1 /*-
2 * Copyright (c) 1982, 1986, 1989, 1993, 1995
3 * The Regents of the University of California. All rights reserved.
4 * (c) UNIX System Laboratories, Inc.
5 * All or some portions of this file are derived from material licensed
6 * to the University of California by American Telephone and Telegraph
7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
8 * the permission of UNIX System Laboratories, Inc.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 4. Neither the name of the University nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *
34 * @(#)ufs_vnops.c 8.27 (Berkeley) 5/27/95
35 */
36
37 #include <sys/cdefs.h>
38 __FBSDID("$FreeBSD: releng/6.3/sys/ufs/ufs/ufs_vnops.c 167362 2007-03-09 13:54:26Z kib $");
39
40 #include "opt_mac.h"
41 #include "opt_quota.h"
42 #include "opt_suiddir.h"
43 #include "opt_ufs.h"
44 #include "opt_ffs.h"
45
46 #include <sys/param.h>
47 #include <sys/systm.h>
48 #include <sys/malloc.h>
49 #include <sys/namei.h>
50 #include <sys/kernel.h>
51 #include <sys/fcntl.h>
52 #include <sys/stat.h>
53 #include <sys/bio.h>
54 #include <sys/buf.h>
55 #include <sys/mount.h>
56 #include <sys/refcount.h>
57 #include <sys/unistd.h>
58 #include <sys/vnode.h>
59 #include <sys/dirent.h>
60 #include <sys/lockf.h>
61 #include <sys/conf.h>
62 #include <sys/acl.h>
63 #include <sys/mac.h>
64 #include <sys/jail.h>
65
66 #include <machine/mutex.h>
67
68 #include <sys/file.h> /* XXX */
69
70 #include <vm/vm.h>
71 #include <vm/vm_extern.h>
72
73 #include <fs/fifofs/fifo.h>
74
75 #include <ufs/ufs/acl.h>
76 #include <ufs/ufs/extattr.h>
77 #include <ufs/ufs/quota.h>
78 #include <ufs/ufs/inode.h>
79 #include <ufs/ufs/dir.h>
80 #include <ufs/ufs/ufsmount.h>
81 #include <ufs/ufs/ufs_extern.h>
82 #ifdef UFS_DIRHASH
83 #include <ufs/ufs/dirhash.h>
84 #endif
85
86 #include <ufs/ffs/ffs_extern.h>
87
88 static vop_access_t ufs_access;
89 static vop_advlock_t ufs_advlock;
90 static int ufs_chmod(struct vnode *, int, struct ucred *, struct thread *);
91 static int ufs_chown(struct vnode *, uid_t, gid_t, struct ucred *, struct thread *);
92 static vop_close_t ufs_close;
93 static vop_create_t ufs_create;
94 static vop_getattr_t ufs_getattr;
95 static vop_link_t ufs_link;
96 static int ufs_makeinode(int mode, struct vnode *, struct vnode **, struct componentname *);
97 static vop_mkdir_t ufs_mkdir;
98 static vop_mknod_t ufs_mknod;
99 static vop_open_t ufs_open;
100 static vop_pathconf_t ufs_pathconf;
101 static vop_print_t ufs_print;
102 static vop_readlink_t ufs_readlink;
103 static vop_remove_t ufs_remove;
104 static vop_rename_t ufs_rename;
105 static vop_rmdir_t ufs_rmdir;
106 static vop_setattr_t ufs_setattr;
107 static vop_strategy_t ufs_strategy;
108 static vop_symlink_t ufs_symlink;
109 static vop_whiteout_t ufs_whiteout;
110 static vop_close_t ufsfifo_close;
111 static vop_kqfilter_t ufsfifo_kqfilter;
112
113 /*
114 * A virgin directory (no blushing please).
115 */
116 static struct dirtemplate mastertemplate = {
117 0, 12, DT_DIR, 1, ".",
118 0, DIRBLKSIZ - 12, DT_DIR, 2, ".."
119 };
120 static struct odirtemplate omastertemplate = {
121 0, 12, 1, ".",
122 0, DIRBLKSIZ - 12, 2, ".."
123 };
124
125 void
126 ufs_itimes(vp)
127 struct vnode *vp;
128 {
129 struct inode *ip;
130 struct timespec ts;
131
132 ip = VTOI(vp);
133 VI_LOCK(vp);
134 if ((vp->v_mount->mnt_flag & MNT_RDONLY) != 0)
135 goto out;
136 if ((ip->i_flag & (IN_ACCESS | IN_CHANGE | IN_UPDATE)) == 0) {
137 VI_UNLOCK(vp);
138 return;
139 }
140
141 if ((vp->v_type == VBLK || vp->v_type == VCHR) && !DOINGSOFTDEP(vp))
142 ip->i_flag |= IN_LAZYMOD;
143 else if (((vp->v_mount->mnt_kern_flag &
144 (MNTK_SUSPENDED | MNTK_SUSPEND)) == 0) ||
145 (ip->i_flag & (IN_CHANGE | IN_UPDATE)))
146 ip->i_flag |= IN_MODIFIED;
147 else if (ip->i_flag & IN_ACCESS)
148 ip->i_flag |= IN_LAZYACCESS;
149 vfs_timestamp(&ts);
150 if (ip->i_flag & IN_ACCESS) {
151 DIP_SET(ip, i_atime, ts.tv_sec);
152 DIP_SET(ip, i_atimensec, ts.tv_nsec);
153 }
154 if (ip->i_flag & IN_UPDATE) {
155 DIP_SET(ip, i_mtime, ts.tv_sec);
156 DIP_SET(ip, i_mtimensec, ts.tv_nsec);
157 ip->i_modrev++;
158 }
159 if (ip->i_flag & IN_CHANGE) {
160 DIP_SET(ip, i_ctime, ts.tv_sec);
161 DIP_SET(ip, i_ctimensec, ts.tv_nsec);
162 }
163
164 out:
165 ip->i_flag &= ~(IN_ACCESS | IN_CHANGE | IN_UPDATE);
166 VI_UNLOCK(vp);
167 }
168
169 /*
170 * Create a regular file
171 */
172 static int
173 ufs_create(ap)
174 struct vop_create_args /* {
175 struct vnode *a_dvp;
176 struct vnode **a_vpp;
177 struct componentname *a_cnp;
178 struct vattr *a_vap;
179 } */ *ap;
180 {
181 int error;
182
183 error =
184 ufs_makeinode(MAKEIMODE(ap->a_vap->va_type, ap->a_vap->va_mode),
185 ap->a_dvp, ap->a_vpp, ap->a_cnp);
186 if (error)
187 return (error);
188 return (0);
189 }
190
191 /*
192 * Mknod vnode call
193 */
194 /* ARGSUSED */
195 static int
196 ufs_mknod(ap)
197 struct vop_mknod_args /* {
198 struct vnode *a_dvp;
199 struct vnode **a_vpp;
200 struct componentname *a_cnp;
201 struct vattr *a_vap;
202 } */ *ap;
203 {
204 struct vattr *vap = ap->a_vap;
205 struct vnode **vpp = ap->a_vpp;
206 struct inode *ip;
207 ino_t ino;
208 int error;
209
210 error = ufs_makeinode(MAKEIMODE(vap->va_type, vap->va_mode),
211 ap->a_dvp, vpp, ap->a_cnp);
212 if (error)
213 return (error);
214 ip = VTOI(*vpp);
215 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE;
216 if (vap->va_rdev != VNOVAL) {
217 /*
218 * Want to be able to use this to make badblock
219 * inodes, so don't truncate the dev number.
220 */
221 DIP_SET(ip, i_rdev, vap->va_rdev);
222 }
223 /*
224 * Remove inode, then reload it through VFS_VGET so it is
225 * checked to see if it is an alias of an existing entry in
226 * the inode cache. XXX I don't believe this is necessary now.
227 */
228 (*vpp)->v_type = VNON;
229 ino = ip->i_number; /* Save this before vgone() invalidates ip. */
230 vgone(*vpp);
231 vput(*vpp);
232 error = VFS_VGET(ap->a_dvp->v_mount, ino, LK_EXCLUSIVE, vpp);
233 if (error) {
234 *vpp = NULL;
235 return (error);
236 }
237 return (0);
238 }
239
240 /*
241 * Open called.
242 */
243 /* ARGSUSED */
244 static int
245 ufs_open(struct vop_open_args *ap)
246 {
247 struct vnode *vp = ap->a_vp;
248 struct inode *ip;
249
250 if (vp->v_type == VCHR || vp->v_type == VBLK)
251 return (EOPNOTSUPP);
252
253 ip = VTOI(vp);
254 /*
255 * Files marked append-only must be opened for appending.
256 */
257 if ((ip->i_flags & APPEND) &&
258 (ap->a_mode & (FWRITE | O_APPEND)) == FWRITE)
259 return (EPERM);
260 vnode_create_vobject_off(vp, DIP(ip, i_size), ap->a_td);
261 return (0);
262 }
263
264 /*
265 * Close called.
266 *
267 * Update the times on the inode.
268 */
269 /* ARGSUSED */
270 static int
271 ufs_close(ap)
272 struct vop_close_args /* {
273 struct vnode *a_vp;
274 int a_fflag;
275 struct ucred *a_cred;
276 struct thread *a_td;
277 } */ *ap;
278 {
279 struct vnode *vp = ap->a_vp;
280 int usecount;
281
282 VI_LOCK(vp);
283 usecount = vp->v_usecount;
284 VI_UNLOCK(vp);
285 if (usecount > 1)
286 ufs_itimes(vp);
287 return (0);
288 }
289
290 static int
291 ufs_access(ap)
292 struct vop_access_args /* {
293 struct vnode *a_vp;
294 int a_mode;
295 struct ucred *a_cred;
296 struct thread *a_td;
297 } */ *ap;
298 {
299 struct vnode *vp = ap->a_vp;
300 struct inode *ip = VTOI(vp);
301 mode_t mode = ap->a_mode;
302 int error;
303 #ifdef UFS_ACL
304 struct acl *acl;
305 #endif
306
307 /*
308 * Disallow write attempts on read-only filesystems;
309 * unless the file is a socket, fifo, or a block or
310 * character device resident on the filesystem.
311 */
312 if (mode & VWRITE) {
313 switch (vp->v_type) {
314 case VDIR:
315 case VLNK:
316 case VREG:
317 if (vp->v_mount->mnt_flag & MNT_RDONLY)
318 return (EROFS);
319 #ifdef QUOTA
320 if ((error = getinoquota(ip)) != 0)
321 return (error);
322 #endif
323 break;
324 default:
325 break;
326 }
327 }
328
329 /* If immutable bit set, nobody gets to write it. */
330 if ((mode & VWRITE) && (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT)))
331 return (EPERM);
332
333 #ifdef UFS_ACL
334 if ((vp->v_mount->mnt_flag & MNT_ACLS) != 0) {
335 acl = uma_zalloc(acl_zone, M_WAITOK);
336 error = VOP_GETACL(vp, ACL_TYPE_ACCESS, acl, ap->a_cred,
337 ap->a_td);
338 switch (error) {
339 case EOPNOTSUPP:
340 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid,
341 ip->i_gid, ap->a_mode, ap->a_cred, NULL);
342 break;
343 case 0:
344 error = vaccess_acl_posix1e(vp->v_type, ip->i_uid,
345 ip->i_gid, acl, ap->a_mode, ap->a_cred, NULL);
346 break;
347 default:
348 printf(
349 "ufs_access(): Error retrieving ACL on object (%d).\n",
350 error);
351 /*
352 * XXX: Fall back until debugged. Should
353 * eventually possibly log an error, and return
354 * EPERM for safety.
