1 /*-
2 * Copyright (c) 1982, 1986, 1989, 1993, 1995
3 * The Regents of the University of California. All rights reserved.
4 * (c) UNIX System Laboratories, Inc.
5 * All or some portions of this file are derived from material licensed
6 * to the University of California by American Telephone and Telegraph
7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
8 * the permission of UNIX System Laboratories, Inc.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 4. Neither the name of the University nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *
34 * @(#)ufs_vnops.c 8.27 (Berkeley) 5/27/95
35 */
36
37 #include <sys/cdefs.h>
38 __FBSDID("$FreeBSD: releng/11.0/sys/ufs/ufs/ufs_vnops.c 303375 2016-07-27 08:47:24Z kib $");
39
40 #include "opt_quota.h"
41 #include "opt_suiddir.h"
42 #include "opt_ufs.h"
43 #include "opt_ffs.h"
44
45 #include <sys/param.h>
46 #include <sys/systm.h>
47 #include <sys/malloc.h>
48 #include <sys/namei.h>
49 #include <sys/kernel.h>
50 #include <sys/fcntl.h>
51 #include <sys/filio.h>
52 #include <sys/stat.h>
53 #include <sys/bio.h>
54 #include <sys/buf.h>
55 #include <sys/mount.h>
56 #include <sys/priv.h>
57 #include <sys/refcount.h>
58 #include <sys/unistd.h>
59 #include <sys/vnode.h>
60 #include <sys/dirent.h>
61 #include <sys/lockf.h>
62 #include <sys/conf.h>
63 #include <sys/acl.h>
64
65 #include <security/mac/mac_framework.h>
66
67 #include <sys/file.h> /* XXX */
68
69 #include <vm/vm.h>
70 #include <vm/vm_extern.h>
71
72 #include <ufs/ufs/acl.h>
73 #include <ufs/ufs/extattr.h>
74 #include <ufs/ufs/quota.h>
75 #include <ufs/ufs/inode.h>
76 #include <ufs/ufs/dir.h>
77 #include <ufs/ufs/ufsmount.h>
78 #include <ufs/ufs/ufs_extern.h>
79 #ifdef UFS_DIRHASH
80 #include <ufs/ufs/dirhash.h>
81 #endif
82 #ifdef UFS_GJOURNAL
83 #include <ufs/ufs/gjournal.h>
84 FEATURE(ufs_gjournal, "Journaling support through GEOM for UFS");
85 #endif
86
87 #ifdef QUOTA
88 FEATURE(ufs_quota, "UFS disk quotas support");
89 FEATURE(ufs_quota64, "64bit UFS disk quotas support");
90 #endif
91
92 #ifdef SUIDDIR
93 FEATURE(suiddir,
94 "Give all new files in directory the same ownership as the directory");
95 #endif
96
97
98 #include <ufs/ffs/ffs_extern.h>
99
100 static vop_accessx_t ufs_accessx;
101 static int ufs_chmod(struct vnode *, int, struct ucred *, struct thread *);
102 static int ufs_chown(struct vnode *, uid_t, gid_t, struct ucred *, struct thread *);
103 static vop_close_t ufs_close;
104 static vop_create_t ufs_create;
105 static vop_getattr_t ufs_getattr;
106 static vop_ioctl_t ufs_ioctl;
107 static vop_link_t ufs_link;
108 static int ufs_makeinode(int mode, struct vnode *, struct vnode **, struct componentname *);
109 static vop_markatime_t ufs_markatime;
110 static vop_mkdir_t ufs_mkdir;
111 static vop_mknod_t ufs_mknod;
112 static vop_open_t ufs_open;
113 static vop_pathconf_t ufs_pathconf;
114 static vop_print_t ufs_print;
115 static vop_readlink_t ufs_readlink;
116 static vop_remove_t ufs_remove;
117 static vop_rename_t ufs_rename;
118 static vop_rmdir_t ufs_rmdir;
119 static vop_setattr_t ufs_setattr;
120 static vop_strategy_t ufs_strategy;
121 static vop_symlink_t ufs_symlink;
122 static vop_whiteout_t ufs_whiteout;
123 static vop_close_t ufsfifo_close;
124 static vop_kqfilter_t ufsfifo_kqfilter;
125 static vop_pathconf_t ufsfifo_pathconf;
126
127 SYSCTL_NODE(_vfs, OID_AUTO, ufs, CTLFLAG_RD, 0, "UFS filesystem");
128
129 /*
130 * A virgin directory (no blushing please).
131 */
132 static struct dirtemplate mastertemplate = {
133 0, 12, DT_DIR, 1, ".",
134 0, DIRBLKSIZ - 12, DT_DIR, 2, ".."
135 };
136 static struct odirtemplate omastertemplate = {
137 0, 12, 1, ".",
138 0, DIRBLKSIZ - 12, 2, ".."
139 };
140
141 static void
142 ufs_itimes_locked(struct vnode *vp)
143 {
144 struct inode *ip;
145 struct timespec ts;
146
147 ASSERT_VI_LOCKED(vp, __func__);
148
149 ip = VTOI(vp);
150 if (UFS_RDONLY(ip))
151 goto out;
152 if ((ip->i_flag & (IN_ACCESS | IN_CHANGE | IN_UPDATE)) == 0)
153 return;
154
155 if ((vp->v_type == VBLK || vp->v_type == VCHR) && !DOINGSOFTDEP(vp))
156 ip->i_flag |= IN_LAZYMOD;
157 else if (((vp->v_mount->mnt_kern_flag &
158 (MNTK_SUSPENDED | MNTK_SUSPEND)) == 0) ||
159 (ip->i_flag & (IN_CHANGE | IN_UPDATE)))
160 ip->i_flag |= IN_MODIFIED;
161 else if (ip->i_flag & IN_ACCESS)
162 ip->i_flag |= IN_LAZYACCESS;
163 vfs_timestamp(&ts);
164 if (ip->i_flag & IN_ACCESS) {
165 DIP_SET(ip, i_atime, ts.tv_sec);
166 DIP_SET(ip, i_atimensec, ts.tv_nsec);
167 }
168 if (ip->i_flag & IN_UPDATE) {
169 DIP_SET(ip, i_mtime, ts.tv_sec);
170 DIP_SET(ip, i_mtimensec, ts.tv_nsec);
171 }
172 if (ip->i_flag & IN_CHANGE) {
173 DIP_SET(ip, i_ctime, ts.tv_sec);
174 DIP_SET(ip, i_ctimensec, ts.tv_nsec);
175 DIP_SET(ip, i_modrev, DIP(ip, i_modrev) + 1);
176 }
177
178 out:
179 ip->i_flag &= ~(IN_ACCESS | IN_CHANGE | IN_UPDATE);
180 }
181
182 void
183 ufs_itimes(struct vnode *vp)
184 {
185
186 VI_LOCK(vp);
187 ufs_itimes_locked(vp);
188 VI_UNLOCK(vp);
189 }
190
191 /*
192 * Create a regular file
193 */
194 static int
195 ufs_create(ap)
196 struct vop_create_args /* {
197 struct vnode *a_dvp;
198 struct vnode **a_vpp;
199 struct componentname *a_cnp;
200 struct vattr *a_vap;
201 } */ *ap;
202 {
203 int error;
204
205 error =
206 ufs_makeinode(MAKEIMODE(ap->a_vap->va_type, ap->a_vap->va_mode),
207 ap->a_dvp, ap->a_vpp, ap->a_cnp);
208 if (error != 0)
209 return (error);
210 if ((ap->a_cnp->cn_flags & MAKEENTRY) != 0)
211 cache_enter(ap->a_dvp, *ap->a_vpp, ap->a_cnp);
212 return (0);
213 }
214
215 /*
216 * Mknod vnode call
217 */
218 /* ARGSUSED */
219 static int
220 ufs_mknod(ap)
221 struct vop_mknod_args /* {
222 struct vnode *a_dvp;
223 struct vnode **a_vpp;
224 struct componentname *a_cnp;
225 struct vattr *a_vap;
226 } */ *ap;
227 {
228 struct vattr *vap = ap->a_vap;
229 struct vnode **vpp = ap->a_vpp;
230 struct inode *ip;
231 ino_t ino;
232 int error;
233
234 error = ufs_makeinode(MAKEIMODE(vap->va_type, vap->va_mode),
235 ap->a_dvp, vpp, ap->a_cnp);
236 if (error)
237 return (error);
238 ip = VTOI(*vpp);
239 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE;
240 if (vap->va_rdev != VNOVAL) {
241 /*
242 * Want to be able to use this to make badblock
243 * inodes, so don't truncate the dev number.
244 */
245 DIP_SET(ip, i_rdev, vap->va_rdev);
246 }
247 /*
248 * Remove inode, then reload it through VFS_VGET so it is
249 * checked to see if it is an alias of an existing entry in
250 * the inode cache. XXX I don't believe this is necessary now.
251 */
252 (*vpp)->v_type = VNON;
253 ino = ip->i_number; /* Save this before vgone() invalidates ip. */
254 vgone(*vpp);
255 vput(*vpp);
256 error = VFS_VGET(ap->a_dvp->v_mount, ino, LK_EXCLUSIVE, vpp);
257 if (error) {
258 *vpp = NULL;
259 return (error);
260 }
261 return (0);
262 }
263
264 /*
265 * Open called.
266 */
267 /* ARGSUSED */
268 static int
269 ufs_open(struct vop_open_args *ap)
270 {
271 struct vnode *vp = ap->a_vp;
272 struct inode *ip;
273
274 if (vp->v_type == VCHR || vp->v_type == VBLK)
275 return (EOPNOTSUPP);
276
277 ip = VTOI(vp);
278 /*
279 * Files marked append-only must be opened for appending.
280 */
281 if ((ip->i_flags & APPEND) &&
282 (ap->a_mode & (FWRITE | O_APPEND)) == FWRITE)
283 return (EPERM);
284 vnode_create_vobject(vp, DIP(ip, i_size), ap->a_td);
285 return (0);
286 }
287
288 /*
289 * Close called.
290 *
291 * Update the times on the inode.
292 */
293 /* ARGSUSED */
294 static int
295 ufs_close(ap)
296 struct vop_close_args /* {
297 struct vnode *a_vp;
298 int a_fflag;
299 struct ucred *a_cred;
300 struct thread *a_td;
301 } */ *ap;
302 {
303 struct vnode *vp = ap->a_vp;
304 int usecount;
305
306 VI_LOCK(vp);
307 usecount = vp->v_usecount;
308 if (usecount > 1)
309 ufs_itimes_locked(vp);
310 VI_UNLOCK(vp);
311 return (0);
312 }
313
314 static int
315 ufs_accessx(ap)
316 struct vop_accessx_args /* {
317 struct vnode *a_vp;
318 accmode_t a_accmode;
319 struct ucred *a_cred;
320 struct thread *a_td;
321 } */ *ap;
322 {
323 struct vnode *vp = ap->a_vp;
324 struct inode *ip = VTOI(vp);
325 accmode_t accmode = ap->a_accmode;
326 int error;
327 #ifdef QUOTA
328 int relocked;
329 #endif
330 #ifdef UFS_ACL
331 struct acl *acl;
332 acl_type_t type;
333 #endif
334
335 /*
336 * Disallow write attempts on read-only filesystems;
337 * unless the file is a socket, fifo, or a block or
338 * character device resident on the filesystem.
339 */
340 if (accmode & VMODIFY_PERMS) {
341 switch (vp->v_type) {
342 case VDIR:
343 case VLNK:
344 case VREG:
345 if (vp->v_mount->mnt_flag & MNT_RDONLY)
346 return (EROFS);
347 #ifdef QUOTA
348 /*
349 * Inode is accounted in the quotas only if struct
350 * dquot is attached to it. VOP_ACCESS() is called
351 * from vn_open_cred() and provides a convenient
352 * point to call getinoquota().
353 */
354 if (VOP_ISLOCKED(vp) != LK_EXCLUSIVE) {
355
356 /*
357 * Upgrade vnode lock, since getinoquota()
358 * requires exclusive lock to modify inode.
359 */
360 relocked = 1;
361 vhold(vp);
362 vn_lock(vp, LK_UPGRADE | LK_RETRY);
363 VI_LOCK(vp);
364 if (vp->v_iflag & VI_DOOMED) {
365 vdropl(vp);
366 error = ENOENT;
367 goto relock;
368 }
369 vdropl(vp);
370 } else
371 relocked = 0;
372 error = getinoquota(ip);
373 relock:
374 if (relocked)
375 vn_lock(vp, LK_DOWNGRADE | LK_RETRY);
376 if (error != 0)
377 return (error);
378 #endif
379 break;
380 default:
381 break;
382 }
383 }
384
385 /*
386 * If immutable bit set, nobody gets to write it. "& ~VADMIN_PERMS"
387 * permits the owner of the file to remove the IMMUTABLE flag.
