ufs_vnops.c revision 253998
1/*- 2 * Copyright (c) 1982, 1986, 1989, 1993, 1995 3 * The Regents of the University of California. All rights reserved. 4 * (c) UNIX System Laboratories, Inc. 5 * All or some portions of this file are derived from material licensed 6 * to the University of California by American Telephone and Telegraph 7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 8 * the permission of UNIX System Laboratories, Inc. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 4. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * @(#)ufs_vnops.c 8.27 (Berkeley) 5/27/95 35 */ 36 37#include <sys/cdefs.h> 38__FBSDID("$FreeBSD: head/sys/ufs/ufs/ufs_vnops.c 253998 2013-08-06 16:50:05Z mckusick $"); 39 40#include "opt_quota.h" 41#include "opt_suiddir.h" 42#include "opt_ufs.h" 43#include "opt_ffs.h" 44 45#include <sys/param.h> 46#include <sys/systm.h> 47#include <sys/malloc.h> 48#include <sys/namei.h> 49#include <sys/kernel.h> 50#include <sys/fcntl.h> 51#include <sys/filio.h> 52#include <sys/stat.h> 53#include <sys/bio.h> 54#include <sys/buf.h> 55#include <sys/mount.h> 56#include <sys/priv.h> 57#include <sys/refcount.h> 58#include <sys/unistd.h> 59#include <sys/vnode.h> 60#include <sys/dirent.h> 61#include <sys/lockf.h> 62#include <sys/conf.h> 63#include <sys/acl.h> 64 65#include <security/mac/mac_framework.h> 66 67#include <sys/file.h> /* XXX */ 68 69#include <vm/vm.h> 70#include <vm/vm_extern.h> 71 72#include <ufs/ufs/acl.h> 73#include <ufs/ufs/extattr.h> 74#include <ufs/ufs/quota.h> 75#include <ufs/ufs/inode.h> 76#include <ufs/ufs/dir.h> 77#include <ufs/ufs/ufsmount.h> 78#include <ufs/ufs/ufs_extern.h> 79#ifdef UFS_DIRHASH 80#include <ufs/ufs/dirhash.h> 81#endif 82#ifdef UFS_GJOURNAL 83#include <ufs/ufs/gjournal.h> 84FEATURE(ufs_gjournal, "Journaling support through GEOM for UFS"); 85#endif 86 87#ifdef QUOTA 88FEATURE(ufs_quota, "UFS disk quotas support"); 89FEATURE(ufs_quota64, "64bit UFS disk quotas support"); 90#endif 91 92#ifdef SUIDDIR 93FEATURE(suiddir, 94 "Give all new files in directory the same ownership as the directory"); 95#endif 96 97 98#include <ufs/ffs/ffs_extern.h> 99 100static vop_accessx_t ufs_accessx; 101static int ufs_chmod(struct vnode *, int, struct ucred *, struct thread *); 102static int ufs_chown(struct vnode *, uid_t, gid_t, struct ucred *, struct thread *); 103static vop_close_t ufs_close; 104static vop_create_t ufs_create; 105static vop_getattr_t ufs_getattr; 106static vop_ioctl_t ufs_ioctl; 107static vop_link_t ufs_link; 108static int ufs_makeinode(int mode, struct vnode *, struct vnode **, struct componentname *); 109static vop_markatime_t ufs_markatime; 110static vop_mkdir_t ufs_mkdir; 111static vop_mknod_t ufs_mknod; 112static vop_open_t ufs_open; 113static vop_pathconf_t ufs_pathconf; 114static vop_print_t ufs_print; 115static vop_readlink_t ufs_readlink; 116static vop_remove_t ufs_remove; 117static vop_rename_t ufs_rename; 118static vop_rmdir_t ufs_rmdir; 119static vop_setattr_t ufs_setattr; 120static vop_strategy_t ufs_strategy; 121static vop_symlink_t ufs_symlink; 122static vop_whiteout_t ufs_whiteout; 123static vop_close_t ufsfifo_close; 124static vop_kqfilter_t ufsfifo_kqfilter; 125static vop_pathconf_t ufsfifo_pathconf; 126 127SYSCTL_NODE(_vfs, OID_AUTO, ufs, CTLFLAG_RD, 0, "UFS filesystem"); 128 129/* 130 * A virgin directory (no blushing please). 131 */ 132static struct dirtemplate mastertemplate = { 133 0, 12, DT_DIR, 1, ".", 134 0, DIRBLKSIZ - 12, DT_DIR, 2, ".." 135}; 136static struct odirtemplate omastertemplate = { 137 0, 12, 1, ".", 138 0, DIRBLKSIZ - 12, 2, ".." 139}; 140 141static void 142ufs_itimes_locked(struct vnode *vp) 143{ 144 struct inode *ip; 145 struct timespec ts; 146 147 ASSERT_VI_LOCKED(vp, __func__); 148 149 ip = VTOI(vp); 150 if (UFS_RDONLY(ip)) 151 goto out; 152 if ((ip->i_flag & (IN_ACCESS | IN_CHANGE | IN_UPDATE)) == 0) 153 return; 154 155 if ((vp->v_type == VBLK || vp->v_type == VCHR) && !DOINGSOFTDEP(vp)) 156 ip->i_flag |= IN_LAZYMOD; 157 else if (((vp->v_mount->mnt_kern_flag & 158 (MNTK_SUSPENDED | MNTK_SUSPEND)) == 0) || 159 (ip->i_flag & (IN_CHANGE | IN_UPDATE))) 160 ip->i_flag |= IN_MODIFIED; 161 else if (ip->i_flag & IN_ACCESS) 162 ip->i_flag |= IN_LAZYACCESS; 163 vfs_timestamp(&ts); 164 if (ip->i_flag & IN_ACCESS) { 165 DIP_SET(ip, i_atime, ts.tv_sec); 166 DIP_SET(ip, i_atimensec, ts.tv_nsec); 167 } 168 if (ip->i_flag & IN_UPDATE) { 169 DIP_SET(ip, i_mtime, ts.tv_sec); 170 DIP_SET(ip, i_mtimensec, ts.tv_nsec); 171 } 172 if (ip->i_flag & IN_CHANGE) { 173 DIP_SET(ip, i_ctime, ts.tv_sec); 174 DIP_SET(ip, i_ctimensec, ts.tv_nsec); 175 DIP_SET(ip, i_modrev, DIP(ip, i_modrev) + 1); 176 } 177 178 out: 179 ip->i_flag &= ~(IN_ACCESS | IN_CHANGE | IN_UPDATE); 180} 181 182void 183ufs_itimes(struct vnode *vp) 184{ 185 186 VI_LOCK(vp); 187 ufs_itimes_locked(vp); 188 VI_UNLOCK(vp); 189} 190 191/* 192 * Create a regular file 193 */ 194static int 195ufs_create(ap) 196 struct vop_create_args /* { 197 struct vnode *a_dvp; 198 struct vnode **a_vpp; 199 struct componentname *a_cnp; 200 struct vattr *a_vap; 201 } */ *ap; 202{ 203 int error; 204 205 error = 206 ufs_makeinode(MAKEIMODE(ap->a_vap->va_type, ap->a_vap->va_mode), 207 ap->a_dvp, ap->a_vpp, ap->a_cnp); 208 if (error) 209 return (error); 210 return (0); 211} 212 213/* 214 * Mknod vnode call 215 */ 216/* ARGSUSED */ 217static int 218ufs_mknod(ap) 219 struct vop_mknod_args /* { 220 struct vnode *a_dvp; 221 struct vnode **a_vpp; 222 struct componentname *a_cnp; 223 struct vattr *a_vap; 224 } */ *ap; 225{ 226 struct vattr *vap = ap->a_vap; 227 struct vnode **vpp = ap->a_vpp; 228 struct inode *ip; 229 ino_t ino; 230 int error; 231 232 error = ufs_makeinode(MAKEIMODE(vap->va_type, vap->va_mode), 233 ap->a_dvp, vpp, ap->a_cnp); 234 if (error) 235 return (error); 236 ip = VTOI(*vpp); 237 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE; 238 if (vap->va_rdev != VNOVAL) { 239 /* 240 * Want to be able to use this to make badblock 241 * inodes, so don't truncate the dev number. 242 */ 243 DIP_SET(ip, i_rdev, vap->va_rdev); 244 } 245 /* 246 * Remove inode, then reload it through VFS_VGET so it is 247 * checked to see if it is an alias of an existing entry in 248 * the inode cache. XXX I don't believe this is necessary now. 249 */ 250 (*vpp)->v_type = VNON; 251 ino = ip->i_number; /* Save this before vgone() invalidates ip. */ 252 vgone(*vpp); 253 vput(*vpp); 254 error = VFS_VGET(ap->a_dvp->v_mount, ino, LK_EXCLUSIVE, vpp); 255 if (error) { 256 *vpp = NULL; 257 return (error); 258 } 259 return (0); 260} 261 262/* 263 * Open called. 264 */ 265/* ARGSUSED */ 266static int 267ufs_open(struct vop_open_args *ap) 268{ 269 struct vnode *vp = ap->a_vp; 270 struct inode *ip; 271 272 if (vp->v_type == VCHR || vp->v_type == VBLK) 273 return (EOPNOTSUPP); 274 275 ip = VTOI(vp); 276 /* 277 * Files marked append-only must be opened for appending. 278 */ 279 if ((ip->i_flags & APPEND) && 280 (ap->a_mode & (FWRITE | O_APPEND)) == FWRITE) 281 return (EPERM); 282 vnode_create_vobject(vp, DIP(ip, i_size), ap->a_td); 283 return (0); 284} 285 286/* 287 * Close called. 288 * 289 * Update the times on the inode. 290 */ 291/* ARGSUSED */ 292static int 293ufs_close(ap) 294 struct vop_close_args /* { 295 struct vnode *a_vp; 296 int a_fflag; 297 struct ucred *a_cred; 298 struct thread *a_td; 299 } */ *ap; 300{ 301 struct vnode *vp = ap->a_vp; 302 int usecount; 303 304 VI_LOCK(vp); 305 usecount = vp->v_usecount; 306 if (usecount > 1) 307 ufs_itimes_locked(vp); 308 VI_UNLOCK(vp); 309 return (0); 310} 311 312static int 313ufs_accessx(ap) 314 struct vop_accessx_args /* { 315 struct vnode *a_vp; 316 accmode_t a_accmode; 317 struct ucred *a_cred; 318 struct thread *a_td; 319 } */ *ap; 320{ 321 struct vnode *vp = ap->a_vp; 322 struct inode *ip = VTOI(vp); 323 accmode_t accmode = ap->a_accmode; 324 int error; 325#ifdef QUOTA 326 int relocked; 327#endif 328#ifdef UFS_ACL 329 struct acl *acl; 330 acl_type_t type; 331#endif 332 333 /* 334 * Disallow write attempts on read-only filesystems; 335 * unless the file is a socket, fifo, or a block or 336 * character device resident on the filesystem. 337 */ 338 if (accmode & VMODIFY_PERMS) { 339 switch (vp->v_type) { 340 case VDIR: 341 case VLNK: 342 case VREG: 343 if (vp->v_mount->mnt_flag & MNT_RDONLY) 344 return (EROFS); 345#ifdef QUOTA 346 /* 347 * Inode is accounted in the quotas only if struct 348 * dquot is attached to it. VOP_ACCESS() is called 349 * from vn_open_cred() and provides a convenient 350 * point to call getinoquota(). 351 */ 352 if (VOP_ISLOCKED(vp) != LK_EXCLUSIVE) { 353 354 /* 355 * Upgrade vnode lock, since getinoquota() 356 * requires exclusive lock to modify inode. 357 */ 358 relocked = 1; 359 vhold(vp); 360 vn_lock(vp, LK_UPGRADE | LK_RETRY); 361 VI_LOCK(vp); 362 if (vp->v_iflag & VI_DOOMED) { 363 vdropl(vp); 364 error = ENOENT; 365 goto relock; 366 } 367 vdropl(vp); 368 } else 369 relocked = 0; 370 error = getinoquota(ip); 371relock: 372 if (relocked) 373 vn_lock(vp, LK_DOWNGRADE | LK_RETRY); 374 if (error != 0) 375 return (error); 376#endif 377 break; 378 default: 379 break; 380 } 381 } 382 383 /* 384 * If immutable bit set, nobody gets to write it. "& ~VADMIN_PERMS" 385 * is here, because without it, * it would be impossible for the owner 386 * to remove the IMMUTABLE flag. 387 */ 388 if ((accmode & (VMODIFY_PERMS & ~VADMIN_PERMS)) && 389 (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT))) 390 return (EPERM); 391 392#ifdef UFS_ACL 393 if ((vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS)) != 0) { 394 if (vp->v_mount->mnt_flag & MNT_NFS4ACLS) 395 type = ACL_TYPE_NFS4; 396 else 397 type = ACL_TYPE_ACCESS; 398 399 acl = acl_alloc(M_WAITOK); 400 if (type == ACL_TYPE_NFS4) 401 error = ufs_getacl_nfs4_internal(vp, acl, ap->a_td); 402 else 403 error = VOP_GETACL(vp, type, acl, ap->a_cred, ap->a_td); 404 switch (error) { 405 case 0: 406 if (type == ACL_TYPE_NFS4) { 407 error = vaccess_acl_nfs4(vp->v_type, ip->i_uid, 408 ip->i_gid, acl, accmode, ap->a_cred, NULL); 409 } else { 410 error = vfs_unixify_accmode(&accmode); 411 if (error == 0) 412 error = vaccess_acl_posix1e(vp->v_type, ip->i_uid, 413 ip->i_gid, acl, accmode, ap->a_cred, NULL); 414 } 415 break; 416 default: 417 if (error != EOPNOTSUPP) 418 printf( 419"ufs_accessx(): Error retrieving ACL on object (%d).