1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright (c) 2012, 2015 by Delphix. All rights reserved.
24 * Copyright (c) 2014 Integros [integros.com]
25 * Copyright 2016 Nexenta Systems, Inc. All rights reserved.
26 * Copyright 2019 Joyent, Inc.
27 * Copyright 2020 Joshua M. Clulow <josh@sysmgr.org>
28 * Copyright 2020 OmniOS Community Edition (OmniOSce) Association.
29 */
30
31/* Portions Copyright 2010 Robert Milkowski */
32
33#include <sys/types.h>
34#include <sys/param.h>
35#include <sys/systm.h>
36#include <sys/sysmacros.h>
37#include <sys/kmem.h>
38#include <sys/pathname.h>
39#include <sys/vnode.h>
40#include <sys/vfs.h>
41#include <sys/vfs_opreg.h>
42#include <sys/mntent.h>
43#include <sys/mount.h>
44#include <sys/cmn_err.h>
45#include "fs/fs_subr.h"
46#include <sys/zfs_znode.h>
47#include <sys/zfs_dir.h>
48#include <sys/zil.h>
49#include <sys/fs/zfs.h>
50#include <sys/dmu.h>
51#include <sys/dsl_prop.h>
52#include <sys/dsl_dataset.h>
53#include <sys/dsl_deleg.h>
54#include <sys/spa.h>
55#include <sys/zap.h>
56#include <sys/sa.h>
57#include <sys/sa_impl.h>
58#include <sys/varargs.h>
59#include <sys/policy.h>
60#include <sys/atomic.h>
61#include <sys/mkdev.h>
62#include <sys/modctl.h>
63#include <sys/refstr.h>
64#include <sys/zfs_ioctl.h>
65#include <sys/zfs_ctldir.h>
66#include <sys/zfs_fuid.h>
67#include <sys/bootconf.h>
68#include <sys/ddi.h>
69#include <sys/sunddi.h>
70#include <sys/dnlc.h>
71#include <sys/dmu_objset.h>
72#include <sys/spa_boot.h>
73#include <sys/vdev_impl.h>
74#include "zfs_comutil.h"
75
76int zfsfstype;
77vfsops_t *zfs_vfsops = NULL;
78static major_t zfs_major;
79static minor_t zfs_minor;
80static kmutex_t	zfs_dev_mtx;
81
82extern int sys_shutdown;
83
84static int zfs_mount(vfs_t *vfsp, vnode_t *mvp, struct mounta *uap, cred_t *cr);
85static int zfs_umount(vfs_t *vfsp, int fflag, cred_t *cr);
86static int zfs_mountroot(vfs_t *vfsp, enum whymountroot);
87static int zfs_root(vfs_t *vfsp, vnode_t **vpp);
88static int zfs_statvfs(vfs_t *vfsp, struct statvfs64 *statp);
89static int zfs_vget(vfs_t *vfsp, vnode_t **vpp, fid_t *fidp);
90static void zfs_freevfs(vfs_t *vfsp);
91
92static const fs_operation_def_t zfs_vfsops_template[] = {
93	VFSNAME_MOUNT,		{ .vfs_mount = zfs_mount },
94	VFSNAME_MOUNTROOT,	{ .vfs_mountroot = zfs_mountroot },
95	VFSNAME_UNMOUNT,	{ .vfs_unmount = zfs_umount },
96	VFSNAME_ROOT,		{ .vfs_root = zfs_root },
97	VFSNAME_STATVFS,	{ .vfs_statvfs = zfs_statvfs },
98	VFSNAME_SYNC,		{ .vfs_sync = zfs_sync },
99	VFSNAME_VGET,		{ .vfs_vget = zfs_vget },
100	VFSNAME_FREEVFS,	{ .vfs_freevfs = zfs_freevfs },
101	NULL,			NULL
102};
103
104/*
105 * We need to keep a count of active fs's.
106 * This is necessary to prevent our module
107 * from being unloaded after a umount -f
108 */
109static uint32_t	zfs_active_fs_count = 0;
110
111static char *noatime_cancel[] = { MNTOPT_ATIME, NULL };
112static char *atime_cancel[] = { MNTOPT_NOATIME, NULL };
113static char *noxattr_cancel[] = { MNTOPT_XATTR, NULL };
114static char *xattr_cancel[] = { MNTOPT_NOXATTR, NULL };
115
116/*
117 * MO_DEFAULT is not used since the default value is determined
118 * by the equivalent property.
119 */
120static mntopt_t mntopts[] = {
121	{ MNTOPT_NOXATTR, noxattr_cancel, NULL, 0, NULL },
122	{ MNTOPT_XATTR, xattr_cancel, NULL, 0, NULL },
123	{ MNTOPT_NOATIME, noatime_cancel, NULL, 0, NULL },
124	{ MNTOPT_ATIME, atime_cancel, NULL, 0, NULL }
125};
126
127static mntopts_t zfs_mntopts = {
128	sizeof (mntopts) / sizeof (mntopt_t),
129	mntopts
130};
131
132/*ARGSUSED*/
133int
134zfs_sync(vfs_t *vfsp, short flag, cred_t *cr)
135{
136	/*
137	 * Data integrity is job one.  We don't want a compromised kernel
138	 * writing to the storage pool, so we never sync during panic.
139	 */
140	if (panicstr)
141		return (0);
142
143	/*
144	 * SYNC_ATTR is used by fsflush() to force old filesystems like UFS
145	 * to sync metadata, which they would otherwise cache indefinitely.
146	 * Semantically, the only requirement is that the sync be initiated.
147	 * The DMU syncs out txgs frequently, so there's nothing to do.
148	 */
149	if (flag & SYNC_ATTR)
150		return (0);
151
152	if (vfsp != NULL) {
153		/*
154		 * Sync a specific filesystem.
155		 */
156		zfsvfs_t *zfsvfs = vfsp->vfs_data;
157		dsl_pool_t *dp;
158
159		ZFS_ENTER(zfsvfs);
160		dp = dmu_objset_pool(zfsvfs->z_os);
161
162		/*
163		 * If the system is shutting down, then skip any
164		 * filesystems which may exist on a suspended pool.
165		 */
166		if (sys_shutdown && spa_suspended(dp->dp_spa)) {
167			ZFS_EXIT(zfsvfs);
168			return (0);
169		}
170
171		if (zfsvfs->z_log != NULL)
172			zil_commit(zfsvfs->z_log, 0);
173
174		ZFS_EXIT(zfsvfs);
175	} else {
176		/*
177		 * Sync all ZFS filesystems.  This is what happens when you
178		 * run sync(1M).  Unlike other filesystems, ZFS honors the
179		 * request by waiting for all pools to commit all dirty data.
180		 */
181		spa_sync_allpools();
182	}
183
184	return (0);
185}
186
187static int
188zfs_create_unique_device(dev_t *dev)
189{
190	major_t new_major;
191
192	do {
193		ASSERT3U(zfs_minor, <=, MAXMIN32);
194		minor_t start = zfs_minor;
195		do {
196			mutex_enter(&zfs_dev_mtx);
197			if (zfs_minor >= MAXMIN32) {
198				/*
199				 * If we're still using the real major
200				 * keep out of /dev/zfs and /dev/zvol minor
201				 * number space.  If we're using a getudev()'ed
202				 * major number, we can use all of its minors.
203				 */
204				if (zfs_major == ddi_name_to_major(ZFS_DRIVER))
205					zfs_minor = ZFS_MIN_MINOR;
206				else
207					zfs_minor = 0;
208			} else {
209				zfs_minor++;
210			}
211			*dev = makedevice(zfs_major, zfs_minor);
212			mutex_exit(&zfs_dev_mtx);
213		} while (vfs_devismounted(*dev) && zfs_minor != start);
214		if (zfs_minor == start) {
215			/*
216			 * We are using all ~262,000 minor numbers for the
217			 * current major number.  Create a new major number.
218			 */
219			if ((new_major = getudev()) == (major_t)-1) {
220				cmn_err(CE_WARN,
221				    "zfs_mount: Can't get unique major "
222				    "device number.");
223				return (-1);
224			}
225			mutex_enter(&zfs_dev_mtx);
226			zfs_major = new_major;
227			zfs_minor = 0;
228
229			mutex_exit(&zfs_dev_mtx);
230		} else {
231			break;
232		}
233		/* CONSTANTCONDITION */
234	} while (1);
235
236	return (0);
237}
238
239static void
240atime_changed_cb(void *arg, uint64_t newval)
241{
242	zfsvfs_t *zfsvfs = arg;
243
244	if (newval == TRUE) {
245		zfsvfs->z_atime = TRUE;
246		vfs_clearmntopt(zfsvfs->z_vfs, MNTOPT_NOATIME);
247		vfs_setmntopt(zfsvfs->z_vfs, MNTOPT_ATIME, NULL, 0);
248	} else {
249		zfsvfs->z_atime = FALSE;
250		vfs_clearmntopt(zfsvfs->z_vfs, MNTOPT_ATIME);
251		vfs_setmntopt(zfsvfs->z_vfs, MNTOPT_NOATIME, NULL, 0);
252	}
253}
254
255static void
256xattr_changed_cb(void *arg, uint64_t newval)
257{
258	zfsvfs_t *zfsvfs = arg;
259
260	if (newval == TRUE) {
261		/* XXX locking on vfs_flag? */
262		zfsvfs->z_vfs->vfs_flag |= VFS_XATTR;
263		vfs_clearmntopt(zfsvfs->z_vfs, MNTOPT_NOXATTR);
264		vfs_setmntopt(zfsvfs->z_vfs, MNTOPT_XATTR, NULL, 0);
265	} else {
266		/* XXX locking on vfs_flag? */
267		zfsvfs->z_vfs->vfs_flag &= ~VFS_XATTR;
268		vfs_clearmntopt(zfsvfs->z_vfs, MNTOPT_XATTR);
269		vfs_setmntopt(zfsvfs->z_vfs, MNTOPT_NOXATTR, NULL, 0);
270	}
271}
272
273static void
274blksz_changed_cb(void *arg, uint64_t newval)
275{
276	zfsvfs_t *zfsvfs = arg;
277	ASSERT3U(newval, <=, spa_maxblocksize(dmu_objset_spa(zfsvfs->z_os)));
278	ASSERT3U(newval, >=, SPA_MINBLOCKSIZE);
279	ASSERT(ISP2(newval));
280
281	zfsvfs->z_max_blksz = newval;
282	zfsvfs->z_vfs->vfs_bsize = newval;
283}
284
285static void
286readonly_changed_cb(void *arg, uint64_t newval)
287{
288	zfsvfs_t *zfsvfs = arg;
289
290	if (newval) {
291		/* XXX locking on vfs_flag? */
292		zfsvfs->z_vfs->vfs_flag |= VFS_RDONLY;
293		vfs_clearmntopt(zfsvfs->z_vfs, MNTOPT_RW);
294		vfs_setmntopt(zfsvfs->z_vfs, MNTOPT_RO, NULL, 0);
295	} else {
296		/* XXX locking on vfs_flag? */
297		zfsvfs->z_vfs->vfs_flag &= ~VFS_RDONLY;
298		vfs_clearmntopt(zfsvfs->z_vfs, MNTOPT_RO);
299		vfs_setmntopt(zfsvfs->z_vfs, MNTOPT_RW, NULL, 0);
300	}
301}
302
303static void
304devices_changed_cb(void *arg, uint64_t newval)
305{
306	zfsvfs_t *zfsvfs = arg;
307
308	if (newval == FALSE) {
309		zfsvfs->z_vfs->vfs_flag |= VFS_NODEVICES;
310		vfs_clearmntopt(zfsvfs->z_vfs, MNTOPT_DEVICES);
311		vfs_setmntopt(zfsvfs->z_vfs, MNTOPT_NODEVICES, NULL, 0);
312	} else {
313		zfsvfs->z_vfs->vfs_flag &= ~VFS_NODEVICES;
314		vfs_clearmntopt(zfsvfs->z_vfs, MNTOPT_NODEVICES);
315		vfs_setmntopt(zfsvfs->z_vfs, MNTOPT_DEVICES, NULL, 0);
316	}
317}
318
319static void
320setuid_changed_cb(void *arg, uint64_t newval)
321{
322	zfsvfs_t *zfsvfs = arg;
323
324	if (newval == FALSE) {
325		zfsvfs->z_vfs->vfs_flag |= VFS_NOSETUID;
326		vfs_clearmntopt(zfsvfs->z_vfs, MNTOPT_SETUID);
327		vfs_setmntopt(zfsvfs->z_vfs, MNTOPT_NOSETUID, NULL, 0);
328	} else {
329		zfsvfs->z_vfs->vfs_flag &= ~VFS_NOSETUID;
330		vfs_clearmntopt(zfsvfs->z_vfs, MNTOPT_NOSETUID);
331		vfs_setmntopt(zfsvfs->z_vfs, MNTOPT_SETUID, NULL, 0);
332	}
333}
334
335static void
336exec_changed_cb(void *arg, uint64_t newval)
337{
338	zfsvfs_t *zfsvfs = arg;
339
340	if (newval == FALSE) {
341		zfsvfs->z_vfs->vfs_flag |= VFS_NOEXEC;
342		vfs_clearmntopt(zfsvfs->z_vfs, MNTOPT_EXEC);
343		vfs_setmntopt(zfsvfs->z_vfs, MNTOPT_NOEXEC, NULL, 0);
344	} else {
345		zfsvfs->z_vfs->vfs_flag &= ~VFS_NOEXEC;
346		vfs_clearmntopt(zfsvfs->z_vfs, MNTOPT_NOEXEC);
347		vfs_setmntopt(zfsvfs->z_vfs, MNTOPT_EXEC, NULL, 0);
348	}
349}
350
351/*
352 * The nbmand mount option can be changed at mount time.
