1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1982, 1986, 1989, 1993, 1995 5 * The Regents of the University of California. All rights reserved. 6 * (c) UNIX System Laboratories, Inc. 7 * All or some portions of this file are derived from material licensed 8 * to the University of California by American Telephone and Telegraph 9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 10 * the permission of UNIX System Laboratories, Inc. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)ufs_vnops.c 8.27 (Berkeley) 5/27/95 37 */ 38 39 #include <sys/cdefs.h> 40 __FBSDID("$FreeBSD$"); 41 42 #include "opt_quota.h" 43 #include "opt_suiddir.h" 44 #include "opt_ufs.h" 45 #include "opt_ffs.h" 46 47 #include <sys/param.h> 48 #include <sys/systm.h> 49 #include <sys/malloc.h> 50 #include <sys/namei.h> 51 #include <sys/kernel.h> 52 #include <sys/fcntl.h> 53 #include <sys/filio.h> 54 #include <sys/stat.h> 55 #include <sys/bio.h> 56 #include <sys/buf.h> 57 #include <sys/mount.h> 58 #include <sys/priv.h> 59 #include <sys/refcount.h> 60 #include <sys/unistd.h> 61 #include <sys/vnode.h> 62 #include <sys/dirent.h> 63 #include <sys/lockf.h> 64 #include <sys/conf.h> 65 #include <sys/acl.h> 66 67 #include <security/mac/mac_framework.h> 68 69 #include <sys/file.h> /* XXX */ 70 71 #include <vm/vm.h> 72 #include <vm/vm_extern.h> 73 74 #include <ufs/ufs/acl.h> 75 #include <ufs/ufs/extattr.h> 76 #include <ufs/ufs/quota.h> 77 #include <ufs/ufs/inode.h> 78 #include <ufs/ufs/dir.h> 79 #include <ufs/ufs/ufsmount.h> 80 #include <ufs/ufs/ufs_extern.h> 81 #ifdef UFS_DIRHASH 82 #include <ufs/ufs/dirhash.h> 83 #endif 84 #ifdef UFS_GJOURNAL 85 #include <ufs/ufs/gjournal.h> 86 FEATURE(ufs_gjournal, "Journaling support through GEOM for UFS"); 87 #endif 88 89 #ifdef QUOTA 90 FEATURE(ufs_quota, "UFS disk quotas support"); 91 FEATURE(ufs_quota64, "64bit UFS disk quotas support"); 92 #endif 93 94 #ifdef SUIDDIR 95 FEATURE(suiddir, 96 "Give all new files in directory the same ownership as the directory"); 97 #endif 98 99 100 #include <ufs/ffs/ffs_extern.h> 101 102 static vop_accessx_t ufs_accessx; 103 static int ufs_chmod(struct vnode *, int, struct ucred *, struct thread *); 104 static int ufs_chown(struct vnode *, uid_t, gid_t, struct ucred *, struct thread *); 105 static vop_close_t ufs_close; 106 static vop_create_t ufs_create; 107 static vop_getattr_t ufs_getattr; 108 static vop_ioctl_t ufs_ioctl; 109 static vop_link_t ufs_link; 110 static int ufs_makeinode(int mode, struct vnode *, struct vnode **, struct componentname *, const char *); 111 static vop_markatime_t ufs_markatime; 112 static vop_mkdir_t ufs_mkdir; 113 static vop_mknod_t ufs_mknod; 114 static vop_open_t ufs_open; 115 static vop_pathconf_t ufs_pathconf; 116 static vop_print_t ufs_print; 117 static vop_readlink_t ufs_readlink; 118 static vop_remove_t ufs_remove; 119 static vop_rename_t ufs_rename; 120 static vop_rmdir_t ufs_rmdir; 121 static vop_setattr_t ufs_setattr; 122 static vop_strategy_t ufs_strategy; 123 static vop_symlink_t ufs_symlink; 124 static vop_whiteout_t ufs_whiteout; 125 static vop_close_t ufsfifo_close; 126 static vop_kqfilter_t ufsfifo_kqfilter; 127 128 SYSCTL_NODE(_vfs, OID_AUTO, ufs, CTLFLAG_RD, 0, "UFS filesystem"); 129 130 /* 131 * A virgin directory (no blushing please). 132 */ 133 static struct dirtemplate mastertemplate = { 134 0, 12, DT_DIR, 1, ".", 135 0, DIRBLKSIZ - 12, DT_DIR, 2, ".." 136 }; 137 static struct odirtemplate omastertemplate = { 138 0, 12, 1, ".", 139 0, DIRBLKSIZ - 12, 2, ".." 140 }; 141 142 static void 143 ufs_itimes_locked(struct vnode *vp) 144 { 145 struct inode *ip; 146 struct timespec ts; 147 148 ASSERT_VI_LOCKED(vp, __func__); 149 150 ip = VTOI(vp); 151 if (UFS_RDONLY(ip)) 152 goto out; 153 if ((ip->i_flag & (IN_ACCESS | IN_CHANGE | IN_UPDATE)) == 0) 154 return; 155 156 if ((vp->v_type == VBLK || vp->v_type == VCHR) && !DOINGSOFTDEP(vp)) 157 ip->i_flag |= IN_LAZYMOD; 158 else if (((vp->v_mount->mnt_kern_flag & 159 (MNTK_SUSPENDED | MNTK_SUSPEND)) == 0) || 160 (ip->i_flag & (IN_CHANGE | IN_UPDATE))) 161 ip->i_flag |= IN_MODIFIED; 162 else if (ip->i_flag & IN_ACCESS) 163 ip->i_flag |= IN_LAZYACCESS; 164 vfs_timestamp(&ts); 165 if (ip->i_flag & IN_ACCESS) { 166 DIP_SET(ip, i_atime, ts.tv_sec); 167 DIP_SET(ip, i_atimensec, ts.tv_nsec); 168 } 169 if (ip->i_flag & IN_UPDATE) { 170 DIP_SET(ip, i_mtime, ts.tv_sec); 171 DIP_SET(ip, i_mtimensec, ts.tv_nsec); 172 } 173 if (ip->i_flag & IN_CHANGE) { 174 DIP_SET(ip, i_ctime, ts.tv_sec); 175 DIP_SET(ip, i_ctimensec, ts.tv_nsec); 176 DIP_SET(ip, i_modrev, DIP(ip, i_modrev) + 1); 177 } 178 179 out: 180 ip->i_flag &= ~(IN_ACCESS | IN_CHANGE | IN_UPDATE); 181 } 182 183 void 184 ufs_itimes(struct vnode *vp) 185 { 186 187 VI_LOCK(vp); 188 ufs_itimes_locked(vp); 189 VI_UNLOCK(vp); 190 } 191 192 /* 193 * Create a regular file 194 */ 195 static int 196 ufs_create(ap) 197 struct vop_create_args /* { 198 struct vnode *a_dvp; 199 struct vnode **a_vpp; 200 struct componentname *a_cnp; 201 struct vattr *a_vap; 202 } */ *ap; 203 { 204 int error; 205 206 error = 207 ufs_makeinode(MAKEIMODE(ap->a_vap->va_type, ap->a_vap->va_mode), 208 ap->a_dvp, ap->a_vpp, ap->a_cnp, "ufs_create"); 209 if (error != 0) 210 return (error); 211 if ((ap->a_cnp->cn_flags & MAKEENTRY) != 0) 212 cache_enter(ap->a_dvp, *ap->a_vpp, ap->a_cnp); 213 return (0); 214 } 215 216 /* 217 * Mknod vnode call 218 */ 219 /* ARGSUSED */ 220 static int 221 ufs_mknod(ap) 222 struct vop_mknod_args /* { 223 struct vnode *a_dvp; 224 struct vnode **a_vpp; 225 struct componentname *a_cnp; 226 struct vattr *a_vap; 227 } */ *ap; 228 { 229 struct vattr *vap = ap->a_vap; 230 struct vnode **vpp = ap->a_vpp; 231 struct inode *ip; 232 ino_t ino; 233 int error; 234 235 error = ufs_makeinode(MAKEIMODE(vap->va_type, vap->va_mode), 236 ap->a_dvp, vpp, ap->a_cnp, "ufs_mknod"); 237 if (error) 238 return (error); 239 ip = VTOI(*vpp); 240 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE; 241 if (vap->va_rdev != VNOVAL) { 242 /* 243 * Want to be able to use this to make badblock 244 * inodes, so don't truncate the dev number. 245 */ 246 DIP_SET(ip, i_rdev, vap->va_rdev); 247 } 248 /* 249 * Remove inode, then reload it through VFS_VGET so it is 250 * checked to see if it is an alias of an existing entry in 251 * the inode cache. XXX I don't believe this is necessary now. 252 */ 253 (*vpp)->v_type = VNON; 254 ino = ip->i_number; /* Save this before vgone() invalidates ip. */ 255 vgone(*vpp); 256 vput(*vpp); 257 error = VFS_VGET(ap->a_dvp->v_mount, ino, LK_EXCLUSIVE, vpp); 258 if (error) { 259 *vpp = NULL; 260 return (error); 261 } 262 return (0); 263 } 264 265 /* 266 * Open called. 267 */ 268 /* ARGSUSED */ 269 static int 270 ufs_open(struct vop_open_args *ap) 271 { 272 struct vnode *vp = ap->a_vp; 273 struct inode *ip; 274 275 if (vp->v_type == VCHR || vp->v_type == VBLK) 276 return (EOPNOTSUPP); 277 278 ip = VTOI(vp); 279 /* 280 * Files marked append-only must be opened for appending. 281 */ 282 if ((ip->i_flags & APPEND) && 283 (ap->a_mode & (FWRITE | O_APPEND)) == FWRITE) 284 return (EPERM); 285 vnode_create_vobject(vp, DIP(ip, i_size), ap->a_td); 286 return (0); 287 } 288 289 /* 290 * Close called. 291 * 292 * Update the times on the inode. 293 */ 294 /* ARGSUSED */ 295 static int 296 ufs_close(ap) 297 struct vop_close_args /* { 298 struct vnode *a_vp; 299 int a_fflag; 300 struct ucred *a_cred; 301 struct thread *a_td; 302 } */ *ap; 303 { 304 struct vnode *vp = ap->a_vp; 305 int usecount; 306 307 VI_LOCK(vp); 308 usecount = vp->v_usecount; 309 if (usecount > 1) 310 ufs_itimes_locked(vp); 311 VI_UNLOCK(vp); 312 return (0); 313 } 314 315 static int 316 ufs_accessx(ap) 317 struct vop_accessx_args /* { 318 struct vnode *a_vp; 319 accmode_t a_accmode; 320 struct ucred *a_cred; 321 struct thread *a_td; 322 } */ *ap; 323 { 324 struct vnode *vp = ap->a_vp; 325 struct inode *ip = VTOI(vp); 326 accmode_t accmode = ap->a_accmode; 327 int error; 328 #ifdef QUOTA 329 int relocked; 330 #endif 331 #ifdef UFS_ACL 332 struct acl *acl; 333 acl_type_t type; 334 #endif 335 336 /* 337 * Disallow write attempts on read-only filesystems; 338 * unless the file is a socket, fifo, or a block or 339 * character device resident on the filesystem. 340 */ 341 if (accmode & VMODIFY_PERMS) { 342 switch (vp->v_type) { 343 case VDIR: 344 case VLNK: 345 case VREG: 346 if (vp->v_mount->mnt_flag & MNT_RDONLY) 347 return (EROFS); 348 #ifdef QUOTA 349 /* 350 * Inode is accounted in the quotas only if struct 351 * dquot is attached to it. VOP_ACCESS() is called 352 * from vn_open_cred() and provides a convenient 353 * point to call getinoquota(). 354 */ 355 if (VOP_ISLOCKED(vp) != LK_EXCLUSIVE) { 356 357 /* 358 * Upgrade vnode lock, since getinoquota() 359 * requires exclusive lock to modify inode. 360 */ 361 relocked = 1; 362 vhold(vp); 363 vn_lock(vp, LK_UPGRADE | LK_RETRY); 364 VI_LOCK(vp); 365 if (vp->v_iflag & VI_DOOMED) { 366 vdropl(vp); 367 error = ENOENT; 368 goto relock; 369 } 370 vdropl(vp); 371 } else 372 relocked = 0; 373 error = getinoquota(ip); 374 relock: 375 if (relocked) 376 vn_lock(vp, LK_DOWNGRADE | LK_RETRY); 377 if (error != 0) 378 return (error); 379 #endif 380 break; 381 default: 382 break; 383 } 384 } 385 386 /* 387 * If immutable bit set, nobody gets to write it. "& ~VADMIN_PERMS" 388 * permits the owner of the file to remove the IMMUTABLE flag. 389 */ 390 if ((accmode & (VMODIFY_PERMS & ~VADMIN_PERMS)) && 391 (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT))) 392 return (EPERM); 393 394 #ifdef UFS_ACL 395 if ((vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS)) != 0) { 396 if (vp->v_mount->mnt_flag & MNT_NFS4ACLS) 397 type = ACL_TYPE_NFS4; 398 else 399 type = ACL_TYPE_ACCESS; 400 401 acl = acl_alloc(M_WAITOK); 402 if (type == ACL_TYPE_NFS4) 403 error = ufs_getacl_nfs4_internal(vp, acl, ap->a_td); 404 else 405 error = VOP_GETACL(vp, type, acl, ap->a_cred, ap->a_td); 406 switch (error) { 407 case 0: 408 if (type == ACL_TYPE_NFS4) { 409 error = vaccess_acl_nfs4(vp->v_type, ip->i_uid, 410 ip->i_gid, acl, accmode, ap->a_cred, NULL); 411 } else { 412 error = vfs_unixify_accmode(&accmode); 413 if (error == 0) 414 error = vaccess_acl_posix1e(vp->v_type, ip->i_uid, 415 ip->i_gid, acl, accmode, ap->a_cred, NULL); 416 } 417 break; 418 default: 419 if (error != EOPNOTSUPP) 420 printf( 421 "ufs_accessx(): Error retrieving ACL on object (%d).