1 /*-
2 * Copyright (c) 1982, 1986, 1989, 1993, 1995
3 * The Regents of the University of California. All rights reserved.
4 * (c) UNIX System Laboratories, Inc.
5 * All or some portions of this file are derived from material licensed
6 * to the University of California by American Telephone and Telegraph
7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
8 * the permission of UNIX System Laboratories, Inc.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 4. Neither the name of the University nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *
34 * @(#)ufs_vnops.c 8.27 (Berkeley) 5/27/95
35 */
36
37 #include <sys/cdefs.h>
38 __FBSDID("$FreeBSD: releng/6.1/sys/ufs/ufs/ufs_vnops.c 158179 2006-04-30 16:44:43Z cvs2svn $");
39
40 #include "opt_mac.h"
41 #include "opt_quota.h"
42 #include "opt_suiddir.h"
43 #include "opt_ufs.h"
44 #include "opt_ffs.h"
45
46 #include <sys/param.h>
47 #include <sys/systm.h>
48 #include <sys/malloc.h>
49 #include <sys/namei.h>
50 #include <sys/kernel.h>
51 #include <sys/fcntl.h>
52 #include <sys/stat.h>
53 #include <sys/bio.h>
54 #include <sys/buf.h>
55 #include <sys/mount.h>
56 #include <sys/unistd.h>
57 #include <sys/vnode.h>
58 #include <sys/dirent.h>
59 #include <sys/lockf.h>
60 #include <sys/conf.h>
61 #include <sys/acl.h>
62 #include <sys/mac.h>
63 #include <sys/jail.h>
64
65 #include <machine/mutex.h>
66
67 #include <sys/file.h> /* XXX */
68
69 #include <vm/vm.h>
70 #include <vm/vm_extern.h>
71
72 #include <fs/fifofs/fifo.h>
73
74 #include <ufs/ufs/acl.h>
75 #include <ufs/ufs/extattr.h>
76 #include <ufs/ufs/quota.h>
77 #include <ufs/ufs/inode.h>
78 #include <ufs/ufs/dir.h>
79 #include <ufs/ufs/ufsmount.h>
80 #include <ufs/ufs/ufs_extern.h>
81 #ifdef UFS_DIRHASH
82 #include <ufs/ufs/dirhash.h>
83 #endif
84
85 #include <ufs/ffs/ffs_extern.h>
86
87 static vop_access_t ufs_access;
88 static vop_advlock_t ufs_advlock;
89 static int ufs_chmod(struct vnode *, int, struct ucred *, struct thread *);
90 static int ufs_chown(struct vnode *, uid_t, gid_t, struct ucred *, struct thread *);
91 static vop_close_t ufs_close;
92 static vop_create_t ufs_create;
93 static vop_getattr_t ufs_getattr;
94 static vop_link_t ufs_link;
95 static int ufs_makeinode(int mode, struct vnode *, struct vnode **, struct componentname *);
96 static vop_mkdir_t ufs_mkdir;
97 static vop_mknod_t ufs_mknod;
98 static vop_open_t ufs_open;
99 static vop_pathconf_t ufs_pathconf;
100 static vop_print_t ufs_print;
101 static vop_readlink_t ufs_readlink;
102 static vop_remove_t ufs_remove;
103 static vop_rename_t ufs_rename;
104 static vop_rmdir_t ufs_rmdir;
105 static vop_setattr_t ufs_setattr;
106 static vop_strategy_t ufs_strategy;
107 static vop_symlink_t ufs_symlink;
108 static vop_whiteout_t ufs_whiteout;
109 static vop_close_t ufsfifo_close;
110 static vop_kqfilter_t ufsfifo_kqfilter;
111
112 /*
113 * A virgin directory (no blushing please).
114 */
115 static struct dirtemplate mastertemplate = {
116 0, 12, DT_DIR, 1, ".",
117 0, DIRBLKSIZ - 12, DT_DIR, 2, ".."
118 };
119 static struct odirtemplate omastertemplate = {
120 0, 12, 1, ".",
121 0, DIRBLKSIZ - 12, 2, ".."
122 };
123
124 void
125 ufs_itimes(vp)
126 struct vnode *vp;
127 {
128 struct inode *ip;
129 struct timespec ts;
130
131 ip = VTOI(vp);
132 if ((ip->i_flag & (IN_ACCESS | IN_CHANGE | IN_UPDATE)) == 0)
133 return;
134 if ((vp->v_type == VBLK || vp->v_type == VCHR) && !DOINGSOFTDEP(vp))
135 ip->i_flag |= IN_LAZYMOD;
136 else
137 ip->i_flag |= IN_MODIFIED;
138 if ((vp->v_mount->mnt_flag & MNT_RDONLY) == 0) {
139 vfs_timestamp(&ts);
140 if (ip->i_flag & IN_ACCESS) {
141 DIP_SET(ip, i_atime, ts.tv_sec);
142 DIP_SET(ip, i_atimensec, ts.tv_nsec);
143 }
144 if (ip->i_flag & IN_UPDATE) {
145 DIP_SET(ip, i_mtime, ts.tv_sec);
146 DIP_SET(ip, i_mtimensec, ts.tv_nsec);
147 ip->i_modrev++;
148 }
149 if (ip->i_flag & IN_CHANGE) {
150 DIP_SET(ip, i_ctime, ts.tv_sec);
151 DIP_SET(ip, i_ctimensec, ts.tv_nsec);
152 }
153 }
154 ip->i_flag &= ~(IN_ACCESS | IN_CHANGE | IN_UPDATE);
155 }
156
157 /*
158 * Create a regular file
159 */
160 static int
161 ufs_create(ap)
162 struct vop_create_args /* {
163 struct vnode *a_dvp;
164 struct vnode **a_vpp;
165 struct componentname *a_cnp;
166 struct vattr *a_vap;
167 } */ *ap;
168 {
169 int error;
170
171 error =
172 ufs_makeinode(MAKEIMODE(ap->a_vap->va_type, ap->a_vap->va_mode),
173 ap->a_dvp, ap->a_vpp, ap->a_cnp);
174 if (error)
175 return (error);
176 return (0);
177 }
178
179 /*
180 * Mknod vnode call
181 */
182 /* ARGSUSED */
183 static int
184 ufs_mknod(ap)
185 struct vop_mknod_args /* {
186 struct vnode *a_dvp;
187 struct vnode **a_vpp;
188 struct componentname *a_cnp;
189 struct vattr *a_vap;
190 } */ *ap;
191 {
192 struct vattr *vap = ap->a_vap;
193 struct vnode **vpp = ap->a_vpp;
194 struct inode *ip;
195 ino_t ino;
196 int error;
197
198 error = ufs_makeinode(MAKEIMODE(vap->va_type, vap->va_mode),
199 ap->a_dvp, vpp, ap->a_cnp);
200 if (error)
201 return (error);
202 ip = VTOI(*vpp);
203 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE;
204 if (vap->va_rdev != VNOVAL) {
205 /*
206 * Want to be able to use this to make badblock
207 * inodes, so don't truncate the dev number.
208 */
209 DIP_SET(ip, i_rdev, vap->va_rdev);
210 }
211 /*
212 * Remove inode, then reload it through VFS_VGET so it is
213 * checked to see if it is an alias of an existing entry in
214 * the inode cache. XXX I don't believe this is necessary now.
215 */
216 (*vpp)->v_type = VNON;
217 ino = ip->i_number; /* Save this before vgone() invalidates ip. */
218 vgone(*vpp);
219 vput(*vpp);
220 error = VFS_VGET(ap->a_dvp->v_mount, ino, LK_EXCLUSIVE, vpp);
221 if (error) {
222 *vpp = NULL;
223 return (error);
224 }
225 return (0);
226 }
227
228 /*
229 * Open called.
230 */
231 /* ARGSUSED */
232 static int
233 ufs_open(struct vop_open_args *ap)
234 {
235 struct vnode *vp = ap->a_vp;
236 struct inode *ip;
237
238 if (vp->v_type == VCHR || vp->v_type == VBLK)
239 return (EOPNOTSUPP);
240
241 ip = VTOI(vp);
242 /*
243 * Files marked append-only must be opened for appending.
244 */
245 if ((ip->i_flags & APPEND) &&
246 (ap->a_mode & (FWRITE | O_APPEND)) == FWRITE)
247 return (EPERM);
248 vnode_create_vobject_off(vp, DIP(ip, i_size), ap->a_td);
249 return (0);
250 }
251
252 /*
253 * Close called.
254 *
255 * Update the times on the inode.
256 */
257 /* ARGSUSED */
258 static int
259 ufs_close(ap)
260 struct vop_close_args /* {
261 struct vnode *a_vp;
262 int a_fflag;
263 struct ucred *a_cred;
264 struct thread *a_td;
265 } */ *ap;
266 {
267 struct vnode *vp = ap->a_vp;
268
269 VI_LOCK(vp);
270 if (vp->v_usecount > 1)
271 ufs_itimes(vp);
272 VI_UNLOCK(vp);
273 return (0);
274 }
275
276 static int
277 ufs_access(ap)
278 struct vop_access_args /* {
279 struct vnode *a_vp;
280 int a_mode;
281 struct ucred *a_cred;
282 struct thread *a_td;
283 } */ *ap;
284 {
285 struct vnode *vp = ap->a_vp;
286 struct inode *ip = VTOI(vp);
287 mode_t mode = ap->a_mode;
288 int error;
289 #ifdef UFS_ACL
290 struct acl *acl;
291 #endif
292
293 /*
294 * Disallow write attempts on read-only filesystems;
295 * unless the file is a socket, fifo, or a block or
296 * character device resident on the filesystem.
297 */
298 if (mode & VWRITE) {
299 switch (vp->v_type) {
300 case VDIR:
301 case VLNK:
302 case VREG:
303 if (vp->v_mount->mnt_flag & MNT_RDONLY)
304 return (EROFS);
305 #ifdef QUOTA
306 if ((error = getinoquota(ip)) != 0)
307 return (error);
308 #endif
309 break;
310 default:
311 break;
312 }
313 }
314
315 /* If immutable bit set, nobody gets to write it. */
316 if ((mode & VWRITE) && (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT)))
317 return (EPERM);
318
319 #ifdef UFS_ACL
320 if ((vp->v_mount->mnt_flag & MNT_ACLS) != 0) {
321 acl = uma_zalloc(acl_zone, M_WAITOK);
322 error = VOP_GETACL(vp, ACL_TYPE_ACCESS, acl, ap->a_cred,
323 ap->a_td);
324 switch (error) {
325 case EOPNOTSUPP:
326 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid,
327 ip->i_gid, ap->a_mode, ap->a_cred, NULL);
328 break;
329 case 0:
330 error = vaccess_acl_posix1e(vp->v_type, ip->i_uid,
331 ip->i_gid, acl, ap->a_mode, ap->a_cred, NULL);
332 break;
333 default:
334 printf(
335 "ufs_access(): Error retrieving ACL on object (%d).\n",
336 error);
337 /*
338 * XXX: Fall back until debugged. Should
339 * eventually possibly log an error, and return
340 * EPERM for safety.
