ufs_vnops.c revision 183078
1/*- 2 * Copyright (c) 1982, 1986, 1989, 1993, 1995 3 * The Regents of the University of California. All rights reserved. 4 * (c) UNIX System Laboratories, Inc. 5 * All or some portions of this file are derived from material licensed 6 * to the University of California by American Telephone and Telegraph 7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 8 * the permission of UNIX System Laboratories, Inc. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 4. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * @(#)ufs_vnops.c 8.27 (Berkeley) 5/27/95 35 */ 36 37#include <sys/cdefs.h> 38__FBSDID("$FreeBSD: head/sys/ufs/ufs/ufs_vnops.c 183078 2008-09-16 16:15:38Z jhb $"); 39 40#include "opt_mac.h" 41#include "opt_quota.h" 42#include "opt_suiddir.h" 43#include "opt_ufs.h" 44#include "opt_ffs.h" 45 46#include <sys/param.h> 47#include <sys/systm.h> 48#include <sys/malloc.h> 49#include <sys/namei.h> 50#include <sys/kernel.h> 51#include <sys/fcntl.h> 52#include <sys/stat.h> 53#include <sys/bio.h> 54#include <sys/buf.h> 55#include <sys/mount.h> 56#include <sys/priv.h> 57#include <sys/refcount.h> 58#include <sys/unistd.h> 59#include <sys/vnode.h> 60#include <sys/dirent.h> 61#include <sys/lockf.h> 62#include <sys/conf.h> 63#include <sys/acl.h> 64#include <sys/jail.h> 65 66#include <machine/mutex.h> 67 68#include <security/mac/mac_framework.h> 69 70#include <sys/file.h> /* XXX */ 71 72#include <vm/vm.h> 73#include <vm/vm_extern.h> 74 75#include <fs/fifofs/fifo.h> 76 77#include <ufs/ufs/acl.h> 78#include <ufs/ufs/extattr.h> 79#include <ufs/ufs/quota.h> 80#include <ufs/ufs/inode.h> 81#include <ufs/ufs/dir.h> 82#include <ufs/ufs/ufsmount.h> 83#include <ufs/ufs/ufs_extern.h> 84#ifdef UFS_DIRHASH 85#include <ufs/ufs/dirhash.h> 86#endif 87#ifdef UFS_GJOURNAL 88#include <ufs/ufs/gjournal.h> 89#endif 90 91#include <ufs/ffs/ffs_extern.h> 92 93static vop_access_t ufs_access; 94static int ufs_chmod(struct vnode *, int, struct ucred *, struct thread *); 95static int ufs_chown(struct vnode *, uid_t, gid_t, struct ucred *, struct thread *); 96static vop_close_t ufs_close; 97static vop_create_t ufs_create; 98static vop_getattr_t ufs_getattr; 99static vop_link_t ufs_link; 100static int ufs_makeinode(int mode, struct vnode *, struct vnode **, struct componentname *); 101static vop_mkdir_t ufs_mkdir; 102static vop_mknod_t ufs_mknod; 103static vop_open_t ufs_open; 104static vop_pathconf_t ufs_pathconf; 105static vop_print_t ufs_print; 106static vop_readlink_t ufs_readlink; 107static vop_remove_t ufs_remove; 108static vop_rename_t ufs_rename; 109static vop_rmdir_t ufs_rmdir; 110static vop_setattr_t ufs_setattr; 111static vop_strategy_t ufs_strategy; 112static vop_symlink_t ufs_symlink; 113static vop_whiteout_t ufs_whiteout; 114static vop_close_t ufsfifo_close; 115static vop_kqfilter_t ufsfifo_kqfilter; 116 117/* 118 * A virgin directory (no blushing please). 119 */ 120static struct dirtemplate mastertemplate = { 121 0, 12, DT_DIR, 1, ".", 122 0, DIRBLKSIZ - 12, DT_DIR, 2, ".." 123}; 124static struct odirtemplate omastertemplate = { 125 0, 12, 1, ".", 126 0, DIRBLKSIZ - 12, 2, ".." 127}; 128 129static void 130ufs_itimes_locked(struct vnode *vp) 131{ 132 struct inode *ip; 133 struct timespec ts; 134 135 ASSERT_VI_LOCKED(vp, __func__); 136 137 ip = VTOI(vp); 138 if (UFS_RDONLY(ip)) 139 goto out; 140 if ((ip->i_flag & (IN_ACCESS | IN_CHANGE | IN_UPDATE)) == 0) 141 return; 142 143 if ((vp->v_type == VBLK || vp->v_type == VCHR) && !DOINGSOFTDEP(vp)) 144 ip->i_flag |= IN_LAZYMOD; 145 else if (((vp->v_mount->mnt_kern_flag & 146 (MNTK_SUSPENDED | MNTK_SUSPEND)) == 0) || 147 (ip->i_flag & (IN_CHANGE | IN_UPDATE))) 148 ip->i_flag |= IN_MODIFIED; 149 else if (ip->i_flag & IN_ACCESS) 150 ip->i_flag |= IN_LAZYACCESS; 151 vfs_timestamp(&ts); 152 if (ip->i_flag & IN_ACCESS) { 153 DIP_SET(ip, i_atime, ts.tv_sec); 154 DIP_SET(ip, i_atimensec, ts.tv_nsec); 155 } 156 if (ip->i_flag & IN_UPDATE) { 157 DIP_SET(ip, i_mtime, ts.tv_sec); 158 DIP_SET(ip, i_mtimensec, ts.tv_nsec); 159 ip->i_modrev++; 160 } 161 if (ip->i_flag & IN_CHANGE) { 162 DIP_SET(ip, i_ctime, ts.tv_sec); 163 DIP_SET(ip, i_ctimensec, ts.tv_nsec); 164 } 165 166 out: 167 ip->i_flag &= ~(IN_ACCESS | IN_CHANGE | IN_UPDATE); 168} 169 170void 171ufs_itimes(struct vnode *vp) 172{ 173 174 VI_LOCK(vp); 175 ufs_itimes_locked(vp); 176 VI_UNLOCK(vp); 177} 178 179/* 180 * Create a regular file 181 */ 182static int 183ufs_create(ap) 184 struct vop_create_args /* { 185 struct vnode *a_dvp; 186 struct vnode **a_vpp; 187 struct componentname *a_cnp; 188 struct vattr *a_vap; 189 } */ *ap; 190{ 191 int error; 192 193 error = 194 ufs_makeinode(MAKEIMODE(ap->a_vap->va_type, ap->a_vap->va_mode), 195 ap->a_dvp, ap->a_vpp, ap->a_cnp); 196 if (error) 197 return (error); 198 return (0); 199} 200 201/* 202 * Mknod vnode call 203 */ 204/* ARGSUSED */ 205static int 206ufs_mknod(ap) 207 struct vop_mknod_args /* { 208 struct vnode *a_dvp; 209 struct vnode **a_vpp; 210 struct componentname *a_cnp; 211 struct vattr *a_vap; 212 } */ *ap; 213{ 214 struct vattr *vap = ap->a_vap; 215 struct vnode **vpp = ap->a_vpp; 216 struct inode *ip; 217 ino_t ino; 218 int error; 219 220 error = ufs_makeinode(MAKEIMODE(vap->va_type, vap->va_mode), 221 ap->a_dvp, vpp, ap->a_cnp); 222 if (error) 223 return (error); 224 ip = VTOI(*vpp); 225 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE; 226 if (vap->va_rdev != VNOVAL) { 227 /* 228 * Want to be able to use this to make badblock 229 * inodes, so don't truncate the dev number. 230 */ 231 DIP_SET(ip, i_rdev, vap->va_rdev); 232 } 233 /* 234 * Remove inode, then reload it through VFS_VGET so it is 235 * checked to see if it is an alias of an existing entry in 236 * the inode cache. XXX I don't believe this is necessary now. 237 */ 238 (*vpp)->v_type = VNON; 239 ino = ip->i_number; /* Save this before vgone() invalidates ip. */ 240 vgone(*vpp); 241 vput(*vpp); 242 error = VFS_VGET(ap->a_dvp->v_mount, ino, LK_EXCLUSIVE, vpp); 243 if (error) { 244 *vpp = NULL; 245 return (error); 246 } 247 return (0); 248} 249 250/* 251 * Open called. 252 */ 253/* ARGSUSED */ 254static int 255ufs_open(struct vop_open_args *ap) 256{ 257 struct vnode *vp = ap->a_vp; 258 struct inode *ip; 259 260 if (vp->v_type == VCHR || vp->v_type == VBLK) 261 return (EOPNOTSUPP); 262 263 ip = VTOI(vp); 264 /* 265 * Files marked append-only must be opened for appending. 266 */ 267 if ((ip->i_flags & APPEND) && 268 (ap->a_mode & (FWRITE | O_APPEND)) == FWRITE) 269 return (EPERM); 270 vnode_create_vobject(vp, DIP(ip, i_size), ap->a_td); 271 return (0); 272} 273 274/* 275 * Close called. 276 * 277 * Update the times on the inode. 278 */ 279/* ARGSUSED */ 280static int 281ufs_close(ap) 282 struct vop_close_args /* { 283 struct vnode *a_vp; 284 int a_fflag; 285 struct ucred *a_cred; 286 struct thread *a_td; 287 } */ *ap; 288{ 289 struct vnode *vp = ap->a_vp; 290 int usecount; 291 292 VI_LOCK(vp); 293 usecount = vp->v_usecount; 294 if (usecount > 1) 295 ufs_itimes_locked(vp); 296 VI_UNLOCK(vp); 297 return (0); 298} 299 300static int 301ufs_access(ap) 302 struct vop_access_args /* { 303 struct vnode *a_vp; 304 int a_mode; 305 struct ucred *a_cred; 306 struct thread *a_td; 307 } */ *ap; 308{ 309 struct vnode *vp = ap->a_vp; 310 struct inode *ip = VTOI(vp); 311 mode_t mode = ap->a_mode; 312 int error; 313#ifdef QUOTA 314 int relocked; 315#endif 316#ifdef UFS_ACL 317 struct acl *acl; 318#endif 319 320 /* 321 * Disallow write attempts on read-only filesystems; 322 * unless the file is a socket, fifo, or a block or 323 * character device resident on the filesystem. 324 */ 325 if (mode & VWRITE) { 326 switch (vp->v_type) { 327 case VDIR: 328 case VLNK: 329 case VREG: 330 if (vp->v_mount->mnt_flag & MNT_RDONLY) 331 return (EROFS); 332#ifdef QUOTA 333 if (VOP_ISLOCKED(vp) != LK_EXCLUSIVE) { 334 relocked = 1; 335 vhold(vp); 336 vn_lock(vp, LK_UPGRADE | LK_RETRY); 337 VI_LOCK(vp); 338 if (vp->v_iflag & VI_DOOMED) { 339 vdropl(vp); 340 error = ENOENT; 341 goto relock; 342 } 343 vdropl(vp); 344 } else 345 relocked = 0; 346 error = getinoquota(ip); 347relock: 348 if (relocked) 349 vn_lock(vp, LK_DOWNGRADE | LK_RETRY); 350 if (error != 0) 351 return (error); 352#endif 353 break; 354 default: 355 break; 356 } 357 } 358 359 /* If immutable bit set, nobody gets to write it. */ 360 if ((mode & VWRITE) && (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT))) 361 return (EPERM); 362 363#ifdef UFS_ACL 364 if ((vp->v_mount->mnt_flag & MNT_ACLS) != 0) { 365 acl = uma_zalloc(acl_zone, M_WAITOK); 366 error = VOP_GETACL(vp, ACL_TYPE_ACCESS, acl, ap->a_cred, 367 ap->a_td); 368 switch (error) { 369 case EOPNOTSUPP: 370 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, 371 ip->i_gid, ap->a_mode, ap->a_cred, NULL); 372 break; 373 case 0: 374 error = vaccess_acl_posix1e(vp->v_type, ip->i_uid, 375 ip->i_gid, acl, ap->a_mode, ap->a_cred, NULL); 376 break; 377 default: 378 printf( 379"ufs_access(): Error retrieving ACL on object (%d).