xref: /illumos-gate/usr/src/uts/common/fs/zfs/dmu_recv.c (revision ef96fc31)
10fa1b3ccSPaul Dagnelie /*
20fa1b3ccSPaul Dagnelie  * CDDL HEADER START
30fa1b3ccSPaul Dagnelie  *
40fa1b3ccSPaul Dagnelie  * The contents of this file are subject to the terms of the
50fa1b3ccSPaul Dagnelie  * Common Development and Distribution License (the "License").
60fa1b3ccSPaul Dagnelie  * You may not use this file except in compliance with the License.
70fa1b3ccSPaul Dagnelie  *
80fa1b3ccSPaul Dagnelie  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
90fa1b3ccSPaul Dagnelie  * or http://www.opensolaris.org/os/licensing.
100fa1b3ccSPaul Dagnelie  * See the License for the specific language governing permissions
110fa1b3ccSPaul Dagnelie  * and limitations under the License.
120fa1b3ccSPaul Dagnelie  *
130fa1b3ccSPaul Dagnelie  * When distributing Covered Code, include this CDDL HEADER in each
140fa1b3ccSPaul Dagnelie  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
150fa1b3ccSPaul Dagnelie  * If applicable, add the following below this CDDL HEADER, with the
160fa1b3ccSPaul Dagnelie  * fields enclosed by brackets "[]" replaced with your own identifying
170fa1b3ccSPaul Dagnelie  * information: Portions Copyright [yyyy] [name of copyright owner]
180fa1b3ccSPaul Dagnelie  *
190fa1b3ccSPaul Dagnelie  * CDDL HEADER END
200fa1b3ccSPaul Dagnelie  */
210fa1b3ccSPaul Dagnelie /*
220fa1b3ccSPaul Dagnelie  * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
230fa1b3ccSPaul Dagnelie  * Copyright 2011 Nexenta Systems, Inc. All rights reserved.
240fa1b3ccSPaul Dagnelie  * Copyright (c) 2011, 2015 by Delphix. All rights reserved.
250fa1b3ccSPaul Dagnelie  * Copyright (c) 2014, Joyent, Inc. All rights reserved.
260fa1b3ccSPaul Dagnelie  * Copyright 2014 HybridCluster. All rights reserved.
270fa1b3ccSPaul Dagnelie  * Copyright 2016 RackTop Systems.
280fa1b3ccSPaul Dagnelie  * Copyright (c) 2014 Integros [integros.com]
290fa1b3ccSPaul Dagnelie  */
300fa1b3ccSPaul Dagnelie 
310fa1b3ccSPaul Dagnelie #include <sys/dmu.h>
320fa1b3ccSPaul Dagnelie #include <sys/dmu_impl.h>
330fa1b3ccSPaul Dagnelie #include <sys/dmu_tx.h>
340fa1b3ccSPaul Dagnelie #include <sys/dbuf.h>
350fa1b3ccSPaul Dagnelie #include <sys/dnode.h>
360fa1b3ccSPaul Dagnelie #include <sys/zfs_context.h>
370fa1b3ccSPaul Dagnelie #include <sys/dmu_objset.h>
380fa1b3ccSPaul Dagnelie #include <sys/dmu_traverse.h>
390fa1b3ccSPaul Dagnelie #include <sys/dsl_dataset.h>
400fa1b3ccSPaul Dagnelie #include <sys/dsl_dir.h>
410fa1b3ccSPaul Dagnelie #include <sys/dsl_prop.h>
420fa1b3ccSPaul Dagnelie #include <sys/dsl_pool.h>
430fa1b3ccSPaul Dagnelie #include <sys/dsl_synctask.h>
440fa1b3ccSPaul Dagnelie #include <sys/zfs_ioctl.h>
450fa1b3ccSPaul Dagnelie #include <sys/zap.h>
460fa1b3ccSPaul Dagnelie #include <sys/zio_checksum.h>
470fa1b3ccSPaul Dagnelie #include <sys/zfs_znode.h>
480fa1b3ccSPaul Dagnelie #include <zfs_fletcher.h>
490fa1b3ccSPaul Dagnelie #include <sys/avl.h>
500fa1b3ccSPaul Dagnelie #include <sys/ddt.h>
510fa1b3ccSPaul Dagnelie #include <sys/zfs_onexit.h>
520fa1b3ccSPaul Dagnelie #include <sys/dmu_recv.h>
