1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1982, 1986, 1989, 1993, 1995 5 * The Regents of the University of California. All rights reserved. 6 * (c) UNIX System Laboratories, Inc. 7 * All or some portions of this file are derived from material licensed 8 * to the University of California by American Telephone and Telegraph 9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 10 * the permission of UNIX System Laboratories, Inc. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)ufs_vnops.c 8.27 (Berkeley) 5/27/95 37 */ 38 39 #include <sys/cdefs.h> 40 __FBSDID("$FreeBSD$"); 41 42 #include "opt_quota.h" 43 #include "opt_suiddir.h" 44 #include "opt_ufs.h" 45 #include "opt_ffs.h" 46 47 #include <sys/param.h> 48 #include <sys/systm.h> 49 #include <sys/malloc.h> 50 #include <sys/namei.h> 51 #include <sys/kernel.h> 52 #include <sys/fcntl.h> 53 #include <sys/filio.h> 54 #include <sys/stat.h> 55 #include <sys/bio.h> 56 #include <sys/buf.h> 57 #include <sys/mount.h> 58 #include <sys/priv.h> 59 #include <sys/refcount.h> 60 #include <sys/unistd.h> 61 #include <sys/vnode.h> 62 #include <sys/dirent.h> 63 #include <sys/lockf.h> 64 #include <sys/conf.h> 65 #include <sys/acl.h> 66 #include <sys/smr.h> 67 68 #include <security/audit/audit.h> 69 #include <security/mac/mac_framework.h> 70 71 #include <sys/file.h> /* XXX */ 72 73 #include <vm/vm.h> 74 #include <vm/vm_extern.h> 75 76 #include <ufs/ufs/acl.h> 77 #include <ufs/ufs/extattr.h> 78 #include <ufs/ufs/quota.h> 79 #include <ufs/ufs/inode.h> 80 #include <ufs/ufs/dir.h> 81 #include <ufs/ufs/ufsmount.h> 82 #include <ufs/ufs/ufs_extern.h> 83 #ifdef UFS_DIRHASH 84 #include <ufs/ufs/dirhash.h> 85 #endif 86 #ifdef UFS_GJOURNAL 87 #include <ufs/ufs/gjournal.h> 88 FEATURE(ufs_gjournal, "Journaling support through GEOM for UFS"); 89 #endif 90 91 #ifdef QUOTA 92 FEATURE(ufs_quota, "UFS disk quotas support"); 93 FEATURE(ufs_quota64, "64bit UFS disk quotas support"); 94 #endif 95 96 #ifdef SUIDDIR 97 FEATURE(suiddir, 98 "Give all new files in directory the same ownership as the directory"); 99 #endif 100 101 VFS_SMR_DECLARE; 102 103 #include <ufs/ffs/ffs_extern.h> 104 105 static vop_accessx_t ufs_accessx; 106 static vop_fplookup_vexec_t ufs_fplookup_vexec; 107 static int ufs_chmod(struct vnode *, int, struct ucred *, struct thread *); 108 static int ufs_chown(struct vnode *, uid_t, gid_t, struct ucred *, 109 struct thread *); 110 static vop_close_t ufs_close; 111 static vop_create_t ufs_create; 112 static vop_stat_t ufs_stat; 113 static vop_getattr_t ufs_getattr; 114 static vop_ioctl_t ufs_ioctl; 115 static vop_link_t ufs_link; 116 static int ufs_makeinode(int mode, struct vnode *, struct vnode **, 117 struct componentname *, const char *); 118 static vop_mmapped_t ufs_mmapped; 119 static vop_mkdir_t ufs_mkdir; 120 static vop_mknod_t ufs_mknod; 121 static vop_open_t ufs_open; 122 static vop_pathconf_t ufs_pathconf; 123 static vop_print_t ufs_print; 124 static vop_readlink_t ufs_readlink; 125 static vop_remove_t ufs_remove; 126 static vop_rename_t ufs_rename; 127 static vop_rmdir_t ufs_rmdir; 128 static vop_setattr_t ufs_setattr; 129 static vop_strategy_t ufs_strategy; 130 static vop_symlink_t ufs_symlink; 131 static vop_whiteout_t ufs_whiteout; 132 static vop_close_t ufsfifo_close; 133 134 SYSCTL_NODE(_vfs, OID_AUTO, ufs, CTLFLAG_RD | CTLFLAG_MPSAFE, 0, 135 "UFS filesystem"); 136 137 /* 138 * A virgin directory (no blushing please). 139 */ 140 static struct dirtemplate mastertemplate = { 141 0, 12, DT_DIR, 1, ".", 142 0, DIRBLKSIZ - 12, DT_DIR, 2, ".." 