1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1982, 1986, 1989, 1993, 1995 5 * The Regents of the University of California. All rights reserved. 6 * (c) UNIX System Laboratories, Inc. 7 * All or some portions of this file are derived from material licensed 8 * to the University of California by American Telephone and Telegraph 9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 10 * the permission of UNIX System Laboratories, Inc. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)ufs_vnops.c 8.27 (Berkeley) 5/27/95 37 */ 38 39 #include <sys/cdefs.h> 40 __FBSDID("$FreeBSD$"); 41 42 #include "opt_quota.h" 43 #include "opt_suiddir.h" 44 #include "opt_ufs.h" 45 #include "opt_ffs.h" 46 47 #include <sys/param.h> 48 #include <sys/systm.h> 49 #include <sys/malloc.h> 50 #include <sys/namei.h> 51 #include <sys/kernel.h> 52 #include <sys/fcntl.h> 53 #include <sys/filio.h> 54 #include <sys/stat.h> 55 #include <sys/bio.h> 56 #include <sys/buf.h> 57 #include <sys/mount.h> 58 #include <sys/priv.h> 59 #include <sys/refcount.h> 60 #include <sys/unistd.h> 61 #include <sys/vnode.h> 62 #include <sys/dirent.h> 63 #include <sys/lockf.h> 64 #include <sys/conf.h> 65 #include <sys/acl.h> 66 #include <sys/smr.h> 67 68 #include <security/audit/audit.h> 69 #include <security/mac/mac_framework.h> 70 71 #include <sys/file.h> /* XXX */ 72 73 #include <vm/vm.h> 74 #include <vm/vm_extern.h> 75 76 #include <ufs/ufs/acl.h> 77 #include <ufs/ufs/extattr.h> 78 #include <ufs/ufs/quota.h> 79 #include <ufs/ufs/inode.h> 80 #include <ufs/ufs/dir.h> 81 #include <ufs/ufs/ufsmount.h> 82 #include <ufs/ufs/ufs_extern.h> 83 #ifdef UFS_DIRHASH 84 #include <ufs/ufs/dirhash.h> 85 #endif 86 #ifdef UFS_GJOURNAL 87 #include <ufs/ufs/gjournal.h> 88 FEATURE(ufs_gjournal, "Journaling support through GEOM for UFS"); 89 #endif 90 91 #ifdef QUOTA 92 FEATURE(ufs_quota, "UFS disk quotas support"); 93 FEATURE(ufs_quota64, "64bit UFS disk quotas support"); 94 #endif 95 96 #ifdef SUIDDIR 97 FEATURE(suiddir, 98 "Give all new files in directory the same ownership as the directory"); 99 #endif 100 101 VFS_SMR_DECLARE; 102 103 #include <ufs/ffs/ffs_extern.h> 104 105 static vop_accessx_t ufs_accessx; 106 static vop_fplookup_vexec_t ufs_fplookup_vexec; 107 static int ufs_chmod(struct vnode *, int, struct ucred *, struct thread *); 108 static int ufs_chown(struct vnode *, uid_t, gid_t, struct ucred *, struct thread *); 109 static vop_close_t ufs_close; 110 static vop_create_t ufs_create; 111 static vop_stat_t ufs_stat; 112 static vop_getattr_t ufs_getattr; 113 static vop_ioctl_t ufs_ioctl; 114 static vop_link_t ufs_link; 115 static int ufs_makeinode(int mode, struct vnode *, struct vnode **, struct componentname *, const char *); 116 static vop_mmapped_t ufs_mmapped; 117 static vop_mkdir_t ufs_mkdir; 118 static vop_mknod_t ufs_mknod; 119 static vop_open_t ufs_open; 120 static vop_pathconf_t ufs_pathconf; 121 static vop_print_t ufs_print; 122 static vop_readlink_t ufs_readlink; 123 static vop_remove_t ufs_remove; 124 static vop_rename_t ufs_rename; 125 static vop_rmdir_t ufs_rmdir; 126 static vop_setattr_t ufs_setattr; 127 static vop_strategy_t ufs_strategy; 128 static vop_symlink_t ufs_symlink; 129 static vop_whiteout_t ufs_whiteout; 130 static vop_close_t ufsfifo_close; 131 static vop_kqfilter_t ufsfifo_kqfilter; 132 133 SYSCTL_NODE(_vfs, OID_AUTO, ufs, CTLFLAG_RD | CTLFLAG_MPSAFE, 0, 134 "UFS filesystem"); 135 136 /* 137 * A virgin directory (no blushing please). 138 */ 139 static struct dirtemplate mastertemplate = { 140 0, 12, DT_DIR, 1, ".", 141 0, DIRBLKSIZ - 12, DT_DIR, 2, ".." 142 }; 143 static struct odirtemplate omastertemplate = { 144 0, 12, 1, ".", 145 0, DIRBLKSIZ - 12, 2, ".." 146 }; 147 148 static void 149 ufs_itimes_locked(struct vnode *vp) 150 { 151 struct inode *ip; 152 struct timespec ts; 153 154 ASSERT_VI_LOCKED(vp, __func__); 155 156 ip = VTOI(vp); 157 if (UFS_RDONLY(ip)) 158 goto out; 159 if ((ip->i_flag & (IN_ACCESS | IN_CHANGE | IN_UPDATE)) == 0) 160 return; 161 162 if ((vp->v_type == VBLK || vp->v_type == VCHR) && !DOINGSOFTDEP(vp)) 163 UFS_INODE_SET_FLAG(ip, IN_LAZYMOD); 164 else if (((vp->v_mount->mnt_kern_flag & 165 (MNTK_SUSPENDED | MNTK_SUSPEND)) == 0) || 166 (ip->i_flag & (IN_CHANGE | IN_UPDATE))) 167 UFS_INODE_SET_FLAG(ip, IN_MODIFIED); 168 else if (ip->i_flag & IN_ACCESS) 169 UFS_INODE_SET_FLAG(ip, IN_LAZYACCESS); 170 vfs_timestamp(&ts); 171 if (ip->i_flag & IN_ACCESS) { 172 DIP_SET(ip, i_atime, ts.tv_sec); 173 DIP_SET(ip, i_atimensec, ts.tv_nsec); 174 } 175 if (ip->i_flag & IN_UPDATE) { 176 DIP_SET(ip, i_mtime, ts.tv_sec); 177 DIP_SET(ip, i_mtimensec, ts.tv_nsec); 178 } 179 if (ip->i_flag & IN_CHANGE) { 180 DIP_SET(ip, i_ctime, ts.tv_sec); 181 DIP_SET(ip, i_ctimensec, ts.tv_nsec); 182 DIP_SET(ip, i_modrev, DIP(ip, i_modrev) + 1); 183 } 184 185 out: 186 ip->i_flag &= ~(IN_ACCESS | IN_CHANGE | IN_UPDATE); 187 } 188 189 void 190 ufs_itimes(struct vnode *vp) 191 { 192 193 VI_LOCK(vp); 194 ufs_itimes_locked(vp); 195 VI_UNLOCK(vp); 196 } 197 198 /* 199 * Create a regular file 200 */ 201 static int 202 ufs_create(ap) 203 struct vop_create_args /* { 204 struct vnode *a_dvp; 205 struct vnode **a_vpp; 206 struct componentname *a_cnp; 207 struct vattr *a_vap; 208 } */ *ap; 209 { 210 int error; 211 212 error = 213 ufs_makeinode(MAKEIMODE(ap->a_vap->va_type, ap->a_vap->va_mode), 214 ap->a_dvp, ap->a_vpp, ap->a_cnp, "ufs_create"); 215 if (error != 0) 216 return (error); 217 if ((ap->a_cnp->cn_flags & MAKEENTRY) != 0) 218 cache_enter(ap->a_dvp, *ap->a_vpp, ap->a_cnp); 219 return (0); 220 } 221 222 /* 223 * Mknod vnode call 224 */ 225 /* ARGSUSED */ 226 static int 227 ufs_mknod(ap) 228 struct vop_mknod_args /* { 229 struct vnode *a_dvp; 230 struct vnode **a_vpp; 231 struct componentname *a_cnp; 232 struct vattr *a_vap; 233 } */ *ap; 234 { 235 struct vattr *vap = ap->a_vap; 236 struct vnode **vpp = ap->a_vpp; 237 struct inode *ip; 238 ino_t ino; 239 int error; 240 241 error = ufs_makeinode(MAKEIMODE(vap->va_type, vap->va_mode), 242 ap->a_dvp, vpp, ap->a_cnp, "ufs_mknod"); 243 if (error) 244 return (error); 245 ip = VTOI(*vpp); 246 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE); 247 if (vap->va_rdev != VNOVAL) { 248 /* 249 * Want to be able to use this to make badblock 250 * inodes, so don't truncate the dev number. 251 */ 252 DIP_SET(ip, i_rdev, vap->va_rdev); 253 } 254 /* 255 * Remove inode, then reload it through VFS_VGET so it is 256 * checked to see if it is an alias of an existing entry in 257 * the inode cache. XXX I don't believe this is necessary now. 258 */ 259 (*vpp)->v_type = VNON; 260 ino = ip->i_number; /* Save this before vgone() invalidates ip. */ 261 vgone(*vpp); 262 vput(*vpp); 263 error = VFS_VGET(ap->a_dvp->v_mount, ino, LK_EXCLUSIVE, vpp); 264 if (error) { 265 *vpp = NULL; 266 return (error); 267 } 268 return (0); 269 } 270 271 /* 272 * Open called. 273 */ 274 /* ARGSUSED */ 275 static int 276 ufs_open(struct vop_open_args *ap) 277 { 278 struct vnode *vp = ap->a_vp; 279 struct inode *ip; 280 281 if (vp->v_type == VCHR || vp->v_type == VBLK) 282 return (EOPNOTSUPP); 283 284 ip = VTOI(vp); 285 vnode_create_vobject(vp, DIP(ip, i_size), ap->a_td); 286 if (vp->v_type == VREG && (vp->v_irflag & VIRF_PGREAD) == 0) { 287 VI_LOCK(vp); 288 vp->v_irflag |= VIRF_PGREAD; 289 VI_UNLOCK(vp); 290 } 291 292 /* 293 * Files marked append-only must be opened for appending. 294 */ 295 if ((ip->i_flags & APPEND) && 296 (ap->a_mode & (FWRITE | O_APPEND)) == FWRITE) 297 return (EPERM); 298 299 return (0); 300 } 301 302 /* 303 * Close called. 304 * 305 * Update the times on the inode. 306 */ 307 /* ARGSUSED */ 308 static int 309 ufs_close(ap) 310 struct vop_close_args /* { 311 struct vnode *a_vp; 312 int a_fflag; 313 struct ucred *a_cred; 314 struct thread *a_td; 315 } */ *ap; 316 { 317 struct vnode *vp = ap->a_vp; 318 int usecount; 319 320 VI_LOCK(vp); 321 usecount = vp->v_usecount; 322 if (usecount > 1) 323 ufs_itimes_locked(vp); 324 VI_UNLOCK(vp); 325 return (0); 326 } 327 328 static int 329 ufs_accessx(ap) 330 struct vop_accessx_args /* { 331 struct vnode *a_vp; 332 accmode_t a_accmode; 333 struct ucred *a_cred; 334 struct thread *a_td; 335 } */ *ap; 336 { 337 struct vnode *vp = ap->a_vp; 338 struct inode *ip = VTOI(vp); 339 accmode_t accmode = ap->a_accmode; 340 int error; 341 #ifdef UFS_ACL 342 struct acl *acl; 343 acl_type_t type; 344 #endif 345 346 /* 347 * Disallow write attempts on read-only filesystems; 348 * unless the file is a socket, fifo, or a block or 349 * character device resident on the filesystem. 350 */ 351 if (accmode & VMODIFY_PERMS) { 352 switch (vp->v_type) { 353 case VDIR: 354 case VLNK: 355 case VREG: 356 if (vp->v_mount->mnt_flag & MNT_RDONLY) 357 return (EROFS); 358 #ifdef QUOTA 359 /* 360 * Inode is accounted in the quotas only if struct 361 * dquot is attached to it. VOP_ACCESS() is called 362 * from vn_open_cred() and provides a convenient 363 * point to call getinoquota(). The lock mode is 364 * exclusive when the file is opening for write. 365 */ 366 if (VOP_ISLOCKED(vp) == LK_EXCLUSIVE) { 367 error = getinoquota(ip); 368 if (error != 0) 369 return (error); 370 } 371 #endif 372 break; 373 default: 374 break; 375 } 376 } 377 378 /* 379 * If immutable bit set, nobody gets to write it. "& ~VADMIN_PERMS" 380 * permits the owner of the file to remove the IMMUTABLE flag. 381 */ 382 if ((accmode & (VMODIFY_PERMS & ~VADMIN_PERMS)) && 383 (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT))) 384 return (EPERM); 385 386 #ifdef UFS_ACL 387 if ((vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS)) != 0) { 388 if (vp->v_mount->mnt_flag & MNT_NFS4ACLS) 389 type = ACL_TYPE_NFS4; 390 else 391 type = ACL_TYPE_ACCESS; 392 393 acl = acl_alloc(M_WAITOK); 394 if (type == ACL_TYPE_NFS4) 395 error = ufs_getacl_nfs4_internal(vp, acl, ap->a_td); 396 else 397 error = VOP_GETACL(vp, type, acl, ap->a_cred, ap->a_td); 398 switch (error) { 399 case 0: 400 if (type == ACL_TYPE_NFS4) { 401 error = vaccess_acl_nfs4(vp->v_type, ip->i_uid, 402 ip->i_gid, acl, accmode, ap->a_cred); 403 } else { 404 error = vfs_unixify_accmode(&accmode); 405 if (error == 0) 406 error = vaccess_acl_posix1e(vp->v_type, ip->i_uid, 407 ip->i_gid, acl, accmode, ap->a_cred); 408 } 409 break; 410 default: 411 if (error != EOPNOTSUPP) 412 printf( 413 "ufs_accessx(): Error retrieving ACL on object (%d).\n", 414 error); 415 /* 416 * XXX: Fall back until debugged. Should 417 * eventually possibly log an error, and return 418 * EPERM for safety. 