530fa1b3ccSPaul Dagnelie #include <sys/dsl_destroy.h>
540fa1b3ccSPaul Dagnelie #include <sys/blkptr.h>
550fa1b3ccSPaul Dagnelie #include <sys/dsl_bookmark.h>
560fa1b3ccSPaul Dagnelie #include <sys/zfeature.h>
570fa1b3ccSPaul Dagnelie #include <sys/bqueue.h>
580fa1b3ccSPaul Dagnelie 
590fa1b3ccSPaul Dagnelie int zfs_recv_queue_length = SPA_MAXBLOCKSIZE;
600fa1b3ccSPaul Dagnelie 
610fa1b3ccSPaul Dagnelie static char *dmu_recv_tag = "dmu_recv_tag";
620fa1b3ccSPaul Dagnelie const char *recv_clone_name = "%recv";
630fa1b3ccSPaul Dagnelie 
640fa1b3ccSPaul Dagnelie static void byteswap_record(dmu_replay_record_t *drr);
650fa1b3ccSPaul Dagnelie 
660fa1b3ccSPaul Dagnelie typedef struct dmu_recv_begin_arg {
670fa1b3ccSPaul Dagnelie 	const char *drba_origin;
680fa1b3ccSPaul Dagnelie 	dmu_recv_cookie_t *drba_cookie;
690fa1b3ccSPaul Dagnelie 	cred_t *drba_cred;
70eb633035STom Caputi 	dsl_crypto_params_t *drba_dcp;
710fa1b3ccSPaul Dagnelie } dmu_recv_begin_arg_t;
720fa1b3ccSPaul Dagnelie 
730fa1b3ccSPaul Dagnelie static int
recv_begin_check_existing_impl(dmu_recv_begin_arg_t * drba,dsl_dataset_t * ds,uint64_t fromguid,uint64_t featureflags)740fa1b3ccSPaul Dagnelie recv_begin_check_existing_impl(dmu_recv_begin_arg_t *drba, dsl_dataset_t *ds,
756ccda740Sloli     uint64_t fromguid, uint64_t featureflags)
760fa1b3ccSPaul Dagnelie {
770fa1b3ccSPaul Dagnelie 	uint64_t val;
780fa1b3ccSPaul Dagnelie 	int error;
790fa1b3ccSPaul Dagnelie 	dsl_pool_t *dp = ds->ds_dir->dd_pool;
80eb633035STom Caputi 	boolean_t encrypted = ds->ds_dir->dd_crypto_obj != 0;
81eb633035STom Caputi 	boolean_t raw = (featureflags & DMU_BACKUP_FEATURE_RAW) != 0;
82eb633035STom Caputi 	boolean_t embed = (featureflags & DMU_BACKUP_FEATURE_EMBED_DATA) != 0;
830fa1b3ccSPaul Dagnelie 
840fa1b3ccSPaul Dagnelie 	/* temporary clone name must not exist */
850fa1b3ccSPaul Dagnelie 	error = zap_lookup(dp->dp_meta_objset,
860fa1b3ccSPaul Dagnelie 	    dsl_dir_phys(ds->ds_dir)->dd_child_dir_zapobj, recv_clone_name,
870fa1b3ccSPaul Dagnelie 	    8, 1, &val);
880fa1b3ccSPaul Dagnelie 	if (error != ENOENT)
890fa1b3ccSPaul Dagnelie 		return (error == 0 ? EBUSY : error);
900fa1b3ccSPaul Dagnelie 
910fa1b3ccSPaul Dagnelie 	/* new snapshot name must not exist */
920fa1b3ccSPaul Dagnelie 	error = zap_lookup(dp->dp_meta_objset,
930fa1b3ccSPaul Dagnelie 	    dsl_dataset_phys(ds)->ds_snapnames_zapobj,
940fa1b3ccSPaul Dagnelie 	    drba->drba_cookie->drc_tosnap, 8, 1, &val);
950fa1b3ccSPaul Dagnelie 	if (error != ENOENT)
960fa1b3ccSPaul Dagnelie 		return (error == 0 ? EEXIST : error);
970fa1b3ccSPaul Dagnelie 
980fa1b3ccSPaul Dagnelie 	/*
990fa1b3ccSPaul Dagnelie 	 * Check snapshot limit before receiving. We'll recheck again at the
1000fa1b3ccSPaul Dagnelie 	 * end, but might as well abort before receiving if we're already over
1010fa1b3ccSPaul Dagnelie 	 * the limit.
1020fa1b3ccSPaul Dagnelie 	 *
1030fa1b3ccSPaul Dagnelie 	 * Note that we do not check the file system limit with
1040fa1b3ccSPaul Dagnelie 	 * dsl_dir_fscount_check because the temporary %clones don't count
1050fa1b3ccSPaul Dagnelie 	 * against that limit.
