1
// SPDX-License-Identifier: CDDL-1.0
2
/*
3
 * CDDL HEADER START
4
 *
5
 * The contents of this file are subject to the terms of the
6
 * Common Development and Distribution License (the "License").
7
 * You may not use this file except in compliance with the License.
8
 *
9
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10
 * or https://opensource.org/licenses/CDDL-1.0.
11
 * See the License for the specific language governing permissions
12
 * and limitations under the License.
13
 *
14
 * When distributing Covered Code, include this CDDL HEADER in each
15
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16
 * If applicable, add the following below this CDDL HEADER, with the
17
 * fields enclosed by brackets "[]" replaced with your own identifying
18
 * information: Portions Copyright [yyyy] [name of copyright owner]
19
 *
20
 * CDDL HEADER END
21
 */
22

23
/*
24
 * Copyright 2015 Nexenta Systems, Inc.  All rights reserved.
25
 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
26
 * Copyright (c) 2014, 2022 by Delphix. All rights reserved.
27
 * Copyright 2016 Igor Kozhukhov <[email protected]>
28
 * Copyright 2017 RackTop Systems.
29
 * Copyright (c) 2018 Datto Inc.
30
 * Copyright 2018 OmniOS Community Edition (OmniOSce) Association.
31
 */
32

33
/*
34
 * Routines to manage ZFS mounts.  We separate all the nasty routines that have
35
 * to deal with the OS.  The following functions are the main entry points --
36
 * they are used by mount and unmount and when changing a filesystem's
37
 * mountpoint.
38
 *
39
 *	zfs_is_mounted()
40
 *	zfs_mount()
41
 *	zfs_mount_at()
42
 *	zfs_unmount()
43
 *	zfs_unmountall()
44
 *
45
 * This file also contains the functions used to manage sharing filesystems:
46
 *
47
 *	zfs_is_shared()
48
 *	zfs_share()
49
 *	zfs_unshare()
50
 *	zfs_unshareall()
51
 *	zfs_commit_shares()
52
 *
53
 * The following functions are available for pool consumers, and will
54
 * mount/unmount and share/unshare all datasets within pool:
55
 *
56
 *	zpool_enable_datasets()
57
 *	zpool_disable_datasets()
58
 */
59

60
#include <dirent.h>
61
#include <dlfcn.h>
62
#include <errno.h>
63
#include <fcntl.h>
64
#include <libgen.h>
65
#include <libintl.h>
66
#include <stdio.h>
67
#include <stdlib.h>
68
#include <string.h>
69
#include <unistd.h>
70
#include <zone.h>
71
#include <sys/mntent.h>
72
#include <sys/mount.h>
73
#include <sys/stat.h>
74
#include <sys/vfs.h>
75
#include <sys/dsl_crypt.h>
76

77
#include <libzfs.h>
78
#include <libzutil.h>
79

80
#include "libzfs_impl.h"
81
#include <thread_pool.h>
82

83
#include <libshare.h>
84
#include <sys/systeminfo.h>
85
#define	MAXISALEN	257	/* based on sysinfo(2) man page */
86

87
static void zfs_mount_task(void *);
88

89
static const proto_table_t proto_table[SA_PROTOCOL_COUNT] = {
90
	[SA_PROTOCOL_NFS] =
91
	    {ZFS_PROP_SHARENFS, EZFS_SHARENFSFAILED, EZFS_UNSHARENFSFAILED},
92
	[SA_PROTOCOL_SMB] =
93
	    {ZFS_PROP_SHARESMB, EZFS_SHARESMBFAILED, EZFS_UNSHARESMBFAILED},
94
};
95

96
static const enum sa_protocol share_all_proto[SA_PROTOCOL_COUNT + 1] = {
97
	SA_PROTOCOL_NFS,
98
	SA_PROTOCOL_SMB,
99
	SA_NO_PROTOCOL
100
};
101

102

103

104
static boolean_t
105
dir_is_empty_stat(const char *dirname)
106
{
107
	struct stat st;
108

109
	/*
110
	 * We only want to return false if the given path is a non empty
111
	 * directory, all other errors are handled elsewhere.
112
	 */
113
	if (stat(dirname, &st) < 0 || !S_ISDIR(st.st_mode)) {
114
		return (B_TRUE);
115
	}
116

117
	/*
118
	 * An empty directory will still have two entries in it, one
119
	 * entry for each of "." and "..".
120
	 */
121
	if (st.st_size > 2) {
122
		return (B_FALSE);
123
	}
124

125
	return (B_TRUE);
126
}
127

128
static boolean_t
129
dir_is_empty_readdir(const char *dirname)
130
{
131
	DIR *dirp;
132
	struct dirent64 *dp;
133
	int dirfd;
134

135
	if ((dirfd = openat(AT_FDCWD, dirname,
136
	    O_RDONLY | O_NDELAY | O_LARGEFILE | O_CLOEXEC, 0)) < 0) {
137
		return (B_TRUE);
138
	}
139

140
	if ((dirp = fdopendir(dirfd)) == NULL) {
141
		(void) close(dirfd);
142
		return (B_TRUE);
143
	}
144

145
	while ((dp = readdir64(dirp)) != NULL) {
146

147
		if (strcmp(dp->d_name, ".") == 0 ||
148
		    strcmp(dp->d_name, "..") == 0)
149
			continue;
150

151
		(void) closedir(dirp);
152
		return (B_FALSE);
153
	}
154

155
	(void) closedir(dirp);
156
	return (B_TRUE);
157
}
158

159
/*
160
 * Returns true if the specified directory is empty.  If we can't open the
161
 * directory at all, return true so that the mount can fail with a more
162
 * informative error message.
163
 */
164
static boolean_t
165
dir_is_empty(const char *dirname)
166
{
167
	struct statfs64 st;
168

169
	/*
170
	 * If the statvfs call fails or the filesystem is not a ZFS
171
	 * filesystem, fall back to the slow path which uses readdir.
172
	 */
173
	if ((statfs64(dirname, &st) != 0) ||
174
	    (st.f_type != ZFS_SUPER_MAGIC)) {
175
		return (dir_is_empty_readdir(dirname));
176
	}
177

178
	/*
179
	 * At this point, we know the provided path is on a ZFS
180
	 * filesystem, so we can use stat instead of readdir to
181
	 * determine if the directory is empty or not. We try to avoid
182
	 * using readdir because that requires opening "dirname"; this
183
	 * open file descriptor can potentially end up in a child
184
	 * process if there's a concurrent fork, thus preventing the
185
	 * zfs_mount() from otherwise succeeding (the open file
186
	 * descriptor inherited by the child process will cause the
187
	 * parent's mount to fail with EBUSY). The performance
188
	 * implications of replacing the open, read, and close with a
189
	 * single stat is nice; but is not the main motivation for the
190
	 * added complexity.
191
	 */
192
	return (dir_is_empty_stat(dirname));
193
}
194

195
/*
196
 * Checks to see if the mount is active.  If the filesystem is mounted, we fill
197
 * in 'where' with the current mountpoint, and return 1.  Otherwise, we return
198
 * 0.
199
 */
200
boolean_t
201
is_mounted(libzfs_handle_t *zfs_hdl, const char *special, char **where)
202
{
203
	struct mnttab entry;
204

