1 /*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 1982, 1986, 1989, 1993, 1995
5 * The Regents of the University of California. All rights reserved.
6 * (c) UNIX System Laboratories, Inc.
7 * All or some portions of this file are derived from material licensed
8 * to the University of California by American Telephone and Telegraph
9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
10 * the permission of UNIX System Laboratories, Inc.
11 *
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
14 * are met:
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. Neither the name of the University nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
23 *
24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * SUCH DAMAGE.
35 *
36 * @(#)ufs_vnops.c 8.27 (Berkeley) 5/27/95
37 */
38
39 #include <sys/cdefs.h>
40 __FBSDID("$FreeBSD$");
41
42 #include "opt_quota.h"
43 #include "opt_suiddir.h"
44 #include "opt_ufs.h"
45 #include "opt_ffs.h"
46
47 #include <sys/param.h>
48 #include <sys/systm.h>
49 #include <sys/malloc.h>
50 #include <sys/namei.h>
51 #include <sys/kernel.h>
52 #include <sys/fcntl.h>
53 #include <sys/filio.h>
54 #include <sys/stat.h>
55 #include <sys/bio.h>
56 #include <sys/buf.h>
57 #include <sys/mount.h>
58 #include <sys/priv.h>
59 #include <sys/refcount.h>
60 #include <sys/unistd.h>
61 #include <sys/vnode.h>
62 #include <sys/dirent.h>
63 #include <sys/lockf.h>
64 #include <sys/conf.h>
65 #include <sys/acl.h>
66 #include <sys/smr.h>
67
68 #include <security/audit/audit.h>
69 #include <security/mac/mac_framework.h>
70
71 #include <sys/file.h> /* XXX */
72
73 #include <vm/vm.h>
74 #include <vm/vm_extern.h>
75
76 #include <ufs/ufs/acl.h>
77 #include <ufs/ufs/extattr.h>
78 #include <ufs/ufs/quota.h>
79 #include <ufs/ufs/inode.h>
80 #include <ufs/ufs/dir.h>
81 #include <ufs/ufs/ufsmount.h>
82 #include <ufs/ufs/ufs_extern.h>
83 #ifdef UFS_DIRHASH
84 #include <ufs/ufs/dirhash.h>
85 #endif
86 #ifdef UFS_GJOURNAL
87 #include <ufs/ufs/gjournal.h>
88 FEATURE(ufs_gjournal, "Journaling support through GEOM for UFS");
89 #endif
90
91 #ifdef QUOTA
92 FEATURE(ufs_quota, "UFS disk quotas support");
93 FEATURE(ufs_quota64, "64bit UFS disk quotas support");
94 #endif
95
96 #ifdef SUIDDIR
97 FEATURE(suiddir,
98 "Give all new files in directory the same ownership as the directory");
99 #endif
100
101 VFS_SMR_DECLARE;
102
103 #include <ufs/ffs/ffs_extern.h>
104
105 static vop_accessx_t ufs_accessx;
106 static vop_fplookup_vexec_t ufs_fplookup_vexec;
107 static int ufs_chmod(struct vnode *, int, struct ucred *, struct thread *);
108 static int ufs_chown(struct vnode *, uid_t, gid_t, struct ucred *,
109 struct thread *);
110 static vop_close_t ufs_close;
111 static vop_create_t ufs_create;
112 static vop_stat_t ufs_stat;
113 static vop_getattr_t ufs_getattr;
114 static vop_ioctl_t ufs_ioctl;
115 static vop_link_t ufs_link;
116 static int ufs_makeinode(int mode, struct vnode *, struct vnode **,
117 struct componentname *, const char *);
118 static vop_mmapped_t ufs_mmapped;
119 static vop_mkdir_t ufs_mkdir;
120 static vop_mknod_t ufs_mknod;
121 static vop_open_t ufs_open;
122 static vop_pathconf_t ufs_pathconf;
123 static vop_print_t ufs_print;
124 static vop_readlink_t ufs_readlink;
125 static vop_remove_t ufs_remove;
126 static vop_rename_t ufs_rename;
127 static vop_rmdir_t ufs_rmdir;
128 static vop_setattr_t ufs_setattr;
129 static vop_strategy_t ufs_strategy;
130 static vop_symlink_t ufs_symlink;
131 static vop_whiteout_t ufs_whiteout;
132 static vop_close_t ufsfifo_close;
133
134 SYSCTL_NODE(_vfs, OID_AUTO, ufs, CTLFLAG_RD | CTLFLAG_MPSAFE, 0,
135 "UFS filesystem");
136
137 /*
138 * A virgin directory (no blushing please).
139 */
140 static struct dirtemplate mastertemplate = {
141 0, 12, DT_DIR, 1, ".",
142 0, DIRBLKSIZ - 12, DT_DIR, 2, ".."
143 };
144 static struct odirtemplate omastertemplate = {
145 0, 12, 1, ".",
146 0, DIRBLKSIZ - 12, 2, ".."
147 };
148
149 static void
150 ufs_itimes_locked(struct vnode *vp)
151 {
152 struct inode *ip;
153 struct timespec ts;
154
155 ASSERT_VI_LOCKED(vp, __func__);
156
157 ip = VTOI(vp);
158 if (UFS_RDONLY(ip))
159 goto out;
160 if ((ip->i_flag & (IN_ACCESS | IN_CHANGE | IN_UPDATE)) == 0)
161 return;
162
163 if ((vp->v_type == VBLK || vp->v_type == VCHR) && !DOINGSOFTDEP(vp))
164 UFS_INODE_SET_FLAG(ip, IN_LAZYMOD);
165 else if (((vp->v_mount->mnt_kern_flag &
166 (MNTK_SUSPENDED | MNTK_SUSPEND)) == 0) ||
167 (ip->i_flag & (IN_CHANGE | IN_UPDATE)))
168 UFS_INODE_SET_FLAG(ip, IN_MODIFIED);
169 else if (ip->i_flag & IN_ACCESS)
170 UFS_INODE_SET_FLAG(ip, IN_LAZYACCESS);
171 vfs_timestamp(&ts);
172 if (ip->i_flag & IN_ACCESS) {
173 DIP_SET(ip, i_atime, ts.tv_sec);
174 DIP_SET(ip, i_atimensec, ts.tv_nsec);
175 }
176 if (ip->i_flag & IN_UPDATE) {
177 DIP_SET(ip, i_mtime, ts.tv_sec);
178 DIP_SET(ip, i_mtimensec, ts.tv_nsec);
179 }
180 if (ip->i_flag & IN_CHANGE) {
181 DIP_SET(ip, i_ctime, ts.tv_sec);
182 DIP_SET(ip, i_ctimensec, ts.tv_nsec);
183 DIP_SET(ip, i_modrev, DIP(ip, i_modrev) + 1);
184 }
185
186 out:
187 ip->i_flag &= ~(IN_ACCESS | IN_CHANGE | IN_UPDATE);
188 }
189
190 void
191 ufs_itimes(struct vnode *vp)
192 {
193 struct inode *ip;
194
195 ip = VTOI(vp);
196 if ((ip->i_flag & (IN_ACCESS | IN_CHANGE | IN_UPDATE)) == 0)
197 return;
198
199 VI_LOCK(vp);
200 ufs_itimes_locked(vp);
201 VI_UNLOCK(vp);
202 }
203
204 static int
205 ufs_sync_nlink1(struct mount *mp)
206 {
207 int error;
208
209 error = vfs_busy(mp, 0);
210 if (error == 0) {
211 VFS_SYNC(mp, MNT_WAIT);
212 vfs_unbusy(mp);
213 error = ERELOOKUP;
214 }
215 vfs_rel(mp);
216 return (error);
217 }
218
219 static int
220 ufs_sync_nlink(struct vnode *vp, struct vnode *vp1)
221 {
222 struct inode *ip;
223 struct mount *mp;
224 int error;
225
226 ip = VTOI(vp);
227 if (ip->i_nlink < UFS_LINK_MAX)
228 return (0);
229 if (!DOINGSOFTDEP(vp) || ip->i_effnlink >= UFS_LINK_MAX)
230 return (EMLINK);
231
232 mp = vp->v_mount;
233 vfs_ref(mp);
234 VOP_UNLOCK(vp);
235 if (vp1 != NULL)
236 VOP_UNLOCK(vp1);
237 error = ufs_sync_nlink1(mp);
238 vn_lock_pair(vp, false, vp1, false);
239 return (error);
240 }
241
242 /*
243 * Create a regular file
244 */
245 static int
246 ufs_create(
247 struct vop_create_args /* {
248 struct vnode *a_dvp;
249 struct vnode **a_vpp;
250 struct componentname *a_cnp;
251 struct vattr *a_vap;
252 } */ *ap)
253 {
254 int error;
255
256 error =
257 ufs_makeinode(MAKEIMODE(ap->a_vap->va_type, ap->a_vap->va_mode),
258 ap->a_dvp, ap->a_vpp, ap->a_cnp, "ufs_create");
259 if (error != 0)
260 return (error);
261 if ((ap->a_cnp->cn_flags & MAKEENTRY) != 0)
262 cache_enter(ap->a_dvp, *ap->a_vpp, ap->a_cnp);
263 return (0);
264 }
265
266 /*
267 * Mknod vnode call
268 */
269 /* ARGSUSED */
270 static int
271 ufs_mknod(
272 struct vop_mknod_args /* {
273 struct vnode *a_dvp;
274 struct vnode **a_vpp;
275 struct componentname *a_cnp;
276 struct vattr *a_vap;
277 } */ *ap)
278 {
279 struct vattr *vap = ap->a_vap;
280 struct vnode **vpp = ap->a_vpp;
281 struct inode *ip;
282 ino_t ino;
283 int error;
284
285 error = ufs_makeinode(MAKEIMODE(vap->va_type, vap->va_mode),
286 ap->a_dvp, vpp, ap->a_cnp, "ufs_mknod");
287 if (error)
288 return (error);
289 ip = VTOI(*vpp);
290 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE);
291 if (vap->va_rdev != VNOVAL) {
292 /*
293 * Want to be able to use this to make badblock
294 * inodes, so don't truncate the dev number.
295 */
296 DIP_SET(ip, i_rdev, vap->va_rdev);
297 }
298 /*
299 * Remove inode, then reload it through VFS_VGET(). This is
300 * needed to do further inode initialization, for instance
301 * fifo, which was too early for VFS_VGET() done as part of
302 * UFS_VALLOC().
303 */
304 (*vpp)->v_type = VNON;
305 ino = ip->i_number; /* Save this before vgone() invalidates ip. */
306 vgone(*vpp);
307 vput(*vpp);
308 error = VFS_VGET(ap->a_dvp->v_mount, ino, LK_EXCLUSIVE, vpp);
309 if (error) {
310 *vpp = NULL;
311 return (error);
312 }
313 return (0);
314 }
315
316 /*
317 * Open called.
318 */
319 /* ARGSUSED */
320 static int
321 ufs_open(struct vop_open_args *ap)
322 {
323 struct vnode *vp = ap->a_vp;
324 struct inode *ip;
325
326 if (vp->v_type == VCHR || vp->v_type == VBLK)
327 return (EOPNOTSUPP);
328
329 ip = VTOI(vp);
330 vnode_create_vobject(vp, DIP(ip, i_size), ap->a_td);
331 if (vp->v_type == VREG && (vn_irflag_read(vp) & VIRF_PGREAD) == 0 &&
332 ip->i_ump->um_bsize >= PAGE_SIZE) {
333 vn_irflag_set_cond(vp, VIRF_PGREAD);
334 }
335
336 /*
337 * Files marked append-only must be opened for appending.
338 */
339 if ((ip->i_flags & APPEND) &&
340 (ap->a_mode & (FWRITE | O_APPEND)) == FWRITE)
341 return (EPERM);
342
343 return (0);
344 }
345
346 /*
347 * Close called.
348 *
349 * Update the times on the inode.
350 */
351 /* ARGSUSED */
352 static int
353 ufs_close(
354 struct vop_close_args /* {
355 struct vnode *a_vp;
356 int a_fflag;
357 struct ucred *a_cred;
358 struct thread *a_td;
359 } */ *ap)
360 {
361 struct vnode *vp = ap->a_vp;
362
363 ufs_itimes(vp);
364 return (0);
365 }
366
367 static int
368 ufs_accessx(
369 struct vop_accessx_args /* {
370 struct vnode *a_vp;
371 accmode_t a_accmode;
372 struct ucred *a_cred;
373 struct thread *a_td;
374 } */ *ap)
375 {
376 struct vnode *vp = ap->a_vp;
377 struct inode *ip = VTOI(vp);
378 accmode_t accmode = ap->a_accmode;
379 int error;
380 #ifdef UFS_ACL
381 struct acl *acl;
382 acl_type_t type;
383 #endif
384
385 /*
386 * Disallow write attempts on read-only filesystems;
387 * unless the file is a socket, fifo, or a block or
388 * character device resident on the filesystem.
389 */
390 if (accmode & VMODIFY_PERMS) {
391 switch (vp->v_type) {
392 case VDIR:
393 case VLNK:
394 case VREG:
395 if (vp->v_mount->mnt_flag & MNT_RDONLY)
396 return (EROFS);
397 #ifdef QUOTA
398 /*
399 * Inode is accounted in the quotas only if struct
400 * dquot is attached to it. VOP_ACCESS() is called
401 * from vn_open_cred() and provides a convenient
402 * point to call getinoquota(). The lock mode is
403 * exclusive when the file is opening for write.
404 */
405 if (VOP_ISLOCKED(vp) == LK_EXCLUSIVE) {
406 error = getinoquota(ip);
407 if (error != 0)
408 return (error);
409 }
410 #endif
411 break;
412 default:
413 break;
414 }
415 }
416
417 /*
418 * If immutable bit set, nobody gets to write it. "& ~VADMIN_PERMS"
419 * permits the owner of the file to remove the IMMUTABLE flag.
