1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1982, 1986, 1989, 1993, 1995 5 * The Regents of the University of California. All rights reserved. 6 * (c) UNIX System Laboratories, Inc. 7 * All or some portions of this file are derived from material licensed 8 * to the University of California by American Telephone and Telegraph 9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 10 * the permission of UNIX System Laboratories, Inc. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)ufs_vnops.c 8.27 (Berkeley) 5/27/95 37 */ 38 39 #include <sys/cdefs.h> 40 __FBSDID("$FreeBSD$"); 41 42 #include "opt_quota.h" 43 #include "opt_suiddir.h" 44 #include "opt_ufs.h" 45 #include "opt_ffs.h" 46 47 #include <sys/param.h> 48 #include <sys/systm.h> 49 #include <sys/malloc.h> 50 #include <sys/namei.h> 51 #include <sys/kernel.h> 52 #include <sys/fcntl.h> 53 #include <sys/filio.h> 54 #include <sys/stat.h> 55 #include <sys/bio.h> 56 #include <sys/buf.h> 57 #include <sys/mount.h> 58 #include <sys/priv.h> 59 #include <sys/refcount.h> 60 #include <sys/unistd.h> 61 #include <sys/vnode.h> 62 #include <sys/dirent.h> 63 #include <sys/lockf.h> 64 #include <sys/conf.h> 65 #include <sys/acl.h> 66 #include <sys/smr.h> 67 68 #include <security/audit/audit.h> 69 #include <security/mac/mac_framework.h> 70 71 #include <sys/file.h> /* XXX */ 72 73 #include <vm/vm.h> 74 #include <vm/vm_extern.h> 75 76 #include <ufs/ufs/acl.h> 77 #include <ufs/ufs/extattr.h> 78 #include <ufs/ufs/quota.h> 79 #include <ufs/ufs/inode.h> 80 #include <ufs/ufs/dir.h> 81 #include <ufs/ufs/ufsmount.h> 82 #include <ufs/ufs/ufs_extern.h> 83 #ifdef UFS_DIRHASH 84 #include <ufs/ufs/dirhash.h> 85 #endif 86 #ifdef UFS_GJOURNAL 87 #include <ufs/ufs/gjournal.h> 88 FEATURE(ufs_gjournal, "Journaling support through GEOM for UFS"); 89 #endif 90 91 #ifdef QUOTA 92 FEATURE(ufs_quota, "UFS disk quotas support"); 93 FEATURE(ufs_quota64, "64bit UFS disk quotas support"); 94 #endif 95 96 #ifdef SUIDDIR 97 FEATURE(suiddir, 98 "Give all new files in directory the same ownership as the directory"); 99 #endif 100 101 VFS_SMR_DECLARE; 102 103 #include <ufs/ffs/ffs_extern.h> 104 105 static vop_accessx_t ufs_accessx; 106 static vop_fplookup_vexec_t ufs_fplookup_vexec; 107 static int ufs_chmod(struct vnode *, int, struct ucred *, struct thread *); 108 static int ufs_chown(struct vnode *, uid_t, gid_t, struct ucred *, struct thread *); 109 static vop_close_t ufs_close; 110 static vop_create_t ufs_create; 111 static vop_stat_t ufs_stat; 112 static vop_getattr_t ufs_getattr; 113 static vop_ioctl_t ufs_ioctl; 114 static vop_link_t ufs_link; 115 static int ufs_makeinode(int mode, struct vnode *, struct vnode **, struct componentname *, const char *); 116 static vop_mmapped_t ufs_mmapped; 117 static vop_mkdir_t ufs_mkdir; 118 static vop_mknod_t ufs_mknod; 119 static vop_open_t ufs_open; 120 static vop_pathconf_t ufs_pathconf; 121 static vop_print_t ufs_print; 122 static vop_readlink_t ufs_readlink; 123 static vop_remove_t ufs_remove; 124 static vop_rename_t ufs_rename; 125 static vop_rmdir_t ufs_rmdir; 126 static vop_setattr_t ufs_setattr; 127 static vop_strategy_t ufs_strategy; 128 static vop_symlink_t ufs_symlink; 129 static vop_whiteout_t ufs_whiteout; 130 static vop_close_t ufsfifo_close; 131 static vop_kqfilter_t ufsfifo_kqfilter; 132 133 SYSCTL_NODE(_vfs, OID_AUTO, ufs, CTLFLAG_RD | CTLFLAG_MPSAFE, 0, 134 "UFS filesystem"); 135 136 /* 137 * A virgin directory (no blushing please). 138 */ 139 static struct dirtemplate mastertemplate = { 140 0, 12, DT_DIR, 1, ".", 141 0, DIRBLKSIZ - 12, DT_DIR, 2, ".." 142 }; 143 static struct odirtemplate omastertemplate = { 144 0, 12, 1, ".", 145 0, DIRBLKSIZ - 12, 2, ".." 146 }; 147 148 static void 149 ufs_itimes_locked(struct vnode *vp) 150 { 151 struct inode *ip; 152 struct timespec ts; 153 154 ASSERT_VI_LOCKED(vp, __func__); 155 156 ip = VTOI(vp); 157 if (UFS_RDONLY(ip)) 158 goto out; 159 if ((ip->i_flag & (IN_ACCESS | IN_CHANGE | IN_UPDATE)) == 0) 160 return; 161 162 if ((vp->v_type == VBLK || vp->v_type == VCHR) && !DOINGSOFTDEP(vp)) 163 UFS_INODE_SET_FLAG(ip, IN_LAZYMOD); 164 else if (((vp->v_mount->mnt_kern_flag & 165 (MNTK_SUSPENDED | MNTK_SUSPEND)) == 0) || 166 (ip->i_flag & (IN_CHANGE | IN_UPDATE))) 167 UFS_INODE_SET_FLAG(ip, IN_MODIFIED); 168 else if (ip->i_flag & IN_ACCESS) 169 UFS_INODE_SET_FLAG(ip, IN_LAZYACCESS); 170 vfs_timestamp(&ts); 171 if (ip->i_flag & IN_ACCESS) { 172 DIP_SET(ip, i_atime, ts.tv_sec); 173 DIP_SET(ip, i_atimensec, ts.tv_nsec); 174 } 175 if (ip->i_flag & IN_UPDATE) { 176 DIP_SET(ip, i_mtime, ts.tv_sec); 177 DIP_SET(ip, i_mtimensec, ts.tv_nsec); 178 } 179 if (ip->i_flag & IN_CHANGE) { 180 DIP_SET(ip, i_ctime, ts.tv_sec); 181 DIP_SET(ip, i_ctimensec, ts.tv_nsec); 182 DIP_SET(ip, i_modrev, DIP(ip, i_modrev) + 1); 183 } 184 185 out: 186 ip->i_flag &= ~(IN_ACCESS | IN_CHANGE | IN_UPDATE); 187 } 188 189 void 190 ufs_itimes(struct vnode *vp) 191 { 192 193 VI_LOCK(vp); 194 ufs_itimes_locked(vp); 195 VI_UNLOCK(vp); 196 } 197 198 /* 199 * Create a regular file 200 */ 201 static int 202 ufs_create(ap) 203 struct vop_create_args /* { 204 struct vnode *a_dvp; 205 struct vnode **a_vpp; 206 struct componentname *a_cnp; 207 struct vattr *a_vap; 208 } */ *ap; 209 { 210 int error; 211 212 error = 213 ufs_makeinode(MAKEIMODE(ap->a_vap->va_type, ap->a_vap->va_mode), 214 ap->a_dvp, ap->a_vpp, ap->a_cnp, "ufs_create"); 215 if (error != 0) 216 return (error); 217 if ((ap->a_cnp->cn_flags & MAKEENTRY) != 0) 218 cache_enter(ap->a_dvp, *ap->a_vpp, ap->a_cnp); 219 return (0); 220 } 221 222 /* 223 * Mknod vnode call 224 */ 225 /* ARGSUSED */ 226 static int 227 ufs_mknod(ap) 228 struct vop_mknod_args /* { 229 struct vnode *a_dvp; 230 struct vnode **a_vpp; 231 struct componentname *a_cnp; 232 struct vattr *a_vap; 233 } */ *ap; 234 { 235 struct vattr *vap = ap->a_vap; 236 struct vnode **vpp = ap->a_vpp; 237 struct inode *ip; 238 ino_t ino; 239 int error; 240 241 error = ufs_makeinode(MAKEIMODE(vap->va_type, vap->va_mode), 242 ap->a_dvp, vpp, ap->a_cnp, "ufs_mknod"); 243 if (error) 244 return (error); 245 ip = VTOI(*vpp); 246 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE); 247 if (vap->va_rdev != VNOVAL) { 248 /* 249 * Want to be able to use this to make badblock 250 * inodes, so don't truncate the dev number. 251 */ 252 DIP_SET(ip, i_rdev, vap->va_rdev); 253 } 254 /* 255 * Remove inode, then reload it through VFS_VGET(). This is 256 * needed to do further inode initialization, for instance 257 * fifo, which was too early for VFS_VGET() done as part of 258 * UFS_VALLOC(). 259 */ 260 (*vpp)->v_type = VNON; 261 ino = ip->i_number; /* Save this before vgone() invalidates ip. */ 262 vgone(*vpp); 263 vput(*vpp); 264 error = VFS_VGET(ap->a_dvp->v_mount, ino, LK_EXCLUSIVE, vpp); 265 if (error) { 266 *vpp = NULL; 267 return (error); 268 } 269 return (0); 270 } 271 272 /* 273 * Open called. 274 */ 275 /* ARGSUSED */ 276 static int 277 ufs_open(struct vop_open_args *ap) 278 { 279 struct vnode *vp = ap->a_vp; 280 struct inode *ip; 281 282 if (vp->v_type == VCHR || vp->v_type == VBLK) 283 return (EOPNOTSUPP); 284 285 ip = VTOI(vp); 286 vnode_create_vobject(vp, DIP(ip, i_size), ap->a_td); 287 if (vp->v_type == VREG && (vn_irflag_read(vp) & VIRF_PGREAD) == 0) { 288 vn_irflag_set_cond(vp, VIRF_PGREAD); 289 } 290 291 /* 292 * Files marked append-only must be opened for appending. 293 */ 294 if ((ip->i_flags & APPEND) && 295 (ap->a_mode & (FWRITE | O_APPEND)) == FWRITE) 296 return (EPERM); 297 298 return (0); 299 } 300 301 /* 302 * Close called. 303 * 304 * Update the times on the inode. 305 */ 306 /* ARGSUSED */ 307 static int 308 ufs_close(ap) 309 struct vop_close_args /* { 310 struct vnode *a_vp; 311 int a_fflag; 312 struct ucred *a_cred; 313 struct thread *a_td; 314 } */ *ap; 315 { 316 struct vnode *vp = ap->a_vp; 317 int usecount; 318 319 VI_LOCK(vp); 320 usecount = vp->v_usecount; 321 if (usecount > 1) 322 ufs_itimes_locked(vp); 323 VI_UNLOCK(vp); 324 return (0); 325 } 326 327 static int 328 ufs_accessx(ap) 329 struct vop_accessx_args /* { 330 struct vnode *a_vp; 331 accmode_t a_accmode; 332 struct ucred *a_cred; 333 struct thread *a_td; 334 } */ *ap; 335 { 336 struct vnode *vp = ap->a_vp; 337 struct inode *ip = VTOI(vp); 338 accmode_t accmode = ap->a_accmode; 339 int error; 340 #ifdef UFS_ACL 341 struct acl *acl; 342 acl_type_t type; 343 #endif 344 345 /* 346 * Disallow write attempts on read-only filesystems; 347 * unless the file is a socket, fifo, or a block or 348 * character device resident on the filesystem. 349 */ 350 if (accmode & VMODIFY_PERMS) { 351 switch (vp->v_type) { 352 case VDIR: 353 case VLNK: 354 case VREG: 355 if (vp->v_mount->mnt_flag & MNT_RDONLY) 356 return (EROFS); 357 #ifdef QUOTA 358 /* 359 * Inode is accounted in the quotas only if struct 360 * dquot is attached to it. VOP_ACCESS() is called 361 * from vn_open_cred() and provides a convenient 362 * point to call getinoquota(). The lock mode is 363 * exclusive when the file is opening for write. 364 */ 365 if (VOP_ISLOCKED(vp) == LK_EXCLUSIVE) { 366 error = getinoquota(ip); 367 if (error != 0) 368 return (error); 369 } 370 #endif 371 break; 372 default: 373 break; 374 } 375 } 376 377 /* 378 * If immutable bit set, nobody gets to write it. "& ~VADMIN_PERMS" 379 * permits the owner of the file to remove the IMMUTABLE flag. 380 */ 381 if ((accmode & (VMODIFY_PERMS & ~VADMIN_PERMS)) && 382 (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT))) 383 return (EPERM); 384 385 #ifdef UFS_ACL 386 if ((vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS)) != 0) { 387 if (vp->v_mount->mnt_flag & MNT_NFS4ACLS) 388 type = ACL_TYPE_NFS4; 389 else 390 type = ACL_TYPE_ACCESS; 391 392 acl = acl_alloc(M_WAITOK); 393 if (type == ACL_TYPE_NFS4) 394 error = ufs_getacl_nfs4_internal(vp, acl, ap->a_td); 395 else 396 error = VOP_GETACL(vp, type, acl, ap->a_cred, ap->a_td); 397 switch (error) { 398 case 0: 399 if (type == ACL_TYPE_NFS4) { 400 error = vaccess_acl_nfs4(vp->v_type, ip->i_uid, 401 ip->i_gid, acl, accmode, ap->a_cred); 402 } else { 403 error = vfs_unixify_accmode(&accmode); 404 if (error == 0) 405 error = vaccess_acl_posix1e(vp->v_type, ip->i_uid, 406 ip->i_gid, acl, accmode, ap->a_cred); 407 } 408 break; 409 default: 410 if (error != EOPNOTSUPP) 411 printf( 412 "ufs_accessx(): Error retrieving ACL on object (%d).\n", 413 error); 414 /* 415 * XXX: Fall back until debugged. Should 416 * eventually possibly log an error, and return 417 * EPERM for safety. 