Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_dir.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. 23 * Copyright (c) 2013 by Delphix. All rights reserved. 24 */ 25 26 #include <sys/types.h> 27 #include <sys/param.h> 28 #include <sys/time.h> 29 #include <sys/systm.h> 30 #include <sys/sysmacros.h> 31 #include <sys/resource.h> 32 #include <sys/vfs.h> 33 #include <sys/vnode.h> 34 #include <sys/file.h> 35 #include <sys/kmem.h> 36 #include <sys/uio.h> 37 #include <sys/cmn_err.h> 38 #include <sys/errno.h> 39 #include <sys/stat.h> 40 #include <sys/unistd.h> 41 #include <sys/sunddi.h> 42 #include <sys/random.h> 43 #include <sys/policy.h> 44 #include <sys/kcondvar.h> 45 #include <sys/callb.h> 46 #include <sys/smp.h> 47 #include <sys/zfs_dir.h> 48 #include <sys/zfs_acl.h> 49 #include <sys/fs/zfs.h> 50 #include <sys/zap.h> 51 #include <sys/dmu.h> 52 #include <sys/atomic.h> 53 #include <sys/zfs_ctldir.h> 54 #include <sys/zfs_fuid.h> 55 #include <sys/sa.h> 56 #include <sys/zfs_sa.h> 57 #include <sys/dnlc.h> 58 #include <sys/extdirent.h> 59 60 /* 61 * zfs_match_find() is used by zfs_dirent_lock() to peform zap lookups 62 * of names after deciding which is the appropriate lookup interface. 63 */ 64 static int 65 zfs_match_find(zfsvfs_t *zfsvfs, znode_t *dzp, char *name, boolean_t exact, 66 boolean_t update, int *deflags, pathname_t *rpnp, uint64_t *zoid) 67 { 68 int error; 69 70 if (zfsvfs->z_norm) { 71 matchtype_t mt = MT_FIRST; 72 boolean_t conflict = B_FALSE; 73 size_t bufsz = 0; 74 char *buf = NULL; 75 76 if (rpnp) { 77 buf = rpnp->pn_buf; 78 bufsz = rpnp->pn_bufsize; 79 } 80 if (exact) 81 mt = MT_EXACT; 82 /* 83 * In the non-mixed case we only expect there would ever 84 * be one match, but we need to use the normalizing lookup. 85 */ 86 error = zap_lookup_norm(zfsvfs->z_os, dzp->z_id, name, 8, 1, 87 zoid, mt, buf, bufsz, &conflict); 88 if (!error && deflags) 89 *deflags = conflict ? ED_CASE_CONFLICT : 0; 90 } else { 91 error = zap_lookup(zfsvfs->z_os, dzp->z_id, name, 8, 1, zoid); 92 } 93 *zoid = ZFS_DIRENT_OBJ(*zoid); 94 95 if (error == ENOENT && update) 96 dnlc_update(ZTOV(dzp), name, DNLC_NO_VNODE); 97 98 return (error); 99 } 100 101 /* 102 * Lock a directory entry. A dirlock on <dzp, name> protects that name 103 * in dzp's directory zap object. As long as you hold a dirlock, you can 104 * assume two things: (1) dzp cannot be reaped, and (2) no other thread 105 * can change the zap entry for (i.e. link or unlink) this name. 106 * 107 * Input arguments: 108 * dzp - znode for directory 109 * name - name of entry to lock 110 * flag - ZNEW: if the entry already exists, fail with EEXIST. 111 * ZEXISTS: if the entry does not exist, fail with ENOENT. 112 * ZSHARED: allow concurrent access with other ZSHARED callers. 113 * ZXATTR: we want dzp's xattr directory 114 * ZCILOOK: On a mixed sensitivity file system, 115 * this lookup should be case-insensitive. 116 * ZCIEXACT: On a purely case-insensitive file system, 117 * this lookup should be case-sensitive. 118 * ZRENAMING: we are locking for renaming, force narrow locks 119 * ZHAVELOCK: Don't grab the z_name_lock for this call. The 120 * current thread already holds it. 121 * 122 * Output arguments: 123 * zpp - pointer to the znode for the entry (NULL if there isn't one) 124 * dlpp - pointer to the dirlock for this entry (NULL on error) 125 * direntflags - (case-insensitive lookup only) 126 * flags if multiple case-sensitive matches exist in directory 127 * realpnp - (case-insensitive lookup only) 128 * actual name matched within the directory 129 * 130 * Return value: 0 on success or errno on failure. 131 * 132 * NOTE: Always checks for, and rejects, '.' and '..'. 133 * NOTE: For case-insensitive file systems we take wide locks (see below), 134 * but return znode pointers to a single match. 