341 */
342 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid,
343 ip->i_gid, ap->a_mode, ap->a_cred, NULL);
344 }
345 uma_zfree(acl_zone, acl);
346 } else
347 #endif /* !UFS_ACL */
348 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, ip->i_gid,
349 ap->a_mode, ap->a_cred, NULL);
350 return (error);
351 }
352
353 /* ARGSUSED */
354 static int
355 ufs_getattr(ap)
356 struct vop_getattr_args /* {
357 struct vnode *a_vp;
358 struct vattr *a_vap;
359 struct ucred *a_cred;
360 struct thread *a_td;
361 } */ *ap;
362 {
363 struct vnode *vp = ap->a_vp;
364 struct inode *ip = VTOI(vp);
365 struct vattr *vap = ap->a_vap;
366
367 ufs_itimes(vp);
368 /*
369 * Copy from inode table
370 */
371 vap->va_fsid = dev2udev(ip->i_dev);
372 vap->va_fileid = ip->i_number;
373 vap->va_mode = ip->i_mode & ~IFMT;
374 vap->va_nlink = ip->i_effnlink;
375 vap->va_uid = ip->i_uid;
376 vap->va_gid = ip->i_gid;
377 if (ip->i_ump->um_fstype == UFS1) {
378 vap->va_rdev = ip->i_din1->di_rdev;
379 vap->va_size = ip->i_din1->di_size;
380 vap->va_atime.tv_sec = ip->i_din1->di_atime;
381 vap->va_atime.tv_nsec = ip->i_din1->di_atimensec;
382 vap->va_mtime.tv_sec = ip->i_din1->di_mtime;
383 vap->va_mtime.tv_nsec = ip->i_din1->di_mtimensec;
384 vap->va_ctime.tv_sec = ip->i_din1->di_ctime;
385 vap->va_ctime.tv_nsec = ip->i_din1->di_ctimensec;
386 vap->va_birthtime.tv_sec = 0;
387 vap->va_birthtime.tv_nsec = 0;
388 vap->va_bytes = dbtob((u_quad_t)ip->i_din1->di_blocks);
389 } else {
390 vap->va_rdev = ip->i_din2->di_rdev;
391 vap->va_size = ip->i_din2->di_size;
392 vap->va_atime.tv_sec = ip->i_din2->di_atime;
393 vap->va_atime.tv_nsec = ip->i_din2->di_atimensec;
394 vap->va_mtime.tv_sec = ip->i_din2->di_mtime;
395 vap->va_mtime.tv_nsec = ip->i_din2->di_mtimensec;
396 vap->va_ctime.tv_sec = ip->i_din2->di_ctime;
397 vap->va_ctime.tv_nsec = ip->i_din2->di_ctimensec;
398 vap->va_birthtime.tv_sec = ip->i_din2->di_birthtime;
399 vap->va_birthtime.tv_nsec = ip->i_din2->di_birthnsec;
400 vap->va_bytes = dbtob((u_quad_t)ip->i_din2->di_blocks);
401 }
402 vap->va_flags = ip->i_flags;
403 vap->va_gen = ip->i_gen;
404 vap->va_blocksize = vp->v_mount->mnt_stat.f_iosize;
405 vap->va_type = IFTOVT(ip->i_mode);
406 vap->va_filerev = ip->i_modrev;
407 return (0);
408 }
409
410 /*
411 * Set attribute vnode op. called from several syscalls
412 */
413 static int
414 ufs_setattr(ap)
415 struct vop_setattr_args /* {
416 struct vnode *a_vp;
417 struct vattr *a_vap;
418 struct ucred *a_cred;
419 struct thread *a_td;
420 } */ *ap;
421 {
422 struct vattr *vap = ap->a_vap;
423 struct vnode *vp = ap->a_vp;
424 struct inode *ip = VTOI(vp);
425 struct ucred *cred = ap->a_cred;
426 struct thread *td = ap->a_td;
427 int error;
428
429 /*
430 * Check for unsettable attributes.
431 */
432 if ((vap->va_type != VNON) || (vap->va_nlink != VNOVAL) ||
433 (vap->va_fsid != VNOVAL) || (vap->va_fileid != VNOVAL) ||
434 (vap->va_blocksize != VNOVAL) || (vap->va_rdev != VNOVAL) ||
435 ((int)vap->va_bytes != VNOVAL) || (vap->va_gen != VNOVAL)) {
436 return (EINVAL);
437 }
438 /*
439 * Mark for update the file's access time for vfs_mark_atime().
440 * We are doing this here to avoid some of the checks done
441 * below -- this operation is done by request of the kernel and
442 * should bypass some security checks. Things like read-only
443 * checks get handled by other levels (e.g., ffs_update()).
444 */
445 if (vap->va_vaflags & VA_MARK_ATIME) {
446 ip->i_flag |= IN_ACCESS;
447 return (0);
448 }
449 if (vap->va_flags != VNOVAL) {
450 if (vp->v_mount->mnt_flag & MNT_RDONLY)
451 return (EROFS);
452 /*
453 * Callers may only modify the file flags on objects they
454 * have VADMIN rights for.
455 */
456 if ((error = VOP_ACCESS(vp, VADMIN, cred, td)))
457 return (error);
458 /*
459 * Unprivileged processes are not permitted to unset system
460 * flags, or modify flags if any system flags are set.
461 * Privileged non-jail processes may not modify system flags
462 * if securelevel > 0 and any existing system flags are set.
463 * Privileged jail processes behave like privileged non-jail
464 * processes if the security.jail.chflags_allowed sysctl is
465 * is non-zero; otherwise, they behave like unprivileged
466 * processes.
467 */
468 if (!suser_cred(cred,
469 jail_chflags_allowed ? SUSER_ALLOWJAIL : 0)) {
470 if (ip->i_flags
471 & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) {
472 error = securelevel_gt(cred, 0);
473 if (error)
474 return (error);
475 }
476 /* Snapshot flag cannot be set or cleared */
477 if (((vap->va_flags & SF_SNAPSHOT) != 0 &&
478 (ip->i_flags & SF_SNAPSHOT) == 0) ||
479 ((vap->va_flags & SF_SNAPSHOT) == 0 &&
480 (ip->i_flags & SF_SNAPSHOT) != 0))
481 return (EPERM);
482 ip->i_flags = vap->va_flags;
483 DIP_SET(ip, i_flags, vap->va_flags);
484 } else {
485 if (ip->i_flags
486 & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND) ||
487 (vap->va_flags & UF_SETTABLE) != vap->va_flags)
488 return (EPERM);
489 ip->i_flags &= SF_SETTABLE;
490 ip->i_flags |= (vap->va_flags & UF_SETTABLE);
491 DIP_SET(ip, i_flags, ip->i_flags);
492 }
493 ip->i_flag |= IN_CHANGE;
494 if (vap->va_flags & (IMMUTABLE | APPEND))
495 return (0);
496 }
497 if (ip->i_flags & (IMMUTABLE | APPEND))
498 return (EPERM);
499 /*
500 * Go through the fields and update iff not VNOVAL.
501 */
502 if (vap->va_uid != (uid_t)VNOVAL || vap->va_gid != (gid_t)VNOVAL) {
503 if (vp->v_mount->mnt_flag & MNT_RDONLY)
504 return (EROFS);
505 if ((error = ufs_chown(vp, vap->va_uid, vap->va_gid, cred,
506 td)) != 0)
507 return (error);
508 }
509 if (vap->va_size != VNOVAL) {
510 /*
511 * Disallow write attempts on read-only filesystems;
512 * unless the file is a socket, fifo, or a block or
513 * character device resident on the filesystem.
514 */
515 switch (vp->v_type) {
516 case VDIR:
517 return (EISDIR);
518 case VLNK:
519 case VREG:
520 if (vp->v_mount->mnt_flag & MNT_RDONLY)
521 return (EROFS);
522 if ((ip->i_flags & SF_SNAPSHOT) != 0)
523 return (EPERM);
524 break;
525 default:
526 break;
527 }
528 if ((error = UFS_TRUNCATE(vp, vap->va_size, IO_NORMAL,
529 cred, td)) != 0)
530 return (error);
531 }
532 if (vap->va_atime.tv_sec != VNOVAL ||
533 vap->va_mtime.tv_sec != VNOVAL ||
534 vap->va_birthtime.tv_sec != VNOVAL) {
535 if (vp->v_mount->mnt_flag & MNT_RDONLY)
536 return (EROFS);
537 if ((ip->i_flags & SF_SNAPSHOT) != 0)
538 return (EPERM);
539 /*
540 * From utimes(2):
541 * If times is NULL, ... The caller must be the owner of
542 * the file, have permission to write the file, or be the
543 * super-user.
544 * If times is non-NULL, ... The caller must be the owner of
545 * the file or be the super-user.
546 */
547 if ((error = VOP_ACCESS(vp, VADMIN, cred, td)) &&
548 ((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
549 (error = VOP_ACCESS(vp, VWRITE, cred, td))))
550 return (error);
551 if (vap->va_atime.tv_sec != VNOVAL)
552 ip->i_flag |= IN_ACCESS;
553 if (vap->va_mtime.tv_sec != VNOVAL)
554 ip->i_flag |= IN_CHANGE | IN_UPDATE;
555 if (vap->va_birthtime.tv_sec != VNOVAL &&
556 ip->i_ump->um_fstype == UFS2)
557 ip->i_flag |= IN_MODIFIED;
558 ufs_itimes(vp);
559 if (vap->va_atime.tv_sec != VNOVAL) {
560 DIP_SET(ip, i_atime, vap->va_atime.tv_sec);
561 DIP_SET(ip, i_atimensec, vap->va_atime.tv_nsec);
562 }
563 if (vap->va_mtime.tv_sec != VNOVAL) {
564 DIP_SET(ip, i_mtime, vap->va_mtime.tv_sec);
565 DIP_SET(ip, i_mtimensec, vap->va_mtime.tv_nsec);
566 }
567 if (vap->va_birthtime.tv_sec != VNOVAL &&
568 ip->i_ump->um_fstype == UFS2) {
569 ip->i_din2->di_birthtime = vap->va_birthtime.tv_sec;
570 ip->i_din2->di_birthnsec = vap->va_birthtime.tv_nsec;
571 }
572 error = UFS_UPDATE(vp, 0);
573 if (error)
574 return (error);
575 }
576 error = 0;
577 if (vap->va_mode != (mode_t)VNOVAL) {
578 if (vp->v_mount->mnt_flag & MNT_RDONLY)
579 return (EROFS);
580 if ((ip->i_flags & SF_SNAPSHOT) != 0 && (vap->va_mode &
581 (S_IXUSR | S_IWUSR | S_IXGRP | S_IWGRP | S_IXOTH | S_IWOTH)))
582 return (EPERM);
583 error = ufs_chmod(vp, (int)vap->va_mode, cred, td);
584 }
585 return (error);
586 }
587
588 /*
589 * Change the mode on a file.
590 * Inode must be locked before calling.
591 */
592 static int
593 ufs_chmod(vp, mode, cred, td)
594 struct vnode *vp;
595 int mode;
596 struct ucred *cred;
597 struct thread *td;
598 {
599 struct inode *ip = VTOI(vp);
600 int error;
601
602 /*
603 * To modify the permissions on a file, must possess VADMIN
604 * for that file.
605 */
606 if ((error = VOP_ACCESS(vp, VADMIN, cred, td)))
607 return (error);
608 /*
609 * Privileged processes may set the sticky bit on non-directories,
610 * as well as set the setgid bit on a file with a group that the
611 * process is not a member of. Both of these are allowed in
612 * jail(8).
