1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Copyright (c) 2011, 2015 by Delphix. All rights reserved.
25 * Copyright 2019 Joyent, Inc.
26 * Copyright (c) 2012 Pawel Jakub Dawidek. All rights reserved.
27 * Copyright (c) 2013 Steven Hartland. All rights reserved.
28 * Copyright 2015, OmniTI Computer Consulting, Inc. All rights reserved.
29 * Copyright (c) 2014 Integros [integros.com]
30 * Copyright 2016 Igor Kozhukhov <ikozhukhov@gmail.com>
31 * Copyright (c) 2017, loli10K <ezomori.nozomu@gmail.com>. All rights reserved.
32 * Copyright (c) 2018 Datto Inc.
33 */
34
35 #include <assert.h>
36 #include <ctype.h>
37 #include <errno.h>
38 #include <libintl.h>
39 #include <stdio.h>
40 #include <stdlib.h>
41 #include <strings.h>
42 #include <unistd.h>
43 #include <stddef.h>
44 #include <fcntl.h>
45 #include <sys/mount.h>
46 #include <pthread.h>
47 #include <umem.h>
48 #include <time.h>
49
50 #include <libzfs.h>
51 #include <libzfs_core.h>
52 #include <libzutil.h>
53
54 #include "zfs_namecheck.h"
55 #include "zfs_prop.h"
56 #include "zfs_fletcher.h"
57 #include "libzfs_impl.h"
58 #include <zlib.h>
59 #include <sha2.h>
60 #include <sys/zio_checksum.h>
61 #include <sys/dsl_crypt.h>
62 #include <sys/ddt.h>
63
64 /* in libzfs_dataset.c */
65 extern void zfs_setprop_error(libzfs_handle_t *, zfs_prop_t, int, char *);
66
67 static int zfs_receive_impl(libzfs_handle_t *, const char *, const char *,
68 recvflags_t *, int, const char *, nvlist_t *, avl_tree_t *, char **, int,
69 uint64_t *, const char *, nvlist_t *);
70 static int guid_to_name(libzfs_handle_t *, const char *,
71 uint64_t, boolean_t, char *);
72
73 static const zio_cksum_t zero_cksum = { 0 };
74
75 typedef struct dedup_arg {
76 int inputfd;
77 int outputfd;
78 libzfs_handle_t *dedup_hdl;
79 } dedup_arg_t;
80
81 typedef struct progress_arg {
82 zfs_handle_t *pa_zhp;
83 int pa_fd;
84 boolean_t pa_parsable;
85 } progress_arg_t;
86
87 typedef struct dataref {
88 uint64_t ref_guid;
89 uint64_t ref_object;
90 uint64_t ref_offset;
91 } dataref_t;
92
93 typedef struct dedup_entry {
94 struct dedup_entry *dde_next;
95 zio_cksum_t dde_chksum;
96 uint64_t dde_prop;
97 dataref_t dde_ref;
98 } dedup_entry_t;
99
100 #define MAX_DDT_PHYSMEM_PERCENT 20
101 #define SMALLEST_POSSIBLE_MAX_DDT_MB 128
102
103 typedef struct dedup_table {
104 dedup_entry_t **dedup_hash_array;
105 umem_cache_t *ddecache;
106 uint64_t max_ddt_size; /* max dedup table size in bytes */
107 uint64_t cur_ddt_size; /* current dedup table size in bytes */
108 uint64_t ddt_count;
109 int numhashbits;
110 boolean_t ddt_full;
111 } dedup_table_t;
112
113 static int
high_order_bit(uint64_t n)114 high_order_bit(uint64_t n)
115 {
116 int count;
117
118 for (count = 0; n != 0; count++)
119 n >>= 1;
120 return (count);
121 }
122
123 static size_t
ssread(void * buf,size_t len,FILE * stream)124 ssread(void *buf, size_t len, FILE *stream)
125 {
126 size_t outlen;
127
128 if ((outlen = fread(buf, len, 1, stream)) == 0)
129 return (0);
130
131 return (outlen);
132 }
133
134 static void
ddt_hash_append(libzfs_handle_t * hdl,dedup_table_t * ddt,dedup_entry_t ** ddepp,zio_cksum_t * cs,uint64_t prop,dataref_t * dr)135 ddt_hash_append(libzfs_handle_t *hdl, dedup_table_t *ddt, dedup_entry_t **ddepp,
136 zio_cksum_t *cs, uint64_t prop, dataref_t *dr)
137 {
138 dedup_entry_t *dde;
139
140 if (ddt->cur_ddt_size >= ddt->max_ddt_size) {
141 if (ddt->ddt_full == B_FALSE) {
142 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
143 "Dedup table full. Deduplication will continue "
144 "with existing table entries"));
145 ddt->ddt_full = B_TRUE;
146 }
147 return;
148 }
149
150 if ((dde = umem_cache_alloc(ddt->ddecache, UMEM_DEFAULT))
151 != NULL) {
152 assert(*ddepp == NULL);
153 dde->dde_next = NULL;
154 dde->dde_chksum = *cs;
155 dde->dde_prop = prop;
156 dde->dde_ref = *dr;
157 *ddepp = dde;
158 ddt->cur_ddt_size += sizeof (dedup_entry_t);
159 ddt->ddt_count++;
160 }
161 }
162
163 /*
164 * Using the specified dedup table, do a lookup for an entry with
165 * the checksum cs. If found, return the block's reference info
166 * in *dr. Otherwise, insert a new entry in the dedup table, using
167 * the reference information specified by *dr.
168 *
169 * return value: true - entry was found
170 * false - entry was not found
171 */
172 static boolean_t
ddt_update(libzfs_handle_t * hdl,dedup_table_t * ddt,zio_cksum_t * cs,uint64_t prop,dataref_t * dr)173 ddt_update(libzfs_handle_t *hdl, dedup_table_t *ddt, zio_cksum_t *cs,
174 uint64_t prop, dataref_t *dr)
175 {
176 uint32_t hashcode;
177 dedup_entry_t **ddepp;
178
179 hashcode = BF64_GET(cs->zc_word[0], 0, ddt->numhashbits);
180
181 for (ddepp = &(ddt->dedup_hash_array[hashcode]); *ddepp != NULL;
182 ddepp = &((*ddepp)->dde_next)) {
183 if (ZIO_CHECKSUM_EQUAL(((*ddepp)->dde_chksum), *cs) &&
184 (*ddepp)->dde_prop == prop) {
185 *dr = (*ddepp)->dde_ref;
186 return (B_TRUE);
187 }
188 }
189 ddt_hash_append(hdl, ddt, ddepp, cs, prop, dr);
190 return (B_FALSE);
191 }
192
193 static int
dump_record(dmu_replay_record_t * drr,void * payload,int payload_len,zio_cksum_t * zc,int outfd)194 dump_record(dmu_replay_record_t *drr, void *payload, int payload_len,
195 zio_cksum_t *zc, int outfd)
196 {
197 ASSERT3U(offsetof(dmu_replay_record_t, drr_u.drr_checksum.drr_checksum),
198 ==, sizeof (dmu_replay_record_t) - sizeof (zio_cksum_t));
199 (void) fletcher_4_incremental_native(drr,
200 offsetof(dmu_replay_record_t, drr_u.drr_checksum.drr_checksum), zc);
201 if (drr->drr_type != DRR_BEGIN) {
202 ASSERT(ZIO_CHECKSUM_IS_ZERO(&drr->drr_u.
203 drr_checksum.drr_checksum));
204 drr->drr_u.drr_checksum.drr_checksum = *zc;
205 }
206 (void) fletcher_4_incremental_native(
207 &drr->drr_u.drr_checksum.drr_checksum, sizeof (zio_cksum_t), zc);
208 if (write(outfd, drr, sizeof (*drr)) == -1)
209 return (errno);
210 if (payload_len != 0) {
211 (void) fletcher_4_incremental_native(payload, payload_len, zc);
212 if (write(outfd, payload, payload_len) == -1)
213 return (errno);
214 }
215 return (0);
216 }
217
218 /*
219 * This function is started in a separate thread when the dedup option
220 * has been requested. The main send thread determines the list of
221 * snapshots to be included in the send stream and makes the ioctl calls
222 * for each one. But instead of having the ioctl send the output to the
223 * the output fd specified by the caller of zfs_send()), the
224 * ioctl is told to direct the output to a pipe, which is read by the
225 * alternate thread running THIS function. This function does the
226 * dedup'ing by:
227 * 1. building a dedup table (the DDT)
228 * 2. doing checksums on each data block and inserting a record in the DDT
229 * 3. looking for matching checksums, and
230 * 4. sending a DRR_WRITE_BYREF record instead of a write record whenever
231 * a duplicate block is found.
232 * The output of this function then goes to the output fd requested
233 * by the caller of zfs_send().
234 */
235 static void *
cksummer(void * arg)236 cksummer(void *arg)
237 {
238 dedup_arg_t *dda = arg;
239 char *buf = zfs_alloc(dda->dedup_hdl, SPA_MAXBLOCKSIZE);
240 dmu_replay_record_t thedrr;
241 dmu_replay_record_t *drr = &thedrr;
242 FILE *ofp;
243 int outfd;
244 dedup_table_t ddt;
245 zio_cksum_t stream_cksum;
246 uint64_t physmem = sysconf(_SC_PHYS_PAGES) * sysconf(_SC_PAGESIZE);
247 uint64_t numbuckets;
248
249 ddt.max_ddt_size =
250 MAX((physmem * MAX_DDT_PHYSMEM_PERCENT) / 100,
251 SMALLEST_POSSIBLE_MAX_DDT_MB << 20);
252
253 numbuckets = ddt.max_ddt_size / (sizeof (dedup_entry_t));
254
255 /*
256 * numbuckets must be a power of 2. Increase number to
257 * a power of 2 if necessary.
258 */
259 if (!ISP2(numbuckets))
260 numbuckets = 1 << high_order_bit(numbuckets);
261
262 ddt.dedup_hash_array = calloc(numbuckets, sizeof (dedup_entry_t *));
263 ddt.ddecache = umem_cache_create("dde", sizeof (dedup_entry_t), 0,
264 NULL, NULL, NULL, NULL, NULL, 0);
265 ddt.cur_ddt_size = numbuckets * sizeof (dedup_entry_t *);
266 ddt.numhashbits = high_order_bit(numbuckets) - 1;
267 ddt.ddt_full = B_FALSE;
268
269 outfd = dda->outputfd;
270 ofp = fdopen(dda->inputfd, "r");
271 while (ssread(drr, sizeof (*drr), ofp) != 0) {
272
273 /*
274 * kernel filled in checksum, we are going to write same
275 * record, but need to regenerate checksum.
276 */
277 if (drr->drr_type != DRR_BEGIN) {
278 bzero(&drr->drr_u.drr_checksum.drr_checksum,
279 sizeof (drr->drr_u.drr_checksum.drr_checksum));
280 }
281
282 switch (drr->drr_type) {
283 case DRR_BEGIN:
284 {
285 struct drr_begin *drrb = &drr->drr_u.drr_begin;
286 int fflags;
287 int sz = 0;
288 ZIO_SET_CHECKSUM(&stream_cksum, 0, 0, 0, 0);
289
290 ASSERT3U(drrb->drr_magic, ==, DMU_BACKUP_MAGIC);
291
292 /* set the DEDUP feature flag for this stream */
293 fflags = DMU_GET_FEATUREFLAGS(drrb->drr_versioninfo);
294 fflags |= (DMU_BACKUP_FEATURE_DEDUP |
295 DMU_BACKUP_FEATURE_DEDUPPROPS);
296 DMU_SET_FEATUREFLAGS(drrb->drr_versioninfo, fflags);
297
298 if (drr->drr_payloadlen != 0) {
299 sz = drr->drr_payloadlen;
300
301 if (sz > SPA_MAXBLOCKSIZE) {
302 buf = zfs_realloc(dda->dedup_hdl, buf,
303 SPA_MAXBLOCKSIZE, sz);
304 }
305 (void) ssread(buf, sz, ofp);
306 if (ferror(stdin))
307 perror("fread");
308 }
309 if (dump_record(drr, buf, sz, &stream_cksum,
310 outfd) != 0)
311 goto out;
312 break;
313 }
314
315 case DRR_END:
316 {
317 struct drr_end *drre = &drr->drr_u.drr_end;
318 /* use the recalculated checksum */
319 drre->drr_checksum = stream_cksum;
320 if (dump_record(drr, NULL, 0, &stream_cksum,
321 outfd) != 0)
322 goto out;
323 break;
324 }
325
326 case DRR_OBJECT:
327 {
328 struct drr_object *drro = &drr->drr_u.drr_object;
329 if (drro->drr_bonuslen > 0) {
330 (void) ssread(buf,
331 DRR_OBJECT_PAYLOAD_SIZE(drro), ofp);
332 }
333 if (dump_record(drr, buf, DRR_OBJECT_PAYLOAD_SIZE(drro),
334 &stream_cksum, outfd) != 0)
335 goto out;
336 break;
337 }
338
339 case DRR_SPILL:
340 {
341 struct drr_spill *drrs = &drr->drr_u.drr_spill;
342 (void) ssread(buf, DRR_SPILL_PAYLOAD_SIZE(drrs), ofp);
343 if (dump_record(drr, buf, DRR_SPILL_PAYLOAD_SIZE(drrs),
344 &stream_cksum, outfd) != 0)
345 goto out;
346 break;
347 }
348
349 case DRR_FREEOBJECTS:
350 {
351 if (dump_record(drr, NULL, 0, &stream_cksum,
352 outfd) != 0)
353 goto out;
354 break;
355 }
356
357 case DRR_WRITE:
358 {
359 struct drr_write *drrw = &drr->drr_u.drr_write;
360 dataref_t dataref;
361 uint64_t payload_size;
362
363 payload_size = DRR_WRITE_PAYLOAD_SIZE(drrw);
364 (void) ssread(buf, payload_size, ofp);
365
366 /*
367 * Use the existing checksum if it's dedup-capable,
368 * else calculate a SHA256 checksum for it.
369 */
370
371 if (ZIO_CHECKSUM_EQUAL(drrw->drr_key.ddk_cksum,
372 zero_cksum) ||
373 !DRR_IS_DEDUP_CAPABLE(drrw->drr_flags)) {
374 SHA256_CTX ctx;
375 zio_cksum_t tmpsha256;
376
377 SHA256Init(&ctx);
378 SHA256Update(&ctx, buf, payload_size);
379 SHA256Final(&tmpsha256, &ctx);
380 drrw->drr_key.ddk_cksum.zc_word[0] =
381 BE_64(tmpsha256.zc_word[0]);
382 drrw->drr_key.ddk_cksum.zc_word[1] =
383 BE_64(tmpsha256.zc_word[1]);
384 drrw->drr_key.ddk_cksum.zc_word[2] =
385 BE_64(tmpsha256.zc_word[2]);
386 drrw->drr_key.ddk_cksum.zc_word[3] =
387 BE_64(tmpsha256.zc_word[3]);
388 drrw->drr_checksumtype = ZIO_CHECKSUM_SHA256;
389 drrw->drr_flags |= DRR_CHECKSUM_DEDUP;
390 }
391
392 dataref.ref_guid = drrw->drr_toguid;
393 dataref.ref_object = drrw->drr_object;
394 dataref.ref_offset = drrw->drr_offset;
395
396 if (ddt_update(dda->dedup_hdl, &ddt,
397 &drrw->drr_key.ddk_cksum, drrw->drr_key.ddk_prop,
398 &dataref)) {
399 dmu_replay_record_t wbr_drr = {0};
400 struct drr_write_byref *wbr_drrr =
401 &wbr_drr.drr_u.drr_write_byref;
402
403 /* block already present in stream */
404 wbr_drr.drr_type = DRR_WRITE_BYREF;
405
406 wbr_drrr->drr_object = drrw->drr_object;
407 wbr_drrr->drr_offset = drrw->drr_offset;
408 wbr_drrr->drr_length = drrw->drr_logical_size;
409 wbr_drrr->drr_toguid = drrw->drr_toguid;
410 wbr_drrr->drr_refguid = dataref.ref_guid;
411 wbr_drrr->drr_refobject =
412 dataref.ref_object;
413 wbr_drrr->drr_refoffset =
414 dataref.ref_offset;
415
416 wbr_drrr->drr_checksumtype =
417 drrw->drr_checksumtype;
418 wbr_drrr->drr_flags = drrw->drr_flags;
419 wbr_drrr->drr_key.ddk_cksum =
420 drrw->drr_key.ddk_cksum;
421 wbr_drrr->drr_key.ddk_prop =
422 drrw->drr_key.ddk_prop;
423
424 if (dump_record(&wbr_drr, NULL, 0,
425 &stream_cksum, outfd) != 0)
426 goto out;
427 } else {
428 /* block not previously seen */
429 if (dump_record(drr, buf, payload_size,
430 &stream_cksum, outfd) != 0)
431 goto out;
432 }
433 break;
434 }
435
436 case DRR_WRITE_EMBEDDED:
437 {
438 struct drr_write_embedded *drrwe =
439 &drr->drr_u.drr_write_embedded;
440 (void) ssread(buf,
441 P2ROUNDUP((uint64_t)drrwe->drr_psize, 8), ofp);
442 if (dump_record(drr, buf,
443 P2ROUNDUP((uint64_t)drrwe->drr_psize, 8),
444 &stream_cksum, outfd) != 0)
445 goto out;
446 break;
447 }
448
449 case DRR_FREE:
450 {
451 if (dump_record(drr, NULL, 0, &stream_cksum,
452 outfd) != 0)
453 goto out;
454 break;
455 }
456
457 case DRR_OBJECT_RANGE:
458 {
459 if (dump_record(drr, NULL, 0, &stream_cksum,
460 outfd) != 0)
461 goto out;
462 break;
463 }
464
465 default:
466 (void) fprintf(stderr, "INVALID record type 0x%x\n",
467 drr->drr_type);
468 /* should never happen, so assert */
469 assert(B_FALSE);
470 }
471 }
472 out:
473 umem_cache_destroy(ddt.ddecache);
474 free(ddt.dedup_hash_array);
475 free(buf);
476 (void) fclose(ofp);
477
478 return (NULL);
479 }
480
481 /*
482 * Routines for dealing with the AVL tree of fs-nvlists
483 */
484 typedef struct fsavl_node {
485 avl_node_t fn_node;
486 nvlist_t *fn_nvfs;
487 char *fn_snapname;
488 uint64_t fn_guid;
489 } fsavl_node_t;
490
491 static int
fsavl_compare(const void * arg1,const void * arg2)492 fsavl_compare(const void *arg1, const void *arg2)
493 {
494 const fsavl_node_t *fn1 = (const fsavl_node_t *)arg1;
495 const fsavl_node_t *fn2 = (const fsavl_node_t *)arg2;
496
497 if (fn1->fn_guid > fn2->fn_guid)
498 return (+1);
499 if (fn1->fn_guid < fn2->fn_guid)
500 return (-1);
501 return (0);
502 }
503
504 /*
505 * Given the GUID of a snapshot, find its containing filesystem and
506 * (optionally) name.
507 */
508 static nvlist_t *
fsavl_find(avl_tree_t * avl,uint64_t snapguid,char ** snapname)509 fsavl_find(avl_tree_t *avl, uint64_t snapguid, char **snapname)
510 {
511 fsavl_node_t fn_find;
512 fsavl_node_t *fn;
513
514 fn_find.fn_guid = snapguid;
515
516 fn = avl_find(avl, &fn_find, NULL);
517 if (fn) {
518 if (snapname)
519 *snapname = fn->fn_snapname;
520 return (fn->fn_nvfs);
521 }
522 return (NULL);
523 }
524
525 static void
fsavl_destroy(avl_tree_t * avl)526 fsavl_destroy(avl_tree_t *avl)
527 {
528 fsavl_node_t *fn;
529 void *cookie;
530
531 if (avl == NULL)
532 return;
533
534 cookie = NULL;
535 while ((fn = avl_destroy_nodes(avl, &cookie)) != NULL)
536 free(fn);
537 avl_destroy(avl);
538 free(avl);
539 }
540
541 /*
542 * Given an nvlist, produce an avl tree of snapshots, ordered by guid
543 */
544 static avl_tree_t *
fsavl_create(nvlist_t * fss)545 fsavl_create(nvlist_t *fss)
546 {
547 avl_tree_t *fsavl;
548 nvpair_t *fselem = NULL;
549
550 if ((fsavl = malloc(sizeof (avl_tree_t))) == NULL)
551 return (NULL);
552
553 avl_create(fsavl, fsavl_compare, sizeof (fsavl_node_t),
554 offsetof(fsavl_node_t, fn_node));
555
556 while ((fselem = nvlist_next_nvpair(fss, fselem)) != NULL) {
557 nvlist_t *nvfs, *snaps;
558 nvpair_t *snapelem = NULL;
559
560 VERIFY(0 == nvpair_value_nvlist(fselem, &nvfs));
561 VERIFY(0 == nvlist_lookup_nvlist(nvfs, "snaps", &snaps));
562
563 while ((snapelem =
564 nvlist_next_nvpair(snaps, snapelem)) != NULL) {
565 fsavl_node_t *fn;
566 uint64_t guid;
567
568 VERIFY(0 == nvpair_value_uint64(snapelem, &guid));
569 if ((fn = malloc(sizeof (fsavl_node_t))) == NULL) {
570 fsavl_destroy(fsavl);
571 return (NULL);
572 }
573 fn->fn_nvfs = nvfs;
574 fn->fn_snapname = nvpair_name(snapelem);
575 fn->fn_guid = guid;
576
577 /*
578 * Note: if there are multiple snaps with the
579 * same GUID, we ignore all but one.
580 */
581 if (avl_find(fsavl, fn, NULL) == NULL)
582 avl_add(fsavl, fn);
583 else
584 free(fn);
585 }
586 }
587
588 return (fsavl);
589 }
590
591 /*
592 * Routines for dealing with the giant nvlist of fs-nvlists, etc.