\n", 422 error); 423 /* 424 * XXX: Fall back until debugged. Should 425 * eventually possibly log an error, and return 426 * EPERM for safety. 427 */ 428 error = vfs_unixify_accmode(&accmode); 429 if (error == 0) 430 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, 431 ip->i_gid, accmode, ap->a_cred, NULL); 432 } 433 acl_free(acl); 434 435 return (error); 436 } 437 #endif /* !UFS_ACL */ 438 error = vfs_unixify_accmode(&accmode); 439 if (error == 0) 440 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, ip->i_gid, 441 accmode, ap->a_cred, NULL); 442 return (error); 443 } 444 445 /* ARGSUSED */ 446 static int 447 ufs_getattr(ap) 448 struct vop_getattr_args /* { 449 struct vnode *a_vp; 450 struct vattr *a_vap; 451 struct ucred *a_cred; 452 } */ *ap; 453 { 454 struct vnode *vp = ap->a_vp; 455 struct inode *ip = VTOI(vp); 456 struct vattr *vap = ap->a_vap; 457 458 VI_LOCK(vp); 459 ufs_itimes_locked(vp); 460 if (I_IS_UFS1(ip)) { 461 vap->va_atime.tv_sec = ip->i_din1->di_atime; 462 vap->va_atime.tv_nsec = ip->i_din1->di_atimensec; 463 } else { 464 vap->va_atime.tv_sec = ip->i_din2->di_atime; 465 vap->va_atime.tv_nsec = ip->i_din2->di_atimensec; 466 } 467 VI_UNLOCK(vp); 468 /* 469 * Copy from inode table 470 */ 471 vap->va_fsid = dev2udev(ITOUMP(ip)->um_dev); 472 vap->va_fileid = ip->i_number; 473 vap->va_mode = ip->i_mode & ~IFMT; 474 vap->va_nlink = ip->i_effnlink; 475 vap->va_uid = ip->i_uid; 476 vap->va_gid = ip->i_gid; 477 if (I_IS_UFS1(ip)) { 478 vap->va_rdev = ip->i_din1->di_rdev; 479 vap->va_size = ip->i_din1->di_size; 480 vap->va_mtime.tv_sec = ip->i_din1->di_mtime; 481 vap->va_mtime.tv_nsec = ip->i_din1->di_mtimensec; 482 vap->va_ctime.tv_sec = ip->i_din1->di_ctime; 483 vap->va_ctime.tv_nsec = ip->i_din1->di_ctimensec; 484 vap->va_bytes = dbtob((u_quad_t)ip->i_din1->di_blocks); 485 vap->va_filerev = ip->i_din1->di_modrev; 486 } else { 487 vap->va_rdev = ip->i_din2->di_rdev; 488 vap->va_size = ip->i_din2->di_size; 489 vap->va_mtime.tv_sec = ip->i_din2->di_mtime; 490 vap->va_mtime.tv_nsec = ip->i_din2->di_mtimensec; 491 vap->va_ctime.tv_sec = ip->i_din2->di_ctime; 492 vap->va_ctime.tv_nsec = ip->i_din2->di_ctimensec; 493 vap->va_birthtime.tv_sec = ip->i_din2->di_birthtime; 494 vap->va_birthtime.tv_nsec = ip->i_din2->di_birthnsec; 495 vap->va_bytes = dbtob((u_quad_t)ip->i_din2->di_blocks); 496 vap->va_filerev = ip->i_din2->di_modrev; 497 } 498 vap->va_flags = ip->i_flags; 499 vap->va_gen = ip->i_gen; 500 vap->va_blocksize = vp->v_mount->mnt_stat.f_iosize; 501 vap->va_type = IFTOVT(ip->i_mode); 502 return (0); 503 } 504 505 /* 506 * Set attribute vnode op. called from several syscalls 507 */ 508 static int 509 ufs_setattr(ap) 510 struct vop_setattr_args /* { 511 struct vnode *a_vp; 512 struct vattr *a_vap; 513 struct ucred *a_cred; 514 } */ *ap; 515 { 516 struct vattr *vap = ap->a_vap; 517 struct vnode *vp = ap->a_vp; 518 struct inode *ip = VTOI(vp); 519 struct ucred *cred = ap->a_cred; 520 struct thread *td = curthread; 521 int error; 522 523 /* 524 * Check for unsettable attributes. 525 */ 526 if ((vap->va_type != VNON) || (vap->va_nlink != VNOVAL) || 527 (vap->va_fsid != VNOVAL) || (vap->va_fileid != VNOVAL) || 528 (vap->va_blocksize != VNOVAL) || (vap->va_rdev != VNOVAL) || 529 ((int)vap->va_bytes != VNOVAL) || (vap->va_gen != VNOVAL)) { 530 return (EINVAL); 531 } 532 if (vap->va_flags != VNOVAL) { 533 if ((vap->va_flags & ~(SF_APPEND | SF_ARCHIVED | SF_IMMUTABLE | 534 SF_NOUNLINK | SF_SNAPSHOT | UF_APPEND | UF_ARCHIVE | 535 UF_HIDDEN | UF_IMMUTABLE | UF_NODUMP | UF_NOUNLINK | 536 UF_OFFLINE | UF_OPAQUE | UF_READONLY | UF_REPARSE | 537 UF_SPARSE | UF_SYSTEM)) != 0) 538 return (EOPNOTSUPP); 539 if (vp->v_mount->mnt_flag & MNT_RDONLY) 540 return (EROFS); 541 /* 542 * Callers may only modify the file flags on objects they 543 * have VADMIN rights for. 544 */ 545 if ((error = VOP_ACCESS(vp, VADMIN, cred, td))) 546 return (error); 547 /* 548 * Unprivileged processes are not permitted to unset system 549 * flags, or modify flags if any system flags are set. 550 * Privileged non-jail processes may not modify system flags 551 * if securelevel > 0 and any existing system flags are set. 552 * Privileged jail processes behave like privileged non-jail 553 * processes if the PR_ALLOW_CHFLAGS permission bit is set; 554 * otherwise, they behave like unprivileged processes. 555 */ 556 if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0)) { 557 if (ip->i_flags & 558 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) { 559 error = securelevel_gt(cred, 0); 560 if (error) 561 return (error); 562 } 563 /* The snapshot flag cannot be toggled. */ 564 if ((vap->va_flags ^ ip->i_flags) & SF_SNAPSHOT) 565 return (EPERM); 566 } else { 567 if (ip->i_flags & 568 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND) || 569 ((vap->va_flags ^ ip->i_flags) & SF_SETTABLE)) 570 return (EPERM); 571 } 572 ip->i_flags = vap->va_flags; 573 DIP_SET(ip, i_flags, vap->va_flags); 574 ip->i_flag |= IN_CHANGE; 575 error = UFS_UPDATE(vp, 0); 576 if (ip->i_flags & (IMMUTABLE | APPEND)) 577 return (error); 578 } 579 /* 580 * If immutable or append, no one can change any of its attributes 581 * except the ones already handled (in some cases, file flags 582 * including the immutability flags themselves for the superuser). 583 */ 584 if (ip->i_flags & (IMMUTABLE | APPEND)) 585 return (EPERM); 586 /* 587 * Go through the fields and update iff not VNOVAL. 588 */ 589 if (vap->va_uid != (uid_t)VNOVAL || vap->va_gid != (gid_t)VNOVAL) { 590 if (vp->v_mount->mnt_flag & MNT_RDONLY) 591 return (EROFS); 592 if ((error = ufs_chown(vp, vap->va_uid, vap->va_gid, cred, 593 td)) != 0) 594 return (error); 595 } 596 if (vap->va_size != VNOVAL) { 597 /* 598 * XXX most of the following special cases should be in 599 * callers instead of in N filesystems. The VDIR check 600 * mostly already is. 601 */ 602 switch (vp->v_type) { 603 case VDIR: 604 return (EISDIR); 605 case VLNK: 606 case VREG: 607 /* 608 * Truncation should have an effect in these cases. 609 * Disallow it if the filesystem is read-only or 610 * the file is being snapshotted. 611 */ 612 if (vp->v_mount->mnt_flag & MNT_RDONLY) 613 return (EROFS); 614 if ((ip->i_flags & SF_SNAPSHOT) != 0) 615 return (EPERM); 616 break; 617 default: 618 /* 619 * According to POSIX, the result is unspecified 620 * for file types other than regular files, 621 * directories and shared memory objects. We 622 * don't support shared memory objects in the file 623 * system, and have dubious support for truncating 624 * symlinks. Just ignore the request in other cases. 625 */ 626 return (0); 627 } 628 if ((error = UFS_TRUNCATE(vp, vap->va_size, IO_NORMAL | 629 ((vap->va_vaflags & VA_SYNC) != 0 ? IO_SYNC : 0), 630 cred)) != 0) 631 return (error); 632 } 633 if (vap->va_atime.tv_sec != VNOVAL || 634 vap->va_mtime.tv_sec != VNOVAL || 635 vap->va_birthtime.tv_sec != VNOVAL) { 636 if (vp->v_mount->mnt_flag & MNT_RDONLY) 637 return (EROFS); 638 if ((ip->i_flags & SF_SNAPSHOT) != 0) 639 return (EPERM); 640 error = vn_utimes_perm(vp, vap, cred, td); 641 if (error != 0) 642 return (error); 643 ip->i_flag |= IN_CHANGE | IN_MODIFIED; 644 if (vap->va_atime.tv_sec != VNOVAL) { 645 ip->i_flag &= ~IN_ACCESS; 646 DIP_SET(ip, i_atime, vap->va_atime.tv_sec); 647 DIP_SET(ip, i_atimensec, vap->va_atime.tv_nsec); 648 } 649 if (vap->va_mtime.tv_sec != VNOVAL) { 650 ip->i_flag &= ~IN_UPDATE; 651 DIP_SET(ip, i_mtime, vap->va_mtime.tv_sec); 652 DIP_SET(ip, i_mtimensec, vap->va_mtime.tv_nsec); 653 } 654 if (vap->va_birthtime.tv_sec != VNOVAL && I_IS_UFS2(ip)) { 655 ip->i_din2->di_birthtime = vap->va_birthtime.tv_sec; 656 ip->i_din2->di_birthnsec = vap->va_birthtime.tv_nsec; 657 } 658 error = UFS_UPDATE(vp, 0); 659 if (error) 660 return (error); 661 } 662 error = 0; 663 if (vap->va_mode != (mode_t)VNOVAL) { 664 if (vp->v_mount->mnt_flag & MNT_RDONLY) 665 return (EROFS); 666 if ((ip->i_flags & SF_SNAPSHOT) != 0 && (vap->va_mode & 667 (S_IXUSR | S_IWUSR | S_IXGRP | S_IWGRP | S_IXOTH | S_IWOTH))) 668 return (EPERM); 669 error = ufs_chmod(vp, (int)vap->va_mode, cred, td); 670 } 671 return (error); 672 } 673 674 #ifdef UFS_ACL 675 static int 676 ufs_update_nfs4_acl_after_mode_change(struct vnode *vp, int mode, 677 int file_owner_id, struct ucred *cred, struct thread *td) 678 { 679 int error; 680 struct acl *aclp; 681 682 aclp = acl_alloc(M_WAITOK); 683 error = ufs_getacl_nfs4_internal(vp, aclp, td); 684 /* 685 * We don't have to handle EOPNOTSUPP here, as the filesystem claims 686 * it supports ACLs. 687 */ 688 if (error) 689 goto out; 690 691 acl_nfs4_sync_acl_from_mode(aclp, mode, file_owner_id); 692 error = ufs_setacl_nfs4_internal(vp, aclp, td); 693 694 out: 695 acl_free(aclp); 696 return (error); 697 } 698 #endif /* UFS_ACL */ 699 700 /* 701 * Mark this file's access time for update for vfs_mark_atime(). This 702 * is called from execve() and mmap(). 