388 */
389 if ((accmode & (VMODIFY_PERMS & ~VADMIN_PERMS)) &&
390 (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT)))
391 return (EPERM);
392
393 #ifdef UFS_ACL
394 if ((vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS)) != 0) {
395 if (vp->v_mount->mnt_flag & MNT_NFS4ACLS)
396 type = ACL_TYPE_NFS4;
397 else
398 type = ACL_TYPE_ACCESS;
399
400 acl = acl_alloc(M_WAITOK);
401 if (type == ACL_TYPE_NFS4)
402 error = ufs_getacl_nfs4_internal(vp, acl, ap->a_td);
403 else
404 error = VOP_GETACL(vp, type, acl, ap->a_cred, ap->a_td);
405 switch (error) {
406 case 0:
407 if (type == ACL_TYPE_NFS4) {
408 error = vaccess_acl_nfs4(vp->v_type, ip->i_uid,
409 ip->i_gid, acl, accmode, ap->a_cred, NULL);
410 } else {
411 error = vfs_unixify_accmode(&accmode);
412 if (error == 0)
413 error = vaccess_acl_posix1e(vp->v_type, ip->i_uid,
414 ip->i_gid, acl, accmode, ap->a_cred, NULL);
415 }
416 break;
417 default:
418 if (error != EOPNOTSUPP)
419 printf(
420 "ufs_accessx(): Error retrieving ACL on object (%d).\n",
421 error);
422 /*
423 * XXX: Fall back until debugged. Should
424 * eventually possibly log an error, and return
425 * EPERM for safety.
426 */
427 error = vfs_unixify_accmode(&accmode);
428 if (error == 0)
429 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid,
430 ip->i_gid, accmode, ap->a_cred, NULL);
431 }
432 acl_free(acl);
433
434 return (error);
435 }
436 #endif /* !UFS_ACL */
437 error = vfs_unixify_accmode(&accmode);
438 if (error == 0)
439 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, ip->i_gid,
440 accmode, ap->a_cred, NULL);
441 return (error);
442 }
443
444 /* ARGSUSED */
445 static int
446 ufs_getattr(ap)
447 struct vop_getattr_args /* {
448 struct vnode *a_vp;
449 struct vattr *a_vap;
450 struct ucred *a_cred;
451 } */ *ap;
452 {
453 struct vnode *vp = ap->a_vp;
454 struct inode *ip = VTOI(vp);
455 struct vattr *vap = ap->a_vap;
456
457 VI_LOCK(vp);
458 ufs_itimes_locked(vp);
459 if (ip->i_ump->um_fstype == UFS1) {
460 vap->va_atime.tv_sec = ip->i_din1->di_atime;
461 vap->va_atime.tv_nsec = ip->i_din1->di_atimensec;
462 } else {
463 vap->va_atime.tv_sec = ip->i_din2->di_atime;
464 vap->va_atime.tv_nsec = ip->i_din2->di_atimensec;
465 }
466 VI_UNLOCK(vp);
467 /*
468 * Copy from inode table
469 */
470 vap->va_fsid = dev2udev(ip->i_dev);
471 vap->va_fileid = ip->i_number;
472 vap->va_mode = ip->i_mode & ~IFMT;
473 vap->va_nlink = ip->i_effnlink;
474 vap->va_uid = ip->i_uid;
475 vap->va_gid = ip->i_gid;
476 if (ip->i_ump->um_fstype == UFS1) {
477 vap->va_rdev = ip->i_din1->di_rdev;
478 vap->va_size = ip->i_din1->di_size;
479 vap->va_mtime.tv_sec = ip->i_din1->di_mtime;
480 vap->va_mtime.tv_nsec = ip->i_din1->di_mtimensec;
481 vap->va_ctime.tv_sec = ip->i_din1->di_ctime;
482 vap->va_ctime.tv_nsec = ip->i_din1->di_ctimensec;
483 vap->va_bytes = dbtob((u_quad_t)ip->i_din1->di_blocks);
484 vap->va_filerev = ip->i_din1->di_modrev;
485 } else {
486 vap->va_rdev = ip->i_din2->di_rdev;
487 vap->va_size = ip->i_din2->di_size;
488 vap->va_mtime.tv_sec = ip->i_din2->di_mtime;
489 vap->va_mtime.tv_nsec = ip->i_din2->di_mtimensec;
490 vap->va_ctime.tv_sec = ip->i_din2->di_ctime;
491 vap->va_ctime.tv_nsec = ip->i_din2->di_ctimensec;
492 vap->va_birthtime.tv_sec = ip->i_din2->di_birthtime;
493 vap->va_birthtime.tv_nsec = ip->i_din2->di_birthnsec;
494 vap->va_bytes = dbtob((u_quad_t)ip->i_din2->di_blocks);
495 vap->va_filerev = ip->i_din2->di_modrev;
496 }
497 vap->va_flags = ip->i_flags;
498 vap->va_gen = ip->i_gen;
499 vap->va_blocksize = vp->v_mount->mnt_stat.f_iosize;
500 vap->va_type = IFTOVT(ip->i_mode);
501 return (0);
502 }
503
504 /*
505 * Set attribute vnode op. called from several syscalls
506 */
507 static int
508 ufs_setattr(ap)
509 struct vop_setattr_args /* {
510 struct vnode *a_vp;
511 struct vattr *a_vap;
512 struct ucred *a_cred;
513 } */ *ap;
514 {
515 struct vattr *vap = ap->a_vap;
516 struct vnode *vp = ap->a_vp;
517 struct inode *ip = VTOI(vp);
518 struct ucred *cred = ap->a_cred;
519 struct thread *td = curthread;
520 int error;
521
522 /*
523 * Check for unsettable attributes.
524 */
525 if ((vap->va_type != VNON) || (vap->va_nlink != VNOVAL) ||
526 (vap->va_fsid != VNOVAL) || (vap->va_fileid != VNOVAL) ||
527 (vap->va_blocksize != VNOVAL) || (vap->va_rdev != VNOVAL) ||
528 ((int)vap->va_bytes != VNOVAL) || (vap->va_gen != VNOVAL)) {
529 return (EINVAL);
530 }
531 if (vap->va_flags != VNOVAL) {
532 if ((vap->va_flags & ~(SF_APPEND | SF_ARCHIVED | SF_IMMUTABLE |
533 SF_NOUNLINK | SF_SNAPSHOT | UF_APPEND | UF_ARCHIVE |
534 UF_HIDDEN | UF_IMMUTABLE | UF_NODUMP | UF_NOUNLINK |
535 UF_OFFLINE | UF_OPAQUE | UF_READONLY | UF_REPARSE |
536 UF_SPARSE | UF_SYSTEM)) != 0)
537 return (EOPNOTSUPP);
538 if (vp->v_mount->mnt_flag & MNT_RDONLY)
539 return (EROFS);
540 /*
541 * Callers may only modify the file flags on objects they
542 * have VADMIN rights for.
543 */
544 if ((error = VOP_ACCESS(vp, VADMIN, cred, td)))
545 return (error);
546 /*
547 * Unprivileged processes are not permitted to unset system
548 * flags, or modify flags if any system flags are set.
549 * Privileged non-jail processes may not modify system flags
550 * if securelevel > 0 and any existing system flags are set.
551 * Privileged jail processes behave like privileged non-jail
552 * processes if the security.jail.chflags_allowed sysctl is
553 * is non-zero; otherwise, they behave like unprivileged
554 * processes.
555 */
556 if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0)) {
557 if (ip->i_flags &
558 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) {
559 error = securelevel_gt(cred, 0);
560 if (error)
561 return (error);
562 }
563 /* The snapshot flag cannot be toggled. */
564 if ((vap->va_flags ^ ip->i_flags) & SF_SNAPSHOT)
565 return (EPERM);
566 } else {
567 if (ip->i_flags &
568 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND) ||
569 ((vap->va_flags ^ ip->i_flags) & SF_SETTABLE))
570 return (EPERM);
571 }
572 ip->i_flags = vap->va_flags;
573 DIP_SET(ip, i_flags, vap->va_flags);
574 ip->i_flag |= IN_CHANGE;
575 error = UFS_UPDATE(vp, 0);
576 if (ip->i_flags & (IMMUTABLE | APPEND))
577 return (error);
578 }
579 /*
580 * If immutable or append, no one can change any of its attributes
581 * except the ones already handled (in some cases, file flags
582 * including the immutability flags themselves for the superuser).
583 */
584 if (ip->i_flags & (IMMUTABLE | APPEND))
585 return (EPERM);
586 /*
587 * Go through the fields and update iff not VNOVAL.
588 */
589 if (vap->va_uid != (uid_t)VNOVAL || vap->va_gid != (gid_t)VNOVAL) {
590 if (vp->v_mount->mnt_flag & MNT_RDONLY)
591 return (EROFS);
592 if ((error = ufs_chown(vp, vap->va_uid, vap->va_gid, cred,
593 td)) != 0)
594 return (error);
595 }
596 if (vap->va_size != VNOVAL) {
597 /*
598 * XXX most of the following special cases should be in
599 * callers instead of in N filesystems. The VDIR check
600 * mostly already is.
601 */
602 switch (vp->v_type) {
603 case VDIR:
604 return (EISDIR);
605 case VLNK:
606 case VREG:
607 /*
608 * Truncation should have an effect in these cases.
609 * Disallow it if the filesystem is read-only or
610 * the file is being snapshotted.
611 */
612 if (vp->v_mount->mnt_flag & MNT_RDONLY)
613 return (EROFS);
614 if ((ip->i_flags & SF_SNAPSHOT) != 0)
615 return (EPERM);
616 break;
617 default:
618 /*
619 * According to POSIX, the result is unspecified
620 * for file types other than regular files,
621 * directories and shared memory objects. We
622 * don't support shared memory objects in the file
623 * system, and have dubious support for truncating
624 * symlinks. Just ignore the request in other cases.
625 */
626 return (0);
627 }
628 if ((error = UFS_TRUNCATE(vp, vap->va_size, IO_NORMAL |
629 ((vap->va_vaflags & VA_SYNC) != 0 ? IO_SYNC : 0),
630 cred)) != 0)
631 return (error);
632 }
633 if (vap->va_atime.tv_sec != VNOVAL ||
634 vap->va_mtime.tv_sec != VNOVAL ||
635 vap->va_birthtime.tv_sec != VNOVAL) {
636 if (vp->v_mount->mnt_flag & MNT_RDONLY)
637 return (EROFS);
638 if ((ip->i_flags & SF_SNAPSHOT) != 0)
639 return (EPERM);
640 error = vn_utimes_perm(vp, vap, cred, td);
641 if (error != 0)
642 return (error);
643 ip->i_flag |= IN_CHANGE | IN_MODIFIED;
644 if (vap->va_atime.tv_sec != VNOVAL) {
645 ip->i_flag &= ~IN_ACCESS;
646 DIP_SET(ip, i_atime, vap->va_atime.tv_sec);
647 DIP_SET(ip, i_atimensec, vap->va_atime.tv_nsec);
648 }
649 if (vap->va_mtime.tv_sec != VNOVAL) {
650 ip->i_flag &= ~IN_UPDATE;
651 DIP_SET(ip, i_mtime, vap->va_mtime.tv_sec);
652 DIP_SET(ip, i_mtimensec, vap->va_mtime.tv_nsec);
653 }
654 if (vap->va_birthtime.tv_sec != VNOVAL &&
655 ip->i_ump->um_fstype == UFS2) {
656 ip->i_din2->di_birthtime = vap->va_birthtime.tv_sec;
657 ip->i_din2->di_birthnsec = vap->va_birthtime.tv_nsec;
658 }
659 error = UFS_UPDATE(vp, 0);
660 if (error)
661 return (error);
662 }
663 error = 0;
664 if (vap->va_mode != (mode_t)VNOVAL) {
665 if (vp->v_mount->mnt_flag & MNT_RDONLY)
666 return (EROFS);
667 if ((ip->i_flags & SF_SNAPSHOT) != 0 && (vap->va_mode &
668 (S_IXUSR | S_IWUSR | S_IXGRP | S_IWGRP | S_IXOTH | S_IWOTH)))
669 return (EPERM);
670 error = ufs_chmod(vp, (int)vap->va_mode, cred, td);
671 }
672 return (error);
673 }
674
675 #ifdef UFS_ACL
676 static int
677 ufs_update_nfs4_acl_after_mode_change(struct vnode *vp, int mode,
678 int file_owner_id, struct ucred *cred, struct thread *td)
679 {
680 int error;
681 struct acl *aclp;
682
683 aclp = acl_alloc(M_WAITOK);
684 error = ufs_getacl_nfs4_internal(vp, aclp, td);
685 /*
686 * We don't have to handle EOPNOTSUPP here, as the filesystem claims
687 * it supports ACLs.
688 */
689 if (error)
690 goto out;
691
692 acl_nfs4_sync_acl_from_mode(aclp, mode, file_owner_id);
693 error = ufs_setacl_nfs4_internal(vp, aclp, td);
694
695 out:
696 acl_free(aclp);
697 return (error);
698 }
699 #endif /* UFS_ACL */
700
701 /*
702 * Mark this file's access time for update for vfs_mark_atime(). This
703 * is called from execve() and mmap().
