ufs_vnops.c revision 141521
1/*- 2 * Copyright (c) 1982, 1986, 1989, 1993, 1995 3 * The Regents of the University of California. All rights reserved. 4 * (c) UNIX System Laboratories, Inc. 5 * All or some portions of this file are derived from material licensed 6 * to the University of California by American Telephone and Telegraph 7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 8 * the permission of UNIX System Laboratories, Inc. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 4. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * @(#)ufs_vnops.c 8.27 (Berkeley) 5/27/95 35 */ 36 37#include <sys/cdefs.h> 38__FBSDID("$FreeBSD: head/sys/ufs/ufs/ufs_vnops.c 141521 2005-02-08 15:54:30Z phk $"); 39 40#include "opt_mac.h" 41#include "opt_quota.h" 42#include "opt_suiddir.h" 43#include "opt_ufs.h" 44#include "opt_ffs.h" 45 46#include <sys/param.h> 47#include <sys/systm.h> 48#include <sys/malloc.h> 49#include <sys/namei.h> 50#include <sys/kernel.h> 51#include <sys/fcntl.h> 52#include <sys/stat.h> 53#include <sys/bio.h> 54#include <sys/buf.h> 55#include <sys/mount.h> 56#include <sys/unistd.h> 57#include <sys/vnode.h> 58#include <sys/dirent.h> 59#include <sys/lockf.h> 60#include <sys/event.h> 61#include <sys/conf.h> 62#include <sys/acl.h> 63#include <sys/mac.h> 64 65#include <machine/mutex.h> 66 67#include <sys/file.h> /* XXX */ 68 69#include <vm/vm.h> 70#include <vm/vm_extern.h> 71 72#include <fs/fifofs/fifo.h> 73 74#include <ufs/ufs/acl.h> 75#include <ufs/ufs/extattr.h> 76#include <ufs/ufs/quota.h> 77#include <ufs/ufs/inode.h> 78#include <ufs/ufs/dir.h> 79#include <ufs/ufs/ufsmount.h> 80#include <ufs/ufs/ufs_extern.h> 81#ifdef UFS_DIRHASH 82#include <ufs/ufs/dirhash.h> 83#endif 84 85#include <ufs/ffs/ffs_extern.h> 86 87static vop_access_t ufs_access; 88static vop_advlock_t ufs_advlock; 89static int ufs_chmod(struct vnode *, int, struct ucred *, struct thread *); 90static int ufs_chown(struct vnode *, uid_t, gid_t, struct ucred *, struct thread *); 91static vop_close_t ufs_close; 92static vop_create_t ufs_create; 93static vop_getattr_t ufs_getattr; 94static vop_link_t ufs_link; 95static int ufs_makeinode(int mode, struct vnode *, struct vnode **, struct componentname *); 96static vop_mkdir_t ufs_mkdir; 97static vop_mknod_t ufs_mknod; 98static vop_open_t ufs_open; 99static vop_pathconf_t ufs_pathconf; 100static vop_print_t ufs_print; 101static vop_readlink_t ufs_readlink; 102static vop_remove_t ufs_remove; 103static vop_rename_t ufs_rename; 104static vop_rmdir_t ufs_rmdir; 105static vop_setattr_t ufs_setattr; 106static vop_strategy_t ufs_strategy; 107static vop_symlink_t ufs_symlink; 108static vop_whiteout_t ufs_whiteout; 109static vop_close_t ufsfifo_close; 110static vop_kqfilter_t ufsfifo_kqfilter; 111static int filt_ufsread(struct knote *kn, long hint); 112static int filt_ufswrite(struct knote *kn, long hint); 113static int filt_ufsvnode(struct knote *kn, long hint); 114static void filt_ufsdetach(struct knote *kn); 115static vop_kqfilter_t ufs_kqfilter; 116 117/* 118 * A virgin directory (no blushing please). 119 */ 120static struct dirtemplate mastertemplate = { 121 0, 12, DT_DIR, 1, ".", 122 0, DIRBLKSIZ - 12, DT_DIR, 2, ".." 123}; 124static struct odirtemplate omastertemplate = { 125 0, 12, 1, ".", 126 0, DIRBLKSIZ - 12, 2, ".." 127}; 128 129void 130ufs_itimes(vp) 131 struct vnode *vp; 132{ 133 struct inode *ip; 134 struct timespec ts; 135 136 ip = VTOI(vp); 137 if ((ip->i_flag & (IN_ACCESS | IN_CHANGE | IN_UPDATE)) == 0) 138 return; 139 if ((vp->v_type == VBLK || vp->v_type == VCHR) && !DOINGSOFTDEP(vp)) 140 ip->i_flag |= IN_LAZYMOD; 141 else 142 ip->i_flag |= IN_MODIFIED; 143 if ((vp->v_mount->mnt_flag & MNT_RDONLY) == 0) { 144 vfs_timestamp(&ts); 145 if (ip->i_flag & IN_ACCESS) { 146 DIP_SET(ip, i_atime, ts.tv_sec); 147 DIP_SET(ip, i_atimensec, ts.tv_nsec); 148 } 149 if (ip->i_flag & IN_UPDATE) { 150 DIP_SET(ip, i_mtime, ts.tv_sec); 151 DIP_SET(ip, i_mtimensec, ts.tv_nsec); 152 ip->i_modrev++; 153 } 154 if (ip->i_flag & IN_CHANGE) { 155 DIP_SET(ip, i_ctime, ts.tv_sec); 156 DIP_SET(ip, i_ctimensec, ts.tv_nsec); 157 } 158 } 159 ip->i_flag &= ~(IN_ACCESS | IN_CHANGE | IN_UPDATE); 160} 161 162/* 163 * Create a regular file 164 */ 165static int 166ufs_create(ap) 167 struct vop_create_args /* { 168 struct vnode *a_dvp; 169 struct vnode **a_vpp; 170 struct componentname *a_cnp; 171 struct vattr *a_vap; 172 } */ *ap; 173{ 174 int error; 175 176 error = 177 ufs_makeinode(MAKEIMODE(ap->a_vap->va_type, ap->a_vap->va_mode), 178 ap->a_dvp, ap->a_vpp, ap->a_cnp); 179 if (error) 180 return (error); 181 VN_KNOTE_UNLOCKED(ap->a_dvp, NOTE_WRITE); 182 return (0); 183} 184 185/* 186 * Mknod vnode call 187 */ 188/* ARGSUSED */ 189static int 190ufs_mknod(ap) 191 struct vop_mknod_args /* { 192 struct vnode *a_dvp; 193 struct vnode **a_vpp; 194 struct componentname *a_cnp; 195 struct vattr *a_vap; 196 } */ *ap; 197{ 198 struct vattr *vap = ap->a_vap; 199 struct vnode **vpp = ap->a_vpp; 200 struct inode *ip; 201 ino_t ino; 202 int error; 203 204 error = ufs_makeinode(MAKEIMODE(vap->va_type, vap->va_mode), 205 ap->a_dvp, vpp, ap->a_cnp); 206 if (error) 207 return (error); 208 VN_KNOTE_UNLOCKED(ap->a_dvp, NOTE_WRITE); 209 ip = VTOI(*vpp); 210 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE; 211 if (vap->va_rdev != VNOVAL) { 212 /* 213 * Want to be able to use this to make badblock 214 * inodes, so don't truncate the dev number. 215 */ 216 DIP_SET(ip, i_rdev, vap->va_rdev); 217 } 218 /* 219 * Remove inode, then reload it through VFS_VGET so it is 220 * checked to see if it is an alias of an existing entry in 221 * the inode cache. 222 */ 223 vput(*vpp); 224 (*vpp)->v_type = VNON; 225 ino = ip->i_number; /* Save this before vgone() invalidates ip. */ 226 vgone(*vpp); 227 error = VFS_VGET(ap->a_dvp->v_mount, ino, LK_EXCLUSIVE, vpp); 228 if (error) { 229 *vpp = NULL; 230 return (error); 231 } 232 return (0); 233} 234 235/* 236 * Open called. 237 */ 238/* ARGSUSED */ 239static int 240ufs_open(struct vop_open_args *ap) 241{ 242 struct vnode *vp = ap->a_vp; 243 struct inode *ip; 244 245 if (vp->v_type == VCHR || vp->v_type == VBLK) 246 return (EOPNOTSUPP); 247 248 ip = VTOI(vp); 249 /* 250 * Files marked append-only must be opened for appending. 251 */ 252 if ((ip->i_flags & APPEND) && 253 (ap->a_mode & (FWRITE | O_APPEND)) == FWRITE) 254 return (EPERM); 255 vnode_create_vobject(vp, DIP(ip, i_size), ap->a_td); 256 return (0); 257} 258 259/* 260 * Close called. 261 * 262 * Update the times on the inode. 263 */ 264/* ARGSUSED */ 265static int 266ufs_close(ap) 267 struct vop_close_args /* { 268 struct vnode *a_vp; 269 int a_fflag; 270 struct ucred *a_cred; 271 struct thread *a_td; 272 } */ *ap; 273{ 274 struct vnode *vp = ap->a_vp; 275 struct mount *mp; 276 277 VI_LOCK(vp); 278 if (vp->v_usecount > 1) { 279 ufs_itimes(vp); 280 VI_UNLOCK(vp); 281 } else { 282 VI_UNLOCK(vp); 283 /* 284 * If we are closing the last reference to an unlinked 285 * file, then it will be freed by the inactive routine. 286 * Because the freeing causes a the filesystem to be 287 * modified, it must be held up during periods when the 288 * filesystem is suspended. 289 * 290 * XXX - EAGAIN is returned to prevent vn_close from 291 * repeating the vrele operation. 292 */ 293 if (vp->v_type == VREG && VTOI(vp)->i_effnlink == 0) { 294 (void) vn_start_write(vp, &mp, V_WAIT); 295 vrele(vp); 296 vn_finished_write(mp); 297 return (EAGAIN); 298 } 299 } 300 return (0); 301} 302 303static int 304ufs_access(ap) 305 struct vop_access_args /* { 306 struct vnode *a_vp; 307 int a_mode; 308 struct ucred *a_cred; 309 struct thread *a_td; 310 } */ *ap; 311{ 312 struct vnode *vp = ap->a_vp; 313 struct inode *ip = VTOI(vp); 314 mode_t mode = ap->a_mode; 315 int error; 316#ifdef UFS_ACL 317 struct acl *acl; 318#endif 319 320 /* 321 * Disallow write attempts on read-only filesystems; 322 * unless the file is a socket, fifo, or a block or 323 * character device resident on the filesystem. 324 */ 325 if (mode & VWRITE) { 326 switch (vp->v_type) { 327 case VDIR: 328 case VLNK: 329 case VREG: 330 if (vp->v_mount->mnt_flag & MNT_RDONLY) 331 return (EROFS); 332#ifdef QUOTA 333 if ((error = getinoquota(ip)) != 0) 334 return (error); 335#endif 336 break; 337 default: 338 break; 339 } 340 } 341 342 /* If immutable bit set, nobody gets to write it. */ 343 if ((mode & VWRITE) && (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT))) 344 return (EPERM); 345 346#ifdef UFS_ACL 347 if ((vp->v_mount->mnt_flag & MNT_ACLS) != 0) { 348 MALLOC(acl, struct acl *, sizeof(*acl), M_ACL, M_WAITOK); 349 error = VOP_GETACL(vp, ACL_TYPE_ACCESS, acl, ap->a_cred, 350 ap->a_td); 351 switch (error) { 352 case EOPNOTSUPP: 353 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, 354 ip->i_gid, ap->a_mode, ap->a_cred, NULL); 355 break; 356 case 0: 357 error = vaccess_acl_posix1e(vp->v_type, ip->i_uid, 358 ip->i_gid, acl, ap->a_mode, ap->a_cred, NULL); 359 break; 360 default: 361 printf( 362"ufs_access(): Error retrieving ACL on object (%d).