703 */ 704 static int 705 ufs_markatime(ap) 706 struct vop_markatime_args /* { 707 struct vnode *a_vp; 708 } */ *ap; 709 { 710 struct vnode *vp = ap->a_vp; 711 struct inode *ip = VTOI(vp); 712 713 VI_LOCK(vp); 714 ip->i_flag |= IN_ACCESS; 715 VI_UNLOCK(vp); 716 /* 717 * XXXKIB No UFS_UPDATE(ap->a_vp, 0) there. 718 */ 719 return (0); 720 } 721 722 /* 723 * Change the mode on a file. 724 * Inode must be locked before calling. 725 */ 726 static int 727 ufs_chmod(vp, mode, cred, td) 728 struct vnode *vp; 729 int mode; 730 struct ucred *cred; 731 struct thread *td; 732 { 733 struct inode *ip = VTOI(vp); 734 int error; 735 736 /* 737 * To modify the permissions on a file, must possess VADMIN 738 * for that file. 739 */ 740 if ((error = VOP_ACCESSX(vp, VWRITE_ACL, cred, td))) 741 return (error); 742 /* 743 * Privileged processes may set the sticky bit on non-directories, 744 * as well as set the setgid bit on a file with a group that the 745 * process is not a member of. Both of these are allowed in 746 * jail(8). 747 */ 748 if (vp->v_type != VDIR && (mode & S_ISTXT)) { 749 if (priv_check_cred(cred, PRIV_VFS_STICKYFILE, 0)) 750 return (EFTYPE); 751 } 752 if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) { 753 error = priv_check_cred(cred, PRIV_VFS_SETGID, 0); 754 if (error) 755 return (error); 756 } 757 758 /* 759 * Deny setting setuid if we are not the file owner. 760 */ 761 if ((mode & ISUID) && ip->i_uid != cred->cr_uid) { 762 error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0); 763 if (error) 764 return (error); 765 } 766 767 ip->i_mode &= ~ALLPERMS; 768 ip->i_mode |= (mode & ALLPERMS); 769 DIP_SET(ip, i_mode, ip->i_mode); 770 ip->i_flag |= IN_CHANGE; 771 #ifdef UFS_ACL 772 if ((vp->v_mount->mnt_flag & MNT_NFS4ACLS) != 0) 773 error = ufs_update_nfs4_acl_after_mode_change(vp, mode, ip->i_uid, cred, td); 774 #endif 775 if (error == 0 && (ip->i_flag & IN_CHANGE) != 0) 776 error = UFS_UPDATE(vp, 0); 777 778 return (error); 779 } 780 781 /* 782 * Perform chown operation on inode ip; 783 * inode must be locked prior to call. 784 */ 785 static int 786 ufs_chown(vp, uid, gid, cred, td) 787 struct vnode *vp; 788 uid_t uid; 789 gid_t gid; 790 struct ucred *cred; 791 struct thread *td; 792 { 793 struct inode *ip = VTOI(vp); 794 uid_t ouid; 795 gid_t ogid; 796 int error = 0; 797 #ifdef QUOTA 798 int i; 799 ufs2_daddr_t change; 800 #endif 801 802 if (uid == (uid_t)VNOVAL) 803 uid = ip->i_uid; 804 if (gid == (gid_t)VNOVAL) 805 gid = ip->i_gid; 806 /* 807 * To modify the ownership of a file, must possess VADMIN for that 808 * file. 809 */ 810 if ((error = VOP_ACCESSX(vp, VWRITE_OWNER, cred, td))) 811 return (error); 812 /* 813 * To change the owner of a file, or change the group of a file to a 814 * group of which we are not a member, the caller must have 815 * privilege. 816 */ 817 if (((uid != ip->i_uid && uid != cred->cr_uid) || 818 (gid != ip->i_gid && !groupmember(gid, cred))) && 819 (error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0))) 820 return (error); 821 ogid = ip->i_gid; 822 ouid = ip->i_uid; 823 #ifdef QUOTA 824 if ((error = getinoquota(ip)) != 0) 825 return (error); 826 if (ouid == uid) { 827 dqrele(vp, ip->i_dquot[USRQUOTA]); 828 ip->i_dquot[USRQUOTA] = NODQUOT; 829 } 830 if (ogid == gid) { 831 dqrele(vp, ip->i_dquot[GRPQUOTA]); 832 ip->i_dquot[GRPQUOTA] = NODQUOT; 833 } 834 change = DIP(ip, i_blocks); 835 (void) chkdq(ip, -change, cred, CHOWN); 836 (void) chkiq(ip, -1, cred, CHOWN); 837 for (i = 0; i < MAXQUOTAS; i++) { 838 dqrele(vp, ip->i_dquot[i]); 839 ip->i_dquot[i] = NODQUOT; 840 } 841 #endif 842 ip->i_gid = gid; 843 DIP_SET(ip, i_gid, gid); 844 ip->i_uid = uid; 845 DIP_SET(ip, i_uid, uid); 846 #ifdef QUOTA 847 if ((error = getinoquota(ip)) == 0) { 848 if (ouid == uid) { 849 dqrele(vp, ip->i_dquot[USRQUOTA]); 850 ip->i_dquot[USRQUOTA] = NODQUOT; 851 } 852 if (ogid == gid) { 853 dqrele(vp, ip->i_dquot[GRPQUOTA]); 854 ip->i_dquot[GRPQUOTA] = NODQUOT; 855 } 856 if ((error = chkdq(ip, change, cred, CHOWN)) == 0) { 857 if ((error = chkiq(ip, 1, cred, CHOWN)) == 0) 858 goto good; 859 else 860 (void) chkdq(ip, -change, cred, CHOWN|FORCE); 861 } 862 for (i = 0; i < MAXQUOTAS; i++) { 863 dqrele(vp, ip->i_dquot[i]); 864 ip->i_dquot[i] = NODQUOT; 865 } 866 } 867 ip->i_gid = ogid; 868 DIP_SET(ip, i_gid, ogid); 869 ip->i_uid = ouid; 870 DIP_SET(ip, i_uid, ouid); 871 if (getinoquota(ip) == 0) { 872 if (ouid == uid) { 873 dqrele(vp, ip->i_dquot[USRQUOTA]); 874 ip->i_dquot[USRQUOTA] = NODQUOT; 875 } 876 if (ogid == gid) { 877 dqrele(vp, ip->i_dquot[GRPQUOTA]); 878 ip->i_dquot[GRPQUOTA] = NODQUOT; 879 } 880 (void) chkdq(ip, change, cred, FORCE|CHOWN); 881 (void) chkiq(ip, 1, cred, FORCE|CHOWN); 882 (void) getinoquota(ip); 883 } 884 return (error); 885 good: 886 if (getinoquota(ip)) 887 panic("ufs_chown: lost quota"); 888 #endif /* QUOTA */ 889 ip->i_flag |= IN_CHANGE; 890 if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) { 891 if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, 0)) { 892 ip->i_mode &= ~(ISUID | ISGID); 893 DIP_SET(ip, i_mode, ip->i_mode); 894 } 895 } 896 error = UFS_UPDATE(vp, 0); 897 return (error); 898 } 899 900 static int 901 ufs_remove(ap) 902 struct vop_remove_args /* { 903 struct vnode *a_dvp; 904 struct vnode *a_vp; 905 struct componentname *a_cnp; 906 } */ *ap; 907 { 908 struct inode *ip; 909 struct vnode *vp = ap->a_vp; 910 struct vnode *dvp = ap->a_dvp; 911 int error; 912 struct thread *td; 913 914 td = curthread; 915 ip = VTOI(vp); 916 if ((ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) || 917 (VTOI(dvp)->i_flags & APPEND)) { 918 error = EPERM; 919 goto out; 920 } 921 #ifdef UFS_GJOURNAL 922 ufs_gjournal_orphan(vp); 923 #endif 924 error = ufs_dirremove(dvp, ip, ap->a_cnp->cn_flags, 0); 925 if (ip->i_nlink <= 0) 926 vp->v_vflag |= VV_NOSYNC; 927 if ((ip->i_flags & SF_SNAPSHOT) != 0) { 928 /* 929 * Avoid deadlock where another thread is trying to 930 * update the inodeblock for dvp and is waiting on 931 * snaplk. Temporary unlock the vnode lock for the 932 * unlinked file and sync the directory. This should 933 * allow vput() of the directory to not block later on 934 * while holding the snapshot vnode locked, assuming 935 * that the directory hasn't been unlinked too. 936 */ 937 VOP_UNLOCK(vp, 0); 938 (void) VOP_FSYNC(dvp, MNT_WAIT, td); 939 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 940 } 941 out: 942 return (error); 943 } 944 945 static void 946 print_bad_link_count(const char *funcname, struct vnode *dvp) 947 { 948 struct inode *dip; 949 950 dip = VTOI(dvp); 951 uprintf("%s: Bad link count %d on parent inode %jd in file system %s\n", 952 funcname, dip->i_effnlink, (intmax_t)dip->i_number, 953 dvp->v_mount->mnt_stat.f_mntonname); 954 } 955 956 /* 957 * link vnode call 958 */ 959 static int 960 ufs_link(ap) 961 struct vop_link_args /* { 962 struct vnode *a_tdvp; 963 struct vnode *a_vp; 964 struct componentname *a_cnp; 965 } */ *ap; 966 { 967 struct vnode *vp = ap->a_vp; 968 struct vnode *tdvp = ap->a_tdvp; 969 struct componentname *cnp = ap->a_cnp; 970 struct inode *ip; 971 struct direct newdir; 972 int error; 973 974 #ifdef INVARIANTS 975 if ((cnp->cn_flags & HASBUF) == 0) 976 panic("ufs_link: no name"); 977 #endif 978 if (VTOI(tdvp)->i_effnlink < 2) { 979 print_bad_link_count("ufs_link", tdvp); 980 error = EINVAL; 981 goto out; 982 } 983 ip = VTOI(vp); 984 if (ip->i_nlink >= UFS_LINK_MAX) { 985 error = EMLINK; 986 goto out; 987 } 988 /* 989 * The file may have been removed after namei droped the original 990 * lock. 991 */ 992 if (ip->i_effnlink == 0) { 993 error = ENOENT; 994 goto out; 995 } 996 if (ip->i_flags & (IMMUTABLE | APPEND)) { 997 error = EPERM; 998 goto out; 999 } 1000 ip->i_effnlink++; 1001 ip->i_nlink++; 1002 DIP_SET(ip, i_nlink, ip->i_nlink); 1003 ip->i_flag |= IN_CHANGE; 1004 if (DOINGSOFTDEP(vp)) 1005 softdep_setup_link(VTOI(tdvp), ip); 1006 error = UFS_UPDATE(vp, !DOINGSOFTDEP(vp) && !DOINGASYNC(vp)); 1007 if (!error) { 1008 ufs_makedirentry(ip, cnp, &newdir); 1009 error = ufs_direnter(tdvp, vp, &newdir, cnp, NULL, 0); 1010 } 1011 1012 if (error) { 1013 ip->i_effnlink--; 1014 ip->i_nlink--; 1015 DIP_SET(ip, i_nlink, ip->i_nlink); 1016 ip->i_flag |= IN_CHANGE; 1017 if (DOINGSOFTDEP(vp)) 1018 softdep_revert_link(VTOI(tdvp), ip); 1019 } 1020 out: 1021 return (error); 1022 } 1023 1024 /* 1025 * whiteout vnode call 1026 */ 1027 static int 1028 ufs_whiteout(ap) 1029 struct vop_whiteout_args /* { 1030 struct vnode *a_dvp; 1031 struct componentname *a_cnp; 1032 int a_flags; 1033 } */ *ap; 1034 { 1035 struct vnode *dvp = ap->a_dvp; 1036 struct componentname *cnp = ap->a_cnp; 1037 struct direct newdir; 1038 int error = 0; 1039 1040 switch (ap->a_flags) { 1041 case LOOKUP: 1042 /* 4.4 format directories support whiteout operations */ 1043 if (dvp->v_mount->mnt_maxsymlinklen > 0) 1044 return (0); 1045 return (EOPNOTSUPP); 1046 1047 case CREATE: 1048 /* create a new directory whiteout */ 1049 #ifdef INVARIANTS 1050 if ((cnp->cn_flags & SAVENAME) == 0) 1051 panic("ufs_whiteout: missing name"); 1052 if (dvp->v_mount->mnt_maxsymlinklen <= 0) 1053 panic("ufs_whiteout: old format filesystem"); 1054 #endif 1055 1056 newdir.d_ino = UFS_WINO; 1057 newdir.d_namlen = cnp->cn_namelen; 1058 bcopy(cnp->cn_nameptr, newdir.d_name, (unsigned)cnp->cn_namelen + 1); 1059 newdir.d_type = DT_WHT; 1060 error = ufs_direnter(dvp, NULL, &newdir, cnp, NULL, 0); 1061 break; 1062 1063 case DELETE: 1064 /* remove an existing directory whiteout */ 1065 #ifdef INVARIANTS 1066 if (dvp->v_mount->mnt_maxsymlinklen <= 0) 1067 panic("ufs_whiteout: old format filesystem"); 1068 #endif 1069 1070 cnp->cn_flags &= ~DOWHITEOUT; 1071 error = ufs_dirremove(dvp, NULL, cnp->cn_flags, 0); 1072 break; 1073 default: 1074 panic("ufs_whiteout: unknown op"); 1075 } 1076 return (error); 1077 } 1078 1079 static volatile int rename_restarts; 1080 SYSCTL_INT(_vfs_ufs, OID_AUTO, rename_restarts, CTLFLAG_RD, 1081 __DEVOLATILE(int *, &rename_restarts), 0, 1082 "Times rename had to restart due to lock contention"); 1083 1084 /* 1085 * Rename system call. 1086 * rename("foo", "bar"); 1087 * is essentially 1088 * unlink("bar"); 1089 * link("foo", "bar"); 1090 * unlink("foo"); 1091 * but ``atomically''. Can't do full commit without saving state in the 1092 * inode on disk which isn't feasible at this time. Best we can do is 1093 * always guarantee the target exists. 