Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/ufs/ufs/ufs_vnops.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /*- 2 * Copyright (c) 1982, 1986, 1989, 1993, 1995 3 * The Regents of the University of California. All rights reserved. 4 * (c) UNIX System Laboratories, Inc. 5 * All or some portions of this file are derived from material licensed 6 * to the University of California by American Telephone and Telegraph 7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 8 * the permission of UNIX System Laboratories, Inc. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 4. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * @(#)ufs_vnops.c 8.27 (Berkeley) 5/27/95 35 */ 36 37 #include <sys/cdefs.h> 38 __FBSDID("$FreeBSD: releng/6.1/sys/ufs/ufs/ufs_vnops.c 158179 2006-04-30 16:44:43Z cvs2svn $"); 39 40 #include "opt_mac.h" 41 #include "opt_quota.h" 42 #include "opt_suiddir.h" 43 #include "opt_ufs.h" 44 #include "opt_ffs.h" 45 46 #include <sys/param.h> 47 #include <sys/systm.h> 48 #include <sys/malloc.h> 49 #include <sys/namei.h> 50 #include <sys/kernel.h> 51 #include <sys/fcntl.h> 52 #include <sys/stat.h> 53 #include <sys/bio.h> 54 #include <sys/buf.h> 55 #include <sys/mount.h> 56 #include <sys/unistd.h> 57 #include <sys/vnode.h> 58 #include <sys/dirent.h> 59 #include <sys/lockf.h> 60 #include <sys/conf.h> 61 #include <sys/acl.h> 62 #include <sys/mac.h> 63 #include <sys/jail.h> 64 65 #include <machine/mutex.h> 66 67 #include <sys/file.h> /* XXX */ 68 69 #include <vm/vm.h> 70 #include <vm/vm_extern.h> 71 72 #include <fs/fifofs/fifo.h> 73 74 #include <ufs/ufs/acl.h> 75 #include <ufs/ufs/extattr.h> 76 #include <ufs/ufs/quota.h> 77 #include <ufs/ufs/inode.h> 78 #include <ufs/ufs/dir.h> 79 #include <ufs/ufs/ufsmount.h> 80 #include <ufs/ufs/ufs_extern.h> 81 #ifdef UFS_DIRHASH 82 #include <ufs/ufs/dirhash.h> 83 #endif 84 85 #include <ufs/ffs/ffs_extern.h> 86 87 static vop_access_t ufs_access; 88 static vop_advlock_t ufs_advlock; 89 static int ufs_chmod(struct vnode *, int, struct ucred *, struct thread *); 90 static int ufs_chown(struct vnode *, uid_t, gid_t, struct ucred *, struct thread *); 91 static vop_close_t ufs_close; 92 static vop_create_t ufs_create; 93 static vop_getattr_t ufs_getattr; 94 static vop_link_t ufs_link; 95 static int ufs_makeinode(int mode, struct vnode *, struct vnode **, struct componentname *); 96 static vop_mkdir_t ufs_mkdir; 97 static vop_mknod_t ufs_mknod; 98 static vop_open_t ufs_open; 99 static vop_pathconf_t ufs_pathconf; 100 static vop_print_t ufs_print; 101 static vop_readlink_t ufs_readlink; 102 static vop_remove_t ufs_remove; 103 static vop_rename_t ufs_rename; 104 static vop_rmdir_t ufs_rmdir; 105 static vop_setattr_t ufs_setattr; 106 static vop_strategy_t ufs_strategy; 107 static vop_symlink_t ufs_symlink; 108 static vop_whiteout_t ufs_whiteout; 109 static vop_close_t ufsfifo_close; 110 static vop_kqfilter_t ufsfifo_kqfilter; 111 112 /* 113 * A virgin directory (no blushing please). 114 */ 115 static struct dirtemplate mastertemplate = { 116 0, 12, DT_DIR, 1, ".", 117 0, DIRBLKSIZ - 12, DT_DIR, 2, ".." 118 }; 119 static struct odirtemplate omastertemplate = { 120 0, 12, 1, ".", 121 0, DIRBLKSIZ - 12, 2, ".." 122 }; 123 124 void 125 ufs_itimes(vp) 126 struct vnode *vp; 127 { 128 struct inode *ip; 129 struct timespec ts; 130 131 ip = VTOI(vp); 132 if ((ip->i_flag & (IN_ACCESS | IN_CHANGE | IN_UPDATE)) == 0) 133 return; 134 if ((vp->v_type == VBLK || vp->v_type == VCHR) && !DOINGSOFTDEP(vp)) 135 ip->i_flag |= IN_LAZYMOD; 136 else 137 ip->i_flag |= IN_MODIFIED; 138 if ((vp->v_mount->mnt_flag & MNT_RDONLY) == 0) { 139 vfs_timestamp(&ts); 140 if (ip->i_flag & IN_ACCESS) { 141 DIP_SET(ip, i_atime, ts.tv_sec); 142 DIP_SET(ip, i_atimensec, ts.tv_nsec); 143 } 144 if (ip->i_flag & IN_UPDATE) { 145 DIP_SET(ip, i_mtime, ts.tv_sec); 146 DIP_SET(ip, i_mtimensec, ts.tv_nsec); 147 ip->i_modrev++; 148 } 149 if (ip->i_flag & IN_CHANGE) { 150 DIP_SET(ip, i_ctime, ts.tv_sec); 151 DIP_SET(ip, i_ctimensec, ts.tv_nsec); 152 } 153 } 154 ip->i_flag &= ~(IN_ACCESS | IN_CHANGE | IN_UPDATE); 155 } 156 157 /* 158 * Create a regular file 159 */ 160 static int 161 ufs_create(ap) 162 struct vop_create_args /* { 163 struct vnode *a_dvp; 164 struct vnode **a_vpp; 165 struct componentname *a_cnp; 166 struct vattr *a_vap; 167 } */ *ap; 168 { 169 int error; 170 171 error = 172 ufs_makeinode(MAKEIMODE(ap->a_vap->va_type, ap->a_vap->va_mode), 173 ap->a_dvp, ap->a_vpp, ap->a_cnp); 174 if (error) 175 return (error); 176 return (0); 177 } 178 179 /* 180 * Mknod vnode call 181 */ 182 /* ARGSUSED */ 183 static int 184 ufs_mknod(ap) 185 struct vop_mknod_args /* { 186 struct vnode *a_dvp; 187 struct vnode **a_vpp; 188 struct componentname *a_cnp; 189 struct vattr *a_vap; 190 } */ *ap; 191 { 192 struct vattr *vap = ap->a_vap; 193 struct vnode **vpp = ap->a_vpp; 194 struct inode *ip; 195 ino_t ino; 196 int error; 197 198 error = ufs_makeinode(MAKEIMODE(vap->va_type, vap->va_mode), 199 ap->a_dvp, vpp, ap->a_cnp); 200 if (error) 201 return (error); 202 ip = VTOI(*vpp); 203 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE; 204 if (vap->va_rdev != VNOVAL) { 205 /* 206 * Want to be able to use this to make badblock 207 * inodes, so don't truncate the dev number. 208 */ 209 DIP_SET(ip, i_rdev, vap->va_rdev); 210 } 211 /* 212 * Remove inode, then reload it through VFS_VGET so it is 213 * checked to see if it is an alias of an existing entry in 214 * the inode cache. XXX I don't believe this is necessary now. 215 */ 216 (*vpp)->v_type = VNON; 217 ino = ip->i_number; /* Save this before vgone() invalidates ip. */ 218 vgone(*vpp); 219 vput(*vpp); 220 error = VFS_VGET(ap->a_dvp->v_mount, ino, LK_EXCLUSIVE, vpp); 221 if (error) { 222 *vpp = NULL; 223 return (error); 224 } 225 return (0); 226 } 227 228 /* 229 * Open called. 230 */ 231 /* ARGSUSED */ 232 static int 233 ufs_open(struct vop_open_args *ap) 234 { 235 struct vnode *vp = ap->a_vp; 236 struct inode *ip; 237 238 if (vp->v_type == VCHR || vp->v_type == VBLK) 239 return (EOPNOTSUPP); 240 241 ip = VTOI(vp); 242 /* 243 * Files marked append-only must be opened for appending. 244 */ 245 if ((ip->i_flags & APPEND) && 246 (ap->a_mode & (FWRITE | O_APPEND)) == FWRITE) 247 return (EPERM); 248 vnode_create_vobject_off(vp, DIP(ip, i_size), ap->a_td); 249 return (0); 250 } 251 252 /* 253 * Close called. 254 * 255 * Update the times on the inode. 256 */ 257 /* ARGSUSED */ 258 static int 259 ufs_close(ap) 260 struct vop_close_args /* { 261 struct vnode *a_vp; 262 int a_fflag; 263 struct ucred *a_cred; 264 struct thread *a_td; 265 } */ *ap; 266 { 267 struct vnode *vp = ap->a_vp; 268 269 VI_LOCK(vp); 270 if (vp->v_usecount > 1) 271 ufs_itimes(vp); 272 VI_UNLOCK(vp); 273 return (0); 274 } 275 276 static int 277 ufs_access(ap) 278 struct vop_access_args /* { 279 struct vnode *a_vp; 280 int a_mode; 281 struct ucred *a_cred; 282 struct thread *a_td; 283 } */ *ap; 284 { 285 struct vnode *vp = ap->a_vp; 286 struct inode *ip = VTOI(vp); 287 mode_t mode = ap->a_mode; 288 int error; 289 #ifdef UFS_ACL 290 struct acl *acl; 291 #endif 292 293 /* 294 * Disallow write attempts on read-only filesystems; 295 * unless the file is a socket, fifo, or a block or 296 * character device resident on the filesystem. 297 */ 298 if (mode & VWRITE) { 299 switch (vp->v_type) { 300 case VDIR: 301 case VLNK: 302 case VREG: 303 if (vp->v_mount->mnt_flag & MNT_RDONLY) 304 return (EROFS); 305 #ifdef QUOTA 306 if ((error = getinoquota(ip)) != 0) 307 return (error); 308 #endif 309 break; 310 default: 311 break; 312 } 313 } 314 315 /* If immutable bit set, nobody gets to write it. */ 316 if ((mode & VWRITE) && (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT))) 317 return (EPERM); 318 319 #ifdef UFS_ACL 320 if ((vp->v_mount->mnt_flag & MNT_ACLS) != 0) { 321 acl = uma_zalloc(acl_zone, M_WAITOK); 322 error = VOP_GETACL(vp, ACL_TYPE_ACCESS, acl, ap->a_cred, 323 ap->a_td); 324 switch (error) { 325 case EOPNOTSUPP: 326 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, 327 ip->i_gid, ap->a_mode, ap->a_cred, NULL); 328 break; 329 case 0: 330 error = vaccess_acl_posix1e(vp->v_type, ip->i_uid, 331 ip->i_gid, acl, ap->a_mode, ap->a_cred, NULL); 332 break; 333 default: 334 printf( 335 "ufs_access(): Error retrieving ACL on object (%d).\n", 336 error); 337 /* 338 * XXX: Fall back until debugged. Should 339 * eventually possibly log an error, and return 340 * EPERM for safety. 