search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Hide b_freeze_* under ZFS_DEBUG
[zfs.git] / lib / libzfs / libzfs_sendrecv.c
blobc79c636e16dbf5606e0c0cc49818784f5d795fd4
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or https://opensource.org/licenses/CDDL-1.0.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Copyright (c) 2011, 2020 by Delphix. All rights reserved.
25 * Copyright (c) 2012, Joyent, Inc. All rights reserved.
26 * Copyright (c) 2012 Pawel Jakub Dawidek <pawel@dawidek.net>.
27 * All rights reserved
28 * Copyright (c) 2013 Steven Hartland. All rights reserved.
29 * Copyright 2015, OmniTI Computer Consulting, Inc. All rights reserved.
30 * Copyright 2016 Igor Kozhukhov <ikozhukhov@gmail.com>
31 * Copyright (c) 2018, loli10K <ezomori.nozomu@gmail.com>. All rights reserved.
32 * Copyright (c) 2019 Datto Inc.
33 */
34
35 #include <assert.h>
36 #include <ctype.h>
37 #include <errno.h>
38 #include <libintl.h>
39 #include <stdio.h>
40 #include <stdlib.h>
41 #include <string.h>
42 #include <unistd.h>
43 #include <stddef.h>
44 #include <fcntl.h>
45 #include <sys/mount.h>
46 #include <sys/mntent.h>
47 #include <sys/mnttab.h>
48 #include <sys/avl.h>
49 #include <sys/debug.h>
50 #include <sys/stat.h>
51 #include <pthread.h>
52 #include <umem.h>
53 #include <time.h>
54
55 #include <libzfs.h>
56 #include <libzfs_core.h>
57 #include <libzutil.h>
58
59 #include "zfs_namecheck.h"
60 #include "zfs_prop.h"
61 #include "zfs_fletcher.h"
62 #include "libzfs_impl.h"
63 #include <cityhash.h>
64 #include <zlib.h>
65 #include <sys/zio_checksum.h>
66 #include <sys/dsl_crypt.h>
67 #include <sys/ddt.h>
68 #include <sys/socket.h>
69 #include <sys/sha2.h>
70
71 static int zfs_receive_impl(libzfs_handle_t *, const char *, const char *,
72 recvflags_t *, int, const char *, nvlist_t *, avl_tree_t *, char **,
73 const char *, nvlist_t *);
74 static int guid_to_name_redact_snaps(libzfs_handle_t *hdl, const char *parent,
75 uint64_t guid, boolean_t bookmark_ok, uint64_t *redact_snap_guids,
76 uint64_t num_redact_snaps, char *name);
77 static int guid_to_name(libzfs_handle_t *, const char *,
78 uint64_t, boolean_t, char *);
79
80 typedef struct progress_arg {
81 zfs_handle_t *pa_zhp;
82 int pa_fd;
83 boolean_t pa_parsable;
84 boolean_t pa_estimate;
85 int pa_verbosity;
86 } progress_arg_t;
87
88 static int
89 dump_record(dmu_replay_record_t *drr, void *payload, size_t payload_len,
90 zio_cksum_t *zc, int outfd)
91 {
92 ASSERT3U(offsetof(dmu_replay_record_t, drr_u.drr_checksum.drr_checksum),
93 ==, sizeof (dmu_replay_record_t) - sizeof (zio_cksum_t));
94 fletcher_4_incremental_native(drr,
95 offsetof(dmu_replay_record_t, drr_u.drr_checksum.drr_checksum), zc);
96 if (drr->drr_type != DRR_BEGIN) {
97 ASSERT(ZIO_CHECKSUM_IS_ZERO(&drr->drr_u.
98 drr_checksum.drr_checksum));
99 drr->drr_u.drr_checksum.drr_checksum = *zc;
100 }
101 fletcher_4_incremental_native(&drr->drr_u.drr_checksum.drr_checksum,
102 sizeof (zio_cksum_t), zc);
103 if (write(outfd, drr, sizeof (*drr)) == -1)
104 return (errno);
105 if (payload_len != 0) {
106 fletcher_4_incremental_native(payload, payload_len, zc);
107 if (write(outfd, payload, payload_len) == -1)
108 return (errno);
109 }
110 return (0);
111 }
112
113 /*
114 * Routines for dealing with the AVL tree of fs-nvlists
115 */
116 typedef struct fsavl_node {
117 avl_node_t fn_node;
118 nvlist_t *fn_nvfs;
119 char *fn_snapname;
120 uint64_t fn_guid;
121 } fsavl_node_t;
122
123 static int
124 fsavl_compare(const void *arg1, const void *arg2)
125 {
126 const fsavl_node_t *fn1 = (const fsavl_node_t *)arg1;
127 const fsavl_node_t *fn2 = (const fsavl_node_t *)arg2;
128
129 return (TREE_CMP(fn1->fn_guid, fn2->fn_guid));
130 }
131
132 /*
133 * Given the GUID of a snapshot, find its containing filesystem and
134 * (optionally) name.
135 */
136 static nvlist_t *
137 fsavl_find(avl_tree_t *avl, uint64_t snapguid, char **snapname)
138 {
139 fsavl_node_t fn_find;
140 fsavl_node_t *fn;
141
142 fn_find.fn_guid = snapguid;
143
144 fn = avl_find(avl, &fn_find, NULL);
145 if (fn) {
146 if (snapname)
147 *snapname = fn->fn_snapname;
148 return (fn->fn_nvfs);
149 }
150 return (NULL);
151 }
152
153 static void
154 fsavl_destroy(avl_tree_t *avl)
155 {
156 fsavl_node_t *fn;
157 void *cookie;
158
159 if (avl == NULL)
160 return;
161
162 cookie = NULL;
163 while ((fn = avl_destroy_nodes(avl, &cookie)) != NULL)
164 free(fn);
165 avl_destroy(avl);
166 free(avl);
167 }
168
169 /*
170 * Given an nvlist, produce an avl tree of snapshots, ordered by guid
171 */
172 static avl_tree_t *
173 fsavl_create(nvlist_t *fss)
174 {
175 avl_tree_t *fsavl;
176 nvpair_t *fselem = NULL;
177
178 if ((fsavl = malloc(sizeof (avl_tree_t))) == NULL)
179 return (NULL);
180
181 avl_create(fsavl, fsavl_compare, sizeof (fsavl_node_t),
182 offsetof(fsavl_node_t, fn_node));
183
184 while ((fselem = nvlist_next_nvpair(fss, fselem)) != NULL) {
185 nvlist_t *nvfs, *snaps;
186 nvpair_t *snapelem = NULL;
187
188 nvfs = fnvpair_value_nvlist(fselem);
189 snaps = fnvlist_lookup_nvlist(nvfs, "snaps");
190
191 while ((snapelem =
192 nvlist_next_nvpair(snaps, snapelem)) != NULL) {
193 fsavl_node_t *fn;
194
195 if ((fn = malloc(sizeof (fsavl_node_t))) == NULL) {
196 fsavl_destroy(fsavl);
197 return (NULL);
198 }
199 fn->fn_nvfs = nvfs;
200 fn->fn_snapname = nvpair_name(snapelem);
201 fn->fn_guid = fnvpair_value_uint64(snapelem);
202
203 /*
204 * Note: if there are multiple snaps with the
205 * same GUID, we ignore all but one.
206 */
207 avl_index_t where = 0;
208 if (avl_find(fsavl, fn, &where) == NULL)
209 avl_insert(fsavl, fn, where);
210 else
211 free(fn);
212 }
213 }
214
215 return (fsavl);
216 }
217
218 /*
219 * Routines for dealing with the giant nvlist of fs-nvlists, etc.
220 */
221 typedef struct send_data {
222 /*
223 * assigned inside every recursive call,
224 * restored from *_save on return:
225 *
226 * guid of fromsnap snapshot in parent dataset
227 * txg of fromsnap snapshot in current dataset
228 * txg of tosnap snapshot in current dataset
229 */
230
231 uint64_t parent_fromsnap_guid;
232 uint64_t fromsnap_txg;
233 uint64_t tosnap_txg;
234
235 /* the nvlists get accumulated during depth-first traversal */
236 nvlist_t *parent_snaps;
237 nvlist_t *fss;
238 nvlist_t *snapprops;
239 nvlist_t *snapholds; /* user holds */
240
241 /* send-receive configuration, does not change during traversal */
242 const char *fsname;
243 const char *fromsnap;
244 const char *tosnap;
245 boolean_t recursive;
246 boolean_t raw;
247 boolean_t doall;
248 boolean_t replicate;
249 boolean_t skipmissing;
250 boolean_t verbose;
251 boolean_t backup;
252 boolean_t seenfrom;
253 boolean_t seento;
254 boolean_t holds; /* were holds requested with send -h */
255 boolean_t props;
256
257 /*
258 * The header nvlist is of the following format:
259 * {
260 * "tosnap" -> string
261 * "fromsnap" -> string (if incremental)
262 * "fss" -> {
263 * id -> {
264 *
265 * "name" -> string (full name; for debugging)
266 * "parentfromsnap" -> number (guid of fromsnap in parent)
267 *
268 * "props" -> { name -> value (only if set here) }
269 * "snaps" -> { name (lastname) -> number (guid) }
270 * "snapprops" -> { name (lastname) -> { name -> value } }
271 * "snapholds" -> { name (lastname) -> { holdname -> crtime } }
272 *
273 * "origin" -> number (guid) (if clone)
274 * "is_encroot" -> boolean
275 * "sent" -> boolean (not on-disk)
276 * }
277 * }
278 * }
279 *
280 */
281 } send_data_t;
282
283 static void
284 send_iterate_prop(zfs_handle_t *zhp, boolean_t received_only, nvlist_t *nv);
285
286 /*
287 * Collect guid, valid props, optionally holds, etc. of a snapshot.
288 * This interface is intended for use as a zfs_iter_snapshots_sorted visitor.
289 */
290 static int
291 send_iterate_snap(zfs_handle_t *zhp, void *arg)
292 {
293 send_data_t *sd = arg;
294 uint64_t guid = zhp->zfs_dmustats.dds_guid;
295 uint64_t txg = zhp->zfs_dmustats.dds_creation_txg;
296 boolean_t isfromsnap, istosnap, istosnapwithnofrom;
297 char *snapname;
298 const char *from = sd->fromsnap;
299 const char *to = sd->tosnap;
300
301 snapname = strrchr(zhp->zfs_name, '@');
302 assert(snapname != NULL);
303 ++snapname;
304
305 isfromsnap = (from != NULL && strcmp(from, snapname) == 0);
306 istosnap = (to != NULL && strcmp(to, snapname) == 0);
307 istosnapwithnofrom = (istosnap && from == NULL);
308
309 if (sd->tosnap_txg != 0 && txg > sd->tosnap_txg) {
310 if (sd->verbose) {
311 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
312 "skipping snapshot %s because it was created "
313 "after the destination snapshot (%s)\n"),
314 zhp->zfs_name, to);
315 }
316 zfs_close(zhp);
317 return (0);
318 }
319
320 fnvlist_add_uint64(sd->parent_snaps, snapname, guid);
321
322 /*
323 * NB: if there is no fromsnap here (it's a newly created fs in
324 * an incremental replication), we will substitute the tosnap.
325 */
326 if (isfromsnap || (sd->parent_fromsnap_guid == 0 && istosnap))
327 sd->parent_fromsnap_guid = guid;
328
329 if (!sd->recursive) {
330 /*
331 * To allow a doall stream to work properly
332 * with a NULL fromsnap
333 */
334 if (sd->doall && from == NULL && !sd->seenfrom)
335 sd->seenfrom = B_TRUE;
336
337 if (!sd->seenfrom && isfromsnap) {
338 sd->seenfrom = B_TRUE;
339 zfs_close(zhp);
340 return (0);
341 }
342
343 if ((sd->seento || !sd->seenfrom) && !istosnapwithnofrom) {
344 zfs_close(zhp);
345 return (0);
346 }
347
348 if (istosnap)
349 sd->seento = B_TRUE;
350 }
351
352 nvlist_t *nv = fnvlist_alloc();
353 send_iterate_prop(zhp, sd->backup, nv);
354 fnvlist_add_nvlist(sd->snapprops, snapname, nv);
355 fnvlist_free(nv);
356
357 if (sd->holds) {
358 nvlist_t *holds;
359 if (lzc_get_holds(zhp->zfs_name, &holds) == 0) {
360 fnvlist_add_nvlist(sd->snapholds, snapname, holds);
361 fnvlist_free(holds);
362 }
363 }
364
365 zfs_close(zhp);
366 return (0);
367 }
368
369 /*
370 * Collect all valid props from the handle snap into an nvlist.
371 */
372 static void
373 send_iterate_prop(zfs_handle_t *zhp, boolean_t received_only, nvlist_t *nv)
374 {
375 nvlist_t *props;
376
377 if (received_only)
378 props = zfs_get_recvd_props(zhp);
379 else
380 props = zhp->zfs_props;
381
382 nvpair_t *elem = NULL;
383 while ((elem = nvlist_next_nvpair(props, elem)) != NULL) {
384 char *propname = nvpair_name(elem);
385 zfs_prop_t prop = zfs_name_to_prop(propname);
386
387 if (!zfs_prop_user(propname)) {
388 /*
389 * Realistically, this should never happen. However,
390 * we want the ability to add DSL properties without
391 * needing to make incompatible version changes. We
392 * need to ignore unknown properties to allow older
393 * software to still send datasets containing these
394 * properties, with the unknown properties elided.
395 */
396 if (prop == ZPROP_INVAL)
397 continue;
398
399 if (zfs_prop_readonly(prop))
400 continue;
401 }
402
403 nvlist_t *propnv = fnvpair_value_nvlist(elem);
404
405 boolean_t isspacelimit = (prop == ZFS_PROP_QUOTA ||
406 prop == ZFS_PROP_RESERVATION ||
407 prop == ZFS_PROP_REFQUOTA ||
408 prop == ZFS_PROP_REFRESERVATION);
409 if (isspacelimit && zhp->zfs_type == ZFS_TYPE_SNAPSHOT)
410 continue;
411
412 char *source;
413 if (nvlist_lookup_string(propnv, ZPROP_SOURCE, &source) == 0) {
414 if (strcmp(source, zhp->zfs_name) != 0 &&
415 strcmp(source, ZPROP_SOURCE_VAL_RECVD) != 0)
416 continue;
417 } else {
418 /*
419 * May have no source before SPA_VERSION_RECVD_PROPS,
420 * but is still modifiable.
421 */
422 if (!isspacelimit)
423 continue;
424 }
425
426 if (zfs_prop_user(propname) ||
427 zfs_prop_get_type(prop) == PROP_TYPE_STRING) {
428 char *value;
429 value = fnvlist_lookup_string(propnv, ZPROP_VALUE);
430 fnvlist_add_string(nv, propname, value);
431 } else {
432 uint64_t value;
433 value = fnvlist_lookup_uint64(propnv, ZPROP_VALUE);
434 fnvlist_add_uint64(nv, propname, value);
435 }
436 }
437 }
438
439 /*
440 * returns snapshot guid
441 * and returns 0 if the snapshot does not exist
442 */
443 static uint64_t
444 get_snap_guid(libzfs_handle_t *hdl, const char *fs, const char *snap)
445 {
446 char name[MAXPATHLEN + 1];
447 uint64_t guid = 0;
448
449 if (fs == NULL || fs[0] == '\0' || snap == NULL || snap[0] == '\0')
450 return (guid);
451
452 (void) snprintf(name, sizeof (name), "%s@%s", fs, snap);
453 zfs_handle_t *zhp = zfs_open(hdl, name, ZFS_TYPE_SNAPSHOT);
454 if (zhp != NULL) {
455 guid = zfs_prop_get_int(zhp, ZFS_PROP_GUID);
456 zfs_close(zhp);
457 }
458
459 return (guid);
460 }
461
462 /*
463 * returns snapshot creation txg
464 * and returns 0 if the snapshot does not exist
465 */
466 static uint64_t
467 get_snap_txg(libzfs_handle_t *hdl, const char *fs, const char *snap)
468 {
469 char name[ZFS_MAX_DATASET_NAME_LEN];
470 uint64_t txg = 0;
471
472 if (fs == NULL || fs[0] == '\0' || snap == NULL || snap[0] == '\0')
473 return (txg);
474
475 (void) snprintf(name, sizeof (name), "%s@%s", fs, snap);
476 if (zfs_dataset_exists(hdl, name, ZFS_TYPE_SNAPSHOT)) {
477 zfs_handle_t *zhp = zfs_open(hdl, name, ZFS_TYPE_SNAPSHOT);
478 if (zhp != NULL) {
479 txg = zfs_prop_get_int(zhp, ZFS_PROP_CREATETXG);
480 zfs_close(zhp);
481 }
482 }
483
484 return (txg);
485 }
486
487 /*
488 * Recursively generate nvlists describing datasets. See comment
489 * for the data structure send_data_t above for description of contents
490 * of the nvlist.
491 */
492 static int
493 send_iterate_fs(zfs_handle_t *zhp, void *arg)
494 {
495 send_data_t *sd = arg;
496 nvlist_t *nvfs = NULL, *nv = NULL;
497 int rv = 0;
498 uint64_t min_txg = 0, max_txg = 0;
499 uint64_t txg = zhp->zfs_dmustats.dds_creation_txg;
500 uint64_t guid = zhp->zfs_dmustats.dds_guid;
501 uint64_t fromsnap_txg, tosnap_txg;
502 char guidstring[64];
503
504 /* These fields are restored on return from a recursive call. */
505 uint64_t parent_fromsnap_guid_save = sd->parent_fromsnap_guid;
506 uint64_t fromsnap_txg_save = sd->fromsnap_txg;
507 uint64_t tosnap_txg_save = sd->tosnap_txg;
508
509 fromsnap_txg = get_snap_txg(zhp->zfs_hdl, zhp->zfs_name, sd->fromsnap);
510 if (fromsnap_txg != 0)
511 sd->fromsnap_txg = fromsnap_txg;
512
513 tosnap_txg = get_snap_txg(zhp->zfs_hdl, zhp->zfs_name, sd->tosnap);
514 if (tosnap_txg != 0)
515 sd->tosnap_txg = tosnap_txg;
516
517 /*
518 * On the send side, if the current dataset does not have tosnap,
519 * perform two additional checks:
520 *
521 * - Skip sending the current dataset if it was created later than
522 * the parent tosnap.
523 * - Return error if the current dataset was created earlier than
524 * the parent tosnap, unless --skip-missing specified. Then
525 * just print a warning.
526 */
527 if (sd->tosnap != NULL && tosnap_txg == 0) {
528 if (sd->tosnap_txg != 0 && txg > sd->tosnap_txg) {
529 if (sd->verbose) {
530 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
531 "skipping dataset %s: snapshot %s does "
532 "not exist\n"), zhp->zfs_name, sd->tosnap);
533 }
534 } else if (sd->skipmissing) {
535 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
536 "WARNING: skipping dataset %s and its children:"
537 " snapshot %s does not exist\n"),
538 zhp->zfs_name, sd->tosnap);
539 } else {
540 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
541 "cannot send %s@%s%s: snapshot %s@%s does not "
542 "exist\n"), sd->fsname, sd->tosnap, sd->recursive ?
543 dgettext(TEXT_DOMAIN, " recursively") : "",
544 zhp->zfs_name, sd->tosnap);
545 rv = EZFS_NOENT;
546 }
547 goto out;
548 }
549
550 nvfs = fnvlist_alloc();
551 fnvlist_add_string(nvfs, "name", zhp->zfs_name);
552 fnvlist_add_uint64(nvfs, "parentfromsnap", sd->parent_fromsnap_guid);
553
554 if (zhp->zfs_dmustats.dds_origin[0] != '\0') {
555 zfs_handle_t *origin = zfs_open(zhp->zfs_hdl,
556 zhp->zfs_dmustats.dds_origin, ZFS_TYPE_SNAPSHOT);
557 if (origin == NULL) {
558 rv = -1;
559 goto out;
560 }
561 fnvlist_add_uint64(nvfs, "origin",
562 origin->zfs_dmustats.dds_guid);
563 zfs_close(origin);
564 }
565
566 /* Iterate over props. */
567 if (sd->props || sd->backup || sd->recursive) {
568 nv = fnvlist_alloc();
569 send_iterate_prop(zhp, sd->backup, nv);
570 fnvlist_add_nvlist(nvfs, "props", nv);
571 }
572 if (zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION) != ZIO_CRYPT_OFF) {
573 boolean_t encroot;
574
575 /* Determine if this dataset is an encryption root. */
576 if (zfs_crypto_get_encryption_root(zhp, &encroot, NULL) != 0) {
577 rv = -1;
578 goto out;
579 }
580
581 if (encroot)
582 fnvlist_add_boolean(nvfs, "is_encroot");
583
584 /*
585 * Encrypted datasets can only be sent with properties if
586 * the raw flag is specified because the receive side doesn't
587 * currently have a mechanism for recursively asking the user
588 * for new encryption parameters.
589 */
590 if (!sd->raw) {
591 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
592 "cannot send %s@%s: encrypted dataset %s may not "
593 "be sent with properties without the raw flag\n"),
594 sd->fsname, sd->tosnap, zhp->zfs_name);
595 rv = -1;
596 goto out;
597 }
598
599 }
600
601 /*
602 * Iterate over snaps, and set sd->parent_fromsnap_guid.
603 *
604 * If this is a "doall" send, a replicate send or we're just trying
605 * to gather a list of previous snapshots, iterate through all the
606 * snaps in the txg range. Otherwise just look at the one we're
607 * interested in.
608 */
609 sd->parent_fromsnap_guid = 0;
610 sd->parent_snaps = fnvlist_alloc();
611 sd->snapprops = fnvlist_alloc();
612 if (sd->holds)
613 sd->snapholds = fnvlist_alloc();
614 if (sd->doall || sd->replicate || sd->tosnap == NULL) {
615 if (!sd->replicate && fromsnap_txg != 0)
616 min_txg = fromsnap_txg;
617 if (!sd->replicate && tosnap_txg != 0)
618 max_txg = tosnap_txg;
619 (void) zfs_iter_snapshots_sorted(zhp, 0, send_iterate_snap, sd,
620 min_txg, max_txg);
621 } else {
622 char snapname[MAXPATHLEN] = { 0 };
623 zfs_handle_t *snap;
624
625 (void) snprintf(snapname, sizeof (snapname), "%s@%s",
626 zhp->zfs_name, sd->tosnap);
627 if (sd->fromsnap != NULL)
628 sd->seenfrom = B_TRUE;
629 snap = zfs_open(zhp->zfs_hdl, snapname, ZFS_TYPE_SNAPSHOT);
630 if (snap != NULL)
631 (void) send_iterate_snap(snap, sd);
632 }
633
634 fnvlist_add_nvlist(nvfs, "snaps", sd->parent_snaps);
635 fnvlist_free(sd->parent_snaps);
636 fnvlist_add_nvlist(nvfs, "snapprops", sd->snapprops);
637 fnvlist_free(sd->snapprops);
638 if (sd->holds) {
639 fnvlist_add_nvlist(nvfs, "snapholds", sd->snapholds);
640 fnvlist_free(sd->snapholds);
641 }
642
643 /* Do not allow the size of the properties list to exceed the limit */
644 if ((fnvlist_size(nvfs) + fnvlist_size(sd->fss)) >
645 zhp->zfs_hdl->libzfs_max_nvlist) {
646 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
647 "warning: cannot send %s@%s: the size of the list of "
648 "snapshots and properties is too large to be received "
649 "successfully.\n"
650 "Select a smaller number of snapshots to send.\n"),
651 zhp->zfs_name, sd->tosnap);
652 rv = EZFS_NOSPC;
653 goto out;
654 }
655 /* Add this fs to nvlist. */
656 (void) snprintf(guidstring, sizeof (guidstring),
657 "0x%llx", (longlong_t)guid);
658 fnvlist_add_nvlist(sd->fss, guidstring, nvfs);
659
660 /* Iterate over children. */
661 if (sd->recursive)
662 rv = zfs_iter_filesystems(zhp, 0, send_iterate_fs, sd);
663
664 out:
665 /* Restore saved fields. */
666 sd->parent_fromsnap_guid = parent_fromsnap_guid_save;
667 sd->fromsnap_txg = fromsnap_txg_save;
668 sd->tosnap_txg = tosnap_txg_save;
669
670 fnvlist_free(nv);
671 fnvlist_free(nvfs);
672
673 zfs_close(zhp);
674 return (rv);
675 }
676
677 static int
678 gather_nvlist(libzfs_handle_t *hdl, const char *fsname, const char *fromsnap,
679 const char *tosnap, boolean_t recursive, boolean_t raw, boolean_t doall,
680 boolean_t replicate, boolean_t skipmissing, boolean_t verbose,
681 boolean_t backup, boolean_t holds, boolean_t props, nvlist_t **nvlp,
682 avl_tree_t **avlp)
683 {
684 zfs_handle_t *zhp;
685 send_data_t sd = { 0 };
686 int error;
687
688 zhp = zfs_open(hdl, fsname, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME);
689 if (zhp == NULL)
690 return (EZFS_BADTYPE);
691
692 sd.fss = fnvlist_alloc();
693 sd.fsname = fsname;
694 sd.fromsnap = fromsnap;
695 sd.tosnap = tosnap;
696 sd.recursive = recursive;
697 sd.raw = raw;
698 sd.doall = doall;
699 sd.replicate = replicate;
700 sd.skipmissing = skipmissing;
701 sd.verbose = verbose;
702 sd.backup = backup;
703 sd.holds = holds;
704 sd.props = props;
705
706 if ((error = send_iterate_fs(zhp, &sd)) != 0) {
707 fnvlist_free(sd.fss);
708 if (avlp != NULL)
709 *avlp = NULL;
710 *nvlp = NULL;
711 return (error);
712 }
713
714 if (avlp != NULL && (*avlp = fsavl_create(sd.fss)) == NULL) {
715 fnvlist_free(sd.fss);
716 *nvlp = NULL;
717 return (EZFS_NOMEM);
718 }
719
720 *nvlp = sd.fss;
721 return (0);
722 }
723
724 /*
725 * Routines specific to "zfs send"
726 */
727 typedef struct send_dump_data {
728 /* these are all just the short snapname (the part after the @) */
729 const char *fromsnap;
730 const char *tosnap;
731 char prevsnap[ZFS_MAX_DATASET_NAME_LEN];
732 uint64_t prevsnap_obj;
733 boolean_t seenfrom, seento, replicate, doall, fromorigin;
734 boolean_t dryrun, parsable, progress, embed_data, std_out;
735 boolean_t large_block, compress, raw, holds;
736 int outfd;
737 boolean_t err;
738 nvlist_t *fss;
739 nvlist_t *snapholds;
740 avl_tree_t *fsavl;
741 snapfilter_cb_t *filter_cb;
742 void *filter_cb_arg;
743 nvlist_t *debugnv;
744 char holdtag[ZFS_MAX_DATASET_NAME_LEN];
745 int cleanup_fd;
746 int verbosity;
747 uint64_t size;
748 } send_dump_data_t;
749
750 static int
751 zfs_send_space(zfs_handle_t *zhp, const char *snapname, const char *from,
752 enum lzc_send_flags flags, uint64_t *spacep)
753 {
754 assert(snapname != NULL);
755
756 int error = lzc_send_space(snapname, from, flags, spacep);
757 if (error == 0)
758 return (0);
759
760 char errbuf[ERRBUFLEN];
761 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
762 "warning: cannot estimate space for '%s'"), snapname);
763
764 libzfs_handle_t *hdl = zhp->zfs_hdl;
765 switch (error) {
766 case EXDEV:
767 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
768 "not an earlier snapshot from the same fs"));
769 return (zfs_error(hdl, EZFS_CROSSTARGET, errbuf));
770
771 case ENOENT:
772 if (zfs_dataset_exists(hdl, snapname,
773 ZFS_TYPE_SNAPSHOT)) {
774 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
775 "incremental source (%s) does not exist"),
776 snapname);
777 }
778 return (zfs_error(hdl, EZFS_NOENT, errbuf));
779
780 case EDQUOT:
781 case EFBIG:
782 case EIO:
783 case ENOLINK:
784 case ENOSPC:
785 case ENOSTR:
786 case ENXIO:
787 case EPIPE:
788 case ERANGE:
789 case EFAULT:
790 case EROFS:
791 case EINVAL:
792 zfs_error_aux(hdl, "%s", strerror(error));
793 return (zfs_error(hdl, EZFS_BADBACKUP, errbuf));
794
795 default:
796 return (zfs_standard_error(hdl, error, errbuf));
797 }
798 }
799
800 /*
801 * Dumps a backup of the given snapshot (incremental from fromsnap if it's not
802 * NULL) to the file descriptor specified by outfd.
