ufs_vnops.c revision 146829
1/*- 2 * Copyright (c) 1982, 1986, 1989, 1993, 1995 3 * The Regents of the University of California. All rights reserved. 4 * (c) UNIX System Laboratories, Inc. 5 * All or some portions of this file are derived from material licensed 6 * to the University of California by American Telephone and Telegraph 7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 8 * the permission of UNIX System Laboratories, Inc. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 4. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * @(#)ufs_vnops.c 8.27 (Berkeley) 5/27/95 35 */ 36 37#include <sys/cdefs.h> 38__FBSDID("$FreeBSD: head/sys/ufs/ufs/ufs_vnops.c 146829 2005-05-31 19:39:52Z kensmith $"); 39 40#include "opt_mac.h" 41#include "opt_quota.h" 42#include "opt_suiddir.h" 43#include "opt_ufs.h" 44#include "opt_ffs.h" 45 46#include <sys/param.h> 47#include <sys/systm.h> 48#include <sys/malloc.h> 49#include <sys/namei.h> 50#include <sys/kernel.h> 51#include <sys/fcntl.h> 52#include <sys/stat.h> 53#include <sys/bio.h> 54#include <sys/buf.h> 55#include <sys/mount.h> 56#include <sys/unistd.h> 57#include <sys/vnode.h> 58#include <sys/dirent.h> 59#include <sys/lockf.h> 60#include <sys/event.h> 61#include <sys/conf.h> 62#include <sys/acl.h> 63#include <sys/mac.h> 64#include <sys/jail.h> 65 66#include <machine/mutex.h> 67 68#include <sys/file.h> /* XXX */ 69 70#include <vm/vm.h> 71#include <vm/vm_extern.h> 72 73#include <fs/fifofs/fifo.h> 74 75#include <ufs/ufs/acl.h> 76#include <ufs/ufs/extattr.h> 77#include <ufs/ufs/quota.h> 78#include <ufs/ufs/inode.h> 79#include <ufs/ufs/dir.h> 80#include <ufs/ufs/ufsmount.h> 81#include <ufs/ufs/ufs_extern.h> 82#ifdef UFS_DIRHASH 83#include <ufs/ufs/dirhash.h> 84#endif 85 86#include <ufs/ffs/ffs_extern.h> 87 88static vop_access_t ufs_access; 89static vop_advlock_t ufs_advlock; 90static int ufs_chmod(struct vnode *, int, struct ucred *, struct thread *); 91static int ufs_chown(struct vnode *, uid_t, gid_t, struct ucred *, struct thread *); 92static vop_close_t ufs_close; 93static vop_create_t ufs_create; 94static vop_getattr_t ufs_getattr; 95static vop_link_t ufs_link; 96static int ufs_makeinode(int mode, struct vnode *, struct vnode **, struct componentname *); 97static vop_mkdir_t ufs_mkdir; 98static vop_mknod_t ufs_mknod; 99static vop_open_t ufs_open; 100static vop_pathconf_t ufs_pathconf; 101static vop_print_t ufs_print; 102static vop_readlink_t ufs_readlink; 103static vop_remove_t ufs_remove; 104static vop_rename_t ufs_rename; 105static vop_rmdir_t ufs_rmdir; 106static vop_setattr_t ufs_setattr; 107static vop_strategy_t ufs_strategy; 108static vop_symlink_t ufs_symlink; 109static vop_whiteout_t ufs_whiteout; 110static vop_close_t ufsfifo_close; 111static vop_kqfilter_t ufsfifo_kqfilter; 112static int filt_ufsread(struct knote *kn, long hint); 113static int filt_ufswrite(struct knote *kn, long hint); 114static int filt_ufsvnode(struct knote *kn, long hint); 115static void filt_ufsdetach(struct knote *kn); 116static vop_kqfilter_t ufs_kqfilter; 117 118/* 119 * A virgin directory (no blushing please). 120 */ 121static struct dirtemplate mastertemplate = { 122 0, 12, DT_DIR, 1, ".", 123 0, DIRBLKSIZ - 12, DT_DIR, 2, ".." 124}; 125static struct odirtemplate omastertemplate = { 126 0, 12, 1, ".", 127 0, DIRBLKSIZ - 12, 2, ".." 128}; 129 130void 131ufs_itimes(vp) 132 struct vnode *vp; 133{ 134 struct inode *ip; 135 struct timespec ts; 136 137 ip = VTOI(vp); 138 if ((ip->i_flag & (IN_ACCESS | IN_CHANGE | IN_UPDATE)) == 0) 139 return; 140 if ((vp->v_type == VBLK || vp->v_type == VCHR) && !DOINGSOFTDEP(vp)) 141 ip->i_flag |= IN_LAZYMOD; 142 else 143 ip->i_flag |= IN_MODIFIED; 144 if ((vp->v_mount->mnt_flag & MNT_RDONLY) == 0) { 145 vfs_timestamp(&ts); 146 if (ip->i_flag & IN_ACCESS) { 147 DIP_SET(ip, i_atime, ts.tv_sec); 148 DIP_SET(ip, i_atimensec, ts.tv_nsec); 149 } 150 if (ip->i_flag & IN_UPDATE) { 151 DIP_SET(ip, i_mtime, ts.tv_sec); 152 DIP_SET(ip, i_mtimensec, ts.tv_nsec); 153 ip->i_modrev++; 154 } 155 if (ip->i_flag & IN_CHANGE) { 156 DIP_SET(ip, i_ctime, ts.tv_sec); 157 DIP_SET(ip, i_ctimensec, ts.tv_nsec); 158 } 159 } 160 ip->i_flag &= ~(IN_ACCESS | IN_CHANGE | IN_UPDATE); 161} 162 163/* 164 * Create a regular file 165 */ 166static int 167ufs_create(ap) 168 struct vop_create_args /* { 169 struct vnode *a_dvp; 170 struct vnode **a_vpp; 171 struct componentname *a_cnp; 172 struct vattr *a_vap; 173 } */ *ap; 174{ 175 int error; 176 177 error = 178 ufs_makeinode(MAKEIMODE(ap->a_vap->va_type, ap->a_vap->va_mode), 179 ap->a_dvp, ap->a_vpp, ap->a_cnp); 180 if (error) 181 return (error); 182 VN_KNOTE_UNLOCKED(ap->a_dvp, NOTE_WRITE); 183 return (0); 184} 185 186/* 187 * Mknod vnode call 188 */ 189/* ARGSUSED */ 190static int 191ufs_mknod(ap) 192 struct vop_mknod_args /* { 193 struct vnode *a_dvp; 194 struct vnode **a_vpp; 195 struct componentname *a_cnp; 196 struct vattr *a_vap; 197 } */ *ap; 198{ 199 struct vattr *vap = ap->a_vap; 200 struct vnode **vpp = ap->a_vpp; 201 struct inode *ip; 202 ino_t ino; 203 int error; 204 205 error = ufs_makeinode(MAKEIMODE(vap->va_type, vap->va_mode), 206 ap->a_dvp, vpp, ap->a_cnp); 207 if (error) 208 return (error); 209 VN_KNOTE_UNLOCKED(ap->a_dvp, NOTE_WRITE); 210 ip = VTOI(*vpp); 211 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE; 212 if (vap->va_rdev != VNOVAL) { 213 /* 214 * Want to be able to use this to make badblock 215 * inodes, so don't truncate the dev number. 216 */ 217 DIP_SET(ip, i_rdev, vap->va_rdev); 218 } 219 /* 220 * Remove inode, then reload it through VFS_VGET so it is 221 * checked to see if it is an alias of an existing entry in 222 * the inode cache. XXX I don't believe this is necessary now. 223 */ 224 (*vpp)->v_type = VNON; 225 ino = ip->i_number; /* Save this before vgone() invalidates ip. */ 226 vgone(*vpp); 227 vput(*vpp); 228 error = VFS_VGET(ap->a_dvp->v_mount, ino, LK_EXCLUSIVE, vpp); 229 if (error) { 230 *vpp = NULL; 231 return (error); 232 } 233 return (0); 234} 235 236/* 237 * Open called. 238 */ 239/* ARGSUSED */ 240static int 241ufs_open(struct vop_open_args *ap) 242{ 243 struct vnode *vp = ap->a_vp; 244 struct inode *ip; 245 246 if (vp->v_type == VCHR || vp->v_type == VBLK) 247 return (EOPNOTSUPP); 248 249 ip = VTOI(vp); 250 /* 251 * Files marked append-only must be opened for appending. 252 */ 253 if ((ip->i_flags & APPEND) && 254 (ap->a_mode & (FWRITE | O_APPEND)) == FWRITE) 255 return (EPERM); 256 vnode_create_vobject(vp, DIP(ip, i_size), ap->a_td); 257 return (0); 258} 259 260/* 261 * Close called. 262 * 263 * Update the times on the inode. 264 */ 265/* ARGSUSED */ 266static int 267ufs_close(ap) 268 struct vop_close_args /* { 269 struct vnode *a_vp; 270 int a_fflag; 271 struct ucred *a_cred; 272 struct thread *a_td; 273 } */ *ap; 274{ 275 struct vnode *vp = ap->a_vp; 276 277 VI_LOCK(vp); 278 if (vp->v_usecount > 1) 279 ufs_itimes(vp); 280 VI_UNLOCK(vp); 281 return (0); 282} 283 284static int 285ufs_access(ap) 286 struct vop_access_args /* { 287 struct vnode *a_vp; 288 int a_mode; 289 struct ucred *a_cred; 290 struct thread *a_td; 291 } */ *ap; 292{ 293 struct vnode *vp = ap->a_vp; 294 struct inode *ip = VTOI(vp); 295 mode_t mode = ap->a_mode; 296 int error; 297#ifdef UFS_ACL 298 struct acl *acl; 299#endif 300 301 /* 302 * Disallow write attempts on read-only filesystems; 303 * unless the file is a socket, fifo, or a block or 304 * character device resident on the filesystem. 305 */ 306 if (mode & VWRITE) { 307 switch (vp->v_type) { 308 case VDIR: 309 case VLNK: 310 case VREG: 311 if (vp->v_mount->mnt_flag & MNT_RDONLY) 312 return (EROFS); 313#ifdef QUOTA 314 if ((error = getinoquota(ip)) != 0) 315 return (error); 316#endif 317 break; 318 default: 319 break; 320 } 321 } 322 323 /* If immutable bit set, nobody gets to write it. */ 324 if ((mode & VWRITE) && (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT))) 325 return (EPERM); 326 327#ifdef UFS_ACL 328 if ((vp->v_mount->mnt_flag & MNT_ACLS) != 0) { 329 MALLOC(acl, struct acl *, sizeof(*acl), M_ACL, M_WAITOK); 330 error = VOP_GETACL(vp, ACL_TYPE_ACCESS, acl, ap->a_cred, 331 ap->a_td); 332 switch (error) { 333 case EOPNOTSUPP: 334 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, 335 ip->i_gid, ap->a_mode, ap->a_cred, NULL); 336 break; 337 case 0: 338 error = vaccess_acl_posix1e(vp->v_type, ip->i_uid, 339 ip->i_gid, acl, ap->a_mode, ap->a_cred, NULL); 340 break; 341 default: 342 printf( 343"ufs_access(): Error retrieving ACL on object (%d).\n", 344 error); 345 /* 346 * XXX: Fall back until debugged. Should 347 * eventually possibly log an error, and return 348 * EPERM for safety. 