341 */ 342 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, 343 ip->i_gid, ap->a_mode, ap->a_cred, NULL); 344 } 345 uma_zfree(acl_zone, acl); 346 } else 347 #endif /* !UFS_ACL */ 348 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, ip->i_gid, 349 ap->a_mode, ap->a_cred, NULL); 350 return (error); 351 } 352 353 /* ARGSUSED */ 354 static int 355 ufs_getattr(ap) 356 struct vop_getattr_args /* { 357 struct vnode *a_vp; 358 struct vattr *a_vap; 359 struct ucred *a_cred; 360 struct thread *a_td; 361 } */ *ap; 362 { 363 struct vnode *vp = ap->a_vp; 364 struct inode *ip = VTOI(vp); 365 struct vattr *vap = ap->a_vap; 366 367 ufs_itimes(vp); 368 /* 369 * Copy from inode table 370 */ 371 vap->va_fsid = dev2udev(ip->i_dev); 372 vap->va_fileid = ip->i_number; 373 vap->va_mode = ip->i_mode & ~IFMT; 374 vap->va_nlink = ip->i_effnlink; 375 vap->va_uid = ip->i_uid; 376 vap->va_gid = ip->i_gid; 377 if (ip->i_ump->um_fstype == UFS1) { 378 vap->va_rdev = ip->i_din1->di_rdev; 379 vap->va_size = ip->i_din1->di_size; 380 vap->va_atime.tv_sec = ip->i_din1->di_atime; 381 vap->va_atime.tv_nsec = ip->i_din1->di_atimensec; 382 vap->va_mtime.tv_sec = ip->i_din1->di_mtime; 383 vap->va_mtime.tv_nsec = ip->i_din1->di_mtimensec; 384 vap->va_ctime.tv_sec = ip->i_din1->di_ctime; 385 vap->va_ctime.tv_nsec = ip->i_din1->di_ctimensec; 386 vap->va_birthtime.tv_sec = 0; 387 vap->va_birthtime.tv_nsec = 0; 388 vap->va_bytes = dbtob((u_quad_t)ip->i_din1->di_blocks); 389 } else { 390 vap->va_rdev = ip->i_din2->di_rdev; 391 vap->va_size = ip->i_din2->di_size; 392 vap->va_atime.tv_sec = ip->i_din2->di_atime; 393 vap->va_atime.tv_nsec = ip->i_din2->di_atimensec; 394 vap->va_mtime.tv_sec = ip->i_din2->di_mtime; 395 vap->va_mtime.tv_nsec = ip->i_din2->di_mtimensec; 396 vap->va_ctime.tv_sec = ip->i_din2->di_ctime; 397 vap->va_ctime.tv_nsec = ip->i_din2->di_ctimensec; 398 vap->va_birthtime.tv_sec = ip->i_din2->di_birthtime; 399 vap->va_birthtime.tv_nsec = ip->i_din2->di_birthnsec; 400 vap->va_bytes = dbtob((u_quad_t)ip->i_din2->di_blocks); 401 } 402 vap->va_flags = ip->i_flags; 403 vap->va_gen = ip->i_gen; 404 vap->va_blocksize = vp->v_mount->mnt_stat.f_iosize; 405 vap->va_type = IFTOVT(ip->i_mode); 406 vap->va_filerev = ip->i_modrev; 407 return (0); 408 } 409 410 /* 411 * Set attribute vnode op. called from several syscalls 412 */ 413 static int 414 ufs_setattr(ap) 415 struct vop_setattr_args /* { 416 struct vnode *a_vp; 417 struct vattr *a_vap; 418 struct ucred *a_cred; 419 struct thread *a_td; 420 } */ *ap; 421 { 422 struct vattr *vap = ap->a_vap; 423 struct vnode *vp = ap->a_vp; 424 struct inode *ip = VTOI(vp); 425 struct ucred *cred = ap->a_cred; 426 struct thread *td = ap->a_td; 427 int error; 428 429 /* 430 * Check for unsettable attributes. 431 */ 432 if ((vap->va_type != VNON) || (vap->va_nlink != VNOVAL) || 433 (vap->va_fsid != VNOVAL) || (vap->va_fileid != VNOVAL) || 434 (vap->va_blocksize != VNOVAL) || (vap->va_rdev != VNOVAL) || 435 ((int)vap->va_bytes != VNOVAL) || (vap->va_gen != VNOVAL)) { 436 return (EINVAL); 437 } 438 /* 439 * Mark for update the file's access time for vfs_mark_atime(). 440 * We are doing this here to avoid some of the checks done 441 * below -- this operation is done by request of the kernel and 442 * should bypass some security checks. Things like read-only 443 * checks get handled by other levels (e.g., ffs_update()). 444 */ 445 if (vap->va_vaflags & VA_MARK_ATIME) { 446 ip->i_flag |= IN_ACCESS; 447 return (0); 448 } 449 if (vap->va_flags != VNOVAL) { 450 if (vp->v_mount->mnt_flag & MNT_RDONLY) 451 return (EROFS); 452 /* 453 * Callers may only modify the file flags on objects they 454 * have VADMIN rights for. 455 */ 456 if ((error = VOP_ACCESS(vp, VADMIN, cred, td))) 457 return (error); 458 /* 459 * Unprivileged processes are not permitted to unset system 460 * flags, or modify flags if any system flags are set. 461 * Privileged non-jail processes may not modify system flags 462 * if securelevel > 0 and any existing system flags are set. 463 * Privileged jail processes behave like privileged non-jail 464 * processes if the security.jail.chflags_allowed sysctl is 465 * is non-zero; otherwise, they behave like unprivileged 466 * processes. 467 */ 468 if (!suser_cred(cred, 469 jail_chflags_allowed ? SUSER_ALLOWJAIL : 0)) { 470 if (ip->i_flags 471 & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) { 472 error = securelevel_gt(cred, 0); 473 if (error) 474 return (error); 475 } 476 /* Snapshot flag cannot be set or cleared */ 477 if (((vap->va_flags & SF_SNAPSHOT) != 0 && 478 (ip->i_flags & SF_SNAPSHOT) == 0) || 479 ((vap->va_flags & SF_SNAPSHOT) == 0 && 480 (ip->i_flags & SF_SNAPSHOT) != 0)) 481 return (EPERM); 482 ip->i_flags = vap->va_flags; 483 DIP_SET(ip, i_flags, vap->va_flags); 484 } else { 485 if (ip->i_flags 486 & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND) || 487 (vap->va_flags & UF_SETTABLE) != vap->va_flags) 488 return (EPERM); 489 ip->i_flags &= SF_SETTABLE; 490 ip->i_flags |= (vap->va_flags & UF_SETTABLE); 491 DIP_SET(ip, i_flags, ip->i_flags); 492 } 493 ip->i_flag |= IN_CHANGE; 494 if (vap->va_flags & (IMMUTABLE | APPEND)) 495 return (0); 496 } 497 if (ip->i_flags & (IMMUTABLE | APPEND)) 498 return (EPERM); 499 /* 500 * Go through the fields and update iff not VNOVAL. 501 */ 502 if (vap->va_uid != (uid_t)VNOVAL || vap->va_gid != (gid_t)VNOVAL) { 503 if (vp->v_mount->mnt_flag & MNT_RDONLY) 504 return (EROFS); 505 if ((error = ufs_chown(vp, vap->va_uid, vap->va_gid, cred, 506 td)) != 0) 507 return (error); 508 } 509 if (vap->va_size != VNOVAL) { 510 /* 511 * Disallow write attempts on read-only filesystems; 512 * unless the file is a socket, fifo, or a block or 513 * character device resident on the filesystem. 514 */ 515 switch (vp->v_type) { 516 case VDIR: 517 return (EISDIR); 518 case VLNK: 519 case VREG: 520 if (vp->v_mount->mnt_flag & MNT_RDONLY) 521 return (EROFS); 522 if ((ip->i_flags & SF_SNAPSHOT) != 0) 523 return (EPERM); 524 break; 525 default: 526 break; 527 } 528 if ((error = UFS_TRUNCATE(vp, vap->va_size, IO_NORMAL, 529 cred, td)) != 0) 530 return (error); 531 } 532 if (vap->va_atime.tv_sec != VNOVAL || 533 vap->va_mtime.tv_sec != VNOVAL || 534 vap->va_birthtime.tv_sec != VNOVAL) { 535 if (vp->v_mount->mnt_flag & MNT_RDONLY) 536 return (EROFS); 537 if ((ip->i_flags & SF_SNAPSHOT) != 0) 538 return (EPERM); 539 /* 540 * From utimes(2): 541 * If times is NULL, ... The caller must be the owner of 542 * the file, have permission to write the file, or be the 543 * super-user. 544 * If times is non-NULL, ... The caller must be the owner of 545 * the file or be the super-user. 546 */ 547 if ((error = VOP_ACCESS(vp, VADMIN, cred, td)) && 548 ((vap->va_vaflags & VA_UTIMES_NULL) == 0 || 549 (error = VOP_ACCESS(vp, VWRITE, cred, td)))) 550 return (error); 551 if (vap->va_atime.tv_sec != VNOVAL) 552 ip->i_flag |= IN_ACCESS; 553 if (vap->va_mtime.tv_sec != VNOVAL) 554 ip->i_flag |= IN_CHANGE | IN_UPDATE; 555 if (vap->va_birthtime.tv_sec != VNOVAL && 556 ip->i_ump->um_fstype == UFS2) 557 ip->i_flag |= IN_MODIFIED; 558 ufs_itimes(vp); 559 if (vap->va_atime.tv_sec != VNOVAL) { 560 DIP_SET(ip, i_atime, vap->va_atime.tv_sec); 561 DIP_SET(ip, i_atimensec, vap->va_atime.tv_nsec); 562 } 563 if (vap->va_mtime.tv_sec != VNOVAL) { 564 DIP_SET(ip, i_mtime, vap->va_mtime.tv_sec); 565 DIP_SET(ip, i_mtimensec, vap->va_mtime.tv_nsec); 566 } 567 if (vap->va_birthtime.tv_sec != VNOVAL && 568 ip->i_ump->um_fstype == UFS2) { 569 ip->i_din2->di_birthtime = vap->va_birthtime.tv_sec; 570 ip->i_din2->di_birthnsec = vap->va_birthtime.tv_nsec; 571 } 572 error = UFS_UPDATE(vp, 0); 573 if (error) 574 return (error); 575 } 576 error = 0; 577 if (vap->va_mode != (mode_t)VNOVAL) { 578 if (vp->v_mount->mnt_flag & MNT_RDONLY) 579 return (EROFS); 580 if ((ip->i_flags & SF_SNAPSHOT) != 0 && (vap->va_mode & 581 (S_IXUSR | S_IWUSR | S_IXGRP | S_IWGRP | S_IXOTH | S_IWOTH))) 582 return (EPERM); 583 error = ufs_chmod(vp, (int)vap->va_mode, cred, td); 584 } 585 return (error); 586 } 587 588 /* 589 * Change the mode on a file. 590 * Inode must be locked before calling. 591 */ 592 static int 593 ufs_chmod(vp, mode, cred, td) 594 struct vnode *vp; 595 int mode; 596 struct ucred *cred; 597 struct thread *td; 598 { 599 struct inode *ip = VTOI(vp); 600 int error; 601 602 /* 603 * To modify the permissions on a file, must possess VADMIN 604 * for that file. 605 */ 606 if ((error = VOP_ACCESS(vp, VADMIN, cred, td))) 607 return (error); 608 /* 609 * Privileged processes may set the sticky bit on non-directories, 610 * as well as set the setgid bit on a file with a group that the 611 * process is not a member of. Both of these are allowed in 612 * jail(8). 