1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright (c) 2013 by Delphix. All rights reserved.
24 */
25
26 #include <sys/types.h>
27 #include <sys/param.h>
28 #include <sys/time.h>
29 #include <sys/systm.h>
30 #include <sys/sysmacros.h>
31 #include <sys/resource.h>
32 #include <sys/vfs.h>
33 #include <sys/vnode.h>
34 #include <sys/file.h>
35 #include <sys/kmem.h>
36 #include <sys/uio.h>
37 #include <sys/cmn_err.h>
38 #include <sys/errno.h>
39 #include <sys/stat.h>
40 #include <sys/unistd.h>
41 #include <sys/sunddi.h>
42 #include <sys/random.h>
43 #include <sys/policy.h>
44 #include <sys/kcondvar.h>
45 #include <sys/callb.h>
46 #include <sys/smp.h>
47 #include <sys/zfs_dir.h>
48 #include <sys/zfs_acl.h>
49 #include <sys/fs/zfs.h>
50 #include <sys/zap.h>
51 #include <sys/dmu.h>
52 #include <sys/atomic.h>
53 #include <sys/zfs_ctldir.h>
54 #include <sys/zfs_fuid.h>
55 #include <sys/sa.h>
56 #include <sys/zfs_sa.h>
57 #include <sys/dnlc.h>
58 #include <sys/extdirent.h>
59
60 /*
61 * zfs_match_find() is used by zfs_dirent_lock() to peform zap lookups
62 * of names after deciding which is the appropriate lookup interface.
63 */
64 static int
65 zfs_match_find(zfsvfs_t *zfsvfs, znode_t *dzp, char *name, boolean_t exact,
66 boolean_t update, int *deflags, pathname_t *rpnp, uint64_t *zoid)
67 {
68 int error;
69
70 if (zfsvfs->z_norm) {
71 matchtype_t mt = MT_FIRST;
72 boolean_t conflict = B_FALSE;
73 size_t bufsz = 0;
74 char *buf = NULL;
75
76 if (rpnp) {
77 buf = rpnp->pn_buf;
78 bufsz = rpnp->pn_bufsize;
79 }
80 if (exact)
81 mt = MT_EXACT;
82 /*
83 * In the non-mixed case we only expect there would ever
84 * be one match, but we need to use the normalizing lookup.
85 */
86 error = zap_lookup_norm(zfsvfs->z_os, dzp->z_id, name, 8, 1,
87 zoid, mt, buf, bufsz, &conflict);
88 if (!error && deflags)
89 *deflags = conflict ? ED_CASE_CONFLICT : 0;
90 } else {
91 error = zap_lookup(zfsvfs->z_os, dzp->z_id, name, 8, 1, zoid);
92 }
93 *zoid = ZFS_DIRENT_OBJ(*zoid);
94
95 if (error == ENOENT && update)
96 dnlc_update(ZTOV(dzp), name, DNLC_NO_VNODE);
97
98 return (error);
99 }
100
101 /*
102 * Lock a directory entry. A dirlock on <dzp, name> protects that name
103 * in dzp's directory zap object. As long as you hold a dirlock, you can
104 * assume two things: (1) dzp cannot be reaped, and (2) no other thread
105 * can change the zap entry for (i.e. link or unlink) this name.
106 *
107 * Input arguments:
108 * dzp - znode for directory
109 * name - name of entry to lock
110 * flag - ZNEW: if the entry already exists, fail with EEXIST.
111 * ZEXISTS: if the entry does not exist, fail with ENOENT.
112 * ZSHARED: allow concurrent access with other ZSHARED callers.
113 * ZXATTR: we want dzp's xattr directory
114 * ZCILOOK: On a mixed sensitivity file system,
115 * this lookup should be case-insensitive.
116 * ZCIEXACT: On a purely case-insensitive file system,
117 * this lookup should be case-sensitive.
118 * ZRENAMING: we are locking for renaming, force narrow locks
119 * ZHAVELOCK: Don't grab the z_name_lock for this call. The
120 * current thread already holds it.
121 *
122 * Output arguments:
123 * zpp - pointer to the znode for the entry (NULL if there isn't one)
124 * dlpp - pointer to the dirlock for this entry (NULL on error)
125 * direntflags - (case-insensitive lookup only)
126 * flags if multiple case-sensitive matches exist in directory
127 * realpnp - (case-insensitive lookup only)
128 * actual name matched within the directory
129 *
130 * Return value: 0 on success or errno on failure.
131 *
132 * NOTE: Always checks for, and rejects, '.' and '..'.
133 * NOTE: For case-insensitive file systems we take wide locks (see below),
134 * but return znode pointers to a single match.
135 */
136 int
137 zfs_dirent_lock(zfs_dirlock_t **dlpp, znode_t *dzp, char *name, znode_t **zpp,
138 int flag, int *direntflags, pathname_t *realpnp)
139 {
140 zfsvfs_t *zfsvfs = dzp->z_zfsvfs;
141 zfs_dirlock_t *dl;
142 boolean_t update;
143 boolean_t exact;
144 uint64_t zoid;
145 vnode_t *vp = NULL;
146 int error = 0;
147 int cmpflags;
148
149 *zpp = NULL;
150 *dlpp = NULL;
151
152 /*
153 * Verify that we are not trying to lock '.', '..', or '.zfs'
154 */
155 if (name[0] == '.' &&
156 (name[1] == '\0' || (name[1] == '.' && name[2] == '\0')) ||
157 zfs_has_ctldir(dzp) && strcmp(name, ZFS_CTLDIR_NAME) == 0)
158 return (SET_ERROR(EEXIST));
159
160 /*
161 * Case sensitivity and normalization preferences are set when
162 * the file system is created. These are stored in the
163 * zfsvfs->z_case and zfsvfs->z_norm fields. These choices
164 * affect what vnodes can be cached in the DNLC, how we
165 * perform zap lookups, and the "width" of our dirlocks.