349 */ 350 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, 351 ip->i_gid, ap->a_mode, ap->a_cred, NULL); 352 } 353 FREE(acl, M_ACL); 354 } else 355#endif /* !UFS_ACL */ 356 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, ip->i_gid, 357 ap->a_mode, ap->a_cred, NULL); 358 return (error); 359} 360 361/* ARGSUSED */ 362static int 363ufs_getattr(ap) 364 struct vop_getattr_args /* { 365 struct vnode *a_vp; 366 struct vattr *a_vap; 367 struct ucred *a_cred; 368 struct thread *a_td; 369 } */ *ap; 370{ 371 struct vnode *vp = ap->a_vp; 372 struct inode *ip = VTOI(vp); 373 struct vattr *vap = ap->a_vap; 374 375 ufs_itimes(vp); 376 /* 377 * Copy from inode table 378 */ 379 vap->va_fsid = dev2udev(ip->i_dev); 380 vap->va_fileid = ip->i_number; 381 vap->va_mode = ip->i_mode & ~IFMT; 382 vap->va_nlink = ip->i_effnlink; 383 vap->va_uid = ip->i_uid; 384 vap->va_gid = ip->i_gid; 385 if (ip->i_ump->um_fstype == UFS1) { 386 vap->va_rdev = ip->i_din1->di_rdev; 387 vap->va_size = ip->i_din1->di_size; 388 vap->va_atime.tv_sec = ip->i_din1->di_atime; 389 vap->va_atime.tv_nsec = ip->i_din1->di_atimensec; 390 vap->va_mtime.tv_sec = ip->i_din1->di_mtime; 391 vap->va_mtime.tv_nsec = ip->i_din1->di_mtimensec; 392 vap->va_ctime.tv_sec = ip->i_din1->di_ctime; 393 vap->va_ctime.tv_nsec = ip->i_din1->di_ctimensec; 394 vap->va_birthtime.tv_sec = 0; 395 vap->va_birthtime.tv_nsec = 0; 396 vap->va_bytes = dbtob((u_quad_t)ip->i_din1->di_blocks); 397 } else { 398 vap->va_rdev = ip->i_din2->di_rdev; 399 vap->va_size = ip->i_din2->di_size; 400 vap->va_atime.tv_sec = ip->i_din2->di_atime; 401 vap->va_atime.tv_nsec = ip->i_din2->di_atimensec; 402 vap->va_mtime.tv_sec = ip->i_din2->di_mtime; 403 vap->va_mtime.tv_nsec = ip->i_din2->di_mtimensec; 404 vap->va_ctime.tv_sec = ip->i_din2->di_ctime; 405 vap->va_ctime.tv_nsec = ip->i_din2->di_ctimensec; 406 vap->va_birthtime.tv_sec = ip->i_din2->di_birthtime; 407 vap->va_birthtime.tv_nsec = ip->i_din2->di_birthnsec; 408 vap->va_bytes = dbtob((u_quad_t)ip->i_din2->di_blocks); 409 } 410 vap->va_flags = ip->i_flags; 411 vap->va_gen = ip->i_gen; 412 vap->va_blocksize = vp->v_mount->mnt_stat.f_iosize; 413 vap->va_type = IFTOVT(ip->i_mode); 414 vap->va_filerev = ip->i_modrev; 415 return (0); 416} 417 418/* 419 * Set attribute vnode op. called from several syscalls 420 */ 421static int 422ufs_setattr(ap) 423 struct vop_setattr_args /* { 424 struct vnode *a_vp; 425 struct vattr *a_vap; 426 struct ucred *a_cred; 427 struct thread *a_td; 428 } */ *ap; 429{ 430 struct vattr *vap = ap->a_vap; 431 struct vnode *vp = ap->a_vp; 432 struct inode *ip = VTOI(vp); 433 struct ucred *cred = ap->a_cred; 434 struct thread *td = ap->a_td; 435 int error; 436 437 /* 438 * Check for unsettable attributes. 439 */ 440 if ((vap->va_type != VNON) || (vap->va_nlink != VNOVAL) || 441 (vap->va_fsid != VNOVAL) || (vap->va_fileid != VNOVAL) || 442 (vap->va_blocksize != VNOVAL) || (vap->va_rdev != VNOVAL) || 443 ((int)vap->va_bytes != VNOVAL) || (vap->va_gen != VNOVAL)) { 444 return (EINVAL); 445 } 446 /* 447 * Update the file's access time when it has been executed. We are 448 * doing this here to specifically avoid some of the checks done 449 * below -- this operation is done by request of the kernel and 450 * should bypass some security checks. Things like read-only 451 * checks get handled by other levels (e.g., ffs_update()). 452 */ 453 if (vap->va_vaflags & VA_EXECVE_ATIME) { 454 ip->i_flag |= IN_ACCESS; 455 return (0); 456 } 457 if (vap->va_flags != VNOVAL) { 458 if (vp->v_mount->mnt_flag & MNT_RDONLY) 459 return (EROFS); 460 /* 461 * Callers may only modify the file flags on objects they 462 * have VADMIN rights for. 463 */ 464 if ((error = VOP_ACCESS(vp, VADMIN, cred, td))) 465 return (error); 466 /* 467 * Unprivileged processes are not permitted to unset system 468 * flags, or modify flags if any system flags are set. 469 * Privileged non-jail processes may not modify system flags 470 * if securelevel > 0 and any existing system flags are set. 471 * Privileged jail processes behave like privileged non-jail 472 * processes if the security.jail.chflags_allowed sysctl is 473 * is non-zero; otherwise, they behave like unprivileged 474 * processes. 475 */ 476 if (!suser_cred(cred, 477 jail_chflags_allowed ? SUSER_ALLOWJAIL : 0)) { 478 if (ip->i_flags 479 & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) { 480 error = securelevel_gt(cred, 0); 481 if (error) 482 return (error); 483 } 484 /* Snapshot flag cannot be set or cleared */ 485 if (((vap->va_flags & SF_SNAPSHOT) != 0 && 486 (ip->i_flags & SF_SNAPSHOT) == 0) || 487 ((vap->va_flags & SF_SNAPSHOT) == 0 && 488 (ip->i_flags & SF_SNAPSHOT) != 0)) 489 return (EPERM); 490 ip->i_flags = vap->va_flags; 491 DIP_SET(ip, i_flags, vap->va_flags); 492 } else { 493 if (ip->i_flags 494 & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND) || 495 (vap->va_flags & UF_SETTABLE) != vap->va_flags) 496 return (EPERM); 497 ip->i_flags &= SF_SETTABLE; 498 ip->i_flags |= (vap->va_flags & UF_SETTABLE); 499 DIP_SET(ip, i_flags, ip->i_flags); 500 } 501 ip->i_flag |= IN_CHANGE; 502 if (vap->va_flags & (IMMUTABLE | APPEND)) 503 return (0); 504 } 505 if (ip->i_flags & (IMMUTABLE | APPEND)) 506 return (EPERM); 507 /* 508 * Go through the fields and update iff not VNOVAL. 509 */ 510 if (vap->va_uid != (uid_t)VNOVAL || vap->va_gid != (gid_t)VNOVAL) { 511 if (vp->v_mount->mnt_flag & MNT_RDONLY) 512 return (EROFS); 513 if ((error = ufs_chown(vp, vap->va_uid, vap->va_gid, cred, 514 td)) != 0) 515 return (error); 516 } 517 if (vap->va_size != VNOVAL) { 518 /* 519 * Disallow write attempts on read-only filesystems; 520 * unless the file is a socket, fifo, or a block or 521 * character device resident on the filesystem. 522 */ 523 switch (vp->v_type) { 524 case VDIR: 525 return (EISDIR); 526 case VLNK: 527 case VREG: 528 if (vp->v_mount->mnt_flag & MNT_RDONLY) 529 return (EROFS); 530 if ((ip->i_flags & SF_SNAPSHOT) != 0) 531 return (EPERM); 532 break; 533 default: 534 break; 535 } 536 if ((error = UFS_TRUNCATE(vp, vap->va_size, IO_NORMAL, 537 cred, td)) != 0) 538 return (error); 539 } 540 if (vap->va_atime.tv_sec != VNOVAL || 541 vap->va_mtime.tv_sec != VNOVAL || 542 vap->va_birthtime.tv_sec != VNOVAL) { 543 if (vp->v_mount->mnt_flag & MNT_RDONLY) 544 return (EROFS); 545 if ((ip->i_flags & SF_SNAPSHOT) != 0) 546 return (EPERM); 547 /* 548 * From utimes(2): 549 * If times is NULL, ... The caller must be the owner of 550 * the file, have permission to write the file, or be the 551 * super-user. 552 * If times is non-NULL, ... The caller must be the owner of 553 * the file or be the super-user. 554 */ 555 if ((error = VOP_ACCESS(vp, VADMIN, cred, td)) && 556 ((vap->va_vaflags & VA_UTIMES_NULL) == 0 || 557 (error = VOP_ACCESS(vp, VWRITE, cred, td)))) 558 return (error); 559 if (vap->va_atime.tv_sec != VNOVAL) 560 ip->i_flag |= IN_ACCESS; 561 if (vap->va_mtime.tv_sec != VNOVAL) 562 ip->i_flag |= IN_CHANGE | IN_UPDATE; 563 if (vap->va_birthtime.tv_sec != VNOVAL && 564 ip->i_ump->um_fstype == UFS2) 565 ip->i_flag |= IN_MODIFIED; 566 ufs_itimes(vp); 567 if (vap->va_atime.tv_sec != VNOVAL) { 568 DIP_SET(ip, i_atime, vap->va_atime.tv_sec); 569 DIP_SET(ip, i_atimensec, vap->va_atime.tv_nsec); 570 } 571 if (vap->va_mtime.tv_sec != VNOVAL) { 572 DIP_SET(ip, i_mtime, vap->va_mtime.tv_sec); 573 DIP_SET(ip, i_mtimensec, vap->va_mtime.tv_nsec); 574 } 575 if (vap->va_birthtime.tv_sec != VNOVAL && 576 ip->i_ump->um_fstype == UFS2) { 577 ip->i_din2->di_birthtime = vap->va_birthtime.tv_sec; 578 ip->i_din2->di_birthnsec = vap->va_birthtime.tv_nsec; 579 } 580 error = UFS_UPDATE(vp, 0); 581 if (error) 582 return (error); 583 } 584 error = 0; 585 if (vap->va_mode != (mode_t)VNOVAL) { 586 if (vp->v_mount->mnt_flag & MNT_RDONLY) 587 return (EROFS); 588 if ((ip->i_flags & SF_SNAPSHOT) != 0 && (vap->va_mode & 589 (S_IXUSR | S_IWUSR | S_IXGRP | S_IWGRP | S_IXOTH | S_IWOTH))) 590 return (EPERM); 591 error = ufs_chmod(vp, (int)vap->va_mode, cred, td); 592 } 593 VN_KNOTE_UNLOCKED(vp, NOTE_ATTRIB); 594 return (error); 595} 596 597/* 598 * Change the mode on a file. 599 * Inode must be locked before calling. 600 */ 601static int 602ufs_chmod(vp, mode, cred, td) 603 struct vnode *vp; 604 int mode; 605 struct ucred *cred; 606 struct thread *td; 607{ 608 struct inode *ip = VTOI(vp); 609 int error; 610 611 /* 612 * To modify the permissions on a file, must possess VADMIN 613 * for that file. 614 */ 615 if ((error = VOP_ACCESS(vp, VADMIN, cred, td))) 616 return (error); 617 /* 618 * Privileged processes may set the sticky bit on non-directories, 619 * as well as set the setgid bit on a file with a group that the 620 * process is not a member of. Both of these are allowed in 621 * jail(8). 