FreeBSD/Linux Kernel Cross Reference
sys/kern/vfs_lookup.c
1 /* $NetBSD: vfs_lookup.c,v 1.72.2.3 2007/02/17 23:27:47 tron Exp $ */
2
3 /*
4 * Copyright (c) 1982, 1986, 1989, 1993
5 * The Regents of the University of California. All rights reserved.
6 * (c) UNIX System Laboratories, Inc.
7 * All or some portions of this file are derived from material licensed
8 * to the University of California by American Telephone and Telegraph
9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
10 * the permission of UNIX System Laboratories, Inc.
11 *
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
14 * are met:
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. Neither the name of the University nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
23 *
24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * SUCH DAMAGE.
35 *
36 * @(#)vfs_lookup.c 8.10 (Berkeley) 5/27/95
37 */
38
39 #include <sys/cdefs.h>
40 __KERNEL_RCSID(0, "$NetBSD: vfs_lookup.c,v 1.72.2.3 2007/02/17 23:27:47 tron Exp $");
41
42 #include "opt_ktrace.h"
43 #include "opt_systrace.h"
44 #include "opt_magiclinks.h"
45
46 #include <sys/param.h>
47 #include <sys/systm.h>
48 #include <sys/kernel.h>
49 #include <sys/syslimits.h>
50 #include <sys/time.h>
51 #include <sys/namei.h>
52 #include <sys/vnode.h>
53 #include <sys/mount.h>
54 #include <sys/errno.h>
55 #include <sys/filedesc.h>
56 #include <sys/hash.h>
57 #include <sys/malloc.h>
58 #include <sys/proc.h>
59 #include <sys/syslog.h>
60 #include <sys/kauth.h>
61
62 #ifdef KTRACE
63 #include <sys/ktrace.h>
64 #endif
65 #ifdef SYSTRACE
66 #include <sys/systrace.h>
67 #endif
68
69 #ifndef MAGICLINKS
70 #define MAGICLINKS 0
71 #endif
72
73 struct pathname_internal {
74 char *pathbuf;
75 boolean_t needfree;
76 };
77
78 int vfs_magiclinks = MAGICLINKS;
79
80 struct pool pnbuf_pool; /* pathname buffer pool */
81 struct pool_cache pnbuf_cache; /* pathname buffer cache */
82
83 /*
84 * Substitute replacement text for 'magic' strings in symlinks.
85 * Returns 0 if successful, and returns non-zero if an error
86 * occurs. (Currently, the only possible error is running out
87 * of temporary pathname space.)
88 *
89 * Looks for "@<string>" and "@<string>/", where <string> is a
90 * recognized 'magic' string. Replaces the "@<string>" with the
91 * appropriate replacement text. (Note that in some cases the
92 * replacement text may have zero length.)
93 *
94 * This would have been table driven, but the variance in
95 * replacement strings (and replacement string lengths) made
96 * that impractical.
97 */
98 #define VNL(x) \
99 (sizeof(x) - 1)
100
101 #define VO '{'
102 #define VC '}'
103
104 #define MATCH(str) \
105 ((termchar == '/' && i + VNL(str) == *len) || \
106 (i + VNL(str) < *len && \
107 cp[i + VNL(str)] == termchar)) && \
108 !strncmp((str), &cp[i], VNL(str))
109
110 #define SUBSTITUTE(m, s, sl) \
111 if ((newlen + (sl)) > MAXPATHLEN) \
112 return (1); \
113 i += VNL(m); \
114 if (termchar != '/') \
115 i++; \
116 memcpy(&tmp[newlen], (s), (sl)); \
117 newlen += (sl); \
118 change = 1; \
119 termchar = '/';
120
121 static int
122 symlink_magic(struct proc *p, char *cp, int *len)
123 {
124 char *tmp;
125 int change, i, newlen;
126 int termchar = '/';
127
128 tmp = PNBUF_GET();
129 for (change = i = newlen = 0; i < *len; ) {
130 if (cp[i] != '@') {
131 tmp[newlen++] = cp[i++];
132 continue;
133 }
134
135 i++;
136
137 /* Check for @{var} syntax. */
138 if (cp[i] == VO) {
139 termchar = VC;
140 i++;
141 }
142
143 /*
144 * The following checks should be ordered according
145 * to frequency of use.