166 *
167 * A normal dirlock locks a single name. Note that with
168 * normalization a name can be composed multiple ways, but
169 * when normalized, these names all compare equal. A wide
170 * dirlock locks multiple names. We need these when the file
171 * system is supporting mixed-mode access. It is sometimes
172 * necessary to lock all case permutations of file name at
173 * once so that simultaneous case-insensitive/case-sensitive
174 * behaves as rationally as possible.
175 */
176
177 /*
178 * Decide if exact matches should be requested when performing
179 * a zap lookup on file systems supporting case-insensitive
180 * access.
181 */
182 exact =
183 ((zfsvfs->z_case == ZFS_CASE_INSENSITIVE) && (flag & ZCIEXACT)) ||
184 ((zfsvfs->z_case == ZFS_CASE_MIXED) && !(flag & ZCILOOK));
185
186 /*
187 * Only look in or update the DNLC if we are looking for the
188 * name on a file system that does not require normalization
189 * or case folding. We can also look there if we happen to be
190 * on a non-normalizing, mixed sensitivity file system IF we
191 * are looking for the exact name.
192 *
193 * Maybe can add TO-UPPERed version of name to dnlc in ci-only
194 * case for performance improvement?
195 */
196 update = !zfsvfs->z_norm ||
197 ((zfsvfs->z_case == ZFS_CASE_MIXED) &&
198 !(zfsvfs->z_norm & ~U8_TEXTPREP_TOUPPER) && !(flag & ZCILOOK));
199
200 /*
201 * ZRENAMING indicates we are in a situation where we should
202 * take narrow locks regardless of the file system's
203 * preferences for normalizing and case folding. This will
204 * prevent us deadlocking trying to grab the same wide lock
205 * twice if the two names happen to be case-insensitive
206 * matches.
207 */
208 if (flag & ZRENAMING)
209 cmpflags = 0;
210 else
211 cmpflags = zfsvfs->z_norm;
212
213 /*
214 * Wait until there are no locks on this name.
215 *
216 * Don't grab the the lock if it is already held. However, cannot
217 * have both ZSHARED and ZHAVELOCK together.
218 */
219 ASSERT(!(flag & ZSHARED) || !(flag & ZHAVELOCK));
220 if (!(flag & ZHAVELOCK))
221 rw_enter(&dzp->z_name_lock, RW_READER);
222
223 mutex_enter(&dzp->z_lock);
224 for (;;) {
225 if (dzp->z_unlinked) {
226 mutex_exit(&dzp->z_lock);
227 if (!(flag & ZHAVELOCK))
228 rw_exit(&dzp->z_name_lock);
229 return (SET_ERROR(ENOENT));
230 }
231 for (dl = dzp->z_dirlocks; dl != NULL; dl = dl->dl_next) {
232 if ((u8_strcmp(name, dl->dl_name, 0, cmpflags,
233 U8_UNICODE_LATEST, &error) == 0) || error != 0)
234 break;
235 }
236 if (error != 0) {
237 mutex_exit(&dzp->z_lock);
238 if (!(flag & ZHAVELOCK))
239 rw_exit(&dzp->z_name_lock);
240 return (SET_ERROR(ENOENT));
241 }
242 if (dl == NULL) {
243 size_t namesize;
244
245 /*
246 * Allocate a new dirlock and add it to the list.
247 */
248 namesize = strlen(name) + 1;
249 dl = kmem_alloc(sizeof (zfs_dirlock_t) + namesize,
250 KM_SLEEP);
251 cv_init(&dl->dl_cv, NULL, CV_DEFAULT, NULL);
252 dl->dl_name = (char *)(dl + 1);
253 bcopy(name, dl->dl_name, namesize);
254 dl->dl_sharecnt = 0;
255 dl->dl_namelock = 0;
256 dl->dl_namesize = namesize;
257 dl->dl_dzp = dzp;
258 dl->dl_next = dzp->z_dirlocks;
259 dzp->z_dirlocks = dl;
260 break;
261 }
262 if ((flag & ZSHARED) && dl->dl_sharecnt != 0)
263 break;
264 cv_wait(&dl->dl_cv, &dzp->z_lock);
265 }
266
267 /*
268 * If the z_name_lock was NOT held for this dirlock record it.
269 */
270 if (flag & ZHAVELOCK)
271 dl->dl_namelock = 1;
272
273 if (flag & ZSHARED)
274 dl->dl_sharecnt++;
275
276 mutex_exit(&dzp->z_lock);
277
278 /*
279 * We have a dirlock on the name. (Note that it is the dirlock,
280 * not the dzp's z_lock, that protects the name in the zap object.)
281 * See if there's an object by this name; if so, put a hold on it.
