1
// SPDX-License-Identifier: CDDL-1.0
2
/*
3
 * CDDL HEADER START
4
 *
5
 * The contents of this file are subject to the terms of the
6
 * Common Development and Distribution License (the "License").
7
 * You may not use this file except in compliance with the License.
8
 *
9
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10
 * or https://opensource.org/licenses/CDDL-1.0.
11
 * See the License for the specific language governing permissions
12
 * and limitations under the License.
13
 *
14
 * When distributing Covered Code, include this CDDL HEADER in each
15
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16
 * If applicable, add the following below this CDDL HEADER, with the
17
 * fields enclosed by brackets "[]" replaced with your own identifying
18
 * information: Portions Copyright [yyyy] [name of copyright owner]
19
 *
20
 * CDDL HEADER END
21
 */
22
/*
23
 *
24
 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
25
 * Copyright (C) 2011 Lawrence Livermore National Security, LLC.
26
 * Produced at Lawrence Livermore National Laboratory (cf, DISCLAIMER).
27
 * LLNL-CODE-403049.
28
 * Rewritten for Linux by:
29
 *   Rohan Puri <[email protected]>
30
 *   Brian Behlendorf <[email protected]>
31
 * Copyright (c) 2013 by Delphix. All rights reserved.
32
 * Copyright 2015, OmniTI Computer Consulting, Inc. All rights reserved.
33
 * Copyright (c) 2018 George Melikov. All Rights Reserved.
34
 * Copyright (c) 2019 Datto, Inc. All rights reserved.
35
 * Copyright (c) 2020 The MathWorks, Inc. All rights reserved.
36
 */
37

38
/*
39
 * ZFS control directory (a.k.a. ".zfs")
40
 *
41
 * This directory provides a common location for all ZFS meta-objects.
42
 * Currently, this is only the 'snapshot' and 'shares' directory, but this may
43
 * expand in the future.  The elements are built dynamically, as the hierarchy
44
 * does not actually exist on disk.
45
 *
46
 * For 'snapshot', we don't want to have all snapshots always mounted, because
47
 * this would take up a huge amount of space in /etc/mnttab.  We have three
48
 * types of objects:
49
 *
50
 *	ctldir ------> snapshotdir -------> snapshot
51
 *                                             |
52
 *                                             |
53
 *                                             V
54
 *                                         mounted fs
55
 *
56
 * The 'snapshot' node contains just enough information to lookup '..' and act
57
 * as a mountpoint for the snapshot.  Whenever we lookup a specific snapshot, we
58
 * perform an automount of the underlying filesystem and return the
59
 * corresponding inode.
60
 *
61
 * All mounts are handled automatically by an user mode helper which invokes
62
 * the mount procedure.  Unmounts are handled by allowing the mount
63
 * point to expire so the kernel may automatically unmount it.
64
 *
65
 * The '.zfs', '.zfs/snapshot', and all directories created under
66
 * '.zfs/snapshot' (ie: '.zfs/snapshot/<snapname>') all share the same
67
 * zfsvfs_t as the head filesystem (what '.zfs' lives under).
68
 *
69
 * File systems mounted on top of the '.zfs/snapshot/<snapname>' paths
70
 * (ie: snapshots) are complete ZFS filesystems and have their own unique
71
 * zfsvfs_t.  However, the fsid reported by these mounts will be the same
72
 * as that used by the parent zfsvfs_t to make NFS happy.
73
 */
74

75
#include <sys/types.h>
76
#include <sys/param.h>
77
#include <sys/time.h>
78
#include <sys/sysmacros.h>
79
#include <sys/pathname.h>
80
#include <sys/vfs.h>
81
#include <sys/zfs_ctldir.h>
82
#include <sys/zfs_ioctl.h>
83
#include <sys/zfs_vfsops.h>
84
#include <sys/zfs_vnops.h>
85
#include <sys/stat.h>
86
#include <sys/dmu.h>
87
#include <sys/dmu_objset.h>
88
#include <sys/dsl_destroy.h>
89
#include <sys/dsl_deleg.h>
90
#include <sys/zpl.h>
91
#include <sys/mntent.h>
92
#include "zfs_namecheck.h"
93

94
/*
95
 * Two AVL trees are maintained which contain all currently automounted
96
 * snapshots.  Every automounted snapshots maps to a single zfs_snapentry_t
97
 * entry which MUST:
98
 *
99
 *   - be attached to both trees, and
100
 *   - be unique, no duplicate entries are allowed.
101
 *
102
 * The zfs_snapshots_by_name tree is indexed by the full dataset name
103
 * while the zfs_snapshots_by_objsetid tree is indexed by the unique
104
 * objsetid.  This allows for fast lookups either by name or objsetid.
105
 */
106
static avl_tree_t zfs_snapshots_by_name;
107
static avl_tree_t zfs_snapshots_by_objsetid;
108
static krwlock_t zfs_snapshot_lock;
109

110
/*
111
 * Control Directory Tunables (.zfs)
112
 */
113
int zfs_expire_snapshot = ZFSCTL_EXPIRE_SNAPSHOT;
114
static int zfs_admin_snapshot = 0;
115
static int zfs_snapshot_no_setuid = 0;
116

117
typedef struct {
118
	char		*se_name;	/* full snapshot name */
119
	char		*se_path;	/* full mount path */
120
	spa_t		*se_spa;	/* pool spa (NULL if pending) */
121
	uint64_t	se_objsetid;	/* snapshot objset id */
122
	struct dentry   *se_root_dentry; /* snapshot root dentry */
123
	taskqid_t	se_taskqid;	/* scheduled unmount taskqid */
124
	avl_node_t	se_node_name;	/* zfs_snapshots_by_name link */
125
	avl_node_t	se_node_objsetid; /* zfs_snapshots_by_objsetid link */
126
	zfs_refcount_t	se_refcount;	/* reference count */
127
	kmutex_t	se_mtx;		/* protects se_mounting and se_cv */
128
	kcondvar_t	se_cv;		/* signal mount completion */
129
	boolean_t	se_mounting;	/* mount operation in progress */
130
	int		se_mount_error;	/* error from failed mount */
131
} zfs_snapentry_t;
132

133
static void zfsctl_snapshot_unmount_delay_impl(zfs_snapentry_t *se, int delay);
134

135
/*
136
 * Allocate a new zfs_snapentry_t being careful to make a copy of the
137
 * the snapshot name and provided mount point.  No reference is taken.
138
 */
139
static zfs_snapentry_t *
140
zfsctl_snapshot_alloc(const char *full_name, const char *full_path, spa_t *spa,
141
    uint64_t objsetid, struct dentry *root_dentry)
142
{
143
	zfs_snapentry_t *se;
144

145
	se = kmem_zalloc(sizeof (zfs_snapentry_t), KM_SLEEP);
146

147
	se->se_name = kmem_strdup(full_name);
148
	se->se_path = kmem_strdup(full_path);
149
	se->se_spa = spa;
150
	se->se_objsetid = objsetid;
151
	se->se_root_dentry = root_dentry;
152
	se->se_taskqid = TASKQID_INVALID;
153
	mutex_init(&se->se_mtx, NULL, MUTEX_DEFAULT, NULL);
154
	cv_init(&se->se_cv, NULL, CV_DEFAULT, NULL);
155
	se->se_mounting = B_FALSE;
156
	se->se_mount_error = 0;
157

158
	zfs_refcount_create(&se->se_refcount);
159

160
	return (se);
161
}
162

163
/*
164
 * Free a zfs_snapentry_t the caller must ensure there are no active
165
 * references.
166
 */
167
static void
168
zfsctl_snapshot_free(zfs_snapentry_t *se)
169
{
170
	zfs_refcount_destroy(&se->se_refcount);
171
	kmem_strfree(se->se_name);
172
	kmem_strfree(se->se_path);
173
	mutex_destroy(&se->se_mtx);
174
	cv_destroy(&se->se_cv);
175