613 */ 614 if (vp->v_type != VDIR && (mode & S_ISTXT)) { 615 if (suser_cred(cred, SUSER_ALLOWJAIL)) 616 return (EFTYPE); 617 } 618 if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) { 619 error = suser_cred(cred, SUSER_ALLOWJAIL); 620 if (error) 621 return (error); 622 } 623 ip->i_mode &= ~ALLPERMS; 624 ip->i_mode |= (mode & ALLPERMS); 625 DIP_SET(ip, i_mode, ip->i_mode); 626 ip->i_flag |= IN_CHANGE; 627 return (0); 628 } 629 630 /* 631 * Perform chown operation on inode ip; 632 * inode must be locked prior to call. 633 */ 634 static int 635 ufs_chown(vp, uid, gid, cred, td) 636 struct vnode *vp; 637 uid_t uid; 638 gid_t gid; 639 struct ucred *cred; 640 struct thread *td; 641 { 642 struct inode *ip = VTOI(vp); 643 uid_t ouid; 644 gid_t ogid; 645 int error = 0; 646 #ifdef QUOTA 647 int i; 648 ufs2_daddr_t change; 649 #endif 650 651 if (uid == (uid_t)VNOVAL) 652 uid = ip->i_uid; 653 if (gid == (gid_t)VNOVAL) 654 gid = ip->i_gid; 655 /* 656 * To modify the ownership of a file, must possess VADMIN 657 * for that file. 658 */ 659 if ((error = VOP_ACCESS(vp, VADMIN, cred, td))) 660 return (error); 661 /* 662 * To change the owner of a file, or change the group of a file 663 * to a group of which we are not a member, the caller must 664 * have privilege. 665 */ 666 if ((uid != ip->i_uid || 667 (gid != ip->i_gid && !groupmember(gid, cred))) && 668 (error = suser_cred(cred, SUSER_ALLOWJAIL))) 669 return (error); 670 ogid = ip->i_gid; 671 ouid = ip->i_uid; 672 #ifdef QUOTA 673 if ((error = getinoquota(ip)) != 0) 674 return (error); 675 if (ouid == uid) { 676 dqrele(vp, ip->i_dquot[USRQUOTA]); 677 ip->i_dquot[USRQUOTA] = NODQUOT; 678 } 679 if (ogid == gid) { 680 dqrele(vp, ip->i_dquot[GRPQUOTA]); 681 ip->i_dquot[GRPQUOTA] = NODQUOT; 682 } 683 change = DIP(ip, i_blocks); 684 (void) chkdq(ip, -change, cred, CHOWN); 685 (void) chkiq(ip, -1, cred, CHOWN); 686 for (i = 0; i < MAXQUOTAS; i++) { 687 dqrele(vp, ip->i_dquot[i]); 688 ip->i_dquot[i] = NODQUOT; 689 } 690 #endif 691 ip->i_gid = gid; 692 DIP_SET(ip, i_gid, gid); 693 ip->i_uid = uid; 694 DIP_SET(ip, i_uid, uid); 695 #ifdef QUOTA 696 if ((error = getinoquota(ip)) == 0) { 697 if (ouid == uid) { 698 dqrele(vp, ip->i_dquot[USRQUOTA]); 699 ip->i_dquot[USRQUOTA] = NODQUOT; 700 } 701 if (ogid == gid) { 702 dqrele(vp, ip->i_dquot[GRPQUOTA]); 703 ip->i_dquot[GRPQUOTA] = NODQUOT; 704 } 705 if ((error = chkdq(ip, change, cred, CHOWN)) == 0) { 706 if ((error = chkiq(ip, 1, cred, CHOWN)) == 0) 707 goto good; 708 else 709 (void) chkdq(ip, -change, cred, CHOWN|FORCE); 710 } 711 for (i = 0; i < MAXQUOTAS; i++) { 712 dqrele(vp, ip->i_dquot[i]); 713 ip->i_dquot[i] = NODQUOT; 714 } 715 } 716 ip->i_gid = ogid; 717 DIP_SET(ip, i_gid, ogid); 718 ip->i_uid = ouid; 719 DIP_SET(ip, i_uid, ouid); 720 if (getinoquota(ip) == 0) { 721 if (ouid == uid) { 722 dqrele(vp, ip->i_dquot[USRQUOTA]); 723 ip->i_dquot[USRQUOTA] = NODQUOT; 724 } 725 if (ogid == gid) { 726 dqrele(vp, ip->i_dquot[GRPQUOTA]); 727 ip->i_dquot[GRPQUOTA] = NODQUOT; 728 } 729 (void) chkdq(ip, change, cred, FORCE|CHOWN); 730 (void) chkiq(ip, 1, cred, FORCE|CHOWN); 731 (void) getinoquota(ip); 732 } 733 return (error); 734 good: 735 if (getinoquota(ip)) 736 panic("ufs_chown: lost quota"); 737 #endif /* QUOTA */ 738 ip->i_flag |= IN_CHANGE; 739 if (suser_cred(cred, SUSER_ALLOWJAIL) && (ouid != uid || ogid != gid)) { 740 ip->i_mode &= ~(ISUID | ISGID); 741 DIP_SET(ip, i_mode, ip->i_mode); 742 } 743 return (0); 744 } 745 746 static int 747 ufs_remove(ap) 748 struct vop_remove_args /* { 749 struct vnode *a_dvp; 750 struct vnode *a_vp; 751 struct componentname *a_cnp; 752 } */ *ap; 753 { 754 struct inode *ip; 755 struct vnode *vp = ap->a_vp; 756 struct vnode *dvp = ap->a_dvp; 757 int error; 758 struct thread *td; 759 760 td = curthread; 761 ip = VTOI(vp); 762 if ((ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) || 763 (VTOI(dvp)->i_flags & APPEND)) { 764 error = EPERM; 765 goto out; 766 } 767 error = ufs_dirremove(dvp, ip, ap->a_cnp->cn_flags, 0); 768 if (ip->i_nlink <= 0) 769 vp->v_vflag |= VV_NOSYNC; 770 if ((ip->i_flags & SF_SNAPSHOT) != 0) { 771 /* 772 * Avoid deadlock where another thread is trying to 773 * update the inodeblock for dvp and is waiting on 774 * snaplk. Temporary unlock the vnode lock for the 775 * unlinked file and sync the directory. This should 776 * allow vput() of the directory to not block later on 777 * while holding the snapshot vnode locked, assuming 778 * that the directory hasn't been unlinked too. 779 */ 780 VOP_UNLOCK(vp, 0, td); 781 (void) VOP_FSYNC(dvp, MNT_WAIT, td); 782 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); 783 } 784 out: 785 return (error); 786 } 787 788 /* 789 * link vnode call 790 */ 791 static int 792 ufs_link(ap) 793 struct vop_link_args /* { 794 struct vnode *a_tdvp; 795 struct vnode *a_vp; 796 struct componentname *a_cnp; 797 } */ *ap; 798 { 799 struct vnode *vp = ap->a_vp; 800 struct vnode *tdvp = ap->a_tdvp; 801 struct componentname *cnp = ap->a_cnp; 802 struct inode *ip; 803 struct direct newdir; 804 int error; 805 806 #ifdef DIAGNOSTIC 807 if ((cnp->cn_flags & HASBUF) == 0) 808 panic("ufs_link: no name"); 809 #endif 810 if (tdvp->v_mount != vp->v_mount) { 811 error = EXDEV; 812 goto out; 813 } 814 ip = VTOI(vp); 815 if ((nlink_t)ip->i_nlink >= LINK_MAX) { 816 error = EMLINK; 817 goto out; 818 } 819 if (ip->i_flags & (IMMUTABLE | APPEND)) { 820 error = EPERM; 821 goto out; 822 } 823 ip->i_effnlink++; 824 ip->i_nlink++; 825 DIP_SET(ip, i_nlink, ip->i_nlink); 826 ip->i_flag |= IN_CHANGE; 827 if (DOINGSOFTDEP(vp)) 828 softdep_change_linkcnt(ip); 829 error = UFS_UPDATE(vp, !(DOINGSOFTDEP(vp) | DOINGASYNC(vp))); 830 if (!error) { 831 ufs_makedirentry(ip, cnp, &newdir); 832 error = ufs_direnter(tdvp, vp, &newdir, cnp, NULL); 833 } 834 835 if (error) { 836 ip->i_effnlink--; 837 ip->i_nlink--; 838 DIP_SET(ip, i_nlink, ip->i_nlink); 839 ip->i_flag |= IN_CHANGE; 840 if (DOINGSOFTDEP(vp)) 841 softdep_change_linkcnt(ip); 842 } 843 out: 844 return (error); 845 } 846 847 /* 848 * whiteout vnode call 849 */ 850 static int 851 ufs_whiteout(ap) 852 struct vop_whiteout_args /* { 853 struct vnode *a_dvp; 854 struct componentname *a_cnp; 855 int a_flags; 856 } */ *ap; 857 { 858 struct vnode *dvp = ap->a_dvp; 859 struct componentname *cnp = ap->a_cnp; 860 struct direct newdir; 861 int error = 0; 862 863 switch (ap->a_flags) { 864 case LOOKUP: 865 /* 4.4 format directories support whiteout operations */ 866 if (dvp->v_mount->mnt_maxsymlinklen > 0) 867 return (0); 868 return (EOPNOTSUPP); 869 870 case CREATE: 871 /* create a new directory whiteout */ 872 #ifdef DIAGNOSTIC 873 if ((cnp->cn_flags & SAVENAME) == 0) 874 panic("ufs_whiteout: missing name"); 875 if (dvp->v_mount->mnt_maxsymlinklen <= 0) 876 panic("ufs_whiteout: old format filesystem"); 877 #endif 878 879 newdir.d_ino = WINO; 880 newdir.d_namlen = cnp->cn_namelen; 881 bcopy(cnp->cn_nameptr, newdir.d_name, (unsigned)cnp->cn_namelen + 1); 882 newdir.d_type = DT_WHT; 883 error = ufs_direnter(dvp, NULL, &newdir, cnp, NULL); 884 break; 885 886 case DELETE: 887 /* remove an existing directory whiteout */ 888 #ifdef DIAGNOSTIC 889 if (dvp->v_mount->mnt_maxsymlinklen <= 0) 890 panic("ufs_whiteout: old format filesystem"); 891 #endif 892 893 cnp->cn_flags &= ~DOWHITEOUT; 894 error = ufs_dirremove(dvp, NULL, cnp->cn_flags, 0); 895 break; 896 default: 897 panic("ufs_whiteout: unknown op"); 898 } 899 return (error); 900 } 901 902 /* 903 * Rename system call. 904 * rename("foo", "bar"); 905 * is essentially 906 * unlink("bar"); 907 * link("foo", "bar"); 908 * unlink("foo"); 909 * but ``atomically''. Can't do full commit without saving state in the 910 * inode on disk which isn't feasible at this time. Best we can do is 911 * always guarantee the target exists. 912 * 913 * Basic algorithm is: 914 * 915 * 1) Bump link count on source while we're linking it to the 916 * target. This also ensure the inode won't be deleted out 917 * from underneath us while we work (it may be truncated by 918 * a concurrent `trunc' or `open' for creation). 919 * 2) Link source to destination. If destination already exists, 920 * delete it first. 921 * 3) Unlink source reference to inode if still around. If a 922 * directory was moved and the parent of the destination 923 * is different from the source, patch the ".." entry in the 924 * directory. 