\n", 363 error); 364 /* 365 * XXX: Fall back until debugged. Should 366 * eventually possibly log an error, and return 367 * EPERM for safety. 368 */ 369 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, 370 ip->i_gid, ap->a_mode, ap->a_cred, NULL); 371 } 372 FREE(acl, M_ACL); 373 } else 374#endif /* !UFS_ACL */ 375 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, ip->i_gid, 376 ap->a_mode, ap->a_cred, NULL); 377 return (error); 378} 379 380/* ARGSUSED */ 381static int 382ufs_getattr(ap) 383 struct vop_getattr_args /* { 384 struct vnode *a_vp; 385 struct vattr *a_vap; 386 struct ucred *a_cred; 387 struct thread *a_td; 388 } */ *ap; 389{ 390 struct vnode *vp = ap->a_vp; 391 struct inode *ip = VTOI(vp); 392 struct vattr *vap = ap->a_vap; 393 394 ufs_itimes(vp); 395 /* 396 * Copy from inode table 397 */ 398 vap->va_fsid = dev2udev(ip->i_dev); 399 vap->va_fileid = ip->i_number; 400 vap->va_mode = ip->i_mode & ~IFMT; 401 vap->va_nlink = ip->i_effnlink; 402 vap->va_uid = ip->i_uid; 403 vap->va_gid = ip->i_gid; 404 if (ip->i_ump->um_fstype == UFS1) { 405 vap->va_rdev = ip->i_din1->di_rdev; 406 vap->va_size = ip->i_din1->di_size; 407 vap->va_atime.tv_sec = ip->i_din1->di_atime; 408 vap->va_atime.tv_nsec = ip->i_din1->di_atimensec; 409 vap->va_mtime.tv_sec = ip->i_din1->di_mtime; 410 vap->va_mtime.tv_nsec = ip->i_din1->di_mtimensec; 411 vap->va_ctime.tv_sec = ip->i_din1->di_ctime; 412 vap->va_ctime.tv_nsec = ip->i_din1->di_ctimensec; 413 vap->va_birthtime.tv_sec = 0; 414 vap->va_birthtime.tv_nsec = 0; 415 vap->va_bytes = dbtob((u_quad_t)ip->i_din1->di_blocks); 416 } else { 417 vap->va_rdev = ip->i_din2->di_rdev; 418 vap->va_size = ip->i_din2->di_size; 419 vap->va_atime.tv_sec = ip->i_din2->di_atime; 420 vap->va_atime.tv_nsec = ip->i_din2->di_atimensec; 421 vap->va_mtime.tv_sec = ip->i_din2->di_mtime; 422 vap->va_mtime.tv_nsec = ip->i_din2->di_mtimensec; 423 vap->va_ctime.tv_sec = ip->i_din2->di_ctime; 424 vap->va_ctime.tv_nsec = ip->i_din2->di_ctimensec; 425 vap->va_birthtime.tv_sec = ip->i_din2->di_birthtime; 426 vap->va_birthtime.tv_nsec = ip->i_din2->di_birthnsec; 427 vap->va_bytes = dbtob((u_quad_t)ip->i_din2->di_blocks); 428 } 429 vap->va_flags = ip->i_flags; 430 vap->va_gen = ip->i_gen; 431 vap->va_blocksize = vp->v_mount->mnt_stat.f_iosize; 432 vap->va_type = IFTOVT(ip->i_mode); 433 vap->va_filerev = ip->i_modrev; 434 return (0); 435} 436 437/* 438 * Set attribute vnode op. called from several syscalls 439 */ 440static int 441ufs_setattr(ap) 442 struct vop_setattr_args /* { 443 struct vnode *a_vp; 444 struct vattr *a_vap; 445 struct ucred *a_cred; 446 struct thread *a_td; 447 } */ *ap; 448{ 449 struct vattr *vap = ap->a_vap; 450 struct vnode *vp = ap->a_vp; 451 struct inode *ip = VTOI(vp); 452 struct ucred *cred = ap->a_cred; 453 struct thread *td = ap->a_td; 454 int error; 455 456 /* 457 * Check for unsettable attributes. 458 */ 459 if ((vap->va_type != VNON) || (vap->va_nlink != VNOVAL) || 460 (vap->va_fsid != VNOVAL) || (vap->va_fileid != VNOVAL) || 461 (vap->va_blocksize != VNOVAL) || (vap->va_rdev != VNOVAL) || 462 ((int)vap->va_bytes != VNOVAL) || (vap->va_gen != VNOVAL)) { 463 return (EINVAL); 464 } 465 if (vap->va_flags != VNOVAL) { 466 if (vp->v_mount->mnt_flag & MNT_RDONLY) 467 return (EROFS); 468 /* 469 * Callers may only modify the file flags on objects they 470 * have VADMIN rights for. 471 */ 472 if ((error = VOP_ACCESS(vp, VADMIN, cred, td))) 473 return (error); 474 /* 475 * Unprivileged processes and privileged processes in 476 * jail() are not permitted to unset system flags, or 477 * modify flags if any system flags are set. 478 * Privileged non-jail processes may not modify system flags 479 * if securelevel > 0 and any existing system flags are set. 480 */ 481 if (!suser_cred(cred, 0)) { 482 if (ip->i_flags 483 & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) { 484 error = securelevel_gt(cred, 0); 485 if (error) 486 return (error); 487 } 488 /* Snapshot flag cannot be set or cleared */ 489 if (((vap->va_flags & SF_SNAPSHOT) != 0 && 490 (ip->i_flags & SF_SNAPSHOT) == 0) || 491 ((vap->va_flags & SF_SNAPSHOT) == 0 && 492 (ip->i_flags & SF_SNAPSHOT) != 0)) 493 return (EPERM); 494 ip->i_flags = vap->va_flags; 495 DIP_SET(ip, i_flags, vap->va_flags); 496 } else { 497 if (ip->i_flags 498 & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND) || 499 (vap->va_flags & UF_SETTABLE) != vap->va_flags) 500 return (EPERM); 501 ip->i_flags &= SF_SETTABLE; 502 ip->i_flags |= (vap->va_flags & UF_SETTABLE); 503 DIP_SET(ip, i_flags, ip->i_flags); 504 } 505 ip->i_flag |= IN_CHANGE; 506 if (vap->va_flags & (IMMUTABLE | APPEND)) 507 return (0); 508 } 509 if (ip->i_flags & (IMMUTABLE | APPEND)) 510 return (EPERM); 511 /* 512 * Go through the fields and update iff not VNOVAL. 513 */ 514 if (vap->va_uid != (uid_t)VNOVAL || vap->va_gid != (gid_t)VNOVAL) { 515 if (vp->v_mount->mnt_flag & MNT_RDONLY) 516 return (EROFS); 517 if ((error = ufs_chown(vp, vap->va_uid, vap->va_gid, cred, 518 td)) != 0) 519 return (error); 520 } 521 if (vap->va_size != VNOVAL) { 522 /* 523 * Disallow write attempts on read-only filesystems; 524 * unless the file is a socket, fifo, or a block or 525 * character device resident on the filesystem. 526 */ 527 switch (vp->v_type) { 528 case VDIR: 529 return (EISDIR); 530 case VLNK: 531 case VREG: 532 if (vp->v_mount->mnt_flag & MNT_RDONLY) 533 return (EROFS); 534 if ((ip->i_flags & SF_SNAPSHOT) != 0) 535 return (EPERM); 536 break; 537 default: 538 break; 539 } 540 if ((error = UFS_TRUNCATE(vp, vap->va_size, IO_NORMAL, 541 cred, td)) != 0) 542 return (error); 543 } 544 if (vap->va_atime.tv_sec != VNOVAL || 545 vap->va_mtime.tv_sec != VNOVAL || 546 vap->va_birthtime.tv_sec != VNOVAL) { 547 if (vp->v_mount->mnt_flag & MNT_RDONLY) 548 return (EROFS); 549 if ((ip->i_flags & SF_SNAPSHOT) != 0) 550 return (EPERM); 551 /* 552 * From utimes(2): 553 * If times is NULL, ... The caller must be the owner of 554 * the file, have permission to write the file, or be the 555 * super-user. 556 * If times is non-NULL, ... The caller must be the owner of 557 * the file or be the super-user. 558 */ 559 if ((error = VOP_ACCESS(vp, VADMIN, cred, td)) && 560 ((vap->va_vaflags & VA_UTIMES_NULL) == 0 || 561 (error = VOP_ACCESS(vp, VWRITE, cred, td)))) 562 return (error); 563 if (vap->va_atime.tv_sec != VNOVAL) 564 ip->i_flag |= IN_ACCESS; 565 if (vap->va_mtime.tv_sec != VNOVAL) 566 ip->i_flag |= IN_CHANGE | IN_UPDATE; 567 if (vap->va_birthtime.tv_sec != VNOVAL && 568 ip->i_ump->um_fstype == UFS2) 569 ip->i_flag |= IN_MODIFIED; 570 ufs_itimes(vp); 571 if (vap->va_atime.tv_sec != VNOVAL) { 572 DIP_SET(ip, i_atime, vap->va_atime.tv_sec); 573 DIP_SET(ip, i_atimensec, vap->va_atime.tv_nsec); 574 } 575 if (vap->va_mtime.tv_sec != VNOVAL) { 576 DIP_SET(ip, i_mtime, vap->va_mtime.tv_sec); 577 DIP_SET(ip, i_mtimensec, vap->va_mtime.tv_nsec); 578 } 579 if (vap->va_birthtime.tv_sec != VNOVAL && 580 ip->i_ump->um_fstype == UFS2) { 581 ip->i_din2->di_birthtime = vap->va_birthtime.tv_sec; 582 ip->i_din2->di_birthnsec = vap->va_birthtime.tv_nsec; 583 } 584 error = UFS_UPDATE(vp, 0); 585 if (error) 586 return (error); 587 } 588 error = 0; 589 if (vap->va_mode != (mode_t)VNOVAL) { 590 if (vp->v_mount->mnt_flag & MNT_RDONLY) 591 return (EROFS); 592 if ((ip->i_flags & SF_SNAPSHOT) != 0 && (vap->va_mode & 593 (S_IXUSR | S_IWUSR | S_IXGRP | S_IWGRP | S_IXOTH | S_IWOTH))) 594 return (EPERM); 595 error = ufs_chmod(vp, (int)vap->va_mode, cred, td); 596 } 597 VN_KNOTE_UNLOCKED(vp, NOTE_ATTRIB); 598 return (error); 599} 600 601/* 602 * Change the mode on a file. 603 * Inode must be locked before calling. 604 */ 605static int 606ufs_chmod(vp, mode, cred, td) 607 struct vnode *vp; 608 int mode; 609 struct ucred *cred; 610 struct thread *td; 611{ 612 struct inode *ip = VTOI(vp); 613 int error; 614 615 /* 616 * To modify the permissions on a file, must possess VADMIN 617 * for that file. 618 */ 619 if ((error = VOP_ACCESS(vp, VADMIN, cred, td))) 620 return (error); 621 /* 622 * Privileged processes may set the sticky bit on non-directories, 623 * as well as set the setgid bit on a file with a group that the 624 * process is not a member of. Both of these are allowed in 625 * jail(8). 