1 /*-
2 * Copyright (c) 1982, 1986, 1989, 1993, 1995
3 * The Regents of the University of California. All rights reserved.
4 * (c) UNIX System Laboratories, Inc.
5 * All or some portions of this file are derived from material licensed
6 * to the University of California by American Telephone and Telegraph
7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
8 * the permission of UNIX System Laboratories, Inc.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 4. Neither the name of the University nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *
34 * @(#)ufs_vnops.c 8.27 (Berkeley) 5/27/95
35 */
36
37 #include <sys/cdefs.h>
38 __FBSDID("$FreeBSD: releng/6.2/sys/ufs/ufs/ufs_vnops.c 164062 2006-11-07 16:56:11Z kib $");
39
40 #include "opt_mac.h"
41 #include "opt_quota.h"
42 #include "opt_suiddir.h"
43 #include "opt_ufs.h"
44 #include "opt_ffs.h"
45
46 #include <sys/param.h>
47 #include <sys/systm.h>
48 #include <sys/malloc.h>
49 #include <sys/namei.h>
50 #include <sys/kernel.h>
51 #include <sys/fcntl.h>
52 #include <sys/stat.h>
53 #include <sys/bio.h>
54 #include <sys/buf.h>
55 #include <sys/mount.h>
56 #include <sys/unistd.h>
57 #include <sys/vnode.h>
58 #include <sys/dirent.h>
59 #include <sys/lockf.h>
60 #include <sys/conf.h>
61 #include <sys/acl.h>
62 #include <sys/mac.h>
63 #include <sys/jail.h>
64
65 #include <machine/mutex.h>
66
67 #include <sys/file.h> /* XXX */
68
69 #include <vm/vm.h>
70 #include <vm/vm_extern.h>
71
72 #include <fs/fifofs/fifo.h>
73
74 #include <ufs/ufs/acl.h>
75 #include <ufs/ufs/extattr.h>
76 #include <ufs/ufs/quota.h>
77 #include <ufs/ufs/inode.h>
78 #include <ufs/ufs/dir.h>
79 #include <ufs/ufs/ufsmount.h>
80 #include <ufs/ufs/ufs_extern.h>
81 #ifdef UFS_DIRHASH
82 #include <ufs/ufs/dirhash.h>
83 #endif
84
85 #include <ufs/ffs/ffs_extern.h>
86
87 static vop_access_t ufs_access;
88 static vop_advlock_t ufs_advlock;
89 static int ufs_chmod(struct vnode *, int, struct ucred *, struct thread *);
90 static int ufs_chown(struct vnode *, uid_t, gid_t, struct ucred *, struct thread *);
91 static vop_close_t ufs_close;
92 static vop_create_t ufs_create;
93 static vop_getattr_t ufs_getattr;
94 static vop_link_t ufs_link;
95 static int ufs_makeinode(int mode, struct vnode *, struct vnode **, struct componentname *);
96 static vop_mkdir_t ufs_mkdir;
97 static vop_mknod_t ufs_mknod;
98 static vop_open_t ufs_open;
99 static vop_pathconf_t ufs_pathconf;
100 static vop_print_t ufs_print;
101 static vop_readlink_t ufs_readlink;
102 static vop_remove_t ufs_remove;
103 static vop_rename_t ufs_rename;
104 static vop_rmdir_t ufs_rmdir;
105 static vop_setattr_t ufs_setattr;
106 static vop_strategy_t ufs_strategy;
107 static vop_symlink_t ufs_symlink;
108 static vop_whiteout_t ufs_whiteout;
109 static vop_close_t ufsfifo_close;
110 static vop_kqfilter_t ufsfifo_kqfilter;
111
112 /*
113 * A virgin directory (no blushing please).
114 */
115 static struct dirtemplate mastertemplate = {
116 0, 12, DT_DIR, 1, ".",
117 0, DIRBLKSIZ - 12, DT_DIR, 2, ".."
118 };
119 static struct odirtemplate omastertemplate = {
120 0, 12, 1, ".",
121 0, DIRBLKSIZ - 12, 2, ".."
122 };
123
124 void
125 ufs_itimes(vp)
126 struct vnode *vp;
127 {
128 struct inode *ip;
129 struct timespec ts;
130 int mnt_locked;
131
132 ip = VTOI(vp);
133 mnt_locked = 0;
134 if ((vp->v_mount->mnt_flag & MNT_RDONLY) != 0) {
135 VI_LOCK(vp);
136 goto out;
137 }
138 MNT_ILOCK(vp->v_mount); /* For reading of mnt_kern_flags. */
139 mnt_locked = 1;
140 VI_LOCK(vp);
141 if ((ip->i_flag & (IN_ACCESS | IN_CHANGE | IN_UPDATE)) == 0)
142 goto out_unl;
143
144 if ((vp->v_type == VBLK || vp->v_type == VCHR) && !DOINGSOFTDEP(vp))
145 ip->i_flag |= IN_LAZYMOD;
146 else if (((vp->v_mount->mnt_kern_flag &
147 (MNTK_SUSPENDED | MNTK_SUSPEND)) == 0) ||
148 (ip->i_flag & (IN_CHANGE | IN_UPDATE)))
149 ip->i_flag |= IN_MODIFIED;
150 else if (ip->i_flag & IN_ACCESS)
151 ip->i_flag |= IN_LAZYACCESS;
152 vfs_timestamp(&ts);
153 if (ip->i_flag & IN_ACCESS) {
154 DIP_SET(ip, i_atime, ts.tv_sec);
155 DIP_SET(ip, i_atimensec, ts.tv_nsec);
156 }
157 if (ip->i_flag & IN_UPDATE) {
158 DIP_SET(ip, i_mtime, ts.tv_sec);
159 DIP_SET(ip, i_mtimensec, ts.tv_nsec);
160 ip->i_modrev++;
161 }
162 if (ip->i_flag & IN_CHANGE) {
163 DIP_SET(ip, i_ctime, ts.tv_sec);
164 DIP_SET(ip, i_ctimensec, ts.tv_nsec);
165 }
166
167 out:
168 ip->i_flag &= ~(IN_ACCESS | IN_CHANGE | IN_UPDATE);
169 out_unl:
170 VI_UNLOCK(vp);
171 if (mnt_locked)
172 MNT_IUNLOCK(vp->v_mount);
173 }
174
175 /*
176 * Create a regular file
177 */
178 static int
179 ufs_create(ap)
180 struct vop_create_args /* {
181 struct vnode *a_dvp;
182 struct vnode **a_vpp;
183 struct componentname *a_cnp;
184 struct vattr *a_vap;
185 } */ *ap;
186 {
187 int error;
188
189 error =
190 ufs_makeinode(MAKEIMODE(ap->a_vap->va_type, ap->a_vap->va_mode),
191 ap->a_dvp, ap->a_vpp, ap->a_cnp);
192 if (error)
193 return (error);
194 return (0);
195 }
196
197 /*
198 * Mknod vnode call
199 */
200 /* ARGSUSED */
201 static int
202 ufs_mknod(ap)
203 struct vop_mknod_args /* {
204 struct vnode *a_dvp;
205 struct vnode **a_vpp;
206 struct componentname *a_cnp;
207 struct vattr *a_vap;
208 } */ *ap;
209 {
210 struct vattr *vap = ap->a_vap;
211 struct vnode **vpp = ap->a_vpp;
212 struct inode *ip;
213 ino_t ino;
214 int error;
215
216 error = ufs_makeinode(MAKEIMODE(vap->va_type, vap->va_mode),
217 ap->a_dvp, vpp, ap->a_cnp);
218 if (error)
219 return (error);
220 ip = VTOI(*vpp);
221 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE;
222 if (vap->va_rdev != VNOVAL) {
223 /*
224 * Want to be able to use this to make badblock
225 * inodes, so don't truncate the dev number.
226 */
227 DIP_SET(ip, i_rdev, vap->va_rdev);
228 }
229 /*
230 * Remove inode, then reload it through VFS_VGET so it is
231 * checked to see if it is an alias of an existing entry in
232 * the inode cache. XXX I don't believe this is necessary now.
233 */
234 (*vpp)->v_type = VNON;
235 ino = ip->i_number; /* Save this before vgone() invalidates ip. */
236 vgone(*vpp);
237 vput(*vpp);
238 error = VFS_VGET(ap->a_dvp->v_mount, ino, LK_EXCLUSIVE, vpp);
239 if (error) {
240 *vpp = NULL;
241 return (error);
242 }
243 return (0);
244 }
245
246 /*
247 * Open called.
248 */
249 /* ARGSUSED */
250 static int
251 ufs_open(struct vop_open_args *ap)
252 {
253 struct vnode *vp = ap->a_vp;
254 struct inode *ip;
255
256 if (vp->v_type == VCHR || vp->v_type == VBLK)
257 return (EOPNOTSUPP);
258
259 ip = VTOI(vp);
260 /*
261 * Files marked append-only must be opened for appending.
262 */
263 if ((ip->i_flags & APPEND) &&
264 (ap->a_mode & (FWRITE | O_APPEND)) == FWRITE)
265 return (EPERM);
266 vnode_create_vobject_off(vp, DIP(ip, i_size), ap->a_td);
267 return (0);
268 }
269
270 /*
271 * Close called.
272 *
273 * Update the times on the inode.
274 */
275 /* ARGSUSED */
276 static int
277 ufs_close(ap)
278 struct vop_close_args /* {
279 struct vnode *a_vp;
280 int a_fflag;
281 struct ucred *a_cred;
282 struct thread *a_td;
283 } */ *ap;
284 {
285 struct vnode *vp = ap->a_vp;
286 int usecount;
287
288 VI_LOCK(vp);
289 usecount = vp->v_usecount;
290 VI_UNLOCK(vp);
291 if (usecount > 1)
292 ufs_itimes(vp);
293 return (0);
294 }
295
296 static int
297 ufs_access(ap)
298 struct vop_access_args /* {
299 struct vnode *a_vp;
300 int a_mode;
301 struct ucred *a_cred;
302 struct thread *a_td;
303 } */ *ap;
304 {
305 struct vnode *vp = ap->a_vp;
306 struct inode *ip = VTOI(vp);
307 mode_t mode = ap->a_mode;
308 int error;
309 #ifdef UFS_ACL
310 struct acl *acl;
311 #endif
312
313 /*
314 * Disallow write attempts on read-only filesystems;
315 * unless the file is a socket, fifo, or a block or
316 * character device resident on the filesystem.
317 */
318 if (mode & VWRITE) {
319 switch (vp->v_type) {
320 case VDIR:
321 case VLNK:
322 case VREG:
323 if (vp->v_mount->mnt_flag & MNT_RDONLY)
324 return (EROFS);
325 #ifdef QUOTA
326 if ((error = getinoquota(ip)) != 0)
327 return (error);
328 #endif
329 break;
330 default:
331 break;
332 }
333 }
334
335 /* If immutable bit set, nobody gets to write it. */
336 if ((mode & VWRITE) && (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT)))
337 return (EPERM);
338
339 #ifdef UFS_ACL
340 if ((vp->v_mount->mnt_flag & MNT_ACLS) != 0) {
341 acl = uma_zalloc(acl_zone, M_WAITOK);
342 error = VOP_GETACL(vp, ACL_TYPE_ACCESS, acl, ap->a_cred,
343 ap->a_td);
344 switch (error) {
345 case EOPNOTSUPP:
346 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid,
347 ip->i_gid, ap->a_mode, ap->a_cred, NULL);
348 break;
349 case 0:
350 error = vaccess_acl_posix1e(vp->v_type, ip->i_uid,
351 ip->i_gid, acl, ap->a_mode, ap->a_cred, NULL);
352 break;
353 default:
354 printf(
355 "ufs_access(): Error retrieving ACL on object (%d).\n",
356 error);
357 /*
358 * XXX: Fall back until debugged. Should
359 * eventually possibly log an error, and return
360 * EPERM for safety.