353 * We can't allow it to be toggled on live file systems or incorrect
354 * behavior may be seen from cifs clients
355 *
356 * This property isn't registered via dsl_prop_register(), but this callback
357 * will be called when a file system is first mounted
358 */
359static void
360nbmand_changed_cb(void *arg, uint64_t newval)
361{
362	zfsvfs_t *zfsvfs = arg;
363	if (newval == FALSE) {
364		vfs_clearmntopt(zfsvfs->z_vfs, MNTOPT_NBMAND);
365		vfs_setmntopt(zfsvfs->z_vfs, MNTOPT_NONBMAND, NULL, 0);
366	} else {
367		vfs_clearmntopt(zfsvfs->z_vfs, MNTOPT_NONBMAND);
368		vfs_setmntopt(zfsvfs->z_vfs, MNTOPT_NBMAND, NULL, 0);
369	}
370}
371
372static void
373snapdir_changed_cb(void *arg, uint64_t newval)
374{
375	zfsvfs_t *zfsvfs = arg;
376
377	zfsvfs->z_show_ctldir = newval;
378}
379
380static void
381vscan_changed_cb(void *arg, uint64_t newval)
382{
383	zfsvfs_t *zfsvfs = arg;
384
385	zfsvfs->z_vscan = newval;
386}
387
388static void
389acl_mode_changed_cb(void *arg, uint64_t newval)
390{
391	zfsvfs_t *zfsvfs = arg;
392
393	zfsvfs->z_acl_mode = newval;
394}
395
396static void
397acl_inherit_changed_cb(void *arg, uint64_t newval)
398{
399	zfsvfs_t *zfsvfs = arg;
400
401	zfsvfs->z_acl_inherit = newval;
402}
403
404static int
405zfs_register_callbacks(vfs_t *vfsp)
406{
407	struct dsl_dataset *ds = NULL;
408	objset_t *os = NULL;
409	zfsvfs_t *zfsvfs = NULL;
410	uint64_t nbmand;
411	boolean_t readonly = B_FALSE;
412	boolean_t do_readonly = B_FALSE;
413	boolean_t setuid = B_FALSE;
414	boolean_t do_setuid = B_FALSE;
415	boolean_t exec = B_FALSE;
416	boolean_t do_exec = B_FALSE;
417	boolean_t devices = B_FALSE;
418	boolean_t do_devices = B_FALSE;
419	boolean_t xattr = B_FALSE;
420	boolean_t do_xattr = B_FALSE;
421	boolean_t atime = B_FALSE;
422	boolean_t do_atime = B_FALSE;
423	int error = 0;
424
425	ASSERT(vfsp);
426	zfsvfs = vfsp->vfs_data;
427	ASSERT(zfsvfs);
428	os = zfsvfs->z_os;
429
430	/*
431	 * The act of registering our callbacks will destroy any mount
432	 * options we may have.  In order to enable temporary overrides
433	 * of mount options, we stash away the current values and
434	 * restore them after we register the callbacks.
435	 */
436	if (vfs_optionisset(vfsp, MNTOPT_RO, NULL) ||
437	    !spa_writeable(dmu_objset_spa(os))) {
438		readonly = B_TRUE;
439		do_readonly = B_TRUE;
440	} else if (vfs_optionisset(vfsp, MNTOPT_RW, NULL)) {
441		readonly = B_FALSE;
442		do_readonly = B_TRUE;
443	}
444	if (vfs_optionisset(vfsp, MNTOPT_NOSUID, NULL)) {
445		devices = B_FALSE;
446		setuid = B_FALSE;
447		do_devices = B_TRUE;
448		do_setuid = B_TRUE;
449	} else {
450		if (vfs_optionisset(vfsp, MNTOPT_NODEVICES, NULL)) {
451			devices = B_FALSE;
452			do_devices = B_TRUE;
453		} else if (vfs_optionisset(vfsp, MNTOPT_DEVICES, NULL)) {
454			devices = B_TRUE;
455			do_devices = B_TRUE;
456		}
457
458		if (vfs_optionisset(vfsp, MNTOPT_NOSETUID, NULL)) {
459			setuid = B_FALSE;
460			do_setuid = B_TRUE;
461		} else if (vfs_optionisset(vfsp, MNTOPT_SETUID, NULL)) {
462			setuid = B_TRUE;
463			do_setuid = B_TRUE;
464		}
465	}
466	if (vfs_optionisset(vfsp, MNTOPT_NOEXEC, NULL)) {
467		exec = B_FALSE;
468		do_exec = B_TRUE;
469	} else if (vfs_optionisset(vfsp, MNTOPT_EXEC, NULL)) {
470		exec = B_TRUE;
471		do_exec = B_TRUE;
472	}
473	if (vfs_optionisset(vfsp, MNTOPT_NOXATTR, NULL)) {
474		xattr = B_FALSE;
475		do_xattr = B_TRUE;
476	} else if (vfs_optionisset(vfsp, MNTOPT_XATTR, NULL)) {
477		xattr = B_TRUE;
478		do_xattr = B_TRUE;
479	}
480	if (vfs_optionisset(vfsp, MNTOPT_NOATIME, NULL)) {
481		atime = B_FALSE;
482		do_atime = B_TRUE;
483	} else if (vfs_optionisset(vfsp, MNTOPT_ATIME, NULL)) {
484		atime = B_TRUE;
485		do_atime = B_TRUE;
486	}
487
488	/*
489	 * nbmand is a special property.  It can only be changed at
490	 * mount time.
491	 *
492	 * This is weird, but it is documented to only be changeable
493	 * at mount time.
494	 */
495	if (vfs_optionisset(vfsp, MNTOPT_NONBMAND, NULL)) {
496		nbmand = B_FALSE;
497	} else if (vfs_optionisset(vfsp, MNTOPT_NBMAND, NULL)) {
498		nbmand = B_TRUE;
499	} else {
500		char osname[ZFS_MAX_DATASET_NAME_LEN];
501
502		dmu_objset_name(os, osname);
503		if (error = dsl_prop_get_integer(osname, "nbmand", &nbmand,
504		    NULL)) {
505			return (error);
506		}
507	}
508
509	/*
510	 * Register property callbacks.
511	 *
512	 * It would probably be fine to just check for i/o error from
513	 * the first prop_register(), but I guess I like to go
514	 * overboard...
515	 */
516	ds = dmu_objset_ds(os);
517	dsl_pool_config_enter(dmu_objset_pool(os), FTAG);
518	error = dsl_prop_register(ds,
519	    zfs_prop_to_name(ZFS_PROP_ATIME), atime_changed_cb, zfsvfs);
520	error = error ? error : dsl_prop_register(ds,
521	    zfs_prop_to_name(ZFS_PROP_XATTR), xattr_changed_cb, zfsvfs);
522	error = error ? error : dsl_prop_register(ds,
523	    zfs_prop_to_name(ZFS_PROP_RECORDSIZE), blksz_changed_cb, zfsvfs);
524	error = error ? error : dsl_prop_register(ds,
525	    zfs_prop_to_name(ZFS_PROP_READONLY), readonly_changed_cb, zfsvfs);
526	error = error ? error : dsl_prop_register(ds,
527	    zfs_prop_to_name(ZFS_PROP_DEVICES), devices_changed_cb, zfsvfs);
528	error = error ? error : dsl_prop_register(ds,
529	    zfs_prop_to_name(ZFS_PROP_SETUID), setuid_changed_cb, zfsvfs);
530	error = error ? error : dsl_prop_register(ds,
531	    zfs_prop_to_name(ZFS_PROP_EXEC), exec_changed_cb, zfsvfs);
532	error = error ? error : dsl_prop_register(ds,
533	    zfs_prop_to_name(ZFS_PROP_SNAPDIR), snapdir_changed_cb, zfsvfs);
534	error = error ? error : dsl_prop_register(ds,
535	    zfs_prop_to_name(ZFS_PROP_ACLMODE), acl_mode_changed_cb, zfsvfs);
536	error = error ? error : dsl_prop_register(ds,
537	    zfs_prop_to_name(ZFS_PROP_ACLINHERIT), acl_inherit_changed_cb,
538	    zfsvfs);
539	error = error ? error : dsl_prop_register(ds,
540	    zfs_prop_to_name(ZFS_PROP_VSCAN), vscan_changed_cb, zfsvfs);
541	dsl_pool_config_exit(dmu_objset_pool(os), FTAG);
542	if (error)
543		goto unregister;
544
545	/*
546	 * Invoke our callbacks to restore temporary mount options.
547	 */
548	if (do_readonly)
549		readonly_changed_cb(zfsvfs, readonly);
550	if (do_setuid)
551		setuid_changed_cb(zfsvfs, setuid);
552	if (do_exec)
553		exec_changed_cb(zfsvfs, exec);
554	if (do_devices)
555		devices_changed_cb(zfsvfs, devices);
556	if (do_xattr)
557		xattr_changed_cb(zfsvfs, xattr);
558	if (do_atime)
559		atime_changed_cb(zfsvfs, atime);
560
561	nbmand_changed_cb(zfsvfs, nbmand);
562
563	return (0);
564
565unregister:
566	dsl_prop_unregister_all(ds, zfsvfs);
567	return (error);
568}
569
570static int
571zfs_space_delta_cb(dmu_object_type_t bonustype, void *data,
572    uint64_t *userp, uint64_t *groupp, uint64_t *projectp)
573{
574	sa_hdr_phys_t sa;
575	sa_hdr_phys_t *sap = data;
576	uint64_t flags;
577	int hdrsize;
578	boolean_t swap = B_FALSE;
579
580	/*
581	 * Is it a valid type of object to track?
582	 */
583	if (bonustype != DMU_OT_ZNODE && bonustype != DMU_OT_SA)
584		return (SET_ERROR(ENOENT));
585
586	/*
587	 * If we have a NULL data pointer
588	 * then assume the id's aren't changing and
589	 * return EEXIST to the dmu to let it know to
590	 * use the same ids
591	 */
592	if (data == NULL)
593		return (SET_ERROR(EEXIST));
594
595	if (bonustype == DMU_OT_ZNODE) {
596		znode_phys_t *znp = data;
597		*userp = znp->zp_uid;
598		*groupp = znp->zp_gid;
599		*projectp = ZFS_DEFAULT_PROJID;
600		return (0);
601	}
602
603	if (sap->sa_magic == 0) {
604		/*
605		 * This should only happen for newly created files
606		 * that haven't had the znode data filled in yet.
607		 */
608		*userp = 0;
609		*groupp = 0;
610		*projectp = ZFS_DEFAULT_PROJID;
611		return (0);
612	}
613
614	sa = *sap;
615	if (sa.sa_magic == BSWAP_32(SA_MAGIC)) {
616		sa.sa_magic = SA_MAGIC;
617		sa.sa_layout_info = BSWAP_16(sa.sa_layout_info);
618		swap = B_TRUE;
619	} else {
620		VERIFY3U(sa.sa_magic, ==, SA_MAGIC);
621	}
622
623	hdrsize = sa_hdrsize(&sa);
624	VERIFY3U(hdrsize, >=, sizeof (sa_hdr_phys_t));
625
626	*userp = *((uint64_t *)((uintptr_t)data + hdrsize + SA_UID_OFFSET));
627	*groupp = *((uint64_t *)((uintptr_t)data + hdrsize + SA_GID_OFFSET));
628	flags = *((uint64_t *)((uintptr_t)data + hdrsize + SA_FLAGS_OFFSET));
629	if (swap)
630		flags = BSWAP_64(flags);
631
632	if (flags & ZFS_PROJID)
633		*projectp = *((uint64_t *)((uintptr_t)data + hdrsize +
634		    SA_PROJID_OFFSET));
635	else
636		*projectp = ZFS_DEFAULT_PROJID;
637
638	if (swap) {
639		*userp = BSWAP_64(*userp);
640		*groupp = BSWAP_64(*groupp);
641		*projectp = BSWAP_64(*projectp);
642	}
643	return (0);
644}
645
646static void
647fuidstr_to_sid(zfsvfs_t *zfsvfs, const char *fuidstr,
648    char *domainbuf, int buflen, uid_t *ridp)
649{
650	uint64_t fuid;
651	const char *domain;
652
653	fuid = zfs_strtonum(fuidstr, NULL);
654
655	domain = zfs_fuid_find_by_idx(zfsvfs, FUID_INDEX(fuid));
656	if (domain)
657		(void) strlcpy(domainbuf, domain, buflen);
658	else
659		domainbuf[0] = '\0';
660	*ridp = FUID_RID(fuid);
661}
662
663static uint64_t
664zfs_userquota_prop_to_obj(zfsvfs_t *zfsvfs, zfs_userquota_prop_t type)
665{
666	switch (type) {
667	case ZFS_PROP_USERUSED:
668	case ZFS_PROP_USEROBJUSED:
669		return (DMU_USERUSED_OBJECT);
670	case ZFS_PROP_GROUPUSED:
671	case ZFS_PROP_GROUPOBJUSED:
672		return (DMU_GROUPUSED_OBJECT);
673	case ZFS_PROP_PROJECTUSED:
674	case ZFS_PROP_PROJECTOBJUSED:
675		return (DMU_PROJECTUSED_OBJECT);
676	case ZFS_PROP_USERQUOTA:
677		return (zfsvfs->z_userquota_obj);
678	case ZFS_PROP_GROUPQUOTA:
679		return (zfsvfs->z_groupquota_obj);
680	case ZFS_PROP_USEROBJQUOTA:
681		return (zfsvfs->z_userobjquota_obj);
682	case ZFS_PROP_GROUPOBJQUOTA:
683		return (zfsvfs->z_groupobjquota_obj);
684	case ZFS_PROP_PROJECTQUOTA:
685		return (zfsvfs->z_projectquota_obj);
686	case ZFS_PROP_PROJECTOBJQUOTA:
687		return (zfsvfs->z_projectobjquota_obj);
688	default:
689		return (ZFS_NO_OBJECT);
690	}
691}
692
693int
694zfs_userspace_many(zfsvfs_t *zfsvfs, zfs_userquota_prop_t type,
695    uint64_t *cookiep, void *vbuf, uint64_t *bufsizep)
696{
697	int error;
698	zap_cursor_t zc;
699	zap_attribute_t za;
700	zfs_useracct_t *buf = vbuf;
701	uint64_t obj;
702	int offset = 0;
703
704	if (!dmu_objset_userspace_present(zfsvfs->z_os))
705		return (SET_ERROR(ENOTSUP));
706
707	if ((type == ZFS_PROP_PROJECTQUOTA || type == ZFS_PROP_PROJECTUSED ||
708	    type == ZFS_PROP_PROJECTOBJQUOTA ||
709	    type == ZFS_PROP_PROJECTOBJUSED) &&
710	    !dmu_objset_projectquota_present(zfsvfs->z_os))
711		return (SET_ERROR(ENOTSUP));
712
713	if ((type == ZFS_PROP_USEROBJUSED || type == ZFS_PROP_GROUPOBJUSED ||
714	    type == ZFS_PROP_USEROBJQUOTA || type == ZFS_PROP_GROUPOBJQUOTA ||
715	    type == ZFS_PROP_PROJECTOBJUSED ||
716	    type == ZFS_PROP_PROJECTOBJQUOTA) &&
717	    !dmu_objset_userobjspace_present(zfsvfs->z_os))
718		return (SET_ERROR(ENOTSUP));
719
720	obj = zfs_userquota_prop_to_obj(zfsvfs, type);
721	if (obj == ZFS_NO_OBJECT) {
722		*bufsizep = 0;
723		return (0);
724	}
725
726	if (type == ZFS_PROP_USEROBJUSED || type == ZFS_PROP_GROUPOBJUSED ||
727	    type == ZFS_PROP_PROJECTOBJUSED)
728		offset = DMU_OBJACCT_PREFIX_LEN;
729
730	for (zap_cursor_init_serialized(&zc, zfsvfs->z_os, obj, *cookiep);
731	    (error = zap_cursor_retrieve(&zc, &za)) == 0;
732	    zap_cursor_advance(&zc)) {
733		if ((uintptr_t)buf - (uintptr_t)vbuf + sizeof (zfs_useracct_t) >
734		    *bufsizep)
735			break;
736
737		/*
738		 * skip object quota (with zap name prefix DMU_OBJACCT_PREFIX)
739		 * when dealing with block quota and vice versa.
