ufs_vnops.c revision 267816
1/*- 2 * Copyright (c) 1982, 1986, 1989, 1993, 1995 3 * The Regents of the University of California. All rights reserved. 4 * (c) UNIX System Laboratories, Inc. 5 * All or some portions of this file are derived from material licensed 6 * to the University of California by American Telephone and Telegraph 7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 8 * the permission of UNIX System Laboratories, Inc. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 4. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * @(#)ufs_vnops.c 8.27 (Berkeley) 5/27/95 35 */ 36 37#include <sys/cdefs.h> 38__FBSDID("$FreeBSD: stable/10/sys/ufs/ufs/ufs_vnops.c 267816 2014-06-24 08:21:43Z kib $"); 39 40#include "opt_quota.h" 41#include "opt_suiddir.h" 42#include "opt_ufs.h" 43#include "opt_ffs.h" 44 45#include <sys/param.h> 46#include <sys/systm.h> 47#include <sys/malloc.h> 48#include <sys/namei.h> 49#include <sys/kernel.h> 50#include <sys/fcntl.h> 51#include <sys/filio.h> 52#include <sys/stat.h> 53#include <sys/bio.h> 54#include <sys/buf.h> 55#include <sys/mount.h> 56#include <sys/priv.h> 57#include <sys/refcount.h> 58#include <sys/unistd.h> 59#include <sys/vnode.h> 60#include <sys/dirent.h> 61#include <sys/lockf.h> 62#include <sys/conf.h> 63#include <sys/acl.h> 64 65#include <security/mac/mac_framework.h> 66 67#include <sys/file.h> /* XXX */ 68 69#include <vm/vm.h> 70#include <vm/vm_extern.h> 71 72#include <ufs/ufs/acl.h> 73#include <ufs/ufs/extattr.h> 74#include <ufs/ufs/quota.h> 75#include <ufs/ufs/inode.h> 76#include <ufs/ufs/dir.h> 77#include <ufs/ufs/ufsmount.h> 78#include <ufs/ufs/ufs_extern.h> 79#ifdef UFS_DIRHASH 80#include <ufs/ufs/dirhash.h> 81#endif 82#ifdef UFS_GJOURNAL 83#include <ufs/ufs/gjournal.h> 84FEATURE(ufs_gjournal, "Journaling support through GEOM for UFS"); 85#endif 86 87#ifdef QUOTA 88FEATURE(ufs_quota, "UFS disk quotas support"); 89FEATURE(ufs_quota64, "64bit UFS disk quotas support"); 90#endif 91 92#ifdef SUIDDIR 93FEATURE(suiddir, 94 "Give all new files in directory the same ownership as the directory"); 95#endif 96 97 98#include <ufs/ffs/ffs_extern.h> 99 100static vop_accessx_t ufs_accessx; 101static int ufs_chmod(struct vnode *, int, struct ucred *, struct thread *); 102static int ufs_chown(struct vnode *, uid_t, gid_t, struct ucred *, struct thread *); 103static vop_close_t ufs_close; 104static vop_create_t ufs_create; 105static vop_getattr_t ufs_getattr; 106static vop_ioctl_t ufs_ioctl; 107static vop_link_t ufs_link; 108static int ufs_makeinode(int mode, struct vnode *, struct vnode **, struct componentname *); 109static vop_markatime_t ufs_markatime; 110static vop_mkdir_t ufs_mkdir; 111static vop_mknod_t ufs_mknod; 112static vop_open_t ufs_open; 113static vop_pathconf_t ufs_pathconf; 114static vop_print_t ufs_print; 115static vop_readlink_t ufs_readlink; 116static vop_remove_t ufs_remove; 117static vop_rename_t ufs_rename; 118static vop_rmdir_t ufs_rmdir; 119static vop_setattr_t ufs_setattr; 120static vop_strategy_t ufs_strategy; 121static vop_symlink_t ufs_symlink; 122static vop_whiteout_t ufs_whiteout; 123static vop_close_t ufsfifo_close; 124static vop_kqfilter_t ufsfifo_kqfilter; 125static vop_pathconf_t ufsfifo_pathconf; 126 127SYSCTL_NODE(_vfs, OID_AUTO, ufs, CTLFLAG_RD, 0, "UFS filesystem"); 128 129/* 130 * A virgin directory (no blushing please). 131 */ 132static struct dirtemplate mastertemplate = { 133 0, 12, DT_DIR, 1, ".", 134 0, DIRBLKSIZ - 12, DT_DIR, 2, ".." 135}; 136static struct odirtemplate omastertemplate = { 137 0, 12, 1, ".", 138 0, DIRBLKSIZ - 12, 2, ".." 139}; 140 141static void 142ufs_itimes_locked(struct vnode *vp) 143{ 144 struct inode *ip; 145 struct timespec ts; 146 147 ASSERT_VI_LOCKED(vp, __func__); 148 149 ip = VTOI(vp); 150 if (UFS_RDONLY(ip)) 151 goto out; 152 if ((ip->i_flag & (IN_ACCESS | IN_CHANGE | IN_UPDATE)) == 0) 153 return; 154 155 if ((vp->v_type == VBLK || vp->v_type == VCHR) && !DOINGSOFTDEP(vp)) 156 ip->i_flag |= IN_LAZYMOD; 157 else if (((vp->v_mount->mnt_kern_flag & 158 (MNTK_SUSPENDED | MNTK_SUSPEND)) == 0) || 159 (ip->i_flag & (IN_CHANGE | IN_UPDATE))) 160 ip->i_flag |= IN_MODIFIED; 161 else if (ip->i_flag & IN_ACCESS) 162 ip->i_flag |= IN_LAZYACCESS; 163 vfs_timestamp(&ts); 164 if (ip->i_flag & IN_ACCESS) { 165 DIP_SET(ip, i_atime, ts.tv_sec); 166 DIP_SET(ip, i_atimensec, ts.tv_nsec); 167 } 168 if (ip->i_flag & IN_UPDATE) { 169 DIP_SET(ip, i_mtime, ts.tv_sec); 170 DIP_SET(ip, i_mtimensec, ts.tv_nsec); 171 } 172 if (ip->i_flag & IN_CHANGE) { 173 DIP_SET(ip, i_ctime, ts.tv_sec); 174 DIP_SET(ip, i_ctimensec, ts.tv_nsec); 175 DIP_SET(ip, i_modrev, DIP(ip, i_modrev) + 1); 176 } 177 178 out: 179 ip->i_flag &= ~(IN_ACCESS | IN_CHANGE | IN_UPDATE); 180} 181 182void 183ufs_itimes(struct vnode *vp) 184{ 185 186 VI_LOCK(vp); 187 ufs_itimes_locked(vp); 188 VI_UNLOCK(vp); 189} 190 191/* 192 * Create a regular file 193 */ 194static int 195ufs_create(ap) 196 struct vop_create_args /* { 197 struct vnode *a_dvp; 198 struct vnode **a_vpp; 199 struct componentname *a_cnp; 200 struct vattr *a_vap; 201 } */ *ap; 202{ 203 int error; 204 205 error = 206 ufs_makeinode(MAKEIMODE(ap->a_vap->va_type, ap->a_vap->va_mode), 207 ap->a_dvp, ap->a_vpp, ap->a_cnp); 208 if (error) 209 return (error); 210 return (0); 211} 212 213/* 214 * Mknod vnode call 215 */ 216/* ARGSUSED */ 217static int 218ufs_mknod(ap) 219 struct vop_mknod_args /* { 220 struct vnode *a_dvp; 221 struct vnode **a_vpp; 222 struct componentname *a_cnp; 223 struct vattr *a_vap; 224 } */ *ap; 225{ 226 struct vattr *vap = ap->a_vap; 227 struct vnode **vpp = ap->a_vpp; 228 struct inode *ip; 229 ino_t ino; 230 int error; 231 232 error = ufs_makeinode(MAKEIMODE(vap->va_type, vap->va_mode), 233 ap->a_dvp, vpp, ap->a_cnp); 234 if (error) 235 return (error); 236 ip = VTOI(*vpp); 237 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE; 238 if (vap->va_rdev != VNOVAL) { 239 /* 240 * Want to be able to use this to make badblock 241 * inodes, so don't truncate the dev number. 242 */ 243 DIP_SET(ip, i_rdev, vap->va_rdev); 244 } 245 /* 246 * Remove inode, then reload it through VFS_VGET so it is 247 * checked to see if it is an alias of an existing entry in 248 * the inode cache. XXX I don't believe this is necessary now. 249 */ 250 (*vpp)->v_type = VNON; 251 ino = ip->i_number; /* Save this before vgone() invalidates ip. */ 252 vgone(*vpp); 253 vput(*vpp); 254 error = VFS_VGET(ap->a_dvp->v_mount, ino, LK_EXCLUSIVE, vpp); 255 if (error) { 256 *vpp = NULL; 257 return (error); 258 } 259 return (0); 260} 261 262/* 263 * Open called. 264 */ 265/* ARGSUSED */ 266static int 267ufs_open(struct vop_open_args *ap) 268{ 269 struct vnode *vp = ap->a_vp; 270 struct inode *ip; 271 272 if (vp->v_type == VCHR || vp->v_type == VBLK) 273 return (EOPNOTSUPP); 274 275 ip = VTOI(vp); 276 /* 277 * Files marked append-only must be opened for appending. 278 */ 279 if ((ip->i_flags & APPEND) && 280 (ap->a_mode & (FWRITE | O_APPEND)) == FWRITE) 281 return (EPERM); 282 vnode_create_vobject(vp, DIP(ip, i_size), ap->a_td); 283 return (0); 284} 285 286/* 287 * Close called. 288 * 289 * Update the times on the inode. 290 */ 291/* ARGSUSED */ 292static int 293ufs_close(ap) 294 struct vop_close_args /* { 295 struct vnode *a_vp; 296 int a_fflag; 297 struct ucred *a_cred; 298 struct thread *a_td; 299 } */ *ap; 300{ 301 struct vnode *vp = ap->a_vp; 302 int usecount; 303 304 VI_LOCK(vp); 305 usecount = vp->v_usecount; 306 if (usecount > 1) 307 ufs_itimes_locked(vp); 308 VI_UNLOCK(vp); 309 return (0); 310} 311 312static int 313ufs_accessx(ap) 314 struct vop_accessx_args /* { 315 struct vnode *a_vp; 316 accmode_t a_accmode; 317 struct ucred *a_cred; 318 struct thread *a_td; 319 } */ *ap; 320{ 321 struct vnode *vp = ap->a_vp; 322 struct inode *ip = VTOI(vp); 323 accmode_t accmode = ap->a_accmode; 324 int error; 325#ifdef QUOTA 326 int relocked; 327#endif 328#ifdef UFS_ACL 329 struct acl *acl; 330 acl_type_t type; 331#endif 332 333 /* 334 * Disallow write attempts on read-only filesystems; 335 * unless the file is a socket, fifo, or a block or 336 * character device resident on the filesystem. 337 */ 338 if (accmode & VMODIFY_PERMS) { 339 switch (vp->v_type) { 340 case VDIR: 341 case VLNK: 342 case VREG: 343 if (vp->v_mount->mnt_flag & MNT_RDONLY) 344 return (EROFS); 345#ifdef QUOTA 346 /* 347 * Inode is accounted in the quotas only if struct 348 * dquot is attached to it. VOP_ACCESS() is called 349 * from vn_open_cred() and provides a convenient 350 * point to call getinoquota(). 351 */ 352 if (VOP_ISLOCKED(vp) != LK_EXCLUSIVE) { 353 354 /* 355 * Upgrade vnode lock, since getinoquota() 356 * requires exclusive lock to modify inode. 357 */ 358 relocked = 1; 359 vhold(vp); 360 vn_lock(vp, LK_UPGRADE | LK_RETRY); 361 VI_LOCK(vp); 362 if (vp->v_iflag & VI_DOOMED) { 363 vdropl(vp); 364 error = ENOENT; 365 goto relock; 366 } 367 vdropl(vp); 368 } else 369 relocked = 0; 370 error = getinoquota(ip); 371relock: 372 if (relocked) 373 vn_lock(vp, LK_DOWNGRADE | LK_RETRY); 374 if (error != 0) 375 return (error); 376#endif 377 break; 378 default: 379 break; 380 } 381 } 382 383 /* 384 * If immutable bit set, nobody gets to write it. "& ~VADMIN_PERMS" 385 * is here, because without it, * it would be impossible for the owner 386 * to remove the IMMUTABLE flag. 387 */ 388 if ((accmode & (VMODIFY_PERMS & ~VADMIN_PERMS)) && 389 (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT))) 390 return (EPERM); 391 392#ifdef UFS_ACL 393 if ((vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS)) != 0) { 394 if (vp->v_mount->mnt_flag & MNT_NFS4ACLS) 395 type = ACL_TYPE_NFS4; 396 else 397 type = ACL_TYPE_ACCESS; 398 399 acl = acl_alloc(M_WAITOK); 400 if (type == ACL_TYPE_NFS4) 401 error = ufs_getacl_nfs4_internal(vp, acl, ap->a_td); 402 else 403 error = VOP_GETACL(vp, type, acl, ap->a_cred, ap->a_td); 404 switch (error) { 405 case 0: 406 if (type == ACL_TYPE_NFS4) { 407 error = vaccess_acl_nfs4(vp->v_type, ip->i_uid, 408 ip->i_gid, acl, accmode, ap->a_cred, NULL); 409 } else { 410 error = vfs_unixify_accmode(&accmode); 411 if (error == 0) 412 error = vaccess_acl_posix1e(vp->v_type, ip->i_uid, 413 ip->i_gid, acl, accmode, ap->a_cred, NULL); 414 } 415 break; 416 default: 417 if (error != EOPNOTSUPP) 418 printf( 419"ufs_accessx(): Error retrieving ACL on object (%d).