\n", 380 error); 381 /* 382 * XXX: Fall back until debugged. Should 383 * eventually possibly log an error, and return 384 * EPERM for safety. 385 */ 386 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, 387 ip->i_gid, ap->a_mode, ap->a_cred, NULL); 388 } 389 uma_zfree(acl_zone, acl); 390 } else 391#endif /* !UFS_ACL */ 392 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, ip->i_gid, 393 ap->a_mode, ap->a_cred, NULL); 394 return (error); 395} 396 397/* ARGSUSED */ 398static int 399ufs_getattr(ap) 400 struct vop_getattr_args /* { 401 struct vnode *a_vp; 402 struct vattr *a_vap; 403 struct ucred *a_cred; 404 } */ *ap; 405{ 406 struct vnode *vp = ap->a_vp; 407 struct inode *ip = VTOI(vp); 408 struct vattr *vap = ap->a_vap; 409 410 VI_LOCK(vp); 411 ufs_itimes_locked(vp); 412 if (ip->i_ump->um_fstype == UFS1) { 413 vap->va_atime.tv_sec = ip->i_din1->di_atime; 414 vap->va_atime.tv_nsec = ip->i_din1->di_atimensec; 415 } else { 416 vap->va_atime.tv_sec = ip->i_din2->di_atime; 417 vap->va_atime.tv_nsec = ip->i_din2->di_atimensec; 418 } 419 VI_UNLOCK(vp); 420 /* 421 * Copy from inode table 422 */ 423 vap->va_fsid = dev2udev(ip->i_dev); 424 vap->va_fileid = ip->i_number; 425 vap->va_mode = ip->i_mode & ~IFMT; 426 vap->va_nlink = ip->i_effnlink; 427 vap->va_uid = ip->i_uid; 428 vap->va_gid = ip->i_gid; 429 if (ip->i_ump->um_fstype == UFS1) { 430 vap->va_rdev = ip->i_din1->di_rdev; 431 vap->va_size = ip->i_din1->di_size; 432 vap->va_mtime.tv_sec = ip->i_din1->di_mtime; 433 vap->va_mtime.tv_nsec = ip->i_din1->di_mtimensec; 434 vap->va_ctime.tv_sec = ip->i_din1->di_ctime; 435 vap->va_ctime.tv_nsec = ip->i_din1->di_ctimensec; 436 vap->va_birthtime.tv_sec = 0; 437 vap->va_birthtime.tv_nsec = 0; 438 vap->va_bytes = dbtob((u_quad_t)ip->i_din1->di_blocks); 439 } else { 440 vap->va_rdev = ip->i_din2->di_rdev; 441 vap->va_size = ip->i_din2->di_size; 442 vap->va_mtime.tv_sec = ip->i_din2->di_mtime; 443 vap->va_mtime.tv_nsec = ip->i_din2->di_mtimensec; 444 vap->va_ctime.tv_sec = ip->i_din2->di_ctime; 445 vap->va_ctime.tv_nsec = ip->i_din2->di_ctimensec; 446 vap->va_birthtime.tv_sec = ip->i_din2->di_birthtime; 447 vap->va_birthtime.tv_nsec = ip->i_din2->di_birthnsec; 448 vap->va_bytes = dbtob((u_quad_t)ip->i_din2->di_blocks); 449 } 450 vap->va_flags = ip->i_flags; 451 vap->va_gen = ip->i_gen; 452 vap->va_blocksize = vp->v_mount->mnt_stat.f_iosize; 453 vap->va_type = IFTOVT(ip->i_mode); 454 vap->va_filerev = ip->i_modrev; 455 return (0); 456} 457 458/* 459 * Set attribute vnode op. called from several syscalls 460 */ 461static int 462ufs_setattr(ap) 463 struct vop_setattr_args /* { 464 struct vnode *a_vp; 465 struct vattr *a_vap; 466 struct ucred *a_cred; 467 } */ *ap; 468{ 469 struct vattr *vap = ap->a_vap; 470 struct vnode *vp = ap->a_vp; 471 struct inode *ip = VTOI(vp); 472 struct ucred *cred = ap->a_cred; 473 struct thread *td = curthread; 474 int error; 475 476 /* 477 * Check for unsettable attributes. 478 */ 479 if ((vap->va_type != VNON) || (vap->va_nlink != VNOVAL) || 480 (vap->va_fsid != VNOVAL) || (vap->va_fileid != VNOVAL) || 481 (vap->va_blocksize != VNOVAL) || (vap->va_rdev != VNOVAL) || 482 ((int)vap->va_bytes != VNOVAL) || (vap->va_gen != VNOVAL)) { 483 return (EINVAL); 484 } 485 /* 486 * Mark for update the file's access time for vfs_mark_atime(). 487 * We are doing this here to avoid some of the checks done 488 * below -- this operation is done by request of the kernel and 489 * should bypass some security checks. Things like read-only 490 * checks get handled by other levels (e.g., ffs_update()). 491 */ 492 if (vap->va_vaflags & VA_MARK_ATIME) { 493 ip->i_flag |= IN_ACCESS; 494 return (0); 495 } 496 if (vap->va_flags != VNOVAL) { 497 if (vp->v_mount->mnt_flag & MNT_RDONLY) 498 return (EROFS); 499 /* 500 * Callers may only modify the file flags on objects they 501 * have VADMIN rights for. 502 */ 503 if ((error = VOP_ACCESS(vp, VADMIN, cred, td))) 504 return (error); 505 /* 506 * Unprivileged processes are not permitted to unset system 507 * flags, or modify flags if any system flags are set. 508 * Privileged non-jail processes may not modify system flags 509 * if securelevel > 0 and any existing system flags are set. 510 * Privileged jail processes behave like privileged non-jail 511 * processes if the security.jail.chflags_allowed sysctl is 512 * is non-zero; otherwise, they behave like unprivileged 513 * processes. 514 */ 515 if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0)) { 516 if (ip->i_flags 517 & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) { 518 error = securelevel_gt(cred, 0); 519 if (error) 520 return (error); 521 } 522 /* Snapshot flag cannot be set or cleared */ 523 if (((vap->va_flags & SF_SNAPSHOT) != 0 && 524 (ip->i_flags & SF_SNAPSHOT) == 0) || 525 ((vap->va_flags & SF_SNAPSHOT) == 0 && 526 (ip->i_flags & SF_SNAPSHOT) != 0)) 527 return (EPERM); 528 ip->i_flags = vap->va_flags; 529 DIP_SET(ip, i_flags, vap->va_flags); 530 } else { 531 if (ip->i_flags 532 & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND) || 533 (vap->va_flags & UF_SETTABLE) != vap->va_flags) 534 return (EPERM); 535 ip->i_flags &= SF_SETTABLE; 536 ip->i_flags |= (vap->va_flags & UF_SETTABLE); 537 DIP_SET(ip, i_flags, ip->i_flags); 538 } 539 ip->i_flag |= IN_CHANGE; 540 if (vap->va_flags & (IMMUTABLE | APPEND)) 541 return (0); 542 } 543 if (ip->i_flags & (IMMUTABLE | APPEND)) 544 return (EPERM); 545 /* 546 * Go through the fields and update iff not VNOVAL. 547 */ 548 if (vap->va_uid != (uid_t)VNOVAL || vap->va_gid != (gid_t)VNOVAL) { 549 if (vp->v_mount->mnt_flag & MNT_RDONLY) 550 return (EROFS); 551 if ((error = ufs_chown(vp, vap->va_uid, vap->va_gid, cred, 552 td)) != 0) 553 return (error); 554 } 555 if (vap->va_size != VNOVAL) { 556 /* 557 * XXX most of the following special cases should be in 558 * callers instead of in N filesystems. The VDIR check 559 * mostly already is. 560 */ 561 switch (vp->v_type) { 562 case VDIR: 563 return (EISDIR); 564 case VLNK: 565 case VREG: 566 /* 567 * Truncation should have an effect in these cases. 568 * Disallow it if the filesystem is read-only or 569 * the file is being snapshotted. 570 */ 571 if (vp->v_mount->mnt_flag & MNT_RDONLY) 572 return (EROFS); 573 if ((ip->i_flags & SF_SNAPSHOT) != 0) 574 return (EPERM); 575 break; 576 default: 577 /* 578 * According to POSIX, the result is unspecified 579 * for file types other than regular files, 580 * directories and shared memory objects. We 581 * don't support shared memory objects in the file 582 * system, and have dubious support for truncating 583 * symlinks. Just ignore the request in other cases. 584 */ 585 return (0); 586 } 587 if ((error = UFS_TRUNCATE(vp, vap->va_size, IO_NORMAL, 588 cred, td)) != 0) 589 return (error); 590 } 591 if (vap->va_atime.tv_sec != VNOVAL || 592 vap->va_mtime.tv_sec != VNOVAL || 593 vap->va_birthtime.tv_sec != VNOVAL) { 594 if (vp->v_mount->mnt_flag & MNT_RDONLY) 595 return (EROFS); 596 if ((ip->i_flags & SF_SNAPSHOT) != 0) 597 return (EPERM); 598 /* 599 * From utimes(2): 600 * If times is NULL, ... The caller must be the owner of 601 * the file, have permission to write the file, or be the 602 * super-user. 603 * If times is non-NULL, ... The caller must be the owner of 604 * the file or be the super-user. 605 * 606 * Possibly for historical reasons, try to use VADMIN in 607 * preference to VWRITE for a NULL timestamp. This means we 608 * will return EACCES in preference to EPERM if neither 609 * check succeeds. 