803 */
804 static int
805 dump_ioctl(zfs_handle_t *zhp, const char *fromsnap, uint64_t fromsnap_obj,
806 boolean_t fromorigin, int outfd, enum lzc_send_flags flags,
807 nvlist_t *debugnv)
808 {
809 zfs_cmd_t zc = {"\0"};
810 libzfs_handle_t *hdl = zhp->zfs_hdl;
811 nvlist_t *thisdbg;
812
813 assert(zhp->zfs_type == ZFS_TYPE_SNAPSHOT);
814 assert(fromsnap_obj == 0 || !fromorigin);
815
816 (void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
817 zc.zc_cookie = outfd;
818 zc.zc_obj = fromorigin;
819 zc.zc_sendobj = zfs_prop_get_int(zhp, ZFS_PROP_OBJSETID);
820 zc.zc_fromobj = fromsnap_obj;
821 zc.zc_flags = flags;
822
823 if (debugnv != NULL) {
824 thisdbg = fnvlist_alloc();
825 if (fromsnap != NULL && fromsnap[0] != '\0')
826 fnvlist_add_string(thisdbg, "fromsnap", fromsnap);
827 }
828
829 if (zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_SEND, &zc) != 0) {
830 char errbuf[ERRBUFLEN];
831 int error = errno;
832
833 (void) snprintf(errbuf, sizeof (errbuf), "%s '%s'",
834 dgettext(TEXT_DOMAIN, "warning: cannot send"),
835 zhp->zfs_name);
836
837 if (debugnv != NULL) {
838 fnvlist_add_uint64(thisdbg, "error", error);
839 fnvlist_add_nvlist(debugnv, zhp->zfs_name, thisdbg);
840 fnvlist_free(thisdbg);
841 }
842
843 switch (error) {
844 case EXDEV:
845 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
846 "not an earlier snapshot from the same fs"));
847 return (zfs_error(hdl, EZFS_CROSSTARGET, errbuf));
848
849 case EACCES:
850 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
851 "source key must be loaded"));
852 return (zfs_error(hdl, EZFS_CRYPTOFAILED, errbuf));
853
854 case ENOENT:
855 if (zfs_dataset_exists(hdl, zc.zc_name,
856 ZFS_TYPE_SNAPSHOT)) {
857 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
858 "incremental source (@%s) does not exist"),
859 zc.zc_value);
860 }
861 return (zfs_error(hdl, EZFS_NOENT, errbuf));
862
863 case EDQUOT:
864 case EFBIG:
865 case EIO:
866 case ENOLINK:
867 case ENOSPC:
868 case ENOSTR:
869 case ENXIO:
870 case EPIPE:
871 case ERANGE:
872 case EFAULT:
873 case EROFS:
874 case EINVAL:
875 zfs_error_aux(hdl, "%s", strerror(errno));
876 return (zfs_error(hdl, EZFS_BADBACKUP, errbuf));
877
878 default:
879 return (zfs_standard_error(hdl, errno, errbuf));
880 }
881 }
882
883 if (debugnv != NULL) {
884 fnvlist_add_nvlist(debugnv, zhp->zfs_name, thisdbg);
885 fnvlist_free(thisdbg);
886 }
887
888 return (0);
889 }
890
891 static void
892 gather_holds(zfs_handle_t *zhp, send_dump_data_t *sdd)
893 {
894 assert(zhp->zfs_type == ZFS_TYPE_SNAPSHOT);
895
896 /*
897 * zfs_send() only sets snapholds for sends that need them,
898 * e.g. replication and doall.
899 */
900 if (sdd->snapholds == NULL)
901 return;
902
903 fnvlist_add_string(sdd->snapholds, zhp->zfs_name, sdd->holdtag);
904 }
905
906 int
907 zfs_send_progress(zfs_handle_t *zhp, int fd, uint64_t *bytes_written,
908 uint64_t *blocks_visited)
909 {
910 zfs_cmd_t zc = {"\0"};
911
912 if (bytes_written != NULL)
913 *bytes_written = 0;
914 if (blocks_visited != NULL)
915 *blocks_visited = 0;
916 (void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
917 zc.zc_cookie = fd;
918 if (zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_SEND_PROGRESS, &zc) != 0)
919 return (errno);
920 if (bytes_written != NULL)
921 *bytes_written = zc.zc_cookie;
922 if (blocks_visited != NULL)
923 *blocks_visited = zc.zc_objset_type;
924 return (0);
925 }
926
927 static void *
928 send_progress_thread(void *arg)
929 {
930 progress_arg_t *pa = arg;
931 zfs_handle_t *zhp = pa->pa_zhp;
932 uint64_t bytes;
933 uint64_t blocks;
934 char buf[16];
935 time_t t;
936 struct tm tm;
937 int err;
938
939 if (!pa->pa_parsable) {
940 (void) fprintf(stderr,
941 "TIME %s %sSNAPSHOT %s\n",
942 pa->pa_estimate ? "BYTES" : " SENT",
943 pa->pa_verbosity >= 2 ? " BLOCKS " : "",
944 zhp->zfs_name);
945 }
946
947 /*
948 * Print the progress from ZFS_IOC_SEND_PROGRESS every second.
949 */
950 for (;;) {
951 (void) sleep(1);
952 if ((err = zfs_send_progress(zhp, pa->pa_fd, &bytes,
953 &blocks)) != 0) {
954 if (err == EINTR || err == ENOENT)
955 return ((void *)0);
956 return ((void *)(uintptr_t)err);
957 }
958
959 (void) time(&t);
960 localtime_r(&t, &tm);
961
962 if (pa->pa_verbosity >= 2 && pa->pa_parsable) {
963 (void) fprintf(stderr,
964 "%02d:%02d:%02d\t%llu\t%llu\t%s\n",
965 tm.tm_hour, tm.tm_min, tm.tm_sec,
966 (u_longlong_t)bytes, (u_longlong_t)blocks,
967 zhp->zfs_name);
968 } else if (pa->pa_verbosity >= 2) {
969 zfs_nicenum(bytes, buf, sizeof (buf));
970 (void) fprintf(stderr,
971 "%02d:%02d:%02d %5s %8llu %s\n",
972 tm.tm_hour, tm.tm_min, tm.tm_sec,
973 buf, (u_longlong_t)blocks, zhp->zfs_name);
974 } else if (pa->pa_parsable) {
975 (void) fprintf(stderr, "%02d:%02d:%02d\t%llu\t%s\n",
976 tm.tm_hour, tm.tm_min, tm.tm_sec,
977 (u_longlong_t)bytes, zhp->zfs_name);
978 } else {
979 zfs_nicebytes(bytes, buf, sizeof (buf));
980 (void) fprintf(stderr, "%02d:%02d:%02d %5s %s\n",
981 tm.tm_hour, tm.tm_min, tm.tm_sec,
982 buf, zhp->zfs_name);
983 }
984 }
985 }
986
987 static boolean_t
988 send_progress_thread_exit(libzfs_handle_t *hdl, pthread_t ptid)
989 {
990 void *status = NULL;
991 (void) pthread_cancel(ptid);
992 (void) pthread_join(ptid, &status);
993 int error = (int)(uintptr_t)status;
994 if (error != 0 && status != PTHREAD_CANCELED)
995 return (zfs_standard_error(hdl, error,
996 dgettext(TEXT_DOMAIN, "progress thread exited nonzero")));
997 else
998 return (B_FALSE);
999 }
1000
1001 static void
1002 send_print_verbose(FILE *fout, const char *tosnap, const char *fromsnap,
1003 uint64_t size, boolean_t parsable)
1004 {
1005 if (parsable) {
1006 if (fromsnap != NULL) {
1007 (void) fprintf(fout, dgettext(TEXT_DOMAIN,
1008 "incremental\t%s\t%s"), fromsnap, tosnap);
1009 } else {
1010 /*
1011 * Workaround for GCC 12+ with UBSan enabled deficencies.
1012 *
1013 * GCC 12+ invoked with -fsanitize=undefined incorrectly reports the code
1014 * below as violating -Wformat-overflow.
1015 */
1016 #if defined(__GNUC__) && !defined(__clang__) && \
1017 defined(ZFS_UBSAN_ENABLED) && defined(HAVE_FORMAT_OVERFLOW)
1018 #pragma GCC diagnostic push
1019 #pragma GCC diagnostic ignored "-Wformat-overflow"
1020 #endif
1021 (void) fprintf(fout, dgettext(TEXT_DOMAIN,
1022 "full\t%s"), tosnap);
1023 #if defined(__GNUC__) && !defined(__clang__) && \
1024 defined(ZFS_UBSAN_ENABLED) && defined(HAVE_FORMAT_OVERFLOW)
1025 #pragma GCC diagnostic pop
1026 #endif
1027 }
1028 (void) fprintf(fout, "\t%llu", (longlong_t)size);
1029 } else {
1030 if (fromsnap != NULL) {
1031 if (strchr(fromsnap, '@') == NULL &&
1032 strchr(fromsnap, '#') == NULL) {
1033 (void) fprintf(fout, dgettext(TEXT_DOMAIN,
1034 "send from @%s to %s"), fromsnap, tosnap);
1035 } else {
1036 (void) fprintf(fout, dgettext(TEXT_DOMAIN,
1037 "send from %s to %s"), fromsnap, tosnap);
1038 }
1039 } else {
1040 (void) fprintf(fout, dgettext(TEXT_DOMAIN,
1041 "full send of %s"), tosnap);
1042 }
1043 if (size != 0) {
1044 char buf[16];
1045 zfs_nicebytes(size, buf, sizeof (buf));
1046 /*
1047 * Workaround for GCC 12+ with UBSan enabled deficencies.
1048 *
1049 * GCC 12+ invoked with -fsanitize=undefined incorrectly reports the code
1050 * below as violating -Wformat-overflow.
1051 */
1052 #if defined(__GNUC__) && !defined(__clang__) && \
1053 defined(ZFS_UBSAN_ENABLED) && defined(HAVE_FORMAT_OVERFLOW)
1054 #pragma GCC diagnostic push
1055 #pragma GCC diagnostic ignored "-Wformat-overflow"
1056 #endif
1057 (void) fprintf(fout, dgettext(TEXT_DOMAIN,
1058 " estimated size is %s"), buf);
1059 #if defined(__GNUC__) && !defined(__clang__) && \
1060 defined(ZFS_UBSAN_ENABLED) && defined(HAVE_FORMAT_OVERFLOW)
1061 #pragma GCC diagnostic pop
1062 #endif
1063 }
1064 }
1065 (void) fprintf(fout, "\n");
1066 }
1067
1068 /*
1069 * Send a single filesystem snapshot, updating the send dump data.
1070 * This interface is intended for use as a zfs_iter_snapshots_sorted visitor.
1071 */
1072 static int
1073 dump_snapshot(zfs_handle_t *zhp, void *arg)
1074 {
1075 send_dump_data_t *sdd = arg;
1076 progress_arg_t pa = { 0 };
1077 pthread_t tid;
1078 char *thissnap;
1079 enum lzc_send_flags flags = 0;
1080 int err;
1081 boolean_t isfromsnap, istosnap, fromorigin;
1082 boolean_t exclude = B_FALSE;
1083 FILE *fout = sdd->std_out ? stdout : stderr;
1084
1085 err = 0;
1086 thissnap = strchr(zhp->zfs_name, '@') + 1;
1087 isfromsnap = (sdd->fromsnap != NULL &&
1088 strcmp(sdd->fromsnap, thissnap) == 0);
1089
1090 if (!sdd->seenfrom && isfromsnap) {
1091 gather_holds(zhp, sdd);
1092 sdd->seenfrom = B_TRUE;
1093 (void) strlcpy(sdd->prevsnap, thissnap, sizeof (sdd->prevsnap));
1094 sdd->prevsnap_obj = zfs_prop_get_int(zhp, ZFS_PROP_OBJSETID);
1095 zfs_close(zhp);
1096 return (0);
1097 }
1098
1099 if (sdd->seento || !sdd->seenfrom) {
1100 zfs_close(zhp);
1101 return (0);
1102 }
1103
1104 istosnap = (strcmp(sdd->tosnap, thissnap) == 0);
1105 if (istosnap)
1106 sdd->seento = B_TRUE;
1107
1108 if (sdd->large_block)
1109 flags |= LZC_SEND_FLAG_LARGE_BLOCK;
1110 if (sdd->embed_data)
1111 flags |= LZC_SEND_FLAG_EMBED_DATA;
1112 if (sdd->compress)
1113 flags |= LZC_SEND_FLAG_COMPRESS;
1114 if (sdd->raw)
1115 flags |= LZC_SEND_FLAG_RAW;
1116
1117 if (!sdd->doall && !isfromsnap && !istosnap) {
1118 if (sdd->replicate) {
1119 char *snapname;
1120 nvlist_t *snapprops;
1121 /*
1122 * Filter out all intermediate snapshots except origin
1123 * snapshots needed to replicate clones.
1124 */
1125 nvlist_t *nvfs = fsavl_find(sdd->fsavl,
1126 zhp->zfs_dmustats.dds_guid, &snapname);
1127
1128 if (nvfs != NULL) {
1129 snapprops = fnvlist_lookup_nvlist(nvfs,
1130 "snapprops");
1131 snapprops = fnvlist_lookup_nvlist(snapprops,
1132 thissnap);
1133 exclude = !nvlist_exists(snapprops,
1134 "is_clone_origin");
1135 }
1136 } else {
1137 exclude = B_TRUE;
1138 }
1139 }
1140
1141 /*
1142 * If a filter function exists, call it to determine whether
1143 * this snapshot will be sent.
1144 */
1145 if (exclude || (sdd->filter_cb != NULL &&
1146 sdd->filter_cb(zhp, sdd->filter_cb_arg) == B_FALSE)) {
1147 /*
1148 * This snapshot is filtered out. Don't send it, and don't
1149 * set prevsnap_obj, so it will be as if this snapshot didn't
1150 * exist, and the next accepted snapshot will be sent as
1151 * an incremental from the last accepted one, or as the
1152 * first (and full) snapshot in the case of a replication,
1153 * non-incremental send.
1154 */
1155 zfs_close(zhp);
1156 return (0);
1157 }
1158
1159 gather_holds(zhp, sdd);
1160 fromorigin = sdd->prevsnap[0] == '\0' &&
1161 (sdd->fromorigin || sdd->replicate);
1162
1163 if (sdd->verbosity != 0) {
1164 uint64_t size = 0;
1165 char fromds[ZFS_MAX_DATASET_NAME_LEN];
1166
1167 if (sdd->prevsnap[0] != '\0') {
1168 (void) strlcpy(fromds, zhp->zfs_name, sizeof (fromds));
1169 *(strchr(fromds, '@') + 1) = '\0';
1170 (void) strlcat(fromds, sdd->prevsnap, sizeof (fromds));
1171 }
1172 if (zfs_send_space(zhp, zhp->zfs_name,
1173 sdd->prevsnap[0] ? fromds : NULL, flags, &size) == 0) {
1174 send_print_verbose(fout, zhp->zfs_name,
1175 sdd->prevsnap[0] ? sdd->prevsnap : NULL,
1176 size, sdd->parsable);
1177 sdd->size += size;
1178 }
1179 }
1180
1181 if (!sdd->dryrun) {
1182 /*
1183 * If progress reporting is requested, spawn a new thread to
1184 * poll ZFS_IOC_SEND_PROGRESS at a regular interval.
1185 */
1186 if (sdd->progress) {
1187 pa.pa_zhp = zhp;
1188 pa.pa_fd = sdd->outfd;
1189 pa.pa_parsable = sdd->parsable;
1190 pa.pa_estimate = B_FALSE;
1191 pa.pa_verbosity = sdd->verbosity;
1192
1193 if ((err = pthread_create(&tid, NULL,
1194 send_progress_thread, &pa)) != 0) {
1195 zfs_close(zhp);
1196 return (err);
1197 }
1198 }
1199
1200 err = dump_ioctl(zhp, sdd->prevsnap, sdd->prevsnap_obj,
1201 fromorigin, sdd->outfd, flags, sdd->debugnv);
1202
1203 if (sdd->progress &&
1204 send_progress_thread_exit(zhp->zfs_hdl, tid))
1205 return (-1);
1206 }
1207
1208 (void) strlcpy(sdd->prevsnap, thissnap, sizeof (sdd->prevsnap));
1209 sdd->prevsnap_obj = zfs_prop_get_int(zhp, ZFS_PROP_OBJSETID);
1210 zfs_close(zhp);
1211 return (err);
1212 }
1213
1214 /*
1215 * Send all snapshots for a filesystem, updating the send dump data.
1216 */
1217 static int
1218 dump_filesystem(zfs_handle_t *zhp, send_dump_data_t *sdd)
1219 {
1220 int rv = 0;
1221 boolean_t missingfrom = B_FALSE;
1222 zfs_cmd_t zc = {"\0"};
1223 uint64_t min_txg = 0, max_txg = 0;
1224
1225 /*
1226 * Make sure the tosnap exists.
1227 */
1228 (void) snprintf(zc.zc_name, sizeof (zc.zc_name), "%s@%s",
1229 zhp->zfs_name, sdd->tosnap);
1230 if (zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_OBJSET_STATS, &zc) != 0) {
1231 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
1232 "WARNING: could not send %s@%s: does not exist\n"),
1233 zhp->zfs_name, sdd->tosnap);
1234 sdd->err = B_TRUE;
1235 return (0);
1236 }
1237
1238 /*
1239 * If this fs does not have fromsnap, and we're doing
1240 * recursive, we need to send a full stream from the
1241 * beginning (or an incremental from the origin if this
1242 * is a clone). If we're doing non-recursive, then let
1243 * them get the error.
1244 */
1245 if (sdd->replicate && sdd->fromsnap) {
1246 /*
1247 * Make sure the fromsnap exists.
1248 */
1249 (void) snprintf(zc.zc_name, sizeof (zc.zc_name), "%s@%s",
1250 zhp->zfs_name, sdd->fromsnap);
1251 if (zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_OBJSET_STATS, &zc) != 0)
1252 missingfrom = B_TRUE;
1253 }
1254
1255 sdd->seenfrom = sdd->seento = B_FALSE;
1256 sdd->prevsnap[0] = '\0';
1257 sdd->prevsnap_obj = 0;
1258 if (sdd->fromsnap == NULL || missingfrom)
1259 sdd->seenfrom = B_TRUE;
1260
1261 /*
1262 * Iterate through all snapshots and process the ones we will be
1263 * sending. If we only have a "from" and "to" snapshot to deal
1264 * with, we can avoid iterating through all the other snapshots.
1265 */
1266 if (sdd->doall || sdd->replicate || sdd->tosnap == NULL) {
1267 if (!sdd->replicate) {
1268 if (sdd->fromsnap != NULL) {
1269 min_txg = get_snap_txg(zhp->zfs_hdl,
1270 zhp->zfs_name, sdd->fromsnap);
1271 }
1272 if (sdd->tosnap != NULL) {
1273 max_txg = get_snap_txg(zhp->zfs_hdl,
1274 zhp->zfs_name, sdd->tosnap);
1275 }
1276 }
1277 rv = zfs_iter_snapshots_sorted(zhp, 0, dump_snapshot, sdd,
1278 min_txg, max_txg);
1279 } else {
1280 char snapname[MAXPATHLEN] = { 0 };
1281 zfs_handle_t *snap;
1282
1283 /* Dump fromsnap. */
1284 if (!sdd->seenfrom) {
1285 (void) snprintf(snapname, sizeof (snapname),
1286 "%s@%s", zhp->zfs_name, sdd->fromsnap);
1287 snap = zfs_open(zhp->zfs_hdl, snapname,
1288 ZFS_TYPE_SNAPSHOT);
1289 if (snap != NULL)
1290 rv = dump_snapshot(snap, sdd);
1291 else
1292 rv = errno;
1293 }
1294
1295 /* Dump tosnap. */
1296 if (rv == 0) {
1297 (void) snprintf(snapname, sizeof (snapname),
1298 "%s@%s", zhp->zfs_name, sdd->tosnap);
1299 snap = zfs_open(zhp->zfs_hdl, snapname,
1300 ZFS_TYPE_SNAPSHOT);
1301 if (snap != NULL)
1302 rv = dump_snapshot(snap, sdd);
1303 else
1304 rv = errno;
1305 }
1306 }
1307
1308 if (!sdd->seenfrom) {
1309 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
1310 "WARNING: could not send %s@%s:\n"
1311 "incremental source (%s@%s) does not exist\n"),
1312 zhp->zfs_name, sdd->tosnap,
1313 zhp->zfs_name, sdd->fromsnap);
1314 sdd->err = B_TRUE;
1315 } else if (!sdd->seento) {
1316 if (sdd->fromsnap) {
1317 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
1318 "WARNING: could not send %s@%s:\n"
1319 "incremental source (%s@%s) "
1320 "is not earlier than it\n"),
1321 zhp->zfs_name, sdd->tosnap,
1322 zhp->zfs_name, sdd->fromsnap);
1323 } else {
1324 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
1325 "WARNING: "
1326 "could not send %s@%s: does not exist\n"),
1327 zhp->zfs_name, sdd->tosnap);
1328 }
1329 sdd->err = B_TRUE;
1330 }
1331
1332 return (rv);
1333 }
1334
1335 /*
1336 * Send all snapshots for all filesystems in sdd.
1337 */
1338 static int
1339 dump_filesystems(zfs_handle_t *rzhp, send_dump_data_t *sdd)
1340 {
1341 nvpair_t *fspair;
1342 boolean_t needagain, progress;
1343
1344 if (!sdd->replicate)
1345 return (dump_filesystem(rzhp, sdd));
1346
1347 /* Mark the clone origin snapshots. */
1348 for (fspair = nvlist_next_nvpair(sdd->fss, NULL); fspair;
1349 fspair = nvlist_next_nvpair(sdd->fss, fspair)) {
1350 nvlist_t *nvfs;
1351 uint64_t origin_guid = 0;
1352
1353 nvfs = fnvpair_value_nvlist(fspair);
1354 (void) nvlist_lookup_uint64(nvfs, "origin", &origin_guid);
1355 if (origin_guid != 0) {
1356 char *snapname;
1357 nvlist_t *origin_nv = fsavl_find(sdd->fsavl,
1358 origin_guid, &snapname);
1359 if (origin_nv != NULL) {
1360 nvlist_t *snapprops;
1361 snapprops = fnvlist_lookup_nvlist(origin_nv,
1362 "snapprops");
1363 snapprops = fnvlist_lookup_nvlist(snapprops,
1364 snapname);
1365 fnvlist_add_boolean(snapprops,
1366 "is_clone_origin");
1367 }
1368 }
1369 }
1370 again:
1371 needagain = progress = B_FALSE;
1372 for (fspair = nvlist_next_nvpair(sdd->fss, NULL); fspair;
1373 fspair = nvlist_next_nvpair(sdd->fss, fspair)) {
1374 nvlist_t *fslist, *parent_nv;
1375 char *fsname;
1376 zfs_handle_t *zhp;
1377 int err;
1378 uint64_t origin_guid = 0;
1379 uint64_t parent_guid = 0;
1380
1381 fslist = fnvpair_value_nvlist(fspair);
1382 if (nvlist_lookup_boolean(fslist, "sent") == 0)
1383 continue;
1384
1385 fsname = fnvlist_lookup_string(fslist, "name");
1386 (void) nvlist_lookup_uint64(fslist, "origin", &origin_guid);
1387 (void) nvlist_lookup_uint64(fslist, "parentfromsnap",
1388 &parent_guid);
1389
1390 if (parent_guid != 0) {
1391 parent_nv = fsavl_find(sdd->fsavl, parent_guid, NULL);
1392 if (!nvlist_exists(parent_nv, "sent")) {
1393 /* Parent has not been sent; skip this one. */
1394 needagain = B_TRUE;
1395 continue;
1396 }
1397 }
1398
1399 if (origin_guid != 0) {
1400 nvlist_t *origin_nv = fsavl_find(sdd->fsavl,
1401 origin_guid, NULL);
1402 if (origin_nv != NULL &&
1403 !nvlist_exists(origin_nv, "sent")) {
1404 /*
1405 * Origin has not been sent yet;
1406 * skip this clone.