420 */
421 if ((accmode & (VMODIFY_PERMS & ~VADMIN_PERMS)) &&
422 (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT)))
423 return (EPERM);
424
425 #ifdef UFS_ACL
426 if ((vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS)) != 0) {
427 if (vp->v_mount->mnt_flag & MNT_NFS4ACLS)
428 type = ACL_TYPE_NFS4;
429 else
430 type = ACL_TYPE_ACCESS;
431
432 acl = acl_alloc(M_WAITOK);
433 if (type == ACL_TYPE_NFS4)
434 error = ufs_getacl_nfs4_internal(vp, acl, ap->a_td);
435 else
436 error = VOP_GETACL(vp, type, acl, ap->a_cred, ap->a_td);
437 switch (error) {
438 case 0:
439 if (type == ACL_TYPE_NFS4) {
440 error = vaccess_acl_nfs4(vp->v_type, ip->i_uid,
441 ip->i_gid, acl, accmode, ap->a_cred);
442 } else {
443 error = vfs_unixify_accmode(&accmode);
444 if (error == 0)
445 error = vaccess_acl_posix1e(vp->v_type, ip->i_uid,
446 ip->i_gid, acl, accmode, ap->a_cred);
447 }
448 break;
449 default:
450 if (error != EOPNOTSUPP)
451 printf(
452 "ufs_accessx(): Error retrieving ACL on object (%d).\n",
453 error);
454 /*
455 * XXX: Fall back until debugged. Should
456 * eventually possibly log an error, and return
457 * EPERM for safety.
458 */
459 error = vfs_unixify_accmode(&accmode);
460 if (error == 0)
461 error = vaccess(vp->v_type, ip->i_mode,
462 ip->i_uid, ip->i_gid, accmode, ap->a_cred);
463 }
464 acl_free(acl);
465
466 return (error);
467 }
468 #endif /* !UFS_ACL */
469 error = vfs_unixify_accmode(&accmode);
470 if (error == 0)
471 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, ip->i_gid,
472 accmode, ap->a_cred);
473 return (error);
474 }
475
476 /*
477 * VOP_FPLOOKUP_VEXEC routines are subject to special circumstances, see
478 * the comment above cache_fplookup for details.
479 */
480 static int
481 ufs_fplookup_vexec(
482 struct vop_fplookup_vexec_args /* {
483 struct vnode *a_vp;
484 struct ucred *a_cred;
485 struct thread *a_td;
486 } */ *ap)
487 {
488 struct vnode *vp;
489 struct inode *ip;
490 struct ucred *cred;
491 mode_t all_x, mode;
492
493 vp = ap->a_vp;
494 ip = VTOI_SMR(vp);
495 if (__predict_false(ip == NULL))
496 return (EAGAIN);
497
498 /*
499 * XXX ACL race
500 *
501 * ACLs are not supported and UFS clears/sets this flag on mount and
502 * remount. However, we may still be racing with seeing them and there
503 * is no provision to make sure they were accounted for. This matches
504 * the behavior of the locked case, since the lookup there is also
505 * racy: mount takes no measures to block anyone from progressing.
506 */
507 all_x = S_IXUSR | S_IXGRP | S_IXOTH;
508 mode = atomic_load_short(&ip->i_mode);
509 if (__predict_true((mode & all_x) == all_x))
510 return (0);
511
512 cred = ap->a_cred;
513 return (vaccess_vexec_smr(mode, ip->i_uid, ip->i_gid, cred));
514 }
515
516 /* ARGSUSED */
517 static int
518 ufs_stat(struct vop_stat_args *ap)
519 {
520 struct vnode *vp = ap->a_vp;
521 struct inode *ip = VTOI(vp);
522 struct stat *sb = ap->a_sb;
523 int error;
524
525 error = vop_stat_helper_pre(ap);
526 if (__predict_false(error))
527 return (error);
528
529 VI_LOCK(vp);
530 ufs_itimes_locked(vp);
531 if (I_IS_UFS1(ip)) {
532 sb->st_atim.tv_sec = ip->i_din1->di_atime;
533 sb->st_atim.tv_nsec = ip->i_din1->di_atimensec;
534 } else {
535 sb->st_atim.tv_sec = ip->i_din2->di_atime;
536 sb->st_atim.tv_nsec = ip->i_din2->di_atimensec;
537 }
538 VI_UNLOCK(vp);
539
540 sb->st_dev = dev2udev(ITOUMP(ip)->um_dev);
541 sb->st_ino = ip->i_number;
542 sb->st_mode = (ip->i_mode & ~IFMT) | VTTOIF(vp->v_type);
543 sb->st_nlink = ip->i_effnlink;
544 sb->st_uid = ip->i_uid;
545 sb->st_gid = ip->i_gid;
546 if (I_IS_UFS1(ip)) {
547 sb->st_rdev = ip->i_din1->di_rdev;
548 sb->st_size = ip->i_din1->di_size;
549 sb->st_mtim.tv_sec = ip->i_din1->di_mtime;
550 sb->st_mtim.tv_nsec = ip->i_din1->di_mtimensec;
551 sb->st_ctim.tv_sec = ip->i_din1->di_ctime;
552 sb->st_ctim.tv_nsec = ip->i_din1->di_ctimensec;
553 sb->st_birthtim.tv_sec = -1;
554 sb->st_birthtim.tv_nsec = 0;
555 sb->st_blocks = dbtob((u_quad_t)ip->i_din1->di_blocks) / S_BLKSIZE;
556 } else {
557 sb->st_rdev = ip->i_din2->di_rdev;
558 sb->st_size = ip->i_din2->di_size;
559 sb->st_mtim.tv_sec = ip->i_din2->di_mtime;
560 sb->st_mtim.tv_nsec = ip->i_din2->di_mtimensec;
561 sb->st_ctim.tv_sec = ip->i_din2->di_ctime;
562 sb->st_ctim.tv_nsec = ip->i_din2->di_ctimensec;
563 sb->st_birthtim.tv_sec = ip->i_din2->di_birthtime;
564 sb->st_birthtim.tv_nsec = ip->i_din2->di_birthnsec;
565 sb->st_blocks = dbtob((u_quad_t)ip->i_din2->di_blocks) / S_BLKSIZE;
566 }
567
568 sb->st_blksize = max(PAGE_SIZE, vp->v_mount->mnt_stat.f_iosize);
569 sb->st_flags = ip->i_flags;
570 sb->st_gen = ip->i_gen;
571
572 return (vop_stat_helper_post(ap, error));
573 }
574
575 /* ARGSUSED */
576 static int
577 ufs_getattr(
578 struct vop_getattr_args /* {
579 struct vnode *a_vp;
580 struct vattr *a_vap;
581 struct ucred *a_cred;
582 } */ *ap)
583 {
584 struct vnode *vp = ap->a_vp;
585 struct inode *ip = VTOI(vp);
586 struct vattr *vap = ap->a_vap;
587
588 VI_LOCK(vp);
589 ufs_itimes_locked(vp);
590 if (I_IS_UFS1(ip)) {
591 vap->va_atime.tv_sec = ip->i_din1->di_atime;
592 vap->va_atime.tv_nsec = ip->i_din1->di_atimensec;
593 } else {
594 vap->va_atime.tv_sec = ip->i_din2->di_atime;
595 vap->va_atime.tv_nsec = ip->i_din2->di_atimensec;
596 }
597 VI_UNLOCK(vp);
598 /*
599 * Copy from inode table
600 */
601 vap->va_fsid = dev2udev(ITOUMP(ip)->um_dev);
602 vap->va_fileid = ip->i_number;
603 vap->va_mode = ip->i_mode & ~IFMT;
604 vap->va_nlink = ip->i_effnlink;
605 vap->va_uid = ip->i_uid;
606 vap->va_gid = ip->i_gid;
607 if (I_IS_UFS1(ip)) {
608 vap->va_rdev = ip->i_din1->di_rdev;
609 vap->va_size = ip->i_din1->di_size;
610 vap->va_mtime.tv_sec = ip->i_din1->di_mtime;
611 vap->va_mtime.tv_nsec = ip->i_din1->di_mtimensec;
612 vap->va_ctime.tv_sec = ip->i_din1->di_ctime;
613 vap->va_ctime.tv_nsec = ip->i_din1->di_ctimensec;
614 vap->va_bytes = dbtob((u_quad_t)ip->i_din1->di_blocks);
615 vap->va_filerev = ip->i_din1->di_modrev;
616 } else {
617 vap->va_rdev = ip->i_din2->di_rdev;
618 vap->va_size = ip->i_din2->di_size;
619 vap->va_mtime.tv_sec = ip->i_din2->di_mtime;
620 vap->va_mtime.tv_nsec = ip->i_din2->di_mtimensec;
621 vap->va_ctime.tv_sec = ip->i_din2->di_ctime;
622 vap->va_ctime.tv_nsec = ip->i_din2->di_ctimensec;
623 vap->va_birthtime.tv_sec = ip->i_din2->di_birthtime;
624 vap->va_birthtime.tv_nsec = ip->i_din2->di_birthnsec;
625 vap->va_bytes = dbtob((u_quad_t)ip->i_din2->di_blocks);
626 vap->va_filerev = ip->i_din2->di_modrev;
627 }
628 vap->va_flags = ip->i_flags;
629 vap->va_gen = ip->i_gen;
630 vap->va_blocksize = vp->v_mount->mnt_stat.f_iosize;
631 vap->va_type = IFTOVT(ip->i_mode);
632 return (0);
633 }
634
635 /*
636 * Set attribute vnode op. called from several syscalls
637 */
638 static int
639 ufs_setattr(
640 struct vop_setattr_args /* {
641 struct vnode *a_vp;
642 struct vattr *a_vap;
643 struct ucred *a_cred;
644 } */ *ap)
645 {
646 struct vattr *vap = ap->a_vap;
647 struct vnode *vp = ap->a_vp;
648 struct inode *ip = VTOI(vp);
649 struct ucred *cred = ap->a_cred;
650 struct thread *td = curthread;
651 int error;
652
653 /*
654 * Check for unsettable attributes.
655 */
656 if ((vap->va_type != VNON) || (vap->va_nlink != VNOVAL) ||
657 (vap->va_fsid != VNOVAL) || (vap->va_fileid != VNOVAL) ||
658 (vap->va_blocksize != VNOVAL) || (vap->va_rdev != VNOVAL) ||
659 ((int)vap->va_bytes != VNOVAL) || (vap->va_gen != VNOVAL)) {
660 return (EINVAL);
661 }
662 if (vap->va_flags != VNOVAL) {
663 if ((vap->va_flags & ~(SF_APPEND | SF_ARCHIVED | SF_IMMUTABLE |
664 SF_NOUNLINK | SF_SNAPSHOT | UF_APPEND | UF_ARCHIVE |
665 UF_HIDDEN | UF_IMMUTABLE | UF_NODUMP | UF_NOUNLINK |
666 UF_OFFLINE | UF_OPAQUE | UF_READONLY | UF_REPARSE |
667 UF_SPARSE | UF_SYSTEM)) != 0)
668 return (EOPNOTSUPP);
669 if (vp->v_mount->mnt_flag & MNT_RDONLY)
670 return (EROFS);
671 /*
672 * Callers may only modify the file flags on objects they
673 * have VADMIN rights for.
674 */
675 if ((error = VOP_ACCESS(vp, VADMIN, cred, td)))
676 return (error);
677 /*
678 * Unprivileged processes are not permitted to unset system
679 * flags, or modify flags if any system flags are set.
680 * Privileged non-jail processes may not modify system flags
681 * if securelevel > 0 and any existing system flags are set.
682 * Privileged jail processes behave like privileged non-jail
683 * processes if the PR_ALLOW_CHFLAGS permission bit is set;
684 * otherwise, they behave like unprivileged processes.
685 */
686 if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS)) {
687 if (ip->i_flags &
688 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) {
689 error = securelevel_gt(cred, 0);
690 if (error)
691 return (error);
692 }
693 /* The snapshot flag cannot be toggled. */
694 if ((vap->va_flags ^ ip->i_flags) & SF_SNAPSHOT)
695 return (EPERM);
696 } else {
697 if (ip->i_flags &
698 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND) ||
699 ((vap->va_flags ^ ip->i_flags) & SF_SETTABLE))
700 return (EPERM);
701 }
702 ip->i_flags = vap->va_flags;
703 DIP_SET(ip, i_flags, vap->va_flags);
704 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
705 error = UFS_UPDATE(vp, 0);
706 if (ip->i_flags & (IMMUTABLE | APPEND))
707 return (error);
708 }
709 /*
710 * If immutable or append, no one can change any of its attributes
711 * except the ones already handled (in some cases, file flags
712 * including the immutability flags themselves for the superuser).
713 */
714 if (ip->i_flags & (IMMUTABLE | APPEND))
715 return (EPERM);
716 /*
717 * Go through the fields and update iff not VNOVAL.
718 */
719 if (vap->va_uid != (uid_t)VNOVAL || vap->va_gid != (gid_t)VNOVAL) {
720 if (vp->v_mount->mnt_flag & MNT_RDONLY)
721 return (EROFS);
722 if ((error = ufs_chown(vp, vap->va_uid, vap->va_gid, cred,
723 td)) != 0)
724 return (error);
725 }
726 if (vap->va_size != VNOVAL) {
727 /*
728 * XXX most of the following special cases should be in
729 * callers instead of in N filesystems. The VDIR check
730 * mostly already is.
731 */
732 switch (vp->v_type) {
733 case VDIR:
734 return (EISDIR);
735 case VLNK:
736 case VREG:
737 /*
738 * Truncation should have an effect in these cases.
739 * Disallow it if the filesystem is read-only or
740 * the file is being snapshotted.
741 */
742 if (vp->v_mount->mnt_flag & MNT_RDONLY)
743 return (EROFS);
744 if (IS_SNAPSHOT(ip))
745 return (EPERM);
746 break;
747 default:
748 /*
749 * According to POSIX, the result is unspecified
750 * for file types other than regular files,
751 * directories and shared memory objects. We
752 * don't support shared memory objects in the file
753 * system, and have dubious support for truncating
754 * symlinks. Just ignore the request in other cases.