176
	kmem_free(se, sizeof (zfs_snapentry_t));
177
}
178

179
/*
180
 * Hold a reference on the zfs_snapentry_t.
181
 */
182
static void
183
zfsctl_snapshot_hold(zfs_snapentry_t *se)
184
{
185
	zfs_refcount_add(&se->se_refcount, NULL);
186
}
187

188
/*
189
 * Release a reference on the zfs_snapentry_t.  When the number of
190
 * references drops to zero the structure will be freed.
191
 */
192
static void
193
zfsctl_snapshot_rele(zfs_snapentry_t *se)
194
{
195
	if (zfs_refcount_remove(&se->se_refcount, NULL) == 0)
196
		zfsctl_snapshot_free(se);
197
}
198

199
/*
200
 * Add a zfs_snapentry_t to the zfs_snapshots_by_name tree.  If the entry
201
 * is not pending (se_spa != NULL), also add to zfs_snapshots_by_objsetid.
202
 * While the zfs_snapentry_t is part of the trees a reference is held.
203
 */
204
static void
205
zfsctl_snapshot_add(zfs_snapentry_t *se)
206
{
207
	ASSERT(RW_WRITE_HELD(&zfs_snapshot_lock));
208
	zfsctl_snapshot_hold(se);
209
	avl_add(&zfs_snapshots_by_name, se);
210
	if (se->se_spa != NULL)
211
		avl_add(&zfs_snapshots_by_objsetid, se);
212
}
213

214
/*
215
 * Remove a zfs_snapentry_t from the zfs_snapshots_by_name tree and
216
 * zfs_snapshots_by_objsetid tree (if not pending).  Upon removal a
217
 * reference is dropped, this can result in the structure being freed
218
 * if that was the last remaining reference.
219
 */
220
static void
221
zfsctl_snapshot_remove(zfs_snapentry_t *se)
222
{
223
	ASSERT(RW_WRITE_HELD(&zfs_snapshot_lock));
224
	avl_remove(&zfs_snapshots_by_name, se);
225
	if (se->se_spa != NULL)
226
		avl_remove(&zfs_snapshots_by_objsetid, se);
227
	zfsctl_snapshot_rele(se);
228
}
229

230
/*
231
 * Fill a pending zfs_snapentry_t after mount succeeds.  Fills in the
232
 * remaining fields and adds the entry to the zfs_snapshots_by_objsetid tree.
233
 */
234
static void
235
zfsctl_snapshot_fill(zfs_snapentry_t *se, spa_t *spa, uint64_t objsetid,
236
    struct dentry *root_dentry)
237
{
238
	ASSERT(RW_WRITE_HELD(&zfs_snapshot_lock));
239
	ASSERT3P(se->se_spa, ==, NULL);
240
	se->se_spa = spa;
241
	se->se_objsetid = objsetid;
242
	se->se_root_dentry = root_dentry;
243
	avl_add(&zfs_snapshots_by_objsetid, se);
244
}
245

246
/*
247
 * Snapshot name comparison function for the zfs_snapshots_by_name.
248
 */
249
static int
250
snapentry_compare_by_name(const void *a, const void *b)
251
{
252
	const zfs_snapentry_t *se_a = a;
253
	const zfs_snapentry_t *se_b = b;
254
	int ret;
255

256
	ret = strcmp(se_a->se_name, se_b->se_name);
257

258
	if (ret < 0)
259
		return (-1);
260
	else if (ret > 0)
261
		return (1);
262
	else
263
		return (0);
264
}
265

266
/*
267
 * Snapshot name comparison function for the zfs_snapshots_by_objsetid.
268
 */
269
static int
270
snapentry_compare_by_objsetid(const void *a, const void *b)
271
{
272
	const zfs_snapentry_t *se_a = a;
273
	const zfs_snapentry_t *se_b = b;
274

275
	if (se_a->se_spa != se_b->se_spa)
276
		return ((ulong_t)se_a->se_spa < (ulong_t)se_b->se_spa ? -1 : 1);
277

278
	if (se_a->se_objsetid < se_b->se_objsetid)
279
		return (-1);
280
	else if (se_a->se_objsetid > se_b->se_objsetid)
281
		return (1);
282
	else
283
		return (0);
284
}
285

286
/*
287
 * Find a zfs_snapentry_t in zfs_snapshots_by_name.  If the snapname
288
 * is found a pointer to the zfs_snapentry_t is returned and a reference
289
 * taken on the structure.  The caller is responsible for dropping the
290
 * reference with zfsctl_snapshot_rele().  If the snapname is not found
291
 * NULL will be returned.
292
 */
293
static zfs_snapentry_t *
294
zfsctl_snapshot_find_by_name(const char *snapname)
295
{
296
	zfs_snapentry_t *se, search;
297

298
	ASSERT(RW_LOCK_HELD(&zfs_snapshot_lock));
299

300
	search.se_name = (char *)snapname;
301
	se = avl_find(&zfs_snapshots_by_name, &search, NULL);
302
	if (se)
303
		zfsctl_snapshot_hold(se);
304

305
	return (se);
306
}
307

308
/*
309
 * Find a zfs_snapentry_t in zfs_snapshots_by_objsetid given the objset id
310
 * rather than the snapname.  In all other respects it behaves the same
311
 * as zfsctl_snapshot_find_by_name().
312
 */
313
static zfs_snapentry_t *
314
zfsctl_snapshot_find_by_objsetid(spa_t *spa, uint64_t objsetid)
315
{
316
	zfs_snapentry_t *se, search;
317

318
	ASSERT(RW_LOCK_HELD(&zfs_snapshot_lock));
319

320
	search.se_spa = spa;
321
	search.se_objsetid = objsetid;
322
	se = avl_find(&zfs_snapshots_by_objsetid, &search, NULL);
323
	if (se)
324
		zfsctl_snapshot_hold(se);
325

326
	return (se);
327
}
328

329
/*
330
 * Rename a zfs_snapentry_t in the zfs_snapshots_by_name.  The structure is
331
 * removed, renamed, and added back to the new correct location in the tree.
332
 */
333
static int
334
zfsctl_snapshot_rename(const char *old_snapname, const char *new_snapname)
335
{
336
	zfs_snapentry_t *se;
337

338
	ASSERT(RW_WRITE_HELD(&zfs_snapshot_lock));
339

340
	se = zfsctl_snapshot_find_by_name(old_snapname);
341
	if (se == NULL)
342
		return (SET_ERROR(ENOENT));
343
	if (se->se_spa == NULL) {
344
		/* Snapshot mount is in progress */
345
		zfsctl_snapshot_rele(se);
346
		return (SET_ERROR(EBUSY));
347
	}
348

349
	zfsctl_snapshot_remove(se);
350
	kmem_strfree(se->se_name);
351
	se->se_name = kmem_strdup(new_snapname);
352
	zfsctl_snapshot_add(se);
353
	zfsctl_snapshot_rele(se);
354

355
	return (0);
356
}
357

358
/*
359
 * Delayed task responsible for unmounting an expired automounted snapshot.
360
 */
361
static void
362
snapentry_expire(void *data)
363
{
364
	zfs_snapentry_t *se = (zfs_snapentry_t *)data;
365
	spa_t *spa = se->se_spa;
366
	uint64_t objsetid = se->se_objsetid;
367

368
	if (zfs_expire_snapshot <= 0) {
369
		zfsctl_snapshot_rele(se);
370
		return;
371
	}
372