\n", 420 error); 421 /* 422 * XXX: Fall back until debugged. Should 423 * eventually possibly log an error, and return 424 * EPERM for safety. 425 */ 426 error = vfs_unixify_accmode(&accmode); 427 if (error == 0) 428 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, 429 ip->i_gid, accmode, ap->a_cred, NULL); 430 } 431 acl_free(acl); 432 433 return (error); 434 } 435#endif /* !UFS_ACL */ 436 error = vfs_unixify_accmode(&accmode); 437 if (error == 0) 438 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, ip->i_gid, 439 accmode, ap->a_cred, NULL); 440 return (error); 441} 442 443/* ARGSUSED */ 444static int 445ufs_getattr(ap) 446 struct vop_getattr_args /* { 447 struct vnode *a_vp; 448 struct vattr *a_vap; 449 struct ucred *a_cred; 450 } */ *ap; 451{ 452 struct vnode *vp = ap->a_vp; 453 struct inode *ip = VTOI(vp); 454 struct vattr *vap = ap->a_vap; 455 456 VI_LOCK(vp); 457 ufs_itimes_locked(vp); 458 if (ip->i_ump->um_fstype == UFS1) { 459 vap->va_atime.tv_sec = ip->i_din1->di_atime; 460 vap->va_atime.tv_nsec = ip->i_din1->di_atimensec; 461 } else { 462 vap->va_atime.tv_sec = ip->i_din2->di_atime; 463 vap->va_atime.tv_nsec = ip->i_din2->di_atimensec; 464 } 465 VI_UNLOCK(vp); 466 /* 467 * Copy from inode table 468 */ 469 vap->va_fsid = dev2udev(ip->i_dev); 470 vap->va_fileid = ip->i_number; 471 vap->va_mode = ip->i_mode & ~IFMT; 472 vap->va_nlink = ip->i_effnlink; 473 vap->va_uid = ip->i_uid; 474 vap->va_gid = ip->i_gid; 475 if (ip->i_ump->um_fstype == UFS1) { 476 vap->va_rdev = ip->i_din1->di_rdev; 477 vap->va_size = ip->i_din1->di_size; 478 vap->va_mtime.tv_sec = ip->i_din1->di_mtime; 479 vap->va_mtime.tv_nsec = ip->i_din1->di_mtimensec; 480 vap->va_ctime.tv_sec = ip->i_din1->di_ctime; 481 vap->va_ctime.tv_nsec = ip->i_din1->di_ctimensec; 482 vap->va_bytes = dbtob((u_quad_t)ip->i_din1->di_blocks); 483 vap->va_filerev = ip->i_din1->di_modrev; 484 } else { 485 vap->va_rdev = ip->i_din2->di_rdev; 486 vap->va_size = ip->i_din2->di_size; 487 vap->va_mtime.tv_sec = ip->i_din2->di_mtime; 488 vap->va_mtime.tv_nsec = ip->i_din2->di_mtimensec; 489 vap->va_ctime.tv_sec = ip->i_din2->di_ctime; 490 vap->va_ctime.tv_nsec = ip->i_din2->di_ctimensec; 491 vap->va_birthtime.tv_sec = ip->i_din2->di_birthtime; 492 vap->va_birthtime.tv_nsec = ip->i_din2->di_birthnsec; 493 vap->va_bytes = dbtob((u_quad_t)ip->i_din2->di_blocks); 494 vap->va_filerev = ip->i_din2->di_modrev; 495 } 496 vap->va_flags = ip->i_flags; 497 vap->va_gen = ip->i_gen; 498 vap->va_blocksize = vp->v_mount->mnt_stat.f_iosize; 499 vap->va_type = IFTOVT(ip->i_mode); 500 return (0); 501} 502 503/* 504 * Set attribute vnode op. called from several syscalls 505 */ 506static int 507ufs_setattr(ap) 508 struct vop_setattr_args /* { 509 struct vnode *a_vp; 510 struct vattr *a_vap; 511 struct ucred *a_cred; 512 } */ *ap; 513{ 514 struct vattr *vap = ap->a_vap; 515 struct vnode *vp = ap->a_vp; 516 struct inode *ip = VTOI(vp); 517 struct ucred *cred = ap->a_cred; 518 struct thread *td = curthread; 519 int error; 520 521 /* 522 * Check for unsettable attributes. 523 */ 524 if ((vap->va_type != VNON) || (vap->va_nlink != VNOVAL) || 525 (vap->va_fsid != VNOVAL) || (vap->va_fileid != VNOVAL) || 526 (vap->va_blocksize != VNOVAL) || (vap->va_rdev != VNOVAL) || 527 ((int)vap->va_bytes != VNOVAL) || (vap->va_gen != VNOVAL)) { 528 return (EINVAL); 529 } 530 if (vap->va_flags != VNOVAL) { 531 if ((vap->va_flags & ~(UF_NODUMP | UF_IMMUTABLE | UF_APPEND | 532 UF_OPAQUE | UF_NOUNLINK | SF_ARCHIVED | SF_IMMUTABLE | 533 SF_APPEND | SF_NOUNLINK | SF_SNAPSHOT)) != 0) 534 return (EOPNOTSUPP); 535 if (vp->v_mount->mnt_flag & MNT_RDONLY) 536 return (EROFS); 537 /* 538 * Callers may only modify the file flags on objects they 539 * have VADMIN rights for. 540 */ 541 if ((error = VOP_ACCESS(vp, VADMIN, cred, td))) 542 return (error); 543 /* 544 * Unprivileged processes are not permitted to unset system 545 * flags, or modify flags if any system flags are set. 546 * Privileged non-jail processes may not modify system flags 547 * if securelevel > 0 and any existing system flags are set. 548 * Privileged jail processes behave like privileged non-jail 549 * processes if the security.jail.chflags_allowed sysctl is 550 * is non-zero; otherwise, they behave like unprivileged 551 * processes. 552 */ 553 if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0)) { 554 if (ip->i_flags & 555 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) { 556 error = securelevel_gt(cred, 0); 557 if (error) 558 return (error); 559 } 560 /* The snapshot flag cannot be toggled. */ 561 if ((vap->va_flags ^ ip->i_flags) & SF_SNAPSHOT) 562 return (EPERM); 563 } else { 564 if (ip->i_flags & 565 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND) || 566 ((vap->va_flags ^ ip->i_flags) & SF_SETTABLE)) 567 return (EPERM); 568 } 569 ip->i_flags = vap->va_flags; 570 DIP_SET(ip, i_flags, vap->va_flags); 571 ip->i_flag |= IN_CHANGE; 572 error = UFS_UPDATE(vp, 0); 573 if (ip->i_flags & (IMMUTABLE | APPEND)) 574 return (error); 575 } 576 /* 577 * If immutable or append, no one can change any of its attributes 578 * except the ones already handled (in some cases, file flags 579 * including the immutability flags themselves for the superuser). 580 */ 581 if (ip->i_flags & (IMMUTABLE | APPEND)) 582 return (EPERM); 583 /* 584 * Go through the fields and update iff not VNOVAL. 585 */ 586 if (vap->va_uid != (uid_t)VNOVAL || vap->va_gid != (gid_t)VNOVAL) { 587 if (vp->v_mount->mnt_flag & MNT_RDONLY) 588 return (EROFS); 589 if ((error = ufs_chown(vp, vap->va_uid, vap->va_gid, cred, 590 td)) != 0) 591 return (error); 592 } 593 if (vap->va_size != VNOVAL) { 594 /* 595 * XXX most of the following special cases should be in 596 * callers instead of in N filesystems. The VDIR check 597 * mostly already is. 598 */ 599 switch (vp->v_type) { 600 case VDIR: 601 return (EISDIR); 602 case VLNK: 603 case VREG: 604 /* 605 * Truncation should have an effect in these cases. 606 * Disallow it if the filesystem is read-only or 607 * the file is being snapshotted. 608 */ 609 if (vp->v_mount->mnt_flag & MNT_RDONLY) 610 return (EROFS); 611 if ((ip->i_flags & SF_SNAPSHOT) != 0) 612 return (EPERM); 613 break; 614 default: 615 /* 616 * According to POSIX, the result is unspecified 617 * for file types other than regular files, 618 * directories and shared memory objects. We 619 * don't support shared memory objects in the file 620 * system, and have dubious support for truncating 621 * symlinks. Just ignore the request in other cases. 622 */ 623 return (0); 624 } 625 if ((error = UFS_TRUNCATE(vp, vap->va_size, IO_NORMAL, 626 cred)) != 0) 627 return (error); 628 } 629 if (vap->va_atime.tv_sec != VNOVAL || 630 vap->va_mtime.tv_sec != VNOVAL || 631 vap->va_birthtime.tv_sec != VNOVAL) { 632 if (vp->v_mount->mnt_flag & MNT_RDONLY) 633 return (EROFS); 634 if ((ip->i_flags & SF_SNAPSHOT) != 0) 635 return (EPERM); 636 /* 637 * From utimes(2): 638 * If times is NULL, ... The caller must be the owner of 639 * the file, have permission to write the file, or be the 640 * super-user. 641 * If times is non-NULL, ... The caller must be the owner of 642 * the file or be the super-user. 643 * 644 * Possibly for historical reasons, try to use VADMIN in 645 * preference to VWRITE for a NULL timestamp. This means we 646 * will return EACCES in preference to EPERM if neither 647 * check succeeds. 648 */ 649 if (vap->va_vaflags & VA_UTIMES_NULL) { 650 /* 651 * NFSv4.1, draft 21, 6.2.1.3.1, Discussion of Mask Attributes 652 * 653 * "A user having ACL_WRITE_DATA or ACL_WRITE_ATTRIBUTES 654 * will be allowed to set the times [..] to the current 655 * server time." 656 * 657 * XXX: Calling it four times seems a little excessive. 658 */ 659 error = VOP_ACCESSX(vp, VWRITE_ATTRIBUTES, cred, td); 660 if (error) 661 error = VOP_ACCESS(vp, VWRITE, cred, td); 662 } else 663 error = VOP_ACCESSX(vp, VWRITE_ATTRIBUTES, cred, td); 664 if (error) 665 return (error); 666 if (vap->va_atime.tv_sec != VNOVAL) 667 ip->i_flag |= IN_ACCESS; 668 if (vap->va_mtime.tv_sec != VNOVAL) 669 ip->i_flag |= IN_CHANGE | IN_UPDATE; 670 if (vap->va_birthtime.tv_sec != VNOVAL && 671 ip->i_ump->um_fstype == UFS2) 672 ip->i_flag |= IN_MODIFIED; 673 ufs_itimes(vp); 674 if (vap->va_atime.tv_sec != VNOVAL) { 675 DIP_SET(ip, i_atime, vap->va_atime.tv_sec); 676 DIP_SET(ip, i_atimensec, vap->va_atime.tv_nsec); 677 } 678 if (vap->va_mtime.tv_sec != VNOVAL) { 679 DIP_SET(ip, i_mtime, vap->va_mtime.tv_sec); 680 DIP_SET(ip, i_mtimensec, vap->va_mtime.tv_nsec); 681 } 682 if (vap->va_birthtime.tv_sec != VNOVAL && 683 ip->i_ump->um_fstype == UFS2) { 684 ip->i_din2->di_birthtime = vap->va_birthtime.tv_sec; 685 ip->i_din2->di_birthnsec = vap->va_birthtime.tv_nsec; 686 } 687 error = UFS_UPDATE(vp, 0); 688 if (error) 689 return (error); 690 } 691 error = 0; 692 if (vap->va_mode != (mode_t)VNOVAL) { 693 if (vp->v_mount->mnt_flag & MNT_RDONLY) 694 return (EROFS); 695 if ((ip->i_flags & SF_SNAPSHOT) != 0 && (vap->va_mode & 696 (S_IXUSR | S_IWUSR | S_IXGRP | S_IWGRP | S_IXOTH | S_IWOTH))) 697 return (EPERM); 698 error = ufs_chmod(vp, (int)vap->va_mode, cred, td); 699 } 700 return (error); 701} 702 703#ifdef UFS_ACL 704static int 705ufs_update_nfs4_acl_after_mode_change(struct vnode *vp, int mode, 706 int file_owner_id, struct ucred *cred, struct thread *td) 707{ 708 int error; 709 struct acl *aclp; 710 711 aclp = acl_alloc(M_WAITOK); 712 error = ufs_getacl_nfs4_internal(vp, aclp, td); 713 /* 714 * We don't have to handle EOPNOTSUPP here, as the filesystem claims 715 * it supports ACLs. 716 */ 717 if (error) 718 goto out; 719 720 acl_nfs4_sync_acl_from_mode(aclp, mode, file_owner_id); 721 error = ufs_setacl_nfs4_internal(vp, aclp, td); 722 723out: 724 acl_free(aclp); 725 return (error); 726} 727#endif /* UFS_ACL */ 728 729/* 730 * Mark this file's access time for update for vfs_mark_atime(). This 731 * is called from execve() and mmap(). 