613 */
614 if (vp->v_type != VDIR && (mode & S_ISTXT)) {
615 if (suser_cred(cred, SUSER_ALLOWJAIL))
616 return (EFTYPE);
617 }
618 if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) {
619 error = suser_cred(cred, SUSER_ALLOWJAIL);
620 if (error)
621 return (error);
622 }
623 ip->i_mode &= ~ALLPERMS;
624 ip->i_mode |= (mode & ALLPERMS);
625 DIP_SET(ip, i_mode, ip->i_mode);
626 ip->i_flag |= IN_CHANGE;
627 return (0);
628 }
629
630 /*
631 * Perform chown operation on inode ip;
632 * inode must be locked prior to call.
633 */
634 static int
635 ufs_chown(vp, uid, gid, cred, td)
636 struct vnode *vp;
637 uid_t uid;
638 gid_t gid;
639 struct ucred *cred;
640 struct thread *td;
641 {
642 struct inode *ip = VTOI(vp);
643 uid_t ouid;
644 gid_t ogid;
645 int error = 0;
646 #ifdef QUOTA
647 int i;
648 ufs2_daddr_t change;
649 #endif
650
651 if (uid == (uid_t)VNOVAL)
652 uid = ip->i_uid;
653 if (gid == (gid_t)VNOVAL)
654 gid = ip->i_gid;
655 /*
656 * To modify the ownership of a file, must possess VADMIN
657 * for that file.
658 */
659 if ((error = VOP_ACCESS(vp, VADMIN, cred, td)))
660 return (error);
661 /*
662 * To change the owner of a file, or change the group of a file
663 * to a group of which we are not a member, the caller must
664 * have privilege.
665 */
666 if ((uid != ip->i_uid ||
667 (gid != ip->i_gid && !groupmember(gid, cred))) &&
668 (error = suser_cred(cred, SUSER_ALLOWJAIL)))
669 return (error);
670 ogid = ip->i_gid;
671 ouid = ip->i_uid;
672 #ifdef QUOTA
673 if ((error = getinoquota(ip)) != 0)
674 return (error);
675 if (ouid == uid) {
676 dqrele(vp, ip->i_dquot[USRQUOTA]);
677 ip->i_dquot[USRQUOTA] = NODQUOT;
678 }
679 if (ogid == gid) {
680 dqrele(vp, ip->i_dquot[GRPQUOTA]);
681 ip->i_dquot[GRPQUOTA] = NODQUOT;
682 }
683 change = DIP(ip, i_blocks);
684 (void) chkdq(ip, -change, cred, CHOWN);
685 (void) chkiq(ip, -1, cred, CHOWN);
686 for (i = 0; i < MAXQUOTAS; i++) {
687 dqrele(vp, ip->i_dquot[i]);
688 ip->i_dquot[i] = NODQUOT;
689 }
690 #endif
691 ip->i_gid = gid;
692 DIP_SET(ip, i_gid, gid);
693 ip->i_uid = uid;
694 DIP_SET(ip, i_uid, uid);
695 #ifdef QUOTA
696 if ((error = getinoquota(ip)) == 0) {
697 if (ouid == uid) {
698 dqrele(vp, ip->i_dquot[USRQUOTA]);
699 ip->i_dquot[USRQUOTA] = NODQUOT;
700 }
701 if (ogid == gid) {
702 dqrele(vp, ip->i_dquot[GRPQUOTA]);
703 ip->i_dquot[GRPQUOTA] = NODQUOT;
704 }
705 if ((error = chkdq(ip, change, cred, CHOWN)) == 0) {
706 if ((error = chkiq(ip, 1, cred, CHOWN)) == 0)
707 goto good;
708 else
709 (void) chkdq(ip, -change, cred, CHOWN|FORCE);
710 }
711 for (i = 0; i < MAXQUOTAS; i++) {
712 dqrele(vp, ip->i_dquot[i]);
713 ip->i_dquot[i] = NODQUOT;
714 }
715 }
716 ip->i_gid = ogid;
717 DIP_SET(ip, i_gid, ogid);
718 ip->i_uid = ouid;
719 DIP_SET(ip, i_uid, ouid);
720 if (getinoquota(ip) == 0) {
721 if (ouid == uid) {
722 dqrele(vp, ip->i_dquot[USRQUOTA]);
723 ip->i_dquot[USRQUOTA] = NODQUOT;
724 }
725 if (ogid == gid) {
726 dqrele(vp, ip->i_dquot[GRPQUOTA]);
727 ip->i_dquot[GRPQUOTA] = NODQUOT;
728 }
729 (void) chkdq(ip, change, cred, FORCE|CHOWN);
730 (void) chkiq(ip, 1, cred, FORCE|CHOWN);
731 (void) getinoquota(ip);
732 }
733 return (error);
734 good:
735 if (getinoquota(ip))
736 panic("ufs_chown: lost quota");
737 #endif /* QUOTA */
738 ip->i_flag |= IN_CHANGE;
739 if (suser_cred(cred, SUSER_ALLOWJAIL) && (ouid != uid || ogid != gid)) {
740 ip->i_mode &= ~(ISUID | ISGID);
741 DIP_SET(ip, i_mode, ip->i_mode);
742 }
743 return (0);
744 }
745
746 static int
747 ufs_remove(ap)
748 struct vop_remove_args /* {
749 struct vnode *a_dvp;
750 struct vnode *a_vp;
751 struct componentname *a_cnp;
752 } */ *ap;
753 {
754 struct inode *ip;
755 struct vnode *vp = ap->a_vp;
756 struct vnode *dvp = ap->a_dvp;
757 int error;
758 struct thread *td;
759
760 td = curthread;
761 ip = VTOI(vp);
762 if ((ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) ||
763 (VTOI(dvp)->i_flags & APPEND)) {
764 error = EPERM;
765 goto out;
766 }
767 error = ufs_dirremove(dvp, ip, ap->a_cnp->cn_flags, 0);
768 if (ip->i_nlink <= 0)
769 vp->v_vflag |= VV_NOSYNC;
770 if ((ip->i_flags & SF_SNAPSHOT) != 0) {
771 /*
772 * Avoid deadlock where another thread is trying to
773 * update the inodeblock for dvp and is waiting on
774 * snaplk. Temporary unlock the vnode lock for the
775 * unlinked file and sync the directory. This should
776 * allow vput() of the directory to not block later on
777 * while holding the snapshot vnode locked, assuming
778 * that the directory hasn't been unlinked too.
779 */
780 VOP_UNLOCK(vp, 0, td);
781 (void) VOP_FSYNC(dvp, MNT_WAIT, td);
782 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
783 }
784 out:
785 return (error);
786 }
787
788 /*
789 * link vnode call
790 */
791 static int
792 ufs_link(ap)
793 struct vop_link_args /* {
794 struct vnode *a_tdvp;
795 struct vnode *a_vp;
796 struct componentname *a_cnp;
797 } */ *ap;
798 {
799 struct vnode *vp = ap->a_vp;
800 struct vnode *tdvp = ap->a_tdvp;
801 struct componentname *cnp = ap->a_cnp;
802 struct inode *ip;
803 struct direct newdir;
804 int error;
805
806 #ifdef DIAGNOSTIC
807 if ((cnp->cn_flags & HASBUF) == 0)
808 panic("ufs_link: no name");
809 #endif
810 if (tdvp->v_mount != vp->v_mount) {
811 error = EXDEV;
812 goto out;
813 }
814 ip = VTOI(vp);
815 if ((nlink_t)ip->i_nlink >= LINK_MAX) {
816 error = EMLINK;
817 goto out;
818 }
819 if (ip->i_flags & (IMMUTABLE | APPEND)) {
820 error = EPERM;
821 goto out;
822 }
823 ip->i_effnlink++;
824 ip->i_nlink++;
825 DIP_SET(ip, i_nlink, ip->i_nlink);
826 ip->i_flag |= IN_CHANGE;
827 if (DOINGSOFTDEP(vp))
828 softdep_change_linkcnt(ip);
829 error = UFS_UPDATE(vp, !(DOINGSOFTDEP(vp) | DOINGASYNC(vp)));
830 if (!error) {
831 ufs_makedirentry(ip, cnp, &newdir);
832 error = ufs_direnter(tdvp, vp, &newdir, cnp, NULL);
833 }
834
835 if (error) {
836 ip->i_effnlink--;
837 ip->i_nlink--;
838 DIP_SET(ip, i_nlink, ip->i_nlink);
839 ip->i_flag |= IN_CHANGE;
840 if (DOINGSOFTDEP(vp))
841 softdep_change_linkcnt(ip);
842 }
843 out:
844 return (error);
845 }
846
847 /*
848 * whiteout vnode call
849 */
850 static int
851 ufs_whiteout(ap)
852 struct vop_whiteout_args /* {
853 struct vnode *a_dvp;
854 struct componentname *a_cnp;
855 int a_flags;
856 } */ *ap;
857 {
858 struct vnode *dvp = ap->a_dvp;
859 struct componentname *cnp = ap->a_cnp;
860 struct direct newdir;
861 int error = 0;
862
863 switch (ap->a_flags) {
864 case LOOKUP:
865 /* 4.4 format directories support whiteout operations */
866 if (dvp->v_mount->mnt_maxsymlinklen > 0)
867 return (0);
868 return (EOPNOTSUPP);
869
870 case CREATE:
871 /* create a new directory whiteout */
872 #ifdef DIAGNOSTIC
873 if ((cnp->cn_flags & SAVENAME) == 0)
874 panic("ufs_whiteout: missing name");
875 if (dvp->v_mount->mnt_maxsymlinklen <= 0)
876 panic("ufs_whiteout: old format filesystem");
877 #endif
878
879 newdir.d_ino = WINO;
880 newdir.d_namlen = cnp->cn_namelen;
881 bcopy(cnp->cn_nameptr, newdir.d_name, (unsigned)cnp->cn_namelen + 1);
882 newdir.d_type = DT_WHT;
883 error = ufs_direnter(dvp, NULL, &newdir, cnp, NULL);
884 break;
885
886 case DELETE:
887 /* remove an existing directory whiteout */
888 #ifdef DIAGNOSTIC
889 if (dvp->v_mount->mnt_maxsymlinklen <= 0)
890 panic("ufs_whiteout: old format filesystem");
891 #endif
892
893 cnp->cn_flags &= ~DOWHITEOUT;
894 error = ufs_dirremove(dvp, NULL, cnp->cn_flags, 0);
895 break;
896 default:
897 panic("ufs_whiteout: unknown op");
898 }
899 return (error);
900 }
901
902 /*
903 * Rename system call.
904 * rename("foo", "bar");
905 * is essentially
906 * unlink("bar");
907 * link("foo", "bar");
908 * unlink("foo");
909 * but ``atomically''. Can't do full commit without saving state in the
910 * inode on disk which isn't feasible at this time. Best we can do is
911 * always guarantee the target exists.
912 *
913 * Basic algorithm is:
914 *
915 * 1) Bump link count on source while we're linking it to the
916 * target. This also ensure the inode won't be deleted out
917 * from underneath us while we work (it may be truncated by
918 * a concurrent `trunc' or `open' for creation).
919 * 2) Link source to destination. If destination already exists,
920 * delete it first.
921 * 3) Unlink source reference to inode if still around. If a
922 * directory was moved and the parent of the destination
923 * is different from the source, patch the ".." entry in the
924 * directory.