282 */
283 if (flag & ZXATTR) {
284 error = sa_lookup(dzp->z_sa_hdl, SA_ZPL_XATTR(zfsvfs), &zoid,
285 sizeof (zoid));
286 if (error == 0)
287 error = (zoid == 0 ? ENOENT : 0);
288 } else {
289 if (update)
290 vp = dnlc_lookup(ZTOV(dzp), name);
291 if (vp == DNLC_NO_VNODE) {
292 VN_RELE(vp);
293 error = SET_ERROR(ENOENT);
294 } else if (vp) {
295 if (flag & ZNEW) {
296 zfs_dirent_unlock(dl);
297 VN_RELE(vp);
298 return (SET_ERROR(EEXIST));
299 }
300 *dlpp = dl;
301 *zpp = VTOZ(vp);
302 return (0);
303 } else {
304 error = zfs_match_find(zfsvfs, dzp, name, exact,
305 update, direntflags, realpnp, &zoid);
306 }
307 }
308 if (error) {
309 if (error != ENOENT || (flag & ZEXISTS)) {
310 zfs_dirent_unlock(dl);
311 return (error);
312 }
313 } else {
314 if (flag & ZNEW) {
315 zfs_dirent_unlock(dl);
316 return (SET_ERROR(EEXIST));
317 }
318 error = zfs_zget(zfsvfs, zoid, zpp);
319 if (error) {
320 zfs_dirent_unlock(dl);
321 return (error);
322 }
323 if (!(flag & ZXATTR) && update)
324 dnlc_update(ZTOV(dzp), name, ZTOV(*zpp));
325 }
326
327 *dlpp = dl;
328
329 return (0);
330 }
331
332 /*
333 * Unlock this directory entry and wake anyone who was waiting for it.
334 */
335 void
336 zfs_dirent_unlock(zfs_dirlock_t *dl)
337 {
338 znode_t *dzp = dl->dl_dzp;
339 zfs_dirlock_t **prev_dl, *cur_dl;
340
341 mutex_enter(&dzp->z_lock);
342
343 if (!dl->dl_namelock)
344 rw_exit(&dzp->z_name_lock);
345
346 if (dl->dl_sharecnt > 1) {
347 dl->dl_sharecnt--;
348 mutex_exit(&dzp->z_lock);
349 return;
350 }
351 prev_dl = &dzp->z_dirlocks;
352 while ((cur_dl = *prev_dl) != dl)
353 prev_dl = &cur_dl->dl_next;
354 *prev_dl = dl->dl_next;
355 cv_broadcast(&dl->dl_cv);
356 mutex_exit(&dzp->z_lock);
357
358 cv_destroy(&dl->dl_cv);
359 kmem_free(dl, sizeof (*dl) + dl->dl_namesize);
360 }
361
362 /*
363 * Look up an entry in a directory.
364 *
365 * NOTE: '.' and '..' are handled as special cases because
366 * no directory entries are actually stored for them. If this is
367 * the root of a filesystem, then '.zfs' is also treated as a
368 * special pseudo-directory.
369 */
370 int
371 zfs_dirlook(znode_t *dzp, char *name, vnode_t **vpp, int flags,
372 int *deflg, pathname_t *rpnp)
373 {
374 zfs_dirlock_t *dl;
375 znode_t *zp;
376 int error = 0;
377 uint64_t parent;
378 int unlinked;
379
380 if (name[0] == 0 || (name[0] == '.' && name[1] == 0)) {
381 mutex_enter(&dzp->z_lock);
382 unlinked = dzp->z_unlinked;
383 mutex_exit(&dzp->z_lock);
384 if (unlinked)
385 return (ENOENT);
386
387 *vpp = ZTOV(dzp);
388 VN_HOLD(*vpp);
389 } else if (name[0] == '.' && name[1] == '.' && name[2] == 0) {
390 zfsvfs_t *zfsvfs = dzp->z_zfsvfs;
391
392 /*
393 * If we are a snapshot mounted under .zfs, return
394 * the vp for the snapshot directory.
395 */
396 if ((error = sa_lookup(dzp->z_sa_hdl,
397 SA_ZPL_PARENT(zfsvfs), &parent, sizeof (parent))) != 0)
398 return (error);
399 if (parent == dzp->z_id && zfsvfs->z_parent != zfsvfs) {
400 error = zfsctl_root_lookup(zfsvfs->z_parent->z_ctldir,
401 "snapshot", vpp, NULL, 0, NULL, kcred,
402 NULL, NULL, NULL);
403 return (error);
404 }
405
406 mutex_enter(&dzp->z_lock);
407 unlinked = dzp->z_unlinked;
408 mutex_exit(&dzp->z_lock);
409 if (unlinked)
410 return (ENOENT);
411
412 rw_enter(&dzp->z_parent_lock, RW_READER);
413 error = zfs_zget(zfsvfs, parent, &zp);
414 if (error == 0)
415 *vpp = ZTOV(zp);
416 rw_exit(&dzp->z_parent_lock);
417 } else if (zfs_has_ctldir(dzp) && strcmp(name, ZFS_CTLDIR_NAME) == 0) {
418 *vpp = zfsctl_root(dzp);
419 } else {
420 int zf;
421
422 zf = ZEXISTS | ZSHARED;
423 if (flags & FIGNORECASE)
424 zf |= ZCILOOK;
425
426 error = zfs_dirent_lock(&dl, dzp, name, &zp, zf, deflg, rpnp);
427 if (error == 0) {
428 *vpp = ZTOV(zp);
429 zfs_dirent_unlock(dl);
430 dzp->z_zn_prefetch = B_TRUE; /* enable prefetching */
431 }
432 rpnp = NULL;
433 }
434
435 if ((flags & FIGNORECASE) && rpnp && !error)
436 (void) strlcpy(rpnp->pn_buf, name, rpnp->pn_bufsize);
437
438 return (error);
439 }
440
441 /*
442 * unlinked Set (formerly known as the "delete queue") Error Handling
443 *
444 * When dealing with the unlinked set, we dmu_tx_hold_zap(), but we
445 * don't specify the name of the entry that we will be manipulating. We
446 * also fib and say that we won't be adding any new entries to the
447 * unlinked set, even though we might (this is to lower the minimum file
448 * size that can be deleted in a full filesystem). So on the small
449 * chance that the nlink list is using a fat zap (ie. has more than
450 * 2000 entries), we *may* not pre-read a block that's needed.