610 */ 611 if (vap->va_vaflags & VA_UTIMES_NULL) { 612 error = VOP_ACCESS(vp, VADMIN, cred, td); 613 if (error) 614 error = VOP_ACCESS(vp, VWRITE, cred, td); 615 } else 616 error = VOP_ACCESS(vp, VADMIN, cred, td); 617 if (error) 618 return (error); 619 if (vap->va_atime.tv_sec != VNOVAL) 620 ip->i_flag |= IN_ACCESS; 621 if (vap->va_mtime.tv_sec != VNOVAL) 622 ip->i_flag |= IN_CHANGE | IN_UPDATE; 623 if (vap->va_birthtime.tv_sec != VNOVAL && 624 ip->i_ump->um_fstype == UFS2) 625 ip->i_flag |= IN_MODIFIED; 626 ufs_itimes(vp); 627 if (vap->va_atime.tv_sec != VNOVAL) { 628 DIP_SET(ip, i_atime, vap->va_atime.tv_sec); 629 DIP_SET(ip, i_atimensec, vap->va_atime.tv_nsec); 630 } 631 if (vap->va_mtime.tv_sec != VNOVAL) { 632 DIP_SET(ip, i_mtime, vap->va_mtime.tv_sec); 633 DIP_SET(ip, i_mtimensec, vap->va_mtime.tv_nsec); 634 } 635 if (vap->va_birthtime.tv_sec != VNOVAL && 636 ip->i_ump->um_fstype == UFS2) { 637 ip->i_din2->di_birthtime = vap->va_birthtime.tv_sec; 638 ip->i_din2->di_birthnsec = vap->va_birthtime.tv_nsec; 639 } 640 error = UFS_UPDATE(vp, 0); 641 if (error) 642 return (error); 643 } 644 error = 0; 645 if (vap->va_mode != (mode_t)VNOVAL) { 646 if (vp->v_mount->mnt_flag & MNT_RDONLY) 647 return (EROFS); 648 if ((ip->i_flags & SF_SNAPSHOT) != 0 && (vap->va_mode & 649 (S_IXUSR | S_IWUSR | S_IXGRP | S_IWGRP | S_IXOTH | S_IWOTH))) 650 return (EPERM); 651 error = ufs_chmod(vp, (int)vap->va_mode, cred, td); 652 } 653 return (error); 654} 655 656/* 657 * Change the mode on a file. 658 * Inode must be locked before calling. 659 */ 660static int 661ufs_chmod(vp, mode, cred, td) 662 struct vnode *vp; 663 int mode; 664 struct ucred *cred; 665 struct thread *td; 666{ 667 struct inode *ip = VTOI(vp); 668 int error; 669 670 /* 671 * To modify the permissions on a file, must possess VADMIN 672 * for that file. 673 */ 674 if ((error = VOP_ACCESS(vp, VADMIN, cred, td))) 675 return (error); 676 /* 677 * Privileged processes may set the sticky bit on non-directories, 678 * as well as set the setgid bit on a file with a group that the 679 * process is not a member of. Both of these are allowed in 680 * jail(8). 681 */ 682 if (vp->v_type != VDIR && (mode & S_ISTXT)) { 683 if (priv_check_cred(cred, PRIV_VFS_STICKYFILE, 0)) 684 return (EFTYPE); 685 } 686 if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) { 687 error = priv_check_cred(cred, PRIV_VFS_SETGID, 0); 688 if (error) 689 return (error); 690 } 691 ip->i_mode &= ~ALLPERMS; 692 ip->i_mode |= (mode & ALLPERMS); 693 DIP_SET(ip, i_mode, ip->i_mode); 694 ip->i_flag |= IN_CHANGE; 695 return (0); 696} 697 698/* 699 * Perform chown operation on inode ip; 700 * inode must be locked prior to call. 701 */ 702static int 703ufs_chown(vp, uid, gid, cred, td) 704 struct vnode *vp; 705 uid_t uid; 706 gid_t gid; 707 struct ucred *cred; 708 struct thread *td; 709{ 710 struct inode *ip = VTOI(vp); 711 uid_t ouid; 712 gid_t ogid; 713 int error = 0; 714#ifdef QUOTA 715 int i; 716 ufs2_daddr_t change; 717#endif 718 719 if (uid == (uid_t)VNOVAL) 720 uid = ip->i_uid; 721 if (gid == (gid_t)VNOVAL) 722 gid = ip->i_gid; 723 /* 724 * To modify the ownership of a file, must possess VADMIN for that 725 * file. 726 */ 727 if ((error = VOP_ACCESS(vp, VADMIN, cred, td))) 728 return (error); 729 /* 730 * To change the owner of a file, or change the group of a file to a 731 * group of which we are not a member, the caller must have 732 * privilege. 733 */ 734 if ((uid != ip->i_uid || 735 (gid != ip->i_gid && !groupmember(gid, cred))) && 736 (error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0))) 737 return (error); 738 ogid = ip->i_gid; 739 ouid = ip->i_uid; 740#ifdef QUOTA 741 if ((error = getinoquota(ip)) != 0) 742 return (error); 743 if (ouid == uid) { 744 dqrele(vp, ip->i_dquot[USRQUOTA]); 745 ip->i_dquot[USRQUOTA] = NODQUOT; 746 } 747 if (ogid == gid) { 748 dqrele(vp, ip->i_dquot[GRPQUOTA]); 749 ip->i_dquot[GRPQUOTA] = NODQUOT; 750 } 751 change = DIP(ip, i_blocks); 752 (void) chkdq(ip, -change, cred, CHOWN); 753 (void) chkiq(ip, -1, cred, CHOWN); 754 for (i = 0; i < MAXQUOTAS; i++) { 755 dqrele(vp, ip->i_dquot[i]); 756 ip->i_dquot[i] = NODQUOT; 757 } 758#endif 759 ip->i_gid = gid; 760 DIP_SET(ip, i_gid, gid); 761 ip->i_uid = uid; 762 DIP_SET(ip, i_uid, uid); 763#ifdef QUOTA 764 if ((error = getinoquota(ip)) == 0) { 765 if (ouid == uid) { 766 dqrele(vp, ip->i_dquot[USRQUOTA]); 767 ip->i_dquot[USRQUOTA] = NODQUOT; 768 } 769 if (ogid == gid) { 770 dqrele(vp, ip->i_dquot[GRPQUOTA]); 771 ip->i_dquot[GRPQUOTA] = NODQUOT; 772 } 773 if ((error = chkdq(ip, change, cred, CHOWN)) == 0) { 774 if ((error = chkiq(ip, 1, cred, CHOWN)) == 0) 775 goto good; 776 else 777 (void) chkdq(ip, -change, cred, CHOWN|FORCE); 778 } 779 for (i = 0; i < MAXQUOTAS; i++) { 780 dqrele(vp, ip->i_dquot[i]); 781 ip->i_dquot[i] = NODQUOT; 782 } 783 } 784 ip->i_gid = ogid; 785 DIP_SET(ip, i_gid, ogid); 786 ip->i_uid = ouid; 787 DIP_SET(ip, i_uid, ouid); 788 if (getinoquota(ip) == 0) { 789 if (ouid == uid) { 790 dqrele(vp, ip->i_dquot[USRQUOTA]); 791 ip->i_dquot[USRQUOTA] = NODQUOT; 792 } 793 if (ogid == gid) { 794 dqrele(vp, ip->i_dquot[GRPQUOTA]); 795 ip->i_dquot[GRPQUOTA] = NODQUOT; 796 } 797 (void) chkdq(ip, change, cred, FORCE|CHOWN); 798 (void) chkiq(ip, 1, cred, FORCE|CHOWN); 799 (void) getinoquota(ip); 800 } 801 return (error); 802good: 803 if (getinoquota(ip)) 804 panic("ufs_chown: lost quota"); 805#endif /* QUOTA */ 806 ip->i_flag |= IN_CHANGE; 807 if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) { 808 if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, 0)) { 809 ip->i_mode &= ~(ISUID | ISGID); 810 DIP_SET(ip, i_mode, ip->i_mode); 811 } 812 } 813 return (0); 814} 815 816static int 817ufs_remove(ap) 818 struct vop_remove_args /* { 819 struct vnode *a_dvp; 820 struct vnode *a_vp; 821 struct componentname *a_cnp; 822 } */ *ap; 823{ 824 struct inode *ip; 825 struct vnode *vp = ap->a_vp; 826 struct vnode *dvp = ap->a_dvp; 827 int error; 828 struct thread *td; 829 830 td = curthread; 831 ip = VTOI(vp); 832 if ((ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) || 833 (VTOI(dvp)->i_flags & APPEND)) { 834 error = EPERM; 835 goto out; 836 } 837#ifdef UFS_GJOURNAL 838 ufs_gjournal_orphan(vp); 839#endif 840 error = ufs_dirremove(dvp, ip, ap->a_cnp->cn_flags, 0); 841 if (ip->i_nlink <= 0) 842 vp->v_vflag |= VV_NOSYNC; 843 if ((ip->i_flags & SF_SNAPSHOT) != 0) { 844 /* 845 * Avoid deadlock where another thread is trying to 846 * update the inodeblock for dvp and is waiting on 847 * snaplk. Temporary unlock the vnode lock for the 848 * unlinked file and sync the directory. This should 849 * allow vput() of the directory to not block later on 850 * while holding the snapshot vnode locked, assuming 851 * that the directory hasn't been unlinked too. 852 */ 853 VOP_UNLOCK(vp, 0); 854 (void) VOP_FSYNC(dvp, MNT_WAIT, td); 855 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 856 } 857out: 858 return (error); 859} 860 861/* 862 * link vnode call 863 */ 864static int 865ufs_link(ap) 866 struct vop_link_args /* { 867 struct vnode *a_tdvp; 868 struct vnode *a_vp; 869 struct componentname *a_cnp; 870 } */ *ap; 871{ 872 struct vnode *vp = ap->a_vp; 873 struct vnode *tdvp = ap->a_tdvp; 874 struct componentname *cnp = ap->a_cnp; 875 struct inode *ip; 876 struct direct newdir; 877 int error; 878 879#ifdef INVARIANTS 880 if ((cnp->cn_flags & HASBUF) == 0) 881 panic("ufs_link: no name"); 882#endif 883 if (tdvp->v_mount != vp->v_mount) { 884 error = EXDEV; 885 goto out; 886 } 887 ip = VTOI(vp); 888 if ((nlink_t)ip->i_nlink >= LINK_MAX) { 889 error = EMLINK; 890 goto out; 891 } 892 if (ip->i_flags & (IMMUTABLE | APPEND)) { 893 error = EPERM; 894 goto out; 895 } 896 ip->i_effnlink++; 897 ip->i_nlink++; 898 DIP_SET(ip, i_nlink, ip->i_nlink); 899 ip->i_flag |= IN_CHANGE; 900 if (DOINGSOFTDEP(vp)) 901 softdep_change_linkcnt(ip); 902 error = UFS_UPDATE(vp, !(DOINGSOFTDEP(vp) | DOINGASYNC(vp))); 903 if (!error) { 904 ufs_makedirentry(ip, cnp, &newdir); 905 error = ufs_direnter(tdvp, vp, &newdir, cnp, NULL); 906 } 907 908 if (error) { 909 ip->i_effnlink--; 910 ip->i_nlink--; 911 DIP_SET(ip, i_nlink, ip->i_nlink); 912 ip->i_flag |= IN_CHANGE; 913 if (DOINGSOFTDEP(vp)) 914 softdep_change_linkcnt(ip); 915 } 916out: 917 return (error); 918} 919 920/* 921 * whiteout vnode call 922 */ 923static int 924ufs_whiteout(ap) 925 struct vop_whiteout_args /* { 926 struct vnode *a_dvp; 927 struct componentname *a_cnp; 928 int a_flags; 929 } */ *ap; 930{ 931 struct vnode *dvp = ap->a_dvp; 932 struct componentname *cnp = ap->a_cnp; 933 struct direct newdir; 934 int error = 0; 935 936 switch (ap->a_flags) { 937 case LOOKUP: 938 /* 4.4 format directories support whiteout operations */ 939 if (dvp->v_mount->mnt_maxsymlinklen > 0) 940 return (0); 941 return (EOPNOTSUPP); 942 943 case CREATE: 944 /* create a new directory whiteout */ 945#ifdef INVARIANTS 946 if ((cnp->cn_flags & SAVENAME) == 0) 947 panic("ufs_whiteout: missing name"); 948 if (dvp->v_mount->mnt_maxsymlinklen <= 0) 949 panic("ufs_whiteout: old format filesystem"); 950#endif 951 952 newdir.d_ino = WINO; 953 newdir.d_namlen = cnp->cn_namelen; 954 bcopy(cnp->cn_nameptr, newdir.d_name, (unsigned)cnp->cn_namelen + 1); 955 newdir.d_type = DT_WHT; 956 error = ufs_direnter(dvp, NULL, &newdir, cnp, NULL); 957 break; 958 959 case DELETE: 960 /* remove an existing directory whiteout */ 961#ifdef INVARIANTS 962 if (dvp->v_mount->mnt_maxsymlinklen <= 0) 963 panic("ufs_whiteout: old format filesystem"); 964#endif 965 966 cnp->cn_flags &= ~DOWHITEOUT; 967 error = ufs_dirremove(dvp, NULL, cnp->cn_flags, 0); 968 break; 969 default: 970 panic("ufs_whiteout: unknown op"); 971 } 972 return (error); 973} 974 975/* 976 * Rename system call. 977 * rename("foo", "bar"); 978 * is essentially 979 * unlink("bar"); 980 * link("foo", "bar"); 981 * unlink("foo"); 982 * but ``atomically''. Can't do full commit without saving state in the 983 * inode on disk which isn't feasible at this time. Best we can do is 984 * always guarantee the target exists. 