205
	if (libzfs_mnttab_find(zfs_hdl, special, &entry) != 0)
206
		return (B_FALSE);
207

208
	if (where != NULL)
209
		*where = zfs_strdup(zfs_hdl, entry.mnt_mountp);
210

211
	return (B_TRUE);
212
}
213

214
boolean_t
215
zfs_is_mounted(zfs_handle_t *zhp, char **where)
216
{
217
	return (is_mounted(zhp->zfs_hdl, zfs_get_name(zhp), where));
218
}
219

220
/*
221
 * Checks any higher order concerns about whether the given dataset is
222
 * mountable, false otherwise.  zfs_is_mountable_internal specifically assumes
223
 * that the caller has verified the sanity of mounting the dataset at
224
 * its mountpoint to the extent the caller wants.
225
 */
226
static boolean_t
227
zfs_is_mountable_internal(zfs_handle_t *zhp)
228
{
229
	if (zfs_prop_get_int(zhp, ZFS_PROP_ZONED) &&
230
	    getzoneid() == GLOBAL_ZONEID)
231
		return (B_FALSE);
232

233
	return (B_TRUE);
234
}
235

236
/*
237
 * Returns true if the given dataset is mountable, false otherwise.  Returns the
238
 * mountpoint in 'buf'.
239
 */
240
static boolean_t
241
zfs_is_mountable(zfs_handle_t *zhp, char *buf, size_t buflen,
242
    zprop_source_t *source, int flags)
243
{
244
	char sourceloc[MAXNAMELEN];
245
	zprop_source_t sourcetype;
246

247
	if (!zfs_prop_valid_for_type(ZFS_PROP_MOUNTPOINT, zhp->zfs_type,
248
	    B_FALSE))
249
		return (B_FALSE);
250

251
	verify(zfs_prop_get(zhp, ZFS_PROP_MOUNTPOINT, buf, buflen,
252
	    &sourcetype, sourceloc, sizeof (sourceloc), B_FALSE) == 0);
253

254
	if (strcmp(buf, ZFS_MOUNTPOINT_NONE) == 0 ||
255
	    strcmp(buf, ZFS_MOUNTPOINT_LEGACY) == 0)
256
		return (B_FALSE);
257

258
	if (zfs_prop_get_int(zhp, ZFS_PROP_CANMOUNT) == ZFS_CANMOUNT_OFF)
259
		return (B_FALSE);
260

261
	if (!zfs_is_mountable_internal(zhp))
262
		return (B_FALSE);
263

264
	if (zfs_prop_get_int(zhp, ZFS_PROP_REDACTED) && !(flags & MS_FORCE))
265
		return (B_FALSE);
266

267
	if (source)
268
		*source = sourcetype;
269

270
	return (B_TRUE);
271
}
272

273
/*
274
 * The filesystem is mounted by invoking the system mount utility rather
275
 * than by the system call mount(2).  This ensures that the /etc/mtab
276
 * file is correctly locked for the update.  Performing our own locking
277
 * and /etc/mtab update requires making an unsafe assumption about how
278
 * the mount utility performs its locking.  Unfortunately, this also means
279
 * in the case of a mount failure we do not have the exact errno.  We must
280
 * make due with return value from the mount process.
281
 *
282
 * In the long term a shared library called libmount is under development
283
 * which provides a common API to address the locking and errno issues.
284
 * Once the standard mount utility has been updated to use this library
285
 * we can add an autoconf check to conditionally use it.
286
 *
287
 * http://www.kernel.org/pub/linux/utils/util-linux/libmount-docs/index.html
288
 */
289

290
static int
291
zfs_add_option(zfs_handle_t *zhp, char *options, int len,
292
    zfs_prop_t prop, const char *on, const char *off)
293
{
294
	const char *source;
295
	uint64_t value;
296

297
	/* Skip adding duplicate default options */
298
	if ((strstr(options, on) != NULL) || (strstr(options, off) != NULL))
299
		return (0);
300

301
	/*
302
	 * zfs_prop_get_int() is not used to ensure our mount options
303
	 * are not influenced by the current /proc/self/mounts contents.
304
	 */
305
	value = getprop_uint64(zhp, prop, &source);
306

307
	(void) strlcat(options, ",", len);
308
	(void) strlcat(options, value ? on : off, len);
309

310
	return (0);
311
}
312

313
static int
314
zfs_add_options(zfs_handle_t *zhp, char *options, int len)
315
{
316
	int error = 0;
317

318
	error = zfs_add_option(zhp, options, len,
319
	    ZFS_PROP_ATIME, MNTOPT_ATIME, MNTOPT_NOATIME);
320
	/*
321
	 * don't add relatime/strictatime when atime=off, otherwise strictatime
322
	 * will force atime=on
323
	 */
324
	if (strstr(options, MNTOPT_NOATIME) == NULL) {
325
		error = zfs_add_option(zhp, options, len,
326
		    ZFS_PROP_RELATIME, MNTOPT_RELATIME, MNTOPT_STRICTATIME);
327
	}
328
	error = error ? error : zfs_add_option(zhp, options, len,
329
	    ZFS_PROP_DEVICES, MNTOPT_DEVICES, MNTOPT_NODEVICES);
330
	error = error ? error : zfs_add_option(zhp, options, len,
331
	    ZFS_PROP_EXEC, MNTOPT_EXEC, MNTOPT_NOEXEC);
332
	error = error ? error : zfs_add_option(zhp, options, len,
333
	    ZFS_PROP_READONLY, MNTOPT_RO, MNTOPT_RW);
334
	error = error ? error : zfs_add_option(zhp, options, len,
335
	    ZFS_PROP_SETUID, MNTOPT_SETUID, MNTOPT_NOSETUID);
336
	error = error ? error : zfs_add_option(zhp, options, len,
337
	    ZFS_PROP_NBMAND, MNTOPT_NBMAND, MNTOPT_NONBMAND);
338

339
	return (error);
340
}
341

342
int
343
zfs_mount(zfs_handle_t *zhp, const char *options, int flags)
344
{
345
	char mountpoint[ZFS_MAXPROPLEN];
346

347
	if (!zfs_is_mountable(zhp, mountpoint, sizeof (mountpoint), NULL,
348
	    flags))
349
		return (0);
350

351
	return (zfs_mount_at(zhp, options, flags, mountpoint));
352
}
353

354
/*
355
 * Mount the given filesystem.
356
 */
357
int
358
zfs_mount_at(zfs_handle_t *zhp, const char *options, int flags,
359
    const char *mountpoint)
360
{
361
	struct stat buf;
362
	char mntopts[MNT_LINE_MAX];
363
	char overlay[ZFS_MAXPROPLEN];
364
	char prop_encroot[MAXNAMELEN];
365
	boolean_t is_encroot;
366
	zfs_handle_t *encroot_hp = zhp;
367
	libzfs_handle_t *hdl = zhp->zfs_hdl;
368
	uint64_t keystatus;
369
	int remount = 0, rc;
370

371
	if (options == NULL) {
372
		(void) strlcpy(mntopts, MNTOPT_DEFAULTS, sizeof (mntopts));
373
	} else {
374
		(void) strlcpy(mntopts, options, sizeof (mntopts));
375
	}
376