143 }; 144 static struct odirtemplate omastertemplate = { 145 0, 12, 1, ".", 146 0, DIRBLKSIZ - 12, 2, ".." 147 }; 148 149 static void 150 ufs_itimes_locked(struct vnode *vp) 151 { 152 struct inode *ip; 153 struct timespec ts; 154 155 ASSERT_VI_LOCKED(vp, __func__); 156 157 ip = VTOI(vp); 158 if (UFS_RDONLY(ip)) 159 goto out; 160 if ((ip->i_flag & (IN_ACCESS | IN_CHANGE | IN_UPDATE)) == 0) 161 return; 162 163 if ((vp->v_type == VBLK || vp->v_type == VCHR) && !DOINGSOFTDEP(vp)) 164 UFS_INODE_SET_FLAG(ip, IN_LAZYMOD); 165 else if (((vp->v_mount->mnt_kern_flag & 166 (MNTK_SUSPENDED | MNTK_SUSPEND)) == 0) || 167 (ip->i_flag & (IN_CHANGE | IN_UPDATE))) 168 UFS_INODE_SET_FLAG(ip, IN_MODIFIED); 169 else if (ip->i_flag & IN_ACCESS) 170 UFS_INODE_SET_FLAG(ip, IN_LAZYACCESS); 171 vfs_timestamp(&ts); 172 if (ip->i_flag & IN_ACCESS) { 173 DIP_SET(ip, i_atime, ts.tv_sec); 174 DIP_SET(ip, i_atimensec, ts.tv_nsec); 175 } 176 if (ip->i_flag & IN_UPDATE) { 177 DIP_SET(ip, i_mtime, ts.tv_sec); 178 DIP_SET(ip, i_mtimensec, ts.tv_nsec); 179 } 180 if (ip->i_flag & IN_CHANGE) { 181 DIP_SET(ip, i_ctime, ts.tv_sec); 182 DIP_SET(ip, i_ctimensec, ts.tv_nsec); 183 DIP_SET(ip, i_modrev, DIP(ip, i_modrev) + 1); 184 } 185 186 out: 187 ip->i_flag &= ~(IN_ACCESS | IN_CHANGE | IN_UPDATE); 188 } 189 190 void 191 ufs_itimes(struct vnode *vp) 192 { 193 struct inode *ip; 194 195 ip = VTOI(vp); 196 if ((ip->i_flag & (IN_ACCESS | IN_CHANGE | IN_UPDATE)) == 0) 197 return; 198 199 VI_LOCK(vp); 200 ufs_itimes_locked(vp); 201 VI_UNLOCK(vp); 202 } 203 204 static int 205 ufs_sync_nlink1(struct mount *mp) 206 { 207 int error; 208 209 error = vfs_busy(mp, 0); 210 if (error == 0) { 211 VFS_SYNC(mp, MNT_WAIT); 212 vfs_unbusy(mp); 213 error = ERELOOKUP; 214 } 215 vfs_rel(mp); 216 return (error); 217 } 218 219 static int 220 ufs_sync_nlink(struct vnode *vp, struct vnode *vp1) 221 { 222 struct inode *ip; 223 struct mount *mp; 224 int error; 225 226 ip = VTOI(vp); 227 if (ip->i_nlink < UFS_LINK_MAX) 228 return (0); 229 if (!DOINGSOFTDEP(vp) || ip->i_effnlink >= UFS_LINK_MAX) 230 return (EMLINK); 231 232 mp = vp->v_mount; 233 vfs_ref(mp); 234 VOP_UNLOCK(vp); 235 if (vp1 != NULL) 236 VOP_UNLOCK(vp1); 237 error = ufs_sync_nlink1(mp); 238 vn_lock_pair(vp, false, vp1, false); 239 return (error); 240 } 241 242 /* 243 * Create a regular file 244 */ 245 static int 246 ufs_create( 247 struct vop_create_args /* { 248 struct vnode *a_dvp; 249 struct vnode **a_vpp; 250 struct componentname *a_cnp; 251 struct vattr *a_vap; 252 } */ *ap) 253 { 254 int error; 255 256 error = 257 ufs_makeinode(MAKEIMODE(ap->a_vap->va_type, ap->a_vap->va_mode), 258 ap->a_dvp, ap->a_vpp, ap->a_cnp, "ufs_create"); 259 if (error != 0) 260 return (error); 261 if ((ap->a_cnp->cn_flags & MAKEENTRY) != 0) 262 cache_enter(ap->a_dvp, *ap->a_vpp, ap->a_cnp); 263 return (0); 264 } 265 266 /* 267 * Mknod vnode call 268 */ 269 /* ARGSUSED */ 270 static int 271 ufs_mknod( 272 struct vop_mknod_args /* { 273 struct vnode *a_dvp; 274 struct vnode **a_vpp; 275 struct componentname *a_cnp; 276 struct vattr *a_vap; 277 } */ *ap) 278 { 279 struct vattr *vap = ap->a_vap; 280 struct vnode **vpp = ap->a_vpp; 281 struct inode *ip; 282 ino_t ino; 283 int error; 284 285 error = ufs_makeinode(MAKEIMODE(vap->va_type, vap->va_mode), 286 ap->a_dvp, vpp, ap->a_cnp, "ufs_mknod"); 287 if (error) 288 return (error); 289 ip = VTOI(*vpp); 290 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE); 291 if (vap->va_rdev != VNOVAL) { 292 /* 293 * Want to be able to use this to make badblock 294 * inodes, so don't truncate the dev number. 