593 */
594 typedef struct send_data {
595 /*
596 * assigned inside every recursive call,
597 * restored from *_save on return:
598 *
599 * guid of fromsnap snapshot in parent dataset
600 * txg of fromsnap snapshot in current dataset
601 * txg of tosnap snapshot in current dataset
602 */
603
604 uint64_t parent_fromsnap_guid;
605 uint64_t fromsnap_txg;
606 uint64_t tosnap_txg;
607
608 /* the nvlists get accumulated during depth-first traversal */
609 nvlist_t *parent_snaps;
610 nvlist_t *fss;
611 nvlist_t *snapprops;
612 nvlist_t *snapholds; /* user holds */
613
614 /* send-receive configuration, does not change during traversal */
615 const char *fsname;
616 const char *fromsnap;
617 const char *tosnap;
618 boolean_t recursive;
619 boolean_t raw;
620 boolean_t verbose;
621 boolean_t backup;
622 boolean_t holds; /* were holds requested with send -h */
623 boolean_t props;
624
625 /*
626 * The header nvlist is of the following format:
627 * {
628 * "tosnap" -> string
629 * "fromsnap" -> string (if incremental)
630 * "fss" -> {
631 * id -> {
632 *
633 * "name" -> string (full name; for debugging)
634 * "parentfromsnap" -> number (guid of fromsnap in parent)
635 *
636 * "props" -> { name -> value (only if set here) }
637 * "snaps" -> { name (lastname) -> number (guid) }
638 * "snapprops" -> { name (lastname) -> { name -> value } }
639 * "snapholds" -> { name (lastname) -> { holdname -> crtime } }
640 *
641 * "origin" -> number (guid) (if clone)
642 * "is_encroot" -> boolean
643 * "sent" -> boolean (not on-disk)
644 * }
645 * }
646 * }
647 *
648 */
649 } send_data_t;
650
651 static void
652 send_iterate_prop(zfs_handle_t *zhp, boolean_t received_only, nvlist_t *nv);
653
654 static int
send_iterate_snap(zfs_handle_t * zhp,void * arg)655 send_iterate_snap(zfs_handle_t *zhp, void *arg)
656 {
657 send_data_t *sd = arg;
658 uint64_t guid = zhp->zfs_dmustats.dds_guid;
659 uint64_t txg = zhp->zfs_dmustats.dds_creation_txg;
660 char *snapname;
661 nvlist_t *nv;
662
663 snapname = strrchr(zhp->zfs_name, '@')+1;
664
665 if (sd->tosnap_txg != 0 && txg > sd->tosnap_txg) {
666 if (sd->verbose) {
667 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
668 "skipping snapshot %s because it was created "
669 "after the destination snapshot (%s)\n"),
670 zhp->zfs_name, sd->tosnap);
671 }
672 zfs_close(zhp);
673 return (0);
674 }
675
676 VERIFY(0 == nvlist_add_uint64(sd->parent_snaps, snapname, guid));
677 /*
678 * NB: if there is no fromsnap here (it's a newly created fs in
679 * an incremental replication), we will substitute the tosnap.
680 */
681 if ((sd->fromsnap && strcmp(snapname, sd->fromsnap) == 0) ||
682 (sd->parent_fromsnap_guid == 0 && sd->tosnap &&
683 strcmp(snapname, sd->tosnap) == 0)) {
684 sd->parent_fromsnap_guid = guid;
685 }
686
687 VERIFY(0 == nvlist_alloc(&nv, NV_UNIQUE_NAME, 0));
688 send_iterate_prop(zhp, sd->backup, nv);
689 VERIFY(0 == nvlist_add_nvlist(sd->snapprops, snapname, nv));
690 nvlist_free(nv);
691 if (sd->holds) {
692 nvlist_t *holds = fnvlist_alloc();
693 int err = lzc_get_holds(zhp->zfs_name, &holds);
694 if (err == 0) {
695 VERIFY(0 == nvlist_add_nvlist(sd->snapholds,
696 snapname, holds));
697 }
698 fnvlist_free(holds);
699 }
700
701 zfs_close(zhp);
702 return (0);
703 }
704
705 static void
send_iterate_prop(zfs_handle_t * zhp,boolean_t received_only,nvlist_t * nv)706 send_iterate_prop(zfs_handle_t *zhp, boolean_t received_only, nvlist_t *nv)
707 {
708 nvlist_t *props = NULL;
709 nvpair_t *elem = NULL;
710
711 if (received_only)
712 props = zfs_get_recvd_props(zhp);
713 else
714 props = zhp->zfs_props;
715
716 while ((elem = nvlist_next_nvpair(props, elem)) != NULL) {
717 char *propname = nvpair_name(elem);
718 zfs_prop_t prop = zfs_name_to_prop(propname);
719 nvlist_t *propnv;
720
721 if (!zfs_prop_user(propname)) {
722 /*
723 * Realistically, this should never happen. However,
724 * we want the ability to add DSL properties without
725 * needing to make incompatible version changes. We
726 * need to ignore unknown properties to allow older
727 * software to still send datasets containing these
728 * properties, with the unknown properties elided.
729 */
730 if (prop == ZPROP_INVAL)
731 continue;
732
733 if (zfs_prop_readonly(prop))
734 continue;
735 }
736
737 verify(nvpair_value_nvlist(elem, &propnv) == 0);
738 if (prop == ZFS_PROP_QUOTA || prop == ZFS_PROP_RESERVATION ||
739 prop == ZFS_PROP_REFQUOTA ||
740 prop == ZFS_PROP_REFRESERVATION) {
741 char *source;
742 uint64_t value;
743 verify(nvlist_lookup_uint64(propnv,
744 ZPROP_VALUE, &value) == 0);
745 if (zhp->zfs_type == ZFS_TYPE_SNAPSHOT)
746 continue;
747 /*
748 * May have no source before SPA_VERSION_RECVD_PROPS,
749 * but is still modifiable.
750 */
751 if (nvlist_lookup_string(propnv,
752 ZPROP_SOURCE, &source) == 0) {
753 if ((strcmp(source, zhp->zfs_name) != 0) &&
754 (strcmp(source,
755 ZPROP_SOURCE_VAL_RECVD) != 0))
756 continue;
757 }
758 } else {
759 char *source;
760 if (nvlist_lookup_string(propnv,
761 ZPROP_SOURCE, &source) != 0)
762 continue;
763 if ((strcmp(source, zhp->zfs_name) != 0) &&
764 (strcmp(source, ZPROP_SOURCE_VAL_RECVD) != 0))
765 continue;
766 }
767
768 if (zfs_prop_user(propname) ||
769 zfs_prop_get_type(prop) == PROP_TYPE_STRING) {
770 char *value;
771 verify(nvlist_lookup_string(propnv,
772 ZPROP_VALUE, &value) == 0);
773 VERIFY(0 == nvlist_add_string(nv, propname, value));
774 } else {
775 uint64_t value;
776 verify(nvlist_lookup_uint64(propnv,
777 ZPROP_VALUE, &value) == 0);
778 VERIFY(0 == nvlist_add_uint64(nv, propname, value));
779 }
780 }
781 }
782
783 /*
784 * returns snapshot creation txg
785 * and returns 0 if the snapshot does not exist
786 */
787 static uint64_t
get_snap_txg(libzfs_handle_t * hdl,const char * fs,const char * snap)788 get_snap_txg(libzfs_handle_t *hdl, const char *fs, const char *snap)
789 {
790 char name[ZFS_MAX_DATASET_NAME_LEN];
791 uint64_t txg = 0;
792
793 if (fs == NULL || fs[0] == '\0' || snap == NULL || snap[0] == '\0')
794 return (txg);
795
796 (void) snprintf(name, sizeof (name), "%s@%s", fs, snap);
797 if (zfs_dataset_exists(hdl, name, ZFS_TYPE_SNAPSHOT)) {
798 zfs_handle_t *zhp = zfs_open(hdl, name, ZFS_TYPE_SNAPSHOT);
799 if (zhp != NULL) {
800 txg = zfs_prop_get_int(zhp, ZFS_PROP_CREATETXG);
801 zfs_close(zhp);
802 }
803 }
804
805 return (txg);
806 }
807
808 /*
809 * recursively generate nvlists describing datasets. See comment
810 * for the data structure send_data_t above for description of contents
811 * of the nvlist.
812 */
813 static int
send_iterate_fs(zfs_handle_t * zhp,void * arg)814 send_iterate_fs(zfs_handle_t *zhp, void *arg)
815 {
816 send_data_t *sd = arg;
817 nvlist_t *nvfs = NULL, *nv = NULL;
818 int rv = 0;
819 uint64_t parent_fromsnap_guid_save = sd->parent_fromsnap_guid;
820 uint64_t fromsnap_txg_save = sd->fromsnap_txg;
821 uint64_t tosnap_txg_save = sd->tosnap_txg;
822 uint64_t txg = zhp->zfs_dmustats.dds_creation_txg;
823 uint64_t guid = zhp->zfs_dmustats.dds_guid;
824 uint64_t fromsnap_txg, tosnap_txg;
825 char guidstring[64];
826
827 fromsnap_txg = get_snap_txg(zhp->zfs_hdl, zhp->zfs_name, sd->fromsnap);
828 if (fromsnap_txg != 0)
829 sd->fromsnap_txg = fromsnap_txg;
830
831 tosnap_txg = get_snap_txg(zhp->zfs_hdl, zhp->zfs_name, sd->tosnap);
832 if (tosnap_txg != 0)
833 sd->tosnap_txg = tosnap_txg;
834
835 /*
836 * on the send side, if the current dataset does not have tosnap,
837 * perform two additional checks:
838 *
839 * - skip sending the current dataset if it was created later than
840 * the parent tosnap
841 * - return error if the current dataset was created earlier than
842 * the parent tosnap
843 */
844 if (sd->tosnap != NULL && tosnap_txg == 0) {
845 if (sd->tosnap_txg != 0 && txg > sd->tosnap_txg) {
846 if (sd->verbose) {
847 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
848 "skipping dataset %s: snapshot %s does "
849 "not exist\n"), zhp->zfs_name, sd->tosnap);
850 }
851 } else {
852 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
853 "cannot send %s@%s%s: snapshot %s@%s does not "
854 "exist\n"), sd->fsname, sd->tosnap, sd->recursive ?
855 dgettext(TEXT_DOMAIN, " recursively") : "",
856 zhp->zfs_name, sd->tosnap);
857 rv = -1;
858 }
859 goto out;
860 }
861
862 VERIFY(0 == nvlist_alloc(&nvfs, NV_UNIQUE_NAME, 0));
863 VERIFY(0 == nvlist_add_string(nvfs, "name", zhp->zfs_name));
864 VERIFY(0 == nvlist_add_uint64(nvfs, "parentfromsnap",
865 sd->parent_fromsnap_guid));
866
867 if (zhp->zfs_dmustats.dds_origin[0]) {
868 zfs_handle_t *origin = zfs_open(zhp->zfs_hdl,
869 zhp->zfs_dmustats.dds_origin, ZFS_TYPE_SNAPSHOT);
870 if (origin == NULL) {
871 rv = -1;
872 goto out;
873 }
874 VERIFY(0 == nvlist_add_uint64(nvfs, "origin",
875 origin->zfs_dmustats.dds_guid));
876 }
877
878 /* iterate over props */
879 if (sd->props || sd->backup || sd->recursive) {
880 VERIFY(0 == nvlist_alloc(&nv, NV_UNIQUE_NAME, 0));
881 send_iterate_prop(zhp, sd->backup, nv);
882 }
883
884 if (zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION) != ZIO_CRYPT_OFF) {
885 boolean_t encroot;
886
887 /* determine if this dataset is an encryption root */
888 if (zfs_crypto_get_encryption_root(zhp, &encroot, NULL) != 0) {
889 rv = -1;
890 goto out;
891 }
892
893 if (encroot)
894 VERIFY(0 == nvlist_add_boolean(nvfs, "is_encroot"));
895
896 /*
897 * Encrypted datasets can only be sent with properties if
898 * the raw flag is specified because the receive side doesn't
899 * currently have a mechanism for recursively asking the user
900 * for new encryption parameters.
901 */
902 if (!sd->raw) {
903 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
904 "cannot send %s@%s: encrypted dataset %s may not "
905 "be sent with properties without the raw flag\n"),
906 sd->fsname, sd->tosnap, zhp->zfs_name);
907 rv = -1;
908 goto out;
909 }
910
911 }
912
913 if (nv != NULL)
914 VERIFY(0 == nvlist_add_nvlist(nvfs, "props", nv));
915
916 /* iterate over snaps, and set sd->parent_fromsnap_guid */
917 sd->parent_fromsnap_guid = 0;
918 VERIFY(0 == nvlist_alloc(&sd->parent_snaps, NV_UNIQUE_NAME, 0));
919 VERIFY(0 == nvlist_alloc(&sd->snapprops, NV_UNIQUE_NAME, 0));
920 if (sd->holds)
921 VERIFY(0 == nvlist_alloc(&sd->snapholds, NV_UNIQUE_NAME, 0));
922 (void) zfs_iter_snapshots(zhp, B_FALSE, send_iterate_snap, sd);
923 VERIFY(0 == nvlist_add_nvlist(nvfs, "snaps", sd->parent_snaps));
924 VERIFY(0 == nvlist_add_nvlist(nvfs, "snapprops", sd->snapprops));
925 if (sd->holds)
926 VERIFY(0 == nvlist_add_nvlist(nvfs, "snapholds",
927 sd->snapholds));
928 nvlist_free(sd->parent_snaps);
929 nvlist_free(sd->snapprops);
930 nvlist_free(sd->snapholds);
931
932 /* Do not allow the size of the properties list to exceed the limit */
933 if ((fnvlist_size(nvfs) + fnvlist_size(sd->fss)) >
934 zhp->zfs_hdl->libzfs_max_nvlist) {
935 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
936 "warning: cannot send %s@%s: the size of the list of "
937 "snapshots and properties is too large to be received "
938 "successfully.\n"
939 "Select a smaller number of snapshots to send.\n"),
940 zhp->zfs_name, sd->tosnap);
941 rv = EZFS_NOSPC;
942 goto out;
943 }
944 /* add this fs to nvlist */
945 (void) snprintf(guidstring, sizeof (guidstring),
946 "0x%llx", (longlong_t)guid);
947 VERIFY(0 == nvlist_add_nvlist(sd->fss, guidstring, nvfs));
948
949 /* iterate over children */
950 if (sd->recursive)
951 rv = zfs_iter_filesystems(zhp, send_iterate_fs, sd);
952
953 out:
954 sd->parent_fromsnap_guid = parent_fromsnap_guid_save;
955 sd->fromsnap_txg = fromsnap_txg_save;
956 sd->tosnap_txg = tosnap_txg_save;
957 nvlist_free(nv);
958 nvlist_free(nvfs);
959
960 zfs_close(zhp);
961 return (rv);
962 }
963
964 static int
gather_nvlist(libzfs_handle_t * hdl,const char * fsname,const char * fromsnap,const char * tosnap,boolean_t recursive,boolean_t raw,boolean_t verbose,boolean_t backup,boolean_t holds,boolean_t props,nvlist_t ** nvlp,avl_tree_t ** avlp)965 gather_nvlist(libzfs_handle_t *hdl, const char *fsname, const char *fromsnap,
966 const char *tosnap, boolean_t recursive, boolean_t raw,
967 boolean_t verbose, boolean_t backup, boolean_t holds,
968 boolean_t props, nvlist_t **nvlp, avl_tree_t **avlp)
969 {
970 zfs_handle_t *zhp;
971 send_data_t sd = { 0 };
972 int error;
973
974 zhp = zfs_open(hdl, fsname, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME);
975 if (zhp == NULL)
976 return (EZFS_BADTYPE);
977
978 VERIFY(0 == nvlist_alloc(&sd.fss, NV_UNIQUE_NAME, 0));
979 sd.fsname = fsname;
980 sd.fromsnap = fromsnap;
981 sd.tosnap = tosnap;
982 sd.recursive = recursive;
983 sd.raw = raw;
984 sd.verbose = verbose;
985 sd.backup = backup;
986 sd.holds = holds;
987 sd.props = props;
988
989 if ((error = send_iterate_fs(zhp, &sd)) != 0) {
990 nvlist_free(sd.fss);
991 if (avlp != NULL)
992 *avlp = NULL;
993 *nvlp = NULL;
994 return (error);
995 }
996
997 if (avlp != NULL && (*avlp = fsavl_create(sd.fss)) == NULL) {
998 nvlist_free(sd.fss);
999 *nvlp = NULL;
1000 return (EZFS_NOMEM);
1001 }
1002
1003 *nvlp = sd.fss;
1004 return (0);
1005 }
1006
1007 /*
1008 * Routines specific to "zfs send"
1009 */
1010 typedef struct send_dump_data {
1011 /* these are all just the short snapname (the part after the @) */
1012 const char *fromsnap;
1013 const char *tosnap;
1014 char prevsnap[ZFS_MAX_DATASET_NAME_LEN];
1015 uint64_t prevsnap_obj;
1016 boolean_t seenfrom, seento, replicate, doall, fromorigin;
1017 boolean_t verbose, dryrun, parsable, progress, embed_data, std_out;
1018 boolean_t large_block, compress, raw, holds;
1019 int outfd;
1020 boolean_t err;
1021 nvlist_t *fss;
1022 nvlist_t *snapholds;
1023 avl_tree_t *fsavl;
1024 snapfilter_cb_t *filter_cb;
1025 void *filter_cb_arg;
1026 nvlist_t *debugnv;
1027 char holdtag[ZFS_MAX_DATASET_NAME_LEN];
1028 int cleanup_fd;
1029 uint64_t size;
1030 } send_dump_data_t;
1031
1032 static int
estimate_ioctl(zfs_handle_t * zhp,uint64_t fromsnap_obj,boolean_t fromorigin,enum lzc_send_flags flags,uint64_t * sizep)1033 estimate_ioctl(zfs_handle_t *zhp, uint64_t fromsnap_obj,
1034 boolean_t fromorigin, enum lzc_send_flags flags, uint64_t *sizep)
1035 {
1036 zfs_cmd_t zc = { 0 };
1037 libzfs_handle_t *hdl = zhp->zfs_hdl;
1038
1039 assert(zhp->zfs_type == ZFS_TYPE_SNAPSHOT);
1040 assert(fromsnap_obj == 0 || !fromorigin);
1041
1042 (void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
1043 zc.zc_obj = fromorigin;
1044 zc.zc_sendobj = zfs_prop_get_int(zhp, ZFS_PROP_OBJSETID);
1045 zc.zc_fromobj = fromsnap_obj;
1046 zc.zc_guid = 1; /* estimate flag */
1047 zc.zc_flags = flags;
1048
1049 if (zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_SEND, &zc) != 0) {
1050 char errbuf[1024];
1051 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
1052 "warning: cannot estimate space for '%s'"), zhp->zfs_name);
1053
1054 switch (errno) {
1055 case EXDEV:
1056 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1057 "not an earlier snapshot from the same fs"));
1058 return (zfs_error(hdl, EZFS_CROSSTARGET, errbuf));
1059
1060 case EACCES:
1061 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1062 "source key must be loaded"));
1063 return (zfs_error(hdl, EZFS_CRYPTOFAILED, errbuf));
1064
1065 case ENOENT:
1066 if (zfs_dataset_exists(hdl, zc.zc_name,
1067 ZFS_TYPE_SNAPSHOT)) {
1068 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1069 "incremental source (@%s) does not exist"),
1070 zc.zc_value);
1071 }
1072 return (zfs_error(hdl, EZFS_NOENT, errbuf));
1073
1074 case EDQUOT:
1075 case EFBIG:
1076 case EIO:
1077 case ENOLINK:
1078 case ENOSPC:
1079 case ENOSTR:
1080 case ENXIO:
1081 case EPIPE:
1082 case ERANGE:
1083 case EFAULT:
1084 case EROFS:
1085 zfs_error_aux(hdl, strerror(errno));
1086 return (zfs_error(hdl, EZFS_BADBACKUP, errbuf));
1087
1088 default:
1089 return (zfs_standard_error(hdl, errno, errbuf));
1090 }
1091 }
1092
1093 *sizep = zc.zc_objset_type;
1094
1095 return (0);
1096 }
1097
1098 /*
1099 * Dumps a backup of the given snapshot (incremental from fromsnap if it's not
1100 * NULL) to the file descriptor specified by outfd.
1101 */
1102 static int
dump_ioctl(zfs_handle_t * zhp,const char * fromsnap,uint64_t fromsnap_obj,boolean_t fromorigin,int outfd,enum lzc_send_flags flags,nvlist_t * debugnv)1103 dump_ioctl(zfs_handle_t *zhp, const char *fromsnap, uint64_t fromsnap_obj,
1104 boolean_t fromorigin, int outfd, enum lzc_send_flags flags,
1105 nvlist_t *debugnv)
1106 {
1107 zfs_cmd_t zc = { 0 };
1108 libzfs_handle_t *hdl = zhp->zfs_hdl;
1109 nvlist_t *thisdbg;
1110
1111 assert(zhp->zfs_type == ZFS_TYPE_SNAPSHOT);
1112 assert(fromsnap_obj == 0 || !fromorigin);
1113
1114 (void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
1115 zc.zc_cookie = outfd;
1116 zc.zc_obj = fromorigin;
1117 zc.zc_sendobj = zfs_prop_get_int(zhp, ZFS_PROP_OBJSETID);
1118 zc.zc_fromobj = fromsnap_obj;
1119 zc.zc_flags = flags;
1120
1121 VERIFY(0 == nvlist_alloc(&thisdbg, NV_UNIQUE_NAME, 0));
1122 if (fromsnap && fromsnap[0] != '\0') {
1123 VERIFY(0 == nvlist_add_string(thisdbg,
1124 "fromsnap", fromsnap));
1125 }
1126
1127 if (zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_SEND, &zc) != 0) {
1128 char errbuf[1024];
1129 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
1130 "warning: cannot send '%s'"), zhp->zfs_name);
1131
1132 VERIFY(0 == nvlist_add_uint64(thisdbg, "error", errno));
1133 if (debugnv) {
1134 VERIFY(0 == nvlist_add_nvlist(debugnv,
1135 zhp->zfs_name, thisdbg));
1136 }
1137 nvlist_free(thisdbg);
1138
1139 switch (errno) {
1140 case EXDEV:
1141 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1142 "not an earlier snapshot from the same fs"));
1143 return (zfs_error(hdl, EZFS_CROSSTARGET, errbuf));
1144
1145 case EACCES:
1146 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1147 "source key must be loaded"));
1148 return (zfs_error(hdl, EZFS_CRYPTOFAILED, errbuf));
1149
1150 case ENOENT:
1151 if (zfs_dataset_exists(hdl, zc.zc_name,
1152 ZFS_TYPE_SNAPSHOT)) {
1153 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1154 "incremental source (@%s) does not exist"),
1155 zc.zc_value);
1156 }
1157 return (zfs_error(hdl, EZFS_NOENT, errbuf));
1158
1159 case EDQUOT:
1160 case EFBIG:
1161 case EIO:
1162 case ENOLINK:
1163 case ENOSPC:
1164 case ENOSTR:
1165 case ENXIO:
1166 case EPIPE:
1167 case ERANGE:
1168 case EFAULT:
1169 case EROFS:
1170 zfs_error_aux(hdl, strerror(errno));
1171 return (zfs_error(hdl, EZFS_BADBACKUP, errbuf));
1172
1173 default:
1174 return (zfs_standard_error(hdl, errno, errbuf));
1175 }
1176 }
1177
1178 if (debugnv)
1179 VERIFY(0 == nvlist_add_nvlist(debugnv, zhp->zfs_name, thisdbg));
1180 nvlist_free(thisdbg);
1181
1182 return (0);
1183 }
1184
1185 static void
gather_holds(zfs_handle_t * zhp,send_dump_data_t * sdd)1186 gather_holds(zfs_handle_t *zhp, send_dump_data_t *sdd)
1187 {
1188 assert(zhp->zfs_type == ZFS_TYPE_SNAPSHOT);
1189
1190 /*
1191 * zfs_send() only sets snapholds for sends that need them,
1192 * e.g. replication and doall.
