1 /*-
2 * Copyright (c) 1989, 1993
3 * The Regents of the University of California. All rights reserved.
4 * (c) UNIX System Laboratories, Inc.
5 * All or some portions of this file are derived from material licensed
6 * to the University of California by American Telephone and Telegraph
7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
8 * the permission of UNIX System Laboratories, Inc.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 4. Neither the name of the University nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *
34 * @(#)vfs_syscalls.c 8.13 (Berkeley) 4/15/94
35 */
36
37 #include <sys/cdefs.h>
38 __FBSDID("$FreeBSD: releng/10.3/sys/kern/vfs_syscalls.c 301052 2016-05-31 16:55:50Z glebius $");
39
40 #include "opt_capsicum.h"
41 #include "opt_compat.h"
42 #include "opt_kdtrace.h"
43 #include "opt_ktrace.h"
44
45 #include <sys/param.h>
46 #include <sys/systm.h>
47 #include <sys/bio.h>
48 #include <sys/buf.h>
49 #include <sys/capsicum.h>
50 #include <sys/disk.h>
51 #include <sys/sysent.h>
52 #include <sys/malloc.h>
53 #include <sys/mount.h>
54 #include <sys/mutex.h>
55 #include <sys/sysproto.h>
56 #include <sys/namei.h>
57 #include <sys/filedesc.h>
58 #include <sys/kernel.h>
59 #include <sys/fcntl.h>
60 #include <sys/file.h>
61 #include <sys/filio.h>
62 #include <sys/limits.h>
63 #include <sys/linker.h>
64 #include <sys/rwlock.h>
65 #include <sys/sdt.h>
66 #include <sys/stat.h>
67 #include <sys/sx.h>
68 #include <sys/unistd.h>
69 #include <sys/vnode.h>
70 #include <sys/priv.h>
71 #include <sys/proc.h>
72 #include <sys/dirent.h>
73 #include <sys/jail.h>
74 #include <sys/syscallsubr.h>
75 #include <sys/sysctl.h>
76 #ifdef KTRACE
77 #include <sys/ktrace.h>
78 #endif
79
80 #include <machine/stdarg.h>
81
82 #include <security/audit/audit.h>
83 #include <security/mac/mac_framework.h>
84
85 #include <vm/vm.h>
86 #include <vm/vm_object.h>
87 #include <vm/vm_page.h>
88 #include <vm/uma.h>
89
90 #include <ufs/ufs/quota.h>
91
92 MALLOC_DEFINE(M_FADVISE, "fadvise", "posix_fadvise(2) information");
93
94 SDT_PROVIDER_DEFINE(vfs);
95 SDT_PROBE_DEFINE2(vfs, , stat, mode, "char *", "int");
96 SDT_PROBE_DEFINE2(vfs, , stat, reg, "char *", "int");
97
98 static int chroot_refuse_vdir_fds(struct filedesc *fdp);
99 static int kern_chflags(struct thread *td, const char *path,
100 enum uio_seg pathseg, u_long flags);
101 static int kern_chflagsat(struct thread *td, int fd, const char *path,
102 enum uio_seg pathseg, u_long flags, int atflag);
103 static int setfflags(struct thread *td, struct vnode *, u_long);
104 static int getutimes(const struct timeval *, enum uio_seg, struct timespec *);
105 static int getutimens(const struct timespec *, enum uio_seg,
106 struct timespec *, int *);
107 static int setutimes(struct thread *td, struct vnode *,
108 const struct timespec *, int, int);
109 static int vn_access(struct vnode *vp, int user_flags, struct ucred *cred,
110 struct thread *td);
111
112 /*
113 * The module initialization routine for POSIX asynchronous I/O will
114 * set this to the version of AIO that it implements. (Zero means
115 * that it is not implemented.) This value is used here by pathconf()
116 * and in kern_descrip.c by fpathconf().
117 */
118 int async_io_version;
119
120 /*
121 * Sync each mounted filesystem.
122 */
123 #ifndef _SYS_SYSPROTO_H_
124 struct sync_args {
125 int dummy;
126 };
127 #endif
128 /* ARGSUSED */
129 int
130 sys_sync(td, uap)
131 struct thread *td;
132 struct sync_args *uap;
133 {
134 struct mount *mp, *nmp;
135 int save;
136
137 mtx_lock(&mountlist_mtx);
138 for (mp = TAILQ_FIRST(&mountlist); mp != NULL; mp = nmp) {
139 if (vfs_busy(mp, MBF_NOWAIT | MBF_MNTLSTLOCK)) {
140 nmp = TAILQ_NEXT(mp, mnt_list);
141 continue;
142 }
143 if ((mp->mnt_flag & MNT_RDONLY) == 0 &&
144 vn_start_write(NULL, &mp, V_NOWAIT) == 0) {
145 save = curthread_pflags_set(TDP_SYNCIO);
146 vfs_msync(mp, MNT_NOWAIT);
147 VFS_SYNC(mp, MNT_NOWAIT);
148 curthread_pflags_restore(save);
149 vn_finished_write(mp);
150 }
151 mtx_lock(&mountlist_mtx);
152 nmp = TAILQ_NEXT(mp, mnt_list);
153 vfs_unbusy(mp);
154 }
155 mtx_unlock(&mountlist_mtx);
156 return (0);
157 }
158
159 /*
160 * Change filesystem quotas.
161 */
162 #ifndef _SYS_SYSPROTO_H_
163 struct quotactl_args {
164 char *path;
165 int cmd;
166 int uid;
167 caddr_t arg;
168 };
169 #endif
170 int
171 sys_quotactl(td, uap)
172 struct thread *td;
173 register struct quotactl_args /* {
174 char *path;
175 int cmd;
176 int uid;
177 caddr_t arg;
178 } */ *uap;
179 {
180 struct mount *mp;
181 struct nameidata nd;
182 int error;
183
184 AUDIT_ARG_CMD(uap->cmd);
185 AUDIT_ARG_UID(uap->uid);
186 if (!prison_allow(td->td_ucred, PR_ALLOW_QUOTAS))
187 return (EPERM);
188 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_USERSPACE,
189 uap->path, td);
190 if ((error = namei(&nd)) != 0)
191 return (error);
192 NDFREE(&nd, NDF_ONLY_PNBUF);
193 mp = nd.ni_vp->v_mount;
194 vfs_ref(mp);
195 vput(nd.ni_vp);
196 error = vfs_busy(mp, 0);
197 vfs_rel(mp);
198 if (error != 0)
199 return (error);
200 error = VFS_QUOTACTL(mp, uap->cmd, uap->uid, uap->arg);
201
202 /*
203 * Since quota on operation typically needs to open quota
204 * file, the Q_QUOTAON handler needs to unbusy the mount point
205 * before calling into namei. Otherwise, unmount might be
206 * started between two vfs_busy() invocations (first is our,
207 * second is from mount point cross-walk code in lookup()),
208 * causing deadlock.
209 *
210 * Require that Q_QUOTAON handles the vfs_busy() reference on
211 * its own, always returning with ubusied mount point.
212 */
213 if ((uap->cmd >> SUBCMDSHIFT) != Q_QUOTAON)
214 vfs_unbusy(mp);
215 return (error);
216 }
217
218 /*
219 * Used by statfs conversion routines to scale the block size up if
220 * necessary so that all of the block counts are <= 'max_size'. Note
221 * that 'max_size' should be a bitmask, i.e. 2^n - 1 for some non-zero
222 * value of 'n'.
223 */
224 void
225 statfs_scale_blocks(struct statfs *sf, long max_size)
226 {
227 uint64_t count;
228 int shift;
229
230 KASSERT(powerof2(max_size + 1), ("%s: invalid max_size", __func__));
231
232 /*
233 * Attempt to scale the block counts to give a more accurate
234 * overview to userland of the ratio of free space to used
235 * space. To do this, find the largest block count and compute
236 * a divisor that lets it fit into a signed integer <= max_size.
237 */
238 if (sf->f_bavail < 0)
239 count = -sf->f_bavail;
240 else
241 count = sf->f_bavail;
242 count = MAX(sf->f_blocks, MAX(sf->f_bfree, count));
243 if (count <= max_size)
244 return;
245
246 count >>= flsl(max_size);
247 shift = 0;
248 while (count > 0) {
249 shift++;
250 count >>=1;
251 }
252
253 sf->f_bsize <<= shift;
254 sf->f_blocks >>= shift;
255 sf->f_bfree >>= shift;
256 sf->f_bavail >>= shift;
257 }
258
259 /*
260 * Get filesystem statistics.
261 */
262 #ifndef _SYS_SYSPROTO_H_
263 struct statfs_args {
264 char *path;
265 struct statfs *buf;
266 };
267 #endif
268 int
269 sys_statfs(td, uap)
270 struct thread *td;
271 register struct statfs_args /* {
272 char *path;
273 struct statfs *buf;
274 } */ *uap;
275 {
276 struct statfs sf;
277 int error;
278
279 error = kern_statfs(td, uap->path, UIO_USERSPACE, &sf);
280 if (error == 0)
281 error = copyout(&sf, uap->buf, sizeof(sf));
282 return (error);
283 }
284
285 int
286 kern_statfs(struct thread *td, char *path, enum uio_seg pathseg,
287 struct statfs *buf)
288 {
289 struct mount *mp;
290 struct statfs *sp, sb;
291 struct nameidata nd;
292 int error;
293
294 NDINIT(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | AUDITVNODE1,
295 pathseg, path, td);
296 error = namei(&nd);
297 if (error != 0)
298 return (error);
299 mp = nd.ni_vp->v_mount;
300 vfs_ref(mp);
301 NDFREE(&nd, NDF_ONLY_PNBUF);
302 vput(nd.ni_vp);
303 error = vfs_busy(mp, 0);
304 vfs_rel(mp);
305 if (error != 0)
306 return (error);
307 #ifdef MAC
308 error = mac_mount_check_stat(td->td_ucred, mp);
309 if (error != 0)
310 goto out;
311 #endif
312 /*
313 * Set these in case the underlying filesystem fails to do so.
314 */
315 sp = &mp->mnt_stat;
316 sp->f_version = STATFS_VERSION;
317 sp->f_namemax = NAME_MAX;
318 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
319 error = VFS_STATFS(mp, sp);
320 if (error != 0)
321 goto out;
322 if (priv_check(td, PRIV_VFS_GENERATION)) {
323 bcopy(sp, &sb, sizeof(sb));
324 sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0;
325 prison_enforce_statfs(td->td_ucred, mp, &sb);
326 sp = &sb;
327 }
328 *buf = *sp;
329 out:
330 vfs_unbusy(mp);
331 return (error);
332 }
333
334 /*
335 * Get filesystem statistics.
336 */
337 #ifndef _SYS_SYSPROTO_H_
338 struct fstatfs_args {
339 int fd;
340 struct statfs *buf;
341 };
342 #endif
343 int
344 sys_fstatfs(td, uap)
345 struct thread *td;
346 register struct fstatfs_args /* {
347 int fd;
348 struct statfs *buf;
349 } */ *uap;
350 {
351 struct statfs sf;
352 int error;
353
354 error = kern_fstatfs(td, uap->fd, &sf);
355 if (error == 0)
356 error = copyout(&sf, uap->buf, sizeof(sf));
357 return (error);
358 }
359
360 int
361 kern_fstatfs(struct thread *td, int fd, struct statfs *buf)
362 {
363 struct file *fp;
364 struct mount *mp;
365 struct statfs *sp, sb;
366 struct vnode *vp;
367 cap_rights_t rights;
368 int error;
369
370 AUDIT_ARG_FD(fd);
371 error = getvnode(td->td_proc->p_fd, fd,
372 cap_rights_init(&rights, CAP_FSTATFS), &fp);
373 if (error != 0)
374 return (error);
375 vp = fp->f_vnode;
376 vn_lock(vp, LK_SHARED | LK_RETRY);
377 #ifdef AUDIT
378 AUDIT_ARG_VNODE1(vp);
379 #endif
380 mp = vp->v_mount;
381 if (mp)
382 vfs_ref(mp);
383 VOP_UNLOCK(vp, 0);
384 fdrop(fp, td);
385 if (mp == NULL) {
386 error = EBADF;
387 goto out;
388 }
389 error = vfs_busy(mp, 0);
390 vfs_rel(mp);
391 if (error != 0)
392 return (error);
393 #ifdef MAC
394 error = mac_mount_check_stat(td->td_ucred, mp);
395 if (error != 0)
396 goto out;
397 #endif
398 /*
399 * Set these in case the underlying filesystem fails to do so.
400 */
401 sp = &mp->mnt_stat;
402 sp->f_version = STATFS_VERSION;
403 sp->f_namemax = NAME_MAX;
404 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
405 error = VFS_STATFS(mp, sp);
406 if (error != 0)
407 goto out;
408 if (priv_check(td, PRIV_VFS_GENERATION)) {
409 bcopy(sp, &sb, sizeof(sb));
410 sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0;
411 prison_enforce_statfs(td->td_ucred, mp, &sb);
412 sp = &sb;
413 }
414 *buf = *sp;
415 out:
416 if (mp)
417 vfs_unbusy(mp);
418 return (error);
419 }
420
421 /*
422 * Get statistics on all filesystems.
423 */
424 #ifndef _SYS_SYSPROTO_H_
425 struct getfsstat_args {
426 struct statfs *buf;
427 long bufsize;
428 int flags;
429 };
430 #endif
431 int
432 sys_getfsstat(td, uap)
433 struct thread *td;
434 register struct getfsstat_args /* {
435 struct statfs *buf;
436 long bufsize;
437 int flags;
438 } */ *uap;
439 {
440
441 return (kern_getfsstat(td, &uap->buf, uap->bufsize, UIO_USERSPACE,
442 uap->flags));
443 }
444
445 /*
446 * If (bufsize > 0 && bufseg == UIO_SYSSPACE)
447 * The caller is responsible for freeing memory which will be allocated
448 * in '*buf'.
449 */
450 int
451 kern_getfsstat(struct thread *td, struct statfs **buf, size_t bufsize,
452 enum uio_seg bufseg, int flags)
453 {
454 struct mount *mp, *nmp;
455 struct statfs *sfsp, *sp, sb;
456 size_t count, maxcount;
457 int error;
458
459 maxcount = bufsize / sizeof(struct statfs);
460 if (bufsize == 0)
461 sfsp = NULL;
462 else if (bufseg == UIO_USERSPACE)
463 sfsp = *buf;
464 else /* if (bufseg == UIO_SYSSPACE) */ {
465 count = 0;
466 mtx_lock(&mountlist_mtx);
467 TAILQ_FOREACH(mp, &mountlist, mnt_list) {
468 count++;
469 }
470 mtx_unlock(&mountlist_mtx);
471 if (maxcount > count)
472 maxcount = count;
473 sfsp = *buf = malloc(maxcount * sizeof(struct statfs), M_TEMP,
474 M_WAITOK);
475 }
476 count = 0;
477 mtx_lock(&mountlist_mtx);
478 for (mp = TAILQ_FIRST(&mountlist); mp != NULL; mp = nmp) {
479 if (prison_canseemount(td->td_ucred, mp) != 0) {
480 nmp = TAILQ_NEXT(mp, mnt_list);
481 continue;
482 }
483 #ifdef MAC
484 if (mac_mount_check_stat(td->td_ucred, mp) != 0) {
485 nmp = TAILQ_NEXT(mp, mnt_list);
486 continue;
487 }
488 #endif
489 if (vfs_busy(mp, MBF_NOWAIT | MBF_MNTLSTLOCK)) {
490 nmp = TAILQ_NEXT(mp, mnt_list);
491 continue;
492 }
493 if (sfsp && count < maxcount) {
494 sp = &mp->mnt_stat;
495 /*
496 * Set these in case the underlying filesystem
497 * fails to do so.
498 */
499 sp->f_version = STATFS_VERSION;
500 sp->f_namemax = NAME_MAX;
501 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
502 /*
503 * If MNT_NOWAIT or MNT_LAZY is specified, do not
504 * refresh the fsstat cache. MNT_NOWAIT or MNT_LAZY
505 * overrides MNT_WAIT.
506 */
507 if (((flags & (MNT_LAZY|MNT_NOWAIT)) == 0 ||
508 (flags & MNT_WAIT)) &&
509 (error = VFS_STATFS(mp, sp))) {
510 mtx_lock(&mountlist_mtx);
511 nmp = TAILQ_NEXT(mp, mnt_list);
512 vfs_unbusy(mp);
513 continue;
514 }
515 if (priv_check(td, PRIV_VFS_GENERATION)) {
516 bcopy(sp, &sb, sizeof(sb));
517 sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0;
518 prison_enforce_statfs(td->td_ucred, mp, &sb);
519 sp = &sb;
520 }
521 if (bufseg == UIO_SYSSPACE)
522 bcopy(sp, sfsp, sizeof(*sp));
523 else /* if (bufseg == UIO_USERSPACE) */ {
524 error = copyout(sp, sfsp, sizeof(*sp));
525 if (error != 0) {
526 vfs_unbusy(mp);
527 return (error);
528 }
529 }
530 sfsp++;
531 }
532 count++;
533 mtx_lock(&mountlist_mtx);
534 nmp = TAILQ_NEXT(mp, mnt_list);
535 vfs_unbusy(mp);
536 }
537 mtx_unlock(&mountlist_mtx);
538 if (sfsp && count > maxcount)
539 td->td_retval[0] = maxcount;
540 else
541 td->td_retval[0] = count;
542 return (0);
543 }
544
545 #ifdef COMPAT_FREEBSD4
546 /*
547 * Get old format filesystem statistics.
548 */
549 static void cvtstatfs(struct statfs *, struct ostatfs *);
550
551 #ifndef _SYS_SYSPROTO_H_
552 struct freebsd4_statfs_args {
553 char *path;
554 struct ostatfs *buf;
555 };
556 #endif
557 int
558 freebsd4_statfs(td, uap)
559 struct thread *td;
560 struct freebsd4_statfs_args /* {
561 char *path;
562 struct ostatfs *buf;
563 } */ *uap;
564 {
565 struct ostatfs osb;
566 struct statfs sf;
567 int error;
568
569 error = kern_statfs(td, uap->path, UIO_USERSPACE, &sf);
570 if (error != 0)
571 return (error);
572 cvtstatfs(&sf, &osb);
573 return (copyout(&osb, uap->buf, sizeof(osb)));
574 }
575
576 /*
577 * Get filesystem statistics.
578 */
579 #ifndef _SYS_SYSPROTO_H_
580 struct freebsd4_fstatfs_args {
581 int fd;
582 struct ostatfs *buf;
583 };
584 #endif
585 int
586 freebsd4_fstatfs(td, uap)
587 struct thread *td;
588 struct freebsd4_fstatfs_args /* {
589 int fd;
590 struct ostatfs *buf;
591 } */ *uap;
592 {
593 struct ostatfs osb;
594 struct statfs sf;
595 int error;
596
597 error = kern_fstatfs(td, uap->fd, &sf);
598 if (error != 0)
599 return (error);
600 cvtstatfs(&sf, &osb);
601 return (copyout(&osb, uap->buf, sizeof(osb)));
602 }
603
604 /*
605 * Get statistics on all filesystems.
606 */
607 #ifndef _SYS_SYSPROTO_H_
608 struct freebsd4_getfsstat_args {
609 struct ostatfs *buf;
610 long bufsize;
611 int flags;
612 };
613 #endif
614 int
615 freebsd4_getfsstat(td, uap)
616 struct thread *td;
617 register struct freebsd4_getfsstat_args /* {
618 struct ostatfs *buf;
619 long bufsize;
620 int flags;
621 } */ *uap;
622 {
623 struct statfs *buf, *sp;
624 struct ostatfs osb;
625 size_t count, size;
626 int error;
627
628 count = uap->bufsize / sizeof(struct ostatfs);
629 size = count * sizeof(struct statfs);
630 error = kern_getfsstat(td, &buf, size, UIO_SYSSPACE, uap->flags);
631 if (size > 0) {
632 count = td->td_retval[0];
633 sp = buf;
634 while (count > 0 && error == 0) {
635 cvtstatfs(sp, &osb);
636 error = copyout(&osb, uap->buf, sizeof(osb));
637 sp++;
638 uap->buf++;
639 count--;
640 }
641 free(buf, M_TEMP);
642 }
643 return (error);
644 }
645
646 /*
647 * Implement fstatfs() for (NFS) file handles.
