Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/ufs/ufs/ufs_vnops.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /*- 2 * Copyright (c) 1982, 1986, 1989, 1993, 1995 3 * The Regents of the University of California. All rights reserved. 4 * (c) UNIX System Laboratories, Inc. 5 * All or some portions of this file are derived from material licensed 6 * to the University of California by American Telephone and Telegraph 7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 8 * the permission of UNIX System Laboratories, Inc. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 4. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * @(#)ufs_vnops.c 8.27 (Berkeley) 5/27/95 35 */ 36 37 #include <sys/cdefs.h> 38 __FBSDID("$FreeBSD: releng/6.3/sys/ufs/ufs/ufs_vnops.c 167362 2007-03-09 13:54:26Z kib $"); 39 40 #include "opt_mac.h" 41 #include "opt_quota.h" 42 #include "opt_suiddir.h" 43 #include "opt_ufs.h" 44 #include "opt_ffs.h" 45 46 #include <sys/param.h> 47 #include <sys/systm.h> 48 #include <sys/malloc.h> 49 #include <sys/namei.h> 50 #include <sys/kernel.h> 51 #include <sys/fcntl.h> 52 #include <sys/stat.h> 53 #include <sys/bio.h> 54 #include <sys/buf.h> 55 #include <sys/mount.h> 56 #include <sys/refcount.h> 57 #include <sys/unistd.h> 58 #include <sys/vnode.h> 59 #include <sys/dirent.h> 60 #include <sys/lockf.h> 61 #include <sys/conf.h> 62 #include <sys/acl.h> 63 #include <sys/mac.h> 64 #include <sys/jail.h> 65 66 #include <machine/mutex.h> 67 68 #include <sys/file.h> /* XXX */ 69 70 #include <vm/vm.h> 71 #include <vm/vm_extern.h> 72 73 #include <fs/fifofs/fifo.h> 74 75 #include <ufs/ufs/acl.h> 76 #include <ufs/ufs/extattr.h> 77 #include <ufs/ufs/quota.h> 78 #include <ufs/ufs/inode.h> 79 #include <ufs/ufs/dir.h> 80 #include <ufs/ufs/ufsmount.h> 81 #include <ufs/ufs/ufs_extern.h> 82 #ifdef UFS_DIRHASH 83 #include <ufs/ufs/dirhash.h> 84 #endif 85 86 #include <ufs/ffs/ffs_extern.h> 87 88 static vop_access_t ufs_access; 89 static vop_advlock_t ufs_advlock; 90 static int ufs_chmod(struct vnode *, int, struct ucred *, struct thread *); 91 static int ufs_chown(struct vnode *, uid_t, gid_t, struct ucred *, struct thread *); 92 static vop_close_t ufs_close; 93 static vop_create_t ufs_create; 94 static vop_getattr_t ufs_getattr; 95 static vop_link_t ufs_link; 96 static int ufs_makeinode(int mode, struct vnode *, struct vnode **, struct componentname *); 97 static vop_mkdir_t ufs_mkdir; 98 static vop_mknod_t ufs_mknod; 99 static vop_open_t ufs_open; 100 static vop_pathconf_t ufs_pathconf; 101 static vop_print_t ufs_print; 102 static vop_readlink_t ufs_readlink; 103 static vop_remove_t ufs_remove; 104 static vop_rename_t ufs_rename; 105 static vop_rmdir_t ufs_rmdir; 106 static vop_setattr_t ufs_setattr; 107 static vop_strategy_t ufs_strategy; 108 static vop_symlink_t ufs_symlink; 109 static vop_whiteout_t ufs_whiteout; 110 static vop_close_t ufsfifo_close; 111 static vop_kqfilter_t ufsfifo_kqfilter; 112 113 /* 114 * A virgin directory (no blushing please). 115 */ 116 static struct dirtemplate mastertemplate = { 117 0, 12, DT_DIR, 1, ".", 118 0, DIRBLKSIZ - 12, DT_DIR, 2, ".." 119 }; 120 static struct odirtemplate omastertemplate = { 121 0, 12, 1, ".", 122 0, DIRBLKSIZ - 12, 2, ".." 123 }; 124 125 void 126 ufs_itimes(vp) 127 struct vnode *vp; 128 { 129 struct inode *ip; 130 struct timespec ts; 131 132 ip = VTOI(vp); 133 VI_LOCK(vp); 134 if ((vp->v_mount->mnt_flag & MNT_RDONLY) != 0) 135 goto out; 136 if ((ip->i_flag & (IN_ACCESS | IN_CHANGE | IN_UPDATE)) == 0) { 137 VI_UNLOCK(vp); 138 return; 139 } 140 141 if ((vp->v_type == VBLK || vp->v_type == VCHR) && !DOINGSOFTDEP(vp)) 142 ip->i_flag |= IN_LAZYMOD; 143 else if (((vp->v_mount->mnt_kern_flag & 144 (MNTK_SUSPENDED | MNTK_SUSPEND)) == 0) || 145 (ip->i_flag & (IN_CHANGE | IN_UPDATE))) 146 ip->i_flag |= IN_MODIFIED; 147 else if (ip->i_flag & IN_ACCESS) 148 ip->i_flag |= IN_LAZYACCESS; 149 vfs_timestamp(&ts); 150 if (ip->i_flag & IN_ACCESS) { 151 DIP_SET(ip, i_atime, ts.tv_sec); 152 DIP_SET(ip, i_atimensec, ts.tv_nsec); 153 } 154 if (ip->i_flag & IN_UPDATE) { 155 DIP_SET(ip, i_mtime, ts.tv_sec); 156 DIP_SET(ip, i_mtimensec, ts.tv_nsec); 157 ip->i_modrev++; 158 } 159 if (ip->i_flag & IN_CHANGE) { 160 DIP_SET(ip, i_ctime, ts.tv_sec); 161 DIP_SET(ip, i_ctimensec, ts.tv_nsec); 162 } 163 164 out: 165 ip->i_flag &= ~(IN_ACCESS | IN_CHANGE | IN_UPDATE); 166 VI_UNLOCK(vp); 167 } 168 169 /* 170 * Create a regular file 171 */ 172 static int 173 ufs_create(ap) 174 struct vop_create_args /* { 175 struct vnode *a_dvp; 176 struct vnode **a_vpp; 177 struct componentname *a_cnp; 178 struct vattr *a_vap; 179 } */ *ap; 180 { 181 int error; 182 183 error = 184 ufs_makeinode(MAKEIMODE(ap->a_vap->va_type, ap->a_vap->va_mode), 185 ap->a_dvp, ap->a_vpp, ap->a_cnp); 186 if (error) 187 return (error); 188 return (0); 189 } 190 191 /* 192 * Mknod vnode call 193 */ 194 /* ARGSUSED */ 195 static int 196 ufs_mknod(ap) 197 struct vop_mknod_args /* { 198 struct vnode *a_dvp; 199 struct vnode **a_vpp; 200 struct componentname *a_cnp; 201 struct vattr *a_vap; 202 } */ *ap; 203 { 204 struct vattr *vap = ap->a_vap; 205 struct vnode **vpp = ap->a_vpp; 206 struct inode *ip; 207 ino_t ino; 208 int error; 209 210 error = ufs_makeinode(MAKEIMODE(vap->va_type, vap->va_mode), 211 ap->a_dvp, vpp, ap->a_cnp); 212 if (error) 213 return (error); 214 ip = VTOI(*vpp); 215 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE; 216 if (vap->va_rdev != VNOVAL) { 217 /* 218 * Want to be able to use this to make badblock 219 * inodes, so don't truncate the dev number. 220 */ 221 DIP_SET(ip, i_rdev, vap->va_rdev); 222 } 223 /* 224 * Remove inode, then reload it through VFS_VGET so it is 225 * checked to see if it is an alias of an existing entry in 226 * the inode cache. XXX I don't believe this is necessary now. 227 */ 228 (*vpp)->v_type = VNON; 229 ino = ip->i_number; /* Save this before vgone() invalidates ip. */ 230 vgone(*vpp); 231 vput(*vpp); 232 error = VFS_VGET(ap->a_dvp->v_mount, ino, LK_EXCLUSIVE, vpp); 233 if (error) { 234 *vpp = NULL; 235 return (error); 236 } 237 return (0); 238 } 239 240 /* 241 * Open called. 242 */ 243 /* ARGSUSED */ 244 static int 245 ufs_open(struct vop_open_args *ap) 246 { 247 struct vnode *vp = ap->a_vp; 248 struct inode *ip; 249 250 if (vp->v_type == VCHR || vp->v_type == VBLK) 251 return (EOPNOTSUPP); 252 253 ip = VTOI(vp); 254 /* 255 * Files marked append-only must be opened for appending. 256 */ 257 if ((ip->i_flags & APPEND) && 258 (ap->a_mode & (FWRITE | O_APPEND)) == FWRITE) 259 return (EPERM); 260 vnode_create_vobject_off(vp, DIP(ip, i_size), ap->a_td); 261 return (0); 262 } 263 264 /* 265 * Close called. 266 * 267 * Update the times on the inode. 268 */ 269 /* ARGSUSED */ 270 static int 271 ufs_close(ap) 272 struct vop_close_args /* { 273 struct vnode *a_vp; 274 int a_fflag; 275 struct ucred *a_cred; 276 struct thread *a_td; 277 } */ *ap; 278 { 279 struct vnode *vp = ap->a_vp; 280 int usecount; 281 282 VI_LOCK(vp); 283 usecount = vp->v_usecount; 284 VI_UNLOCK(vp); 285 if (usecount > 1) 286 ufs_itimes(vp); 287 return (0); 288 } 289 290 static int 291 ufs_access(ap) 292 struct vop_access_args /* { 293 struct vnode *a_vp; 294 int a_mode; 295 struct ucred *a_cred; 296 struct thread *a_td; 297 } */ *ap; 298 { 299 struct vnode *vp = ap->a_vp; 300 struct inode *ip = VTOI(vp); 301 mode_t mode = ap->a_mode; 302 int error; 303 #ifdef UFS_ACL 304 struct acl *acl; 305 #endif 306 307 /* 308 * Disallow write attempts on read-only filesystems; 309 * unless the file is a socket, fifo, or a block or 310 * character device resident on the filesystem. 311 */ 312 if (mode & VWRITE) { 313 switch (vp->v_type) { 314 case VDIR: 315 case VLNK: 316 case VREG: 317 if (vp->v_mount->mnt_flag & MNT_RDONLY) 318 return (EROFS); 319 #ifdef QUOTA 320 if ((error = getinoquota(ip)) != 0) 321 return (error); 322 #endif 323 break; 324 default: 325 break; 326 } 327 } 328 329 /* If immutable bit set, nobody gets to write it. */ 330 if ((mode & VWRITE) && (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT))) 331 return (EPERM); 332 333 #ifdef UFS_ACL 334 if ((vp->v_mount->mnt_flag & MNT_ACLS) != 0) { 335 acl = uma_zalloc(acl_zone, M_WAITOK); 336 error = VOP_GETACL(vp, ACL_TYPE_ACCESS, acl, ap->a_cred, 337 ap->a_td); 338 switch (error) { 339 case EOPNOTSUPP: 340 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, 341 ip->i_gid, ap->a_mode, ap->a_cred, NULL); 342 break; 343 case 0: 344 error = vaccess_acl_posix1e(vp->v_type, ip->i_uid, 345 ip->i_gid, acl, ap->a_mode, ap->a_cred, NULL); 346 break; 347 default: 348 printf( 349 "ufs_access(): Error retrieving ACL on object (%d).