622 */ 623 if (vp->v_type != VDIR && (mode & S_ISTXT)) { 624 if (suser_cred(cred, SUSER_ALLOWJAIL)) 625 return (EFTYPE); 626 } 627 if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) { 628 error = suser_cred(cred, SUSER_ALLOWJAIL); 629 if (error) 630 return (error); 631 } 632 ip->i_mode &= ~ALLPERMS; 633 ip->i_mode |= (mode & ALLPERMS); 634 DIP_SET(ip, i_mode, ip->i_mode); 635 ip->i_flag |= IN_CHANGE; 636 return (0); 637} 638 639/* 640 * Perform chown operation on inode ip; 641 * inode must be locked prior to call. 642 */ 643static int 644ufs_chown(vp, uid, gid, cred, td) 645 struct vnode *vp; 646 uid_t uid; 647 gid_t gid; 648 struct ucred *cred; 649 struct thread *td; 650{ 651 struct inode *ip = VTOI(vp); 652 uid_t ouid; 653 gid_t ogid; 654 int error = 0; 655#ifdef QUOTA 656 int i; 657 ufs2_daddr_t change; 658#endif 659 660 if (uid == (uid_t)VNOVAL) 661 uid = ip->i_uid; 662 if (gid == (gid_t)VNOVAL) 663 gid = ip->i_gid; 664 /* 665 * To modify the ownership of a file, must possess VADMIN 666 * for that file. 667 */ 668 if ((error = VOP_ACCESS(vp, VADMIN, cred, td))) 669 return (error); 670 /* 671 * To change the owner of a file, or change the group of a file 672 * to a group of which we are not a member, the caller must 673 * have privilege. 674 */ 675 if ((uid != ip->i_uid || 676 (gid != ip->i_gid && !groupmember(gid, cred))) && 677 (error = suser_cred(cred, SUSER_ALLOWJAIL))) 678 return (error); 679 ogid = ip->i_gid; 680 ouid = ip->i_uid; 681#ifdef QUOTA 682 if ((error = getinoquota(ip)) != 0) 683 return (error); 684 if (ouid == uid) { 685 dqrele(vp, ip->i_dquot[USRQUOTA]); 686 ip->i_dquot[USRQUOTA] = NODQUOT; 687 } 688 if (ogid == gid) { 689 dqrele(vp, ip->i_dquot[GRPQUOTA]); 690 ip->i_dquot[GRPQUOTA] = NODQUOT; 691 } 692 change = DIP(ip, i_blocks); 693 (void) chkdq(ip, -change, cred, CHOWN); 694 (void) chkiq(ip, -1, cred, CHOWN); 695 for (i = 0; i < MAXQUOTAS; i++) { 696 dqrele(vp, ip->i_dquot[i]); 697 ip->i_dquot[i] = NODQUOT; 698 } 699#endif 700 ip->i_gid = gid; 701 DIP_SET(ip, i_gid, gid); 702 ip->i_uid = uid; 703 DIP_SET(ip, i_uid, uid); 704#ifdef QUOTA 705 if ((error = getinoquota(ip)) == 0) { 706 if (ouid == uid) { 707 dqrele(vp, ip->i_dquot[USRQUOTA]); 708 ip->i_dquot[USRQUOTA] = NODQUOT; 709 } 710 if (ogid == gid) { 711 dqrele(vp, ip->i_dquot[GRPQUOTA]); 712 ip->i_dquot[GRPQUOTA] = NODQUOT; 713 } 714 if ((error = chkdq(ip, change, cred, CHOWN)) == 0) { 715 if ((error = chkiq(ip, 1, cred, CHOWN)) == 0) 716 goto good; 717 else 718 (void) chkdq(ip, -change, cred, CHOWN|FORCE); 719 } 720 for (i = 0; i < MAXQUOTAS; i++) { 721 dqrele(vp, ip->i_dquot[i]); 722 ip->i_dquot[i] = NODQUOT; 723 } 724 } 725 ip->i_gid = ogid; 726 DIP_SET(ip, i_gid, ogid); 727 ip->i_uid = ouid; 728 DIP_SET(ip, i_uid, ouid); 729 if (getinoquota(ip) == 0) { 730 if (ouid == uid) { 731 dqrele(vp, ip->i_dquot[USRQUOTA]); 732 ip->i_dquot[USRQUOTA] = NODQUOT; 733 } 734 if (ogid == gid) { 735 dqrele(vp, ip->i_dquot[GRPQUOTA]); 736 ip->i_dquot[GRPQUOTA] = NODQUOT; 737 } 738 (void) chkdq(ip, change, cred, FORCE|CHOWN); 739 (void) chkiq(ip, 1, cred, FORCE|CHOWN); 740 (void) getinoquota(ip); 741 } 742 return (error); 743good: 744 if (getinoquota(ip)) 745 panic("ufs_chown: lost quota"); 746#endif /* QUOTA */ 747 ip->i_flag |= IN_CHANGE; 748 if (suser_cred(cred, SUSER_ALLOWJAIL) && (ouid != uid || ogid != gid)) { 749 ip->i_mode &= ~(ISUID | ISGID); 750 DIP_SET(ip, i_mode, ip->i_mode); 751 } 752 return (0); 753} 754 755static int 756ufs_remove(ap) 757 struct vop_remove_args /* { 758 struct vnode *a_dvp; 759 struct vnode *a_vp; 760 struct componentname *a_cnp; 761 } */ *ap; 762{ 763 struct inode *ip; 764 struct vnode *vp = ap->a_vp; 765 struct vnode *dvp = ap->a_dvp; 766 int error; 767 768 ip = VTOI(vp); 769 if ((ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) || 770 (VTOI(dvp)->i_flags & APPEND)) { 771 error = EPERM; 772 goto out; 773 } 774 error = ufs_dirremove(dvp, ip, ap->a_cnp->cn_flags, 0); 775 if (ip->i_nlink <= 0) 776 vp->v_vflag |= VV_NOSYNC; 777 VN_KNOTE_UNLOCKED(vp, NOTE_DELETE); 778 VN_KNOTE_UNLOCKED(dvp, NOTE_WRITE); 779out: 780 return (error); 781} 782 783/* 784 * link vnode call 785 */ 786static int 787ufs_link(ap) 788 struct vop_link_args /* { 789 struct vnode *a_tdvp; 790 struct vnode *a_vp; 791 struct componentname *a_cnp; 792 } */ *ap; 793{ 794 struct vnode *vp = ap->a_vp; 795 struct vnode *tdvp = ap->a_tdvp; 796 struct componentname *cnp = ap->a_cnp; 797 struct inode *ip; 798 struct direct newdir; 799 int error; 800 801#ifdef DIAGNOSTIC 802 if ((cnp->cn_flags & HASBUF) == 0) 803 panic("ufs_link: no name"); 804#endif 805 if (tdvp->v_mount != vp->v_mount) { 806 error = EXDEV; 807 goto out; 808 } 809 ip = VTOI(vp); 810 if ((nlink_t)ip->i_nlink >= LINK_MAX) { 811 error = EMLINK; 812 goto out; 813 } 814 if (ip->i_flags & (IMMUTABLE | APPEND)) { 815 error = EPERM; 816 goto out; 817 } 818 ip->i_effnlink++; 819 ip->i_nlink++; 820 DIP_SET(ip, i_nlink, ip->i_nlink); 821 ip->i_flag |= IN_CHANGE; 822 if (DOINGSOFTDEP(vp)) 823 softdep_change_linkcnt(ip); 824 error = UFS_UPDATE(vp, !(DOINGSOFTDEP(vp) | DOINGASYNC(vp))); 825 if (!error) { 826 ufs_makedirentry(ip, cnp, &newdir); 827 error = ufs_direnter(tdvp, vp, &newdir, cnp, NULL); 828 } 829 830 if (error) { 831 ip->i_effnlink--; 832 ip->i_nlink--; 833 DIP_SET(ip, i_nlink, ip->i_nlink); 834 ip->i_flag |= IN_CHANGE; 835 if (DOINGSOFTDEP(vp)) 836 softdep_change_linkcnt(ip); 837 } 838out: 839 VN_KNOTE_UNLOCKED(vp, NOTE_LINK); 840 VN_KNOTE_UNLOCKED(tdvp, NOTE_WRITE); 841 return (error); 842} 843 844/* 845 * whiteout vnode call 846 */ 847static int 848ufs_whiteout(ap) 849 struct vop_whiteout_args /* { 850 struct vnode *a_dvp; 851 struct componentname *a_cnp; 852 int a_flags; 853 } */ *ap; 854{ 855 struct vnode *dvp = ap->a_dvp; 856 struct componentname *cnp = ap->a_cnp; 857 struct direct newdir; 858 int error = 0; 859 860 switch (ap->a_flags) { 861 case LOOKUP: 862 /* 4.4 format directories support whiteout operations */ 863 if (dvp->v_mount->mnt_maxsymlinklen > 0) 864 return (0); 865 return (EOPNOTSUPP); 866 867 case CREATE: 868 /* create a new directory whiteout */ 869#ifdef DIAGNOSTIC 870 if ((cnp->cn_flags & SAVENAME) == 0) 871 panic("ufs_whiteout: missing name"); 872 if (dvp->v_mount->mnt_maxsymlinklen <= 0) 873 panic("ufs_whiteout: old format filesystem"); 874#endif 875 876 newdir.d_ino = WINO; 877 newdir.d_namlen = cnp->cn_namelen; 878 bcopy(cnp->cn_nameptr, newdir.d_name, (unsigned)cnp->cn_namelen + 1); 879 newdir.d_type = DT_WHT; 880 error = ufs_direnter(dvp, NULL, &newdir, cnp, NULL); 881 break; 882 883 case DELETE: 884 /* remove an existing directory whiteout */ 885#ifdef DIAGNOSTIC 886 if (dvp->v_mount->mnt_maxsymlinklen <= 0) 887 panic("ufs_whiteout: old format filesystem"); 888#endif 889 890 cnp->cn_flags &= ~DOWHITEOUT; 891 error = ufs_dirremove(dvp, NULL, cnp->cn_flags, 0); 892 break; 893 default: 894 panic("ufs_whiteout: unknown op"); 895 } 896 return (error); 897} 898 899/* 900 * Rename system call. 901 * rename("foo", "bar"); 902 * is essentially 903 * unlink("bar"); 904 * link("foo", "bar"); 905 * unlink("foo"); 906 * but ``atomically''. Can't do full commit without saving state in the 907 * inode on disk which isn't feasible at this time. Best we can do is 908 * always guarantee the target exists. 909 * 910 * Basic algorithm is: 911 * 912 * 1) Bump link count on source while we're linking it to the 913 * target. This also ensure the inode won't be deleted out 914 * from underneath us while we work (it may be truncated by 915 * a concurrent `trunc' or `open' for creation). 916 * 2) Link source to destination. If destination already exists, 917 * delete it first. 918 * 3) Unlink source reference to inode if still around. If a 919 * directory was moved and the parent of the destination 920 * is different from the source, patch the ".." entry in the 921 * directory. 922 */ 923static int 924ufs_rename(ap) 925 struct vop_rename_args /* { 926 struct vnode *a_fdvp; 927 struct vnode *a_fvp; 928 struct componentname *a_fcnp; 929 struct vnode *a_tdvp; 930 struct vnode *a_tvp; 931 struct componentname *a_tcnp; 932 } */ *ap; 933{ 934 struct vnode *tvp = ap->a_tvp; 935 struct vnode *tdvp = ap->a_tdvp; 936 struct vnode *fvp = ap->a_fvp; 937 struct vnode *fdvp = ap->a_fdvp; 938 struct componentname *tcnp = ap->a_tcnp; 939 struct componentname *fcnp = ap->a_fcnp; 940 struct thread *td = fcnp->cn_thread; 941 struct inode *ip, *xp, *dp; 942 struct direct newdir; 943 int doingdirectory = 0, oldparent = 0, newparent = 0; 944 int error = 0, ioflag; 945 946#ifdef DIAGNOSTIC 947 if ((tcnp->cn_flags & HASBUF) == 0 || 948 (fcnp->cn_flags & HASBUF) == 0) 949 panic("ufs_rename: no name"); 950#endif 951 /* 952 * Check for cross-device rename. 