361 */
362 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid,
363 ip->i_gid, ap->a_mode, ap->a_cred, NULL);
364 }
365 uma_zfree(acl_zone, acl);
366 } else
367 #endif /* !UFS_ACL */
368 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, ip->i_gid,
369 ap->a_mode, ap->a_cred, NULL);
370 return (error);
371 }
372
373 /* ARGSUSED */
374 static int
375 ufs_getattr(ap)
376 struct vop_getattr_args /* {
377 struct vnode *a_vp;
378 struct vattr *a_vap;
379 struct ucred *a_cred;
380 struct thread *a_td;
381 } */ *ap;
382 {
383 struct vnode *vp = ap->a_vp;
384 struct inode *ip = VTOI(vp);
385 struct vattr *vap = ap->a_vap;
386
387 ufs_itimes(vp);
388 /*
389 * Copy from inode table
390 */
391 vap->va_fsid = dev2udev(ip->i_dev);
392 vap->va_fileid = ip->i_number;
393 vap->va_mode = ip->i_mode & ~IFMT;
394 vap->va_nlink = ip->i_effnlink;
395 vap->va_uid = ip->i_uid;
396 vap->va_gid = ip->i_gid;
397 if (ip->i_ump->um_fstype == UFS1) {
398 vap->va_rdev = ip->i_din1->di_rdev;
399 vap->va_size = ip->i_din1->di_size;
400 VI_LOCK(vp);
401 vap->va_atime.tv_sec = ip->i_din1->di_atime;
402 vap->va_atime.tv_nsec = ip->i_din1->di_atimensec;
403 VI_UNLOCK(vp);
404 vap->va_mtime.tv_sec = ip->i_din1->di_mtime;
405 vap->va_mtime.tv_nsec = ip->i_din1->di_mtimensec;
406 vap->va_ctime.tv_sec = ip->i_din1->di_ctime;
407 vap->va_ctime.tv_nsec = ip->i_din1->di_ctimensec;
408 vap->va_birthtime.tv_sec = 0;
409 vap->va_birthtime.tv_nsec = 0;
410 vap->va_bytes = dbtob((u_quad_t)ip->i_din1->di_blocks);
411 } else {
412 vap->va_rdev = ip->i_din2->di_rdev;
413 vap->va_size = ip->i_din2->di_size;
414 VI_LOCK(vp);
415 vap->va_atime.tv_sec = ip->i_din2->di_atime;
416 vap->va_atime.tv_nsec = ip->i_din2->di_atimensec;
417 VI_UNLOCK(vp);
418 vap->va_mtime.tv_sec = ip->i_din2->di_mtime;
419 vap->va_mtime.tv_nsec = ip->i_din2->di_mtimensec;
420 vap->va_ctime.tv_sec = ip->i_din2->di_ctime;
421 vap->va_ctime.tv_nsec = ip->i_din2->di_ctimensec;
422 vap->va_birthtime.tv_sec = ip->i_din2->di_birthtime;
423 vap->va_birthtime.tv_nsec = ip->i_din2->di_birthnsec;
424 vap->va_bytes = dbtob((u_quad_t)ip->i_din2->di_blocks);
425 }
426 vap->va_flags = ip->i_flags;
427 vap->va_gen = ip->i_gen;
428 vap->va_blocksize = vp->v_mount->mnt_stat.f_iosize;
429 vap->va_type = IFTOVT(ip->i_mode);
430 vap->va_filerev = ip->i_modrev;
431 return (0);
432 }
433
434 /*
435 * Set attribute vnode op. called from several syscalls
436 */
437 static int
438 ufs_setattr(ap)
439 struct vop_setattr_args /* {
440 struct vnode *a_vp;
441 struct vattr *a_vap;
442 struct ucred *a_cred;
443 struct thread *a_td;
444 } */ *ap;
445 {
446 struct vattr *vap = ap->a_vap;
447 struct vnode *vp = ap->a_vp;
448 struct inode *ip = VTOI(vp);
449 struct ucred *cred = ap->a_cred;
450 struct thread *td = ap->a_td;
451 int error;
452
453 /*
454 * Check for unsettable attributes.
455 */
456 if ((vap->va_type != VNON) || (vap->va_nlink != VNOVAL) ||
457 (vap->va_fsid != VNOVAL) || (vap->va_fileid != VNOVAL) ||
458 (vap->va_blocksize != VNOVAL) || (vap->va_rdev != VNOVAL) ||
459 ((int)vap->va_bytes != VNOVAL) || (vap->va_gen != VNOVAL)) {
460 return (EINVAL);
461 }
462 /*
463 * Mark for update the file's access time for vfs_mark_atime().
464 * We are doing this here to avoid some of the checks done
465 * below -- this operation is done by request of the kernel and
466 * should bypass some security checks. Things like read-only
467 * checks get handled by other levels (e.g., ffs_update()).
468 */
469 if (vap->va_vaflags & VA_MARK_ATIME) {
470 ip->i_flag |= IN_ACCESS;
471 return (0);
472 }
473 if (vap->va_flags != VNOVAL) {
474 if (vp->v_mount->mnt_flag & MNT_RDONLY)
475 return (EROFS);
476 /*
477 * Callers may only modify the file flags on objects they
478 * have VADMIN rights for.
479 */
480 if ((error = VOP_ACCESS(vp, VADMIN, cred, td)))
481 return (error);
482 /*
483 * Unprivileged processes are not permitted to unset system
484 * flags, or modify flags if any system flags are set.
485 * Privileged non-jail processes may not modify system flags
486 * if securelevel > 0 and any existing system flags are set.
487 * Privileged jail processes behave like privileged non-jail
488 * processes if the security.jail.chflags_allowed sysctl is
489 * is non-zero; otherwise, they behave like unprivileged
490 * processes.
491 */
492 if (!suser_cred(cred,
493 jail_chflags_allowed ? SUSER_ALLOWJAIL : 0)) {
494 if (ip->i_flags
495 & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) {
496 error = securelevel_gt(cred, 0);
497 if (error)
498 return (error);
499 }
500 /* Snapshot flag cannot be set or cleared */
501 if (((vap->va_flags & SF_SNAPSHOT) != 0 &&
502 (ip->i_flags & SF_SNAPSHOT) == 0) ||
503 ((vap->va_flags & SF_SNAPSHOT) == 0 &&
504 (ip->i_flags & SF_SNAPSHOT) != 0))
505 return (EPERM);
506 ip->i_flags = vap->va_flags;
507 DIP_SET(ip, i_flags, vap->va_flags);
508 } else {
509 if (ip->i_flags
510 & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND) ||
511 (vap->va_flags & UF_SETTABLE) != vap->va_flags)
512 return (EPERM);
513 ip->i_flags &= SF_SETTABLE;
514 ip->i_flags |= (vap->va_flags & UF_SETTABLE);
515 DIP_SET(ip, i_flags, ip->i_flags);
516 }
517 ip->i_flag |= IN_CHANGE;
518 if (vap->va_flags & (IMMUTABLE | APPEND))
519 return (0);
520 }
521 if (ip->i_flags & (IMMUTABLE | APPEND))
522 return (EPERM);
523 /*
524 * Go through the fields and update iff not VNOVAL.
525 */
526 if (vap->va_uid != (uid_t)VNOVAL || vap->va_gid != (gid_t)VNOVAL) {
527 if (vp->v_mount->mnt_flag & MNT_RDONLY)
528 return (EROFS);
529 if ((error = ufs_chown(vp, vap->va_uid, vap->va_gid, cred,
530 td)) != 0)
531 return (error);
532 }
533 if (vap->va_size != VNOVAL) {
534 /*
535 * XXX most of the following special cases should be in
536 * callers instead of in N filesystems. The VDIR check
537 * mostly already is.
538 */
539 switch (vp->v_type) {
540 case VDIR:
541 return (EISDIR);
542 case VLNK:
543 case VREG:
544 /*
545 * Truncation should have an effect in these cases.
546 * Disallow it if the filesystem is read-only or
547 * the file is being snapshotted.
548 */
549 if (vp->v_mount->mnt_flag & MNT_RDONLY)
550 return (EROFS);
551 if ((ip->i_flags & SF_SNAPSHOT) != 0)
552 return (EPERM);
553 break;
554 default:
555 /*
556 * According to POSIX, the result is unspecified
557 * for file types other than regular files,
558 * directories and shared memory objects. We
559 * don't support shared memory objects in the file
560 * system, and have dubious support for truncating
561 * symlinks. Just ignore the request in other cases.
562 */
563 return (0);
564 }
565 if ((error = UFS_TRUNCATE(vp, vap->va_size, IO_NORMAL,
566 cred, td)) != 0)
567 return (error);
568 }
569 if (vap->va_atime.tv_sec != VNOVAL ||
570 vap->va_mtime.tv_sec != VNOVAL ||
571 vap->va_birthtime.tv_sec != VNOVAL) {
572 if (vp->v_mount->mnt_flag & MNT_RDONLY)
573 return (EROFS);
574 if ((ip->i_flags & SF_SNAPSHOT) != 0)
575 return (EPERM);
576 /*
577 * From utimes(2):
578 * If times is NULL, ... The caller must be the owner of
579 * the file, have permission to write the file, or be the
580 * super-user.
581 * If times is non-NULL, ... The caller must be the owner of
582 * the file or be the super-user.
583 */
584 if ((error = VOP_ACCESS(vp, VADMIN, cred, td)) &&
585 ((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
586 (error = VOP_ACCESS(vp, VWRITE, cred, td))))
587 return (error);
588 if (vap->va_atime.tv_sec != VNOVAL)
589 ip->i_flag |= IN_ACCESS;
590 if (vap->va_mtime.tv_sec != VNOVAL)
591 ip->i_flag |= IN_CHANGE | IN_UPDATE;
592 if (vap->va_birthtime.tv_sec != VNOVAL &&
593 ip->i_ump->um_fstype == UFS2)
594 ip->i_flag |= IN_MODIFIED;
595 ufs_itimes(vp);
596 if (vap->va_atime.tv_sec != VNOVAL) {
597 DIP_SET(ip, i_atime, vap->va_atime.tv_sec);
598 DIP_SET(ip, i_atimensec, vap->va_atime.tv_nsec);
599 }
600 if (vap->va_mtime.tv_sec != VNOVAL) {
601 DIP_SET(ip, i_mtime, vap->va_mtime.tv_sec);
602 DIP_SET(ip, i_mtimensec, vap->va_mtime.tv_nsec);
603 }
604 if (vap->va_birthtime.tv_sec != VNOVAL &&
605 ip->i_ump->um_fstype == UFS2) {
606 ip->i_din2->di_birthtime = vap->va_birthtime.tv_sec;
607 ip->i_din2->di_birthnsec = vap->va_birthtime.tv_nsec;
608 }
609 error = UFS_UPDATE(vp, 0);
610 if (error)
611 return (error);
612 }
613 error = 0;
614 if (vap->va_mode != (mode_t)VNOVAL) {
615 if (vp->v_mount->mnt_flag & MNT_RDONLY)
616 return (EROFS);
617 if ((ip->i_flags & SF_SNAPSHOT) != 0 && (vap->va_mode &
618 (S_IXUSR | S_IWUSR | S_IXGRP | S_IWGRP | S_IXOTH | S_IWOTH)))
619 return (EPERM);
620 error = ufs_chmod(vp, (int)vap->va_mode, cred, td);
621 }
622 return (error);
623 }
624
625 /*
626 * Change the mode on a file.