451 * Therefore it is remotely possible for some of the assertions
452 * regarding the unlinked set below to fail due to i/o error. On a
453 * nondebug system, this will result in the space being leaked.
454 */
455 void
456 zfs_unlinked_add(znode_t *zp, dmu_tx_t *tx)
457 {
458 zfsvfs_t *zfsvfs = zp->z_zfsvfs;
459
460 ASSERT(zp->z_unlinked);
461 ASSERT(zp->z_links == 0);
462
463 VERIFY3U(0, ==,
464 zap_add_int(zfsvfs->z_os, zfsvfs->z_unlinkedobj, zp->z_id, tx));
465 }
466
467 /*
468 * Clean up any znodes that had no links when we either crashed or
469 * (force) umounted the file system.
470 */
471 void
472 zfs_unlinked_drain(zfsvfs_t *zfsvfs)
473 {
474 zap_cursor_t zc;
475 zap_attribute_t zap;
476 dmu_object_info_t doi;
477 znode_t *zp;
478 int error;
479
480 /*
481 * Interate over the contents of the unlinked set.
482 */
483 for (zap_cursor_init(&zc, zfsvfs->z_os, zfsvfs->z_unlinkedobj);
484 zap_cursor_retrieve(&zc, &zap) == 0;
485 zap_cursor_advance(&zc)) {
486
487 /*
488 * See what kind of object we have in list
489 */
490
491 error = dmu_object_info(zfsvfs->z_os,
492 zap.za_first_integer, &doi);
493 if (error != 0)
494 continue;
495
496 ASSERT((doi.doi_type == DMU_OT_PLAIN_FILE_CONTENTS) ||
497 (doi.doi_type == DMU_OT_DIRECTORY_CONTENTS));
498 /*
499 * We need to re-mark these list entries for deletion,
500 * so we pull them back into core and set zp->z_unlinked.
501 */
502 error = zfs_zget(zfsvfs, zap.za_first_integer, &zp);
503
504 /*
505 * We may pick up znodes that are already marked for deletion.
506 * This could happen during the purge of an extended attribute
507 * directory. All we need to do is skip over them, since they
508 * are already in the system marked z_unlinked.
509 */
510 if (error != 0)
511 continue;
512
513 zp->z_unlinked = B_TRUE;
514 VN_RELE(ZTOV(zp));
515 }
516 zap_cursor_fini(&zc);
517 }
518
519 /*
520 * Delete the entire contents of a directory. Return a count
521 * of the number of entries that could not be deleted. If we encounter
522 * an error, return a count of at least one so that the directory stays
523 * in the unlinked set.
524 *
525 * NOTE: this function assumes that the directory is inactive,
526 * so there is no need to lock its entries before deletion.
527 * Also, it assumes the directory contents is *only* regular
528 * files.
529 */
530 static int
531 zfs_purgedir(znode_t *dzp)
532 {
533 zap_cursor_t zc;
534 zap_attribute_t zap;
535 znode_t *xzp;
536 dmu_tx_t *tx;
537 zfsvfs_t *zfsvfs = dzp->z_zfsvfs;
538 zfs_dirlock_t dl;
539 int skipped = 0;
540 int error;
541
542 for (zap_cursor_init(&zc, zfsvfs->z_os, dzp->z_id);
543 (error = zap_cursor_retrieve(&zc, &zap)) == 0;
544 zap_cursor_advance(&zc)) {
545 error = zfs_zget(zfsvfs,
546 ZFS_DIRENT_OBJ(zap.za_first_integer), &xzp);
547 if (error) {
548 skipped += 1;
549 continue;
550 }
551
552 ASSERT((ZTOV(xzp)->v_type == VREG) ||
553 (ZTOV(xzp)->v_type == VLNK));
554
555 tx = dmu_tx_create(zfsvfs->z_os);
556 dmu_tx_hold_sa(tx, dzp->z_sa_hdl, B_FALSE);
557 dmu_tx_hold_zap(tx, dzp->z_id, FALSE, zap.za_name);
558 dmu_tx_hold_sa(tx, xzp->z_sa_hdl, B_FALSE);
559 dmu_tx_hold_zap(tx, zfsvfs->z_unlinkedobj, FALSE, NULL);
560 /* Is this really needed ? */
561 zfs_sa_upgrade_txholds(tx, xzp);
562 error = dmu_tx_assign(tx, TXG_WAIT);
563 if (error) {
564 dmu_tx_abort(tx);
565 VN_RELE(ZTOV(xzp));
566 skipped += 1;
567 continue;
568 }
569 bzero(&dl, sizeof (dl));
570 dl.dl_dzp = dzp;
571 dl.dl_name = zap.za_name;
572
573 error = zfs_link_destroy(&dl, xzp, tx, 0, NULL);
574 if (error)
575 skipped += 1;
576 dmu_tx_commit(tx);
577
578 VN_RELE(ZTOV(xzp));
579 }
580 zap_cursor_fini(&zc);
581 if (error != ENOENT)
582 skipped += 1;
583 return (skipped);
584 }
585
586 void
587 zfs_rmnode(znode_t *zp)
588 {
589 zfsvfs_t *zfsvfs = zp->z_zfsvfs;
590 objset_t *os = zfsvfs->z_os;
591 znode_t *xzp = NULL;
592 dmu_tx_t *tx;
593 uint64_t acl_obj;
594 uint64_t xattr_obj;
595 int error;
596
597 ASSERT(zp->z_links == 0);
598
599 /*
600 * If this is an attribute directory, purge its contents.