755 */
756 return (0);
757 }
758 error = vn_rlimit_trunc(vap->va_size, td);
759 if (error != 0)
760 return (error);
761 if ((error = UFS_TRUNCATE(vp, vap->va_size, IO_NORMAL |
762 ((vap->va_vaflags & VA_SYNC) != 0 ? IO_SYNC : 0),
763 cred)) != 0)
764 return (error);
765 }
766 if (vap->va_atime.tv_sec != VNOVAL ||
767 vap->va_mtime.tv_sec != VNOVAL ||
768 vap->va_birthtime.tv_sec != VNOVAL) {
769 if (vp->v_mount->mnt_flag & MNT_RDONLY)
770 return (EROFS);
771 if (IS_SNAPSHOT(ip))
772 return (EPERM);
773 error = vn_utimes_perm(vp, vap, cred, td);
774 if (error != 0)
775 return (error);
776 UFS_INODE_SET_FLAG(ip, IN_CHANGE | IN_MODIFIED);
777 if (vap->va_atime.tv_sec != VNOVAL) {
778 ip->i_flag &= ~IN_ACCESS;
779 DIP_SET(ip, i_atime, vap->va_atime.tv_sec);
780 DIP_SET(ip, i_atimensec, vap->va_atime.tv_nsec);
781 }
782 if (vap->va_mtime.tv_sec != VNOVAL) {
783 ip->i_flag &= ~IN_UPDATE;
784 DIP_SET(ip, i_mtime, vap->va_mtime.tv_sec);
785 DIP_SET(ip, i_mtimensec, vap->va_mtime.tv_nsec);
786 }
787 if (vap->va_birthtime.tv_sec != VNOVAL && I_IS_UFS2(ip)) {
788 ip->i_din2->di_birthtime = vap->va_birthtime.tv_sec;
789 ip->i_din2->di_birthnsec = vap->va_birthtime.tv_nsec;
790 }
791 error = UFS_UPDATE(vp, 0);
792 if (error)
793 return (error);
794 }
795 error = 0;
796 if (vap->va_mode != (mode_t)VNOVAL) {
797 if (vp->v_mount->mnt_flag & MNT_RDONLY)
798 return (EROFS);
799 if (IS_SNAPSHOT(ip) && (vap->va_mode & (S_IXUSR | S_IWUSR |
800 S_IXGRP | S_IWGRP | S_IXOTH | S_IWOTH)) != 0)
801 return (EPERM);
802 error = ufs_chmod(vp, (int)vap->va_mode, cred, td);
803 }
804 return (error);
805 }
806
807 #ifdef UFS_ACL
808 static int
809 ufs_update_nfs4_acl_after_mode_change(struct vnode *vp, int mode,
810 int file_owner_id, struct ucred *cred, struct thread *td)
811 {
812 int error;
813 struct acl *aclp;
814
815 aclp = acl_alloc(M_WAITOK);
816 error = ufs_getacl_nfs4_internal(vp, aclp, td);
817 /*
818 * We don't have to handle EOPNOTSUPP here, as the filesystem claims
819 * it supports ACLs.
820 */
821 if (error)
822 goto out;
823
824 acl_nfs4_sync_acl_from_mode(aclp, mode, file_owner_id);
825 error = ufs_setacl_nfs4_internal(vp, aclp, td);
826
827 out:
828 acl_free(aclp);
829 return (error);
830 }
831 #endif /* UFS_ACL */
832
833 static int
834 ufs_mmapped(
835 struct vop_mmapped_args /* {
836 struct vnode *a_vp;
837 } */ *ap)
838 {
839 struct vnode *vp;
840 struct inode *ip;
841 struct mount *mp;
842
843 vp = ap->a_vp;
844 ip = VTOI(vp);
845 mp = vp->v_mount;
846
847 if ((mp->mnt_flag & (MNT_NOATIME | MNT_RDONLY)) == 0)
848 UFS_INODE_SET_FLAG_SHARED(ip, IN_ACCESS);
849 /*
850 * XXXKIB No UFS_UPDATE(ap->a_vp, 0) there.
851 */
852 return (0);
853 }
854
855 /*
856 * Change the mode on a file.
857 * Inode must be locked before calling.
858 */
859 static int
860 ufs_chmod(struct vnode *vp, int mode, struct ucred *cred, struct thread *td)
861 {
862 struct inode *ip = VTOI(vp);
863 int newmode, error;
864
865 /*
866 * To modify the permissions on a file, must possess VADMIN
867 * for that file.
868 */
869 if ((error = VOP_ACCESSX(vp, VWRITE_ACL, cred, td)))
870 return (error);
871 /*
872 * Privileged processes may set the sticky bit on non-directories,
873 * as well as set the setgid bit on a file with a group that the
874 * process is not a member of. Both of these are allowed in
875 * jail(8).
876 */
877 if (vp->v_type != VDIR && (mode & S_ISTXT)) {
878 if (priv_check_cred(cred, PRIV_VFS_STICKYFILE))
879 return (EFTYPE);
880 }
881 if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) {
882 error = priv_check_cred(cred, PRIV_VFS_SETGID);
883 if (error)
884 return (error);
885 }
886
887 /*
888 * Deny setting setuid if we are not the file owner.
889 */
890 if ((mode & ISUID) && ip->i_uid != cred->cr_uid) {
891 error = priv_check_cred(cred, PRIV_VFS_ADMIN);
892 if (error)
893 return (error);
894 }
895
896 newmode = ip->i_mode & ~ALLPERMS;
897 newmode |= (mode & ALLPERMS);
898 UFS_INODE_SET_MODE(ip, newmode);
899 DIP_SET(ip, i_mode, ip->i_mode);
900 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
901 #ifdef UFS_ACL
902 if ((vp->v_mount->mnt_flag & MNT_NFS4ACLS) != 0)
903 error = ufs_update_nfs4_acl_after_mode_change(vp, mode, ip->i_uid, cred, td);
904 #endif
905 if (error == 0 && (ip->i_flag & IN_CHANGE) != 0)
906 error = UFS_UPDATE(vp, 0);
907
908 return (error);
909 }
910
911 /*
912 * Perform chown operation on inode ip;
913 * inode must be locked prior to call.
914 */
915 static int
916 ufs_chown(struct vnode *vp, uid_t uid, gid_t gid, struct ucred *cred,
917 struct thread *td)
918 {
919 struct inode *ip = VTOI(vp);
920 uid_t ouid;
921 gid_t ogid;
922 int error = 0;
923 #ifdef QUOTA
924 int i;
925 ufs2_daddr_t change;
926 #endif
927
928 if (uid == (uid_t)VNOVAL)
929 uid = ip->i_uid;
930 if (gid == (gid_t)VNOVAL)
931 gid = ip->i_gid;
932 /*
933 * To modify the ownership of a file, must possess VADMIN for that
934 * file.
935 */
936 if ((error = VOP_ACCESSX(vp, VWRITE_OWNER, cred, td)))
937 return (error);
938 /*
939 * To change the owner of a file, or change the group of a file to a
940 * group of which we are not a member, the caller must have
941 * privilege.
942 */
943 if (((uid != ip->i_uid && uid != cred->cr_uid) ||
944 (gid != ip->i_gid && !groupmember(gid, cred))) &&
945 (error = priv_check_cred(cred, PRIV_VFS_CHOWN)))
946 return (error);
947 ogid = ip->i_gid;
948 ouid = ip->i_uid;
949 #ifdef QUOTA
950 if ((error = getinoquota(ip)) != 0)
951 return (error);
952 if (ouid == uid) {
953 dqrele(vp, ip->i_dquot[USRQUOTA]);
954 ip->i_dquot[USRQUOTA] = NODQUOT;
955 }
956 if (ogid == gid) {
957 dqrele(vp, ip->i_dquot[GRPQUOTA]);
958 ip->i_dquot[GRPQUOTA] = NODQUOT;
959 }
960 change = DIP(ip, i_blocks);
961 (void) chkdq(ip, -change, cred, CHOWN|FORCE);
962 (void) chkiq(ip, -1, cred, CHOWN|FORCE);
963 for (i = 0; i < MAXQUOTAS; i++) {
964 dqrele(vp, ip->i_dquot[i]);
965 ip->i_dquot[i] = NODQUOT;
966 }
967 #endif
968 ip->i_gid = gid;
969 DIP_SET(ip, i_gid, gid);
970 ip->i_uid = uid;
971 DIP_SET(ip, i_uid, uid);
972 #ifdef QUOTA
973 if ((error = getinoquota(ip)) == 0) {
974 if (ouid == uid) {
975 dqrele(vp, ip->i_dquot[USRQUOTA]);
976 ip->i_dquot[USRQUOTA] = NODQUOT;
977 }
978 if (ogid == gid) {
979 dqrele(vp, ip->i_dquot[GRPQUOTA]);
980 ip->i_dquot[GRPQUOTA] = NODQUOT;
981 }
982 if ((error = chkdq(ip, change, cred, CHOWN)) == 0) {
983 if ((error = chkiq(ip, 1, cred, CHOWN)) == 0)
984 goto good;
985 else
986 (void) chkdq(ip, -change, cred, CHOWN|FORCE);
987 }
988 for (i = 0; i < MAXQUOTAS; i++) {
989 dqrele(vp, ip->i_dquot[i]);
990 ip->i_dquot[i] = NODQUOT;
991 }
992 }
993 ip->i_gid = ogid;
994 DIP_SET(ip, i_gid, ogid);
995 ip->i_uid = ouid;
996 DIP_SET(ip, i_uid, ouid);
997 if (getinoquota(ip) == 0) {
998 if (ouid == uid) {
999 dqrele(vp, ip->i_dquot[USRQUOTA]);
1000 ip->i_dquot[USRQUOTA] = NODQUOT;
1001 }
1002 if (ogid == gid) {
1003 dqrele(vp, ip->i_dquot[GRPQUOTA]);
1004 ip->i_dquot[GRPQUOTA] = NODQUOT;
1005 }
1006 (void) chkdq(ip, change, cred, FORCE|CHOWN);
1007 (void) chkiq(ip, 1, cred, FORCE|CHOWN);
1008 (void) getinoquota(ip);
1009 }
1010 return (error);
1011 good:
1012 if (getinoquota(ip))
1013 panic("ufs_chown: lost quota");
1014 #endif /* QUOTA */
1015 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
1016 if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) {
1017 if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID)) {
1018 UFS_INODE_SET_MODE(ip, ip->i_mode & ~(ISUID | ISGID));
1019 DIP_SET(ip, i_mode, ip->i_mode);
1020 }
1021 }
1022 error = UFS_UPDATE(vp, 0);
1023 return (error);
1024 }
1025
1026 static int
1027 ufs_remove(
1028 struct vop_remove_args /* {
1029 struct vnode *a_dvp;
1030 struct vnode *a_vp;
1031 struct componentname *a_cnp;
1032 } */ *ap)
1033 {
1034 struct inode *ip;
1035 struct vnode *vp = ap->a_vp;
1036 struct vnode *dvp = ap->a_dvp;
1037 int error;
1038 struct thread *td;
1039
1040 td = curthread;
1041 ip = VTOI(vp);
1042 if ((ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) ||
1043 (VTOI(dvp)->i_flags & APPEND))
1044 return (EPERM);
1045 if (DOINGSUJ(dvp)) {
1046 error = softdep_prelink(dvp, vp, ap->a_cnp);
1047 if (error != 0) {
1048 MPASS(error == ERELOOKUP);
1049 return (error);
1050 }
1051 }
1052
1053 #ifdef UFS_GJOURNAL
1054 ufs_gjournal_orphan(vp);
1055 #endif
1056 error = ufs_dirremove(dvp, ip, ap->a_cnp->cn_flags, 0);
1057 if (ip->i_nlink <= 0)
1058 vp->v_vflag |= VV_NOSYNC;
1059 if (IS_SNAPSHOT(ip)) {
1060 /*
1061 * Avoid deadlock where another thread is trying to
1062 * update the inodeblock for dvp and is waiting on
1063 * snaplk. Temporary unlock the vnode lock for the
1064 * unlinked file and sync the directory. This should
1065 * allow vput() of the directory to not block later on
1066 * while holding the snapshot vnode locked, assuming
1067 * that the directory hasn't been unlinked too.
1068 */
1069 VOP_UNLOCK(vp);
1070 (void) VOP_FSYNC(dvp, MNT_WAIT, td);
1071 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
1072 }
1073 return (error);
1074 }
1075
1076 static void
1077 print_bad_link_count(const char *funcname, struct vnode *dvp)
1078 {
1079 struct inode *dip;
1080
1081 dip = VTOI(dvp);
1082 uprintf("%s: Bad link count %d on parent inode %jd in file system %s\n",
1083 funcname, dip->i_effnlink, (intmax_t)dip->i_number,
1084 dvp->v_mount->mnt_stat.f_mntonname);
1085 }
1086
1087 /*
1088 * link vnode call
1089 */
1090 static int
1091 ufs_link(
1092 struct vop_link_args /* {
1093 struct vnode *a_tdvp;
1094 struct vnode *a_vp;
1095 struct componentname *a_cnp;
1096 } */ *ap)
1097 {
1098 struct vnode *vp = ap->a_vp;
1099 struct vnode *tdvp = ap->a_tdvp;
1100 struct componentname *cnp = ap->a_cnp;
1101 struct inode *ip;
1102 struct direct newdir;
1103 int error;
1104
1105 if (DOINGSUJ(tdvp)) {
1106 error = softdep_prelink(tdvp, vp, cnp);
1107 if (error != 0) {
1108 MPASS(error == ERELOOKUP);
1109 return (error);
1110 }
1111 }
1112
1113 if (VTOI(tdvp)->i_effnlink < 2) {
1114 print_bad_link_count("ufs_link", tdvp);
1115 error = EINVAL;
1116 goto out;
1117 }
1118 error = ufs_sync_nlink(vp, tdvp);
1119 if (error != 0)
1120 goto out;
1121 ip = VTOI(vp);
1122
1123 /*
1124 * The file may have been removed after namei dropped the original
1125 * lock.