953 */ 954 if ((fvp->v_mount != tdvp->v_mount) || 955 (tvp && (fvp->v_mount != tvp->v_mount))) { 956 error = EXDEV; 957abortit: 958 if (tdvp == tvp) 959 vrele(tdvp); 960 else 961 vput(tdvp); 962 if (tvp) 963 vput(tvp); 964 vrele(fdvp); 965 vrele(fvp); 966 return (error); 967 } 968 969 if (tvp && ((VTOI(tvp)->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) || 970 (VTOI(tdvp)->i_flags & APPEND))) { 971 error = EPERM; 972 goto abortit; 973 } 974 975 /* 976 * Renaming a file to itself has no effect. The upper layers should 977 * not call us in that case. Temporarily just warn if they do. 978 */ 979 if (fvp == tvp) { 980 printf("ufs_rename: fvp == tvp (can't happen)\n"); 981 error = 0; 982 goto abortit; 983 } 984 985 if ((error = vn_lock(fvp, LK_EXCLUSIVE, td)) != 0) 986 goto abortit; 987 dp = VTOI(fdvp); 988 ip = VTOI(fvp); 989 if (ip->i_nlink >= LINK_MAX) { 990 VOP_UNLOCK(fvp, 0, td); 991 error = EMLINK; 992 goto abortit; 993 } 994 if ((ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) 995 || (dp->i_flags & APPEND)) { 996 VOP_UNLOCK(fvp, 0, td); 997 error = EPERM; 998 goto abortit; 999 } 1000 if ((ip->i_mode & IFMT) == IFDIR) { 1001 /* 1002 * Avoid ".", "..", and aliases of "." for obvious reasons. 1003 */ 1004 if ((fcnp->cn_namelen == 1 && fcnp->cn_nameptr[0] == '.') || 1005 dp == ip || (fcnp->cn_flags | tcnp->cn_flags) & ISDOTDOT || 1006 (ip->i_flag & IN_RENAME)) { 1007 VOP_UNLOCK(fvp, 0, td); 1008 error = EINVAL; 1009 goto abortit; 1010 } 1011 ip->i_flag |= IN_RENAME; 1012 oldparent = dp->i_number; 1013 doingdirectory = 1; 1014 } 1015 VN_KNOTE_UNLOCKED(fdvp, NOTE_WRITE); /* XXX right place? */ 1016 vrele(fdvp); 1017 1018 /* 1019 * When the target exists, both the directory 1020 * and target vnodes are returned locked. 1021 */ 1022 dp = VTOI(tdvp); 1023 xp = NULL; 1024 if (tvp) 1025 xp = VTOI(tvp); 1026 1027 /* 1028 * 1) Bump link count while we're moving stuff 1029 * around. If we crash somewhere before 1030 * completing our work, the link count 1031 * may be wrong, but correctable. 1032 */ 1033 ip->i_effnlink++; 1034 ip->i_nlink++; 1035 DIP_SET(ip, i_nlink, ip->i_nlink); 1036 ip->i_flag |= IN_CHANGE; 1037 if (DOINGSOFTDEP(fvp)) 1038 softdep_change_linkcnt(ip); 1039 if ((error = UFS_UPDATE(fvp, !(DOINGSOFTDEP(fvp) | 1040 DOINGASYNC(fvp)))) != 0) { 1041 VOP_UNLOCK(fvp, 0, td); 1042 goto bad; 1043 } 1044 1045 /* 1046 * If ".." must be changed (ie the directory gets a new 1047 * parent) then the source directory must not be in the 1048 * directory heirarchy above the target, as this would 1049 * orphan everything below the source directory. Also 1050 * the user must have write permission in the source so 1051 * as to be able to change "..". We must repeat the call 1052 * to namei, as the parent directory is unlocked by the 1053 * call to checkpath(). 1054 */ 1055 error = VOP_ACCESS(fvp, VWRITE, tcnp->cn_cred, tcnp->cn_thread); 1056 VOP_UNLOCK(fvp, 0, td); 1057 if (oldparent != dp->i_number) 1058 newparent = dp->i_number; 1059 if (doingdirectory && newparent) { 1060 if (error) /* write access check above */ 1061 goto bad; 1062 if (xp != NULL) 1063 vput(tvp); 1064 error = ufs_checkpath(ip, dp, tcnp->cn_cred); 1065 if (error) 1066 goto out; 1067 if ((tcnp->cn_flags & SAVESTART) == 0) 1068 panic("ufs_rename: lost to startdir"); 1069 VREF(tdvp); 1070 error = relookup(tdvp, &tvp, tcnp); 1071 if (error) 1072 goto out; 1073 vrele(tdvp); 1074 dp = VTOI(tdvp); 1075 xp = NULL; 1076 if (tvp) 1077 xp = VTOI(tvp); 1078 } 1079 /* 1080 * 2) If target doesn't exist, link the target 1081 * to the source and unlink the source. 1082 * Otherwise, rewrite the target directory 1083 * entry to reference the source inode and 1084 * expunge the original entry's existence. 1085 */ 1086 if (xp == NULL) { 1087 if (dp->i_dev != ip->i_dev) 1088 panic("ufs_rename: EXDEV"); 1089 /* 1090 * Account for ".." in new directory. 1091 * When source and destination have the same 1092 * parent we don't fool with the link count. 1093 */ 1094 if (doingdirectory && newparent) { 1095 if ((nlink_t)dp->i_nlink >= LINK_MAX) { 1096 error = EMLINK; 1097 goto bad; 1098 } 1099 dp->i_effnlink++; 1100 dp->i_nlink++; 1101 DIP_SET(dp, i_nlink, dp->i_nlink); 1102 dp->i_flag |= IN_CHANGE; 1103 if (DOINGSOFTDEP(tdvp)) 1104 softdep_change_linkcnt(dp); 1105 error = UFS_UPDATE(tdvp, !(DOINGSOFTDEP(tdvp) | 1106 DOINGASYNC(tdvp))); 1107 if (error) 1108 goto bad; 1109 } 1110 ufs_makedirentry(ip, tcnp, &newdir); 1111 error = ufs_direnter(tdvp, NULL, &newdir, tcnp, NULL); 1112 if (error) { 1113 if (doingdirectory && newparent) { 1114 dp->i_effnlink--; 1115 dp->i_nlink--; 1116 DIP_SET(dp, i_nlink, dp->i_nlink); 1117 dp->i_flag |= IN_CHANGE; 1118 if (DOINGSOFTDEP(tdvp)) 1119 softdep_change_linkcnt(dp); 1120 (void)UFS_UPDATE(tdvp, 1); 1121 } 1122 goto bad; 1123 } 1124 VN_KNOTE_UNLOCKED(tdvp, NOTE_WRITE); 1125 vput(tdvp); 1126 } else { 1127 if (xp->i_dev != dp->i_dev || xp->i_dev != ip->i_dev) 1128 panic("ufs_rename: EXDEV"); 1129 /* 1130 * Short circuit rename(foo, foo). 1131 */ 1132 if (xp->i_number == ip->i_number) 1133 panic("ufs_rename: same file"); 1134 /* 1135 * If the parent directory is "sticky", then the caller 1136 * must possess VADMIN for the parent directory, or the 1137 * destination of the rename. This implements append-only 1138 * directories. 1139 */ 1140 if ((dp->i_mode & S_ISTXT) && 1141 VOP_ACCESS(tdvp, VADMIN, tcnp->cn_cred, td) && 1142 VOP_ACCESS(tvp, VADMIN, tcnp->cn_cred, td)) { 1143 error = EPERM; 1144 goto bad; 1145 } 1146 /* 1147 * Target must be empty if a directory and have no links 1148 * to it. Also, ensure source and target are compatible 1149 * (both directories, or both not directories). 1150 */ 1151 if ((xp->i_mode&IFMT) == IFDIR) { 1152 if ((xp->i_effnlink > 2) || 1153 !ufs_dirempty(xp, dp->i_number, tcnp->cn_cred)) { 1154 error = ENOTEMPTY; 1155 goto bad; 1156 } 1157 if (!doingdirectory) { 1158 error = ENOTDIR; 1159 goto bad; 1160 } 1161 cache_purge(tdvp); 1162 } else if (doingdirectory) { 1163 error = EISDIR; 1164 goto bad; 1165 } 1166 error = ufs_dirrewrite(dp, xp, ip->i_number, 1167 IFTODT(ip->i_mode), 1168 (doingdirectory && newparent) ? newparent : doingdirectory); 1169 if (error) 1170 goto bad; 1171 if (doingdirectory) { 1172 if (!newparent) { 1173 dp->i_effnlink--; 1174 if (DOINGSOFTDEP(tdvp)) 1175 softdep_change_linkcnt(dp); 1176 } 1177 xp->i_effnlink--; 1178 if (DOINGSOFTDEP(tvp)) 1179 softdep_change_linkcnt(xp); 1180 } 1181 if (doingdirectory && !DOINGSOFTDEP(tvp)) { 1182 /* 1183 * Truncate inode. The only stuff left in the directory 1184 * is "." and "..". The "." reference is inconsequential 1185 * since we are quashing it. We have removed the "." 1186 * reference and the reference in the parent directory, 1187 * but there may be other hard links. The soft 1188 * dependency code will arrange to do these operations 1189 * after the parent directory entry has been deleted on 1190 * disk, so when running with that code we avoid doing 1191 * them now. 1192 */ 1193 if (!newparent) { 1194 dp->i_nlink--; 1195 DIP_SET(dp, i_nlink, dp->i_nlink); 1196 dp->i_flag |= IN_CHANGE; 1197 } 1198 xp->i_nlink--; 1199 DIP_SET(xp, i_nlink, xp->i_nlink); 1200 xp->i_flag |= IN_CHANGE; 1201 ioflag = IO_NORMAL; 1202 if (DOINGASYNC(tvp)) 1203 ioflag |= IO_SYNC; 1204 if ((error = UFS_TRUNCATE(tvp, (off_t)0, ioflag, 1205 tcnp->cn_cred, tcnp->cn_thread)) != 0) 1206 goto bad; 1207 } 1208 VN_KNOTE_UNLOCKED(tdvp, NOTE_WRITE); 1209 vput(tdvp); 1210 VN_KNOTE_UNLOCKED(tvp, NOTE_DELETE); 1211 vput(tvp); 1212 xp = NULL; 1213 } 1214 1215 /* 1216 * 3) Unlink the source. 1217 */ 1218 fcnp->cn_flags &= ~MODMASK; 1219 fcnp->cn_flags |= LOCKPARENT | LOCKLEAF; 1220 if ((fcnp->cn_flags & SAVESTART) == 0) 1221 panic("ufs_rename: lost from startdir"); 1222 VREF(fdvp); 1223 error = relookup(fdvp, &fvp, fcnp); 1224 if (error == 0) 1225 vrele(fdvp); 1226 if (fvp != NULL) { 1227 xp = VTOI(fvp); 1228 dp = VTOI(fdvp); 1229 } else { 1230 /* 1231 * From name has disappeared. IN_RENAME is not sufficient 1232 * to protect against directory races due to timing windows, 1233 * so we have to remove the panic. XXX the only real way 1234 * to solve this issue is at a much higher level. By the 1235 * time we hit ufs_rename() it's too late. 1236 */ 1237#if 0 1238 if (doingdirectory) 1239 panic("ufs_rename: lost dir entry"); 1240#endif 1241 vrele(ap->a_fvp); 1242 return (0); 1243 } 1244 /* 1245 * Ensure that the directory entry still exists and has not 1246 * changed while the new name has been entered. If the source is 1247 * a file then the entry may have been unlinked or renamed. In 1248 * either case there is no further work to be done. If the source 1249 * is a directory then it cannot have been rmdir'ed; the IN_RENAME 1250 * flag ensures that it cannot be moved by another rename or removed 1251 * by a rmdir. 