355 */
356 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid,
357 ip->i_gid, ap->a_mode, ap->a_cred, NULL);
358 }
359 uma_zfree(acl_zone, acl);
360 } else
361 #endif /* !UFS_ACL */
362 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, ip->i_gid,
363 ap->a_mode, ap->a_cred, NULL);
364 return (error);
365 }
366
367 /* ARGSUSED */
368 static int
369 ufs_getattr(ap)
370 struct vop_getattr_args /* {
371 struct vnode *a_vp;
372 struct vattr *a_vap;
373 struct ucred *a_cred;
374 struct thread *a_td;
375 } */ *ap;
376 {
377 struct vnode *vp = ap->a_vp;
378 struct inode *ip = VTOI(vp);
379 struct vattr *vap = ap->a_vap;
380
381 ufs_itimes(vp);
382 /*
383 * Copy from inode table
384 */
385 vap->va_fsid = dev2udev(ip->i_dev);
386 vap->va_fileid = ip->i_number;
387 vap->va_mode = ip->i_mode & ~IFMT;
388 vap->va_nlink = ip->i_effnlink;
389 vap->va_uid = ip->i_uid;
390 vap->va_gid = ip->i_gid;
391 if (ip->i_ump->um_fstype == UFS1) {
392 vap->va_rdev = ip->i_din1->di_rdev;
393 vap->va_size = ip->i_din1->di_size;
394 VI_LOCK(vp);
395 vap->va_atime.tv_sec = ip->i_din1->di_atime;
396 vap->va_atime.tv_nsec = ip->i_din1->di_atimensec;
397 VI_UNLOCK(vp);
398 vap->va_mtime.tv_sec = ip->i_din1->di_mtime;
399 vap->va_mtime.tv_nsec = ip->i_din1->di_mtimensec;
400 vap->va_ctime.tv_sec = ip->i_din1->di_ctime;
401 vap->va_ctime.tv_nsec = ip->i_din1->di_ctimensec;
402 vap->va_birthtime.tv_sec = 0;
403 vap->va_birthtime.tv_nsec = 0;
404 vap->va_bytes = dbtob((u_quad_t)ip->i_din1->di_blocks);
405 } else {
406 vap->va_rdev = ip->i_din2->di_rdev;
407 vap->va_size = ip->i_din2->di_size;
408 VI_LOCK(vp);
409 vap->va_atime.tv_sec = ip->i_din2->di_atime;
410 vap->va_atime.tv_nsec = ip->i_din2->di_atimensec;
411 VI_UNLOCK(vp);
412 vap->va_mtime.tv_sec = ip->i_din2->di_mtime;
413 vap->va_mtime.tv_nsec = ip->i_din2->di_mtimensec;
414 vap->va_ctime.tv_sec = ip->i_din2->di_ctime;
415 vap->va_ctime.tv_nsec = ip->i_din2->di_ctimensec;
416 vap->va_birthtime.tv_sec = ip->i_din2->di_birthtime;
417 vap->va_birthtime.tv_nsec = ip->i_din2->di_birthnsec;
418 vap->va_bytes = dbtob((u_quad_t)ip->i_din2->di_blocks);
419 }
420 vap->va_flags = ip->i_flags;
421 vap->va_gen = ip->i_gen;
422 vap->va_blocksize = vp->v_mount->mnt_stat.f_iosize;
423 vap->va_type = IFTOVT(ip->i_mode);
424 vap->va_filerev = ip->i_modrev;
425 return (0);
426 }
427
428 /*
429 * Set attribute vnode op. called from several syscalls
430 */
431 static int
432 ufs_setattr(ap)
433 struct vop_setattr_args /* {
434 struct vnode *a_vp;
435 struct vattr *a_vap;
436 struct ucred *a_cred;
437 struct thread *a_td;
438 } */ *ap;
439 {
440 struct vattr *vap = ap->a_vap;
441 struct vnode *vp = ap->a_vp;
442 struct inode *ip = VTOI(vp);
443 struct ucred *cred = ap->a_cred;
444 struct thread *td = ap->a_td;
445 int error;
446
447 /*
448 * Check for unsettable attributes.
449 */
450 if ((vap->va_type != VNON) || (vap->va_nlink != VNOVAL) ||
451 (vap->va_fsid != VNOVAL) || (vap->va_fileid != VNOVAL) ||
452 (vap->va_blocksize != VNOVAL) || (vap->va_rdev != VNOVAL) ||
453 ((int)vap->va_bytes != VNOVAL) || (vap->va_gen != VNOVAL)) {
454 return (EINVAL);
455 }
456 /*
457 * Mark for update the file's access time for vfs_mark_atime().
458 * We are doing this here to avoid some of the checks done
459 * below -- this operation is done by request of the kernel and
460 * should bypass some security checks. Things like read-only
461 * checks get handled by other levels (e.g., ffs_update()).
462 */
463 if (vap->va_vaflags & VA_MARK_ATIME) {
464 ip->i_flag |= IN_ACCESS;
465 return (0);
466 }
467 if (vap->va_flags != VNOVAL) {
468 if (vp->v_mount->mnt_flag & MNT_RDONLY)
469 return (EROFS);
470 /*
471 * Callers may only modify the file flags on objects they
472 * have VADMIN rights for.
473 */
474 if ((error = VOP_ACCESS(vp, VADMIN, cred, td)))
475 return (error);
476 /*
477 * Unprivileged processes are not permitted to unset system
478 * flags, or modify flags if any system flags are set.
479 * Privileged non-jail processes may not modify system flags
480 * if securelevel > 0 and any existing system flags are set.
481 * Privileged jail processes behave like privileged non-jail
482 * processes if the security.jail.chflags_allowed sysctl is
483 * is non-zero; otherwise, they behave like unprivileged
484 * processes.
485 */
486 if (!suser_cred(cred,
487 jail_chflags_allowed ? SUSER_ALLOWJAIL : 0)) {
488 if (ip->i_flags
489 & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) {
490 error = securelevel_gt(cred, 0);
491 if (error)
492 return (error);
493 }
494 /* Snapshot flag cannot be set or cleared */
495 if (((vap->va_flags & SF_SNAPSHOT) != 0 &&
496 (ip->i_flags & SF_SNAPSHOT) == 0) ||
497 ((vap->va_flags & SF_SNAPSHOT) == 0 &&
498 (ip->i_flags & SF_SNAPSHOT) != 0))
499 return (EPERM);
500 ip->i_flags = vap->va_flags;
501 DIP_SET(ip, i_flags, vap->va_flags);
502 } else {
503 if (ip->i_flags
504 & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND) ||
505 (vap->va_flags & UF_SETTABLE) != vap->va_flags)
506 return (EPERM);
507 ip->i_flags &= SF_SETTABLE;
508 ip->i_flags |= (vap->va_flags & UF_SETTABLE);
509 DIP_SET(ip, i_flags, ip->i_flags);
510 }
511 ip->i_flag |= IN_CHANGE;
512 if (vap->va_flags & (IMMUTABLE | APPEND))
513 return (0);
514 }
515 if (ip->i_flags & (IMMUTABLE | APPEND))
516 return (EPERM);
517 /*
518 * Go through the fields and update iff not VNOVAL.
519 */
520 if (vap->va_uid != (uid_t)VNOVAL || vap->va_gid != (gid_t)VNOVAL) {
521 if (vp->v_mount->mnt_flag & MNT_RDONLY)
522 return (EROFS);
523 if ((error = ufs_chown(vp, vap->va_uid, vap->va_gid, cred,
524 td)) != 0)
525 return (error);
526 }
527 if (vap->va_size != VNOVAL) {
528 /*
529 * XXX most of the following special cases should be in
530 * callers instead of in N filesystems. The VDIR check
531 * mostly already is.
532 */
533 switch (vp->v_type) {
534 case VDIR:
535 return (EISDIR);
536 case VLNK:
537 case VREG:
538 /*
539 * Truncation should have an effect in these cases.
540 * Disallow it if the filesystem is read-only or
541 * the file is being snapshotted.
542 */
543 if (vp->v_mount->mnt_flag & MNT_RDONLY)
544 return (EROFS);
545 if ((ip->i_flags & SF_SNAPSHOT) != 0)
546 return (EPERM);
547 break;
548 default:
549 /*
550 * According to POSIX, the result is unspecified
551 * for file types other than regular files,
552 * directories and shared memory objects. We
553 * don't support shared memory objects in the file
554 * system, and have dubious support for truncating
555 * symlinks. Just ignore the request in other cases.
556 */
557 return (0);
558 }
559 if ((error = UFS_TRUNCATE(vp, vap->va_size, IO_NORMAL,
560 cred, td)) != 0)
561 return (error);
562 }
563 if (vap->va_atime.tv_sec != VNOVAL ||
564 vap->va_mtime.tv_sec != VNOVAL ||
565 vap->va_birthtime.tv_sec != VNOVAL) {
566 if (vp->v_mount->mnt_flag & MNT_RDONLY)
567 return (EROFS);
568 if ((ip->i_flags & SF_SNAPSHOT) != 0)
569 return (EPERM);
570 /*
571 * From utimes(2):
572 * If times is NULL, ... The caller must be the owner of
573 * the file, have permission to write the file, or be the
574 * super-user.
575 * If times is non-NULL, ... The caller must be the owner of
576 * the file or be the super-user.
577 */
578 if ((error = VOP_ACCESS(vp, VADMIN, cred, td)) &&
579 ((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
580 (error = VOP_ACCESS(vp, VWRITE, cred, td))))
581 return (error);
582 if (vap->va_atime.tv_sec != VNOVAL)
583 ip->i_flag |= IN_ACCESS;
584 if (vap->va_mtime.tv_sec != VNOVAL)
585 ip->i_flag |= IN_CHANGE | IN_UPDATE;
586 if (vap->va_birthtime.tv_sec != VNOVAL &&
587 ip->i_ump->um_fstype == UFS2)
588 ip->i_flag |= IN_MODIFIED;
589 ufs_itimes(vp);
590 if (vap->va_atime.tv_sec != VNOVAL) {
591 DIP_SET(ip, i_atime, vap->va_atime.tv_sec);
592 DIP_SET(ip, i_atimensec, vap->va_atime.tv_nsec);
593 }
594 if (vap->va_mtime.tv_sec != VNOVAL) {
595 DIP_SET(ip, i_mtime, vap->va_mtime.tv_sec);
596 DIP_SET(ip, i_mtimensec, vap->va_mtime.tv_nsec);
597 }
598 if (vap->va_birthtime.tv_sec != VNOVAL &&
599 ip->i_ump->um_fstype == UFS2) {
600 ip->i_din2->di_birthtime = vap->va_birthtime.tv_sec;
601 ip->i_din2->di_birthnsec = vap->va_birthtime.tv_nsec;
602 }
603 error = UFS_UPDATE(vp, 0);
604 if (error)
605 return (error);
606 }
607 error = 0;
608 if (vap->va_mode != (mode_t)VNOVAL) {
609 if (vp->v_mount->mnt_flag & MNT_RDONLY)
610 return (EROFS);
611 if ((ip->i_flags & SF_SNAPSHOT) != 0 && (vap->va_mode &
612 (S_IXUSR | S_IWUSR | S_IXGRP | S_IWGRP | S_IXOTH | S_IWOTH)))
613 return (EPERM);
614 error = ufs_chmod(vp, (int)vap->va_mode, cred, td);
615 }
616 return (error);
617 }
618
619 /*
620 * Change the mode on a file.
621 * Inode must be locked before calling.