\n", 350 error); 351 /* 352 * XXX: Fall back until debugged. Should 353 * eventually possibly log an error, and return 354 * EPERM for safety. 355 */ 356 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, 357 ip->i_gid, ap->a_mode, ap->a_cred, NULL); 358 } 359 uma_zfree(acl_zone, acl); 360 } else 361 #endif /* !UFS_ACL */ 362 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, ip->i_gid, 363 ap->a_mode, ap->a_cred, NULL); 364 return (error); 365 } 366 367 /* ARGSUSED */ 368 static int 369 ufs_getattr(ap) 370 struct vop_getattr_args /* { 371 struct vnode *a_vp; 372 struct vattr *a_vap; 373 struct ucred *a_cred; 374 struct thread *a_td; 375 } */ *ap; 376 { 377 struct vnode *vp = ap->a_vp; 378 struct inode *ip = VTOI(vp); 379 struct vattr *vap = ap->a_vap; 380 381 ufs_itimes(vp); 382 /* 383 * Copy from inode table 384 */ 385 vap->va_fsid = dev2udev(ip->i_dev); 386 vap->va_fileid = ip->i_number; 387 vap->va_mode = ip->i_mode & ~IFMT; 388 vap->va_nlink = ip->i_effnlink; 389 vap->va_uid = ip->i_uid; 390 vap->va_gid = ip->i_gid; 391 if (ip->i_ump->um_fstype == UFS1) { 392 vap->va_rdev = ip->i_din1->di_rdev; 393 vap->va_size = ip->i_din1->di_size; 394 VI_LOCK(vp); 395 vap->va_atime.tv_sec = ip->i_din1->di_atime; 396 vap->va_atime.tv_nsec = ip->i_din1->di_atimensec; 397 VI_UNLOCK(vp); 398 vap->va_mtime.tv_sec = ip->i_din1->di_mtime; 399 vap->va_mtime.tv_nsec = ip->i_din1->di_mtimensec; 400 vap->va_ctime.tv_sec = ip->i_din1->di_ctime; 401 vap->va_ctime.tv_nsec = ip->i_din1->di_ctimensec; 402 vap->va_birthtime.tv_sec = 0; 403 vap->va_birthtime.tv_nsec = 0; 404 vap->va_bytes = dbtob((u_quad_t)ip->i_din1->di_blocks); 405 } else { 406 vap->va_rdev = ip->i_din2->di_rdev; 407 vap->va_size = ip->i_din2->di_size; 408 VI_LOCK(vp); 409 vap->va_atime.tv_sec = ip->i_din2->di_atime; 410 vap->va_atime.tv_nsec = ip->i_din2->di_atimensec; 411 VI_UNLOCK(vp); 412 vap->va_mtime.tv_sec = ip->i_din2->di_mtime; 413 vap->va_mtime.tv_nsec = ip->i_din2->di_mtimensec; 414 vap->va_ctime.tv_sec = ip->i_din2->di_ctime; 415 vap->va_ctime.tv_nsec = ip->i_din2->di_ctimensec; 416 vap->va_birthtime.tv_sec = ip->i_din2->di_birthtime; 417 vap->va_birthtime.tv_nsec = ip->i_din2->di_birthnsec; 418 vap->va_bytes = dbtob((u_quad_t)ip->i_din2->di_blocks); 419 } 420 vap->va_flags = ip->i_flags; 421 vap->va_gen = ip->i_gen; 422 vap->va_blocksize = vp->v_mount->mnt_stat.f_iosize; 423 vap->va_type = IFTOVT(ip->i_mode); 424 vap->va_filerev = ip->i_modrev; 425 return (0); 426 } 427 428 /* 429 * Set attribute vnode op. called from several syscalls 430 */ 431 static int 432 ufs_setattr(ap) 433 struct vop_setattr_args /* { 434 struct vnode *a_vp; 435 struct vattr *a_vap; 436 struct ucred *a_cred; 437 struct thread *a_td; 438 } */ *ap; 439 { 440 struct vattr *vap = ap->a_vap; 441 struct vnode *vp = ap->a_vp; 442 struct inode *ip = VTOI(vp); 443 struct ucred *cred = ap->a_cred; 444 struct thread *td = ap->a_td; 445 int error; 446 447 /* 448 * Check for unsettable attributes. 449 */ 450 if ((vap->va_type != VNON) || (vap->va_nlink != VNOVAL) || 451 (vap->va_fsid != VNOVAL) || (vap->va_fileid != VNOVAL) || 452 (vap->va_blocksize != VNOVAL) || (vap->va_rdev != VNOVAL) || 453 ((int)vap->va_bytes != VNOVAL) || (vap->va_gen != VNOVAL)) { 454 return (EINVAL); 455 } 456 /* 457 * Mark for update the file's access time for vfs_mark_atime(). 458 * We are doing this here to avoid some of the checks done 459 * below -- this operation is done by request of the kernel and 460 * should bypass some security checks. Things like read-only 461 * checks get handled by other levels (e.g., ffs_update()). 462 */ 463 if (vap->va_vaflags & VA_MARK_ATIME) { 464 ip->i_flag |= IN_ACCESS; 465 return (0); 466 } 467 if (vap->va_flags != VNOVAL) { 468 if (vp->v_mount->mnt_flag & MNT_RDONLY) 469 return (EROFS); 470 /* 471 * Callers may only modify the file flags on objects they 472 * have VADMIN rights for. 473 */ 474 if ((error = VOP_ACCESS(vp, VADMIN, cred, td))) 475 return (error); 476 /* 477 * Unprivileged processes are not permitted to unset system 478 * flags, or modify flags if any system flags are set. 479 * Privileged non-jail processes may not modify system flags 480 * if securelevel > 0 and any existing system flags are set. 481 * Privileged jail processes behave like privileged non-jail 482 * processes if the security.jail.chflags_allowed sysctl is 483 * is non-zero; otherwise, they behave like unprivileged 484 * processes. 485 */ 486 if (!suser_cred(cred, 487 jail_chflags_allowed ? SUSER_ALLOWJAIL : 0)) { 488 if (ip->i_flags 489 & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) { 490 error = securelevel_gt(cred, 0); 491 if (error) 492 return (error); 493 } 494 /* Snapshot flag cannot be set or cleared */ 495 if (((vap->va_flags & SF_SNAPSHOT) != 0 && 496 (ip->i_flags & SF_SNAPSHOT) == 0) || 497 ((vap->va_flags & SF_SNAPSHOT) == 0 && 498 (ip->i_flags & SF_SNAPSHOT) != 0)) 499 return (EPERM); 500 ip->i_flags = vap->va_flags; 501 DIP_SET(ip, i_flags, vap->va_flags); 502 } else { 503 if (ip->i_flags 504 & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND) || 505 (vap->va_flags & UF_SETTABLE) != vap->va_flags) 506 return (EPERM); 507 ip->i_flags &= SF_SETTABLE; 508 ip->i_flags |= (vap->va_flags & UF_SETTABLE); 509 DIP_SET(ip, i_flags, ip->i_flags); 510 } 511 ip->i_flag |= IN_CHANGE; 512 if (vap->va_flags & (IMMUTABLE | APPEND)) 513 return (0); 514 } 515 if (ip->i_flags & (IMMUTABLE | APPEND)) 516 return (EPERM); 517 /* 518 * Go through the fields and update iff not VNOVAL. 519 */ 520 if (vap->va_uid != (uid_t)VNOVAL || vap->va_gid != (gid_t)VNOVAL) { 521 if (vp->v_mount->mnt_flag & MNT_RDONLY) 522 return (EROFS); 523 if ((error = ufs_chown(vp, vap->va_uid, vap->va_gid, cred, 524 td)) != 0) 525 return (error); 526 } 527 if (vap->va_size != VNOVAL) { 528 /* 529 * XXX most of the following special cases should be in 530 * callers instead of in N filesystems. The VDIR check 531 * mostly already is. 532 */ 533 switch (vp->v_type) { 534 case VDIR: 535 return (EISDIR); 536 case VLNK: 537 case VREG: 538 /* 539 * Truncation should have an effect in these cases. 540 * Disallow it if the filesystem is read-only or 541 * the file is being snapshotted. 542 */ 543 if (vp->v_mount->mnt_flag & MNT_RDONLY) 544 return (EROFS); 545 if ((ip->i_flags & SF_SNAPSHOT) != 0) 546 return (EPERM); 547 break; 548 default: 549 /* 550 * According to POSIX, the result is unspecified 551 * for file types other than regular files, 552 * directories and shared memory objects. We 553 * don't support shared memory objects in the file 554 * system, and have dubious support for truncating 555 * symlinks. Just ignore the request in other cases. 556 */ 557 return (0); 558 } 559 if ((error = UFS_TRUNCATE(vp, vap->va_size, IO_NORMAL, 560 cred, td)) != 0) 561 return (error); 562 } 563 if (vap->va_atime.tv_sec != VNOVAL || 564 vap->va_mtime.tv_sec != VNOVAL || 565 vap->va_birthtime.tv_sec != VNOVAL) { 566 if (vp->v_mount->mnt_flag & MNT_RDONLY) 567 return (EROFS); 568 if ((ip->i_flags & SF_SNAPSHOT) != 0) 569 return (EPERM); 570 /* 571 * From utimes(2): 572 * If times is NULL, ... The caller must be the owner of 573 * the file, have permission to write the file, or be the 574 * super-user. 575 * If times is non-NULL, ... The caller must be the owner of 576 * the file or be the super-user. 577 */ 578 if ((error = VOP_ACCESS(vp, VADMIN, cred, td)) && 579 ((vap->va_vaflags & VA_UTIMES_NULL) == 0 || 580 (error = VOP_ACCESS(vp, VWRITE, cred, td)))) 581 return (error); 582 if (vap->va_atime.tv_sec != VNOVAL) 583 ip->i_flag |= IN_ACCESS; 584 if (vap->va_mtime.tv_sec != VNOVAL) 585 ip->i_flag |= IN_CHANGE | IN_UPDATE; 586 if (vap->va_birthtime.tv_sec != VNOVAL && 587 ip->i_ump->um_fstype == UFS2) 588 ip->i_flag |= IN_MODIFIED; 589 ufs_itimes(vp); 590 if (vap->va_atime.tv_sec != VNOVAL) { 591 DIP_SET(ip, i_atime, vap->va_atime.tv_sec); 592 DIP_SET(ip, i_atimensec, vap->va_atime.tv_nsec); 593 } 594 if (vap->va_mtime.tv_sec != VNOVAL) { 595 DIP_SET(ip, i_mtime, vap->va_mtime.tv_sec); 596 DIP_SET(ip, i_mtimensec, vap->va_mtime.tv_nsec); 597 } 598 if (vap->va_birthtime.tv_sec != VNOVAL && 599 ip->i_ump->um_fstype == UFS2) { 600 ip->i_din2->di_birthtime = vap->va_birthtime.tv_sec; 601 ip->i_din2->di_birthnsec = vap->va_birthtime.tv_nsec; 602 } 603 error = UFS_UPDATE(vp, 0); 604 if (error) 605 return (error); 606 } 607 error = 0; 608 if (vap->va_mode != (mode_t)VNOVAL) { 609 if (vp->v_mount->mnt_flag & MNT_RDONLY) 610 return (EROFS); 611 if ((ip->i_flags & SF_SNAPSHOT) != 0 && (vap->va_mode & 612 (S_IXUSR | S_IWUSR | S_IXGRP | S_IWGRP | S_IXOTH | S_IWOTH))) 613 return (EPERM); 614 error = ufs_chmod(vp, (int)vap->va_mode, cred, td); 615 } 616 return (error); 617 } 618 619 /* 620 * Change the mode on a file. 621 * Inode must be locked before calling. 