135 */ 136 int 137 zfs_dirent_lock(zfs_dirlock_t **dlpp, znode_t *dzp, char *name, znode_t **zpp, 138 int flag, int *direntflags, pathname_t *realpnp) 139 { 140 zfsvfs_t *zfsvfs = dzp->z_zfsvfs; 141 zfs_dirlock_t *dl; 142 boolean_t update; 143 boolean_t exact; 144 uint64_t zoid; 145 vnode_t *vp = NULL; 146 int error = 0; 147 int cmpflags; 148 149 *zpp = NULL; 150 *dlpp = NULL; 151 152 /* 153 * Verify that we are not trying to lock '.', '..', or '.zfs' 154 */ 155 if (name[0] == '.' && 156 (name[1] == '\0' || (name[1] == '.' && name[2] == '\0')) || 157 zfs_has_ctldir(dzp) && strcmp(name, ZFS_CTLDIR_NAME) == 0) 158 return (SET_ERROR(EEXIST)); 159 160 /* 161 * Case sensitivity and normalization preferences are set when 162 * the file system is created. These are stored in the 163 * zfsvfs->z_case and zfsvfs->z_norm fields. These choices 164 * affect what vnodes can be cached in the DNLC, how we 165 * perform zap lookups, and the "width" of our dirlocks. 166 * 167 * A normal dirlock locks a single name. Note that with 168 * normalization a name can be composed multiple ways, but 169 * when normalized, these names all compare equal. A wide 170 * dirlock locks multiple names. We need these when the file 171 * system is supporting mixed-mode access. It is sometimes 172 * necessary to lock all case permutations of file name at 173 * once so that simultaneous case-insensitive/case-sensitive 174 * behaves as rationally as possible. 175 */ 176 177 /* 178 * Decide if exact matches should be requested when performing 179 * a zap lookup on file systems supporting case-insensitive 180 * access. 181 */ 182 exact = 183 ((zfsvfs->z_case == ZFS_CASE_INSENSITIVE) && (flag & ZCIEXACT)) || 184 ((zfsvfs->z_case == ZFS_CASE_MIXED) && !(flag & ZCILOOK)); 185 186 /* 187 * Only look in or update the DNLC if we are looking for the 188 * name on a file system that does not require normalization 189 * or case folding. We can also look there if we happen to be 190 * on a non-normalizing, mixed sensitivity file system IF we 191 * are looking for the exact name. 192 * 193 * Maybe can add TO-UPPERed version of name to dnlc in ci-only 194 * case for performance improvement? 195 */ 196 update = !zfsvfs->z_norm || 197 ((zfsvfs->z_case == ZFS_CASE_MIXED) && 198 !(zfsvfs->z_norm & ~U8_TEXTPREP_TOUPPER) && !(flag & ZCILOOK)); 199 200 /* 201 * ZRENAMING indicates we are in a situation where we should 202 * take narrow locks regardless of the file system's 203 * preferences for normalizing and case folding. This will 204 * prevent us deadlocking trying to grab the same wide lock 205 * twice if the two names happen to be case-insensitive 206 * matches. 207 */ 208 if (flag & ZRENAMING) 209 cmpflags = 0; 210 else 211 cmpflags = zfsvfs->z_norm; 212 213 /* 214 * Wait until there are no locks on this name. 215 * 216 * Don't grab the the lock if it is already held. However, cannot 217 * have both ZSHARED and ZHAVELOCK together. 218 */ 219 ASSERT(!(flag & ZSHARED) || !(flag & ZHAVELOCK)); 220 if (!(flag & ZHAVELOCK)) 221 rw_enter(&dzp->z_name_lock, RW_READER); 222 223 mutex_enter(&dzp->z_lock); 224 for (;;) { 225 if (dzp->z_unlinked) { 226 mutex_exit(&dzp->z_lock); 227 if (!(flag & ZHAVELOCK)) 228 rw_exit(&dzp->z_name_lock); 229 return (SET_ERROR(ENOENT)); 230 } 231 for (dl = dzp->z_dirlocks; dl != NULL; dl = dl->dl_next) { 232 if ((u8_strcmp(name, dl->dl_name, 0, cmpflags, 233 U8_UNICODE_LATEST, &error) == 0) || error != 0) 234 break; 235 } 236 if (error != 0) { 237 mutex_exit(&dzp->z_lock); 238 if (!(flag & ZHAVELOCK)) 239 rw_exit(&dzp->z_name_lock); 240 return (SET_ERROR(ENOENT)); 241 } 242 if (dl == NULL) { 243 size_t namesize; 244 245 /* 246 * Allocate a new dirlock and add it to the list. 247 */ 248 namesize = strlen(name) + 1; 249 dl = kmem_alloc(sizeof (zfs_dirlock_t) + namesize, 250 KM_SLEEP); 251 cv_init(&dl->dl_cv, NULL, CV_DEFAULT, NULL); 252 dl->dl_name = (char *)(dl + 1); 253 bcopy(name, dl->dl_name, namesize); 254 dl->dl_sharecnt = 0; 255 dl->dl_namelock = 0; 256 dl->dl_namesize = namesize; 257 dl->dl_dzp = dzp; 258 dl->dl_next = dzp->z_dirlocks; 259 dzp->z_dirlocks = dl; 260 break; 261 } 262 if ((flag & ZSHARED) && dl->dl_sharecnt != 0) 263 break; 264 cv_wait(&dl->dl_cv, &dzp->z_lock); 265 } 266 267 /* 268 * If the z_name_lock was NOT held for this dirlock record it. 269 */ 270 if (flag & ZHAVELOCK) 271 dl->dl_namelock = 1; 272 273 if (flag & ZSHARED) 274 dl->dl_sharecnt++; 275 276 mutex_exit(&dzp->z_lock); 277 278 /* 279 * We have a dirlock on the name. (Note that it is the dirlock, 280 * not the dzp's z_lock, that protects the name in the zap object.) 