648 */
649 #ifndef _SYS_SYSPROTO_H_
650 struct freebsd4_fhstatfs_args {
651 struct fhandle *u_fhp;
652 struct ostatfs *buf;
653 };
654 #endif
655 int
656 freebsd4_fhstatfs(td, uap)
657 struct thread *td;
658 struct freebsd4_fhstatfs_args /* {
659 struct fhandle *u_fhp;
660 struct ostatfs *buf;
661 } */ *uap;
662 {
663 struct ostatfs osb;
664 struct statfs sf;
665 fhandle_t fh;
666 int error;
667
668 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
669 if (error != 0)
670 return (error);
671 error = kern_fhstatfs(td, fh, &sf);
672 if (error != 0)
673 return (error);
674 cvtstatfs(&sf, &osb);
675 return (copyout(&osb, uap->buf, sizeof(osb)));
676 }
677
678 /*
679 * Convert a new format statfs structure to an old format statfs structure.
680 */
681 static void
682 cvtstatfs(nsp, osp)
683 struct statfs *nsp;
684 struct ostatfs *osp;
685 {
686
687 statfs_scale_blocks(nsp, LONG_MAX);
688 bzero(osp, sizeof(*osp));
689 osp->f_bsize = nsp->f_bsize;
690 osp->f_iosize = MIN(nsp->f_iosize, LONG_MAX);
691 osp->f_blocks = nsp->f_blocks;
692 osp->f_bfree = nsp->f_bfree;
693 osp->f_bavail = nsp->f_bavail;
694 osp->f_files = MIN(nsp->f_files, LONG_MAX);
695 osp->f_ffree = MIN(nsp->f_ffree, LONG_MAX);
696 osp->f_owner = nsp->f_owner;
697 osp->f_type = nsp->f_type;
698 osp->f_flags = nsp->f_flags;
699 osp->f_syncwrites = MIN(nsp->f_syncwrites, LONG_MAX);
700 osp->f_asyncwrites = MIN(nsp->f_asyncwrites, LONG_MAX);
701 osp->f_syncreads = MIN(nsp->f_syncreads, LONG_MAX);
702 osp->f_asyncreads = MIN(nsp->f_asyncreads, LONG_MAX);
703 strlcpy(osp->f_fstypename, nsp->f_fstypename,
704 MIN(MFSNAMELEN, OMFSNAMELEN));
705 strlcpy(osp->f_mntonname, nsp->f_mntonname,
706 MIN(MNAMELEN, OMNAMELEN));
707 strlcpy(osp->f_mntfromname, nsp->f_mntfromname,
708 MIN(MNAMELEN, OMNAMELEN));
709 osp->f_fsid = nsp->f_fsid;
710 }
711 #endif /* COMPAT_FREEBSD4 */
712
713 /*
714 * Change current working directory to a given file descriptor.
715 */
716 #ifndef _SYS_SYSPROTO_H_
717 struct fchdir_args {
718 int fd;
719 };
720 #endif
721 int
722 sys_fchdir(td, uap)
723 struct thread *td;
724 struct fchdir_args /* {
725 int fd;
726 } */ *uap;
727 {
728 register struct filedesc *fdp = td->td_proc->p_fd;
729 struct vnode *vp, *tdp, *vpold;
730 struct mount *mp;
731 struct file *fp;
732 cap_rights_t rights;
733 int error;
734
735 AUDIT_ARG_FD(uap->fd);
736 error = getvnode(fdp, uap->fd, cap_rights_init(&rights, CAP_FCHDIR),
737 &fp);
738 if (error != 0)
739 return (error);
740 vp = fp->f_vnode;
741 VREF(vp);
742 fdrop(fp, td);
743 vn_lock(vp, LK_SHARED | LK_RETRY);
744 AUDIT_ARG_VNODE1(vp);
745 error = change_dir(vp, td);
746 while (!error && (mp = vp->v_mountedhere) != NULL) {
747 if (vfs_busy(mp, 0))
748 continue;
749 error = VFS_ROOT(mp, LK_SHARED, &tdp);
750 vfs_unbusy(mp);
751 if (error != 0)
752 break;
753 vput(vp);
754 vp = tdp;
755 }
756 if (error != 0) {
757 vput(vp);
758 return (error);
759 }
760 VOP_UNLOCK(vp, 0);
761 FILEDESC_XLOCK(fdp);
762 vpold = fdp->fd_cdir;
763 fdp->fd_cdir = vp;
764 FILEDESC_XUNLOCK(fdp);
765 vrele(vpold);
766 return (0);
767 }
768
769 /*
770 * Change current working directory (``.'').
771 */
772 #ifndef _SYS_SYSPROTO_H_
773 struct chdir_args {
774 char *path;
775 };
776 #endif
777 int
778 sys_chdir(td, uap)
779 struct thread *td;
780 struct chdir_args /* {
781 char *path;
782 } */ *uap;
783 {
784
785 return (kern_chdir(td, uap->path, UIO_USERSPACE));
786 }
787
788 int
789 kern_chdir(struct thread *td, char *path, enum uio_seg pathseg)
790 {
791 register struct filedesc *fdp = td->td_proc->p_fd;
792 struct nameidata nd;
793 struct vnode *vp;
794 int error;
795
796 NDINIT(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | AUDITVNODE1,
797 pathseg, path, td);
798 if ((error = namei(&nd)) != 0)
799 return (error);
800 if ((error = change_dir(nd.ni_vp, td)) != 0) {
801 vput(nd.ni_vp);
802 NDFREE(&nd, NDF_ONLY_PNBUF);
803 return (error);
804 }
805 VOP_UNLOCK(nd.ni_vp, 0);
806 NDFREE(&nd, NDF_ONLY_PNBUF);
807 FILEDESC_XLOCK(fdp);
808 vp = fdp->fd_cdir;
809 fdp->fd_cdir = nd.ni_vp;
810 FILEDESC_XUNLOCK(fdp);
811 vrele(vp);
812 return (0);
813 }
814
815 /*
816 * Helper function for raised chroot(2) security function: Refuse if
817 * any filedescriptors are open directories.
818 */
819 static int
820 chroot_refuse_vdir_fds(fdp)
821 struct filedesc *fdp;
822 {
823 struct vnode *vp;
824 struct file *fp;
825 int fd;
826
827 FILEDESC_LOCK_ASSERT(fdp);
828
829 for (fd = 0; fd <= fdp->fd_lastfile; fd++) {
830 fp = fget_locked(fdp, fd);
831 if (fp == NULL)
832 continue;
833 if (fp->f_type == DTYPE_VNODE) {
834 vp = fp->f_vnode;
835 if (vp->v_type == VDIR)
836 return (EPERM);
837 }
838 }
839 return (0);
840 }
841
842 /*
843 * This sysctl determines if we will allow a process to chroot(2) if it
844 * has a directory open:
845 * 0: disallowed for all processes.
846 * 1: allowed for processes that were not already chroot(2)'ed.
847 * 2: allowed for all processes.
848 */
849
850 static int chroot_allow_open_directories = 1;
851
852 SYSCTL_INT(_kern, OID_AUTO, chroot_allow_open_directories, CTLFLAG_RW,
853 &chroot_allow_open_directories, 0,
854 "Allow a process to chroot(2) if it has a directory open");
855
856 /*
857 * Change notion of root (``/'') directory.
858 */
859 #ifndef _SYS_SYSPROTO_H_
860 struct chroot_args {
861 char *path;
862 };
863 #endif
864 int
865 sys_chroot(td, uap)
866 struct thread *td;
867 struct chroot_args /* {
868 char *path;
869 } */ *uap;
870 {
871 struct nameidata nd;
872 int error;
873
874 error = priv_check(td, PRIV_VFS_CHROOT);
875 if (error != 0)
876 return (error);
877 NDINIT(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | AUDITVNODE1,
878 UIO_USERSPACE, uap->path, td);
879 error = namei(&nd);
880 if (error != 0)
881 goto error;
882 error = change_dir(nd.ni_vp, td);
883 if (error != 0)
884 goto e_vunlock;
885 #ifdef MAC
886 error = mac_vnode_check_chroot(td->td_ucred, nd.ni_vp);
887 if (error != 0)
888 goto e_vunlock;
889 #endif
890 VOP_UNLOCK(nd.ni_vp, 0);
891 error = change_root(nd.ni_vp, td);
892 vrele(nd.ni_vp);
893 NDFREE(&nd, NDF_ONLY_PNBUF);
894 return (error);
895 e_vunlock:
896 vput(nd.ni_vp);
897 error:
898 NDFREE(&nd, NDF_ONLY_PNBUF);
899 return (error);
900 }
901
902 /*
903 * Common routine for chroot and chdir. Callers must provide a locked vnode
904 * instance.
905 */
906 int
907 change_dir(vp, td)
908 struct vnode *vp;
909 struct thread *td;
910 {
911 #ifdef MAC
912 int error;
913 #endif
914
915 ASSERT_VOP_LOCKED(vp, "change_dir(): vp not locked");
916 if (vp->v_type != VDIR)
917 return (ENOTDIR);
918 #ifdef MAC
919 error = mac_vnode_check_chdir(td->td_ucred, vp);
920 if (error != 0)
921 return (error);
922 #endif
923 return (VOP_ACCESS(vp, VEXEC, td->td_ucred, td));
924 }
925
926 /*
927 * Common routine for kern_chroot() and jail_attach(). The caller is
928 * responsible for invoking priv_check() and mac_vnode_check_chroot() to
929 * authorize this operation.
930 */
931 int
932 change_root(vp, td)
933 struct vnode *vp;
934 struct thread *td;
935 {
936 struct filedesc *fdp;
937 struct vnode *oldvp;
938 int error;
939
940 fdp = td->td_proc->p_fd;
941 FILEDESC_XLOCK(fdp);
942 if (chroot_allow_open_directories == 0 ||
943 (chroot_allow_open_directories == 1 && fdp->fd_rdir != rootvnode)) {
944 error = chroot_refuse_vdir_fds(fdp);
945 if (error != 0) {
946 FILEDESC_XUNLOCK(fdp);
947 return (error);
948 }
949 }
950 oldvp = fdp->fd_rdir;
951 fdp->fd_rdir = vp;
952 VREF(fdp->fd_rdir);
953 if (!fdp->fd_jdir) {
954 fdp->fd_jdir = vp;
955 VREF(fdp->fd_jdir);
956 }
957 FILEDESC_XUNLOCK(fdp);
958 vrele(oldvp);
959 return (0);
960 }
961
962 static __inline void
963 flags_to_rights(int flags, cap_rights_t *rightsp)
964 {
965
966 if (flags & O_EXEC) {
967 cap_rights_set(rightsp, CAP_FEXECVE);
968 } else {
969 switch ((flags & O_ACCMODE)) {
970 case O_RDONLY:
971 cap_rights_set(rightsp, CAP_READ);
972 break;
973 case O_RDWR:
974 cap_rights_set(rightsp, CAP_READ);
975 /* FALLTHROUGH */
976 case O_WRONLY:
977 cap_rights_set(rightsp, CAP_WRITE);
978 if (!(flags & (O_APPEND | O_TRUNC)))
979 cap_rights_set(rightsp, CAP_SEEK);
980 break;
981 }
982 }
983
984 if (flags & O_CREAT)
985 cap_rights_set(rightsp, CAP_CREATE);
986
987 if (flags & O_TRUNC)
988 cap_rights_set(rightsp, CAP_FTRUNCATE);
989
990 if (flags & (O_SYNC | O_FSYNC))
991 cap_rights_set(rightsp, CAP_FSYNC);
992
993 if (flags & (O_EXLOCK | O_SHLOCK))
994 cap_rights_set(rightsp, CAP_FLOCK);
995 }
996
997 /*
998 * Check permissions, allocate an open file structure, and call the device
999 * open routine if any.
1000 */
1001 #ifndef _SYS_SYSPROTO_H_
1002 struct open_args {
1003 char *path;
1004 int flags;
1005 int mode;
1006 };
1007 #endif
1008 int
1009 sys_open(td, uap)
1010 struct thread *td;
1011 register struct open_args /* {
1012 char *path;
1013 int flags;
1014 int mode;
1015 } */ *uap;
1016 {
1017
1018 return (kern_open(td, uap->path, UIO_USERSPACE, uap->flags, uap->mode));
1019 }
1020
1021 #ifndef _SYS_SYSPROTO_H_
1022 struct openat_args {
1023 int fd;
1024 char *path;
1025 int flag;
1026 int mode;
1027 };
1028 #endif
1029 int
1030 sys_openat(struct thread *td, struct openat_args *uap)
1031 {
1032
1033 return (kern_openat(td, uap->fd, uap->path, UIO_USERSPACE, uap->flag,
1034 uap->mode));
1035 }
1036
1037 int
1038 kern_open(struct thread *td, char *path, enum uio_seg pathseg, int flags,
1039 int mode)
1040 {
1041
1042 return (kern_openat(td, AT_FDCWD, path, pathseg, flags, mode));
1043 }
1044
1045 int
1046 kern_openat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
1047 int flags, int mode)
1048 {
1049 struct proc *p = td->td_proc;
1050 struct filedesc *fdp = p->p_fd;
1051 struct file *fp;
1052 struct vnode *vp;
1053 struct nameidata nd;
1054 cap_rights_t rights;
1055 int cmode, error, indx;
1056
1057 indx = -1;
1058
1059 AUDIT_ARG_FFLAGS(flags);
1060 AUDIT_ARG_MODE(mode);
1061 /* XXX: audit dirfd */
1062 cap_rights_init(&rights, CAP_LOOKUP);
1063 flags_to_rights(flags, &rights);
1064 /*
1065 * Only one of the O_EXEC, O_RDONLY, O_WRONLY and O_RDWR flags
1066 * may be specified.
1067 */
1068 if (flags & O_EXEC) {
1069 if (flags & O_ACCMODE)
1070 return (EINVAL);
1071 } else if ((flags & O_ACCMODE) == O_ACCMODE) {
1072 return (EINVAL);
1073 } else {
1074 flags = FFLAGS(flags);
1075 }
1076
1077 /*
1078 * Allocate the file descriptor, but don't install a descriptor yet.
1079 */
1080 error = falloc_noinstall(td, &fp);
1081 if (error != 0)
1082 return (error);
1083 /*
1084 * An extra reference on `fp' has been held for us by
1085 * falloc_noinstall().
1086 */
1087 /* Set the flags early so the finit in devfs can pick them up. */
1088 fp->f_flag = flags & FMASK;
1089 cmode = ((mode & ~fdp->fd_cmask) & ALLPERMS) & ~S_ISTXT;
1090 NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | AUDITVNODE1, pathseg, path, fd,
1091 &rights, td);
1092 td->td_dupfd = -1; /* XXX check for fdopen */
1093 error = vn_open(&nd, &flags, cmode, fp);
1094 if (error != 0) {
1095 /*
1096 * If the vn_open replaced the method vector, something
1097 * wonderous happened deep below and we just pass it up
1098 * pretending we know what we do.
1099 */
1100 if (error == ENXIO && fp->f_ops != &badfileops)
1101 goto success;
1102
1103 /*
1104 * Handle special fdopen() case. bleh.
1105 *
1106 * Don't do this for relative (capability) lookups; we don't
1107 * understand exactly what would happen, and we don't think
1108 * that it ever should.
1109 */
1110 if (nd.ni_strictrelative == 0 &&
1111 (error == ENODEV || error == ENXIO) &&
1112 td->td_dupfd >= 0) {
1113 error = dupfdopen(td, fdp, td->td_dupfd, flags, error,
1114 &indx);
1115 if (error == 0)
1116 goto success;
1117 }
1118
1119 goto bad;
1120 }
1121 td->td_dupfd = 0;
1122 NDFREE(&nd, NDF_ONLY_PNBUF);
1123 vp = nd.ni_vp;
1124
1125 /*
1126 * Store the vnode, for any f_type. Typically, the vnode use
1127 * count is decremented by direct call to vn_closefile() for
1128 * files that switched type in the cdevsw fdopen() method.
1129 */
1130 fp->f_vnode = vp;
1131 /*
1132 * If the file wasn't claimed by devfs bind it to the normal
1133 * vnode operations here.
1134 */
1135 if (fp->f_ops == &badfileops) {
1136 KASSERT(vp->v_type != VFIFO, ("Unexpected fifo."));
1137 fp->f_seqcount = 1;
1138 finit(fp, (flags & FMASK) | (fp->f_flag & FHASLOCK),
1139 DTYPE_VNODE, vp, &vnops);
1140 }
1141
1142 VOP_UNLOCK(vp, 0);
1143 if (flags & O_TRUNC) {
1144 error = fo_truncate(fp, 0, td->td_ucred, td);
1145 if (error != 0)
1146 goto bad;
1147 }
1148 success:
1149 /*
1150 * If we haven't already installed the FD (for dupfdopen), do so now.
1151 */
1152 if (indx == -1) {
1153 struct filecaps *fcaps;
1154
1155 #ifdef CAPABILITIES
1156 if (nd.ni_strictrelative == 1)
1157 fcaps = &nd.ni_filecaps;
1158 else
1159 #endif
1160 fcaps = NULL;
1161 error = finstall(td, fp, &indx, flags, fcaps);
1162 /* On success finstall() consumes fcaps. */
1163 if (error != 0) {
1164 filecaps_free(&nd.ni_filecaps);
1165 goto bad;
1166 }
1167 } else {
1168 filecaps_free(&nd.ni_filecaps);
1169 }
1170
1171 /*
1172 * Release our private reference, leaving the one associated with
1173 * the descriptor table intact.
1174 */
1175 fdrop(fp, td);
1176 td->td_retval[0] = indx;
1177 return (0);
1178 bad:
1179 KASSERT(indx == -1, ("indx=%d, should be -1", indx));
1180 fdrop(fp, td);
1181 return (error);
1182 }
1183
1184 #ifdef COMPAT_43
1185 /*
1186 * Create a file.
1187 */
1188 #ifndef _SYS_SYSPROTO_H_
1189 struct ocreat_args {
1190 char *path;
1191 int mode;
1192 };
1193 #endif
1194 int
1195 ocreat(td, uap)
1196 struct thread *td;
1197 register struct ocreat_args /* {
1198 char *path;
1199 int mode;
1200 } */ *uap;
1201 {
1202
1203 return (kern_open(td, uap->path, UIO_USERSPACE,
1204 O_WRONLY | O_CREAT | O_TRUNC, uap->mode));
1205 }
1206 #endif /* COMPAT_43 */
1207
1208 /*
1209 * Create a special file.
