1 /*-
2 * Copyright (c) 1992, 1993
3 * The Regents of the University of California. All rights reserved.
4 *
5 * This code is derived from software donated to Berkeley by
6 * Jan-Simon Pendry.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 4. Neither the name of the University nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 *
32 * @(#)portal_vnops.c 8.14 (Berkeley) 5/21/95
33 *
34 * $FreeBSD: releng/9.0/sys/fs/portalfs/portal_vnops.c 224778 2011-08-11 12:30:23Z rwatson $
35 */
36
37 /*
38 * Portal Filesystem
39 */
40
41 #include "opt_capsicum.h"
42
43 #include <sys/param.h>
44 #include <sys/capability.h>
45 #include <sys/fcntl.h>
46 #include <sys/file.h>
47 #include <sys/kernel.h>
48 #include <sys/lock.h>
49 #include <sys/malloc.h>
50 #include <sys/mbuf.h>
51 #include <sys/mount.h>
52 #include <sys/mutex.h>
53 #include <sys/namei.h>
54 #include <sys/proc.h>
55 #include <sys/socket.h>
56 #include <sys/socketvar.h>
57 #include <sys/stat.h>
58 #include <sys/syscallsubr.h>
59 #include <sys/systm.h>
60 #include <sys/un.h>
61 #include <sys/unpcb.h>
62 #include <sys/vnode.h>
63
64 #include <fs/portalfs/portal.h>
65
66 #include <net/vnet.h>
67
68 static int portal_fileid = PORTAL_ROOTFILEID+1;
69
70 static void portal_closefd(struct thread *td, int fd);
71 static int portal_connect(struct socket *so, struct socket *so2);
72 static vop_getattr_t portal_getattr;
73 static vop_lookup_t portal_lookup;
74 static vop_open_t portal_open;
75 static vop_readdir_t portal_readdir;
76 static vop_reclaim_t portal_reclaim;
77 static vop_setattr_t portal_setattr;
78
79 static void
80 portal_closefd(td, fd)
81 struct thread *td;
82 int fd;
83 {
84 int error;
85
86 error = kern_close(td, fd);
87 /*
88 * We should never get an error, and there isn't anything
89 * we could do if we got one, so just print a message.
90 */
91 if (error)
92 printf("portal_closefd: error = %d\n", error);
93 }
94
95 /*
96 * vp is the current namei directory
97 * cnp is the name to locate in that directory...
98 */
99 static int
100 portal_lookup(ap)
101 struct vop_lookup_args /* {
102 struct vnode * a_dvp;
103 struct vnode ** a_vpp;
104 struct componentname * a_cnp;
105 } */ *ap;
106 {
107 struct componentname *cnp = ap->a_cnp;
108 struct vnode **vpp = ap->a_vpp;
109 struct vnode *dvp = ap->a_dvp;
110 char *pname = cnp->cn_nameptr;
111 struct portalnode *pt;
112 int error;
113 struct vnode *fvp = 0;
114 char *path;
115 int size;
116
117 *vpp = NULLVP;
118
119 if (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)
120 return (EROFS);
121
122 if (cnp->cn_namelen == 1 && *pname == '.') {
123 *vpp = dvp;
124 VREF(dvp);
125 return (0);
126 }
127 KASSERT((cnp->cn_flags & ISDOTDOT) == 0,
128 ("portal_lookup: Can not handle dotdot lookups."));
129
130 /*
131 * Do the MALLOC before the getnewvnode since doing so afterward
132 * might cause a bogus v_data pointer to get dereferenced
133 * elsewhere if MALLOC should block.
134 */
135 pt = malloc(sizeof(struct portalnode),
136 M_TEMP, M_WAITOK);
137
138 error = getnewvnode("portal", dvp->v_mount, &portal_vnodeops, &fvp);
139 if (error) {
140 free(pt, M_TEMP);
141 goto bad;
142 }
143 fvp->v_type = VREG;
144 fvp->v_data = pt;
145 /*
146 * Save all of the remaining pathname and
147 * advance the namei next pointer to the end
148 * of the string.