373
	(void) zfsctl_snapshot_unmount(se->se_name, MNT_EXPIRE);
374

375
	/*
376
	 * Clear taskqid and reschedule if the snapshot wasn't removed.
377
	 * This can occur when the snapshot is busy.
378
	 */
379
	rw_enter(&zfs_snapshot_lock, RW_WRITER);
380
	se->se_taskqid = TASKQID_INVALID;
381
	zfsctl_snapshot_rele(se);
382
	if ((se = zfsctl_snapshot_find_by_objsetid(spa, objsetid)) != NULL) {
383
		zfsctl_snapshot_unmount_delay_impl(se, zfs_expire_snapshot);
384
		zfsctl_snapshot_rele(se);
385
	}
386
	rw_exit(&zfs_snapshot_lock);
387
}
388

389
/*
390
 * Cancel an automatic unmount of a snapname.  This callback is responsible
391
 * for dropping the reference on the zfs_snapentry_t which was taken when
392
 * during dispatch.
393
 */
394
static void
395
zfsctl_snapshot_unmount_cancel(zfs_snapentry_t *se)
396
{
397
	int err = 0;
398

399
	ASSERT(RW_WRITE_HELD(&zfs_snapshot_lock));
400

401
	err = taskq_cancel_id(system_delay_taskq, se->se_taskqid, B_FALSE);
402
	/*
403
	 * Clear taskqid only if we successfully cancelled before execution.
404
	 * For ENOENT, task already cleared it. For EBUSY, task will clear
405
	 * it when done.
406
	 */
407
	if (err == 0) {
408
		se->se_taskqid = TASKQID_INVALID;
409
		zfsctl_snapshot_rele(se);
410
	}
411
}
412

413
/*
414
 * Dispatch the unmount task for delayed handling with a hold protecting it.
415
 */
416
static void
417
zfsctl_snapshot_unmount_delay_impl(zfs_snapentry_t *se, int delay)
418
{
419
	ASSERT(RW_LOCK_HELD(&zfs_snapshot_lock));
420

421
	if (delay <= 0)
422
		return;
423

424
	/*
425
	 * If this condition happens, we managed to:
426
	 * - dispatch once
427
	 * - want to dispatch _again_ before it returned
428
	 *
429
	 * So let's just return - if that task fails at unmounting,
430
	 * we'll eventually dispatch again, and if it succeeds,
431
	 * no problem.
432
	 */
433
	if (se->se_taskqid != TASKQID_INVALID) {
434
		return;
435
	}
436

437
	zfsctl_snapshot_hold(se);
438
	se->se_taskqid = taskq_dispatch_delay(system_delay_taskq,
439
	    snapentry_expire, se, TQ_SLEEP, ddi_get_lbolt() + delay * HZ);
440
}
441

442
/*
443
 * Schedule an automatic unmount of objset id to occur in delay seconds from
444
 * now.  Any previous delayed unmount will be cancelled in favor of the
445
 * updated deadline.  A reference is taken by zfsctl_snapshot_find_by_name()
446
 * and held until the outstanding task is handled or cancelled.
447
 */
448
int
449
zfsctl_snapshot_unmount_delay(spa_t *spa, uint64_t objsetid, int delay)
450
{
451
	zfs_snapentry_t *se;
452
	int error = ENOENT;
453

454
	rw_enter(&zfs_snapshot_lock, RW_WRITER);
455
	if ((se = zfsctl_snapshot_find_by_objsetid(spa, objsetid)) != NULL) {
456
		zfsctl_snapshot_unmount_cancel(se);
457
		zfsctl_snapshot_unmount_delay_impl(se, delay);
458
		zfsctl_snapshot_rele(se);
459
		error = 0;
460
	}
461
	rw_exit(&zfs_snapshot_lock);
462

463
	return (error);
464
}
465

466
/*
467
 * Check if the given inode is a part of the virtual .zfs directory.
468
 */
469
boolean_t
470
zfsctl_is_node(struct inode *ip)
471
{
472
	return (ITOZ(ip)->z_is_ctldir);
473
}
474

475
/*
476
 * Check if the given inode is a .zfs/snapshots/snapname directory.
477
 */
478
boolean_t
479
zfsctl_is_snapdir(struct inode *ip)
480
{
481
	return (zfsctl_is_node(ip) && (ip->i_ino <= ZFSCTL_INO_SNAPDIRS));
482
}
483

484
/*
485
 * Allocate a new inode with the passed id and ops.
486
 */
487
static struct inode *
488
zfsctl_inode_alloc(zfsvfs_t *zfsvfs, uint64_t id,
489
    const struct file_operations *fops, const struct inode_operations *ops,
490
    uint64_t creation)
491
{
492
	struct inode *ip;
493
	znode_t *zp;
494
	inode_timespec_t now = {.tv_sec = creation};
495

496
	ip = new_inode(zfsvfs->z_sb);
497
	if (ip == NULL)
498
		return (NULL);
499

500
	if (!creation)
501
		now = current_time(ip);
502
	zp = ITOZ(ip);
503
	ASSERT0P(zp->z_dirlocks);
504
	ASSERT0P(zp->z_acl_cached);
505
	ASSERT0P(zp->z_xattr_cached);
506
	zp->z_id = id;
507
	zp->z_unlinked = B_FALSE;
508
	zp->z_atime_dirty = B_FALSE;
509
	zp->z_zn_prefetch = B_FALSE;
510
	zp->z_is_sa = B_FALSE;
511
	zp->z_is_ctldir = B_TRUE;
512
	zp->z_sa_hdl = NULL;
513
	zp->z_blksz = 0;
514
	zp->z_seq = 0;
515
	zp->z_mapcnt = 0;
516
	zp->z_size = 0;
517
	zp->z_pflags = 0;
518
	zp->z_mode = 0;
519
	zp->z_sync_cnt = 0;
520
	ip->i_generation = 0;
521
	ip->i_ino = id;
522
	ip->i_mode = (S_IFDIR | S_IRWXUGO);
523
	ip->i_uid = SUID_TO_KUID(0);
524
	ip->i_gid = SGID_TO_KGID(0);
525
	ip->i_blkbits = SPA_MINBLOCKSHIFT;
526
	zpl_inode_set_atime_to_ts(ip, now);
527
	zpl_inode_set_mtime_to_ts(ip, now);
528
	zpl_inode_set_ctime_to_ts(ip, now);
529
	ip->i_fop = fops;
530
	ip->i_op = ops;
531
#if defined(IOP_XATTR)
532
	ip->i_opflags &= ~IOP_XATTR;
533
#endif
534

535
	if (insert_inode_locked(ip)) {
536
		unlock_new_inode(ip);
537
		iput(ip);
538
		return (NULL);
539
	}
540

541
	mutex_enter(&zfsvfs->z_znodes_lock);
542
	list_insert_tail(&zfsvfs->z_all_znodes, zp);
543
	membar_producer();
544
	mutex_exit(&zfsvfs->z_znodes_lock);
545

546
	unlock_new_inode(ip);
547

548
	return (ip);
549
}
550

551
/*
552
 * Lookup the inode with given id, it will be allocated if needed.
553
 */
554
static struct inode *
555
zfsctl_inode_lookup(zfsvfs_t *zfsvfs, uint64_t id,
556
    const struct file_operations *fops, const struct inode_operations *ops)
557
{
558
	struct inode *ip = NULL;
559
	uint64_t creation = 0;
560
	dsl_dataset_t *snap_ds;
561
	dsl_pool_t *pool;
562

563
	while (ip == NULL) {
564
		ip = ilookup(zfsvfs->z_sb, (unsigned long)id);
565
		if (ip)
566
			break;
567