1210 */
1211 #ifndef _SYS_SYSPROTO_H_
1212 struct mknod_args {
1213 char *path;
1214 int mode;
1215 int dev;
1216 };
1217 #endif
1218 int
1219 sys_mknod(td, uap)
1220 struct thread *td;
1221 register struct mknod_args /* {
1222 char *path;
1223 int mode;
1224 int dev;
1225 } */ *uap;
1226 {
1227
1228 return (kern_mknod(td, uap->path, UIO_USERSPACE, uap->mode, uap->dev));
1229 }
1230
1231 #ifndef _SYS_SYSPROTO_H_
1232 struct mknodat_args {
1233 int fd;
1234 char *path;
1235 mode_t mode;
1236 dev_t dev;
1237 };
1238 #endif
1239 int
1240 sys_mknodat(struct thread *td, struct mknodat_args *uap)
1241 {
1242
1243 return (kern_mknodat(td, uap->fd, uap->path, UIO_USERSPACE, uap->mode,
1244 uap->dev));
1245 }
1246
1247 int
1248 kern_mknod(struct thread *td, char *path, enum uio_seg pathseg, int mode,
1249 int dev)
1250 {
1251
1252 return (kern_mknodat(td, AT_FDCWD, path, pathseg, mode, dev));
1253 }
1254
1255 int
1256 kern_mknodat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
1257 int mode, int dev)
1258 {
1259 struct vnode *vp;
1260 struct mount *mp;
1261 struct vattr vattr;
1262 struct nameidata nd;
1263 cap_rights_t rights;
1264 int error, whiteout = 0;
1265
1266 AUDIT_ARG_MODE(mode);
1267 AUDIT_ARG_DEV(dev);
1268 switch (mode & S_IFMT) {
1269 case S_IFCHR:
1270 case S_IFBLK:
1271 error = priv_check(td, PRIV_VFS_MKNOD_DEV);
1272 break;
1273 case S_IFMT:
1274 error = priv_check(td, PRIV_VFS_MKNOD_BAD);
1275 break;
1276 case S_IFWHT:
1277 error = priv_check(td, PRIV_VFS_MKNOD_WHT);
1278 break;
1279 case S_IFIFO:
1280 if (dev == 0)
1281 return (kern_mkfifoat(td, fd, path, pathseg, mode));
1282 /* FALLTHROUGH */
1283 default:
1284 error = EINVAL;
1285 break;
1286 }
1287 if (error != 0)
1288 return (error);
1289 restart:
1290 bwillwrite();
1291 NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 |
1292 NOCACHE, pathseg, path, fd, cap_rights_init(&rights, CAP_MKNODAT),
1293 td);
1294 if ((error = namei(&nd)) != 0)
1295 return (error);
1296 vp = nd.ni_vp;
1297 if (vp != NULL) {
1298 NDFREE(&nd, NDF_ONLY_PNBUF);
1299 if (vp == nd.ni_dvp)
1300 vrele(nd.ni_dvp);
1301 else
1302 vput(nd.ni_dvp);
1303 vrele(vp);
1304 return (EEXIST);
1305 } else {
1306 VATTR_NULL(&vattr);
1307 vattr.va_mode = (mode & ALLPERMS) &
1308 ~td->td_proc->p_fd->fd_cmask;
1309 vattr.va_rdev = dev;
1310 whiteout = 0;
1311
1312 switch (mode & S_IFMT) {
1313 case S_IFMT: /* used by badsect to flag bad sectors */
1314 vattr.va_type = VBAD;
1315 break;
1316 case S_IFCHR:
1317 vattr.va_type = VCHR;
1318 break;
1319 case S_IFBLK:
1320 vattr.va_type = VBLK;
1321 break;
1322 case S_IFWHT:
1323 whiteout = 1;
1324 break;
1325 default:
1326 panic("kern_mknod: invalid mode");
1327 }
1328 }
1329 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
1330 NDFREE(&nd, NDF_ONLY_PNBUF);
1331 vput(nd.ni_dvp);
1332 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
1333 return (error);
1334 goto restart;
1335 }
1336 #ifdef MAC
1337 if (error == 0 && !whiteout)
1338 error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp,
1339 &nd.ni_cnd, &vattr);
1340 #endif
1341 if (error == 0) {
1342 if (whiteout)
1343 error = VOP_WHITEOUT(nd.ni_dvp, &nd.ni_cnd, CREATE);
1344 else {
1345 error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp,
1346 &nd.ni_cnd, &vattr);
1347 if (error == 0)
1348 vput(nd.ni_vp);
1349 }
1350 }
1351 NDFREE(&nd, NDF_ONLY_PNBUF);
1352 vput(nd.ni_dvp);
1353 vn_finished_write(mp);
1354 return (error);
1355 }
1356
1357 /*
1358 * Create a named pipe.
1359 */
1360 #ifndef _SYS_SYSPROTO_H_
1361 struct mkfifo_args {
1362 char *path;
1363 int mode;
1364 };
1365 #endif
1366 int
1367 sys_mkfifo(td, uap)
1368 struct thread *td;
1369 register struct mkfifo_args /* {
1370 char *path;
1371 int mode;
1372 } */ *uap;
1373 {
1374
1375 return (kern_mkfifo(td, uap->path, UIO_USERSPACE, uap->mode));
1376 }
1377
1378 #ifndef _SYS_SYSPROTO_H_
1379 struct mkfifoat_args {
1380 int fd;
1381 char *path;
1382 mode_t mode;
1383 };
1384 #endif
1385 int
1386 sys_mkfifoat(struct thread *td, struct mkfifoat_args *uap)
1387 {
1388
1389 return (kern_mkfifoat(td, uap->fd, uap->path, UIO_USERSPACE,
1390 uap->mode));
1391 }
1392
1393 int
1394 kern_mkfifo(struct thread *td, char *path, enum uio_seg pathseg, int mode)
1395 {
1396
1397 return (kern_mkfifoat(td, AT_FDCWD, path, pathseg, mode));
1398 }
1399
1400 int
1401 kern_mkfifoat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
1402 int mode)
1403 {
1404 struct mount *mp;
1405 struct vattr vattr;
1406 struct nameidata nd;
1407 cap_rights_t rights;
1408 int error;
1409
1410 AUDIT_ARG_MODE(mode);
1411 restart:
1412 bwillwrite();
1413 NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 |
1414 NOCACHE, pathseg, path, fd, cap_rights_init(&rights, CAP_MKFIFOAT),
1415 td);
1416 if ((error = namei(&nd)) != 0)
1417 return (error);
1418 if (nd.ni_vp != NULL) {
1419 NDFREE(&nd, NDF_ONLY_PNBUF);
1420 if (nd.ni_vp == nd.ni_dvp)
1421 vrele(nd.ni_dvp);
1422 else
1423 vput(nd.ni_dvp);
1424 vrele(nd.ni_vp);
1425 return (EEXIST);
1426 }
1427 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
1428 NDFREE(&nd, NDF_ONLY_PNBUF);
1429 vput(nd.ni_dvp);
1430 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
1431 return (error);
1432 goto restart;
1433 }
1434 VATTR_NULL(&vattr);
1435 vattr.va_type = VFIFO;
1436 vattr.va_mode = (mode & ALLPERMS) & ~td->td_proc->p_fd->fd_cmask;
1437 #ifdef MAC
1438 error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
1439 &vattr);
1440 if (error != 0)
1441 goto out;
1442 #endif
1443 error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
1444 if (error == 0)
1445 vput(nd.ni_vp);
1446 #ifdef MAC
1447 out:
1448 #endif
1449 vput(nd.ni_dvp);
1450 vn_finished_write(mp);
1451 NDFREE(&nd, NDF_ONLY_PNBUF);
1452 return (error);
1453 }
1454
1455 /*
1456 * Make a hard file link.
1457 */
1458 #ifndef _SYS_SYSPROTO_H_
1459 struct link_args {
1460 char *path;
1461 char *link;
1462 };
1463 #endif
1464 int
1465 sys_link(td, uap)
1466 struct thread *td;
1467 register struct link_args /* {
1468 char *path;
1469 char *link;
1470 } */ *uap;
1471 {
1472
1473 return (kern_link(td, uap->path, uap->link, UIO_USERSPACE));
1474 }
1475
1476 #ifndef _SYS_SYSPROTO_H_
1477 struct linkat_args {
1478 int fd1;
1479 char *path1;
1480 int fd2;
1481 char *path2;
1482 int flag;
1483 };
1484 #endif
1485 int
1486 sys_linkat(struct thread *td, struct linkat_args *uap)
1487 {
1488 int flag;
1489
1490 flag = uap->flag;
1491 if (flag & ~AT_SYMLINK_FOLLOW)
1492 return (EINVAL);
1493
1494 return (kern_linkat(td, uap->fd1, uap->fd2, uap->path1, uap->path2,
1495 UIO_USERSPACE, (flag & AT_SYMLINK_FOLLOW) ? FOLLOW : NOFOLLOW));
1496 }
1497
1498 int hardlink_check_uid = 0;
1499 SYSCTL_INT(_security_bsd, OID_AUTO, hardlink_check_uid, CTLFLAG_RW,
1500 &hardlink_check_uid, 0,
1501 "Unprivileged processes cannot create hard links to files owned by other "
1502 "users");
1503 static int hardlink_check_gid = 0;
1504 SYSCTL_INT(_security_bsd, OID_AUTO, hardlink_check_gid, CTLFLAG_RW,
1505 &hardlink_check_gid, 0,
1506 "Unprivileged processes cannot create hard links to files owned by other "
1507 "groups");
1508
1509 static int
1510 can_hardlink(struct vnode *vp, struct ucred *cred)
1511 {
1512 struct vattr va;
1513 int error;
1514
1515 if (!hardlink_check_uid && !hardlink_check_gid)
1516 return (0);
1517
1518 error = VOP_GETATTR(vp, &va, cred);
1519 if (error != 0)
1520 return (error);
1521
1522 if (hardlink_check_uid && cred->cr_uid != va.va_uid) {
1523 error = priv_check_cred(cred, PRIV_VFS_LINK, 0);
1524 if (error != 0)
1525 return (error);
1526 }
1527
1528 if (hardlink_check_gid && !groupmember(va.va_gid, cred)) {
1529 error = priv_check_cred(cred, PRIV_VFS_LINK, 0);
1530 if (error != 0)
1531 return (error);
1532 }
1533
1534 return (0);
1535 }
1536
1537 int
1538 kern_link(struct thread *td, char *path, char *link, enum uio_seg segflg)
1539 {
1540
1541 return (kern_linkat(td, AT_FDCWD, AT_FDCWD, path,link, segflg, FOLLOW));
1542 }
1543
1544 int
1545 kern_linkat(struct thread *td, int fd1, int fd2, char *path1, char *path2,
1546 enum uio_seg segflg, int follow)
1547 {
1548 struct vnode *vp;
1549 struct mount *mp;
1550 struct nameidata nd;
1551 cap_rights_t rights;
1552 int error;
1553
1554 again:
1555 bwillwrite();
1556 NDINIT_AT(&nd, LOOKUP, follow | AUDITVNODE1, segflg, path1, fd1, td);
1557
1558 if ((error = namei(&nd)) != 0)
1559 return (error);
1560 NDFREE(&nd, NDF_ONLY_PNBUF);
1561 vp = nd.ni_vp;
1562 if (vp->v_type == VDIR) {
1563 vrele(vp);
1564 return (EPERM); /* POSIX */
1565 }
1566 NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE2 |
1567 NOCACHE, segflg, path2, fd2, cap_rights_init(&rights, CAP_LINKAT),
1568 td);
1569 if ((error = namei(&nd)) == 0) {
1570 if (nd.ni_vp != NULL) {
1571 NDFREE(&nd, NDF_ONLY_PNBUF);
1572 if (nd.ni_dvp == nd.ni_vp)
1573 vrele(nd.ni_dvp);
1574 else
1575 vput(nd.ni_dvp);
1576 vrele(nd.ni_vp);
1577 vrele(vp);
1578 return (EEXIST);
1579 } else if (nd.ni_dvp->v_mount != vp->v_mount) {
1580 /*
1581 * Cross-device link. No need to recheck
1582 * vp->v_type, since it cannot change, except
1583 * to VBAD.
1584 */
1585 NDFREE(&nd, NDF_ONLY_PNBUF);
1586 vput(nd.ni_dvp);
1587 vrele(vp);
1588 return (EXDEV);
1589 } else if ((error = vn_lock(vp, LK_EXCLUSIVE)) == 0) {
1590 error = can_hardlink(vp, td->td_ucred);
1591 #ifdef MAC
1592 if (error == 0)
1593 error = mac_vnode_check_link(td->td_ucred,
1594 nd.ni_dvp, vp, &nd.ni_cnd);
1595 #endif
1596 if (error != 0) {
1597 vput(vp);
1598 vput(nd.ni_dvp);
1599 NDFREE(&nd, NDF_ONLY_PNBUF);
1600 return (error);
1601 }
1602 error = vn_start_write(vp, &mp, V_NOWAIT);
1603 if (error != 0) {
1604 vput(vp);
1605 vput(nd.ni_dvp);
1606 NDFREE(&nd, NDF_ONLY_PNBUF);
1607 error = vn_start_write(NULL, &mp,
1608 V_XSLEEP | PCATCH);
1609 if (error != 0)
1610 return (error);
1611 goto again;
1612 }
1613 error = VOP_LINK(nd.ni_dvp, vp, &nd.ni_cnd);
1614 VOP_UNLOCK(vp, 0);
1615 vput(nd.ni_dvp);
1616 vn_finished_write(mp);
1617 NDFREE(&nd, NDF_ONLY_PNBUF);
1618 } else {
1619 vput(nd.ni_dvp);
1620 NDFREE(&nd, NDF_ONLY_PNBUF);
1621 vrele(vp);
1622 goto again;
1623 }
1624 }
1625 vrele(vp);
1626 return (error);
1627 }
1628
1629 /*
1630 * Make a symbolic link.
1631 */
1632 #ifndef _SYS_SYSPROTO_H_
1633 struct symlink_args {
1634 char *path;
1635 char *link;
1636 };
1637 #endif
1638 int
1639 sys_symlink(td, uap)
1640 struct thread *td;
1641 register struct symlink_args /* {
1642 char *path;
1643 char *link;
1644 } */ *uap;
1645 {
1646
1647 return (kern_symlink(td, uap->path, uap->link, UIO_USERSPACE));
1648 }
1649
1650 #ifndef _SYS_SYSPROTO_H_
1651 struct symlinkat_args {
1652 char *path;
1653 int fd;
1654 char *path2;
1655 };
1656 #endif
1657 int
1658 sys_symlinkat(struct thread *td, struct symlinkat_args *uap)
1659 {
1660
1661 return (kern_symlinkat(td, uap->path1, uap->fd, uap->path2,
1662 UIO_USERSPACE));
1663 }
1664
1665 int
1666 kern_symlink(struct thread *td, char *path, char *link, enum uio_seg segflg)
1667 {
1668
1669 return (kern_symlinkat(td, path, AT_FDCWD, link, segflg));
1670 }
1671
1672 int
1673 kern_symlinkat(struct thread *td, char *path1, int fd, char *path2,
1674 enum uio_seg segflg)
1675 {
1676 struct mount *mp;
1677 struct vattr vattr;
1678 char *syspath;
1679 struct nameidata nd;
1680 int error;
1681 cap_rights_t rights;
1682
1683 if (segflg == UIO_SYSSPACE) {
1684 syspath = path1;
1685 } else {
1686 syspath = uma_zalloc(namei_zone, M_WAITOK);
1687 if ((error = copyinstr(path1, syspath, MAXPATHLEN, NULL)) != 0)
1688 goto out;
1689 }
1690 AUDIT_ARG_TEXT(syspath);
1691 restart:
1692 bwillwrite();
1693 NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 |
1694 NOCACHE, segflg, path2, fd, cap_rights_init(&rights, CAP_SYMLINKAT),
1695 td);
1696 if ((error = namei(&nd)) != 0)
1697 goto out;
1698 if (nd.ni_vp) {
1699 NDFREE(&nd, NDF_ONLY_PNBUF);
1700 if (nd.ni_vp == nd.ni_dvp)
1701 vrele(nd.ni_dvp);
1702 else
1703 vput(nd.ni_dvp);
1704 vrele(nd.ni_vp);
1705 error = EEXIST;
1706 goto out;
1707 }
1708 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
1709 NDFREE(&nd, NDF_ONLY_PNBUF);
1710 vput(nd.ni_dvp);
1711 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
1712 goto out;
1713 goto restart;
1714 }
1715 VATTR_NULL(&vattr);
1716 vattr.va_mode = ACCESSPERMS &~ td->td_proc->p_fd->fd_cmask;
1717 #ifdef MAC
1718 vattr.va_type = VLNK;
1719 error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
1720 &vattr);
1721 if (error != 0)
1722 goto out2;
1723 #endif
1724 error = VOP_SYMLINK(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr, syspath);
1725 if (error == 0)
1726 vput(nd.ni_vp);
1727 #ifdef MAC
1728 out2:
1729 #endif
1730 NDFREE(&nd, NDF_ONLY_PNBUF);
1731 vput(nd.ni_dvp);
1732 vn_finished_write(mp);
1733 out:
1734 if (segflg != UIO_SYSSPACE)
1735 uma_zfree(namei_zone, syspath);
1736 return (error);
1737 }
1738
1739 /*
1740 * Delete a whiteout from the filesystem.
1741 */
1742 int
1743 sys_undelete(td, uap)
1744 struct thread *td;
1745 register struct undelete_args /* {
1746 char *path;
1747 } */ *uap;
1748 {
1749 struct mount *mp;
1750 struct nameidata nd;
1751 int error;
1752
1753 restart:
1754 bwillwrite();
1755 NDINIT(&nd, DELETE, LOCKPARENT | DOWHITEOUT | AUDITVNODE1,
1756 UIO_USERSPACE, uap->path, td);
1757 error = namei(&nd);
1758 if (error != 0)
1759 return (error);
1760
1761 if (nd.ni_vp != NULLVP || !(nd.ni_cnd.cn_flags & ISWHITEOUT)) {
1762 NDFREE(&nd, NDF_ONLY_PNBUF);
1763 if (nd.ni_vp == nd.ni_dvp)
1764 vrele(nd.ni_dvp);
1765 else
1766 vput(nd.ni_dvp);
1767 if (nd.ni_vp)
1768 vrele(nd.ni_vp);
1769 return (EEXIST);
1770 }
1771 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
1772 NDFREE(&nd, NDF_ONLY_PNBUF);
1773 vput(nd.ni_dvp);
1774 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
1775 return (error);
1776 goto restart;
1777 }
1778 error = VOP_WHITEOUT(nd.ni_dvp, &nd.ni_cnd, DELETE);
1779 NDFREE(&nd, NDF_ONLY_PNBUF);
1780 vput(nd.ni_dvp);
1781 vn_finished_write(mp);
1782 return (error);
1783 }
1784
1785 /*
1786 * Delete a name from the filesystem.
1787 */
1788 #ifndef _SYS_SYSPROTO_H_
1789 struct unlink_args {
1790 char *path;
1791 };
1792 #endif
1793 int
1794 sys_unlink(td, uap)
1795 struct thread *td;
1796 struct unlink_args /* {
1797 char *path;
1798 } */ *uap;
1799 {
1800
1801 return (kern_unlink(td, uap->path, UIO_USERSPACE));
1802 }
1803
1804 #ifndef _SYS_SYSPROTO_H_
1805 struct unlinkat_args {
1806 int fd;
1807 char *path;
1808 int flag;
1809 };
1810 #endif
1811 int
1812 sys_unlinkat(struct thread *td, struct unlinkat_args *uap)
1813 {
1814 int flag = uap->flag;
1815 int fd = uap->fd;
1816 char *path = uap->path;
1817
1818 if (flag & ~AT_REMOVEDIR)
1819 return (EINVAL);
1820
1821 if (flag & AT_REMOVEDIR)
1822 return (kern_rmdirat(td, fd, path, UIO_USERSPACE));
1823 else
1824 return (kern_unlinkat(td, fd, path, UIO_USERSPACE, 0));
1825 }
1826
1827 int
1828 kern_unlink(struct thread *td, char *path, enum uio_seg pathseg)
1829 {
1830
1831 return (kern_unlinkat(td, AT_FDCWD, path, pathseg, 0));
1832 }
1833
1834 int
1835 kern_unlinkat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
1836 ino_t oldinum)
1837 {
1838 struct mount *mp;
1839 struct vnode *vp;
1840 struct nameidata nd;
1841 struct stat sb;
1842 cap_rights_t rights;
1843 int error;
1844
1845 restart:
1846 bwillwrite();
1847 NDINIT_ATRIGHTS(&nd, DELETE, LOCKPARENT | LOCKLEAF | AUDITVNODE1,
1848 pathseg, path, fd, cap_rights_init(&rights, CAP_UNLINKAT), td);
1849 if ((error = namei(&nd)) != 0)
1850 return (error == EINVAL ? EPERM : error);
1851 vp = nd.ni_vp;
1852 if (vp->v_type == VDIR && oldinum == 0) {
1853 error = EPERM; /* POSIX */
1854 } else if (oldinum != 0 &&
1855 ((error = vn_stat(vp, &sb, td->td_ucred, NOCRED, td)) == 0) &&
1856 sb.st_ino != oldinum) {
1857 error = EIDRM; /* Identifier removed */
1858 } else {
1859 /*
1860 * The root of a mounted filesystem cannot be deleted.
1861 *
1862 * XXX: can this only be a VDIR case?