377
	if (strstr(mntopts, MNTOPT_REMOUNT) != NULL)
378
		remount = 1;
379

380
	/* Potentially duplicates some checks if invoked by zfs_mount(). */
381
	if (!zfs_is_mountable_internal(zhp))
382
		return (0);
383

384
	/*
385
	 * If the pool is imported read-only then all mounts must be read-only
386
	 */
387
	if (zpool_get_prop_int(zhp->zpool_hdl, ZPOOL_PROP_READONLY, NULL))
388
		(void) strlcat(mntopts, "," MNTOPT_RO, sizeof (mntopts));
389

390
	/*
391
	 * Append default mount options which apply to the mount point.
392
	 * This is done because under Linux (unlike Solaris) multiple mount
393
	 * points may reference a single super block.  This means that just
394
	 * given a super block there is no back reference to update the per
395
	 * mount point options.
396
	 */
397
	rc = zfs_add_options(zhp, mntopts, sizeof (mntopts));
398
	if (rc) {
399
		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
400
		    "default options unavailable"));
401
		return (zfs_error_fmt(hdl, EZFS_MOUNTFAILED,
402
		    dgettext(TEXT_DOMAIN, "cannot mount '%s'"),
403
		    mountpoint));
404
	}
405

406
	/*
407
	 * If the filesystem is encrypted the key must be loaded  in order to
408
	 * mount. If the key isn't loaded, the MS_CRYPT flag decides whether
409
	 * or not we attempt to load the keys. Note: we must call
410
	 * zfs_refresh_properties() here since some callers of this function
411
	 * (most notably zpool_enable_datasets()) may implicitly load our key
412
	 * by loading the parent's key first.
413
	 */
414
	if (zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION) != ZIO_CRYPT_OFF) {
415
		zfs_refresh_properties(zhp);
416
		keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
417

418
		/*
419
		 * If the key is unavailable and MS_CRYPT is set give the
420
		 * user a chance to enter the key. Otherwise just fail
421
		 * immediately.
422
		 */
423
		if (keystatus == ZFS_KEYSTATUS_UNAVAILABLE) {
424
			if (flags & MS_CRYPT) {
425
				rc = zfs_crypto_get_encryption_root(zhp,
426
				    &is_encroot, prop_encroot);
427
				if (rc) {
428
					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
429
					    "Failed to get encryption root for "
430
					    "'%s'."), zfs_get_name(zhp));
431
					return (rc);
432
				}
433

434
				if (!is_encroot) {
435
					encroot_hp = zfs_open(hdl, prop_encroot,
436
					    ZFS_TYPE_DATASET);
437
					if (encroot_hp == NULL)
438
						return (hdl->libzfs_error);
439
				}
440

441
				rc = zfs_crypto_load_key(encroot_hp,
442
				    B_FALSE, NULL);
443

444
				if (!is_encroot)
445
					zfs_close(encroot_hp);
446
				if (rc)
447
					return (rc);
448
			} else {
449
				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
450
				    "encryption key not loaded"));
451
				return (zfs_error_fmt(hdl, EZFS_MOUNTFAILED,
452
				    dgettext(TEXT_DOMAIN, "cannot mount '%s'"),
453
				    mountpoint));
454
			}
455
		}
456

457
	}
458

459
	/*
460
	 * Append zfsutil option so the mount helper allow the mount
461
	 */
462
	strlcat(mntopts, "," MNTOPT_ZFSUTIL, sizeof (mntopts));
463

464
	/* Create the directory if it doesn't already exist */
465
	if (lstat(mountpoint, &buf) != 0) {
466
		if (mkdirp(mountpoint, 0755) != 0) {
467
			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
468
			    "failed to create mountpoint: %s"),
469
			    zfs_strerror(errno));
470
			return (zfs_error_fmt(hdl, EZFS_MOUNTFAILED,
471
			    dgettext(TEXT_DOMAIN, "cannot mount '%s'"),
472
			    mountpoint));
473
		}
474
	}
475

476
	/*
477
	 * Overlay mounts are enabled by default but may be disabled
478
	 * via the 'overlay' property. The -O flag remains for compatibility.
479
	 */
480
	if (!(flags & MS_OVERLAY)) {
481
		if (zfs_prop_get(zhp, ZFS_PROP_OVERLAY, overlay,
482
		    sizeof (overlay), NULL, NULL, 0, B_FALSE) == 0) {
483
			if (strcmp(overlay, "on") == 0) {
484
				flags |= MS_OVERLAY;
485
			}
486
		}
487
	}
488

489
	/*
490
	 * Determine if the mountpoint is empty.  If so, refuse to perform the
491
	 * mount.  We don't perform this check if 'remount' is
492
	 * specified or if overlay option (-O) is given
493
	 */
494
	if ((flags & MS_OVERLAY) == 0 && !remount &&
495
	    !dir_is_empty(mountpoint)) {
496
		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
497
		    "directory is not empty"));
498
		return (zfs_error_fmt(hdl, EZFS_MOUNTFAILED,
499
		    dgettext(TEXT_DOMAIN, "cannot mount '%s'"), mountpoint));
500
	}
501

502
	/* perform the mount */
503
	rc = do_mount(zhp, mountpoint, mntopts, flags);
504
	if (rc) {
505
		/*
506
		 * Generic errors are nasty, but there are just way too many
507
		 * from mount(), and they're well-understood.  We pick a few
508
		 * common ones to improve upon.
509
		 */
510
		if (rc == EBUSY) {
511
			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
512
			    "mountpoint or dataset is busy"));
513
		} else if (rc == EPERM) {
514
			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
515
			    "Insufficient privileges"));
516
		} else if (rc == ENOTSUP) {
517
			int spa_version;
518

519
			VERIFY0(zfs_spa_version(zhp, &spa_version));
520
			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
521
			    "Can't mount a version %llu "
522
			    "file system on a version %d pool. Pool must be"
523
			    " upgraded to mount this file system."),
524
			    (u_longlong_t)zfs_prop_get_int(zhp,
525
			    ZFS_PROP_VERSION), spa_version);
526
		} else {
527
			zfs_error_aux(hdl, "%s", zfs_strerror(rc));
528
		}
529
		return (zfs_error_fmt(hdl, EZFS_MOUNTFAILED,
530
		    dgettext(TEXT_DOMAIN, "cannot mount '%s'"),
531
		    zhp->zfs_name));
532
	}
533

534
	/* remove the mounted entry before re-adding on remount */
535
	if (remount)
536
		libzfs_mnttab_remove(hdl, zhp->zfs_name);
537

538
	/* add the mounted entry into our cache */
539
	libzfs_mnttab_add(hdl, zfs_get_name(zhp), mountpoint, mntopts);
540
	return (0);
541
}
542

543
/*
544
 * Unmount a single filesystem.
545
 */
546
static int
547
unmount_one(zfs_handle_t *zhp, const char *mountpoint, int flags)
548
{
549
	int error;
550

551
	error = do_unmount(zhp, mountpoint, flags);
552
	if (error != 0) {
553
		int libzfs_err;
554