568
		if (id <= ZFSCTL_INO_SNAPDIRS && !creation) {
569
			pool = dmu_objset_pool(zfsvfs->z_os);
570
			dsl_pool_config_enter(pool, FTAG);
571
			if (!dsl_dataset_hold_obj(pool,
572
			    ZFSCTL_INO_SNAPDIRS - id, FTAG, &snap_ds)) {
573
				creation = dsl_get_creation(snap_ds);
574
				dsl_dataset_rele(snap_ds, FTAG);
575
			}
576
			dsl_pool_config_exit(pool, FTAG);
577
		}
578

579
		/* May fail due to concurrent zfsctl_inode_alloc() */
580
		ip = zfsctl_inode_alloc(zfsvfs, id, fops, ops, creation);
581
	}
582

583
	return (ip);
584
}
585

586
/*
587
 * Create the '.zfs' directory.  This directory is cached as part of the VFS
588
 * structure.  This results in a hold on the zfsvfs_t.  The code in zfs_umount()
589
 * therefore checks against a vfs_count of 2 instead of 1.  This reference
590
 * is removed when the ctldir is destroyed in the unmount.  All other entities
591
 * under the '.zfs' directory are created dynamically as needed.
592
 *
593
 * Because the dynamically created '.zfs' directory entries assume the use
594
 * of 64-bit inode numbers this support must be disabled on 32-bit systems.
595
 */
596
int
597
zfsctl_create(zfsvfs_t *zfsvfs)
598
{
599
	ASSERT0P(zfsvfs->z_ctldir);
600

601
	zfsvfs->z_ctldir = zfsctl_inode_alloc(zfsvfs, ZFSCTL_INO_ROOT,
602
	    &zpl_fops_root, &zpl_ops_root, 0);
603
	if (zfsvfs->z_ctldir == NULL)
604
		return (SET_ERROR(ENOENT));
605

606
	return (0);
607
}
608

609
/*
610
 * Destroy the '.zfs' directory or remove a snapshot from zfs_snapshots_by_name.
611
 * Only called when the filesystem is unmounted.
612
 */
613
void
614
zfsctl_destroy(zfsvfs_t *zfsvfs)
615
{
616
	if (zfsvfs->z_issnap) {
617
		zfs_snapentry_t *se;
618
		spa_t *spa = zfsvfs->z_os->os_spa;
619
		uint64_t objsetid = dmu_objset_id(zfsvfs->z_os);
620

621
		rw_enter(&zfs_snapshot_lock, RW_WRITER);
622
		se = zfsctl_snapshot_find_by_objsetid(spa, objsetid);
623
		if (se != NULL) {
624
			zfsctl_snapshot_remove(se);
625
			/*
626
			 * Don't wait if snapentry_expire task is calling
627
			 * umount, which may have resulted in this destroy
628
			 * call. Waiting would deadlock: snapentry_expire
629
			 * waits for umount while umount waits for task.
630
			 */
631
			zfsctl_snapshot_unmount_cancel(se);
632
			zfsctl_snapshot_rele(se);
633
		}
634
		rw_exit(&zfs_snapshot_lock);
635
	} else if (zfsvfs->z_ctldir) {
636
		iput(zfsvfs->z_ctldir);
637
		zfsvfs->z_ctldir = NULL;
638
	}
639
}
640

641
/*
642
 * Given a root znode, retrieve the associated .zfs directory.
643
 * Add a hold to the vnode and return it.
644
 */
645
struct inode *
646
zfsctl_root(znode_t *zp)
647
{
648
	ASSERT(zfs_has_ctldir(zp));
649
	/* Must have an existing ref, so igrab() cannot return NULL */
650
	VERIFY3P(igrab(ZTOZSB(zp)->z_ctldir), !=, NULL);
651
	return (ZTOZSB(zp)->z_ctldir);
652
}
653

654
/*
655
 * Generate a long fid to indicate a snapdir. We encode whether snapdir is
656
 * already mounted in gen field. We do this because nfsd lookup will not
657
 * trigger automount. Next time the nfsd does fh_to_dentry, we will notice
658
 * this and do automount and return ESTALE to force nfsd revalidate and follow
659
 * mount.
660
 */
661
static int
662
zfsctl_snapdir_fid(struct inode *ip, fid_t *fidp)
663
{
664
	zfid_short_t *zfid = (zfid_short_t *)fidp;
665
	zfid_long_t *zlfid = (zfid_long_t *)fidp;
666
	uint32_t gen = 0;
667
	uint64_t object;
668
	uint64_t objsetid;
669
	int i;
670
	struct dentry *dentry;
671

672
	if (fidp->fid_len < LONG_FID_LEN) {
673
		fidp->fid_len = LONG_FID_LEN;
674
		return (SET_ERROR(ENOSPC));
675
	}
676

677
	object = ip->i_ino;
678
	objsetid = ZFSCTL_INO_SNAPDIRS - ip->i_ino;
679
	zfid->zf_len = LONG_FID_LEN;
680

681
	dentry = d_obtain_alias(igrab(ip));
682
	if (!IS_ERR(dentry)) {
683
		gen = !!d_mountpoint(dentry);
684
		dput(dentry);
685
	}
686

687
	for (i = 0; i < sizeof (zfid->zf_object); i++)
688
		zfid->zf_object[i] = (uint8_t)(object >> (8 * i));
689

690
	for (i = 0; i < sizeof (zfid->zf_gen); i++)
691
		zfid->zf_gen[i] = (uint8_t)(gen >> (8 * i));
692

693
	for (i = 0; i < sizeof (zlfid->zf_setid); i++)
694
		zlfid->zf_setid[i] = (uint8_t)(objsetid >> (8 * i));
695

696
	for (i = 0; i < sizeof (zlfid->zf_setgen); i++)
697
		zlfid->zf_setgen[i] = 0;
698

699
	return (0);
700
}
701

702
/*
703
 * Generate an appropriate fid for an entry in the .zfs directory.
704
 */
705
int
706
zfsctl_fid(struct inode *ip, fid_t *fidp)
707
{
708
	znode_t		*zp = ITOZ(ip);
709
	zfsvfs_t	*zfsvfs = ITOZSB(ip);
710
	uint64_t	object = zp->z_id;
711
	zfid_short_t	*zfid;
712
	int		i;
713
	int		error;
714

715
	if ((error = zfs_enter(zfsvfs, FTAG)) != 0)
716
		return (error);
717

718
	if (zfsctl_is_snapdir(ip)) {
719
		zfs_exit(zfsvfs, FTAG);
720
		return (zfsctl_snapdir_fid(ip, fidp));
721
	}
722

723
	if (fidp->fid_len < SHORT_FID_LEN) {
724
		fidp->fid_len = SHORT_FID_LEN;
725
		zfs_exit(zfsvfs, FTAG);
726
		return (SET_ERROR(ENOSPC));
727
	}
728

729
	zfid = (zfid_short_t *)fidp;
730

731
	zfid->zf_len = SHORT_FID_LEN;
732

733
	for (i = 0; i < sizeof (zfid->zf_object); i++)
734
		zfid->zf_object[i] = (uint8_t)(object >> (8 * i));
735

736
	/* .zfs znodes always have a generation number of 0 */
737
	for (i = 0; i < sizeof (zfid->zf_gen); i++)
738
		zfid->zf_gen[i] = 0;
739

740
	zfs_exit(zfsvfs, FTAG);
741
	return (0);
742
}
743

744
/*
745
 * Construct a full dataset name in full_name: "pool/dataset@snap_name"
746
 */
747
static int
748
zfsctl_snapshot_name(zfsvfs_t *zfsvfs, const char *snap_name, int len,
749
    char *full_name)
750
{
751
	objset_t *os = zfsvfs->z_os;
752

753
	if (zfs_component_namecheck(snap_name, NULL, NULL) != 0)
754
		return (SET_ERROR(EILSEQ));
755