925 */ 926 static int 927 ufs_rename(ap) 928 struct vop_rename_args /* { 929 struct vnode *a_fdvp; 930 struct vnode *a_fvp; 931 struct componentname *a_fcnp; 932 struct vnode *a_tdvp; 933 struct vnode *a_tvp; 934 struct componentname *a_tcnp; 935 } */ *ap; 936 { 937 struct vnode *tvp = ap->a_tvp; 938 struct vnode *tdvp = ap->a_tdvp; 939 struct vnode *fvp = ap->a_fvp; 940 struct vnode *fdvp = ap->a_fdvp; 941 struct componentname *tcnp = ap->a_tcnp; 942 struct componentname *fcnp = ap->a_fcnp; 943 struct thread *td = fcnp->cn_thread; 944 struct inode *ip, *xp, *dp; 945 struct direct newdir; 946 int doingdirectory = 0, oldparent = 0, newparent = 0; 947 int error = 0, ioflag; 948 949 #ifdef DIAGNOSTIC 950 if ((tcnp->cn_flags & HASBUF) == 0 || 951 (fcnp->cn_flags & HASBUF) == 0) 952 panic("ufs_rename: no name"); 953 #endif 954 /* 955 * Check for cross-device rename. 956 */ 957 if ((fvp->v_mount != tdvp->v_mount) || 958 (tvp && (fvp->v_mount != tvp->v_mount))) { 959 error = EXDEV; 960 abortit: 961 if (tdvp == tvp) 962 vrele(tdvp); 963 else 964 vput(tdvp); 965 if (tvp) 966 vput(tvp); 967 vrele(fdvp); 968 vrele(fvp); 969 return (error); 970 } 971 972 if (tvp && ((VTOI(tvp)->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) || 973 (VTOI(tdvp)->i_flags & APPEND))) { 974 error = EPERM; 975 goto abortit; 976 } 977 978 /* 979 * Renaming a file to itself has no effect. The upper layers should 980 * not call us in that case. Temporarily just warn if they do. 981 */ 982 if (fvp == tvp) { 983 printf("ufs_rename: fvp == tvp (can't happen)\n"); 984 error = 0; 985 goto abortit; 986 } 987 988 if ((error = vn_lock(fvp, LK_EXCLUSIVE, td)) != 0) 989 goto abortit; 990 dp = VTOI(fdvp); 991 ip = VTOI(fvp); 992 if (ip->i_nlink >= LINK_MAX) { 993 VOP_UNLOCK(fvp, 0, td); 994 error = EMLINK; 995 goto abortit; 996 } 997 if ((ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) 998 || (dp->i_flags & APPEND)) { 999 VOP_UNLOCK(fvp, 0, td); 1000 error = EPERM; 1001 goto abortit; 1002 } 1003 if ((ip->i_mode & IFMT) == IFDIR) { 1004 /* 1005 * Avoid ".", "..", and aliases of "." for obvious reasons. 1006 */ 1007 if ((fcnp->cn_namelen == 1 && fcnp->cn_nameptr[0] == '.') || 1008 dp == ip || (fcnp->cn_flags | tcnp->cn_flags) & ISDOTDOT || 1009 (ip->i_flag & IN_RENAME)) { 1010 VOP_UNLOCK(fvp, 0, td); 1011 error = EINVAL; 1012 goto abortit; 1013 } 1014 ip->i_flag |= IN_RENAME; 1015 oldparent = dp->i_number; 1016 doingdirectory = 1; 1017 } 1018 vrele(fdvp); 1019 1020 /* 1021 * When the target exists, both the directory 1022 * and target vnodes are returned locked. 1023 */ 1024 dp = VTOI(tdvp); 1025 xp = NULL; 1026 if (tvp) 1027 xp = VTOI(tvp); 1028 1029 /* 1030 * 1) Bump link count while we're moving stuff 1031 * around. If we crash somewhere before 1032 * completing our work, the link count 1033 * may be wrong, but correctable. 1034 */ 1035 ip->i_effnlink++; 1036 ip->i_nlink++; 1037 DIP_SET(ip, i_nlink, ip->i_nlink); 1038 ip->i_flag |= IN_CHANGE; 1039 if (DOINGSOFTDEP(fvp)) 1040 softdep_change_linkcnt(ip); 1041 if ((error = UFS_UPDATE(fvp, !(DOINGSOFTDEP(fvp) | 1042 DOINGASYNC(fvp)))) != 0) { 1043 VOP_UNLOCK(fvp, 0, td); 1044 goto bad; 1045 } 1046 1047 /* 1048 * If ".." must be changed (ie the directory gets a new 1049 * parent) then the source directory must not be in the 1050 * directory heirarchy above the target, as this would 1051 * orphan everything below the source directory. Also 1052 * the user must have write permission in the source so 1053 * as to be able to change "..". We must repeat the call 1054 * to namei, as the parent directory is unlocked by the 1055 * call to checkpath(). 1056 */ 1057 error = VOP_ACCESS(fvp, VWRITE, tcnp->cn_cred, tcnp->cn_thread); 1058 VOP_UNLOCK(fvp, 0, td); 1059 if (oldparent != dp->i_number) 1060 newparent = dp->i_number; 1061 if (doingdirectory && newparent) { 1062 if (error) /* write access check above */ 1063 goto bad; 1064 if (xp != NULL) 1065 vput(tvp); 1066 error = ufs_checkpath(ip, dp, tcnp->cn_cred); 1067 if (error) 1068 goto out; 1069 if ((tcnp->cn_flags & SAVESTART) == 0) 1070 panic("ufs_rename: lost to startdir"); 1071 VREF(tdvp); 1072 error = relookup(tdvp, &tvp, tcnp); 1073 if (error) 1074 goto out; 1075 vrele(tdvp); 1076 dp = VTOI(tdvp); 1077 xp = NULL; 1078 if (tvp) 1079 xp = VTOI(tvp); 1080 } 1081 /* 1082 * 2) If target doesn't exist, link the target 1083 * to the source and unlink the source. 1084 * Otherwise, rewrite the target directory 1085 * entry to reference the source inode and 1086 * expunge the original entry's existence. 1087 */ 1088 if (xp == NULL) { 1089 if (dp->i_dev != ip->i_dev) 1090 panic("ufs_rename: EXDEV"); 1091 /* 1092 * Account for ".." in new directory. 1093 * When source and destination have the same 1094 * parent we don't fool with the link count. 1095 */ 1096 if (doingdirectory && newparent) { 1097 if ((nlink_t)dp->i_nlink >= LINK_MAX) { 1098 error = EMLINK; 1099 goto bad; 1100 } 1101 dp->i_effnlink++; 1102 dp->i_nlink++; 1103 DIP_SET(dp, i_nlink, dp->i_nlink); 1104 dp->i_flag |= IN_CHANGE; 1105 if (DOINGSOFTDEP(tdvp)) 1106 softdep_change_linkcnt(dp); 1107 error = UFS_UPDATE(tdvp, !(DOINGSOFTDEP(tdvp) | 1108 DOINGASYNC(tdvp))); 1109 if (error) 1110 goto bad; 1111 } 1112 ufs_makedirentry(ip, tcnp, &newdir); 1113 error = ufs_direnter(tdvp, NULL, &newdir, tcnp, NULL); 1114 if (error) { 1115 if (doingdirectory && newparent) { 1116 dp->i_effnlink--; 1117 dp->i_nlink--; 1118 DIP_SET(dp, i_nlink, dp->i_nlink); 1119 dp->i_flag |= IN_CHANGE; 1120 if (DOINGSOFTDEP(tdvp)) 1121 softdep_change_linkcnt(dp); 1122 (void)UFS_UPDATE(tdvp, 1); 1123 } 1124 goto bad; 1125 } 1126 vput(tdvp); 1127 } else { 1128 if (xp->i_dev != dp->i_dev || xp->i_dev != ip->i_dev) 1129 panic("ufs_rename: EXDEV"); 1130 /* 1131 * Short circuit rename(foo, foo). 1132 */ 1133 if (xp->i_number == ip->i_number) 1134 panic("ufs_rename: same file"); 1135 /* 1136 * If the parent directory is "sticky", then the caller 1137 * must possess VADMIN for the parent directory, or the 1138 * destination of the rename. This implements append-only 1139 * directories. 1140 */ 1141 if ((dp->i_mode & S_ISTXT) && 1142 VOP_ACCESS(tdvp, VADMIN, tcnp->cn_cred, td) && 1143 VOP_ACCESS(tvp, VADMIN, tcnp->cn_cred, td)) { 1144 error = EPERM; 1145 goto bad; 1146 } 1147 /* 1148 * Target must be empty if a directory and have no links 1149 * to it. Also, ensure source and target are compatible 1150 * (both directories, or both not directories). 1151 */ 1152 if ((xp->i_mode&IFMT) == IFDIR) { 1153 if ((xp->i_effnlink > 2) || 1154 !ufs_dirempty(xp, dp->i_number, tcnp->cn_cred)) { 1155 error = ENOTEMPTY; 1156 goto bad; 1157 } 1158 if (!doingdirectory) { 1159 error = ENOTDIR; 1160 goto bad; 1161 } 1162 cache_purge(tdvp); 1163 } else if (doingdirectory) { 1164 error = EISDIR; 1165 goto bad; 1166 } 1167 error = ufs_dirrewrite(dp, xp, ip->i_number, 1168 IFTODT(ip->i_mode), 1169 (doingdirectory && newparent) ? newparent : doingdirectory); 1170 if (error) 1171 goto bad; 1172 if (doingdirectory) { 1173 if (!newparent) { 1174 dp->i_effnlink--; 1175 if (DOINGSOFTDEP(tdvp)) 1176 softdep_change_linkcnt(dp); 1177 } 1178 xp->i_effnlink--; 1179 if (DOINGSOFTDEP(tvp)) 1180 softdep_change_linkcnt(xp); 1181 } 1182 if (doingdirectory && !DOINGSOFTDEP(tvp)) { 1183 /* 1184 * Truncate inode. The only stuff left in the directory 1185 * is "." and "..". The "." reference is inconsequential 1186 * since we are quashing it. We have removed the "." 1187 * reference and the reference in the parent directory, 1188 * but there may be other hard links. The soft 1189 * dependency code will arrange to do these operations 1190 * after the parent directory entry has been deleted on 1191 * disk, so when running with that code we avoid doing 1192 * them now. 1193 */ 1194 if (!newparent) { 1195 dp->i_nlink--; 1196 DIP_SET(dp, i_nlink, dp->i_nlink); 1197 dp->i_flag |= IN_CHANGE; 1198 } 1199 xp->i_nlink--; 1200 DIP_SET(xp, i_nlink, xp->i_nlink); 1201 xp->i_flag |= IN_CHANGE; 1202 ioflag = IO_NORMAL; 1203 if (DOINGASYNC(tvp)) 1204 ioflag |= IO_SYNC; 1205 if ((error = UFS_TRUNCATE(tvp, (off_t)0, ioflag, 1206 tcnp->cn_cred, tcnp->cn_thread)) != 0) 1207 goto bad; 1208 } 1209 vput(tdvp); 1210 vput(tvp); 1211 xp = NULL; 1212 } 1213 1214 /* 1215 * 3) Unlink the source. 