1863 */
1864 if (vp->v_vflag & VV_ROOT)
1865 error = EBUSY;
1866 }
1867 if (error == 0) {
1868 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
1869 NDFREE(&nd, NDF_ONLY_PNBUF);
1870 vput(nd.ni_dvp);
1871 if (vp == nd.ni_dvp)
1872 vrele(vp);
1873 else
1874 vput(vp);
1875 if ((error = vn_start_write(NULL, &mp,
1876 V_XSLEEP | PCATCH)) != 0)
1877 return (error);
1878 goto restart;
1879 }
1880 #ifdef MAC
1881 error = mac_vnode_check_unlink(td->td_ucred, nd.ni_dvp, vp,
1882 &nd.ni_cnd);
1883 if (error != 0)
1884 goto out;
1885 #endif
1886 vfs_notify_upper(vp, VFS_NOTIFY_UPPER_UNLINK);
1887 error = VOP_REMOVE(nd.ni_dvp, vp, &nd.ni_cnd);
1888 #ifdef MAC
1889 out:
1890 #endif
1891 vn_finished_write(mp);
1892 }
1893 NDFREE(&nd, NDF_ONLY_PNBUF);
1894 vput(nd.ni_dvp);
1895 if (vp == nd.ni_dvp)
1896 vrele(vp);
1897 else
1898 vput(vp);
1899 return (error);
1900 }
1901
1902 /*
1903 * Reposition read/write file offset.
1904 */
1905 #ifndef _SYS_SYSPROTO_H_
1906 struct lseek_args {
1907 int fd;
1908 int pad;
1909 off_t offset;
1910 int whence;
1911 };
1912 #endif
1913 int
1914 sys_lseek(td, uap)
1915 struct thread *td;
1916 register struct lseek_args /* {
1917 int fd;
1918 int pad;
1919 off_t offset;
1920 int whence;
1921 } */ *uap;
1922 {
1923 struct file *fp;
1924 cap_rights_t rights;
1925 int error;
1926
1927 AUDIT_ARG_FD(uap->fd);
1928 error = fget(td, uap->fd, cap_rights_init(&rights, CAP_SEEK), &fp);
1929 if (error != 0)
1930 return (error);
1931 error = (fp->f_ops->fo_flags & DFLAG_SEEKABLE) != 0 ?
1932 fo_seek(fp, uap->offset, uap->whence, td) : ESPIPE;
1933 fdrop(fp, td);
1934 return (error);
1935 }
1936
1937 #if defined(COMPAT_43)
1938 /*
1939 * Reposition read/write file offset.
1940 */
1941 #ifndef _SYS_SYSPROTO_H_
1942 struct olseek_args {
1943 int fd;
1944 long offset;
1945 int whence;
1946 };
1947 #endif
1948 int
1949 olseek(td, uap)
1950 struct thread *td;
1951 register struct olseek_args /* {
1952 int fd;
1953 long offset;
1954 int whence;
1955 } */ *uap;
1956 {
1957 struct lseek_args /* {
1958 int fd;
1959 int pad;
1960 off_t offset;
1961 int whence;
1962 } */ nuap;
1963
1964 nuap.fd = uap->fd;
1965 nuap.offset = uap->offset;
1966 nuap.whence = uap->whence;
1967 return (sys_lseek(td, &nuap));
1968 }
1969 #endif /* COMPAT_43 */
1970
1971 /* Version with the 'pad' argument */
1972 int
1973 freebsd6_lseek(td, uap)
1974 struct thread *td;
1975 register struct freebsd6_lseek_args *uap;
1976 {
1977 struct lseek_args ouap;
1978
1979 ouap.fd = uap->fd;
1980 ouap.offset = uap->offset;
1981 ouap.whence = uap->whence;
1982 return (sys_lseek(td, &ouap));
1983 }
1984
1985 /*
1986 * Check access permissions using passed credentials.
1987 */
1988 static int
1989 vn_access(vp, user_flags, cred, td)
1990 struct vnode *vp;
1991 int user_flags;
1992 struct ucred *cred;
1993 struct thread *td;
1994 {
1995 accmode_t accmode;
1996 int error;
1997
1998 /* Flags == 0 means only check for existence. */
1999 error = 0;
2000 if (user_flags) {
2001 accmode = 0;
2002 if (user_flags & R_OK)
2003 accmode |= VREAD;
2004 if (user_flags & W_OK)
2005 accmode |= VWRITE;
2006 if (user_flags & X_OK)
2007 accmode |= VEXEC;
2008 #ifdef MAC
2009 error = mac_vnode_check_access(cred, vp, accmode);
2010 if (error != 0)
2011 return (error);
2012 #endif
2013 if ((accmode & VWRITE) == 0 || (error = vn_writechk(vp)) == 0)
2014 error = VOP_ACCESS(vp, accmode, cred, td);
2015 }
2016 return (error);
2017 }
2018
2019 /*
2020 * Check access permissions using "real" credentials.
2021 */
2022 #ifndef _SYS_SYSPROTO_H_
2023 struct access_args {
2024 char *path;
2025 int amode;
2026 };
2027 #endif
2028 int
2029 sys_access(td, uap)
2030 struct thread *td;
2031 register struct access_args /* {
2032 char *path;
2033 int amode;
2034 } */ *uap;
2035 {
2036
2037 return (kern_access(td, uap->path, UIO_USERSPACE, uap->amode));
2038 }
2039
2040 #ifndef _SYS_SYSPROTO_H_
2041 struct faccessat_args {
2042 int dirfd;
2043 char *path;
2044 int amode;
2045 int flag;
2046 }
2047 #endif
2048 int
2049 sys_faccessat(struct thread *td, struct faccessat_args *uap)
2050 {
2051
2052 if (uap->flag & ~AT_EACCESS)
2053 return (EINVAL);
2054 return (kern_accessat(td, uap->fd, uap->path, UIO_USERSPACE, uap->flag,
2055 uap->amode));
2056 }
2057
2058 int
2059 kern_access(struct thread *td, char *path, enum uio_seg pathseg, int amode)
2060 {
2061
2062 return (kern_accessat(td, AT_FDCWD, path, pathseg, 0, amode));
2063 }
2064
2065 int
2066 kern_accessat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
2067 int flag, int amode)
2068 {
2069 struct ucred *cred, *tmpcred;
2070 struct vnode *vp;
2071 struct nameidata nd;
2072 cap_rights_t rights;
2073 int error;
2074
2075 /*
2076 * Create and modify a temporary credential instead of one that
2077 * is potentially shared.
2078 */
2079 if (!(flag & AT_EACCESS)) {
2080 cred = td->td_ucred;
2081 tmpcred = crdup(cred);
2082 tmpcred->cr_uid = cred->cr_ruid;
2083 tmpcred->cr_groups[0] = cred->cr_rgid;
2084 td->td_ucred = tmpcred;
2085 } else
2086 cred = tmpcred = td->td_ucred;
2087 AUDIT_ARG_VALUE(amode);
2088 NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF |
2089 AUDITVNODE1, pathseg, path, fd, cap_rights_init(&rights, CAP_FSTAT),
2090 td);
2091 if ((error = namei(&nd)) != 0)
2092 goto out1;
2093 vp = nd.ni_vp;
2094
2095 error = vn_access(vp, amode, tmpcred, td);
2096 NDFREE(&nd, NDF_ONLY_PNBUF);
2097 vput(vp);
2098 out1:
2099 if (!(flag & AT_EACCESS)) {
2100 td->td_ucred = cred;
2101 crfree(tmpcred);
2102 }
2103 return (error);
2104 }
2105
2106 /*
2107 * Check access permissions using "effective" credentials.
2108 */
2109 #ifndef _SYS_SYSPROTO_H_
2110 struct eaccess_args {
2111 char *path;
2112 int amode;
2113 };
2114 #endif
2115 int
2116 sys_eaccess(td, uap)
2117 struct thread *td;
2118 register struct eaccess_args /* {
2119 char *path;
2120 int amode;
2121 } */ *uap;
2122 {
2123
2124 return (kern_eaccess(td, uap->path, UIO_USERSPACE, uap->amode));
2125 }
2126
2127 int
2128 kern_eaccess(struct thread *td, char *path, enum uio_seg pathseg, int amode)
2129 {
2130
2131 return (kern_accessat(td, AT_FDCWD, path, pathseg, AT_EACCESS, amode));
2132 }
2133
2134 #if defined(COMPAT_43)
2135 /*
2136 * Get file status; this version follows links.
2137 */
2138 #ifndef _SYS_SYSPROTO_H_
2139 struct ostat_args {
2140 char *path;
2141 struct ostat *ub;
2142 };
2143 #endif
2144 int
2145 ostat(td, uap)
2146 struct thread *td;
2147 register struct ostat_args /* {
2148 char *path;
2149 struct ostat *ub;
2150 } */ *uap;
2151 {
2152 struct stat sb;
2153 struct ostat osb;
2154 int error;
2155
2156 error = kern_stat(td, uap->path, UIO_USERSPACE, &sb);
2157 if (error != 0)
2158 return (error);
2159 cvtstat(&sb, &osb);
2160 return (copyout(&osb, uap->ub, sizeof (osb)));
2161 }
2162
2163 /*
2164 * Get file status; this version does not follow links.
2165 */
2166 #ifndef _SYS_SYSPROTO_H_
2167 struct olstat_args {
2168 char *path;
2169 struct ostat *ub;
2170 };
2171 #endif
2172 int
2173 olstat(td, uap)
2174 struct thread *td;
2175 register struct olstat_args /* {
2176 char *path;
2177 struct ostat *ub;
2178 } */ *uap;
2179 {
2180 struct stat sb;
2181 struct ostat osb;
2182 int error;
2183
2184 error = kern_lstat(td, uap->path, UIO_USERSPACE, &sb);
2185 if (error != 0)
2186 return (error);
2187 cvtstat(&sb, &osb);
2188 return (copyout(&osb, uap->ub, sizeof (osb)));
2189 }
2190
2191 /*
2192 * Convert from an old to a new stat structure.
2193 */
2194 void
2195 cvtstat(st, ost)
2196 struct stat *st;
2197 struct ostat *ost;
2198 {
2199
2200 bzero(ost, sizeof(*ost));
2201 ost->st_dev = st->st_dev;
2202 ost->st_ino = st->st_ino;
2203 ost->st_mode = st->st_mode;
2204 ost->st_nlink = st->st_nlink;
2205 ost->st_uid = st->st_uid;
2206 ost->st_gid = st->st_gid;
2207 ost->st_rdev = st->st_rdev;
2208 if (st->st_size < (quad_t)1 << 32)
2209 ost->st_size = st->st_size;
2210 else
2211 ost->st_size = -2;
2212 ost->st_atim = st->st_atim;
2213 ost->st_mtim = st->st_mtim;
2214 ost->st_ctim = st->st_ctim;
2215 ost->st_blksize = st->st_blksize;
2216 ost->st_blocks = st->st_blocks;
2217 ost->st_flags = st->st_flags;
2218 ost->st_gen = st->st_gen;
2219 }
2220 #endif /* COMPAT_43 */
2221
2222 /*
2223 * Get file status; this version follows links.
2224 */
2225 #ifndef _SYS_SYSPROTO_H_
2226 struct stat_args {
2227 char *path;
2228 struct stat *ub;
2229 };
2230 #endif
2231 int
2232 sys_stat(td, uap)
2233 struct thread *td;
2234 register struct stat_args /* {
2235 char *path;
2236 struct stat *ub;
2237 } */ *uap;
2238 {
2239 struct stat sb;
2240 int error;
2241
2242 error = kern_stat(td, uap->path, UIO_USERSPACE, &sb);
2243 if (error == 0)
2244 error = copyout(&sb, uap->ub, sizeof (sb));
2245 return (error);
2246 }
2247
2248 #ifndef _SYS_SYSPROTO_H_
2249 struct fstatat_args {
2250 int fd;
2251 char *path;
2252 struct stat *buf;
2253 int flag;
2254 }
2255 #endif
2256 int
2257 sys_fstatat(struct thread *td, struct fstatat_args *uap)
2258 {
2259 struct stat sb;
2260 int error;
2261
2262 error = kern_statat(td, uap->flag, uap->fd, uap->path,
2263 UIO_USERSPACE, &sb);
2264 if (error == 0)
2265 error = copyout(&sb, uap->buf, sizeof (sb));
2266 return (error);
2267 }
2268
2269 int
2270 kern_stat(struct thread *td, char *path, enum uio_seg pathseg, struct stat *sbp)
2271 {
2272
2273 return (kern_statat(td, 0, AT_FDCWD, path, pathseg, sbp));
2274 }
2275
2276 int
2277 kern_statat(struct thread *td, int flag, int fd, char *path,
2278 enum uio_seg pathseg, struct stat *sbp)
2279 {
2280
2281 return (kern_statat_vnhook(td, flag, fd, path, pathseg, sbp, NULL));
2282 }
2283
2284 int
2285 kern_statat_vnhook(struct thread *td, int flag, int fd, char *path,
2286 enum uio_seg pathseg, struct stat *sbp,
2287 void (*hook)(struct vnode *vp, struct stat *sbp))
2288 {
2289 struct nameidata nd;
2290 struct stat sb;
2291 cap_rights_t rights;
2292 int error;
2293
2294 if (flag & ~AT_SYMLINK_NOFOLLOW)
2295 return (EINVAL);
2296
2297 NDINIT_ATRIGHTS(&nd, LOOKUP, ((flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW :
2298 FOLLOW) | LOCKSHARED | LOCKLEAF | AUDITVNODE1, pathseg, path, fd,
2299 cap_rights_init(&rights, CAP_FSTAT), td);
2300
2301 if ((error = namei(&nd)) != 0)
2302 return (error);
2303 error = vn_stat(nd.ni_vp, &sb, td->td_ucred, NOCRED, td);
2304 if (error == 0) {
2305 SDT_PROBE2(vfs, , stat, mode, path, sb.st_mode);
2306 if (S_ISREG(sb.st_mode))
2307 SDT_PROBE2(vfs, , stat, reg, path, pathseg);
2308 if (__predict_false(hook != NULL))
2309 hook(nd.ni_vp, &sb);
2310 }
2311 NDFREE(&nd, NDF_ONLY_PNBUF);
2312 vput(nd.ni_vp);
2313 if (error != 0)
2314 return (error);
2315 *sbp = sb;
2316 #ifdef KTRACE
2317 if (KTRPOINT(td, KTR_STRUCT))
2318 ktrstat(&sb);
2319 #endif
2320 return (0);
2321 }
2322
2323 /*
2324 * Get file status; this version does not follow links.
2325 */
2326 #ifndef _SYS_SYSPROTO_H_
2327 struct lstat_args {
2328 char *path;
2329 struct stat *ub;
2330 };
2331 #endif
2332 int
2333 sys_lstat(td, uap)
2334 struct thread *td;
2335 register struct lstat_args /* {
2336 char *path;
2337 struct stat *ub;
2338 } */ *uap;
2339 {
2340 struct stat sb;
2341 int error;
2342
2343 error = kern_lstat(td, uap->path, UIO_USERSPACE, &sb);
2344 if (error == 0)
2345 error = copyout(&sb, uap->ub, sizeof (sb));
2346 return (error);
2347 }
2348
2349 int
2350 kern_lstat(struct thread *td, char *path, enum uio_seg pathseg, struct stat *sbp)
2351 {
2352
2353 return (kern_statat(td, AT_SYMLINK_NOFOLLOW, AT_FDCWD, path, pathseg,
2354 sbp));
2355 }
2356
2357 /*
2358 * Implementation of the NetBSD [l]stat() functions.
2359 */
2360 void
2361 cvtnstat(sb, nsb)
2362 struct stat *sb;
2363 struct nstat *nsb;
2364 {
2365
2366 bzero(nsb, sizeof *nsb);
2367 nsb->st_dev = sb->st_dev;
2368 nsb->st_ino = sb->st_ino;
2369 nsb->st_mode = sb->st_mode;
2370 nsb->st_nlink = sb->st_nlink;
2371 nsb->st_uid = sb->st_uid;
2372 nsb->st_gid = sb->st_gid;
2373 nsb->st_rdev = sb->st_rdev;
2374 nsb->st_atim = sb->st_atim;
2375 nsb->st_mtim = sb->st_mtim;
2376 nsb->st_ctim = sb->st_ctim;
2377 nsb->st_size = sb->st_size;
2378 nsb->st_blocks = sb->st_blocks;
2379 nsb->st_blksize = sb->st_blksize;
2380 nsb->st_flags = sb->st_flags;
2381 nsb->st_gen = sb->st_gen;
2382 nsb->st_birthtim = sb->st_birthtim;
2383 }
2384
2385 #ifndef _SYS_SYSPROTO_H_
2386 struct nstat_args {
2387 char *path;
2388 struct nstat *ub;
2389 };
2390 #endif
2391 int
2392 sys_nstat(td, uap)
2393 struct thread *td;
2394 register struct nstat_args /* {
2395 char *path;
2396 struct nstat *ub;
2397 } */ *uap;
2398 {
2399 struct stat sb;
2400 struct nstat nsb;
2401 int error;
2402
2403 error = kern_stat(td, uap->path, UIO_USERSPACE, &sb);
2404 if (error != 0)
2405 return (error);
2406 cvtnstat(&sb, &nsb);
2407 return (copyout(&nsb, uap->ub, sizeof (nsb)));
2408 }
2409
2410 /*
2411 * NetBSD lstat. Get file status; this version does not follow links.
2412 */
2413 #ifndef _SYS_SYSPROTO_H_
2414 struct lstat_args {
2415 char *path;
2416 struct stat *ub;
2417 };
2418 #endif
2419 int
2420 sys_nlstat(td, uap)
2421 struct thread *td;
2422 register struct nlstat_args /* {
2423 char *path;
2424 struct nstat *ub;
2425 } */ *uap;
2426 {
2427 struct stat sb;
2428 struct nstat nsb;
2429 int error;
2430
2431 error = kern_lstat(td, uap->path, UIO_USERSPACE, &sb);
2432 if (error != 0)
2433 return (error);
2434 cvtnstat(&sb, &nsb);
2435 return (copyout(&nsb, uap->ub, sizeof (nsb)));
2436 }
2437
2438 /*
2439 * Get configurable pathname variables.
2440 */
2441 #ifndef _SYS_SYSPROTO_H_
2442 struct pathconf_args {
2443 char *path;
2444 int name;
2445 };
2446 #endif
2447 int
2448 sys_pathconf(td, uap)
2449 struct thread *td;
2450 register struct pathconf_args /* {
2451 char *path;
2452 int name;
2453 } */ *uap;
2454 {
2455
2456 return (kern_pathconf(td, uap->path, UIO_USERSPACE, uap->name, FOLLOW));
2457 }
2458
2459 #ifndef _SYS_SYSPROTO_H_
2460 struct lpathconf_args {
2461 char *path;
2462 int name;
2463 };
2464 #endif
2465 int
2466 sys_lpathconf(td, uap)
2467 struct thread *td;
2468 register struct lpathconf_args /* {
2469 char *path;
2470 int name;
2471 } */ *uap;
2472 {
2473
2474 return (kern_pathconf(td, uap->path, UIO_USERSPACE, uap->name,
2475 NOFOLLOW));
2476 }
2477
2478 int
2479 kern_pathconf(struct thread *td, char *path, enum uio_seg pathseg, int name,
2480 u_long flags)
2481 {
2482 struct nameidata nd;
2483 int error;
2484
2485 NDINIT(&nd, LOOKUP, LOCKSHARED | LOCKLEAF | AUDITVNODE1 | flags,
2486 pathseg, path, td);
2487 if ((error = namei(&nd)) != 0)
2488 return (error);
2489 NDFREE(&nd, NDF_ONLY_PNBUF);
2490
2491 /* If asynchronous I/O is available, it works for all files. */
2492 if (name == _PC_ASYNC_IO)
2493 td->td_retval[0] = async_io_version;
2494 else
2495 error = VOP_PATHCONF(nd.ni_vp, name, td->td_retval);
2496 vput(nd.ni_vp);
2497 return (error);
2498 }
2499
2500 /*
2501 * Return target name of a symbolic link.