418 */ 419 error = vfs_unixify_accmode(&accmode); 420 if (error == 0) 421 error = vaccess(vp->v_type, ip->i_mode, 422 ip->i_uid, ip->i_gid, accmode, ap->a_cred); 423 } 424 acl_free(acl); 425 426 return (error); 427 } 428 #endif /* !UFS_ACL */ 429 error = vfs_unixify_accmode(&accmode); 430 if (error == 0) 431 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, ip->i_gid, 432 accmode, ap->a_cred); 433 return (error); 434 } 435 436 /* 437 * VOP_FPLOOKUP_VEXEC routines are subject to special circumstances, see 438 * the comment above cache_fplookup for details. 439 */ 440 static int 441 ufs_fplookup_vexec(ap) 442 struct vop_fplookup_vexec_args /* { 443 struct vnode *a_vp; 444 struct ucred *a_cred; 445 struct thread *a_td; 446 } */ *ap; 447 { 448 struct vnode *vp; 449 struct inode *ip; 450 struct ucred *cred; 451 mode_t all_x, mode; 452 453 vp = ap->a_vp; 454 ip = VTOI_SMR(vp); 455 if (__predict_false(ip == NULL)) 456 return (EAGAIN); 457 458 /* 459 * XXX ACL race 460 * 461 * ACLs are not supported and UFS clears/sets this flag on mount and 462 * remount. However, we may still be racing with seeing them and there 463 * is no provision to make sure they were accounted for. This matches 464 * the behavior of the locked case, since the lookup there is also 465 * racy: mount takes no measures to block anyone from progressing. 466 */ 467 all_x = S_IXUSR | S_IXGRP | S_IXOTH; 468 mode = atomic_load_short(&ip->i_mode); 469 if (__predict_true((mode & all_x) == all_x)) 470 return (0); 471 472 cred = ap->a_cred; 473 return (vaccess_vexec_smr(mode, ip->i_uid, ip->i_gid, cred)); 474 } 475 476 /* ARGSUSED */ 477 static int 478 ufs_stat(struct vop_stat_args *ap) 479 { 480 struct vnode *vp = ap->a_vp; 481 struct inode *ip = VTOI(vp); 482 struct stat *sb = ap->a_sb; 483 int error; 484 485 error = vop_stat_helper_pre(ap); 486 if (__predict_false(error)) 487 return (error); 488 489 VI_LOCK(vp); 490 ufs_itimes_locked(vp); 491 if (I_IS_UFS1(ip)) { 492 sb->st_atim.tv_sec = ip->i_din1->di_atime; 493 sb->st_atim.tv_nsec = ip->i_din1->di_atimensec; 494 } else { 495 sb->st_atim.tv_sec = ip->i_din2->di_atime; 496 sb->st_atim.tv_nsec = ip->i_din2->di_atimensec; 497 } 498 VI_UNLOCK(vp); 499 500 sb->st_dev = dev2udev(ITOUMP(ip)->um_dev); 501 sb->st_ino = ip->i_number; 502 sb->st_mode = (ip->i_mode & ~IFMT) | VTTOIF(vp->v_type); 503 sb->st_nlink = ip->i_effnlink; 504 sb->st_uid = ip->i_uid; 505 sb->st_gid = ip->i_gid; 506 if (I_IS_UFS1(ip)) { 507 sb->st_rdev = ip->i_din1->di_rdev; 508 sb->st_size = ip->i_din1->di_size; 509 sb->st_mtim.tv_sec = ip->i_din1->di_mtime; 510 sb->st_mtim.tv_nsec = ip->i_din1->di_mtimensec; 511 sb->st_ctim.tv_sec = ip->i_din1->di_ctime; 512 sb->st_ctim.tv_nsec = ip->i_din1->di_ctimensec; 513 sb->st_birthtim.tv_sec = -1; 514 sb->st_birthtim.tv_nsec = 0; 515 sb->st_blocks = dbtob((u_quad_t)ip->i_din1->di_blocks) / S_BLKSIZE; 516 } else { 517 sb->st_rdev = ip->i_din2->di_rdev; 518 sb->st_size = ip->i_din2->di_size; 519 sb->st_mtim.tv_sec = ip->i_din2->di_mtime; 520 sb->st_mtim.tv_nsec = ip->i_din2->di_mtimensec; 521 sb->st_ctim.tv_sec = ip->i_din2->di_ctime; 522 sb->st_ctim.tv_nsec = ip->i_din2->di_ctimensec; 523 sb->st_birthtim.tv_sec = ip->i_din2->di_birthtime; 524 sb->st_birthtim.tv_nsec = ip->i_din2->di_birthnsec; 525 sb->st_blocks = dbtob((u_quad_t)ip->i_din2->di_blocks) / S_BLKSIZE; 526 } 527 528 sb->st_blksize = max(PAGE_SIZE, vp->v_mount->mnt_stat.f_iosize); 529 sb->st_flags = ip->i_flags; 530 sb->st_gen = ip->i_gen; 531 532 return (vop_stat_helper_post(ap, error)); 533 } 534 535 /* ARGSUSED */ 536 static int 537 ufs_getattr(ap) 538 struct vop_getattr_args /* { 539 struct vnode *a_vp; 540 struct vattr *a_vap; 541 struct ucred *a_cred; 542 } */ *ap; 543 { 544 struct vnode *vp = ap->a_vp; 545 struct inode *ip = VTOI(vp); 546 struct vattr *vap = ap->a_vap; 547 548 VI_LOCK(vp); 549 ufs_itimes_locked(vp); 550 if (I_IS_UFS1(ip)) { 551 vap->va_atime.tv_sec = ip->i_din1->di_atime; 552 vap->va_atime.tv_nsec = ip->i_din1->di_atimensec; 553 } else { 554 vap->va_atime.tv_sec = ip->i_din2->di_atime; 555 vap->va_atime.tv_nsec = ip->i_din2->di_atimensec; 556 } 557 VI_UNLOCK(vp); 558 /* 559 * Copy from inode table 560 */ 561 vap->va_fsid = dev2udev(ITOUMP(ip)->um_dev); 562 vap->va_fileid = ip->i_number; 563 vap->va_mode = ip->i_mode & ~IFMT; 564 vap->va_nlink = ip->i_effnlink; 565 vap->va_uid = ip->i_uid; 566 vap->va_gid = ip->i_gid; 567 if (I_IS_UFS1(ip)) { 568 vap->va_rdev = ip->i_din1->di_rdev; 569 vap->va_size = ip->i_din1->di_size; 570 vap->va_mtime.tv_sec = ip->i_din1->di_mtime; 571 vap->va_mtime.tv_nsec = ip->i_din1->di_mtimensec; 572 vap->va_ctime.tv_sec = ip->i_din1->di_ctime; 573 vap->va_ctime.tv_nsec = ip->i_din1->di_ctimensec; 574 vap->va_bytes = dbtob((u_quad_t)ip->i_din1->di_blocks); 575 vap->va_filerev = ip->i_din1->di_modrev; 576 } else { 577 vap->va_rdev = ip->i_din2->di_rdev; 578 vap->va_size = ip->i_din2->di_size; 579 vap->va_mtime.tv_sec = ip->i_din2->di_mtime; 580 vap->va_mtime.tv_nsec = ip->i_din2->di_mtimensec; 581 vap->va_ctime.tv_sec = ip->i_din2->di_ctime; 582 vap->va_ctime.tv_nsec = ip->i_din2->di_ctimensec; 583 vap->va_birthtime.tv_sec = ip->i_din2->di_birthtime; 584 vap->va_birthtime.tv_nsec = ip->i_din2->di_birthnsec; 585 vap->va_bytes = dbtob((u_quad_t)ip->i_din2->di_blocks); 586 vap->va_filerev = ip->i_din2->di_modrev; 587 } 588 vap->va_flags = ip->i_flags; 589 vap->va_gen = ip->i_gen; 590 vap->va_blocksize = vp->v_mount->mnt_stat.f_iosize; 591 vap->va_type = IFTOVT(ip->i_mode); 592 return (0); 593 } 594 595 /* 596 * Set attribute vnode op. called from several syscalls 597 */ 598 static int 599 ufs_setattr(ap) 600 struct vop_setattr_args /* { 601 struct vnode *a_vp; 602 struct vattr *a_vap; 603 struct ucred *a_cred; 604 } */ *ap; 605 { 606 struct vattr *vap = ap->a_vap; 607 struct vnode *vp = ap->a_vp; 608 struct inode *ip = VTOI(vp); 609 struct ucred *cred = ap->a_cred; 610 struct thread *td = curthread; 611 int error; 612 613 /* 614 * Check for unsettable attributes. 615 */ 616 if ((vap->va_type != VNON) || (vap->va_nlink != VNOVAL) || 617 (vap->va_fsid != VNOVAL) || (vap->va_fileid != VNOVAL) || 618 (vap->va_blocksize != VNOVAL) || (vap->va_rdev != VNOVAL) || 619 ((int)vap->va_bytes != VNOVAL) || (vap->va_gen != VNOVAL)) { 620 return (EINVAL); 621 } 622 if (vap->va_flags != VNOVAL) { 623 if ((vap->va_flags & ~(SF_APPEND | SF_ARCHIVED | SF_IMMUTABLE | 624 SF_NOUNLINK | SF_SNAPSHOT | UF_APPEND | UF_ARCHIVE | 625 UF_HIDDEN | UF_IMMUTABLE | UF_NODUMP | UF_NOUNLINK | 626 UF_OFFLINE | UF_OPAQUE | UF_READONLY | UF_REPARSE | 627 UF_SPARSE | UF_SYSTEM)) != 0) 628 return (EOPNOTSUPP); 629 if (vp->v_mount->mnt_flag & MNT_RDONLY) 630 return (EROFS); 631 /* 632 * Callers may only modify the file flags on objects they 633 * have VADMIN rights for. 634 */ 635 if ((error = VOP_ACCESS(vp, VADMIN, cred, td))) 636 return (error); 637 /* 638 * Unprivileged processes are not permitted to unset system 639 * flags, or modify flags if any system flags are set. 640 * Privileged non-jail processes may not modify system flags 641 * if securelevel > 0 and any existing system flags are set. 642 * Privileged jail processes behave like privileged non-jail 643 * processes if the PR_ALLOW_CHFLAGS permission bit is set; 644 * otherwise, they behave like unprivileged processes. 645 */ 646 if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS)) { 647 if (ip->i_flags & 648 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) { 649 error = securelevel_gt(cred, 0); 650 if (error) 651 return (error); 652 } 653 /* The snapshot flag cannot be toggled. */ 654 if ((vap->va_flags ^ ip->i_flags) & SF_SNAPSHOT) 655 return (EPERM); 656 } else { 657 if (ip->i_flags & 658 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND) || 659 ((vap->va_flags ^ ip->i_flags) & SF_SETTABLE)) 660 return (EPERM); 661 } 662 ip->i_flags = vap->va_flags; 663 DIP_SET(ip, i_flags, vap->va_flags); 664 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 665 error = UFS_UPDATE(vp, 0); 666 if (ip->i_flags & (IMMUTABLE | APPEND)) 667 return (error); 668 } 669 /* 670 * If immutable or append, no one can change any of its attributes 671 * except the ones already handled (in some cases, file flags 672 * including the immutability flags themselves for the superuser). 673 */ 674 if (ip->i_flags & (IMMUTABLE | APPEND)) 675 return (EPERM); 676 /* 677 * Go through the fields and update iff not VNOVAL. 678 */ 679 if (vap->va_uid != (uid_t)VNOVAL || vap->va_gid != (gid_t)VNOVAL) { 680 if (vp->v_mount->mnt_flag & MNT_RDONLY) 681 return (EROFS); 682 if ((error = ufs_chown(vp, vap->va_uid, vap->va_gid, cred, 683 td)) != 0) 684 return (error); 685 } 686 if (vap->va_size != VNOVAL) { 687 /* 688 * XXX most of the following special cases should be in 689 * callers instead of in N filesystems. The VDIR check 690 * mostly already is. 691 */ 692 switch (vp->v_type) { 693 case VDIR: 694 return (EISDIR); 695 case VLNK: 696 case VREG: 697 /* 698 * Truncation should have an effect in these cases. 699 * Disallow it if the filesystem is read-only or 700 * the file is being snapshotted. 701 */ 702 if (vp->v_mount->mnt_flag & MNT_RDONLY) 703 return (EROFS); 704 if ((ip->i_flags & SF_SNAPSHOT) != 0) 705 return (EPERM); 706 break; 707 default: 708 /* 709 * According to POSIX, the result is unspecified 710 * for file types other than regular files, 711 * directories and shared memory objects. We 712 * don't support shared memory objects in the file 713 * system, and have dubious support for truncating 714 * symlinks. Just ignore the request in other cases. 