622 */
623 static int
624 ufs_chmod(vp, mode, cred, td)
625 struct vnode *vp;
626 int mode;
627 struct ucred *cred;
628 struct thread *td;
629 {
630 struct inode *ip = VTOI(vp);
631 int error;
632
633 /*
634 * To modify the permissions on a file, must possess VADMIN
635 * for that file.
636 */
637 if ((error = VOP_ACCESS(vp, VADMIN, cred, td)))
638 return (error);
639 /*
640 * Privileged processes may set the sticky bit on non-directories,
641 * as well as set the setgid bit on a file with a group that the
642 * process is not a member of. Both of these are allowed in
643 * jail(8).
644 */
645 if (vp->v_type != VDIR && (mode & S_ISTXT)) {
646 if (suser_cred(cred, SUSER_ALLOWJAIL))
647 return (EFTYPE);
648 }
649 if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) {
650 error = suser_cred(cred, SUSER_ALLOWJAIL);
651 if (error)
652 return (error);
653 }
654 ip->i_mode &= ~ALLPERMS;
655 ip->i_mode |= (mode & ALLPERMS);
656 DIP_SET(ip, i_mode, ip->i_mode);
657 ip->i_flag |= IN_CHANGE;
658 return (0);
659 }
660
661 /*
662 * Perform chown operation on inode ip;
663 * inode must be locked prior to call.
664 */
665 static int
666 ufs_chown(vp, uid, gid, cred, td)
667 struct vnode *vp;
668 uid_t uid;
669 gid_t gid;
670 struct ucred *cred;
671 struct thread *td;
672 {
673 struct inode *ip = VTOI(vp);
674 uid_t ouid;
675 gid_t ogid;
676 int error = 0;
677 #ifdef QUOTA
678 int i;
679 ufs2_daddr_t change;
680 #endif
681
682 if (uid == (uid_t)VNOVAL)
683 uid = ip->i_uid;
684 if (gid == (gid_t)VNOVAL)
685 gid = ip->i_gid;
686 /*
687 * To modify the ownership of a file, must possess VADMIN
688 * for that file.
689 */
690 if ((error = VOP_ACCESS(vp, VADMIN, cred, td)))
691 return (error);
692 /*
693 * To change the owner of a file, or change the group of a file
694 * to a group of which we are not a member, the caller must
695 * have privilege.
696 */
697 if ((uid != ip->i_uid ||
698 (gid != ip->i_gid && !groupmember(gid, cred))) &&
699 (error = suser_cred(cred, SUSER_ALLOWJAIL)))
700 return (error);
701 ogid = ip->i_gid;
702 ouid = ip->i_uid;
703 #ifdef QUOTA
704 if ((error = getinoquota(ip)) != 0)
705 return (error);
706 if (ouid == uid) {
707 dqrele(vp, ip->i_dquot[USRQUOTA]);
708 ip->i_dquot[USRQUOTA] = NODQUOT;
709 }
710 if (ogid == gid) {
711 dqrele(vp, ip->i_dquot[GRPQUOTA]);
712 ip->i_dquot[GRPQUOTA] = NODQUOT;
713 }
714 change = DIP(ip, i_blocks);
715 (void) chkdq(ip, -change, cred, CHOWN);
716 (void) chkiq(ip, -1, cred, CHOWN);
717 for (i = 0; i < MAXQUOTAS; i++) {
718 dqrele(vp, ip->i_dquot[i]);
719 ip->i_dquot[i] = NODQUOT;
720 }
721 #endif
722 ip->i_gid = gid;
723 DIP_SET(ip, i_gid, gid);
724 ip->i_uid = uid;
725 DIP_SET(ip, i_uid, uid);
726 #ifdef QUOTA
727 if ((error = getinoquota(ip)) == 0) {
728 if (ouid == uid) {
729 dqrele(vp, ip->i_dquot[USRQUOTA]);
730 ip->i_dquot[USRQUOTA] = NODQUOT;
731 }
732 if (ogid == gid) {
733 dqrele(vp, ip->i_dquot[GRPQUOTA]);
734 ip->i_dquot[GRPQUOTA] = NODQUOT;
735 }
736 if ((error = chkdq(ip, change, cred, CHOWN)) == 0) {
737 if ((error = chkiq(ip, 1, cred, CHOWN)) == 0)
738 goto good;
739 else
740 (void) chkdq(ip, -change, cred, CHOWN|FORCE);
741 }
742 for (i = 0; i < MAXQUOTAS; i++) {
743 dqrele(vp, ip->i_dquot[i]);
744 ip->i_dquot[i] = NODQUOT;
745 }
746 }
747 ip->i_gid = ogid;
748 DIP_SET(ip, i_gid, ogid);
749 ip->i_uid = ouid;
750 DIP_SET(ip, i_uid, ouid);
751 if (getinoquota(ip) == 0) {
752 if (ouid == uid) {
753 dqrele(vp, ip->i_dquot[USRQUOTA]);
754 ip->i_dquot[USRQUOTA] = NODQUOT;
755 }
756 if (ogid == gid) {
757 dqrele(vp, ip->i_dquot[GRPQUOTA]);
758 ip->i_dquot[GRPQUOTA] = NODQUOT;
759 }
760 (void) chkdq(ip, change, cred, FORCE|CHOWN);
761 (void) chkiq(ip, 1, cred, FORCE|CHOWN);
762 (void) getinoquota(ip);
763 }
764 return (error);
765 good:
766 if (getinoquota(ip))
767 panic("ufs_chown: lost quota");
768 #endif /* QUOTA */
769 ip->i_flag |= IN_CHANGE;
770 if (suser_cred(cred, SUSER_ALLOWJAIL) && (ouid != uid || ogid != gid)) {
771 ip->i_mode &= ~(ISUID | ISGID);
772 DIP_SET(ip, i_mode, ip->i_mode);
773 }
774 return (0);
775 }
776
777 static int
778 ufs_remove(ap)
779 struct vop_remove_args /* {
780 struct vnode *a_dvp;
781 struct vnode *a_vp;
782 struct componentname *a_cnp;
783 } */ *ap;
784 {
785 struct inode *ip;
786 struct vnode *vp = ap->a_vp;
787 struct vnode *dvp = ap->a_dvp;
788 int error;
789 struct thread *td;
790
791 td = curthread;
792 ip = VTOI(vp);
793 if ((ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) ||
794 (VTOI(dvp)->i_flags & APPEND)) {
795 error = EPERM;
796 goto out;
797 }
798 error = ufs_dirremove(dvp, ip, ap->a_cnp->cn_flags, 0);
799 if (ip->i_nlink <= 0)
800 vp->v_vflag |= VV_NOSYNC;
801 if ((ip->i_flags & SF_SNAPSHOT) != 0) {
802 /*
803 * Avoid deadlock where another thread is trying to
804 * update the inodeblock for dvp and is waiting on
805 * snaplk. Temporary unlock the vnode lock for the
806 * unlinked file and sync the directory. This should
807 * allow vput() of the directory to not block later on
808 * while holding the snapshot vnode locked, assuming
809 * that the directory hasn't been unlinked too.
810 */
811 VOP_UNLOCK(vp, 0, td);
812 (void) VOP_FSYNC(dvp, MNT_WAIT, td);
813 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
814 }
815 out:
816 return (error);
817 }
818
819 /*
820 * link vnode call
821 */
822 static int
823 ufs_link(ap)
824 struct vop_link_args /* {
825 struct vnode *a_tdvp;
826 struct vnode *a_vp;
827 struct componentname *a_cnp;
828 } */ *ap;
829 {
830 struct vnode *vp = ap->a_vp;
831 struct vnode *tdvp = ap->a_tdvp;
832 struct componentname *cnp = ap->a_cnp;
833 struct inode *ip;
834 struct direct newdir;
835 int error;
836
837 #ifdef DIAGNOSTIC
838 if ((cnp->cn_flags & HASBUF) == 0)
839 panic("ufs_link: no name");
840 #endif
841 if (tdvp->v_mount != vp->v_mount) {
842 error = EXDEV;
843 goto out;
844 }
845 ip = VTOI(vp);
846 if ((nlink_t)ip->i_nlink >= LINK_MAX) {
847 error = EMLINK;
848 goto out;
849 }
850 if (ip->i_flags & (IMMUTABLE | APPEND)) {
851 error = EPERM;
852 goto out;
853 }
854 ip->i_effnlink++;
855 ip->i_nlink++;
856 DIP_SET(ip, i_nlink, ip->i_nlink);
857 ip->i_flag |= IN_CHANGE;
858 if (DOINGSOFTDEP(vp))
859 softdep_change_linkcnt(ip);
860 error = UFS_UPDATE(vp, !(DOINGSOFTDEP(vp) | DOINGASYNC(vp)));
861 if (!error) {
862 ufs_makedirentry(ip, cnp, &newdir);
863 error = ufs_direnter(tdvp, vp, &newdir, cnp, NULL);
864 }
865
866 if (error) {
867 ip->i_effnlink--;
868 ip->i_nlink--;
869 DIP_SET(ip, i_nlink, ip->i_nlink);
870 ip->i_flag |= IN_CHANGE;
871 if (DOINGSOFTDEP(vp))
872 softdep_change_linkcnt(ip);
873 }
874 out:
875 return (error);
876 }
877
878 /*
879 * whiteout vnode call
880 */
881 static int
882 ufs_whiteout(ap)
883 struct vop_whiteout_args /* {
884 struct vnode *a_dvp;
885 struct componentname *a_cnp;
886 int a_flags;
887 } */ *ap;
888 {
889 struct vnode *dvp = ap->a_dvp;
890 struct componentname *cnp = ap->a_cnp;
891 struct direct newdir;
892 int error = 0;
893
894 switch (ap->a_flags) {
895 case LOOKUP:
896 /* 4.4 format directories support whiteout operations */
897 if (dvp->v_mount->mnt_maxsymlinklen > 0)
898 return (0);
899 return (EOPNOTSUPP);
900
901 case CREATE:
902 /* create a new directory whiteout */
903 #ifdef DIAGNOSTIC
904 if ((cnp->cn_flags & SAVENAME) == 0)
905 panic("ufs_whiteout: missing name");
906 if (dvp->v_mount->mnt_maxsymlinklen <= 0)
907 panic("ufs_whiteout: old format filesystem");
908 #endif
909
910 newdir.d_ino = WINO;
911 newdir.d_namlen = cnp->cn_namelen;
912 bcopy(cnp->cn_nameptr, newdir.d_name, (unsigned)cnp->cn_namelen + 1);
913 newdir.d_type = DT_WHT;
914 error = ufs_direnter(dvp, NULL, &newdir, cnp, NULL);
915 break;
916
917 case DELETE:
918 /* remove an existing directory whiteout */
919 #ifdef DIAGNOSTIC
920 if (dvp->v_mount->mnt_maxsymlinklen <= 0)
921 panic("ufs_whiteout: old format filesystem");
922 #endif
923
924 cnp->cn_flags &= ~DOWHITEOUT;
925 error = ufs_dirremove(dvp, NULL, cnp->cn_flags, 0);
926 break;
927 default:
928 panic("ufs_whiteout: unknown op");
929 }
930 return (error);
931 }
932
933 /*
934 * Rename system call.
935 * rename("foo", "bar");
936 * is essentially
937 * unlink("bar");
938 * link("foo", "bar");
939 * unlink("foo");
940 * but ``atomically''. Can't do full commit without saving state in the
941 * inode on disk which isn't feasible at this time. Best we can do is
942 * always guarantee the target exists.
943 *
944 * Basic algorithm is:
945 *
946 * 1) Bump link count on source while we're linking it to the
947 * target. This also ensure the inode won't be deleted out
948 * from underneath us while we work (it may be truncated by
949 * a concurrent `trunc' or `open' for creation).