622 */ 623 static int 624 ufs_chmod(vp, mode, cred, td) 625 struct vnode *vp; 626 int mode; 627 struct ucred *cred; 628 struct thread *td; 629 { 630 struct inode *ip = VTOI(vp); 631 int error; 632 633 /* 634 * To modify the permissions on a file, must possess VADMIN 635 * for that file. 636 */ 637 if ((error = VOP_ACCESS(vp, VADMIN, cred, td))) 638 return (error); 639 /* 640 * Privileged processes may set the sticky bit on non-directories, 641 * as well as set the setgid bit on a file with a group that the 642 * process is not a member of. Both of these are allowed in 643 * jail(8). 644 */ 645 if (vp->v_type != VDIR && (mode & S_ISTXT)) { 646 if (suser_cred(cred, SUSER_ALLOWJAIL)) 647 return (EFTYPE); 648 } 649 if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) { 650 error = suser_cred(cred, SUSER_ALLOWJAIL); 651 if (error) 652 return (error); 653 } 654 ip->i_mode &= ~ALLPERMS; 655 ip->i_mode |= (mode & ALLPERMS); 656 DIP_SET(ip, i_mode, ip->i_mode); 657 ip->i_flag |= IN_CHANGE; 658 return (0); 659 } 660 661 /* 662 * Perform chown operation on inode ip; 663 * inode must be locked prior to call. 664 */ 665 static int 666 ufs_chown(vp, uid, gid, cred, td) 667 struct vnode *vp; 668 uid_t uid; 669 gid_t gid; 670 struct ucred *cred; 671 struct thread *td; 672 { 673 struct inode *ip = VTOI(vp); 674 uid_t ouid; 675 gid_t ogid; 676 int error = 0; 677 #ifdef QUOTA 678 int i; 679 ufs2_daddr_t change; 680 #endif 681 682 if (uid == (uid_t)VNOVAL) 683 uid = ip->i_uid; 684 if (gid == (gid_t)VNOVAL) 685 gid = ip->i_gid; 686 /* 687 * To modify the ownership of a file, must possess VADMIN 688 * for that file. 689 */ 690 if ((error = VOP_ACCESS(vp, VADMIN, cred, td))) 691 return (error); 692 /* 693 * To change the owner of a file, or change the group of a file 694 * to a group of which we are not a member, the caller must 695 * have privilege. 696 */ 697 if ((uid != ip->i_uid || 698 (gid != ip->i_gid && !groupmember(gid, cred))) && 699 (error = suser_cred(cred, SUSER_ALLOWJAIL))) 700 return (error); 701 ogid = ip->i_gid; 702 ouid = ip->i_uid; 703 #ifdef QUOTA 704 if ((error = getinoquota(ip)) != 0) 705 return (error); 706 if (ouid == uid) { 707 dqrele(vp, ip->i_dquot[USRQUOTA]); 708 ip->i_dquot[USRQUOTA] = NODQUOT; 709 } 710 if (ogid == gid) { 711 dqrele(vp, ip->i_dquot[GRPQUOTA]); 712 ip->i_dquot[GRPQUOTA] = NODQUOT; 713 } 714 change = DIP(ip, i_blocks); 715 (void) chkdq(ip, -change, cred, CHOWN); 716 (void) chkiq(ip, -1, cred, CHOWN); 717 for (i = 0; i < MAXQUOTAS; i++) { 718 dqrele(vp, ip->i_dquot[i]); 719 ip->i_dquot[i] = NODQUOT; 720 } 721 #endif 722 ip->i_gid = gid; 723 DIP_SET(ip, i_gid, gid); 724 ip->i_uid = uid; 725 DIP_SET(ip, i_uid, uid); 726 #ifdef QUOTA 727 if ((error = getinoquota(ip)) == 0) { 728 if (ouid == uid) { 729 dqrele(vp, ip->i_dquot[USRQUOTA]); 730 ip->i_dquot[USRQUOTA] = NODQUOT; 731 } 732 if (ogid == gid) { 733 dqrele(vp, ip->i_dquot[GRPQUOTA]); 734 ip->i_dquot[GRPQUOTA] = NODQUOT; 735 } 736 if ((error = chkdq(ip, change, cred, CHOWN)) == 0) { 737 if ((error = chkiq(ip, 1, cred, CHOWN)) == 0) 738 goto good; 739 else 740 (void) chkdq(ip, -change, cred, CHOWN|FORCE); 741 } 742 for (i = 0; i < MAXQUOTAS; i++) { 743 dqrele(vp, ip->i_dquot[i]); 744 ip->i_dquot[i] = NODQUOT; 745 } 746 } 747 ip->i_gid = ogid; 748 DIP_SET(ip, i_gid, ogid); 749 ip->i_uid = ouid; 750 DIP_SET(ip, i_uid, ouid); 751 if (getinoquota(ip) == 0) { 752 if (ouid == uid) { 753 dqrele(vp, ip->i_dquot[USRQUOTA]); 754 ip->i_dquot[USRQUOTA] = NODQUOT; 755 } 756 if (ogid == gid) { 757 dqrele(vp, ip->i_dquot[GRPQUOTA]); 758 ip->i_dquot[GRPQUOTA] = NODQUOT; 759 } 760 (void) chkdq(ip, change, cred, FORCE|CHOWN); 761 (void) chkiq(ip, 1, cred, FORCE|CHOWN); 762 (void) getinoquota(ip); 763 } 764 return (error); 765 good: 766 if (getinoquota(ip)) 767 panic("ufs_chown: lost quota"); 768 #endif /* QUOTA */ 769 ip->i_flag |= IN_CHANGE; 770 if (suser_cred(cred, SUSER_ALLOWJAIL) && (ouid != uid || ogid != gid)) { 771 ip->i_mode &= ~(ISUID | ISGID); 772 DIP_SET(ip, i_mode, ip->i_mode); 773 } 774 return (0); 775 } 776 777 static int 778 ufs_remove(ap) 779 struct vop_remove_args /* { 780 struct vnode *a_dvp; 781 struct vnode *a_vp; 782 struct componentname *a_cnp; 783 } */ *ap; 784 { 785 struct inode *ip; 786 struct vnode *vp = ap->a_vp; 787 struct vnode *dvp = ap->a_dvp; 788 int error; 789 struct thread *td; 790 791 td = curthread; 792 ip = VTOI(vp); 793 if ((ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) || 794 (VTOI(dvp)->i_flags & APPEND)) { 795 error = EPERM; 796 goto out; 797 } 798 error = ufs_dirremove(dvp, ip, ap->a_cnp->cn_flags, 0); 799 if (ip->i_nlink <= 0) 800 vp->v_vflag |= VV_NOSYNC; 801 if ((ip->i_flags & SF_SNAPSHOT) != 0) { 802 /* 803 * Avoid deadlock where another thread is trying to 804 * update the inodeblock for dvp and is waiting on 805 * snaplk. Temporary unlock the vnode lock for the 806 * unlinked file and sync the directory. This should 807 * allow vput() of the directory to not block later on 808 * while holding the snapshot vnode locked, assuming 809 * that the directory hasn't been unlinked too. 810 */ 811 VOP_UNLOCK(vp, 0, td); 812 (void) VOP_FSYNC(dvp, MNT_WAIT, td); 813 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); 814 } 815 out: 816 return (error); 817 } 818 819 /* 820 * link vnode call 821 */ 822 static int 823 ufs_link(ap) 824 struct vop_link_args /* { 825 struct vnode *a_tdvp; 826 struct vnode *a_vp; 827 struct componentname *a_cnp; 828 } */ *ap; 829 { 830 struct vnode *vp = ap->a_vp; 831 struct vnode *tdvp = ap->a_tdvp; 832 struct componentname *cnp = ap->a_cnp; 833 struct inode *ip; 834 struct direct newdir; 835 int error; 836 837 #ifdef DIAGNOSTIC 838 if ((cnp->cn_flags & HASBUF) == 0) 839 panic("ufs_link: no name"); 840 #endif 841 if (tdvp->v_mount != vp->v_mount) { 842 error = EXDEV; 843 goto out; 844 } 845 ip = VTOI(vp); 846 if ((nlink_t)ip->i_nlink >= LINK_MAX) { 847 error = EMLINK; 848 goto out; 849 } 850 if (ip->i_flags & (IMMUTABLE | APPEND)) { 851 error = EPERM; 852 goto out; 853 } 854 ip->i_effnlink++; 855 ip->i_nlink++; 856 DIP_SET(ip, i_nlink, ip->i_nlink); 857 ip->i_flag |= IN_CHANGE; 858 if (DOINGSOFTDEP(vp)) 859 softdep_change_linkcnt(ip); 860 error = UFS_UPDATE(vp, !(DOINGSOFTDEP(vp) | DOINGASYNC(vp))); 861 if (!error) { 862 ufs_makedirentry(ip, cnp, &newdir); 863 error = ufs_direnter(tdvp, vp, &newdir, cnp, NULL); 864 } 865 866 if (error) { 867 ip->i_effnlink--; 868 ip->i_nlink--; 869 DIP_SET(ip, i_nlink, ip->i_nlink); 870 ip->i_flag |= IN_CHANGE; 871 if (DOINGSOFTDEP(vp)) 872 softdep_change_linkcnt(ip); 873 } 874 out: 875 return (error); 876 } 877 878 /* 879 * whiteout vnode call 880 */ 881 static int 882 ufs_whiteout(ap) 883 struct vop_whiteout_args /* { 884 struct vnode *a_dvp; 885 struct componentname *a_cnp; 886 int a_flags; 887 } */ *ap; 888 { 889 struct vnode *dvp = ap->a_dvp; 890 struct componentname *cnp = ap->a_cnp; 891 struct direct newdir; 892 int error = 0; 893 894 switch (ap->a_flags) { 895 case LOOKUP: 896 /* 4.4 format directories support whiteout operations */ 897 if (dvp->v_mount->mnt_maxsymlinklen > 0) 898 return (0); 899 return (EOPNOTSUPP); 900 901 case CREATE: 902 /* create a new directory whiteout */ 903 #ifdef DIAGNOSTIC 904 if ((cnp->cn_flags & SAVENAME) == 0) 905 panic("ufs_whiteout: missing name"); 906 if (dvp->v_mount->mnt_maxsymlinklen <= 0) 907 panic("ufs_whiteout: old format filesystem"); 908 #endif 909 910 newdir.d_ino = WINO; 911 newdir.d_namlen = cnp->cn_namelen; 912 bcopy(cnp->cn_nameptr, newdir.d_name, (unsigned)cnp->cn_namelen + 1); 913 newdir.d_type = DT_WHT; 914 error = ufs_direnter(dvp, NULL, &newdir, cnp, NULL); 915 break; 916 917 case DELETE: 918 /* remove an existing directory whiteout */ 919 #ifdef DIAGNOSTIC 920 if (dvp->v_mount->mnt_maxsymlinklen <= 0) 921 panic("ufs_whiteout: old format filesystem"); 922 #endif 923 924 cnp->cn_flags &= ~DOWHITEOUT; 925 error = ufs_dirremove(dvp, NULL, cnp->cn_flags, 0); 926 break; 927 default: 928 panic("ufs_whiteout: unknown op"); 929 } 930 return (error); 931 } 932 933 /* 934 * Rename system call. 935 * rename("foo", "bar"); 936 * is essentially 937 * unlink("bar"); 938 * link("foo", "bar"); 939 * unlink("foo"); 940 * but ``atomically''. Can't do full commit without saving state in the 941 * inode on disk which isn't feasible at this time. Best we can do is 942 * always guarantee the target exists. 