1094 * 1095 * Basic algorithm is: 1096 * 1097 * 1) Bump link count on source while we're linking it to the 1098 * target. This also ensure the inode won't be deleted out 1099 * from underneath us while we work (it may be truncated by 1100 * a concurrent `trunc' or `open' for creation). 1101 * 2) Link source to destination. If destination already exists, 1102 * delete it first. 1103 * 3) Unlink source reference to inode if still around. If a 1104 * directory was moved and the parent of the destination 1105 * is different from the source, patch the ".." entry in the 1106 * directory. 1107 */ 1108 static int 1109 ufs_rename(ap) 1110 struct vop_rename_args /* { 1111 struct vnode *a_fdvp; 1112 struct vnode *a_fvp; 1113 struct componentname *a_fcnp; 1114 struct vnode *a_tdvp; 1115 struct vnode *a_tvp; 1116 struct componentname *a_tcnp; 1117 } */ *ap; 1118 { 1119 struct vnode *tvp = ap->a_tvp; 1120 struct vnode *tdvp = ap->a_tdvp; 1121 struct vnode *fvp = ap->a_fvp; 1122 struct vnode *fdvp = ap->a_fdvp; 1123 struct vnode *nvp; 1124 struct componentname *tcnp = ap->a_tcnp; 1125 struct componentname *fcnp = ap->a_fcnp; 1126 struct thread *td = fcnp->cn_thread; 1127 struct inode *fip, *tip, *tdp, *fdp; 1128 struct direct newdir; 1129 off_t endoff; 1130 int doingdirectory, newparent; 1131 int error = 0; 1132 struct mount *mp; 1133 ino_t ino; 1134 1135 #ifdef INVARIANTS 1136 if ((tcnp->cn_flags & HASBUF) == 0 || 1137 (fcnp->cn_flags & HASBUF) == 0) 1138 panic("ufs_rename: no name"); 1139 #endif 1140 endoff = 0; 1141 mp = tdvp->v_mount; 1142 VOP_UNLOCK(tdvp, 0); 1143 if (tvp && tvp != tdvp) 1144 VOP_UNLOCK(tvp, 0); 1145 /* 1146 * Check for cross-device rename. 1147 */ 1148 if ((fvp->v_mount != tdvp->v_mount) || 1149 (tvp && (fvp->v_mount != tvp->v_mount))) { 1150 error = EXDEV; 1151 mp = NULL; 1152 goto releout; 1153 } 1154 relock: 1155 /* 1156 * We need to acquire 2 to 4 locks depending on whether tvp is NULL 1157 * and fdvp and tdvp are the same directory. Subsequently we need 1158 * to double-check all paths and in the directory rename case we 1159 * need to verify that we are not creating a directory loop. To 1160 * handle this we acquire all but fdvp using non-blocking 1161 * acquisitions. If we fail to acquire any lock in the path we will 1162 * drop all held locks, acquire the new lock in a blocking fashion, 1163 * and then release it and restart the rename. This acquire/release 1164 * step ensures that we do not spin on a lock waiting for release. 1165 */ 1166 error = vn_lock(fdvp, LK_EXCLUSIVE); 1167 if (error) 1168 goto releout; 1169 if (vn_lock(tdvp, LK_EXCLUSIVE | LK_NOWAIT) != 0) { 1170 VOP_UNLOCK(fdvp, 0); 1171 error = vn_lock(tdvp, LK_EXCLUSIVE); 1172 if (error) 1173 goto releout; 1174 VOP_UNLOCK(tdvp, 0); 1175 atomic_add_int(&rename_restarts, 1); 1176 goto relock; 1177 } 1178 /* 1179 * Re-resolve fvp to be certain it still exists and fetch the 1180 * correct vnode. 1181 */ 1182 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino); 1183 if (error) { 1184 VOP_UNLOCK(fdvp, 0); 1185 VOP_UNLOCK(tdvp, 0); 1186 goto releout; 1187 } 1188 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp); 1189 if (error) { 1190 VOP_UNLOCK(fdvp, 0); 1191 VOP_UNLOCK(tdvp, 0); 1192 if (error != EBUSY) 1193 goto releout; 1194 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp); 1195 if (error != 0) 1196 goto releout; 1197 VOP_UNLOCK(nvp, 0); 1198 vrele(fvp); 1199 fvp = nvp; 1200 atomic_add_int(&rename_restarts, 1); 1201 goto relock; 1202 } 1203 vrele(fvp); 1204 fvp = nvp; 1205 /* 1206 * Re-resolve tvp and acquire the vnode lock if present. 1207 */ 1208 error = ufs_lookup_ino(tdvp, NULL, tcnp, &ino); 1209 if (error != 0 && error != EJUSTRETURN) { 1210 VOP_UNLOCK(fdvp, 0); 1211 VOP_UNLOCK(tdvp, 0); 1212 VOP_UNLOCK(fvp, 0); 1213 goto releout; 1214 } 1215 /* 1216 * If tvp disappeared we just carry on. 1217 */ 1218 if (error == EJUSTRETURN && tvp != NULL) { 1219 vrele(tvp); 1220 tvp = NULL; 1221 } 1222 /* 1223 * Get the tvp ino if the lookup succeeded. We may have to restart 1224 * if the non-blocking acquire fails. 1225 */ 1226 if (error == 0) { 1227 nvp = NULL; 1228 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp); 1229 if (tvp) 1230 vrele(tvp); 1231 tvp = nvp; 1232 if (error) { 1233 VOP_UNLOCK(fdvp, 0); 1234 VOP_UNLOCK(tdvp, 0); 1235 VOP_UNLOCK(fvp, 0); 1236 if (error != EBUSY) 1237 goto releout; 1238 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp); 1239 if (error != 0) 1240 goto releout; 1241 vput(nvp); 1242 atomic_add_int(&rename_restarts, 1); 1243 goto relock; 1244 } 1245 } 1246 fdp = VTOI(fdvp); 1247 fip = VTOI(fvp); 1248 tdp = VTOI(tdvp); 1249 tip = NULL; 1250 if (tvp) 1251 tip = VTOI(tvp); 1252 if (tvp && ((VTOI(tvp)->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) || 1253 (VTOI(tdvp)->i_flags & APPEND))) { 1254 error = EPERM; 1255 goto unlockout; 1256 } 1257 /* 1258 * Renaming a file to itself has no effect. The upper layers should 1259 * not call us in that case. However, things could change after 1260 * we drop the locks above. 1261 */ 1262 if (fvp == tvp) { 1263 error = 0; 1264 goto unlockout; 1265 } 1266 doingdirectory = 0; 1267 newparent = 0; 1268 ino = fip->i_number; 1269 if (fip->i_nlink >= UFS_LINK_MAX) { 1270 error = EMLINK; 1271 goto unlockout; 1272 } 1273 if ((fip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) 1274 || (fdp->i_flags & APPEND)) { 1275 error = EPERM; 1276 goto unlockout; 1277 } 1278 if ((fip->i_mode & IFMT) == IFDIR) { 1279 /* 1280 * Avoid ".", "..", and aliases of "." for obvious reasons. 1281 */ 1282 if ((fcnp->cn_namelen == 1 && fcnp->cn_nameptr[0] == '.') || 1283 fdp == fip || 1284 (fcnp->cn_flags | tcnp->cn_flags) & ISDOTDOT) { 1285 error = EINVAL; 1286 goto unlockout; 1287 } 1288 if (fdp->i_number != tdp->i_number) 1289 newparent = tdp->i_number; 1290 doingdirectory = 1; 1291 } 1292 if ((fvp->v_type == VDIR && fvp->v_mountedhere != NULL) || 1293 (tvp != NULL && tvp->v_type == VDIR && 1294 tvp->v_mountedhere != NULL)) { 1295 error = EXDEV; 1296 goto unlockout; 1297 } 1298 1299 /* 1300 * If ".." must be changed (ie the directory gets a new 1301 * parent) then the source directory must not be in the 1302 * directory hierarchy above the target, as this would 1303 * orphan everything below the source directory. Also 1304 * the user must have write permission in the source so 1305 * as to be able to change "..". 1306 */ 1307 if (doingdirectory && newparent) { 1308 error = VOP_ACCESS(fvp, VWRITE, tcnp->cn_cred, tcnp->cn_thread); 1309 if (error) 1310 goto unlockout; 1311 error = ufs_checkpath(ino, fdp->i_number, tdp, tcnp->cn_cred, 1312 &ino); 1313 /* 1314 * We encountered a lock that we have to wait for. Unlock 1315 * everything else and VGET before restarting. 1316 */ 1317 if (ino) { 1318 VOP_UNLOCK(fdvp, 0); 1319 VOP_UNLOCK(fvp, 0); 1320 VOP_UNLOCK(tdvp, 0); 1321 if (tvp) 1322 VOP_UNLOCK(tvp, 0); 1323 error = VFS_VGET(mp, ino, LK_SHARED, &nvp); 1324 if (error == 0) 1325 vput(nvp); 1326 atomic_add_int(&rename_restarts, 1); 1327 goto relock; 1328 } 1329 if (error) 1330 goto unlockout; 1331 if ((tcnp->cn_flags & SAVESTART) == 0) 1332 panic("ufs_rename: lost to startdir"); 1333 } 1334 if (fip->i_effnlink == 0 || fdp->i_effnlink == 0 || 1335 tdp->i_effnlink == 0) 1336 panic("Bad effnlink fip %p, fdp %p, tdp %p", fip, fdp, tdp); 1337 1338 /* 1339 * 1) Bump link count while we're moving stuff 1340 * around. If we crash somewhere before 1341 * completing our work, the link count 1342 * may be wrong, but correctable. 1343 */ 1344 fip->i_effnlink++; 1345 fip->i_nlink++; 1346 DIP_SET(fip, i_nlink, fip->i_nlink); 1347 fip->i_flag |= IN_CHANGE; 1348 if (DOINGSOFTDEP(fvp)) 1349 softdep_setup_link(tdp, fip); 1350 error = UFS_UPDATE(fvp, !DOINGSOFTDEP(fvp) && !DOINGASYNC(fvp)); 1351 if (error) 1352 goto bad; 1353 1354 /* 1355 * 2) If target doesn't exist, link the target 1356 * to the source and unlink the source. 1357 * Otherwise, rewrite the target directory 1358 * entry to reference the source inode and 1359 * expunge the original entry's existence. 1360 */ 1361 if (tip == NULL) { 1362 if (ITODEV(tdp) != ITODEV(fip)) 1363 panic("ufs_rename: EXDEV"); 1364 if (doingdirectory && newparent) { 1365 /* 1366 * Account for ".." in new directory. 1367 * When source and destination have the same 1368 * parent we don't adjust the link count. The 1369 * actual link modification is completed when 1370 * .. is rewritten below. 1371 */ 1372 if (tdp->i_nlink >= UFS_LINK_MAX) { 1373 error = EMLINK; 1374 goto bad; 1375 } 1376 } 1377 ufs_makedirentry(fip, tcnp, &newdir); 1378 error = ufs_direnter(tdvp, NULL, &newdir, tcnp, NULL, 1); 1379 if (error) 1380 goto bad; 1381 /* Setup tdvp for directory compaction if needed. */ 1382 if (tdp->i_count && tdp->i_endoff && 1383 tdp->i_endoff < tdp->i_size) 1384 endoff = tdp->i_endoff; 1385 } else { 1386 if (ITODEV(tip) != ITODEV(tdp) || ITODEV(tip) != ITODEV(fip)) 1387 panic("ufs_rename: EXDEV"); 1388 /* 1389 * Short circuit rename(foo, foo). 