925 */
926 static int
927 ufs_rename(ap)
928 struct vop_rename_args /* {
929 struct vnode *a_fdvp;
930 struct vnode *a_fvp;
931 struct componentname *a_fcnp;
932 struct vnode *a_tdvp;
933 struct vnode *a_tvp;
934 struct componentname *a_tcnp;
935 } */ *ap;
936 {
937 struct vnode *tvp = ap->a_tvp;
938 struct vnode *tdvp = ap->a_tdvp;
939 struct vnode *fvp = ap->a_fvp;
940 struct vnode *fdvp = ap->a_fdvp;
941 struct componentname *tcnp = ap->a_tcnp;
942 struct componentname *fcnp = ap->a_fcnp;
943 struct thread *td = fcnp->cn_thread;
944 struct inode *ip, *xp, *dp;
945 struct direct newdir;
946 int doingdirectory = 0, oldparent = 0, newparent = 0;
947 int error = 0, ioflag;
948
949 #ifdef DIAGNOSTIC
950 if ((tcnp->cn_flags & HASBUF) == 0 ||
951 (fcnp->cn_flags & HASBUF) == 0)
952 panic("ufs_rename: no name");
953 #endif
954 /*
955 * Check for cross-device rename.
956 */
957 if ((fvp->v_mount != tdvp->v_mount) ||
958 (tvp && (fvp->v_mount != tvp->v_mount))) {
959 error = EXDEV;
960 abortit:
961 if (tdvp == tvp)
962 vrele(tdvp);
963 else
964 vput(tdvp);
965 if (tvp)
966 vput(tvp);
967 vrele(fdvp);
968 vrele(fvp);
969 return (error);
970 }
971
972 if (tvp && ((VTOI(tvp)->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) ||
973 (VTOI(tdvp)->i_flags & APPEND))) {
974 error = EPERM;
975 goto abortit;
976 }
977
978 /*
979 * Renaming a file to itself has no effect. The upper layers should
980 * not call us in that case. Temporarily just warn if they do.
981 */
982 if (fvp == tvp) {
983 printf("ufs_rename: fvp == tvp (can't happen)\n");
984 error = 0;
985 goto abortit;
986 }
987
988 if ((error = vn_lock(fvp, LK_EXCLUSIVE, td)) != 0)
989 goto abortit;
990 dp = VTOI(fdvp);
991 ip = VTOI(fvp);
992 if (ip->i_nlink >= LINK_MAX) {
993 VOP_UNLOCK(fvp, 0, td);
994 error = EMLINK;
995 goto abortit;
996 }
997 if ((ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))
998 || (dp->i_flags & APPEND)) {
999 VOP_UNLOCK(fvp, 0, td);
1000 error = EPERM;
1001 goto abortit;
1002 }
1003 if ((ip->i_mode & IFMT) == IFDIR) {
1004 /*
1005 * Avoid ".", "..", and aliases of "." for obvious reasons.
1006 */
1007 if ((fcnp->cn_namelen == 1 && fcnp->cn_nameptr[0] == '.') ||
1008 dp == ip || (fcnp->cn_flags | tcnp->cn_flags) & ISDOTDOT ||
1009 (ip->i_flag & IN_RENAME)) {
1010 VOP_UNLOCK(fvp, 0, td);
1011 error = EINVAL;
1012 goto abortit;
1013 }
1014 ip->i_flag |= IN_RENAME;
1015 oldparent = dp->i_number;
1016 doingdirectory = 1;
1017 }
1018 vrele(fdvp);
1019
1020 /*
1021 * When the target exists, both the directory
1022 * and target vnodes are returned locked.
1023 */
1024 dp = VTOI(tdvp);
1025 xp = NULL;
1026 if (tvp)
1027 xp = VTOI(tvp);
1028
1029 /*
1030 * 1) Bump link count while we're moving stuff
1031 * around. If we crash somewhere before
1032 * completing our work, the link count
1033 * may be wrong, but correctable.
1034 */
1035 ip->i_effnlink++;
1036 ip->i_nlink++;
1037 DIP_SET(ip, i_nlink, ip->i_nlink);
1038 ip->i_flag |= IN_CHANGE;
1039 if (DOINGSOFTDEP(fvp))
1040 softdep_change_linkcnt(ip);
1041 if ((error = UFS_UPDATE(fvp, !(DOINGSOFTDEP(fvp) |
1042 DOINGASYNC(fvp)))) != 0) {
1043 VOP_UNLOCK(fvp, 0, td);
1044 goto bad;
1045 }
1046
1047 /*
1048 * If ".." must be changed (ie the directory gets a new
1049 * parent) then the source directory must not be in the
1050 * directory heirarchy above the target, as this would
1051 * orphan everything below the source directory. Also
1052 * the user must have write permission in the source so
1053 * as to be able to change "..". We must repeat the call
1054 * to namei, as the parent directory is unlocked by the
1055 * call to checkpath().
1056 */
1057 error = VOP_ACCESS(fvp, VWRITE, tcnp->cn_cred, tcnp->cn_thread);
1058 VOP_UNLOCK(fvp, 0, td);
1059 if (oldparent != dp->i_number)
1060 newparent = dp->i_number;
1061 if (doingdirectory && newparent) {
1062 if (error) /* write access check above */
1063 goto bad;
1064 if (xp != NULL)
1065 vput(tvp);
1066 error = ufs_checkpath(ip, dp, tcnp->cn_cred);
1067 if (error)
1068 goto out;
1069 if ((tcnp->cn_flags & SAVESTART) == 0)
1070 panic("ufs_rename: lost to startdir");
1071 VREF(tdvp);
1072 error = relookup(tdvp, &tvp, tcnp);
1073 if (error)
1074 goto out;
1075 vrele(tdvp);
1076 dp = VTOI(tdvp);
1077 xp = NULL;
1078 if (tvp)
1079 xp = VTOI(tvp);
1080 }
1081 /*
1082 * 2) If target doesn't exist, link the target
1083 * to the source and unlink the source.
1084 * Otherwise, rewrite the target directory
1085 * entry to reference the source inode and
1086 * expunge the original entry's existence.
1087 */
1088 if (xp == NULL) {
1089 if (dp->i_dev != ip->i_dev)
1090 panic("ufs_rename: EXDEV");
1091 /*
1092 * Account for ".." in new directory.
1093 * When source and destination have the same
1094 * parent we don't fool with the link count.
1095 */
1096 if (doingdirectory && newparent) {
1097 if ((nlink_t)dp->i_nlink >= LINK_MAX) {
1098 error = EMLINK;
1099 goto bad;
1100 }
1101 dp->i_effnlink++;
1102 dp->i_nlink++;
1103 DIP_SET(dp, i_nlink, dp->i_nlink);
1104 dp->i_flag |= IN_CHANGE;
1105 if (DOINGSOFTDEP(tdvp))
1106 softdep_change_linkcnt(dp);
1107 error = UFS_UPDATE(tdvp, !(DOINGSOFTDEP(tdvp) |
1108 DOINGASYNC(tdvp)));
1109 if (error)
1110 goto bad;
1111 }
1112 ufs_makedirentry(ip, tcnp, &newdir);
1113 error = ufs_direnter(tdvp, NULL, &newdir, tcnp, NULL);
1114 if (error) {
1115 if (doingdirectory && newparent) {
1116 dp->i_effnlink--;
1117 dp->i_nlink--;
1118 DIP_SET(dp, i_nlink, dp->i_nlink);
1119 dp->i_flag |= IN_CHANGE;
1120 if (DOINGSOFTDEP(tdvp))
1121 softdep_change_linkcnt(dp);
1122 (void)UFS_UPDATE(tdvp, 1);
1123 }
1124 goto bad;
1125 }
1126 vput(tdvp);
1127 } else {
1128 if (xp->i_dev != dp->i_dev || xp->i_dev != ip->i_dev)
1129 panic("ufs_rename: EXDEV");
1130 /*
1131 * Short circuit rename(foo, foo).
1132 */
1133 if (xp->i_number == ip->i_number)
1134 panic("ufs_rename: same file");
1135 /*
1136 * If the parent directory is "sticky", then the caller
1137 * must possess VADMIN for the parent directory, or the
1138 * destination of the rename. This implements append-only
1139 * directories.
1140 */
1141 if ((dp->i_mode & S_ISTXT) &&
1142 VOP_ACCESS(tdvp, VADMIN, tcnp->cn_cred, td) &&
1143 VOP_ACCESS(tvp, VADMIN, tcnp->cn_cred, td)) {
1144 error = EPERM;
1145 goto bad;
1146 }
1147 /*
1148 * Target must be empty if a directory and have no links
1149 * to it. Also, ensure source and target are compatible
1150 * (both directories, or both not directories).
1151 */
1152 if ((xp->i_mode&IFMT) == IFDIR) {
1153 if ((xp->i_effnlink > 2) ||
1154 !ufs_dirempty(xp, dp->i_number, tcnp->cn_cred)) {
1155 error = ENOTEMPTY;
1156 goto bad;
1157 }
1158 if (!doingdirectory) {
1159 error = ENOTDIR;
1160 goto bad;
1161 }
1162 cache_purge(tdvp);
1163 } else if (doingdirectory) {
1164 error = EISDIR;
1165 goto bad;
1166 }
1167 error = ufs_dirrewrite(dp, xp, ip->i_number,
1168 IFTODT(ip->i_mode),
1169 (doingdirectory && newparent) ? newparent : doingdirectory);
1170 if (error)
1171 goto bad;
1172 if (doingdirectory) {
1173 if (!newparent) {
1174 dp->i_effnlink--;
1175 if (DOINGSOFTDEP(tdvp))
1176 softdep_change_linkcnt(dp);
1177 }
1178 xp->i_effnlink--;
1179 if (DOINGSOFTDEP(tvp))
1180 softdep_change_linkcnt(xp);
1181 }
1182 if (doingdirectory && !DOINGSOFTDEP(tvp)) {
1183 /*
1184 * Truncate inode. The only stuff left in the directory
1185 * is "." and "..". The "." reference is inconsequential
1186 * since we are quashing it. We have removed the "."
1187 * reference and the reference in the parent directory,
1188 * but there may be other hard links. The soft
1189 * dependency code will arrange to do these operations
1190 * after the parent directory entry has been deleted on
1191 * disk, so when running with that code we avoid doing
1192 * them now.
1193 */
1194 if (!newparent) {
1195 dp->i_nlink--;
1196 DIP_SET(dp, i_nlink, dp->i_nlink);
1197 dp->i_flag |= IN_CHANGE;
1198 }
1199 xp->i_nlink--;
1200 DIP_SET(xp, i_nlink, xp->i_nlink);
1201 xp->i_flag |= IN_CHANGE;
1202 ioflag = IO_NORMAL;
1203 if (DOINGASYNC(tvp))
1204 ioflag |= IO_SYNC;
1205 if ((error = UFS_TRUNCATE(tvp, (off_t)0, ioflag,
1206 tcnp->cn_cred, tcnp->cn_thread)) != 0)
1207 goto bad;
1208 }
1209 vput(tdvp);
1210 vput(tvp);
1211 xp = NULL;
1212 }
1213
1214 /*
1215 * 3) Unlink the source.
1216 */
1217 fcnp->cn_flags &= ~MODMASK;
1218 fcnp->cn_flags |= LOCKPARENT | LOCKLEAF;
1219 if ((fcnp->cn_flags & SAVESTART) == 0)
1220 panic("ufs_rename: lost from startdir");
1221 VREF(fdvp);
1222 error = relookup(fdvp, &fvp, fcnp);
1223 if (error == 0)
1224 vrele(fdvp);
1225 if (fvp != NULL) {
1226 xp = VTOI(fvp);
1227 dp = VTOI(fdvp);
1228 } else {
1229 /*
1230 * From name has disappeared. IN_RENAME is not sufficient
1231 * to protect against directory races due to timing windows,
1232 * so we have to remove the panic. XXX the only real way
1233 * to solve this issue is at a much higher level. By the
1234 * time we hit ufs_rename() it's too late.