146 */
147 if (MATCH("machine_arch")) {
148 SUBSTITUTE("machine_arch", MACHINE_ARCH,
149 sizeof(MACHINE_ARCH) - 1);
150 } else if (MATCH("machine")) {
151 SUBSTITUTE("machine", MACHINE,
152 sizeof(MACHINE) - 1);
153 } else if (MATCH("hostname")) {
154 SUBSTITUTE("hostname", hostname,
155 hostnamelen);
156 } else if (MATCH("osrelease")) {
157 SUBSTITUTE("osrelease", osrelease,
158 strlen(osrelease));
159 } else if (MATCH("emul")) {
160 SUBSTITUTE("emul", p->p_emul->e_name,
161 strlen(p->p_emul->e_name));
162 } else if (MATCH("kernel_ident")) {
163 SUBSTITUTE("kernel_ident", kernel_ident,
164 strlen(kernel_ident));
165 } else if (MATCH("domainname")) {
166 SUBSTITUTE("domainname", domainname,
167 domainnamelen);
168 } else if (MATCH("ostype")) {
169 SUBSTITUTE("ostype", ostype,
170 strlen(ostype));
171 } else if (MATCH("uid")) {
172 char uidtmp[11]; /* XXX elad */
173
174 (void)snprintf(uidtmp, sizeof(uidtmp), "%u",
175 kauth_cred_geteuid(kauth_cred_get()));
176 SUBSTITUTE("uid", uidtmp, strlen(uidtmp));
177 } else {
178 tmp[newlen++] = '@';
179 if (termchar == VC)
180 tmp[newlen++] = VO;
181 }
182 }
183
184 if (change) {
185 memcpy(cp, tmp, newlen);
186 *len = newlen;
187 }
188 PNBUF_PUT(tmp);
189
190 return (0);
191 }
192
193 #undef VNL
194 #undef VO
195 #undef VC
196 #undef MATCH
197 #undef SUBSTITUTE
198
199 int
200 pathname_get(const char *dirp, enum uio_seg segflg, pathname_t *path)
201 {
202 int error;
203
204 if (dirp == NULL)
205 return (EFAULT);
206
207 *path = malloc(sizeof(struct pathname_internal), M_TEMP,
208 M_ZERO|M_WAITOK);
209
210 if (segflg == UIO_USERSPACE) {
211 (*path)->pathbuf = PNBUF_GET();
212 error = copyinstr(dirp, (*path)->pathbuf, MAXPATHLEN,
213 NULL);
214 if (error) {
215 PNBUF_PUT((*path)->pathbuf);
216 free(*path, M_TEMP);
217 *path = NULL;
218 return (error);
219 }
220 (*path)->needfree = TRUE;
221 } else {
222 (*path)->pathbuf = __UNCONST(dirp);
223 (*path)->needfree = FALSE;
224 }
225
226 return (0);
227 }
228
229 const char *
230 pathname_path(pathname_t path)
231 {
232 KASSERT(path != NULL);
233 return (path->pathbuf);
234 }
235
236 void
237 pathname_put(pathname_t path)
238 {
239 if (path != NULL) {
240 if (path->pathbuf != NULL && path->needfree)
241 PNBUF_PUT(path->pathbuf);
242 free(path, M_TEMP);
243 }
244 }
245
246 /*
247 * Convert a pathname into a pointer to a locked vnode.
248 *
249 * The FOLLOW flag is set when symbolic links are to be followed
250 * when they occur at the end of the name translation process.
251 * Symbolic links are always followed for all other pathname
252 * components other than the last.
253 *
254 * The segflg defines whether the name is to be copied from user
255 * space or kernel space.
256 *
257 * Overall outline of namei:
258 *
259 * copy in name
260 * get starting directory
261 * while (!done && !error) {
262 * call lookup to search path.