985 * 986 * Basic algorithm is: 987 * 988 * 1) Bump link count on source while we're linking it to the 989 * target. This also ensure the inode won't be deleted out 990 * from underneath us while we work (it may be truncated by 991 * a concurrent `trunc' or `open' for creation). 992 * 2) Link source to destination. If destination already exists, 993 * delete it first. 994 * 3) Unlink source reference to inode if still around. If a 995 * directory was moved and the parent of the destination 996 * is different from the source, patch the ".." entry in the 997 * directory. 998 */ 999static int 1000ufs_rename(ap) 1001 struct vop_rename_args /* { 1002 struct vnode *a_fdvp; 1003 struct vnode *a_fvp; 1004 struct componentname *a_fcnp; 1005 struct vnode *a_tdvp; 1006 struct vnode *a_tvp; 1007 struct componentname *a_tcnp; 1008 } */ *ap; 1009{ 1010 struct vnode *tvp = ap->a_tvp; 1011 struct vnode *tdvp = ap->a_tdvp; 1012 struct vnode *fvp = ap->a_fvp; 1013 struct vnode *fdvp = ap->a_fdvp; 1014 struct componentname *tcnp = ap->a_tcnp; 1015 struct componentname *fcnp = ap->a_fcnp; 1016 struct thread *td = fcnp->cn_thread; 1017 struct inode *ip, *xp, *dp; 1018 struct direct newdir; 1019 int doingdirectory = 0, oldparent = 0, newparent = 0; 1020 int error = 0, ioflag; 1021 1022#ifdef INVARIANTS 1023 if ((tcnp->cn_flags & HASBUF) == 0 || 1024 (fcnp->cn_flags & HASBUF) == 0) 1025 panic("ufs_rename: no name"); 1026#endif 1027 /* 1028 * Check for cross-device rename. 1029 */ 1030 if ((fvp->v_mount != tdvp->v_mount) || 1031 (tvp && (fvp->v_mount != tvp->v_mount))) { 1032 error = EXDEV; 1033abortit: 1034 if (tdvp == tvp) 1035 vrele(tdvp); 1036 else 1037 vput(tdvp); 1038 if (tvp) 1039 vput(tvp); 1040 vrele(fdvp); 1041 vrele(fvp); 1042 return (error); 1043 } 1044 1045 if (tvp && ((VTOI(tvp)->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) || 1046 (VTOI(tdvp)->i_flags & APPEND))) { 1047 error = EPERM; 1048 goto abortit; 1049 } 1050 1051 /* 1052 * Renaming a file to itself has no effect. The upper layers should 1053 * not call us in that case. Temporarily just warn if they do. 1054 */ 1055 if (fvp == tvp) { 1056 printf("ufs_rename: fvp == tvp (can't happen)\n"); 1057 error = 0; 1058 goto abortit; 1059 } 1060 1061 if ((error = vn_lock(fvp, LK_EXCLUSIVE)) != 0) 1062 goto abortit; 1063 dp = VTOI(fdvp); 1064 ip = VTOI(fvp); 1065 if (ip->i_nlink >= LINK_MAX) { 1066 VOP_UNLOCK(fvp, 0); 1067 error = EMLINK; 1068 goto abortit; 1069 } 1070 if ((ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) 1071 || (dp->i_flags & APPEND)) { 1072 VOP_UNLOCK(fvp, 0); 1073 error = EPERM; 1074 goto abortit; 1075 } 1076 if ((ip->i_mode & IFMT) == IFDIR) { 1077 /* 1078 * Avoid ".", "..", and aliases of "." for obvious reasons. 1079 */ 1080 if ((fcnp->cn_namelen == 1 && fcnp->cn_nameptr[0] == '.') || 1081 dp == ip || (fcnp->cn_flags | tcnp->cn_flags) & ISDOTDOT || 1082 (ip->i_flag & IN_RENAME)) { 1083 VOP_UNLOCK(fvp, 0); 1084 error = EINVAL; 1085 goto abortit; 1086 } 1087 ip->i_flag |= IN_RENAME; 1088 oldparent = dp->i_number; 1089 doingdirectory = 1; 1090 } 1091 vrele(fdvp); 1092 1093 /* 1094 * When the target exists, both the directory 1095 * and target vnodes are returned locked. 1096 */ 1097 dp = VTOI(tdvp); 1098 xp = NULL; 1099 if (tvp) 1100 xp = VTOI(tvp); 1101 1102 /* 1103 * 1) Bump link count while we're moving stuff 1104 * around. If we crash somewhere before 1105 * completing our work, the link count 1106 * may be wrong, but correctable. 1107 */ 1108 ip->i_effnlink++; 1109 ip->i_nlink++; 1110 DIP_SET(ip, i_nlink, ip->i_nlink); 1111 ip->i_flag |= IN_CHANGE; 1112 if (DOINGSOFTDEP(fvp)) 1113 softdep_change_linkcnt(ip); 1114 if ((error = UFS_UPDATE(fvp, !(DOINGSOFTDEP(fvp) | 1115 DOINGASYNC(fvp)))) != 0) { 1116 VOP_UNLOCK(fvp, 0); 1117 goto bad; 1118 } 1119 1120 /* 1121 * If ".." must be changed (ie the directory gets a new 1122 * parent) then the source directory must not be in the 1123 * directory hierarchy above the target, as this would 1124 * orphan everything below the source directory. Also 1125 * the user must have write permission in the source so 1126 * as to be able to change "..". We must repeat the call 1127 * to namei, as the parent directory is unlocked by the 1128 * call to checkpath(). 1129 */ 1130 error = VOP_ACCESS(fvp, VWRITE, tcnp->cn_cred, tcnp->cn_thread); 1131 VOP_UNLOCK(fvp, 0); 1132 if (oldparent != dp->i_number) 1133 newparent = dp->i_number; 1134 if (doingdirectory && newparent) { 1135 if (error) /* write access check above */ 1136 goto bad; 1137 if (xp != NULL) 1138 vput(tvp); 1139 error = ufs_checkpath(ip, dp, tcnp->cn_cred); 1140 if (error) 1141 goto out; 1142 if ((tcnp->cn_flags & SAVESTART) == 0) 1143 panic("ufs_rename: lost to startdir"); 1144 VREF(tdvp); 1145 error = relookup(tdvp, &tvp, tcnp); 1146 if (error) 1147 goto out; 1148 vrele(tdvp); 1149 dp = VTOI(tdvp); 1150 xp = NULL; 1151 if (tvp) 1152 xp = VTOI(tvp); 1153 } 1154 /* 1155 * 2) If target doesn't exist, link the target 1156 * to the source and unlink the source. 1157 * Otherwise, rewrite the target directory 1158 * entry to reference the source inode and 1159 * expunge the original entry's existence. 1160 */ 1161 if (xp == NULL) { 1162 if (dp->i_dev != ip->i_dev) 1163 panic("ufs_rename: EXDEV"); 1164 /* 1165 * Account for ".." in new directory. 1166 * When source and destination have the same 1167 * parent we don't fool with the link count. 1168 */ 1169 if (doingdirectory && newparent) { 1170 if ((nlink_t)dp->i_nlink >= LINK_MAX) { 1171 error = EMLINK; 1172 goto bad; 1173 } 1174 dp->i_effnlink++; 1175 dp->i_nlink++; 1176 DIP_SET(dp, i_nlink, dp->i_nlink); 1177 dp->i_flag |= IN_CHANGE; 1178 if (DOINGSOFTDEP(tdvp)) 1179 softdep_change_linkcnt(dp); 1180 error = UFS_UPDATE(tdvp, !(DOINGSOFTDEP(tdvp) | 1181 DOINGASYNC(tdvp))); 1182 if (error) 1183 goto bad; 1184 } 1185 ufs_makedirentry(ip, tcnp, &newdir); 1186 error = ufs_direnter(tdvp, NULL, &newdir, tcnp, NULL); 1187 if (error) { 1188 if (doingdirectory && newparent) { 1189 dp->i_effnlink--; 1190 dp->i_nlink--; 1191 DIP_SET(dp, i_nlink, dp->i_nlink); 1192 dp->i_flag |= IN_CHANGE; 1193 if (DOINGSOFTDEP(tdvp)) 1194 softdep_change_linkcnt(dp); 1195 (void)UFS_UPDATE(tdvp, 1); 1196 } 1197 goto bad; 1198 } 1199 vput(tdvp); 1200 } else { 1201 if (xp->i_dev != dp->i_dev || xp->i_dev != ip->i_dev) 1202 panic("ufs_rename: EXDEV"); 1203 /* 1204 * Short circuit rename(foo, foo). 1205 */ 1206 if (xp->i_number == ip->i_number) 1207 panic("ufs_rename: same file"); 1208 /* 1209 * If the parent directory is "sticky", then the caller 1210 * must possess VADMIN for the parent directory, or the 1211 * destination of the rename. This implements append-only 1212 * directories. 1213 */ 1214 if ((dp->i_mode & S_ISTXT) && 1215 VOP_ACCESS(tdvp, VADMIN, tcnp->cn_cred, td) && 1216 VOP_ACCESS(tvp, VADMIN, tcnp->cn_cred, td)) { 1217 error = EPERM; 1218 goto bad; 1219 } 1220 /* 1221 * Target must be empty if a directory and have no links 1222 * to it. Also, ensure source and target are compatible 1223 * (both directories, or both not directories). 1224 */ 1225 if ((xp->i_mode&IFMT) == IFDIR) { 1226 if ((xp->i_effnlink > 2) || 1227 !ufs_dirempty(xp, dp->i_number, tcnp->cn_cred)) { 1228 error = ENOTEMPTY; 1229 goto bad; 1230 } 1231 if (!doingdirectory) { 1232 error = ENOTDIR; 1233 goto bad; 1234 } 1235 cache_purge(tdvp); 1236 } else if (doingdirectory) { 1237 error = EISDIR; 1238 goto bad; 1239 } 1240 error = ufs_dirrewrite(dp, xp, ip->i_number, 1241 IFTODT(ip->i_mode), 1242 (doingdirectory && newparent) ? newparent : doingdirectory); 1243 if (error) 1244 goto bad; 1245 if (doingdirectory) { 1246 if (!newparent) { 1247 dp->i_effnlink--; 1248 if (DOINGSOFTDEP(tdvp)) 1249 softdep_change_linkcnt(dp); 1250 } 1251 xp->i_effnlink--; 1252 if (DOINGSOFTDEP(tvp)) 1253 softdep_change_linkcnt(xp); 1254 } 1255 if (doingdirectory && !DOINGSOFTDEP(tvp)) { 1256 /* 1257 * Truncate inode. The only stuff left in the directory 1258 * is "." and "..". The "." reference is inconsequential 1259 * since we are quashing it. We have removed the "." 