1126 */
1127 if (ip->i_effnlink == 0) {
1128 error = ENOENT;
1129 goto out;
1130 }
1131 if (ip->i_flags & (IMMUTABLE | APPEND)) {
1132 error = EPERM;
1133 goto out;
1134 }
1135
1136 ip->i_effnlink++;
1137 ip->i_nlink++;
1138 DIP_SET(ip, i_nlink, ip->i_nlink);
1139 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
1140 if (DOINGSOFTDEP(vp))
1141 softdep_setup_link(VTOI(tdvp), ip);
1142 error = UFS_UPDATE(vp, !DOINGSOFTDEP(vp) && !DOINGASYNC(vp));
1143 if (!error) {
1144 ufs_makedirentry(ip, cnp, &newdir);
1145 error = ufs_direnter(tdvp, vp, &newdir, cnp, NULL);
1146 }
1147
1148 if (error) {
1149 ip->i_effnlink--;
1150 ip->i_nlink--;
1151 DIP_SET(ip, i_nlink, ip->i_nlink);
1152 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
1153 if (DOINGSOFTDEP(vp))
1154 softdep_revert_link(VTOI(tdvp), ip);
1155 }
1156 out:
1157 return (error);
1158 }
1159
1160 /*
1161 * whiteout vnode call
1162 */
1163 static int
1164 ufs_whiteout(
1165 struct vop_whiteout_args /* {
1166 struct vnode *a_dvp;
1167 struct componentname *a_cnp;
1168 int a_flags;
1169 } */ *ap)
1170 {
1171 struct vnode *dvp = ap->a_dvp;
1172 struct componentname *cnp = ap->a_cnp;
1173 struct direct newdir;
1174 int error = 0;
1175
1176 if (DOINGSUJ(dvp) && (ap->a_flags == CREATE ||
1177 ap->a_flags == DELETE)) {
1178 error = softdep_prelink(dvp, NULL, cnp);
1179 if (error != 0) {
1180 MPASS(error == ERELOOKUP);
1181 return (error);
1182 }
1183 }
1184
1185 switch (ap->a_flags) {
1186 case LOOKUP:
1187 /* 4.4 format directories support whiteout operations */
1188 if (!OFSFMT(dvp))
1189 return (0);
1190 return (EOPNOTSUPP);
1191
1192 case CREATE:
1193 /* create a new directory whiteout */
1194 #ifdef INVARIANTS
1195 if (OFSFMT(dvp))
1196 panic("ufs_whiteout: old format filesystem");
1197 #endif
1198
1199 newdir.d_ino = UFS_WINO;
1200 newdir.d_namlen = cnp->cn_namelen;
1201 bcopy(cnp->cn_nameptr, newdir.d_name, (unsigned)cnp->cn_namelen + 1);
1202 newdir.d_type = DT_WHT;
1203 error = ufs_direnter(dvp, NULL, &newdir, cnp, NULL);
1204 break;
1205
1206 case DELETE:
1207 /* remove an existing directory whiteout */
1208 #ifdef INVARIANTS
1209 if (OFSFMT(dvp))
1210 panic("ufs_whiteout: old format filesystem");
1211 #endif
1212
1213 cnp->cn_flags &= ~DOWHITEOUT;
1214 error = ufs_dirremove(dvp, NULL, cnp->cn_flags, 0);
1215 break;
1216 default:
1217 panic("ufs_whiteout: unknown op");
1218 }
1219 return (error);
1220 }
1221
1222 static volatile int rename_restarts;
1223 SYSCTL_INT(_vfs_ufs, OID_AUTO, rename_restarts, CTLFLAG_RD,
1224 __DEVOLATILE(int *, &rename_restarts), 0,
1225 "Times rename had to restart due to lock contention");
1226
1227 /*
1228 * Rename system call.
1229 * rename("foo", "bar");
1230 * is essentially
1231 * unlink("bar");
1232 * link("foo", "bar");
1233 * unlink("foo");
1234 * but ``atomically''. Can't do full commit without saving state in the
1235 * inode on disk which isn't feasible at this time. Best we can do is
1236 * always guarantee the target exists.
1237 *
1238 * Basic algorithm is:
1239 *
1240 * 1) Bump link count on source while we're linking it to the
1241 * target. This also ensure the inode won't be deleted out
1242 * from underneath us while we work (it may be truncated by
1243 * a concurrent `trunc' or `open' for creation).
1244 * 2) Link source to destination. If destination already exists,
1245 * delete it first.
1246 * 3) Unlink source reference to inode if still around. If a
1247 * directory was moved and the parent of the destination
1248 * is different from the source, patch the ".." entry in the
1249 * directory.
1250 */
1251 static int
1252 ufs_rename(
1253 struct vop_rename_args /* {
1254 struct vnode *a_fdvp;
1255 struct vnode *a_fvp;
1256 struct componentname *a_fcnp;
1257 struct vnode *a_tdvp;
1258 struct vnode *a_tvp;
1259 struct componentname *a_tcnp;
1260 } */ *ap)
1261 {
1262 struct vnode *tvp = ap->a_tvp;
1263 struct vnode *tdvp = ap->a_tdvp;
1264 struct vnode *fvp = ap->a_fvp;
1265 struct vnode *fdvp = ap->a_fdvp;
1266 struct vnode *nvp;
1267 struct componentname *tcnp = ap->a_tcnp;
1268 struct componentname *fcnp = ap->a_fcnp;
1269 struct thread *td = curthread;
1270 struct inode *fip, *tip, *tdp, *fdp;
1271 struct direct newdir;
1272 off_t endoff;
1273 int doingdirectory, newparent;
1274 int error = 0;
1275 struct mount *mp;
1276 ino_t ino;
1277 seqc_t fdvp_s, fvp_s, tdvp_s, tvp_s;
1278 bool checkpath_locked, want_seqc_end;
1279
1280 checkpath_locked = want_seqc_end = false;
1281
1282 endoff = 0;
1283 mp = tdvp->v_mount;
1284 VOP_UNLOCK(tdvp);
1285 if (tvp && tvp != tdvp)
1286 VOP_UNLOCK(tvp);
1287 /*
1288 * Check for cross-device rename.
1289 */
1290 if ((fvp->v_mount != tdvp->v_mount) ||
1291 (tvp && (fvp->v_mount != tvp->v_mount))) {
1292 error = EXDEV;
1293 mp = NULL;
1294 goto releout;
1295 }
1296
1297 fdvp_s = fvp_s = tdvp_s = tvp_s = SEQC_MOD;
1298 relock:
1299 /*
1300 * We need to acquire 2 to 4 locks depending on whether tvp is NULL
1301 * and fdvp and tdvp are the same directory. Subsequently we need
1302 * to double-check all paths and in the directory rename case we
1303 * need to verify that we are not creating a directory loop. To
1304 * handle this we acquire all but fdvp using non-blocking
1305 * acquisitions. If we fail to acquire any lock in the path we will
1306 * drop all held locks, acquire the new lock in a blocking fashion,
1307 * and then release it and restart the rename. This acquire/release
1308 * step ensures that we do not spin on a lock waiting for release.
1309 */
1310 error = vn_lock(fdvp, LK_EXCLUSIVE);
1311 if (error)
1312 goto releout;
1313 if (vn_lock(tdvp, LK_EXCLUSIVE | LK_NOWAIT) != 0) {
1314 VOP_UNLOCK(fdvp);
1315 error = vn_lock(tdvp, LK_EXCLUSIVE);
1316 if (error)
1317 goto releout;
1318 VOP_UNLOCK(tdvp);
1319 atomic_add_int(&rename_restarts, 1);
1320 goto relock;
1321 }
1322 /*
1323 * Re-resolve fvp to be certain it still exists and fetch the
1324 * correct vnode.
1325 */
1326 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino);
1327 if (error) {
1328 VOP_UNLOCK(fdvp);
1329 VOP_UNLOCK(tdvp);
1330 goto releout;
1331 }
1332 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp);
1333 if (error) {
1334 VOP_UNLOCK(fdvp);
1335 VOP_UNLOCK(tdvp);
1336 if (error != EBUSY)
1337 goto releout;
1338 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp);
1339 if (error != 0)
1340 goto releout;
1341 VOP_UNLOCK(nvp);
1342 vrele(fvp);
1343 fvp = nvp;
1344 atomic_add_int(&rename_restarts, 1);
1345 goto relock;
1346 }
1347 vrele(fvp);
1348 fvp = nvp;
1349 /*
1350 * Re-resolve tvp and acquire the vnode lock if present.
1351 */
1352 error = ufs_lookup_ino(tdvp, NULL, tcnp, &ino);
1353 if (error != 0 && error != EJUSTRETURN) {
1354 VOP_UNLOCK(fdvp);
1355 VOP_UNLOCK(tdvp);
1356 VOP_UNLOCK(fvp);
1357 goto releout;
1358 }
1359 /*
1360 * If tvp disappeared we just carry on.
1361 */
1362 if (error == EJUSTRETURN && tvp != NULL) {
1363 vrele(tvp);
1364 tvp = NULL;
1365 }
1366 /*
1367 * Get the tvp ino if the lookup succeeded. We may have to restart
1368 * if the non-blocking acquire fails.
1369 */
1370 if (error == 0) {
1371 nvp = NULL;
1372 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp);
1373 if (tvp)
1374 vrele(tvp);
1375 tvp = nvp;
1376 if (error) {
1377 VOP_UNLOCK(fdvp);
1378 VOP_UNLOCK(tdvp);
1379 VOP_UNLOCK(fvp);
1380 if (error != EBUSY)
1381 goto releout;
1382 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp);
1383 if (error != 0)
1384 goto releout;
1385 vput(nvp);
1386 atomic_add_int(&rename_restarts, 1);
1387 goto relock;
1388 }
1389 }
1390
1391 if (DOINGSUJ(fdvp) &&
1392 (seqc_in_modify(fdvp_s) || !vn_seqc_consistent(fdvp, fdvp_s) ||
1393 seqc_in_modify(fvp_s) || !vn_seqc_consistent(fvp, fvp_s) ||
1394 seqc_in_modify(tdvp_s) || !vn_seqc_consistent(tdvp, tdvp_s) ||
1395 (tvp != NULL && (seqc_in_modify(tvp_s) ||
1396 !vn_seqc_consistent(tvp, tvp_s))))) {
1397 error = softdep_prerename(fdvp, fvp, tdvp, tvp);
1398 if (error != 0)
1399 goto releout;
1400 }
1401
1402 fdp = VTOI(fdvp);
1403 fip = VTOI(fvp);
1404 tdp = VTOI(tdvp);
1405 tip = NULL;
1406 if (tvp)
1407 tip = VTOI(tvp);
1408 if (tvp && ((VTOI(tvp)->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) ||
1409 (VTOI(tdvp)->i_flags & APPEND))) {
1410 error = EPERM;
1411 goto unlockout;
1412 }
1413 /*
1414 * Renaming a file to itself has no effect. The upper layers should
1415 * not call us in that case. However, things could change after
1416 * we drop the locks above.
1417 */
1418 if (fvp == tvp) {
1419 error = 0;
1420 goto unlockout;
1421 }
1422 doingdirectory = 0;
1423 newparent = 0;
1424 ino = fip->i_number;
1425 if (fip->i_nlink >= UFS_LINK_MAX) {
1426 if (!DOINGSOFTDEP(fvp) || fip->i_effnlink >= UFS_LINK_MAX) {
1427 error = EMLINK;
1428 goto unlockout;
1429 }
1430 vfs_ref(mp);
1431 MPASS(!want_seqc_end);
1432 if (checkpath_locked) {
1433 sx_xunlock(&VFSTOUFS(mp)->um_checkpath_lock);
1434 checkpath_locked = false;
1435 }
1436 VOP_UNLOCK(fdvp);
1437 VOP_UNLOCK(fvp);
1438 vref(tdvp);
1439 if (tvp != NULL)
1440 vref(tvp);
1441 VOP_VPUT_PAIR(tdvp, &tvp, true);
1442 error = ufs_sync_nlink1(mp);
1443 vrele(fdvp);
1444 vrele(fvp);
1445 vrele(tdvp);
1446 if (tvp != NULL)
1447 vrele(tvp);
1448 return (error);
1449 }
1450 if ((fip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))
1451 || (fdp->i_flags & APPEND)) {
1452 error = EPERM;
1453 goto unlockout;
1454 }
1455 if ((fip->i_mode & IFMT) == IFDIR) {
1456 /*
1457 * Avoid ".", "..", and aliases of "." for obvious reasons.
1458 */
1459 if ((fcnp->cn_namelen == 1 && fcnp->cn_nameptr[0] == '.') ||
1460 fdp == fip ||
1461 (fcnp->cn_flags | tcnp->cn_flags) & ISDOTDOT) {
1462 error = EINVAL;
1463 goto unlockout;
1464 }
1465 if (fdp->i_number != tdp->i_number)
1466 newparent = tdp->i_number;
1467 doingdirectory = 1;
1468 }
1469 if ((fvp->v_type == VDIR && fvp->v_mountedhere != NULL) ||
1470 (tvp != NULL && tvp->v_type == VDIR &&
1471 tvp->v_mountedhere != NULL)) {
1472 error = EXDEV;
1473 goto unlockout;
1474 }
1475
1476 /*
1477 * If ".." must be changed (ie the directory gets a new
1478 * parent) then the source directory must not be in the
1479 * directory hierarchy above the target, as this would
1480 * orphan everything below the source directory. Also
1481 * the user must have write permission in the source so
1482 * as to be able to change "..".
1483 */
1484 if (doingdirectory && newparent) {
1485 error = VOP_ACCESS(fvp, VWRITE, tcnp->cn_cred, curthread);
1486 if (error)
1487 goto unlockout;
1488
1489 sx_xlock(&VFSTOUFS(mp)->um_checkpath_lock);
1490 checkpath_locked = true;
1491 error = ufs_checkpath(ino, fdp->i_number, tdp, tcnp->cn_cred,
1492 &ino);
1493 /*
1494 * We encountered a lock that we have to wait for. Unlock
1495 * everything else and VGET before restarting.
1496 */
1497 if (ino) {
1498 sx_xunlock(&VFSTOUFS(mp)->um_checkpath_lock);
1499 checkpath_locked = false;
1500 VOP_UNLOCK(fdvp);
1501 VOP_UNLOCK(fvp);
1502 VOP_UNLOCK(tdvp);
1503 if (tvp)
1504 VOP_UNLOCK(tvp);
1505 error = VFS_VGET(mp, ino, LK_SHARED, &nvp);
1506 if (error == 0)
1507 vput(nvp);
1508 atomic_add_int(&rename_restarts, 1);
1509 goto relock;
1510 }
1511 if (error)
1512 goto unlockout;
1513 }
1514 if (fip->i_effnlink == 0 || fdp->i_effnlink == 0 ||
1515 tdp->i_effnlink == 0)
1516 panic("Bad effnlink fip %p, fdp %p, tdp %p", fip, fdp, tdp);
1517
1518 if (tvp != NULL)
1519 vn_seqc_write_begin(tvp);
1520 vn_seqc_write_begin(tdvp);
1521 vn_seqc_write_begin(fvp);
1522 vn_seqc_write_begin(fdvp);
1523 want_seqc_end = true;
1524
1525 /*
1526 * 1) Bump link count while we're moving stuff
1527 * around. If we crash somewhere before
1528 * completing our work, the link count
1529 * may be wrong, but correctable.
1530 */
1531 fip->i_effnlink++;
1532 fip->i_nlink++;
1533 DIP_SET(fip, i_nlink, fip->i_nlink);
1534 UFS_INODE_SET_FLAG(fip, IN_CHANGE);
1535 if (DOINGSOFTDEP(fvp))
1536 softdep_setup_link(tdp, fip);
1537 error = UFS_UPDATE(fvp, !DOINGSOFTDEP(fvp) && !DOINGASYNC(fvp));
1538 if (error)
1539 goto bad;
1540
1541 /*
1542 * 2) If target doesn't exist, link the target
1543 * to the source and unlink the source.