419 */ 420 error = vfs_unixify_accmode(&accmode); 421 if (error == 0) 422 error = vaccess(vp->v_type, ip->i_mode, 423 ip->i_uid, ip->i_gid, accmode, ap->a_cred); 424 } 425 acl_free(acl); 426 427 return (error); 428 } 429 #endif /* !UFS_ACL */ 430 error = vfs_unixify_accmode(&accmode); 431 if (error == 0) 432 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, ip->i_gid, 433 accmode, ap->a_cred); 434 return (error); 435 } 436 437 /* 438 * VOP_FPLOOKUP_VEXEC routines are subject to special circumstances, see 439 * the comment above cache_fplookup for details. 440 */ 441 static int 442 ufs_fplookup_vexec(ap) 443 struct vop_fplookup_vexec_args /* { 444 struct vnode *a_vp; 445 struct ucred *a_cred; 446 struct thread *a_td; 447 } */ *ap; 448 { 449 struct vnode *vp; 450 struct inode *ip; 451 struct ucred *cred; 452 mode_t all_x, mode; 453 454 vp = ap->a_vp; 455 ip = VTOI_SMR(vp); 456 if (__predict_false(ip == NULL)) 457 return (EAGAIN); 458 459 /* 460 * XXX ACL race 461 * 462 * ACLs are not supported and UFS clears/sets this flag on mount and 463 * remount. However, we may still be racing with seeing them and there 464 * is no provision to make sure they were accounted for. This matches 465 * the behavior of the locked case, since the lookup there is also 466 * racy: mount takes no measures to block anyone from progressing. 467 */ 468 all_x = S_IXUSR | S_IXGRP | S_IXOTH; 469 mode = atomic_load_short(&ip->i_mode); 470 if (__predict_true((mode & all_x) == all_x)) 471 return (0); 472 473 cred = ap->a_cred; 474 return (vaccess_vexec_smr(mode, ip->i_uid, ip->i_gid, cred)); 475 } 476 477 /* ARGSUSED */ 478 static int 479 ufs_stat(struct vop_stat_args *ap) 480 { 481 struct vnode *vp = ap->a_vp; 482 struct inode *ip = VTOI(vp); 483 struct stat *sb = ap->a_sb; 484 int error; 485 486 error = vop_stat_helper_pre(ap); 487 if (__predict_false(error)) 488 return (error); 489 490 VI_LOCK(vp); 491 ufs_itimes_locked(vp); 492 if (I_IS_UFS1(ip)) { 493 sb->st_atim.tv_sec = ip->i_din1->di_atime; 494 sb->st_atim.tv_nsec = ip->i_din1->di_atimensec; 495 } else { 496 sb->st_atim.tv_sec = ip->i_din2->di_atime; 497 sb->st_atim.tv_nsec = ip->i_din2->di_atimensec; 498 } 499 VI_UNLOCK(vp); 500 501 sb->st_dev = dev2udev(ITOUMP(ip)->um_dev); 502 sb->st_ino = ip->i_number; 503 sb->st_mode = (ip->i_mode & ~IFMT) | VTTOIF(vp->v_type); 504 sb->st_nlink = ip->i_effnlink; 505 sb->st_uid = ip->i_uid; 506 sb->st_gid = ip->i_gid; 507 if (I_IS_UFS1(ip)) { 508 sb->st_rdev = ip->i_din1->di_rdev; 509 sb->st_size = ip->i_din1->di_size; 510 sb->st_mtim.tv_sec = ip->i_din1->di_mtime; 511 sb->st_mtim.tv_nsec = ip->i_din1->di_mtimensec; 512 sb->st_ctim.tv_sec = ip->i_din1->di_ctime; 513 sb->st_ctim.tv_nsec = ip->i_din1->di_ctimensec; 514 sb->st_birthtim.tv_sec = -1; 515 sb->st_birthtim.tv_nsec = 0; 516 sb->st_blocks = dbtob((u_quad_t)ip->i_din1->di_blocks) / S_BLKSIZE; 517 } else { 518 sb->st_rdev = ip->i_din2->di_rdev; 519 sb->st_size = ip->i_din2->di_size; 520 sb->st_mtim.tv_sec = ip->i_din2->di_mtime; 521 sb->st_mtim.tv_nsec = ip->i_din2->di_mtimensec; 522 sb->st_ctim.tv_sec = ip->i_din2->di_ctime; 523 sb->st_ctim.tv_nsec = ip->i_din2->di_ctimensec; 524 sb->st_birthtim.tv_sec = ip->i_din2->di_birthtime; 525 sb->st_birthtim.tv_nsec = ip->i_din2->di_birthnsec; 526 sb->st_blocks = dbtob((u_quad_t)ip->i_din2->di_blocks) / S_BLKSIZE; 527 } 528 529 sb->st_blksize = max(PAGE_SIZE, vp->v_mount->mnt_stat.f_iosize); 530 sb->st_flags = ip->i_flags; 531 sb->st_gen = ip->i_gen; 532 533 return (vop_stat_helper_post(ap, error)); 534 } 535 536 /* ARGSUSED */ 537 static int 538 ufs_getattr(ap) 539 struct vop_getattr_args /* { 540 struct vnode *a_vp; 541 struct vattr *a_vap; 542 struct ucred *a_cred; 543 } */ *ap; 544 { 545 struct vnode *vp = ap->a_vp; 546 struct inode *ip = VTOI(vp); 547 struct vattr *vap = ap->a_vap; 548 549 VI_LOCK(vp); 550 ufs_itimes_locked(vp); 551 if (I_IS_UFS1(ip)) { 552 vap->va_atime.tv_sec = ip->i_din1->di_atime; 553 vap->va_atime.tv_nsec = ip->i_din1->di_atimensec; 554 } else { 555 vap->va_atime.tv_sec = ip->i_din2->di_atime; 556 vap->va_atime.tv_nsec = ip->i_din2->di_atimensec; 557 } 558 VI_UNLOCK(vp); 559 /* 560 * Copy from inode table 561 */ 562 vap->va_fsid = dev2udev(ITOUMP(ip)->um_dev); 563 vap->va_fileid = ip->i_number; 564 vap->va_mode = ip->i_mode & ~IFMT; 565 vap->va_nlink = ip->i_effnlink; 566 vap->va_uid = ip->i_uid; 567 vap->va_gid = ip->i_gid; 568 if (I_IS_UFS1(ip)) { 569 vap->va_rdev = ip->i_din1->di_rdev; 570 vap->va_size = ip->i_din1->di_size; 571 vap->va_mtime.tv_sec = ip->i_din1->di_mtime; 572 vap->va_mtime.tv_nsec = ip->i_din1->di_mtimensec; 573 vap->va_ctime.tv_sec = ip->i_din1->di_ctime; 574 vap->va_ctime.tv_nsec = ip->i_din1->di_ctimensec; 575 vap->va_bytes = dbtob((u_quad_t)ip->i_din1->di_blocks); 576 vap->va_filerev = ip->i_din1->di_modrev; 577 } else { 578 vap->va_rdev = ip->i_din2->di_rdev; 579 vap->va_size = ip->i_din2->di_size; 580 vap->va_mtime.tv_sec = ip->i_din2->di_mtime; 581 vap->va_mtime.tv_nsec = ip->i_din2->di_mtimensec; 582 vap->va_ctime.tv_sec = ip->i_din2->di_ctime; 583 vap->va_ctime.tv_nsec = ip->i_din2->di_ctimensec; 584 vap->va_birthtime.tv_sec = ip->i_din2->di_birthtime; 585 vap->va_birthtime.tv_nsec = ip->i_din2->di_birthnsec; 586 vap->va_bytes = dbtob((u_quad_t)ip->i_din2->di_blocks); 587 vap->va_filerev = ip->i_din2->di_modrev; 588 } 589 vap->va_flags = ip->i_flags; 590 vap->va_gen = ip->i_gen; 591 vap->va_blocksize = vp->v_mount->mnt_stat.f_iosize; 592 vap->va_type = IFTOVT(ip->i_mode); 593 return (0); 594 } 595 596 /* 597 * Set attribute vnode op. called from several syscalls 598 */ 599 static int 600 ufs_setattr(ap) 601 struct vop_setattr_args /* { 602 struct vnode *a_vp; 603 struct vattr *a_vap; 604 struct ucred *a_cred; 605 } */ *ap; 606 { 607 struct vattr *vap = ap->a_vap; 608 struct vnode *vp = ap->a_vp; 609 struct inode *ip = VTOI(vp); 610 struct ucred *cred = ap->a_cred; 611 struct thread *td = curthread; 612 int error; 613 614 /* 615 * Check for unsettable attributes. 616 */ 617 if ((vap->va_type != VNON) || (vap->va_nlink != VNOVAL) || 618 (vap->va_fsid != VNOVAL) || (vap->va_fileid != VNOVAL) || 619 (vap->va_blocksize != VNOVAL) || (vap->va_rdev != VNOVAL) || 620 ((int)vap->va_bytes != VNOVAL) || (vap->va_gen != VNOVAL)) { 621 return (EINVAL); 622 } 623 if (vap->va_flags != VNOVAL) { 624 if ((vap->va_flags & ~(SF_APPEND | SF_ARCHIVED | SF_IMMUTABLE | 625 SF_NOUNLINK | SF_SNAPSHOT | UF_APPEND | UF_ARCHIVE | 626 UF_HIDDEN | UF_IMMUTABLE | UF_NODUMP | UF_NOUNLINK | 627 UF_OFFLINE | UF_OPAQUE | UF_READONLY | UF_REPARSE | 628 UF_SPARSE | UF_SYSTEM)) != 0) 629 return (EOPNOTSUPP); 630 if (vp->v_mount->mnt_flag & MNT_RDONLY) 631 return (EROFS); 632 /* 633 * Callers may only modify the file flags on objects they 634 * have VADMIN rights for. 635 */ 636 if ((error = VOP_ACCESS(vp, VADMIN, cred, td))) 637 return (error); 638 /* 639 * Unprivileged processes are not permitted to unset system 640 * flags, or modify flags if any system flags are set. 641 * Privileged non-jail processes may not modify system flags 642 * if securelevel > 0 and any existing system flags are set. 643 * Privileged jail processes behave like privileged non-jail 644 * processes if the PR_ALLOW_CHFLAGS permission bit is set; 645 * otherwise, they behave like unprivileged processes. 646 */ 647 if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS)) { 648 if (ip->i_flags & 649 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) { 650 error = securelevel_gt(cred, 0); 651 if (error) 652 return (error); 653 } 654 /* The snapshot flag cannot be toggled. */ 655 if ((vap->va_flags ^ ip->i_flags) & SF_SNAPSHOT) 656 return (EPERM); 657 } else { 658 if (ip->i_flags & 659 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND) || 660 ((vap->va_flags ^ ip->i_flags) & SF_SETTABLE)) 661 return (EPERM); 662 } 663 ip->i_flags = vap->va_flags; 664 DIP_SET(ip, i_flags, vap->va_flags); 665 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 666 error = UFS_UPDATE(vp, 0); 667 if (ip->i_flags & (IMMUTABLE | APPEND)) 668 return (error); 669 } 670 /* 671 * If immutable or append, no one can change any of its attributes 672 * except the ones already handled (in some cases, file flags 673 * including the immutability flags themselves for the superuser). 674 */ 675 if (ip->i_flags & (IMMUTABLE | APPEND)) 676 return (EPERM); 677 /* 678 * Go through the fields and update iff not VNOVAL. 679 */ 680 if (vap->va_uid != (uid_t)VNOVAL || vap->va_gid != (gid_t)VNOVAL) { 681 if (vp->v_mount->mnt_flag & MNT_RDONLY) 682 return (EROFS); 683 if ((error = ufs_chown(vp, vap->va_uid, vap->va_gid, cred, 684 td)) != 0) 685 return (error); 686 } 687 if (vap->va_size != VNOVAL) { 688 /* 689 * XXX most of the following special cases should be in 690 * callers instead of in N filesystems. The VDIR check 691 * mostly already is. 692 */ 693 switch (vp->v_type) { 694 case VDIR: 695 return (EISDIR); 696 case VLNK: 697 case VREG: 698 /* 699 * Truncation should have an effect in these cases. 700 * Disallow it if the filesystem is read-only or 701 * the file is being snapshotted. 702 */ 703 if (vp->v_mount->mnt_flag & MNT_RDONLY) 704 return (EROFS); 705 if ((ip->i_flags & SF_SNAPSHOT) != 0) 706 return (EPERM); 707 break; 708 default: 709 /* 710 * According to POSIX, the result is unspecified 711 * for file types other than regular files, 712 * directories and shared memory objects. We 713 * don't support shared memory objects in the file 714 * system, and have dubious support for truncating 715 * symlinks. Just ignore the request in other cases. 