2502 */
2503 #ifndef _SYS_SYSPROTO_H_
2504 struct readlink_args {
2505 char *path;
2506 char *buf;
2507 size_t count;
2508 };
2509 #endif
2510 int
2511 sys_readlink(td, uap)
2512 struct thread *td;
2513 register struct readlink_args /* {
2514 char *path;
2515 char *buf;
2516 size_t count;
2517 } */ *uap;
2518 {
2519
2520 return (kern_readlink(td, uap->path, UIO_USERSPACE, uap->buf,
2521 UIO_USERSPACE, uap->count));
2522 }
2523 #ifndef _SYS_SYSPROTO_H_
2524 struct readlinkat_args {
2525 int fd;
2526 char *path;
2527 char *buf;
2528 size_t bufsize;
2529 };
2530 #endif
2531 int
2532 sys_readlinkat(struct thread *td, struct readlinkat_args *uap)
2533 {
2534
2535 return (kern_readlinkat(td, uap->fd, uap->path, UIO_USERSPACE,
2536 uap->buf, UIO_USERSPACE, uap->bufsize));
2537 }
2538
2539 int
2540 kern_readlink(struct thread *td, char *path, enum uio_seg pathseg, char *buf,
2541 enum uio_seg bufseg, size_t count)
2542 {
2543
2544 return (kern_readlinkat(td, AT_FDCWD, path, pathseg, buf, bufseg,
2545 count));
2546 }
2547
2548 int
2549 kern_readlinkat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
2550 char *buf, enum uio_seg bufseg, size_t count)
2551 {
2552 struct vnode *vp;
2553 struct iovec aiov;
2554 struct uio auio;
2555 struct nameidata nd;
2556 int error;
2557
2558 if (count > IOSIZE_MAX)
2559 return (EINVAL);
2560
2561 NDINIT_AT(&nd, LOOKUP, NOFOLLOW | LOCKSHARED | LOCKLEAF | AUDITVNODE1,
2562 pathseg, path, fd, td);
2563
2564 if ((error = namei(&nd)) != 0)
2565 return (error);
2566 NDFREE(&nd, NDF_ONLY_PNBUF);
2567 vp = nd.ni_vp;
2568 #ifdef MAC
2569 error = mac_vnode_check_readlink(td->td_ucred, vp);
2570 if (error != 0) {
2571 vput(vp);
2572 return (error);
2573 }
2574 #endif
2575 if (vp->v_type != VLNK)
2576 error = EINVAL;
2577 else {
2578 aiov.iov_base = buf;
2579 aiov.iov_len = count;
2580 auio.uio_iov = &aiov;
2581 auio.uio_iovcnt = 1;
2582 auio.uio_offset = 0;
2583 auio.uio_rw = UIO_READ;
2584 auio.uio_segflg = bufseg;
2585 auio.uio_td = td;
2586 auio.uio_resid = count;
2587 error = VOP_READLINK(vp, &auio, td->td_ucred);
2588 td->td_retval[0] = count - auio.uio_resid;
2589 }
2590 vput(vp);
2591 return (error);
2592 }
2593
2594 /*
2595 * Common implementation code for chflags() and fchflags().
2596 */
2597 static int
2598 setfflags(td, vp, flags)
2599 struct thread *td;
2600 struct vnode *vp;
2601 u_long flags;
2602 {
2603 struct mount *mp;
2604 struct vattr vattr;
2605 int error;
2606
2607 /* We can't support the value matching VNOVAL. */
2608 if (flags == VNOVAL)
2609 return (EOPNOTSUPP);
2610
2611 /*
2612 * Prevent non-root users from setting flags on devices. When
2613 * a device is reused, users can retain ownership of the device
2614 * if they are allowed to set flags and programs assume that
2615 * chown can't fail when done as root.
2616 */
2617 if (vp->v_type == VCHR || vp->v_type == VBLK) {
2618 error = priv_check(td, PRIV_VFS_CHFLAGS_DEV);
2619 if (error != 0)
2620 return (error);
2621 }
2622
2623 if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
2624 return (error);
2625 VATTR_NULL(&vattr);
2626 vattr.va_flags = flags;
2627 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
2628 #ifdef MAC
2629 error = mac_vnode_check_setflags(td->td_ucred, vp, vattr.va_flags);
2630 if (error == 0)
2631 #endif
2632 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
2633 VOP_UNLOCK(vp, 0);
2634 vn_finished_write(mp);
2635 return (error);
2636 }
2637
2638 /*
2639 * Change flags of a file given a path name.
2640 */
2641 #ifndef _SYS_SYSPROTO_H_
2642 struct chflags_args {
2643 const char *path;
2644 u_long flags;
2645 };
2646 #endif
2647 int
2648 sys_chflags(td, uap)
2649 struct thread *td;
2650 register struct chflags_args /* {
2651 const char *path;
2652 u_long flags;
2653 } */ *uap;
2654 {
2655
2656 return (kern_chflags(td, uap->path, UIO_USERSPACE, uap->flags));
2657 }
2658
2659 #ifndef _SYS_SYSPROTO_H_
2660 struct chflagsat_args {
2661 int fd;
2662 const char *path;
2663 u_long flags;
2664 int atflag;
2665 }
2666 #endif
2667 int
2668 sys_chflagsat(struct thread *td, struct chflagsat_args *uap)
2669 {
2670 int fd = uap->fd;
2671 const char *path = uap->path;
2672 u_long flags = uap->flags;
2673 int atflag = uap->atflag;
2674
2675 if (atflag & ~AT_SYMLINK_NOFOLLOW)
2676 return (EINVAL);
2677
2678 return (kern_chflagsat(td, fd, path, UIO_USERSPACE, flags, atflag));
2679 }
2680
2681 static int
2682 kern_chflags(struct thread *td, const char *path, enum uio_seg pathseg,
2683 u_long flags)
2684 {
2685
2686 return (kern_chflagsat(td, AT_FDCWD, path, pathseg, flags, 0));
2687 }
2688
2689 /*
2690 * Same as chflags() but doesn't follow symlinks.
2691 */
2692 int
2693 sys_lchflags(td, uap)
2694 struct thread *td;
2695 register struct lchflags_args /* {
2696 const char *path;
2697 u_long flags;
2698 } */ *uap;
2699 {
2700
2701 return (kern_chflagsat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2702 uap->flags, AT_SYMLINK_NOFOLLOW));
2703 }
2704
2705 static int
2706 kern_chflagsat(struct thread *td, int fd, const char *path,
2707 enum uio_seg pathseg, u_long flags, int atflag)
2708 {
2709 struct nameidata nd;
2710 cap_rights_t rights;
2711 int error, follow;
2712
2713 AUDIT_ARG_FFLAGS(flags);
2714 follow = (atflag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : FOLLOW;
2715 NDINIT_ATRIGHTS(&nd, LOOKUP, follow | AUDITVNODE1, pathseg, path, fd,
2716 cap_rights_init(&rights, CAP_FCHFLAGS), td);
2717 if ((error = namei(&nd)) != 0)
2718 return (error);
2719 NDFREE(&nd, NDF_ONLY_PNBUF);
2720 error = setfflags(td, nd.ni_vp, flags);
2721 vrele(nd.ni_vp);
2722 return (error);
2723 }
2724
2725 /*
2726 * Change flags of a file given a file descriptor.
2727 */
2728 #ifndef _SYS_SYSPROTO_H_
2729 struct fchflags_args {
2730 int fd;
2731 u_long flags;
2732 };
2733 #endif
2734 int
2735 sys_fchflags(td, uap)
2736 struct thread *td;
2737 register struct fchflags_args /* {
2738 int fd;
2739 u_long flags;
2740 } */ *uap;
2741 {
2742 struct file *fp;
2743 cap_rights_t rights;
2744 int error;
2745
2746 AUDIT_ARG_FD(uap->fd);
2747 AUDIT_ARG_FFLAGS(uap->flags);
2748 error = getvnode(td->td_proc->p_fd, uap->fd,
2749 cap_rights_init(&rights, CAP_FCHFLAGS), &fp);
2750 if (error != 0)
2751 return (error);
2752 #ifdef AUDIT
2753 vn_lock(fp->f_vnode, LK_SHARED | LK_RETRY);
2754 AUDIT_ARG_VNODE1(fp->f_vnode);
2755 VOP_UNLOCK(fp->f_vnode, 0);
2756 #endif
2757 error = setfflags(td, fp->f_vnode, uap->flags);
2758 fdrop(fp, td);
2759 return (error);
2760 }
2761
2762 /*
2763 * Common implementation code for chmod(), lchmod() and fchmod().
2764 */
2765 int
2766 setfmode(td, cred, vp, mode)
2767 struct thread *td;
2768 struct ucred *cred;
2769 struct vnode *vp;
2770 int mode;
2771 {
2772 struct mount *mp;
2773 struct vattr vattr;
2774 int error;
2775
2776 if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
2777 return (error);
2778 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
2779 VATTR_NULL(&vattr);
2780 vattr.va_mode = mode & ALLPERMS;
2781 #ifdef MAC
2782 error = mac_vnode_check_setmode(cred, vp, vattr.va_mode);
2783 if (error == 0)
2784 #endif
2785 error = VOP_SETATTR(vp, &vattr, cred);
2786 VOP_UNLOCK(vp, 0);
2787 vn_finished_write(mp);
2788 return (error);
2789 }
2790
2791 /*
2792 * Change mode of a file given path name.
2793 */
2794 #ifndef _SYS_SYSPROTO_H_
2795 struct chmod_args {
2796 char *path;
2797 int mode;
2798 };
2799 #endif
2800 int
2801 sys_chmod(td, uap)
2802 struct thread *td;
2803 register struct chmod_args /* {
2804 char *path;
2805 int mode;
2806 } */ *uap;
2807 {
2808
2809 return (kern_chmod(td, uap->path, UIO_USERSPACE, uap->mode));
2810 }
2811
2812 #ifndef _SYS_SYSPROTO_H_
2813 struct fchmodat_args {
2814 int dirfd;
2815 char *path;
2816 mode_t mode;
2817 int flag;
2818 }
2819 #endif
2820 int
2821 sys_fchmodat(struct thread *td, struct fchmodat_args *uap)
2822 {
2823 int flag = uap->flag;
2824 int fd = uap->fd;
2825 char *path = uap->path;
2826 mode_t mode = uap->mode;
2827
2828 if (flag & ~AT_SYMLINK_NOFOLLOW)
2829 return (EINVAL);
2830
2831 return (kern_fchmodat(td, fd, path, UIO_USERSPACE, mode, flag));
2832 }
2833
2834 int
2835 kern_chmod(struct thread *td, char *path, enum uio_seg pathseg, int mode)
2836 {
2837
2838 return (kern_fchmodat(td, AT_FDCWD, path, pathseg, mode, 0));
2839 }
2840
2841 /*
2842 * Change mode of a file given path name (don't follow links.)
2843 */
2844 #ifndef _SYS_SYSPROTO_H_
2845 struct lchmod_args {
2846 char *path;
2847 int mode;
2848 };
2849 #endif
2850 int
2851 sys_lchmod(td, uap)
2852 struct thread *td;
2853 register struct lchmod_args /* {
2854 char *path;
2855 int mode;
2856 } */ *uap;
2857 {
2858
2859 return (kern_fchmodat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2860 uap->mode, AT_SYMLINK_NOFOLLOW));
2861 }
2862
2863 int
2864 kern_fchmodat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
2865 mode_t mode, int flag)
2866 {
2867 struct nameidata nd;
2868 cap_rights_t rights;
2869 int error, follow;
2870
2871 AUDIT_ARG_MODE(mode);
2872 follow = (flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : FOLLOW;
2873 NDINIT_ATRIGHTS(&nd, LOOKUP, follow | AUDITVNODE1, pathseg, path, fd,
2874 cap_rights_init(&rights, CAP_FCHMOD), td);
2875 if ((error = namei(&nd)) != 0)
2876 return (error);
2877 NDFREE(&nd, NDF_ONLY_PNBUF);
2878 error = setfmode(td, td->td_ucred, nd.ni_vp, mode);
2879 vrele(nd.ni_vp);
2880 return (error);
2881 }
2882
2883 /*
2884 * Change mode of a file given a file descriptor.
2885 */
2886 #ifndef _SYS_SYSPROTO_H_
2887 struct fchmod_args {
2888 int fd;
2889 int mode;
2890 };
2891 #endif
2892 int
2893 sys_fchmod(struct thread *td, struct fchmod_args *uap)
2894 {
2895 struct file *fp;
2896 cap_rights_t rights;
2897 int error;
2898
2899 AUDIT_ARG_FD(uap->fd);
2900 AUDIT_ARG_MODE(uap->mode);
2901
2902 error = fget(td, uap->fd, cap_rights_init(&rights, CAP_FCHMOD), &fp);
2903 if (error != 0)
2904 return (error);
2905 error = fo_chmod(fp, uap->mode, td->td_ucred, td);
2906 fdrop(fp, td);
2907 return (error);
2908 }
2909
2910 /*
2911 * Common implementation for chown(), lchown(), and fchown()
2912 */
2913 int
2914 setfown(td, cred, vp, uid, gid)
2915 struct thread *td;
2916 struct ucred *cred;
2917 struct vnode *vp;
2918 uid_t uid;
2919 gid_t gid;
2920 {
2921 struct mount *mp;
2922 struct vattr vattr;
2923 int error;
2924
2925 if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
2926 return (error);
2927 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
2928 VATTR_NULL(&vattr);
2929 vattr.va_uid = uid;
2930 vattr.va_gid = gid;
2931 #ifdef MAC
2932 error = mac_vnode_check_setowner(cred, vp, vattr.va_uid,
2933 vattr.va_gid);
2934 if (error == 0)
2935 #endif
2936 error = VOP_SETATTR(vp, &vattr, cred);
2937 VOP_UNLOCK(vp, 0);
2938 vn_finished_write(mp);
2939 return (error);
2940 }
2941
2942 /*
2943 * Set ownership given a path name.
2944 */
2945 #ifndef _SYS_SYSPROTO_H_
2946 struct chown_args {
2947 char *path;
2948 int uid;
2949 int gid;
2950 };
2951 #endif
2952 int
2953 sys_chown(td, uap)
2954 struct thread *td;
2955 register struct chown_args /* {
2956 char *path;
2957 int uid;
2958 int gid;
2959 } */ *uap;
2960 {
2961
2962 return (kern_chown(td, uap->path, UIO_USERSPACE, uap->uid, uap->gid));
2963 }
2964
2965 #ifndef _SYS_SYSPROTO_H_
2966 struct fchownat_args {
2967 int fd;
2968 const char * path;
2969 uid_t uid;
2970 gid_t gid;
2971 int flag;
2972 };
2973 #endif
2974 int
2975 sys_fchownat(struct thread *td, struct fchownat_args *uap)
2976 {
2977 int flag;
2978
2979 flag = uap->flag;
2980 if (flag & ~AT_SYMLINK_NOFOLLOW)
2981 return (EINVAL);
2982
2983 return (kern_fchownat(td, uap->fd, uap->path, UIO_USERSPACE, uap->uid,
2984 uap->gid, uap->flag));
2985 }
2986
2987 int
2988 kern_chown(struct thread *td, char *path, enum uio_seg pathseg, int uid,
2989 int gid)
2990 {
2991
2992 return (kern_fchownat(td, AT_FDCWD, path, pathseg, uid, gid, 0));
2993 }
2994
2995 int
2996 kern_fchownat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
2997 int uid, int gid, int flag)
2998 {
2999 struct nameidata nd;
3000 cap_rights_t rights;
3001 int error, follow;
3002
3003 AUDIT_ARG_OWNER(uid, gid);
3004 follow = (flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : FOLLOW;
3005 NDINIT_ATRIGHTS(&nd, LOOKUP, follow | AUDITVNODE1, pathseg, path, fd,
3006 cap_rights_init(&rights, CAP_FCHOWN), td);
3007
3008 if ((error = namei(&nd)) != 0)
3009 return (error);
3010 NDFREE(&nd, NDF_ONLY_PNBUF);
3011 error = setfown(td, td->td_ucred, nd.ni_vp, uid, gid);
3012 vrele(nd.ni_vp);
3013 return (error);
3014 }
3015
3016 /*
3017 * Set ownership given a path name, do not cross symlinks.
3018 */
3019 #ifndef _SYS_SYSPROTO_H_
3020 struct lchown_args {
3021 char *path;
3022 int uid;
3023 int gid;
3024 };
3025 #endif
3026 int
3027 sys_lchown(td, uap)
3028 struct thread *td;
3029 register struct lchown_args /* {
3030 char *path;
3031 int uid;
3032 int gid;
3033 } */ *uap;
3034 {
3035
3036 return (kern_lchown(td, uap->path, UIO_USERSPACE, uap->uid, uap->gid));
3037 }
3038
3039 int
3040 kern_lchown(struct thread *td, char *path, enum uio_seg pathseg, int uid,
3041 int gid)
3042 {
3043
3044 return (kern_fchownat(td, AT_FDCWD, path, pathseg, uid, gid,
3045 AT_SYMLINK_NOFOLLOW));
3046 }
3047
3048 /*
3049 * Set ownership given a file descriptor.
3050 */
3051 #ifndef _SYS_SYSPROTO_H_
3052 struct fchown_args {
3053 int fd;
3054 int uid;
3055 int gid;
3056 };
3057 #endif
3058 int
3059 sys_fchown(td, uap)
3060 struct thread *td;
3061 register struct fchown_args /* {
3062 int fd;
3063 int uid;
3064 int gid;
3065 } */ *uap;
3066 {
3067 struct file *fp;
3068 cap_rights_t rights;
3069 int error;
3070
3071 AUDIT_ARG_FD(uap->fd);
3072 AUDIT_ARG_OWNER(uap->uid, uap->gid);
3073 error = fget(td, uap->fd, cap_rights_init(&rights, CAP_FCHOWN), &fp);
3074 if (error != 0)
3075 return (error);
3076 error = fo_chown(fp, uap->uid, uap->gid, td->td_ucred, td);
3077 fdrop(fp, td);
3078 return (error);
3079 }
3080
3081 /*
3082 * Common implementation code for utimes(), lutimes(), and futimes().
3083 */
3084 static int
3085 getutimes(usrtvp, tvpseg, tsp)
3086 const struct timeval *usrtvp;
3087 enum uio_seg tvpseg;
3088 struct timespec *tsp;
3089 {
3090 struct timeval tv[2];
3091 const struct timeval *tvp;
3092 int error;
3093
3094 if (usrtvp == NULL) {
3095 vfs_timestamp(&tsp[0]);
3096 tsp[1] = tsp[0];
3097 } else {
3098 if (tvpseg == UIO_SYSSPACE) {
3099 tvp = usrtvp;
3100 } else {
3101 if ((error = copyin(usrtvp, tv, sizeof(tv))) != 0)
3102 return (error);
3103 tvp = tv;
3104 }
3105
3106 if (tvp[0].tv_usec < 0 || tvp[0].tv_usec >= 1000000 ||
3107 tvp[1].tv_usec < 0 || tvp[1].tv_usec >= 1000000)
3108 return (EINVAL);
3109 TIMEVAL_TO_TIMESPEC(&tvp[0], &tsp[0]);
3110 TIMEVAL_TO_TIMESPEC(&tvp[1], &tsp[1]);
3111 }
3112 return (0);
3113 }
3114
3115 /*
3116 * Common implementation code for futimens(), utimensat().