281 * See if there's an object by this name; if so, put a hold on it. 282 */ 283 if (flag & ZXATTR) { 284 error = sa_lookup(dzp->z_sa_hdl, SA_ZPL_XATTR(zfsvfs), &zoid, 285 sizeof (zoid)); 286 if (error == 0) 287 error = (zoid == 0 ? ENOENT : 0); 288 } else { 289 if (update) 290 vp = dnlc_lookup(ZTOV(dzp), name); 291 if (vp == DNLC_NO_VNODE) { 292 VN_RELE(vp); 293 error = SET_ERROR(ENOENT); 294 } else if (vp) { 295 if (flag & ZNEW) { 296 zfs_dirent_unlock(dl); 297 VN_RELE(vp); 298 return (SET_ERROR(EEXIST)); 299 } 300 *dlpp = dl; 301 *zpp = VTOZ(vp); 302 return (0); 303 } else { 304 error = zfs_match_find(zfsvfs, dzp, name, exact, 305 update, direntflags, realpnp, &zoid); 306 } 307 } 308 if (error) { 309 if (error != ENOENT || (flag & ZEXISTS)) { 310 zfs_dirent_unlock(dl); 311 return (error); 312 } 313 } else { 314 if (flag & ZNEW) { 315 zfs_dirent_unlock(dl); 316 return (SET_ERROR(EEXIST)); 317 } 318 error = zfs_zget(zfsvfs, zoid, zpp); 319 if (error) { 320 zfs_dirent_unlock(dl); 321 return (error); 322 } 323 if (!(flag & ZXATTR) && update) 324 dnlc_update(ZTOV(dzp), name, ZTOV(*zpp)); 325 } 326 327 *dlpp = dl; 328 329 return (0); 330 } 331 332 /* 333 * Unlock this directory entry and wake anyone who was waiting for it. 334 */ 335 void 336 zfs_dirent_unlock(zfs_dirlock_t *dl) 337 { 338 znode_t *dzp = dl->dl_dzp; 339 zfs_dirlock_t **prev_dl, *cur_dl; 340 341 mutex_enter(&dzp->z_lock); 342 343 if (!dl->dl_namelock) 344 rw_exit(&dzp->z_name_lock); 345 346 if (dl->dl_sharecnt > 1) { 347 dl->dl_sharecnt--; 348 mutex_exit(&dzp->z_lock); 349 return; 350 } 351 prev_dl = &dzp->z_dirlocks; 352 while ((cur_dl = *prev_dl) != dl) 353 prev_dl = &cur_dl->dl_next; 354 *prev_dl = dl->dl_next; 355 cv_broadcast(&dl->dl_cv); 356 mutex_exit(&dzp->z_lock); 357 358 cv_destroy(&dl->dl_cv); 359 kmem_free(dl, sizeof (*dl) + dl->dl_namesize); 360 } 361 362 /* 363 * Look up an entry in a directory. 364 * 365 * NOTE: '.' and '..' are handled as special cases because 366 * no directory entries are actually stored for them. If this is 367 * the root of a filesystem, then '.zfs' is also treated as a 368 * special pseudo-directory. 369 */ 370 int 371 zfs_dirlook(znode_t *dzp, char *name, vnode_t **vpp, int flags, 372 int *deflg, pathname_t *rpnp) 373 { 374 zfs_dirlock_t *dl; 375 znode_t *zp; 376 int error = 0; 377 uint64_t parent; 378 int unlinked; 379 380 if (name[0] == 0 || (name[0] == '.' && name[1] == 0)) { 381 mutex_enter(&dzp->z_lock); 382 unlinked = dzp->z_unlinked; 383 mutex_exit(&dzp->z_lock); 384 if (unlinked) 385 return (ENOENT); 386 387 *vpp = ZTOV(dzp); 388 VN_HOLD(*vpp); 389 } else if (name[0] == '.' && name[1] == '.' && name[2] == 0) { 390 zfsvfs_t *zfsvfs = dzp->z_zfsvfs; 391 392 /* 393 * If we are a snapshot mounted under .zfs, return 394 * the vp for the snapshot directory. 395 */ 396 if ((error = sa_lookup(dzp->z_sa_hdl, 397 SA_ZPL_PARENT(zfsvfs), &parent, sizeof (parent))) != 0) 398 return (error); 399 if (parent == dzp->z_id && zfsvfs->z_parent != zfsvfs) { 400 error = zfsctl_root_lookup(zfsvfs->z_parent->z_ctldir, 401 "snapshot", vpp, NULL, 0, NULL, kcred, 402 NULL, NULL, NULL); 403 return (error); 404 } 405 406 mutex_enter(&dzp->z_lock); 407 unlinked = dzp->z_unlinked; 408 mutex_exit(&dzp->z_lock); 409 if (unlinked) 410 return (ENOENT); 411 412 rw_enter(&dzp->z_parent_lock, RW_READER); 413 error = zfs_zget(zfsvfs, parent, &zp); 414 if (error == 0) 415 *vpp = ZTOV(zp); 416 rw_exit(&dzp->z_parent_lock); 417 } else if (zfs_has_ctldir(dzp) && strcmp(name, ZFS_CTLDIR_NAME) == 0) { 418 *vpp = zfsctl_root(dzp); 419 } else { 420 int zf; 421 422 zf = ZEXISTS | ZSHARED; 423 if (flags & FIGNORECASE) 424 zf |= ZCILOOK; 425 426 error = zfs_dirent_lock(&dl, dzp, name, &zp, zf, deflg, rpnp); 427 if (error == 0) { 428 *vpp = ZTOV(zp); 429 zfs_dirent_unlock(dl); 430 dzp->z_zn_prefetch = B_TRUE; /* enable prefetching */ 431 } 432 rpnp = NULL; 433 } 434 435 if ((flags & FIGNORECASE) && rpnp && !error) 436 (void) strlcpy(rpnp->pn_buf, name, rpnp->pn_bufsize); 437 438 return (error); 439 } 440 441 /* 442 * unlinked Set (formerly known as the "delete queue") Error Handling 443 * 444 * When dealing with the unlinked set, we dmu_tx_hold_zap(), but we 445 * don't specify the name of the entry that we will be manipulating. We 446 * also fib and say that we won't be adding any new entries to the 447 * unlinked set, even though we might (this is to lower the minimum file 448 * size that can be deleted in a full filesystem). So on the small 449 * chance that the nlink list is using a fat zap (ie. has more than 450 * 2000 entries), we *may* not pre-read a block that's needed. 451 * Therefore it is remotely possible for some of the assertions 452 * regarding the unlinked set below to fail due to i/o error. On a 453 * nondebug system, this will result in the space being leaked. 454 */ 455 void 456 zfs_unlinked_add(znode_t *zp, dmu_tx_t *tx) 457 { 458 zfsvfs_t *zfsvfs = zp->z_zfsvfs; 459 460 ASSERT(zp->z_unlinked); 461 ASSERT(zp->z_links == 0); 462 463 VERIFY3U(0, ==, 464 zap_add_int(zfsvfs->z_os, zfsvfs->z_unlinkedobj, zp->z_id, tx)); 465 } 466 467 /* 468 * Clean up any znodes that had no links when we either crashed or 469 * (force) umounted the file system. 470 */ 471 void 472 zfs_unlinked_drain(zfsvfs_t *zfsvfs) 473 { 474 zap_cursor_t zc; 475 zap_attribute_t zap; 476 dmu_object_info_t doi; 477 znode_t *zp; 478 int error; 479 480 /* 481 * Interate over the contents of the unlinked set. 482 */ 483 for (zap_cursor_init(&zc, zfsvfs->z_os, zfsvfs->z_unlinkedobj); 484 zap_cursor_retrieve(&zc, &zap) == 0; 485 zap_cursor_advance(&zc)) { 486 487 /* 488 * See what kind of object we have in list 489 */ 490 491 error = dmu_object_info(zfsvfs->z_os, 492 zap.za_first_integer, &doi); 493 if (error != 0) 494 continue; 495 496 ASSERT((doi.doi_type == DMU_OT_PLAIN_FILE_CONTENTS) || 497 (doi.doi_type == DMU_OT_DIRECTORY_CONTENTS)); 498 /* 499 * We need to re-mark these list entries for deletion, 500 * so we pull them back into core and set zp->z_unlinked. 501 */ 502 error = zfs_zget(zfsvfs, zap.za_first_integer, &zp); 503 504 /* 505 * We may pick up znodes that are already marked for deletion. 506 * This could happen during the purge of an extended attribute 507 * directory. All we need to do is skip over them, since they 508 * are already in the system marked z_unlinked. 509 */ 510 if (error != 0) 511 continue; 512 513 zp->z_unlinked = B_TRUE; 514 VN_RELE(ZTOV(zp)); 515 } 516 zap_cursor_fini(&zc); 517 } 518 519 /* 520 * Delete the entire contents of a directory. Return a count 521 * of the number of entries that could not be deleted. If we encounter 522 * an error, return a count of at least one so that the directory stays 523 * in the unlinked set. 524 * 525 * NOTE: this function assumes that the directory is inactive, 526 * so there is no need to lock its entries before deletion. 527 * Also, it assumes the directory contents is *only* regular 528 * files. 