removal_with_operation to allow unmount/export
Don't add non-disk names such as "mirror" or "raidz" to $DISKS
Use $TEST_BASE_DIR instead of /tmp
Increase HZ from 100 to 1000 which is more common on Linux
removal_multiple_indirection.ksh
Reduce iterations in order to not time out on the code
coverage builders.
removal_resume_export:
Functionally, the test case is correct but there exists a race
where the kernel thread hasn't been fully started yet and is
not visible. Wait for up to 1 second for the removal thread
to be started before giving up on it. Also, increase the
amount of data copied in order that the removal not finish
before the export has a chance to fail.
* MMP compatibility, the concept of concrete versus non-concrete devices
has slightly changed the semantics of vdev_writeable(). Update
mmp_random_leaf_impl() accordingly.
* Updated dbuf_remap() to handle the org.zfsonlinux:large_dnode pool
feature which is not supported by OpenZFS.
* Added support for new vdev removal tracepoints.
* Test cases removal_with_zdb and removal_condense_export have been
intentionally disabled. When run manually they pass as intended,
but when running in the automated test environment they produce
unreliable results on the latest Fedora release.
They may work better once the upstream pool import refectoring is
merged into ZoL at which point they will be re-enabled.
Authored by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Alex Reece <alex@delphix.com>
Reviewed-by: George Wilson <george.wilson@delphix.com>
Reviewed-by: John Kennedy <john.kennedy@delphix.com>
Reviewed-by: Prakash Surya <prakash.surya@delphix.com>
Reviewed by: Richard Laager <rlaager@wiktel.com>
Reviewed by: Tim Chase <tim@chase2k.com>
Reviewed by: Brian Behlendorf <behlendorf1@llnl.gov>
Approved by: Garrett D'Amore <garrett@damore.org>
Ported-by: Tim Chase <tim@chase2k.com>
Signed-off-by: Tim Chase <tim@chase2k.com>
OpenZFS-issue: https://www.illumos.org/issues/7614
OpenZFS-commit: https://github.com/openzfs/openzfs/commit/f539f1eb
Closes #6900
2016-09-22 19:30:13 +03:00
|
|
|
/* ARGSUSED */
|
|
|
|
static int
|
|
|
|
zfs_secpolicy_remap(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
|
|
|
|
{
|
|
|
|
return (zfs_secpolicy_write_perms(zc->zc_name,
|
|
|
|
ZFS_DELEG_PERM_REMAP, cr));
|
|
|
|
}
|
|
|
|
|
2013-12-12 02:33:41 +04:00
|
|
|
/* ARGSUSED */
|
|
|
|
static int
|
|
|
|
zfs_secpolicy_destroy_bookmarks(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
|
|
|
|
{
|
|
|
|
nvpair_t *pair, *nextpair;
|
|
|
|
int error = 0;
|
|
|
|
|
|
|
|
for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL;
|
|
|
|
pair = nextpair) {
|
|
|
|
char *name = nvpair_name(pair);
|
|
|
|
char *hashp = strchr(name, '#');
|
|
|
|
nextpair = nvlist_next_nvpair(innvl, pair);
|
|
|
|
|
|
|
|
if (hashp == NULL) {
|
|
|
|
error = SET_ERROR(EINVAL);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
*hashp = '\0';
|
|
|
|
error = zfs_secpolicy_write_perms(name,
|
|
|
|
ZFS_DELEG_PERM_DESTROY, cr);
|
|
|
|
*hashp = '#';
|
|
|
|
if (error == ENOENT) {
|
|
|
|
/*
|
|
|
|
* Ignore any filesystems that don't exist (we consider
|
|
|
|
* their bookmarks "already destroyed"). Remove
|
|
|
|
* the name from the nvl here in case the filesystem
|
|
|
|
* is created between now and when we try to destroy
|
|
|
|
* the bookmark (in which case we don't want to
|
|
|
|
* destroy it since we haven't checked for permission).
|
|
|
|
*/
|
|
|
|
fnvlist_remove_nvpair(innvl, pair);
|
|
|
|
error = 0;
|
|
|
|
}
|
|
|
|
if (error != 0)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
/* ARGSUSED */
|
|
|
|
static int
|
|
|
|
zfs_secpolicy_log_history(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
* Even root must have a proper TSD so that we know what pool
|
|
|
|
* to log to.
|
|
|
|
*/
|
|
|
|
if (tsd_get(zfs_allow_log_key) == NULL)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EPERM));
|
2013-08-28 15:45:09 +04:00
|
|
|
return (0);
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2013-08-28 15:45:09 +04:00
|
|
|
zfs_secpolicy_create_clone(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
2016-06-16 00:28:36 +03:00
|
|
|
char parentname[ZFS_MAX_DATASET_NAME_LEN];
|
2010-05-29 00:45:14 +04:00
|
|
|
int error;
|
2013-08-28 15:45:09 +04:00
|
|
|
char *origin;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
if ((error = zfs_get_parent(zc->zc_name, parentname,
|
|
|
|
sizeof (parentname))) != 0)
|
|
|
|
return (error);
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
if (nvlist_lookup_string(innvl, "origin", &origin) == 0 &&
|
|
|
|
(error = zfs_secpolicy_write_perms(origin,
|
|
|
|
ZFS_DELEG_PERM_CLONE, cr)) != 0)
|
|
|
|
return (error);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
if ((error = zfs_secpolicy_write_perms(parentname,
|
|
|
|
ZFS_DELEG_PERM_CREATE, cr)) != 0)
|
|
|
|
return (error);
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
return (zfs_secpolicy_write_perms(parentname,
|
|
|
|
ZFS_DELEG_PERM_MOUNT, cr));
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Policy for pool operations - create/destroy pools, add vdevs, etc. Requires
|
|
|
|
* SYS_CONFIG privilege, which is not available in a local zone.
|
|
|
|
*/
|
|
|
|
/* ARGSUSED */
|
|
|
|
static int
|
2013-08-28 15:45:09 +04:00
|
|
|
zfs_secpolicy_config(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
|
|
|
if (secpolicy_sys_config(cr, B_FALSE) != 0)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EPERM));
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
2010-08-27 01:24:34 +04:00
|
|
|
/*
|
|
|
|
* Policy for object to name lookups.
|
|
|
|
*/
|
|
|
|
/* ARGSUSED */
|
|
|
|
static int
|
2013-08-28 15:45:09 +04:00
|
|
|
zfs_secpolicy_diff(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
|
2010-08-27 01:24:34 +04:00
|
|
|
{
|
|
|
|
int error;
|
|
|
|
|
|
|
|
if ((error = secpolicy_sys_config(cr, B_FALSE)) == 0)
|
|
|
|
return (0);
|
|
|
|
|
|
|
|
error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
/*
|
|
|
|
* Policy for fault injection. Requires all privileges.
|
|
|
|
*/
|
|
|
|
/* ARGSUSED */
|
|
|
|
static int
|
2013-08-28 15:45:09 +04:00
|
|
|
zfs_secpolicy_inject(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
|
|
|
return (secpolicy_zinject(cr));
|
|
|
|
}
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
/* ARGSUSED */
|
2008-11-20 23:01:55 +03:00
|
|
|
static int
|
2013-08-28 15:45:09 +04:00
|
|
|
zfs_secpolicy_inherit_prop(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
|
|
|
zfs_prop_t prop = zfs_name_to_prop(zc->zc_value);
|
|
|
|
|
|
|
|
if (prop == ZPROP_INVAL) {
|
|
|
|
if (!zfs_prop_user(zc->zc_value))
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EINVAL));
|
2008-11-20 23:01:55 +03:00
|
|
|
return (zfs_secpolicy_write_perms(zc->zc_name,
|
|
|
|
ZFS_DELEG_PERM_USERPROP, cr));
|
|
|
|
} else {
|
2010-05-29 00:45:14 +04:00
|
|
|
return (zfs_secpolicy_setprop(zc->zc_name, prop,
|
|
|
|
NULL, cr));
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2009-07-03 02:44:48 +04:00
|
|
|
static int
|
2013-08-28 15:45:09 +04:00
|
|
|
zfs_secpolicy_userspace_one(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
|
2009-07-03 02:44:48 +04:00
|
|
|
{
|
2013-08-28 15:45:09 +04:00
|
|
|
int err = zfs_secpolicy_read(zc, innvl, cr);
|
2009-07-03 02:44:48 +04:00
|
|
|
if (err)
|
|
|
|
return (err);
|
|
|
|
|
|
|
|
if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EINVAL));
|
2009-07-03 02:44:48 +04:00
|
|
|
|
|
|
|
if (zc->zc_value[0] == 0) {
|
|
|
|
/*
|
|
|
|
* They are asking about a posix uid/gid. If it's
|
|
|
|
* themself, allow it.
|
|
|
|
*/
|
|
|
|
if (zc->zc_objset_type == ZFS_PROP_USERUSED ||
|
2016-10-04 21:46:10 +03:00
|
|
|
zc->zc_objset_type == ZFS_PROP_USERQUOTA ||
|
|
|
|
zc->zc_objset_type == ZFS_PROP_USEROBJUSED ||
|
|
|
|
zc->zc_objset_type == ZFS_PROP_USEROBJQUOTA) {
|
2009-07-03 02:44:48 +04:00
|
|
|
if (zc->zc_guid == crgetuid(cr))
|
|
|
|
return (0);
|
2018-02-14 01:54:54 +03:00
|
|
|
} else if (zc->zc_objset_type == ZFS_PROP_GROUPUSED ||
|
|
|
|
zc->zc_objset_type == ZFS_PROP_GROUPQUOTA ||
|
|
|
|
zc->zc_objset_type == ZFS_PROP_GROUPOBJUSED ||
|
|
|
|
zc->zc_objset_type == ZFS_PROP_GROUPOBJQUOTA) {
|
2009-07-03 02:44:48 +04:00
|
|
|
if (groupmember(zc->zc_guid, cr))
|
|
|
|
return (0);
|
|
|
|
}
|
2018-02-14 01:54:54 +03:00
|
|
|
/* else is for project quota/used */
|
2009-07-03 02:44:48 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
return (zfs_secpolicy_write_perms(zc->zc_name,
|
|
|
|
userquota_perms[zc->zc_objset_type], cr));
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2013-08-28 15:45:09 +04:00
|
|
|
zfs_secpolicy_userspace_many(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
|
2009-07-03 02:44:48 +04:00
|
|
|
{
|
2013-08-28 15:45:09 +04:00
|
|
|
int err = zfs_secpolicy_read(zc, innvl, cr);
|
2009-07-03 02:44:48 +04:00
|
|
|
if (err)
|
|
|
|
return (err);
|
|
|
|
|
|
|
|
if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EINVAL));
|
2009-07-03 02:44:48 +04:00
|
|
|
|
|
|
|
return (zfs_secpolicy_write_perms(zc->zc_name,
|
|
|
|
userquota_perms[zc->zc_objset_type], cr));
|
|
|
|
}
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
/* ARGSUSED */
|
2009-07-03 02:44:48 +04:00
|
|
|
static int
|
2013-08-28 15:45:09 +04:00
|
|
|
zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
|
2009-07-03 02:44:48 +04:00
|
|
|
{
|
2010-05-29 00:45:14 +04:00
|
|
|
return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION,
|
|
|
|
NULL, cr));
|
2009-07-03 02:44:48 +04:00
|
|
|
}
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
/* ARGSUSED */
|
2009-08-18 22:43:27 +04:00
|
|
|
static int
|
2013-08-28 15:45:09 +04:00
|
|
|
zfs_secpolicy_hold(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
|
2009-08-18 22:43:27 +04:00
|
|
|
{
|
2013-09-04 16:00:57 +04:00
|
|
|
nvpair_t *pair;
|
|
|
|
nvlist_t *holds;
|
|
|
|
int error;
|
|
|
|
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
holds = fnvlist_lookup_nvlist(innvl, "holds");
|
2013-09-04 16:00:57 +04:00
|
|
|
|
|
|
|
for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL;
|
|
|
|
pair = nvlist_next_nvpair(holds, pair)) {
|
2016-06-16 00:28:36 +03:00
|
|
|
char fsname[ZFS_MAX_DATASET_NAME_LEN];
|
2013-09-04 16:00:57 +04:00
|
|
|
error = dmu_fsname(nvpair_name(pair), fsname);
|
|
|
|
if (error != 0)
|
|
|
|
return (error);
|
|
|
|
error = zfs_secpolicy_write_perms(fsname,
|
|
|
|
ZFS_DELEG_PERM_HOLD, cr);
|
|
|
|
if (error != 0)
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
return (0);
|
2009-08-18 22:43:27 +04:00
|
|
|
}
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
/* ARGSUSED */
|
2009-08-18 22:43:27 +04:00
|
|
|
static int
|
2013-08-28 15:45:09 +04:00
|
|
|
zfs_secpolicy_release(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
|
2009-08-18 22:43:27 +04:00
|
|
|
{
|
2013-09-04 16:00:57 +04:00
|
|
|
nvpair_t *pair;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL;
|
|
|
|
pair = nvlist_next_nvpair(innvl, pair)) {
|
2016-06-16 00:28:36 +03:00
|
|
|
char fsname[ZFS_MAX_DATASET_NAME_LEN];
|
2013-09-04 16:00:57 +04:00
|
|
|
error = dmu_fsname(nvpair_name(pair), fsname);
|
|
|
|
if (error != 0)
|
|
|
|
return (error);
|
|
|
|
error = zfs_secpolicy_write_perms(fsname,
|
|
|
|
ZFS_DELEG_PERM_RELEASE, cr);
|
|
|
|
if (error != 0)
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
return (0);
|
2009-08-18 22:43:27 +04:00
|
|
|
}
|
|
|
|
|
2010-08-27 01:24:34 +04:00
|
|
|
/*
|
|
|
|
* Policy for allowing temporary snapshots to be taken or released
|
|
|
|
*/
|
|
|
|
static int
|
2013-08-28 15:45:09 +04:00
|
|
|
zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
|
2010-08-27 01:24:34 +04:00
|
|
|
{
|
|
|
|
/*
|
|
|
|
* A temporary snapshot is the same as a snapshot,
|
|
|
|
* hold, destroy and release all rolled into one.
|
|
|
|
* Delegated diff alone is sufficient that we allow this.
|
|
|
|
*/
|
|
|
|
int error;
|
|
|
|
|
|
|
|
if ((error = zfs_secpolicy_write_perms(zc->zc_name,
|
|
|
|
ZFS_DELEG_PERM_DIFF, cr)) == 0)
|
|
|
|
return (0);
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
error = zfs_secpolicy_snapshot_perms(zc->zc_name, cr);
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
|
|
|
|
if (innvl != NULL) {
|
|
|
|
if (error == 0)
|
|
|
|
error = zfs_secpolicy_hold(zc, innvl, cr);
|
|
|
|
if (error == 0)
|
|
|
|
error = zfs_secpolicy_release(zc, innvl, cr);
|
|
|
|
if (error == 0)
|
|
|
|
error = zfs_secpolicy_destroy(zc, innvl, cr);
|
|
|
|
}
|
2010-08-27 01:24:34 +04:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
static int
|
|
|
|
zfs_secpolicy_load_key(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
|
|
|
|
{
|
|
|
|
return (zfs_secpolicy_write_perms(zc->zc_name,
|
|
|
|
ZFS_DELEG_PERM_LOAD_KEY, cr));
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
zfs_secpolicy_change_key(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
|
|
|
|
{
|
|
|
|
return (zfs_secpolicy_write_perms(zc->zc_name,
|
|
|
|
ZFS_DELEG_PERM_CHANGE_KEY, cr));
|
|
|
|
}
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
/*
|
|
|
|
* Returns the nvlist as specified by the user in the zfs_cmd_t.
|
|
|
|
*/
|
|
|
|
static int
|
2009-07-03 02:44:48 +04:00
|
|
|
get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
|
|
|
char *packed;
|
|
|
|
int error;
|
|
|
|
nvlist_t *list = NULL;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Read in and unpack the user-supplied nvlist.
|
|
|
|
*/
|
|
|
|
if (size == 0)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EINVAL));
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2015-02-05 23:43:37 +03:00
|
|
|
packed = vmem_alloc(size, KM_SLEEP);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2009-07-03 02:44:48 +04:00
|
|
|
if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size,
|
|
|
|
iflag)) != 0) {
|
2015-02-05 23:43:37 +03:00
|
|
|
vmem_free(packed, size);
|
2015-07-03 19:20:17 +03:00
|
|
|
return (SET_ERROR(EFAULT));
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) {
|
2015-02-05 23:43:37 +03:00
|
|
|
vmem_free(packed, size);
|
2008-11-20 23:01:55 +03:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2015-02-05 23:43:37 +03:00
|
|
|
vmem_free(packed, size);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
*nvp = list;
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
/*
|
|
|
|
* Reduce the size of this nvlist until it can be serialized in 'max' bytes.
|
|
|
|
* Entries will be removed from the end of the nvlist, and one int32 entry
|
|
|
|
* named "N_MORE_ERRORS" will be added indicating how many entries were
|
|
|
|
* removed.
|
|
|
|
*/
|
2010-05-29 00:45:14 +04:00
|
|
|
static int
|
2013-08-28 15:45:09 +04:00
|
|
|
nvlist_smush(nvlist_t *errors, size_t max)
|
2010-05-29 00:45:14 +04:00
|
|
|
{
|
|
|
|
size_t size;
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
size = fnvlist_size(errors);
|
2010-05-29 00:45:14 +04:00
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
if (size > max) {
|
2010-05-29 00:45:14 +04:00
|
|
|
nvpair_t *more_errors;
|
|
|
|
int n = 0;
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
if (max < 1024)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(ENOMEM));
|
2010-05-29 00:45:14 +04:00
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, 0);
|
|
|
|
more_errors = nvlist_prev_nvpair(errors, NULL);
|
2010-05-29 00:45:14 +04:00
|
|
|
|
|
|
|
do {
|
2013-08-28 15:45:09 +04:00
|
|
|
nvpair_t *pair = nvlist_prev_nvpair(errors,
|
2010-05-29 00:45:14 +04:00
|
|
|
more_errors);
|
2013-08-28 15:45:09 +04:00
|
|
|
fnvlist_remove_nvpair(errors, pair);
|
2010-05-29 00:45:14 +04:00
|
|
|
n++;
|
2013-08-28 15:45:09 +04:00
|
|
|
size = fnvlist_size(errors);
|
|
|
|
} while (size > max);
|
2010-05-29 00:45:14 +04:00
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
fnvlist_remove_nvpair(errors, more_errors);
|
|
|
|
fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, n);
|
|
|
|
ASSERT3U(fnvlist_size(errors), <=, max);
|
2010-05-29 00:45:14 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
static int
|
|
|
|
put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl)
|
|
|
|
{
|
|
|
|
char *packed = NULL;
|
2010-05-29 00:45:14 +04:00
|
|
|
int error = 0;
|
2008-11-20 23:01:55 +03:00
|
|
|
size_t size;
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
size = fnvlist_size(nvl);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
if (size > zc->zc_nvlist_dst_size) {
|
2013-03-08 22:41:28 +04:00
|
|
|
error = SET_ERROR(ENOMEM);
|
2008-11-20 23:01:55 +03:00
|
|
|
} else {
|
2013-08-28 15:45:09 +04:00
|
|
|
packed = fnvlist_pack(nvl, &size);
|
2010-05-29 00:45:14 +04:00
|
|
|
if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst,
|
|
|
|
size, zc->zc_iflags) != 0)
|
2013-03-08 22:41:28 +04:00
|
|
|
error = SET_ERROR(EFAULT);
|
2013-08-28 15:45:09 +04:00
|
|
|
fnvlist_pack_free(packed, size);
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
zc->zc_nvlist_dst_size = size;
|
2013-08-28 15:45:09 +04:00
|
|
|
zc->zc_nvlist_dst_filled = B_TRUE;
|
2008-11-20 23:01:55 +03:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2018-02-08 19:16:23 +03:00
|
|
|
int
|
|
|
|
getzfsvfs_impl(objset_t *os, zfsvfs_t **zfvp)
|
2009-07-03 02:44:48 +04:00
|
|
|
{
|
2018-02-08 19:16:23 +03:00
|
|
|
int error = 0;
|
2010-05-29 00:45:14 +04:00
|
|
|
if (dmu_objset_type(os) != DMU_OST_ZFS) {
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EINVAL));
|
2010-05-29 00:45:14 +04:00
|
|
|
}
|
2009-07-03 02:44:48 +04:00
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
mutex_enter(&os->os_user_ptr_lock);
|
2017-03-08 03:21:37 +03:00
|
|
|
*zfvp = dmu_objset_get_user(os);
|
2016-07-09 02:59:54 +03:00
|
|
|
/* bump s_active only when non-zero to prevent umount race */
|
2017-03-08 03:21:37 +03:00
|
|
|
if (*zfvp == NULL || (*zfvp)->z_sb == NULL ||
|
|
|
|
!atomic_inc_not_zero(&((*zfvp)->z_sb->s_active))) {
|
2013-03-08 22:41:28 +04:00
|
|
|
error = SET_ERROR(ESRCH);
|
2009-07-03 02:44:48 +04:00
|
|
|
}
|
2010-05-29 00:45:14 +04:00
|
|
|
mutex_exit(&os->os_user_ptr_lock);
|
2018-02-08 19:16:23 +03:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2018-02-08 19:32:45 +03:00
|
|
|
int
|
2018-02-08 19:16:23 +03:00
|
|
|
getzfsvfs(const char *dsname, zfsvfs_t **zfvp)
|
|
|
|
{
|
|
|
|
objset_t *os;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
error = dmu_objset_hold(dsname, FTAG, &os);
|
|
|
|
if (error != 0)
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
error = getzfsvfs_impl(os, zfvp);
|
2010-05-29 00:45:14 +04:00
|
|
|
dmu_objset_rele(os, FTAG);
|
2009-07-03 02:44:48 +04:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2017-03-08 03:21:37 +03:00
|
|
|
* Find a zfsvfs_t for a mounted filesystem, or create our own, in which
|
2011-05-19 22:44:07 +04:00
|
|
|
* case its z_sb will be NULL, and it will be opened as the owner.
|
2012-12-14 03:24:15 +04:00
|
|
|
* If 'writer' is set, the z_teardown_lock will be held for RW_WRITER,
|
|
|
|
* which prevents all inode ops from running.
|
2009-07-03 02:44:48 +04:00
|
|
|
*/
|
|
|
|
static int
|
2017-03-09 01:56:19 +03:00
|
|
|
zfsvfs_hold(const char *name, void *tag, zfsvfs_t **zfvp, boolean_t writer)
|
2009-07-03 02:44:48 +04:00
|
|
|
{
|
|
|
|
int error = 0;
|
|
|
|
|
2017-03-09 01:56:19 +03:00
|
|
|
if (getzfsvfs(name, zfvp) != 0)
|
2018-02-21 03:27:31 +03:00
|
|
|
error = zfsvfs_create(name, B_FALSE, zfvp);
|
2009-07-03 02:44:48 +04:00
|
|
|
if (error == 0) {
|
2017-03-08 03:21:37 +03:00
|
|
|
rrm_enter(&(*zfvp)->z_teardown_lock, (writer) ? RW_WRITER :
|
2010-08-27 01:24:34 +04:00
|
|
|
RW_READER, tag);
|
2017-03-08 03:21:37 +03:00
|
|
|
if ((*zfvp)->z_unmounted) {
|
2009-07-03 02:44:48 +04:00
|
|
|
/*
|
|
|
|
* XXX we could probably try again, since the unmounting
|
|
|
|
* thread should be just about to disassociate the
|
2017-03-08 03:21:37 +03:00
|
|
|
* objset from the zfsvfs.
|
2009-07-03 02:44:48 +04:00
|
|
|
*/
|
2017-03-08 03:21:37 +03:00
|
|
|
rrm_exit(&(*zfvp)->z_teardown_lock, tag);
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EBUSY));
|
2009-07-03 02:44:48 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2017-03-09 01:56:19 +03:00
|
|
|
zfsvfs_rele(zfsvfs_t *zfsvfs, void *tag)
|
2009-07-03 02:44:48 +04:00
|
|
|
{
|
2017-03-08 03:21:37 +03:00
|
|
|
rrm_exit(&zfsvfs->z_teardown_lock, tag);
|
2009-07-03 02:44:48 +04:00
|
|
|
|
2017-03-08 03:21:37 +03:00
|
|
|
if (zfsvfs->z_sb) {
|
|
|
|
deactivate_super(zfsvfs->z_sb);
|
2009-07-03 02:44:48 +04:00
|
|
|
} else {
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
dmu_objset_disown(zfsvfs->z_os, B_TRUE, zfsvfs);
|
2017-03-09 01:56:19 +03:00
|
|
|
zfsvfs_free(zfsvfs);
|
2009-07-03 02:44:48 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
static int
|
|
|
|
zfs_ioc_pool_create(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
int error;
|
|
|
|
nvlist_t *config, *props = NULL;
|
2008-12-03 23:09:06 +03:00
|
|
|
nvlist_t *rootprops = NULL;
|
|
|
|
nvlist_t *zplprops = NULL;
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
dsl_crypto_params_t *dcp = NULL;
|
2018-05-08 07:11:59 +03:00
|
|
|
char *spa_name = zc->zc_name;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2010-08-26 20:52:42 +04:00
|
|
|
if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
|
|
|
|
zc->zc_iflags, &config)))
|
2008-11-20 23:01:55 +03:00
|
|
|
return (error);
|
|
|
|
|
|
|
|
if (zc->zc_nvlist_src_size != 0 && (error =
|
2009-07-03 02:44:48 +04:00
|
|
|
get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
|
|
|
|
zc->zc_iflags, &props))) {
|
2008-11-20 23:01:55 +03:00
|
|
|
nvlist_free(config);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2008-12-03 23:09:06 +03:00
|
|
|
if (props) {
|
|
|
|
nvlist_t *nvl = NULL;
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
nvlist_t *hidden_args = NULL;
|
2008-12-03 23:09:06 +03:00
|
|
|
uint64_t version = SPA_VERSION;
|
2018-05-08 07:11:59 +03:00
|
|
|
char *tname;
|
2008-12-03 23:09:06 +03:00
|
|
|
|
|
|
|
(void) nvlist_lookup_uint64(props,
|
|
|
|
zpool_prop_to_name(ZPOOL_PROP_VERSION), &version);
|
2012-12-14 03:24:15 +04:00
|
|
|
if (!SPA_VERSION_IS_SUPPORTED(version)) {
|
2013-03-08 22:41:28 +04:00
|
|
|
error = SET_ERROR(EINVAL);
|
2008-12-03 23:09:06 +03:00
|
|
|
goto pool_props_bad;
|
|
|
|
}
|
|
|
|
(void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl);
|
|
|
|
if (nvl) {
|
|
|
|
error = nvlist_dup(nvl, &rootprops, KM_SLEEP);
|
|
|
|
if (error != 0) {
|
|
|
|
nvlist_free(config);
|
|
|
|
nvlist_free(props);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
(void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS);
|
|
|
|
}
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
|
|
|
|
(void) nvlist_lookup_nvlist(props, ZPOOL_HIDDEN_ARGS,
|
|
|
|
&hidden_args);
|
|
|
|
error = dsl_crypto_params_create_nvlist(DCP_CMD_NONE,
|
|
|
|
rootprops, hidden_args, &dcp);
|
|
|
|
if (error != 0) {
|
|
|
|
nvlist_free(config);
|
|
|
|
nvlist_free(props);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
(void) nvlist_remove_all(props, ZPOOL_HIDDEN_ARGS);
|
|
|
|
|
2008-12-03 23:09:06 +03:00
|
|
|
VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
|
|
|
|
error = zfs_fill_zplprops_root(version, rootprops,
|
|
|
|
zplprops, NULL);
|
2013-09-04 16:00:57 +04:00
|
|
|
if (error != 0)
|
2008-12-03 23:09:06 +03:00
|
|
|
goto pool_props_bad;
|
2018-05-08 07:11:59 +03:00
|
|
|
|
|
|
|
if (nvlist_lookup_string(props,
|
|
|
|
zpool_prop_to_name(ZPOOL_PROP_TNAME), &tname) == 0)
|
|
|
|
spa_name = tname;
|
2008-12-03 23:09:06 +03:00
|
|
|
}
|
|
|
|
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
error = spa_create(zc->zc_name, config, props, zplprops, dcp);
|
2008-12-03 23:09:06 +03:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Set the remaining root properties
|
|
|
|
*/
|
2018-05-08 07:11:59 +03:00
|
|
|
if (!error && (error = zfs_set_prop_nvlist(spa_name,
|
2010-05-29 00:45:14 +04:00
|
|
|
ZPROP_SRC_LOCAL, rootprops, NULL)) != 0)
|
2018-05-08 07:11:59 +03:00
|
|
|
(void) spa_destroy(spa_name);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2008-12-03 23:09:06 +03:00
|
|
|
pool_props_bad:
|
|
|
|
nvlist_free(rootprops);
|
|
|
|
nvlist_free(zplprops);
|
2008-11-20 23:01:55 +03:00
|
|
|
nvlist_free(config);
|
2008-12-03 23:09:06 +03:00
|
|
|
nvlist_free(props);
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
dsl_crypto_params_free(dcp, !!error);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
zfs_ioc_pool_destroy(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
int error;
|
|
|
|
zfs_log_history(zc);
|
|
|
|
error = spa_destroy(zc->zc_name);
|
2014-03-22 13:07:14 +04:00
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
zfs_ioc_pool_import(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
nvlist_t *config, *props = NULL;
|
|
|
|
uint64_t guid;
|
2010-05-29 00:45:14 +04:00
|
|
|
int error;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
|
2009-07-03 02:44:48 +04:00
|
|
|
zc->zc_iflags, &config)) != 0)
|
2008-11-20 23:01:55 +03:00
|
|
|
return (error);
|
|
|
|
|
|
|
|
if (zc->zc_nvlist_src_size != 0 && (error =
|
2009-07-03 02:44:48 +04:00
|
|
|
get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
|
|
|
|
zc->zc_iflags, &props))) {
|
2008-11-20 23:01:55 +03:00
|
|
|
nvlist_free(config);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 ||
|
|
|
|
guid != zc->zc_guid)
|
2013-03-08 22:41:28 +04:00
|
|
|
error = SET_ERROR(EINVAL);
|
2008-11-20 23:01:55 +03:00
|
|
|
else
|
2010-08-27 01:24:34 +04:00
|
|
|
error = spa_import(zc->zc_name, config, props, zc->zc_cookie);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2010-08-27 01:24:34 +04:00
|
|
|
if (zc->zc_nvlist_dst != 0) {
|
|
|
|
int err;
|
|
|
|
|
|
|
|
if ((err = put_nvlist(zc, config)) != 0)
|
|
|
|
error = err;
|
|
|
|
}
|
2010-05-29 00:45:14 +04:00
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
nvlist_free(config);
|
2016-04-01 06:54:07 +03:00
|
|
|
nvlist_free(props);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
zfs_ioc_pool_export(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
int error;
|
2008-12-03 23:09:06 +03:00
|
|
|
boolean_t force = (boolean_t)zc->zc_cookie;
|
2009-01-16 00:59:39 +03:00
|
|
|
boolean_t hardforce = (boolean_t)zc->zc_guid;
|
2008-12-03 23:09:06 +03:00
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
zfs_log_history(zc);
|
2009-01-16 00:59:39 +03:00
|
|
|
error = spa_export(zc->zc_name, NULL, force, hardforce);
|
2014-03-22 13:07:14 +04:00
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
zfs_ioc_pool_configs(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
nvlist_t *configs;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EEXIST));
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
error = put_nvlist(zc, configs);
|
|
|
|
|
|
|
|
nvlist_free(configs);
|
|
|
|
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2012-12-14 03:24:15 +04:00
|
|
|
/*
|
|
|
|
* inputs:
|
|
|
|
* zc_name name of the pool
|
|
|
|
*
|
|
|
|
* outputs:
|
|
|
|
* zc_cookie real errno
|
|
|
|
* zc_nvlist_dst config nvlist
|
|
|
|
* zc_nvlist_dst_size size of config nvlist
|
|
|
|
*/
|
2008-11-20 23:01:55 +03:00
|
|
|
static int
|
|
|
|
zfs_ioc_pool_stats(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
nvlist_t *config;
|
|
|
|
int error;
|
|
|
|
int ret = 0;
|
|
|
|
|
|
|
|
error = spa_get_stats(zc->zc_name, &config, zc->zc_value,
|
|
|
|
sizeof (zc->zc_value));
|
|
|
|
|
|
|
|
if (config != NULL) {
|
|
|
|
ret = put_nvlist(zc, config);
|
|
|
|
nvlist_free(config);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* The config may be present even if 'error' is non-zero.
|
|
|
|
* In this case we return success, and preserve the real errno
|
|
|
|
* in 'zc_cookie'.
|
|
|
|
*/
|
|
|
|
zc->zc_cookie = error;
|
|
|
|
} else {
|
|
|
|
ret = error;
|
|
|
|
}
|
|
|
|
|
|
|
|
return (ret);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Try to import the given pool, returning pool stats as appropriate so that
|
|
|
|
* user land knows which devices are available and overall pool health.
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
zfs_ioc_pool_tryimport(zfs_cmd_t *zc)
|
|
|
|
{
|
Multi-modifier protection (MMP)
Add multihost=on|off pool property to control MMP. When enabled
a new thread writes uberblocks to the last slot in each label, at a
set frequency, to indicate to other hosts the pool is actively imported.
These uberblocks are the last synced uberblock with an updated
timestamp. Property defaults to off.
During tryimport, find the "best" uberblock (newest txg and timestamp)
repeatedly, checking for change in the found uberblock. Include the
results of the activity test in the config returned by tryimport.
These results are reported to user in "zpool import".
Allow the user to control the period between MMP writes, and the
duration of the activity test on import, via a new module parameter
zfs_multihost_interval. The period is specified in milliseconds. The
activity test duration is calculated from this value, and from the
mmp_delay in the "best" uberblock found initially.
Add a kstat interface to export statistics about Multiple Modifier
Protection (MMP) updates. Include the last synced txg number, the
timestamp, the delay since the last MMP update, the VDEV GUID, the VDEV
label that received the last MMP update, and the VDEV path. Abbreviated
output below.
$ cat /proc/spl/kstat/zfs/mypool/multihost
31 0 0x01 10 880 105092382393521 105144180101111
txg timestamp mmp_delay vdev_guid vdev_label vdev_path
20468 261337 250274925 68396651780 3 /dev/sda
20468 261339 252023374 6267402363293 1 /dev/sdc
20468 261340 252000858 6698080955233 1 /dev/sdx
20468 261341 251980635 783892869810 2 /dev/sdy
20468 261342 253385953 8923255792467 3 /dev/sdd
20468 261344 253336622 042125143176 0 /dev/sdab
20468 261345 253310522 1200778101278 2 /dev/sde
20468 261346 253286429 0950576198362 2 /dev/sdt
20468 261347 253261545 96209817917 3 /dev/sds
20468 261349 253238188 8555725937673 3 /dev/sdb
Add a new tunable zfs_multihost_history to specify the number of MMP
updates to store history for. By default it is set to zero meaning that
no MMP statistics are stored.
When using ztest to generate activity, for automated tests of the MMP
function, some test functions interfere with the test. For example, the
pool is exported to run zdb and then imported again. Add a new ztest
function, "-M", to alter ztest behavior to prevent this.
Add new tests to verify the new functionality. Tests provided by
Giuseppe Di Natale.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Giuseppe Di Natale <dinatale2@llnl.gov>
Reviewed-by: Ned Bass <bass6@llnl.gov>
Reviewed-by: Andreas Dilger <andreas.dilger@intel.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Olaf Faaland <faaland1@llnl.gov>
Closes #745
Closes #6279
2017-07-08 06:20:35 +03:00
|
|
|
nvlist_t *tryconfig, *config = NULL;
|
2008-11-20 23:01:55 +03:00
|
|
|
int error;
|
|
|
|
|
|
|
|
if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
|
2009-07-03 02:44:48 +04:00
|
|
|
zc->zc_iflags, &tryconfig)) != 0)
|
2008-11-20 23:01:55 +03:00
|
|
|
return (error);
|
|
|
|
|
|
|
|
config = spa_tryimport(tryconfig);
|
|
|
|
|
|
|
|
nvlist_free(tryconfig);
|
|
|
|
|
|
|
|
if (config == NULL)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EINVAL));
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
error = put_nvlist(zc, config);
|
|
|
|
nvlist_free(config);
|
|
|
|
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
/*
|
|
|
|
* inputs:
|
|
|
|
* zc_name name of the pool
|
|
|
|
* zc_cookie scan func (pool_scan_func_t)
|
2017-07-07 08:16:13 +03:00
|
|
|
* zc_flags scrub pause/resume flag (pool_scrub_cmd_t)
|
2010-05-29 00:45:14 +04:00
|
|
|
*/
|
2008-11-20 23:01:55 +03:00
|
|
|
static int
|
2010-05-29 00:45:14 +04:00
|
|
|
zfs_ioc_pool_scan(zfs_cmd_t *zc)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
|
|
|
spa_t *spa;
|
|
|
|
int error;
|
|
|
|
|
2017-07-07 08:16:13 +03:00
|
|
|
if (zc->zc_flags >= POOL_SCRUB_FLAGS_END)
|
|
|
|
return (SET_ERROR(EINVAL));
|
|
|
|
|
2018-04-04 03:31:30 +03:00
|
|
|
if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
|
|
|
|
return (error);
|
|
|
|
|
2017-07-07 08:16:13 +03:00
|
|
|
if (zc->zc_flags == POOL_SCRUB_PAUSE)
|
|
|
|
error = spa_scrub_pause_resume(spa, POOL_SCRUB_PAUSE);
|
|
|
|
else if (zc->zc_cookie == POOL_SCAN_NONE)
|
2010-05-29 00:45:14 +04:00
|
|
|
error = spa_scan_stop(spa);
|
|
|
|
else
|
|
|
|
error = spa_scan(spa, zc->zc_cookie);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
spa_close(spa, FTAG);
|
|
|
|
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
zfs_ioc_pool_freeze(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
spa_t *spa;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
error = spa_open(zc->zc_name, &spa, FTAG);
|
|
|
|
if (error == 0) {
|
|
|
|
spa_freeze(spa);
|
|
|
|
spa_close(spa, FTAG);
|
|
|
|
}
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
zfs_ioc_pool_upgrade(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
spa_t *spa;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
|
|
|
|
return (error);
|
|
|
|
|
2012-12-14 03:24:15 +04:00
|
|
|
if (zc->zc_cookie < spa_version(spa) ||
|
|
|
|
!SPA_VERSION_IS_SUPPORTED(zc->zc_cookie)) {
|
2008-11-20 23:01:55 +03:00
|
|
|
spa_close(spa, FTAG);
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EINVAL));
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
spa_upgrade(spa, zc->zc_cookie);
|
|
|
|
spa_close(spa, FTAG);
|
|
|
|
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
zfs_ioc_pool_get_history(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
spa_t *spa;
|
|
|
|
char *hist_buf;
|
|
|
|
uint64_t size;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
if ((size = zc->zc_history_len) == 0)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EINVAL));
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
|
|
|
|
spa_close(spa, FTAG);
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(ENOTSUP));
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
2011-05-06 20:59:52 +04:00
|
|
|
hist_buf = vmem_alloc(size, KM_SLEEP);
|
2008-11-20 23:01:55 +03:00
|
|
|
if ((error = spa_history_get(spa, &zc->zc_history_offset,
|
|
|
|
&zc->zc_history_len, hist_buf)) == 0) {
|
2009-07-03 02:44:48 +04:00
|
|
|
error = ddi_copyout(hist_buf,
|
|
|
|
(void *)(uintptr_t)zc->zc_history,
|
|
|
|
zc->zc_history_len, zc->zc_iflags);
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
spa_close(spa, FTAG);
|
2011-05-06 20:59:52 +04:00
|
|
|
vmem_free(hist_buf, size);
|
2008-11-20 23:01:55 +03:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2011-11-12 02:07:54 +04:00
|
|
|
static int
|
|
|
|
zfs_ioc_pool_reguid(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
spa_t *spa;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
error = spa_open(zc->zc_name, &spa, FTAG);
|
|
|
|
if (error == 0) {
|
|
|
|
error = spa_change_guid(spa);
|
|
|
|
spa_close(spa, FTAG);
|
|
|
|
}
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
static int
|
|
|
|
zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc)
|
|
|
|
{
|
2013-09-04 16:00:57 +04:00
|
|
|
return (dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value));
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
/*
|
|
|
|
* inputs:
|
|
|
|
* zc_name name of filesystem
|
|
|
|
* zc_obj object to find
|
|
|
|
*
|
|
|
|
* outputs:
|
|
|
|
* zc_value name of object
|
|
|
|
*/
|
2008-11-20 23:01:55 +03:00
|
|
|
static int
|
|
|
|
zfs_ioc_obj_to_path(zfs_cmd_t *zc)
|
|
|
|
{
|
2010-05-29 00:45:14 +04:00
|
|
|
objset_t *os;
|
2008-11-20 23:01:55 +03:00
|
|
|
int error;
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
/* XXX reading from objset not owned */
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
if ((error = dmu_objset_hold_flags(zc->zc_name, B_TRUE,
|
|
|
|
FTAG, &os)) != 0)
|
2008-11-20 23:01:55 +03:00
|
|
|
return (error);
|
2010-05-29 00:45:14 +04:00
|
|
|
if (dmu_objset_type(os) != DMU_OST_ZFS) {
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
dmu_objset_rele_flags(os, B_TRUE, FTAG);
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EINVAL));
|
2010-05-29 00:45:14 +04:00
|
|
|
}
|
|
|
|
error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value,
|
2008-11-20 23:01:55 +03:00
|
|
|
sizeof (zc->zc_value));
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
dmu_objset_rele_flags(os, B_TRUE, FTAG);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2010-08-27 01:24:34 +04:00
|
|
|
/*
|
|
|
|
* inputs:
|
|
|
|
* zc_name name of filesystem
|
|
|
|
* zc_obj object to find
|
|
|
|
*
|
|
|
|
* outputs:
|
|
|
|
* zc_stat stats on object
|
|
|
|
* zc_value path to object
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
zfs_ioc_obj_to_stats(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
objset_t *os;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
/* XXX reading from objset not owned */
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
if ((error = dmu_objset_hold_flags(zc->zc_name, B_TRUE,
|
|
|
|
FTAG, &os)) != 0)
|
2010-08-27 01:24:34 +04:00
|
|
|
return (error);
|
|
|
|
if (dmu_objset_type(os) != DMU_OST_ZFS) {
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
dmu_objset_rele_flags(os, B_TRUE, FTAG);
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EINVAL));
|
2010-08-27 01:24:34 +04:00
|
|
|
}
|
|
|
|
error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value,
|
|
|
|
sizeof (zc->zc_value));
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
dmu_objset_rele_flags(os, B_TRUE, FTAG);
|
2010-08-27 01:24:34 +04:00
|
|
|
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
static int
|
|
|
|
zfs_ioc_vdev_add(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
spa_t *spa;
|
|
|
|
int error;
|
2013-11-15 02:22:52 +04:00
|
|
|
nvlist_t *config;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
error = spa_open(zc->zc_name, &spa, FTAG);
|
|
|
|
if (error != 0)
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
|
2009-07-03 02:44:48 +04:00
|
|
|
zc->zc_iflags, &config);
|
2008-11-20 23:01:55 +03:00
|
|
|
if (error == 0) {
|
|
|
|
error = spa_vdev_add(spa, config);
|
|
|
|
nvlist_free(config);
|
|
|
|
}
|
|
|
|
spa_close(spa, FTAG);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
/*
|
|
|
|
* inputs:
|
|
|
|
* zc_name name of the pool
|
OpenZFS 7614, 9064 - zfs device evacuation/removal
OpenZFS 7614 - zfs device evacuation/removal
OpenZFS 9064 - remove_mirror should wait for device removal to complete
This project allows top-level vdevs to be removed from the storage pool
with "zpool remove", reducing the total amount of storage in the pool.
This operation copies all allocated regions of the device to be removed
onto other devices, recording the mapping from old to new location.
After the removal is complete, read and free operations to the removed
(now "indirect") vdev must be remapped and performed at the new location
on disk. The indirect mapping table is kept in memory whenever the pool
is loaded, so there is minimal performance overhead when doing operations
on the indirect vdev.
The size of the in-memory mapping table will be reduced when its entries
become "obsolete" because they are no longer used by any block pointers
in the pool. An entry becomes obsolete when all the blocks that use
it are freed. An entry can also become obsolete when all the snapshots
that reference it are deleted, and the block pointers that reference it
have been "remapped" in all filesystems/zvols (and clones). Whenever an
indirect block is written, all the block pointers in it will be "remapped"
to their new (concrete) locations if possible. This process can be
accelerated by using the "zfs remap" command to proactively rewrite all
indirect blocks that reference indirect (removed) vdevs.
Note that when a device is removed, we do not verify the checksum of
the data that is copied. This makes the process much faster, but if it
were used on redundant vdevs (i.e. mirror or raidz vdevs), it would be
possible to copy the wrong data, when we have the correct data on e.g.
the other side of the mirror.
At the moment, only mirrors and simple top-level vdevs can be removed
and no removal is allowed if any of the top-level vdevs are raidz.
Porting Notes:
* Avoid zero-sized kmem_alloc() in vdev_compact_children().
The device evacuation code adds a dependency that
vdev_compact_children() be able to properly empty the vdev_child
array by setting it to NULL and zeroing vdev_children. Under Linux,
kmem_alloc() and related functions return a sentinel pointer rather
than NULL for zero-sized allocations.
* Remove comment regarding "mpt" driver where zfs_remove_max_segment
is initialized to SPA_MAXBLOCKSIZE.
Change zfs_condense_indirect_commit_entry_delay_ticks to
zfs_condense_indirect_commit_entry_delay_ms for consistency with
most other tunables in which delays are specified in ms.
* ZTS changes:
Use set_tunable rather than mdb
Use zpool sync as appropriate
Use sync_pool instead of sync
Kill jobs during test_removal_with_operation to allow unmount/export
Don't add non-disk names such as "mirror" or "raidz" to $DISKS
Use $TEST_BASE_DIR instead of /tmp
Increase HZ from 100 to 1000 which is more common on Linux
removal_multiple_indirection.ksh
Reduce iterations in order to not time out on the code
coverage builders.
removal_resume_export:
Functionally, the test case is correct but there exists a race
where the kernel thread hasn't been fully started yet and is
not visible. Wait for up to 1 second for the removal thread
to be started before giving up on it. Also, increase the
amount of data copied in order that the removal not finish
before the export has a chance to fail.
