1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22/*
23 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
24 */
25
26/*
27 * Copyright 2019 Nexenta Systems, Inc.
28 * Copyright (c) 2014, 2016 by Delphix. All rights reserved.
29 * Copyright 2016 Igor Kozhukhov <ikozhukhov@gmail.com>
30 * Copyright 2017 Joyent, Inc.
31 * Copyright 2017 RackTop Systems.
32 * Copyright 2018 OmniOS Community Edition (OmniOSce) Association.
33 */
34
35/*
36 * Routines to manage ZFS mounts.  We separate all the nasty routines that have
37 * to deal with the OS.  The following functions are the main entry points --
38 * they are used by mount and unmount and when changing a filesystem's
39 * mountpoint.
40 *
41 *	zfs_is_mounted()
42 *	zfs_mount()
43 *	zfs_unmount()
44 *	zfs_unmountall()
45 *
46 * This file also contains the functions used to manage sharing filesystems via
47 * NFS and iSCSI:
48 *
49 *	zfs_is_shared()
50 *	zfs_share()
51 *	zfs_unshare()
52 *
53 *	zfs_is_shared_nfs()
54 *	zfs_is_shared_smb()
55 *	zfs_share_proto()
56 *	zfs_shareall();
57 *	zfs_unshare_nfs()
58 *	zfs_unshare_smb()
59 *	zfs_unshareall_nfs()
60 *	zfs_unshareall_smb()
61 *	zfs_unshareall()
62 *	zfs_unshareall_bypath()
63 *
64 * The following functions are available for pool consumers, and will
65 * mount/unmount and share/unshare all datasets within pool:
66 *
67 *	zpool_enable_datasets()
68 *	zpool_disable_datasets()
69 */
70
71#include <dirent.h>
72#include <dlfcn.h>
73#include <errno.h>
74#include <fcntl.h>
75#include <libgen.h>
76#include <libintl.h>
77#include <stdio.h>
78#include <stdlib.h>
79#include <strings.h>
80#include <unistd.h>
81#include <zone.h>
82#include <sys/mntent.h>
83#include <sys/mount.h>
84#include <sys/stat.h>
85#include <sys/statvfs.h>
86#include <sys/dsl_crypt.h>
87
88#include <libzfs.h>
89
90#include "libzfs_impl.h"
91#include "libzfs_taskq.h"
92
93#include <libshare.h>
94#include <sys/systeminfo.h>
95#define	MAXISALEN	257	/* based on sysinfo(2) man page */
96
97static int mount_tq_nthr = 512;	/* taskq threads for multi-threaded mounting */
98
99static void zfs_mount_task(void *);
100static int zfs_share_proto(zfs_handle_t *, zfs_share_proto_t *);
101zfs_share_type_t zfs_is_shared_proto(zfs_handle_t *, char **,
102    zfs_share_proto_t);
103
104/*
105 * The share protocols table must be in the same order as the zfs_share_proto_t
106 * enum in libzfs_impl.h
107 */
108typedef struct {
109	zfs_prop_t p_prop;
110	char *p_name;
111	int p_share_err;
112	int p_unshare_err;
113} proto_table_t;
114
115proto_table_t proto_table[PROTO_END] = {
116	{ZFS_PROP_SHARENFS, "nfs", EZFS_SHARENFSFAILED, EZFS_UNSHARENFSFAILED},
117	{ZFS_PROP_SHARESMB, "smb", EZFS_SHARESMBFAILED, EZFS_UNSHARESMBFAILED},
118};
119
120zfs_share_proto_t nfs_only[] = {
121	PROTO_NFS,
122	PROTO_END
123};
124
125zfs_share_proto_t smb_only[] = {
126	PROTO_SMB,
127	PROTO_END
128};
129zfs_share_proto_t share_all_proto[] = {
130	PROTO_NFS,
131	PROTO_SMB,
132	PROTO_END
133};
134
135/*
136 * Search the sharetab for the given mountpoint and protocol, returning
137 * a zfs_share_type_t value.
138 */
139static zfs_share_type_t
140is_shared(libzfs_handle_t *hdl, const char *mountpoint, zfs_share_proto_t proto)
141{
142	char buf[MAXPATHLEN], *tab;
143	char *ptr;
144
145	if (hdl->libzfs_sharetab == NULL)
146		return (SHARED_NOT_SHARED);
147
148	(void) fseek(hdl->libzfs_sharetab, 0, SEEK_SET);
149
150	while (fgets(buf, sizeof (buf), hdl->libzfs_sharetab) != NULL) {
151
152		/* the mountpoint is the first entry on each line */
153		if ((tab = strchr(buf, '\t')) == NULL)
154			continue;
155
156		*tab = '\0';
157		if (strcmp(buf, mountpoint) == 0) {
158			/*
159			 * the protocol field is the third field
160			 * skip over second field
161			 */
162			ptr = ++tab;
163			if ((tab = strchr(ptr, '\t')) == NULL)
164				continue;
165			ptr = ++tab;
166			if ((tab = strchr(ptr, '\t')) == NULL)
167				continue;
168			*tab = '\0';
169			if (strcmp(ptr,
170			    proto_table[proto].p_name) == 0) {
171				switch (proto) {
172				case PROTO_NFS:
173					return (SHARED_NFS);
174				case PROTO_SMB:
175					return (SHARED_SMB);
176				default:
177					return (0);
178				}
179			}
180		}
181	}
182
183	return (SHARED_NOT_SHARED);
184}
185
186static boolean_t
187dir_is_empty_stat(const char *dirname)
188{
189	struct stat st;
190
191	/*
192	 * We only want to return false if the given path is a non empty
193	 * directory, all other errors are handled elsewhere.
194	 */
195	if (stat(dirname, &st) < 0 || !S_ISDIR(st.st_mode)) {
196		return (B_TRUE);
197	}
198
199	/*
200	 * An empty directory will still have two entries in it, one
201	 * entry for each of "." and "..".
202	 */
203	if (st.st_size > 2) {
204		return (B_FALSE);
205	}
206
207	return (B_TRUE);
208}
209
210static boolean_t
211dir_is_empty_readdir(const char *dirname)
212{
213	DIR *dirp;
214	struct dirent64 *dp;
215	int dirfd;
216
217	if ((dirfd = openat(AT_FDCWD, dirname,
218	    O_RDONLY | O_NDELAY | O_LARGEFILE | O_CLOEXEC, 0)) < 0) {
219		return (B_TRUE);
220	}
221
222	if ((dirp = fdopendir(dirfd)) == NULL) {
223		(void) close(dirfd);
224		return (B_TRUE);
225	}
226
227	while ((dp = readdir64(dirp)) != NULL) {
228
229		if (strcmp(dp->d_name, ".") == 0 ||
230		    strcmp(dp->d_name, "..") == 0)
231			continue;
232
233		(void) closedir(dirp);
234		return (B_FALSE);
235	}
236
237	(void) closedir(dirp);
238	return (B_TRUE);
239}
240
241/*
242 * Returns true if the specified directory is empty.  If we can't open the
243 * directory at all, return true so that the mount can fail with a more
244 * informative error message.
245 */
246static boolean_t
247dir_is_empty(const char *dirname)
248{
249	struct statvfs64 st;
250
251	/*
252	 * If the statvfs call fails or the filesystem is not a ZFS
253	 * filesystem, fall back to the slow path which uses readdir.
254	 */
255	if ((statvfs64(dirname, &st) != 0) ||
256	    (strcmp(st.f_basetype, "zfs") != 0)) {
257		return (dir_is_empty_readdir(dirname));
258	}
259
260	/*
261	 * At this point, we know the provided path is on a ZFS
262	 * filesystem, so we can use stat instead of readdir to
263	 * determine if the directory is empty or not. We try to avoid
264	 * using readdir because that requires opening "dirname"; this
265	 * open file descriptor can potentially end up in a child
266	 * process if there's a concurrent fork, thus preventing the
267	 * zfs_mount() from otherwise succeeding (the open file
268	 * descriptor inherited by the child process will cause the
269	 * parent's mount to fail with EBUSY). The performance
270	 * implications of replacing the open, read, and close with a
271	 * single stat is nice; but is not the main motivation for the
272	 * added complexity.