627 * Inode must be locked before calling.
628 */
629 static int
630 ufs_chmod(vp, mode, cred, td)
631 struct vnode *vp;
632 int mode;
633 struct ucred *cred;
634 struct thread *td;
635 {
636 struct inode *ip = VTOI(vp);
637 int error;
638
639 /*
640 * To modify the permissions on a file, must possess VADMIN
641 * for that file.
642 */
643 if ((error = VOP_ACCESS(vp, VADMIN, cred, td)))
644 return (error);
645 /*
646 * Privileged processes may set the sticky bit on non-directories,
647 * as well as set the setgid bit on a file with a group that the
648 * process is not a member of. Both of these are allowed in
649 * jail(8).
650 */
651 if (vp->v_type != VDIR && (mode & S_ISTXT)) {
652 if (suser_cred(cred, SUSER_ALLOWJAIL))
653 return (EFTYPE);
654 }
655 if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) {
656 error = suser_cred(cred, SUSER_ALLOWJAIL);
657 if (error)
658 return (error);
659 }
660 ip->i_mode &= ~ALLPERMS;
661 ip->i_mode |= (mode & ALLPERMS);
662 DIP_SET(ip, i_mode, ip->i_mode);
663 ip->i_flag |= IN_CHANGE;
664 return (0);
665 }
666
667 /*
668 * Perform chown operation on inode ip;
669 * inode must be locked prior to call.
670 */
671 static int
672 ufs_chown(vp, uid, gid, cred, td)
673 struct vnode *vp;
674 uid_t uid;
675 gid_t gid;
676 struct ucred *cred;
677 struct thread *td;
678 {
679 struct inode *ip = VTOI(vp);
680 uid_t ouid;
681 gid_t ogid;
682 int error = 0;
683 #ifdef QUOTA
684 int i;
685 ufs2_daddr_t change;
686 #endif
687
688 if (uid == (uid_t)VNOVAL)
689 uid = ip->i_uid;
690 if (gid == (gid_t)VNOVAL)
691 gid = ip->i_gid;
692 /*
693 * To modify the ownership of a file, must possess VADMIN
694 * for that file.
695 */
696 if ((error = VOP_ACCESS(vp, VADMIN, cred, td)))
697 return (error);
698 /*
699 * To change the owner of a file, or change the group of a file
700 * to a group of which we are not a member, the caller must
701 * have privilege.
702 */
703 if ((uid != ip->i_uid ||
704 (gid != ip->i_gid && !groupmember(gid, cred))) &&
705 (error = suser_cred(cred, SUSER_ALLOWJAIL)))
706 return (error);
707 ogid = ip->i_gid;
708 ouid = ip->i_uid;
709 #ifdef QUOTA
710 if ((error = getinoquota(ip)) != 0)
711 return (error);
712 if (ouid == uid) {
713 dqrele(vp, ip->i_dquot[USRQUOTA]);
714 ip->i_dquot[USRQUOTA] = NODQUOT;
715 }
716 if (ogid == gid) {
717 dqrele(vp, ip->i_dquot[GRPQUOTA]);
718 ip->i_dquot[GRPQUOTA] = NODQUOT;
719 }
720 change = DIP(ip, i_blocks);
721 (void) chkdq(ip, -change, cred, CHOWN);
722 (void) chkiq(ip, -1, cred, CHOWN);
723 for (i = 0; i < MAXQUOTAS; i++) {
724 dqrele(vp, ip->i_dquot[i]);
725 ip->i_dquot[i] = NODQUOT;
726 }
727 #endif
728 ip->i_gid = gid;
729 DIP_SET(ip, i_gid, gid);
730 ip->i_uid = uid;
731 DIP_SET(ip, i_uid, uid);
732 #ifdef QUOTA
733 if ((error = getinoquota(ip)) == 0) {
734 if (ouid == uid) {
735 dqrele(vp, ip->i_dquot[USRQUOTA]);
736 ip->i_dquot[USRQUOTA] = NODQUOT;
737 }
738 if (ogid == gid) {
739 dqrele(vp, ip->i_dquot[GRPQUOTA]);
740 ip->i_dquot[GRPQUOTA] = NODQUOT;
741 }
742 if ((error = chkdq(ip, change, cred, CHOWN)) == 0) {
743 if ((error = chkiq(ip, 1, cred, CHOWN)) == 0)
744 goto good;
745 else
746 (void) chkdq(ip, -change, cred, CHOWN|FORCE);
747 }
748 for (i = 0; i < MAXQUOTAS; i++) {
749 dqrele(vp, ip->i_dquot[i]);
750 ip->i_dquot[i] = NODQUOT;
751 }
752 }
753 ip->i_gid = ogid;
754 DIP_SET(ip, i_gid, ogid);
755 ip->i_uid = ouid;
756 DIP_SET(ip, i_uid, ouid);
757 if (getinoquota(ip) == 0) {
758 if (ouid == uid) {
759 dqrele(vp, ip->i_dquot[USRQUOTA]);
760 ip->i_dquot[USRQUOTA] = NODQUOT;
761 }
762 if (ogid == gid) {
763 dqrele(vp, ip->i_dquot[GRPQUOTA]);
764 ip->i_dquot[GRPQUOTA] = NODQUOT;
765 }
766 (void) chkdq(ip, change, cred, FORCE|CHOWN);
767 (void) chkiq(ip, 1, cred, FORCE|CHOWN);
768 (void) getinoquota(ip);
769 }
770 return (error);
771 good:
772 if (getinoquota(ip))
773 panic("ufs_chown: lost quota");
774 #endif /* QUOTA */
775 ip->i_flag |= IN_CHANGE;
776 if (suser_cred(cred, SUSER_ALLOWJAIL) && (ouid != uid || ogid != gid)) {
777 ip->i_mode &= ~(ISUID | ISGID);
778 DIP_SET(ip, i_mode, ip->i_mode);
779 }
780 return (0);
781 }
782
783 static int
784 ufs_remove(ap)
785 struct vop_remove_args /* {
786 struct vnode *a_dvp;
787 struct vnode *a_vp;
788 struct componentname *a_cnp;
789 } */ *ap;
790 {
791 struct inode *ip;
792 struct vnode *vp = ap->a_vp;
793 struct vnode *dvp = ap->a_dvp;
794 int error;
795 struct thread *td;
796
797 td = curthread;
798 ip = VTOI(vp);
799 if ((ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) ||
800 (VTOI(dvp)->i_flags & APPEND)) {
801 error = EPERM;
802 goto out;
803 }
804 error = ufs_dirremove(dvp, ip, ap->a_cnp->cn_flags, 0);
805 if (ip->i_nlink <= 0)
806 vp->v_vflag |= VV_NOSYNC;
807 if ((ip->i_flags & SF_SNAPSHOT) != 0) {
808 /*
809 * Avoid deadlock where another thread is trying to
810 * update the inodeblock for dvp and is waiting on
811 * snaplk. Temporary unlock the vnode lock for the
812 * unlinked file and sync the directory. This should
813 * allow vput() of the directory to not block later on
814 * while holding the snapshot vnode locked, assuming
815 * that the directory hasn't been unlinked too.
816 */
817 VOP_UNLOCK(vp, 0, td);
818 (void) VOP_FSYNC(dvp, MNT_WAIT, td);
819 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
820 }
821 out:
822 return (error);
823 }
824
825 /*
826 * link vnode call
827 */
828 static int
829 ufs_link(ap)
830 struct vop_link_args /* {
831 struct vnode *a_tdvp;
832 struct vnode *a_vp;
833 struct componentname *a_cnp;
834 } */ *ap;
835 {
836 struct vnode *vp = ap->a_vp;
837 struct vnode *tdvp = ap->a_tdvp;
838 struct componentname *cnp = ap->a_cnp;
839 struct inode *ip;
840 struct direct newdir;
841 int error;
842
843 #ifdef DIAGNOSTIC
844 if ((cnp->cn_flags & HASBUF) == 0)
845 panic("ufs_link: no name");
846 #endif
847 if (tdvp->v_mount != vp->v_mount) {
848 error = EXDEV;
849 goto out;
850 }
851 ip = VTOI(vp);
852 if ((nlink_t)ip->i_nlink >= LINK_MAX) {
853 error = EMLINK;
854 goto out;
855 }
856 if (ip->i_flags & (IMMUTABLE | APPEND)) {
857 error = EPERM;
858 goto out;
859 }
860 ip->i_effnlink++;
861 ip->i_nlink++;
862 DIP_SET(ip, i_nlink, ip->i_nlink);
863 ip->i_flag |= IN_CHANGE;
864 if (DOINGSOFTDEP(vp))
865 softdep_change_linkcnt(ip);
866 error = UFS_UPDATE(vp, !(DOINGSOFTDEP(vp) | DOINGASYNC(vp)));
867 if (!error) {
868 ufs_makedirentry(ip, cnp, &newdir);
869 error = ufs_direnter(tdvp, vp, &newdir, cnp, NULL);
870 }
871
872 if (error) {
873 ip->i_effnlink--;
874 ip->i_nlink--;
875 DIP_SET(ip, i_nlink, ip->i_nlink);
876 ip->i_flag |= IN_CHANGE;
877 if (DOINGSOFTDEP(vp))
878 softdep_change_linkcnt(ip);
879 }
880 out:
881 return (error);
882 }
883
884 /*
885 * whiteout vnode call
886 */
887 static int
888 ufs_whiteout(ap)
889 struct vop_whiteout_args /* {
890 struct vnode *a_dvp;
891 struct componentname *a_cnp;
892 int a_flags;
893 } */ *ap;
894 {
895 struct vnode *dvp = ap->a_dvp;
896 struct componentname *cnp = ap->a_cnp;
897 struct direct newdir;
898 int error = 0;
899
900 switch (ap->a_flags) {
901 case LOOKUP:
902 /* 4.4 format directories support whiteout operations */
903 if (dvp->v_mount->mnt_maxsymlinklen > 0)
904 return (0);
905 return (EOPNOTSUPP);
906
907 case CREATE:
908 /* create a new directory whiteout */
909 #ifdef DIAGNOSTIC
910 if ((cnp->cn_flags & SAVENAME) == 0)
911 panic("ufs_whiteout: missing name");
912 if (dvp->v_mount->mnt_maxsymlinklen <= 0)
913 panic("ufs_whiteout: old format filesystem");
914 #endif
915
916 newdir.d_ino = WINO;
917 newdir.d_namlen = cnp->cn_namelen;
918 bcopy(cnp->cn_nameptr, newdir.d_name, (unsigned)cnp->cn_namelen + 1);
919 newdir.d_type = DT_WHT;
920 error = ufs_direnter(dvp, NULL, &newdir, cnp, NULL);
921 break;
922
923 case DELETE:
924 /* remove an existing directory whiteout */
925 #ifdef DIAGNOSTIC
926 if (dvp->v_mount->mnt_maxsymlinklen <= 0)
927 panic("ufs_whiteout: old format filesystem");
928 #endif
929
930 cnp->cn_flags &= ~DOWHITEOUT;
931 error = ufs_dirremove(dvp, NULL, cnp->cn_flags, 0);
932 break;
933 default:
934 panic("ufs_whiteout: unknown op");
935 }
936 return (error);
937 }
938
939 /*
940 * Rename system call.
941 * rename("foo", "bar");
942 * is essentially
943 * unlink("bar");
944 * link("foo", "bar");
945 * unlink("foo");
946 * but ``atomically''. Can't do full commit without saving state in the
947 * inode on disk which isn't feasible at this time. Best we can do is
948 * always guarantee the target exists.