1193 */
1194 if (sdd->snapholds == NULL)
1195 return;
1196
1197 fnvlist_add_string(sdd->snapholds, zhp->zfs_name, sdd->holdtag);
1198 }
1199
1200 static void *
send_progress_thread(void * arg)1201 send_progress_thread(void *arg)
1202 {
1203 progress_arg_t *pa = arg;
1204 zfs_cmd_t zc = { 0 };
1205 zfs_handle_t *zhp = pa->pa_zhp;
1206 libzfs_handle_t *hdl = zhp->zfs_hdl;
1207 unsigned long long bytes;
1208 char buf[16];
1209 time_t t;
1210 struct tm *tm;
1211
1212 (void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
1213
1214 if (!pa->pa_parsable)
1215 (void) fprintf(stderr, "TIME SENT SNAPSHOT\n");
1216
1217 /*
1218 * Print the progress from ZFS_IOC_SEND_PROGRESS every second.
1219 */
1220 for (;;) {
1221 (void) sleep(1);
1222
1223 zc.zc_cookie = pa->pa_fd;
1224 if (zfs_ioctl(hdl, ZFS_IOC_SEND_PROGRESS, &zc) != 0)
1225 return ((void *)-1);
1226
1227 (void) time(&t);
1228 tm = localtime(&t);
1229 bytes = zc.zc_cookie;
1230
1231 if (pa->pa_parsable) {
1232 (void) fprintf(stderr, "%02d:%02d:%02d\t%llu\t%s\n",
1233 tm->tm_hour, tm->tm_min, tm->tm_sec,
1234 bytes, zhp->zfs_name);
1235 } else {
1236 zfs_nicebytes(bytes, buf, sizeof (buf));
1237 (void) fprintf(stderr, "%02d:%02d:%02d %5s %s\n",
1238 tm->tm_hour, tm->tm_min, tm->tm_sec,
1239 buf, zhp->zfs_name);
1240 }
1241 }
1242 }
1243
1244 static void
send_print_verbose(FILE * fout,const char * tosnap,const char * fromsnap,uint64_t size,boolean_t parsable)1245 send_print_verbose(FILE *fout, const char *tosnap, const char *fromsnap,
1246 uint64_t size, boolean_t parsable)
1247 {
1248 if (parsable) {
1249 if (fromsnap != NULL) {
1250 (void) fprintf(fout, "incremental\t%s\t%s",
1251 fromsnap, tosnap);
1252 } else {
1253 (void) fprintf(fout, "full\t%s",
1254 tosnap);
1255 }
1256 } else {
1257 if (fromsnap != NULL) {
1258 if (strchr(fromsnap, '@') == NULL &&
1259 strchr(fromsnap, '#') == NULL) {
1260 (void) fprintf(fout, dgettext(TEXT_DOMAIN,
1261 "send from @%s to %s"),
1262 fromsnap, tosnap);
1263 } else {
1264 (void) fprintf(fout, dgettext(TEXT_DOMAIN,
1265 "send from %s to %s"),
1266 fromsnap, tosnap);
1267 }
1268 } else {
1269 (void) fprintf(fout, dgettext(TEXT_DOMAIN,
1270 "full send of %s"),
1271 tosnap);
1272 }
1273 }
1274
1275 if (size != 0) {
1276 if (parsable) {
1277 (void) fprintf(fout, "\t%llu",
1278 (longlong_t)size);
1279 } else {
1280 char buf[16];
1281 zfs_nicebytes(size, buf, sizeof (buf));
1282 (void) fprintf(fout, dgettext(TEXT_DOMAIN,
1283 " estimated size is %s"), buf);
1284 }
1285 }
1286 (void) fprintf(fout, "\n");
1287 }
1288
1289 static int
dump_snapshot(zfs_handle_t * zhp,void * arg)1290 dump_snapshot(zfs_handle_t *zhp, void *arg)
1291 {
1292 send_dump_data_t *sdd = arg;
1293 progress_arg_t pa = { 0 };
1294 pthread_t tid;
1295 char *thissnap;
1296 enum lzc_send_flags flags = 0;
1297 int err;
1298 boolean_t isfromsnap, istosnap, fromorigin;
1299 boolean_t exclude = B_FALSE;
1300 FILE *fout = sdd->std_out ? stdout : stderr;
1301
1302 err = 0;
1303 thissnap = strchr(zhp->zfs_name, '@') + 1;
1304 isfromsnap = (sdd->fromsnap != NULL &&
1305 strcmp(sdd->fromsnap, thissnap) == 0);
1306
1307 if (!sdd->seenfrom && isfromsnap) {
1308 gather_holds(zhp, sdd);
1309 sdd->seenfrom = B_TRUE;
1310 (void) strcpy(sdd->prevsnap, thissnap);
1311 sdd->prevsnap_obj = zfs_prop_get_int(zhp, ZFS_PROP_OBJSETID);
1312 zfs_close(zhp);
1313 return (0);
1314 }
1315
1316 if (sdd->seento || !sdd->seenfrom) {
1317 zfs_close(zhp);
1318 return (0);
1319 }
1320
1321 istosnap = (strcmp(sdd->tosnap, thissnap) == 0);
1322 if (istosnap)
1323 sdd->seento = B_TRUE;
1324
1325 if (sdd->large_block)
1326 flags |= LZC_SEND_FLAG_LARGE_BLOCK;
1327 if (sdd->embed_data)
1328 flags |= LZC_SEND_FLAG_EMBED_DATA;
1329 if (sdd->compress)
1330 flags |= LZC_SEND_FLAG_COMPRESS;
1331 if (sdd->raw)
1332 flags |= LZC_SEND_FLAG_RAW;
1333
1334 if (!sdd->doall && !isfromsnap && !istosnap) {
1335 if (sdd->replicate) {
1336 char *snapname;
1337 nvlist_t *snapprops;
1338 /*
1339 * Filter out all intermediate snapshots except origin
1340 * snapshots needed to replicate clones.
1341 */
1342 nvlist_t *nvfs = fsavl_find(sdd->fsavl,
1343 zhp->zfs_dmustats.dds_guid, &snapname);
1344
1345 VERIFY(0 == nvlist_lookup_nvlist(nvfs,
1346 "snapprops", &snapprops));
1347 VERIFY(0 == nvlist_lookup_nvlist(snapprops,
1348 thissnap, &snapprops));
1349 exclude = !nvlist_exists(snapprops, "is_clone_origin");
1350 } else {
1351 exclude = B_TRUE;
1352 }
1353 }
1354
1355 /*
1356 * If a filter function exists, call it to determine whether
1357 * this snapshot will be sent.
1358 */
1359 if (exclude || (sdd->filter_cb != NULL &&
1360 sdd->filter_cb(zhp, sdd->filter_cb_arg) == B_FALSE)) {
1361 /*
1362 * This snapshot is filtered out. Don't send it, and don't
1363 * set prevsnap_obj, so it will be as if this snapshot didn't
1364 * exist, and the next accepted snapshot will be sent as
1365 * an incremental from the last accepted one, or as the
1366 * first (and full) snapshot in the case of a replication,
1367 * non-incremental send.
1368 */
1369 zfs_close(zhp);
1370 return (0);
1371 }
1372
1373 gather_holds(zhp, sdd);
1374 fromorigin = sdd->prevsnap[0] == '\0' &&
1375 (sdd->fromorigin || sdd->replicate);
1376
1377 if (sdd->verbose) {
1378 uint64_t size = 0;
1379 (void) estimate_ioctl(zhp, sdd->prevsnap_obj,
1380 fromorigin, flags, &size);
1381
1382 send_print_verbose(fout, zhp->zfs_name,
1383 sdd->prevsnap[0] ? sdd->prevsnap : NULL,
1384 size, sdd->parsable);
1385 sdd->size += size;
1386 }
1387
1388 if (!sdd->dryrun) {
1389 /*
1390 * If progress reporting is requested, spawn a new thread to
1391 * poll ZFS_IOC_SEND_PROGRESS at a regular interval.
1392 */
1393 if (sdd->progress) {
1394 pa.pa_zhp = zhp;
1395 pa.pa_fd = sdd->outfd;
1396 pa.pa_parsable = sdd->parsable;
1397
1398 if ((err = pthread_create(&tid, NULL,
1399 send_progress_thread, &pa)) != 0) {
1400 zfs_close(zhp);
1401 return (err);
1402 }
1403 }
1404
1405 err = dump_ioctl(zhp, sdd->prevsnap, sdd->prevsnap_obj,
1406 fromorigin, sdd->outfd, flags, sdd->debugnv);
1407
1408 if (sdd->progress) {
1409 (void) pthread_cancel(tid);
1410 (void) pthread_join(tid, NULL);
1411 }
1412 }
1413
1414 (void) strcpy(sdd->prevsnap, thissnap);
1415 sdd->prevsnap_obj = zfs_prop_get_int(zhp, ZFS_PROP_OBJSETID);
1416 zfs_close(zhp);
1417 return (err);
1418 }
1419
1420 static int
dump_filesystem(zfs_handle_t * zhp,void * arg)1421 dump_filesystem(zfs_handle_t *zhp, void *arg)
1422 {
1423 int rv = 0;
1424 send_dump_data_t *sdd = arg;
1425 boolean_t missingfrom = B_FALSE;
1426 zfs_cmd_t zc = { 0 };
1427
1428 (void) snprintf(zc.zc_name, sizeof (zc.zc_name), "%s@%s",
1429 zhp->zfs_name, sdd->tosnap);
1430 if (ioctl(zhp->zfs_hdl->libzfs_fd, ZFS_IOC_OBJSET_STATS, &zc) != 0) {
1431 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
1432 "WARNING: could not send %s@%s: does not exist\n"),
1433 zhp->zfs_name, sdd->tosnap);
1434 sdd->err = B_TRUE;
1435 return (0);
1436 }
1437
1438 if (sdd->replicate && sdd->fromsnap) {
1439 /*
1440 * If this fs does not have fromsnap, and we're doing
1441 * recursive, we need to send a full stream from the
1442 * beginning (or an incremental from the origin if this
1443 * is a clone). If we're doing non-recursive, then let
1444 * them get the error.
1445 */
1446 (void) snprintf(zc.zc_name, sizeof (zc.zc_name), "%s@%s",
1447 zhp->zfs_name, sdd->fromsnap);
1448 if (ioctl(zhp->zfs_hdl->libzfs_fd,
1449 ZFS_IOC_OBJSET_STATS, &zc) != 0) {
1450 missingfrom = B_TRUE;
1451 }
1452 }
1453
1454 sdd->seenfrom = sdd->seento = sdd->prevsnap[0] = 0;
1455 sdd->prevsnap_obj = 0;
1456 if (sdd->fromsnap == NULL || missingfrom)
1457 sdd->seenfrom = B_TRUE;
1458
1459 rv = zfs_iter_snapshots_sorted(zhp, dump_snapshot, arg);
1460 if (!sdd->seenfrom) {
1461 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
1462 "WARNING: could not send %s@%s:\n"
1463 "incremental source (%s@%s) does not exist\n"),
1464 zhp->zfs_name, sdd->tosnap,
1465 zhp->zfs_name, sdd->fromsnap);
1466 sdd->err = B_TRUE;
1467 } else if (!sdd->seento) {
1468 if (sdd->fromsnap) {
1469 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
1470 "WARNING: could not send %s@%s:\n"
1471 "incremental source (%s@%s) "
1472 "is not earlier than it\n"),
1473 zhp->zfs_name, sdd->tosnap,
1474 zhp->zfs_name, sdd->fromsnap);
1475 } else {
1476 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
1477 "WARNING: "
1478 "could not send %s@%s: does not exist\n"),
1479 zhp->zfs_name, sdd->tosnap);
1480 }
1481 sdd->err = B_TRUE;
1482 }
1483
1484 return (rv);
1485 }
1486
1487 static int
dump_filesystems(zfs_handle_t * rzhp,void * arg)1488 dump_filesystems(zfs_handle_t *rzhp, void *arg)
1489 {
1490 send_dump_data_t *sdd = arg;
1491 nvpair_t *fspair;
1492 boolean_t needagain, progress;
1493
1494 if (!sdd->replicate)
1495 return (dump_filesystem(rzhp, sdd));
1496
1497 /* Mark the clone origin snapshots. */
1498 for (fspair = nvlist_next_nvpair(sdd->fss, NULL); fspair;
1499 fspair = nvlist_next_nvpair(sdd->fss, fspair)) {
1500 nvlist_t *nvfs;
1501 uint64_t origin_guid = 0;
1502
1503 VERIFY(0 == nvpair_value_nvlist(fspair, &nvfs));
1504 (void) nvlist_lookup_uint64(nvfs, "origin", &origin_guid);
1505 if (origin_guid != 0) {
1506 char *snapname;
1507 nvlist_t *origin_nv = fsavl_find(sdd->fsavl,
1508 origin_guid, &snapname);
1509 if (origin_nv != NULL) {
1510 nvlist_t *snapprops;
1511 VERIFY(0 == nvlist_lookup_nvlist(origin_nv,
1512 "snapprops", &snapprops));
1513 VERIFY(0 == nvlist_lookup_nvlist(snapprops,
1514 snapname, &snapprops));
1515 VERIFY(0 == nvlist_add_boolean(
1516 snapprops, "is_clone_origin"));
1517 }
1518 }
1519 }
1520 again:
1521 needagain = progress = B_FALSE;
1522 for (fspair = nvlist_next_nvpair(sdd->fss, NULL); fspair;
1523 fspair = nvlist_next_nvpair(sdd->fss, fspair)) {
1524 nvlist_t *fslist, *parent_nv;
1525 char *fsname;
1526 zfs_handle_t *zhp;
1527 int err;
1528 uint64_t origin_guid = 0;
1529 uint64_t parent_guid = 0;
1530
1531 VERIFY(nvpair_value_nvlist(fspair, &fslist) == 0);
1532 if (nvlist_lookup_boolean(fslist, "sent") == 0)
1533 continue;
1534
1535 VERIFY(nvlist_lookup_string(fslist, "name", &fsname) == 0);
1536 (void) nvlist_lookup_uint64(fslist, "origin", &origin_guid);
1537 (void) nvlist_lookup_uint64(fslist, "parentfromsnap",
1538 &parent_guid);
1539
1540 if (parent_guid != 0) {
1541 parent_nv = fsavl_find(sdd->fsavl, parent_guid, NULL);
1542 if (!nvlist_exists(parent_nv, "sent")) {
1543 /* parent has not been sent; skip this one */
1544 needagain = B_TRUE;
1545 continue;
1546 }
1547 }
1548
1549 if (origin_guid != 0) {
1550 nvlist_t *origin_nv = fsavl_find(sdd->fsavl,
1551 origin_guid, NULL);
1552 if (origin_nv != NULL &&
1553 !nvlist_exists(origin_nv, "sent")) {
1554 /*
1555 * origin has not been sent yet;
1556 * skip this clone.
1557 */
1558 needagain = B_TRUE;
1559 continue;
1560 }
1561 }
1562
1563 zhp = zfs_open(rzhp->zfs_hdl, fsname, ZFS_TYPE_DATASET);
1564 if (zhp == NULL)
1565 return (-1);
1566 err = dump_filesystem(zhp, sdd);
1567 VERIFY(nvlist_add_boolean(fslist, "sent") == 0);
1568 progress = B_TRUE;
1569 zfs_close(zhp);
1570 if (err)
1571 return (err);
1572 }
1573 if (needagain) {
1574 assert(progress);
1575 goto again;
1576 }
1577
1578 /* clean out the sent flags in case we reuse this fss */
1579 for (fspair = nvlist_next_nvpair(sdd->fss, NULL); fspair;
1580 fspair = nvlist_next_nvpair(sdd->fss, fspair)) {
1581 nvlist_t *fslist;
1582
1583 VERIFY(nvpair_value_nvlist(fspair, &fslist) == 0);
1584 (void) nvlist_remove_all(fslist, "sent");
1585 }
1586
1587 return (0);
1588 }
1589
1590 nvlist_t *
zfs_send_resume_token_to_nvlist(libzfs_handle_t * hdl,const char * token)1591 zfs_send_resume_token_to_nvlist(libzfs_handle_t *hdl, const char *token)
1592 {
1593 unsigned int version;
1594 int nread;
1595 unsigned long long checksum, packed_len;
1596
1597 /*
1598 * Decode token header, which is:
1599 * <token version>-<checksum of payload>-<uncompressed payload length>
1600 * Note that the only supported token version is 1.
1601 */
1602 nread = sscanf(token, "%u-%llx-%llx-",
1603 &version, &checksum, &packed_len);
1604 if (nread != 3) {
1605 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1606 "resume token is corrupt (invalid format)"));
1607 return (NULL);
1608 }
1609
1610 if (version != ZFS_SEND_RESUME_TOKEN_VERSION) {
1611 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1612 "resume token is corrupt (invalid version %u)"),
1613 version);
1614 return (NULL);
1615 }
1616
1617 /* convert hexadecimal representation to binary */
1618 token = strrchr(token, '-') + 1;
1619 int len = strlen(token) / 2;
1620 unsigned char *compressed = zfs_alloc(hdl, len);
1621 for (int i = 0; i < len; i++) {
1622 nread = sscanf(token + i * 2, "%2hhx", compressed + i);
1623 if (nread != 1) {
1624 free(compressed);
1625 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1626 "resume token is corrupt "
1627 "(payload is not hex-encoded)"));
1628 return (NULL);
1629 }
1630 }
1631
1632 /* verify checksum */
1633 zio_cksum_t cksum;
1634 fletcher_4_native_varsize(compressed, len, &cksum);
1635 if (cksum.zc_word[0] != checksum) {
1636 free(compressed);
1637 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1638 "resume token is corrupt (incorrect checksum)"));
1639 return (NULL);
1640 }
1641
1642 /* uncompress */
1643 void *packed = zfs_alloc(hdl, packed_len);
1644 uLongf packed_len_long = packed_len;
1645 if (uncompress(packed, &packed_len_long, compressed, len) != Z_OK ||
1646 packed_len_long != packed_len) {
1647 free(packed);
1648 free(compressed);
1649 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1650 "resume token is corrupt (decompression failed)"));
1651 return (NULL);
1652 }
1653
1654 /* unpack nvlist */
1655 nvlist_t *nv;
1656 int error = nvlist_unpack(packed, packed_len, &nv, KM_SLEEP);
1657 free(packed);
1658 free(compressed);
1659 if (error != 0) {
1660 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1661 "resume token is corrupt (nvlist_unpack failed)"));
1662 return (NULL);
1663 }
1664 return (nv);
1665 }
1666
1667 int
zfs_send_resume(libzfs_handle_t * hdl,sendflags_t * flags,int outfd,const char * resume_token)1668 zfs_send_resume(libzfs_handle_t *hdl, sendflags_t *flags, int outfd,
1669 const char *resume_token)
1670 {
1671 char errbuf[1024];
1672 char *toname;
1673 char *fromname = NULL;
1674 uint64_t resumeobj, resumeoff, toguid, fromguid, bytes;
1675 zfs_handle_t *zhp;
1676 int error = 0;
1677 char name[ZFS_MAX_DATASET_NAME_LEN];
1678 enum lzc_send_flags lzc_flags = 0;
1679 FILE *fout = (flags->verbose && flags->dryrun) ? stdout : stderr;
1680
1681 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
1682 "cannot resume send"));
1683
1684 nvlist_t *resume_nvl =
1685 zfs_send_resume_token_to_nvlist(hdl, resume_token);
1686 if (resume_nvl == NULL) {
1687 /*
1688 * zfs_error_aux has already been set by
1689 * zfs_send_resume_token_to_nvlist
1690 */
1691 return (zfs_error(hdl, EZFS_FAULT, errbuf));
1692 }
1693 if (flags->verbose) {
1694 (void) fprintf(fout, dgettext(TEXT_DOMAIN,
1695 "resume token contents:\n"));
1696 nvlist_print(fout, resume_nvl);
1697 }
1698
1699 if (nvlist_lookup_string(resume_nvl, "toname", &toname) != 0 ||
1700 nvlist_lookup_uint64(resume_nvl, "object", &resumeobj) != 0 ||
1701 nvlist_lookup_uint64(resume_nvl, "offset", &resumeoff) != 0 ||
1702 nvlist_lookup_uint64(resume_nvl, "bytes", &bytes) != 0 ||
1703 nvlist_lookup_uint64(resume_nvl, "toguid", &toguid) != 0) {
1704 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1705 "resume token is corrupt"));
1706 return (zfs_error(hdl, EZFS_FAULT, errbuf));
1707 }
1708 fromguid = 0;
1709 (void) nvlist_lookup_uint64(resume_nvl, "fromguid", &fromguid);
1710
1711 if (flags->largeblock || nvlist_exists(resume_nvl, "largeblockok"))
1712 lzc_flags |= LZC_SEND_FLAG_LARGE_BLOCK;
1713 if (flags->embed_data || nvlist_exists(resume_nvl, "embedok"))
1714 lzc_flags |= LZC_SEND_FLAG_EMBED_DATA;
1715 if (flags->compress || nvlist_exists(resume_nvl, "compressok"))
1716 lzc_flags |= LZC_SEND_FLAG_COMPRESS;
1717 if (flags->raw || nvlist_exists(resume_nvl, "rawok"))
1718 lzc_flags |= LZC_SEND_FLAG_RAW;
1719
1720 if (guid_to_name(hdl, toname, toguid, B_FALSE, name) != 0) {
1721 if (zfs_dataset_exists(hdl, toname, ZFS_TYPE_DATASET)) {
1722 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1723 "'%s' is no longer the same snapshot used in "
1724 "the initial send"), toname);
1725 } else {
1726 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1727 "'%s' used in the initial send no longer exists"),
1728 toname);
1729 }
1730 return (zfs_error(hdl, EZFS_BADPATH, errbuf));
1731 }
1732 zhp = zfs_open(hdl, name, ZFS_TYPE_DATASET);
1733 if (zhp == NULL) {
1734 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1735 "unable to access '%s'"), name);
1736 return (zfs_error(hdl, EZFS_BADPATH, errbuf));
1737 }
1738
1739 if (fromguid != 0) {
1740 if (guid_to_name(hdl, toname, fromguid, B_TRUE, name) != 0) {
1741 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1742 "incremental source %#llx no longer exists"),
1743 (longlong_t)fromguid);
1744 return (zfs_error(hdl, EZFS_BADPATH, errbuf));
1745 }
1746 fromname = name;
1747 }
1748
1749 if (flags->verbose) {
1750 uint64_t size = 0;
1751 error = lzc_send_space(zhp->zfs_name, fromname,
1752 lzc_flags, &size);
1753 if (error == 0)
1754 size = MAX(0, (int64_t)(size - bytes));
1755 send_print_verbose(fout, zhp->zfs_name, fromname,
1756 size, flags->parsable);
1757 }
1758
1759 if (!flags->dryrun) {
1760 progress_arg_t pa = { 0 };
1761 pthread_t tid;
1762 /*
1763 * If progress reporting is requested, spawn a new thread to
1764 * poll ZFS_IOC_SEND_PROGRESS at a regular interval.