1407 */
1408 needagain = B_TRUE;
1409 continue;
1410 }
1411 }
1412
1413 zhp = zfs_open(rzhp->zfs_hdl, fsname, ZFS_TYPE_DATASET);
1414 if (zhp == NULL)
1415 return (-1);
1416 err = dump_filesystem(zhp, sdd);
1417 fnvlist_add_boolean(fslist, "sent");
1418 progress = B_TRUE;
1419 zfs_close(zhp);
1420 if (err)
1421 return (err);
1422 }
1423 if (needagain) {
1424 assert(progress);
1425 goto again;
1426 }
1427
1428 /* Clean out the sent flags in case we reuse this fss. */
1429 for (fspair = nvlist_next_nvpair(sdd->fss, NULL); fspair;
1430 fspair = nvlist_next_nvpair(sdd->fss, fspair)) {
1431 nvlist_t *fslist;
1432
1433 fslist = fnvpair_value_nvlist(fspair);
1434 (void) nvlist_remove_all(fslist, "sent");
1435 }
1436
1437 return (0);
1438 }
1439
1440 nvlist_t *
1441 zfs_send_resume_token_to_nvlist(libzfs_handle_t *hdl, const char *token)
1442 {
1443 unsigned int version;
1444 int nread, i;
1445 unsigned long long checksum, packed_len;
1446
1447 /*
1448 * Decode token header, which is:
1449 * <token version>-<checksum of payload>-<uncompressed payload length>
1450 * Note that the only supported token version is 1.
1451 */
1452 nread = sscanf(token, "%u-%llx-%llx-",
1453 &version, &checksum, &packed_len);
1454 if (nread != 3) {
1455 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1456 "resume token is corrupt (invalid format)"));
1457 return (NULL);
1458 }
1459
1460 if (version != ZFS_SEND_RESUME_TOKEN_VERSION) {
1461 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1462 "resume token is corrupt (invalid version %u)"),
1463 version);
1464 return (NULL);
1465 }
1466
1467 /* Convert hexadecimal representation to binary. */
1468 token = strrchr(token, '-') + 1;
1469 int len = strlen(token) / 2;
1470 unsigned char *compressed = zfs_alloc(hdl, len);
1471 for (i = 0; i < len; i++) {
1472 nread = sscanf(token + i * 2, "%2hhx", compressed + i);
1473 if (nread != 1) {
1474 free(compressed);
1475 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1476 "resume token is corrupt "
1477 "(payload is not hex-encoded)"));
1478 return (NULL);
1479 }
1480 }
1481
1482 /* Verify checksum. */
1483 zio_cksum_t cksum;
1484 fletcher_4_native_varsize(compressed, len, &cksum);
1485 if (cksum.zc_word[0] != checksum) {
1486 free(compressed);
1487 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1488 "resume token is corrupt (incorrect checksum)"));
1489 return (NULL);
1490 }
1491
1492 /* Uncompress. */
1493 void *packed = zfs_alloc(hdl, packed_len);
1494 uLongf packed_len_long = packed_len;
1495 if (uncompress(packed, &packed_len_long, compressed, len) != Z_OK ||
1496 packed_len_long != packed_len) {
1497 free(packed);
1498 free(compressed);
1499 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1500 "resume token is corrupt (decompression failed)"));
1501 return (NULL);
1502 }
1503
1504 /* Unpack nvlist. */
1505 nvlist_t *nv;
1506 int error = nvlist_unpack(packed, packed_len, &nv, KM_SLEEP);
1507 free(packed);
1508 free(compressed);
1509 if (error != 0) {
1510 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1511 "resume token is corrupt (nvlist_unpack failed)"));
1512 return (NULL);
1513 }
1514 return (nv);
1515 }
1516
1517 static enum lzc_send_flags
1518 lzc_flags_from_sendflags(const sendflags_t *flags)
1519 {
1520 enum lzc_send_flags lzc_flags = 0;
1521
1522 if (flags->largeblock)
1523 lzc_flags |= LZC_SEND_FLAG_LARGE_BLOCK;
1524 if (flags->embed_data)
1525 lzc_flags |= LZC_SEND_FLAG_EMBED_DATA;
1526 if (flags->compress)
1527 lzc_flags |= LZC_SEND_FLAG_COMPRESS;
1528 if (flags->raw)
1529 lzc_flags |= LZC_SEND_FLAG_RAW;
1530 if (flags->saved)
1531 lzc_flags |= LZC_SEND_FLAG_SAVED;
1532
1533 return (lzc_flags);
1534 }
1535
1536 static int
1537 estimate_size(zfs_handle_t *zhp, const char *from, int fd, sendflags_t *flags,
1538 uint64_t resumeobj, uint64_t resumeoff, uint64_t bytes,
1539 const char *redactbook, char *errbuf)
1540 {
1541 uint64_t size;
1542 FILE *fout = flags->dryrun ? stdout : stderr;
1543 progress_arg_t pa = { 0 };
1544 int err = 0;
1545 pthread_t ptid;
1546
1547 if (flags->progress) {
1548 pa.pa_zhp = zhp;
1549 pa.pa_fd = fd;
1550 pa.pa_parsable = flags->parsable;
1551 pa.pa_estimate = B_TRUE;
1552 pa.pa_verbosity = flags->verbosity;
1553
1554 err = pthread_create(&ptid, NULL,
1555 send_progress_thread, &pa);
1556 if (err != 0) {
1557 zfs_error_aux(zhp->zfs_hdl, "%s", strerror(errno));
1558 return (zfs_error(zhp->zfs_hdl,
1559 EZFS_THREADCREATEFAILED, errbuf));
1560 }
1561 }
1562
1563 err = lzc_send_space_resume_redacted(zhp->zfs_name, from,
1564 lzc_flags_from_sendflags(flags), resumeobj, resumeoff, bytes,
1565 redactbook, fd, &size);
1566
1567 if (flags->progress && send_progress_thread_exit(zhp->zfs_hdl, ptid))
1568 return (-1);
1569
1570 if (err != 0) {
1571 zfs_error_aux(zhp->zfs_hdl, "%s", strerror(err));
1572 return (zfs_error(zhp->zfs_hdl, EZFS_BADBACKUP,
1573 errbuf));
1574 }
1575 send_print_verbose(fout, zhp->zfs_name, from, size,
1576 flags->parsable);
1577
1578 if (flags->parsable) {
1579 (void) fprintf(fout, "size\t%llu\n", (longlong_t)size);
1580 } else {
1581 char buf[16];
1582 zfs_nicenum(size, buf, sizeof (buf));
1583 (void) fprintf(fout, dgettext(TEXT_DOMAIN,
1584 "total estimated size is %s\n"), buf);
1585 }
1586 return (0);
1587 }
1588
1589 static boolean_t
1590 redact_snaps_contains(const uint64_t *snaps, uint64_t num_snaps, uint64_t guid)
1591 {
1592 for (int i = 0; i < num_snaps; i++) {
1593 if (snaps[i] == guid)
1594 return (B_TRUE);
1595 }
1596 return (B_FALSE);
1597 }
1598
1599 static boolean_t
1600 redact_snaps_equal(const uint64_t *snaps1, uint64_t num_snaps1,
1601 const uint64_t *snaps2, uint64_t num_snaps2)
1602 {
1603 if (num_snaps1 != num_snaps2)
1604 return (B_FALSE);
1605 for (int i = 0; i < num_snaps1; i++) {
1606 if (!redact_snaps_contains(snaps2, num_snaps2, snaps1[i]))
1607 return (B_FALSE);
1608 }
1609 return (B_TRUE);
1610 }
1611
1612 static int
1613 get_bookmarks(const char *path, nvlist_t **bmarksp)
1614 {
1615 nvlist_t *props = fnvlist_alloc();
1616 int error;
1617
1618 fnvlist_add_boolean(props, "redact_complete");
1619 fnvlist_add_boolean(props, zfs_prop_to_name(ZFS_PROP_REDACT_SNAPS));
1620 error = lzc_get_bookmarks(path, props, bmarksp);
1621 fnvlist_free(props);
1622 return (error);
1623 }
1624
1625 static nvpair_t *
1626 find_redact_pair(nvlist_t *bmarks, const uint64_t *redact_snap_guids,
1627 int num_redact_snaps)
1628 {
1629 nvpair_t *pair;
1630
1631 for (pair = nvlist_next_nvpair(bmarks, NULL); pair;
1632 pair = nvlist_next_nvpair(bmarks, pair)) {
1633
1634 nvlist_t *bmark = fnvpair_value_nvlist(pair);
1635 nvlist_t *vallist = fnvlist_lookup_nvlist(bmark,
1636 zfs_prop_to_name(ZFS_PROP_REDACT_SNAPS));
1637 uint_t len = 0;
1638 uint64_t *bmarksnaps = fnvlist_lookup_uint64_array(vallist,
1639 ZPROP_VALUE, &len);
1640 if (redact_snaps_equal(redact_snap_guids,
1641 num_redact_snaps, bmarksnaps, len)) {
1642 break;
1643 }
1644 }
1645 return (pair);
1646 }
1647
1648 static boolean_t
1649 get_redact_complete(nvpair_t *pair)
1650 {
1651 nvlist_t *bmark = fnvpair_value_nvlist(pair);
1652 nvlist_t *vallist = fnvlist_lookup_nvlist(bmark, "redact_complete");
1653 boolean_t complete = fnvlist_lookup_boolean_value(vallist,
1654 ZPROP_VALUE);
1655
1656 return (complete);
1657 }
1658
1659 /*
1660 * Check that the list of redaction snapshots in the bookmark matches the send
1661 * we're resuming, and return whether or not it's complete.
1662 *
1663 * Note that the caller needs to free the contents of *bookname with free() if
1664 * this function returns successfully.
1665 */
1666 static int
1667 find_redact_book(libzfs_handle_t *hdl, const char *path,
1668 const uint64_t *redact_snap_guids, int num_redact_snaps,
1669 char **bookname)
1670 {
1671 char errbuf[ERRBUFLEN];
1672 nvlist_t *bmarks;
1673
1674 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
1675 "cannot resume send"));
1676
1677 int error = get_bookmarks(path, &bmarks);
1678 if (error != 0) {
1679 if (error == ESRCH) {
1680 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1681 "nonexistent redaction bookmark provided"));
1682 } else if (error == ENOENT) {
1683 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1684 "dataset to be sent no longer exists"));
1685 } else {
1686 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1687 "unknown error: %s"), strerror(error));
1688 }
1689 return (zfs_error(hdl, EZFS_BADPROP, errbuf));
1690 }
1691 nvpair_t *pair = find_redact_pair(bmarks, redact_snap_guids,
1692 num_redact_snaps);
1693 if (pair == NULL) {
1694 fnvlist_free(bmarks);
1695 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1696 "no appropriate redaction bookmark exists"));
1697 return (zfs_error(hdl, EZFS_BADPROP, errbuf));
1698 }
1699 boolean_t complete = get_redact_complete(pair);
1700 if (!complete) {
1701 fnvlist_free(bmarks);
1702 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1703 "incomplete redaction bookmark provided"));
1704 return (zfs_error(hdl, EZFS_BADPROP, errbuf));
1705 }
1706 *bookname = strndup(nvpair_name(pair), ZFS_MAX_DATASET_NAME_LEN);
1707 ASSERT3P(*bookname, !=, NULL);
1708 fnvlist_free(bmarks);
1709 return (0);
1710 }
1711
1712 static enum lzc_send_flags
1713 lzc_flags_from_resume_nvl(nvlist_t *resume_nvl)
1714 {
1715 enum lzc_send_flags lzc_flags = 0;
1716
1717 if (nvlist_exists(resume_nvl, "largeblockok"))
1718 lzc_flags |= LZC_SEND_FLAG_LARGE_BLOCK;
1719 if (nvlist_exists(resume_nvl, "embedok"))
1720 lzc_flags |= LZC_SEND_FLAG_EMBED_DATA;
1721 if (nvlist_exists(resume_nvl, "compressok"))
1722 lzc_flags |= LZC_SEND_FLAG_COMPRESS;
1723 if (nvlist_exists(resume_nvl, "rawok"))
1724 lzc_flags |= LZC_SEND_FLAG_RAW;
1725 if (nvlist_exists(resume_nvl, "savedok"))
1726 lzc_flags |= LZC_SEND_FLAG_SAVED;
1727
1728 return (lzc_flags);
1729 }
1730
1731 static int
1732 zfs_send_resume_impl_cb_impl(libzfs_handle_t *hdl, sendflags_t *flags,
1733 int outfd, nvlist_t *resume_nvl)
1734 {
1735 char errbuf[ERRBUFLEN];
1736 char *toname;
1737 char *fromname = NULL;
1738 uint64_t resumeobj, resumeoff, toguid, fromguid, bytes;
1739 zfs_handle_t *zhp;
1740 int error = 0;
1741 char name[ZFS_MAX_DATASET_NAME_LEN];
1742 FILE *fout = (flags->verbosity > 0 && flags->dryrun) ? stdout : stderr;
1743 uint64_t *redact_snap_guids = NULL;
1744 int num_redact_snaps = 0;
1745 char *redact_book = NULL;
1746
1747 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
1748 "cannot resume send"));
1749
1750 if (flags->verbosity != 0) {
1751 (void) fprintf(fout, dgettext(TEXT_DOMAIN,
1752 "resume token contents:\n"));
1753 nvlist_print(fout, resume_nvl);
1754 }
1755
1756 if (nvlist_lookup_string(resume_nvl, "toname", &toname) != 0 ||
1757 nvlist_lookup_uint64(resume_nvl, "object", &resumeobj) != 0 ||
1758 nvlist_lookup_uint64(resume_nvl, "offset", &resumeoff) != 0 ||
1759 nvlist_lookup_uint64(resume_nvl, "bytes", &bytes) != 0 ||
1760 nvlist_lookup_uint64(resume_nvl, "toguid", &toguid) != 0) {
1761 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1762 "resume token is corrupt"));
1763 return (zfs_error(hdl, EZFS_FAULT, errbuf));
1764 }
1765 fromguid = 0;
1766 (void) nvlist_lookup_uint64(resume_nvl, "fromguid", &fromguid);
1767
1768 if (flags->saved) {
1769 (void) strlcpy(name, toname, sizeof (name));
1770 } else {
1771 error = guid_to_name(hdl, toname, toguid, B_FALSE, name);
1772 if (error != 0) {
1773 if (zfs_dataset_exists(hdl, toname, ZFS_TYPE_DATASET)) {
1774 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1775 "'%s' is no longer the same snapshot "
1776 "used in the initial send"), toname);
1777 } else {
1778 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1779 "'%s' used in the initial send no "
1780 "longer exists"), toname);
1781 }
1782 return (zfs_error(hdl, EZFS_BADPATH, errbuf));
1783 }
1784 }
1785
1786 zhp = zfs_open(hdl, name, ZFS_TYPE_DATASET);
1787 if (zhp == NULL) {
1788 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1789 "unable to access '%s'"), name);
1790 return (zfs_error(hdl, EZFS_BADPATH, errbuf));
1791 }
1792
1793 if (nvlist_lookup_uint64_array(resume_nvl, "book_redact_snaps",
1794 &redact_snap_guids, (uint_t *)&num_redact_snaps) != 0) {
1795 num_redact_snaps = -1;
1796 }
1797
1798 if (fromguid != 0) {
1799 if (guid_to_name_redact_snaps(hdl, toname, fromguid, B_TRUE,
1800 redact_snap_guids, num_redact_snaps, name) != 0) {
1801 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1802 "incremental source %#llx no longer exists"),
1803 (longlong_t)fromguid);
1804 return (zfs_error(hdl, EZFS_BADPATH, errbuf));
1805 }
1806 fromname = name;
1807 }
1808
1809 redact_snap_guids = NULL;
1810
1811 if (nvlist_lookup_uint64_array(resume_nvl,
1812 zfs_prop_to_name(ZFS_PROP_REDACT_SNAPS), &redact_snap_guids,
1813 (uint_t *)&num_redact_snaps) == 0) {
1814 char path[ZFS_MAX_DATASET_NAME_LEN];
1815
1816 (void) strlcpy(path, toname, sizeof (path));
1817 char *at = strchr(path, '@');
1818 ASSERT3P(at, !=, NULL);
1819
1820 *at = '\0';
1821
1822 if ((error = find_redact_book(hdl, path, redact_snap_guids,
1823 num_redact_snaps, &redact_book)) != 0) {
1824 return (error);
1825 }
1826 }
1827
1828 enum lzc_send_flags lzc_flags = lzc_flags_from_sendflags(flags) |
1829 lzc_flags_from_resume_nvl(resume_nvl);
1830
1831 if (flags->verbosity != 0) {
1832 /*
1833 * Some of these may have come from the resume token, set them
1834 * here for size estimate purposes.
1835 */
1836 sendflags_t tmpflags = *flags;
1837 if (lzc_flags & LZC_SEND_FLAG_LARGE_BLOCK)
1838 tmpflags.largeblock = B_TRUE;
1839 if (lzc_flags & LZC_SEND_FLAG_COMPRESS)
1840 tmpflags.compress = B_TRUE;
1841 if (lzc_flags & LZC_SEND_FLAG_EMBED_DATA)
1842 tmpflags.embed_data = B_TRUE;
1843 if (lzc_flags & LZC_SEND_FLAG_RAW)
1844 tmpflags.raw = B_TRUE;
1845 if (lzc_flags & LZC_SEND_FLAG_SAVED)
1846 tmpflags.saved = B_TRUE;
1847 error = estimate_size(zhp, fromname, outfd, &tmpflags,
1848 resumeobj, resumeoff, bytes, redact_book, errbuf);
1849 }
1850
1851 if (!flags->dryrun) {
1852 progress_arg_t pa = { 0 };
1853 pthread_t tid;
1854 /*
1855 * If progress reporting is requested, spawn a new thread to
1856 * poll ZFS_IOC_SEND_PROGRESS at a regular interval.
1857 */
1858 if (flags->progress) {
1859 pa.pa_zhp = zhp;
1860 pa.pa_fd = outfd;
1861 pa.pa_parsable = flags->parsable;
1862 pa.pa_estimate = B_FALSE;
1863 pa.pa_verbosity = flags->verbosity;
1864
1865 error = pthread_create(&tid, NULL,
1866 send_progress_thread, &pa);
1867 if (error != 0) {
1868 if (redact_book != NULL)
1869 free(redact_book);
1870 zfs_close(zhp);
1871 return (error);
1872 }
1873 }
1874
1875 error = lzc_send_resume_redacted(zhp->zfs_name, fromname, outfd,
1876 lzc_flags, resumeobj, resumeoff, redact_book);
1877 if (redact_book != NULL)
1878 free(redact_book);
1879
1880 if (flags->progress && send_progress_thread_exit(hdl, tid))
1881 return (-1);
1882
1883 char errbuf[ERRBUFLEN];
1884 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
1885 "warning: cannot send '%s'"), zhp->zfs_name);
1886
1887 zfs_close(zhp);
1888
1889 switch (error) {
1890 case 0:
1891 return (0);
1892 case EACCES:
1893 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1894 "source key must be loaded"));
1895 return (zfs_error(hdl, EZFS_CRYPTOFAILED, errbuf));
1896 case ESRCH:
1897 if (lzc_exists(zhp->zfs_name)) {
1898 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1899 "incremental source could not be found"));
1900 }
1901 return (zfs_error(hdl, EZFS_NOENT, errbuf));
1902
1903 case EXDEV:
1904 case ENOENT:
1905 case EDQUOT:
1906 case EFBIG:
1907 case EIO:
1908 case ENOLINK:
1909 case ENOSPC:
1910 case ENOSTR:
1911 case ENXIO:
1912 case EPIPE:
1913 case ERANGE:
1914 case EFAULT:
1915 case EROFS:
1916 zfs_error_aux(hdl, "%s", strerror(errno));
1917 return (zfs_error(hdl, EZFS_BADBACKUP, errbuf));
1918
1919 default:
1920 return (zfs_standard_error(hdl, errno, errbuf));
1921 }
1922 } else {
1923 if (redact_book != NULL)
1924 free(redact_book);
1925 }
1926
1927 zfs_close(zhp);
1928
1929 return (error);
1930 }
1931
1932 struct zfs_send_resume_impl {
1933 libzfs_handle_t *hdl;
1934 sendflags_t *flags;
1935 nvlist_t *resume_nvl;
1936 };
1937
1938 static int
1939 zfs_send_resume_impl_cb(int outfd, void *arg)
1940 {
1941 struct zfs_send_resume_impl *zsri = arg;
1942 return (zfs_send_resume_impl_cb_impl(zsri->hdl, zsri->flags, outfd,
1943 zsri->resume_nvl));
1944 }
1945
1946 static int
1947 zfs_send_resume_impl(libzfs_handle_t *hdl, sendflags_t *flags, int outfd,
1948 nvlist_t *resume_nvl)
1949 {
1950 struct zfs_send_resume_impl zsri = {
1951 .hdl = hdl,
1952 .flags = flags,
1953 .resume_nvl = resume_nvl,
1954 };
1955 return (lzc_send_wrapper(zfs_send_resume_impl_cb, outfd, &zsri));
1956 }
1957
1958 int
1959 zfs_send_resume(libzfs_handle_t *hdl, sendflags_t *flags, int outfd,
1960 const char *resume_token)
1961 {
1962 int ret;
1963 char errbuf[ERRBUFLEN];
1964 nvlist_t *resume_nvl;
1965
1966 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
1967 "cannot resume send"));
1968
1969 resume_nvl = zfs_send_resume_token_to_nvlist(hdl, resume_token);
1970 if (resume_nvl == NULL) {
1971 /*
1972 * zfs_error_aux has already been set by
1973 * zfs_send_resume_token_to_nvlist()
1974 */
1975 return (zfs_error(hdl, EZFS_FAULT, errbuf));
1976 }
1977
1978 ret = zfs_send_resume_impl(hdl, flags, outfd, resume_nvl);
1979 fnvlist_free(resume_nvl);
1980
1981 return (ret);
1982 }
1983
1984 int
1985 zfs_send_saved(zfs_handle_t *zhp, sendflags_t *flags, int outfd,
1986 const char *resume_token)
1987 {
1988 int ret;
1989 libzfs_handle_t *hdl = zhp->zfs_hdl;
1990 nvlist_t *saved_nvl = NULL, *resume_nvl = NULL;
1991 uint64_t saved_guid = 0, resume_guid = 0;
1992 uint64_t obj = 0, off = 0, bytes = 0;
1993 char token_buf[ZFS_MAXPROPLEN];
1994 char errbuf[ERRBUFLEN];
1995
1996 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
1997 "saved send failed"));
1998
1999 ret = zfs_prop_get(zhp, ZFS_PROP_RECEIVE_RESUME_TOKEN,
2000 token_buf, sizeof (token_buf), NULL, NULL, 0, B_TRUE);
2001 if (ret != 0)
2002 goto out;
2003
2004 saved_nvl = zfs_send_resume_token_to_nvlist(hdl, token_buf);
2005 if (saved_nvl == NULL) {
2006 /*
2007 * zfs_error_aux has already been set by
2008 * zfs_send_resume_token_to_nvlist()
2009 */
2010 ret = zfs_error(hdl, EZFS_FAULT, errbuf);
2011 goto out;
2012 }
2013
2014 /*
2015 * If a resume token is provided we use the object and offset
2016 * from that instead of the default, which starts from the
2017 * beginning.
2018 */
2019 if (resume_token != NULL) {
2020 resume_nvl = zfs_send_resume_token_to_nvlist(hdl,
2021 resume_token);
2022 if (resume_nvl == NULL) {
2023 ret = zfs_error(hdl, EZFS_FAULT, errbuf);
2024 goto out;
2025 }
2026
2027 if (nvlist_lookup_uint64(resume_nvl, "object", &obj) != 0 ||
2028 nvlist_lookup_uint64(resume_nvl, "offset", &off) != 0 ||
2029 nvlist_lookup_uint64(resume_nvl, "bytes", &bytes) != 0 ||
2030 nvlist_lookup_uint64(resume_nvl, "toguid",
2031 &resume_guid) != 0) {
2032 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2033 "provided resume token is corrupt"));
2034 ret = zfs_error(hdl, EZFS_FAULT, errbuf);
2035 goto out;
2036 }
2037
2038 if (nvlist_lookup_uint64(saved_nvl, "toguid",
2039 &saved_guid)) {
2040 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2041 "dataset's resume token is corrupt"));
2042 ret = zfs_error(hdl, EZFS_FAULT, errbuf);
2043 goto out;
2044 }
2045
2046 if (resume_guid != saved_guid) {
2047 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2048 "provided resume token does not match dataset"));
2049 ret = zfs_error(hdl, EZFS_BADBACKUP, errbuf);
2050 goto out;
2051 }
2052 }
2053
2054 (void) nvlist_remove_all(saved_nvl, "object");
2055 fnvlist_add_uint64(saved_nvl, "object", obj);
2056
2057 (void) nvlist_remove_all(saved_nvl, "offset");
2058 fnvlist_add_uint64(saved_nvl, "offset", off);
2059
2060 (void) nvlist_remove_all(saved_nvl, "bytes");
2061 fnvlist_add_uint64(saved_nvl, "bytes", bytes);
2062
2063 (void) nvlist_remove_all(saved_nvl, "toname");
2064 fnvlist_add_string(saved_nvl, "toname", zhp->zfs_name);
2065
2066 ret = zfs_send_resume_impl(hdl, flags, outfd, saved_nvl);
2067
2068 out:
2069 fnvlist_free(saved_nvl);
2070 fnvlist_free(resume_nvl);
2071 return (ret);
2072 }
2073
2074 /*
2075 * This function informs the target system that the recursive send is complete.
2076 * The record is also expected in the case of a send -p.
2077 */
2078 static int
2079 send_conclusion_record(int fd, zio_cksum_t *zc)
2080 {
2081 dmu_replay_record_t drr = { 0 };
2082 drr.drr_type = DRR_END;
2083 if (zc != NULL)
2084 drr.drr_u.drr_end.drr_checksum = *zc;
2085 if (write(fd, &drr, sizeof (drr)) == -1) {
2086 return (errno);
2087 }
2088 return (0);
2089 }
2090
2091 /*
2092 * This function is responsible for sending the records that contain the
2093 * necessary information for the target system's libzfs to be able to set the
2094 * properties of the filesystem being received, or to be able to prepare for
2095 * a recursive receive.
2096 *
2097 * The "zhp" argument is the handle of the snapshot we are sending
2098 * (the "tosnap"). The "from" argument is the short snapshot name (the part
2099 * after the @) of the incremental source.