1252 */ 1253 if (xp != ip) { 1254 /* 1255 * From name resolves to a different inode. IN_RENAME is 1256 * not sufficient protection against timing window races 1257 * so we can't panic here. XXX the only real way 1258 * to solve this issue is at a much higher level. By the 1259 * time we hit ufs_rename() it's too late. 1260 */ 1261#if 0 1262 if (doingdirectory) 1263 panic("ufs_rename: lost dir entry"); 1264#endif 1265 } else { 1266 /* 1267 * If the source is a directory with a 1268 * new parent, the link count of the old 1269 * parent directory must be decremented 1270 * and ".." set to point to the new parent. 1271 */ 1272 if (doingdirectory && newparent) { 1273 xp->i_offset = mastertemplate.dot_reclen; 1274 ufs_dirrewrite(xp, dp, newparent, DT_DIR, 0); 1275 cache_purge(fdvp); 1276 } 1277 error = ufs_dirremove(fdvp, xp, fcnp->cn_flags, 0); 1278 xp->i_flag &= ~IN_RENAME; 1279 } 1280 VN_KNOTE_UNLOCKED(fvp, NOTE_RENAME); 1281 if (dp) 1282 vput(fdvp); 1283 if (xp) 1284 vput(fvp); 1285 vrele(ap->a_fvp); 1286 return (error); 1287 1288bad: 1289 if (xp) 1290 vput(ITOV(xp)); 1291 vput(ITOV(dp)); 1292out: 1293 if (doingdirectory) 1294 ip->i_flag &= ~IN_RENAME; 1295 if (vn_lock(fvp, LK_EXCLUSIVE, td) == 0) { 1296 ip->i_effnlink--; 1297 ip->i_nlink--; 1298 DIP_SET(ip, i_nlink, ip->i_nlink); 1299 ip->i_flag |= IN_CHANGE; 1300 ip->i_flag &= ~IN_RENAME; 1301 if (DOINGSOFTDEP(fvp)) 1302 softdep_change_linkcnt(ip); 1303 vput(fvp); 1304 } else 1305 vrele(fvp); 1306 return (error); 1307} 1308 1309/* 1310 * Mkdir system call 1311 */ 1312static int 1313ufs_mkdir(ap) 1314 struct vop_mkdir_args /* { 1315 struct vnode *a_dvp; 1316 struct vnode **a_vpp; 1317 struct componentname *a_cnp; 1318 struct vattr *a_vap; 1319 } */ *ap; 1320{ 1321 struct vnode *dvp = ap->a_dvp; 1322 struct vattr *vap = ap->a_vap; 1323 struct componentname *cnp = ap->a_cnp; 1324 struct inode *ip, *dp; 1325 struct vnode *tvp; 1326 struct buf *bp; 1327 struct dirtemplate dirtemplate, *dtp; 1328 struct direct newdir; 1329#ifdef UFS_ACL 1330 struct acl *acl, *dacl; 1331#endif 1332 int error, dmode; 1333 long blkoff; 1334 1335#ifdef DIAGNOSTIC 1336 if ((cnp->cn_flags & HASBUF) == 0) 1337 panic("ufs_mkdir: no name"); 1338#endif 1339 dp = VTOI(dvp); 1340 if ((nlink_t)dp->i_nlink >= LINK_MAX) { 1341 error = EMLINK; 1342 goto out; 1343 } 1344 dmode = vap->va_mode & 0777; 1345 dmode |= IFDIR; 1346 /* 1347 * Must simulate part of ufs_makeinode here to acquire the inode, 1348 * but not have it entered in the parent directory. The entry is 1349 * made later after writing "." and ".." entries. 1350 */ 1351 error = UFS_VALLOC(dvp, dmode, cnp->cn_cred, &tvp); 1352 if (error) 1353 goto out; 1354 ip = VTOI(tvp); 1355 ip->i_gid = dp->i_gid; 1356 DIP_SET(ip, i_gid, dp->i_gid); 1357#ifdef SUIDDIR 1358 { 1359#ifdef QUOTA 1360 struct ucred ucred, *ucp; 1361 ucp = cnp->cn_cred; 1362#endif 1363 /* 1364 * If we are hacking owners here, (only do this where told to) 1365 * and we are not giving it TO root, (would subvert quotas) 1366 * then go ahead and give it to the other user. 1367 * The new directory also inherits the SUID bit. 1368 * If user's UID and dir UID are the same, 1369 * 'give it away' so that the SUID is still forced on. 1370 */ 1371 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) && 1372 (dp->i_mode & ISUID) && dp->i_uid) { 1373 dmode |= ISUID; 1374 ip->i_uid = dp->i_uid; 1375 DIP_SET(ip, i_uid, dp->i_uid); 1376#ifdef QUOTA 1377 if (dp->i_uid != cnp->cn_cred->cr_uid) { 1378 /* 1379 * Make sure the correct user gets charged 1380 * for the space. 1381 * Make a dummy credential for the victim. 1382 * XXX This seems to never be accessed out of 1383 * our context so a stack variable is ok. 1384 */ 1385 ucred.cr_ref = 1; 1386 ucred.cr_uid = ip->i_uid; 1387 ucred.cr_ngroups = 1; 1388 ucred.cr_groups[0] = dp->i_gid; 1389 ucp = &ucred; 1390 } 1391#endif 1392 } else { 1393 ip->i_uid = cnp->cn_cred->cr_uid; 1394 DIP_SET(ip, i_uid, ip->i_uid); 1395 } 1396#ifdef QUOTA 1397 if ((error = getinoquota(ip)) || 1398 (error = chkiq(ip, 1, ucp, 0))) { 1399 UFS_VFREE(tvp, ip->i_number, dmode); 1400 vput(tvp); 1401 return (error); 1402 } 1403#endif 1404 } 1405#else /* !SUIDDIR */ 1406 ip->i_uid = cnp->cn_cred->cr_uid; 1407 DIP_SET(ip, i_uid, ip->i_uid); 1408#ifdef QUOTA 1409 if ((error = getinoquota(ip)) || 1410 (error = chkiq(ip, 1, cnp->cn_cred, 0))) { 1411 UFS_VFREE(tvp, ip->i_number, dmode); 1412 vput(tvp); 1413 return (error); 1414 } 1415#endif 1416#endif /* !SUIDDIR */ 1417 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE; 1418#ifdef UFS_ACL 1419 acl = dacl = NULL; 1420 if ((dvp->v_mount->mnt_flag & MNT_ACLS) != 0) { 1421 MALLOC(acl, struct acl *, sizeof(*acl), M_ACL, M_WAITOK); 1422 MALLOC(dacl, struct acl *, sizeof(*dacl), M_ACL, M_WAITOK); 1423 1424 /* 1425 * Retrieve default ACL from parent, if any. 1426 */ 1427 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cnp->cn_cred, 1428 cnp->cn_thread); 1429 switch (error) { 1430 case 0: 1431 /* 1432 * Retrieved a default ACL, so merge mode and ACL if 1433 * necessary. If the ACL is empty, fall through to 1434 * the "not defined or available" case. 1435 */ 1436 if (acl->acl_cnt != 0) { 1437 dmode = acl_posix1e_newfilemode(dmode, acl); 1438 ip->i_mode = dmode; 1439 DIP_SET(ip, i_mode, dmode); 1440 *dacl = *acl; 1441 ufs_sync_acl_from_inode(ip, acl); 1442 break; 1443 } 1444 /* FALLTHROUGH */ 1445 1446 case EOPNOTSUPP: 1447 /* 1448 * Just use the mode as-is. 1449 */ 1450 ip->i_mode = dmode; 1451 DIP_SET(ip, i_mode, dmode); 1452 FREE(acl, M_ACL); 1453 FREE(dacl, M_ACL); 1454 dacl = acl = NULL; 1455 break; 1456 1457 default: 1458 UFS_VFREE(tvp, ip->i_number, dmode); 1459 vput(tvp); 1460 FREE(acl, M_ACL); 1461 FREE(dacl, M_ACL); 1462 return (error); 1463 } 1464 } else { 1465#endif /* !UFS_ACL */ 1466 ip->i_mode = dmode; 1467 DIP_SET(ip, i_mode, dmode); 1468#ifdef UFS_ACL 1469 } 1470#endif 1471 tvp->v_type = VDIR; /* Rest init'd in getnewvnode(). */ 1472 ip->i_effnlink = 2; 1473 ip->i_nlink = 2; 1474 DIP_SET(ip, i_nlink, 2); 1475 if (DOINGSOFTDEP(tvp)) 1476 softdep_change_linkcnt(ip); 1477 if (cnp->cn_flags & ISWHITEOUT) { 1478 ip->i_flags |= UF_OPAQUE; 1479 DIP_SET(ip, i_flags, ip->i_flags); 1480 } 1481 1482 /* 1483 * Bump link count in parent directory to reflect work done below. 1484 * Should be done before reference is created so cleanup is 1485 * possible if we crash. 1486 */ 1487 dp->i_effnlink++; 1488 dp->i_nlink++; 1489 DIP_SET(dp, i_nlink, dp->i_nlink); 1490 dp->i_flag |= IN_CHANGE; 1491 if (DOINGSOFTDEP(dvp)) 1492 softdep_change_linkcnt(dp); 1493 error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(dvp) | DOINGASYNC(dvp))); 1494 if (error) 1495 goto bad; 1496#ifdef MAC 1497 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) { 1498 error = mac_create_vnode_extattr(cnp->cn_cred, dvp->v_mount, 1499 dvp, tvp, cnp); 1500 if (error) 1501 goto bad; 1502 } 1503#endif 1504#ifdef UFS_ACL 1505 if (acl != NULL) { 1506 /* 1507 * XXX: If we abort now, will Soft Updates notify the extattr 1508 * code that the EAs for the file need to be released? 1509 */ 1510 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cnp->cn_cred, 1511 cnp->cn_thread); 1512 if (error == 0) 1513 error = VOP_SETACL(tvp, ACL_TYPE_DEFAULT, dacl, 1514 cnp->cn_cred, cnp->cn_thread); 1515 switch (error) { 1516 case 0: 1517 break; 1518 1519 case EOPNOTSUPP: 1520 /* 1521 * XXX: This should not happen, as EOPNOTSUPP above 1522 * was supposed to free acl. 1523 */ 1524 printf("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()\n"); 1525 /* 1526 panic("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()"); 1527 */ 1528 break; 1529 1530 default: 1531 FREE(acl, M_ACL); 1532 FREE(dacl, M_ACL); 1533 dacl = acl = NULL; 1534 goto bad; 1535 } 1536 FREE(acl, M_ACL); 1537 FREE(dacl, M_ACL); 1538 dacl = acl = NULL; 1539 } 1540#endif /* !UFS_ACL */ 1541 1542 /* 1543 * Initialize directory with "." and ".." from static template. 1544 */ 1545 if (dvp->v_mount->mnt_maxsymlinklen > 0) 1546 dtp = &mastertemplate; 1547 else 1548 dtp = (struct dirtemplate *)&omastertemplate; 1549 dirtemplate = *dtp; 1550 dirtemplate.dot_ino = ip->i_number; 1551 dirtemplate.dotdot_ino = dp->i_number; 1552 if ((error = UFS_BALLOC(tvp, (off_t)0, DIRBLKSIZ, cnp->cn_cred, 1553 BA_CLRBUF, &bp)) != 0) 1554 goto bad; 1555 ip->i_size = DIRBLKSIZ; 1556 DIP_SET(ip, i_size, DIRBLKSIZ); 1557 ip->i_flag |= IN_CHANGE | IN_UPDATE; 1558 vnode_pager_setsize(tvp, (u_long)ip->i_size); 1559 bcopy((caddr_t)&dirtemplate, (caddr_t)bp->b_data, sizeof dirtemplate); 1560 if (DOINGSOFTDEP(tvp)) { 1561 /* 1562 * Ensure that the entire newly allocated block is a 1563 * valid directory so that future growth within the 1564 * block does not have to ensure that the block is 1565 * written before the inode. 