* MMP compatibility, the concept of concrete versus non-concrete devices
has slightly changed the semantics of vdev_writeable(). Update
mmp_random_leaf_impl() accordingly.
* Updated dbuf_remap() to handle the org.zfsonlinux:large_dnode pool
feature which is not supported by OpenZFS.
* Added support for new vdev removal tracepoints.
* Test cases removal_with_zdb and removal_condense_export have been
intentionally disabled. When run manually they pass as intended,
but when running in the automated test environment they produce
unreliable results on the latest Fedora release.
They may work better once the upstream pool import refectoring is
merged into ZoL at which point they will be re-enabled.
Authored by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Alex Reece <alex@delphix.com>
Reviewed-by: George Wilson <george.wilson@delphix.com>
Reviewed-by: John Kennedy <john.kennedy@delphix.com>
Reviewed-by: Prakash Surya <prakash.surya@delphix.com>
Reviewed by: Richard Laager <rlaager@wiktel.com>
Reviewed by: Tim Chase <tim@chase2k.com>
Reviewed by: Brian Behlendorf <behlendorf1@llnl.gov>
Approved by: Garrett D'Amore <garrett@damore.org>
Ported-by: Tim Chase <tim@chase2k.com>
Signed-off-by: Tim Chase <tim@chase2k.com>
OpenZFS-issue: https://www.illumos.org/issues/7614
OpenZFS-commit: https://github.com/openzfs/openzfs/commit/f539f1eb
Closes #6900
2016-09-22 19:30:13 +03:00
|
|
|
* zc_guid guid of vdev to remove
|
|
|
|
* zc_cookie cancel removal
|
2010-05-29 00:45:14 +04:00
|
|
|
*/
|
2008-11-20 23:01:55 +03:00
|
|
|
static int
|
|
|
|
zfs_ioc_vdev_remove(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
spa_t *spa;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
error = spa_open(zc->zc_name, &spa, FTAG);
|
|
|
|
if (error != 0)
|
|
|
|
return (error);
|
OpenZFS 7614, 9064 - zfs device evacuation/removal
OpenZFS 7614 - zfs device evacuation/removal
OpenZFS 9064 - remove_mirror should wait for device removal to complete
This project allows top-level vdevs to be removed from the storage pool
with "zpool remove", reducing the total amount of storage in the pool.
This operation copies all allocated regions of the device to be removed
onto other devices, recording the mapping from old to new location.
After the removal is complete, read and free operations to the removed
(now "indirect") vdev must be remapped and performed at the new location
on disk. The indirect mapping table is kept in memory whenever the pool
is loaded, so there is minimal performance overhead when doing operations
on the indirect vdev.
The size of the in-memory mapping table will be reduced when its entries
become "obsolete" because they are no longer used by any block pointers
in the pool. An entry becomes obsolete when all the blocks that use
it are freed. An entry can also become obsolete when all the snapshots
that reference it are deleted, and the block pointers that reference it
have been "remapped" in all filesystems/zvols (and clones). Whenever an
indirect block is written, all the block pointers in it will be "remapped"
to their new (concrete) locations if possible. This process can be
accelerated by using the "zfs remap" command to proactively rewrite all
indirect blocks that reference indirect (removed) vdevs.
Note that when a device is removed, we do not verify the checksum of
the data that is copied. This makes the process much faster, but if it
were used on redundant vdevs (i.e. mirror or raidz vdevs), it would be
possible to copy the wrong data, when we have the correct data on e.g.
the other side of the mirror.
At the moment, only mirrors and simple top-level vdevs can be removed
and no removal is allowed if any of the top-level vdevs are raidz.
Porting Notes:
* Avoid zero-sized kmem_alloc() in vdev_compact_children().
The device evacuation code adds a dependency that
vdev_compact_children() be able to properly empty the vdev_child
array by setting it to NULL and zeroing vdev_children. Under Linux,
kmem_alloc() and related functions return a sentinel pointer rather
than NULL for zero-sized allocations.
* Remove comment regarding "mpt" driver where zfs_remove_max_segment
is initialized to SPA_MAXBLOCKSIZE.
Change zfs_condense_indirect_commit_entry_delay_ticks to
zfs_condense_indirect_commit_entry_delay_ms for consistency with
most other tunables in which delays are specified in ms.
* ZTS changes:
Use set_tunable rather than mdb
Use zpool sync as appropriate
Use sync_pool instead of sync
Kill jobs during test_removal_with_operation to allow unmount/export
Don't add non-disk names such as "mirror" or "raidz" to $DISKS
Use $TEST_BASE_DIR instead of /tmp
Increase HZ from 100 to 1000 which is more common on Linux
removal_multiple_indirection.ksh
Reduce iterations in order to not time out on the code
coverage builders.
removal_resume_export:
Functionally, the test case is correct but there exists a race
where the kernel thread hasn't been fully started yet and is
not visible. Wait for up to 1 second for the removal thread
to be started before giving up on it. Also, increase the
amount of data copied in order that the removal not finish
before the export has a chance to fail.
* MMP compatibility, the concept of concrete versus non-concrete devices
has slightly changed the semantics of vdev_writeable(). Update
mmp_random_leaf_impl() accordingly.
* Updated dbuf_remap() to handle the org.zfsonlinux:large_dnode pool
feature which is not supported by OpenZFS.
* Added support for new vdev removal tracepoints.
* Test cases removal_with_zdb and removal_condense_export have been
intentionally disabled. When run manually they pass as intended,
but when running in the automated test environment they produce
unreliable results on the latest Fedora release.
They may work better once the upstream pool import refectoring is
merged into ZoL at which point they will be re-enabled.
Authored by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Alex Reece <alex@delphix.com>
Reviewed-by: George Wilson <george.wilson@delphix.com>
Reviewed-by: John Kennedy <john.kennedy@delphix.com>
Reviewed-by: Prakash Surya <prakash.surya@delphix.com>
Reviewed by: Richard Laager <rlaager@wiktel.com>
Reviewed by: Tim Chase <tim@chase2k.com>
Reviewed by: Brian Behlendorf <behlendorf1@llnl.gov>
Approved by: Garrett D'Amore <garrett@damore.org>
Ported-by: Tim Chase <tim@chase2k.com>
Signed-off-by: Tim Chase <tim@chase2k.com>
OpenZFS-issue: https://www.illumos.org/issues/7614
OpenZFS-commit: https://github.com/openzfs/openzfs/commit/f539f1eb
Closes #6900
2016-09-22 19:30:13 +03:00
|
|
|
if (zc->zc_cookie != 0) {
|
|
|
|
error = spa_vdev_remove_cancel(spa);
|
|
|
|
} else {
|
|
|
|
error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE);
|
|
|
|
}
|
2008-11-20 23:01:55 +03:00
|
|
|
spa_close(spa, FTAG);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
zfs_ioc_vdev_set_state(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
spa_t *spa;
|
|
|
|
int error;
|
|
|
|
vdev_state_t newstate = VDEV_STATE_UNKNOWN;
|
|
|
|
|
|
|
|
if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
|
|
|
|
return (error);
|
|
|
|
switch (zc->zc_cookie) {
|
|
|
|
case VDEV_STATE_ONLINE:
|
|
|
|
error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case VDEV_STATE_OFFLINE:
|
|
|
|
error = vdev_offline(spa, zc->zc_guid, zc->zc_obj);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case VDEV_STATE_FAULTED:
|
2010-05-29 00:45:14 +04:00
|
|
|
if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
|
2017-05-19 22:30:16 +03:00
|
|
|
zc->zc_obj != VDEV_AUX_EXTERNAL &&
|
|
|
|
zc->zc_obj != VDEV_AUX_EXTERNAL_PERSIST)
|
2010-05-29 00:45:14 +04:00
|
|
|
zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
|
|
|
|
|
|
|
|
error = vdev_fault(spa, zc->zc_guid, zc->zc_obj);
|
2008-11-20 23:01:55 +03:00
|
|
|
break;
|
|
|
|
|
|
|
|
case VDEV_STATE_DEGRADED:
|
2010-05-29 00:45:14 +04:00
|
|
|
if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
|
|
|
|
zc->zc_obj != VDEV_AUX_EXTERNAL)
|
|
|
|
zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
|
|
|
|
|
|
|
|
error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj);
|
2008-11-20 23:01:55 +03:00
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
2013-03-08 22:41:28 +04:00
|
|
|
error = SET_ERROR(EINVAL);
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
zc->zc_cookie = newstate;
|
|
|
|
spa_close(spa, FTAG);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
zfs_ioc_vdev_attach(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
spa_t *spa;
|
|
|
|
int replacing = zc->zc_cookie;
|
|
|
|
nvlist_t *config;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
|
2009-07-03 02:44:48 +04:00
|
|
|
zc->zc_iflags, &config)) == 0) {
|
2008-11-20 23:01:55 +03:00
|
|
|
error = spa_vdev_attach(spa, zc->zc_guid, config, replacing);
|
|
|
|
nvlist_free(config);
|
|
|
|
}
|
|
|
|
|
|
|
|
spa_close(spa, FTAG);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
zfs_ioc_vdev_detach(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
spa_t *spa;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
|
|
|
|
return (error);
|
|
|
|
|
2009-01-16 00:59:39 +03:00
|
|
|
error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
spa_close(spa, FTAG);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
static int
|
|
|
|
zfs_ioc_vdev_split(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
spa_t *spa;
|
|
|
|
nvlist_t *config, *props = NULL;
|
|
|
|
int error;
|
|
|
|
boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT);
|
|
|
|
|
|
|
|
if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
|
|
|
|
return (error);
|
|
|
|
|
2010-08-26 20:52:42 +04:00
|
|
|
if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
|
|
|
|
zc->zc_iflags, &config))) {
|
2010-05-29 00:45:14 +04:00
|
|
|
spa_close(spa, FTAG);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (zc->zc_nvlist_src_size != 0 && (error =
|
|
|
|
get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
|
|
|
|
zc->zc_iflags, &props))) {
|
|
|
|
spa_close(spa, FTAG);
|
|
|
|
nvlist_free(config);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp);
|
|
|
|
|
|
|
|
spa_close(spa, FTAG);
|
|
|
|
|
|
|
|
nvlist_free(config);
|
|
|
|
nvlist_free(props);
|
|
|
|
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
static int
|
|
|
|
zfs_ioc_vdev_setpath(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
spa_t *spa;
|
|
|
|
char *path = zc->zc_value;
|
|
|
|
uint64_t guid = zc->zc_guid;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
error = spa_open(zc->zc_name, &spa, FTAG);
|
|
|
|
if (error != 0)
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
error = spa_vdev_setpath(spa, guid, path);
|
|
|
|
spa_close(spa, FTAG);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2009-07-03 02:44:48 +04:00
|
|
|
static int
|
|
|
|
zfs_ioc_vdev_setfru(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
spa_t *spa;
|
|
|
|
char *fru = zc->zc_value;
|
|
|
|
uint64_t guid = zc->zc_guid;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
error = spa_open(zc->zc_name, &spa, FTAG);
|
|
|
|
if (error != 0)
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
error = spa_vdev_setfru(spa, guid, fru);
|
|
|
|
spa_close(spa, FTAG);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
static int
|
2010-08-27 01:24:34 +04:00
|
|
|
zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
2010-08-27 01:24:34 +04:00
|
|
|
int error = 0;
|
2008-11-20 23:01:55 +03:00
|
|
|
nvlist_t *nv;
|
|
|
|
|
|
|
|
dmu_objset_fast_stat(os, &zc->zc_objset_stats);
|
|
|
|
|
|
|
|
if (zc->zc_nvlist_dst != 0 &&
|
2010-05-29 00:45:14 +04:00
|
|
|
(error = dsl_prop_get_all(os, &nv)) == 0) {
|
2008-11-20 23:01:55 +03:00
|
|
|
dmu_objset_stats(os, nv);
|
|
|
|
/*
|
|
|
|
* NB: zvol_get_stats() will read the objset contents,
|
|
|
|
* which we aren't supposed to do with a
|
2008-12-03 23:09:06 +03:00
|
|
|
* DS_MODE_USER hold, because it could be
|
2008-11-20 23:01:55 +03:00
|
|
|
* inconsistent. So this is a bit of a workaround...
|
2010-05-29 00:45:14 +04:00
|
|
|
* XXX reading with out owning
|
2008-11-20 23:01:55 +03:00
|
|
|
*/
|
2011-11-17 22:14:36 +04:00
|
|
|
if (!zc->zc_objset_stats.dds_inconsistent &&
|
|
|
|
dmu_objset_type(os) == DMU_OST_ZVOL) {
|
|
|
|
error = zvol_get_stats(os, nv);
|
2016-11-02 22:34:10 +03:00
|
|
|
if (error == EIO) {
|
|
|
|
nvlist_free(nv);
|
2011-11-17 22:14:36 +04:00
|
|
|
return (error);
|
2016-11-02 22:34:10 +03:00
|
|
|
}
|
2013-05-11 01:17:03 +04:00
|
|
|
VERIFY0(error);
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
2010-08-26 21:34:33 +04:00
|
|
|
if (error == 0)
|
|
|
|
error = put_nvlist(zc, nv);
|
2008-11-20 23:01:55 +03:00
|
|
|
nvlist_free(nv);
|
|
|
|
}
|
|
|
|
|
2010-08-27 01:24:34 +04:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* inputs:
|
|
|
|
* zc_name name of filesystem
|
|
|
|
* zc_nvlist_dst_size size of buffer for property nvlist
|
|
|
|
*
|
|
|
|
* outputs:
|
|
|
|
* zc_objset_stats stats
|
|
|
|
* zc_nvlist_dst property nvlist
|
|
|
|
* zc_nvlist_dst_size size of property nvlist
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
zfs_ioc_objset_stats(zfs_cmd_t *zc)
|
|
|
|
{
|
2013-09-04 16:00:57 +04:00
|
|
|
objset_t *os;
|
2010-08-27 01:24:34 +04:00
|
|
|
int error;
|
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
error = dmu_objset_hold(zc->zc_name, FTAG, &os);
|
|
|
|
if (error == 0) {
|
|
|
|
error = zfs_ioc_objset_stats_impl(zc, os);
|
|
|
|
dmu_objset_rele(os, FTAG);
|
|
|
|
}
|
2010-08-27 01:24:34 +04:00
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* inputs:
|
|
|
|
* zc_name name of filesystem
|
|
|
|
* zc_nvlist_dst_size size of buffer for property nvlist
|
|
|
|
*
|
|
|
|
* outputs:
|
|
|
|
* zc_nvlist_dst received property nvlist
|
|
|
|
* zc_nvlist_dst_size size of received property nvlist
|
|
|
|
*
|
|
|
|
* Gets received properties (distinct from local properties on or after
|
|
|
|
* SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from
|
|
|
|
* local property values.
|
|
|
|
*/
|
|
|
|
static int
|
2010-08-26 22:42:43 +04:00
|
|
|
zfs_ioc_objset_recvd_props(zfs_cmd_t *zc)
|
2010-05-29 00:45:14 +04:00
|
|
|
{
|
2013-09-04 16:00:57 +04:00
|
|
|
int error = 0;
|
2010-05-29 00:45:14 +04:00
|
|
|
nvlist_t *nv;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Without this check, we would return local property values if the
|
|
|
|
* caller has not already received properties on or after
|
|
|
|
* SPA_VERSION_RECVD_PROPS.
|
|
|
|
*/
|
2013-09-04 16:00:57 +04:00
|
|
|
if (!dsl_prop_get_hasrecvd(zc->zc_name))
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(ENOTSUP));
|
2010-05-29 00:45:14 +04:00
|
|
|
|
|
|
|
if (zc->zc_nvlist_dst != 0 &&
|
2013-09-04 16:00:57 +04:00
|
|
|
(error = dsl_prop_get_received(zc->zc_name, &nv)) == 0) {
|
2010-05-29 00:45:14 +04:00
|
|
|
error = put_nvlist(zc, nv);
|
|
|
|
nvlist_free(nv);
|
|
|
|
}
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop)
|
|
|
|
{
|
|
|
|
uint64_t value;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* zfs_get_zplprop() will either find a value or give us
|
|
|
|
* the default value (if there is one).
|
|
|
|
*/
|
|
|
|
if ((error = zfs_get_zplprop(os, prop, &value)) != 0)
|
|
|
|
return (error);
|
|
|
|
VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0);
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* inputs:
|
|
|
|
* zc_name name of filesystem
|
|
|
|
* zc_nvlist_dst_size size of buffer for zpl property nvlist
|
|
|
|
*
|
|
|
|
* outputs:
|
|
|
|
* zc_nvlist_dst zpl property nvlist
|
|
|
|
* zc_nvlist_dst_size size of zpl property nvlist
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
zfs_ioc_objset_zplprops(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
objset_t *os;
|
|
|
|
int err;
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
/* XXX reading without owning */
|
2010-08-26 20:52:42 +04:00
|
|
|
if ((err = dmu_objset_hold(zc->zc_name, FTAG, &os)))
|
2008-11-20 23:01:55 +03:00
|
|
|
return (err);
|
|
|
|
|
|
|
|
dmu_objset_fast_stat(os, &zc->zc_objset_stats);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* NB: nvl_add_zplprop() will read the objset contents,
|
2008-12-03 23:09:06 +03:00
|
|
|
* which we aren't supposed to do with a DS_MODE_USER
|
|
|
|
* hold, because it could be inconsistent.
|
2008-11-20 23:01:55 +03:00
|
|
|
*/
|
2010-08-26 20:52:39 +04:00
|
|
|
if (zc->zc_nvlist_dst != 0 &&
|
2008-11-20 23:01:55 +03:00
|
|
|
!zc->zc_objset_stats.dds_inconsistent &&
|
|
|
|
dmu_objset_type(os) == DMU_OST_ZFS) {
|
|
|
|
nvlist_t *nv;
|
|
|
|
|
|
|
|
VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0);
|
|
|
|
if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 &&
|
|
|
|
(err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 &&
|
|
|
|
(err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 &&
|
|
|
|
(err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0)
|
|
|
|
err = put_nvlist(zc, nv);
|
|
|
|
nvlist_free(nv);
|
|
|
|
} else {
|
2013-03-08 22:41:28 +04:00
|
|
|
err = SET_ERROR(ENOENT);
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
2010-05-29 00:45:14 +04:00
|
|
|
dmu_objset_rele(os, FTAG);
|
2008-11-20 23:01:55 +03:00
|
|
|
return (err);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* inputs:
|
|
|
|
* zc_name name of filesystem
|
|
|
|
* zc_cookie zap cursor
|
|
|
|
* zc_nvlist_dst_size size of buffer for property nvlist
|
|
|
|
*
|
|
|
|
* outputs:
|
|
|
|
* zc_name name of next filesystem
|
2009-07-03 02:44:48 +04:00
|
|
|
* zc_cookie zap cursor
|
2008-11-20 23:01:55 +03:00
|
|
|
* zc_objset_stats stats
|
|
|
|
* zc_nvlist_dst property nvlist
|
|
|
|
* zc_nvlist_dst_size size of property nvlist
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
zfs_ioc_dataset_list_next(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
objset_t *os;
|
|
|
|
int error;
|
|
|
|
char *p;
|
2010-05-29 00:45:14 +04:00
|
|
|
size_t orig_len = strlen(zc->zc_name);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
top:
|
2010-08-26 20:52:42 +04:00
|
|
|
if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os))) {
|
2008-11-20 23:01:55 +03:00
|
|
|
if (error == ENOENT)
|
2013-03-08 22:41:28 +04:00
|
|
|
error = SET_ERROR(ESRCH);
|
2008-11-20 23:01:55 +03:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
p = strrchr(zc->zc_name, '/');
|
|
|
|
if (p == NULL || p[1] != '\0')
|
|
|
|
(void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name));
|
|
|
|
p = zc->zc_name + strlen(zc->zc_name);
|
|
|
|
|
|
|
|
do {
|
|
|
|
error = dmu_dir_list_next(os,
|
|
|
|
sizeof (zc->zc_name) - (p - zc->zc_name), p,
|
|
|
|
NULL, &zc->zc_cookie);
|
|
|
|
if (error == ENOENT)
|
2013-03-08 22:41:28 +04:00
|
|
|
error = SET_ERROR(ESRCH);
|
2018-07-10 20:49:50 +03:00
|
|
|
} while (error == 0 && zfs_dataset_name_hidden(zc->zc_name));
|
2010-05-29 00:45:14 +04:00
|
|
|
dmu_objset_rele(os, FTAG);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
/*
|
|
|
|
* If it's an internal dataset (ie. with a '$' in its name),
|
|
|
|
* don't try to get stats for it, otherwise we'll return ENOENT.
|
|
|
|
*/
|
|
|
|
if (error == 0 && strchr(zc->zc_name, '$') == NULL) {
|
2008-11-20 23:01:55 +03:00
|
|
|
error = zfs_ioc_objset_stats(zc); /* fill in the stats */
|
2010-05-29 00:45:14 +04:00
|
|
|
if (error == ENOENT) {
|
|
|
|
/* We lost a race with destroy, get the next one. */
|
|
|
|
zc->zc_name[orig_len] = '\0';
|
|
|
|
goto top;
|
|
|
|
}
|
|
|
|
}
|
2008-11-20 23:01:55 +03:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* inputs:
|
|
|
|
* zc_name name of filesystem
|
|
|
|
* zc_cookie zap cursor
|
|
|
|
* zc_nvlist_dst_size size of buffer for property nvlist
|
|
|
|
*
|
|
|
|
* outputs:
|
|
|
|
* zc_name name of next snapshot
|
|
|
|
* zc_objset_stats stats
|
|
|
|
* zc_nvlist_dst property nvlist
|
|
|
|
* zc_nvlist_dst_size size of property nvlist
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
zfs_ioc_snapshot_list_next(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
objset_t *os;
|
|
|
|
int error;
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
error = dmu_objset_hold(zc->zc_name, FTAG, &os);
|
2013-09-04 16:00:57 +04:00
|
|
|
if (error != 0) {
|
2008-12-03 23:09:06 +03:00
|
|
|
return (error == ENOENT ? ESRCH : error);
|
2013-09-04 16:00:57 +04:00
|
|
|
}
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
/*
|
|
|
|
* A dataset name of maximum length cannot have any snapshots,
|
|
|
|
* so exit immediately.
|
|
|
|
*/
|
2016-06-16 00:28:36 +03:00
|
|
|
if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >=
|
|
|
|
ZFS_MAX_DATASET_NAME_LEN) {
|
2010-05-29 00:45:14 +04:00
|
|
|
dmu_objset_rele(os, FTAG);
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(ESRCH));
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
error = dmu_snapshot_list_next(os,
|
|
|
|
sizeof (zc->zc_name) - strlen(zc->zc_name),
|
2010-08-27 01:24:34 +04:00
|
|
|
zc->zc_name + strlen(zc->zc_name), &zc->zc_obj, &zc->zc_cookie,
|
|
|
|
NULL);
|
|
|
|
|
2012-05-29 21:50:50 +04:00
|
|
|
if (error == 0 && !zc->zc_simple) {
|
2010-08-27 01:24:34 +04:00
|
|
|
dsl_dataset_t *ds;
|
|
|
|
dsl_pool_t *dp = os->os_dsl_dataset->ds_dir->dd_pool;
|
|
|
|
|
|
|
|
error = dsl_dataset_hold_obj(dp, zc->zc_obj, FTAG, &ds);
|
2013-09-04 16:00:57 +04:00
|
|
|
if (error == 0) {
|
2010-08-27 01:24:34 +04:00
|
|
|
objset_t *ossnap;
|
|
|
|
|
|
|
|
error = dmu_objset_from_ds(ds, &ossnap);
|
|
|
|
if (error == 0)
|
|
|
|
error = zfs_ioc_objset_stats_impl(zc, ossnap);
|
|
|
|
dsl_dataset_rele(ds, FTAG);
|
2010-05-29 00:45:14 +04:00
|
|
|
}
|
|
|
|
} else if (error == ENOENT) {
|
2013-03-08 22:41:28 +04:00
|
|
|
error = SET_ERROR(ESRCH);
|
2010-05-29 00:45:14 +04:00
|
|
|
}
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2010-08-27 01:24:34 +04:00
|
|
|
dmu_objset_rele(os, FTAG);
|
2008-11-20 23:01:55 +03:00
|
|
|
/* if we failed, undo the @ that we tacked on to zc_name */
|
2013-09-04 16:00:57 +04:00
|
|
|
if (error != 0)
|
2008-11-20 23:01:55 +03:00
|
|
|
*strchr(zc->zc_name, '@') = '\0';
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
static int
|
|
|
|
zfs_prop_set_userquota(const char *dsname, nvpair_t *pair)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
2010-05-29 00:45:14 +04:00
|
|
|
const char *propname = nvpair_name(pair);
|
|
|
|
uint64_t *valary;
|
|
|
|
unsigned int vallen;
|
|
|
|
const char *domain;
|
|
|
|
char *dash;
|
|
|
|
zfs_userquota_prop_t type;
|
|
|
|
uint64_t rid;
|
|
|
|
uint64_t quota;
|
2017-03-08 03:21:37 +03:00
|
|
|
zfsvfs_t *zfsvfs;
|
2010-05-29 00:45:14 +04:00
|
|
|
int err;
|
|
|
|
|
|
|
|
if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
|
|
|
|
nvlist_t *attrs;
|
|
|
|
VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
|
|
|
|
if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
|
|
|
|
&pair) != 0)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EINVAL));
|
2010-05-29 00:45:14 +04:00
|
|
|
}
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
/*
|
2010-05-29 00:45:14 +04:00
|
|
|
* A correctly constructed propname is encoded as
|
|
|
|
* userquota@<rid>-<domain>.
|
2008-11-20 23:01:55 +03:00
|
|
|
*/
|
2010-05-29 00:45:14 +04:00
|
|
|
if ((dash = strchr(propname, '-')) == NULL ||
|
|
|
|
nvpair_value_uint64_array(pair, &valary, &vallen) != 0 ||
|
|
|
|
vallen != 3)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EINVAL));
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
domain = dash + 1;
|
|
|
|
type = valary[0];
|
|
|
|
rid = valary[1];
|
|
|
|
quota = valary[2];
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2017-03-09 01:56:19 +03:00
|
|
|
err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE);
|
2010-05-29 00:45:14 +04:00
|
|
|
if (err == 0) {
|
2017-03-08 03:21:37 +03:00
|
|
|
err = zfs_set_userquota(zfsvfs, type, domain, rid, quota);
|
2017-03-09 01:56:19 +03:00
|
|
|
zfsvfs_rele(zfsvfs, FTAG);
|
2010-05-29 00:45:14 +04:00
|
|
|
}
|
2009-07-03 02:44:48 +04:00
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
return (err);
|
|
|
|
}
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
/*
|
|
|
|
* If the named property is one that has a special function to set its value,
|
|
|
|
* return 0 on success and a positive error code on failure; otherwise if it is
|
|
|
|
* not one of the special properties handled by this function, return -1.
|
|
|
|
*
|
|
|
|
* XXX: It would be better for callers of the property interface if we handled
|
|
|
|
* these special cases in dsl_prop.c (in the dsl layer).
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
zfs_prop_set_special(const char *dsname, zprop_source_t source,
|
|
|
|
nvpair_t *pair)
|
|
|
|
{
|
|
|
|
const char *propname = nvpair_name(pair);
|
|
|
|
zfs_prop_t prop = zfs_name_to_prop(propname);
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
uint64_t intval = 0;
|
|
|
|
char *strval = NULL;
|
2014-11-03 23:15:08 +03:00
|
|
|
int err = -1;
|
2009-07-03 02:44:48 +04:00
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
if (prop == ZPROP_INVAL) {
|
|
|
|
if (zfs_prop_userquota(propname))
|
|
|
|
return (zfs_prop_set_userquota(dsname, pair));
|
|
|
|
return (-1);
|
|
|
|
}
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
|
|
|
|
nvlist_t *attrs;
|
|
|
|
VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
|
|
|
|
VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
|
|
|
|
&pair) == 0);
|
|
|
|
}
|
2008-12-03 23:09:06 +03:00
|
|
|
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
/* all special properties are numeric except for keylocation */
|
|
|
|
if (zfs_prop_get_type(prop) == PROP_TYPE_STRING) {
|
|
|
|
strval = fnvpair_value_string(pair);
|
|
|
|
} else {
|
|
|
|
intval = fnvpair_value_uint64(pair);
|
|
|
|
}
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
switch (prop) {
|
|
|
|
case ZFS_PROP_QUOTA:
|
|
|
|
err = dsl_dir_set_quota(dsname, source, intval);
|
|
|
|
break;
|
|
|
|
case ZFS_PROP_REFQUOTA:
|
2013-09-04 16:00:57 +04:00
|
|
|
err = dsl_dataset_set_refquota(dsname, source, intval);
|
2010-05-29 00:45:14 +04:00
|
|
|
break;
|
2015-04-01 16:07:48 +03:00
|
|
|
case ZFS_PROP_FILESYSTEM_LIMIT:
|
|
|
|
case ZFS_PROP_SNAPSHOT_LIMIT:
|
|
|
|
if (intval == UINT64_MAX) {
|
|
|
|
/* clearing the limit, just do it */
|
|
|
|
err = 0;
|
|
|
|
} else {
|
|
|
|
err = dsl_dir_activate_fs_ss_limit(dsname);
|
|
|
|
}
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
/*
|
|
|
|
* Set err to -1 to force the zfs_set_prop_nvlist code down the
|
|
|
|
* default path to set the value in the nvlist.
|
|
|
|
*/
|
|
|
|
if (err == 0)
|
|
|
|
err = -1;
|
|
|
|
break;
|
|
|
|
case ZFS_PROP_KEYLOCATION:
|
|
|
|
err = dsl_crypto_can_set_keylocation(dsname, strval);
|
|
|
|
|
2015-04-01 16:07:48 +03:00
|
|
|
/*
|
|
|
|
* Set err to -1 to force the zfs_set_prop_nvlist code down the
|
|
|
|
* default path to set the value in the nvlist.
|
|
|
|
*/
|
|
|
|
if (err == 0)
|
|
|
|
err = -1;
|
|
|
|
break;
|
2010-05-29 00:45:14 +04:00
|
|
|
case ZFS_PROP_RESERVATION:
|
|
|
|
err = dsl_dir_set_reservation(dsname, source, intval);
|
|
|
|
break;
|
|
|
|
case ZFS_PROP_REFRESERVATION:
|
2013-09-04 16:00:57 +04:00
|
|
|
err = dsl_dataset_set_refreservation(dsname, source, intval);
|
2010-05-29 00:45:14 +04:00
|
|
|
break;
|
|
|
|
case ZFS_PROP_VOLSIZE:
|
2010-08-26 22:45:02 +04:00
|
|
|
err = zvol_set_volsize(dsname, intval);
|
2010-05-29 00:45:14 +04:00
|
|
|
break;
|
2013-02-14 03:11:59 +04:00
|
|
|
case ZFS_PROP_SNAPDEV:
|
2014-03-22 13:07:14 +04:00
|
|
|
err = zvol_set_snapdev(dsname, source, intval);
|
2013-02-14 03:11:59 +04:00
|
|
|
break;
|
2017-07-12 23:05:37 +03:00
|
|
|
case ZFS_PROP_VOLMODE:
|
|
|
|
err = zvol_set_volmode(dsname, source, intval);
|
|
|
|
break;
|
2010-05-29 00:45:14 +04:00
|
|
|
case ZFS_PROP_VERSION:
|
|
|
|
{
|
2017-03-08 03:21:37 +03:00
|
|
|
zfsvfs_t *zfsvfs;
|
2010-05-29 00:45:14 +04:00
|
|
|
|
2017-03-09 01:56:19 +03:00
|
|
|
if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0)
|
2008-11-20 23:01:55 +03:00
|
|
|
break;
|
2008-12-03 23:09:06 +03:00
|
|
|
|
2017-03-08 03:21:37 +03:00
|
|
|
err = zfs_set_version(zfsvfs, intval);
|
2017-03-09 01:56:19 +03:00
|
|
|
zfsvfs_rele(zfsvfs, FTAG);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
if (err == 0 && intval >= ZPL_VERSION_USERSPACE) {
|
|
|
|
zfs_cmd_t *zc;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2014-12-03 22:56:32 +03:00
|
|
|
zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
|
2010-05-29 00:45:14 +04:00
|
|
|
(void) strcpy(zc->zc_name, dsname);
|
|
|
|
(void) zfs_ioc_userspace_upgrade(zc);
|
2018-02-14 01:54:54 +03:00
|
|
|
(void) zfs_ioc_id_quota_upgrade(zc);
|
2010-05-29 00:45:14 +04:00
|
|
|
kmem_free(zc, sizeof (zfs_cmd_t));
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
2010-05-29 00:45:14 +04:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
default:
|
|
|
|
err = -1;
|
|
|
|
}
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
return (err);
|
|
|
|
}
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
/*
|
|
|
|
* This function is best effort. If it fails to set any of the given properties,
|
2013-08-28 15:45:09 +04:00
|
|
|
* it continues to set as many as it can and returns the last error
|
|
|
|
* encountered. If the caller provides a non-NULL errlist, it will be filled in
|
|
|
|
* with the list of names of all the properties that failed along with the
|
|
|
|
* corresponding error numbers.
|
2010-05-29 00:45:14 +04:00
|
|
|
*
|
2013-08-28 15:45:09 +04:00
|
|
|
* If every property is set successfully, zero is returned and errlist is not
|
|
|
|
* modified.
|
2010-05-29 00:45:14 +04:00
|
|
|
*/
|
|
|
|
int
|
|
|
|
zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl,
|
2013-08-28 15:45:09 +04:00
|
|
|
nvlist_t *errlist)
|
2010-05-29 00:45:14 +04:00
|
|
|
{
|
|
|
|
nvpair_t *pair;
|
|
|
|
nvpair_t *propval;
|
|
|
|
int rv = 0;
|
|
|
|
uint64_t intval;
|
|
|
|
char *strval;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
nvlist_t *genericnvl = fnvlist_alloc();
|
|
|
|
nvlist_t *retrynvl = fnvlist_alloc();
|
2010-05-29 00:45:14 +04:00
|
|
|
retry:
|
|
|
|
pair = NULL;
|
|
|
|
while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
|
|
|
|
const char *propname = nvpair_name(pair);
|
|
|
|
zfs_prop_t prop = zfs_name_to_prop(propname);
|
|
|
|
int err = 0;
|
|
|
|
|
|
|
|
/* decode the property value */
|
|
|
|
propval = pair;
|
|
|
|
if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
|
|
|
|
nvlist_t *attrs;
|
2013-08-28 15:45:09 +04:00
|
|
|
attrs = fnvpair_value_nvlist(pair);
|
2010-05-29 00:45:14 +04:00
|
|
|
if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
|
|
|
|
&propval) != 0)
|
2013-03-08 22:41:28 +04:00
|
|
|
err = SET_ERROR(EINVAL);
|
2009-07-03 02:44:48 +04:00
|
|
|
}
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
/* Validate value type */
|
2017-05-10 02:21:09 +03:00
|
|
|
if (err == 0 && source == ZPROP_SRC_INHERITED) {
|
|
|
|
/* inherited properties are expected to be booleans */
|
|
|
|
if (nvpair_type(propval) != DATA_TYPE_BOOLEAN)
|
|
|
|
err = SET_ERROR(EINVAL);
|
|
|
|
} else if (err == 0 && prop == ZPROP_INVAL) {
|
2010-05-29 00:45:14 +04:00
|
|
|
if (zfs_prop_user(propname)) {
|
|
|
|
if (nvpair_type(propval) != DATA_TYPE_STRING)
|
2013-03-08 22:41:28 +04:00
|
|
|
err = SET_ERROR(EINVAL);
|
2010-05-29 00:45:14 +04:00
|
|
|
} else if (zfs_prop_userquota(propname)) {
|
|
|
|
if (nvpair_type(propval) !=
|
|
|
|
DATA_TYPE_UINT64_ARRAY)
|
2013-03-08 22:41:28 +04:00
|
|
|
err = SET_ERROR(EINVAL);
|
2011-11-17 22:14:36 +04:00
|
|
|
} else {
|
2013-03-08 22:41:28 +04:00
|
|
|
err = SET_ERROR(EINVAL);
|
2010-05-29 00:45:14 +04:00
|
|
|
}
|
|
|
|
} else if (err == 0) {
|
|
|
|
if (nvpair_type(propval) == DATA_TYPE_STRING) {
|
|
|
|
if (zfs_prop_get_type(prop) != PROP_TYPE_STRING)
|
2013-03-08 22:41:28 +04:00
|
|
|
err = SET_ERROR(EINVAL);
|
2010-05-29 00:45:14 +04:00
|
|
|
} else if (nvpair_type(propval) == DATA_TYPE_UINT64) {
|
2008-11-20 23:01:55 +03:00
|
|
|
const char *unused;
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
intval = fnvpair_value_uint64(propval);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
switch (zfs_prop_get_type(prop)) {
|
|
|
|
case PROP_TYPE_NUMBER:
|
|
|
|
break;
|
|
|
|
case PROP_TYPE_STRING:
|
2013-03-08 22:41:28 +04:00
|
|
|
err = SET_ERROR(EINVAL);
|
2010-05-29 00:45:14 +04:00
|
|
|
break;
|
2008-11-20 23:01:55 +03:00
|
|
|
case PROP_TYPE_INDEX:
|
|
|
|
if (zfs_prop_index_to_string(prop,
|
2010-05-29 00:45:14 +04:00
|
|
|
intval, &unused) != 0)
|
2013-03-08 22:41:28 +04:00
|
|
|
err = SET_ERROR(EINVAL);
|
2008-11-20 23:01:55 +03:00
|
|
|
break;
|
|
|
|
default:
|
|
|
|
cmn_err(CE_PANIC,
|
|
|
|
"unknown property type");
|
|
|
|
}
|
|
|
|
} else {
|
2013-03-08 22:41:28 +04:00
|
|
|
err = SET_ERROR(EINVAL);
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
}
|
2010-05-29 00:45:14 +04:00
|
|
|
|
|
|
|
/* Validate permissions */
|
|
|
|
if (err == 0)
|
|
|
|
err = zfs_check_settable(dsname, pair, CRED());
|
|
|
|
|
|
|
|
if (err == 0) {
|
2017-05-10 02:21:09 +03:00
|
|
|
if (source == ZPROP_SRC_INHERITED)
|
|
|
|
err = -1; /* does not need special handling */
|
|
|
|
else
|
|
|
|
err = zfs_prop_set_special(dsname, source,
|
|
|
|
pair);
|
2010-05-29 00:45:14 +04:00
|
|
|
if (err == -1) {
|
|
|
|
/*
|
|
|
|
* For better performance we build up a list of
|
|
|
|
* properties to set in a single transaction.
|
|
|
|
*/
|
|
|
|
err = nvlist_add_nvpair(genericnvl, pair);
|
|
|
|
} else if (err != 0 && nvl != retrynvl) {
|
|
|
|
/*
|
|
|
|
* This may be a spurious error caused by
|
|
|
|
* receiving quota and reservation out of order.
|
|
|
|
* Try again in a second pass.
|
|
|
|
*/
|
|
|
|
err = nvlist_add_nvpair(retrynvl, pair);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
if (err != 0) {
|
|
|
|
if (errlist != NULL)
|
|
|
|
fnvlist_add_int32(errlist, propname, err);
|
|
|
|
rv = err;
|
|
|
|
}
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
if (nvl != retrynvl && !nvlist_empty(retrynvl)) {
|
|
|
|
nvl = retrynvl;
|
|
|
|
goto retry;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!nvlist_empty(genericnvl) &&
|
|
|
|
dsl_props_set(dsname, source, genericnvl) != 0) {
|
|
|
|
/*
|
|
|
|
* If this fails, we still want to set as many properties as we
|
|
|
|
* can, so try setting them individually.
|
|
|
|
*/
|
|
|
|
pair = NULL;
|
|
|
|
while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) {
|
|
|
|
const char *propname = nvpair_name(pair);
|
|
|
|
int err = 0;
|
|
|
|
|
|
|
|
propval = pair;
|
|
|
|
if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
|
|
|
|
nvlist_t *attrs;
|
2013-08-28 15:45:09 +04:00
|
|
|
attrs = fnvpair_value_nvlist(pair);
|
|
|
|
propval = fnvlist_lookup_nvpair(attrs,
|
|
|
|
ZPROP_VALUE);
|
2010-05-29 00:45:14 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
if (nvpair_type(propval) == DATA_TYPE_STRING) {
|
2013-08-28 15:45:09 +04:00
|
|
|
strval = fnvpair_value_string(propval);
|
2013-09-04 16:00:57 +04:00
|
|
|
err = dsl_prop_set_string(dsname, propname,
|
|
|
|
source, strval);
|
2017-05-10 02:21:09 +03:00
|
|
|
} else if (nvpair_type(propval) == DATA_TYPE_BOOLEAN) {
|
|
|
|
err = dsl_prop_inherit(dsname, propname,
|
|
|
|
source);
|
2010-05-29 00:45:14 +04:00
|
|
|
} else {
|
2013-08-28 15:45:09 +04:00
|
|
|
intval = fnvpair_value_uint64(propval);
|
2013-09-04 16:00:57 +04:00
|
|
|
err = dsl_prop_set_int(dsname, propname, source,
|
|
|
|
intval);
|
2010-05-29 00:45:14 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
if (err != 0) {
|
2013-08-28 15:45:09 +04:00
|
|
|
if (errlist != NULL) {
|
|
|
|
fnvlist_add_int32(errlist, propname,
|
|
|
|
err);
|
|
|
|
}
|
|
|
|
rv = err;
|
2010-05-29 00:45:14 +04:00
|
|
|
}
|
|
|
|
}
|
2009-07-03 02:44:48 +04:00
|
|
|
}
|
|
|
|
nvlist_free(genericnvl);
|
2010-05-29 00:45:14 +04:00
|
|
|
nvlist_free(retrynvl);
|
|
|
|
|
|
|
|
return (rv);
|
2009-07-03 02:44:48 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Check that all the properties are valid user properties.
|
|
|
|
*/
|
|
|
|
static int
|
2013-08-28 15:45:09 +04:00
|
|
|
zfs_check_userprops(const char *fsname, nvlist_t *nvl)
|
2009-07-03 02:44:48 +04:00
|
|
|
{
|
2010-05-29 00:45:14 +04:00
|
|
|
nvpair_t *pair = NULL;
|
2009-07-03 02:44:48 +04:00
|
|
|
int error = 0;
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
|
|
|
|
const char *propname = nvpair_name(pair);
|
2009-07-03 02:44:48 +04:00
|
|
|
|
|
|
|
if (!zfs_prop_user(propname) ||
|
2010-05-29 00:45:14 +04:00
|
|
|
nvpair_type(pair) != DATA_TYPE_STRING)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EINVAL));
|
2009-07-03 02:44:48 +04:00
|
|
|
|
2010-08-26 20:52:42 +04:00
|
|
|
if ((error = zfs_secpolicy_write_perms(fsname,
|
|
|
|
ZFS_DELEG_PERM_USERPROP, CRED())))
|
2009-07-03 02:44:48 +04:00
|
|
|
return (error);
|
|
|
|
|
|
|
|
if (strlen(propname) >= ZAP_MAXNAMELEN)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(ENAMETOOLONG));
|
2009-07-03 02:44:48 +04:00
|
|
|
|
2013-12-12 02:33:41 +04:00
|
|
|
if (strlen(fnvpair_value_string(pair)) >= ZAP_MAXVALUELEN)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(E2BIG));
|
2009-07-03 02:44:48 +04:00
|
|
|
}
|
2008-11-20 23:01:55 +03:00
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
static void
|
|
|
|
props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops)
|
|
|
|
{
|
|
|
|
nvpair_t *pair;
|
|
|
|
|
|
|
|
VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
|
|
|
|
|
|
|
|
pair = NULL;
|
|
|
|
while ((pair = nvlist_next_nvpair(props, pair)) != NULL) {
|
|
|
|
if (nvlist_exists(skipped, nvpair_name(pair)))
|
|
|
|
continue;
|
|
|
|
|
|
|
|
VERIFY(nvlist_add_nvpair(*newprops, pair) == 0);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2013-09-04 16:00:57 +04:00
|
|
|
clear_received_props(const char *dsname, nvlist_t *props,
|
2010-05-29 00:45:14 +04:00
|
|
|
nvlist_t *skipped)
|
|
|
|
{
|
|
|
|
int err = 0;
|
|
|
|
nvlist_t *cleared_props = NULL;
|
|
|
|
props_skip(props, skipped, &cleared_props);
|
|
|
|
if (!nvlist_empty(cleared_props)) {
|
|
|
|
/*
|
|
|
|
* Acts on local properties until the dataset has received
|
|
|
|
* properties at least once on or after SPA_VERSION_RECVD_PROPS.