601 */
602 if (ZTOV(zp) != NULL && ZTOV(zp)->v_type == VDIR &&
603 (zp->z_pflags & ZFS_XATTR)) {
604 if (zfs_purgedir(zp) != 0) {
605 /*
606 * Not enough space to delete some xattrs.
607 * Leave it in the unlinked set.
608 */
609 zfs_znode_dmu_fini(zp);
610 zfs_znode_free(zp);
611 return;
612 }
613 }
614
615 /*
616 * Free up all the data in the file.
617 */
618 error = dmu_free_long_range(os, zp->z_id, 0, DMU_OBJECT_END);
619 if (error) {
620 /*
621 * Not enough space. Leave the file in the unlinked set.
622 */
623 zfs_znode_dmu_fini(zp);
624 zfs_znode_free(zp);
625 return;
626 }
627
628 /*
629 * If the file has extended attributes, we're going to unlink
630 * the xattr dir.
631 */
632 error = sa_lookup(zp->z_sa_hdl, SA_ZPL_XATTR(zfsvfs),
633 &xattr_obj, sizeof (xattr_obj));
634 if (error == 0 && xattr_obj) {
635 error = zfs_zget(zfsvfs, xattr_obj, &xzp);
636 ASSERT(error == 0);
637 }
638
639 acl_obj = zfs_external_acl(zp);
640
641 /*
642 * Set up the final transaction.
643 */
644 tx = dmu_tx_create(os);
645 dmu_tx_hold_free(tx, zp->z_id, 0, DMU_OBJECT_END);
646 dmu_tx_hold_zap(tx, zfsvfs->z_unlinkedobj, FALSE, NULL);
647 if (xzp) {
648 dmu_tx_hold_zap(tx, zfsvfs->z_unlinkedobj, TRUE, NULL);
649 dmu_tx_hold_sa(tx, xzp->z_sa_hdl, B_FALSE);
650 }
651 if (acl_obj)
652 dmu_tx_hold_free(tx, acl_obj, 0, DMU_OBJECT_END);
653
654 zfs_sa_upgrade_txholds(tx, zp);
655 error = dmu_tx_assign(tx, TXG_WAIT);
656 if (error) {
657 /*
658 * Not enough space to delete the file. Leave it in the
659 * unlinked set, leaking it until the fs is remounted (at
660 * which point we'll call zfs_unlinked_drain() to process it).
661 */
662 dmu_tx_abort(tx);
663 zfs_znode_dmu_fini(zp);
664 zfs_znode_free(zp);
665 goto out;
666 }
667
668 if (xzp) {
669 ASSERT(error == 0);
670 mutex_enter(&xzp->z_lock);
671 xzp->z_unlinked = B_TRUE; /* mark xzp for deletion */
672 xzp->z_links = 0; /* no more links to it */
673 VERIFY(0 == sa_update(xzp->z_sa_hdl, SA_ZPL_LINKS(zfsvfs),
674 &xzp->z_links, sizeof (xzp->z_links), tx));
675 mutex_exit(&xzp->z_lock);
676 zfs_unlinked_add(xzp, tx);
677 }
678
679 /* Remove this znode from the unlinked set */
680 VERIFY3U(0, ==,
681 zap_remove_int(zfsvfs->z_os, zfsvfs->z_unlinkedobj, zp->z_id, tx));
682
683 zfs_znode_delete(zp, tx);
684
685 dmu_tx_commit(tx);
686 out:
687 if (xzp)
688 VN_RELE(ZTOV(xzp));
689 }
690
691 static uint64_t
692 zfs_dirent(znode_t *zp, uint64_t mode)
693 {
694 uint64_t de = zp->z_id;
695
696 if (zp->z_zfsvfs->z_version >= ZPL_VERSION_DIRENT_TYPE)
697 de |= IFTODT(mode) << 60;
698 return (de);
699 }
700
701 /*
702 * Link zp into dl. Can only fail if zp has been unlinked.