740		 */
741		if ((offset > 0) != (strncmp(za.za_name, DMU_OBJACCT_PREFIX,
742		    DMU_OBJACCT_PREFIX_LEN) == 0))
743			continue;
744
745		fuidstr_to_sid(zfsvfs, za.za_name + offset,
746		    buf->zu_domain, sizeof (buf->zu_domain), &buf->zu_rid);
747
748		buf->zu_space = za.za_first_integer;
749		buf++;
750	}
751	if (error == ENOENT)
752		error = 0;
753
754	ASSERT3U((uintptr_t)buf - (uintptr_t)vbuf, <=, *bufsizep);
755	*bufsizep = (uintptr_t)buf - (uintptr_t)vbuf;
756	*cookiep = zap_cursor_serialize(&zc);
757	zap_cursor_fini(&zc);
758	return (error);
759}
760
761/*
762 * buf must be big enough (eg, 32 bytes)
763 */
764static int
765id_to_fuidstr(zfsvfs_t *zfsvfs, const char *domain, uid_t rid,
766    char *buf, boolean_t addok)
767{
768	uint64_t fuid;
769	int domainid = 0;
770
771	if (domain && domain[0]) {
772		domainid = zfs_fuid_find_by_domain(zfsvfs, domain, NULL, addok);
773		if (domainid == -1)
774			return (SET_ERROR(ENOENT));
775	}
776	fuid = FUID_ENCODE(domainid, rid);
777	(void) sprintf(buf, "%llx", (longlong_t)fuid);
778	return (0);
779}
780
781int
782zfs_userspace_one(zfsvfs_t *zfsvfs, zfs_userquota_prop_t type,
783    const char *domain, uint64_t rid, uint64_t *valp)
784{
785	char buf[20 + DMU_OBJACCT_PREFIX_LEN];
786	int offset = 0;
787	int err;
788	uint64_t obj;
789
790	*valp = 0;
791
792	if (!dmu_objset_userspace_present(zfsvfs->z_os))
793		return (SET_ERROR(ENOTSUP));
794
795	if ((type == ZFS_PROP_USEROBJUSED || type == ZFS_PROP_GROUPOBJUSED ||
796	    type == ZFS_PROP_USEROBJQUOTA || type == ZFS_PROP_GROUPOBJQUOTA ||
797	    type == ZFS_PROP_PROJECTOBJUSED ||
798	    type == ZFS_PROP_PROJECTOBJQUOTA) &&
799	    !dmu_objset_userobjspace_present(zfsvfs->z_os))
800		return (SET_ERROR(ENOTSUP));
801
802	if (type == ZFS_PROP_PROJECTQUOTA || type == ZFS_PROP_PROJECTUSED ||
803	    type == ZFS_PROP_PROJECTOBJQUOTA ||
804	    type == ZFS_PROP_PROJECTOBJUSED) {
805		if (!dmu_objset_projectquota_present(zfsvfs->z_os))
806			return (SET_ERROR(ENOTSUP));
807		if (!zpl_is_valid_projid(rid))
808			return (SET_ERROR(EINVAL));
809	}
810
811	obj = zfs_userquota_prop_to_obj(zfsvfs, type);
812	if (obj == ZFS_NO_OBJECT)
813		return (0);
814
815	if (type == ZFS_PROP_USEROBJUSED || type == ZFS_PROP_GROUPOBJUSED ||
816	    type == ZFS_PROP_PROJECTOBJUSED) {
817		strncpy(buf, DMU_OBJACCT_PREFIX, DMU_OBJACCT_PREFIX_LEN);
818		offset = DMU_OBJACCT_PREFIX_LEN;
819	}
820
821	err = id_to_fuidstr(zfsvfs, domain, rid, buf + offset, B_FALSE);
822	if (err)
823		return (err);
824
825	err = zap_lookup(zfsvfs->z_os, obj, buf, 8, 1, valp);
826	if (err == ENOENT)
827		err = 0;
828	return (err);
829}
830
831int
832zfs_set_userquota(zfsvfs_t *zfsvfs, zfs_userquota_prop_t type,
833    const char *domain, uint64_t rid, uint64_t quota)
834{
835	char buf[32];
836	int err;
837	dmu_tx_t *tx;
838	uint64_t *objp;
839	boolean_t fuid_dirtied;
840
841	if (zfsvfs->z_version < ZPL_VERSION_USERSPACE)
842		return (SET_ERROR(ENOTSUP));
843
844	switch (type) {
845	case ZFS_PROP_USERQUOTA:
846		objp = &zfsvfs->z_userquota_obj;
847		break;
848	case ZFS_PROP_GROUPQUOTA:
849		objp = &zfsvfs->z_groupquota_obj;
850		break;
851	case ZFS_PROP_USEROBJQUOTA:
852		objp = &zfsvfs->z_userobjquota_obj;
853		break;
854	case ZFS_PROP_GROUPOBJQUOTA:
855		objp = &zfsvfs->z_groupobjquota_obj;
856		break;
857	case ZFS_PROP_PROJECTQUOTA:
858		if (!dmu_objset_projectquota_enabled(zfsvfs->z_os))
859			return (SET_ERROR(ENOTSUP));
860		if (!zpl_is_valid_projid(rid))
861			return (SET_ERROR(EINVAL));
862
863		objp = &zfsvfs->z_projectquota_obj;
864		break;
865	case ZFS_PROP_PROJECTOBJQUOTA:
866		if (!dmu_objset_projectquota_enabled(zfsvfs->z_os))
867			return (SET_ERROR(ENOTSUP));
868		if (!zpl_is_valid_projid(rid))
869			return (SET_ERROR(EINVAL));
870
871		objp = &zfsvfs->z_projectobjquota_obj;
872		break;
873	default:
874		return (SET_ERROR(EINVAL));
875	}
876
877	err = id_to_fuidstr(zfsvfs, domain, rid, buf, B_TRUE);
878	if (err)
879		return (err);
880	fuid_dirtied = zfsvfs->z_fuid_dirty;
881
882	tx = dmu_tx_create(zfsvfs->z_os);
883	dmu_tx_hold_zap(tx, *objp ? *objp : DMU_NEW_OBJECT, B_TRUE, NULL);
884	if (*objp == 0) {
885		dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, B_TRUE,
886		    zfs_userquota_prop_prefixes[type]);
887	}
888	if (fuid_dirtied)
889		zfs_fuid_txhold(zfsvfs, tx);
890	err = dmu_tx_assign(tx, TXG_WAIT);
891	if (err) {
892		dmu_tx_abort(tx);
893		return (err);
894	}
895
896	mutex_enter(&zfsvfs->z_lock);
897	if (*objp == 0) {
898		*objp = zap_create(zfsvfs->z_os, DMU_OT_USERGROUP_QUOTA,
899		    DMU_OT_NONE, 0, tx);
900		VERIFY(0 == zap_add(zfsvfs->z_os, MASTER_NODE_OBJ,
901		    zfs_userquota_prop_prefixes[type], 8, 1, objp, tx));
902	}
903	mutex_exit(&zfsvfs->z_lock);
904
905	if (quota == 0) {
906		err = zap_remove(zfsvfs->z_os, *objp, buf, tx);
907		if (err == ENOENT)
908			err = 0;
909	} else {
910		err = zap_update(zfsvfs->z_os, *objp, buf, 8, 1, &quota, tx);
911	}
912	ASSERT(err == 0);
913	if (fuid_dirtied)
914		zfs_fuid_sync(zfsvfs, tx);
915	dmu_tx_commit(tx);
916	return (err);
917}
918
919boolean_t
920zfs_id_overobjquota(zfsvfs_t *zfsvfs, uint64_t usedobj, uint64_t id)
921{
922	char buf[20 + DMU_OBJACCT_PREFIX_LEN];
923	uint64_t used, quota, quotaobj;
924	int err;
925
926	if (!dmu_objset_userobjspace_present(zfsvfs->z_os)) {
927		if (dmu_objset_userobjspace_upgradable(zfsvfs->z_os))
928			dmu_objset_id_quota_upgrade(zfsvfs->z_os);
929		return (B_FALSE);
930	}
931
932	if (usedobj == DMU_PROJECTUSED_OBJECT) {
933		if (!dmu_objset_projectquota_present(zfsvfs->z_os)) {
934			if (dmu_objset_projectquota_upgradable(zfsvfs->z_os)) {
935				dsl_pool_config_enter(
936				    dmu_objset_pool(zfsvfs->z_os), FTAG);
937				dmu_objset_id_quota_upgrade(zfsvfs->z_os);
938				dsl_pool_config_exit(
939				    dmu_objset_pool(zfsvfs->z_os), FTAG);
940			}
941			return (B_FALSE);
942		}
943		quotaobj = zfsvfs->z_projectobjquota_obj;
944	} else if (usedobj == DMU_USERUSED_OBJECT) {
945		quotaobj = zfsvfs->z_userobjquota_obj;
946	} else if (usedobj == DMU_GROUPUSED_OBJECT) {
947		quotaobj = zfsvfs->z_groupobjquota_obj;
948	} else {
949		return (B_FALSE);
950	}
951	if (quotaobj == 0 || zfsvfs->z_replay)
952		return (B_FALSE);
953
954	(void) sprintf(buf, "%llx", (longlong_t)id);
955	err = zap_lookup(zfsvfs->z_os, quotaobj, buf, 8, 1, &quota);
956	if (err != 0)
957		return (B_FALSE);
958
959	(void) sprintf(buf, DMU_OBJACCT_PREFIX "%llx", (longlong_t)id);
960	err = zap_lookup(zfsvfs->z_os, usedobj, buf, 8, 1, &used);
961	if (err != 0)
962		return (B_FALSE);
963	return (used >= quota);
964}
965
966boolean_t
967zfs_id_overblockquota(zfsvfs_t *zfsvfs, uint64_t usedobj, uint64_t id)
968{
969	char buf[20];
970	uint64_t used, quota, quotaobj;
971	int err;
972
973	if (usedobj == DMU_PROJECTUSED_OBJECT) {
974		if (!dmu_objset_projectquota_present(zfsvfs->z_os)) {
975			if (dmu_objset_projectquota_upgradable(zfsvfs->z_os)) {
976				dsl_pool_config_enter(
977				    dmu_objset_pool(zfsvfs->z_os), FTAG);
978				dmu_objset_id_quota_upgrade(zfsvfs->z_os);
979				dsl_pool_config_exit(
980				    dmu_objset_pool(zfsvfs->z_os), FTAG);
981			}
982			return (B_FALSE);
983		}
984		quotaobj = zfsvfs->z_projectquota_obj;
985	} else if (usedobj == DMU_USERUSED_OBJECT) {
986		quotaobj = zfsvfs->z_userquota_obj;
987	} else if (usedobj == DMU_GROUPUSED_OBJECT) {
988		quotaobj = zfsvfs->z_groupquota_obj;
989	} else {
990		return (B_FALSE);
991	}
992	if (quotaobj == 0 || zfsvfs->z_replay)
993		return (B_FALSE);
994
995	(void) sprintf(buf, "%llx", (longlong_t)id);
996	err = zap_lookup(zfsvfs->z_os, quotaobj, buf, 8, 1, &quota);
997	if (err != 0)
998		return (B_FALSE);
999
1000	err = zap_lookup(zfsvfs->z_os, usedobj, buf, 8, 1, &used);
1001	if (err != 0)
1002		return (B_FALSE);
1003	return (used >= quota);
1004}
1005
1006boolean_t
1007zfs_id_overquota(zfsvfs_t *zfsvfs, uint64_t usedobj, uint64_t id)
1008{
1009	return (zfs_id_overblockquota(zfsvfs, usedobj, id) ||
1010	    zfs_id_overobjquota(zfsvfs, usedobj, id));
1011}
1012
1013/*
1014 * Associate this zfsvfs with the given objset, which must be owned.