716 */ 717 return (0); 718 } 719 if ((error = UFS_TRUNCATE(vp, vap->va_size, IO_NORMAL | 720 ((vap->va_vaflags & VA_SYNC) != 0 ? IO_SYNC : 0), 721 cred)) != 0) 722 return (error); 723 } 724 if (vap->va_atime.tv_sec != VNOVAL || 725 vap->va_mtime.tv_sec != VNOVAL || 726 vap->va_birthtime.tv_sec != VNOVAL) { 727 if (vp->v_mount->mnt_flag & MNT_RDONLY) 728 return (EROFS); 729 if ((ip->i_flags & SF_SNAPSHOT) != 0) 730 return (EPERM); 731 error = vn_utimes_perm(vp, vap, cred, td); 732 if (error != 0) 733 return (error); 734 UFS_INODE_SET_FLAG(ip, IN_CHANGE | IN_MODIFIED); 735 if (vap->va_atime.tv_sec != VNOVAL) { 736 ip->i_flag &= ~IN_ACCESS; 737 DIP_SET(ip, i_atime, vap->va_atime.tv_sec); 738 DIP_SET(ip, i_atimensec, vap->va_atime.tv_nsec); 739 } 740 if (vap->va_mtime.tv_sec != VNOVAL) { 741 ip->i_flag &= ~IN_UPDATE; 742 DIP_SET(ip, i_mtime, vap->va_mtime.tv_sec); 743 DIP_SET(ip, i_mtimensec, vap->va_mtime.tv_nsec); 744 } 745 if (vap->va_birthtime.tv_sec != VNOVAL && I_IS_UFS2(ip)) { 746 ip->i_din2->di_birthtime = vap->va_birthtime.tv_sec; 747 ip->i_din2->di_birthnsec = vap->va_birthtime.tv_nsec; 748 } 749 error = UFS_UPDATE(vp, 0); 750 if (error) 751 return (error); 752 } 753 error = 0; 754 if (vap->va_mode != (mode_t)VNOVAL) { 755 if (vp->v_mount->mnt_flag & MNT_RDONLY) 756 return (EROFS); 757 if ((ip->i_flags & SF_SNAPSHOT) != 0 && (vap->va_mode & 758 (S_IXUSR | S_IWUSR | S_IXGRP | S_IWGRP | S_IXOTH | S_IWOTH))) 759 return (EPERM); 760 error = ufs_chmod(vp, (int)vap->va_mode, cred, td); 761 } 762 return (error); 763 } 764 765 #ifdef UFS_ACL 766 static int 767 ufs_update_nfs4_acl_after_mode_change(struct vnode *vp, int mode, 768 int file_owner_id, struct ucred *cred, struct thread *td) 769 { 770 int error; 771 struct acl *aclp; 772 773 aclp = acl_alloc(M_WAITOK); 774 error = ufs_getacl_nfs4_internal(vp, aclp, td); 775 /* 776 * We don't have to handle EOPNOTSUPP here, as the filesystem claims 777 * it supports ACLs. 778 */ 779 if (error) 780 goto out; 781 782 acl_nfs4_sync_acl_from_mode(aclp, mode, file_owner_id); 783 error = ufs_setacl_nfs4_internal(vp, aclp, td); 784 785 out: 786 acl_free(aclp); 787 return (error); 788 } 789 #endif /* UFS_ACL */ 790 791 static int 792 ufs_mmapped(ap) 793 struct vop_mmapped_args /* { 794 struct vnode *a_vp; 795 } */ *ap; 796 { 797 struct vnode *vp; 798 struct inode *ip; 799 struct mount *mp; 800 801 vp = ap->a_vp; 802 ip = VTOI(vp); 803 mp = vp->v_mount; 804 805 if ((mp->mnt_flag & (MNT_NOATIME | MNT_RDONLY)) == 0) 806 UFS_INODE_SET_FLAG_SHARED(ip, IN_ACCESS); 807 /* 808 * XXXKIB No UFS_UPDATE(ap->a_vp, 0) there. 809 */ 810 return (0); 811 } 812 813 /* 814 * Change the mode on a file. 815 * Inode must be locked before calling. 816 */ 817 static int 818 ufs_chmod(vp, mode, cred, td) 819 struct vnode *vp; 820 int mode; 821 struct ucred *cred; 822 struct thread *td; 823 { 824 struct inode *ip = VTOI(vp); 825 int newmode, error; 826 827 /* 828 * To modify the permissions on a file, must possess VADMIN 829 * for that file. 830 */ 831 if ((error = VOP_ACCESSX(vp, VWRITE_ACL, cred, td))) 832 return (error); 833 /* 834 * Privileged processes may set the sticky bit on non-directories, 835 * as well as set the setgid bit on a file with a group that the 836 * process is not a member of. Both of these are allowed in 837 * jail(8). 838 */ 839 if (vp->v_type != VDIR && (mode & S_ISTXT)) { 840 if (priv_check_cred(cred, PRIV_VFS_STICKYFILE)) 841 return (EFTYPE); 842 } 843 if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) { 844 error = priv_check_cred(cred, PRIV_VFS_SETGID); 845 if (error) 846 return (error); 847 } 848 849 /* 850 * Deny setting setuid if we are not the file owner. 851 */ 852 if ((mode & ISUID) && ip->i_uid != cred->cr_uid) { 853 error = priv_check_cred(cred, PRIV_VFS_ADMIN); 854 if (error) 855 return (error); 856 } 857 858 newmode = ip->i_mode & ~ALLPERMS; 859 newmode |= (mode & ALLPERMS); 860 UFS_INODE_SET_MODE(ip, newmode); 861 DIP_SET(ip, i_mode, ip->i_mode); 862 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 863 #ifdef UFS_ACL 864 if ((vp->v_mount->mnt_flag & MNT_NFS4ACLS) != 0) 865 error = ufs_update_nfs4_acl_after_mode_change(vp, mode, ip->i_uid, cred, td); 866 #endif 867 if (error == 0 && (ip->i_flag & IN_CHANGE) != 0) 868 error = UFS_UPDATE(vp, 0); 869 870 return (error); 871 } 872 873 /* 874 * Perform chown operation on inode ip; 875 * inode must be locked prior to call. 876 */ 877 static int 878 ufs_chown(vp, uid, gid, cred, td) 879 struct vnode *vp; 880 uid_t uid; 881 gid_t gid; 882 struct ucred *cred; 883 struct thread *td; 884 { 885 struct inode *ip = VTOI(vp); 886 uid_t ouid; 887 gid_t ogid; 888 int error = 0; 889 #ifdef QUOTA 890 int i; 891 ufs2_daddr_t change; 892 #endif 893 894 if (uid == (uid_t)VNOVAL) 895 uid = ip->i_uid; 896 if (gid == (gid_t)VNOVAL) 897 gid = ip->i_gid; 898 /* 899 * To modify the ownership of a file, must possess VADMIN for that 900 * file. 901 */ 902 if ((error = VOP_ACCESSX(vp, VWRITE_OWNER, cred, td))) 903 return (error); 904 /* 905 * To change the owner of a file, or change the group of a file to a 906 * group of which we are not a member, the caller must have 907 * privilege. 908 */ 909 if (((uid != ip->i_uid && uid != cred->cr_uid) || 910 (gid != ip->i_gid && !groupmember(gid, cred))) && 911 (error = priv_check_cred(cred, PRIV_VFS_CHOWN))) 912 return (error); 913 ogid = ip->i_gid; 914 ouid = ip->i_uid; 915 #ifdef QUOTA 916 if ((error = getinoquota(ip)) != 0) 917 return (error); 918 if (ouid == uid) { 919 dqrele(vp, ip->i_dquot[USRQUOTA]); 920 ip->i_dquot[USRQUOTA] = NODQUOT; 921 } 922 if (ogid == gid) { 923 dqrele(vp, ip->i_dquot[GRPQUOTA]); 924 ip->i_dquot[GRPQUOTA] = NODQUOT; 925 } 926 change = DIP(ip, i_blocks); 927 (void) chkdq(ip, -change, cred, CHOWN|FORCE); 928 (void) chkiq(ip, -1, cred, CHOWN|FORCE); 929 for (i = 0; i < MAXQUOTAS; i++) { 930 dqrele(vp, ip->i_dquot[i]); 931 ip->i_dquot[i] = NODQUOT; 932 } 933 #endif 934 ip->i_gid = gid; 935 DIP_SET(ip, i_gid, gid); 936 ip->i_uid = uid; 937 DIP_SET(ip, i_uid, uid); 938 #ifdef QUOTA 939 if ((error = getinoquota(ip)) == 0) { 940 if (ouid == uid) { 941 dqrele(vp, ip->i_dquot[USRQUOTA]); 942 ip->i_dquot[USRQUOTA] = NODQUOT; 943 } 944 if (ogid == gid) { 945 dqrele(vp, ip->i_dquot[GRPQUOTA]); 946 ip->i_dquot[GRPQUOTA] = NODQUOT; 947 } 948 if ((error = chkdq(ip, change, cred, CHOWN)) == 0) { 949 if ((error = chkiq(ip, 1, cred, CHOWN)) == 0) 950 goto good; 951 else 952 (void) chkdq(ip, -change, cred, CHOWN|FORCE); 953 } 954 for (i = 0; i < MAXQUOTAS; i++) { 955 dqrele(vp, ip->i_dquot[i]); 956 ip->i_dquot[i] = NODQUOT; 957 } 958 } 959 ip->i_gid = ogid; 960 DIP_SET(ip, i_gid, ogid); 961 ip->i_uid = ouid; 962 DIP_SET(ip, i_uid, ouid); 963 if (getinoquota(ip) == 0) { 964 if (ouid == uid) { 965 dqrele(vp, ip->i_dquot[USRQUOTA]); 966 ip->i_dquot[USRQUOTA] = NODQUOT; 967 } 968 if (ogid == gid) { 969 dqrele(vp, ip->i_dquot[GRPQUOTA]); 970 ip->i_dquot[GRPQUOTA] = NODQUOT; 971 } 972 (void) chkdq(ip, change, cred, FORCE|CHOWN); 973 (void) chkiq(ip, 1, cred, FORCE|CHOWN); 974 (void) getinoquota(ip); 975 } 976 return (error); 977 good: 978 if (getinoquota(ip)) 979 panic("ufs_chown: lost quota"); 980 #endif /* QUOTA */ 981 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 982 if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) { 983 if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID)) { 984 UFS_INODE_SET_MODE(ip, ip->i_mode & ~(ISUID | ISGID)); 985 DIP_SET(ip, i_mode, ip->i_mode); 986 } 987 } 988 error = UFS_UPDATE(vp, 0); 989 return (error); 990 } 991 992 static int 993 ufs_remove(ap) 994 struct vop_remove_args /* { 995 struct vnode *a_dvp; 996 struct vnode *a_vp; 997 struct componentname *a_cnp; 998 } */ *ap; 999 { 1000 struct inode *ip; 1001 struct vnode *vp = ap->a_vp; 1002 struct vnode *dvp = ap->a_dvp; 1003 int error; 1004 struct thread *td; 1005 1006 td = curthread; 1007 ip = VTOI(vp); 1008 if ((ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) || 1009 (VTOI(dvp)->i_flags & APPEND)) { 1010 error = EPERM; 1011 goto out; 1012 } 1013 #ifdef UFS_GJOURNAL 1014 ufs_gjournal_orphan(vp); 1015 #endif 1016 error = ufs_dirremove(dvp, ip, ap->a_cnp->cn_flags, 0); 1017 if (ip->i_nlink <= 0) 1018 vp->v_vflag |= VV_NOSYNC; 1019 if ((ip->i_flags & SF_SNAPSHOT) != 0) { 1020 /* 1021 * Avoid deadlock where another thread is trying to 1022 * update the inodeblock for dvp and is waiting on 1023 * snaplk. Temporary unlock the vnode lock for the 1024 * unlinked file and sync the directory. This should 1025 * allow vput() of the directory to not block later on 1026 * while holding the snapshot vnode locked, assuming 1027 * that the directory hasn't been unlinked too. 1028 */ 1029 VOP_UNLOCK(vp); 1030 (void) VOP_FSYNC(dvp, MNT_WAIT, td); 1031 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 1032 } 1033 out: 1034 return (error); 1035 } 1036 1037 static void 1038 print_bad_link_count(const char *funcname, struct vnode *dvp) 1039 { 1040 struct inode *dip; 1041 1042 dip = VTOI(dvp); 1043 uprintf("%s: Bad link count %d on parent inode %jd in file system %s\n", 1044 funcname, dip->i_effnlink, (intmax_t)dip->i_number, 1045 dvp->v_mount->mnt_stat.f_mntonname); 1046 } 1047 1048 /* 1049 * link vnode call 1050 */ 1051 static int 1052 ufs_link(ap) 1053 struct vop_link_args /* { 1054 struct vnode *a_tdvp; 1055 struct vnode *a_vp; 1056 struct componentname *a_cnp; 1057 } */ *ap; 1058 { 1059 struct vnode *vp = ap->a_vp; 1060 struct vnode *tdvp = ap->a_tdvp; 1061 struct componentname *cnp = ap->a_cnp; 1062 struct inode *ip; 1063 struct direct newdir; 1064 int error; 1065 1066 #ifdef INVARIANTS 1067 if ((cnp->cn_flags & HASBUF) == 0) 1068 panic("ufs_link: no name"); 1069 #endif 1070 if (VTOI(tdvp)->i_effnlink < 2) { 1071 print_bad_link_count("ufs_link", tdvp); 1072 error = EINVAL; 1073 goto out; 1074 } 1075 ip = VTOI(vp); 1076 if (ip->i_nlink >= UFS_LINK_MAX) { 1077 error = EMLINK; 1078 goto out; 1079 } 1080 /* 1081 * The file may have been removed after namei droped the original 1082 * lock. 1083 */ 1084 if (ip->i_effnlink == 0) { 1085 error = ENOENT; 1086 goto out; 1087 } 1088 if (ip->i_flags & (IMMUTABLE | APPEND)) { 1089 error = EPERM; 1090 goto out; 1091 } 1092 ip->i_effnlink++; 1093 ip->i_nlink++; 1094 DIP_SET(ip, i_nlink, ip->i_nlink); 1095 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 1096 if (DOINGSOFTDEP(vp)) 1097 softdep_setup_link(VTOI(tdvp), ip); 1098 error = UFS_UPDATE(vp, !DOINGSOFTDEP(vp) && !DOINGASYNC(vp)); 1099 if (!error) { 1100 ufs_makedirentry(ip, cnp, &newdir); 1101 error = ufs_direnter(tdvp, vp, &newdir, cnp, NULL, 0); 1102 } 1103 1104 if (error) { 1105 ip->i_effnlink--; 1106 ip->i_nlink--; 1107 DIP_SET(ip, i_nlink, ip->i_nlink); 1108 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 1109 if (DOINGSOFTDEP(vp)) 1110 softdep_revert_link(VTOI(tdvp), ip); 1111 } 1112 out: 1113 return (error); 1114 } 1115 1116 /* 1117 * whiteout vnode call 1118 */ 1119 static int 1120 ufs_whiteout(ap) 1121 struct vop_whiteout_args /* { 1122 struct vnode *a_dvp; 1123 struct componentname *a_cnp; 1124 int a_flags; 1125 } */ *ap; 1126 { 1127 struct vnode *dvp = ap->a_dvp; 1128 struct componentname *cnp = ap->a_cnp; 1129 struct direct newdir; 1130 int error = 0; 1131 1132 switch (ap->a_flags) { 1133 case LOOKUP: 1134 /* 4.4 format directories support whiteout operations */ 1135 if (dvp->v_mount->mnt_maxsymlinklen > 0) 1136 return (0); 1137 return (EOPNOTSUPP); 1138 1139 case CREATE: 1140 /* create a new directory whiteout */ 1141 #ifdef INVARIANTS 1142 if ((cnp->cn_flags & SAVENAME) == 0) 1143 panic("ufs_whiteout: missing name"); 1144 if (dvp->v_mount->mnt_maxsymlinklen <= 0) 1145 panic("ufs_whiteout: old format filesystem"); 1146 #endif 1147 1148 newdir.d_ino = UFS_WINO; 1149 newdir.d_namlen = cnp->cn_namelen; 1150 bcopy(cnp->cn_nameptr, newdir.d_name, (unsigned)cnp->cn_namelen + 1); 1151 newdir.d_type = DT_WHT; 1152 error = ufs_direnter(dvp, NULL, &newdir, cnp, NULL, 0); 1153 break; 1154 1155 case DELETE: 1156 /* remove an existing directory whiteout */ 1157 #ifdef INVARIANTS 1158 if (dvp->v_mount->mnt_maxsymlinklen <= 0) 1159 panic("ufs_whiteout: old format filesystem"); 1160 #endif 1161 1162 cnp->cn_flags &= ~DOWHITEOUT; 1163 error = ufs_dirremove(dvp, NULL, cnp->cn_flags, 0); 1164 break; 1165 default: 1166 panic("ufs_whiteout: unknown op"); 1167 } 1168 return (error); 1169 } 1170 1171 static volatile int rename_restarts; 1172 SYSCTL_INT(_vfs_ufs, OID_AUTO, rename_restarts, CTLFLAG_RD, 1173 __DEVOLATILE(int *, &rename_restarts), 0, 1174 "Times rename had to restart due to lock contention"); 1175 1176 /* 1177 * Rename system call. 1178 * rename("foo", "bar"); 1179 * is essentially 1180 * unlink("bar"); 1181 * link("foo", "bar"); 1182 * unlink("foo"); 1183 * but ``atomically''. Can't do full commit without saving state in the 1184 * inode on disk which isn't feasible at this time. Best we can do is 1185 * always guarantee the target exists. 1186 * 1187 * Basic algorithm is: 1188 * 1189 * 1) Bump link count on source while we're linking it to the 1190 * target. This also ensure the inode won't be deleted out 1191 * from underneath us while we work (it may be truncated by 1192 * a concurrent `trunc' or `open' for creation). 1193 * 2) Link source to destination. If destination already exists, 1194 * delete it first. 1195 * 3) Unlink source reference to inode if still around. If a 1196 * directory was moved and the parent of the destination 1197 * is different from the source, patch the ".." entry in the 1198 * directory. 1199 */ 1200 static int 1201 ufs_rename(ap) 1202 struct vop_rename_args /* { 1203 struct vnode *a_fdvp; 1204 struct vnode *a_fvp; 1205 struct componentname *a_fcnp; 1206 struct vnode *a_tdvp; 1207 struct vnode *a_tvp; 1208 struct componentname *a_tcnp; 1209 } */ *ap; 1210 { 1211 struct vnode *tvp = ap->a_tvp; 1212 struct vnode *tdvp = ap->a_tdvp; 1213 struct vnode *fvp = ap->a_fvp; 1214 struct vnode *fdvp = ap->a_fdvp; 1215 struct vnode *nvp; 1216 struct componentname *tcnp = ap->a_tcnp; 1217 struct componentname *fcnp = ap->a_fcnp; 1218 struct thread *td = fcnp->cn_thread; 1219 struct inode *fip, *tip, *tdp, *fdp; 1220 struct direct newdir; 1221 off_t endoff; 1222 int doingdirectory, newparent; 1223 int error = 0; 1224 struct mount *mp; 1225 ino_t ino; 1226 bool want_seqc_end; 1227 1228 want_seqc_end = false; 1229 1230 #ifdef INVARIANTS 1231 if ((tcnp->cn_flags & HASBUF) == 0 || 1232 (fcnp->cn_flags & HASBUF) == 0) 1233 panic("ufs_rename: no name"); 1234 #endif 1235 endoff = 0; 1236 mp = tdvp->v_mount; 1237 VOP_UNLOCK(tdvp); 1238 if (tvp && tvp != tdvp) 1239 VOP_UNLOCK(tvp); 1240 /* 1241 * Check for cross-device rename. 1242 */ 1243 if ((fvp->v_mount != tdvp->v_mount) || 1244 (tvp && (fvp->v_mount != tvp->v_mount))) { 1245 error = EXDEV; 1246 mp = NULL; 1247 goto releout; 1248 } 1249 relock: 1250 /* 1251 * We need to acquire 2 to 4 locks depending on whether tvp is NULL 1252 * and fdvp and tdvp are the same directory. Subsequently we need 1253 * to double-check all paths and in the directory rename case we 1254 * need to verify that we are not creating a directory loop. To 1255 * handle this we acquire all but fdvp using non-blocking 1256 * acquisitions. If we fail to acquire any lock in the path we will 1257 * drop all held locks, acquire the new lock in a blocking fashion, 1258 * and then release it and restart the rename. This acquire/release 1259 * step ensures that we do not spin on a lock waiting for release. 1260 */ 1261 error = vn_lock(fdvp, LK_EXCLUSIVE); 1262 if (error) 1263 goto releout; 1264 if (vn_lock(tdvp, LK_EXCLUSIVE | LK_NOWAIT) != 0) { 1265 VOP_UNLOCK(fdvp); 1266 error = vn_lock(tdvp, LK_EXCLUSIVE); 1267 if (error) 1268 goto releout; 1269 VOP_UNLOCK(tdvp); 1270 atomic_add_int(&rename_restarts, 1); 1271 goto relock; 1272 } 1273 /* 1274 * Re-resolve fvp to be certain it still exists and fetch the 1275 * correct vnode. 1276 */ 1277 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino); 1278 if (error) { 1279 VOP_UNLOCK(fdvp); 1280 VOP_UNLOCK(tdvp); 1281 goto releout; 1282 } 1283 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp); 1284 if (error) { 1285 VOP_UNLOCK(fdvp); 1286 VOP_UNLOCK(tdvp); 1287 if (error != EBUSY) 1288 goto releout; 1289 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp); 1290 if (error != 0) 1291 goto releout; 1292 VOP_UNLOCK(nvp); 1293 vrele(fvp); 1294 fvp = nvp; 1295 atomic_add_int(&rename_restarts, 1); 1296 goto relock; 1297 } 1298 vrele(fvp); 1299 fvp = nvp; 1300 /* 1301 * Re-resolve tvp and acquire the vnode lock if present. 1302 */ 1303 error = ufs_lookup_ino(tdvp, NULL, tcnp, &ino); 1304 if (error != 0 && error != EJUSTRETURN) { 1305 VOP_UNLOCK(fdvp); 1306 VOP_UNLOCK(tdvp); 1307 VOP_UNLOCK(fvp); 1308 goto releout; 1309 } 1310 /* 1311 * If tvp disappeared we just carry on. 1312 */ 1313 if (error == EJUSTRETURN && tvp != NULL) { 1314 vrele(tvp); 1315 tvp = NULL; 1316 } 1317 /* 1318 * Get the tvp ino if the lookup succeeded. We may have to restart 1319 * if the non-blocking acquire fails. 1320 */ 1321 if (error == 0) { 1322 nvp = NULL; 1323 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp); 1324 if (tvp) 1325 vrele(tvp); 1326 tvp = nvp; 1327 if (error) { 1328 VOP_UNLOCK(fdvp); 1329 VOP_UNLOCK(tdvp); 1330 VOP_UNLOCK(fvp); 1331 if (error != EBUSY) 1332 goto releout; 1333 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp); 1334 if (error != 0) 1335 goto releout; 1336 vput(nvp); 1337 atomic_add_int(&rename_restarts, 1); 1338 goto relock; 1339 } 1340 } 1341 fdp = VTOI(fdvp); 1342 fip = VTOI(fvp); 1343 tdp = VTOI(tdvp); 1344 tip = NULL; 1345 if (tvp) 1346 tip = VTOI(tvp); 1347 if (tvp && ((VTOI(tvp)->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) || 1348 (VTOI(tdvp)->i_flags & APPEND))) { 1349 error = EPERM; 1350 goto unlockout; 1351 } 1352 /* 1353 * Renaming a file to itself has no effect. The upper layers should 1354 * not call us in that case. However, things could change after 1355 * we drop the locks above. 1356 */ 1357 if (fvp == tvp) { 1358 error = 0; 1359 goto unlockout; 1360 } 1361 doingdirectory = 0; 1362 newparent = 0; 1363 ino = fip->i_number; 1364 if (fip->i_nlink >= UFS_LINK_MAX) { 1365 error = EMLINK; 1366 goto unlockout; 1367 } 1368 if ((fip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) 1369 || (fdp->i_flags & APPEND)) { 1370 error = EPERM; 1371 goto unlockout; 1372 } 1373 if ((fip->i_mode & IFMT) == IFDIR) { 1374 /* 1375 * Avoid ".", "..", and aliases of "." for obvious reasons. 1376 */ 1377 if ((fcnp->cn_namelen == 1 && fcnp->cn_nameptr[0] == '.') || 1378 fdp == fip || 1379 (fcnp->cn_flags | tcnp->cn_flags) & ISDOTDOT) { 1380 error = EINVAL; 1381 goto unlockout; 1382 } 1383 if (fdp->i_number != tdp->i_number) 1384 newparent = tdp->i_number; 1385 doingdirectory = 1; 1386 } 1387 if ((fvp->v_type == VDIR && fvp->v_mountedhere != NULL) || 1388 (tvp != NULL && tvp->v_type == VDIR && 1389 tvp->v_mountedhere != NULL)) { 1390 error = EXDEV; 1391 goto unlockout; 1392 } 1393 1394 /* 1395 * If ".." must be changed (ie the directory gets a new 1396 * parent) then the source directory must not be in the 1397 * directory hierarchy above the target, as this would 1398 * orphan everything below the source directory. Also 1399 * the user must have write permission in the source so 1400 * as to be able to change "..". 1401 */ 1402 if (doingdirectory && newparent) { 1403 error = VOP_ACCESS(fvp, VWRITE, tcnp->cn_cred, tcnp->cn_thread); 1404 if (error) 1405 goto unlockout; 1406 error = ufs_checkpath(ino, fdp->i_number, tdp, tcnp->cn_cred, 1407 &ino); 1408 /* 1409 * We encountered a lock that we have to wait for. Unlock 1410 * everything else and VGET before restarting. 1411 */ 1412 if (ino) { 1413 VOP_UNLOCK(fdvp); 1414 VOP_UNLOCK(fvp); 1415 VOP_UNLOCK(tdvp); 1416 if (tvp) 1417 VOP_UNLOCK(tvp); 1418 error = VFS_VGET(mp, ino, LK_SHARED, &nvp); 1419 if (error == 0) 1420 vput(nvp); 1421 atomic_add_int(&rename_restarts, 1); 1422 goto relock; 1423 } 1424 if (error) 1425 goto unlockout; 1426 if ((tcnp->cn_flags & SAVESTART) == 0) 1427 panic("ufs_rename: lost to startdir"); 1428 } 1429 if (fip->i_effnlink == 0 || fdp->i_effnlink == 0 || 1430 tdp->i_effnlink == 0) 1431 panic("Bad effnlink fip %p, fdp %p, tdp %p", fip, fdp, tdp); 1432 1433 if (tvp != NULL) 1434 vn_seqc_write_begin(tvp); 1435 vn_seqc_write_begin(tdvp); 1436 vn_seqc_write_begin(fvp); 1437 vn_seqc_write_begin(fdvp); 1438 want_seqc_end = true; 1439 1440 /* 1441 * 1) Bump link count while we're moving stuff 1442 * around. If we crash somewhere before 1443 * completing our work, the link count 1444 * may be wrong, but correctable. 1445 */ 1446 fip->i_effnlink++; 1447 fip->i_nlink++; 1448 DIP_SET(fip, i_nlink, fip->i_nlink); 1449 UFS_INODE_SET_FLAG(fip, IN_CHANGE); 1450 if (DOINGSOFTDEP(fvp)) 1451 softdep_setup_link(tdp, fip); 1452 error = UFS_UPDATE(fvp, !DOINGSOFTDEP(fvp) && !DOINGASYNC(fvp)); 1453 if (error) 1454 goto bad; 1455 1456 /* 1457 * 2) If target doesn't exist, link the target 1458 * to the source and unlink the source. 1459 * Otherwise, rewrite the target directory 1460 * entry to reference the source inode and 1461 * expunge the original entry's existence. 1462 */ 1463 if (tip == NULL) { 1464 if (ITODEV(tdp) != ITODEV(fip)) 1465 panic("ufs_rename: EXDEV"); 1466 if (doingdirectory && newparent) { 1467 /* 1468 * Account for ".." in new directory. 1469 * When source and destination have the same 1470 * parent we don't adjust the link count. The 1471 * actual link modification is completed when 1472 * .. is rewritten below. 