2100 */
2101 static int
2102 send_prelim_records(zfs_handle_t *zhp, const char *from, int fd,
2103 boolean_t gather_props, boolean_t recursive, boolean_t verbose,
2104 boolean_t dryrun, boolean_t raw, boolean_t replicate, boolean_t skipmissing,
2105 boolean_t backup, boolean_t holds, boolean_t props, boolean_t doall,
2106 nvlist_t **fssp, avl_tree_t **fsavlp)
2107 {
2108 int err = 0;
2109 char *packbuf = NULL;
2110 size_t buflen = 0;
2111 zio_cksum_t zc = { {0} };
2112 int featureflags = 0;
2113 /* name of filesystem/volume that contains snapshot we are sending */
2114 char tofs[ZFS_MAX_DATASET_NAME_LEN];
2115 /* short name of snap we are sending */
2116 const char *tosnap = "";
2117
2118 char errbuf[ERRBUFLEN];
2119 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
2120 "warning: cannot send '%s'"), zhp->zfs_name);
2121 if (zhp->zfs_type == ZFS_TYPE_FILESYSTEM && zfs_prop_get_int(zhp,
2122 ZFS_PROP_VERSION) >= ZPL_VERSION_SA) {
2123 featureflags |= DMU_BACKUP_FEATURE_SA_SPILL;
2124 }
2125
2126 if (holds)
2127 featureflags |= DMU_BACKUP_FEATURE_HOLDS;
2128
2129 (void) strlcpy(tofs, zhp->zfs_name, ZFS_MAX_DATASET_NAME_LEN);
2130 char *at = strchr(tofs, '@');
2131 if (at != NULL) {
2132 *at = '\0';
2133 tosnap = at + 1;
2134 }
2135
2136 if (gather_props) {
2137 nvlist_t *hdrnv = fnvlist_alloc();
2138 nvlist_t *fss = NULL;
2139
2140 if (from != NULL)
2141 fnvlist_add_string(hdrnv, "fromsnap", from);
2142 fnvlist_add_string(hdrnv, "tosnap", tosnap);
2143 if (!recursive)
2144 fnvlist_add_boolean(hdrnv, "not_recursive");
2145
2146 if (raw) {
2147 fnvlist_add_boolean(hdrnv, "raw");
2148 }
2149
2150 if (gather_nvlist(zhp->zfs_hdl, tofs,
2151 from, tosnap, recursive, raw, doall, replicate, skipmissing,
2152 verbose, backup, holds, props, &fss, fsavlp) != 0) {
2153 return (zfs_error(zhp->zfs_hdl, EZFS_BADBACKUP,
2154 errbuf));
2155 }
2156 /*
2157 * Do not allow the size of the properties list to exceed
2158 * the limit
2159 */
2160 if ((fnvlist_size(fss) + fnvlist_size(hdrnv)) >
2161 zhp->zfs_hdl->libzfs_max_nvlist) {
2162 (void) snprintf(errbuf, sizeof (errbuf),
2163 dgettext(TEXT_DOMAIN, "warning: cannot send '%s': "
2164 "the size of the list of snapshots and properties "
2165 "is too large to be received successfully.\n"
2166 "Select a smaller number of snapshots to send.\n"),
2167 zhp->zfs_name);
2168 return (zfs_error(zhp->zfs_hdl, EZFS_NOSPC,
2169 errbuf));
2170 }
2171 fnvlist_add_nvlist(hdrnv, "fss", fss);
2172 VERIFY0(nvlist_pack(hdrnv, &packbuf, &buflen, NV_ENCODE_XDR,
2173 0));
2174 if (fssp != NULL) {
2175 *fssp = fss;
2176 } else {
2177 fnvlist_free(fss);
2178 }
2179 fnvlist_free(hdrnv);
2180 }
2181
2182 if (!dryrun) {
2183 dmu_replay_record_t drr = { 0 };
2184 /* write first begin record */
2185 drr.drr_type = DRR_BEGIN;
2186 drr.drr_u.drr_begin.drr_magic = DMU_BACKUP_MAGIC;
2187 DMU_SET_STREAM_HDRTYPE(drr.drr_u.drr_begin.
2188 drr_versioninfo, DMU_COMPOUNDSTREAM);
2189 DMU_SET_FEATUREFLAGS(drr.drr_u.drr_begin.
2190 drr_versioninfo, featureflags);
2191 if (snprintf(drr.drr_u.drr_begin.drr_toname,
2192 sizeof (drr.drr_u.drr_begin.drr_toname), "%s@%s", tofs,
2193 tosnap) >= sizeof (drr.drr_u.drr_begin.drr_toname)) {
2194 return (zfs_error(zhp->zfs_hdl, EZFS_BADBACKUP,
2195 errbuf));
2196 }
2197 drr.drr_payloadlen = buflen;
2198
2199 err = dump_record(&drr, packbuf, buflen, &zc, fd);
2200 free(packbuf);
2201 if (err != 0) {
2202 zfs_error_aux(zhp->zfs_hdl, "%s", strerror(err));
2203 return (zfs_error(zhp->zfs_hdl, EZFS_BADBACKUP,
2204 errbuf));
2205 }
2206 err = send_conclusion_record(fd, &zc);
2207 if (err != 0) {
2208 zfs_error_aux(zhp->zfs_hdl, "%s", strerror(err));
2209 return (zfs_error(zhp->zfs_hdl, EZFS_BADBACKUP,
2210 errbuf));
2211 }
2212 }
2213 return (0);
2214 }
2215
2216 /*
2217 * Generate a send stream. The "zhp" argument is the filesystem/volume
2218 * that contains the snapshot to send. The "fromsnap" argument is the
2219 * short name (the part after the '@') of the snapshot that is the
2220 * incremental source to send from (if non-NULL). The "tosnap" argument
2221 * is the short name of the snapshot to send.
2222 *
2223 * The content of the send stream is the snapshot identified by
2224 * 'tosnap'. Incremental streams are requested in two ways:
2225 * - from the snapshot identified by "fromsnap" (if non-null) or
2226 * - from the origin of the dataset identified by zhp, which must
2227 * be a clone. In this case, "fromsnap" is null and "fromorigin"
2228 * is TRUE.
2229 *
2230 * The send stream is recursive (i.e. dumps a hierarchy of snapshots) and
2231 * uses a special header (with a hdrtype field of DMU_COMPOUNDSTREAM)
2232 * if "replicate" is set. If "doall" is set, dump all the intermediate
2233 * snapshots. The DMU_COMPOUNDSTREAM header is used in the "doall"
2234 * case too. If "props" is set, send properties.
2235 *
2236 * Pre-wrapped (cf. lzc_send_wrapper()).
2237 */
2238 static int
2239 zfs_send_cb_impl(zfs_handle_t *zhp, const char *fromsnap, const char *tosnap,
2240 sendflags_t *flags, int outfd, snapfilter_cb_t filter_func,
2241 void *cb_arg, nvlist_t **debugnvp)
2242 {
2243 char errbuf[ERRBUFLEN];
2244 send_dump_data_t sdd = { 0 };
2245 int err = 0;
2246 nvlist_t *fss = NULL;
2247 avl_tree_t *fsavl = NULL;
2248 static uint64_t holdseq;
2249 int spa_version;
2250 FILE *fout;
2251
2252 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
2253 "cannot send '%s'"), zhp->zfs_name);
2254
2255 if (fromsnap && fromsnap[0] == '\0') {
2256 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
2257 "zero-length incremental source"));
2258 return (zfs_error(zhp->zfs_hdl, EZFS_NOENT, errbuf));
2259 }
2260
2261 if (fromsnap) {
2262 char full_fromsnap_name[ZFS_MAX_DATASET_NAME_LEN];
2263 if (snprintf(full_fromsnap_name, sizeof (full_fromsnap_name),
2264 "%s@%s", zhp->zfs_name, fromsnap) >=
2265 sizeof (full_fromsnap_name)) {
2266 err = EINVAL;
2267 goto stderr_out;
2268 }
2269 zfs_handle_t *fromsnapn = zfs_open(zhp->zfs_hdl,
2270 full_fromsnap_name, ZFS_TYPE_SNAPSHOT);
2271 if (fromsnapn == NULL) {
2272 err = -1;
2273 goto err_out;
2274 }
2275 zfs_close(fromsnapn);
2276 }
2277
2278 if (flags->replicate || flags->doall || flags->props ||
2279 flags->holds || flags->backup) {
2280 char full_tosnap_name[ZFS_MAX_DATASET_NAME_LEN];
2281 if (snprintf(full_tosnap_name, sizeof (full_tosnap_name),
2282 "%s@%s", zhp->zfs_name, tosnap) >=
2283 sizeof (full_tosnap_name)) {
2284 err = EINVAL;
2285 goto stderr_out;
2286 }
2287 zfs_handle_t *tosnap = zfs_open(zhp->zfs_hdl,
2288 full_tosnap_name, ZFS_TYPE_SNAPSHOT);
2289 if (tosnap == NULL) {
2290 err = -1;
2291 goto err_out;
2292 }
2293 err = send_prelim_records(tosnap, fromsnap, outfd,
2294 flags->replicate || flags->props || flags->holds,
2295 flags->replicate, flags->verbosity > 0, flags->dryrun,
2296 flags->raw, flags->replicate, flags->skipmissing,
2297 flags->backup, flags->holds, flags->props, flags->doall,
2298 &fss, &fsavl);
2299 zfs_close(tosnap);
2300 if (err != 0)
2301 goto err_out;
2302 }
2303
2304 /* dump each stream */
2305 sdd.fromsnap = fromsnap;
2306 sdd.tosnap = tosnap;
2307 sdd.outfd = outfd;
2308 sdd.replicate = flags->replicate;
2309 sdd.doall = flags->doall;
2310 sdd.fromorigin = flags->fromorigin;
2311 sdd.fss = fss;
2312 sdd.fsavl = fsavl;
2313 sdd.verbosity = flags->verbosity;
2314 sdd.parsable = flags->parsable;
2315 sdd.progress = flags->progress;
2316 sdd.dryrun = flags->dryrun;
2317 sdd.large_block = flags->largeblock;
2318 sdd.embed_data = flags->embed_data;
2319 sdd.compress = flags->compress;
2320 sdd.raw = flags->raw;
2321 sdd.holds = flags->holds;
2322 sdd.filter_cb = filter_func;
2323 sdd.filter_cb_arg = cb_arg;
2324 if (debugnvp)
2325 sdd.debugnv = *debugnvp;
2326 if (sdd.verbosity != 0 && sdd.dryrun)
2327 sdd.std_out = B_TRUE;
2328 fout = sdd.std_out ? stdout : stderr;
2329
2330 /*
2331 * Some flags require that we place user holds on the datasets that are
2332 * being sent so they don't get destroyed during the send. We can skip
2333 * this step if the pool is imported read-only since the datasets cannot
2334 * be destroyed.
2335 */
2336 if (!flags->dryrun && !zpool_get_prop_int(zfs_get_pool_handle(zhp),
2337 ZPOOL_PROP_READONLY, NULL) &&
2338 zfs_spa_version(zhp, &spa_version) == 0 &&
2339 spa_version >= SPA_VERSION_USERREFS &&
2340 (flags->doall || flags->replicate)) {
2341 ++holdseq;
2342 (void) snprintf(sdd.holdtag, sizeof (sdd.holdtag),
2343 ".send-%d-%llu", getpid(), (u_longlong_t)holdseq);
2344 sdd.cleanup_fd = open(ZFS_DEV, O_RDWR | O_CLOEXEC);
2345 if (sdd.cleanup_fd < 0) {
2346 err = errno;
2347 goto stderr_out;
2348 }
2349 sdd.snapholds = fnvlist_alloc();
2350 } else {
2351 sdd.cleanup_fd = -1;
2352 sdd.snapholds = NULL;
2353 }
2354
2355 if (flags->verbosity != 0 || sdd.snapholds != NULL) {
2356 /*
2357 * Do a verbose no-op dry run to get all the verbose output
2358 * or to gather snapshot hold's before generating any data,
2359 * then do a non-verbose real run to generate the streams.
2360 */
2361 sdd.dryrun = B_TRUE;
2362 err = dump_filesystems(zhp, &sdd);
2363
2364 if (err != 0)
2365 goto stderr_out;
2366
2367 if (flags->verbosity != 0) {
2368 if (flags->parsable) {
2369 (void) fprintf(fout, "size\t%llu\n",
2370 (longlong_t)sdd.size);
2371 } else {
2372 char buf[16];
2373 zfs_nicebytes(sdd.size, buf, sizeof (buf));
2374 (void) fprintf(fout, dgettext(TEXT_DOMAIN,
2375 "total estimated size is %s\n"), buf);
2376 }
2377 }
2378
2379 /* Ensure no snaps found is treated as an error. */
2380 if (!sdd.seento) {
2381 err = ENOENT;
2382 goto err_out;
2383 }
2384
2385 /* Skip the second run if dryrun was requested. */
2386 if (flags->dryrun)
2387 goto err_out;
2388
2389 if (sdd.snapholds != NULL) {
2390 err = zfs_hold_nvl(zhp, sdd.cleanup_fd, sdd.snapholds);
2391 if (err != 0)
2392 goto stderr_out;
2393
2394 fnvlist_free(sdd.snapholds);
2395 sdd.snapholds = NULL;
2396 }
2397
2398 sdd.dryrun = B_FALSE;
2399 sdd.verbosity = 0;
2400 }
2401
2402 err = dump_filesystems(zhp, &sdd);
2403 fsavl_destroy(fsavl);
2404 fnvlist_free(fss);
2405
2406 /* Ensure no snaps found is treated as an error. */
2407 if (err == 0 && !sdd.seento)
2408 err = ENOENT;
2409
2410 if (sdd.cleanup_fd != -1) {
2411 VERIFY(0 == close(sdd.cleanup_fd));
2412 sdd.cleanup_fd = -1;
2413 }
2414
2415 if (!flags->dryrun && (flags->replicate || flags->doall ||
2416 flags->props || flags->backup || flags->holds)) {
2417 /*
2418 * write final end record. NB: want to do this even if
2419 * there was some error, because it might not be totally
2420 * failed.
2421 */
2422 int err2 = send_conclusion_record(outfd, NULL);
2423 if (err2 != 0)
2424 return (zfs_standard_error(zhp->zfs_hdl, err2, errbuf));
2425 }
2426
2427 return (err || sdd.err);
2428
2429 stderr_out:
2430 err = zfs_standard_error(zhp->zfs_hdl, err, errbuf);
2431 err_out:
2432 fsavl_destroy(fsavl);
2433 fnvlist_free(fss);
2434 fnvlist_free(sdd.snapholds);
2435
2436 if (sdd.cleanup_fd != -1)
2437 VERIFY(0 == close(sdd.cleanup_fd));
2438 return (err);
2439 }
2440
2441 struct zfs_send {
2442 zfs_handle_t *zhp;
2443 const char *fromsnap;
2444 const char *tosnap;
2445 sendflags_t *flags;
2446 snapfilter_cb_t *filter_func;
2447 void *cb_arg;
2448 nvlist_t **debugnvp;
2449 };
2450
2451 static int
2452 zfs_send_cb(int outfd, void *arg)
2453 {
2454 struct zfs_send *zs = arg;
2455 return (zfs_send_cb_impl(zs->zhp, zs->fromsnap, zs->tosnap, zs->flags,
2456 outfd, zs->filter_func, zs->cb_arg, zs->debugnvp));
2457 }
2458
2459 int
2460 zfs_send(zfs_handle_t *zhp, const char *fromsnap, const char *tosnap,
2461 sendflags_t *flags, int outfd, snapfilter_cb_t filter_func,
2462 void *cb_arg, nvlist_t **debugnvp)
2463 {
2464 struct zfs_send arg = {
2465 .zhp = zhp,
2466 .fromsnap = fromsnap,
2467 .tosnap = tosnap,
2468 .flags = flags,
2469 .filter_func = filter_func,
2470 .cb_arg = cb_arg,
2471 .debugnvp = debugnvp,
2472 };
2473 return (lzc_send_wrapper(zfs_send_cb, outfd, &arg));
2474 }
2475
2476
2477 static zfs_handle_t *
2478 name_to_dir_handle(libzfs_handle_t *hdl, const char *snapname)
2479 {
2480 char dirname[ZFS_MAX_DATASET_NAME_LEN];
2481 (void) strlcpy(dirname, snapname, ZFS_MAX_DATASET_NAME_LEN);
2482 char *c = strchr(dirname, '@');
2483 if (c != NULL)
2484 *c = '\0';
2485 return (zfs_open(hdl, dirname, ZFS_TYPE_DATASET));
2486 }
2487
2488 /*
2489 * Returns B_TRUE if earlier is an earlier snapshot in later's timeline; either
2490 * an earlier snapshot in the same filesystem, or a snapshot before later's
2491 * origin, or it's origin's origin, etc.
2492 */
2493 static boolean_t
2494 snapshot_is_before(zfs_handle_t *earlier, zfs_handle_t *later)
2495 {
2496 boolean_t ret;
2497 uint64_t later_txg =
2498 (later->zfs_type == ZFS_TYPE_FILESYSTEM ||
2499 later->zfs_type == ZFS_TYPE_VOLUME ?
2500 UINT64_MAX : zfs_prop_get_int(later, ZFS_PROP_CREATETXG));
2501 uint64_t earlier_txg = zfs_prop_get_int(earlier, ZFS_PROP_CREATETXG);
2502
2503 if (earlier_txg >= later_txg)
2504 return (B_FALSE);
2505
2506 zfs_handle_t *earlier_dir = name_to_dir_handle(earlier->zfs_hdl,
2507 earlier->zfs_name);
2508 zfs_handle_t *later_dir = name_to_dir_handle(later->zfs_hdl,
2509 later->zfs_name);
2510
2511 if (strcmp(earlier_dir->zfs_name, later_dir->zfs_name) == 0) {
2512 zfs_close(earlier_dir);
2513 zfs_close(later_dir);
2514 return (B_TRUE);
2515 }
2516
2517 char clonename[ZFS_MAX_DATASET_NAME_LEN];
2518 if (zfs_prop_get(later_dir, ZFS_PROP_ORIGIN, clonename,
2519 ZFS_MAX_DATASET_NAME_LEN, NULL, NULL, 0, B_TRUE) != 0) {
2520 zfs_close(earlier_dir);
2521 zfs_close(later_dir);
2522 return (B_FALSE);
2523 }
2524
2525 zfs_handle_t *origin = zfs_open(earlier->zfs_hdl, clonename,
2526 ZFS_TYPE_DATASET);
2527 uint64_t origin_txg = zfs_prop_get_int(origin, ZFS_PROP_CREATETXG);
2528
2529 /*
2530 * If "earlier" is exactly the origin, then
2531 * snapshot_is_before(earlier, origin) will return false (because
2532 * they're the same).
2533 */
2534 if (origin_txg == earlier_txg &&
2535 strcmp(origin->zfs_name, earlier->zfs_name) == 0) {
2536 zfs_close(earlier_dir);
2537 zfs_close(later_dir);
2538 zfs_close(origin);
2539 return (B_TRUE);
2540 }
2541 zfs_close(earlier_dir);
2542 zfs_close(later_dir);
2543
2544 ret = snapshot_is_before(earlier, origin);
2545 zfs_close(origin);
2546 return (ret);
2547 }
2548
2549 /*
2550 * The "zhp" argument is the handle of the dataset to send (typically a
2551 * snapshot). The "from" argument is the full name of the snapshot or
2552 * bookmark that is the incremental source.
2553 *
2554 * Pre-wrapped (cf. lzc_send_wrapper()).
2555 */
2556 static int
2557 zfs_send_one_cb_impl(zfs_handle_t *zhp, const char *from, int fd,
2558 sendflags_t *flags, const char *redactbook)
2559 {
2560 int err;
2561 libzfs_handle_t *hdl = zhp->zfs_hdl;
2562 char *name = zhp->zfs_name;
2563 pthread_t ptid;
2564 progress_arg_t pa = { 0 };
2565
2566 char errbuf[ERRBUFLEN];
2567 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
2568 "warning: cannot send '%s'"), name);
2569
2570 if (from != NULL && strchr(from, '@')) {
2571 zfs_handle_t *from_zhp = zfs_open(hdl, from,
2572 ZFS_TYPE_DATASET);
2573 if (from_zhp == NULL)
2574 return (-1);
2575 if (!snapshot_is_before(from_zhp, zhp)) {
2576 zfs_close(from_zhp);
2577 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2578 "not an earlier snapshot from the same fs"));
2579 return (zfs_error(hdl, EZFS_CROSSTARGET, errbuf));
2580 }
2581 zfs_close(from_zhp);
2582 }
2583
2584 if (redactbook != NULL) {
2585 char bookname[ZFS_MAX_DATASET_NAME_LEN];
2586 nvlist_t *redact_snaps;
2587 zfs_handle_t *book_zhp;
2588 char *at, *pound;
2589 int dsnamelen;
2590
2591 pound = strchr(redactbook, '#');
2592 if (pound != NULL)
2593 redactbook = pound + 1;
2594 at = strchr(name, '@');
2595 if (at == NULL) {
2596 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2597 "cannot do a redacted send to a filesystem"));
2598 return (zfs_error(hdl, EZFS_BADTYPE, errbuf));
2599 }
2600 dsnamelen = at - name;
2601 if (snprintf(bookname, sizeof (bookname), "%.*s#%s",
2602 dsnamelen, name, redactbook)
2603 >= sizeof (bookname)) {
2604 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2605 "invalid bookmark name"));
2606 return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
2607 }
2608 book_zhp = zfs_open(hdl, bookname, ZFS_TYPE_BOOKMARK);
2609 if (book_zhp == NULL)
2610 return (-1);
2611 if (nvlist_lookup_nvlist(book_zhp->zfs_props,
2612 zfs_prop_to_name(ZFS_PROP_REDACT_SNAPS),
2613 &redact_snaps) != 0 || redact_snaps == NULL) {
2614 zfs_close(book_zhp);
2615 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2616 "not a redaction bookmark"));
2617 return (zfs_error(hdl, EZFS_BADTYPE, errbuf));
2618 }
2619 zfs_close(book_zhp);
2620 }
2621
2622 /*
2623 * Send fs properties
2624 */
2625 if (flags->props || flags->holds || flags->backup) {
2626 /*
2627 * Note: the header generated by send_prelim_records()
2628 * assumes that the incremental source is in the same
2629 * filesystem/volume as the target (which is a requirement
2630 * when doing "zfs send -R"). But that isn't always the
2631 * case here (e.g. send from snap in origin, or send from
2632 * bookmark). We pass from=NULL, which will omit this
2633 * information from the prelim records; it isn't used
2634 * when receiving this type of stream.
2635 */
2636 err = send_prelim_records(zhp, NULL, fd, B_TRUE, B_FALSE,
2637 flags->verbosity > 0, flags->dryrun, flags->raw,
2638 flags->replicate, B_FALSE, flags->backup, flags->holds,
2639 flags->props, flags->doall, NULL, NULL);
2640 if (err != 0)
2641 return (err);
2642 }
2643
2644 /*
2645 * Perform size estimate if verbose was specified.
2646 */
2647 if (flags->verbosity != 0) {
2648 err = estimate_size(zhp, from, fd, flags, 0, 0, 0, redactbook,
2649 errbuf);
2650 if (err != 0)
2651 return (err);
2652 }
2653
2654 if (flags->dryrun)
2655 return (0);
2656
2657 /*
2658 * If progress reporting is requested, spawn a new thread to poll
2659 * ZFS_IOC_SEND_PROGRESS at a regular interval.
2660 */
2661 if (flags->progress) {
2662 pa.pa_zhp = zhp;
2663 pa.pa_fd = fd;
2664 pa.pa_parsable = flags->parsable;
2665 pa.pa_estimate = B_FALSE;
2666 pa.pa_verbosity = flags->verbosity;
2667
2668 err = pthread_create(&ptid, NULL,
2669 send_progress_thread, &pa);
2670 if (err != 0) {
2671 zfs_error_aux(zhp->zfs_hdl, "%s", strerror(errno));
2672 return (zfs_error(zhp->zfs_hdl,
2673 EZFS_THREADCREATEFAILED, errbuf));
2674 }
2675 }
2676
2677 err = lzc_send_redacted(name, from, fd,
2678 lzc_flags_from_sendflags(flags), redactbook);
2679
2680 if (flags->progress && send_progress_thread_exit(hdl, ptid))
2681 return (-1);
2682
2683 if (err == 0 && (flags->props || flags->holds || flags->backup)) {
2684 /* Write the final end record. */
2685 err = send_conclusion_record(fd, NULL);
2686 if (err != 0)
2687 return (zfs_standard_error(hdl, err, errbuf));
2688 }
2689 if (err != 0) {
2690 switch (errno) {
2691 case EXDEV:
2692 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2693 "not an earlier snapshot from the same fs"));
2694 return (zfs_error(hdl, EZFS_CROSSTARGET, errbuf));
2695
2696 case ENOENT:
2697 case ESRCH:
2698 if (lzc_exists(name)) {
2699 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2700 "incremental source (%s) does not exist"),
2701 from);
2702 }
2703 return (zfs_error(hdl, EZFS_NOENT, errbuf));
2704
2705 case EACCES:
2706 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2707 "dataset key must be loaded"));
2708 return (zfs_error(hdl, EZFS_CRYPTOFAILED, errbuf));
2709
2710 case EBUSY:
2711 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2712 "target is busy; if a filesystem, "
2713 "it must not be mounted"));
2714 return (zfs_error(hdl, EZFS_BUSY, errbuf));
2715
2716 case EDQUOT:
2717 case EFAULT:
2718 case EFBIG:
2719 case EINVAL:
2720 case EIO:
2721 case ENOLINK:
2722 case ENOSPC:
2723 case ENOSTR:
2724 case ENXIO:
2725 case EPIPE:
2726 case ERANGE:
2727 case EROFS:
2728 zfs_error_aux(hdl, "%s", strerror(errno));
2729 return (zfs_error(hdl, EZFS_BADBACKUP, errbuf));
2730
2731 default:
2732 return (zfs_standard_error(hdl, errno, errbuf));
2733 }
2734 }
2735 return (err != 0);
2736 }
2737
2738 struct zfs_send_one {
2739 zfs_handle_t *zhp;
2740 const char *from;
2741 sendflags_t *flags;
2742 const char *redactbook;
2743 };
2744
2745 static int
2746 zfs_send_one_cb(int fd, void *arg)
2747 {
2748 struct zfs_send_one *zso = arg;
2749 return (zfs_send_one_cb_impl(zso->zhp, zso->from, fd, zso->flags,
2750 zso->redactbook));
2751 }
2752
2753 int
2754 zfs_send_one(zfs_handle_t *zhp, const char *from, int fd, sendflags_t *flags,
2755 const char *redactbook)
2756 {
2757 struct zfs_send_one zso = {
2758 .zhp = zhp,
2759 .from = from,
2760 .flags = flags,
2761 .redactbook = redactbook,
2762 };
2763 return (lzc_send_wrapper(zfs_send_one_cb, fd, &zso));
2764 }
2765
2766 /*
2767 * Routines specific to "zfs recv"
2768 */
2769
2770 static int
2771 recv_read(libzfs_handle_t *hdl, int fd, void *buf, int ilen,
2772 boolean_t byteswap, zio_cksum_t *zc)
2773 {
2774 char *cp = buf;
2775 int rv;
2776 int len = ilen;
2777
2778 do {
2779 rv = read(fd, cp, len);
2780 cp += rv;
2781 len -= rv;
2782 } while (rv > 0);
2783
2784 if (rv < 0 || len != 0) {
2785 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2786 "failed to read from stream"));
2787 return (zfs_error(hdl, EZFS_BADSTREAM, dgettext(TEXT_DOMAIN,
2788 "cannot receive")));
2789 }
2790
2791 if (zc) {
2792 if (byteswap)
2793 fletcher_4_incremental_byteswap(buf, ilen, zc);
2794 else
2795 fletcher_4_incremental_native(buf, ilen, zc);
2796 }
2797 return (0);
2798 }
2799
2800 static int
2801 recv_read_nvlist(libzfs_handle_t *hdl, int fd, int len, nvlist_t **nvp,
2802 boolean_t byteswap, zio_cksum_t *zc)
2803 {
2804 char *buf;
2805 int err;
2806
2807 buf = zfs_alloc(hdl, len);
2808
2809 if (len > hdl->libzfs_max_nvlist) {
2810 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "nvlist too large"));
2811 free(buf);
2812 return (ENOMEM);
2813 }
2814
2815 err = recv_read(hdl, fd, buf, len, byteswap, zc);
2816 if (err != 0) {
2817 free(buf);
2818 return (err);
2819 }
2820
2821 err = nvlist_unpack(buf, len, nvp, 0);
2822 free(buf);
2823 if (err != 0) {
2824 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "invalid "
2825 "stream (malformed nvlist)"));
2826 return (EINVAL);
2827 }
2828 return (0);
2829 }
2830
2831 /*
2832 * Returns the grand origin (origin of origin of origin...) of a given handle.