1015 * This will cache a bunch of on-disk state from the objset in the
1016 * zfsvfs.
1017 */
1018static int
1019zfsvfs_init(zfsvfs_t *zfsvfs, objset_t *os)
1020{
1021	int error;
1022	uint64_t val;
1023
1024	zfsvfs->z_max_blksz = SPA_OLD_MAXBLOCKSIZE;
1025	zfsvfs->z_show_ctldir = ZFS_SNAPDIR_VISIBLE;
1026	zfsvfs->z_os = os;
1027
1028	error = zfs_get_zplprop(os, ZFS_PROP_VERSION, &zfsvfs->z_version);
1029	if (error != 0)
1030		return (error);
1031	if (zfsvfs->z_version >
1032	    zfs_zpl_version_map(spa_version(dmu_objset_spa(os)))) {
1033		(void) printf("Can't mount a version %lld file system "
1034		    "on a version %lld pool\n. Pool must be upgraded to mount "
1035		    "this file system.", (u_longlong_t)zfsvfs->z_version,
1036		    (u_longlong_t)spa_version(dmu_objset_spa(os)));
1037		return (SET_ERROR(ENOTSUP));
1038	}
1039	error = zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &val);
1040	if (error != 0)
1041		return (error);
1042	zfsvfs->z_norm = (int)val;
1043
1044	error = zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &val);
1045	if (error != 0)
1046		return (error);
1047	zfsvfs->z_utf8 = (val != 0);
1048
1049	error = zfs_get_zplprop(os, ZFS_PROP_CASE, &val);
1050	if (error != 0)
1051		return (error);
1052	zfsvfs->z_case = (uint_t)val;
1053
1054	/*
1055	 * Fold case on file systems that are always or sometimes case
1056	 * insensitive.
1057	 */
1058	if (zfsvfs->z_case == ZFS_CASE_INSENSITIVE ||
1059	    zfsvfs->z_case == ZFS_CASE_MIXED)
1060		zfsvfs->z_norm |= U8_TEXTPREP_TOUPPER;
1061
1062	zfsvfs->z_use_fuids = USE_FUIDS(zfsvfs->z_version, zfsvfs->z_os);
1063	zfsvfs->z_use_sa = USE_SA(zfsvfs->z_version, zfsvfs->z_os);
1064
1065	uint64_t sa_obj = 0;
1066	if (zfsvfs->z_use_sa) {
1067		/* should either have both of these objects or none */
1068		error = zap_lookup(os, MASTER_NODE_OBJ, ZFS_SA_ATTRS, 8, 1,
1069		    &sa_obj);
1070		if (error != 0)
1071			return (error);
1072	}
1073
1074	error = sa_setup(os, sa_obj, zfs_attr_table, ZPL_END,
1075	    &zfsvfs->z_attr_table);
1076	if (error != 0)
1077		return (error);
1078
1079	if (zfsvfs->z_version >= ZPL_VERSION_SA)
1080		sa_register_update_callback(os, zfs_sa_upgrade);
1081
1082	error = zap_lookup(os, MASTER_NODE_OBJ, ZFS_ROOT_OBJ, 8, 1,
1083	    &zfsvfs->z_root);
1084	if (error != 0)
1085		return (error);
1086	ASSERT(zfsvfs->z_root != 0);
1087
1088	error = zap_lookup(os, MASTER_NODE_OBJ, ZFS_UNLINKED_SET, 8, 1,
1089	    &zfsvfs->z_unlinkedobj);
1090	if (error != 0)
1091		return (error);
1092
1093	error = zap_lookup(os, MASTER_NODE_OBJ,
1094	    zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA],
1095	    8, 1, &zfsvfs->z_userquota_obj);
1096	if (error == ENOENT)
1097		zfsvfs->z_userquota_obj = 0;
1098	else if (error != 0)
1099		return (error);
1100
1101	error = zap_lookup(os, MASTER_NODE_OBJ,
1102	    zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA],
1103	    8, 1, &zfsvfs->z_groupquota_obj);
1104	if (error == ENOENT)
1105		zfsvfs->z_groupquota_obj = 0;
1106	else if (error != 0)
1107		return (error);
1108
1109	error = zap_lookup(os, MASTER_NODE_OBJ,
1110	    zfs_userquota_prop_prefixes[ZFS_PROP_PROJECTQUOTA],
1111	    8, 1, &zfsvfs->z_projectquota_obj);
1112	if (error == ENOENT)
1113		zfsvfs->z_projectquota_obj = 0;
1114	else if (error != 0)
1115		return (error);
1116
1117	error = zap_lookup(os, MASTER_NODE_OBJ,
1118	    zfs_userquota_prop_prefixes[ZFS_PROP_USEROBJQUOTA],
1119	    8, 1, &zfsvfs->z_userobjquota_obj);
1120	if (error == ENOENT)
1121		zfsvfs->z_userobjquota_obj = 0;
1122	else if (error != 0)
1123		return (error);
1124
1125	error = zap_lookup(os, MASTER_NODE_OBJ,
1126	    zfs_userquota_prop_prefixes[ZFS_PROP_GROUPOBJQUOTA],
1127	    8, 1, &zfsvfs->z_groupobjquota_obj);
1128	if (error == ENOENT)
1129		zfsvfs->z_groupobjquota_obj = 0;
1130	else if (error != 0)
1131		return (error);
1132
1133	error = zap_lookup(os, MASTER_NODE_OBJ,
1134	    zfs_userquota_prop_prefixes[ZFS_PROP_PROJECTOBJQUOTA],
1135	    8, 1, &zfsvfs->z_projectobjquota_obj);
1136	if (error == ENOENT)
1137		zfsvfs->z_projectobjquota_obj = 0;
1138	else if (error != 0)
1139		return (error);
1140
1141	error = zap_lookup(os, MASTER_NODE_OBJ, ZFS_FUID_TABLES, 8, 1,
1142	    &zfsvfs->z_fuid_obj);
1143	if (error == ENOENT)
1144		zfsvfs->z_fuid_obj = 0;
1145	else if (error != 0)
1146		return (error);
1147
1148	error = zap_lookup(os, MASTER_NODE_OBJ, ZFS_SHARES_DIR, 8, 1,
1149	    &zfsvfs->z_shares_dir);
1150	if (error == ENOENT)
1151		zfsvfs->z_shares_dir = 0;
1152	else if (error != 0)
1153		return (error);
1154
1155	return (0);
1156}
1157
1158int
1159zfsvfs_create(const char *osname, boolean_t readonly, zfsvfs_t **zfvp)
1160{
1161	objset_t *os;
1162	zfsvfs_t *zfsvfs;
1163	int error;
1164	boolean_t ro = (readonly || (strchr(osname, '@') != NULL));
1165
1166	zfsvfs = kmem_zalloc(sizeof (zfsvfs_t), KM_SLEEP);
1167
1168	error = dmu_objset_own(osname, DMU_OST_ZFS, ro, B_TRUE, zfsvfs, &os);
1169	if (error != 0) {
1170		kmem_free(zfsvfs, sizeof (zfsvfs_t));
1171		return (error);
1172	}
1173
1174	error = zfsvfs_create_impl(zfvp, zfsvfs, os);
1175	if (error != 0) {
1176		dmu_objset_disown(os, B_TRUE, zfsvfs);
1177	}
1178	return (error);
1179}
1180
1181
1182int
1183zfsvfs_create_impl(zfsvfs_t **zfvp, zfsvfs_t *zfsvfs, objset_t *os)
1184{
1185	int error;
1186
1187	zfsvfs->z_vfs = NULL;
1188	zfsvfs->z_parent = zfsvfs;
1189
1190	mutex_init(&zfsvfs->z_znodes_lock, NULL, MUTEX_DEFAULT, NULL);
1191	mutex_init(&zfsvfs->z_lock, NULL, MUTEX_DEFAULT, NULL);
1192	list_create(&zfsvfs->z_all_znodes, sizeof (znode_t),
1193	    offsetof(znode_t, z_link_node));
1194	rrm_init(&zfsvfs->z_teardown_lock, B_FALSE);
1195	rw_init(&zfsvfs->z_teardown_inactive_lock, NULL, RW_DEFAULT, NULL);
1196	rw_init(&zfsvfs->z_fuid_lock, NULL, RW_DEFAULT, NULL);
1197	for (int i = 0; i != ZFS_OBJ_MTX_SZ; i++)
1198		mutex_init(&zfsvfs->z_hold_mtx[i], NULL, MUTEX_DEFAULT, NULL);
1199
1200	error = zfsvfs_init(zfsvfs, os);
1201	if (error != 0) {
1202		*zfvp = NULL;
1203		kmem_free(zfsvfs, sizeof (zfsvfs_t));
1204		return (error);
1205	}
1206
1207	zfsvfs->z_drain_task = TASKQID_INVALID;
1208	zfsvfs->z_draining = B_FALSE;
1209	zfsvfs->z_drain_cancel = B_TRUE;
1210
1211	*zfvp = zfsvfs;
1212	return (0);
1213}
1214
1215static int
1216zfsvfs_setup(zfsvfs_t *zfsvfs, boolean_t mounting)
1217{
1218	int error;
1219
1220	error = zfs_register_callbacks(zfsvfs->z_vfs);
1221	if (error)
1222		return (error);
1223
1224	zfsvfs->z_log = zil_open(zfsvfs->z_os, zfs_get_data);
1225
1226	/*
1227	 * If we are not mounting (ie: online recv), then we don't
1228	 * have to worry about replaying the log as we blocked all
1229	 * operations out since we closed the ZIL.
1230	 */
1231	if (mounting) {
1232		boolean_t readonly;
1233
1234		/*
1235		 * During replay we remove the read only flag to
1236		 * allow replays to succeed.
1237		 */
1238		readonly = zfsvfs->z_vfs->vfs_flag & VFS_RDONLY;
1239		if (readonly != 0) {
1240			zfsvfs->z_vfs->vfs_flag &= ~VFS_RDONLY;
1241		} else {
1242			zfs_unlinked_drain(zfsvfs);
1243		}
1244
1245		/*
1246		 * Parse and replay the intent log.
1247		 *
1248		 * Because of ziltest, this must be done after
1249		 * zfs_unlinked_drain().  (Further note: ziltest
1250		 * doesn't use readonly mounts, where
1251		 * zfs_unlinked_drain() isn't called.)  This is because
1252		 * ziltest causes spa_sync() to think it's committed,
1253		 * but actually it is not, so the intent log contains
1254		 * many txg's worth of changes.
1255		 *
1256		 * In particular, if object N is in the unlinked set in
1257		 * the last txg to actually sync, then it could be
1258		 * actually freed in a later txg and then reallocated
1259		 * in a yet later txg.  This would write a "create
1260		 * object N" record to the intent log.  Normally, this
1261		 * would be fine because the spa_sync() would have
1262		 * written out the fact that object N is free, before
1263		 * we could write the "create object N" intent log
1264		 * record.
1265		 *
1266		 * But when we are in ziltest mode, we advance the "open
1267		 * txg" without actually spa_sync()-ing the changes to
1268		 * disk.  So we would see that object N is still
1269		 * allocated and in the unlinked set, and there is an
1270		 * intent log record saying to allocate it.
1271		 */
1272		if (spa_writeable(dmu_objset_spa(zfsvfs->z_os))) {
1273			if (zil_replay_disable) {
1274				zil_destroy(zfsvfs->z_log, B_FALSE);
1275			} else {
1276				zfsvfs->z_replay = B_TRUE;
1277				zil_replay(zfsvfs->z_os, zfsvfs,
1278				    zfs_replay_vector);
1279				zfsvfs->z_replay = B_FALSE;
1280			}
1281		}
1282
1283		/* restore readonly bit */
1284		if (readonly != 0)
1285			zfsvfs->z_vfs->vfs_flag |= VFS_RDONLY;
1286	}
1287
1288	/*
1289	 * Set the objset user_ptr to track its zfsvfs.
1290	 */
1291	mutex_enter(&zfsvfs->z_os->os_user_ptr_lock);
1292	dmu_objset_set_user(zfsvfs->z_os, zfsvfs);
1293	mutex_exit(&zfsvfs->z_os->os_user_ptr_lock);
1294
1295	return (0);
1296}
1297
1298void
1299zfsvfs_free(zfsvfs_t *zfsvfs)
1300{
1301	int i;
1302	extern krwlock_t zfsvfs_lock; /* in zfs_znode.c */
1303
1304	/*
1305	 * This is a barrier to prevent the filesystem from going away in
1306	 * zfs_znode_move() until we can safely ensure that the filesystem is
1307	 * not unmounted. We consider the filesystem valid before the barrier
1308	 * and invalid after the barrier.