1473 */ 1474 if (tdp->i_nlink >= UFS_LINK_MAX) { 1475 error = EMLINK; 1476 goto bad; 1477 } 1478 } 1479 ufs_makedirentry(fip, tcnp, &newdir); 1480 error = ufs_direnter(tdvp, NULL, &newdir, tcnp, NULL, 1); 1481 if (error) 1482 goto bad; 1483 /* Setup tdvp for directory compaction if needed. */ 1484 if (tdp->i_count && tdp->i_endoff && 1485 tdp->i_endoff < tdp->i_size) 1486 endoff = tdp->i_endoff; 1487 } else { 1488 if (ITODEV(tip) != ITODEV(tdp) || ITODEV(tip) != ITODEV(fip)) 1489 panic("ufs_rename: EXDEV"); 1490 /* 1491 * Short circuit rename(foo, foo). 1492 */ 1493 if (tip->i_number == fip->i_number) 1494 panic("ufs_rename: same file"); 1495 /* 1496 * If the parent directory is "sticky", then the caller 1497 * must possess VADMIN for the parent directory, or the 1498 * destination of the rename. This implements append-only 1499 * directories. 1500 */ 1501 if ((tdp->i_mode & S_ISTXT) && 1502 VOP_ACCESS(tdvp, VADMIN, tcnp->cn_cred, td) && 1503 VOP_ACCESS(tvp, VADMIN, tcnp->cn_cred, td)) { 1504 error = EPERM; 1505 goto bad; 1506 } 1507 /* 1508 * Target must be empty if a directory and have no links 1509 * to it. Also, ensure source and target are compatible 1510 * (both directories, or both not directories). 1511 */ 1512 if ((tip->i_mode & IFMT) == IFDIR) { 1513 if ((tip->i_effnlink > 2) || 1514 !ufs_dirempty(tip, tdp->i_number, tcnp->cn_cred)) { 1515 error = ENOTEMPTY; 1516 goto bad; 1517 } 1518 if (!doingdirectory) { 1519 error = ENOTDIR; 1520 goto bad; 1521 } 1522 cache_purge(tdvp); 1523 } else if (doingdirectory) { 1524 error = EISDIR; 1525 goto bad; 1526 } 1527 if (doingdirectory) { 1528 if (!newparent) { 1529 tdp->i_effnlink--; 1530 if (DOINGSOFTDEP(tdvp)) 1531 softdep_change_linkcnt(tdp); 1532 } 1533 tip->i_effnlink--; 1534 if (DOINGSOFTDEP(tvp)) 1535 softdep_change_linkcnt(tip); 1536 } 1537 error = ufs_dirrewrite(tdp, tip, fip->i_number, 1538 IFTODT(fip->i_mode), 1539 (doingdirectory && newparent) ? newparent : doingdirectory); 1540 if (error) { 1541 if (doingdirectory) { 1542 if (!newparent) { 1543 tdp->i_effnlink++; 1544 if (DOINGSOFTDEP(tdvp)) 1545 softdep_change_linkcnt(tdp); 1546 } 1547 tip->i_effnlink++; 1548 if (DOINGSOFTDEP(tvp)) 1549 softdep_change_linkcnt(tip); 1550 } 1551 goto bad; 1552 } 1553 if (doingdirectory && !DOINGSOFTDEP(tvp)) { 1554 /* 1555 * The only stuff left in the directory is "." 1556 * and "..". The "." reference is inconsequential 1557 * since we are quashing it. We have removed the "." 1558 * reference and the reference in the parent directory, 1559 * but there may be other hard links. The soft 1560 * dependency code will arrange to do these operations 1561 * after the parent directory entry has been deleted on 1562 * disk, so when running with that code we avoid doing 1563 * them now. 1564 */ 1565 if (!newparent) { 1566 tdp->i_nlink--; 1567 DIP_SET(tdp, i_nlink, tdp->i_nlink); 1568 UFS_INODE_SET_FLAG(tdp, IN_CHANGE); 1569 } 1570 tip->i_nlink--; 1571 DIP_SET(tip, i_nlink, tip->i_nlink); 1572 UFS_INODE_SET_FLAG(tip, IN_CHANGE); 1573 } 1574 } 1575 1576 /* 1577 * 3) Unlink the source. We have to resolve the path again to 1578 * fixup the directory offset and count for ufs_dirremove. 1579 */ 1580 if (fdvp == tdvp) { 1581 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino); 1582 if (error) 1583 panic("ufs_rename: from entry went away!"); 1584 if (ino != fip->i_number) 1585 panic("ufs_rename: ino mismatch %ju != %ju\n", 1586 (uintmax_t)ino, (uintmax_t)fip->i_number); 1587 } 1588 /* 1589 * If the source is a directory with a 1590 * new parent, the link count of the old 1591 * parent directory must be decremented 1592 * and ".." set to point to the new parent. 1593 */ 1594 if (doingdirectory && newparent) { 1595 /* 1596 * If tip exists we simply use its link, otherwise we must 1597 * add a new one. 1598 */ 1599 if (tip == NULL) { 1600 tdp->i_effnlink++; 1601 tdp->i_nlink++; 1602 DIP_SET(tdp, i_nlink, tdp->i_nlink); 1603 UFS_INODE_SET_FLAG(tdp, IN_CHANGE); 1604 if (DOINGSOFTDEP(tdvp)) 1605 softdep_setup_dotdot_link(tdp, fip); 1606 error = UFS_UPDATE(tdvp, !DOINGSOFTDEP(tdvp) && 1607 !DOINGASYNC(tdvp)); 1608 /* Don't go to bad here as the new link exists. */ 1609 if (error) 1610 goto unlockout; 1611 } else if (DOINGSUJ(tdvp)) 1612 /* Journal must account for each new link. */ 1613 softdep_setup_dotdot_link(tdp, fip); 1614 fip->i_offset = mastertemplate.dot_reclen; 1615 ufs_dirrewrite(fip, fdp, newparent, DT_DIR, 0); 1616 cache_purge(fdvp); 1617 } 1618 error = ufs_dirremove(fdvp, fip, fcnp->cn_flags, 0); 1619 /* 1620 * The kern_renameat() looks up the fvp using the DELETE flag, which 1621 * causes the removal of the name cache entry for fvp. 1622 * As the relookup of the fvp is done in two steps: 1623 * ufs_lookup_ino() and then VFS_VGET(), another thread might do a 1624 * normal lookup of the from name just before the VFS_VGET() call, 1625 * causing the cache entry to be re-instantiated. 1626 * 1627 * The same issue also applies to tvp if it exists as 1628 * otherwise we may have a stale name cache entry for the new 1629 * name that references the old i-node if it has other links 1630 * or open file descriptors. 1631 */ 1632 cache_rename(fdvp, fvp, tdvp, tvp, fcnp, tcnp); 1633 1634 unlockout: 1635 if (want_seqc_end) { 1636 if (tvp != NULL) 1637 vn_seqc_write_end(tvp); 1638 vn_seqc_write_end(tdvp); 1639 vn_seqc_write_end(fvp); 1640 vn_seqc_write_end(fdvp); 1641 } 1642 1643 vput(fdvp); 1644 vput(fvp); 1645 if (tvp) 1646 vput(tvp); 1647 /* 1648 * If compaction or fsync was requested do it now that other locks 1649 * are no longer needed. 1650 */ 1651 if (error == 0 && endoff != 0) { 1652 error = UFS_TRUNCATE(tdvp, endoff, IO_NORMAL | 1653 (DOINGASYNC(tdvp) ? 0 : IO_SYNC), tcnp->cn_cred); 1654 if (error != 0 && !ffs_fsfail_cleanup(VFSTOUFS(mp), error)) 1655 vn_printf(tdvp, 1656 "ufs_rename: failed to truncate, error %d\n", 1657 error); 1658 #ifdef UFS_DIRHASH 1659 if (error != 0) 1660 ufsdirhash_free(tdp); 1661 else if (tdp->i_dirhash != NULL) 1662 ufsdirhash_dirtrunc(tdp, endoff); 1663 #endif 1664 /* 1665 * Even if the directory compaction failed, rename was 1666 * succesful. Do not propagate a UFS_TRUNCATE() error 1667 * to the caller. 1668 */ 1669 error = 0; 1670 } 1671 if (error == 0 && tdp->i_flag & IN_NEEDSYNC) 1672 error = VOP_FSYNC(tdvp, MNT_WAIT, td); 1673 vput(tdvp); 1674 return (error); 1675 1676 bad: 1677 fip->i_effnlink--; 1678 fip->i_nlink--; 1679 DIP_SET(fip, i_nlink, fip->i_nlink); 1680 UFS_INODE_SET_FLAG(fip, IN_CHANGE); 1681 if (DOINGSOFTDEP(fvp)) 1682 softdep_revert_link(tdp, fip); 1683 goto unlockout; 1684 1685 releout: 1686 if (want_seqc_end) { 1687 if (tvp != NULL) 1688 vn_seqc_write_end(tvp); 1689 vn_seqc_write_end(tdvp); 1690 vn_seqc_write_end(fvp); 1691 vn_seqc_write_end(fdvp); 1692 } 1693 1694 vrele(fdvp); 1695 vrele(fvp); 1696 vrele(tdvp); 1697 if (tvp) 1698 vrele(tvp); 1699 1700 return (error); 1701 } 1702 1703 #ifdef UFS_ACL 1704 static int 1705 ufs_do_posix1e_acl_inheritance_dir(struct vnode *dvp, struct vnode *tvp, 1706 mode_t dmode, struct ucred *cred, struct thread *td) 1707 { 1708 int error; 1709 struct inode *ip = VTOI(tvp); 1710 struct acl *dacl, *acl; 1711 1712 acl = acl_alloc(M_WAITOK); 1713 dacl = acl_alloc(M_WAITOK); 1714 1715 /* 1716 * Retrieve default ACL from parent, if any. 1717 */ 1718 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td); 1719 switch (error) { 1720 case 0: 1721 /* 1722 * Retrieved a default ACL, so merge mode and ACL if 1723 * necessary. If the ACL is empty, fall through to 1724 * the "not defined or available" case. 1725 */ 1726 if (acl->acl_cnt != 0) { 1727 dmode = acl_posix1e_newfilemode(dmode, acl); 1728 UFS_INODE_SET_MODE(ip, dmode); 1729 DIP_SET(ip, i_mode, dmode); 1730 *dacl = *acl; 1731 ufs_sync_acl_from_inode(ip, acl); 1732 break; 1733 } 1734 /* FALLTHROUGH */ 1735 1736 case EOPNOTSUPP: 1737 /* 1738 * Just use the mode as-is. 1739 */ 1740 UFS_INODE_SET_MODE(ip, dmode); 1741 DIP_SET(ip, i_mode, dmode); 1742 error = 0; 1743 goto out; 1744 1745 default: 1746 goto out; 1747 } 1748 1749 /* 1750 * XXX: If we abort now, will Soft Updates notify the extattr 1751 * code that the EAs for the file need to be released? 1752 */ 1753 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td); 1754 if (error == 0) 1755 error = VOP_SETACL(tvp, ACL_TYPE_DEFAULT, dacl, cred, td); 1756 switch (error) { 1757 case 0: 1758 break; 1759 1760 case EOPNOTSUPP: 1761 /* 1762 * XXX: This should not happen, as EOPNOTSUPP above 1763 * was supposed to free acl. 1764 */ 1765 printf("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()\n"); 1766 /* 1767 panic("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()"); 1768 */ 1769 break; 1770 1771 default: 1772 goto out; 1773 } 1774 1775 out: 1776 acl_free(acl); 1777 acl_free(dacl); 1778 1779 return (error); 1780 } 1781 1782 static int 1783 ufs_do_posix1e_acl_inheritance_file(struct vnode *dvp, struct vnode *tvp, 1784 mode_t mode, struct ucred *cred, struct thread *td) 1785 { 1786 int error; 1787 struct inode *ip = VTOI(tvp); 1788 struct acl *acl; 1789 1790 acl = acl_alloc(M_WAITOK); 1791 1792 /* 1793 * Retrieve default ACL for parent, if any. 1794 */ 1795 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td); 1796 switch (error) { 1797 case 0: 1798 /* 1799 * Retrieved a default ACL, so merge mode and ACL if 1800 * necessary. 1801 */ 1802 if (acl->acl_cnt != 0) { 1803 /* 1804 * Two possible ways for default ACL to not 1805 * be present. First, the EA can be 1806 * undefined, or second, the default ACL can 1807 * be blank. If it's blank, fall through to 1808 * the it's not defined case. 1809 */ 1810 mode = acl_posix1e_newfilemode(mode, acl); 1811 UFS_INODE_SET_MODE(ip, mode); 1812 DIP_SET(ip, i_mode, mode); 1813 ufs_sync_acl_from_inode(ip, acl); 1814 break; 1815 } 1816 /* FALLTHROUGH */ 1817 1818 case EOPNOTSUPP: 1819 /* 1820 * Just use the mode as-is. 1821 */ 1822 UFS_INODE_SET_MODE(ip, mode); 1823 DIP_SET(ip, i_mode, mode); 1824 error = 0; 1825 goto out; 1826 1827 default: 1828 goto out; 1829 } 1830 1831 /* 1832 * XXX: If we abort now, will Soft Updates notify the extattr 1833 * code that the EAs for the file need to be released? 