626 */ 627 if (vp->v_type != VDIR && (mode & S_ISTXT)) { 628 if (suser_cred(cred, SUSER_ALLOWJAIL)) 629 return (EFTYPE); 630 } 631 if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) { 632 error = suser_cred(cred, SUSER_ALLOWJAIL); 633 if (error) 634 return (error); 635 } 636 ip->i_mode &= ~ALLPERMS; 637 ip->i_mode |= (mode & ALLPERMS); 638 DIP_SET(ip, i_mode, ip->i_mode); 639 ip->i_flag |= IN_CHANGE; 640 return (0); 641} 642 643/* 644 * Perform chown operation on inode ip; 645 * inode must be locked prior to call. 646 */ 647static int 648ufs_chown(vp, uid, gid, cred, td) 649 struct vnode *vp; 650 uid_t uid; 651 gid_t gid; 652 struct ucred *cred; 653 struct thread *td; 654{ 655 struct inode *ip = VTOI(vp); 656 uid_t ouid; 657 gid_t ogid; 658 int error = 0; 659#ifdef QUOTA 660 int i; 661 ufs2_daddr_t change; 662#endif 663 664 if (uid == (uid_t)VNOVAL) 665 uid = ip->i_uid; 666 if (gid == (gid_t)VNOVAL) 667 gid = ip->i_gid; 668 /* 669 * To modify the ownership of a file, must possess VADMIN 670 * for that file. 671 */ 672 if ((error = VOP_ACCESS(vp, VADMIN, cred, td))) 673 return (error); 674 /* 675 * To change the owner of a file, or change the group of a file 676 * to a group of which we are not a member, the caller must 677 * have privilege. 678 */ 679 if ((uid != ip->i_uid || 680 (gid != ip->i_gid && !groupmember(gid, cred))) && 681 (error = suser_cred(cred, SUSER_ALLOWJAIL))) 682 return (error); 683 ogid = ip->i_gid; 684 ouid = ip->i_uid; 685#ifdef QUOTA 686 if ((error = getinoquota(ip)) != 0) 687 return (error); 688 if (ouid == uid) { 689 dqrele(vp, ip->i_dquot[USRQUOTA]); 690 ip->i_dquot[USRQUOTA] = NODQUOT; 691 } 692 if (ogid == gid) { 693 dqrele(vp, ip->i_dquot[GRPQUOTA]); 694 ip->i_dquot[GRPQUOTA] = NODQUOT; 695 } 696 change = DIP(ip, i_blocks); 697 (void) chkdq(ip, -change, cred, CHOWN); 698 (void) chkiq(ip, -1, cred, CHOWN); 699 for (i = 0; i < MAXQUOTAS; i++) { 700 dqrele(vp, ip->i_dquot[i]); 701 ip->i_dquot[i] = NODQUOT; 702 } 703#endif 704 ip->i_gid = gid; 705 DIP_SET(ip, i_gid, gid); 706 ip->i_uid = uid; 707 DIP_SET(ip, i_uid, uid); 708#ifdef QUOTA 709 if ((error = getinoquota(ip)) == 0) { 710 if (ouid == uid) { 711 dqrele(vp, ip->i_dquot[USRQUOTA]); 712 ip->i_dquot[USRQUOTA] = NODQUOT; 713 } 714 if (ogid == gid) { 715 dqrele(vp, ip->i_dquot[GRPQUOTA]); 716 ip->i_dquot[GRPQUOTA] = NODQUOT; 717 } 718 if ((error = chkdq(ip, change, cred, CHOWN)) == 0) { 719 if ((error = chkiq(ip, 1, cred, CHOWN)) == 0) 720 goto good; 721 else 722 (void) chkdq(ip, -change, cred, CHOWN|FORCE); 723 } 724 for (i = 0; i < MAXQUOTAS; i++) { 725 dqrele(vp, ip->i_dquot[i]); 726 ip->i_dquot[i] = NODQUOT; 727 } 728 } 729 ip->i_gid = ogid; 730 DIP_SET(ip, i_gid, ogid); 731 ip->i_uid = ouid; 732 DIP_SET(ip, i_uid, ouid); 733 if (getinoquota(ip) == 0) { 734 if (ouid == uid) { 735 dqrele(vp, ip->i_dquot[USRQUOTA]); 736 ip->i_dquot[USRQUOTA] = NODQUOT; 737 } 738 if (ogid == gid) { 739 dqrele(vp, ip->i_dquot[GRPQUOTA]); 740 ip->i_dquot[GRPQUOTA] = NODQUOT; 741 } 742 (void) chkdq(ip, change, cred, FORCE|CHOWN); 743 (void) chkiq(ip, 1, cred, FORCE|CHOWN); 744 (void) getinoquota(ip); 745 } 746 return (error); 747good: 748 if (getinoquota(ip)) 749 panic("ufs_chown: lost quota"); 750#endif /* QUOTA */ 751 ip->i_flag |= IN_CHANGE; 752 if (suser_cred(cred, SUSER_ALLOWJAIL) && (ouid != uid || ogid != gid)) { 753 ip->i_mode &= ~(ISUID | ISGID); 754 DIP_SET(ip, i_mode, ip->i_mode); 755 } 756 return (0); 757} 758 759static int 760ufs_remove(ap) 761 struct vop_remove_args /* { 762 struct vnode *a_dvp; 763 struct vnode *a_vp; 764 struct componentname *a_cnp; 765 } */ *ap; 766{ 767 struct inode *ip; 768 struct vnode *vp = ap->a_vp; 769 struct vnode *dvp = ap->a_dvp; 770 int error; 771 772 ip = VTOI(vp); 773 if ((ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) || 774 (VTOI(dvp)->i_flags & APPEND)) { 775 error = EPERM; 776 goto out; 777 } 778 error = ufs_dirremove(dvp, ip, ap->a_cnp->cn_flags, 0); 779 if (ip->i_nlink <= 0) 780 vp->v_vflag |= VV_NOSYNC; 781 VN_KNOTE_UNLOCKED(vp, NOTE_DELETE); 782 VN_KNOTE_UNLOCKED(dvp, NOTE_WRITE); 783out: 784 return (error); 785} 786 787/* 788 * link vnode call 789 */ 790static int 791ufs_link(ap) 792 struct vop_link_args /* { 793 struct vnode *a_tdvp; 794 struct vnode *a_vp; 795 struct componentname *a_cnp; 796 } */ *ap; 797{ 798 struct vnode *vp = ap->a_vp; 799 struct vnode *tdvp = ap->a_tdvp; 800 struct componentname *cnp = ap->a_cnp; 801 struct inode *ip; 802 struct direct newdir; 803 int error; 804 805#ifdef DIAGNOSTIC 806 if ((cnp->cn_flags & HASBUF) == 0) 807 panic("ufs_link: no name"); 808#endif 809 if (tdvp->v_mount != vp->v_mount) { 810 error = EXDEV; 811 goto out; 812 } 813 ip = VTOI(vp); 814 if ((nlink_t)ip->i_nlink >= LINK_MAX) { 815 error = EMLINK; 816 goto out; 817 } 818 if (ip->i_flags & (IMMUTABLE | APPEND)) { 819 error = EPERM; 820 goto out; 821 } 822 ip->i_effnlink++; 823 ip->i_nlink++; 824 DIP_SET(ip, i_nlink, ip->i_nlink); 825 ip->i_flag |= IN_CHANGE; 826 if (DOINGSOFTDEP(vp)) 827 softdep_change_linkcnt(ip); 828 error = UFS_UPDATE(vp, !(DOINGSOFTDEP(vp) | DOINGASYNC(vp))); 829 if (!error) { 830 ufs_makedirentry(ip, cnp, &newdir); 831 error = ufs_direnter(tdvp, vp, &newdir, cnp, NULL); 832 } 833 834 if (error) { 835 ip->i_effnlink--; 836 ip->i_nlink--; 837 DIP_SET(ip, i_nlink, ip->i_nlink); 838 ip->i_flag |= IN_CHANGE; 839 if (DOINGSOFTDEP(vp)) 840 softdep_change_linkcnt(ip); 841 } 842out: 843 VN_KNOTE_UNLOCKED(vp, NOTE_LINK); 844 VN_KNOTE_UNLOCKED(tdvp, NOTE_WRITE); 845 return (error); 846} 847 848/* 849 * whiteout vnode call 850 */ 851static int 852ufs_whiteout(ap) 853 struct vop_whiteout_args /* { 854 struct vnode *a_dvp; 855 struct componentname *a_cnp; 856 int a_flags; 857 } */ *ap; 858{ 859 struct vnode *dvp = ap->a_dvp; 860 struct componentname *cnp = ap->a_cnp; 861 struct direct newdir; 862 int error = 0; 863 864 switch (ap->a_flags) { 865 case LOOKUP: 866 /* 4.4 format directories support whiteout operations */ 867 if (dvp->v_mount->mnt_maxsymlinklen > 0) 868 return (0); 869 return (EOPNOTSUPP); 870 871 case CREATE: 872 /* create a new directory whiteout */ 873#ifdef DIAGNOSTIC 874 if ((cnp->cn_flags & SAVENAME) == 0) 875 panic("ufs_whiteout: missing name"); 876 if (dvp->v_mount->mnt_maxsymlinklen <= 0) 877 panic("ufs_whiteout: old format filesystem"); 878#endif 879 880 newdir.d_ino = WINO; 881 newdir.d_namlen = cnp->cn_namelen; 882 bcopy(cnp->cn_nameptr, newdir.d_name, (unsigned)cnp->cn_namelen + 1); 883 newdir.d_type = DT_WHT; 884 error = ufs_direnter(dvp, NULL, &newdir, cnp, NULL); 885 break; 886 887 case DELETE: 888 /* remove an existing directory whiteout */ 889#ifdef DIAGNOSTIC 890 if (dvp->v_mount->mnt_maxsymlinklen <= 0) 891 panic("ufs_whiteout: old format filesystem"); 892#endif 893 894 cnp->cn_flags &= ~DOWHITEOUT; 895 error = ufs_dirremove(dvp, NULL, cnp->cn_flags, 0); 896 break; 897 default: 898 panic("ufs_whiteout: unknown op"); 899 } 900 return (error); 901} 902 903/* 904 * Rename system call. 905 * rename("foo", "bar"); 906 * is essentially 907 * unlink("bar"); 908 * link("foo", "bar"); 909 * unlink("foo"); 910 * but ``atomically''. Can't do full commit without saving state in the 911 * inode on disk which isn't feasible at this time. Best we can do is 912 * always guarantee the target exists. 913 * 914 * Basic algorithm is: 915 * 916 * 1) Bump link count on source while we're linking it to the 917 * target. This also ensure the inode won't be deleted out 918 * from underneath us while we work (it may be truncated by 919 * a concurrent `trunc' or `open' for creation). 920 * 2) Link source to destination. If destination already exists, 921 * delete it first. 922 * 3) Unlink source reference to inode if still around. If a 923 * directory was moved and the parent of the destination 924 * is different from the source, patch the ".." entry in the 925 * directory. 926 */ 927static int 928ufs_rename(ap) 929 struct vop_rename_args /* { 930 struct vnode *a_fdvp; 931 struct vnode *a_fvp; 932 struct componentname *a_fcnp; 933 struct vnode *a_tdvp; 934 struct vnode *a_tvp; 935 struct componentname *a_tcnp; 936 } */ *ap; 937{ 938 struct vnode *tvp = ap->a_tvp; 939 struct vnode *tdvp = ap->a_tdvp; 940 struct vnode *fvp = ap->a_fvp; 941 struct vnode *fdvp = ap->a_fdvp; 942 struct componentname *tcnp = ap->a_tcnp; 943 struct componentname *fcnp = ap->a_fcnp; 944 struct thread *td = fcnp->cn_thread; 945 struct inode *ip, *xp, *dp; 946 struct direct newdir; 947 int doingdirectory = 0, oldparent = 0, newparent = 0; 948 int error = 0, ioflag; 949 950#ifdef DIAGNOSTIC 951 if ((tcnp->cn_flags & HASBUF) == 0 || 952 (fcnp->cn_flags & HASBUF) == 0) 953 panic("ufs_rename: no name"); 954#endif 955 /* 956 * Check for cross-device rename. 