704 */
705 static int
706 ufs_markatime(ap)
707 struct vop_markatime_args /* {
708 struct vnode *a_vp;
709 } */ *ap;
710 {
711 struct vnode *vp = ap->a_vp;
712 struct inode *ip = VTOI(vp);
713
714 VI_LOCK(vp);
715 ip->i_flag |= IN_ACCESS;
716 VI_UNLOCK(vp);
717 /*
718 * XXXKIB No UFS_UPDATE(ap->a_vp, 0) there.
719 */
720 return (0);
721 }
722
723 /*
724 * Change the mode on a file.
725 * Inode must be locked before calling.
726 */
727 static int
728 ufs_chmod(vp, mode, cred, td)
729 struct vnode *vp;
730 int mode;
731 struct ucred *cred;
732 struct thread *td;
733 {
734 struct inode *ip = VTOI(vp);
735 int error;
736
737 /*
738 * To modify the permissions on a file, must possess VADMIN
739 * for that file.
740 */
741 if ((error = VOP_ACCESSX(vp, VWRITE_ACL, cred, td)))
742 return (error);
743 /*
744 * Privileged processes may set the sticky bit on non-directories,
745 * as well as set the setgid bit on a file with a group that the
746 * process is not a member of. Both of these are allowed in
747 * jail(8).
748 */
749 if (vp->v_type != VDIR && (mode & S_ISTXT)) {
750 if (priv_check_cred(cred, PRIV_VFS_STICKYFILE, 0))
751 return (EFTYPE);
752 }
753 if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) {
754 error = priv_check_cred(cred, PRIV_VFS_SETGID, 0);
755 if (error)
756 return (error);
757 }
758
759 /*
760 * Deny setting setuid if we are not the file owner.
761 */
762 if ((mode & ISUID) && ip->i_uid != cred->cr_uid) {
763 error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0);
764 if (error)
765 return (error);
766 }
767
768 ip->i_mode &= ~ALLPERMS;
769 ip->i_mode |= (mode & ALLPERMS);
770 DIP_SET(ip, i_mode, ip->i_mode);
771 ip->i_flag |= IN_CHANGE;
772 #ifdef UFS_ACL
773 if ((vp->v_mount->mnt_flag & MNT_NFS4ACLS) != 0)
774 error = ufs_update_nfs4_acl_after_mode_change(vp, mode, ip->i_uid, cred, td);
775 #endif
776 if (error == 0 && (ip->i_flag & IN_CHANGE) != 0)
777 error = UFS_UPDATE(vp, 0);
778
779 return (error);
780 }
781
782 /*
783 * Perform chown operation on inode ip;
784 * inode must be locked prior to call.
785 */
786 static int
787 ufs_chown(vp, uid, gid, cred, td)
788 struct vnode *vp;
789 uid_t uid;
790 gid_t gid;
791 struct ucred *cred;
792 struct thread *td;
793 {
794 struct inode *ip = VTOI(vp);
795 uid_t ouid;
796 gid_t ogid;
797 int error = 0;
798 #ifdef QUOTA
799 int i;
800 ufs2_daddr_t change;
801 #endif
802
803 if (uid == (uid_t)VNOVAL)
804 uid = ip->i_uid;
805 if (gid == (gid_t)VNOVAL)
806 gid = ip->i_gid;
807 /*
808 * To modify the ownership of a file, must possess VADMIN for that
809 * file.
810 */
811 if ((error = VOP_ACCESSX(vp, VWRITE_OWNER, cred, td)))
812 return (error);
813 /*
814 * To change the owner of a file, or change the group of a file to a
815 * group of which we are not a member, the caller must have
816 * privilege.
817 */
818 if (((uid != ip->i_uid && uid != cred->cr_uid) ||
819 (gid != ip->i_gid && !groupmember(gid, cred))) &&
820 (error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0)))
821 return (error);
822 ogid = ip->i_gid;
823 ouid = ip->i_uid;
824 #ifdef QUOTA
825 if ((error = getinoquota(ip)) != 0)
826 return (error);
827 if (ouid == uid) {
828 dqrele(vp, ip->i_dquot[USRQUOTA]);
829 ip->i_dquot[USRQUOTA] = NODQUOT;
830 }
831 if (ogid == gid) {
832 dqrele(vp, ip->i_dquot[GRPQUOTA]);
833 ip->i_dquot[GRPQUOTA] = NODQUOT;
834 }
835 change = DIP(ip, i_blocks);
836 (void) chkdq(ip, -change, cred, CHOWN);
837 (void) chkiq(ip, -1, cred, CHOWN);
838 for (i = 0; i < MAXQUOTAS; i++) {
839 dqrele(vp, ip->i_dquot[i]);
840 ip->i_dquot[i] = NODQUOT;
841 }
842 #endif
843 ip->i_gid = gid;
844 DIP_SET(ip, i_gid, gid);
845 ip->i_uid = uid;
846 DIP_SET(ip, i_uid, uid);
847 #ifdef QUOTA
848 if ((error = getinoquota(ip)) == 0) {
849 if (ouid == uid) {
850 dqrele(vp, ip->i_dquot[USRQUOTA]);
851 ip->i_dquot[USRQUOTA] = NODQUOT;
852 }
853 if (ogid == gid) {
854 dqrele(vp, ip->i_dquot[GRPQUOTA]);
855 ip->i_dquot[GRPQUOTA] = NODQUOT;
856 }
857 if ((error = chkdq(ip, change, cred, CHOWN)) == 0) {
858 if ((error = chkiq(ip, 1, cred, CHOWN)) == 0)
859 goto good;
860 else
861 (void) chkdq(ip, -change, cred, CHOWN|FORCE);
862 }
863 for (i = 0; i < MAXQUOTAS; i++) {
864 dqrele(vp, ip->i_dquot[i]);
865 ip->i_dquot[i] = NODQUOT;
866 }
867 }
868 ip->i_gid = ogid;
869 DIP_SET(ip, i_gid, ogid);
870 ip->i_uid = ouid;
871 DIP_SET(ip, i_uid, ouid);
872 if (getinoquota(ip) == 0) {
873 if (ouid == uid) {
874 dqrele(vp, ip->i_dquot[USRQUOTA]);
875 ip->i_dquot[USRQUOTA] = NODQUOT;
876 }
877 if (ogid == gid) {
878 dqrele(vp, ip->i_dquot[GRPQUOTA]);
879 ip->i_dquot[GRPQUOTA] = NODQUOT;
880 }
881 (void) chkdq(ip, change, cred, FORCE|CHOWN);
882 (void) chkiq(ip, 1, cred, FORCE|CHOWN);
883 (void) getinoquota(ip);
884 }
885 return (error);
886 good:
887 if (getinoquota(ip))
888 panic("ufs_chown: lost quota");
889 #endif /* QUOTA */
890 ip->i_flag |= IN_CHANGE;
891 if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) {
892 if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, 0)) {
893 ip->i_mode &= ~(ISUID | ISGID);
894 DIP_SET(ip, i_mode, ip->i_mode);
895 }
896 }
897 error = UFS_UPDATE(vp, 0);
898 return (error);
899 }
900
901 static int
902 ufs_remove(ap)
903 struct vop_remove_args /* {
904 struct vnode *a_dvp;
905 struct vnode *a_vp;
906 struct componentname *a_cnp;
907 } */ *ap;
908 {
909 struct inode *ip;
910 struct vnode *vp = ap->a_vp;
911 struct vnode *dvp = ap->a_dvp;
912 int error;
913 struct thread *td;
914
915 td = curthread;
916 ip = VTOI(vp);
917 if ((ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) ||
918 (VTOI(dvp)->i_flags & APPEND)) {
919 error = EPERM;
920 goto out;
921 }
922 #ifdef UFS_GJOURNAL
923 ufs_gjournal_orphan(vp);
924 #endif
925 error = ufs_dirremove(dvp, ip, ap->a_cnp->cn_flags, 0);
926 if (ip->i_nlink <= 0)
927 vp->v_vflag |= VV_NOSYNC;
928 if ((ip->i_flags & SF_SNAPSHOT) != 0) {
929 /*
930 * Avoid deadlock where another thread is trying to
931 * update the inodeblock for dvp and is waiting on
932 * snaplk. Temporary unlock the vnode lock for the
933 * unlinked file and sync the directory. This should
934 * allow vput() of the directory to not block later on
935 * while holding the snapshot vnode locked, assuming
936 * that the directory hasn't been unlinked too.
937 */
938 VOP_UNLOCK(vp, 0);
939 (void) VOP_FSYNC(dvp, MNT_WAIT, td);
940 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
941 }
942 out:
943 return (error);
944 }
945
946 /*
947 * link vnode call
948 */
949 static int
950 ufs_link(ap)
951 struct vop_link_args /* {
952 struct vnode *a_tdvp;
953 struct vnode *a_vp;
954 struct componentname *a_cnp;
955 } */ *ap;
956 {
957 struct vnode *vp = ap->a_vp;
958 struct vnode *tdvp = ap->a_tdvp;
959 struct componentname *cnp = ap->a_cnp;
960 struct inode *ip;
961 struct direct newdir;
962 int error;
963
964 #ifdef INVARIANTS
965 if ((cnp->cn_flags & HASBUF) == 0)
966 panic("ufs_link: no name");
967 #endif
968 if (VTOI(tdvp)->i_effnlink < 2)
969 panic("ufs_link: Bad link count %d on parent",
970 VTOI(tdvp)->i_effnlink);
971 ip = VTOI(vp);
972 if ((nlink_t)ip->i_nlink >= LINK_MAX) {
973 error = EMLINK;
974 goto out;
975 }
976 /*
977 * The file may have been removed after namei droped the original
978 * lock.
979 */
980 if (ip->i_effnlink == 0) {
981 error = ENOENT;
982 goto out;
983 }
984 if (ip->i_flags & (IMMUTABLE | APPEND)) {
985 error = EPERM;
986 goto out;
987 }
988 ip->i_effnlink++;
989 ip->i_nlink++;
990 DIP_SET(ip, i_nlink, ip->i_nlink);
991 ip->i_flag |= IN_CHANGE;
992 if (DOINGSOFTDEP(vp))
993 softdep_setup_link(VTOI(tdvp), ip);
994 error = UFS_UPDATE(vp, !(DOINGSOFTDEP(vp) | DOINGASYNC(vp)));
995 if (!error) {
996 ufs_makedirentry(ip, cnp, &newdir);
997 error = ufs_direnter(tdvp, vp, &newdir, cnp, NULL, 0);
998 }
999
1000 if (error) {
1001 ip->i_effnlink--;
1002 ip->i_nlink--;
1003 DIP_SET(ip, i_nlink, ip->i_nlink);
1004 ip->i_flag |= IN_CHANGE;
1005 if (DOINGSOFTDEP(vp))
1006 softdep_revert_link(VTOI(tdvp), ip);
1007 }
1008 out:
1009 return (error);
1010 }
1011
1012 /*
1013 * whiteout vnode call
1014 */
1015 static int
1016 ufs_whiteout(ap)
1017 struct vop_whiteout_args /* {
1018 struct vnode *a_dvp;
1019 struct componentname *a_cnp;
1020 int a_flags;
1021 } */ *ap;
1022 {
1023 struct vnode *dvp = ap->a_dvp;
1024 struct componentname *cnp = ap->a_cnp;
1025 struct direct newdir;
1026 int error = 0;
1027
1028 switch (ap->a_flags) {
1029 case LOOKUP:
1030 /* 4.4 format directories support whiteout operations */
1031 if (dvp->v_mount->mnt_maxsymlinklen > 0)
1032 return (0);
1033 return (EOPNOTSUPP);
1034
1035 case CREATE:
1036 /* create a new directory whiteout */
1037 #ifdef INVARIANTS
1038 if ((cnp->cn_flags & SAVENAME) == 0)
1039 panic("ufs_whiteout: missing name");
1040 if (dvp->v_mount->mnt_maxsymlinklen <= 0)
1041 panic("ufs_whiteout: old format filesystem");
1042 #endif
1043
1044 newdir.d_ino = WINO;
1045 newdir.d_namlen = cnp->cn_namelen;
1046 bcopy(cnp->cn_nameptr, newdir.d_name, (unsigned)cnp->cn_namelen + 1);
1047 newdir.d_type = DT_WHT;
1048 error = ufs_direnter(dvp, NULL, &newdir, cnp, NULL, 0);
1049 break;
1050
1051 case DELETE:
1052 /* remove an existing directory whiteout */
1053 #ifdef INVARIANTS
1054 if (dvp->v_mount->mnt_maxsymlinklen <= 0)
1055 panic("ufs_whiteout: old format filesystem");
1056 #endif
1057
1058 cnp->cn_flags &= ~DOWHITEOUT;
1059 error = ufs_dirremove(dvp, NULL, cnp->cn_flags, 0);
1060 break;
1061 default:
1062 panic("ufs_whiteout: unknown op");
1063 }
1064 return (error);
1065 }
1066
1067 static volatile int rename_restarts;
1068 SYSCTL_INT(_vfs_ufs, OID_AUTO, rename_restarts, CTLFLAG_RD,
1069 __DEVOLATILE(int *, &rename_restarts), 0,
1070 "Times rename had to restart due to lock contention");
1071
1072 /*
1073 * Rename system call.