3117 */
3118 #define UTIMENS_NULL 0x1
3119 #define UTIMENS_EXIT 0x2
3120 static int
3121 getutimens(const struct timespec *usrtsp, enum uio_seg tspseg,
3122 struct timespec *tsp, int *retflags)
3123 {
3124 struct timespec tsnow;
3125 int error;
3126
3127 vfs_timestamp(&tsnow);
3128 *retflags = 0;
3129 if (usrtsp == NULL) {
3130 tsp[0] = tsnow;
3131 tsp[1] = tsnow;
3132 *retflags |= UTIMENS_NULL;
3133 return (0);
3134 }
3135 if (tspseg == UIO_SYSSPACE) {
3136 tsp[0] = usrtsp[0];
3137 tsp[1] = usrtsp[1];
3138 } else if ((error = copyin(usrtsp, tsp, sizeof(*tsp) * 2)) != 0)
3139 return (error);
3140 if (tsp[0].tv_nsec == UTIME_OMIT && tsp[1].tv_nsec == UTIME_OMIT)
3141 *retflags |= UTIMENS_EXIT;
3142 if (tsp[0].tv_nsec == UTIME_NOW && tsp[1].tv_nsec == UTIME_NOW)
3143 *retflags |= UTIMENS_NULL;
3144 if (tsp[0].tv_nsec == UTIME_OMIT)
3145 tsp[0].tv_sec = VNOVAL;
3146 else if (tsp[0].tv_nsec == UTIME_NOW)
3147 tsp[0] = tsnow;
3148 else if (tsp[0].tv_nsec < 0 || tsp[0].tv_nsec >= 1000000000L)
3149 return (EINVAL);
3150 if (tsp[1].tv_nsec == UTIME_OMIT)
3151 tsp[1].tv_sec = VNOVAL;
3152 else if (tsp[1].tv_nsec == UTIME_NOW)
3153 tsp[1] = tsnow;
3154 else if (tsp[1].tv_nsec < 0 || tsp[1].tv_nsec >= 1000000000L)
3155 return (EINVAL);
3156
3157 return (0);
3158 }
3159
3160 /*
3161 * Common implementation code for utimes(), lutimes(), futimes(), futimens(),
3162 * and utimensat().
3163 */
3164 static int
3165 setutimes(td, vp, ts, numtimes, nullflag)
3166 struct thread *td;
3167 struct vnode *vp;
3168 const struct timespec *ts;
3169 int numtimes;
3170 int nullflag;
3171 {
3172 struct mount *mp;
3173 struct vattr vattr;
3174 int error, setbirthtime;
3175
3176 if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
3177 return (error);
3178 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
3179 setbirthtime = 0;
3180 if (numtimes < 3 && !VOP_GETATTR(vp, &vattr, td->td_ucred) &&
3181 timespeccmp(&ts[1], &vattr.va_birthtime, < ))
3182 setbirthtime = 1;
3183 VATTR_NULL(&vattr);
3184 vattr.va_atime = ts[0];
3185 vattr.va_mtime = ts[1];
3186 if (setbirthtime)
3187 vattr.va_birthtime = ts[1];
3188 if (numtimes > 2)
3189 vattr.va_birthtime = ts[2];
3190 if (nullflag)
3191 vattr.va_vaflags |= VA_UTIMES_NULL;
3192 #ifdef MAC
3193 error = mac_vnode_check_setutimes(td->td_ucred, vp, vattr.va_atime,
3194 vattr.va_mtime);
3195 #endif
3196 if (error == 0)
3197 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
3198 VOP_UNLOCK(vp, 0);
3199 vn_finished_write(mp);
3200 return (error);
3201 }
3202
3203 /*
3204 * Set the access and modification times of a file.
3205 */
3206 #ifndef _SYS_SYSPROTO_H_
3207 struct utimes_args {
3208 char *path;
3209 struct timeval *tptr;
3210 };
3211 #endif
3212 int
3213 sys_utimes(td, uap)
3214 struct thread *td;
3215 register struct utimes_args /* {
3216 char *path;
3217 struct timeval *tptr;
3218 } */ *uap;
3219 {
3220
3221 return (kern_utimes(td, uap->path, UIO_USERSPACE, uap->tptr,
3222 UIO_USERSPACE));
3223 }
3224
3225 #ifndef _SYS_SYSPROTO_H_
3226 struct futimesat_args {
3227 int fd;
3228 const char * path;
3229 const struct timeval * times;
3230 };
3231 #endif
3232 int
3233 sys_futimesat(struct thread *td, struct futimesat_args *uap)
3234 {
3235
3236 return (kern_utimesat(td, uap->fd, uap->path, UIO_USERSPACE,
3237 uap->times, UIO_USERSPACE));
3238 }
3239
3240 int
3241 kern_utimes(struct thread *td, char *path, enum uio_seg pathseg,
3242 struct timeval *tptr, enum uio_seg tptrseg)
3243 {
3244
3245 return (kern_utimesat(td, AT_FDCWD, path, pathseg, tptr, tptrseg));
3246 }
3247
3248 int
3249 kern_utimesat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
3250 struct timeval *tptr, enum uio_seg tptrseg)
3251 {
3252 struct nameidata nd;
3253 struct timespec ts[2];
3254 cap_rights_t rights;
3255 int error;
3256
3257 if ((error = getutimes(tptr, tptrseg, ts)) != 0)
3258 return (error);
3259 NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | AUDITVNODE1, pathseg, path, fd,
3260 cap_rights_init(&rights, CAP_FUTIMES), td);
3261
3262 if ((error = namei(&nd)) != 0)
3263 return (error);
3264 NDFREE(&nd, NDF_ONLY_PNBUF);
3265 error = setutimes(td, nd.ni_vp, ts, 2, tptr == NULL);
3266 vrele(nd.ni_vp);
3267 return (error);
3268 }
3269
3270 /*
3271 * Set the access and modification times of a file.
3272 */
3273 #ifndef _SYS_SYSPROTO_H_
3274 struct lutimes_args {
3275 char *path;
3276 struct timeval *tptr;
3277 };
3278 #endif
3279 int
3280 sys_lutimes(td, uap)
3281 struct thread *td;
3282 register struct lutimes_args /* {
3283 char *path;
3284 struct timeval *tptr;
3285 } */ *uap;
3286 {
3287
3288 return (kern_lutimes(td, uap->path, UIO_USERSPACE, uap->tptr,
3289 UIO_USERSPACE));
3290 }
3291
3292 int
3293 kern_lutimes(struct thread *td, char *path, enum uio_seg pathseg,
3294 struct timeval *tptr, enum uio_seg tptrseg)
3295 {
3296 struct timespec ts[2];
3297 struct nameidata nd;
3298 int error;
3299
3300 if ((error = getutimes(tptr, tptrseg, ts)) != 0)
3301 return (error);
3302 NDINIT(&nd, LOOKUP, NOFOLLOW | AUDITVNODE1, pathseg, path, td);
3303 if ((error = namei(&nd)) != 0)
3304 return (error);
3305 NDFREE(&nd, NDF_ONLY_PNBUF);
3306 error = setutimes(td, nd.ni_vp, ts, 2, tptr == NULL);
3307 vrele(nd.ni_vp);
3308 return (error);
3309 }
3310
3311 /*
3312 * Set the access and modification times of a file.
3313 */
3314 #ifndef _SYS_SYSPROTO_H_
3315 struct futimes_args {
3316 int fd;
3317 struct timeval *tptr;
3318 };
3319 #endif
3320 int
3321 sys_futimes(td, uap)
3322 struct thread *td;
3323 register struct futimes_args /* {
3324 int fd;
3325 struct timeval *tptr;
3326 } */ *uap;
3327 {
3328
3329 return (kern_futimes(td, uap->fd, uap->tptr, UIO_USERSPACE));
3330 }
3331
3332 int
3333 kern_futimes(struct thread *td, int fd, struct timeval *tptr,
3334 enum uio_seg tptrseg)
3335 {
3336 struct timespec ts[2];
3337 struct file *fp;
3338 cap_rights_t rights;
3339 int error;
3340
3341 AUDIT_ARG_FD(fd);
3342 error = getutimes(tptr, tptrseg, ts);
3343 if (error != 0)
3344 return (error);
3345 error = getvnode(td->td_proc->p_fd, fd,
3346 cap_rights_init(&rights, CAP_FUTIMES), &fp);
3347 if (error != 0)
3348 return (error);
3349 #ifdef AUDIT
3350 vn_lock(fp->f_vnode, LK_SHARED | LK_RETRY);
3351 AUDIT_ARG_VNODE1(fp->f_vnode);
3352 VOP_UNLOCK(fp->f_vnode, 0);
3353 #endif
3354 error = setutimes(td, fp->f_vnode, ts, 2, tptr == NULL);
3355 fdrop(fp, td);
3356 return (error);
3357 }
3358
3359 int
3360 sys_futimens(struct thread *td, struct futimens_args *uap)
3361 {
3362
3363 return (kern_futimens(td, uap->fd, uap->times, UIO_USERSPACE));
3364 }
3365
3366 int
3367 kern_futimens(struct thread *td, int fd, struct timespec *tptr,
3368 enum uio_seg tptrseg)
3369 {
3370 struct timespec ts[2];
3371 struct file *fp;
3372 cap_rights_t rights;
3373 int error, flags;
3374
3375 AUDIT_ARG_FD(fd);
3376 error = getutimens(tptr, tptrseg, ts, &flags);
3377 if (error != 0)
3378 return (error);
3379 if (flags & UTIMENS_EXIT)
3380 return (0);
3381 error = getvnode(td->td_proc->p_fd, fd,
3382 cap_rights_init(&rights, CAP_FUTIMES), &fp);
3383 if (error != 0)
3384 return (error);
3385 #ifdef AUDIT
3386 vn_lock(fp->f_vnode, LK_SHARED | LK_RETRY);
3387 AUDIT_ARG_VNODE1(fp->f_vnode);
3388 VOP_UNLOCK(fp->f_vnode, 0);
3389 #endif
3390 error = setutimes(td, fp->f_vnode, ts, 2, flags & UTIMENS_NULL);
3391 fdrop(fp, td);
3392 return (error);
3393 }
3394
3395 int
3396 sys_utimensat(struct thread *td, struct utimensat_args *uap)
3397 {
3398
3399 return (kern_utimensat(td, uap->fd, uap->path, UIO_USERSPACE,
3400 uap->times, UIO_USERSPACE, uap->flag));
3401 }
3402
3403 int
3404 kern_utimensat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
3405 struct timespec *tptr, enum uio_seg tptrseg, int flag)
3406 {
3407 struct nameidata nd;
3408 struct timespec ts[2];
3409 int error, flags;
3410
3411 if (flag & ~AT_SYMLINK_NOFOLLOW)
3412 return (EINVAL);
3413
3414 if ((error = getutimens(tptr, tptrseg, ts, &flags)) != 0)
3415 return (error);
3416 NDINIT_AT(&nd, LOOKUP, ((flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW :
3417 FOLLOW) | AUDITVNODE1, pathseg, path, fd, td);
3418 if ((error = namei(&nd)) != 0)
3419 return (error);
3420 /*
3421 * We are allowed to call namei() regardless of 2xUTIME_OMIT.
3422 * POSIX states:
3423 * "If both tv_nsec fields are UTIME_OMIT... EACCESS may be detected."
3424 * "Search permission is denied by a component of the path prefix."
3425 */
3426 NDFREE(&nd, NDF_ONLY_PNBUF);
3427 if ((flags & UTIMENS_EXIT) == 0)
3428 error = setutimes(td, nd.ni_vp, ts, 2, flags & UTIMENS_NULL);
3429 vrele(nd.ni_vp);
3430 return (error);
3431 }
3432
3433 /*
3434 * Truncate a file given its path name.
3435 */
3436 #ifndef _SYS_SYSPROTO_H_
3437 struct truncate_args {
3438 char *path;
3439 int pad;
3440 off_t length;
3441 };
3442 #endif
3443 int
3444 sys_truncate(td, uap)
3445 struct thread *td;
3446 register struct truncate_args /* {
3447 char *path;
3448 int pad;
3449 off_t length;
3450 } */ *uap;
3451 {
3452
3453 return (kern_truncate(td, uap->path, UIO_USERSPACE, uap->length));
3454 }
3455
3456 int
3457 kern_truncate(struct thread *td, char *path, enum uio_seg pathseg, off_t length)
3458 {
3459 struct mount *mp;
3460 struct vnode *vp;
3461 void *rl_cookie;
3462 struct vattr vattr;
3463 struct nameidata nd;
3464 int error;
3465
3466 if (length < 0)
3467 return(EINVAL);
3468 NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNODE1, pathseg, path, td);
3469 if ((error = namei(&nd)) != 0)
3470 return (error);
3471 vp = nd.ni_vp;
3472 rl_cookie = vn_rangelock_wlock(vp, 0, OFF_MAX);
3473 if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) {
3474 vn_rangelock_unlock(vp, rl_cookie);
3475 vrele(vp);
3476 return (error);
3477 }
3478 NDFREE(&nd, NDF_ONLY_PNBUF);
3479 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
3480 if (vp->v_type == VDIR)
3481 error = EISDIR;
3482 #ifdef MAC
3483 else if ((error = mac_vnode_check_write(td->td_ucred, NOCRED, vp))) {
3484 }
3485 #endif
3486 else if ((error = vn_writechk(vp)) == 0 &&
3487 (error = VOP_ACCESS(vp, VWRITE, td->td_ucred, td)) == 0) {
3488 VATTR_NULL(&vattr);
3489 vattr.va_size = length;
3490 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
3491 }
3492 VOP_UNLOCK(vp, 0);
3493 vn_finished_write(mp);
3494 vn_rangelock_unlock(vp, rl_cookie);
3495 vrele(vp);
3496 return (error);
3497 }
3498
3499 #if defined(COMPAT_43)
3500 /*
3501 * Truncate a file given its path name.
3502 */
3503 #ifndef _SYS_SYSPROTO_H_
3504 struct otruncate_args {
3505 char *path;
3506 long length;
3507 };
3508 #endif
3509 int
3510 otruncate(td, uap)
3511 struct thread *td;
3512 register struct otruncate_args /* {
3513 char *path;
3514 long length;
3515 } */ *uap;
3516 {
3517 struct truncate_args /* {
3518 char *path;
3519 int pad;
3520 off_t length;
3521 } */ nuap;
3522
3523 nuap.path = uap->path;
3524 nuap.length = uap->length;
3525 return (sys_truncate(td, &nuap));
3526 }
3527 #endif /* COMPAT_43 */
3528
3529 /* Versions with the pad argument */
3530 int
3531 freebsd6_truncate(struct thread *td, struct freebsd6_truncate_args *uap)
3532 {
3533 struct truncate_args ouap;
3534
3535 ouap.path = uap->path;
3536 ouap.length = uap->length;
3537 return (sys_truncate(td, &ouap));
3538 }
3539
3540 int
3541 freebsd6_ftruncate(struct thread *td, struct freebsd6_ftruncate_args *uap)
3542 {
3543 struct ftruncate_args ouap;
3544
3545 ouap.fd = uap->fd;
3546 ouap.length = uap->length;
3547 return (sys_ftruncate(td, &ouap));
3548 }
3549
3550 /*
3551 * Sync an open file.
3552 */
3553 #ifndef _SYS_SYSPROTO_H_
3554 struct fsync_args {
3555 int fd;
3556 };
3557 #endif
3558 int
3559 sys_fsync(td, uap)
3560 struct thread *td;
3561 struct fsync_args /* {
3562 int fd;
3563 } */ *uap;
3564 {
3565 struct vnode *vp;
3566 struct mount *mp;
3567 struct file *fp;
3568 cap_rights_t rights;
3569 int error, lock_flags;
3570
3571 AUDIT_ARG_FD(uap->fd);
3572 error = getvnode(td->td_proc->p_fd, uap->fd,
3573 cap_rights_init(&rights, CAP_FSYNC), &fp);
3574 if (error != 0)
3575 return (error);
3576 vp = fp->f_vnode;
3577 error = vn_start_write(vp, &mp, V_WAIT | PCATCH);
3578 if (error != 0)
3579 goto drop;
3580 if (MNT_SHARED_WRITES(mp) ||
3581 ((mp == NULL) && MNT_SHARED_WRITES(vp->v_mount))) {
3582 lock_flags = LK_SHARED;
3583 } else {
3584 lock_flags = LK_EXCLUSIVE;
3585 }
3586 vn_lock(vp, lock_flags | LK_RETRY);
3587 AUDIT_ARG_VNODE1(vp);
3588 if (vp->v_object != NULL) {
3589 VM_OBJECT_WLOCK(vp->v_object);
3590 vm_object_page_clean(vp->v_object, 0, 0, 0);
3591 VM_OBJECT_WUNLOCK(vp->v_object);
3592 }
3593 error = VOP_FSYNC(vp, MNT_WAIT, td);
3594
3595 VOP_UNLOCK(vp, 0);
3596 vn_finished_write(mp);
3597 drop:
3598 fdrop(fp, td);
3599 return (error);
3600 }
3601
3602 /*
3603 * Rename files. Source and destination must either both be directories, or
3604 * both not be directories. If target is a directory, it must be empty.
3605 */
3606 #ifndef _SYS_SYSPROTO_H_
3607 struct rename_args {
3608 char *from;
3609 char *to;
3610 };
3611 #endif
3612 int
3613 sys_rename(td, uap)
3614 struct thread *td;
3615 register struct rename_args /* {
3616 char *from;
3617 char *to;
3618 } */ *uap;
3619 {
3620
3621 return (kern_rename(td, uap->from, uap->to, UIO_USERSPACE));
3622 }
3623
3624 #ifndef _SYS_SYSPROTO_H_
3625 struct renameat_args {
3626 int oldfd;
3627 char *old;
3628 int newfd;
3629 char *new;
3630 };
3631 #endif
3632 int
3633 sys_renameat(struct thread *td, struct renameat_args *uap)
3634 {
3635
3636 return (kern_renameat(td, uap->oldfd, uap->old, uap->newfd, uap->new,
3637 UIO_USERSPACE));
3638 }
3639
3640 int
3641 kern_rename(struct thread *td, char *from, char *to, enum uio_seg pathseg)
3642 {
3643
3644 return (kern_renameat(td, AT_FDCWD, from, AT_FDCWD, to, pathseg));
3645 }
3646
3647 int
3648 kern_renameat(struct thread *td, int oldfd, char *old, int newfd, char *new,
3649 enum uio_seg pathseg)
3650 {
3651 struct mount *mp = NULL;
3652 struct vnode *tvp, *fvp, *tdvp;
3653 struct nameidata fromnd, tond;
3654 cap_rights_t rights;
3655 int error;
3656
3657 again:
3658 bwillwrite();
3659 #ifdef MAC
3660 NDINIT_ATRIGHTS(&fromnd, DELETE, LOCKPARENT | LOCKLEAF | SAVESTART |
3661 AUDITVNODE1, pathseg, old, oldfd,
3662 cap_rights_init(&rights, CAP_RENAMEAT), td);
3663 #else
3664 NDINIT_ATRIGHTS(&fromnd, DELETE, WANTPARENT | SAVESTART | AUDITVNODE1,
3665 pathseg, old, oldfd, cap_rights_init(&rights, CAP_RENAMEAT), td);
3666 #endif
3667
3668 if ((error = namei(&fromnd)) != 0)
3669 return (error);
3670 #ifdef MAC
3671 error = mac_vnode_check_rename_from(td->td_ucred, fromnd.ni_dvp,
3672 fromnd.ni_vp, &fromnd.ni_cnd);
3673 VOP_UNLOCK(fromnd.ni_dvp, 0);
3674 if (fromnd.ni_dvp != fromnd.ni_vp)
3675 VOP_UNLOCK(fromnd.ni_vp, 0);
3676 #endif
3677 fvp = fromnd.ni_vp;
3678 NDINIT_ATRIGHTS(&tond, RENAME, LOCKPARENT | LOCKLEAF | NOCACHE |
3679 SAVESTART | AUDITVNODE2, pathseg, new, newfd,
3680 cap_rights_init(&rights, CAP_LINKAT), td);
3681 if (fromnd.ni_vp->v_type == VDIR)
3682 tond.ni_cnd.cn_flags |= WILLBEDIR;
3683 if ((error = namei(&tond)) != 0) {
3684 /* Translate error code for rename("dir1", "dir2/."). */
3685 if (error == EISDIR && fvp->v_type == VDIR)
3686 error = EINVAL;
3687 NDFREE(&fromnd, NDF_ONLY_PNBUF);
3688 vrele(fromnd.ni_dvp);
3689 vrele(fvp);
3690 goto out1;
3691 }
3692 tdvp = tond.ni_dvp;
3693 tvp = tond.ni_vp;
3694 error = vn_start_write(fvp, &mp, V_NOWAIT);
3695 if (error != 0) {
3696 NDFREE(&fromnd, NDF_ONLY_PNBUF);
3697 NDFREE(&tond, NDF_ONLY_PNBUF);
3698 if (tvp != NULL)
3699 vput(tvp);
3700 if (tdvp == tvp)
3701 vrele(tdvp);
3702 else
3703 vput(tdvp);
3704 vrele(fromnd.ni_dvp);
3705 vrele(fvp);
3706 vrele(tond.ni_startdir);
3707 if (fromnd.ni_startdir != NULL)
3708 vrele(fromnd.ni_startdir);
3709 error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH);
3710 if (error != 0)
3711 return (error);
3712 goto again;
3713 }
3714 if (tvp != NULL) {
3715 if (fvp->v_type == VDIR && tvp->v_type != VDIR) {
3716 error = ENOTDIR;
3717 goto out;
3718 } else if (fvp->v_type != VDIR && tvp->v_type == VDIR) {
3719 error = EISDIR;
3720 goto out;
3721 }
3722 #ifdef CAPABILITIES
3723 if (newfd != AT_FDCWD) {
3724 /*
3725 * If the target already exists we require CAP_UNLINKAT
3726 * from 'newfd'.