555
		switch (error) {
556
		case EBUSY:
557
			libzfs_err = EZFS_BUSY;
558
			break;
559
		case EIO:
560
			libzfs_err = EZFS_IO;
561
			break;
562
		case ENOENT:
563
			libzfs_err = EZFS_NOENT;
564
			break;
565
		case ENOMEM:
566
			libzfs_err = EZFS_NOMEM;
567
			break;
568
		case EPERM:
569
			libzfs_err = EZFS_PERM;
570
			break;
571
		default:
572
			libzfs_err = EZFS_UMOUNTFAILED;
573
		}
574
		if (zhp) {
575
			return (zfs_error_fmt(zhp->zfs_hdl, libzfs_err,
576
			    dgettext(TEXT_DOMAIN, "cannot unmount '%s'"),
577
			    mountpoint));
578
		} else {
579
			return (-1);
580
		}
581
	}
582

583
	return (0);
584
}
585

586
/*
587
 * Unmount the given filesystem.
588
 */
589
int
590
zfs_unmount(zfs_handle_t *zhp, const char *mountpoint, int flags)
591
{
592
	libzfs_handle_t *hdl = zhp->zfs_hdl;
593
	struct mnttab entry;
594
	char *mntpt = NULL;
595
	boolean_t encroot, unmounted = B_FALSE;
596

597
	/* check to see if we need to unmount the filesystem */
598
	if (mountpoint != NULL || ((zfs_get_type(zhp) == ZFS_TYPE_FILESYSTEM) &&
599
	    libzfs_mnttab_find(hdl, zhp->zfs_name, &entry) == 0)) {
600
		/*
601
		 * mountpoint may have come from a call to
602
		 * getmnt/getmntany if it isn't NULL. If it is NULL,
603
		 * we know it comes from libzfs_mnttab_find which can
604
		 * then get freed later. We strdup it to play it safe.
605
		 */
606
		if (mountpoint == NULL)
607
			mntpt = zfs_strdup(hdl, entry.mnt_mountp);
608
		else
609
			mntpt = zfs_strdup(hdl, mountpoint);
610

611
		/*
612
		 * Unshare and unmount the filesystem
613
		 */
614
		if (zfs_unshare(zhp, mntpt, share_all_proto) != 0) {
615
			free(mntpt);
616
			return (-1);
617
		}
618
		zfs_commit_shares(NULL);
619

620
		if (unmount_one(zhp, mntpt, flags) != 0) {
621
			free(mntpt);
622
			(void) zfs_share(zhp, NULL);
623
			zfs_commit_shares(NULL);
624
			return (-1);
625
		}
626

627
		libzfs_mnttab_remove(hdl, zhp->zfs_name);
628
		free(mntpt);
629
		unmounted = B_TRUE;
630
	}
631

632
	/*
633
	 * If the MS_CRYPT flag is provided we must ensure we attempt to
634
	 * unload the dataset's key regardless of whether we did any work
635
	 * to unmount it. We only do this for encryption roots.
636
	 */
637
	if ((flags & MS_CRYPT) != 0 &&
638
	    zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION) != ZIO_CRYPT_OFF) {
639
		zfs_refresh_properties(zhp);
640

641
		if (zfs_crypto_get_encryption_root(zhp, &encroot, NULL) != 0 &&
642
		    unmounted) {
643
			(void) zfs_mount(zhp, NULL, 0);
644
			return (-1);
645
		}
646

647
		if (encroot && zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS) ==
648
		    ZFS_KEYSTATUS_AVAILABLE &&
649
		    zfs_crypto_unload_key(zhp) != 0) {
650
			(void) zfs_mount(zhp, NULL, 0);
651
			return (-1);
652
		}
653
	}
654

655
	zpool_disable_volume_os(zhp->zfs_name);
656

657
	return (0);
658
}
659

660
/*
661
 * Unmount this filesystem and any children inheriting the mountpoint property.
662
 * To do this, just act like we're changing the mountpoint property, but don't
663
 * remount the filesystems afterwards.
664
 */
665
int
666
zfs_unmountall(zfs_handle_t *zhp, int flags)
667
{
668
	prop_changelist_t *clp;
669
	int ret;
670

671
	clp = changelist_gather(zhp, ZFS_PROP_MOUNTPOINT,
672
	    CL_GATHER_ITER_MOUNTED, flags);
673
	if (clp == NULL)
674
		return (-1);
675

676
	ret = changelist_prefix(clp);
677
	changelist_free(clp);
678

679
	return (ret);
680
}
681

682
/*
683
 * Unshare a filesystem by mountpoint.
684
 */
685
static int
686
unshare_one(libzfs_handle_t *hdl, const char *name, const char *mountpoint,
687
    enum sa_protocol proto)
688
{
689
	int err = sa_disable_share(mountpoint, proto);
690
	if (err != SA_OK)
691
		return (zfs_error_fmt(hdl, proto_table[proto].p_unshare_err,
692
		    dgettext(TEXT_DOMAIN, "cannot unshare '%s': %s"),
693
		    name, sa_errorstr(err)));
694

695
	return (0);
696
}
697

698
/*
699
 * Share the given filesystem according to the options in the specified
700
 * protocol specific properties (sharenfs, sharesmb).  We rely
701
 * on "libshare" to do the dirty work for us.
702
 */
703
int
704
zfs_share(zfs_handle_t *zhp, const enum sa_protocol *proto)
705
{
706
	char mountpoint[ZFS_MAXPROPLEN];
707
	char shareopts[ZFS_MAXPROPLEN];
708
	char sourcestr[ZFS_MAXPROPLEN];
709
	const enum sa_protocol *curr_proto;
710
	zprop_source_t sourcetype;
711
	int err = 0;
712

713
	if (proto == NULL)
714
		proto = share_all_proto;
715

716
	if (!zfs_is_mountable(zhp, mountpoint, sizeof (mountpoint), NULL, 0))
717
		return (0);
718

719
	for (curr_proto = proto; *curr_proto != SA_NO_PROTOCOL; curr_proto++) {
720
		/*
721
		 * Return success if there are no share options.
722
		 */
723
		if (zfs_prop_get(zhp, proto_table[*curr_proto].p_prop,
724
		    shareopts, sizeof (shareopts), &sourcetype, sourcestr,
725
		    ZFS_MAXPROPLEN, B_FALSE) != 0 ||
726
		    strcmp(shareopts, "off") == 0)
727
			continue;
728

729
		/*
730
		 * If the 'zoned' property is set, then zfs_is_mountable()
731
		 * will have already bailed out if we are in the global zone.
732
		 * But local zones cannot be NFS servers, so we ignore it for
733
		 * local zones as well.
734
		 */
735
		if (zfs_prop_get_int(zhp, ZFS_PROP_ZONED))
736
			continue;
737

738
		err = sa_enable_share(zfs_get_name(zhp), mountpoint, shareopts,
739
		    *curr_proto);
740
		if (err != SA_OK) {
741
			return (zfs_error_fmt(zhp->zfs_hdl,
742
			    proto_table[*curr_proto].p_share_err,
743
			    dgettext(TEXT_DOMAIN, "cannot share '%s: %s'"),
744
			    zfs_get_name(zhp), sa_errorstr(err)));
745
		}
746