1074 * rename("foo", "bar");
1075 * is essentially
1076 * unlink("bar");
1077 * link("foo", "bar");
1078 * unlink("foo");
1079 * but ``atomically''. Can't do full commit without saving state in the
1080 * inode on disk which isn't feasible at this time. Best we can do is
1081 * always guarantee the target exists.
1082 *
1083 * Basic algorithm is:
1084 *
1085 * 1) Bump link count on source while we're linking it to the
1086 * target. This also ensure the inode won't be deleted out
1087 * from underneath us while we work (it may be truncated by
1088 * a concurrent `trunc' or `open' for creation).
1089 * 2) Link source to destination. If destination already exists,
1090 * delete it first.
1091 * 3) Unlink source reference to inode if still around. If a
1092 * directory was moved and the parent of the destination
1093 * is different from the source, patch the ".." entry in the
1094 * directory.
1095 */
1096 static int
1097 ufs_rename(ap)
1098 struct vop_rename_args /* {
1099 struct vnode *a_fdvp;
1100 struct vnode *a_fvp;
1101 struct componentname *a_fcnp;
1102 struct vnode *a_tdvp;
1103 struct vnode *a_tvp;
1104 struct componentname *a_tcnp;
1105 } */ *ap;
1106 {
1107 struct vnode *tvp = ap->a_tvp;
1108 struct vnode *tdvp = ap->a_tdvp;
1109 struct vnode *fvp = ap->a_fvp;
1110 struct vnode *fdvp = ap->a_fdvp;
1111 struct vnode *nvp;
1112 struct componentname *tcnp = ap->a_tcnp;
1113 struct componentname *fcnp = ap->a_fcnp;
1114 struct thread *td = fcnp->cn_thread;
1115 struct inode *fip, *tip, *tdp, *fdp;
1116 struct direct newdir;
1117 off_t endoff;
1118 int doingdirectory, newparent;
1119 int error = 0;
1120 struct mount *mp;
1121 ino_t ino;
1122
1123 #ifdef INVARIANTS
1124 if ((tcnp->cn_flags & HASBUF) == 0 ||
1125 (fcnp->cn_flags & HASBUF) == 0)
1126 panic("ufs_rename: no name");
1127 #endif
1128 endoff = 0;
1129 mp = tdvp->v_mount;
1130 VOP_UNLOCK(tdvp, 0);
1131 if (tvp && tvp != tdvp)
1132 VOP_UNLOCK(tvp, 0);
1133 /*
1134 * Check for cross-device rename.
1135 */
1136 if ((fvp->v_mount != tdvp->v_mount) ||
1137 (tvp && (fvp->v_mount != tvp->v_mount))) {
1138 error = EXDEV;
1139 mp = NULL;
1140 goto releout;
1141 }
1142 relock:
1143 /*
1144 * We need to acquire 2 to 4 locks depending on whether tvp is NULL
1145 * and fdvp and tdvp are the same directory. Subsequently we need
1146 * to double-check all paths and in the directory rename case we
1147 * need to verify that we are not creating a directory loop. To
1148 * handle this we acquire all but fdvp using non-blocking
1149 * acquisitions. If we fail to acquire any lock in the path we will
1150 * drop all held locks, acquire the new lock in a blocking fashion,
1151 * and then release it and restart the rename. This acquire/release
1152 * step ensures that we do not spin on a lock waiting for release.
1153 */
1154 error = vn_lock(fdvp, LK_EXCLUSIVE);
1155 if (error)
1156 goto releout;
1157 if (vn_lock(tdvp, LK_EXCLUSIVE | LK_NOWAIT) != 0) {
1158 VOP_UNLOCK(fdvp, 0);
1159 error = vn_lock(tdvp, LK_EXCLUSIVE);
1160 if (error)
1161 goto releout;
1162 VOP_UNLOCK(tdvp, 0);
1163 atomic_add_int(&rename_restarts, 1);
1164 goto relock;
1165 }
1166 /*
1167 * Re-resolve fvp to be certain it still exists and fetch the
1168 * correct vnode.
1169 */
1170 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino);
1171 if (error) {
1172 VOP_UNLOCK(fdvp, 0);
1173 VOP_UNLOCK(tdvp, 0);
1174 goto releout;
1175 }
1176 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp);
1177 if (error) {
1178 VOP_UNLOCK(fdvp, 0);
1179 VOP_UNLOCK(tdvp, 0);
1180 if (error != EBUSY)
1181 goto releout;
1182 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp);
1183 if (error != 0)
1184 goto releout;
1185 VOP_UNLOCK(nvp, 0);
1186 vrele(fvp);
1187 fvp = nvp;
1188 atomic_add_int(&rename_restarts, 1);
1189 goto relock;
1190 }
1191 vrele(fvp);
1192 fvp = nvp;
1193 /*
1194 * Re-resolve tvp and acquire the vnode lock if present.
1195 */
1196 error = ufs_lookup_ino(tdvp, NULL, tcnp, &ino);
1197 if (error != 0 && error != EJUSTRETURN) {
1198 VOP_UNLOCK(fdvp, 0);
1199 VOP_UNLOCK(tdvp, 0);
1200 VOP_UNLOCK(fvp, 0);
1201 goto releout;
1202 }
1203 /*
1204 * If tvp disappeared we just carry on.
1205 */
1206 if (error == EJUSTRETURN && tvp != NULL) {
1207 vrele(tvp);
1208 tvp = NULL;
1209 }
1210 /*
1211 * Get the tvp ino if the lookup succeeded. We may have to restart
1212 * if the non-blocking acquire fails.
1213 */
1214 if (error == 0) {
1215 nvp = NULL;
1216 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp);
1217 if (tvp)
1218 vrele(tvp);
1219 tvp = nvp;
1220 if (error) {
1221 VOP_UNLOCK(fdvp, 0);
1222 VOP_UNLOCK(tdvp, 0);
1223 VOP_UNLOCK(fvp, 0);
1224 if (error != EBUSY)
1225 goto releout;
1226 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp);
1227 if (error != 0)
1228 goto releout;
1229 vput(nvp);
1230 atomic_add_int(&rename_restarts, 1);
1231 goto relock;
1232 }
1233 }
1234 fdp = VTOI(fdvp);
1235 fip = VTOI(fvp);
1236 tdp = VTOI(tdvp);
1237 tip = NULL;
1238 if (tvp)
1239 tip = VTOI(tvp);
1240 if (tvp && ((VTOI(tvp)->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) ||
1241 (VTOI(tdvp)->i_flags & APPEND))) {
1242 error = EPERM;
1243 goto unlockout;
1244 }
1245 /*
1246 * Renaming a file to itself has no effect. The upper layers should
1247 * not call us in that case. However, things could change after
1248 * we drop the locks above.
1249 */
1250 if (fvp == tvp) {
1251 error = 0;
1252 goto unlockout;
1253 }
1254 doingdirectory = 0;
1255 newparent = 0;
1256 ino = fip->i_number;
1257 if (fip->i_nlink >= LINK_MAX) {
1258 error = EMLINK;
1259 goto unlockout;
1260 }
1261 if ((fip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))
1262 || (fdp->i_flags & APPEND)) {
1263 error = EPERM;
1264 goto unlockout;
1265 }
1266 if ((fip->i_mode & IFMT) == IFDIR) {
1267 /*
1268 * Avoid ".", "..", and aliases of "." for obvious reasons.
1269 */
1270 if ((fcnp->cn_namelen == 1 && fcnp->cn_nameptr[0] == '.') ||
1271 fdp == fip ||
1272 (fcnp->cn_flags | tcnp->cn_flags) & ISDOTDOT) {
1273 error = EINVAL;
1274 goto unlockout;
1275 }
1276 if (fdp->i_number != tdp->i_number)
1277 newparent = tdp->i_number;
1278 doingdirectory = 1;
1279 }
1280 if ((fvp->v_type == VDIR && fvp->v_mountedhere != NULL) ||
1281 (tvp != NULL && tvp->v_type == VDIR &&
1282 tvp->v_mountedhere != NULL)) {
1283 error = EXDEV;
1284 goto unlockout;
1285 }
1286
1287 /*
1288 * If ".." must be changed (ie the directory gets a new
1289 * parent) then the source directory must not be in the
1290 * directory hierarchy above the target, as this would
1291 * orphan everything below the source directory. Also
1292 * the user must have write permission in the source so
1293 * as to be able to change "..".
1294 */
1295 if (doingdirectory && newparent) {
1296 error = VOP_ACCESS(fvp, VWRITE, tcnp->cn_cred, tcnp->cn_thread);
1297 if (error)
1298 goto unlockout;
1299 error = ufs_checkpath(ino, fdp->i_number, tdp, tcnp->cn_cred,
1300 &ino);
1301 /*
1302 * We encountered a lock that we have to wait for. Unlock
1303 * everything else and VGET before restarting.
1304 */
1305 if (ino) {
1306 VOP_UNLOCK(fdvp, 0);
1307 VOP_UNLOCK(fvp, 0);
1308 VOP_UNLOCK(tdvp, 0);
1309 if (tvp)
1310 VOP_UNLOCK(tvp, 0);
1311 error = VFS_VGET(mp, ino, LK_SHARED, &nvp);
1312 if (error == 0)
1313 vput(nvp);
1314 atomic_add_int(&rename_restarts, 1);
1315 goto relock;
1316 }
1317 if (error)
1318 goto unlockout;
1319 if ((tcnp->cn_flags & SAVESTART) == 0)
1320 panic("ufs_rename: lost to startdir");
1321 }
1322 if (fip->i_effnlink == 0 || fdp->i_effnlink == 0 ||
1323 tdp->i_effnlink == 0)
1324 panic("Bad effnlink fip %p, fdp %p, tdp %p", fip, fdp, tdp);
1325
1326 /*
1327 * 1) Bump link count while we're moving stuff
1328 * around. If we crash somewhere before
1329 * completing our work, the link count
1330 * may be wrong, but correctable.
1331 */
1332 fip->i_effnlink++;
1333 fip->i_nlink++;
1334 DIP_SET(fip, i_nlink, fip->i_nlink);
1335 fip->i_flag |= IN_CHANGE;
1336 if (DOINGSOFTDEP(fvp))
1337 softdep_setup_link(tdp, fip);
1338 error = UFS_UPDATE(fvp, !(DOINGSOFTDEP(fvp) | DOINGASYNC(fvp)));
1339 if (error)
1340 goto bad;
1341
1342 /*
1343 * 2) If target doesn't exist, link the target
1344 * to the source and unlink the source.
1345 * Otherwise, rewrite the target directory
1346 * entry to reference the source inode and
1347 * expunge the original entry's existence.
1348 */
1349 if (tip == NULL) {
1350 if (tdp->i_dev != fip->i_dev)
1351 panic("ufs_rename: EXDEV");
1352 if (doingdirectory && newparent) {
1353 /*
1354 * Account for ".." in new directory.
1355 * When source and destination have the same
1356 * parent we don't adjust the link count. The
1357 * actual link modification is completed when
1358 * .. is rewritten below.
1359 */
1360 if ((nlink_t)tdp->i_nlink >= LINK_MAX) {
1361 error = EMLINK;
1362 goto bad;
1363 }
1364 }
1365 ufs_makedirentry(fip, tcnp, &newdir);
1366 error = ufs_direnter(tdvp, NULL, &newdir, tcnp, NULL, 1);
1367 if (error)
1368 goto bad;
1369 /* Setup tdvp for directory compaction if needed. */
1370 if (tdp->i_count && tdp->i_endoff &&
1371 tdp->i_endoff < tdp->i_size)
1372 endoff = tdp->i_endoff;
1373 } else {
1374 if (tip->i_dev != tdp->i_dev || tip->i_dev != fip->i_dev)
1375 panic("ufs_rename: EXDEV");
1376 /*
1377 * Short circuit rename(foo, foo).
1378 */
1379 if (tip->i_number == fip->i_number)
1380 panic("ufs_rename: same file");
1381 /*
1382 * If the parent directory is "sticky", then the caller
1383 * must possess VADMIN for the parent directory, or the
1384 * destination of the rename. This implements append-only
1385 * directories.
1386 */
1387 if ((tdp->i_mode & S_ISTXT) &&
1388 VOP_ACCESS(tdvp, VADMIN, tcnp->cn_cred, td) &&
1389 VOP_ACCESS(tvp, VADMIN, tcnp->cn_cred, td)) {
1390 error = EPERM;
1391 goto bad;
1392 }
1393 /*
1394 * Target must be empty if a directory and have no links
1395 * to it. Also, ensure source and target are compatible
1396 * (both directories, or both not directories).