703 */
704 int
705 zfs_link_create(zfs_dirlock_t *dl, znode_t *zp, dmu_tx_t *tx, int flag)
706 {
707 znode_t *dzp = dl->dl_dzp;
708 zfsvfs_t *zfsvfs = zp->z_zfsvfs;
709 vnode_t *vp = ZTOV(zp);
710 uint64_t value;
711 int zp_is_dir = (vp->v_type == VDIR);
712 sa_bulk_attr_t bulk[5];
713 uint64_t mtime[2], ctime[2];
714 int count = 0;
715 int error;
716
717 mutex_enter(&zp->z_lock);
718
719 if (!(flag & ZRENAMING)) {
720 if (zp->z_unlinked) { /* no new links to unlinked zp */
721 ASSERT(!(flag & (ZNEW | ZEXISTS)));
722 mutex_exit(&zp->z_lock);
723 return (SET_ERROR(ENOENT));
724 }
725 zp->z_links++;
726 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_LINKS(zfsvfs), NULL,
727 &zp->z_links, sizeof (zp->z_links));
728
729 }
730 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_PARENT(zfsvfs), NULL,
731 &dzp->z_id, sizeof (dzp->z_id));
732 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_FLAGS(zfsvfs), NULL,
733 &zp->z_pflags, sizeof (zp->z_pflags));
734
735 if (!(flag & ZNEW)) {
736 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL,
737 ctime, sizeof (ctime));
738 zfs_tstamp_update_setup(zp, STATE_CHANGED, mtime,
739 ctime, B_TRUE);
740 }
741 error = sa_bulk_update(zp->z_sa_hdl, bulk, count, tx);
742 ASSERT(error == 0);
743
744 mutex_exit(&zp->z_lock);
745
746 mutex_enter(&dzp->z_lock);
747 dzp->z_size++;
748 dzp->z_links += zp_is_dir;
749 count = 0;
750 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_SIZE(zfsvfs), NULL,
751 &dzp->z_size, sizeof (dzp->z_size));
752 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_LINKS(zfsvfs), NULL,
753 &dzp->z_links, sizeof (dzp->z_links));
754 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MTIME(zfsvfs), NULL,
755 mtime, sizeof (mtime));
756 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL,
757 ctime, sizeof (ctime));
758 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_FLAGS(zfsvfs), NULL,
759 &dzp->z_pflags, sizeof (dzp->z_pflags));
760 zfs_tstamp_update_setup(dzp, CONTENT_MODIFIED, mtime, ctime, B_TRUE);
761 error = sa_bulk_update(dzp->z_sa_hdl, bulk, count, tx);
762 ASSERT(error == 0);
763 mutex_exit(&dzp->z_lock);
764
765 value = zfs_dirent(zp, zp->z_mode);
766 error = zap_add(zp->z_zfsvfs->z_os, dzp->z_id, dl->dl_name,
767 8, 1, &value, tx);
768 ASSERT(error == 0);
769
770 dnlc_update(ZTOV(dzp), dl->dl_name, vp);
771
772 return (0);
773 }
774
775 static int
776 zfs_dropname(zfs_dirlock_t *dl, znode_t *zp, znode_t *dzp, dmu_tx_t *tx,
777 int flag)
778 {
779 int error;
780
781 if (zp->z_zfsvfs->z_norm) {
782 if (((zp->z_zfsvfs->z_case == ZFS_CASE_INSENSITIVE) &&
783 (flag & ZCIEXACT)) ||
784 ((zp->z_zfsvfs->z_case == ZFS_CASE_MIXED) &&
785 !(flag & ZCILOOK)))
786 error = zap_remove_norm(zp->z_zfsvfs->z_os,
787 dzp->z_id, dl->dl_name, MT_EXACT, tx);
788 else
789 error = zap_remove_norm(zp->z_zfsvfs->z_os,
790 dzp->z_id, dl->dl_name, MT_FIRST, tx);
791 } else {
792 error = zap_remove(zp->z_zfsvfs->z_os,
793 dzp->z_id, dl->dl_name, tx);
794 }
795
796 return (error);
797 }
798
799 /*
800 * Unlink zp from dl, and mark zp for deletion if this was the last link.
801 * Can fail if zp is a mount point (EBUSY) or a non-empty directory (EEXIST).
802 * If 'unlinkedp' is NULL, we put unlinked znodes on the unlinked list.
803 * If it's non-NULL, we use it to indicate whether the znode needs deletion,
804 * and it's the caller's job to do it.
805 */
806 int
807 zfs_link_destroy(zfs_dirlock_t *dl, znode_t *zp, dmu_tx_t *tx, int flag,
808 boolean_t *unlinkedp)
809 {
810 znode_t *dzp = dl->dl_dzp;
811 zfsvfs_t *zfsvfs = dzp->z_zfsvfs;
812 vnode_t *vp = ZTOV(zp);
813 int zp_is_dir = (vp->v_type == VDIR);
814 boolean_t unlinked = B_FALSE;
815 sa_bulk_attr_t bulk[5];
816 uint64_t mtime[2], ctime[2];
817 int count = 0;
818 int error;
819
820 dnlc_remove(ZTOV(dzp), dl->dl_name);
821
822 if (!(flag & ZRENAMING)) {
823 if (vn_vfswlock(vp)) /* prevent new mounts on zp */
824 return (SET_ERROR(EBUSY));
825
826 if (vn_ismntpt(vp)) { /* don't remove mount point */
827 vn_vfsunlock(vp);
828 return (SET_ERROR(EBUSY));
829 }
830
831 mutex_enter(&zp->z_lock);
832
833 if (zp_is_dir && !zfs_dirempty(zp)) {
834 mutex_exit(&zp->z_lock);
835 vn_vfsunlock(vp);
836 #ifdef illumos
837 return (SET_ERROR(EEXIST));
838 #else
839 return (SET_ERROR(ENOTEMPTY));
840 #endif
841 }
842
843 /*
844 * If we get here, we are going to try to remove the object.