1216 */ 1217 fcnp->cn_flags &= ~MODMASK; 1218 fcnp->cn_flags |= LOCKPARENT | LOCKLEAF; 1219 if ((fcnp->cn_flags & SAVESTART) == 0) 1220 panic("ufs_rename: lost from startdir"); 1221 VREF(fdvp); 1222 error = relookup(fdvp, &fvp, fcnp); 1223 if (error == 0) 1224 vrele(fdvp); 1225 if (fvp != NULL) { 1226 xp = VTOI(fvp); 1227 dp = VTOI(fdvp); 1228 } else { 1229 /* 1230 * From name has disappeared. IN_RENAME is not sufficient 1231 * to protect against directory races due to timing windows, 1232 * so we have to remove the panic. XXX the only real way 1233 * to solve this issue is at a much higher level. By the 1234 * time we hit ufs_rename() it's too late. 1235 */ 1236 #if 0 1237 if (doingdirectory) 1238 panic("ufs_rename: lost dir entry"); 1239 #endif 1240 vrele(ap->a_fvp); 1241 return (0); 1242 } 1243 /* 1244 * Ensure that the directory entry still exists and has not 1245 * changed while the new name has been entered. If the source is 1246 * a file then the entry may have been unlinked or renamed. In 1247 * either case there is no further work to be done. If the source 1248 * is a directory then it cannot have been rmdir'ed; the IN_RENAME 1249 * flag ensures that it cannot be moved by another rename or removed 1250 * by a rmdir. 1251 */ 1252 if (xp != ip) { 1253 /* 1254 * From name resolves to a different inode. IN_RENAME is 1255 * not sufficient protection against timing window races 1256 * so we can't panic here. XXX the only real way 1257 * to solve this issue is at a much higher level. By the 1258 * time we hit ufs_rename() it's too late. 1259 */ 1260 #if 0 1261 if (doingdirectory) 1262 panic("ufs_rename: lost dir entry"); 1263 #endif 1264 } else { 1265 /* 1266 * If the source is a directory with a 1267 * new parent, the link count of the old 1268 * parent directory must be decremented 1269 * and ".." set to point to the new parent. 1270 */ 1271 if (doingdirectory && newparent) { 1272 xp->i_offset = mastertemplate.dot_reclen; 1273 ufs_dirrewrite(xp, dp, newparent, DT_DIR, 0); 1274 cache_purge(fdvp); 1275 } 1276 error = ufs_dirremove(fdvp, xp, fcnp->cn_flags, 0); 1277 xp->i_flag &= ~IN_RENAME; 1278 } 1279 if (dp) 1280 vput(fdvp); 1281 if (xp) 1282 vput(fvp); 1283 vrele(ap->a_fvp); 1284 return (error); 1285 1286 bad: 1287 if (xp) 1288 vput(ITOV(xp)); 1289 vput(ITOV(dp)); 1290 out: 1291 if (doingdirectory) 1292 ip->i_flag &= ~IN_RENAME; 1293 if (vn_lock(fvp, LK_EXCLUSIVE, td) == 0) { 1294 ip->i_effnlink--; 1295 ip->i_nlink--; 1296 DIP_SET(ip, i_nlink, ip->i_nlink); 1297 ip->i_flag |= IN_CHANGE; 1298 ip->i_flag &= ~IN_RENAME; 1299 if (DOINGSOFTDEP(fvp)) 1300 softdep_change_linkcnt(ip); 1301 vput(fvp); 1302 } else 1303 vrele(fvp); 1304 return (error); 1305 } 1306 1307 /* 1308 * Mkdir system call 1309 */ 1310 static int 1311 ufs_mkdir(ap) 1312 struct vop_mkdir_args /* { 1313 struct vnode *a_dvp; 1314 struct vnode **a_vpp; 1315 struct componentname *a_cnp; 1316 struct vattr *a_vap; 1317 } */ *ap; 1318 { 1319 struct vnode *dvp = ap->a_dvp; 1320 struct vattr *vap = ap->a_vap; 1321 struct componentname *cnp = ap->a_cnp; 1322 struct inode *ip, *dp; 1323 struct vnode *tvp; 1324 struct buf *bp; 1325 struct dirtemplate dirtemplate, *dtp; 1326 struct direct newdir; 1327 #ifdef UFS_ACL 1328 struct acl *acl, *dacl; 1329 #endif 1330 int error, dmode; 1331 long blkoff; 1332 1333 #ifdef DIAGNOSTIC 1334 if ((cnp->cn_flags & HASBUF) == 0) 1335 panic("ufs_mkdir: no name"); 1336 #endif 1337 dp = VTOI(dvp); 1338 if ((nlink_t)dp->i_nlink >= LINK_MAX) { 1339 error = EMLINK; 1340 goto out; 1341 } 1342 dmode = vap->va_mode & 0777; 1343 dmode |= IFDIR; 1344 /* 1345 * Must simulate part of ufs_makeinode here to acquire the inode, 1346 * but not have it entered in the parent directory. The entry is 1347 * made later after writing "." and ".." entries. 1348 */ 1349 error = UFS_VALLOC(dvp, dmode, cnp->cn_cred, &tvp); 1350 if (error) 1351 goto out; 1352 ip = VTOI(tvp); 1353 ip->i_gid = dp->i_gid; 1354 DIP_SET(ip, i_gid, dp->i_gid); 1355 #ifdef SUIDDIR 1356 { 1357 #ifdef QUOTA 1358 struct ucred ucred, *ucp; 1359 ucp = cnp->cn_cred; 1360 #endif 1361 /* 1362 * If we are hacking owners here, (only do this where told to) 1363 * and we are not giving it TO root, (would subvert quotas) 1364 * then go ahead and give it to the other user. 1365 * The new directory also inherits the SUID bit. 1366 * If user's UID and dir UID are the same, 1367 * 'give it away' so that the SUID is still forced on. 1368 */ 1369 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) && 1370 (dp->i_mode & ISUID) && dp->i_uid) { 1371 dmode |= ISUID; 1372 ip->i_uid = dp->i_uid; 1373 DIP_SET(ip, i_uid, dp->i_uid); 1374 #ifdef QUOTA 1375 if (dp->i_uid != cnp->cn_cred->cr_uid) { 1376 /* 1377 * Make sure the correct user gets charged 1378 * for the space. 1379 * Make a dummy credential for the victim. 1380 * XXX This seems to never be accessed out of 1381 * our context so a stack variable is ok. 1382 */ 1383 ucred.cr_ref = 1; 1384 ucred.cr_uid = ip->i_uid; 1385 ucred.cr_ngroups = 1; 1386 ucred.cr_groups[0] = dp->i_gid; 1387 ucp = &ucred; 1388 } 1389 #endif 1390 } else { 1391 ip->i_uid = cnp->cn_cred->cr_uid; 1392 DIP_SET(ip, i_uid, ip->i_uid); 1393 } 1394 #ifdef QUOTA 1395 if ((error = getinoquota(ip)) || 1396 (error = chkiq(ip, 1, ucp, 0))) { 1397 UFS_VFREE(tvp, ip->i_number, dmode); 1398 vput(tvp); 1399 return (error); 1400 } 1401 #endif 1402 } 1403 #else /* !SUIDDIR */ 1404 ip->i_uid = cnp->cn_cred->cr_uid; 1405 DIP_SET(ip, i_uid, ip->i_uid); 1406 #ifdef QUOTA 1407 if ((error = getinoquota(ip)) || 1408 (error = chkiq(ip, 1, cnp->cn_cred, 0))) { 1409 UFS_VFREE(tvp, ip->i_number, dmode); 1410 vput(tvp); 1411 return (error); 1412 } 1413 #endif 1414 #endif /* !SUIDDIR */ 1415 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE; 1416 #ifdef UFS_ACL 1417 acl = dacl = NULL; 1418 if ((dvp->v_mount->mnt_flag & MNT_ACLS) != 0) { 1419 acl = uma_zalloc(acl_zone, M_WAITOK); 1420 dacl = uma_zalloc(acl_zone, M_WAITOK); 1421 1422 /* 1423 * Retrieve default ACL from parent, if any. 1424 */ 1425 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cnp->cn_cred, 1426 cnp->cn_thread); 1427 switch (error) { 1428 case 0: 1429 /* 1430 * Retrieved a default ACL, so merge mode and ACL if 1431 * necessary. If the ACL is empty, fall through to 1432 * the "not defined or available" case. 1433 */ 1434 if (acl->acl_cnt != 0) { 1435 dmode = acl_posix1e_newfilemode(dmode, acl); 1436 ip->i_mode = dmode; 1437 DIP_SET(ip, i_mode, dmode); 1438 *dacl = *acl; 1439 ufs_sync_acl_from_inode(ip, acl); 1440 break; 1441 } 1442 /* FALLTHROUGH */ 1443 1444 case EOPNOTSUPP: 1445 /* 1446 * Just use the mode as-is. 1447 */ 1448 ip->i_mode = dmode; 1449 DIP_SET(ip, i_mode, dmode); 1450 uma_zfree(acl_zone, acl); 1451 uma_zfree(acl_zone, dacl); 1452 dacl = acl = NULL; 1453 break; 1454 1455 default: 1456 UFS_VFREE(tvp, ip->i_number, dmode); 1457 vput(tvp); 1458 uma_zfree(acl_zone, acl); 1459 uma_zfree(acl_zone, dacl); 1460 return (error); 1461 } 1462 } else { 1463 #endif /* !UFS_ACL */ 1464 ip->i_mode = dmode; 1465 DIP_SET(ip, i_mode, dmode); 1466 #ifdef UFS_ACL 1467 } 1468 #endif 1469 tvp->v_type = VDIR; /* Rest init'd in getnewvnode(). */ 1470 ip->i_effnlink = 2; 1471 ip->i_nlink = 2; 1472 DIP_SET(ip, i_nlink, 2); 1473 if (DOINGSOFTDEP(tvp)) 1474 softdep_change_linkcnt(ip); 1475 if (cnp->cn_flags & ISWHITEOUT) { 1476 ip->i_flags |= UF_OPAQUE; 1477 DIP_SET(ip, i_flags, ip->i_flags); 1478 } 1479 1480 /* 1481 * Bump link count in parent directory to reflect work done below. 1482 * Should be done before reference is created so cleanup is 1483 * possible if we crash. 1484 */ 1485 dp->i_effnlink++; 1486 dp->i_nlink++; 1487 DIP_SET(dp, i_nlink, dp->i_nlink); 1488 dp->i_flag |= IN_CHANGE; 1489 if (DOINGSOFTDEP(dvp)) 1490 softdep_change_linkcnt(dp); 1491 error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(dvp) | DOINGASYNC(dvp))); 1492 if (error) 1493 goto bad; 1494 #ifdef MAC 1495 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) { 1496 error = mac_create_vnode_extattr(cnp->cn_cred, dvp->v_mount, 1497 dvp, tvp, cnp); 1498 if (error) 1499 goto bad; 1500 } 1501 #endif 1502 #ifdef UFS_ACL 1503 if (acl != NULL) { 1504 /* 1505 * XXX: If we abort now, will Soft Updates notify the extattr 1506 * code that the EAs for the file need to be released? 