529 */ 530 static int 531 zfs_purgedir(znode_t *dzp) 532 { 533 zap_cursor_t zc; 534 zap_attribute_t zap; 535 znode_t *xzp; 536 dmu_tx_t *tx; 537 zfsvfs_t *zfsvfs = dzp->z_zfsvfs; 538 zfs_dirlock_t dl; 539 int skipped = 0; 540 int error; 541 542 for (zap_cursor_init(&zc, zfsvfs->z_os, dzp->z_id); 543 (error = zap_cursor_retrieve(&zc, &zap)) == 0; 544 zap_cursor_advance(&zc)) { 545 error = zfs_zget(zfsvfs, 546 ZFS_DIRENT_OBJ(zap.za_first_integer), &xzp); 547 if (error) { 548 skipped += 1; 549 continue; 550 } 551 552 ASSERT((ZTOV(xzp)->v_type == VREG) || 553 (ZTOV(xzp)->v_type == VLNK)); 554 555 tx = dmu_tx_create(zfsvfs->z_os); 556 dmu_tx_hold_sa(tx, dzp->z_sa_hdl, B_FALSE); 557 dmu_tx_hold_zap(tx, dzp->z_id, FALSE, zap.za_name); 558 dmu_tx_hold_sa(tx, xzp->z_sa_hdl, B_FALSE); 559 dmu_tx_hold_zap(tx, zfsvfs->z_unlinkedobj, FALSE, NULL); 560 /* Is this really needed ? */ 561 zfs_sa_upgrade_txholds(tx, xzp); 562 error = dmu_tx_assign(tx, TXG_WAIT); 563 if (error) { 564 dmu_tx_abort(tx); 565 VN_RELE(ZTOV(xzp)); 566 skipped += 1; 567 continue; 568 } 569 bzero(&dl, sizeof (dl)); 570 dl.dl_dzp = dzp; 571 dl.dl_name = zap.za_name; 572 573 error = zfs_link_destroy(&dl, xzp, tx, 0, NULL); 574 if (error) 575 skipped += 1; 576 dmu_tx_commit(tx); 577 578 VN_RELE(ZTOV(xzp)); 579 } 580 zap_cursor_fini(&zc); 581 if (error != ENOENT) 582 skipped += 1; 583 return (skipped); 584 } 585 586 void 587 zfs_rmnode(znode_t *zp) 588 { 589 zfsvfs_t *zfsvfs = zp->z_zfsvfs; 590 objset_t *os = zfsvfs->z_os; 591 znode_t *xzp = NULL; 592 dmu_tx_t *tx; 593 uint64_t acl_obj; 594 uint64_t xattr_obj; 595 int error; 596 597 ASSERT(zp->z_links == 0); 598 599 /* 600 * If this is an attribute directory, purge its contents. 601 */ 602 if (ZTOV(zp) != NULL && ZTOV(zp)->v_type == VDIR && 603 (zp->z_pflags & ZFS_XATTR)) { 604 if (zfs_purgedir(zp) != 0) { 605 /* 606 * Not enough space to delete some xattrs. 607 * Leave it in the unlinked set. 608 */ 609 zfs_znode_dmu_fini(zp); 610 zfs_znode_free(zp); 611 return; 612 } 613 } 614 615 /* 616 * Free up all the data in the file. 617 */ 618 error = dmu_free_long_range(os, zp->z_id, 0, DMU_OBJECT_END); 619 if (error) { 620 /* 621 * Not enough space. Leave the file in the unlinked set. 622 */ 623 zfs_znode_dmu_fini(zp); 624 zfs_znode_free(zp); 625 return; 626 } 627 628 /* 629 * If the file has extended attributes, we're going to unlink 630 * the xattr dir. 631 */ 632 error = sa_lookup(zp->z_sa_hdl, SA_ZPL_XATTR(zfsvfs), 633 &xattr_obj, sizeof (xattr_obj)); 634 if (error == 0 && xattr_obj) { 635 error = zfs_zget(zfsvfs, xattr_obj, &xzp); 636 ASSERT(error == 0); 637 } 638 639 acl_obj = zfs_external_acl(zp); 640 641 /* 642 * Set up the final transaction. 643 */ 644 tx = dmu_tx_create(os); 645 dmu_tx_hold_free(tx, zp->z_id, 0, DMU_OBJECT_END); 646 dmu_tx_hold_zap(tx, zfsvfs->z_unlinkedobj, FALSE, NULL); 647 if (xzp) { 648 dmu_tx_hold_zap(tx, zfsvfs->z_unlinkedobj, TRUE, NULL); 649 dmu_tx_hold_sa(tx, xzp->z_sa_hdl, B_FALSE); 650 } 651 if (acl_obj) 652 dmu_tx_hold_free(tx, acl_obj, 0, DMU_OBJECT_END); 653 654 zfs_sa_upgrade_txholds(tx, zp); 655 error = dmu_tx_assign(tx, TXG_WAIT); 656 if (error) { 657 /* 658 * Not enough space to delete the file. Leave it in the 659 * unlinked set, leaking it until the fs is remounted (at 660 * which point we'll call zfs_unlinked_drain() to process it). 661 */ 662 dmu_tx_abort(tx); 663 zfs_znode_dmu_fini(zp); 664 zfs_znode_free(zp); 665 goto out; 666 } 667 668 if (xzp) { 669 ASSERT(error == 0); 670 mutex_enter(&xzp->z_lock); 671 xzp->z_unlinked = B_TRUE; /* mark xzp for deletion */ 672 xzp->z_links = 0; /* no more links to it */ 673 VERIFY(0 == sa_update(xzp->z_sa_hdl, SA_ZPL_LINKS(zfsvfs), 674 &xzp->z_links, sizeof (xzp->z_links), tx)); 675 mutex_exit(&xzp->z_lock); 676 zfs_unlinked_add(xzp, tx); 677 } 678 679 /* Remove this znode from the unlinked set */ 680 VERIFY3U(0, ==, 681 zap_remove_int(zfsvfs->z_os, zfsvfs->z_unlinkedobj, zp->z_id, tx)); 682 683 zfs_znode_delete(zp, tx); 684 685 dmu_tx_commit(tx); 686 out: 687 if (xzp) 688 VN_RELE(ZTOV(xzp)); 689 } 690 691 static uint64_t 692 zfs_dirent(znode_t *zp, uint64_t mode) 693 { 694 uint64_t de = zp->z_id; 695 696 if (zp->z_zfsvfs->z_version >= ZPL_VERSION_DIRENT_TYPE) 697 de |= IFTODT(mode) << 60; 698 return (de); 699 } 700 701 /* 702 * Link zp into dl. Can only fail if zp has been unlinked. 703 */ 704 int 705 zfs_link_create(zfs_dirlock_t *dl, znode_t *zp, dmu_tx_t *tx, int flag) 706 { 707 znode_t *dzp = dl->dl_dzp; 708 zfsvfs_t *zfsvfs = zp->z_zfsvfs; 709 vnode_t *vp = ZTOV(zp); 710 uint64_t value; 711 int zp_is_dir = (vp->v_type == VDIR); 712 sa_bulk_attr_t bulk[5]; 713 uint64_t mtime[2], ctime[2]; 714 int count = 0; 715 int error; 716 717 mutex_enter(&zp->z_lock); 718 719 if (!