949 *
950 * Basic algorithm is:
951 *
952 * 1) Bump link count on source while we're linking it to the
953 * target. This also ensure the inode won't be deleted out
954 * from underneath us while we work (it may be truncated by
955 * a concurrent `trunc' or `open' for creation).
956 * 2) Link source to destination. If destination already exists,
957 * delete it first.
958 * 3) Unlink source reference to inode if still around. If a
959 * directory was moved and the parent of the destination
960 * is different from the source, patch the ".." entry in the
961 * directory.
962 */
963 static int
964 ufs_rename(ap)
965 struct vop_rename_args /* {
966 struct vnode *a_fdvp;
967 struct vnode *a_fvp;
968 struct componentname *a_fcnp;
969 struct vnode *a_tdvp;
970 struct vnode *a_tvp;
971 struct componentname *a_tcnp;
972 } */ *ap;
973 {
974 struct vnode *tvp = ap->a_tvp;
975 struct vnode *tdvp = ap->a_tdvp;
976 struct vnode *fvp = ap->a_fvp;
977 struct vnode *fdvp = ap->a_fdvp;
978 struct componentname *tcnp = ap->a_tcnp;
979 struct componentname *fcnp = ap->a_fcnp;
980 struct thread *td = fcnp->cn_thread;
981 struct inode *ip, *xp, *dp;
982 struct direct newdir;
983 int doingdirectory = 0, oldparent = 0, newparent = 0;
984 int error = 0, ioflag;
985
986 #ifdef DIAGNOSTIC
987 if ((tcnp->cn_flags & HASBUF) == 0 ||
988 (fcnp->cn_flags & HASBUF) == 0)
989 panic("ufs_rename: no name");
990 #endif
991 /*
992 * Check for cross-device rename.
993 */
994 if ((fvp->v_mount != tdvp->v_mount) ||
995 (tvp && (fvp->v_mount != tvp->v_mount))) {
996 error = EXDEV;
997 abortit:
998 if (tdvp == tvp)
999 vrele(tdvp);
1000 else
1001 vput(tdvp);
1002 if (tvp)
1003 vput(tvp);
1004 vrele(fdvp);
1005 vrele(fvp);
1006 return (error);
1007 }
1008
1009 if (tvp && ((VTOI(tvp)->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) ||
1010 (VTOI(tdvp)->i_flags & APPEND))) {
1011 error = EPERM;
1012 goto abortit;
1013 }
1014
1015 /*
1016 * Renaming a file to itself has no effect. The upper layers should
1017 * not call us in that case. Temporarily just warn if they do.
1018 */
1019 if (fvp == tvp) {
1020 printf("ufs_rename: fvp == tvp (can't happen)\n");
1021 error = 0;
1022 goto abortit;
1023 }
1024
1025 if ((error = vn_lock(fvp, LK_EXCLUSIVE, td)) != 0)
1026 goto abortit;
1027 dp = VTOI(fdvp);
1028 ip = VTOI(fvp);
1029 if (ip->i_nlink >= LINK_MAX) {
1030 VOP_UNLOCK(fvp, 0, td);
1031 error = EMLINK;
1032 goto abortit;
1033 }
1034 if ((ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))
1035 || (dp->i_flags & APPEND)) {
1036 VOP_UNLOCK(fvp, 0, td);
1037 error = EPERM;
1038 goto abortit;
1039 }
1040 if ((ip->i_mode & IFMT) == IFDIR) {
1041 /*
1042 * Avoid ".", "..", and aliases of "." for obvious reasons.
1043 */
1044 if ((fcnp->cn_namelen == 1 && fcnp->cn_nameptr[0] == '.') ||
1045 dp == ip || (fcnp->cn_flags | tcnp->cn_flags) & ISDOTDOT ||
1046 (ip->i_flag & IN_RENAME)) {
1047 VOP_UNLOCK(fvp, 0, td);
1048 error = EINVAL;
1049 goto abortit;
1050 }
1051 ip->i_flag |= IN_RENAME;
1052 oldparent = dp->i_number;
1053 doingdirectory = 1;
1054 }
1055 vrele(fdvp);
1056
1057 /*
1058 * When the target exists, both the directory
1059 * and target vnodes are returned locked.
1060 */
1061 dp = VTOI(tdvp);
1062 xp = NULL;
1063 if (tvp)
1064 xp = VTOI(tvp);
1065
1066 /*
1067 * 1) Bump link count while we're moving stuff
1068 * around. If we crash somewhere before
1069 * completing our work, the link count
1070 * may be wrong, but correctable.
1071 */
1072 ip->i_effnlink++;
1073 ip->i_nlink++;
1074 DIP_SET(ip, i_nlink, ip->i_nlink);
1075 ip->i_flag |= IN_CHANGE;
1076 if (DOINGSOFTDEP(fvp))
1077 softdep_change_linkcnt(ip);
1078 if ((error = UFS_UPDATE(fvp, !(DOINGSOFTDEP(fvp) |
1079 DOINGASYNC(fvp)))) != 0) {
1080 VOP_UNLOCK(fvp, 0, td);
1081 goto bad;
1082 }
1083
1084 /*
1085 * If ".." must be changed (ie the directory gets a new
1086 * parent) then the source directory must not be in the
1087 * directory heirarchy above the target, as this would
1088 * orphan everything below the source directory. Also
1089 * the user must have write permission in the source so
1090 * as to be able to change "..". We must repeat the call
1091 * to namei, as the parent directory is unlocked by the
1092 * call to checkpath().
1093 */
1094 error = VOP_ACCESS(fvp, VWRITE, tcnp->cn_cred, tcnp->cn_thread);
1095 VOP_UNLOCK(fvp, 0, td);
1096 if (oldparent != dp->i_number)
1097 newparent = dp->i_number;
1098 if (doingdirectory && newparent) {
1099 if (error) /* write access check above */
1100 goto bad;
1101 if (xp != NULL)
1102 vput(tvp);
1103 error = ufs_checkpath(ip, dp, tcnp->cn_cred);
1104 if (error)
1105 goto out;
1106 if ((tcnp->cn_flags & SAVESTART) == 0)
1107 panic("ufs_rename: lost to startdir");
1108 VREF(tdvp);
1109 error = relookup(tdvp, &tvp, tcnp);
1110 if (error)
1111 goto out;
1112 vrele(tdvp);
1113 dp = VTOI(tdvp);
1114 xp = NULL;
1115 if (tvp)
1116 xp = VTOI(tvp);
1117 }
1118 /*
1119 * 2) If target doesn't exist, link the target
1120 * to the source and unlink the source.
1121 * Otherwise, rewrite the target directory
1122 * entry to reference the source inode and
1123 * expunge the original entry's existence.
1124 */
1125 if (xp == NULL) {
1126 if (dp->i_dev != ip->i_dev)
1127 panic("ufs_rename: EXDEV");
1128 /*
1129 * Account for ".." in new directory.
1130 * When source and destination have the same
1131 * parent we don't fool with the link count.
1132 */
1133 if (doingdirectory && newparent) {
1134 if ((nlink_t)dp->i_nlink >= LINK_MAX) {
1135 error = EMLINK;
1136 goto bad;
1137 }
1138 dp->i_effnlink++;
1139 dp->i_nlink++;
1140 DIP_SET(dp, i_nlink, dp->i_nlink);
1141 dp->i_flag |= IN_CHANGE;
1142 if (DOINGSOFTDEP(tdvp))
1143 softdep_change_linkcnt(dp);
1144 error = UFS_UPDATE(tdvp, !(DOINGSOFTDEP(tdvp) |
1145 DOINGASYNC(tdvp)));
1146 if (error)
1147 goto bad;
1148 }
1149 ufs_makedirentry(ip, tcnp, &newdir);
1150 error = ufs_direnter(tdvp, NULL, &newdir, tcnp, NULL);
1151 if (error) {
1152 if (doingdirectory && newparent) {
1153 dp->i_effnlink--;
1154 dp->i_nlink--;
1155 DIP_SET(dp, i_nlink, dp->i_nlink);
1156 dp->i_flag |= IN_CHANGE;
1157 if (DOINGSOFTDEP(tdvp))
1158 softdep_change_linkcnt(dp);
1159 (void)UFS_UPDATE(tdvp, 1);
1160 }
1161 goto bad;
1162 }
1163 vput(tdvp);
1164 } else {
1165 if (xp->i_dev != dp->i_dev || xp->i_dev != ip->i_dev)
1166 panic("ufs_rename: EXDEV");
1167 /*
1168 * Short circuit rename(foo, foo).
1169 */
1170 if (xp->i_number == ip->i_number)
1171 panic("ufs_rename: same file");
1172 /*
1173 * If the parent directory is "sticky", then the caller
1174 * must possess VADMIN for the parent directory, or the
1175 * destination of the rename. This implements append-only
1176 * directories.
1177 */
1178 if ((dp->i_mode & S_ISTXT) &&
1179 VOP_ACCESS(tdvp, VADMIN, tcnp->cn_cred, td) &&
1180 VOP_ACCESS(tvp, VADMIN, tcnp->cn_cred, td)) {
1181 error = EPERM;
1182 goto bad;
1183 }
1184 /*
1185 * Target must be empty if a directory and have no links
1186 * to it. Also, ensure source and target are compatible
1187 * (both directories, or both not directories).
1188 */
1189 if ((xp->i_mode&IFMT) == IFDIR) {
1190 if ((xp->i_effnlink > 2) ||
1191 !ufs_dirempty(xp, dp->i_number, tcnp->cn_cred)) {
1192 error = ENOTEMPTY;
1193 goto bad;
1194 }
1195 if (!doingdirectory) {
1196 error = ENOTDIR;
1197 goto bad;
1198 }
1199 cache_purge(tdvp);
1200 } else if (doingdirectory) {
1201 error = EISDIR;
1202 goto bad;
1203 }
1204 error = ufs_dirrewrite(dp, xp, ip->i_number,
1205 IFTODT(ip->i_mode),
1206 (doingdirectory && newparent) ? newparent : doingdirectory);
1207 if (error)
1208 goto bad;
1209 if (doingdirectory) {
1210 if (!newparent) {
1211 dp->i_effnlink--;
1212 if (DOINGSOFTDEP(tdvp))
1213 softdep_change_linkcnt(dp);
1214 }
1215 xp->i_effnlink--;
1216 if (DOINGSOFTDEP(tvp))
1217 softdep_change_linkcnt(xp);
1218 }
1219 if (doingdirectory && !DOINGSOFTDEP(tvp)) {
1220 /*
1221 * Truncate inode. The only stuff left in the directory
1222 * is "." and "..". The "." reference is inconsequential
1223 * since we are quashing it. We have removed the "."
1224 * reference and the reference in the parent directory,
1225 * but there may be other hard links. The soft
1226 * dependency code will arrange to do these operations
1227 * after the parent directory entry has been deleted on
1228 * disk, so when running with that code we avoid doing
1229 * them now.
1230 */
1231 if (!newparent) {
1232 dp->i_nlink--;
1233 DIP_SET(dp, i_nlink, dp->i_nlink);
1234 dp->i_flag |= IN_CHANGE;
1235 }
1236 xp->i_nlink--;
1237 DIP_SET(xp, i_nlink, xp->i_nlink);
1238 xp->i_flag |= IN_CHANGE;
1239 ioflag = IO_NORMAL;
1240 if (!DOINGASYNC(tvp))
1241 ioflag |= IO_SYNC;
1242 if ((error = UFS_TRUNCATE(tvp, (off_t)0, ioflag,
1243 tcnp->cn_cred, tcnp->cn_thread)) != 0)
1244 goto bad;
1245 }
1246 vput(tdvp);
1247 vput(tvp);
1248 xp = NULL;
1249 }
1250
1251 /*
1252 * 3) Unlink the source.