1765 */
1766 if (flags->progress) {
1767 pa.pa_zhp = zhp;
1768 pa.pa_fd = outfd;
1769 pa.pa_parsable = flags->parsable;
1770
1771 error = pthread_create(&tid, NULL,
1772 send_progress_thread, &pa);
1773 if (error != 0) {
1774 zfs_close(zhp);
1775 return (error);
1776 }
1777 }
1778
1779 error = lzc_send_resume(zhp->zfs_name, fromname, outfd,
1780 lzc_flags, resumeobj, resumeoff);
1781
1782 if (flags->progress) {
1783 (void) pthread_cancel(tid);
1784 (void) pthread_join(tid, NULL);
1785 }
1786
1787 char errbuf[1024];
1788 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
1789 "warning: cannot send '%s'"), zhp->zfs_name);
1790
1791 zfs_close(zhp);
1792
1793 switch (error) {
1794 case 0:
1795 return (0);
1796 case EACCES:
1797 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1798 "source key must be loaded"));
1799 return (zfs_error(hdl, EZFS_CRYPTOFAILED, errbuf));
1800
1801 case EXDEV:
1802 case ENOENT:
1803 case EDQUOT:
1804 case EFBIG:
1805 case EIO:
1806 case ENOLINK:
1807 case ENOSPC:
1808 case ENOSTR:
1809 case ENXIO:
1810 case EPIPE:
1811 case ERANGE:
1812 case EFAULT:
1813 case EROFS:
1814 zfs_error_aux(hdl, strerror(errno));
1815 return (zfs_error(hdl, EZFS_BADBACKUP, errbuf));
1816
1817 default:
1818 return (zfs_standard_error(hdl, errno, errbuf));
1819 }
1820 }
1821
1822
1823 zfs_close(zhp);
1824
1825 return (error);
1826 }
1827
1828 /*
1829 * Generate a send stream for the dataset identified by the argument zhp.
1830 *
1831 * The content of the send stream is the snapshot identified by
1832 * 'tosnap'. Incremental streams are requested in two ways:
1833 * - from the snapshot identified by "fromsnap" (if non-null) or
1834 * - from the origin of the dataset identified by zhp, which must
1835 * be a clone. In this case, "fromsnap" is null and "fromorigin"
1836 * is TRUE.
1837 *
1838 * The send stream is recursive (i.e. dumps a hierarchy of snapshots) and
1839 * uses a special header (with a hdrtype field of DMU_COMPOUNDSTREAM)
1840 * if "replicate" is set. If "doall" is set, dump all the intermediate
1841 * snapshots. The DMU_COMPOUNDSTREAM header is used in the "doall"
1842 * case too. If "props" is set, send properties.
1843 */
1844 int
zfs_send(zfs_handle_t * zhp,const char * fromsnap,const char * tosnap,sendflags_t * flags,int outfd,snapfilter_cb_t filter_func,void * cb_arg,nvlist_t ** debugnvp)1845 zfs_send(zfs_handle_t *zhp, const char *fromsnap, const char *tosnap,
1846 sendflags_t *flags, int outfd, snapfilter_cb_t filter_func,
1847 void *cb_arg, nvlist_t **debugnvp)
1848 {
1849 char errbuf[1024];
1850 send_dump_data_t sdd = { 0 };
1851 int err = 0;
1852 nvlist_t *fss = NULL;
1853 avl_tree_t *fsavl = NULL;
1854 static uint64_t holdseq;
1855 int spa_version;
1856 pthread_t tid = 0;
1857 int pipefd[2];
1858 dedup_arg_t dda = { 0 };
1859 int featureflags = 0;
1860 FILE *fout;
1861
1862 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
1863 "cannot send '%s'"), zhp->zfs_name);
1864
1865 if (fromsnap && fromsnap[0] == '\0') {
1866 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1867 "zero-length incremental source"));
1868 return (zfs_error(zhp->zfs_hdl, EZFS_NOENT, errbuf));
1869 }
1870
1871 if (zhp->zfs_type == ZFS_TYPE_FILESYSTEM) {
1872 uint64_t version;
1873 version = zfs_prop_get_int(zhp, ZFS_PROP_VERSION);
1874 if (version >= ZPL_VERSION_SA) {
1875 featureflags |= DMU_BACKUP_FEATURE_SA_SPILL;
1876 }
1877 }
1878
1879 if (flags->holds)
1880 featureflags |= DMU_BACKUP_FEATURE_HOLDS;
1881
1882 /*
1883 * Start the dedup thread if this is a dedup stream. We do not bother
1884 * doing this if this a raw send of an encrypted dataset with dedup off
1885 * because normal encrypted blocks won't dedup.
1886 */
1887 if (flags->dedup && !flags->dryrun && !(flags->raw &&
1888 zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION) != ZIO_CRYPT_OFF &&
1889 zfs_prop_get_int(zhp, ZFS_PROP_DEDUP) == ZIO_CHECKSUM_OFF)) {
1890 featureflags |= (DMU_BACKUP_FEATURE_DEDUP |
1891 DMU_BACKUP_FEATURE_DEDUPPROPS);
1892 if ((err = pipe(pipefd)) != 0) {
1893 zfs_error_aux(zhp->zfs_hdl, strerror(errno));
1894 return (zfs_error(zhp->zfs_hdl, EZFS_PIPEFAILED,
1895 errbuf));
1896 }
1897 dda.outputfd = outfd;
1898 dda.inputfd = pipefd[1];
1899 dda.dedup_hdl = zhp->zfs_hdl;
1900 if ((err = pthread_create(&tid, NULL, cksummer, &dda)) != 0) {
1901 (void) close(pipefd[0]);
1902 (void) close(pipefd[1]);
1903 zfs_error_aux(zhp->zfs_hdl, strerror(errno));
1904 return (zfs_error(zhp->zfs_hdl,
1905 EZFS_THREADCREATEFAILED, errbuf));
1906 }
1907 }
1908
1909 if (flags->replicate || flags->doall || flags->props ||
1910 flags->holds || flags->backup) {
1911 dmu_replay_record_t drr = { 0 };
1912 char *packbuf = NULL;
1913 size_t buflen = 0;
1914 zio_cksum_t zc;
1915
1916 ZIO_SET_CHECKSUM(&zc, 0, 0, 0, 0);
1917
1918 if (flags->replicate || flags->props || flags->backup ||
1919 flags->holds) {
1920 nvlist_t *hdrnv;
1921
1922 VERIFY(0 == nvlist_alloc(&hdrnv, NV_UNIQUE_NAME, 0));
1923 if (fromsnap) {
1924 VERIFY(0 == nvlist_add_string(hdrnv,
1925 "fromsnap", fromsnap));
1926 }
1927 VERIFY(0 == nvlist_add_string(hdrnv, "tosnap", tosnap));
1928 if (!flags->replicate) {
1929 VERIFY(0 == nvlist_add_boolean(hdrnv,
1930 "not_recursive"));
1931 }
1932 if (flags->raw) {
1933 VERIFY(0 == nvlist_add_boolean(hdrnv, "raw"));
1934 }
1935
1936 err = gather_nvlist(zhp->zfs_hdl, zhp->zfs_name,
1937 fromsnap, tosnap, flags->replicate, flags->raw,
1938 flags->verbose, flags->backup,
1939 flags->holds, flags->props, &fss,
1940 &fsavl);
1941 if (err) {
1942 nvlist_free(hdrnv);
1943 goto err_out;
1944 }
1945
1946 /*
1947 * Do not allow the size of the properties list to
1948 * exceed the limit
1949 */
1950 if ((fnvlist_size(fss) + fnvlist_size(hdrnv)) >
1951 zhp->zfs_hdl->libzfs_max_nvlist) {
1952 (void) snprintf(errbuf, sizeof (errbuf),
1953 dgettext(TEXT_DOMAIN,
1954 "warning: cannot send '%s': "
1955 "the size of the list of snapshots and "
1956 "properties is too large to be received "
1957 "successfully.\n"
1958 "Select a smaller number of snapshots to "
1959 "send.\n"),
1960 zhp->zfs_name);
1961 nvlist_free(hdrnv);
1962 err = zfs_error(zhp->zfs_hdl, EZFS_NOSPC,
1963 errbuf);
1964 goto err_out;
1965 }
1966 VERIFY(0 == nvlist_add_nvlist(hdrnv, "fss", fss));
1967 err = nvlist_pack(hdrnv, &packbuf, &buflen,
1968 NV_ENCODE_XDR, 0);
1969 if (debugnvp)
1970 *debugnvp = hdrnv;
1971 else
1972 nvlist_free(hdrnv);
1973 if (err)
1974 goto stderr_out;
1975 }
1976
1977 if (!flags->dryrun) {
1978 /* write first begin record */
1979 drr.drr_type = DRR_BEGIN;
1980 drr.drr_u.drr_begin.drr_magic = DMU_BACKUP_MAGIC;
1981 DMU_SET_STREAM_HDRTYPE(drr.drr_u.drr_begin.
1982 drr_versioninfo, DMU_COMPOUNDSTREAM);
1983 DMU_SET_FEATUREFLAGS(drr.drr_u.drr_begin.
1984 drr_versioninfo, featureflags);
1985 (void) snprintf(drr.drr_u.drr_begin.drr_toname,
1986 sizeof (drr.drr_u.drr_begin.drr_toname),
1987 "%s@%s", zhp->zfs_name, tosnap);
1988 drr.drr_payloadlen = buflen;
1989
1990 err = dump_record(&drr, packbuf, buflen, &zc, outfd);
1991 free(packbuf);
1992 if (err != 0)
1993 goto stderr_out;
1994
1995 /* write end record */
1996 bzero(&drr, sizeof (drr));
1997 drr.drr_type = DRR_END;
1998 drr.drr_u.drr_end.drr_checksum = zc;
1999 err = write(outfd, &drr, sizeof (drr));
2000 if (err == -1) {
2001 err = errno;
2002 goto stderr_out;
2003 }
2004
2005 err = 0;
2006 }
2007 }
2008
2009 /* dump each stream */
2010 sdd.fromsnap = fromsnap;
2011 sdd.tosnap = tosnap;
2012 if (tid != 0)
2013 sdd.outfd = pipefd[0];
2014 else
2015 sdd.outfd = outfd;
2016 sdd.replicate = flags->replicate;
2017 sdd.doall = flags->doall;
2018 sdd.fromorigin = flags->fromorigin;
2019 sdd.fss = fss;
2020 sdd.fsavl = fsavl;
2021 sdd.verbose = flags->verbose;
2022 sdd.parsable = flags->parsable;
2023 sdd.progress = flags->progress;
2024 sdd.dryrun = flags->dryrun;
2025 sdd.large_block = flags->largeblock;
2026 sdd.embed_data = flags->embed_data;
2027 sdd.compress = flags->compress;
2028 sdd.raw = flags->raw;
2029 sdd.holds = flags->holds;
2030 sdd.filter_cb = filter_func;
2031 sdd.filter_cb_arg = cb_arg;
2032 if (debugnvp)
2033 sdd.debugnv = *debugnvp;
2034 if (sdd.verbose && sdd.dryrun)
2035 sdd.std_out = B_TRUE;
2036 fout = sdd.std_out ? stdout : stderr;
2037
2038 /*
2039 * Some flags require that we place user holds on the datasets that are
2040 * being sent so they don't get destroyed during the send. We can skip
2041 * this step if the pool is imported read-only since the datasets cannot
2042 * be destroyed.
2043 */
2044 if (!flags->dryrun && !zpool_get_prop_int(zfs_get_pool_handle(zhp),
2045 ZPOOL_PROP_READONLY, NULL) &&
2046 zfs_spa_version(zhp, &spa_version) == 0 &&
2047 spa_version >= SPA_VERSION_USERREFS &&
2048 (flags->doall || flags->replicate)) {
2049 ++holdseq;
2050 (void) snprintf(sdd.holdtag, sizeof (sdd.holdtag),
2051 ".send-%d-%llu", getpid(), (u_longlong_t)holdseq);
2052 sdd.cleanup_fd = open(ZFS_DEV, O_RDWR|O_EXCL);
2053 if (sdd.cleanup_fd < 0) {
2054 err = errno;
2055 goto stderr_out;
2056 }
2057 sdd.snapholds = fnvlist_alloc();
2058 } else {
2059 sdd.cleanup_fd = -1;
2060 sdd.snapholds = NULL;
2061 }
2062
2063 if (flags->verbose || sdd.snapholds != NULL) {
2064 /*
2065 * Do a verbose no-op dry run to get all the verbose output
2066 * or to gather snapshot hold's before generating any data,
2067 * then do a non-verbose real run to generate the streams.
2068 */
2069 sdd.dryrun = B_TRUE;
2070 err = dump_filesystems(zhp, &sdd);
2071
2072 if (err != 0)
2073 goto stderr_out;
2074
2075 if (flags->verbose) {
2076 if (flags->parsable) {
2077 (void) fprintf(fout, "size\t%llu\n",
2078 (longlong_t)sdd.size);
2079 } else {
2080 char buf[16];
2081 zfs_nicebytes(sdd.size, buf, sizeof (buf));
2082 (void) fprintf(fout, dgettext(TEXT_DOMAIN,
2083 "total estimated size is %s\n"), buf);
2084 }
2085 }
2086
2087 /* Ensure no snaps found is treated as an error. */
2088 if (!sdd.seento) {
2089 err = ENOENT;
2090 goto err_out;
2091 }
2092
2093 /* Skip the second run if dryrun was requested. */
2094 if (flags->dryrun)
2095 goto err_out;
2096
2097 if (sdd.snapholds != NULL) {
2098 err = zfs_hold_nvl(zhp, sdd.cleanup_fd, sdd.snapholds);
2099 if (err != 0)
2100 goto stderr_out;
2101
2102 fnvlist_free(sdd.snapholds);
2103 sdd.snapholds = NULL;
2104 }
2105
2106 sdd.dryrun = B_FALSE;
2107 sdd.verbose = B_FALSE;
2108 }
2109
2110 err = dump_filesystems(zhp, &sdd);
2111 fsavl_destroy(fsavl);
2112 nvlist_free(fss);
2113
2114 /* Ensure no snaps found is treated as an error. */
2115 if (err == 0 && !sdd.seento)
2116 err = ENOENT;
2117
2118 if (tid != 0) {
2119 if (err != 0)
2120 (void) pthread_cancel(tid);
2121 (void) close(pipefd[0]);
2122 (void) pthread_join(tid, NULL);
2123 }
2124
2125 if (sdd.cleanup_fd != -1) {
2126 VERIFY(0 == close(sdd.cleanup_fd));
2127 sdd.cleanup_fd = -1;
2128 }
2129
2130 if (!flags->dryrun && (flags->replicate || flags->doall ||
2131 flags->props || flags->backup || flags->holds)) {
2132 /*
2133 * write final end record. NB: want to do this even if
2134 * there was some error, because it might not be totally
2135 * failed.
2136 */
2137 dmu_replay_record_t drr = { 0 };
2138 drr.drr_type = DRR_END;
2139 if (write(outfd, &drr, sizeof (drr)) == -1) {
2140 return (zfs_standard_error(zhp->zfs_hdl,
2141 errno, errbuf));
2142 }
2143 }
2144
2145 return (err || sdd.err);
2146
2147 stderr_out:
2148 err = zfs_standard_error(zhp->zfs_hdl, err, errbuf);
2149 err_out:
2150 fsavl_destroy(fsavl);
2151 nvlist_free(fss);
2152 fnvlist_free(sdd.snapholds);
2153
2154 if (sdd.cleanup_fd != -1)
2155 VERIFY(0 == close(sdd.cleanup_fd));
2156 if (tid != 0) {
2157 (void) pthread_cancel(tid);
2158 (void) close(pipefd[0]);
2159 (void) pthread_join(tid, NULL);
2160 }
2161 return (err);
2162 }
2163
2164 int
zfs_send_one(zfs_handle_t * zhp,const char * from,int fd,enum lzc_send_flags flags)2165 zfs_send_one(zfs_handle_t *zhp, const char *from, int fd,
2166 enum lzc_send_flags flags)
2167 {
2168 int err;
2169 libzfs_handle_t *hdl = zhp->zfs_hdl;
2170
2171 char errbuf[1024];
2172 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
2173 "warning: cannot send '%s'"), zhp->zfs_name);
2174
2175 err = lzc_send(zhp->zfs_name, from, fd, flags);
2176 if (err != 0) {
2177 switch (errno) {
2178 case EXDEV:
2179 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2180 "not an earlier snapshot from the same fs"));
2181 return (zfs_error(hdl, EZFS_CROSSTARGET, errbuf));
2182
2183 case ENOENT:
2184 case ESRCH:
2185 if (lzc_exists(zhp->zfs_name)) {
2186 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2187 "incremental source (%s) does not exist"),
2188 from);
2189 }
2190 return (zfs_error(hdl, EZFS_NOENT, errbuf));
2191
2192 case EACCES:
2193 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2194 "dataset key must be loaded"));
2195 return (zfs_error(hdl, EZFS_CRYPTOFAILED, errbuf));
2196
2197 case EBUSY:
2198 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2199 "target is busy; if a filesystem, "
2200 "it must not be mounted"));
2201 return (zfs_error(hdl, EZFS_BUSY, errbuf));
2202
2203 case EDQUOT:
2204 case EFBIG:
2205 case EIO:
2206 case ENOLINK:
2207 case ENOSPC:
2208 case ENOSTR:
2209 case ENXIO:
2210 case EPIPE:
2211 case ERANGE:
2212 case EFAULT:
2213 case EROFS:
2214 zfs_error_aux(hdl, strerror(errno));
2215 return (zfs_error(hdl, EZFS_BADBACKUP, errbuf));
2216
2217 default:
2218 return (zfs_standard_error(hdl, errno, errbuf));
2219 }
2220 }
2221 return (err != 0);
2222 }
2223
2224 /*
2225 * Routines specific to "zfs recv"
2226 */
2227
2228 static int
recv_read(libzfs_handle_t * hdl,int fd,void * buf,int ilen,boolean_t byteswap,zio_cksum_t * zc)2229 recv_read(libzfs_handle_t *hdl, int fd, void *buf, int ilen,
2230 boolean_t byteswap, zio_cksum_t *zc)
2231 {
2232 char *cp = buf;
2233 int rv;
2234 int len = ilen;
2235
2236 do {
2237 rv = read(fd, cp, len);
2238 cp += rv;
2239 len -= rv;
2240 } while (rv > 0);
2241
2242 if (rv < 0 || len != 0) {
2243 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2244 "failed to read from stream"));
2245 return (zfs_error(hdl, EZFS_BADSTREAM, dgettext(TEXT_DOMAIN,
2246 "cannot receive")));
2247 }
2248
2249 if (zc) {
2250 if (byteswap)
2251 (void) fletcher_4_incremental_byteswap(buf, ilen, zc);
2252 else
2253 (void) fletcher_4_incremental_native(buf, ilen, zc);
2254 }
2255 return (0);
2256 }
2257
2258 static int
recv_read_nvlist(libzfs_handle_t * hdl,int fd,int len,nvlist_t ** nvp,boolean_t byteswap,zio_cksum_t * zc)2259 recv_read_nvlist(libzfs_handle_t *hdl, int fd, int len, nvlist_t **nvp,
2260 boolean_t byteswap, zio_cksum_t *zc)
2261 {
2262 char *buf;
2263 int err;
2264
2265 buf = zfs_alloc(hdl, len);
2266 if (buf == NULL)
2267 return (ENOMEM);
2268
2269 if (len > hdl->libzfs_max_nvlist) {
2270 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "nvlist too large"));
2271 free(buf);
2272 return (ENOMEM);
2273 }
2274
2275 err = recv_read(hdl, fd, buf, len, byteswap, zc);
2276 if (err != 0) {
2277 free(buf);
2278 return (err);
2279 }
2280
2281 err = nvlist_unpack(buf, len, nvp, 0);
2282 free(buf);
2283 if (err != 0) {
2284 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "invalid "
2285 "stream (malformed nvlist)"));
2286 return (EINVAL);
2287 }
2288 return (0);
2289 }
2290
2291 /*
2292 * Returns the grand origin (origin of origin of origin...) of a given handle.
2293 * If this dataset is not a clone, it simply returns a copy of the original
2294 * handle.
2295 */
2296 static zfs_handle_t *
recv_open_grand_origin(zfs_handle_t * zhp)2297 recv_open_grand_origin(zfs_handle_t *zhp)
2298 {
2299 char origin[ZFS_MAX_DATASET_NAME_LEN];
2300 zprop_source_t src;
2301 zfs_handle_t *ozhp = zfs_handle_dup(zhp);
2302
2303 while (ozhp != NULL) {
2304 if (zfs_prop_get(ozhp, ZFS_PROP_ORIGIN, origin,
2305 sizeof (origin), &src, NULL, 0, B_FALSE) != 0)
2306 break;
2307
2308 (void) zfs_close(ozhp);
2309 ozhp = zfs_open(zhp->zfs_hdl, origin, ZFS_TYPE_FILESYSTEM);
2310 }
2311
2312 return (ozhp);
2313 }
2314
2315 static int
recv_rename_impl(zfs_handle_t * zhp,const char * source,const char * target)2316 recv_rename_impl(zfs_handle_t *zhp, const char *source, const char *target)
2317 {
2318 int err;
2319 zfs_handle_t *ozhp = NULL;
2320
2321 /*
2322 * Attempt to rename the dataset. If it fails with EACCES we have
2323 * attempted to rename the dataset outside of its encryption root.
2324 * Force the dataset to become an encryption root and try again.
2325 */
2326 err = lzc_rename(source, target);
2327 if (err == EACCES) {
2328 ozhp = recv_open_grand_origin(zhp);
2329 if (ozhp == NULL) {
2330 err = ENOENT;
2331 goto out;
2332 }
2333
2334 err = lzc_change_key(ozhp->zfs_name, DCP_CMD_FORCE_NEW_KEY,
2335 NULL, NULL, 0);
2336 if (err != 0)
2337 goto out;
2338
2339 err = lzc_rename(source, target);
2340 }
2341
2342 out:
2343 if (ozhp != NULL)
2344 zfs_close(ozhp);
2345 return (err);
2346 }
2347
2348 static int
recv_rename(libzfs_handle_t * hdl,const char * name,const char * tryname,int baselen,char * newname,recvflags_t * flags)2349 recv_rename(libzfs_handle_t *hdl, const char *name, const char *tryname,
2350 int baselen, char *newname, recvflags_t *flags)
2351 {
2352 static int seq;
2353 int err;
2354 prop_changelist_t *clp = NULL;
2355 zfs_handle_t *zhp = NULL;
2356
2357 zhp = zfs_open(hdl, name, ZFS_TYPE_DATASET);
2358 if (zhp == NULL) {
2359 err = -1;
2360 goto out;
2361 }
2362 clp = changelist_gather(zhp, ZFS_PROP_NAME, 0,
2363 flags->force ? MS_FORCE : 0);
2364 if (clp == NULL) {
2365 err = -1;
2366 goto out;
2367 }
2368 err = changelist_prefix(clp);
2369 if (err)
2370 goto out;
2371
2372 if (tryname) {
2373 (void) strcpy(newname, tryname);
2374 if (flags->verbose) {
2375 (void) printf("attempting rename %s to %s\n",
2376 name, newname);
2377 }
2378 err = recv_rename_impl(zhp, name, newname);
2379 if (err == 0)
2380 changelist_rename(clp, name, tryname);
2381 } else {
2382 err = ENOENT;
2383 }
2384
2385 if (err != 0 && strncmp(name + baselen, "recv-", 5) != 0) {
2386 seq++;
2387
2388 (void) snprintf(newname, ZFS_MAX_DATASET_NAME_LEN,
2389 "%.*srecv-%u-%u", baselen, name, getpid(), seq);
2390 if (flags->verbose) {
2391 (void) printf("failed - trying rename %s to %s\n",
2392 name, newname);
2393 }
2394 err = recv_rename_impl(zhp, name, newname);
2395 if (err == 0)
2396 changelist_rename(clp, name, newname);
2397 if (err && flags->verbose) {
2398 (void) printf("failed (%u) - "
2399 "will try again on next pass\n", errno);
2400 }
2401 err = EAGAIN;
2402 } else if (flags->verbose) {
2403 if (err == 0)
2404 (void) printf("success\n");
2405 else
2406 (void) printf("failed (%u)\n", errno);
2407 }
2408
2409 (void) changelist_postfix(clp);
2410
2411 out:
2412 if (clp != NULL)
2413 changelist_free(clp);
2414 if (zhp != NULL)
2415 zfs_close(zhp);
2416
2417 return (err);
2418 }
2419
2420 static int
recv_promote(libzfs_handle_t * hdl,const char * fsname,const char * origin_fsname,recvflags_t * flags)2421 recv_promote(libzfs_handle_t *hdl, const char *fsname,
2422 const char *origin_fsname, recvflags_t *flags)
2423 {
2424 int err;
2425 zfs_cmd_t zc = {"\0"};
2426 zfs_handle_t *zhp = NULL, *ozhp = NULL;
2427
2428 if (flags->verbose)
2429 (void) printf("promoting %s\n", fsname);
2430
2431 (void) strlcpy(zc.zc_value, origin_fsname, sizeof (zc.zc_value));
2432 (void) strlcpy(zc.zc_name, fsname, sizeof (zc.zc_name));
2433
2434 /*
2435 * Attempt to promote the dataset. If it fails with EACCES the
2436 * promotion would cause this dataset to leave its encryption root.