957 */ 958 if ((fvp->v_mount != tdvp->v_mount) || 959 (tvp && (fvp->v_mount != tvp->v_mount))) { 960 error = EXDEV; 961abortit: 962 if (tdvp == tvp) 963 vrele(tdvp); 964 else 965 vput(tdvp); 966 if (tvp) 967 vput(tvp); 968 vrele(fdvp); 969 vrele(fvp); 970 return (error); 971 } 972 973 if (tvp && ((VTOI(tvp)->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) || 974 (VTOI(tdvp)->i_flags & APPEND))) { 975 error = EPERM; 976 goto abortit; 977 } 978 979 /* 980 * Renaming a file to itself has no effect. The upper layers should 981 * not call us in that case. Temporarily just warn if they do. 982 */ 983 if (fvp == tvp) { 984 printf("ufs_rename: fvp == tvp (can't happen)\n"); 985 error = 0; 986 goto abortit; 987 } 988 989 if ((error = vn_lock(fvp, LK_EXCLUSIVE, td)) != 0) 990 goto abortit; 991 dp = VTOI(fdvp); 992 ip = VTOI(fvp); 993 if (ip->i_nlink >= LINK_MAX) { 994 VOP_UNLOCK(fvp, 0, td); 995 error = EMLINK; 996 goto abortit; 997 } 998 if ((ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) 999 || (dp->i_flags & APPEND)) { 1000 VOP_UNLOCK(fvp, 0, td); 1001 error = EPERM; 1002 goto abortit; 1003 } 1004 if ((ip->i_mode & IFMT) == IFDIR) { 1005 /* 1006 * Avoid ".", "..", and aliases of "." for obvious reasons. 1007 */ 1008 if ((fcnp->cn_namelen == 1 && fcnp->cn_nameptr[0] == '.') || 1009 dp == ip || (fcnp->cn_flags | tcnp->cn_flags) & ISDOTDOT || 1010 (ip->i_flag & IN_RENAME)) { 1011 VOP_UNLOCK(fvp, 0, td); 1012 error = EINVAL; 1013 goto abortit; 1014 } 1015 ip->i_flag |= IN_RENAME; 1016 oldparent = dp->i_number; 1017 doingdirectory = 1; 1018 } 1019 VN_KNOTE_UNLOCKED(fdvp, NOTE_WRITE); /* XXX right place? */ 1020 vrele(fdvp); 1021 1022 /* 1023 * When the target exists, both the directory 1024 * and target vnodes are returned locked. 1025 */ 1026 dp = VTOI(tdvp); 1027 xp = NULL; 1028 if (tvp) 1029 xp = VTOI(tvp); 1030 1031 /* 1032 * 1) Bump link count while we're moving stuff 1033 * around. If we crash somewhere before 1034 * completing our work, the link count 1035 * may be wrong, but correctable. 1036 */ 1037 ip->i_effnlink++; 1038 ip->i_nlink++; 1039 DIP_SET(ip, i_nlink, ip->i_nlink); 1040 ip->i_flag |= IN_CHANGE; 1041 if (DOINGSOFTDEP(fvp)) 1042 softdep_change_linkcnt(ip); 1043 if ((error = UFS_UPDATE(fvp, !(DOINGSOFTDEP(fvp) | 1044 DOINGASYNC(fvp)))) != 0) { 1045 VOP_UNLOCK(fvp, 0, td); 1046 goto bad; 1047 } 1048 1049 /* 1050 * If ".." must be changed (ie the directory gets a new 1051 * parent) then the source directory must not be in the 1052 * directory heirarchy above the target, as this would 1053 * orphan everything below the source directory. Also 1054 * the user must have write permission in the source so 1055 * as to be able to change "..". We must repeat the call 1056 * to namei, as the parent directory is unlocked by the 1057 * call to checkpath(). 1058 */ 1059 error = VOP_ACCESS(fvp, VWRITE, tcnp->cn_cred, tcnp->cn_thread); 1060 VOP_UNLOCK(fvp, 0, td); 1061 if (oldparent != dp->i_number) 1062 newparent = dp->i_number; 1063 if (doingdirectory && newparent) { 1064 if (error) /* write access check above */ 1065 goto bad; 1066 if (xp != NULL) 1067 vput(tvp); 1068 error = ufs_checkpath(ip, dp, tcnp->cn_cred); 1069 if (error) 1070 goto out; 1071 if ((tcnp->cn_flags & SAVESTART) == 0) 1072 panic("ufs_rename: lost to startdir"); 1073 VREF(tdvp); 1074 error = relookup(tdvp, &tvp, tcnp); 1075 if (error) 1076 goto out; 1077 vrele(tdvp); 1078 dp = VTOI(tdvp); 1079 xp = NULL; 1080 if (tvp) 1081 xp = VTOI(tvp); 1082 } 1083 /* 1084 * 2) If target doesn't exist, link the target 1085 * to the source and unlink the source. 1086 * Otherwise, rewrite the target directory 1087 * entry to reference the source inode and 1088 * expunge the original entry's existence. 1089 */ 1090 if (xp == NULL) { 1091 if (dp->i_dev != ip->i_dev) 1092 panic("ufs_rename: EXDEV"); 1093 /* 1094 * Account for ".." in new directory. 1095 * When source and destination have the same 1096 * parent we don't fool with the link count. 1097 */ 1098 if (doingdirectory && newparent) { 1099 if ((nlink_t)dp->i_nlink >= LINK_MAX) { 1100 error = EMLINK; 1101 goto bad; 1102 } 1103 dp->i_effnlink++; 1104 dp->i_nlink++; 1105 DIP_SET(dp, i_nlink, dp->i_nlink); 1106 dp->i_flag |= IN_CHANGE; 1107 if (DOINGSOFTDEP(tdvp)) 1108 softdep_change_linkcnt(dp); 1109 error = UFS_UPDATE(tdvp, !(DOINGSOFTDEP(tdvp) | 1110 DOINGASYNC(tdvp))); 1111 if (error) 1112 goto bad; 1113 } 1114 ufs_makedirentry(ip, tcnp, &newdir); 1115 error = ufs_direnter(tdvp, NULL, &newdir, tcnp, NULL); 1116 if (error) { 1117 if (doingdirectory && newparent) { 1118 dp->i_effnlink--; 1119 dp->i_nlink--; 1120 DIP_SET(dp, i_nlink, dp->i_nlink); 1121 dp->i_flag |= IN_CHANGE; 1122 if (DOINGSOFTDEP(tdvp)) 1123 softdep_change_linkcnt(dp); 1124 (void)UFS_UPDATE(tdvp, 1); 1125 } 1126 goto bad; 1127 } 1128 VN_KNOTE_UNLOCKED(tdvp, NOTE_WRITE); 1129 vput(tdvp); 1130 } else { 1131 if (xp->i_dev != dp->i_dev || xp->i_dev != ip->i_dev) 1132 panic("ufs_rename: EXDEV"); 1133 /* 1134 * Short circuit rename(foo, foo). 1135 */ 1136 if (xp->i_number == ip->i_number) 1137 panic("ufs_rename: same file"); 1138 /* 1139 * If the parent directory is "sticky", then the caller 1140 * must possess VADMIN for the parent directory, or the 1141 * destination of the rename. This implements append-only 1142 * directories. 1143 */ 1144 if ((dp->i_mode & S_ISTXT) && 1145 VOP_ACCESS(tdvp, VADMIN, tcnp->cn_cred, td) && 1146 VOP_ACCESS(tvp, VADMIN, tcnp->cn_cred, td)) { 1147 error = EPERM; 1148 goto bad; 1149 } 1150 /* 1151 * Target must be empty if a directory and have no links 1152 * to it. Also, ensure source and target are compatible 1153 * (both directories, or both not directories). 1154 */ 1155 if ((xp->i_mode&IFMT) == IFDIR) { 1156 if ((xp->i_effnlink > 2) || 1157 !ufs_dirempty(xp, dp->i_number, tcnp->cn_cred)) { 1158 error = ENOTEMPTY; 1159 goto bad; 1160 } 1161 if (!doingdirectory) { 1162 error = ENOTDIR; 1163 goto bad; 1164 } 1165 cache_purge(tdvp); 1166 } else if (doingdirectory) { 1167 error = EISDIR; 1168 goto bad; 1169 } 1170 error = ufs_dirrewrite(dp, xp, ip->i_number, 1171 IFTODT(ip->i_mode), 1172 (doingdirectory && newparent) ? newparent : doingdirectory); 1173 if (error) 1174 goto bad; 1175 if (doingdirectory) { 1176 if (!newparent) { 1177 dp->i_effnlink--; 1178 if (DOINGSOFTDEP(tdvp)) 1179 softdep_change_linkcnt(dp); 1180 } 1181 xp->i_effnlink--; 1182 if (DOINGSOFTDEP(tvp)) 1183 softdep_change_linkcnt(xp); 1184 } 1185 if (doingdirectory && !DOINGSOFTDEP(tvp)) { 1186 /* 1187 * Truncate inode. The only stuff left in the directory 1188 * is "." and "..". The "." reference is inconsequential 1189 * since we are quashing it. We have removed the "." 1190 * reference and the reference in the parent directory, 1191 * but there may be other hard links. The soft 1192 * dependency code will arrange to do these operations 1193 * after the parent directory entry has been deleted on 1194 * disk, so when running with that code we avoid doing 1195 * them now. 1196 */ 1197 if (!newparent) { 1198 dp->i_nlink--; 1199 DIP_SET(dp, i_nlink, dp->i_nlink); 1200 dp->i_flag |= IN_CHANGE; 1201 } 1202 xp->i_nlink--; 1203 DIP_SET(xp, i_nlink, xp->i_nlink); 1204 xp->i_flag |= IN_CHANGE; 1205 ioflag = IO_NORMAL; 1206 if (DOINGASYNC(tvp)) 1207 ioflag |= IO_SYNC; 1208 if ((error = UFS_TRUNCATE(tvp, (off_t)0, ioflag, 1209 tcnp->cn_cred, tcnp->cn_thread)) != 0) 1210 goto bad; 1211 } 1212 VN_KNOTE_UNLOCKED(tdvp, NOTE_WRITE); 1213 vput(tdvp); 1214 VN_KNOTE_UNLOCKED(tvp, NOTE_DELETE); 1215 vput(tvp); 1216 xp = NULL; 1217 } 1218 1219 /* 1220 * 3) Unlink the source. 1221 */ 1222 fcnp->cn_flags &= ~MODMASK; 1223 fcnp->cn_flags |= LOCKPARENT | LOCKLEAF; 1224 if ((fcnp->cn_flags & SAVESTART) == 0) 1225 panic("ufs_rename: lost from startdir"); 1226 VREF(fdvp); 1227 error = relookup(fdvp, &fvp, fcnp); 1228 if (error == 0) 1229 vrele(fdvp); 1230 if (fvp != NULL) { 1231 xp = VTOI(fvp); 1232 dp = VTOI(fdvp); 1233 } else { 1234 /* 1235 * From name has disappeared. IN_RENAME is not sufficient 1236 * to protect against directory races due to timing windows, 1237 * so we have to remove the panic. XXX the only real way 1238 * to solve this issue is at a much higher level. By the 1239 * time we hit ufs_rename() it's too late. 1240 */ 1241#if 0 1242 if (doingdirectory) 1243 panic("ufs_rename: lost dir entry"); 1244#endif 1245 vrele(ap->a_fvp); 1246 return (0); 1247 } 1248 /* 1249 * Ensure that the directory entry still exists and has not 1250 * changed while the new name has been entered. If the source is 1251 * a file then the entry may have been unlinked or renamed. In 1252 * either case there is no further work to be done. If the source 1253 * is a directory then it cannot have been rmdir'ed; the IN_RENAME 1254 * flag ensures that it cannot be moved by another rename or removed 1255 * by a rmdir. 