2833 * If this dataset is not a clone, it simply returns a copy of the original
2834 * handle.
2835 */
2836 static zfs_handle_t *
2837 recv_open_grand_origin(zfs_handle_t *zhp)
2838 {
2839 char origin[ZFS_MAX_DATASET_NAME_LEN];
2840 zprop_source_t src;
2841 zfs_handle_t *ozhp = zfs_handle_dup(zhp);
2842
2843 while (ozhp != NULL) {
2844 if (zfs_prop_get(ozhp, ZFS_PROP_ORIGIN, origin,
2845 sizeof (origin), &src, NULL, 0, B_FALSE) != 0)
2846 break;
2847
2848 (void) zfs_close(ozhp);
2849 ozhp = zfs_open(zhp->zfs_hdl, origin, ZFS_TYPE_FILESYSTEM);
2850 }
2851
2852 return (ozhp);
2853 }
2854
2855 static int
2856 recv_rename_impl(zfs_handle_t *zhp, const char *name, const char *newname)
2857 {
2858 int err;
2859 zfs_handle_t *ozhp = NULL;
2860
2861 /*
2862 * Attempt to rename the dataset. If it fails with EACCES we have
2863 * attempted to rename the dataset outside of its encryption root.
2864 * Force the dataset to become an encryption root and try again.
2865 */
2866 err = lzc_rename(name, newname);
2867 if (err == EACCES) {
2868 ozhp = recv_open_grand_origin(zhp);
2869 if (ozhp == NULL) {
2870 err = ENOENT;
2871 goto out;
2872 }
2873
2874 err = lzc_change_key(ozhp->zfs_name, DCP_CMD_FORCE_NEW_KEY,
2875 NULL, NULL, 0);
2876 if (err != 0)
2877 goto out;
2878
2879 err = lzc_rename(name, newname);
2880 }
2881
2882 out:
2883 if (ozhp != NULL)
2884 zfs_close(ozhp);
2885 return (err);
2886 }
2887
2888 static int
2889 recv_rename(libzfs_handle_t *hdl, const char *name, const char *tryname,
2890 int baselen, char *newname, recvflags_t *flags)
2891 {
2892 static int seq;
2893 int err;
2894 prop_changelist_t *clp = NULL;
2895 zfs_handle_t *zhp = NULL;
2896
2897 zhp = zfs_open(hdl, name, ZFS_TYPE_DATASET);
2898 if (zhp == NULL) {
2899 err = -1;
2900 goto out;
2901 }
2902 clp = changelist_gather(zhp, ZFS_PROP_NAME, 0,
2903 flags->force ? MS_FORCE : 0);
2904 if (clp == NULL) {
2905 err = -1;
2906 goto out;
2907 }
2908 err = changelist_prefix(clp);
2909 if (err)
2910 goto out;
2911
2912 if (tryname) {
2913 (void) strlcpy(newname, tryname, ZFS_MAX_DATASET_NAME_LEN);
2914 if (flags->verbose) {
2915 (void) printf("attempting rename %s to %s\n",
2916 name, newname);
2917 }
2918 err = recv_rename_impl(zhp, name, newname);
2919 if (err == 0)
2920 changelist_rename(clp, name, tryname);
2921 } else {
2922 err = ENOENT;
2923 }
2924
2925 if (err != 0 && strncmp(name + baselen, "recv-", 5) != 0) {
2926 seq++;
2927
2928 (void) snprintf(newname, ZFS_MAX_DATASET_NAME_LEN,
2929 "%.*srecv-%u-%u", baselen, name, getpid(), seq);
2930
2931 if (flags->verbose) {
2932 (void) printf("failed - trying rename %s to %s\n",
2933 name, newname);
2934 }
2935 err = recv_rename_impl(zhp, name, newname);
2936 if (err == 0)
2937 changelist_rename(clp, name, newname);
2938 if (err && flags->verbose) {
2939 (void) printf("failed (%u) - "
2940 "will try again on next pass\n", errno);
2941 }
2942 err = EAGAIN;
2943 } else if (flags->verbose) {
2944 if (err == 0)
2945 (void) printf("success\n");
2946 else
2947 (void) printf("failed (%u)\n", errno);
2948 }
2949
2950 (void) changelist_postfix(clp);
2951
2952 out:
2953 if (clp != NULL)
2954 changelist_free(clp);
2955 if (zhp != NULL)
2956 zfs_close(zhp);
2957
2958 return (err);
2959 }
2960
2961 static int
2962 recv_promote(libzfs_handle_t *hdl, const char *fsname,
2963 const char *origin_fsname, recvflags_t *flags)
2964 {
2965 int err;
2966 zfs_cmd_t zc = {"\0"};
2967 zfs_handle_t *zhp = NULL, *ozhp = NULL;
2968
2969 if (flags->verbose)
2970 (void) printf("promoting %s\n", fsname);
2971
2972 (void) strlcpy(zc.zc_value, origin_fsname, sizeof (zc.zc_value));
2973 (void) strlcpy(zc.zc_name, fsname, sizeof (zc.zc_name));
2974
2975 /*
2976 * Attempt to promote the dataset. If it fails with EACCES the
2977 * promotion would cause this dataset to leave its encryption root.
2978 * Force the origin to become an encryption root and try again.
2979 */
2980 err = zfs_ioctl(hdl, ZFS_IOC_PROMOTE, &zc);
2981 if (err == EACCES) {
2982 zhp = zfs_open(hdl, fsname, ZFS_TYPE_DATASET);
2983 if (zhp == NULL) {
2984 err = -1;
2985 goto out;
2986 }
2987
2988 ozhp = recv_open_grand_origin(zhp);
2989 if (ozhp == NULL) {
2990 err = -1;
2991 goto out;
2992 }
2993
2994 err = lzc_change_key(ozhp->zfs_name, DCP_CMD_FORCE_NEW_KEY,
2995 NULL, NULL, 0);
2996 if (err != 0)
2997 goto out;
2998
2999 err = zfs_ioctl(hdl, ZFS_IOC_PROMOTE, &zc);
3000 }
3001
3002 out:
3003 if (zhp != NULL)
3004 zfs_close(zhp);
3005 if (ozhp != NULL)
3006 zfs_close(ozhp);
3007
3008 return (err);
3009 }
3010
3011 static int
3012 recv_destroy(libzfs_handle_t *hdl, const char *name, int baselen,
3013 char *newname, recvflags_t *flags)
3014 {
3015 int err = 0;
3016 prop_changelist_t *clp;
3017 zfs_handle_t *zhp;
3018 boolean_t defer = B_FALSE;
3019 int spa_version;
3020
3021 zhp = zfs_open(hdl, name, ZFS_TYPE_DATASET);
3022 if (zhp == NULL)
3023 return (-1);
3024 zfs_type_t type = zfs_get_type(zhp);
3025 if (type == ZFS_TYPE_SNAPSHOT &&
3026 zfs_spa_version(zhp, &spa_version) == 0 &&
3027 spa_version >= SPA_VERSION_USERREFS)
3028 defer = B_TRUE;
3029 clp = changelist_gather(zhp, ZFS_PROP_NAME, 0,
3030 flags->force ? MS_FORCE : 0);
3031 zfs_close(zhp);
3032 if (clp == NULL)
3033 return (-1);
3034
3035 err = changelist_prefix(clp);
3036 if (err)
3037 return (err);
3038
3039 if (flags->verbose)
3040 (void) printf("attempting destroy %s\n", name);
3041 if (type == ZFS_TYPE_SNAPSHOT) {
3042 nvlist_t *nv = fnvlist_alloc();
3043 fnvlist_add_boolean(nv, name);
3044 err = lzc_destroy_snaps(nv, defer, NULL);
3045 fnvlist_free(nv);
3046 } else {
3047 err = lzc_destroy(name);
3048 }
3049 if (err == 0) {
3050 if (flags->verbose)
3051 (void) printf("success\n");
3052 changelist_remove(clp, name);
3053 }
3054
3055 (void) changelist_postfix(clp);
3056 changelist_free(clp);
3057
3058 /*
3059 * Deferred destroy might destroy the snapshot or only mark it to be
3060 * destroyed later, and it returns success in either case.
3061 */
3062 if (err != 0 || (defer && zfs_dataset_exists(hdl, name,
3063 ZFS_TYPE_SNAPSHOT))) {
3064 err = recv_rename(hdl, name, NULL, baselen, newname, flags);
3065 }
3066
3067 return (err);
3068 }
3069
3070 typedef struct guid_to_name_data {
3071 uint64_t guid;
3072 boolean_t bookmark_ok;
3073 char *name;
3074 char *skip;
3075 uint64_t *redact_snap_guids;
3076 uint64_t num_redact_snaps;
3077 } guid_to_name_data_t;
3078
3079 static boolean_t
3080 redact_snaps_match(zfs_handle_t *zhp, guid_to_name_data_t *gtnd)
3081 {
3082 uint64_t *bmark_snaps;
3083 uint_t bmark_num_snaps;
3084 nvlist_t *nvl;
3085 if (zhp->zfs_type != ZFS_TYPE_BOOKMARK)
3086 return (B_FALSE);
3087
3088 nvl = fnvlist_lookup_nvlist(zhp->zfs_props,
3089 zfs_prop_to_name(ZFS_PROP_REDACT_SNAPS));
3090 bmark_snaps = fnvlist_lookup_uint64_array(nvl, ZPROP_VALUE,
3091 &bmark_num_snaps);
3092 if (bmark_num_snaps != gtnd->num_redact_snaps)
3093 return (B_FALSE);
3094 int i = 0;
3095 for (; i < bmark_num_snaps; i++) {
3096 int j = 0;
3097 for (; j < bmark_num_snaps; j++) {
3098 if (bmark_snaps[i] == gtnd->redact_snap_guids[j])
3099 break;
3100 }
3101 if (j == bmark_num_snaps)
3102 break;
3103 }
3104 return (i == bmark_num_snaps);
3105 }
3106
3107 static int
3108 guid_to_name_cb(zfs_handle_t *zhp, void *arg)
3109 {
3110 guid_to_name_data_t *gtnd = arg;
3111 const char *slash;
3112 int err;
3113
3114 if (gtnd->skip != NULL &&
3115 (slash = strrchr(zhp->zfs_name, '/')) != NULL &&
3116 strcmp(slash + 1, gtnd->skip) == 0) {
3117 zfs_close(zhp);
3118 return (0);
3119 }
3120
3121 if (zfs_prop_get_int(zhp, ZFS_PROP_GUID) == gtnd->guid &&
3122 (gtnd->num_redact_snaps == -1 || redact_snaps_match(zhp, gtnd))) {
3123 (void) strcpy(gtnd->name, zhp->zfs_name);
3124 zfs_close(zhp);
3125 return (EEXIST);
3126 }
3127
3128 err = zfs_iter_children(zhp, 0, guid_to_name_cb, gtnd);
3129 if (err != EEXIST && gtnd->bookmark_ok)
3130 err = zfs_iter_bookmarks(zhp, 0, guid_to_name_cb, gtnd);
3131 zfs_close(zhp);
3132 return (err);
3133 }
3134
3135 /*
3136 * Attempt to find the local dataset associated with this guid. In the case of
3137 * multiple matches, we attempt to find the "best" match by searching
3138 * progressively larger portions of the hierarchy. This allows one to send a
3139 * tree of datasets individually and guarantee that we will find the source
3140 * guid within that hierarchy, even if there are multiple matches elsewhere.
3141 *
3142 * If num_redact_snaps is not -1, we attempt to find a redaction bookmark with
3143 * the specified number of redaction snapshots. If num_redact_snaps isn't 0 or
3144 * -1, then redact_snap_guids will be an array of the guids of the snapshots the
3145 * redaction bookmark was created with. If num_redact_snaps is -1, then we will
3146 * attempt to find a snapshot or bookmark (if bookmark_ok is passed) with the
3147 * given guid. Note that a redaction bookmark can be returned if
3148 * num_redact_snaps == -1.
3149 */
3150 static int
3151 guid_to_name_redact_snaps(libzfs_handle_t *hdl, const char *parent,
3152 uint64_t guid, boolean_t bookmark_ok, uint64_t *redact_snap_guids,
3153 uint64_t num_redact_snaps, char *name)
3154 {
3155 char pname[ZFS_MAX_DATASET_NAME_LEN];
3156 guid_to_name_data_t gtnd;
3157
3158 gtnd.guid = guid;
3159 gtnd.bookmark_ok = bookmark_ok;
3160 gtnd.name = name;
3161 gtnd.skip = NULL;
3162 gtnd.redact_snap_guids = redact_snap_guids;
3163 gtnd.num_redact_snaps = num_redact_snaps;
3164
3165 /*
3166 * Search progressively larger portions of the hierarchy, starting
3167 * with the filesystem specified by 'parent'. This will
3168 * select the "most local" version of the origin snapshot in the case
3169 * that there are multiple matching snapshots in the system.
3170 */
3171 (void) strlcpy(pname, parent, sizeof (pname));
3172 char *cp = strrchr(pname, '@');
3173 if (cp == NULL)
3174 cp = strchr(pname, '\0');
3175 for (; cp != NULL; cp = strrchr(pname, '/')) {
3176 /* Chop off the last component and open the parent */
3177 *cp = '\0';
3178 zfs_handle_t *zhp = make_dataset_handle(hdl, pname);
3179
3180 if (zhp == NULL)
3181 continue;
3182 int err = guid_to_name_cb(zfs_handle_dup(zhp), &gtnd);
3183 if (err != EEXIST)
3184 err = zfs_iter_children(zhp, 0, guid_to_name_cb, &gtnd);
3185 if (err != EEXIST && bookmark_ok)
3186 err = zfs_iter_bookmarks(zhp, 0, guid_to_name_cb,
3187 &gtnd);
3188 zfs_close(zhp);
3189 if (err == EEXIST)
3190 return (0);
3191
3192 /*
3193 * Remember the last portion of the dataset so we skip it next
3194 * time through (as we've already searched that portion of the
3195 * hierarchy).
3196 */
3197 gtnd.skip = strrchr(pname, '/') + 1;
3198 }
3199
3200 return (ENOENT);
3201 }
3202
3203 static int
3204 guid_to_name(libzfs_handle_t *hdl, const char *parent, uint64_t guid,
3205 boolean_t bookmark_ok, char *name)
3206 {
3207 return (guid_to_name_redact_snaps(hdl, parent, guid, bookmark_ok, NULL,
3208 -1, name));
3209 }
3210
3211 /*
3212 * Return +1 if guid1 is before guid2, 0 if they are the same, and -1 if
3213 * guid1 is after guid2.
3214 */
3215 static int
3216 created_before(libzfs_handle_t *hdl, avl_tree_t *avl,
3217 uint64_t guid1, uint64_t guid2)
3218 {
3219 nvlist_t *nvfs;
3220 char *fsname = NULL, *snapname = NULL;
3221 char buf[ZFS_MAX_DATASET_NAME_LEN];
3222 int rv;
3223 zfs_handle_t *guid1hdl, *guid2hdl;
3224 uint64_t create1, create2;
3225
3226 if (guid2 == 0)
3227 return (0);
3228 if (guid1 == 0)
3229 return (1);
3230
3231 nvfs = fsavl_find(avl, guid1, &snapname);
3232 fsname = fnvlist_lookup_string(nvfs, "name");
3233 (void) snprintf(buf, sizeof (buf), "%s@%s", fsname, snapname);
3234 guid1hdl = zfs_open(hdl, buf, ZFS_TYPE_SNAPSHOT);
3235 if (guid1hdl == NULL)
3236 return (-1);
3237
3238 nvfs = fsavl_find(avl, guid2, &snapname);
3239 fsname = fnvlist_lookup_string(nvfs, "name");
3240 (void) snprintf(buf, sizeof (buf), "%s@%s", fsname, snapname);
3241 guid2hdl = zfs_open(hdl, buf, ZFS_TYPE_SNAPSHOT);
3242 if (guid2hdl == NULL) {
3243 zfs_close(guid1hdl);
3244 return (-1);
3245 }
3246
3247 create1 = zfs_prop_get_int(guid1hdl, ZFS_PROP_CREATETXG);
3248 create2 = zfs_prop_get_int(guid2hdl, ZFS_PROP_CREATETXG);
3249
3250 if (create1 < create2)
3251 rv = -1;
3252 else if (create1 > create2)
3253 rv = +1;
3254 else
3255 rv = 0;
3256
3257 zfs_close(guid1hdl);
3258 zfs_close(guid2hdl);
3259
3260 return (rv);
3261 }
3262
3263 /*
3264 * This function reestablishes the hierarchy of encryption roots after a
3265 * recursive incremental receive has completed. This must be done after the
3266 * second call to recv_incremental_replication() has renamed and promoted all
3267 * sent datasets to their final locations in the dataset hierarchy.
3268 */
3269 static int
3270 recv_fix_encryption_hierarchy(libzfs_handle_t *hdl, const char *top_zfs,
3271 nvlist_t *stream_nv)
3272 {
3273 int err;
3274 nvpair_t *fselem = NULL;
3275 nvlist_t *stream_fss;
3276
3277 stream_fss = fnvlist_lookup_nvlist(stream_nv, "fss");
3278
3279 while ((fselem = nvlist_next_nvpair(stream_fss, fselem)) != NULL) {
3280 zfs_handle_t *zhp = NULL;
3281 uint64_t crypt;
3282 nvlist_t *snaps, *props, *stream_nvfs = NULL;
3283 nvpair_t *snapel = NULL;
3284 boolean_t is_encroot, is_clone, stream_encroot;
3285 char *cp;
3286 char *stream_keylocation = NULL;
3287 char keylocation[MAXNAMELEN];
3288 char fsname[ZFS_MAX_DATASET_NAME_LEN];
3289
3290 keylocation[0] = '\0';
3291 stream_nvfs = fnvpair_value_nvlist(fselem);
3292 snaps = fnvlist_lookup_nvlist(stream_nvfs, "snaps");
3293 props = fnvlist_lookup_nvlist(stream_nvfs, "props");
3294 stream_encroot = nvlist_exists(stream_nvfs, "is_encroot");
3295
3296 /* find a snapshot from the stream that exists locally */
3297 err = ENOENT;
3298 while ((snapel = nvlist_next_nvpair(snaps, snapel)) != NULL) {
3299 uint64_t guid;
3300
3301 guid = fnvpair_value_uint64(snapel);
3302 err = guid_to_name(hdl, top_zfs, guid, B_FALSE,
3303 fsname);
3304 if (err == 0)
3305 break;
3306 }
3307
3308 if (err != 0)
3309 continue;
3310
3311 cp = strchr(fsname, '@');
3312 if (cp != NULL)
3313 *cp = '\0';
3314
3315 zhp = zfs_open(hdl, fsname, ZFS_TYPE_DATASET);
3316 if (zhp == NULL) {
3317 err = ENOENT;
3318 goto error;
3319 }
3320
3321 crypt = zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION);
3322 is_clone = zhp->zfs_dmustats.dds_origin[0] != '\0';
3323 (void) zfs_crypto_get_encryption_root(zhp, &is_encroot, NULL);
3324
3325 /* we don't need to do anything for unencrypted datasets */
3326 if (crypt == ZIO_CRYPT_OFF) {
3327 zfs_close(zhp);
3328 continue;
3329 }
3330
3331 /*
3332 * If the dataset is flagged as an encryption root, was not
3333 * received as a clone and is not currently an encryption root,
3334 * force it to become one. Fixup the keylocation if necessary.
3335 */
3336 if (stream_encroot) {
3337 if (!is_clone && !is_encroot) {
3338 err = lzc_change_key(fsname,
3339 DCP_CMD_FORCE_NEW_KEY, NULL, NULL, 0);
3340 if (err != 0) {
3341 zfs_close(zhp);
3342 goto error;
3343 }
3344 }
3345
3346 stream_keylocation = fnvlist_lookup_string(props,
3347 zfs_prop_to_name(ZFS_PROP_KEYLOCATION));
3348
3349 /*
3350 * Refresh the properties in case the call to
3351 * lzc_change_key() changed the value.
3352 */
3353 zfs_refresh_properties(zhp);
3354 err = zfs_prop_get(zhp, ZFS_PROP_KEYLOCATION,
3355 keylocation, sizeof (keylocation), NULL, NULL,
3356 0, B_TRUE);
3357 if (err != 0) {
3358 zfs_close(zhp);
3359 goto error;
3360 }
3361
3362 if (strcmp(keylocation, stream_keylocation) != 0) {
3363 err = zfs_prop_set(zhp,
3364 zfs_prop_to_name(ZFS_PROP_KEYLOCATION),
3365 stream_keylocation);
3366 if (err != 0) {
3367 zfs_close(zhp);
3368 goto error;
3369 }
3370 }
3371 }
3372
3373 /*
3374 * If the dataset is not flagged as an encryption root and is
3375 * currently an encryption root, force it to inherit from its
3376 * parent. The root of a raw send should never be
3377 * force-inherited.
3378 */
3379 if (!stream_encroot && is_encroot &&
3380 strcmp(top_zfs, fsname) != 0) {
3381 err = lzc_change_key(fsname, DCP_CMD_FORCE_INHERIT,
3382 NULL, NULL, 0);
3383 if (err != 0) {
3384 zfs_close(zhp);
3385 goto error;
3386 }
3387 }
3388
3389 zfs_close(zhp);
3390 }
3391
3392 return (0);
3393
3394 error:
3395 return (err);
3396 }
3397
3398 static int
3399 recv_incremental_replication(libzfs_handle_t *hdl, const char *tofs,
3400 recvflags_t *flags, nvlist_t *stream_nv, avl_tree_t *stream_avl,
3401 nvlist_t *renamed)
3402 {
3403 nvlist_t *local_nv, *deleted = NULL;
3404 avl_tree_t *local_avl;
3405 nvpair_t *fselem, *nextfselem;
3406 char *fromsnap;
3407 char newname[ZFS_MAX_DATASET_NAME_LEN];
3408 char guidname[32];
3409 int error;
3410 boolean_t needagain, progress, recursive;
3411 char *s1, *s2;
3412
3413 fromsnap = fnvlist_lookup_string(stream_nv, "fromsnap");
3414
3415 recursive = (nvlist_lookup_boolean(stream_nv, "not_recursive") ==
3416 ENOENT);
3417
3418 if (flags->dryrun)
3419 return (0);
3420
3421 again:
3422 needagain = progress = B_FALSE;
3423
3424 deleted = fnvlist_alloc();
3425
3426 if ((error = gather_nvlist(hdl, tofs, fromsnap, NULL,
3427 recursive, B_TRUE, B_FALSE, recursive, B_FALSE, B_FALSE, B_FALSE,
3428 B_FALSE, B_TRUE, &local_nv, &local_avl)) != 0)
3429 return (error);
3430
3431 /*
3432 * Process deletes and renames
3433 */
3434 for (fselem = nvlist_next_nvpair(local_nv, NULL);
3435 fselem; fselem = nextfselem) {
3436 nvlist_t *nvfs, *snaps;
3437 nvlist_t *stream_nvfs = NULL;
3438 nvpair_t *snapelem, *nextsnapelem;
3439 uint64_t fromguid = 0;
3440 uint64_t originguid = 0;
3441 uint64_t stream_originguid = 0;
3442 uint64_t parent_fromsnap_guid, stream_parent_fromsnap_guid;
3443 char *fsname, *stream_fsname;
3444
3445 nextfselem = nvlist_next_nvpair(local_nv, fselem);
3446
3447 nvfs = fnvpair_value_nvlist(fselem);
3448 snaps = fnvlist_lookup_nvlist(nvfs, "snaps");
3449 fsname = fnvlist_lookup_string(nvfs, "name");
3450 parent_fromsnap_guid = fnvlist_lookup_uint64(nvfs,
3451 "parentfromsnap");
3452 (void) nvlist_lookup_uint64(nvfs, "origin", &originguid);
3453
3454 /*
3455 * First find the stream's fs, so we can check for
3456 * a different origin (due to "zfs promote")
3457 */
3458 for (snapelem = nvlist_next_nvpair(snaps, NULL);
3459 snapelem; snapelem = nvlist_next_nvpair(snaps, snapelem)) {
3460 uint64_t thisguid;
3461
3462 thisguid = fnvpair_value_uint64(snapelem);
3463 stream_nvfs = fsavl_find(stream_avl, thisguid, NULL);
3464
3465 if (stream_nvfs != NULL)
3466 break;
3467 }
3468
3469 /* check for promote */
3470 (void) nvlist_lookup_uint64(stream_nvfs, "origin",
3471 &stream_originguid);
3472 if (stream_nvfs && originguid != stream_originguid) {
3473 switch (created_before(hdl, local_avl,
3474 stream_originguid, originguid)) {
3475 case 1: {
3476 /* promote it! */
3477 nvlist_t *origin_nvfs;
3478 char *origin_fsname;
3479
3480 origin_nvfs = fsavl_find(local_avl, originguid,
3481 NULL);
3482 origin_fsname = fnvlist_lookup_string(
3483 origin_nvfs, "name");
3484 error = recv_promote(hdl, fsname, origin_fsname,
3485 flags);
3486 if (error == 0)
3487 progress = B_TRUE;
3488 break;
3489 }
3490 default:
3491 break;
3492 case -1:
3493 fsavl_destroy(local_avl);
3494 fnvlist_free(local_nv);
3495 return (-1);
3496 }
3497 /*
3498 * We had/have the wrong origin, therefore our
3499 * list of snapshots is wrong. Need to handle
3500 * them on the next pass.