1544 * Otherwise, rewrite the target directory
1545 * entry to reference the source inode and
1546 * expunge the original entry's existence.
1547 */
1548 if (tip == NULL) {
1549 if (ITODEV(tdp) != ITODEV(fip))
1550 panic("ufs_rename: EXDEV");
1551 if (doingdirectory && newparent) {
1552 /*
1553 * Account for ".." in new directory.
1554 * When source and destination have the same
1555 * parent we don't adjust the link count. The
1556 * actual link modification is completed when
1557 * .. is rewritten below.
1558 */
1559 if (tdp->i_nlink >= UFS_LINK_MAX) {
1560 fip->i_effnlink--;
1561 fip->i_nlink--;
1562 DIP_SET(fip, i_nlink, fip->i_nlink);
1563 UFS_INODE_SET_FLAG(fip, IN_CHANGE);
1564 if (DOINGSOFTDEP(fvp))
1565 softdep_revert_link(tdp, fip);
1566 if (!DOINGSOFTDEP(tdvp) ||
1567 tdp->i_effnlink >= UFS_LINK_MAX) {
1568 error = EMLINK;
1569 goto unlockout;
1570 }
1571 MPASS(want_seqc_end);
1572 if (tvp != NULL)
1573 vn_seqc_write_end(tvp);
1574 vn_seqc_write_end(tdvp);
1575 vn_seqc_write_end(fvp);
1576 vn_seqc_write_end(fdvp);
1577 want_seqc_end = false;
1578 vfs_ref(mp);
1579 MPASS(checkpath_locked);
1580 sx_xunlock(&VFSTOUFS(mp)->um_checkpath_lock);
1581 checkpath_locked = false;
1582 VOP_UNLOCK(fdvp);
1583 VOP_UNLOCK(fvp);
1584 vref(tdvp);
1585 if (tvp != NULL)
1586 vref(tvp);
1587 VOP_VPUT_PAIR(tdvp, &tvp, true);
1588 error = ufs_sync_nlink1(mp);
1589 vrele(fdvp);
1590 vrele(fvp);
1591 vrele(tdvp);
1592 if (tvp != NULL)
1593 vrele(tvp);
1594 return (error);
1595 }
1596 }
1597 ufs_makedirentry(fip, tcnp, &newdir);
1598 error = ufs_direnter(tdvp, NULL, &newdir, tcnp, NULL);
1599 if (error)
1600 goto bad;
1601 /* Setup tdvp for directory compaction if needed. */
1602 if (I_COUNT(tdp) != 0 && I_ENDOFF(tdp) != 0 &&
1603 I_ENDOFF(tdp) < tdp->i_size)
1604 endoff = I_ENDOFF(tdp);
1605 } else {
1606 if (ITODEV(tip) != ITODEV(tdp) || ITODEV(tip) != ITODEV(fip))
1607 panic("ufs_rename: EXDEV");
1608 /*
1609 * Short circuit rename(foo, foo).
1610 */
1611 if (tip->i_number == fip->i_number)
1612 panic("ufs_rename: same file");
1613 /*
1614 * If the parent directory is "sticky", then the caller
1615 * must possess VADMIN for the parent directory, or the
1616 * destination of the rename. This implements append-only
1617 * directories.
1618 */
1619 if ((tdp->i_mode & S_ISTXT) &&
1620 VOP_ACCESS(tdvp, VADMIN, tcnp->cn_cred, td) &&
1621 VOP_ACCESS(tvp, VADMIN, tcnp->cn_cred, td)) {
1622 error = EPERM;
1623 goto bad;
1624 }
1625 /*
1626 * Target must be empty if a directory and have no links
1627 * to it. Also, ensure source and target are compatible
1628 * (both directories, or both not directories).
1629 */
1630 if ((tip->i_mode & IFMT) == IFDIR) {
1631 if ((tip->i_effnlink > 2) ||
1632 !ufs_dirempty(tip, tdp->i_number, tcnp->cn_cred)) {
1633 error = ENOTEMPTY;
1634 goto bad;
1635 }
1636 if (!doingdirectory) {
1637 error = ENOTDIR;
1638 goto bad;
1639 }
1640 cache_purge(tdvp);
1641 } else if (doingdirectory) {
1642 error = EISDIR;
1643 goto bad;
1644 }
1645 if (doingdirectory) {
1646 if (!newparent) {
1647 tdp->i_effnlink--;
1648 if (DOINGSOFTDEP(tdvp))
1649 softdep_change_linkcnt(tdp);
1650 }
1651 tip->i_effnlink--;
1652 if (DOINGSOFTDEP(tvp))
1653 softdep_change_linkcnt(tip);
1654 }
1655 error = ufs_dirrewrite(tdp, tip, fip->i_number,
1656 IFTODT(fip->i_mode),
1657 (doingdirectory && newparent) ? newparent : doingdirectory);
1658 if (error) {
1659 if (doingdirectory) {
1660 if (!newparent) {
1661 tdp->i_effnlink++;
1662 if (DOINGSOFTDEP(tdvp))
1663 softdep_change_linkcnt(tdp);
1664 }
1665 tip->i_effnlink++;
1666 if (DOINGSOFTDEP(tvp))
1667 softdep_change_linkcnt(tip);
1668 }
1669 goto bad;
1670 }
1671 if (doingdirectory && !DOINGSOFTDEP(tvp)) {
1672 /*
1673 * The only stuff left in the directory is "."
1674 * and "..". The "." reference is inconsequential
1675 * since we are quashing it. We have removed the "."
1676 * reference and the reference in the parent directory,
1677 * but there may be other hard links. The soft
1678 * dependency code will arrange to do these operations
1679 * after the parent directory entry has been deleted on
1680 * disk, so when running with that code we avoid doing
1681 * them now.
1682 */
1683 if (!newparent) {
1684 tdp->i_nlink--;
1685 DIP_SET(tdp, i_nlink, tdp->i_nlink);
1686 UFS_INODE_SET_FLAG(tdp, IN_CHANGE);
1687 }
1688 tip->i_nlink--;
1689 DIP_SET(tip, i_nlink, tip->i_nlink);
1690 UFS_INODE_SET_FLAG(tip, IN_CHANGE);
1691 }
1692 }
1693
1694 /*
1695 * 3) Unlink the source. We have to resolve the path again to
1696 * fixup the directory offset and count for ufs_dirremove.
1697 */
1698 if (fdvp == tdvp) {
1699 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino);
1700 if (error)
1701 panic("ufs_rename: from entry went away!");
1702 if (ino != fip->i_number)
1703 panic("ufs_rename: ino mismatch %ju != %ju\n",
1704 (uintmax_t)ino, (uintmax_t)fip->i_number);
1705 }
1706 /*
1707 * If the source is a directory with a
1708 * new parent, the link count of the old
1709 * parent directory must be decremented
1710 * and ".." set to point to the new parent.
1711 */
1712 if (doingdirectory && newparent) {
1713 /*
1714 * If tip exists we simply use its link, otherwise we must
1715 * add a new one.
1716 */
1717 if (tip == NULL) {
1718 tdp->i_effnlink++;
1719 tdp->i_nlink++;
1720 DIP_SET(tdp, i_nlink, tdp->i_nlink);
1721 UFS_INODE_SET_FLAG(tdp, IN_CHANGE);
1722 if (DOINGSOFTDEP(tdvp))
1723 softdep_setup_dotdot_link(tdp, fip);
1724 error = UFS_UPDATE(tdvp, !DOINGSOFTDEP(tdvp) &&
1725 !DOINGASYNC(tdvp));
1726 /* Don't go to bad here as the new link exists. */
1727 if (error)
1728 goto unlockout;
1729 } else if (DOINGSUJ(tdvp))
1730 /* Journal must account for each new link. */
1731 softdep_setup_dotdot_link(tdp, fip);
1732 SET_I_OFFSET(fip, mastertemplate.dot_reclen);
1733 ufs_dirrewrite(fip, fdp, newparent, DT_DIR, 0);
1734 cache_purge(fdvp);
1735 }
1736 error = ufs_dirremove(fdvp, fip, fcnp->cn_flags, 0);
1737 /*
1738 * The kern_renameat() looks up the fvp using the DELETE flag, which
1739 * causes the removal of the name cache entry for fvp.
1740 * As the relookup of the fvp is done in two steps:
1741 * ufs_lookup_ino() and then VFS_VGET(), another thread might do a
1742 * normal lookup of the from name just before the VFS_VGET() call,
1743 * causing the cache entry to be re-instantiated.
1744 *
1745 * The same issue also applies to tvp if it exists as
1746 * otherwise we may have a stale name cache entry for the new
1747 * name that references the old i-node if it has other links
1748 * or open file descriptors.
1749 */
1750 cache_vop_rename(fdvp, fvp, tdvp, tvp, fcnp, tcnp);
1751
1752 unlockout:
1753 if (want_seqc_end) {
1754 if (tvp != NULL)
1755 vn_seqc_write_end(tvp);
1756 vn_seqc_write_end(tdvp);
1757 vn_seqc_write_end(fvp);
1758 vn_seqc_write_end(fdvp);
1759 }
1760
1761 if (checkpath_locked)
1762 sx_xunlock(&VFSTOUFS(mp)->um_checkpath_lock);
1763
1764 vput(fdvp);
1765 vput(fvp);
1766
1767 /*
1768 * If compaction or fsync was requested do it in
1769 * ffs_vput_pair() now that other locks are no longer needed.
1770 */
1771 if (error == 0 && endoff != 0) {
1772 UFS_INODE_SET_FLAG(tdp, IN_ENDOFF);
1773 SET_I_ENDOFF(tdp, endoff);
1774 }
1775 VOP_VPUT_PAIR(tdvp, &tvp, true);
1776 return (error);
1777
1778 bad:
1779 fip->i_effnlink--;
1780 fip->i_nlink--;
1781 DIP_SET(fip, i_nlink, fip->i_nlink);
1782 UFS_INODE_SET_FLAG(fip, IN_CHANGE);
1783 if (DOINGSOFTDEP(fvp))
1784 softdep_revert_link(tdp, fip);
1785 goto unlockout;
1786
1787 releout:
1788 if (want_seqc_end) {
1789 if (tvp != NULL)
1790 vn_seqc_write_end(tvp);
1791 vn_seqc_write_end(tdvp);
1792 vn_seqc_write_end(fvp);
1793 vn_seqc_write_end(fdvp);
1794 }
1795
1796 vrele(fdvp);
1797 vrele(fvp);
1798 vrele(tdvp);
1799 if (tvp)
1800 vrele(tvp);
1801
1802 return (error);
1803 }
1804
1805 #ifdef UFS_ACL
1806 static int
1807 ufs_do_posix1e_acl_inheritance_dir(struct vnode *dvp, struct vnode *tvp,
1808 mode_t dmode, struct ucred *cred, struct thread *td)
1809 {
1810 int error;
1811 struct inode *ip = VTOI(tvp);
1812 struct acl *dacl, *acl;
1813
1814 acl = acl_alloc(M_WAITOK);
1815 dacl = acl_alloc(M_WAITOK);
1816
1817 /*
1818 * Retrieve default ACL from parent, if any.
1819 */
1820 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td);
1821 switch (error) {
1822 case 0:
1823 /*
1824 * Retrieved a default ACL, so merge mode and ACL if
1825 * necessary. If the ACL is empty, fall through to
1826 * the "not defined or available" case.
1827 */
1828 if (acl->acl_cnt != 0) {
1829 dmode = acl_posix1e_newfilemode(dmode, acl);
1830 UFS_INODE_SET_MODE(ip, dmode);
1831 DIP_SET(ip, i_mode, dmode);
1832 *dacl = *acl;
1833 ufs_sync_acl_from_inode(ip, acl);
1834 break;
1835 }
1836 /* FALLTHROUGH */
1837
1838 case EOPNOTSUPP:
1839 /*
1840 * Just use the mode as-is.
1841 */
1842 UFS_INODE_SET_MODE(ip, dmode);
1843 DIP_SET(ip, i_mode, dmode);
1844 error = 0;
1845 goto out;
1846
1847 default:
1848 goto out;
1849 }
1850
1851 /*
1852 * XXX: If we abort now, will Soft Updates notify the extattr
1853 * code that the EAs for the file need to be released?
1854 */
1855 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td);
1856 if (error == 0)
1857 error = VOP_SETACL(tvp, ACL_TYPE_DEFAULT, dacl, cred, td);
1858 switch (error) {
1859 case 0:
1860 break;
1861
1862 case EOPNOTSUPP:
1863 /*
1864 * XXX: This should not happen, as EOPNOTSUPP above
1865 * was supposed to free acl.
1866 */
1867 printf("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()\n");
1868 /*
1869 panic("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()");
1870 */
1871 break;
1872
1873 default:
1874 goto out;
1875 }
1876
1877 out:
1878 acl_free(acl);
1879 acl_free(dacl);
1880
1881 return (error);
1882 }
1883
1884 static int
1885 ufs_do_posix1e_acl_inheritance_file(struct vnode *dvp, struct vnode *tvp,
1886 mode_t mode, struct ucred *cred, struct thread *td)
1887 {
1888 int error;
1889 struct inode *ip = VTOI(tvp);
1890 struct acl *acl;
1891
1892 acl = acl_alloc(M_WAITOK);
1893
1894 /*
1895 * Retrieve default ACL for parent, if any.
1896 */
1897 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td);
1898 switch (error) {
1899 case 0:
1900 /*
1901 * Retrieved a default ACL, so merge mode and ACL if
1902 * necessary.
1903 */
1904 if (acl->acl_cnt != 0) {
1905 /*
1906 * Two possible ways for default ACL to not
1907 * be present. First, the EA can be
1908 * undefined, or second, the default ACL can
1909 * be blank. If it's blank, fall through to
1910 * the it's not defined case.
1911 */
1912 mode = acl_posix1e_newfilemode(mode, acl);
1913 UFS_INODE_SET_MODE(ip, mode);
1914 DIP_SET(ip, i_mode, mode);
1915 ufs_sync_acl_from_inode(ip, acl);
1916 break;
1917 }
1918 /* FALLTHROUGH */
1919
1920 case EOPNOTSUPP:
1921 /*
1922 * Just use the mode as-is.