1256 */ 1257 if (xp != ip) { 1258 /* 1259 * From name resolves to a different inode. IN_RENAME is 1260 * not sufficient protection against timing window races 1261 * so we can't panic here. XXX the only real way 1262 * to solve this issue is at a much higher level. By the 1263 * time we hit ufs_rename() it's too late. 1264 */ 1265#if 0 1266 if (doingdirectory) 1267 panic("ufs_rename: lost dir entry"); 1268#endif 1269 } else { 1270 /* 1271 * If the source is a directory with a 1272 * new parent, the link count of the old 1273 * parent directory must be decremented 1274 * and ".." set to point to the new parent. 1275 */ 1276 if (doingdirectory && newparent) { 1277 xp->i_offset = mastertemplate.dot_reclen; 1278 ufs_dirrewrite(xp, dp, newparent, DT_DIR, 0); 1279 cache_purge(fdvp); 1280 } 1281 error = ufs_dirremove(fdvp, xp, fcnp->cn_flags, 0); 1282 xp->i_flag &= ~IN_RENAME; 1283 } 1284 VN_KNOTE_UNLOCKED(fvp, NOTE_RENAME); 1285 if (dp) 1286 vput(fdvp); 1287 if (xp) 1288 vput(fvp); 1289 vrele(ap->a_fvp); 1290 return (error); 1291 1292bad: 1293 if (xp) 1294 vput(ITOV(xp)); 1295 vput(ITOV(dp)); 1296out: 1297 if (doingdirectory) 1298 ip->i_flag &= ~IN_RENAME; 1299 if (vn_lock(fvp, LK_EXCLUSIVE, td) == 0) { 1300 ip->i_effnlink--; 1301 ip->i_nlink--; 1302 DIP_SET(ip, i_nlink, ip->i_nlink); 1303 ip->i_flag |= IN_CHANGE; 1304 ip->i_flag &= ~IN_RENAME; 1305 if (DOINGSOFTDEP(fvp)) 1306 softdep_change_linkcnt(ip); 1307 vput(fvp); 1308 } else 1309 vrele(fvp); 1310 return (error); 1311} 1312 1313/* 1314 * Mkdir system call 1315 */ 1316static int 1317ufs_mkdir(ap) 1318 struct vop_mkdir_args /* { 1319 struct vnode *a_dvp; 1320 struct vnode **a_vpp; 1321 struct componentname *a_cnp; 1322 struct vattr *a_vap; 1323 } */ *ap; 1324{ 1325 struct vnode *dvp = ap->a_dvp; 1326 struct vattr *vap = ap->a_vap; 1327 struct componentname *cnp = ap->a_cnp; 1328 struct inode *ip, *dp; 1329 struct vnode *tvp; 1330 struct buf *bp; 1331 struct dirtemplate dirtemplate, *dtp; 1332 struct direct newdir; 1333#ifdef UFS_ACL 1334 struct acl *acl, *dacl; 1335#endif 1336 int error, dmode; 1337 long blkoff; 1338 1339#ifdef DIAGNOSTIC 1340 if ((cnp->cn_flags & HASBUF) == 0) 1341 panic("ufs_mkdir: no name"); 1342#endif 1343 dp = VTOI(dvp); 1344 if ((nlink_t)dp->i_nlink >= LINK_MAX) { 1345 error = EMLINK; 1346 goto out; 1347 } 1348 dmode = vap->va_mode & 0777; 1349 dmode |= IFDIR; 1350 /* 1351 * Must simulate part of ufs_makeinode here to acquire the inode, 1352 * but not have it entered in the parent directory. The entry is 1353 * made later after writing "." and ".." entries. 1354 */ 1355 error = UFS_VALLOC(dvp, dmode, cnp->cn_cred, &tvp); 1356 if (error) 1357 goto out; 1358 ip = VTOI(tvp); 1359 ip->i_gid = dp->i_gid; 1360 DIP_SET(ip, i_gid, dp->i_gid); 1361#ifdef SUIDDIR 1362 { 1363#ifdef QUOTA 1364 struct ucred ucred, *ucp; 1365 ucp = cnp->cn_cred; 1366#endif 1367 /* 1368 * If we are hacking owners here, (only do this where told to) 1369 * and we are not giving it TO root, (would subvert quotas) 1370 * then go ahead and give it to the other user. 1371 * The new directory also inherits the SUID bit. 1372 * If user's UID and dir UID are the same, 1373 * 'give it away' so that the SUID is still forced on. 1374 */ 1375 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) && 1376 (dp->i_mode & ISUID) && dp->i_uid) { 1377 dmode |= ISUID; 1378 ip->i_uid = dp->i_uid; 1379 DIP_SET(ip, i_uid, dp->i_uid); 1380#ifdef QUOTA 1381 if (dp->i_uid != cnp->cn_cred->cr_uid) { 1382 /* 1383 * Make sure the correct user gets charged 1384 * for the space. 1385 * Make a dummy credential for the victim. 1386 * XXX This seems to never be accessed out of 1387 * our context so a stack variable is ok. 1388 */ 1389 ucred.cr_ref = 1; 1390 ucred.cr_uid = ip->i_uid; 1391 ucred.cr_ngroups = 1; 1392 ucred.cr_groups[0] = dp->i_gid; 1393 ucp = &ucred; 1394 } 1395#endif 1396 } else { 1397 ip->i_uid = cnp->cn_cred->cr_uid; 1398 DIP_SET(ip, i_uid, ip->i_uid); 1399 } 1400#ifdef QUOTA 1401 if ((error = getinoquota(ip)) || 1402 (error = chkiq(ip, 1, ucp, 0))) { 1403 UFS_VFREE(tvp, ip->i_number, dmode); 1404 vput(tvp); 1405 return (error); 1406 } 1407#endif 1408 } 1409#else /* !SUIDDIR */ 1410 ip->i_uid = cnp->cn_cred->cr_uid; 1411 DIP_SET(ip, i_uid, ip->i_uid); 1412#ifdef QUOTA 1413 if ((error = getinoquota(ip)) || 1414 (error = chkiq(ip, 1, cnp->cn_cred, 0))) { 1415 UFS_VFREE(tvp, ip->i_number, dmode); 1416 vput(tvp); 1417 return (error); 1418 } 1419#endif 1420#endif /* !SUIDDIR */ 1421 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE; 1422#ifdef UFS_ACL 1423 acl = dacl = NULL; 1424 if ((dvp->v_mount->mnt_flag & MNT_ACLS) != 0) { 1425 MALLOC(acl, struct acl *, sizeof(*acl), M_ACL, M_WAITOK); 1426 MALLOC(dacl, struct acl *, sizeof(*dacl), M_ACL, M_WAITOK); 1427 1428 /* 1429 * Retrieve default ACL from parent, if any. 1430 */ 1431 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cnp->cn_cred, 1432 cnp->cn_thread); 1433 switch (error) { 1434 case 0: 1435 /* 1436 * Retrieved a default ACL, so merge mode and ACL if 1437 * necessary. If the ACL is empty, fall through to 1438 * the "not defined or available" case. 1439 */ 1440 if (acl->acl_cnt != 0) { 1441 dmode = acl_posix1e_newfilemode(dmode, acl); 1442 ip->i_mode = dmode; 1443 DIP_SET(ip, i_mode, dmode); 1444 *dacl = *acl; 1445 ufs_sync_acl_from_inode(ip, acl); 1446 break; 1447 } 1448 /* FALLTHROUGH */ 1449 1450 case EOPNOTSUPP: 1451 /* 1452 * Just use the mode as-is. 1453 */ 1454 ip->i_mode = dmode; 1455 DIP_SET(ip, i_mode, dmode); 1456 FREE(acl, M_ACL); 1457 FREE(dacl, M_ACL); 1458 dacl = acl = NULL; 1459 break; 1460 1461 default: 1462 UFS_VFREE(tvp, ip->i_number, dmode); 1463 vput(tvp); 1464 FREE(acl, M_ACL); 1465 FREE(dacl, M_ACL); 1466 return (error); 1467 } 1468 } else { 1469#endif /* !UFS_ACL */ 1470 ip->i_mode = dmode; 1471 DIP_SET(ip, i_mode, dmode); 1472#ifdef UFS_ACL 1473 } 1474#endif 1475 tvp->v_type = VDIR; /* Rest init'd in getnewvnode(). */ 1476 ip->i_effnlink = 2; 1477 ip->i_nlink = 2; 1478 DIP_SET(ip, i_nlink, 2); 1479 if (DOINGSOFTDEP(tvp)) 1480 softdep_change_linkcnt(ip); 1481 if (cnp->cn_flags & ISWHITEOUT) { 1482 ip->i_flags |= UF_OPAQUE; 1483 DIP_SET(ip, i_flags, ip->i_flags); 1484 } 1485 1486 /* 1487 * Bump link count in parent directory to reflect work done below. 1488 * Should be done before reference is created so cleanup is 1489 * possible if we crash. 1490 */ 1491 dp->i_effnlink++; 1492 dp->i_nlink++; 1493 DIP_SET(dp, i_nlink, dp->i_nlink); 1494 dp->i_flag |= IN_CHANGE; 1495 if (DOINGSOFTDEP(dvp)) 1496 softdep_change_linkcnt(dp); 1497 error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(dvp) | DOINGASYNC(dvp))); 1498 if (error) 1499 goto bad; 1500#ifdef MAC 1501 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) { 1502 error = mac_create_vnode_extattr(cnp->cn_cred, dvp->v_mount, 1503 dvp, tvp, cnp); 1504 if (error) 1505 goto bad; 1506 } 1507#endif 1508#ifdef UFS_ACL 1509 if (acl != NULL) { 1510 /* 1511 * XXX: If we abort now, will Soft Updates notify the extattr 1512 * code that the EAs for the file need to be released? 1513 */ 1514 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cnp->cn_cred, 1515 cnp->cn_thread); 1516 if (error == 0) 1517 error = VOP_SETACL(tvp, ACL_TYPE_DEFAULT, dacl, 1518 cnp->cn_cred, cnp->cn_thread); 1519 switch (error) { 1520 case 0: 1521 break; 1522 1523 case EOPNOTSUPP: 1524 /* 1525 * XXX: This should not happen, as EOPNOTSUPP above 1526 * was supposed to free acl. 1527 */ 1528 printf("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()\n"); 1529 /* 1530 panic("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()"); 1531 */ 1532 break; 1533 1534 default: 1535 FREE(acl, M_ACL); 1536 FREE(dacl, M_ACL); 1537 goto bad; 1538 } 1539 FREE(acl, M_ACL); 1540 FREE(dacl, M_ACL); 1541 } 1542#endif /* !UFS_ACL */ 1543 1544 /* 1545 * Initialize directory with "." and ".." from static template. 1546 */ 1547 if (dvp->v_mount->mnt_maxsymlinklen > 0 1548 ) 1549 dtp = &mastertemplate; 1550 else 1551 dtp = (struct dirtemplate *)&omastertemplate; 1552 dirtemplate = *dtp; 1553 dirtemplate.dot_ino = ip->i_number; 1554 dirtemplate.dotdot_ino = dp->i_number; 1555 if ((error = UFS_BALLOC(tvp, (off_t)0, DIRBLKSIZ, cnp->cn_cred, 1556 BA_CLRBUF, &bp)) != 0) 1557 goto bad; 1558 ip->i_size = DIRBLKSIZ; 1559 DIP_SET(ip, i_size, DIRBLKSIZ); 1560 ip->i_flag |= IN_CHANGE | IN_UPDATE; 1561 vnode_pager_setsize(tvp, (u_long)ip->i_size); 1562 bcopy((caddr_t)&dirtemplate, (caddr_t)bp->b_data, sizeof dirtemplate); 1563 if (DOINGSOFTDEP(tvp)) { 1564 /* 1565 * Ensure that the entire newly allocated block is a 1566 * valid directory so that future growth within the 1567 * block does not have to ensure that the block is 1568 * written before the inode. 