943 * 944 * Basic algorithm is: 945 * 946 * 1) Bump link count on source while we're linking it to the 947 * target. This also ensure the inode won't be deleted out 948 * from underneath us while we work (it may be truncated by 949 * a concurrent `trunc' or `open' for creation). 950 * 2) Link source to destination. If destination already exists, 951 * delete it first. 952 * 3) Unlink source reference to inode if still around. If a 953 * directory was moved and the parent of the destination 954 * is different from the source, patch the ".." entry in the 955 * directory. 956 */ 957 static int 958 ufs_rename(ap) 959 struct vop_rename_args /* { 960 struct vnode *a_fdvp; 961 struct vnode *a_fvp; 962 struct componentname *a_fcnp; 963 struct vnode *a_tdvp; 964 struct vnode *a_tvp; 965 struct componentname *a_tcnp; 966 } */ *ap; 967 { 968 struct vnode *tvp = ap->a_tvp; 969 struct vnode *tdvp = ap->a_tdvp; 970 struct vnode *fvp = ap->a_fvp; 971 struct vnode *fdvp = ap->a_fdvp; 972 struct componentname *tcnp = ap->a_tcnp; 973 struct componentname *fcnp = ap->a_fcnp; 974 struct thread *td = fcnp->cn_thread; 975 struct inode *ip, *xp, *dp; 976 struct direct newdir; 977 int doingdirectory = 0, oldparent = 0, newparent = 0; 978 int error = 0, ioflag; 979 980 #ifdef DIAGNOSTIC 981 if ((tcnp->cn_flags & HASBUF) == 0 || 982 (fcnp->cn_flags & HASBUF) == 0) 983 panic("ufs_rename: no name"); 984 #endif 985 /* 986 * Check for cross-device rename. 987 */ 988 if ((fvp->v_mount != tdvp->v_mount) || 989 (tvp && (fvp->v_mount != tvp->v_mount))) { 990 error = EXDEV; 991 abortit: 992 if (tdvp == tvp) 993 vrele(tdvp); 994 else 995 vput(tdvp); 996 if (tvp) 997 vput(tvp); 998 vrele(fdvp); 999 vrele(fvp); 1000 return (error); 1001 } 1002 1003 if (tvp && ((VTOI(tvp)->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) || 1004 (VTOI(tdvp)->i_flags & APPEND))) { 1005 error = EPERM; 1006 goto abortit; 1007 } 1008 1009 /* 1010 * Renaming a file to itself has no effect. The upper layers should 1011 * not call us in that case. Temporarily just warn if they do. 1012 */ 1013 if (fvp == tvp) { 1014 printf("ufs_rename: fvp == tvp (can't happen)\n"); 1015 error = 0; 1016 goto abortit; 1017 } 1018 1019 if ((error = vn_lock(fvp, LK_EXCLUSIVE, td)) != 0) 1020 goto abortit; 1021 dp = VTOI(fdvp); 1022 ip = VTOI(fvp); 1023 if (ip->i_nlink >= LINK_MAX) { 1024 VOP_UNLOCK(fvp, 0, td); 1025 error = EMLINK; 1026 goto abortit; 1027 } 1028 if ((ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) 1029 || (dp->i_flags & APPEND)) { 1030 VOP_UNLOCK(fvp, 0, td); 1031 error = EPERM; 1032 goto abortit; 1033 } 1034 if ((ip->i_mode & IFMT) == IFDIR) { 1035 /* 1036 * Avoid ".", "..", and aliases of "." for obvious reasons. 1037 */ 1038 if ((fcnp->cn_namelen == 1 && fcnp->cn_nameptr[0] == '.') || 1039 dp == ip || (fcnp->cn_flags | tcnp->cn_flags) & ISDOTDOT || 1040 (ip->i_flag & IN_RENAME)) { 1041 VOP_UNLOCK(fvp, 0, td); 1042 error = EINVAL; 1043 goto abortit; 1044 } 1045 ip->i_flag |= IN_RENAME; 1046 oldparent = dp->i_number; 1047 doingdirectory = 1; 1048 } 1049 vrele(fdvp); 1050 1051 /* 1052 * When the target exists, both the directory 1053 * and target vnodes are returned locked. 1054 */ 1055 dp = VTOI(tdvp); 1056 xp = NULL; 1057 if (tvp) 1058 xp = VTOI(tvp); 1059 1060 /* 1061 * 1) Bump link count while we're moving stuff 1062 * around. If we crash somewhere before 1063 * completing our work, the link count 1064 * may be wrong, but correctable. 1065 */ 1066 ip->i_effnlink++; 1067 ip->i_nlink++; 1068 DIP_SET(ip, i_nlink, ip->i_nlink); 1069 ip->i_flag |= IN_CHANGE; 1070 if (DOINGSOFTDEP(fvp)) 1071 softdep_change_linkcnt(ip); 1072 if ((error = UFS_UPDATE(fvp, !(DOINGSOFTDEP(fvp) | 1073 DOINGASYNC(fvp)))) != 0) { 1074 VOP_UNLOCK(fvp, 0, td); 1075 goto bad; 1076 } 1077 1078 /* 1079 * If ".." must be changed (ie the directory gets a new 1080 * parent) then the source directory must not be in the 1081 * directory heirarchy above the target, as this would 1082 * orphan everything below the source directory. Also 1083 * the user must have write permission in the source so 1084 * as to be able to change "..". We must repeat the call 1085 * to namei, as the parent directory is unlocked by the 1086 * call to checkpath(). 1087 */ 1088 error = VOP_ACCESS(fvp, VWRITE, tcnp->cn_cred, tcnp->cn_thread); 1089 VOP_UNLOCK(fvp, 0, td); 1090 if (oldparent != dp->i_number) 1091 newparent = dp->i_number; 1092 if (doingdirectory && newparent) { 1093 if (error) /* write access check above */ 1094 goto bad; 1095 if (xp != NULL) 1096 vput(tvp); 1097 error = ufs_checkpath(ip, dp, tcnp->cn_cred); 1098 if (error) 1099 goto out; 1100 if ((tcnp->cn_flags & SAVESTART) == 0) 1101 panic("ufs_rename: lost to startdir"); 1102 VREF(tdvp); 1103 error = relookup(tdvp, &tvp, tcnp); 1104 if (error) 1105 goto out; 1106 vrele(tdvp); 1107 dp = VTOI(tdvp); 1108 xp = NULL; 1109 if (tvp) 1110 xp = VTOI(tvp); 1111 } 1112 /* 1113 * 2) If target doesn't exist, link the target 1114 * to the source and unlink the source. 1115 * Otherwise, rewrite the target directory 1116 * entry to reference the source inode and 1117 * expunge the original entry's existence. 1118 */ 1119 if (xp == NULL) { 1120 if (dp->i_dev != ip->i_dev) 1121 panic("ufs_rename: EXDEV"); 1122 /* 1123 * Account for ".." in new directory. 1124 * When source and destination have the same 1125 * parent we don't fool with the link count. 1126 */ 1127 if (doingdirectory && newparent) { 1128 if ((nlink_t)dp->i_nlink >= LINK_MAX) { 1129 error = EMLINK; 1130 goto bad; 1131 } 1132 dp->i_effnlink++; 1133 dp->i_nlink++; 1134 DIP_SET(dp, i_nlink, dp->i_nlink); 1135 dp->i_flag |= IN_CHANGE; 1136 if (DOINGSOFTDEP(tdvp)) 1137 softdep_change_linkcnt(dp); 1138 error = UFS_UPDATE(tdvp, !(DOINGSOFTDEP(tdvp) | 1139 DOINGASYNC(tdvp))); 1140 if (error) 1141 goto bad; 1142 } 1143 ufs_makedirentry(ip, tcnp, &newdir); 1144 error = ufs_direnter(tdvp, NULL, &newdir, tcnp, NULL); 1145 if (error) { 1146 if (doingdirectory && newparent) { 1147 dp->i_effnlink--; 1148 dp->i_nlink--; 1149 DIP_SET(dp, i_nlink, dp->i_nlink); 1150 dp->i_flag |= IN_CHANGE; 1151 if (DOINGSOFTDEP(tdvp)) 1152 softdep_change_linkcnt(dp); 1153 (void)UFS_UPDATE(tdvp, 1); 1154 } 1155 goto bad; 1156 } 1157 vput(tdvp); 1158 } else { 1159 if (xp->i_dev != dp->i_dev || xp->i_dev != ip->i_dev) 1160 panic("ufs_rename: EXDEV"); 1161 /* 1162 * Short circuit rename(foo, foo). 1163 */ 1164 if (xp->i_number == ip->i_number) 1165 panic("ufs_rename: same file"); 1166 /* 1167 * If the parent directory is "sticky", then the caller 1168 * must possess VADMIN for the parent directory, or the 1169 * destination of the rename. This implements append-only 1170 * directories. 1171 */ 1172 if ((dp->i_mode & S_ISTXT) && 1173 VOP_ACCESS(tdvp, VADMIN, tcnp->cn_cred, td) && 1174 VOP_ACCESS(tvp, VADMIN, tcnp->cn_cred, td)) { 1175 error = EPERM; 1176 goto bad; 1177 } 1178 /* 1179 * Target must be empty if a directory and have no links 1180 * to it. Also, ensure source and target are compatible 1181 * (both directories, or both not directories). 1182 */ 1183 if ((xp->i_mode&IFMT) == IFDIR) { 1184 if ((xp->i_effnlink > 2) || 1185 !ufs_dirempty(xp, dp->i_number, tcnp->cn_cred)) { 1186 error = ENOTEMPTY; 1187 goto bad; 1188 } 1189 if (!doingdirectory) { 1190 error = ENOTDIR; 1191 goto bad; 1192 } 1193 cache_purge(tdvp); 1194 } else if (doingdirectory) { 1195 error = EISDIR; 1196 goto bad; 1197 } 1198 error = ufs_dirrewrite(dp, xp, ip->i_number, 1199 IFTODT(ip->i_mode), 1200 (doingdirectory && newparent) ? newparent : doingdirectory); 1201 if (error) 1202 goto bad; 1203 if (doingdirectory) { 1204 if (!newparent) { 1205 dp->i_effnlink--; 1206 if (DOINGSOFTDEP(tdvp)) 1207 softdep_change_linkcnt(dp); 1208 } 1209 xp->i_effnlink--; 1210 if (DOINGSOFTDEP(tvp)) 1211 softdep_change_linkcnt(xp); 1212 } 1213 if (doingdirectory && !DOINGSOFTDEP(tvp)) { 1214 /* 1215 * Truncate inode. The only stuff left in the directory 1216 * is "." and "..". The "." reference is inconsequential 1217 * since we are quashing it. We have removed the "." 1218 * reference and the reference in the parent directory, 1219 * but there may be other hard links. The soft 1220 * dependency code will arrange to do these operations 1221 * after the parent directory entry has been deleted on 1222 * disk, so when running with that code we avoid doing 1223 * them now. 1224 */ 1225 if (!newparent) { 1226 dp->i_nlink--; 1227 DIP_SET(dp, i_nlink, dp->i_nlink); 1228 dp->i_flag |= IN_CHANGE; 1229 } 1230 xp->i_nlink--; 1231 DIP_SET(xp, i_nlink, xp->i_nlink); 1232 xp->i_flag |= IN_CHANGE; 1233 ioflag = IO_NORMAL; 1234 if (!DOINGASYNC(tvp)) 1235 ioflag |= IO_SYNC; 1236 if ((error = UFS_TRUNCATE(tvp, (off_t)0, ioflag, 1237 tcnp->cn_cred, tcnp->cn_thread)) != 0) 1238 goto bad; 1239 } 1240 vput(tdvp); 1241 vput(tvp); 1242 xp = NULL; 1243 } 1244 1245 /* 1246 * 3) Unlink the source. 