1923 */
1924 UFS_INODE_SET_MODE(ip, mode);
1925 DIP_SET(ip, i_mode, mode);
1926 error = 0;
1927 goto out;
1928
1929 default:
1930 goto out;
1931 }
1932
1933 /*
1934 * XXX: If we abort now, will Soft Updates notify the extattr
1935 * code that the EAs for the file need to be released?
1936 */
1937 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td);
1938 switch (error) {
1939 case 0:
1940 break;
1941
1942 case EOPNOTSUPP:
1943 /*
1944 * XXX: This should not happen, as EOPNOTSUPP above was
1945 * supposed to free acl.
1946 */
1947 printf("ufs_do_posix1e_acl_inheritance_file: VOP_GETACL() "
1948 "but no VOP_SETACL()\n");
1949 /* panic("ufs_do_posix1e_acl_inheritance_file: VOP_GETACL() "
1950 "but no VOP_SETACL()"); */
1951 break;
1952
1953 default:
1954 goto out;
1955 }
1956
1957 out:
1958 acl_free(acl);
1959
1960 return (error);
1961 }
1962
1963 static int
1964 ufs_do_nfs4_acl_inheritance(struct vnode *dvp, struct vnode *tvp,
1965 mode_t child_mode, struct ucred *cred, struct thread *td)
1966 {
1967 int error;
1968 struct acl *parent_aclp, *child_aclp;
1969
1970 parent_aclp = acl_alloc(M_WAITOK);
1971 child_aclp = acl_alloc(M_WAITOK | M_ZERO);
1972
1973 error = ufs_getacl_nfs4_internal(dvp, parent_aclp, td);
1974 if (error)
1975 goto out;
1976 acl_nfs4_compute_inherited_acl(parent_aclp, child_aclp,
1977 child_mode, VTOI(tvp)->i_uid, tvp->v_type == VDIR);
1978 error = ufs_setacl_nfs4_internal(tvp, child_aclp, td);
1979 if (error)
1980 goto out;
1981 out:
1982 acl_free(parent_aclp);
1983 acl_free(child_aclp);
1984
1985 return (error);
1986 }
1987 #endif
1988
1989 /*
1990 * Mkdir system call
1991 */
1992 static int
1993 ufs_mkdir(
1994 struct vop_mkdir_args /* {
1995 struct vnode *a_dvp;
1996 struct vnode **a_vpp;
1997 struct componentname *a_cnp;
1998 struct vattr *a_vap;
1999 } */ *ap)
2000 {
2001 struct vnode *dvp = ap->a_dvp;
2002 struct vattr *vap = ap->a_vap;
2003 struct componentname *cnp = ap->a_cnp;
2004 struct inode *ip, *dp;
2005 struct vnode *tvp;
2006 struct buf *bp;
2007 struct dirtemplate dirtemplate, *dtp;
2008 struct direct newdir;
2009 int error, dmode;
2010 long blkoff;
2011
2012 dp = VTOI(dvp);
2013 error = ufs_sync_nlink(dvp, NULL);
2014 if (error != 0)
2015 goto out;
2016 dmode = vap->va_mode & 0777;
2017 dmode |= IFDIR;
2018
2019 /*
2020 * Must simulate part of ufs_makeinode here to acquire the inode,
2021 * but not have it entered in the parent directory. The entry is
2022 * made later after writing "." and ".." entries.
2023 */
2024 if (dp->i_effnlink < 2) {
2025 print_bad_link_count("ufs_mkdir", dvp);
2026 error = EINVAL;
2027 goto out;
2028 }
2029
2030 if (DOINGSUJ(dvp)) {
2031 error = softdep_prelink(dvp, NULL, cnp);
2032 if (error != 0) {
2033 MPASS(error == ERELOOKUP);
2034 return (error);
2035 }
2036 }
2037
2038 error = UFS_VALLOC(dvp, dmode, cnp->cn_cred, &tvp);
2039 if (error)
2040 goto out;
2041 vn_seqc_write_begin(tvp);
2042 ip = VTOI(tvp);
2043 ip->i_gid = dp->i_gid;
2044 DIP_SET(ip, i_gid, dp->i_gid);
2045 #ifdef SUIDDIR
2046 {
2047 #ifdef QUOTA
2048 struct ucred ucred, *ucp;
2049 gid_t ucred_group;
2050 ucp = cnp->cn_cred;
2051 #endif
2052 /*
2053 * If we are hacking owners here, (only do this where told to)
2054 * and we are not giving it TO root, (would subvert quotas)
2055 * then go ahead and give it to the other user.
2056 * The new directory also inherits the SUID bit.
2057 * If user's UID and dir UID are the same,
2058 * 'give it away' so that the SUID is still forced on.
2059 */
2060 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) &&
2061 (dp->i_mode & ISUID) && dp->i_uid) {
2062 dmode |= ISUID;
2063 ip->i_uid = dp->i_uid;
2064 DIP_SET(ip, i_uid, dp->i_uid);
2065 #ifdef QUOTA
2066 if (dp->i_uid != cnp->cn_cred->cr_uid) {
2067 /*
2068 * Make sure the correct user gets charged
2069 * for the space.
2070 * Make a dummy credential for the victim.
2071 * XXX This seems to never be accessed out of
2072 * our context so a stack variable is ok.
2073 */
2074 refcount_init(&ucred.cr_ref, 1);
2075 ucred.cr_uid = ip->i_uid;
2076 ucred.cr_ngroups = 1;
2077 ucred.cr_groups = &ucred_group;
2078 ucred.cr_groups[0] = dp->i_gid;
2079 ucp = &ucred;
2080 }
2081 #endif
2082 } else {
2083 ip->i_uid = cnp->cn_cred->cr_uid;
2084 DIP_SET(ip, i_uid, ip->i_uid);
2085 }
2086 #ifdef QUOTA
2087 if ((error = getinoquota(ip)) ||
2088 (error = chkiq(ip, 1, ucp, 0))) {
2089 if (DOINGSOFTDEP(tvp))
2090 softdep_revert_link(dp, ip);
2091 UFS_VFREE(tvp, ip->i_number, dmode);
2092 vn_seqc_write_end(tvp);
2093 vgone(tvp);
2094 vput(tvp);
2095 return (error);
2096 }
2097 #endif
2098 }
2099 #else /* !SUIDDIR */
2100 ip->i_uid = cnp->cn_cred->cr_uid;
2101 DIP_SET(ip, i_uid, ip->i_uid);
2102 #ifdef QUOTA
2103 if ((error = getinoquota(ip)) ||
2104 (error = chkiq(ip, 1, cnp->cn_cred, 0))) {
2105 if (DOINGSOFTDEP(tvp))
2106 softdep_revert_link(dp, ip);
2107 UFS_VFREE(tvp, ip->i_number, dmode);
2108 vn_seqc_write_end(tvp);
2109 vgone(tvp);
2110 vput(tvp);
2111 return (error);
2112 }
2113 #endif
2114 #endif /* !SUIDDIR */
2115 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE);
2116 UFS_INODE_SET_MODE(ip, dmode);
2117 DIP_SET(ip, i_mode, dmode);
2118 tvp->v_type = VDIR; /* Rest init'd in getnewvnode(). */
2119 ip->i_effnlink = 2;
2120 ip->i_nlink = 2;
2121 DIP_SET(ip, i_nlink, 2);
2122
2123 if (cnp->cn_flags & ISWHITEOUT) {
2124 ip->i_flags |= UF_OPAQUE;
2125 DIP_SET(ip, i_flags, ip->i_flags);
2126 }
2127
2128 /*
2129 * Bump link count in parent directory to reflect work done below.
2130 * Should be done before reference is created so cleanup is
2131 * possible if we crash.
2132 */
2133 dp->i_effnlink++;
2134 dp->i_nlink++;
2135 DIP_SET(dp, i_nlink, dp->i_nlink);
2136 UFS_INODE_SET_FLAG(dp, IN_CHANGE);
2137 if (DOINGSOFTDEP(dvp))
2138 softdep_setup_mkdir(dp, ip);
2139 error = UFS_UPDATE(dvp, !DOINGSOFTDEP(dvp) && !DOINGASYNC(dvp));
2140 if (error)
2141 goto bad;
2142 #ifdef MAC
2143 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) {
2144 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount,
2145 dvp, tvp, cnp);
2146 if (error)
2147 goto bad;
2148 }
2149 #endif
2150 #ifdef UFS_ACL
2151 if (dvp->v_mount->mnt_flag & MNT_ACLS) {
2152 error = ufs_do_posix1e_acl_inheritance_dir(dvp, tvp, dmode,
2153 cnp->cn_cred, curthread);
2154 if (error)
2155 goto bad;
2156 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) {
2157 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, dmode,
2158 cnp->cn_cred, curthread);
2159 if (error)
2160 goto bad;
2161 }
2162 #endif /* !UFS_ACL */
2163
2164 /*
2165 * Initialize directory with "." and ".." from static template.
2166 */
2167 if (!OFSFMT(dvp))
2168 dtp = &mastertemplate;
2169 else
2170 dtp = (struct dirtemplate *)&omastertemplate;
2171 dirtemplate = *dtp;
2172 dirtemplate.dot_ino = ip->i_number;
2173 dirtemplate.dotdot_ino = dp->i_number;
2174 vnode_pager_setsize(tvp, DIRBLKSIZ);
2175 if ((error = UFS_BALLOC(tvp, (off_t)0, DIRBLKSIZ, cnp->cn_cred,
2176 BA_CLRBUF, &bp)) != 0)
2177 goto bad;
2178 ip->i_size = DIRBLKSIZ;
2179 DIP_SET(ip, i_size, DIRBLKSIZ);
2180 UFS_INODE_SET_FLAG(ip, IN_SIZEMOD | IN_CHANGE | IN_UPDATE);
2181 bcopy((caddr_t)&dirtemplate, (caddr_t)bp->b_data, sizeof dirtemplate);
2182 if (DOINGSOFTDEP(tvp)) {
2183 /*
2184 * Ensure that the entire newly allocated block is a
2185 * valid directory so that future growth within the
2186 * block does not have to ensure that the block is
2187 * written before the inode.
2188 */
2189 blkoff = DIRBLKSIZ;
2190 while (blkoff < bp->b_bcount) {
2191 ((struct direct *)
2192 (bp->b_data + blkoff))->d_reclen = DIRBLKSIZ;
2193 blkoff += DIRBLKSIZ;
2194 }
2195 }
2196 if ((error = UFS_UPDATE(tvp, !DOINGSOFTDEP(tvp) &&
2197 !DOINGASYNC(tvp))) != 0) {
2198 (void)bwrite(bp);
2199 goto bad;
2200 }
2201 /*
2202 * Directory set up, now install its entry in the parent directory.
2203 *
2204 * If we are not doing soft dependencies, then we must write out the
2205 * buffer containing the new directory body before entering the new
2206 * name in the parent. If we are doing soft dependencies, then the
2207 * buffer containing the new directory body will be passed to and
2208 * released in the soft dependency code after the code has attached
2209 * an appropriate ordering dependency to the buffer which ensures that
2210 * the buffer is written before the new name is written in the parent.
2211 */
2212 if (DOINGASYNC(dvp))
2213 bdwrite(bp);
2214 else if (!DOINGSOFTDEP(dvp) && ((error = bwrite(bp))))
2215 goto bad;
2216 ufs_makedirentry(ip, cnp, &newdir);
2217 error = ufs_direnter(dvp, tvp, &newdir, cnp, bp);
2218
2219 bad:
2220 if (error == 0) {
2221 *ap->a_vpp = tvp;
2222 vn_seqc_write_end(tvp);
2223 } else {
2224 dp->i_effnlink--;
2225 dp->i_nlink--;
2226 DIP_SET(dp, i_nlink, dp->i_nlink);
2227 UFS_INODE_SET_FLAG(dp, IN_CHANGE);
2228 /*
2229 * No need to do an explicit VOP_TRUNCATE here, vrele will
2230 * do this for us because we set the link count to 0.
2231 */
2232 ip->i_effnlink = 0;
2233 ip->i_nlink = 0;
2234 DIP_SET(ip, i_nlink, 0);
2235 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
2236 if (DOINGSOFTDEP(tvp))
2237 softdep_revert_mkdir(dp, ip);
2238 vn_seqc_write_end(tvp);
2239 vgone(tvp);
2240 vput(tvp);
2241 }
2242 out:
2243 return (error);
2244 }
2245
2246 /*
2247 * Rmdir system call.
2248 */
2249 static int
2250 ufs_rmdir(
2251 struct vop_rmdir_args /* {
2252 struct vnode *a_dvp;
2253 struct vnode *a_vp;
2254 struct componentname *a_cnp;
2255 } */ *ap)
2256 {
2257 struct vnode *vp = ap->a_vp;
2258 struct vnode *dvp = ap->a_dvp;
2259 struct componentname *cnp = ap->a_cnp;
2260 struct inode *ip, *dp;
2261 int error;
2262
2263 ip = VTOI(vp);
2264 dp = VTOI(dvp);
2265
2266 /*
2267 * Do not remove a directory that is in the process of being renamed.
2268 * Verify the directory is empty (and valid). Rmdir ".." will not be
2269 * valid since ".." will contain a reference to the current directory
2270 * and thus be non-empty. Do not allow the removal of mounted on
2271 * directories (this can happen when an NFS exported filesystem
2272 * tries to remove a locally mounted on directory).
2273 */
2274 error = 0;
2275 if (dp->i_effnlink <= 2) {
2276 if (dp->i_effnlink == 2)
2277 print_bad_link_count("ufs_rmdir", dvp);
2278 error = EINVAL;
2279 goto out;
2280 }
2281 if (!ufs_dirempty(ip, dp->i_number, cnp->cn_cred)) {
2282 error = ENOTEMPTY;
2283 goto out;
2284 }
2285 if ((dp->i_flags & APPEND)
2286 || (ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))) {
2287 error = EPERM;
2288 goto out;
2289 }
2290 if (vp->v_mountedhere != 0) {
2291 error = EINVAL;
2292 goto out;
2293 }
2294 if (DOINGSUJ(dvp)) {
2295 error = softdep_prelink(dvp, vp, cnp);
2296 if (error != 0) {
2297 MPASS(error == ERELOOKUP);
2298 return (error);
2299 }
2300 }
2301
2302 #ifdef UFS_GJOURNAL
2303 ufs_gjournal_orphan(vp);
2304 #endif
2305 /*
2306 * Delete reference to directory before purging
2307 * inode. If we crash in between, the directory
2308 * will be reattached to lost+found,
2309 */
2310 dp->i_effnlink--;
2311 ip->i_effnlink--;
2312 if (DOINGSOFTDEP(vp))
2313 softdep_setup_rmdir(dp, ip);
2314 error = ufs_dirremove(dvp, ip, cnp->cn_flags, 1);
2315 if (error) {
2316 dp->i_effnlink++;
2317 ip->i_effnlink++;
2318 if (DOINGSOFTDEP(vp))
2319 softdep_revert_rmdir(dp, ip);
2320 goto out;
2321 }
2322 /*
2323 * The only stuff left in the directory is "." and "..". The "."