1834 */ 1835 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td); 1836 switch (error) { 1837 case 0: 1838 break; 1839 1840 case EOPNOTSUPP: 1841 /* 1842 * XXX: This should not happen, as EOPNOTSUPP above was 1843 * supposed to free acl. 1844 */ 1845 printf("ufs_do_posix1e_acl_inheritance_file: VOP_GETACL() " 1846 "but no VOP_SETACL()\n"); 1847 /* panic("ufs_do_posix1e_acl_inheritance_file: VOP_GETACL() " 1848 "but no VOP_SETACL()"); */ 1849 break; 1850 1851 default: 1852 goto out; 1853 } 1854 1855 out: 1856 acl_free(acl); 1857 1858 return (error); 1859 } 1860 1861 static int 1862 ufs_do_nfs4_acl_inheritance(struct vnode *dvp, struct vnode *tvp, 1863 mode_t child_mode, struct ucred *cred, struct thread *td) 1864 { 1865 int error; 1866 struct acl *parent_aclp, *child_aclp; 1867 1868 parent_aclp = acl_alloc(M_WAITOK); 1869 child_aclp = acl_alloc(M_WAITOK | M_ZERO); 1870 1871 error = ufs_getacl_nfs4_internal(dvp, parent_aclp, td); 1872 if (error) 1873 goto out; 1874 acl_nfs4_compute_inherited_acl(parent_aclp, child_aclp, 1875 child_mode, VTOI(tvp)->i_uid, tvp->v_type == VDIR); 1876 error = ufs_setacl_nfs4_internal(tvp, child_aclp, td); 1877 if (error) 1878 goto out; 1879 out: 1880 acl_free(parent_aclp); 1881 acl_free(child_aclp); 1882 1883 return (error); 1884 } 1885 #endif 1886 1887 /* 1888 * Mkdir system call 1889 */ 1890 static int 1891 ufs_mkdir(ap) 1892 struct vop_mkdir_args /* { 1893 struct vnode *a_dvp; 1894 struct vnode **a_vpp; 1895 struct componentname *a_cnp; 1896 struct vattr *a_vap; 1897 } */ *ap; 1898 { 1899 struct vnode *dvp = ap->a_dvp; 1900 struct vattr *vap = ap->a_vap; 1901 struct componentname *cnp = ap->a_cnp; 1902 struct inode *ip, *dp; 1903 struct vnode *tvp; 1904 struct buf *bp; 1905 struct dirtemplate dirtemplate, *dtp; 1906 struct direct newdir; 1907 int error, dmode; 1908 long blkoff; 1909 1910 #ifdef INVARIANTS 1911 if ((cnp->cn_flags & HASBUF) == 0) 1912 panic("ufs_mkdir: no name"); 1913 #endif 1914 dp = VTOI(dvp); 1915 if (dp->i_nlink >= UFS_LINK_MAX) { 1916 error = EMLINK; 1917 goto out; 1918 } 1919 dmode = vap->va_mode & 0777; 1920 dmode |= IFDIR; 1921 /* 1922 * Must simulate part of ufs_makeinode here to acquire the inode, 1923 * but not have it entered in the parent directory. The entry is 1924 * made later after writing "." and ".." entries. 1925 */ 1926 if (dp->i_effnlink < 2) { 1927 print_bad_link_count("ufs_mkdir", dvp); 1928 error = EINVAL; 1929 goto out; 1930 } 1931 error = UFS_VALLOC(dvp, dmode, cnp->cn_cred, &tvp); 1932 if (error) 1933 goto out; 1934 vn_seqc_write_begin(tvp); 1935 ip = VTOI(tvp); 1936 ip->i_gid = dp->i_gid; 1937 DIP_SET(ip, i_gid, dp->i_gid); 1938 #ifdef SUIDDIR 1939 { 1940 #ifdef QUOTA 1941 struct ucred ucred, *ucp; 1942 gid_t ucred_group; 1943 ucp = cnp->cn_cred; 1944 #endif 1945 /* 1946 * If we are hacking owners here, (only do this where told to) 1947 * and we are not giving it TO root, (would subvert quotas) 1948 * then go ahead and give it to the other user. 1949 * The new directory also inherits the SUID bit. 1950 * If user's UID and dir UID are the same, 1951 * 'give it away' so that the SUID is still forced on. 1952 */ 1953 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) && 1954 (dp->i_mode & ISUID) && dp->i_uid) { 1955 dmode |= ISUID; 1956 ip->i_uid = dp->i_uid; 1957 DIP_SET(ip, i_uid, dp->i_uid); 1958 #ifdef QUOTA 1959 if (dp->i_uid != cnp->cn_cred->cr_uid) { 1960 /* 1961 * Make sure the correct user gets charged 1962 * for the space. 1963 * Make a dummy credential for the victim. 1964 * XXX This seems to never be accessed out of 1965 * our context so a stack variable is ok. 1966 */ 1967 refcount_init(&ucred.cr_ref, 1); 1968 ucred.cr_uid = ip->i_uid; 1969 ucred.cr_ngroups = 1; 1970 ucred.cr_groups = &ucred_group; 1971 ucred.cr_groups[0] = dp->i_gid; 1972 ucp = &ucred; 1973 } 1974 #endif 1975 } else { 1976 ip->i_uid = cnp->cn_cred->cr_uid; 1977 DIP_SET(ip, i_uid, ip->i_uid); 1978 } 1979 #ifdef QUOTA 1980 if ((error = getinoquota(ip)) || 1981 (error = chkiq(ip, 1, ucp, 0))) { 1982 if (DOINGSOFTDEP(tvp)) 1983 softdep_revert_link(dp, ip); 1984 UFS_VFREE(tvp, ip->i_number, dmode); 1985 vn_seqc_write_end(tvp); 1986 vgone(tvp); 1987 vput(tvp); 1988 return (error); 1989 } 1990 #endif 1991 } 1992 #else /* !SUIDDIR */ 1993 ip->i_uid = cnp->cn_cred->cr_uid; 1994 DIP_SET(ip, i_uid, ip->i_uid); 1995 #ifdef QUOTA 1996 if ((error = getinoquota(ip)) || 1997 (error = chkiq(ip, 1, cnp->cn_cred, 0))) { 1998 if (DOINGSOFTDEP(tvp)) 1999 softdep_revert_link(dp, ip); 2000 UFS_VFREE(tvp, ip->i_number, dmode); 2001 vn_seqc_write_end(tvp); 2002 vgone(tvp); 2003 vput(tvp); 2004 return (error); 2005 } 2006 #endif 2007 #endif /* !SUIDDIR */ 2008 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE); 2009 UFS_INODE_SET_MODE(ip, dmode); 2010 DIP_SET(ip, i_mode, dmode); 2011 tvp->v_type = VDIR; /* Rest init'd in getnewvnode(). */ 2012 ip->i_effnlink = 2; 2013 ip->i_nlink = 2; 2014 DIP_SET(ip, i_nlink, 2); 2015 2016 if (cnp->cn_flags & ISWHITEOUT) { 2017 ip->i_flags |= UF_OPAQUE; 2018 DIP_SET(ip, i_flags, ip->i_flags); 2019 } 2020 2021 /* 2022 * Bump link count in parent directory to reflect work done below. 2023 * Should be done before reference is created so cleanup is 2024 * possible if we crash. 2025 */ 2026 dp->i_effnlink++; 2027 dp->i_nlink++; 2028 DIP_SET(dp, i_nlink, dp->i_nlink); 2029 UFS_INODE_SET_FLAG(dp, IN_CHANGE); 2030 if (DOINGSOFTDEP(dvp)) 2031 softdep_setup_mkdir(dp, ip); 2032 error = UFS_UPDATE(dvp, !DOINGSOFTDEP(dvp) && !DOINGASYNC(dvp)); 2033 if (error) 2034 goto bad; 2035 #ifdef MAC 2036 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) { 2037 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount, 2038 dvp, tvp, cnp); 2039 if (error) 2040 goto bad; 2041 } 2042 #endif 2043 #ifdef UFS_ACL 2044 if (dvp->v_mount->mnt_flag & MNT_ACLS) { 2045 error = ufs_do_posix1e_acl_inheritance_dir(dvp, tvp, dmode, 2046 cnp->cn_cred, cnp->cn_thread); 2047 if (error) 2048 goto bad; 2049 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) { 2050 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, dmode, 2051 cnp->cn_cred, cnp->cn_thread); 2052 if (error) 2053 goto bad; 2054 } 2055 #endif /* !UFS_ACL */ 2056 2057 /* 2058 * Initialize directory with "." and ".." from static template. 2059 */ 2060 if (dvp->v_mount->mnt_maxsymlinklen > 0) 2061 dtp = &mastertemplate; 2062 else 2063 dtp = (struct dirtemplate *)&omastertemplate; 2064 dirtemplate = *dtp; 2065 dirtemplate.dot_ino = ip->i_number; 2066 dirtemplate.dotdot_ino = dp->i_number; 2067 vnode_pager_setsize(tvp, DIRBLKSIZ); 2068 if ((error = UFS_BALLOC(tvp, (off_t)0, DIRBLKSIZ, cnp->cn_cred, 2069 BA_CLRBUF, &bp)) != 0) 2070 goto bad; 2071 ip->i_size = DIRBLKSIZ; 2072 DIP_SET(ip, i_size, DIRBLKSIZ); 2073 UFS_INODE_SET_FLAG(ip, IN_SIZEMOD | IN_CHANGE | IN_UPDATE); 2074 bcopy((caddr_t)&dirtemplate, (caddr_t)bp->b_data, sizeof dirtemplate); 2075 if (DOINGSOFTDEP(tvp)) { 2076 /* 2077 * Ensure that the entire newly allocated block is a 2078 * valid directory so that future growth within the 2079 * block does not have to ensure that the block is 2080 * written before the inode. 2081 */ 2082 blkoff = DIRBLKSIZ; 2083 while (blkoff < bp->b_bcount) { 2084 ((struct direct *) 2085 (bp->b_data + blkoff))->d_reclen = DIRBLKSIZ; 2086 blkoff += DIRBLKSIZ; 2087 } 2088 } 2089 if ((error = UFS_UPDATE(tvp, !DOINGSOFTDEP(tvp) && 2090 !DOINGASYNC(tvp))) != 0) { 2091 (void)bwrite(bp); 2092 goto bad; 2093 } 2094 /* 2095 * Directory set up, now install its entry in the parent directory. 2096 * 2097 * If we are not doing soft dependencies, then we must write out the 2098 * buffer containing the new directory body before entering the new 2099 * name in the parent. If we are doing soft dependencies, then the 2100 * buffer containing the new directory body will be passed to and 2101 * released in the soft dependency code after the code has attached 2102 * an appropriate ordering dependency to the buffer which ensures that 2103 * the buffer is written before the new name is written in the parent. 2104 */ 2105 if (DOINGASYNC(dvp)) 2106 bdwrite(bp); 2107 else if (!DOINGSOFTDEP(dvp) && ((error = bwrite(bp)))) 2108 goto bad; 2109 ufs_makedirentry(ip, cnp, &newdir); 2110 error = ufs_direnter(dvp, tvp, &newdir, cnp, bp, 0); 2111 2112 bad: 2113 if (error == 0) { 2114 *ap->a_vpp = tvp; 2115 vn_seqc_write_end(tvp); 2116 } else { 2117 dp->i_effnlink--; 2118 dp->i_nlink--; 2119 DIP_SET(dp, i_nlink, dp->i_nlink); 2120 UFS_INODE_SET_FLAG(dp, IN_CHANGE); 2121 /* 2122 * No need to do an explicit VOP_TRUNCATE here, vrele will 2123 * do this for us because we set the link count to 0. 2124 */ 2125 ip->i_effnlink = 0; 2126 ip->i_nlink = 0; 2127 DIP_SET(ip, i_nlink, 0); 2128 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 2129 if (DOINGSOFTDEP(tvp)) 2130 softdep_revert_mkdir(dp, ip); 2131 vn_seqc_write_end(tvp); 2132 vgone(tvp); 2133 vput(tvp); 2134 } 2135 out: 2136 return (error); 2137 } 2138 2139 /* 2140 * Rmdir system call. 2141 */ 2142 static int 2143 ufs_rmdir(ap) 2144 struct vop_rmdir_args /* { 2145 struct vnode *a_dvp; 2146 struct vnode *a_vp; 2147 struct componentname *a_cnp; 2148 } */ *ap; 2149 { 2150 struct vnode *vp = ap->a_vp; 2151 struct vnode *dvp = ap->a_dvp; 2152 struct componentname *cnp = ap->a_cnp; 2153 struct inode *ip, *dp; 2154 int error; 2155 2156 ip = VTOI(vp); 2157 dp = VTOI(dvp); 2158 2159 /* 2160 * Do not remove a directory that is in the process of being renamed. 2161 * Verify the directory is empty (and valid). Rmdir ".." will not be 2162 * valid since ".." will contain a reference to the current directory 2163 * and thus be non-empty. Do not allow the removal of mounted on 2164 * directories (this can happen when an NFS exported filesystem 2165 * tries to remove a locally mounted on directory). 2166 */ 2167 error = 0; 2168 if (dp->i_effnlink <= 2) { 2169 if (dp->i_effnlink == 2) 2170 print_bad_link_count("ufs_rmdir", dvp); 2171 error = EINVAL; 2172 goto out; 2173 } 2174 if (!ufs_dirempty(ip, dp->i_number, cnp->cn_cred)) { 2175 error = ENOTEMPTY; 2176 goto out; 2177 } 2178 if ((dp->i_flags & APPEND) 2179 || (ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))) { 2180 error = EPERM; 2181 goto out; 2182 } 2183 if (vp->v_mountedhere != 0) { 2184 error = EINVAL; 2185 goto out; 2186 } 2187 #ifdef UFS_GJOURNAL 2188 ufs_gjournal_orphan(vp); 2189 #endif 2190 /* 2191 * Delete reference to directory before purging 2192 * inode. If we crash in between, the directory 2193 * will be reattached to lost+found, 2194 */ 2195 dp->i_effnlink--; 2196 ip->i_effnlink--; 2197 if (DOINGSOFTDEP(vp)) 2198 softdep_setup_rmdir(dp, ip); 2199 error = ufs_dirremove(dvp, ip, cnp->cn_flags, 1); 2200 if (error) { 2201 dp->i_effnlink++; 2202 ip->i_effnlink++; 2203 if (DOINGSOFTDEP(vp)) 2204 softdep_revert_rmdir(dp, ip); 2205 goto out; 2206 } 2207 /* 2208 * The only stuff left in the directory is "." and "..". The "." 