Properties set at creation time are not subject to the same checks as they would be with zfs set

The function zfs_valid_proplist() does some checks to ensure that new properties are not set that conflict with existing properties. However, this function will not perform these checks if the dataset does not exist yet. As a result it is possible to create datasets with properties that do not make sense. For example:

root@CaputisLandOfTheLost:~/zfs_stuff/tests# zfs create -V 10G pool/zvol
root@CaputisLandOfTheLost:~/zfs_stuff/tests# zfs set refreservation=20G pool/zvol
cannot set property for 'pool/zvol': 'refreservation' is greater than current volume size
root@CaputisLandOfTheLost:~/zfs_stuff/tests# zfs destroy pool/zvol
root@CaputisLandOfTheLost:~/zfs_stuff/tests# zfs create -V 10G -o refreservation=20G pool/zvol                                                                                                       
root@CaputisLandOfTheLost:~/zfs_stuff/tests# zfs get refreservation pool/zvol
NAME       PROPERTY        VALUE      SOURCE
pool/zvol  refreservation  20G        local

The problem stems from this line:

        /*
         * For changes to existing volumes, we have some additional
         * checks to enforce.
         */
        if (type == ZFS_TYPE_VOLUME && zhp != NULL) {
                        ...

If zhp == NULL (the dataset doesn't exist yet) the checks are skipped. Ideally, the checks should always be run, but they should check 1) the existing dataset properties 2) the properties nvlist and 3) the default values if nothing exists in the nvlist.

There should probably also be some kernel-side checking for this kind of thing.