|
|
|
|
*/
|
|
|
|
zprop_source_t flags = (ZPROP_SRC_NONE |
|
2013-09-04 16:00:57 +04:00
|
|
|
(dsl_prop_get_hasrecvd(dsname) ? ZPROP_SRC_RECEIVED : 0));
|
|
|
|
err = zfs_set_prop_nvlist(dsname, flags, cleared_props, NULL);
|
2010-05-29 00:45:14 +04:00
|
|
|
}
|
|
|
|
nvlist_free(cleared_props);
|
|
|
|
return (err);
|
|
|
|
}
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
/*
|
|
|
|
* inputs:
|
|
|
|
* zc_name name of filesystem
|
2009-07-03 02:44:48 +04:00
|
|
|
* zc_value name of property to set
|
2008-11-20 23:01:55 +03:00
|
|
|
* zc_nvlist_src{_size} nvlist of properties to apply
|
2010-05-29 00:45:14 +04:00
|
|
|
* zc_cookie received properties flag
|
2008-11-20 23:01:55 +03:00
|
|
|
*
|
2010-05-29 00:45:14 +04:00
|
|
|
* outputs:
|
|
|
|
* zc_nvlist_dst{_size} error for each unapplied received property
|
2008-11-20 23:01:55 +03:00
|
|
|
*/
|
|
|
|
static int
|
|
|
|
zfs_ioc_set_prop(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
nvlist_t *nvl;
|
2010-05-29 00:45:14 +04:00
|
|
|
boolean_t received = zc->zc_cookie;
|
|
|
|
zprop_source_t source = (received ? ZPROP_SRC_RECEIVED :
|
|
|
|
ZPROP_SRC_LOCAL);
|
2013-08-28 15:45:09 +04:00
|
|
|
nvlist_t *errors;
|
2008-11-20 23:01:55 +03:00
|
|
|
int error;
|
|
|
|
|
|
|
|
if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
|
2009-07-03 02:44:48 +04:00
|
|
|
zc->zc_iflags, &nvl)) != 0)
|
2008-11-20 23:01:55 +03:00
|
|
|
return (error);
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
if (received) {
|
2008-12-03 23:09:06 +03:00
|
|
|
nvlist_t *origprops;
|
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
if (dsl_prop_get_received(zc->zc_name, &origprops) == 0) {
|
|
|
|
(void) clear_received_props(zc->zc_name,
|
|
|
|
origprops, nvl);
|
|
|
|
nvlist_free(origprops);
|
2010-05-29 00:45:14 +04:00
|
|
|
}
|
2013-09-04 16:00:57 +04:00
|
|
|
|
|
|
|
error = dsl_prop_set_hasrecvd(zc->zc_name);
|
2008-12-03 23:09:06 +03:00
|
|
|
}
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
errors = fnvlist_alloc();
|
2013-09-04 16:00:57 +04:00
|
|
|
if (error == 0)
|
|
|
|
error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, errors);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2010-08-26 20:52:39 +04:00
|
|
|
if (zc->zc_nvlist_dst != 0 && errors != NULL) {
|
2010-05-29 00:45:14 +04:00
|
|
|
(void) put_nvlist(zc, errors);
|
|
|
|
}
|
|
|
|
|
|
|
|
nvlist_free(errors);
|
2008-11-20 23:01:55 +03:00
|
|
|
nvlist_free(nvl);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* inputs:
|
|
|
|
* zc_name name of filesystem
|
|
|
|
* zc_value name of property to inherit
|
2010-05-29 00:45:14 +04:00
|
|
|
* zc_cookie revert to received value if TRUE
|
2008-11-20 23:01:55 +03:00
|
|
|
*
|
|
|
|
* outputs: none
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
zfs_ioc_inherit_prop(zfs_cmd_t *zc)
|
|
|
|
{
|
2010-05-29 00:45:14 +04:00
|
|
|
const char *propname = zc->zc_value;
|
|
|
|
zfs_prop_t prop = zfs_name_to_prop(propname);
|
|
|
|
boolean_t received = zc->zc_cookie;
|
|
|
|
zprop_source_t source = (received
|
|
|
|
? ZPROP_SRC_NONE /* revert to received value, if any */
|
|
|
|
: ZPROP_SRC_INHERITED); /* explicitly inherit */
|
2017-06-02 17:17:00 +03:00
|
|
|
nvlist_t *dummy;
|
|
|
|
nvpair_t *pair;
|
|
|
|
zprop_type_t type;
|
|
|
|
int err;
|
2010-05-29 00:45:14 +04:00
|
|
|
|
2017-06-02 17:17:00 +03:00
|
|
|
if (!received) {
|
2017-05-26 21:40:44 +03:00
|
|
|
/*
|
|
|
|
* Only check this in the non-received case. We want to allow
|
|
|
|
* 'inherit -S' to revert non-inheritable properties like quota
|
|
|
|
* and reservation to the received or default values even though
|
|
|
|
* they are not considered inheritable.
|
|
|
|
*/
|
|
|
|
if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop))
|
|
|
|
return (SET_ERROR(EINVAL));
|
2017-05-26 02:43:46 +03:00
|
|
|
}
|
|
|
|
|
2017-06-02 17:17:00 +03:00
|
|
|
if (prop == ZPROP_INVAL) {
|
|
|
|
if (!zfs_prop_user(propname))
|
|
|
|
return (SET_ERROR(EINVAL));
|
|
|
|
|
|
|
|
type = PROP_TYPE_STRING;
|
|
|
|
} else if (prop == ZFS_PROP_VOLSIZE || prop == ZFS_PROP_VERSION) {
|
|
|
|
return (SET_ERROR(EINVAL));
|
|
|
|
} else {
|
|
|
|
type = zfs_prop_get_type(prop);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* zfs_prop_set_special() expects properties in the form of an
|
|
|
|
* nvpair with type info.
|
|
|
|
*/
|
|
|
|
dummy = fnvlist_alloc();
|
|
|
|
|
|
|
|
switch (type) {
|
|
|
|
case PROP_TYPE_STRING:
|
|
|
|
VERIFY(0 == nvlist_add_string(dummy, propname, ""));
|
|
|
|
break;
|
|
|
|
case PROP_TYPE_NUMBER:
|
|
|
|
case PROP_TYPE_INDEX:
|
|
|
|
VERIFY(0 == nvlist_add_uint64(dummy, propname, 0));
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
err = SET_ERROR(EINVAL);
|
|
|
|
goto errout;
|
|
|
|
}
|
|
|
|
|
|
|
|
pair = nvlist_next_nvpair(dummy, NULL);
|
|
|
|
if (pair == NULL) {
|
|
|
|
err = SET_ERROR(EINVAL);
|
|
|
|
} else {
|
|
|
|
err = zfs_prop_set_special(zc->zc_name, source, pair);
|
|
|
|
if (err == -1) /* property is not "special", needs handling */
|
|
|
|
err = dsl_prop_inherit(zc->zc_name, zc->zc_value,
|
|
|
|
source);
|
|
|
|
}
|
|
|
|
|
|
|
|
errout:
|
|
|
|
nvlist_free(dummy);
|
|
|
|
return (err);
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
zfs_ioc_pool_set_props(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
nvlist_t *props;
|
|
|
|
spa_t *spa;
|
|
|
|
int error;
|
2010-05-29 00:45:14 +04:00
|
|
|
nvpair_t *pair;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2010-08-26 20:52:42 +04:00
|
|
|
if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
|
|
|
|
zc->zc_iflags, &props)))
|
2008-11-20 23:01:55 +03:00
|
|
|
return (error);
|
|
|
|
|
2009-02-18 23:51:31 +03:00
|
|
|
/*
|
|
|
|
* If the only property is the configfile, then just do a spa_lookup()
|
|
|
|
* to handle the faulted case.
|
|
|
|
*/
|
2010-05-29 00:45:14 +04:00
|
|
|
pair = nvlist_next_nvpair(props, NULL);
|
|
|
|
if (pair != NULL && strcmp(nvpair_name(pair),
|
2009-02-18 23:51:31 +03:00
|
|
|
zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 &&
|
2010-05-29 00:45:14 +04:00
|
|
|
nvlist_next_nvpair(props, pair) == NULL) {
|
2009-02-18 23:51:31 +03:00
|
|
|
mutex_enter(&spa_namespace_lock);
|
|
|
|
if ((spa = spa_lookup(zc->zc_name)) != NULL) {
|
|
|
|
spa_configfile_set(spa, props, B_FALSE);
|
OpenZFS 7614, 9064 - zfs device evacuation/removal
OpenZFS 7614 - zfs device evacuation/removal
OpenZFS 9064 - remove_mirror should wait for device removal to complete
This project allows top-level vdevs to be removed from the storage pool
with "zpool remove", reducing the total amount of storage in the pool.
This operation copies all allocated regions of the device to be removed
onto other devices, recording the mapping from old to new location.
After the removal is complete, read and free operations to the removed
(now "indirect") vdev must be remapped and performed at the new location
on disk. The indirect mapping table is kept in memory whenever the pool
is loaded, so there is minimal performance overhead when doing operations
on the indirect vdev.
The size of the in-memory mapping table will be reduced when its entries
become "obsolete" because they are no longer used by any block pointers
in the pool. An entry becomes obsolete when all the blocks that use
it are freed. An entry can also become obsolete when all the snapshots
that reference it are deleted, and the block pointers that reference it
have been "remapped" in all filesystems/zvols (and clones). Whenever an
indirect block is written, all the block pointers in it will be "remapped"
to their new (concrete) locations if possible. This process can be
accelerated by using the "zfs remap" command to proactively rewrite all
indirect blocks that reference indirect (removed) vdevs.
Note that when a device is removed, we do not verify the checksum of
the data that is copied. This makes the process much faster, but if it
were used on redundant vdevs (i.e. mirror or raidz vdevs), it would be
possible to copy the wrong data, when we have the correct data on e.g.
the other side of the mirror.
At the moment, only mirrors and simple top-level vdevs can be removed
and no removal is allowed if any of the top-level vdevs are raidz.
Porting Notes:
* Avoid zero-sized kmem_alloc() in vdev_compact_children().
The device evacuation code adds a dependency that
vdev_compact_children() be able to properly empty the vdev_child
array by setting it to NULL and zeroing vdev_children. Under Linux,
kmem_alloc() and related functions return a sentinel pointer rather
than NULL for zero-sized allocations.
* Remove comment regarding "mpt" driver where zfs_remove_max_segment
is initialized to SPA_MAXBLOCKSIZE.
Change zfs_condense_indirect_commit_entry_delay_ticks to
zfs_condense_indirect_commit_entry_delay_ms for consistency with
most other tunables in which delays are specified in ms.
* ZTS changes:
Use set_tunable rather than mdb
Use zpool sync as appropriate
Use sync_pool instead of sync
Kill jobs during test_removal_with_operation to allow unmount/export
Don't add non-disk names such as "mirror" or "raidz" to $DISKS
Use $TEST_BASE_DIR instead of /tmp
Increase HZ from 100 to 1000 which is more common on Linux
removal_multiple_indirection.ksh
Reduce iterations in order to not time out on the code
coverage builders.
removal_resume_export:
Functionally, the test case is correct but there exists a race
where the kernel thread hasn't been fully started yet and is
not visible. Wait for up to 1 second for the removal thread
to be started before giving up on it. Also, increase the
amount of data copied in order that the removal not finish
before the export has a chance to fail.
* MMP compatibility, the concept of concrete versus non-concrete devices
has slightly changed the semantics of vdev_writeable(). Update
mmp_random_leaf_impl() accordingly.
* Updated dbuf_remap() to handle the org.zfsonlinux:large_dnode pool
feature which is not supported by OpenZFS.
* Added support for new vdev removal tracepoints.
* Test cases removal_with_zdb and removal_condense_export have been
intentionally disabled. When run manually they pass as intended,
but when running in the automated test environment they produce
unreliable results on the latest Fedora release.
They may work better once the upstream pool import refectoring is
merged into ZoL at which point they will be re-enabled.
Authored by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Alex Reece <alex@delphix.com>
Reviewed-by: George Wilson <george.wilson@delphix.com>
Reviewed-by: John Kennedy <john.kennedy@delphix.com>
Reviewed-by: Prakash Surya <prakash.surya@delphix.com>
Reviewed by: Richard Laager <rlaager@wiktel.com>
Reviewed by: Tim Chase <tim@chase2k.com>
Reviewed by: Brian Behlendorf <behlendorf1@llnl.gov>
Approved by: Garrett D'Amore <garrett@damore.org>
Ported-by: Tim Chase <tim@chase2k.com>
Signed-off-by: Tim Chase <tim@chase2k.com>
OpenZFS-issue: https://www.illumos.org/issues/7614
OpenZFS-commit: https://github.com/openzfs/openzfs/commit/f539f1eb
Closes #6900
2016-09-22 19:30:13 +03:00
|
|
|
spa_write_cachefile(spa, B_FALSE, B_TRUE);
|
2009-02-18 23:51:31 +03:00
|
|
|
}
|
|
|
|
mutex_exit(&spa_namespace_lock);
|
2010-05-29 00:45:14 +04:00
|
|
|
if (spa != NULL) {
|
|
|
|
nvlist_free(props);
|
2009-02-18 23:51:31 +03:00
|
|
|
return (0);
|
2010-05-29 00:45:14 +04:00
|
|
|
}
|
2009-02-18 23:51:31 +03:00
|
|
|
}
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
|
|
|
|
nvlist_free(props);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
error = spa_prop_set(spa, props);
|
|
|
|
|
|
|
|
nvlist_free(props);
|
|
|
|
spa_close(spa, FTAG);
|
|
|
|
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
zfs_ioc_pool_get_props(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
spa_t *spa;
|
|
|
|
int error;
|
|
|
|
nvlist_t *nvp = NULL;
|
|
|
|
|
2009-02-18 23:51:31 +03:00
|
|
|
if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
|
|
|
|
/*
|
|
|
|
* If the pool is faulted, there may be properties we can still
|
|
|
|
* get (such as altroot and cachefile), so attempt to get them
|
|
|
|
* anyway.
|
|
|
|
*/
|
|
|
|
mutex_enter(&spa_namespace_lock);
|
|
|
|
if ((spa = spa_lookup(zc->zc_name)) != NULL)
|
|
|
|
error = spa_prop_get(spa, &nvp);
|
|
|
|
mutex_exit(&spa_namespace_lock);
|
|
|
|
} else {
|
|
|
|
error = spa_prop_get(spa, &nvp);
|
|
|
|
spa_close(spa, FTAG);
|
|
|
|
}
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2010-08-26 20:52:39 +04:00
|
|
|
if (error == 0 && zc->zc_nvlist_dst != 0)
|
2008-11-20 23:01:55 +03:00
|
|
|
error = put_nvlist(zc, nvp);
|
|
|
|
else
|
2013-03-08 22:41:28 +04:00
|
|
|
error = SET_ERROR(EFAULT);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2009-02-18 23:51:31 +03:00
|
|
|
nvlist_free(nvp);
|
2008-11-20 23:01:55 +03:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* inputs:
|
|
|
|
* zc_name name of filesystem
|
|
|
|
* zc_nvlist_src{_size} nvlist of delegated permissions
|
|
|
|
* zc_perm_action allow/unallow flag
|
|
|
|
*
|
|
|
|
* outputs: none
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
zfs_ioc_set_fsacl(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
int error;
|
|
|
|
nvlist_t *fsaclnv = NULL;
|
|
|
|
|
|
|
|
if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
|
2009-07-03 02:44:48 +04:00
|
|
|
zc->zc_iflags, &fsaclnv)) != 0)
|
2008-11-20 23:01:55 +03:00
|
|
|
return (error);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Verify nvlist is constructed correctly
|
|
|
|
*/
|
|
|
|
if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) {
|
|
|
|
nvlist_free(fsaclnv);
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EINVAL));
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If we don't have PRIV_SYS_MOUNT, then validate
|
|
|
|
* that user is allowed to hand out each permission in
|
|
|
|
* the nvlist(s)
|
|
|
|
*/
|
|
|
|
|
|
|
|
error = secpolicy_zfs(CRED());
|
2013-09-04 16:00:57 +04:00
|
|
|
if (error != 0) {
|
2008-11-20 23:01:55 +03:00
|
|
|
if (zc->zc_perm_action == B_FALSE) {
|
|
|
|
error = dsl_deleg_can_allow(zc->zc_name,
|
|
|
|
fsaclnv, CRED());
|
|
|
|
} else {
|
|
|
|
error = dsl_deleg_can_unallow(zc->zc_name,
|
|
|
|
fsaclnv, CRED());
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (error == 0)
|
|
|
|
error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action);
|
|
|
|
|
|
|
|
nvlist_free(fsaclnv);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* inputs:
|
|
|
|
* zc_name name of filesystem
|
|
|
|
*
|
|
|
|
* outputs:
|
|
|
|
* zc_nvlist_src{_size} nvlist of delegated permissions
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
zfs_ioc_get_fsacl(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
nvlist_t *nvp;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) {
|
|
|
|
error = put_nvlist(zc, nvp);
|
|
|
|
nvlist_free(nvp);
|
|
|
|
}
|
|
|
|
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* ARGSUSED */
|
|
|
|
static void
|
|
|
|
zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx)
|
|
|
|
{
|
|
|
|
zfs_creat_t *zct = arg;
|
|
|
|
|
|
|
|
zfs_create_fs(os, cr, zct->zct_zplprops, tx);
|
|
|
|
}
|
|
|
|
|
|
|
|
#define ZFS_PROP_UNDEFINED ((uint64_t)-1)
|
|
|
|
|
|
|
|
/*
|
|
|
|
* inputs:
|
2008-12-03 23:09:06 +03:00
|
|
|
* os parent objset pointer (NULL if root fs)
|
2013-06-11 21:12:34 +04:00
|
|
|
* fuids_ok fuids allowed in this version of the spa?
|
|
|
|
* sa_ok SAs allowed in this version of the spa?
|
|
|
|
* createprops list of properties requested by creator
|
2008-11-20 23:01:55 +03:00
|
|
|
*
|
|
|
|
* outputs:
|
|
|
|
* zplprops values for the zplprops we attach to the master node object
|
2008-12-03 23:09:06 +03:00
|
|
|
* is_ci true if requested file system will be purely case-insensitive
|
2008-11-20 23:01:55 +03:00
|
|
|
*
|
|
|
|
* Determine the settings for utf8only, normalization and
|
|
|
|
* casesensitivity. Specific values may have been requested by the
|
|
|
|
* creator and/or we can inherit values from the parent dataset. If
|
|
|
|
* the file system is of too early a vintage, a creator can not
|
|
|
|
* request settings for these properties, even if the requested
|
|
|
|
* setting is the default value. We don't actually want to create dsl
|
|
|
|
* properties for these, so remove them from the source nvlist after
|
|
|
|
* processing.
|
|
|
|
*/
|
|
|
|
static int
|
2009-07-03 02:44:48 +04:00
|
|
|
zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver,
|
2010-05-29 00:45:14 +04:00
|
|
|
boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops,
|
|
|
|
nvlist_t *zplprops, boolean_t *is_ci)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
|
|
|
uint64_t sense = ZFS_PROP_UNDEFINED;
|
|
|
|
uint64_t norm = ZFS_PROP_UNDEFINED;
|
|
|
|
uint64_t u8 = ZFS_PROP_UNDEFINED;
|
2012-04-08 21:18:48 +04:00
|
|
|
int error;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
ASSERT(zplprops != NULL);
|
|
|
|
|
2017-04-14 00:32:08 +03:00
|
|
|
if (os != NULL && os->os_phys->os_type != DMU_OST_ZFS)
|
|
|
|
return (SET_ERROR(EINVAL));
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
/*
|
|
|
|
* Pull out creator prop choices, if any.
|
|
|
|
*/
|
|
|
|
if (createprops) {
|
2008-12-03 23:09:06 +03:00
|
|
|
(void) nvlist_lookup_uint64(createprops,
|
|
|
|
zfs_prop_to_name(ZFS_PROP_VERSION), &zplver);
|
2008-11-20 23:01:55 +03:00
|
|
|
(void) nvlist_lookup_uint64(createprops,
|
|
|
|
zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm);
|
|
|
|
(void) nvlist_remove_all(createprops,
|
|
|
|
zfs_prop_to_name(ZFS_PROP_NORMALIZE));
|
|
|
|
(void) nvlist_lookup_uint64(createprops,
|
|
|
|
zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8);
|
|
|
|
(void) nvlist_remove_all(createprops,
|
|
|
|
zfs_prop_to_name(ZFS_PROP_UTF8ONLY));
|
|
|
|
(void) nvlist_lookup_uint64(createprops,
|
|
|
|
zfs_prop_to_name(ZFS_PROP_CASE), &sense);
|
|
|
|
(void) nvlist_remove_all(createprops,
|
|
|
|
zfs_prop_to_name(ZFS_PROP_CASE));
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2008-12-03 23:09:06 +03:00
|
|
|
* If the zpl version requested is whacky or the file system
|
|
|
|
* or pool is version is too "young" to support normalization
|
|
|
|
* and the creator tried to set a value for one of the props,
|
|
|
|
* error out.
|
2008-11-20 23:01:55 +03:00
|
|
|
*/
|
2008-12-03 23:09:06 +03:00
|
|
|
if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) ||
|
|
|
|
(zplver >= ZPL_VERSION_FUID && !fuids_ok) ||
|
2010-05-29 00:45:14 +04:00
|
|
|
(zplver >= ZPL_VERSION_SA && !sa_ok) ||
|
2008-12-03 23:09:06 +03:00
|
|
|
(zplver < ZPL_VERSION_NORMALIZATION &&
|
2008-11-20 23:01:55 +03:00
|
|
|
(norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED ||
|
2008-12-03 23:09:06 +03:00
|
|
|
sense != ZFS_PROP_UNDEFINED)))
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(ENOTSUP));
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Put the version in the zplprops
|
|
|
|
*/
|
|
|
|
VERIFY(nvlist_add_uint64(zplprops,
|
|
|
|
zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0);
|
|
|
|
|
2012-04-08 21:18:48 +04:00
|
|
|
if (norm == ZFS_PROP_UNDEFINED &&
|
|
|
|
(error = zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm)) != 0)
|
|
|
|
return (error);
|
2008-11-20 23:01:55 +03:00
|
|
|
VERIFY(nvlist_add_uint64(zplprops,
|
|
|
|
zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If we're normalizing, names must always be valid UTF-8 strings.
|
|
|
|
*/
|
|
|
|
if (norm)
|
|
|
|
u8 = 1;
|
2012-04-08 21:18:48 +04:00
|
|
|
if (u8 == ZFS_PROP_UNDEFINED &&
|
|
|
|
(error = zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8)) != 0)
|
|
|
|
return (error);
|
2008-11-20 23:01:55 +03:00
|
|
|
VERIFY(nvlist_add_uint64(zplprops,
|
|
|
|
zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0);
|
|
|
|
|
2012-04-08 21:18:48 +04:00
|
|
|
if (sense == ZFS_PROP_UNDEFINED &&
|
|
|
|
(error = zfs_get_zplprop(os, ZFS_PROP_CASE, &sense)) != 0)
|
|
|
|
return (error);
|
2008-11-20 23:01:55 +03:00
|
|
|
VERIFY(nvlist_add_uint64(zplprops,
|
|
|
|
zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0);
|
|
|
|
|
|
|
|
if (is_ci)
|
|
|
|
*is_ci = (sense == ZFS_CASE_INSENSITIVE);
|
|
|
|
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
2008-12-03 23:09:06 +03:00
|
|
|
static int
|
|
|
|
zfs_fill_zplprops(const char *dataset, nvlist_t *createprops,
|
|
|
|
nvlist_t *zplprops, boolean_t *is_ci)
|
|
|
|
{
|
2010-05-29 00:45:14 +04:00
|
|
|
boolean_t fuids_ok, sa_ok;
|
2008-12-03 23:09:06 +03:00
|
|
|
uint64_t zplver = ZPL_VERSION;
|
|
|
|
objset_t *os = NULL;
|
2016-06-16 00:28:36 +03:00
|
|
|
char parentname[ZFS_MAX_DATASET_NAME_LEN];
|
2008-12-03 23:09:06 +03:00
|
|
|
char *cp;
|
2010-05-29 00:45:14 +04:00
|
|
|
spa_t *spa;
|
|
|
|
uint64_t spa_vers;
|
2008-12-03 23:09:06 +03:00
|
|
|
int error;
|
|
|
|
|
|
|
|
(void) strlcpy(parentname, dataset, sizeof (parentname));
|
|
|
|
cp = strrchr(parentname, '/');
|
|
|
|
ASSERT(cp != NULL);
|
|
|
|
cp[0] = '\0';
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
if ((error = spa_open(dataset, &spa, FTAG)) != 0)
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
spa_vers = spa_version(spa);
|
|
|
|
spa_close(spa, FTAG);
|
|
|
|
|
|
|
|
zplver = zfs_zpl_version_map(spa_vers);
|
|
|
|
fuids_ok = (zplver >= ZPL_VERSION_FUID);
|
|
|
|
sa_ok = (zplver >= ZPL_VERSION_SA);
|
2008-12-03 23:09:06 +03:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Open parent object set so we can inherit zplprop values.
|
|
|
|
*/
|
2010-05-29 00:45:14 +04:00
|
|
|
if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0)
|
2008-12-03 23:09:06 +03:00
|
|
|
return (error);
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops,
|
2008-12-03 23:09:06 +03:00
|
|
|
zplprops, is_ci);
|
2010-05-29 00:45:14 +04:00
|
|
|
dmu_objset_rele(os, FTAG);
|
2008-12-03 23:09:06 +03:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops,
|
|
|
|
nvlist_t *zplprops, boolean_t *is_ci)
|
|
|
|
{
|
2010-05-29 00:45:14 +04:00
|
|
|
boolean_t fuids_ok;
|
|
|
|
boolean_t sa_ok;
|
2008-12-03 23:09:06 +03:00
|
|
|
uint64_t zplver = ZPL_VERSION;
|
|
|
|
int error;
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
zplver = zfs_zpl_version_map(spa_vers);
|
|
|
|
fuids_ok = (zplver >= ZPL_VERSION_FUID);
|
|
|
|
sa_ok = (zplver >= ZPL_VERSION_SA);
|
2008-12-03 23:09:06 +03:00
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok,
|
|
|
|
createprops, zplprops, is_ci);
|
2008-12-03 23:09:06 +03:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
/*
|
2013-08-28 15:45:09 +04:00
|
|
|
* innvl: {
|
|
|
|
* "type" -> dmu_objset_type_t (int32)
|
|
|
|
* (optional) "props" -> { prop -> value }
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
* (optional) "hidden_args" -> { "wkeydata" -> value }
|
|
|
|
* raw uint8_t array of encryption wrapping key data (32 bytes)
|
2013-08-28 15:45:09 +04:00
|
|
|
* }
|
2008-11-20 23:01:55 +03:00
|
|
|
*
|
2013-08-28 15:45:09 +04:00
|
|
|
* outnvl: propname -> error code (int32)
|
2008-11-20 23:01:55 +03:00
|
|
|
*/
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
|
|
|
|
static const zfs_ioc_key_t zfs_keys_create[] = {
|
|
|
|
{"type", DATA_TYPE_INT32, 0},
|
|
|
|
{"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
|
|
|
|
{"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
|
|
|
|
};
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
static int
|
2013-08-28 15:45:09 +04:00
|
|
|
zfs_ioc_create(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
|
|
|
int error = 0;
|
2013-08-28 15:45:09 +04:00
|
|
|
zfs_creat_t zct = { 0 };
|
2008-11-20 23:01:55 +03:00
|
|
|
nvlist_t *nvprops = NULL;
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
nvlist_t *hidden_args = NULL;
|
2008-11-20 23:01:55 +03:00
|
|
|
void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx);
|
2013-08-28 15:45:09 +04:00
|
|
|
dmu_objset_type_t type;
|
|
|
|
boolean_t is_insensitive = B_FALSE;
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
dsl_crypto_params_t *dcp = NULL;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
type = (dmu_objset_type_t)fnvlist_lookup_int32(innvl, "type");
|
2013-08-28 15:45:09 +04:00
|
|
|
(void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
(void) nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
switch (type) {
|
2008-11-20 23:01:55 +03:00
|
|
|
case DMU_OST_ZFS:
|
|
|
|
cbfunc = zfs_create_cb;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case DMU_OST_ZVOL:
|
|
|
|
cbfunc = zvol_create_cb;
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
cbfunc = NULL;
|
|
|
|
break;
|
|
|
|
}
|
2013-08-28 15:45:09 +04:00
|
|
|
if (strchr(fsname, '@') ||
|
|
|
|
strchr(fsname, '%'))
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EINVAL));
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
zct.zct_props = nvprops;
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
if (cbfunc == NULL)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EINVAL));
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
if (type == DMU_OST_ZVOL) {
|
|
|
|
uint64_t volsize, volblocksize;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
if (nvprops == NULL)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EINVAL));
|
2013-08-28 15:45:09 +04:00
|
|
|
if (nvlist_lookup_uint64(nvprops,
|
|
|
|
zfs_prop_to_name(ZFS_PROP_VOLSIZE), &volsize) != 0)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EINVAL));
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
if ((error = nvlist_lookup_uint64(nvprops,
|
|
|
|
zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
|
|
|
|
&volblocksize)) != 0 && error != ENOENT)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EINVAL));
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
if (error != 0)
|
|
|
|
volblocksize = zfs_prop_default_numeric(
|
|
|
|
ZFS_PROP_VOLBLOCKSIZE);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2015-08-25 00:18:48 +03:00
|
|
|
if ((error = zvol_check_volblocksize(fsname,
|
2013-08-28 15:45:09 +04:00
|
|
|
volblocksize)) != 0 ||
|
|
|
|
(error = zvol_check_volsize(volsize,
|
|
|
|
volblocksize)) != 0)
|
|
|
|
return (error);
|
|
|
|
} else if (type == DMU_OST_ZFS) {
|
|
|
|
int error;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
/*
|
|
|
|
* We have to have normalization and
|
|
|
|
* case-folding flags correct when we do the
|
|
|
|
* file system creation, so go figure them out
|
|
|
|
* now.
|
|
|
|
*/
|
|
|
|
VERIFY(nvlist_alloc(&zct.zct_zplprops,
|
|
|
|
NV_UNIQUE_NAME, KM_SLEEP) == 0);
|
|
|
|
error = zfs_fill_zplprops(fsname, nvprops,
|
|
|
|
zct.zct_zplprops, &is_insensitive);
|
|
|
|
if (error != 0) {
|
|
|
|
nvlist_free(zct.zct_zplprops);
|
|
|
|
return (error);
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
error = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, nvprops,
|
|
|
|
hidden_args, &dcp);
|
|
|
|
if (error != 0) {
|
|
|
|
nvlist_free(zct.zct_zplprops);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
error = dmu_objset_create(fsname, type,
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
is_insensitive ? DS_FLAG_CI_DATASET : 0, dcp, cbfunc, &zct);
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
nvlist_free(zct.zct_zplprops);
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
dsl_crypto_params_free(dcp, !!error);
|
2013-08-28 15:45:09 +04:00
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
/*
|
|
|
|
* It would be nice to do this atomically.
|
|
|
|
*/
|
|
|
|
if (error == 0) {
|
2013-08-28 15:45:09 +04:00
|
|
|
error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
|
|
|
|
nvprops, outnvl);
|
2016-06-07 19:16:52 +03:00
|
|
|
if (error != 0) {
|
|
|
|
spa_t *spa;
|
|
|
|
int error2;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Volumes will return EBUSY and cannot be destroyed
|
|
|
|
* until all asynchronous minor handling has completed.
|
|
|
|
* Wait for the spa_zvol_taskq to drain then retry.
|
|
|
|
*/
|
|
|
|
error2 = dsl_destroy_head(fsname);
|
|
|
|
while ((error2 == EBUSY) && (type == DMU_OST_ZVOL)) {
|
|
|
|
error2 = spa_open(fsname, &spa, FTAG);
|
|
|
|
if (error2 == 0) {
|
|
|
|
taskq_wait(spa->spa_zvol_taskq);
|
|
|
|
spa_close(spa, FTAG);
|
|
|
|
}
|
|
|
|
error2 = dsl_destroy_head(fsname);
|
|
|
|
}
|
|
|
|
}
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2013-08-28 15:45:09 +04:00
|
|
|
* innvl: {
|
|
|
|
* "origin" -> name of origin snapshot
|
|
|
|
* (optional) "props" -> { prop -> value }
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
* (optional) "hidden_args" -> { "wkeydata" -> value }
|
|
|
|
* raw uint8_t array of encryption wrapping key data (32 bytes)
|
2013-08-28 15:45:09 +04:00
|
|
|
* }
|
2008-11-20 23:01:55 +03:00
|
|
|
*
|
2010-05-29 00:45:14 +04:00
|
|
|
* outputs:
|
2013-08-28 15:45:09 +04:00
|
|
|
* outnvl: propname -> error code (int32)
|
2008-11-20 23:01:55 +03:00
|
|
|
*/
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
static const zfs_ioc_key_t zfs_keys_clone[] = {
|
|
|
|
{"origin", DATA_TYPE_STRING, 0},
|
|
|
|
{"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
|
|
|
|
{"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
|
|
|
|
};
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
static int
|
2013-08-28 15:45:09 +04:00
|
|
|
zfs_ioc_clone(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
2013-08-28 15:45:09 +04:00
|
|
|
int error = 0;
|
2008-12-03 23:09:06 +03:00
|
|
|
nvlist_t *nvprops = NULL;
|
2013-08-28 15:45:09 +04:00
|
|
|
char *origin_name;
|
2008-12-03 23:09:06 +03:00
|
|
|
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
origin_name = fnvlist_lookup_string(innvl, "origin");
|
2013-08-28 15:45:09 +04:00
|
|
|
(void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
|
2008-12-03 23:09:06 +03:00
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
if (strchr(fsname, '@') ||
|
|
|
|
strchr(fsname, '%'))
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EINVAL));
|
2013-08-28 15:45:09 +04:00
|
|
|
|
|
|
|
if (dataset_namecheck(origin_name, NULL, NULL) != 0)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EINVAL));
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
error = dmu_objset_clone(fsname, origin_name);
|
2008-12-03 23:09:06 +03:00
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
/*
|
|
|
|
* It would be nice to do this atomically.
|
|
|
|
*/
|
|
|
|
if (error == 0) {
|
|
|
|
error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
|
|
|
|
nvprops, outnvl);
|
|
|
|
if (error != 0)
|
2013-09-04 16:00:57 +04:00
|
|
|
(void) dsl_destroy_head(fsname);
|
2008-12-03 23:09:06 +03:00
|
|
|
}
|
2013-08-28 15:45:09 +04:00
|
|
|
return (error);
|
|
|
|
}
|
2009-07-03 02:44:48 +04:00
|
|
|
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
static const zfs_ioc_key_t zfs_keys_remap[] = {
|
|
|
|
/* no nvl keys */
|
|
|
|
};
|
|
|
|
|
OpenZFS 7614, 9064 - zfs device evacuation/removal
OpenZFS 7614 - zfs device evacuation/removal
OpenZFS 9064 - remove_mirror should wait for device removal to complete
This project allows top-level vdevs to be removed from the storage pool
with "zpool remove", reducing the total amount of storage in the pool.
This operation copies all allocated regions of the device to be removed
onto other devices, recording the mapping from old to new location.
After the removal is complete, read and free operations to the removed
(now "indirect") vdev must be remapped and performed at the new location
on disk. The indirect mapping table is kept in memory whenever the pool
is loaded, so there is minimal performance overhead when doing operations
on the indirect vdev.
The size of the in-memory mapping table will be reduced when its entries
become "obsolete" because they are no longer used by any block pointers
in the pool. An entry becomes obsolete when all the blocks that use
it are freed. An entry can also become obsolete when all the snapshots
that reference it are deleted, and the block pointers that reference it
have been "remapped" in all filesystems/zvols (and clones). Whenever an
indirect block is written, all the block pointers in it will be "remapped"
to their new (concrete) locations if possible. This process can be
accelerated by using the "zfs remap" command to proactively rewrite all
indirect blocks that reference indirect (removed) vdevs.
Note that when a device is removed, we do not verify the checksum of
the data that is copied. This makes the process much faster, but if it
were used on redundant vdevs (i.e. mirror or raidz vdevs), it would be
possible to copy the wrong data, when we have the correct data on e.g.
the other side of the mirror.
At the moment, only mirrors and simple top-level vdevs can be removed
and no removal is allowed if any of the top-level vdevs are raidz.
Porting Notes:
* Avoid zero-sized kmem_alloc() in vdev_compact_children().
The device evacuation code adds a dependency that
vdev_compact_children() be able to properly empty the vdev_child
array by setting it to NULL and zeroing vdev_children. Under Linux,
kmem_alloc() and related functions return a sentinel pointer rather
than NULL for zero-sized allocations.
* Remove comment regarding "mpt" driver where zfs_remove_max_segment
is initialized to SPA_MAXBLOCKSIZE.
Change zfs_condense_indirect_commit_entry_delay_ticks to
zfs_condense_indirect_commit_entry_delay_ms for consistency with
most other tunables in which delays are specified in ms.
* ZTS changes:
Use set_tunable rather than mdb
Use zpool sync as appropriate
Use sync_pool instead of sync
Kill jobs during test_removal_with_operation to allow unmount/export
Don't add non-disk names such as "mirror" or "raidz" to $DISKS
Use $TEST_BASE_DIR instead of /tmp
Increase HZ from 100 to 1000 which is more common on Linux
removal_multiple_indirection.ksh
Reduce iterations in order to not time out on the code
coverage builders.
removal_resume_export:
Functionally, the test case is correct but there exists a race
where the kernel thread hasn't been fully started yet and is
not visible. Wait for up to 1 second for the removal thread
to be started before giving up on it. Also, increase the
amount of data copied in order that the removal not finish
before the export has a chance to fail.
* MMP compatibility, the concept of concrete versus non-concrete devices
has slightly changed the semantics of vdev_writeable(). Update
mmp_random_leaf_impl() accordingly.
* Updated dbuf_remap() to handle the org.zfsonlinux:large_dnode pool
feature which is not supported by OpenZFS.
* Added support for new vdev removal tracepoints.
* Test cases removal_with_zdb and removal_condense_export have been
intentionally disabled. When run manually they pass as intended,
but when running in the automated test environment they produce
unreliable results on the latest Fedora release.
They may work better once the upstream pool import refectoring is
merged into ZoL at which point they will be re-enabled.
Authored by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Alex Reece <alex@delphix.com>
Reviewed-by: George Wilson <george.wilson@delphix.com>
Reviewed-by: John Kennedy <john.kennedy@delphix.com>
Reviewed-by: Prakash Surya <prakash.surya@delphix.com>
Reviewed by: Richard Laager <rlaager@wiktel.com>
Reviewed by: Tim Chase <tim@chase2k.com>
Reviewed by: Brian Behlendorf <behlendorf1@llnl.gov>
Approved by: Garrett D'Amore <garrett@damore.org>
Ported-by: Tim Chase <tim@chase2k.com>
Signed-off-by: Tim Chase <tim@chase2k.com>
OpenZFS-issue: https://www.illumos.org/issues/7614
OpenZFS-commit: https://github.com/openzfs/openzfs/commit/f539f1eb
Closes #6900
2016-09-22 19:30:13 +03:00
|
|
|
/* ARGSUSED */
|
|
|
|
static int
|
|
|
|
zfs_ioc_remap(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
|
|
|
|
{
|
|
|
|
if (strchr(fsname, '@') ||
|
|
|
|
strchr(fsname, '%'))
|
|
|
|
return (SET_ERROR(EINVAL));
|
|
|
|
|
|
|
|
return (dmu_objset_remap_indirects(fsname));
|
|
|
|
}
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
/*
|
|
|
|
* innvl: {
|
|
|
|
* "snaps" -> { snapshot1, snapshot2 }
|
|
|
|
* (optional) "props" -> { prop -> value (string) }
|
|
|
|
* }
|
|
|
|
*
|
|
|
|
* outnvl: snapshot -> error code (int32)
|
|
|
|
*/
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
static const zfs_ioc_key_t zfs_keys_snapshot[] = {
|
|
|
|
{"snaps", DATA_TYPE_NVLIST, 0},
|
|
|
|
{"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
|
|
|
|
};
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
static int
|
|
|
|
zfs_ioc_snapshot(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
|
|
|
|
{
|
|
|
|
nvlist_t *snaps;
|
|
|
|
nvlist_t *props = NULL;
|
|
|
|
int error, poollen;
|
2017-11-04 23:25:13 +03:00
|
|
|
nvpair_t *pair;
|
2009-07-03 02:44:48 +04:00
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
(void) nvlist_lookup_nvlist(innvl, "props", &props);
|
|
|
|
if ((error = zfs_check_userprops(poolname, props)) != 0)
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
if (!nvlist_empty(props) &&
|
|
|
|
zfs_earlier_version(poolname, SPA_VERSION_SNAP_PROPS))
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(ENOTSUP));
|
2013-08-28 15:45:09 +04:00
|
|
|
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
snaps = fnvlist_lookup_nvlist(innvl, "snaps");
|
2013-08-28 15:45:09 +04:00
|
|
|
poollen = strlen(poolname);
|
|
|
|
for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
|
|
|
|
pair = nvlist_next_nvpair(snaps, pair)) {
|
|
|
|
const char *name = nvpair_name(pair);
|
|
|
|
const char *cp = strchr(name, '@');
|
|
|
|
|
|
|
|
/*
|
|
|
|
* The snap name must contain an @, and the part after it must
|
|
|
|
* contain only valid characters.
|
|
|
|
*/
|
2013-12-12 02:33:41 +04:00
|
|
|
if (cp == NULL ||
|
|
|
|
zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EINVAL));
|
2013-08-28 15:45:09 +04:00
|
|
|
|
|
|
|
/*
|
|
|
|
* The snap must be in the specified pool.
|
|
|
|
*/
|
|
|
|
if (strncmp(name, poolname, poollen) != 0 ||
|
|
|
|
(name[poollen] != '/' && name[poollen] != '@'))
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EXDEV));
|
2013-08-28 15:45:09 +04:00
|
|
|
|
|
|
|
/* This must be the only snap of this fs. */
|
2017-11-04 23:25:13 +03:00
|
|
|
for (nvpair_t *pair2 = nvlist_next_nvpair(snaps, pair);
|
2013-08-28 15:45:09 +04:00
|
|
|
pair2 != NULL; pair2 = nvlist_next_nvpair(snaps, pair2)) {
|
|
|
|
if (strncmp(name, nvpair_name(pair2), cp - name + 1)
|
|
|
|
== 0) {
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EXDEV));
|
2013-08-28 15:45:09 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
error = dsl_dataset_snapshot(snaps, props, outnvl);
|
2013-12-07 02:20:22 +04:00
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* innvl: "message" -> string
|
|
|
|
*/
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
static const zfs_ioc_key_t zfs_keys_log_history[] = {
|
|
|
|
{"message", DATA_TYPE_STRING, 0},
|
|
|
|
};
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
/* ARGSUSED */
|
|
|
|
static int
|
|
|
|
zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl)
|
|
|
|
{
|
|
|
|
char *message;
|
|
|
|
spa_t *spa;
|
|
|
|
int error;
|
|
|
|
char *poolname;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* The poolname in the ioctl is not set, we get it from the TSD,
|
|
|
|
* which was set at the end of the last successful ioctl that allows
|
|
|
|
* logging. The secpolicy func already checked that it is set.
|
|
|
|
* Only one log ioctl is allowed after each successful ioctl, so
|
|
|
|
* we clear the TSD here.
|
|
|
|
*/
|
|
|
|
poolname = tsd_get(zfs_allow_log_key);
|
2016-07-27 09:58:17 +03:00
|
|
|
if (poolname == NULL)
|
|
|
|
return (SET_ERROR(EINVAL));
|
2013-08-28 15:45:09 +04:00
|
|
|
(void) tsd_set(zfs_allow_log_key, NULL);
|
|
|
|
error = spa_open(poolname, &spa, FTAG);
|
|
|
|
strfree(poolname);
|
|
|
|
if (error != 0)
|
|
|
|
return (error);
|
|
|
|
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
message = fnvlist_lookup_string(innvl, "message");
|
2013-08-28 15:45:09 +04:00
|
|
|
|
|
|
|
if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
|
|
|
|
spa_close(spa, FTAG);
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(ENOTSUP));
|
2013-08-28 15:45:09 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
error = spa_history_log(spa, message);
|
|
|
|
spa_close(spa, FTAG);
|
2008-12-03 23:09:06 +03:00
|
|
|
return (error);
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
2011-11-11 11:15:53 +04:00
|
|
|
/*
|
2013-09-04 16:00:57 +04:00
|
|
|
* The dp_config_rwlock must not be held when calling this, because the
|
|
|
|
* unmount may need to write out data.
|
|
|
|
*
|
|
|
|
* This function is best-effort. Callers must deal gracefully if it
|
|
|
|
* remains mounted (or is remounted after this call).
|
2013-06-11 21:13:43 +04:00
|
|
|
*
|
2015-04-25 02:21:13 +03:00
|
|
|
* Returns 0 if the argument is not a snapshot, or it is not currently a
|
|
|
|
* filesystem, or we were able to unmount it. Returns error code otherwise.
|
2011-11-11 11:15:53 +04:00
|
|
|
*/
|
2018-02-08 19:32:45 +03:00
|
|
|
void
|
2013-09-04 16:00:57 +04:00
|
|
|
zfs_unmount_snap(const char *snapname)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
2015-04-25 02:21:13 +03:00
|
|
|
if (strchr(snapname, '@') == NULL)
|
2018-02-08 19:32:45 +03:00
|
|
|
return;
|
2011-11-11 11:15:53 +04:00
|
|
|
|
2018-02-08 19:32:45 +03:00
|
|
|
(void) zfsctl_snapshot_unmount((char *)snapname, MNT_FORCE);
|
2013-09-04 16:00:57 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
/* ARGSUSED */
|
|
|
|
static int
|
|
|
|
zfs_unmount_snap_cb(const char *snapname, void *arg)
|
|
|
|
{
|
2018-02-08 19:32:45 +03:00
|
|
|
zfs_unmount_snap(snapname);
|
|
|
|
return (0);
|
2013-09-04 16:00:57 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* When a clone is destroyed, its origin may also need to be destroyed,
|
|
|
|
* in which case it must be unmounted. This routine will do that unmount
|
|
|
|
* if necessary.