\n", 420 error); 421 /* 422 * XXX: Fall back until debugged. Should 423 * eventually possibly log an error, and return 424 * EPERM for safety. 425 */ 426 error = vfs_unixify_accmode(&accmode); 427 if (error == 0) 428 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, 429 ip->i_gid, accmode, ap->a_cred, NULL); 430 } 431 acl_free(acl); 432 433 return (error); 434 } 435#endif /* !UFS_ACL */ 436 error = vfs_unixify_accmode(&accmode); 437 if (error == 0) 438 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, ip->i_gid, 439 accmode, ap->a_cred, NULL); 440 return (error); 441} 442 443/* ARGSUSED */ 444static int 445ufs_getattr(ap) 446 struct vop_getattr_args /* { 447 struct vnode *a_vp; 448 struct vattr *a_vap; 449 struct ucred *a_cred; 450 } */ *ap; 451{ 452 struct vnode *vp = ap->a_vp; 453 struct inode *ip = VTOI(vp); 454 struct vattr *vap = ap->a_vap; 455 456 VI_LOCK(vp); 457 ufs_itimes_locked(vp); 458 if (ip->i_ump->um_fstype == UFS1) { 459 vap->va_atime.tv_sec = ip->i_din1->di_atime; 460 vap->va_atime.tv_nsec = ip->i_din1->di_atimensec; 461 } else { 462 vap->va_atime.tv_sec = ip->i_din2->di_atime; 463 vap->va_atime.tv_nsec = ip->i_din2->di_atimensec; 464 } 465 VI_UNLOCK(vp); 466 /* 467 * Copy from inode table 468 */ 469 vap->va_fsid = dev2udev(ip->i_dev); 470 vap->va_fileid = ip->i_number; 471 vap->va_mode = ip->i_mode & ~IFMT; 472 vap->va_nlink = ip->i_effnlink; 473 vap->va_uid = ip->i_uid; 474 vap->va_gid = ip->i_gid; 475 if (ip->i_ump->um_fstype == UFS1) { 476 vap->va_rdev = ip->i_din1->di_rdev; 477 vap->va_size = ip->i_din1->di_size; 478 vap->va_mtime.tv_sec = ip->i_din1->di_mtime; 479 vap->va_mtime.tv_nsec = ip->i_din1->di_mtimensec; 480 vap->va_ctime.tv_sec = ip->i_din1->di_ctime; 481 vap->va_ctime.tv_nsec = ip->i_din1->di_ctimensec; 482 vap->va_bytes = dbtob((u_quad_t)ip->i_din1->di_blocks); 483 vap->va_filerev = ip->i_din1->di_modrev; 484 } else { 485 vap->va_rdev = ip->i_din2->di_rdev; 486 vap->va_size = ip->i_din2->di_size; 487 vap->va_mtime.tv_sec = ip->i_din2->di_mtime; 488 vap->va_mtime.tv_nsec = ip->i_din2->di_mtimensec; 489 vap->va_ctime.tv_sec = ip->i_din2->di_ctime; 490 vap->va_ctime.tv_nsec = ip->i_din2->di_ctimensec; 491 vap->va_birthtime.tv_sec = ip->i_din2->di_birthtime; 492 vap->va_birthtime.tv_nsec = ip->i_din2->di_birthnsec; 493 vap->va_bytes = dbtob((u_quad_t)ip->i_din2->di_blocks); 494 vap->va_filerev = ip->i_din2->di_modrev; 495 } 496 vap->va_flags = ip->i_flags; 497 vap->va_gen = ip->i_gen; 498 vap->va_blocksize = vp->v_mount->mnt_stat.f_iosize; 499 vap->va_type = IFTOVT(ip->i_mode); 500 return (0); 501} 502 503/* 504 * Set attribute vnode op. called from several syscalls 505 */ 506static int 507ufs_setattr(ap) 508 struct vop_setattr_args /* { 509 struct vnode *a_vp; 510 struct vattr *a_vap; 511 struct ucred *a_cred; 512 } */ *ap; 513{ 514 struct vattr *vap = ap->a_vap; 515 struct vnode *vp = ap->a_vp; 516 struct inode *ip = VTOI(vp); 517 struct ucred *cred = ap->a_cred; 518 struct thread *td = curthread; 519 int error; 520 521 /* 522 * Check for unsettable attributes. 523 */ 524 if ((vap->va_type != VNON) || (vap->va_nlink != VNOVAL) || 525 (vap->va_fsid != VNOVAL) || (vap->va_fileid != VNOVAL) || 526 (vap->va_blocksize != VNOVAL) || (vap->va_rdev != VNOVAL) || 527 ((int)vap->va_bytes != VNOVAL) || (vap->va_gen != VNOVAL)) { 528 return (EINVAL); 529 } 530 if (vap->va_flags != VNOVAL) { 531 if ((vap->va_flags & ~(SF_APPEND | SF_ARCHIVED | SF_IMMUTABLE | 532 SF_NOUNLINK | SF_SNAPSHOT | UF_APPEND | UF_ARCHIVE | 533 UF_HIDDEN | UF_IMMUTABLE | UF_NODUMP | UF_NOUNLINK | 534 UF_OFFLINE | UF_OPAQUE | UF_READONLY | UF_REPARSE | 535 UF_SPARSE | UF_SYSTEM)) != 0) 536 return (EOPNOTSUPP); 537 if (vp->v_mount->mnt_flag & MNT_RDONLY) 538 return (EROFS); 539 /* 540 * Callers may only modify the file flags on objects they 541 * have VADMIN rights for. 542 */ 543 if ((error = VOP_ACCESS(vp, VADMIN, cred, td))) 544 return (error); 545 /* 546 * Unprivileged processes are not permitted to unset system 547 * flags, or modify flags if any system flags are set. 548 * Privileged non-jail processes may not modify system flags 549 * if securelevel > 0 and any existing system flags are set. 550 * Privileged jail processes behave like privileged non-jail 551 * processes if the security.jail.chflags_allowed sysctl is 552 * is non-zero; otherwise, they behave like unprivileged 553 * processes. 554 */ 555 if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0)) { 556 if (ip->i_flags & 557 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) { 558 error = securelevel_gt(cred, 0); 559 if (error) 560 return (error); 561 } 562 /* The snapshot flag cannot be toggled. */ 563 if ((vap->va_flags ^ ip->i_flags) & SF_SNAPSHOT) 564 return (EPERM); 565 } else { 566 if (ip->i_flags & 567 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND) || 568 ((vap->va_flags ^ ip->i_flags) & SF_SETTABLE)) 569 return (EPERM); 570 } 571 ip->i_flags = vap->va_flags; 572 DIP_SET(ip, i_flags, vap->va_flags); 573 ip->i_flag |= IN_CHANGE; 574 error = UFS_UPDATE(vp, 0); 575 if (ip->i_flags & (IMMUTABLE | APPEND)) 576 return (error); 577 } 578 /* 579 * If immutable or append, no one can change any of its attributes 580 * except the ones already handled (in some cases, file flags 581 * including the immutability flags themselves for the superuser). 582 */ 583 if (ip->i_flags & (IMMUTABLE | APPEND)) 584 return (EPERM); 585 /* 586 * Go through the fields and update iff not VNOVAL. 587 */ 588 if (vap->va_uid != (uid_t)VNOVAL || vap->va_gid != (gid_t)VNOVAL) { 589 if (vp->v_mount->mnt_flag & MNT_RDONLY) 590 return (EROFS); 591 if ((error = ufs_chown(vp, vap->va_uid, vap->va_gid, cred, 592 td)) != 0) 593 return (error); 594 } 595 if (vap->va_size != VNOVAL) { 596 /* 597 * XXX most of the following special cases should be in 598 * callers instead of in N filesystems. The VDIR check 599 * mostly already is. 600 */ 601 switch (vp->v_type) { 602 case VDIR: 603 return (EISDIR); 604 case VLNK: 605 case VREG: 606 /* 607 * Truncation should have an effect in these cases. 608 * Disallow it if the filesystem is read-only or 609 * the file is being snapshotted. 610 */ 611 if (vp->v_mount->mnt_flag & MNT_RDONLY) 612 return (EROFS); 613 if ((ip->i_flags & SF_SNAPSHOT) != 0) 614 return (EPERM); 615 break; 616 default: 617 /* 618 * According to POSIX, the result is unspecified 619 * for file types other than regular files, 620 * directories and shared memory objects. We 621 * don't support shared memory objects in the file 622 * system, and have dubious support for truncating 623 * symlinks. Just ignore the request in other cases. 624 */ 625 return (0); 626 } 627 if ((error = UFS_TRUNCATE(vp, vap->va_size, IO_NORMAL, 628 cred)) != 0) 629 return (error); 630 } 631 if (vap->va_atime.tv_sec != VNOVAL || 632 vap->va_mtime.tv_sec != VNOVAL || 633 vap->va_birthtime.tv_sec != VNOVAL) { 634 if (vp->v_mount->mnt_flag & MNT_RDONLY) 635 return (EROFS); 636 if ((ip->i_flags & SF_SNAPSHOT) != 0) 637 return (EPERM); 638 error = vn_utimes_perm(vp, vap, cred, td); 639 if (error != 0) 640 return (error); 641 if (vap->va_atime.tv_sec != VNOVAL) 642 ip->i_flag |= IN_ACCESS; 643 if (vap->va_mtime.tv_sec != VNOVAL) 644 ip->i_flag |= IN_CHANGE | IN_UPDATE; 645 if (vap->va_birthtime.tv_sec != VNOVAL && 646 ip->i_ump->um_fstype == UFS2) 647 ip->i_flag |= IN_MODIFIED; 648 ufs_itimes(vp); 649 if (vap->va_atime.tv_sec != VNOVAL) { 650 DIP_SET(ip, i_atime, vap->va_atime.tv_sec); 651 DIP_SET(ip, i_atimensec, vap->va_atime.tv_nsec); 652 } 653 if (vap->va_mtime.tv_sec != VNOVAL) { 654 DIP_SET(ip, i_mtime, vap->va_mtime.tv_sec); 655 DIP_SET(ip, i_mtimensec, vap->va_mtime.tv_nsec); 656 } 657 if (vap->va_birthtime.tv_sec != VNOVAL && 658 ip->i_ump->um_fstype == UFS2) { 659 ip->i_din2->di_birthtime = vap->va_birthtime.tv_sec; 660 ip->i_din2->di_birthnsec = vap->va_birthtime.tv_nsec; 661 } 662 error = UFS_UPDATE(vp, 0); 663 if (error) 664 return (error); 665 } 666 error = 0; 667 if (vap->va_mode != (mode_t)VNOVAL) { 668 if (vp->v_mount->mnt_flag & MNT_RDONLY) 669 return (EROFS); 670 if ((ip->i_flags & SF_SNAPSHOT) != 0 && (vap->va_mode & 671 (S_IXUSR | S_IWUSR | S_IXGRP | S_IWGRP | S_IXOTH | S_IWOTH))) 672 return (EPERM); 673 error = ufs_chmod(vp, (int)vap->va_mode, cred, td); 674 } 675 return (error); 676} 677 678#ifdef UFS_ACL 679static int 680ufs_update_nfs4_acl_after_mode_change(struct vnode *vp, int mode, 681 int file_owner_id, struct ucred *cred, struct thread *td) 682{ 683 int error; 684 struct acl *aclp; 685 686 aclp = acl_alloc(M_WAITOK); 687 error = ufs_getacl_nfs4_internal(vp, aclp, td); 688 /* 689 * We don't have to handle EOPNOTSUPP here, as the filesystem claims 690 * it supports ACLs. 691 */ 692 if (error) 693 goto out; 694 695 acl_nfs4_sync_acl_from_mode(aclp, mode, file_owner_id); 696 error = ufs_setacl_nfs4_internal(vp, aclp, td); 697 698out: 699 acl_free(aclp); 700 return (error); 701} 702#endif /* UFS_ACL */ 703 704/* 705 * Mark this file's access time for update for vfs_mark_atime(). This 706 * is called from execve() and mmap(). 