715 */ 716 return (0); 717 } 718 if ((error = UFS_TRUNCATE(vp, vap->va_size, IO_NORMAL | 719 ((vap->va_vaflags & VA_SYNC) != 0 ? IO_SYNC : 0), 720 cred)) != 0) 721 return (error); 722 } 723 if (vap->va_atime.tv_sec != VNOVAL || 724 vap->va_mtime.tv_sec != VNOVAL || 725 vap->va_birthtime.tv_sec != VNOVAL) { 726 if (vp->v_mount->mnt_flag & MNT_RDONLY) 727 return (EROFS); 728 if ((ip->i_flags & SF_SNAPSHOT) != 0) 729 return (EPERM); 730 error = vn_utimes_perm(vp, vap, cred, td); 731 if (error != 0) 732 return (error); 733 UFS_INODE_SET_FLAG(ip, IN_CHANGE | IN_MODIFIED); 734 if (vap->va_atime.tv_sec != VNOVAL) { 735 ip->i_flag &= ~IN_ACCESS; 736 DIP_SET(ip, i_atime, vap->va_atime.tv_sec); 737 DIP_SET(ip, i_atimensec, vap->va_atime.tv_nsec); 738 } 739 if (vap->va_mtime.tv_sec != VNOVAL) { 740 ip->i_flag &= ~IN_UPDATE; 741 DIP_SET(ip, i_mtime, vap->va_mtime.tv_sec); 742 DIP_SET(ip, i_mtimensec, vap->va_mtime.tv_nsec); 743 } 744 if (vap->va_birthtime.tv_sec != VNOVAL && I_IS_UFS2(ip)) { 745 ip->i_din2->di_birthtime = vap->va_birthtime.tv_sec; 746 ip->i_din2->di_birthnsec = vap->va_birthtime.tv_nsec; 747 } 748 error = UFS_UPDATE(vp, 0); 749 if (error) 750 return (error); 751 } 752 error = 0; 753 if (vap->va_mode != (mode_t)VNOVAL) { 754 if (vp->v_mount->mnt_flag & MNT_RDONLY) 755 return (EROFS); 756 if ((ip->i_flags & SF_SNAPSHOT) != 0 && (vap->va_mode & 757 (S_IXUSR | S_IWUSR | S_IXGRP | S_IWGRP | S_IXOTH | S_IWOTH))) 758 return (EPERM); 759 error = ufs_chmod(vp, (int)vap->va_mode, cred, td); 760 } 761 return (error); 762 } 763 764 #ifdef UFS_ACL 765 static int 766 ufs_update_nfs4_acl_after_mode_change(struct vnode *vp, int mode, 767 int file_owner_id, struct ucred *cred, struct thread *td) 768 { 769 int error; 770 struct acl *aclp; 771 772 aclp = acl_alloc(M_WAITOK); 773 error = ufs_getacl_nfs4_internal(vp, aclp, td); 774 /* 775 * We don't have to handle EOPNOTSUPP here, as the filesystem claims 776 * it supports ACLs. 777 */ 778 if (error) 779 goto out; 780 781 acl_nfs4_sync_acl_from_mode(aclp, mode, file_owner_id); 782 error = ufs_setacl_nfs4_internal(vp, aclp, td); 783 784 out: 785 acl_free(aclp); 786 return (error); 787 } 788 #endif /* UFS_ACL */ 789 790 static int 791 ufs_mmapped(ap) 792 struct vop_mmapped_args /* { 793 struct vnode *a_vp; 794 } */ *ap; 795 { 796 struct vnode *vp; 797 struct inode *ip; 798 struct mount *mp; 799 800 vp = ap->a_vp; 801 ip = VTOI(vp); 802 mp = vp->v_mount; 803 804 if ((mp->mnt_flag & (MNT_NOATIME | MNT_RDONLY)) == 0) 805 UFS_INODE_SET_FLAG_SHARED(ip, IN_ACCESS); 806 /* 807 * XXXKIB No UFS_UPDATE(ap->a_vp, 0) there. 808 */ 809 return (0); 810 } 811 812 /* 813 * Change the mode on a file. 814 * Inode must be locked before calling. 815 */ 816 static int 817 ufs_chmod(vp, mode, cred, td) 818 struct vnode *vp; 819 int mode; 820 struct ucred *cred; 821 struct thread *td; 822 { 823 struct inode *ip = VTOI(vp); 824 int newmode, error; 825 826 /* 827 * To modify the permissions on a file, must possess VADMIN 828 * for that file. 829 */ 830 if ((error = VOP_ACCESSX(vp, VWRITE_ACL, cred, td))) 831 return (error); 832 /* 833 * Privileged processes may set the sticky bit on non-directories, 834 * as well as set the setgid bit on a file with a group that the 835 * process is not a member of. Both of these are allowed in 836 * jail(8). 837 */ 838 if (vp->v_type != VDIR && (mode & S_ISTXT)) { 839 if (priv_check_cred(cred, PRIV_VFS_STICKYFILE)) 840 return (EFTYPE); 841 } 842 if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) { 843 error = priv_check_cred(cred, PRIV_VFS_SETGID); 844 if (error) 845 return (error); 846 } 847 848 /* 849 * Deny setting setuid if we are not the file owner. 850 */ 851 if ((mode & ISUID) && ip->i_uid != cred->cr_uid) { 852 error = priv_check_cred(cred, PRIV_VFS_ADMIN); 853 if (error) 854 return (error); 855 } 856 857 newmode = ip->i_mode & ~ALLPERMS; 858 newmode |= (mode & ALLPERMS); 859 UFS_INODE_SET_MODE(ip, newmode); 860 DIP_SET(ip, i_mode, ip->i_mode); 861 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 862 #ifdef UFS_ACL 863 if ((vp->v_mount->mnt_flag & MNT_NFS4ACLS) != 0) 864 error = ufs_update_nfs4_acl_after_mode_change(vp, mode, ip->i_uid, cred, td); 865 #endif 866 if (error == 0 && (ip->i_flag & IN_CHANGE) != 0) 867 error = UFS_UPDATE(vp, 0); 868 869 return (error); 870 } 871 872 /* 873 * Perform chown operation on inode ip; 874 * inode must be locked prior to call. 875 */ 876 static int 877 ufs_chown(vp, uid, gid, cred, td) 878 struct vnode *vp; 879 uid_t uid; 880 gid_t gid; 881 struct ucred *cred; 882 struct thread *td; 883 { 884 struct inode *ip = VTOI(vp); 885 uid_t ouid; 886 gid_t ogid; 887 int error = 0; 888 #ifdef QUOTA 889 int i; 890 ufs2_daddr_t change; 891 #endif 892 893 if (uid == (uid_t)VNOVAL) 894 uid = ip->i_uid; 895 if (gid == (gid_t)VNOVAL) 896 gid = ip->i_gid; 897 /* 898 * To modify the ownership of a file, must possess VADMIN for that 899 * file. 900 */ 901 if ((error = VOP_ACCESSX(vp, VWRITE_OWNER, cred, td))) 902 return (error); 903 /* 904 * To change the owner of a file, or change the group of a file to a 905 * group of which we are not a member, the caller must have 906 * privilege. 907 */ 908 if (((uid != ip->i_uid && uid != cred->cr_uid) || 909 (gid != ip->i_gid && !groupmember(gid, cred))) && 910 (error = priv_check_cred(cred, PRIV_VFS_CHOWN))) 911 return (error); 912 ogid = ip->i_gid; 913 ouid = ip->i_uid; 914 #ifdef QUOTA 915 if ((error = getinoquota(ip)) != 0) 916 return (error); 917 if (ouid == uid) { 918 dqrele(vp, ip->i_dquot[USRQUOTA]); 919 ip->i_dquot[USRQUOTA] = NODQUOT; 920 } 921 if (ogid == gid) { 922 dqrele(vp, ip->i_dquot[GRPQUOTA]); 923 ip->i_dquot[GRPQUOTA] = NODQUOT; 924 } 925 change = DIP(ip, i_blocks); 926 (void) chkdq(ip, -change, cred, CHOWN|FORCE); 927 (void) chkiq(ip, -1, cred, CHOWN|FORCE); 928 for (i = 0; i < MAXQUOTAS; i++) { 929 dqrele(vp, ip->i_dquot[i]); 930 ip->i_dquot[i] = NODQUOT; 931 } 932 #endif 933 ip->i_gid = gid; 934 DIP_SET(ip, i_gid, gid); 935 ip->i_uid = uid; 936 DIP_SET(ip, i_uid, uid); 937 #ifdef QUOTA 938 if ((error = getinoquota(ip)) == 0) { 939 if (ouid == uid) { 940 dqrele(vp, ip->i_dquot[USRQUOTA]); 941 ip->i_dquot[USRQUOTA] = NODQUOT; 942 } 943 if (ogid == gid) { 944 dqrele(vp, ip->i_dquot[GRPQUOTA]); 945 ip->i_dquot[GRPQUOTA] = NODQUOT; 946 } 947 if ((error = chkdq(ip, change, cred, CHOWN)) == 0) { 948 if ((error = chkiq(ip, 1, cred, CHOWN)) == 0) 949 goto good; 950 else 951 (void) chkdq(ip, -change, cred, CHOWN|FORCE); 952 } 953 for (i = 0; i < MAXQUOTAS; i++) { 954 dqrele(vp, ip->i_dquot[i]); 955 ip->i_dquot[i] = NODQUOT; 956 } 957 } 958 ip->i_gid = ogid; 959 DIP_SET(ip, i_gid, ogid); 960 ip->i_uid = ouid; 961 DIP_SET(ip, i_uid, ouid); 962 if (getinoquota(ip) == 0) { 963 if (ouid == uid) { 964 dqrele(vp, ip->i_dquot[USRQUOTA]); 965 ip->i_dquot[USRQUOTA] = NODQUOT; 966 } 967 if (ogid == gid) { 968 dqrele(vp, ip->i_dquot[GRPQUOTA]); 969 ip->i_dquot[GRPQUOTA] = NODQUOT; 970 } 971 (void) chkdq(ip, change, cred, FORCE|CHOWN); 972 (void) chkiq(ip, 1, cred, FORCE|CHOWN); 973 (void) getinoquota(ip); 974 } 975 return (error); 976 good: 977 if (getinoquota(ip)) 978 panic("ufs_chown: lost quota"); 979 #endif /* QUOTA */ 980 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 981 if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) { 982 if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID)) { 983 UFS_INODE_SET_MODE(ip, ip->i_mode & ~(ISUID | ISGID)); 984 DIP_SET(ip, i_mode, ip->i_mode); 985 } 986 } 987 error = UFS_UPDATE(vp, 0); 988 return (error); 989 } 990 991 static int 992 ufs_remove(ap) 993 struct vop_remove_args /* { 994 struct vnode *a_dvp; 995 struct vnode *a_vp; 996 struct componentname *a_cnp; 997 } */ *ap; 998 { 999 struct inode *ip; 1000 struct vnode *vp = ap->a_vp; 1001 struct vnode *dvp = ap->a_dvp; 1002 int error; 1003 struct thread *td; 1004 1005 td = curthread; 1006 ip = VTOI(vp); 1007 if ((ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) || 1008 (VTOI(dvp)->i_flags & APPEND)) 1009 return (EPERM); 1010 if (DOINGSUJ(dvp)) { 1011 error = softdep_prelink(dvp, vp); 1012 if (error != 0) { 1013 MPASS(error == ERELOOKUP); 1014 return (error); 1015 } 1016 } 1017 1018 #ifdef UFS_GJOURNAL 1019 ufs_gjournal_orphan(vp); 1020 #endif 1021 error = ufs_dirremove(dvp, ip, ap->a_cnp->cn_flags, 0); 1022 if (ip->i_nlink <= 0) 1023 vp->v_vflag |= VV_NOSYNC; 1024 if ((ip->i_flags & SF_SNAPSHOT) != 0) { 1025 /* 1026 * Avoid deadlock where another thread is trying to 1027 * update the inodeblock for dvp and is waiting on 1028 * snaplk. Temporary unlock the vnode lock for the 1029 * unlinked file and sync the directory. This should 1030 * allow vput() of the directory to not block later on 1031 * while holding the snapshot vnode locked, assuming 1032 * that the directory hasn't been unlinked too. 1033 */ 1034 VOP_UNLOCK(vp); 1035 (void) VOP_FSYNC(dvp, MNT_WAIT, td); 1036 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 1037 } 1038 return (error); 1039 } 1040 1041 static void 1042 print_bad_link_count(const char *funcname, struct vnode *dvp) 1043 { 1044 struct inode *dip; 1045 1046 dip = VTOI(dvp); 1047 uprintf("%s: Bad link count %d on parent inode %jd in file system %s\n", 1048 funcname, dip->i_effnlink, (intmax_t)dip->i_number, 1049 dvp->v_mount->mnt_stat.f_mntonname); 1050 } 1051 1052 /* 1053 * link vnode call 1054 */ 1055 static int 1056 ufs_link(ap) 1057 struct vop_link_args /* { 1058 struct vnode *a_tdvp; 1059 struct vnode *a_vp; 1060 struct componentname *a_cnp; 1061 } */ *ap; 1062 { 1063 struct vnode *vp = ap->a_vp; 1064 struct vnode *tdvp = ap->a_tdvp; 1065 struct componentname *cnp = ap->a_cnp; 1066 struct inode *ip; 1067 struct direct newdir; 1068 int error; 1069 1070 #ifdef INVARIANTS 1071 if ((cnp->cn_flags & HASBUF) == 0) 1072 panic("ufs_link: no name"); 1073 #endif 1074 1075 if (DOINGSUJ(tdvp)) { 1076 error = softdep_prelink(tdvp, vp); 1077 if (error != 0) { 1078 MPASS(error == ERELOOKUP); 1079 return (error); 1080 } 1081 } 1082 1083 if (VTOI(tdvp)->i_effnlink < 2) { 1084 print_bad_link_count("ufs_link", tdvp); 1085 error = EINVAL; 1086 goto out; 1087 } 1088 ip = VTOI(vp); 1089 if (ip->i_nlink >= UFS_LINK_MAX) { 1090 error = EMLINK; 1091 goto out; 1092 } 1093 /* 1094 * The file may have been removed after namei droped the original 1095 * lock. 1096 */ 1097 if (ip->i_effnlink == 0) { 1098 error = ENOENT; 1099 goto out; 1100 } 1101 if (ip->i_flags & (IMMUTABLE | APPEND)) { 1102 error = EPERM; 1103 goto out; 1104 } 1105 1106 ip->i_effnlink++; 1107 ip->i_nlink++; 1108 DIP_SET(ip, i_nlink, ip->i_nlink); 1109 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 1110 if (DOINGSOFTDEP(vp)) 1111 softdep_setup_link(VTOI(tdvp), ip); 1112 error = UFS_UPDATE(vp, !DOINGSOFTDEP(vp) && !DOINGASYNC(vp)); 1113 if (!error) { 1114 ufs_makedirentry(ip, cnp, &newdir); 1115 error = ufs_direnter(tdvp, vp, &newdir, cnp, NULL); 1116 } 1117 1118 if (error) { 1119 ip->i_effnlink--; 1120 ip->i_nlink--; 1121 DIP_SET(ip, i_nlink, ip->i_nlink); 1122 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 1123 if (DOINGSOFTDEP(vp)) 1124 softdep_revert_link(VTOI(tdvp), ip); 1125 } 1126 out: 1127 return (error); 1128 } 1129 1130 /* 1131 * whiteout vnode call 1132 */ 1133 static int 1134 ufs_whiteout(ap) 1135 struct vop_whiteout_args /* { 1136 struct vnode *a_dvp; 1137 struct componentname *a_cnp; 1138 int a_flags; 1139 } */ *ap; 1140 { 1141 struct vnode *dvp = ap->a_dvp; 1142 struct componentname *cnp = ap->a_cnp; 1143 struct direct newdir; 1144 int error = 0; 1145 1146 if (DOINGSUJ(dvp) && (ap->a_flags == CREATE || 1147 ap->a_flags == DELETE)) { 1148 error = softdep_prelink(dvp, NULL); 1149 if (error != 0) { 1150 MPASS(error == ERELOOKUP); 1151 return (error); 1152 } 1153 } 1154 1155 switch (ap->a_flags) { 1156 case LOOKUP: 1157 /* 4.4 format directories support whiteout operations */ 1158 if (!OFSFMT(dvp)) 1159 return (0); 1160 return (EOPNOTSUPP); 1161 1162 case CREATE: 1163 /* create a new directory whiteout */ 1164 #ifdef INVARIANTS 1165 if ((cnp->cn_flags & SAVENAME) == 0) 1166 panic("ufs_whiteout: missing name"); 1167 if (OFSFMT(dvp)) 1168 panic("ufs_whiteout: old format filesystem"); 1169 #endif 1170 1171 newdir.d_ino = UFS_WINO; 1172 newdir.d_namlen = cnp->cn_namelen; 1173 bcopy(cnp->cn_nameptr, newdir.d_name, (unsigned)cnp->cn_namelen + 1); 1174 newdir.d_type = DT_WHT; 1175 error = ufs_direnter(dvp, NULL, &newdir, cnp, NULL); 1176 break; 1177 1178 case DELETE: 1179 /* remove an existing directory whiteout */ 1180 #ifdef INVARIANTS 1181 if (OFSFMT(dvp)) 1182 panic("ufs_whiteout: old format filesystem"); 1183 #endif 1184 1185 cnp->cn_flags &= ~DOWHITEOUT; 1186 error = ufs_dirremove(dvp, NULL, cnp->cn_flags, 0); 1187 break; 1188 default: 1189 panic("ufs_whiteout: unknown op"); 1190 } 1191 return (error); 1192 } 1193 1194 static volatile int rename_restarts; 1195 SYSCTL_INT(_vfs_ufs, OID_AUTO, rename_restarts, CTLFLAG_RD, 1196 __DEVOLATILE(int *, &rename_restarts), 0, 1197 "Times rename had to restart due to lock contention"); 1198 1199 /* 1200 * Rename system call. 1201 * rename("foo", "bar"); 1202 * is essentially 1203 * unlink("bar"); 1204 * link("foo", "bar"); 1205 * unlink("foo"); 1206 * but ``atomically''. Can't do full commit without saving state in the 1207 * inode on disk which isn't feasible at this time. Best we can do is 1208 * always guarantee the target exists. 1209 * 1210 * Basic algorithm is: 1211 * 1212 * 1) Bump link count on source while we're linking it to the 1213 * target. This also ensure the inode won't be deleted out 1214 * from underneath us while we work (it may be truncated by 1215 * a concurrent `trunc' or `open' for creation). 1216 * 2) Link source to destination. If destination already exists, 1217 * delete it first. 1218 * 3) Unlink source reference to inode if still around. If a 1219 * directory was moved and the parent of the destination 1220 * is different from the source, patch the ".." entry in the 1221 * directory. 1222 */ 1223 static int 1224 ufs_rename(ap) 1225 struct vop_rename_args /* { 1226 struct vnode *a_fdvp; 1227 struct vnode *a_fvp; 1228 struct componentname *a_fcnp; 1229 struct vnode *a_tdvp; 1230 struct vnode *a_tvp; 1231 struct componentname *a_tcnp; 1232 } */ *ap; 1233 { 1234 struct vnode *tvp = ap->a_tvp; 1235 struct vnode *tdvp = ap->a_tdvp; 1236 struct vnode *fvp = ap->a_fvp; 1237 struct vnode *fdvp = ap->a_fdvp; 1238 struct vnode *nvp; 1239 struct componentname *tcnp = ap->a_tcnp; 1240 struct componentname *fcnp = ap->a_fcnp; 1241 struct thread *td = fcnp->cn_thread; 1242 struct inode *fip, *tip, *tdp, *fdp; 1243 struct direct newdir; 1244 off_t endoff; 1245 int doingdirectory, newparent; 1246 int error = 0; 1247 struct mount *mp; 1248 ino_t ino; 1249 bool want_seqc_end; 1250 1251 want_seqc_end = false; 1252 1253 #ifdef INVARIANTS 1254 if ((tcnp->cn_flags & HASBUF) == 0 || 1255 (fcnp->cn_flags & HASBUF) == 0) 1256 panic("ufs_rename: no name"); 1257 #endif 1258 endoff = 0; 1259 mp = tdvp->v_mount; 1260 VOP_UNLOCK(tdvp); 1261 if (tvp && tvp != tdvp) 1262 VOP_UNLOCK(tvp); 1263 /* 1264 * Check for cross-device rename. 1265 */ 1266 if ((fvp->v_mount != tdvp->v_mount) || 1267 (tvp && (fvp->v_mount != tvp->v_mount))) { 1268 error = EXDEV; 1269 mp = NULL; 1270 goto releout; 1271 } 1272 relock: 1273 /* 1274 * We need to acquire 2 to 4 locks depending on whether tvp is NULL 1275 * and fdvp and tdvp are the same directory. Subsequently we need 1276 * to double-check all paths and in the directory rename case we 1277 * need to verify that we are not creating a directory loop. To 1278 * handle this we acquire all but fdvp using non-blocking 1279 * acquisitions. If we fail to acquire any lock in the path we will 1280 * drop all held locks, acquire the new lock in a blocking fashion, 1281 * and then release it and restart the rename. This acquire/release 1282 * step ensures that we do not spin on a lock waiting for release. 1283 */ 1284 error = vn_lock(fdvp, LK_EXCLUSIVE); 1285 if (error) 1286 goto releout; 1287 if (vn_lock(tdvp, LK_EXCLUSIVE | LK_NOWAIT) != 0) { 1288 VOP_UNLOCK(fdvp); 1289 error = vn_lock(tdvp, LK_EXCLUSIVE); 1290 if (error) 1291 goto releout; 1292 VOP_UNLOCK(tdvp); 1293 atomic_add_int(&rename_restarts, 1); 1294 goto relock; 1295 } 1296 /* 1297 * Re-resolve fvp to be certain it still exists and fetch the 1298 * correct vnode. 1299 */ 1300 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino); 1301 if (error) { 1302 VOP_UNLOCK(fdvp); 1303 VOP_UNLOCK(tdvp); 1304 goto releout; 1305 } 1306 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp); 1307 if (error) { 1308 VOP_UNLOCK(fdvp); 1309 VOP_UNLOCK(tdvp); 1310 if (error != EBUSY) 1311 goto releout; 1312 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp); 1313 if (error != 0) 1314 goto releout; 1315 VOP_UNLOCK(nvp); 1316 vrele(fvp); 1317 fvp = nvp; 1318 atomic_add_int(&rename_restarts, 1); 1319 goto relock; 1320 } 1321 vrele(fvp); 1322 fvp = nvp; 1323 /* 1324 * Re-resolve tvp and acquire the vnode lock if present. 1325 */ 1326 error = ufs_lookup_ino(tdvp, NULL, tcnp, &ino); 1327 if (error != 0 && error != EJUSTRETURN) { 1328 VOP_UNLOCK(fdvp); 1329 VOP_UNLOCK(tdvp); 1330 VOP_UNLOCK(fvp); 1331 goto releout; 1332 } 1333 /* 1334 * If tvp disappeared we just carry on. 1335 */ 1336 if (error == EJUSTRETURN && tvp != NULL) { 1337 vrele(tvp); 1338 tvp = NULL; 1339 } 1340 /* 1341 * Get the tvp ino if the lookup succeeded. We may have to restart 1342 * if the non-blocking acquire fails. 1343 */ 1344 if (error == 0) { 1345 nvp = NULL; 1346 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp); 1347 if (tvp) 1348 vrele(tvp); 1349 tvp = nvp; 1350 if (error) { 1351 VOP_UNLOCK(fdvp); 1352 VOP_UNLOCK(tdvp); 1353 VOP_UNLOCK(fvp); 1354 if (error != EBUSY) 1355 goto releout; 1356 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp); 1357 if (error != 0) 1358 goto releout; 1359 vput(nvp); 1360 atomic_add_int(&rename_restarts, 1); 1361 goto relock; 1362 } 1363 } 1364 1365 if (DOINGSOFTDEP(fdvp)) { 1366 error = softdep_prerename(fdvp, fvp, tdvp, tvp); 1367 if (error != 0) { 1368 if (error == ERELOOKUP) { 1369 atomic_add_int(&rename_restarts, 1); 1370 goto relock; 1371 } 1372 goto releout; 1373 } 1374 } 1375 1376 fdp = VTOI(fdvp); 1377 fip = VTOI(fvp); 1378 tdp = VTOI(tdvp); 1379 tip = NULL; 1380 if (tvp) 1381 tip = VTOI(tvp); 1382 if (tvp && ((VTOI(tvp)->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) || 1383 (VTOI(tdvp)->i_flags & APPEND))) { 1384 error = EPERM; 1385 goto unlockout; 1386 } 1387 /* 1388 * Renaming a file to itself has no effect. The upper layers should 1389 * not call us in that case. However, things could change after 1390 * we drop the locks above. 1391 */ 1392 if (fvp == tvp) { 1393 error = 0; 1394 goto unlockout; 1395 } 1396 doingdirectory = 0; 1397 newparent = 0; 1398 ino = fip->i_number; 1399 if (fip->i_nlink >= UFS_LINK_MAX) { 1400 error = EMLINK; 1401 goto unlockout; 1402 } 1403 if ((fip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) 1404 || (fdp->i_flags & APPEND)) { 1405 error = EPERM; 1406 goto unlockout; 1407 } 1408 if ((fip->i_mode & IFMT) == IFDIR) { 1409 /* 1410 * Avoid ".", "..", and aliases of "." for obvious reasons. 1411 */ 1412 if ((fcnp->cn_namelen == 1 && fcnp->cn_nameptr[0] == '.') || 1413 fdp == fip || 1414 (fcnp->cn_flags | tcnp->cn_flags) & ISDOTDOT) { 1415 error = EINVAL; 1416 goto unlockout; 1417 } 1418 if (fdp->i_number != tdp->i_number) 1419 newparent = tdp->i_number; 1420 doingdirectory = 1; 1421 } 1422 if ((fvp->v_type == VDIR && fvp->v_mountedhere != NULL) || 1423 (tvp != NULL && tvp->v_type == VDIR && 1424 tvp->v_mountedhere != NULL)) { 1425 error = EXDEV; 1426 goto unlockout; 1427 } 1428 1429 /* 1430 * If ".." must be changed (ie the directory gets a new 1431 * parent) then the source directory must not be in the 1432 * directory hierarchy above the target, as this would 1433 * orphan everything below the source directory. Also 1434 * the user must have write permission in the source so 1435 * as to be able to change "..". 1436 */ 1437 if (doingdirectory && newparent) { 1438 error = VOP_ACCESS(fvp, VWRITE, tcnp->cn_cred, tcnp->cn_thread); 1439 if (error) 1440 goto unlockout; 1441 error = ufs_checkpath(ino, fdp->i_number, tdp, tcnp->cn_cred, 1442 &ino); 1443 /* 1444 * We encountered a lock that we have to wait for. Unlock 1445 * everything else and VGET before restarting. 1446 */ 1447 if (ino) { 1448 VOP_UNLOCK(fdvp); 1449 VOP_UNLOCK(fvp); 1450 VOP_UNLOCK(tdvp); 1451 if (tvp) 1452 VOP_UNLOCK(tvp); 1453 error = VFS_VGET(mp, ino, LK_SHARED, &nvp); 1454 if (error == 0) 1455 vput(nvp); 1456 atomic_add_int(&rename_restarts, 1); 1457 goto relock; 1458 } 1459 if (error) 1460 goto unlockout; 1461 if ((tcnp->cn_flags & SAVESTART) == 0) 1462 panic("ufs_rename: lost to startdir"); 1463 } 1464 if (fip->i_effnlink == 0 || fdp->i_effnlink == 0 || 1465 tdp->i_effnlink == 0) 1466 panic("Bad effnlink fip %p, fdp %p, tdp %p", fip, fdp, tdp); 1467 1468 if (tvp != NULL) 1469 vn_seqc_write_begin(tvp); 1470 vn_seqc_write_begin(tdvp); 1471 vn_seqc_write_begin(fvp); 1472 vn_seqc_write_begin(fdvp); 1473 want_seqc_end = true; 1474 1475 /* 1476 * 1) Bump link count while we're moving stuff 1477 * around. If we crash somewhere before 1478 * completing our work, the link count 1479 * may be wrong, but correctable. 1480 */ 1481 fip->i_effnlink++; 1482 fip->i_nlink++; 1483 DIP_SET(fip, i_nlink, fip->i_nlink); 1484 UFS_INODE_SET_FLAG(fip, IN_CHANGE); 1485 if (DOINGSOFTDEP(fvp)) 1486 softdep_setup_link(tdp, fip); 1487 error = UFS_UPDATE(fvp, !DOINGSOFTDEP(fvp) && !DOINGASYNC(fvp)); 1488 if (error) 1489 goto bad; 1490 1491 /* 1492 * 2) If target doesn't exist, link the target 1493 * to the source and unlink the source. 1494 * Otherwise, rewrite the target directory 1495 * entry to reference the source inode and 1496 * expunge the original entry's existence. 