1260 * reference and the reference in the parent directory, 1261 * but there may be other hard links. The soft 1262 * dependency code will arrange to do these operations 1263 * after the parent directory entry has been deleted on 1264 * disk, so when running with that code we avoid doing 1265 * them now. 1266 */ 1267 if (!newparent) { 1268 dp->i_nlink--; 1269 DIP_SET(dp, i_nlink, dp->i_nlink); 1270 dp->i_flag |= IN_CHANGE; 1271 } 1272 xp->i_nlink--; 1273 DIP_SET(xp, i_nlink, xp->i_nlink); 1274 xp->i_flag |= IN_CHANGE; 1275 ioflag = IO_NORMAL; 1276 if (!DOINGASYNC(tvp)) 1277 ioflag |= IO_SYNC; 1278 if ((error = UFS_TRUNCATE(tvp, (off_t)0, ioflag, 1279 tcnp->cn_cred, tcnp->cn_thread)) != 0) 1280 goto bad; 1281 } 1282 vput(tdvp); 1283 vput(tvp); 1284 xp = NULL; 1285 } 1286 1287 /* 1288 * 3) Unlink the source. 1289 */ 1290 fcnp->cn_flags &= ~MODMASK; 1291 fcnp->cn_flags |= LOCKPARENT | LOCKLEAF; 1292 if ((fcnp->cn_flags & SAVESTART) == 0) 1293 panic("ufs_rename: lost from startdir"); 1294 VREF(fdvp); 1295 error = relookup(fdvp, &fvp, fcnp); 1296 if (error == 0) 1297 vrele(fdvp); 1298 if (fvp != NULL) { 1299 xp = VTOI(fvp); 1300 dp = VTOI(fdvp); 1301 } else { 1302 /* 1303 * From name has disappeared. IN_RENAME is not sufficient 1304 * to protect against directory races due to timing windows, 1305 * so we have to remove the panic. XXX the only real way 1306 * to solve this issue is at a much higher level. By the 1307 * time we hit ufs_rename() it's too late. 1308 */ 1309#if 0 1310 if (doingdirectory) 1311 panic("ufs_rename: lost dir entry"); 1312#endif 1313 vrele(ap->a_fvp); 1314 return (0); 1315 } 1316 /* 1317 * Ensure that the directory entry still exists and has not 1318 * changed while the new name has been entered. If the source is 1319 * a file then the entry may have been unlinked or renamed. In 1320 * either case there is no further work to be done. If the source 1321 * is a directory then it cannot have been rmdir'ed; the IN_RENAME 1322 * flag ensures that it cannot be moved by another rename or removed 1323 * by a rmdir. 1324 */ 1325 if (xp != ip) { 1326 /* 1327 * From name resolves to a different inode. IN_RENAME is 1328 * not sufficient protection against timing window races 1329 * so we can't panic here. XXX the only real way 1330 * to solve this issue is at a much higher level. By the 1331 * time we hit ufs_rename() it's too late. 1332 */ 1333#if 0 1334 if (doingdirectory) 1335 panic("ufs_rename: lost dir entry"); 1336#endif 1337 } else { 1338 /* 1339 * If the source is a directory with a 1340 * new parent, the link count of the old 1341 * parent directory must be decremented 1342 * and ".." set to point to the new parent. 1343 */ 1344 if (doingdirectory && newparent) { 1345 xp->i_offset = mastertemplate.dot_reclen; 1346 ufs_dirrewrite(xp, dp, newparent, DT_DIR, 0); 1347 cache_purge(fdvp); 1348 } 1349 error = ufs_dirremove(fdvp, xp, fcnp->cn_flags, 0); 1350 xp->i_flag &= ~IN_RENAME; 1351 } 1352 if (dp) 1353 vput(fdvp); 1354 if (xp) 1355 vput(fvp); 1356 vrele(ap->a_fvp); 1357 return (error); 1358 1359bad: 1360 if (xp) 1361 vput(ITOV(xp)); 1362 vput(ITOV(dp)); 1363out: 1364 if (doingdirectory) 1365 ip->i_flag &= ~IN_RENAME; 1366 if (vn_lock(fvp, LK_EXCLUSIVE) == 0) { 1367 ip->i_effnlink--; 1368 ip->i_nlink--; 1369 DIP_SET(ip, i_nlink, ip->i_nlink); 1370 ip->i_flag |= IN_CHANGE; 1371 ip->i_flag &= ~IN_RENAME; 1372 if (DOINGSOFTDEP(fvp)) 1373 softdep_change_linkcnt(ip); 1374 vput(fvp); 1375 } else 1376 vrele(fvp); 1377 return (error); 1378} 1379 1380/* 1381 * Mkdir system call 1382 */ 1383static int 1384ufs_mkdir(ap) 1385 struct vop_mkdir_args /* { 1386 struct vnode *a_dvp; 1387 struct vnode **a_vpp; 1388 struct componentname *a_cnp; 1389 struct vattr *a_vap; 1390 } */ *ap; 1391{ 1392 struct vnode *dvp = ap->a_dvp; 1393 struct vattr *vap = ap->a_vap; 1394 struct componentname *cnp = ap->a_cnp; 1395 struct inode *ip, *dp; 1396 struct vnode *tvp; 1397 struct buf *bp; 1398 struct dirtemplate dirtemplate, *dtp; 1399 struct direct newdir; 1400#ifdef UFS_ACL 1401 struct acl *acl, *dacl; 1402#endif 1403 int error, dmode; 1404 long blkoff; 1405 1406#ifdef INVARIANTS 1407 if ((cnp->cn_flags & HASBUF) == 0) 1408 panic("ufs_mkdir: no name"); 1409#endif 1410 dp = VTOI(dvp); 1411 if ((nlink_t)dp->i_nlink >= LINK_MAX) { 1412 error = EMLINK; 1413 goto out; 1414 } 1415 dmode = vap->va_mode & 0777; 1416 dmode |= IFDIR; 1417 /* 1418 * Must simulate part of ufs_makeinode here to acquire the inode, 1419 * but not have it entered in the parent directory. The entry is 1420 * made later after writing "." and ".." entries. 1421 */ 1422 error = UFS_VALLOC(dvp, dmode, cnp->cn_cred, &tvp); 1423 if (error) 1424 goto out; 1425 ip = VTOI(tvp); 1426 ip->i_gid = dp->i_gid; 1427 DIP_SET(ip, i_gid, dp->i_gid); 1428#ifdef SUIDDIR 1429 { 1430#ifdef QUOTA 1431 struct ucred ucred, *ucp; 1432 ucp = cnp->cn_cred; 1433#endif 1434 /* 1435 * If we are hacking owners here, (only do this where told to) 1436 * and we are not giving it TO root, (would subvert quotas) 1437 * then go ahead and give it to the other user. 1438 * The new directory also inherits the SUID bit. 1439 * If user's UID and dir UID are the same, 1440 * 'give it away' so that the SUID is still forced on. 1441 */ 1442 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) && 1443 (dp->i_mode & ISUID) && dp->i_uid) { 1444 dmode |= ISUID; 1445 ip->i_uid = dp->i_uid; 1446 DIP_SET(ip, i_uid, dp->i_uid); 1447#ifdef QUOTA 1448 if (dp->i_uid != cnp->cn_cred->cr_uid) { 1449 /* 1450 * Make sure the correct user gets charged 1451 * for the space. 1452 * Make a dummy credential for the victim. 1453 * XXX This seems to never be accessed out of 1454 * our context so a stack variable is ok. 1455 */ 1456 refcount_init(&ucred.cr_ref, 1); 1457 ucred.cr_uid = ip->i_uid; 1458 ucred.cr_ngroups = 1; 1459 ucred.cr_groups[0] = dp->i_gid; 1460 ucp = &ucred; 1461 } 1462#endif 1463 } else { 1464 ip->i_uid = cnp->cn_cred->cr_uid; 1465 DIP_SET(ip, i_uid, ip->i_uid); 1466 } 1467#ifdef QUOTA 1468 if ((error = getinoquota(ip)) || 1469 (error = chkiq(ip, 1, ucp, 0))) { 1470 UFS_VFREE(tvp, ip->i_number, dmode); 1471 vput(tvp); 1472 return (error); 1473 } 1474#endif 1475 } 1476#else /* !SUIDDIR */ 1477 ip->i_uid = cnp->cn_cred->cr_uid; 1478 DIP_SET(ip, i_uid, ip->i_uid); 1479#ifdef QUOTA 1480 if ((error = getinoquota(ip)) || 1481 (error = chkiq(ip, 1, cnp->cn_cred, 0))) { 1482 UFS_VFREE(tvp, ip->i_number, dmode); 1483 vput(tvp); 1484 return (error); 1485 } 1486#endif 1487#endif /* !SUIDDIR */ 1488 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE; 1489#ifdef UFS_ACL 1490 acl = dacl = NULL; 1491 if ((dvp->v_mount->mnt_flag & MNT_ACLS) != 0) { 1492 acl = uma_zalloc(acl_zone, M_WAITOK); 1493 dacl = uma_zalloc(acl_zone, M_WAITOK); 1494 1495 /* 1496 * Retrieve default ACL from parent, if any. 1497 */ 1498 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cnp->cn_cred, 1499 cnp->cn_thread); 1500 switch (error) { 1501 case 0: 1502 /* 1503 * Retrieved a default ACL, so merge mode and ACL if 1504 * necessary. If the ACL is empty, fall through to 1505 * the "not defined or available" case. 1506 */ 1507 if (acl->acl_cnt != 0) { 1508 dmode = acl_posix1e_newfilemode(dmode, acl); 1509 ip->i_mode = dmode; 1510 DIP_SET(ip, i_mode, dmode); 1511 *dacl = *acl; 1512 ufs_sync_acl_from_inode(ip, acl); 1513 break; 1514 } 1515 /* FALLTHROUGH */ 1516 1517 case EOPNOTSUPP: 1518 /* 1519 * Just use the mode as-is. 1520 */ 1521 ip->i_mode = dmode; 1522 DIP_SET(ip, i_mode, dmode); 1523 uma_zfree(acl_zone, acl); 1524 uma_zfree(acl_zone, dacl); 1525 dacl = acl = NULL; 1526 break; 1527 1528 default: 1529 UFS_VFREE(tvp, ip->i_number, dmode); 1530 vput(tvp); 1531 uma_zfree(acl_zone, acl); 1532 uma_zfree(acl_zone, dacl); 1533 return (error); 1534 } 1535 } else { 1536#endif /* !UFS_ACL */ 1537 ip->i_mode = dmode; 1538 DIP_SET(ip, i_mode, dmode); 1539#ifdef UFS_ACL 1540 } 1541#endif 1542 tvp->v_type = VDIR; /* Rest init'd in getnewvnode(). */ 1543 ip->i_effnlink = 2; 1544 ip->i_nlink = 2; 1545 DIP_SET(ip, i_nlink, 2); 1546 if (DOINGSOFTDEP(tvp)) 1547 softdep_change_linkcnt(ip); 1548 if (cnp->cn_flags & ISWHITEOUT) { 1549 ip->i_flags |= UF_OPAQUE; 1550 DIP_SET(ip, i_flags, ip->i_flags); 1551 } 1552 1553 /* 1554 * Bump link count in parent directory to reflect work done below. 1555 * Should be done before reference is created so cleanup is 1556 * possible if we crash. 