707 */ 708static int 709ufs_markatime(ap) 710 struct vop_markatime_args /* { 711 struct vnode *a_vp; 712 } */ *ap; 713{ 714 struct vnode *vp = ap->a_vp; 715 struct inode *ip = VTOI(vp); 716 717 VI_LOCK(vp); 718 ip->i_flag |= IN_ACCESS; 719 VI_UNLOCK(vp); 720 /* 721 * XXXKIB No UFS_UPDATE(ap->a_vp, 0) there. 722 */ 723 return (0); 724} 725 726/* 727 * Change the mode on a file. 728 * Inode must be locked before calling. 729 */ 730static int 731ufs_chmod(vp, mode, cred, td) 732 struct vnode *vp; 733 int mode; 734 struct ucred *cred; 735 struct thread *td; 736{ 737 struct inode *ip = VTOI(vp); 738 int error; 739 740 /* 741 * To modify the permissions on a file, must possess VADMIN 742 * for that file. 743 */ 744 if ((error = VOP_ACCESSX(vp, VWRITE_ACL, cred, td))) 745 return (error); 746 /* 747 * Privileged processes may set the sticky bit on non-directories, 748 * as well as set the setgid bit on a file with a group that the 749 * process is not a member of. Both of these are allowed in 750 * jail(8). 751 */ 752 if (vp->v_type != VDIR && (mode & S_ISTXT)) { 753 if (priv_check_cred(cred, PRIV_VFS_STICKYFILE, 0)) 754 return (EFTYPE); 755 } 756 if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) { 757 error = priv_check_cred(cred, PRIV_VFS_SETGID, 0); 758 if (error) 759 return (error); 760 } 761 762 /* 763 * Deny setting setuid if we are not the file owner. 764 */ 765 if ((mode & ISUID) && ip->i_uid != cred->cr_uid) { 766 error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0); 767 if (error) 768 return (error); 769 } 770 771 ip->i_mode &= ~ALLPERMS; 772 ip->i_mode |= (mode & ALLPERMS); 773 DIP_SET(ip, i_mode, ip->i_mode); 774 ip->i_flag |= IN_CHANGE; 775#ifdef UFS_ACL 776 if ((vp->v_mount->mnt_flag & MNT_NFS4ACLS) != 0) 777 error = ufs_update_nfs4_acl_after_mode_change(vp, mode, ip->i_uid, cred, td); 778#endif 779 if (error == 0 && (ip->i_flag & IN_CHANGE) != 0) 780 error = UFS_UPDATE(vp, 0); 781 782 return (error); 783} 784 785/* 786 * Perform chown operation on inode ip; 787 * inode must be locked prior to call. 788 */ 789static int 790ufs_chown(vp, uid, gid, cred, td) 791 struct vnode *vp; 792 uid_t uid; 793 gid_t gid; 794 struct ucred *cred; 795 struct thread *td; 796{ 797 struct inode *ip = VTOI(vp); 798 uid_t ouid; 799 gid_t ogid; 800 int error = 0; 801#ifdef QUOTA 802 int i; 803 ufs2_daddr_t change; 804#endif 805 806 if (uid == (uid_t)VNOVAL) 807 uid = ip->i_uid; 808 if (gid == (gid_t)VNOVAL) 809 gid = ip->i_gid; 810 /* 811 * To modify the ownership of a file, must possess VADMIN for that 812 * file. 813 */ 814 if ((error = VOP_ACCESSX(vp, VWRITE_OWNER, cred, td))) 815 return (error); 816 /* 817 * To change the owner of a file, or change the group of a file to a 818 * group of which we are not a member, the caller must have 819 * privilege. 820 */ 821 if (((uid != ip->i_uid && uid != cred->cr_uid) || 822 (gid != ip->i_gid && !groupmember(gid, cred))) && 823 (error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0))) 824 return (error); 825 ogid = ip->i_gid; 826 ouid = ip->i_uid; 827#ifdef QUOTA 828 if ((error = getinoquota(ip)) != 0) 829 return (error); 830 if (ouid == uid) { 831 dqrele(vp, ip->i_dquot[USRQUOTA]); 832 ip->i_dquot[USRQUOTA] = NODQUOT; 833 } 834 if (ogid == gid) { 835 dqrele(vp, ip->i_dquot[GRPQUOTA]); 836 ip->i_dquot[GRPQUOTA] = NODQUOT; 837 } 838 change = DIP(ip, i_blocks); 839 (void) chkdq(ip, -change, cred, CHOWN); 840 (void) chkiq(ip, -1, cred, CHOWN); 841 for (i = 0; i < MAXQUOTAS; i++) { 842 dqrele(vp, ip->i_dquot[i]); 843 ip->i_dquot[i] = NODQUOT; 844 } 845#endif 846 ip->i_gid = gid; 847 DIP_SET(ip, i_gid, gid); 848 ip->i_uid = uid; 849 DIP_SET(ip, i_uid, uid); 850#ifdef QUOTA 851 if ((error = getinoquota(ip)) == 0) { 852 if (ouid == uid) { 853 dqrele(vp, ip->i_dquot[USRQUOTA]); 854 ip->i_dquot[USRQUOTA] = NODQUOT; 855 } 856 if (ogid == gid) { 857 dqrele(vp, ip->i_dquot[GRPQUOTA]); 858 ip->i_dquot[GRPQUOTA] = NODQUOT; 859 } 860 if ((error = chkdq(ip, change, cred, CHOWN)) == 0) { 861 if ((error = chkiq(ip, 1, cred, CHOWN)) == 0) 862 goto good; 863 else 864 (void) chkdq(ip, -change, cred, CHOWN|FORCE); 865 } 866 for (i = 0; i < MAXQUOTAS; i++) { 867 dqrele(vp, ip->i_dquot[i]); 868 ip->i_dquot[i] = NODQUOT; 869 } 870 } 871 ip->i_gid = ogid; 872 DIP_SET(ip, i_gid, ogid); 873 ip->i_uid = ouid; 874 DIP_SET(ip, i_uid, ouid); 875 if (getinoquota(ip) == 0) { 876 if (ouid == uid) { 877 dqrele(vp, ip->i_dquot[USRQUOTA]); 878 ip->i_dquot[USRQUOTA] = NODQUOT; 879 } 880 if (ogid == gid) { 881 dqrele(vp, ip->i_dquot[GRPQUOTA]); 882 ip->i_dquot[GRPQUOTA] = NODQUOT; 883 } 884 (void) chkdq(ip, change, cred, FORCE|CHOWN); 885 (void) chkiq(ip, 1, cred, FORCE|CHOWN); 886 (void) getinoquota(ip); 887 } 888 return (error); 889good: 890 if (getinoquota(ip)) 891 panic("ufs_chown: lost quota"); 892#endif /* QUOTA */ 893 ip->i_flag |= IN_CHANGE; 894 if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) { 895 if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, 0)) { 896 ip->i_mode &= ~(ISUID | ISGID); 897 DIP_SET(ip, i_mode, ip->i_mode); 898 } 899 } 900 error = UFS_UPDATE(vp, 0); 901 return (error); 902} 903 904static int 905ufs_remove(ap) 906 struct vop_remove_args /* { 907 struct vnode *a_dvp; 908 struct vnode *a_vp; 909 struct componentname *a_cnp; 910 } */ *ap; 911{ 912 struct inode *ip; 913 struct vnode *vp = ap->a_vp; 914 struct vnode *dvp = ap->a_dvp; 915 int error; 916 struct thread *td; 917 918 td = curthread; 919 ip = VTOI(vp); 920 if ((ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) || 921 (VTOI(dvp)->i_flags & APPEND)) { 922 error = EPERM; 923 goto out; 924 } 925#ifdef UFS_GJOURNAL 926 ufs_gjournal_orphan(vp); 927#endif 928 error = ufs_dirremove(dvp, ip, ap->a_cnp->cn_flags, 0); 929 if (ip->i_nlink <= 0) 930 vp->v_vflag |= VV_NOSYNC; 931 if ((ip->i_flags & SF_SNAPSHOT) != 0) { 932 /* 933 * Avoid deadlock where another thread is trying to 934 * update the inodeblock for dvp and is waiting on 935 * snaplk. Temporary unlock the vnode lock for the 936 * unlinked file and sync the directory. This should 937 * allow vput() of the directory to not block later on 938 * while holding the snapshot vnode locked, assuming 939 * that the directory hasn't been unlinked too. 940 */ 941 VOP_UNLOCK(vp, 0); 942 (void) VOP_FSYNC(dvp, MNT_WAIT, td); 943 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 944 } 945out: 946 return (error); 947} 948 949/* 950 * link vnode call 951 */ 952static int 953ufs_link(ap) 954 struct vop_link_args /* { 955 struct vnode *a_tdvp; 956 struct vnode *a_vp; 957 struct componentname *a_cnp; 958 } */ *ap; 959{ 960 struct vnode *vp = ap->a_vp; 961 struct vnode *tdvp = ap->a_tdvp; 962 struct componentname *cnp = ap->a_cnp; 963 struct inode *ip; 964 struct direct newdir; 965 int error; 966 967#ifdef INVARIANTS 968 if ((cnp->cn_flags & HASBUF) == 0) 969 panic("ufs_link: no name"); 970#endif 971 if (tdvp->v_mount != vp->v_mount) { 972 error = EXDEV; 973 goto out; 974 } 975 if (VTOI(tdvp)->i_effnlink < 2) 976 panic("ufs_link: Bad link count %d on parent", 977 VTOI(tdvp)->i_effnlink); 978 ip = VTOI(vp); 979 if ((nlink_t)ip->i_nlink >= LINK_MAX) { 980 error = EMLINK; 981 goto out; 982 } 983 /* 984 * The file may have been removed after namei droped the original 985 * lock. 986 */ 987 if (ip->i_effnlink == 0) { 988 error = ENOENT; 989 goto out; 990 } 991 if (ip->i_flags & (IMMUTABLE | APPEND)) { 992 error = EPERM; 993 goto out; 994 } 995 ip->i_effnlink++; 996 ip->i_nlink++; 997 DIP_SET(ip, i_nlink, ip->i_nlink); 998 ip->i_flag |= IN_CHANGE; 999 if (DOINGSOFTDEP(vp)) 1000 softdep_setup_link(VTOI(tdvp), ip); 1001 error = UFS_UPDATE(vp, !(DOINGSOFTDEP(vp) | DOINGASYNC(vp))); 1002 if (!error) { 1003 ufs_makedirentry(ip, cnp, &newdir); 1004 error = ufs_direnter(tdvp, vp, &newdir, cnp, NULL, 0); 1005 } 1006 1007 if (error) { 1008 ip->i_effnlink--; 1009 ip->i_nlink--; 1010 DIP_SET(ip, i_nlink, ip->i_nlink); 1011 ip->i_flag |= IN_CHANGE; 1012 if (DOINGSOFTDEP(vp)) 1013 softdep_revert_link(VTOI(tdvp), ip); 1014 } 1015out: 1016 return (error); 1017} 1018 1019/* 1020 * whiteout vnode call 1021 */ 1022static int 1023ufs_whiteout(ap) 1024 struct vop_whiteout_args /* { 1025 struct vnode *a_dvp; 1026 struct componentname *a_cnp; 1027 int a_flags; 1028 } */ *ap; 1029{ 1030 struct vnode *dvp = ap->a_dvp; 1031 struct componentname *cnp = ap->a_cnp; 1032 struct direct newdir; 1033 int error = 0; 1034 1035 switch (ap->a_flags) { 1036 case LOOKUP: 1037 /* 4.4 format directories support whiteout operations */ 1038 if (dvp->v_mount->mnt_maxsymlinklen > 0) 1039 return (0); 1040 return (EOPNOTSUPP); 1041 1042 case CREATE: 1043 /* create a new directory whiteout */ 1044#ifdef INVARIANTS 1045 if ((cnp->cn_flags & SAVENAME) == 0) 1046 panic("ufs_whiteout: missing name"); 1047 if (dvp->v_mount->mnt_maxsymlinklen <= 0) 1048 panic("ufs_whiteout: old format filesystem"); 1049#endif 1050 1051 newdir.d_ino = WINO; 1052 newdir.d_namlen = cnp->cn_namelen; 1053 bcopy(cnp->cn_nameptr, newdir.d_name, (unsigned)cnp->cn_namelen + 1); 1054 newdir.d_type = DT_WHT; 1055 error = ufs_direnter(dvp, NULL, &newdir, cnp, NULL, 0); 1056 break; 1057 1058 case DELETE: 1059 /* remove an existing directory whiteout */ 1060#ifdef INVARIANTS 1061 if (dvp->v_mount->mnt_maxsymlinklen <= 0) 1062 panic("ufs_whiteout: old format filesystem"); 1063#endif 1064 1065 cnp->cn_flags &= ~DOWHITEOUT; 1066 error = ufs_dirremove(dvp, NULL, cnp->cn_flags, 0); 1067 break; 1068 default: 1069 panic("ufs_whiteout: unknown op"); 1070 } 1071 return (error); 1072} 1073 1074static volatile int rename_restarts; 1075SYSCTL_INT(_vfs_ufs, OID_AUTO, rename_restarts, CTLFLAG_RD, 1076 __DEVOLATILE(int *, &rename_restarts), 0, 1077 "Times rename had to restart due to lock contention"); 1078 1079/* 1080 * Rename system call. 1081 * rename("foo", "bar"); 1082 * is essentially 1083 * unlink("bar"); 1084 * link("foo", "bar"); 1085 * unlink("foo"); 1086 * but ``atomically''. Can't do full commit without saving state in the 1087 * inode on disk which isn't feasible at this time. Best we can do is 1088 * always guarantee the target exists. 