3501 */
3502 needagain = B_TRUE;
3503 continue;
3504 }
3505
3506 for (snapelem = nvlist_next_nvpair(snaps, NULL);
3507 snapelem; snapelem = nextsnapelem) {
3508 uint64_t thisguid;
3509 char *stream_snapname;
3510 nvlist_t *found, *props;
3511
3512 nextsnapelem = nvlist_next_nvpair(snaps, snapelem);
3513
3514 thisguid = fnvpair_value_uint64(snapelem);
3515 found = fsavl_find(stream_avl, thisguid,
3516 &stream_snapname);
3517
3518 /* check for delete */
3519 if (found == NULL) {
3520 char name[ZFS_MAX_DATASET_NAME_LEN];
3521
3522 if (!flags->force)
3523 continue;
3524
3525 (void) snprintf(name, sizeof (name), "%s@%s",
3526 fsname, nvpair_name(snapelem));
3527
3528 error = recv_destroy(hdl, name,
3529 strlen(fsname)+1, newname, flags);
3530 if (error)
3531 needagain = B_TRUE;
3532 else
3533 progress = B_TRUE;
3534 sprintf(guidname, "%llu",
3535 (u_longlong_t)thisguid);
3536 nvlist_add_boolean(deleted, guidname);
3537 continue;
3538 }
3539
3540 stream_nvfs = found;
3541
3542 if (0 == nvlist_lookup_nvlist(stream_nvfs, "snapprops",
3543 &props) && 0 == nvlist_lookup_nvlist(props,
3544 stream_snapname, &props)) {
3545 zfs_cmd_t zc = {"\0"};
3546
3547 zc.zc_cookie = B_TRUE; /* received */
3548 (void) snprintf(zc.zc_name, sizeof (zc.zc_name),
3549 "%s@%s", fsname, nvpair_name(snapelem));
3550 zcmd_write_src_nvlist(hdl, &zc, props);
3551 (void) zfs_ioctl(hdl,
3552 ZFS_IOC_SET_PROP, &zc);
3553 zcmd_free_nvlists(&zc);
3554 }
3555
3556 /* check for different snapname */
3557 if (strcmp(nvpair_name(snapelem),
3558 stream_snapname) != 0) {
3559 char name[ZFS_MAX_DATASET_NAME_LEN];
3560 char tryname[ZFS_MAX_DATASET_NAME_LEN];
3561
3562 (void) snprintf(name, sizeof (name), "%s@%s",
3563 fsname, nvpair_name(snapelem));
3564 (void) snprintf(tryname, sizeof (name), "%s@%s",
3565 fsname, stream_snapname);
3566
3567 error = recv_rename(hdl, name, tryname,
3568 strlen(fsname)+1, newname, flags);
3569 if (error)
3570 needagain = B_TRUE;
3571 else
3572 progress = B_TRUE;
3573 }
3574
3575 if (strcmp(stream_snapname, fromsnap) == 0)
3576 fromguid = thisguid;
3577 }
3578
3579 /* check for delete */
3580 if (stream_nvfs == NULL) {
3581 if (!flags->force)
3582 continue;
3583
3584 error = recv_destroy(hdl, fsname, strlen(tofs)+1,
3585 newname, flags);
3586 if (error)
3587 needagain = B_TRUE;
3588 else
3589 progress = B_TRUE;
3590 sprintf(guidname, "%llu",
3591 (u_longlong_t)parent_fromsnap_guid);
3592 nvlist_add_boolean(deleted, guidname);
3593 continue;
3594 }
3595
3596 if (fromguid == 0) {
3597 if (flags->verbose) {
3598 (void) printf("local fs %s does not have "
3599 "fromsnap (%s in stream); must have "
3600 "been deleted locally; ignoring\n",
3601 fsname, fromsnap);
3602 }
3603 continue;
3604 }
3605
3606 stream_fsname = fnvlist_lookup_string(stream_nvfs, "name");
3607 stream_parent_fromsnap_guid = fnvlist_lookup_uint64(
3608 stream_nvfs, "parentfromsnap");
3609
3610 s1 = strrchr(fsname, '/');
3611 s2 = strrchr(stream_fsname, '/');
3612
3613 /*
3614 * Check if we're going to rename based on parent guid change
3615 * and the current parent guid was also deleted. If it was then
3616 * rename will fail and is likely unneeded, so avoid this and
3617 * force an early retry to determine the new
3618 * parent_fromsnap_guid.
3619 */
3620 if (stream_parent_fromsnap_guid != 0 &&
3621 parent_fromsnap_guid != 0 &&
3622 stream_parent_fromsnap_guid != parent_fromsnap_guid) {
3623 sprintf(guidname, "%llu",
3624 (u_longlong_t)parent_fromsnap_guid);
3625 if (nvlist_exists(deleted, guidname)) {
3626 progress = B_TRUE;
3627 needagain = B_TRUE;
3628 goto doagain;
3629 }
3630 }
3631
3632 /*
3633 * Check for rename. If the exact receive path is specified, it
3634 * does not count as a rename, but we still need to check the
3635 * datasets beneath it.
3636 */
3637 if ((stream_parent_fromsnap_guid != 0 &&
3638 parent_fromsnap_guid != 0 &&
3639 stream_parent_fromsnap_guid != parent_fromsnap_guid) ||
3640 ((flags->isprefix || strcmp(tofs, fsname) != 0) &&
3641 (s1 != NULL) && (s2 != NULL) && strcmp(s1, s2) != 0)) {
3642 nvlist_t *parent;
3643 char tryname[ZFS_MAX_DATASET_NAME_LEN];
3644
3645 parent = fsavl_find(local_avl,
3646 stream_parent_fromsnap_guid, NULL);
3647 /*
3648 * NB: parent might not be found if we used the
3649 * tosnap for stream_parent_fromsnap_guid,
3650 * because the parent is a newly-created fs;
3651 * we'll be able to rename it after we recv the
3652 * new fs.
3653 */
3654 if (parent != NULL) {
3655 char *pname;
3656
3657 pname = fnvlist_lookup_string(parent, "name");
3658 (void) snprintf(tryname, sizeof (tryname),
3659 "%s%s", pname, strrchr(stream_fsname, '/'));
3660 } else {
3661 tryname[0] = '\0';
3662 if (flags->verbose) {
3663 (void) printf("local fs %s new parent "
3664 "not found\n", fsname);
3665 }
3666 }
3667
3668 newname[0] = '\0';
3669
3670 error = recv_rename(hdl, fsname, tryname,
3671 strlen(tofs)+1, newname, flags);
3672
3673 if (renamed != NULL && newname[0] != '\0') {
3674 fnvlist_add_boolean(renamed, newname);
3675 }
3676
3677 if (error)
3678 needagain = B_TRUE;
3679 else
3680 progress = B_TRUE;
3681 }
3682 }
3683
3684 doagain:
3685 fsavl_destroy(local_avl);
3686 fnvlist_free(local_nv);
3687 fnvlist_free(deleted);
3688
3689 if (needagain && progress) {
3690 /* do another pass to fix up temporary names */
3691 if (flags->verbose)
3692 (void) printf("another pass:\n");
3693 goto again;
3694 }
3695
3696 return (needagain || error != 0);
3697 }
3698
3699 static int
3700 zfs_receive_package(libzfs_handle_t *hdl, int fd, const char *destname,
3701 recvflags_t *flags, dmu_replay_record_t *drr, zio_cksum_t *zc,
3702 char **top_zfs, nvlist_t *cmdprops)
3703 {
3704 nvlist_t *stream_nv = NULL;
3705 avl_tree_t *stream_avl = NULL;
3706 char *fromsnap = NULL;
3707 char *sendsnap = NULL;
3708 char *cp;
3709 char tofs[ZFS_MAX_DATASET_NAME_LEN];
3710 char sendfs[ZFS_MAX_DATASET_NAME_LEN];
3711 char errbuf[ERRBUFLEN];
3712 dmu_replay_record_t drre;
3713 int error;
3714 boolean_t anyerr = B_FALSE;
3715 boolean_t softerr = B_FALSE;
3716 boolean_t recursive, raw;
3717
3718 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3719 "cannot receive"));
3720
3721 assert(drr->drr_type == DRR_BEGIN);
3722 assert(drr->drr_u.drr_begin.drr_magic == DMU_BACKUP_MAGIC);
3723 assert(DMU_GET_STREAM_HDRTYPE(drr->drr_u.drr_begin.drr_versioninfo) ==
3724 DMU_COMPOUNDSTREAM);
3725
3726 /*
3727 * Read in the nvlist from the stream.
3728 */
3729 if (drr->drr_payloadlen != 0) {
3730 error = recv_read_nvlist(hdl, fd, drr->drr_payloadlen,
3731 &stream_nv, flags->byteswap, zc);
3732 if (error) {
3733 error = zfs_error(hdl, EZFS_BADSTREAM, errbuf);
3734 goto out;
3735 }
3736 }
3737
3738 recursive = (nvlist_lookup_boolean(stream_nv, "not_recursive") ==
3739 ENOENT);
3740 raw = (nvlist_lookup_boolean(stream_nv, "raw") == 0);
3741
3742 if (recursive && strchr(destname, '@')) {
3743 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3744 "cannot specify snapshot name for multi-snapshot stream"));
3745 error = zfs_error(hdl, EZFS_BADSTREAM, errbuf);
3746 goto out;
3747 }
3748
3749 /*
3750 * Read in the end record and verify checksum.
3751 */
3752 if (0 != (error = recv_read(hdl, fd, &drre, sizeof (drre),
3753 flags->byteswap, NULL)))
3754 goto out;
3755 if (flags->byteswap) {
3756 drre.drr_type = BSWAP_32(drre.drr_type);
3757 drre.drr_u.drr_end.drr_checksum.zc_word[0] =
3758 BSWAP_64(drre.drr_u.drr_end.drr_checksum.zc_word[0]);
3759 drre.drr_u.drr_end.drr_checksum.zc_word[1] =
3760 BSWAP_64(drre.drr_u.drr_end.drr_checksum.zc_word[1]);
3761 drre.drr_u.drr_end.drr_checksum.zc_word[2] =
3762 BSWAP_64(drre.drr_u.drr_end.drr_checksum.zc_word[2]);
3763 drre.drr_u.drr_end.drr_checksum.zc_word[3] =
3764 BSWAP_64(drre.drr_u.drr_end.drr_checksum.zc_word[3]);
3765 }
3766 if (drre.drr_type != DRR_END) {
3767 error = zfs_error(hdl, EZFS_BADSTREAM, errbuf);
3768 goto out;
3769 }
3770 if (!ZIO_CHECKSUM_EQUAL(drre.drr_u.drr_end.drr_checksum, *zc)) {
3771 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3772 "incorrect header checksum"));
3773 error = zfs_error(hdl, EZFS_BADSTREAM, errbuf);
3774 goto out;
3775 }
3776
3777 (void) nvlist_lookup_string(stream_nv, "fromsnap", &fromsnap);
3778
3779 if (drr->drr_payloadlen != 0) {
3780 nvlist_t *stream_fss;
3781
3782 stream_fss = fnvlist_lookup_nvlist(stream_nv, "fss");
3783 if ((stream_avl = fsavl_create(stream_fss)) == NULL) {
3784 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3785 "couldn't allocate avl tree"));
3786 error = zfs_error(hdl, EZFS_NOMEM, errbuf);
3787 goto out;
3788 }
3789
3790 if (fromsnap != NULL && recursive) {
3791 nvlist_t *renamed = NULL;
3792 nvpair_t *pair = NULL;
3793
3794 (void) strlcpy(tofs, destname, sizeof (tofs));
3795 if (flags->isprefix) {
3796 struct drr_begin *drrb = &drr->drr_u.drr_begin;
3797 int i;
3798
3799 if (flags->istail) {
3800 cp = strrchr(drrb->drr_toname, '/');
3801 if (cp == NULL) {
3802 (void) strlcat(tofs, "/",
3803 sizeof (tofs));
3804 i = 0;
3805 } else {
3806 i = (cp - drrb->drr_toname);
3807 }
3808 } else {
3809 i = strcspn(drrb->drr_toname, "/@");
3810 }
3811 /* zfs_receive_one() will create_parents() */
3812 (void) strlcat(tofs, &drrb->drr_toname[i],
3813 sizeof (tofs));
3814 *strchr(tofs, '@') = '\0';
3815 }
3816
3817 if (!flags->dryrun && !flags->nomount) {
3818 renamed = fnvlist_alloc();
3819 }
3820
3821 softerr = recv_incremental_replication(hdl, tofs, flags,
3822 stream_nv, stream_avl, renamed);
3823
3824 /* Unmount renamed filesystems before receiving. */
3825 while ((pair = nvlist_next_nvpair(renamed,
3826 pair)) != NULL) {
3827 zfs_handle_t *zhp;
3828 prop_changelist_t *clp = NULL;
3829
3830 zhp = zfs_open(hdl, nvpair_name(pair),
3831 ZFS_TYPE_FILESYSTEM);
3832 if (zhp != NULL) {
3833 clp = changelist_gather(zhp,
3834 ZFS_PROP_MOUNTPOINT, 0,
3835 flags->forceunmount ? MS_FORCE : 0);
3836 zfs_close(zhp);
3837 if (clp != NULL) {
3838 softerr |=
3839 changelist_prefix(clp);
3840 changelist_free(clp);
3841 }
3842 }
3843 }
3844
3845 fnvlist_free(renamed);
3846 }
3847 }
3848
3849 /*
3850 * Get the fs specified by the first path in the stream (the top level
3851 * specified by 'zfs send') and pass it to each invocation of
3852 * zfs_receive_one().
3853 */
3854 (void) strlcpy(sendfs, drr->drr_u.drr_begin.drr_toname,
3855 sizeof (sendfs));
3856 if ((cp = strchr(sendfs, '@')) != NULL) {
3857 *cp = '\0';
3858 /*
3859 * Find the "sendsnap", the final snapshot in a replication
3860 * stream. zfs_receive_one() handles certain errors
3861 * differently, depending on if the contained stream is the
3862 * last one or not.
3863 */
3864 sendsnap = (cp + 1);
3865 }
3866
3867 /* Finally, receive each contained stream */
3868 do {
3869 /*
3870 * we should figure out if it has a recoverable
3871 * error, in which case do a recv_skip() and drive on.
3872 * Note, if we fail due to already having this guid,
3873 * zfs_receive_one() will take care of it (ie,
3874 * recv_skip() and return 0).
3875 */
3876 error = zfs_receive_impl(hdl, destname, NULL, flags, fd,
3877 sendfs, stream_nv, stream_avl, top_zfs, sendsnap, cmdprops);
3878 if (error == ENODATA) {
3879 error = 0;
3880 break;
3881 }
3882 anyerr |= error;
3883 } while (error == 0);
3884
3885 if (drr->drr_payloadlen != 0 && recursive && fromsnap != NULL) {
3886 /*
3887 * Now that we have the fs's they sent us, try the
3888 * renames again.
3889 */
3890 softerr = recv_incremental_replication(hdl, tofs, flags,
3891 stream_nv, stream_avl, NULL);
3892 }
3893
3894 if (raw && softerr == 0 && *top_zfs != NULL) {
3895 softerr = recv_fix_encryption_hierarchy(hdl, *top_zfs,
3896 stream_nv);
3897 }
3898
3899 out:
3900 fsavl_destroy(stream_avl);
3901 fnvlist_free(stream_nv);
3902 if (softerr)
3903 error = -2;
3904 if (anyerr)
3905 error = -1;
3906 return (error);
3907 }
3908
3909 static void
3910 trunc_prop_errs(int truncated)
3911 {
3912 ASSERT(truncated != 0);
3913
3914 if (truncated == 1)
3915 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
3916 "1 more property could not be set\n"));
3917 else
3918 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
3919 "%d more properties could not be set\n"), truncated);
3920 }
3921
3922 static int
3923 recv_skip(libzfs_handle_t *hdl, int fd, boolean_t byteswap)
3924 {
3925 dmu_replay_record_t *drr;
3926 void *buf = zfs_alloc(hdl, SPA_MAXBLOCKSIZE);
3927 uint64_t payload_size;
3928 char errbuf[ERRBUFLEN];
3929
3930 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3931 "cannot receive"));
3932
3933 /* XXX would be great to use lseek if possible... */
3934 drr = buf;
3935
3936 while (recv_read(hdl, fd, drr, sizeof (dmu_replay_record_t),
3937 byteswap, NULL) == 0) {
3938 if (byteswap)
3939 drr->drr_type = BSWAP_32(drr->drr_type);
3940
3941 switch (drr->drr_type) {
3942 case DRR_BEGIN:
3943 if (drr->drr_payloadlen != 0) {
3944 (void) recv_read(hdl, fd, buf,
3945 drr->drr_payloadlen, B_FALSE, NULL);
3946 }
3947 break;
3948
3949 case DRR_END:
3950 free(buf);
3951 return (0);
3952
3953 case DRR_OBJECT:
3954 if (byteswap) {
3955 drr->drr_u.drr_object.drr_bonuslen =
3956 BSWAP_32(drr->drr_u.drr_object.
3957 drr_bonuslen);
3958 drr->drr_u.drr_object.drr_raw_bonuslen =
3959 BSWAP_32(drr->drr_u.drr_object.
3960 drr_raw_bonuslen);
3961 }
3962
3963 payload_size =
3964 DRR_OBJECT_PAYLOAD_SIZE(&drr->drr_u.drr_object);
3965 (void) recv_read(hdl, fd, buf, payload_size,
3966 B_FALSE, NULL);
3967 break;
3968
3969 case DRR_WRITE:
3970 if (byteswap) {
3971 drr->drr_u.drr_write.drr_logical_size =
3972 BSWAP_64(
3973 drr->drr_u.drr_write.drr_logical_size);
3974 drr->drr_u.drr_write.drr_compressed_size =
3975 BSWAP_64(
3976 drr->drr_u.drr_write.drr_compressed_size);
3977 }
3978 payload_size =
3979 DRR_WRITE_PAYLOAD_SIZE(&drr->drr_u.drr_write);
3980 assert(payload_size <= SPA_MAXBLOCKSIZE);
3981 (void) recv_read(hdl, fd, buf,
3982 payload_size, B_FALSE, NULL);
3983 break;
3984 case DRR_SPILL:
3985 if (byteswap) {
3986 drr->drr_u.drr_spill.drr_length =
3987 BSWAP_64(drr->drr_u.drr_spill.drr_length);
3988 drr->drr_u.drr_spill.drr_compressed_size =
3989 BSWAP_64(drr->drr_u.drr_spill.
3990 drr_compressed_size);
3991 }
3992
3993 payload_size =
3994 DRR_SPILL_PAYLOAD_SIZE(&drr->drr_u.drr_spill);
3995 (void) recv_read(hdl, fd, buf, payload_size,
3996 B_FALSE, NULL);
3997 break;
3998 case DRR_WRITE_EMBEDDED:
3999 if (byteswap) {
4000 drr->drr_u.drr_write_embedded.drr_psize =
4001 BSWAP_32(drr->drr_u.drr_write_embedded.
4002 drr_psize);
4003 }
4004 (void) recv_read(hdl, fd, buf,
4005 P2ROUNDUP(drr->drr_u.drr_write_embedded.drr_psize,
4006 8), B_FALSE, NULL);
4007 break;
4008 case DRR_OBJECT_RANGE:
4009 case DRR_WRITE_BYREF:
4010 case DRR_FREEOBJECTS:
4011 case DRR_FREE:
4012 break;
4013
4014 default:
4015 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4016 "invalid record type"));
4017 free(buf);
4018 return (zfs_error(hdl, EZFS_BADSTREAM, errbuf));
4019 }
4020 }
4021
4022 free(buf);
4023 return (-1);
4024 }
4025
4026 static void
4027 recv_ecksum_set_aux(libzfs_handle_t *hdl, const char *target_snap,
4028 boolean_t resumable, boolean_t checksum)
4029 {
4030 char target_fs[ZFS_MAX_DATASET_NAME_LEN];
4031
4032 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, (checksum ?
4033 "checksum mismatch" : "incomplete stream")));
4034
4035 if (!resumable)
4036 return;
4037 (void) strlcpy(target_fs, target_snap, sizeof (target_fs));
4038 *strchr(target_fs, '@') = '\0';
4039 zfs_handle_t *zhp = zfs_open(hdl, target_fs,
4040 ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME);
4041 if (zhp == NULL)
4042 return;
4043
4044 char token_buf[ZFS_MAXPROPLEN];
4045 int error = zfs_prop_get(zhp, ZFS_PROP_RECEIVE_RESUME_TOKEN,
4046 token_buf, sizeof (token_buf),
4047 NULL, NULL, 0, B_TRUE);
4048 if (error == 0) {
4049 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4050 "checksum mismatch or incomplete stream.\n"
4051 "Partially received snapshot is saved.\n"
4052 "A resuming stream can be generated on the sending "
4053 "system by running:\n"
4054 " zfs send -t %s"),
4055 token_buf);
4056 }
4057 zfs_close(zhp);
4058 }
4059
4060 /*
4061 * Prepare a new nvlist of properties that are to override (-o) or be excluded
4062 * (-x) from the received dataset
4063 * recvprops: received properties from the send stream
4064 * cmdprops: raw input properties from command line
4065 * origprops: properties, both locally-set and received, currently set on the
4066 * target dataset if it exists, NULL otherwise.
4067 * oxprops: valid output override (-o) and excluded (-x) properties
4068 */
4069 static int
4070 zfs_setup_cmdline_props(libzfs_handle_t *hdl, zfs_type_t type,
4071 char *fsname, boolean_t zoned, boolean_t recursive, boolean_t newfs,
4072 boolean_t raw, boolean_t toplevel, nvlist_t *recvprops, nvlist_t *cmdprops,
4073 nvlist_t *origprops, nvlist_t **oxprops, uint8_t **wkeydata_out,
4074 uint_t *wkeylen_out, const char *errbuf)
4075 {
4076 nvpair_t *nvp;
4077 nvlist_t *oprops, *voprops;
4078 zfs_handle_t *zhp = NULL;
4079 zpool_handle_t *zpool_hdl = NULL;
4080 char *cp;
4081 int ret = 0;
4082 char namebuf[ZFS_MAX_DATASET_NAME_LEN];
4083
4084 if (nvlist_empty(cmdprops))
4085 return (0); /* No properties to override or exclude */
4086
4087 *oxprops = fnvlist_alloc();
4088 oprops = fnvlist_alloc();
4089
4090 strlcpy(namebuf, fsname, ZFS_MAX_DATASET_NAME_LEN);
4091
4092 /*
4093 * Get our dataset handle. The target dataset may not exist yet.
4094 */
4095 if (zfs_dataset_exists(hdl, namebuf, ZFS_TYPE_DATASET)) {
4096 zhp = zfs_open(hdl, namebuf, ZFS_TYPE_DATASET);
4097 if (zhp == NULL) {
4098 ret = -1;
4099 goto error;
4100 }
4101 }
4102
4103 /* open the zpool handle */
4104 cp = strchr(namebuf, '/');
4105 if (cp != NULL)
4106 *cp = '\0';
4107 zpool_hdl = zpool_open(hdl, namebuf);
4108 if (zpool_hdl == NULL) {
4109 ret = -1;
4110 goto error;
4111 }
4112
4113 /* restore namebuf to match fsname for later use */
4114 if (cp != NULL)
4115 *cp = '/';
4116
4117 /*
4118 * first iteration: process excluded (-x) properties now and gather
4119 * added (-o) properties to be later processed by zfs_valid_proplist()
4120 */
4121 nvp = NULL;
4122 while ((nvp = nvlist_next_nvpair(cmdprops, nvp)) != NULL) {
4123 const char *name = nvpair_name(nvp);
4124 zfs_prop_t prop = zfs_name_to_prop(name);
4125
4126 /*
4127 * It turns out, if we don't normalize "aliased" names
4128 * e.g. compress= against the "real" names (e.g. compression)
4129 * here, then setting/excluding them does not work as
4130 * intended.
4131 *
4132 * But since user-defined properties wouldn't have a valid
4133 * mapping here, we do this conditional dance.
4134 */
4135 const char *newname = name;
4136 if (prop >= ZFS_PROP_TYPE)
4137 newname = zfs_prop_to_name(prop);
4138
4139 /* "origin" is processed separately, don't handle it here */
4140 if (prop == ZFS_PROP_ORIGIN)
4141 continue;
4142
4143 /* raw streams can't override encryption properties */
4144 if ((zfs_prop_encryption_key_param(prop) ||
4145 prop == ZFS_PROP_ENCRYPTION) && raw) {
4146 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4147 "encryption property '%s' cannot "
4148 "be set or excluded for raw streams."), name);
4149 ret = zfs_error(hdl, EZFS_BADPROP, errbuf);
4150 goto error;
4151 }
4152
4153 /*
4154 * For plain replicated send, we can ignore encryption
4155 * properties other than first stream
4156 */
4157 if ((zfs_prop_encryption_key_param(prop) || prop ==
4158 ZFS_PROP_ENCRYPTION) && !newfs && recursive && !raw) {
4159 continue;
4160 }
4161
4162 /* incremental streams can only exclude encryption properties */
4163 if ((zfs_prop_encryption_key_param(prop) ||
4164 prop == ZFS_PROP_ENCRYPTION) && !newfs &&
4165 nvpair_type(nvp) != DATA_TYPE_BOOLEAN) {
4166 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4167 "encryption property '%s' cannot "
4168 "be set for incremental streams."), name);
4169 ret = zfs_error(hdl, EZFS_BADPROP, errbuf);
4170 goto error;
4171 }
4172
4173 switch (nvpair_type(nvp)) {
4174 case DATA_TYPE_BOOLEAN: /* -x property */
4175 /*
4176 * DATA_TYPE_BOOLEAN is the way we're asked to "exclude"
4177 * a property: this is done by forcing an explicit
4178 * inherit on the destination so the effective value is
4179 * not the one we received from the send stream.
4180 */
4181 if (!zfs_prop_valid_for_type(prop, type, B_FALSE) &&
4182 !zfs_prop_user(name)) {
4183 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
4184 "Warning: %s: property '%s' does not "
4185 "apply to datasets of this type\n"),
4186 fsname, name);
4187 continue;
4188 }
4189 /*
4190 * We do this only if the property is not already
4191 * locally-set, in which case its value will take
4192 * priority over the received anyway.