1060fa1b3ccSPaul Dagnelie 	 */
1070fa1b3ccSPaul Dagnelie 	error = dsl_fs_ss_limit_check(ds->ds_dir, 1, ZFS_PROP_SNAPSHOT_LIMIT,
1080fa1b3ccSPaul Dagnelie 	    NULL, drba->drba_cred);
1090fa1b3ccSPaul Dagnelie 	if (error != 0)
1100fa1b3ccSPaul Dagnelie 		return (error);
1110fa1b3ccSPaul Dagnelie 
1120fa1b3ccSPaul Dagnelie 	if (fromguid != 0) {
1130fa1b3ccSPaul Dagnelie 		dsl_dataset_t *snap;
1140fa1b3ccSPaul Dagnelie 		uint64_t obj = dsl_dataset_phys(ds)->ds_prev_snap_obj;
1150fa1b3ccSPaul Dagnelie 
116eb633035STom Caputi 		/* Can't raw receive on top of an unencrypted dataset */
117eb633035STom Caputi 		if (!encrypted && raw)
118eb633035STom Caputi 			return (SET_ERROR(EINVAL));
119eb633035STom Caputi 
120eb633035STom Caputi 		/* Encryption is incompatible with embedded data */
121eb633035STom Caputi 		if (encrypted && embed)
122eb633035STom Caputi 			return (SET_ERROR(EINVAL));
123eb633035STom Caputi 
1240fa1b3ccSPaul Dagnelie 		/* Find snapshot in this dir that matches fromguid. */
1250fa1b3ccSPaul Dagnelie 		while (obj != 0) {
1260fa1b3ccSPaul Dagnelie 			error = dsl_dataset_hold_obj(dp, obj, FTAG,
1270fa1b3ccSPaul Dagnelie 			    &snap);
1280fa1b3ccSPaul Dagnelie 			if (error != 0)
1290fa1b3ccSPaul Dagnelie 				return (SET_ERROR(ENODEV));
1300fa1b3ccSPaul Dagnelie 			if (snap->ds_dir != ds->ds_dir) {
1310fa1b3ccSPaul Dagnelie 				dsl_dataset_rele(snap, FTAG);
1320fa1b3ccSPaul Dagnelie 				return (SET_ERROR(ENODEV));
1330fa1b3ccSPaul Dagnelie 			}
1340fa1b3ccSPaul Dagnelie 			if (dsl_dataset_phys(snap)->ds_guid == fromguid)
1350fa1b3ccSPaul Dagnelie 				break;
1360fa1b3ccSPaul Dagnelie 			obj = dsl_dataset_phys(snap)->ds_prev_snap_obj;
1370fa1b3ccSPaul Dagnelie 			dsl_dataset_rele(snap, FTAG);
1380fa1b3ccSPaul Dagnelie 		}
1390fa1b3ccSPaul Dagnelie 		if (obj == 0)
1400fa1b3ccSPaul Dagnelie 			return (SET_ERROR(ENODEV));
1410fa1b3ccSPaul Dagnelie 
1420fa1b3ccSPaul Dagnelie 		if (drba->drba_cookie->drc_force) {
143eb633035STom Caputi 			drba->drba_cookie->drc_fromsnapobj = obj;
1440fa1b3ccSPaul Dagnelie 		} else {
1450fa1b3ccSPaul Dagnelie 			/*
1460fa1b3ccSPaul Dagnelie 			 * If we are not forcing, there must be no
1470fa1b3ccSPaul Dagnelie 			 * changes since fromsnap.
1480fa1b3ccSPaul Dagnelie 			 */
1490fa1b3ccSPaul Dagnelie 			if (dsl_dataset_modified_since_snap(ds, snap)) {
1500fa1b3ccSPaul Dagnelie 				dsl_dataset_rele(snap, FTAG);
1510fa1b3ccSPaul Dagnelie 				return (SET_ERROR(ETXTBSY));
1520fa1b3ccSPaul Dagnelie 			}
153eb633035STom Caputi 			drba->drba_cookie->drc_fromsnapobj =
154eb633035STom Caputi 			    ds->ds_prev->ds_object;
1550fa1b3ccSPaul Dagnelie 		}
1560fa1b3ccSPaul Dagnelie 
1570fa1b3ccSPaul Dagnelie 		dsl_dataset_rele(snap, FTAG);
1580fa1b3ccSPaul Dagnelie 	} else {
1590fa1b3ccSPaul Dagnelie 		/* if full, then must be forced */
1600fa1b3ccSPaul Dagnelie 		if (!drba->drba_cookie->drc_force)
1610fa1b3ccSPaul Dagnelie 			return (SET_ERROR(EEXIST));
162eb633035STom Caputi 
163eb633035STom Caputi 		/*
164eb633035STom Caputi 		 * We don't support using zfs recv -F to blow away
165eb633035STom Caputi 		 * encrypted filesystems. This would require the
166eb633035STom Caputi 		 * dsl dir to point to the old encryption key and
167eb633035STom Caputi 		 * the new one at the same time during the receive.