1397 */
1398 if ((tip->i_mode & IFMT) == IFDIR) {
1399 if ((tip->i_effnlink > 2) ||
1400 !ufs_dirempty(tip, tdp->i_number, tcnp->cn_cred)) {
1401 error = ENOTEMPTY;
1402 goto bad;
1403 }
1404 if (!doingdirectory) {
1405 error = ENOTDIR;
1406 goto bad;
1407 }
1408 cache_purge(tdvp);
1409 } else if (doingdirectory) {
1410 error = EISDIR;
1411 goto bad;
1412 }
1413 if (doingdirectory) {
1414 if (!newparent) {
1415 tdp->i_effnlink--;
1416 if (DOINGSOFTDEP(tdvp))
1417 softdep_change_linkcnt(tdp);
1418 }
1419 tip->i_effnlink--;
1420 if (DOINGSOFTDEP(tvp))
1421 softdep_change_linkcnt(tip);
1422 }
1423 error = ufs_dirrewrite(tdp, tip, fip->i_number,
1424 IFTODT(fip->i_mode),
1425 (doingdirectory && newparent) ? newparent : doingdirectory);
1426 if (error) {
1427 if (doingdirectory) {
1428 if (!newparent) {
1429 tdp->i_effnlink++;
1430 if (DOINGSOFTDEP(tdvp))
1431 softdep_change_linkcnt(tdp);
1432 }
1433 tip->i_effnlink++;
1434 if (DOINGSOFTDEP(tvp))
1435 softdep_change_linkcnt(tip);
1436 }
1437 }
1438 if (doingdirectory && !DOINGSOFTDEP(tvp)) {
1439 /*
1440 * The only stuff left in the directory is "."
1441 * and "..". The "." reference is inconsequential
1442 * since we are quashing it. We have removed the "."
1443 * reference and the reference in the parent directory,
1444 * but there may be other hard links. The soft
1445 * dependency code will arrange to do these operations
1446 * after the parent directory entry has been deleted on
1447 * disk, so when running with that code we avoid doing
1448 * them now.
1449 */
1450 if (!newparent) {
1451 tdp->i_nlink--;
1452 DIP_SET(tdp, i_nlink, tdp->i_nlink);
1453 tdp->i_flag |= IN_CHANGE;
1454 }
1455 tip->i_nlink--;
1456 DIP_SET(tip, i_nlink, tip->i_nlink);
1457 tip->i_flag |= IN_CHANGE;
1458 }
1459 }
1460
1461 /*
1462 * 3) Unlink the source. We have to resolve the path again to
1463 * fixup the directory offset and count for ufs_dirremove.
1464 */
1465 if (fdvp == tdvp) {
1466 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino);
1467 if (error)
1468 panic("ufs_rename: from entry went away!");
1469 if (ino != fip->i_number)
1470 panic("ufs_rename: ino mismatch %ju != %ju\n",
1471 (uintmax_t)ino, (uintmax_t)fip->i_number);
1472 }
1473 /*
1474 * If the source is a directory with a
1475 * new parent, the link count of the old
1476 * parent directory must be decremented
1477 * and ".." set to point to the new parent.
1478 */
1479 if (doingdirectory && newparent) {
1480 /*
1481 * If tip exists we simply use its link, otherwise we must
1482 * add a new one.
1483 */
1484 if (tip == NULL) {
1485 tdp->i_effnlink++;
1486 tdp->i_nlink++;
1487 DIP_SET(tdp, i_nlink, tdp->i_nlink);
1488 tdp->i_flag |= IN_CHANGE;
1489 if (DOINGSOFTDEP(tdvp))
1490 softdep_setup_dotdot_link(tdp, fip);
1491 error = UFS_UPDATE(tdvp, !(DOINGSOFTDEP(tdvp) |
1492 DOINGASYNC(tdvp)));
1493 /* Don't go to bad here as the new link exists. */
1494 if (error)
1495 goto unlockout;
1496 } else if (DOINGSUJ(tdvp))
1497 /* Journal must account for each new link. */
1498 softdep_setup_dotdot_link(tdp, fip);
1499 fip->i_offset = mastertemplate.dot_reclen;
1500 ufs_dirrewrite(fip, fdp, newparent, DT_DIR, 0);
1501 cache_purge(fdvp);
1502 }
1503 error = ufs_dirremove(fdvp, fip, fcnp->cn_flags, 0);
1504 /*
1505 * The kern_renameat() looks up the fvp using the DELETE flag, which
1506 * causes the removal of the name cache entry for fvp.
1507 * As the relookup of the fvp is done in two steps:
1508 * ufs_lookup_ino() and then VFS_VGET(), another thread might do a
1509 * normal lookup of the from name just before the VFS_VGET() call,
1510 * causing the cache entry to be re-instantiated.
1511 *
1512 * The same issue also applies to tvp if it exists as
1513 * otherwise we may have a stale name cache entry for the new
1514 * name that references the old i-node if it has other links
1515 * or open file descriptors.
1516 */
1517 cache_purge(fvp);
1518 if (tvp)
1519 cache_purge(tvp);
1520 cache_purge_negative(tdvp);
1521
1522 unlockout:
1523 vput(fdvp);
1524 vput(fvp);
1525 if (tvp)
1526 vput(tvp);
1527 /*
1528 * If compaction or fsync was requested do it now that other locks
1529 * are no longer needed.
1530 */
1531 if (error == 0 && endoff != 0) {
1532 #ifdef UFS_DIRHASH
1533 if (tdp->i_dirhash != NULL)
1534 ufsdirhash_dirtrunc(tdp, endoff);
1535 #endif
1536 UFS_TRUNCATE(tdvp, endoff, IO_NORMAL | IO_SYNC, tcnp->cn_cred);
1537 }
1538 if (error == 0 && tdp->i_flag & IN_NEEDSYNC)
1539 error = VOP_FSYNC(tdvp, MNT_WAIT, td);
1540 vput(tdvp);
1541 return (error);
1542
1543 bad:
1544 fip->i_effnlink--;
1545 fip->i_nlink--;
1546 DIP_SET(fip, i_nlink, fip->i_nlink);
1547 fip->i_flag |= IN_CHANGE;
1548 if (DOINGSOFTDEP(fvp))
1549 softdep_revert_link(tdp, fip);
1550 goto unlockout;
1551
1552 releout:
1553 vrele(fdvp);
1554 vrele(fvp);
1555 vrele(tdvp);
1556 if (tvp)
1557 vrele(tvp);
1558
1559 return (error);
1560 }
1561
1562 #ifdef UFS_ACL
1563 static int
1564 ufs_do_posix1e_acl_inheritance_dir(struct vnode *dvp, struct vnode *tvp,
1565 mode_t dmode, struct ucred *cred, struct thread *td)
1566 {
1567 int error;
1568 struct inode *ip = VTOI(tvp);
1569 struct acl *dacl, *acl;
1570
1571 acl = acl_alloc(M_WAITOK);
1572 dacl = acl_alloc(M_WAITOK);
1573
1574 /*
1575 * Retrieve default ACL from parent, if any.
1576 */
1577 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td);
1578 switch (error) {
1579 case 0:
1580 /*
1581 * Retrieved a default ACL, so merge mode and ACL if
1582 * necessary. If the ACL is empty, fall through to
1583 * the "not defined or available" case.
1584 */
1585 if (acl->acl_cnt != 0) {
1586 dmode = acl_posix1e_newfilemode(dmode, acl);
1587 ip->i_mode = dmode;
1588 DIP_SET(ip, i_mode, dmode);
1589 *dacl = *acl;
1590 ufs_sync_acl_from_inode(ip, acl);
1591 break;
1592 }
1593 /* FALLTHROUGH */
1594
1595 case EOPNOTSUPP:
1596 /*
1597 * Just use the mode as-is.
1598 */
1599 ip->i_mode = dmode;
1600 DIP_SET(ip, i_mode, dmode);
1601 error = 0;
1602 goto out;
1603
1604 default:
1605 goto out;
1606 }
1607
1608 /*
1609 * XXX: If we abort now, will Soft Updates notify the extattr
1610 * code that the EAs for the file need to be released?
1611 */
1612 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td);
1613 if (error == 0)
1614 error = VOP_SETACL(tvp, ACL_TYPE_DEFAULT, dacl, cred, td);
1615 switch (error) {
1616 case 0:
1617 break;
1618
1619 case EOPNOTSUPP:
1620 /*
1621 * XXX: This should not happen, as EOPNOTSUPP above
1622 * was supposed to free acl.
1623 */
1624 printf("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()\n");
1625 /*
1626 panic("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()");
1627 */
1628 break;
1629
1630 default:
1631 goto out;
1632 }
1633
1634 out:
1635 acl_free(acl);
1636 acl_free(dacl);
1637
1638 return (error);
1639 }
1640
1641 static int
1642 ufs_do_posix1e_acl_inheritance_file(struct vnode *dvp, struct vnode *tvp,
1643 mode_t mode, struct ucred *cred, struct thread *td)
1644 {
1645 int error;
1646 struct inode *ip = VTOI(tvp);
1647 struct acl *acl;
1648
1649 acl = acl_alloc(M_WAITOK);
1650
1651 /*
1652 * Retrieve default ACL for parent, if any.
1653 */
1654 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td);
1655 switch (error) {
1656 case 0:
1657 /*
1658 * Retrieved a default ACL, so merge mode and ACL if
1659 * necessary.
1660 */
1661 if (acl->acl_cnt != 0) {
1662 /*
1663 * Two possible ways for default ACL to not
1664 * be present. First, the EA can be
1665 * undefined, or second, the default ACL can
1666 * be blank. If it's blank, fall through to
1667 * the it's not defined case.
1668 */
1669 mode = acl_posix1e_newfilemode(mode, acl);
1670 ip->i_mode = mode;
1671 DIP_SET(ip, i_mode, mode);
1672 ufs_sync_acl_from_inode(ip, acl);
1673 break;
1674 }
1675 /* FALLTHROUGH */
1676
1677 case EOPNOTSUPP:
1678 /*
1679 * Just use the mode as-is.
1680 */
1681 ip->i_mode = mode;
1682 DIP_SET(ip, i_mode, mode);
1683 error = 0;
1684 goto out;
1685
1686 default:
1687 goto out;
1688 }
1689
1690 /*
1691 * XXX: If we abort now, will Soft Updates notify the extattr
1692 * code that the EAs for the file need to be released?
1693 */
1694 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td);
1695 switch (error) {
1696 case 0:
1697 break;
1698
1699 case EOPNOTSUPP:
1700 /*
1701 * XXX: This should not happen, as EOPNOTSUPP above was
1702 * supposed to free acl.
1703 */
1704 printf("ufs_makeinode: VOP_GETACL() but no "
1705 "VOP_SETACL()\n");
1706 /* panic("ufs_makeinode: VOP_GETACL() but no "
1707 "VOP_SETACL()"); */
1708 break;
1709
1710 default:
1711 goto out;
1712 }
1713
1714 out:
1715 acl_free(acl);
1716
1717 return (error);
1718 }
1719
1720 static int
1721 ufs_do_nfs4_acl_inheritance(struct vnode *dvp, struct vnode *tvp,
1722 mode_t child_mode, struct ucred *cred, struct thread *td)
1723 {
1724 int error;
1725 struct acl *parent_aclp, *child_aclp;
1726
1727 parent_aclp = acl_alloc(M_WAITOK);
1728 child_aclp = acl_alloc(M_WAITOK | M_ZERO);
1729
1730 error = ufs_getacl_nfs4_internal(dvp, parent_aclp, td);
1731 if (error)
1732 goto out;
1733 acl_nfs4_compute_inherited_acl(parent_aclp, child_aclp,
1734 child_mode, VTOI(tvp)->i_uid, tvp->v_type == VDIR);
1735 error = ufs_setacl_nfs4_internal(tvp, child_aclp, td);
1736 if (error)
1737 goto out;
1738 out:
1739 acl_free(parent_aclp);
1740 acl_free(child_aclp);
1741
1742 return (error);
1743 }
1744 #endif
1745
1746 /*
1747 * Mkdir system call
1748 */
1749 static int
1750 ufs_mkdir(ap)
1751 struct vop_mkdir_args /* {
1752 struct vnode *a_dvp;
1753 struct vnode **a_vpp;
1754 struct componentname *a_cnp;
1755 struct vattr *a_vap;
1756 } */ *ap;
1757 {
1758 struct vnode *dvp = ap->a_dvp;
1759 struct vattr *vap = ap->a_vap;
1760 struct componentname *cnp = ap->a_cnp;
1761 struct inode *ip, *dp;
1762 struct vnode *tvp;
1763 struct buf *bp;
1764 struct dirtemplate dirtemplate, *dtp;
1765 struct direct newdir;
1766 int error, dmode;
1767 long blkoff;
1768
1769 #ifdef INVARIANTS
1770 if ((cnp->cn_flags & HASBUF) == 0)
1771 panic("ufs_mkdir: no name");
1772 #endif
1773 dp = VTOI(dvp);
1774 if ((nlink_t)dp->i_nlink >= LINK_MAX) {
1775 error = EMLINK;
1776 goto out;
1777 }
1778 dmode = vap->va_mode & 0777;
1779 dmode |= IFDIR;
1780 /*
1781 * Must simulate part of ufs_makeinode here to acquire the inode,
1782 * but not have it entered in the parent directory. The entry is
1783 * made later after writing "." and ".." entries.