263 * if symbolic link, massage name in buffer and continue
264 * }
265 */
266 int
267 namei(struct nameidata *ndp)
268 {
269 struct cwdinfo *cwdi; /* pointer to cwd state */
270 char *cp; /* pointer into pathname argument */
271 struct vnode *dp; /* the directory we are searching */
272 struct iovec aiov; /* uio for reading symbolic links */
273 struct uio auio;
274 int error, linklen;
275 struct componentname *cnp = &ndp->ni_cnd;
276
277 #ifdef DIAGNOSTIC
278 if (!cnp->cn_cred || !cnp->cn_lwp)
279 panic("namei: bad cred/proc");
280 if (cnp->cn_nameiop & (~OPMASK))
281 panic("namei: nameiop contaminated with flags");
282 if (cnp->cn_flags & OPMASK)
283 panic("namei: flags contaminated with nameiops");
284 #endif
285 cwdi = cnp->cn_lwp->l_proc->p_cwdi;
286
287 /*
288 * Get a buffer for the name to be translated, and copy the
289 * name into the buffer.
290 */
291 if ((cnp->cn_flags & HASBUF) == 0)
292 cnp->cn_pnbuf = PNBUF_GET();
293 if (ndp->ni_segflg == UIO_SYSSPACE)
294 error = copystr(ndp->ni_dirp, cnp->cn_pnbuf,
295 MAXPATHLEN, &ndp->ni_pathlen);
296 else
297 error = copyinstr(ndp->ni_dirp, cnp->cn_pnbuf,
298 MAXPATHLEN, &ndp->ni_pathlen);
299
300 /*
301 * POSIX.1 requirement: "" is not a valid file name.
302 */
303 if (!error && ndp->ni_pathlen == 1)
304 error = ENOENT;
305
306 if (error) {
307 PNBUF_PUT(cnp->cn_pnbuf);
308 ndp->ni_vp = NULL;
309 return (error);
310 }
311 ndp->ni_loopcnt = 0;
312
313 #ifdef KTRACE
314 if (KTRPOINT(cnp->cn_lwp->l_proc, KTR_NAMEI))
315 ktrnamei(cnp->cn_lwp, cnp->cn_pnbuf);
316 #endif
317 #ifdef SYSTRACE
318 if (ISSET(cnp->cn_lwp->l_proc->p_flag, P_SYSTRACE))
319 systrace_namei(ndp);
320 #endif
321
322 /*
323 * Get starting point for the translation.
324 */
325 if ((ndp->ni_rootdir = cwdi->cwdi_rdir) == NULL)
326 ndp->ni_rootdir = rootvnode;
327 /*
328 * Check if starting from root directory or current directory.
329 */
330 if (cnp->cn_pnbuf[0] == '/') {
331 dp = ndp->ni_rootdir;
332 VREF(dp);
333 } else {
334 dp = cwdi->cwdi_cdir;
335 VREF(dp);
336 }
337 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY);
338 for (;;) {
339 if (!dp->v_mount) {
340 /* Give up if the directory is no longer mounted */
341 vput(dp);
342 PNBUF_PUT(cnp->cn_pnbuf);
343 return (ENOENT);
344 }
345 cnp->cn_nameptr = cnp->cn_pnbuf;
346 ndp->ni_startdir = dp;
347 error = lookup(ndp);
348 if (error != 0) {
349 if (ndp->ni_dvp) {
350 vput(ndp->ni_dvp);
351 }
352 PNBUF_PUT(cnp->cn_pnbuf);
353 return (error);
354 }
355
356 /*
357 * Check for symbolic link
358 */
359 if ((cnp->cn_flags & ISSYMLINK) == 0) {
360 if ((cnp->cn_flags & LOCKPARENT) == 0 && ndp->ni_dvp) {
361 if (ndp->ni_dvp == ndp->ni_vp) {
362 vrele(ndp->ni_dvp);
363 } else {
364 vput(ndp->ni_dvp);
365 }
366 }
367 if ((cnp->cn_flags & (SAVENAME | SAVESTART)) == 0)
368 PNBUF_PUT(cnp->cn_pnbuf);
369 else
370 cnp->cn_flags |= HASBUF;
371 return (0);
372 }
373
374 if (ndp->ni_loopcnt++ >= MAXSYMLINKS) {
375 error = ELOOP;
376 break;
377 }
378 if (ndp->ni_vp->v_mount->mnt_flag & MNT_SYMPERM) {
379 error = VOP_ACCESS(ndp->ni_vp, VEXEC, cnp->cn_cred,
380 cnp->cn_lwp);
381 if (error != 0)
382 break;
383 }
384 if (ndp->ni_pathlen > 1)
385 cp = PNBUF_GET();
386 else
387 cp = cnp->cn_pnbuf;
388 aiov.iov_base = cp;
389 aiov.iov_len = MAXPATHLEN;
390 auio.uio_iov = &aiov;
391 auio.uio_iovcnt = 1;
392 auio.uio_offset = 0;
393 auio.uio_rw = UIO_READ;
394 auio.uio_resid = MAXPATHLEN;
395 UIO_SETUP_SYSSPACE(&auio);
396 error = VOP_READLINK(ndp->ni_vp, &auio, cnp->cn_cred);
397 if (error) {
398 badlink:
399 if (ndp->ni_pathlen > 1)
400 PNBUF_PUT(cp);
401 break;
402 }
403 linklen = MAXPATHLEN - auio.uio_resid;
404 if (linklen == 0) {
405 error = ENOENT;
406 goto badlink;
407 }
408
409 /*
410 * Do symlink substitution, if appropriate, and
411 * check length for potential overflow.