2209 * reference is inconsequential since we are quashing it. The soft 2210 * dependency code will arrange to do these operations after 2211 * the parent directory entry has been deleted on disk, so 2212 * when running with that code we avoid doing them now. 2213 */ 2214 if (!DOINGSOFTDEP(vp)) { 2215 dp->i_nlink--; 2216 DIP_SET(dp, i_nlink, dp->i_nlink); 2217 UFS_INODE_SET_FLAG(dp, IN_CHANGE); 2218 error = UFS_UPDATE(dvp, 0); 2219 ip->i_nlink--; 2220 DIP_SET(ip, i_nlink, ip->i_nlink); 2221 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 2222 } 2223 cache_purge(vp); 2224 #ifdef UFS_DIRHASH 2225 /* Kill any active hash; i_effnlink == 0, so it will not come back. */ 2226 if (ip->i_dirhash != NULL) 2227 ufsdirhash_free(ip); 2228 #endif 2229 out: 2230 return (error); 2231 } 2232 2233 /* 2234 * symlink -- make a symbolic link 2235 */ 2236 static int 2237 ufs_symlink(ap) 2238 struct vop_symlink_args /* { 2239 struct vnode *a_dvp; 2240 struct vnode **a_vpp; 2241 struct componentname *a_cnp; 2242 struct vattr *a_vap; 2243 const char *a_target; 2244 } */ *ap; 2245 { 2246 struct vnode *vp, **vpp = ap->a_vpp; 2247 struct inode *ip; 2248 int len, error; 2249 2250 error = ufs_makeinode(IFLNK | ap->a_vap->va_mode, ap->a_dvp, 2251 vpp, ap->a_cnp, "ufs_symlink"); 2252 if (error) 2253 return (error); 2254 vp = *vpp; 2255 len = strlen(ap->a_target); 2256 if (len < vp->v_mount->mnt_maxsymlinklen) { 2257 ip = VTOI(vp); 2258 bcopy(ap->a_target, SHORTLINK(ip), len); 2259 ip->i_size = len; 2260 DIP_SET(ip, i_size, len); 2261 UFS_INODE_SET_FLAG(ip, IN_SIZEMOD | IN_CHANGE | IN_UPDATE); 2262 error = UFS_UPDATE(vp, 0); 2263 } else 2264 error = vn_rdwr(UIO_WRITE, vp, __DECONST(void *, ap->a_target), 2265 len, (off_t)0, UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK, 2266 ap->a_cnp->cn_cred, NOCRED, NULL, NULL); 2267 if (error) 2268 vput(vp); 2269 return (error); 2270 } 2271 2272 /* 2273 * Vnode op for reading directories. 2274 */ 2275 int 2276 ufs_readdir(ap) 2277 struct vop_readdir_args /* { 2278 struct vnode *a_vp; 2279 struct uio *a_uio; 2280 struct ucred *a_cred; 2281 int *a_eofflag; 2282 int *a_ncookies; 2283 u_long **a_cookies; 2284 } */ *ap; 2285 { 2286 struct vnode *vp = ap->a_vp; 2287 struct uio *uio = ap->a_uio; 2288 struct buf *bp; 2289 struct inode *ip; 2290 struct direct *dp, *edp; 2291 u_long *cookies; 2292 struct dirent dstdp; 2293 off_t offset, startoffset; 2294 size_t readcnt, skipcnt; 2295 ssize_t startresid; 2296 u_int ncookies; 2297 int error; 2298 2299 if (uio->uio_offset < 0) 2300 return (EINVAL); 2301 ip = VTOI(vp); 2302 if (ip->i_effnlink == 0) 2303 return (0); 2304 if (ap->a_ncookies != NULL) { 2305 if (uio->uio_resid < 0) 2306 ncookies = 0; 2307 else 2308 ncookies = uio->uio_resid; 2309 if (uio->uio_offset >= ip->i_size) 2310 ncookies = 0; 2311 else if (ip->i_size - uio->uio_offset < ncookies) 2312 ncookies = ip->i_size - uio->uio_offset; 2313 ncookies = ncookies / (offsetof(struct direct, d_name) + 4) + 1; 2314 cookies = malloc(ncookies * sizeof(*cookies), M_TEMP, M_WAITOK); 2315 *ap->a_ncookies = ncookies; 2316 *ap->a_cookies = cookies; 2317 } else { 2318 ncookies = 0; 2319 cookies = NULL; 2320 } 2321 offset = startoffset = uio->uio_offset; 2322 startresid = uio->uio_resid; 2323 error = 0; 2324 while (error == 0 && uio->uio_resid > 0 && 2325 uio->uio_offset < ip->i_size) { 2326 error = UFS_BLKATOFF(vp, uio->uio_offset, NULL, &bp); 2327 if (error) 2328 break; 2329 if (bp->b_offset + bp->b_bcount > ip->i_size) 2330 readcnt = ip->i_size - bp->b_offset; 2331 else 2332 readcnt = bp->b_bcount; 2333 skipcnt = (size_t)(uio->uio_offset - bp->b_offset) & 2334 ~(size_t)(DIRBLKSIZ - 1); 2335 offset = bp->b_offset + skipcnt; 2336 dp = (struct direct *)&bp->b_data[skipcnt]; 2337 edp = (struct direct *)&bp->b_data[readcnt]; 2338 while (error == 0 && uio->uio_resid > 0 && dp < edp) { 2339 if (dp->d_reclen <= offsetof(struct direct, d_name) || 2340 (caddr_t)dp + dp->d_reclen > (caddr_t)edp) { 2341 error = EIO; 2342 break; 2343 } 2344 #if BYTE_ORDER == LITTLE_ENDIAN 2345 /* Old filesystem format. */ 2346 if (vp->v_mount->mnt_maxsymlinklen <= 0) { 2347 dstdp.d_namlen = dp->d_type; 2348 dstdp.d_type = dp->d_namlen; 2349 } else 2350 #endif 2351 { 2352 dstdp.d_namlen = dp->d_namlen; 2353 dstdp.d_type = dp->d_type; 2354 } 2355 if (offsetof(struct direct, d_name) + dstdp.d_namlen > 2356 dp->d_reclen) { 2357 error = EIO; 2358 break; 2359 } 2360 if (offset < startoffset || dp->d_ino == 0) 2361 goto nextentry; 2362 dstdp.d_fileno = dp->d_ino; 2363 dstdp.d_reclen = GENERIC_DIRSIZ(&dstdp); 2364 bcopy(dp->d_name, dstdp.d_name, dstdp.d_namlen); 2365 /* NOTE: d_off is the offset of the *next* entry. */ 2366 dstdp.d_off = offset + dp->d_reclen; 2367 dirent_terminate(&dstdp); 2368 if (dstdp.d_reclen > uio->uio_resid) { 2369 if (uio->uio_resid == startresid) 2370 error = EINVAL; 2371 else 2372 error = EJUSTRETURN; 2373 break; 2374 } 2375 /* Advance dp. */ 2376 error = uiomove((caddr_t)&dstdp, dstdp.d_reclen, uio); 2377 if (error) 2378 break; 2379 if (cookies != NULL) { 2380 KASSERT(ncookies > 0, 2381 ("ufs_readdir: cookies buffer too small")); 2382 *cookies = offset + dp->d_reclen; 2383 cookies++; 2384 ncookies--; 2385 } 2386 nextentry: 2387 offset += dp->d_reclen; 2388 dp = (struct direct *)((caddr_t)dp + dp->d_reclen); 2389 } 2390 bqrelse(bp); 2391 uio->uio_offset = offset; 2392 } 2393 /* We need to correct uio_offset. */ 2394 uio->uio_offset = offset; 2395 if (error == EJUSTRETURN) 2396 error = 0; 2397 if (ap->a_ncookies != NULL) { 2398 if (error == 0) { 2399 ap->a_ncookies -= ncookies; 2400 } else { 2401 free(*ap->a_cookies, M_TEMP); 2402 *ap->a_ncookies = 0; 2403 *ap->a_cookies = NULL; 2404 } 2405 } 2406 if (error == 0 && ap->a_eofflag) 2407 *ap->a_eofflag = ip->i_size <= uio->uio_offset; 2408 return (error); 2409 } 2410 2411 /* 2412 * Return target name of a symbolic link 2413 */ 2414 static int 2415 ufs_readlink(ap) 2416 struct vop_readlink_args /* { 2417 struct vnode *a_vp; 2418 struct uio *a_uio; 2419 struct ucred *a_cred; 2420 } */ *ap; 2421 { 2422 struct vnode *vp = ap->a_vp; 2423 struct inode *ip = VTOI(vp); 2424 doff_t isize; 2425 2426 isize = ip->i_size; 2427 if ((isize < vp->v_mount->mnt_maxsymlinklen) || 2428 DIP(ip, i_blocks) == 0) { /* XXX - for old fastlink support */ 2429 return (uiomove(SHORTLINK(ip), isize, ap->a_uio)); 2430 } 2431 return (VOP_READ(vp, ap->a_uio, 0, ap->a_cred)); 2432 } 2433 2434 /* 2435 * Calculate the logical to physical mapping if not done already, 2436 * then call the device strategy routine. 2437 * 2438 * In order to be able to swap to a file, the ufs_bmaparray() operation may not 2439 * deadlock on memory. See ufs_bmap() for details. 2440 */ 2441 static int 2442 ufs_strategy(ap) 2443 struct vop_strategy_args /* { 2444 struct vnode *a_vp; 2445 struct buf *a_bp; 2446 } */ *ap; 2447 { 2448 struct buf *bp = ap->a_bp; 2449 struct vnode *vp = ap->a_vp; 2450 ufs2_daddr_t blkno; 2451 int error; 2452 2453 if (bp->b_blkno == bp->b_lblkno) { 2454 error = ufs_bmaparray(vp, bp->b_lblkno, &blkno, bp, NULL, NULL); 2455 bp->b_blkno = blkno; 2456 if (error) { 2457 bp->b_error = error; 2458 bp->b_ioflags |= BIO_ERROR; 2459 bufdone(bp); 2460 return (0); 2461 } 2462 if ((long)bp->b_blkno == -1) 2463 vfs_bio_clrbuf(bp); 2464 } 2465 if ((long)bp->b_blkno == -1) { 2466 bufdone(bp); 2467 return (0); 2468 } 2469 bp->b_iooffset = dbtob(bp->b_blkno); 2470 BO_STRATEGY(VFSTOUFS(vp->v_mount)->um_bo, bp); 2471 return (0); 2472 } 2473 2474 /* 2475 * Print out the contents of an inode. 2476 */ 2477 static int 2478 ufs_print(ap) 2479 struct vop_print_args /* { 2480 struct vnode *a_vp; 2481 } */ *ap; 2482 { 2483 struct vnode *vp = ap->a_vp; 2484 struct inode *ip = VTOI(vp); 2485 2486 printf("\tnlink=%d, effnlink=%d, size=%jd", ip->i_nlink, 2487 ip->i_effnlink, (intmax_t)ip->i_size); 2488 if (I_IS_UFS2(ip)) 2489 printf(", extsize %d", ip->i_din2->di_extsize); 2490 printf("\n\tgeneration=%jx, uid=%d, gid=%d, flags=0x%b\n", 2491 (uintmax_t)ip->i_gen, ip->i_uid, ip->i_gid, 2492 (u_int)ip->i_flags, PRINT_INODE_FLAGS); 2493 printf("\tino %lu, on dev %s", (u_long)ip->i_number, 2494 devtoname(ITODEV(ip))); 2495 if (vp->v_type == VFIFO) 2496 fifo_printinfo(vp); 2497 printf("\n"); 2498 return (0); 2499 } 2500 2501 /* 2502 * Close wrapper for fifos. 2503 * 2504 * Update the times on the inode then do device close. 2505 */ 2506 static int 2507 ufsfifo_close(ap) 2508 struct vop_close_args /* { 2509 struct vnode *a_vp; 2510 int a_fflag; 2511 struct ucred *a_cred; 2512 struct thread *a_td; 2513 } */ *ap; 2514 { 2515 struct vnode *vp = ap->a_vp; 2516 int usecount; 2517 2518 VI_LOCK(vp); 2519 usecount = vp->v_usecount; 2520 if (usecount > 1) 2521 ufs_itimes_locked(vp); 2522 VI_UNLOCK(vp); 2523 return (fifo_specops.vop_close(ap)); 2524 } 2525 2526 /* 2527 * Kqfilter wrapper for fifos. 2528 * 2529 * Fall through to ufs kqfilter routines if needed 2530 */ 2531 static int 2532 ufsfifo_kqfilter(ap) 2533 struct vop_kqfilter_args *ap; 2534 { 2535 int error; 2536 2537 error = fifo_specops.vop_kqfilter(ap); 2538 if (error) 2539 error = vfs_kqfilter(ap); 2540 return (error); 2541 } 2542 2543 /* 2544 * Return POSIX pathconf information applicable to ufs filesystems. 