1569 */ 1570 blkoff = DIRBLKSIZ; 1571 while (blkoff < bp->b_bcount) { 1572 ((struct direct *) 1573 (bp->b_data + blkoff))->d_reclen = DIRBLKSIZ; 1574 blkoff += DIRBLKSIZ; 1575 } 1576 } 1577 if ((error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(tvp) | 1578 DOINGASYNC(tvp)))) != 0) { 1579 (void)bwrite(bp); 1580 goto bad; 1581 } 1582 /* 1583 * Directory set up, now install its entry in the parent directory. 1584 * 1585 * If we are not doing soft dependencies, then we must write out the 1586 * buffer containing the new directory body before entering the new 1587 * name in the parent. If we are doing soft dependencies, then the 1588 * buffer containing the new directory body will be passed to and 1589 * released in the soft dependency code after the code has attached 1590 * an appropriate ordering dependency to the buffer which ensures that 1591 * the buffer is written before the new name is written in the parent. 1592 */ 1593 if (DOINGASYNC(dvp)) 1594 bdwrite(bp); 1595 else if (!DOINGSOFTDEP(dvp) && ((error = bwrite(bp)))) 1596 goto bad; 1597 ufs_makedirentry(ip, cnp, &newdir); 1598 error = ufs_direnter(dvp, tvp, &newdir, cnp, bp); 1599 1600bad: 1601 if (error == 0) { 1602 VN_KNOTE_UNLOCKED(dvp, NOTE_WRITE | NOTE_LINK); 1603 *ap->a_vpp = tvp; 1604 } else { 1605 dp->i_effnlink--; 1606 dp->i_nlink--; 1607 DIP_SET(dp, i_nlink, dp->i_nlink); 1608 dp->i_flag |= IN_CHANGE; 1609 if (DOINGSOFTDEP(dvp)) 1610 softdep_change_linkcnt(dp); 1611 /* 1612 * No need to do an explicit VOP_TRUNCATE here, vrele will 1613 * do this for us because we set the link count to 0. 1614 */ 1615 ip->i_effnlink = 0; 1616 ip->i_nlink = 0; 1617 DIP_SET(ip, i_nlink, 0); 1618 ip->i_flag |= IN_CHANGE; 1619 if (DOINGSOFTDEP(tvp)) 1620 softdep_change_linkcnt(ip); 1621 vput(tvp); 1622 } 1623out: 1624 return (error); 1625} 1626 1627/* 1628 * Rmdir system call. 1629 */ 1630static int 1631ufs_rmdir(ap) 1632 struct vop_rmdir_args /* { 1633 struct vnode *a_dvp; 1634 struct vnode *a_vp; 1635 struct componentname *a_cnp; 1636 } */ *ap; 1637{ 1638 struct vnode *vp = ap->a_vp; 1639 struct vnode *dvp = ap->a_dvp; 1640 struct componentname *cnp = ap->a_cnp; 1641 struct inode *ip, *dp; 1642 int error, ioflag; 1643 1644 ip = VTOI(vp); 1645 dp = VTOI(dvp); 1646 1647 /* 1648 * Do not remove a directory that is in the process of being renamed. 1649 * Verify the directory is empty (and valid). Rmdir ".." will not be 1650 * valid since ".." will contain a reference to the current directory 1651 * and thus be non-empty. Do not allow the removal of mounted on 1652 * directories (this can happen when an NFS exported filesystem 1653 * tries to remove a locally mounted on directory). 1654 */ 1655 error = 0; 1656 if (ip->i_flag & IN_RENAME) { 1657 error = EINVAL; 1658 goto out; 1659 } 1660 if (ip->i_effnlink != 2 || 1661 !ufs_dirempty(ip, dp->i_number, cnp->cn_cred)) { 1662 error = ENOTEMPTY; 1663 goto out; 1664 } 1665 if ((dp->i_flags & APPEND) 1666 || (ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))) { 1667 error = EPERM; 1668 goto out; 1669 } 1670 if (vp->v_mountedhere != 0) { 1671 error = EINVAL; 1672 goto out; 1673 } 1674 /* 1675 * Delete reference to directory before purging 1676 * inode. If we crash in between, the directory 1677 * will be reattached to lost+found, 1678 */ 1679 dp->i_effnlink--; 1680 ip->i_effnlink--; 1681 if (DOINGSOFTDEP(vp)) { 1682 softdep_change_linkcnt(dp); 1683 softdep_change_linkcnt(ip); 1684 } 1685 error = ufs_dirremove(dvp, ip, cnp->cn_flags, 1); 1686 if (error) { 1687 dp->i_effnlink++; 1688 ip->i_effnlink++; 1689 if (DOINGSOFTDEP(vp)) { 1690 softdep_change_linkcnt(dp); 1691 softdep_change_linkcnt(ip); 1692 } 1693 goto out; 1694 } 1695 VN_KNOTE_UNLOCKED(dvp, NOTE_WRITE | NOTE_LINK); 1696 cache_purge(dvp); 1697 /* 1698 * Truncate inode. The only stuff left in the directory is "." and 1699 * "..". The "." reference is inconsequential since we are quashing 1700 * it. The soft dependency code will arrange to do these operations 1701 * after the parent directory entry has been deleted on disk, so 1702 * when running with that code we avoid doing them now. 1703 */ 1704 if (!DOINGSOFTDEP(vp)) { 1705 dp->i_nlink--; 1706 DIP_SET(dp, i_nlink, dp->i_nlink); 1707 dp->i_flag |= IN_CHANGE; 1708 ip->i_nlink--; 1709 DIP_SET(ip, i_nlink, ip->i_nlink); 1710 ip->i_flag |= IN_CHANGE; 1711 ioflag = IO_NORMAL; 1712 if (DOINGASYNC(vp)) 1713 ioflag |= IO_SYNC; 1714 error = UFS_TRUNCATE(vp, (off_t)0, ioflag, cnp->cn_cred, 1715 cnp->cn_thread); 1716 } 1717 cache_purge(vp); 1718#ifdef UFS_DIRHASH 1719 /* Kill any active hash; i_effnlink == 0, so it will not come back. */ 1720 if (ip->i_dirhash != NULL) 1721 ufsdirhash_free(ip); 1722#endif 1723out: 1724 VN_KNOTE_UNLOCKED(vp, NOTE_DELETE); 1725 return (error); 1726} 1727 1728/* 1729 * symlink -- make a symbolic link 1730 */ 1731static int 1732ufs_symlink(ap) 1733 struct vop_symlink_args /* { 1734 struct vnode *a_dvp; 1735 struct vnode **a_vpp; 1736 struct componentname *a_cnp; 1737 struct vattr *a_vap; 1738 char *a_target; 1739 } */ *ap; 1740{ 1741 struct vnode *vp, **vpp = ap->a_vpp; 1742 struct inode *ip; 1743 int len, error; 1744 1745 error = ufs_makeinode(IFLNK | ap->a_vap->va_mode, ap->a_dvp, 1746 vpp, ap->a_cnp); 1747 if (error) 1748 return (error); 1749 VN_KNOTE_UNLOCKED(ap->a_dvp, NOTE_WRITE); 1750 vp = *vpp; 1751 len = strlen(ap->a_target); 1752 if (len < vp->v_mount->mnt_maxsymlinklen) { 1753 ip = VTOI(vp); 1754 bcopy(ap->a_target, SHORTLINK(ip), len); 1755 ip->i_size = len; 1756 DIP_SET(ip, i_size, len); 1757 ip->i_flag |= IN_CHANGE | IN_UPDATE; 1758 } else 1759 error = vn_rdwr(UIO_WRITE, vp, ap->a_target, len, (off_t)0, 1760 UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK, 1761 ap->a_cnp->cn_cred, NOCRED, (int *)0, (struct thread *)0); 1762 if (error) 1763 vput(vp); 1764 return (error); 1765} 1766 1767/* 1768 * Vnode op for reading directories. 1769 * 1770 * The routine below assumes that the on-disk format of a directory 1771 * is the same as that defined by <sys/dirent.h>. If the on-disk 1772 * format changes, then it will be necessary to do a conversion 1773 * from the on-disk format that read returns to the format defined 1774 * by <sys/dirent.h>. 1775 */ 1776int 1777ufs_readdir(ap) 1778 struct vop_readdir_args /* { 1779 struct vnode *a_vp; 1780 struct uio *a_uio; 1781 struct ucred *a_cred; 1782 int *a_eofflag; 1783 int *ncookies; 1784 u_long **a_cookies; 1785 } */ *ap; 1786{ 1787 struct uio *uio = ap->a_uio; 1788 int error; 1789 size_t count, lost; 1790 off_t off; 1791 1792 if (ap->a_ncookies != NULL) 1793 /* 1794 * Ensure that the block is aligned. The caller can use 1795 * the cookies to determine where in the block to start. 1796 */ 1797 uio->uio_offset &= ~(DIRBLKSIZ - 1); 1798 off = uio->uio_offset; 1799 count = uio->uio_resid; 1800 /* Make sure we don't return partial entries. */ 1801 if (count <= ((uio->uio_offset + count) & (DIRBLKSIZ -1))) 1802 return (EINVAL); 1803 count -= (uio->uio_offset + count) & (DIRBLKSIZ -1); 1804 lost = uio->uio_resid - count; 1805 uio->uio_resid = count; 1806 uio->uio_iov->iov_len = count; 1807# if (BYTE_ORDER == LITTLE_ENDIAN) 1808 if (ap->a_vp->v_mount->mnt_maxsymlinklen > 0) { 1809 error = VOP_READ(ap->a_vp, uio, 0, ap->a_cred); 1810 } else { 1811 struct dirent *dp, *edp; 1812 struct uio auio; 1813 struct iovec aiov; 1814 caddr_t dirbuf; 1815 int readcnt; 1816 u_char tmp; 1817 1818 auio = *uio; 1819 auio.uio_iov = &aiov; 1820 auio.uio_iovcnt = 1; 1821 auio.uio_segflg = UIO_SYSSPACE; 1822 aiov.iov_len = count; 1823 MALLOC(dirbuf, caddr_t, count, M_TEMP, M_WAITOK); 1824 aiov.iov_base = dirbuf; 1825 error = VOP_READ(ap->a_vp, &auio, 0, ap->a_cred); 1826 if (error == 0) { 1827 readcnt = count - auio.uio_resid; 1828 edp = (struct dirent *)&dirbuf[readcnt]; 1829 for (dp = (struct dirent *)dirbuf; dp < edp; ) { 1830 tmp = dp->d_namlen; 1831 dp->d_namlen = dp->d_type; 1832 dp->d_type = tmp; 1833 if (dp->d_reclen > 0) { 1834 dp = (struct dirent *) 1835 ((char *)dp + dp->d_reclen); 1836 } else { 1837 error = EIO; 1838 break; 1839 } 1840 } 1841 if (dp >= edp) 1842 error = uiomove(dirbuf, readcnt, uio); 1843 } 1844 FREE(dirbuf, M_TEMP); 1845 } 1846# else 1847 error = VOP_READ(ap->a_vp, uio, 0, ap->a_cred); 1848# endif 1849 if (!error && ap->a_ncookies != NULL) { 1850 struct dirent* dpStart; 1851 struct dirent* dpEnd; 1852 struct dirent* dp; 1853 int ncookies; 1854 u_long *cookies; 1855 u_long *cookiep; 1856 1857 if (uio->uio_segflg != UIO_SYSSPACE || uio->uio_iovcnt != 1) 1858 panic("ufs_readdir: unexpected uio from NFS server"); 1859 dpStart = (struct dirent *) 1860 ((char *)uio->uio_iov->iov_base - (uio->uio_offset - off)); 1861 dpEnd = (struct dirent *) uio->uio_iov->iov_base; 1862 for (dp = dpStart, ncookies = 0; 1863 dp < dpEnd; 1864 dp = (struct dirent *)((caddr_t) dp + dp->d_reclen)) 1865 ncookies++; 1866 MALLOC(cookies, u_long *, ncookies * sizeof(u_long), M_TEMP, 1867 M_WAITOK); 1868 for (dp = dpStart, cookiep = cookies; 1869 dp < dpEnd; 1870 dp = (struct dirent *)((caddr_t) dp + dp->d_reclen)) { 1871 off += dp->d_reclen; 1872 *cookiep++ = (u_long) off; 1873 } 1874 *ap->a_ncookies = ncookies; 1875 *ap->a_cookies = cookies; 1876 } 1877 uio->uio_resid += lost; 1878 if (ap->a_eofflag) 1879 *ap->a_eofflag = VTOI(ap->a_vp)->i_size <= uio->uio_offset; 1880 return (error); 1881} 1882 1883/* 1884 * Return target name of a symbolic link 1885 */ 1886static int 1887ufs_readlink(ap) 1888 struct vop_readlink_args /* { 1889 struct vnode *a_vp; 1890 struct uio *a_uio; 1891 struct ucred *a_cred; 1892 } */ *ap; 1893{ 1894 struct vnode *vp = ap->a_vp; 1895 struct inode *ip = VTOI(vp); 1896 doff_t isize; 1897 1898 isize = ip->i_size; 1899 if ((isize < vp->v_mount->mnt_maxsymlinklen) || 1900 DIP(ip, i_blocks) == 0) { /* XXX - for old fastlink support */ 1901 uiomove(SHORTLINK(ip), isize, ap->a_uio); 1902 return (0); 1903 } 1904 return (VOP_READ(vp, ap->a_uio, 0, ap->a_cred)); 1905} 1906 1907/* 1908 * Calculate the logical to physical mapping if not done already, 1909 * then call the device strategy routine. 