1784 */
1785 error = UFS_VALLOC(dvp, dmode, cnp->cn_cred, &tvp);
1786 if (error)
1787 goto out;
1788 ip = VTOI(tvp);
1789 ip->i_gid = dp->i_gid;
1790 DIP_SET(ip, i_gid, dp->i_gid);
1791 #ifdef SUIDDIR
1792 {
1793 #ifdef QUOTA
1794 struct ucred ucred, *ucp;
1795 gid_t ucred_group;
1796 ucp = cnp->cn_cred;
1797 #endif
1798 /*
1799 * If we are hacking owners here, (only do this where told to)
1800 * and we are not giving it TO root, (would subvert quotas)
1801 * then go ahead and give it to the other user.
1802 * The new directory also inherits the SUID bit.
1803 * If user's UID and dir UID are the same,
1804 * 'give it away' so that the SUID is still forced on.
1805 */
1806 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) &&
1807 (dp->i_mode & ISUID) && dp->i_uid) {
1808 dmode |= ISUID;
1809 ip->i_uid = dp->i_uid;
1810 DIP_SET(ip, i_uid, dp->i_uid);
1811 #ifdef QUOTA
1812 if (dp->i_uid != cnp->cn_cred->cr_uid) {
1813 /*
1814 * Make sure the correct user gets charged
1815 * for the space.
1816 * Make a dummy credential for the victim.
1817 * XXX This seems to never be accessed out of
1818 * our context so a stack variable is ok.
1819 */
1820 refcount_init(&ucred.cr_ref, 1);
1821 ucred.cr_uid = ip->i_uid;
1822 ucred.cr_ngroups = 1;
1823 ucred.cr_groups = &ucred_group;
1824 ucred.cr_groups[0] = dp->i_gid;
1825 ucp = &ucred;
1826 }
1827 #endif
1828 } else {
1829 ip->i_uid = cnp->cn_cred->cr_uid;
1830 DIP_SET(ip, i_uid, ip->i_uid);
1831 }
1832 #ifdef QUOTA
1833 if ((error = getinoquota(ip)) ||
1834 (error = chkiq(ip, 1, ucp, 0))) {
1835 if (DOINGSOFTDEP(tvp))
1836 softdep_revert_link(dp, ip);
1837 UFS_VFREE(tvp, ip->i_number, dmode);
1838 vput(tvp);
1839 return (error);
1840 }
1841 #endif
1842 }
1843 #else /* !SUIDDIR */
1844 ip->i_uid = cnp->cn_cred->cr_uid;
1845 DIP_SET(ip, i_uid, ip->i_uid);
1846 #ifdef QUOTA
1847 if ((error = getinoquota(ip)) ||
1848 (error = chkiq(ip, 1, cnp->cn_cred, 0))) {
1849 if (DOINGSOFTDEP(tvp))
1850 softdep_revert_link(dp, ip);
1851 UFS_VFREE(tvp, ip->i_number, dmode);
1852 vput(tvp);
1853 return (error);
1854 }
1855 #endif
1856 #endif /* !SUIDDIR */
1857 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE;
1858 ip->i_mode = dmode;
1859 DIP_SET(ip, i_mode, dmode);
1860 tvp->v_type = VDIR; /* Rest init'd in getnewvnode(). */
1861 ip->i_effnlink = 2;
1862 ip->i_nlink = 2;
1863 DIP_SET(ip, i_nlink, 2);
1864
1865 if (cnp->cn_flags & ISWHITEOUT) {
1866 ip->i_flags |= UF_OPAQUE;
1867 DIP_SET(ip, i_flags, ip->i_flags);
1868 }
1869
1870 /*
1871 * Bump link count in parent directory to reflect work done below.
1872 * Should be done before reference is created so cleanup is
1873 * possible if we crash.
1874 */
1875 dp->i_effnlink++;
1876 dp->i_nlink++;
1877 DIP_SET(dp, i_nlink, dp->i_nlink);
1878 dp->i_flag |= IN_CHANGE;
1879 if (DOINGSOFTDEP(dvp))
1880 softdep_setup_mkdir(dp, ip);
1881 error = UFS_UPDATE(dvp, !(DOINGSOFTDEP(dvp) | DOINGASYNC(dvp)));
1882 if (error)
1883 goto bad;
1884 #ifdef MAC
1885 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) {
1886 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount,
1887 dvp, tvp, cnp);
1888 if (error)
1889 goto bad;
1890 }
1891 #endif
1892 #ifdef UFS_ACL
1893 if (dvp->v_mount->mnt_flag & MNT_ACLS) {
1894 error = ufs_do_posix1e_acl_inheritance_dir(dvp, tvp, dmode,
1895 cnp->cn_cred, cnp->cn_thread);
1896 if (error)
1897 goto bad;
1898 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) {
1899 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, dmode,
1900 cnp->cn_cred, cnp->cn_thread);
1901 if (error)
1902 goto bad;
1903 }
1904 #endif /* !UFS_ACL */
1905
1906 /*
1907 * Initialize directory with "." and ".." from static template.
1908 */
1909 if (dvp->v_mount->mnt_maxsymlinklen > 0)
1910 dtp = &mastertemplate;
1911 else
1912 dtp = (struct dirtemplate *)&omastertemplate;
1913 dirtemplate = *dtp;
1914 dirtemplate.dot_ino = ip->i_number;
1915 dirtemplate.dotdot_ino = dp->i_number;
1916 vnode_pager_setsize(tvp, DIRBLKSIZ);
1917 if ((error = UFS_BALLOC(tvp, (off_t)0, DIRBLKSIZ, cnp->cn_cred,
1918 BA_CLRBUF, &bp)) != 0)
1919 goto bad;
1920 ip->i_size = DIRBLKSIZ;
1921 DIP_SET(ip, i_size, DIRBLKSIZ);
1922 ip->i_flag |= IN_CHANGE | IN_UPDATE;
1923 bcopy((caddr_t)&dirtemplate, (caddr_t)bp->b_data, sizeof dirtemplate);
1924 if (DOINGSOFTDEP(tvp)) {
1925 /*
1926 * Ensure that the entire newly allocated block is a
1927 * valid directory so that future growth within the
1928 * block does not have to ensure that the block is
1929 * written before the inode.
1930 */
1931 blkoff = DIRBLKSIZ;
1932 while (blkoff < bp->b_bcount) {
1933 ((struct direct *)
1934 (bp->b_data + blkoff))->d_reclen = DIRBLKSIZ;
1935 blkoff += DIRBLKSIZ;
1936 }
1937 }
1938 if ((error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(tvp) |
1939 DOINGASYNC(tvp)))) != 0) {
1940 (void)bwrite(bp);
1941 goto bad;
1942 }
1943 /*
1944 * Directory set up, now install its entry in the parent directory.
1945 *
1946 * If we are not doing soft dependencies, then we must write out the
1947 * buffer containing the new directory body before entering the new
1948 * name in the parent. If we are doing soft dependencies, then the
1949 * buffer containing the new directory body will be passed to and
1950 * released in the soft dependency code after the code has attached
1951 * an appropriate ordering dependency to the buffer which ensures that
1952 * the buffer is written before the new name is written in the parent.
1953 */
1954 if (DOINGASYNC(dvp))
1955 bdwrite(bp);
1956 else if (!DOINGSOFTDEP(dvp) && ((error = bwrite(bp))))
1957 goto bad;
1958 ufs_makedirentry(ip, cnp, &newdir);
1959 error = ufs_direnter(dvp, tvp, &newdir, cnp, bp, 0);
1960
1961 bad:
1962 if (error == 0) {
1963 *ap->a_vpp = tvp;
1964 } else {
1965 dp->i_effnlink--;
1966 dp->i_nlink--;
1967 DIP_SET(dp, i_nlink, dp->i_nlink);
1968 dp->i_flag |= IN_CHANGE;
1969 /*
1970 * No need to do an explicit VOP_TRUNCATE here, vrele will
1971 * do this for us because we set the link count to 0.
1972 */
1973 ip->i_effnlink = 0;
1974 ip->i_nlink = 0;
1975 DIP_SET(ip, i_nlink, 0);
1976 ip->i_flag |= IN_CHANGE;
1977 if (DOINGSOFTDEP(tvp))
1978 softdep_revert_mkdir(dp, ip);
1979
1980 vput(tvp);
1981 }
1982 out:
1983 return (error);
1984 }
1985
1986 /*
1987 * Rmdir system call.
1988 */
1989 static int
1990 ufs_rmdir(ap)
1991 struct vop_rmdir_args /* {
1992 struct vnode *a_dvp;
1993 struct vnode *a_vp;
1994 struct componentname *a_cnp;
1995 } */ *ap;
1996 {
1997 struct vnode *vp = ap->a_vp;
1998 struct vnode *dvp = ap->a_dvp;
1999 struct componentname *cnp = ap->a_cnp;
2000 struct inode *ip, *dp;
2001 int error;
2002
2003 ip = VTOI(vp);
2004 dp = VTOI(dvp);
2005
2006 /*
2007 * Do not remove a directory that is in the process of being renamed.
2008 * Verify the directory is empty (and valid). Rmdir ".." will not be
2009 * valid since ".." will contain a reference to the current directory
2010 * and thus be non-empty. Do not allow the removal of mounted on
2011 * directories (this can happen when an NFS exported filesystem
2012 * tries to remove a locally mounted on directory).
2013 */
2014 error = 0;
2015 if (ip->i_effnlink < 2) {
2016 error = EINVAL;
2017 goto out;
2018 }
2019 if (dp->i_effnlink < 3)
2020 panic("ufs_dirrem: Bad link count %d on parent",
2021 dp->i_effnlink);
2022 if (!ufs_dirempty(ip, dp->i_number, cnp->cn_cred)) {
2023 error = ENOTEMPTY;
2024 goto out;
2025 }
2026 if ((dp->i_flags & APPEND)
2027 || (ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))) {
2028 error = EPERM;
2029 goto out;
2030 }
2031 if (vp->v_mountedhere != 0) {
2032 error = EINVAL;
2033 goto out;
2034 }
2035 #ifdef UFS_GJOURNAL
2036 ufs_gjournal_orphan(vp);
2037 #endif
2038 /*
2039 * Delete reference to directory before purging
2040 * inode. If we crash in between, the directory
2041 * will be reattached to lost+found,
2042 */
2043 dp->i_effnlink--;
2044 ip->i_effnlink--;
2045 if (DOINGSOFTDEP(vp))
2046 softdep_setup_rmdir(dp, ip);
2047 error = ufs_dirremove(dvp, ip, cnp->cn_flags, 1);
2048 if (error) {
2049 dp->i_effnlink++;
2050 ip->i_effnlink++;
2051 if (DOINGSOFTDEP(vp))
2052 softdep_revert_rmdir(dp, ip);
2053 goto out;
2054 }
2055 cache_purge(dvp);
2056 /*
2057 * The only stuff left in the directory is "." and "..". The "."
2058 * reference is inconsequential since we are quashing it. The soft
2059 * dependency code will arrange to do these operations after
2060 * the parent directory entry has been deleted on disk, so
2061 * when running with that code we avoid doing them now.
2062 */
2063 if (!DOINGSOFTDEP(vp)) {
2064 dp->i_nlink--;
2065 DIP_SET(dp, i_nlink, dp->i_nlink);
2066 dp->i_flag |= IN_CHANGE;
2067 error = UFS_UPDATE(dvp, 0);
2068 ip->i_nlink--;
2069 DIP_SET(ip, i_nlink, ip->i_nlink);
2070 ip->i_flag |= IN_CHANGE;
2071 }
2072 cache_purge(vp);
2073 #ifdef UFS_DIRHASH
2074 /* Kill any active hash; i_effnlink == 0, so it will not come back. */
2075 if (ip->i_dirhash != NULL)
2076 ufsdirhash_free(ip);
2077 #endif
2078 out:
2079 return (error);
2080 }
2081
2082 /*
2083 * symlink -- make a symbolic link
2084 */
2085 static int
2086 ufs_symlink(ap)
2087 struct vop_symlink_args /* {
2088 struct vnode *a_dvp;
2089 struct vnode **a_vpp;
2090 struct componentname *a_cnp;
2091 struct vattr *a_vap;
2092 char *a_target;
2093 } */ *ap;
2094 {
2095 struct vnode *vp, **vpp = ap->a_vpp;
2096 struct inode *ip;
2097 int len, error;
2098
2099 error = ufs_makeinode(IFLNK | ap->a_vap->va_mode, ap->a_dvp,
2100 vpp, ap->a_cnp);
2101 if (error)
2102 return (error);
2103 vp = *vpp;
2104 len = strlen(ap->a_target);
2105 if (len < vp->v_mount->mnt_maxsymlinklen) {
2106 ip = VTOI(vp);
2107 bcopy(ap->a_target, SHORTLINK(ip), len);
2108 ip->i_size = len;
2109 DIP_SET(ip, i_size, len);
2110 ip->i_flag |= IN_CHANGE | IN_UPDATE;
2111 error = UFS_UPDATE(vp, 0);
2112 } else
2113 error = vn_rdwr(UIO_WRITE, vp, ap->a_target, len, (off_t)0,
2114 UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK,
2115 ap->a_cnp->cn_cred, NOCRED, NULL, NULL);
2116 if (error)
2117 vput(vp);
2118 return (error);
2119 }
2120
2121 /*
2122 * Vnode op for reading directories.