2545 */ 2546 static int 2547 ufs_pathconf(ap) 2548 struct vop_pathconf_args /* { 2549 struct vnode *a_vp; 2550 int a_name; 2551 int *a_retval; 2552 } */ *ap; 2553 { 2554 int error; 2555 2556 error = 0; 2557 switch (ap->a_name) { 2558 case _PC_LINK_MAX: 2559 *ap->a_retval = UFS_LINK_MAX; 2560 break; 2561 case _PC_NAME_MAX: 2562 *ap->a_retval = UFS_MAXNAMLEN; 2563 break; 2564 case _PC_PIPE_BUF: 2565 if (ap->a_vp->v_type == VDIR || ap->a_vp->v_type == VFIFO) 2566 *ap->a_retval = PIPE_BUF; 2567 else 2568 error = EINVAL; 2569 break; 2570 case _PC_CHOWN_RESTRICTED: 2571 *ap->a_retval = 1; 2572 break; 2573 case _PC_NO_TRUNC: 2574 *ap->a_retval = 1; 2575 break; 2576 #ifdef UFS_ACL 2577 case _PC_ACL_EXTENDED: 2578 if (ap->a_vp->v_mount->mnt_flag & MNT_ACLS) 2579 *ap->a_retval = 1; 2580 else 2581 *ap->a_retval = 0; 2582 break; 2583 case _PC_ACL_NFS4: 2584 if (ap->a_vp->v_mount->mnt_flag & MNT_NFS4ACLS) 2585 *ap->a_retval = 1; 2586 else 2587 *ap->a_retval = 0; 2588 break; 2589 #endif 2590 case _PC_ACL_PATH_MAX: 2591 #ifdef UFS_ACL 2592 if (ap->a_vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS)) 2593 *ap->a_retval = ACL_MAX_ENTRIES; 2594 else 2595 *ap->a_retval = 3; 2596 #else 2597 *ap->a_retval = 3; 2598 #endif 2599 break; 2600 #ifdef MAC 2601 case _PC_MAC_PRESENT: 2602 if (ap->a_vp->v_mount->mnt_flag & MNT_MULTILABEL) 2603 *ap->a_retval = 1; 2604 else 2605 *ap->a_retval = 0; 2606 break; 2607 #endif 2608 case _PC_MIN_HOLE_SIZE: 2609 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2610 break; 2611 case _PC_PRIO_IO: 2612 *ap->a_retval = 0; 2613 break; 2614 case _PC_SYNC_IO: 2615 *ap->a_retval = 0; 2616 break; 2617 case _PC_ALLOC_SIZE_MIN: 2618 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_bsize; 2619 break; 2620 case _PC_FILESIZEBITS: 2621 *ap->a_retval = 64; 2622 break; 2623 case _PC_REC_INCR_XFER_SIZE: 2624 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2625 break; 2626 case _PC_REC_MAX_XFER_SIZE: 2627 *ap->a_retval = -1; /* means ``unlimited'' */ 2628 break; 2629 case _PC_REC_MIN_XFER_SIZE: 2630 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2631 break; 2632 case _PC_REC_XFER_ALIGN: 2633 *ap->a_retval = PAGE_SIZE; 2634 break; 2635 case _PC_SYMLINK_MAX: 2636 *ap->a_retval = MAXPATHLEN; 2637 break; 2638 2639 default: 2640 error = vop_stdpathconf(ap); 2641 break; 2642 } 2643 return (error); 2644 } 2645 2646 /* 2647 * Initialize the vnode associated with a new inode, handle aliased 2648 * vnodes. 2649 */ 2650 int 2651 ufs_vinit(mntp, fifoops, vpp) 2652 struct mount *mntp; 2653 struct vop_vector *fifoops; 2654 struct vnode **vpp; 2655 { 2656 struct inode *ip; 2657 struct vnode *vp; 2658 2659 vp = *vpp; 2660 ASSERT_VOP_LOCKED(vp, "ufs_vinit"); 2661 ip = VTOI(vp); 2662 vp->v_type = IFTOVT(ip->i_mode); 2663 /* 2664 * Only unallocated inodes should be of type VNON. 2665 */ 2666 if (ip->i_mode != 0 && vp->v_type == VNON) 2667 return (EINVAL); 2668 if (vp->v_type == VFIFO) 2669 vp->v_op = fifoops; 2670 if (ip->i_number == UFS_ROOTINO) 2671 vp->v_vflag |= VV_ROOT; 2672 *vpp = vp; 2673 return (0); 2674 } 2675 2676 /* 2677 * Allocate a new inode. 2678 * Vnode dvp must be locked. 2679 */ 2680 static int 2681 ufs_makeinode(mode, dvp, vpp, cnp, callfunc) 2682 int mode; 2683 struct vnode *dvp; 2684 struct vnode **vpp; 2685 struct componentname *cnp; 2686 const char *callfunc; 2687 { 2688 struct inode *ip, *pdir; 2689 struct direct newdir; 2690 struct vnode *tvp; 2691 int error; 2692 2693 pdir = VTOI(dvp); 2694 #ifdef INVARIANTS 2695 if ((cnp->cn_flags & HASBUF) == 0) 2696 panic("%s: no name", callfunc); 2697 #endif 2698 *vpp = NULL; 2699 if ((mode & IFMT) == 0) 2700 mode |= IFREG; 2701 2702 if (pdir->i_effnlink < 2) { 2703 print_bad_link_count(callfunc, dvp); 2704 return (EINVAL); 2705 } 2706 error = UFS_VALLOC(dvp, mode, cnp->cn_cred, &tvp); 2707 if (error) 2708 return (error); 2709 ip = VTOI(tvp); 2710 ip->i_gid = pdir->i_gid; 2711 DIP_SET(ip, i_gid, pdir->i_gid); 2712 #ifdef SUIDDIR 2713 { 2714 #ifdef QUOTA 2715 struct ucred ucred, *ucp; 2716 gid_t ucred_group; 2717 ucp = cnp->cn_cred; 2718 #endif 2719 /* 2720 * If we are not the owner of the directory, 2721 * and we are hacking owners here, (only do this where told to) 2722 * and we are not giving it TO root, (would subvert quotas) 2723 * then go ahead and give it to the other user. 2724 * Note that this drops off the execute bits for security. 2725 */ 2726 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) && 2727 (pdir->i_mode & ISUID) && 2728 (pdir->i_uid != cnp->cn_cred->cr_uid) && pdir->i_uid) { 2729 ip->i_uid = pdir->i_uid; 2730 DIP_SET(ip, i_uid, ip->i_uid); 2731 mode &= ~07111; 2732 #ifdef QUOTA 2733 /* 2734 * Make sure the correct user gets charged 2735 * for the space. 2736 * Quickly knock up a dummy credential for the victim. 2737 * XXX This seems to never be accessed out of our 2738 * context so a stack variable is ok. 2739 */ 2740 refcount_init(&ucred.cr_ref, 1); 2741 ucred.cr_uid = ip->i_uid; 2742 ucred.cr_ngroups = 1; 2743 ucred.cr_groups = &ucred_group; 2744 ucred.cr_groups[0] = pdir->i_gid; 2745 ucp = &ucred; 2746 #endif 2747 } else { 2748 ip->i_uid = cnp->cn_cred->cr_uid; 2749 DIP_SET(ip, i_uid, ip->i_uid); 2750 } 2751 2752 #ifdef QUOTA 2753 if ((error = getinoquota(ip)) || 2754 (error = chkiq(ip, 1, ucp, 0))) { 2755 if (DOINGSOFTDEP(tvp)) 2756 softdep_revert_link(pdir, ip); 2757 UFS_VFREE(tvp, ip->i_number, mode); 2758 vgone(tvp); 2759 vput(tvp); 2760 return (error); 2761 } 2762 #endif 2763 } 2764 #else /* !SUIDDIR */ 2765 ip->i_uid = cnp->cn_cred->cr_uid; 2766 DIP_SET(ip, i_uid, ip->i_uid); 2767 #ifdef QUOTA 2768 if ((error = getinoquota(ip)) || 2769 (error = chkiq(ip, 1, cnp->cn_cred, 0))) { 2770 if (DOINGSOFTDEP(tvp)) 2771 softdep_revert_link(pdir, ip); 2772 UFS_VFREE(tvp, ip->i_number, mode); 2773 vgone(tvp); 2774 vput(tvp); 2775 return (error); 2776 } 2777 #endif 2778 #endif /* !SUIDDIR */ 2779 vn_seqc_write_begin(tvp); /* Mostly to cover asserts */ 2780 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE); 2781 UFS_INODE_SET_MODE(ip, mode); 2782 DIP_SET(ip, i_mode, mode); 2783 tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */ 2784 ip->i_effnlink = 1; 2785 ip->i_nlink = 1; 2786 DIP_SET(ip, i_nlink, 1); 2787 if (DOINGSOFTDEP(tvp)) 2788 softdep_setup_create(VTOI(dvp), ip); 2789 if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) && 2790 priv_check_cred(cnp->cn_cred, PRIV_VFS_SETGID)) { 2791 UFS_INODE_SET_MODE(ip, ip->i_mode & ~ISGID); 2792 DIP_SET(ip, i_mode, ip->i_mode); 2793 } 2794 2795 if (cnp->cn_flags & ISWHITEOUT) { 2796 ip->i_flags |= UF_OPAQUE; 2797 DIP_SET(ip, i_flags, ip->i_flags); 2798 } 2799 2800 /* 2801 * Make sure inode goes to disk before directory entry. 2802 */ 2803 error = UFS_UPDATE(tvp, !DOINGSOFTDEP(tvp) && !DOINGASYNC(tvp)); 2804 if (error) 2805 goto bad; 2806 #ifdef MAC 2807 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) { 2808 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount, 2809 dvp, tvp, cnp); 2810 if (error) 2811 goto bad; 2812 } 2813 #endif 2814 #ifdef UFS_ACL 2815 if (dvp->v_mount->mnt_flag & MNT_ACLS) { 2816 error = ufs_do_posix1e_acl_inheritance_file(dvp, tvp, mode, 2817 cnp->cn_cred, cnp->cn_thread); 2818 if (error) 2819 goto bad; 2820 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) { 2821 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, mode, 2822 cnp->cn_cred, cnp->cn_thread); 2823 if (error) 2824 goto bad; 2825 } 2826 #endif /* !UFS_ACL */ 2827 ufs_makedirentry(ip, cnp, &newdir); 2828 error = ufs_direnter(dvp, tvp, &newdir, cnp, NULL, 0); 2829 if (error) 2830 goto bad; 2831 vn_seqc_write_end(tvp); 2832 *vpp = tvp; 2833 return (0); 2834 2835 bad: 2836 /* 2837 * Write error occurred trying to update the inode 2838 * or the directory so must deallocate the inode. 2839 */ 2840 ip->i_effnlink = 0; 2841 ip->i_nlink = 0; 2842 DIP_SET(ip, i_nlink, 0); 2843 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 2844 if (DOINGSOFTDEP(tvp)) 2845 softdep_revert_create(VTOI(dvp), ip); 2846 vn_seqc_write_end(tvp); 2847 vgone(tvp); 2848 vput(tvp); 2849 return (error); 2850 } 2851 2852 static int 2853 ufs_ioctl(struct vop_ioctl_args *ap) 2854 { 2855 struct vnode *vp; 2856 int error; 2857 2858 vp = ap->a_vp; 2859 switch (ap->a_command) { 2860 case FIOSEEKDATA: 2861 error = vn_lock(vp, LK_SHARED); 2862 if (error == 0) { 2863 error = ufs_bmap_seekdata(vp, (off_t *)ap->a_data); 2864 VOP_UNLOCK(vp); 2865 } else 2866 error = EBADF; 2867 return (error); 2868 case FIOSEEKHOLE: 2869 return (vn_bmap_seekhole(vp, ap->a_command, (off_t *)ap->a_data, 2870 ap->a_cred)); 2871 default: 2872 return (ENOTTY); 2873 } 2874 } 2875 2876 static int 2877 ufs_read_pgcache(struct vop_read_pgcache_args *ap) 2878 { 2879 struct uio *uio; 2880 struct vnode *vp; 2881 2882 uio = ap->a_uio; 2883 vp = ap->a_vp; 2884 MPASS((vp->v_irflag & VIRF_PGREAD) != 0); 2885 2886 if (uio->uio_resid > ptoa(io_hold_cnt) || uio->uio_offset < 0 || 2887 (ap->a_ioflag & IO_DIRECT) != 0) 2888 return (EJUSTRETURN); 2889 return (vn_read_from_obj(vp, uio)); 2890 } 2891 2892 /* Global vfs data structures for ufs. */ 2893 struct vop_vector ufs_vnodeops = { 2894 .vop_default = &default_vnodeops, 2895 .vop_fsync = VOP_PANIC, 2896 .vop_read = VOP_PANIC, 2897 .vop_reallocblks = VOP_PANIC, 2898 .vop_write = VOP_PANIC, 2899 .vop_accessx = ufs_accessx, 2900 .vop_bmap = ufs_bmap, 2901 .vop_fplookup_vexec = ufs_fplookup_vexec, 2902 .vop_cachedlookup = ufs_lookup, 2903 .vop_close = ufs_close, 2904 .vop_create = ufs_create, 2905 .vop_stat = ufs_stat, 2906 .vop_getattr = ufs_getattr, 2907 .vop_inactive = ufs_inactive, 2908 .vop_ioctl = ufs_ioctl, 2909 .vop_link = ufs_link, 2910 .vop_lookup = vfs_cache_lookup, 2911 .vop_mmapped = ufs_mmapped, 2912 .vop_mkdir = ufs_mkdir, 2913 .vop_mknod = ufs_mknod, 2914 .vop_need_inactive = ufs_need_inactive, 2915 .vop_open = ufs_open, 2916 .vop_pathconf = ufs_pathconf, 2917 .vop_poll = vop_stdpoll, 2918 .vop_print = ufs_print, 2919 .vop_read_pgcache = ufs_read_pgcache, 2920 .vop_readdir = ufs_readdir, 2921 .vop_readlink = ufs_readlink, 2922 .vop_reclaim = ufs_reclaim, 2923 .vop_remove = ufs_remove, 2924 .vop_rename = ufs_rename, 2925 .vop_rmdir = ufs_rmdir, 2926 .vop_setattr = ufs_setattr, 2927 #ifdef MAC 2928 .vop_setlabel = vop_stdsetlabel_ea, 2929 #endif 2930 .vop_strategy = ufs_strategy, 2931 .vop_symlink = ufs_symlink, 2932 .vop_whiteout = ufs_whiteout, 2933 #ifdef UFS_EXTATTR 2934 .vop_getextattr = ufs_getextattr, 2935 .vop_deleteextattr = ufs_deleteextattr, 2936 .vop_setextattr = ufs_setextattr, 2937 #endif 2938 #ifdef UFS_ACL 2939 .vop_getacl = ufs_getacl, 2940 .vop_setacl = ufs_setacl, 2941 .vop_aclcheck = ufs_aclcheck, 2942 #endif 2943 }; 2944 VFS_VOP_VECTOR_REGISTER(ufs_vnodeops); 2945 2946 struct vop_vector ufs_fifoops = { 2947 .vop_default = &fifo_specops, 2948 .vop_fsync = VOP_PANIC, 2949 .vop_accessx = ufs_accessx, 2950 .vop_close = ufsfifo_close, 2951 .vop_getattr = ufs_getattr, 2952 .vop_inactive = ufs_inactive, 2953 .vop_kqfilter = ufsfifo_kqfilter, 2954 .vop_pathconf = ufs_pathconf, 2955 .vop_print = ufs_print, 2956 .vop_read = VOP_PANIC, 2957 .vop_reclaim = ufs_reclaim, 2958 .vop_setattr = ufs_setattr, 2959 #ifdef MAC 2960 .vop_setlabel = vop_stdsetlabel_ea, 2961 #endif 2962 .vop_write = VOP_PANIC, 2963 #ifdef UFS_EXTATTR 2964 .vop_getextattr = ufs_getextattr, 2965 .vop_deleteextattr = ufs_deleteextattr, 2966 .vop_setextattr = ufs_setextattr, 2967 #endif 2968 #ifdef UFS_ACL 2969 .vop_getacl = ufs_getacl, 2970 .vop_setacl = ufs_setacl, 2971 .vop_aclcheck = ufs_aclcheck, 2972 #endif 2973 }; 2974 VFS_VOP_VECTOR_REGISTER(ufs_fifoops); 2975