1247 */ 1248 fcnp->cn_flags &= ~MODMASK; 1249 fcnp->cn_flags |= LOCKPARENT | LOCKLEAF; 1250 if ((fcnp->cn_flags & SAVESTART) == 0) 1251 panic("ufs_rename: lost from startdir"); 1252 VREF(fdvp); 1253 error = relookup(fdvp, &fvp, fcnp); 1254 if (error == 0) 1255 vrele(fdvp); 1256 if (fvp != NULL) { 1257 xp = VTOI(fvp); 1258 dp = VTOI(fdvp); 1259 } else { 1260 /* 1261 * From name has disappeared. IN_RENAME is not sufficient 1262 * to protect against directory races due to timing windows, 1263 * so we have to remove the panic. XXX the only real way 1264 * to solve this issue is at a much higher level. By the 1265 * time we hit ufs_rename() it's too late. 1266 */ 1267 #if 0 1268 if (doingdirectory) 1269 panic("ufs_rename: lost dir entry"); 1270 #endif 1271 vrele(ap->a_fvp); 1272 return (0); 1273 } 1274 /* 1275 * Ensure that the directory entry still exists and has not 1276 * changed while the new name has been entered. If the source is 1277 * a file then the entry may have been unlinked or renamed. In 1278 * either case there is no further work to be done. If the source 1279 * is a directory then it cannot have been rmdir'ed; the IN_RENAME 1280 * flag ensures that it cannot be moved by another rename or removed 1281 * by a rmdir. 1282 */ 1283 if (xp != ip) { 1284 /* 1285 * From name resolves to a different inode. IN_RENAME is 1286 * not sufficient protection against timing window races 1287 * so we can't panic here. XXX the only real way 1288 * to solve this issue is at a much higher level. By the 1289 * time we hit ufs_rename() it's too late. 1290 */ 1291 #if 0 1292 if (doingdirectory) 1293 panic("ufs_rename: lost dir entry"); 1294 #endif 1295 } else { 1296 /* 1297 * If the source is a directory with a 1298 * new parent, the link count of the old 1299 * parent directory must be decremented 1300 * and ".." set to point to the new parent. 1301 */ 1302 if (doingdirectory && newparent) { 1303 xp->i_offset = mastertemplate.dot_reclen; 1304 ufs_dirrewrite(xp, dp, newparent, DT_DIR, 0); 1305 cache_purge(fdvp); 1306 } 1307 error = ufs_dirremove(fdvp, xp, fcnp->cn_flags, 0); 1308 xp->i_flag &= ~IN_RENAME; 1309 } 1310 if (dp) 1311 vput(fdvp); 1312 if (xp) 1313 vput(fvp); 1314 vrele(ap->a_fvp); 1315 return (error); 1316 1317 bad: 1318 if (xp) 1319 vput(ITOV(xp)); 1320 vput(ITOV(dp)); 1321 out: 1322 if (doingdirectory) 1323 ip->i_flag &= ~IN_RENAME; 1324 if (vn_lock(fvp, LK_EXCLUSIVE, td) == 0) { 1325 ip->i_effnlink--; 1326 ip->i_nlink--; 1327 DIP_SET(ip, i_nlink, ip->i_nlink); 1328 ip->i_flag |= IN_CHANGE; 1329 ip->i_flag &= ~IN_RENAME; 1330 if (DOINGSOFTDEP(fvp)) 1331 softdep_change_linkcnt(ip); 1332 vput(fvp); 1333 } else 1334 vrele(fvp); 1335 return (error); 1336 } 1337 1338 /* 1339 * Mkdir system call 1340 */ 1341 static int 1342 ufs_mkdir(ap) 1343 struct vop_mkdir_args /* { 1344 struct vnode *a_dvp; 1345 struct vnode **a_vpp; 1346 struct componentname *a_cnp; 1347 struct vattr *a_vap; 1348 } */ *ap; 1349 { 1350 struct vnode *dvp = ap->a_dvp; 1351 struct vattr *vap = ap->a_vap; 1352 struct componentname *cnp = ap->a_cnp; 1353 struct inode *ip, *dp; 1354 struct vnode *tvp; 1355 struct buf *bp; 1356 struct dirtemplate dirtemplate, *dtp; 1357 struct direct newdir; 1358 #ifdef UFS_ACL 1359 struct acl *acl, *dacl; 1360 #endif 1361 int error, dmode; 1362 long blkoff; 1363 1364 #ifdef DIAGNOSTIC 1365 if ((cnp->cn_flags & HASBUF) == 0) 1366 panic("ufs_mkdir: no name"); 1367 #endif 1368 dp = VTOI(dvp); 1369 if ((nlink_t)dp->i_nlink >= LINK_MAX) { 1370 error = EMLINK; 1371 goto out; 1372 } 1373 dmode = vap->va_mode & 0777; 1374 dmode |= IFDIR; 1375 /* 1376 * Must simulate part of ufs_makeinode here to acquire the inode, 1377 * but not have it entered in the parent directory. The entry is 1378 * made later after writing "." and ".." entries. 1379 */ 1380 error = UFS_VALLOC(dvp, dmode, cnp->cn_cred, &tvp); 1381 if (error) 1382 goto out; 1383 ip = VTOI(tvp); 1384 ip->i_gid = dp->i_gid; 1385 DIP_SET(ip, i_gid, dp->i_gid); 1386 #ifdef SUIDDIR 1387 { 1388 #ifdef QUOTA 1389 struct ucred ucred, *ucp; 1390 ucp = cnp->cn_cred; 1391 #endif 1392 /* 1393 * If we are hacking owners here, (only do this where told to) 1394 * and we are not giving it TO root, (would subvert quotas) 1395 * then go ahead and give it to the other user. 1396 * The new directory also inherits the SUID bit. 1397 * If user's UID and dir UID are the same, 1398 * 'give it away' so that the SUID is still forced on. 1399 */ 1400 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) && 1401 (dp->i_mode & ISUID) && dp->i_uid) { 1402 dmode |= ISUID; 1403 ip->i_uid = dp->i_uid; 1404 DIP_SET(ip, i_uid, dp->i_uid); 1405 #ifdef QUOTA 1406 if (dp->i_uid != cnp->cn_cred->cr_uid) { 1407 /* 1408 * Make sure the correct user gets charged 1409 * for the space. 1410 * Make a dummy credential for the victim. 1411 * XXX This seems to never be accessed out of 1412 * our context so a stack variable is ok. 1413 */ 1414 refcount_init(&ucred.cr_ref, 1); 1415 ucred.cr_uid = ip->i_uid; 1416 ucred.cr_ngroups = 1; 1417 ucred.cr_groups[0] = dp->i_gid; 1418 ucp = &ucred; 1419 } 1420 #endif 1421 } else { 1422 ip->i_uid = cnp->cn_cred->cr_uid; 1423 DIP_SET(ip, i_uid, ip->i_uid); 1424 } 1425 #ifdef QUOTA 1426 if ((error = getinoquota(ip)) || 1427 (error = chkiq(ip, 1, ucp, 0))) { 1428 UFS_VFREE(tvp, ip->i_number, dmode); 1429 vput(tvp); 1430 return (error); 1431 } 1432 #endif 1433 } 1434 #else /* !SUIDDIR */ 1435 ip->i_uid = cnp->cn_cred->cr_uid; 1436 DIP_SET(ip, i_uid, ip->i_uid); 1437 #ifdef QUOTA 1438 if ((error = getinoquota(ip)) || 1439 (error = chkiq(ip, 1, cnp->cn_cred, 0))) { 1440 UFS_VFREE(tvp, ip->i_number, dmode); 1441 vput(tvp); 1442 return (error); 1443 } 1444 #endif 1445 #endif /* !SUIDDIR */ 1446 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE; 1447 #ifdef UFS_ACL 1448 acl = dacl = NULL; 1449 if ((dvp->v_mount->mnt_flag & MNT_ACLS) != 0) { 1450 acl = uma_zalloc(acl_zone, M_WAITOK); 1451 dacl = uma_zalloc(acl_zone, M_WAITOK); 1452 1453 /* 1454 * Retrieve default ACL from parent, if any. 1455 */ 1456 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cnp->cn_cred, 1457 cnp->cn_thread); 1458 switch (error) { 1459 case 0: 1460 /* 1461 * Retrieved a default ACL, so merge mode and ACL if 1462 * necessary. If the ACL is empty, fall through to 1463 * the "not defined or available" case. 1464 */ 1465 if (acl->acl_cnt != 0) { 1466 dmode = acl_posix1e_newfilemode(dmode, acl); 1467 ip->i_mode = dmode; 1468 DIP_SET(ip, i_mode, dmode); 1469 *dacl = *acl; 1470 ufs_sync_acl_from_inode(ip, acl); 1471 break; 1472 } 1473 /* FALLTHROUGH */ 1474 1475 case EOPNOTSUPP: 1476 /* 1477 * Just use the mode as-is. 1478 */ 1479 ip->i_mode = dmode; 1480 DIP_SET(ip, i_mode, dmode); 1481 uma_zfree(acl_zone, acl); 1482 uma_zfree(acl_zone, dacl); 1483 dacl = acl = NULL; 1484 break; 1485 1486 default: 1487 UFS_VFREE(tvp, ip->i_number, dmode); 1488 vput(tvp); 1489 uma_zfree(acl_zone, acl); 1490 uma_zfree(acl_zone, dacl); 1491 return (error); 1492 } 1493 } else { 1494 #endif /* !UFS_ACL */ 1495 ip->i_mode = dmode; 1496 DIP_SET(ip, i_mode, dmode); 1497 #ifdef UFS_ACL 1498 } 1499 #endif 1500 tvp->v_type = VDIR; /* Rest init'd in getnewvnode(). */ 1501 ip->i_effnlink = 2; 1502 ip->i_nlink = 2; 1503 DIP_SET(ip, i_nlink, 2); 1504 if (DOINGSOFTDEP(tvp)) 1505 softdep_change_linkcnt(ip); 1506 if (cnp->cn_flags & ISWHITEOUT) { 1507 ip->i_flags |= UF_OPAQUE; 1508 DIP_SET(ip, i_flags, ip->i_flags); 1509 } 1510 1511 /* 1512 * Bump link count in parent directory to reflect work done below. 1513 * Should be done before reference is created so cleanup is 1514 * possible if we crash. 1515 */ 1516 dp->i_effnlink++; 1517 dp->i_nlink++; 1518 DIP_SET(dp, i_nlink, dp->i_nlink); 1519 dp->i_flag |= IN_CHANGE; 1520 if (DOINGSOFTDEP(dvp)) 1521 softdep_change_linkcnt(dp); 1522 error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(dvp) | DOINGASYNC(dvp))); 1523 if (error) 1524 goto bad; 1525 #ifdef MAC 1526 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) { 1527 error = mac_create_vnode_extattr(cnp->cn_cred, dvp->v_mount, 1528 dvp, tvp, cnp); 1529 if (error) 1530 goto bad; 1531 } 1532 #endif 1533 #ifdef UFS_ACL 1534 if (acl != NULL) { 1535 /* 1536 * XXX: If we abort now, will Soft Updates notify the extattr 1537 * code that the EAs for the file need to be released? 