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
zfs_destroy_unmount_origin(const char *fsname)
|
|
|
|
{
|
|
|
|
int error;
|
|
|
|
objset_t *os;
|
|
|
|
dsl_dataset_t *ds;
|
|
|
|
|
|
|
|
error = dmu_objset_hold(fsname, FTAG, &os);
|
|
|
|
if (error != 0)
|
|
|
|
return;
|
|
|
|
ds = dmu_objset_ds(os);
|
|
|
|
if (dsl_dir_is_clone(ds->ds_dir) && DS_IS_DEFER_DESTROY(ds->ds_prev)) {
|
2016-06-16 00:28:36 +03:00
|
|
|
char originname[ZFS_MAX_DATASET_NAME_LEN];
|
2013-09-04 16:00:57 +04:00
|
|
|
dsl_dataset_name(ds->ds_prev, originname);
|
|
|
|
dmu_objset_rele(os, FTAG);
|
2018-02-08 19:32:45 +03:00
|
|
|
zfs_unmount_snap(originname);
|
2013-09-04 16:00:57 +04:00
|
|
|
} else {
|
|
|
|
dmu_objset_rele(os, FTAG);
|
|
|
|
}
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2013-08-28 15:45:09 +04:00
|
|
|
* innvl: {
|
|
|
|
* "snaps" -> { snapshot1, snapshot2 }
|
|
|
|
* (optional boolean) "defer"
|
|
|
|
* }
|
2008-11-20 23:01:55 +03:00
|
|
|
*
|
2013-08-28 15:45:09 +04:00
|
|
|
* outnvl: snapshot -> error code (int32)
|
2008-11-20 23:01:55 +03:00
|
|
|
*/
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
static const zfs_ioc_key_t zfs_keys_destroy_snaps[] = {
|
|
|
|
{"snaps", DATA_TYPE_NVLIST, 0},
|
|
|
|
{"defer", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
|
|
|
|
};
|
|
|
|
|
2013-12-12 02:33:41 +04:00
|
|
|
/* ARGSUSED */
|
2008-11-20 23:01:55 +03:00
|
|
|
static int
|
2013-08-28 15:45:09 +04:00
|
|
|
zfs_ioc_destroy_snaps(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
2013-08-28 15:45:09 +04:00
|
|
|
nvlist_t *snaps;
|
2011-11-17 22:14:36 +04:00
|
|
|
nvpair_t *pair;
|
2013-08-28 15:45:09 +04:00
|
|
|
boolean_t defer;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
snaps = fnvlist_lookup_nvlist(innvl, "snaps");
|
2013-08-28 15:45:09 +04:00
|
|
|
defer = nvlist_exists(innvl, "defer");
|
2011-11-17 22:14:36 +04:00
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
|
|
|
|
pair = nvlist_next_nvpair(snaps, pair)) {
|
2018-02-08 19:32:45 +03:00
|
|
|
zfs_unmount_snap(nvpair_name(pair));
|
2013-12-12 02:33:41 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
return (dsl_destroy_snapshots_nvl(snaps, defer, outnvl));
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Create bookmarks. Bookmark names are of the form <fs>#<bmark>.
|
|
|
|
* All bookmarks must be in the same pool.
|
|
|
|
*
|
|
|
|
* innvl: {
|
|
|
|
* bookmark1 -> snapshot1, bookmark2 -> snapshot2
|
|
|
|
* }
|
|
|
|
*
|
|
|
|
* outnvl: bookmark -> error code (int32)
|
|
|
|
*
|
|
|
|
*/
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
static const zfs_ioc_key_t zfs_keys_bookmark[] = {
|
|
|
|
{"<bookmark>...", DATA_TYPE_STRING, ZK_WILDCARDLIST},
|
|
|
|
};
|
|
|
|
|
2013-12-12 02:33:41 +04:00
|
|
|
/* ARGSUSED */
|
|
|
|
static int
|
|
|
|
zfs_ioc_bookmark(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
|
|
|
|
{
|
2017-11-04 23:25:13 +03:00
|
|
|
for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL);
|
2013-12-12 02:33:41 +04:00
|
|
|
pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
|
|
|
|
char *snap_name;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Verify the snapshot argument.
|
|
|
|
*/
|
|
|
|
if (nvpair_value_string(pair, &snap_name) != 0)
|
|
|
|
return (SET_ERROR(EINVAL));
|
|
|
|
|
|
|
|
|
|
|
|
/* Verify that the keys (bookmarks) are unique */
|
2017-11-04 23:25:13 +03:00
|
|
|
for (nvpair_t *pair2 = nvlist_next_nvpair(innvl, pair);
|
2013-12-12 02:33:41 +04:00
|
|
|
pair2 != NULL; pair2 = nvlist_next_nvpair(innvl, pair2)) {
|
|
|
|
if (strcmp(nvpair_name(pair), nvpair_name(pair2)) == 0)
|
|
|
|
return (SET_ERROR(EINVAL));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return (dsl_bookmark_create(innvl, outnvl));
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* innvl: {
|
|
|
|
* property 1, property 2, ...
|
|
|
|
* }
|
|
|
|
*
|
|
|
|
* outnvl: {
|
|
|
|
* bookmark name 1 -> { property 1, property 2, ... },
|
|
|
|
* bookmark name 2 -> { property 1, property 2, ... }
|
|
|
|
* }
|
|
|
|
*
|
|
|
|
*/
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
static const zfs_ioc_key_t zfs_keys_get_bookmarks[] = {
|
|
|
|
{"<property>...", DATA_TYPE_BOOLEAN, ZK_WILDCARDLIST | ZK_OPTIONAL},
|
|
|
|
};
|
|
|
|
|
2013-12-12 02:33:41 +04:00
|
|
|
static int
|
|
|
|
zfs_ioc_get_bookmarks(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
|
|
|
|
{
|
|
|
|
return (dsl_get_bookmarks(fsname, innvl, outnvl));
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* innvl: {
|
|
|
|
* bookmark name 1, bookmark name 2
|
|
|
|
* }
|
|
|
|
*
|
|
|
|
* outnvl: bookmark -> error code (int32)
|
|
|
|
*
|
|
|
|
*/
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
static const zfs_ioc_key_t zfs_keys_destroy_bookmarks[] = {
|
|
|
|
{"<bookmark>...", DATA_TYPE_BOOLEAN, ZK_WILDCARDLIST},
|
|
|
|
};
|
|
|
|
|
2013-12-12 02:33:41 +04:00
|
|
|
static int
|
|
|
|
zfs_ioc_destroy_bookmarks(const char *poolname, nvlist_t *innvl,
|
|
|
|
nvlist_t *outnvl)
|
|
|
|
{
|
|
|
|
int error, poollen;
|
|
|
|
|
|
|
|
poollen = strlen(poolname);
|
2017-11-04 23:25:13 +03:00
|
|
|
for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL);
|
2013-12-12 02:33:41 +04:00
|
|
|
pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
|
2011-11-17 22:14:36 +04:00
|
|
|
const char *name = nvpair_name(pair);
|
2013-12-12 02:33:41 +04:00
|
|
|
const char *cp = strchr(name, '#');
|
2013-08-28 15:45:09 +04:00
|
|
|
|
2011-11-17 22:14:36 +04:00
|
|
|
/*
|
2013-12-12 02:33:41 +04:00
|
|
|
* The bookmark name must contain an #, and the part after it
|
|
|
|
* must contain only valid characters.
|
|
|
|
*/
|
|
|
|
if (cp == NULL ||
|
|
|
|
zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
|
|
|
|
return (SET_ERROR(EINVAL));
|
|
|
|
|
|
|
|
/*
|
|
|
|
* The bookmark must be in the specified pool.
|
2011-11-17 22:14:36 +04:00
|
|
|
*/
|
2013-08-28 15:45:09 +04:00
|
|
|
if (strncmp(name, poolname, poollen) != 0 ||
|
2013-12-12 02:33:41 +04:00
|
|
|
(name[poollen] != '/' && name[poollen] != '#'))
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EXDEV));
|
2011-11-17 22:14:36 +04:00
|
|
|
}
|
|
|
|
|
2013-12-12 02:33:41 +04:00
|
|
|
error = dsl_bookmark_destroy(innvl, outnvl);
|
|
|
|
return (error);
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
|
|
|
|
{"program", DATA_TYPE_STRING, 0},
|
|
|
|
{"arg", DATA_TYPE_ANY, 0},
|
|
|
|
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
|
|
|
|
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
|
|
|
|
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
|
|
|
|
};
|
|
|
|
|
2018-02-08 19:16:23 +03:00
|
|
|
static int
|
|
|
|
zfs_ioc_channel_program(const char *poolname, nvlist_t *innvl,
|
|
|
|
nvlist_t *outnvl)
|
|
|
|
{
|
|
|
|
char *program;
|
|
|
|
uint64_t instrlimit, memlimit;
|
2018-02-08 19:35:09 +03:00
|
|
|
boolean_t sync_flag;
|
2018-02-08 19:16:23 +03:00
|
|
|
nvpair_t *nvarg = NULL;
|
|
|
|
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
program = fnvlist_lookup_string(innvl, ZCP_ARG_PROGRAM);
|
2018-02-08 19:35:09 +03:00
|
|
|
if (0 != nvlist_lookup_boolean_value(innvl, ZCP_ARG_SYNC, &sync_flag)) {
|
|
|
|
sync_flag = B_TRUE;
|
|
|
|
}
|
2018-02-08 19:16:23 +03:00
|
|
|
if (0 != nvlist_lookup_uint64(innvl, ZCP_ARG_INSTRLIMIT, &instrlimit)) {
|
|
|
|
instrlimit = ZCP_DEFAULT_INSTRLIMIT;
|
|
|
|
}
|
|
|
|
if (0 != nvlist_lookup_uint64(innvl, ZCP_ARG_MEMLIMIT, &memlimit)) {
|
|
|
|
memlimit = ZCP_DEFAULT_MEMLIMIT;
|
|
|
|
}
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
nvarg = fnvlist_lookup_nvpair(innvl, ZCP_ARG_ARGLIST);
|
2018-02-08 19:16:23 +03:00
|
|
|
|
|
|
|
if (instrlimit == 0 || instrlimit > zfs_lua_max_instrlimit)
|
|
|
|
return (EINVAL);
|
2018-02-08 19:24:39 +03:00
|
|
|
if (memlimit == 0 || memlimit > zfs_lua_max_memlimit)
|
2018-02-08 19:16:23 +03:00
|
|
|
return (EINVAL);
|
|
|
|
|
2018-02-08 19:35:09 +03:00
|
|
|
return (zcp_eval(poolname, program, sync_flag, instrlimit, memlimit,
|
2018-02-08 19:16:23 +03:00
|
|
|
nvarg, outnvl));
|
|
|
|
}
|
|
|
|
|
2016-12-17 01:11:29 +03:00
|
|
|
/*
|
|
|
|
* innvl: unused
|
|
|
|
* outnvl: empty
|
|
|
|
*/
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
static const zfs_ioc_key_t zfs_keys_pool_checkpoint[] = {
|
|
|
|
/* no nvl keys */
|
|
|
|
};
|
|
|
|
|
2016-12-17 01:11:29 +03:00
|
|
|
/* ARGSUSED */
|
|
|
|
static int
|
|
|
|
zfs_ioc_pool_checkpoint(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
|
|
|
|
{
|
|
|
|
return (spa_checkpoint(poolname));
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* innvl: unused
|
|
|
|
* outnvl: empty
|
|
|
|
*/
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
static const zfs_ioc_key_t zfs_keys_pool_discard_checkpoint[] = {
|
|
|
|
/* no nvl keys */
|
|
|
|
};
|
|
|
|
|
2016-12-17 01:11:29 +03:00
|
|
|
/* ARGSUSED */
|
|
|
|
static int
|
|
|
|
zfs_ioc_pool_discard_checkpoint(const char *poolname, nvlist_t *innvl,
|
|
|
|
nvlist_t *outnvl)
|
|
|
|
{
|
|
|
|
return (spa_checkpoint_discard(poolname));
|
|
|
|
}
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
/*
|
|
|
|
* inputs:
|
|
|
|
* zc_name name of dataset to destroy
|
|
|
|
* zc_objset_type type of objset
|
2009-08-18 22:43:27 +04:00
|
|
|
* zc_defer_destroy mark for deferred destroy
|
2008-11-20 23:01:55 +03:00
|
|
|
*
|
|
|
|
* outputs: none
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
zfs_ioc_destroy(zfs_cmd_t *zc)
|
|
|
|
{
|
2010-05-29 00:45:14 +04:00
|
|
|
int err;
|
2013-06-11 21:13:43 +04:00
|
|
|
|
2018-02-08 19:32:45 +03:00
|
|
|
if (zc->zc_objset_type == DMU_OST_ZFS)
|
|
|
|
zfs_unmount_snap(zc->zc_name);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2016-07-12 20:53:53 +03:00
|
|
|
if (strchr(zc->zc_name, '@')) {
|
2013-09-04 16:00:57 +04:00
|
|
|
err = dsl_destroy_snapshot(zc->zc_name, zc->zc_defer_destroy);
|
2016-07-12 20:53:53 +03:00
|
|
|
} else {
|
2013-09-04 16:00:57 +04:00
|
|
|
err = dsl_destroy_head(zc->zc_name);
|
2016-07-12 20:53:53 +03:00
|
|
|
if (err == EEXIST) {
|
|
|
|
/*
|
|
|
|
* It is possible that the given DS may have
|
|
|
|
* hidden child (%recv) datasets - "leftovers"
|
|
|
|
* resulting from the previously interrupted
|
|
|
|
* 'zfs receive'.
|
|
|
|
*
|
|
|
|
* 6 extra bytes for /%recv
|
|
|
|
*/
|
|
|
|
char namebuf[ZFS_MAX_DATASET_NAME_LEN + 6];
|
|
|
|
|
2017-06-28 20:05:16 +03:00
|
|
|
if (snprintf(namebuf, sizeof (namebuf), "%s/%s",
|
|
|
|
zc->zc_name, recv_clone_name) >=
|
|
|
|
sizeof (namebuf))
|
|
|
|
return (SET_ERROR(EINVAL));
|
2016-07-12 20:53:53 +03:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Try to remove the hidden child (%recv) and after
|
|
|
|
* that try to remove the target dataset.
|
|
|
|
* If the hidden child (%recv) does not exist
|
|
|
|
* the original error (EEXIST) will be returned
|
|
|
|
*/
|
|
|
|
err = dsl_destroy_head(namebuf);
|
|
|
|
if (err == 0)
|
|
|
|
err = dsl_destroy_head(zc->zc_name);
|
|
|
|
else if (err == ENOENT)
|
2017-08-03 07:16:12 +03:00
|
|
|
err = SET_ERROR(EEXIST);
|
2016-07-12 20:53:53 +03:00
|
|
|
}
|
|
|
|
}
|
2014-03-22 13:07:14 +04:00
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
return (err);
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2013-08-14 23:42:31 +04:00
|
|
|
* fsname is name of dataset to rollback (to most recent snapshot)
|
2008-11-20 23:01:55 +03:00
|
|
|
*
|
2017-03-11 21:26:47 +03:00
|
|
|
* innvl may contain name of expected target snapshot
|
2013-08-14 23:42:31 +04:00
|
|
|
*
|
|
|
|
* outnvl: "target" -> name of most recent snapshot
|
|
|
|
* }
|
2008-11-20 23:01:55 +03:00
|
|
|
*/
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
static const zfs_ioc_key_t zfs_keys_rollback[] = {
|
|
|
|
{"target", DATA_TYPE_STRING, ZK_OPTIONAL},
|
|
|
|
};
|
|
|
|
|
2013-08-14 23:42:31 +04:00
|
|
|
/* ARGSUSED */
|
2008-11-20 23:01:55 +03:00
|
|
|
static int
|
2017-03-11 21:26:47 +03:00
|
|
|
zfs_ioc_rollback(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
2017-03-08 03:21:37 +03:00
|
|
|
zfsvfs_t *zfsvfs;
|
2017-01-20 00:56:36 +03:00
|
|
|
zvol_state_t *zv;
|
2017-03-11 21:26:47 +03:00
|
|
|
char *target = NULL;
|
2013-09-04 16:00:57 +04:00
|
|
|
int error;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2017-03-11 21:26:47 +03:00
|
|
|
(void) nvlist_lookup_string(innvl, "target", &target);
|
|
|
|
if (target != NULL) {
|
2017-07-27 15:58:52 +03:00
|
|
|
const char *cp = strchr(target, '@');
|
2017-03-11 21:26:47 +03:00
|
|
|
|
2017-07-27 15:58:52 +03:00
|
|
|
/*
|
|
|
|
* The snap name must contain an @, and the part after it must
|
|
|
|
* contain only valid characters.
|
|
|
|
*/
|
|
|
|
if (cp == NULL ||
|
|
|
|
zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
|
2017-03-11 21:26:47 +03:00
|
|
|
return (SET_ERROR(EINVAL));
|
|
|
|
}
|
|
|
|
|
2017-03-09 01:56:19 +03:00
|
|
|
if (getzfsvfs(fsname, &zfsvfs) == 0) {
|
2017-01-23 21:53:46 +03:00
|
|
|
dsl_dataset_t *ds;
|
|
|
|
|
2017-03-08 03:21:37 +03:00
|
|
|
ds = dmu_objset_ds(zfsvfs->z_os);
|
|
|
|
error = zfs_suspend_fs(zfsvfs);
|
2008-11-20 23:01:55 +03:00
|
|
|
if (error == 0) {
|
|
|
|
int resume_err;
|
|
|
|
|
2017-03-11 21:26:47 +03:00
|
|
|
error = dsl_dataset_rollback(fsname, target, zfsvfs,
|
|
|
|
outnvl);
|
2017-03-08 03:21:37 +03:00
|
|
|
resume_err = zfs_resume_fs(zfsvfs, ds);
|
2008-11-20 23:01:55 +03:00
|
|
|
error = error ? error : resume_err;
|
|
|
|
}
|
2017-03-08 03:21:37 +03:00
|
|
|
deactivate_super(zfsvfs->z_sb);
|
2017-01-20 00:56:36 +03:00
|
|
|
} else if ((zv = zvol_suspend(fsname)) != NULL) {
|
2017-03-11 21:26:47 +03:00
|
|
|
error = dsl_dataset_rollback(fsname, target, zvol_tag(zv),
|
|
|
|
outnvl);
|
2017-01-20 00:56:36 +03:00
|
|
|
zvol_resume(zv);
|
2008-11-20 23:01:55 +03:00
|
|
|
} else {
|
2017-03-11 21:26:47 +03:00
|
|
|
error = dsl_dataset_rollback(fsname, target, NULL, outnvl);
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
2013-09-04 16:00:57 +04:00
|
|
|
return (error);
|
|
|
|
}
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
static int
|
|
|
|
recursive_unmount(const char *fsname, void *arg)
|
|
|
|
{
|
|
|
|
const char *snapname = arg;
|
|
|
|
char *fullname;
|
2010-05-29 00:45:14 +04:00
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
fullname = kmem_asprintf("%s@%s", fsname, snapname);
|
2018-02-08 19:32:45 +03:00
|
|
|
zfs_unmount_snap(fullname);
|
2013-09-04 16:00:57 +04:00
|
|
|
strfree(fullname);
|
2013-11-26 18:21:23 +04:00
|
|
|
|
2018-02-08 19:32:45 +03:00
|
|
|
return (0);
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* inputs:
|
|
|
|
* zc_name old name of dataset
|
|
|
|
* zc_value new name of dataset
|
|
|
|
* zc_cookie recursive flag (only valid for snapshots)
|
|
|
|
*
|
|
|
|
* outputs: none
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
zfs_ioc_rename(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
boolean_t recursive = zc->zc_cookie & 1;
|
2013-09-04 16:00:57 +04:00
|
|
|
char *at;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2017-07-29 00:12:34 +03:00
|
|
|
/* "zfs rename" from and to ...%recv datasets should both fail */
|
|
|
|
zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
|
2008-11-20 23:01:55 +03:00
|
|
|
zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
|
2017-07-29 00:12:34 +03:00
|
|
|
if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0 ||
|
|
|
|
dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
|
|
|
|
strchr(zc->zc_name, '%') || strchr(zc->zc_value, '%'))
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EINVAL));
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
at = strchr(zc->zc_name, '@');
|
|
|
|
if (at != NULL) {
|
|
|
|
/* snaps must be in same fs */
|
2013-08-06 21:50:40 +04:00
|
|
|
int error;
|
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
if (strncmp(zc->zc_name, zc->zc_value, at - zc->zc_name + 1))
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EXDEV));
|
2013-09-04 16:00:57 +04:00
|
|
|
*at = '\0';
|
|
|
|
if (zc->zc_objset_type == DMU_OST_ZFS) {
|
2013-08-06 21:50:40 +04:00
|
|
|
error = dmu_objset_find(zc->zc_name,
|
2013-09-04 16:00:57 +04:00
|
|
|
recursive_unmount, at + 1,
|
|
|
|
recursive ? DS_FIND_CHILDREN : 0);
|
2013-08-06 21:50:40 +04:00
|
|
|
if (error != 0) {
|
|
|
|
*at = '@';
|
2013-09-04 16:00:57 +04:00
|
|
|
return (error);
|
2013-08-06 21:50:40 +04:00
|
|
|
}
|
2013-09-04 16:00:57 +04:00
|
|
|
}
|
2013-08-06 21:50:40 +04:00
|
|
|
error = dsl_dataset_rename_snapshot(zc->zc_name,
|
|
|
|
at + 1, strchr(zc->zc_value, '@') + 1, recursive);
|
|
|
|
*at = '@';
|
|
|
|
|
|
|
|
return (error);
|
2013-09-04 16:00:57 +04:00
|
|
|
} else {
|
2013-12-07 02:20:22 +04:00
|
|
|
return (dsl_dir_rename(zc->zc_name, zc->zc_value));
|
2011-01-07 23:24:03 +03:00
|
|
|
}
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
static int
|
|
|
|
zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr)
|
|
|
|
{
|
|
|
|
const char *propname = nvpair_name(pair);
|
|
|
|
boolean_t issnap = (strchr(dsname, '@') != NULL);
|
|
|
|
zfs_prop_t prop = zfs_name_to_prop(propname);
|
|
|
|
uint64_t intval;
|
|
|
|
int err;
|
|
|
|
|
|
|
|
if (prop == ZPROP_INVAL) {
|
|
|
|
if (zfs_prop_user(propname)) {
|
2010-08-26 20:52:42 +04:00
|
|
|
if ((err = zfs_secpolicy_write_perms(dsname,
|
|
|
|
ZFS_DELEG_PERM_USERPROP, cr)))
|
2010-05-29 00:45:14 +04:00
|
|
|
return (err);
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!issnap && zfs_prop_userquota(propname)) {
|
|
|
|
const char *perm = NULL;
|
|
|
|
const char *uq_prefix =
|
|
|
|
zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA];
|
|
|
|
const char *gq_prefix =
|
|
|
|
zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA];
|
2016-10-04 21:46:10 +03:00
|
|
|
const char *uiq_prefix =
|
|
|
|
zfs_userquota_prop_prefixes[ZFS_PROP_USEROBJQUOTA];
|
|
|
|
const char *giq_prefix =
|
|
|
|
zfs_userquota_prop_prefixes[ZFS_PROP_GROUPOBJQUOTA];
|
2018-02-14 01:54:54 +03:00
|
|
|
const char *pq_prefix =
|
|
|
|
zfs_userquota_prop_prefixes[ZFS_PROP_PROJECTQUOTA];
|
|
|
|
const char *piq_prefix = zfs_userquota_prop_prefixes[\
|
|
|
|
ZFS_PROP_PROJECTOBJQUOTA];
|
2010-05-29 00:45:14 +04:00
|
|
|
|
|
|
|
if (strncmp(propname, uq_prefix,
|
|
|
|
strlen(uq_prefix)) == 0) {
|
|
|
|
perm = ZFS_DELEG_PERM_USERQUOTA;
|
2016-10-04 21:46:10 +03:00
|
|
|
} else if (strncmp(propname, uiq_prefix,
|
|
|
|
strlen(uiq_prefix)) == 0) {
|
|
|
|
perm = ZFS_DELEG_PERM_USEROBJQUOTA;
|
2010-05-29 00:45:14 +04:00
|
|
|
} else if (strncmp(propname, gq_prefix,
|
|
|
|
strlen(gq_prefix)) == 0) {
|
|
|
|
perm = ZFS_DELEG_PERM_GROUPQUOTA;
|
2016-10-04 21:46:10 +03:00
|
|
|
} else if (strncmp(propname, giq_prefix,
|
|
|
|
strlen(giq_prefix)) == 0) {
|
|
|
|
perm = ZFS_DELEG_PERM_GROUPOBJQUOTA;
|
2018-02-14 01:54:54 +03:00
|
|
|
} else if (strncmp(propname, pq_prefix,
|
|
|
|
strlen(pq_prefix)) == 0) {
|
|
|
|
perm = ZFS_DELEG_PERM_PROJECTQUOTA;
|
|
|
|
} else if (strncmp(propname, piq_prefix,
|
|
|
|
strlen(piq_prefix)) == 0) {
|
|
|
|
perm = ZFS_DELEG_PERM_PROJECTOBJQUOTA;
|
2010-05-29 00:45:14 +04:00
|
|
|
} else {
|
2018-02-14 01:54:54 +03:00
|
|
|
/* {USER|GROUP|PROJECT}USED are read-only */
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EINVAL));
|
2010-05-29 00:45:14 +04:00
|
|
|
}
|
|
|
|
|
2010-08-26 20:52:42 +04:00
|
|
|
if ((err = zfs_secpolicy_write_perms(dsname, perm, cr)))
|
2010-05-29 00:45:14 +04:00
|
|
|
return (err);
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EINVAL));
|
2010-05-29 00:45:14 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
if (issnap)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EINVAL));
|
2010-05-29 00:45:14 +04:00
|
|
|
|
|
|
|
if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
|
|
|
|
/*
|
|
|
|
* dsl_prop_get_all_impl() returns properties in this
|
|
|
|
* format.
|
|
|
|
*/
|
|
|
|
nvlist_t *attrs;
|
|
|
|
VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
|
|
|
|
VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
|
|
|
|
&pair) == 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Check that this value is valid for this pool version
|
|
|
|
*/
|
|
|
|
switch (prop) {
|
|
|
|
case ZFS_PROP_COMPRESSION:
|
|
|
|
/*
|
|
|
|
* If the user specified gzip compression, make sure
|
|
|
|
* the SPA supports it. We ignore any errors here since
|
|
|
|
* we'll catch them later.
|
|
|
|
*/
|
2014-11-03 23:15:08 +03:00
|
|
|
if (nvpair_value_uint64(pair, &intval) == 0) {
|
2010-05-29 00:45:14 +04:00
|
|
|
if (intval >= ZIO_COMPRESS_GZIP_1 &&
|
|
|
|
intval <= ZIO_COMPRESS_GZIP_9 &&
|
|
|
|
zfs_earlier_version(dsname,
|
|
|
|
SPA_VERSION_GZIP_COMPRESSION)) {
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(ENOTSUP));
|
2010-05-29 00:45:14 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
if (intval == ZIO_COMPRESS_ZLE &&
|
|
|
|
zfs_earlier_version(dsname,
|
|
|
|
SPA_VERSION_ZLE_COMPRESSION))
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(ENOTSUP));
|
2010-05-29 00:45:14 +04:00
|
|
|
|
2013-01-23 13:54:30 +04:00
|
|
|
if (intval == ZIO_COMPRESS_LZ4) {
|
|
|
|
spa_t *spa;
|
|
|
|
|
|
|
|
if ((err = spa_open(dsname, &spa, FTAG)) != 0)
|
|
|
|
return (err);
|
|
|
|
|
2013-10-08 21:13:05 +04:00
|
|
|
if (!spa_feature_is_enabled(spa,
|
|
|
|
SPA_FEATURE_LZ4_COMPRESS)) {
|
2013-01-23 13:54:30 +04:00
|
|
|
spa_close(spa, FTAG);
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(ENOTSUP));
|
2013-01-23 13:54:30 +04:00
|
|
|
}
|
|
|
|
spa_close(spa, FTAG);
|
|
|
|
}
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
/*
|
|
|
|
* If this is a bootable dataset then
|
|
|
|
* verify that the compression algorithm
|
|
|
|
* is supported for booting. We must return
|
|
|
|
* something other than ENOTSUP since it
|
|
|
|
* implies a downrev pool version.
|
|
|
|
*/
|
|
|
|
if (zfs_is_bootfs(dsname) &&
|
|
|
|
!BOOTFS_COMPRESS_VALID(intval)) {
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(ERANGE));
|
2010-05-29 00:45:14 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case ZFS_PROP_COPIES:
|
|
|
|
if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS))
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(ENOTSUP));
|
2010-05-29 00:45:14 +04:00
|
|
|
break;
|
|
|
|
|
2015-08-25 00:18:48 +03:00
|
|
|
case ZFS_PROP_VOLBLOCKSIZE:
|
2014-11-03 23:15:08 +03:00
|
|
|
case ZFS_PROP_RECORDSIZE:
|
|
|
|
/* Record sizes above 128k need the feature to be enabled */
|
|
|
|
if (nvpair_value_uint64(pair, &intval) == 0 &&
|
|
|
|
intval > SPA_OLD_MAXBLOCKSIZE) {
|
|
|
|
spa_t *spa;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* We don't allow setting the property above 1MB,
|
|
|
|
* unless the tunable has been changed.
|
|
|
|
*/
|
|
|
|
if (intval > zfs_max_recordsize ||
|
|
|
|
intval > SPA_MAXBLOCKSIZE)
|
2016-05-06 02:19:12 +03:00
|
|
|
return (SET_ERROR(ERANGE));
|
2014-11-03 23:15:08 +03:00
|
|
|
|
|
|
|
if ((err = spa_open(dsname, &spa, FTAG)) != 0)
|
|
|
|
return (err);
|
|
|
|
|
|
|
|
if (!spa_feature_is_enabled(spa,
|
|
|
|
SPA_FEATURE_LARGE_BLOCKS)) {
|
|
|
|
spa_close(spa, FTAG);
|
|
|
|
return (SET_ERROR(ENOTSUP));
|
|
|
|
}
|
|
|
|
spa_close(spa, FTAG);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
Implement large_dnode pool feature
Justification
-------------
This feature adds support for variable length dnodes. Our motivation is
to eliminate the overhead associated with using spill blocks. Spill
blocks are used to store system attribute data (i.e. file metadata) that
does not fit in the dnode's bonus buffer. By allowing a larger bonus
buffer area the use of a spill block can be avoided. Spill blocks
potentially incur an additional read I/O for every dnode in a dnode
block. As a worst case example, reading 32 dnodes from a 16k dnode block
and all of the spill blocks could issue 33 separate reads. Now suppose
those dnodes have size 1024 and therefore don't need spill blocks. Then
the worst case number of blocks read is reduced to from 33 to two--one
per dnode block. In practice spill blocks may tend to be co-located on
disk with the dnode blocks so the reduction in I/O would not be this
drastic. In a badly fragmented pool, however, the improvement could be
significant.
ZFS-on-Linux systems that make heavy use of extended attributes would
benefit from this feature. In particular, ZFS-on-Linux supports the
xattr=sa dataset property which allows file extended attribute data
to be stored in the dnode bonus buffer as an alternative to the
traditional directory-based format. Workloads such as SELinux and the
Lustre distributed filesystem often store enough xattr data to force
spill bocks when xattr=sa is in effect. Large dnodes may therefore
provide a performance benefit to such systems.
Other use cases that may benefit from this feature include files with
large ACLs and symbolic links with long target names. Furthermore,
this feature may be desirable on other platforms in case future
applications or features are developed that could make use of a
larger bonus buffer area.
Implementation
--------------
The size of a dnode may be a multiple of 512 bytes up to the size of
a dnode block (currently 16384 bytes). A dn_extra_slots field was
added to the current on-disk dnode_phys_t structure to describe the
size of the physical dnode on disk. The 8 bits for this field were
taken from the zero filled dn_pad2 field. The field represents how
many "extra" dnode_phys_t slots a dnode consumes in its dnode block.
This convention results in a value of 0 for 512 byte dnodes which
preserves on-disk format compatibility with older software.
Similarly, the in-memory dnode_t structure has a new dn_num_slots field
to represent the total number of dnode_phys_t slots consumed on disk.
Thus dn->dn_num_slots is 1 greater than the corresponding
dnp->dn_extra_slots. This difference in convention was adopted
because, unlike on-disk structures, backward compatibility is not a
concern for in-memory objects, so we used a more natural way to
represent size for a dnode_t.
The default size for newly created dnodes is determined by the value of
a new "dnodesize" dataset property. By default the property is set to
"legacy" which is compatible with older software. Setting the property
to "auto" will allow the filesystem to choose the most suitable dnode
size. Currently this just sets the default dnode size to 1k, but future
code improvements could dynamically choose a size based on observed
workload patterns. Dnodes of varying sizes can coexist within the same
dataset and even within the same dnode block. For example, to enable
automatically-sized dnodes, run
# zfs set dnodesize=auto tank/fish
The user can also specify literal values for the dnodesize property.
These are currently limited to powers of two from 1k to 16k. The
power-of-2 limitation is only for simplicity of the user interface.
Internally the implementation can handle any multiple of 512 up to 16k,
and consumers of the DMU API can specify any legal dnode value.
The size of a new dnode is determined at object allocation time and
stored as a new field in the znode in-memory structure. New DMU
interfaces are added to allow the consumer to specify the dnode size
that a newly allocated object should use. Existing interfaces are
unchanged to avoid having to update every call site and to preserve
compatibility with external consumers such as Lustre. The new
interfaces names are given below. The versions of these functions that
don't take a dnodesize parameter now just call the _dnsize() versions
with a dnodesize of 0, which means use the legacy dnode size.
New DMU interfaces:
dmu_object_alloc_dnsize()
dmu_object_claim_dnsize()
dmu_object_reclaim_dnsize()
New ZAP interfaces:
zap_create_dnsize()
zap_create_norm_dnsize()
zap_create_flags_dnsize()
zap_create_claim_norm_dnsize()
zap_create_link_dnsize()
The constant DN_MAX_BONUSLEN is renamed to DN_OLD_MAX_BONUSLEN. The
spa_maxdnodesize() function should be used to determine the maximum
bonus length for a pool.
These are a few noteworthy changes to key functions:
* The prototype for dnode_hold_impl() now takes a "slots" parameter.
When the DNODE_MUST_BE_FREE flag is set, this parameter is used to
ensure the hole at the specified object offset is large enough to
hold the dnode being created. The slots parameter is also used
to ensure a dnode does not span multiple dnode blocks. In both of
these cases, if a failure occurs, ENOSPC is returned. Keep in mind,
these failure cases are only possible when using DNODE_MUST_BE_FREE.
If the DNODE_MUST_BE_ALLOCATED flag is set, "slots" must be 0.
dnode_hold_impl() will check if the requested dnode is already
consumed as an extra dnode slot by an large dnode, in which case
it returns ENOENT.
* The function dmu_object_alloc() advances to the next dnode block
if dnode_hold_impl() returns an error for a requested object.
This is because the beginning of the next dnode block is the only
location it can safely assume to either be a hole or a valid
starting point for a dnode.
* dnode_next_offset_level() and other functions that iterate
through dnode blocks may no longer use a simple array indexing
scheme. These now use the current dnode's dn_num_slots field to
advance to the next dnode in the block. This is to ensure we
properly skip the current dnode's bonus area and don't interpret it
as a valid dnode.
zdb
---
The zdb command was updated to display a dnode's size under the
"dnsize" column when the object is dumped.
For ZIL create log records, zdb will now display the slot count for
the object.
ztest
-----
Ztest chooses a random dnodesize for every newly created object. The
random distribution is more heavily weighted toward small dnodes to
better simulate real-world datasets.
Unused bonus buffer space is filled with non-zero values computed from
the object number, dataset id, offset, and generation number. This
helps ensure that the dnode traversal code properly skips the interior
regions of large dnodes, and that these interior regions are not
overwritten by data belonging to other dnodes. A new test visits each
object in a dataset. It verifies that the actual dnode size matches what
was stored in the ztest block tag when it was created. It also verifies
that the unused bonus buffer space is filled with the expected data
patterns.
ZFS Test Suite
--------------
Added six new large dnode-specific tests, and integrated the dnodesize
property into existing tests for zfs allow and send/recv.
Send/Receive
------------
ZFS send streams for datasets containing large dnodes cannot be received
on pools that don't support the large_dnode feature. A send stream with
large dnodes sets a DMU_BACKUP_FEATURE_LARGE_DNODE flag which will be
unrecognized by an incompatible receiving pool so that the zfs receive
will fail gracefully.
While not implemented here, it may be possible to generate a
backward-compatible send stream from a dataset containing large
dnodes. The implementation may be tricky, however, because the send
object record for a large dnode would need to be resized to a 512
byte dnode, possibly kicking in a spill block in the process. This
means we would need to construct a new SA layout and possibly
register it in the SA layout object. The SA layout is normally just
sent as an ordinary object record. But if we are constructing new
layouts while generating the send stream we'd have to build the SA
layout object dynamically and send it at the end of the stream.
For sending and receiving between pools that do support large dnodes,
the drr_object send record type is extended with a new field to store
the dnode slot count. This field was repurposed from unused padding
in the structure.
ZIL Replay
----------
The dnode slot count is stored in the uppermost 8 bits of the lr_foid
field. The bits were unused as the object id is currently capped at
48 bits.
Resizing Dnodes
---------------
It should be possible to resize a dnode when it is dirtied if the
current dnodesize dataset property differs from the dnode's size, but
this functionality is not currently implemented. Clearly a dnode can
only grow if there are sufficient contiguous unused slots in the
dnode block, but it should always be possible to shrink a dnode.
Growing dnodes may be useful to reduce fragmentation in a pool with
many spill blocks in use. Shrinking dnodes may be useful to allow
sending a dataset to a pool that doesn't support the large_dnode
feature.
Feature Reference Counting
--------------------------
The reference count for the large_dnode pool feature tracks the
number of datasets that have ever contained a dnode of size larger
than 512 bytes. The first time a large dnode is created in a dataset
the dataset is converted to an extensible dataset. This is a one-way
operation and the only way to decrement the feature count is to
destroy the dataset, even if the dataset no longer contains any large
dnodes. The complexity of reference counting on a per-dnode basis was
too high, so we chose to track it on a per-dataset basis similarly to
the large_block feature.
Signed-off-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #3542
2016-03-17 04:25:34 +03:00
|
|
|
case ZFS_PROP_DNODESIZE:
|
|
|
|
/* Dnode sizes above 512 need the feature to be enabled */
|
|
|
|
if (nvpair_value_uint64(pair, &intval) == 0 &&
|
|
|
|
intval != ZFS_DNSIZE_LEGACY) {
|
|
|
|
spa_t *spa;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If this is a bootable dataset then
|
|
|
|
* we don't allow large (>512B) dnodes,
|
|
|
|
* because GRUB doesn't support them.
|
|
|
|
*/
|
|
|
|
if (zfs_is_bootfs(dsname) &&
|
2016-12-12 21:46:26 +03:00
|
|
|
intval != ZFS_DNSIZE_LEGACY) {
|
Implement large_dnode pool feature
Justification
-------------
This feature adds support for variable length dnodes. Our motivation is
to eliminate the overhead associated with using spill blocks. Spill
blocks are used to store system attribute data (i.e. file metadata) that
does not fit in the dnode's bonus buffer. By allowing a larger bonus
buffer area the use of a spill block can be avoided. Spill blocks
potentially incur an additional read I/O for every dnode in a dnode
block. As a worst case example, reading 32 dnodes from a 16k dnode block
and all of the spill blocks could issue 33 separate reads. Now suppose
those dnodes have size 1024 and therefore don't need spill blocks. Then
the worst case number of blocks read is reduced to from 33 to two--one
per dnode block. In practice spill blocks may tend to be co-located on
disk with the dnode blocks so the reduction in I/O would not be this
drastic. In a badly fragmented pool, however, the improvement could be
significant.
ZFS-on-Linux systems that make heavy use of extended attributes would
benefit from this feature. In particular, ZFS-on-Linux supports the
xattr=sa dataset property which allows file extended attribute data
to be stored in the dnode bonus buffer as an alternative to the
traditional directory-based format. Workloads such as SELinux and the
Lustre distributed filesystem often store enough xattr data to force
spill bocks when xattr=sa is in effect. Large dnodes may therefore
provide a performance benefit to such systems.
Other use cases that may benefit from this feature include files with
large ACLs and symbolic links with long target names. Furthermore,
this feature may be desirable on other platforms in case future
applications or features are developed that could make use of a
larger bonus buffer area.
Implementation
--------------
The size of a dnode may be a multiple of 512 bytes up to the size of
a dnode block (currently 16384 bytes). A dn_extra_slots field was
added to the current on-disk dnode_phys_t structure to describe the
size of the physical dnode on disk. The 8 bits for this field were
taken from the zero filled dn_pad2 field. The field represents how
many "extra" dnode_phys_t slots a dnode consumes in its dnode block.
This convention results in a value of 0 for 512 byte dnodes which
preserves on-disk format compatibility with older software.
Similarly, the in-memory dnode_t structure has a new dn_num_slots field
to represent the total number of dnode_phys_t slots consumed on disk.
Thus dn->dn_num_slots is 1 greater than the corresponding
dnp->dn_extra_slots. This difference in convention was adopted
because, unlike on-disk structures, backward compatibility is not a
concern for in-memory objects, so we used a more natural way to
represent size for a dnode_t.
The default size for newly created dnodes is determined by the value of
a new "dnodesize" dataset property. By default the property is set to
"legacy" which is compatible with older software. Setting the property
to "auto" will allow the filesystem to choose the most suitable dnode
size. Currently this just sets the default dnode size to 1k, but future
code improvements could dynamically choose a size based on observed
workload patterns. Dnodes of varying sizes can coexist within the same
dataset and even within the same dnode block. For example, to enable
automatically-sized dnodes, run
# zfs set dnodesize=auto tank/fish
The user can also specify literal values for the dnodesize property.
These are currently limited to powers of two from 1k to 16k. The
power-of-2 limitation is only for simplicity of the user interface.
Internally the implementation can handle any multiple of 512 up to 16k,
and consumers of the DMU API can specify any legal dnode value.
The size of a new dnode is determined at object allocation time and
stored as a new field in the znode in-memory structure. New DMU
interfaces are added to allow the consumer to specify the dnode size
that a newly allocated object should use. Existing interfaces are
unchanged to avoid having to update every call site and to preserve
compatibility with external consumers such as Lustre. The new
interfaces names are given below. The versions of these functions that
don't take a dnodesize parameter now just call the _dnsize() versions
with a dnodesize of 0, which means use the legacy dnode size.
New DMU interfaces:
dmu_object_alloc_dnsize()
dmu_object_claim_dnsize()
dmu_object_reclaim_dnsize()
New ZAP interfaces:
zap_create_dnsize()
zap_create_norm_dnsize()
zap_create_flags_dnsize()
zap_create_claim_norm_dnsize()
zap_create_link_dnsize()
The constant DN_MAX_BONUSLEN is renamed to DN_OLD_MAX_BONUSLEN. The
spa_maxdnodesize() function should be used to determine the maximum
bonus length for a pool.
These are a few noteworthy changes to key functions:
* The prototype for dnode_hold_impl() now takes a "slots" parameter.
When the DNODE_MUST_BE_FREE flag is set, this parameter is used to
ensure the hole at the specified object offset is large enough to
hold the dnode being created. The slots parameter is also used
to ensure a dnode does not span multiple dnode blocks. In both of
these cases, if a failure occurs, ENOSPC is returned. Keep in mind,
these failure cases are only possible when using DNODE_MUST_BE_FREE.
If the DNODE_MUST_BE_ALLOCATED flag is set, "slots" must be 0.
dnode_hold_impl() will check if the requested dnode is already
consumed as an extra dnode slot by an large dnode, in which case
it returns ENOENT.
* The function dmu_object_alloc() advances to the next dnode block
if dnode_hold_impl() returns an error for a requested object.
This is because the beginning of the next dnode block is the only
location it can safely assume to either be a hole or a valid
starting point for a dnode.
* dnode_next_offset_level() and other functions that iterate
through dnode blocks may no longer use a simple array indexing
scheme. These now use the current dnode's dn_num_slots field to
advance to the next dnode in the block. This is to ensure we
properly skip the current dnode's bonus area and don't interpret it
as a valid dnode.
zdb
---
The zdb command was updated to display a dnode's size under the
"dnsize" column when the object is dumped.
For ZIL create log records, zdb will now display the slot count for
the object.
ztest
-----
Ztest chooses a random dnodesize for every newly created object. The
random distribution is more heavily weighted toward small dnodes to
better simulate real-world datasets.
Unused bonus buffer space is filled with non-zero values computed from
the object number, dataset id, offset, and generation number. This
helps ensure that the dnode traversal code properly skips the interior
regions of large dnodes, and that these interior regions are not
overwritten by data belonging to other dnodes. A new test visits each
object in a dataset. It verifies that the actual dnode size matches what
was stored in the ztest block tag when it was created. It also verifies
that the unused bonus buffer space is filled with the expected data
patterns.
ZFS Test Suite
--------------
Added six new large dnode-specific tests, and integrated the dnodesize
property into existing tests for zfs allow and send/recv.
Send/Receive
------------
ZFS send streams for datasets containing large dnodes cannot be received
on pools that don't support the large_dnode feature. A send stream with
large dnodes sets a DMU_BACKUP_FEATURE_LARGE_DNODE flag which will be
unrecognized by an incompatible receiving pool so that the zfs receive
will fail gracefully.
While not implemented here, it may be possible to generate a
backward-compatible send stream from a dataset containing large
dnodes. The implementation may be tricky, however, because the send
object record for a large dnode would need to be resized to a 512
byte dnode, possibly kicking in a spill block in the process. This
means we would need to construct a new SA layout and possibly
register it in the SA layout object. The SA layout is normally just
sent as an ordinary object record. But if we are constructing new
layouts while generating the send stream we'd have to build the SA
layout object dynamically and send it at the end of the stream.
For sending and receiving between pools that do support large dnodes,
the drr_object send record type is extended with a new field to store
the dnode slot count. This field was repurposed from unused padding
in the structure.
ZIL Replay
----------
The dnode slot count is stored in the uppermost 8 bits of the lr_foid
field. The bits were unused as the object id is currently capped at
48 bits.
Resizing Dnodes
---------------
It should be possible to resize a dnode when it is dirtied if the
current dnodesize dataset property differs from the dnode's size, but
this functionality is not currently implemented. Clearly a dnode can
only grow if there are sufficient contiguous unused slots in the
dnode block, but it should always be possible to shrink a dnode.
Growing dnodes may be useful to reduce fragmentation in a pool with
many spill blocks in use. Shrinking dnodes may be useful to allow
sending a dataset to a pool that doesn't support the large_dnode
feature.
Feature Reference Counting
--------------------------
The reference count for the large_dnode pool feature tracks the
number of datasets that have ever contained a dnode of size larger
than 512 bytes. The first time a large dnode is created in a dataset
the dataset is converted to an extensible dataset. This is a one-way
operation and the only way to decrement the feature count is to
destroy the dataset, even if the dataset no longer contains any large
dnodes. The complexity of reference counting on a per-dnode basis was
too high, so we chose to track it on a per-dataset basis similarly to
the large_block feature.