1910 * 1911 * In order to be able to swap to a file, the ufs_bmaparray() operation may not 1912 * deadlock on memory. See ufs_bmap() for details. 1913 */ 1914static int 1915ufs_strategy(ap) 1916 struct vop_strategy_args /* { 1917 struct vnode *a_vp; 1918 struct buf *a_bp; 1919 } */ *ap; 1920{ 1921 struct buf *bp = ap->a_bp; 1922 struct vnode *vp = ap->a_vp; 1923 struct bufobj *bo; 1924 struct inode *ip; 1925 ufs2_daddr_t blkno; 1926 int error; 1927 1928 ip = VTOI(vp); 1929 if (bp->b_blkno == bp->b_lblkno) { 1930 error = ufs_bmaparray(vp, bp->b_lblkno, &blkno, bp, NULL, NULL); 1931 bp->b_blkno = blkno; 1932 if (error) { 1933 bp->b_error = error; 1934 bp->b_ioflags |= BIO_ERROR; 1935 bufdone(bp); 1936 return (error); 1937 } 1938 if ((long)bp->b_blkno == -1) 1939 vfs_bio_clrbuf(bp); 1940 } 1941 if ((long)bp->b_blkno == -1) { 1942 bufdone(bp); 1943 return (0); 1944 } 1945 bp->b_iooffset = dbtob(bp->b_blkno); 1946 bo = ip->i_umbufobj; 1947 BO_STRATEGY(bo, bp); 1948 return (0); 1949} 1950 1951/* 1952 * Print out the contents of an inode. 1953 */ 1954static int 1955ufs_print(ap) 1956 struct vop_print_args /* { 1957 struct vnode *a_vp; 1958 } */ *ap; 1959{ 1960 struct vnode *vp = ap->a_vp; 1961 struct inode *ip = VTOI(vp); 1962 1963 printf("\tino %lu, on dev %s (%d, %d)", (u_long)ip->i_number, 1964 devtoname(ip->i_dev), major(ip->i_dev), minor(ip->i_dev)); 1965 if (vp->v_type == VFIFO) 1966 fifo_printinfo(vp); 1967 printf("\n"); 1968 return (0); 1969} 1970 1971/* 1972 * Close wrapper for fifos. 1973 * 1974 * Update the times on the inode then do device close. 1975 */ 1976static int 1977ufsfifo_close(ap) 1978 struct vop_close_args /* { 1979 struct vnode *a_vp; 1980 int a_fflag; 1981 struct ucred *a_cred; 1982 struct thread *a_td; 1983 } */ *ap; 1984{ 1985 struct vnode *vp = ap->a_vp; 1986 1987 VI_LOCK(vp); 1988 if (vp->v_usecount > 1) 1989 ufs_itimes(vp); 1990 VI_UNLOCK(vp); 1991 return (fifo_specops.vop_close(ap)); 1992} 1993 1994/* 1995 * Kqfilter wrapper for fifos. 1996 * 1997 * Fall through to ufs kqfilter routines if needed 1998 */ 1999static int 2000ufsfifo_kqfilter(ap) 2001 struct vop_kqfilter_args *ap; 2002{ 2003 int error; 2004 2005 error = fifo_specops.vop_kqfilter(ap); 2006 if (error) 2007 error = ufs_kqfilter(ap); 2008 return (error); 2009} 2010 2011/* 2012 * Return POSIX pathconf information applicable to ufs filesystems. 2013 */ 2014static int 2015ufs_pathconf(ap) 2016 struct vop_pathconf_args /* { 2017 struct vnode *a_vp; 2018 int a_name; 2019 int *a_retval; 2020 } */ *ap; 2021{ 2022 int error; 2023 2024 error = 0; 2025 switch (ap->a_name) { 2026 case _PC_LINK_MAX: 2027 *ap->a_retval = LINK_MAX; 2028 break; 2029 case _PC_NAME_MAX: 2030 *ap->a_retval = NAME_MAX; 2031 break; 2032 case _PC_PATH_MAX: 2033 *ap->a_retval = PATH_MAX; 2034 break; 2035 case _PC_PIPE_BUF: 2036 *ap->a_retval = PIPE_BUF; 2037 break; 2038 case _PC_CHOWN_RESTRICTED: 2039 *ap->a_retval = 1; 2040 break; 2041 case _PC_NO_TRUNC: 2042 *ap->a_retval = 1; 2043 break; 2044 case _PC_ACL_EXTENDED: 2045#ifdef UFS_ACL 2046 if (ap->a_vp->v_mount->mnt_flag & MNT_ACLS) 2047 *ap->a_retval = 1; 2048 else 2049 *ap->a_retval = 0; 2050#else 2051 *ap->a_retval = 0; 2052#endif 2053 break; 2054 case _PC_ACL_PATH_MAX: 2055#ifdef UFS_ACL 2056 if (ap->a_vp->v_mount->mnt_flag & MNT_ACLS) 2057 *ap->a_retval = ACL_MAX_ENTRIES; 2058 else 2059 *ap->a_retval = 3; 2060#else 2061 *ap->a_retval = 3; 2062#endif 2063 break; 2064 case _PC_MAC_PRESENT: 2065#ifdef MAC 2066 if (ap->a_vp->v_mount->mnt_flag & MNT_MULTILABEL) 2067 *ap->a_retval = 1; 2068 else 2069 *ap->a_retval = 0; 2070#else 2071 *ap->a_retval = 0; 2072#endif 2073 break; 2074 case _PC_ASYNC_IO: 2075 /* _PC_ASYNC_IO should have been handled by upper layers. */ 2076 KASSERT(0, ("_PC_ASYNC_IO should not get here")); 2077 error = EINVAL; 2078 break; 2079 case _PC_PRIO_IO: 2080 *ap->a_retval = 0; 2081 break; 2082 case _PC_SYNC_IO: 2083 *ap->a_retval = 0; 2084 break; 2085 case _PC_ALLOC_SIZE_MIN: 2086 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_bsize; 2087 break; 2088 case _PC_FILESIZEBITS: 2089 *ap->a_retval = 64; 2090 break; 2091 case _PC_REC_INCR_XFER_SIZE: 2092 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2093 break; 2094 case _PC_REC_MAX_XFER_SIZE: 2095 *ap->a_retval = -1; /* means ``unlimited'' */ 2096 break; 2097 case _PC_REC_MIN_XFER_SIZE: 2098 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2099 break; 2100 case _PC_REC_XFER_ALIGN: 2101 *ap->a_retval = PAGE_SIZE; 2102 break; 2103 case _PC_SYMLINK_MAX: 2104 *ap->a_retval = MAXPATHLEN; 2105 break; 2106 2107 default: 2108 error = EINVAL; 2109 break; 2110 } 2111 return (error); 2112} 2113 2114/* 2115 * Advisory record locking support 2116 */ 2117static int 2118ufs_advlock(ap) 2119 struct vop_advlock_args /* { 2120 struct vnode *a_vp; 2121 caddr_t a_id; 2122 int a_op; 2123 struct flock *a_fl; 2124 int a_flags; 2125 } */ *ap; 2126{ 2127 struct inode *ip = VTOI(ap->a_vp); 2128 2129 return (lf_advlock(ap, &(ip->i_lockf), ip->i_size)); 2130} 2131 2132/* 2133 * Initialize the vnode associated with a new inode, handle aliased 2134 * vnodes. 2135 */ 2136int 2137ufs_vinit(mntp, fifoops, vpp) 2138 struct mount *mntp; 2139 struct vop_vector *fifoops; 2140 struct vnode **vpp; 2141{ 2142 struct inode *ip; 2143 struct vnode *vp; 2144 2145 vp = *vpp; 2146 ip = VTOI(vp); 2147 vp->v_type = IFTOVT(ip->i_mode); 2148 if (vp->v_type == VFIFO) 2149 vp->v_op = fifoops; 2150 ASSERT_VOP_LOCKED(vp, "ufs_vinit"); 2151 if (ip->i_number == ROOTINO) 2152 vp->v_vflag |= VV_ROOT; 2153 ip->i_modrev = init_va_filerev(); 2154 *vpp = vp; 2155 return (0); 2156} 2157 2158/* 2159 * Allocate a new inode. 2160 * Vnode dvp must be locked. 2161 */ 2162static int 2163ufs_makeinode(mode, dvp, vpp, cnp) 2164 int mode; 2165 struct vnode *dvp; 2166 struct vnode **vpp; 2167 struct componentname *cnp; 2168{ 2169 struct inode *ip, *pdir; 2170 struct direct newdir; 2171 struct vnode *tvp; 2172#ifdef UFS_ACL 2173 struct acl *acl; 2174#endif 2175 int error; 2176 2177 pdir = VTOI(dvp); 2178#ifdef DIAGNOSTIC 2179 if ((cnp->cn_flags & HASBUF) == 0) 2180 panic("ufs_makeinode: no name"); 2181#endif 2182 *vpp = NULL; 2183 if ((mode & IFMT) == 0) 2184 mode |= IFREG; 2185 2186 error = UFS_VALLOC(dvp, mode, cnp->cn_cred, &tvp); 2187 if (error) 2188 return (error); 2189 ip = VTOI(tvp); 2190 ip->i_gid = pdir->i_gid; 2191 DIP_SET(ip, i_gid, pdir->i_gid); 2192#ifdef SUIDDIR 2193 { 2194#ifdef QUOTA 2195 struct ucred ucred, *ucp; 2196 ucp = cnp->cn_cred; 2197#endif 2198 /* 2199 * If we are not the owner of the directory, 2200 * and we are hacking owners here, (only do this where told to) 2201 * and we are not giving it TO root, (would subvert quotas) 2202 * then go ahead and give it to the other user. 2203 * Note that this drops off the execute bits for security. 2204 */ 2205 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) && 2206 (pdir->i_mode & ISUID) && 2207 (pdir->i_uid != cnp->cn_cred->cr_uid) && pdir->i_uid) { 2208 ip->i_uid = pdir->i_uid; 2209 DIP_SET(ip, i_uid, ip->i_uid); 2210 mode &= ~07111; 2211#ifdef QUOTA 2212 /* 2213 * Make sure the correct user gets charged 2214 * for the space. 2215 * Quickly knock up a dummy credential for the victim. 