1390 */ 1391 if (tip->i_number == fip->i_number) 1392 panic("ufs_rename: same file"); 1393 /* 1394 * If the parent directory is "sticky", then the caller 1395 * must possess VADMIN for the parent directory, or the 1396 * destination of the rename. This implements append-only 1397 * directories. 1398 */ 1399 if ((tdp->i_mode & S_ISTXT) && 1400 VOP_ACCESS(tdvp, VADMIN, tcnp->cn_cred, td) && 1401 VOP_ACCESS(tvp, VADMIN, tcnp->cn_cred, td)) { 1402 error = EPERM; 1403 goto bad; 1404 } 1405 /* 1406 * Target must be empty if a directory and have no links 1407 * to it. Also, ensure source and target are compatible 1408 * (both directories, or both not directories). 1409 */ 1410 if ((tip->i_mode & IFMT) == IFDIR) { 1411 if ((tip->i_effnlink > 2) || 1412 !ufs_dirempty(tip, tdp->i_number, tcnp->cn_cred)) { 1413 error = ENOTEMPTY; 1414 goto bad; 1415 } 1416 if (!doingdirectory) { 1417 error = ENOTDIR; 1418 goto bad; 1419 } 1420 cache_purge(tdvp); 1421 } else if (doingdirectory) { 1422 error = EISDIR; 1423 goto bad; 1424 } 1425 if (doingdirectory) { 1426 if (!newparent) { 1427 tdp->i_effnlink--; 1428 if (DOINGSOFTDEP(tdvp)) 1429 softdep_change_linkcnt(tdp); 1430 } 1431 tip->i_effnlink--; 1432 if (DOINGSOFTDEP(tvp)) 1433 softdep_change_linkcnt(tip); 1434 } 1435 error = ufs_dirrewrite(tdp, tip, fip->i_number, 1436 IFTODT(fip->i_mode), 1437 (doingdirectory && newparent) ? newparent : doingdirectory); 1438 if (error) { 1439 if (doingdirectory) { 1440 if (!newparent) { 1441 tdp->i_effnlink++; 1442 if (DOINGSOFTDEP(tdvp)) 1443 softdep_change_linkcnt(tdp); 1444 } 1445 tip->i_effnlink++; 1446 if (DOINGSOFTDEP(tvp)) 1447 softdep_change_linkcnt(tip); 1448 } 1449 } 1450 if (doingdirectory && !DOINGSOFTDEP(tvp)) { 1451 /* 1452 * The only stuff left in the directory is "." 1453 * and "..". The "." reference is inconsequential 1454 * since we are quashing it. We have removed the "." 1455 * reference and the reference in the parent directory, 1456 * but there may be other hard links. The soft 1457 * dependency code will arrange to do these operations 1458 * after the parent directory entry has been deleted on 1459 * disk, so when running with that code we avoid doing 1460 * them now. 1461 */ 1462 if (!newparent) { 1463 tdp->i_nlink--; 1464 DIP_SET(tdp, i_nlink, tdp->i_nlink); 1465 tdp->i_flag |= IN_CHANGE; 1466 } 1467 tip->i_nlink--; 1468 DIP_SET(tip, i_nlink, tip->i_nlink); 1469 tip->i_flag |= IN_CHANGE; 1470 } 1471 } 1472 1473 /* 1474 * 3) Unlink the source. We have to resolve the path again to 1475 * fixup the directory offset and count for ufs_dirremove. 1476 */ 1477 if (fdvp == tdvp) { 1478 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino); 1479 if (error) 1480 panic("ufs_rename: from entry went away!"); 1481 if (ino != fip->i_number) 1482 panic("ufs_rename: ino mismatch %ju != %ju\n", 1483 (uintmax_t)ino, (uintmax_t)fip->i_number); 1484 } 1485 /* 1486 * If the source is a directory with a 1487 * new parent, the link count of the old 1488 * parent directory must be decremented 1489 * and ".." set to point to the new parent. 1490 */ 1491 if (doingdirectory && newparent) { 1492 /* 1493 * If tip exists we simply use its link, otherwise we must 1494 * add a new one. 1495 */ 1496 if (tip == NULL) { 1497 tdp->i_effnlink++; 1498 tdp->i_nlink++; 1499 DIP_SET(tdp, i_nlink, tdp->i_nlink); 1500 tdp->i_flag |= IN_CHANGE; 1501 if (DOINGSOFTDEP(tdvp)) 1502 softdep_setup_dotdot_link(tdp, fip); 1503 error = UFS_UPDATE(tdvp, !DOINGSOFTDEP(tdvp) && 1504 !DOINGASYNC(tdvp)); 1505 /* Don't go to bad here as the new link exists. */ 1506 if (error) 1507 goto unlockout; 1508 } else if (DOINGSUJ(tdvp)) 1509 /* Journal must account for each new link. */ 1510 softdep_setup_dotdot_link(tdp, fip); 1511 fip->i_offset = mastertemplate.dot_reclen; 1512 ufs_dirrewrite(fip, fdp, newparent, DT_DIR, 0); 1513 cache_purge(fdvp); 1514 } 1515 error = ufs_dirremove(fdvp, fip, fcnp->cn_flags, 0); 1516 /* 1517 * The kern_renameat() looks up the fvp using the DELETE flag, which 1518 * causes the removal of the name cache entry for fvp. 1519 * As the relookup of the fvp is done in two steps: 1520 * ufs_lookup_ino() and then VFS_VGET(), another thread might do a 1521 * normal lookup of the from name just before the VFS_VGET() call, 1522 * causing the cache entry to be re-instantiated. 1523 * 1524 * The same issue also applies to tvp if it exists as 1525 * otherwise we may have a stale name cache entry for the new 1526 * name that references the old i-node if it has other links 1527 * or open file descriptors. 1528 */ 1529 cache_purge(fvp); 1530 if (tvp) 1531 cache_purge(tvp); 1532 cache_purge_negative(tdvp); 1533 1534 unlockout: 1535 vput(fdvp); 1536 vput(fvp); 1537 if (tvp) 1538 vput(tvp); 1539 /* 1540 * If compaction or fsync was requested do it now that other locks 1541 * are no longer needed. 1542 */ 1543 if (error == 0 && endoff != 0) { 1544 error = UFS_TRUNCATE(tdvp, endoff, IO_NORMAL | 1545 (DOINGASYNC(tdvp) ? 0 : IO_SYNC), tcnp->cn_cred); 1546 if (error != 0) 1547 vn_printf(tdvp, 1548 "ufs_rename: failed to truncate, error %d\n", 1549 error); 1550 #ifdef UFS_DIRHASH 1551 else if (tdp->i_dirhash != NULL) 1552 ufsdirhash_dirtrunc(tdp, endoff); 1553 #endif 1554 /* 1555 * Even if the directory compaction failed, rename was 1556 * succesful. Do not propagate a UFS_TRUNCATE() error 1557 * to the caller. 1558 */ 1559 error = 0; 1560 } 1561 if (error == 0 && tdp->i_flag & IN_NEEDSYNC) 1562 error = VOP_FSYNC(tdvp, MNT_WAIT, td); 1563 vput(tdvp); 1564 return (error); 1565 1566 bad: 1567 fip->i_effnlink--; 1568 fip->i_nlink--; 1569 DIP_SET(fip, i_nlink, fip->i_nlink); 1570 fip->i_flag |= IN_CHANGE; 1571 if (DOINGSOFTDEP(fvp)) 1572 softdep_revert_link(tdp, fip); 1573 goto unlockout; 1574 1575 releout: 1576 vrele(fdvp); 1577 vrele(fvp); 1578 vrele(tdvp); 1579 if (tvp) 1580 vrele(tvp); 1581 1582 return (error); 1583 } 1584 1585 #ifdef UFS_ACL 1586 static int 1587 ufs_do_posix1e_acl_inheritance_dir(struct vnode *dvp, struct vnode *tvp, 1588 mode_t dmode, struct ucred *cred, struct thread *td) 1589 { 1590 int error; 1591 struct inode *ip = VTOI(tvp); 1592 struct acl *dacl, *acl; 1593 1594 acl = acl_alloc(M_WAITOK); 1595 dacl = acl_alloc(M_WAITOK); 1596 1597 /* 1598 * Retrieve default ACL from parent, if any. 1599 */ 1600 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td); 1601 switch (error) { 1602 case 0: 1603 /* 1604 * Retrieved a default ACL, so merge mode and ACL if 1605 * necessary. If the ACL is empty, fall through to 1606 * the "not defined or available" case. 1607 */ 1608 if (acl->acl_cnt != 0) { 1609 dmode = acl_posix1e_newfilemode(dmode, acl); 1610 ip->i_mode = dmode; 1611 DIP_SET(ip, i_mode, dmode); 1612 *dacl = *acl; 1613 ufs_sync_acl_from_inode(ip, acl); 1614 break; 1615 } 1616 /* FALLTHROUGH */ 1617 1618 case EOPNOTSUPP: 1619 /* 1620 * Just use the mode as-is. 1621 */ 1622 ip->i_mode = dmode; 1623 DIP_SET(ip, i_mode, dmode); 1624 error = 0; 1625 goto out; 1626 1627 default: 1628 goto out; 1629 } 1630 1631 /* 1632 * XXX: If we abort now, will Soft Updates notify the extattr 1633 * code that the EAs for the file need to be released? 1634 */ 1635 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td); 1636 if (error == 0) 1637 error = VOP_SETACL(tvp, ACL_TYPE_DEFAULT, dacl, cred, td); 1638 switch (error) { 1639 case 0: 1640 break; 1641 1642 case EOPNOTSUPP: 1643 /* 1644 * XXX: This should not happen, as EOPNOTSUPP above 1645 * was supposed to free acl. 1646 */ 1647 printf("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()\n"); 1648 /* 1649 panic("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()"); 1650 */ 1651 break; 1652 1653 default: 1654 goto out; 1655 } 1656 1657 out: 1658 acl_free(acl); 1659 acl_free(dacl); 1660 1661 return (error); 1662 } 1663 1664 static int 1665 ufs_do_posix1e_acl_inheritance_file(struct vnode *dvp, struct vnode *tvp, 1666 mode_t mode, struct ucred *cred, struct thread *td) 1667 { 1668 int error; 1669 struct inode *ip = VTOI(tvp); 1670 struct acl *acl; 1671 1672 acl = acl_alloc(M_WAITOK); 1673 1674 /* 1675 * Retrieve default ACL for parent, if any. 1676 */ 1677 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td); 1678 switch (error) { 1679 case 0: 1680 /* 1681 * Retrieved a default ACL, so merge mode and ACL if 1682 * necessary. 1683 */ 1684 if (acl->acl_cnt != 0) { 1685 /* 1686 * Two possible ways for default ACL to not 1687 * be present. First, the EA can be 1688 * undefined, or second, the default ACL can 1689 * be blank. If it's blank, fall through to 1690 * the it's not defined case. 1691 */ 1692 mode = acl_posix1e_newfilemode(mode, acl); 1693 ip->i_mode = mode; 1694 DIP_SET(ip, i_mode, mode); 1695 ufs_sync_acl_from_inode(ip, acl); 1696 break; 1697 } 1698 /* FALLTHROUGH */ 1699 1700 case EOPNOTSUPP: 1701 /* 1702 * Just use the mode as-is. 1703 */ 1704 ip->i_mode = mode; 1705 DIP_SET(ip, i_mode, mode); 1706 error = 0; 1707 goto out; 1708 1709 default: 1710 goto out; 1711 } 1712 1713 /* 1714 * XXX: If we abort now, will Soft Updates notify the extattr 1715 * code that the EAs for the file need to be released? 