1566 */ 1567 blkoff = DIRBLKSIZ; 1568 while (blkoff < bp->b_bcount) { 1569 ((struct direct *) 1570 (bp->b_data + blkoff))->d_reclen = DIRBLKSIZ; 1571 blkoff += DIRBLKSIZ; 1572 } 1573 } 1574 if ((error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(tvp) | 1575 DOINGASYNC(tvp)))) != 0) { 1576 (void)bwrite(bp); 1577 goto bad; 1578 } 1579 /* 1580 * Directory set up, now install its entry in the parent directory. 1581 * 1582 * If we are not doing soft dependencies, then we must write out the 1583 * buffer containing the new directory body before entering the new 1584 * name in the parent. If we are doing soft dependencies, then the 1585 * buffer containing the new directory body will be passed to and 1586 * released in the soft dependency code after the code has attached 1587 * an appropriate ordering dependency to the buffer which ensures that 1588 * the buffer is written before the new name is written in the parent. 1589 */ 1590 if (DOINGASYNC(dvp)) 1591 bdwrite(bp); 1592 else if (!DOINGSOFTDEP(dvp) && ((error = bwrite(bp)))) 1593 goto bad; 1594 ufs_makedirentry(ip, cnp, &newdir); 1595 error = ufs_direnter(dvp, tvp, &newdir, cnp, bp); 1596 1597bad: 1598 if (error == 0) { 1599 VN_KNOTE_UNLOCKED(dvp, NOTE_WRITE | NOTE_LINK); 1600 *ap->a_vpp = tvp; 1601 } else { 1602#ifdef UFS_ACL 1603 if (acl != NULL) 1604 FREE(acl, M_ACL); 1605 if (dacl != NULL) 1606 FREE(dacl, M_ACL); 1607#endif 1608 dp->i_effnlink--; 1609 dp->i_nlink--; 1610 DIP_SET(dp, i_nlink, dp->i_nlink); 1611 dp->i_flag |= IN_CHANGE; 1612 if (DOINGSOFTDEP(dvp)) 1613 softdep_change_linkcnt(dp); 1614 /* 1615 * No need to do an explicit VOP_TRUNCATE here, vrele will 1616 * do this for us because we set the link count to 0. 1617 */ 1618 ip->i_effnlink = 0; 1619 ip->i_nlink = 0; 1620 DIP_SET(ip, i_nlink, 0); 1621 ip->i_flag |= IN_CHANGE; 1622 if (DOINGSOFTDEP(tvp)) 1623 softdep_change_linkcnt(ip); 1624 vput(tvp); 1625 } 1626out: 1627 return (error); 1628} 1629 1630/* 1631 * Rmdir system call. 1632 */ 1633static int 1634ufs_rmdir(ap) 1635 struct vop_rmdir_args /* { 1636 struct vnode *a_dvp; 1637 struct vnode *a_vp; 1638 struct componentname *a_cnp; 1639 } */ *ap; 1640{ 1641 struct vnode *vp = ap->a_vp; 1642 struct vnode *dvp = ap->a_dvp; 1643 struct componentname *cnp = ap->a_cnp; 1644 struct inode *ip, *dp; 1645 int error, ioflag; 1646 1647 ip = VTOI(vp); 1648 dp = VTOI(dvp); 1649 1650 /* 1651 * Do not remove a directory that is in the process of being renamed. 1652 * Verify the directory is empty (and valid). Rmdir ".." will not be 1653 * valid since ".." will contain a reference to the current directory 1654 * and thus be non-empty. Do not allow the removal of mounted on 1655 * directories (this can happen when an NFS exported filesystem 1656 * tries to remove a locally mounted on directory). 1657 */ 1658 error = 0; 1659 if ((ip->i_flag & IN_RENAME) || ip->i_effnlink < 2) { 1660 error = EINVAL; 1661 goto out; 1662 } 1663 if (!ufs_dirempty(ip, dp->i_number, cnp->cn_cred)) { 1664 error = ENOTEMPTY; 1665 goto out; 1666 } 1667 if ((dp->i_flags & APPEND) 1668 || (ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))) { 1669 error = EPERM; 1670 goto out; 1671 } 1672 if (vp->v_mountedhere != 0) { 1673 error = EINVAL; 1674 goto out; 1675 } 1676 /* 1677 * Delete reference to directory before purging 1678 * inode. If we crash in between, the directory 1679 * will be reattached to lost+found, 1680 */ 1681 dp->i_effnlink--; 1682 ip->i_effnlink--; 1683 if (DOINGSOFTDEP(vp)) { 1684 softdep_change_linkcnt(dp); 1685 softdep_change_linkcnt(ip); 1686 } 1687 error = ufs_dirremove(dvp, ip, cnp->cn_flags, 1); 1688 if (error) { 1689 dp->i_effnlink++; 1690 ip->i_effnlink++; 1691 if (DOINGSOFTDEP(vp)) { 1692 softdep_change_linkcnt(dp); 1693 softdep_change_linkcnt(ip); 1694 } 1695 goto out; 1696 } 1697 VN_KNOTE_UNLOCKED(dvp, NOTE_WRITE | NOTE_LINK); 1698 cache_purge(dvp); 1699 /* 1700 * Truncate inode. The only stuff left in the directory is "." and 1701 * "..". The "." reference is inconsequential since we are quashing 1702 * it. The soft dependency code will arrange to do these operations 1703 * after the parent directory entry has been deleted on disk, so 1704 * when running with that code we avoid doing them now. 1705 */ 1706 if (!DOINGSOFTDEP(vp)) { 1707 dp->i_nlink--; 1708 DIP_SET(dp, i_nlink, dp->i_nlink); 1709 dp->i_flag |= IN_CHANGE; 1710 ip->i_nlink--; 1711 DIP_SET(ip, i_nlink, ip->i_nlink); 1712 ip->i_flag |= IN_CHANGE; 1713 ioflag = IO_NORMAL; 1714 if (DOINGASYNC(vp)) 1715 ioflag |= IO_SYNC; 1716 error = UFS_TRUNCATE(vp, (off_t)0, ioflag, cnp->cn_cred, 1717 cnp->cn_thread); 1718 } 1719 cache_purge(vp); 1720#ifdef UFS_DIRHASH 1721 /* Kill any active hash; i_effnlink == 0, so it will not come back. */ 1722 if (ip->i_dirhash != NULL) 1723 ufsdirhash_free(ip); 1724#endif 1725out: 1726 VN_KNOTE_UNLOCKED(vp, NOTE_DELETE); 1727 return (error); 1728} 1729 1730/* 1731 * symlink -- make a symbolic link 1732 */ 1733static int 1734ufs_symlink(ap) 1735 struct vop_symlink_args /* { 1736 struct vnode *a_dvp; 1737 struct vnode **a_vpp; 1738 struct componentname *a_cnp; 1739 struct vattr *a_vap; 1740 char *a_target; 1741 } */ *ap; 1742{ 1743 struct vnode *vp, **vpp = ap->a_vpp; 1744 struct inode *ip; 1745 int len, error; 1746 1747 error = ufs_makeinode(IFLNK | ap->a_vap->va_mode, ap->a_dvp, 1748 vpp, ap->a_cnp); 1749 if (error) 1750 return (error); 1751 VN_KNOTE_UNLOCKED(ap->a_dvp, NOTE_WRITE); 1752 vp = *vpp; 1753 len = strlen(ap->a_target); 1754 if (len < vp->v_mount->mnt_maxsymlinklen) { 1755 ip = VTOI(vp); 1756 bcopy(ap->a_target, SHORTLINK(ip), len); 1757 ip->i_size = len; 1758 DIP_SET(ip, i_size, len); 1759 ip->i_flag |= IN_CHANGE | IN_UPDATE; 1760 } else 1761 error = vn_rdwr(UIO_WRITE, vp, ap->a_target, len, (off_t)0, 1762 UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK, 1763 ap->a_cnp->cn_cred, NOCRED, (int *)0, (struct thread *)0); 1764 if (error) 1765 vput(vp); 1766 return (error); 1767} 1768 1769/* 1770 * Vnode op for reading directories. 1771 * 1772 * The routine below assumes that the on-disk format of a directory 1773 * is the same as that defined by <sys/dirent.h>. If the on-disk 1774 * format changes, then it will be necessary to do a conversion 1775 * from the on-disk format that read returns to the format defined 1776 * by <sys/dirent.h>. 1777 */ 1778int 1779ufs_readdir(ap) 1780 struct vop_readdir_args /* { 1781 struct vnode *a_vp; 1782 struct uio *a_uio; 1783 struct ucred *a_cred; 1784 int *a_eofflag; 1785 int *ncookies; 1786 u_long **a_cookies; 1787 } */ *ap; 1788{ 1789 struct uio *uio = ap->a_uio; 1790 int error; 1791 size_t count, lost; 1792 off_t off; 1793 1794 if (ap->a_ncookies != NULL) 1795 /* 1796 * Ensure that the block is aligned. The caller can use 1797 * the cookies to determine where in the block to start. 1798 */ 1799 uio->uio_offset &= ~(DIRBLKSIZ - 1); 1800 off = uio->uio_offset; 1801 count = uio->uio_resid; 1802 /* Make sure we don't return partial entries. */ 1803 if (count <= ((uio->uio_offset + count) & (DIRBLKSIZ -1))) 1804 return (EINVAL); 1805 count -= (uio->uio_offset + count) & (DIRBLKSIZ -1); 1806 lost = uio->uio_resid - count; 1807 uio->uio_resid = count; 1808 uio->uio_iov->iov_len = count; 1809# if (BYTE_ORDER == LITTLE_ENDIAN) 1810 if (ap->a_vp->v_mount->mnt_maxsymlinklen > 0) { 1811 error = VOP_READ(ap->a_vp, uio, 0, ap->a_cred); 1812 } else { 1813 struct dirent *dp, *edp; 1814 struct uio auio; 1815 struct iovec aiov; 1816 caddr_t dirbuf; 1817 int readcnt; 1818 u_char tmp; 1819 1820 auio = *uio; 1821 auio.uio_iov = &aiov; 1822 auio.uio_iovcnt = 1; 1823 auio.uio_segflg = UIO_SYSSPACE; 1824 aiov.iov_len = count; 1825 MALLOC(dirbuf, caddr_t, count, M_TEMP, M_WAITOK); 1826 aiov.iov_base = dirbuf; 1827 error = VOP_READ(ap->a_vp, &auio, 0, ap->a_cred); 1828 if (error == 0) { 1829 readcnt = count - auio.uio_resid; 1830 edp = (struct dirent *)&dirbuf[readcnt]; 1831 for (dp = (struct dirent *)dirbuf; dp < edp; ) { 1832 tmp = dp->d_namlen; 1833 dp->d_namlen = dp->d_type; 1834 dp->d_type = tmp; 1835 if (dp->d_reclen > 0) { 1836 dp = (struct dirent *) 1837 ((char *)dp + dp->d_reclen); 1838 } else { 1839 error = EIO; 1840 break; 1841 } 1842 } 1843 if (dp >= edp) 1844 error = uiomove(dirbuf, readcnt, uio); 1845 } 1846 FREE(dirbuf, M_TEMP); 1847 } 1848# else 1849 error = VOP_READ(ap->a_vp, uio, 0, ap->a_cred); 1850# endif 1851 if (!error && ap->a_ncookies != NULL) { 1852 struct dirent* dpStart; 1853 struct dirent* dpEnd; 1854 struct dirent* dp; 1855 int ncookies; 1856 u_long *cookies; 1857 u_long *cookiep; 1858 1859 if (uio->uio_segflg != UIO_SYSSPACE || uio->uio_iovcnt != 1) 1860 panic("ufs_readdir: unexpected uio from NFS server"); 1861 dpStart = (struct dirent *) 1862 ((char *)uio->uio_iov->iov_base - (uio->uio_offset - off)); 1863 dpEnd = (struct dirent *) uio->uio_iov->iov_base; 1864 for (dp = dpStart, ncookies = 0; 1865 dp < dpEnd; 1866 dp = (struct dirent *)((caddr_t) dp + dp->d_reclen)) 1867 ncookies++; 1868 MALLOC(cookies, u_long *, ncookies * sizeof(u_long), M_TEMP, 1869 M_WAITOK); 1870 for (dp = dpStart, cookiep = cookies; 1871 dp < dpEnd; 1872 dp = (struct dirent *)((caddr_t) dp + dp->d_reclen)) { 1873 off += dp->d_reclen; 1874 *cookiep++ = (u_long) off; 1875 } 1876 *ap->a_ncookies = ncookies; 1877 *ap->a_cookies = cookies; 1878 } 1879 uio->uio_resid += lost; 1880 if (ap->a_eofflag) 1881 *ap->a_eofflag = VTOI(ap->a_vp)->i_size <= uio->uio_offset; 1882 return (error); 1883} 1884 1885/* 1886 * Return target name of a symbolic link 1887 */ 1888static int 1889ufs_readlink(ap) 1890 struct vop_readlink_args /* { 1891 struct vnode *a_vp; 1892 struct uio *a_uio; 1893 struct ucred *a_cred; 1894 } */ *ap; 1895{ 1896 struct vnode *vp = ap->a_vp; 1897 struct inode *ip = VTOI(vp); 1898 doff_t isize; 1899 1900 isize = ip->i_size; 1901 if ((isize < vp->v_mount->mnt_maxsymlinklen) || 1902 DIP(ip, i_blocks) == 0) { /* XXX - for old fastlink support */ 1903 return (uiomove(SHORTLINK(ip), isize, ap->a_uio)); 1904 } 1905 return (VOP_READ(vp, ap->a_uio, 0, ap->a_cred)); 1906} 1907 1908/* 1909 * Calculate the logical to physical mapping if not done already, 1910 * then call the device strategy routine. 