845 * First try removing the name from the directory; if that
846 * fails, return the error.
847 */
848 error = zfs_dropname(dl, zp, dzp, tx, flag);
849 if (error != 0) {
850 mutex_exit(&zp->z_lock);
851 vn_vfsunlock(vp);
852 return (error);
853 }
854
855 if (zp->z_links <= zp_is_dir) {
856 zfs_panic_recover("zfs: link count on vnode %p is %u, "
857 "should be at least %u", zp->z_vnode,
858 (int)zp->z_links,
859 zp_is_dir + 1);
860 zp->z_links = zp_is_dir + 1;
861 }
862 if (--zp->z_links == zp_is_dir) {
863 zp->z_unlinked = B_TRUE;
864 zp->z_links = 0;
865 unlinked = B_TRUE;
866 } else {
867 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs),
868 NULL, &ctime, sizeof (ctime));
869 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_FLAGS(zfsvfs),
870 NULL, &zp->z_pflags, sizeof (zp->z_pflags));
871 zfs_tstamp_update_setup(zp, STATE_CHANGED, mtime, ctime,
872 B_TRUE);
873 }
874 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_LINKS(zfsvfs),
875 NULL, &zp->z_links, sizeof (zp->z_links));
876 error = sa_bulk_update(zp->z_sa_hdl, bulk, count, tx);
877 count = 0;
878 ASSERT(error == 0);
879 mutex_exit(&zp->z_lock);
880 vn_vfsunlock(vp);
881 } else {
882 error = zfs_dropname(dl, zp, dzp, tx, flag);
883 if (error != 0)
884 return (error);
885 }
886
887 mutex_enter(&dzp->z_lock);
888 dzp->z_size--; /* one dirent removed */
889 dzp->z_links -= zp_is_dir; /* ".." link from zp */
890 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_LINKS(zfsvfs),
891 NULL, &dzp->z_links, sizeof (dzp->z_links));
892 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_SIZE(zfsvfs),
893 NULL, &dzp->z_size, sizeof (dzp->z_size));
894 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs),
895 NULL, ctime, sizeof (ctime));
896 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MTIME(zfsvfs),
897 NULL, mtime, sizeof (mtime));
898 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_FLAGS(zfsvfs),
899 NULL, &dzp->z_pflags, sizeof (dzp->z_pflags));
900 zfs_tstamp_update_setup(dzp, CONTENT_MODIFIED, mtime, ctime, B_TRUE);
901 error = sa_bulk_update(dzp->z_sa_hdl, bulk, count, tx);
902 ASSERT(error == 0);
903 mutex_exit(&dzp->z_lock);
904
905 if (unlinkedp != NULL)
906 *unlinkedp = unlinked;
907 else if (unlinked)
908 zfs_unlinked_add(zp, tx);
909
910 return (0);
911 }
912
913 /*
914 * Indicate whether the directory is empty. Works with or without z_lock
915 * held, but can only be consider a hint in the latter case. Returns true
916 * if only "." and ".." remain and there's no work in progress.
917 */
918 boolean_t
919 zfs_dirempty(znode_t *dzp)
920 {
921 return (dzp->z_size == 2 && dzp->z_dirlocks == 0);
922 }
923
924 int
925 zfs_make_xattrdir(znode_t *zp, vattr_t *vap, vnode_t **xvpp, cred_t *cr)
926 {
927 zfsvfs_t *zfsvfs = zp->z_zfsvfs;
928 znode_t *xzp;
929 dmu_tx_t *tx;
930 int error;
931 zfs_acl_ids_t acl_ids;
932 boolean_t fuid_dirtied;
933 uint64_t parent;
934
935 *xvpp = NULL;
936
937 /*
938 * In FreeBSD, access checking for creating an EA is being done
939 * in zfs_setextattr(),
940 */
941 #ifndef __FreeBSD__
942 if (error = zfs_zaccess(zp, ACE_WRITE_NAMED_ATTRS, 0, B_FALSE, cr))
943 return (error);
944 #endif
945
946 if ((error = zfs_acl_ids_create(zp, IS_XATTR, vap, cr, NULL,
947 &acl_ids)) != 0)
948 return (error);
949 if (zfs_acl_ids_overquota(zfsvfs, &acl_ids)) {
950 zfs_acl_ids_free(&acl_ids);
951 return (SET_ERROR(EDQUOT));
952 }
953
954 getnewvnode_reserve(1);
955
956 tx = dmu_tx_create(zfsvfs->z_os);
957 dmu_tx_hold_sa_create(tx, acl_ids.z_aclp->z_acl_bytes +
958 ZFS_SA_BASE_ATTR_SIZE);
959 dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_TRUE);
960 dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL);
961 fuid_dirtied = zfsvfs->z_fuid_dirty;
962 if (fuid_dirtied)
963 zfs_fuid_txhold(zfsvfs, tx);
964 error = dmu_tx_assign(tx, TXG_WAIT);
965 if (error) {
966 zfs_acl_ids_free(&acl_ids);
967 dmu_tx_abort(tx);
968 return (error);
969 }
970 zfs_mknode(zp, vap, tx, cr, IS_XATTR, &xzp, &acl_ids);
971
972 if (fuid_dirtied)
973 zfs_fuid_sync(zfsvfs, tx);
974
975 #ifdef DEBUG
976 error = sa_lookup(xzp->z_sa_hdl, SA_ZPL_PARENT(zfsvfs),
977 &parent, sizeof (parent));
978 ASSERT(error == 0 && parent == zp->z_id);
979 #endif
980
981 VERIFY(0 == sa_update(zp->z_sa_hdl, SA_ZPL_XATTR(zfsvfs), &xzp->z_id,
982 sizeof (xzp->z_id), tx));
983
984 (void) zfs_log_create(zfsvfs->z_log, tx, TX_MKXATTR, zp,
985 xzp, "", NULL, acl_ids.z_fuidp, vap);
986
987 zfs_acl_ids_free(&acl_ids);
988 dmu_tx_commit(tx);
989
990 getnewvnode_drop_reserve();
991
992 *xvpp = ZTOV(xzp);
993
994 return (0);
995 }
996
997 /*
998 * Return a znode for the extended attribute directory for zp.