1716 */ 1717 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td); 1718 switch (error) { 1719 case 0: 1720 break; 1721 1722 case EOPNOTSUPP: 1723 /* 1724 * XXX: This should not happen, as EOPNOTSUPP above was 1725 * supposed to free acl. 1726 */ 1727 printf("ufs_do_posix1e_acl_inheritance_file: VOP_GETACL() " 1728 "but no VOP_SETACL()\n"); 1729 /* panic("ufs_do_posix1e_acl_inheritance_file: VOP_GETACL() " 1730 "but no VOP_SETACL()"); */ 1731 break; 1732 1733 default: 1734 goto out; 1735 } 1736 1737 out: 1738 acl_free(acl); 1739 1740 return (error); 1741 } 1742 1743 static int 1744 ufs_do_nfs4_acl_inheritance(struct vnode *dvp, struct vnode *tvp, 1745 mode_t child_mode, struct ucred *cred, struct thread *td) 1746 { 1747 int error; 1748 struct acl *parent_aclp, *child_aclp; 1749 1750 parent_aclp = acl_alloc(M_WAITOK); 1751 child_aclp = acl_alloc(M_WAITOK | M_ZERO); 1752 1753 error = ufs_getacl_nfs4_internal(dvp, parent_aclp, td); 1754 if (error) 1755 goto out; 1756 acl_nfs4_compute_inherited_acl(parent_aclp, child_aclp, 1757 child_mode, VTOI(tvp)->i_uid, tvp->v_type == VDIR); 1758 error = ufs_setacl_nfs4_internal(tvp, child_aclp, td); 1759 if (error) 1760 goto out; 1761 out: 1762 acl_free(parent_aclp); 1763 acl_free(child_aclp); 1764 1765 return (error); 1766 } 1767 #endif 1768 1769 /* 1770 * Mkdir system call 1771 */ 1772 static int 1773 ufs_mkdir(ap) 1774 struct vop_mkdir_args /* { 1775 struct vnode *a_dvp; 1776 struct vnode **a_vpp; 1777 struct componentname *a_cnp; 1778 struct vattr *a_vap; 1779 } */ *ap; 1780 { 1781 struct vnode *dvp = ap->a_dvp; 1782 struct vattr *vap = ap->a_vap; 1783 struct componentname *cnp = ap->a_cnp; 1784 struct inode *ip, *dp; 1785 struct vnode *tvp; 1786 struct buf *bp; 1787 struct dirtemplate dirtemplate, *dtp; 1788 struct direct newdir; 1789 int error, dmode; 1790 long blkoff; 1791 1792 #ifdef INVARIANTS 1793 if ((cnp->cn_flags & HASBUF) == 0) 1794 panic("ufs_mkdir: no name"); 1795 #endif 1796 dp = VTOI(dvp); 1797 if (dp->i_nlink >= UFS_LINK_MAX) { 1798 error = EMLINK; 1799 goto out; 1800 } 1801 dmode = vap->va_mode & 0777; 1802 dmode |= IFDIR; 1803 /* 1804 * Must simulate part of ufs_makeinode here to acquire the inode, 1805 * but not have it entered in the parent directory. The entry is 1806 * made later after writing "." and ".." entries. 1807 */ 1808 if (dp->i_effnlink < 2) { 1809 print_bad_link_count("ufs_mkdir", dvp); 1810 error = EINVAL; 1811 goto out; 1812 } 1813 error = UFS_VALLOC(dvp, dmode, cnp->cn_cred, &tvp); 1814 if (error) 1815 goto out; 1816 ip = VTOI(tvp); 1817 ip->i_gid = dp->i_gid; 1818 DIP_SET(ip, i_gid, dp->i_gid); 1819 #ifdef SUIDDIR 1820 { 1821 #ifdef QUOTA 1822 struct ucred ucred, *ucp; 1823 gid_t ucred_group; 1824 ucp = cnp->cn_cred; 1825 #endif 1826 /* 1827 * If we are hacking owners here, (only do this where told to) 1828 * and we are not giving it TO root, (would subvert quotas) 1829 * then go ahead and give it to the other user. 1830 * The new directory also inherits the SUID bit. 1831 * If user's UID and dir UID are the same, 1832 * 'give it away' so that the SUID is still forced on. 1833 */ 1834 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) && 1835 (dp->i_mode & ISUID) && dp->i_uid) { 1836 dmode |= ISUID; 1837 ip->i_uid = dp->i_uid; 1838 DIP_SET(ip, i_uid, dp->i_uid); 1839 #ifdef QUOTA 1840 if (dp->i_uid != cnp->cn_cred->cr_uid) { 1841 /* 1842 * Make sure the correct user gets charged 1843 * for the space. 1844 * Make a dummy credential for the victim. 1845 * XXX This seems to never be accessed out of 1846 * our context so a stack variable is ok. 1847 */ 1848 refcount_init(&ucred.cr_ref, 1); 1849 ucred.cr_uid = ip->i_uid; 1850 ucred.cr_ngroups = 1; 1851 ucred.cr_groups = &ucred_group; 1852 ucred.cr_groups[0] = dp->i_gid; 1853 ucp = &ucred; 1854 } 1855 #endif 1856 } else { 1857 ip->i_uid = cnp->cn_cred->cr_uid; 1858 DIP_SET(ip, i_uid, ip->i_uid); 1859 } 1860 #ifdef QUOTA 1861 if ((error = getinoquota(ip)) || 1862 (error = chkiq(ip, 1, ucp, 0))) { 1863 if (DOINGSOFTDEP(tvp)) 1864 softdep_revert_link(dp, ip); 1865 UFS_VFREE(tvp, ip->i_number, dmode); 1866 vput(tvp); 1867 return (error); 1868 } 1869 #endif 1870 } 1871 #else /* !SUIDDIR */ 1872 ip->i_uid = cnp->cn_cred->cr_uid; 1873 DIP_SET(ip, i_uid, ip->i_uid); 1874 #ifdef QUOTA 1875 if ((error = getinoquota(ip)) || 1876 (error = chkiq(ip, 1, cnp->cn_cred, 0))) { 1877 if (DOINGSOFTDEP(tvp)) 1878 softdep_revert_link(dp, ip); 1879 UFS_VFREE(tvp, ip->i_number, dmode); 1880 vput(tvp); 1881 return (error); 1882 } 1883 #endif 1884 #endif /* !SUIDDIR */ 1885 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE; 1886 ip->i_mode = dmode; 1887 DIP_SET(ip, i_mode, dmode); 1888 tvp->v_type = VDIR; /* Rest init'd in getnewvnode(). */ 1889 ip->i_effnlink = 2; 1890 ip->i_nlink = 2; 1891 DIP_SET(ip, i_nlink, 2); 1892 1893 if (cnp->cn_flags & ISWHITEOUT) { 1894 ip->i_flags |= UF_OPAQUE; 1895 DIP_SET(ip, i_flags, ip->i_flags); 1896 } 1897 1898 /* 1899 * Bump link count in parent directory to reflect work done below. 1900 * Should be done before reference is created so cleanup is 1901 * possible if we crash. 1902 */ 1903 dp->i_effnlink++; 1904 dp->i_nlink++; 1905 DIP_SET(dp, i_nlink, dp->i_nlink); 1906 dp->i_flag |= IN_CHANGE; 1907 if (DOINGSOFTDEP(dvp)) 1908 softdep_setup_mkdir(dp, ip); 1909 error = UFS_UPDATE(dvp, !DOINGSOFTDEP(dvp) && !DOINGASYNC(dvp)); 1910 if (error) 1911 goto bad; 1912 #ifdef MAC 1913 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) { 1914 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount, 1915 dvp, tvp, cnp); 1916 if (error) 1917 goto bad; 1918 } 1919 #endif 1920 #ifdef UFS_ACL 1921 if (dvp->v_mount->mnt_flag & MNT_ACLS) { 1922 error = ufs_do_posix1e_acl_inheritance_dir(dvp, tvp, dmode, 1923 cnp->cn_cred, cnp->cn_thread); 1924 if (error) 1925 goto bad; 1926 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) { 1927 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, dmode, 1928 cnp->cn_cred, cnp->cn_thread); 1929 if (error) 1930 goto bad; 1931 } 1932 #endif /* !UFS_ACL */ 1933 1934 /* 1935 * Initialize directory with "." and ".." from static template. 1936 */ 1937 if (dvp->v_mount->mnt_maxsymlinklen > 0) 1938 dtp = &mastertemplate; 1939 else 1940 dtp = (struct dirtemplate *)&omastertemplate; 1941 dirtemplate = *dtp; 1942 dirtemplate.dot_ino = ip->i_number; 1943 dirtemplate.dotdot_ino = dp->i_number; 1944 vnode_pager_setsize(tvp, DIRBLKSIZ); 1945 if ((error = UFS_BALLOC(tvp, (off_t)0, DIRBLKSIZ, cnp->cn_cred, 1946 BA_CLRBUF, &bp)) != 0) 1947 goto bad; 1948 ip->i_size = DIRBLKSIZ; 1949 DIP_SET(ip, i_size, DIRBLKSIZ); 1950 ip->i_flag |= IN_CHANGE | IN_UPDATE; 1951 bcopy((caddr_t)&dirtemplate, (caddr_t)bp->b_data, sizeof dirtemplate); 1952 if (DOINGSOFTDEP(tvp)) { 1953 /* 1954 * Ensure that the entire newly allocated block is a 1955 * valid directory so that future growth within the 1956 * block does not have to ensure that the block is 1957 * written before the inode. 1958 */ 1959 blkoff = DIRBLKSIZ; 1960 while (blkoff < bp->b_bcount) { 1961 ((struct direct *) 1962 (bp->b_data + blkoff))->d_reclen = DIRBLKSIZ; 1963 blkoff += DIRBLKSIZ; 1964 } 1965 } 1966 if ((error = UFS_UPDATE(tvp, !DOINGSOFTDEP(tvp) && 1967 !DOINGASYNC(tvp))) != 0) { 1968 (void)bwrite(bp); 1969 goto bad; 1970 } 1971 /* 1972 * Directory set up, now install its entry in the parent directory. 1973 * 1974 * If we are not doing soft dependencies, then we must write out the 1975 * buffer containing the new directory body before entering the new 1976 * name in the parent. If we are doing soft dependencies, then the 1977 * buffer containing the new directory body will be passed to and 1978 * released in the soft dependency code after the code has attached 1979 * an appropriate ordering dependency to the buffer which ensures that 1980 * the buffer is written before the new name is written in the parent. 1981 */ 1982 if (DOINGASYNC(dvp)) 1983 bdwrite(bp); 1984 else if (!DOINGSOFTDEP(dvp) && ((error = bwrite(bp)))) 1985 goto bad; 1986 ufs_makedirentry(ip, cnp, &newdir); 1987 error = ufs_direnter(dvp, tvp, &newdir, cnp, bp, 0); 1988 1989 bad: 1990 if (error == 0) { 1991 *ap->a_vpp = tvp; 1992 } else { 1993 dp->i_effnlink--; 1994 dp->i_nlink--; 1995 DIP_SET(dp, i_nlink, dp->i_nlink); 1996 dp->i_flag |= IN_CHANGE; 1997 /* 1998 * No need to do an explicit VOP_TRUNCATE here, vrele will 1999 * do this for us because we set the link count to 0. 2000 */ 2001 ip->i_effnlink = 0; 2002 ip->i_nlink = 0; 2003 DIP_SET(ip, i_nlink, 0); 2004 ip->i_flag |= IN_CHANGE; 2005 if (DOINGSOFTDEP(tvp)) 2006 softdep_revert_mkdir(dp, ip); 2007 2008 vput(tvp); 2009 } 2010 out: 2011 return (error); 2012 } 2013 2014 /* 2015 * Rmdir system call. 2016 */ 2017 static int 2018 ufs_rmdir(ap) 2019 struct vop_rmdir_args /* { 2020 struct vnode *a_dvp; 2021 struct vnode *a_vp; 2022 struct componentname *a_cnp; 2023 } */ *ap; 2024 { 2025 struct vnode *vp = ap->a_vp; 2026 struct vnode *dvp = ap->a_dvp; 2027 struct componentname *cnp = ap->a_cnp; 2028 struct inode *ip, *dp; 2029 int error; 2030 2031 ip = VTOI(vp); 2032 dp = VTOI(dvp); 2033 2034 /* 2035 * Do not remove a directory that is in the process of being renamed. 2036 * Verify the directory is empty (and valid). Rmdir ".." will not be 2037 * valid since ".." will contain a reference to the current directory 2038 * and thus be non-empty. Do not allow the removal of mounted on 2039 * directories (this can happen when an NFS exported filesystem 2040 * tries to remove a locally mounted on directory). 2041 */ 2042 error = 0; 2043 if (dp->i_effnlink <= 2) { 2044 if (dp->i_effnlink == 2) 2045 print_bad_link_count("ufs_rmdir", dvp); 2046 error = EINVAL; 2047 goto out; 2048 } 2049 if (!ufs_dirempty(ip, dp->i_number, cnp->cn_cred)) { 2050 error = ENOTEMPTY; 2051 goto out; 2052 } 2053 if ((dp->i_flags & APPEND) 2054 || (ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))) { 2055 error = EPERM; 2056 goto out; 2057 } 2058 if (vp->v_mountedhere != 0) { 2059 error = EINVAL; 2060 goto out; 2061 } 2062 #ifdef UFS_GJOURNAL 2063 ufs_gjournal_orphan(vp); 2064 #endif 2065 /* 2066 * Delete reference to directory before purging 2067 * inode. If we crash in between, the directory 2068 * will be reattached to lost+found, 2069 */ 2070 dp->i_effnlink--; 2071 ip->i_effnlink--; 2072 if (DOINGSOFTDEP(vp)) 2073 softdep_setup_rmdir(dp, ip); 2074 error = ufs_dirremove(dvp, ip, cnp->cn_flags, 1); 2075 if (error) { 2076 dp->i_effnlink++; 2077 ip->i_effnlink++; 2078 if (DOINGSOFTDEP(vp)) 2079 softdep_revert_rmdir(dp, ip); 2080 goto out; 2081 } 2082 cache_purge(dvp); 2083 /* 2084 * The only stuff left in the directory is "." and "..". The "." 