Signed-off-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #3542
2016-03-17 04:25:34 +03:00
|
|
|
return (SET_ERROR(EDOM));
|
|
|
|
}
|
|
|
|
|
|
|
|
if ((err = spa_open(dsname, &spa, FTAG)) != 0)
|
|
|
|
return (err);
|
|
|
|
|
|
|
|
if (!spa_feature_is_enabled(spa,
|
|
|
|
SPA_FEATURE_LARGE_DNODE)) {
|
|
|
|
spa_close(spa, FTAG);
|
|
|
|
return (SET_ERROR(ENOTSUP));
|
|
|
|
}
|
|
|
|
spa_close(spa, FTAG);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
case ZFS_PROP_SHARESMB:
|
|
|
|
if (zpl_earlier_version(dsname, ZPL_VERSION_FUID))
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(ENOTSUP));
|
2010-05-29 00:45:14 +04:00
|
|
|
break;
|
|
|
|
|
|
|
|
case ZFS_PROP_ACLINHERIT:
|
|
|
|
if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
|
|
|
|
nvpair_value_uint64(pair, &intval) == 0) {
|
|
|
|
if (intval == ZFS_ACL_PASSTHROUGH_X &&
|
|
|
|
zfs_earlier_version(dsname,
|
|
|
|
SPA_VERSION_PASSTHROUGH_X))
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(ENOTSUP));
|
2010-05-29 00:45:14 +04:00
|
|
|
}
|
|
|
|
break;
|
2016-06-16 01:47:05 +03:00
|
|
|
case ZFS_PROP_CHECKSUM:
|
|
|
|
case ZFS_PROP_DEDUP:
|
|
|
|
{
|
|
|
|
spa_feature_t feature;
|
|
|
|
spa_t *spa;
|
|
|
|
int err;
|
|
|
|
|
|
|
|
/* dedup feature version checks */
|
|
|
|
if (prop == ZFS_PROP_DEDUP &&
|
|
|
|
zfs_earlier_version(dsname, SPA_VERSION_DEDUP))
|
|
|
|
return (SET_ERROR(ENOTSUP));
|
|
|
|
|
2018-08-04 00:56:25 +03:00
|
|
|
if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
|
|
|
|
nvpair_value_uint64(pair, &intval) == 0) {
|
|
|
|
/* check prop value is enabled in features */
|
|
|
|
feature = zio_checksum_to_feature(
|
|
|
|
intval & ZIO_CHECKSUM_MASK);
|
|
|
|
if (feature == SPA_FEATURE_NONE)
|
|
|
|
break;
|
2016-06-16 01:47:05 +03:00
|
|
|
|
2018-08-04 00:56:25 +03:00
|
|
|
if ((err = spa_open(dsname, &spa, FTAG)) != 0)
|
|
|
|
return (err);
|
2016-06-01 19:18:10 +03:00
|
|
|
|
2018-08-04 00:56:25 +03:00
|
|
|
if (!spa_feature_is_enabled(spa, feature)) {
|
|
|
|
spa_close(spa, FTAG);
|
|
|
|
return (SET_ERROR(ENOTSUP));
|
|
|
|
}
|
2016-06-16 01:47:05 +03:00
|
|
|
spa_close(spa, FTAG);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2010-08-26 20:52:41 +04:00
|
|
|
default:
|
|
|
|
break;
|
2010-05-29 00:45:14 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
return (zfs_secpolicy_setprop(dsname, prop, pair, CRED()));
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Removes properties from the given props list that fail permission checks
|
|
|
|
* needed to clear them and to restore them in case of a receive error. For each
|
|
|
|
* property, make sure we have both set and inherit permissions.
|
|
|
|
*
|
|
|
|
* Returns the first error encountered if any permission checks fail. If the
|
|
|
|
* caller provides a non-NULL errlist, it also gives the complete list of names
|
|
|
|
* of all the properties that failed a permission check along with the
|
|
|
|
* corresponding error numbers. The caller is responsible for freeing the
|
|
|
|
* returned errlist.
|
|
|
|
*
|
|
|
|
* If every property checks out successfully, zero is returned and the list
|
|
|
|
* pointed at by errlist is NULL.
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
zfs_check_clearable(char *dataset, nvlist_t *props, nvlist_t **errlist)
|
2008-12-03 23:09:06 +03:00
|
|
|
{
|
|
|
|
zfs_cmd_t *zc;
|
2010-05-29 00:45:14 +04:00
|
|
|
nvpair_t *pair, *next_pair;
|
|
|
|
nvlist_t *errors;
|
|
|
|
int err, rv = 0;
|
2008-12-03 23:09:06 +03:00
|
|
|
|
|
|
|
if (props == NULL)
|
2010-05-29 00:45:14 +04:00
|
|
|
return (0);
|
|
|
|
|
|
|
|
VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
|
|
|
|
|
2014-12-03 22:56:32 +03:00
|
|
|
zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP);
|
2016-09-26 01:08:28 +03:00
|
|
|
(void) strlcpy(zc->zc_name, dataset, sizeof (zc->zc_name));
|
2010-05-29 00:45:14 +04:00
|
|
|
pair = nvlist_next_nvpair(props, NULL);
|
|
|
|
while (pair != NULL) {
|
|
|
|
next_pair = nvlist_next_nvpair(props, pair);
|
|
|
|
|
2016-09-26 01:08:28 +03:00
|
|
|
(void) strlcpy(zc->zc_value, nvpair_name(pair),
|
|
|
|
sizeof (zc->zc_value));
|
2010-05-29 00:45:14 +04:00
|
|
|
if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 ||
|
2013-08-28 15:45:09 +04:00
|
|
|
(err = zfs_secpolicy_inherit_prop(zc, NULL, CRED())) != 0) {
|
2010-05-29 00:45:14 +04:00
|
|
|
VERIFY(nvlist_remove_nvpair(props, pair) == 0);
|
|
|
|
VERIFY(nvlist_add_int32(errors,
|
|
|
|
zc->zc_value, err) == 0);
|
|
|
|
}
|
|
|
|
pair = next_pair;
|
2008-12-03 23:09:06 +03:00
|
|
|
}
|
|
|
|
kmem_free(zc, sizeof (zfs_cmd_t));
|
2010-05-29 00:45:14 +04:00
|
|
|
|
|
|
|
if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
|
|
|
|
nvlist_free(errors);
|
|
|
|
errors = NULL;
|
|
|
|
} else {
|
|
|
|
VERIFY(nvpair_value_int32(pair, &rv) == 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (errlist == NULL)
|
|
|
|
nvlist_free(errors);
|
|
|
|
else
|
|
|
|
*errlist = errors;
|
|
|
|
|
|
|
|
return (rv);
|
|
|
|
}
|
|
|
|
|
|
|
|
static boolean_t
|
|
|
|
propval_equals(nvpair_t *p1, nvpair_t *p2)
|
|
|
|
{
|
|
|
|
if (nvpair_type(p1) == DATA_TYPE_NVLIST) {
|
|
|
|
/* dsl_prop_get_all_impl() format */
|
|
|
|
nvlist_t *attrs;
|
|
|
|
VERIFY(nvpair_value_nvlist(p1, &attrs) == 0);
|
|
|
|
VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
|
|
|
|
&p1) == 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (nvpair_type(p2) == DATA_TYPE_NVLIST) {
|
|
|
|
nvlist_t *attrs;
|
|
|
|
VERIFY(nvpair_value_nvlist(p2, &attrs) == 0);
|
|
|
|
VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
|
|
|
|
&p2) == 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (nvpair_type(p1) != nvpair_type(p2))
|
|
|
|
return (B_FALSE);
|
|
|
|
|
|
|
|
if (nvpair_type(p1) == DATA_TYPE_STRING) {
|
|
|
|
char *valstr1, *valstr2;
|
|
|
|
|
|
|
|
VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0);
|
|
|
|
VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0);
|
|
|
|
return (strcmp(valstr1, valstr2) == 0);
|
|
|
|
} else {
|
|
|
|
uint64_t intval1, intval2;
|
|
|
|
|
|
|
|
VERIFY(nvpair_value_uint64(p1, &intval1) == 0);
|
|
|
|
VERIFY(nvpair_value_uint64(p2, &intval2) == 0);
|
|
|
|
return (intval1 == intval2);
|
|
|
|
}
|
2008-12-03 23:09:06 +03:00
|
|
|
}
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
/*
|
|
|
|
* Remove properties from props if they are not going to change (as determined
|
|
|
|
* by comparison with origprops). Remove them from origprops as well, since we
|
|
|
|
* do not need to clear or restore properties that won't change.
|
|
|
|
*/
|
|
|
|
static void
|
|
|
|
props_reduce(nvlist_t *props, nvlist_t *origprops)
|
|
|
|
{
|
|
|
|
nvpair_t *pair, *next_pair;
|
|
|
|
|
|
|
|
if (origprops == NULL)
|
|
|
|
return; /* all props need to be received */
|
|
|
|
|
|
|
|
pair = nvlist_next_nvpair(props, NULL);
|
|
|
|
while (pair != NULL) {
|
|
|
|
const char *propname = nvpair_name(pair);
|
|
|
|
nvpair_t *match;
|
|
|
|
|
|
|
|
next_pair = nvlist_next_nvpair(props, pair);
|
|
|
|
|
|
|
|
if ((nvlist_lookup_nvpair(origprops, propname,
|
|
|
|
&match) != 0) || !propval_equals(pair, match))
|
|
|
|
goto next; /* need to set received value */
|
|
|
|
|
|
|
|
/* don't clear the existing received value */
|
|
|
|
(void) nvlist_remove_nvpair(origprops, match);
|
|
|
|
/* don't bother receiving the property */
|
|
|
|
(void) nvlist_remove_nvpair(props, pair);
|
|
|
|
next:
|
|
|
|
pair = next_pair;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-06-09 22:24:29 +03:00
|
|
|
/*
|
|
|
|
* Extract properties that cannot be set PRIOR to the receipt of a dataset.
|
|
|
|
* For example, refquota cannot be set until after the receipt of a dataset,
|
|
|
|
* because in replication streams, an older/earlier snapshot may exceed the
|
|
|
|
* refquota. We want to receive the older/earlier snapshot, but setting
|
|
|
|
* refquota pre-receipt will set the dsl's ACTUAL quota, which will prevent
|
|
|
|
* the older/earlier snapshot from being received (with EDQUOT).
|
|
|
|
*
|
|
|
|
* The ZFS test "zfs_receive_011_pos" demonstrates such a scenario.
|
|
|
|
*
|
|
|
|
* libzfs will need to be judicious handling errors encountered by props
|
|
|
|
* extracted by this function.
|
|
|
|
*/
|
|
|
|
static nvlist_t *
|
|
|
|
extract_delay_props(nvlist_t *props)
|
|
|
|
{
|
|
|
|
nvlist_t *delayprops;
|
|
|
|
nvpair_t *nvp, *tmp;
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
static const zfs_prop_t delayable[] = {
|
|
|
|
ZFS_PROP_REFQUOTA,
|
|
|
|
ZFS_PROP_KEYLOCATION,
|
|
|
|
0
|
|
|
|
};
|
2016-06-09 22:24:29 +03:00
|
|
|
int i;
|
|
|
|
|
|
|
|
VERIFY(nvlist_alloc(&delayprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
|
|
|
|
|
|
|
|
for (nvp = nvlist_next_nvpair(props, NULL); nvp != NULL;
|
|
|
|
nvp = nvlist_next_nvpair(props, nvp)) {
|
|
|
|
/*
|
|
|
|
* strcmp() is safe because zfs_prop_to_name() always returns
|
|
|
|
* a bounded string.
|
|
|
|
*/
|
|
|
|
for (i = 0; delayable[i] != 0; i++) {
|
|
|
|
if (strcmp(zfs_prop_to_name(delayable[i]),
|
|
|
|
nvpair_name(nvp)) == 0) {
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (delayable[i] != 0) {
|
|
|
|
tmp = nvlist_prev_nvpair(props, nvp);
|
|
|
|
VERIFY(nvlist_add_nvpair(delayprops, nvp) == 0);
|
|
|
|
VERIFY(nvlist_remove_nvpair(props, nvp) == 0);
|
|
|
|
nvp = tmp;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (nvlist_empty(delayprops)) {
|
|
|
|
nvlist_free(delayprops);
|
|
|
|
delayprops = NULL;
|
|
|
|
}
|
|
|
|
return (delayprops);
|
|
|
|
}
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
#ifdef DEBUG
|
|
|
|
static boolean_t zfs_ioc_recv_inject_err;
|
|
|
|
#endif
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
/*
|
2016-07-09 19:37:11 +03:00
|
|
|
* nvlist 'errors' is always allocated. It will contain descriptions of
|
|
|
|
* encountered errors, if any. It's the callers responsibility to free.
|
2008-11-20 23:01:55 +03:00
|
|
|
*/
|
|
|
|
static int
|
2017-05-10 02:21:09 +03:00
|
|
|
zfs_ioc_recv_impl(char *tofs, char *tosnap, char *origin, nvlist_t *recvprops,
|
2017-10-13 20:09:04 +03:00
|
|
|
nvlist_t *localprops, nvlist_t *hidden_args, boolean_t force,
|
|
|
|
boolean_t resumable, int input_fd, dmu_replay_record_t *begin_record,
|
|
|
|
int cleanup_fd, uint64_t *read_bytes, uint64_t *errflags,
|
|
|
|
uint64_t *action_handle, nvlist_t **errors)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
|
|
|
dmu_recv_cookie_t drc;
|
2010-05-29 00:45:14 +04:00
|
|
|
int error = 0;
|
|
|
|
int props_error = 0;
|
2008-11-20 23:01:55 +03:00
|
|
|
offset_t off;
|
2017-10-13 20:09:04 +03:00
|
|
|
nvlist_t *local_delayprops = NULL;
|
|
|
|
nvlist_t *recv_delayprops = NULL;
|
2016-06-10 03:04:12 +03:00
|
|
|
nvlist_t *origprops = NULL; /* existing properties */
|
2017-05-10 02:21:09 +03:00
|
|
|
nvlist_t *origrecvd = NULL; /* existing received properties */
|
2010-05-29 00:45:14 +04:00
|
|
|
boolean_t first_recvd_props = B_FALSE;
|
2016-06-10 03:04:12 +03:00
|
|
|
file_t *input_fp;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2016-07-09 19:37:11 +03:00
|
|
|
*read_bytes = 0;
|
|
|
|
*errflags = 0;
|
|
|
|
*errors = fnvlist_alloc();
|
|
|
|
|
2016-06-10 03:04:12 +03:00
|
|
|
input_fp = getf(input_fd);
|
|
|
|
if (input_fp == NULL)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EBADF));
|
2013-09-04 16:00:57 +04:00
|
|
|
|
2017-10-13 20:09:04 +03:00
|
|
|
error = dmu_recv_begin(tofs, tosnap, begin_record, force,
|
|
|
|
resumable, localprops, hidden_args, origin, &drc);
|
2013-09-04 16:00:57 +04:00
|
|
|
if (error != 0)
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Set properties before we receive the stream so that they are applied
|
|
|
|
* to the new data. Note that we must call dmu_recv_stream() if
|
|
|
|
* dmu_recv_begin() succeeds.
|
|
|
|
*/
|
2017-05-10 02:21:09 +03:00
|
|
|
if (recvprops != NULL && !drc.drc_newfs) {
|
2013-09-04 16:00:57 +04:00
|
|
|
if (spa_version(dsl_dataset_get_spa(drc.drc_ds)) >=
|
|
|
|
SPA_VERSION_RECVD_PROPS &&
|
|
|
|
!dsl_prop_get_hasrecvd(tofs))
|
2010-05-29 00:45:14 +04:00
|
|
|
first_recvd_props = B_TRUE;
|
|
|
|
|
2008-12-03 23:09:06 +03:00
|
|
|
/*
|
2010-05-29 00:45:14 +04:00
|
|
|
* If new received properties are supplied, they are to
|
2017-10-13 20:09:04 +03:00
|
|
|
* completely replace the existing received properties,
|
|
|
|
* so stash away the existing ones.
|
2008-12-03 23:09:06 +03:00
|
|
|
*/
|
2017-05-10 02:21:09 +03:00
|
|
|
if (dsl_prop_get_received(tofs, &origrecvd) == 0) {
|
2010-05-29 00:45:14 +04:00
|
|
|
nvlist_t *errlist = NULL;
|
|
|
|
/*
|
|
|
|
* Don't bother writing a property if its value won't
|
|
|
|
* change (and avoid the unnecessary security checks).
|
|
|
|
*
|
|
|
|
* The first receive after SPA_VERSION_RECVD_PROPS is a
|
|
|
|
* special case where we blow away all local properties
|
|
|
|
* regardless.
|
|
|
|
*/
|
|
|
|
if (!first_recvd_props)
|
2017-05-10 02:21:09 +03:00
|
|
|
props_reduce(recvprops, origrecvd);
|
|
|
|
if (zfs_check_clearable(tofs, origrecvd, &errlist) != 0)
|
2016-06-10 03:04:12 +03:00
|
|
|
(void) nvlist_merge(*errors, errlist, 0);
|
2010-05-29 00:45:14 +04:00
|
|
|
nvlist_free(errlist);
|
2008-12-03 23:09:06 +03:00
|
|
|
|
2017-05-10 02:21:09 +03:00
|
|
|
if (clear_received_props(tofs, origrecvd,
|
|
|
|
first_recvd_props ? NULL : recvprops) != 0)
|
|
|
|
*errflags |= ZPROP_ERR_NOCLEAR;
|
|
|
|
} else {
|
|
|
|
*errflags |= ZPROP_ERR_NOCLEAR;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Stash away existing properties so we can restore them on error unless
|
|
|
|
* we're doing the first receive after SPA_VERSION_RECVD_PROPS, in which
|
|
|
|
* case "origrecvd" will take care of that.
|
|
|
|
*/
|
|
|
|
if (localprops != NULL && !drc.drc_newfs && !first_recvd_props) {
|
|
|
|
objset_t *os;
|
|
|
|
if (dmu_objset_hold(tofs, FTAG, &os) == 0) {
|
|
|
|
if (dsl_prop_get_all(os, &origprops) != 0) {
|
2016-06-10 03:04:12 +03:00
|
|
|
*errflags |= ZPROP_ERR_NOCLEAR;
|
2017-05-10 02:21:09 +03:00
|
|
|
}
|
|
|
|
dmu_objset_rele(os, FTAG);
|
2013-09-04 16:00:57 +04:00
|
|
|
} else {
|
2016-06-10 03:04:12 +03:00
|
|
|
*errflags |= ZPROP_ERR_NOCLEAR;
|
2010-05-29 00:45:14 +04:00
|
|
|
}
|
2013-09-04 16:00:57 +04:00
|
|
|
}
|
|
|
|
|
2017-05-10 02:21:09 +03:00
|
|
|
if (recvprops != NULL) {
|
2013-09-04 16:00:57 +04:00
|
|
|
props_error = dsl_prop_set_hasrecvd(tofs);
|
2010-05-29 00:45:14 +04:00
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
if (props_error == 0) {
|
2017-10-13 20:09:04 +03:00
|
|
|
recv_delayprops = extract_delay_props(recvprops);
|
2013-09-04 16:00:57 +04:00
|
|
|
(void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
|
2017-05-10 02:21:09 +03:00
|
|
|
recvprops, *errors);
|
2013-09-04 16:00:57 +04:00
|
|
|
}
|
2010-05-29 00:45:14 +04:00
|
|
|
}
|
|
|
|
|
2017-05-10 02:21:09 +03:00
|
|
|
if (localprops != NULL) {
|
|
|
|
nvlist_t *oprops = fnvlist_alloc();
|
|
|
|
nvlist_t *xprops = fnvlist_alloc();
|
|
|
|
nvpair_t *nvp = NULL;
|
|
|
|
|
|
|
|
while ((nvp = nvlist_next_nvpair(localprops, nvp)) != NULL) {
|
|
|
|
if (nvpair_type(nvp) == DATA_TYPE_BOOLEAN) {
|
|
|
|
/* -x property */
|
|
|
|
const char *name = nvpair_name(nvp);
|
|
|
|
zfs_prop_t prop = zfs_name_to_prop(name);
|
|
|
|
if (prop != ZPROP_INVAL) {
|
|
|
|
if (!zfs_prop_inheritable(prop))
|
|
|
|
continue;
|
|
|
|
} else if (!zfs_prop_user(name))
|
|
|
|
continue;
|
|
|
|
fnvlist_add_boolean(xprops, name);
|
|
|
|
} else {
|
|
|
|
/* -o property=value */
|
|
|
|
fnvlist_add_nvpair(oprops, nvp);
|
|
|
|
}
|
|
|
|
}
|
2017-10-13 20:09:04 +03:00
|
|
|
|
|
|
|
local_delayprops = extract_delay_props(oprops);
|
2017-05-10 02:21:09 +03:00
|
|
|
(void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL,
|
|
|
|
oprops, *errors);
|
|
|
|
(void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED,
|
|
|
|
xprops, *errors);
|
|
|
|
|
|
|
|
nvlist_free(oprops);
|
|
|
|
nvlist_free(xprops);
|
|
|
|
}
|
|
|
|
|
2016-06-10 03:04:12 +03:00
|
|
|
off = input_fp->f_offset;
|
|
|
|
error = dmu_recv_stream(&drc, input_fp->f_vnode, &off, cleanup_fd,
|
|
|
|
action_handle);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2009-08-18 22:43:27 +04:00
|
|
|
if (error == 0) {
|
2017-03-08 03:21:37 +03:00
|
|
|
zfsvfs_t *zfsvfs = NULL;
|
2017-01-20 00:56:36 +03:00
|
|
|
zvol_state_t *zv = NULL;
|
2008-12-03 23:09:06 +03:00
|
|
|
|
2017-03-09 01:56:19 +03:00
|
|
|
if (getzfsvfs(tofs, &zfsvfs) == 0) {
|
2009-08-18 22:43:27 +04:00
|
|
|
/* online recv */
|
2017-01-23 21:53:46 +03:00
|
|
|
dsl_dataset_t *ds;
|
2009-08-18 22:43:27 +04:00
|
|
|
int end_err;
|
2008-12-03 23:09:06 +03:00
|
|
|
|
2017-03-08 03:21:37 +03:00
|
|
|
ds = dmu_objset_ds(zfsvfs->z_os);
|
|
|
|
error = zfs_suspend_fs(zfsvfs);
|
2009-08-18 22:43:27 +04:00
|
|
|
/*
|
|
|
|
* If the suspend fails, then the recv_end will
|
|
|
|
* likely also fail, and clean up after itself.
|
|
|
|
*/
|
2017-03-08 03:21:37 +03:00
|
|
|
end_err = dmu_recv_end(&drc, zfsvfs);
|
2010-05-29 00:45:14 +04:00
|
|
|
if (error == 0)
|
2017-03-08 03:21:37 +03:00
|
|
|
error = zfs_resume_fs(zfsvfs, ds);
|
2009-08-18 22:43:27 +04:00
|
|
|
error = error ? error : end_err;
|
2017-03-08 03:21:37 +03:00
|
|
|
deactivate_super(zfsvfs->z_sb);
|
2017-01-20 00:56:36 +03:00
|
|
|
} else if ((zv = zvol_suspend(tofs)) != NULL) {
|
|
|
|
error = dmu_recv_end(&drc, zvol_tag(zv));
|
|
|
|
zvol_resume(zv);
|
2008-12-03 23:09:06 +03:00
|
|
|
} else {
|
2013-07-27 21:50:07 +04:00
|
|
|
error = dmu_recv_end(&drc, NULL);
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
2016-06-09 22:24:29 +03:00
|
|
|
|
|
|
|
/* Set delayed properties now, after we're done receiving. */
|
2017-10-13 20:09:04 +03:00
|
|
|
if (recv_delayprops != NULL && error == 0) {
|
2016-06-09 22:24:29 +03:00
|
|
|
(void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
|
2017-10-13 20:09:04 +03:00
|
|
|
recv_delayprops, *errors);
|
|
|
|
}
|
|
|
|
if (local_delayprops != NULL && error == 0) {
|
|
|
|
(void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL,
|
|
|
|
local_delayprops, *errors);
|
2016-06-09 22:24:29 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-10-13 20:09:04 +03:00
|
|
|
/*
|
|
|
|
* Merge delayed props back in with initial props, in case
|
|
|
|
* we're DEBUG and zfs_ioc_recv_inject_err is set (which means
|
|
|
|
* we have to make sure clear_received_props() includes
|
|
|
|
* the delayed properties).
|
|
|
|
*
|
|
|
|
* Since zfs_ioc_recv_inject_err is only in DEBUG kernels,
|
|
|
|
* using ASSERT() will be just like a VERIFY.
|
|
|
|
*/
|
|
|
|
if (recv_delayprops != NULL) {
|
|
|
|
ASSERT(nvlist_merge(recvprops, recv_delayprops, 0) == 0);
|
|
|
|
nvlist_free(recv_delayprops);
|
|
|
|
}
|
|
|
|
if (local_delayprops != NULL) {
|
|
|
|
ASSERT(nvlist_merge(localprops, local_delayprops, 0) == 0);
|
|
|
|
nvlist_free(local_delayprops);
|
2016-06-09 22:24:29 +03:00
|
|
|
}
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2016-06-10 03:04:12 +03:00
|
|
|
*read_bytes = off - input_fp->f_offset;
|
|
|
|
if (VOP_SEEK(input_fp->f_vnode, input_fp->f_offset, &off, NULL) == 0)
|
2016-12-12 21:46:26 +03:00
|
|
|
input_fp->f_offset = off;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
#ifdef DEBUG
|
|
|
|
if (zfs_ioc_recv_inject_err) {
|
|
|
|
zfs_ioc_recv_inject_err = B_FALSE;
|
|
|
|
error = 1;
|
|
|
|
}
|
|
|
|
#endif
|
2013-12-07 02:20:22 +04:00
|
|
|
|
2008-12-03 23:09:06 +03:00
|
|
|
/*
|
|
|
|
* On error, restore the original props.
|
|
|
|
*/
|
2017-05-10 02:21:09 +03:00
|
|
|
if (error != 0 && recvprops != NULL && !drc.drc_newfs) {
|
|
|
|
if (clear_received_props(tofs, recvprops, NULL) != 0) {
|
2013-09-04 16:00:57 +04:00
|
|
|
/*
|
|
|
|
* We failed to clear the received properties.
|
|
|
|
* Since we may have left a $recvd value on the
|
|
|
|
* system, we can't clear the $hasrecvd flag.
|
|
|
|
*/
|
2016-06-10 03:04:12 +03:00
|
|
|
*errflags |= ZPROP_ERR_NORESTORE;
|
2013-09-04 16:00:57 +04:00
|
|
|
} else if (first_recvd_props) {
|
|
|
|
dsl_prop_unset_hasrecvd(tofs);
|
2010-05-29 00:45:14 +04:00
|
|
|
}
|
|
|
|
|
2017-05-10 02:21:09 +03:00
|
|
|
if (origrecvd == NULL && !drc.drc_newfs) {
|
2010-05-29 00:45:14 +04:00
|
|
|
/* We failed to stash the original properties. */
|
2016-06-10 03:04:12 +03:00
|
|
|
*errflags |= ZPROP_ERR_NORESTORE;
|
2010-05-29 00:45:14 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* dsl_props_set() will not convert RECEIVED to LOCAL on or
|
|
|
|
* after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL
|
2017-01-03 20:31:18 +03:00
|
|
|
* explicitly if we're restoring local properties cleared in the
|
2010-05-29 00:45:14 +04:00
|
|
|
* first new-style receive.
|
|
|
|
*/
|
2017-05-10 02:21:09 +03:00
|
|
|
if (origrecvd != NULL &&
|
2010-05-29 00:45:14 +04:00
|
|
|
zfs_set_prop_nvlist(tofs, (first_recvd_props ?
|
|
|
|
ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED),
|
2017-05-10 02:21:09 +03:00
|
|
|
origrecvd, NULL) != 0) {
|
2010-05-29 00:45:14 +04:00
|
|
|
/*
|
|
|
|
* We stashed the original properties but failed to
|
|
|
|
* restore them.
|
|
|
|
*/
|
2016-06-10 03:04:12 +03:00
|
|
|
*errflags |= ZPROP_ERR_NORESTORE;
|
2010-05-29 00:45:14 +04:00
|
|
|
}
|
2008-12-03 23:09:06 +03:00
|
|
|
}
|
2017-05-10 02:21:09 +03:00
|
|
|
if (error != 0 && localprops != NULL && !drc.drc_newfs &&
|
|
|
|
!first_recvd_props) {
|
|
|
|
nvlist_t *setprops;
|
|
|
|
nvlist_t *inheritprops;
|
|
|
|
nvpair_t *nvp;
|
|
|
|
|
|
|
|
if (origprops == NULL) {
|
|
|
|
/* We failed to stash the original properties. */
|
|
|
|
*errflags |= ZPROP_ERR_NORESTORE;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Restore original props */
|
|
|
|
setprops = fnvlist_alloc();
|
|
|
|
inheritprops = fnvlist_alloc();
|
|
|
|
nvp = NULL;
|
|
|
|
while ((nvp = nvlist_next_nvpair(localprops, nvp)) != NULL) {
|
|
|
|
const char *name = nvpair_name(nvp);
|
|
|
|
const char *source;
|
|
|
|
nvlist_t *attrs;
|
|
|
|
|
|
|
|
if (!nvlist_exists(origprops, name)) {
|
|
|
|
/*
|
|
|
|
* Property was not present or was explicitly
|
|
|
|
* inherited before the receive, restore this.
|
|
|
|
*/
|
|
|
|
fnvlist_add_boolean(inheritprops, name);
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
attrs = fnvlist_lookup_nvlist(origprops, name);
|
|
|
|
source = fnvlist_lookup_string(attrs, ZPROP_SOURCE);
|
|
|
|
|
|
|
|
/* Skip received properties */
|
|
|
|
if (strcmp(source, ZPROP_SOURCE_VAL_RECVD) == 0)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
if (strcmp(source, tofs) == 0) {
|
|
|
|
/* Property was locally set */
|
|
|
|
fnvlist_add_nvlist(setprops, name, attrs);
|
|
|
|
} else {
|
|
|
|
/* Property was implicitly inherited */
|
|
|
|
fnvlist_add_boolean(inheritprops, name);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL, setprops,
|
|
|
|
NULL) != 0)
|
|
|
|
*errflags |= ZPROP_ERR_NORESTORE;
|
|
|
|
if (zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED, inheritprops,
|
|
|
|
NULL) != 0)
|
|
|
|
*errflags |= ZPROP_ERR_NORESTORE;
|
|
|
|
|
|
|
|
nvlist_free(setprops);
|
|
|
|
nvlist_free(inheritprops);
|
|
|
|
}
|
2008-12-03 23:09:06 +03:00
|
|
|
out:
|
2016-06-10 03:04:12 +03:00
|
|
|
releasef(input_fd);
|
2017-05-10 02:21:09 +03:00
|
|
|
nvlist_free(origrecvd);
|
2008-12-03 23:09:06 +03:00
|
|
|
nvlist_free(origprops);
|
2010-05-29 00:45:14 +04:00
|
|
|
|
|
|
|
if (error == 0)
|
|
|
|
error = props_error;
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2016-06-10 03:04:12 +03:00
|
|
|
/*
|
|
|
|
* inputs:
|
|
|
|
* zc_name name of containing filesystem (unused)
|
|
|
|
* zc_nvlist_src{_size} nvlist of properties to apply
|
2017-05-10 02:21:09 +03:00
|
|
|
* zc_nvlist_conf{_size} nvlist of properties to exclude
|
|
|
|
* (DATA_TYPE_BOOLEAN) and override (everything else)
|
2016-06-10 03:04:12 +03:00
|
|
|
* zc_value name of snapshot to create
|
|
|
|
* zc_string name of clone origin (if DRR_FLAG_CLONE)
|
|
|
|
* zc_cookie file descriptor to recv from
|
|
|
|
* zc_begin_record the BEGIN record of the stream (not byteswapped)
|
|
|
|
* zc_guid force flag
|
|
|
|
* zc_cleanup_fd cleanup-on-exit file descriptor
|
|
|
|
* zc_action_handle handle for this guid/ds mapping (or zero on first call)
|
|
|
|
*
|
|
|
|
* outputs:
|
|
|
|
* zc_cookie number of bytes read
|
|
|
|
* zc_obj zprop_errflags_t
|
|
|
|
* zc_action_handle handle for this guid/ds mapping
|
|
|
|
* zc_nvlist_dst{_size} error for each unapplied received property
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
zfs_ioc_recv(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
dmu_replay_record_t begin_record;
|
|
|
|
nvlist_t *errors = NULL;
|
2017-05-10 02:21:09 +03:00
|
|
|
nvlist_t *recvdprops = NULL;
|
|
|
|
nvlist_t *localprops = NULL;
|
2016-06-10 03:04:12 +03:00
|
|
|
char *origin = NULL;
|
|
|
|
char *tosnap;
|
2016-06-16 00:28:36 +03:00
|
|
|
char tofs[ZFS_MAX_DATASET_NAME_LEN];
|
2016-06-10 03:04:12 +03:00
|
|
|
int error = 0;
|
|
|
|
|
|
|
|
if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
|
|
|
|
strchr(zc->zc_value, '@') == NULL ||
|
|
|
|
strchr(zc->zc_value, '%'))
|
|
|
|
return (SET_ERROR(EINVAL));
|
|
|
|
|
2016-09-18 01:08:54 +03:00
|
|
|
(void) strlcpy(tofs, zc->zc_value, sizeof (tofs));
|
2016-06-10 03:04:12 +03:00
|
|
|
tosnap = strchr(tofs, '@');
|
|
|
|
*tosnap++ = '\0';
|
|
|
|
|
|
|
|
if (zc->zc_nvlist_src != 0 &&
|
|
|
|
(error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
|
2017-05-10 02:21:09 +03:00
|
|
|
zc->zc_iflags, &recvdprops)) != 0)
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
if (zc->zc_nvlist_conf != 0 &&
|
|
|
|
(error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
|
|
|
|
zc->zc_iflags, &localprops)) != 0)
|
2016-06-10 03:04:12 +03:00
|
|
|
return (error);
|
|
|
|
|
|
|
|
if (zc->zc_string[0])
|
|
|
|
origin = zc->zc_string;
|
|
|
|
|
|
|
|
begin_record.drr_type = DRR_BEGIN;
|
|
|
|
begin_record.drr_payloadlen = 0;
|
|
|
|
begin_record.drr_u.drr_begin = zc->zc_begin_record;
|
|
|
|
|
2017-05-10 02:21:09 +03:00
|
|
|
error = zfs_ioc_recv_impl(tofs, tosnap, origin, recvdprops, localprops,
|
2017-10-13 20:09:04 +03:00
|
|
|
NULL, zc->zc_guid, B_FALSE, zc->zc_cookie, &begin_record,
|
2017-05-10 02:21:09 +03:00
|
|
|
zc->zc_cleanup_fd, &zc->zc_cookie, &zc->zc_obj,
|
|
|
|
&zc->zc_action_handle, &errors);
|
|
|
|
nvlist_free(recvdprops);
|
|
|
|
nvlist_free(localprops);
|
2016-06-10 03:04:12 +03:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Now that all props, initial and delayed, are set, report the prop
|
|
|
|
* errors to the caller.
|
|
|
|
*/
|
|
|
|
if (zc->zc_nvlist_dst_size != 0 && errors != NULL &&
|
|
|
|
(nvlist_smush(errors, zc->zc_nvlist_dst_size) != 0 ||
|
|
|
|
put_nvlist(zc, errors) != 0)) {
|
|
|
|
/*
|
|
|
|
* Caller made zc->zc_nvlist_dst less than the minimum expected
|
|
|
|
* size or supplied an invalid address.
|
|
|
|
*/
|
|
|
|
error = SET_ERROR(EINVAL);
|
|
|
|
}
|
|
|
|
|
|
|
|
nvlist_free(errors);
|
|
|
|
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* innvl: {
|
|
|
|
* "snapname" -> full name of the snapshot to create
|
2017-05-10 02:21:09 +03:00
|
|
|
* (optional) "props" -> received properties to set (nvlist)
|
|
|
|
* (optional) "localprops" -> override and exclude properties (nvlist)
|
2016-06-10 03:04:12 +03:00
|
|
|
* (optional) "origin" -> name of clone origin (DRR_FLAG_CLONE)
|
|
|
|
* "begin_record" -> non-byteswapped dmu_replay_record_t
|
|
|
|
* "input_fd" -> file descriptor to read stream from (int32)
|
|
|
|
* (optional) "force" -> force flag (value ignored)
|
|
|
|
* (optional) "resumable" -> resumable flag (value ignored)
|
|
|
|
* (optional) "cleanup_fd" -> cleanup-on-exit file descriptor
|
|
|
|
* (optional) "action_handle" -> handle for this guid/ds mapping
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
* (optional) "hidden_args" -> { "wkeydata" -> value }
|
2016-06-10 03:04:12 +03:00
|
|
|
* }
|
|
|
|
*
|
|
|
|
* outnvl: {
|
|
|
|
* "read_bytes" -> number of bytes read
|
|
|
|
* "error_flags" -> zprop_errflags_t
|
|
|
|
* "action_handle" -> handle for this guid/ds mapping
|
|
|
|
* "errors" -> error for each unapplied received property (nvlist)
|
|
|
|
* }
|
|
|
|
*/
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
static const zfs_ioc_key_t zfs_keys_recv_new[] = {
|
|
|
|
{"snapname", DATA_TYPE_STRING, 0},
|
|
|
|
{"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
|
|
|
|
{"localprops", DATA_TYPE_NVLIST, ZK_OPTIONAL},
|
|
|
|
{"origin", DATA_TYPE_STRING, ZK_OPTIONAL},
|
|
|
|
{"begin_record", DATA_TYPE_BYTE_ARRAY, 0},
|
|
|
|
{"input_fd", DATA_TYPE_INT32, 0},
|
|
|
|
{"force", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
|
|
|
|
{"resumable", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
|
|
|
|
{"cleanup_fd", DATA_TYPE_INT32, ZK_OPTIONAL},
|
|
|
|
{"action_handle", DATA_TYPE_UINT64, ZK_OPTIONAL},
|
|
|
|
{"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
|
|
|
|
};
|
|
|
|
|
2016-06-10 03:04:12 +03:00
|
|
|
static int
|
|
|
|
zfs_ioc_recv_new(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
|
|
|
|
{
|
|
|
|
dmu_replay_record_t *begin_record;
|
|
|
|
uint_t begin_record_size;
|
|
|
|
nvlist_t *errors = NULL;
|
2017-05-10 02:21:09 +03:00
|
|
|
nvlist_t *recvprops = NULL;
|
|
|
|
nvlist_t *localprops = NULL;
|
2017-10-13 20:09:04 +03:00
|
|
|
nvlist_t *hidden_args = NULL;
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
char *snapname;
|
2016-06-10 03:04:12 +03:00
|
|
|
char *origin = NULL;
|
|
|
|
char *tosnap;
|
2016-06-16 00:28:36 +03:00
|
|
|
char tofs[ZFS_MAX_DATASET_NAME_LEN];
|
2016-06-10 03:04:12 +03:00
|
|
|
boolean_t force;
|
|
|
|
boolean_t resumable;
|
|
|
|
uint64_t action_handle = 0;
|
|
|
|
uint64_t read_bytes = 0;
|
|
|
|
uint64_t errflags = 0;
|
|
|
|
int input_fd = -1;
|
|
|
|
int cleanup_fd = -1;
|
|
|
|
int error;
|
|
|
|
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
snapname = fnvlist_lookup_string(innvl, "snapname");
|
2016-06-10 03:04:12 +03:00
|
|
|
|
|
|
|
if (dataset_namecheck(snapname, NULL, NULL) != 0 ||
|
|
|
|
strchr(snapname, '@') == NULL ||
|
|
|
|
strchr(snapname, '%'))
|
|
|
|
return (SET_ERROR(EINVAL));
|
|
|
|
|
|
|
|
(void) strcpy(tofs, snapname);
|
|
|
|
tosnap = strchr(tofs, '@');
|
|
|
|
*tosnap++ = '\0';
|
|
|
|
|
|
|
|
error = nvlist_lookup_string(innvl, "origin", &origin);
|
|
|
|
if (error && error != ENOENT)
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
error = nvlist_lookup_byte_array(innvl, "begin_record",
|
2016-12-12 21:46:26 +03:00
|
|
|
(uchar_t **)&begin_record, &begin_record_size);
|
2016-06-10 03:04:12 +03:00
|
|
|
if (error != 0 || begin_record_size != sizeof (*begin_record))
|
|
|
|
return (SET_ERROR(EINVAL));
|
|
|
|
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
input_fd = fnvlist_lookup_int32(innvl, "input_fd");
|
2016-06-10 03:04:12 +03:00
|
|
|
|
|
|
|
force = nvlist_exists(innvl, "force");
|
|
|
|
resumable = nvlist_exists(innvl, "resumable");
|
|
|
|
|
|
|
|
error = nvlist_lookup_int32(innvl, "cleanup_fd", &cleanup_fd);
|
|
|
|
if (error && error != ENOENT)
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
error = nvlist_lookup_uint64(innvl, "action_handle", &action_handle);
|
|
|
|
if (error && error != ENOENT)
|
|
|
|
return (error);
|
|
|
|
|
2017-05-10 02:21:09 +03:00
|
|
|
/* we still use "props" here for backwards compatibility */
|
|
|
|
error = nvlist_lookup_nvlist(innvl, "props", &recvprops);
|
2016-06-10 03:04:12 +03:00
|
|
|
if (error && error != ENOENT)
|
|
|
|
return (error);
|
|
|
|
|
2017-05-10 02:21:09 +03:00
|
|
|
error = nvlist_lookup_nvlist(innvl, "localprops", &localprops);
|
|
|
|
if (error && error != ENOENT)
|
|
|
|
return (error);
|
|
|
|
|
2017-10-13 20:09:04 +03:00
|
|
|
error = nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args);
|
|
|
|
if (error && error != ENOENT)
|
|
|
|
return (error);
|
|
|
|
|
2017-05-10 02:21:09 +03:00
|
|
|
error = zfs_ioc_recv_impl(tofs, tosnap, origin, recvprops, localprops,
|
2017-10-13 20:09:04 +03:00
|
|
|
hidden_args, force, resumable, input_fd, begin_record, cleanup_fd,
|
|
|
|
&read_bytes, &errflags, &action_handle, &errors);
|
2016-06-10 03:04:12 +03:00
|
|
|
|
|
|
|
fnvlist_add_uint64(outnvl, "read_bytes", read_bytes);
|
|
|
|
fnvlist_add_uint64(outnvl, "error_flags", errflags);
|
|
|
|
fnvlist_add_uint64(outnvl, "action_handle", action_handle);
|
|
|
|
fnvlist_add_nvlist(outnvl, "errors", errors);
|
|
|
|
|
|
|
|
nvlist_free(errors);
|
2017-05-10 02:21:09 +03:00
|
|
|
nvlist_free(recvprops);
|
|
|
|
nvlist_free(localprops);
|
2016-06-10 03:04:12 +03:00
|
|
|
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
/*
|
|
|
|
* inputs:
|
|
|
|
* zc_name name of snapshot to send
|
|
|
|
* zc_cookie file descriptor to send stream to
|
2010-08-27 01:24:34 +04:00
|
|
|
* zc_obj fromorigin flag (mutually exclusive with zc_fromobj)
|
|
|
|
* zc_sendobj objsetid of snapshot to send
|
|
|
|
* zc_fromobj objsetid of incremental fromsnap (may be zero)
|
2011-11-17 22:14:36 +04:00
|
|
|
* zc_guid if set, estimate size of stream only. zc_cookie is ignored.
|
|
|
|
* output size in zc_objset_type.
|
2014-11-03 23:15:08 +03:00
|
|
|
* zc_flags lzc_send_flags
|
2008-11-20 23:01:55 +03:00
|
|
|
*
|
2013-12-12 02:33:41 +04:00
|
|
|
* outputs:
|
|
|
|
* zc_objset_type estimated size, if zc_guid is set
|
2017-08-31 19:00:35 +03:00
|
|
|
*
|
|
|
|
* NOTE: This is no longer the preferred interface, any new functionality
|
|
|
|
* should be added to zfs_ioc_send_new() instead.