412 */
413 if ((vfs_magiclinks &&
414 symlink_magic(cnp->cn_lwp->l_proc, cp, &linklen)) ||
415 (linklen + ndp->ni_pathlen >= MAXPATHLEN)) {
416 error = ENAMETOOLONG;
417 goto badlink;
418 }
419 if (ndp->ni_pathlen > 1) {
420 memcpy(cp + linklen, ndp->ni_next, ndp->ni_pathlen);
421 PNBUF_PUT(cnp->cn_pnbuf);
422 cnp->cn_pnbuf = cp;
423 } else
424 cnp->cn_pnbuf[linklen] = '\0';
425 ndp->ni_pathlen += linklen;
426 vput(ndp->ni_vp);
427 dp = ndp->ni_dvp;
428
429 /*
430 * Check if root directory should replace current directory.
431 */
432 if (cnp->cn_pnbuf[0] == '/') {
433 vput(dp);
434 dp = ndp->ni_rootdir;
435 VREF(dp);
436 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY);
437 }
438 }
439 KASSERT(ndp->ni_dvp != ndp->ni_vp);
440 vput(ndp->ni_dvp);
441 vput(ndp->ni_vp);
442 ndp->ni_vp = NULL;
443 PNBUF_PUT(cnp->cn_pnbuf);
444 return (error);
445 }
446
447 /*
448 * Determine the namei hash (for cn_hash) for name.
449 * If *ep != NULL, hash from name to ep-1.
450 * If *ep == NULL, hash from name until the first NUL or '/', and
451 * return the location of this termination character in *ep.
452 *
453 * This function returns an equivalent hash to the MI hash32_strn().
454 * The latter isn't used because in the *ep == NULL case, determining
455 * the length of the string to the first NUL or `/' and then calling
456 * hash32_strn() involves unnecessary double-handling of the data.
457 */
458 uint32_t
459 namei_hash(const char *name, const char **ep)
460 {
461 uint32_t hash;
462
463 hash = HASH32_STR_INIT;
464 if (*ep != NULL) {
465 for (; name < *ep; name++)
466 hash = hash * 33 + *(const uint8_t *)name;
467 } else {
468 for (; *name != '\0' && *name != '/'; name++)
469 hash = hash * 33 + *(const uint8_t *)name;
470 *ep = name;
471 }
472 return (hash + (hash >> 5));
473 }
474
475 /*
476 * Search a pathname.
477 * This is a very central and rather complicated routine.
478 *
479 * The pathname is pointed to by ni_ptr and is of length ni_pathlen.
480 * The starting directory is taken from ni_startdir. The pathname is
481 * descended until done, or a symbolic link is encountered. The variable
482 * ni_more is clear if the path is completed; it is set to one if a
483 * symbolic link needing interpretation is encountered.
484 *
485 * The flag argument is LOOKUP, CREATE, RENAME, or DELETE depending on
486 * whether the name is to be looked up, created, renamed, or deleted.
487 * When CREATE, RENAME, or DELETE is specified, information usable in
488 * creating, renaming, or deleting a directory entry may be calculated.
489 * If flag has LOCKPARENT or'ed into it, the parent directory is returned
490 * locked. Otherwise the parent directory is not returned. If the target
491 * of the pathname exists and LOCKLEAF is or'ed into the flag the target
492 * is returned locked, otherwise it is returned unlocked. When creating
493 * or renaming and LOCKPARENT is specified, the target may not be ".".