950 * 2) Link source to destination. If destination already exists,
951 * delete it first.
952 * 3) Unlink source reference to inode if still around. If a
953 * directory was moved and the parent of the destination
954 * is different from the source, patch the ".." entry in the
955 * directory.
956 */
957 static int
958 ufs_rename(ap)
959 struct vop_rename_args /* {
960 struct vnode *a_fdvp;
961 struct vnode *a_fvp;
962 struct componentname *a_fcnp;
963 struct vnode *a_tdvp;
964 struct vnode *a_tvp;
965 struct componentname *a_tcnp;
966 } */ *ap;
967 {
968 struct vnode *tvp = ap->a_tvp;
969 struct vnode *tdvp = ap->a_tdvp;
970 struct vnode *fvp = ap->a_fvp;
971 struct vnode *fdvp = ap->a_fdvp;
972 struct componentname *tcnp = ap->a_tcnp;
973 struct componentname *fcnp = ap->a_fcnp;
974 struct thread *td = fcnp->cn_thread;
975 struct inode *ip, *xp, *dp;
976 struct direct newdir;
977 int doingdirectory = 0, oldparent = 0, newparent = 0;
978 int error = 0, ioflag;
979
980 #ifdef DIAGNOSTIC
981 if ((tcnp->cn_flags & HASBUF) == 0 ||
982 (fcnp->cn_flags & HASBUF) == 0)
983 panic("ufs_rename: no name");
984 #endif
985 /*
986 * Check for cross-device rename.
987 */
988 if ((fvp->v_mount != tdvp->v_mount) ||
989 (tvp && (fvp->v_mount != tvp->v_mount))) {
990 error = EXDEV;
991 abortit:
992 if (tdvp == tvp)
993 vrele(tdvp);
994 else
995 vput(tdvp);
996 if (tvp)
997 vput(tvp);
998 vrele(fdvp);
999 vrele(fvp);
1000 return (error);
1001 }
1002
1003 if (tvp && ((VTOI(tvp)->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) ||
1004 (VTOI(tdvp)->i_flags & APPEND))) {
1005 error = EPERM;
1006 goto abortit;
1007 }
1008
1009 /*
1010 * Renaming a file to itself has no effect. The upper layers should
1011 * not call us in that case. Temporarily just warn if they do.
1012 */
1013 if (fvp == tvp) {
1014 printf("ufs_rename: fvp == tvp (can't happen)\n");
1015 error = 0;
1016 goto abortit;
1017 }
1018
1019 if ((error = vn_lock(fvp, LK_EXCLUSIVE, td)) != 0)
1020 goto abortit;
1021 dp = VTOI(fdvp);
1022 ip = VTOI(fvp);
1023 if (ip->i_nlink >= LINK_MAX) {
1024 VOP_UNLOCK(fvp, 0, td);
1025 error = EMLINK;
1026 goto abortit;
1027 }
1028 if ((ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))
1029 || (dp->i_flags & APPEND)) {
1030 VOP_UNLOCK(fvp, 0, td);
1031 error = EPERM;
1032 goto abortit;
1033 }
1034 if ((ip->i_mode & IFMT) == IFDIR) {
1035 /*
1036 * Avoid ".", "..", and aliases of "." for obvious reasons.
1037 */
1038 if ((fcnp->cn_namelen == 1 && fcnp->cn_nameptr[0] == '.') ||
1039 dp == ip || (fcnp->cn_flags | tcnp->cn_flags) & ISDOTDOT ||
1040 (ip->i_flag & IN_RENAME)) {
1041 VOP_UNLOCK(fvp, 0, td);
1042 error = EINVAL;
1043 goto abortit;
1044 }
1045 ip->i_flag |= IN_RENAME;
1046 oldparent = dp->i_number;
1047 doingdirectory = 1;
1048 }
1049 vrele(fdvp);
1050
1051 /*
1052 * When the target exists, both the directory
1053 * and target vnodes are returned locked.
1054 */
1055 dp = VTOI(tdvp);
1056 xp = NULL;
1057 if (tvp)
1058 xp = VTOI(tvp);
1059
1060 /*
1061 * 1) Bump link count while we're moving stuff
1062 * around. If we crash somewhere before
1063 * completing our work, the link count
1064 * may be wrong, but correctable.
1065 */
1066 ip->i_effnlink++;
1067 ip->i_nlink++;
1068 DIP_SET(ip, i_nlink, ip->i_nlink);
1069 ip->i_flag |= IN_CHANGE;
1070 if (DOINGSOFTDEP(fvp))
1071 softdep_change_linkcnt(ip);
1072 if ((error = UFS_UPDATE(fvp, !(DOINGSOFTDEP(fvp) |
1073 DOINGASYNC(fvp)))) != 0) {
1074 VOP_UNLOCK(fvp, 0, td);
1075 goto bad;
1076 }
1077
1078 /*
1079 * If ".." must be changed (ie the directory gets a new
1080 * parent) then the source directory must not be in the
1081 * directory heirarchy above the target, as this would
1082 * orphan everything below the source directory. Also
1083 * the user must have write permission in the source so
1084 * as to be able to change "..". We must repeat the call
1085 * to namei, as the parent directory is unlocked by the
1086 * call to checkpath().
1087 */
1088 error = VOP_ACCESS(fvp, VWRITE, tcnp->cn_cred, tcnp->cn_thread);
1089 VOP_UNLOCK(fvp, 0, td);
1090 if (oldparent != dp->i_number)
1091 newparent = dp->i_number;
1092 if (doingdirectory && newparent) {
1093 if (error) /* write access check above */
1094 goto bad;
1095 if (xp != NULL)
1096 vput(tvp);
1097 error = ufs_checkpath(ip, dp, tcnp->cn_cred);
1098 if (error)
1099 goto out;
1100 if ((tcnp->cn_flags & SAVESTART) == 0)
1101 panic("ufs_rename: lost to startdir");
1102 VREF(tdvp);
1103 error = relookup(tdvp, &tvp, tcnp);
1104 if (error)
1105 goto out;
1106 vrele(tdvp);
1107 dp = VTOI(tdvp);
1108 xp = NULL;
1109 if (tvp)
1110 xp = VTOI(tvp);
1111 }
1112 /*
1113 * 2) If target doesn't exist, link the target
1114 * to the source and unlink the source.
1115 * Otherwise, rewrite the target directory
1116 * entry to reference the source inode and
1117 * expunge the original entry's existence.
1118 */
1119 if (xp == NULL) {
1120 if (dp->i_dev != ip->i_dev)
1121 panic("ufs_rename: EXDEV");
1122 /*
1123 * Account for ".." in new directory.
1124 * When source and destination have the same
1125 * parent we don't fool with the link count.
1126 */
1127 if (doingdirectory && newparent) {
1128 if ((nlink_t)dp->i_nlink >= LINK_MAX) {
1129 error = EMLINK;
1130 goto bad;
1131 }
1132 dp->i_effnlink++;
1133 dp->i_nlink++;
1134 DIP_SET(dp, i_nlink, dp->i_nlink);
1135 dp->i_flag |= IN_CHANGE;
1136 if (DOINGSOFTDEP(tdvp))
1137 softdep_change_linkcnt(dp);
1138 error = UFS_UPDATE(tdvp, !(DOINGSOFTDEP(tdvp) |
1139 DOINGASYNC(tdvp)));
1140 if (error)
1141 goto bad;
1142 }
1143 ufs_makedirentry(ip, tcnp, &newdir);
1144 error = ufs_direnter(tdvp, NULL, &newdir, tcnp, NULL);
1145 if (error) {
1146 if (doingdirectory && newparent) {
1147 dp->i_effnlink--;
1148 dp->i_nlink--;
1149 DIP_SET(dp, i_nlink, dp->i_nlink);
1150 dp->i_flag |= IN_CHANGE;
1151 if (DOINGSOFTDEP(tdvp))
1152 softdep_change_linkcnt(dp);
1153 (void)UFS_UPDATE(tdvp, 1);
1154 }
1155 goto bad;
1156 }
1157 vput(tdvp);
1158 } else {
1159 if (xp->i_dev != dp->i_dev || xp->i_dev != ip->i_dev)
1160 panic("ufs_rename: EXDEV");
1161 /*
1162 * Short circuit rename(foo, foo).
1163 */
1164 if (xp->i_number == ip->i_number)
1165 panic("ufs_rename: same file");
1166 /*
1167 * If the parent directory is "sticky", then the caller
1168 * must possess VADMIN for the parent directory, or the
1169 * destination of the rename. This implements append-only
1170 * directories.
1171 */
1172 if ((dp->i_mode & S_ISTXT) &&
1173 VOP_ACCESS(tdvp, VADMIN, tcnp->cn_cred, td) &&
1174 VOP_ACCESS(tvp, VADMIN, tcnp->cn_cred, td)) {
1175 error = EPERM;
1176 goto bad;
1177 }
1178 /*
1179 * Target must be empty if a directory and have no links
1180 * to it. Also, ensure source and target are compatible
1181 * (both directories, or both not directories).
1182 */
1183 if ((xp->i_mode&IFMT) == IFDIR) {
1184 if ((xp->i_effnlink > 2) ||
1185 !ufs_dirempty(xp, dp->i_number, tcnp->cn_cred)) {
1186 error = ENOTEMPTY;
1187 goto bad;
1188 }
1189 if (!doingdirectory) {
1190 error = ENOTDIR;
1191 goto bad;
1192 }
1193 cache_purge(tdvp);
1194 } else if (doingdirectory) {
1195 error = EISDIR;
1196 goto bad;
1197 }
1198 error = ufs_dirrewrite(dp, xp, ip->i_number,
1199 IFTODT(ip->i_mode),
1200 (doingdirectory && newparent) ? newparent : doingdirectory);
1201 if (error)
1202 goto bad;
1203 if (doingdirectory) {
1204 if (!newparent) {
1205 dp->i_effnlink--;
1206 if (DOINGSOFTDEP(tdvp))
1207 softdep_change_linkcnt(dp);
1208 }
1209 xp->i_effnlink--;
1210 if (DOINGSOFTDEP(tvp))
1211 softdep_change_linkcnt(xp);
1212 }
1213 if (doingdirectory && !DOINGSOFTDEP(tvp)) {
1214 /*
1215 * Truncate inode. The only stuff left in the directory
1216 * is "." and "..". The "." reference is inconsequential
1217 * since we are quashing it. We have removed the "."
1218 * reference and the reference in the parent directory,
1219 * but there may be other hard links. The soft
1220 * dependency code will arrange to do these operations
1221 * after the parent directory entry has been deleted on
1222 * disk, so when running with that code we avoid doing
1223 * them now.
1224 */
1225 if (!newparent) {
1226 dp->i_nlink--;
1227 DIP_SET(dp, i_nlink, dp->i_nlink);
1228 dp->i_flag |= IN_CHANGE;
1229 }
1230 xp->i_nlink--;
1231 DIP_SET(xp, i_nlink, xp->i_nlink);
1232 xp->i_flag |= IN_CHANGE;
1233 ioflag = IO_NORMAL;
1234 if (!DOINGASYNC(tvp))
1235 ioflag |= IO_SYNC;
1236 if ((error = UFS_TRUNCATE(tvp, (off_t)0, ioflag,
1237 tcnp->cn_cred, tcnp->cn_thread)) != 0)
1238 goto bad;
1239 }
1240 vput(tdvp);
1241 vput(tvp);
1242 xp = NULL;
1243 }
1244
1245 /*
1246 * 3) Unlink the source.