2437 * Force the origin to become an encryption root and try again.
2438 */
2439 err = zfs_ioctl(hdl, ZFS_IOC_PROMOTE, &zc);
2440 if (err == EACCES) {
2441 zhp = zfs_open(hdl, fsname, ZFS_TYPE_DATASET);
2442 if (zhp == NULL) {
2443 err = -1;
2444 goto out;
2445 }
2446
2447 ozhp = recv_open_grand_origin(zhp);
2448 if (ozhp == NULL) {
2449 err = -1;
2450 goto out;
2451 }
2452
2453 err = lzc_change_key(ozhp->zfs_name, DCP_CMD_FORCE_NEW_KEY,
2454 NULL, NULL, 0);
2455 if (err != 0)
2456 goto out;
2457
2458 err = zfs_ioctl(hdl, ZFS_IOC_PROMOTE, &zc);
2459 }
2460
2461 out:
2462 if (zhp != NULL)
2463 zfs_close(zhp);
2464 if (ozhp != NULL)
2465 zfs_close(ozhp);
2466
2467 return (err);
2468 }
2469
2470 static int
recv_destroy(libzfs_handle_t * hdl,const char * name,int baselen,char * newname,recvflags_t * flags)2471 recv_destroy(libzfs_handle_t *hdl, const char *name, int baselen,
2472 char *newname, recvflags_t *flags)
2473 {
2474 int err = 0;
2475 prop_changelist_t *clp;
2476 zfs_handle_t *zhp;
2477 boolean_t defer = B_FALSE;
2478 int spa_version;
2479
2480 zhp = zfs_open(hdl, name, ZFS_TYPE_DATASET);
2481 if (zhp == NULL)
2482 return (-1);
2483 clp = changelist_gather(zhp, ZFS_PROP_NAME, 0,
2484 flags->force ? MS_FORCE : 0);
2485 if (zfs_get_type(zhp) == ZFS_TYPE_SNAPSHOT &&
2486 zfs_spa_version(zhp, &spa_version) == 0 &&
2487 spa_version >= SPA_VERSION_USERREFS)
2488 defer = B_TRUE;
2489 zfs_close(zhp);
2490 if (clp == NULL)
2491 return (-1);
2492 err = changelist_prefix(clp);
2493 if (err)
2494 return (err);
2495
2496 if (flags->verbose)
2497 (void) printf("attempting destroy %s\n", name);
2498 if (zhp->zfs_type == ZFS_TYPE_SNAPSHOT) {
2499 nvlist_t *nv = fnvlist_alloc();
2500 fnvlist_add_boolean(nv, name);
2501 err = lzc_destroy_snaps(nv, defer, NULL);
2502 fnvlist_free(nv);
2503 } else {
2504 err = lzc_destroy(name);
2505 }
2506 if (err == 0) {
2507 if (flags->verbose)
2508 (void) printf("success\n");
2509 changelist_remove(clp, name);
2510 }
2511
2512 (void) changelist_postfix(clp);
2513 changelist_free(clp);
2514
2515 /*
2516 * Deferred destroy might destroy the snapshot or only mark it to be
2517 * destroyed later, and it returns success in either case.
2518 */
2519 if (err != 0 || (defer && zfs_dataset_exists(hdl, name,
2520 ZFS_TYPE_SNAPSHOT))) {
2521 err = recv_rename(hdl, name, NULL, baselen, newname, flags);
2522 }
2523
2524 return (err);
2525 }
2526
2527 typedef struct guid_to_name_data {
2528 uint64_t guid;
2529 boolean_t bookmark_ok;
2530 char *name;
2531 char *skip;
2532 } guid_to_name_data_t;
2533
2534 static int
guid_to_name_cb(zfs_handle_t * zhp,void * arg)2535 guid_to_name_cb(zfs_handle_t *zhp, void *arg)
2536 {
2537 guid_to_name_data_t *gtnd = arg;
2538 const char *slash;
2539 int err;
2540
2541 if (gtnd->skip != NULL &&
2542 (slash = strrchr(zhp->zfs_name, '/')) != NULL &&
2543 strcmp(slash + 1, gtnd->skip) == 0) {
2544 zfs_close(zhp);
2545 return (0);
2546 }
2547
2548 if (zfs_prop_get_int(zhp, ZFS_PROP_GUID) == gtnd->guid) {
2549 (void) strcpy(gtnd->name, zhp->zfs_name);
2550 zfs_close(zhp);
2551 return (EEXIST);
2552 }
2553
2554 err = zfs_iter_children(zhp, guid_to_name_cb, gtnd);
2555 if (err != EEXIST && gtnd->bookmark_ok)
2556 err = zfs_iter_bookmarks(zhp, guid_to_name_cb, gtnd);
2557 zfs_close(zhp);
2558 return (err);
2559 }
2560
2561 /*
2562 * Attempt to find the local dataset associated with this guid. In the case of
2563 * multiple matches, we attempt to find the "best" match by searching
2564 * progressively larger portions of the hierarchy. This allows one to send a
2565 * tree of datasets individually and guarantee that we will find the source
2566 * guid within that hierarchy, even if there are multiple matches elsewhere.
2567 */
2568 static int
guid_to_name(libzfs_handle_t * hdl,const char * parent,uint64_t guid,boolean_t bookmark_ok,char * name)2569 guid_to_name(libzfs_handle_t *hdl, const char *parent, uint64_t guid,
2570 boolean_t bookmark_ok, char *name)
2571 {
2572 char pname[ZFS_MAX_DATASET_NAME_LEN];
2573 guid_to_name_data_t gtnd;
2574
2575 gtnd.guid = guid;
2576 gtnd.bookmark_ok = bookmark_ok;
2577 gtnd.name = name;
2578 gtnd.skip = NULL;
2579
2580 /*
2581 * Search progressively larger portions of the hierarchy, starting
2582 * with the filesystem specified by 'parent'. This will
2583 * select the "most local" version of the origin snapshot in the case
2584 * that there are multiple matching snapshots in the system.
2585 */
2586 (void) strlcpy(pname, parent, sizeof (pname));
2587 char *cp = strrchr(pname, '@');
2588 if (cp == NULL)
2589 cp = strchr(pname, '\0');
2590 for (; cp != NULL; cp = strrchr(pname, '/')) {
2591 /* Chop off the last component and open the parent */
2592 *cp = '\0';
2593 zfs_handle_t *zhp = make_dataset_handle(hdl, pname);
2594
2595 if (zhp == NULL)
2596 continue;
2597 int err = guid_to_name_cb(zfs_handle_dup(zhp), >nd);
2598 if (err != EEXIST)
2599 err = zfs_iter_children(zhp, guid_to_name_cb, >nd);
2600 if (err != EEXIST && bookmark_ok)
2601 err = zfs_iter_bookmarks(zhp, guid_to_name_cb, >nd);
2602 zfs_close(zhp);
2603 if (err == EEXIST)
2604 return (0);
2605
2606 /*
2607 * Remember the last portion of the dataset so we skip it next
2608 * time through (as we've already searched that portion of the
2609 * hierarchy).
2610 */
2611 gtnd.skip = strrchr(pname, '/') + 1;
2612 }
2613
2614 return (ENOENT);
2615 }
2616
2617 /*
2618 * Return +1 if guid1 is before guid2, 0 if they are the same, and -1 if
2619 * guid1 is after guid2.
2620 */
2621 static int
created_before(libzfs_handle_t * hdl,avl_tree_t * avl,uint64_t guid1,uint64_t guid2)2622 created_before(libzfs_handle_t *hdl, avl_tree_t *avl,
2623 uint64_t guid1, uint64_t guid2)
2624 {
2625 nvlist_t *nvfs;
2626 char *fsname, *snapname;
2627 char buf[ZFS_MAX_DATASET_NAME_LEN];
2628 int rv;
2629 zfs_handle_t *guid1hdl, *guid2hdl;
2630 uint64_t create1, create2;
2631
2632 if (guid2 == 0)
2633 return (0);
2634 if (guid1 == 0)
2635 return (1);
2636
2637 nvfs = fsavl_find(avl, guid1, &snapname);
2638 VERIFY(0 == nvlist_lookup_string(nvfs, "name", &fsname));
2639 (void) snprintf(buf, sizeof (buf), "%s@%s", fsname, snapname);
2640 guid1hdl = zfs_open(hdl, buf, ZFS_TYPE_SNAPSHOT);
2641 if (guid1hdl == NULL)
2642 return (-1);
2643
2644 nvfs = fsavl_find(avl, guid2, &snapname);
2645 VERIFY(0 == nvlist_lookup_string(nvfs, "name", &fsname));
2646 (void) snprintf(buf, sizeof (buf), "%s@%s", fsname, snapname);
2647 guid2hdl = zfs_open(hdl, buf, ZFS_TYPE_SNAPSHOT);
2648 if (guid2hdl == NULL) {
2649 zfs_close(guid1hdl);
2650 return (-1);
2651 }
2652
2653 create1 = zfs_prop_get_int(guid1hdl, ZFS_PROP_CREATETXG);
2654 create2 = zfs_prop_get_int(guid2hdl, ZFS_PROP_CREATETXG);
2655
2656 if (create1 < create2)
2657 rv = -1;
2658 else if (create1 > create2)
2659 rv = +1;
2660 else
2661 rv = 0;
2662
2663 zfs_close(guid1hdl);
2664 zfs_close(guid2hdl);
2665
2666 return (rv);
2667 }
2668
2669 /*
2670 * This function reestablishes the heirarchy of encryption roots after a
2671 * recursive incremental receive has completed. This must be done after the
2672 * second call to recv_incremental_replication() has renamed and promoted all
2673 * sent datasets to their final locations in the dataset heriarchy.
2674 */
2675 /* ARGSUSED */
2676 static int
recv_fix_encryption_hierarchy(libzfs_handle_t * hdl,const char * destname,nvlist_t * stream_nv,avl_tree_t * stream_avl)2677 recv_fix_encryption_hierarchy(libzfs_handle_t *hdl, const char *destname,
2678 nvlist_t *stream_nv, avl_tree_t *stream_avl)
2679 {
2680 int err;
2681 nvpair_t *fselem = NULL;
2682 nvlist_t *stream_fss;
2683 char *cp;
2684 char top_zfs[ZFS_MAX_DATASET_NAME_LEN];
2685
2686 (void) strcpy(top_zfs, destname);
2687 cp = strrchr(top_zfs, '@');
2688 if (cp != NULL)
2689 *cp = '\0';
2690
2691 VERIFY(0 == nvlist_lookup_nvlist(stream_nv, "fss", &stream_fss));
2692
2693 while ((fselem = nvlist_next_nvpair(stream_fss, fselem)) != NULL) {
2694 zfs_handle_t *zhp = NULL;
2695 uint64_t crypt;
2696 nvlist_t *snaps, *props, *stream_nvfs = NULL;
2697 nvpair_t *snapel = NULL;
2698 boolean_t is_encroot, is_clone, stream_encroot;
2699 char *cp;
2700 char *stream_keylocation = NULL;
2701 char keylocation[MAXNAMELEN];
2702 char fsname[ZFS_MAX_DATASET_NAME_LEN];
2703
2704 keylocation[0] = '\0';
2705 VERIFY(0 == nvpair_value_nvlist(fselem, &stream_nvfs));
2706 VERIFY(0 == nvlist_lookup_nvlist(stream_nvfs, "snaps", &snaps));
2707 VERIFY(0 == nvlist_lookup_nvlist(stream_nvfs, "props", &props));
2708 stream_encroot = nvlist_exists(stream_nvfs, "is_encroot");
2709
2710 /* find a snapshot from the stream that exists locally */
2711 err = ENOENT;
2712 while ((snapel = nvlist_next_nvpair(snaps, snapel)) != NULL) {
2713 uint64_t guid;
2714
2715 VERIFY(0 == nvpair_value_uint64(snapel, &guid));
2716 err = guid_to_name(hdl, destname, guid, B_FALSE,
2717 fsname);
2718 if (err == 0)
2719 break;
2720 }
2721
2722 if (err != 0)
2723 continue;
2724
2725 cp = strchr(fsname, '@');
2726 if (cp != NULL)
2727 *cp = '\0';
2728
2729 zhp = zfs_open(hdl, fsname, ZFS_TYPE_DATASET);
2730 if (zhp == NULL) {
2731 err = ENOENT;
2732 goto error;
2733 }
2734
2735 crypt = zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION);
2736 is_clone = zhp->zfs_dmustats.dds_origin[0] != '\0';
2737 (void) zfs_crypto_get_encryption_root(zhp, &is_encroot, NULL);
2738
2739 /* we don't need to do anything for unencrypted datasets */
2740 if (crypt == ZIO_CRYPT_OFF) {
2741 zfs_close(zhp);
2742 continue;
2743 }
2744
2745 /*
2746 * If the dataset is flagged as an encryption root, was not
2747 * received as a clone and is not currently an encryption root,
2748 * force it to become one. Fixup the keylocation if necessary.
2749 */
2750 if (stream_encroot) {
2751 if (!is_clone && !is_encroot) {
2752 err = lzc_change_key(fsname,
2753 DCP_CMD_FORCE_NEW_KEY, NULL, NULL, 0);
2754 if (err != 0) {
2755 zfs_close(zhp);
2756 goto error;
2757 }
2758 }
2759
2760 VERIFY(0 == nvlist_lookup_string(props,
2761 zfs_prop_to_name(ZFS_PROP_KEYLOCATION),
2762 &stream_keylocation));
2763
2764 /*
2765 * Refresh the properties in case the call to
2766 * lzc_change_key() changed the value.
2767 */
2768 zfs_refresh_properties(zhp);
2769 err = zfs_prop_get(zhp, ZFS_PROP_KEYLOCATION,
2770 keylocation, sizeof (keylocation), NULL, NULL,
2771 0, B_TRUE);
2772 if (err != 0) {
2773 zfs_close(zhp);
2774 goto error;
2775 }
2776
2777 if (strcmp(keylocation, stream_keylocation) != 0) {
2778 err = zfs_prop_set(zhp,
2779 zfs_prop_to_name(ZFS_PROP_KEYLOCATION),
2780 stream_keylocation);
2781 if (err != 0) {
2782 zfs_close(zhp);
2783 goto error;
2784 }
2785 }
2786 }
2787
2788 /*
2789 * If the dataset is not flagged as an encryption root and is
2790 * currently an encryption root, force it to inherit from its
2791 * parent. The root of a raw send should never be
2792 * force-inherited.
2793 */
2794 if (!stream_encroot && is_encroot &&
2795 strcmp(top_zfs, fsname) != 0) {
2796 err = lzc_change_key(fsname, DCP_CMD_FORCE_INHERIT,
2797 NULL, NULL, 0);
2798 if (err != 0) {
2799 zfs_close(zhp);
2800 goto error;
2801 }
2802 }
2803
2804 zfs_close(zhp);
2805 }
2806
2807 return (0);
2808
2809 error:
2810 return (err);
2811 }
2812
2813 static int
recv_incremental_replication(libzfs_handle_t * hdl,const char * tofs,recvflags_t * flags,nvlist_t * stream_nv,avl_tree_t * stream_avl,nvlist_t * renamed)2814 recv_incremental_replication(libzfs_handle_t *hdl, const char *tofs,
2815 recvflags_t *flags, nvlist_t *stream_nv, avl_tree_t *stream_avl,
2816 nvlist_t *renamed)
2817 {
2818 nvlist_t *local_nv;
2819 avl_tree_t *local_avl;
2820 nvpair_t *fselem, *nextfselem;
2821 char *fromsnap;
2822 char newname[ZFS_MAX_DATASET_NAME_LEN];
2823 int error;
2824 boolean_t needagain, progress, recursive;
2825 char *s1, *s2;
2826
2827 VERIFY(0 == nvlist_lookup_string(stream_nv, "fromsnap", &fromsnap));
2828
2829 recursive = (nvlist_lookup_boolean(stream_nv, "not_recursive") ==
2830 ENOENT);
2831
2832 if (flags->dryrun)
2833 return (0);
2834
2835 again:
2836 needagain = progress = B_FALSE;
2837
2838 if ((error = gather_nvlist(hdl, tofs, fromsnap, NULL,
2839 recursive, B_TRUE, B_FALSE,
2840 B_FALSE, B_FALSE, B_TRUE, &local_nv, &local_avl)) != 0)
2841 return (error);
2842
2843 /*
2844 * Process deletes and renames
2845 */
2846 for (fselem = nvlist_next_nvpair(local_nv, NULL);
2847 fselem; fselem = nextfselem) {
2848 nvlist_t *nvfs, *snaps;
2849 nvlist_t *stream_nvfs = NULL;
2850 nvpair_t *snapelem, *nextsnapelem;
2851 uint64_t fromguid = 0;
2852 uint64_t originguid = 0;
2853 uint64_t stream_originguid = 0;
2854 uint64_t parent_fromsnap_guid, stream_parent_fromsnap_guid;
2855 char *fsname, *stream_fsname;
2856
2857 nextfselem = nvlist_next_nvpair(local_nv, fselem);
2858
2859 VERIFY(0 == nvpair_value_nvlist(fselem, &nvfs));
2860 VERIFY(0 == nvlist_lookup_nvlist(nvfs, "snaps", &snaps));
2861 VERIFY(0 == nvlist_lookup_string(nvfs, "name", &fsname));
2862 VERIFY(0 == nvlist_lookup_uint64(nvfs, "parentfromsnap",
2863 &parent_fromsnap_guid));
2864 (void) nvlist_lookup_uint64(nvfs, "origin", &originguid);
2865
2866 /*
2867 * First find the stream's fs, so we can check for
2868 * a different origin (due to "zfs promote")
2869 */
2870 for (snapelem = nvlist_next_nvpair(snaps, NULL);
2871 snapelem; snapelem = nvlist_next_nvpair(snaps, snapelem)) {
2872 uint64_t thisguid;
2873
2874 VERIFY(0 == nvpair_value_uint64(snapelem, &thisguid));
2875 stream_nvfs = fsavl_find(stream_avl, thisguid, NULL);
2876
2877 if (stream_nvfs != NULL)
2878 break;
2879 }
2880
2881 /* check for promote */
2882 (void) nvlist_lookup_uint64(stream_nvfs, "origin",
2883 &stream_originguid);
2884 if (stream_nvfs && originguid != stream_originguid) {
2885 switch (created_before(hdl, local_avl,
2886 stream_originguid, originguid)) {
2887 case 1: {
2888 /* promote it! */
2889 nvlist_t *origin_nvfs;
2890 char *origin_fsname;
2891
2892 origin_nvfs = fsavl_find(local_avl, originguid,
2893 NULL);
2894 VERIFY(0 == nvlist_lookup_string(origin_nvfs,
2895 "name", &origin_fsname));
2896 error = recv_promote(hdl, fsname, origin_fsname,
2897 flags);
2898 if (error == 0)
2899 progress = B_TRUE;
2900 break;
2901 }
2902 default:
2903 break;
2904 case -1:
2905 fsavl_destroy(local_avl);
2906 nvlist_free(local_nv);
2907 return (-1);
2908 }
2909 /*
2910 * We had/have the wrong origin, therefore our
2911 * list of snapshots is wrong. Need to handle
2912 * them on the next pass.
2913 */
2914 needagain = B_TRUE;
2915 continue;
2916 }
2917
2918 for (snapelem = nvlist_next_nvpair(snaps, NULL);
2919 snapelem; snapelem = nextsnapelem) {
2920 uint64_t thisguid;
2921 char *stream_snapname;
2922 nvlist_t *found, *props;
2923
2924 nextsnapelem = nvlist_next_nvpair(snaps, snapelem);
2925
2926 VERIFY(0 == nvpair_value_uint64(snapelem, &thisguid));
2927 found = fsavl_find(stream_avl, thisguid,
2928 &stream_snapname);
2929
2930 /* check for delete */
2931 if (found == NULL) {
2932 char name[ZFS_MAX_DATASET_NAME_LEN];
2933
2934 if (!flags->force)
2935 continue;
2936
2937 (void) snprintf(name, sizeof (name), "%s@%s",
2938 fsname, nvpair_name(snapelem));
2939
2940 error = recv_destroy(hdl, name,
2941 strlen(fsname)+1, newname, flags);
2942 if (error)
2943 needagain = B_TRUE;
2944 else
2945 progress = B_TRUE;
2946 continue;
2947 }
2948
2949 stream_nvfs = found;
2950
2951 if (0 == nvlist_lookup_nvlist(stream_nvfs, "snapprops",
2952 &props) && 0 == nvlist_lookup_nvlist(props,
2953 stream_snapname, &props)) {
2954 zfs_cmd_t zc = { 0 };
2955
2956 zc.zc_cookie = B_TRUE; /* received */
2957 (void) snprintf(zc.zc_name, sizeof (zc.zc_name),
2958 "%s@%s", fsname, nvpair_name(snapelem));
2959 if (zcmd_write_src_nvlist(hdl, &zc,
2960 props) == 0) {
2961 (void) zfs_ioctl(hdl,
2962 ZFS_IOC_SET_PROP, &zc);
2963 zcmd_free_nvlists(&zc);
2964 }
2965 }
2966
2967 /* check for different snapname */
2968 if (strcmp(nvpair_name(snapelem),
2969 stream_snapname) != 0) {
2970 char name[ZFS_MAX_DATASET_NAME_LEN];
2971 char tryname[ZFS_MAX_DATASET_NAME_LEN];
2972
2973 (void) snprintf(name, sizeof (name), "%s@%s",
2974 fsname, nvpair_name(snapelem));
2975 (void) snprintf(tryname, sizeof (name), "%s@%s",
2976 fsname, stream_snapname);
2977
2978 error = recv_rename(hdl, name, tryname,
2979 strlen(fsname)+1, newname, flags);
2980 if (error)
2981 needagain = B_TRUE;
2982 else
2983 progress = B_TRUE;
2984 }
2985
2986 if (strcmp(stream_snapname, fromsnap) == 0)
2987 fromguid = thisguid;
2988 }
2989
2990 /* check for delete */
2991 if (stream_nvfs == NULL) {
2992 if (!flags->force)
2993 continue;
2994
2995 error = recv_destroy(hdl, fsname, strlen(tofs)+1,
2996 newname, flags);
2997 if (error)
2998 needagain = B_TRUE;
2999 else
3000 progress = B_TRUE;
3001 continue;
3002 }
3003
3004 if (fromguid == 0) {
3005 if (flags->verbose) {
3006 (void) printf("local fs %s does not have "
3007 "fromsnap (%s in stream); must have "
3008 "been deleted locally; ignoring\n",
3009 fsname, fromsnap);
3010 }
3011 continue;
3012 }
3013
3014 VERIFY(0 == nvlist_lookup_string(stream_nvfs,
3015 "name", &stream_fsname));
3016 VERIFY(0 == nvlist_lookup_uint64(stream_nvfs,
3017 "parentfromsnap", &stream_parent_fromsnap_guid));
3018
3019 s1 = strrchr(fsname, '/');
3020 s2 = strrchr(stream_fsname, '/');
3021
3022 /*
3023 * Check for rename. If the exact receive path is specified, it
3024 * does not count as a rename, but we still need to check the
3025 * datasets beneath it.