(flag & ZRENAMING)) { 720 if (zp->z_unlinked) { /* no new links to unlinked zp */ 721 ASSERT(!(flag & (ZNEW | ZEXISTS))); 722 mutex_exit(&zp->z_lock); 723 return (SET_ERROR(ENOENT)); 724 } 725 zp->z_links++; 726 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_LINKS(zfsvfs), NULL, 727 &zp->z_links, sizeof (zp->z_links)); 728 729 } 730 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_PARENT(zfsvfs), NULL, 731 &dzp->z_id, sizeof (dzp->z_id)); 732 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_FLAGS(zfsvfs), NULL, 733 &zp->z_pflags, sizeof (zp->z_pflags)); 734 735 if (!(flag & ZNEW)) { 736 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL, 737 ctime, sizeof (ctime)); 738 zfs_tstamp_update_setup(zp, STATE_CHANGED, mtime, 739 ctime, B_TRUE); 740 } 741 error = sa_bulk_update(zp->z_sa_hdl, bulk, count, tx); 742 ASSERT(error == 0); 743 744 mutex_exit(&zp->z_lock); 745 746 mutex_enter(&dzp->z_lock); 747 dzp->z_size++; 748 dzp->z_links += zp_is_dir; 749 count = 0; 750 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_SIZE(zfsvfs), NULL, 751 &dzp->z_size, sizeof (dzp->z_size)); 752 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_LINKS(zfsvfs), NULL, 753 &dzp->z_links, sizeof (dzp->z_links)); 754 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MTIME(zfsvfs), NULL, 755 mtime, sizeof (mtime)); 756 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL, 757 ctime, sizeof (ctime)); 758 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_FLAGS(zfsvfs), NULL, 759 &dzp->z_pflags, sizeof (dzp->z_pflags)); 760 zfs_tstamp_update_setup(dzp, CONTENT_MODIFIED, mtime, ctime, B_TRUE); 761 error = sa_bulk_update(dzp->z_sa_hdl, bulk, count, tx); 762 ASSERT(error == 0); 763 mutex_exit(&dzp->z_lock); 764 765 value = zfs_dirent(zp, zp->z_mode); 766 error = zap_add(zp->z_zfsvfs->z_os, dzp->z_id, dl->dl_name, 767 8, 1, &value, tx); 768 ASSERT(error == 0); 769 770 dnlc_update(ZTOV(dzp), dl->dl_name, vp); 771 772 return (0); 773 } 774 775 static int 776 zfs_dropname(zfs_dirlock_t *dl, znode_t *zp, znode_t *dzp, dmu_tx_t *tx, 777 int flag) 778 { 779 int error; 780 781 if (zp->z_zfsvfs->z_norm) { 782 if (((zp->z_zfsvfs->z_case == ZFS_CASE_INSENSITIVE) && 783 (flag & ZCIEXACT)) || 784 ((zp->z_zfsvfs->z_case == ZFS_CASE_MIXED) && 785 !(flag & ZCILOOK))) 786 error = zap_remove_norm(zp->z_zfsvfs->z_os, 787 dzp->z_id, dl->dl_name, MT_EXACT, tx); 788 else 789 error = zap_remove_norm(zp->z_zfsvfs->z_os, 790 dzp->z_id, dl->dl_name, MT_FIRST, tx); 791 } else { 792 error = zap_remove(zp->z_zfsvfs->z_os, 793 dzp->z_id, dl->dl_name, tx); 794 } 795 796 return (error); 797 } 798 799 /* 800 * Unlink zp from dl, and mark zp for deletion if this was the last link. 801 * Can fail if zp is a mount point (EBUSY) or a non-empty directory (EEXIST). 802 * If 'unlinkedp' is NULL, we put unlinked znodes on the unlinked list. 803 * If it's non-NULL, we use it to indicate whether the znode needs deletion, 804 * and it's the caller's job to do it. 805 */ 806 int 807 zfs_link_destroy(zfs_dirlock_t *dl, znode_t *zp, dmu_tx_t *tx, int flag, 808 boolean_t *unlinkedp) 809 { 810 znode_t *dzp = dl->dl_dzp; 811 zfsvfs_t *zfsvfs = dzp->z_zfsvfs; 812 vnode_t *vp = ZTOV(zp); 813 int zp_is_dir = (vp->v_type == VDIR); 814 boolean_t unlinked = B_FALSE; 815 sa_bulk_attr_t bulk[5]; 816 uint64_t mtime[2], ctime[2]; 817 int count = 0; 818 int error; 819 820 dnlc_remove(ZTOV(dzp), dl->dl_name); 821 822 if (!(flag & ZRENAMING)) { 823 if (vn_vfswlock(vp)) /* prevent new mounts on zp */ 824 return (SET_ERROR(EBUSY)); 825 826 if (vn_ismntpt(vp)) { /* don't remove mount point */ 827 vn_vfsunlock(vp); 828 return (SET_ERROR(EBUSY)); 829 } 830 831 mutex_enter(&zp->z_lock); 832 833 if (zp_is_dir && !zfs_dirempty(zp)) { 834 mutex_exit(&zp->z_lock); 835 vn_vfsunlock(vp); 836 #ifdef illumos 837 return (SET_ERROR(EEXIST)); 838 #else 839 return (SET_ERROR(ENOTEMPTY)); 840 #endif 841 } 842 843 /* 844 * If we get here, we are going to try to remove the object. 