732 */ 733static int 734ufs_markatime(ap) 735 struct vop_markatime_args /* { 736 struct vnode *a_vp; 737 } */ *ap; 738{ 739 struct vnode *vp = ap->a_vp; 740 struct inode *ip = VTOI(vp); 741 742 VI_LOCK(vp); 743 ip->i_flag |= IN_ACCESS; 744 VI_UNLOCK(vp); 745 /* 746 * XXXKIB No UFS_UPDATE(ap->a_vp, 0) there. 747 */ 748 return (0); 749} 750 751/* 752 * Change the mode on a file. 753 * Inode must be locked before calling. 754 */ 755static int 756ufs_chmod(vp, mode, cred, td) 757 struct vnode *vp; 758 int mode; 759 struct ucred *cred; 760 struct thread *td; 761{ 762 struct inode *ip = VTOI(vp); 763 int error; 764 765 /* 766 * To modify the permissions on a file, must possess VADMIN 767 * for that file. 768 */ 769 if ((error = VOP_ACCESSX(vp, VWRITE_ACL, cred, td))) 770 return (error); 771 /* 772 * Privileged processes may set the sticky bit on non-directories, 773 * as well as set the setgid bit on a file with a group that the 774 * process is not a member of. Both of these are allowed in 775 * jail(8). 776 */ 777 if (vp->v_type != VDIR && (mode & S_ISTXT)) { 778 if (priv_check_cred(cred, PRIV_VFS_STICKYFILE, 0)) 779 return (EFTYPE); 780 } 781 if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) { 782 error = priv_check_cred(cred, PRIV_VFS_SETGID, 0); 783 if (error) 784 return (error); 785 } 786 787 /* 788 * Deny setting setuid if we are not the file owner. 789 */ 790 if ((mode & ISUID) && ip->i_uid != cred->cr_uid) { 791 error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0); 792 if (error) 793 return (error); 794 } 795 796 ip->i_mode &= ~ALLPERMS; 797 ip->i_mode |= (mode & ALLPERMS); 798 DIP_SET(ip, i_mode, ip->i_mode); 799 ip->i_flag |= IN_CHANGE; 800#ifdef UFS_ACL 801 if ((vp->v_mount->mnt_flag & MNT_NFS4ACLS) != 0) 802 error = ufs_update_nfs4_acl_after_mode_change(vp, mode, ip->i_uid, cred, td); 803#endif 804 if (error == 0 && (ip->i_flag & IN_CHANGE) != 0) 805 error = UFS_UPDATE(vp, 0); 806 807 return (error); 808} 809 810/* 811 * Perform chown operation on inode ip; 812 * inode must be locked prior to call. 813 */ 814static int 815ufs_chown(vp, uid, gid, cred, td) 816 struct vnode *vp; 817 uid_t uid; 818 gid_t gid; 819 struct ucred *cred; 820 struct thread *td; 821{ 822 struct inode *ip = VTOI(vp); 823 uid_t ouid; 824 gid_t ogid; 825 int error = 0; 826#ifdef QUOTA 827 int i; 828 ufs2_daddr_t change; 829#endif 830 831 if (uid == (uid_t)VNOVAL) 832 uid = ip->i_uid; 833 if (gid == (gid_t)VNOVAL) 834 gid = ip->i_gid; 835 /* 836 * To modify the ownership of a file, must possess VADMIN for that 837 * file. 838 */ 839 if ((error = VOP_ACCESSX(vp, VWRITE_OWNER, cred, td))) 840 return (error); 841 /* 842 * To change the owner of a file, or change the group of a file to a 843 * group of which we are not a member, the caller must have 844 * privilege. 845 */ 846 if (((uid != ip->i_uid && uid != cred->cr_uid) || 847 (gid != ip->i_gid && !groupmember(gid, cred))) && 848 (error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0))) 849 return (error); 850 ogid = ip->i_gid; 851 ouid = ip->i_uid; 852#ifdef QUOTA 853 if ((error = getinoquota(ip)) != 0) 854 return (error); 855 if (ouid == uid) { 856 dqrele(vp, ip->i_dquot[USRQUOTA]); 857 ip->i_dquot[USRQUOTA] = NODQUOT; 858 } 859 if (ogid == gid) { 860 dqrele(vp, ip->i_dquot[GRPQUOTA]); 861 ip->i_dquot[GRPQUOTA] = NODQUOT; 862 } 863 change = DIP(ip, i_blocks); 864 (void) chkdq(ip, -change, cred, CHOWN); 865 (void) chkiq(ip, -1, cred, CHOWN); 866 for (i = 0; i < MAXQUOTAS; i++) { 867 dqrele(vp, ip->i_dquot[i]); 868 ip->i_dquot[i] = NODQUOT; 869 } 870#endif 871 ip->i_gid = gid; 872 DIP_SET(ip, i_gid, gid); 873 ip->i_uid = uid; 874 DIP_SET(ip, i_uid, uid); 875#ifdef QUOTA 876 if ((error = getinoquota(ip)) == 0) { 877 if (ouid == uid) { 878 dqrele(vp, ip->i_dquot[USRQUOTA]); 879 ip->i_dquot[USRQUOTA] = NODQUOT; 880 } 881 if (ogid == gid) { 882 dqrele(vp, ip->i_dquot[GRPQUOTA]); 883 ip->i_dquot[GRPQUOTA] = NODQUOT; 884 } 885 if ((error = chkdq(ip, change, cred, CHOWN)) == 0) { 886 if ((error = chkiq(ip, 1, cred, CHOWN)) == 0) 887 goto good; 888 else 889 (void) chkdq(ip, -change, cred, CHOWN|FORCE); 890 } 891 for (i = 0; i < MAXQUOTAS; i++) { 892 dqrele(vp, ip->i_dquot[i]); 893 ip->i_dquot[i] = NODQUOT; 894 } 895 } 896 ip->i_gid = ogid; 897 DIP_SET(ip, i_gid, ogid); 898 ip->i_uid = ouid; 899 DIP_SET(ip, i_uid, ouid); 900 if (getinoquota(ip) == 0) { 901 if (ouid == uid) { 902 dqrele(vp, ip->i_dquot[USRQUOTA]); 903 ip->i_dquot[USRQUOTA] = NODQUOT; 904 } 905 if (ogid == gid) { 906 dqrele(vp, ip->i_dquot[GRPQUOTA]); 907 ip->i_dquot[GRPQUOTA] = NODQUOT; 908 } 909 (void) chkdq(ip, change, cred, FORCE|CHOWN); 910 (void) chkiq(ip, 1, cred, FORCE|CHOWN); 911 (void) getinoquota(ip); 912 } 913 return (error); 914good: 915 if (getinoquota(ip)) 916 panic("ufs_chown: lost quota"); 917#endif /* QUOTA */ 918 ip->i_flag |= IN_CHANGE; 919 if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) { 920 if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, 0)) { 921 ip->i_mode &= ~(ISUID | ISGID); 922 DIP_SET(ip, i_mode, ip->i_mode); 923 } 924 } 925 error = UFS_UPDATE(vp, 0); 926 return (error); 927} 928 929static int 930ufs_remove(ap) 931 struct vop_remove_args /* { 932 struct vnode *a_dvp; 933 struct vnode *a_vp; 934 struct componentname *a_cnp; 935 } */ *ap; 936{ 937 struct inode *ip; 938 struct vnode *vp = ap->a_vp; 939 struct vnode *dvp = ap->a_dvp; 940 int error; 941 struct thread *td; 942 943 td = curthread; 944 ip = VTOI(vp); 945 if ((ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) || 946 (VTOI(dvp)->i_flags & APPEND)) { 947 error = EPERM; 948 goto out; 949 } 950#ifdef UFS_GJOURNAL 951 ufs_gjournal_orphan(vp); 952#endif 953 error = ufs_dirremove(dvp, ip, ap->a_cnp->cn_flags, 0); 954 if (ip->i_nlink <= 0) 955 vp->v_vflag |= VV_NOSYNC; 956 if ((ip->i_flags & SF_SNAPSHOT) != 0) { 957 /* 958 * Avoid deadlock where another thread is trying to 959 * update the inodeblock for dvp and is waiting on 960 * snaplk. Temporary unlock the vnode lock for the 961 * unlinked file and sync the directory. This should 962 * allow vput() of the directory to not block later on 963 * while holding the snapshot vnode locked, assuming 964 * that the directory hasn't been unlinked too. 965 */ 966 VOP_UNLOCK(vp, 0); 967 (void) VOP_FSYNC(dvp, MNT_WAIT, td); 968 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 969 } 970out: 971 return (error); 972} 973 974/* 975 * link vnode call 976 */ 977static int 978ufs_link(ap) 979 struct vop_link_args /* { 980 struct vnode *a_tdvp; 981 struct vnode *a_vp; 982 struct componentname *a_cnp; 983 } */ *ap; 984{ 985 struct vnode *vp = ap->a_vp; 986 struct vnode *tdvp = ap->a_tdvp; 987 struct componentname *cnp = ap->a_cnp; 988 struct inode *ip; 989 struct direct newdir; 990 int error; 991 992#ifdef INVARIANTS 993 if ((cnp->cn_flags & HASBUF) == 0) 994 panic("ufs_link: no name"); 995#endif 996 if (tdvp->v_mount != vp->v_mount) { 997 error = EXDEV; 998 goto out; 999 } 1000 if (VTOI(tdvp)->i_effnlink < 2) 1001 panic("ufs_link: Bad link count %d on parent", 1002 VTOI(tdvp)->i_effnlink); 1003 ip = VTOI(vp); 1004 if ((nlink_t)ip->i_nlink >= LINK_MAX) { 1005 error = EMLINK; 1006 goto out; 1007 } 1008 /* 1009 * The file may have been removed after namei droped the original 1010 * lock. 1011 */ 1012 if (ip->i_effnlink == 0) { 1013 error = ENOENT; 1014 goto out; 1015 } 1016 if (ip->i_flags & (IMMUTABLE | APPEND)) { 1017 error = EPERM; 1018 goto out; 1019 } 1020 ip->i_effnlink++; 1021 ip->i_nlink++; 1022 DIP_SET(ip, i_nlink, ip->i_nlink); 1023 ip->i_flag |= IN_CHANGE; 1024 if (DOINGSOFTDEP(vp)) 1025 softdep_setup_link(VTOI(tdvp), ip); 1026 error = UFS_UPDATE(vp, !(DOINGSOFTDEP(vp) | DOINGASYNC(vp))); 1027 if (!error) { 1028 ufs_makedirentry(ip, cnp, &newdir); 1029 error = ufs_direnter(tdvp, vp, &newdir, cnp, NULL, 0); 1030 } 1031 1032 if (error) { 1033 ip->i_effnlink--; 1034 ip->i_nlink--; 1035 DIP_SET(ip, i_nlink, ip->i_nlink); 1036 ip->i_flag |= IN_CHANGE; 1037 if (DOINGSOFTDEP(vp)) 1038 softdep_revert_link(VTOI(tdvp), ip); 1039 } 1040out: 1041 return (error); 1042} 1043 1044/* 1045 * whiteout vnode call 1046 */ 1047static int 1048ufs_whiteout(ap) 1049 struct vop_whiteout_args /* { 1050 struct vnode *a_dvp; 1051 struct componentname *a_cnp; 1052 int a_flags; 1053 } */ *ap; 1054{ 1055 struct vnode *dvp = ap->a_dvp; 1056 struct componentname *cnp = ap->a_cnp; 1057 struct direct newdir; 1058 int error = 0; 1059 1060 switch (ap->a_flags) { 1061 case LOOKUP: 1062 /* 4.4 format directories support whiteout operations */ 1063 if (dvp->v_mount->mnt_maxsymlinklen > 0) 1064 return (0); 1065 return (EOPNOTSUPP); 1066 1067 case CREATE: 1068 /* create a new directory whiteout */ 1069#ifdef INVARIANTS 1070 if ((cnp->cn_flags & SAVENAME) == 0) 1071 panic("ufs_whiteout: missing name"); 1072 if (dvp->v_mount->mnt_maxsymlinklen <= 0) 1073 panic("ufs_whiteout: old format filesystem"); 1074#endif 1075 1076 newdir.d_ino = WINO; 1077 newdir.d_namlen = cnp->cn_namelen; 1078 bcopy(cnp->cn_nameptr, newdir.d_name, (unsigned)cnp->cn_namelen + 1); 1079 newdir.d_type = DT_WHT; 1080 error = ufs_direnter(dvp, NULL, &newdir, cnp, NULL, 0); 1081 break; 1082 1083 case DELETE: 1084 /* remove an existing directory whiteout */ 1085#ifdef INVARIANTS 1086 if (dvp->v_mount->mnt_maxsymlinklen <= 0) 1087 panic("ufs_whiteout: old format filesystem"); 1088#endif 1089 1090 cnp->cn_flags &= ~DOWHITEOUT; 1091 error = ufs_dirremove(dvp, NULL, cnp->cn_flags, 0); 1092 break; 1093 default: 1094 panic("ufs_whiteout: unknown op"); 1095 } 1096 return (error); 1097} 1098 1099static volatile int rename_restarts; 1100SYSCTL_INT(_vfs_ufs, OID_AUTO, rename_restarts, CTLFLAG_RD, 1101 __DEVOLATILE(int *, &rename_restarts), 0, 1102 "Times rename had to restart due to lock contention"); 1103 1104/* 1105 * Rename system call. 1106 * rename("foo", "bar"); 1107 * is essentially 1108 * unlink("bar"); 1109 * link("foo", "bar"); 1110 * unlink("foo"); 1111 * but ``atomically''. Can't do full commit without saving state in the 1112 * inode on disk which isn't feasible at this time. Best we can do is 1113 * always guarantee the target exists. 