168eb633035STom Caputi 		 */
169eb633035STom Caputi 		if ((!encrypted && raw) || encrypted)
170eb633035STom Caputi 			return (SET_ERROR(EINVAL));
171eb633035STom Caputi 
172eb633035STom Caputi 		/*
173eb633035STom Caputi 		 * Perform the same encryption checks we would if
174eb633035STom Caputi 		 * we were creating a new dataset from scratch.
175eb633035STom Caputi 		 */
176eb633035STom Caputi 		if (!raw) {
177eb633035STom Caputi 			boolean_t will_encrypt;
178eb633035STom Caputi 
179eb633035STom Caputi 			error = dmu_objset_create_crypt_check(
180eb633035STom Caputi 			    ds->ds_dir->dd_parent, drba->drba_dcp,
181eb633035STom Caputi 			    &will_encrypt);
182eb633035STom Caputi 			if (error != 0)
183eb633035STom Caputi 				return (error);
184eb633035STom Caputi 
185eb633035STom Caputi 			if (will_encrypt && embed)
186eb633035STom Caputi 				return (SET_ERROR(EINVAL));
187eb633035STom Caputi 		}
188eb633035STom Caputi 
189eb633035STom Caputi 		drba->drba_cookie->drc_fromsnapobj = 0;
1900fa1b3ccSPaul Dagnelie 	}
1910fa1b3ccSPaul Dagnelie 
1920fa1b3ccSPaul Dagnelie 	return (0);
1930fa1b3ccSPaul Dagnelie 
1940fa1b3ccSPaul Dagnelie }
1950fa1b3ccSPaul Dagnelie 
1960fa1b3ccSPaul Dagnelie static int
dmu_recv_begin_check(void * arg,dmu_tx_t * tx)1970fa1b3ccSPaul Dagnelie dmu_recv_begin_check(void *arg, dmu_tx_t *tx)
1980fa1b3ccSPaul Dagnelie {
1990fa1b3ccSPaul Dagnelie 	dmu_recv_begin_arg_t *drba = arg;
2000fa1b3ccSPaul Dagnelie 	dsl_pool_t *dp = dmu_tx_pool(tx);
2010fa1b3ccSPaul Dagnelie 	struct drr_begin *drrb = drba->drba_cookie->drc_drrb;
2020fa1b3ccSPaul Dagnelie 	uint64_t fromguid = drrb->drr_fromguid;
2030fa1b3ccSPaul Dagnelie 	int flags = drrb->drr_flags;
204*ef96fc31SToomas Soome 	ds_hold_flags_t dsflags = DS_HOLD_FLAG_NONE;
2050fa1b3ccSPaul Dagnelie 	int error;
2060fa1b3ccSPaul Dagnelie 	uint64_t featureflags = DMU_GET_FEATUREFLAGS(drrb->drr_versioninfo);
2070fa1b3ccSPaul Dagnelie 	dsl_dataset_t *ds;
2080fa1b3ccSPaul Dagnelie 	const char *tofs = drba->drba_cookie->drc_tofs;
2090fa1b3ccSPaul Dagnelie 
2100fa1b3ccSPaul Dagnelie 	/* already checked */
2110fa1b3ccSPaul Dagnelie 	ASSERT3U(drrb->drr_magic, ==, DMU_BACKUP_MAGIC);
2120fa1b3ccSPaul Dagnelie 	ASSERT(!(featureflags & DMU_BACKUP_FEATURE_RESUMING));
2130fa1b3ccSPaul Dagnelie 
2140fa1b3ccSPaul Dagnelie 	if (DMU_GET_STREAM_HDRTYPE(drrb->drr_versioninfo) ==
2150fa1b3ccSPaul Dagnelie 	    DMU_COMPOUNDSTREAM ||
2160fa1b3ccSPaul Dagnelie 	    drrb->drr_type >= DMU_OST_NUMTYPES ||
2170fa1b3ccSPaul Dagnelie 	    ((flags & DRR_FLAG_CLONE) && drba->drba_origin == NULL))
2180fa1b3ccSPaul Dagnelie 		return (SET_ERROR(EINVAL));
2190fa1b3ccSPaul Dagnelie 
2200fa1b3ccSPaul Dagnelie 	/* Verify pool version supports SA if SA_SPILL feature set */
2210fa1b3ccSPaul Dagnelie 	if ((featureflags & DMU_BACKUP_FEATURE_SA_SPILL) &&
2220fa1b3ccSPaul Dagnelie 	    spa_version(dp->dp_spa) < SPA_VERSION_SA)
2230fa1b3ccSPaul Dagnelie 		return (SET_ERROR(ENOTSUP));
2240fa1b3ccSPaul Dagnelie 
2250fa1b3ccSPaul Dagnelie 	if (drba->drba_cookie->drc_resumable &&
2260fa1b3ccSPaul Dagnelie 	    !spa_feature_is_enabled(dp->dp_spa, SPA_FEATURE_EXTENSIBLE_DATASET))
2270fa1b3ccSPaul Dagnelie 		return (SET_ERROR(ENOTSUP));
2280fa1b3ccSPaul Dagnelie 
2290fa1b3ccSPaul Dagnelie 	/*
2300fa1b3ccSPaul Dagnelie 	 * The receiving code doesn't know how to translate a WRITE_EMBEDDED
2310fa1b3ccSPaul Dagnelie 	 * record to a plain WRITE record, so the pool must have the
2320fa1b3ccSPaul Dagnelie 	 * EMBEDDED_DATA feature enabled if the stream has WRITE_EMBEDDED
2330fa1b3ccSPaul Dagnelie 	 * records.  Same with WRITE_EMBEDDED records that use LZ4 compression.