295 */ 296 DIP_SET(ip, i_rdev, vap->va_rdev); 297 } 298 /* 299 * Remove inode, then reload it through VFS_VGET(). This is 300 * needed to do further inode initialization, for instance 301 * fifo, which was too early for VFS_VGET() done as part of 302 * UFS_VALLOC(). 303 */ 304 (*vpp)->v_type = VNON; 305 ino = ip->i_number; /* Save this before vgone() invalidates ip. */ 306 vgone(*vpp); 307 vput(*vpp); 308 error = VFS_VGET(ap->a_dvp->v_mount, ino, LK_EXCLUSIVE, vpp); 309 if (error) { 310 *vpp = NULL; 311 return (error); 312 } 313 return (0); 314 } 315 316 /* 317 * Open called. 318 */ 319 /* ARGSUSED */ 320 static int 321 ufs_open(struct vop_open_args *ap) 322 { 323 struct vnode *vp = ap->a_vp; 324 struct inode *ip; 325 326 if (vp->v_type == VCHR || vp->v_type == VBLK) 327 return (EOPNOTSUPP); 328 329 ip = VTOI(vp); 330 vnode_create_vobject(vp, DIP(ip, i_size), ap->a_td); 331 if (vp->v_type == VREG && (vn_irflag_read(vp) & VIRF_PGREAD) == 0 && 332 ip->i_ump->um_bsize >= PAGE_SIZE) { 333 vn_irflag_set_cond(vp, VIRF_PGREAD); 334 } 335 336 /* 337 * Files marked append-only must be opened for appending. 338 */ 339 if ((ip->i_flags & APPEND) && 340 (ap->a_mode & (FWRITE | O_APPEND)) == FWRITE) 341 return (EPERM); 342 343 return (0); 344 } 345 346 /* 347 * Close called. 348 * 349 * Update the times on the inode. 350 */ 351 /* ARGSUSED */ 352 static int 353 ufs_close( 354 struct vop_close_args /* { 355 struct vnode *a_vp; 356 int a_fflag; 357 struct ucred *a_cred; 358 struct thread *a_td; 359 } */ *ap) 360 { 361 struct vnode *vp = ap->a_vp; 362 363 ufs_itimes(vp); 364 return (0); 365 } 366 367 static int 368 ufs_accessx( 369 struct vop_accessx_args /* { 370 struct vnode *a_vp; 371 accmode_t a_accmode; 372 struct ucred *a_cred; 373 struct thread *a_td; 374 } */ *ap) 375 { 376 struct vnode *vp = ap->a_vp; 377 struct inode *ip = VTOI(vp); 378 accmode_t accmode = ap->a_accmode; 379 int error; 380 #ifdef UFS_ACL 381 struct acl *acl; 382 acl_type_t type; 383 #endif 384 385 /* 386 * Disallow write attempts on read-only filesystems; 387 * unless the file is a socket, fifo, or a block or 388 * character device resident on the filesystem. 389 */ 390 if (accmode & VMODIFY_PERMS) { 391 switch (vp->v_type) { 392 case VDIR: 393 case VLNK: 394 case VREG: 395 if (vp->v_mount->mnt_flag & MNT_RDONLY) 396 return (EROFS); 397 #ifdef QUOTA 398 /* 399 * Inode is accounted in the quotas only if struct 400 * dquot is attached to it. VOP_ACCESS() is called 401 * from vn_open_cred() and provides a convenient 402 * point to call getinoquota(). The lock mode is 403 * exclusive when the file is opening for write. 404 */ 405 if (VOP_ISLOCKED(vp) == LK_EXCLUSIVE) { 406 error = getinoquota(ip); 407 if (error != 0) 408 return (error); 409 } 410 #endif 411 break; 412 default: 413 break; 414 } 415 } 416 417 /* 418 * If immutable bit set, nobody gets to write it. "& ~VADMIN_PERMS" 419 * permits the owner of the file to remove the IMMUTABLE flag. 420 */ 421 if ((accmode & (VMODIFY_PERMS & ~VADMIN_PERMS)) && 422 (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT))) 423 return (EPERM); 424 425 #ifdef UFS_ACL 426 if ((vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS)) != 0) { 427 if (vp->v_mount->mnt_flag & MNT_NFS4ACLS) 428 type = ACL_TYPE_NFS4; 429 else 430 type = ACL_TYPE_ACCESS; 431 432 acl = acl_alloc(M_WAITOK); 433 if (type == ACL_TYPE_NFS4) 434 error = ufs_getacl_nfs4_internal(vp, acl, ap->a_td); 435 else 436 error = VOP_GETACL(vp, type, acl, ap->a_cred, ap->a_td); 437 switch (error) { 438 case 0: 439 if (type == ACL_TYPE_NFS4) { 440 error = vaccess_acl_nfs4(vp->v_type, ip->i_uid, 441 ip->i_gid, acl, accmode, ap->a_cred); 442 } else { 443 error = vfs_unixify_accmode(&accmode); 444 if (error == 0) 445 error = vaccess_acl_posix1e(vp->v_type, ip->i_uid, 446 ip->i_gid, acl, accmode, ap->a_cred); 447 } 448 break; 449 default: 450 if (error != EOPNOTSUPP) 451 printf( 452 "ufs_accessx(): Error retrieving ACL on object (%d).