3026 */
3027 if ((stream_parent_fromsnap_guid != 0 &&
3028 parent_fromsnap_guid != 0 &&
3029 stream_parent_fromsnap_guid != parent_fromsnap_guid) ||
3030 ((flags->isprefix || strcmp(tofs, fsname) != 0) &&
3031 (s1 != NULL) && (s2 != NULL) && strcmp(s1, s2) != 0)) {
3032 nvlist_t *parent;
3033 char tryname[ZFS_MAX_DATASET_NAME_LEN];
3034
3035 parent = fsavl_find(local_avl,
3036 stream_parent_fromsnap_guid, NULL);
3037 /*
3038 * NB: parent might not be found if we used the
3039 * tosnap for stream_parent_fromsnap_guid,
3040 * because the parent is a newly-created fs;
3041 * we'll be able to rename it after we recv the
3042 * new fs.
3043 */
3044 if (parent != NULL) {
3045 char *pname;
3046
3047 VERIFY(0 == nvlist_lookup_string(parent, "name",
3048 &pname));
3049 (void) snprintf(tryname, sizeof (tryname),
3050 "%s%s", pname, strrchr(stream_fsname, '/'));
3051 } else {
3052 tryname[0] = '\0';
3053 if (flags->verbose) {
3054 (void) printf("local fs %s new parent "
3055 "not found\n", fsname);
3056 }
3057 }
3058
3059 newname[0] = '\0';
3060
3061 error = recv_rename(hdl, fsname, tryname,
3062 strlen(tofs)+1, newname, flags);
3063
3064 if (renamed != NULL && newname[0] != '\0') {
3065 VERIFY(0 == nvlist_add_boolean(renamed,
3066 newname));
3067 }
3068
3069 if (error)
3070 needagain = B_TRUE;
3071 else
3072 progress = B_TRUE;
3073 }
3074 }
3075
3076 fsavl_destroy(local_avl);
3077 nvlist_free(local_nv);
3078
3079 if (needagain && progress) {
3080 /* do another pass to fix up temporary names */
3081 if (flags->verbose)
3082 (void) printf("another pass:\n");
3083 goto again;
3084 }
3085
3086 return (needagain || error != 0);
3087 }
3088
3089 static int
zfs_receive_package(libzfs_handle_t * hdl,int fd,const char * destname,recvflags_t * flags,dmu_replay_record_t * drr,zio_cksum_t * zc,char ** top_zfs,int cleanup_fd,uint64_t * action_handlep,nvlist_t * cmdprops)3090 zfs_receive_package(libzfs_handle_t *hdl, int fd, const char *destname,
3091 recvflags_t *flags, dmu_replay_record_t *drr, zio_cksum_t *zc,
3092 char **top_zfs, int cleanup_fd, uint64_t *action_handlep,
3093 nvlist_t *cmdprops)
3094 {
3095 nvlist_t *stream_nv = NULL;
3096 avl_tree_t *stream_avl = NULL;
3097 char *fromsnap = NULL;
3098 char *sendsnap = NULL;
3099 char *cp;
3100 char tofs[ZFS_MAX_DATASET_NAME_LEN];
3101 char sendfs[ZFS_MAX_DATASET_NAME_LEN];
3102 char errbuf[1024];
3103 dmu_replay_record_t drre;
3104 int error;
3105 boolean_t anyerr = B_FALSE;
3106 boolean_t softerr = B_FALSE;
3107 boolean_t recursive, raw;
3108
3109 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3110 "cannot receive"));
3111
3112 assert(drr->drr_type == DRR_BEGIN);
3113 assert(drr->drr_u.drr_begin.drr_magic == DMU_BACKUP_MAGIC);
3114 assert(DMU_GET_STREAM_HDRTYPE(drr->drr_u.drr_begin.drr_versioninfo) ==
3115 DMU_COMPOUNDSTREAM);
3116
3117 /*
3118 * Read in the nvlist from the stream.
3119 */
3120 if (drr->drr_payloadlen != 0) {
3121 error = recv_read_nvlist(hdl, fd, drr->drr_payloadlen,
3122 &stream_nv, flags->byteswap, zc);
3123 if (error) {
3124 error = zfs_error(hdl, EZFS_BADSTREAM, errbuf);
3125 goto out;
3126 }
3127 }
3128
3129 recursive = (nvlist_lookup_boolean(stream_nv, "not_recursive") ==
3130 ENOENT);
3131 raw = (nvlist_lookup_boolean(stream_nv, "raw") == 0);
3132
3133 if (recursive && strchr(destname, '@')) {
3134 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3135 "cannot specify snapshot name for multi-snapshot stream"));
3136 error = zfs_error(hdl, EZFS_BADSTREAM, errbuf);
3137 goto out;
3138 }
3139
3140 /*
3141 * Read in the end record and verify checksum.
3142 */
3143 if (0 != (error = recv_read(hdl, fd, &drre, sizeof (drre),
3144 flags->byteswap, NULL)))
3145 goto out;
3146 if (flags->byteswap) {
3147 drre.drr_type = BSWAP_32(drre.drr_type);
3148 drre.drr_u.drr_end.drr_checksum.zc_word[0] =
3149 BSWAP_64(drre.drr_u.drr_end.drr_checksum.zc_word[0]);
3150 drre.drr_u.drr_end.drr_checksum.zc_word[1] =
3151 BSWAP_64(drre.drr_u.drr_end.drr_checksum.zc_word[1]);
3152 drre.drr_u.drr_end.drr_checksum.zc_word[2] =
3153 BSWAP_64(drre.drr_u.drr_end.drr_checksum.zc_word[2]);
3154 drre.drr_u.drr_end.drr_checksum.zc_word[3] =
3155 BSWAP_64(drre.drr_u.drr_end.drr_checksum.zc_word[3]);
3156 }
3157 if (drre.drr_type != DRR_END) {
3158 error = zfs_error(hdl, EZFS_BADSTREAM, errbuf);
3159 goto out;
3160 }
3161 if (!ZIO_CHECKSUM_EQUAL(drre.drr_u.drr_end.drr_checksum, *zc)) {
3162 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3163 "incorrect header checksum"));
3164 error = zfs_error(hdl, EZFS_BADSTREAM, errbuf);
3165 goto out;
3166 }
3167
3168 (void) nvlist_lookup_string(stream_nv, "fromsnap", &fromsnap);
3169
3170 if (drr->drr_payloadlen != 0) {
3171 nvlist_t *stream_fss;
3172
3173 VERIFY(0 == nvlist_lookup_nvlist(stream_nv, "fss",
3174 &stream_fss));
3175 if ((stream_avl = fsavl_create(stream_fss)) == NULL) {
3176 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3177 "couldn't allocate avl tree"));
3178 error = zfs_error(hdl, EZFS_NOMEM, errbuf);
3179 goto out;
3180 }
3181
3182 if (fromsnap != NULL && recursive) {
3183 nvlist_t *renamed = NULL;
3184 nvpair_t *pair = NULL;
3185
3186 (void) strlcpy(tofs, destname, sizeof (tofs));
3187 if (flags->isprefix) {
3188 struct drr_begin *drrb = &drr->drr_u.drr_begin;
3189 int i;
3190
3191 if (flags->istail) {
3192 cp = strrchr(drrb->drr_toname, '/');
3193 if (cp == NULL) {
3194 (void) strlcat(tofs, "/",
3195 sizeof (tofs));
3196 i = 0;
3197 } else {
3198 i = (cp - drrb->drr_toname);
3199 }
3200 } else {
3201 i = strcspn(drrb->drr_toname, "/@");
3202 }
3203 /* zfs_receive_one() will create_parents() */
3204 (void) strlcat(tofs, &drrb->drr_toname[i],
3205 sizeof (tofs));
3206 *strchr(tofs, '@') = '\0';
3207 }
3208
3209 if (!flags->dryrun && !flags->nomount) {
3210 VERIFY(0 == nvlist_alloc(&renamed,
3211 NV_UNIQUE_NAME, 0));
3212 }
3213
3214 softerr = recv_incremental_replication(hdl, tofs, flags,
3215 stream_nv, stream_avl, renamed);
3216
3217 /* Unmount renamed filesystems before receiving. */
3218 while ((pair = nvlist_next_nvpair(renamed,
3219 pair)) != NULL) {
3220 zfs_handle_t *zhp;
3221 prop_changelist_t *clp = NULL;
3222
3223 zhp = zfs_open(hdl, nvpair_name(pair),
3224 ZFS_TYPE_FILESYSTEM);
3225 if (zhp != NULL) {
3226 clp = changelist_gather(zhp,
3227 ZFS_PROP_MOUNTPOINT, 0, 0);
3228 zfs_close(zhp);
3229 if (clp != NULL) {
3230 softerr |=
3231 changelist_prefix(clp);
3232 changelist_free(clp);
3233 }
3234 }
3235 }
3236
3237 nvlist_free(renamed);
3238 }
3239 }
3240
3241 /*
3242 * Get the fs specified by the first path in the stream (the top level
3243 * specified by 'zfs send') and pass it to each invocation of
3244 * zfs_receive_one().
3245 */
3246 (void) strlcpy(sendfs, drr->drr_u.drr_begin.drr_toname,
3247 sizeof (sendfs));
3248 if ((cp = strchr(sendfs, '@')) != NULL) {
3249 *cp = '\0';
3250 /*
3251 * Find the "sendsnap", the final snapshot in a replication
3252 * stream. zfs_receive_one() handles certain errors
3253 * differently, depending on if the contained stream is the
3254 * last one or not.
3255 */
3256 sendsnap = (cp + 1);
3257 }
3258
3259 /* Finally, receive each contained stream */
3260 do {
3261 /*
3262 * we should figure out if it has a recoverable
3263 * error, in which case do a recv_skip() and drive on.
3264 * Note, if we fail due to already having this guid,
3265 * zfs_receive_one() will take care of it (ie,
3266 * recv_skip() and return 0).
3267 */
3268 error = zfs_receive_impl(hdl, destname, NULL, flags, fd,
3269 sendfs, stream_nv, stream_avl, top_zfs, cleanup_fd,
3270 action_handlep, sendsnap, cmdprops);
3271 if (error == ENODATA) {
3272 error = 0;
3273 break;
3274 }
3275 anyerr |= error;
3276 } while (error == 0);
3277
3278 if (drr->drr_payloadlen != 0 && recursive && fromsnap != NULL) {
3279 /*
3280 * Now that we have the fs's they sent us, try the
3281 * renames again.
3282 */
3283 softerr = recv_incremental_replication(hdl, tofs, flags,
3284 stream_nv, stream_avl, NULL);
3285 }
3286
3287 if (raw && softerr == 0) {
3288 softerr = recv_fix_encryption_hierarchy(hdl, destname,
3289 stream_nv, stream_avl);
3290 }
3291
3292 out:
3293 fsavl_destroy(stream_avl);
3294 nvlist_free(stream_nv);
3295 if (softerr)
3296 error = -2;
3297 if (anyerr)
3298 error = -1;
3299 return (error);
3300 }
3301
3302 static void
trunc_prop_errs(int truncated)3303 trunc_prop_errs(int truncated)
3304 {
3305 ASSERT(truncated != 0);
3306
3307 if (truncated == 1)
3308 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
3309 "1 more property could not be set\n"));
3310 else
3311 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
3312 "%d more properties could not be set\n"), truncated);
3313 }
3314
3315 static int
recv_skip(libzfs_handle_t * hdl,int fd,boolean_t byteswap)3316 recv_skip(libzfs_handle_t *hdl, int fd, boolean_t byteswap)
3317 {
3318 dmu_replay_record_t *drr;
3319 void *buf = zfs_alloc(hdl, SPA_MAXBLOCKSIZE);
3320 char errbuf[1024];
3321
3322 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3323 "cannot receive:"));
3324
3325 /* XXX would be great to use lseek if possible... */
3326 drr = buf;
3327
3328 while (recv_read(hdl, fd, drr, sizeof (dmu_replay_record_t),
3329 byteswap, NULL) == 0) {
3330 if (byteswap)
3331 drr->drr_type = BSWAP_32(drr->drr_type);
3332
3333 switch (drr->drr_type) {
3334 case DRR_BEGIN:
3335 if (drr->drr_payloadlen != 0) {
3336 (void) recv_read(hdl, fd, buf,
3337 drr->drr_payloadlen, B_FALSE, NULL);
3338 }
3339 break;
3340
3341 case DRR_END:
3342 free(buf);
3343 return (0);
3344
3345 case DRR_OBJECT:
3346 if (byteswap) {
3347 drr->drr_u.drr_object.drr_bonuslen =
3348 BSWAP_32(drr->drr_u.drr_object.
3349 drr_bonuslen);
3350 }
3351 (void) recv_read(hdl, fd, buf,
3352 P2ROUNDUP(drr->drr_u.drr_object.drr_bonuslen, 8),
3353 B_FALSE, NULL);
3354 break;
3355
3356 case DRR_WRITE:
3357 if (byteswap) {
3358 drr->drr_u.drr_write.drr_logical_size =
3359 BSWAP_64(
3360 drr->drr_u.drr_write.drr_logical_size);
3361 drr->drr_u.drr_write.drr_compressed_size =
3362 BSWAP_64(
3363 drr->drr_u.drr_write.drr_compressed_size);
3364 }
3365 uint64_t payload_size =
3366 DRR_WRITE_PAYLOAD_SIZE(&drr->drr_u.drr_write);
3367 assert(payload_size <= SPA_MAXBLOCKSIZE);
3368 (void) recv_read(hdl, fd, buf,
3369 payload_size, B_FALSE, NULL);
3370 break;
3371 case DRR_SPILL:
3372 if (byteswap) {
3373 drr->drr_u.drr_spill.drr_length =
3374 BSWAP_64(drr->drr_u.drr_spill.drr_length);
3375 }
3376 (void) recv_read(hdl, fd, buf,
3377 drr->drr_u.drr_spill.drr_length, B_FALSE, NULL);
3378 break;
3379 case DRR_WRITE_EMBEDDED:
3380 if (byteswap) {
3381 drr->drr_u.drr_write_embedded.drr_psize =
3382 BSWAP_32(drr->drr_u.drr_write_embedded.
3383 drr_psize);
3384 }
3385 (void) recv_read(hdl, fd, buf,
3386 P2ROUNDUP(drr->drr_u.drr_write_embedded.drr_psize,
3387 8), B_FALSE, NULL);
3388 break;
3389 case DRR_WRITE_BYREF:
3390 case DRR_FREEOBJECTS:
3391 case DRR_FREE:
3392 break;
3393
3394 default:
3395 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3396 "invalid record type"));
3397 return (zfs_error(hdl, EZFS_BADSTREAM, errbuf));
3398 }
3399 }
3400
3401 free(buf);
3402 return (-1);
3403 }
3404
3405 static void
recv_ecksum_set_aux(libzfs_handle_t * hdl,const char * target_snap,boolean_t resumable)3406 recv_ecksum_set_aux(libzfs_handle_t *hdl, const char *target_snap,
3407 boolean_t resumable)
3408 {
3409 char target_fs[ZFS_MAX_DATASET_NAME_LEN];
3410
3411 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3412 "checksum mismatch or incomplete stream"));
3413
3414 if (!resumable)
3415 return;
3416 (void) strlcpy(target_fs, target_snap, sizeof (target_fs));
3417 *strchr(target_fs, '@') = '\0';
3418 zfs_handle_t *zhp = zfs_open(hdl, target_fs,
3419 ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME);
3420 if (zhp == NULL)
3421 return;
3422
3423 char token_buf[ZFS_MAXPROPLEN];
3424 int error = zfs_prop_get(zhp, ZFS_PROP_RECEIVE_RESUME_TOKEN,
3425 token_buf, sizeof (token_buf),
3426 NULL, NULL, 0, B_TRUE);
3427 if (error == 0) {
3428 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3429 "checksum mismatch or incomplete stream.\n"
3430 "Partially received snapshot is saved.\n"
3431 "A resuming stream can be generated on the sending "
3432 "system by running:\n"
3433 " zfs send -t %s"),
3434 token_buf);
3435 }
3436 zfs_close(zhp);
3437 }
3438
3439 /*
3440 * Prepare a new nvlist of properties that are to override (-o) or be excluded
3441 * (-x) from the received dataset
3442 * recvprops: received properties from the send stream
3443 * cmdprops: raw input properties from command line
3444 * origprops: properties, both locally-set and received, currently set on the
3445 * target dataset if it exists, NULL otherwise.
3446 * oxprops: valid output override (-o) and excluded (-x) properties
3447 */
3448 static int
zfs_setup_cmdline_props(libzfs_handle_t * hdl,zfs_type_t type,char * fsname,boolean_t zoned,boolean_t recursive,boolean_t newfs,boolean_t raw,boolean_t toplevel,nvlist_t * recvprops,nvlist_t * cmdprops,nvlist_t * origprops,nvlist_t ** oxprops,uint8_t ** wkeydata_out,uint_t * wkeylen_out,const char * errbuf)3449 zfs_setup_cmdline_props(libzfs_handle_t *hdl, zfs_type_t type,
3450 char *fsname, boolean_t zoned, boolean_t recursive, boolean_t newfs,
3451 boolean_t raw, boolean_t toplevel, nvlist_t *recvprops, nvlist_t *cmdprops,
3452 nvlist_t *origprops, nvlist_t **oxprops, uint8_t **wkeydata_out,
3453 uint_t *wkeylen_out, const char *errbuf)
3454 {
3455 nvpair_t *nvp;
3456 nvlist_t *oprops, *voprops;
3457 zfs_handle_t *zhp = NULL;
3458 zpool_handle_t *zpool_hdl = NULL;
3459 char *cp;
3460 int ret = 0;
3461 char namebuf[ZFS_MAX_DATASET_NAME_LEN];
3462
3463 if (nvlist_empty(cmdprops))
3464 return (0); /* No properties to override or exclude */
3465
3466 *oxprops = fnvlist_alloc();
3467 oprops = fnvlist_alloc();
3468
3469 strlcpy(namebuf, fsname, ZFS_MAX_DATASET_NAME_LEN);
3470
3471 /*
3472 * Get our dataset handle. The target dataset may not exist yet.
3473 */
3474 if (zfs_dataset_exists(hdl, namebuf, ZFS_TYPE_DATASET)) {
3475 zhp = zfs_open(hdl, namebuf, ZFS_TYPE_DATASET);
3476 if (zhp == NULL) {
3477 ret = -1;
3478 goto error;
3479 }
3480 }
3481
3482 /* open the zpool handle */
3483 cp = strchr(namebuf, '/');
3484 if (cp != NULL)
3485 *cp = '\0';
3486 zpool_hdl = zpool_open(hdl, namebuf);
3487 if (zpool_hdl == NULL) {
3488 ret = -1;
3489 goto error;
3490 }
3491
3492 /* restore namebuf to match fsname for later use */
3493 if (cp != NULL)
3494 *cp = '/';
3495
3496 /*
3497 * first iteration: process excluded (-x) properties now and gather
3498 * added (-o) properties to be later processed by zfs_valid_proplist()
3499 */
3500 nvp = NULL;
3501 while ((nvp = nvlist_next_nvpair(cmdprops, nvp)) != NULL) {
3502 const char *name = nvpair_name(nvp);
3503 zfs_prop_t prop = zfs_name_to_prop(name);
3504
3505 /* "origin" is processed separately, don't handle it here */
3506 if (prop == ZFS_PROP_ORIGIN)
3507 continue;
3508
3509 /*
3510 * we're trying to override or exclude a property that does not
3511 * make sense for this type of dataset, but we don't want to
3512 * fail if the receive is recursive: this comes in handy when
3513 * the send stream contains, for instance, a child ZVOL and
3514 * we're trying to receive it with "-o atime=on"
3515 */
3516 if (!zfs_prop_valid_for_type(prop, type, B_FALSE) &&
3517 !zfs_prop_user(name)) {
3518 if (recursive)
3519 continue;
3520 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3521 "property '%s' does not apply to datasets of this "
3522 "type"), name);
3523 ret = zfs_error(hdl, EZFS_BADPROP, errbuf);
3524 goto error;
3525 }
3526
3527 /* raw streams can't override encryption properties */
3528 if ((zfs_prop_encryption_key_param(prop) ||
3529 prop == ZFS_PROP_ENCRYPTION) && raw) {
3530 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3531 "encryption property '%s' cannot "
3532 "be set or excluded for raw streams."), name);
3533 ret = zfs_error(hdl, EZFS_BADPROP, errbuf);
3534 goto error;
3535 }
3536
3537 /* incremental streams can only exclude encryption properties */
3538 if ((zfs_prop_encryption_key_param(prop) ||
3539 prop == ZFS_PROP_ENCRYPTION) && !newfs &&
3540 nvpair_type(nvp) != DATA_TYPE_BOOLEAN) {
3541 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3542 "encryption property '%s' cannot "
3543 "be set for incremental streams."), name);
3544 ret = zfs_error(hdl, EZFS_BADPROP, errbuf);
3545 goto error;
3546 }
3547
3548 switch (nvpair_type(nvp)) {
3549 case DATA_TYPE_BOOLEAN: /* -x property */
3550 /*
3551 * DATA_TYPE_BOOLEAN is the way we're asked to "exclude"
3552 * a property: this is done by forcing an explicit
3553 * inherit on the destination so the effective value is
3554 * not the one we received from the send stream.
3555 * We do this only if the property is not already
3556 * locally-set, in which case its value will take
3557 * priority over the received anyway.
3558 */
3559 if (nvlist_exists(origprops, name)) {
3560 nvlist_t *attrs;
3561 char *source = NULL;
3562
3563 attrs = fnvlist_lookup_nvlist(origprops, name);
3564 if (nvlist_lookup_string(attrs,
3565 ZPROP_SOURCE, &source) == 0 &&
3566 strcmp(source, ZPROP_SOURCE_VAL_RECVD) != 0)
3567 continue;
3568 }
3569 /*
3570 * We can't force an explicit inherit on non-inheritable
3571 * properties: if we're asked to exclude this kind of
3572 * values we remove them from "recvprops" input nvlist.