3727 */
3728 error = cap_check(&tond.ni_filecaps.fc_rights,
3729 cap_rights_init(&rights, CAP_UNLINKAT));
3730 if (error != 0)
3731 goto out;
3732 }
3733 #endif
3734 }
3735 if (fvp == tdvp) {
3736 error = EINVAL;
3737 goto out;
3738 }
3739 /*
3740 * If the source is the same as the destination (that is, if they
3741 * are links to the same vnode), then there is nothing to do.
3742 */
3743 if (fvp == tvp)
3744 error = -1;
3745 #ifdef MAC
3746 else
3747 error = mac_vnode_check_rename_to(td->td_ucred, tdvp,
3748 tond.ni_vp, fromnd.ni_dvp == tdvp, &tond.ni_cnd);
3749 #endif
3750 out:
3751 if (error == 0) {
3752 error = VOP_RENAME(fromnd.ni_dvp, fromnd.ni_vp, &fromnd.ni_cnd,
3753 tond.ni_dvp, tond.ni_vp, &tond.ni_cnd);
3754 NDFREE(&fromnd, NDF_ONLY_PNBUF);
3755 NDFREE(&tond, NDF_ONLY_PNBUF);
3756 } else {
3757 NDFREE(&fromnd, NDF_ONLY_PNBUF);
3758 NDFREE(&tond, NDF_ONLY_PNBUF);
3759 if (tvp != NULL)
3760 vput(tvp);
3761 if (tdvp == tvp)
3762 vrele(tdvp);
3763 else
3764 vput(tdvp);
3765 vrele(fromnd.ni_dvp);
3766 vrele(fvp);
3767 }
3768 vrele(tond.ni_startdir);
3769 vn_finished_write(mp);
3770 out1:
3771 if (fromnd.ni_startdir)
3772 vrele(fromnd.ni_startdir);
3773 if (error == -1)
3774 return (0);
3775 return (error);
3776 }
3777
3778 /*
3779 * Make a directory file.
3780 */
3781 #ifndef _SYS_SYSPROTO_H_
3782 struct mkdir_args {
3783 char *path;
3784 int mode;
3785 };
3786 #endif
3787 int
3788 sys_mkdir(td, uap)
3789 struct thread *td;
3790 register struct mkdir_args /* {
3791 char *path;
3792 int mode;
3793 } */ *uap;
3794 {
3795
3796 return (kern_mkdir(td, uap->path, UIO_USERSPACE, uap->mode));
3797 }
3798
3799 #ifndef _SYS_SYSPROTO_H_
3800 struct mkdirat_args {
3801 int fd;
3802 char *path;
3803 mode_t mode;
3804 };
3805 #endif
3806 int
3807 sys_mkdirat(struct thread *td, struct mkdirat_args *uap)
3808 {
3809
3810 return (kern_mkdirat(td, uap->fd, uap->path, UIO_USERSPACE, uap->mode));
3811 }
3812
3813 int
3814 kern_mkdir(struct thread *td, char *path, enum uio_seg segflg, int mode)
3815 {
3816
3817 return (kern_mkdirat(td, AT_FDCWD, path, segflg, mode));
3818 }
3819
3820 int
3821 kern_mkdirat(struct thread *td, int fd, char *path, enum uio_seg segflg,
3822 int mode)
3823 {
3824 struct mount *mp;
3825 struct vnode *vp;
3826 struct vattr vattr;
3827 struct nameidata nd;
3828 cap_rights_t rights;
3829 int error;
3830
3831 AUDIT_ARG_MODE(mode);
3832 restart:
3833 bwillwrite();
3834 NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 |
3835 NOCACHE, segflg, path, fd, cap_rights_init(&rights, CAP_MKDIRAT),
3836 td);
3837 nd.ni_cnd.cn_flags |= WILLBEDIR;
3838 if ((error = namei(&nd)) != 0)
3839 return (error);
3840 vp = nd.ni_vp;
3841 if (vp != NULL) {
3842 NDFREE(&nd, NDF_ONLY_PNBUF);
3843 /*
3844 * XXX namei called with LOCKPARENT but not LOCKLEAF has
3845 * the strange behaviour of leaving the vnode unlocked
3846 * if the target is the same vnode as the parent.
3847 */
3848 if (vp == nd.ni_dvp)
3849 vrele(nd.ni_dvp);
3850 else
3851 vput(nd.ni_dvp);
3852 vrele(vp);
3853 return (EEXIST);
3854 }
3855 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
3856 NDFREE(&nd, NDF_ONLY_PNBUF);
3857 vput(nd.ni_dvp);
3858 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
3859 return (error);
3860 goto restart;
3861 }
3862 VATTR_NULL(&vattr);
3863 vattr.va_type = VDIR;
3864 vattr.va_mode = (mode & ACCESSPERMS) &~ td->td_proc->p_fd->fd_cmask;
3865 #ifdef MAC
3866 error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
3867 &vattr);
3868 if (error != 0)
3869 goto out;
3870 #endif
3871 error = VOP_MKDIR(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
3872 #ifdef MAC
3873 out:
3874 #endif
3875 NDFREE(&nd, NDF_ONLY_PNBUF);
3876 vput(nd.ni_dvp);
3877 if (error == 0)
3878 vput(nd.ni_vp);
3879 vn_finished_write(mp);
3880 return (error);
3881 }
3882
3883 /*
3884 * Remove a directory file.
3885 */
3886 #ifndef _SYS_SYSPROTO_H_
3887 struct rmdir_args {
3888 char *path;
3889 };
3890 #endif
3891 int
3892 sys_rmdir(td, uap)
3893 struct thread *td;
3894 struct rmdir_args /* {
3895 char *path;
3896 } */ *uap;
3897 {
3898
3899 return (kern_rmdir(td, uap->path, UIO_USERSPACE));
3900 }
3901
3902 int
3903 kern_rmdir(struct thread *td, char *path, enum uio_seg pathseg)
3904 {
3905
3906 return (kern_rmdirat(td, AT_FDCWD, path, pathseg));
3907 }
3908
3909 int
3910 kern_rmdirat(struct thread *td, int fd, char *path, enum uio_seg pathseg)
3911 {
3912 struct mount *mp;
3913 struct vnode *vp;
3914 struct nameidata nd;
3915 cap_rights_t rights;
3916 int error;
3917
3918 restart:
3919 bwillwrite();
3920 NDINIT_ATRIGHTS(&nd, DELETE, LOCKPARENT | LOCKLEAF | AUDITVNODE1,
3921 pathseg, path, fd, cap_rights_init(&rights, CAP_UNLINKAT), td);
3922 if ((error = namei(&nd)) != 0)
3923 return (error);
3924 vp = nd.ni_vp;
3925 if (vp->v_type != VDIR) {
3926 error = ENOTDIR;
3927 goto out;
3928 }
3929 /*
3930 * No rmdir "." please.
3931 */
3932 if (nd.ni_dvp == vp) {
3933 error = EINVAL;
3934 goto out;
3935 }
3936 /*
3937 * The root of a mounted filesystem cannot be deleted.
3938 */
3939 if (vp->v_vflag & VV_ROOT) {
3940 error = EBUSY;
3941 goto out;
3942 }
3943 #ifdef MAC
3944 error = mac_vnode_check_unlink(td->td_ucred, nd.ni_dvp, vp,
3945 &nd.ni_cnd);
3946 if (error != 0)
3947 goto out;
3948 #endif
3949 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
3950 NDFREE(&nd, NDF_ONLY_PNBUF);
3951 vput(vp);
3952 if (nd.ni_dvp == vp)
3953 vrele(nd.ni_dvp);
3954 else
3955 vput(nd.ni_dvp);
3956 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
3957 return (error);
3958 goto restart;
3959 }
3960 vfs_notify_upper(vp, VFS_NOTIFY_UPPER_UNLINK);
3961 error = VOP_RMDIR(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
3962 vn_finished_write(mp);
3963 out:
3964 NDFREE(&nd, NDF_ONLY_PNBUF);
3965 vput(vp);
3966 if (nd.ni_dvp == vp)
3967 vrele(nd.ni_dvp);
3968 else
3969 vput(nd.ni_dvp);
3970 return (error);
3971 }
3972
3973 #ifdef COMPAT_43
3974 /*
3975 * Read a block of directory entries in a filesystem independent format.
3976 */
3977 #ifndef _SYS_SYSPROTO_H_
3978 struct ogetdirentries_args {
3979 int fd;
3980 char *buf;
3981 u_int count;
3982 long *basep;
3983 };
3984 #endif
3985 int
3986 ogetdirentries(struct thread *td, struct ogetdirentries_args *uap)
3987 {
3988 long loff;
3989 int error;
3990
3991 error = kern_ogetdirentries(td, uap, &loff);
3992 if (error == 0)
3993 error = copyout(&loff, uap->basep, sizeof(long));
3994 return (error);
3995 }
3996
3997 int
3998 kern_ogetdirentries(struct thread *td, struct ogetdirentries_args *uap,
3999 long *ploff)
4000 {
4001 struct vnode *vp;
4002 struct file *fp;
4003 struct uio auio, kuio;
4004 struct iovec aiov, kiov;
4005 struct dirent *dp, *edp;
4006 cap_rights_t rights;
4007 caddr_t dirbuf;
4008 int error, eofflag, readcnt;
4009 long loff;
4010 off_t foffset;
4011
4012 /* XXX arbitrary sanity limit on `count'. */
4013 if (uap->count > 64 * 1024)
4014 return (EINVAL);
4015 error = getvnode(td->td_proc->p_fd, uap->fd,
4016 cap_rights_init(&rights, CAP_READ), &fp);
4017 if (error != 0)
4018 return (error);
4019 if ((fp->f_flag & FREAD) == 0) {
4020 fdrop(fp, td);
4021 return (EBADF);
4022 }
4023 vp = fp->f_vnode;
4024 foffset = foffset_lock(fp, 0);
4025 unionread:
4026 if (vp->v_type != VDIR) {
4027 foffset_unlock(fp, foffset, 0);
4028 fdrop(fp, td);
4029 return (EINVAL);
4030 }
4031 aiov.iov_base = uap->buf;
4032 aiov.iov_len = uap->count;
4033 auio.uio_iov = &aiov;
4034 auio.uio_iovcnt = 1;
4035 auio.uio_rw = UIO_READ;
4036 auio.uio_segflg = UIO_USERSPACE;
4037 auio.uio_td = td;
4038 auio.uio_resid = uap->count;
4039 vn_lock(vp, LK_SHARED | LK_RETRY);
4040 loff = auio.uio_offset = foffset;
4041 #ifdef MAC
4042 error = mac_vnode_check_readdir(td->td_ucred, vp);
4043 if (error != 0) {
4044 VOP_UNLOCK(vp, 0);
4045 foffset_unlock(fp, foffset, FOF_NOUPDATE);
4046 fdrop(fp, td);
4047 return (error);
4048 }
4049 #endif
4050 # if (BYTE_ORDER != LITTLE_ENDIAN)
4051 if (vp->v_mount->mnt_maxsymlinklen <= 0) {
4052 error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag,
4053 NULL, NULL);
4054 foffset = auio.uio_offset;
4055 } else
4056 # endif
4057 {
4058 kuio = auio;
4059 kuio.uio_iov = &kiov;
4060 kuio.uio_segflg = UIO_SYSSPACE;
4061 kiov.iov_len = uap->count;
4062 dirbuf = malloc(uap->count, M_TEMP, M_WAITOK);
4063 kiov.iov_base = dirbuf;
4064 error = VOP_READDIR(vp, &kuio, fp->f_cred, &eofflag,
4065 NULL, NULL);
4066 foffset = kuio.uio_offset;
4067 if (error == 0) {
4068 readcnt = uap->count - kuio.uio_resid;
4069 edp = (struct dirent *)&dirbuf[readcnt];
4070 for (dp = (struct dirent *)dirbuf; dp < edp; ) {
4071 # if (BYTE_ORDER == LITTLE_ENDIAN)
4072 /*
4073 * The expected low byte of
4074 * dp->d_namlen is our dp->d_type.
4075 * The high MBZ byte of dp->d_namlen
4076 * is our dp->d_namlen.
4077 */
4078 dp->d_type = dp->d_namlen;
4079 dp->d_namlen = 0;
4080 # else
4081 /*
4082 * The dp->d_type is the high byte
4083 * of the expected dp->d_namlen,
4084 * so must be zero'ed.
4085 */
4086 dp->d_type = 0;
4087 # endif
4088 if (dp->d_reclen > 0) {
4089 dp = (struct dirent *)
4090 ((char *)dp + dp->d_reclen);
4091 } else {
4092 error = EIO;
4093 break;
4094 }
4095 }
4096 if (dp >= edp)
4097 error = uiomove(dirbuf, readcnt, &auio);
4098 }
4099 free(dirbuf, M_TEMP);
4100 }
4101 if (error != 0) {
4102 VOP_UNLOCK(vp, 0);
4103 foffset_unlock(fp, foffset, 0);
4104 fdrop(fp, td);
4105 return (error);
4106 }
4107 if (uap->count == auio.uio_resid &&
4108 (vp->v_vflag & VV_ROOT) &&
4109 (vp->v_mount->mnt_flag & MNT_UNION)) {
4110 struct vnode *tvp = vp;
4111 vp = vp->v_mount->mnt_vnodecovered;
4112 VREF(vp);
4113 fp->f_vnode = vp;
4114 fp->f_data = vp;
4115 foffset = 0;
4116 vput(tvp);
4117 goto unionread;
4118 }
4119 VOP_UNLOCK(vp, 0);
4120 foffset_unlock(fp, foffset, 0);
4121 fdrop(fp, td);
4122 td->td_retval[0] = uap->count - auio.uio_resid;
4123 if (error == 0)
4124 *ploff = loff;
4125 return (error);
4126 }
4127 #endif /* COMPAT_43 */
4128
4129 /*
4130 * Read a block of directory entries in a filesystem independent format.
4131 */
4132 #ifndef _SYS_SYSPROTO_H_
4133 struct getdirentries_args {
4134 int fd;
4135 char *buf;
4136 u_int count;
4137 long *basep;
4138 };
4139 #endif
4140 int
4141 sys_getdirentries(td, uap)
4142 struct thread *td;
4143 register struct getdirentries_args /* {
4144 int fd;
4145 char *buf;
4146 u_int count;
4147 long *basep;
4148 } */ *uap;
4149 {
4150 long base;
4151 int error;
4152
4153 error = kern_getdirentries(td, uap->fd, uap->buf, uap->count, &base,
4154 NULL, UIO_USERSPACE);
4155 if (error != 0)
4156 return (error);
4157 if (uap->basep != NULL)
4158 error = copyout(&base, uap->basep, sizeof(long));
4159 return (error);
4160 }
4161
4162 int
4163 kern_getdirentries(struct thread *td, int fd, char *buf, u_int count,
4164 long *basep, ssize_t *residp, enum uio_seg bufseg)
4165 {
4166 struct vnode *vp;
4167 struct file *fp;
4168 struct uio auio;
4169 struct iovec aiov;
4170 cap_rights_t rights;
4171 long loff;
4172 int error, eofflag;
4173 off_t foffset;
4174
4175 AUDIT_ARG_FD(fd);
4176 if (count > IOSIZE_MAX)
4177 return (EINVAL);
4178 auio.uio_resid = count;
4179 error = getvnode(td->td_proc->p_fd, fd,
4180 cap_rights_init(&rights, CAP_READ), &fp);
4181 if (error != 0)
4182 return (error);
4183 if ((fp->f_flag & FREAD) == 0) {
4184 fdrop(fp, td);
4185 return (EBADF);
4186 }
4187 vp = fp->f_vnode;
4188 foffset = foffset_lock(fp, 0);
4189 unionread:
4190 if (vp->v_type != VDIR) {
4191 error = EINVAL;
4192 goto fail;
4193 }
4194 aiov.iov_base = buf;
4195 aiov.iov_len = count;
4196 auio.uio_iov = &aiov;
4197 auio.uio_iovcnt = 1;
4198 auio.uio_rw = UIO_READ;
4199 auio.uio_segflg = bufseg;
4200 auio.uio_td = td;
4201 vn_lock(vp, LK_SHARED | LK_RETRY);
4202 AUDIT_ARG_VNODE1(vp);
4203 loff = auio.uio_offset = foffset;
4204 #ifdef MAC
4205 error = mac_vnode_check_readdir(td->td_ucred, vp);
4206 if (error == 0)
4207 #endif
4208 error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, NULL,
4209 NULL);
4210 foffset = auio.uio_offset;
4211 if (error != 0) {
4212 VOP_UNLOCK(vp, 0);
4213 goto fail;
4214 }
4215 if (count == auio.uio_resid &&
4216 (vp->v_vflag & VV_ROOT) &&
4217 (vp->v_mount->mnt_flag & MNT_UNION)) {
4218 struct vnode *tvp = vp;
4219
4220 vp = vp->v_mount->mnt_vnodecovered;
4221 VREF(vp);
4222 fp->f_vnode = vp;
4223 fp->f_data = vp;
4224 foffset = 0;
4225 vput(tvp);
4226 goto unionread;
4227 }
4228 VOP_UNLOCK(vp, 0);
4229 *basep = loff;
4230 if (residp != NULL)
4231 *residp = auio.uio_resid;
4232 td->td_retval[0] = count - auio.uio_resid;
4233 fail:
4234 foffset_unlock(fp, foffset, 0);
4235 fdrop(fp, td);
4236 return (error);
4237 }
4238
4239 #ifndef _SYS_SYSPROTO_H_
4240 struct getdents_args {
4241 int fd;
4242 char *buf;
4243 size_t count;
4244 };
4245 #endif
4246 int
4247 sys_getdents(td, uap)
4248 struct thread *td;
4249 register struct getdents_args /* {
4250 int fd;
4251 char *buf;
4252 u_int count;
4253 } */ *uap;
4254 {
4255 struct getdirentries_args ap;
4256
4257 ap.fd = uap->fd;
4258 ap.buf = uap->buf;
4259 ap.count = uap->count;
4260 ap.basep = NULL;
4261 return (sys_getdirentries(td, &ap));
4262 }
4263
4264 /*
4265 * Set the mode mask for creation of filesystem nodes.
4266 */
4267 #ifndef _SYS_SYSPROTO_H_
4268 struct umask_args {
4269 int newmask;
4270 };
4271 #endif
4272 int
4273 sys_umask(td, uap)
4274 struct thread *td;
4275 struct umask_args /* {
4276 int newmask;
4277 } */ *uap;
4278 {
4279 register struct filedesc *fdp;
4280
4281 FILEDESC_XLOCK(td->td_proc->p_fd);
4282 fdp = td->td_proc->p_fd;
4283 td->td_retval[0] = fdp->fd_cmask;
4284 fdp->fd_cmask = uap->newmask & ALLPERMS;
4285 FILEDESC_XUNLOCK(td->td_proc->p_fd);
4286 return (0);
4287 }
4288
4289 /*
4290 * Void all references to file by ripping underlying filesystem away from
4291 * vnode.