1089 * 1090 * Basic algorithm is: 1091 * 1092 * 1) Bump link count on source while we're linking it to the 1093 * target. This also ensure the inode won't be deleted out 1094 * from underneath us while we work (it may be truncated by 1095 * a concurrent `trunc' or `open' for creation). 1096 * 2) Link source to destination. If destination already exists, 1097 * delete it first. 1098 * 3) Unlink source reference to inode if still around. If a 1099 * directory was moved and the parent of the destination 1100 * is different from the source, patch the ".." entry in the 1101 * directory. 1102 */ 1103static int 1104ufs_rename(ap) 1105 struct vop_rename_args /* { 1106 struct vnode *a_fdvp; 1107 struct vnode *a_fvp; 1108 struct componentname *a_fcnp; 1109 struct vnode *a_tdvp; 1110 struct vnode *a_tvp; 1111 struct componentname *a_tcnp; 1112 } */ *ap; 1113{ 1114 struct vnode *tvp = ap->a_tvp; 1115 struct vnode *tdvp = ap->a_tdvp; 1116 struct vnode *fvp = ap->a_fvp; 1117 struct vnode *fdvp = ap->a_fdvp; 1118 struct vnode *nvp; 1119 struct componentname *tcnp = ap->a_tcnp; 1120 struct componentname *fcnp = ap->a_fcnp; 1121 struct thread *td = fcnp->cn_thread; 1122 struct inode *fip, *tip, *tdp, *fdp; 1123 struct direct newdir; 1124 off_t endoff; 1125 int doingdirectory, newparent; 1126 int error = 0; 1127 struct mount *mp; 1128 ino_t ino; 1129 1130#ifdef INVARIANTS 1131 if ((tcnp->cn_flags & HASBUF) == 0 || 1132 (fcnp->cn_flags & HASBUF) == 0) 1133 panic("ufs_rename: no name"); 1134#endif 1135 endoff = 0; 1136 mp = tdvp->v_mount; 1137 VOP_UNLOCK(tdvp, 0); 1138 if (tvp && tvp != tdvp) 1139 VOP_UNLOCK(tvp, 0); 1140 /* 1141 * Check for cross-device rename. 1142 */ 1143 if ((fvp->v_mount != tdvp->v_mount) || 1144 (tvp && (fvp->v_mount != tvp->v_mount))) { 1145 error = EXDEV; 1146 mp = NULL; 1147 goto releout; 1148 } 1149 error = vfs_busy(mp, 0); 1150 if (error) { 1151 mp = NULL; 1152 goto releout; 1153 } 1154relock: 1155 /* 1156 * We need to acquire 2 to 4 locks depending on whether tvp is NULL 1157 * and fdvp and tdvp are the same directory. Subsequently we need 1158 * to double-check all paths and in the directory rename case we 1159 * need to verify that we are not creating a directory loop. To 1160 * handle this we acquire all but fdvp using non-blocking 1161 * acquisitions. If we fail to acquire any lock in the path we will 1162 * drop all held locks, acquire the new lock in a blocking fashion, 1163 * and then release it and restart the rename. This acquire/release 1164 * step ensures that we do not spin on a lock waiting for release. 1165 */ 1166 error = vn_lock(fdvp, LK_EXCLUSIVE); 1167 if (error) 1168 goto releout; 1169 if (vn_lock(tdvp, LK_EXCLUSIVE | LK_NOWAIT) != 0) { 1170 VOP_UNLOCK(fdvp, 0); 1171 error = vn_lock(tdvp, LK_EXCLUSIVE); 1172 if (error) 1173 goto releout; 1174 VOP_UNLOCK(tdvp, 0); 1175 atomic_add_int(&rename_restarts, 1); 1176 goto relock; 1177 } 1178 /* 1179 * Re-resolve fvp to be certain it still exists and fetch the 1180 * correct vnode. 1181 */ 1182 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino); 1183 if (error) { 1184 VOP_UNLOCK(fdvp, 0); 1185 VOP_UNLOCK(tdvp, 0); 1186 goto releout; 1187 } 1188 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp); 1189 if (error) { 1190 VOP_UNLOCK(fdvp, 0); 1191 VOP_UNLOCK(tdvp, 0); 1192 if (error != EBUSY) 1193 goto releout; 1194 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp); 1195 if (error != 0) 1196 goto releout; 1197 VOP_UNLOCK(nvp, 0); 1198 vrele(fvp); 1199 fvp = nvp; 1200 atomic_add_int(&rename_restarts, 1); 1201 goto relock; 1202 } 1203 vrele(fvp); 1204 fvp = nvp; 1205 /* 1206 * Re-resolve tvp and acquire the vnode lock if present. 1207 */ 1208 error = ufs_lookup_ino(tdvp, NULL, tcnp, &ino); 1209 if (error != 0 && error != EJUSTRETURN) { 1210 VOP_UNLOCK(fdvp, 0); 1211 VOP_UNLOCK(tdvp, 0); 1212 VOP_UNLOCK(fvp, 0); 1213 goto releout; 1214 } 1215 /* 1216 * If tvp disappeared we just carry on. 1217 */ 1218 if (error == EJUSTRETURN && tvp != NULL) { 1219 vrele(tvp); 1220 tvp = NULL; 1221 } 1222 /* 1223 * Get the tvp ino if the lookup succeeded. We may have to restart 1224 * if the non-blocking acquire fails. 1225 */ 1226 if (error == 0) { 1227 nvp = NULL; 1228 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp); 1229 if (tvp) 1230 vrele(tvp); 1231 tvp = nvp; 1232 if (error) { 1233 VOP_UNLOCK(fdvp, 0); 1234 VOP_UNLOCK(tdvp, 0); 1235 VOP_UNLOCK(fvp, 0); 1236 if (error != EBUSY) 1237 goto releout; 1238 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp); 1239 if (error != 0) 1240 goto releout; 1241 vput(nvp); 1242 atomic_add_int(&rename_restarts, 1); 1243 goto relock; 1244 } 1245 } 1246 fdp = VTOI(fdvp); 1247 fip = VTOI(fvp); 1248 tdp = VTOI(tdvp); 1249 tip = NULL; 1250 if (tvp) 1251 tip = VTOI(tvp); 1252 if (tvp && ((VTOI(tvp)->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) || 1253 (VTOI(tdvp)->i_flags & APPEND))) { 1254 error = EPERM; 1255 goto unlockout; 1256 } 1257 /* 1258 * Renaming a file to itself has no effect. The upper layers should 1259 * not call us in that case. However, things could change after 1260 * we drop the locks above. 1261 */ 1262 if (fvp == tvp) { 1263 error = 0; 1264 goto unlockout; 1265 } 1266 doingdirectory = 0; 1267 newparent = 0; 1268 ino = fip->i_number; 1269 if (fip->i_nlink >= LINK_MAX) { 1270 error = EMLINK; 1271 goto unlockout; 1272 } 1273 if ((fip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) 1274 || (fdp->i_flags & APPEND)) { 1275 error = EPERM; 1276 goto unlockout; 1277 } 1278 if ((fip->i_mode & IFMT) == IFDIR) { 1279 /* 1280 * Avoid ".", "..", and aliases of "." for obvious reasons. 1281 */ 1282 if ((fcnp->cn_namelen == 1 && fcnp->cn_nameptr[0] == '.') || 1283 fdp == fip || 1284 (fcnp->cn_flags | tcnp->cn_flags) & ISDOTDOT) { 1285 error = EINVAL; 1286 goto unlockout; 1287 } 1288 if (fdp->i_number != tdp->i_number) 1289 newparent = tdp->i_number; 1290 doingdirectory = 1; 1291 } 1292 if ((fvp->v_type == VDIR && fvp->v_mountedhere != NULL) || 1293 (tvp != NULL && tvp->v_type == VDIR && 1294 tvp->v_mountedhere != NULL)) { 1295 error = EXDEV; 1296 goto unlockout; 1297 } 1298 1299 /* 1300 * If ".." must be changed (ie the directory gets a new 1301 * parent) then the source directory must not be in the 1302 * directory hierarchy above the target, as this would 1303 * orphan everything below the source directory. Also 1304 * the user must have write permission in the source so 1305 * as to be able to change "..". 1306 */ 1307 if (doingdirectory && newparent) { 1308 error = VOP_ACCESS(fvp, VWRITE, tcnp->cn_cred, tcnp->cn_thread); 1309 if (error) 1310 goto unlockout; 1311 error = ufs_checkpath(ino, fdp->i_number, tdp, tcnp->cn_cred, 1312 &ino); 1313 /* 1314 * We encountered a lock that we have to wait for. Unlock 1315 * everything else and VGET before restarting. 1316 */ 1317 if (ino) { 1318 VOP_UNLOCK(fdvp, 0); 1319 VOP_UNLOCK(fvp, 0); 1320 VOP_UNLOCK(tdvp, 0); 1321 if (tvp) 1322 VOP_UNLOCK(tvp, 0); 1323 error = VFS_VGET(mp, ino, LK_SHARED, &nvp); 1324 if (error == 0) 1325 vput(nvp); 1326 atomic_add_int(&rename_restarts, 1); 1327 goto relock; 1328 } 1329 if (error) 1330 goto unlockout; 1331 if ((tcnp->cn_flags & SAVESTART) == 0) 1332 panic("ufs_rename: lost to startdir"); 1333 } 1334 if (fip->i_effnlink == 0 || fdp->i_effnlink == 0 || 1335 tdp->i_effnlink == 0) 1336 panic("Bad effnlink fip %p, fdp %p, tdp %p", fip, fdp, tdp); 1337 1338 /* 1339 * 1) Bump link count while we're moving stuff 1340 * around. If we crash somewhere before 1341 * completing our work, the link count 1342 * may be wrong, but correctable. 1343 */ 1344 fip->i_effnlink++; 1345 fip->i_nlink++; 1346 DIP_SET(fip, i_nlink, fip->i_nlink); 1347 fip->i_flag |= IN_CHANGE; 1348 if (DOINGSOFTDEP(fvp)) 1349 softdep_setup_link(tdp, fip); 1350 error = UFS_UPDATE(fvp, !(DOINGSOFTDEP(fvp) | DOINGASYNC(fvp))); 1351 if (error) 1352 goto bad; 1353 1354 /* 1355 * 2) If target doesn't exist, link the target 1356 * to the source and unlink the source. 1357 * Otherwise, rewrite the target directory 1358 * entry to reference the source inode and 1359 * expunge the original entry's existence. 1360 */ 1361 if (tip == NULL) { 1362 if (tdp->i_dev != fip->i_dev) 1363 panic("ufs_rename: EXDEV"); 1364 if (doingdirectory && newparent) { 1365 /* 1366 * Account for ".." in new directory. 1367 * When source and destination have the same 1368 * parent we don't adjust the link count. The 1369 * actual link modification is completed when 1370 * .. is rewritten below. 1371 */ 1372 if ((nlink_t)tdp->i_nlink >= LINK_MAX) { 1373 error = EMLINK; 1374 goto bad; 1375 } 1376 } 1377 ufs_makedirentry(fip, tcnp, &newdir); 1378 error = ufs_direnter(tdvp, NULL, &newdir, tcnp, NULL, 1); 1379 if (error) 1380 goto bad; 1381 /* Setup tdvp for directory compaction if needed. */ 1382 if (tdp->i_count && tdp->i_endoff && 1383 tdp->i_endoff < tdp->i_size) 1384 endoff = tdp->i_endoff; 1385 } else { 1386 if (tip->i_dev != tdp->i_dev || tip->i_dev != fip->i_dev) 1387 panic("ufs_rename: EXDEV"); 1388 /* 1389 * Short circuit rename(foo, foo). 1390 */ 1391 if (tip->i_number == fip->i_number) 1392 panic("ufs_rename: same file"); 1393 /* 1394 * If the parent directory is "sticky", then the caller 1395 * must possess VADMIN for the parent directory, or the 1396 * destination of the rename. This implements append-only 1397 * directories. 