1911 * 1912 * In order to be able to swap to a file, the ufs_bmaparray() operation may not 1913 * deadlock on memory. See ufs_bmap() for details. 1914 */ 1915static int 1916ufs_strategy(ap) 1917 struct vop_strategy_args /* { 1918 struct vnode *a_vp; 1919 struct buf *a_bp; 1920 } */ *ap; 1921{ 1922 struct buf *bp = ap->a_bp; 1923 struct vnode *vp = ap->a_vp; 1924 struct bufobj *bo; 1925 struct inode *ip; 1926 ufs2_daddr_t blkno; 1927 int error; 1928 1929 ip = VTOI(vp); 1930 if (bp->b_blkno == bp->b_lblkno) { 1931 error = ufs_bmaparray(vp, bp->b_lblkno, &blkno, bp, NULL, NULL); 1932 bp->b_blkno = blkno; 1933 if (error) { 1934 bp->b_error = error; 1935 bp->b_ioflags |= BIO_ERROR; 1936 bufdone(bp); 1937 return (error); 1938 } 1939 if ((long)bp->b_blkno == -1) 1940 vfs_bio_clrbuf(bp); 1941 } 1942 if ((long)bp->b_blkno == -1) { 1943 bufdone(bp); 1944 return (0); 1945 } 1946 bp->b_iooffset = dbtob(bp->b_blkno); 1947 bo = ip->i_umbufobj; 1948 BO_STRATEGY(bo, bp); 1949 return (0); 1950} 1951 1952/* 1953 * Print out the contents of an inode. 1954 */ 1955static int 1956ufs_print(ap) 1957 struct vop_print_args /* { 1958 struct vnode *a_vp; 1959 } */ *ap; 1960{ 1961 struct vnode *vp = ap->a_vp; 1962 struct inode *ip = VTOI(vp); 1963 1964 printf("\tino %lu, on dev %s", (u_long)ip->i_number, 1965 devtoname(ip->i_dev)); 1966 if (vp->v_type == VFIFO) 1967 fifo_printinfo(vp); 1968 printf("\n"); 1969 return (0); 1970} 1971 1972/* 1973 * Close wrapper for fifos. 1974 * 1975 * Update the times on the inode then do device close. 1976 */ 1977static int 1978ufsfifo_close(ap) 1979 struct vop_close_args /* { 1980 struct vnode *a_vp; 1981 int a_fflag; 1982 struct ucred *a_cred; 1983 struct thread *a_td; 1984 } */ *ap; 1985{ 1986 struct vnode *vp = ap->a_vp; 1987 1988 VI_LOCK(vp); 1989 if (vp->v_usecount > 1) 1990 ufs_itimes(vp); 1991 VI_UNLOCK(vp); 1992 return (fifo_specops.vop_close(ap)); 1993} 1994 1995/* 1996 * Kqfilter wrapper for fifos. 1997 * 1998 * Fall through to ufs kqfilter routines if needed 1999 */ 2000static int 2001ufsfifo_kqfilter(ap) 2002 struct vop_kqfilter_args *ap; 2003{ 2004 int error; 2005 2006 error = fifo_specops.vop_kqfilter(ap); 2007 if (error) 2008 error = ufs_kqfilter(ap); 2009 return (error); 2010} 2011 2012/* 2013 * Return POSIX pathconf information applicable to ufs filesystems. 2014 */ 2015static int 2016ufs_pathconf(ap) 2017 struct vop_pathconf_args /* { 2018 struct vnode *a_vp; 2019 int a_name; 2020 int *a_retval; 2021 } */ *ap; 2022{ 2023 int error; 2024 2025 error = 0; 2026 switch (ap->a_name) { 2027 case _PC_LINK_MAX: 2028 *ap->a_retval = LINK_MAX; 2029 break; 2030 case _PC_NAME_MAX: 2031 *ap->a_retval = NAME_MAX; 2032 break; 2033 case _PC_PATH_MAX: 2034 *ap->a_retval = PATH_MAX; 2035 break; 2036 case _PC_PIPE_BUF: 2037 *ap->a_retval = PIPE_BUF; 2038 break; 2039 case _PC_CHOWN_RESTRICTED: 2040 *ap->a_retval = 1; 2041 break; 2042 case _PC_NO_TRUNC: 2043 *ap->a_retval = 1; 2044 break; 2045 case _PC_ACL_EXTENDED: 2046#ifdef UFS_ACL 2047 if (ap->a_vp->v_mount->mnt_flag & MNT_ACLS) 2048 *ap->a_retval = 1; 2049 else 2050 *ap->a_retval = 0; 2051#else 2052 *ap->a_retval = 0; 2053#endif 2054 break; 2055 case _PC_ACL_PATH_MAX: 2056#ifdef UFS_ACL 2057 if (ap->a_vp->v_mount->mnt_flag & MNT_ACLS) 2058 *ap->a_retval = ACL_MAX_ENTRIES; 2059 else 2060 *ap->a_retval = 3; 2061#else 2062 *ap->a_retval = 3; 2063#endif 2064 break; 2065 case _PC_MAC_PRESENT: 2066#ifdef MAC 2067 if (ap->a_vp->v_mount->mnt_flag & MNT_MULTILABEL) 2068 *ap->a_retval = 1; 2069 else 2070 *ap->a_retval = 0; 2071#else 2072 *ap->a_retval = 0; 2073#endif 2074 break; 2075 case _PC_ASYNC_IO: 2076 /* _PC_ASYNC_IO should have been handled by upper layers. */ 2077 KASSERT(0, ("_PC_ASYNC_IO should not get here")); 2078 error = EINVAL; 2079 break; 2080 case _PC_PRIO_IO: 2081 *ap->a_retval = 0; 2082 break; 2083 case _PC_SYNC_IO: 2084 *ap->a_retval = 0; 2085 break; 2086 case _PC_ALLOC_SIZE_MIN: 2087 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_bsize; 2088 break; 2089 case _PC_FILESIZEBITS: 2090 *ap->a_retval = 64; 2091 break; 2092 case _PC_REC_INCR_XFER_SIZE: 2093 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2094 break; 2095 case _PC_REC_MAX_XFER_SIZE: 2096 *ap->a_retval = -1; /* means ``unlimited'' */ 2097 break; 2098 case _PC_REC_MIN_XFER_SIZE: 2099 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2100 break; 2101 case _PC_REC_XFER_ALIGN: 2102 *ap->a_retval = PAGE_SIZE; 2103 break; 2104 case _PC_SYMLINK_MAX: 2105 *ap->a_retval = MAXPATHLEN; 2106 break; 2107 2108 default: 2109 error = EINVAL; 2110 break; 2111 } 2112 return (error); 2113} 2114 2115/* 2116 * Advisory record locking support 2117 */ 2118static int 2119ufs_advlock(ap) 2120 struct vop_advlock_args /* { 2121 struct vnode *a_vp; 2122 caddr_t a_id; 2123 int a_op; 2124 struct flock *a_fl; 2125 int a_flags; 2126 } */ *ap; 2127{ 2128 struct inode *ip = VTOI(ap->a_vp); 2129 2130 return (lf_advlock(ap, &(ip->i_lockf), ip->i_size)); 2131} 2132 2133/* 2134 * Initialize the vnode associated with a new inode, handle aliased 2135 * vnodes. 2136 */ 2137int 2138ufs_vinit(mntp, fifoops, vpp) 2139 struct mount *mntp; 2140 struct vop_vector *fifoops; 2141 struct vnode **vpp; 2142{ 2143 struct inode *ip; 2144 struct vnode *vp; 2145 2146 vp = *vpp; 2147 ip = VTOI(vp); 2148 vp->v_type = IFTOVT(ip->i_mode); 2149 if (vp->v_type == VFIFO) 2150 vp->v_op = fifoops; 2151 ASSERT_VOP_LOCKED(vp, "ufs_vinit"); 2152 if (ip->i_number == ROOTINO) 2153 vp->v_vflag |= VV_ROOT; 2154 ip->i_modrev = init_va_filerev(); 2155 *vpp = vp; 2156 return (0); 2157} 2158 2159/* 2160 * Allocate a new inode. 2161 * Vnode dvp must be locked. 2162 */ 2163static int 2164ufs_makeinode(mode, dvp, vpp, cnp) 2165 int mode; 2166 struct vnode *dvp; 2167 struct vnode **vpp; 2168 struct componentname *cnp; 2169{ 2170 struct inode *ip, *pdir; 2171 struct direct newdir; 2172 struct vnode *tvp; 2173#ifdef UFS_ACL 2174 struct acl *acl; 2175#endif 2176 int error; 2177 2178 pdir = VTOI(dvp); 2179#ifdef DIAGNOSTIC 2180 if ((cnp->cn_flags & HASBUF) == 0) 2181 panic("ufs_makeinode: no name"); 2182#endif 2183 *vpp = NULL; 2184 if ((mode & IFMT) == 0) 2185 mode |= IFREG; 2186 2187 error = UFS_VALLOC(dvp, mode, cnp->cn_cred, &tvp); 2188 if (error) 2189 return (error); 2190 ip = VTOI(tvp); 2191 ip->i_gid = pdir->i_gid; 2192 DIP_SET(ip, i_gid, pdir->i_gid); 2193#ifdef SUIDDIR 2194 { 2195#ifdef QUOTA 2196 struct ucred ucred, *ucp; 2197 ucp = cnp->cn_cred; 2198#endif 2199 /* 2200 * If we are not the owner of the directory, 2201 * and we are hacking owners here, (only do this where told to) 2202 * and we are not giving it TO root, (would subvert quotas) 2203 * then go ahead and give it to the other user. 2204 * Note that this drops off the execute bits for security. 2205 */ 2206 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) && 2207 (pdir->i_mode & ISUID) && 2208 (pdir->i_uid != cnp->cn_cred->cr_uid) && pdir->i_uid) { 2209 ip->i_uid = pdir->i_uid; 2210 DIP_SET(ip, i_uid, ip->i_uid); 2211 mode &= ~07111; 2212#ifdef QUOTA 2213 /* 2214 * Make sure the correct user gets charged 2215 * for the space. 2216 * Quickly knock up a dummy credential for the victim. 