2324 * reference is inconsequential since we are quashing it. The soft
2325 * dependency code will arrange to do these operations after
2326 * the parent directory entry has been deleted on disk, so
2327 * when running with that code we avoid doing them now.
2328 */
2329 if (!DOINGSOFTDEP(vp)) {
2330 dp->i_nlink--;
2331 DIP_SET(dp, i_nlink, dp->i_nlink);
2332 UFS_INODE_SET_FLAG(dp, IN_CHANGE);
2333 error = UFS_UPDATE(dvp, 0);
2334 ip->i_nlink--;
2335 DIP_SET(ip, i_nlink, ip->i_nlink);
2336 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
2337 }
2338 cache_vop_rmdir(dvp, vp);
2339 #ifdef UFS_DIRHASH
2340 /* Kill any active hash; i_effnlink == 0, so it will not come back. */
2341 if (ip->i_dirhash != NULL)
2342 ufsdirhash_free(ip);
2343 #endif
2344 out:
2345 return (error);
2346 }
2347
2348 /*
2349 * symlink -- make a symbolic link
2350 */
2351 static int
2352 ufs_symlink(
2353 struct vop_symlink_args /* {
2354 struct vnode *a_dvp;
2355 struct vnode **a_vpp;
2356 struct componentname *a_cnp;
2357 struct vattr *a_vap;
2358 const char *a_target;
2359 } */ *ap)
2360 {
2361 struct vnode *vp, **vpp = ap->a_vpp;
2362 struct inode *ip;
2363 int len, error;
2364
2365 error = ufs_makeinode(IFLNK | ap->a_vap->va_mode, ap->a_dvp,
2366 vpp, ap->a_cnp, "ufs_symlink");
2367 if (error)
2368 return (error);
2369 vp = *vpp;
2370 len = strlen(ap->a_target);
2371 if (len < VFSTOUFS(vp->v_mount)->um_maxsymlinklen) {
2372 ip = VTOI(vp);
2373 bcopy(ap->a_target, DIP(ip, i_shortlink), len);
2374 ip->i_size = len;
2375 DIP_SET(ip, i_size, len);
2376 UFS_INODE_SET_FLAG(ip, IN_SIZEMOD | IN_CHANGE | IN_UPDATE);
2377 error = UFS_UPDATE(vp, 0);
2378 } else
2379 error = vn_rdwr(UIO_WRITE, vp, __DECONST(void *, ap->a_target),
2380 len, (off_t)0, UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK,
2381 ap->a_cnp->cn_cred, NOCRED, NULL, NULL);
2382 if (error)
2383 vput(vp);
2384 return (error);
2385 }
2386
2387 /*
2388 * Vnode op for reading directories.
2389 */
2390 int
2391 ufs_readdir(
2392 struct vop_readdir_args /* {
2393 struct vnode *a_vp;
2394 struct uio *a_uio;
2395 struct ucred *a_cred;
2396 int *a_eofflag;
2397 int *a_ncookies;
2398 uint64_t **a_cookies;
2399 } */ *ap)
2400 {
2401 struct vnode *vp = ap->a_vp;
2402 struct uio *uio = ap->a_uio;
2403 struct buf *bp;
2404 struct inode *ip;
2405 struct direct *dp, *edp;
2406 uint64_t *cookies;
2407 struct dirent dstdp;
2408 off_t offset, startoffset;
2409 size_t readcnt, skipcnt;
2410 ssize_t startresid;
2411 u_int ncookies;
2412 int error;
2413
2414 if (uio->uio_offset < 0)
2415 return (EINVAL);
2416 ip = VTOI(vp);
2417 if (ip->i_effnlink == 0)
2418 return (0);
2419 if (ap->a_ncookies != NULL) {
2420 if (uio->uio_resid < 0)
2421 ncookies = 0;
2422 else
2423 ncookies = uio->uio_resid;
2424 if (uio->uio_offset >= ip->i_size)
2425 ncookies = 0;
2426 else if (ip->i_size - uio->uio_offset < ncookies)
2427 ncookies = ip->i_size - uio->uio_offset;
2428 ncookies = ncookies / (offsetof(struct direct, d_name) + 4) + 1;
2429 cookies = malloc(ncookies * sizeof(*cookies), M_TEMP, M_WAITOK);
2430 *ap->a_ncookies = ncookies;
2431 *ap->a_cookies = cookies;
2432 } else {
2433 ncookies = 0;
2434 cookies = NULL;
2435 }
2436 offset = startoffset = uio->uio_offset;
2437 startresid = uio->uio_resid;
2438 error = 0;
2439 while (error == 0 && uio->uio_resid > 0 &&
2440 uio->uio_offset < ip->i_size) {
2441 error = UFS_BLKATOFF(vp, uio->uio_offset, NULL, &bp);
2442 if (error)
2443 break;
2444 if (bp->b_offset + bp->b_bcount > ip->i_size)
2445 readcnt = ip->i_size - bp->b_offset;
2446 else
2447 readcnt = bp->b_bcount;
2448 skipcnt = (size_t)(uio->uio_offset - bp->b_offset) &
2449 ~(size_t)(DIRBLKSIZ - 1);
2450 offset = bp->b_offset + skipcnt;
2451 dp = (struct direct *)&bp->b_data[skipcnt];
2452 edp = (struct direct *)&bp->b_data[readcnt];
2453 while (error == 0 && uio->uio_resid > 0 && dp < edp) {
2454 if (dp->d_reclen <= offsetof(struct direct, d_name) ||
2455 (caddr_t)dp + dp->d_reclen > (caddr_t)edp) {
2456 error = EIO;
2457 break;
2458 }
2459 #if BYTE_ORDER == LITTLE_ENDIAN
2460 /* Old filesystem format. */
2461 if (OFSFMT(vp)) {
2462 dstdp.d_namlen = dp->d_type;
2463 dstdp.d_type = dp->d_namlen;
2464 } else
2465 #endif
2466 {
2467 dstdp.d_namlen = dp->d_namlen;
2468 dstdp.d_type = dp->d_type;
2469 }
2470 if (offsetof(struct direct, d_name) + dstdp.d_namlen >
2471 dp->d_reclen) {
2472 error = EIO;
2473 break;
2474 }
2475 if (offset < startoffset || dp->d_ino == 0)
2476 goto nextentry;
2477 dstdp.d_fileno = dp->d_ino;
2478 dstdp.d_reclen = GENERIC_DIRSIZ(&dstdp);
2479 bcopy(dp->d_name, dstdp.d_name, dstdp.d_namlen);
2480 /* NOTE: d_off is the offset of the *next* entry. */
2481 dstdp.d_off = offset + dp->d_reclen;
2482 dirent_terminate(&dstdp);
2483 if (dstdp.d_reclen > uio->uio_resid) {
2484 if (uio->uio_resid == startresid)
2485 error = EINVAL;
2486 else
2487 error = EJUSTRETURN;
2488 break;
2489 }
2490 /* Advance dp. */
2491 error = uiomove((caddr_t)&dstdp, dstdp.d_reclen, uio);
2492 if (error)
2493 break;
2494 if (cookies != NULL) {
2495 KASSERT(ncookies > 0,
2496 ("ufs_readdir: cookies buffer too small"));
2497 *cookies = offset + dp->d_reclen;
2498 cookies++;
2499 ncookies--;
2500 }
2501 nextentry:
2502 offset += dp->d_reclen;
2503 dp = (struct direct *)((caddr_t)dp + dp->d_reclen);
2504 }
2505 bqrelse(bp);
2506 uio->uio_offset = offset;
2507 }
2508 /* We need to correct uio_offset. */
2509 uio->uio_offset = offset;
2510 if (error == EJUSTRETURN)
2511 error = 0;
2512 if (ap->a_ncookies != NULL) {
2513 if (error == 0) {
2514 *ap->a_ncookies -= ncookies;
2515 } else {
2516 free(*ap->a_cookies, M_TEMP);
2517 *ap->a_ncookies = 0;
2518 *ap->a_cookies = NULL;
2519 }
2520 }
2521 if (error == 0 && ap->a_eofflag)
2522 *ap->a_eofflag = ip->i_size <= uio->uio_offset;
2523 return (error);
2524 }
2525
2526 /*
2527 * Return target name of a symbolic link
2528 */
2529 static int
2530 ufs_readlink(
2531 struct vop_readlink_args /* {
2532 struct vnode *a_vp;
2533 struct uio *a_uio;
2534 struct ucred *a_cred;
2535 } */ *ap)
2536 {
2537 struct vnode *vp = ap->a_vp;
2538 struct inode *ip = VTOI(vp);
2539 doff_t isize;
2540
2541 isize = ip->i_size;
2542 if (isize < VFSTOUFS(vp->v_mount)->um_maxsymlinklen)
2543 return (uiomove(DIP(ip, i_shortlink), isize, ap->a_uio));
2544 return (VOP_READ(vp, ap->a_uio, 0, ap->a_cred));
2545 }
2546
2547 /*
2548 * Calculate the logical to physical mapping if not done already,
2549 * then call the device strategy routine.
2550 *
2551 * In order to be able to swap to a file, the ufs_bmaparray() operation may not
2552 * deadlock on memory. See ufs_bmap() for details.
2553 */
2554 static int
2555 ufs_strategy(
2556 struct vop_strategy_args /* {
2557 struct vnode *a_vp;
2558 struct buf *a_bp;
2559 } */ *ap)
2560 {
2561 struct buf *bp = ap->a_bp;
2562 struct vnode *vp = ap->a_vp;
2563 ufs2_daddr_t blkno;
2564 int error;
2565
2566 if (bp->b_blkno == bp->b_lblkno) {
2567 error = ufs_bmaparray(vp, bp->b_lblkno, &blkno, bp, NULL, NULL);
2568 bp->b_blkno = blkno;
2569 if (error) {
2570 bp->b_error = error;
2571 bp->b_ioflags |= BIO_ERROR;
2572 bufdone(bp);
2573 return (0);
2574 }
2575 if ((long)bp->b_blkno == -1)
2576 vfs_bio_clrbuf(bp);
2577 }
2578 if ((long)bp->b_blkno == -1) {
2579 bufdone(bp);
2580 return (0);
2581 }
2582 bp->b_iooffset = dbtob(bp->b_blkno);
2583 BO_STRATEGY(VFSTOUFS(vp->v_mount)->um_bo, bp);
2584 return (0);
2585 }
2586
2587 /*
2588 * Print out the contents of an inode.
2589 */
2590 static int
2591 ufs_print(
2592 struct vop_print_args /* {
2593 struct vnode *a_vp;
2594 } */ *ap)
2595 {
2596 struct vnode *vp = ap->a_vp;
2597 struct inode *ip = VTOI(vp);
2598
2599 printf("\tnlink=%d, effnlink=%d, size=%jd", ip->i_nlink,
2600 ip->i_effnlink, (intmax_t)ip->i_size);
2601 if (I_IS_UFS2(ip))
2602 printf(", extsize %d", ip->i_din2->di_extsize);
2603 printf("\n\tgeneration=%jx, uid=%d, gid=%d, flags=0x%b\n",
2604 (uintmax_t)ip->i_gen, ip->i_uid, ip->i_gid,
2605 (u_int)ip->i_flags, PRINT_INODE_FLAGS);
2606 printf("\tino %lu, on dev %s", (u_long)ip->i_number,
2607 devtoname(ITODEV(ip)));
2608 if (vp->v_type == VFIFO)
2609 fifo_printinfo(vp);
2610 printf("\n");
2611 return (0);
2612 }
2613
2614 /*
2615 * Close wrapper for fifos.
2616 *
2617 * Update the times on the inode then do device close.
2618 */
2619 static int
2620 ufsfifo_close(
2621 struct vop_close_args /* {
2622 struct vnode *a_vp;
2623 int a_fflag;
2624 struct ucred *a_cred;
2625 struct thread *a_td;
2626 } */ *ap)
2627 {
2628
2629 ufs_close(ap);
2630 return (fifo_specops.vop_close(ap));
2631 }
2632
2633 /*
2634 * Return POSIX pathconf information applicable to ufs filesystems.
2635 */
2636 static int
2637 ufs_pathconf(
2638 struct vop_pathconf_args /* {
2639 struct vnode *a_vp;
2640 int a_name;
2641 int *a_retval;
2642 } */ *ap)
2643 {
2644 int error;
2645
2646 error = 0;
2647 switch (ap->a_name) {
2648 case _PC_LINK_MAX:
2649 *ap->a_retval = UFS_LINK_MAX;
2650 break;
2651 case _PC_NAME_MAX:
2652 *ap->a_retval = UFS_MAXNAMLEN;
2653 break;
2654 case _PC_PIPE_BUF:
2655 if (ap->a_vp->v_type == VDIR || ap->a_vp->v_type == VFIFO)
2656 *ap->a_retval = PIPE_BUF;
2657 else
2658 error = EINVAL;
2659 break;
2660 case _PC_CHOWN_RESTRICTED:
2661 *ap->a_retval = 1;
2662 break;
2663 case _PC_NO_TRUNC:
2664 *ap->a_retval = 1;
2665 break;
2666 #ifdef UFS_ACL
2667 case _PC_ACL_EXTENDED:
2668 if (ap->a_vp->v_mount->mnt_flag & MNT_ACLS)
2669 *ap->a_retval = 1;
2670 else
2671 *ap->a_retval = 0;
2672 break;
2673 case _PC_ACL_NFS4:
2674 if (ap->a_vp->v_mount->mnt_flag & MNT_NFS4ACLS)
2675 *ap->a_retval = 1;
2676 else
2677 *ap->a_retval = 0;
2678 break;
2679 #endif
2680 case _PC_ACL_PATH_MAX:
2681 #ifdef UFS_ACL
2682 if (ap->a_vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS))
2683 *ap->a_retval = ACL_MAX_ENTRIES;
2684 else
2685 *ap->a_retval = 3;
2686 #else
2687 *ap->a_retval = 3;
2688 #endif
2689 break;
2690 #ifdef MAC
2691 case _PC_MAC_PRESENT:
2692 if (ap->a_vp->v_mount->mnt_flag & MNT_MULTILABEL)
2693 *ap->a_retval = 1;
2694 else
2695 *ap->a_retval = 0;
2696 break;
2697 #endif
2698 case _PC_MIN_HOLE_SIZE:
2699 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize;
2700 break;
2701 case _PC_PRIO_IO:
2702 *ap->a_retval = 0;
2703 break;
2704 case _PC_SYNC_IO:
2705 *ap->a_retval = 0;
2706 break;
2707 case _PC_ALLOC_SIZE_MIN:
2708 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_bsize;
2709 break;
2710 case _PC_FILESIZEBITS:
2711 *ap->a_retval = 64;
2712 break;
2713 case _PC_REC_INCR_XFER_SIZE:
2714 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize;
2715 break;
2716 case _PC_REC_MAX_XFER_SIZE:
2717 *ap->a_retval = -1; /* means ``unlimited'' */
2718 break;
2719 case _PC_REC_MIN_XFER_SIZE:
2720 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize;
2721 break;
2722 case _PC_REC_XFER_ALIGN:
2723 *ap->a_retval = PAGE_SIZE;
2724 break;
2725 case _PC_SYMLINK_MAX:
2726 *ap->a_retval = MAXPATHLEN;
2727 break;
2728
2729 default:
2730 error = vop_stdpathconf(ap);
2731 break;
2732 }
2733 return (error);
2734 }
2735
2736 /*
2737 * Initialize the vnode associated with a new inode, handle aliased
2738 * vnodes.