273	 */
274	return (dir_is_empty_stat(dirname));
275}
276
277/*
278 * Checks to see if the mount is active.  If the filesystem is mounted, we fill
279 * in 'where' with the current mountpoint, and return 1.  Otherwise, we return
280 * 0.
281 */
282boolean_t
283is_mounted(libzfs_handle_t *zfs_hdl, const char *special, char **where)
284{
285	struct mnttab entry;
286
287	if (libzfs_mnttab_find(zfs_hdl, special, &entry) != 0)
288		return (B_FALSE);
289
290	if (where != NULL)
291		*where = zfs_strdup(zfs_hdl, entry.mnt_mountp);
292
293	return (B_TRUE);
294}
295
296boolean_t
297zfs_is_mounted(zfs_handle_t *zhp, char **where)
298{
299	return (is_mounted(zhp->zfs_hdl, zfs_get_name(zhp), where));
300}
301
302/*
303 * Returns true if the given dataset is mountable, false otherwise.  Returns the
304 * mountpoint in 'buf'.
305 */
306static boolean_t
307zfs_is_mountable(zfs_handle_t *zhp, char *buf, size_t buflen,
308    zprop_source_t *source)
309{
310	char sourceloc[MAXNAMELEN];
311	zprop_source_t sourcetype;
312
313	if (!zfs_prop_valid_for_type(ZFS_PROP_MOUNTPOINT, zhp->zfs_type))
314		return (B_FALSE);
315
316	verify(zfs_prop_get(zhp, ZFS_PROP_MOUNTPOINT, buf, buflen,
317	    &sourcetype, sourceloc, sizeof (sourceloc), B_FALSE) == 0);
318
319	if (strcmp(buf, ZFS_MOUNTPOINT_NONE) == 0 ||
320	    strcmp(buf, ZFS_MOUNTPOINT_LEGACY) == 0)
321		return (B_FALSE);
322
323	if (zfs_prop_get_int(zhp, ZFS_PROP_CANMOUNT) == ZFS_CANMOUNT_OFF)
324		return (B_FALSE);
325
326	if (zfs_prop_get_int(zhp, ZFS_PROP_ZONED) &&
327	    getzoneid() == GLOBAL_ZONEID)
328		return (B_FALSE);
329
330	if (source)
331		*source = sourcetype;
332
333	return (B_TRUE);
334}
335
336/*
337 * Mount the given filesystem.
338 */
339int
340zfs_mount(zfs_handle_t *zhp, const char *options, int flags)
341{
342	struct stat buf;
343	char mountpoint[ZFS_MAXPROPLEN];
344	char mntopts[MNT_LINE_MAX];
345	libzfs_handle_t *hdl = zhp->zfs_hdl;
346	uint64_t keystatus;
347	int rc;
348
349	if (options == NULL)
350		mntopts[0] = '\0';
351	else
352		(void) strlcpy(mntopts, options, sizeof (mntopts));
353
354	/*
355	 * If the pool is imported read-only then all mounts must be read-only
356	 */
357	if (zpool_get_prop_int(zhp->zpool_hdl, ZPOOL_PROP_READONLY, NULL))
358		flags |= MS_RDONLY;
359
360	if (!zfs_is_mountable(zhp, mountpoint, sizeof (mountpoint), NULL))
361		return (0);
362
363	/*
364	 * If the filesystem is encrypted the key must be loaded  in order to
365	 * mount. If the key isn't loaded, the MS_CRYPT flag decides whether
366	 * or not we attempt to load the keys. Note: we must call
367	 * zfs_refresh_properties() here since some callers of this function
368	 * (most notably zpool_enable_datasets()) may implicitly load our key
369	 * by loading the parent's key first.
370	 */
371	if (zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION) != ZIO_CRYPT_OFF) {
372		zfs_refresh_properties(zhp);
373		keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
374
375		/*
376		 * If the key is unavailable and MS_CRYPT is set give the
377		 * user a chance to enter the key. Otherwise just fail
378		 * immediately.
379		 */
380		if (keystatus == ZFS_KEYSTATUS_UNAVAILABLE) {
381			if (flags & MS_CRYPT) {
382				rc = zfs_crypto_load_key(zhp, B_FALSE, NULL);
383				if (rc != 0)
384					return (rc);
385			} else {
386				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
387				    "encryption key not loaded"));
388				return (zfs_error_fmt(hdl, EZFS_MOUNTFAILED,
389				    dgettext(TEXT_DOMAIN, "cannot mount '%s'"),
390				    mountpoint));
391			}
392		}
393
394	}
395
396	/* Create the directory if it doesn't already exist */
397	if (lstat(mountpoint, &buf) != 0) {
398		if (mkdirp(mountpoint, 0755) != 0) {
399			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
400			    "failed to create mountpoint"));
401			return (zfs_error_fmt(hdl, EZFS_MOUNTFAILED,
402			    dgettext(TEXT_DOMAIN, "cannot mount '%s'"),
403			    mountpoint));
404		}
405	}
406
407	/*
408	 * Determine if the mountpoint is empty.  If so, refuse to perform the
409	 * mount.  We don't perform this check if MS_OVERLAY is specified, which
410	 * would defeat the point.  We also avoid this check if 'remount' is
411	 * specified.
412	 */
413	if ((flags & MS_OVERLAY) == 0 &&
414	    strstr(mntopts, MNTOPT_REMOUNT) == NULL &&
415	    !dir_is_empty(mountpoint)) {
416		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
417		    "directory is not empty"));
418		return (zfs_error_fmt(hdl, EZFS_MOUNTFAILED,
419		    dgettext(TEXT_DOMAIN, "cannot mount '%s'"), mountpoint));
420	}
421
422	/* perform the mount */
423	if (mount(zfs_get_name(zhp), mountpoint, MS_OPTIONSTR | flags,
424	    MNTTYPE_ZFS, NULL, 0, mntopts, sizeof (mntopts)) != 0) {
425		/*
426		 * Generic errors are nasty, but there are just way too many
427		 * from mount(), and they're well-understood.  We pick a few
428		 * common ones to improve upon.
429		 */
430		if (errno == EBUSY) {
431			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
432			    "mountpoint or dataset is busy"));
433		} else if (errno == EPERM) {
434			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
435			    "Insufficient privileges"));
436		} else if (errno == ENOTSUP) {
437			char buf[256];
438			int spa_version;
439
440			VERIFY(zfs_spa_version(zhp, &spa_version) == 0);
441			(void) snprintf(buf, sizeof (buf),
442			    dgettext(TEXT_DOMAIN, "Can't mount a version %lld "
443			    "file system on a version %d pool. Pool must be"
444			    " upgraded to mount this file system."),
445			    (u_longlong_t)zfs_prop_get_int(zhp,
446			    ZFS_PROP_VERSION), spa_version);
447			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, buf));
448		} else {
449			zfs_error_aux(hdl, strerror(errno));
450		}
451		return (zfs_error_fmt(hdl, EZFS_MOUNTFAILED,
452		    dgettext(TEXT_DOMAIN, "cannot mount '%s'"),
453		    zhp->zfs_name));
454	}
455
456	/* add the mounted entry into our cache */
457	libzfs_mnttab_add(hdl, zfs_get_name(zhp), mountpoint,
458	    mntopts);
459	return (0);
460}
461
462/*
463 * Unmount a single filesystem.
464 */
465static int
466unmount_one(libzfs_handle_t *hdl, const char *mountpoint, int flags)
467{
468	if (umount2(mountpoint, flags) != 0) {
469		zfs_error_aux(hdl, strerror(errno));
470		return (zfs_error_fmt(hdl, EZFS_UMOUNTFAILED,
471		    dgettext(TEXT_DOMAIN, "cannot unmount '%s'"),
472		    mountpoint));
473	}
474
475	return (0);
476}
477
478/*
479 * Unmount the given filesystem.