1235 */
1236 #if 0
1237 if (doingdirectory)
1238 panic("ufs_rename: lost dir entry");
1239 #endif
1240 vrele(ap->a_fvp);
1241 return (0);
1242 }
1243 /*
1244 * Ensure that the directory entry still exists and has not
1245 * changed while the new name has been entered. If the source is
1246 * a file then the entry may have been unlinked or renamed. In
1247 * either case there is no further work to be done. If the source
1248 * is a directory then it cannot have been rmdir'ed; the IN_RENAME
1249 * flag ensures that it cannot be moved by another rename or removed
1250 * by a rmdir.
1251 */
1252 if (xp != ip) {
1253 /*
1254 * From name resolves to a different inode. IN_RENAME is
1255 * not sufficient protection against timing window races
1256 * so we can't panic here. XXX the only real way
1257 * to solve this issue is at a much higher level. By the
1258 * time we hit ufs_rename() it's too late.
1259 */
1260 #if 0
1261 if (doingdirectory)
1262 panic("ufs_rename: lost dir entry");
1263 #endif
1264 } else {
1265 /*
1266 * If the source is a directory with a
1267 * new parent, the link count of the old
1268 * parent directory must be decremented
1269 * and ".." set to point to the new parent.
1270 */
1271 if (doingdirectory && newparent) {
1272 xp->i_offset = mastertemplate.dot_reclen;
1273 ufs_dirrewrite(xp, dp, newparent, DT_DIR, 0);
1274 cache_purge(fdvp);
1275 }
1276 error = ufs_dirremove(fdvp, xp, fcnp->cn_flags, 0);
1277 xp->i_flag &= ~IN_RENAME;
1278 }
1279 if (dp)
1280 vput(fdvp);
1281 if (xp)
1282 vput(fvp);
1283 vrele(ap->a_fvp);
1284 return (error);
1285
1286 bad:
1287 if (xp)
1288 vput(ITOV(xp));
1289 vput(ITOV(dp));
1290 out:
1291 if (doingdirectory)
1292 ip->i_flag &= ~IN_RENAME;
1293 if (vn_lock(fvp, LK_EXCLUSIVE, td) == 0) {
1294 ip->i_effnlink--;
1295 ip->i_nlink--;
1296 DIP_SET(ip, i_nlink, ip->i_nlink);
1297 ip->i_flag |= IN_CHANGE;
1298 ip->i_flag &= ~IN_RENAME;
1299 if (DOINGSOFTDEP(fvp))
1300 softdep_change_linkcnt(ip);
1301 vput(fvp);
1302 } else
1303 vrele(fvp);
1304 return (error);
1305 }
1306
1307 /*
1308 * Mkdir system call
1309 */
1310 static int
1311 ufs_mkdir(ap)
1312 struct vop_mkdir_args /* {
1313 struct vnode *a_dvp;
1314 struct vnode **a_vpp;
1315 struct componentname *a_cnp;
1316 struct vattr *a_vap;
1317 } */ *ap;
1318 {
1319 struct vnode *dvp = ap->a_dvp;
1320 struct vattr *vap = ap->a_vap;
1321 struct componentname *cnp = ap->a_cnp;
1322 struct inode *ip, *dp;
1323 struct vnode *tvp;
1324 struct buf *bp;
1325 struct dirtemplate dirtemplate, *dtp;
1326 struct direct newdir;
1327 #ifdef UFS_ACL
1328 struct acl *acl, *dacl;
1329 #endif
1330 int error, dmode;
1331 long blkoff;
1332
1333 #ifdef DIAGNOSTIC
1334 if ((cnp->cn_flags & HASBUF) == 0)
1335 panic("ufs_mkdir: no name");
1336 #endif
1337 dp = VTOI(dvp);
1338 if ((nlink_t)dp->i_nlink >= LINK_MAX) {
1339 error = EMLINK;
1340 goto out;
1341 }
1342 dmode = vap->va_mode & 0777;
1343 dmode |= IFDIR;
1344 /*
1345 * Must simulate part of ufs_makeinode here to acquire the inode,
1346 * but not have it entered in the parent directory. The entry is
1347 * made later after writing "." and ".." entries.
1348 */
1349 error = UFS_VALLOC(dvp, dmode, cnp->cn_cred, &tvp);
1350 if (error)
1351 goto out;
1352 ip = VTOI(tvp);
1353 ip->i_gid = dp->i_gid;
1354 DIP_SET(ip, i_gid, dp->i_gid);
1355 #ifdef SUIDDIR
1356 {
1357 #ifdef QUOTA
1358 struct ucred ucred, *ucp;
1359 ucp = cnp->cn_cred;
1360 #endif
1361 /*
1362 * If we are hacking owners here, (only do this where told to)
1363 * and we are not giving it TO root, (would subvert quotas)
1364 * then go ahead and give it to the other user.
1365 * The new directory also inherits the SUID bit.
1366 * If user's UID and dir UID are the same,
1367 * 'give it away' so that the SUID is still forced on.
1368 */
1369 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) &&
1370 (dp->i_mode & ISUID) && dp->i_uid) {
1371 dmode |= ISUID;
1372 ip->i_uid = dp->i_uid;
1373 DIP_SET(ip, i_uid, dp->i_uid);
1374 #ifdef QUOTA
1375 if (dp->i_uid != cnp->cn_cred->cr_uid) {
1376 /*
1377 * Make sure the correct user gets charged
1378 * for the space.
1379 * Make a dummy credential for the victim.
1380 * XXX This seems to never be accessed out of
1381 * our context so a stack variable is ok.
1382 */
1383 ucred.cr_ref = 1;
1384 ucred.cr_uid = ip->i_uid;
1385 ucred.cr_ngroups = 1;
1386 ucred.cr_groups[0] = dp->i_gid;
1387 ucp = &ucred;
1388 }
1389 #endif
1390 } else {
1391 ip->i_uid = cnp->cn_cred->cr_uid;
1392 DIP_SET(ip, i_uid, ip->i_uid);
1393 }
1394 #ifdef QUOTA
1395 if ((error = getinoquota(ip)) ||
1396 (error = chkiq(ip, 1, ucp, 0))) {
1397 UFS_VFREE(tvp, ip->i_number, dmode);
1398 vput(tvp);
1399 return (error);
1400 }
1401 #endif
1402 }
1403 #else /* !SUIDDIR */
1404 ip->i_uid = cnp->cn_cred->cr_uid;
1405 DIP_SET(ip, i_uid, ip->i_uid);
1406 #ifdef QUOTA
1407 if ((error = getinoquota(ip)) ||
1408 (error = chkiq(ip, 1, cnp->cn_cred, 0))) {
1409 UFS_VFREE(tvp, ip->i_number, dmode);
1410 vput(tvp);
1411 return (error);
1412 }
1413 #endif
1414 #endif /* !SUIDDIR */
1415 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE;
1416 #ifdef UFS_ACL
1417 acl = dacl = NULL;
1418 if ((dvp->v_mount->mnt_flag & MNT_ACLS) != 0) {
1419 acl = uma_zalloc(acl_zone, M_WAITOK);
1420 dacl = uma_zalloc(acl_zone, M_WAITOK);
1421
1422 /*
1423 * Retrieve default ACL from parent, if any.
1424 */
1425 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cnp->cn_cred,
1426 cnp->cn_thread);
1427 switch (error) {
1428 case 0:
1429 /*
1430 * Retrieved a default ACL, so merge mode and ACL if
1431 * necessary. If the ACL is empty, fall through to
1432 * the "not defined or available" case.
1433 */
1434 if (acl->acl_cnt != 0) {
1435 dmode = acl_posix1e_newfilemode(dmode, acl);
1436 ip->i_mode = dmode;
1437 DIP_SET(ip, i_mode, dmode);
1438 *dacl = *acl;
1439 ufs_sync_acl_from_inode(ip, acl);
1440 break;
1441 }
1442 /* FALLTHROUGH */
1443
1444 case EOPNOTSUPP:
1445 /*
1446 * Just use the mode as-is.
1447 */
1448 ip->i_mode = dmode;
1449 DIP_SET(ip, i_mode, dmode);
1450 uma_zfree(acl_zone, acl);
1451 uma_zfree(acl_zone, dacl);
1452 dacl = acl = NULL;
1453 break;
1454
1455 default:
1456 UFS_VFREE(tvp, ip->i_number, dmode);
1457 vput(tvp);
1458 uma_zfree(acl_zone, acl);
1459 uma_zfree(acl_zone, dacl);
1460 return (error);
1461 }
1462 } else {
1463 #endif /* !UFS_ACL */
1464 ip->i_mode = dmode;
1465 DIP_SET(ip, i_mode, dmode);
1466 #ifdef UFS_ACL
1467 }
1468 #endif
1469 tvp->v_type = VDIR; /* Rest init'd in getnewvnode(). */
1470 ip->i_effnlink = 2;
1471 ip->i_nlink = 2;
1472 DIP_SET(ip, i_nlink, 2);
1473 if (DOINGSOFTDEP(tvp))
1474 softdep_change_linkcnt(ip);
1475 if (cnp->cn_flags & ISWHITEOUT) {
1476 ip->i_flags |= UF_OPAQUE;
1477 DIP_SET(ip, i_flags, ip->i_flags);
1478 }
1479
1480 /*
1481 * Bump link count in parent directory to reflect work done below.
1482 * Should be done before reference is created so cleanup is
1483 * possible if we crash.
1484 */
1485 dp->i_effnlink++;
1486 dp->i_nlink++;
1487 DIP_SET(dp, i_nlink, dp->i_nlink);
1488 dp->i_flag |= IN_CHANGE;
1489 if (DOINGSOFTDEP(dvp))
1490 softdep_change_linkcnt(dp);
1491 error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(dvp) | DOINGASYNC(dvp)));
1492 if (error)
1493 goto bad;
1494 #ifdef MAC
1495 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) {
1496 error = mac_create_vnode_extattr(cnp->cn_cred, dvp->v_mount,
1497 dvp, tvp, cnp);
1498 if (error)
1499 goto bad;
1500 }
1501 #endif
1502 #ifdef UFS_ACL
1503 if (acl != NULL) {
1504 /*
1505 * XXX: If we abort now, will Soft Updates notify the extattr
1506 * code that the EAs for the file need to be released?
1507 */
1508 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cnp->cn_cred,
1509 cnp->cn_thread);
1510 if (error == 0)
1511 error = VOP_SETACL(tvp, ACL_TYPE_DEFAULT, dacl,
1512 cnp->cn_cred, cnp->cn_thread);
1513 switch (error) {
1514 case 0:
1515 break;
1516
1517 case EOPNOTSUPP:
1518 /*
1519 * XXX: This should not happen, as EOPNOTSUPP above
1520 * was supposed to free acl.
1521 */
1522 printf("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()\n");
1523 /*
1524 panic("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()");
1525 */
1526 break;
1527
1528 default:
1529 uma_zfree(acl_zone, acl);
1530 uma_zfree(acl_zone, dacl);
1531 dacl = acl = NULL;
1532 goto bad;
1533 }
1534 uma_zfree(acl_zone, acl);
1535 uma_zfree(acl_zone, dacl);
1536 dacl = acl = NULL;
1537 }
1538 #endif /* !UFS_ACL */
1539
1540 /*
1541 * Initialize directory with "." and ".." from static template.