2340fa1b3ccSPaul Dagnelie 	 */
2350fa1b3ccSPaul Dagnelie 	if ((featureflags & DMU_BACKUP_FEATURE_EMBED_DATA) &&
2360fa1b3ccSPaul Dagnelie 	    !spa_feature_is_enabled(dp->dp_spa, SPA_FEATURE_EMBEDDED_DATA))
2370fa1b3ccSPaul Dagnelie 		return (SET_ERROR(ENOTSUP));
2380fa1b3ccSPaul Dagnelie 	if ((featureflags & DMU_BACKUP_FEATURE_LZ4) &&
2390fa1b3ccSPaul Dagnelie 	    !spa_feature_is_enabled(dp->dp_spa, SPA_FEATURE_LZ4_COMPRESS))
2400fa1b3ccSPaul Dagnelie 		return (SET_ERROR(ENOTSUP));
2410fa1b3ccSPaul Dagnelie 
2420fa1b3ccSPaul Dagnelie 	/*
2430fa1b3ccSPaul Dagnelie 	 * The receiving code doesn't know how to translate large blocks
2440fa1b3ccSPaul Dagnelie 	 * to smaller ones, so the pool must have the LARGE_BLOCKS
2450fa1b3ccSPaul Dagnelie 	 * feature enabled if the stream has LARGE_BLOCKS. Same with
2460fa1b3ccSPaul Dagnelie 	 * large dnodes.
2470fa1b3ccSPaul Dagnelie 	 */
2480fa1b3ccSPaul Dagnelie 	if ((featureflags & DMU_BACKUP_FEATURE_LARGE_BLOCKS) &&
2490fa1b3ccSPaul Dagnelie 	    !spa_feature_is_enabled(dp->dp_spa, SPA_FEATURE_LARGE_BLOCKS))
2500fa1b3ccSPaul Dagnelie 		return (SET_ERROR(ENOTSUP));
2510fa1b3ccSPaul Dagnelie 	if ((featureflags & DMU_BACKUP_FEATURE_LARGE_DNODE) &&
2520fa1b3ccSPaul Dagnelie 	    !spa_feature_is_enabled(dp->dp_spa, SPA_FEATURE_LARGE_DNODE))
2530fa1b3ccSPaul Dagnelie 		return (SET_ERROR(ENOTSUP));
2540fa1b3ccSPaul Dagnelie 
2556ccda740Sloli 	if (featureflags & DMU_BACKUP_FEATURE_RAW) {
256eb633035STom Caputi 		/* raw receives require the encryption feature */
257eb633035STom Caputi 		if (!spa_feature_is_enabled(dp->dp_spa, SPA_FEATURE_ENCRYPTION))
258eb633035STom Caputi 			return (SET_ERROR(ENOTSUP));
259eb633035STom Caputi 
260eb633035STom Caputi 		/* embedded data is incompatible with encryption and raw recv */
261eb633035STom Caputi 		if (featureflags & DMU_BACKUP_FEATURE_EMBED_DATA)
262eb633035STom Caputi 			return (SET_ERROR(EINVAL));
263eb633035STom Caputi 
264eb633035STom Caputi 		/* raw receives require spill block allocation flag */
265eb633035STom Caputi 		if (!(flags & DRR_FLAG_SPILL_BLOCK))
266eb633035STom Caputi 			return (SET_ERROR(ZFS_ERR_SPILL_BLOCK_FLAG_MISSING));
267eb633035STom Caputi 	} else {
268eb633035STom Caputi 		dsflags |= DS_HOLD_FLAG_DECRYPT;
269eb633035STom Caputi 	}
270eb633035STom Caputi 
271eb633035STom Caputi 	error = dsl_dataset_hold_flags(dp, tofs, dsflags, FTAG, &ds);
2720fa1b3ccSPaul Dagnelie 	if (error == 0) {
2730fa1b3ccSPaul Dagnelie 		/* target fs already exists; recv into temp clone */
2740fa1b3ccSPaul Dagnelie 
2750fa1b3ccSPaul Dagnelie 		/* Can't recv a clone into an existing fs */