2123 */
2124 int
2125 ufs_readdir(ap)
2126 struct vop_readdir_args /* {
2127 struct vnode *a_vp;
2128 struct uio *a_uio;
2129 struct ucred *a_cred;
2130 int *a_eofflag;
2131 int *a_ncookies;
2132 u_long **a_cookies;
2133 } */ *ap;
2134 {
2135 struct vnode *vp = ap->a_vp;
2136 struct uio *uio = ap->a_uio;
2137 struct buf *bp;
2138 struct inode *ip;
2139 struct direct *dp, *edp;
2140 u_long *cookies;
2141 struct dirent dstdp;
2142 off_t offset, startoffset;
2143 size_t readcnt, skipcnt;
2144 ssize_t startresid;
2145 int ncookies;
2146 int error;
2147
2148 if (uio->uio_offset < 0)
2149 return (EINVAL);
2150 ip = VTOI(vp);
2151 if (ip->i_effnlink == 0)
2152 return (0);
2153 if (ap->a_ncookies != NULL) {
2154 ncookies = uio->uio_resid;
2155 if (uio->uio_offset >= ip->i_size)
2156 ncookies = 0;
2157 else if (ip->i_size - uio->uio_offset < ncookies)
2158 ncookies = ip->i_size - uio->uio_offset;
2159 ncookies = ncookies / (offsetof(struct direct, d_name) + 4) + 1;
2160 cookies = malloc(ncookies * sizeof(*cookies), M_TEMP, M_WAITOK);
2161 *ap->a_ncookies = ncookies;
2162 *ap->a_cookies = cookies;
2163 } else {
2164 ncookies = 0;
2165 cookies = NULL;
2166 }
2167 offset = startoffset = uio->uio_offset;
2168 startresid = uio->uio_resid;
2169 error = 0;
2170 while (error == 0 && uio->uio_resid > 0 &&
2171 uio->uio_offset < ip->i_size) {
2172 error = ffs_blkatoff(vp, uio->uio_offset, NULL, &bp);
2173 if (error)
2174 break;
2175 if (bp->b_offset + bp->b_bcount > ip->i_size)
2176 readcnt = ip->i_size - bp->b_offset;
2177 else
2178 readcnt = bp->b_bcount;
2179 skipcnt = (size_t)(uio->uio_offset - bp->b_offset) &
2180 ~(size_t)(DIRBLKSIZ - 1);
2181 offset = bp->b_offset + skipcnt;
2182 dp = (struct direct *)&bp->b_data[skipcnt];
2183 edp = (struct direct *)&bp->b_data[readcnt];
2184 while (error == 0 && uio->uio_resid > 0 && dp < edp) {
2185 if (dp->d_reclen <= offsetof(struct direct, d_name) ||
2186 (caddr_t)dp + dp->d_reclen > (caddr_t)edp) {
2187 error = EIO;
2188 break;
2189 }
2190 #if BYTE_ORDER == LITTLE_ENDIAN
2191 /* Old filesystem format. */
2192 if (vp->v_mount->mnt_maxsymlinklen <= 0) {
2193 dstdp.d_namlen = dp->d_type;
2194 dstdp.d_type = dp->d_namlen;
2195 } else
2196 #endif
2197 {
2198 dstdp.d_namlen = dp->d_namlen;
2199 dstdp.d_type = dp->d_type;
2200 }
2201 if (offsetof(struct direct, d_name) + dstdp.d_namlen >
2202 dp->d_reclen) {
2203 error = EIO;
2204 break;
2205 }
2206 if (offset < startoffset || dp->d_ino == 0)
2207 goto nextentry;
2208 dstdp.d_fileno = dp->d_ino;
2209 dstdp.d_reclen = GENERIC_DIRSIZ(&dstdp);
2210 bcopy(dp->d_name, dstdp.d_name, dstdp.d_namlen);
2211 dstdp.d_name[dstdp.d_namlen] = '\0';
2212 if (dstdp.d_reclen > uio->uio_resid) {
2213 if (uio->uio_resid == startresid)
2214 error = EINVAL;
2215 else
2216 error = EJUSTRETURN;
2217 break;
2218 }
2219 /* Advance dp. */
2220 error = uiomove((caddr_t)&dstdp, dstdp.d_reclen, uio);
2221 if (error)
2222 break;
2223 if (cookies != NULL) {
2224 KASSERT(ncookies > 0,
2225 ("ufs_readdir: cookies buffer too small"));
2226 *cookies = offset + dp->d_reclen;
2227 cookies++;
2228 ncookies--;
2229 }
2230 nextentry:
2231 offset += dp->d_reclen;
2232 dp = (struct direct *)((caddr_t)dp + dp->d_reclen);
2233 }
2234 bqrelse(bp);
2235 uio->uio_offset = offset;
2236 }
2237 /* We need to correct uio_offset. */
2238 uio->uio_offset = offset;
2239 if (error == EJUSTRETURN)
2240 error = 0;
2241 if (ap->a_ncookies != NULL) {
2242 if (error == 0) {
2243 ap->a_ncookies -= ncookies;
2244 } else {
2245 free(*ap->a_cookies, M_TEMP);
2246 *ap->a_ncookies = 0;
2247 *ap->a_cookies = NULL;
2248 }
2249 }
2250 if (error == 0 && ap->a_eofflag)
2251 *ap->a_eofflag = ip->i_size <= uio->uio_offset;
2252 return (error);
2253 }
2254
2255 /*
2256 * Return target name of a symbolic link
2257 */
2258 static int
2259 ufs_readlink(ap)
2260 struct vop_readlink_args /* {
2261 struct vnode *a_vp;
2262 struct uio *a_uio;
2263 struct ucred *a_cred;
2264 } */ *ap;
2265 {
2266 struct vnode *vp = ap->a_vp;
2267 struct inode *ip = VTOI(vp);
2268 doff_t isize;
2269
2270 isize = ip->i_size;
2271 if ((isize < vp->v_mount->mnt_maxsymlinklen) ||
2272 DIP(ip, i_blocks) == 0) { /* XXX - for old fastlink support */
2273 return (uiomove(SHORTLINK(ip), isize, ap->a_uio));
2274 }
2275 return (VOP_READ(vp, ap->a_uio, 0, ap->a_cred));
2276 }
2277
2278 /*
2279 * Calculate the logical to physical mapping if not done already,
2280 * then call the device strategy routine.
2281 *
2282 * In order to be able to swap to a file, the ufs_bmaparray() operation may not
2283 * deadlock on memory. See ufs_bmap() for details.
2284 */
2285 static int
2286 ufs_strategy(ap)
2287 struct vop_strategy_args /* {
2288 struct vnode *a_vp;
2289 struct buf *a_bp;
2290 } */ *ap;
2291 {
2292 struct buf *bp = ap->a_bp;
2293 struct vnode *vp = ap->a_vp;
2294 struct bufobj *bo;
2295 struct inode *ip;
2296 ufs2_daddr_t blkno;
2297 int error;
2298
2299 ip = VTOI(vp);
2300 if (bp->b_blkno == bp->b_lblkno) {
2301 error = ufs_bmaparray(vp, bp->b_lblkno, &blkno, bp, NULL, NULL);
2302 bp->b_blkno = blkno;
2303 if (error) {
2304 bp->b_error = error;
2305 bp->b_ioflags |= BIO_ERROR;
2306 bufdone(bp);
2307 return (0);
2308 }
2309 if ((long)bp->b_blkno == -1)
2310 vfs_bio_clrbuf(bp);
2311 }
2312 if ((long)bp->b_blkno == -1) {
2313 bufdone(bp);
2314 return (0);
2315 }
2316 bp->b_iooffset = dbtob(bp->b_blkno);
2317 bo = ip->i_umbufobj;
2318 BO_STRATEGY(bo, bp);
2319 return (0);
2320 }
2321
2322 /*
2323 * Print out the contents of an inode.
2324 */
2325 static int
2326 ufs_print(ap)
2327 struct vop_print_args /* {
2328 struct vnode *a_vp;
2329 } */ *ap;
2330 {
2331 struct vnode *vp = ap->a_vp;
2332 struct inode *ip = VTOI(vp);
2333
2334 printf("\tino %lu, on dev %s", (u_long)ip->i_number,
2335 devtoname(ip->i_dev));
2336 if (vp->v_type == VFIFO)
2337 fifo_printinfo(vp);
2338 printf("\n");
2339 return (0);
2340 }
2341
2342 /*
2343 * Close wrapper for fifos.
2344 *
2345 * Update the times on the inode then do device close.
2346 */
2347 static int
2348 ufsfifo_close(ap)
2349 struct vop_close_args /* {
2350 struct vnode *a_vp;
2351 int a_fflag;
2352 struct ucred *a_cred;
2353 struct thread *a_td;
2354 } */ *ap;
2355 {
2356 struct vnode *vp = ap->a_vp;
2357 int usecount;
2358
2359 VI_LOCK(vp);
2360 usecount = vp->v_usecount;
2361 if (usecount > 1)
2362 ufs_itimes_locked(vp);
2363 VI_UNLOCK(vp);
2364 return (fifo_specops.vop_close(ap));
2365 }
2366
2367 /*
2368 * Kqfilter wrapper for fifos.
2369 *
2370 * Fall through to ufs kqfilter routines if needed
2371 */
2372 static int
2373 ufsfifo_kqfilter(ap)
2374 struct vop_kqfilter_args *ap;
2375 {
2376 int error;
2377
2378 error = fifo_specops.vop_kqfilter(ap);
2379 if (error)
2380 error = vfs_kqfilter(ap);
2381 return (error);
2382 }
2383
2384 /*
2385 * Return POSIX pathconf information applicable to fifos.
2386 */
2387 static int
2388 ufsfifo_pathconf(ap)
2389 struct vop_pathconf_args /* {
2390 struct vnode *a_vp;
2391 int a_name;
2392 int *a_retval;
2393 } */ *ap;
2394 {
2395
2396 switch (ap->a_name) {
2397 case _PC_ACL_EXTENDED:
2398 case _PC_ACL_NFS4:
2399 case _PC_ACL_PATH_MAX:
2400 case _PC_MAC_PRESENT:
2401 return (ufs_pathconf(ap));
2402 default:
2403 return (fifo_specops.vop_pathconf(ap));
2404 }
2405 /* NOTREACHED */
2406 }
2407
2408 /*
2409 * Return POSIX pathconf information applicable to ufs filesystems.
2410 */
2411 static int
2412 ufs_pathconf(ap)
2413 struct vop_pathconf_args /* {
2414 struct vnode *a_vp;
2415 int a_name;
2416 int *a_retval;
2417 } */ *ap;
2418 {
2419 int error;
2420
2421 error = 0;
2422 switch (ap->a_name) {
2423 case _PC_LINK_MAX:
2424 *ap->a_retval = LINK_MAX;
2425 break;
2426 case _PC_NAME_MAX:
2427 *ap->a_retval = NAME_MAX;
2428 break;
2429 case _PC_PATH_MAX:
2430 *ap->a_retval = PATH_MAX;
2431 break;
2432 case _PC_PIPE_BUF:
2433 *ap->a_retval = PIPE_BUF;
2434 break;
2435 case _PC_CHOWN_RESTRICTED:
2436 *ap->a_retval = 1;
2437 break;
2438 case _PC_NO_TRUNC:
2439 *ap->a_retval = 1;
2440 break;
2441 case _PC_ACL_EXTENDED:
2442 #ifdef UFS_ACL
2443 if (ap->a_vp->v_mount->mnt_flag & MNT_ACLS)
2444 *ap->a_retval = 1;
2445 else
2446 *ap->a_retval = 0;
2447 #else
2448 *ap->a_retval = 0;
2449 #endif
2450 break;
2451
2452 case _PC_ACL_NFS4:
2453 #ifdef UFS_ACL
2454 if (ap->a_vp->v_mount->mnt_flag & MNT_NFS4ACLS)
2455 *ap->a_retval = 1;
2456 else
2457 *ap->a_retval = 0;
2458 #else
2459 *ap->a_retval = 0;
2460 #endif
2461 break;
2462
2463 case _PC_ACL_PATH_MAX:
2464 #ifdef UFS_ACL
2465 if (ap->a_vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS))
2466 *ap->a_retval = ACL_MAX_ENTRIES;
2467 else
2468 *ap->a_retval = 3;
2469 #else
2470 *ap->a_retval = 3;
2471 #endif
2472 break;
2473 case _PC_MAC_PRESENT:
2474 #ifdef MAC
2475 if (ap->a_vp->v_mount->mnt_flag & MNT_MULTILABEL)
2476 *ap->a_retval = 1;
2477 else
2478 *ap->a_retval = 0;
2479 #else
2480 *ap->a_retval = 0;
2481 #endif
2482 break;
2483 case _PC_MIN_HOLE_SIZE:
2484 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize;
2485 break;
2486 case _PC_ASYNC_IO:
2487 /* _PC_ASYNC_IO should have been handled by upper layers. */
2488 KASSERT(0, ("_PC_ASYNC_IO should not get here"));
2489 error = EINVAL;
2490 break;
2491 case _PC_PRIO_IO:
2492 *ap->a_retval = 0;
2493 break;
2494 case _PC_SYNC_IO:
2495 *ap->a_retval = 0;
2496 break;
2497 case _PC_ALLOC_SIZE_MIN:
2498 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_bsize;
2499 break;
2500 case _PC_FILESIZEBITS:
2501 *ap->a_retval = 64;
2502 break;
2503 case _PC_REC_INCR_XFER_SIZE:
2504 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize;
2505 break;
2506 case _PC_REC_MAX_XFER_SIZE:
2507 *ap->a_retval = -1; /* means ``unlimited'' */
2508 break;
2509 case _PC_REC_MIN_XFER_SIZE:
2510 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize;
2511 break;
2512 case _PC_REC_XFER_ALIGN:
2513 *ap->a_retval = PAGE_SIZE;
2514 break;
2515 case _PC_SYMLINK_MAX:
2516 *ap->a_retval = MAXPATHLEN;
2517 break;
2518
2519 default:
2520 error = EINVAL;
2521 break;
2522 }
2523 return (error);
2524 }
2525
2526 /*
2527 * Initialize the vnode associated with a new inode, handle aliased
2528 * vnodes.