149 */
150 for (size = 0, path = pname; *path; path++)
151 size++;
152 cnp->cn_consume = size - cnp->cn_namelen;
153
154 pt->pt_arg = malloc(size+1, M_TEMP, M_WAITOK);
155 pt->pt_size = size+1;
156 bcopy(pname, pt->pt_arg, pt->pt_size);
157 pt->pt_fileid = portal_fileid++;
158
159 *vpp = fvp;
160 vn_lock(fvp, LK_EXCLUSIVE | LK_RETRY);
161 error = insmntque(fvp, dvp->v_mount);
162 if (error != 0) {
163 *vpp = NULLVP;
164 return (error);
165 }
166 return (0);
167
168 bad:;
169 if (fvp)
170 vrele(fvp);
171 return (error);
172 }
173
174 static int
175 portal_connect(so, so2)
176 struct socket *so;
177 struct socket *so2;
178 {
179 /* from unp_connect, bypassing the namei stuff... */
180 struct socket *so3;
181 struct unpcb *unp2;
182 struct unpcb *unp3;
183
184 if (so2 == 0)
185 return (ECONNREFUSED);
186
187 if (so->so_type != so2->so_type)
188 return (EPROTOTYPE);
189
190 if ((so2->so_options & SO_ACCEPTCONN) == 0)
191 return (ECONNREFUSED);
192
193 CURVNET_SET(so2->so_vnet);
194 if ((so3 = sonewconn(so2, 0)) == 0) {
195 CURVNET_RESTORE();
196 return (ECONNREFUSED);
197 }
198 CURVNET_RESTORE();
199
200 unp2 = sotounpcb(so2);
201 unp3 = sotounpcb(so3);
202 if (unp2->unp_addr)
203 unp3->unp_addr = (struct sockaddr_un *)
204 sodupsockaddr((struct sockaddr *)unp2->unp_addr,
205 M_NOWAIT);
206 so2 = so3;
207
208 return (soconnect2(so, so2));
209 }
210
211 static int
212 portal_open(ap)
213 struct vop_open_args /* {
214 struct vnode *a_vp;
215 int a_mode;
216 struct ucred *a_cred;
217 struct thread *a_td;
218 } */ *ap;
219 {
220 struct socket *so = 0;
221 struct portalnode *pt;
222 struct thread *td = ap->a_td;
223 struct vnode *vp = ap->a_vp;
224 struct uio auio;
225 struct iovec aiov[2];
226 int res;
227 struct mbuf *cm = 0;
228 struct cmsghdr *cmsg;
229 int newfds;
230 int *ip;
231 int fd;
232 int error;
233 int len;
234 struct portalmount *fmp;
235 struct file *fp;
236 struct portal_cred pcred;
237
238 #ifdef CAPABILITY_MODE
239 /*
240 * This may require access to a global namespace (e.g. an IP address);
241 * disallow it entirely, as we do open(2).
242 */
243 if (IN_CAPABILITY_MODE(td))
244 return (ECAPMODE);
245 #endif
246
247 /*
248 * Nothing to do when opening the root node.
249 */
250 if (vp->v_vflag & VV_ROOT)
251 return (0);
252
253 /*
254 * Can't be opened unless the caller is set up
255 * to deal with the side effects. Check for this
256 * by testing whether td_dupfd has been set.
257 */
258 if (td->td_dupfd >= 0)
259 return (ENODEV);
260
261 pt = VTOPORTAL(vp);
262 fmp = VFSTOPORTAL(vp->v_mount);
263
264 /*
265 * Create a new socket.
266 */
267 error = socreate(AF_UNIX, &so, SOCK_STREAM, 0, ap->a_cred,
268 ap->a_td);
269 if (error)
270 goto bad;
271
272 /*
273 * Reserve some buffer space
274 */
275 res = pt->pt_size + sizeof(pcred) + 512; /* XXX */
276 error = soreserve(so, res, res);
277 if (error)
278 goto bad;
279
280 /*
281 * Kick off connection
282 */
283 error = portal_connect(so, fmp->pm_server->f_data);
284 if (error)
285 goto bad;
286
287 /*
288 * Wait for connection to complete
289 */
290 /*
291 * XXX: Since the mount point is holding a reference on the
292 * underlying server socket, it is not easy to find out whether
293 * the server process is still running. To handle this problem
294 * we loop waiting for the new socket to be connected (something
295 * which will only happen if the server is still running) or for
296 * the reference count on the server socket to drop to 1, which
297 * will happen if the server dies. Sleep for 5 second intervals
298 * and keep polling the reference count. XXX.