1114 * 1115 * Basic algorithm is: 1116 * 1117 * 1) Bump link count on source while we're linking it to the 1118 * target. This also ensure the inode won't be deleted out 1119 * from underneath us while we work (it may be truncated by 1120 * a concurrent `trunc' or `open' for creation). 1121 * 2) Link source to destination. If destination already exists, 1122 * delete it first. 1123 * 3) Unlink source reference to inode if still around. If a 1124 * directory was moved and the parent of the destination 1125 * is different from the source, patch the ".." entry in the 1126 * directory. 1127 */ 1128static int 1129ufs_rename(ap) 1130 struct vop_rename_args /* { 1131 struct vnode *a_fdvp; 1132 struct vnode *a_fvp; 1133 struct componentname *a_fcnp; 1134 struct vnode *a_tdvp; 1135 struct vnode *a_tvp; 1136 struct componentname *a_tcnp; 1137 } */ *ap; 1138{ 1139 struct vnode *tvp = ap->a_tvp; 1140 struct vnode *tdvp = ap->a_tdvp; 1141 struct vnode *fvp = ap->a_fvp; 1142 struct vnode *fdvp = ap->a_fdvp; 1143 struct vnode *nvp; 1144 struct componentname *tcnp = ap->a_tcnp; 1145 struct componentname *fcnp = ap->a_fcnp; 1146 struct thread *td = fcnp->cn_thread; 1147 struct inode *fip, *tip, *tdp, *fdp; 1148 struct direct newdir; 1149 off_t endoff; 1150 int doingdirectory, newparent; 1151 int error = 0; 1152 struct mount *mp; 1153 ino_t ino; 1154 1155#ifdef INVARIANTS 1156 if ((tcnp->cn_flags & HASBUF) == 0 || 1157 (fcnp->cn_flags & HASBUF) == 0) 1158 panic("ufs_rename: no name"); 1159#endif 1160 endoff = 0; 1161 mp = tdvp->v_mount; 1162 VOP_UNLOCK(tdvp, 0); 1163 if (tvp && tvp != tdvp) 1164 VOP_UNLOCK(tvp, 0); 1165 /* 1166 * Check for cross-device rename. 1167 */ 1168 if ((fvp->v_mount != tdvp->v_mount) || 1169 (tvp && (fvp->v_mount != tvp->v_mount))) { 1170 error = EXDEV; 1171 mp = NULL; 1172 goto releout; 1173 } 1174 error = vfs_busy(mp, 0); 1175 if (error) { 1176 mp = NULL; 1177 goto releout; 1178 } 1179relock: 1180 /* 1181 * We need to acquire 2 to 4 locks depending on whether tvp is NULL 1182 * and fdvp and tdvp are the same directory. Subsequently we need 1183 * to double-check all paths and in the directory rename case we 1184 * need to verify that we are not creating a directory loop. To 1185 * handle this we acquire all but fdvp using non-blocking 1186 * acquisitions. If we fail to acquire any lock in the path we will 1187 * drop all held locks, acquire the new lock in a blocking fashion, 1188 * and then release it and restart the rename. This acquire/release 1189 * step ensures that we do not spin on a lock waiting for release. 1190 */ 1191 error = vn_lock(fdvp, LK_EXCLUSIVE); 1192 if (error) 1193 goto releout; 1194 if (vn_lock(tdvp, LK_EXCLUSIVE | LK_NOWAIT) != 0) { 1195 VOP_UNLOCK(fdvp, 0); 1196 error = vn_lock(tdvp, LK_EXCLUSIVE); 1197 if (error) 1198 goto releout; 1199 VOP_UNLOCK(tdvp, 0); 1200 atomic_add_int(&rename_restarts, 1); 1201 goto relock; 1202 } 1203 /* 1204 * Re-resolve fvp to be certain it still exists and fetch the 1205 * correct vnode. 1206 */ 1207 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino); 1208 if (error) { 1209 VOP_UNLOCK(fdvp, 0); 1210 VOP_UNLOCK(tdvp, 0); 1211 goto releout; 1212 } 1213 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp); 1214 if (error) { 1215 VOP_UNLOCK(fdvp, 0); 1216 VOP_UNLOCK(tdvp, 0); 1217 if (error != EBUSY) 1218 goto releout; 1219 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp); 1220 if (error != 0) 1221 goto releout; 1222 VOP_UNLOCK(nvp, 0); 1223 vrele(fvp); 1224 fvp = nvp; 1225 atomic_add_int(&rename_restarts, 1); 1226 goto relock; 1227 } 1228 vrele(fvp); 1229 fvp = nvp; 1230 /* 1231 * Re-resolve tvp and acquire the vnode lock if present. 1232 */ 1233 error = ufs_lookup_ino(tdvp, NULL, tcnp, &ino); 1234 if (error != 0 && error != EJUSTRETURN) { 1235 VOP_UNLOCK(fdvp, 0); 1236 VOP_UNLOCK(tdvp, 0); 1237 VOP_UNLOCK(fvp, 0); 1238 goto releout; 1239 } 1240 /* 1241 * If tvp disappeared we just carry on. 1242 */ 1243 if (error == EJUSTRETURN && tvp != NULL) { 1244 vrele(tvp); 1245 tvp = NULL; 1246 } 1247 /* 1248 * Get the tvp ino if the lookup succeeded. We may have to restart 1249 * if the non-blocking acquire fails. 1250 */ 1251 if (error == 0) { 1252 nvp = NULL; 1253 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp); 1254 if (tvp) 1255 vrele(tvp); 1256 tvp = nvp; 1257 if (error) { 1258 VOP_UNLOCK(fdvp, 0); 1259 VOP_UNLOCK(tdvp, 0); 1260 VOP_UNLOCK(fvp, 0); 1261 if (error != EBUSY) 1262 goto releout; 1263 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp); 1264 if (error != 0) 1265 goto releout; 1266 vput(nvp); 1267 atomic_add_int(&rename_restarts, 1); 1268 goto relock; 1269 } 1270 } 1271 fdp = VTOI(fdvp); 1272 fip = VTOI(fvp); 1273 tdp = VTOI(tdvp); 1274 tip = NULL; 1275 if (tvp) 1276 tip = VTOI(tvp); 1277 if (tvp && ((VTOI(tvp)->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) || 1278 (VTOI(tdvp)->i_flags & APPEND))) { 1279 error = EPERM; 1280 goto unlockout; 1281 } 1282 /* 1283 * Renaming a file to itself has no effect. The upper layers should 1284 * not call us in that case. However, things could change after 1285 * we drop the locks above. 1286 */ 1287 if (fvp == tvp) { 1288 error = 0; 1289 goto unlockout; 1290 } 1291 doingdirectory = 0; 1292 newparent = 0; 1293 ino = fip->i_number; 1294 if (fip->i_nlink >= LINK_MAX) { 1295 error = EMLINK; 1296 goto unlockout; 1297 } 1298 if ((fip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) 1299 || (fdp->i_flags & APPEND)) { 1300 error = EPERM; 1301 goto unlockout; 1302 } 1303 if ((fip->i_mode & IFMT) == IFDIR) { 1304 /* 1305 * Avoid ".", "..", and aliases of "." for obvious reasons. 1306 */ 1307 if ((fcnp->cn_namelen == 1 && fcnp->cn_nameptr[0] == '.') || 1308 fdp == fip || 1309 (fcnp->cn_flags | tcnp->cn_flags) & ISDOTDOT) { 1310 error = EINVAL; 1311 goto unlockout; 1312 } 1313 if (fdp->i_number != tdp->i_number) 1314 newparent = tdp->i_number; 1315 doingdirectory = 1; 1316 } 1317 if ((fvp->v_type == VDIR && fvp->v_mountedhere != NULL) || 1318 (tvp != NULL && tvp->v_type == VDIR && 1319 tvp->v_mountedhere != NULL)) { 1320 error = EXDEV; 1321 goto unlockout; 1322 } 1323 1324 /* 1325 * If ".." must be changed (ie the directory gets a new 1326 * parent) then the source directory must not be in the 1327 * directory hierarchy above the target, as this would 1328 * orphan everything below the source directory. Also 1329 * the user must have write permission in the source so 1330 * as to be able to change "..". 1331 */ 1332 if (doingdirectory && newparent) { 1333 error = VOP_ACCESS(fvp, VWRITE, tcnp->cn_cred, tcnp->cn_thread); 1334 if (error) 1335 goto unlockout; 1336 error = ufs_checkpath(ino, fdp->i_number, tdp, tcnp->cn_cred, 1337 &ino); 1338 /* 1339 * We encountered a lock that we have to wait for. Unlock 1340 * everything else and VGET before restarting. 1341 */ 1342 if (ino) { 1343 VOP_UNLOCK(fdvp, 0); 1344 VOP_UNLOCK(fvp, 0); 1345 VOP_UNLOCK(tdvp, 0); 1346 if (tvp) 1347 VOP_UNLOCK(tvp, 0); 1348 error = VFS_VGET(mp, ino, LK_SHARED, &nvp); 1349 if (error == 0) 1350 vput(nvp); 1351 atomic_add_int(&rename_restarts, 1); 1352 goto relock; 1353 } 1354 if (error) 1355 goto unlockout; 1356 if ((tcnp->cn_flags & SAVESTART) == 0) 1357 panic("ufs_rename: lost to startdir"); 1358 } 1359 if (fip->i_effnlink == 0 || fdp->i_effnlink == 0 || 1360 tdp->i_effnlink == 0) 1361 panic("Bad effnlink fip %p, fdp %p, tdp %p", fip, fdp, tdp); 1362 1363 /* 1364 * 1) Bump link count while we're moving stuff 1365 * around. If we crash somewhere before 1366 * completing our work, the link count 1367 * may be wrong, but correctable. 1368 */ 1369 fip->i_effnlink++; 1370 fip->i_nlink++; 1371 DIP_SET(fip, i_nlink, fip->i_nlink); 1372 fip->i_flag |= IN_CHANGE; 1373 if (DOINGSOFTDEP(fvp)) 1374 softdep_setup_link(tdp, fip); 1375 error = UFS_UPDATE(fvp, !(DOINGSOFTDEP(fvp) | DOINGASYNC(fvp))); 1376 if (error) 1377 goto bad; 1378 1379 /* 1380 * 2) If target doesn't exist, link the target 1381 * to the source and unlink the source. 1382 * Otherwise, rewrite the target directory 1383 * entry to reference the source inode and 1384 * expunge the original entry's existence. 1385 */ 1386 if (tip == NULL) { 1387 if (tdp->i_dev != fip->i_dev) 1388 panic("ufs_rename: EXDEV"); 1389 if (doingdirectory && newparent) { 1390 /* 1391 * Account for ".." in new directory. 1392 * When source and destination have the same 1393 * parent we don't adjust the link count. The 1394 * actual link modification is completed when 1395 * .. is rewritten below. 1396 */ 1397 if ((nlink_t)tdp->i_nlink >= LINK_MAX) { 1398 error = EMLINK; 1399 goto bad; 1400 } 1401 } 1402 ufs_makedirentry(fip, tcnp, &newdir); 1403 error = ufs_direnter(tdvp, NULL, &newdir, tcnp, NULL, 1); 1404 if (error) 1405 goto bad; 1406 /* Setup tdvp for directory compaction if needed. */ 1407 if (tdp->i_count && tdp->i_endoff && 1408 tdp->i_endoff < tdp->i_size) 1409 endoff = tdp->i_endoff; 1410 } else { 1411 if (tip->i_dev != tdp->i_dev || tip->i_dev != fip->i_dev) 1412 panic("ufs_rename: EXDEV"); 1413 /* 1414 * Short circuit rename(foo, foo). 