1497 */ 1498 if (tip == NULL) { 1499 if (ITODEV(tdp) != ITODEV(fip)) 1500 panic("ufs_rename: EXDEV"); 1501 if (doingdirectory && newparent) { 1502 /* 1503 * Account for ".." in new directory. 1504 * When source and destination have the same 1505 * parent we don't adjust the link count. The 1506 * actual link modification is completed when 1507 * .. is rewritten below. 1508 */ 1509 if (tdp->i_nlink >= UFS_LINK_MAX) { 1510 error = EMLINK; 1511 goto bad; 1512 } 1513 } 1514 ufs_makedirentry(fip, tcnp, &newdir); 1515 error = ufs_direnter(tdvp, NULL, &newdir, tcnp, NULL); 1516 if (error) 1517 goto bad; 1518 /* Setup tdvp for directory compaction if needed. */ 1519 if (I_COUNT(tdp) != 0 && I_ENDOFF(tdp) != 0 && 1520 I_ENDOFF(tdp) < tdp->i_size) 1521 endoff = I_ENDOFF(tdp); 1522 } else { 1523 if (ITODEV(tip) != ITODEV(tdp) || ITODEV(tip) != ITODEV(fip)) 1524 panic("ufs_rename: EXDEV"); 1525 /* 1526 * Short circuit rename(foo, foo). 1527 */ 1528 if (tip->i_number == fip->i_number) 1529 panic("ufs_rename: same file"); 1530 /* 1531 * If the parent directory is "sticky", then the caller 1532 * must possess VADMIN for the parent directory, or the 1533 * destination of the rename. This implements append-only 1534 * directories. 1535 */ 1536 if ((tdp->i_mode & S_ISTXT) && 1537 VOP_ACCESS(tdvp, VADMIN, tcnp->cn_cred, td) && 1538 VOP_ACCESS(tvp, VADMIN, tcnp->cn_cred, td)) { 1539 error = EPERM; 1540 goto bad; 1541 } 1542 /* 1543 * Target must be empty if a directory and have no links 1544 * to it. Also, ensure source and target are compatible 1545 * (both directories, or both not directories). 1546 */ 1547 if ((tip->i_mode & IFMT) == IFDIR) { 1548 if ((tip->i_effnlink > 2) || 1549 !ufs_dirempty(tip, tdp->i_number, tcnp->cn_cred)) { 1550 error = ENOTEMPTY; 1551 goto bad; 1552 } 1553 if (!doingdirectory) { 1554 error = ENOTDIR; 1555 goto bad; 1556 } 1557 cache_purge(tdvp); 1558 } else if (doingdirectory) { 1559 error = EISDIR; 1560 goto bad; 1561 } 1562 if (doingdirectory) { 1563 if (!newparent) { 1564 tdp->i_effnlink--; 1565 if (DOINGSOFTDEP(tdvp)) 1566 softdep_change_linkcnt(tdp); 1567 } 1568 tip->i_effnlink--; 1569 if (DOINGSOFTDEP(tvp)) 1570 softdep_change_linkcnt(tip); 1571 } 1572 error = ufs_dirrewrite(tdp, tip, fip->i_number, 1573 IFTODT(fip->i_mode), 1574 (doingdirectory && newparent) ? newparent : doingdirectory); 1575 if (error) { 1576 if (doingdirectory) { 1577 if (!newparent) { 1578 tdp->i_effnlink++; 1579 if (DOINGSOFTDEP(tdvp)) 1580 softdep_change_linkcnt(tdp); 1581 } 1582 tip->i_effnlink++; 1583 if (DOINGSOFTDEP(tvp)) 1584 softdep_change_linkcnt(tip); 1585 } 1586 goto bad; 1587 } 1588 if (doingdirectory && !DOINGSOFTDEP(tvp)) { 1589 /* 1590 * The only stuff left in the directory is "." 1591 * and "..". The "." reference is inconsequential 1592 * since we are quashing it. We have removed the "." 1593 * reference and the reference in the parent directory, 1594 * but there may be other hard links. The soft 1595 * dependency code will arrange to do these operations 1596 * after the parent directory entry has been deleted on 1597 * disk, so when running with that code we avoid doing 1598 * them now. 1599 */ 1600 if (!newparent) { 1601 tdp->i_nlink--; 1602 DIP_SET(tdp, i_nlink, tdp->i_nlink); 1603 UFS_INODE_SET_FLAG(tdp, IN_CHANGE); 1604 } 1605 tip->i_nlink--; 1606 DIP_SET(tip, i_nlink, tip->i_nlink); 1607 UFS_INODE_SET_FLAG(tip, IN_CHANGE); 1608 } 1609 } 1610 1611 /* 1612 * 3) Unlink the source. We have to resolve the path again to 1613 * fixup the directory offset and count for ufs_dirremove. 1614 */ 1615 if (fdvp == tdvp) { 1616 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino); 1617 if (error) 1618 panic("ufs_rename: from entry went away!"); 1619 if (ino != fip->i_number) 1620 panic("ufs_rename: ino mismatch %ju != %ju\n", 1621 (uintmax_t)ino, (uintmax_t)fip->i_number); 1622 } 1623 /* 1624 * If the source is a directory with a 1625 * new parent, the link count of the old 1626 * parent directory must be decremented 1627 * and ".." set to point to the new parent. 1628 */ 1629 if (doingdirectory && newparent) { 1630 /* 1631 * If tip exists we simply use its link, otherwise we must 1632 * add a new one. 1633 */ 1634 if (tip == NULL) { 1635 tdp->i_effnlink++; 1636 tdp->i_nlink++; 1637 DIP_SET(tdp, i_nlink, tdp->i_nlink); 1638 UFS_INODE_SET_FLAG(tdp, IN_CHANGE); 1639 if (DOINGSOFTDEP(tdvp)) 1640 softdep_setup_dotdot_link(tdp, fip); 1641 error = UFS_UPDATE(tdvp, !DOINGSOFTDEP(tdvp) && 1642 !DOINGASYNC(tdvp)); 1643 /* Don't go to bad here as the new link exists. */ 1644 if (error) 1645 goto unlockout; 1646 } else if (DOINGSUJ(tdvp)) 1647 /* Journal must account for each new link. */ 1648 softdep_setup_dotdot_link(tdp, fip); 1649 SET_I_OFFSET(fip, mastertemplate.dot_reclen); 1650 ufs_dirrewrite(fip, fdp, newparent, DT_DIR, 0); 1651 cache_purge(fdvp); 1652 } 1653 error = ufs_dirremove(fdvp, fip, fcnp->cn_flags, 0); 1654 /* 1655 * The kern_renameat() looks up the fvp using the DELETE flag, which 1656 * causes the removal of the name cache entry for fvp. 1657 * As the relookup of the fvp is done in two steps: 1658 * ufs_lookup_ino() and then VFS_VGET(), another thread might do a 1659 * normal lookup of the from name just before the VFS_VGET() call, 1660 * causing the cache entry to be re-instantiated. 1661 * 1662 * The same issue also applies to tvp if it exists as 1663 * otherwise we may have a stale name cache entry for the new 1664 * name that references the old i-node if it has other links 1665 * or open file descriptors. 1666 */ 1667 cache_vop_rename(fdvp, fvp, tdvp, tvp, fcnp, tcnp); 1668 1669 unlockout: 1670 if (want_seqc_end) { 1671 if (tvp != NULL) 1672 vn_seqc_write_end(tvp); 1673 vn_seqc_write_end(tdvp); 1674 vn_seqc_write_end(fvp); 1675 vn_seqc_write_end(fdvp); 1676 } 1677 1678 vput(fdvp); 1679 vput(fvp); 1680 1681 /* 1682 * If compaction or fsync was requested do it in 1683 * ffs_vput_pair() now that other locks are no longer needed. 1684 */ 1685 if (error == 0 && endoff != 0) { 1686 UFS_INODE_SET_FLAG(tdp, IN_ENDOFF); 1687 SET_I_ENDOFF(tdp, endoff); 1688 } 1689 VOP_VPUT_PAIR(tdvp, &tvp, true); 1690 return (error); 1691 1692 bad: 1693 fip->i_effnlink--; 1694 fip->i_nlink--; 1695 DIP_SET(fip, i_nlink, fip->i_nlink); 1696 UFS_INODE_SET_FLAG(fip, IN_CHANGE); 1697 if (DOINGSOFTDEP(fvp)) 1698 softdep_revert_link(tdp, fip); 1699 goto unlockout; 1700 1701 releout: 1702 if (want_seqc_end) { 1703 if (tvp != NULL) 1704 vn_seqc_write_end(tvp); 1705 vn_seqc_write_end(tdvp); 1706 vn_seqc_write_end(fvp); 1707 vn_seqc_write_end(fdvp); 1708 } 1709 1710 vrele(fdvp); 1711 vrele(fvp); 1712 vrele(tdvp); 1713 if (tvp) 1714 vrele(tvp); 1715 1716 return (error); 1717 } 1718 1719 #ifdef UFS_ACL 1720 static int 1721 ufs_do_posix1e_acl_inheritance_dir(struct vnode *dvp, struct vnode *tvp, 1722 mode_t dmode, struct ucred *cred, struct thread *td) 1723 { 1724 int error; 1725 struct inode *ip = VTOI(tvp); 1726 struct acl *dacl, *acl; 1727 1728 acl = acl_alloc(M_WAITOK); 1729 dacl = acl_alloc(M_WAITOK); 1730 1731 /* 1732 * Retrieve default ACL from parent, if any. 1733 */ 1734 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td); 1735 switch (error) { 1736 case 0: 1737 /* 1738 * Retrieved a default ACL, so merge mode and ACL if 1739 * necessary. If the ACL is empty, fall through to 1740 * the "not defined or available" case. 1741 */ 1742 if (acl->acl_cnt != 0) { 1743 dmode = acl_posix1e_newfilemode(dmode, acl); 1744 UFS_INODE_SET_MODE(ip, dmode); 1745 DIP_SET(ip, i_mode, dmode); 1746 *dacl = *acl; 1747 ufs_sync_acl_from_inode(ip, acl); 1748 break; 1749 } 1750 /* FALLTHROUGH */ 1751 1752 case EOPNOTSUPP: 1753 /* 1754 * Just use the mode as-is. 1755 */ 1756 UFS_INODE_SET_MODE(ip, dmode); 1757 DIP_SET(ip, i_mode, dmode); 1758 error = 0; 1759 goto out; 1760 1761 default: 1762 goto out; 1763 } 1764 1765 /* 1766 * XXX: If we abort now, will Soft Updates notify the extattr 1767 * code that the EAs for the file need to be released? 1768 */ 1769 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td); 1770 if (error == 0) 1771 error = VOP_SETACL(tvp, ACL_TYPE_DEFAULT, dacl, cred, td); 1772 switch (error) { 1773 case 0: 1774 break; 1775 1776 case EOPNOTSUPP: 1777 /* 1778 * XXX: This should not happen, as EOPNOTSUPP above 1779 * was supposed to free acl. 1780 */ 1781 printf("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()\n"); 1782 /* 1783 panic("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()"); 1784 */ 1785 break; 1786 1787 default: 1788 goto out; 1789 } 1790 1791 out: 1792 acl_free(acl); 1793 acl_free(dacl); 1794 1795 return (error); 1796 } 1797 1798 static int 1799 ufs_do_posix1e_acl_inheritance_file(struct vnode *dvp, struct vnode *tvp, 1800 mode_t mode, struct ucred *cred, struct thread *td) 1801 { 1802 int error; 1803 struct inode *ip = VTOI(tvp); 1804 struct acl *acl; 1805 1806 acl = acl_alloc(M_WAITOK); 1807 1808 /* 1809 * Retrieve default ACL for parent, if any. 1810 */ 1811 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td); 1812 switch (error) { 1813 case 0: 1814 /* 1815 * Retrieved a default ACL, so merge mode and ACL if 1816 * necessary. 1817 */ 1818 if (acl->acl_cnt != 0) { 1819 /* 1820 * Two possible ways for default ACL to not 1821 * be present. First, the EA can be 1822 * undefined, or second, the default ACL can 1823 * be blank. If it's blank, fall through to 1824 * the it's not defined case. 1825 */ 1826 mode = acl_posix1e_newfilemode(mode, acl); 1827 UFS_INODE_SET_MODE(ip, mode); 1828 DIP_SET(ip, i_mode, mode); 1829 ufs_sync_acl_from_inode(ip, acl); 1830 break; 1831 } 1832 /* FALLTHROUGH */ 1833 1834 case EOPNOTSUPP: 1835 /* 1836 * Just use the mode as-is. 1837 */ 1838 UFS_INODE_SET_MODE(ip, mode); 1839 DIP_SET(ip, i_mode, mode); 1840 error = 0; 1841 goto out; 1842 1843 default: 1844 goto out; 1845 } 1846 1847 /* 1848 * XXX: If we abort now, will Soft Updates notify the extattr 1849 * code that the EAs for the file need to be released? 