299 */
300 SOCK_LOCK(so);
301 while ((so->so_state & SS_ISCONNECTING) && so->so_error == 0) {
302 if (fmp->pm_server->f_count == 1) {
303 SOCK_UNLOCK(so);
304 error = ECONNREFUSED;
305 goto bad;
306 }
307 (void) msleep((caddr_t) &so->so_timeo, SOCK_MTX(so), PSOCK,
308 "portalcon", 5 * hz);
309 }
310 SOCK_UNLOCK(so);
311
312 if (so->so_error) {
313 error = so->so_error;
314 goto bad;
315 }
316
317 /*
318 * Set miscellaneous flags
319 */
320 SOCKBUF_LOCK(&so->so_rcv);
321 so->so_rcv.sb_timeo = 0;
322 so->so_rcv.sb_flags |= SB_NOINTR;
323 SOCKBUF_UNLOCK(&so->so_rcv);
324 SOCKBUF_LOCK(&so->so_snd);
325 so->so_snd.sb_timeo = 0;
326 so->so_snd.sb_flags |= SB_NOINTR;
327 SOCKBUF_UNLOCK(&so->so_snd);
328
329
330 pcred.pcr_flag = ap->a_mode;
331 pcred.pcr_uid = ap->a_cred->cr_uid;
332 pcred.pcr_ngroups = MIN(ap->a_cred->cr_ngroups, XU_NGROUPS);
333 bcopy(ap->a_cred->cr_groups, pcred.pcr_groups,
334 pcred.pcr_ngroups * sizeof(gid_t));
335 aiov[0].iov_base = (caddr_t) &pcred;
336 aiov[0].iov_len = sizeof(pcred);
337 aiov[1].iov_base = pt->pt_arg;
338 aiov[1].iov_len = pt->pt_size;
339 auio.uio_iov = aiov;
340 auio.uio_iovcnt = 2;
341 auio.uio_rw = UIO_WRITE;
342 auio.uio_segflg = UIO_SYSSPACE;
343 auio.uio_td = td;
344 auio.uio_offset = 0;
345 auio.uio_resid = aiov[0].iov_len + aiov[1].iov_len;
346
347 error = sosend(so, (struct sockaddr *) 0, &auio,
348 (struct mbuf *) 0, (struct mbuf *) 0, 0 , td);
349 if (error)
350 goto bad;
351
352 len = auio.uio_resid = sizeof(int);
353 do {
354 struct mbuf *m = 0;
355 int flags = MSG_WAITALL;
356 error = soreceive(so, (struct sockaddr **) 0, &auio,
357 &m, &cm, &flags);
358 if (error)
359 goto bad;
360
361 /*
362 * Grab an error code from the mbuf.
363 */
364 if (m) {
365 m = m_pullup(m, sizeof(int)); /* Needed? */
366 if (m) {
367 error = *(mtod(m, int *));
368 m_freem(m);
369 } else {
370 error = EINVAL;
371 }
372 } else {
373 if (cm == 0) {
374 error = ECONNRESET; /* XXX */
375 #ifdef notdef
376 break;
377 #endif
378 }
379 }
380 } while (cm == 0 && auio.uio_resid == len && !error);
381
382 if (cm == 0)
383 goto bad;
384
385 if (auio.uio_resid) {
386 error = 0;
387 #ifdef notdef
388 error = EMSGSIZE;
389 goto bad;
390 #endif
391 }
392
393 /*
394 * XXX: Break apart the control message, and retrieve the
395 * received file descriptor. Note that more than one descriptor
396 * may have been received, or that the rights chain may have more
397 * than a single mbuf in it. What to do?
398 */
399 cmsg = mtod(cm, struct cmsghdr *);
400 newfds = (cmsg->cmsg_len - sizeof(*cmsg)) / sizeof (int);
401 if (newfds == 0) {
402 error = ECONNREFUSED;
403 goto bad;
404 }
405 /*
406 * At this point the rights message consists of a control message
407 * header, followed by a data region containing a vector of
408 * integer file descriptors. The fds were allocated by the action
409 * of receiving the control message.
410 */
411 ip = (int *) (cmsg + 1);
412 fd = *ip++;
413 if (newfds > 1) {
414 /*
415 * Close extra fds.
416 */
417 int i;
418 printf("portal_open: %d extra fds\n", newfds - 1);
419 for (i = 1; i < newfds; i++) {
420 portal_closefd(td, *ip);
421 ip++;
422 }
423 }
424
425 /*
426 * Check that the mode the file is being opened for is a subset
427 * of the mode of the existing descriptor.
428 */
429 if ((error = fget(td, fd, 0, &fp)) != 0)
430 goto bad;
431 if (((ap->a_mode & (FREAD|FWRITE)) | fp->f_flag) != fp->f_flag) {
432 fdrop(fp, td);
433 portal_closefd(td, fd);
434 error = EACCES;
435 goto bad;
436 }
437 fdrop(fp, td);
438
439 /*
440 * Save the dup fd in the proc structure then return the
441 * special error code (ENXIO) which causes magic things to
442 * happen in vn_open. The whole concept is, well, hmmm.