1415 */ 1416 if (tip->i_number == fip->i_number) 1417 panic("ufs_rename: same file"); 1418 /* 1419 * If the parent directory is "sticky", then the caller 1420 * must possess VADMIN for the parent directory, or the 1421 * destination of the rename. This implements append-only 1422 * directories. 1423 */ 1424 if ((tdp->i_mode & S_ISTXT) && 1425 VOP_ACCESS(tdvp, VADMIN, tcnp->cn_cred, td) && 1426 VOP_ACCESS(tvp, VADMIN, tcnp->cn_cred, td)) { 1427 error = EPERM; 1428 goto bad; 1429 } 1430 /* 1431 * Target must be empty if a directory and have no links 1432 * to it. Also, ensure source and target are compatible 1433 * (both directories, or both not directories). 1434 */ 1435 if ((tip->i_mode & IFMT) == IFDIR) { 1436 if ((tip->i_effnlink > 2) || 1437 !ufs_dirempty(tip, tdp->i_number, tcnp->cn_cred)) { 1438 error = ENOTEMPTY; 1439 goto bad; 1440 } 1441 if (!doingdirectory) { 1442 error = ENOTDIR; 1443 goto bad; 1444 } 1445 cache_purge(tdvp); 1446 } else if (doingdirectory) { 1447 error = EISDIR; 1448 goto bad; 1449 } 1450 if (doingdirectory) { 1451 if (!newparent) { 1452 tdp->i_effnlink--; 1453 if (DOINGSOFTDEP(tdvp)) 1454 softdep_change_linkcnt(tdp); 1455 } 1456 tip->i_effnlink--; 1457 if (DOINGSOFTDEP(tvp)) 1458 softdep_change_linkcnt(tip); 1459 } 1460 error = ufs_dirrewrite(tdp, tip, fip->i_number, 1461 IFTODT(fip->i_mode), 1462 (doingdirectory && newparent) ? newparent : doingdirectory); 1463 if (error) { 1464 if (doingdirectory) { 1465 if (!newparent) { 1466 tdp->i_effnlink++; 1467 if (DOINGSOFTDEP(tdvp)) 1468 softdep_change_linkcnt(tdp); 1469 } 1470 tip->i_effnlink++; 1471 if (DOINGSOFTDEP(tvp)) 1472 softdep_change_linkcnt(tip); 1473 } 1474 } 1475 if (doingdirectory && !DOINGSOFTDEP(tvp)) { 1476 /* 1477 * The only stuff left in the directory is "." 1478 * and "..". The "." reference is inconsequential 1479 * since we are quashing it. We have removed the "." 1480 * reference and the reference in the parent directory, 1481 * but there may be other hard links. The soft 1482 * dependency code will arrange to do these operations 1483 * after the parent directory entry has been deleted on 1484 * disk, so when running with that code we avoid doing 1485 * them now. 1486 */ 1487 if (!newparent) { 1488 tdp->i_nlink--; 1489 DIP_SET(tdp, i_nlink, tdp->i_nlink); 1490 tdp->i_flag |= IN_CHANGE; 1491 } 1492 tip->i_nlink--; 1493 DIP_SET(tip, i_nlink, tip->i_nlink); 1494 tip->i_flag |= IN_CHANGE; 1495 } 1496 } 1497 1498 /* 1499 * 3) Unlink the source. We have to resolve the path again to 1500 * fixup the directory offset and count for ufs_dirremove. 1501 */ 1502 if (fdvp == tdvp) { 1503 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino); 1504 if (error) 1505 panic("ufs_rename: from entry went away!"); 1506 if (ino != fip->i_number) 1507 panic("ufs_rename: ino mismatch %ju != %ju\n", 1508 (uintmax_t)ino, (uintmax_t)fip->i_number); 1509 } 1510 /* 1511 * If the source is a directory with a 1512 * new parent, the link count of the old 1513 * parent directory must be decremented 1514 * and ".." set to point to the new parent. 1515 */ 1516 if (doingdirectory && newparent) { 1517 /* 1518 * If tip exists we simply use its link, otherwise we must 1519 * add a new one. 1520 */ 1521 if (tip == NULL) { 1522 tdp->i_effnlink++; 1523 tdp->i_nlink++; 1524 DIP_SET(tdp, i_nlink, tdp->i_nlink); 1525 tdp->i_flag |= IN_CHANGE; 1526 if (DOINGSOFTDEP(tdvp)) 1527 softdep_setup_dotdot_link(tdp, fip); 1528 error = UFS_UPDATE(tdvp, !(DOINGSOFTDEP(tdvp) | 1529 DOINGASYNC(tdvp))); 1530 /* Don't go to bad here as the new link exists. */ 1531 if (error) 1532 goto unlockout; 1533 } else if (DOINGSUJ(tdvp)) 1534 /* Journal must account for each new link. */ 1535 softdep_setup_dotdot_link(tdp, fip); 1536 fip->i_offset = mastertemplate.dot_reclen; 1537 ufs_dirrewrite(fip, fdp, newparent, DT_DIR, 0); 1538 cache_purge(fdvp); 1539 } 1540 error = ufs_dirremove(fdvp, fip, fcnp->cn_flags, 0); 1541 /* 1542 * The kern_renameat() looks up the fvp using the DELETE flag, which 1543 * causes the removal of the name cache entry for fvp. 1544 * As the relookup of the fvp is done in two steps: 1545 * ufs_lookup_ino() and then VFS_VGET(), another thread might do a 1546 * normal lookup of the from name just before the VFS_VGET() call, 1547 * causing the cache entry to be re-instantiated. 1548 * 1549 * The same issue also applies to tvp if it exists as 1550 * otherwise we may have a stale name cache entry for the new 1551 * name that references the old i-node if it has other links 1552 * or open file descriptors. 1553 */ 1554 cache_purge(fvp); 1555 if (tvp) 1556 cache_purge(tvp); 1557 cache_purge_negative(tdvp); 1558 1559unlockout: 1560 vput(fdvp); 1561 vput(fvp); 1562 if (tvp) 1563 vput(tvp); 1564 /* 1565 * If compaction or fsync was requested do it now that other locks 1566 * are no longer needed. 1567 */ 1568 if (error == 0 && endoff != 0) { 1569#ifdef UFS_DIRHASH 1570 if (tdp->i_dirhash != NULL) 1571 ufsdirhash_dirtrunc(tdp, endoff); 1572#endif 1573 UFS_TRUNCATE(tdvp, endoff, IO_NORMAL | IO_SYNC, tcnp->cn_cred); 1574 } 1575 if (error == 0 && tdp->i_flag & IN_NEEDSYNC) 1576 error = VOP_FSYNC(tdvp, MNT_WAIT, td); 1577 vput(tdvp); 1578 if (mp) 1579 vfs_unbusy(mp); 1580 return (error); 1581 1582bad: 1583 fip->i_effnlink--; 1584 fip->i_nlink--; 1585 DIP_SET(fip, i_nlink, fip->i_nlink); 1586 fip->i_flag |= IN_CHANGE; 1587 if (DOINGSOFTDEP(fvp)) 1588 softdep_revert_link(tdp, fip); 1589 goto unlockout; 1590 1591releout: 1592 vrele(fdvp); 1593 vrele(fvp); 1594 vrele(tdvp); 1595 if (tvp) 1596 vrele(tvp); 1597 if (mp) 1598 vfs_unbusy(mp); 1599 1600 return (error); 1601} 1602 1603#ifdef UFS_ACL 1604static int 1605ufs_do_posix1e_acl_inheritance_dir(struct vnode *dvp, struct vnode *tvp, 1606 mode_t dmode, struct ucred *cred, struct thread *td) 1607{ 1608 int error; 1609 struct inode *ip = VTOI(tvp); 1610 struct acl *dacl, *acl; 1611 1612 acl = acl_alloc(M_WAITOK); 1613 dacl = acl_alloc(M_WAITOK); 1614 1615 /* 1616 * Retrieve default ACL from parent, if any. 1617 */ 1618 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td); 1619 switch (error) { 1620 case 0: 1621 /* 1622 * Retrieved a default ACL, so merge mode and ACL if 1623 * necessary. If the ACL is empty, fall through to 1624 * the "not defined or available" case. 1625 */ 1626 if (acl->acl_cnt != 0) { 1627 dmode = acl_posix1e_newfilemode(dmode, acl); 1628 ip->i_mode = dmode; 1629 DIP_SET(ip, i_mode, dmode); 1630 *dacl = *acl; 1631 ufs_sync_acl_from_inode(ip, acl); 1632 break; 1633 } 1634 /* FALLTHROUGH */ 1635 1636 case EOPNOTSUPP: 1637 /* 1638 * Just use the mode as-is. 1639 */ 1640 ip->i_mode = dmode; 1641 DIP_SET(ip, i_mode, dmode); 1642 error = 0; 1643 goto out; 1644 1645 default: 1646 goto out; 1647 } 1648 1649 /* 1650 * XXX: If we abort now, will Soft Updates notify the extattr 1651 * code that the EAs for the file need to be released? 1652 */ 1653 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td); 1654 if (error == 0) 1655 error = VOP_SETACL(tvp, ACL_TYPE_DEFAULT, dacl, cred, td); 1656 switch (error) { 1657 case 0: 1658 break; 1659 1660 case EOPNOTSUPP: 1661 /* 1662 * XXX: This should not happen, as EOPNOTSUPP above 1663 * was supposed to free acl. 1664 */ 1665 printf("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()\n"); 1666 /* 1667 panic("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()"); 1668 */ 1669 break; 1670 1671 default: 1672 goto out; 1673 } 1674 1675out: 1676 acl_free(acl); 1677 acl_free(dacl); 1678 1679 return (error); 1680} 1681 1682static int 1683ufs_do_posix1e_acl_inheritance_file(struct vnode *dvp, struct vnode *tvp, 1684 mode_t mode, struct ucred *cred, struct thread *td) 1685{ 1686 int error; 1687 struct inode *ip = VTOI(tvp); 1688 struct acl *acl; 1689 1690 acl = acl_alloc(M_WAITOK); 1691 1692 /* 1693 * Retrieve default ACL for parent, if any. 1694 */ 1695 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td); 1696 switch (error) { 1697 case 0: 1698 /* 1699 * Retrieved a default ACL, so merge mode and ACL if 1700 * necessary. 1701 */ 1702 if (acl->acl_cnt != 0) { 1703 /* 1704 * Two possible ways for default ACL to not 1705 * be present. First, the EA can be 1706 * undefined, or second, the default ACL can 1707 * be blank. If it's blank, fall through to 1708 * the it's not defined case. 1709 */ 1710 mode = acl_posix1e_newfilemode(mode, acl); 1711 ip->i_mode = mode; 1712 DIP_SET(ip, i_mode, mode); 1713 ufs_sync_acl_from_inode(ip, acl); 1714 break; 1715 } 1716 /* FALLTHROUGH */ 1717 1718 case EOPNOTSUPP: 1719 /* 1720 * Just use the mode as-is. 1721 */ 1722 ip->i_mode = mode; 1723 DIP_SET(ip, i_mode, mode); 1724 error = 0; 1725 goto out; 1726 1727 default: 1728 goto out; 1729 } 1730 1731 /* 1732 * XXX: If we abort now, will Soft Updates notify the extattr 1733 * code that the EAs for the file need to be released? 