1253 */
1254 fcnp->cn_flags &= ~MODMASK;
1255 fcnp->cn_flags |= LOCKPARENT | LOCKLEAF;
1256 if ((fcnp->cn_flags & SAVESTART) == 0)
1257 panic("ufs_rename: lost from startdir");
1258 VREF(fdvp);
1259 error = relookup(fdvp, &fvp, fcnp);
1260 if (error == 0)
1261 vrele(fdvp);
1262 if (fvp != NULL) {
1263 xp = VTOI(fvp);
1264 dp = VTOI(fdvp);
1265 } else {
1266 /*
1267 * From name has disappeared. IN_RENAME is not sufficient
1268 * to protect against directory races due to timing windows,
1269 * so we have to remove the panic. XXX the only real way
1270 * to solve this issue is at a much higher level. By the
1271 * time we hit ufs_rename() it's too late.
1272 */
1273 #if 0
1274 if (doingdirectory)
1275 panic("ufs_rename: lost dir entry");
1276 #endif
1277 vrele(ap->a_fvp);
1278 return (0);
1279 }
1280 /*
1281 * Ensure that the directory entry still exists and has not
1282 * changed while the new name has been entered. If the source is
1283 * a file then the entry may have been unlinked or renamed. In
1284 * either case there is no further work to be done. If the source
1285 * is a directory then it cannot have been rmdir'ed; the IN_RENAME
1286 * flag ensures that it cannot be moved by another rename or removed
1287 * by a rmdir.
1288 */
1289 if (xp != ip) {
1290 /*
1291 * From name resolves to a different inode. IN_RENAME is
1292 * not sufficient protection against timing window races
1293 * so we can't panic here. XXX the only real way
1294 * to solve this issue is at a much higher level. By the
1295 * time we hit ufs_rename() it's too late.
1296 */
1297 #if 0
1298 if (doingdirectory)
1299 panic("ufs_rename: lost dir entry");
1300 #endif
1301 } else {
1302 /*
1303 * If the source is a directory with a
1304 * new parent, the link count of the old
1305 * parent directory must be decremented
1306 * and ".." set to point to the new parent.
1307 */
1308 if (doingdirectory && newparent) {
1309 xp->i_offset = mastertemplate.dot_reclen;
1310 ufs_dirrewrite(xp, dp, newparent, DT_DIR, 0);
1311 cache_purge(fdvp);
1312 }
1313 error = ufs_dirremove(fdvp, xp, fcnp->cn_flags, 0);
1314 xp->i_flag &= ~IN_RENAME;
1315 }
1316 if (dp)
1317 vput(fdvp);
1318 if (xp)
1319 vput(fvp);
1320 vrele(ap->a_fvp);
1321 return (error);
1322
1323 bad:
1324 if (xp)
1325 vput(ITOV(xp));
1326 vput(ITOV(dp));
1327 out:
1328 if (doingdirectory)
1329 ip->i_flag &= ~IN_RENAME;
1330 if (vn_lock(fvp, LK_EXCLUSIVE, td) == 0) {
1331 ip->i_effnlink--;
1332 ip->i_nlink--;
1333 DIP_SET(ip, i_nlink, ip->i_nlink);
1334 ip->i_flag |= IN_CHANGE;
1335 ip->i_flag &= ~IN_RENAME;
1336 if (DOINGSOFTDEP(fvp))
1337 softdep_change_linkcnt(ip);
1338 vput(fvp);
1339 } else
1340 vrele(fvp);
1341 return (error);
1342 }
1343
1344 /*
1345 * Mkdir system call
1346 */
1347 static int
1348 ufs_mkdir(ap)
1349 struct vop_mkdir_args /* {
1350 struct vnode *a_dvp;
1351 struct vnode **a_vpp;
1352 struct componentname *a_cnp;
1353 struct vattr *a_vap;
1354 } */ *ap;
1355 {
1356 struct vnode *dvp = ap->a_dvp;
1357 struct vattr *vap = ap->a_vap;
1358 struct componentname *cnp = ap->a_cnp;
1359 struct inode *ip, *dp;
1360 struct vnode *tvp;
1361 struct buf *bp;
1362 struct dirtemplate dirtemplate, *dtp;
1363 struct direct newdir;
1364 #ifdef UFS_ACL
1365 struct acl *acl, *dacl;
1366 #endif
1367 int error, dmode;
1368 long blkoff;
1369
1370 #ifdef DIAGNOSTIC
1371 if ((cnp->cn_flags & HASBUF) == 0)
1372 panic("ufs_mkdir: no name");
1373 #endif
1374 dp = VTOI(dvp);
1375 if ((nlink_t)dp->i_nlink >= LINK_MAX) {
1376 error = EMLINK;
1377 goto out;
1378 }
1379 dmode = vap->va_mode & 0777;
1380 dmode |= IFDIR;
1381 /*
1382 * Must simulate part of ufs_makeinode here to acquire the inode,
1383 * but not have it entered in the parent directory. The entry is
1384 * made later after writing "." and ".." entries.
1385 */
1386 error = UFS_VALLOC(dvp, dmode, cnp->cn_cred, &tvp);
1387 if (error)
1388 goto out;
1389 ip = VTOI(tvp);
1390 ip->i_gid = dp->i_gid;
1391 DIP_SET(ip, i_gid, dp->i_gid);
1392 #ifdef SUIDDIR
1393 {
1394 #ifdef QUOTA
1395 struct ucred ucred, *ucp;
1396 ucp = cnp->cn_cred;
1397 #endif
1398 /*
1399 * If we are hacking owners here, (only do this where told to)
1400 * and we are not giving it TO root, (would subvert quotas)
1401 * then go ahead and give it to the other user.
1402 * The new directory also inherits the SUID bit.
1403 * If user's UID and dir UID are the same,
1404 * 'give it away' so that the SUID is still forced on.
1405 */
1406 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) &&
1407 (dp->i_mode & ISUID) && dp->i_uid) {
1408 dmode |= ISUID;
1409 ip->i_uid = dp->i_uid;
1410 DIP_SET(ip, i_uid, dp->i_uid);
1411 #ifdef QUOTA
1412 if (dp->i_uid != cnp->cn_cred->cr_uid) {
1413 /*
1414 * Make sure the correct user gets charged
1415 * for the space.
1416 * Make a dummy credential for the victim.
1417 * XXX This seems to never be accessed out of
1418 * our context so a stack variable is ok.
1419 */
1420 ucred.cr_ref = 1;
1421 ucred.cr_uid = ip->i_uid;
1422 ucred.cr_ngroups = 1;
1423 ucred.cr_groups[0] = dp->i_gid;
1424 ucp = &ucred;
1425 }
1426 #endif
1427 } else {
1428 ip->i_uid = cnp->cn_cred->cr_uid;
1429 DIP_SET(ip, i_uid, ip->i_uid);
1430 }
1431 #ifdef QUOTA
1432 if ((error = getinoquota(ip)) ||
1433 (error = chkiq(ip, 1, ucp, 0))) {
1434 UFS_VFREE(tvp, ip->i_number, dmode);
1435 vput(tvp);
1436 return (error);
1437 }
1438 #endif
1439 }
1440 #else /* !SUIDDIR */
1441 ip->i_uid = cnp->cn_cred->cr_uid;
1442 DIP_SET(ip, i_uid, ip->i_uid);
1443 #ifdef QUOTA
1444 if ((error = getinoquota(ip)) ||
1445 (error = chkiq(ip, 1, cnp->cn_cred, 0))) {
1446 UFS_VFREE(tvp, ip->i_number, dmode);
1447 vput(tvp);
1448 return (error);
1449 }
1450 #endif
1451 #endif /* !SUIDDIR */
1452 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE;
1453 #ifdef UFS_ACL
1454 acl = dacl = NULL;
1455 if ((dvp->v_mount->mnt_flag & MNT_ACLS) != 0) {
1456 acl = uma_zalloc(acl_zone, M_WAITOK);
1457 dacl = uma_zalloc(acl_zone, M_WAITOK);
1458
1459 /*
1460 * Retrieve default ACL from parent, if any.
1461 */
1462 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cnp->cn_cred,
1463 cnp->cn_thread);
1464 switch (error) {
1465 case 0:
1466 /*
1467 * Retrieved a default ACL, so merge mode and ACL if
1468 * necessary. If the ACL is empty, fall through to
1469 * the "not defined or available" case.
1470 */
1471 if (acl->acl_cnt != 0) {
1472 dmode = acl_posix1e_newfilemode(dmode, acl);
1473 ip->i_mode = dmode;
1474 DIP_SET(ip, i_mode, dmode);
1475 *dacl = *acl;
1476 ufs_sync_acl_from_inode(ip, acl);
1477 break;
1478 }
1479 /* FALLTHROUGH */
1480
1481 case EOPNOTSUPP:
1482 /*
1483 * Just use the mode as-is.
1484 */
1485 ip->i_mode = dmode;
1486 DIP_SET(ip, i_mode, dmode);
1487 uma_zfree(acl_zone, acl);
1488 uma_zfree(acl_zone, dacl);
1489 dacl = acl = NULL;
1490 break;
1491
1492 default:
1493 UFS_VFREE(tvp, ip->i_number, dmode);
1494 vput(tvp);
1495 uma_zfree(acl_zone, acl);
1496 uma_zfree(acl_zone, dacl);
1497 return (error);
1498 }
1499 } else {
1500 #endif /* !UFS_ACL */
1501 ip->i_mode = dmode;
1502 DIP_SET(ip, i_mode, dmode);
1503 #ifdef UFS_ACL
1504 }
1505 #endif
1506 tvp->v_type = VDIR; /* Rest init'd in getnewvnode(). */
1507 ip->i_effnlink = 2;
1508 ip->i_nlink = 2;
1509 DIP_SET(ip, i_nlink, 2);
1510 if (DOINGSOFTDEP(tvp))
1511 softdep_change_linkcnt(ip);
1512 if (cnp->cn_flags & ISWHITEOUT) {
1513 ip->i_flags |= UF_OPAQUE;
1514 DIP_SET(ip, i_flags, ip->i_flags);
1515 }
1516
1517 /*
1518 * Bump link count in parent directory to reflect work done below.
1519 * Should be done before reference is created so cleanup is
1520 * possible if we crash.
1521 */
1522 dp->i_effnlink++;
1523 dp->i_nlink++;
1524 DIP_SET(dp, i_nlink, dp->i_nlink);
1525 dp->i_flag |= IN_CHANGE;
1526 if (DOINGSOFTDEP(dvp))
1527 softdep_change_linkcnt(dp);
1528 error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(dvp) | DOINGASYNC(dvp)));
1529 if (error)
1530 goto bad;
1531 #ifdef MAC
1532 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) {
1533 error = mac_create_vnode_extattr(cnp->cn_cred, dvp->v_mount,
1534 dvp, tvp, cnp);
1535 if (error)
1536 goto bad;
1537 }
1538 #endif
1539 #ifdef UFS_ACL
1540 if (acl != NULL) {
1541 /*
1542 * XXX: If we abort now, will Soft Updates notify the extattr
1543 * code that the EAs for the file need to be released?
1544 */
1545 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cnp->cn_cred,
1546 cnp->cn_thread);
1547 if (error == 0)
1548 error = VOP_SETACL(tvp, ACL_TYPE_DEFAULT, dacl,
1549 cnp->cn_cred, cnp->cn_thread);
1550 switch (error) {
1551 case 0:
1552 break;
1553
1554 case EOPNOTSUPP:
1555 /*
1556 * XXX: This should not happen, as EOPNOTSUPP above
1557 * was supposed to free acl.