480 */
481int
482zfs_unmount(zfs_handle_t *zhp, const char *mountpoint, int flags)
483{
484	libzfs_handle_t *hdl = zhp->zfs_hdl;
485	struct mnttab entry;
486	char *mntpt = NULL;
487
488	/* check to see if we need to unmount the filesystem */
489	if (mountpoint != NULL || ((zfs_get_type(zhp) == ZFS_TYPE_FILESYSTEM) &&
490	    libzfs_mnttab_find(hdl, zhp->zfs_name, &entry) == 0)) {
491		/*
492		 * mountpoint may have come from a call to
493		 * getmnt/getmntany if it isn't NULL. If it is NULL,
494		 * we know it comes from libzfs_mnttab_find which can
495		 * then get freed later. We strdup it to play it safe.
496		 */
497		if (mountpoint == NULL)
498			mntpt = zfs_strdup(hdl, entry.mnt_mountp);
499		else
500			mntpt = zfs_strdup(hdl, mountpoint);
501
502		/*
503		 * Unshare and unmount the filesystem
504		 */
505		if (zfs_unshare_proto(zhp, mntpt, share_all_proto) != 0)
506			return (-1);
507
508		if (unmount_one(hdl, mntpt, flags) != 0) {
509			free(mntpt);
510			(void) zfs_shareall(zhp);
511			return (-1);
512		}
513		libzfs_mnttab_remove(hdl, zhp->zfs_name);
514		free(mntpt);
515	}
516
517	return (0);
518}
519
520/*
521 * Unmount this filesystem and any children inheriting the mountpoint property.
522 * To do this, just act like we're changing the mountpoint property, but don't
523 * remount the filesystems afterwards.
524 */
525int
526zfs_unmountall(zfs_handle_t *zhp, int flags)
527{
528	prop_changelist_t *clp;
529	int ret;
530
531	clp = changelist_gather(zhp, ZFS_PROP_MOUNTPOINT, 0, flags);
532	if (clp == NULL)
533		return (-1);
534
535	ret = changelist_prefix(clp);
536	changelist_free(clp);
537
538	return (ret);
539}
540
541boolean_t
542zfs_is_shared(zfs_handle_t *zhp)
543{
544	zfs_share_type_t rc = 0;
545	zfs_share_proto_t *curr_proto;
546
547	if (ZFS_IS_VOLUME(zhp))
548		return (B_FALSE);
549
550	for (curr_proto = share_all_proto; *curr_proto != PROTO_END;
551	    curr_proto++)
552		rc |= zfs_is_shared_proto(zhp, NULL, *curr_proto);
553
554	return (rc ? B_TRUE : B_FALSE);
555}
556
557int
558zfs_share(zfs_handle_t *zhp)
559{
560	assert(!ZFS_IS_VOLUME(zhp));
561	return (zfs_share_proto(zhp, share_all_proto));
562}
563
564int
565zfs_unshare(zfs_handle_t *zhp)
566{
567	assert(!ZFS_IS_VOLUME(zhp));
568	return (zfs_unshareall(zhp));
569}
570
571/*
572 * Check to see if the filesystem is currently shared.
573 */
574zfs_share_type_t
575zfs_is_shared_proto(zfs_handle_t *zhp, char **where, zfs_share_proto_t proto)
576{
577	char *mountpoint;
578	zfs_share_type_t rc;
579
580	if (!zfs_is_mounted(zhp, &mountpoint))
581		return (SHARED_NOT_SHARED);
582
583	if ((rc = is_shared(zhp->zfs_hdl, mountpoint, proto))
584	    != SHARED_NOT_SHARED) {
585		if (where != NULL)
586			*where = mountpoint;
587		else
588			free(mountpoint);
589		return (rc);
590	} else {
591		free(mountpoint);
592		return (SHARED_NOT_SHARED);
593	}
594}
595
596boolean_t
597zfs_is_shared_nfs(zfs_handle_t *zhp, char **where)
598{
599	return (zfs_is_shared_proto(zhp, where,
600	    PROTO_NFS) != SHARED_NOT_SHARED);
601}
602
603boolean_t
604zfs_is_shared_smb(zfs_handle_t *zhp, char **where)
605{
606	return (zfs_is_shared_proto(zhp, where,
607	    PROTO_SMB) != SHARED_NOT_SHARED);
608}
609
610/*
611 * Make sure things will work if libshare isn't installed by using
612 * wrapper functions that check to see that the pointers to functions
613 * initialized in _zfs_init_libshare() are actually present.
614 */
615
616static sa_handle_t (*_sa_init)(int);
617static sa_handle_t (*_sa_init_arg)(int, void *);
618static int (*_sa_service)(sa_handle_t);
619static void (*_sa_fini)(sa_handle_t);
620static sa_share_t (*_sa_find_share)(sa_handle_t, char *);
621static int (*_sa_enable_share)(sa_share_t, char *);
622static int (*_sa_disable_share)(sa_share_t, char *);
623static char *(*_sa_errorstr)(int);
624static int (*_sa_parse_legacy_options)(sa_group_t, char *, char *);
625static boolean_t (*_sa_needs_refresh)(sa_handle_t *);
626static libzfs_handle_t *(*_sa_get_zfs_handle)(sa_handle_t);
627static int (* _sa_get_zfs_share)(sa_handle_t, char *, zfs_handle_t *);
628static void (*_sa_update_sharetab_ts)(sa_handle_t);
629
630/*
631 * _zfs_init_libshare()
632 *
633 * Find the libshare.so.1 entry points that we use here and save the
634 * values to be used later. This is triggered by the runtime loader.
635 * Make sure the correct ISA version is loaded.
636 */
637
638#pragma init(_zfs_init_libshare)
639static void
640_zfs_init_libshare(void)
641{
642	void *libshare;
643	char path[MAXPATHLEN];
644	char isa[MAXISALEN];
645
646#if defined(_LP64)
647	if (sysinfo(SI_ARCHITECTURE_64, isa, MAXISALEN) == -1)
648		isa[0] = '\0';
649#else
650	isa[0] = '\0';
651#endif
652	(void) snprintf(path, MAXPATHLEN,
653	    "/usr/lib/%s/libshare.so.1", isa);
654
655	if ((libshare = dlopen(path, RTLD_LAZY | RTLD_GLOBAL)) != NULL) {
656		_sa_init = (sa_handle_t (*)(int))dlsym(libshare, "sa_init");
657		_sa_init_arg = (sa_handle_t (*)(int, void *))dlsym(libshare,
658		    "sa_init_arg");
659		_sa_fini = (void (*)(sa_handle_t))dlsym(libshare, "sa_fini");
660		_sa_service = (int (*)(sa_handle_t))dlsym(libshare,
661		    "sa_service");
662		_sa_find_share = (sa_share_t (*)(sa_handle_t, char *))
663		    dlsym(libshare, "sa_find_share");
664		_sa_enable_share = (int (*)(sa_share_t, char *))dlsym(libshare,
665		    "sa_enable_share");
666		_sa_disable_share = (int (*)(sa_share_t, char *))dlsym(libshare,
667		    "sa_disable_share");
668		_sa_errorstr = (char *(*)(int))dlsym(libshare, "sa_errorstr");
669		_sa_parse_legacy_options = (int (*)(sa_group_t, char *, char *))
670		    dlsym(libshare, "sa_parse_legacy_options");
671		_sa_needs_refresh = (boolean_t (*)(sa_handle_t *))
672		    dlsym(libshare, "sa_needs_refresh");
673		_sa_get_zfs_handle = (libzfs_handle_t *(*)(sa_handle_t))
674		    dlsym(libshare, "sa_get_zfs_handle");
675		_sa_get_zfs_share = (int (*)(sa_handle_t, char *,
676		    zfs_handle_t *)) dlsym(libshare, "sa_get_zfs_share");
677		_sa_update_sharetab_ts = (void (*)(sa_handle_t))
678		    dlsym(libshare, "sa_update_sharetab_ts");
679		if (_sa_init == NULL || _sa_init_arg == NULL ||
680		    _sa_fini == NULL || _sa_find_share == NULL ||
681		    _sa_enable_share == NULL || _sa_disable_share == NULL ||
682		    _sa_errorstr == NULL || _sa_parse_legacy_options == NULL ||
683		    _sa_needs_refresh == NULL || _sa_get_zfs_handle == NULL ||
684		    _sa_get_zfs_share == NULL || _sa_service == NULL ||
685		    _sa_update_sharetab_ts == NULL) {
686			_sa_init = NULL;
687			_sa_init_arg = NULL;
688			_sa_service = NULL;
689			_sa_fini = NULL;
690			_sa_disable_share = NULL;
691			_sa_enable_share = NULL;
692			_sa_errorstr = NULL;
693			_sa_parse_legacy_options = NULL;
694			(void) dlclose(libshare);
695			_sa_needs_refresh = NULL;
696			_sa_get_zfs_handle = NULL;
697			_sa_get_zfs_share = NULL;
698			_sa_update_sharetab_ts = NULL;
699		}
700	}
701}
702
703/*
704 * zfs_init_libshare(zhandle, service)
705 *
706 * Initialize the libshare API if it hasn't already been initialized.