1850 */ 1851 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td); 1852 switch (error) { 1853 case 0: 1854 break; 1855 1856 case EOPNOTSUPP: 1857 /* 1858 * XXX: This should not happen, as EOPNOTSUPP above was 1859 * supposed to free acl. 1860 */ 1861 printf("ufs_do_posix1e_acl_inheritance_file: VOP_GETACL() " 1862 "but no VOP_SETACL()\n"); 1863 /* panic("ufs_do_posix1e_acl_inheritance_file: VOP_GETACL() " 1864 "but no VOP_SETACL()"); */ 1865 break; 1866 1867 default: 1868 goto out; 1869 } 1870 1871 out: 1872 acl_free(acl); 1873 1874 return (error); 1875 } 1876 1877 static int 1878 ufs_do_nfs4_acl_inheritance(struct vnode *dvp, struct vnode *tvp, 1879 mode_t child_mode, struct ucred *cred, struct thread *td) 1880 { 1881 int error; 1882 struct acl *parent_aclp, *child_aclp; 1883 1884 parent_aclp = acl_alloc(M_WAITOK); 1885 child_aclp = acl_alloc(M_WAITOK | M_ZERO); 1886 1887 error = ufs_getacl_nfs4_internal(dvp, parent_aclp, td); 1888 if (error) 1889 goto out; 1890 acl_nfs4_compute_inherited_acl(parent_aclp, child_aclp, 1891 child_mode, VTOI(tvp)->i_uid, tvp->v_type == VDIR); 1892 error = ufs_setacl_nfs4_internal(tvp, child_aclp, td); 1893 if (error) 1894 goto out; 1895 out: 1896 acl_free(parent_aclp); 1897 acl_free(child_aclp); 1898 1899 return (error); 1900 } 1901 #endif 1902 1903 /* 1904 * Mkdir system call 1905 */ 1906 static int 1907 ufs_mkdir(ap) 1908 struct vop_mkdir_args /* { 1909 struct vnode *a_dvp; 1910 struct vnode **a_vpp; 1911 struct componentname *a_cnp; 1912 struct vattr *a_vap; 1913 } */ *ap; 1914 { 1915 struct vnode *dvp = ap->a_dvp; 1916 struct vattr *vap = ap->a_vap; 1917 struct componentname *cnp = ap->a_cnp; 1918 struct inode *ip, *dp; 1919 struct vnode *tvp; 1920 struct buf *bp; 1921 struct dirtemplate dirtemplate, *dtp; 1922 struct direct newdir; 1923 int error, dmode; 1924 long blkoff; 1925 1926 #ifdef INVARIANTS 1927 if ((cnp->cn_flags & HASBUF) == 0) 1928 panic("ufs_mkdir: no name"); 1929 #endif 1930 dp = VTOI(dvp); 1931 if (dp->i_nlink >= UFS_LINK_MAX) { 1932 error = EMLINK; 1933 goto out; 1934 } 1935 dmode = vap->va_mode & 0777; 1936 dmode |= IFDIR; 1937 1938 /* 1939 * Must simulate part of ufs_makeinode here to acquire the inode, 1940 * but not have it entered in the parent directory. The entry is 1941 * made later after writing "." and ".." entries. 1942 */ 1943 if (dp->i_effnlink < 2) { 1944 print_bad_link_count("ufs_mkdir", dvp); 1945 error = EINVAL; 1946 goto out; 1947 } 1948 1949 if (DOINGSUJ(dvp)) { 1950 error = softdep_prelink(dvp, NULL); 1951 if (error != 0) { 1952 MPASS(error == ERELOOKUP); 1953 return (error); 1954 } 1955 } 1956 1957 error = UFS_VALLOC(dvp, dmode, cnp->cn_cred, &tvp); 1958 if (error) 1959 goto out; 1960 vn_seqc_write_begin(tvp); 1961 ip = VTOI(tvp); 1962 ip->i_gid = dp->i_gid; 1963 DIP_SET(ip, i_gid, dp->i_gid); 1964 #ifdef SUIDDIR 1965 { 1966 #ifdef QUOTA 1967 struct ucred ucred, *ucp; 1968 gid_t ucred_group; 1969 ucp = cnp->cn_cred; 1970 #endif 1971 /* 1972 * If we are hacking owners here, (only do this where told to) 1973 * and we are not giving it TO root, (would subvert quotas) 1974 * then go ahead and give it to the other user. 1975 * The new directory also inherits the SUID bit. 1976 * If user's UID and dir UID are the same, 1977 * 'give it away' so that the SUID is still forced on. 1978 */ 1979 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) && 1980 (dp->i_mode & ISUID) && dp->i_uid) { 1981 dmode |= ISUID; 1982 ip->i_uid = dp->i_uid; 1983 DIP_SET(ip, i_uid, dp->i_uid); 1984 #ifdef QUOTA 1985 if (dp->i_uid != cnp->cn_cred->cr_uid) { 1986 /* 1987 * Make sure the correct user gets charged 1988 * for the space. 1989 * Make a dummy credential for the victim. 1990 * XXX This seems to never be accessed out of 1991 * our context so a stack variable is ok. 1992 */ 1993 refcount_init(&ucred.cr_ref, 1); 1994 ucred.cr_uid = ip->i_uid; 1995 ucred.cr_ngroups = 1; 1996 ucred.cr_groups = &ucred_group; 1997 ucred.cr_groups[0] = dp->i_gid; 1998 ucp = &ucred; 1999 } 2000 #endif 2001 } else { 2002 ip->i_uid = cnp->cn_cred->cr_uid; 2003 DIP_SET(ip, i_uid, ip->i_uid); 2004 } 2005 #ifdef QUOTA 2006 if ((error = getinoquota(ip)) || 2007 (error = chkiq(ip, 1, ucp, 0))) { 2008 if (DOINGSOFTDEP(tvp)) 2009 softdep_revert_link(dp, ip); 2010 UFS_VFREE(tvp, ip->i_number, dmode); 2011 vn_seqc_write_end(tvp); 2012 vgone(tvp); 2013 vput(tvp); 2014 return (error); 2015 } 2016 #endif 2017 } 2018 #else /* !SUIDDIR */ 2019 ip->i_uid = cnp->cn_cred->cr_uid; 2020 DIP_SET(ip, i_uid, ip->i_uid); 2021 #ifdef QUOTA 2022 if ((error = getinoquota(ip)) || 2023 (error = chkiq(ip, 1, cnp->cn_cred, 0))) { 2024 if (DOINGSOFTDEP(tvp)) 2025 softdep_revert_link(dp, ip); 2026 UFS_VFREE(tvp, ip->i_number, dmode); 2027 vn_seqc_write_end(tvp); 2028 vgone(tvp); 2029 vput(tvp); 2030 return (error); 2031 } 2032 #endif 2033 #endif /* !SUIDDIR */ 2034 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE); 2035 UFS_INODE_SET_MODE(ip, dmode); 2036 DIP_SET(ip, i_mode, dmode); 2037 tvp->v_type = VDIR; /* Rest init'd in getnewvnode(). */ 2038 ip->i_effnlink = 2; 2039 ip->i_nlink = 2; 2040 DIP_SET(ip, i_nlink, 2); 2041 2042 if (cnp->cn_flags & ISWHITEOUT) { 2043 ip->i_flags |= UF_OPAQUE; 2044 DIP_SET(ip, i_flags, ip->i_flags); 2045 } 2046 2047 /* 2048 * Bump link count in parent directory to reflect work done below. 2049 * Should be done before reference is created so cleanup is 2050 * possible if we crash. 2051 */ 2052 dp->i_effnlink++; 2053 dp->i_nlink++; 2054 DIP_SET(dp, i_nlink, dp->i_nlink); 2055 UFS_INODE_SET_FLAG(dp, IN_CHANGE); 2056 if (DOINGSOFTDEP(dvp)) 2057 softdep_setup_mkdir(dp, ip); 2058 error = UFS_UPDATE(dvp, !DOINGSOFTDEP(dvp) && !DOINGASYNC(dvp)); 2059 if (error) 2060 goto bad; 2061 #ifdef MAC 2062 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) { 2063 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount, 2064 dvp, tvp, cnp); 2065 if (error) 2066 goto bad; 2067 } 2068 #endif 2069 #ifdef UFS_ACL 2070 if (dvp->v_mount->mnt_flag & MNT_ACLS) { 2071 error = ufs_do_posix1e_acl_inheritance_dir(dvp, tvp, dmode, 2072 cnp->cn_cred, cnp->cn_thread); 2073 if (error) 2074 goto bad; 2075 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) { 2076 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, dmode, 2077 cnp->cn_cred, cnp->cn_thread); 2078 if (error) 2079 goto bad; 2080 } 2081 #endif /* !UFS_ACL */ 2082 2083 /* 2084 * Initialize directory with "." and ".." from static template. 2085 */ 2086 if (!OFSFMT(dvp)) 2087 dtp = &mastertemplate; 2088 else 2089 dtp = (struct dirtemplate *)&omastertemplate; 2090 dirtemplate = *dtp; 2091 dirtemplate.dot_ino = ip->i_number; 2092 dirtemplate.dotdot_ino = dp->i_number; 2093 vnode_pager_setsize(tvp, DIRBLKSIZ); 2094 if ((error = UFS_BALLOC(tvp, (off_t)0, DIRBLKSIZ, cnp->cn_cred, 2095 BA_CLRBUF, &bp)) != 0) 2096 goto bad; 2097 ip->i_size = DIRBLKSIZ; 2098 DIP_SET(ip, i_size, DIRBLKSIZ); 2099 UFS_INODE_SET_FLAG(ip, IN_SIZEMOD | IN_CHANGE | IN_UPDATE); 2100 bcopy((caddr_t)&dirtemplate, (caddr_t)bp->b_data, sizeof dirtemplate); 2101 if (DOINGSOFTDEP(tvp)) { 2102 /* 2103 * Ensure that the entire newly allocated block is a 2104 * valid directory so that future growth within the 2105 * block does not have to ensure that the block is 2106 * written before the inode. 2107 */ 2108 blkoff = DIRBLKSIZ; 2109 while (blkoff < bp->b_bcount) { 2110 ((struct direct *) 2111 (bp->b_data + blkoff))->d_reclen = DIRBLKSIZ; 2112 blkoff += DIRBLKSIZ; 2113 } 2114 } 2115 if ((error = UFS_UPDATE(tvp, !DOINGSOFTDEP(tvp) && 2116 !DOINGASYNC(tvp))) != 0) { 2117 (void)bwrite(bp); 2118 goto bad; 2119 } 2120 /* 2121 * Directory set up, now install its entry in the parent directory. 2122 * 2123 * If we are not doing soft dependencies, then we must write out the 2124 * buffer containing the new directory body before entering the new 2125 * name in the parent. If we are doing soft dependencies, then the 2126 * buffer containing the new directory body will be passed to and 2127 * released in the soft dependency code after the code has attached 2128 * an appropriate ordering dependency to the buffer which ensures that 2129 * the buffer is written before the new name is written in the parent. 2130 */ 2131 if (DOINGASYNC(dvp)) 2132 bdwrite(bp); 2133 else if (!DOINGSOFTDEP(dvp) && ((error = bwrite(bp)))) 2134 goto bad; 2135 ufs_makedirentry(ip, cnp, &newdir); 2136 error = ufs_direnter(dvp, tvp, &newdir, cnp, bp); 2137 2138 bad: 2139 if (error == 0) { 2140 *ap->a_vpp = tvp; 2141 vn_seqc_write_end(tvp); 2142 } else { 2143 dp->i_effnlink--; 2144 dp->i_nlink--; 2145 DIP_SET(dp, i_nlink, dp->i_nlink); 2146 UFS_INODE_SET_FLAG(dp, IN_CHANGE); 2147 /* 2148 * No need to do an explicit VOP_TRUNCATE here, vrele will 2149 * do this for us because we set the link count to 0. 2150 */ 2151 ip->i_effnlink = 0; 2152 ip->i_nlink = 0; 2153 DIP_SET(ip, i_nlink, 0); 2154 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 2155 if (DOINGSOFTDEP(tvp)) 2156 softdep_revert_mkdir(dp, ip); 2157 vn_seqc_write_end(tvp); 2158 vgone(tvp); 2159 vput(tvp); 2160 } 2161 out: 2162 return (error); 2163 } 2164 2165 /* 2166 * Rmdir system call. 2167 */ 2168 static int 2169 ufs_rmdir(ap) 2170 struct vop_rmdir_args /* { 2171 struct vnode *a_dvp; 2172 struct vnode *a_vp; 2173 struct componentname *a_cnp; 2174 } */ *ap; 2175 { 2176 struct vnode *vp = ap->a_vp; 2177 struct vnode *dvp = ap->a_dvp; 2178 struct componentname *cnp = ap->a_cnp; 2179 struct inode *ip, *dp; 2180 int error; 2181 2182 ip = VTOI(vp); 2183 dp = VTOI(dvp); 2184 2185 /* 2186 * Do not remove a directory that is in the process of being renamed. 2187 * Verify the directory is empty (and valid). Rmdir ".." will not be 2188 * valid since ".." will contain a reference to the current directory 2189 * and thus be non-empty. Do not allow the removal of mounted on 2190 * directories (this can happen when an NFS exported filesystem 2191 * tries to remove a locally mounted on directory). 2192 */ 2193 error = 0; 2194 if (dp->i_effnlink <= 2) { 2195 if (dp->i_effnlink == 2) 2196 print_bad_link_count("ufs_rmdir", dvp); 2197 error = EINVAL; 2198 goto out; 2199 } 2200 if (!ufs_dirempty(ip, dp->i_number, cnp->cn_cred)) { 2201 error = ENOTEMPTY; 2202 goto out; 2203 } 2204 if ((dp->i_flags & APPEND) 2205 || (ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))) { 2206 error = EPERM; 2207 goto out; 2208 } 2209 if (vp->v_mountedhere != 0) { 2210 error = EINVAL; 2211 goto out; 2212 } 2213 if (DOINGSUJ(dvp)) { 2214 error = softdep_prelink(dvp, vp); 2215 if (error != 0) { 2216 MPASS(error == ERELOOKUP); 2217 return (error); 2218 } 2219 } 2220 2221 #ifdef UFS_GJOURNAL 2222 ufs_gjournal_orphan(vp); 2223 #endif 2224 /* 2225 * Delete reference to directory before purging 2226 * inode. If we crash in between, the directory 2227 * will be reattached to lost+found, 2228 */ 2229 dp->i_effnlink--; 2230 ip->i_effnlink--; 2231 if (DOINGSOFTDEP(vp)) 2232 softdep_setup_rmdir(dp, ip); 2233 error = ufs_dirremove(dvp, ip, cnp->cn_flags, 1); 2234 if (error) { 2235 dp->i_effnlink++; 2236 ip->i_effnlink++; 2237 if (DOINGSOFTDEP(vp)) 2238 softdep_revert_rmdir(dp, ip); 2239 goto out; 2240 } 2241 /* 2242 * The only stuff left in the directory is "." and "..". The "." 