1558 */
1559 printf("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()\n");
1560 /*
1561 panic("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()");
1562 */
1563 break;
1564
1565 default:
1566 uma_zfree(acl_zone, acl);
1567 uma_zfree(acl_zone, dacl);
1568 dacl = acl = NULL;
1569 goto bad;
1570 }
1571 uma_zfree(acl_zone, acl);
1572 uma_zfree(acl_zone, dacl);
1573 dacl = acl = NULL;
1574 }
1575 #endif /* !UFS_ACL */
1576
1577 /*
1578 * Initialize directory with "." and ".." from static template.
1579 */
1580 if (dvp->v_mount->mnt_maxsymlinklen > 0)
1581 dtp = &mastertemplate;
1582 else
1583 dtp = (struct dirtemplate *)&omastertemplate;
1584 dirtemplate = *dtp;
1585 dirtemplate.dot_ino = ip->i_number;
1586 dirtemplate.dotdot_ino = dp->i_number;
1587 if ((error = UFS_BALLOC(tvp, (off_t)0, DIRBLKSIZ, cnp->cn_cred,
1588 BA_CLRBUF, &bp)) != 0)
1589 goto bad;
1590 ip->i_size = DIRBLKSIZ;
1591 DIP_SET(ip, i_size, DIRBLKSIZ);
1592 ip->i_flag |= IN_CHANGE | IN_UPDATE;
1593 vnode_pager_setsize(tvp, (u_long)ip->i_size);
1594 bcopy((caddr_t)&dirtemplate, (caddr_t)bp->b_data, sizeof dirtemplate);
1595 if (DOINGSOFTDEP(tvp)) {
1596 /*
1597 * Ensure that the entire newly allocated block is a
1598 * valid directory so that future growth within the
1599 * block does not have to ensure that the block is
1600 * written before the inode.
1601 */
1602 blkoff = DIRBLKSIZ;
1603 while (blkoff < bp->b_bcount) {
1604 ((struct direct *)
1605 (bp->b_data + blkoff))->d_reclen = DIRBLKSIZ;
1606 blkoff += DIRBLKSIZ;
1607 }
1608 }
1609 if ((error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(tvp) |
1610 DOINGASYNC(tvp)))) != 0) {
1611 (void)bwrite(bp);
1612 goto bad;
1613 }
1614 /*
1615 * Directory set up, now install its entry in the parent directory.
1616 *
1617 * If we are not doing soft dependencies, then we must write out the
1618 * buffer containing the new directory body before entering the new
1619 * name in the parent. If we are doing soft dependencies, then the
1620 * buffer containing the new directory body will be passed to and
1621 * released in the soft dependency code after the code has attached
1622 * an appropriate ordering dependency to the buffer which ensures that
1623 * the buffer is written before the new name is written in the parent.
1624 */
1625 if (DOINGASYNC(dvp))
1626 bdwrite(bp);
1627 else if (!DOINGSOFTDEP(dvp) && ((error = bwrite(bp))))
1628 goto bad;
1629 ufs_makedirentry(ip, cnp, &newdir);
1630 error = ufs_direnter(dvp, tvp, &newdir, cnp, bp);
1631
1632 bad:
1633 if (error == 0) {
1634 *ap->a_vpp = tvp;
1635 } else {
1636 #ifdef UFS_ACL
1637 if (acl != NULL)
1638 uma_zfree(acl_zone, acl);
1639 if (dacl != NULL)
1640 uma_zfree(acl_zone, dacl);
1641 #endif
1642 dp->i_effnlink--;
1643 dp->i_nlink--;
1644 DIP_SET(dp, i_nlink, dp->i_nlink);
1645 dp->i_flag |= IN_CHANGE;
1646 if (DOINGSOFTDEP(dvp))
1647 softdep_change_linkcnt(dp);
1648 /*
1649 * No need to do an explicit VOP_TRUNCATE here, vrele will
1650 * do this for us because we set the link count to 0.
1651 */
1652 ip->i_effnlink = 0;
1653 ip->i_nlink = 0;
1654 DIP_SET(ip, i_nlink, 0);
1655 ip->i_flag |= IN_CHANGE;
1656 if (DOINGSOFTDEP(tvp))
1657 softdep_change_linkcnt(ip);
1658 vput(tvp);
1659 }
1660 out:
1661 return (error);
1662 }
1663
1664 /*
1665 * Rmdir system call.
1666 */
1667 static int
1668 ufs_rmdir(ap)
1669 struct vop_rmdir_args /* {
1670 struct vnode *a_dvp;
1671 struct vnode *a_vp;
1672 struct componentname *a_cnp;
1673 } */ *ap;
1674 {
1675 struct vnode *vp = ap->a_vp;
1676 struct vnode *dvp = ap->a_dvp;
1677 struct componentname *cnp = ap->a_cnp;
1678 struct inode *ip, *dp;
1679 int error, ioflag;
1680
1681 ip = VTOI(vp);
1682 dp = VTOI(dvp);
1683
1684 /*
1685 * Do not remove a directory that is in the process of being renamed.
1686 * Verify the directory is empty (and valid). Rmdir ".." will not be
1687 * valid since ".." will contain a reference to the current directory
1688 * and thus be non-empty. Do not allow the removal of mounted on
1689 * directories (this can happen when an NFS exported filesystem
1690 * tries to remove a locally mounted on directory).
1691 */
1692 error = 0;
1693 if ((ip->i_flag & IN_RENAME) || ip->i_effnlink < 2) {
1694 error = EINVAL;
1695 goto out;
1696 }
1697 if (!ufs_dirempty(ip, dp->i_number, cnp->cn_cred)) {
1698 error = ENOTEMPTY;
1699 goto out;
1700 }
1701 if ((dp->i_flags & APPEND)
1702 || (ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))) {
1703 error = EPERM;
1704 goto out;
1705 }
1706 if (vp->v_mountedhere != 0) {
1707 error = EINVAL;
1708 goto out;
1709 }
1710 /*
1711 * Delete reference to directory before purging
1712 * inode. If we crash in between, the directory
1713 * will be reattached to lost+found,
1714 */
1715 dp->i_effnlink--;
1716 ip->i_effnlink--;
1717 if (DOINGSOFTDEP(vp)) {
1718 softdep_change_linkcnt(dp);
1719 softdep_change_linkcnt(ip);
1720 }
1721 error = ufs_dirremove(dvp, ip, cnp->cn_flags, 1);
1722 if (error) {
1723 dp->i_effnlink++;
1724 ip->i_effnlink++;
1725 if (DOINGSOFTDEP(vp)) {
1726 softdep_change_linkcnt(dp);
1727 softdep_change_linkcnt(ip);
1728 }
1729 goto out;
1730 }
1731 cache_purge(dvp);
1732 /*
1733 * Truncate inode. The only stuff left in the directory is "." and
1734 * "..". The "." reference is inconsequential since we are quashing
1735 * it. The soft dependency code will arrange to do these operations
1736 * after the parent directory entry has been deleted on disk, so
1737 * when running with that code we avoid doing them now.
1738 */
1739 if (!DOINGSOFTDEP(vp)) {
1740 dp->i_nlink--;
1741 DIP_SET(dp, i_nlink, dp->i_nlink);
1742 dp->i_flag |= IN_CHANGE;
1743 ip->i_nlink--;
1744 DIP_SET(ip, i_nlink, ip->i_nlink);
1745 ip->i_flag |= IN_CHANGE;
1746 ioflag = IO_NORMAL;
1747 if (!DOINGASYNC(vp))
1748 ioflag |= IO_SYNC;
1749 error = UFS_TRUNCATE(vp, (off_t)0, ioflag, cnp->cn_cred,
1750 cnp->cn_thread);
1751 }
1752 cache_purge(vp);
1753 #ifdef UFS_DIRHASH
1754 /* Kill any active hash; i_effnlink == 0, so it will not come back. */
1755 if (ip->i_dirhash != NULL)
1756 ufsdirhash_free(ip);
1757 #endif
1758 out:
1759 return (error);
1760 }
1761
1762 /*
1763 * symlink -- make a symbolic link
1764 */
1765 static int
1766 ufs_symlink(ap)
1767 struct vop_symlink_args /* {
1768 struct vnode *a_dvp;
1769 struct vnode **a_vpp;
1770 struct componentname *a_cnp;
1771 struct vattr *a_vap;
1772 char *a_target;
1773 } */ *ap;
1774 {
1775 struct vnode *vp, **vpp = ap->a_vpp;
1776 struct inode *ip;
1777 int len, error;
1778
1779 error = ufs_makeinode(IFLNK | ap->a_vap->va_mode, ap->a_dvp,
1780 vpp, ap->a_cnp);
1781 if (error)
1782 return (error);
1783 vp = *vpp;
1784 len = strlen(ap->a_target);
1785 if (len < vp->v_mount->mnt_maxsymlinklen) {
1786 ip = VTOI(vp);
1787 bcopy(ap->a_target, SHORTLINK(ip), len);
1788 ip->i_size = len;
1789 DIP_SET(ip, i_size, len);
1790 ip->i_flag |= IN_CHANGE | IN_UPDATE;
1791 } else
1792 error = vn_rdwr(UIO_WRITE, vp, ap->a_target, len, (off_t)0,
1793 UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK,
1794 ap->a_cnp->cn_cred, NOCRED, (int *)0, (struct thread *)0);
1795 if (error)
1796 vput(vp);
1797 return (error);
1798 }
1799
1800 /*
1801 * Vnode op for reading directories.
1802 *
1803 * The routine below assumes that the on-disk format of a directory
1804 * is the same as that defined by <sys/dirent.h>. If the on-disk
1805 * format changes, then it will be necessary to do a conversion
1806 * from the on-disk format that read returns to the format defined
1807 * by <sys/dirent.h>.
1808 */
1809 int
1810 ufs_readdir(ap)
1811 struct vop_readdir_args /* {
1812 struct vnode *a_vp;
1813 struct uio *a_uio;
1814 struct ucred *a_cred;
1815 int *a_eofflag;
1816 int *ncookies;
1817 u_long **a_cookies;
1818 } */ *ap;
1819 {
1820 struct uio *uio = ap->a_uio;
1821 int error;
1822 size_t count, lost;
1823 off_t off;
1824
1825 if (ap->a_ncookies != NULL)
1826 /*
1827 * Ensure that the block is aligned. The caller can use
1828 * the cookies to determine where in the block to start.