\n", 453 error); 454 /* 455 * XXX: Fall back until debugged. Should 456 * eventually possibly log an error, and return 457 * EPERM for safety. 458 */ 459 error = vfs_unixify_accmode(&accmode); 460 if (error == 0) 461 error = vaccess(vp->v_type, ip->i_mode, 462 ip->i_uid, ip->i_gid, accmode, ap->a_cred); 463 } 464 acl_free(acl); 465 466 return (error); 467 } 468 #endif /* !UFS_ACL */ 469 error = vfs_unixify_accmode(&accmode); 470 if (error == 0) 471 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, ip->i_gid, 472 accmode, ap->a_cred); 473 return (error); 474 } 475 476 /* 477 * VOP_FPLOOKUP_VEXEC routines are subject to special circumstances, see 478 * the comment above cache_fplookup for details. 479 */ 480 static int 481 ufs_fplookup_vexec( 482 struct vop_fplookup_vexec_args /* { 483 struct vnode *a_vp; 484 struct ucred *a_cred; 485 struct thread *a_td; 486 } */ *ap) 487 { 488 struct vnode *vp; 489 struct inode *ip; 490 struct ucred *cred; 491 mode_t all_x, mode; 492 493 vp = ap->a_vp; 494 ip = VTOI_SMR(vp); 495 if (__predict_false(ip == NULL)) 496 return (EAGAIN); 497 498 /* 499 * XXX ACL race 500 * 501 * ACLs are not supported and UFS clears/sets this flag on mount and 502 * remount. However, we may still be racing with seeing them and there 503 * is no provision to make sure they were accounted for. This matches 504 * the behavior of the locked case, since the lookup there is also 505 * racy: mount takes no measures to block anyone from progressing. 506 */ 507 all_x = S_IXUSR | S_IXGRP | S_IXOTH; 508 mode = atomic_load_short(&ip->i_mode); 509 if (__predict_true((mode & all_x) == all_x)) 510 return (0); 511 512 cred = ap->a_cred; 513 return (vaccess_vexec_smr(mode, ip->i_uid, ip->i_gid, cred)); 514 } 515 516 /* ARGSUSED */ 517 static int 518 ufs_stat(struct vop_stat_args *ap) 519 { 520 struct vnode *vp = ap->a_vp; 521 struct inode *ip = VTOI(vp); 522 struct stat *sb = ap->a_sb; 523 int error; 524 525 error = vop_stat_helper_pre(ap); 526 if (__predict_false(error)) 527 return (error); 528 529 VI_LOCK(vp); 530 ufs_itimes_locked(vp); 531 if (I_IS_UFS1(ip)) { 532 sb->st_atim.tv_sec = ip->i_din1->di_atime; 533 sb->st_atim.tv_nsec = ip->i_din1->di_atimensec; 534 } else { 535 sb->st_atim.tv_sec = ip->i_din2->di_atime; 536 sb->st_atim.tv_nsec = ip->i_din2->di_atimensec; 537 } 538 VI_UNLOCK(vp); 539 540 sb->st_dev = dev2udev(ITOUMP(ip)->um_dev); 541 sb->st_ino = ip->i_number; 542 sb->st_mode = (ip->i_mode & ~IFMT) | VTTOIF(vp->v_type); 543 sb->st_nlink = ip->i_effnlink; 544 sb->st_uid = ip->i_uid; 545 sb->st_gid = ip->i_gid; 546 if (I_IS_UFS1(ip)) { 547 sb->st_rdev = ip->i_din1->di_rdev; 548 sb->st_size = ip->i_din1->di_size; 549 sb->st_mtim.tv_sec = ip->i_din1->di_mtime; 550 sb->st_mtim.tv_nsec = ip->i_din1->di_mtimensec; 551 sb->st_ctim.tv_sec = ip->i_din1->di_ctime; 552 sb->st_ctim.tv_nsec = ip->i_din1->di_ctimensec; 553 sb->st_birthtim.tv_sec = -1; 554 sb->st_birthtim.tv_nsec = 0; 555 sb->st_blocks = dbtob((u_quad_t)ip->i_din1->di_blocks) / S_BLKSIZE; 556 } else { 557 sb->st_rdev = ip->i_din2->di_rdev; 558 sb->st_size = ip->i_din2->di_size; 559 sb->st_mtim.tv_sec = ip->i_din2->di_mtime; 560 sb->st_mtim.tv_nsec = ip->i_din2->di_mtimensec; 561 sb->st_ctim.tv_sec = ip->i_din2->di_ctime; 562 sb->st_ctim.tv_nsec = ip->i_din2->di_ctimensec; 563 sb->st_birthtim.tv_sec = ip->i_din2->di_birthtime; 564 sb->st_birthtim.tv_nsec = ip->i_din2->di_birthnsec; 565 sb->st_blocks = dbtob((u_quad_t)ip->i_din2->di_blocks) / S_BLKSIZE; 566 } 567 568 sb->st_blksize = max(PAGE_SIZE, vp->v_mount->mnt_stat.f_iosize); 569 sb->st_flags = ip->i_flags; 570 sb->st_gen = ip->i_gen; 571 572 return (vop_stat_helper_post(ap, error)); 573 } 574 575 /* ARGSUSED */ 576 static int 577 ufs_getattr( 578 struct vop_getattr_args /* { 579 struct vnode *a_vp; 580 struct vattr *a_vap; 581 struct ucred *a_cred; 582 } */ *ap) 583 { 584 struct vnode *vp = ap->a_vp; 585 struct inode *ip = VTOI(vp); 586 struct vattr *vap = ap->a_vap; 587 588 VI_LOCK(vp); 589 ufs_itimes_locked(vp); 590 if (I_IS_UFS1(ip)) { 591 vap->va_atime.tv_sec = ip->i_din1->di_atime; 592 vap->va_atime.tv_nsec = ip->i_din1->di_atimensec; 593 } else { 594 vap->va_atime.tv_sec = ip->i_din2->di_atime; 595 vap->va_atime.tv_nsec = ip->i_din2->di_atimensec; 596 } 597 VI_UNLOCK(vp); 598 /* 599 * Copy from inode table 600 */ 601 vap->va_fsid = dev2udev(ITOUMP(ip)->um_dev); 602 vap->va_fileid = ip->i_number; 603 vap->va_mode = ip->i_mode & ~IFMT; 604 vap->va_nlink = ip->i_effnlink; 605 vap->va_uid = ip->i_uid; 606 vap->va_gid = ip->i_gid; 607 if (I_IS_UFS1(ip)) { 608 vap->va_rdev = ip->i_din1->di_rdev; 609 vap->va_size = ip->i_din1->di_size; 610 vap->va_mtime.tv_sec = ip->i_din1->di_mtime; 611 vap->va_mtime.tv_nsec = ip->i_din1->di_mtimensec; 612 vap->va_ctime.tv_sec = ip->i_din1->di_ctime; 613 vap->va_ctime.tv_nsec = ip->i_din1->di_ctimensec; 614 vap->va_bytes = dbtob((u_quad_t)ip->i_din1->di_blocks); 615 vap->va_filerev = ip->i_din1->di_modrev; 616 } else { 617 vap->va_rdev = ip->i_din2->di_rdev; 618 vap->va_size = ip->i_din2->di_size; 619 vap->va_mtime.tv_sec = ip->i_din2->di_mtime; 620 vap->va_mtime.tv_nsec = ip->i_din2->di_mtimensec; 621 vap->va_ctime.tv_sec = ip->i_din2->di_ctime; 622 vap->va_ctime.tv_nsec = ip->i_din2->di_ctimensec; 623 vap->va_birthtime.tv_sec = ip->i_din2->di_birthtime; 624 vap->va_birthtime.tv_nsec = ip->i_din2->di_birthnsec; 625 vap->va_bytes = dbtob((u_quad_t)ip->i_din2->di_blocks); 626 vap->va_filerev = ip->i_din2->di_modrev; 627 } 628 vap->va_flags = ip->i_flags; 629 vap->va_gen = ip->i_gen; 630 vap->va_blocksize = vp->v_mount->mnt_stat.f_iosize; 631 vap->va_type = IFTOVT(ip->i_mode); 632 return (0); 633 } 634 635 /* 636 * Set attribute vnode op. called from several syscalls 637 */ 638 static int 639 ufs_setattr( 640 struct vop_setattr_args /* { 641 struct vnode *a_vp; 642 struct vattr *a_vap; 643 struct ucred *a_cred; 644 } */ *ap) 645 { 646 struct vattr *vap = ap->a_vap; 647 struct vnode *vp = ap->a_vp; 648 struct inode *ip = VTOI(vp); 649 struct ucred *cred = ap->a_cred; 650 struct thread *td = curthread; 651 int error; 652 653 /* 654 * Check for unsettable attributes. 