707 * In all cases it returns 0 if it succeeded and an error if not. The
708 * service value is which part(s) of the API to initialize and is a
709 * direct map to the libshare sa_init(service) interface.
710 */
711static int
712zfs_init_libshare_impl(libzfs_handle_t *zhandle, int service, void *arg)
713{
714	/*
715	 * libshare is either not installed or we're in a branded zone. The
716	 * rest of the wrapper functions around the libshare calls already
717	 * handle NULL function pointers, but we don't want the callers of
718	 * zfs_init_libshare() to fail prematurely if libshare is not available.
719	 */
720	if (_sa_init == NULL)
721		return (SA_OK);
722
723	/*
724	 * Attempt to refresh libshare. This is necessary if there was a cache
725	 * miss for a new ZFS dataset that was just created, or if state of the
726	 * sharetab file has changed since libshare was last initialized. We
727	 * want to make sure so check timestamps to see if a different process
728	 * has updated any of the configuration. If there was some non-ZFS
729	 * change, we need to re-initialize the internal cache.
730	 */
731	if (_sa_needs_refresh != NULL &&
732	    _sa_needs_refresh(zhandle->libzfs_sharehdl)) {
733		zfs_uninit_libshare(zhandle);
734		zhandle->libzfs_sharehdl = _sa_init_arg(service, arg);
735	}
736
737	if (zhandle && zhandle->libzfs_sharehdl == NULL)
738		zhandle->libzfs_sharehdl = _sa_init_arg(service, arg);
739
740	if (zhandle->libzfs_sharehdl == NULL)
741		return (SA_NO_MEMORY);
742
743	return (SA_OK);
744}
745int
746zfs_init_libshare(libzfs_handle_t *zhandle, int service)
747{
748	return (zfs_init_libshare_impl(zhandle, service, NULL));
749}
750
751int
752zfs_init_libshare_arg(libzfs_handle_t *zhandle, int service, void *arg)
753{
754	return (zfs_init_libshare_impl(zhandle, service, arg));
755}
756
757
758/*
759 * zfs_uninit_libshare(zhandle)
760 *
761 * Uninitialize the libshare API if it hasn't already been
762 * uninitialized. It is OK to call multiple times.
763 */
764void
765zfs_uninit_libshare(libzfs_handle_t *zhandle)
766{
767	if (zhandle != NULL && zhandle->libzfs_sharehdl != NULL) {
768		if (_sa_fini != NULL)
769			_sa_fini(zhandle->libzfs_sharehdl);
770		zhandle->libzfs_sharehdl = NULL;
771	}
772}
773
774/*
775 * zfs_parse_options(options, proto)
776 *
777 * Call the legacy parse interface to get the protocol specific
778 * options using the NULL arg to indicate that this is a "parse" only.
779 */
780int
781zfs_parse_options(char *options, zfs_share_proto_t proto)
782{
783	if (_sa_parse_legacy_options != NULL) {
784		return (_sa_parse_legacy_options(NULL, options,
785		    proto_table[proto].p_name));
786	}
787	return (SA_CONFIG_ERR);
788}
789
790/*
791 * zfs_sa_find_share(handle, path)
792 *
793 * wrapper around sa_find_share to find a share path in the
794 * configuration.
795 */
796static sa_share_t
797zfs_sa_find_share(sa_handle_t handle, char *path)
798{
799	if (_sa_find_share != NULL)
800		return (_sa_find_share(handle, path));
801	return (NULL);
802}
803
804/*
805 * zfs_sa_enable_share(share, proto)
806 *
807 * Wrapper for sa_enable_share which enables a share for a specified
808 * protocol.
809 */
810static int
811zfs_sa_enable_share(sa_share_t share, char *proto)
812{
813	if (_sa_enable_share != NULL)
814		return (_sa_enable_share(share, proto));
815	return (SA_CONFIG_ERR);
816}
817
818/*
819 * zfs_sa_disable_share(share, proto)
820 *
821 * Wrapper for sa_enable_share which disables a share for a specified
822 * protocol.
823 */
824static int
825zfs_sa_disable_share(sa_share_t share, char *proto)
826{
827	if (_sa_disable_share != NULL)
828		return (_sa_disable_share(share, proto));
829	return (SA_CONFIG_ERR);
830}
831
832/*
833 * Share the given filesystem according to the options in the specified
834 * protocol specific properties (sharenfs, sharesmb).  We rely
835 * on "libshare" to the dirty work for us.
836 */
837static int
838zfs_share_proto(zfs_handle_t *zhp, zfs_share_proto_t *proto)
839{
840	char mountpoint[ZFS_MAXPROPLEN];
841	char shareopts[ZFS_MAXPROPLEN];
842	char sourcestr[ZFS_MAXPROPLEN];
843	libzfs_handle_t *hdl = zhp->zfs_hdl;
844	sa_share_t share;
845	zfs_share_proto_t *curr_proto;
846	zprop_source_t sourcetype;
847	int service = SA_INIT_ONE_SHARE_FROM_HANDLE;
848	int ret;
849
850	if (!zfs_is_mountable(zhp, mountpoint, sizeof (mountpoint), NULL))
851		return (0);
852
853	/*
854	 * Function may be called in a loop from higher up stack, with libshare
855	 * initialized for multiple shares (SA_INIT_SHARE_API_SELECTIVE).
856	 * zfs_init_libshare_arg will refresh the handle's cache if necessary.
857	 * In this case we do not want to switch to per share initialization.
858	 * Specify SA_INIT_SHARE_API to do full refresh, if refresh required.
859	 */
860	if ((hdl->libzfs_sharehdl != NULL) && (_sa_service != NULL) &&
861	    (_sa_service(hdl->libzfs_sharehdl) ==
862	    SA_INIT_SHARE_API_SELECTIVE)) {
863		service = SA_INIT_SHARE_API;
864	}
865
866	for (curr_proto = proto; *curr_proto != PROTO_END; curr_proto++) {
867		/*
868		 * Return success if there are no share options.
869		 */
870		if (zfs_prop_get(zhp, proto_table[*curr_proto].p_prop,
871		    shareopts, sizeof (shareopts), &sourcetype, sourcestr,
872		    ZFS_MAXPROPLEN, B_FALSE) != 0 ||
873		    strcmp(shareopts, "off") == 0)
874			continue;
875		ret = zfs_init_libshare_arg(hdl, service, zhp);
876		if (ret != SA_OK) {
877			(void) zfs_error_fmt(hdl, EZFS_SHARENFSFAILED,
878			    dgettext(TEXT_DOMAIN, "cannot share '%s': %s"),
879			    zfs_get_name(zhp), _sa_errorstr != NULL ?
880			    _sa_errorstr(ret) : "");
881			return (-1);
882		}
883
884		share = zfs_sa_find_share(hdl->libzfs_sharehdl, mountpoint);
885		if (share == NULL) {
886			/*
887			 * This may be a new file system that was just
888			 * created so isn't in the internal cache.
889			 * Rather than reloading the entire configuration,
890			 * we can add just this one share to the cache.