1538 */ 1539 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cnp->cn_cred, 1540 cnp->cn_thread); 1541 if (error == 0) 1542 error = VOP_SETACL(tvp, ACL_TYPE_DEFAULT, dacl, 1543 cnp->cn_cred, cnp->cn_thread); 1544 switch (error) { 1545 case 0: 1546 break; 1547 1548 case EOPNOTSUPP: 1549 /* 1550 * XXX: This should not happen, as EOPNOTSUPP above 1551 * was supposed to free acl. 1552 */ 1553 printf("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()\n"); 1554 /* 1555 panic("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()"); 1556 */ 1557 break; 1558 1559 default: 1560 uma_zfree(acl_zone, acl); 1561 uma_zfree(acl_zone, dacl); 1562 dacl = acl = NULL; 1563 goto bad; 1564 } 1565 uma_zfree(acl_zone, acl); 1566 uma_zfree(acl_zone, dacl); 1567 dacl = acl = NULL; 1568 } 1569 #endif /* !UFS_ACL */ 1570 1571 /* 1572 * Initialize directory with "." and ".." from static template. 1573 */ 1574 if (dvp->v_mount->mnt_maxsymlinklen > 0) 1575 dtp = &mastertemplate; 1576 else 1577 dtp = (struct dirtemplate *)&omastertemplate; 1578 dirtemplate = *dtp; 1579 dirtemplate.dot_ino = ip->i_number; 1580 dirtemplate.dotdot_ino = dp->i_number; 1581 if ((error = UFS_BALLOC(tvp, (off_t)0, DIRBLKSIZ, cnp->cn_cred, 1582 BA_CLRBUF, &bp)) != 0) 1583 goto bad; 1584 ip->i_size = DIRBLKSIZ; 1585 DIP_SET(ip, i_size, DIRBLKSIZ); 1586 ip->i_flag |= IN_CHANGE | IN_UPDATE; 1587 vnode_pager_setsize(tvp, (u_long)ip->i_size); 1588 bcopy((caddr_t)&dirtemplate, (caddr_t)bp->b_data, sizeof dirtemplate); 1589 if (DOINGSOFTDEP(tvp)) { 1590 /* 1591 * Ensure that the entire newly allocated block is a 1592 * valid directory so that future growth within the 1593 * block does not have to ensure that the block is 1594 * written before the inode. 1595 */ 1596 blkoff = DIRBLKSIZ; 1597 while (blkoff < bp->b_bcount) { 1598 ((struct direct *) 1599 (bp->b_data + blkoff))->d_reclen = DIRBLKSIZ; 1600 blkoff += DIRBLKSIZ; 1601 } 1602 } 1603 if ((error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(tvp) | 1604 DOINGASYNC(tvp)))) != 0) { 1605 (void)bwrite(bp); 1606 goto bad; 1607 } 1608 /* 1609 * Directory set up, now install its entry in the parent directory. 1610 * 1611 * If we are not doing soft dependencies, then we must write out the 1612 * buffer containing the new directory body before entering the new 1613 * name in the parent. If we are doing soft dependencies, then the 1614 * buffer containing the new directory body will be passed to and 1615 * released in the soft dependency code after the code has attached 1616 * an appropriate ordering dependency to the buffer which ensures that 1617 * the buffer is written before the new name is written in the parent. 1618 */ 1619 if (DOINGASYNC(dvp)) 1620 bdwrite(bp); 1621 else if (!DOINGSOFTDEP(dvp) && ((error = bwrite(bp)))) 1622 goto bad; 1623 ufs_makedirentry(ip, cnp, &newdir); 1624 error = ufs_direnter(dvp, tvp, &newdir, cnp, bp); 1625 1626 bad: 1627 if (error == 0) { 1628 *ap->a_vpp = tvp; 1629 } else { 1630 #ifdef UFS_ACL 1631 if (acl != NULL) 1632 uma_zfree(acl_zone, acl); 1633 if (dacl != NULL) 1634 uma_zfree(acl_zone, dacl); 1635 #endif 1636 dp->i_effnlink--; 1637 dp->i_nlink--; 1638 DIP_SET(dp, i_nlink, dp->i_nlink); 1639 dp->i_flag |= IN_CHANGE; 1640 if (DOINGSOFTDEP(dvp)) 1641 softdep_change_linkcnt(dp); 1642 /* 1643 * No need to do an explicit VOP_TRUNCATE here, vrele will 1644 * do this for us because we set the link count to 0. 1645 */ 1646 ip->i_effnlink = 0; 1647 ip->i_nlink = 0; 1648 DIP_SET(ip, i_nlink, 0); 1649 ip->i_flag |= IN_CHANGE; 1650 if (DOINGSOFTDEP(tvp)) 1651 softdep_change_linkcnt(ip); 1652 vput(tvp); 1653 } 1654 out: 1655 return (error); 1656 } 1657 1658 /* 1659 * Rmdir system call. 1660 */ 1661 static int 1662 ufs_rmdir(ap) 1663 struct vop_rmdir_args /* { 1664 struct vnode *a_dvp; 1665 struct vnode *a_vp; 1666 struct componentname *a_cnp; 1667 } */ *ap; 1668 { 1669 struct vnode *vp = ap->a_vp; 1670 struct vnode *dvp = ap->a_dvp; 1671 struct componentname *cnp = ap->a_cnp; 1672 struct inode *ip, *dp; 1673 int error, ioflag; 1674 1675 ip = VTOI(vp); 1676 dp = VTOI(dvp); 1677 1678 /* 1679 * Do not remove a directory that is in the process of being renamed. 1680 * Verify the directory is empty (and valid). Rmdir ".." will not be 1681 * valid since ".." will contain a reference to the current directory 1682 * and thus be non-empty. Do not allow the removal of mounted on 1683 * directories (this can happen when an NFS exported filesystem 1684 * tries to remove a locally mounted on directory). 1685 */ 1686 error = 0; 1687 if ((ip->i_flag & IN_RENAME) || ip->i_effnlink < 2) { 1688 error = EINVAL; 1689 goto out; 1690 } 1691 if (!ufs_dirempty(ip, dp->i_number, cnp->cn_cred)) { 1692 error = ENOTEMPTY; 1693 goto out; 1694 } 1695 if ((dp->i_flags & APPEND) 1696 || (ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))) { 1697 error = EPERM; 1698 goto out; 1699 } 1700 if (vp->v_mountedhere != 0) { 1701 error = EINVAL; 1702 goto out; 1703 } 1704 /* 1705 * Delete reference to directory before purging 1706 * inode. If we crash in between, the directory 1707 * will be reattached to lost+found, 1708 */ 1709 dp->i_effnlink--; 1710 ip->i_effnlink--; 1711 if (DOINGSOFTDEP(vp)) { 1712 softdep_change_linkcnt(dp); 1713 softdep_change_linkcnt(ip); 1714 } 1715 error = ufs_dirremove(dvp, ip, cnp->cn_flags, 1); 1716 if (error) { 1717 dp->i_effnlink++; 1718 ip->i_effnlink++; 1719 if (DOINGSOFTDEP(vp)) { 1720 softdep_change_linkcnt(dp); 1721 softdep_change_linkcnt(ip); 1722 } 1723 goto out; 1724 } 1725 cache_purge(dvp); 1726 /* 1727 * Truncate inode. The only stuff left in the directory is "." and 1728 * "..". The "." reference is inconsequential since we are quashing 1729 * it. The soft dependency code will arrange to do these operations 1730 * after the parent directory entry has been deleted on disk, so 1731 * when running with that code we avoid doing them now. 1732 */ 1733 if (!DOINGSOFTDEP(vp)) { 1734 dp->i_nlink--; 1735 DIP_SET(dp, i_nlink, dp->i_nlink); 1736 dp->i_flag |= IN_CHANGE; 1737 ip->i_nlink--; 1738 DIP_SET(ip, i_nlink, ip->i_nlink); 1739 ip->i_flag |= IN_CHANGE; 1740 ioflag = IO_NORMAL; 1741 if (!DOINGASYNC(vp)) 1742 ioflag |= IO_SYNC; 1743 error = UFS_TRUNCATE(vp, (off_t)0, ioflag, cnp->cn_cred, 1744 cnp->cn_thread); 1745 } 1746 cache_purge(vp); 1747 #ifdef UFS_DIRHASH 1748 /* Kill any active hash; i_effnlink == 0, so it will not come back. */ 1749 if (ip->i_dirhash != NULL) 1750 ufsdirhash_free(ip); 1751 #endif 1752 out: 1753 return (error); 1754 } 1755 1756 /* 1757 * symlink -- make a symbolic link 1758 */ 1759 static int 1760 ufs_symlink(ap) 1761 struct vop_symlink_args /* { 1762 struct vnode *a_dvp; 1763 struct vnode **a_vpp; 1764 struct componentname *a_cnp; 1765 struct vattr *a_vap; 1766 char *a_target; 1767 } */ *ap; 1768 { 1769 struct vnode *vp, **vpp = ap->a_vpp; 1770 struct inode *ip; 1771 int len, error; 1772 1773 error = ufs_makeinode(IFLNK | ap->a_vap->va_mode, ap->a_dvp, 1774 vpp, ap->a_cnp); 1775 if (error) 1776 return (error); 1777 vp = *vpp; 1778 len = strlen(ap->a_target); 1779 if (len < vp->v_mount->mnt_maxsymlinklen) { 1780 ip = VTOI(vp); 1781 bcopy(ap->a_target, SHORTLINK(ip), len); 1782 ip->i_size = len; 1783 DIP_SET(ip, i_size, len); 1784 ip->i_flag |= IN_CHANGE | IN_UPDATE; 1785 } else 1786 error = vn_rdwr(UIO_WRITE, vp, ap->a_target, len, (off_t)0, 1787 UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK, 1788 ap->a_cnp->cn_cred, NOCRED, (int *)0, (struct thread *)0); 1789 if (error) 1790 vput(vp); 1791 return (error); 1792 } 1793 1794 /* 1795 * Vnode op for reading directories. 1796 * 1797 * The routine below assumes that the on-disk format of a directory 1798 * is the same as that defined by <sys/dirent.h>. If the on-disk 1799 * format changes, then it will be necessary to do a conversion 1800 * from the on-disk format that read returns to the format defined 1801 * by <sys/dirent.h>. 1802 */ 1803 int 1804 ufs_readdir(ap) 1805 struct vop_readdir_args /* { 1806 struct vnode *a_vp; 1807 struct uio *a_uio; 1808 struct ucred *a_cred; 1809 int *a_eofflag; 1810 int *ncookies; 1811 u_long **a_cookies; 1812 } */ *ap; 1813 { 1814 struct uio *uio = ap->a_uio; 1815 int error; 1816 size_t count, lost; 1817 off_t off; 1818 1819 if (ap->a_ncookies != NULL) 1820 /* 1821 * Ensure that the block is aligned. The caller can use 1822 * the cookies to determine where in the block to start. 