1309	 */
1310	rw_enter(&zfsvfs_lock, RW_READER);
1311	rw_exit(&zfsvfs_lock);
1312
1313	zfs_fuid_destroy(zfsvfs);
1314
1315	mutex_destroy(&zfsvfs->z_znodes_lock);
1316	mutex_destroy(&zfsvfs->z_lock);
1317	list_destroy(&zfsvfs->z_all_znodes);
1318	rrm_destroy(&zfsvfs->z_teardown_lock);
1319	rw_destroy(&zfsvfs->z_teardown_inactive_lock);
1320	rw_destroy(&zfsvfs->z_fuid_lock);
1321	for (i = 0; i != ZFS_OBJ_MTX_SZ; i++)
1322		mutex_destroy(&zfsvfs->z_hold_mtx[i]);
1323	kmem_free(zfsvfs, sizeof (zfsvfs_t));
1324}
1325
1326static void
1327zfs_set_fuid_feature(zfsvfs_t *zfsvfs)
1328{
1329	zfsvfs->z_use_fuids = USE_FUIDS(zfsvfs->z_version, zfsvfs->z_os);
1330	if (zfsvfs->z_vfs) {
1331		if (zfsvfs->z_use_fuids) {
1332			vfs_set_feature(zfsvfs->z_vfs, VFSFT_XVATTR);
1333			vfs_set_feature(zfsvfs->z_vfs, VFSFT_SYSATTR_VIEWS);
1334			vfs_set_feature(zfsvfs->z_vfs, VFSFT_ACEMASKONACCESS);
1335			vfs_set_feature(zfsvfs->z_vfs, VFSFT_ACLONCREATE);
1336			vfs_set_feature(zfsvfs->z_vfs, VFSFT_ACCESS_FILTER);
1337			vfs_set_feature(zfsvfs->z_vfs, VFSFT_REPARSE);
1338		} else {
1339			vfs_clear_feature(zfsvfs->z_vfs, VFSFT_XVATTR);
1340			vfs_clear_feature(zfsvfs->z_vfs, VFSFT_SYSATTR_VIEWS);
1341			vfs_clear_feature(zfsvfs->z_vfs, VFSFT_ACEMASKONACCESS);
1342			vfs_clear_feature(zfsvfs->z_vfs, VFSFT_ACLONCREATE);
1343			vfs_clear_feature(zfsvfs->z_vfs, VFSFT_ACCESS_FILTER);
1344			vfs_clear_feature(zfsvfs->z_vfs, VFSFT_REPARSE);
1345		}
1346	}
1347	zfsvfs->z_use_sa = USE_SA(zfsvfs->z_version, zfsvfs->z_os);
1348}
1349
1350static int
1351zfs_domount(vfs_t *vfsp, char *osname)
1352{
1353	dev_t mount_dev;
1354	uint64_t recordsize, fsid_guid;
1355	int error = 0;
1356	zfsvfs_t *zfsvfs;
1357	boolean_t readonly = vfsp->vfs_flag & VFS_RDONLY ? B_TRUE : B_FALSE;
1358
1359	ASSERT(vfsp);
1360	ASSERT(osname);
1361
1362	error = zfsvfs_create(osname, readonly, &zfsvfs);
1363	if (error)
1364		return (error);
1365	zfsvfs->z_vfs = vfsp;
1366
1367	/* Initialize the generic filesystem structure. */
1368	vfsp->vfs_bcount = 0;
1369	vfsp->vfs_data = NULL;
1370
1371	if (zfs_create_unique_device(&mount_dev) == -1) {
1372		error = SET_ERROR(ENODEV);
1373		goto out;
1374	}
1375	ASSERT(vfs_devismounted(mount_dev) == 0);
1376
1377	if (error = dsl_prop_get_integer(osname, "recordsize", &recordsize,
1378	    NULL))
1379		goto out;
1380
1381	vfsp->vfs_dev = mount_dev;
1382	vfsp->vfs_fstype = zfsfstype;
1383	vfsp->vfs_bsize = recordsize;
1384	vfsp->vfs_flag |= VFS_NOTRUNC;
1385	vfsp->vfs_data = zfsvfs;
1386
1387	/*
1388	 * The fsid is 64 bits, composed of an 8-bit fs type, which
1389	 * separates our fsid from any other filesystem types, and a
1390	 * 56-bit objset unique ID.  The objset unique ID is unique to
1391	 * all objsets open on this system, provided by unique_create().
1392	 * The 8-bit fs type must be put in the low bits of fsid[1]
1393	 * because that's where other Solaris filesystems put it.
1394	 */
1395	fsid_guid = dmu_objset_fsid_guid(zfsvfs->z_os);
1396	ASSERT((fsid_guid & ~((1ULL<<56)-1)) == 0);
1397	vfsp->vfs_fsid.val[0] = fsid_guid;
1398	vfsp->vfs_fsid.val[1] = ((fsid_guid>>32) << 8) |
1399	    zfsfstype & 0xFF;
1400
1401	/*
1402	 * Set features for file system.
1403	 */
1404	zfs_set_fuid_feature(zfsvfs);
1405	if (zfsvfs->z_case == ZFS_CASE_INSENSITIVE) {
1406		vfs_set_feature(vfsp, VFSFT_DIRENTFLAGS);
1407		vfs_set_feature(vfsp, VFSFT_CASEINSENSITIVE);
1408		vfs_set_feature(vfsp, VFSFT_NOCASESENSITIVE);
1409	} else if (zfsvfs->z_case == ZFS_CASE_MIXED) {
1410		vfs_set_feature(vfsp, VFSFT_DIRENTFLAGS);
1411		vfs_set_feature(vfsp, VFSFT_CASEINSENSITIVE);
1412	}
1413	vfs_set_feature(vfsp, VFSFT_ZEROCOPY_SUPPORTED);
1414
1415	if (dmu_objset_is_snapshot(zfsvfs->z_os)) {
1416		uint64_t pval;
1417
1418		atime_changed_cb(zfsvfs, B_FALSE);
1419		readonly_changed_cb(zfsvfs, B_TRUE);
1420		if (error = dsl_prop_get_integer(osname, "xattr", &pval, NULL))
1421			goto out;
1422		xattr_changed_cb(zfsvfs, pval);
1423		zfsvfs->z_issnap = B_TRUE;
1424		zfsvfs->z_os->os_sync = ZFS_SYNC_DISABLED;
1425
1426		mutex_enter(&zfsvfs->z_os->os_user_ptr_lock);
1427		dmu_objset_set_user(zfsvfs->z_os, zfsvfs);
1428		mutex_exit(&zfsvfs->z_os->os_user_ptr_lock);
1429	} else {
1430		error = zfsvfs_setup(zfsvfs, B_TRUE);
1431	}
1432
1433	if (!zfsvfs->z_issnap)
1434		zfsctl_create(zfsvfs);
1435out:
1436	if (error) {
1437		dmu_objset_disown(zfsvfs->z_os, B_TRUE, zfsvfs);
1438		zfsvfs_free(zfsvfs);
1439	} else {
1440		atomic_inc_32(&zfs_active_fs_count);
1441	}
1442
1443	return (error);
1444}
1445
1446void
1447zfs_unregister_callbacks(zfsvfs_t *zfsvfs)
1448{
1449	objset_t *os = zfsvfs->z_os;
1450
1451	if (!dmu_objset_is_snapshot(os))
1452		dsl_prop_unregister_all(dmu_objset_ds(os), zfsvfs);
1453}
1454
1455/*
1456 * Convert a decimal digit string to a uint64_t integer.
1457 */
1458static int
1459str_to_uint64(char *str, uint64_t *objnum)
1460{
1461	uint64_t num = 0;
1462
1463	while (*str) {
1464		if (*str < '0' || *str > '9')
1465			return (SET_ERROR(EINVAL));
1466
1467		num = num*10 + *str++ - '0';
1468	}
1469
1470	*objnum = num;
1471	return (0);
1472}
1473
1474/*
1475 * The boot path passed from the boot loader is in the form of
1476 * "rootpool-name/root-filesystem-object-number'. Convert this
1477 * string to a dataset name: "rootpool-name/root-filesystem-name".
1478 */
1479static int
1480zfs_parse_bootfs(char *bpath, char *outpath)
1481{
1482	char *slashp;
1483	uint64_t objnum;
1484	int error;
1485
1486	if (*bpath == 0 || *bpath == '/')
1487		return (SET_ERROR(EINVAL));
1488
1489	(void) strcpy(outpath, bpath);
1490
1491	slashp = strchr(bpath, '/');
1492
1493	/* if no '/', just return the pool name */
1494	if (slashp == NULL) {
1495		return (0);
1496	}
1497
1498	/* if not a number, just return the root dataset name */
1499	if (str_to_uint64(slashp+1, &objnum)) {
1500		return (0);
1501	}
1502
1503	*slashp = '\0';
1504	error = dsl_dsobj_to_dsname(bpath, objnum, outpath);
1505	*slashp = '/';
1506
1507	return (error);
1508}
1509
1510/*
1511 * Check that the hex label string is appropriate for the dataset being
1512 * mounted into the global_zone proper.
1513 *
1514 * Return an error if the hex label string is not default or
1515 * admin_low/admin_high.  For admin_low labels, the corresponding
1516 * dataset must be readonly.
1517 */
1518int
1519zfs_check_global_label(const char *dsname, const char *hexsl)
1520{
1521	if (strcasecmp(hexsl, ZFS_MLSLABEL_DEFAULT) == 0)
1522		return (0);
1523	if (strcasecmp(hexsl, ADMIN_HIGH) == 0)
1524		return (0);
1525	if (strcasecmp(hexsl, ADMIN_LOW) == 0) {
1526		/* must be readonly */
1527		uint64_t rdonly;
1528
1529		if (dsl_prop_get_integer(dsname,
1530		    zfs_prop_to_name(ZFS_PROP_READONLY), &rdonly, NULL))
1531			return (SET_ERROR(EACCES));
1532		return (rdonly ? 0 : EACCES);
1533	}
1534	return (SET_ERROR(EACCES));
1535}
1536
1537static int
1538zfs_statfs_project(zfsvfs_t *zfsvfs, znode_t *zp, struct statvfs64 *statp,
1539    uint32_t bshift)
1540{
1541	char buf[20 + DMU_OBJACCT_PREFIX_LEN];
1542	uint64_t offset = DMU_OBJACCT_PREFIX_LEN;
1543	uint64_t quota;
1544	uint64_t used;
1545	int err;
1546
1547	strlcpy(buf, DMU_OBJACCT_PREFIX, DMU_OBJACCT_PREFIX_LEN + 1);
1548	err = id_to_fuidstr(zfsvfs, NULL, zp->z_projid, buf + offset, B_FALSE);
1549	if (err)
1550		return (err);
1551
1552	if (zfsvfs->z_projectquota_obj == 0)
1553		goto objs;
1554
1555	err = zap_lookup(zfsvfs->z_os, zfsvfs->z_projectquota_obj,
1556	    buf + offset, 8, 1, &quota);
1557	if (err == ENOENT)
1558		goto objs;
1559	else if (err)
1560		return (err);
1561
1562	err = zap_lookup(zfsvfs->z_os, DMU_PROJECTUSED_OBJECT,
1563	    buf + offset, 8, 1, &used);
1564	if (unlikely(err == ENOENT)) {
1565		uint32_t blksize;
1566		u_longlong_t nblocks;
1567
1568		/*
1569		 * Quota accounting is async, so it is possible race case.
1570		 * There is at least one object with the given project ID.
1571		 */
1572		sa_object_size(zp->z_sa_hdl, &blksize, &nblocks);
1573		if (unlikely(zp->z_blksz == 0))
1574			blksize = zfsvfs->z_max_blksz;
1575
1576		used = blksize * nblocks;
1577	} else if (err) {
1578		return (err);
1579	}
1580
1581	statp->f_blocks = quota >> bshift;
1582	statp->f_bfree = (quota > used) ? ((quota - used) >> bshift) : 0;
1583	statp->f_bavail = statp->f_bfree;
1584
1585objs:
1586	if (zfsvfs->z_projectobjquota_obj == 0)
1587		return (0);
1588
1589	err = zap_lookup(zfsvfs->z_os, zfsvfs->z_projectobjquota_obj,
1590	    buf + offset, 8, 1, &quota);
1591	if (err == ENOENT)
1592		return (0);
1593	else if (err)
1594		return (err);
1595
1596	err = zap_lookup(zfsvfs->z_os, DMU_PROJECTUSED_OBJECT,
1597	    buf, 8, 1, &used);
1598	if (unlikely(err == ENOENT)) {
1599		/*
1600		 * Quota accounting is async, so it is possible race case.
1601		 * There is at least one object with the given project ID.
1602		 */
1603		used = 1;
1604	} else if (err) {
1605		return (err);
1606	}
1607
1608	statp->f_files = quota;
1609	statp->f_ffree = (quota > used) ? (quota - used) : 0;
1610
1611	return (0);
1612}
1613
1614/*
1615 * Determine whether the mount is allowed according to MAC check.
1616 * by comparing (where appropriate) label of the dataset against
1617 * the label of the zone being mounted into.  If the dataset has
1618 * no label, create one.
1619 *
1620 * Returns 0 if access allowed, error otherwise (e.g. EACCES)
1621 */
1622static int
1623zfs_mount_label_policy(vfs_t *vfsp, char *osname)
1624{
1625	int		error, retv;
1626	zone_t		*mntzone = NULL;
1627	ts_label_t	*mnt_tsl;
1628	bslabel_t	*mnt_sl;
1629	bslabel_t	ds_sl;
1630	char		ds_hexsl[MAXNAMELEN];
1631
1632	retv = EACCES;				/* assume the worst */
1633
1634	/*
1635	 * Start by getting the dataset label if it exists.
1636	 */
1637	error = dsl_prop_get(osname, zfs_prop_to_name(ZFS_PROP_MLSLABEL),
1638	    1, sizeof (ds_hexsl), &ds_hexsl, NULL);
1639	if (error)
1640		return (SET_ERROR(EACCES));
1641
1642	/*
1643	 * If labeling is NOT enabled, then disallow the mount of datasets
1644	 * which have a non-default label already.  No other label checks
1645	 * are needed.
1646	 */
1647	if (!is_system_labeled()) {
1648		if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) == 0)
1649			return (0);
1650		return (SET_ERROR(EACCES));
1651	}
1652
1653	/*
1654	 * Get the label of the mountpoint.  If mounting into the global
1655	 * zone (i.e. mountpoint is not within an active zone and the
1656	 * zoned property is off), the label must be default or
1657	 * admin_low/admin_high only; no other checks are needed.