1542 */
1543 if (dvp->v_mount->mnt_maxsymlinklen > 0)
1544 dtp = &mastertemplate;
1545 else
1546 dtp = (struct dirtemplate *)&omastertemplate;
1547 dirtemplate = *dtp;
1548 dirtemplate.dot_ino = ip->i_number;
1549 dirtemplate.dotdot_ino = dp->i_number;
1550 if ((error = UFS_BALLOC(tvp, (off_t)0, DIRBLKSIZ, cnp->cn_cred,
1551 BA_CLRBUF, &bp)) != 0)
1552 goto bad;
1553 ip->i_size = DIRBLKSIZ;
1554 DIP_SET(ip, i_size, DIRBLKSIZ);
1555 ip->i_flag |= IN_CHANGE | IN_UPDATE;
1556 vnode_pager_setsize(tvp, (u_long)ip->i_size);
1557 bcopy((caddr_t)&dirtemplate, (caddr_t)bp->b_data, sizeof dirtemplate);
1558 if (DOINGSOFTDEP(tvp)) {
1559 /*
1560 * Ensure that the entire newly allocated block is a
1561 * valid directory so that future growth within the
1562 * block does not have to ensure that the block is
1563 * written before the inode.
1564 */
1565 blkoff = DIRBLKSIZ;
1566 while (blkoff < bp->b_bcount) {
1567 ((struct direct *)
1568 (bp->b_data + blkoff))->d_reclen = DIRBLKSIZ;
1569 blkoff += DIRBLKSIZ;
1570 }
1571 }
1572 if ((error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(tvp) |
1573 DOINGASYNC(tvp)))) != 0) {
1574 (void)bwrite(bp);
1575 goto bad;
1576 }
1577 /*
1578 * Directory set up, now install its entry in the parent directory.
1579 *
1580 * If we are not doing soft dependencies, then we must write out the
1581 * buffer containing the new directory body before entering the new
1582 * name in the parent. If we are doing soft dependencies, then the
1583 * buffer containing the new directory body will be passed to and
1584 * released in the soft dependency code after the code has attached
1585 * an appropriate ordering dependency to the buffer which ensures that
1586 * the buffer is written before the new name is written in the parent.
1587 */
1588 if (DOINGASYNC(dvp))
1589 bdwrite(bp);
1590 else if (!DOINGSOFTDEP(dvp) && ((error = bwrite(bp))))
1591 goto bad;
1592 ufs_makedirentry(ip, cnp, &newdir);
1593 error = ufs_direnter(dvp, tvp, &newdir, cnp, bp);
1594
1595 bad:
1596 if (error == 0) {
1597 *ap->a_vpp = tvp;
1598 } else {
1599 #ifdef UFS_ACL
1600 if (acl != NULL)
1601 uma_zfree(acl_zone, acl);
1602 if (dacl != NULL)
1603 uma_zfree(acl_zone, dacl);
1604 #endif
1605 dp->i_effnlink--;
1606 dp->i_nlink--;
1607 DIP_SET(dp, i_nlink, dp->i_nlink);
1608 dp->i_flag |= IN_CHANGE;
1609 if (DOINGSOFTDEP(dvp))
1610 softdep_change_linkcnt(dp);
1611 /*
1612 * No need to do an explicit VOP_TRUNCATE here, vrele will
1613 * do this for us because we set the link count to 0.
1614 */
1615 ip->i_effnlink = 0;
1616 ip->i_nlink = 0;
1617 DIP_SET(ip, i_nlink, 0);
1618 ip->i_flag |= IN_CHANGE;
1619 if (DOINGSOFTDEP(tvp))
1620 softdep_change_linkcnt(ip);
1621 vput(tvp);
1622 }
1623 out:
1624 return (error);
1625 }
1626
1627 /*
1628 * Rmdir system call.
1629 */
1630 static int
1631 ufs_rmdir(ap)
1632 struct vop_rmdir_args /* {
1633 struct vnode *a_dvp;
1634 struct vnode *a_vp;
1635 struct componentname *a_cnp;
1636 } */ *ap;
1637 {
1638 struct vnode *vp = ap->a_vp;
1639 struct vnode *dvp = ap->a_dvp;
1640 struct componentname *cnp = ap->a_cnp;
1641 struct inode *ip, *dp;
1642 int error, ioflag;
1643
1644 ip = VTOI(vp);
1645 dp = VTOI(dvp);
1646
1647 /*
1648 * Do not remove a directory that is in the process of being renamed.
1649 * Verify the directory is empty (and valid). Rmdir ".." will not be
1650 * valid since ".." will contain a reference to the current directory
1651 * and thus be non-empty. Do not allow the removal of mounted on
1652 * directories (this can happen when an NFS exported filesystem
1653 * tries to remove a locally mounted on directory).
1654 */
1655 error = 0;
1656 if ((ip->i_flag & IN_RENAME) || ip->i_effnlink < 2) {
1657 error = EINVAL;
1658 goto out;
1659 }
1660 if (!ufs_dirempty(ip, dp->i_number, cnp->cn_cred)) {
1661 error = ENOTEMPTY;
1662 goto out;
1663 }
1664 if ((dp->i_flags & APPEND)
1665 || (ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))) {
1666 error = EPERM;
1667 goto out;
1668 }
1669 if (vp->v_mountedhere != 0) {
1670 error = EINVAL;
1671 goto out;
1672 }
1673 /*
1674 * Delete reference to directory before purging
1675 * inode. If we crash in between, the directory
1676 * will be reattached to lost+found,
1677 */
1678 dp->i_effnlink--;
1679 ip->i_effnlink--;
1680 if (DOINGSOFTDEP(vp)) {
1681 softdep_change_linkcnt(dp);
1682 softdep_change_linkcnt(ip);
1683 }
1684 error = ufs_dirremove(dvp, ip, cnp->cn_flags, 1);
1685 if (error) {
1686 dp->i_effnlink++;
1687 ip->i_effnlink++;
1688 if (DOINGSOFTDEP(vp)) {
1689 softdep_change_linkcnt(dp);
1690 softdep_change_linkcnt(ip);
1691 }
1692 goto out;
1693 }
1694 cache_purge(dvp);
1695 /*
1696 * Truncate inode. The only stuff left in the directory is "." and
1697 * "..". The "." reference is inconsequential since we are quashing
1698 * it. The soft dependency code will arrange to do these operations
1699 * after the parent directory entry has been deleted on disk, so
1700 * when running with that code we avoid doing them now.
1701 */
1702 if (!DOINGSOFTDEP(vp)) {
1703 dp->i_nlink--;
1704 DIP_SET(dp, i_nlink, dp->i_nlink);
1705 dp->i_flag |= IN_CHANGE;
1706 ip->i_nlink--;
1707 DIP_SET(ip, i_nlink, ip->i_nlink);
1708 ip->i_flag |= IN_CHANGE;
1709 ioflag = IO_NORMAL;
1710 if (DOINGASYNC(vp))
1711 ioflag |= IO_SYNC;
1712 error = UFS_TRUNCATE(vp, (off_t)0, ioflag, cnp->cn_cred,
1713 cnp->cn_thread);
1714 }
1715 cache_purge(vp);
1716 #ifdef UFS_DIRHASH
1717 /* Kill any active hash; i_effnlink == 0, so it will not come back. */
1718 if (ip->i_dirhash != NULL)
1719 ufsdirhash_free(ip);
1720 #endif
1721 out:
1722 return (error);
1723 }
1724
1725 /*
1726 * symlink -- make a symbolic link
1727 */
1728 static int
1729 ufs_symlink(ap)
1730 struct vop_symlink_args /* {
1731 struct vnode *a_dvp;
1732 struct vnode **a_vpp;
1733 struct componentname *a_cnp;
1734 struct vattr *a_vap;
1735 char *a_target;
1736 } */ *ap;
1737 {
1738 struct vnode *vp, **vpp = ap->a_vpp;
1739 struct inode *ip;
1740 int len, error;
1741
1742 error = ufs_makeinode(IFLNK | ap->a_vap->va_mode, ap->a_dvp,
1743 vpp, ap->a_cnp);
1744 if (error)
1745 return (error);
1746 vp = *vpp;
1747 len = strlen(ap->a_target);
1748 if (len < vp->v_mount->mnt_maxsymlinklen) {
1749 ip = VTOI(vp);
1750 bcopy(ap->a_target, SHORTLINK(ip), len);
1751 ip->i_size = len;
1752 DIP_SET(ip, i_size, len);
1753 ip->i_flag |= IN_CHANGE | IN_UPDATE;
1754 } else
1755 error = vn_rdwr(UIO_WRITE, vp, ap->a_target, len, (off_t)0,
1756 UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK,
1757 ap->a_cnp->cn_cred, NOCRED, (int *)0, (struct thread *)0);
1758 if (error)
1759 vput(vp);
1760 return (error);
1761 }
1762
1763 /*
1764 * Vnode op for reading directories.
1765 *
1766 * The routine below assumes that the on-disk format of a directory
1767 * is the same as that defined by <sys/dirent.h>. If the on-disk
1768 * format changes, then it will be necessary to do a conversion
1769 * from the on-disk format that read returns to the format defined
1770 * by <sys/dirent.h>.
1771 */
1772 int
1773 ufs_readdir(ap)
1774 struct vop_readdir_args /* {
1775 struct vnode *a_vp;
1776 struct uio *a_uio;
1777 struct ucred *a_cred;
1778 int *a_eofflag;
1779 int *ncookies;
1780 u_long **a_cookies;
1781 } */ *ap;
1782 {
1783 struct uio *uio = ap->a_uio;
1784 int error;
1785 size_t count, lost;
1786 off_t off;
1787
1788 if (ap->a_ncookies != NULL)
1789 /*
1790 * Ensure that the block is aligned. The caller can use
1791 * the cookies to determine where in the block to start.