494 * When deleting and LOCKPARENT is specified, the target may be ".".
495 *
496 * Overall outline of lookup:
497 *
498 * dirloop:
499 * identify next component of name at ndp->ni_ptr
500 * handle degenerate case where name is null string
501 * if .. and crossing mount points and on mounted filesys, find parent
502 * call VOP_LOOKUP routine for next component name
503 * directory vnode returned in ni_dvp, locked.
504 * component vnode returned in ni_vp (if it exists), locked.
505 * if result vnode is mounted on and crossing mount points,
506 * find mounted on vnode
507 * if more components of name, do next level at dirloop
508 * return the answer in ni_vp, locked if LOCKLEAF set
509 * if LOCKPARENT set, return locked parent in ni_dvp
510 */
511 int
512 lookup(struct nameidata *ndp)
513 {
514 const char *cp; /* pointer into pathname argument */
515 struct vnode *dp = 0; /* the directory we are searching */
516 struct vnode *tdp; /* saved dp */
517 struct mount *mp; /* mount table entry */
518 int docache; /* == 0 do not cache last component */
519 int rdonly; /* lookup read-only flag bit */
520 int error = 0;
521 int slashes;
522 struct componentname *cnp = &ndp->ni_cnd;
523 struct lwp *l = cnp->cn_lwp;
524
525 /*
526 * Setup: break out flag bits into variables.
527 */
528 docache = (cnp->cn_flags & NOCACHE) ^ NOCACHE;
529 if (cnp->cn_nameiop == DELETE)
530 docache = 0;
531 rdonly = cnp->cn_flags & RDONLY;
532 ndp->ni_dvp = NULL;
533 cnp->cn_flags &= ~ISSYMLINK;
534 dp = ndp->ni_startdir;
535 ndp->ni_startdir = NULLVP;
536
537 /*
538 * If we have a leading string of slashes, remove them, and just make
539 * sure the current node is a directory.
540 */
541 cp = cnp->cn_nameptr;
542 if (*cp == '/') {
543 do {
544 cp++;
545 } while (*cp == '/');
546 ndp->ni_pathlen -= cp - cnp->cn_nameptr;
547 cnp->cn_nameptr = cp;
548
549 if (dp->v_type != VDIR) {
550 error = ENOTDIR;
551 vput(dp);
552 goto bad;
553 }
554
555 /*
556 * If we've exhausted the path name, then just return the
557 * current node. If the caller requested the parent node (i.e.
558 * it's a CREATE, DELETE, or RENAME), and we don't have one
559 * (because this is the root directory), then we must fail.
560 */
561 if (cnp->cn_nameptr[0] == '\0') {
562 if (ndp->ni_dvp == NULL && cnp->cn_nameiop != LOOKUP) {
563 switch (cnp->cn_nameiop) {
564 case CREATE:
565 error = EEXIST;
566 break;
567 case DELETE:
568 case RENAME:
569 error = EBUSY;
570 break;
571 default:
572 KASSERT(0);
573 }
574 vput(dp);
575 goto bad;
576 }
577 ndp->ni_vp = dp;
578 cnp->cn_flags |= ISLASTCN;
579 goto terminal;
580 }
581 }
582
583 dirloop:
584 /*
585 * Search a new directory.
586 *
587 * The cn_hash value is for use by vfs_cache.
588 * The last component of the filename is left accessible via
589 * cnp->cn_nameptr for callers that need the name. Callers needing
590 * the name set the SAVENAME flag. When done, they assume
591 * responsibility for freeing the pathname buffer.
592 *
593 * At this point, our only vnode state is that "dp" is held and locked.
594 */
595 cnp->cn_consume = 0;
596 cp = NULL;
597 cnp->cn_hash = namei_hash(cnp->cn_nameptr, &cp);
598 cnp->cn_namelen = cp - cnp->cn_nameptr;
599 if (cnp->cn_namelen > NAME_MAX) {
600 vput(dp);
601 error = ENAMETOOLONG;
602 ndp->ni_dvp = NULL;
603 goto bad;
604 }
605 #ifdef NAMEI_DIAGNOSTIC
606 { char c = *cp;
607 *(char *)cp = '\0';
608 printf("{%s}: ", cnp->cn_nameptr);
609 *(char *)cp = c; }
610 #endif /* NAMEI_DIAGNOSTIC */
611 ndp->ni_pathlen -= cnp->cn_namelen;
612 ndp->ni_next = cp;
613 /*
614 * If this component is followed by a slash, then move the pointer to
615 * the next component forward, and remember that this component must be
616 * a directory.