756
	dmu_objset_name(os, full_name);
757
	if ((strlen(full_name) + 1 + strlen(snap_name)) >= len)
758
		return (SET_ERROR(ENAMETOOLONG));
759

760
	(void) strcat(full_name, "@");
761
	(void) strcat(full_name, snap_name);
762

763
	return (0);
764
}
765

766
/*
767
 * Returns full path in full_path: "/pool/dataset/.zfs/snapshot/snap_name/"
768
 */
769
static int
770
zfsctl_snapshot_path_objset(zfsvfs_t *zfsvfs, uint64_t objsetid,
771
    int path_len, char *full_path)
772
{
773
	objset_t *os = zfsvfs->z_os;
774
	fstrans_cookie_t cookie;
775
	char *snapname;
776
	boolean_t case_conflict;
777
	uint64_t id, pos = 0;
778
	int error = 0;
779

780
	cookie = spl_fstrans_mark();
781
	snapname = kmem_alloc(ZFS_MAX_DATASET_NAME_LEN, KM_SLEEP);
782

783
	while (error == 0) {
784
		dsl_pool_config_enter(dmu_objset_pool(os), FTAG);
785
		error = dmu_snapshot_list_next(zfsvfs->z_os,
786
		    ZFS_MAX_DATASET_NAME_LEN, snapname, &id, &pos,
787
		    &case_conflict);
788
		dsl_pool_config_exit(dmu_objset_pool(os), FTAG);
789
		if (error)
790
			goto out;
791

792
		if (id == objsetid)
793
			break;
794
	}
795

796
	mutex_enter(&zfsvfs->z_vfs->vfs_mntpt_lock);
797
	if (zfsvfs->z_vfs->vfs_mntpoint != NULL) {
798
		snprintf(full_path, path_len, "%s/.zfs/snapshot/%s",
799
		    zfsvfs->z_vfs->vfs_mntpoint, snapname);
800
	} else
801
		error = SET_ERROR(ENOENT);
802
	mutex_exit(&zfsvfs->z_vfs->vfs_mntpt_lock);
803

804
out:
805
	kmem_free(snapname, ZFS_MAX_DATASET_NAME_LEN);
806
	spl_fstrans_unmark(cookie);
807

808
	return (error);
809
}
810

811
/*
812
 * Special case the handling of "..".
813
 */
814
int
815
zfsctl_root_lookup(struct inode *dip, const char *name, struct inode **ipp,
816
    int flags, cred_t *cr, int *direntflags, pathname_t *realpnp)
817
{
818
	zfsvfs_t *zfsvfs = ITOZSB(dip);
819
	int error = 0;
820

821
	if ((error = zfs_enter(zfsvfs, FTAG)) != 0)
822
		return (error);
823

824
	if (zfsvfs->z_show_ctldir == ZFS_SNAPDIR_DISABLED) {
825
		*ipp = NULL;
826
	} else if (strcmp(name, "..") == 0) {
827
		*ipp = dip->i_sb->s_root->d_inode;
828
	} else if (strcmp(name, ZFS_SNAPDIR_NAME) == 0) {
829
		*ipp = zfsctl_inode_lookup(zfsvfs, ZFSCTL_INO_SNAPDIR,
830
		    &zpl_fops_snapdir, &zpl_ops_snapdir);
831
	} else if (strcmp(name, ZFS_SHAREDIR_NAME) == 0) {
832
		*ipp = zfsctl_inode_lookup(zfsvfs, ZFSCTL_INO_SHARES,
833
		    &zpl_fops_shares, &zpl_ops_shares);
834
	} else {
835
		*ipp = NULL;
836
	}
837

838
	if (*ipp == NULL)
839
		error = SET_ERROR(ENOENT);
840

841
	zfs_exit(zfsvfs, FTAG);
842

843
	return (error);
844
}
845

846
/*
847
 * Lookup entry point for the 'snapshot' directory.  Try to open the
848
 * snapshot if it exist, creating the pseudo filesystem inode as necessary.
849
 */
850
int
851
zfsctl_snapdir_lookup(struct inode *dip, const char *name, struct inode **ipp,
852
    int flags, cred_t *cr, int *direntflags, pathname_t *realpnp)
853
{
854
	zfsvfs_t *zfsvfs = ITOZSB(dip);
855
	uint64_t id;
856
	int error;
857

858
	if ((error = zfs_enter(zfsvfs, FTAG)) != 0)
859
		return (error);
860

861
	error = dmu_snapshot_lookup(zfsvfs->z_os, name, &id);
862
	if (error) {
863
		zfs_exit(zfsvfs, FTAG);
864
		return (error);
865
	}
866

867
	*ipp = zfsctl_inode_lookup(zfsvfs, ZFSCTL_INO_SNAPDIRS - id,
868
	    &simple_dir_operations, &simple_dir_inode_operations);
869
	if (*ipp == NULL)
870
		error = SET_ERROR(ENOENT);
871

872
	zfs_exit(zfsvfs, FTAG);
873

874
	return (error);
875
}
876

877
/*
878
 * Renaming a directory under '.zfs/snapshot' will automatically trigger
879
 * a rename of the snapshot to the new given name.  The rename is confined
880
 * to the '.zfs/snapshot' directory snapshots cannot be moved elsewhere.
881
 */
882
int
883
zfsctl_snapdir_rename(struct inode *sdip, const char *snm,
884
    struct inode *tdip, const char *tnm, cred_t *cr, int flags)
885
{
886
	zfsvfs_t *zfsvfs = ITOZSB(sdip);
887
	char *to, *from, *real, *fsname;
888
	int error;
889

890
	if (!zfs_admin_snapshot)
891
		return (SET_ERROR(EACCES));
892

893
	if ((error = zfs_enter(zfsvfs, FTAG)) != 0)
894
		return (error);
895

896
	to = kmem_alloc(ZFS_MAX_DATASET_NAME_LEN, KM_SLEEP);
897
	from = kmem_alloc(ZFS_MAX_DATASET_NAME_LEN, KM_SLEEP);
898
	real = kmem_alloc(ZFS_MAX_DATASET_NAME_LEN, KM_SLEEP);
899
	fsname = kmem_alloc(ZFS_MAX_DATASET_NAME_LEN, KM_SLEEP);
900

901
	if (zfsvfs->z_case == ZFS_CASE_INSENSITIVE) {
902
		error = dmu_snapshot_realname(zfsvfs->z_os, snm, real,
903
		    ZFS_MAX_DATASET_NAME_LEN, NULL);
904
		if (error == 0) {
905
			snm = real;
906
		} else if (error != ENOTSUP) {
907
			goto out;
908
		}
909
	}
910

911
	dmu_objset_name(zfsvfs->z_os, fsname);
912

913
	error = zfsctl_snapshot_name(ITOZSB(sdip), snm,
914
	    ZFS_MAX_DATASET_NAME_LEN, from);
915
	if (error == 0)
916
		error = zfsctl_snapshot_name(ITOZSB(tdip), tnm,
917
		    ZFS_MAX_DATASET_NAME_LEN, to);
918
	if (error == 0)
919
		error = zfs_secpolicy_rename_perms(from, to, cr);
920
	if (error != 0)
921
		goto out;
922

923
	/*
924
	 * Cannot move snapshots out of the snapdir.
925
	 */
926
	if (sdip != tdip) {
927
		error = SET_ERROR(EINVAL);
928
		goto out;
929
	}
930

931
	/*
932
	 * No-op when names are identical.
933
	 */
934
	if (strcmp(snm, tnm) == 0) {
935
		error = 0;
936
		goto out;
937
	}
938