443 */
444 td->td_dupfd = fd;
445 error = ENXIO;
446
447 bad:;
448 /*
449 * And discard the control message.
450 */
451 if (cm) {
452 m_freem(cm);
453 }
454
455 if (so) {
456 soshutdown(so, 2);
457 soclose(so);
458 }
459 return (error);
460 }
461
462 static int
463 portal_getattr(ap)
464 struct vop_getattr_args /* {
465 struct vnode *a_vp;
466 struct vattr *a_vap;
467 struct ucred *a_cred;
468 } */ *ap;
469 {
470 struct vnode *vp = ap->a_vp;
471 struct vattr *vap = ap->a_vap;
472
473 vap->va_uid = 0;
474 vap->va_gid = 0;
475 vap->va_size = DEV_BSIZE;
476 vap->va_blocksize = DEV_BSIZE;
477 nanotime(&vap->va_atime);
478 vap->va_mtime = vap->va_atime;
479 vap->va_ctime = vap->va_mtime;
480 vap->va_gen = 0;
481 vap->va_flags = 0;
482 vap->va_rdev = NODEV;
483 /* vap->va_qbytes = 0; */
484 vap->va_bytes = 0;
485 vap->va_filerev = 0;
486 /* vap->va_qsize = 0; */
487 if (vp->v_vflag & VV_ROOT) {
488 vap->va_type = VDIR;
489 vap->va_mode = S_IRUSR|S_IWUSR|S_IXUSR|
490 S_IRGRP|S_IWGRP|S_IXGRP|
491 S_IROTH|S_IWOTH|S_IXOTH;
492 vap->va_nlink = 2;
493 vap->va_fileid = 2;
494 } else {
495 vap->va_type = VREG;
496 vap->va_mode = S_IRUSR|S_IWUSR|
497 S_IRGRP|S_IWGRP|
498 S_IROTH|S_IWOTH;
499 vap->va_nlink = 1;
500 vap->va_fileid = VTOPORTAL(vp)->pt_fileid;
501 }
502 return (0);
503 }
504
505 static int
506 portal_setattr(ap)
507 struct vop_setattr_args /* {
508 struct vnode *a_vp;
509 struct vattr *a_vap;
510 struct ucred *a_cred;
511 } */ *ap;
512 {
513
514 /*
515 * Can't mess with the root vnode
516 */
517 if (ap->a_vp->v_vflag & VV_ROOT)
518 return (EACCES);
519
520 if (ap->a_vap->va_flags != VNOVAL)
521 return (EOPNOTSUPP);
522
523 return (0);
524 }
525
526 /*
527 * Fake readdir, just return empty directory.
528 * It is hard to deal with '.' and '..' so don't bother.
529 */
530 static int
531 portal_readdir(ap)
532 struct vop_readdir_args /* {
533 struct vnode *a_vp;
534 struct uio *a_uio;
535 struct ucred *a_cred;
536 int *a_eofflag;
537 u_long *a_cookies;
538 int a_ncookies;
539 } */ *ap;
540 {
541
542 /*
543 * We don't allow exporting portal mounts, and currently local
544 * requests do not need cookies.
545 */
546 if (ap->a_ncookies)
547 panic("portal_readdir: not hungry");
548
549 return (0);
550 }
551
552 static int
553 portal_reclaim(ap)
554 struct vop_reclaim_args /* {
555 struct vnode *a_vp;
556 } */ *ap;
557 {
558 struct portalnode *pt = VTOPORTAL(ap->a_vp);
559
560 if (pt->pt_arg) {
561 free((caddr_t) pt->pt_arg, M_TEMP);
562 pt->pt_arg = 0;
563 }
564 free(ap->a_vp->v_data, M_TEMP);
565 ap->a_vp->v_data = 0;
566
567 return (0);
568 }
569
570 struct vop_vector portal_vnodeops = {
571 .vop_default = &default_vnodeops,
572
573 .vop_access = VOP_NULL,
574 .vop_getattr = portal_getattr,
575 .vop_lookup = portal_lookup,
576 .vop_open = portal_open,
577 .vop_pathconf = vop_stdpathconf,
578 .vop_readdir = portal_readdir,
579 .vop_reclaim = portal_reclaim,
580 .vop_setattr = portal_setattr,
581 };
Cache object: 13885190745493bcc1652262971181ab
|