1823 */ 1824 uio->uio_offset &= ~(DIRBLKSIZ - 1); 1825 off = uio->uio_offset; 1826 count = uio->uio_resid; 1827 /* Make sure we don't return partial entries. */ 1828 if (count <= ((uio->uio_offset + count) & (DIRBLKSIZ -1))) 1829 return (EINVAL); 1830 count -= (uio->uio_offset + count) & (DIRBLKSIZ -1); 1831 lost = uio->uio_resid - count; 1832 uio->uio_resid = count; 1833 uio->uio_iov->iov_len = count; 1834 # if (BYTE_ORDER == LITTLE_ENDIAN) 1835 if (ap->a_vp->v_mount->mnt_maxsymlinklen > 0) { 1836 error = VOP_READ(ap->a_vp, uio, 0, ap->a_cred); 1837 } else { 1838 struct dirent *dp, *edp; 1839 struct uio auio; 1840 struct iovec aiov; 1841 caddr_t dirbuf; 1842 int readcnt; 1843 u_char tmp; 1844 1845 auio = *uio; 1846 auio.uio_iov = &aiov; 1847 auio.uio_iovcnt = 1; 1848 auio.uio_segflg = UIO_SYSSPACE; 1849 aiov.iov_len = count; 1850 MALLOC(dirbuf, caddr_t, count, M_TEMP, M_WAITOK); 1851 aiov.iov_base = dirbuf; 1852 error = VOP_READ(ap->a_vp, &auio, 0, ap->a_cred); 1853 if (error == 0) { 1854 readcnt = count - auio.uio_resid; 1855 edp = (struct dirent *)&dirbuf[readcnt]; 1856 for (dp = (struct dirent *)dirbuf; dp < edp; ) { 1857 tmp = dp->d_namlen; 1858 dp->d_namlen = dp->d_type; 1859 dp->d_type = tmp; 1860 if (dp->d_reclen > 0) { 1861 dp = (struct dirent *) 1862 ((char *)dp + dp->d_reclen); 1863 } else { 1864 error = EIO; 1865 break; 1866 } 1867 } 1868 if (dp >= edp) 1869 error = uiomove(dirbuf, readcnt, uio); 1870 } 1871 FREE(dirbuf, M_TEMP); 1872 } 1873 # else 1874 error = VOP_READ(ap->a_vp, uio, 0, ap->a_cred); 1875 # endif 1876 if (!error && ap->a_ncookies != NULL) { 1877 struct dirent* dpStart; 1878 struct dirent* dpEnd; 1879 struct dirent* dp; 1880 int ncookies; 1881 u_long *cookies; 1882 u_long *cookiep; 1883 1884 if (uio->uio_segflg != UIO_SYSSPACE || uio->uio_iovcnt != 1) 1885 panic("ufs_readdir: unexpected uio from NFS server"); 1886 dpStart = (struct dirent *) 1887 ((char *)uio->uio_iov->iov_base - (uio->uio_offset - off)); 1888 dpEnd = (struct dirent *) uio->uio_iov->iov_base; 1889 for (dp = dpStart, ncookies = 0; 1890 dp < dpEnd; 1891 dp = (struct dirent *)((caddr_t) dp + dp->d_reclen)) 1892 ncookies++; 1893 MALLOC(cookies, u_long *, ncookies * sizeof(u_long), M_TEMP, 1894 M_WAITOK); 1895 for (dp = dpStart, cookiep = cookies; 1896 dp < dpEnd; 1897 dp = (struct dirent *)((caddr_t) dp + dp->d_reclen)) { 1898 off += dp->d_reclen; 1899 *cookiep++ = (u_long) off; 1900 } 1901 *ap->a_ncookies = ncookies; 1902 *ap->a_cookies = cookies; 1903 } 1904 uio->uio_resid += lost; 1905 if (ap->a_eofflag) 1906 *ap->a_eofflag = VTOI(ap->a_vp)->i_size <= uio->uio_offset; 1907 return (error); 1908 } 1909 1910 /* 1911 * Return target name of a symbolic link 1912 */ 1913 static int 1914 ufs_readlink(ap) 1915 struct vop_readlink_args /* { 1916 struct vnode *a_vp; 1917 struct uio *a_uio; 1918 struct ucred *a_cred; 1919 } */ *ap; 1920 { 1921 struct vnode *vp = ap->a_vp; 1922 struct inode *ip = VTOI(vp); 1923 doff_t isize; 1924 1925 isize = ip->i_size; 1926 if ((isize < vp->v_mount->mnt_maxsymlinklen) || 1927 DIP(ip, i_blocks) == 0) { /* XXX - for old fastlink support */ 1928 return (uiomove(SHORTLINK(ip), isize, ap->a_uio)); 1929 } 1930 return (VOP_READ(vp, ap->a_uio, 0, ap->a_cred)); 1931 } 1932 1933 /* 1934 * Calculate the logical to physical mapping if not done already, 1935 * then call the device strategy routine. 1936 * 1937 * In order to be able to swap to a file, the ufs_bmaparray() operation may not 1938 * deadlock on memory. See ufs_bmap() for details. 1939 */ 1940 static int 1941 ufs_strategy(ap) 1942 struct vop_strategy_args /* { 1943 struct vnode *a_vp; 1944 struct buf *a_bp; 1945 } */ *ap; 1946 { 1947 struct buf *bp = ap->a_bp; 1948 struct vnode *vp = ap->a_vp; 1949 struct bufobj *bo; 1950 struct inode *ip; 1951 ufs2_daddr_t blkno; 1952 int error; 1953 1954 ip = VTOI(vp); 1955 if (bp->b_blkno == bp->b_lblkno) { 1956 error = ufs_bmaparray(vp, bp->b_lblkno, &blkno, bp, NULL, NULL); 1957 bp->b_blkno = blkno; 1958 if (error) { 1959 bp->b_error = error; 1960 bp->b_ioflags |= BIO_ERROR; 1961 bufdone(bp); 1962 return (error); 1963 } 1964 if ((long)bp->b_blkno == -1) 1965 vfs_bio_clrbuf(bp); 1966 } 1967 if ((long)bp->b_blkno == -1) { 1968 bufdone(bp); 1969 return (0); 1970 } 1971 bp->b_iooffset = dbtob(bp->b_blkno); 1972 bo = ip->i_umbufobj; 1973 BO_STRATEGY(bo, bp); 1974 return (0); 1975 } 1976 1977 /* 1978 * Print out the contents of an inode. 1979 */ 1980 static int 1981 ufs_print(ap) 1982 struct vop_print_args /* { 1983 struct vnode *a_vp; 1984 } */ *ap; 1985 { 1986 struct vnode *vp = ap->a_vp; 1987 struct inode *ip = VTOI(vp); 1988 1989 printf("\tino %lu, on dev %s", (u_long)ip->i_number, 1990 devtoname(ip->i_dev)); 1991 if (vp->v_type == VFIFO) 1992 fifo_printinfo(vp); 1993 printf("\n"); 1994 return (0); 1995 } 1996 1997 /* 1998 * Close wrapper for fifos. 1999 * 2000 * Update the times on the inode then do device close. 2001 */ 2002 static int 2003 ufsfifo_close(ap) 2004 struct vop_close_args /* { 2005 struct vnode *a_vp; 2006 int a_fflag; 2007 struct ucred *a_cred; 2008 struct thread *a_td; 2009 } */ *ap; 2010 { 2011 struct vnode *vp = ap->a_vp; 2012 int usecount; 2013 2014 VI_LOCK(vp); 2015 usecount = vp->v_usecount; 2016 VI_UNLOCK(vp); 2017 if (usecount > 1) 2018 ufs_itimes(vp); 2019 return (fifo_specops.vop_close(ap)); 2020 } 2021 2022 /* 2023 * Kqfilter wrapper for fifos. 2024 * 2025 * Fall through to ufs kqfilter routines if needed 2026 */ 2027 static int 2028 ufsfifo_kqfilter(ap) 2029 struct vop_kqfilter_args *ap; 2030 { 2031 int error; 2032 2033 error = fifo_specops.vop_kqfilter(ap); 2034 if (error) 2035 error = vfs_kqfilter(ap); 2036 return (error); 2037 } 2038 2039 /* 2040 * Return POSIX pathconf information applicable to ufs filesystems. 2041 */ 2042 static int 2043 ufs_pathconf(ap) 2044 struct vop_pathconf_args /* { 2045 struct vnode *a_vp; 2046 int a_name; 2047 int *a_retval; 2048 } */ *ap; 2049 { 2050 int error; 2051 2052 error = 0; 2053 switch (ap->a_name) { 2054 case _PC_LINK_MAX: 2055 *ap->a_retval = LINK_MAX; 2056 break; 2057 case _PC_NAME_MAX: 2058 *ap->a_retval = NAME_MAX; 2059 break; 2060 case _PC_PATH_MAX: 2061 *ap->a_retval = PATH_MAX; 2062 break; 2063 case _PC_PIPE_BUF: 2064 *ap->a_retval = PIPE_BUF; 2065 break; 2066 case _PC_CHOWN_RESTRICTED: 2067 *ap->a_retval = 1; 2068 break; 2069 case _PC_NO_TRUNC: 2070 *ap->a_retval = 1; 2071 break; 2072 case _PC_ACL_EXTENDED: 2073 #ifdef UFS_ACL 2074 if (ap->a_vp->v_mount->mnt_flag & MNT_ACLS) 2075 *ap->a_retval = 1; 2076 else 2077 *ap->a_retval = 0; 2078 #else 2079 *ap->a_retval = 0; 2080 #endif 2081 break; 2082 case _PC_ACL_PATH_MAX: 2083 #ifdef UFS_ACL 2084 if (ap->a_vp->v_mount->mnt_flag & MNT_ACLS) 2085 *ap->a_retval = ACL_MAX_ENTRIES; 2086 else 2087 *ap->a_retval = 3; 2088 #else 2089 *ap->a_retval = 3; 2090 #endif 2091 break; 2092 case _PC_MAC_PRESENT: 2093 #ifdef MAC 2094 if (ap->a_vp->v_mount->mnt_flag & MNT_MULTILABEL) 2095 *ap->a_retval = 1; 2096 else 2097 *ap->a_retval = 0; 2098 #else 2099 *ap->a_retval = 0; 2100 #endif 2101 break; 2102 case _PC_ASYNC_IO: 2103 /* _PC_ASYNC_IO should have been handled by upper layers. */ 2104 KASSERT(0, ("_PC_ASYNC_IO should not get here")); 2105 error = EINVAL; 2106 break; 2107 case _PC_PRIO_IO: 2108 *ap->a_retval = 0; 2109 break; 2110 case _PC_SYNC_IO: 2111 *ap->a_retval = 0; 2112 break; 2113 case _PC_ALLOC_SIZE_MIN: 2114 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_bsize; 2115 break; 2116 case _PC_FILESIZEBITS: 2117 *ap->a_retval = 64; 2118 break; 2119 case _PC_REC_INCR_XFER_SIZE: 2120 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2121 break; 2122 case _PC_REC_MAX_XFER_SIZE: 2123 *ap->a_retval = -1; /* means ``unlimited'' */ 2124 break; 2125 case _PC_REC_MIN_XFER_SIZE: 2126 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2127 break; 2128 case _PC_REC_XFER_ALIGN: 2129 *ap->a_retval = PAGE_SIZE; 2130 break; 2131 case _PC_SYMLINK_MAX: 2132 *ap->a_retval = MAXPATHLEN; 2133 break; 2134 2135 default: 2136 error = EINVAL; 2137 break; 2138 } 2139 return (error); 2140 } 2141 2142 /* 2143 * Advisory record locking support 2144 */ 2145 static int 2146 ufs_advlock(ap) 2147 struct vop_advlock_args /* { 2148 struct vnode *a_vp; 2149 caddr_t a_id; 2150 int a_op; 2151 struct flock *a_fl; 2152 int a_flags; 2153 } */ *ap; 2154 { 2155 struct inode *ip = VTOI(ap->a_vp); 2156 2157 return (lf_advlock(ap, &(ip->i_lockf), ip->i_size)); 2158 } 2159 2160 /* 2161 * Initialize the vnode associated with a new inode, handle aliased 2162 * vnodes. 2163 */ 2164 int 2165 ufs_vinit(mntp, fifoops, vpp) 2166 struct mount *mntp; 2167 struct vop_vector *fifoops; 2168 struct vnode **vpp; 2169 { 2170 struct inode *ip; 2171 struct vnode *vp; 2172 2173 vp = *vpp; 2174 ip = VTOI(vp); 2175 vp->v_type = IFTOVT(ip->i_mode); 2176 if (vp->v_type == VFIFO) 2177 vp->v_op = fifoops; 2178 ASSERT_VOP_LOCKED(vp, "ufs_vinit"); 2179 if (ip->i_number == ROOTINO) 2180 vp->v_vflag |= VV_ROOT; 2181 ip->i_modrev = init_va_filerev(); 2182 *vpp = vp; 2183 return (0); 2184 } 2185 2186 /* 2187 * Allocate a new inode. 