1247 */
1248 fcnp->cn_flags &= ~MODMASK;
1249 fcnp->cn_flags |= LOCKPARENT | LOCKLEAF;
1250 if ((fcnp->cn_flags & SAVESTART) == 0)
1251 panic("ufs_rename: lost from startdir");
1252 VREF(fdvp);
1253 error = relookup(fdvp, &fvp, fcnp);
1254 if (error == 0)
1255 vrele(fdvp);
1256 if (fvp != NULL) {
1257 xp = VTOI(fvp);
1258 dp = VTOI(fdvp);
1259 } else {
1260 /*
1261 * From name has disappeared. IN_RENAME is not sufficient
1262 * to protect against directory races due to timing windows,
1263 * so we have to remove the panic. XXX the only real way
1264 * to solve this issue is at a much higher level. By the
1265 * time we hit ufs_rename() it's too late.
1266 */
1267 #if 0
1268 if (doingdirectory)
1269 panic("ufs_rename: lost dir entry");
1270 #endif
1271 vrele(ap->a_fvp);
1272 return (0);
1273 }
1274 /*
1275 * Ensure that the directory entry still exists and has not
1276 * changed while the new name has been entered. If the source is
1277 * a file then the entry may have been unlinked or renamed. In
1278 * either case there is no further work to be done. If the source
1279 * is a directory then it cannot have been rmdir'ed; the IN_RENAME
1280 * flag ensures that it cannot be moved by another rename or removed
1281 * by a rmdir.
1282 */
1283 if (xp != ip) {
1284 /*
1285 * From name resolves to a different inode. IN_RENAME is
1286 * not sufficient protection against timing window races
1287 * so we can't panic here. XXX the only real way
1288 * to solve this issue is at a much higher level. By the
1289 * time we hit ufs_rename() it's too late.
1290 */
1291 #if 0
1292 if (doingdirectory)
1293 panic("ufs_rename: lost dir entry");
1294 #endif
1295 } else {
1296 /*
1297 * If the source is a directory with a
1298 * new parent, the link count of the old
1299 * parent directory must be decremented
1300 * and ".." set to point to the new parent.
1301 */
1302 if (doingdirectory && newparent) {
1303 xp->i_offset = mastertemplate.dot_reclen;
1304 ufs_dirrewrite(xp, dp, newparent, DT_DIR, 0);
1305 cache_purge(fdvp);
1306 }
1307 error = ufs_dirremove(fdvp, xp, fcnp->cn_flags, 0);
1308 xp->i_flag &= ~IN_RENAME;
1309 }
1310 if (dp)
1311 vput(fdvp);
1312 if (xp)
1313 vput(fvp);
1314 vrele(ap->a_fvp);
1315 return (error);
1316
1317 bad:
1318 if (xp)
1319 vput(ITOV(xp));
1320 vput(ITOV(dp));
1321 out:
1322 if (doingdirectory)
1323 ip->i_flag &= ~IN_RENAME;
1324 if (vn_lock(fvp, LK_EXCLUSIVE, td) == 0) {
1325 ip->i_effnlink--;
1326 ip->i_nlink--;
1327 DIP_SET(ip, i_nlink, ip->i_nlink);
1328 ip->i_flag |= IN_CHANGE;
1329 ip->i_flag &= ~IN_RENAME;
1330 if (DOINGSOFTDEP(fvp))
1331 softdep_change_linkcnt(ip);
1332 vput(fvp);
1333 } else
1334 vrele(fvp);
1335 return (error);
1336 }
1337
1338 /*
1339 * Mkdir system call
1340 */
1341 static int
1342 ufs_mkdir(ap)
1343 struct vop_mkdir_args /* {
1344 struct vnode *a_dvp;
1345 struct vnode **a_vpp;
1346 struct componentname *a_cnp;
1347 struct vattr *a_vap;
1348 } */ *ap;
1349 {
1350 struct vnode *dvp = ap->a_dvp;
1351 struct vattr *vap = ap->a_vap;
1352 struct componentname *cnp = ap->a_cnp;
1353 struct inode *ip, *dp;
1354 struct vnode *tvp;
1355 struct buf *bp;
1356 struct dirtemplate dirtemplate, *dtp;
1357 struct direct newdir;
1358 #ifdef UFS_ACL
1359 struct acl *acl, *dacl;
1360 #endif
1361 int error, dmode;
1362 long blkoff;
1363
1364 #ifdef DIAGNOSTIC
1365 if ((cnp->cn_flags & HASBUF) == 0)
1366 panic("ufs_mkdir: no name");
1367 #endif
1368 dp = VTOI(dvp);
1369 if ((nlink_t)dp->i_nlink >= LINK_MAX) {
1370 error = EMLINK;
1371 goto out;
1372 }
1373 dmode = vap->va_mode & 0777;
1374 dmode |= IFDIR;
1375 /*
1376 * Must simulate part of ufs_makeinode here to acquire the inode,
1377 * but not have it entered in the parent directory. The entry is
1378 * made later after writing "." and ".." entries.
1379 */
1380 error = UFS_VALLOC(dvp, dmode, cnp->cn_cred, &tvp);
1381 if (error)
1382 goto out;
1383 ip = VTOI(tvp);
1384 ip->i_gid = dp->i_gid;
1385 DIP_SET(ip, i_gid, dp->i_gid);
1386 #ifdef SUIDDIR
1387 {
1388 #ifdef QUOTA
1389 struct ucred ucred, *ucp;
1390 ucp = cnp->cn_cred;
1391 #endif
1392 /*
1393 * If we are hacking owners here, (only do this where told to)
1394 * and we are not giving it TO root, (would subvert quotas)
1395 * then go ahead and give it to the other user.
1396 * The new directory also inherits the SUID bit.
1397 * If user's UID and dir UID are the same,
1398 * 'give it away' so that the SUID is still forced on.
1399 */
1400 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) &&
1401 (dp->i_mode & ISUID) && dp->i_uid) {
1402 dmode |= ISUID;
1403 ip->i_uid = dp->i_uid;
1404 DIP_SET(ip, i_uid, dp->i_uid);
1405 #ifdef QUOTA
1406 if (dp->i_uid != cnp->cn_cred->cr_uid) {
1407 /*
1408 * Make sure the correct user gets charged
1409 * for the space.
1410 * Make a dummy credential for the victim.
1411 * XXX This seems to never be accessed out of
1412 * our context so a stack variable is ok.
1413 */
1414 refcount_init(&ucred.cr_ref, 1);
1415 ucred.cr_uid = ip->i_uid;
1416 ucred.cr_ngroups = 1;
1417 ucred.cr_groups[0] = dp->i_gid;
1418 ucp = &ucred;
1419 }
1420 #endif
1421 } else {
1422 ip->i_uid = cnp->cn_cred->cr_uid;
1423 DIP_SET(ip, i_uid, ip->i_uid);
1424 }
1425 #ifdef QUOTA
1426 if ((error = getinoquota(ip)) ||
1427 (error = chkiq(ip, 1, ucp, 0))) {
1428 UFS_VFREE(tvp, ip->i_number, dmode);
1429 vput(tvp);
1430 return (error);
1431 }
1432 #endif
1433 }
1434 #else /* !SUIDDIR */
1435 ip->i_uid = cnp->cn_cred->cr_uid;
1436 DIP_SET(ip, i_uid, ip->i_uid);
1437 #ifdef QUOTA
1438 if ((error = getinoquota(ip)) ||
1439 (error = chkiq(ip, 1, cnp->cn_cred, 0))) {
1440 UFS_VFREE(tvp, ip->i_number, dmode);
1441 vput(tvp);
1442 return (error);
1443 }
1444 #endif
1445 #endif /* !SUIDDIR */
1446 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE;
1447 #ifdef UFS_ACL
1448 acl = dacl = NULL;
1449 if ((dvp->v_mount->mnt_flag & MNT_ACLS) != 0) {
1450 acl = uma_zalloc(acl_zone, M_WAITOK);
1451 dacl = uma_zalloc(acl_zone, M_WAITOK);
1452
1453 /*
1454 * Retrieve default ACL from parent, if any.
1455 */
1456 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cnp->cn_cred,
1457 cnp->cn_thread);
1458 switch (error) {
1459 case 0:
1460 /*
1461 * Retrieved a default ACL, so merge mode and ACL if
1462 * necessary. If the ACL is empty, fall through to
1463 * the "not defined or available" case.
1464 */
1465 if (acl->acl_cnt != 0) {
1466 dmode = acl_posix1e_newfilemode(dmode, acl);
1467 ip->i_mode = dmode;
1468 DIP_SET(ip, i_mode, dmode);
1469 *dacl = *acl;
1470 ufs_sync_acl_from_inode(ip, acl);
1471 break;
1472 }
1473 /* FALLTHROUGH */
1474
1475 case EOPNOTSUPP:
1476 /*
1477 * Just use the mode as-is.
1478 */
1479 ip->i_mode = dmode;
1480 DIP_SET(ip, i_mode, dmode);
1481 uma_zfree(acl_zone, acl);
1482 uma_zfree(acl_zone, dacl);
1483 dacl = acl = NULL;
1484 break;
1485
1486 default:
1487 UFS_VFREE(tvp, ip->i_number, dmode);
1488 vput(tvp);
1489 uma_zfree(acl_zone, acl);
1490 uma_zfree(acl_zone, dacl);
1491 return (error);
1492 }
1493 } else {
1494 #endif /* !UFS_ACL */
1495 ip->i_mode = dmode;
1496 DIP_SET(ip, i_mode, dmode);
1497 #ifdef UFS_ACL
1498 }
1499 #endif
1500 tvp->v_type = VDIR; /* Rest init'd in getnewvnode(). */
1501 ip->i_effnlink = 2;
1502 ip->i_nlink = 2;
1503 DIP_SET(ip, i_nlink, 2);
1504 if (DOINGSOFTDEP(tvp))
1505 softdep_change_linkcnt(ip);
1506 if (cnp->cn_flags & ISWHITEOUT) {
1507 ip->i_flags |= UF_OPAQUE;
1508 DIP_SET(ip, i_flags, ip->i_flags);
1509 }
1510
1511 /*
1512 * Bump link count in parent directory to reflect work done below.
1513 * Should be done before reference is created so cleanup is
1514 * possible if we crash.
1515 */
1516 dp->i_effnlink++;
1517 dp->i_nlink++;
1518 DIP_SET(dp, i_nlink, dp->i_nlink);
1519 dp->i_flag |= IN_CHANGE;
1520 if (DOINGSOFTDEP(dvp))
1521 softdep_change_linkcnt(dp);
1522 error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(dvp) | DOINGASYNC(dvp)));
1523 if (error)
1524 goto bad;
1525 #ifdef MAC
1526 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) {
1527 error = mac_create_vnode_extattr(cnp->cn_cred, dvp->v_mount,
1528 dvp, tvp, cnp);
1529 if (error)
1530 goto bad;
1531 }
1532 #endif
1533 #ifdef UFS_ACL
1534 if (acl != NULL) {
1535 /*
1536 * XXX: If we abort now, will Soft Updates notify the extattr
1537 * code that the EAs for the file need to be released?
1538 */
1539 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cnp->cn_cred,
1540 cnp->cn_thread);
1541 if (error == 0)
1542 error = VOP_SETACL(tvp, ACL_TYPE_DEFAULT, dacl,
1543 cnp->cn_cred, cnp->cn_thread);
1544 switch (error) {
1545 case 0:
1546 break;
1547
1548 case EOPNOTSUPP:
1549 /*
1550 * XXX: This should not happen, as EOPNOTSUPP above
1551 * was supposed to free acl.