1829 */
1830 uio->uio_offset &= ~(DIRBLKSIZ - 1);
1831 off = uio->uio_offset;
1832 count = uio->uio_resid;
1833 /* Make sure we don't return partial entries. */
1834 if (count <= ((uio->uio_offset + count) & (DIRBLKSIZ -1)))
1835 return (EINVAL);
1836 count -= (uio->uio_offset + count) & (DIRBLKSIZ -1);
1837 lost = uio->uio_resid - count;
1838 uio->uio_resid = count;
1839 uio->uio_iov->iov_len = count;
1840 # if (BYTE_ORDER == LITTLE_ENDIAN)
1841 if (ap->a_vp->v_mount->mnt_maxsymlinklen > 0) {
1842 error = VOP_READ(ap->a_vp, uio, 0, ap->a_cred);
1843 } else {
1844 struct dirent *dp, *edp;
1845 struct uio auio;
1846 struct iovec aiov;
1847 caddr_t dirbuf;
1848 int readcnt;
1849 u_char tmp;
1850
1851 auio = *uio;
1852 auio.uio_iov = &aiov;
1853 auio.uio_iovcnt = 1;
1854 auio.uio_segflg = UIO_SYSSPACE;
1855 aiov.iov_len = count;
1856 MALLOC(dirbuf, caddr_t, count, M_TEMP, M_WAITOK);
1857 aiov.iov_base = dirbuf;
1858 error = VOP_READ(ap->a_vp, &auio, 0, ap->a_cred);
1859 if (error == 0) {
1860 readcnt = count - auio.uio_resid;
1861 edp = (struct dirent *)&dirbuf[readcnt];
1862 for (dp = (struct dirent *)dirbuf; dp < edp; ) {
1863 tmp = dp->d_namlen;
1864 dp->d_namlen = dp->d_type;
1865 dp->d_type = tmp;
1866 if (dp->d_reclen > 0) {
1867 dp = (struct dirent *)
1868 ((char *)dp + dp->d_reclen);
1869 } else {
1870 error = EIO;
1871 break;
1872 }
1873 }
1874 if (dp >= edp)
1875 error = uiomove(dirbuf, readcnt, uio);
1876 }
1877 FREE(dirbuf, M_TEMP);
1878 }
1879 # else
1880 error = VOP_READ(ap->a_vp, uio, 0, ap->a_cred);
1881 # endif
1882 if (!error && ap->a_ncookies != NULL) {
1883 struct dirent* dpStart;
1884 struct dirent* dpEnd;
1885 struct dirent* dp;
1886 int ncookies;
1887 u_long *cookies;
1888 u_long *cookiep;
1889
1890 if (uio->uio_segflg != UIO_SYSSPACE || uio->uio_iovcnt != 1)
1891 panic("ufs_readdir: unexpected uio from NFS server");
1892 dpStart = (struct dirent *)
1893 ((char *)uio->uio_iov->iov_base - (uio->uio_offset - off));
1894 dpEnd = (struct dirent *) uio->uio_iov->iov_base;
1895 for (dp = dpStart, ncookies = 0;
1896 dp < dpEnd;
1897 dp = (struct dirent *)((caddr_t) dp + dp->d_reclen))
1898 ncookies++;
1899 MALLOC(cookies, u_long *, ncookies * sizeof(u_long), M_TEMP,
1900 M_WAITOK);
1901 for (dp = dpStart, cookiep = cookies;
1902 dp < dpEnd;
1903 dp = (struct dirent *)((caddr_t) dp + dp->d_reclen)) {
1904 off += dp->d_reclen;
1905 *cookiep++ = (u_long) off;
1906 }
1907 *ap->a_ncookies = ncookies;
1908 *ap->a_cookies = cookies;
1909 }
1910 uio->uio_resid += lost;
1911 if (ap->a_eofflag)
1912 *ap->a_eofflag = VTOI(ap->a_vp)->i_size <= uio->uio_offset;
1913 return (error);
1914 }
1915
1916 /*
1917 * Return target name of a symbolic link
1918 */
1919 static int
1920 ufs_readlink(ap)
1921 struct vop_readlink_args /* {
1922 struct vnode *a_vp;
1923 struct uio *a_uio;
1924 struct ucred *a_cred;
1925 } */ *ap;
1926 {
1927 struct vnode *vp = ap->a_vp;
1928 struct inode *ip = VTOI(vp);
1929 doff_t isize;
1930
1931 isize = ip->i_size;
1932 if ((isize < vp->v_mount->mnt_maxsymlinklen) ||
1933 DIP(ip, i_blocks) == 0) { /* XXX - for old fastlink support */
1934 return (uiomove(SHORTLINK(ip), isize, ap->a_uio));
1935 }
1936 return (VOP_READ(vp, ap->a_uio, 0, ap->a_cred));
1937 }
1938
1939 /*
1940 * Calculate the logical to physical mapping if not done already,
1941 * then call the device strategy routine.
1942 *
1943 * In order to be able to swap to a file, the ufs_bmaparray() operation may not
1944 * deadlock on memory. See ufs_bmap() for details.
1945 */
1946 static int
1947 ufs_strategy(ap)
1948 struct vop_strategy_args /* {
1949 struct vnode *a_vp;
1950 struct buf *a_bp;
1951 } */ *ap;
1952 {
1953 struct buf *bp = ap->a_bp;
1954 struct vnode *vp = ap->a_vp;
1955 struct bufobj *bo;
1956 struct inode *ip;
1957 ufs2_daddr_t blkno;
1958 int error;
1959
1960 ip = VTOI(vp);
1961 if (bp->b_blkno == bp->b_lblkno) {
1962 error = ufs_bmaparray(vp, bp->b_lblkno, &blkno, bp, NULL, NULL);
1963 bp->b_blkno = blkno;
1964 if (error) {
1965 bp->b_error = error;
1966 bp->b_ioflags |= BIO_ERROR;
1967 bufdone(bp);
1968 return (error);
1969 }
1970 if ((long)bp->b_blkno == -1)
1971 vfs_bio_clrbuf(bp);
1972 }
1973 if ((long)bp->b_blkno == -1) {
1974 bufdone(bp);
1975 return (0);
1976 }
1977 bp->b_iooffset = dbtob(bp->b_blkno);
1978 bo = ip->i_umbufobj;
1979 BO_STRATEGY(bo, bp);
1980 return (0);
1981 }
1982
1983 /*
1984 * Print out the contents of an inode.
1985 */
1986 static int
1987 ufs_print(ap)
1988 struct vop_print_args /* {
1989 struct vnode *a_vp;
1990 } */ *ap;
1991 {
1992 struct vnode *vp = ap->a_vp;
1993 struct inode *ip = VTOI(vp);
1994
1995 printf("\tino %lu, on dev %s", (u_long)ip->i_number,
1996 devtoname(ip->i_dev));
1997 if (vp->v_type == VFIFO)
1998 fifo_printinfo(vp);
1999 printf("\n");
2000 return (0);
2001 }
2002
2003 /*
2004 * Close wrapper for fifos.
2005 *
2006 * Update the times on the inode then do device close.
2007 */
2008 static int
2009 ufsfifo_close(ap)
2010 struct vop_close_args /* {
2011 struct vnode *a_vp;
2012 int a_fflag;
2013 struct ucred *a_cred;
2014 struct thread *a_td;
2015 } */ *ap;
2016 {
2017 struct vnode *vp = ap->a_vp;
2018 int usecount;
2019
2020 VI_LOCK(vp);
2021 usecount = vp->v_usecount;
2022 VI_UNLOCK(vp);
2023 if (usecount > 1)
2024 ufs_itimes(vp);
2025 return (fifo_specops.vop_close(ap));
2026 }
2027
2028 /*
2029 * Kqfilter wrapper for fifos.
2030 *
2031 * Fall through to ufs kqfilter routines if needed
2032 */
2033 static int
2034 ufsfifo_kqfilter(ap)
2035 struct vop_kqfilter_args *ap;
2036 {
2037 int error;
2038
2039 error = fifo_specops.vop_kqfilter(ap);
2040 if (error)
2041 error = vfs_kqfilter(ap);
2042 return (error);
2043 }
2044
2045 /*
2046 * Return POSIX pathconf information applicable to ufs filesystems.
2047 */
2048 static int
2049 ufs_pathconf(ap)
2050 struct vop_pathconf_args /* {
2051 struct vnode *a_vp;
2052 int a_name;
2053 int *a_retval;
2054 } */ *ap;
2055 {
2056 int error;
2057
2058 error = 0;
2059 switch (ap->a_name) {
2060 case _PC_LINK_MAX:
2061 *ap->a_retval = LINK_MAX;
2062 break;
2063 case _PC_NAME_MAX:
2064 *ap->a_retval = NAME_MAX;
2065 break;
2066 case _PC_PATH_MAX:
2067 *ap->a_retval = PATH_MAX;
2068 break;
2069 case _PC_PIPE_BUF:
2070 *ap->a_retval = PIPE_BUF;
2071 break;
2072 case _PC_CHOWN_RESTRICTED:
2073 *ap->a_retval = 1;
2074 break;
2075 case _PC_NO_TRUNC:
2076 *ap->a_retval = 1;
2077 break;
2078 case _PC_ACL_EXTENDED:
2079 #ifdef UFS_ACL
2080 if (ap->a_vp->v_mount->mnt_flag & MNT_ACLS)
2081 *ap->a_retval = 1;
2082 else
2083 *ap->a_retval = 0;
2084 #else
2085 *ap->a_retval = 0;
2086 #endif
2087 break;
2088 case _PC_ACL_PATH_MAX:
2089 #ifdef UFS_ACL
2090 if (ap->a_vp->v_mount->mnt_flag & MNT_ACLS)
2091 *ap->a_retval = ACL_MAX_ENTRIES;
2092 else
2093 *ap->a_retval = 3;
2094 #else
2095 *ap->a_retval = 3;
2096 #endif
2097 break;
2098 case _PC_MAC_PRESENT:
2099 #ifdef MAC
2100 if (ap->a_vp->v_mount->mnt_flag & MNT_MULTILABEL)
2101 *ap->a_retval = 1;
2102 else
2103 *ap->a_retval = 0;
2104 #else
2105 *ap->a_retval = 0;
2106 #endif
2107 break;
2108 case _PC_ASYNC_IO:
2109 /* _PC_ASYNC_IO should have been handled by upper layers. */
2110 KASSERT(0, ("_PC_ASYNC_IO should not get here"));
2111 error = EINVAL;
2112 break;
2113 case _PC_PRIO_IO:
2114 *ap->a_retval = 0;
2115 break;
2116 case _PC_SYNC_IO:
2117 *ap->a_retval = 0;
2118 break;
2119 case _PC_ALLOC_SIZE_MIN:
2120 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_bsize;
2121 break;
2122 case _PC_FILESIZEBITS:
2123 *ap->a_retval = 64;
2124 break;
2125 case _PC_REC_INCR_XFER_SIZE:
2126 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize;
2127 break;
2128 case _PC_REC_MAX_XFER_SIZE:
2129 *ap->a_retval = -1; /* means ``unlimited'' */
2130 break;
2131 case _PC_REC_MIN_XFER_SIZE:
2132 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize;
2133 break;
2134 case _PC_REC_XFER_ALIGN:
2135 *ap->a_retval = PAGE_SIZE;
2136 break;
2137 case _PC_SYMLINK_MAX:
2138 *ap->a_retval = MAXPATHLEN;
2139 break;
2140
2141 default:
2142 error = EINVAL;
2143 break;
2144 }
2145 return (error);
2146 }
2147
2148 /*
2149 * Advisory record locking support
2150 */
2151 static int
2152 ufs_advlock(ap)
2153 struct vop_advlock_args /* {
2154 struct vnode *a_vp;
2155 caddr_t a_id;
2156 int a_op;
2157 struct flock *a_fl;
2158 int a_flags;
2159 } */ *ap;
2160 {
2161 struct inode *ip = VTOI(ap->a_vp);
2162
2163 return (lf_advlock(ap, &(ip->i_lockf), ip->i_size));
2164 }
2165
2166 /*
2167 * Initialize the vnode associated with a new inode, handle aliased
2168 * vnodes.
2169 */
2170 int
2171 ufs_vinit(mntp, fifoops, vpp)
2172 struct mount *mntp;
2173 struct vop_vector *fifoops;
2174 struct vnode **vpp;
2175 {
2176 struct inode *ip;
2177 struct vnode *vp;
2178
2179 vp = *vpp;
2180 ip = VTOI(vp);
2181 vp->v_type = IFTOVT(ip->i_mode);
2182 if (vp->v_type == VFIFO)
2183 vp->v_op = fifoops;
2184 ASSERT_VOP_LOCKED(vp, "ufs_vinit");
2185 if (ip->i_number == ROOTINO)
2186 vp->v_vflag |= VV_ROOT;
2187 ip->i_modrev = init_va_filerev();
2188 *vpp = vp;
2189 return (0);
2190 }
2191
2192 /*
2193 * Allocate a new inode.