2243 * reference is inconsequential since we are quashing it. The soft 2244 * dependency code will arrange to do these operations after 2245 * the parent directory entry has been deleted on disk, so 2246 * when running with that code we avoid doing them now. 2247 */ 2248 if (!DOINGSOFTDEP(vp)) { 2249 dp->i_nlink--; 2250 DIP_SET(dp, i_nlink, dp->i_nlink); 2251 UFS_INODE_SET_FLAG(dp, IN_CHANGE); 2252 error = UFS_UPDATE(dvp, 0); 2253 ip->i_nlink--; 2254 DIP_SET(ip, i_nlink, ip->i_nlink); 2255 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 2256 } 2257 cache_vop_rmdir(dvp, vp); 2258 #ifdef UFS_DIRHASH 2259 /* Kill any active hash; i_effnlink == 0, so it will not come back. */ 2260 if (ip->i_dirhash != NULL) 2261 ufsdirhash_free(ip); 2262 #endif 2263 out: 2264 return (error); 2265 } 2266 2267 /* 2268 * symlink -- make a symbolic link 2269 */ 2270 static int 2271 ufs_symlink(ap) 2272 struct vop_symlink_args /* { 2273 struct vnode *a_dvp; 2274 struct vnode **a_vpp; 2275 struct componentname *a_cnp; 2276 struct vattr *a_vap; 2277 const char *a_target; 2278 } */ *ap; 2279 { 2280 struct vnode *vp, **vpp = ap->a_vpp; 2281 struct inode *ip; 2282 int len, error; 2283 2284 error = ufs_makeinode(IFLNK | ap->a_vap->va_mode, ap->a_dvp, 2285 vpp, ap->a_cnp, "ufs_symlink"); 2286 if (error) 2287 return (error); 2288 vp = *vpp; 2289 len = strlen(ap->a_target); 2290 if (len < VFSTOUFS(vp->v_mount)->um_maxsymlinklen) { 2291 ip = VTOI(vp); 2292 bcopy(ap->a_target, SHORTLINK(ip), len); 2293 ip->i_size = len; 2294 DIP_SET(ip, i_size, len); 2295 UFS_INODE_SET_FLAG(ip, IN_SIZEMOD | IN_CHANGE | IN_UPDATE); 2296 error = UFS_UPDATE(vp, 0); 2297 } else 2298 error = vn_rdwr(UIO_WRITE, vp, __DECONST(void *, ap->a_target), 2299 len, (off_t)0, UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK, 2300 ap->a_cnp->cn_cred, NOCRED, NULL, NULL); 2301 if (error) 2302 vput(vp); 2303 return (error); 2304 } 2305 2306 /* 2307 * Vnode op for reading directories. 2308 */ 2309 int 2310 ufs_readdir(ap) 2311 struct vop_readdir_args /* { 2312 struct vnode *a_vp; 2313 struct uio *a_uio; 2314 struct ucred *a_cred; 2315 int *a_eofflag; 2316 int *a_ncookies; 2317 u_long **a_cookies; 2318 } */ *ap; 2319 { 2320 struct vnode *vp = ap->a_vp; 2321 struct uio *uio = ap->a_uio; 2322 struct buf *bp; 2323 struct inode *ip; 2324 struct direct *dp, *edp; 2325 u_long *cookies; 2326 struct dirent dstdp; 2327 off_t offset, startoffset; 2328 size_t readcnt, skipcnt; 2329 ssize_t startresid; 2330 u_int ncookies; 2331 int error; 2332 2333 if (uio->uio_offset < 0) 2334 return (EINVAL); 2335 ip = VTOI(vp); 2336 if (ip->i_effnlink == 0) 2337 return (0); 2338 if (ap->a_ncookies != NULL) { 2339 if (uio->uio_resid < 0) 2340 ncookies = 0; 2341 else 2342 ncookies = uio->uio_resid; 2343 if (uio->uio_offset >= ip->i_size) 2344 ncookies = 0; 2345 else if (ip->i_size - uio->uio_offset < ncookies) 2346 ncookies = ip->i_size - uio->uio_offset; 2347 ncookies = ncookies / (offsetof(struct direct, d_name) + 4) + 1; 2348 cookies = malloc(ncookies * sizeof(*cookies), M_TEMP, M_WAITOK); 2349 *ap->a_ncookies = ncookies; 2350 *ap->a_cookies = cookies; 2351 } else { 2352 ncookies = 0; 2353 cookies = NULL; 2354 } 2355 offset = startoffset = uio->uio_offset; 2356 startresid = uio->uio_resid; 2357 error = 0; 2358 while (error == 0 && uio->uio_resid > 0 && 2359 uio->uio_offset < ip->i_size) { 2360 error = UFS_BLKATOFF(vp, uio->uio_offset, NULL, &bp); 2361 if (error) 2362 break; 2363 if (bp->b_offset + bp->b_bcount > ip->i_size) 2364 readcnt = ip->i_size - bp->b_offset; 2365 else 2366 readcnt = bp->b_bcount; 2367 skipcnt = (size_t)(uio->uio_offset - bp->b_offset) & 2368 ~(size_t)(DIRBLKSIZ - 1); 2369 offset = bp->b_offset + skipcnt; 2370 dp = (struct direct *)&bp->b_data[skipcnt]; 2371 edp = (struct direct *)&bp->b_data[readcnt]; 2372 while (error == 0 && uio->uio_resid > 0 && dp < edp) { 2373 if (dp->d_reclen <= offsetof(struct direct, d_name) || 2374 (caddr_t)dp + dp->d_reclen > (caddr_t)edp) { 2375 error = EIO; 2376 break; 2377 } 2378 #if BYTE_ORDER == LITTLE_ENDIAN 2379 /* Old filesystem format. */ 2380 if (OFSFMT(vp)) { 2381 dstdp.d_namlen = dp->d_type; 2382 dstdp.d_type = dp->d_namlen; 2383 } else 2384 #endif 2385 { 2386 dstdp.d_namlen = dp->d_namlen; 2387 dstdp.d_type = dp->d_type; 2388 } 2389 if (offsetof(struct direct, d_name) + dstdp.d_namlen > 2390 dp->d_reclen) { 2391 error = EIO; 2392 break; 2393 } 2394 if (offset < startoffset || dp->d_ino == 0) 2395 goto nextentry; 2396 dstdp.d_fileno = dp->d_ino; 2397 dstdp.d_reclen = GENERIC_DIRSIZ(&dstdp); 2398 bcopy(dp->d_name, dstdp.d_name, dstdp.d_namlen); 2399 /* NOTE: d_off is the offset of the *next* entry. */ 2400 dstdp.d_off = offset + dp->d_reclen; 2401 dirent_terminate(&dstdp); 2402 if (dstdp.d_reclen > uio->uio_resid) { 2403 if (uio->uio_resid == startresid) 2404 error = EINVAL; 2405 else 2406 error = EJUSTRETURN; 2407 break; 2408 } 2409 /* Advance dp. */ 2410 error = uiomove((caddr_t)&dstdp, dstdp.d_reclen, uio); 2411 if (error) 2412 break; 2413 if (cookies != NULL) { 2414 KASSERT(ncookies > 0, 2415 ("ufs_readdir: cookies buffer too small")); 2416 *cookies = offset + dp->d_reclen; 2417 cookies++; 2418 ncookies--; 2419 } 2420 nextentry: 2421 offset += dp->d_reclen; 2422 dp = (struct direct *)((caddr_t)dp + dp->d_reclen); 2423 } 2424 bqrelse(bp); 2425 uio->uio_offset = offset; 2426 } 2427 /* We need to correct uio_offset. */ 2428 uio->uio_offset = offset; 2429 if (error == EJUSTRETURN) 2430 error = 0; 2431 if (ap->a_ncookies != NULL) { 2432 if (error == 0) { 2433 ap->a_ncookies -= ncookies; 2434 } else { 2435 free(*ap->a_cookies, M_TEMP); 2436 *ap->a_ncookies = 0; 2437 *ap->a_cookies = NULL; 2438 } 2439 } 2440 if (error == 0 && ap->a_eofflag) 2441 *ap->a_eofflag = ip->i_size <= uio->uio_offset; 2442 return (error); 2443 } 2444 2445 /* 2446 * Return target name of a symbolic link 2447 */ 2448 static int 2449 ufs_readlink(ap) 2450 struct vop_readlink_args /* { 2451 struct vnode *a_vp; 2452 struct uio *a_uio; 2453 struct ucred *a_cred; 2454 } */ *ap; 2455 { 2456 struct vnode *vp = ap->a_vp; 2457 struct inode *ip = VTOI(vp); 2458 doff_t isize; 2459 2460 isize = ip->i_size; 2461 if (isize < VFSTOUFS(vp->v_mount)->um_maxsymlinklen) 2462 return (uiomove(SHORTLINK(ip), isize, ap->a_uio)); 2463 return (VOP_READ(vp, ap->a_uio, 0, ap->a_cred)); 2464 } 2465 2466 /* 2467 * Calculate the logical to physical mapping if not done already, 2468 * then call the device strategy routine. 2469 * 2470 * In order to be able to swap to a file, the ufs_bmaparray() operation may not 2471 * deadlock on memory. See ufs_bmap() for details. 2472 */ 2473 static int 2474 ufs_strategy(ap) 2475 struct vop_strategy_args /* { 2476 struct vnode *a_vp; 2477 struct buf *a_bp; 2478 } */ *ap; 2479 { 2480 struct buf *bp = ap->a_bp; 2481 struct vnode *vp = ap->a_vp; 2482 ufs2_daddr_t blkno; 2483 int error; 2484 2485 if (bp->b_blkno == bp->b_lblkno) { 2486 error = ufs_bmaparray(vp, bp->b_lblkno, &blkno, bp, NULL, NULL); 2487 bp->b_blkno = blkno; 2488 if (error) { 2489 bp->b_error = error; 2490 bp->b_ioflags |= BIO_ERROR; 2491 bufdone(bp); 2492 return (0); 2493 } 2494 if ((long)bp->b_blkno == -1) 2495 vfs_bio_clrbuf(bp); 2496 } 2497 if ((long)bp->b_blkno == -1) { 2498 bufdone(bp); 2499 return (0); 2500 } 2501 bp->b_iooffset = dbtob(bp->b_blkno); 2502 BO_STRATEGY(VFSTOUFS(vp->v_mount)->um_bo, bp); 2503 return (0); 2504 } 2505 2506 /* 2507 * Print out the contents of an inode. 2508 */ 2509 static int 2510 ufs_print(ap) 2511 struct vop_print_args /* { 2512 struct vnode *a_vp; 2513 } */ *ap; 2514 { 2515 struct vnode *vp = ap->a_vp; 2516 struct inode *ip = VTOI(vp); 2517 2518 printf("\tnlink=%d, effnlink=%d, size=%jd", ip->i_nlink, 2519 ip->i_effnlink, (intmax_t)ip->i_size); 2520 if (I_IS_UFS2(ip)) 2521 printf(", extsize %d", ip->i_din2->di_extsize); 2522 printf("\n\tgeneration=%jx, uid=%d, gid=%d, flags=0x%b\n", 2523 (uintmax_t)ip->i_gen, ip->i_uid, ip->i_gid, 2524 (u_int)ip->i_flags, PRINT_INODE_FLAGS); 2525 printf("\tino %lu, on dev %s", (u_long)ip->i_number, 2526 devtoname(ITODEV(ip))); 2527 if (vp->v_type == VFIFO) 2528 fifo_printinfo(vp); 2529 printf("\n"); 2530 return (0); 2531 } 2532 2533 /* 2534 * Close wrapper for fifos. 2535 * 2536 * Update the times on the inode then do device close. 2537 */ 2538 static int 2539 ufsfifo_close(ap) 2540 struct vop_close_args /* { 2541 struct vnode *a_vp; 2542 int a_fflag; 2543 struct ucred *a_cred; 2544 struct thread *a_td; 2545 } */ *ap; 2546 { 2547 struct vnode *vp = ap->a_vp; 2548 int usecount; 2549 2550 VI_LOCK(vp); 2551 usecount = vp->v_usecount; 2552 if (usecount > 1) 2553 ufs_itimes_locked(vp); 2554 VI_UNLOCK(vp); 2555 return (fifo_specops.vop_close(ap)); 2556 } 2557 2558 /* 2559 * Kqfilter wrapper for fifos. 2560 * 2561 * Fall through to ufs kqfilter routines if needed 2562 */ 2563 static int 2564 ufsfifo_kqfilter(ap) 2565 struct vop_kqfilter_args *ap; 2566 { 2567 int error; 2568 2569 error = fifo_specops.vop_kqfilter(ap); 2570 if (error) 2571 error = vfs_kqfilter(ap); 2572 return (error); 2573 } 2574 2575 /* 2576 * Return POSIX pathconf information applicable to ufs filesystems. 2577 */ 2578 static int 2579 ufs_pathconf(ap) 2580 struct vop_pathconf_args /* { 2581 struct vnode *a_vp; 2582 int a_name; 2583 int *a_retval; 2584 } */ *ap; 2585 { 2586 int error; 2587 2588 error = 0; 2589 switch (ap->a_name) { 2590 case _PC_LINK_MAX: 2591 *ap->a_retval = UFS_LINK_MAX; 2592 break; 2593 case _PC_NAME_MAX: 2594 *ap->a_retval = UFS_MAXNAMLEN; 2595 break; 2596 case _PC_PIPE_BUF: 2597 if (ap->a_vp->v_type == VDIR || ap->a_vp->v_type == VFIFO) 2598 *ap->a_retval = PIPE_BUF; 2599 else 2600 error = EINVAL; 2601 break; 2602 case _PC_CHOWN_RESTRICTED: 2603 *ap->a_retval = 1; 2604 break; 2605 case _PC_NO_TRUNC: 2606 *ap->a_retval = 1; 2607 break; 2608 #ifdef UFS_ACL 2609 case _PC_ACL_EXTENDED: 2610 if (ap->a_vp->v_mount->mnt_flag & MNT_ACLS) 2611 *ap->a_retval = 1; 2612 else 2613 *ap->a_retval = 0; 2614 break; 2615 case _PC_ACL_NFS4: 2616 if (ap->a_vp->v_mount->mnt_flag & MNT_NFS4ACLS) 2617 *ap->a_retval = 1; 2618 else 2619 *ap->a_retval = 0; 2620 break; 2621 #endif 2622 case _PC_ACL_PATH_MAX: 2623 #ifdef UFS_ACL 2624 if (ap->a_vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS)) 2625 *ap->a_retval = ACL_MAX_ENTRIES; 2626 else 2627 *ap->a_retval = 3; 2628 #else 2629 *ap->a_retval = 3; 2630 #endif 2631 break; 2632 #ifdef MAC 2633 case _PC_MAC_PRESENT: 2634 if (ap->a_vp->v_mount->mnt_flag & MNT_MULTILABEL) 2635 *ap->a_retval = 1; 2636 else 2637 *ap->a_retval = 0; 2638 break; 2639 #endif 2640 case _PC_MIN_HOLE_SIZE: 2641 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2642 break; 2643 case _PC_PRIO_IO: 2644 *ap->a_retval = 0; 2645 break; 2646 case _PC_SYNC_IO: 2647 *ap->a_retval = 0; 2648 break; 2649 case _PC_ALLOC_SIZE_MIN: 2650 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_bsize; 2651 break; 2652 case _PC_FILESIZEBITS: 2653 *ap->a_retval = 64; 2654 break; 2655 case _PC_REC_INCR_XFER_SIZE: 2656 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2657 break; 2658 case _PC_REC_MAX_XFER_SIZE: 2659 *ap->a_retval = -1; /* means ``unlimited'' */ 2660 break; 2661 case _PC_REC_MIN_XFER_SIZE: 2662 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2663 break; 2664 case _PC_REC_XFER_ALIGN: 2665 *ap->a_retval = PAGE_SIZE; 2666 break; 2667 case _PC_SYMLINK_MAX: 2668 *ap->a_retval = MAXPATHLEN; 2669 break; 2670 2671 default: 2672 error = vop_stdpathconf(ap); 2673 break; 2674 } 2675 return (error); 2676 } 2677 2678 /* 2679 * Initialize the vnode associated with a new inode, handle aliased 2680 * vnodes. 