3573 */
3574 if (!zfs_prop_inheritable(prop) &&
3575 !zfs_prop_user(name) && /* can be inherited too */
3576 nvlist_exists(recvprops, name))
3577 fnvlist_remove(recvprops, name);
3578 else
3579 fnvlist_add_nvpair(*oxprops, nvp);
3580 break;
3581 case DATA_TYPE_STRING: /* -o property=value */
3582 fnvlist_add_nvpair(oprops, nvp);
3583 break;
3584 default:
3585 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3586 "property '%s' must be a string or boolean"), name);
3587 ret = zfs_error(hdl, EZFS_BADPROP, errbuf);
3588 goto error;
3589 }
3590 }
3591
3592 if (toplevel) {
3593 /* convert override strings properties to native */
3594 if ((voprops = zfs_valid_proplist(hdl, ZFS_TYPE_DATASET,
3595 oprops, zoned, zhp, zpool_hdl, B_FALSE, errbuf)) == NULL) {
3596 ret = zfs_error(hdl, EZFS_BADPROP, errbuf);
3597 goto error;
3598 }
3599
3600 /*
3601 * zfs_crypto_create() requires the parent name. Get it
3602 * by truncating the fsname copy stored in namebuf.
3603 */
3604 cp = strrchr(namebuf, '/');
3605 if (cp != NULL)
3606 *cp = '\0';
3607
3608 if (!raw && zfs_crypto_create(hdl, namebuf, voprops, NULL,
3609 B_FALSE, wkeydata_out, wkeylen_out) != 0) {
3610 fnvlist_free(voprops);
3611 ret = zfs_error(hdl, EZFS_CRYPTOFAILED, errbuf);
3612 goto error;
3613 }
3614
3615 /* second pass: process "-o" properties */
3616 fnvlist_merge(*oxprops, voprops);
3617 fnvlist_free(voprops);
3618 } else {
3619 /* override props on child dataset are inherited */
3620 nvp = NULL;
3621 while ((nvp = nvlist_next_nvpair(oprops, nvp)) != NULL) {
3622 const char *name = nvpair_name(nvp);
3623 fnvlist_add_boolean(*oxprops, name);
3624 }
3625 }
3626
3627 error:
3628 if (zhp != NULL)
3629 zfs_close(zhp);
3630 if (zpool_hdl != NULL)
3631 zpool_close(zpool_hdl);
3632 fnvlist_free(oprops);
3633 return (ret);
3634 }
3635
3636 /*
3637 * Restores a backup of tosnap from the file descriptor specified by infd.
3638 */
3639 static int
zfs_receive_one(libzfs_handle_t * hdl,int infd,const char * tosnap,const char * originsnap,recvflags_t * flags,dmu_replay_record_t * drr,dmu_replay_record_t * drr_noswap,const char * sendfs,nvlist_t * stream_nv,avl_tree_t * stream_avl,char ** top_zfs,int cleanup_fd,uint64_t * action_handlep,const char * finalsnap,nvlist_t * cmdprops)3640 zfs_receive_one(libzfs_handle_t *hdl, int infd, const char *tosnap,
3641 const char *originsnap, recvflags_t *flags, dmu_replay_record_t *drr,
3642 dmu_replay_record_t *drr_noswap, const char *sendfs, nvlist_t *stream_nv,
3643 avl_tree_t *stream_avl, char **top_zfs, int cleanup_fd,
3644 uint64_t *action_handlep, const char *finalsnap, nvlist_t *cmdprops)
3645 {
3646 time_t begin_time;
3647 int ioctl_err, ioctl_errno, err;
3648 char *cp;
3649 struct drr_begin *drrb = &drr->drr_u.drr_begin;
3650 char errbuf[1024];
3651 const char *chopprefix;
3652 boolean_t newfs = B_FALSE;
3653 boolean_t stream_wantsnewfs;
3654 boolean_t newprops = B_FALSE;
3655 uint64_t read_bytes = 0;
3656 uint64_t errflags = 0;
3657 uint64_t parent_snapguid = 0;
3658 prop_changelist_t *clp = NULL;
3659 nvlist_t *snapprops_nvlist = NULL;
3660 nvlist_t *snapholds_nvlist = NULL;
3661 zprop_errflags_t prop_errflags;
3662 nvlist_t *prop_errors = NULL;
3663 boolean_t recursive;
3664 char *snapname = NULL;
3665 char destsnap[MAXPATHLEN * 2];
3666 char origin[MAXNAMELEN];
3667 char name[MAXPATHLEN];
3668 char tmp_keylocation[MAXNAMELEN];
3669 nvlist_t *rcvprops = NULL; /* props received from the send stream */
3670 nvlist_t *oxprops = NULL; /* override (-o) and exclude (-x) props */
3671 nvlist_t *origprops = NULL; /* original props (if destination exists) */
3672 zfs_type_t type;
3673 boolean_t toplevel = B_FALSE;
3674 boolean_t zoned = B_FALSE;
3675 boolean_t hastoken = B_FALSE;
3676 uint8_t *wkeydata = NULL;
3677 uint_t wkeylen = 0;
3678
3679 begin_time = time(NULL);
3680 bzero(origin, MAXNAMELEN);
3681 bzero(tmp_keylocation, MAXNAMELEN);
3682
3683 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3684 "cannot receive"));
3685
3686 recursive = (nvlist_lookup_boolean(stream_nv, "not_recursive") ==
3687 ENOENT);
3688
3689 /* Did the user request holds be skipped via zfs recv -k? */
3690 boolean_t holds = flags->holds && !flags->skipholds;
3691
3692 if (stream_avl != NULL) {
3693 char *keylocation = NULL;
3694 nvlist_t *lookup = NULL;
3695 nvlist_t *fs = fsavl_find(stream_avl, drrb->drr_toguid,
3696 &snapname);
3697
3698 (void) nvlist_lookup_uint64(fs, "parentfromsnap",
3699 &parent_snapguid);
3700 err = nvlist_lookup_nvlist(fs, "props", &rcvprops);
3701 if (err) {
3702 VERIFY(0 == nvlist_alloc(&rcvprops, NV_UNIQUE_NAME, 0));
3703 newprops = B_TRUE;
3704 }
3705 /*
3706 * The keylocation property may only be set on encryption roots,
3707 * but this dataset might not become an encryption root until
3708 * recv_fix_encryption_hierarchy() is called. That function
3709 * will fixup the keylocation anyway, so we temporarily unset
3710 * the keylocation for now to avoid any errors from the receive
3711 * ioctl.
3712 */
3713 err = nvlist_lookup_string(rcvprops,
3714 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &keylocation);
3715 if (err == 0) {
3716 (void) strcpy(tmp_keylocation, keylocation);
3717 (void) nvlist_remove_all(rcvprops,
3718 zfs_prop_to_name(ZFS_PROP_KEYLOCATION));
3719 }
3720
3721 if (flags->canmountoff) {
3722 VERIFY(0 == nvlist_add_uint64(rcvprops,
3723 zfs_prop_to_name(ZFS_PROP_CANMOUNT), 0));
3724 } else if (newprops) { /* nothing in rcvprops, eliminate it */
3725 nvlist_free(rcvprops);
3726 rcvprops = NULL;
3727 newprops = B_FALSE;
3728 }
3729 if (0 == nvlist_lookup_nvlist(fs, "snapprops", &lookup)) {
3730 VERIFY(0 == nvlist_lookup_nvlist(lookup,
3731 snapname, &snapprops_nvlist));
3732 }
3733 if (holds) {
3734 if (0 == nvlist_lookup_nvlist(fs, "snapholds",
3735 &lookup)) {
3736 VERIFY(0 == nvlist_lookup_nvlist(lookup,
3737 snapname, &snapholds_nvlist));
3738 }
3739 }
3740 }
3741
3742 cp = NULL;
3743
3744 /*
3745 * Determine how much of the snapshot name stored in the stream
3746 * we are going to tack on to the name they specified on the
3747 * command line, and how much we are going to chop off.
3748 *
3749 * If they specified a snapshot, chop the entire name stored in
3750 * the stream.
3751 */
3752 if (flags->istail) {
3753 /*
3754 * A filesystem was specified with -e. We want to tack on only
3755 * the tail of the sent snapshot path.
3756 */
3757 if (strchr(tosnap, '@')) {
3758 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "invalid "
3759 "argument - snapshot not allowed with -e"));
3760 err = zfs_error(hdl, EZFS_INVALIDNAME, errbuf);
3761 goto out;
3762 }
3763
3764 chopprefix = strrchr(sendfs, '/');
3765
3766 if (chopprefix == NULL) {
3767 /*
3768 * The tail is the poolname, so we need to
3769 * prepend a path separator.
3770 */
3771 int len = strlen(drrb->drr_toname);
3772 cp = malloc(len + 2);
3773 cp[0] = '/';
3774 (void) strcpy(&cp[1], drrb->drr_toname);
3775 chopprefix = cp;
3776 } else {
3777 chopprefix = drrb->drr_toname + (chopprefix - sendfs);
3778 }
3779 } else if (flags->isprefix) {
3780 /*
3781 * A filesystem was specified with -d. We want to tack on
3782 * everything but the first element of the sent snapshot path
3783 * (all but the pool name).
3784 */
3785 if (strchr(tosnap, '@')) {
3786 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "invalid "
3787 "argument - snapshot not allowed with -d"));
3788 err = zfs_error(hdl, EZFS_INVALIDNAME, errbuf);
3789 goto out;
3790 }
3791
3792 chopprefix = strchr(drrb->drr_toname, '/');
3793 if (chopprefix == NULL)
3794 chopprefix = strchr(drrb->drr_toname, '@');
3795 } else if (strchr(tosnap, '@') == NULL) {
3796 /*
3797 * If a filesystem was specified without -d or -e, we want to
3798 * tack on everything after the fs specified by 'zfs send'.
3799 */
3800 chopprefix = drrb->drr_toname + strlen(sendfs);
3801 } else {
3802 /* A snapshot was specified as an exact path (no -d or -e). */
3803 if (recursive) {
3804 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3805 "cannot specify snapshot name for multi-snapshot "
3806 "stream"));
3807 err = zfs_error(hdl, EZFS_BADSTREAM, errbuf);
3808 goto out;
3809 }
3810 chopprefix = drrb->drr_toname + strlen(drrb->drr_toname);
3811 }
3812
3813 ASSERT(strstr(drrb->drr_toname, sendfs) == drrb->drr_toname);
3814 ASSERT(chopprefix > drrb->drr_toname);
3815 ASSERT(chopprefix <= drrb->drr_toname + strlen(drrb->drr_toname));
3816 ASSERT(chopprefix[0] == '/' || chopprefix[0] == '@' ||
3817 chopprefix[0] == '\0');
3818
3819 /*
3820 * Determine name of destination snapshot, store in zc_value.
3821 */
3822 (void) strlcpy(destsnap, tosnap, sizeof (destsnap));
3823 (void) strlcat(destsnap, chopprefix, sizeof (destsnap));
3824 free(cp);
3825 if (!zfs_name_valid(destsnap, ZFS_TYPE_SNAPSHOT)) {
3826 err = zfs_error(hdl, EZFS_INVALIDNAME, errbuf);
3827 goto out;
3828 }
3829
3830 /*
3831 * Determine the name of the origin snapshot, store in zc_string.
3832 */
3833 if (originsnap) {
3834 (void) strlcpy(origin, originsnap, sizeof (origin));
3835 if (flags->verbose)
3836 (void) printf("using provided clone origin %s\n",
3837 origin);
3838 } else if (drrb->drr_flags & DRR_FLAG_CLONE) {
3839 if (guid_to_name(hdl, destsnap,
3840 drrb->drr_fromguid, B_FALSE, origin) != 0) {
3841 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3842 "local origin for clone %s does not exist"),
3843 destsnap);
3844 err = zfs_error(hdl, EZFS_NOENT, errbuf);
3845 goto out;
3846 }
3847 if (flags->verbose)
3848 (void) printf("found clone origin %s\n", origin);
3849 }
3850
3851 boolean_t resuming = DMU_GET_FEATUREFLAGS(drrb->drr_versioninfo) &
3852 DMU_BACKUP_FEATURE_RESUMING;
3853 boolean_t raw = DMU_GET_FEATUREFLAGS(drrb->drr_versioninfo) &
3854 DMU_BACKUP_FEATURE_RAW;
3855 boolean_t embedded = DMU_GET_FEATUREFLAGS(drrb->drr_versioninfo) &
3856 DMU_BACKUP_FEATURE_EMBED_DATA;
3857 stream_wantsnewfs = (drrb->drr_fromguid == 0 ||
3858 (drrb->drr_flags & DRR_FLAG_CLONE) || originsnap) && !resuming;
3859
3860 if (stream_wantsnewfs) {
3861 /*
3862 * if the parent fs does not exist, look for it based on
3863 * the parent snap GUID
3864 */
3865 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3866 "cannot receive new filesystem stream"));
3867
3868 (void) strcpy(name, destsnap);
3869 cp = strrchr(name, '/');
3870 if (cp)
3871 *cp = '\0';
3872 if (cp &&
3873 !zfs_dataset_exists(hdl, name, ZFS_TYPE_DATASET)) {
3874 char suffix[ZFS_MAX_DATASET_NAME_LEN];
3875 (void) strcpy(suffix, strrchr(destsnap, '/'));
3876 if (guid_to_name(hdl, name, parent_snapguid,
3877 B_FALSE, destsnap) == 0) {
3878 *strchr(destsnap, '@') = '\0';
3879 (void) strcat(destsnap, suffix);
3880 }
3881 }
3882 } else {
3883 /*
3884 * if the fs does not exist, look for it based on the
3885 * fromsnap GUID
3886 */
3887 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3888 "cannot receive incremental stream"));
3889
3890 (void) strcpy(name, destsnap);
3891 *strchr(name, '@') = '\0';
3892
3893 /*
3894 * If the exact receive path was specified and this is the
3895 * topmost path in the stream, then if the fs does not exist we
3896 * should look no further.
3897 */
3898 if ((flags->isprefix || (*(chopprefix = drrb->drr_toname +
3899 strlen(sendfs)) != '\0' && *chopprefix != '@')) &&
3900 !zfs_dataset_exists(hdl, name, ZFS_TYPE_DATASET)) {
3901 char snap[ZFS_MAX_DATASET_NAME_LEN];
3902 (void) strcpy(snap, strchr(destsnap, '@'));
3903 if (guid_to_name(hdl, name, drrb->drr_fromguid,
3904 B_FALSE, destsnap) == 0) {
3905 *strchr(destsnap, '@') = '\0';
3906 (void) strcat(destsnap, snap);
3907 }
3908 }
3909 }
3910
3911 (void) strcpy(name, destsnap);
3912 *strchr(name, '@') = '\0';
3913
3914 if (zfs_dataset_exists(hdl, name, ZFS_TYPE_DATASET)) {
3915 zfs_cmd_t zc = { 0 };
3916 zfs_handle_t *zhp;
3917 boolean_t encrypted;
3918
3919 (void) strcpy(zc.zc_name, name);
3920
3921 /*
3922 * Destination fs exists. It must be one of these cases:
3923 * - an incremental send stream
3924 * - the stream specifies a new fs (full stream or clone)
3925 * and they want us to blow away the existing fs (and
3926 * have therefore specified -F and removed any snapshots)
3927 * - we are resuming a failed receive.
3928 */
3929 if (stream_wantsnewfs) {
3930 if (!flags->force) {
3931 zcmd_free_nvlists(&zc);
3932 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3933 "destination '%s' exists\n"
3934 "must specify -F to overwrite it"), name);
3935 err = zfs_error(hdl, EZFS_EXISTS, errbuf);
3936 goto out;
3937 }
3938 if (ioctl(hdl->libzfs_fd, ZFS_IOC_SNAPSHOT_LIST_NEXT,
3939 &zc) == 0) {
3940 zcmd_free_nvlists(&zc);
3941 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3942 "destination has snapshots (eg. %s)\n"
3943 "must destroy them to overwrite it"),
3944 zc.zc_name);
3945 err = zfs_error(hdl, EZFS_EXISTS, errbuf);
3946 goto out;
3947 }
3948 }
3949
3950 if ((zhp = zfs_open(hdl, name,
3951 ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME)) == NULL) {
3952 zcmd_free_nvlists(&zc);
3953 err = -1;
3954 goto out;
3955 }
3956
3957 if (stream_wantsnewfs &&
3958 zhp->zfs_dmustats.dds_origin[0]) {
3959 zcmd_free_nvlists(&zc);
3960 zfs_close(zhp);
3961 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3962 "destination '%s' is a clone\n"
3963 "must destroy it to overwrite it"), name);
3964 err = zfs_error(hdl, EZFS_EXISTS, errbuf);
3965 goto out;
3966 }
3967
3968 /*
3969 * Raw sends can not be performed as an incremental on top
3970 * of existing unencrypted datasets. zfs recv -F cant be
3971 * used to blow away an existing encrypted filesystem. This
3972 * is because it would require the dsl dir to point to the
3973 * new key (or lack of a key) and the old key at the same
3974 * time. The -F flag may still be used for deleting
3975 * intermediate snapshots that would otherwise prevent the
3976 * receive from working.
3977 */
3978 encrypted = zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION) !=
3979 ZIO_CRYPT_OFF;
3980 if (!stream_wantsnewfs && !encrypted && raw) {
3981 zfs_close(zhp);
3982 zcmd_free_nvlists(&zc);
3983 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3984 "cannot perform raw receive on top of "
3985 "existing unencrypted dataset"));
3986 err = zfs_error(hdl, EZFS_BADRESTORE, errbuf);
3987 goto out;
3988 }
3989
3990 if (stream_wantsnewfs && flags->force &&
3991 ((raw && !encrypted) || encrypted)) {
3992 zfs_close(zhp);
3993 zcmd_free_nvlists(&zc);
3994 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3995 "zfs receive -F cannot be used to destroy an "
3996 "encrypted filesystem or overwrite an "
3997 "unencrypted one with an encrypted one"));
3998 err = zfs_error(hdl, EZFS_BADRESTORE, errbuf);
3999 goto out;
4000 }
4001
4002 if (!flags->dryrun && zhp->zfs_type == ZFS_TYPE_FILESYSTEM &&
4003 stream_wantsnewfs) {
4004 /* We can't do online recv in this case */
4005 clp = changelist_gather(zhp, ZFS_PROP_NAME, 0, 0);
4006 if (clp == NULL) {
4007 zfs_close(zhp);
4008 err = -1;
4009 goto out;
4010 }
4011 if (changelist_prefix(clp) != 0) {
4012 changelist_free(clp);
4013 zfs_close(zhp);
4014 err = -1;
4015 goto out;
4016 }
4017 }
4018
4019 /*
4020 * If we are resuming a newfs, set newfs here so that we will
4021 * mount it if the recv succeeds this time. We can tell
4022 * that it was a newfs on the first recv because the fs
4023 * itself will be inconsistent (if the fs existed when we
4024 * did the first recv, we would have received it into
4025 * .../%recv).
4026 */
4027 if (resuming && zfs_prop_get_int(zhp, ZFS_PROP_INCONSISTENT))
4028 newfs = B_TRUE;
4029
4030 /* we want to know if we're zoned when validating -o|-x props */
4031 zoned = zfs_prop_get_int(zhp, ZFS_PROP_ZONED);
4032
4033 /* may need this info later, get it now we have zhp around */
4034 if (zfs_prop_get(zhp, ZFS_PROP_RECEIVE_RESUME_TOKEN, NULL, 0,
4035 NULL, NULL, 0, B_TRUE) == 0)
4036 hastoken = B_TRUE;
4037
4038 /* gather existing properties on destination */
4039 origprops = fnvlist_alloc();
4040 fnvlist_merge(origprops, zhp->zfs_props);
4041 fnvlist_merge(origprops, zhp->zfs_user_props);
4042
4043 zfs_close(zhp);
4044 cp = NULL;
4045 } else {
4046 zfs_handle_t *zhp;
4047
4048 /*
4049 * Destination filesystem does not exist. Therefore we better
4050 * be creating a new filesystem (either from a full backup, or
4051 * a clone). It would therefore be invalid if the user
4052 * specified only the pool name (i.e. if the destination name
4053 * contained no slash character).
4054 */
4055 cp = strrchr(name, '/');
4056
4057 if (!stream_wantsnewfs || cp == NULL) {
4058 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4059 "destination '%s' does not exist"), name);
4060 err = zfs_error(hdl, EZFS_NOENT, errbuf);
4061 goto out;
4062 }
4063
4064 /*
4065 * Trim off the final dataset component so we perform the
4066 * recvbackup ioctl to the filesystems's parent.
4067 */
4068 *cp = '\0';
4069
4070 if (flags->isprefix && !flags->istail && !flags->dryrun &&
4071 create_parents(hdl, destsnap, strlen(tosnap)) != 0) {
4072 err = zfs_error(hdl, EZFS_BADRESTORE, errbuf);
4073 goto out;
4074 }
4075
4076 /* validate parent */
4077 zhp = zfs_open(hdl, name, ZFS_TYPE_DATASET);
4078 if (zhp == NULL) {
4079 err = zfs_error(hdl, EZFS_BADRESTORE, errbuf);
4080 goto out;
4081 }
4082 if (zfs_get_type(zhp) != ZFS_TYPE_FILESYSTEM) {
4083 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4084 "parent '%s' is not a filesystem"), name);
4085 err = zfs_error(hdl, EZFS_WRONG_PARENT, errbuf);
4086 zfs_close(zhp);
4087 goto out;
4088 }
4089
4090 /*
4091 * It is invalid to receive a properties stream that was
4092 * unencrypted on the send side as a child of an encrypted
4093 * parent. Technically there is nothing preventing this, but
4094 * it would mean that the encryption=off property which is
4095 * locally set on the send side would not be received correctly.
4096 * We can infer encryption=off if the stream is not raw and
4097 * properties were included since the send side will only ever
4098 * send the encryption property in a raw nvlist header. This
4099 * check will be avoided if the user specifically overrides
4100 * the encryption property on the command line.