655 */ 656 if ((vap->va_type != VNON) || (vap->va_nlink != VNOVAL) || 657 (vap->va_fsid != VNOVAL) || (vap->va_fileid != VNOVAL) || 658 (vap->va_blocksize != VNOVAL) || (vap->va_rdev != VNOVAL) || 659 ((int)vap->va_bytes != VNOVAL) || (vap->va_gen != VNOVAL)) { 660 return (EINVAL); 661 } 662 if (vap->va_flags != VNOVAL) { 663 if ((vap->va_flags & ~(SF_APPEND | SF_ARCHIVED | SF_IMMUTABLE | 664 SF_NOUNLINK | SF_SNAPSHOT | UF_APPEND | UF_ARCHIVE | 665 UF_HIDDEN | UF_IMMUTABLE | UF_NODUMP | UF_NOUNLINK | 666 UF_OFFLINE | UF_OPAQUE | UF_READONLY | UF_REPARSE | 667 UF_SPARSE | UF_SYSTEM)) != 0) 668 return (EOPNOTSUPP); 669 if (vp->v_mount->mnt_flag & MNT_RDONLY) 670 return (EROFS); 671 /* 672 * Callers may only modify the file flags on objects they 673 * have VADMIN rights for. 674 */ 675 if ((error = VOP_ACCESS(vp, VADMIN, cred, td))) 676 return (error); 677 /* 678 * Unprivileged processes are not permitted to unset system 679 * flags, or modify flags if any system flags are set. 680 * Privileged non-jail processes may not modify system flags 681 * if securelevel > 0 and any existing system flags are set. 682 * Privileged jail processes behave like privileged non-jail 683 * processes if the PR_ALLOW_CHFLAGS permission bit is set; 684 * otherwise, they behave like unprivileged processes. 685 */ 686 if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS)) { 687 if (ip->i_flags & 688 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) { 689 error = securelevel_gt(cred, 0); 690 if (error) 691 return (error); 692 } 693 /* The snapshot flag cannot be toggled. */ 694 if ((vap->va_flags ^ ip->i_flags) & SF_SNAPSHOT) 695 return (EPERM); 696 } else { 697 if (ip->i_flags & 698 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND) || 699 ((vap->va_flags ^ ip->i_flags) & SF_SETTABLE)) 700 return (EPERM); 701 } 702 ip->i_flags = vap->va_flags; 703 DIP_SET(ip, i_flags, vap->va_flags); 704 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 705 error = UFS_UPDATE(vp, 0); 706 if (ip->i_flags & (IMMUTABLE | APPEND)) 707 return (error); 708 } 709 /* 710 * If immutable or append, no one can change any of its attributes 711 * except the ones already handled (in some cases, file flags 712 * including the immutability flags themselves for the superuser). 713 */ 714 if (ip->i_flags & (IMMUTABLE | APPEND)) 715 return (EPERM); 716 /* 717 * Go through the fields and update iff not VNOVAL. 718 */ 719 if (vap->va_uid != (uid_t)VNOVAL || vap->va_gid != (gid_t)VNOVAL) { 720 if (vp->v_mount->mnt_flag & MNT_RDONLY) 721 return (EROFS); 722 if ((error = ufs_chown(vp, vap->va_uid, vap->va_gid, cred, 723 td)) != 0) 724 return (error); 725 } 726 if (vap->va_size != VNOVAL) { 727 /* 728 * XXX most of the following special cases should be in 729 * callers instead of in N filesystems. The VDIR check 730 * mostly already is. 731 */ 732 switch (vp->v_type) { 733 case VDIR: 734 return (EISDIR); 735 case VLNK: 736 case VREG: 737 /* 738 * Truncation should have an effect in these cases. 739 * Disallow it if the filesystem is read-only or 740 * the file is being snapshotted. 741 */ 742 if (vp->v_mount->mnt_flag & MNT_RDONLY) 743 return (EROFS); 744 if (IS_SNAPSHOT(ip)) 745 return (EPERM); 746 break; 747 default: 748 /* 749 * According to POSIX, the result is unspecified 750 * for file types other than regular files, 751 * directories and shared memory objects. We 752 * don't support shared memory objects in the file 753 * system, and have dubious support for truncating 754 * symlinks. Just ignore the request in other cases. 