2085 * reference is inconsequential since we are quashing it. The soft 2086 * dependency code will arrange to do these operations after 2087 * the parent directory entry has been deleted on disk, so 2088 * when running with that code we avoid doing them now. 2089 */ 2090 if (!DOINGSOFTDEP(vp)) { 2091 dp->i_nlink--; 2092 DIP_SET(dp, i_nlink, dp->i_nlink); 2093 dp->i_flag |= IN_CHANGE; 2094 error = UFS_UPDATE(dvp, 0); 2095 ip->i_nlink--; 2096 DIP_SET(ip, i_nlink, ip->i_nlink); 2097 ip->i_flag |= IN_CHANGE; 2098 } 2099 cache_purge(vp); 2100 #ifdef UFS_DIRHASH 2101 /* Kill any active hash; i_effnlink == 0, so it will not come back. */ 2102 if (ip->i_dirhash != NULL) 2103 ufsdirhash_free(ip); 2104 #endif 2105 out: 2106 return (error); 2107 } 2108 2109 /* 2110 * symlink -- make a symbolic link 2111 */ 2112 static int 2113 ufs_symlink(ap) 2114 struct vop_symlink_args /* { 2115 struct vnode *a_dvp; 2116 struct vnode **a_vpp; 2117 struct componentname *a_cnp; 2118 struct vattr *a_vap; 2119 char *a_target; 2120 } */ *ap; 2121 { 2122 struct vnode *vp, **vpp = ap->a_vpp; 2123 struct inode *ip; 2124 int len, error; 2125 2126 error = ufs_makeinode(IFLNK | ap->a_vap->va_mode, ap->a_dvp, 2127 vpp, ap->a_cnp, "ufs_symlink"); 2128 if (error) 2129 return (error); 2130 vp = *vpp; 2131 len = strlen(ap->a_target); 2132 if (len < vp->v_mount->mnt_maxsymlinklen) { 2133 ip = VTOI(vp); 2134 bcopy(ap->a_target, SHORTLINK(ip), len); 2135 ip->i_size = len; 2136 DIP_SET(ip, i_size, len); 2137 ip->i_flag |= IN_CHANGE | IN_UPDATE; 2138 error = UFS_UPDATE(vp, 0); 2139 } else 2140 error = vn_rdwr(UIO_WRITE, vp, ap->a_target, len, (off_t)0, 2141 UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK, 2142 ap->a_cnp->cn_cred, NOCRED, NULL, NULL); 2143 if (error) 2144 vput(vp); 2145 return (error); 2146 } 2147 2148 /* 2149 * Vnode op for reading directories. 2150 */ 2151 int 2152 ufs_readdir(ap) 2153 struct vop_readdir_args /* { 2154 struct vnode *a_vp; 2155 struct uio *a_uio; 2156 struct ucred *a_cred; 2157 int *a_eofflag; 2158 int *a_ncookies; 2159 u_long **a_cookies; 2160 } */ *ap; 2161 { 2162 struct vnode *vp = ap->a_vp; 2163 struct uio *uio = ap->a_uio; 2164 struct buf *bp; 2165 struct inode *ip; 2166 struct direct *dp, *edp; 2167 u_long *cookies; 2168 struct dirent dstdp; 2169 off_t offset, startoffset; 2170 size_t readcnt, skipcnt; 2171 ssize_t startresid; 2172 u_int ncookies; 2173 int error; 2174 2175 if (uio->uio_offset < 0) 2176 return (EINVAL); 2177 ip = VTOI(vp); 2178 if (ip->i_effnlink == 0) 2179 return (0); 2180 if (ap->a_ncookies != NULL) { 2181 if (uio->uio_resid < 0) 2182 ncookies = 0; 2183 else 2184 ncookies = uio->uio_resid; 2185 if (uio->uio_offset >= ip->i_size) 2186 ncookies = 0; 2187 else if (ip->i_size - uio->uio_offset < ncookies) 2188 ncookies = ip->i_size - uio->uio_offset; 2189 ncookies = ncookies / (offsetof(struct direct, d_name) + 4) + 1; 2190 cookies = malloc(ncookies * sizeof(*cookies), M_TEMP, M_WAITOK); 2191 *ap->a_ncookies = ncookies; 2192 *ap->a_cookies = cookies; 2193 } else { 2194 ncookies = 0; 2195 cookies = NULL; 2196 } 2197 offset = startoffset = uio->uio_offset; 2198 startresid = uio->uio_resid; 2199 error = 0; 2200 while (error == 0 && uio->uio_resid > 0 && 2201 uio->uio_offset < ip->i_size) { 2202 error = ffs_blkatoff(vp, uio->uio_offset, NULL, &bp); 2203 if (error) 2204 break; 2205 if (bp->b_offset + bp->b_bcount > ip->i_size) 2206 readcnt = ip->i_size - bp->b_offset; 2207 else 2208 readcnt = bp->b_bcount; 2209 skipcnt = (size_t)(uio->uio_offset - bp->b_offset) & 2210 ~(size_t)(DIRBLKSIZ - 1); 2211 offset = bp->b_offset + skipcnt; 2212 dp = (struct direct *)&bp->b_data[skipcnt]; 2213 edp = (struct direct *)&bp->b_data[readcnt]; 2214 while (error == 0 && uio->uio_resid > 0 && dp < edp) { 2215 if (dp->d_reclen <= offsetof(struct direct, d_name) || 2216 (caddr_t)dp + dp->d_reclen > (caddr_t)edp) { 2217 error = EIO; 2218 break; 2219 } 2220 #if BYTE_ORDER == LITTLE_ENDIAN 2221 /* Old filesystem format. */ 2222 if (vp->v_mount->mnt_maxsymlinklen <= 0) { 2223 dstdp.d_namlen = dp->d_type; 2224 dstdp.d_type = dp->d_namlen; 2225 } else 2226 #endif 2227 { 2228 dstdp.d_namlen = dp->d_namlen; 2229 dstdp.d_type = dp->d_type; 2230 } 2231 if (offsetof(struct direct, d_name) + dstdp.d_namlen > 2232 dp->d_reclen) { 2233 error = EIO; 2234 break; 2235 } 2236 if (offset < startoffset || dp->d_ino == 0) 2237 goto nextentry; 2238 dstdp.d_fileno = dp->d_ino; 2239 dstdp.d_reclen = GENERIC_DIRSIZ(&dstdp); 2240 bcopy(dp->d_name, dstdp.d_name, dstdp.d_namlen); 2241 dstdp.d_name[dstdp.d_namlen] = '\0'; 2242 if (dstdp.d_reclen > uio->uio_resid) { 2243 if (uio->uio_resid == startresid) 2244 error = EINVAL; 2245 else 2246 error = EJUSTRETURN; 2247 break; 2248 } 2249 /* Advance dp. */ 2250 error = uiomove((caddr_t)&dstdp, dstdp.d_reclen, uio); 2251 if (error) 2252 break; 2253 if (cookies != NULL) { 2254 KASSERT(ncookies > 0, 2255 ("ufs_readdir: cookies buffer too small")); 2256 *cookies = offset + dp->d_reclen; 2257 cookies++; 2258 ncookies--; 2259 } 2260 nextentry: 2261 offset += dp->d_reclen; 2262 dp = (struct direct *)((caddr_t)dp + dp->d_reclen); 2263 } 2264 bqrelse(bp); 2265 uio->uio_offset = offset; 2266 } 2267 /* We need to correct uio_offset. */ 2268 uio->uio_offset = offset; 2269 if (error == EJUSTRETURN) 2270 error = 0; 2271 if (ap->a_ncookies != NULL) { 2272 if (error == 0) { 2273 ap->a_ncookies -= ncookies; 2274 } else { 2275 free(*ap->a_cookies, M_TEMP); 2276 *ap->a_ncookies = 0; 2277 *ap->a_cookies = NULL; 2278 } 2279 } 2280 if (error == 0 && ap->a_eofflag) 2281 *ap->a_eofflag = ip->i_size <= uio->uio_offset; 2282 return (error); 2283 } 2284 2285 /* 2286 * Return target name of a symbolic link 2287 */ 2288 static int 2289 ufs_readlink(ap) 2290 struct vop_readlink_args /* { 2291 struct vnode *a_vp; 2292 struct uio *a_uio; 2293 struct ucred *a_cred; 2294 } */ *ap; 2295 { 2296 struct vnode *vp = ap->a_vp; 2297 struct inode *ip = VTOI(vp); 2298 doff_t isize; 2299 2300 isize = ip->i_size; 2301 if ((isize < vp->v_mount->mnt_maxsymlinklen) || 2302 DIP(ip, i_blocks) == 0) { /* XXX - for old fastlink support */ 2303 return (uiomove(SHORTLINK(ip), isize, ap->a_uio)); 2304 } 2305 return (VOP_READ(vp, ap->a_uio, 0, ap->a_cred)); 2306 } 2307 2308 /* 2309 * Calculate the logical to physical mapping if not done already, 2310 * then call the device strategy routine. 2311 * 2312 * In order to be able to swap to a file, the ufs_bmaparray() operation may not 2313 * deadlock on memory. See ufs_bmap() for details. 2314 */ 2315 static int 2316 ufs_strategy(ap) 2317 struct vop_strategy_args /* { 2318 struct vnode *a_vp; 2319 struct buf *a_bp; 2320 } */ *ap; 2321 { 2322 struct buf *bp = ap->a_bp; 2323 struct vnode *vp = ap->a_vp; 2324 ufs2_daddr_t blkno; 2325 int error; 2326 2327 if (bp->b_blkno == bp->b_lblkno) { 2328 error = ufs_bmaparray(vp, bp->b_lblkno, &blkno, bp, NULL, NULL); 2329 bp->b_blkno = blkno; 2330 if (error) { 2331 bp->b_error = error; 2332 bp->b_ioflags |= BIO_ERROR; 2333 bufdone(bp); 2334 return (0); 2335 } 2336 if ((long)bp->b_blkno == -1) 2337 vfs_bio_clrbuf(bp); 2338 } 2339 if ((long)bp->b_blkno == -1) { 2340 bufdone(bp); 2341 return (0); 2342 } 2343 bp->b_iooffset = dbtob(bp->b_blkno); 2344 BO_STRATEGY(VFSTOUFS(vp->v_mount)->um_bo, bp); 2345 return (0); 2346 } 2347 2348 /* 2349 * Print out the contents of an inode. 2350 */ 2351 static int 2352 ufs_print(ap) 2353 struct vop_print_args /* { 2354 struct vnode *a_vp; 2355 } */ *ap; 2356 { 2357 struct vnode *vp = ap->a_vp; 2358 struct inode *ip = VTOI(vp); 2359 2360 printf("\tino %lu, on dev %s", (u_long)ip->i_number, 2361 devtoname(ITODEV(ip))); 2362 if (vp->v_type == VFIFO) 2363 fifo_printinfo(vp); 2364 printf("\n"); 2365 return (0); 2366 } 2367 2368 /* 2369 * Close wrapper for fifos. 2370 * 2371 * Update the times on the inode then do device close. 2372 */ 2373 static int 2374 ufsfifo_close(ap) 2375 struct vop_close_args /* { 2376 struct vnode *a_vp; 2377 int a_fflag; 2378 struct ucred *a_cred; 2379 struct thread *a_td; 2380 } */ *ap; 2381 { 2382 struct vnode *vp = ap->a_vp; 2383 int usecount; 2384 2385 VI_LOCK(vp); 2386 usecount = vp->v_usecount; 2387 if (usecount > 1) 2388 ufs_itimes_locked(vp); 2389 VI_UNLOCK(vp); 2390 return (fifo_specops.vop_close(ap)); 2391 } 2392 2393 /* 2394 * Kqfilter wrapper for fifos. 2395 * 2396 * Fall through to ufs kqfilter routines if needed 2397 */ 2398 static int 2399 ufsfifo_kqfilter(ap) 2400 struct vop_kqfilter_args *ap; 2401 { 2402 int error; 2403 2404 error = fifo_specops.vop_kqfilter(ap); 2405 if (error) 2406 error = vfs_kqfilter(ap); 2407 return (error); 2408 } 2409 2410 /* 2411 * Return POSIX pathconf information applicable to ufs filesystems. 