|
2008-11-20 23:01:55 +03:00
|
|
|
*/
|
|
|
|
static int
|
|
|
|
zfs_ioc_send(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
int error;
|
|
|
|
offset_t off;
|
2011-11-17 22:14:36 +04:00
|
|
|
boolean_t estimate = (zc->zc_guid != 0);
|
2014-06-06 01:19:08 +04:00
|
|
|
boolean_t embedok = (zc->zc_flags & 0x1);
|
2014-11-03 23:15:08 +03:00
|
|
|
boolean_t large_block_ok = (zc->zc_flags & 0x2);
|
2016-07-11 20:45:52 +03:00
|
|
|
boolean_t compressok = (zc->zc_flags & 0x4);
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
boolean_t rawok = (zc->zc_flags & 0x8);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
if (zc->zc_obj != 0) {
|
|
|
|
dsl_pool_t *dp;
|
|
|
|
dsl_dataset_t *tosnap;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
|
|
|
|
if (error != 0)
|
2010-08-27 01:24:34 +04:00
|
|
|
return (error);
|
2013-09-04 16:00:57 +04:00
|
|
|
|
|
|
|
error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &tosnap);
|
|
|
|
if (error != 0) {
|
|
|
|
dsl_pool_rele(dp, FTAG);
|
2008-11-20 23:01:55 +03:00
|
|
|
return (error);
|
|
|
|
}
|
2013-09-04 16:00:57 +04:00
|
|
|
|
|
|
|
if (dsl_dir_is_clone(tosnap->ds_dir))
|
2015-04-01 18:14:34 +03:00
|
|
|
zc->zc_fromobj =
|
|
|
|
dsl_dir_phys(tosnap->ds_dir)->dd_origin_obj;
|
2013-09-04 16:00:57 +04:00
|
|
|
dsl_dataset_rele(tosnap, FTAG);
|
|
|
|
dsl_pool_rele(dp, FTAG);
|
2013-08-28 15:45:09 +04:00
|
|
|
}
|
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
if (estimate) {
|
|
|
|
dsl_pool_t *dp;
|
|
|
|
dsl_dataset_t *tosnap;
|
|
|
|
dsl_dataset_t *fromsnap = NULL;
|
|
|
|
|
|
|
|
error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
|
|
|
|
if (error != 0)
|
|
|
|
return (error);
|
2013-08-28 15:45:09 +04:00
|
|
|
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
error = dsl_dataset_hold_obj(dp, zc->zc_sendobj,
|
|
|
|
FTAG, &tosnap);
|
2013-09-04 16:00:57 +04:00
|
|
|
if (error != 0) {
|
|
|
|
dsl_pool_rele(dp, FTAG);
|
|
|
|
return (error);
|
2013-08-28 15:45:09 +04:00
|
|
|
}
|
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
if (zc->zc_fromobj != 0) {
|
|
|
|
error = dsl_dataset_hold_obj(dp, zc->zc_fromobj,
|
|
|
|
FTAG, &fromsnap);
|
|
|
|
if (error != 0) {
|
|
|
|
dsl_dataset_rele(tosnap, FTAG);
|
|
|
|
dsl_pool_rele(dp, FTAG);
|
2013-08-28 15:45:09 +04:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
}
|
2008-11-20 23:01:55 +03:00
|
|
|
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
error = dmu_send_estimate(tosnap, fromsnap, compressok || rawok,
|
2011-11-17 22:14:36 +04:00
|
|
|
&zc->zc_objset_type);
|
2013-09-04 16:00:57 +04:00
|
|
|
|
|
|
|
if (fromsnap != NULL)
|
|
|
|
dsl_dataset_rele(fromsnap, FTAG);
|
|
|
|
dsl_dataset_rele(tosnap, FTAG);
|
|
|
|
dsl_pool_rele(dp, FTAG);
|
2011-11-17 22:14:36 +04:00
|
|
|
} else {
|
|
|
|
file_t *fp = getf(zc->zc_cookie);
|
2013-09-04 16:00:57 +04:00
|
|
|
if (fp == NULL)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EBADF));
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2011-11-17 22:14:36 +04:00
|
|
|
off = fp->f_offset;
|
2013-09-04 16:00:57 +04:00
|
|
|
error = dmu_send_obj(zc->zc_name, zc->zc_sendobj,
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
zc->zc_fromobj, embedok, large_block_ok, compressok, rawok,
|
2014-11-03 23:15:08 +03:00
|
|
|
zc->zc_cookie, fp->f_vnode, &off);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2011-11-17 22:14:36 +04:00
|
|
|
if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
|
|
|
|
fp->f_offset = off;
|
|
|
|
releasef(zc->zc_cookie);
|
|
|
|
}
|
2008-11-20 23:01:55 +03:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2012-05-10 02:05:14 +04:00
|
|
|
/*
|
|
|
|
* inputs:
|
|
|
|
* zc_name name of snapshot on which to report progress
|
|
|
|
* zc_cookie file descriptor of send stream
|
|
|
|
*
|
|
|
|
* outputs:
|
|
|
|
* zc_cookie number of bytes written in send stream thus far
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
zfs_ioc_send_progress(zfs_cmd_t *zc)
|
|
|
|
{
|
2013-09-04 16:00:57 +04:00
|
|
|
dsl_pool_t *dp;
|
2012-05-10 02:05:14 +04:00
|
|
|
dsl_dataset_t *ds;
|
|
|
|
dmu_sendarg_t *dsp = NULL;
|
|
|
|
int error;
|
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
|
|
|
|
if (error != 0)
|
2012-05-10 02:05:14 +04:00
|
|
|
return (error);
|
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds);
|
|
|
|
if (error != 0) {
|
|
|
|
dsl_pool_rele(dp, FTAG);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2012-05-10 02:05:14 +04:00
|
|
|
mutex_enter(&ds->ds_sendstream_lock);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Iterate over all the send streams currently active on this dataset.
|
|
|
|
* If there's one which matches the specified file descriptor _and_ the
|
|
|
|
* stream was started by the current process, return the progress of
|
|
|
|
* that stream.
|
|
|
|
*/
|
|
|
|
|
|
|
|
for (dsp = list_head(&ds->ds_sendstreams); dsp != NULL;
|
|
|
|
dsp = list_next(&ds->ds_sendstreams, dsp)) {
|
|
|
|
if (dsp->dsa_outfd == zc->zc_cookie &&
|
|
|
|
dsp->dsa_proc->group_leader == curproc->group_leader)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (dsp != NULL)
|
|
|
|
zc->zc_cookie = *(dsp->dsa_off);
|
|
|
|
else
|
2013-03-08 22:41:28 +04:00
|
|
|
error = SET_ERROR(ENOENT);
|
2012-05-10 02:05:14 +04:00
|
|
|
|
|
|
|
mutex_exit(&ds->ds_sendstream_lock);
|
|
|
|
dsl_dataset_rele(ds, FTAG);
|
2013-09-04 16:00:57 +04:00
|
|
|
dsl_pool_rele(dp, FTAG);
|
2012-05-10 02:05:14 +04:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
static int
|
|
|
|
zfs_ioc_inject_fault(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
int id, error;
|
|
|
|
|
|
|
|
error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id,
|
|
|
|
&zc->zc_inject_record);
|
|
|
|
|
|
|
|
if (error == 0)
|
|
|
|
zc->zc_guid = (uint64_t)id;
|
|
|
|
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
zfs_ioc_clear_fault(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
return (zio_clear_fault((int)zc->zc_guid));
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
zfs_ioc_inject_list_next(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
int id = (int)zc->zc_guid;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name),
|
|
|
|
&zc->zc_inject_record);
|
|
|
|
|
|
|
|
zc->zc_guid = id;
|
|
|
|
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
zfs_ioc_error_log(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
spa_t *spa;
|
|
|
|
int error;
|
|
|
|
size_t count = (size_t)zc->zc_nvlist_dst_size;
|
|
|
|
|
|
|
|
if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst,
|
|
|
|
&count);
|
|
|
|
if (error == 0)
|
|
|
|
zc->zc_nvlist_dst_size = count;
|
|
|
|
else
|
|
|
|
zc->zc_nvlist_dst_size = spa_get_errlog_size(spa);
|
|
|
|
|
|
|
|
spa_close(spa, FTAG);
|
|
|
|
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
zfs_ioc_clear(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
spa_t *spa;
|
|
|
|
vdev_t *vd;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
/*
|
2008-12-03 23:09:06 +03:00
|
|
|
* On zpool clear we also fix up missing slogs
|
2008-11-20 23:01:55 +03:00
|
|
|
*/
|
2008-12-03 23:09:06 +03:00
|
|
|
mutex_enter(&spa_namespace_lock);
|
|
|
|
spa = spa_lookup(zc->zc_name);
|
|
|
|
if (spa == NULL) {
|
|
|
|
mutex_exit(&spa_namespace_lock);
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EIO));
|
2008-12-03 23:09:06 +03:00
|
|
|
}
|
2010-05-29 00:45:14 +04:00
|
|
|
if (spa_get_log_state(spa) == SPA_LOG_MISSING) {
|
2008-12-03 23:09:06 +03:00
|
|
|
/* we need to let spa_open/spa_load clear the chains */
|
2010-05-29 00:45:14 +04:00
|
|
|
spa_set_log_state(spa, SPA_LOG_CLEAR);
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
2010-05-29 00:45:14 +04:00
|
|
|
spa->spa_last_open_failed = 0;
|
2008-12-03 23:09:06 +03:00
|
|
|
mutex_exit(&spa_namespace_lock);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
if (zc->zc_cookie & ZPOOL_NO_REWIND) {
|
|
|
|
error = spa_open(zc->zc_name, &spa, FTAG);
|
|
|
|
} else {
|
|
|
|
nvlist_t *policy;
|
|
|
|
nvlist_t *config = NULL;
|
|
|
|
|
2010-08-26 20:52:39 +04:00
|
|
|
if (zc->zc_nvlist_src == 0)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EINVAL));
|
2010-05-29 00:45:14 +04:00
|
|
|
|
|
|
|
if ((error = get_nvlist(zc->zc_nvlist_src,
|
|
|
|
zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) {
|
|
|
|
error = spa_open_rewind(zc->zc_name, &spa, FTAG,
|
|
|
|
policy, &config);
|
|
|
|
if (config != NULL) {
|
2010-08-27 01:24:34 +04:00
|
|
|
int err;
|
|
|
|
|
|
|
|
if ((err = put_nvlist(zc, config)) != 0)
|
|
|
|
error = err;
|
2010-05-29 00:45:14 +04:00
|
|
|
nvlist_free(config);
|
|
|
|
}
|
|
|
|
nvlist_free(policy);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
if (error != 0)
|
2008-12-03 23:09:06 +03:00
|
|
|
return (error);
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
spa_vdev_state_enter(spa, SCL_NONE);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
if (zc->zc_guid == 0) {
|
|
|
|
vd = NULL;
|
2008-12-03 23:09:06 +03:00
|
|
|
} else {
|
|
|
|
vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE);
|
2008-11-20 23:01:55 +03:00
|
|
|
if (vd == NULL) {
|
2008-12-03 23:09:06 +03:00
|
|
|
(void) spa_vdev_state_exit(spa, NULL, ENODEV);
|
2008-11-20 23:01:55 +03:00
|
|
|
spa_close(spa, FTAG);
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(ENODEV));
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2008-12-03 23:09:06 +03:00
|
|
|
vdev_clear(spa, vd);
|
|
|
|
|
2017-07-25 22:20:52 +03:00
|
|
|
(void) spa_vdev_state_exit(spa, spa_suspended(spa) ?
|
|
|
|
NULL : spa->spa_root_vdev, 0);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2008-12-03 23:09:06 +03:00
|
|
|
/*
|
|
|
|
* Resume any suspended I/Os.
|
|
|
|
*/
|
2009-07-03 02:44:48 +04:00
|
|
|
if (zio_resume(spa) != 0)
|
2013-03-08 22:41:28 +04:00
|
|
|
error = SET_ERROR(EIO);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
spa_close(spa, FTAG);
|
|
|
|
|
2009-07-03 02:44:48 +04:00
|
|
|
return (error);
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
2017-10-26 22:26:09 +03:00
|
|
|
/*
|
|
|
|
* Reopen all the vdevs associated with the pool.
|
|
|
|
*
|
|
|
|
* innvl: {
|
|
|
|
* "scrub_restart" -> when true and scrub is running, allow to restart
|
|
|
|
* scrub as the side effect of the reopen (boolean).
|
|
|
|
* }
|
|
|
|
*
|
|
|
|
* outnvl is unused
|
|
|
|
*/
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
static const zfs_ioc_key_t zfs_keys_pool_reopen[] = {
|
|
|
|
{"scrub_restart", DATA_TYPE_BOOLEAN_VALUE, 0},
|
|
|
|
};
|
|
|
|
|
2017-10-26 22:26:09 +03:00
|
|
|
/* ARGSUSED */
|
2012-01-24 06:43:32 +04:00
|
|
|
static int
|
2017-10-26 22:26:09 +03:00
|
|
|
zfs_ioc_pool_reopen(const char *pool, nvlist_t *innvl, nvlist_t *outnvl)
|
2012-01-24 06:43:32 +04:00
|
|
|
{
|
|
|
|
spa_t *spa;
|
|
|
|
int error;
|
2017-10-26 22:26:09 +03:00
|
|
|
boolean_t scrub_restart = B_TRUE;
|
2012-01-24 06:43:32 +04:00
|
|
|
|
2017-10-26 22:26:09 +03:00
|
|
|
if (innvl) {
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
scrub_restart = fnvlist_lookup_boolean_value(innvl,
|
|
|
|
"scrub_restart");
|
2017-10-26 22:26:09 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
error = spa_open(pool, &spa, FTAG);
|
2013-09-04 16:00:57 +04:00
|
|
|
if (error != 0)
|
2012-01-24 06:43:32 +04:00
|
|
|
return (error);
|
|
|
|
|
|
|
|
spa_vdev_state_enter(spa, SCL_NONE);
|
2012-09-02 00:44:00 +04:00
|
|
|
|
|
|
|
/*
|
2017-10-26 22:26:09 +03:00
|
|
|
* If the scrub_restart flag is B_FALSE and a scrub is already
|
|
|
|
* in progress then set spa_scrub_reopen flag to B_TRUE so that
|
|
|
|
* we don't restart the scrub as a side effect of the reopen.
|
|
|
|
* Otherwise, let vdev_open() decided if a resilver is required.
|
2012-09-02 00:44:00 +04:00
|
|
|
*/
|
2017-10-26 22:26:09 +03:00
|
|
|
|
|
|
|
spa->spa_scrub_reopen = (!scrub_restart &&
|
|
|
|
dsl_scan_scrubbing(spa->spa_dsl_pool));
|
2012-01-24 06:43:32 +04:00
|
|
|
vdev_reopen(spa->spa_root_vdev);
|
2012-09-02 00:44:00 +04:00
|
|
|
spa->spa_scrub_reopen = B_FALSE;
|
|
|
|
|
2012-01-24 06:43:32 +04:00
|
|
|
(void) spa_vdev_state_exit(spa, NULL, 0);
|
|
|
|
spa_close(spa, FTAG);
|
|
|
|
return (0);
|
|
|
|
}
|
2017-10-26 22:26:09 +03:00
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
/*
|
|
|
|
* inputs:
|
|
|
|
* zc_name name of filesystem
|
|
|
|
*
|
2010-05-29 00:45:14 +04:00
|
|
|
* outputs:
|
|
|
|
* zc_string name of conflicting snapshot, if there is one
|
2008-11-20 23:01:55 +03:00
|
|
|
*/
|
|
|
|
static int
|
|
|
|
zfs_ioc_promote(zfs_cmd_t *zc)
|
|
|
|
{
|
2017-06-27 02:56:09 +03:00
|
|
|
dsl_pool_t *dp;
|
|
|
|
dsl_dataset_t *ds, *ods;
|
|
|
|
char origin[ZFS_MAX_DATASET_NAME_LEN];
|
2008-11-20 23:01:55 +03:00
|
|
|
char *cp;
|
2017-06-27 02:56:09 +03:00
|
|
|
int error;
|
|
|
|
|
2017-07-29 00:12:34 +03:00
|
|
|
zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
|
|
|
|
if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0 ||
|
|
|
|
strchr(zc->zc_name, '%'))
|
|
|
|
return (SET_ERROR(EINVAL));
|
|
|
|
|
2017-06-27 02:56:09 +03:00
|
|
|
error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
|
|
|
|
if (error != 0)
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds);
|
|
|
|
if (error != 0) {
|
|
|
|
dsl_pool_rele(dp, FTAG);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!dsl_dir_is_clone(ds->ds_dir)) {
|
|
|
|
dsl_dataset_rele(ds, FTAG);
|
|
|
|
dsl_pool_rele(dp, FTAG);
|
|
|
|
return (SET_ERROR(EINVAL));
|
|
|
|
}
|
|
|
|
|
|
|
|
error = dsl_dataset_hold_obj(dp,
|
|
|
|
dsl_dir_phys(ds->ds_dir)->dd_origin_obj, FTAG, &ods);
|
|
|
|
if (error != 0) {
|
|
|
|
dsl_dataset_rele(ds, FTAG);
|
|
|
|
dsl_pool_rele(dp, FTAG);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
dsl_dataset_name(ods, origin);
|
|
|
|
dsl_dataset_rele(ods, FTAG);
|
|
|
|
dsl_dataset_rele(ds, FTAG);
|
|
|
|
dsl_pool_rele(dp, FTAG);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
/*
|
|
|
|
* We don't need to unmount *all* the origin fs's snapshots, but
|
|
|
|
* it's easier.
|
|
|
|
*/
|
2017-06-27 02:56:09 +03:00
|
|
|
cp = strchr(origin, '@');
|
2008-11-20 23:01:55 +03:00
|
|
|
if (cp)
|
|
|
|
*cp = '\0';
|
2017-06-27 02:56:09 +03:00
|
|
|
(void) dmu_objset_find(origin,
|
2013-09-04 16:00:57 +04:00
|
|
|
zfs_unmount_snap_cb, NULL, DS_FIND_SNAPSHOTS);
|
2010-05-29 00:45:14 +04:00
|
|
|
return (dsl_dataset_promote(zc->zc_name, zc->zc_string));
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
2009-07-03 02:44:48 +04:00
|
|
|
/*
|
2018-02-14 01:54:54 +03:00
|
|
|
* Retrieve a single {user|group|project}{used|quota}@... property.
|
2009-07-03 02:44:48 +04:00
|
|
|
*
|
|
|
|
* inputs:
|
|
|
|
* zc_name name of filesystem
|
|
|
|
* zc_objset_type zfs_userquota_prop_t
|
|
|
|
* zc_value domain name (eg. "S-1-234-567-89")
|
|
|
|
* zc_guid RID/UID/GID
|
|
|
|
*
|
|
|
|
* outputs:
|
|
|
|
* zc_cookie property value
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
zfs_ioc_userspace_one(zfs_cmd_t *zc)
|
|
|
|
{
|
2017-03-08 03:21:37 +03:00
|
|
|
zfsvfs_t *zfsvfs;
|
2009-07-03 02:44:48 +04:00
|
|
|
int error;
|
|
|
|
|
|
|
|
if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EINVAL));
|
2009-07-03 02:44:48 +04:00
|
|
|
|
2017-03-09 01:56:19 +03:00
|
|
|
error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
|
2013-09-04 16:00:57 +04:00
|
|
|
if (error != 0)
|
2009-07-03 02:44:48 +04:00
|
|
|
return (error);
|
|
|
|
|
2017-03-08 03:21:37 +03:00
|
|
|
error = zfs_userspace_one(zfsvfs,
|
2009-07-03 02:44:48 +04:00
|
|
|
zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie);
|
2017-03-09 01:56:19 +03:00
|
|
|
zfsvfs_rele(zfsvfs, FTAG);
|
2009-07-03 02:44:48 +04:00
|
|
|
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* inputs:
|
|
|
|
* zc_name name of filesystem
|
|
|
|
* zc_cookie zap cursor
|
|
|
|
* zc_objset_type zfs_userquota_prop_t
|
|
|
|
* zc_nvlist_dst[_size] buffer to fill (not really an nvlist)
|
|
|
|
*
|
|
|
|
* outputs:
|
|
|
|
* zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t)
|
|
|
|
* zc_cookie zap cursor
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
zfs_ioc_userspace_many(zfs_cmd_t *zc)
|
|
|
|
{
|
2017-03-08 03:21:37 +03:00
|
|
|
zfsvfs_t *zfsvfs;
|
2010-05-29 00:45:14 +04:00
|
|
|
int bufsize = zc->zc_nvlist_dst_size;
|
|
|
|
|
|
|
|
if (bufsize <= 0)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(ENOMEM));
|
2009-07-03 02:44:48 +04:00
|
|
|
|
2017-11-04 23:25:13 +03:00
|
|
|
int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
|
2013-09-04 16:00:57 +04:00
|
|
|
if (error != 0)
|
2009-07-03 02:44:48 +04:00
|
|
|
return (error);
|
|
|
|
|
2017-11-04 23:25:13 +03:00
|
|
|
void *buf = vmem_alloc(bufsize, KM_SLEEP);
|
2009-07-03 02:44:48 +04:00
|
|
|
|
2017-03-08 03:21:37 +03:00
|
|
|
error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie,
|
2009-07-03 02:44:48 +04:00
|
|
|
buf, &zc->zc_nvlist_dst_size);
|
|
|
|
|
|
|
|
if (error == 0) {
|
|
|
|
error = xcopyout(buf,
|
|
|
|
(void *)(uintptr_t)zc->zc_nvlist_dst,
|
|
|
|
zc->zc_nvlist_dst_size);
|
|
|
|
}
|
2011-05-21 01:23:18 +04:00
|
|
|
vmem_free(buf, bufsize);
|
2017-03-09 01:56:19 +03:00
|
|
|
zfsvfs_rele(zfsvfs, FTAG);
|
2009-07-03 02:44:48 +04:00
|
|
|
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* inputs:
|
|
|
|
* zc_name name of filesystem
|
|
|
|
*
|
|
|
|
* outputs:
|
|
|
|
* none
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
zfs_ioc_userspace_upgrade(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
objset_t *os;
|
2010-05-29 00:45:14 +04:00
|
|
|
int error = 0;
|
2017-03-08 03:21:37 +03:00
|
|
|
zfsvfs_t *zfsvfs;
|
2009-07-03 02:44:48 +04:00
|
|
|
|
2017-03-09 01:56:19 +03:00
|
|
|
if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) {
|
2017-03-08 03:21:37 +03:00
|
|
|
if (!dmu_objset_userused_enabled(zfsvfs->z_os)) {
|
2009-07-03 02:44:48 +04:00
|
|
|
/*
|
|
|
|
* If userused is not enabled, it may be because the
|
|
|
|
* objset needs to be closed & reopened (to grow the
|
|
|
|
* objset_phys_t). Suspend/resume the fs will do that.
|
|
|
|
*/
|
2018-02-21 15:55:55 +03:00
|
|
|
dsl_dataset_t *ds, *newds;
|
2017-01-23 21:53:46 +03:00
|
|
|
|
2017-03-08 03:21:37 +03:00
|
|
|
ds = dmu_objset_ds(zfsvfs->z_os);
|
|
|
|
error = zfs_suspend_fs(zfsvfs);
|
2013-07-27 21:50:07 +04:00
|
|
|
if (error == 0) {
|
2018-02-21 15:55:55 +03:00
|
|
|
dmu_objset_refresh_ownership(ds, &newds,
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
B_TRUE, zfsvfs);
|
2018-02-21 15:55:55 +03:00
|
|
|
error = zfs_resume_fs(zfsvfs, newds);
|
2013-07-27 21:50:07 +04:00
|
|
|
}
|
2009-07-03 02:44:48 +04:00
|
|
|
}
|
|
|
|
if (error == 0)
|
2017-03-08 03:21:37 +03:00
|
|
|
error = dmu_objset_userspace_upgrade(zfsvfs->z_os);
|
|
|
|
deactivate_super(zfsvfs->z_sb);
|
2009-07-03 02:44:48 +04:00
|
|
|
} else {
|
2010-05-29 00:45:14 +04:00
|
|
|
/* XXX kind of reading contents without owning */
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, FTAG, &os);
|
2013-09-04 16:00:57 +04:00
|
|
|
if (error != 0)
|
2009-07-03 02:44:48 +04:00
|
|
|
return (error);
|
|
|
|
|
|
|
|
error = dmu_objset_userspace_upgrade(os);
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
dmu_objset_rele_flags(os, B_TRUE, FTAG);
|
2009-07-03 02:44:48 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2016-10-04 21:46:10 +03:00
|
|
|
/*
|
|
|
|
* inputs:
|
|
|
|
* zc_name name of filesystem
|
|
|
|
*
|
|
|
|
* outputs:
|
|
|
|
* none
|
|
|
|
*/
|
|
|
|
static int
|
2018-02-14 01:54:54 +03:00
|
|
|
zfs_ioc_id_quota_upgrade(zfs_cmd_t *zc)
|
2016-10-04 21:46:10 +03:00
|
|
|
{
|
|
|
|
objset_t *os;
|
|
|
|
int error;
|
|
|
|
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, FTAG, &os);
|
2016-10-04 21:46:10 +03:00
|
|
|
if (error != 0)
|
|
|
|
return (error);
|
|
|
|
|
2018-02-14 01:54:54 +03:00
|
|
|
if (dmu_objset_userobjspace_upgradable(os) ||
|
|
|
|
dmu_objset_projectquota_upgradable(os)) {
|
2016-10-04 21:46:10 +03:00
|
|
|
mutex_enter(&os->os_upgrade_lock);
|
|
|
|
if (os->os_upgrade_id == 0) {
|
|
|
|
/* clear potential error code and retry */
|
|
|
|
os->os_upgrade_status = 0;
|
|
|
|
mutex_exit(&os->os_upgrade_lock);
|
|
|
|
|
2018-02-14 01:54:54 +03:00
|
|
|
dmu_objset_id_quota_upgrade(os);
|
2016-10-04 21:46:10 +03:00
|
|
|
} else {
|
|
|
|
mutex_exit(&os->os_upgrade_lock);
|
|
|
|
}
|
|
|
|
|
2017-11-11 00:37:10 +03:00
|
|
|
dsl_pool_rele(dmu_objset_pool(os), FTAG);
|
|
|
|
|
2016-10-04 21:46:10 +03:00
|
|
|
taskq_wait_id(os->os_spa->spa_upgrade_taskq, os->os_upgrade_id);
|
|
|
|
error = os->os_upgrade_status;
|
2017-11-11 00:37:10 +03:00
|
|
|
} else {
|
|
|
|
dsl_pool_rele(dmu_objset_pool(os), FTAG);
|
2016-10-04 21:46:10 +03:00
|
|
|
}
|
|
|
|
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
dsl_dataset_rele_flags(dmu_objset_ds(os), DS_HOLD_FLAG_DECRYPT, FTAG);
|
2016-10-04 21:46:10 +03:00
|
|
|
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
static int
|
|
|
|
zfs_ioc_share(zfs_cmd_t *zc)
|
|
|
|
{
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(ENOSYS));
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
2009-07-03 02:44:48 +04:00
|
|
|
ace_t full_access[] = {
|
|
|
|
{(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0}
|
|
|
|
};
|
|
|
|
|
2010-08-27 01:24:34 +04:00
|
|
|
/*
|
|
|
|
* inputs:
|
|
|
|
* zc_name name of containing filesystem
|
|
|
|
* zc_obj object # beyond which we want next in-use object #
|
|
|
|
*
|
|
|
|
* outputs:
|
|
|
|
* zc_obj next in-use object #
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
zfs_ioc_next_obj(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
objset_t *os = NULL;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
error = dmu_objset_hold(zc->zc_name, FTAG, &os);
|
2013-09-04 16:00:57 +04:00
|
|
|
if (error != 0)
|
2010-08-27 01:24:34 +04:00
|
|
|
return (error);
|
|
|
|
|
2015-05-13 17:16:42 +03:00
|
|
|
error = dmu_object_next(os, &zc->zc_obj, B_FALSE, 0);
|
2010-08-27 01:24:34 +04:00
|
|
|
|
|
|
|
dmu_objset_rele(os, FTAG);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* inputs:
|
|
|
|
* zc_name name of filesystem
|
|
|
|
* zc_value prefix name for snapshot
|
|
|
|
* zc_cleanup_fd cleanup-on-exit file descriptor for calling process
|
|
|
|
*
|
|
|
|
* outputs:
|
2013-08-28 15:45:09 +04:00
|
|
|
* zc_value short name of new snapshot
|
2010-08-27 01:24:34 +04:00
|
|
|
*/
|
|
|
|
static int
|
|
|
|
zfs_ioc_tmp_snapshot(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
char *snap_name;
|
2013-09-04 16:00:57 +04:00
|
|
|
char *hold_name;
|
2010-08-27 01:24:34 +04:00
|
|
|
int error;
|
2013-09-04 16:00:57 +04:00
|
|
|
minor_t minor;
|
2010-08-27 01:24:34 +04:00
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
error = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor);
|
|
|
|
if (error != 0)
|
2010-08-27 01:24:34 +04:00
|
|
|
return (error);
|
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
snap_name = kmem_asprintf("%s-%016llx", zc->zc_value,
|
|
|
|
(u_longlong_t)ddi_get_lbolt64());
|
|
|
|
hold_name = kmem_asprintf("%%%s", zc->zc_value);
|
|
|
|
|
|
|
|
error = dsl_dataset_snapshot_tmp(zc->zc_name, snap_name, minor,
|
|
|
|
hold_name);
|
|
|
|
if (error == 0)
|
2016-09-26 01:08:28 +03:00
|
|
|
(void) strlcpy(zc->zc_value, snap_name,
|
|
|
|
sizeof (zc->zc_value));
|
2010-08-27 01:24:34 +04:00
|
|
|
strfree(snap_name);
|
2013-09-04 16:00:57 +04:00
|
|
|
strfree(hold_name);
|
|
|
|
zfs_onexit_fd_rele(zc->zc_cleanup_fd);
|
|
|
|
return (error);
|
2010-08-27 01:24:34 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* inputs:
|
|
|
|
* zc_name name of "to" snapshot
|
|
|
|
* zc_value name of "from" snapshot
|
|
|
|
* zc_cookie file descriptor to write diff data on
|
|
|
|
*
|
|
|
|
* outputs:
|
|
|
|
* dmu_diff_record_t's to the file descriptor
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
zfs_ioc_diff(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
file_t *fp;
|
|
|
|
offset_t off;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
fp = getf(zc->zc_cookie);
|
2013-09-04 16:00:57 +04:00
|
|
|
if (fp == NULL)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EBADF));
|
2010-08-27 01:24:34 +04:00
|
|
|
|
|
|
|
off = fp->f_offset;
|
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
error = dmu_diff(zc->zc_name, zc->zc_value, fp->f_vnode, &off);
|
2010-08-27 01:24:34 +04:00
|
|
|
|
|
|
|
if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
|
|
|
|
fp->f_offset = off;
|
|
|
|
releasef(zc->zc_cookie);
|
|
|
|
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2009-07-03 02:44:48 +04:00
|
|
|
/*
|
|
|
|
* Remove all ACL files in shares dir
|
|
|
|
*/
|
2011-07-02 23:34:12 +04:00
|
|
|
#ifdef HAVE_SMB_SHARE
|
2009-07-03 02:44:48 +04:00
|
|
|
static int
|
|
|
|
zfs_smb_acl_purge(znode_t *dzp)
|
|
|
|
{
|
|
|
|
zap_cursor_t zc;
|
|
|
|
zap_attribute_t zap;
|
2017-03-08 03:21:37 +03:00
|
|
|
zfsvfs_t *zfsvfs = ZTOZSB(dzp);
|
2009-07-03 02:44:48 +04:00
|
|
|
int error;
|
|
|
|
|
2017-03-08 03:21:37 +03:00
|
|
|
for (zap_cursor_init(&zc, zfsvfs->z_os, dzp->z_id);
|
2009-07-03 02:44:48 +04:00
|
|
|
(error = zap_cursor_retrieve(&zc, &zap)) == 0;
|
|
|
|
zap_cursor_advance(&zc)) {
|
|
|
|
if ((error = VOP_REMOVE(ZTOV(dzp), zap.za_name, kcred,
|
|
|
|
NULL, 0)) != 0)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
zap_cursor_fini(&zc);
|
|
|
|
return (error);
|
|
|
|
}
|
2011-07-02 23:34:12 +04:00
|
|
|
#endif /* HAVE_SMB_SHARE */
|
2009-07-03 02:44:48 +04:00
|
|
|
|
|
|
|
static int
|
|
|
|
zfs_ioc_smb_acl(zfs_cmd_t *zc)
|
|
|
|
{
|
2011-07-02 23:34:12 +04:00
|
|
|
#ifdef HAVE_SMB_SHARE
|
2009-07-03 02:44:48 +04:00
|
|
|
vnode_t *vp;
|
|
|
|
znode_t *dzp;
|
|
|
|
vnode_t *resourcevp = NULL;
|
|
|
|
znode_t *sharedir;
|
2017-03-08 03:21:37 +03:00
|
|
|
zfsvfs_t *zfsvfs;
|
2009-07-03 02:44:48 +04:00
|
|
|
nvlist_t *nvlist;
|
|
|
|
char *src, *target;
|
|
|
|
vattr_t vattr;
|
|
|
|
vsecattr_t vsec;
|
|
|
|
int error = 0;
|
|
|
|
|
|
|
|
if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
|
|
|
|
NO_FOLLOW, NULL, &vp)) != 0)
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
/* Now make sure mntpnt and dataset are ZFS */
|
|
|
|
|
|
|
|
if (vp->v_vfsp->vfs_fstype != zfsfstype ||
|
|
|
|
(strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
|
|
|
|
zc->zc_name) != 0)) {
|
|
|
|
VN_RELE(vp);
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EINVAL));
|
2009-07-03 02:44:48 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
dzp = VTOZ(vp);
|
2017-03-08 03:21:37 +03:00
|
|
|
zfsvfs = ZTOZSB(dzp);
|
|
|
|
ZFS_ENTER(zfsvfs);
|
2009-07-03 02:44:48 +04:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Create share dir if its missing.
|
|
|
|
*/
|
2017-03-08 03:21:37 +03:00
|
|
|
mutex_enter(&zfsvfs->z_lock);
|
|
|
|
if (zfsvfs->z_shares_dir == 0) {
|
2009-07-03 02:44:48 +04:00
|
|
|
dmu_tx_t *tx;
|
|
|
|
|
2017-03-08 03:21:37 +03:00
|
|
|
tx = dmu_tx_create(zfsvfs->z_os);
|
2009-07-03 02:44:48 +04:00
|
|
|
dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, TRUE,
|
|
|
|
ZFS_SHARES_DIR);
|
|
|
|
dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL);
|
|
|
|
error = dmu_tx_assign(tx, TXG_WAIT);
|
2013-09-04 16:00:57 +04:00
|
|
|
if (error != 0) {
|
2009-07-03 02:44:48 +04:00
|
|
|
dmu_tx_abort(tx);
|
|
|
|
} else {
|
2017-03-08 03:21:37 +03:00
|
|
|
error = zfs_create_share_dir(zfsvfs, tx);
|
2009-07-03 02:44:48 +04:00
|
|
|
dmu_tx_commit(tx);
|
|
|
|
}
|
2013-09-04 16:00:57 +04:00
|
|
|
if (error != 0) {
|
2017-03-08 03:21:37 +03:00
|
|
|
mutex_exit(&zfsvfs->z_lock);
|
2009-07-03 02:44:48 +04:00
|
|
|
VN_RELE(vp);
|
2017-03-08 03:21:37 +03:00
|
|
|
ZFS_EXIT(zfsvfs);
|
2009-07-03 02:44:48 +04:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
}
|
2017-03-08 03:21:37 +03:00
|
|
|
mutex_exit(&zfsvfs->z_lock);
|
2009-07-03 02:44:48 +04:00
|
|
|
|
2017-03-08 03:21:37 +03:00
|
|
|
ASSERT(zfsvfs->z_shares_dir);
|
|
|
|
if ((error = zfs_zget(zfsvfs, zfsvfs->z_shares_dir, &sharedir)) != 0) {
|
2009-07-03 02:44:48 +04:00
|
|
|
VN_RELE(vp);
|
2017-03-08 03:21:37 +03:00
|
|
|
ZFS_EXIT(zfsvfs);
|
2009-07-03 02:44:48 +04:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
switch (zc->zc_cookie) {
|
|
|
|
case ZFS_SMB_ACL_ADD:
|
|
|
|
vattr.va_mask = AT_MODE|AT_UID|AT_GID|AT_TYPE;
|
|
|
|
vattr.va_mode = S_IFREG|0777;
|
|
|
|
vattr.va_uid = 0;
|
|
|
|
vattr.va_gid = 0;
|
|
|
|
|
|
|
|
vsec.vsa_mask = VSA_ACE;
|
|
|
|
vsec.vsa_aclentp = &full_access;
|
|
|
|
vsec.vsa_aclentsz = sizeof (full_access);
|
|
|
|
vsec.vsa_aclcnt = 1;
|
|
|
|
|
|
|
|
error = VOP_CREATE(ZTOV(sharedir), zc->zc_string,
|
|
|
|
&vattr, EXCL, 0, &resourcevp, kcred, 0, NULL, &vsec);
|
|
|
|
if (resourcevp)
|
|
|
|
VN_RELE(resourcevp);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case ZFS_SMB_ACL_REMOVE:
|
|
|
|
error = VOP_REMOVE(ZTOV(sharedir), zc->zc_string, kcred,
|
|
|
|
NULL, 0);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case ZFS_SMB_ACL_RENAME:
|
|
|
|
if ((error = get_nvlist(zc->zc_nvlist_src,
|
|
|
|
zc->zc_nvlist_src_size, zc->zc_iflags, &nvlist)) != 0) {
|
|
|
|
VN_RELE(vp);
|
2016-02-03 03:34:23 +03:00
|
|
|
VN_RELE(ZTOV(sharedir));
|
2017-03-08 03:21:37 +03:00
|
|
|
ZFS_EXIT(zfsvfs);
|
2009-07-03 02:44:48 +04:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
if (nvlist_lookup_string(nvlist, ZFS_SMB_ACL_SRC, &src) ||
|
|
|
|
nvlist_lookup_string(nvlist, ZFS_SMB_ACL_TARGET,
|
|
|
|
&target)) {
|
|
|
|
VN_RELE(vp);
|
|
|
|
VN_RELE(ZTOV(sharedir));
|
2017-03-08 03:21:37 +03:00
|
|
|
ZFS_EXIT(zfsvfs);
|
2010-05-29 00:45:14 +04:00
|
|
|
nvlist_free(nvlist);
|
2009-07-03 02:44:48 +04:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
error = VOP_RENAME(ZTOV(sharedir), src, ZTOV(sharedir), target,
|
|
|
|
kcred, NULL, 0);
|
|
|
|
nvlist_free(nvlist);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case ZFS_SMB_ACL_PURGE:
|
|
|
|
error = zfs_smb_acl_purge(sharedir);
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
2013-03-08 22:41:28 +04:00
|
|
|
error = SET_ERROR(EINVAL);
|
2009-07-03 02:44:48 +04:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
VN_RELE(vp);
|
|
|
|
VN_RELE(ZTOV(sharedir));
|
|
|
|
|
2017-03-08 03:21:37 +03:00
|
|
|
ZFS_EXIT(zfsvfs);
|
2009-07-03 02:44:48 +04:00
|
|
|
|
|
|
|
return (error);
|
2010-08-26 22:44:39 +04:00
|
|
|
#else
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(ENOTSUP));
|
2011-07-02 23:34:12 +04:00
|
|
|
#endif /* HAVE_SMB_SHARE */
|
2009-07-03 02:44:48 +04:00
|
|
|
}
|
|
|
|
|
2009-08-18 22:43:27 +04:00
|
|
|
/*
|
2013-09-04 16:00:57 +04:00
|
|
|
* innvl: {
|
|
|
|
* "holds" -> { snapname -> holdname (string), ... }
|
|
|
|
* (optional) "cleanup_fd" -> fd (int32)
|
|
|
|
* }
|
2009-08-18 22:43:27 +04:00
|
|
|
*
|
2013-09-04 16:00:57 +04:00
|
|
|
* outnvl: {
|
|
|
|
* snapname -> error value (int32)
|
|
|
|
* ...
|
|
|
|
* }
|
2009-08-18 22:43:27 +04:00
|
|
|
*/
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
static const zfs_ioc_key_t zfs_keys_hold[] = {
|
|
|
|
{"holds", DATA_TYPE_NVLIST, 0},
|
|
|
|
{"cleanup_fd", DATA_TYPE_INT32, ZK_OPTIONAL},
|
|
|
|
};
|
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
/* ARGSUSED */
|
2009-08-18 22:43:27 +04:00
|
|
|
static int
|
2013-09-04 16:00:57 +04:00
|
|
|
zfs_ioc_hold(const char *pool, nvlist_t *args, nvlist_t *errlist)
|
2009-08-18 22:43:27 +04:00
|
|
|
{
|
2016-01-09 20:37:15 +03:00
|
|
|
nvpair_t *pair;
|
2013-09-04 16:00:57 +04:00
|
|
|
nvlist_t *holds;
|
|
|
|
int cleanup_fd = -1;
|
2010-08-27 01:24:34 +04:00
|
|
|
int error;
|
|
|
|
minor_t minor = 0;
|
2009-08-18 22:43:27 +04:00
|
|
|
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
holds = fnvlist_lookup_nvlist(args, "holds");
|
2010-08-27 01:24:34 +04:00
|
|
|
|
2016-01-09 20:37:15 +03:00
|
|
|
/* make sure the user didn't pass us any invalid (empty) tags */
|
|
|
|
for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL;
|
|
|
|
pair = nvlist_next_nvpair(holds, pair)) {
|
|
|
|
char *htag;
|
|
|
|
|
|
|
|
error = nvpair_value_string(pair, &htag);
|
|
|
|
if (error != 0)
|
|
|
|
return (SET_ERROR(error));
|
|
|
|
|
|
|
|
if (strlen(htag) == 0)
|
|
|
|
return (SET_ERROR(EINVAL));
|
|
|
|
}
|
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
if (nvlist_lookup_int32(args, "cleanup_fd", &cleanup_fd) == 0) {
|
|
|
|
error = zfs_onexit_fd_hold(cleanup_fd, &minor);
|
|
|
|
if (error != 0)
|
2010-08-27 01:24:34 +04:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
error = dsl_dataset_user_hold(holds, minor, errlist);
|
|
|
|
if (minor != 0)
|
|
|
|
zfs_onexit_fd_rele(cleanup_fd);
|
2010-08-27 01:24:34 +04:00
|
|
|
return (error);
|
2009-08-18 22:43:27 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2013-09-04 16:00:57 +04:00
|
|
|
* innvl is not used.
|
2009-08-18 22:43:27 +04:00
|
|
|
*
|
2013-09-04 16:00:57 +04:00
|
|
|
* outnvl: {
|
|
|
|
* holdname -> time added (uint64 seconds since epoch)
|
|
|
|
* ...
|
|
|
|
* }
|
2009-08-18 22:43:27 +04:00
|
|
|
*/
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
static const zfs_ioc_key_t zfs_keys_get_holds[] = {
|
|
|
|
/* no nvl keys */
|
|
|
|
};
|
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
/* ARGSUSED */
|
2009-08-18 22:43:27 +04:00
|
|
|
static int
|
2013-09-04 16:00:57 +04:00
|
|
|
zfs_ioc_get_holds(const char *snapname, nvlist_t *args, nvlist_t *outnvl)
|
2009-08-18 22:43:27 +04:00
|
|
|
{
|
2013-09-04 16:00:57 +04:00
|
|
|
return (dsl_dataset_get_holds(snapname, outnvl));
|
2009-08-18 22:43:27 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2013-09-04 16:00:57 +04:00
|
|
|
* innvl: {
|
|
|
|
* snapname -> { holdname, ... }
|
|
|
|
* ...
|
|
|
|
* }
|
2009-08-18 22:43:27 +04:00
|
|
|
*
|
2013-09-04 16:00:57 +04:00
|
|
|
* outnvl: {
|
|
|
|
* snapname -> error value (int32)
|
|
|
|
* ...