891			 */
892			if ((_sa_get_zfs_share == NULL) ||
893			    (_sa_get_zfs_share(hdl->libzfs_sharehdl, "zfs", zhp)
894			    != SA_OK)) {
895				(void) zfs_error_fmt(hdl,
896				    proto_table[*curr_proto].p_share_err,
897				    dgettext(TEXT_DOMAIN, "cannot share '%s'"),
898				    zfs_get_name(zhp));
899				return (-1);
900			}
901			share = zfs_sa_find_share(hdl->libzfs_sharehdl,
902			    mountpoint);
903		}
904		if (share != NULL) {
905			int err;
906			err = zfs_sa_enable_share(share,
907			    proto_table[*curr_proto].p_name);
908			if (err != SA_OK) {
909				(void) zfs_error_fmt(hdl,
910				    proto_table[*curr_proto].p_share_err,
911				    dgettext(TEXT_DOMAIN, "cannot share '%s'"),
912				    zfs_get_name(zhp));
913				return (-1);
914			}
915		} else {
916			(void) zfs_error_fmt(hdl,
917			    proto_table[*curr_proto].p_share_err,
918			    dgettext(TEXT_DOMAIN, "cannot share '%s'"),
919			    zfs_get_name(zhp));
920			return (-1);
921		}
922
923	}
924	return (0);
925}
926
927
928int
929zfs_share_nfs(zfs_handle_t *zhp)
930{
931	return (zfs_share_proto(zhp, nfs_only));
932}
933
934int
935zfs_share_smb(zfs_handle_t *zhp)
936{
937	return (zfs_share_proto(zhp, smb_only));
938}
939
940int
941zfs_shareall(zfs_handle_t *zhp)
942{
943	return (zfs_share_proto(zhp, share_all_proto));
944}
945
946/*
947 * Unshare a filesystem by mountpoint.
948 */
949static int
950unshare_one(libzfs_handle_t *hdl, const char *name, const char *mountpoint,
951    zfs_share_proto_t proto)
952{
953	sa_share_t share;
954	int err;
955	char *mntpt;
956	int service = SA_INIT_ONE_SHARE_FROM_NAME;
957
958	/*
959	 * Mountpoint could get trashed if libshare calls getmntany
960	 * which it does during API initialization, so strdup the
961	 * value.
962	 */
963	mntpt = zfs_strdup(hdl, mountpoint);
964
965	/*
966	 * Function may be called in a loop from higher up stack, with libshare
967	 * initialized for multiple shares (SA_INIT_SHARE_API_SELECTIVE).
968	 * zfs_init_libshare_arg will refresh the handle's cache if necessary.
969	 * In this case we do not want to switch to per share initialization.
970	 * Specify SA_INIT_SHARE_API to do full refresh, if refresh required.
971	 */
972	if ((hdl->libzfs_sharehdl != NULL) && (_sa_service != NULL) &&
973	    (_sa_service(hdl->libzfs_sharehdl) ==
974	    SA_INIT_SHARE_API_SELECTIVE)) {
975		service = SA_INIT_SHARE_API;
976	}
977
978	err = zfs_init_libshare_arg(hdl, service, (void *)name);
979	if (err != SA_OK) {
980		free(mntpt);	/* don't need the copy anymore */
981		return (zfs_error_fmt(hdl, proto_table[proto].p_unshare_err,
982		    dgettext(TEXT_DOMAIN, "cannot unshare '%s': %s"),
983		    name, _sa_errorstr(err)));
984	}
985
986	share = zfs_sa_find_share(hdl->libzfs_sharehdl, mntpt);
987	free(mntpt);	/* don't need the copy anymore */
988
989	if (share != NULL) {
990		err = zfs_sa_disable_share(share, proto_table[proto].p_name);
991		if (err != SA_OK) {
992			return (zfs_error_fmt(hdl,
993			    proto_table[proto].p_unshare_err,
994			    dgettext(TEXT_DOMAIN, "cannot unshare '%s': %s"),
995			    name, _sa_errorstr(err)));
996		}
997	} else {
998		return (zfs_error_fmt(hdl, proto_table[proto].p_unshare_err,
999		    dgettext(TEXT_DOMAIN, "cannot unshare '%s': not found"),
1000		    name));
1001	}
1002	return (0);
1003}
1004
1005/*
1006 * Unshare the given filesystem.
1007 */
1008int
1009zfs_unshare_proto(zfs_handle_t *zhp, const char *mountpoint,
1010    zfs_share_proto_t *proto)
1011{
1012	libzfs_handle_t *hdl = zhp->zfs_hdl;
1013	struct mnttab entry;
1014	char *mntpt = NULL;
1015
1016	/* check to see if need to unmount the filesystem */
1017	rewind(zhp->zfs_hdl->libzfs_mnttab);
1018	if (mountpoint != NULL)
1019		mountpoint = mntpt = zfs_strdup(hdl, mountpoint);
1020
1021	if (mountpoint != NULL || ((zfs_get_type(zhp) == ZFS_TYPE_FILESYSTEM) &&
1022	    libzfs_mnttab_find(hdl, zfs_get_name(zhp), &entry) == 0)) {
1023		zfs_share_proto_t *curr_proto;
1024
1025		if (mountpoint == NULL)
1026			mntpt = zfs_strdup(zhp->zfs_hdl, entry.mnt_mountp);
1027
1028		for (curr_proto = proto; *curr_proto != PROTO_END;
1029		    curr_proto++) {
1030
1031			if (is_shared(hdl, mntpt, *curr_proto) &&
1032			    unshare_one(hdl, zhp->zfs_name,
1033			    mntpt, *curr_proto) != 0) {
1034				if (mntpt != NULL)
1035					free(mntpt);
1036				return (-1);
1037			}
1038		}
1039	}
1040	if (mntpt != NULL)
1041		free(mntpt);
1042
1043	return (0);
1044}
1045
1046int
1047zfs_unshare_nfs(zfs_handle_t *zhp, const char *mountpoint)
1048{
1049	return (zfs_unshare_proto(zhp, mountpoint, nfs_only));
1050}
1051
1052int
1053zfs_unshare_smb(zfs_handle_t *zhp, const char *mountpoint)
1054{
1055	return (zfs_unshare_proto(zhp, mountpoint, smb_only));
1056}
1057
1058/*
1059 * Same as zfs_unmountall(), but for NFS and SMB unshares.
1060 */
1061int
1062zfs_unshareall_proto(zfs_handle_t *zhp, zfs_share_proto_t *proto)
1063{
1064	prop_changelist_t *clp;
1065	int ret;
1066
1067	clp = changelist_gather(zhp, ZFS_PROP_SHARENFS, 0, 0);
1068	if (clp == NULL)
1069		return (-1);
1070
1071	ret = changelist_unshare(clp, proto);
1072	changelist_free(clp);
1073
1074	return (ret);
1075}
1076
1077int
1078zfs_unshareall_nfs(zfs_handle_t *zhp)
1079{
1080	return (zfs_unshareall_proto(zhp, nfs_only));
1081}
1082
1083int
1084zfs_unshareall_smb(zfs_handle_t *zhp)
1085{
1086	return (zfs_unshareall_proto(zhp, smb_only));
1087}
1088
1089int
1090zfs_unshareall(zfs_handle_t *zhp)
1091{
1092	return (zfs_unshareall_proto(zhp, share_all_proto));
1093}
1094
1095int
1096zfs_unshareall_bypath(zfs_handle_t *zhp, const char *mountpoint)
1097{
1098	return (zfs_unshare_proto(zhp, mountpoint, share_all_proto));
1099}
1100
1101/*
1102 * Remove the mountpoint associated with the current dataset, if necessary.
1103 * We only remove the underlying directory if:
1104 *
1105 *	- The mountpoint is not 'none' or 'legacy'
1106 *	- The mountpoint is non-empty
1107 *	- The mountpoint is the default or inherited
1108 *	- The 'zoned' property is set, or we're in a local zone
1109 *
1110 * Any other directories we leave alone.