2194 * Vnode dvp must be locked.
2195 */
2196 static int
2197 ufs_makeinode(mode, dvp, vpp, cnp)
2198 int mode;
2199 struct vnode *dvp;
2200 struct vnode **vpp;
2201 struct componentname *cnp;
2202 {
2203 struct inode *ip, *pdir;
2204 struct direct newdir;
2205 struct vnode *tvp;
2206 #ifdef UFS_ACL
2207 struct acl *acl;
2208 #endif
2209 int error;
2210
2211 pdir = VTOI(dvp);
2212 #ifdef DIAGNOSTIC
2213 if ((cnp->cn_flags & HASBUF) == 0)
2214 panic("ufs_makeinode: no name");
2215 #endif
2216 *vpp = NULL;
2217 if ((mode & IFMT) == 0)
2218 mode |= IFREG;
2219
2220 error = UFS_VALLOC(dvp, mode, cnp->cn_cred, &tvp);
2221 if (error)
2222 return (error);
2223 ip = VTOI(tvp);
2224 ip->i_gid = pdir->i_gid;
2225 DIP_SET(ip, i_gid, pdir->i_gid);
2226 #ifdef SUIDDIR
2227 {
2228 #ifdef QUOTA
2229 struct ucred ucred, *ucp;
2230 ucp = cnp->cn_cred;
2231 #endif
2232 /*
2233 * If we are not the owner of the directory,
2234 * and we are hacking owners here, (only do this where told to)
2235 * and we are not giving it TO root, (would subvert quotas)
2236 * then go ahead and give it to the other user.
2237 * Note that this drops off the execute bits for security.
2238 */
2239 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) &&
2240 (pdir->i_mode & ISUID) &&
2241 (pdir->i_uid != cnp->cn_cred->cr_uid) && pdir->i_uid) {
2242 ip->i_uid = pdir->i_uid;
2243 DIP_SET(ip, i_uid, ip->i_uid);
2244 mode &= ~07111;
2245 #ifdef QUOTA
2246 /*
2247 * Make sure the correct user gets charged
2248 * for the space.
2249 * Quickly knock up a dummy credential for the victim.
2250 * XXX This seems to never be accessed out of our
2251 * context so a stack variable is ok.
2252 */
2253 ucred.cr_ref = 1;
2254 ucred.cr_uid = ip->i_uid;
2255 ucred.cr_ngroups = 1;
2256 ucred.cr_groups[0] = pdir->i_gid;
2257 ucp = &ucred;
2258 #endif
2259 } else {
2260 ip->i_uid = cnp->cn_cred->cr_uid;
2261 DIP_SET(ip, i_uid, ip->i_uid);
2262 }
2263
2264 #ifdef QUOTA
2265 if ((error = getinoquota(ip)) ||
2266 (error = chkiq(ip, 1, ucp, 0))) {
2267 UFS_VFREE(tvp, ip->i_number, mode);
2268 vput(tvp);
2269 return (error);
2270 }
2271 #endif
2272 }
2273 #else /* !SUIDDIR */
2274 ip->i_uid = cnp->cn_cred->cr_uid;
2275 DIP_SET(ip, i_uid, ip->i_uid);
2276 #ifdef QUOTA
2277 if ((error = getinoquota(ip)) ||
2278 (error = chkiq(ip, 1, cnp->cn_cred, 0))) {
2279 UFS_VFREE(tvp, ip->i_number, mode);
2280 vput(tvp);
2281 return (error);
2282 }
2283 #endif
2284 #endif /* !SUIDDIR */
2285 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE;
2286 #ifdef UFS_ACL
2287 acl = NULL;
2288 if ((dvp->v_mount->mnt_flag & MNT_ACLS) != 0) {
2289 acl = uma_zalloc(acl_zone, M_WAITOK);
2290
2291 /*
2292 * Retrieve default ACL for parent, if any.
2293 */
2294 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cnp->cn_cred,
2295 cnp->cn_thread);
2296 switch (error) {
2297 case 0:
2298 /*
2299 * Retrieved a default ACL, so merge mode and ACL if
2300 * necessary.
2301 */
2302 if (acl->acl_cnt != 0) {
2303 /*
2304 * Two possible ways for default ACL to not
2305 * be present. First, the EA can be
2306 * undefined, or second, the default ACL can
2307 * be blank. If it's blank, fall through to
2308 * the it's not defined case.
2309 */
2310 mode = acl_posix1e_newfilemode(mode, acl);
2311 ip->i_mode = mode;
2312 DIP_SET(ip, i_mode, mode);
2313 ufs_sync_acl_from_inode(ip, acl);
2314 break;
2315 }
2316 /* FALLTHROUGH */
2317
2318 case EOPNOTSUPP:
2319 /*
2320 * Just use the mode as-is.
2321 */
2322 ip->i_mode = mode;
2323 DIP_SET(ip, i_mode, mode);
2324 uma_zfree(acl_zone, acl);
2325 acl = NULL;
2326 break;
2327
2328 default:
2329 UFS_VFREE(tvp, ip->i_number, mode);
2330 vput(tvp);
2331 uma_zfree(acl_zone, acl);
2332 acl = NULL;
2333 return (error);
2334 }
2335 } else {
2336 #endif
2337 ip->i_mode = mode;
2338 DIP_SET(ip, i_mode, mode);
2339 #ifdef UFS_ACL
2340 }
2341 #endif
2342 tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */
2343 ip->i_effnlink = 1;
2344 ip->i_nlink = 1;
2345 DIP_SET(ip, i_nlink, 1);
2346 if (DOINGSOFTDEP(tvp))
2347 softdep_change_linkcnt(ip);
2348 if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) &&
2349 suser_cred(cnp->cn_cred, SUSER_ALLOWJAIL)) {
2350 ip->i_mode &= ~ISGID;
2351 DIP_SET(ip, i_mode, ip->i_mode);
2352 }
2353
2354 if (cnp->cn_flags & ISWHITEOUT) {
2355 ip->i_flags |= UF_OPAQUE;
2356 DIP_SET(ip, i_flags, ip->i_flags);
2357 }
2358
2359 /*
2360 * Make sure inode goes to disk before directory entry.
2361 */
2362 error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(tvp) | DOINGASYNC(tvp)));
2363 if (error)
2364 goto bad;
2365 #ifdef MAC
2366 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) {
2367 error = mac_create_vnode_extattr(cnp->cn_cred, dvp->v_mount,
2368 dvp, tvp, cnp);
2369 if (error)
2370 goto bad;
2371 }
2372 #endif
2373 #ifdef UFS_ACL
2374 if (acl != NULL) {
2375 /*
2376 * XXX: If we abort now, will Soft Updates notify the extattr
2377 * code that the EAs for the file need to be released?
2378 */
2379 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cnp->cn_cred,
2380 cnp->cn_thread);
2381 switch (error) {
2382 case 0:
2383 break;
2384
2385 case EOPNOTSUPP:
2386 /*
2387 * XXX: This should not happen, as EOPNOTSUPP above was
2388 * supposed to free acl.
2389 */
2390 printf("ufs_makeinode: VOP_GETACL() but no "
2391 "VOP_SETACL()\n");
2392 /* panic("ufs_makeinode: VOP_GETACL() but no "
2393 "VOP_SETACL()"); */
2394 break;
2395
2396 default:
2397 uma_zfree(acl_zone, acl);
2398 goto bad;
2399 }
2400 uma_zfree(acl_zone, acl);
2401 }
2402 #endif /* !UFS_ACL */
2403 ufs_makedirentry(ip, cnp, &newdir);
2404 error = ufs_direnter(dvp, tvp, &newdir, cnp, NULL);
2405 if (error)
2406 goto bad;
2407 *vpp = tvp;
2408 return (0);
2409
2410 bad:
2411 /*
2412 * Write error occurred trying to update the inode
2413 * or the directory so must deallocate the inode.
2414 */
2415 ip->i_effnlink = 0;
2416 ip->i_nlink = 0;
2417 DIP_SET(ip, i_nlink, 0);
2418 ip->i_flag |= IN_CHANGE;
2419 if (DOINGSOFTDEP(tvp))
2420 softdep_change_linkcnt(ip);
2421 vput(tvp);
2422 return (error);
2423 }
2424
2425 /* Global vfs data structures for ufs. */
2426 struct vop_vector ufs_vnodeops = {
2427 .vop_default = &default_vnodeops,
2428 .vop_fsync = VOP_PANIC,
2429 .vop_read = VOP_PANIC,
2430 .vop_reallocblks = VOP_PANIC,
2431 .vop_write = VOP_PANIC,
2432 .vop_access = ufs_access,
2433 .vop_advlock = ufs_advlock,
2434 .vop_bmap = ufs_bmap,
2435 .vop_cachedlookup = ufs_lookup,
2436 .vop_close = ufs_close,
2437 .vop_create = ufs_create,
2438 .vop_getattr = ufs_getattr,
2439 .vop_inactive = ufs_inactive,
2440 .vop_link = ufs_link,
2441 .vop_lookup = vfs_cache_lookup,
2442 .vop_mkdir = ufs_mkdir,
2443 .vop_mknod = ufs_mknod,
2444 .vop_open = ufs_open,
2445 .vop_pathconf = ufs_pathconf,
2446 .vop_poll = vop_stdpoll,
2447 .vop_print = ufs_print,
2448 .vop_readdir = ufs_readdir,
2449 .vop_readlink = ufs_readlink,
2450 .vop_reclaim = ufs_reclaim,
2451 .vop_remove = ufs_remove,
2452 .vop_rename = ufs_rename,
2453 .vop_rmdir = ufs_rmdir,
2454 .vop_setattr = ufs_setattr,
2455 #ifdef MAC
2456 .vop_setlabel = vop_stdsetlabel_ea,
2457 #endif
2458 .vop_strategy = ufs_strategy,
2459 .vop_symlink = ufs_symlink,
2460 .vop_whiteout = ufs_whiteout,
2461 #ifdef UFS_EXTATTR
2462 .vop_getextattr = ufs_getextattr,
2463 .vop_deleteextattr = ufs_deleteextattr,
2464 .vop_setextattr = ufs_setextattr,
2465 #endif
2466 #ifdef UFS_ACL
2467 .vop_getacl = ufs_getacl,
2468 .vop_setacl = ufs_setacl,
2469 .vop_aclcheck = ufs_aclcheck,
2470 #endif
2471 };
2472
2473 struct vop_vector ufs_fifoops = {
2474 .vop_default = &fifo_specops,
2475 .vop_fsync = VOP_PANIC,
2476 .vop_access = ufs_access,
2477 .vop_close = ufsfifo_close,
2478 .vop_getattr = ufs_getattr,
2479 .vop_inactive = ufs_inactive,
2480 .vop_kqfilter = ufsfifo_kqfilter,
2481 .vop_print = ufs_print,
2482 .vop_read = VOP_PANIC,
2483 .vop_reclaim = ufs_reclaim,
2484 .vop_setattr = ufs_setattr,
2485 #ifdef MAC
2486 .vop_setlabel = vop_stdsetlabel_ea,
2487 #endif
2488 .vop_write = VOP_PANIC,
2489 #ifdef UFS_EXTATTR
2490 .vop_getextattr = ufs_getextattr,
2491 .vop_deleteextattr = ufs_deleteextattr,
2492 .vop_setextattr = ufs_setextattr,
2493 #endif
2494 #ifdef UFS_ACL
2495 .vop_getacl = ufs_getacl,
2496 .vop_setacl = ufs_setacl,
2497 .vop_aclcheck = ufs_aclcheck,
2498 #endif
2499 };
Cache object: c3db4bd78944bc6ca6c7bc33c50f39f2
|