2216 * XXX This seems to never be accessed out of our 2217 * context so a stack variable is ok. 2218 */ 2219 ucred.cr_ref = 1; 2220 ucred.cr_uid = ip->i_uid; 2221 ucred.cr_ngroups = 1; 2222 ucred.cr_groups[0] = pdir->i_gid; 2223 ucp = &ucred; 2224#endif 2225 } else { 2226 ip->i_uid = cnp->cn_cred->cr_uid; 2227 DIP_SET(ip, i_uid, ip->i_uid); 2228 } 2229 2230#ifdef QUOTA 2231 if ((error = getinoquota(ip)) || 2232 (error = chkiq(ip, 1, ucp, 0))) { 2233 UFS_VFREE(tvp, ip->i_number, mode); 2234 vput(tvp); 2235 return (error); 2236 } 2237#endif 2238 } 2239#else /* !SUIDDIR */ 2240 ip->i_uid = cnp->cn_cred->cr_uid; 2241 DIP_SET(ip, i_uid, ip->i_uid); 2242#ifdef QUOTA 2243 if ((error = getinoquota(ip)) || 2244 (error = chkiq(ip, 1, cnp->cn_cred, 0))) { 2245 UFS_VFREE(tvp, ip->i_number, mode); 2246 vput(tvp); 2247 return (error); 2248 } 2249#endif 2250#endif /* !SUIDDIR */ 2251 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE; 2252#ifdef UFS_ACL 2253 acl = NULL; 2254 if ((dvp->v_mount->mnt_flag & MNT_ACLS) != 0) { 2255 MALLOC(acl, struct acl *, sizeof(*acl), M_ACL, M_WAITOK); 2256 2257 /* 2258 * Retrieve default ACL for parent, if any. 2259 */ 2260 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cnp->cn_cred, 2261 cnp->cn_thread); 2262 switch (error) { 2263 case 0: 2264 /* 2265 * Retrieved a default ACL, so merge mode and ACL if 2266 * necessary. 2267 */ 2268 if (acl->acl_cnt != 0) { 2269 /* 2270 * Two possible ways for default ACL to not 2271 * be present. First, the EA can be 2272 * undefined, or second, the default ACL can 2273 * be blank. If it's blank, fall through to 2274 * the it's not defined case. 2275 */ 2276 mode = acl_posix1e_newfilemode(mode, acl); 2277 ip->i_mode = mode; 2278 DIP_SET(ip, i_mode, mode); 2279 ufs_sync_acl_from_inode(ip, acl); 2280 break; 2281 } 2282 /* FALLTHROUGH */ 2283 2284 case EOPNOTSUPP: 2285 /* 2286 * Just use the mode as-is. 2287 */ 2288 ip->i_mode = mode; 2289 DIP_SET(ip, i_mode, mode); 2290 FREE(acl, M_ACL); 2291 acl = NULL; 2292 break; 2293 2294 default: 2295 UFS_VFREE(tvp, ip->i_number, mode); 2296 vput(tvp); 2297 FREE(acl, M_ACL); 2298 acl = NULL; 2299 return (error); 2300 } 2301 } else { 2302#endif 2303 ip->i_mode = mode; 2304 DIP_SET(ip, i_mode, mode); 2305#ifdef UFS_ACL 2306 } 2307#endif 2308 tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */ 2309 ip->i_effnlink = 1; 2310 ip->i_nlink = 1; 2311 DIP_SET(ip, i_nlink, 1); 2312 if (DOINGSOFTDEP(tvp)) 2313 softdep_change_linkcnt(ip); 2314 if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) && 2315 suser_cred(cnp->cn_cred, SUSER_ALLOWJAIL)) { 2316 ip->i_mode &= ~ISGID; 2317 DIP_SET(ip, i_mode, ip->i_mode); 2318 } 2319 2320 if (cnp->cn_flags & ISWHITEOUT) { 2321 ip->i_flags |= UF_OPAQUE; 2322 DIP_SET(ip, i_flags, ip->i_flags); 2323 } 2324 2325 /* 2326 * Make sure inode goes to disk before directory entry. 2327 */ 2328 error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(tvp) | DOINGASYNC(tvp))); 2329 if (error) 2330 goto bad; 2331#ifdef MAC 2332 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) { 2333 error = mac_create_vnode_extattr(cnp->cn_cred, dvp->v_mount, 2334 dvp, tvp, cnp); 2335 if (error) 2336 goto bad; 2337 } 2338#endif 2339#ifdef UFS_ACL 2340 if (acl != NULL) { 2341 /* 2342 * XXX: If we abort now, will Soft Updates notify the extattr 2343 * code that the EAs for the file need to be released? 2344 */ 2345 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cnp->cn_cred, 2346 cnp->cn_thread); 2347 switch (error) { 2348 case 0: 2349 break; 2350 2351 case EOPNOTSUPP: 2352 /* 2353 * XXX: This should not happen, as EOPNOTSUPP above was 2354 * supposed to free acl. 2355 */ 2356 printf("ufs_makeinode: VOP_GETACL() but no " 2357 "VOP_SETACL()\n"); 2358 /* panic("ufs_makeinode: VOP_GETACL() but no " 2359 "VOP_SETACL()"); */ 2360 break; 2361 2362 default: 2363 FREE(acl, M_ACL); 2364 goto bad; 2365 } 2366 FREE(acl, M_ACL); 2367 } 2368#endif /* !UFS_ACL */ 2369 ufs_makedirentry(ip, cnp, &newdir); 2370 error = ufs_direnter(dvp, tvp, &newdir, cnp, NULL); 2371 if (error) 2372 goto bad; 2373 *vpp = tvp; 2374 return (0); 2375 2376bad: 2377 /* 2378 * Write error occurred trying to update the inode 2379 * or the directory so must deallocate the inode. 2380 */ 2381 ip->i_effnlink = 0; 2382 ip->i_nlink = 0; 2383 DIP_SET(ip, i_nlink, 0); 2384 ip->i_flag |= IN_CHANGE; 2385 if (DOINGSOFTDEP(tvp)) 2386 softdep_change_linkcnt(ip); 2387 vput(tvp); 2388 return (error); 2389} 2390 2391static struct filterops ufsread_filtops = 2392 { 1, NULL, filt_ufsdetach, filt_ufsread }; 2393static struct filterops ufswrite_filtops = 2394 { 1, NULL, filt_ufsdetach, filt_ufswrite }; 2395static struct filterops ufsvnode_filtops = 2396 { 1, NULL, filt_ufsdetach, filt_ufsvnode }; 2397 2398static int 2399ufs_kqfilter(ap) 2400 struct vop_kqfilter_args /* { 2401 struct vnode *a_vp; 2402 struct knote *a_kn; 2403 } */ *ap; 2404{ 2405 struct vnode *vp = ap->a_vp; 2406 struct knote *kn = ap->a_kn; 2407 2408 switch (kn->kn_filter) { 2409 case EVFILT_READ: 2410 kn->kn_fop = &ufsread_filtops; 2411 break; 2412 case EVFILT_WRITE: 2413 kn->kn_fop = &ufswrite_filtops; 2414 break; 2415 case EVFILT_VNODE: 2416 kn->kn_fop = &ufsvnode_filtops; 2417 break; 2418 default: 2419 return (1); 2420 } 2421 2422 kn->kn_hook = (caddr_t)vp; 2423 2424 if (vp->v_pollinfo == NULL) 2425 v_addpollinfo(vp); 2426 if (vp->v_pollinfo == NULL) 2427 return ENOMEM; 2428 knlist_add(&vp->v_pollinfo->vpi_selinfo.si_note, kn, 0); 2429 2430 return (0); 2431} 2432 2433static void 2434filt_ufsdetach(struct knote *kn) 2435{ 2436 struct vnode *vp = (struct vnode *)kn->kn_hook; 2437 2438 KASSERT(vp->v_pollinfo != NULL, ("Mising v_pollinfo")); 2439 knlist_remove(&vp->v_pollinfo->vpi_selinfo.si_note, kn, 0); 2440} 2441 2442/*ARGSUSED*/ 2443static int 2444filt_ufsread(struct knote *kn, long hint) 2445{ 2446 struct vnode *vp = (struct vnode *)kn->kn_hook; 2447 struct inode *ip = VTOI(vp); 2448 2449 /* 2450 * filesystem is gone, so set the EOF flag and schedule 2451 * the knote for deletion. 2452 */ 2453 if (hint == NOTE_REVOKE) { 2454 kn->kn_flags |= (EV_EOF | EV_ONESHOT); 2455 return (1); 2456 } 2457 2458 kn->kn_data = ip->i_size - kn->kn_fp->f_offset; 2459 return (kn->kn_data != 0); 2460} 2461 2462/*ARGSUSED*/ 2463static int 2464filt_ufswrite(struct knote *kn, long hint) 2465{ 2466 2467 /* 2468 * filesystem is gone, so set the EOF flag and schedule 2469 * the knote for deletion. 2470 */ 2471 if (hint == NOTE_REVOKE) 2472 kn->kn_flags |= (EV_EOF | EV_ONESHOT); 2473 2474 kn->kn_data = 0; 2475 return (1); 2476} 2477 2478static int 2479filt_ufsvnode(struct knote *kn, long hint) 2480{ 2481 2482 if (kn->kn_sfflags & hint) 2483 kn->kn_fflags |= hint; 2484 if (hint == NOTE_REVOKE) { 2485 kn->kn_flags |= EV_EOF; 2486 return (1); 2487 } 2488 return (kn->kn_fflags != 0); 2489} 2490 2491/* Global vfs data structures for ufs. */ 2492struct vop_vector ufs_vnodeops = { 2493 .vop_default = &default_vnodeops, 2494 .vop_fsync = VOP_PANIC, 2495 .vop_read = VOP_PANIC, 2496 .vop_reallocblks = VOP_PANIC, 2497 .vop_write = VOP_PANIC, 2498 .vop_access = ufs_access, 2499 .vop_advlock = ufs_advlock, 2500 .vop_bmap = ufs_bmap, 2501 .vop_cachedlookup = ufs_lookup, 2502 .vop_close = ufs_close, 2503 .vop_create = ufs_create, 2504 .vop_getattr = ufs_getattr, 2505 .vop_inactive = ufs_inactive, 2506 .vop_link = ufs_link, 2507 .vop_lookup = vfs_cache_lookup, 2508 .vop_mkdir = ufs_mkdir, 2509 .vop_mknod = ufs_mknod, 2510 .vop_open = ufs_open, 2511 .vop_pathconf = ufs_pathconf, 2512 .vop_poll = vop_stdpoll, 2513 .vop_kqfilter = ufs_kqfilter, 2514 .vop_print = ufs_print, 2515 .vop_readdir = ufs_readdir, 2516 .vop_readlink = ufs_readlink, 2517 .vop_reclaim = ufs_reclaim, 2518 .vop_remove = ufs_remove, 2519 .vop_rename = ufs_rename, 2520 .vop_rmdir = ufs_rmdir, 2521 .vop_setattr = ufs_setattr, 2522#ifdef MAC 2523 .vop_setlabel = vop_stdsetlabel_ea, 2524#endif 2525 .vop_strategy = ufs_strategy, 2526 .vop_symlink = ufs_symlink, 2527 .vop_whiteout = ufs_whiteout, 2528#ifdef UFS_EXTATTR 2529 .vop_getextattr = ufs_getextattr, 2530 .vop_deleteextattr = ufs_deleteextattr, 2531 .vop_setextattr = ufs_setextattr, 2532#endif 2533#ifdef UFS_ACL 2534 .vop_getacl = ufs_getacl, 2535 .vop_setacl = ufs_setacl, 2536 .vop_aclcheck = ufs_aclcheck, 2537#endif 2538}; 2539 2540struct vop_vector ufs_fifoops = { 2541 .vop_default = &fifo_specops, 2542 .vop_fsync = VOP_PANIC, 2543 .vop_access = ufs_access, 2544 .vop_close = ufsfifo_close, 2545 .vop_getattr = ufs_getattr, 2546 .vop_inactive = ufs_inactive, 2547 .vop_kqfilter = ufsfifo_kqfilter, 2548 .vop_print = ufs_print, 2549 .vop_read = VOP_PANIC, 2550 .vop_reclaim = ufs_reclaim, 2551 .vop_setattr = ufs_setattr, 2552#ifdef MAC 2553 .vop_setlabel = vop_stdsetlabel_ea, 2554#endif 2555 .vop_write = VOP_PANIC, 2556#ifdef UFS_EXTATTR 2557 .vop_getextattr = ufs_getextattr, 2558 .vop_deleteextattr = ufs_deleteextattr, 2559 .vop_setextattr = ufs_setextattr, 2560#endif 2561#ifdef UFS_ACL 2562 .vop_getacl = ufs_getacl, 2563 .vop_setacl = ufs_setacl, 2564 .vop_aclcheck = ufs_aclcheck, 2565#endif 2566}; 2567