1398 */ 1399 if ((tdp->i_mode & S_ISTXT) && 1400 VOP_ACCESS(tdvp, VADMIN, tcnp->cn_cred, td) && 1401 VOP_ACCESS(tvp, VADMIN, tcnp->cn_cred, td)) { 1402 error = EPERM; 1403 goto bad; 1404 } 1405 /* 1406 * Target must be empty if a directory and have no links 1407 * to it. Also, ensure source and target are compatible 1408 * (both directories, or both not directories). 1409 */ 1410 if ((tip->i_mode & IFMT) == IFDIR) { 1411 if ((tip->i_effnlink > 2) || 1412 !ufs_dirempty(tip, tdp->i_number, tcnp->cn_cred)) { 1413 error = ENOTEMPTY; 1414 goto bad; 1415 } 1416 if (!doingdirectory) { 1417 error = ENOTDIR; 1418 goto bad; 1419 } 1420 cache_purge(tdvp); 1421 } else if (doingdirectory) { 1422 error = EISDIR; 1423 goto bad; 1424 } 1425 if (doingdirectory) { 1426 if (!newparent) { 1427 tdp->i_effnlink--; 1428 if (DOINGSOFTDEP(tdvp)) 1429 softdep_change_linkcnt(tdp); 1430 } 1431 tip->i_effnlink--; 1432 if (DOINGSOFTDEP(tvp)) 1433 softdep_change_linkcnt(tip); 1434 } 1435 error = ufs_dirrewrite(tdp, tip, fip->i_number, 1436 IFTODT(fip->i_mode), 1437 (doingdirectory && newparent) ? newparent : doingdirectory); 1438 if (error) { 1439 if (doingdirectory) { 1440 if (!newparent) { 1441 tdp->i_effnlink++; 1442 if (DOINGSOFTDEP(tdvp)) 1443 softdep_change_linkcnt(tdp); 1444 } 1445 tip->i_effnlink++; 1446 if (DOINGSOFTDEP(tvp)) 1447 softdep_change_linkcnt(tip); 1448 } 1449 } 1450 if (doingdirectory && !DOINGSOFTDEP(tvp)) { 1451 /* 1452 * The only stuff left in the directory is "." 1453 * and "..". The "." reference is inconsequential 1454 * since we are quashing it. We have removed the "." 1455 * reference and the reference in the parent directory, 1456 * but there may be other hard links. The soft 1457 * dependency code will arrange to do these operations 1458 * after the parent directory entry has been deleted on 1459 * disk, so when running with that code we avoid doing 1460 * them now. 1461 */ 1462 if (!newparent) { 1463 tdp->i_nlink--; 1464 DIP_SET(tdp, i_nlink, tdp->i_nlink); 1465 tdp->i_flag |= IN_CHANGE; 1466 } 1467 tip->i_nlink--; 1468 DIP_SET(tip, i_nlink, tip->i_nlink); 1469 tip->i_flag |= IN_CHANGE; 1470 } 1471 } 1472 1473 /* 1474 * 3) Unlink the source. We have to resolve the path again to 1475 * fixup the directory offset and count for ufs_dirremove. 1476 */ 1477 if (fdvp == tdvp) { 1478 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino); 1479 if (error) 1480 panic("ufs_rename: from entry went away!"); 1481 if (ino != fip->i_number) 1482 panic("ufs_rename: ino mismatch %ju != %ju\n", 1483 (uintmax_t)ino, (uintmax_t)fip->i_number); 1484 } 1485 /* 1486 * If the source is a directory with a 1487 * new parent, the link count of the old 1488 * parent directory must be decremented 1489 * and ".." set to point to the new parent. 1490 */ 1491 if (doingdirectory && newparent) { 1492 /* 1493 * If tip exists we simply use its link, otherwise we must 1494 * add a new one. 1495 */ 1496 if (tip == NULL) { 1497 tdp->i_effnlink++; 1498 tdp->i_nlink++; 1499 DIP_SET(tdp, i_nlink, tdp->i_nlink); 1500 tdp->i_flag |= IN_CHANGE; 1501 if (DOINGSOFTDEP(tdvp)) 1502 softdep_setup_dotdot_link(tdp, fip); 1503 error = UFS_UPDATE(tdvp, !(DOINGSOFTDEP(tdvp) | 1504 DOINGASYNC(tdvp))); 1505 /* Don't go to bad here as the new link exists. */ 1506 if (error) 1507 goto unlockout; 1508 } else if (DOINGSUJ(tdvp)) 1509 /* Journal must account for each new link. */ 1510 softdep_setup_dotdot_link(tdp, fip); 1511 fip->i_offset = mastertemplate.dot_reclen; 1512 ufs_dirrewrite(fip, fdp, newparent, DT_DIR, 0); 1513 cache_purge(fdvp); 1514 } 1515 error = ufs_dirremove(fdvp, fip, fcnp->cn_flags, 0); 1516 /* 1517 * The kern_renameat() looks up the fvp using the DELETE flag, which 1518 * causes the removal of the name cache entry for fvp. 1519 * As the relookup of the fvp is done in two steps: 1520 * ufs_lookup_ino() and then VFS_VGET(), another thread might do a 1521 * normal lookup of the from name just before the VFS_VGET() call, 1522 * causing the cache entry to be re-instantiated. 1523 * 1524 * The same issue also applies to tvp if it exists as 1525 * otherwise we may have a stale name cache entry for the new 1526 * name that references the old i-node if it has other links 1527 * or open file descriptors. 1528 */ 1529 cache_purge(fvp); 1530 if (tvp) 1531 cache_purge(tvp); 1532 cache_purge_negative(tdvp); 1533 1534unlockout: 1535 vput(fdvp); 1536 vput(fvp); 1537 if (tvp) 1538 vput(tvp); 1539 /* 1540 * If compaction or fsync was requested do it now that other locks 1541 * are no longer needed. 1542 */ 1543 if (error == 0 && endoff != 0) { 1544#ifdef UFS_DIRHASH 1545 if (tdp->i_dirhash != NULL) 1546 ufsdirhash_dirtrunc(tdp, endoff); 1547#endif 1548 UFS_TRUNCATE(tdvp, endoff, IO_NORMAL | IO_SYNC, tcnp->cn_cred); 1549 } 1550 if (error == 0 && tdp->i_flag & IN_NEEDSYNC) 1551 error = VOP_FSYNC(tdvp, MNT_WAIT, td); 1552 vput(tdvp); 1553 if (mp) 1554 vfs_unbusy(mp); 1555 return (error); 1556 1557bad: 1558 fip->i_effnlink--; 1559 fip->i_nlink--; 1560 DIP_SET(fip, i_nlink, fip->i_nlink); 1561 fip->i_flag |= IN_CHANGE; 1562 if (DOINGSOFTDEP(fvp)) 1563 softdep_revert_link(tdp, fip); 1564 goto unlockout; 1565 1566releout: 1567 vrele(fdvp); 1568 vrele(fvp); 1569 vrele(tdvp); 1570 if (tvp) 1571 vrele(tvp); 1572 if (mp) 1573 vfs_unbusy(mp); 1574 1575 return (error); 1576} 1577 1578#ifdef UFS_ACL 1579static int 1580ufs_do_posix1e_acl_inheritance_dir(struct vnode *dvp, struct vnode *tvp, 1581 mode_t dmode, struct ucred *cred, struct thread *td) 1582{ 1583 int error; 1584 struct inode *ip = VTOI(tvp); 1585 struct acl *dacl, *acl; 1586 1587 acl = acl_alloc(M_WAITOK); 1588 dacl = acl_alloc(M_WAITOK); 1589 1590 /* 1591 * Retrieve default ACL from parent, if any. 1592 */ 1593 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td); 1594 switch (error) { 1595 case 0: 1596 /* 1597 * Retrieved a default ACL, so merge mode and ACL if 1598 * necessary. If the ACL is empty, fall through to 1599 * the "not defined or available" case. 1600 */ 1601 if (acl->acl_cnt != 0) { 1602 dmode = acl_posix1e_newfilemode(dmode, acl); 1603 ip->i_mode = dmode; 1604 DIP_SET(ip, i_mode, dmode); 1605 *dacl = *acl; 1606 ufs_sync_acl_from_inode(ip, acl); 1607 break; 1608 } 1609 /* FALLTHROUGH */ 1610 1611 case EOPNOTSUPP: 1612 /* 1613 * Just use the mode as-is. 1614 */ 1615 ip->i_mode = dmode; 1616 DIP_SET(ip, i_mode, dmode); 1617 error = 0; 1618 goto out; 1619 1620 default: 1621 goto out; 1622 } 1623 1624 /* 1625 * XXX: If we abort now, will Soft Updates notify the extattr 1626 * code that the EAs for the file need to be released? 1627 */ 1628 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td); 1629 if (error == 0) 1630 error = VOP_SETACL(tvp, ACL_TYPE_DEFAULT, dacl, cred, td); 1631 switch (error) { 1632 case 0: 1633 break; 1634 1635 case EOPNOTSUPP: 1636 /* 1637 * XXX: This should not happen, as EOPNOTSUPP above 1638 * was supposed to free acl. 1639 */ 1640 printf("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()\n"); 1641 /* 1642 panic("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()"); 1643 */ 1644 break; 1645 1646 default: 1647 goto out; 1648 } 1649 1650out: 1651 acl_free(acl); 1652 acl_free(dacl); 1653 1654 return (error); 1655} 1656 1657static int 1658ufs_do_posix1e_acl_inheritance_file(struct vnode *dvp, struct vnode *tvp, 1659 mode_t mode, struct ucred *cred, struct thread *td) 1660{ 1661 int error; 1662 struct inode *ip = VTOI(tvp); 1663 struct acl *acl; 1664 1665 acl = acl_alloc(M_WAITOK); 1666 1667 /* 1668 * Retrieve default ACL for parent, if any. 1669 */ 1670 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td); 1671 switch (error) { 1672 case 0: 1673 /* 1674 * Retrieved a default ACL, so merge mode and ACL if 1675 * necessary. 1676 */ 1677 if (acl->acl_cnt != 0) { 1678 /* 1679 * Two possible ways for default ACL to not 1680 * be present. First, the EA can be 1681 * undefined, or second, the default ACL can 1682 * be blank. If it's blank, fall through to 1683 * the it's not defined case. 1684 */ 1685 mode = acl_posix1e_newfilemode(mode, acl); 1686 ip->i_mode = mode; 1687 DIP_SET(ip, i_mode, mode); 1688 ufs_sync_acl_from_inode(ip, acl); 1689 break; 1690 } 1691 /* FALLTHROUGH */ 1692 1693 case EOPNOTSUPP: 1694 /* 1695 * Just use the mode as-is. 1696 */ 1697 ip->i_mode = mode; 1698 DIP_SET(ip, i_mode, mode); 1699 error = 0; 1700 goto out; 1701 1702 default: 1703 goto out; 1704 } 1705 1706 /* 1707 * XXX: If we abort now, will Soft Updates notify the extattr 1708 * code that the EAs for the file need to be released? 1709 */ 1710 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td); 1711 switch (error) { 1712 case 0: 1713 break; 1714 1715 case EOPNOTSUPP: 1716 /* 1717 * XXX: This should not happen, as EOPNOTSUPP above was 1718 * supposed to free acl. 1719 */ 1720 printf("ufs_makeinode: VOP_GETACL() but no " 1721 "VOP_SETACL()\n"); 1722 /* panic("ufs_makeinode: VOP_GETACL() but no " 1723 "VOP_SETACL()"); */ 1724 break; 1725 1726 default: 1727 goto out; 1728 } 1729 1730out: 1731 acl_free(acl); 1732 1733 return (error); 1734} 1735 1736static int 1737ufs_do_nfs4_acl_inheritance(struct vnode *dvp, struct vnode *tvp, 1738 mode_t child_mode, struct ucred *cred, struct thread *td) 1739{ 1740 int error; 1741 struct acl *parent_aclp, *child_aclp; 1742 1743 parent_aclp = acl_alloc(M_WAITOK); 1744 child_aclp = acl_alloc(M_WAITOK | M_ZERO); 1745 1746 error = ufs_getacl_nfs4_internal(dvp, parent_aclp, td); 1747 if (error) 1748 goto out; 1749 acl_nfs4_compute_inherited_acl(parent_aclp, child_aclp, 1750 child_mode, VTOI(tvp)->i_uid, tvp->v_type == VDIR); 1751 error = ufs_setacl_nfs4_internal(tvp, child_aclp, td); 1752 if (error) 1753 goto out; 1754out: 1755 acl_free(parent_aclp); 1756 acl_free(child_aclp); 1757 1758 return (error); 1759} 1760#endif 1761 1762/* 1763 * Mkdir system call 1764 */ 1765static int 1766ufs_mkdir(ap) 1767 struct vop_mkdir_args /* { 1768 struct vnode *a_dvp; 1769 struct vnode **a_vpp; 1770 struct componentname *a_cnp; 1771 struct vattr *a_vap; 1772 } */ *ap; 1773{ 1774 struct vnode *dvp = ap->a_dvp; 1775 struct vattr *vap = ap->a_vap; 1776 struct componentname *cnp = ap->a_cnp; 1777 struct inode *ip, *dp; 1778 struct vnode *tvp; 1779 struct buf *bp; 1780 struct dirtemplate dirtemplate, *dtp; 1781 struct direct newdir; 1782 int error, dmode; 1783 long blkoff; 1784 1785#ifdef INVARIANTS 1786 if ((cnp->cn_flags & HASBUF) == 0) 1787 panic("ufs_mkdir: no name"); 1788#endif 1789 dp = VTOI(dvp); 1790 if ((nlink_t)dp->i_nlink >= LINK_MAX) { 1791 error = EMLINK; 1792 goto out; 1793 } 1794 dmode = vap->va_mode & 0777; 1795 dmode |= IFDIR; 1796 /* 1797 * Must simulate part of ufs_makeinode here to acquire the inode, 1798 * but not have it entered in the parent directory. The entry is 1799 * made later after writing "." and ".." entries. 