2760fa1b3ccSPaul Dagnelie 		if (flags & DRR_FLAG_CLONE || drba->drba_origin) {
277eb633035STom Caputi 			dsl_dataset_rele_flags(ds, dsflags, FTAG);
2780fa1b3ccSPaul Dagnelie 			return (SET_ERROR(EINVAL));
2790fa1b3ccSPaul Dagnelie 		}
2800fa1b3ccSPaul Dagnelie 
2816ccda740Sloli 		error = recv_begin_check_existing_impl(drba, ds, fromguid,
2826ccda740Sloli 		    featureflags);
283eb633035STom Caputi 		dsl_dataset_rele_flags(ds, dsflags, FTAG);
2840fa1b3ccSPaul Dagnelie 	} else if (error == ENOENT) {
2850fa1b3ccSPaul Dagnelie 		/* target fs does not exist; must be a full backup or clone */
2860fa1b3ccSPaul Dagnelie 		char buf[ZFS_MAX_DATASET_NAME_LEN];
2870fa1b3ccSPaul Dagnelie 
2880fa1b3ccSPaul Dagnelie 		/*
2890fa1b3ccSPaul Dagnelie 		 * If it's a non-clone incremental, we are missing the
2900fa1b3ccSPaul Dagnelie 		 * target fs, so fail the recv.
2910fa1b3ccSPaul Dagnelie 		 */
2920fa1b3ccSPaul Dagnelie 		if (fromguid != 0 && !(flags & DRR_FLAG_CLONE ||
2930fa1b3ccSPaul Dagnelie 		    drba->drba_origin))
2940fa1b3ccSPaul Dagnelie 			return (SET_ERROR(ENOENT));
2950fa1b3ccSPaul Dagnelie 
2960fa1b3ccSPaul Dagnelie 		/*
2970fa1b3ccSPaul Dagnelie 		 * If we're receiving a full send as a clone, and it doesn't
2980fa1b3ccSPaul Dagnelie 		 * contain all the necessary free records and freeobject
2990fa1b3ccSPaul Dagnelie 		 * records, reject it.
3000fa1b3ccSPaul Dagnelie 		 */
3010fa1b3ccSPaul Dagnelie 		if (fromguid == 0 && drba->drba_origin &&
3020fa1b3ccSPaul Dagnelie 		    !(flags & DRR_FLAG_FREERECORDS))
3030fa1b3ccSPaul Dagnelie 			return (SET_ERROR(EINVAL));
3040fa1b3ccSPaul Dagnelie 
3050fa1b3ccSPaul Dagnelie 		/* Open the parent of tofs */
3060fa1b3ccSPaul Dagnelie 		ASSERT3U(strlen(tofs), <, sizeof (buf));
3070fa1b3ccSPaul Dagnelie 		(void) strlcpy(buf, tofs, strrchr(tofs, '/') - tofs + 1);
308a60ca23dSTom Caputi 		error = dsl_dataset_hold(dp, buf, FTAG, &ds);
3090fa1b3ccSPaul Dagnelie 		if (error != 0)
3100fa1b3ccSPaul Dagnelie 			return (error);
3110fa1b3ccSPaul Dagnelie 
312eb633035STom Caputi 		if ((featureflags & DMU_BACKUP_FEATURE_RAW) == 0 &&
313eb633035STom Caputi 		    drba->drba_origin == NULL) {
314eb633035STom Caputi 			boolean_t will_encrypt;
315eb633035STom Caputi 
316eb633035STom Caputi 			/*
317eb633035STom Caputi 			 * Check that we aren't breaking any encryption rules
318eb633035STom Caputi 			 * and that we have all the parameters we need to
319eb633035STom Caputi 			 * create an encrypted dataset if necessary. If we are
320eb633035STom Caputi 			 * making an encrypted dataset the stream can't have
321eb633035STom Caputi 			 * embedded data.