1557 */ 1558 dp->i_effnlink++; 1559 dp->i_nlink++; 1560 DIP_SET(dp, i_nlink, dp->i_nlink); 1561 dp->i_flag |= IN_CHANGE; 1562 if (DOINGSOFTDEP(dvp)) 1563 softdep_change_linkcnt(dp); 1564 error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(dvp) | DOINGASYNC(dvp))); 1565 if (error) 1566 goto bad; 1567#ifdef MAC 1568 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) { 1569 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount, 1570 dvp, tvp, cnp); 1571 if (error) 1572 goto bad; 1573 } 1574#endif 1575#ifdef UFS_ACL 1576 if (acl != NULL) { 1577 /* 1578 * XXX: If we abort now, will Soft Updates notify the extattr 1579 * code that the EAs for the file need to be released? 1580 */ 1581 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cnp->cn_cred, 1582 cnp->cn_thread); 1583 if (error == 0) 1584 error = VOP_SETACL(tvp, ACL_TYPE_DEFAULT, dacl, 1585 cnp->cn_cred, cnp->cn_thread); 1586 switch (error) { 1587 case 0: 1588 break; 1589 1590 case EOPNOTSUPP: 1591 /* 1592 * XXX: This should not happen, as EOPNOTSUPP above 1593 * was supposed to free acl. 1594 */ 1595 printf("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()\n"); 1596 /* 1597 panic("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()"); 1598 */ 1599 break; 1600 1601 default: 1602 uma_zfree(acl_zone, acl); 1603 uma_zfree(acl_zone, dacl); 1604 dacl = acl = NULL; 1605 goto bad; 1606 } 1607 uma_zfree(acl_zone, acl); 1608 uma_zfree(acl_zone, dacl); 1609 dacl = acl = NULL; 1610 } 1611#endif /* !UFS_ACL */ 1612 1613 /* 1614 * Initialize directory with "." and ".." from static template. 1615 */ 1616 if (dvp->v_mount->mnt_maxsymlinklen > 0) 1617 dtp = &mastertemplate; 1618 else 1619 dtp = (struct dirtemplate *)&omastertemplate; 1620 dirtemplate = *dtp; 1621 dirtemplate.dot_ino = ip->i_number; 1622 dirtemplate.dotdot_ino = dp->i_number; 1623 if ((error = UFS_BALLOC(tvp, (off_t)0, DIRBLKSIZ, cnp->cn_cred, 1624 BA_CLRBUF, &bp)) != 0) 1625 goto bad; 1626 ip->i_size = DIRBLKSIZ; 1627 DIP_SET(ip, i_size, DIRBLKSIZ); 1628 ip->i_flag |= IN_CHANGE | IN_UPDATE; 1629 vnode_pager_setsize(tvp, (u_long)ip->i_size); 1630 bcopy((caddr_t)&dirtemplate, (caddr_t)bp->b_data, sizeof dirtemplate); 1631 if (DOINGSOFTDEP(tvp)) { 1632 /* 1633 * Ensure that the entire newly allocated block is a 1634 * valid directory so that future growth within the 1635 * block does not have to ensure that the block is 1636 * written before the inode. 1637 */ 1638 blkoff = DIRBLKSIZ; 1639 while (blkoff < bp->b_bcount) { 1640 ((struct direct *) 1641 (bp->b_data + blkoff))->d_reclen = DIRBLKSIZ; 1642 blkoff += DIRBLKSIZ; 1643 } 1644 } 1645 if ((error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(tvp) | 1646 DOINGASYNC(tvp)))) != 0) { 1647 (void)bwrite(bp); 1648 goto bad; 1649 } 1650 /* 1651 * Directory set up, now install its entry in the parent directory. 1652 * 1653 * If we are not doing soft dependencies, then we must write out the 1654 * buffer containing the new directory body before entering the new 1655 * name in the parent. If we are doing soft dependencies, then the 1656 * buffer containing the new directory body will be passed to and 1657 * released in the soft dependency code after the code has attached 1658 * an appropriate ordering dependency to the buffer which ensures that 1659 * the buffer is written before the new name is written in the parent. 1660 */ 1661 if (DOINGASYNC(dvp)) 1662 bdwrite(bp); 1663 else if (!DOINGSOFTDEP(dvp) && ((error = bwrite(bp)))) 1664 goto bad; 1665 ufs_makedirentry(ip, cnp, &newdir); 1666 error = ufs_direnter(dvp, tvp, &newdir, cnp, bp); 1667 1668bad: 1669 if (error == 0) { 1670 *ap->a_vpp = tvp; 1671 } else { 1672#ifdef UFS_ACL 1673 if (acl != NULL) 1674 uma_zfree(acl_zone, acl); 1675 if (dacl != NULL) 1676 uma_zfree(acl_zone, dacl); 1677#endif 1678 dp->i_effnlink--; 1679 dp->i_nlink--; 1680 DIP_SET(dp, i_nlink, dp->i_nlink); 1681 dp->i_flag |= IN_CHANGE; 1682 if (DOINGSOFTDEP(dvp)) 1683 softdep_change_linkcnt(dp); 1684 /* 1685 * No need to do an explicit VOP_TRUNCATE here, vrele will 1686 * do this for us because we set the link count to 0. 1687 */ 1688 ip->i_effnlink = 0; 1689 ip->i_nlink = 0; 1690 DIP_SET(ip, i_nlink, 0); 1691 ip->i_flag |= IN_CHANGE; 1692 if (DOINGSOFTDEP(tvp)) 1693 softdep_change_linkcnt(ip); 1694 vput(tvp); 1695 } 1696out: 1697 return (error); 1698} 1699 1700/* 1701 * Rmdir system call. 1702 */ 1703static int 1704ufs_rmdir(ap) 1705 struct vop_rmdir_args /* { 1706 struct vnode *a_dvp; 1707 struct vnode *a_vp; 1708 struct componentname *a_cnp; 1709 } */ *ap; 1710{ 1711 struct vnode *vp = ap->a_vp; 1712 struct vnode *dvp = ap->a_dvp; 1713 struct componentname *cnp = ap->a_cnp; 1714 struct inode *ip, *dp; 1715 int error, ioflag; 1716 1717 ip = VTOI(vp); 1718 dp = VTOI(dvp); 1719 1720 /* 1721 * Do not remove a directory that is in the process of being renamed. 1722 * Verify the directory is empty (and valid). Rmdir ".." will not be 1723 * valid since ".." will contain a reference to the current directory 1724 * and thus be non-empty. Do not allow the removal of mounted on 1725 * directories (this can happen when an NFS exported filesystem 1726 * tries to remove a locally mounted on directory). 1727 */ 1728 error = 0; 1729 if ((ip->i_flag & IN_RENAME) || ip->i_effnlink < 2) { 1730 error = EINVAL; 1731 goto out; 1732 } 1733 if (!ufs_dirempty(ip, dp->i_number, cnp->cn_cred)) { 1734 error = ENOTEMPTY; 1735 goto out; 1736 } 1737 if ((dp->i_flags & APPEND) 1738 || (ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))) { 1739 error = EPERM; 1740 goto out; 1741 } 1742 if (vp->v_mountedhere != 0) { 1743 error = EINVAL; 1744 goto out; 1745 } 1746#ifdef UFS_GJOURNAL 1747 ufs_gjournal_orphan(vp); 1748#endif 1749 /* 1750 * Delete reference to directory before purging 1751 * inode. If we crash in between, the directory 1752 * will be reattached to lost+found, 1753 */ 1754 dp->i_effnlink--; 1755 ip->i_effnlink--; 1756 if (DOINGSOFTDEP(vp)) { 1757 softdep_change_linkcnt(dp); 1758 softdep_change_linkcnt(ip); 1759 } 1760 error = ufs_dirremove(dvp, ip, cnp->cn_flags, 1); 1761 if (error) { 1762 dp->i_effnlink++; 1763 ip->i_effnlink++; 1764 if (DOINGSOFTDEP(vp)) { 1765 softdep_change_linkcnt(dp); 1766 softdep_change_linkcnt(ip); 1767 } 1768 goto out; 1769 } 1770 cache_purge(dvp); 1771 /* 1772 * Truncate inode. The only stuff left in the directory is "." and 1773 * "..". The "." reference is inconsequential since we are quashing 1774 * it. The soft dependency code will arrange to do these operations 1775 * after the parent directory entry has been deleted on disk, so 1776 * when running with that code we avoid doing them now. 1777 */ 1778 if (!DOINGSOFTDEP(vp)) { 1779 dp->i_nlink--; 1780 DIP_SET(dp, i_nlink, dp->i_nlink); 1781 dp->i_flag |= IN_CHANGE; 1782 ip->i_nlink--; 1783 DIP_SET(ip, i_nlink, ip->i_nlink); 1784 ip->i_flag |= IN_CHANGE; 1785 ioflag = IO_NORMAL; 1786 if (!DOINGASYNC(vp)) 1787 ioflag |= IO_SYNC; 1788 error = UFS_TRUNCATE(vp, (off_t)0, ioflag, cnp->cn_cred, 1789 cnp->cn_thread); 1790 } 1791 cache_purge(vp); 1792#ifdef UFS_DIRHASH 1793 /* Kill any active hash; i_effnlink == 0, so it will not come back. */ 1794 if (ip->i_dirhash != NULL) 1795 ufsdirhash_free(ip); 1796#endif 1797out: 1798 return (error); 1799} 1800 1801/* 1802 * symlink -- make a symbolic link 1803 */ 1804static int 1805ufs_symlink(ap) 1806 struct vop_symlink_args /* { 1807 struct vnode *a_dvp; 1808 struct vnode **a_vpp; 1809 struct componentname *a_cnp; 1810 struct vattr *a_vap; 1811 char *a_target; 1812 } */ *ap; 1813{ 1814 struct vnode *vp, **vpp = ap->a_vpp; 1815 struct inode *ip; 1816 int len, error; 1817 1818 error = ufs_makeinode(IFLNK | ap->a_vap->va_mode, ap->a_dvp, 1819 vpp, ap->a_cnp); 1820 if (error) 1821 return (error); 1822 vp = *vpp; 1823 len = strlen(ap->a_target); 1824 if (len < vp->v_mount->mnt_maxsymlinklen) { 1825 ip = VTOI(vp); 1826 bcopy(ap->a_target, SHORTLINK(ip), len); 1827 ip->i_size = len; 1828 DIP_SET(ip, i_size, len); 1829 ip->i_flag |= IN_CHANGE | IN_UPDATE; 1830 } else 1831 error = vn_rdwr(UIO_WRITE, vp, ap->a_target, len, (off_t)0, 1832 UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK, 1833 ap->a_cnp->cn_cred, NOCRED, (int *)0, (struct thread *)0); 1834 if (error) 1835 vput(vp); 1836 return (error); 1837} 1838 1839/* 1840 * Vnode op for reading directories. 1841 * 1842 * The routine below assumes that the on-disk format of a directory 1843 * is the same as that defined by <sys/dirent.h>. If the on-disk 1844 * format changes, then it will be necessary to do a conversion 1845 * from the on-disk format that read returns to the format defined 1846 * by <sys/dirent.h>. 