1552 */
1553 printf("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()\n");
1554 /*
1555 panic("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()");
1556 */
1557 break;
1558
1559 default:
1560 uma_zfree(acl_zone, acl);
1561 uma_zfree(acl_zone, dacl);
1562 dacl = acl = NULL;
1563 goto bad;
1564 }
1565 uma_zfree(acl_zone, acl);
1566 uma_zfree(acl_zone, dacl);
1567 dacl = acl = NULL;
1568 }
1569 #endif /* !UFS_ACL */
1570
1571 /*
1572 * Initialize directory with "." and ".." from static template.
1573 */
1574 if (dvp->v_mount->mnt_maxsymlinklen > 0)
1575 dtp = &mastertemplate;
1576 else
1577 dtp = (struct dirtemplate *)&omastertemplate;
1578 dirtemplate = *dtp;
1579 dirtemplate.dot_ino = ip->i_number;
1580 dirtemplate.dotdot_ino = dp->i_number;
1581 if ((error = UFS_BALLOC(tvp, (off_t)0, DIRBLKSIZ, cnp->cn_cred,
1582 BA_CLRBUF, &bp)) != 0)
1583 goto bad;
1584 ip->i_size = DIRBLKSIZ;
1585 DIP_SET(ip, i_size, DIRBLKSIZ);
1586 ip->i_flag |= IN_CHANGE | IN_UPDATE;
1587 vnode_pager_setsize(tvp, (u_long)ip->i_size);
1588 bcopy((caddr_t)&dirtemplate, (caddr_t)bp->b_data, sizeof dirtemplate);
1589 if (DOINGSOFTDEP(tvp)) {
1590 /*
1591 * Ensure that the entire newly allocated block is a
1592 * valid directory so that future growth within the
1593 * block does not have to ensure that the block is
1594 * written before the inode.
1595 */
1596 blkoff = DIRBLKSIZ;
1597 while (blkoff < bp->b_bcount) {
1598 ((struct direct *)
1599 (bp->b_data + blkoff))->d_reclen = DIRBLKSIZ;
1600 blkoff += DIRBLKSIZ;
1601 }
1602 }
1603 if ((error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(tvp) |
1604 DOINGASYNC(tvp)))) != 0) {
1605 (void)bwrite(bp);
1606 goto bad;
1607 }
1608 /*
1609 * Directory set up, now install its entry in the parent directory.
1610 *
1611 * If we are not doing soft dependencies, then we must write out the
1612 * buffer containing the new directory body before entering the new
1613 * name in the parent. If we are doing soft dependencies, then the
1614 * buffer containing the new directory body will be passed to and
1615 * released in the soft dependency code after the code has attached
1616 * an appropriate ordering dependency to the buffer which ensures that
1617 * the buffer is written before the new name is written in the parent.
1618 */
1619 if (DOINGASYNC(dvp))
1620 bdwrite(bp);
1621 else if (!DOINGSOFTDEP(dvp) && ((error = bwrite(bp))))
1622 goto bad;
1623 ufs_makedirentry(ip, cnp, &newdir);
1624 error = ufs_direnter(dvp, tvp, &newdir, cnp, bp);
1625
1626 bad:
1627 if (error == 0) {
1628 *ap->a_vpp = tvp;
1629 } else {
1630 #ifdef UFS_ACL
1631 if (acl != NULL)
1632 uma_zfree(acl_zone, acl);
1633 if (dacl != NULL)
1634 uma_zfree(acl_zone, dacl);
1635 #endif
1636 dp->i_effnlink--;
1637 dp->i_nlink--;
1638 DIP_SET(dp, i_nlink, dp->i_nlink);
1639 dp->i_flag |= IN_CHANGE;
1640 if (DOINGSOFTDEP(dvp))
1641 softdep_change_linkcnt(dp);
1642 /*
1643 * No need to do an explicit VOP_TRUNCATE here, vrele will
1644 * do this for us because we set the link count to 0.
1645 */
1646 ip->i_effnlink = 0;
1647 ip->i_nlink = 0;
1648 DIP_SET(ip, i_nlink, 0);
1649 ip->i_flag |= IN_CHANGE;
1650 if (DOINGSOFTDEP(tvp))
1651 softdep_change_linkcnt(ip);
1652 vput(tvp);
1653 }
1654 out:
1655 return (error);
1656 }
1657
1658 /*
1659 * Rmdir system call.
1660 */
1661 static int
1662 ufs_rmdir(ap)
1663 struct vop_rmdir_args /* {
1664 struct vnode *a_dvp;
1665 struct vnode *a_vp;
1666 struct componentname *a_cnp;
1667 } */ *ap;
1668 {
1669 struct vnode *vp = ap->a_vp;
1670 struct vnode *dvp = ap->a_dvp;
1671 struct componentname *cnp = ap->a_cnp;
1672 struct inode *ip, *dp;
1673 int error, ioflag;
1674
1675 ip = VTOI(vp);
1676 dp = VTOI(dvp);
1677
1678 /*
1679 * Do not remove a directory that is in the process of being renamed.
1680 * Verify the directory is empty (and valid). Rmdir ".." will not be
1681 * valid since ".." will contain a reference to the current directory
1682 * and thus be non-empty. Do not allow the removal of mounted on
1683 * directories (this can happen when an NFS exported filesystem
1684 * tries to remove a locally mounted on directory).
1685 */
1686 error = 0;
1687 if ((ip->i_flag & IN_RENAME) || ip->i_effnlink < 2) {
1688 error = EINVAL;
1689 goto out;
1690 }
1691 if (!ufs_dirempty(ip, dp->i_number, cnp->cn_cred)) {
1692 error = ENOTEMPTY;
1693 goto out;
1694 }
1695 if ((dp->i_flags & APPEND)
1696 || (ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))) {
1697 error = EPERM;
1698 goto out;
1699 }
1700 if (vp->v_mountedhere != 0) {
1701 error = EINVAL;
1702 goto out;
1703 }
1704 /*
1705 * Delete reference to directory before purging
1706 * inode. If we crash in between, the directory
1707 * will be reattached to lost+found,
1708 */
1709 dp->i_effnlink--;
1710 ip->i_effnlink--;
1711 if (DOINGSOFTDEP(vp)) {
1712 softdep_change_linkcnt(dp);
1713 softdep_change_linkcnt(ip);
1714 }
1715 error = ufs_dirremove(dvp, ip, cnp->cn_flags, 1);
1716 if (error) {
1717 dp->i_effnlink++;
1718 ip->i_effnlink++;
1719 if (DOINGSOFTDEP(vp)) {
1720 softdep_change_linkcnt(dp);
1721 softdep_change_linkcnt(ip);
1722 }
1723 goto out;
1724 }
1725 cache_purge(dvp);
1726 /*
1727 * Truncate inode. The only stuff left in the directory is "." and
1728 * "..". The "." reference is inconsequential since we are quashing
1729 * it. The soft dependency code will arrange to do these operations
1730 * after the parent directory entry has been deleted on disk, so
1731 * when running with that code we avoid doing them now.
1732 */
1733 if (!DOINGSOFTDEP(vp)) {
1734 dp->i_nlink--;
1735 DIP_SET(dp, i_nlink, dp->i_nlink);
1736 dp->i_flag |= IN_CHANGE;
1737 ip->i_nlink--;
1738 DIP_SET(ip, i_nlink, ip->i_nlink);
1739 ip->i_flag |= IN_CHANGE;
1740 ioflag = IO_NORMAL;
1741 if (!DOINGASYNC(vp))
1742 ioflag |= IO_SYNC;
1743 error = UFS_TRUNCATE(vp, (off_t)0, ioflag, cnp->cn_cred,
1744 cnp->cn_thread);
1745 }
1746 cache_purge(vp);
1747 #ifdef UFS_DIRHASH
1748 /* Kill any active hash; i_effnlink == 0, so it will not come back. */
1749 if (ip->i_dirhash != NULL)
1750 ufsdirhash_free(ip);
1751 #endif
1752 out:
1753 return (error);
1754 }
1755
1756 /*
1757 * symlink -- make a symbolic link
1758 */
1759 static int
1760 ufs_symlink(ap)
1761 struct vop_symlink_args /* {
1762 struct vnode *a_dvp;
1763 struct vnode **a_vpp;
1764 struct componentname *a_cnp;
1765 struct vattr *a_vap;
1766 char *a_target;
1767 } */ *ap;
1768 {
1769 struct vnode *vp, **vpp = ap->a_vpp;
1770 struct inode *ip;
1771 int len, error;
1772
1773 error = ufs_makeinode(IFLNK | ap->a_vap->va_mode, ap->a_dvp,
1774 vpp, ap->a_cnp);
1775 if (error)
1776 return (error);
1777 vp = *vpp;
1778 len = strlen(ap->a_target);
1779 if (len < vp->v_mount->mnt_maxsymlinklen) {
1780 ip = VTOI(vp);
1781 bcopy(ap->a_target, SHORTLINK(ip), len);
1782 ip->i_size = len;
1783 DIP_SET(ip, i_size, len);
1784 ip->i_flag |= IN_CHANGE | IN_UPDATE;
1785 } else
1786 error = vn_rdwr(UIO_WRITE, vp, ap->a_target, len, (off_t)0,
1787 UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK,
1788 ap->a_cnp->cn_cred, NOCRED, (int *)0, (struct thread *)0);
1789 if (error)
1790 vput(vp);
1791 return (error);
1792 }
1793
1794 /*
1795 * Vnode op for reading directories.
1796 *
1797 * The routine below assumes that the on-disk format of a directory
1798 * is the same as that defined by <sys/dirent.h>. If the on-disk
1799 * format changes, then it will be necessary to do a conversion
1800 * from the on-disk format that read returns to the format defined
1801 * by <sys/dirent.h>.
1802 */
1803 int
1804 ufs_readdir(ap)
1805 struct vop_readdir_args /* {
1806 struct vnode *a_vp;
1807 struct uio *a_uio;
1808 struct ucred *a_cred;
1809 int *a_eofflag;
1810 int *ncookies;
1811 u_long **a_cookies;
1812 } */ *ap;
1813 {
1814 struct uio *uio = ap->a_uio;
1815 int error;
1816 size_t count, lost;
1817 off_t off;
1818
1819 if (ap->a_ncookies != NULL)
1820 /*
1821 * Ensure that the block is aligned. The caller can use
1822 * the cookies to determine where in the block to start.