1734 */ 1735 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td); 1736 switch (error) { 1737 case 0: 1738 break; 1739 1740 case EOPNOTSUPP: 1741 /* 1742 * XXX: This should not happen, as EOPNOTSUPP above was 1743 * supposed to free acl. 1744 */ 1745 printf("ufs_makeinode: VOP_GETACL() but no " 1746 "VOP_SETACL()\n"); 1747 /* panic("ufs_makeinode: VOP_GETACL() but no " 1748 "VOP_SETACL()"); */ 1749 break; 1750 1751 default: 1752 goto out; 1753 } 1754 1755out: 1756 acl_free(acl); 1757 1758 return (error); 1759} 1760 1761static int 1762ufs_do_nfs4_acl_inheritance(struct vnode *dvp, struct vnode *tvp, 1763 mode_t child_mode, struct ucred *cred, struct thread *td) 1764{ 1765 int error; 1766 struct acl *parent_aclp, *child_aclp; 1767 1768 parent_aclp = acl_alloc(M_WAITOK); 1769 child_aclp = acl_alloc(M_WAITOK | M_ZERO); 1770 1771 error = ufs_getacl_nfs4_internal(dvp, parent_aclp, td); 1772 if (error) 1773 goto out; 1774 acl_nfs4_compute_inherited_acl(parent_aclp, child_aclp, 1775 child_mode, VTOI(tvp)->i_uid, tvp->v_type == VDIR); 1776 error = ufs_setacl_nfs4_internal(tvp, child_aclp, td); 1777 if (error) 1778 goto out; 1779out: 1780 acl_free(parent_aclp); 1781 acl_free(child_aclp); 1782 1783 return (error); 1784} 1785#endif 1786 1787/* 1788 * Mkdir system call 1789 */ 1790static int 1791ufs_mkdir(ap) 1792 struct vop_mkdir_args /* { 1793 struct vnode *a_dvp; 1794 struct vnode **a_vpp; 1795 struct componentname *a_cnp; 1796 struct vattr *a_vap; 1797 } */ *ap; 1798{ 1799 struct vnode *dvp = ap->a_dvp; 1800 struct vattr *vap = ap->a_vap; 1801 struct componentname *cnp = ap->a_cnp; 1802 struct inode *ip, *dp; 1803 struct vnode *tvp; 1804 struct buf *bp; 1805 struct dirtemplate dirtemplate, *dtp; 1806 struct direct newdir; 1807 int error, dmode; 1808 long blkoff; 1809 1810#ifdef INVARIANTS 1811 if ((cnp->cn_flags & HASBUF) == 0) 1812 panic("ufs_mkdir: no name"); 1813#endif 1814 dp = VTOI(dvp); 1815 if ((nlink_t)dp->i_nlink >= LINK_MAX) { 1816 error = EMLINK; 1817 goto out; 1818 } 1819 dmode = vap->va_mode & 0777; 1820 dmode |= IFDIR; 1821 /* 1822 * Must simulate part of ufs_makeinode here to acquire the inode, 1823 * but not have it entered in the parent directory. The entry is 1824 * made later after writing "." and ".." entries. 1825 */ 1826 error = UFS_VALLOC(dvp, dmode, cnp->cn_cred, &tvp); 1827 if (error) 1828 goto out; 1829 ip = VTOI(tvp); 1830 ip->i_gid = dp->i_gid; 1831 DIP_SET(ip, i_gid, dp->i_gid); 1832#ifdef SUIDDIR 1833 { 1834#ifdef QUOTA 1835 struct ucred ucred, *ucp; 1836 gid_t ucred_group; 1837 ucp = cnp->cn_cred; 1838#endif 1839 /* 1840 * If we are hacking owners here, (only do this where told to) 1841 * and we are not giving it TO root, (would subvert quotas) 1842 * then go ahead and give it to the other user. 1843 * The new directory also inherits the SUID bit. 1844 * If user's UID and dir UID are the same, 1845 * 'give it away' so that the SUID is still forced on. 1846 */ 1847 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) && 1848 (dp->i_mode & ISUID) && dp->i_uid) { 1849 dmode |= ISUID; 1850 ip->i_uid = dp->i_uid; 1851 DIP_SET(ip, i_uid, dp->i_uid); 1852#ifdef QUOTA 1853 if (dp->i_uid != cnp->cn_cred->cr_uid) { 1854 /* 1855 * Make sure the correct user gets charged 1856 * for the space. 1857 * Make a dummy credential for the victim. 1858 * XXX This seems to never be accessed out of 1859 * our context so a stack variable is ok. 1860 */ 1861 refcount_init(&ucred.cr_ref, 1); 1862 ucred.cr_uid = ip->i_uid; 1863 ucred.cr_ngroups = 1; 1864 ucred.cr_groups = &ucred_group; 1865 ucred.cr_groups[0] = dp->i_gid; 1866 ucp = &ucred; 1867 } 1868#endif 1869 } else { 1870 ip->i_uid = cnp->cn_cred->cr_uid; 1871 DIP_SET(ip, i_uid, ip->i_uid); 1872 } 1873#ifdef QUOTA 1874 if ((error = getinoquota(ip)) || 1875 (error = chkiq(ip, 1, ucp, 0))) { 1876 if (DOINGSOFTDEP(tvp)) 1877 softdep_revert_link(dp, ip); 1878 UFS_VFREE(tvp, ip->i_number, dmode); 1879 vput(tvp); 1880 return (error); 1881 } 1882#endif 1883 } 1884#else /* !SUIDDIR */ 1885 ip->i_uid = cnp->cn_cred->cr_uid; 1886 DIP_SET(ip, i_uid, ip->i_uid); 1887#ifdef QUOTA 1888 if ((error = getinoquota(ip)) || 1889 (error = chkiq(ip, 1, cnp->cn_cred, 0))) { 1890 if (DOINGSOFTDEP(tvp)) 1891 softdep_revert_link(dp, ip); 1892 UFS_VFREE(tvp, ip->i_number, dmode); 1893 vput(tvp); 1894 return (error); 1895 } 1896#endif 1897#endif /* !SUIDDIR */ 1898 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE; 1899 ip->i_mode = dmode; 1900 DIP_SET(ip, i_mode, dmode); 1901 tvp->v_type = VDIR; /* Rest init'd in getnewvnode(). */ 1902 ip->i_effnlink = 2; 1903 ip->i_nlink = 2; 1904 DIP_SET(ip, i_nlink, 2); 1905 1906 if (cnp->cn_flags & ISWHITEOUT) { 1907 ip->i_flags |= UF_OPAQUE; 1908 DIP_SET(ip, i_flags, ip->i_flags); 1909 } 1910 1911 /* 1912 * Bump link count in parent directory to reflect work done below. 1913 * Should be done before reference is created so cleanup is 1914 * possible if we crash. 1915 */ 1916 dp->i_effnlink++; 1917 dp->i_nlink++; 1918 DIP_SET(dp, i_nlink, dp->i_nlink); 1919 dp->i_flag |= IN_CHANGE; 1920 if (DOINGSOFTDEP(dvp)) 1921 softdep_setup_mkdir(dp, ip); 1922 error = UFS_UPDATE(dvp, !(DOINGSOFTDEP(dvp) | DOINGASYNC(dvp))); 1923 if (error) 1924 goto bad; 1925#ifdef MAC 1926 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) { 1927 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount, 1928 dvp, tvp, cnp); 1929 if (error) 1930 goto bad; 1931 } 1932#endif 1933#ifdef UFS_ACL 1934 if (dvp->v_mount->mnt_flag & MNT_ACLS) { 1935 error = ufs_do_posix1e_acl_inheritance_dir(dvp, tvp, dmode, 1936 cnp->cn_cred, cnp->cn_thread); 1937 if (error) 1938 goto bad; 1939 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) { 1940 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, dmode, 1941 cnp->cn_cred, cnp->cn_thread); 1942 if (error) 1943 goto bad; 1944 } 1945#endif /* !UFS_ACL */ 1946 1947 /* 1948 * Initialize directory with "." and ".." from static template. 1949 */ 1950 if (dvp->v_mount->mnt_maxsymlinklen > 0) 1951 dtp = &mastertemplate; 1952 else 1953 dtp = (struct dirtemplate *)&omastertemplate; 1954 dirtemplate = *dtp; 1955 dirtemplate.dot_ino = ip->i_number; 1956 dirtemplate.dotdot_ino = dp->i_number; 1957 if ((error = UFS_BALLOC(tvp, (off_t)0, DIRBLKSIZ, cnp->cn_cred, 1958 BA_CLRBUF, &bp)) != 0) 1959 goto bad; 1960 ip->i_size = DIRBLKSIZ; 1961 DIP_SET(ip, i_size, DIRBLKSIZ); 1962 ip->i_flag |= IN_CHANGE | IN_UPDATE; 1963 vnode_pager_setsize(tvp, (u_long)ip->i_size); 1964 bcopy((caddr_t)&dirtemplate, (caddr_t)bp->b_data, sizeof dirtemplate); 1965 if (DOINGSOFTDEP(tvp)) { 1966 /* 1967 * Ensure that the entire newly allocated block is a 1968 * valid directory so that future growth within the 1969 * block does not have to ensure that the block is 1970 * written before the inode. 1971 */ 1972 blkoff = DIRBLKSIZ; 1973 while (blkoff < bp->b_bcount) { 1974 ((struct direct *) 1975 (bp->b_data + blkoff))->d_reclen = DIRBLKSIZ; 1976 blkoff += DIRBLKSIZ; 1977 } 1978 } 1979 if ((error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(tvp) | 1980 DOINGASYNC(tvp)))) != 0) { 1981 (void)bwrite(bp); 1982 goto bad; 1983 } 1984 /* 1985 * Directory set up, now install its entry in the parent directory. 1986 * 1987 * If we are not doing soft dependencies, then we must write out the 1988 * buffer containing the new directory body before entering the new 1989 * name in the parent. If we are doing soft dependencies, then the 1990 * buffer containing the new directory body will be passed to and 1991 * released in the soft dependency code after the code has attached 1992 * an appropriate ordering dependency to the buffer which ensures that 1993 * the buffer is written before the new name is written in the parent. 1994 */ 1995 if (DOINGASYNC(dvp)) 1996 bdwrite(bp); 1997 else if (!DOINGSOFTDEP(dvp) && ((error = bwrite(bp)))) 1998 goto bad; 1999 ufs_makedirentry(ip, cnp, &newdir); 2000 error = ufs_direnter(dvp, tvp, &newdir, cnp, bp, 0); 2001 2002bad: 2003 if (error == 0) { 2004 *ap->a_vpp = tvp; 2005 } else { 2006 dp->i_effnlink--; 2007 dp->i_nlink--; 2008 DIP_SET(dp, i_nlink, dp->i_nlink); 2009 dp->i_flag |= IN_CHANGE; 2010 /* 2011 * No need to do an explicit VOP_TRUNCATE here, vrele will 2012 * do this for us because we set the link count to 0. 2013 */ 2014 ip->i_effnlink = 0; 2015 ip->i_nlink = 0; 2016 DIP_SET(ip, i_nlink, 0); 2017 ip->i_flag |= IN_CHANGE; 2018 if (DOINGSOFTDEP(tvp)) 2019 softdep_revert_mkdir(dp, ip); 2020 2021 vput(tvp); 2022 } 2023out: 2024 return (error); 2025} 2026 2027/* 2028 * Rmdir system call. 2029 */ 2030static int 2031ufs_rmdir(ap) 2032 struct vop_rmdir_args /* { 2033 struct vnode *a_dvp; 2034 struct vnode *a_vp; 2035 struct componentname *a_cnp; 2036 } */ *ap; 2037{ 2038 struct vnode *vp = ap->a_vp; 2039 struct vnode *dvp = ap->a_dvp; 2040 struct componentname *cnp = ap->a_cnp; 2041 struct inode *ip, *dp; 2042 int error; 2043 2044 ip = VTOI(vp); 2045 dp = VTOI(dvp); 2046 2047 /* 2048 * Do not remove a directory that is in the process of being renamed. 2049 * Verify the directory is empty (and valid). Rmdir ".." will not be 2050 * valid since ".." will contain a reference to the current directory 2051 * and thus be non-empty. Do not allow the removal of mounted on 2052 * directories (this can happen when an NFS exported filesystem 2053 * tries to remove a locally mounted on directory). 2054 */ 2055 error = 0; 2056 if (ip->i_effnlink < 2) { 2057 error = EINVAL; 2058 goto out; 2059 } 2060 if (dp->i_effnlink < 3) 2061 panic("ufs_dirrem: Bad link count %d on parent", 2062 dp->i_effnlink); 2063 if (!ufs_dirempty(ip, dp->i_number, cnp->cn_cred)) { 2064 error = ENOTEMPTY; 2065 goto out; 2066 } 2067 if ((dp->i_flags & APPEND) 2068 || (ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))) { 2069 error = EPERM; 2070 goto out; 2071 } 2072 if (vp->v_mountedhere != 0) { 2073 error = EINVAL; 2074 goto out; 2075 } 2076#ifdef UFS_GJOURNAL 2077 ufs_gjournal_orphan(vp); 2078#endif 2079 /* 2080 * Delete reference to directory before purging 2081 * inode. If we crash in between, the directory 2082 * will be reattached to lost+found, 2083 */ 2084 dp->i_effnlink--; 2085 ip->i_effnlink--; 2086 if (DOINGSOFTDEP(vp)) 2087 softdep_setup_rmdir(dp, ip); 2088 error = ufs_dirremove(dvp, ip, cnp->cn_flags, 1); 2089 if (error) { 2090 dp->i_effnlink++; 2091 ip->i_effnlink++; 2092 if (DOINGSOFTDEP(vp)) 2093 softdep_revert_rmdir(dp, ip); 2094 goto out; 2095 } 2096 cache_purge(dvp); 2097 /* 2098 * The only stuff left in the directory is "." and "..". The "." 