939
	rw_enter(&zfs_snapshot_lock, RW_WRITER);
940

941
	error = dsl_dataset_rename_snapshot(fsname, snm, tnm, B_FALSE);
942
	if (error == 0)
943
		(void) zfsctl_snapshot_rename(snm, tnm);
944

945
	rw_exit(&zfs_snapshot_lock);
946
out:
947
	kmem_free(from, ZFS_MAX_DATASET_NAME_LEN);
948
	kmem_free(to, ZFS_MAX_DATASET_NAME_LEN);
949
	kmem_free(real, ZFS_MAX_DATASET_NAME_LEN);
950
	kmem_free(fsname, ZFS_MAX_DATASET_NAME_LEN);
951

952
	zfs_exit(zfsvfs, FTAG);
953

954
	return (error);
955
}
956

957
/*
958
 * Removing a directory under '.zfs/snapshot' will automatically trigger
959
 * the removal of the snapshot with the given name.
960
 */
961
int
962
zfsctl_snapdir_remove(struct inode *dip, const char *name, cred_t *cr,
963
    int flags)
964
{
965
	zfsvfs_t *zfsvfs = ITOZSB(dip);
966
	char *snapname, *real;
967
	int error;
968

969
	if (!zfs_admin_snapshot)
970
		return (SET_ERROR(EACCES));
971

972
	if ((error = zfs_enter(zfsvfs, FTAG)) != 0)
973
		return (error);
974

975
	snapname = kmem_alloc(ZFS_MAX_DATASET_NAME_LEN, KM_SLEEP);
976
	real = kmem_alloc(ZFS_MAX_DATASET_NAME_LEN, KM_SLEEP);
977

978
	if (zfsvfs->z_case == ZFS_CASE_INSENSITIVE) {
979
		error = dmu_snapshot_realname(zfsvfs->z_os, name, real,
980
		    ZFS_MAX_DATASET_NAME_LEN, NULL);
981
		if (error == 0) {
982
			name = real;
983
		} else if (error != ENOTSUP) {
984
			goto out;
985
		}
986
	}
987

988
	error = zfsctl_snapshot_name(ITOZSB(dip), name,
989
	    ZFS_MAX_DATASET_NAME_LEN, snapname);
990
	if (error == 0)
991
		error = zfs_secpolicy_destroy_perms(snapname, cr);
992
	if (error != 0)
993
		goto out;
994

995
	error = zfsctl_snapshot_unmount(snapname, MNT_FORCE);
996
	if ((error == 0) || (error == ENOENT))
997
		error = dsl_destroy_snapshot(snapname, B_FALSE);
998
out:
999
	kmem_free(snapname, ZFS_MAX_DATASET_NAME_LEN);
1000
	kmem_free(real, ZFS_MAX_DATASET_NAME_LEN);
1001

1002
	zfs_exit(zfsvfs, FTAG);
1003

1004
	return (error);
1005
}
1006

1007
/*
1008
 * Creating a directory under '.zfs/snapshot' will automatically trigger
1009
 * the creation of a new snapshot with the given name.
1010
 */
1011
int
1012
zfsctl_snapdir_mkdir(struct inode *dip, const char *dirname, vattr_t *vap,
1013
    struct inode **ipp, cred_t *cr, int flags)
1014
{
1015
	zfsvfs_t *zfsvfs = ITOZSB(dip);
1016
	char *dsname;
1017
	int error;
1018

1019
	if (!zfs_admin_snapshot)
1020
		return (SET_ERROR(EACCES));
1021

1022
	dsname = kmem_alloc(ZFS_MAX_DATASET_NAME_LEN, KM_SLEEP);
1023

1024
	if (zfs_component_namecheck(dirname, NULL, NULL) != 0) {
1025
		error = SET_ERROR(EILSEQ);
1026
		goto out;
1027
	}
1028

1029
	dmu_objset_name(zfsvfs->z_os, dsname);
1030

1031
	error = zfs_secpolicy_snapshot_perms(dsname, cr);
1032
	if (error != 0)
1033
		goto out;
1034

1035
	if (error == 0) {
1036
		error = dmu_objset_snapshot_one(dsname, dirname);
1037
		if (error != 0)
1038
			goto out;
1039

1040
		error = zfsctl_snapdir_lookup(dip, dirname, ipp,
1041
		    0, cr, NULL, NULL);
1042
	}
1043
out:
1044
	kmem_free(dsname, ZFS_MAX_DATASET_NAME_LEN);
1045

1046
	return (error);
1047
}
1048

1049
/*
1050
 * Flush everything out of the kernel's export table and such.
1051
 * This is needed as once the snapshot is used over NFS, its
1052
 * entries in svc_export and svc_expkey caches hold reference
1053
 * to the snapshot mount point. There is no known way of flushing
1054
 * only the entries related to the snapshot.
1055
 */
1056
static void
1057
exportfs_flush(void)
1058
{
1059
	char *argv[] = { "/usr/sbin/exportfs", "-f", NULL };
1060
	char *envp[] = { NULL };
1061

1062
	(void) call_usermodehelper(argv[0], argv, envp, UMH_WAIT_PROC);
1063
}
1064

1065
/*
1066
 * Returns the path in char format for given struct path. Uses
1067
 * d_path exported by kernel to convert struct path to char
1068
 * format. Returns the correct path for mountpoints and chroot
1069
 * environments.
1070
 *
1071
 * If chroot environment has directories that are mounted with
1072
 * --bind or --rbind flag, d_path returns the complete path inside
1073
 * chroot environment but does not return the absolute path, i.e.
1074
 * the path to chroot environment is missing.
1075
 */
1076
static int
1077
get_root_path(struct path *path, char *buff, int len)
1078
{
1079
	char *path_buffer, *path_ptr;
1080
	int error = 0;
1081

1082
	path_get(path);
1083
	path_buffer = kmem_zalloc(len, KM_SLEEP);
1084
	path_ptr = d_path(path, path_buffer, len);
1085
	if (IS_ERR(path_ptr))
1086
		error = SET_ERROR(-PTR_ERR(path_ptr));
1087
	else
1088
		strcpy(buff, path_ptr);
1089

1090
	kmem_free(path_buffer, len);
1091
	path_put(path);
1092
	return (error);
1093
}
1094

1095
/*
1096
 * Returns if the current process root is chrooted or not. Linux
1097
 * kernel exposes the task_struct for current process and init.
1098
 * Since init process root points to actual root filesystem when
1099
 * Linux runtime is reached, we can compare the current process
1100
 * root with init process root to determine if root of the current
1101
 * process is different from init, which can reliably determine if
1102
 * current process is in chroot context or not.
1103
 */
1104
static int
1105
is_current_chrooted(void)
1106
{
1107
	struct task_struct *curr = current, *global = &init_task;
1108
	struct path cr_root, gl_root;
1109

1110
	task_lock(curr);
1111
	get_fs_root(curr->fs, &cr_root);
1112
	task_unlock(curr);
1113

1114
	task_lock(global);
1115
	get_fs_root(global->fs, &gl_root);
1116
	task_unlock(global);
1117

1118
	int chrooted = !path_equal(&cr_root, &gl_root);
1119
	path_put(&gl_root);
1120
	path_put(&cr_root);
1121

1122
	return (chrooted);
1123
}
1124

1125
/*
1126
 * Attempt to unmount a snapshot by making a call to user space.
1127
 * There is no assurance that this can or will succeed, is just a
1128
 * best effort.  In the case where it does fail, perhaps because
1129
 * it's in use, the unmount will fail harmlessly.
1130
 */
1131
int
1132
zfsctl_snapshot_unmount(const char *snapname, int flags)
1133
{
1134
	char *argv[] = { "/usr/bin/env", "umount", "-t", "zfs", "-n", NULL,
1135
	    NULL };
1136
	char *envp[] = { NULL };
1137
	zfs_snapentry_t *se;
1138
	int error;
1139