|
|
|
|
* }
|
2009-08-18 22:43:27 +04:00
|
|
|
*/
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
static const zfs_ioc_key_t zfs_keys_release[] = {
|
|
|
|
{"<snapname>...", DATA_TYPE_NVLIST, ZK_WILDCARDLIST},
|
|
|
|
};
|
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
/* ARGSUSED */
|
2009-08-18 22:43:27 +04:00
|
|
|
static int
|
2013-09-04 16:00:57 +04:00
|
|
|
zfs_ioc_release(const char *pool, nvlist_t *holds, nvlist_t *errlist)
|
2009-08-18 22:43:27 +04:00
|
|
|
{
|
2013-09-04 16:00:57 +04:00
|
|
|
return (dsl_dataset_user_release(holds, errlist));
|
2009-08-18 22:43:27 +04:00
|
|
|
}
|
|
|
|
|
2010-08-26 22:42:43 +04:00
|
|
|
/*
|
|
|
|
* inputs:
|
|
|
|
* zc_guid flags (ZEVENT_NONBLOCK)
|
2013-11-23 04:00:39 +04:00
|
|
|
* zc_cleanup_fd zevent file descriptor
|
2010-08-26 22:42:43 +04:00
|
|
|
*
|
|
|
|
* outputs:
|
|
|
|
* zc_nvlist_dst next nvlist event
|
|
|
|
* zc_cookie dropped events since last get
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
zfs_ioc_events_next(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
zfs_zevent_t *ze;
|
|
|
|
nvlist_t *event = NULL;
|
|
|
|
minor_t minor;
|
|
|
|
uint64_t dropped = 0;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
error = zfs_zevent_fd_hold(zc->zc_cleanup_fd, &minor, &ze);
|
|
|
|
if (error != 0)
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
do {
|
2010-10-05 03:21:04 +04:00
|
|
|
error = zfs_zevent_next(ze, &event,
|
2016-12-12 21:46:26 +03:00
|
|
|
&zc->zc_nvlist_dst_size, &dropped);
|
2010-08-26 22:42:43 +04:00
|
|
|
if (event != NULL) {
|
|
|
|
zc->zc_cookie = dropped;
|
|
|
|
error = put_nvlist(zc, event);
|
2010-10-05 03:21:04 +04:00
|
|
|
nvlist_free(event);
|
2010-08-26 22:42:43 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
if (zc->zc_guid & ZEVENT_NONBLOCK)
|
|
|
|
break;
|
|
|
|
|
|
|
|
if ((error == 0) || (error != ENOENT))
|
|
|
|
break;
|
|
|
|
|
|
|
|
error = zfs_zevent_wait(ze);
|
2013-09-04 16:00:57 +04:00
|
|
|
if (error != 0)
|
2010-08-26 22:42:43 +04:00
|
|
|
break;
|
|
|
|
} while (1);
|
|
|
|
|
|
|
|
zfs_zevent_fd_rele(zc->zc_cleanup_fd);
|
|
|
|
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* outputs:
|
|
|
|
* zc_cookie cleared events count
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
zfs_ioc_events_clear(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
int count;
|
|
|
|
|
|
|
|
zfs_zevent_drain_all(&count);
|
|
|
|
zc->zc_cookie = count;
|
|
|
|
|
2013-11-01 23:26:11 +04:00
|
|
|
return (0);
|
2010-08-26 22:42:43 +04:00
|
|
|
}
|
|
|
|
|
2013-11-23 02:52:16 +04:00
|
|
|
/*
|
|
|
|
* inputs:
|
|
|
|
* zc_guid eid | ZEVENT_SEEK_START | ZEVENT_SEEK_END
|
|
|
|
* zc_cleanup zevent file descriptor
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
zfs_ioc_events_seek(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
zfs_zevent_t *ze;
|
|
|
|
minor_t minor;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
error = zfs_zevent_fd_hold(zc->zc_cleanup_fd, &minor, &ze);
|
|
|
|
if (error != 0)
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
error = zfs_zevent_seek(ze, zc->zc_guid);
|
|
|
|
zfs_zevent_fd_rele(zc->zc_cleanup_fd);
|
|
|
|
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2011-11-17 22:14:36 +04:00
|
|
|
/*
|
|
|
|
* inputs:
|
|
|
|
* zc_name name of new filesystem or snapshot
|
|
|
|
* zc_value full name of old snapshot
|
|
|
|
*
|
|
|
|
* outputs:
|
|
|
|
* zc_cookie space in bytes
|
|
|
|
* zc_objset_type compressed space in bytes
|
|
|
|
* zc_perm_action uncompressed space in bytes
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
zfs_ioc_space_written(zfs_cmd_t *zc)
|
|
|
|
{
|
|
|
|
int error;
|
2013-09-04 16:00:57 +04:00
|
|
|
dsl_pool_t *dp;
|
2011-11-17 22:14:36 +04:00
|
|
|
dsl_dataset_t *new, *old;
|
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
|
2011-11-17 22:14:36 +04:00
|
|
|
if (error != 0)
|
|
|
|
return (error);
|
2013-09-04 16:00:57 +04:00
|
|
|
error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &new);
|
|
|
|
if (error != 0) {
|
|
|
|
dsl_pool_rele(dp, FTAG);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
error = dsl_dataset_hold(dp, zc->zc_value, FTAG, &old);
|
2011-11-17 22:14:36 +04:00
|
|
|
if (error != 0) {
|
|
|
|
dsl_dataset_rele(new, FTAG);
|
2013-09-04 16:00:57 +04:00
|
|
|
dsl_pool_rele(dp, FTAG);
|
2011-11-17 22:14:36 +04:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
error = dsl_dataset_space_written(old, new, &zc->zc_cookie,
|
|
|
|
&zc->zc_objset_type, &zc->zc_perm_action);
|
|
|
|
dsl_dataset_rele(old, FTAG);
|
|
|
|
dsl_dataset_rele(new, FTAG);
|
2013-09-04 16:00:57 +04:00
|
|
|
dsl_pool_rele(dp, FTAG);
|
2011-11-17 22:14:36 +04:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2013-08-28 15:45:09 +04:00
|
|
|
* innvl: {
|
|
|
|
* "firstsnap" -> snapshot name
|
|
|
|
* }
|
2011-11-17 22:14:36 +04:00
|
|
|
*
|
2013-08-28 15:45:09 +04:00
|
|
|
* outnvl: {
|
|
|
|
* "used" -> space in bytes
|
|
|
|
* "compressed" -> compressed space in bytes
|
|
|
|
* "uncompressed" -> uncompressed space in bytes
|
|
|
|
* }
|
2011-11-17 22:14:36 +04:00
|
|
|
*/
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
static const zfs_ioc_key_t zfs_keys_space_snaps[] = {
|
|
|
|
{"firstsnap", DATA_TYPE_STRING, 0},
|
|
|
|
};
|
|
|
|
|
2011-11-17 22:14:36 +04:00
|
|
|
static int
|
2013-08-28 15:45:09 +04:00
|
|
|
zfs_ioc_space_snaps(const char *lastsnap, nvlist_t *innvl, nvlist_t *outnvl)
|
2011-11-17 22:14:36 +04:00
|
|
|
{
|
|
|
|
int error;
|
2013-09-04 16:00:57 +04:00
|
|
|
dsl_pool_t *dp;
|
2011-11-17 22:14:36 +04:00
|
|
|
dsl_dataset_t *new, *old;
|
2013-08-28 15:45:09 +04:00
|
|
|
char *firstsnap;
|
|
|
|
uint64_t used, comp, uncomp;
|
2011-11-17 22:14:36 +04:00
|
|
|
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
firstsnap = fnvlist_lookup_string(innvl, "firstsnap");
|
2013-08-28 15:45:09 +04:00
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
error = dsl_pool_hold(lastsnap, FTAG, &dp);
|
2011-11-17 22:14:36 +04:00
|
|
|
if (error != 0)
|
|
|
|
return (error);
|
2013-09-04 16:00:57 +04:00
|
|
|
|
|
|
|
error = dsl_dataset_hold(dp, lastsnap, FTAG, &new);
|
2015-07-02 16:04:35 +03:00
|
|
|
if (error == 0 && !new->ds_is_snapshot) {
|
|
|
|
dsl_dataset_rele(new, FTAG);
|
|
|
|
error = SET_ERROR(EINVAL);
|
|
|
|
}
|
2013-09-04 16:00:57 +04:00
|
|
|
if (error != 0) {
|
|
|
|
dsl_pool_rele(dp, FTAG);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
error = dsl_dataset_hold(dp, firstsnap, FTAG, &old);
|
2015-07-02 16:04:35 +03:00
|
|
|
if (error == 0 && !old->ds_is_snapshot) {
|
|
|
|
dsl_dataset_rele(old, FTAG);
|
|
|
|
error = SET_ERROR(EINVAL);
|
|
|
|
}
|
2011-11-17 22:14:36 +04:00
|
|
|
if (error != 0) {
|
|
|
|
dsl_dataset_rele(new, FTAG);
|
2013-09-04 16:00:57 +04:00
|
|
|
dsl_pool_rele(dp, FTAG);
|
2011-11-17 22:14:36 +04:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
error = dsl_dataset_space_wouldfree(old, new, &used, &comp, &uncomp);
|
2011-11-17 22:14:36 +04:00
|
|
|
dsl_dataset_rele(old, FTAG);
|
|
|
|
dsl_dataset_rele(new, FTAG);
|
2013-09-04 16:00:57 +04:00
|
|
|
dsl_pool_rele(dp, FTAG);
|
2013-08-28 15:45:09 +04:00
|
|
|
fnvlist_add_uint64(outnvl, "used", used);
|
|
|
|
fnvlist_add_uint64(outnvl, "compressed", comp);
|
|
|
|
fnvlist_add_uint64(outnvl, "uncompressed", uncomp);
|
2011-11-17 22:14:36 +04:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
/*
|
2013-08-28 15:45:09 +04:00
|
|
|
* innvl: {
|
|
|
|
* "fd" -> file descriptor to write stream to (int32)
|
|
|
|
* (optional) "fromsnap" -> full snap name to send an incremental from
|
2014-11-03 23:15:08 +03:00
|
|
|
* (optional) "largeblockok" -> (value ignored)
|
|
|
|
* indicates that blocks > 128KB are permitted
|
2014-06-06 01:19:08 +04:00
|
|
|
* (optional) "embedok" -> (value ignored)
|
|
|
|
* presence indicates DRR_WRITE_EMBEDDED records are permitted
|
2016-07-11 20:45:52 +03:00
|
|
|
* (optional) "compressok" -> (value ignored)
|
|
|
|
* presence indicates compressed DRR_WRITE records are permitted
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
* (optional) "rawok" -> (value ignored)
|
|
|
|
* presence indicates raw encrypted records should be used.
|
2016-01-07 00:22:48 +03:00
|
|
|
* (optional) "resume_object" and "resume_offset" -> (uint64)
|
|
|
|
* if present, resume send stream from specified object and offset.
|
2013-08-28 15:45:09 +04:00
|
|
|
* }
|
|
|
|
*
|
|
|
|
* outnvl is unused
|
2008-11-20 23:01:55 +03:00
|
|
|
*/
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
static const zfs_ioc_key_t zfs_keys_send_new[] = {
|
|
|
|
{"fd", DATA_TYPE_INT32, 0},
|
|
|
|
{"fromsnap", DATA_TYPE_STRING, ZK_OPTIONAL},
|
|
|
|
{"largeblockok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
|
|
|
|
{"embedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
|
|
|
|
{"compressok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
|
|
|
|
{"rawok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
|
|
|
|
{"resume_object", DATA_TYPE_UINT64, ZK_OPTIONAL},
|
|
|
|
{"resume_offset", DATA_TYPE_UINT64, ZK_OPTIONAL},
|
|
|
|
};
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
/* ARGSUSED */
|
|
|
|
static int
|
|
|
|
zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
|
|
|
|
{
|
|
|
|
int error;
|
|
|
|
offset_t off;
|
2013-09-04 16:00:57 +04:00
|
|
|
char *fromname = NULL;
|
2013-08-28 15:45:09 +04:00
|
|
|
int fd;
|
2013-09-04 16:00:57 +04:00
|
|
|
file_t *fp;
|
2014-11-03 23:15:08 +03:00
|
|
|
boolean_t largeblockok;
|
2014-06-06 01:19:08 +04:00
|
|
|
boolean_t embedok;
|
2016-07-11 20:45:52 +03:00
|
|
|
boolean_t compressok;
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
boolean_t rawok;
|
2016-01-07 00:22:48 +03:00
|
|
|
uint64_t resumeobj = 0;
|
|
|
|
uint64_t resumeoff = 0;
|
2013-08-28 15:45:09 +04:00
|
|
|
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
fd = fnvlist_lookup_int32(innvl, "fd");
|
2013-08-28 15:45:09 +04:00
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
(void) nvlist_lookup_string(innvl, "fromsnap", &fromname);
|
2013-08-28 15:45:09 +04:00
|
|
|
|
2014-11-03 23:15:08 +03:00
|
|
|
largeblockok = nvlist_exists(innvl, "largeblockok");
|
2014-06-06 01:19:08 +04:00
|
|
|
embedok = nvlist_exists(innvl, "embedok");
|
2016-07-11 20:45:52 +03:00
|
|
|
compressok = nvlist_exists(innvl, "compressok");
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
rawok = nvlist_exists(innvl, "rawok");
|
2014-06-06 01:19:08 +04:00
|
|
|
|
2016-01-07 00:22:48 +03:00
|
|
|
(void) nvlist_lookup_uint64(innvl, "resume_object", &resumeobj);
|
|
|
|
(void) nvlist_lookup_uint64(innvl, "resume_offset", &resumeoff);
|
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
if ((fp = getf(fd)) == NULL)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EBADF));
|
2013-08-28 15:45:09 +04:00
|
|
|
|
|
|
|
off = fp->f_offset;
|
2016-07-11 20:45:52 +03:00
|
|
|
error = dmu_send(snapname, fromname, embedok, largeblockok, compressok,
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
rawok, fd, resumeobj, resumeoff, fp->f_vnode, &off);
|
2013-08-28 15:45:09 +04:00
|
|
|
|
|
|
|
if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
|
|
|
|
fp->f_offset = off;
|
2013-09-04 16:00:57 +04:00
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
releasef(fd);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Determine approximately how large a zfs send stream will be -- the number
|
|
|
|
* of bytes that will be written to the fd supplied to zfs_ioc_send_new().
|
|
|
|
*
|
|
|
|
* innvl: {
|
2015-04-08 21:37:13 +03:00
|
|
|
* (optional) "from" -> full snap or bookmark name to send an incremental
|
|
|
|
* from
|
2016-07-11 20:45:52 +03:00
|
|
|
* (optional) "largeblockok" -> (value ignored)
|
|
|
|
* indicates that blocks > 128KB are permitted
|
|
|
|
* (optional) "embedok" -> (value ignored)
|
|
|
|
* presence indicates DRR_WRITE_EMBEDDED records are permitted
|
|
|
|
* (optional) "compressok" -> (value ignored)
|
|
|
|
* presence indicates compressed DRR_WRITE records are permitted
|
2017-08-31 19:00:35 +03:00
|
|
|
* (optional) "rawok" -> (value ignored)
|
|
|
|
* presence indicates raw encrypted records should be used.
|
2013-08-28 15:45:09 +04:00
|
|
|
* }
|
|
|
|
*
|
|
|
|
* outnvl: {
|
|
|
|
* "space" -> bytes of space (uint64)
|
|
|
|
* }
|
|
|
|
*/
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
static const zfs_ioc_key_t zfs_keys_send_space[] = {
|
|
|
|
{"from", DATA_TYPE_STRING, ZK_OPTIONAL},
|
|
|
|
{"fromsnap", DATA_TYPE_STRING, ZK_OPTIONAL},
|
|
|
|
{"largeblockok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
|
|
|
|
{"embedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
|
|
|
|
{"compressok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
|
|
|
|
{"rawok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
|
|
|
|
};
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
static int
|
|
|
|
zfs_ioc_send_space(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
|
|
|
|
{
|
2013-09-04 16:00:57 +04:00
|
|
|
dsl_pool_t *dp;
|
|
|
|
dsl_dataset_t *tosnap;
|
2013-08-28 15:45:09 +04:00
|
|
|
int error;
|
|
|
|
char *fromname;
|
2016-07-11 20:45:52 +03:00
|
|
|
boolean_t compressok;
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
boolean_t rawok;
|
2013-08-28 15:45:09 +04:00
|
|
|
uint64_t space;
|
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
error = dsl_pool_hold(snapname, FTAG, &dp);
|
|
|
|
if (error != 0)
|
2013-08-28 15:45:09 +04:00
|
|
|
return (error);
|
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
error = dsl_dataset_hold(dp, snapname, FTAG, &tosnap);
|
|
|
|
if (error != 0) {
|
|
|
|
dsl_pool_rele(dp, FTAG);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2016-07-11 20:45:52 +03:00
|
|
|
compressok = nvlist_exists(innvl, "compressok");
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
rawok = nvlist_exists(innvl, "rawok");
|
2016-07-11 20:45:52 +03:00
|
|
|
|
2015-04-08 21:37:13 +03:00
|
|
|
error = nvlist_lookup_string(innvl, "from", &fromname);
|
2013-08-28 15:45:09 +04:00
|
|
|
if (error == 0) {
|
2015-04-08 21:37:13 +03:00
|
|
|
if (strchr(fromname, '@') != NULL) {
|
|
|
|
/*
|
|
|
|
* If from is a snapshot, hold it and use the more
|
|
|
|
* efficient dmu_send_estimate to estimate send space
|
|
|
|
* size using deadlists.
|
|
|
|
*/
|
|
|
|
dsl_dataset_t *fromsnap;
|
|
|
|
error = dsl_dataset_hold(dp, fromname, FTAG, &fromsnap);
|
|
|
|
if (error != 0)
|
|
|
|
goto out;
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
error = dmu_send_estimate(tosnap, fromsnap,
|
|
|
|
compressok || rawok, &space);
|
2015-04-08 21:37:13 +03:00
|
|
|
dsl_dataset_rele(fromsnap, FTAG);
|
|
|
|
} else if (strchr(fromname, '#') != NULL) {
|
|
|
|
/*
|
|
|
|
* If from is a bookmark, fetch the creation TXG of the
|
|
|
|
* snapshot it was created from and use that to find
|
|
|
|
* blocks that were born after it.
|
|
|
|
*/
|
|
|
|
zfs_bookmark_phys_t frombm;
|
|
|
|
|
|
|
|
error = dsl_bookmark_lookup(dp, fromname, tosnap,
|
|
|
|
&frombm);
|
|
|
|
if (error != 0)
|
|
|
|
goto out;
|
|
|
|
error = dmu_send_estimate_from_txg(tosnap,
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
frombm.zbm_creation_txg, compressok || rawok,
|
|
|
|
&space);
|
2015-04-08 21:37:13 +03:00
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* from is not properly formatted as a snapshot or
|
|
|
|
* bookmark
|
|
|
|
*/
|
|
|
|
error = SET_ERROR(EINVAL);
|
|
|
|
goto out;
|
2013-08-28 15:45:09 +04:00
|
|
|
}
|
2015-04-08 21:37:13 +03:00
|
|
|
} else {
|
2017-11-08 20:09:45 +03:00
|
|
|
/*
|
|
|
|
* If estimating the size of a full send, use dmu_send_estimate.
|
|
|
|
*/
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
error = dmu_send_estimate(tosnap, NULL, compressok || rawok,
|
|
|
|
&space);
|
2013-08-28 15:45:09 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
fnvlist_add_uint64(outnvl, "space", space);
|
|
|
|
|
2015-04-08 21:37:13 +03:00
|
|
|
out:
|
2013-09-04 16:00:57 +04:00
|
|
|
dsl_dataset_rele(tosnap, FTAG);
|
|
|
|
dsl_pool_rele(dp, FTAG);
|
2013-08-28 15:45:09 +04:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2017-05-19 22:33:11 +03:00
|
|
|
/*
|
|
|
|
* Sync the currently open TXG to disk for the specified pool.
|
|
|
|
* This is somewhat similar to 'zfs_sync()'.
|
|
|
|
* For cases that do not result in error this ioctl will wait for
|
|
|
|
* the currently open TXG to commit before returning back to the caller.
|
|
|
|
*
|
|
|
|
* innvl: {
|
|
|
|
* "force" -> when true, force uberblock update even if there is no dirty data.
|
|
|
|
* In addition this will cause the vdev configuration to be written
|
|
|
|
* out including updating the zpool cache file. (boolean_t)
|
|
|
|
* }
|
|
|
|
*
|
|
|
|
* onvl is unused
|
|
|
|
*/
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
static const zfs_ioc_key_t zfs_keys_pool_sync[] = {
|
|
|
|
{"force", DATA_TYPE_BOOLEAN_VALUE, 0},
|
|
|
|
};
|
|
|
|
|
2017-05-19 22:33:11 +03:00
|
|
|
/* ARGSUSED */
|
|
|
|
static int
|
|
|
|
zfs_ioc_pool_sync(const char *pool, nvlist_t *innvl, nvlist_t *onvl)
|
|
|
|
{
|
|
|
|
int err;
|
2017-08-21 23:11:11 +03:00
|
|
|
boolean_t force = B_FALSE;
|
2017-05-19 22:33:11 +03:00
|
|
|
spa_t *spa;
|
|
|
|
|
|
|
|
if ((err = spa_open(pool, &spa, FTAG)) != 0)
|
|
|
|
return (err);
|
|
|
|
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
if (innvl)
|
|
|
|
force = fnvlist_lookup_boolean_value(innvl, "force");
|
2017-08-21 23:11:11 +03:00
|
|
|
|
2017-05-19 22:33:11 +03:00
|
|
|
if (force) {
|
|
|
|
spa_config_enter(spa, SCL_CONFIG, FTAG, RW_WRITER);
|
|
|
|
vdev_config_dirty(spa->spa_root_vdev);
|
|
|
|
spa_config_exit(spa, SCL_CONFIG, FTAG);
|
|
|
|
}
|
|
|
|
txg_wait_synced(spa_get_dsl(spa), 0);
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
|
2017-05-19 22:33:11 +03:00
|
|
|
spa_close(spa, FTAG);
|
|
|
|
|
|
|
|
return (err);
|
|
|
|
}
|
|
|
|
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
/*
|
|
|
|
* Load a user's wrapping key into the kernel.
|
|
|
|
* innvl: {
|
|
|
|
* "hidden_args" -> { "wkeydata" -> value }
|
|
|
|
* raw uint8_t array of encryption wrapping key data (32 bytes)
|
|
|
|
* (optional) "noop" -> (value ignored)
|
|
|
|
* presence indicated key should only be verified, not loaded
|
|
|
|
* }
|
|
|
|
*/
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
static const zfs_ioc_key_t zfs_keys_load_key[] = {
|
|
|
|
{"hidden_args", DATA_TYPE_NVLIST, 0},
|
|
|
|
{"noop", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
|
|
|
|
};
|
|
|
|
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
/* ARGSUSED */
|
|
|
|
static int
|
|
|
|
zfs_ioc_load_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl)
|
|
|
|
{
|
|
|
|
int ret;
|
|
|
|
dsl_crypto_params_t *dcp = NULL;
|
|
|
|
nvlist_t *hidden_args;
|
|
|
|
boolean_t noop = nvlist_exists(innvl, "noop");
|
|
|
|
|
|
|
|
if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) {
|
|
|
|
ret = SET_ERROR(EINVAL);
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
hidden_args = fnvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS);
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
|
|
|
|
ret = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, NULL,
|
|
|
|
hidden_args, &dcp);
|
|
|
|
if (ret != 0)
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
ret = spa_keystore_load_wkey(dsname, dcp, noop);
|
|
|
|
if (ret != 0)
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
dsl_crypto_params_free(dcp, noop);
|
|
|
|
|
|
|
|
return (0);
|
|
|
|
|
|
|
|
error:
|
|
|
|
dsl_crypto_params_free(dcp, B_TRUE);
|
|
|
|
return (ret);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Unload a user's wrapping key from the kernel.
|
|
|
|
* Both innvl and outnvl are unused.
|
|
|
|
*/
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
static const zfs_ioc_key_t zfs_keys_unload_key[] = {
|
|
|
|
/* no nvl keys */
|
|
|
|
};
|
|
|
|
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
/* ARGSUSED */
|
|
|
|
static int
|
|
|
|
zfs_ioc_unload_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl)
|
|
|
|
{
|
|
|
|
int ret = 0;
|
|
|
|
|
|
|
|
if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) {
|
|
|
|
ret = (SET_ERROR(EINVAL));
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = spa_keystore_unload_wkey(dsname);
|
|
|
|
if (ret != 0)
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
out:
|
|
|
|
return (ret);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Changes a user's wrapping key used to decrypt a dataset. The keyformat,
|
|
|
|
* keylocation, pbkdf2salt, and pbkdf2iters properties can also be specified
|
|
|
|
* here to change how the key is derived in userspace.
|
|
|
|
*
|
|
|
|
* innvl: {
|
|
|
|
* "hidden_args" (optional) -> { "wkeydata" -> value }
|
|
|
|
* raw uint8_t array of new encryption wrapping key data (32 bytes)
|
|
|
|
* "props" (optional) -> { prop -> value }
|
|
|
|
* }
|
|
|
|
*
|
|
|
|
* outnvl is unused
|
|
|
|
*/
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
static const zfs_ioc_key_t zfs_keys_change_key[] = {
|
|
|
|
{"crypt_cmd", DATA_TYPE_UINT64, ZK_OPTIONAL},
|
|
|
|
{"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
|
|
|
|
{"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
|
|
|
|
};
|
|
|
|
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
/* ARGSUSED */
|
|
|
|
static int
|
|
|
|
zfs_ioc_change_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl)
|
|
|
|
{
|
|
|
|
int ret;
|
|
|
|
uint64_t cmd = DCP_CMD_NONE;
|
|
|
|
dsl_crypto_params_t *dcp = NULL;
|
|
|
|
nvlist_t *args = NULL, *hidden_args = NULL;
|
|
|
|
|
|
|
|
if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) {
|
|
|
|
ret = (SET_ERROR(EINVAL));
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
|
|
|
(void) nvlist_lookup_uint64(innvl, "crypt_cmd", &cmd);
|
|
|
|
(void) nvlist_lookup_nvlist(innvl, "props", &args);
|
|
|
|
(void) nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args);
|
|
|
|
|
|
|
|
ret = dsl_crypto_params_create_nvlist(cmd, args, hidden_args, &dcp);
|
|
|
|
if (ret != 0)
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
ret = spa_keystore_change_key(dsname, dcp);
|
|
|
|
if (ret != 0)
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
dsl_crypto_params_free(dcp, B_FALSE);
|
|
|
|
|
|
|
|
return (0);
|
|
|
|
|
|
|
|
error:
|
|
|
|
dsl_crypto_params_free(dcp, B_TRUE);
|
|
|
|
return (ret);
|
|
|
|
}
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
static zfs_ioc_vec_t zfs_ioc_vec[ZFS_IOC_LAST - ZFS_IOC_FIRST];
|
|
|
|
|
|
|
|
static void
|
|
|
|
zfs_ioctl_register_legacy(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
|
|
|
|
zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
|
|
|
|
boolean_t log_history, zfs_ioc_poolcheck_t pool_check)
|
|
|
|
{
|
|
|
|
zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
|
|
|
|
|
|
|
|
ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
|
|
|
|
ASSERT3U(ioc, <, ZFS_IOC_LAST);
|
|
|
|
ASSERT3P(vec->zvec_legacy_func, ==, NULL);
|
|
|
|
ASSERT3P(vec->zvec_func, ==, NULL);
|
|
|
|
|
|
|
|
vec->zvec_legacy_func = func;
|
|
|
|
vec->zvec_secpolicy = secpolicy;
|
|
|
|
vec->zvec_namecheck = namecheck;
|
|
|
|
vec->zvec_allow_log = log_history;
|
|
|
|
vec->zvec_pool_check = pool_check;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* See the block comment at the beginning of this file for details on
|
|
|
|
* each argument to this function.
|
|
|
|
*/
|
|
|
|
static void
|
|
|
|
zfs_ioctl_register(const char *name, zfs_ioc_t ioc, zfs_ioc_func_t *func,
|
|
|
|
zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
|
|
|
|
zfs_ioc_poolcheck_t pool_check, boolean_t smush_outnvlist,
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
boolean_t allow_log, const zfs_ioc_key_t *nvl_keys, size_t num_keys)
|
2013-08-28 15:45:09 +04:00
|
|
|
{
|
|
|
|
zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
|
|
|
|
|
|
|
|
ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
|
|
|
|
ASSERT3U(ioc, <, ZFS_IOC_LAST);
|
|
|
|
ASSERT3P(vec->zvec_legacy_func, ==, NULL);
|
|
|
|
ASSERT3P(vec->zvec_func, ==, NULL);
|
|
|
|
|
|
|
|
/* if we are logging, the name must be valid */
|
|
|
|
ASSERT(!allow_log || namecheck != NO_NAME);
|
|
|
|
|
|
|
|
vec->zvec_name = name;
|
|
|
|
vec->zvec_func = func;
|
|
|
|
vec->zvec_secpolicy = secpolicy;
|
|
|
|
vec->zvec_namecheck = namecheck;
|
|
|
|
vec->zvec_pool_check = pool_check;
|
|
|
|
vec->zvec_smush_outnvlist = smush_outnvlist;
|
|
|
|
vec->zvec_allow_log = allow_log;
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
vec->zvec_nvl_keys = nvl_keys;
|
|
|
|
vec->zvec_nvl_key_count = num_keys;
|
2013-08-28 15:45:09 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
zfs_ioctl_register_pool(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
|
|
|
|
zfs_secpolicy_func_t *secpolicy, boolean_t log_history,
|
|
|
|
zfs_ioc_poolcheck_t pool_check)
|
|
|
|
{
|
|
|
|
zfs_ioctl_register_legacy(ioc, func, secpolicy,
|
|
|
|
POOL_NAME, log_history, pool_check);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
|
|
|
|
zfs_secpolicy_func_t *secpolicy, zfs_ioc_poolcheck_t pool_check)
|
|
|
|
{
|
|
|
|
zfs_ioctl_register_legacy(ioc, func, secpolicy,
|
|
|
|
DATASET_NAME, B_FALSE, pool_check);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
zfs_ioctl_register_pool_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
|
|
|
|
{
|
|
|
|
zfs_ioctl_register_legacy(ioc, func, zfs_secpolicy_config,
|
|
|
|
POOL_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
zfs_ioctl_register_pool_meta(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
|
|
|
|
zfs_secpolicy_func_t *secpolicy)
|
|
|
|
{
|
|
|
|
zfs_ioctl_register_legacy(ioc, func, secpolicy,
|
|
|
|
NO_NAME, B_FALSE, POOL_CHECK_NONE);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc,
|
|
|
|
zfs_ioc_legacy_func_t *func, zfs_secpolicy_func_t *secpolicy)
|
|
|
|
{
|
|
|
|
zfs_ioctl_register_legacy(ioc, func, secpolicy,
|
|
|
|
DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
zfs_ioctl_register_dataset_read(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
|
|
|
|
{
|
|
|
|
zfs_ioctl_register_dataset_read_secpolicy(ioc, func,
|
|
|
|
zfs_secpolicy_read);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
|
2017-01-12 20:42:11 +03:00
|
|
|
zfs_secpolicy_func_t *secpolicy)
|
2013-08-28 15:45:09 +04:00
|
|
|
{
|
|
|
|
zfs_ioctl_register_legacy(ioc, func, secpolicy,
|
|
|
|
DATASET_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
zfs_ioctl_init(void)
|
|
|
|
{
|
|
|
|
zfs_ioctl_register("snapshot", ZFS_IOC_SNAPSHOT,
|
|
|
|
zfs_ioc_snapshot, zfs_secpolicy_snapshot, POOL_NAME,
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
|
|
|
|
zfs_keys_snapshot, ARRAY_SIZE(zfs_keys_snapshot));
|
2013-08-28 15:45:09 +04:00
|
|
|
|
|
|
|
zfs_ioctl_register("log_history", ZFS_IOC_LOG_HISTORY,
|
|
|
|
zfs_ioc_log_history, zfs_secpolicy_log_history, NO_NAME,
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
|
|
|
|
zfs_keys_log_history, ARRAY_SIZE(zfs_keys_log_history));
|
2013-08-28 15:45:09 +04:00
|
|
|
|
|
|
|
zfs_ioctl_register("space_snaps", ZFS_IOC_SPACE_SNAPS,
|
|
|
|
zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME,
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
|
|
|
|
zfs_keys_space_snaps, ARRAY_SIZE(zfs_keys_space_snaps));
|
2013-08-28 15:45:09 +04:00
|
|
|
|
|
|
|
zfs_ioctl_register("send", ZFS_IOC_SEND_NEW,
|
|
|
|
zfs_ioc_send_new, zfs_secpolicy_send_new, DATASET_NAME,
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
|
|
|
|
zfs_keys_send_new, ARRAY_SIZE(zfs_keys_send_new));
|
2013-08-28 15:45:09 +04:00
|
|
|
|
|
|
|
zfs_ioctl_register("send_space", ZFS_IOC_SEND_SPACE,
|
|
|
|
zfs_ioc_send_space, zfs_secpolicy_read, DATASET_NAME,
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
|
|
|
|
zfs_keys_send_space, ARRAY_SIZE(zfs_keys_send_space));
|
2013-08-28 15:45:09 +04:00
|
|
|
|
|
|
|
zfs_ioctl_register("create", ZFS_IOC_CREATE,
|
|
|
|
zfs_ioc_create, zfs_secpolicy_create_clone, DATASET_NAME,
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
|
|
|
|
zfs_keys_create, ARRAY_SIZE(zfs_keys_create));
|
2013-08-28 15:45:09 +04:00
|
|
|
|
|
|
|
zfs_ioctl_register("clone", ZFS_IOC_CLONE,
|
|
|
|
zfs_ioc_clone, zfs_secpolicy_create_clone, DATASET_NAME,
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
|
|
|
|
zfs_keys_clone, ARRAY_SIZE(zfs_keys_clone));
|
2013-08-28 15:45:09 +04:00
|
|
|
|
OpenZFS 7614, 9064 - zfs device evacuation/removal
OpenZFS 7614 - zfs device evacuation/removal
OpenZFS 9064 - remove_mirror should wait for device removal to complete
This project allows top-level vdevs to be removed from the storage pool
with "zpool remove", reducing the total amount of storage in the pool.
This operation copies all allocated regions of the device to be removed
onto other devices, recording the mapping from old to new location.
After the removal is complete, read and free operations to the removed
(now "indirect") vdev must be remapped and performed at the new location
on disk. The indirect mapping table is kept in memory whenever the pool
is loaded, so there is minimal performance overhead when doing operations
on the indirect vdev.
The size of the in-memory mapping table will be reduced when its entries
become "obsolete" because they are no longer used by any block pointers
in the pool. An entry becomes obsolete when all the blocks that use
it are freed. An entry can also become obsolete when all the snapshots
that reference it are deleted, and the block pointers that reference it
have been "remapped" in all filesystems/zvols (and clones). Whenever an
indirect block is written, all the block pointers in it will be "remapped"
to their new (concrete) locations if possible. This process can be
accelerated by using the "zfs remap" command to proactively rewrite all
indirect blocks that reference indirect (removed) vdevs.
Note that when a device is removed, we do not verify the checksum of
the data that is copied. This makes the process much faster, but if it
were used on redundant vdevs (i.e. mirror or raidz vdevs), it would be
possible to copy the wrong data, when we have the correct data on e.g.
the other side of the mirror.
At the moment, only mirrors and simple top-level vdevs can be removed
and no removal is allowed if any of the top-level vdevs are raidz.
Porting Notes:
* Avoid zero-sized kmem_alloc() in vdev_compact_children().
The device evacuation code adds a dependency that
vdev_compact_children() be able to properly empty the vdev_child
array by setting it to NULL and zeroing vdev_children. Under Linux,
kmem_alloc() and related functions return a sentinel pointer rather
than NULL for zero-sized allocations.
* Remove comment regarding "mpt" driver where zfs_remove_max_segment
is initialized to SPA_MAXBLOCKSIZE.
Change zfs_condense_indirect_commit_entry_delay_ticks to
zfs_condense_indirect_commit_entry_delay_ms for consistency with
most other tunables in which delays are specified in ms.
* ZTS changes:
Use set_tunable rather than mdb
Use zpool sync as appropriate
Use sync_pool instead of sync
Kill jobs during test_removal_with_operation to allow unmount/export
Don't add non-disk names such as "mirror" or "raidz" to $DISKS
Use $TEST_BASE_DIR instead of /tmp
Increase HZ from 100 to 1000 which is more common on Linux
removal_multiple_indirection.ksh
Reduce iterations in order to not time out on the code
coverage builders.
removal_resume_export:
Functionally, the test case is correct but there exists a race
where the kernel thread hasn't been fully started yet and is
not visible. Wait for up to 1 second for the removal thread
to be started before giving up on it. Also, increase the
amount of data copied in order that the removal not finish
before the export has a chance to fail.
* MMP compatibility, the concept of concrete versus non-concrete devices
has slightly changed the semantics of vdev_writeable(). Update
mmp_random_leaf_impl() accordingly.
* Updated dbuf_remap() to handle the org.zfsonlinux:large_dnode pool
feature which is not supported by OpenZFS.
* Added support for new vdev removal tracepoints.
* Test cases removal_with_zdb and removal_condense_export have been
intentionally disabled. When run manually they pass as intended,
but when running in the automated test environment they produce
unreliable results on the latest Fedora release.
They may work better once the upstream pool import refectoring is
merged into ZoL at which point they will be re-enabled.
Authored by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Alex Reece <alex@delphix.com>
Reviewed-by: George Wilson <george.wilson@delphix.com>
Reviewed-by: John Kennedy <john.kennedy@delphix.com>
Reviewed-by: Prakash Surya <prakash.surya@delphix.com>
Reviewed by: Richard Laager <rlaager@wiktel.com>
Reviewed by: Tim Chase <tim@chase2k.com>
Reviewed by: Brian Behlendorf <behlendorf1@llnl.gov>
Approved by: Garrett D'Amore <garrett@damore.org>
Ported-by: Tim Chase <tim@chase2k.com>
Signed-off-by: Tim Chase <tim@chase2k.com>
OpenZFS-issue: https://www.illumos.org/issues/7614
OpenZFS-commit: https://github.com/openzfs/openzfs/commit/f539f1eb
Closes #6900
2016-09-22 19:30:13 +03:00
|
|
|
zfs_ioctl_register("remap", ZFS_IOC_REMAP,
|
|
|
|
zfs_ioc_remap, zfs_secpolicy_remap, DATASET_NAME,
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE,
|
|
|
|
zfs_keys_remap, ARRAY_SIZE(zfs_keys_remap));
|
OpenZFS 7614, 9064 - zfs device evacuation/removal
OpenZFS 7614 - zfs device evacuation/removal
OpenZFS 9064 - remove_mirror should wait for device removal to complete
This project allows top-level vdevs to be removed from the storage pool
with "zpool remove", reducing the total amount of storage in the pool.
This operation copies all allocated regions of the device to be removed
onto other devices, recording the mapping from old to new location.
After the removal is complete, read and free operations to the removed
(now "indirect") vdev must be remapped and performed at the new location
on disk. The indirect mapping table is kept in memory whenever the pool
is loaded, so there is minimal performance overhead when doing operations
on the indirect vdev.
The size of the in-memory mapping table will be reduced when its entries
become "obsolete" because they are no longer used by any block pointers
in the pool. An entry becomes obsolete when all the blocks that use
it are freed. An entry can also become obsolete when all the snapshots
that reference it are deleted, and the block pointers that reference it
have been "remapped" in all filesystems/zvols (and clones). Whenever an
indirect block is written, all the block pointers in it will be "remapped"
to their new (concrete) locations if possible. This process can be
accelerated by using the "zfs remap" command to proactively rewrite all
indirect blocks that reference indirect (removed) vdevs.
Note that when a device is removed, we do not verify the checksum of
the data that is copied. This makes the process much faster, but if it
were used on redundant vdevs (i.e. mirror or raidz vdevs), it would be
possible to copy the wrong data, when we have the correct data on e.g.
the other side of the mirror.
At the moment, only mirrors and simple top-level vdevs can be removed
and no removal is allowed if any of the top-level vdevs are raidz.
Porting Notes:
* Avoid zero-sized kmem_alloc() in vdev_compact_children().
The device evacuation code adds a dependency that
vdev_compact_children() be able to properly empty the vdev_child
array by setting it to NULL and zeroing vdev_children. Under Linux,
kmem_alloc() and related functions return a sentinel pointer rather
than NULL for zero-sized allocations.
* Remove comment regarding "mpt" driver where zfs_remove_max_segment
is initialized to SPA_MAXBLOCKSIZE.
Change zfs_condense_indirect_commit_entry_delay_ticks to
zfs_condense_indirect_commit_entry_delay_ms for consistency with
most other tunables in which delays are specified in ms.
* ZTS changes:
Use set_tunable rather than mdb
Use zpool sync as appropriate
Use sync_pool instead of sync
Kill jobs during test_removal_with_operation to allow unmount/export
Don't add non-disk names such as "mirror" or "raidz" to $DISKS
Use $TEST_BASE_DIR instead of /tmp
Increase HZ from 100 to 1000 which is more common on Linux
removal_multiple_indirection.ksh
Reduce iterations in order to not time out on the code
coverage builders.
removal_resume_export:
Functionally, the test case is correct but there exists a race
where the kernel thread hasn't been fully started yet and is
not visible. Wait for up to 1 second for the removal thread
to be started before giving up on it. Also, increase the
amount of data copied in order that the removal not finish
before the export has a chance to fail.
* MMP compatibility, the concept of concrete versus non-concrete devices
has slightly changed the semantics of vdev_writeable(). Update
mmp_random_leaf_impl() accordingly.
* Updated dbuf_remap() to handle the org.zfsonlinux:large_dnode pool
feature which is not supported by OpenZFS.
* Added support for new vdev removal tracepoints.
* Test cases removal_with_zdb and removal_condense_export have been
intentionally disabled. When run manually they pass as intended,
but when running in the automated test environment they produce
unreliable results on the latest Fedora release.
They may work better once the upstream pool import refectoring is
merged into ZoL at which point they will be re-enabled.
Authored by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Alex Reece <alex@delphix.com>
Reviewed-by: George Wilson <george.wilson@delphix.com>
Reviewed-by: John Kennedy <john.kennedy@delphix.com>
Reviewed-by: Prakash Surya <prakash.surya@delphix.com>
Reviewed by: Richard Laager <rlaager@wiktel.com>
Reviewed by: Tim Chase <tim@chase2k.com>
Reviewed by: Brian Behlendorf <behlendorf1@llnl.gov>
Approved by: Garrett D'Amore <garrett@damore.org>
Ported-by: Tim Chase <tim@chase2k.com>
Signed-off-by: Tim Chase <tim@chase2k.com>
OpenZFS-issue: https://www.illumos.org/issues/7614
OpenZFS-commit: https://github.com/openzfs/openzfs/commit/f539f1eb
Closes #6900
2016-09-22 19:30:13 +03:00
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
zfs_ioctl_register("destroy_snaps", ZFS_IOC_DESTROY_SNAPS,
|
|
|
|
zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, POOL_NAME,
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
|
|
|
|
zfs_keys_destroy_snaps, ARRAY_SIZE(zfs_keys_destroy_snaps));
|
2013-08-28 15:45:09 +04:00
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
zfs_ioctl_register("hold", ZFS_IOC_HOLD,
|
|
|
|
zfs_ioc_hold, zfs_secpolicy_hold, POOL_NAME,
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
|
|
|
|
zfs_keys_hold, ARRAY_SIZE(zfs_keys_hold));
|
2013-09-04 16:00:57 +04:00
|
|
|
zfs_ioctl_register("release", ZFS_IOC_RELEASE,
|
|
|
|
zfs_ioc_release, zfs_secpolicy_release, POOL_NAME,
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
|
|
|
|
zfs_keys_release, ARRAY_SIZE(zfs_keys_release));
|
2013-09-04 16:00:57 +04:00
|
|
|
|
|
|
|
zfs_ioctl_register("get_holds", ZFS_IOC_GET_HOLDS,
|
|
|
|
zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME,
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
|
|
|
|
zfs_keys_get_holds, ARRAY_SIZE(zfs_keys_get_holds));
|
2013-09-04 16:00:57 +04:00
|
|
|
|
2013-08-14 23:42:31 +04:00
|
|
|
zfs_ioctl_register("rollback", ZFS_IOC_ROLLBACK,
|
|
|
|
zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME,
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE,
|
|
|
|
zfs_keys_rollback, ARRAY_SIZE(zfs_keys_rollback));
|
2013-08-14 23:42:31 +04:00
|
|
|
|
2013-12-12 02:33:41 +04:00
|
|
|
zfs_ioctl_register("bookmark", ZFS_IOC_BOOKMARK,
|
|
|
|
zfs_ioc_bookmark, zfs_secpolicy_bookmark, POOL_NAME,
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
|
|
|
|
zfs_keys_bookmark, ARRAY_SIZE(zfs_keys_bookmark));
|
2013-12-12 02:33:41 +04:00
|
|
|
|
|
|
|
zfs_ioctl_register("get_bookmarks", ZFS_IOC_GET_BOOKMARKS,
|
|
|
|
zfs_ioc_get_bookmarks, zfs_secpolicy_read, DATASET_NAME,
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
|
|
|
|
zfs_keys_get_bookmarks, ARRAY_SIZE(zfs_keys_get_bookmarks));
|
2013-12-12 02:33:41 +04:00
|
|
|
|
|
|
|
zfs_ioctl_register("destroy_bookmarks", ZFS_IOC_DESTROY_BOOKMARKS,
|
|
|
|
zfs_ioc_destroy_bookmarks, zfs_secpolicy_destroy_bookmarks,
|
|
|
|
POOL_NAME,
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
|
|
|
|
zfs_keys_destroy_bookmarks,
|
|
|
|
ARRAY_SIZE(zfs_keys_destroy_bookmarks));
|
2013-12-12 02:33:41 +04:00
|
|
|
|
2016-06-10 03:04:12 +03:00
|
|
|
zfs_ioctl_register("receive", ZFS_IOC_RECV_NEW,
|
|
|
|
zfs_ioc_recv_new, zfs_secpolicy_recv_new, DATASET_NAME,
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
|
|
|
|
zfs_keys_recv_new, ARRAY_SIZE(zfs_keys_recv_new));
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
zfs_ioctl_register("load-key", ZFS_IOC_LOAD_KEY,
|
|
|
|
zfs_ioc_load_key, zfs_secpolicy_load_key,
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
DATASET_NAME, POOL_CHECK_SUSPENDED, B_TRUE, B_TRUE,
|
|
|
|
zfs_keys_load_key, ARRAY_SIZE(zfs_keys_load_key));
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
zfs_ioctl_register("unload-key", ZFS_IOC_UNLOAD_KEY,
|
|
|
|
zfs_ioc_unload_key, zfs_secpolicy_load_key,
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
DATASET_NAME, POOL_CHECK_SUSPENDED, B_TRUE, B_TRUE,
|
|
|
|
zfs_keys_unload_key, ARRAY_SIZE(zfs_keys_unload_key));
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
zfs_ioctl_register("change-key", ZFS_IOC_CHANGE_KEY,
|
|
|
|
zfs_ioc_change_key, zfs_secpolicy_change_key,
|
|
|
|
DATASET_NAME, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY,
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
B_TRUE, B_TRUE, zfs_keys_change_key,
|
|
|
|
ARRAY_SIZE(zfs_keys_change_key));
|
2016-06-10 03:04:12 +03:00
|
|
|
|
2017-05-19 22:33:11 +03:00
|
|
|
zfs_ioctl_register("sync", ZFS_IOC_POOL_SYNC,
|
|
|
|
zfs_ioc_pool_sync, zfs_secpolicy_none, POOL_NAME,
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
|
|
|
|
zfs_keys_pool_sync, ARRAY_SIZE(zfs_keys_pool_sync));
|
2017-10-26 22:26:09 +03:00
|
|
|
zfs_ioctl_register("reopen", ZFS_IOC_POOL_REOPEN, zfs_ioc_pool_reopen,
|
|
|
|
zfs_secpolicy_config, POOL_NAME, POOL_CHECK_SUSPENDED, B_TRUE,
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
B_TRUE, zfs_keys_pool_reopen, ARRAY_SIZE(zfs_keys_pool_reopen));
|
2017-05-19 22:33:11 +03:00
|
|
|
|
2018-02-08 19:16:23 +03:00
|
|
|
zfs_ioctl_register("channel_program", ZFS_IOC_CHANNEL_PROGRAM,
|
|
|
|
zfs_ioc_channel_program, zfs_secpolicy_config,
|
|
|
|
POOL_NAME, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE,
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
B_TRUE, zfs_keys_channel_program,
|
|
|
|
ARRAY_SIZE(zfs_keys_channel_program));
|
2018-02-08 19:16:23 +03:00
|
|
|
|
2016-12-17 01:11:29 +03:00
|
|
|
zfs_ioctl_register("zpool_checkpoint", ZFS_IOC_POOL_CHECKPOINT,
|
|
|
|
zfs_ioc_pool_checkpoint, zfs_secpolicy_config, POOL_NAME,
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
|
|
|
|
zfs_keys_pool_checkpoint, ARRAY_SIZE(zfs_keys_pool_checkpoint));
|
2016-12-17 01:11:29 +03:00
|
|
|
|
|
|
|
zfs_ioctl_register("zpool_discard_checkpoint",
|
|
|
|
ZFS_IOC_POOL_DISCARD_CHECKPOINT, zfs_ioc_pool_discard_checkpoint,
|
|
|
|
zfs_secpolicy_config, POOL_NAME,
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
|
|
|
|
zfs_keys_pool_discard_checkpoint,
|
|
|
|
ARRAY_SIZE(zfs_keys_pool_discard_checkpoint));
|
2016-12-17 01:11:29 +03:00
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
/* IOCTLS that use the legacy function signature */
|
|
|
|
|
|
|
|
zfs_ioctl_register_legacy(ZFS_IOC_POOL_FREEZE, zfs_ioc_pool_freeze,
|
|
|
|
zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_READONLY);
|
|
|
|
|
|
|
|
zfs_ioctl_register_pool(ZFS_IOC_POOL_CREATE, zfs_ioc_pool_create,
|
|
|
|
zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
|
|
|
|
zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SCAN,
|
|
|
|
zfs_ioc_pool_scan);
|
|
|
|
zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_UPGRADE,
|
|
|
|
zfs_ioc_pool_upgrade);
|
|
|
|
zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ADD,
|
|
|
|
zfs_ioc_vdev_add);
|
|
|
|
zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_REMOVE,
|
|
|
|
zfs_ioc_vdev_remove);
|
|
|
|
zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SET_STATE,
|
|
|
|
zfs_ioc_vdev_set_state);
|
|
|
|
zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ATTACH,
|
|
|
|
zfs_ioc_vdev_attach);
|
|
|
|
zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_DETACH,
|
|
|
|
zfs_ioc_vdev_detach);
|
|
|
|
zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETPATH,
|
|
|
|
zfs_ioc_vdev_setpath);
|
|
|
|
zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETFRU,
|
|
|
|
zfs_ioc_vdev_setfru);
|
|
|
|
zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SET_PROPS,
|
|
|
|
zfs_ioc_pool_set_props);
|
|
|
|
zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SPLIT,
|
|
|
|
zfs_ioc_vdev_split);
|
|
|
|
zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_REGUID,
|
|
|
|
zfs_ioc_pool_reguid);
|
|
|
|
|
|
|
|
zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_CONFIGS,
|
|
|
|
zfs_ioc_pool_configs, zfs_secpolicy_none);
|
|
|
|
zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_TRYIMPORT,
|
|
|
|
zfs_ioc_pool_tryimport, zfs_secpolicy_config);
|
|
|
|
zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_FAULT,
|
|
|
|
zfs_ioc_inject_fault, zfs_secpolicy_inject);
|
|
|
|
zfs_ioctl_register_pool_meta(ZFS_IOC_CLEAR_FAULT,
|
|
|
|
zfs_ioc_clear_fault, zfs_secpolicy_inject);
|
|
|
|
zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_LIST_NEXT,
|
|
|
|
zfs_ioc_inject_list_next, zfs_secpolicy_inject);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* pool destroy, and export don't log the history as part of
|
|
|
|
* zfsdev_ioctl, but rather zfs_ioc_pool_export
|
|
|
|
* does the logging of those commands.