4101 */
4102 if (!raw && rcvprops != NULL &&
4103 !nvlist_exists(cmdprops,
4104 zfs_prop_to_name(ZFS_PROP_ENCRYPTION))) {
4105 uint64_t crypt;
4106
4107 crypt = zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION);
4108
4109 if (crypt != ZIO_CRYPT_OFF) {
4110 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4111 "parent '%s' must not be encrypted to "
4112 "receive unenecrypted property"), name);
4113 err = zfs_error(hdl, EZFS_BADPROP, errbuf);
4114 zfs_close(zhp);
4115 goto out;
4116 }
4117 }
4118 zfs_close(zhp);
4119
4120 newfs = B_TRUE;
4121 *cp = '/';
4122 }
4123
4124 if (flags->verbose) {
4125 (void) printf("%s %s stream of %s into %s\n",
4126 flags->dryrun ? "would receive" : "receiving",
4127 drrb->drr_fromguid ? "incremental" : "full",
4128 drrb->drr_toname, destsnap);
4129 (void) fflush(stdout);
4130 }
4131
4132 if (flags->dryrun) {
4133 err = recv_skip(hdl, infd, flags->byteswap);
4134 goto out;
4135 }
4136
4137 if (top_zfs && (*top_zfs == NULL || strcmp(*top_zfs, name) == 0))
4138 toplevel = B_TRUE;
4139 if (drrb->drr_type == DMU_OST_ZVOL) {
4140 type = ZFS_TYPE_VOLUME;
4141 } else if (drrb->drr_type == DMU_OST_ZFS) {
4142 type = ZFS_TYPE_FILESYSTEM;
4143 } else {
4144 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4145 "invalid record type: 0x%d"), drrb->drr_type);
4146 err = zfs_error(hdl, EZFS_BADSTREAM, errbuf);
4147 goto out;
4148 }
4149 if ((err = zfs_setup_cmdline_props(hdl, type, name, zoned, recursive,
4150 stream_wantsnewfs, raw, toplevel, rcvprops, cmdprops, origprops,
4151 &oxprops, &wkeydata, &wkeylen, errbuf)) != 0)
4152 goto out;
4153
4154 /*
4155 * The following is a difference between ZoL and illumos.
4156 *
4157 * On illumos, we must trim the last component of the dataset name
4158 * that is passed via the ioctl so that we can properly validate
4159 * zfs_secpolicy_recv() when receiving to a delegated dataset within
4160 * zone. This matches the historical behavior of the receive ioctl.
4161 * However, we can't do this until after zfs_setup_cmdline_props()
4162 * has finished with the full name.
4163 */
4164 if (cp != NULL)
4165 *cp = '\0';
4166
4167 err = ioctl_err = lzc_receive_with_cmdprops(destsnap, rcvprops,
4168 oxprops, wkeydata, wkeylen, origin, flags->force, flags->resumable,
4169 raw, infd, drr_noswap, cleanup_fd, &read_bytes, &errflags,
4170 action_handlep, &prop_errors);
4171 ioctl_errno = errno;
4172 prop_errflags = errflags;
4173
4174 if (err == 0) {
4175 nvpair_t *prop_err = NULL;
4176
4177 while ((prop_err = nvlist_next_nvpair(prop_errors,
4178 prop_err)) != NULL) {
4179 char tbuf[1024];
4180 zfs_prop_t prop;
4181 int intval;
4182
4183 prop = zfs_name_to_prop(nvpair_name(prop_err));
4184 (void) nvpair_value_int32(prop_err, &intval);
4185 if (strcmp(nvpair_name(prop_err),
4186 ZPROP_N_MORE_ERRORS) == 0) {
4187 trunc_prop_errs(intval);
4188 break;
4189 } else if (snapname == NULL || finalsnap == NULL ||
4190 strcmp(finalsnap, snapname) == 0 ||
4191 strcmp(nvpair_name(prop_err),
4192 zfs_prop_to_name(ZFS_PROP_REFQUOTA)) != 0) {
4193 /*
4194 * Skip the special case of, for example,
4195 * "refquota", errors on intermediate
4196 * snapshots leading up to a final one.
4197 * That's why we have all of the checks above.
4198 *
4199 * See zfs_ioctl.c's extract_delay_props() for
4200 * a list of props which can fail on
4201 * intermediate snapshots, but shouldn't
4202 * affect the overall receive.
4203 */
4204 (void) snprintf(tbuf, sizeof (tbuf),
4205 dgettext(TEXT_DOMAIN,
4206 "cannot receive %s property on %s"),
4207 nvpair_name(prop_err), name);
4208 zfs_setprop_error(hdl, prop, intval, tbuf);
4209 }
4210 }
4211 nvlist_free(prop_errors);
4212 }
4213
4214 if (err == 0 && snapprops_nvlist) {
4215 zfs_cmd_t zc = { 0 };
4216
4217 (void) strcpy(zc.zc_name, destsnap);
4218 zc.zc_cookie = B_TRUE; /* received */
4219 if (zcmd_write_src_nvlist(hdl, &zc, snapprops_nvlist) == 0) {
4220 (void) zfs_ioctl(hdl, ZFS_IOC_SET_PROP, &zc);
4221 zcmd_free_nvlists(&zc);
4222 }
4223 }
4224 if (err == 0 && snapholds_nvlist) {
4225 nvpair_t *pair;
4226 nvlist_t *holds, *errors = NULL;
4227 int cleanup_fd = -1;
4228
4229 VERIFY(0 == nvlist_alloc(&holds, 0, KM_SLEEP));
4230 for (pair = nvlist_next_nvpair(snapholds_nvlist, NULL);
4231 pair != NULL;
4232 pair = nvlist_next_nvpair(snapholds_nvlist, pair)) {
4233 VERIFY(0 == nvlist_add_string(holds, destsnap,
4234 nvpair_name(pair)));
4235 }
4236 (void) lzc_hold(holds, cleanup_fd, &errors);
4237 nvlist_free(snapholds_nvlist);
4238 nvlist_free(holds);
4239 }
4240
4241 if (err && (ioctl_errno == ENOENT || ioctl_errno == EEXIST)) {
4242 /*
4243 * It may be that this snapshot already exists,
4244 * in which case we want to consume & ignore it
4245 * rather than failing.
4246 */
4247 avl_tree_t *local_avl;
4248 nvlist_t *local_nv, *fs;
4249 cp = strchr(destsnap, '@');
4250
4251 /*
4252 * XXX Do this faster by just iterating over snaps in
4253 * this fs. Also if zc_value does not exist, we will
4254 * get a strange "does not exist" error message.
4255 */
4256 *cp = '\0';
4257 if (gather_nvlist(hdl, destsnap, NULL, NULL, B_FALSE, B_TRUE,
4258 B_FALSE, B_FALSE, B_FALSE, B_TRUE,
4259 &local_nv, &local_avl) == 0) {
4260 *cp = '@';
4261 fs = fsavl_find(local_avl, drrb->drr_toguid, NULL);
4262 fsavl_destroy(local_avl);
4263 nvlist_free(local_nv);
4264
4265 if (fs != NULL) {
4266 if (flags->verbose) {
4267 (void) printf("snap %s already exists; "
4268 "ignoring\n", destsnap);
4269 }
4270 err = ioctl_err = recv_skip(hdl, infd,
4271 flags->byteswap);
4272 }
4273 }
4274 *cp = '@';
4275 }
4276
4277 if (ioctl_err != 0) {
4278 switch (ioctl_errno) {
4279 case ENODEV:
4280 cp = strchr(destsnap, '@');
4281 *cp = '\0';
4282 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4283 "most recent snapshot of %s does not\n"
4284 "match incremental source"), destsnap);
4285 (void) zfs_error(hdl, EZFS_BADRESTORE, errbuf);
4286 *cp = '@';
4287 break;
4288 case ETXTBSY:
4289 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4290 "destination %s has been modified\n"
4291 "since most recent snapshot"), name);
4292 (void) zfs_error(hdl, EZFS_BADRESTORE, errbuf);
4293 break;
4294 case EACCES:
4295 if (raw && stream_wantsnewfs) {
4296 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4297 "failed to create encryption key"));
4298 } else if (raw && !stream_wantsnewfs) {
4299 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4300 "encryption key does not match "
4301 "existing key"));
4302 } else {
4303 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4304 "inherited key must be loaded"));
4305 }
4306 (void) zfs_error(hdl, EZFS_CRYPTOFAILED, errbuf);
4307 break;
4308 case EEXIST:
4309 cp = strchr(destsnap, '@');
4310 if (newfs) {
4311 /* it's the containing fs that exists */
4312 *cp = '\0';
4313 }
4314 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4315 "destination already exists"));
4316 (void) zfs_error_fmt(hdl, EZFS_EXISTS,
4317 dgettext(TEXT_DOMAIN, "cannot restore to %s"),
4318 destsnap);
4319 *cp = '@';
4320 break;
4321 case EINVAL:
4322 if (embedded && !raw)
4323 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4324 "incompatible embedded data stream "
4325 "feature with encrypted receive."));
4326 (void) zfs_error(hdl, EZFS_BADSTREAM, errbuf);
4327 break;
4328 case ECKSUM:
4329 recv_ecksum_set_aux(hdl, destsnap, flags->resumable);
4330 (void) zfs_error(hdl, EZFS_BADSTREAM, errbuf);
4331 break;
4332 case ENOTSUP:
4333 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4334 "pool must be upgraded to receive this stream."));
4335 (void) zfs_error(hdl, EZFS_BADVERSION, errbuf);
4336 break;
4337 case EDQUOT:
4338 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4339 "destination %s space quota exceeded."), name);
4340 (void) zfs_error(hdl, EZFS_NOSPC, errbuf);
4341 break;
4342 case ZFS_ERR_FROM_IVSET_GUID_MISSING:
4343 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4344 "IV set guid missing. See errata %u at"
4345 "http://zfsonlinux.org/msg/ZFS-8000-ER"),
4346 ZPOOL_ERRATA_ZOL_8308_ENCRYPTION);
4347 (void) zfs_error(hdl, EZFS_BADSTREAM, errbuf);
4348 break;
4349 case ZFS_ERR_FROM_IVSET_GUID_MISMATCH:
4350 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4351 "IV set guid mismatch. See the 'zfs receive' "
4352 "man page section\n discussing the limitations "
4353 "of raw encrypted send streams."));
4354 (void) zfs_error(hdl, EZFS_BADSTREAM, errbuf);
4355 break;
4356 case ZFS_ERR_SPILL_BLOCK_FLAG_MISSING:
4357 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4358 "Spill block flag missing for raw send.\n"
4359 "The zfs software on the sending system must "
4360 "be updated."));
4361 (void) zfs_error(hdl, EZFS_BADSTREAM, errbuf);
4362 break;
4363 case EBUSY:
4364 if (hastoken) {
4365 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4366 "destination %s contains "
4367 "partially-complete state from "
4368 "\"zfs receive -s\"."), name);
4369 (void) zfs_error(hdl, EZFS_BUSY, errbuf);
4370 break;
4371 }
4372 /* fallthru */
4373 default:
4374 (void) zfs_standard_error(hdl, ioctl_errno, errbuf);
4375 }
4376 }
4377
4378 /*
4379 * Mount the target filesystem (if created). Also mount any
4380 * children of the target filesystem if we did a replication
4381 * receive (indicated by stream_avl being non-NULL).
4382 */
4383 cp = strchr(destsnap, '@');
4384 if (cp && (ioctl_err == 0 || !newfs)) {
4385 zfs_handle_t *h;
4386
4387 *cp = '\0';
4388 h = zfs_open(hdl, destsnap,
4389 ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME);
4390 if (h != NULL) {
4391 if (h->zfs_type == ZFS_TYPE_VOLUME) {
4392 *cp = '@';
4393 } else if (newfs || stream_avl) {
4394 /*
4395 * Track the first/top of hierarchy fs,
4396 * for mounting and sharing later.
4397 */
4398 if (top_zfs && *top_zfs == NULL)
4399 *top_zfs = zfs_strdup(hdl, destsnap);
4400 }
4401 zfs_close(h);
4402 }
4403 *cp = '@';
4404 }
4405
4406 if (clp) {
4407 if (!flags->nomount)
4408 err |= changelist_postfix(clp);
4409 changelist_free(clp);
4410 }
4411
4412 if (prop_errflags & ZPROP_ERR_NOCLEAR) {
4413 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, "Warning: "
4414 "failed to clear unreceived properties on %s"), name);
4415 (void) fprintf(stderr, "\n");
4416 }
4417 if (prop_errflags & ZPROP_ERR_NORESTORE) {
4418 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, "Warning: "
4419 "failed to restore original properties on %s"), name);
4420 (void) fprintf(stderr, "\n");
4421 }
4422
4423 if (err || ioctl_err) {
4424 err = -1;
4425 goto out;
4426 }
4427
4428 if (flags->verbose) {
4429 char buf1[64];
4430 char buf2[64];
4431 uint64_t bytes = read_bytes;
4432 time_t delta = time(NULL) - begin_time;
4433 if (delta == 0)
4434 delta = 1;
4435 zfs_nicebytes(bytes, buf1, sizeof (buf1));
4436 zfs_nicebytes(bytes / delta, buf2, sizeof (buf2));
4437
4438 (void) printf("received %s stream in %lu seconds (%s/sec)\n",
4439 buf1, delta, buf2);
4440 }
4441
4442 err = 0;
4443 out:
4444
4445 if (tmp_keylocation[0] != '\0') {
4446 VERIFY(0 == nvlist_add_string(rcvprops,
4447 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), tmp_keylocation));
4448 }
4449
4450 if (newprops)
4451 nvlist_free(rcvprops);
4452
4453 nvlist_free(oxprops);
4454 nvlist_free(origprops);
4455
4456 return (err);
4457 }
4458
4459 /*
4460 * Check properties we were asked to override (both -o|-x)
4461 */
4462 static boolean_t
zfs_receive_checkprops(libzfs_handle_t * hdl,nvlist_t * props,const char * errbuf)4463 zfs_receive_checkprops(libzfs_handle_t *hdl, nvlist_t *props,
4464 const char *errbuf)
4465 {
4466 nvpair_t *nvp;
4467 zfs_prop_t prop;
4468 const char *name;
4469
4470 nvp = NULL;
4471 while ((nvp = nvlist_next_nvpair(props, nvp)) != NULL) {
4472 name = nvpair_name(nvp);
4473 prop = zfs_name_to_prop(name);
4474
4475 if (prop == ZPROP_INVAL) {
4476 if (!zfs_prop_user(name)) {
4477 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4478 "invalid property '%s'"), name);
4479 return (B_FALSE);
4480 }
4481 continue;
4482 }
4483 /*
4484 * "origin" is readonly but is used to receive datasets as
4485 * clones so we don't raise an error here
4486 */
4487 if (prop == ZFS_PROP_ORIGIN)
4488 continue;
4489
4490 /* encryption params have their own verification later */
4491 if (prop == ZFS_PROP_ENCRYPTION ||
4492 zfs_prop_encryption_key_param(prop))
4493 continue;
4494
4495 /*
4496 * cannot override readonly, set-once and other specific
4497 * settable properties
4498 */
4499 if (zfs_prop_readonly(prop) || prop == ZFS_PROP_VERSION ||
4500 prop == ZFS_PROP_VOLSIZE) {
4501 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4502 "invalid property '%s'"), name);
4503 return (B_FALSE);
4504 }
4505 }
4506
4507 return (B_TRUE);
4508 }
4509
4510 static int
zfs_receive_impl(libzfs_handle_t * hdl,const char * tosnap,const char * originsnap,recvflags_t * flags,int infd,const char * sendfs,nvlist_t * stream_nv,avl_tree_t * stream_avl,char ** top_zfs,int cleanup_fd,uint64_t * action_handlep,const char * finalsnap,nvlist_t * cmdprops)4511 zfs_receive_impl(libzfs_handle_t *hdl, const char *tosnap,
4512 const char *originsnap, recvflags_t *flags, int infd, const char *sendfs,
4513 nvlist_t *stream_nv, avl_tree_t *stream_avl, char **top_zfs, int cleanup_fd,
4514 uint64_t *action_handlep, const char *finalsnap, nvlist_t *cmdprops)
4515 {
4516 int err;
4517 dmu_replay_record_t drr, drr_noswap;
4518 struct drr_begin *drrb = &drr.drr_u.drr_begin;
4519 char errbuf[1024];
4520 zio_cksum_t zcksum = { 0 };
4521 uint64_t featureflags;
4522 int hdrtype;
4523
4524 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
4525 "cannot receive"));
4526
4527 /* check cmdline props, raise an error if they cannot be received */
4528 if (!zfs_receive_checkprops(hdl, cmdprops, errbuf)) {
4529 return (zfs_error(hdl, EZFS_BADPROP, errbuf));
4530 }
4531
4532 if (flags->isprefix &&
4533 !zfs_dataset_exists(hdl, tosnap, ZFS_TYPE_DATASET)) {
4534 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "specified fs "
4535 "(%s) does not exist"), tosnap);
4536 return (zfs_error(hdl, EZFS_NOENT, errbuf));
4537 }
4538 if (originsnap &&
4539 !zfs_dataset_exists(hdl, originsnap, ZFS_TYPE_DATASET)) {
4540 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "specified origin fs "
4541 "(%s) does not exist"), originsnap);
4542 return (zfs_error(hdl, EZFS_NOENT, errbuf));
4543 }
4544
4545 /* read in the BEGIN record */
4546 if (0 != (err = recv_read(hdl, infd, &drr, sizeof (drr), B_FALSE,
4547 &zcksum)))
4548 return (err);
4549
4550 if (drr.drr_type == DRR_END || drr.drr_type == BSWAP_32(DRR_END)) {
4551 /* It's the double end record at the end of a package */
4552 return (ENODATA);
4553 }
4554
4555 /* the kernel needs the non-byteswapped begin record */
4556 drr_noswap = drr;
4557
4558 flags->byteswap = B_FALSE;
4559 if (drrb->drr_magic == BSWAP_64(DMU_BACKUP_MAGIC)) {
4560 /*
4561 * We computed the checksum in the wrong byteorder in
4562 * recv_read() above; do it again correctly.
4563 */
4564 bzero(&zcksum, sizeof (zio_cksum_t));
4565 (void) fletcher_4_incremental_byteswap(&drr,
4566 sizeof (drr), &zcksum);
4567 flags->byteswap = B_TRUE;
4568
4569 drr.drr_type = BSWAP_32(drr.drr_type);
4570 drr.drr_payloadlen = BSWAP_32(drr.drr_payloadlen);
4571 drrb->drr_magic = BSWAP_64(drrb->drr_magic);
4572 drrb->drr_versioninfo = BSWAP_64(drrb->drr_versioninfo);
4573 drrb->drr_creation_time = BSWAP_64(drrb->drr_creation_time);
4574 drrb->drr_type = BSWAP_32(drrb->drr_type);
4575 drrb->drr_flags = BSWAP_32(drrb->drr_flags);
4576 drrb->drr_toguid = BSWAP_64(drrb->drr_toguid);
4577 drrb->drr_fromguid = BSWAP_64(drrb->drr_fromguid);
4578 }
4579
4580 if (drrb->drr_magic != DMU_BACKUP_MAGIC || drr.drr_type != DRR_BEGIN) {
4581 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "invalid "
4582 "stream (bad magic number)"));
4583 return (zfs_error(hdl, EZFS_BADSTREAM, errbuf));
4584 }
4585
4586 featureflags = DMU_GET_FEATUREFLAGS(drrb->drr_versioninfo);
4587 hdrtype = DMU_GET_STREAM_HDRTYPE(drrb->drr_versioninfo);
4588
4589 if (!DMU_STREAM_SUPPORTED(featureflags) ||
4590 (hdrtype != DMU_SUBSTREAM && hdrtype != DMU_COMPOUNDSTREAM)) {
4591 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4592 "stream has unsupported feature, feature flags = %lx"),
4593 featureflags);
4594 return (zfs_error(hdl, EZFS_BADSTREAM, errbuf));
4595 }
4596
4597 /* Holds feature is set once in the compound stream header. */
4598 boolean_t holds = (DMU_GET_FEATUREFLAGS(drrb->drr_versioninfo) &
4599 DMU_BACKUP_FEATURE_HOLDS);
4600 if (holds)
4601 flags->holds = B_TRUE;
4602
4603 if (strchr(drrb->drr_toname, '@') == NULL) {
4604 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "invalid "
4605 "stream (bad snapshot name)"));
4606 return (zfs_error(hdl, EZFS_BADSTREAM, errbuf));
4607 }
4608
4609 if (DMU_GET_STREAM_HDRTYPE(drrb->drr_versioninfo) == DMU_SUBSTREAM) {
4610 char nonpackage_sendfs[ZFS_MAX_DATASET_NAME_LEN];
4611 if (sendfs == NULL) {
4612 /*
4613 * We were not called from zfs_receive_package(). Get
4614 * the fs specified by 'zfs send'.
4615 */
4616 char *cp;
4617 (void) strlcpy(nonpackage_sendfs,
4618 drr.drr_u.drr_begin.drr_toname,
4619 sizeof (nonpackage_sendfs));
4620 if ((cp = strchr(nonpackage_sendfs, '@')) != NULL)
4621 *cp = '\0';
4622 sendfs = nonpackage_sendfs;
4623 VERIFY(finalsnap == NULL);
4624 }
4625 return (zfs_receive_one(hdl, infd, tosnap, originsnap, flags,
4626 &drr, &drr_noswap, sendfs, stream_nv, stream_avl, top_zfs,
4627 cleanup_fd, action_handlep, finalsnap, cmdprops));
4628 } else {
4629 assert(DMU_GET_STREAM_HDRTYPE(drrb->drr_versioninfo) ==
4630 DMU_COMPOUNDSTREAM);
4631 return (zfs_receive_package(hdl, infd, tosnap, flags, &drr,
4632 &zcksum, top_zfs, cleanup_fd, action_handlep, cmdprops));
4633 }
4634 }
4635
4636 /*
4637 * Restores a backup of tosnap from the file descriptor specified by infd.
4638 * Return 0 on total success, -2 if some things couldn't be
4639 * destroyed/renamed/promoted, -1 if some things couldn't be received.
4640 * (-1 will override -2, if -1 and the resumable flag was specified the
4641 * transfer can be resumed if the sending side supports it).
4642 */
4643 int
zfs_receive(libzfs_handle_t * hdl,const char * tosnap,nvlist_t * props,recvflags_t * flags,int infd,avl_tree_t * stream_avl)4644 zfs_receive(libzfs_handle_t *hdl, const char *tosnap, nvlist_t *props,
4645 recvflags_t *flags, int infd, avl_tree_t *stream_avl)
4646 {
4647 char *top_zfs = NULL;
4648 int err;
4649 int cleanup_fd;
4650 uint64_t action_handle = 0;
4651 char *originsnap = NULL;
4652 if (props) {
4653 err = nvlist_lookup_string(props, "origin", &originsnap);
4654 if (err && err != ENOENT)
4655 return (err);
4656 }
4657
4658 cleanup_fd = open(ZFS_DEV, O_RDWR|O_EXCL);
4659 VERIFY(cleanup_fd >= 0);
4660
4661 err = zfs_receive_impl(hdl, tosnap, originsnap, flags, infd, NULL, NULL,
4662 stream_avl, &top_zfs, cleanup_fd, &action_handle, NULL, props);
4663
4664 VERIFY(0 == close(cleanup_fd));
4665
4666 if (err == 0 && !flags->nomount && top_zfs) {
4667 zfs_handle_t *zhp;
4668 prop_changelist_t *clp;
4669
4670 zhp = zfs_open(hdl, top_zfs, ZFS_TYPE_FILESYSTEM);
4671 if (zhp != NULL) {
4672 clp = changelist_gather(zhp, ZFS_PROP_MOUNTPOINT,
4673 CL_GATHER_MOUNT_ALWAYS, 0);
4674 zfs_close(zhp);
4675 if (clp != NULL) {
4676 /* mount and share received datasets */
4677 err = changelist_postfix(clp);
4678 changelist_free(clp);
4679 }
4680 }
4681 if (zhp == NULL || clp == NULL || err)
4682 err = -1;
4683 }
4684 if (top_zfs)
4685 free(top_zfs);
4686
4687 return (err);
4688 }
4689