2188 * Vnode dvp must be locked. 2189 */ 2190 static int 2191 ufs_makeinode(mode, dvp, vpp, cnp) 2192 int mode; 2193 struct vnode *dvp; 2194 struct vnode **vpp; 2195 struct componentname *cnp; 2196 { 2197 struct inode *ip, *pdir; 2198 struct direct newdir; 2199 struct vnode *tvp; 2200 #ifdef UFS_ACL 2201 struct acl *acl; 2202 #endif 2203 int error; 2204 2205 pdir = VTOI(dvp); 2206 #ifdef DIAGNOSTIC 2207 if ((cnp->cn_flags & HASBUF) == 0) 2208 panic("ufs_makeinode: no name"); 2209 #endif 2210 *vpp = NULL; 2211 if ((mode & IFMT) == 0) 2212 mode |= IFREG; 2213 2214 error = UFS_VALLOC(dvp, mode, cnp->cn_cred, &tvp); 2215 if (error) 2216 return (error); 2217 ip = VTOI(tvp); 2218 ip->i_gid = pdir->i_gid; 2219 DIP_SET(ip, i_gid, pdir->i_gid); 2220 #ifdef SUIDDIR 2221 { 2222 #ifdef QUOTA 2223 struct ucred ucred, *ucp; 2224 ucp = cnp->cn_cred; 2225 #endif 2226 /* 2227 * If we are not the owner of the directory, 2228 * and we are hacking owners here, (only do this where told to) 2229 * and we are not giving it TO root, (would subvert quotas) 2230 * then go ahead and give it to the other user. 2231 * Note that this drops off the execute bits for security. 2232 */ 2233 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) && 2234 (pdir->i_mode & ISUID) && 2235 (pdir->i_uid != cnp->cn_cred->cr_uid) && pdir->i_uid) { 2236 ip->i_uid = pdir->i_uid; 2237 DIP_SET(ip, i_uid, ip->i_uid); 2238 mode &= ~07111; 2239 #ifdef QUOTA 2240 /* 2241 * Make sure the correct user gets charged 2242 * for the space. 2243 * Quickly knock up a dummy credential for the victim. 2244 * XXX This seems to never be accessed out of our 2245 * context so a stack variable is ok. 2246 */ 2247 refcount_init(&ucred.cr_ref, 1); 2248 ucred.cr_uid = ip->i_uid; 2249 ucred.cr_ngroups = 1; 2250 ucred.cr_groups[0] = pdir->i_gid; 2251 ucp = &ucred; 2252 #endif 2253 } else { 2254 ip->i_uid = cnp->cn_cred->cr_uid; 2255 DIP_SET(ip, i_uid, ip->i_uid); 2256 } 2257 2258 #ifdef QUOTA 2259 if ((error = getinoquota(ip)) || 2260 (error = chkiq(ip, 1, ucp, 0))) { 2261 UFS_VFREE(tvp, ip->i_number, mode); 2262 vput(tvp); 2263 return (error); 2264 } 2265 #endif 2266 } 2267 #else /* !SUIDDIR */ 2268 ip->i_uid = cnp->cn_cred->cr_uid; 2269 DIP_SET(ip, i_uid, ip->i_uid); 2270 #ifdef QUOTA 2271 if ((error = getinoquota(ip)) || 2272 (error = chkiq(ip, 1, cnp->cn_cred, 0))) { 2273 UFS_VFREE(tvp, ip->i_number, mode); 2274 vput(tvp); 2275 return (error); 2276 } 2277 #endif 2278 #endif /* !SUIDDIR */ 2279 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE; 2280 #ifdef UFS_ACL 2281 acl = NULL; 2282 if ((dvp->v_mount->mnt_flag & MNT_ACLS) != 0) { 2283 acl = uma_zalloc(acl_zone, M_WAITOK); 2284 2285 /* 2286 * Retrieve default ACL for parent, if any. 2287 */ 2288 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cnp->cn_cred, 2289 cnp->cn_thread); 2290 switch (error) { 2291 case 0: 2292 /* 2293 * Retrieved a default ACL, so merge mode and ACL if 2294 * necessary. 2295 */ 2296 if (acl->acl_cnt != 0) { 2297 /* 2298 * Two possible ways for default ACL to not 2299 * be present. First, the EA can be 2300 * undefined, or second, the default ACL can 2301 * be blank. If it's blank, fall through to 2302 * the it's not defined case. 2303 */ 2304 mode = acl_posix1e_newfilemode(mode, acl); 2305 ip->i_mode = mode; 2306 DIP_SET(ip, i_mode, mode); 2307 ufs_sync_acl_from_inode(ip, acl); 2308 break; 2309 } 2310 /* FALLTHROUGH */ 2311 2312 case EOPNOTSUPP: 2313 /* 2314 * Just use the mode as-is. 2315 */ 2316 ip->i_mode = mode; 2317 DIP_SET(ip, i_mode, mode); 2318 uma_zfree(acl_zone, acl); 2319 acl = NULL; 2320 break; 2321 2322 default: 2323 UFS_VFREE(tvp, ip->i_number, mode); 2324 vput(tvp); 2325 uma_zfree(acl_zone, acl); 2326 acl = NULL; 2327 return (error); 2328 } 2329 } else { 2330 #endif 2331 ip->i_mode = mode; 2332 DIP_SET(ip, i_mode, mode); 2333 #ifdef UFS_ACL 2334 } 2335 #endif 2336 tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */ 2337 ip->i_effnlink = 1; 2338 ip->i_nlink = 1; 2339 DIP_SET(ip, i_nlink, 1); 2340 if (DOINGSOFTDEP(tvp)) 2341 softdep_change_linkcnt(ip); 2342 if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) && 2343 suser_cred(cnp->cn_cred, SUSER_ALLOWJAIL)) { 2344 ip->i_mode &= ~ISGID; 2345 DIP_SET(ip, i_mode, ip->i_mode); 2346 } 2347 2348 if (cnp->cn_flags & ISWHITEOUT) { 2349 ip->i_flags |= UF_OPAQUE; 2350 DIP_SET(ip, i_flags, ip->i_flags); 2351 } 2352 2353 /* 2354 * Make sure inode goes to disk before directory entry. 2355 */ 2356 error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(tvp) | DOINGASYNC(tvp))); 2357 if (error) 2358 goto bad; 2359 #ifdef MAC 2360 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) { 2361 error = mac_create_vnode_extattr(cnp->cn_cred, dvp->v_mount, 2362 dvp, tvp, cnp); 2363 if (error) 2364 goto bad; 2365 } 2366 #endif 2367 #ifdef UFS_ACL 2368 if (acl != NULL) { 2369 /* 2370 * XXX: If we abort now, will Soft Updates notify the extattr 2371 * code that the EAs for the file need to be released? 2372 */ 2373 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cnp->cn_cred, 2374 cnp->cn_thread); 2375 switch (error) { 2376 case 0: 2377 break; 2378 2379 case EOPNOTSUPP: 2380 /* 2381 * XXX: This should not happen, as EOPNOTSUPP above was 2382 * supposed to free acl. 2383 */ 2384 printf("ufs_makeinode: VOP_GETACL() but no " 2385 "VOP_SETACL()\n"); 2386 /* panic("ufs_makeinode: VOP_GETACL() but no " 2387 "VOP_SETACL()"); */ 2388 break; 2389 2390 default: 2391 uma_zfree(acl_zone, acl); 2392 goto bad; 2393 } 2394 uma_zfree(acl_zone, acl); 2395 } 2396 #endif /* !UFS_ACL */ 2397 ufs_makedirentry(ip, cnp, &newdir); 2398 error = ufs_direnter(dvp, tvp, &newdir, cnp, NULL); 2399 if (error) 2400 goto bad; 2401 *vpp = tvp; 2402 return (0); 2403 2404 bad: 2405 /* 2406 * Write error occurred trying to update the inode 2407 * or the directory so must deallocate the inode. 2408 */ 2409 ip->i_effnlink = 0; 2410 ip->i_nlink = 0; 2411 DIP_SET(ip, i_nlink, 0); 2412 ip->i_flag |= IN_CHANGE; 2413 if (DOINGSOFTDEP(tvp)) 2414 softdep_change_linkcnt(ip); 2415 vput(tvp); 2416 return (error); 2417 } 2418 2419 /* Global vfs data structures for ufs. */ 2420 struct vop_vector ufs_vnodeops = { 2421 .vop_default = &default_vnodeops, 2422 .vop_fsync = VOP_PANIC, 2423 .vop_read = VOP_PANIC, 2424 .vop_reallocblks = VOP_PANIC, 2425 .vop_write = VOP_PANIC, 2426 .vop_access = ufs_access, 2427 .vop_advlock = ufs_advlock, 2428 .vop_bmap = ufs_bmap, 2429 .vop_cachedlookup = ufs_lookup, 2430 .vop_close = ufs_close, 2431 .vop_create = ufs_create, 2432 .vop_getattr = ufs_getattr, 2433 .vop_inactive = ufs_inactive, 2434 .vop_link = ufs_link, 2435 .vop_lookup = vfs_cache_lookup, 2436 .vop_mkdir = ufs_mkdir, 2437 .vop_mknod = ufs_mknod, 2438 .vop_open = ufs_open, 2439 .vop_pathconf = ufs_pathconf, 2440 .vop_poll = vop_stdpoll, 2441 .vop_print = ufs_print, 2442 .vop_readdir = ufs_readdir, 2443 .vop_readlink = ufs_readlink, 2444 .vop_reclaim = ufs_reclaim, 2445 .vop_remove = ufs_remove, 2446 .vop_rename = ufs_rename, 2447 .vop_rmdir = ufs_rmdir, 2448 .vop_setattr = ufs_setattr, 2449 #ifdef MAC 2450 .vop_setlabel = vop_stdsetlabel_ea, 2451 #endif 2452 .vop_strategy = ufs_strategy, 2453 .vop_symlink = ufs_symlink, 2454 .vop_whiteout = ufs_whiteout, 2455 #ifdef UFS_EXTATTR 2456 .vop_getextattr = ufs_getextattr, 2457 .vop_deleteextattr = ufs_deleteextattr, 2458 .vop_setextattr = ufs_setextattr, 2459 #endif 2460 #ifdef UFS_ACL 2461 .vop_getacl = ufs_getacl, 2462 .vop_setacl = ufs_setacl, 2463 .vop_aclcheck = ufs_aclcheck, 2464 #endif 2465 }; 2466 2467 struct vop_vector ufs_fifoops = { 2468 .vop_default = &fifo_specops, 2469 .vop_fsync = VOP_PANIC, 2470 .vop_access = ufs_access, 2471 .vop_close = ufsfifo_close, 2472 .vop_getattr = ufs_getattr, 2473 .vop_inactive = ufs_inactive, 2474 .vop_kqfilter = ufsfifo_kqfilter, 2475 .vop_print = ufs_print, 2476 .vop_read = VOP_PANIC, 2477 .vop_reclaim = ufs_reclaim, 2478 .vop_setattr = ufs_setattr, 2479 #ifdef MAC 2480 .vop_setlabel = vop_stdsetlabel_ea, 2481 #endif 2482 .vop_write = VOP_PANIC, 2483 #ifdef UFS_EXTATTR 2484 .vop_getextattr = ufs_getextattr, 2485 .vop_deleteextattr = ufs_deleteextattr, 2486 .vop_setextattr = ufs_setextattr, 2487 #endif 2488 #ifdef UFS_ACL 2489 .vop_getacl = ufs_getacl, 2490 .vop_setacl = ufs_setacl, 2491 .vop_aclcheck = ufs_aclcheck, 2492 #endif 2493 };
Cache object: 39b3b2aebd42d7d1d4112db2cd08c773
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]