2739 */
2740 int
2741 ufs_vinit(struct mount *mntp, struct vop_vector *fifoops, struct vnode **vpp)
2742 {
2743 struct inode *ip;
2744 struct vnode *vp;
2745
2746 vp = *vpp;
2747 ASSERT_VOP_LOCKED(vp, "ufs_vinit");
2748 ip = VTOI(vp);
2749 vp->v_type = IFTOVT(ip->i_mode);
2750 /*
2751 * Only unallocated inodes should be of type VNON.
2752 */
2753 if (ip->i_mode != 0 && vp->v_type == VNON)
2754 return (EINVAL);
2755 if (vp->v_type == VFIFO)
2756 vp->v_op = fifoops;
2757 if (ip->i_number == UFS_ROOTINO)
2758 vp->v_vflag |= VV_ROOT;
2759 *vpp = vp;
2760 return (0);
2761 }
2762
2763 /*
2764 * Allocate a new inode.
2765 * Vnode dvp must be locked.
2766 */
2767 static int
2768 ufs_makeinode(int mode, struct vnode *dvp, struct vnode **vpp,
2769 struct componentname *cnp, const char *callfunc)
2770 {
2771 struct inode *ip, *pdir;
2772 struct direct newdir;
2773 struct vnode *tvp;
2774 int error;
2775
2776 pdir = VTOI(dvp);
2777 *vpp = NULL;
2778 if ((mode & IFMT) == 0)
2779 mode |= IFREG;
2780
2781 if (pdir->i_effnlink < 2) {
2782 print_bad_link_count(callfunc, dvp);
2783 return (EINVAL);
2784 }
2785 if (DOINGSUJ(dvp)) {
2786 error = softdep_prelink(dvp, NULL, cnp);
2787 if (error != 0) {
2788 MPASS(error == ERELOOKUP);
2789 return (error);
2790 }
2791 }
2792 error = UFS_VALLOC(dvp, mode, cnp->cn_cred, &tvp);
2793 if (error)
2794 return (error);
2795 ip = VTOI(tvp);
2796 ip->i_gid = pdir->i_gid;
2797 DIP_SET(ip, i_gid, pdir->i_gid);
2798 #ifdef SUIDDIR
2799 {
2800 #ifdef QUOTA
2801 struct ucred ucred, *ucp;
2802 gid_t ucred_group;
2803 ucp = cnp->cn_cred;
2804 #endif
2805 /*
2806 * If we are not the owner of the directory,
2807 * and we are hacking owners here, (only do this where told to)
2808 * and we are not giving it TO root, (would subvert quotas)
2809 * then go ahead and give it to the other user.
2810 * Note that this drops off the execute bits for security.
2811 */
2812 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) &&
2813 (pdir->i_mode & ISUID) &&
2814 (pdir->i_uid != cnp->cn_cred->cr_uid) && pdir->i_uid) {
2815 ip->i_uid = pdir->i_uid;
2816 DIP_SET(ip, i_uid, ip->i_uid);
2817 mode &= ~07111;
2818 #ifdef QUOTA
2819 /*
2820 * Make sure the correct user gets charged
2821 * for the space.
2822 * Quickly knock up a dummy credential for the victim.
2823 * XXX This seems to never be accessed out of our
2824 * context so a stack variable is ok.
2825 */
2826 refcount_init(&ucred.cr_ref, 1);
2827 ucred.cr_uid = ip->i_uid;
2828 ucred.cr_ngroups = 1;
2829 ucred.cr_groups = &ucred_group;
2830 ucred.cr_groups[0] = pdir->i_gid;
2831 ucp = &ucred;
2832 #endif
2833 } else {
2834 ip->i_uid = cnp->cn_cred->cr_uid;
2835 DIP_SET(ip, i_uid, ip->i_uid);
2836 }
2837
2838 #ifdef QUOTA
2839 if ((error = getinoquota(ip)) ||
2840 (error = chkiq(ip, 1, ucp, 0))) {
2841 if (DOINGSOFTDEP(tvp))
2842 softdep_revert_link(pdir, ip);
2843 UFS_VFREE(tvp, ip->i_number, mode);
2844 vgone(tvp);
2845 vput(tvp);
2846 return (error);
2847 }
2848 #endif
2849 }
2850 #else /* !SUIDDIR */
2851 ip->i_uid = cnp->cn_cred->cr_uid;
2852 DIP_SET(ip, i_uid, ip->i_uid);
2853 #ifdef QUOTA
2854 if ((error = getinoquota(ip)) ||
2855 (error = chkiq(ip, 1, cnp->cn_cred, 0))) {
2856 if (DOINGSOFTDEP(tvp))
2857 softdep_revert_link(pdir, ip);
2858 UFS_VFREE(tvp, ip->i_number, mode);
2859 vgone(tvp);
2860 vput(tvp);
2861 return (error);
2862 }
2863 #endif
2864 #endif /* !SUIDDIR */
2865 vn_seqc_write_begin(tvp); /* Mostly to cover asserts */
2866 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE);
2867 UFS_INODE_SET_MODE(ip, mode);
2868 DIP_SET(ip, i_mode, mode);
2869 tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */
2870 ip->i_effnlink = 1;
2871 ip->i_nlink = 1;
2872 DIP_SET(ip, i_nlink, 1);
2873 if (DOINGSOFTDEP(tvp))
2874 softdep_setup_create(VTOI(dvp), ip);
2875 if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) &&
2876 priv_check_cred(cnp->cn_cred, PRIV_VFS_SETGID)) {
2877 UFS_INODE_SET_MODE(ip, ip->i_mode & ~ISGID);
2878 DIP_SET(ip, i_mode, ip->i_mode);
2879 }
2880
2881 if (cnp->cn_flags & ISWHITEOUT) {
2882 ip->i_flags |= UF_OPAQUE;
2883 DIP_SET(ip, i_flags, ip->i_flags);
2884 }
2885
2886 /*
2887 * Make sure inode goes to disk before directory entry.
2888 */
2889 error = UFS_UPDATE(tvp, !DOINGSOFTDEP(tvp) && !DOINGASYNC(tvp));
2890 if (error)
2891 goto bad;
2892 #ifdef MAC
2893 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) {
2894 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount,
2895 dvp, tvp, cnp);
2896 if (error)
2897 goto bad;
2898 }
2899 #endif
2900 #ifdef UFS_ACL
2901 if (dvp->v_mount->mnt_flag & MNT_ACLS) {
2902 error = ufs_do_posix1e_acl_inheritance_file(dvp, tvp, mode,
2903 cnp->cn_cred, curthread);
2904 if (error)
2905 goto bad;
2906 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) {
2907 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, mode,
2908 cnp->cn_cred, curthread);
2909 if (error)
2910 goto bad;
2911 }
2912 #endif /* !UFS_ACL */
2913 ufs_makedirentry(ip, cnp, &newdir);
2914 error = ufs_direnter(dvp, tvp, &newdir, cnp, NULL);
2915 if (error)
2916 goto bad;
2917 vn_seqc_write_end(tvp);
2918 *vpp = tvp;
2919 return (0);
2920
2921 bad:
2922 /*
2923 * Write error occurred trying to update the inode
2924 * or the directory so must deallocate the inode.
2925 */
2926 ip->i_effnlink = 0;
2927 ip->i_nlink = 0;
2928 DIP_SET(ip, i_nlink, 0);
2929 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
2930 if (DOINGSOFTDEP(tvp))
2931 softdep_revert_create(VTOI(dvp), ip);
2932 vn_seqc_write_end(tvp);
2933 vgone(tvp);
2934 vput(tvp);
2935 return (error);
2936 }
2937
2938 static int
2939 ufs_ioctl(struct vop_ioctl_args *ap)
2940 {
2941 struct vnode *vp;
2942 int error;
2943
2944 vp = ap->a_vp;
2945 switch (ap->a_command) {
2946 case FIOSEEKDATA:
2947 error = vn_lock(vp, LK_SHARED);
2948 if (error == 0) {
2949 error = ufs_bmap_seekdata(vp, (off_t *)ap->a_data);
2950 VOP_UNLOCK(vp);
2951 } else
2952 error = EBADF;
2953 return (error);
2954 case FIOSEEKHOLE:
2955 return (vn_bmap_seekhole(vp, ap->a_command, (off_t *)ap->a_data,
2956 ap->a_cred));
2957 default:
2958 return (ENOTTY);
2959 }
2960 }
2961
2962 static int
2963 ufs_read_pgcache(struct vop_read_pgcache_args *ap)
2964 {
2965 struct uio *uio;
2966 struct vnode *vp;
2967
2968 uio = ap->a_uio;
2969 vp = ap->a_vp;
2970 VNPASS((vn_irflag_read(vp) & VIRF_PGREAD) != 0, vp);
2971
2972 if (uio->uio_resid > ptoa(io_hold_cnt) || uio->uio_offset < 0 ||
2973 (ap->a_ioflag & IO_DIRECT) != 0)
2974 return (EJUSTRETURN);
2975 return (vn_read_from_obj(vp, uio));
2976 }
2977
2978 /* Global vfs data structures for ufs. */
2979 struct vop_vector ufs_vnodeops = {
2980 .vop_default = &default_vnodeops,
2981 .vop_fsync = VOP_PANIC,
2982 .vop_read = VOP_PANIC,
2983 .vop_reallocblks = VOP_PANIC,
2984 .vop_write = VOP_PANIC,
2985 .vop_accessx = ufs_accessx,
2986 .vop_bmap = ufs_bmap,
2987 .vop_fplookup_vexec = ufs_fplookup_vexec,
2988 .vop_fplookup_symlink = VOP_EAGAIN,
2989 .vop_cachedlookup = ufs_lookup,
2990 .vop_close = ufs_close,
2991 .vop_create = ufs_create,
2992 .vop_stat = ufs_stat,
2993 .vop_getattr = ufs_getattr,
2994 .vop_inactive = ufs_inactive,
2995 .vop_ioctl = ufs_ioctl,
2996 .vop_link = ufs_link,
2997 .vop_lookup = vfs_cache_lookup,
2998 .vop_mmapped = ufs_mmapped,
2999 .vop_mkdir = ufs_mkdir,
3000 .vop_mknod = ufs_mknod,
3001 .vop_need_inactive = ufs_need_inactive,
3002 .vop_open = ufs_open,
3003 .vop_pathconf = ufs_pathconf,
3004 .vop_poll = vop_stdpoll,
3005 .vop_print = ufs_print,
3006 .vop_read_pgcache = ufs_read_pgcache,
3007 .vop_readdir = ufs_readdir,
3008 .vop_readlink = ufs_readlink,
3009 .vop_reclaim = ufs_reclaim,
3010 .vop_remove = ufs_remove,
3011 .vop_rename = ufs_rename,
3012 .vop_rmdir = ufs_rmdir,
3013 .vop_setattr = ufs_setattr,
3014 #ifdef MAC
3015 .vop_setlabel = vop_stdsetlabel_ea,
3016 #endif
3017 .vop_strategy = ufs_strategy,
3018 .vop_symlink = ufs_symlink,
3019 .vop_whiteout = ufs_whiteout,
3020 #ifdef UFS_EXTATTR
3021 .vop_getextattr = ufs_getextattr,
3022 .vop_deleteextattr = ufs_deleteextattr,
3023 .vop_setextattr = ufs_setextattr,
3024 #endif
3025 #ifdef UFS_ACL
3026 .vop_getacl = ufs_getacl,
3027 .vop_setacl = ufs_setacl,
3028 .vop_aclcheck = ufs_aclcheck,
3029 #endif
3030 };
3031 VFS_VOP_VECTOR_REGISTER(ufs_vnodeops);
3032
3033 struct vop_vector ufs_fifoops = {
3034 .vop_default = &fifo_specops,
3035 .vop_fsync = VOP_PANIC,
3036 .vop_accessx = ufs_accessx,
3037 .vop_close = ufsfifo_close,
3038 .vop_getattr = ufs_getattr,
3039 .vop_inactive = ufs_inactive,
3040 .vop_pathconf = ufs_pathconf,
3041 .vop_print = ufs_print,
3042 .vop_read = VOP_PANIC,
3043 .vop_reclaim = ufs_reclaim,
3044 .vop_setattr = ufs_setattr,
3045 #ifdef MAC
3046 .vop_setlabel = vop_stdsetlabel_ea,
3047 #endif
3048 .vop_write = VOP_PANIC,
3049 #ifdef UFS_EXTATTR
3050 .vop_getextattr = ufs_getextattr,
3051 .vop_deleteextattr = ufs_deleteextattr,
3052 .vop_setextattr = ufs_setextattr,
3053 #endif
3054 #ifdef UFS_ACL
3055 .vop_getacl = ufs_getacl,
3056 .vop_setacl = ufs_setacl,
3057 .vop_aclcheck = ufs_aclcheck,
3058 #endif
3059 };
3060 VFS_VOP_VECTOR_REGISTER(ufs_fifoops);
Cache object: 0db84e37ebd9488d5b5637fee81e855f
|