2099 * reference is inconsequential since we are quashing it. The soft 2100 * dependency code will arrange to do these operations after 2101 * the parent directory entry has been deleted on disk, so 2102 * when running with that code we avoid doing them now. 2103 */ 2104 if (!DOINGSOFTDEP(vp)) { 2105 dp->i_nlink--; 2106 DIP_SET(dp, i_nlink, dp->i_nlink); 2107 dp->i_flag |= IN_CHANGE; 2108 error = UFS_UPDATE(dvp, 0); 2109 ip->i_nlink--; 2110 DIP_SET(ip, i_nlink, ip->i_nlink); 2111 ip->i_flag |= IN_CHANGE; 2112 } 2113 cache_purge(vp); 2114#ifdef UFS_DIRHASH 2115 /* Kill any active hash; i_effnlink == 0, so it will not come back. */ 2116 if (ip->i_dirhash != NULL) 2117 ufsdirhash_free(ip); 2118#endif 2119out: 2120 return (error); 2121} 2122 2123/* 2124 * symlink -- make a symbolic link 2125 */ 2126static int 2127ufs_symlink(ap) 2128 struct vop_symlink_args /* { 2129 struct vnode *a_dvp; 2130 struct vnode **a_vpp; 2131 struct componentname *a_cnp; 2132 struct vattr *a_vap; 2133 char *a_target; 2134 } */ *ap; 2135{ 2136 struct vnode *vp, **vpp = ap->a_vpp; 2137 struct inode *ip; 2138 int len, error; 2139 2140 error = ufs_makeinode(IFLNK | ap->a_vap->va_mode, ap->a_dvp, 2141 vpp, ap->a_cnp); 2142 if (error) 2143 return (error); 2144 vp = *vpp; 2145 len = strlen(ap->a_target); 2146 if (len < vp->v_mount->mnt_maxsymlinklen) { 2147 ip = VTOI(vp); 2148 bcopy(ap->a_target, SHORTLINK(ip), len); 2149 ip->i_size = len; 2150 DIP_SET(ip, i_size, len); 2151 ip->i_flag |= IN_CHANGE | IN_UPDATE; 2152 error = UFS_UPDATE(vp, 0); 2153 } else 2154 error = vn_rdwr(UIO_WRITE, vp, ap->a_target, len, (off_t)0, 2155 UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK, 2156 ap->a_cnp->cn_cred, NOCRED, NULL, NULL); 2157 if (error) 2158 vput(vp); 2159 return (error); 2160} 2161 2162/* 2163 * Vnode op for reading directories. 2164 */ 2165int 2166ufs_readdir(ap) 2167 struct vop_readdir_args /* { 2168 struct vnode *a_vp; 2169 struct uio *a_uio; 2170 struct ucred *a_cred; 2171 int *a_eofflag; 2172 int *a_ncookies; 2173 u_long **a_cookies; 2174 } */ *ap; 2175{ 2176 struct vnode *vp = ap->a_vp; 2177 struct uio *uio = ap->a_uio; 2178 struct buf *bp; 2179 struct inode *ip; 2180 struct direct *dp, *edp; 2181 u_long *cookies; 2182 struct dirent dstdp; 2183 off_t offset, startoffset; 2184 size_t readcnt, skipcnt; 2185 ssize_t startresid; 2186 int ncookies; 2187 int error; 2188 2189 if (uio->uio_offset < 0) 2190 return (EINVAL); 2191 ip = VTOI(vp); 2192 if (ip->i_effnlink == 0) 2193 return (0); 2194 if (ap->a_ncookies != NULL) { 2195 ncookies = uio->uio_resid; 2196 if (uio->uio_offset >= ip->i_size) 2197 ncookies = 0; 2198 else if (ip->i_size - uio->uio_offset < ncookies) 2199 ncookies = ip->i_size - uio->uio_offset; 2200 ncookies = ncookies / (offsetof(struct direct, d_name) + 4) + 1; 2201 cookies = malloc(ncookies * sizeof(*cookies), M_TEMP, M_WAITOK); 2202 *ap->a_ncookies = ncookies; 2203 *ap->a_cookies = cookies; 2204 } else { 2205 ncookies = 0; 2206 cookies = NULL; 2207 } 2208 offset = startoffset = uio->uio_offset; 2209 startresid = uio->uio_resid; 2210 error = 0; 2211 while (error == 0 && uio->uio_resid > 0 && 2212 uio->uio_offset < ip->i_size) { 2213 error = ffs_blkatoff(vp, uio->uio_offset, NULL, &bp); 2214 if (error) 2215 break; 2216 if (bp->b_offset + bp->b_bcount > ip->i_size) 2217 readcnt = ip->i_size - bp->b_offset; 2218 else 2219 readcnt = bp->b_bcount; 2220 skipcnt = (size_t)(uio->uio_offset - bp->b_offset) & 2221 ~(size_t)(DIRBLKSIZ - 1); 2222 offset = bp->b_offset + skipcnt; 2223 dp = (struct direct *)&bp->b_data[skipcnt]; 2224 edp = (struct direct *)&bp->b_data[readcnt]; 2225 while (error == 0 && uio->uio_resid > 0 && dp < edp) { 2226 if (dp->d_reclen <= offsetof(struct direct, d_name) || 2227 (caddr_t)dp + dp->d_reclen > (caddr_t)edp) { 2228 error = EIO; 2229 break; 2230 } 2231#if BYTE_ORDER == LITTLE_ENDIAN 2232 /* Old filesystem format. */ 2233 if (vp->v_mount->mnt_maxsymlinklen <= 0) { 2234 dstdp.d_namlen = dp->d_type; 2235 dstdp.d_type = dp->d_namlen; 2236 } else 2237#endif 2238 { 2239 dstdp.d_namlen = dp->d_namlen; 2240 dstdp.d_type = dp->d_type; 2241 } 2242 if (offsetof(struct direct, d_name) + dstdp.d_namlen > 2243 dp->d_reclen) { 2244 error = EIO; 2245 break; 2246 } 2247 if (offset < startoffset || dp->d_ino == 0) 2248 goto nextentry; 2249 dstdp.d_fileno = dp->d_ino; 2250 dstdp.d_reclen = GENERIC_DIRSIZ(&dstdp); 2251 bcopy(dp->d_name, dstdp.d_name, dstdp.d_namlen); 2252 dstdp.d_name[dstdp.d_namlen] = '\0'; 2253 if (dstdp.d_reclen > uio->uio_resid) { 2254 if (uio->uio_resid == startresid) 2255 error = EINVAL; 2256 else 2257 error = EJUSTRETURN; 2258 break; 2259 } 2260 /* Advance dp. */ 2261 error = uiomove((caddr_t)&dstdp, dstdp.d_reclen, uio); 2262 if (error) 2263 break; 2264 if (cookies != NULL) { 2265 KASSERT(ncookies > 0, 2266 ("ufs_readdir: cookies buffer too small")); 2267 *cookies = offset + dp->d_reclen; 2268 cookies++; 2269 ncookies--; 2270 } 2271nextentry: 2272 offset += dp->d_reclen; 2273 dp = (struct direct *)((caddr_t)dp + dp->d_reclen); 2274 } 2275 bqrelse(bp); 2276 uio->uio_offset = offset; 2277 } 2278 /* We need to correct uio_offset. */ 2279 uio->uio_offset = offset; 2280 if (error == EJUSTRETURN) 2281 error = 0; 2282 if (ap->a_ncookies != NULL) { 2283 if (error == 0) { 2284 ap->a_ncookies -= ncookies; 2285 } else { 2286 free(*ap->a_cookies, M_TEMP); 2287 *ap->a_ncookies = 0; 2288 *ap->a_cookies = NULL; 2289 } 2290 } 2291 if (error == 0 && ap->a_eofflag) 2292 *ap->a_eofflag = ip->i_size <= uio->uio_offset; 2293 return (error); 2294} 2295 2296/* 2297 * Return target name of a symbolic link 2298 */ 2299static int 2300ufs_readlink(ap) 2301 struct vop_readlink_args /* { 2302 struct vnode *a_vp; 2303 struct uio *a_uio; 2304 struct ucred *a_cred; 2305 } */ *ap; 2306{ 2307 struct vnode *vp = ap->a_vp; 2308 struct inode *ip = VTOI(vp); 2309 doff_t isize; 2310 2311 isize = ip->i_size; 2312 if ((isize < vp->v_mount->mnt_maxsymlinklen) || 2313 DIP(ip, i_blocks) == 0) { /* XXX - for old fastlink support */ 2314 return (uiomove(SHORTLINK(ip), isize, ap->a_uio)); 2315 } 2316 return (VOP_READ(vp, ap->a_uio, 0, ap->a_cred)); 2317} 2318 2319/* 2320 * Calculate the logical to physical mapping if not done already, 2321 * then call the device strategy routine. 2322 * 2323 * In order to be able to swap to a file, the ufs_bmaparray() operation may not 2324 * deadlock on memory. See ufs_bmap() for details. 2325 */ 2326static int 2327ufs_strategy(ap) 2328 struct vop_strategy_args /* { 2329 struct vnode *a_vp; 2330 struct buf *a_bp; 2331 } */ *ap; 2332{ 2333 struct buf *bp = ap->a_bp; 2334 struct vnode *vp = ap->a_vp; 2335 struct bufobj *bo; 2336 struct inode *ip; 2337 ufs2_daddr_t blkno; 2338 int error; 2339 2340 ip = VTOI(vp); 2341 if (bp->b_blkno == bp->b_lblkno) { 2342 error = ufs_bmaparray(vp, bp->b_lblkno, &blkno, bp, NULL, NULL); 2343 bp->b_blkno = blkno; 2344 if (error) { 2345 bp->b_error = error; 2346 bp->b_ioflags |= BIO_ERROR; 2347 bufdone(bp); 2348 return (0); 2349 } 2350 if ((long)bp->b_blkno == -1) 2351 vfs_bio_clrbuf(bp); 2352 } 2353 if ((long)bp->b_blkno == -1) { 2354 bufdone(bp); 2355 return (0); 2356 } 2357 bp->b_iooffset = dbtob(bp->b_blkno); 2358 bo = ip->i_umbufobj; 2359 BO_STRATEGY(bo, bp); 2360 return (0); 2361} 2362 2363/* 2364 * Print out the contents of an inode. 2365 */ 2366static int 2367ufs_print(ap) 2368 struct vop_print_args /* { 2369 struct vnode *a_vp; 2370 } */ *ap; 2371{ 2372 struct vnode *vp = ap->a_vp; 2373 struct inode *ip = VTOI(vp); 2374 2375 printf("\tino %lu, on dev %s", (u_long)ip->i_number, 2376 devtoname(ip->i_dev)); 2377 if (vp->v_type == VFIFO) 2378 fifo_printinfo(vp); 2379 printf("\n"); 2380 return (0); 2381} 2382 2383/* 2384 * Close wrapper for fifos. 2385 * 2386 * Update the times on the inode then do device close. 2387 */ 2388static int 2389ufsfifo_close(ap) 2390 struct vop_close_args /* { 2391 struct vnode *a_vp; 2392 int a_fflag; 2393 struct ucred *a_cred; 2394 struct thread *a_td; 2395 } */ *ap; 2396{ 2397 struct vnode *vp = ap->a_vp; 2398 int usecount; 2399 2400 VI_LOCK(vp); 2401 usecount = vp->v_usecount; 2402 if (usecount > 1) 2403 ufs_itimes_locked(vp); 2404 VI_UNLOCK(vp); 2405 return (fifo_specops.vop_close(ap)); 2406} 2407 2408/* 2409 * Kqfilter wrapper for fifos. 2410 * 2411 * Fall through to ufs kqfilter routines if needed 2412 */ 2413static int 2414ufsfifo_kqfilter(ap) 2415 struct vop_kqfilter_args *ap; 2416{ 2417 int error; 2418 2419 error = fifo_specops.vop_kqfilter(ap); 2420 if (error) 2421 error = vfs_kqfilter(ap); 2422 return (error); 2423} 2424 2425/* 2426 * Return POSIX pathconf information applicable to fifos. 2427 */ 2428static int 2429ufsfifo_pathconf(ap) 2430 struct vop_pathconf_args /* { 2431 struct vnode *a_vp; 2432 int a_name; 2433 int *a_retval; 2434 } */ *ap; 2435{ 2436 2437 switch (ap->a_name) { 2438 case _PC_ACL_EXTENDED: 2439 case _PC_ACL_NFS4: 2440 case _PC_ACL_PATH_MAX: 2441 case _PC_MAC_PRESENT: 2442 return (ufs_pathconf(ap)); 2443 default: 2444 return (fifo_specops.vop_pathconf(ap)); 2445 } 2446 /* NOTREACHED */ 2447} 2448 2449/* 2450 * Return POSIX pathconf information applicable to ufs filesystems. 