755 */ 756 return (0); 757 } 758 error = vn_rlimit_trunc(vap->va_size, td); 759 if (error != 0) 760 return (error); 761 if ((error = UFS_TRUNCATE(vp, vap->va_size, IO_NORMAL | 762 ((vap->va_vaflags & VA_SYNC) != 0 ? IO_SYNC : 0), 763 cred)) != 0) 764 return (error); 765 } 766 if (vap->va_atime.tv_sec != VNOVAL || 767 vap->va_mtime.tv_sec != VNOVAL || 768 vap->va_birthtime.tv_sec != VNOVAL) { 769 if (vp->v_mount->mnt_flag & MNT_RDONLY) 770 return (EROFS); 771 if (IS_SNAPSHOT(ip)) 772 return (EPERM); 773 error = vn_utimes_perm(vp, vap, cred, td); 774 if (error != 0) 775 return (error); 776 UFS_INODE_SET_FLAG(ip, IN_CHANGE | IN_MODIFIED); 777 if (vap->va_atime.tv_sec != VNOVAL) { 778 ip->i_flag &= ~IN_ACCESS; 779 DIP_SET(ip, i_atime, vap->va_atime.tv_sec); 780 DIP_SET(ip, i_atimensec, vap->va_atime.tv_nsec); 781 } 782 if (vap->va_mtime.tv_sec != VNOVAL) { 783 ip->i_flag &= ~IN_UPDATE; 784 DIP_SET(ip, i_mtime, vap->va_mtime.tv_sec); 785 DIP_SET(ip, i_mtimensec, vap->va_mtime.tv_nsec); 786 } 787 if (vap->va_birthtime.tv_sec != VNOVAL && I_IS_UFS2(ip)) { 788 ip->i_din2->di_birthtime = vap->va_birthtime.tv_sec; 789 ip->i_din2->di_birthnsec = vap->va_birthtime.tv_nsec; 790 } 791 error = UFS_UPDATE(vp, 0); 792 if (error) 793 return (error); 794 } 795 error = 0; 796 if (vap->va_mode != (mode_t)VNOVAL) { 797 if (vp->v_mount->mnt_flag & MNT_RDONLY) 798 return (EROFS); 799 if (IS_SNAPSHOT(ip) && (vap->va_mode & (S_IXUSR | S_IWUSR | 800 S_IXGRP | S_IWGRP | S_IXOTH | S_IWOTH)) != 0) 801 return (EPERM); 802 error = ufs_chmod(vp, (int)vap->va_mode, cred, td); 803 } 804 return (error); 805 } 806 807 #ifdef UFS_ACL 808 static int 809 ufs_update_nfs4_acl_after_mode_change(struct vnode *vp, int mode, 810 int file_owner_id, struct ucred *cred, struct thread *td) 811 { 812 int error; 813 struct acl *aclp; 814 815 aclp = acl_alloc(M_WAITOK); 816 error = ufs_getacl_nfs4_internal(vp, aclp, td); 817 /* 818 * We don't have to handle EOPNOTSUPP here, as the filesystem claims 819 * it supports ACLs. 820 */ 821 if (error) 822 goto out; 823 824 acl_nfs4_sync_acl_from_mode(aclp, mode, file_owner_id); 825 error = ufs_setacl_nfs4_internal(vp, aclp, td); 826 827 out: 828 acl_free(aclp); 829 return (error); 830 } 831 #endif /* UFS_ACL */ 832 833 static int 834 ufs_mmapped( 835 struct vop_mmapped_args /* { 836 struct vnode *a_vp; 837 } */ *ap) 838 { 839 struct vnode *vp; 840 struct inode *ip; 841 struct mount *mp; 842 843 vp = ap->a_vp; 844 ip = VTOI(vp); 845 mp = vp->v_mount; 846 847 if ((mp->mnt_flag & (MNT_NOATIME | MNT_RDONLY)) == 0) 848 UFS_INODE_SET_FLAG_SHARED(ip, IN_ACCESS); 849 /* 850 * XXXKIB No UFS_UPDATE(ap->a_vp, 0) there. 851 */ 852 return (0); 853 } 854 855 /* 856 * Change the mode on a file. 857 * Inode must be locked before calling. 858 */ 859 static int 860 ufs_chmod(struct vnode *vp, int mode, struct ucred *cred, struct thread *td) 861 { 862 struct inode *ip = VTOI(vp); 863 int newmode, error; 864 865 /* 866 * To modify the permissions on a file, must possess VADMIN 867 * for that file. 868 */ 869 if ((error = VOP_ACCESSX(vp, VWRITE_ACL, cred, td))) 870 return (error); 871 /* 872 * Privileged processes may set the sticky bit on non-directories, 873 * as well as set the setgid bit on a file with a group that the 874 * process is not a member of. Both of these are allowed in 875 * jail(8). 876 */ 877 if (vp->v_type != VDIR && (mode & S_ISTXT)) { 878 if (priv_check_cred(cred, PRIV_VFS_STICKYFILE)) 879 return (EFTYPE); 880 } 881 if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) { 882 error = priv_check_cred(cred, PRIV_VFS_SETGID); 883 if (error) 884 return (error); 885 } 886 887 /* 888 * Deny setting setuid if we are not the file owner. 