|
|
|
|
*/
|
|
|
|
zfs_ioctl_register_pool(ZFS_IOC_POOL_DESTROY, zfs_ioc_pool_destroy,
|
2015-02-28 01:35:56 +03:00
|
|
|
zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
|
2013-08-28 15:45:09 +04:00
|
|
|
zfs_ioctl_register_pool(ZFS_IOC_POOL_EXPORT, zfs_ioc_pool_export,
|
2015-02-28 01:35:56 +03:00
|
|
|
zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
|
2013-08-28 15:45:09 +04:00
|
|
|
|
|
|
|
zfs_ioctl_register_pool(ZFS_IOC_POOL_STATS, zfs_ioc_pool_stats,
|
|
|
|
zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
|
|
|
|
zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_PROPS, zfs_ioc_pool_get_props,
|
|
|
|
zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
|
|
|
|
|
|
|
|
zfs_ioctl_register_pool(ZFS_IOC_ERROR_LOG, zfs_ioc_error_log,
|
|
|
|
zfs_secpolicy_inject, B_FALSE, POOL_CHECK_SUSPENDED);
|
|
|
|
zfs_ioctl_register_pool(ZFS_IOC_DSOBJ_TO_DSNAME,
|
|
|
|
zfs_ioc_dsobj_to_dsname,
|
|
|
|
zfs_secpolicy_diff, B_FALSE, POOL_CHECK_SUSPENDED);
|
|
|
|
zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_HISTORY,
|
|
|
|
zfs_ioc_pool_get_history,
|
|
|
|
zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
|
|
|
|
|
|
|
|
zfs_ioctl_register_pool(ZFS_IOC_POOL_IMPORT, zfs_ioc_pool_import,
|
|
|
|
zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
|
|
|
|
|
|
|
|
zfs_ioctl_register_pool(ZFS_IOC_CLEAR, zfs_ioc_clear,
|
2017-07-07 20:39:53 +03:00
|
|
|
zfs_secpolicy_config, B_TRUE, POOL_CHECK_READONLY);
|
2013-08-28 15:45:09 +04:00
|
|
|
|
|
|
|
zfs_ioctl_register_dataset_read(ZFS_IOC_SPACE_WRITTEN,
|
|
|
|
zfs_ioc_space_written);
|
|
|
|
zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_RECVD_PROPS,
|
|
|
|
zfs_ioc_objset_recvd_props);
|
|
|
|
zfs_ioctl_register_dataset_read(ZFS_IOC_NEXT_OBJ,
|
|
|
|
zfs_ioc_next_obj);
|
|
|
|
zfs_ioctl_register_dataset_read(ZFS_IOC_GET_FSACL,
|
|
|
|
zfs_ioc_get_fsacl);
|
|
|
|
zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_STATS,
|
|
|
|
zfs_ioc_objset_stats);
|
|
|
|
zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_ZPLPROPS,
|
|
|
|
zfs_ioc_objset_zplprops);
|
|
|
|
zfs_ioctl_register_dataset_read(ZFS_IOC_DATASET_LIST_NEXT,
|
|
|
|
zfs_ioc_dataset_list_next);
|
|
|
|
zfs_ioctl_register_dataset_read(ZFS_IOC_SNAPSHOT_LIST_NEXT,
|
|
|
|
zfs_ioc_snapshot_list_next);
|
|
|
|
zfs_ioctl_register_dataset_read(ZFS_IOC_SEND_PROGRESS,
|
|
|
|
zfs_ioc_send_progress);
|
|
|
|
|
|
|
|
zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_DIFF,
|
|
|
|
zfs_ioc_diff, zfs_secpolicy_diff);
|
|
|
|
zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_STATS,
|
|
|
|
zfs_ioc_obj_to_stats, zfs_secpolicy_diff);
|
|
|
|
zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_PATH,
|
|
|
|
zfs_ioc_obj_to_path, zfs_secpolicy_diff);
|
|
|
|
zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_ONE,
|
|
|
|
zfs_ioc_userspace_one, zfs_secpolicy_userspace_one);
|
|
|
|
zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_MANY,
|
|
|
|
zfs_ioc_userspace_many, zfs_secpolicy_userspace_many);
|
|
|
|
zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_SEND,
|
|
|
|
zfs_ioc_send, zfs_secpolicy_send);
|
|
|
|
|
|
|
|
zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_PROP, zfs_ioc_set_prop,
|
|
|
|
zfs_secpolicy_none);
|
|
|
|
zfs_ioctl_register_dataset_modify(ZFS_IOC_DESTROY, zfs_ioc_destroy,
|
|
|
|
zfs_secpolicy_destroy);
|
|
|
|
zfs_ioctl_register_dataset_modify(ZFS_IOC_RENAME, zfs_ioc_rename,
|
|
|
|
zfs_secpolicy_rename);
|
|
|
|
zfs_ioctl_register_dataset_modify(ZFS_IOC_RECV, zfs_ioc_recv,
|
|
|
|
zfs_secpolicy_recv);
|
|
|
|
zfs_ioctl_register_dataset_modify(ZFS_IOC_PROMOTE, zfs_ioc_promote,
|
|
|
|
zfs_secpolicy_promote);
|
|
|
|
zfs_ioctl_register_dataset_modify(ZFS_IOC_INHERIT_PROP,
|
|
|
|
zfs_ioc_inherit_prop, zfs_secpolicy_inherit_prop);
|
|
|
|
zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_FSACL, zfs_ioc_set_fsacl,
|
|
|
|
zfs_secpolicy_set_fsacl);
|
|
|
|
|
|
|
|
zfs_ioctl_register_dataset_nolog(ZFS_IOC_SHARE, zfs_ioc_share,
|
|
|
|
zfs_secpolicy_share, POOL_CHECK_NONE);
|
|
|
|
zfs_ioctl_register_dataset_nolog(ZFS_IOC_SMB_ACL, zfs_ioc_smb_acl,
|
|
|
|
zfs_secpolicy_smb_acl, POOL_CHECK_NONE);
|
|
|
|
zfs_ioctl_register_dataset_nolog(ZFS_IOC_USERSPACE_UPGRADE,
|
|
|
|
zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade,
|
|
|
|
POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
|
|
|
|
zfs_ioctl_register_dataset_nolog(ZFS_IOC_TMP_SNAPSHOT,
|
|
|
|
zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot,
|
|
|
|
POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
|
|
|
|
|
|
|
|
/*
|
2013-12-07 02:20:22 +04:00
|
|
|
* ZoL functions
|
2013-08-28 15:45:09 +04:00
|
|
|
*/
|
|
|
|
zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_NEXT, zfs_ioc_events_next,
|
|
|
|
zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
|
|
|
|
zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_CLEAR, zfs_ioc_events_clear,
|
|
|
|
zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
|
2013-11-23 02:52:16 +04:00
|
|
|
zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_SEEK, zfs_ioc_events_seek,
|
|
|
|
zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
|
2013-08-28 15:45:09 +04:00
|
|
|
}
|
2008-11-20 23:01:55 +03:00
|
|
|
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
/*
|
|
|
|
* Verify that for non-legacy ioctls the input nvlist
|
|
|
|
* pairs match against the expected input.
|
|
|
|
*
|
|
|
|
* Possible errors are:
|
|
|
|
* ZFS_ERR_IOC_ARG_UNAVAIL An unrecognized nvpair was encountered
|
|
|
|
* ZFS_ERR_IOC_ARG_REQUIRED A required nvpair is missing
|
|
|
|
* ZFS_ERR_IOC_ARG_BADTYPE Invalid type for nvpair
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
zfs_check_input_nvpairs(nvlist_t *innvl, const zfs_ioc_vec_t *vec)
|
|
|
|
{
|
|
|
|
const zfs_ioc_key_t *nvl_keys = vec->zvec_nvl_keys;
|
|
|
|
boolean_t required_keys_found = B_FALSE;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* examine each input pair
|
|
|
|
*/
|
|
|
|
for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL);
|
|
|
|
pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
|
|
|
|
char *name = nvpair_name(pair);
|
|
|
|
data_type_t type = nvpair_type(pair);
|
|
|
|
boolean_t identified = B_FALSE;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* check pair against the documented names and type
|
|
|
|
*/
|
|
|
|
for (int k = 0; k < vec->zvec_nvl_key_count; k++) {
|
|
|
|
/* if not a wild card name, check for an exact match */
|
|
|
|
if ((nvl_keys[k].zkey_flags & ZK_WILDCARDLIST) == 0 &&
|
|
|
|
strcmp(nvl_keys[k].zkey_name, name) != 0)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
identified = B_TRUE;
|
|
|
|
|
|
|
|
if (nvl_keys[k].zkey_type != DATA_TYPE_ANY &&
|
|
|
|
nvl_keys[k].zkey_type != type) {
|
|
|
|
return (SET_ERROR(ZFS_ERR_IOC_ARG_BADTYPE));
|
|
|
|
}
|
|
|
|
|
|
|
|
if (nvl_keys[k].zkey_flags & ZK_OPTIONAL)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
required_keys_found = B_TRUE;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* allow an 'optional' key, everything else is invalid */
|
|
|
|
if (!identified &&
|
|
|
|
(strcmp(name, "optional") != 0 ||
|
|
|
|
type != DATA_TYPE_NVLIST)) {
|
|
|
|
return (SET_ERROR(ZFS_ERR_IOC_ARG_UNAVAIL));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* verify that all required keys were found */
|
|
|
|
for (int k = 0; k < vec->zvec_nvl_key_count; k++) {
|
|
|
|
if (nvl_keys[k].zkey_flags & ZK_OPTIONAL)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
if (nvl_keys[k].zkey_flags & ZK_WILDCARDLIST) {
|
|
|
|
/* at least one non-optionial key is expected here */
|
|
|
|
if (!required_keys_found)
|
|
|
|
return (SET_ERROR(ZFS_ERR_IOC_ARG_REQUIRED));
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!nvlist_exists(innvl, nvl_keys[k].zkey_name))
|
|
|
|
return (SET_ERROR(ZFS_ERR_IOC_ARG_REQUIRED));
|
|
|
|
}
|
|
|
|
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
2009-07-03 02:44:48 +04:00
|
|
|
int
|
2010-08-27 01:24:34 +04:00
|
|
|
pool_status_check(const char *name, zfs_ioc_namecheck_t type,
|
|
|
|
zfs_ioc_poolcheck_t check)
|
2009-07-03 02:44:48 +04:00
|
|
|
{
|
|
|
|
spa_t *spa;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
ASSERT(type == POOL_NAME || type == DATASET_NAME);
|
|
|
|
|
2010-08-27 01:24:34 +04:00
|
|
|
if (check & POOL_CHECK_NONE)
|
|
|
|
return (0);
|
|
|
|
|
2009-07-03 02:44:48 +04:00
|
|
|
error = spa_open(name, &spa, FTAG);
|
|
|
|
if (error == 0) {
|
2010-08-27 01:24:34 +04:00
|
|
|
if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa))
|
2013-03-08 22:41:28 +04:00
|
|
|
error = SET_ERROR(EAGAIN);
|
2010-08-27 01:24:34 +04:00
|
|
|
else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa))
|
2013-03-08 22:41:28 +04:00
|
|
|
error = SET_ERROR(EROFS);
|
2009-07-03 02:44:48 +04:00
|
|
|
spa_close(spa, FTAG);
|
|
|
|
}
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2010-08-26 22:44:39 +04:00
|
|
|
static void *
|
|
|
|
zfsdev_get_state_impl(minor_t minor, enum zfsdev_state_type which)
|
|
|
|
{
|
|
|
|
zfsdev_state_t *zs;
|
|
|
|
|
2014-05-08 18:51:01 +04:00
|
|
|
for (zs = zfsdev_state_list; zs != NULL; zs = zs->zs_next) {
|
2010-08-26 22:44:39 +04:00
|
|
|
if (zs->zs_minor == minor) {
|
2014-05-08 18:51:01 +04:00
|
|
|
smp_rmb();
|
2010-08-26 22:44:39 +04:00
|
|
|
switch (which) {
|
2013-11-01 23:26:11 +04:00
|
|
|
case ZST_ONEXIT:
|
|
|
|
return (zs->zs_onexit);
|
|
|
|
case ZST_ZEVENT:
|
|
|
|
return (zs->zs_zevent);
|
|
|
|
case ZST_ALL:
|
|
|
|
return (zs);
|
2010-08-26 22:44:39 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-11-01 23:26:11 +04:00
|
|
|
return (NULL);
|
2010-08-26 22:44:39 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
void *
|
|
|
|
zfsdev_get_state(minor_t minor, enum zfsdev_state_type which)
|
|
|
|
{
|
|
|
|
void *ptr;
|
|
|
|
|
|
|
|
ptr = zfsdev_get_state_impl(minor, which);
|
|
|
|
|
2013-11-01 23:26:11 +04:00
|
|
|
return (ptr);
|
2010-08-26 22:44:39 +04:00
|
|
|
}
|
|
|
|
|
2015-04-16 16:20:02 +03:00
|
|
|
int
|
|
|
|
zfsdev_getminor(struct file *filp, minor_t *minorp)
|
2010-08-26 22:44:39 +04:00
|
|
|
{
|
2015-04-16 16:20:02 +03:00
|
|
|
zfsdev_state_t *zs, *fpd;
|
|
|
|
|
2010-08-26 22:44:39 +04:00
|
|
|
ASSERT(filp != NULL);
|
2015-04-16 16:20:02 +03:00
|
|
|
ASSERT(!MUTEX_HELD(&zfsdev_state_lock));
|
|
|
|
|
|
|
|
fpd = filp->private_data;
|
|
|
|
if (fpd == NULL)
|
2017-08-03 07:16:12 +03:00
|
|
|
return (SET_ERROR(EBADF));
|
2015-04-16 16:20:02 +03:00
|
|
|
|
|
|
|
mutex_enter(&zfsdev_state_lock);
|
|
|
|
|
|
|
|
for (zs = zfsdev_state_list; zs != NULL; zs = zs->zs_next) {
|
|
|
|
|
|
|
|
if (zs->zs_minor == -1)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
if (fpd == zs) {
|
|
|
|
*minorp = fpd->zs_minor;
|
|
|
|
mutex_exit(&zfsdev_state_lock);
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
mutex_exit(&zfsdev_state_lock);
|
2010-08-26 22:44:39 +04:00
|
|
|
|
2017-08-03 07:16:12 +03:00
|
|
|
return (SET_ERROR(EBADF));
|
2010-08-26 22:44:39 +04:00
|
|
|
}
|
|
|
|
|
2010-08-27 01:24:34 +04:00
|
|
|
/*
|
2010-08-26 22:44:39 +04:00
|
|
|
* Find a free minor number. The zfsdev_state_list is expected to
|
|
|
|
* be short since it is only a list of currently open file handles.
|
2010-08-27 01:24:34 +04:00
|
|
|
*/
|
|
|
|
minor_t
|
|
|
|
zfsdev_minor_alloc(void)
|
|
|
|
{
|
2010-08-26 22:44:39 +04:00
|
|
|
static minor_t last_minor = 0;
|
2010-08-27 01:24:34 +04:00
|
|
|
minor_t m;
|
|
|
|
|
|
|
|
ASSERT(MUTEX_HELD(&zfsdev_state_lock));
|
|
|
|
|
|
|
|
for (m = last_minor + 1; m != last_minor; m++) {
|
|
|
|
if (m > ZFSDEV_MAX_MINOR)
|
|
|
|
m = 1;
|
2010-08-26 22:44:39 +04:00
|
|
|
if (zfsdev_get_state_impl(m, ZST_ALL) == NULL) {
|
2010-08-27 01:24:34 +04:00
|
|
|
last_minor = m;
|
|
|
|
return (m);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2010-08-26 22:44:39 +04:00
|
|
|
zfsdev_state_init(struct file *filp)
|
2010-08-27 01:24:34 +04:00
|
|
|
{
|
2014-05-08 18:51:01 +04:00
|
|
|
zfsdev_state_t *zs, *zsprev = NULL;
|
2010-08-27 01:24:34 +04:00
|
|
|
minor_t minor;
|
2014-05-08 18:51:01 +04:00
|
|
|
boolean_t newzs = B_FALSE;
|
2010-08-27 01:24:34 +04:00
|
|
|
|
|
|
|
ASSERT(MUTEX_HELD(&zfsdev_state_lock));
|
|
|
|
|
2013-11-01 23:26:11 +04:00
|
|
|
minor = zfsdev_minor_alloc();
|
|
|
|
if (minor == 0)
|
|
|
|
return (SET_ERROR(ENXIO));
|
2010-08-26 22:44:39 +04:00
|
|
|
|
2014-05-08 18:51:01 +04:00
|
|
|
for (zs = zfsdev_state_list; zs != NULL; zs = zs->zs_next) {
|
|
|
|
if (zs->zs_minor == -1)
|
|
|
|
break;
|
|
|
|
zsprev = zs;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!zs) {
|
|
|
|
zs = kmem_zalloc(sizeof (zfsdev_state_t), KM_SLEEP);
|
|
|
|
newzs = B_TRUE;
|
|
|
|
}
|
2010-08-27 01:24:34 +04:00
|
|
|
|
2010-08-26 22:44:39 +04:00
|
|
|
zs->zs_file = filp;
|
|
|
|
filp->private_data = zs;
|
2010-08-27 01:24:34 +04:00
|
|
|
|
2010-08-26 22:44:39 +04:00
|
|
|
zfs_onexit_init((zfs_onexit_t **)&zs->zs_onexit);
|
|
|
|
zfs_zevent_init((zfs_zevent_t **)&zs->zs_zevent);
|
2010-08-27 01:24:34 +04:00
|
|
|
|
2014-05-08 18:51:01 +04:00
|
|
|
|
|
|
|
/*
|
|
|
|
* In order to provide for lock-free concurrent read access
|
|
|
|
* to the minor list in zfsdev_get_state_impl(), new entries
|
|
|
|
* must be completely written before linking them into the
|
|
|
|
* list whereas existing entries are already linked; the last
|
|
|
|
* operation must be updating zs_minor (from -1 to the new
|
|
|
|
* value).
|
|
|
|
*/
|
|
|
|
if (newzs) {
|
|
|
|
zs->zs_minor = minor;
|
|
|
|
smp_wmb();
|
|
|
|
zsprev->zs_next = zs;
|
|
|
|
} else {
|
|
|
|
smp_wmb();
|
|
|
|
zs->zs_minor = minor;
|
|
|
|
}
|
2010-08-27 01:24:34 +04:00
|
|
|
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
2010-08-26 22:44:39 +04:00
|
|
|
static int
|
|
|
|
zfsdev_state_destroy(struct file *filp)
|
2010-08-27 01:24:34 +04:00
|
|
|
{
|
2010-08-26 22:44:39 +04:00
|
|
|
zfsdev_state_t *zs;
|
2010-08-27 01:24:34 +04:00
|
|
|
|
2010-08-26 22:44:39 +04:00
|
|
|
ASSERT(MUTEX_HELD(&zfsdev_state_lock));
|
|
|
|
ASSERT(filp->private_data != NULL);
|
2010-08-27 01:24:34 +04:00
|
|
|
|
2010-08-26 22:44:39 +04:00
|
|
|
zs = filp->private_data;
|
2014-05-08 18:51:01 +04:00
|
|
|
zs->zs_minor = -1;
|
2010-08-26 22:44:39 +04:00
|
|
|
zfs_onexit_destroy(zs->zs_onexit);
|
|
|
|
zfs_zevent_destroy(zs->zs_zevent);
|
2010-08-27 01:24:34 +04:00
|
|
|
|
2013-11-01 23:26:11 +04:00
|
|
|
return (0);
|
2010-08-27 01:24:34 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2010-08-26 22:44:39 +04:00
|
|
|
zfsdev_open(struct inode *ino, struct file *filp)
|
2010-08-27 01:24:34 +04:00
|
|
|
{
|
2010-08-26 22:44:39 +04:00
|
|
|
int error;
|
2010-08-27 01:24:34 +04:00
|
|
|
|
2010-08-26 22:44:39 +04:00
|
|
|
mutex_enter(&zfsdev_state_lock);
|
|
|
|
error = zfsdev_state_init(filp);
|
|
|
|
mutex_exit(&zfsdev_state_lock);
|
2010-08-27 01:24:34 +04:00
|
|
|
|
2010-08-26 22:44:39 +04:00
|
|
|
return (-error);
|
2010-08-27 01:24:34 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2010-08-26 22:44:39 +04:00
|
|
|
zfsdev_release(struct inode *ino, struct file *filp)
|
2010-08-27 01:24:34 +04:00
|
|
|
{
|
2010-08-26 22:44:39 +04:00
|
|
|
int error;
|
2010-08-27 01:24:34 +04:00
|
|
|
|
|
|
|
mutex_enter(&zfsdev_state_lock);
|
2010-08-26 22:44:39 +04:00
|
|
|
error = zfsdev_state_destroy(filp);
|
2010-08-27 01:24:34 +04:00
|
|
|
mutex_exit(&zfsdev_state_lock);
|
|
|
|
|
2010-08-26 22:44:39 +04:00
|
|
|
return (-error);
|
2010-08-27 01:24:34 +04:00
|
|
|
}
|
|
|
|
|
2010-08-26 22:44:39 +04:00
|
|
|
static long
|
|
|
|
zfsdev_ioctl(struct file *filp, unsigned cmd, unsigned long arg)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
|
|
|
zfs_cmd_t *zc;
|
2013-08-28 15:45:09 +04:00
|
|
|
uint_t vecnum;
|
2014-04-17 21:06:37 +04:00
|
|
|
int error, rc, flag = 0;
|
2013-08-28 15:45:09 +04:00
|
|
|
const zfs_ioc_vec_t *vec;
|
2013-12-24 00:06:34 +04:00
|
|
|
char *saved_poolname = NULL;
|
2013-08-28 15:45:09 +04:00
|
|
|
nvlist_t *innvl = NULL;
|
2015-03-31 06:43:29 +03:00
|
|
|
fstrans_cookie_t cookie;
|
2013-08-28 15:45:09 +04:00
|
|
|
|
|
|
|
vecnum = cmd - ZFS_IOC_FIRST;
|
|
|
|
if (vecnum >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0]))
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
return (-SET_ERROR(ZFS_ERR_IOC_CMD_UNAVAIL));
|
2013-08-28 15:45:09 +04:00
|
|
|
vec = &zfs_ioc_vec[vecnum];
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2013-12-14 02:49:33 +04:00
|
|
|
/*
|
|
|
|
* The registered ioctl list may be sparse, verify that either
|
|
|
|
* a normal or legacy handler are registered.
|
|
|
|
*/
|
|
|
|
if (vec->zvec_func == NULL && vec->zvec_legacy_func == NULL)
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
return (-SET_ERROR(ZFS_ERR_IOC_CMD_UNAVAIL));
|
2013-12-14 02:49:33 +04:00
|
|
|
|
2014-12-03 22:56:32 +03:00
|
|
|
zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2009-07-03 02:44:48 +04:00
|
|
|
error = ddi_copyin((void *)arg, zc, sizeof (zfs_cmd_t), flag);
|
2013-08-28 15:45:09 +04:00
|
|
|
if (error != 0) {
|
2013-03-08 22:41:28 +04:00
|
|
|
error = SET_ERROR(EFAULT);
|
2013-08-28 15:45:09 +04:00
|
|
|
goto out;
|
|
|
|
}
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
zc->zc_iflags = flag & FKIOCTL;
|
2016-06-07 19:16:52 +03:00
|
|
|
if (zc->zc_nvlist_src_size > MAX_NVLIST_SRC_SIZE) {
|
|
|
|
/*
|
|
|
|
* Make sure the user doesn't pass in an insane value for
|
|
|
|
* zc_nvlist_src_size. We have to check, since we will end
|
|
|
|
* up allocating that much memory inside of get_nvlist(). This
|
|
|
|
* prevents a nefarious user from allocating tons of kernel
|
|
|
|
* memory.
|
|
|
|
*
|
|
|
|
* Also, we return EINVAL instead of ENOMEM here. The reason
|
|
|
|
* being that returning ENOMEM from an ioctl() has a special
|
|
|
|
* connotation; that the user's size value is too small and
|
|
|
|
* needs to be expanded to hold the nvlist. See
|
|
|
|
* zcmd_expand_dst_nvlist() for details.
|
|
|
|
*/
|
|
|
|
error = SET_ERROR(EINVAL); /* User's size too big */
|
|
|
|
|
|
|
|
} else if (zc->zc_nvlist_src_size != 0) {
|
2013-08-28 15:45:09 +04:00
|
|
|
error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
|
|
|
|
zc->zc_iflags, &innvl);
|
|
|
|
if (error != 0)
|
|
|
|
goto out;
|
|
|
|
}
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Ensure that all pool/dataset names are valid before we pass down to
|
|
|
|
* the lower layers.
|
|
|
|
*/
|
2013-08-28 15:45:09 +04:00
|
|
|
zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
|
|
|
|
switch (vec->zvec_namecheck) {
|
|
|
|
case POOL_NAME:
|
|
|
|
if (pool_namecheck(zc->zc_name, NULL, NULL) != 0)
|
2013-03-08 22:41:28 +04:00
|
|
|
error = SET_ERROR(EINVAL);
|
2013-08-28 15:45:09 +04:00
|
|
|
else
|
2010-08-27 01:24:34 +04:00
|
|
|
error = pool_status_check(zc->zc_name,
|
2013-08-28 15:45:09 +04:00
|
|
|
vec->zvec_namecheck, vec->zvec_pool_check);
|
|
|
|
break;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
case DATASET_NAME:
|
|
|
|
if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0)
|
2013-03-08 22:41:28 +04:00
|
|
|
error = SET_ERROR(EINVAL);
|
2013-08-28 15:45:09 +04:00
|
|
|
else
|
2010-08-27 01:24:34 +04:00
|
|
|
error = pool_status_check(zc->zc_name,
|
2013-08-28 15:45:09 +04:00
|
|
|
vec->zvec_namecheck, vec->zvec_pool_check);
|
|
|
|
break;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
case NO_NAME:
|
|
|
|
break;
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
Add basic zfs ioc input nvpair validation
We want newer versions of libzfs_core to run against an existing
zfs kernel module (i.e. a deferred reboot or module reload after
an update).
Programmatically document, via a zfs_ioc_key_t, the valid arguments
for the ioc commands that rely on nvpair input arguments (i.e. non
legacy commands from libzfs_core). Automatically verify the expected
pairs before dispatching a command.
This initial phase focuses on the non-legacy ioctls. A follow-on
change can address the legacy ioctl input from the zfs_cmd_t.
The zfs_ioc_key_t for zfs_keys_channel_program looks like:
static const zfs_ioc_key_t zfs_keys_channel_program[] = {
{"program", DATA_TYPE_STRING, 0},
{"arg", DATA_TYPE_UNKNOWN, 0},
{"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
{"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
{"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
};
Introduce four input errors to identify specific input failures
(in addition to generic argument value errors like EINVAL, ERANGE,
EBADF, and E2BIG).
ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Don Brady <don.brady@delphix.com>
Closes #7780
2018-09-02 22:14:01 +03:00
|
|
|
/*
|
|
|
|
* Ensure that all input pairs are valid before we pass them down
|
|
|
|
* to the lower layers.
|
|
|
|
*
|
|
|
|
* The vectored functions can use fnvlist_lookup_{type} for any
|
|
|
|
* required pairs since zfs_check_input_nvpairs() confirmed that
|
|
|
|
* they exist and are of the correct type.
|
|
|
|
*/
|
|
|
|
if (error == 0 && vec->zvec_func != NULL) {
|
|
|
|
error = zfs_check_input_nvpairs(innvl, vec);
|
|
|
|
if (error != 0)
|
|
|
|
goto out;
|
|
|
|
}
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2017-01-31 21:24:23 +03:00
|
|
|
if (error == 0) {
|
2016-05-02 20:00:50 +03:00
|
|
|
cookie = spl_fstrans_mark();
|
2013-08-28 15:45:09 +04:00
|
|
|
error = vec->zvec_secpolicy(zc, innvl, CRED());
|
2016-05-02 20:00:50 +03:00
|
|
|
spl_fstrans_unmark(cookie);
|
|
|
|
}
|
2013-08-28 15:45:09 +04:00
|
|
|
|
|
|
|
if (error != 0)
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
/* legacy ioctls can modify zc_name */
|
2014-04-17 21:06:37 +04:00
|
|
|
saved_poolname = strdup(zc->zc_name);
|
|
|
|
if (saved_poolname == NULL) {
|
|
|
|
error = SET_ERROR(ENOMEM);
|
|
|
|
goto out;
|
|
|
|
} else {
|
|
|
|
saved_poolname[strcspn(saved_poolname, "/@#")] = '\0';
|
|
|
|
}
|
2013-08-28 15:45:09 +04:00
|
|
|
|
|
|
|
if (vec->zvec_func != NULL) {
|
|
|
|
nvlist_t *outnvl;
|
|
|
|
int puterror = 0;
|
|
|
|
spa_t *spa;
|
|
|
|
nvlist_t *lognv = NULL;
|
|
|
|
|
|
|
|
ASSERT(vec->zvec_legacy_func == NULL);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Add the innvl to the lognv before calling the func,
|
|
|
|
* in case the func changes the innvl.
|
|
|
|
*/
|
|
|
|
if (vec->zvec_allow_log) {
|
|
|
|
lognv = fnvlist_alloc();
|
|
|
|
fnvlist_add_string(lognv, ZPOOL_HIST_IOCTL,
|
|
|
|
vec->zvec_name);
|
|
|
|
if (!nvlist_empty(innvl)) {
|
|
|
|
fnvlist_add_nvlist(lognv, ZPOOL_HIST_INPUT_NVL,
|
|
|
|
innvl);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-11-21 03:09:39 +03:00
|
|
|
outnvl = fnvlist_alloc();
|
2015-03-31 06:43:29 +03:00
|
|
|
cookie = spl_fstrans_mark();
|
2013-08-28 15:45:09 +04:00
|
|
|
error = vec->zvec_func(zc->zc_name, innvl, outnvl);
|
2015-03-31 06:43:29 +03:00
|
|
|
spl_fstrans_unmark(cookie);
|
2013-08-28 15:45:09 +04:00
|
|
|
|
2018-02-08 19:16:23 +03:00
|
|
|
/*
|
|
|
|
* Some commands can partially execute, modify state, and still
|
|
|
|
* return an error. In these cases, attempt to record what
|
|
|
|
* was modified.
|
|
|
|
*/
|
|
|
|
if ((error == 0 ||
|
|
|
|
(cmd == ZFS_IOC_CHANNEL_PROGRAM && error != EINVAL)) &&
|
|
|
|
vec->zvec_allow_log &&
|
2013-08-28 15:45:09 +04:00
|
|
|
spa_open(zc->zc_name, &spa, FTAG) == 0) {
|
|
|
|
if (!nvlist_empty(outnvl)) {
|
|
|
|
fnvlist_add_nvlist(lognv, ZPOOL_HIST_OUTPUT_NVL,
|
|
|
|
outnvl);
|
|
|
|
}
|
2018-02-08 19:16:23 +03:00
|
|
|
if (error != 0) {
|
|
|
|
fnvlist_add_int64(lognv, ZPOOL_HIST_ERRNO,
|
|
|
|
error);
|
|
|
|
}
|
2013-08-28 15:45:09 +04:00
|
|
|
(void) spa_history_log_nvl(spa, lognv);
|
|
|
|
spa_close(spa, FTAG);
|
|
|
|
}
|
|
|
|
fnvlist_free(lognv);
|
|
|
|
|
|
|
|
if (!nvlist_empty(outnvl) || zc->zc_nvlist_dst_size != 0) {
|
|
|
|
int smusherror = 0;
|
|
|
|
if (vec->zvec_smush_outnvlist) {
|
|
|
|
smusherror = nvlist_smush(outnvl,
|
|
|
|
zc->zc_nvlist_dst_size);
|
|
|
|
}
|
|
|
|
if (smusherror == 0)
|
|
|
|
puterror = put_nvlist(zc, outnvl);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (puterror != 0)
|
|
|
|
error = puterror;
|
|
|
|
|
|
|
|
nvlist_free(outnvl);
|
|
|
|
} else {
|
2015-03-31 06:43:29 +03:00
|
|
|
cookie = spl_fstrans_mark();
|
2013-08-28 15:45:09 +04:00
|
|
|
error = vec->zvec_legacy_func(zc);
|
2015-03-31 06:43:29 +03:00
|
|
|
spl_fstrans_unmark(cookie);
|
2013-08-28 15:45:09 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
out:
|
|
|
|
nvlist_free(innvl);
|
2009-07-03 02:44:48 +04:00
|
|
|
rc = ddi_copyout(zc, (void *)arg, sizeof (zfs_cmd_t), flag);
|
2013-08-28 15:45:09 +04:00
|
|
|
if (error == 0 && rc != 0)
|
2013-03-08 22:41:28 +04:00
|
|
|
error = SET_ERROR(EFAULT);
|
2013-08-28 15:45:09 +04:00
|
|
|
if (error == 0 && vec->zvec_allow_log) {
|
|
|
|
char *s = tsd_get(zfs_allow_log_key);
|
|
|
|
if (s != NULL)
|
|
|
|
strfree(s);
|
2013-12-24 00:06:34 +04:00
|
|
|
(void) tsd_set(zfs_allow_log_key, saved_poolname);
|
|
|
|
} else {
|
|
|
|
if (saved_poolname != NULL)
|
2014-04-17 21:06:37 +04:00
|
|
|
strfree(saved_poolname);
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
kmem_free(zc, sizeof (zfs_cmd_t));
|
2010-08-26 22:44:39 +04:00
|
|
|
return (-error);
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
2010-08-26 22:44:39 +04:00
|
|
|
#ifdef CONFIG_COMPAT
|
|
|
|
static long
|
|
|
|
zfsdev_compat_ioctl(struct file *filp, unsigned cmd, unsigned long arg)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
2013-11-01 23:26:11 +04:00
|
|
|
return (zfsdev_ioctl(filp, cmd, arg));
|
2010-08-26 22:44:39 +04:00
|
|
|
}
|
|
|
|
#else
|
2013-11-01 23:26:11 +04:00
|
|
|
#define zfsdev_compat_ioctl NULL
|
2010-08-26 22:44:39 +04:00
|
|
|
#endif
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2010-08-26 22:44:39 +04:00
|
|
|
static const struct file_operations zfsdev_fops = {
|
2013-11-01 23:26:11 +04:00
|
|
|
.open = zfsdev_open,
|
|
|
|
.release = zfsdev_release,
|
|
|
|
.unlocked_ioctl = zfsdev_ioctl,
|
|
|
|
.compat_ioctl = zfsdev_compat_ioctl,
|
|
|
|
.owner = THIS_MODULE,
|
2010-08-26 22:44:39 +04:00
|
|
|
};
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2010-08-26 22:44:39 +04:00
|
|
|
static struct miscdevice zfs_misc = {
|
2018-03-13 20:45:55 +03:00
|
|
|
.minor = ZFS_MINOR,
|
2013-11-01 23:26:11 +04:00
|
|
|
.name = ZFS_DRIVER,
|
|
|
|
.fops = &zfsdev_fops,
|
2010-08-26 22:44:39 +04:00
|
|
|
};
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2018-03-13 20:45:55 +03:00
|
|
|
MODULE_ALIAS_MISCDEV(ZFS_MINOR);
|
|
|
|
MODULE_ALIAS("devname:zfs");
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
static int
|
2010-08-26 22:44:39 +04:00
|
|
|
zfs_attach(void)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
2010-08-26 22:44:39 +04:00
|
|
|
int error;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2010-08-26 22:44:39 +04:00
|
|
|
mutex_init(&zfsdev_state_lock, NULL, MUTEX_DEFAULT, NULL);
|
2014-05-08 18:51:01 +04:00
|
|
|
zfsdev_state_list = kmem_zalloc(sizeof (zfsdev_state_t), KM_SLEEP);
|
|
|
|
zfsdev_state_list->zs_minor = -1;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2010-08-26 22:44:39 +04:00
|
|
|
error = misc_register(&zfs_misc);
|
2018-03-13 20:45:55 +03:00
|
|
|
if (error == -EBUSY) {
|
|
|
|
/*
|
|
|
|
* Fallback to dynamic minor allocation in the event of a
|
|
|
|
* collision with a reserved minor in linux/miscdevice.h.
|
|
|
|
* In this case the kernel modules must be manually loaded.
|
|
|
|
*/
|
|
|
|
printk(KERN_INFO "ZFS: misc_register() with static minor %d "
|
|
|
|
"failed %d, retrying with MISC_DYNAMIC_MINOR\n",
|
|
|
|
ZFS_MINOR, error);
|
|
|
|
|
|
|
|
zfs_misc.minor = MISC_DYNAMIC_MINOR;
|
|
|
|
error = misc_register(&zfs_misc);
|
2010-08-26 22:44:39 +04:00
|
|
|
}
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2018-03-13 20:45:55 +03:00
|
|
|
if (error)
|
|
|
|
printk(KERN_INFO "ZFS: misc_register() failed %d\n", error);
|
|
|
|
|
|
|
|
return (error);
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
2010-08-26 22:44:39 +04:00
|
|
|
static void
|
|
|
|
zfs_detach(void)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
2014-05-08 18:51:01 +04:00
|
|
|
zfsdev_state_t *zs, *zsprev = NULL;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2015-09-01 19:23:02 +03:00
|
|
|
misc_deregister(&zfs_misc);
|
2010-08-26 22:44:39 +04:00
|
|
|
mutex_destroy(&zfsdev_state_lock);
|
2014-05-08 18:51:01 +04:00
|
|
|
|
|
|
|
for (zs = zfsdev_state_list; zs != NULL; zs = zs->zs_next) {
|
|
|
|
if (zsprev)
|
|
|
|
kmem_free(zsprev, sizeof (zfsdev_state_t));
|
|
|
|
zsprev = zs;
|
|
|
|
}
|
|
|
|
if (zsprev)
|
|
|
|
kmem_free(zsprev, sizeof (zfsdev_state_t));
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
static void
|
|
|
|
zfs_allow_log_destroy(void *arg)
|
|
|
|
{
|
|
|
|
char *poolname = arg;
|
2016-07-27 09:58:17 +03:00
|
|
|
|
|
|
|
if (poolname != NULL)
|
|
|
|
strfree(poolname);
|
2013-08-28 15:45:09 +04:00
|
|
|
}
|
2010-08-26 22:44:39 +04:00
|
|
|
|
|
|
|
#ifdef DEBUG
|
2013-11-01 23:26:11 +04:00
|
|
|
#define ZFS_DEBUG_STR " (DEBUG mode)"
|
2010-08-26 22:44:39 +04:00
|
|
|
#else
|
2013-11-01 23:26:11 +04:00
|
|
|
#define ZFS_DEBUG_STR ""
|
2010-08-26 22:44:39 +04:00
|
|
|
#endif
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2015-02-19 02:39:05 +03:00
|
|
|
static int __init
|
2008-11-20 23:01:55 +03:00
|
|
|
_init(void)
|
|
|
|
{
|
|
|
|
int error;
|
|
|
|
|
2015-11-17 02:00:38 +03:00
|
|
|
error = -vn_set_pwd("/");
|
2015-02-19 02:39:05 +03:00
|
|
|
if (error) {
|
|
|
|
printk(KERN_NOTICE
|
|
|
|
"ZFS: Warning unable to set pwd to '/': %d\n", error);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2014-03-22 13:07:14 +04:00
|
|
|
if ((error = -zvol_init()) != 0)
|
|
|
|
return (error);
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
spa_init(FREAD | FWRITE);
|
|
|
|
zfs_init();
|
|
|
|
|
2013-08-28 15:45:09 +04:00
|
|
|
zfs_ioctl_init();
|
2018-09-02 22:09:53 +03:00
|
|
|
zfs_sysfs_init();
|
2013-08-28 15:45:09 +04:00
|
|
|
|
2010-08-26 22:44:39 +04:00
|
|
|
if ((error = zfs_attach()) != 0)
|
2014-03-22 13:07:14 +04:00
|
|
|
goto out;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2012-12-20 21:55:47 +04:00
|
|
|
tsd_create(&zfs_fsyncer_key, NULL);
|
2013-08-28 15:45:09 +04:00
|
|
|
tsd_create(&rrw_tsd_key, rrw_tsd_destroy);
|
|
|
|
tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2012-03-23 22:59:47 +04:00
|
|
|
printk(KERN_NOTICE "ZFS: Loaded module v%s-%s%s, "
|
2013-11-01 23:26:11 +04:00
|
|
|
"ZFS pool version %s, ZFS filesystem version %s\n",
|
|
|
|
ZFS_META_VERSION, ZFS_META_RELEASE, ZFS_DEBUG_STR,
|
|
|
|
SPA_VERSION_STRING, ZPL_VERSION_STRING);
|
2013-11-03 03:40:26 +04:00
|
|
|
#ifndef CONFIG_FS_POSIX_ACL
|
|
|
|
printk(KERN_NOTICE "ZFS: Posix ACLs disabled by kernel\n");
|
|
|
|
#endif /* CONFIG_FS_POSIX_ACL */
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
return (0);
|
2010-08-26 22:44:39 +04:00
|
|
|
|
2014-03-22 13:07:14 +04:00
|
|
|
out:
|
2018-09-02 22:09:53 +03:00
|
|
|
zfs_sysfs_fini();
|
2010-08-26 22:44:39 +04:00
|
|
|
zfs_fini();
|
|
|
|
spa_fini();
|
2014-03-22 13:07:14 +04:00
|
|
|
(void) zvol_fini();
|
2012-03-23 22:59:47 +04:00
|
|
|
printk(KERN_NOTICE "ZFS: Failed to Load ZFS Filesystem v%s-%s%s"
|
2013-11-01 23:26:11 +04:00
|
|
|
", rc = %d\n", ZFS_META_VERSION, ZFS_META_RELEASE,
|
|
|
|
ZFS_DEBUG_STR, error);
|
2010-08-26 22:44:39 +04:00
|
|
|
|
|
|
|
return (error);
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
2015-02-19 02:39:05 +03:00
|
|
|
static void __exit
|
2008-11-20 23:01:55 +03:00
|
|
|
_fini(void)
|
|
|
|
{
|
2010-08-26 22:44:39 +04:00
|
|
|
zfs_detach();
|
2018-09-02 22:09:53 +03:00
|
|
|
zfs_sysfs_fini();
|
2008-11-20 23:01:55 +03:00
|
|
|
zfs_fini();
|
|
|
|
spa_fini();
|
2014-03-22 13:07:14 +04:00
|
|
|
zvol_fini();
|
2011-07-02 23:34:05 +04:00
|
|
|
|
2012-12-20 21:55:47 +04:00
|
|
|
tsd_destroy(&zfs_fsyncer_key);
|
2010-12-18 02:26:17 +03:00
|
|
|
tsd_destroy(&rrw_tsd_key);
|
2013-08-28 15:45:09 +04:00
|
|
|
tsd_destroy(&zfs_allow_log_key);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2012-03-23 22:59:47 +04:00
|
|
|
printk(KERN_NOTICE "ZFS: Unloaded module v%s-%s%s\n",
|
2013-11-01 23:26:11 +04:00
|
|
|
ZFS_META_VERSION, ZFS_META_RELEASE, ZFS_DEBUG_STR);
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
2010-08-26 22:44:39 +04:00
|
|
|
|
2018-02-16 04:53:18 +03:00
|
|
|
#if defined(_KERNEL)
|
2015-02-19 02:39:05 +03:00
|
|
|
module_init(_init);
|
|
|
|
module_exit(_fini);
|
2010-08-26 22:44:39 +04:00
|
|
|
|
|
|
|
MODULE_DESCRIPTION("ZFS");
|
|
|
|
MODULE_AUTHOR(ZFS_META_AUTHOR);
|
|
|
|
MODULE_LICENSE(ZFS_META_LICENSE);
|
2013-12-04 22:32:08 +04:00
|
|
|
MODULE_VERSION(ZFS_META_VERSION "-" ZFS_META_RELEASE);
|
2018-02-16 04:53:18 +03:00
|
|
|
#endif
|