747
	}
748
	return (0);
749
}
750

751
/*
752
 * Check to see if the filesystem is currently shared.
753
 */
754
boolean_t
755
zfs_is_shared(zfs_handle_t *zhp, char **where,
756
    const enum sa_protocol *proto)
757
{
758
	char *mountpoint;
759
	if (proto == NULL)
760
		proto = share_all_proto;
761

762
	if (ZFS_IS_VOLUME(zhp))
763
		return (B_FALSE);
764

765
	if (!zfs_is_mounted(zhp, &mountpoint))
766
		return (B_FALSE);
767

768
	for (const enum sa_protocol *p = proto; *p != SA_NO_PROTOCOL; ++p)
769
		if (sa_is_shared(mountpoint, *p)) {
770
			if (where != NULL)
771
				*where = mountpoint;
772
			else
773
				free(mountpoint);
774
			return (B_TRUE);
775
		}
776

777
	free(mountpoint);
778
	return (B_FALSE);
779
}
780

781
void
782
zfs_commit_shares(const enum sa_protocol *proto)
783
{
784
	if (proto == NULL)
785
		proto = share_all_proto;
786

787
	for (const enum sa_protocol *p = proto; *p != SA_NO_PROTOCOL; ++p)
788
		sa_commit_shares(*p);
789
}
790

791
void
792
zfs_truncate_shares(const enum sa_protocol *proto)
793
{
794
	if (proto == NULL)
795
		proto = share_all_proto;
796

797
	for (const enum sa_protocol *p = proto; *p != SA_NO_PROTOCOL; ++p)
798
		sa_truncate_shares(*p);
799
}
800

801
/*
802
 * Unshare the given filesystem.
803
 */
804
int
805
zfs_unshare(zfs_handle_t *zhp, const char *mountpoint,
806
    const enum sa_protocol *proto)
807
{
808
	libzfs_handle_t *hdl = zhp->zfs_hdl;
809
	struct mnttab entry;
810

811
	if (proto == NULL)
812
		proto = share_all_proto;
813

814
	if (mountpoint != NULL || ((zfs_get_type(zhp) == ZFS_TYPE_FILESYSTEM) &&
815
	    libzfs_mnttab_find(hdl, zfs_get_name(zhp), &entry) == 0)) {
816

817
		/* check to see if need to unmount the filesystem */
818
		const char *mntpt = mountpoint ?: entry.mnt_mountp;
819

820
		for (const enum sa_protocol *curr_proto = proto;
821
		    *curr_proto != SA_NO_PROTOCOL; curr_proto++)
822
			if (sa_is_shared(mntpt, *curr_proto) &&
823
			    unshare_one(hdl, zhp->zfs_name,
824
			    mntpt, *curr_proto) != 0)
825
					return (-1);
826
	}
827

828
	return (0);
829
}
830

831
/*
832
 * Same as zfs_unmountall(), but for NFS and SMB unshares.
833
 */
834
int
835
zfs_unshareall(zfs_handle_t *zhp, const enum sa_protocol *proto)
836
{
837
	prop_changelist_t *clp;
838
	int ret;
839

840
	if (proto == NULL)
841
		proto = share_all_proto;
842

843
	clp = changelist_gather(zhp, ZFS_PROP_SHARENFS, 0, 0);
844
	if (clp == NULL)
845
		return (-1);
846

847
	ret = changelist_unshare(clp, proto);
848
	changelist_free(clp);
849

850
	return (ret);
851
}
852

853
/*
854
 * Remove the mountpoint associated with the current dataset, if necessary.
855
 * We only remove the underlying directory if:
856
 *
857
 *	- The mountpoint is not 'none' or 'legacy'
858
 *	- The mountpoint is non-empty
859
 *	- The mountpoint is the default or inherited
860
 *	- The 'zoned' property is set, or we're in a local zone
861
 *
862
 * Any other directories we leave alone.
863
 */
864
void
865
remove_mountpoint(zfs_handle_t *zhp)
866
{
867
	char mountpoint[ZFS_MAXPROPLEN];
868
	zprop_source_t source;
869

870
	if (!zfs_is_mountable(zhp, mountpoint, sizeof (mountpoint),
871
	    &source, 0))
872
		return;
873

874
	if (source == ZPROP_SRC_DEFAULT ||
875
	    source == ZPROP_SRC_INHERITED) {
876
		/*
877
		 * Try to remove the directory, silently ignoring any errors.
878
		 * The filesystem may have since been removed or moved around,
879
		 * and this error isn't really useful to the administrator in
880
		 * any way.
881
		 */
882
		(void) rmdir(mountpoint);
883
	}
884
}
885

886
/*
887
 * Add the given zfs handle to the cb_handles array, dynamically reallocating
888
 * the array if it is out of space.
889
 */
890
void
891
libzfs_add_handle(get_all_cb_t *cbp, zfs_handle_t *zhp)
892
{
893
	if (cbp->cb_alloc == cbp->cb_used) {
894
		size_t newsz;
895
		zfs_handle_t **newhandles;
896

897
		newsz = cbp->cb_alloc != 0 ? cbp->cb_alloc * 2 : 64;
898
		newhandles = zfs_realloc(zhp->zfs_hdl,
899
		    cbp->cb_handles, cbp->cb_alloc * sizeof (zfs_handle_t *),
900
		    newsz * sizeof (zfs_handle_t *));
901
		cbp->cb_handles = newhandles;
902
		cbp->cb_alloc = newsz;
903
	}
904
	cbp->cb_handles[cbp->cb_used++] = zhp;
905
}
906

907
/*
908
 * Recursive helper function used during file system enumeration
909
 */
910
static int
911
zfs_iter_cb(zfs_handle_t *zhp, void *data)
912
{
913
	get_all_cb_t *cbp = data;
914

915
	if (!(zfs_get_type(zhp) & ZFS_TYPE_FILESYSTEM)) {
916
		zfs_close(zhp);
917
		return (0);
918
	}
919

920
	if (zfs_prop_get_int(zhp, ZFS_PROP_CANMOUNT) == ZFS_CANMOUNT_NOAUTO) {
921
		zfs_close(zhp);
922
		return (0);
923
	}
924

925
	if (zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS) ==
926
	    ZFS_KEYSTATUS_UNAVAILABLE) {
927
		zfs_close(zhp);
928
		return (0);
929
	}
930

931
	/*
932
	 * If this filesystem is inconsistent and has a receive resume
933
	 * token, we can not mount it.
934
	 */
935
	if (zfs_prop_get_int(zhp, ZFS_PROP_INCONSISTENT) &&
936
	    zfs_prop_get(zhp, ZFS_PROP_RECEIVE_RESUME_TOKEN,
937
	    NULL, 0, NULL, NULL, 0, B_TRUE) == 0) {
938
		zfs_close(zhp);
939
		return (0);
940
	}
941

942
	libzfs_add_handle(cbp, zhp);
943
	if (zfs_iter_filesystems_v2(zhp, 0, zfs_iter_cb, cbp) != 0) {
944
		zfs_close(zhp);
945
		return (-1);
946
	}
947
	return (0);
948
}
949