4292 */
4293 #ifndef _SYS_SYSPROTO_H_
4294 struct revoke_args {
4295 char *path;
4296 };
4297 #endif
4298 int
4299 sys_revoke(td, uap)
4300 struct thread *td;
4301 register struct revoke_args /* {
4302 char *path;
4303 } */ *uap;
4304 {
4305 struct vnode *vp;
4306 struct vattr vattr;
4307 struct nameidata nd;
4308 int error;
4309
4310 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_USERSPACE,
4311 uap->path, td);
4312 if ((error = namei(&nd)) != 0)
4313 return (error);
4314 vp = nd.ni_vp;
4315 NDFREE(&nd, NDF_ONLY_PNBUF);
4316 if (vp->v_type != VCHR || vp->v_rdev == NULL) {
4317 error = EINVAL;
4318 goto out;
4319 }
4320 #ifdef MAC
4321 error = mac_vnode_check_revoke(td->td_ucred, vp);
4322 if (error != 0)
4323 goto out;
4324 #endif
4325 error = VOP_GETATTR(vp, &vattr, td->td_ucred);
4326 if (error != 0)
4327 goto out;
4328 if (td->td_ucred->cr_uid != vattr.va_uid) {
4329 error = priv_check(td, PRIV_VFS_ADMIN);
4330 if (error != 0)
4331 goto out;
4332 }
4333 if (vcount(vp) > 1)
4334 VOP_REVOKE(vp, REVOKEALL);
4335 out:
4336 vput(vp);
4337 return (error);
4338 }
4339
4340 /*
4341 * Convert a user file descriptor to a kernel file entry and check that, if it
4342 * is a capability, the correct rights are present. A reference on the file
4343 * entry is held upon returning.
4344 */
4345 int
4346 getvnode(struct filedesc *fdp, int fd, cap_rights_t *rightsp, struct file **fpp)
4347 {
4348 struct file *fp;
4349 int error;
4350
4351 error = fget_unlocked(fdp, fd, rightsp, 0, &fp, NULL);
4352 if (error != 0)
4353 return (error);
4354
4355 /*
4356 * The file could be not of the vnode type, or it may be not
4357 * yet fully initialized, in which case the f_vnode pointer
4358 * may be set, but f_ops is still badfileops. E.g.,
4359 * devfs_open() transiently create such situation to
4360 * facilitate csw d_fdopen().
4361 *
4362 * Dupfdopen() handling in kern_openat() installs the
4363 * half-baked file into the process descriptor table, allowing
4364 * other thread to dereference it. Guard against the race by
4365 * checking f_ops.
4366 */
4367 if (fp->f_vnode == NULL || fp->f_ops == &badfileops) {
4368 fdrop(fp, curthread);
4369 return (EINVAL);
4370 }
4371 *fpp = fp;
4372 return (0);
4373 }
4374
4375
4376 /*
4377 * Get an (NFS) file handle.
4378 */
4379 #ifndef _SYS_SYSPROTO_H_
4380 struct lgetfh_args {
4381 char *fname;
4382 fhandle_t *fhp;
4383 };
4384 #endif
4385 int
4386 sys_lgetfh(td, uap)
4387 struct thread *td;
4388 register struct lgetfh_args *uap;
4389 {
4390 struct nameidata nd;
4391 fhandle_t fh;
4392 register struct vnode *vp;
4393 int error;
4394
4395 error = priv_check(td, PRIV_VFS_GETFH);
4396 if (error != 0)
4397 return (error);
4398 NDINIT(&nd, LOOKUP, NOFOLLOW | LOCKLEAF | AUDITVNODE1, UIO_USERSPACE,
4399 uap->fname, td);
4400 error = namei(&nd);
4401 if (error != 0)
4402 return (error);
4403 NDFREE(&nd, NDF_ONLY_PNBUF);
4404 vp = nd.ni_vp;
4405 bzero(&fh, sizeof(fh));
4406 fh.fh_fsid = vp->v_mount->mnt_stat.f_fsid;
4407 error = VOP_VPTOFH(vp, &fh.fh_fid);
4408 vput(vp);
4409 if (error == 0)
4410 error = copyout(&fh, uap->fhp, sizeof (fh));
4411 return (error);
4412 }
4413
4414 #ifndef _SYS_SYSPROTO_H_
4415 struct getfh_args {
4416 char *fname;
4417 fhandle_t *fhp;
4418 };
4419 #endif
4420 int
4421 sys_getfh(td, uap)
4422 struct thread *td;
4423 register struct getfh_args *uap;
4424 {
4425 struct nameidata nd;
4426 fhandle_t fh;
4427 register struct vnode *vp;
4428 int error;
4429
4430 error = priv_check(td, PRIV_VFS_GETFH);
4431 if (error != 0)
4432 return (error);
4433 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_USERSPACE,
4434 uap->fname, td);
4435 error = namei(&nd);
4436 if (error != 0)
4437 return (error);
4438 NDFREE(&nd, NDF_ONLY_PNBUF);
4439 vp = nd.ni_vp;
4440 bzero(&fh, sizeof(fh));
4441 fh.fh_fsid = vp->v_mount->mnt_stat.f_fsid;
4442 error = VOP_VPTOFH(vp, &fh.fh_fid);
4443 vput(vp);
4444 if (error == 0)
4445 error = copyout(&fh, uap->fhp, sizeof (fh));
4446 return (error);
4447 }
4448
4449 /*
4450 * syscall for the rpc.lockd to use to translate a NFS file handle into an
4451 * open descriptor.
4452 *
4453 * warning: do not remove the priv_check() call or this becomes one giant
4454 * security hole.
4455 */
4456 #ifndef _SYS_SYSPROTO_H_
4457 struct fhopen_args {
4458 const struct fhandle *u_fhp;
4459 int flags;
4460 };
4461 #endif
4462 int
4463 sys_fhopen(td, uap)
4464 struct thread *td;
4465 struct fhopen_args /* {
4466 const struct fhandle *u_fhp;
4467 int flags;
4468 } */ *uap;
4469 {
4470 struct mount *mp;
4471 struct vnode *vp;
4472 struct fhandle fhp;
4473 struct file *fp;
4474 int fmode, error;
4475 int indx;
4476
4477 error = priv_check(td, PRIV_VFS_FHOPEN);
4478 if (error != 0)
4479 return (error);
4480 indx = -1;
4481 fmode = FFLAGS(uap->flags);
4482 /* why not allow a non-read/write open for our lockd? */
4483 if (((fmode & (FREAD | FWRITE)) == 0) || (fmode & O_CREAT))
4484 return (EINVAL);
4485 error = copyin(uap->u_fhp, &fhp, sizeof(fhp));
4486 if (error != 0)
4487 return(error);
4488 /* find the mount point */
4489 mp = vfs_busyfs(&fhp.fh_fsid);
4490 if (mp == NULL)
4491 return (ESTALE);
4492 /* now give me my vnode, it gets returned to me locked */
4493 error = VFS_FHTOVP(mp, &fhp.fh_fid, LK_EXCLUSIVE, &vp);
4494 vfs_unbusy(mp);
4495 if (error != 0)
4496 return (error);
4497
4498 error = falloc_noinstall(td, &fp);
4499 if (error != 0) {
4500 vput(vp);
4501 return (error);
4502 }
4503 /*
4504 * An extra reference on `fp' has been held for us by
4505 * falloc_noinstall().
4506 */
4507
4508 #ifdef INVARIANTS
4509 td->td_dupfd = -1;
4510 #endif
4511 error = vn_open_vnode(vp, fmode, td->td_ucred, td, fp);
4512 if (error != 0) {
4513 KASSERT(fp->f_ops == &badfileops,
4514 ("VOP_OPEN in fhopen() set f_ops"));
4515 KASSERT(td->td_dupfd < 0,
4516 ("fhopen() encountered fdopen()"));
4517
4518 vput(vp);
4519 goto bad;
4520 }
4521 #ifdef INVARIANTS
4522 td->td_dupfd = 0;
4523 #endif
4524 fp->f_vnode = vp;
4525 fp->f_seqcount = 1;
4526 finit(fp, (fmode & FMASK) | (fp->f_flag & FHASLOCK), DTYPE_VNODE, vp,
4527 &vnops);
4528 VOP_UNLOCK(vp, 0);
4529 if ((fmode & O_TRUNC) != 0) {
4530 error = fo_truncate(fp, 0, td->td_ucred, td);
4531 if (error != 0)
4532 goto bad;
4533 }
4534
4535 error = finstall(td, fp, &indx, fmode, NULL);
4536 bad:
4537 fdrop(fp, td);
4538 td->td_retval[0] = indx;
4539 return (error);
4540 }
4541
4542 /*
4543 * Stat an (NFS) file handle.
4544 */
4545 #ifndef _SYS_SYSPROTO_H_
4546 struct fhstat_args {
4547 struct fhandle *u_fhp;
4548 struct stat *sb;
4549 };
4550 #endif
4551 int
4552 sys_fhstat(td, uap)
4553 struct thread *td;
4554 register struct fhstat_args /* {
4555 struct fhandle *u_fhp;
4556 struct stat *sb;
4557 } */ *uap;
4558 {
4559 struct stat sb;
4560 struct fhandle fh;
4561 int error;
4562
4563 error = copyin(uap->u_fhp, &fh, sizeof(fh));
4564 if (error != 0)
4565 return (error);
4566 error = kern_fhstat(td, fh, &sb);
4567 if (error == 0)
4568 error = copyout(&sb, uap->sb, sizeof(sb));
4569 return (error);
4570 }
4571
4572 int
4573 kern_fhstat(struct thread *td, struct fhandle fh, struct stat *sb)
4574 {
4575 struct mount *mp;
4576 struct vnode *vp;
4577 int error;
4578
4579 error = priv_check(td, PRIV_VFS_FHSTAT);
4580 if (error != 0)
4581 return (error);
4582 if ((mp = vfs_busyfs(&fh.fh_fsid)) == NULL)
4583 return (ESTALE);
4584 error = VFS_FHTOVP(mp, &fh.fh_fid, LK_EXCLUSIVE, &vp);
4585 vfs_unbusy(mp);
4586 if (error != 0)
4587 return (error);
4588 error = vn_stat(vp, sb, td->td_ucred, NOCRED, td);
4589 vput(vp);
4590 return (error);
4591 }
4592
4593 /*
4594 * Implement fstatfs() for (NFS) file handles.
4595 */
4596 #ifndef _SYS_SYSPROTO_H_
4597 struct fhstatfs_args {
4598 struct fhandle *u_fhp;
4599 struct statfs *buf;
4600 };
4601 #endif
4602 int
4603 sys_fhstatfs(td, uap)
4604 struct thread *td;
4605 struct fhstatfs_args /* {
4606 struct fhandle *u_fhp;
4607 struct statfs *buf;
4608 } */ *uap;
4609 {
4610 struct statfs sf;
4611 fhandle_t fh;
4612 int error;
4613
4614 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
4615 if (error != 0)
4616 return (error);
4617 error = kern_fhstatfs(td, fh, &sf);
4618 if (error != 0)
4619 return (error);
4620 return (copyout(&sf, uap->buf, sizeof(sf)));
4621 }
4622
4623 int
4624 kern_fhstatfs(struct thread *td, fhandle_t fh, struct statfs *buf)
4625 {
4626 struct statfs *sp;
4627 struct mount *mp;
4628 struct vnode *vp;
4629 int error;
4630
4631 error = priv_check(td, PRIV_VFS_FHSTATFS);
4632 if (error != 0)
4633 return (error);
4634 if ((mp = vfs_busyfs(&fh.fh_fsid)) == NULL)
4635 return (ESTALE);
4636 error = VFS_FHTOVP(mp, &fh.fh_fid, LK_EXCLUSIVE, &vp);
4637 if (error != 0) {
4638 vfs_unbusy(mp);
4639 return (error);
4640 }
4641 vput(vp);
4642 error = prison_canseemount(td->td_ucred, mp);
4643 if (error != 0)
4644 goto out;
4645 #ifdef MAC
4646 error = mac_mount_check_stat(td->td_ucred, mp);
4647 if (error != 0)
4648 goto out;
4649 #endif
4650 /*
4651 * Set these in case the underlying filesystem fails to do so.
4652 */
4653 sp = &mp->mnt_stat;
4654 sp->f_version = STATFS_VERSION;
4655 sp->f_namemax = NAME_MAX;
4656 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
4657 error = VFS_STATFS(mp, sp);
4658 if (error == 0)
4659 *buf = *sp;
4660 out:
4661 vfs_unbusy(mp);
4662 return (error);
4663 }
4664
4665 int
4666 kern_posix_fallocate(struct thread *td, int fd, off_t offset, off_t len)
4667 {
4668 struct file *fp;
4669 struct mount *mp;
4670 struct vnode *vp;
4671 cap_rights_t rights;
4672 off_t olen, ooffset;
4673 int error;
4674
4675 if (offset < 0 || len <= 0)
4676 return (EINVAL);
4677 /* Check for wrap. */
4678 if (offset > OFF_MAX - len)
4679 return (EFBIG);
4680 error = fget(td, fd, cap_rights_init(&rights, CAP_WRITE), &fp);
4681 if (error != 0)
4682 return (error);
4683 if ((fp->f_ops->fo_flags & DFLAG_SEEKABLE) == 0) {
4684 error = ESPIPE;
4685 goto out;
4686 }
4687 if ((fp->f_flag & FWRITE) == 0) {
4688 error = EBADF;
4689 goto out;
4690 }
4691 if (fp->f_type != DTYPE_VNODE) {
4692 error = ENODEV;
4693 goto out;
4694 }
4695 vp = fp->f_vnode;
4696 if (vp->v_type != VREG) {
4697 error = ENODEV;
4698 goto out;
4699 }
4700
4701 /* Allocating blocks may take a long time, so iterate. */
4702 for (;;) {
4703 olen = len;
4704 ooffset = offset;
4705
4706 bwillwrite();
4707 mp = NULL;
4708 error = vn_start_write(vp, &mp, V_WAIT | PCATCH);
4709 if (error != 0)
4710 break;
4711 error = vn_lock(vp, LK_EXCLUSIVE);
4712 if (error != 0) {
4713 vn_finished_write(mp);
4714 break;
4715 }
4716 #ifdef MAC
4717 error = mac_vnode_check_write(td->td_ucred, fp->f_cred, vp);
4718 if (error == 0)
4719 #endif
4720 error = VOP_ALLOCATE(vp, &offset, &len);
4721 VOP_UNLOCK(vp, 0);
4722 vn_finished_write(mp);
4723
4724 if (olen + ooffset != offset + len) {
4725 panic("offset + len changed from %jx/%jx to %jx/%jx",
4726 ooffset, olen, offset, len);
4727 }
4728 if (error != 0 || len == 0)
4729 break;
4730 KASSERT(olen > len, ("Iteration did not make progress?"));
4731 maybe_yield();
4732 }
4733 out:
4734 fdrop(fp, td);
4735 return (error);
4736 }
4737
4738 int
4739 sys_posix_fallocate(struct thread *td, struct posix_fallocate_args *uap)
4740 {
4741
4742 td->td_retval[0] = kern_posix_fallocate(td, uap->fd, uap->offset,
4743 uap->len);
4744 return (0);
4745 }
4746
4747 /*
4748 * Unlike madvise(2), we do not make a best effort to remember every
4749 * possible caching hint. Instead, we remember the last setting with
4750 * the exception that we will allow POSIX_FADV_NORMAL to adjust the
4751 * region of any current setting.
4752 */
4753 int
4754 kern_posix_fadvise(struct thread *td, int fd, off_t offset, off_t len,
4755 int advice)
4756 {
4757 struct fadvise_info *fa, *new;
4758 struct file *fp;
4759 struct vnode *vp;
4760 cap_rights_t rights;
4761 off_t end;
4762 int error;
4763
4764 if (offset < 0 || len < 0 || offset > OFF_MAX - len)
4765 return (EINVAL);
4766 switch (advice) {
4767 case POSIX_FADV_SEQUENTIAL:
4768 case POSIX_FADV_RANDOM:
4769 case POSIX_FADV_NOREUSE:
4770 new = malloc(sizeof(*fa), M_FADVISE, M_WAITOK);
4771 break;
4772 case POSIX_FADV_NORMAL:
4773 case POSIX_FADV_WILLNEED:
4774 case POSIX_FADV_DONTNEED:
4775 new = NULL;
4776 break;
4777 default:
4778 return (EINVAL);
4779 }
4780 /* XXX: CAP_POSIX_FADVISE? */
4781 error = fget(td, fd, cap_rights_init(&rights), &fp);
4782 if (error != 0)
4783 goto out;
4784 if ((fp->f_ops->fo_flags & DFLAG_SEEKABLE) == 0) {
4785 error = ESPIPE;
4786 goto out;
4787 }
4788 if (fp->f_type != DTYPE_VNODE) {
4789 error = ENODEV;
4790 goto out;
4791 }
4792 vp = fp->f_vnode;
4793 if (vp->v_type != VREG) {
4794 error = ENODEV;
4795 goto out;
4796 }
4797 if (len == 0)
4798 end = OFF_MAX;
4799 else
4800 end = offset + len - 1;
4801 switch (advice) {
4802 case POSIX_FADV_SEQUENTIAL:
4803 case POSIX_FADV_RANDOM:
4804 case POSIX_FADV_NOREUSE:
4805 /*
4806 * Try to merge any existing non-standard region with
4807 * this new region if possible, otherwise create a new
4808 * non-standard region for this request.
4809 */
4810 mtx_pool_lock(mtxpool_sleep, fp);
4811 fa = fp->f_advice;
4812 if (fa != NULL && fa->fa_advice == advice &&
4813 ((fa->fa_start <= end && fa->fa_end >= offset) ||
4814 (end != OFF_MAX && fa->fa_start == end + 1) ||
4815 (fa->fa_end != OFF_MAX && fa->fa_end + 1 == offset))) {
4816 if (offset < fa->fa_start)
4817 fa->fa_start = offset;
4818 if (end > fa->fa_end)
4819 fa->fa_end = end;
4820 } else {
4821 new->fa_advice = advice;
4822 new->fa_start = offset;
4823 new->fa_end = end;
4824 new->fa_prevstart = 0;
4825 new->fa_prevend = 0;
4826 fp->f_advice = new;
4827 new = fa;
4828 }
4829 mtx_pool_unlock(mtxpool_sleep, fp);
4830 break;
4831 case POSIX_FADV_NORMAL:
4832 /*
4833 * If a the "normal" region overlaps with an existing
4834 * non-standard region, trim or remove the
4835 * non-standard region.
4836 */
4837 mtx_pool_lock(mtxpool_sleep, fp);
4838 fa = fp->f_advice;
4839 if (fa != NULL) {
4840 if (offset <= fa->fa_start && end >= fa->fa_end) {
4841 new = fa;
4842 fp->f_advice = NULL;
4843 } else if (offset <= fa->fa_start &&
4844 end >= fa->fa_start)
4845 fa->fa_start = end + 1;
4846 else if (offset <= fa->fa_end && end >= fa->fa_end)
4847 fa->fa_end = offset - 1;
4848 else if (offset >= fa->fa_start && end <= fa->fa_end) {
4849 /*
4850 * If the "normal" region is a middle
4851 * portion of the existing
4852 * non-standard region, just remove
4853 * the whole thing rather than picking
4854 * one side or the other to
4855 * preserve.
4856 */
4857 new = fa;
4858 fp->f_advice = NULL;
4859 }
4860 }
4861 mtx_pool_unlock(mtxpool_sleep, fp);
4862 break;
4863 case POSIX_FADV_WILLNEED:
4864 case POSIX_FADV_DONTNEED:
4865 error = VOP_ADVISE(vp, offset, end, advice);
4866 break;
4867 }
4868 out:
4869 if (fp != NULL)
4870 fdrop(fp, td);
4871 free(new, M_FADVISE);
4872 return (error);
4873 }
4874
4875 int
4876 sys_posix_fadvise(struct thread *td, struct posix_fadvise_args *uap)
4877 {
4878
4879 td->td_retval[0] = kern_posix_fadvise(td, uap->fd, uap->offset,
4880 uap->len, uap->advice);
4881 return (0);
4882 }
Cache object: dcbdc85b3d518ce6d63dc2304172b5f3
|