1800 */ 1801 error = UFS_VALLOC(dvp, dmode, cnp->cn_cred, &tvp); 1802 if (error) 1803 goto out; 1804 ip = VTOI(tvp); 1805 ip->i_gid = dp->i_gid; 1806 DIP_SET(ip, i_gid, dp->i_gid); 1807#ifdef SUIDDIR 1808 { 1809#ifdef QUOTA 1810 struct ucred ucred, *ucp; 1811 gid_t ucred_group; 1812 ucp = cnp->cn_cred; 1813#endif 1814 /* 1815 * If we are hacking owners here, (only do this where told to) 1816 * and we are not giving it TO root, (would subvert quotas) 1817 * then go ahead and give it to the other user. 1818 * The new directory also inherits the SUID bit. 1819 * If user's UID and dir UID are the same, 1820 * 'give it away' so that the SUID is still forced on. 1821 */ 1822 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) && 1823 (dp->i_mode & ISUID) && dp->i_uid) { 1824 dmode |= ISUID; 1825 ip->i_uid = dp->i_uid; 1826 DIP_SET(ip, i_uid, dp->i_uid); 1827#ifdef QUOTA 1828 if (dp->i_uid != cnp->cn_cred->cr_uid) { 1829 /* 1830 * Make sure the correct user gets charged 1831 * for the space. 1832 * Make a dummy credential for the victim. 1833 * XXX This seems to never be accessed out of 1834 * our context so a stack variable is ok. 1835 */ 1836 refcount_init(&ucred.cr_ref, 1); 1837 ucred.cr_uid = ip->i_uid; 1838 ucred.cr_ngroups = 1; 1839 ucred.cr_groups = &ucred_group; 1840 ucred.cr_groups[0] = dp->i_gid; 1841 ucp = &ucred; 1842 } 1843#endif 1844 } else { 1845 ip->i_uid = cnp->cn_cred->cr_uid; 1846 DIP_SET(ip, i_uid, ip->i_uid); 1847 } 1848#ifdef QUOTA 1849 if ((error = getinoquota(ip)) || 1850 (error = chkiq(ip, 1, ucp, 0))) { 1851 if (DOINGSOFTDEP(tvp)) 1852 softdep_revert_link(dp, ip); 1853 UFS_VFREE(tvp, ip->i_number, dmode); 1854 vput(tvp); 1855 return (error); 1856 } 1857#endif 1858 } 1859#else /* !SUIDDIR */ 1860 ip->i_uid = cnp->cn_cred->cr_uid; 1861 DIP_SET(ip, i_uid, ip->i_uid); 1862#ifdef QUOTA 1863 if ((error = getinoquota(ip)) || 1864 (error = chkiq(ip, 1, cnp->cn_cred, 0))) { 1865 if (DOINGSOFTDEP(tvp)) 1866 softdep_revert_link(dp, ip); 1867 UFS_VFREE(tvp, ip->i_number, dmode); 1868 vput(tvp); 1869 return (error); 1870 } 1871#endif 1872#endif /* !SUIDDIR */ 1873 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE; 1874 ip->i_mode = dmode; 1875 DIP_SET(ip, i_mode, dmode); 1876 tvp->v_type = VDIR; /* Rest init'd in getnewvnode(). */ 1877 ip->i_effnlink = 2; 1878 ip->i_nlink = 2; 1879 DIP_SET(ip, i_nlink, 2); 1880 1881 if (cnp->cn_flags & ISWHITEOUT) { 1882 ip->i_flags |= UF_OPAQUE; 1883 DIP_SET(ip, i_flags, ip->i_flags); 1884 } 1885 1886 /* 1887 * Bump link count in parent directory to reflect work done below. 1888 * Should be done before reference is created so cleanup is 1889 * possible if we crash. 1890 */ 1891 dp->i_effnlink++; 1892 dp->i_nlink++; 1893 DIP_SET(dp, i_nlink, dp->i_nlink); 1894 dp->i_flag |= IN_CHANGE; 1895 if (DOINGSOFTDEP(dvp)) 1896 softdep_setup_mkdir(dp, ip); 1897 error = UFS_UPDATE(dvp, !(DOINGSOFTDEP(dvp) | DOINGASYNC(dvp))); 1898 if (error) 1899 goto bad; 1900#ifdef MAC 1901 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) { 1902 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount, 1903 dvp, tvp, cnp); 1904 if (error) 1905 goto bad; 1906 } 1907#endif 1908#ifdef UFS_ACL 1909 if (dvp->v_mount->mnt_flag & MNT_ACLS) { 1910 error = ufs_do_posix1e_acl_inheritance_dir(dvp, tvp, dmode, 1911 cnp->cn_cred, cnp->cn_thread); 1912 if (error) 1913 goto bad; 1914 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) { 1915 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, dmode, 1916 cnp->cn_cred, cnp->cn_thread); 1917 if (error) 1918 goto bad; 1919 } 1920#endif /* !UFS_ACL */ 1921 1922 /* 1923 * Initialize directory with "." and ".." from static template. 1924 */ 1925 if (dvp->v_mount->mnt_maxsymlinklen > 0) 1926 dtp = &mastertemplate; 1927 else 1928 dtp = (struct dirtemplate *)&omastertemplate; 1929 dirtemplate = *dtp; 1930 dirtemplate.dot_ino = ip->i_number; 1931 dirtemplate.dotdot_ino = dp->i_number; 1932 if ((error = UFS_BALLOC(tvp, (off_t)0, DIRBLKSIZ, cnp->cn_cred, 1933 BA_CLRBUF, &bp)) != 0) 1934 goto bad; 1935 ip->i_size = DIRBLKSIZ; 1936 DIP_SET(ip, i_size, DIRBLKSIZ); 1937 ip->i_flag |= IN_CHANGE | IN_UPDATE; 1938 vnode_pager_setsize(tvp, (u_long)ip->i_size); 1939 bcopy((caddr_t)&dirtemplate, (caddr_t)bp->b_data, sizeof dirtemplate); 1940 if (DOINGSOFTDEP(tvp)) { 1941 /* 1942 * Ensure that the entire newly allocated block is a 1943 * valid directory so that future growth within the 1944 * block does not have to ensure that the block is 1945 * written before the inode. 1946 */ 1947 blkoff = DIRBLKSIZ; 1948 while (blkoff < bp->b_bcount) { 1949 ((struct direct *) 1950 (bp->b_data + blkoff))->d_reclen = DIRBLKSIZ; 1951 blkoff += DIRBLKSIZ; 1952 } 1953 } 1954 if ((error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(tvp) | 1955 DOINGASYNC(tvp)))) != 0) { 1956 (void)bwrite(bp); 1957 goto bad; 1958 } 1959 /* 1960 * Directory set up, now install its entry in the parent directory. 1961 * 1962 * If we are not doing soft dependencies, then we must write out the 1963 * buffer containing the new directory body before entering the new 1964 * name in the parent. If we are doing soft dependencies, then the 1965 * buffer containing the new directory body will be passed to and 1966 * released in the soft dependency code after the code has attached 1967 * an appropriate ordering dependency to the buffer which ensures that 1968 * the buffer is written before the new name is written in the parent. 1969 */ 1970 if (DOINGASYNC(dvp)) 1971 bdwrite(bp); 1972 else if (!DOINGSOFTDEP(dvp) && ((error = bwrite(bp)))) 1973 goto bad; 1974 ufs_makedirentry(ip, cnp, &newdir); 1975 error = ufs_direnter(dvp, tvp, &newdir, cnp, bp, 0); 1976 1977bad: 1978 if (error == 0) { 1979 *ap->a_vpp = tvp; 1980 } else { 1981 dp->i_effnlink--; 1982 dp->i_nlink--; 1983 DIP_SET(dp, i_nlink, dp->i_nlink); 1984 dp->i_flag |= IN_CHANGE; 1985 /* 1986 * No need to do an explicit VOP_TRUNCATE here, vrele will 1987 * do this for us because we set the link count to 0. 1988 */ 1989 ip->i_effnlink = 0; 1990 ip->i_nlink = 0; 1991 DIP_SET(ip, i_nlink, 0); 1992 ip->i_flag |= IN_CHANGE; 1993 if (DOINGSOFTDEP(tvp)) 1994 softdep_revert_mkdir(dp, ip); 1995 1996 vput(tvp); 1997 } 1998out: 1999 return (error); 2000} 2001 2002/* 2003 * Rmdir system call. 2004 */ 2005static int 2006ufs_rmdir(ap) 2007 struct vop_rmdir_args /* { 2008 struct vnode *a_dvp; 2009 struct vnode *a_vp; 2010 struct componentname *a_cnp; 2011 } */ *ap; 2012{ 2013 struct vnode *vp = ap->a_vp; 2014 struct vnode *dvp = ap->a_dvp; 2015 struct componentname *cnp = ap->a_cnp; 2016 struct inode *ip, *dp; 2017 int error; 2018 2019 ip = VTOI(vp); 2020 dp = VTOI(dvp); 2021 2022 /* 2023 * Do not remove a directory that is in the process of being renamed. 2024 * Verify the directory is empty (and valid). Rmdir ".." will not be 2025 * valid since ".." will contain a reference to the current directory 2026 * and thus be non-empty. Do not allow the removal of mounted on 2027 * directories (this can happen when an NFS exported filesystem 2028 * tries to remove a locally mounted on directory). 2029 */ 2030 error = 0; 2031 if (ip->i_effnlink < 2) { 2032 error = EINVAL; 2033 goto out; 2034 } 2035 if (dp->i_effnlink < 3) 2036 panic("ufs_dirrem: Bad link count %d on parent", 2037 dp->i_effnlink); 2038 if (!ufs_dirempty(ip, dp->i_number, cnp->cn_cred)) { 2039 error = ENOTEMPTY; 2040 goto out; 2041 } 2042 if ((dp->i_flags & APPEND) 2043 || (ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))) { 2044 error = EPERM; 2045 goto out; 2046 } 2047 if (vp->v_mountedhere != 0) { 2048 error = EINVAL; 2049 goto out; 2050 } 2051#ifdef UFS_GJOURNAL 2052 ufs_gjournal_orphan(vp); 2053#endif 2054 /* 2055 * Delete reference to directory before purging 2056 * inode. If we crash in between, the directory 2057 * will be reattached to lost+found, 2058 */ 2059 dp->i_effnlink--; 2060 ip->i_effnlink--; 2061 if (DOINGSOFTDEP(vp)) 2062 softdep_setup_rmdir(dp, ip); 2063 error = ufs_dirremove(dvp, ip, cnp->cn_flags, 1); 2064 if (error) { 2065 dp->i_effnlink++; 2066 ip->i_effnlink++; 2067 if (DOINGSOFTDEP(vp)) 2068 softdep_revert_rmdir(dp, ip); 2069 goto out; 2070 } 2071 cache_purge(dvp); 2072 /* 2073 * The only stuff left in the directory is "." and "..". The "." 