617 */
618 if (*cp == '/') {
619 do {
620 cp++;
621 } while (*cp == '/');
622 slashes = cp - ndp->ni_next;
623 ndp->ni_pathlen -= slashes;
624 ndp->ni_next = cp;
625 cnp->cn_flags |= REQUIREDIR;
626 } else {
627 slashes = 0;
628 cnp->cn_flags &= ~REQUIREDIR;
629 }
630 /*
631 * We do special processing on the last component, whether or not it's
632 * a directory. Cache all intervening lookups, but not the final one.
633 */
634 if (*cp == '\0') {
635 if (docache)
636 cnp->cn_flags |= MAKEENTRY;
637 else
638 cnp->cn_flags &= ~MAKEENTRY;
639 cnp->cn_flags |= ISLASTCN;
640 } else {
641 cnp->cn_flags |= MAKEENTRY;
642 cnp->cn_flags &= ~ISLASTCN;
643 }
644 if (cnp->cn_namelen == 2 &&
645 cnp->cn_nameptr[1] == '.' && cnp->cn_nameptr[0] == '.')
646 cnp->cn_flags |= ISDOTDOT;
647 else
648 cnp->cn_flags &= ~ISDOTDOT;
649
650 /*
651 * Handle "..": two special cases.
652 * 1. If at root directory (e.g. after chroot)
653 * or at absolute root directory
654 * then ignore it so can't get out.
655 * 1a. If we have somehow gotten out of a jail, warn
656 * and also ignore it so we can't get farther out.
657 * 2. If this vnode is the root of a mounted
658 * filesystem, then replace it with the
659 * vnode which was mounted on so we take the
660 * .. in the other file system.
661 */
662 if (cnp->cn_flags & ISDOTDOT) {
663 struct proc *p = l->l_proc;
664
665 for (;;) {
666 if (dp == ndp->ni_rootdir || dp == rootvnode) {
667 ndp->ni_dvp = dp;
668 ndp->ni_vp = dp;
669 VREF(dp);
670 goto nextname;
671 }
672 if (ndp->ni_rootdir != rootvnode) {
673 int retval;
674
675 VOP_UNLOCK(dp, 0);
676 retval = vn_isunder(dp, ndp->ni_rootdir, l);
677 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY);
678 if (!retval) {
679 /* Oops! We got out of jail! */
680 log(LOG_WARNING,
681 "chrooted pid %d uid %d (%s) "
682 "detected outside of its chroot\n",
683 p->p_pid, kauth_cred_geteuid(l->l_cred),
684 p->p_comm);
685 /* Put us at the jail root. */
686 vput(dp);
687 dp = ndp->ni_rootdir;
688 ndp->ni_dvp = dp;
689 ndp->ni_vp = dp;
690 VREF(dp);
691 VREF(dp);
692 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY);
693 goto nextname;
694 }
695 }
696 if ((dp->v_flag & VROOT) == 0 ||
697 (cnp->cn_flags & NOCROSSMOUNT))
698 break;
699 tdp = dp;
700 dp = dp->v_mount->mnt_vnodecovered;
701 vput(tdp);
702 VREF(dp);
703 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY);
704 }
705 }
706
707 /*
708 * We now have a segment name to search for, and a directory to search.
709 * Again, our only vnode state is that "dp" is held and locked.