999 * ** If the directory does not already exist, it is created **
1000 *
1001 * IN: zp - znode to obtain attribute directory from
1002 * cr - credentials of caller
1003 * flags - flags from the VOP_LOOKUP call
1004 *
1005 * OUT: xzpp - pointer to extended attribute znode
1006 *
1007 * RETURN: 0 on success
1008 * error number on failure
1009 */
1010 int
1011 zfs_get_xattrdir(znode_t *zp, vnode_t **xvpp, cred_t *cr, int flags)
1012 {
1013 zfsvfs_t *zfsvfs = zp->z_zfsvfs;
1014 znode_t *xzp;
1015 zfs_dirlock_t *dl;
1016 vattr_t va;
1017 int error;
1018 top:
1019 error = zfs_dirent_lock(&dl, zp, "", &xzp, ZXATTR, NULL, NULL);
1020 if (error)
1021 return (error);
1022
1023 if (xzp != NULL) {
1024 *xvpp = ZTOV(xzp);
1025 zfs_dirent_unlock(dl);
1026 return (0);
1027 }
1028
1029
1030 if (!(flags & CREATE_XATTR_DIR)) {
1031 zfs_dirent_unlock(dl);
1032 #ifdef illumos
1033 return (SET_ERROR(ENOENT));
1034 #else
1035 return (SET_ERROR(ENOATTR));
1036 #endif
1037 }
1038
1039 if (zfsvfs->z_vfs->vfs_flag & VFS_RDONLY) {
1040 zfs_dirent_unlock(dl);
1041 return (SET_ERROR(EROFS));
1042 }
1043
1044 /*
1045 * The ability to 'create' files in an attribute
1046 * directory comes from the write_xattr permission on the base file.
1047 *
1048 * The ability to 'search' an attribute directory requires
1049 * read_xattr permission on the base file.
1050 *
1051 * Once in a directory the ability to read/write attributes
1052 * is controlled by the permissions on the attribute file.
1053 */
1054 va.va_mask = AT_TYPE | AT_MODE | AT_UID | AT_GID;
1055 va.va_type = VDIR;
1056 va.va_mode = S_IFDIR | S_ISVTX | 0777;
1057 zfs_fuid_map_ids(zp, cr, &va.va_uid, &va.va_gid);
1058
1059 error = zfs_make_xattrdir(zp, &va, xvpp, cr);
1060 zfs_dirent_unlock(dl);
1061
1062 if (error == ERESTART) {
1063 /* NB: we already did dmu_tx_wait() if necessary */
1064 goto top;
1065 }
1066 if (error == 0)
1067 VOP_UNLOCK(*xvpp, 0);
1068
1069 return (error);
1070 }
1071
1072 /*
1073 * Decide whether it is okay to remove within a sticky directory.
1074 *
1075 * In sticky directories, write access is not sufficient;
1076 * you can remove entries from a directory only if:
1077 *
1078 * you own the directory,
1079 * you own the entry,
1080 * the entry is a plain file and you have write access,
1081 * or you are privileged (checked in secpolicy...).
1082 *
1083 * The function returns 0 if remove access is granted.
1084 */
1085 int
1086 zfs_sticky_remove_access(znode_t *zdp, znode_t *zp, cred_t *cr)
1087 {
1088 uid_t uid;
1089 uid_t downer;
1090 uid_t fowner;
1091 zfsvfs_t *zfsvfs = zdp->z_zfsvfs;
1092
1093 if (zdp->z_zfsvfs->z_replay)
1094 return (0);
1095
1096 if ((zdp->z_mode & S_ISVTX) == 0)
1097 return (0);
1098
1099 downer = zfs_fuid_map_id(zfsvfs, zdp->z_uid, cr, ZFS_OWNER);
1100 fowner = zfs_fuid_map_id(zfsvfs, zp->z_uid, cr, ZFS_OWNER);
1101
1102 if ((uid = crgetuid(cr)) == downer || uid == fowner ||
1103 (ZTOV(zp)->v_type == VREG &&
1104 zfs_zaccess(zp, ACE_WRITE_DATA, 0, B_FALSE, cr) == 0))
1105 return (0);
1106 else
1107 return (secpolicy_vnode_remove(ZTOV(zp), cr));
1108 }
Cache object: af2a52a2fe69a1d554276cc60278aa86
|