322eb633035STom Caputi 			 */
323eb633035STom Caputi 			error = dmu_objset_create_crypt_check(ds->ds_dir,
324eb633035STom Caputi 			    drba->drba_dcp, &will_encrypt);
325eb633035STom Caputi 			if (error != 0) {
326a60ca23dSTom Caputi 				dsl_dataset_rele(ds, FTAG);
327eb633035STom Caputi 				return (error);
328eb633035STom Caputi 			}
329eb633035STom Caputi 
330eb633035STom Caputi 			if (will_encrypt &&
331eb633035STom Caputi 			    (featureflags & DMU_BACKUP_FEATURE_EMBED_DATA)) {
332a60ca23dSTom Caputi 				dsl_dataset_rele(ds, FTAG);
333eb633035STom Caputi 				return (SET_ERROR(EINVAL));
334eb633035STom Caputi 			}
335eb633035STom Caputi 		}
336eb633035STom Caputi 
3370fa1b3ccSPaul Dagnelie 		/*
3380fa1b3ccSPaul Dagnelie 		 * Check filesystem and snapshot limits before receiving. We'll
3390fa1b3ccSPaul Dagnelie 		 * recheck snapshot limits again at the end (we create the
3400fa1b3ccSPaul Dagnelie 		 * filesystems and increment those counts during begin_sync).
3410fa1b3ccSPaul Dagnelie 		 */
3420fa1b3ccSPaul Dagnelie 		error = dsl_fs_ss_limit_check(ds->ds_dir, 1,
3430fa1b3ccSPaul Dagnelie 		    ZFS_PROP_FILESYSTEM_LIMIT, NULL, drba->drba_cred);
3440fa1b3ccSPaul Dagnelie 		if (error != 0) {
345a60ca23dSTom Caputi 			dsl_dataset_rele(ds, FTAG);
3460fa1b3ccSPaul Dagnelie 			return (error);
3470fa1b3ccSPaul Dagnelie 		}
3480fa1b3ccSPaul Dagnelie 
3490fa1b3ccSPaul Dagnelie 		error = dsl_fs_ss_limit_check(ds->ds_dir, 1,
3500fa1b3ccSPaul Dagnelie 		    ZFS_PROP_SNAPSHOT_LIMIT, NULL, drba->drba_cred);
3510fa1b3ccSPaul Dagnelie 		if (error != 0) {
352a60ca23dSTom Caputi 			dsl_dataset_rele(ds, FTAG);
3530fa1b3ccSPaul Dagnelie 			return (error);
3540fa1b3ccSPaul Dagnelie 		}
3550fa1b3ccSPaul Dagnelie 
3560fa1b3ccSPaul Dagnelie 		if (drba->drba_origin != NULL) {
3570fa1b3ccSPaul Dagnelie 			dsl_dataset_t *origin;
358eb633035STom Caputi 
359a60ca23dSTom Caputi 			error = dsl_dataset_hold(dp, drba->drba_origin,
360a60ca23dSTom Caputi 			    FTAG, &origin);
3610fa1b3ccSPaul Dagnelie 			if (error != 0) {
362a60ca23dSTom Caputi 				dsl_dataset_rele(ds, FTAG);
3630fa1b3ccSPaul Dagnelie 				return (error);
3640fa1b3ccSPaul Dagnelie 			}
3650fa1b3ccSPaul Dagnelie 			if (!origin->ds_is_snapshot) {
366a60ca23dSTom Caputi 				dsl_dataset_rele(origin, FTAG);
367a60ca23dSTom Caputi 				dsl_dataset_rele(ds, FTAG);
3680fa1b3ccSPaul Dagnelie 				return (SET_ERROR(EINVAL));
3690fa1b3ccSPaul Dagnelie 			}
3700fa1b3ccSPaul Dagnelie 			if (dsl_dataset_phys(origin)->ds_guid != fromguid &&
3710fa1b3ccSPaul Dagnelie 			    fromguid != 0) {
372a60ca23dSTom Caputi 				dsl_dataset_rele(origin, FTAG);
373a60ca23dSTom Caputi 				dsl_dataset_rele(ds, FTAG);
3740fa1b3ccSPaul Dagnelie 				return (SET_ERROR(ENODEV));
3750fa1b3ccSPaul Dagnelie 			}
376eb633035STom Caputi 			if (origin->ds_dir->dd_crypto_obj != 0 &&
377eb633035STom Caputi 			    (featureflags & DMU_BACKUP_FEATURE_EMBED_DATA)) {
378a60ca23dSTom Caputi 				dsl_dataset_rele(origin, FTAG);
379a60ca23dSTom Caputi 				dsl_dataset_rele(ds, FTAG);
380eb633035STom Caputi 				return (SET_ERROR(EINVAL));
381eb633035STom Caputi 			}