1658	 */
1659	mntzone = zone_find_by_any_path(refstr_value(vfsp->vfs_mntpt), B_FALSE);
1660	if (mntzone->zone_id == GLOBAL_ZONEID) {
1661		uint64_t zoned;
1662
1663		zone_rele(mntzone);
1664
1665		if (dsl_prop_get_integer(osname,
1666		    zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL))
1667			return (SET_ERROR(EACCES));
1668		if (!zoned)
1669			return (zfs_check_global_label(osname, ds_hexsl));
1670		else
1671			/*
1672			 * This is the case of a zone dataset being mounted
1673			 * initially, before the zone has been fully created;
1674			 * allow this mount into global zone.
1675			 */
1676			return (0);
1677	}
1678
1679	mnt_tsl = mntzone->zone_slabel;
1680	ASSERT(mnt_tsl != NULL);
1681	label_hold(mnt_tsl);
1682	mnt_sl = label2bslabel(mnt_tsl);
1683
1684	if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) == 0) {
1685		/*
1686		 * The dataset doesn't have a real label, so fabricate one.
1687		 */
1688		char *str = NULL;
1689
1690		if (l_to_str_internal(mnt_sl, &str) == 0 &&
1691		    dsl_prop_set_string(osname,
1692		    zfs_prop_to_name(ZFS_PROP_MLSLABEL),
1693		    ZPROP_SRC_LOCAL, str) == 0)
1694			retv = 0;
1695		if (str != NULL)
1696			kmem_free(str, strlen(str) + 1);
1697	} else if (hexstr_to_label(ds_hexsl, &ds_sl) == 0) {
1698		/*
1699		 * Now compare labels to complete the MAC check.  If the
1700		 * labels are equal then allow access.  If the mountpoint
1701		 * label dominates the dataset label, allow readonly access.
1702		 * Otherwise, access is denied.
1703		 */
1704		if (blequal(mnt_sl, &ds_sl))
1705			retv = 0;
1706		else if (bldominates(mnt_sl, &ds_sl)) {
1707			vfs_setmntopt(vfsp, MNTOPT_RO, NULL, 0);
1708			retv = 0;
1709		}
1710	}
1711
1712	label_rele(mnt_tsl);
1713	zone_rele(mntzone);
1714	return (retv);
1715}
1716
1717/*
1718 * Load a string-valued boot property and attempt to convert it to a 64-bit
1719 * unsigned integer.  If the value is not present, or the conversion fails,
1720 * return the provided default value.
1721 */
1722static uint64_t
1723spa_get_bootprop_uint64(const char *name, uint64_t defval)
1724{
1725	char *propval;
1726	u_longlong_t r;
1727	int e;
1728
1729	if ((propval = spa_get_bootprop(name)) == NULL) {
1730		/*
1731		 * The property does not exist.
1732		 */
1733		return (defval);
1734	}
1735
1736	e = ddi_strtoull(propval, NULL, 10, &r);
1737
1738	spa_free_bootprop(propval);
1739
1740	/*
1741	 * If the conversion succeeded, return the value.  If there was any
1742	 * kind of failure, just return the default value.
1743	 */
1744	return (e == 0 ? r : defval);
1745}
1746
1747static int
1748zfs_mountroot(vfs_t *vfsp, enum whymountroot why)
1749{
1750	int error = 0;
1751	static int zfsrootdone = 0;
1752	zfsvfs_t *zfsvfs = NULL;
1753	znode_t *zp = NULL;
1754	vnode_t *vp = NULL;
1755	char *zfs_bootfs;
1756	char *zfs_devid;
1757	uint64_t zfs_bootpool;
1758	uint64_t zfs_bootvdev;
1759
1760	ASSERT(vfsp);
1761
1762	/*
1763	 * The filesystem that we mount as root is defined in the
1764	 * boot property "zfs-bootfs" with a format of
1765	 * "poolname/root-dataset-objnum".
1766	 */
1767	if (why == ROOT_INIT) {
1768		if (zfsrootdone++)
1769			return (SET_ERROR(EBUSY));
1770
1771		/*
1772		 * the process of doing a spa_load will require the
1773		 * clock to be set before we could (for example) do
1774		 * something better by looking at the timestamp on
1775		 * an uberblock, so just set it to -1.
1776		 */
1777		clkset(-1);
1778
1779		if ((zfs_bootfs = spa_get_bootprop("zfs-bootfs")) == NULL) {
1780			cmn_err(CE_NOTE, "spa_get_bootfs: can not get "
1781			    "bootfs name");
1782			return (SET_ERROR(EINVAL));
1783		}
1784		zfs_devid = spa_get_bootprop("diskdevid");
1785
1786		/*
1787		 * The boot loader may also provide us with the GUID for both
1788		 * the pool and the nominated boot vdev.  A GUID value of 0 is
1789		 * explicitly invalid (see "spa_change_guid()"), so we use this
1790		 * as a sentinel value when no GUID is present.
1791		 */
1792		zfs_bootpool = spa_get_bootprop_uint64("zfs-bootpool", 0);
1793		zfs_bootvdev = spa_get_bootprop_uint64("zfs-bootvdev", 0);
1794
1795		/*
1796		 * Initialise the early boot device rescan mechanism.  A scan
1797		 * will not actually be performed unless we need to do so in
1798		 * order to find the correct /devices path for a relocated
1799		 * device.
1800		 */
1801		vdev_disk_preroot_init();
1802
1803		error = spa_import_rootpool(rootfs.bo_name, zfs_devid,
1804		    zfs_bootpool, zfs_bootvdev);
1805
1806		spa_free_bootprop(zfs_devid);
1807
1808		if (error != 0) {
1809			spa_free_bootprop(zfs_bootfs);
1810			vdev_disk_preroot_fini();
1811			cmn_err(CE_NOTE, "spa_import_rootpool: error %d",
1812			    error);
1813			return (error);
1814		}
1815
1816		if (error = zfs_parse_bootfs(zfs_bootfs, rootfs.bo_name)) {
1817			spa_free_bootprop(zfs_bootfs);
1818			vdev_disk_preroot_fini();
1819			cmn_err(CE_NOTE, "zfs_parse_bootfs: error %d",
1820			    error);
1821			return (error);
1822		}
1823
1824		spa_free_bootprop(zfs_bootfs);
1825		vdev_disk_preroot_fini();
1826
1827		if (error = vfs_lock(vfsp))
1828			return (error);
1829
1830		if (error = zfs_domount(vfsp, rootfs.bo_name)) {
1831			cmn_err(CE_NOTE, "zfs_domount: error %d", error);
1832			goto out;
1833		}
1834
1835		zfsvfs = (zfsvfs_t *)vfsp->vfs_data;
1836		ASSERT(zfsvfs);
1837		if (error = zfs_zget(zfsvfs, zfsvfs->z_root, &zp)) {
1838			cmn_err(CE_NOTE, "zfs_zget: error %d", error);
1839			goto out;
1840		}
1841
1842		vp = ZTOV(zp);
1843		mutex_enter(&vp->v_lock);
1844		vp->v_flag |= VROOT;
1845		mutex_exit(&vp->v_lock);
1846		rootvp = vp;
1847
1848		/*
1849		 * Leave rootvp held.  The root file system is never unmounted.
1850		 */
1851
1852		vfs_add((struct vnode *)0, vfsp,
1853		    (vfsp->vfs_flag & VFS_RDONLY) ? MS_RDONLY : 0);
1854out:
1855		vfs_unlock(vfsp);
1856		return (error);
1857	} else if (why == ROOT_REMOUNT) {
1858		readonly_changed_cb(vfsp->vfs_data, B_FALSE);
1859		vfsp->vfs_flag |= VFS_REMOUNT;
1860
1861		/* refresh mount options */
1862		zfs_unregister_callbacks(vfsp->vfs_data);
1863		return (zfs_register_callbacks(vfsp));
1864
1865	} else if (why == ROOT_UNMOUNT) {
1866		zfs_unregister_callbacks((zfsvfs_t *)vfsp->vfs_data);
1867		(void) zfs_sync(vfsp, 0, 0);
1868		return (0);
1869	}
1870
1871	/*
1872	 * if "why" is equal to anything else other than ROOT_INIT,
1873	 * ROOT_REMOUNT, or ROOT_UNMOUNT, we do not support it.
1874	 */
1875	return (SET_ERROR(ENOTSUP));
1876}
1877
1878/*ARGSUSED*/
1879static int
1880zfs_mount(vfs_t *vfsp, vnode_t *mvp, struct mounta *uap, cred_t *cr)
1881{
1882	char		*osname;
1883	pathname_t	spn;
1884	int		error = 0;
1885	uio_seg_t	fromspace = (uap->flags & MS_SYSSPACE) ?
1886	    UIO_SYSSPACE : UIO_USERSPACE;
1887	int		canwrite;
1888
1889	if (mvp->v_type != VDIR)
1890		return (SET_ERROR(ENOTDIR));
1891
1892	mutex_enter(&mvp->v_lock);
1893	if ((uap->flags & MS_REMOUNT) == 0 &&
1894	    (uap->flags & MS_OVERLAY) == 0 &&
1895	    (mvp->v_count != 1 || (mvp->v_flag & VROOT))) {
1896		mutex_exit(&mvp->v_lock);
1897		return (SET_ERROR(EBUSY));
1898	}
1899	mutex_exit(&mvp->v_lock);
1900
1901	/*
1902	 * ZFS does not support passing unparsed data in via MS_DATA.
1903	 * Users should use the MS_OPTIONSTR interface; this means
1904	 * that all option parsing is already done and the options struct
1905	 * can be interrogated.
1906	 */
1907	if ((uap->flags & MS_DATA) && uap->datalen > 0)
1908		return (SET_ERROR(EINVAL));
1909
1910	/*
1911	 * Get the objset name (the "special" mount argument).
1912	 */
1913	if (error = pn_get(uap->spec, fromspace, &spn))
1914		return (error);
1915
1916	osname = spn.pn_path;
1917
1918	/*
1919	 * Check for mount privilege?
1920	 *
1921	 * If we don't have privilege then see if
1922	 * we have local permission to allow it
1923	 */
1924	error = secpolicy_fs_mount(cr, mvp, vfsp);
1925	if (error) {
1926		if (dsl_deleg_access(osname, ZFS_DELEG_PERM_MOUNT, cr) == 0) {
1927			vattr_t		vattr;
1928
1929			/*
1930			 * Make sure user is the owner of the mount point
1931			 * or has sufficient privileges.
1932			 */
1933
1934			vattr.va_mask = AT_UID;
1935
1936			if (VOP_GETATTR(mvp, &vattr, 0, cr, NULL)) {
1937				goto out;
1938			}
1939
1940			if (secpolicy_vnode_owner(cr, vattr.va_uid) != 0 &&
1941			    VOP_ACCESS(mvp, VWRITE, 0, cr, NULL) != 0) {
1942				goto out;
1943			}
1944			secpolicy_fs_mount_clearopts(cr, vfsp);
1945		} else {
1946			goto out;
1947		}
1948	}
1949
1950	/*
1951	 * Refuse to mount a filesystem if we are in a local zone and the
1952	 * dataset is not visible.
1953	 */
1954	if (!INGLOBALZONE(curproc) &&
1955	    (!zone_dataset_visible(osname, &canwrite) || !canwrite)) {
1956		error = SET_ERROR(EPERM);
1957		goto out;
1958	}
1959
1960	error = zfs_mount_label_policy(vfsp, osname);
1961	if (error)
1962		goto out;
1963
1964	/*
1965	 * When doing a remount, we simply refresh our temporary properties
1966	 * according to those options set in the current VFS options.
1967	 */
1968	if (uap->flags & MS_REMOUNT) {
1969		/* refresh mount options */
1970		zfs_unregister_callbacks(vfsp->vfs_data);
1971		error = zfs_register_callbacks(vfsp);
1972		goto out;
1973	}
1974
1975	error = zfs_domount(vfsp, osname);
1976
1977	/*
1978	 * Add an extra VFS_HOLD on our parent vfs so that it can't
1979	 * disappear due to a forced unmount.
1980	 */
1981	if (error == 0 && ((zfsvfs_t *)vfsp->vfs_data)->z_issnap)
1982		VFS_HOLD(mvp->v_vfsp);
1983
1984out:
1985	pn_free(&spn);
1986	return (error);
1987}
1988
1989static int
1990zfs_statvfs(vfs_t *vfsp, struct statvfs64 *statp)
1991{
1992	zfsvfs_t *zfsvfs = vfsp->vfs_data;
1993	dev32_t d32;
1994	uint64_t refdbytes, availbytes, usedobjs, availobjs;
1995	int err = 0;
1996
1997	ZFS_ENTER(zfsvfs);
1998
1999	dmu_objset_space(zfsvfs->z_os,
2000	    &refdbytes, &availbytes, &usedobjs, &availobjs);
2001
2002	/*
2003	 * The underlying storage pool actually uses multiple block sizes.
2004	 * We report the fragsize as the smallest block size we support,
2005	 * and we report our blocksize as the filesystem's maximum blocksize.
2006	 */
2007	statp->f_frsize = 1UL << SPA_MINBLOCKSHIFT;
2008	statp->f_bsize = zfsvfs->z_max_blksz;
2009
2010	/*
2011	 * The following report "total" blocks of various kinds in the
2012	 * file system, but reported in terms of f_frsize - the
2013	 * "fragment" size.
2014	 */
2015
2016	statp->f_blocks = (refdbytes + availbytes) >> SPA_MINBLOCKSHIFT;
2017	statp->f_bfree = availbytes >> SPA_MINBLOCKSHIFT;
2018	statp->f_bavail = statp->f_bfree; /* no root reservation */
2019
2020	/*
2021	 * statvfs() should really be called statufs(), because it assumes
2022	 * static metadata.  ZFS doesn't preallocate files, so the best
2023	 * we can do is report the max that could possibly fit in f_files,
2024	 * and that minus the number actually used in f_ffree.
2025	 * For f_ffree, report the smaller of the number of object available
2026	 * and the number of blocks (each object will take at least a block).