2529 */
2530 int
2531 ufs_vinit(mntp, fifoops, vpp)
2532 struct mount *mntp;
2533 struct vop_vector *fifoops;
2534 struct vnode **vpp;
2535 {
2536 struct inode *ip;
2537 struct vnode *vp;
2538
2539 vp = *vpp;
2540 ip = VTOI(vp);
2541 vp->v_type = IFTOVT(ip->i_mode);
2542 if (vp->v_type == VFIFO)
2543 vp->v_op = fifoops;
2544 ASSERT_VOP_LOCKED(vp, "ufs_vinit");
2545 if (ip->i_number == ROOTINO)
2546 vp->v_vflag |= VV_ROOT;
2547 *vpp = vp;
2548 return (0);
2549 }
2550
2551 /*
2552 * Allocate a new inode.
2553 * Vnode dvp must be locked.
2554 */
2555 static int
2556 ufs_makeinode(mode, dvp, vpp, cnp)
2557 int mode;
2558 struct vnode *dvp;
2559 struct vnode **vpp;
2560 struct componentname *cnp;
2561 {
2562 struct inode *ip, *pdir;
2563 struct direct newdir;
2564 struct vnode *tvp;
2565 int error;
2566
2567 pdir = VTOI(dvp);
2568 #ifdef INVARIANTS
2569 if ((cnp->cn_flags & HASBUF) == 0)
2570 panic("ufs_makeinode: no name");
2571 #endif
2572 *vpp = NULL;
2573 if ((mode & IFMT) == 0)
2574 mode |= IFREG;
2575
2576 if (VTOI(dvp)->i_effnlink < 2)
2577 panic("ufs_makeinode: Bad link count %d on parent",
2578 VTOI(dvp)->i_effnlink);
2579 error = UFS_VALLOC(dvp, mode, cnp->cn_cred, &tvp);
2580 if (error)
2581 return (error);
2582 ip = VTOI(tvp);
2583 ip->i_gid = pdir->i_gid;
2584 DIP_SET(ip, i_gid, pdir->i_gid);
2585 #ifdef SUIDDIR
2586 {
2587 #ifdef QUOTA
2588 struct ucred ucred, *ucp;
2589 gid_t ucred_group;
2590 ucp = cnp->cn_cred;
2591 #endif
2592 /*
2593 * If we are not the owner of the directory,
2594 * and we are hacking owners here, (only do this where told to)
2595 * and we are not giving it TO root, (would subvert quotas)
2596 * then go ahead and give it to the other user.
2597 * Note that this drops off the execute bits for security.
2598 */
2599 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) &&
2600 (pdir->i_mode & ISUID) &&
2601 (pdir->i_uid != cnp->cn_cred->cr_uid) && pdir->i_uid) {
2602 ip->i_uid = pdir->i_uid;
2603 DIP_SET(ip, i_uid, ip->i_uid);
2604 mode &= ~07111;
2605 #ifdef QUOTA
2606 /*
2607 * Make sure the correct user gets charged
2608 * for the space.
2609 * Quickly knock up a dummy credential for the victim.
2610 * XXX This seems to never be accessed out of our
2611 * context so a stack variable is ok.
2612 */
2613 refcount_init(&ucred.cr_ref, 1);
2614 ucred.cr_uid = ip->i_uid;
2615 ucred.cr_ngroups = 1;
2616 ucred.cr_groups = &ucred_group;
2617 ucred.cr_groups[0] = pdir->i_gid;
2618 ucp = &ucred;
2619 #endif
2620 } else {
2621 ip->i_uid = cnp->cn_cred->cr_uid;
2622 DIP_SET(ip, i_uid, ip->i_uid);
2623 }
2624
2625 #ifdef QUOTA
2626 if ((error = getinoquota(ip)) ||
2627 (error = chkiq(ip, 1, ucp, 0))) {
2628 if (DOINGSOFTDEP(tvp))
2629 softdep_revert_link(pdir, ip);
2630 UFS_VFREE(tvp, ip->i_number, mode);
2631 vput(tvp);
2632 return (error);
2633 }
2634 #endif
2635 }
2636 #else /* !SUIDDIR */
2637 ip->i_uid = cnp->cn_cred->cr_uid;
2638 DIP_SET(ip, i_uid, ip->i_uid);
2639 #ifdef QUOTA
2640 if ((error = getinoquota(ip)) ||
2641 (error = chkiq(ip, 1, cnp->cn_cred, 0))) {
2642 if (DOINGSOFTDEP(tvp))
2643 softdep_revert_link(pdir, ip);
2644 UFS_VFREE(tvp, ip->i_number, mode);
2645 vput(tvp);
2646 return (error);
2647 }
2648 #endif
2649 #endif /* !SUIDDIR */
2650 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE;
2651 ip->i_mode = mode;
2652 DIP_SET(ip, i_mode, mode);
2653 tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */
2654 ip->i_effnlink = 1;
2655 ip->i_nlink = 1;
2656 DIP_SET(ip, i_nlink, 1);
2657 if (DOINGSOFTDEP(tvp))
2658 softdep_setup_create(VTOI(dvp), ip);
2659 if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) &&
2660 priv_check_cred(cnp->cn_cred, PRIV_VFS_SETGID, 0)) {
2661 ip->i_mode &= ~ISGID;
2662 DIP_SET(ip, i_mode, ip->i_mode);
2663 }
2664
2665 if (cnp->cn_flags & ISWHITEOUT) {
2666 ip->i_flags |= UF_OPAQUE;
2667 DIP_SET(ip, i_flags, ip->i_flags);
2668 }
2669
2670 /*
2671 * Make sure inode goes to disk before directory entry.
2672 */
2673 error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(tvp) | DOINGASYNC(tvp)));
2674 if (error)
2675 goto bad;
2676 #ifdef MAC
2677 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) {
2678 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount,
2679 dvp, tvp, cnp);
2680 if (error)
2681 goto bad;
2682 }
2683 #endif
2684 #ifdef UFS_ACL
2685 if (dvp->v_mount->mnt_flag & MNT_ACLS) {
2686 error = ufs_do_posix1e_acl_inheritance_file(dvp, tvp, mode,
2687 cnp->cn_cred, cnp->cn_thread);
2688 if (error)
2689 goto bad;
2690 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) {
2691 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, mode,
2692 cnp->cn_cred, cnp->cn_thread);
2693 if (error)
2694 goto bad;
2695 }
2696 #endif /* !UFS_ACL */
2697 ufs_makedirentry(ip, cnp, &newdir);
2698 error = ufs_direnter(dvp, tvp, &newdir, cnp, NULL, 0);
2699 if (error)
2700 goto bad;
2701 *vpp = tvp;
2702 return (0);
2703
2704 bad:
2705 /*
2706 * Write error occurred trying to update the inode
2707 * or the directory so must deallocate the inode.
2708 */
2709 ip->i_effnlink = 0;
2710 ip->i_nlink = 0;
2711 DIP_SET(ip, i_nlink, 0);
2712 ip->i_flag |= IN_CHANGE;
2713 if (DOINGSOFTDEP(tvp))
2714 softdep_revert_create(VTOI(dvp), ip);
2715 vput(tvp);
2716 return (error);
2717 }
2718
2719 static int
2720 ufs_ioctl(struct vop_ioctl_args *ap)
2721 {
2722
2723 switch (ap->a_command) {
2724 case FIOSEEKDATA:
2725 case FIOSEEKHOLE:
2726 return (vn_bmap_seekhole(ap->a_vp, ap->a_command,
2727 (off_t *)ap->a_data, ap->a_cred));
2728 default:
2729 return (ENOTTY);
2730 }
2731 }
2732
2733 /* Global vfs data structures for ufs. */
2734 struct vop_vector ufs_vnodeops = {
2735 .vop_default = &default_vnodeops,
2736 .vop_fsync = VOP_PANIC,
2737 .vop_read = VOP_PANIC,
2738 .vop_reallocblks = VOP_PANIC,
2739 .vop_write = VOP_PANIC,
2740 .vop_accessx = ufs_accessx,
2741 .vop_bmap = ufs_bmap,
2742 .vop_cachedlookup = ufs_lookup,
2743 .vop_close = ufs_close,
2744 .vop_create = ufs_create,
2745 .vop_getattr = ufs_getattr,
2746 .vop_inactive = ufs_inactive,
2747 .vop_ioctl = ufs_ioctl,
2748 .vop_link = ufs_link,
2749 .vop_lookup = vfs_cache_lookup,
2750 .vop_markatime = ufs_markatime,
2751 .vop_mkdir = ufs_mkdir,
2752 .vop_mknod = ufs_mknod,
2753 .vop_open = ufs_open,
2754 .vop_pathconf = ufs_pathconf,
2755 .vop_poll = vop_stdpoll,
2756 .vop_print = ufs_print,
2757 .vop_readdir = ufs_readdir,
2758 .vop_readlink = ufs_readlink,
2759 .vop_reclaim = ufs_reclaim,
2760 .vop_remove = ufs_remove,
2761 .vop_rename = ufs_rename,
2762 .vop_rmdir = ufs_rmdir,
2763 .vop_setattr = ufs_setattr,
2764 #ifdef MAC
2765 .vop_setlabel = vop_stdsetlabel_ea,
2766 #endif
2767 .vop_strategy = ufs_strategy,
2768 .vop_symlink = ufs_symlink,
2769 .vop_whiteout = ufs_whiteout,
2770 #ifdef UFS_EXTATTR
2771 .vop_getextattr = ufs_getextattr,
2772 .vop_deleteextattr = ufs_deleteextattr,
2773 .vop_setextattr = ufs_setextattr,
2774 #endif
2775 #ifdef UFS_ACL
2776 .vop_getacl = ufs_getacl,
2777 .vop_setacl = ufs_setacl,
2778 .vop_aclcheck = ufs_aclcheck,
2779 #endif
2780 };
2781
2782 struct vop_vector ufs_fifoops = {
2783 .vop_default = &fifo_specops,
2784 .vop_fsync = VOP_PANIC,
2785 .vop_accessx = ufs_accessx,
2786 .vop_close = ufsfifo_close,
2787 .vop_getattr = ufs_getattr,
2788 .vop_inactive = ufs_inactive,
2789 .vop_kqfilter = ufsfifo_kqfilter,
2790 .vop_markatime = ufs_markatime,
2791 .vop_pathconf = ufsfifo_pathconf,
2792 .vop_print = ufs_print,
2793 .vop_read = VOP_PANIC,
2794 .vop_reclaim = ufs_reclaim,
2795 .vop_setattr = ufs_setattr,
2796 #ifdef MAC
2797 .vop_setlabel = vop_stdsetlabel_ea,
2798 #endif
2799 .vop_write = VOP_PANIC,
2800 #ifdef UFS_EXTATTR
2801 .vop_getextattr = ufs_getextattr,
2802 .vop_deleteextattr = ufs_deleteextattr,
2803 .vop_setextattr = ufs_setextattr,
2804 #endif
2805 #ifdef UFS_ACL
2806 .vop_getacl = ufs_getacl,
2807 .vop_setacl = ufs_setacl,
2808 .vop_aclcheck = ufs_aclcheck,
2809 #endif
2810 };
Cache object: 737c2ae17c059c0319cb084bec0c175a
|