1847 */ 1848int 1849ufs_readdir(ap) 1850 struct vop_readdir_args /* { 1851 struct vnode *a_vp; 1852 struct uio *a_uio; 1853 struct ucred *a_cred; 1854 int *a_eofflag; 1855 int *a_ncookies; 1856 u_long **a_cookies; 1857 } */ *ap; 1858{ 1859 struct uio *uio = ap->a_uio; 1860 int error; 1861 size_t count, lost; 1862 off_t off; 1863 1864 if (ap->a_ncookies != NULL) 1865 /* 1866 * Ensure that the block is aligned. The caller can use 1867 * the cookies to determine where in the block to start. 1868 */ 1869 uio->uio_offset &= ~(DIRBLKSIZ - 1); 1870 off = uio->uio_offset; 1871 count = uio->uio_resid; 1872 /* Make sure we don't return partial entries. */ 1873 if (count <= ((uio->uio_offset + count) & (DIRBLKSIZ -1))) 1874 return (EINVAL); 1875 count -= (uio->uio_offset + count) & (DIRBLKSIZ -1); 1876 lost = uio->uio_resid - count; 1877 uio->uio_resid = count; 1878 uio->uio_iov->iov_len = count; 1879# if (BYTE_ORDER == LITTLE_ENDIAN) 1880 if (ap->a_vp->v_mount->mnt_maxsymlinklen > 0) { 1881 error = VOP_READ(ap->a_vp, uio, 0, ap->a_cred); 1882 } else { 1883 struct dirent *dp, *edp; 1884 struct uio auio; 1885 struct iovec aiov; 1886 caddr_t dirbuf; 1887 int readcnt; 1888 u_char tmp; 1889 1890 auio = *uio; 1891 auio.uio_iov = &aiov; 1892 auio.uio_iovcnt = 1; 1893 auio.uio_segflg = UIO_SYSSPACE; 1894 aiov.iov_len = count; 1895 MALLOC(dirbuf, caddr_t, count, M_TEMP, M_WAITOK); 1896 aiov.iov_base = dirbuf; 1897 error = VOP_READ(ap->a_vp, &auio, 0, ap->a_cred); 1898 if (error == 0) { 1899 readcnt = count - auio.uio_resid; 1900 edp = (struct dirent *)&dirbuf[readcnt]; 1901 for (dp = (struct dirent *)dirbuf; dp < edp; ) { 1902 tmp = dp->d_namlen; 1903 dp->d_namlen = dp->d_type; 1904 dp->d_type = tmp; 1905 if (dp->d_reclen > 0) { 1906 dp = (struct dirent *) 1907 ((char *)dp + dp->d_reclen); 1908 } else { 1909 error = EIO; 1910 break; 1911 } 1912 } 1913 if (dp >= edp) 1914 error = uiomove(dirbuf, readcnt, uio); 1915 } 1916 FREE(dirbuf, M_TEMP); 1917 } 1918# else 1919 error = VOP_READ(ap->a_vp, uio, 0, ap->a_cred); 1920# endif 1921 if (!error && ap->a_ncookies != NULL) { 1922 struct dirent* dpStart; 1923 struct dirent* dpEnd; 1924 struct dirent* dp; 1925 int ncookies; 1926 u_long *cookies; 1927 u_long *cookiep; 1928 1929 if (uio->uio_segflg != UIO_SYSSPACE || uio->uio_iovcnt != 1) 1930 panic("ufs_readdir: unexpected uio from NFS server"); 1931 dpStart = (struct dirent *) 1932 ((char *)uio->uio_iov->iov_base - (uio->uio_offset - off)); 1933 dpEnd = (struct dirent *) uio->uio_iov->iov_base; 1934 for (dp = dpStart, ncookies = 0; 1935 dp < dpEnd; 1936 dp = (struct dirent *)((caddr_t) dp + dp->d_reclen)) 1937 ncookies++; 1938 MALLOC(cookies, u_long *, ncookies * sizeof(u_long), M_TEMP, 1939 M_WAITOK); 1940 for (dp = dpStart, cookiep = cookies; 1941 dp < dpEnd; 1942 dp = (struct dirent *)((caddr_t) dp + dp->d_reclen)) { 1943 off += dp->d_reclen; 1944 *cookiep++ = (u_long) off; 1945 } 1946 *ap->a_ncookies = ncookies; 1947 *ap->a_cookies = cookies; 1948 } 1949 uio->uio_resid += lost; 1950 if (ap->a_eofflag) 1951 *ap->a_eofflag = VTOI(ap->a_vp)->i_size <= uio->uio_offset; 1952 return (error); 1953} 1954 1955/* 1956 * Return target name of a symbolic link 1957 */ 1958static int 1959ufs_readlink(ap) 1960 struct vop_readlink_args /* { 1961 struct vnode *a_vp; 1962 struct uio *a_uio; 1963 struct ucred *a_cred; 1964 } */ *ap; 1965{ 1966 struct vnode *vp = ap->a_vp; 1967 struct inode *ip = VTOI(vp); 1968 doff_t isize; 1969 1970 isize = ip->i_size; 1971 if ((isize < vp->v_mount->mnt_maxsymlinklen) || 1972 DIP(ip, i_blocks) == 0) { /* XXX - for old fastlink support */ 1973 return (uiomove(SHORTLINK(ip), isize, ap->a_uio)); 1974 } 1975 return (VOP_READ(vp, ap->a_uio, 0, ap->a_cred)); 1976} 1977 1978/* 1979 * Calculate the logical to physical mapping if not done already, 1980 * then call the device strategy routine. 1981 * 1982 * In order to be able to swap to a file, the ufs_bmaparray() operation may not 1983 * deadlock on memory. See ufs_bmap() for details. 1984 */ 1985static int 1986ufs_strategy(ap) 1987 struct vop_strategy_args /* { 1988 struct vnode *a_vp; 1989 struct buf *a_bp; 1990 } */ *ap; 1991{ 1992 struct buf *bp = ap->a_bp; 1993 struct vnode *vp = ap->a_vp; 1994 struct bufobj *bo; 1995 struct inode *ip; 1996 ufs2_daddr_t blkno; 1997 int error; 1998 1999 ip = VTOI(vp); 2000 if (bp->b_blkno == bp->b_lblkno) { 2001 error = ufs_bmaparray(vp, bp->b_lblkno, &blkno, bp, NULL, NULL); 2002 bp->b_blkno = blkno; 2003 if (error) { 2004 bp->b_error = error; 2005 bp->b_ioflags |= BIO_ERROR; 2006 bufdone(bp); 2007 return (error); 2008 } 2009 if ((long)bp->b_blkno == -1) 2010 vfs_bio_clrbuf(bp); 2011 } 2012 if ((long)bp->b_blkno == -1) { 2013 bufdone(bp); 2014 return (0); 2015 } 2016 bp->b_iooffset = dbtob(bp->b_blkno); 2017 bo = ip->i_umbufobj; 2018 BO_STRATEGY(bo, bp); 2019 return (0); 2020} 2021 2022/* 2023 * Print out the contents of an inode. 2024 */ 2025static int 2026ufs_print(ap) 2027 struct vop_print_args /* { 2028 struct vnode *a_vp; 2029 } */ *ap; 2030{ 2031 struct vnode *vp = ap->a_vp; 2032 struct inode *ip = VTOI(vp); 2033 2034 printf("\tino %lu, on dev %s", (u_long)ip->i_number, 2035 devtoname(ip->i_dev)); 2036 if (vp->v_type == VFIFO) 2037 fifo_printinfo(vp); 2038 printf("\n"); 2039 return (0); 2040} 2041 2042/* 2043 * Close wrapper for fifos. 2044 * 2045 * Update the times on the inode then do device close. 2046 */ 2047static int 2048ufsfifo_close(ap) 2049 struct vop_close_args /* { 2050 struct vnode *a_vp; 2051 int a_fflag; 2052 struct ucred *a_cred; 2053 struct thread *a_td; 2054 } */ *ap; 2055{ 2056 struct vnode *vp = ap->a_vp; 2057 int usecount; 2058 2059 VI_LOCK(vp); 2060 usecount = vp->v_usecount; 2061 if (usecount > 1) 2062 ufs_itimes_locked(vp); 2063 VI_UNLOCK(vp); 2064 return (fifo_specops.vop_close(ap)); 2065} 2066 2067/* 2068 * Kqfilter wrapper for fifos. 2069 * 2070 * Fall through to ufs kqfilter routines if needed 2071 */ 2072static int 2073ufsfifo_kqfilter(ap) 2074 struct vop_kqfilter_args *ap; 2075{ 2076 int error; 2077 2078 error = fifo_specops.vop_kqfilter(ap); 2079 if (error) 2080 error = vfs_kqfilter(ap); 2081 return (error); 2082} 2083 2084/* 2085 * Return POSIX pathconf information applicable to ufs filesystems. 2086 */ 2087static int 2088ufs_pathconf(ap) 2089 struct vop_pathconf_args /* { 2090 struct vnode *a_vp; 2091 int a_name; 2092 int *a_retval; 2093 } */ *ap; 2094{ 2095 int error; 2096 2097 error = 0; 2098 switch (ap->a_name) { 2099 case _PC_LINK_MAX: 2100 *ap->a_retval = LINK_MAX; 2101 break; 2102 case _PC_NAME_MAX: 2103 *ap->a_retval = NAME_MAX; 2104 break; 2105 case _PC_PATH_MAX: 2106 *ap->a_retval = PATH_MAX; 2107 break; 2108 case _PC_PIPE_BUF: 2109 *ap->a_retval = PIPE_BUF; 2110 break; 2111 case _PC_CHOWN_RESTRICTED: 2112 *ap->a_retval = 1; 2113 break; 2114 case _PC_NO_TRUNC: 2115 *ap->a_retval = 1; 2116 break; 2117 case _PC_ACL_EXTENDED: 2118#ifdef UFS_ACL 2119 if (ap->a_vp->v_mount->mnt_flag & MNT_ACLS) 2120 *ap->a_retval = 1; 2121 else 2122 *ap->a_retval = 0; 2123#else 2124 *ap->a_retval = 0; 2125#endif 2126 break; 2127 case _PC_ACL_PATH_MAX: 2128#ifdef UFS_ACL 2129 if (ap->a_vp->v_mount->mnt_flag & MNT_ACLS) 2130 *ap->a_retval = ACL_MAX_ENTRIES; 2131 else 2132 *ap->a_retval = 3; 2133#else 2134 *ap->a_retval = 3; 2135#endif 2136 break; 2137 case _PC_MAC_PRESENT: 2138#ifdef MAC 2139 if (ap->a_vp->v_mount->mnt_flag & MNT_MULTILABEL) 2140 *ap->a_retval = 1; 2141 else 2142 *ap->a_retval = 0; 2143#else 2144 *ap->a_retval = 0; 2145#endif 2146 break; 2147 case _PC_ASYNC_IO: 2148 /* _PC_ASYNC_IO should have been handled by upper layers. */ 2149 KASSERT(0, ("_PC_ASYNC_IO should not get here")); 2150 error = EINVAL; 2151 break; 2152 case _PC_PRIO_IO: 2153 *ap->a_retval = 0; 2154 break; 2155 case _PC_SYNC_IO: 2156 *ap->a_retval = 0; 2157 break; 2158 case _PC_ALLOC_SIZE_MIN: 2159 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_bsize; 2160 break; 2161 case _PC_FILESIZEBITS: 2162 *ap->a_retval = 64; 2163 break; 2164 case _PC_REC_INCR_XFER_SIZE: 2165 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2166 break; 2167 case _PC_REC_MAX_XFER_SIZE: 2168 *ap->a_retval = -1; /* means ``unlimited'' */ 2169 break; 2170 case _PC_REC_MIN_XFER_SIZE: 2171 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2172 break; 2173 case _PC_REC_XFER_ALIGN: 2174 *ap->a_retval = PAGE_SIZE; 2175 break; 2176 case _PC_SYMLINK_MAX: 2177 *ap->a_retval = MAXPATHLEN; 2178 break; 2179 2180 default: 2181 error = EINVAL; 2182 break; 2183 } 2184 return (error); 2185} 2186 2187/* 2188 * Initialize the vnode associated with a new inode, handle aliased 2189 * vnodes. 