2027	 */
2028	statp->f_ffree = MIN(availobjs, statp->f_bfree);
2029	statp->f_favail = statp->f_ffree;	/* no "root reservation" */
2030	statp->f_files = statp->f_ffree + usedobjs;
2031
2032	(void) cmpldev(&d32, vfsp->vfs_dev);
2033	statp->f_fsid = d32;
2034
2035	/*
2036	 * We're a zfs filesystem.
2037	 */
2038	(void) strcpy(statp->f_basetype, vfssw[vfsp->vfs_fstype].vsw_name);
2039
2040	statp->f_flag = vf_to_stf(vfsp->vfs_flag);
2041
2042	statp->f_namemax = MAXNAMELEN - 1;
2043
2044	/*
2045	 * We have all of 32 characters to stuff a string here.
2046	 * Is there anything useful we could/should provide?
2047	 */
2048	bzero(statp->f_fstr, sizeof (statp->f_fstr));
2049
2050	if (dmu_objset_projectquota_enabled(zfsvfs->z_os) &&
2051	    dmu_objset_projectquota_present(zfsvfs->z_os)) {
2052		znode_t *zp;
2053
2054		/*
2055		 * In ZoL, zfs_statvfs is passed a Linux dentry (directory
2056		 * entry), instead of a vfsp. The ZoL code uses the dentry
2057		 * to get the znode from the dentry's inode. This represents
2058		 * whatever filename was passed to the user-level statvfs
2059		 * syscall.
2060		 *
2061		 * We're using the VFS root znode here, so this represents a
2062		 * potential difference from ZoL.
2063		 */
2064		if (zfs_zget(zfsvfs, zfsvfs->z_root, &zp) == 0) {
2065			uint32_t bshift = ddi_fls(statp->f_bsize) - 1;
2066
2067			if (zp->z_pflags & ZFS_PROJINHERIT && zp->z_projid &&
2068			    zpl_is_valid_projid(zp->z_projid))
2069				err = zfs_statfs_project(zfsvfs, zp, statp,
2070				    bshift);
2071			VN_RELE(ZTOV(zp));
2072		}
2073	}
2074
2075	ZFS_EXIT(zfsvfs);
2076	return (err);
2077}
2078
2079static int
2080zfs_root(vfs_t *vfsp, vnode_t **vpp)
2081{
2082	zfsvfs_t *zfsvfs = vfsp->vfs_data;
2083	znode_t *rootzp;
2084	int error;
2085
2086	ZFS_ENTER(zfsvfs);
2087
2088	error = zfs_zget(zfsvfs, zfsvfs->z_root, &rootzp);
2089	if (error == 0)
2090		*vpp = ZTOV(rootzp);
2091
2092	ZFS_EXIT(zfsvfs);
2093	return (error);
2094}
2095
2096/*
2097 * Teardown the zfsvfs::z_os.
2098 *
2099 * Note, if 'unmounting' is FALSE, we return with the 'z_teardown_lock'
2100 * and 'z_teardown_inactive_lock' held.
2101 */
2102static int
2103zfsvfs_teardown(zfsvfs_t *zfsvfs, boolean_t unmounting)
2104{
2105	znode_t	*zp;
2106
2107	zfs_unlinked_drain_stop_wait(zfsvfs);
2108
2109	rrm_enter(&zfsvfs->z_teardown_lock, RW_WRITER, FTAG);
2110
2111	if (!unmounting) {
2112		/*
2113		 * We purge the parent filesystem's vfsp as the parent
2114		 * filesystem and all of its snapshots have their vnode's
2115		 * v_vfsp set to the parent's filesystem's vfsp.  Note,
2116		 * 'z_parent' is self referential for non-snapshots.
2117		 */
2118		(void) dnlc_purge_vfsp(zfsvfs->z_parent->z_vfs, 0);
2119	}
2120
2121	/*
2122	 * Close the zil. NB: Can't close the zil while zfs_inactive
2123	 * threads are blocked as zil_close can call zfs_inactive.
2124	 */
2125	if (zfsvfs->z_log) {
2126		zil_close(zfsvfs->z_log);
2127		zfsvfs->z_log = NULL;
2128	}
2129
2130	rw_enter(&zfsvfs->z_teardown_inactive_lock, RW_WRITER);
2131
2132	/*
2133	 * If we are not unmounting (ie: online recv) and someone already
2134	 * unmounted this file system while we were doing the switcheroo,
2135	 * or a reopen of z_os failed then just bail out now.
2136	 */
2137	if (!unmounting && (zfsvfs->z_unmounted || zfsvfs->z_os == NULL)) {
2138		rw_exit(&zfsvfs->z_teardown_inactive_lock);
2139		rrm_exit(&zfsvfs->z_teardown_lock, FTAG);
2140		return (SET_ERROR(EIO));
2141	}
2142
2143	/*
2144	 * At this point there are no vops active, and any new vops will
2145	 * fail with EIO since we have z_teardown_lock for writer (only
2146	 * relavent for forced unmount).
2147	 *
2148	 * Release all holds on dbufs.
2149	 */
2150	mutex_enter(&zfsvfs->z_znodes_lock);
2151	for (zp = list_head(&zfsvfs->z_all_znodes); zp != NULL;
2152	    zp = list_next(&zfsvfs->z_all_znodes, zp))
2153		if (zp->z_sa_hdl) {
2154			ASSERT(ZTOV(zp)->v_count > 0);
2155			zfs_znode_dmu_fini(zp);
2156		}
2157	mutex_exit(&zfsvfs->z_znodes_lock);
2158
2159	/*
2160	 * If we are unmounting, set the unmounted flag and let new vops
2161	 * unblock.  zfs_inactive will have the unmounted behavior, and all
2162	 * other vops will fail with EIO.
2163	 */
2164	if (unmounting) {
2165		zfsvfs->z_unmounted = B_TRUE;
2166		rw_exit(&zfsvfs->z_teardown_inactive_lock);
2167		rrm_exit(&zfsvfs->z_teardown_lock, FTAG);
2168	}
2169
2170	/*
2171	 * z_os will be NULL if there was an error in attempting to reopen
2172	 * zfsvfs, so just return as the properties had already been
2173	 * unregistered and cached data had been evicted before.
2174	 */
2175	if (zfsvfs->z_os == NULL)
2176		return (0);
2177
2178	/*
2179	 * Unregister properties.
2180	 */
2181	zfs_unregister_callbacks(zfsvfs);
2182
2183	/*
2184	 * Evict cached data
2185	 */
2186	if (dsl_dataset_is_dirty(dmu_objset_ds(zfsvfs->z_os)) &&
2187	    !(zfsvfs->z_vfs->vfs_flag & VFS_RDONLY))
2188		txg_wait_synced(dmu_objset_pool(zfsvfs->z_os), 0);
2189	dmu_objset_evict_dbufs(zfsvfs->z_os);
2190
2191	return (0);
2192}
2193
2194/*ARGSUSED*/
2195static int
2196zfs_umount(vfs_t *vfsp, int fflag, cred_t *cr)
2197{
2198	zfsvfs_t *zfsvfs = vfsp->vfs_data;
2199	objset_t *os;
2200	int ret;
2201
2202	ret = secpolicy_fs_unmount(cr, vfsp);
2203	if (ret) {
2204		if (dsl_deleg_access((char *)refstr_value(vfsp->vfs_resource),
2205		    ZFS_DELEG_PERM_MOUNT, cr))
2206			return (ret);
2207	}
2208
2209	/*
2210	 * We purge the parent filesystem's vfsp as the parent filesystem
2211	 * and all of its snapshots have their vnode's v_vfsp set to the
2212	 * parent's filesystem's vfsp.  Note, 'z_parent' is self
2213	 * referential for non-snapshots.
2214	 */
2215	(void) dnlc_purge_vfsp(zfsvfs->z_parent->z_vfs, 0);
2216
2217	/*
2218	 * Unmount any snapshots mounted under .zfs before unmounting the
2219	 * dataset itself.
2220	 */
2221	if (zfsvfs->z_ctldir != NULL &&
2222	    (ret = zfsctl_umount_snapshots(vfsp, fflag, cr)) != 0) {
2223		return (ret);
2224	}
2225
2226	if (!(fflag & MS_FORCE)) {
2227		/*
2228		 * Check the number of active vnodes in the file system.
2229		 * Our count is maintained in the vfs structure, but the
2230		 * number is off by 1 to indicate a hold on the vfs
2231		 * structure itself.
2232		 */
2233		boolean_t draining;
2234		uint_t thresh = 1;
2235
2236		/*
2237		 * The '.zfs' directory maintains a reference of its own, and
2238		 * any active references underneath are reflected in the vnode
2239		 * count. Allow one additional reference for it.
2240		 */
2241		if (zfsvfs->z_ctldir != NULL)
2242			thresh++;
2243
2244		/*
2245		 * If it's running, the asynchronous unlinked drain task needs
2246		 * to be stopped before the number of active vnodes can be
2247		 * reliably checked.
2248		 */
2249		draining = zfsvfs->z_draining;
2250		if (draining)
2251			zfs_unlinked_drain_stop_wait(zfsvfs);
2252
2253		if (vfsp->vfs_count > thresh || (zfsvfs->z_ctldir != NULL &&
2254		    zfsvfs->z_ctldir->v_count > 1)) {
2255			if (draining) {
2256				/* If it was draining, restart the task */
2257				zfs_unlinked_drain(zfsvfs);
2258			}
2259			return (SET_ERROR(EBUSY));
2260		}
2261	}
2262
2263	vfsp->vfs_flag |= VFS_UNMOUNTED;
2264
2265	VERIFY(zfsvfs_teardown(zfsvfs, B_TRUE) == 0);
2266	os = zfsvfs->z_os;
2267
2268	/*
2269	 * z_os will be NULL if there was an error in
2270	 * attempting to reopen zfsvfs.
2271	 */
2272	if (os != NULL) {
2273		/*
2274		 * Unset the objset user_ptr.
2275		 */
2276		mutex_enter(&os->os_user_ptr_lock);
2277		dmu_objset_set_user(os, NULL);
2278		mutex_exit(&os->os_user_ptr_lock);
2279
2280		/*
2281		 * Finally release the objset
2282		 */
2283		dmu_objset_disown(os, B_TRUE, zfsvfs);
2284	}
2285
2286	/*
2287	 * We can now safely destroy the '.zfs' directory node.
2288	 */
2289	if (zfsvfs->z_ctldir != NULL)
2290		zfsctl_destroy(zfsvfs);
2291
2292	return (0);
2293}
2294
2295static int
2296zfs_vget(vfs_t *vfsp, vnode_t **vpp, fid_t *fidp)
2297{
2298	zfsvfs_t	*zfsvfs = vfsp->vfs_data;
2299	znode_t		*zp;
2300	uint64_t	object = 0;
2301	uint64_t	fid_gen = 0;
2302	uint64_t	gen_mask;
2303	uint64_t	zp_gen;
2304	int		i, err;
2305
2306	*vpp = NULL;
2307
2308	ZFS_ENTER(zfsvfs);
2309
2310	if (fidp->fid_len == LONG_FID_LEN) {
2311		zfid_long_t	*zlfid = (zfid_long_t *)fidp;
2312		uint64_t	objsetid = 0;
2313		uint64_t	setgen = 0;
2314
2315		for (i = 0; i < sizeof (zlfid->zf_setid); i++)
2316			objsetid |= ((uint64_t)zlfid->zf_setid[i]) << (8 * i);
2317
2318		for (i = 0; i < sizeof (zlfid->zf_setgen); i++)
2319			setgen |= ((uint64_t)zlfid->zf_setgen[i]) << (8 * i);
2320
2321		ZFS_EXIT(zfsvfs);
2322
2323		err = zfsctl_lookup_objset(vfsp, objsetid, &zfsvfs);
2324		if (err)
2325			return (SET_ERROR(EINVAL));
2326		ZFS_ENTER(zfsvfs);
2327	}
2328
2329	if (fidp->fid_len == SHORT_FID_LEN || fidp->fid_len == LONG_FID_LEN) {
2330		zfid_short_t	*zfid = (zfid_short_t *)fidp;
2331
2332		for (i = 0; i < sizeof (zfid->zf_object); i++)
2333			object |= ((uint64_t)zfid->zf_object[i]) << (8 * i);
2334
2335		for (i = 0; i < sizeof (zfid->zf_gen); i++)
2336			fid_gen |= ((uint64_t)zfid->zf_gen[i]) << (8 * i);
2337	} else {
2338		ZFS_EXIT(zfsvfs);
2339		return (SET_ERROR(EINVAL));
2340	}
2341
2342	/* A zero fid_gen means we are in the .zfs control directories */
2343	if (fid_gen == 0 &&
2344	    (object == ZFSCTL_INO_ROOT || object == ZFSCTL_INO_SNAPDIR)) {
2345		*vpp = zfsvfs->z_ctldir;
2346		ASSERT(*vpp != NULL);
2347		if (object == ZFSCTL_INO_SNAPDIR) {
2348			VERIFY(zfsctl_root_lookup(*vpp, "snapshot", vpp, NULL,
2349			    0, NULL, NULL, NULL, NULL, NULL) == 0);
2350		} else {
2351			VN_HOLD(*vpp);
2352		}
2353		ZFS_EXIT(zfsvfs);
2354		return (0);
2355	}
2356
2357	gen_mask = -1ULL >> (64 - 8 * i);
2358
2359	dprintf("getting %llu [%u mask %llx]\n", object, fid_gen, gen_mask);
2360	if (err = zfs_zget(zfsvfs, object, &zp)) {
2361		ZFS_EXIT(zfsvfs);
2362		return (err);
2363	}
2364	(void) sa_lookup(zp->z_sa_hdl, SA_ZPL_GEN(zfsvfs), &zp_gen,
2365	    sizeof (uint64_t));
2366	zp_gen = zp_gen & gen_mask;
2367	if (zp_gen == 0)
2368		zp_gen = 1;
2369	if (zp->z_unlinked || zp_gen != fid_gen) {
2370		dprintf("znode gen (%u) != fid gen (%u)\n", zp_gen, fid_gen);
2371		VN_RELE(ZTOV(zp));
2372		ZFS_EXIT(zfsvfs);
2373		return (SET_ERROR(EINVAL));
2374	}
2375
2376	*vpp = ZTOV(zp);
2377	ZFS_EXIT(zfsvfs);
2378	return (0);
2379}
2380
2381/*
2382 * Block out VOPs and close zfsvfs_t::z_os
2383 *
2384 * Note, if successful, then we return with the 'z_teardown_lock' and
2385 * 'z_teardown_inactive_lock' write held.  We leave ownership of the underlying
2386 * dataset and objset intact so that they can be atomically handed off during
2387 * a subsequent rollback or recv operation and the resume thereafter.