845 * First try removing the name from the directory; if that 846 * fails, return the error. 847 */ 848 error = zfs_dropname(dl, zp, dzp, tx, flag); 849 if (error != 0) { 850 mutex_exit(&zp->z_lock); 851 vn_vfsunlock(vp); 852 return (error); 853 } 854 855 if (zp->z_links <= zp_is_dir) { 856 zfs_panic_recover("zfs: link count on vnode %p is %u, " 857 "should be at least %u", zp->z_vnode, 858 (int)zp->z_links, 859 zp_is_dir + 1); 860 zp->z_links = zp_is_dir + 1; 861 } 862 if (--zp->z_links == zp_is_dir) { 863 zp->z_unlinked = B_TRUE; 864 zp->z_links = 0; 865 unlinked = B_TRUE; 866 } else { 867 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), 868 NULL, &ctime, sizeof (ctime)); 869 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_FLAGS(zfsvfs), 870 NULL, &zp->z_pflags, sizeof (zp->z_pflags)); 871 zfs_tstamp_update_setup(zp, STATE_CHANGED, mtime, ctime, 872 B_TRUE); 873 } 874 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_LINKS(zfsvfs), 875 NULL, &zp->z_links, sizeof (zp->z_links)); 876 error = sa_bulk_update(zp->z_sa_hdl, bulk, count, tx); 877 count = 0; 878 ASSERT(error == 0); 879 mutex_exit(&zp->z_lock); 880 vn_vfsunlock(vp); 881 } else { 882 error = zfs_dropname(dl, zp, dzp, tx, flag); 883 if (error != 0) 884 return (error); 885 } 886 887 mutex_enter(&dzp->z_lock); 888 dzp->z_size--; /* one dirent removed */ 889 dzp->z_links -= zp_is_dir; /* ".." link from zp */ 890 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_LINKS(zfsvfs), 891 NULL, &dzp->z_links, sizeof (dzp->z_links)); 892 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_SIZE(zfsvfs), 893 NULL, &dzp->z_size, sizeof (dzp->z_size)); 894 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), 895 NULL, ctime, sizeof (ctime)); 896 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MTIME(zfsvfs), 897 NULL, mtime, sizeof (mtime)); 898 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_FLAGS(zfsvfs), 899 NULL, &dzp->z_pflags, sizeof (dzp->z_pflags)); 900 zfs_tstamp_update_setup(dzp, CONTENT_MODIFIED, mtime, ctime, B_TRUE); 901 error = sa_bulk_update(dzp->z_sa_hdl, bulk, count, tx); 902 ASSERT(error == 0); 903 mutex_exit(&dzp->z_lock); 904 905 if (unlinkedp != NULL) 906 *unlinkedp = unlinked; 907 else if (unlinked) 908 zfs_unlinked_add(zp, tx); 909 910 return (0); 911 } 912 913 /* 914 * Indicate whether the directory is empty. Works with or without z_lock 915 * held, but can only be consider a hint in the latter case. Returns true 916 * if only "." and ".." remain and there's no work in progress. 917 */ 918 boolean_t 919 zfs_dirempty(znode_t *dzp) 920 { 921 return (dzp->z_size == 2 && dzp->z_dirlocks == 0); 922 } 923 924 int 925 zfs_make_xattrdir(znode_t *zp, vattr_t *vap, vnode_t **xvpp, cred_t *cr) 926 { 927 zfsvfs_t *zfsvfs = zp->z_zfsvfs; 928 znode_t *xzp; 929 dmu_tx_t *tx; 930 int error; 931 zfs_acl_ids_t acl_ids; 932 boolean_t fuid_dirtied; 933 uint64_t parent; 934 935 *xvpp = NULL; 936 937 /* 938 * In FreeBSD, access checking for creating an EA is being done 939 * in zfs_setextattr(), 940 */ 941 #ifndef __FreeBSD__ 942 if (error = zfs_zaccess(zp, ACE_WRITE_NAMED_ATTRS, 0, B_FALSE, cr)) 943 return (error); 944 #endif 945 946 if ((error = zfs_acl_ids_create(zp, IS_XATTR, vap, cr, NULL, 947 &acl_ids)) != 0) 948 return (error); 949 if (zfs_acl_ids_overquota(zfsvfs, &acl_ids)) { 950 zfs_acl_ids_free(&acl_ids); 951 return (SET_ERROR(EDQUOT)); 952 } 953 954 getnewvnode_reserve(1); 955 956 tx = dmu_tx_create(zfsvfs->z_os); 957 dmu_tx_hold_sa_create(tx, acl_ids.z_aclp->z_acl_bytes + 958 ZFS_SA_BASE_ATTR_SIZE); 959 dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_TRUE); 960 dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL); 961 fuid_dirtied = zfsvfs->z_fuid_dirty; 962 if (fuid_dirtied) 963 zfs_fuid_txhold(zfsvfs, tx); 964 error = dmu_tx_assign(tx, TXG_WAIT); 965 if (error) { 