1140
	rw_enter(&zfs_snapshot_lock, RW_READER);
1141
	if ((se = zfsctl_snapshot_find_by_name(snapname)) == NULL) {
1142
		rw_exit(&zfs_snapshot_lock);
1143
		return (SET_ERROR(ENOENT));
1144
	}
1145
	rw_exit(&zfs_snapshot_lock);
1146

1147
	/*
1148
	 * Wait for any pending auto-mount to complete before unmounting.
1149
	 */
1150
	mutex_enter(&se->se_mtx);
1151
	while (se->se_mounting)
1152
		cv_wait(&se->se_cv, &se->se_mtx);
1153
	mutex_exit(&se->se_mtx);
1154

1155
	exportfs_flush();
1156

1157
	if (flags & MNT_FORCE)
1158
		argv[4] = "-fn";
1159
	argv[5] = se->se_path;
1160
	dprintf("unmount; path=%s\n", se->se_path);
1161
	error = call_usermodehelper(argv[0], argv, envp, UMH_WAIT_PROC);
1162
	zfsctl_snapshot_rele(se);
1163

1164

1165
	/*
1166
	 * The umount system utility will return 256 on error.  We must
1167
	 * assume this error is because the file system is busy so it is
1168
	 * converted to the more sensible EBUSY.
1169
	 */
1170
	if (error)
1171
		error = SET_ERROR(EBUSY);
1172

1173
	return (error);
1174
}
1175

1176
int
1177
zfsctl_snapshot_mount(struct path *path, int flags)
1178
{
1179
	struct dentry *dentry = path->dentry;
1180
	struct inode *ip = dentry->d_inode;
1181
	zfsvfs_t *zfsvfs;
1182
	zfsvfs_t *snap_zfsvfs;
1183
	zfs_snapentry_t *se;
1184
	char *full_name, *full_path, *options;
1185
	char *argv[] = { "/usr/bin/env", "mount", "-i", "-t", "zfs", "-n",
1186
	    "-o", NULL, NULL, NULL, NULL };
1187
	char *envp[] = { NULL };
1188
	int error;
1189
	struct path spath;
1190

1191
	if (ip == NULL)
1192
		return (SET_ERROR(EISDIR));
1193

1194
	zfsvfs = ITOZSB(ip);
1195
	if ((error = zfs_enter(zfsvfs, FTAG)) != 0)
1196
		return (error);
1197

1198
	full_name = kmem_zalloc(ZFS_MAX_DATASET_NAME_LEN, KM_SLEEP);
1199
	full_path = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1200
	options = kmem_zalloc(7, KM_SLEEP);
1201

1202
	error = zfsctl_snapshot_name(zfsvfs, dname(dentry),
1203
	    ZFS_MAX_DATASET_NAME_LEN, full_name);
1204
	if (error)
1205
		goto error;
1206

1207
	if (is_current_chrooted() == 0) {
1208
		/*
1209
		 * Current process is not in chroot context
1210
		 */
1211

1212
		char *m = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1213
		struct path mnt_path;
1214
		mnt_path.mnt = path->mnt;
1215
		mnt_path.dentry = path->mnt->mnt_root;
1216

1217
		/*
1218
		 * Get path to current mountpoint
1219
		 */
1220
		error = get_root_path(&mnt_path, m, MAXPATHLEN);
1221
		if (error != 0) {
1222
			kmem_free(m, MAXPATHLEN);
1223
			goto error;
1224
		}
1225
		mutex_enter(&zfsvfs->z_vfs->vfs_mntpt_lock);
1226
		if (zfsvfs->z_vfs->vfs_mntpoint != NULL) {
1227
			/*
1228
			 * If current mnountpoint and vfs_mntpoint are not same,
1229
			 * store current mountpoint in vfs_mntpoint.
1230
			 */
1231
			if (strcmp(zfsvfs->z_vfs->vfs_mntpoint, m) != 0) {
1232
				kmem_strfree(zfsvfs->z_vfs->vfs_mntpoint);
1233
				zfsvfs->z_vfs->vfs_mntpoint = kmem_strdup(m);
1234
			}
1235
		} else
1236
			zfsvfs->z_vfs->vfs_mntpoint = kmem_strdup(m);
1237
		mutex_exit(&zfsvfs->z_vfs->vfs_mntpt_lock);
1238
		kmem_free(m, MAXPATHLEN);
1239
	}
1240

1241
	/*
1242
	 * Construct a mount point path from sb of the ctldir inode and dirent
1243
	 * name, instead of from d_path(), so that chroot'd process doesn't fail
1244
	 * on mount.zfs(8).
1245
	 */
1246
	mutex_enter(&zfsvfs->z_vfs->vfs_mntpt_lock);
1247
	snprintf(full_path, MAXPATHLEN, "%s/.zfs/snapshot/%s",
1248
	    zfsvfs->z_vfs->vfs_mntpoint ? zfsvfs->z_vfs->vfs_mntpoint : "",
1249
	    dname(dentry));
1250
	mutex_exit(&zfsvfs->z_vfs->vfs_mntpt_lock);
1251

1252
	snprintf(options, 7, "%s",
1253
	    zfs_snapshot_no_setuid ? "nosuid" : "suid");
1254

1255
	/*
1256
	 * Check if snapshot is already being mounted. If found, wait for
1257
	 * pending mount to complete before returning success.
1258
	 */
1259
	rw_enter(&zfs_snapshot_lock, RW_WRITER);
1260
	if ((se = zfsctl_snapshot_find_by_name(full_name)) != NULL) {
1261
		rw_exit(&zfs_snapshot_lock);
1262
		mutex_enter(&se->se_mtx);
1263
		while (se->se_mounting)
1264
			cv_wait(&se->se_cv, &se->se_mtx);
1265

1266
		/*
1267
		 * Return the same error as the first mount attempt (0 if
1268
		 * succeeded, error code if failed).
1269
		 */
1270
		error = se->se_mount_error;
1271
		mutex_exit(&se->se_mtx);
1272
		zfsctl_snapshot_rele(se);
1273
		goto error;
1274
	}
1275

1276
	/*
1277
	 * Create pending entry and mark mount in progress.
1278
	 */
1279
	se = zfsctl_snapshot_alloc(full_name, full_path, NULL, 0, NULL);
1280
	se->se_mounting = B_TRUE;
1281
	zfsctl_snapshot_add(se);
1282
	zfsctl_snapshot_hold(se);
1283
	rw_exit(&zfs_snapshot_lock);
1284

1285
	/*
1286
	 * Attempt to mount the snapshot from user space.  Normally this
1287
	 * would be done using the vfs_kern_mount() function, however that
1288
	 * function is marked GPL-only and cannot be used.  On error we
1289
	 * careful to log the real error to the console and return EISDIR
1290
	 * to safely abort the automount.  This should be very rare.
1291
	 *
1292
	 * If the user mode helper happens to return EBUSY, a concurrent
1293
	 * mount is already in progress in which case the error is ignored.
1294
	 * Take note that if the program was executed successfully the return
1295
	 * value from call_usermodehelper() will be (exitcode << 8 + signal).
1296
	 */
1297
	dprintf("mount; name=%s path=%s\n", full_name, full_path);
1298
	argv[7] = options;
1299
	argv[8] = full_name;
1300
	argv[9] = full_path;
1301
	error = call_usermodehelper(argv[0], argv, envp, UMH_WAIT_PROC);
1302
	if (error) {
1303
		/*
1304
		 * Mount failed - cleanup pending entry and signal waiters.
1305
		 */
1306
		if (!(error & MOUNT_BUSY << 8)) {
1307
			zfs_dbgmsg("Unable to automount %s error=%d",
1308
			    full_path, error);
1309
			error = SET_ERROR(EISDIR);
1310
		} else {
1311
			/*
1312
			 * EBUSY, this could mean a concurrent mount, or the
1313
			 * snapshot has already been mounted at completely
1314
			 * different place. We return 0 so VFS will retry. For
1315
			 * the latter case the VFS will retry several times
1316
			 * and return ELOOP, which is probably not a very good
1317
			 * behavior.
1318
			 */
1319
			error = 0;
1320
		}
1321