2217 * XXX This seems to never be accessed out of our 2218 * context so a stack variable is ok. 2219 */ 2220 ucred.cr_ref = 1; 2221 ucred.cr_uid = ip->i_uid; 2222 ucred.cr_ngroups = 1; 2223 ucred.cr_groups[0] = pdir->i_gid; 2224 ucp = &ucred; 2225#endif 2226 } else { 2227 ip->i_uid = cnp->cn_cred->cr_uid; 2228 DIP_SET(ip, i_uid, ip->i_uid); 2229 } 2230 2231#ifdef QUOTA 2232 if ((error = getinoquota(ip)) || 2233 (error = chkiq(ip, 1, ucp, 0))) { 2234 UFS_VFREE(tvp, ip->i_number, mode); 2235 vput(tvp); 2236 return (error); 2237 } 2238#endif 2239 } 2240#else /* !SUIDDIR */ 2241 ip->i_uid = cnp->cn_cred->cr_uid; 2242 DIP_SET(ip, i_uid, ip->i_uid); 2243#ifdef QUOTA 2244 if ((error = getinoquota(ip)) || 2245 (error = chkiq(ip, 1, cnp->cn_cred, 0))) { 2246 UFS_VFREE(tvp, ip->i_number, mode); 2247 vput(tvp); 2248 return (error); 2249 } 2250#endif 2251#endif /* !SUIDDIR */ 2252 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE; 2253#ifdef UFS_ACL 2254 acl = NULL; 2255 if ((dvp->v_mount->mnt_flag & MNT_ACLS) != 0) { 2256 MALLOC(acl, struct acl *, sizeof(*acl), M_ACL, M_WAITOK); 2257 2258 /* 2259 * Retrieve default ACL for parent, if any. 2260 */ 2261 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cnp->cn_cred, 2262 cnp->cn_thread); 2263 switch (error) { 2264 case 0: 2265 /* 2266 * Retrieved a default ACL, so merge mode and ACL if 2267 * necessary. 2268 */ 2269 if (acl->acl_cnt != 0) { 2270 /* 2271 * Two possible ways for default ACL to not 2272 * be present. First, the EA can be 2273 * undefined, or second, the default ACL can 2274 * be blank. If it's blank, fall through to 2275 * the it's not defined case. 2276 */ 2277 mode = acl_posix1e_newfilemode(mode, acl); 2278 ip->i_mode = mode; 2279 DIP_SET(ip, i_mode, mode); 2280 ufs_sync_acl_from_inode(ip, acl); 2281 break; 2282 } 2283 /* FALLTHROUGH */ 2284 2285 case EOPNOTSUPP: 2286 /* 2287 * Just use the mode as-is. 2288 */ 2289 ip->i_mode = mode; 2290 DIP_SET(ip, i_mode, mode); 2291 FREE(acl, M_ACL); 2292 acl = NULL; 2293 break; 2294 2295 default: 2296 UFS_VFREE(tvp, ip->i_number, mode); 2297 vput(tvp); 2298 FREE(acl, M_ACL); 2299 acl = NULL; 2300 return (error); 2301 } 2302 } else { 2303#endif 2304 ip->i_mode = mode; 2305 DIP_SET(ip, i_mode, mode); 2306#ifdef UFS_ACL 2307 } 2308#endif 2309 tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */ 2310 ip->i_effnlink = 1; 2311 ip->i_nlink = 1; 2312 DIP_SET(ip, i_nlink, 1); 2313 if (DOINGSOFTDEP(tvp)) 2314 softdep_change_linkcnt(ip); 2315 if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) && 2316 suser_cred(cnp->cn_cred, SUSER_ALLOWJAIL)) { 2317 ip->i_mode &= ~ISGID; 2318 DIP_SET(ip, i_mode, ip->i_mode); 2319 } 2320 2321 if (cnp->cn_flags & ISWHITEOUT) { 2322 ip->i_flags |= UF_OPAQUE; 2323 DIP_SET(ip, i_flags, ip->i_flags); 2324 } 2325 2326 /* 2327 * Make sure inode goes to disk before directory entry. 2328 */ 2329 error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(tvp) | DOINGASYNC(tvp))); 2330 if (error) 2331 goto bad; 2332#ifdef MAC 2333 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) { 2334 error = mac_create_vnode_extattr(cnp->cn_cred, dvp->v_mount, 2335 dvp, tvp, cnp); 2336 if (error) 2337 goto bad; 2338 } 2339#endif 2340#ifdef UFS_ACL 2341 if (acl != NULL) { 2342 /* 2343 * XXX: If we abort now, will Soft Updates notify the extattr 2344 * code that the EAs for the file need to be released? 2345 */ 2346 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cnp->cn_cred, 2347 cnp->cn_thread); 2348 switch (error) { 2349 case 0: 2350 break; 2351 2352 case EOPNOTSUPP: 2353 /* 2354 * XXX: This should not happen, as EOPNOTSUPP above was 2355 * supposed to free acl. 2356 */ 2357 printf("ufs_makeinode: VOP_GETACL() but no " 2358 "VOP_SETACL()\n"); 2359 /* panic("ufs_makeinode: VOP_GETACL() but no " 2360 "VOP_SETACL()"); */ 2361 break; 2362 2363 default: 2364 FREE(acl, M_ACL); 2365 goto bad; 2366 } 2367 FREE(acl, M_ACL); 2368 } 2369#endif /* !UFS_ACL */ 2370 ufs_makedirentry(ip, cnp, &newdir); 2371 error = ufs_direnter(dvp, tvp, &newdir, cnp, NULL); 2372 if (error) 2373 goto bad; 2374 *vpp = tvp; 2375 return (0); 2376 2377bad: 2378 /* 2379 * Write error occurred trying to update the inode 2380 * or the directory so must deallocate the inode. 2381 */ 2382 ip->i_effnlink = 0; 2383 ip->i_nlink = 0; 2384 DIP_SET(ip, i_nlink, 0); 2385 ip->i_flag |= IN_CHANGE; 2386 if (DOINGSOFTDEP(tvp)) 2387 softdep_change_linkcnt(ip); 2388 vput(tvp); 2389 return (error); 2390} 2391 2392static struct filterops ufsread_filtops = 2393 { 1, NULL, filt_ufsdetach, filt_ufsread }; 2394static struct filterops ufswrite_filtops = 2395 { 1, NULL, filt_ufsdetach, filt_ufswrite }; 2396static struct filterops ufsvnode_filtops = 2397 { 1, NULL, filt_ufsdetach, filt_ufsvnode }; 2398 2399static int 2400ufs_kqfilter(ap) 2401 struct vop_kqfilter_args /* { 2402 struct vnode *a_vp; 2403 struct knote *a_kn; 2404 } */ *ap; 2405{ 2406 struct vnode *vp = ap->a_vp; 2407 struct knote *kn = ap->a_kn; 2408 2409 switch (kn->kn_filter) { 2410 case EVFILT_READ: 2411 kn->kn_fop = &ufsread_filtops; 2412 break; 2413 case EVFILT_WRITE: 2414 kn->kn_fop = &ufswrite_filtops; 2415 break; 2416 case EVFILT_VNODE: 2417 kn->kn_fop = &ufsvnode_filtops; 2418 break; 2419 default: 2420 return (1); 2421 } 2422 2423 kn->kn_hook = (caddr_t)vp; 2424 2425 if (vp->v_pollinfo == NULL) 2426 v_addpollinfo(vp); 2427 if (vp->v_pollinfo == NULL) 2428 return ENOMEM; 2429 knlist_add(&vp->v_pollinfo->vpi_selinfo.si_note, kn, 0); 2430 2431 return (0); 2432} 2433 2434static void 2435filt_ufsdetach(struct knote *kn) 2436{ 2437 struct vnode *vp = (struct vnode *)kn->kn_hook; 2438 2439 KASSERT(vp->v_pollinfo != NULL, ("Mising v_pollinfo")); 2440 knlist_remove(&vp->v_pollinfo->vpi_selinfo.si_note, kn, 0); 2441} 2442 2443/*ARGSUSED*/ 2444static int 2445filt_ufsread(struct knote *kn, long hint) 2446{ 2447 struct vnode *vp = (struct vnode *)kn->kn_hook; 2448 struct inode *ip = VTOI(vp); 2449 2450 /* 2451 * filesystem is gone, so set the EOF flag and schedule 2452 * the knote for deletion. 2453 */ 2454 if (hint == NOTE_REVOKE) { 2455 kn->kn_flags |= (EV_EOF | EV_ONESHOT); 2456 return (1); 2457 } 2458 2459 kn->kn_data = ip->i_size - kn->kn_fp->f_offset; 2460 return (kn->kn_data != 0); 2461} 2462 2463/*ARGSUSED*/ 2464static int 2465filt_ufswrite(struct knote *kn, long hint) 2466{ 2467 2468 /* 2469 * filesystem is gone, so set the EOF flag and schedule 2470 * the knote for deletion. 2471 */ 2472 if (hint == NOTE_REVOKE) 2473 kn->kn_flags |= (EV_EOF | EV_ONESHOT); 2474 2475 kn->kn_data = 0; 2476 return (1); 2477} 2478 2479static int 2480filt_ufsvnode(struct knote *kn, long hint) 2481{ 2482 2483 if (kn->kn_sfflags & hint) 2484 kn->kn_fflags |= hint; 2485 if (hint == NOTE_REVOKE) { 2486 kn->kn_flags |= EV_EOF; 2487 return (1); 2488 } 2489 return (kn->kn_fflags != 0); 2490} 2491 2492/* Global vfs data structures for ufs. */ 2493struct vop_vector ufs_vnodeops = { 2494 .vop_default = &default_vnodeops, 2495 .vop_fsync = VOP_PANIC, 2496 .vop_read = VOP_PANIC, 2497 .vop_reallocblks = VOP_PANIC, 2498 .vop_write = VOP_PANIC, 2499 .vop_access = ufs_access, 2500 .vop_advlock = ufs_advlock, 2501 .vop_bmap = ufs_bmap, 2502 .vop_cachedlookup = ufs_lookup, 2503 .vop_close = ufs_close, 2504 .vop_create = ufs_create, 2505 .vop_getattr = ufs_getattr, 2506 .vop_inactive = ufs_inactive, 2507 .vop_link = ufs_link, 2508 .vop_lookup = vfs_cache_lookup, 2509 .vop_mkdir = ufs_mkdir, 2510 .vop_mknod = ufs_mknod, 2511 .vop_open = ufs_open, 2512 .vop_pathconf = ufs_pathconf, 2513 .vop_poll = vop_stdpoll, 2514 .vop_kqfilter = ufs_kqfilter, 2515 .vop_print = ufs_print, 2516 .vop_readdir = ufs_readdir, 2517 .vop_readlink = ufs_readlink, 2518 .vop_reclaim = ufs_reclaim, 2519 .vop_remove = ufs_remove, 2520 .vop_rename = ufs_rename, 2521 .vop_rmdir = ufs_rmdir, 2522 .vop_setattr = ufs_setattr, 2523#ifdef MAC 2524 .vop_setlabel = vop_stdsetlabel_ea, 2525#endif 2526 .vop_strategy = ufs_strategy, 2527 .vop_symlink = ufs_symlink, 2528 .vop_whiteout = ufs_whiteout, 2529#ifdef UFS_EXTATTR 2530 .vop_getextattr = ufs_getextattr, 2531 .vop_deleteextattr = ufs_deleteextattr, 2532 .vop_setextattr = ufs_setextattr, 2533#endif 2534#ifdef UFS_ACL 2535 .vop_getacl = ufs_getacl, 2536 .vop_setacl = ufs_setacl, 2537 .vop_aclcheck = ufs_aclcheck, 2538#endif 2539}; 2540 2541struct vop_vector ufs_fifoops = { 2542 .vop_default = &fifo_specops, 2543 .vop_fsync = VOP_PANIC, 2544 .vop_access = ufs_access, 2545 .vop_close = ufsfifo_close, 2546 .vop_getattr = ufs_getattr, 2547 .vop_inactive = ufs_inactive, 2548 .vop_kqfilter = ufsfifo_kqfilter, 2549 .vop_print = ufs_print, 2550 .vop_read = VOP_PANIC, 2551 .vop_reclaim = ufs_reclaim, 2552 .vop_setattr = ufs_setattr, 2553#ifdef MAC 2554 .vop_setlabel = vop_stdsetlabel_ea, 2555#endif 2556 .vop_write = VOP_PANIC, 2557#ifdef UFS_EXTATTR 2558 .vop_getextattr = ufs_getextattr, 2559 .vop_deleteextattr = ufs_deleteextattr, 2560 .vop_setextattr = ufs_setextattr, 2561#endif 2562#ifdef UFS_ACL 2563 .vop_getacl = ufs_getacl, 2564 .vop_setacl = ufs_setacl, 2565 .vop_aclcheck = ufs_aclcheck, 2566#endif 2567}; 2568