966 zfs_acl_ids_free(&acl_ids); 967 dmu_tx_abort(tx); 968 return (error); 969 } 970 zfs_mknode(zp, vap, tx, cr, IS_XATTR, &xzp, &acl_ids); 971 972 if (fuid_dirtied) 973 zfs_fuid_sync(zfsvfs, tx); 974 975 #ifdef DEBUG 976 error = sa_lookup(xzp->z_sa_hdl, SA_ZPL_PARENT(zfsvfs), 977 &parent, sizeof (parent)); 978 ASSERT(error == 0 && parent == zp->z_id); 979 #endif 980 981 VERIFY(0 == sa_update(zp->z_sa_hdl, SA_ZPL_XATTR(zfsvfs), &xzp->z_id, 982 sizeof (xzp->z_id), tx)); 983 984 (void) zfs_log_create(zfsvfs->z_log, tx, TX_MKXATTR, zp, 985 xzp, "", NULL, acl_ids.z_fuidp, vap); 986 987 zfs_acl_ids_free(&acl_ids); 988 dmu_tx_commit(tx); 989 990 getnewvnode_drop_reserve(); 991 992 *xvpp = ZTOV(xzp); 993 994 return (0); 995 } 996 997 /* 998 * Return a znode for the extended attribute directory for zp. 999 * ** If the directory does not already exist, it is created ** 1000 * 1001 * IN: zp - znode to obtain attribute directory from 1002 * cr - credentials of caller 1003 * flags - flags from the VOP_LOOKUP call 1004 * 1005 * OUT: xzpp - pointer to extended attribute znode 1006 * 1007 * RETURN: 0 on success 1008 * error number on failure 1009 */ 1010 int 1011 zfs_get_xattrdir(znode_t *zp, vnode_t **xvpp, cred_t *cr, int flags) 1012 { 1013 zfsvfs_t *zfsvfs = zp->z_zfsvfs; 1014 znode_t *xzp; 1015 zfs_dirlock_t *dl; 1016 vattr_t va; 1017 int error; 1018 top: 1019 error = zfs_dirent_lock(&dl, zp, "", &xzp, ZXATTR, NULL, NULL); 1020 if (error) 1021 return (error); 1022 1023 if (xzp != NULL) { 1024 *xvpp = ZTOV(xzp); 1025 zfs_dirent_unlock(dl); 1026 return (0); 1027 } 1028 1029 1030 if (!(flags & CREATE_XATTR_DIR)) { 1031 zfs_dirent_unlock(dl); 1032 #ifdef illumos 1033 return (SET_ERROR(ENOENT)); 1034 #else 1035 return (SET_ERROR(ENOATTR)); 1036 #endif 1037 } 1038 1039 if (zfsvfs->z_vfs->vfs_flag & VFS_RDONLY) { 1040 zfs_dirent_unlock(dl); 1041 return (SET_ERROR(EROFS)); 1042 } 1043 1044 /* 1045 * The ability to 'create' files in an attribute 1046 * directory comes from the write_xattr permission on the base file. 1047 * 1048 * The ability to 'search' an attribute directory requires 1049 * read_xattr permission on the base file. 1050 * 1051 * Once in a directory the ability to read/write attributes 1052 * is controlled by the permissions on the attribute file. 1053 */ 1054 va.va_mask = AT_TYPE | AT_MODE | AT_UID | AT_GID; 1055 va.va_type = VDIR; 1056 va.va_mode = S_IFDIR | S_ISVTX | 0777; 1057 zfs_fuid_map_ids(zp, cr, &va.va_uid, &va.va_gid); 1058 1059 error = zfs_make_xattrdir(zp, &va, xvpp, cr); 1060 zfs_dirent_unlock(dl); 1061 1062 if (error == ERESTART) { 1063 /* NB: we already did dmu_tx_wait() if necessary */ 1064 goto top; 1065 } 1066 if (error == 0) 1067 VOP_UNLOCK(*xvpp, 0); 1068 1069 return (error); 1070 } 1071 1072 /* 1073 * Decide whether it is okay to remove within a sticky directory. 1074 * 1075 * In sticky directories, write access is not sufficient; 1076 * you can remove entries from a directory only if: 1077 * 1078 * you own the directory, 1079 * you own the entry, 1080 * the entry is a plain file and you have write access, 1081 * or you are privileged (checked in secpolicy...). 1082 * 1083 * The function returns 0 if remove access is granted. 1084 */ 1085 int 1086 zfs_sticky_remove_access(znode_t *zdp, znode_t *zp, cred_t *cr) 1087 { 1088 uid_t uid; 1089 uid_t downer; 1090 uid_t fowner; 1091 zfsvfs_t *zfsvfs = zdp->z_zfsvfs; 1092 1093 if (zdp->z_zfsvfs->z_replay) 1094 return (0); 1095 1096 if ((zdp->z_mode & S_ISVTX) == 0) 1097 return (0); 1098 1099 downer = zfs_fuid_map_id(zfsvfs, zdp->z_uid, cr, ZFS_OWNER); 1100 fowner = zfs_fuid_map_id(zfsvfs, zp->z_uid, cr, ZFS_OWNER); 1101 1102 if ((uid = crgetuid(cr)) == downer || uid == fowner || 1103 (ZTOV(zp)->v_type == VREG && 1104 zfs_zaccess(zp, ACE_WRITE_DATA, 0, B_FALSE, cr) == 0)) 1105 return (0); 1106 else 1107 return (secpolicy_vnode_remove(ZTOV(zp), cr)); 1108 }
Cache object: af2a52a2fe69a1d554276cc60278aa86
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]