950
/*
951
 * Sort comparator that compares two mountpoint paths. We sort these paths so
952
 * that subdirectories immediately follow their parents. This means that we
953
 * effectively treat the '/' character as the lowest value non-nul char.
954
 * Since filesystems from non-global zones can have the same mountpoint
955
 * as other filesystems, the comparator sorts global zone filesystems to
956
 * the top of the list. This means that the global zone will traverse the
957
 * filesystem list in the correct order and can stop when it sees the
958
 * first zoned filesystem. In a non-global zone, only the delegated
959
 * filesystems are seen.
960
 *
961
 * An example sorted list using this comparator would look like:
962
 *
963
 * /foo
964
 * /foo/bar
965
 * /foo/bar/baz
966
 * /foo/baz
967
 * /foo.bar
968
 * /foo (NGZ1)
969
 * /foo (NGZ2)
970
 *
971
 * The mounting code depends on this ordering to deterministically iterate
972
 * over filesystems in order to spawn parallel mount tasks.
973
 */
974
static int
975
mountpoint_cmp(const void *arga, const void *argb)
976
{
977
	zfs_handle_t *const *zap = arga;
978
	zfs_handle_t *za = *zap;
979
	zfs_handle_t *const *zbp = argb;
980
	zfs_handle_t *zb = *zbp;
981
	char mounta[MAXPATHLEN];
982
	char mountb[MAXPATHLEN];
983
	const char *a = mounta;
984
	const char *b = mountb;
985
	boolean_t gota, gotb;
986
	uint64_t zoneda, zonedb;
987

988
	zoneda = zfs_prop_get_int(za, ZFS_PROP_ZONED);
989
	zonedb = zfs_prop_get_int(zb, ZFS_PROP_ZONED);
990
	if (zoneda && !zonedb)
991
		return (1);
992
	if (!zoneda && zonedb)
993
		return (-1);
994

995
	gota = (zfs_get_type(za) == ZFS_TYPE_FILESYSTEM);
996
	if (gota) {
997
		verify(zfs_prop_get(za, ZFS_PROP_MOUNTPOINT, mounta,
998
		    sizeof (mounta), NULL, NULL, 0, B_FALSE) == 0);
999
	}
1000
	gotb = (zfs_get_type(zb) == ZFS_TYPE_FILESYSTEM);
1001
	if (gotb) {
1002
		verify(zfs_prop_get(zb, ZFS_PROP_MOUNTPOINT, mountb,
1003
		    sizeof (mountb), NULL, NULL, 0, B_FALSE) == 0);
1004
	}
1005

1006
	if (gota && gotb) {
1007
		while (*a != '\0' && (*a == *b)) {
1008
			a++;
1009
			b++;
1010
		}
1011
		if (*a == *b)
1012
			return (0);
1013
		if (*a == '\0')
1014
			return (-1);
1015
		if (*b == '\0')
1016
			return (1);
1017
		if (*a == '/')
1018
			return (-1);
1019
		if (*b == '/')
1020
			return (1);
1021
		return (*a < *b ? -1 : *a > *b);
1022
	}
1023

1024
	if (gota)
1025
		return (-1);
1026
	if (gotb)
1027
		return (1);
1028

1029
	/*
1030
	 * If neither filesystem has a mountpoint, revert to sorting by
1031
	 * dataset name.
1032
	 */
1033
	return (strcmp(zfs_get_name(za), zfs_get_name(zb)));
1034
}
1035

1036
/*
1037
 * Return true if path2 is a child of path1 or path2 equals path1 or
1038
 * path1 is "/" (path2 is always a child of "/").
1039
 */
1040
static boolean_t
1041
libzfs_path_contains(const char *path1, const char *path2)
1042
{
1043
	return (strcmp(path1, path2) == 0 || strcmp(path1, "/") == 0 ||
1044
	    (strstr(path2, path1) == path2 && path2[strlen(path1)] == '/'));
1045
}
1046

1047
/*
1048
 * Given a mountpoint specified by idx in the handles array, find the first
1049
 * non-descendent of that mountpoint and return its index. Descendant paths
1050
 * start with the parent's path. This function relies on the ordering
1051
 * enforced by mountpoint_cmp().
1052
 */
1053
static int
1054
non_descendant_idx(zfs_handle_t **handles, size_t num_handles, int idx)
1055
{
1056
	char parent[ZFS_MAXPROPLEN];
1057
	char child[ZFS_MAXPROPLEN];
1058
	int i;
1059

1060
	verify(zfs_prop_get(handles[idx], ZFS_PROP_MOUNTPOINT, parent,
1061
	    sizeof (parent), NULL, NULL, 0, B_FALSE) == 0);
1062

1063
	for (i = idx + 1; i < num_handles; i++) {
1064
		verify(zfs_prop_get(handles[i], ZFS_PROP_MOUNTPOINT, child,
1065
		    sizeof (child), NULL, NULL, 0, B_FALSE) == 0);
1066
		if (!libzfs_path_contains(parent, child))
1067
			break;
1068
	}
1069
	return (i);
1070
}
1071

1072
typedef struct mnt_param {
1073
	libzfs_handle_t	*mnt_hdl;
1074
	tpool_t		*mnt_tp;
1075
	zfs_handle_t	**mnt_zhps; /* filesystems to mount */
1076
	size_t		mnt_num_handles;
1077
	int		mnt_idx;	/* Index of selected entry to mount */
1078
	zfs_iter_f	mnt_func;
1079
	void		*mnt_data;
1080
} mnt_param_t;
1081

1082
/*
1083
 * Allocate and populate the parameter struct for mount function, and
1084
 * schedule mounting of the entry selected by idx.
1085
 */
1086
static void
1087
zfs_dispatch_mount(libzfs_handle_t *hdl, zfs_handle_t **handles,
1088
    size_t num_handles, int idx, zfs_iter_f func, void *data, tpool_t *tp)
1089
{
1090
	mnt_param_t *mnt_param = zfs_alloc(hdl, sizeof (mnt_param_t));
1091

1092
	mnt_param->mnt_hdl = hdl;
1093
	mnt_param->mnt_tp = tp;
1094
	mnt_param->mnt_zhps = handles;
1095
	mnt_param->mnt_num_handles = num_handles;
1096
	mnt_param->mnt_idx = idx;
1097
	mnt_param->mnt_func = func;
1098
	mnt_param->mnt_data = data;
1099

1100
	if (tpool_dispatch(tp, zfs_mount_task, (void*)mnt_param)) {
1101
		/* Could not dispatch to thread pool; execute directly */
1102
		zfs_mount_task((void*)mnt_param);
1103
	}
1104
}
1105

1106
/*
1107
 * This is the structure used to keep state of mounting or sharing operations
1108
 * during a call to zpool_enable_datasets().
1109
 */
1110
typedef struct mount_state {
1111
	/*
1112
	 * ms_mntstatus is set to -1 if any mount fails. While multiple threads
1113
	 * could update this variable concurrently, no synchronization is
1114
	 * needed as it's only ever set to -1.
1115
	 */
1116
	int		ms_mntstatus;
1117
	int		ms_mntflags;
1118
	const char	*ms_mntopts;
1119
} mount_state_t;
1120