1823 */
1824 uio->uio_offset &= ~(DIRBLKSIZ - 1);
1825 off = uio->uio_offset;
1826 count = uio->uio_resid;
1827 /* Make sure we don't return partial entries. */
1828 if (count <= ((uio->uio_offset + count) & (DIRBLKSIZ -1)))
1829 return (EINVAL);
1830 count -= (uio->uio_offset + count) & (DIRBLKSIZ -1);
1831 lost = uio->uio_resid - count;
1832 uio->uio_resid = count;
1833 uio->uio_iov->iov_len = count;
1834 # if (BYTE_ORDER == LITTLE_ENDIAN)
1835 if (ap->a_vp->v_mount->mnt_maxsymlinklen > 0) {
1836 error = VOP_READ(ap->a_vp, uio, 0, ap->a_cred);
1837 } else {
1838 struct dirent *dp, *edp;
1839 struct uio auio;
1840 struct iovec aiov;
1841 caddr_t dirbuf;
1842 int readcnt;
1843 u_char tmp;
1844
1845 auio = *uio;
1846 auio.uio_iov = &aiov;
1847 auio.uio_iovcnt = 1;
1848 auio.uio_segflg = UIO_SYSSPACE;
1849 aiov.iov_len = count;
1850 MALLOC(dirbuf, caddr_t, count, M_TEMP, M_WAITOK);
1851 aiov.iov_base = dirbuf;
1852 error = VOP_READ(ap->a_vp, &auio, 0, ap->a_cred);
1853 if (error == 0) {
1854 readcnt = count - auio.uio_resid;
1855 edp = (struct dirent *)&dirbuf[readcnt];
1856 for (dp = (struct dirent *)dirbuf; dp < edp; ) {
1857 tmp = dp->d_namlen;
1858 dp->d_namlen = dp->d_type;
1859 dp->d_type = tmp;
1860 if (dp->d_reclen > 0) {
1861 dp = (struct dirent *)
1862 ((char *)dp + dp->d_reclen);
1863 } else {
1864 error = EIO;
1865 break;
1866 }
1867 }
1868 if (dp >= edp)
1869 error = uiomove(dirbuf, readcnt, uio);
1870 }
1871 FREE(dirbuf, M_TEMP);
1872 }
1873 # else
1874 error = VOP_READ(ap->a_vp, uio, 0, ap->a_cred);
1875 # endif
1876 if (!error && ap->a_ncookies != NULL) {
1877 struct dirent* dpStart;
1878 struct dirent* dpEnd;
1879 struct dirent* dp;
1880 int ncookies;
1881 u_long *cookies;
1882 u_long *cookiep;
1883
1884 if (uio->uio_segflg != UIO_SYSSPACE || uio->uio_iovcnt != 1)
1885 panic("ufs_readdir: unexpected uio from NFS server");
1886 dpStart = (struct dirent *)
1887 ((char *)uio->uio_iov->iov_base - (uio->uio_offset - off));
1888 dpEnd = (struct dirent *) uio->uio_iov->iov_base;
1889 for (dp = dpStart, ncookies = 0;
1890 dp < dpEnd;
1891 dp = (struct dirent *)((caddr_t) dp + dp->d_reclen))
1892 ncookies++;
1893 MALLOC(cookies, u_long *, ncookies * sizeof(u_long), M_TEMP,
1894 M_WAITOK);
1895 for (dp = dpStart, cookiep = cookies;
1896 dp < dpEnd;
1897 dp = (struct dirent *)((caddr_t) dp + dp->d_reclen)) {
1898 off += dp->d_reclen;
1899 *cookiep++ = (u_long) off;
1900 }
1901 *ap->a_ncookies = ncookies;
1902 *ap->a_cookies = cookies;
1903 }
1904 uio->uio_resid += lost;
1905 if (ap->a_eofflag)
1906 *ap->a_eofflag = VTOI(ap->a_vp)->i_size <= uio->uio_offset;
1907 return (error);
1908 }
1909
1910 /*
1911 * Return target name of a symbolic link
1912 */
1913 static int
1914 ufs_readlink(ap)
1915 struct vop_readlink_args /* {
1916 struct vnode *a_vp;
1917 struct uio *a_uio;
1918 struct ucred *a_cred;
1919 } */ *ap;
1920 {
1921 struct vnode *vp = ap->a_vp;
1922 struct inode *ip = VTOI(vp);
1923 doff_t isize;
1924
1925 isize = ip->i_size;
1926 if ((isize < vp->v_mount->mnt_maxsymlinklen) ||
1927 DIP(ip, i_blocks) == 0) { /* XXX - for old fastlink support */
1928 return (uiomove(SHORTLINK(ip), isize, ap->a_uio));
1929 }
1930 return (VOP_READ(vp, ap->a_uio, 0, ap->a_cred));
1931 }
1932
1933 /*
1934 * Calculate the logical to physical mapping if not done already,
1935 * then call the device strategy routine.
1936 *
1937 * In order to be able to swap to a file, the ufs_bmaparray() operation may not
1938 * deadlock on memory. See ufs_bmap() for details.
1939 */
1940 static int
1941 ufs_strategy(ap)
1942 struct vop_strategy_args /* {
1943 struct vnode *a_vp;
1944 struct buf *a_bp;
1945 } */ *ap;
1946 {
1947 struct buf *bp = ap->a_bp;
1948 struct vnode *vp = ap->a_vp;
1949 struct bufobj *bo;
1950 struct inode *ip;
1951 ufs2_daddr_t blkno;
1952 int error;
1953
1954 ip = VTOI(vp);
1955 if (bp->b_blkno == bp->b_lblkno) {
1956 error = ufs_bmaparray(vp, bp->b_lblkno, &blkno, bp, NULL, NULL);
1957 bp->b_blkno = blkno;
1958 if (error) {
1959 bp->b_error = error;
1960 bp->b_ioflags |= BIO_ERROR;
1961 bufdone(bp);
1962 return (error);
1963 }
1964 if ((long)bp->b_blkno == -1)
1965 vfs_bio_clrbuf(bp);
1966 }
1967 if ((long)bp->b_blkno == -1) {
1968 bufdone(bp);
1969 return (0);
1970 }
1971 bp->b_iooffset = dbtob(bp->b_blkno);
1972 bo = ip->i_umbufobj;
1973 BO_STRATEGY(bo, bp);
1974 return (0);
1975 }
1976
1977 /*
1978 * Print out the contents of an inode.
1979 */
1980 static int
1981 ufs_print(ap)
1982 struct vop_print_args /* {
1983 struct vnode *a_vp;
1984 } */ *ap;
1985 {
1986 struct vnode *vp = ap->a_vp;
1987 struct inode *ip = VTOI(vp);
1988
1989 printf("\tino %lu, on dev %s", (u_long)ip->i_number,
1990 devtoname(ip->i_dev));
1991 if (vp->v_type == VFIFO)
1992 fifo_printinfo(vp);
1993 printf("\n");
1994 return (0);
1995 }
1996
1997 /*
1998 * Close wrapper for fifos.
1999 *
2000 * Update the times on the inode then do device close.
2001 */
2002 static int
2003 ufsfifo_close(ap)
2004 struct vop_close_args /* {
2005 struct vnode *a_vp;
2006 int a_fflag;
2007 struct ucred *a_cred;
2008 struct thread *a_td;
2009 } */ *ap;
2010 {
2011 struct vnode *vp = ap->a_vp;
2012 int usecount;
2013
2014 VI_LOCK(vp);
2015 usecount = vp->v_usecount;
2016 VI_UNLOCK(vp);
2017 if (usecount > 1)
2018 ufs_itimes(vp);
2019 return (fifo_specops.vop_close(ap));
2020 }
2021
2022 /*
2023 * Kqfilter wrapper for fifos.
2024 *
2025 * Fall through to ufs kqfilter routines if needed
2026 */
2027 static int
2028 ufsfifo_kqfilter(ap)
2029 struct vop_kqfilter_args *ap;
2030 {
2031 int error;
2032
2033 error = fifo_specops.vop_kqfilter(ap);
2034 if (error)
2035 error = vfs_kqfilter(ap);
2036 return (error);
2037 }
2038
2039 /*
2040 * Return POSIX pathconf information applicable to ufs filesystems.
2041 */
2042 static int
2043 ufs_pathconf(ap)
2044 struct vop_pathconf_args /* {
2045 struct vnode *a_vp;
2046 int a_name;
2047 int *a_retval;
2048 } */ *ap;
2049 {
2050 int error;
2051
2052 error = 0;
2053 switch (ap->a_name) {
2054 case _PC_LINK_MAX:
2055 *ap->a_retval = LINK_MAX;
2056 break;
2057 case _PC_NAME_MAX:
2058 *ap->a_retval = NAME_MAX;
2059 break;
2060 case _PC_PATH_MAX:
2061 *ap->a_retval = PATH_MAX;
2062 break;
2063 case _PC_PIPE_BUF:
2064 *ap->a_retval = PIPE_BUF;
2065 break;
2066 case _PC_CHOWN_RESTRICTED:
2067 *ap->a_retval = 1;
2068 break;
2069 case _PC_NO_TRUNC:
2070 *ap->a_retval = 1;
2071 break;
2072 case _PC_ACL_EXTENDED:
2073 #ifdef UFS_ACL
2074 if (ap->a_vp->v_mount->mnt_flag & MNT_ACLS)
2075 *ap->a_retval = 1;
2076 else
2077 *ap->a_retval = 0;
2078 #else
2079 *ap->a_retval = 0;
2080 #endif
2081 break;
2082 case _PC_ACL_PATH_MAX:
2083 #ifdef UFS_ACL
2084 if (ap->a_vp->v_mount->mnt_flag & MNT_ACLS)
2085 *ap->a_retval = ACL_MAX_ENTRIES;
2086 else
2087 *ap->a_retval = 3;
2088 #else
2089 *ap->a_retval = 3;
2090 #endif
2091 break;
2092 case _PC_MAC_PRESENT:
2093 #ifdef MAC
2094 if (ap->a_vp->v_mount->mnt_flag & MNT_MULTILABEL)
2095 *ap->a_retval = 1;
2096 else
2097 *ap->a_retval = 0;
2098 #else
2099 *ap->a_retval = 0;
2100 #endif
2101 break;
2102 case _PC_ASYNC_IO:
2103 /* _PC_ASYNC_IO should have been handled by upper layers. */
2104 KASSERT(0, ("_PC_ASYNC_IO should not get here"));
2105 error = EINVAL;
2106 break;
2107 case _PC_PRIO_IO:
2108 *ap->a_retval = 0;
2109 break;
2110 case _PC_SYNC_IO:
2111 *ap->a_retval = 0;
2112 break;
2113 case _PC_ALLOC_SIZE_MIN:
2114 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_bsize;
2115 break;
2116 case _PC_FILESIZEBITS:
2117 *ap->a_retval = 64;
2118 break;
2119 case _PC_REC_INCR_XFER_SIZE:
2120 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize;
2121 break;
2122 case _PC_REC_MAX_XFER_SIZE:
2123 *ap->a_retval = -1; /* means ``unlimited'' */
2124 break;
2125 case _PC_REC_MIN_XFER_SIZE:
2126 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize;
2127 break;
2128 case _PC_REC_XFER_ALIGN:
2129 *ap->a_retval = PAGE_SIZE;
2130 break;
2131 case _PC_SYMLINK_MAX:
2132 *ap->a_retval = MAXPATHLEN;
2133 break;
2134
2135 default:
2136 error = EINVAL;
2137 break;
2138 }
2139 return (error);
2140 }
2141
2142 /*
2143 * Advisory record locking support
2144 */
2145 static int
2146 ufs_advlock(ap)
2147 struct vop_advlock_args /* {
2148 struct vnode *a_vp;
2149 caddr_t a_id;
2150 int a_op;
2151 struct flock *a_fl;
2152 int a_flags;
2153 } */ *ap;
2154 {
2155 struct inode *ip = VTOI(ap->a_vp);
2156
2157 return (lf_advlock(ap, &(ip->i_lockf), ip->i_size));
2158 }
2159
2160 /*
2161 * Initialize the vnode associated with a new inode, handle aliased
2162 * vnodes.
2163 */
2164 int
2165 ufs_vinit(mntp, fifoops, vpp)
2166 struct mount *mntp;
2167 struct vop_vector *fifoops;
2168 struct vnode **vpp;
2169 {
2170 struct inode *ip;
2171 struct vnode *vp;
2172
2173 vp = *vpp;
2174 ip = VTOI(vp);
2175 vp->v_type = IFTOVT(ip->i_mode);
2176 if (vp->v_type == VFIFO)
2177 vp->v_op = fifoops;
2178 ASSERT_VOP_LOCKED(vp, "ufs_vinit");
2179 if (ip->i_number == ROOTINO)
2180 vp->v_vflag |= VV_ROOT;
2181 ip->i_modrev = init_va_filerev();
2182 *vpp = vp;
2183 return (0);
2184 }
2185
2186 /*
2187 * Allocate a new inode.
2188 * Vnode dvp must be locked.