1322
		rw_enter(&zfs_snapshot_lock, RW_WRITER);
1323
		zfsctl_snapshot_remove(se);
1324
		rw_exit(&zfs_snapshot_lock);
1325
		mutex_enter(&se->se_mtx);
1326
		se->se_mount_error = error;
1327
		se->se_mounting = B_FALSE;
1328
		cv_broadcast(&se->se_cv);
1329
		mutex_exit(&se->se_mtx);
1330
		zfsctl_snapshot_rele(se);
1331
		goto error;
1332
	}
1333

1334
	/*
1335
	 * Follow down in to the mounted snapshot and set MNT_SHRINKABLE
1336
	 * to identify this as an automounted filesystem.
1337
	 */
1338
	spath = *path;
1339
	path_get(&spath);
1340
	if (follow_down_one(&spath)) {
1341
		snap_zfsvfs = ITOZSB(spath.dentry->d_inode);
1342
		snap_zfsvfs->z_parent = zfsvfs;
1343
		dentry = spath.dentry;
1344
		spath.mnt->mnt_flags |= MNT_SHRINKABLE;
1345

1346
		rw_enter(&zfs_snapshot_lock, RW_WRITER);
1347
		zfsctl_snapshot_fill(se, snap_zfsvfs->z_os->os_spa,
1348
		    dmu_objset_id(snap_zfsvfs->z_os), dentry);
1349
		zfsctl_snapshot_unmount_delay_impl(se, zfs_expire_snapshot);
1350
		rw_exit(&zfs_snapshot_lock);
1351
	} else {
1352
		rw_enter(&zfs_snapshot_lock, RW_WRITER);
1353
		zfsctl_snapshot_remove(se);
1354
		rw_exit(&zfs_snapshot_lock);
1355
	}
1356
	path_put(&spath);
1357

1358
	/*
1359
	 * Signal mount completion and cleanup.
1360
	 */
1361
	mutex_enter(&se->se_mtx);
1362
	se->se_mounting = B_FALSE;
1363
	cv_broadcast(&se->se_cv);
1364
	mutex_exit(&se->se_mtx);
1365
	zfsctl_snapshot_rele(se);
1366
error:
1367
	kmem_free(full_name, ZFS_MAX_DATASET_NAME_LEN);
1368
	kmem_free(full_path, MAXPATHLEN);
1369

1370
	zfs_exit(zfsvfs, FTAG);
1371

1372
	return (error);
1373
}
1374

1375
/*
1376
 * Get the snapdir inode from fid
1377
 */
1378
int
1379
zfsctl_snapdir_vget(struct super_block *sb, uint64_t objsetid, int gen,
1380
    struct inode **ipp)
1381
{
1382
	int error;
1383
	struct path path;
1384
	char *mnt;
1385
	struct dentry *dentry;
1386

1387
	mnt = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1388

1389
	error = zfsctl_snapshot_path_objset(sb->s_fs_info, objsetid,
1390
	    MAXPATHLEN, mnt);
1391
	if (error)
1392
		goto out;
1393

1394
	/* Trigger automount */
1395
	error = -kern_path(mnt, LOOKUP_FOLLOW|LOOKUP_DIRECTORY, &path);
1396
	if (error)
1397
		goto out;
1398

1399
	path_put(&path);
1400
	/*
1401
	 * Get the snapdir inode. Note, we don't want to use the above
1402
	 * path because it contains the root of the snapshot rather
1403
	 * than the snapdir.
1404
	 */
1405
	*ipp = ilookup(sb, ZFSCTL_INO_SNAPDIRS - objsetid);
1406
	if (*ipp == NULL) {
1407
		error = SET_ERROR(ENOENT);
1408
		goto out;
1409
	}
1410

1411
	/* check gen, see zfsctl_snapdir_fid */
1412
	dentry = d_obtain_alias(igrab(*ipp));
1413
	if (gen != (!IS_ERR(dentry) && d_mountpoint(dentry))) {
1414
		iput(*ipp);
1415
		*ipp = NULL;
1416
		error = SET_ERROR(ENOENT);
1417
	}
1418
	if (!IS_ERR(dentry))
1419
		dput(dentry);
1420
out:
1421
	kmem_free(mnt, MAXPATHLEN);
1422
	return (error);
1423
}
1424

1425
int
1426
zfsctl_shares_lookup(struct inode *dip, char *name, struct inode **ipp,
1427
    int flags, cred_t *cr, int *direntflags, pathname_t *realpnp)
1428
{
1429
	zfsvfs_t *zfsvfs = ITOZSB(dip);
1430
	znode_t *zp;
1431
	znode_t *dzp;
1432
	int error;
1433

1434
	if ((error = zfs_enter(zfsvfs, FTAG)) != 0)
1435
		return (error);
1436

1437
	if (zfsvfs->z_shares_dir == 0) {
1438
		zfs_exit(zfsvfs, FTAG);
1439
		return (SET_ERROR(ENOTSUP));
1440
	}
1441

1442
	if ((error = zfs_zget(zfsvfs, zfsvfs->z_shares_dir, &dzp)) == 0) {
1443
		error = zfs_lookup(dzp, name, &zp, 0, cr, NULL, NULL);
1444
		zrele(dzp);
1445
	}
1446

1447
	zfs_exit(zfsvfs, FTAG);
1448

1449
	return (error);
1450
}
1451

1452
/*
1453
 * Initialize the various pieces we'll need to create and manipulate .zfs
1454
 * directories.  Currently this is unused but available.
1455
 */
1456
void
1457
zfsctl_init(void)
1458
{
1459
	avl_create(&zfs_snapshots_by_name, snapentry_compare_by_name,
1460
	    sizeof (zfs_snapentry_t), offsetof(zfs_snapentry_t,
1461
	    se_node_name));
1462
	avl_create(&zfs_snapshots_by_objsetid, snapentry_compare_by_objsetid,
1463
	    sizeof (zfs_snapentry_t), offsetof(zfs_snapentry_t,
1464
	    se_node_objsetid));
1465
	rw_init(&zfs_snapshot_lock, NULL, RW_DEFAULT, NULL);
1466
}
1467

1468
/*
1469
 * Cleanup the various pieces we needed for .zfs directories.  In particular
1470
 * ensure the expiry timer is canceled safely.
1471
 */
1472
void
1473
zfsctl_fini(void)
1474
{
1475
	avl_destroy(&zfs_snapshots_by_name);
1476
	avl_destroy(&zfs_snapshots_by_objsetid);
1477
	rw_destroy(&zfs_snapshot_lock);
1478
}
1479

1480
module_param(zfs_admin_snapshot, int, 0644);
1481
MODULE_PARM_DESC(zfs_admin_snapshot, "Enable mkdir/rmdir/mv in .zfs/snapshot");
1482

1483
module_param(zfs_expire_snapshot, int, 0644);
1484
MODULE_PARM_DESC(zfs_expire_snapshot, "Seconds to expire .zfs/snapshot");
1485

1486
module_param(zfs_snapshot_no_setuid, int, 0644);
1487
MODULE_PARM_DESC(zfs_snapshot_no_setuid,
1488
	"Disable setuid/setgid for automounts in .zfs/snapshot");
1489

1490