710 */
711 unionlookup:
712 ndp->ni_dvp = dp;
713 ndp->ni_vp = NULL;
714 error = VOP_LOOKUP(dp, &ndp->ni_vp, cnp);
715 if (error != 0) {
716 #ifdef DIAGNOSTIC
717 if (ndp->ni_vp != NULL)
718 panic("leaf `%s' should be empty", cnp->cn_nameptr);
719 #endif /* DIAGNOSTIC */
720 #ifdef NAMEI_DIAGNOSTIC
721 printf("not found\n");
722 #endif /* NAMEI_DIAGNOSTIC */
723 if ((error == ENOENT) &&
724 (dp->v_flag & VROOT) &&
725 (dp->v_mount->mnt_flag & MNT_UNION)) {
726 tdp = dp;
727 dp = dp->v_mount->mnt_vnodecovered;
728 vput(tdp);
729 VREF(dp);
730 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY);
731 goto unionlookup;
732 }
733
734 if (error != EJUSTRETURN)
735 goto bad;
736
737 /*
738 * If this was not the last component, or there were trailing
739 * slashes, and we are not going to create a directory,
740 * then the name must exist.
741 */
742 if ((cnp->cn_flags & (REQUIREDIR | CREATEDIR)) == REQUIREDIR) {
743 error = ENOENT;
744 goto bad;
745 }
746
747 /*
748 * If creating and at end of pathname, then can consider
749 * allowing file to be created.
750 */
751 if (rdonly) {
752 error = EROFS;
753 goto bad;
754 }
755
756 /*
757 * We return with ni_vp NULL to indicate that the entry
758 * doesn't currently exist, leaving a pointer to the
759 * (possibly locked) directory vnode in ndp->ni_dvp.
760 */
761 if (cnp->cn_flags & SAVESTART) {
762 ndp->ni_startdir = ndp->ni_dvp;
763 VREF(ndp->ni_startdir);
764 }
765 return (0);
766 }
767 #ifdef NAMEI_DIAGNOSTIC
768 printf("found\n");
769 #endif /* NAMEI_DIAGNOSTIC */
770
771 /*
772 * Take into account any additional components consumed by the
773 * underlying filesystem. This will include any trailing slashes after
774 * the last component consumed.
775 */
776 if (cnp->cn_consume > 0) {
777 ndp->ni_pathlen -= cnp->cn_consume - slashes;
778 ndp->ni_next += cnp->cn_consume - slashes;
779 cnp->cn_consume = 0;
780 if (ndp->ni_next[0] == '\0')
781 cnp->cn_flags |= ISLASTCN;
782 }
783
784 dp = ndp->ni_vp;
785
786 /*
787 * "dp" and "ndp->ni_dvp" are both locked and held,
788 * and may be the same vnode.
789 */
790
791 /*
792 * Check to see if the vnode has been mounted on;
793 * if so find the root of the mounted file system.
794 */
795 while (dp->v_type == VDIR && (mp = dp->v_mountedhere) &&
796 (cnp->cn_flags & NOCROSSMOUNT) == 0) {
797 if (vfs_busy(mp, 0, 0))
798 continue;
799
800 KASSERT(ndp->ni_dvp != dp);
801 VOP_UNLOCK(ndp->ni_dvp, 0);
802 vput(dp);
803 error = VFS_ROOT(mp, &tdp);
804 vfs_unbusy(mp);
805 if (error) {
806 vn_lock(ndp->ni_dvp, LK_EXCLUSIVE | LK_RETRY);
807 goto bad;
808 }
809 VOP_UNLOCK(tdp, 0);
810 ndp->ni_vp = dp = tdp;
811 vn_lock(ndp->ni_dvp, LK_EXCLUSIVE | LK_RETRY);
812 vn_lock(ndp->ni_vp, LK_EXCLUSIVE | LK_RETRY);
813 }
814
815 /*
816 * Check for symbolic link. Back up over any slashes that we skipped,
817 * as we will need them again.
818 */
819 if ((dp->v_type == VLNK) && (cnp->cn_flags & (FOLLOW|REQUIREDIR))) {
820 ndp->ni_pathlen += slashes;
821 ndp->ni_next -= slashes;
822 cnp->cn_flags |= ISSYMLINK;
823 return (0);
824 }
825
826 /*
827 * Check for directory, if the component was followed by a series of
828 * slashes.
829 */
830 if ((dp->v_type != VDIR) && (cnp->cn_flags & REQUIREDIR)) {
831 error = ENOTDIR;
832 KASSERT(dp != ndp->ni_dvp);
833 vput(dp);
834 goto bad;
835 }
836
837 nextname:
838
839 /*
840 * Not a symbolic link. If this was not the last component, then
841 * continue at the next component, else return.