1792 */
1793 uio->uio_offset &= ~(DIRBLKSIZ - 1);
1794 off = uio->uio_offset;
1795 count = uio->uio_resid;
1796 /* Make sure we don't return partial entries. */
1797 if (count <= ((uio->uio_offset + count) & (DIRBLKSIZ -1)))
1798 return (EINVAL);
1799 count -= (uio->uio_offset + count) & (DIRBLKSIZ -1);
1800 lost = uio->uio_resid - count;
1801 uio->uio_resid = count;
1802 uio->uio_iov->iov_len = count;
1803 # if (BYTE_ORDER == LITTLE_ENDIAN)
1804 if (ap->a_vp->v_mount->mnt_maxsymlinklen > 0) {
1805 error = VOP_READ(ap->a_vp, uio, 0, ap->a_cred);
1806 } else {
1807 struct dirent *dp, *edp;
1808 struct uio auio;
1809 struct iovec aiov;
1810 caddr_t dirbuf;
1811 int readcnt;
1812 u_char tmp;
1813
1814 auio = *uio;
1815 auio.uio_iov = &aiov;
1816 auio.uio_iovcnt = 1;
1817 auio.uio_segflg = UIO_SYSSPACE;
1818 aiov.iov_len = count;
1819 MALLOC(dirbuf, caddr_t, count, M_TEMP, M_WAITOK);
1820 aiov.iov_base = dirbuf;
1821 error = VOP_READ(ap->a_vp, &auio, 0, ap->a_cred);
1822 if (error == 0) {
1823 readcnt = count - auio.uio_resid;
1824 edp = (struct dirent *)&dirbuf[readcnt];
1825 for (dp = (struct dirent *)dirbuf; dp < edp; ) {
1826 tmp = dp->d_namlen;
1827 dp->d_namlen = dp->d_type;
1828 dp->d_type = tmp;
1829 if (dp->d_reclen > 0) {
1830 dp = (struct dirent *)
1831 ((char *)dp + dp->d_reclen);
1832 } else {
1833 error = EIO;
1834 break;
1835 }
1836 }
1837 if (dp >= edp)
1838 error = uiomove(dirbuf, readcnt, uio);
1839 }
1840 FREE(dirbuf, M_TEMP);
1841 }
1842 # else
1843 error = VOP_READ(ap->a_vp, uio, 0, ap->a_cred);
1844 # endif
1845 if (!error && ap->a_ncookies != NULL) {
1846 struct dirent* dpStart;
1847 struct dirent* dpEnd;
1848 struct dirent* dp;
1849 int ncookies;
1850 u_long *cookies;
1851 u_long *cookiep;
1852
1853 if (uio->uio_segflg != UIO_SYSSPACE || uio->uio_iovcnt != 1)
1854 panic("ufs_readdir: unexpected uio from NFS server");
1855 dpStart = (struct dirent *)
1856 ((char *)uio->uio_iov->iov_base - (uio->uio_offset - off));
1857 dpEnd = (struct dirent *) uio->uio_iov->iov_base;
1858 for (dp = dpStart, ncookies = 0;
1859 dp < dpEnd;
1860 dp = (struct dirent *)((caddr_t) dp + dp->d_reclen))
1861 ncookies++;
1862 MALLOC(cookies, u_long *, ncookies * sizeof(u_long), M_TEMP,
1863 M_WAITOK);
1864 for (dp = dpStart, cookiep = cookies;
1865 dp < dpEnd;
1866 dp = (struct dirent *)((caddr_t) dp + dp->d_reclen)) {
1867 off += dp->d_reclen;
1868 *cookiep++ = (u_long) off;
1869 }
1870 *ap->a_ncookies = ncookies;
1871 *ap->a_cookies = cookies;
1872 }
1873 uio->uio_resid += lost;
1874 if (ap->a_eofflag)
1875 *ap->a_eofflag = VTOI(ap->a_vp)->i_size <= uio->uio_offset;
1876 return (error);
1877 }
1878
1879 /*
1880 * Return target name of a symbolic link
1881 */
1882 static int
1883 ufs_readlink(ap)
1884 struct vop_readlink_args /* {
1885 struct vnode *a_vp;
1886 struct uio *a_uio;
1887 struct ucred *a_cred;
1888 } */ *ap;
1889 {
1890 struct vnode *vp = ap->a_vp;
1891 struct inode *ip = VTOI(vp);
1892 doff_t isize;
1893
1894 isize = ip->i_size;
1895 if ((isize < vp->v_mount->mnt_maxsymlinklen) ||
1896 DIP(ip, i_blocks) == 0) { /* XXX - for old fastlink support */
1897 return (uiomove(SHORTLINK(ip), isize, ap->a_uio));
1898 }
1899 return (VOP_READ(vp, ap->a_uio, 0, ap->a_cred));
1900 }
1901
1902 /*
1903 * Calculate the logical to physical mapping if not done already,
1904 * then call the device strategy routine.
1905 *
1906 * In order to be able to swap to a file, the ufs_bmaparray() operation may not
1907 * deadlock on memory. See ufs_bmap() for details.
1908 */
1909 static int
1910 ufs_strategy(ap)
1911 struct vop_strategy_args /* {
1912 struct vnode *a_vp;
1913 struct buf *a_bp;
1914 } */ *ap;
1915 {
1916 struct buf *bp = ap->a_bp;
1917 struct vnode *vp = ap->a_vp;
1918 struct bufobj *bo;
1919 struct inode *ip;
1920 ufs2_daddr_t blkno;
1921 int error;
1922
1923 ip = VTOI(vp);
1924 if (bp->b_blkno == bp->b_lblkno) {
1925 error = ufs_bmaparray(vp, bp->b_lblkno, &blkno, bp, NULL, NULL);
1926 bp->b_blkno = blkno;
1927 if (error) {
1928 bp->b_error = error;
1929 bp->b_ioflags |= BIO_ERROR;
1930 bufdone(bp);
1931 return (error);
1932 }
1933 if ((long)bp->b_blkno == -1)
1934 vfs_bio_clrbuf(bp);
1935 }
1936 if ((long)bp->b_blkno == -1) {
1937 bufdone(bp);
1938 return (0);
1939 }
1940 bp->b_iooffset = dbtob(bp->b_blkno);
1941 bo = ip->i_umbufobj;
1942 BO_STRATEGY(bo, bp);
1943 return (0);
1944 }
1945
1946 /*
1947 * Print out the contents of an inode.
1948 */
1949 static int
1950 ufs_print(ap)
1951 struct vop_print_args /* {
1952 struct vnode *a_vp;
1953 } */ *ap;
1954 {
1955 struct vnode *vp = ap->a_vp;
1956 struct inode *ip = VTOI(vp);
1957
1958 printf("\tino %lu, on dev %s", (u_long)ip->i_number,
1959 devtoname(ip->i_dev));
1960 if (vp->v_type == VFIFO)
1961 fifo_printinfo(vp);
1962 printf("\n");
1963 return (0);
1964 }
1965
1966 /*
1967 * Close wrapper for fifos.
1968 *
1969 * Update the times on the inode then do device close.
1970 */
1971 static int
1972 ufsfifo_close(ap)
1973 struct vop_close_args /* {
1974 struct vnode *a_vp;
1975 int a_fflag;
1976 struct ucred *a_cred;
1977 struct thread *a_td;
1978 } */ *ap;
1979 {
1980 struct vnode *vp = ap->a_vp;
1981
1982 VI_LOCK(vp);
1983 if (vp->v_usecount > 1)
1984 ufs_itimes(vp);
1985 VI_UNLOCK(vp);
1986 return (fifo_specops.vop_close(ap));
1987 }
1988
1989 /*
1990 * Kqfilter wrapper for fifos.
1991 *
1992 * Fall through to ufs kqfilter routines if needed
1993 */
1994 static int
1995 ufsfifo_kqfilter(ap)
1996 struct vop_kqfilter_args *ap;
1997 {
1998 int error;
1999
2000 error = fifo_specops.vop_kqfilter(ap);
2001 if (error)
2002 error = vfs_kqfilter(ap);
2003 return (error);
2004 }
2005
2006 /*
2007 * Return POSIX pathconf information applicable to ufs filesystems.
2008 */
2009 static int
2010 ufs_pathconf(ap)
2011 struct vop_pathconf_args /* {
2012 struct vnode *a_vp;
2013 int a_name;
2014 int *a_retval;
2015 } */ *ap;
2016 {
2017 int error;
2018
2019 error = 0;
2020 switch (ap->a_name) {
2021 case _PC_LINK_MAX:
2022 *ap->a_retval = LINK_MAX;
2023 break;
2024 case _PC_NAME_MAX:
2025 *ap->a_retval = NAME_MAX;
2026 break;
2027 case _PC_PATH_MAX:
2028 *ap->a_retval = PATH_MAX;
2029 break;
2030 case _PC_PIPE_BUF:
2031 *ap->a_retval = PIPE_BUF;
2032 break;
2033 case _PC_CHOWN_RESTRICTED:
2034 *ap->a_retval = 1;
2035 break;
2036 case _PC_NO_TRUNC:
2037 *ap->a_retval = 1;
2038 break;
2039 case _PC_ACL_EXTENDED:
2040 #ifdef UFS_ACL
2041 if (ap->a_vp->v_mount->mnt_flag & MNT_ACLS)
2042 *ap->a_retval = 1;
2043 else
2044 *ap->a_retval = 0;
2045 #else
2046 *ap->a_retval = 0;
2047 #endif
2048 break;
2049 case _PC_ACL_PATH_MAX:
2050 #ifdef UFS_ACL
2051 if (ap->a_vp->v_mount->mnt_flag & MNT_ACLS)
2052 *ap->a_retval = ACL_MAX_ENTRIES;
2053 else
2054 *ap->a_retval = 3;
2055 #else
2056 *ap->a_retval = 3;
2057 #endif
2058 break;
2059 case _PC_MAC_PRESENT:
2060 #ifdef MAC
2061 if (ap->a_vp->v_mount->mnt_flag & MNT_MULTILABEL)
2062 *ap->a_retval = 1;
2063 else
2064 *ap->a_retval = 0;
2065 #else
2066 *ap->a_retval = 0;
2067 #endif
2068 break;
2069 case _PC_ASYNC_IO:
2070 /* _PC_ASYNC_IO should have been handled by upper layers. */
2071 KASSERT(0, ("_PC_ASYNC_IO should not get here"));
2072 error = EINVAL;
2073 break;
2074 case _PC_PRIO_IO:
2075 *ap->a_retval = 0;
2076 break;
2077 case _PC_SYNC_IO:
2078 *ap->a_retval = 0;
2079 break;
2080 case _PC_ALLOC_SIZE_MIN:
2081 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_bsize;
2082 break;
2083 case _PC_FILESIZEBITS:
2084 *ap->a_retval = 64;
2085 break;
2086 case _PC_REC_INCR_XFER_SIZE:
2087 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize;
2088 break;
2089 case _PC_REC_MAX_XFER_SIZE:
2090 *ap->a_retval = -1; /* means ``unlimited'' */
2091 break;
2092 case _PC_REC_MIN_XFER_SIZE:
2093 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize;
2094 break;
2095 case _PC_REC_XFER_ALIGN:
2096 *ap->a_retval = PAGE_SIZE;
2097 break;
2098 case _PC_SYMLINK_MAX:
2099 *ap->a_retval = MAXPATHLEN;
2100 break;
2101
2102 default:
2103 error = EINVAL;
2104 break;
2105 }
2106 return (error);
2107 }
2108
2109 /*
2110 * Advisory record locking support
2111 */
2112 static int
2113 ufs_advlock(ap)
2114 struct vop_advlock_args /* {
2115 struct vnode *a_vp;
2116 caddr_t a_id;
2117 int a_op;
2118 struct flock *a_fl;
2119 int a_flags;
2120 } */ *ap;
2121 {
2122 struct inode *ip = VTOI(ap->a_vp);
2123
2124 return (lf_advlock(ap, &(ip->i_lockf), ip->i_size));
2125 }
2126
2127 /*
2128 * Initialize the vnode associated with a new inode, handle aliased
2129 * vnodes.
2130 */
2131 int
2132 ufs_vinit(mntp, fifoops, vpp)
2133 struct mount *mntp;
2134 struct vop_vector *fifoops;
2135 struct vnode **vpp;
2136 {
2137 struct inode *ip;
2138 struct vnode *vp;
2139
2140 vp = *vpp;
2141 ip = VTOI(vp);
2142 vp->v_type = IFTOVT(ip->i_mode);
2143 if (vp->v_type == VFIFO)
2144 vp->v_op = fifoops;
2145 ASSERT_VOP_LOCKED(vp, "ufs_vinit");
2146 if (ip->i_number == ROOTINO)
2147 vp->v_vflag |= VV_ROOT;
2148 ip->i_modrev = init_va_filerev();
2149 *vpp = vp;
2150 return (0);
2151 }
2152
2153 /*
2154 * Allocate a new inode.
2155 * Vnode dvp must be locked.