4193 */
4194 if (nvlist_exists(origprops, newname)) {
4195 nvlist_t *attrs;
4196 char *source = NULL;
4197
4198 attrs = fnvlist_lookup_nvlist(origprops,
4199 newname);
4200 if (nvlist_lookup_string(attrs,
4201 ZPROP_SOURCE, &source) == 0 &&
4202 strcmp(source, ZPROP_SOURCE_VAL_RECVD) != 0)
4203 continue;
4204 }
4205 /*
4206 * We can't force an explicit inherit on non-inheritable
4207 * properties: if we're asked to exclude this kind of
4208 * values we remove them from "recvprops" input nvlist.
4209 */
4210 if (!zfs_prop_user(name) && /* can be inherited too */
4211 !zfs_prop_inheritable(prop) &&
4212 nvlist_exists(recvprops, newname))
4213 fnvlist_remove(recvprops, newname);
4214 else
4215 fnvlist_add_boolean(*oxprops, newname);
4216 break;
4217 case DATA_TYPE_STRING: /* -o property=value */
4218 /*
4219 * we're trying to override a property that does not
4220 * make sense for this type of dataset, but we don't
4221 * want to fail if the receive is recursive: this comes
4222 * in handy when the send stream contains, for
4223 * instance, a child ZVOL and we're trying to receive
4224 * it with "-o atime=on"
4225 */
4226 if (!zfs_prop_valid_for_type(prop, type, B_FALSE) &&
4227 !zfs_prop_user(name)) {
4228 if (recursive)
4229 continue;
4230 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4231 "property '%s' does not apply to datasets "
4232 "of this type"), name);
4233 ret = zfs_error(hdl, EZFS_BADPROP, errbuf);
4234 goto error;
4235 }
4236 fnvlist_add_string(oprops, newname,
4237 fnvpair_value_string(nvp));
4238 break;
4239 default:
4240 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4241 "property '%s' must be a string or boolean"), name);
4242 ret = zfs_error(hdl, EZFS_BADPROP, errbuf);
4243 goto error;
4244 }
4245 }
4246
4247 if (toplevel) {
4248 /* convert override strings properties to native */
4249 if ((voprops = zfs_valid_proplist(hdl, ZFS_TYPE_DATASET,
4250 oprops, zoned, zhp, zpool_hdl, B_FALSE, errbuf)) == NULL) {
4251 ret = zfs_error(hdl, EZFS_BADPROP, errbuf);
4252 goto error;
4253 }
4254
4255 /*
4256 * zfs_crypto_create() requires the parent name. Get it
4257 * by truncating the fsname copy stored in namebuf.
4258 */
4259 cp = strrchr(namebuf, '/');
4260 if (cp != NULL)
4261 *cp = '\0';
4262
4263 if (!raw && !(!newfs && recursive) &&
4264 zfs_crypto_create(hdl, namebuf, voprops, NULL,
4265 B_FALSE, wkeydata_out, wkeylen_out) != 0) {
4266 fnvlist_free(voprops);
4267 ret = zfs_error(hdl, EZFS_CRYPTOFAILED, errbuf);
4268 goto error;
4269 }
4270
4271 /* second pass: process "-o" properties */
4272 fnvlist_merge(*oxprops, voprops);
4273 fnvlist_free(voprops);
4274 } else {
4275 /* override props on child dataset are inherited */
4276 nvp = NULL;
4277 while ((nvp = nvlist_next_nvpair(oprops, nvp)) != NULL) {
4278 const char *name = nvpair_name(nvp);
4279 fnvlist_add_boolean(*oxprops, name);
4280 }
4281 }
4282
4283 error:
4284 if (zhp != NULL)
4285 zfs_close(zhp);
4286 if (zpool_hdl != NULL)
4287 zpool_close(zpool_hdl);
4288 fnvlist_free(oprops);
4289 return (ret);
4290 }
4291
4292 /*
4293 * Restores a backup of tosnap from the file descriptor specified by infd.
4294 */
4295 static int
4296 zfs_receive_one(libzfs_handle_t *hdl, int infd, const char *tosnap,
4297 const char *originsnap, recvflags_t *flags, dmu_replay_record_t *drr,
4298 dmu_replay_record_t *drr_noswap, const char *sendfs, nvlist_t *stream_nv,
4299 avl_tree_t *stream_avl, char **top_zfs,
4300 const char *finalsnap, nvlist_t *cmdprops)
4301 {
4302 struct timespec begin_time;
4303 int ioctl_err, ioctl_errno, err;
4304 char *cp;
4305 struct drr_begin *drrb = &drr->drr_u.drr_begin;
4306 char errbuf[ERRBUFLEN];
4307 const char *chopprefix;
4308 boolean_t newfs = B_FALSE;
4309 boolean_t stream_wantsnewfs, stream_resumingnewfs;
4310 boolean_t newprops = B_FALSE;
4311 uint64_t read_bytes = 0;
4312 uint64_t errflags = 0;
4313 uint64_t parent_snapguid = 0;
4314 prop_changelist_t *clp = NULL;
4315 nvlist_t *snapprops_nvlist = NULL;
4316 nvlist_t *snapholds_nvlist = NULL;
4317 zprop_errflags_t prop_errflags;
4318 nvlist_t *prop_errors = NULL;
4319 boolean_t recursive;
4320 char *snapname = NULL;
4321 char destsnap[MAXPATHLEN * 2];
4322 char origin[MAXNAMELEN] = {0};
4323 char name[MAXPATHLEN];
4324 char tmp_keylocation[MAXNAMELEN] = {0};
4325 nvlist_t *rcvprops = NULL; /* props received from the send stream */
4326 nvlist_t *oxprops = NULL; /* override (-o) and exclude (-x) props */
4327 nvlist_t *origprops = NULL; /* original props (if destination exists) */
4328 zfs_type_t type = ZFS_TYPE_INVALID;
4329 boolean_t toplevel = B_FALSE;
4330 boolean_t zoned = B_FALSE;
4331 boolean_t hastoken = B_FALSE;
4332 boolean_t redacted;
4333 uint8_t *wkeydata = NULL;
4334 uint_t wkeylen = 0;
4335
4336 #ifndef CLOCK_MONOTONIC_RAW
4337 #define CLOCK_MONOTONIC_RAW CLOCK_MONOTONIC
4338 #endif
4339 clock_gettime(CLOCK_MONOTONIC_RAW, &begin_time);
4340
4341 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
4342 "cannot receive"));
4343
4344 recursive = (nvlist_lookup_boolean(stream_nv, "not_recursive") ==
4345 ENOENT);
4346
4347 /* Did the user request holds be skipped via zfs recv -k? */
4348 boolean_t holds = flags->holds && !flags->skipholds;
4349
4350 if (stream_avl != NULL) {
4351 char *keylocation = NULL;
4352 nvlist_t *lookup = NULL;
4353 nvlist_t *fs = fsavl_find(stream_avl, drrb->drr_toguid,
4354 &snapname);
4355
4356 (void) nvlist_lookup_uint64(fs, "parentfromsnap",
4357 &parent_snapguid);
4358 err = nvlist_lookup_nvlist(fs, "props", &rcvprops);
4359 if (err) {
4360 rcvprops = fnvlist_alloc();
4361 newprops = B_TRUE;
4362 }
4363
4364 /*
4365 * The keylocation property may only be set on encryption roots,
4366 * but this dataset might not become an encryption root until
4367 * recv_fix_encryption_hierarchy() is called. That function
4368 * will fixup the keylocation anyway, so we temporarily unset
4369 * the keylocation for now to avoid any errors from the receive
4370 * ioctl.
4371 */
4372 err = nvlist_lookup_string(rcvprops,
4373 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &keylocation);
4374 if (err == 0) {
4375 strlcpy(tmp_keylocation, keylocation, MAXNAMELEN);
4376 (void) nvlist_remove_all(rcvprops,
4377 zfs_prop_to_name(ZFS_PROP_KEYLOCATION));
4378 }
4379
4380 if (flags->canmountoff) {
4381 fnvlist_add_uint64(rcvprops,
4382 zfs_prop_to_name(ZFS_PROP_CANMOUNT), 0);
4383 } else if (newprops) { /* nothing in rcvprops, eliminate it */
4384 fnvlist_free(rcvprops);
4385 rcvprops = NULL;
4386 newprops = B_FALSE;
4387 }
4388 if (0 == nvlist_lookup_nvlist(fs, "snapprops", &lookup)) {
4389 snapprops_nvlist = fnvlist_lookup_nvlist(lookup,
4390 snapname);
4391 }
4392 if (holds) {
4393 if (0 == nvlist_lookup_nvlist(fs, "snapholds",
4394 &lookup)) {
4395 snapholds_nvlist = fnvlist_lookup_nvlist(
4396 lookup, snapname);
4397 }
4398 }
4399 }
4400
4401 cp = NULL;
4402
4403 /*
4404 * Determine how much of the snapshot name stored in the stream
4405 * we are going to tack on to the name they specified on the
4406 * command line, and how much we are going to chop off.
4407 *
4408 * If they specified a snapshot, chop the entire name stored in
4409 * the stream.
4410 */
4411 if (flags->istail) {
4412 /*
4413 * A filesystem was specified with -e. We want to tack on only
4414 * the tail of the sent snapshot path.
4415 */
4416 if (strchr(tosnap, '@')) {
4417 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "invalid "
4418 "argument - snapshot not allowed with -e"));
4419 err = zfs_error(hdl, EZFS_INVALIDNAME, errbuf);
4420 goto out;
4421 }
4422
4423 chopprefix = strrchr(sendfs, '/');
4424
4425 if (chopprefix == NULL) {
4426 /*
4427 * The tail is the poolname, so we need to
4428 * prepend a path separator.
4429 */
4430 int len = strlen(drrb->drr_toname);
4431 cp = umem_alloc(len + 2, UMEM_NOFAIL);
4432 cp[0] = '/';
4433 (void) strcpy(&cp[1], drrb->drr_toname);
4434 chopprefix = cp;
4435 } else {
4436 chopprefix = drrb->drr_toname + (chopprefix - sendfs);
4437 }
4438 } else if (flags->isprefix) {
4439 /*
4440 * A filesystem was specified with -d. We want to tack on
4441 * everything but the first element of the sent snapshot path
4442 * (all but the pool name).
4443 */
4444 if (strchr(tosnap, '@')) {
4445 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "invalid "
4446 "argument - snapshot not allowed with -d"));
4447 err = zfs_error(hdl, EZFS_INVALIDNAME, errbuf);
4448 goto out;
4449 }
4450
4451 chopprefix = strchr(drrb->drr_toname, '/');
4452 if (chopprefix == NULL)
4453 chopprefix = strchr(drrb->drr_toname, '@');
4454 } else if (strchr(tosnap, '@') == NULL) {
4455 /*
4456 * If a filesystem was specified without -d or -e, we want to
4457 * tack on everything after the fs specified by 'zfs send'.
4458 */
4459 chopprefix = drrb->drr_toname + strlen(sendfs);
4460 } else {
4461 /* A snapshot was specified as an exact path (no -d or -e). */
4462 if (recursive) {
4463 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4464 "cannot specify snapshot name for multi-snapshot "
4465 "stream"));
4466 err = zfs_error(hdl, EZFS_BADSTREAM, errbuf);
4467 goto out;
4468 }
4469 chopprefix = drrb->drr_toname + strlen(drrb->drr_toname);
4470 }
4471
4472 ASSERT(strstr(drrb->drr_toname, sendfs) == drrb->drr_toname);
4473 ASSERT(chopprefix > drrb->drr_toname || strchr(sendfs, '/') == NULL);
4474 ASSERT(chopprefix <= drrb->drr_toname + strlen(drrb->drr_toname) ||
4475 strchr(sendfs, '/') == NULL);
4476 ASSERT(chopprefix[0] == '/' || chopprefix[0] == '@' ||
4477 chopprefix[0] == '\0');
4478
4479 /*
4480 * Determine name of destination snapshot.
4481 */
4482 (void) strlcpy(destsnap, tosnap, sizeof (destsnap));
4483 (void) strlcat(destsnap, chopprefix, sizeof (destsnap));
4484 if (cp != NULL)
4485 umem_free(cp, strlen(cp) + 1);
4486 if (!zfs_name_valid(destsnap, ZFS_TYPE_SNAPSHOT)) {
4487 err = zfs_error(hdl, EZFS_INVALIDNAME, errbuf);
4488 goto out;
4489 }
4490
4491 /*
4492 * Determine the name of the origin snapshot.
4493 */
4494 if (originsnap) {
4495 (void) strlcpy(origin, originsnap, sizeof (origin));
4496 if (flags->verbose)
4497 (void) printf("using provided clone origin %s\n",
4498 origin);
4499 } else if (drrb->drr_flags & DRR_FLAG_CLONE) {
4500 if (guid_to_name(hdl, destsnap,
4501 drrb->drr_fromguid, B_FALSE, origin) != 0) {
4502 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4503 "local origin for clone %s does not exist"),
4504 destsnap);
4505 err = zfs_error(hdl, EZFS_NOENT, errbuf);
4506 goto out;
4507 }
4508 if (flags->verbose)
4509 (void) printf("found clone origin %s\n", origin);
4510 }
4511
4512 if ((DMU_GET_FEATUREFLAGS(drrb->drr_versioninfo) &
4513 DMU_BACKUP_FEATURE_DEDUP)) {
4514 (void) fprintf(stderr,
4515 gettext("ERROR: \"zfs receive\" no longer supports "
4516 "deduplicated send streams. Use\n"
4517 "the \"zstream redup\" command to convert this stream "
4518 "to a regular,\n"
4519 "non-deduplicated stream.\n"));
4520 err = zfs_error(hdl, EZFS_NOTSUP, errbuf);
4521 goto out;
4522 }
4523
4524 boolean_t resuming = DMU_GET_FEATUREFLAGS(drrb->drr_versioninfo) &
4525 DMU_BACKUP_FEATURE_RESUMING;
4526 boolean_t raw = DMU_GET_FEATUREFLAGS(drrb->drr_versioninfo) &
4527 DMU_BACKUP_FEATURE_RAW;
4528 boolean_t embedded = DMU_GET_FEATUREFLAGS(drrb->drr_versioninfo) &
4529 DMU_BACKUP_FEATURE_EMBED_DATA;
4530 stream_wantsnewfs = (drrb->drr_fromguid == 0 ||
4531 (drrb->drr_flags & DRR_FLAG_CLONE) || originsnap) && !resuming;
4532 stream_resumingnewfs = (drrb->drr_fromguid == 0 ||
4533 (drrb->drr_flags & DRR_FLAG_CLONE) || originsnap) && resuming;
4534
4535 if (stream_wantsnewfs) {
4536 /*
4537 * if the parent fs does not exist, look for it based on
4538 * the parent snap GUID
4539 */
4540 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
4541 "cannot receive new filesystem stream"));
4542
4543 (void) strlcpy(name, destsnap, sizeof (name));
4544 cp = strrchr(name, '/');
4545 if (cp)
4546 *cp = '\0';
4547 if (cp &&
4548 !zfs_dataset_exists(hdl, name, ZFS_TYPE_DATASET)) {
4549 char suffix[ZFS_MAX_DATASET_NAME_LEN];
4550 (void) strlcpy(suffix, strrchr(destsnap, '/'),
4551 sizeof (suffix));
4552 if (guid_to_name(hdl, name, parent_snapguid,
4553 B_FALSE, destsnap) == 0) {
4554 *strchr(destsnap, '@') = '\0';
4555 (void) strlcat(destsnap, suffix,
4556 sizeof (destsnap) - strlen(destsnap));
4557 }
4558 }
4559 } else {
4560 /*
4561 * If the fs does not exist, look for it based on the
4562 * fromsnap GUID.
4563 */
4564 if (resuming) {
4565 (void) snprintf(errbuf, sizeof (errbuf),
4566 dgettext(TEXT_DOMAIN,
4567 "cannot receive resume stream"));
4568 } else {
4569 (void) snprintf(errbuf, sizeof (errbuf),
4570 dgettext(TEXT_DOMAIN,
4571 "cannot receive incremental stream"));
4572 }
4573
4574 (void) strlcpy(name, destsnap, sizeof (name));
4575 *strchr(name, '@') = '\0';
4576
4577 /*
4578 * If the exact receive path was specified and this is the
4579 * topmost path in the stream, then if the fs does not exist we
4580 * should look no further.
4581 */
4582 if ((flags->isprefix || (*(chopprefix = drrb->drr_toname +
4583 strlen(sendfs)) != '\0' && *chopprefix != '@')) &&
4584 !zfs_dataset_exists(hdl, name, ZFS_TYPE_DATASET)) {
4585 char snap[ZFS_MAX_DATASET_NAME_LEN];
4586 (void) strlcpy(snap, strchr(destsnap, '@'),
4587 sizeof (snap));
4588 if (guid_to_name(hdl, name, drrb->drr_fromguid,
4589 B_FALSE, destsnap) == 0) {
4590 *strchr(destsnap, '@') = '\0';
4591 (void) strlcat(destsnap, snap,
4592 sizeof (destsnap) - strlen(destsnap));
4593 }
4594 }
4595 }
4596
4597 (void) strlcpy(name, destsnap, sizeof (name));
4598 *strchr(name, '@') = '\0';
4599
4600 redacted = DMU_GET_FEATUREFLAGS(drrb->drr_versioninfo) &
4601 DMU_BACKUP_FEATURE_REDACTED;
4602
4603 if (flags->heal) {
4604 if (flags->isprefix || flags->istail || flags->force ||
4605 flags->canmountoff || flags->resumable || flags->nomount ||
4606 flags->skipholds) {
4607 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4608 "corrective recv can not be used when combined with"
4609 " this flag"));
4610 err = zfs_error(hdl, EZFS_INVALIDNAME, errbuf);
4611 goto out;
4612 }
4613 uint64_t guid =
4614 get_snap_guid(hdl, name, strchr(destsnap, '@') + 1);
4615 if (guid == 0) {
4616 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4617 "corrective recv must specify an existing snapshot"
4618 " to heal"));
4619 err = zfs_error(hdl, EZFS_INVALIDNAME, errbuf);
4620 goto out;
4621 } else if (guid != drrb->drr_toguid) {
4622 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4623 "local snapshot doesn't match the snapshot"
4624 " in the provided stream"));
4625 err = zfs_error(hdl, EZFS_WRONG_PARENT, errbuf);
4626 goto out;
4627 }
4628 } else if (zfs_dataset_exists(hdl, name, ZFS_TYPE_DATASET)) {
4629 zfs_cmd_t zc = {"\0"};
4630 zfs_handle_t *zhp = NULL;
4631 boolean_t encrypted;
4632
4633 (void) strcpy(zc.zc_name, name);
4634
4635 /*
4636 * Destination fs exists. It must be one of these cases:
4637 * - an incremental send stream
4638 * - the stream specifies a new fs (full stream or clone)
4639 * and they want us to blow away the existing fs (and
4640 * have therefore specified -F and removed any snapshots)
4641 * - we are resuming a failed receive.
4642 */
4643 if (stream_wantsnewfs) {
4644 boolean_t is_volume = drrb->drr_type == DMU_OST_ZVOL;
4645 if (!flags->force) {
4646 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4647 "destination '%s' exists\n"
4648 "must specify -F to overwrite it"), name);
4649 err = zfs_error(hdl, EZFS_EXISTS, errbuf);
4650 goto out;
4651 }
4652 if (zfs_ioctl(hdl, ZFS_IOC_SNAPSHOT_LIST_NEXT,
4653 &zc) == 0) {
4654 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4655 "destination has snapshots (eg. %s)\n"
4656 "must destroy them to overwrite it"),
4657 zc.zc_name);
4658 err = zfs_error(hdl, EZFS_EXISTS, errbuf);
4659 goto out;
4660 }
4661 if (is_volume && strrchr(name, '/') == NULL) {
4662 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4663 "destination %s is the root dataset\n"
4664 "cannot overwrite with a ZVOL"),
4665 name);
4666 err = zfs_error(hdl, EZFS_EXISTS, errbuf);
4667 goto out;
4668 }
4669 if (is_volume &&
4670 zfs_ioctl(hdl, ZFS_IOC_DATASET_LIST_NEXT,
4671 &zc) == 0) {
4672 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4673 "destination has children (eg. %s)\n"
4674 "cannot overwrite with a ZVOL"),
4675 zc.zc_name);
4676 err = zfs_error(hdl, EZFS_WRONG_PARENT, errbuf);
4677 goto out;
4678 }
4679 }
4680
4681 if ((zhp = zfs_open(hdl, name,
4682 ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME)) == NULL) {
4683 err = -1;
4684 goto out;
4685 }
4686
4687 /*
4688 * When receiving full/newfs on existing dataset, then it
4689 * should be done with "-F" flag. Its enforced for initial
4690 * receive in previous checks in this function.
4691 * Similarly, on resuming full/newfs recv on existing dataset,
4692 * it should be done with "-F" flag.
4693 *
4694 * When dataset doesn't exist, then full/newfs recv is done on
4695 * newly created dataset and it's marked INCONSISTENT. But
4696 * When receiving on existing dataset, recv is first done on
4697 * %recv and its marked INCONSISTENT. Existing dataset is not
4698 * marked INCONSISTENT.
4699 * Resume of full/newfs receive with dataset not INCONSISTENT
4700 * indicates that its resuming newfs on existing dataset. So,
4701 * enforce "-F" flag in this case.
4702 */
4703 if (stream_resumingnewfs &&
4704 !zfs_prop_get_int(zhp, ZFS_PROP_INCONSISTENT) &&
4705 !flags->force) {
4706 zfs_close(zhp);
4707 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4708 "Resuming recv on existing destination '%s'\n"
4709 "must specify -F to overwrite it"), name);
4710 err = zfs_error(hdl, EZFS_RESUME_EXISTS, errbuf);
4711 goto out;
4712 }
4713
4714 if (stream_wantsnewfs &&
4715 zhp->zfs_dmustats.dds_origin[0]) {
4716 zfs_close(zhp);
4717 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4718 "destination '%s' is a clone\n"
4719 "must destroy it to overwrite it"), name);
4720 err = zfs_error(hdl, EZFS_EXISTS, errbuf);
4721 goto out;
4722 }
4723
4724 /*
4725 * Raw sends can not be performed as an incremental on top
4726 * of existing unencrypted datasets. zfs recv -F can't be
4727 * used to blow away an existing encrypted filesystem. This
4728 * is because it would require the dsl dir to point to the
4729 * new key (or lack of a key) and the old key at the same
4730 * time. The -F flag may still be used for deleting
4731 * intermediate snapshots that would otherwise prevent the
4732 * receive from working.
4733 */
4734 encrypted = zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION) !=
4735 ZIO_CRYPT_OFF;
4736 if (!stream_wantsnewfs && !encrypted && raw) {
4737 zfs_close(zhp);
4738 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4739 "cannot perform raw receive on top of "
4740 "existing unencrypted dataset"));
4741 err = zfs_error(hdl, EZFS_BADRESTORE, errbuf);
4742 goto out;
4743 }
4744
4745 if (stream_wantsnewfs && flags->force &&
4746 ((raw && !encrypted) || encrypted)) {
4747 zfs_close(zhp);
4748 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4749 "zfs receive -F cannot be used to destroy an "
4750 "encrypted filesystem or overwrite an "
4751 "unencrypted one with an encrypted one"));
4752 err = zfs_error(hdl, EZFS_BADRESTORE, errbuf);
4753 goto out;
4754 }
4755
4756 if (!flags->dryrun && zhp->zfs_type == ZFS_TYPE_FILESYSTEM &&
4757 (stream_wantsnewfs || stream_resumingnewfs)) {
4758 /* We can't do online recv in this case */
4759 clp = changelist_gather(zhp, ZFS_PROP_NAME, 0,
4760 flags->forceunmount ? MS_FORCE : 0);
4761 if (clp == NULL) {
4762 zfs_close(zhp);
4763 err = -1;
4764 goto out;
4765 }
4766 if (changelist_prefix(clp) != 0) {
4767 changelist_free(clp);
4768 zfs_close(zhp);
4769 err = -1;
4770 goto out;
4771 }
4772 }
4773
4774 /*
4775 * If we are resuming a newfs, set newfs here so that we will
4776 * mount it if the recv succeeds this time. We can tell
4777 * that it was a newfs on the first recv because the fs
4778 * itself will be inconsistent (if the fs existed when we
4779 * did the first recv, we would have received it into
4780 * .../%recv).
4781 */
4782 if (resuming && zfs_prop_get_int(zhp, ZFS_PROP_INCONSISTENT))
4783 newfs = B_TRUE;
4784
4785 /* we want to know if we're zoned when validating -o|-x props */
4786 zoned = zfs_prop_get_int(zhp, ZFS_PROP_ZONED);
4787
4788 /* may need this info later, get it now we have zhp around */
4789 if (zfs_prop_get(zhp, ZFS_PROP_RECEIVE_RESUME_TOKEN, NULL, 0,
4790 NULL, NULL, 0, B_TRUE) == 0)
4791 hastoken = B_TRUE;
4792
4793 /* gather existing properties on destination */
4794 origprops = fnvlist_alloc();
4795 fnvlist_merge(origprops, zhp->zfs_props);
4796 fnvlist_merge(origprops, zhp->zfs_user_props);
4797
4798 zfs_close(zhp);
4799 } else {
4800 zfs_handle_t *zhp;
4801
4802 /*
4803 * Destination filesystem does not exist. Therefore we better
4804 * be creating a new filesystem (either from a full backup, or
4805 * a clone). It would therefore be invalid if the user
4806 * specified only the pool name (i.e. if the destination name
4807 * contained no slash character).
4808 */
4809 cp = strrchr(name, '/');
4810
4811 if (!stream_wantsnewfs || cp == NULL) {
4812 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4813 "destination '%s' does not exist"), name);
4814 err = zfs_error(hdl, EZFS_NOENT, errbuf);
4815 goto out;
4816 }
4817
4818 /*
4819 * Trim off the final dataset component so we perform the
4820 * recvbackup ioctl to the filesystems's parent.
4821 */
4822 *cp = '\0';
4823
4824 if (flags->isprefix && !flags->istail && !flags->dryrun &&
4825 create_parents(hdl, destsnap, strlen(tosnap)) != 0) {
4826 err = zfs_error(hdl, EZFS_BADRESTORE, errbuf);
4827 goto out;
4828 }
4829
4830 /* validate parent */
4831 zhp = zfs_open(hdl, name, ZFS_TYPE_DATASET);
4832 if (zhp == NULL) {
4833 err = zfs_error(hdl, EZFS_BADRESTORE, errbuf);
4834 goto out;
4835 }
4836 if (zfs_get_type(zhp) != ZFS_TYPE_FILESYSTEM) {
4837 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4838 "parent '%s' is not a filesystem"), name);
4839 err = zfs_error(hdl, EZFS_WRONG_PARENT, errbuf);
4840 zfs_close(zhp);
4841 goto out;
4842 }
4843
4844 zfs_close(zhp);
4845
4846 newfs = B_TRUE;
4847 *cp = '/';
4848 }
4849
4850 if (flags->verbose) {
4851 (void) printf("%s %s%s stream of %s into %s\n",
4852 flags->dryrun ? "would receive" : "receiving",
4853 flags->heal ? " corrective" : "",
4854 drrb->drr_fromguid ? "incremental" : "full",
4855 drrb->drr_toname, destsnap);
4856 (void) fflush(stdout);
4857 }
4858
4859 /*
4860 * If this is the top-level dataset, record it so we can use it
4861 * for recursive operations later.