1111 */
1112void
1113remove_mountpoint(zfs_handle_t *zhp)
1114{
1115	char mountpoint[ZFS_MAXPROPLEN];
1116	zprop_source_t source;
1117
1118	if (!zfs_is_mountable(zhp, mountpoint, sizeof (mountpoint),
1119	    &source))
1120		return;
1121
1122	if (source == ZPROP_SRC_DEFAULT ||
1123	    source == ZPROP_SRC_INHERITED) {
1124		/*
1125		 * Try to remove the directory, silently ignoring any errors.
1126		 * The filesystem may have since been removed or moved around,
1127		 * and this error isn't really useful to the administrator in
1128		 * any way.
1129		 */
1130		(void) rmdir(mountpoint);
1131	}
1132}
1133
1134/*
1135 * Add the given zfs handle to the cb_handles array, dynamically reallocating
1136 * the array if it is out of space.
1137 */
1138void
1139libzfs_add_handle(get_all_cb_t *cbp, zfs_handle_t *zhp)
1140{
1141	if (cbp->cb_alloc == cbp->cb_used) {
1142		size_t newsz;
1143		zfs_handle_t **newhandles;
1144
1145		newsz = cbp->cb_alloc != 0 ? cbp->cb_alloc * 2 : 64;
1146		newhandles = zfs_realloc(zhp->zfs_hdl,
1147		    cbp->cb_handles, cbp->cb_alloc * sizeof (zfs_handle_t *),
1148		    newsz * sizeof (zfs_handle_t *));
1149		cbp->cb_handles = newhandles;
1150		cbp->cb_alloc = newsz;
1151	}
1152	cbp->cb_handles[cbp->cb_used++] = zhp;
1153}
1154
1155/*
1156 * Recursive helper function used during file system enumeration
1157 */
1158static int
1159zfs_iter_cb(zfs_handle_t *zhp, void *data)
1160{
1161	get_all_cb_t *cbp = data;
1162
1163	if (!(zfs_get_type(zhp) & ZFS_TYPE_FILESYSTEM)) {
1164		zfs_close(zhp);
1165		return (0);
1166	}
1167
1168	if (zfs_prop_get_int(zhp, ZFS_PROP_CANMOUNT) == ZFS_CANMOUNT_NOAUTO) {
1169		zfs_close(zhp);
1170		return (0);
1171	}
1172
1173	if (zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS) ==
1174	    ZFS_KEYSTATUS_UNAVAILABLE) {
1175		zfs_close(zhp);
1176		return (0);
1177	}
1178
1179	/*
1180	 * If this filesystem is inconsistent and has a receive resume
1181	 * token, we can not mount it.
1182	 */
1183	if (zfs_prop_get_int(zhp, ZFS_PROP_INCONSISTENT) &&
1184	    zfs_prop_get(zhp, ZFS_PROP_RECEIVE_RESUME_TOKEN,
1185	    NULL, 0, NULL, NULL, 0, B_TRUE) == 0) {
1186		zfs_close(zhp);
1187		return (0);
1188	}
1189
1190	libzfs_add_handle(cbp, zhp);
1191	if (zfs_iter_filesystems(zhp, zfs_iter_cb, cbp) != 0) {
1192		zfs_close(zhp);
1193		return (-1);
1194	}
1195	return (0);
1196}
1197
1198/*
1199 * Sort comparator that compares two mountpoint paths. We sort these paths so
1200 * that subdirectories immediately follow their parents. This means that we
1201 * effectively treat the '/' character as the lowest value non-nul char.
1202 * Since filesystems from non-global zones can have the same mountpoint
1203 * as other filesystems, the comparator sorts global zone filesystems to
1204 * the top of the list. This means that the global zone will traverse the
1205 * filesystem list in the correct order and can stop when it sees the
1206 * first zoned filesystem. In a non-global zone, only the delegated
1207 * filesystems are seen.
1208 *
1209 * An example sorted list using this comparator would look like:
1210 *
1211 * /foo
1212 * /foo/bar
1213 * /foo/bar/baz
1214 * /foo/baz
1215 * /foo.bar
1216 * /foo (NGZ1)
1217 * /foo (NGZ2)
1218 *
1219 * The mounting code depends on this ordering to deterministically iterate
1220 * over filesystems in order to spawn parallel mount tasks.
1221 */
1222static int
1223mountpoint_cmp(const void *arga, const void *argb)
1224{
1225	zfs_handle_t *const *zap = arga;
1226	zfs_handle_t *za = *zap;
1227	zfs_handle_t *const *zbp = argb;
1228	zfs_handle_t *zb = *zbp;
1229	char mounta[MAXPATHLEN];
1230	char mountb[MAXPATHLEN];
1231	const char *a = mounta;
1232	const char *b = mountb;
1233	boolean_t gota, gotb;
1234	uint64_t zoneda, zonedb;
1235
1236	zoneda = zfs_prop_get_int(za, ZFS_PROP_ZONED);
1237	zonedb = zfs_prop_get_int(zb, ZFS_PROP_ZONED);
1238	if (zoneda && !zonedb)
1239		return (1);
1240	if (!zoneda && zonedb)
1241		return (-1);
1242
1243	gota = (zfs_get_type(za) == ZFS_TYPE_FILESYSTEM);
1244	if (gota) {
1245		verify(zfs_prop_get(za, ZFS_PROP_MOUNTPOINT, mounta,
1246		    sizeof (mounta), NULL, NULL, 0, B_FALSE) == 0);
1247	}
1248	gotb = (zfs_get_type(zb) == ZFS_TYPE_FILESYSTEM);
1249	if (gotb) {
1250		verify(zfs_prop_get(zb, ZFS_PROP_MOUNTPOINT, mountb,
1251		    sizeof (mountb), NULL, NULL, 0, B_FALSE) == 0);
1252	}
1253
1254	if (gota && gotb) {
1255		while (*a != '\0' && (*a == *b)) {
1256			a++;
1257			b++;
1258		}
1259		if (*a == *b)
1260			return (0);
1261		if (*a == '\0')
1262			return (-1);
1263		if (*b == '\0')
1264			return (1);
1265		if (*a == '/')
1266			return (-1);
1267		if (*b == '/')
1268			return (1);
1269		return (*a < *b ? -1 : *a > *b);
1270	}
1271
1272	if (gota)
1273		return (-1);
1274	if (gotb)
1275		return (1);
1276
1277	/*
1278	 * If neither filesystem has a mountpoint, revert to sorting by
1279	 * dataset name.
1280	 */
1281	return (strcmp(zfs_get_name(za), zfs_get_name(zb)));
1282}
1283
1284/*
1285 * Return true if path2 is a child of path1.
1286 */
1287static boolean_t
1288libzfs_path_contains(const char *path1, const char *path2)
1289{
1290	return (strstr(path2, path1) == path2 && path2[strlen(path1)] == '/');
1291}
1292
1293/*
1294 * Given a mountpoint specified by idx in the handles array, find the first
1295 * non-descendent of that mountpoint and return its index. Descendant paths
1296 * start with the parent's path. This function relies on the ordering
1297 * enforced by mountpoint_cmp().
1298 */
1299static int
1300non_descendant_idx(zfs_handle_t **handles, size_t num_handles, int idx)
1301{
1302	char parent[ZFS_MAXPROPLEN];
1303	char child[ZFS_MAXPROPLEN];
1304	int i;
1305
1306	verify(zfs_prop_get(handles[idx], ZFS_PROP_MOUNTPOINT, parent,
1307	    sizeof (parent), NULL, NULL, 0, B_FALSE) == 0);
1308
1309	for (i = idx + 1; i < num_handles; i++) {
1310		verify(zfs_prop_get(handles[i], ZFS_PROP_MOUNTPOINT, child,
1311		    sizeof (child), NULL, NULL, 0, B_FALSE) == 0);
1312		if (!libzfs_path_contains(parent, child))
1313			break;
1314	}
1315	return (i);
1316}
1317
1318typedef struct mnt_param {
1319	libzfs_handle_t	*mnt_hdl;
1320	zfs_taskq_t	*mnt_tq;
1321	zfs_handle_t	**mnt_zhps; /* filesystems to mount */
1322	size_t		mnt_num_handles;
1323	int		mnt_idx;	/* Index of selected entry to mount */
1324	zfs_iter_f	mnt_func;
1325	void		*mnt_data;
1326} mnt_param_t;
1327
1328/*
1329 * Allocate and populate the parameter struct for mount function, and
1330 * schedule mounting of the entry selected by idx.