2451 */ 2452static int 2453ufs_pathconf(ap) 2454 struct vop_pathconf_args /* { 2455 struct vnode *a_vp; 2456 int a_name; 2457 int *a_retval; 2458 } */ *ap; 2459{ 2460 int error; 2461 2462 error = 0; 2463 switch (ap->a_name) { 2464 case _PC_LINK_MAX: 2465 *ap->a_retval = LINK_MAX; 2466 break; 2467 case _PC_NAME_MAX: 2468 *ap->a_retval = NAME_MAX; 2469 break; 2470 case _PC_PATH_MAX: 2471 *ap->a_retval = PATH_MAX; 2472 break; 2473 case _PC_PIPE_BUF: 2474 *ap->a_retval = PIPE_BUF; 2475 break; 2476 case _PC_CHOWN_RESTRICTED: 2477 *ap->a_retval = 1; 2478 break; 2479 case _PC_NO_TRUNC: 2480 *ap->a_retval = 1; 2481 break; 2482 case _PC_ACL_EXTENDED: 2483#ifdef UFS_ACL 2484 if (ap->a_vp->v_mount->mnt_flag & MNT_ACLS) 2485 *ap->a_retval = 1; 2486 else 2487 *ap->a_retval = 0; 2488#else 2489 *ap->a_retval = 0; 2490#endif 2491 break; 2492 2493 case _PC_ACL_NFS4: 2494#ifdef UFS_ACL 2495 if (ap->a_vp->v_mount->mnt_flag & MNT_NFS4ACLS) 2496 *ap->a_retval = 1; 2497 else 2498 *ap->a_retval = 0; 2499#else 2500 *ap->a_retval = 0; 2501#endif 2502 break; 2503 2504 case _PC_ACL_PATH_MAX: 2505#ifdef UFS_ACL 2506 if (ap->a_vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS)) 2507 *ap->a_retval = ACL_MAX_ENTRIES; 2508 else 2509 *ap->a_retval = 3; 2510#else 2511 *ap->a_retval = 3; 2512#endif 2513 break; 2514 case _PC_MAC_PRESENT: 2515#ifdef MAC 2516 if (ap->a_vp->v_mount->mnt_flag & MNT_MULTILABEL) 2517 *ap->a_retval = 1; 2518 else 2519 *ap->a_retval = 0; 2520#else 2521 *ap->a_retval = 0; 2522#endif 2523 break; 2524 case _PC_MIN_HOLE_SIZE: 2525 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2526 break; 2527 case _PC_ASYNC_IO: 2528 /* _PC_ASYNC_IO should have been handled by upper layers. */ 2529 KASSERT(0, ("_PC_ASYNC_IO should not get here")); 2530 error = EINVAL; 2531 break; 2532 case _PC_PRIO_IO: 2533 *ap->a_retval = 0; 2534 break; 2535 case _PC_SYNC_IO: 2536 *ap->a_retval = 0; 2537 break; 2538 case _PC_ALLOC_SIZE_MIN: 2539 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_bsize; 2540 break; 2541 case _PC_FILESIZEBITS: 2542 *ap->a_retval = 64; 2543 break; 2544 case _PC_REC_INCR_XFER_SIZE: 2545 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2546 break; 2547 case _PC_REC_MAX_XFER_SIZE: 2548 *ap->a_retval = -1; /* means ``unlimited'' */ 2549 break; 2550 case _PC_REC_MIN_XFER_SIZE: 2551 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2552 break; 2553 case _PC_REC_XFER_ALIGN: 2554 *ap->a_retval = PAGE_SIZE; 2555 break; 2556 case _PC_SYMLINK_MAX: 2557 *ap->a_retval = MAXPATHLEN; 2558 break; 2559 2560 default: 2561 error = EINVAL; 2562 break; 2563 } 2564 return (error); 2565} 2566 2567/* 2568 * Initialize the vnode associated with a new inode, handle aliased 2569 * vnodes. 2570 */ 2571int 2572ufs_vinit(mntp, fifoops, vpp) 2573 struct mount *mntp; 2574 struct vop_vector *fifoops; 2575 struct vnode **vpp; 2576{ 2577 struct inode *ip; 2578 struct vnode *vp; 2579 2580 vp = *vpp; 2581 ip = VTOI(vp); 2582 vp->v_type = IFTOVT(ip->i_mode); 2583 if (vp->v_type == VFIFO) 2584 vp->v_op = fifoops; 2585 ASSERT_VOP_LOCKED(vp, "ufs_vinit"); 2586 if (ip->i_number == ROOTINO) 2587 vp->v_vflag |= VV_ROOT; 2588 *vpp = vp; 2589 return (0); 2590} 2591 2592/* 2593 * Allocate a new inode. 2594 * Vnode dvp must be locked. 2595 */ 2596static int 2597ufs_makeinode(mode, dvp, vpp, cnp) 2598 int mode; 2599 struct vnode *dvp; 2600 struct vnode **vpp; 2601 struct componentname *cnp; 2602{ 2603 struct inode *ip, *pdir; 2604 struct direct newdir; 2605 struct vnode *tvp; 2606 int error; 2607 2608 pdir = VTOI(dvp); 2609#ifdef INVARIANTS 2610 if ((cnp->cn_flags & HASBUF) == 0) 2611 panic("ufs_makeinode: no name"); 2612#endif 2613 *vpp = NULL; 2614 if ((mode & IFMT) == 0) 2615 mode |= IFREG; 2616 2617 if (VTOI(dvp)->i_effnlink < 2) 2618 panic("ufs_makeinode: Bad link count %d on parent", 2619 VTOI(dvp)->i_effnlink); 2620 error = UFS_VALLOC(dvp, mode, cnp->cn_cred, &tvp); 2621 if (error) 2622 return (error); 2623 ip = VTOI(tvp); 2624 ip->i_gid = pdir->i_gid; 2625 DIP_SET(ip, i_gid, pdir->i_gid); 2626#ifdef SUIDDIR 2627 { 2628#ifdef QUOTA 2629 struct ucred ucred, *ucp; 2630 gid_t ucred_group; 2631 ucp = cnp->cn_cred; 2632#endif 2633 /* 2634 * If we are not the owner of the directory, 2635 * and we are hacking owners here, (only do this where told to) 2636 * and we are not giving it TO root, (would subvert quotas) 2637 * then go ahead and give it to the other user. 2638 * Note that this drops off the execute bits for security. 2639 */ 2640 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) && 2641 (pdir->i_mode & ISUID) && 2642 (pdir->i_uid != cnp->cn_cred->cr_uid) && pdir->i_uid) { 2643 ip->i_uid = pdir->i_uid; 2644 DIP_SET(ip, i_uid, ip->i_uid); 2645 mode &= ~07111; 2646#ifdef QUOTA 2647 /* 2648 * Make sure the correct user gets charged 2649 * for the space. 2650 * Quickly knock up a dummy credential for the victim. 2651 * XXX This seems to never be accessed out of our 2652 * context so a stack variable is ok. 2653 */ 2654 refcount_init(&ucred.cr_ref, 1); 2655 ucred.cr_uid = ip->i_uid; 2656 ucred.cr_ngroups = 1; 2657 ucred.cr_groups = &ucred_group; 2658 ucred.cr_groups[0] = pdir->i_gid; 2659 ucp = &ucred; 2660#endif 2661 } else { 2662 ip->i_uid = cnp->cn_cred->cr_uid; 2663 DIP_SET(ip, i_uid, ip->i_uid); 2664 } 2665 2666#ifdef QUOTA 2667 if ((error = getinoquota(ip)) || 2668 (error = chkiq(ip, 1, ucp, 0))) { 2669 if (DOINGSOFTDEP(tvp)) 2670 softdep_revert_link(pdir, ip); 2671 UFS_VFREE(tvp, ip->i_number, mode); 2672 vput(tvp); 2673 return (error); 2674 } 2675#endif 2676 } 2677#else /* !SUIDDIR */ 2678 ip->i_uid = cnp->cn_cred->cr_uid; 2679 DIP_SET(ip, i_uid, ip->i_uid); 2680#ifdef QUOTA 2681 if ((error = getinoquota(ip)) || 2682 (error = chkiq(ip, 1, cnp->cn_cred, 0))) { 2683 if (DOINGSOFTDEP(tvp)) 2684 softdep_revert_link(pdir, ip); 2685 UFS_VFREE(tvp, ip->i_number, mode); 2686 vput(tvp); 2687 return (error); 2688 } 2689#endif 2690#endif /* !SUIDDIR */ 2691 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE; 2692 ip->i_mode = mode; 2693 DIP_SET(ip, i_mode, mode); 2694 tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */ 2695 ip->i_effnlink = 1; 2696 ip->i_nlink = 1; 2697 DIP_SET(ip, i_nlink, 1); 2698 if (DOINGSOFTDEP(tvp)) 2699 softdep_setup_create(VTOI(dvp), ip); 2700 if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) && 2701 priv_check_cred(cnp->cn_cred, PRIV_VFS_SETGID, 0)) { 2702 ip->i_mode &= ~ISGID; 2703 DIP_SET(ip, i_mode, ip->i_mode); 2704 } 2705 2706 if (cnp->cn_flags & ISWHITEOUT) { 2707 ip->i_flags |= UF_OPAQUE; 2708 DIP_SET(ip, i_flags, ip->i_flags); 2709 } 2710 2711 /* 2712 * Make sure inode goes to disk before directory entry. 2713 */ 2714 error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(tvp) | DOINGASYNC(tvp))); 2715 if (error) 2716 goto bad; 2717#ifdef MAC 2718 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) { 2719 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount, 2720 dvp, tvp, cnp); 2721 if (error) 2722 goto bad; 2723 } 2724#endif 2725#ifdef UFS_ACL 2726 if (dvp->v_mount->mnt_flag & MNT_ACLS) { 2727 error = ufs_do_posix1e_acl_inheritance_file(dvp, tvp, mode, 2728 cnp->cn_cred, cnp->cn_thread); 2729 if (error) 2730 goto bad; 2731 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) { 2732 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, mode, 2733 cnp->cn_cred, cnp->cn_thread); 2734 if (error) 2735 goto bad; 2736 } 2737#endif /* !UFS_ACL */ 2738 ufs_makedirentry(ip, cnp, &newdir); 2739 error = ufs_direnter(dvp, tvp, &newdir, cnp, NULL, 0); 2740 if (error) 2741 goto bad; 2742 *vpp = tvp; 2743 return (0); 2744 2745bad: 2746 /* 2747 * Write error occurred trying to update the inode 2748 * or the directory so must deallocate the inode. 2749 */ 2750 ip->i_effnlink = 0; 2751 ip->i_nlink = 0; 2752 DIP_SET(ip, i_nlink, 0); 2753 ip->i_flag |= IN_CHANGE; 2754 if (DOINGSOFTDEP(tvp)) 2755 softdep_revert_create(VTOI(dvp), ip); 2756 vput(tvp); 2757 return (error); 2758} 2759 2760static int 2761ufs_ioctl(struct vop_ioctl_args *ap) 2762{ 2763 2764 switch (ap->a_command) { 2765 case FIOSEEKDATA: 2766 case FIOSEEKHOLE: 2767 return (vn_bmap_seekhole(ap->a_vp, ap->a_command, 2768 (off_t *)ap->a_data, ap->a_cred)); 2769 default: 2770 return (ENOTTY); 2771 } 2772} 2773 2774/* Global vfs data structures for ufs. */ 2775struct vop_vector ufs_vnodeops = { 2776 .vop_default = &default_vnodeops, 2777 .vop_fsync = VOP_PANIC, 2778 .vop_read = VOP_PANIC, 2779 .vop_reallocblks = VOP_PANIC, 2780 .vop_write = VOP_PANIC, 2781 .vop_accessx = ufs_accessx, 2782 .vop_bmap = ufs_bmap, 2783 .vop_cachedlookup = ufs_lookup, 2784 .vop_close = ufs_close, 2785 .vop_create = ufs_create, 2786 .vop_getattr = ufs_getattr, 2787 .vop_inactive = ufs_inactive, 2788 .vop_ioctl = ufs_ioctl, 2789 .vop_link = ufs_link, 2790 .vop_lookup = vfs_cache_lookup, 2791 .vop_markatime = ufs_markatime, 2792 .vop_mkdir = ufs_mkdir, 2793 .vop_mknod = ufs_mknod, 2794 .vop_open = ufs_open, 2795 .vop_pathconf = ufs_pathconf, 2796 .vop_poll = vop_stdpoll, 2797 .vop_print = ufs_print, 2798 .vop_readdir = ufs_readdir, 2799 .vop_readlink = ufs_readlink, 2800 .vop_reclaim = ufs_reclaim, 2801 .vop_remove = ufs_remove, 2802 .vop_rename = ufs_rename, 2803 .vop_rmdir = ufs_rmdir, 2804 .vop_setattr = ufs_setattr, 2805#ifdef MAC 2806 .vop_setlabel = vop_stdsetlabel_ea, 2807#endif 2808 .vop_strategy = ufs_strategy, 2809 .vop_symlink = ufs_symlink, 2810 .vop_whiteout = ufs_whiteout, 2811#ifdef UFS_EXTATTR 2812 .vop_getextattr = ufs_getextattr, 2813 .vop_deleteextattr = ufs_deleteextattr, 2814 .vop_setextattr = ufs_setextattr, 2815#endif 2816#ifdef UFS_ACL 2817 .vop_getacl = ufs_getacl, 2818 .vop_setacl = ufs_setacl, 2819 .vop_aclcheck = ufs_aclcheck, 2820#endif 2821}; 2822 2823struct vop_vector ufs_fifoops = { 2824 .vop_default = &fifo_specops, 2825 .vop_fsync = VOP_PANIC, 2826 .vop_accessx = ufs_accessx, 2827 .vop_close = ufsfifo_close, 2828 .vop_getattr = ufs_getattr, 2829 .vop_inactive = ufs_inactive, 2830 .vop_kqfilter = ufsfifo_kqfilter, 2831 .vop_markatime = ufs_markatime, 2832 .vop_pathconf = ufsfifo_pathconf, 2833 .vop_print = ufs_print, 2834 .vop_read = VOP_PANIC, 2835 .vop_reclaim = ufs_reclaim, 2836 .vop_setattr = ufs_setattr, 2837#ifdef MAC 2838 .vop_setlabel = vop_stdsetlabel_ea, 2839#endif 2840 .vop_write = VOP_PANIC, 2841#ifdef UFS_EXTATTR 2842 .vop_getextattr = ufs_getextattr, 2843 .vop_deleteextattr = ufs_deleteextattr, 2844 .vop_setextattr = ufs_setextattr, 2845#endif 2846#ifdef UFS_ACL 2847 .vop_getacl = ufs_getacl, 2848 .vop_setacl = ufs_setacl, 2849 .vop_aclcheck = ufs_aclcheck, 2850#endif 2851}; 2852