2412 */ 2413 static int 2414 ufs_pathconf(ap) 2415 struct vop_pathconf_args /* { 2416 struct vnode *a_vp; 2417 int a_name; 2418 int *a_retval; 2419 } */ *ap; 2420 { 2421 int error; 2422 2423 error = 0; 2424 switch (ap->a_name) { 2425 case _PC_LINK_MAX: 2426 *ap->a_retval = UFS_LINK_MAX; 2427 break; 2428 case _PC_NAME_MAX: 2429 *ap->a_retval = UFS_MAXNAMLEN; 2430 break; 2431 case _PC_PIPE_BUF: 2432 if (ap->a_vp->v_type == VDIR || ap->a_vp->v_type == VFIFO) 2433 *ap->a_retval = PIPE_BUF; 2434 else 2435 error = EINVAL; 2436 break; 2437 case _PC_CHOWN_RESTRICTED: 2438 *ap->a_retval = 1; 2439 break; 2440 case _PC_NO_TRUNC: 2441 *ap->a_retval = 1; 2442 break; 2443 case _PC_ACL_EXTENDED: 2444 #ifdef UFS_ACL 2445 if (ap->a_vp->v_mount->mnt_flag & MNT_ACLS) 2446 *ap->a_retval = 1; 2447 else 2448 *ap->a_retval = 0; 2449 #else 2450 *ap->a_retval = 0; 2451 #endif 2452 break; 2453 2454 case _PC_ACL_NFS4: 2455 #ifdef UFS_ACL 2456 if (ap->a_vp->v_mount->mnt_flag & MNT_NFS4ACLS) 2457 *ap->a_retval = 1; 2458 else 2459 *ap->a_retval = 0; 2460 #else 2461 *ap->a_retval = 0; 2462 #endif 2463 break; 2464 2465 case _PC_ACL_PATH_MAX: 2466 #ifdef UFS_ACL 2467 if (ap->a_vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS)) 2468 *ap->a_retval = ACL_MAX_ENTRIES; 2469 else 2470 *ap->a_retval = 3; 2471 #else 2472 *ap->a_retval = 3; 2473 #endif 2474 break; 2475 case _PC_MAC_PRESENT: 2476 #ifdef MAC 2477 if (ap->a_vp->v_mount->mnt_flag & MNT_MULTILABEL) 2478 *ap->a_retval = 1; 2479 else 2480 *ap->a_retval = 0; 2481 #else 2482 *ap->a_retval = 0; 2483 #endif 2484 break; 2485 case _PC_MIN_HOLE_SIZE: 2486 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2487 break; 2488 case _PC_PRIO_IO: 2489 *ap->a_retval = 0; 2490 break; 2491 case _PC_SYNC_IO: 2492 *ap->a_retval = 0; 2493 break; 2494 case _PC_ALLOC_SIZE_MIN: 2495 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_bsize; 2496 break; 2497 case _PC_FILESIZEBITS: 2498 *ap->a_retval = 64; 2499 break; 2500 case _PC_REC_INCR_XFER_SIZE: 2501 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2502 break; 2503 case _PC_REC_MAX_XFER_SIZE: 2504 *ap->a_retval = -1; /* means ``unlimited'' */ 2505 break; 2506 case _PC_REC_MIN_XFER_SIZE: 2507 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2508 break; 2509 case _PC_REC_XFER_ALIGN: 2510 *ap->a_retval = PAGE_SIZE; 2511 break; 2512 case _PC_SYMLINK_MAX: 2513 *ap->a_retval = MAXPATHLEN; 2514 break; 2515 2516 default: 2517 error = vop_stdpathconf(ap); 2518 break; 2519 } 2520 return (error); 2521 } 2522 2523 /* 2524 * Initialize the vnode associated with a new inode, handle aliased 2525 * vnodes. 2526 */ 2527 int 2528 ufs_vinit(mntp, fifoops, vpp) 2529 struct mount *mntp; 2530 struct vop_vector *fifoops; 2531 struct vnode **vpp; 2532 { 2533 struct inode *ip; 2534 struct vnode *vp; 2535 2536 vp = *vpp; 2537 ip = VTOI(vp); 2538 vp->v_type = IFTOVT(ip->i_mode); 2539 if (vp->v_type == VFIFO) 2540 vp->v_op = fifoops; 2541 ASSERT_VOP_LOCKED(vp, "ufs_vinit"); 2542 if (ip->i_number == UFS_ROOTINO) 2543 vp->v_vflag |= VV_ROOT; 2544 *vpp = vp; 2545 return (0); 2546 } 2547 2548 /* 2549 * Allocate a new inode. 2550 * Vnode dvp must be locked. 2551 */ 2552 static int 2553 ufs_makeinode(mode, dvp, vpp, cnp, callfunc) 2554 int mode; 2555 struct vnode *dvp; 2556 struct vnode **vpp; 2557 struct componentname *cnp; 2558 const char *callfunc; 2559 { 2560 struct inode *ip, *pdir; 2561 struct direct newdir; 2562 struct vnode *tvp; 2563 int error; 2564 2565 pdir = VTOI(dvp); 2566 #ifdef INVARIANTS 2567 if ((cnp->cn_flags & HASBUF) == 0) 2568 panic("%s: no name", callfunc); 2569 #endif 2570 *vpp = NULL; 2571 if ((mode & IFMT) == 0) 2572 mode |= IFREG; 2573 2574 if (pdir->i_effnlink < 2) { 2575 print_bad_link_count(callfunc, dvp); 2576 return (EINVAL); 2577 } 2578 error = UFS_VALLOC(dvp, mode, cnp->cn_cred, &tvp); 2579 if (error) 2580 return (error); 2581 ip = VTOI(tvp); 2582 ip->i_gid = pdir->i_gid; 2583 DIP_SET(ip, i_gid, pdir->i_gid); 2584 #ifdef SUIDDIR 2585 { 2586 #ifdef QUOTA 2587 struct ucred ucred, *ucp; 2588 gid_t ucred_group; 2589 ucp = cnp->cn_cred; 2590 #endif 2591 /* 2592 * If we are not the owner of the directory, 2593 * and we are hacking owners here, (only do this where told to) 2594 * and we are not giving it TO root, (would subvert quotas) 2595 * then go ahead and give it to the other user. 2596 * Note that this drops off the execute bits for security. 2597 */ 2598 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) && 2599 (pdir->i_mode & ISUID) && 2600 (pdir->i_uid != cnp->cn_cred->cr_uid) && pdir->i_uid) { 2601 ip->i_uid = pdir->i_uid; 2602 DIP_SET(ip, i_uid, ip->i_uid); 2603 mode &= ~07111; 2604 #ifdef QUOTA 2605 /* 2606 * Make sure the correct user gets charged 2607 * for the space. 2608 * Quickly knock up a dummy credential for the victim. 2609 * XXX This seems to never be accessed out of our 2610 * context so a stack variable is ok. 2611 */ 2612 refcount_init(&ucred.cr_ref, 1); 2613 ucred.cr_uid = ip->i_uid; 2614 ucred.cr_ngroups = 1; 2615 ucred.cr_groups = &ucred_group; 2616 ucred.cr_groups[0] = pdir->i_gid; 2617 ucp = &ucred; 2618 #endif 2619 } else { 2620 ip->i_uid = cnp->cn_cred->cr_uid; 2621 DIP_SET(ip, i_uid, ip->i_uid); 2622 } 2623 2624 #ifdef QUOTA 2625 if ((error = getinoquota(ip)) || 2626 (error = chkiq(ip, 1, ucp, 0))) { 2627 if (DOINGSOFTDEP(tvp)) 2628 softdep_revert_link(pdir, ip); 2629 UFS_VFREE(tvp, ip->i_number, mode); 2630 vput(tvp); 2631 return (error); 2632 } 2633 #endif 2634 } 2635 #else /* !SUIDDIR */ 2636 ip->i_uid = cnp->cn_cred->cr_uid; 2637 DIP_SET(ip, i_uid, ip->i_uid); 2638 #ifdef QUOTA 2639 if ((error = getinoquota(ip)) || 2640 (error = chkiq(ip, 1, cnp->cn_cred, 0))) { 2641 if (DOINGSOFTDEP(tvp)) 2642 softdep_revert_link(pdir, ip); 2643 UFS_VFREE(tvp, ip->i_number, mode); 2644 vput(tvp); 2645 return (error); 2646 } 2647 #endif 2648 #endif /* !SUIDDIR */ 2649 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE; 2650 ip->i_mode = mode; 2651 DIP_SET(ip, i_mode, mode); 2652 tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */ 2653 ip->i_effnlink = 1; 2654 ip->i_nlink = 1; 2655 DIP_SET(ip, i_nlink, 1); 2656 if (DOINGSOFTDEP(tvp)) 2657 softdep_setup_create(VTOI(dvp), ip); 2658 if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) && 2659 priv_check_cred(cnp->cn_cred, PRIV_VFS_SETGID, 0)) { 2660 ip->i_mode &= ~ISGID; 2661 DIP_SET(ip, i_mode, ip->i_mode); 2662 } 2663 2664 if (cnp->cn_flags & ISWHITEOUT) { 2665 ip->i_flags |= UF_OPAQUE; 2666 DIP_SET(ip, i_flags, ip->i_flags); 2667 } 2668 2669 /* 2670 * Make sure inode goes to disk before directory entry. 2671 */ 2672 error = UFS_UPDATE(tvp, !DOINGSOFTDEP(tvp) && !DOINGASYNC(tvp)); 2673 if (error) 2674 goto bad; 2675 #ifdef MAC 2676 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) { 2677 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount, 2678 dvp, tvp, cnp); 2679 if (error) 2680 goto bad; 2681 } 2682 #endif 2683 #ifdef UFS_ACL 2684 if (dvp->v_mount->mnt_flag & MNT_ACLS) { 2685 error = ufs_do_posix1e_acl_inheritance_file(dvp, tvp, mode, 2686 cnp->cn_cred, cnp->cn_thread); 2687 if (error) 2688 goto bad; 2689 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) { 2690 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, mode, 2691 cnp->cn_cred, cnp->cn_thread); 2692 if (error) 2693 goto bad; 2694 } 2695 #endif /* !UFS_ACL */ 2696 ufs_makedirentry(ip, cnp, &newdir); 2697 error = ufs_direnter(dvp, tvp, &newdir, cnp, NULL, 0); 2698 if (error) 2699 goto bad; 2700 *vpp = tvp; 2701 return (0); 2702 2703 bad: 2704 /* 2705 * Write error occurred trying to update the inode 2706 * or the directory so must deallocate the inode. 2707 */ 2708 ip->i_effnlink = 0; 2709 ip->i_nlink = 0; 2710 DIP_SET(ip, i_nlink, 0); 2711 ip->i_flag |= IN_CHANGE; 2712 if (DOINGSOFTDEP(tvp)) 2713 softdep_revert_create(VTOI(dvp), ip); 2714 vput(tvp); 2715 return (error); 2716 } 2717 2718 static int 2719 ufs_ioctl(struct vop_ioctl_args *ap) 2720 { 2721 2722 switch (ap->a_command) { 2723 case FIOSEEKDATA: 2724 case FIOSEEKHOLE: 2725 return (vn_bmap_seekhole(ap->a_vp, ap->a_command, 2726 (off_t *)ap->a_data, ap->a_cred)); 2727 default: 2728 return (ENOTTY); 2729 } 2730 } 2731 2732 /* Global vfs data structures for ufs. */ 2733 struct vop_vector ufs_vnodeops = { 2734 .vop_default = &default_vnodeops, 2735 .vop_fsync = VOP_PANIC, 2736 .vop_read = VOP_PANIC, 2737 .vop_reallocblks = VOP_PANIC, 2738 .vop_write = VOP_PANIC, 2739 .vop_accessx = ufs_accessx, 2740 .vop_bmap = ufs_bmap, 2741 .vop_cachedlookup = ufs_lookup, 2742 .vop_close = ufs_close, 2743 .vop_create = ufs_create, 2744 .vop_getattr = ufs_getattr, 2745 .vop_inactive = ufs_inactive, 2746 .vop_ioctl = ufs_ioctl, 2747 .vop_link = ufs_link, 2748 .vop_lookup = vfs_cache_lookup, 2749 .vop_markatime = ufs_markatime, 2750 .vop_mkdir = ufs_mkdir, 2751 .vop_mknod = ufs_mknod, 2752 .vop_open = ufs_open, 2753 .vop_pathconf = ufs_pathconf, 2754 .vop_poll = vop_stdpoll, 2755 .vop_print = ufs_print, 2756 .vop_readdir = ufs_readdir, 2757 .vop_readlink = ufs_readlink, 2758 .vop_reclaim = ufs_reclaim, 2759 .vop_remove = ufs_remove, 2760 .vop_rename = ufs_rename, 2761 .vop_rmdir = ufs_rmdir, 2762 .vop_setattr = ufs_setattr, 2763 #ifdef MAC 2764 .vop_setlabel = vop_stdsetlabel_ea, 2765 #endif 2766 .vop_strategy = ufs_strategy, 2767 .vop_symlink = ufs_symlink, 2768 .vop_whiteout = ufs_whiteout, 2769 #ifdef UFS_EXTATTR 2770 .vop_getextattr = ufs_getextattr, 2771 .vop_deleteextattr = ufs_deleteextattr, 2772 .vop_setextattr = ufs_setextattr, 2773 #endif 2774 #ifdef UFS_ACL 2775 .vop_getacl = ufs_getacl, 2776 .vop_setacl = ufs_setacl, 2777 .vop_aclcheck = ufs_aclcheck, 2778 #endif 2779 }; 2780 2781 struct vop_vector ufs_fifoops = { 2782 .vop_default = &fifo_specops, 2783 .vop_fsync = VOP_PANIC, 2784 .vop_accessx = ufs_accessx, 2785 .vop_close = ufsfifo_close, 2786 .vop_getattr = ufs_getattr, 2787 .vop_inactive = ufs_inactive, 2788 .vop_kqfilter = ufsfifo_kqfilter, 2789 .vop_markatime = ufs_markatime, 2790 .vop_pathconf = ufs_pathconf, 2791 .vop_print = ufs_print, 2792 .vop_read = VOP_PANIC, 2793 .vop_reclaim = ufs_reclaim, 2794 .vop_setattr = ufs_setattr, 2795 #ifdef MAC 2796 .vop_setlabel = vop_stdsetlabel_ea, 2797 #endif 2798 .vop_write = VOP_PANIC, 2799 #ifdef UFS_EXTATTR 2800 .vop_getextattr = ufs_getextattr, 2801 .vop_deleteextattr = ufs_deleteextattr, 2802 .vop_setextattr = ufs_setextattr, 2803 #endif 2804 #ifdef UFS_ACL 2805 .vop_getacl = ufs_getacl, 2806 .vop_setacl = ufs_setacl, 2807 .vop_aclcheck = ufs_aclcheck, 2808 #endif 2809 }; 2810