1331 */
1332static void
1333zfs_dispatch_mount(libzfs_handle_t *hdl, zfs_handle_t **handles,
1334    size_t num_handles, int idx, zfs_iter_f func, void *data, zfs_taskq_t *tq)
1335{
1336	mnt_param_t *mnt_param = zfs_alloc(hdl, sizeof (mnt_param_t));
1337
1338	mnt_param->mnt_hdl = hdl;
1339	mnt_param->mnt_tq = tq;
1340	mnt_param->mnt_zhps = handles;
1341	mnt_param->mnt_num_handles = num_handles;
1342	mnt_param->mnt_idx = idx;
1343	mnt_param->mnt_func = func;
1344	mnt_param->mnt_data = data;
1345
1346	(void) zfs_taskq_dispatch(tq, zfs_mount_task, (void*)mnt_param,
1347	    ZFS_TQ_SLEEP);
1348}
1349
1350/*
1351 * This is the structure used to keep state of mounting or sharing operations
1352 * during a call to zpool_enable_datasets().
1353 */
1354typedef struct mount_state {
1355	/*
1356	 * ms_mntstatus is set to -1 if any mount fails. While multiple threads
1357	 * could update this variable concurrently, no synchronization is
1358	 * needed as it's only ever set to -1.
1359	 */
1360	int		ms_mntstatus;
1361	int		ms_mntflags;
1362	const char	*ms_mntopts;
1363} mount_state_t;
1364
1365static int
1366zfs_mount_one(zfs_handle_t *zhp, void *arg)
1367{
1368	mount_state_t *ms = arg;
1369	int ret = 0;
1370
1371	if (zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS) ==
1372	    ZFS_KEYSTATUS_UNAVAILABLE)
1373		return (0);
1374
1375	if (zfs_mount(zhp, ms->ms_mntopts, ms->ms_mntflags) != 0)
1376		ret = ms->ms_mntstatus = -1;
1377	return (ret);
1378}
1379
1380static int
1381zfs_share_one(zfs_handle_t *zhp, void *arg)
1382{
1383	mount_state_t *ms = arg;
1384	int ret = 0;
1385
1386	if (zfs_share(zhp) != 0)
1387		ret = ms->ms_mntstatus = -1;
1388	return (ret);
1389}
1390
1391/*
1392 * Task queue function to mount one file system. On completion, it finds and
1393 * schedules its children to be mounted. This depends on the sorting done in
1394 * zfs_foreach_mountpoint(). Note that the degenerate case (chain of entries
1395 * each descending from the previous) will have no parallelism since we always
1396 * have to wait for the parent to finish mounting before we can schedule
1397 * its children.
1398 */
1399static void
1400zfs_mount_task(void *arg)
1401{
1402	mnt_param_t *mp = arg;
1403	int idx = mp->mnt_idx;
1404	zfs_handle_t **handles = mp->mnt_zhps;
1405	size_t num_handles = mp->mnt_num_handles;
1406	char mountpoint[ZFS_MAXPROPLEN];
1407
1408	verify(zfs_prop_get(handles[idx], ZFS_PROP_MOUNTPOINT, mountpoint,
1409	    sizeof (mountpoint), NULL, NULL, 0, B_FALSE) == 0);
1410
1411	if (mp->mnt_func(handles[idx], mp->mnt_data) != 0)
1412		return;
1413
1414	/*
1415	 * We dispatch tasks to mount filesystems with mountpoints underneath
1416	 * this one. We do this by dispatching the next filesystem with a
1417	 * descendant mountpoint of the one we just mounted, then skip all of
1418	 * its descendants, dispatch the next descendant mountpoint, and so on.
1419	 * The non_descendant_idx() function skips over filesystems that are
1420	 * descendants of the filesystem we just dispatched.
1421	 */
1422	for (int i = idx + 1; i < num_handles;
1423	    i = non_descendant_idx(handles, num_handles, i)) {
1424		char child[ZFS_MAXPROPLEN];
1425		verify(zfs_prop_get(handles[i], ZFS_PROP_MOUNTPOINT,
1426		    child, sizeof (child), NULL, NULL, 0, B_FALSE) == 0);
1427
1428		if (!libzfs_path_contains(mountpoint, child))
1429			break; /* not a descendant, return */
1430		zfs_dispatch_mount(mp->mnt_hdl, handles, num_handles, i,
1431		    mp->mnt_func, mp->mnt_data, mp->mnt_tq);
1432	}
1433	free(mp);
1434}
1435
1436/*
1437 * Issue the func callback for each ZFS handle contained in the handles
1438 * array. This function is used to mount all datasets, and so this function
1439 * guarantees that filesystems for parent mountpoints are called before their
1440 * children. As such, before issuing any callbacks, we first sort the array
1441 * of handles by mountpoint.
1442 *
1443 * Callbacks are issued in one of two ways:
1444 *
1445 * 1. Sequentially: If the parallel argument is B_FALSE or the ZFS_SERIAL_MOUNT
1446 *    environment variable is set, then we issue callbacks sequentially.
1447 *
1448 * 2. In parallel: If the parallel argument is B_TRUE and the ZFS_SERIAL_MOUNT
1449 *    environment variable is not set, then we use a taskq to dispatch threads
1450 *    to mount filesystems is parallel. This function dispatches tasks to mount
1451 *    the filesystems at the top-level mountpoints, and these tasks in turn
1452 *    are responsible for recursively mounting filesystems in their children
1453 *    mountpoints.
1454 */
1455void
1456zfs_foreach_mountpoint(libzfs_handle_t *hdl, zfs_handle_t **handles,
1457    size_t num_handles, zfs_iter_f func, void *data, boolean_t parallel)
1458{
1459	zoneid_t zoneid = getzoneid();
1460
1461	/*
1462	 * The ZFS_SERIAL_MOUNT environment variable is an undocumented
1463	 * variable that can be used as a convenience to do a/b comparison
1464	 * of serial vs. parallel mounting.
1465	 */
1466	boolean_t serial_mount = !parallel ||
1467	    (getenv("ZFS_SERIAL_MOUNT") != NULL);
1468
1469	/*
1470	 * Sort the datasets by mountpoint. See mountpoint_cmp for details
1471	 * of how these are sorted.
1472	 */
1473	qsort(handles, num_handles, sizeof (zfs_handle_t *), mountpoint_cmp);
1474
1475	if (serial_mount) {
1476		for (int i = 0; i < num_handles; i++) {
1477			func(handles[i], data);
1478		}
1479		return;
1480	}
1481
1482	/*
1483	 * Issue the callback function for each dataset using a parallel
1484	 * algorithm that uses a taskq to manage threads.
1485	 */
1486	zfs_taskq_t *tq = zfs_taskq_create("mount_taskq", mount_tq_nthr, 0,
1487	    mount_tq_nthr, mount_tq_nthr, ZFS_TASKQ_PREPOPULATE);
1488
1489	/*
1490	 * There may be multiple "top level" mountpoints outside of the pool's
1491	 * root mountpoint, e.g.: /foo /bar. Dispatch a mount task for each of
1492	 * these.
1493	 */
1494	for (int i = 0; i < num_handles;
1495	    i = non_descendant_idx(handles, num_handles, i)) {
1496		/*
1497		 * Since the mountpoints have been sorted so that the zoned
1498		 * filesystems are at the end, a zoned filesystem seen from
1499		 * the global zone means that we're done.
1500		 */
1501		if (zoneid == GLOBAL_ZONEID &&
1502		    zfs_prop_get_int(handles[i], ZFS_PROP_ZONED))
1503			break;
1504		zfs_dispatch_mount(hdl, handles, num_handles, i, func, data,
1505		    tq);
1506	}
1507
1508	zfs_taskq_wait(tq); /* wait for all scheduled mounts to complete */
1509	zfs_taskq_destroy(tq);
1510}
1511
1512/*
1513 * Mount and share all datasets within the given pool.  This assumes that no
1514 * datasets within the pool are currently mounted.