2189 */
2190 static int
2191 ufs_makeinode(mode, dvp, vpp, cnp)
2192 int mode;
2193 struct vnode *dvp;
2194 struct vnode **vpp;
2195 struct componentname *cnp;
2196 {
2197 struct inode *ip, *pdir;
2198 struct direct newdir;
2199 struct vnode *tvp;
2200 #ifdef UFS_ACL
2201 struct acl *acl;
2202 #endif
2203 int error;
2204
2205 pdir = VTOI(dvp);
2206 #ifdef DIAGNOSTIC
2207 if ((cnp->cn_flags & HASBUF) == 0)
2208 panic("ufs_makeinode: no name");
2209 #endif
2210 *vpp = NULL;
2211 if ((mode & IFMT) == 0)
2212 mode |= IFREG;
2213
2214 error = UFS_VALLOC(dvp, mode, cnp->cn_cred, &tvp);
2215 if (error)
2216 return (error);
2217 ip = VTOI(tvp);
2218 ip->i_gid = pdir->i_gid;
2219 DIP_SET(ip, i_gid, pdir->i_gid);
2220 #ifdef SUIDDIR
2221 {
2222 #ifdef QUOTA
2223 struct ucred ucred, *ucp;
2224 ucp = cnp->cn_cred;
2225 #endif
2226 /*
2227 * If we are not the owner of the directory,
2228 * and we are hacking owners here, (only do this where told to)
2229 * and we are not giving it TO root, (would subvert quotas)
2230 * then go ahead and give it to the other user.
2231 * Note that this drops off the execute bits for security.
2232 */
2233 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) &&
2234 (pdir->i_mode & ISUID) &&
2235 (pdir->i_uid != cnp->cn_cred->cr_uid) && pdir->i_uid) {
2236 ip->i_uid = pdir->i_uid;
2237 DIP_SET(ip, i_uid, ip->i_uid);
2238 mode &= ~07111;
2239 #ifdef QUOTA
2240 /*
2241 * Make sure the correct user gets charged
2242 * for the space.
2243 * Quickly knock up a dummy credential for the victim.
2244 * XXX This seems to never be accessed out of our
2245 * context so a stack variable is ok.
2246 */
2247 refcount_init(&ucred.cr_ref, 1);
2248 ucred.cr_uid = ip->i_uid;
2249 ucred.cr_ngroups = 1;
2250 ucred.cr_groups[0] = pdir->i_gid;
2251 ucp = &ucred;
2252 #endif
2253 } else {
2254 ip->i_uid = cnp->cn_cred->cr_uid;
2255 DIP_SET(ip, i_uid, ip->i_uid);
2256 }
2257
2258 #ifdef QUOTA
2259 if ((error = getinoquota(ip)) ||
2260 (error = chkiq(ip, 1, ucp, 0))) {
2261 UFS_VFREE(tvp, ip->i_number, mode);
2262 vput(tvp);
2263 return (error);
2264 }
2265 #endif
2266 }
2267 #else /* !SUIDDIR */
2268 ip->i_uid = cnp->cn_cred->cr_uid;
2269 DIP_SET(ip, i_uid, ip->i_uid);
2270 #ifdef QUOTA
2271 if ((error = getinoquota(ip)) ||
2272 (error = chkiq(ip, 1, cnp->cn_cred, 0))) {
2273 UFS_VFREE(tvp, ip->i_number, mode);
2274 vput(tvp);
2275 return (error);
2276 }
2277 #endif
2278 #endif /* !SUIDDIR */
2279 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE;
2280 #ifdef UFS_ACL
2281 acl = NULL;
2282 if ((dvp->v_mount->mnt_flag & MNT_ACLS) != 0) {
2283 acl = uma_zalloc(acl_zone, M_WAITOK);
2284
2285 /*
2286 * Retrieve default ACL for parent, if any.
2287 */
2288 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cnp->cn_cred,
2289 cnp->cn_thread);
2290 switch (error) {
2291 case 0:
2292 /*
2293 * Retrieved a default ACL, so merge mode and ACL if
2294 * necessary.
2295 */
2296 if (acl->acl_cnt != 0) {
2297 /*
2298 * Two possible ways for default ACL to not
2299 * be present. First, the EA can be
2300 * undefined, or second, the default ACL can
2301 * be blank. If it's blank, fall through to
2302 * the it's not defined case.
2303 */
2304 mode = acl_posix1e_newfilemode(mode, acl);
2305 ip->i_mode = mode;
2306 DIP_SET(ip, i_mode, mode);
2307 ufs_sync_acl_from_inode(ip, acl);
2308 break;
2309 }
2310 /* FALLTHROUGH */
2311
2312 case EOPNOTSUPP:
2313 /*
2314 * Just use the mode as-is.
2315 */
2316 ip->i_mode = mode;
2317 DIP_SET(ip, i_mode, mode);
2318 uma_zfree(acl_zone, acl);
2319 acl = NULL;
2320 break;
2321
2322 default:
2323 UFS_VFREE(tvp, ip->i_number, mode);
2324 vput(tvp);
2325 uma_zfree(acl_zone, acl);
2326 acl = NULL;
2327 return (error);
2328 }
2329 } else {
2330 #endif
2331 ip->i_mode = mode;
2332 DIP_SET(ip, i_mode, mode);
2333 #ifdef UFS_ACL
2334 }
2335 #endif
2336 tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */
2337 ip->i_effnlink = 1;
2338 ip->i_nlink = 1;
2339 DIP_SET(ip, i_nlink, 1);
2340 if (DOINGSOFTDEP(tvp))
2341 softdep_change_linkcnt(ip);
2342 if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) &&
2343 suser_cred(cnp->cn_cred, SUSER_ALLOWJAIL)) {
2344 ip->i_mode &= ~ISGID;
2345 DIP_SET(ip, i_mode, ip->i_mode);
2346 }
2347
2348 if (cnp->cn_flags & ISWHITEOUT) {
2349 ip->i_flags |= UF_OPAQUE;
2350 DIP_SET(ip, i_flags, ip->i_flags);
2351 }
2352
2353 /*
2354 * Make sure inode goes to disk before directory entry.
2355 */
2356 error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(tvp) | DOINGASYNC(tvp)));
2357 if (error)
2358 goto bad;
2359 #ifdef MAC
2360 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) {
2361 error = mac_create_vnode_extattr(cnp->cn_cred, dvp->v_mount,
2362 dvp, tvp, cnp);
2363 if (error)
2364 goto bad;
2365 }
2366 #endif
2367 #ifdef UFS_ACL
2368 if (acl != NULL) {
2369 /*
2370 * XXX: If we abort now, will Soft Updates notify the extattr
2371 * code that the EAs for the file need to be released?
2372 */
2373 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cnp->cn_cred,
2374 cnp->cn_thread);
2375 switch (error) {
2376 case 0:
2377 break;
2378
2379 case EOPNOTSUPP:
2380 /*
2381 * XXX: This should not happen, as EOPNOTSUPP above was
2382 * supposed to free acl.
2383 */
2384 printf("ufs_makeinode: VOP_GETACL() but no "
2385 "VOP_SETACL()\n");
2386 /* panic("ufs_makeinode: VOP_GETACL() but no "
2387 "VOP_SETACL()"); */
2388 break;
2389
2390 default:
2391 uma_zfree(acl_zone, acl);
2392 goto bad;
2393 }
2394 uma_zfree(acl_zone, acl);
2395 }
2396 #endif /* !UFS_ACL */
2397 ufs_makedirentry(ip, cnp, &newdir);
2398 error = ufs_direnter(dvp, tvp, &newdir, cnp, NULL);
2399 if (error)
2400 goto bad;
2401 *vpp = tvp;
2402 return (0);
2403
2404 bad:
2405 /*
2406 * Write error occurred trying to update the inode
2407 * or the directory so must deallocate the inode.
2408 */
2409 ip->i_effnlink = 0;
2410 ip->i_nlink = 0;
2411 DIP_SET(ip, i_nlink, 0);
2412 ip->i_flag |= IN_CHANGE;
2413 if (DOINGSOFTDEP(tvp))
2414 softdep_change_linkcnt(ip);
2415 vput(tvp);
2416 return (error);
2417 }
2418
2419 /* Global vfs data structures for ufs. */
2420 struct vop_vector ufs_vnodeops = {
2421 .vop_default = &default_vnodeops,
2422 .vop_fsync = VOP_PANIC,
2423 .vop_read = VOP_PANIC,
2424 .vop_reallocblks = VOP_PANIC,
2425 .vop_write = VOP_PANIC,
2426 .vop_access = ufs_access,
2427 .vop_advlock = ufs_advlock,
2428 .vop_bmap = ufs_bmap,
2429 .vop_cachedlookup = ufs_lookup,
2430 .vop_close = ufs_close,
2431 .vop_create = ufs_create,
2432 .vop_getattr = ufs_getattr,
2433 .vop_inactive = ufs_inactive,
2434 .vop_link = ufs_link,
2435 .vop_lookup = vfs_cache_lookup,
2436 .vop_mkdir = ufs_mkdir,
2437 .vop_mknod = ufs_mknod,
2438 .vop_open = ufs_open,
2439 .vop_pathconf = ufs_pathconf,
2440 .vop_poll = vop_stdpoll,
2441 .vop_print = ufs_print,
2442 .vop_readdir = ufs_readdir,
2443 .vop_readlink = ufs_readlink,
2444 .vop_reclaim = ufs_reclaim,
2445 .vop_remove = ufs_remove,
2446 .vop_rename = ufs_rename,
2447 .vop_rmdir = ufs_rmdir,
2448 .vop_setattr = ufs_setattr,
2449 #ifdef MAC
2450 .vop_setlabel = vop_stdsetlabel_ea,
2451 #endif
2452 .vop_strategy = ufs_strategy,
2453 .vop_symlink = ufs_symlink,
2454 .vop_whiteout = ufs_whiteout,
2455 #ifdef UFS_EXTATTR
2456 .vop_getextattr = ufs_getextattr,
2457 .vop_deleteextattr = ufs_deleteextattr,
2458 .vop_setextattr = ufs_setextattr,
2459 #endif
2460 #ifdef UFS_ACL
2461 .vop_getacl = ufs_getacl,
2462 .vop_setacl = ufs_setacl,
2463 .vop_aclcheck = ufs_aclcheck,
2464 #endif
2465 };
2466
2467 struct vop_vector ufs_fifoops = {
2468 .vop_default = &fifo_specops,
2469 .vop_fsync = VOP_PANIC,
2470 .vop_access = ufs_access,
2471 .vop_close = ufsfifo_close,
2472 .vop_getattr = ufs_getattr,
2473 .vop_inactive = ufs_inactive,
2474 .vop_kqfilter = ufsfifo_kqfilter,
2475 .vop_print = ufs_print,
2476 .vop_read = VOP_PANIC,
2477 .vop_reclaim = ufs_reclaim,
2478 .vop_setattr = ufs_setattr,
2479 #ifdef MAC
2480 .vop_setlabel = vop_stdsetlabel_ea,
2481 #endif
2482 .vop_write = VOP_PANIC,
2483 #ifdef UFS_EXTATTR
2484 .vop_getextattr = ufs_getextattr,
2485 .vop_deleteextattr = ufs_deleteextattr,
2486 .vop_setextattr = ufs_setextattr,
2487 #endif
2488 #ifdef UFS_ACL
2489 .vop_getacl = ufs_getacl,
2490 .vop_setacl = ufs_setacl,
2491 .vop_aclcheck = ufs_aclcheck,
2492 #endif
2493 };
Cache object: 39b3b2aebd42d7d1d4112db2cd08c773
|