2074 * reference is inconsequential since we are quashing it. The soft 2075 * dependency code will arrange to do these operations after 2076 * the parent directory entry has been deleted on disk, so 2077 * when running with that code we avoid doing them now. 2078 */ 2079 if (!DOINGSOFTDEP(vp)) { 2080 dp->i_nlink--; 2081 DIP_SET(dp, i_nlink, dp->i_nlink); 2082 dp->i_flag |= IN_CHANGE; 2083 error = UFS_UPDATE(dvp, 0); 2084 ip->i_nlink--; 2085 DIP_SET(ip, i_nlink, ip->i_nlink); 2086 ip->i_flag |= IN_CHANGE; 2087 } 2088 cache_purge(vp); 2089#ifdef UFS_DIRHASH 2090 /* Kill any active hash; i_effnlink == 0, so it will not come back. */ 2091 if (ip->i_dirhash != NULL) 2092 ufsdirhash_free(ip); 2093#endif 2094out: 2095 return (error); 2096} 2097 2098/* 2099 * symlink -- make a symbolic link 2100 */ 2101static int 2102ufs_symlink(ap) 2103 struct vop_symlink_args /* { 2104 struct vnode *a_dvp; 2105 struct vnode **a_vpp; 2106 struct componentname *a_cnp; 2107 struct vattr *a_vap; 2108 char *a_target; 2109 } */ *ap; 2110{ 2111 struct vnode *vp, **vpp = ap->a_vpp; 2112 struct inode *ip; 2113 int len, error; 2114 2115 error = ufs_makeinode(IFLNK | ap->a_vap->va_mode, ap->a_dvp, 2116 vpp, ap->a_cnp); 2117 if (error) 2118 return (error); 2119 vp = *vpp; 2120 len = strlen(ap->a_target); 2121 if (len < vp->v_mount->mnt_maxsymlinklen) { 2122 ip = VTOI(vp); 2123 bcopy(ap->a_target, SHORTLINK(ip), len); 2124 ip->i_size = len; 2125 DIP_SET(ip, i_size, len); 2126 ip->i_flag |= IN_CHANGE | IN_UPDATE; 2127 error = UFS_UPDATE(vp, 0); 2128 } else 2129 error = vn_rdwr(UIO_WRITE, vp, ap->a_target, len, (off_t)0, 2130 UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK, 2131 ap->a_cnp->cn_cred, NOCRED, NULL, NULL); 2132 if (error) 2133 vput(vp); 2134 return (error); 2135} 2136 2137/* 2138 * Vnode op for reading directories. 2139 */ 2140int 2141ufs_readdir(ap) 2142 struct vop_readdir_args /* { 2143 struct vnode *a_vp; 2144 struct uio *a_uio; 2145 struct ucred *a_cred; 2146 int *a_eofflag; 2147 int *a_ncookies; 2148 u_long **a_cookies; 2149 } */ *ap; 2150{ 2151 struct vnode *vp = ap->a_vp; 2152 struct uio *uio = ap->a_uio; 2153 struct buf *bp; 2154 struct inode *ip; 2155 struct direct *dp, *edp; 2156 u_long *cookies; 2157 struct dirent dstdp; 2158 off_t offset, startoffset; 2159 size_t readcnt, skipcnt; 2160 ssize_t startresid; 2161 int ncookies; 2162 int error; 2163 2164 if (uio->uio_offset < 0) 2165 return (EINVAL); 2166 ip = VTOI(vp); 2167 if (ip->i_effnlink == 0) 2168 return (0); 2169 if (ap->a_ncookies != NULL) { 2170 ncookies = uio->uio_resid; 2171 if (uio->uio_offset >= ip->i_size) 2172 ncookies = 0; 2173 else if (ip->i_size - uio->uio_offset < ncookies) 2174 ncookies = ip->i_size - uio->uio_offset; 2175 ncookies = ncookies / (offsetof(struct direct, d_name) + 4) + 1; 2176 cookies = malloc(ncookies * sizeof(*cookies), M_TEMP, M_WAITOK); 2177 *ap->a_ncookies = ncookies; 2178 *ap->a_cookies = cookies; 2179 } else { 2180 ncookies = 0; 2181 cookies = NULL; 2182 } 2183 offset = startoffset = uio->uio_offset; 2184 startresid = uio->uio_resid; 2185 error = 0; 2186 while (error == 0 && uio->uio_resid > 0 && 2187 uio->uio_offset < ip->i_size) { 2188 error = ffs_blkatoff(vp, uio->uio_offset, NULL, &bp); 2189 if (error) 2190 break; 2191 if (bp->b_offset + bp->b_bcount > ip->i_size) 2192 readcnt = ip->i_size - bp->b_offset; 2193 else 2194 readcnt = bp->b_bcount; 2195 skipcnt = (size_t)(uio->uio_offset - bp->b_offset) & 2196 ~(size_t)(DIRBLKSIZ - 1); 2197 offset = bp->b_offset + skipcnt; 2198 dp = (struct direct *)&bp->b_data[skipcnt]; 2199 edp = (struct direct *)&bp->b_data[readcnt]; 2200 while (error == 0 && uio->uio_resid > 0 && dp < edp) { 2201 if (dp->d_reclen <= offsetof(struct direct, d_name) || 2202 (caddr_t)dp + dp->d_reclen > (caddr_t)edp) { 2203 error = EIO; 2204 break; 2205 } 2206#if BYTE_ORDER == LITTLE_ENDIAN 2207 /* Old filesystem format. */ 2208 if (vp->v_mount->mnt_maxsymlinklen <= 0) { 2209 dstdp.d_namlen = dp->d_type; 2210 dstdp.d_type = dp->d_namlen; 2211 } else 2212#endif 2213 { 2214 dstdp.d_namlen = dp->d_namlen; 2215 dstdp.d_type = dp->d_type; 2216 } 2217 if (offsetof(struct direct, d_name) + dstdp.d_namlen > 2218 dp->d_reclen) { 2219 error = EIO; 2220 break; 2221 } 2222 if (offset < startoffset || dp->d_ino == 0) 2223 goto nextentry; 2224 dstdp.d_fileno = dp->d_ino; 2225 dstdp.d_reclen = GENERIC_DIRSIZ(&dstdp); 2226 bcopy(dp->d_name, dstdp.d_name, dstdp.d_namlen); 2227 dstdp.d_name[dstdp.d_namlen] = '\0'; 2228 if (dstdp.d_reclen > uio->uio_resid) { 2229 if (uio->uio_resid == startresid) 2230 error = EINVAL; 2231 else 2232 error = EJUSTRETURN; 2233 break; 2234 } 2235 /* Advance dp. */ 2236 error = uiomove((caddr_t)&dstdp, dstdp.d_reclen, uio); 2237 if (error) 2238 break; 2239 if (cookies != NULL) { 2240 KASSERT(ncookies > 0, 2241 ("ufs_readdir: cookies buffer too small")); 2242 *cookies = offset + dp->d_reclen; 2243 cookies++; 2244 ncookies--; 2245 } 2246nextentry: 2247 offset += dp->d_reclen; 2248 dp = (struct direct *)((caddr_t)dp + dp->d_reclen); 2249 } 2250 bqrelse(bp); 2251 uio->uio_offset = offset; 2252 } 2253 /* We need to correct uio_offset. */ 2254 uio->uio_offset = offset; 2255 if (error == EJUSTRETURN) 2256 error = 0; 2257 if (ap->a_ncookies != NULL) { 2258 if (error == 0) { 2259 ap->a_ncookies -= ncookies; 2260 } else { 2261 free(*ap->a_cookies, M_TEMP); 2262 *ap->a_ncookies = 0; 2263 *ap->a_cookies = NULL; 2264 } 2265 } 2266 if (error == 0 && ap->a_eofflag) 2267 *ap->a_eofflag = ip->i_size <= uio->uio_offset; 2268 return (error); 2269} 2270 2271/* 2272 * Return target name of a symbolic link 2273 */ 2274static int 2275ufs_readlink(ap) 2276 struct vop_readlink_args /* { 2277 struct vnode *a_vp; 2278 struct uio *a_uio; 2279 struct ucred *a_cred; 2280 } */ *ap; 2281{ 2282 struct vnode *vp = ap->a_vp; 2283 struct inode *ip = VTOI(vp); 2284 doff_t isize; 2285 2286 isize = ip->i_size; 2287 if ((isize < vp->v_mount->mnt_maxsymlinklen) || 2288 DIP(ip, i_blocks) == 0) { /* XXX - for old fastlink support */ 2289 return (uiomove(SHORTLINK(ip), isize, ap->a_uio)); 2290 } 2291 return (VOP_READ(vp, ap->a_uio, 0, ap->a_cred)); 2292} 2293 2294/* 2295 * Calculate the logical to physical mapping if not done already, 2296 * then call the device strategy routine. 2297 * 2298 * In order to be able to swap to a file, the ufs_bmaparray() operation may not 2299 * deadlock on memory. See ufs_bmap() for details. 2300 */ 2301static int 2302ufs_strategy(ap) 2303 struct vop_strategy_args /* { 2304 struct vnode *a_vp; 2305 struct buf *a_bp; 2306 } */ *ap; 2307{ 2308 struct buf *bp = ap->a_bp; 2309 struct vnode *vp = ap->a_vp; 2310 struct bufobj *bo; 2311 struct inode *ip; 2312 ufs2_daddr_t blkno; 2313 int error; 2314 2315 ip = VTOI(vp); 2316 if (bp->b_blkno == bp->b_lblkno) { 2317 error = ufs_bmaparray(vp, bp->b_lblkno, &blkno, bp, NULL, NULL); 2318 bp->b_blkno = blkno; 2319 if (error) { 2320 bp->b_error = error; 2321 bp->b_ioflags |= BIO_ERROR; 2322 bufdone(bp); 2323 return (0); 2324 } 2325 if ((long)bp->b_blkno == -1) 2326 vfs_bio_clrbuf(bp); 2327 } 2328 if ((long)bp->b_blkno == -1) { 2329 bufdone(bp); 2330 return (0); 2331 } 2332 bp->b_iooffset = dbtob(bp->b_blkno); 2333 bo = ip->i_umbufobj; 2334 BO_STRATEGY(bo, bp); 2335 return (0); 2336} 2337 2338/* 2339 * Print out the contents of an inode. 2340 */ 2341static int 2342ufs_print(ap) 2343 struct vop_print_args /* { 2344 struct vnode *a_vp; 2345 } */ *ap; 2346{ 2347 struct vnode *vp = ap->a_vp; 2348 struct inode *ip = VTOI(vp); 2349 2350 printf("\tino %lu, on dev %s", (u_long)ip->i_number, 2351 devtoname(ip->i_dev)); 2352 if (vp->v_type == VFIFO) 2353 fifo_printinfo(vp); 2354 printf("\n"); 2355 return (0); 2356} 2357 2358/* 2359 * Close wrapper for fifos. 2360 * 2361 * Update the times on the inode then do device close. 2362 */ 2363static int 2364ufsfifo_close(ap) 2365 struct vop_close_args /* { 2366 struct vnode *a_vp; 2367 int a_fflag; 2368 struct ucred *a_cred; 2369 struct thread *a_td; 2370 } */ *ap; 2371{ 2372 struct vnode *vp = ap->a_vp; 2373 int usecount; 2374 2375 VI_LOCK(vp); 2376 usecount = vp->v_usecount; 2377 if (usecount > 1) 2378 ufs_itimes_locked(vp); 2379 VI_UNLOCK(vp); 2380 return (fifo_specops.vop_close(ap)); 2381} 2382 2383/* 2384 * Kqfilter wrapper for fifos. 2385 * 2386 * Fall through to ufs kqfilter routines if needed 2387 */ 2388static int 2389ufsfifo_kqfilter(ap) 2390 struct vop_kqfilter_args *ap; 2391{ 2392 int error; 2393 2394 error = fifo_specops.vop_kqfilter(ap); 2395 if (error) 2396 error = vfs_kqfilter(ap); 2397 return (error); 2398} 2399 2400/* 2401 * Return POSIX pathconf information applicable to fifos. 2402 */ 2403static int 2404ufsfifo_pathconf(ap) 2405 struct vop_pathconf_args /* { 2406 struct vnode *a_vp; 2407 int a_name; 2408 int *a_retval; 2409 } */ *ap; 2410{ 2411 2412 switch (ap->a_name) { 2413 case _PC_ACL_EXTENDED: 2414 case _PC_ACL_NFS4: 2415 case _PC_ACL_PATH_MAX: 2416 case _PC_MAC_PRESENT: 2417 return (ufs_pathconf(ap)); 2418 default: 2419 return (fifo_specops.vop_pathconf(ap)); 2420 } 2421 /* NOTREACHED */ 2422} 2423 2424/* 2425 * Return POSIX pathconf information applicable to ufs filesystems. 