2681 */ 2682 int 2683 ufs_vinit(mntp, fifoops, vpp) 2684 struct mount *mntp; 2685 struct vop_vector *fifoops; 2686 struct vnode **vpp; 2687 { 2688 struct inode *ip; 2689 struct vnode *vp; 2690 2691 vp = *vpp; 2692 ASSERT_VOP_LOCKED(vp, "ufs_vinit"); 2693 ip = VTOI(vp); 2694 vp->v_type = IFTOVT(ip->i_mode); 2695 /* 2696 * Only unallocated inodes should be of type VNON. 2697 */ 2698 if (ip->i_mode != 0 && vp->v_type == VNON) 2699 return (EINVAL); 2700 if (vp->v_type == VFIFO) 2701 vp->v_op = fifoops; 2702 if (ip->i_number == UFS_ROOTINO) 2703 vp->v_vflag |= VV_ROOT; 2704 *vpp = vp; 2705 return (0); 2706 } 2707 2708 /* 2709 * Allocate a new inode. 2710 * Vnode dvp must be locked. 2711 */ 2712 static int 2713 ufs_makeinode(mode, dvp, vpp, cnp, callfunc) 2714 int mode; 2715 struct vnode *dvp; 2716 struct vnode **vpp; 2717 struct componentname *cnp; 2718 const char *callfunc; 2719 { 2720 struct inode *ip, *pdir; 2721 struct direct newdir; 2722 struct vnode *tvp; 2723 int error; 2724 2725 pdir = VTOI(dvp); 2726 #ifdef INVARIANTS 2727 if ((cnp->cn_flags & HASBUF) == 0) 2728 panic("%s: no name", callfunc); 2729 #endif 2730 *vpp = NULL; 2731 if ((mode & IFMT) == 0) 2732 mode |= IFREG; 2733 2734 if (pdir->i_effnlink < 2) { 2735 print_bad_link_count(callfunc, dvp); 2736 return (EINVAL); 2737 } 2738 if (DOINGSUJ(dvp)) { 2739 error = softdep_prelink(dvp, NULL); 2740 if (error != 0) { 2741 MPASS(error == ERELOOKUP); 2742 return (error); 2743 } 2744 } 2745 error = UFS_VALLOC(dvp, mode, cnp->cn_cred, &tvp); 2746 if (error) 2747 return (error); 2748 ip = VTOI(tvp); 2749 ip->i_gid = pdir->i_gid; 2750 DIP_SET(ip, i_gid, pdir->i_gid); 2751 #ifdef SUIDDIR 2752 { 2753 #ifdef QUOTA 2754 struct ucred ucred, *ucp; 2755 gid_t ucred_group; 2756 ucp = cnp->cn_cred; 2757 #endif 2758 /* 2759 * If we are not the owner of the directory, 2760 * and we are hacking owners here, (only do this where told to) 2761 * and we are not giving it TO root, (would subvert quotas) 2762 * then go ahead and give it to the other user. 2763 * Note that this drops off the execute bits for security. 2764 */ 2765 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) && 2766 (pdir->i_mode & ISUID) && 2767 (pdir->i_uid != cnp->cn_cred->cr_uid) && pdir->i_uid) { 2768 ip->i_uid = pdir->i_uid; 2769 DIP_SET(ip, i_uid, ip->i_uid); 2770 mode &= ~07111; 2771 #ifdef QUOTA 2772 /* 2773 * Make sure the correct user gets charged 2774 * for the space. 2775 * Quickly knock up a dummy credential for the victim. 2776 * XXX This seems to never be accessed out of our 2777 * context so a stack variable is ok. 2778 */ 2779 refcount_init(&ucred.cr_ref, 1); 2780 ucred.cr_uid = ip->i_uid; 2781 ucred.cr_ngroups = 1; 2782 ucred.cr_groups = &ucred_group; 2783 ucred.cr_groups[0] = pdir->i_gid; 2784 ucp = &ucred; 2785 #endif 2786 } else { 2787 ip->i_uid = cnp->cn_cred->cr_uid; 2788 DIP_SET(ip, i_uid, ip->i_uid); 2789 } 2790 2791 #ifdef QUOTA 2792 if ((error = getinoquota(ip)) || 2793 (error = chkiq(ip, 1, ucp, 0))) { 2794 if (DOINGSOFTDEP(tvp)) 2795 softdep_revert_link(pdir, ip); 2796 UFS_VFREE(tvp, ip->i_number, mode); 2797 vgone(tvp); 2798 vput(tvp); 2799 return (error); 2800 } 2801 #endif 2802 } 2803 #else /* !SUIDDIR */ 2804 ip->i_uid = cnp->cn_cred->cr_uid; 2805 DIP_SET(ip, i_uid, ip->i_uid); 2806 #ifdef QUOTA 2807 if ((error = getinoquota(ip)) || 2808 (error = chkiq(ip, 1, cnp->cn_cred, 0))) { 2809 if (DOINGSOFTDEP(tvp)) 2810 softdep_revert_link(pdir, ip); 2811 UFS_VFREE(tvp, ip->i_number, mode); 2812 vgone(tvp); 2813 vput(tvp); 2814 return (error); 2815 } 2816 #endif 2817 #endif /* !SUIDDIR */ 2818 vn_seqc_write_begin(tvp); /* Mostly to cover asserts */ 2819 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE); 2820 UFS_INODE_SET_MODE(ip, mode); 2821 DIP_SET(ip, i_mode, mode); 2822 tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */ 2823 ip->i_effnlink = 1; 2824 ip->i_nlink = 1; 2825 DIP_SET(ip, i_nlink, 1); 2826 if (DOINGSOFTDEP(tvp)) 2827 softdep_setup_create(VTOI(dvp), ip); 2828 if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) && 2829 priv_check_cred(cnp->cn_cred, PRIV_VFS_SETGID)) { 2830 UFS_INODE_SET_MODE(ip, ip->i_mode & ~ISGID); 2831 DIP_SET(ip, i_mode, ip->i_mode); 2832 } 2833 2834 if (cnp->cn_flags & ISWHITEOUT) { 2835 ip->i_flags |= UF_OPAQUE; 2836 DIP_SET(ip, i_flags, ip->i_flags); 2837 } 2838 2839 /* 2840 * Make sure inode goes to disk before directory entry. 2841 */ 2842 error = UFS_UPDATE(tvp, !DOINGSOFTDEP(tvp) && !DOINGASYNC(tvp)); 2843 if (error) 2844 goto bad; 2845 #ifdef MAC 2846 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) { 2847 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount, 2848 dvp, tvp, cnp); 2849 if (error) 2850 goto bad; 2851 } 2852 #endif 2853 #ifdef UFS_ACL 2854 if (dvp->v_mount->mnt_flag & MNT_ACLS) { 2855 error = ufs_do_posix1e_acl_inheritance_file(dvp, tvp, mode, 2856 cnp->cn_cred, cnp->cn_thread); 2857 if (error) 2858 goto bad; 2859 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) { 2860 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, mode, 2861 cnp->cn_cred, cnp->cn_thread); 2862 if (error) 2863 goto bad; 2864 } 2865 #endif /* !UFS_ACL */ 2866 ufs_makedirentry(ip, cnp, &newdir); 2867 error = ufs_direnter(dvp, tvp, &newdir, cnp, NULL); 2868 if (error) 2869 goto bad; 2870 vn_seqc_write_end(tvp); 2871 *vpp = tvp; 2872 return (0); 2873 2874 bad: 2875 /* 2876 * Write error occurred trying to update the inode 2877 * or the directory so must deallocate the inode. 2878 */ 2879 ip->i_effnlink = 0; 2880 ip->i_nlink = 0; 2881 DIP_SET(ip, i_nlink, 0); 2882 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 2883 if (DOINGSOFTDEP(tvp)) 2884 softdep_revert_create(VTOI(dvp), ip); 2885 vn_seqc_write_end(tvp); 2886 vgone(tvp); 2887 vput(tvp); 2888 return (error); 2889 } 2890 2891 static int 2892 ufs_ioctl(struct vop_ioctl_args *ap) 2893 { 2894 struct vnode *vp; 2895 int error; 2896 2897 vp = ap->a_vp; 2898 switch (ap->a_command) { 2899 case FIOSEEKDATA: 2900 error = vn_lock(vp, LK_SHARED); 2901 if (error == 0) { 2902 error = ufs_bmap_seekdata(vp, (off_t *)ap->a_data); 2903 VOP_UNLOCK(vp); 2904 } else 2905 error = EBADF; 2906 return (error); 2907 case FIOSEEKHOLE: 2908 return (vn_bmap_seekhole(vp, ap->a_command, (off_t *)ap->a_data, 2909 ap->a_cred)); 2910 default: 2911 return (ENOTTY); 2912 } 2913 } 2914 2915 static int 2916 ufs_read_pgcache(struct vop_read_pgcache_args *ap) 2917 { 2918 struct uio *uio; 2919 struct vnode *vp; 2920 2921 uio = ap->a_uio; 2922 vp = ap->a_vp; 2923 VNPASS((vn_irflag_read(vp) & VIRF_PGREAD) != 0, vp); 2924 2925 if (uio->uio_resid > ptoa(io_hold_cnt) || uio->uio_offset < 0 || 2926 (ap->a_ioflag & IO_DIRECT) != 0) 2927 return (EJUSTRETURN); 2928 return (vn_read_from_obj(vp, uio)); 2929 } 2930 2931 /* Global vfs data structures for ufs. */ 2932 struct vop_vector ufs_vnodeops = { 2933 .vop_default = &default_vnodeops, 2934 .vop_fsync = VOP_PANIC, 2935 .vop_read = VOP_PANIC, 2936 .vop_reallocblks = VOP_PANIC, 2937 .vop_write = VOP_PANIC, 2938 .vop_accessx = ufs_accessx, 2939 .vop_bmap = ufs_bmap, 2940 .vop_fplookup_vexec = ufs_fplookup_vexec, 2941 .vop_fplookup_symlink = VOP_EAGAIN, 2942 .vop_cachedlookup = ufs_lookup, 2943 .vop_close = ufs_close, 2944 .vop_create = ufs_create, 2945 .vop_stat = ufs_stat, 2946 .vop_getattr = ufs_getattr, 2947 .vop_inactive = ufs_inactive, 2948 .vop_ioctl = ufs_ioctl, 2949 .vop_link = ufs_link, 2950 .vop_lookup = vfs_cache_lookup, 2951 .vop_mmapped = ufs_mmapped, 2952 .vop_mkdir = ufs_mkdir, 2953 .vop_mknod = ufs_mknod, 2954 .vop_need_inactive = ufs_need_inactive, 2955 .vop_open = ufs_open, 2956 .vop_pathconf = ufs_pathconf, 2957 .vop_poll = vop_stdpoll, 2958 .vop_print = ufs_print, 2959 .vop_read_pgcache = ufs_read_pgcache, 2960 .vop_readdir = ufs_readdir, 2961 .vop_readlink = ufs_readlink, 2962 .vop_reclaim = ufs_reclaim, 2963 .vop_remove = ufs_remove, 2964 .vop_rename = ufs_rename, 2965 .vop_rmdir = ufs_rmdir, 2966 .vop_setattr = ufs_setattr, 2967 #ifdef MAC 2968 .vop_setlabel = vop_stdsetlabel_ea, 2969 #endif 2970 .vop_strategy = ufs_strategy, 2971 .vop_symlink = ufs_symlink, 2972 .vop_whiteout = ufs_whiteout, 2973 #ifdef UFS_EXTATTR 2974 .vop_getextattr = ufs_getextattr, 2975 .vop_deleteextattr = ufs_deleteextattr, 2976 .vop_setextattr = ufs_setextattr, 2977 #endif 2978 #ifdef UFS_ACL 2979 .vop_getacl = ufs_getacl, 2980 .vop_setacl = ufs_setacl, 2981 .vop_aclcheck = ufs_aclcheck, 2982 #endif 2983 }; 2984 VFS_VOP_VECTOR_REGISTER(ufs_vnodeops); 2985 2986 struct vop_vector ufs_fifoops = { 2987 .vop_default = &fifo_specops, 2988 .vop_fsync = VOP_PANIC, 2989 .vop_accessx = ufs_accessx, 2990 .vop_close = ufsfifo_close, 2991 .vop_getattr = ufs_getattr, 2992 .vop_inactive = ufs_inactive, 2993 .vop_kqfilter = ufsfifo_kqfilter, 2994 .vop_pathconf = ufs_pathconf, 2995 .vop_print = ufs_print, 2996 .vop_read = VOP_PANIC, 2997 .vop_reclaim = ufs_reclaim, 2998 .vop_setattr = ufs_setattr, 2999 #ifdef MAC 3000 .vop_setlabel = vop_stdsetlabel_ea, 3001 #endif 3002 .vop_write = VOP_PANIC, 3003 #ifdef UFS_EXTATTR 3004 .vop_getextattr = ufs_getextattr, 3005 .vop_deleteextattr = ufs_deleteextattr, 3006 .vop_setextattr = ufs_setextattr, 3007 #endif 3008 #ifdef UFS_ACL 3009 .vop_getacl = ufs_getacl, 3010 .vop_setacl = ufs_setacl, 3011 .vop_aclcheck = ufs_aclcheck, 3012 #endif 3013 }; 3014 VFS_VOP_VECTOR_REGISTER(ufs_fifoops); 3015