2190 */ 2191int 2192ufs_vinit(mntp, fifoops, vpp) 2193 struct mount *mntp; 2194 struct vop_vector *fifoops; 2195 struct vnode **vpp; 2196{ 2197 struct inode *ip; 2198 struct vnode *vp; 2199 2200 vp = *vpp; 2201 ip = VTOI(vp); 2202 vp->v_type = IFTOVT(ip->i_mode); 2203 if (vp->v_type == VFIFO) 2204 vp->v_op = fifoops; 2205 ASSERT_VOP_LOCKED(vp, "ufs_vinit"); 2206 if (ip->i_number == ROOTINO) 2207 vp->v_vflag |= VV_ROOT; 2208 ip->i_modrev = init_va_filerev(); 2209 *vpp = vp; 2210 return (0); 2211} 2212 2213/* 2214 * Allocate a new inode. 2215 * Vnode dvp must be locked. 2216 */ 2217static int 2218ufs_makeinode(mode, dvp, vpp, cnp) 2219 int mode; 2220 struct vnode *dvp; 2221 struct vnode **vpp; 2222 struct componentname *cnp; 2223{ 2224 struct inode *ip, *pdir; 2225 struct direct newdir; 2226 struct vnode *tvp; 2227#ifdef UFS_ACL 2228 struct acl *acl; 2229#endif 2230 int error; 2231 2232 pdir = VTOI(dvp); 2233#ifdef INVARIANTS 2234 if ((cnp->cn_flags & HASBUF) == 0) 2235 panic("ufs_makeinode: no name"); 2236#endif 2237 *vpp = NULL; 2238 if ((mode & IFMT) == 0) 2239 mode |= IFREG; 2240 2241 error = UFS_VALLOC(dvp, mode, cnp->cn_cred, &tvp); 2242 if (error) 2243 return (error); 2244 ip = VTOI(tvp); 2245 ip->i_gid = pdir->i_gid; 2246 DIP_SET(ip, i_gid, pdir->i_gid); 2247#ifdef SUIDDIR 2248 { 2249#ifdef QUOTA 2250 struct ucred ucred, *ucp; 2251 ucp = cnp->cn_cred; 2252#endif 2253 /* 2254 * If we are not the owner of the directory, 2255 * and we are hacking owners here, (only do this where told to) 2256 * and we are not giving it TO root, (would subvert quotas) 2257 * then go ahead and give it to the other user. 2258 * Note that this drops off the execute bits for security. 2259 */ 2260 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) && 2261 (pdir->i_mode & ISUID) && 2262 (pdir->i_uid != cnp->cn_cred->cr_uid) && pdir->i_uid) { 2263 ip->i_uid = pdir->i_uid; 2264 DIP_SET(ip, i_uid, ip->i_uid); 2265 mode &= ~07111; 2266#ifdef QUOTA 2267 /* 2268 * Make sure the correct user gets charged 2269 * for the space. 2270 * Quickly knock up a dummy credential for the victim. 2271 * XXX This seems to never be accessed out of our 2272 * context so a stack variable is ok. 2273 */ 2274 refcount_init(&ucred.cr_ref, 1); 2275 ucred.cr_uid = ip->i_uid; 2276 ucred.cr_ngroups = 1; 2277 ucred.cr_groups[0] = pdir->i_gid; 2278 ucp = &ucred; 2279#endif 2280 } else { 2281 ip->i_uid = cnp->cn_cred->cr_uid; 2282 DIP_SET(ip, i_uid, ip->i_uid); 2283 } 2284 2285#ifdef QUOTA 2286 if ((error = getinoquota(ip)) || 2287 (error = chkiq(ip, 1, ucp, 0))) { 2288 UFS_VFREE(tvp, ip->i_number, mode); 2289 vput(tvp); 2290 return (error); 2291 } 2292#endif 2293 } 2294#else /* !SUIDDIR */ 2295 ip->i_uid = cnp->cn_cred->cr_uid; 2296 DIP_SET(ip, i_uid, ip->i_uid); 2297#ifdef QUOTA 2298 if ((error = getinoquota(ip)) || 2299 (error = chkiq(ip, 1, cnp->cn_cred, 0))) { 2300 UFS_VFREE(tvp, ip->i_number, mode); 2301 vput(tvp); 2302 return (error); 2303 } 2304#endif 2305#endif /* !SUIDDIR */ 2306 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE; 2307#ifdef UFS_ACL 2308 acl = NULL; 2309 if ((dvp->v_mount->mnt_flag & MNT_ACLS) != 0) { 2310 acl = uma_zalloc(acl_zone, M_WAITOK); 2311 2312 /* 2313 * Retrieve default ACL for parent, if any. 2314 */ 2315 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cnp->cn_cred, 2316 cnp->cn_thread); 2317 switch (error) { 2318 case 0: 2319 /* 2320 * Retrieved a default ACL, so merge mode and ACL if 2321 * necessary. 2322 */ 2323 if (acl->acl_cnt != 0) { 2324 /* 2325 * Two possible ways for default ACL to not 2326 * be present. First, the EA can be 2327 * undefined, or second, the default ACL can 2328 * be blank. If it's blank, fall through to 2329 * the it's not defined case. 2330 */ 2331 mode = acl_posix1e_newfilemode(mode, acl); 2332 ip->i_mode = mode; 2333 DIP_SET(ip, i_mode, mode); 2334 ufs_sync_acl_from_inode(ip, acl); 2335 break; 2336 } 2337 /* FALLTHROUGH */ 2338 2339 case EOPNOTSUPP: 2340 /* 2341 * Just use the mode as-is. 2342 */ 2343 ip->i_mode = mode; 2344 DIP_SET(ip, i_mode, mode); 2345 uma_zfree(acl_zone, acl); 2346 acl = NULL; 2347 break; 2348 2349 default: 2350 UFS_VFREE(tvp, ip->i_number, mode); 2351 vput(tvp); 2352 uma_zfree(acl_zone, acl); 2353 acl = NULL; 2354 return (error); 2355 } 2356 } else { 2357#endif 2358 ip->i_mode = mode; 2359 DIP_SET(ip, i_mode, mode); 2360#ifdef UFS_ACL 2361 } 2362#endif 2363 tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */ 2364 ip->i_effnlink = 1; 2365 ip->i_nlink = 1; 2366 DIP_SET(ip, i_nlink, 1); 2367 if (DOINGSOFTDEP(tvp)) 2368 softdep_change_linkcnt(ip); 2369 if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) && 2370 priv_check_cred(cnp->cn_cred, PRIV_VFS_SETGID, 0)) { 2371 ip->i_mode &= ~ISGID; 2372 DIP_SET(ip, i_mode, ip->i_mode); 2373 } 2374 2375 if (cnp->cn_flags & ISWHITEOUT) { 2376 ip->i_flags |= UF_OPAQUE; 2377 DIP_SET(ip, i_flags, ip->i_flags); 2378 } 2379 2380 /* 2381 * Make sure inode goes to disk before directory entry. 2382 */ 2383 error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(tvp) | DOINGASYNC(tvp))); 2384 if (error) 2385 goto bad; 2386#ifdef MAC 2387 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) { 2388 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount, 2389 dvp, tvp, cnp); 2390 if (error) 2391 goto bad; 2392 } 2393#endif 2394#ifdef UFS_ACL 2395 if (acl != NULL) { 2396 /* 2397 * XXX: If we abort now, will Soft Updates notify the extattr 2398 * code that the EAs for the file need to be released? 2399 */ 2400 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cnp->cn_cred, 2401 cnp->cn_thread); 2402 switch (error) { 2403 case 0: 2404 break; 2405 2406 case EOPNOTSUPP: 2407 /* 2408 * XXX: This should not happen, as EOPNOTSUPP above was 2409 * supposed to free acl. 2410 */ 2411 printf("ufs_makeinode: VOP_GETACL() but no " 2412 "VOP_SETACL()\n"); 2413 /* panic("ufs_makeinode: VOP_GETACL() but no " 2414 "VOP_SETACL()"); */ 2415 break; 2416 2417 default: 2418 uma_zfree(acl_zone, acl); 2419 goto bad; 2420 } 2421 uma_zfree(acl_zone, acl); 2422 } 2423#endif /* !UFS_ACL */ 2424 ufs_makedirentry(ip, cnp, &newdir); 2425 error = ufs_direnter(dvp, tvp, &newdir, cnp, NULL); 2426 if (error) 2427 goto bad; 2428 *vpp = tvp; 2429 return (0); 2430 2431bad: 2432 /* 2433 * Write error occurred trying to update the inode 2434 * or the directory so must deallocate the inode. 2435 */ 2436 ip->i_effnlink = 0; 2437 ip->i_nlink = 0; 2438 DIP_SET(ip, i_nlink, 0); 2439 ip->i_flag |= IN_CHANGE; 2440 if (DOINGSOFTDEP(tvp)) 2441 softdep_change_linkcnt(ip); 2442 vput(tvp); 2443 return (error); 2444} 2445 2446/* Global vfs data structures for ufs. */ 2447struct vop_vector ufs_vnodeops = { 2448 .vop_default = &default_vnodeops, 2449 .vop_fsync = VOP_PANIC, 2450 .vop_read = VOP_PANIC, 2451 .vop_reallocblks = VOP_PANIC, 2452 .vop_write = VOP_PANIC, 2453 .vop_access = ufs_access, 2454 .vop_bmap = ufs_bmap, 2455 .vop_cachedlookup = ufs_lookup, 2456 .vop_close = ufs_close, 2457 .vop_create = ufs_create, 2458 .vop_getattr = ufs_getattr, 2459 .vop_inactive = ufs_inactive, 2460 .vop_link = ufs_link, 2461 .vop_lookup = vfs_cache_lookup, 2462 .vop_mkdir = ufs_mkdir, 2463 .vop_mknod = ufs_mknod, 2464 .vop_open = ufs_open, 2465 .vop_pathconf = ufs_pathconf, 2466 .vop_poll = vop_stdpoll, 2467 .vop_print = ufs_print, 2468 .vop_readdir = ufs_readdir, 2469 .vop_readlink = ufs_readlink, 2470 .vop_reclaim = ufs_reclaim, 2471 .vop_remove = ufs_remove, 2472 .vop_rename = ufs_rename, 2473 .vop_rmdir = ufs_rmdir, 2474 .vop_setattr = ufs_setattr, 2475#ifdef MAC 2476 .vop_setlabel = vop_stdsetlabel_ea, 2477#endif 2478 .vop_strategy = ufs_strategy, 2479 .vop_symlink = ufs_symlink, 2480 .vop_whiteout = ufs_whiteout, 2481#ifdef UFS_EXTATTR 2482 .vop_getextattr = ufs_getextattr, 2483 .vop_deleteextattr = ufs_deleteextattr, 2484 .vop_setextattr = ufs_setextattr, 2485#endif 2486#ifdef UFS_ACL 2487 .vop_getacl = ufs_getacl, 2488 .vop_setacl = ufs_setacl, 2489 .vop_aclcheck = ufs_aclcheck, 2490#endif 2491}; 2492 2493struct vop_vector ufs_fifoops = { 2494 .vop_default = &fifo_specops, 2495 .vop_fsync = VOP_PANIC, 2496 .vop_access = ufs_access, 2497 .vop_close = ufsfifo_close, 2498 .vop_getattr = ufs_getattr, 2499 .vop_inactive = ufs_inactive, 2500 .vop_kqfilter = ufsfifo_kqfilter, 2501 .vop_print = ufs_print, 2502 .vop_read = VOP_PANIC, 2503 .vop_reclaim = ufs_reclaim, 2504 .vop_setattr = ufs_setattr, 2505#ifdef MAC 2506 .vop_setlabel = vop_stdsetlabel_ea, 2507#endif 2508 .vop_write = VOP_PANIC, 2509#ifdef UFS_EXTATTR 2510 .vop_getextattr = ufs_getextattr, 2511 .vop_deleteextattr = ufs_deleteextattr, 2512 .vop_setextattr = ufs_setextattr, 2513#endif 2514#ifdef UFS_ACL 2515 .vop_getacl = ufs_getacl, 2516 .vop_setacl = ufs_setacl, 2517 .vop_aclcheck = ufs_aclcheck, 2518#endif 2519}; 2520