2388 */
2389int
2390zfs_suspend_fs(zfsvfs_t *zfsvfs)
2391{
2392	int error;
2393
2394	if ((error = zfsvfs_teardown(zfsvfs, B_FALSE)) != 0)
2395		return (error);
2396
2397	return (0);
2398}
2399
2400/*
2401 * Rebuild SA and release VOPs.  Note that ownership of the underlying dataset
2402 * is an invariant across any of the operations that can be performed while the
2403 * filesystem was suspended.  Whether it succeeded or failed, the preconditions
2404 * are the same: the relevant objset and associated dataset are owned by
2405 * zfsvfs, held, and long held on entry.
2406 */
2407int
2408zfs_resume_fs(zfsvfs_t *zfsvfs, dsl_dataset_t *ds)
2409{
2410	int err;
2411	znode_t *zp;
2412
2413	ASSERT(RRM_WRITE_HELD(&zfsvfs->z_teardown_lock));
2414	ASSERT(RW_WRITE_HELD(&zfsvfs->z_teardown_inactive_lock));
2415
2416	/*
2417	 * We already own this, so just update the objset_t, as the one we
2418	 * had before may have been evicted.
2419	 */
2420	objset_t *os;
2421	VERIFY3P(ds->ds_owner, ==, zfsvfs);
2422	VERIFY(dsl_dataset_long_held(ds));
2423	VERIFY0(dmu_objset_from_ds(ds, &os));
2424
2425	err = zfsvfs_init(zfsvfs, os);
2426	if (err != 0)
2427		goto bail;
2428
2429	VERIFY(zfsvfs_setup(zfsvfs, B_FALSE) == 0);
2430
2431	zfs_set_fuid_feature(zfsvfs);
2432
2433	/*
2434	 * Attempt to re-establish all the active znodes with
2435	 * their dbufs.  If a zfs_rezget() fails, then we'll let
2436	 * any potential callers discover that via ZFS_ENTER_VERIFY_VP
2437	 * when they try to use their znode.
2438	 */
2439	mutex_enter(&zfsvfs->z_znodes_lock);
2440	for (zp = list_head(&zfsvfs->z_all_znodes); zp;
2441	    zp = list_next(&zfsvfs->z_all_znodes, zp)) {
2442		(void) zfs_rezget(zp);
2443	}
2444	mutex_exit(&zfsvfs->z_znodes_lock);
2445
2446	if (((zfsvfs->z_vfs->vfs_flag & VFS_RDONLY) == 0) &&
2447	    !zfsvfs->z_unmounted) {
2448		/*
2449		 * zfs_suspend_fs() could have interrupted freeing
2450		 * of dnodes. We need to restart this freeing so
2451		 * that we don't "leak" the space.
2452		 */
2453		zfs_unlinked_drain(zfsvfs);
2454	}
2455
2456bail:
2457	/* release the VOPs */
2458	rw_exit(&zfsvfs->z_teardown_inactive_lock);
2459	rrm_exit(&zfsvfs->z_teardown_lock, FTAG);
2460
2461	if (err) {
2462		/*
2463		 * Since we couldn't setup the sa framework, try to force
2464		 * unmount this file system.
2465		 */
2466		if (vn_vfswlock(zfsvfs->z_vfs->vfs_vnodecovered) == 0)
2467			(void) dounmount(zfsvfs->z_vfs, MS_FORCE, CRED());
2468	}
2469	return (err);
2470}
2471
2472static void
2473zfs_freevfs(vfs_t *vfsp)
2474{
2475	zfsvfs_t *zfsvfs = vfsp->vfs_data;
2476
2477	/*
2478	 * If this is a snapshot, we have an extra VFS_HOLD on our parent
2479	 * from zfs_mount().  Release it here.  If we came through
2480	 * zfs_mountroot() instead, we didn't grab an extra hold, so
2481	 * skip the VFS_RELE for rootvfs.
2482	 */
2483	if (zfsvfs->z_issnap && (vfsp != rootvfs))
2484		VFS_RELE(zfsvfs->z_parent->z_vfs);
2485
2486	zfsvfs_free(zfsvfs);
2487
2488	atomic_dec_32(&zfs_active_fs_count);
2489}
2490
2491/*
2492 * VFS_INIT() initialization.  Note that there is no VFS_FINI(),
2493 * so we can't safely do any non-idempotent initialization here.
2494 * Leave that to zfs_init() and zfs_fini(), which are called
2495 * from the module's _init() and _fini() entry points.
2496 */
2497/*ARGSUSED*/
2498static int
2499zfs_vfsinit(int fstype, char *name)
2500{
2501	int error;
2502
2503	zfsfstype = fstype;
2504
2505	/*
2506	 * Setup vfsops and vnodeops tables.
2507	 */
2508	error = vfs_setfsops(fstype, zfs_vfsops_template, &zfs_vfsops);
2509	if (error != 0) {
2510		cmn_err(CE_WARN, "zfs: bad vfs ops template");
2511	}
2512
2513	error = zfs_create_op_tables();
2514	if (error) {
2515		zfs_remove_op_tables();
2516		cmn_err(CE_WARN, "zfs: bad vnode ops template");
2517		(void) vfs_freevfsops_by_type(zfsfstype);
2518		return (error);
2519	}
2520
2521	mutex_init(&zfs_dev_mtx, NULL, MUTEX_DEFAULT, NULL);
2522
2523	/*
2524	 * Unique major number for all zfs mounts.
2525	 * If we run out of 32-bit minors, we'll getudev() another major.
2526	 */
2527	zfs_major = ddi_name_to_major(ZFS_DRIVER);
2528	zfs_minor = ZFS_MIN_MINOR;
2529
2530	return (0);
2531}
2532
2533void
2534zfs_init(void)
2535{
2536	/*
2537	 * Initialize .zfs directory structures
2538	 */
2539	zfsctl_init();
2540
2541	/*
2542	 * Initialize znode cache, vnode ops, etc...
2543	 */
2544	zfs_znode_init();
2545
2546	dmu_objset_register_type(DMU_OST_ZFS, zfs_space_delta_cb);
2547}
2548
2549void
2550zfs_fini(void)
2551{
2552	zfsctl_fini();
2553	zfs_znode_fini();
2554}
2555
2556int
2557zfs_busy(void)
2558{
2559	return (zfs_active_fs_count != 0);
2560}
2561
2562int
2563zfs_set_version(zfsvfs_t *zfsvfs, uint64_t newvers)
2564{
2565	int error;
2566	objset_t *os = zfsvfs->z_os;
2567	dmu_tx_t *tx;
2568
2569	if (newvers < ZPL_VERSION_INITIAL || newvers > ZPL_VERSION)
2570		return (SET_ERROR(EINVAL));
2571
2572	if (newvers < zfsvfs->z_version)
2573		return (SET_ERROR(EINVAL));
2574
2575	if (zfs_spa_version_map(newvers) >
2576	    spa_version(dmu_objset_spa(zfsvfs->z_os)))
2577		return (SET_ERROR(ENOTSUP));
2578
2579	tx = dmu_tx_create(os);
2580	dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, B_FALSE, ZPL_VERSION_STR);
2581	if (newvers >= ZPL_VERSION_SA && !zfsvfs->z_use_sa) {
2582		dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, B_TRUE,
2583		    ZFS_SA_ATTRS);
2584		dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL);
2585	}
2586	error = dmu_tx_assign(tx, TXG_WAIT);
2587	if (error) {
2588		dmu_tx_abort(tx);
2589		return (error);
2590	}
2591
2592	error = zap_update(os, MASTER_NODE_OBJ, ZPL_VERSION_STR,
2593	    8, 1, &newvers, tx);
2594
2595	if (error) {
2596		dmu_tx_commit(tx);
2597		return (error);
2598	}
2599
2600	if (newvers >= ZPL_VERSION_SA && !zfsvfs->z_use_sa) {
2601		uint64_t sa_obj;
2602
2603		ASSERT3U(spa_version(dmu_objset_spa(zfsvfs->z_os)), >=,
2604		    SPA_VERSION_SA);
2605		sa_obj = zap_create(os, DMU_OT_SA_MASTER_NODE,
2606		    DMU_OT_NONE, 0, tx);
2607
2608		error = zap_add(os, MASTER_NODE_OBJ,
2609		    ZFS_SA_ATTRS, 8, 1, &sa_obj, tx);
2610		ASSERT0(error);
2611
2612		VERIFY(0 == sa_set_sa_object(os, sa_obj));
2613		sa_register_update_callback(os, zfs_sa_upgrade);
2614	}
2615
2616	spa_history_log_internal_ds(dmu_objset_ds(os), "upgrade", tx,
2617	    "from %llu to %llu", zfsvfs->z_version, newvers);
2618
2619	dmu_tx_commit(tx);
2620
2621	zfsvfs->z_version = newvers;
2622	os->os_version = newvers;
2623
2624	zfs_set_fuid_feature(zfsvfs);
2625
2626	return (0);
2627}
2628
2629/*
2630 * Read a property stored within the master node.
2631 */
2632int
2633zfs_get_zplprop(objset_t *os, zfs_prop_t prop, uint64_t *value)
2634{
2635	uint64_t *cached_copy = NULL;
2636
2637	/*
2638	 * Figure out where in the objset_t the cached copy would live, if it
2639	 * is available for the requested property.
2640	 */
2641	if (os != NULL) {
2642		switch (prop) {
2643		case ZFS_PROP_VERSION:
2644			cached_copy = &os->os_version;
2645			break;
2646		case ZFS_PROP_NORMALIZE:
2647			cached_copy = &os->os_normalization;
2648			break;
2649		case ZFS_PROP_UTF8ONLY:
2650			cached_copy = &os->os_utf8only;
2651			break;
2652		case ZFS_PROP_CASE:
2653			cached_copy = &os->os_casesensitivity;
2654			break;
2655		default:
2656			break;
2657		}
2658	}
2659	if (cached_copy != NULL && *cached_copy != OBJSET_PROP_UNINITIALIZED) {
2660		*value = *cached_copy;
2661		return (0);
2662	}
2663
2664	/*
2665	 * If the property wasn't cached, look up the file system's value for
2666	 * the property. For the version property, we look up a slightly
2667	 * different string.
2668	 */
2669	const char *pname;
2670	int error = ENOENT;
2671	if (prop == ZFS_PROP_VERSION) {
2672		pname = ZPL_VERSION_STR;
2673	} else {
2674		pname = zfs_prop_to_name(prop);
2675	}
2676
2677	if (os != NULL) {
2678		ASSERT3U(os->os_phys->os_type, ==, DMU_OST_ZFS);
2679		error = zap_lookup(os, MASTER_NODE_OBJ, pname, 8, 1, value);
2680	}
2681
2682	if (error == ENOENT) {
2683		/* No value set, use the default value */
2684		switch (prop) {
2685		case ZFS_PROP_VERSION:
2686			*value = ZPL_VERSION;
2687			break;
2688		case ZFS_PROP_NORMALIZE:
2689		case ZFS_PROP_UTF8ONLY:
2690			*value = 0;
2691			break;
2692		case ZFS_PROP_CASE:
2693			*value = ZFS_CASE_SENSITIVE;
2694			break;
2695		default:
2696			return (error);
2697		}
2698		error = 0;
2699	}
2700
2701	/*
2702	 * If one of the methods for getting the property value above worked,
2703	 * copy it into the objset_t's cache.
2704	 */
2705	if (error == 0 && cached_copy != NULL) {
2706		*cached_copy = *value;
2707	}
2708
2709	return (error);
2710}
2711
2712/*
2713 * Return true if the coresponding vfs's unmounted flag is set.
2714 * Otherwise return false.
2715 * If this function returns true we know VFS unmount has been initiated.
2716 */
2717boolean_t
2718zfs_get_vfs_flag_unmounted(objset_t *os)
2719{
2720	zfsvfs_t *zfvp;
2721	boolean_t unmounted = B_FALSE;
2722
2723	ASSERT(dmu_objset_type(os) == DMU_OST_ZFS);
2724
2725	mutex_enter(&os->os_user_ptr_lock);
2726	zfvp = dmu_objset_get_user(os);
2727	if (zfvp != NULL && zfvp->z_vfs != NULL &&
2728	    (zfvp->z_vfs->vfs_flag & VFS_UNMOUNTED))
2729		unmounted = B_TRUE;
2730	mutex_exit(&os->os_user_ptr_lock);
2731
2732	return (unmounted);
2733}
2734
2735static vfsdef_t vfw = {
2736	VFSDEF_VERSION,
2737	MNTTYPE_ZFS,
2738	zfs_vfsinit,
2739	VSW_HASPROTO|VSW_CANRWRO|VSW_CANREMOUNT|VSW_VOLATILEDEV|VSW_STATS|
2740	    VSW_XID|VSW_ZMOUNT,
2741	&zfs_mntopts
2742};
2743
2744struct modlfs zfs_modlfs = {
2745	&mod_fsops, "ZFS filesystem version " SPA_VERSION_STRING, &vfw
2746};
2747