1507 */ 1508 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cnp->cn_cred, 1509 cnp->cn_thread); 1510 if (error == 0) 1511 error = VOP_SETACL(tvp, ACL_TYPE_DEFAULT, dacl, 1512 cnp->cn_cred, cnp->cn_thread); 1513 switch (error) { 1514 case 0: 1515 break; 1516 1517 case EOPNOTSUPP: 1518 /* 1519 * XXX: This should not happen, as EOPNOTSUPP above 1520 * was supposed to free acl. 1521 */ 1522 printf("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()\n"); 1523 /* 1524 panic("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()"); 1525 */ 1526 break; 1527 1528 default: 1529 uma_zfree(acl_zone, acl); 1530 uma_zfree(acl_zone, dacl); 1531 dacl = acl = NULL; 1532 goto bad; 1533 } 1534 uma_zfree(acl_zone, acl); 1535 uma_zfree(acl_zone, dacl); 1536 dacl = acl = NULL; 1537 } 1538 #endif /* !UFS_ACL */ 1539 1540 /* 1541 * Initialize directory with "." and ".." from static template. 1542 */ 1543 if (dvp->v_mount->mnt_maxsymlinklen > 0) 1544 dtp = &mastertemplate; 1545 else 1546 dtp = (struct dirtemplate *)&omastertemplate; 1547 dirtemplate = *dtp; 1548 dirtemplate.dot_ino = ip->i_number; 1549 dirtemplate.dotdot_ino = dp->i_number; 1550 if ((error = UFS_BALLOC(tvp, (off_t)0, DIRBLKSIZ, cnp->cn_cred, 1551 BA_CLRBUF, &bp)) != 0) 1552 goto bad; 1553 ip->i_size = DIRBLKSIZ; 1554 DIP_SET(ip, i_size, DIRBLKSIZ); 1555 ip->i_flag |= IN_CHANGE | IN_UPDATE; 1556 vnode_pager_setsize(tvp, (u_long)ip->i_size); 1557 bcopy((caddr_t)&dirtemplate, (caddr_t)bp->b_data, sizeof dirtemplate); 1558 if (DOINGSOFTDEP(tvp)) { 1559 /* 1560 * Ensure that the entire newly allocated block is a 1561 * valid directory so that future growth within the 1562 * block does not have to ensure that the block is 1563 * written before the inode. 1564 */ 1565 blkoff = DIRBLKSIZ; 1566 while (blkoff < bp->b_bcount) { 1567 ((struct direct *) 1568 (bp->b_data + blkoff))->d_reclen = DIRBLKSIZ; 1569 blkoff += DIRBLKSIZ; 1570 } 1571 } 1572 if ((error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(tvp) | 1573 DOINGASYNC(tvp)))) != 0) { 1574 (void)bwrite(bp); 1575 goto bad; 1576 } 1577 /* 1578 * Directory set up, now install its entry in the parent directory. 1579 * 1580 * If we are not doing soft dependencies, then we must write out the 1581 * buffer containing the new directory body before entering the new 1582 * name in the parent. If we are doing soft dependencies, then the 1583 * buffer containing the new directory body will be passed to and 1584 * released in the soft dependency code after the code has attached 1585 * an appropriate ordering dependency to the buffer which ensures that 1586 * the buffer is written before the new name is written in the parent. 1587 */ 1588 if (DOINGASYNC(dvp)) 1589 bdwrite(bp); 1590 else if (!DOINGSOFTDEP(dvp) && ((error = bwrite(bp)))) 1591 goto bad; 1592 ufs_makedirentry(ip, cnp, &newdir); 1593 error = ufs_direnter(dvp, tvp, &newdir, cnp, bp); 1594 1595 bad: 1596 if (error == 0) { 1597 *ap->a_vpp = tvp; 1598 } else { 1599 #ifdef UFS_ACL 1600 if (acl != NULL) 1601 uma_zfree(acl_zone, acl); 1602 if (dacl != NULL) 1603 uma_zfree(acl_zone, dacl); 1604 #endif 1605 dp->i_effnlink--; 1606 dp->i_nlink--; 1607 DIP_SET(dp, i_nlink, dp->i_nlink); 1608 dp->i_flag |= IN_CHANGE; 1609 if (DOINGSOFTDEP(dvp)) 1610 softdep_change_linkcnt(dp); 1611 /* 1612 * No need to do an explicit VOP_TRUNCATE here, vrele will 1613 * do this for us because we set the link count to 0. 1614 */ 1615 ip->i_effnlink = 0; 1616 ip->i_nlink = 0; 1617 DIP_SET(ip, i_nlink, 0); 1618 ip->i_flag |= IN_CHANGE; 1619 if (DOINGSOFTDEP(tvp)) 1620 softdep_change_linkcnt(ip); 1621 vput(tvp); 1622 } 1623 out: 1624 return (error); 1625 } 1626 1627 /* 1628 * Rmdir system call. 1629 */ 1630 static int 1631 ufs_rmdir(ap) 1632 struct vop_rmdir_args /* { 1633 struct vnode *a_dvp; 1634 struct vnode *a_vp; 1635 struct componentname *a_cnp; 1636 } */ *ap; 1637 { 1638 struct vnode *vp = ap->a_vp; 1639 struct vnode *dvp = ap->a_dvp; 1640 struct componentname *cnp = ap->a_cnp; 1641 struct inode *ip, *dp; 1642 int error, ioflag; 1643 1644 ip = VTOI(vp); 1645 dp = VTOI(dvp); 1646 1647 /* 1648 * Do not remove a directory that is in the process of being renamed. 1649 * Verify the directory is empty (and valid). Rmdir ".." will not be 1650 * valid since ".." will contain a reference to the current directory 1651 * and thus be non-empty. Do not allow the removal of mounted on 1652 * directories (this can happen when an NFS exported filesystem 1653 * tries to remove a locally mounted on directory). 1654 */ 1655 error = 0; 1656 if ((ip->i_flag & IN_RENAME) || ip->i_effnlink < 2) { 1657 error = EINVAL; 1658 goto out; 1659 } 1660 if (!ufs_dirempty(ip, dp->i_number, cnp->cn_cred)) { 1661 error = ENOTEMPTY; 1662 goto out; 1663 } 1664 if ((dp->i_flags & APPEND) 1665 || (ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))) { 1666 error = EPERM; 1667 goto out; 1668 } 1669 if (vp->v_mountedhere != 0) { 1670 error = EINVAL; 1671 goto out; 1672 } 1673 /* 1674 * Delete reference to directory before purging 1675 * inode. If we crash in between, the directory 1676 * will be reattached to lost+found, 1677 */ 1678 dp->i_effnlink--; 1679 ip->i_effnlink--; 1680 if (DOINGSOFTDEP(vp)) { 1681 softdep_change_linkcnt(dp); 1682 softdep_change_linkcnt(ip); 1683 } 1684 error = ufs_dirremove(dvp, ip, cnp->cn_flags, 1); 1685 if (error) { 1686 dp->i_effnlink++; 1687 ip->i_effnlink++; 1688 if (DOINGSOFTDEP(vp)) { 1689 softdep_change_linkcnt(dp); 1690 softdep_change_linkcnt(ip); 1691 } 1692 goto out; 1693 } 1694 cache_purge(dvp); 1695 /* 1696 * Truncate inode. The only stuff left in the directory is "." and 1697 * "..". The "." reference is inconsequential since we are quashing 1698 * it. The soft dependency code will arrange to do these operations 1699 * after the parent directory entry has been deleted on disk, so 1700 * when running with that code we avoid doing them now. 1701 */ 1702 if (!DOINGSOFTDEP(vp)) { 1703 dp->i_nlink--; 1704 DIP_SET(dp, i_nlink, dp->i_nlink); 1705 dp->i_flag |= IN_CHANGE; 1706 ip->i_nlink--; 1707 DIP_SET(ip, i_nlink, ip->i_nlink); 1708 ip->i_flag |= IN_CHANGE; 1709 ioflag = IO_NORMAL; 1710 if (DOINGASYNC(vp)) 1711 ioflag |= IO_SYNC; 1712 error = UFS_TRUNCATE(vp, (off_t)0, ioflag, cnp->cn_cred, 1713 cnp->cn_thread); 1714 } 1715 cache_purge(vp); 1716 #ifdef UFS_DIRHASH 1717 /* Kill any active hash; i_effnlink == 0, so it will not come back. */ 1718 if (ip->i_dirhash != NULL) 1719 ufsdirhash_free(ip); 1720 #endif 1721 out: 1722 return (error); 1723 } 1724 1725 /* 1726 * symlink -- make a symbolic link 1727 */ 1728 static int 1729 ufs_symlink(ap) 1730 struct vop_symlink_args /* { 1731 struct vnode *a_dvp; 1732 struct vnode **a_vpp; 1733 struct componentname *a_cnp; 1734 struct vattr *a_vap; 1735 char *a_target; 1736 } */ *ap; 1737 { 1738 struct vnode *vp, **vpp = ap->a_vpp; 1739 struct inode *ip; 1740 int len, error; 1741 1742 error = ufs_makeinode(IFLNK | ap->a_vap->va_mode, ap->a_dvp, 1743 vpp, ap->a_cnp); 1744 if (error) 1745 return (error); 1746 vp = *vpp; 1747 len = strlen(ap->a_target); 1748 if (len < vp->v_mount->mnt_maxsymlinklen) { 1749 ip = VTOI(vp); 1750 bcopy(ap->a_target, SHORTLINK(ip), len); 1751 ip->i_size = len; 1752 DIP_SET(ip, i_size, len); 1753 ip->i_flag |= IN_CHANGE | IN_UPDATE; 1754 } else 1755 error = vn_rdwr(UIO_WRITE, vp, ap->a_target, len, (off_t)0, 1756 UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK, 1757 ap->a_cnp->cn_cred, NOCRED, (int *)0, (struct thread *)0); 1758 if (error) 1759 vput(vp); 1760 return (error); 1761 } 1762 1763 /* 1764 * Vnode op for reading directories. 1765 * 1766 * The routine below assumes that the on-disk format of a directory 1767 * is the same as that defined by <sys/dirent.h>. If the on-disk 1768 * format changes, then it will be necessary to do a conversion 1769 * from the on-disk format that read returns to the format defined 1770 * by <sys/dirent.h>. 1771 */ 1772 int 1773 ufs_readdir(ap) 1774 struct vop_readdir_args /* { 1775 struct vnode *a_vp; 1776 struct uio *a_uio; 1777 struct ucred *a_cred; 1778 int *a_eofflag; 1779 int *ncookies; 1780 u_long **a_cookies; 1781 } */ *ap; 1782 { 1783 struct uio *uio = ap->a_uio; 1784 int error; 1785 size_t count, lost; 1786 off_t off; 1787 1788 if (ap->a_ncookies != NULL) 1789 /* 1790 * Ensure that the block is aligned. The caller can use 1791 * the cookies to determine where in the block to start. 