4862 */
4863 if (top_zfs != NULL &&
4864 (*top_zfs == NULL || strcmp(*top_zfs, name) == 0)) {
4865 toplevel = B_TRUE;
4866 if (*top_zfs == NULL)
4867 *top_zfs = zfs_strdup(hdl, name);
4868 }
4869
4870 if (drrb->drr_type == DMU_OST_ZVOL) {
4871 type = ZFS_TYPE_VOLUME;
4872 } else if (drrb->drr_type == DMU_OST_ZFS) {
4873 type = ZFS_TYPE_FILESYSTEM;
4874 } else {
4875 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4876 "invalid record type: 0x%d"), drrb->drr_type);
4877 err = zfs_error(hdl, EZFS_BADSTREAM, errbuf);
4878 goto out;
4879 }
4880 if ((err = zfs_setup_cmdline_props(hdl, type, name, zoned, recursive,
4881 stream_wantsnewfs, raw, toplevel, rcvprops, cmdprops, origprops,
4882 &oxprops, &wkeydata, &wkeylen, errbuf)) != 0)
4883 goto out;
4884
4885 /*
4886 * When sending with properties (zfs send -p), the encryption property
4887 * is not included because it is a SETONCE property and therefore
4888 * treated as read only. However, we are always able to determine its
4889 * value because raw sends will include it in the DRR_BDEGIN payload
4890 * and non-raw sends with properties are not allowed for encrypted
4891 * datasets. Therefore, if this is a non-raw properties stream, we can
4892 * infer that the value should be ZIO_CRYPT_OFF and manually add that
4893 * to the received properties.
4894 */
4895 if (stream_wantsnewfs && !raw && rcvprops != NULL &&
4896 !nvlist_exists(cmdprops, zfs_prop_to_name(ZFS_PROP_ENCRYPTION))) {
4897 if (oxprops == NULL)
4898 oxprops = fnvlist_alloc();
4899 fnvlist_add_uint64(oxprops,
4900 zfs_prop_to_name(ZFS_PROP_ENCRYPTION), ZIO_CRYPT_OFF);
4901 }
4902
4903 if (flags->dryrun) {
4904 void *buf = zfs_alloc(hdl, SPA_MAXBLOCKSIZE);
4905
4906 /*
4907 * We have read the DRR_BEGIN record, but we have
4908 * not yet read the payload. For non-dryrun sends
4909 * this will be done by the kernel, so we must
4910 * emulate that here, before attempting to read
4911 * more records.
4912 */
4913 err = recv_read(hdl, infd, buf, drr->drr_payloadlen,
4914 flags->byteswap, NULL);
4915 free(buf);
4916 if (err != 0)
4917 goto out;
4918
4919 err = recv_skip(hdl, infd, flags->byteswap);
4920 goto out;
4921 }
4922
4923 if (flags->heal) {
4924 err = ioctl_err = lzc_receive_with_heal(destsnap, rcvprops,
4925 oxprops, wkeydata, wkeylen, origin, flags->force,
4926 flags->heal, flags->resumable, raw, infd, drr_noswap, -1,
4927 &read_bytes, &errflags, NULL, &prop_errors);
4928 } else {
4929 err = ioctl_err = lzc_receive_with_cmdprops(destsnap, rcvprops,
4930 oxprops, wkeydata, wkeylen, origin, flags->force,
4931 flags->resumable, raw, infd, drr_noswap, -1, &read_bytes,
4932 &errflags, NULL, &prop_errors);
4933 }
4934 ioctl_errno = ioctl_err;
4935 prop_errflags = errflags;
4936
4937 if (err == 0) {
4938 nvpair_t *prop_err = NULL;
4939
4940 while ((prop_err = nvlist_next_nvpair(prop_errors,
4941 prop_err)) != NULL) {
4942 char tbuf[1024];
4943 zfs_prop_t prop;
4944 int intval;
4945
4946 prop = zfs_name_to_prop(nvpair_name(prop_err));
4947 (void) nvpair_value_int32(prop_err, &intval);
4948 if (strcmp(nvpair_name(prop_err),
4949 ZPROP_N_MORE_ERRORS) == 0) {
4950 trunc_prop_errs(intval);
4951 break;
4952 } else if (snapname == NULL || finalsnap == NULL ||
4953 strcmp(finalsnap, snapname) == 0 ||
4954 strcmp(nvpair_name(prop_err),
4955 zfs_prop_to_name(ZFS_PROP_REFQUOTA)) != 0) {
4956 /*
4957 * Skip the special case of, for example,
4958 * "refquota", errors on intermediate
4959 * snapshots leading up to a final one.
4960 * That's why we have all of the checks above.
4961 *
4962 * See zfs_ioctl.c's extract_delay_props() for
4963 * a list of props which can fail on
4964 * intermediate snapshots, but shouldn't
4965 * affect the overall receive.
4966 */
4967 (void) snprintf(tbuf, sizeof (tbuf),
4968 dgettext(TEXT_DOMAIN,
4969 "cannot receive %s property on %s"),
4970 nvpair_name(prop_err), name);
4971 zfs_setprop_error(hdl, prop, intval, tbuf);
4972 }
4973 }
4974 }
4975
4976 if (err == 0 && snapprops_nvlist) {
4977 zfs_cmd_t zc = {"\0"};
4978
4979 (void) strlcpy(zc.zc_name, destsnap, sizeof (zc.zc_name));
4980 zc.zc_cookie = B_TRUE; /* received */
4981 zcmd_write_src_nvlist(hdl, &zc, snapprops_nvlist);
4982 (void) zfs_ioctl(hdl, ZFS_IOC_SET_PROP, &zc);
4983 zcmd_free_nvlists(&zc);
4984 }
4985 if (err == 0 && snapholds_nvlist) {
4986 nvpair_t *pair;
4987 nvlist_t *holds, *errors = NULL;
4988 int cleanup_fd = -1;
4989
4990 VERIFY(0 == nvlist_alloc(&holds, 0, KM_SLEEP));
4991 for (pair = nvlist_next_nvpair(snapholds_nvlist, NULL);
4992 pair != NULL;
4993 pair = nvlist_next_nvpair(snapholds_nvlist, pair)) {
4994 fnvlist_add_string(holds, destsnap, nvpair_name(pair));
4995 }
4996 (void) lzc_hold(holds, cleanup_fd, &errors);
4997 fnvlist_free(snapholds_nvlist);
4998 fnvlist_free(holds);
4999 }
5000
5001 if (err && (ioctl_errno == ENOENT || ioctl_errno == EEXIST)) {
5002 /*
5003 * It may be that this snapshot already exists,
5004 * in which case we want to consume & ignore it
5005 * rather than failing.
5006 */
5007 avl_tree_t *local_avl;
5008 nvlist_t *local_nv, *fs;
5009 cp = strchr(destsnap, '@');
5010
5011 /*
5012 * XXX Do this faster by just iterating over snaps in
5013 * this fs. Also if zc_value does not exist, we will
5014 * get a strange "does not exist" error message.
5015 */
5016 *cp = '\0';
5017 if (gather_nvlist(hdl, destsnap, NULL, NULL, B_FALSE, B_TRUE,
5018 B_FALSE, B_FALSE, B_FALSE, B_FALSE, B_FALSE, B_FALSE,
5019 B_TRUE, &local_nv, &local_avl) == 0) {
5020 *cp = '@';
5021 fs = fsavl_find(local_avl, drrb->drr_toguid, NULL);
5022 fsavl_destroy(local_avl);
5023 fnvlist_free(local_nv);
5024
5025 if (fs != NULL) {
5026 if (flags->verbose) {
5027 (void) printf("snap %s already exists; "
5028 "ignoring\n", destsnap);
5029 }
5030 err = ioctl_err = recv_skip(hdl, infd,
5031 flags->byteswap);
5032 }
5033 }
5034 *cp = '@';
5035 }
5036
5037 if (ioctl_err != 0) {
5038 switch (ioctl_errno) {
5039 case ENODEV:
5040 cp = strchr(destsnap, '@');
5041 *cp = '\0';
5042 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5043 "most recent snapshot of %s does not\n"
5044 "match incremental source"), destsnap);
5045 (void) zfs_error(hdl, EZFS_BADRESTORE, errbuf);
5046 *cp = '@';
5047 break;
5048 case ETXTBSY:
5049 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5050 "destination %s has been modified\n"
5051 "since most recent snapshot"), name);
5052 (void) zfs_error(hdl, EZFS_BADRESTORE, errbuf);
5053 break;
5054 case EACCES:
5055 if (flags->heal) {
5056 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5057 "key must be loaded to do a non-raw "
5058 "corrective recv on an encrypted "
5059 "dataset."));
5060 } else if (raw && stream_wantsnewfs) {
5061 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5062 "failed to create encryption key"));
5063 } else if (raw && !stream_wantsnewfs) {
5064 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5065 "encryption key does not match "
5066 "existing key"));
5067 } else {
5068 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5069 "inherited key must be loaded"));
5070 }
5071 (void) zfs_error(hdl, EZFS_CRYPTOFAILED, errbuf);
5072 break;
5073 case EEXIST:
5074 cp = strchr(destsnap, '@');
5075 if (newfs) {
5076 /* it's the containing fs that exists */
5077 *cp = '\0';
5078 }
5079 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5080 "destination already exists"));
5081 (void) zfs_error_fmt(hdl, EZFS_EXISTS,
5082 dgettext(TEXT_DOMAIN, "cannot restore to %s"),
5083 destsnap);
5084 *cp = '@';
5085 break;
5086 case EINVAL:
5087 if (flags->resumable) {
5088 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5089 "kernel modules must be upgraded to "
5090 "receive this stream."));
5091 } else if (embedded && !raw) {
5092 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5093 "incompatible embedded data stream "
5094 "feature with encrypted receive."));
5095 }
5096 (void) zfs_error(hdl, EZFS_BADSTREAM, errbuf);
5097 break;
5098 case ECKSUM:
5099 case ZFS_ERR_STREAM_TRUNCATED:
5100 if (flags->heal)
5101 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5102 "corrective receive was not able to "
5103 "reconstruct the data needed for "
5104 "healing."));
5105 else
5106 recv_ecksum_set_aux(hdl, destsnap,
5107 flags->resumable, ioctl_err == ECKSUM);
5108 (void) zfs_error(hdl, EZFS_BADSTREAM, errbuf);
5109 break;
5110 case ZFS_ERR_STREAM_LARGE_BLOCK_MISMATCH:
5111 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5112 "incremental send stream requires -L "
5113 "(--large-block), to match previous receive."));
5114 (void) zfs_error(hdl, EZFS_BADSTREAM, errbuf);
5115 break;
5116 case ENOTSUP:
5117 if (flags->heal)
5118 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5119 "stream is not compatible with the "
5120 "data in the pool."));
5121 else
5122 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5123 "pool must be upgraded to receive this "
5124 "stream."));
5125 (void) zfs_error(hdl, EZFS_BADVERSION, errbuf);
5126 break;
5127 case EDQUOT:
5128 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5129 "destination %s space quota exceeded."), name);
5130 (void) zfs_error(hdl, EZFS_NOSPC, errbuf);
5131 break;
5132 case ZFS_ERR_FROM_IVSET_GUID_MISSING:
5133 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5134 "IV set guid missing. See errata %u at "
5135 "https://openzfs.github.io/openzfs-docs/msg/"
5136 "ZFS-8000-ER."),
5137 ZPOOL_ERRATA_ZOL_8308_ENCRYPTION);
5138 (void) zfs_error(hdl, EZFS_BADSTREAM, errbuf);
5139 break;
5140 case ZFS_ERR_FROM_IVSET_GUID_MISMATCH:
5141 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5142 "IV set guid mismatch. See the 'zfs receive' "
5143 "man page section\n discussing the limitations "
5144 "of raw encrypted send streams."));
5145 (void) zfs_error(hdl, EZFS_BADSTREAM, errbuf);
5146 break;
5147 case ZFS_ERR_SPILL_BLOCK_FLAG_MISSING:
5148 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5149 "Spill block flag missing for raw send.\n"
5150 "The zfs software on the sending system must "
5151 "be updated."));
5152 (void) zfs_error(hdl, EZFS_BADSTREAM, errbuf);
5153 break;
5154 case ZFS_ERR_RESUME_EXISTS:
5155 cp = strchr(destsnap, '@');
5156 if (newfs) {
5157 /* it's the containing fs that exists */
5158 *cp = '\0';
5159 }
5160 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5161 "Resuming recv on existing dataset without force"));
5162 (void) zfs_error_fmt(hdl, EZFS_RESUME_EXISTS,
5163 dgettext(TEXT_DOMAIN, "cannot resume recv %s"),
5164 destsnap);
5165 *cp = '@';
5166 break;
5167 case EBUSY:
5168 if (hastoken) {
5169 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5170 "destination %s contains "
5171 "partially-complete state from "
5172 "\"zfs receive -s\"."), name);
5173 (void) zfs_error(hdl, EZFS_BUSY, errbuf);
5174 break;
5175 }
5176 zfs_fallthrough;
5177 default:
5178 (void) zfs_standard_error(hdl, ioctl_errno, errbuf);
5179 }
5180 }
5181
5182 /*
5183 * Mount the target filesystem (if created). Also mount any
5184 * children of the target filesystem if we did a replication
5185 * receive (indicated by stream_avl being non-NULL).
5186 */
5187 if (clp) {
5188 if (!flags->nomount)
5189 err |= changelist_postfix(clp);
5190 changelist_free(clp);
5191 }
5192
5193 if ((newfs || stream_avl) && type == ZFS_TYPE_FILESYSTEM && !redacted)
5194 flags->domount = B_TRUE;
5195
5196 if (prop_errflags & ZPROP_ERR_NOCLEAR) {
5197 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, "Warning: "
5198 "failed to clear unreceived properties on %s"), name);
5199 (void) fprintf(stderr, "\n");
5200 }
5201 if (prop_errflags & ZPROP_ERR_NORESTORE) {
5202 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, "Warning: "
5203 "failed to restore original properties on %s"), name);
5204 (void) fprintf(stderr, "\n");
5205 }
5206
5207 if (err || ioctl_err) {
5208 err = -1;
5209 goto out;
5210 }
5211
5212 if (flags->verbose) {
5213 char buf1[64];
5214 char buf2[64];
5215 uint64_t bytes = read_bytes;
5216 struct timespec delta;
5217 clock_gettime(CLOCK_MONOTONIC_RAW, &delta);
5218 if (begin_time.tv_nsec > delta.tv_nsec) {
5219 delta.tv_nsec =
5220 1000000000 + delta.tv_nsec - begin_time.tv_nsec;
5221 delta.tv_sec -= 1;
5222 } else
5223 delta.tv_nsec -= begin_time.tv_nsec;
5224 delta.tv_sec -= begin_time.tv_sec;
5225 if (delta.tv_sec == 0 && delta.tv_nsec == 0)
5226 delta.tv_nsec = 1;
5227 double delta_f = delta.tv_sec + (delta.tv_nsec / 1e9);
5228 zfs_nicebytes(bytes, buf1, sizeof (buf1));
5229 zfs_nicebytes(bytes / delta_f, buf2, sizeof (buf2));
5230
5231 (void) printf("received %s stream in %.2f seconds (%s/sec)\n",
5232 buf1, delta_f, buf2);
5233 }
5234
5235 err = 0;
5236 out:
5237 if (prop_errors != NULL)
5238 fnvlist_free(prop_errors);
5239
5240 if (tmp_keylocation[0] != '\0') {
5241 fnvlist_add_string(rcvprops,
5242 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), tmp_keylocation);
5243 }
5244
5245 if (newprops)
5246 fnvlist_free(rcvprops);
5247
5248 fnvlist_free(oxprops);
5249 fnvlist_free(origprops);
5250
5251 return (err);
5252 }
5253
5254 /*
5255 * Check properties we were asked to override (both -o|-x)
5256 */
5257 static boolean_t
5258 zfs_receive_checkprops(libzfs_handle_t *hdl, nvlist_t *props,
5259 const char *errbuf)
5260 {
5261 nvpair_t *nvp = NULL;
5262 zfs_prop_t prop;
5263 const char *name;
5264
5265 while ((nvp = nvlist_next_nvpair(props, nvp)) != NULL) {
5266 name = nvpair_name(nvp);
5267 prop = zfs_name_to_prop(name);
5268
5269 if (prop == ZPROP_USERPROP) {
5270 if (!zfs_prop_user(name)) {
5271 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5272 "%s: invalid property '%s'"), errbuf, name);
5273 return (B_FALSE);
5274 }
5275 continue;
5276 }
5277 /*
5278 * "origin" is readonly but is used to receive datasets as
5279 * clones so we don't raise an error here
5280 */
5281 if (prop == ZFS_PROP_ORIGIN)
5282 continue;
5283
5284 /* encryption params have their own verification later */
5285 if (prop == ZFS_PROP_ENCRYPTION ||
5286 zfs_prop_encryption_key_param(prop))
5287 continue;
5288
5289 /*
5290 * cannot override readonly, set-once and other specific
5291 * settable properties
5292 */
5293 if (zfs_prop_readonly(prop) || prop == ZFS_PROP_VERSION ||
5294 prop == ZFS_PROP_VOLSIZE) {
5295 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5296 "%s: invalid property '%s'"), errbuf, name);
5297 return (B_FALSE);
5298 }
5299 }
5300
5301 return (B_TRUE);
5302 }
5303
5304 static int
5305 zfs_receive_impl(libzfs_handle_t *hdl, const char *tosnap,
5306 const char *originsnap, recvflags_t *flags, int infd, const char *sendfs,
5307 nvlist_t *stream_nv, avl_tree_t *stream_avl, char **top_zfs,
5308 const char *finalsnap, nvlist_t *cmdprops)
5309 {
5310 int err;
5311 dmu_replay_record_t drr, drr_noswap;
5312 struct drr_begin *drrb = &drr.drr_u.drr_begin;
5313 char errbuf[ERRBUFLEN];
5314 zio_cksum_t zcksum = { { 0 } };
5315 uint64_t featureflags;
5316 int hdrtype;
5317
5318 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
5319 "cannot receive"));
5320
5321 /* check cmdline props, raise an error if they cannot be received */
5322 if (!zfs_receive_checkprops(hdl, cmdprops, errbuf))
5323 return (zfs_error(hdl, EZFS_BADPROP, errbuf));
5324
5325 if (flags->isprefix &&
5326 !zfs_dataset_exists(hdl, tosnap, ZFS_TYPE_DATASET)) {
5327 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "specified fs "
5328 "(%s) does not exist"), tosnap);
5329 return (zfs_error(hdl, EZFS_NOENT, errbuf));
5330 }
5331 if (originsnap &&
5332 !zfs_dataset_exists(hdl, originsnap, ZFS_TYPE_DATASET)) {
5333 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "specified origin fs "
5334 "(%s) does not exist"), originsnap);
5335 return (zfs_error(hdl, EZFS_NOENT, errbuf));
5336 }
5337
5338 /* read in the BEGIN record */
5339 if (0 != (err = recv_read(hdl, infd, &drr, sizeof (drr), B_FALSE,
5340 &zcksum)))
5341 return (err);
5342
5343 if (drr.drr_type == DRR_END || drr.drr_type == BSWAP_32(DRR_END)) {
5344 /* It's the double end record at the end of a package */
5345 return (ENODATA);
5346 }
5347
5348 /* the kernel needs the non-byteswapped begin record */
5349 drr_noswap = drr;
5350
5351 flags->byteswap = B_FALSE;
5352 if (drrb->drr_magic == BSWAP_64(DMU_BACKUP_MAGIC)) {
5353 /*
5354 * We computed the checksum in the wrong byteorder in
5355 * recv_read() above; do it again correctly.
5356 */
5357 memset(&zcksum, 0, sizeof (zio_cksum_t));
5358 fletcher_4_incremental_byteswap(&drr, sizeof (drr), &zcksum);
5359 flags->byteswap = B_TRUE;
5360
5361 drr.drr_type = BSWAP_32(drr.drr_type);
5362 drr.drr_payloadlen = BSWAP_32(drr.drr_payloadlen);
5363 drrb->drr_magic = BSWAP_64(drrb->drr_magic);
5364 drrb->drr_versioninfo = BSWAP_64(drrb->drr_versioninfo);
5365 drrb->drr_creation_time = BSWAP_64(drrb->drr_creation_time);
5366 drrb->drr_type = BSWAP_32(drrb->drr_type);
5367 drrb->drr_flags = BSWAP_32(drrb->drr_flags);
5368 drrb->drr_toguid = BSWAP_64(drrb->drr_toguid);
5369 drrb->drr_fromguid = BSWAP_64(drrb->drr_fromguid);
5370 }
5371
5372 if (drrb->drr_magic != DMU_BACKUP_MAGIC || drr.drr_type != DRR_BEGIN) {
5373 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "invalid "
5374 "stream (bad magic number)"));
5375 return (zfs_error(hdl, EZFS_BADSTREAM, errbuf));
5376 }
5377
5378 featureflags = DMU_GET_FEATUREFLAGS(drrb->drr_versioninfo);
5379 hdrtype = DMU_GET_STREAM_HDRTYPE(drrb->drr_versioninfo);
5380
5381 if (!DMU_STREAM_SUPPORTED(featureflags) ||
5382 (hdrtype != DMU_SUBSTREAM && hdrtype != DMU_COMPOUNDSTREAM)) {
5383 /*
5384 * Let's be explicit about this one, since rather than
5385 * being a new feature we can't know, it's an old
5386 * feature we dropped.
5387 */
5388 if (featureflags & DMU_BACKUP_FEATURE_DEDUP) {
5389 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5390 "stream has deprecated feature: dedup, try "
5391 "'zstream redup [send in a file] | zfs recv "
5392 "[...]'"));
5393 } else {
5394 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5395 "stream has unsupported feature, feature flags = "
5396 "%llx (unknown flags = %llx)"),
5397 (u_longlong_t)featureflags,
5398 (u_longlong_t)((featureflags) &
5399 ~DMU_BACKUP_FEATURE_MASK));
5400 }
5401 return (zfs_error(hdl, EZFS_BADSTREAM, errbuf));
5402 }
5403
5404 /* Holds feature is set once in the compound stream header. */
5405 if (featureflags & DMU_BACKUP_FEATURE_HOLDS)
5406 flags->holds = B_TRUE;
5407
5408 if (strchr(drrb->drr_toname, '@') == NULL) {
5409 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "invalid "
5410 "stream (bad snapshot name)"));
5411 return (zfs_error(hdl, EZFS_BADSTREAM, errbuf));
5412 }
5413
5414 if (DMU_GET_STREAM_HDRTYPE(drrb->drr_versioninfo) == DMU_SUBSTREAM) {
5415 char nonpackage_sendfs[ZFS_MAX_DATASET_NAME_LEN];
5416 if (sendfs == NULL) {
5417 /*
5418 * We were not called from zfs_receive_package(). Get
5419 * the fs specified by 'zfs send'.
5420 */
5421 char *cp;
5422 (void) strlcpy(nonpackage_sendfs,
5423 drr.drr_u.drr_begin.drr_toname,
5424 sizeof (nonpackage_sendfs));
5425 if ((cp = strchr(nonpackage_sendfs, '@')) != NULL)
5426 *cp = '\0';
5427 sendfs = nonpackage_sendfs;
5428 VERIFY(finalsnap == NULL);
5429 }
5430 return (zfs_receive_one(hdl, infd, tosnap, originsnap, flags,
5431 &drr, &drr_noswap, sendfs, stream_nv, stream_avl, top_zfs,
5432 finalsnap, cmdprops));
5433 } else {
5434 assert(DMU_GET_STREAM_HDRTYPE(drrb->drr_versioninfo) ==
5435 DMU_COMPOUNDSTREAM);
5436 return (zfs_receive_package(hdl, infd, tosnap, flags, &drr,
5437 &zcksum, top_zfs, cmdprops));
5438 }
5439 }
5440
5441 /*
5442 * Restores a backup of tosnap from the file descriptor specified by infd.
5443 * Return 0 on total success, -2 if some things couldn't be
5444 * destroyed/renamed/promoted, -1 if some things couldn't be received.
5445 * (-1 will override -2, if -1 and the resumable flag was specified the
5446 * transfer can be resumed if the sending side supports it).
5447 */
5448 int
5449 zfs_receive(libzfs_handle_t *hdl, const char *tosnap, nvlist_t *props,
5450 recvflags_t *flags, int infd, avl_tree_t *stream_avl)
5451 {
5452 char *top_zfs = NULL;
5453 int err;
5454 struct stat sb;
5455 char *originsnap = NULL;
5456
5457 /*
5458 * The only way fstat can fail is if we do not have a valid file
5459 * descriptor.
5460 */
5461 if (fstat(infd, &sb) == -1) {
5462 perror("fstat");
5463 return (-2);
5464 }
5465
5466 if (props) {
5467 err = nvlist_lookup_string(props, "origin", &originsnap);
5468 if (err && err != ENOENT)
5469 return (err);
5470 }
5471
5472 err = zfs_receive_impl(hdl, tosnap, originsnap, flags, infd, NULL, NULL,
5473 stream_avl, &top_zfs, NULL, props);
5474
5475 if (err == 0 && !flags->nomount && flags->domount && top_zfs) {
5476 zfs_handle_t *zhp = NULL;
5477 prop_changelist_t *clp = NULL;
5478
5479 zhp = zfs_open(hdl, top_zfs,
5480 ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME);
5481 if (zhp == NULL) {
5482 err = -1;
5483 goto out;
5484 } else {
5485 if (zhp->zfs_type == ZFS_TYPE_VOLUME) {
5486 zfs_close(zhp);
5487 goto out;
5488 }
5489
5490 clp = changelist_gather(zhp, ZFS_PROP_MOUNTPOINT,
5491 CL_GATHER_MOUNT_ALWAYS,
5492 flags->forceunmount ? MS_FORCE : 0);
5493 zfs_close(zhp);
5494 if (clp == NULL) {
5495 err = -1;
5496 goto out;
5497 }
5498
5499 /* mount and share received datasets */
5500 err = changelist_postfix(clp);
5501 changelist_free(clp);
5502 if (err != 0)
5503 err = -1;
5504 }
5505 }
5506
5507 out:
5508 if (top_zfs)
5509 free(top_zfs);
5510
5511 return (err);
5512 }
OpenZFS on Linux and FreeBSD