842 */
843 if (!(cnp->cn_flags & ISLASTCN)) {
844 cnp->cn_nameptr = ndp->ni_next;
845 if (ndp->ni_dvp == dp) {
846 vrele(ndp->ni_dvp);
847 } else {
848 vput(ndp->ni_dvp);
849 }
850 goto dirloop;
851 }
852
853 terminal:
854
855 /*
856 * Disallow directory write attempts on read-only file systems.
857 */
858 if (rdonly &&
859 (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)) {
860
861 /*
862 * Disallow directory write attempts on read-only
863 * file systems.
864 */
865 error = EROFS;
866 if (dp != ndp->ni_dvp) {
867 vput(dp);
868 }
869 goto bad;
870 }
871 if (ndp->ni_dvp != NULL) {
872 if (cnp->cn_flags & SAVESTART) {
873 ndp->ni_startdir = ndp->ni_dvp;
874 VREF(ndp->ni_startdir);
875 }
876 }
877 if ((cnp->cn_flags & LOCKLEAF) == 0) {
878 VOP_UNLOCK(dp, 0);
879 }
880 return (0);
881
882 bad:
883 ndp->ni_vp = NULL;
884 return (error);
885 }
886
887 /*
888 * Reacquire a path name component.
889 * dvp is locked on entry and exit.
890 * *vpp is locked on exit unless it's NULL.
891 */
892 int
893 relookup(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp)
894 {
895 int rdonly; /* lookup read-only flag bit */
896 int error = 0;
897 #ifdef DEBUG
898 uint32_t newhash; /* DEBUG: check name hash */
899 const char *cp; /* DEBUG: check name ptr/len */
900 #endif /* DEBUG */
901
902 /*
903 * Setup: break out flag bits into variables.
904 */
905 rdonly = cnp->cn_flags & RDONLY;
906 cnp->cn_flags &= ~ISSYMLINK;
907
908 /*
909 * Search a new directory.
910 *
911 * The cn_hash value is for use by vfs_cache.
912 * The last component of the filename is left accessible via
913 * cnp->cn_nameptr for callers that need the name. Callers needing
914 * the name set the SAVENAME flag. When done, they assume
915 * responsibility for freeing the pathname buffer.
916 */
917 #ifdef DEBUG
918 cp = NULL;
919 newhash = namei_hash(cnp->cn_nameptr, &cp);
920 if ((uint32_t)newhash != (uint32_t)cnp->cn_hash)
921 panic("relookup: bad hash");
922 if (cnp->cn_namelen != cp - cnp->cn_nameptr)
923 panic("relookup: bad len");
924 while (*cp == '/')
925 cp++;
926 if (*cp != 0)
927 panic("relookup: not last component");
928 #endif /* DEBUG */
929
930 /*
931 * Check for degenerate name (e.g. / or "")
932 * which is a way of talking about a directory,
933 * e.g. like "/." or ".".
934 */
935 if (cnp->cn_nameptr[0] == '\0')
936 panic("relookup: null name");
937
938 if (cnp->cn_flags & ISDOTDOT)
939 panic("relookup: lookup on dot-dot");
940
941 /*
942 * We now have a segment name to search for, and a directory to search.
943 */
944 if ((error = VOP_LOOKUP(dvp, vpp, cnp)) != 0) {
945 #ifdef DIAGNOSTIC
946 if (*vpp != NULL)
947 panic("leaf `%s' should be empty", cnp->cn_nameptr);
948 #endif
949 if (error != EJUSTRETURN)
950 goto bad;
951 }
952
953 #ifdef DIAGNOSTIC
954 /*
955 * Check for symbolic link
956 */
957 if (*vpp && (*vpp)->v_type == VLNK && (cnp->cn_flags & FOLLOW))
958 panic("relookup: symlink found");
959 #endif
960
961 /*
962 * Check for read-only file systems.
963 */
964 if (rdonly && cnp->cn_nameiop != LOOKUP) {
965 error = EROFS;
966 if (*vpp) {
967 vput(*vpp);
968 }
969 goto bad;
970 }
971 if (cnp->cn_flags & SAVESTART)
972 VREF(dvp);
973 return (0);
974
975 bad:
976 *vpp = NULL;
977 return (error);
978 }
Cache object: 281b0146150ed9bc34499e203e0e654b
|