382a60ca23dSTom Caputi 			dsl_dataset_rele(origin, FTAG);
3830fa1b3ccSPaul Dagnelie 		}
384a60ca23dSTom Caputi 		dsl_dataset_rele(ds, FTAG);
3850fa1b3ccSPaul Dagnelie 		error = 0;
3860fa1b3ccSPaul Dagnelie 	}
3870fa1b3ccSPaul Dagnelie 	return (error);
3880fa1b3ccSPaul Dagnelie }
3890fa1b3ccSPaul Dagnelie 
3900fa1b3ccSPaul Dagnelie static void
dmu_recv_begin_sync(void * arg,dmu_tx_t * tx)3910fa1b3ccSPaul Dagnelie dmu_recv_begin_sync(void *arg, dmu_tx_t *tx)
3920fa1b3ccSPaul Dagnelie {
3930fa1b3ccSPaul Dagnelie 	dmu_recv_begin_arg_t *drba = arg;
3940fa1b3ccSPaul Dagnelie 	dsl_pool_t *dp = dmu_tx_pool(tx);
3950fa1b3ccSPaul Dagnelie 	objset_t *mos = dp->dp_meta_objset;
3960fa1b3ccSPaul Dagnelie 	struct drr_begin *drrb = drba->drba_cookie->drc_drrb;
3970fa1b3ccSPaul Dagnelie 	const char *tofs = drba->drba_cookie->drc_tofs;
398eb633035STom Caputi 	uint64_t featureflags = DMU_GET_FEATUREFLAGS(drrb->drr_versioninfo);
3990fa1b3ccSPaul Dagnelie 	dsl_dataset_t *ds, *newds;
400eb633035STom Caputi 	objset_t *os;
4010fa1b3ccSPaul Dagnelie 	uint64_t dsobj;
402*ef96fc31SToomas Soome 	ds_hold_flags_t dsflags = DS_HOLD_FLAG_NONE;
4030fa1b3ccSPaul Dagnelie 	int error;
4040fa1b3ccSPaul Dagnelie 	uint64_t crflags = 0;
405eb633035STom Caputi 	dsl_crypto_params_t dummy_dcp = { 0 };
406eb633035STom Caputi 	dsl_crypto_params_t *dcp = drba->drba_dcp;
4070fa1b3ccSPaul Dagnelie 
4080fa1b3ccSPaul Dagnelie 	if (drrb->drr_flags & DRR_FLAG_CI_DATA)
4090fa1b3ccSPaul Dagnelie 		crflags |= DS_FLAG_CI_DATASET;
411eb633035STom Caputi 	if ((featureflags & DMU_BACKUP_FEATURE_RAW) == 0)
412eb633035STom Caputi 		dsflags |= DS_HOLD_FLAG_DECRYPT;
413eb633035STom Caputi 
414eb633035STom Caputi 	/*
415eb633035STom Caputi 	 * Raw, non-incremental recvs always use a dummy dcp with
416eb633035STom Caputi 	 * the raw cmd set. Raw incremental recvs do not use a dcp
417eb633035STom Caputi 	 * since the encryption parameters are already set in stone.
418eb633035STom Caputi 	 */
419eb633035STom Caputi 	if (dcp == NULL && drba->drba_cookie->drc_fromsnapobj == 0 &&
420eb633035STom Caputi 	    drba->drba_origin == NULL) {
421eb633035STom Caputi 		ASSERT3P(dcp, ==, NULL);
422eb633035STom Caputi 		dcp = &dummy_dcp;
4230fa1b3ccSPaul Dagnelie 
424eb633035STom Caputi 		if (featureflags & DMU_BACKUP_FEATURE_RAW)
425eb633035STom Caputi 			dcp->cp_cmd = DCP_CMD_RAW_RECV;
426eb633035STom Caputi 	}
427eb633035STom Caputi 
428eb633035STom Caputi 	error = dsl_dataset_hold_flags(dp, tofs, dsflags, FTAG, &ds);
4290fa1b3ccSPaul Dagnelie 	if (error == 0) {
4300fa1b3ccSPaul Dagnelie 		/* create temporary clone */
4310fa1b3ccSPaul Dagnelie 		dsl_dataset_t *snap = NULL;
432eb633035STom Caputi 
433eb633035STom Caputi 		if (drba->drba_cookie->drc_fromsnapobj != 0) {
4340fa1b3ccSPaul Dagnelie 			VERIFY0(dsl_dataset_hold_obj(dp,
435eb633035STom Caputi 			    drba->drba_cookie->drc_fromsnapobj, FTAG, &snap));
436eb633035STom Caputi 			ASSERT3P(dcp, ==, NULL);
4370fa1b3ccSPaul Dagnelie 		}
438eb633035STom Caputi 
4390fa1b3ccSPaul Dagnelie 		dsobj = dsl_dataset_create_sync(ds->ds_dir, recv_clone_name,