1121
static int
1122
zfs_mount_one(zfs_handle_t *zhp, void *arg)
1123
{
1124
	mount_state_t *ms = arg;
1125
	int ret = 0;
1126

1127
	/*
1128
	 * don't attempt to mount encrypted datasets with
1129
	 * unloaded keys
1130
	 */
1131
	if (zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS) ==
1132
	    ZFS_KEYSTATUS_UNAVAILABLE)
1133
		return (0);
1134

1135
	if (zfs_mount(zhp, ms->ms_mntopts, ms->ms_mntflags) != 0)
1136
		ret = ms->ms_mntstatus = -1;
1137
	return (ret);
1138
}
1139

1140
static int
1141
zfs_share_one(zfs_handle_t *zhp, void *arg)
1142
{
1143
	mount_state_t *ms = arg;
1144
	int ret = 0;
1145

1146
	if (zfs_share(zhp, NULL) != 0)
1147
		ret = ms->ms_mntstatus = -1;
1148
	return (ret);
1149
}
1150

1151
/*
1152
 * Thread pool function to mount one file system. On completion, it finds and
1153
 * schedules its children to be mounted. This depends on the sorting done in
1154
 * zfs_foreach_mountpoint(). Note that the degenerate case (chain of entries
1155
 * each descending from the previous) will have no parallelism since we always
1156
 * have to wait for the parent to finish mounting before we can schedule
1157
 * its children.
1158
 */
1159
static void
1160
zfs_mount_task(void *arg)
1161
{
1162
	mnt_param_t *mp = arg;
1163
	int idx = mp->mnt_idx;
1164
	zfs_handle_t **handles = mp->mnt_zhps;
1165
	size_t num_handles = mp->mnt_num_handles;
1166
	char mountpoint[ZFS_MAXPROPLEN];
1167

1168
	verify(zfs_prop_get(handles[idx], ZFS_PROP_MOUNTPOINT, mountpoint,
1169
	    sizeof (mountpoint), NULL, NULL, 0, B_FALSE) == 0);
1170

1171
	if (mp->mnt_func(handles[idx], mp->mnt_data) != 0)
1172
		goto out;
1173

1174
	/*
1175
	 * We dispatch tasks to mount filesystems with mountpoints underneath
1176
	 * this one. We do this by dispatching the next filesystem with a
1177
	 * descendant mountpoint of the one we just mounted, then skip all of
1178
	 * its descendants, dispatch the next descendant mountpoint, and so on.
1179
	 * The non_descendant_idx() function skips over filesystems that are
1180
	 * descendants of the filesystem we just dispatched.
1181
	 */
1182
	for (int i = idx + 1; i < num_handles;
1183
	    i = non_descendant_idx(handles, num_handles, i)) {
1184
		char child[ZFS_MAXPROPLEN];
1185
		verify(zfs_prop_get(handles[i], ZFS_PROP_MOUNTPOINT,
1186
		    child, sizeof (child), NULL, NULL, 0, B_FALSE) == 0);
1187

1188
		if (!libzfs_path_contains(mountpoint, child))
1189
			break; /* not a descendant, return */
1190
		zfs_dispatch_mount(mp->mnt_hdl, handles, num_handles, i,
1191
		    mp->mnt_func, mp->mnt_data, mp->mnt_tp);
1192
	}
1193

1194
out:
1195
	free(mp);
1196
}
1197

1198
/*
1199
 * Issue the func callback for each ZFS handle contained in the handles
1200
 * array. This function is used to mount all datasets, and so this function
1201
 * guarantees that filesystems for parent mountpoints are called before their
1202
 * children. As such, before issuing any callbacks, we first sort the array
1203
 * of handles by mountpoint.
1204
 *
1205
 * Callbacks are issued in one of two ways:
1206
 *
1207
 * 1. Sequentially: If the nthr argument is <= 1 or the ZFS_SERIAL_MOUNT
1208
 *    environment variable is set, then we issue callbacks sequentially.
1209
 *
1210
 * 2. In parallel: If the nthr argument is > 1 and the ZFS_SERIAL_MOUNT
1211
 *    environment variable is not set, then we use a tpool to dispatch threads
1212
 *    to mount filesystems in parallel. This function dispatches tasks to mount
1213
 *    the filesystems at the top-level mountpoints, and these tasks in turn
1214
 *    are responsible for recursively mounting filesystems in their children
1215
 *    mountpoints.  The value of the nthr argument will be the number of worker
1216
 *    threads for the thread pool.
1217
 */
1218
void
1219
zfs_foreach_mountpoint(libzfs_handle_t *hdl, zfs_handle_t **handles,
1220
    size_t num_handles, zfs_iter_f func, void *data, uint_t nthr)
1221
{
1222
	zoneid_t zoneid = getzoneid();
1223

1224
	/*
1225
	 * The ZFS_SERIAL_MOUNT environment variable is an undocumented
1226
	 * variable that can be used as a convenience to do a/b comparison
1227
	 * of serial vs. parallel mounting.
1228
	 */
1229
	boolean_t serial_mount = nthr <= 1 ||
1230
	    (getenv("ZFS_SERIAL_MOUNT") != NULL);
1231

1232
	/*
1233
	 * Sort the datasets by mountpoint. See mountpoint_cmp for details
1234
	 * of how these are sorted.
1235
	 */
1236
	qsort(handles, num_handles, sizeof (zfs_handle_t *), mountpoint_cmp);
1237

1238
	if (serial_mount) {
1239
		for (int i = 0; i < num_handles; i++) {
1240
			func(handles[i], data);
1241
		}
1242
		return;
1243
	}
1244

1245
	/*
1246
	 * Issue the callback function for each dataset using a parallel
1247
	 * algorithm that uses a thread pool to manage threads.
1248
	 */
1249
	tpool_t *tp = tpool_create(1, nthr, 0, NULL);
1250

1251
	/*
1252
	 * There may be multiple "top level" mountpoints outside of the pool's
1253
	 * root mountpoint, e.g.: /foo /bar. Dispatch a mount task for each of
1254
	 * these.
1255
	 */
1256
	for (int i = 0; i < num_handles;
1257
	    i = non_descendant_idx(handles, num_handles, i)) {
1258
		/*
1259
		 * Since the mountpoints have been sorted so that the zoned
1260
		 * filesystems are at the end, a zoned filesystem seen from
1261
		 * the global zone means that we're done.
1262
		 */
1263
		if (zoneid == GLOBAL_ZONEID &&
1264
		    zfs_prop_get_int(handles[i], ZFS_PROP_ZONED))
1265
			break;
1266
		zfs_dispatch_mount(hdl, handles, num_handles, i, func, data,
1267
		    tp);
1268
	}
1269

1270
	tpool_wait(tp);	/* wait for all scheduled mounts to complete */
1271
	tpool_destroy(tp);
1272
}
1273

1274
/*
1275
 * Mount and share all datasets within the given pool.  This assumes that no
1276
 * datasets within the pool are currently mounted.  nthr will be number of
1277
 * worker threads to use while mounting datasets.
1278
 */
1279
int
1280
zpool_enable_datasets(zpool_handle_t *zhp, const char *mntopts, int flags,
1281
    uint_t nthr)
1282
{
1283
	get_all_cb_t cb = { 0 };
1284
	mount_state_t ms = { 0 };
1285
	zfs_handle_t *zfsp;
1286
	int ret = 0;
1287