1792 */ 1793 uio->uio_offset &= ~(DIRBLKSIZ - 1); 1794 off = uio->uio_offset; 1795 count = uio->uio_resid; 1796 /* Make sure we don't return partial entries. */ 1797 if (count <= ((uio->uio_offset + count) & (DIRBLKSIZ -1))) 1798 return (EINVAL); 1799 count -= (uio->uio_offset + count) & (DIRBLKSIZ -1); 1800 lost = uio->uio_resid - count; 1801 uio->uio_resid = count; 1802 uio->uio_iov->iov_len = count; 1803 # if (BYTE_ORDER == LITTLE_ENDIAN) 1804 if (ap->a_vp->v_mount->mnt_maxsymlinklen > 0) { 1805 error = VOP_READ(ap->a_vp, uio, 0, ap->a_cred); 1806 } else { 1807 struct dirent *dp, *edp; 1808 struct uio auio; 1809 struct iovec aiov; 1810 caddr_t dirbuf; 1811 int readcnt; 1812 u_char tmp; 1813 1814 auio = *uio; 1815 auio.uio_iov = &aiov; 1816 auio.uio_iovcnt = 1; 1817 auio.uio_segflg = UIO_SYSSPACE; 1818 aiov.iov_len = count; 1819 MALLOC(dirbuf, caddr_t, count, M_TEMP, M_WAITOK); 1820 aiov.iov_base = dirbuf; 1821 error = VOP_READ(ap->a_vp, &auio, 0, ap->a_cred); 1822 if (error == 0) { 1823 readcnt = count - auio.uio_resid; 1824 edp = (struct dirent *)&dirbuf[readcnt]; 1825 for (dp = (struct dirent *)dirbuf; dp < edp; ) { 1826 tmp = dp->d_namlen; 1827 dp->d_namlen = dp->d_type; 1828 dp->d_type = tmp; 1829 if (dp->d_reclen > 0) { 1830 dp = (struct dirent *) 1831 ((char *)dp + dp->d_reclen); 1832 } else { 1833 error = EIO; 1834 break; 1835 } 1836 } 1837 if (dp >= edp) 1838 error = uiomove(dirbuf, readcnt, uio); 1839 } 1840 FREE(dirbuf, M_TEMP); 1841 } 1842 # else 1843 error = VOP_READ(ap->a_vp, uio, 0, ap->a_cred); 1844 # endif 1845 if (!error && ap->a_ncookies != NULL) { 1846 struct dirent* dpStart; 1847 struct dirent* dpEnd; 1848 struct dirent* dp; 1849 int ncookies; 1850 u_long *cookies; 1851 u_long *cookiep; 1852 1853 if (uio->uio_segflg != UIO_SYSSPACE || uio->uio_iovcnt != 1) 1854 panic("ufs_readdir: unexpected uio from NFS server"); 1855 dpStart = (struct dirent *) 1856 ((char *)uio->uio_iov->iov_base - (uio->uio_offset - off)); 1857 dpEnd = (struct dirent *) uio->uio_iov->iov_base; 1858 for (dp = dpStart, ncookies = 0; 1859 dp < dpEnd; 1860 dp = (struct dirent *)((caddr_t) dp + dp->d_reclen)) 1861 ncookies++; 1862 MALLOC(cookies, u_long *, ncookies * sizeof(u_long), M_TEMP, 1863 M_WAITOK); 1864 for (dp = dpStart, cookiep = cookies; 1865 dp < dpEnd; 1866 dp = (struct dirent *)((caddr_t) dp + dp->d_reclen)) { 1867 off += dp->d_reclen; 1868 *cookiep++ = (u_long) off; 1869 } 1870 *ap->a_ncookies = ncookies; 1871 *ap->a_cookies = cookies; 1872 } 1873 uio->uio_resid += lost; 1874 if (ap->a_eofflag) 1875 *ap->a_eofflag = VTOI(ap->a_vp)->i_size <= uio->uio_offset; 1876 return (error); 1877 } 1878 1879 /* 1880 * Return target name of a symbolic link 1881 */ 1882 static int 1883 ufs_readlink(ap) 1884 struct vop_readlink_args /* { 1885 struct vnode *a_vp; 1886 struct uio *a_uio; 1887 struct ucred *a_cred; 1888 } */ *ap; 1889 { 1890 struct vnode *vp = ap->a_vp; 1891 struct inode *ip = VTOI(vp); 1892 doff_t isize; 1893 1894 isize = ip->i_size; 1895 if ((isize < vp->v_mount->mnt_maxsymlinklen) || 1896 DIP(ip, i_blocks) == 0) { /* XXX - for old fastlink support */ 1897 return (uiomove(SHORTLINK(ip), isize, ap->a_uio)); 1898 } 1899 return (VOP_READ(vp, ap->a_uio, 0, ap->a_cred)); 1900 } 1901 1902 /* 1903 * Calculate the logical to physical mapping if not done already, 1904 * then call the device strategy routine. 1905 * 1906 * In order to be able to swap to a file, the ufs_bmaparray() operation may not 1907 * deadlock on memory. See ufs_bmap() for details. 1908 */ 1909 static int 1910 ufs_strategy(ap) 1911 struct vop_strategy_args /* { 1912 struct vnode *a_vp; 1913 struct buf *a_bp; 1914 } */ *ap; 1915 { 1916 struct buf *bp = ap->a_bp; 1917 struct vnode *vp = ap->a_vp; 1918 struct bufobj *bo; 1919 struct inode *ip; 1920 ufs2_daddr_t blkno; 1921 int error; 1922 1923 ip = VTOI(vp); 1924 if (bp->b_blkno == bp->b_lblkno) { 1925 error = ufs_bmaparray(vp, bp->b_lblkno, &blkno, bp, NULL, NULL); 1926 bp->b_blkno = blkno; 1927 if (error) { 1928 bp->b_error = error; 1929 bp->b_ioflags |= BIO_ERROR; 1930 bufdone(bp); 1931 return (error); 1932 } 1933 if ((long)bp->b_blkno == -1) 1934 vfs_bio_clrbuf(bp); 1935 } 1936 if ((long)bp->b_blkno == -1) { 1937 bufdone(bp); 1938 return (0); 1939 } 1940 bp->b_iooffset = dbtob(bp->b_blkno); 1941 bo = ip->i_umbufobj; 1942 BO_STRATEGY(bo, bp); 1943 return (0); 1944 } 1945 1946 /* 1947 * Print out the contents of an inode. 1948 */ 1949 static int 1950 ufs_print(ap) 1951 struct vop_print_args /* { 1952 struct vnode *a_vp; 1953 } */ *ap; 1954 { 1955 struct vnode *vp = ap->a_vp; 1956 struct inode *ip = VTOI(vp); 1957 1958 printf("\tino %lu, on dev %s", (u_long)ip->i_number, 1959 devtoname(ip->i_dev)); 1960 if (vp->v_type == VFIFO) 1961 fifo_printinfo(vp); 1962 printf("\n"); 1963 return (0); 1964 } 1965 1966 /* 1967 * Close wrapper for fifos. 1968 * 1969 * Update the times on the inode then do device close. 1970 */ 1971 static int 1972 ufsfifo_close(ap) 1973 struct vop_close_args /* { 1974 struct vnode *a_vp; 1975 int a_fflag; 1976 struct ucred *a_cred; 1977 struct thread *a_td; 1978 } */ *ap; 1979 { 1980 struct vnode *vp = ap->a_vp; 1981 1982 VI_LOCK(vp); 1983 if (vp->v_usecount > 1) 1984 ufs_itimes(vp); 1985 VI_UNLOCK(vp); 1986 return (fifo_specops.vop_close(ap)); 1987 } 1988 1989 /* 1990 * Kqfilter wrapper for fifos. 1991 * 1992 * Fall through to ufs kqfilter routines if needed 1993 */ 1994 static int 1995 ufsfifo_kqfilter(ap) 1996 struct vop_kqfilter_args *ap; 1997 { 1998 int error; 1999 2000 error = fifo_specops.vop_kqfilter(ap); 2001 if (error) 2002 error = vfs_kqfilter(ap); 2003 return (error); 2004 } 2005 2006 /* 2007 * Return POSIX pathconf information applicable to ufs filesystems. 2008 */ 2009 static int 2010 ufs_pathconf(ap) 2011 struct vop_pathconf_args /* { 2012 struct vnode *a_vp; 2013 int a_name; 2014 int *a_retval; 2015 } */ *ap; 2016 { 2017 int error; 2018 2019 error = 0; 2020 switch (ap->a_name) { 2021 case _PC_LINK_MAX: 2022 *ap->a_retval = LINK_MAX; 2023 break; 2024 case _PC_NAME_MAX: 2025 *ap->a_retval = NAME_MAX; 2026 break; 2027 case _PC_PATH_MAX: 2028 *ap->a_retval = PATH_MAX; 2029 break; 2030 case _PC_PIPE_BUF: 2031 *ap->a_retval = PIPE_BUF; 2032 break; 2033 case _PC_CHOWN_RESTRICTED: 2034 *ap->a_retval = 1; 2035 break; 2036 case _PC_NO_TRUNC: 2037 *ap->a_retval = 1; 2038 break; 2039 case _PC_ACL_EXTENDED: 2040 #ifdef UFS_ACL 2041 if (ap->a_vp->v_mount->mnt_flag & MNT_ACLS) 2042 *ap->a_retval = 1; 2043 else 2044 *ap->a_retval = 0; 2045 #else 2046 *ap->a_retval = 0; 2047 #endif 2048 break; 2049 case _PC_ACL_PATH_MAX: 2050 #ifdef UFS_ACL 2051 if (ap->a_vp->v_mount->mnt_flag & MNT_ACLS) 2052 *ap->a_retval = ACL_MAX_ENTRIES; 2053 else 2054 *ap->a_retval = 3; 2055 #else 2056 *ap->a_retval = 3; 2057 #endif 2058 break; 2059 case _PC_MAC_PRESENT: 2060 #ifdef MAC 2061 if (ap->a_vp->v_mount->mnt_flag & MNT_MULTILABEL) 2062 *ap->a_retval = 1; 2063 else 2064 *ap->a_retval = 0; 2065 #else 2066 *ap->a_retval = 0; 2067 #endif 2068 break; 2069 case _PC_ASYNC_IO: 2070 /* _PC_ASYNC_IO should have been handled by upper layers. */ 2071 KASSERT(0, ("_PC_ASYNC_IO should not get here")); 2072 error = EINVAL; 2073 break; 2074 case _PC_PRIO_IO: 2075 *ap->a_retval = 0; 2076 break; 2077 case _PC_SYNC_IO: 2078 *ap->a_retval = 0; 2079 break; 2080 case _PC_ALLOC_SIZE_MIN: 2081 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_bsize; 2082 break; 2083 case _PC_FILESIZEBITS: 2084 *ap->a_retval = 64; 2085 break; 2086 case _PC_REC_INCR_XFER_SIZE: 2087 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2088 break; 2089 case _PC_REC_MAX_XFER_SIZE: 2090 *ap->a_retval = -1; /* means ``unlimited'' */ 2091 break; 2092 case _PC_REC_MIN_XFER_SIZE: 2093 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2094 break; 2095 case _PC_REC_XFER_ALIGN: 2096 *ap->a_retval = PAGE_SIZE; 2097 break; 2098 case _PC_SYMLINK_MAX: 2099 *ap->a_retval = MAXPATHLEN; 2100 break; 2101 2102 default: 2103 error = EINVAL; 2104 break; 2105 } 2106 return (error); 2107 } 2108 2109 /* 2110 * Advisory record locking support 2111 */ 2112 static int 2113 ufs_advlock(ap) 2114 struct vop_advlock_args /* { 2115 struct vnode *a_vp; 2116 caddr_t a_id; 2117 int a_op; 2118 struct flock *a_fl; 2119 int a_flags; 2120 } */ *ap; 2121 { 2122 struct inode *ip = VTOI(ap->a_vp); 2123 2124 return (lf_advlock(ap, &(ip->i_lockf), ip->i_size)); 2125 } 2126 2127 /* 2128 * Initialize the vnode associated with a new inode, handle aliased 2129 * vnodes. 2130 */ 2131 int 2132 ufs_vinit(mntp, fifoops, vpp) 2133 struct mount *mntp; 2134 struct vop_vector *fifoops; 2135 struct vnode **vpp; 2136 { 2137 struct inode *ip; 2138 struct vnode *vp; 2139 2140 vp = *vpp; 2141 ip = VTOI(vp); 2142 vp->v_type = IFTOVT(ip->i_mode); 2143 if (vp->v_type == VFIFO) 2144 vp->v_op = fifoops; 2145 ASSERT_VOP_LOCKED(vp, "ufs_vinit"); 2146 if (ip->i_number == ROOTINO) 2147 vp->v_vflag |= VV_ROOT; 2148 ip->i_modrev = init_va_filerev(); 2149 *vpp = vp; 2150 return (0); 2151 } 2152 2153 /* 2154 * Allocate a new inode. 