1515 */
1516#pragma weak zpool_mount_datasets = zpool_enable_datasets
1517int
1518zpool_enable_datasets(zpool_handle_t *zhp, const char *mntopts, int flags)
1519{
1520	get_all_cb_t cb = { 0 };
1521	mount_state_t ms = { 0 };
1522	zfs_handle_t *zfsp;
1523	sa_init_selective_arg_t sharearg;
1524	int ret = 0;
1525
1526	if ((zfsp = zfs_open(zhp->zpool_hdl, zhp->zpool_name,
1527	    ZFS_TYPE_DATASET)) == NULL)
1528		goto out;
1529
1530
1531	/*
1532	 * Gather all non-snapshot datasets within the pool. Start by adding
1533	 * the root filesystem for this pool to the list, and then iterate
1534	 * over all child filesystems.
1535	 */
1536	libzfs_add_handle(&cb, zfsp);
1537	if (zfs_iter_filesystems(zfsp, zfs_iter_cb, &cb) != 0)
1538		goto out;
1539
1540	ms.ms_mntopts = mntopts;
1541	ms.ms_mntflags = flags;
1542	zfs_foreach_mountpoint(zhp->zpool_hdl, cb.cb_handles, cb.cb_used,
1543	    zfs_mount_one, &ms, B_TRUE);
1544	if (ms.ms_mntstatus != 0)
1545		ret = ms.ms_mntstatus;
1546
1547	/*
1548	 * Initialize libshare SA_INIT_SHARE_API_SELECTIVE here
1549	 * to avoid unnecessary load/unload of the libshare API
1550	 * per shared dataset downstream.
1551	 */
1552	sharearg.zhandle_arr = cb.cb_handles;
1553	sharearg.zhandle_len = cb.cb_used;
1554	if ((ret = zfs_init_libshare_arg(zhp->zpool_hdl,
1555	    SA_INIT_SHARE_API_SELECTIVE, &sharearg)) != 0)
1556		goto out;
1557
1558	ms.ms_mntstatus = 0;
1559	zfs_foreach_mountpoint(zhp->zpool_hdl, cb.cb_handles, cb.cb_used,
1560	    zfs_share_one, &ms, B_FALSE);
1561	if (ms.ms_mntstatus != 0)
1562		ret = ms.ms_mntstatus;
1563
1564out:
1565	for (int i = 0; i < cb.cb_used; i++)
1566		zfs_close(cb.cb_handles[i]);
1567	free(cb.cb_handles);
1568
1569	return (ret);
1570}
1571
1572static int
1573mountpoint_compare(const void *a, const void *b)
1574{
1575	const char *mounta = *((char **)a);
1576	const char *mountb = *((char **)b);
1577
1578	return (strcmp(mountb, mounta));
1579}
1580
1581/* alias for 2002/240 */
1582#pragma weak zpool_unmount_datasets = zpool_disable_datasets
1583/*
1584 * Unshare and unmount all datasets within the given pool.  We don't want to
1585 * rely on traversing the DSL to discover the filesystems within the pool,
1586 * because this may be expensive (if not all of them are mounted), and can fail
1587 * arbitrarily (on I/O error, for example).  Instead, we walk /etc/mnttab and
1588 * gather all the filesystems that are currently mounted.
1589 */
1590int
1591zpool_disable_datasets(zpool_handle_t *zhp, boolean_t force)
1592{
1593	int used, alloc;
1594	struct mnttab entry;
1595	size_t namelen;
1596	char **mountpoints = NULL;
1597	zfs_handle_t **datasets = NULL;
1598	libzfs_handle_t *hdl = zhp->zpool_hdl;
1599	int i;
1600	int ret = -1;
1601	int flags = (force ? MS_FORCE : 0);
1602	sa_init_selective_arg_t sharearg;
1603
1604	namelen = strlen(zhp->zpool_name);
1605
1606	rewind(hdl->libzfs_mnttab);
1607	used = alloc = 0;
1608	while (getmntent(hdl->libzfs_mnttab, &entry) == 0) {
1609		/*
1610		 * Ignore non-ZFS entries.
1611		 */
1612		if (entry.mnt_fstype == NULL ||
1613		    strcmp(entry.mnt_fstype, MNTTYPE_ZFS) != 0)
1614			continue;
1615
1616		/*
1617		 * Ignore filesystems not within this pool.
1618		 */
1619		if (entry.mnt_mountp == NULL ||
1620		    strncmp(entry.mnt_special, zhp->zpool_name, namelen) != 0 ||
1621		    (entry.mnt_special[namelen] != '/' &&
1622		    entry.mnt_special[namelen] != '\0'))
1623			continue;
1624
1625		/*
1626		 * At this point we've found a filesystem within our pool.  Add
1627		 * it to our growing list.
1628		 */
1629		if (used == alloc) {
1630			if (alloc == 0) {
1631				if ((mountpoints = zfs_alloc(hdl,
1632				    8 * sizeof (void *))) == NULL)
1633					goto out;
1634
1635				if ((datasets = zfs_alloc(hdl,
1636				    8 * sizeof (void *))) == NULL)
1637					goto out;
1638
1639				alloc = 8;
1640			} else {
1641				void *ptr;
1642
1643				if ((ptr = zfs_realloc(hdl, mountpoints,
1644				    alloc * sizeof (void *),
1645				    alloc * 2 * sizeof (void *))) == NULL)
1646					goto out;
1647				mountpoints = ptr;
1648
1649				if ((ptr = zfs_realloc(hdl, datasets,
1650				    alloc * sizeof (void *),
1651				    alloc * 2 * sizeof (void *))) == NULL)
1652					goto out;
1653				datasets = ptr;
1654
1655				alloc *= 2;
1656			}
1657		}
1658
1659		if ((mountpoints[used] = zfs_strdup(hdl,
1660		    entry.mnt_mountp)) == NULL)
1661			goto out;
1662
1663		/*
1664		 * This is allowed to fail, in case there is some I/O error.  It
1665		 * is only used to determine if we need to remove the underlying
1666		 * mountpoint, so failure is not fatal.
1667		 */
1668		datasets[used] = make_dataset_handle(hdl, entry.mnt_special);
1669
1670		used++;
1671	}
1672
1673	/*
1674	 * At this point, we have the entire list of filesystems, so sort it by
1675	 * mountpoint.
1676	 */
1677	sharearg.zhandle_arr = datasets;
1678	sharearg.zhandle_len = used;
1679	ret = zfs_init_libshare_arg(hdl, SA_INIT_SHARE_API_SELECTIVE,
1680	    &sharearg);
1681	if (ret != 0)
1682		goto out;
1683	qsort(mountpoints, used, sizeof (char *), mountpoint_compare);
1684
1685	/*
1686	 * Walk through and first unshare everything.
1687	 */
1688	for (i = 0; i < used; i++) {
1689		zfs_share_proto_t *curr_proto;
1690		for (curr_proto = share_all_proto; *curr_proto != PROTO_END;
1691		    curr_proto++) {
1692			if (is_shared(hdl, mountpoints[i], *curr_proto) &&
1693			    unshare_one(hdl, mountpoints[i],
1694			    mountpoints[i], *curr_proto) != 0)
1695				goto out;
1696		}
1697	}
1698
1699	/*
1700	 * Now unmount everything, removing the underlying directories as
1701	 * appropriate.
1702	 */
1703	for (i = 0; i < used; i++) {
1704		if (unmount_one(hdl, mountpoints[i], flags) != 0)
1705			goto out;
1706	}
1707
1708	for (i = 0; i < used; i++) {
1709		if (datasets[i])
1710			remove_mountpoint(datasets[i]);
1711	}
1712
1713	ret = 0;
1714out:
1715	for (i = 0; i < used; i++) {
1716		if (datasets[i])
1717			zfs_close(datasets[i]);
1718		free(mountpoints[i]);
1719	}
1720	free(datasets);
1721	free(mountpoints);
1722
1723	return (ret);
1724}
1725