1288
	if ((zfsp = zfs_open(zhp->zpool_hdl, zhp->zpool_name,
1289
	    ZFS_TYPE_DATASET)) == NULL)
1290
		goto out;
1291

1292
	/*
1293
	 * Gather all non-snapshot datasets within the pool. Start by adding
1294
	 * the root filesystem for this pool to the list, and then iterate
1295
	 * over all child filesystems.
1296
	 */
1297
	libzfs_add_handle(&cb, zfsp);
1298
	if (zfs_iter_filesystems_v2(zfsp, 0, zfs_iter_cb, &cb) != 0)
1299
		goto out;
1300

1301
	/*
1302
	 * Mount all filesystems
1303
	 */
1304
	ms.ms_mntopts = mntopts;
1305
	ms.ms_mntflags = flags;
1306
	zfs_foreach_mountpoint(zhp->zpool_hdl, cb.cb_handles, cb.cb_used,
1307
	    zfs_mount_one, &ms, nthr);
1308
	if (ms.ms_mntstatus != 0)
1309
		ret = EZFS_MOUNTFAILED;
1310

1311
	/*
1312
	 * Share all filesystems that need to be shared. This needs to be
1313
	 * a separate pass because libshare is not mt-safe, and so we need
1314
	 * to share serially.
1315
	 */
1316
	ms.ms_mntstatus = 0;
1317
	zfs_foreach_mountpoint(zhp->zpool_hdl, cb.cb_handles, cb.cb_used,
1318
	    zfs_share_one, &ms, 1);
1319
	if (ms.ms_mntstatus != 0)
1320
		ret = EZFS_SHAREFAILED;
1321
	else
1322
		zfs_commit_shares(NULL);
1323

1324
out:
1325
	for (int i = 0; i < cb.cb_used; i++)
1326
		zfs_close(cb.cb_handles[i]);
1327
	free(cb.cb_handles);
1328

1329
	return (ret);
1330
}
1331

1332
struct sets_s {
1333
	char *mountpoint;
1334
	zfs_handle_t *dataset;
1335
};
1336

1337
static int
1338
mountpoint_compare(const void *a, const void *b)
1339
{
1340
	const struct sets_s *mounta = (struct sets_s *)a;
1341
	const struct sets_s *mountb = (struct sets_s *)b;
1342

1343
	return (strcmp(mountb->mountpoint, mounta->mountpoint));
1344
}
1345

1346
/*
1347
 * Unshare and unmount all datasets within the given pool.  We don't want to
1348
 * rely on traversing the DSL to discover the filesystems within the pool,
1349
 * because this may be expensive (if not all of them are mounted), and can fail
1350
 * arbitrarily (on I/O error, for example).  Instead, we walk /proc/self/mounts
1351
 * and gather all the filesystems that are currently mounted.
1352
 */
1353
int
1354
zpool_disable_datasets(zpool_handle_t *zhp, boolean_t force)
1355
{
1356
	int used, alloc;
1357
	FILE *mnttab;
1358
	struct mnttab entry;
1359
	size_t namelen;
1360
	struct sets_s *sets = NULL;
1361
	libzfs_handle_t *hdl = zhp->zpool_hdl;
1362
	int i;
1363
	int ret = -1;
1364
	int flags = (force ? MS_FORCE : 0);
1365

1366
	namelen = strlen(zhp->zpool_name);
1367

1368
	if ((mnttab = fopen(MNTTAB, "re")) == NULL)
1369
		return (ENOENT);
1370

1371
	used = alloc = 0;
1372
	while (getmntent(mnttab, &entry) == 0) {
1373
		/*
1374
		 * Ignore non-ZFS entries.
1375
		 */
1376
		if (entry.mnt_fstype == NULL ||
1377
		    strcmp(entry.mnt_fstype, MNTTYPE_ZFS) != 0)
1378
			continue;
1379

1380
		/*
1381
		 * Ignore filesystems not within this pool.
1382
		 */
1383
		if (entry.mnt_mountp == NULL ||
1384
		    strncmp(entry.mnt_special, zhp->zpool_name, namelen) != 0 ||
1385
		    (entry.mnt_special[namelen] != '/' &&
1386
		    entry.mnt_special[namelen] != '\0'))
1387
			continue;
1388

1389
		/*
1390
		 * At this point we've found a filesystem within our pool.  Add
1391
		 * it to our growing list.
1392
		 */
1393
		if (used == alloc) {
1394
			if (alloc == 0) {
1395
				sets = zfs_alloc(hdl,
1396
				    8 * sizeof (struct sets_s));
1397
				alloc = 8;
1398
			} else {
1399
				sets = zfs_realloc(hdl, sets,
1400
				    alloc * sizeof (struct sets_s),
1401
				    alloc * 2 * sizeof (struct sets_s));
1402

1403
				alloc *= 2;
1404
			}
1405
		}
1406

1407
		sets[used].mountpoint = zfs_strdup(hdl, entry.mnt_mountp);
1408

1409
		/*
1410
		 * This is allowed to fail, in case there is some I/O error.  It
1411
		 * is only used to determine if we need to remove the underlying
1412
		 * mountpoint, so failure is not fatal.
1413
		 */
1414
		sets[used].dataset = make_dataset_handle(hdl,
1415
		    entry.mnt_special);
1416

1417
		used++;
1418
	}
1419

1420
	/*
1421
	 * At this point, we have the entire list of filesystems, so sort it by
1422
	 * mountpoint.
1423
	 */
1424
	if (used != 0)
1425
		qsort(sets, used, sizeof (struct sets_s), mountpoint_compare);
1426

1427
	/*
1428
	 * Walk through and first unshare everything.
1429
	 */
1430
	for (i = 0; i < used; i++) {
1431
		for (enum sa_protocol p = 0; p < SA_PROTOCOL_COUNT; ++p) {
1432
			if (sa_is_shared(sets[i].mountpoint, p) &&
1433
			    unshare_one(hdl, sets[i].mountpoint,
1434
			    sets[i].mountpoint, p) != 0)
1435
				goto out;
1436
		}
1437
	}
1438
	zfs_commit_shares(NULL);
1439

1440
	/*
1441
	 * Now unmount everything, removing the underlying directories as
1442
	 * appropriate.
1443
	 */
1444
	for (i = 0; i < used; i++) {
1445
		if (unmount_one(sets[i].dataset, sets[i].mountpoint,
1446
		    flags) != 0)
1447
			goto out;
1448
	}
1449

1450
	for (i = 0; i < used; i++) {
1451
		if (sets[i].dataset)
1452
			remove_mountpoint(sets[i].dataset);
1453
	}
1454

1455
	zpool_disable_datasets_os(zhp, force);
1456

1457
	ret = 0;
1458
out:
1459
	(void) fclose(mnttab);
1460
	for (i = 0; i < used; i++) {
1461
		if (sets[i].dataset)
1462
			zfs_close(sets[i].dataset);
1463
		free(sets[i].mountpoint);
1464
	}
1465
	free(sets);
1466

1467
	return (ret);
1468
}
1469

1470