2155 * Vnode dvp must be locked. 2156 */ 2157 static int 2158 ufs_makeinode(mode, dvp, vpp, cnp) 2159 int mode; 2160 struct vnode *dvp; 2161 struct vnode **vpp; 2162 struct componentname *cnp; 2163 { 2164 struct inode *ip, *pdir; 2165 struct direct newdir; 2166 struct vnode *tvp; 2167 #ifdef UFS_ACL 2168 struct acl *acl; 2169 #endif 2170 int error; 2171 2172 pdir = VTOI(dvp); 2173 #ifdef DIAGNOSTIC 2174 if ((cnp->cn_flags & HASBUF) == 0) 2175 panic("ufs_makeinode: no name"); 2176 #endif 2177 *vpp = NULL; 2178 if ((mode & IFMT) == 0) 2179 mode |= IFREG; 2180 2181 error = UFS_VALLOC(dvp, mode, cnp->cn_cred, &tvp); 2182 if (error) 2183 return (error); 2184 ip = VTOI(tvp); 2185 ip->i_gid = pdir->i_gid; 2186 DIP_SET(ip, i_gid, pdir->i_gid); 2187 #ifdef SUIDDIR 2188 { 2189 #ifdef QUOTA 2190 struct ucred ucred, *ucp; 2191 ucp = cnp->cn_cred; 2192 #endif 2193 /* 2194 * If we are not the owner of the directory, 2195 * and we are hacking owners here, (only do this where told to) 2196 * and we are not giving it TO root, (would subvert quotas) 2197 * then go ahead and give it to the other user. 2198 * Note that this drops off the execute bits for security. 2199 */ 2200 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) && 2201 (pdir->i_mode & ISUID) && 2202 (pdir->i_uid != cnp->cn_cred->cr_uid) && pdir->i_uid) { 2203 ip->i_uid = pdir->i_uid; 2204 DIP_SET(ip, i_uid, ip->i_uid); 2205 mode &= ~07111; 2206 #ifdef QUOTA 2207 /* 2208 * Make sure the correct user gets charged 2209 * for the space. 2210 * Quickly knock up a dummy credential for the victim. 2211 * XXX This seems to never be accessed out of our 2212 * context so a stack variable is ok. 2213 */ 2214 ucred.cr_ref = 1; 2215 ucred.cr_uid = ip->i_uid; 2216 ucred.cr_ngroups = 1; 2217 ucred.cr_groups[0] = pdir->i_gid; 2218 ucp = &ucred; 2219 #endif 2220 } else { 2221 ip->i_uid = cnp->cn_cred->cr_uid; 2222 DIP_SET(ip, i_uid, ip->i_uid); 2223 } 2224 2225 #ifdef QUOTA 2226 if ((error = getinoquota(ip)) || 2227 (error = chkiq(ip, 1, ucp, 0))) { 2228 UFS_VFREE(tvp, ip->i_number, mode); 2229 vput(tvp); 2230 return (error); 2231 } 2232 #endif 2233 } 2234 #else /* !SUIDDIR */ 2235 ip->i_uid = cnp->cn_cred->cr_uid; 2236 DIP_SET(ip, i_uid, ip->i_uid); 2237 #ifdef QUOTA 2238 if ((error = getinoquota(ip)) || 2239 (error = chkiq(ip, 1, cnp->cn_cred, 0))) { 2240 UFS_VFREE(tvp, ip->i_number, mode); 2241 vput(tvp); 2242 return (error); 2243 } 2244 #endif 2245 #endif /* !SUIDDIR */ 2246 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE; 2247 #ifdef UFS_ACL 2248 acl = NULL; 2249 if ((dvp->v_mount->mnt_flag & MNT_ACLS) != 0) { 2250 acl = uma_zalloc(acl_zone, M_WAITOK); 2251 2252 /* 2253 * Retrieve default ACL for parent, if any. 2254 */ 2255 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cnp->cn_cred, 2256 cnp->cn_thread); 2257 switch (error) { 2258 case 0: 2259 /* 2260 * Retrieved a default ACL, so merge mode and ACL if 2261 * necessary. 2262 */ 2263 if (acl->acl_cnt != 0) { 2264 /* 2265 * Two possible ways for default ACL to not 2266 * be present. First, the EA can be 2267 * undefined, or second, the default ACL can 2268 * be blank. If it's blank, fall through to 2269 * the it's not defined case. 2270 */ 2271 mode = acl_posix1e_newfilemode(mode, acl); 2272 ip->i_mode = mode; 2273 DIP_SET(ip, i_mode, mode); 2274 ufs_sync_acl_from_inode(ip, acl); 2275 break; 2276 } 2277 /* FALLTHROUGH */ 2278 2279 case EOPNOTSUPP: 2280 /* 2281 * Just use the mode as-is. 2282 */ 2283 ip->i_mode = mode; 2284 DIP_SET(ip, i_mode, mode); 2285 uma_zfree(acl_zone, acl); 2286 acl = NULL; 2287 break; 2288 2289 default: 2290 UFS_VFREE(tvp, ip->i_number, mode); 2291 vput(tvp); 2292 uma_zfree(acl_zone, acl); 2293 acl = NULL; 2294 return (error); 2295 } 2296 } else { 2297 #endif 2298 ip->i_mode = mode; 2299 DIP_SET(ip, i_mode, mode); 2300 #ifdef UFS_ACL 2301 } 2302 #endif 2303 tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */ 2304 ip->i_effnlink = 1; 2305 ip->i_nlink = 1; 2306 DIP_SET(ip, i_nlink, 1); 2307 if (DOINGSOFTDEP(tvp)) 2308 softdep_change_linkcnt(ip); 2309 if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) && 2310 suser_cred(cnp->cn_cred, SUSER_ALLOWJAIL)) { 2311 ip->i_mode &= ~ISGID; 2312 DIP_SET(ip, i_mode, ip->i_mode); 2313 } 2314 2315 if (cnp->cn_flags & ISWHITEOUT) { 2316 ip->i_flags |= UF_OPAQUE; 2317 DIP_SET(ip, i_flags, ip->i_flags); 2318 } 2319 2320 /* 2321 * Make sure inode goes to disk before directory entry. 2322 */ 2323 error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(tvp) | DOINGASYNC(tvp))); 2324 if (error) 2325 goto bad; 2326 #ifdef MAC 2327 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) { 2328 error = mac_create_vnode_extattr(cnp->cn_cred, dvp->v_mount, 2329 dvp, tvp, cnp); 2330 if (error) 2331 goto bad; 2332 } 2333 #endif 2334 #ifdef UFS_ACL 2335 if (acl != NULL) { 2336 /* 2337 * XXX: If we abort now, will Soft Updates notify the extattr 2338 * code that the EAs for the file need to be released? 2339 */ 2340 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cnp->cn_cred, 2341 cnp->cn_thread); 2342 switch (error) { 2343 case 0: 2344 break; 2345 2346 case EOPNOTSUPP: 2347 /* 2348 * XXX: This should not happen, as EOPNOTSUPP above was 2349 * supposed to free acl. 2350 */ 2351 printf("ufs_makeinode: VOP_GETACL() but no " 2352 "VOP_SETACL()\n"); 2353 /* panic("ufs_makeinode: VOP_GETACL() but no " 2354 "VOP_SETACL()"); */ 2355 break; 2356 2357 default: 2358 uma_zfree(acl_zone, acl); 2359 goto bad; 2360 } 2361 uma_zfree(acl_zone, acl); 2362 } 2363 #endif /* !UFS_ACL */ 2364 ufs_makedirentry(ip, cnp, &newdir); 2365 error = ufs_direnter(dvp, tvp, &newdir, cnp, NULL); 2366 if (error) 2367 goto bad; 2368 *vpp = tvp; 2369 return (0); 2370 2371 bad: 2372 /* 2373 * Write error occurred trying to update the inode 2374 * or the directory so must deallocate the inode. 2375 */ 2376 ip->i_effnlink = 0; 2377 ip->i_nlink = 0; 2378 DIP_SET(ip, i_nlink, 0); 2379 ip->i_flag |= IN_CHANGE; 2380 if (DOINGSOFTDEP(tvp)) 2381 softdep_change_linkcnt(ip); 2382 vput(tvp); 2383 return (error); 2384 } 2385 2386 /* Global vfs data structures for ufs. */ 2387 struct vop_vector ufs_vnodeops = { 2388 .vop_default = &default_vnodeops, 2389 .vop_fsync = VOP_PANIC, 2390 .vop_read = VOP_PANIC, 2391 .vop_reallocblks = VOP_PANIC, 2392 .vop_write = VOP_PANIC, 2393 .vop_access = ufs_access, 2394 .vop_advlock = ufs_advlock, 2395 .vop_bmap = ufs_bmap, 2396 .vop_cachedlookup = ufs_lookup, 2397 .vop_close = ufs_close, 2398 .vop_create = ufs_create, 2399 .vop_getattr = ufs_getattr, 2400 .vop_inactive = ufs_inactive, 2401 .vop_link = ufs_link, 2402 .vop_lookup = vfs_cache_lookup, 2403 .vop_mkdir = ufs_mkdir, 2404 .vop_mknod = ufs_mknod, 2405 .vop_open = ufs_open, 2406 .vop_pathconf = ufs_pathconf, 2407 .vop_poll = vop_stdpoll, 2408 .vop_print = ufs_print, 2409 .vop_readdir = ufs_readdir, 2410 .vop_readlink = ufs_readlink, 2411 .vop_reclaim = ufs_reclaim, 2412 .vop_remove = ufs_remove, 2413 .vop_rename = ufs_rename, 2414 .vop_rmdir = ufs_rmdir, 2415 .vop_setattr = ufs_setattr, 2416 #ifdef MAC 2417 .vop_setlabel = vop_stdsetlabel_ea, 2418 #endif 2419 .vop_strategy = ufs_strategy, 2420 .vop_symlink = ufs_symlink, 2421 .vop_whiteout = ufs_whiteout, 2422 #ifdef UFS_EXTATTR 2423 .vop_getextattr = ufs_getextattr, 2424 .vop_deleteextattr = ufs_deleteextattr, 2425 .vop_setextattr = ufs_setextattr, 2426 #endif 2427 #ifdef UFS_ACL 2428 .vop_getacl = ufs_getacl, 2429 .vop_setacl = ufs_setacl, 2430 .vop_aclcheck = ufs_aclcheck, 2431 #endif 2432 }; 2433 2434 struct vop_vector ufs_fifoops = { 2435 .vop_default = &fifo_specops, 2436 .vop_fsync = VOP_PANIC, 2437 .vop_access = ufs_access, 2438 .vop_close = ufsfifo_close, 2439 .vop_getattr = ufs_getattr, 2440 .vop_inactive = ufs_inactive, 2441 .vop_kqfilter = ufsfifo_kqfilter, 2442 .vop_print = ufs_print, 2443 .vop_read = VOP_PANIC, 2444 .vop_reclaim = ufs_reclaim, 2445 .vop_setattr = ufs_setattr, 2446 #ifdef MAC 2447 .vop_setlabel = vop_stdsetlabel_ea, 2448 #endif 2449 .vop_write = VOP_PANIC, 2450 #ifdef UFS_EXTATTR 2451 .vop_getextattr = ufs_getextattr, 2452 .vop_deleteextattr = ufs_deleteextattr, 2453 .vop_setextattr = ufs_setextattr, 2454 #endif 2455 #ifdef UFS_ACL 2456 .vop_getacl = ufs_getacl, 2457 .vop_setacl = ufs_setacl, 2458 .vop_aclcheck = ufs_aclcheck, 2459 #endif 2460 };
Cache object: 5c5da47f18f76394a2abe725c1245946
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]