2156 */
2157 static int
2158 ufs_makeinode(mode, dvp, vpp, cnp)
2159 int mode;
2160 struct vnode *dvp;
2161 struct vnode **vpp;
2162 struct componentname *cnp;
2163 {
2164 struct inode *ip, *pdir;
2165 struct direct newdir;
2166 struct vnode *tvp;
2167 #ifdef UFS_ACL
2168 struct acl *acl;
2169 #endif
2170 int error;
2171
2172 pdir = VTOI(dvp);
2173 #ifdef DIAGNOSTIC
2174 if ((cnp->cn_flags & HASBUF) == 0)
2175 panic("ufs_makeinode: no name");
2176 #endif
2177 *vpp = NULL;
2178 if ((mode & IFMT) == 0)
2179 mode |= IFREG;
2180
2181 error = UFS_VALLOC(dvp, mode, cnp->cn_cred, &tvp);
2182 if (error)
2183 return (error);
2184 ip = VTOI(tvp);
2185 ip->i_gid = pdir->i_gid;
2186 DIP_SET(ip, i_gid, pdir->i_gid);
2187 #ifdef SUIDDIR
2188 {
2189 #ifdef QUOTA
2190 struct ucred ucred, *ucp;
2191 ucp = cnp->cn_cred;
2192 #endif
2193 /*
2194 * If we are not the owner of the directory,
2195 * and we are hacking owners here, (only do this where told to)
2196 * and we are not giving it TO root, (would subvert quotas)
2197 * then go ahead and give it to the other user.
2198 * Note that this drops off the execute bits for security.
2199 */
2200 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) &&
2201 (pdir->i_mode & ISUID) &&
2202 (pdir->i_uid != cnp->cn_cred->cr_uid) && pdir->i_uid) {
2203 ip->i_uid = pdir->i_uid;
2204 DIP_SET(ip, i_uid, ip->i_uid);
2205 mode &= ~07111;
2206 #ifdef QUOTA
2207 /*
2208 * Make sure the correct user gets charged
2209 * for the space.
2210 * Quickly knock up a dummy credential for the victim.
2211 * XXX This seems to never be accessed out of our
2212 * context so a stack variable is ok.
2213 */
2214 ucred.cr_ref = 1;
2215 ucred.cr_uid = ip->i_uid;
2216 ucred.cr_ngroups = 1;
2217 ucred.cr_groups[0] = pdir->i_gid;
2218 ucp = &ucred;
2219 #endif
2220 } else {
2221 ip->i_uid = cnp->cn_cred->cr_uid;
2222 DIP_SET(ip, i_uid, ip->i_uid);
2223 }
2224
2225 #ifdef QUOTA
2226 if ((error = getinoquota(ip)) ||
2227 (error = chkiq(ip, 1, ucp, 0))) {
2228 UFS_VFREE(tvp, ip->i_number, mode);
2229 vput(tvp);
2230 return (error);
2231 }
2232 #endif
2233 }
2234 #else /* !SUIDDIR */
2235 ip->i_uid = cnp->cn_cred->cr_uid;
2236 DIP_SET(ip, i_uid, ip->i_uid);
2237 #ifdef QUOTA
2238 if ((error = getinoquota(ip)) ||
2239 (error = chkiq(ip, 1, cnp->cn_cred, 0))) {
2240 UFS_VFREE(tvp, ip->i_number, mode);
2241 vput(tvp);
2242 return (error);
2243 }
2244 #endif
2245 #endif /* !SUIDDIR */
2246 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE;
2247 #ifdef UFS_ACL
2248 acl = NULL;
2249 if ((dvp->v_mount->mnt_flag & MNT_ACLS) != 0) {
2250 acl = uma_zalloc(acl_zone, M_WAITOK);
2251
2252 /*
2253 * Retrieve default ACL for parent, if any.
2254 */
2255 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cnp->cn_cred,
2256 cnp->cn_thread);
2257 switch (error) {
2258 case 0:
2259 /*
2260 * Retrieved a default ACL, so merge mode and ACL if
2261 * necessary.
2262 */
2263 if (acl->acl_cnt != 0) {
2264 /*
2265 * Two possible ways for default ACL to not
2266 * be present. First, the EA can be
2267 * undefined, or second, the default ACL can
2268 * be blank. If it's blank, fall through to
2269 * the it's not defined case.
2270 */
2271 mode = acl_posix1e_newfilemode(mode, acl);
2272 ip->i_mode = mode;
2273 DIP_SET(ip, i_mode, mode);
2274 ufs_sync_acl_from_inode(ip, acl);
2275 break;
2276 }
2277 /* FALLTHROUGH */
2278
2279 case EOPNOTSUPP:
2280 /*
2281 * Just use the mode as-is.
2282 */
2283 ip->i_mode = mode;
2284 DIP_SET(ip, i_mode, mode);
2285 uma_zfree(acl_zone, acl);
2286 acl = NULL;
2287 break;
2288
2289 default:
2290 UFS_VFREE(tvp, ip->i_number, mode);
2291 vput(tvp);
2292 uma_zfree(acl_zone, acl);
2293 acl = NULL;
2294 return (error);
2295 }
2296 } else {
2297 #endif
2298 ip->i_mode = mode;
2299 DIP_SET(ip, i_mode, mode);
2300 #ifdef UFS_ACL
2301 }
2302 #endif
2303 tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */
2304 ip->i_effnlink = 1;
2305 ip->i_nlink = 1;
2306 DIP_SET(ip, i_nlink, 1);
2307 if (DOINGSOFTDEP(tvp))
2308 softdep_change_linkcnt(ip);
2309 if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) &&
2310 suser_cred(cnp->cn_cred, SUSER_ALLOWJAIL)) {
2311 ip->i_mode &= ~ISGID;
2312 DIP_SET(ip, i_mode, ip->i_mode);
2313 }
2314
2315 if (cnp->cn_flags & ISWHITEOUT) {
2316 ip->i_flags |= UF_OPAQUE;
2317 DIP_SET(ip, i_flags, ip->i_flags);
2318 }
2319
2320 /*
2321 * Make sure inode goes to disk before directory entry.
2322 */
2323 error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(tvp) | DOINGASYNC(tvp)));
2324 if (error)
2325 goto bad;
2326 #ifdef MAC
2327 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) {
2328 error = mac_create_vnode_extattr(cnp->cn_cred, dvp->v_mount,
2329 dvp, tvp, cnp);
2330 if (error)
2331 goto bad;
2332 }
2333 #endif
2334 #ifdef UFS_ACL
2335 if (acl != NULL) {
2336 /*
2337 * XXX: If we abort now, will Soft Updates notify the extattr
2338 * code that the EAs for the file need to be released?
2339 */
2340 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cnp->cn_cred,
2341 cnp->cn_thread);
2342 switch (error) {
2343 case 0:
2344 break;
2345
2346 case EOPNOTSUPP:
2347 /*
2348 * XXX: This should not happen, as EOPNOTSUPP above was
2349 * supposed to free acl.
2350 */
2351 printf("ufs_makeinode: VOP_GETACL() but no "
2352 "VOP_SETACL()\n");
2353 /* panic("ufs_makeinode: VOP_GETACL() but no "
2354 "VOP_SETACL()"); */
2355 break;
2356
2357 default:
2358 uma_zfree(acl_zone, acl);
2359 goto bad;
2360 }
2361 uma_zfree(acl_zone, acl);
2362 }
2363 #endif /* !UFS_ACL */
2364 ufs_makedirentry(ip, cnp, &newdir);
2365 error = ufs_direnter(dvp, tvp, &newdir, cnp, NULL);
2366 if (error)
2367 goto bad;
2368 *vpp = tvp;
2369 return (0);
2370
2371 bad:
2372 /*
2373 * Write error occurred trying to update the inode
2374 * or the directory so must deallocate the inode.
2375 */
2376 ip->i_effnlink = 0;
2377 ip->i_nlink = 0;
2378 DIP_SET(ip, i_nlink, 0);
2379 ip->i_flag |= IN_CHANGE;
2380 if (DOINGSOFTDEP(tvp))
2381 softdep_change_linkcnt(ip);
2382 vput(tvp);
2383 return (error);
2384 }
2385
2386 /* Global vfs data structures for ufs. */
2387 struct vop_vector ufs_vnodeops = {
2388 .vop_default = &default_vnodeops,
2389 .vop_fsync = VOP_PANIC,
2390 .vop_read = VOP_PANIC,
2391 .vop_reallocblks = VOP_PANIC,
2392 .vop_write = VOP_PANIC,
2393 .vop_access = ufs_access,
2394 .vop_advlock = ufs_advlock,
2395 .vop_bmap = ufs_bmap,
2396 .vop_cachedlookup = ufs_lookup,
2397 .vop_close = ufs_close,
2398 .vop_create = ufs_create,
2399 .vop_getattr = ufs_getattr,
2400 .vop_inactive = ufs_inactive,
2401 .vop_link = ufs_link,
2402 .vop_lookup = vfs_cache_lookup,
2403 .vop_mkdir = ufs_mkdir,
2404 .vop_mknod = ufs_mknod,
2405 .vop_open = ufs_open,
2406 .vop_pathconf = ufs_pathconf,
2407 .vop_poll = vop_stdpoll,
2408 .vop_print = ufs_print,
2409 .vop_readdir = ufs_readdir,
2410 .vop_readlink = ufs_readlink,
2411 .vop_reclaim = ufs_reclaim,
2412 .vop_remove = ufs_remove,
2413 .vop_rename = ufs_rename,
2414 .vop_rmdir = ufs_rmdir,
2415 .vop_setattr = ufs_setattr,
2416 #ifdef MAC
2417 .vop_setlabel = vop_stdsetlabel_ea,
2418 #endif
2419 .vop_strategy = ufs_strategy,
2420 .vop_symlink = ufs_symlink,
2421 .vop_whiteout = ufs_whiteout,
2422 #ifdef UFS_EXTATTR
2423 .vop_getextattr = ufs_getextattr,
2424 .vop_deleteextattr = ufs_deleteextattr,
2425 .vop_setextattr = ufs_setextattr,
2426 #endif
2427 #ifdef UFS_ACL
2428 .vop_getacl = ufs_getacl,
2429 .vop_setacl = ufs_setacl,
2430 .vop_aclcheck = ufs_aclcheck,
2431 #endif
2432 };
2433
2434 struct vop_vector ufs_fifoops = {
2435 .vop_default = &fifo_specops,
2436 .vop_fsync = VOP_PANIC,
2437 .vop_access = ufs_access,
2438 .vop_close = ufsfifo_close,
2439 .vop_getattr = ufs_getattr,
2440 .vop_inactive = ufs_inactive,
2441 .vop_kqfilter = ufsfifo_kqfilter,
2442 .vop_print = ufs_print,
2443 .vop_read = VOP_PANIC,
2444 .vop_reclaim = ufs_reclaim,
2445 .vop_setattr = ufs_setattr,
2446 #ifdef MAC
2447 .vop_setlabel = vop_stdsetlabel_ea,
2448 #endif
2449 .vop_write = VOP_PANIC,
2450 #ifdef UFS_EXTATTR
2451 .vop_getextattr = ufs_getextattr,
2452 .vop_deleteextattr = ufs_deleteextattr,
2453 .vop_setextattr = ufs_setextattr,
2454 #endif
2455 #ifdef UFS_ACL
2456 .vop_getacl = ufs_getacl,
2457 .vop_setacl = ufs_setacl,
2458 .vop_aclcheck = ufs_aclcheck,
2459 #endif
2460 };
Cache object: 5c5da47f18f76394a2abe725c1245946
|