2426 */ 2427static int 2428ufs_pathconf(ap) 2429 struct vop_pathconf_args /* { 2430 struct vnode *a_vp; 2431 int a_name; 2432 int *a_retval; 2433 } */ *ap; 2434{ 2435 int error; 2436 2437 error = 0; 2438 switch (ap->a_name) { 2439 case _PC_LINK_MAX: 2440 *ap->a_retval = LINK_MAX; 2441 break; 2442 case _PC_NAME_MAX: 2443 *ap->a_retval = NAME_MAX; 2444 break; 2445 case _PC_PATH_MAX: 2446 *ap->a_retval = PATH_MAX; 2447 break; 2448 case _PC_PIPE_BUF: 2449 *ap->a_retval = PIPE_BUF; 2450 break; 2451 case _PC_CHOWN_RESTRICTED: 2452 *ap->a_retval = 1; 2453 break; 2454 case _PC_NO_TRUNC: 2455 *ap->a_retval = 1; 2456 break; 2457 case _PC_ACL_EXTENDED: 2458#ifdef UFS_ACL 2459 if (ap->a_vp->v_mount->mnt_flag & MNT_ACLS) 2460 *ap->a_retval = 1; 2461 else 2462 *ap->a_retval = 0; 2463#else 2464 *ap->a_retval = 0; 2465#endif 2466 break; 2467 2468 case _PC_ACL_NFS4: 2469#ifdef UFS_ACL 2470 if (ap->a_vp->v_mount->mnt_flag & MNT_NFS4ACLS) 2471 *ap->a_retval = 1; 2472 else 2473 *ap->a_retval = 0; 2474#else 2475 *ap->a_retval = 0; 2476#endif 2477 break; 2478 2479 case _PC_ACL_PATH_MAX: 2480#ifdef UFS_ACL 2481 if (ap->a_vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS)) 2482 *ap->a_retval = ACL_MAX_ENTRIES; 2483 else 2484 *ap->a_retval = 3; 2485#else 2486 *ap->a_retval = 3; 2487#endif 2488 break; 2489 case _PC_MAC_PRESENT: 2490#ifdef MAC 2491 if (ap->a_vp->v_mount->mnt_flag & MNT_MULTILABEL) 2492 *ap->a_retval = 1; 2493 else 2494 *ap->a_retval = 0; 2495#else 2496 *ap->a_retval = 0; 2497#endif 2498 break; 2499 case _PC_MIN_HOLE_SIZE: 2500 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2501 break; 2502 case _PC_ASYNC_IO: 2503 /* _PC_ASYNC_IO should have been handled by upper layers. */ 2504 KASSERT(0, ("_PC_ASYNC_IO should not get here")); 2505 error = EINVAL; 2506 break; 2507 case _PC_PRIO_IO: 2508 *ap->a_retval = 0; 2509 break; 2510 case _PC_SYNC_IO: 2511 *ap->a_retval = 0; 2512 break; 2513 case _PC_ALLOC_SIZE_MIN: 2514 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_bsize; 2515 break; 2516 case _PC_FILESIZEBITS: 2517 *ap->a_retval = 64; 2518 break; 2519 case _PC_REC_INCR_XFER_SIZE: 2520 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2521 break; 2522 case _PC_REC_MAX_XFER_SIZE: 2523 *ap->a_retval = -1; /* means ``unlimited'' */ 2524 break; 2525 case _PC_REC_MIN_XFER_SIZE: 2526 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2527 break; 2528 case _PC_REC_XFER_ALIGN: 2529 *ap->a_retval = PAGE_SIZE; 2530 break; 2531 case _PC_SYMLINK_MAX: 2532 *ap->a_retval = MAXPATHLEN; 2533 break; 2534 2535 default: 2536 error = EINVAL; 2537 break; 2538 } 2539 return (error); 2540} 2541 2542/* 2543 * Initialize the vnode associated with a new inode, handle aliased 2544 * vnodes. 2545 */ 2546int 2547ufs_vinit(mntp, fifoops, vpp) 2548 struct mount *mntp; 2549 struct vop_vector *fifoops; 2550 struct vnode **vpp; 2551{ 2552 struct inode *ip; 2553 struct vnode *vp; 2554 2555 vp = *vpp; 2556 ip = VTOI(vp); 2557 vp->v_type = IFTOVT(ip->i_mode); 2558 if (vp->v_type == VFIFO) 2559 vp->v_op = fifoops; 2560 ASSERT_VOP_LOCKED(vp, "ufs_vinit"); 2561 if (ip->i_number == ROOTINO) 2562 vp->v_vflag |= VV_ROOT; 2563 *vpp = vp; 2564 return (0); 2565} 2566 2567/* 2568 * Allocate a new inode. 2569 * Vnode dvp must be locked. 2570 */ 2571static int 2572ufs_makeinode(mode, dvp, vpp, cnp) 2573 int mode; 2574 struct vnode *dvp; 2575 struct vnode **vpp; 2576 struct componentname *cnp; 2577{ 2578 struct inode *ip, *pdir; 2579 struct direct newdir; 2580 struct vnode *tvp; 2581 int error; 2582 2583 pdir = VTOI(dvp); 2584#ifdef INVARIANTS 2585 if ((cnp->cn_flags & HASBUF) == 0) 2586 panic("ufs_makeinode: no name"); 2587#endif 2588 *vpp = NULL; 2589 if ((mode & IFMT) == 0) 2590 mode |= IFREG; 2591 2592 if (VTOI(dvp)->i_effnlink < 2) 2593 panic("ufs_makeinode: Bad link count %d on parent", 2594 VTOI(dvp)->i_effnlink); 2595 error = UFS_VALLOC(dvp, mode, cnp->cn_cred, &tvp); 2596 if (error) 2597 return (error); 2598 ip = VTOI(tvp); 2599 ip->i_gid = pdir->i_gid; 2600 DIP_SET(ip, i_gid, pdir->i_gid); 2601#ifdef SUIDDIR 2602 { 2603#ifdef QUOTA 2604 struct ucred ucred, *ucp; 2605 gid_t ucred_group; 2606 ucp = cnp->cn_cred; 2607#endif 2608 /* 2609 * If we are not the owner of the directory, 2610 * and we are hacking owners here, (only do this where told to) 2611 * and we are not giving it TO root, (would subvert quotas) 2612 * then go ahead and give it to the other user. 2613 * Note that this drops off the execute bits for security. 2614 */ 2615 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) && 2616 (pdir->i_mode & ISUID) && 2617 (pdir->i_uid != cnp->cn_cred->cr_uid) && pdir->i_uid) { 2618 ip->i_uid = pdir->i_uid; 2619 DIP_SET(ip, i_uid, ip->i_uid); 2620 mode &= ~07111; 2621#ifdef QUOTA 2622 /* 2623 * Make sure the correct user gets charged 2624 * for the space. 2625 * Quickly knock up a dummy credential for the victim. 2626 * XXX This seems to never be accessed out of our 2627 * context so a stack variable is ok. 2628 */ 2629 refcount_init(&ucred.cr_ref, 1); 2630 ucred.cr_uid = ip->i_uid; 2631 ucred.cr_ngroups = 1; 2632 ucred.cr_groups = &ucred_group; 2633 ucred.cr_groups[0] = pdir->i_gid; 2634 ucp = &ucred; 2635#endif 2636 } else { 2637 ip->i_uid = cnp->cn_cred->cr_uid; 2638 DIP_SET(ip, i_uid, ip->i_uid); 2639 } 2640 2641#ifdef QUOTA 2642 if ((error = getinoquota(ip)) || 2643 (error = chkiq(ip, 1, ucp, 0))) { 2644 if (DOINGSOFTDEP(tvp)) 2645 softdep_revert_link(pdir, ip); 2646 UFS_VFREE(tvp, ip->i_number, mode); 2647 vput(tvp); 2648 return (error); 2649 } 2650#endif 2651 } 2652#else /* !SUIDDIR */ 2653 ip->i_uid = cnp->cn_cred->cr_uid; 2654 DIP_SET(ip, i_uid, ip->i_uid); 2655#ifdef QUOTA 2656 if ((error = getinoquota(ip)) || 2657 (error = chkiq(ip, 1, cnp->cn_cred, 0))) { 2658 if (DOINGSOFTDEP(tvp)) 2659 softdep_revert_link(pdir, ip); 2660 UFS_VFREE(tvp, ip->i_number, mode); 2661 vput(tvp); 2662 return (error); 2663 } 2664#endif 2665#endif /* !SUIDDIR */ 2666 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE; 2667 ip->i_mode = mode; 2668 DIP_SET(ip, i_mode, mode); 2669 tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */ 2670 ip->i_effnlink = 1; 2671 ip->i_nlink = 1; 2672 DIP_SET(ip, i_nlink, 1); 2673 if (DOINGSOFTDEP(tvp)) 2674 softdep_setup_create(VTOI(dvp), ip); 2675 if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) && 2676 priv_check_cred(cnp->cn_cred, PRIV_VFS_SETGID, 0)) { 2677 ip->i_mode &= ~ISGID; 2678 DIP_SET(ip, i_mode, ip->i_mode); 2679 } 2680 2681 if (cnp->cn_flags & ISWHITEOUT) { 2682 ip->i_flags |= UF_OPAQUE; 2683 DIP_SET(ip, i_flags, ip->i_flags); 2684 } 2685 2686 /* 2687 * Make sure inode goes to disk before directory entry. 2688 */ 2689 error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(tvp) | DOINGASYNC(tvp))); 2690 if (error) 2691 goto bad; 2692#ifdef MAC 2693 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) { 2694 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount, 2695 dvp, tvp, cnp); 2696 if (error) 2697 goto bad; 2698 } 2699#endif 2700#ifdef UFS_ACL 2701 if (dvp->v_mount->mnt_flag & MNT_ACLS) { 2702 error = ufs_do_posix1e_acl_inheritance_file(dvp, tvp, mode, 2703 cnp->cn_cred, cnp->cn_thread); 2704 if (error) 2705 goto bad; 2706 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) { 2707 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, mode, 2708 cnp->cn_cred, cnp->cn_thread); 2709 if (error) 2710 goto bad; 2711 } 2712#endif /* !UFS_ACL */ 2713 ufs_makedirentry(ip, cnp, &newdir); 2714 error = ufs_direnter(dvp, tvp, &newdir, cnp, NULL, 0); 2715 if (error) 2716 goto bad; 2717 *vpp = tvp; 2718 return (0); 2719 2720bad: 2721 /* 2722 * Write error occurred trying to update the inode 2723 * or the directory so must deallocate the inode. 2724 */ 2725 ip->i_effnlink = 0; 2726 ip->i_nlink = 0; 2727 DIP_SET(ip, i_nlink, 0); 2728 ip->i_flag |= IN_CHANGE; 2729 if (DOINGSOFTDEP(tvp)) 2730 softdep_revert_create(VTOI(dvp), ip); 2731 vput(tvp); 2732 return (error); 2733} 2734 2735static int 2736ufs_ioctl(struct vop_ioctl_args *ap) 2737{ 2738 2739 switch (ap->a_command) { 2740 case FIOSEEKDATA: 2741 case FIOSEEKHOLE: 2742 return (vn_bmap_seekhole(ap->a_vp, ap->a_command, 2743 (off_t *)ap->a_data, ap->a_cred)); 2744 default: 2745 return (ENOTTY); 2746 } 2747} 2748 2749/* Global vfs data structures for ufs. */ 2750struct vop_vector ufs_vnodeops = { 2751 .vop_default = &default_vnodeops, 2752 .vop_fsync = VOP_PANIC, 2753 .vop_read = VOP_PANIC, 2754 .vop_reallocblks = VOP_PANIC, 2755 .vop_write = VOP_PANIC, 2756 .vop_accessx = ufs_accessx, 2757 .vop_bmap = ufs_bmap, 2758 .vop_cachedlookup = ufs_lookup, 2759 .vop_close = ufs_close, 2760 .vop_create = ufs_create, 2761 .vop_getattr = ufs_getattr, 2762 .vop_inactive = ufs_inactive, 2763 .vop_ioctl = ufs_ioctl, 2764 .vop_link = ufs_link, 2765 .vop_lookup = vfs_cache_lookup, 2766 .vop_markatime = ufs_markatime, 2767 .vop_mkdir = ufs_mkdir, 2768 .vop_mknod = ufs_mknod, 2769 .vop_open = ufs_open, 2770 .vop_pathconf = ufs_pathconf, 2771 .vop_poll = vop_stdpoll, 2772 .vop_print = ufs_print, 2773 .vop_readdir = ufs_readdir, 2774 .vop_readlink = ufs_readlink, 2775 .vop_reclaim = ufs_reclaim, 2776 .vop_remove = ufs_remove, 2777 .vop_rename = ufs_rename, 2778 .vop_rmdir = ufs_rmdir, 2779 .vop_setattr = ufs_setattr, 2780#ifdef MAC 2781 .vop_setlabel = vop_stdsetlabel_ea, 2782#endif 2783 .vop_strategy = ufs_strategy, 2784 .vop_symlink = ufs_symlink, 2785 .vop_whiteout = ufs_whiteout, 2786#ifdef UFS_EXTATTR 2787 .vop_getextattr = ufs_getextattr, 2788 .vop_deleteextattr = ufs_deleteextattr, 2789 .vop_setextattr = ufs_setextattr, 2790#endif 2791#ifdef UFS_ACL 2792 .vop_getacl = ufs_getacl, 2793 .vop_setacl = ufs_setacl, 2794 .vop_aclcheck = ufs_aclcheck, 2795#endif 2796}; 2797 2798struct vop_vector ufs_fifoops = { 2799 .vop_default = &fifo_specops, 2800 .vop_fsync = VOP_PANIC, 2801 .vop_accessx = ufs_accessx, 2802 .vop_close = ufsfifo_close, 2803 .vop_getattr = ufs_getattr, 2804 .vop_inactive = ufs_inactive, 2805 .vop_kqfilter = ufsfifo_kqfilter, 2806 .vop_markatime = ufs_markatime, 2807 .vop_pathconf = ufsfifo_pathconf, 2808 .vop_print = ufs_print, 2809 .vop_read = VOP_PANIC, 2810 .vop_reclaim = ufs_reclaim, 2811 .vop_setattr = ufs_setattr, 2812#ifdef MAC 2813 .vop_setlabel = vop_stdsetlabel_ea, 2814#endif 2815 .vop_write = VOP_PANIC, 2816#ifdef UFS_EXTATTR 2817 .vop_getextattr = ufs_getextattr, 2818 .vop_deleteextattr = ufs_deleteextattr, 2819 .vop_setextattr = ufs_setextattr, 2820#endif 2821#ifdef UFS_ACL 2822 .vop_getacl = ufs_getacl, 2823 .vop_setacl = ufs_setacl, 2824 .vop_aclcheck = ufs_aclcheck, 2825#endif 2826}; 2827