889 */ 890 if ((mode & ISUID) && ip->i_uid != cred->cr_uid) { 891 error = priv_check_cred(cred, PRIV_VFS_ADMIN); 892 if (error) 893 return (error); 894 } 895 896 newmode = ip->i_mode & ~ALLPERMS; 897 newmode |= (mode & ALLPERMS); 898 UFS_INODE_SET_MODE(ip, newmode); 899 DIP_SET(ip, i_mode, ip->i_mode); 900 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 901 #ifdef UFS_ACL 902 if ((vp->v_mount->mnt_flag & MNT_NFS4ACLS) != 0) 903 error = ufs_update_nfs4_acl_after_mode_change(vp, mode, ip->i_uid, cred, td); 904 #endif 905 if (error == 0 && (ip->i_flag & IN_CHANGE) != 0) 906 error = UFS_UPDATE(vp, 0); 907 908 return (error); 909 } 910 911 /* 912 * Perform chown operation on inode ip; 913 * inode must be locked prior to call. 914 */ 915 static int 916 ufs_chown(struct vnode *vp, uid_t uid, gid_t gid, struct ucred *cred, 917 struct thread *td) 918 { 919 struct inode *ip = VTOI(vp); 920 uid_t ouid; 921 gid_t ogid; 922 int error = 0; 923 #ifdef QUOTA 924 int i; 925 ufs2_daddr_t change; 926 #endif 927 928 if (uid == (uid_t)VNOVAL) 929 uid = ip->i_uid; 930 if (gid == (gid_t)VNOVAL) 931 gid = ip->i_gid; 932 /* 933 * To modify the ownership of a file, must possess VADMIN for that 934 * file. 935 */ 936 if ((error = VOP_ACCESSX(vp, VWRITE_OWNER, cred, td))) 937 return (error); 938 /* 939 * To change the owner of a file, or change the group of a file to a 940 * group of which we are not a member, the caller must have 941 * privilege. 942 */ 943 if (((uid != ip->i_uid && uid != cred->cr_uid) || 944 (gid != ip->i_gid && !groupmember(gid, cred))) && 945 (error = priv_check_cred(cred, PRIV_VFS_CHOWN))) 946 return (error); 947 ogid = ip->i_gid; 948 ouid = ip->i_uid; 949 #ifdef QUOTA 950 if ((error = getinoquota(ip)) != 0) 951 return (error); 952 if (ouid == uid) { 953 dqrele(vp, ip->i_dquot[USRQUOTA]); 954 ip->i_dquot[USRQUOTA] = NODQUOT; 955 } 956 if (ogid == gid) { 957 dqrele(vp, ip->i_dquot[GRPQUOTA]); 958 ip->i_dquot[GRPQUOTA] = NODQUOT; 959 } 960 change = DIP(ip, i_blocks); 961 (void) chkdq(ip, -change, cred, CHOWN|FORCE); 962 (void) chkiq(ip, -1, cred, CHOWN|FORCE); 963 for (i = 0; i < MAXQUOTAS; i++) { 964 dqrele(vp, ip->i_dquot[i]); 965 ip->i_dquot[i] = NODQUOT; 966 } 967 #endif 968 ip->i_gid = gid; 969 DIP_SET(ip, i_gid, gid); 970 ip->i_uid = uid; 971 DIP_SET(ip, i_uid, uid); 972 #ifdef QUOTA 973 if ((error = getinoquota(ip)) == 0) { 974 if (ouid == uid) { 975 dqrele(vp, ip->i_dquot[USRQUOTA]); 976 ip->i_dquot[USRQUOTA] = NODQUOT; 977 } 978 if (ogid == gid) { 979 dqrele(vp, ip->i_dquot[GRPQUOTA]); 980 ip->i_dquot[GRPQUOTA] = NODQUOT; 981 } 982 if ((error = chkdq(ip, change, cred, CHOWN)) == 0) { 983 if ((error = chkiq(ip, 1, cred, CHOWN)) == 0) 984 goto good; 985 else 986 (void) chkdq(ip, -change, cred, CHOWN|FORCE); 987 } 988 for (i = 0; i < MAXQUOTAS; i++) { 989 dqrele(vp, ip->i_dquot[i]); 990 ip->i_dquot[i] = NODQUOT; 991 } 992 } 993 ip->i_gid = ogid; 994 DIP_SET(ip, i_gid, ogid); 995 ip->i_uid = ouid; 996 DIP_SET(ip, i_uid, ouid); 997 if (getinoquota(ip) == 0) { 998 if (ouid == uid) { 999 dqrele(vp, ip->i_dquot[USRQUOTA]); 1000 ip->i_dquot[USRQUOTA] = NODQUOT; 1001 } 1002 if (ogid == gid) { 1003 dqrele(vp, ip->i_dquot[GRPQUOTA]); 1004 ip->i_dquot[GRPQUOTA] = NODQUOT; 1005 } 1006 (void) chkdq(ip, change, cred, FORCE|CHOWN); 1007 (void) chkiq(ip, 1, cred, FORCE|CHOWN); 1008 (void) getinoquota(ip); 1009 } 1010 return (error); 1011 good: 1012 if (getinoquota(ip)) 1013 panic("ufs_chown: lost quota"); 1014 #endif /* QUOTA */ 1015 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 1016 if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) { 1017 if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID)) { 1018 UFS_INODE_SET_MODE(ip, ip->i_mode & ~(ISUID | ISGID)); 1019 DIP_SET(ip, i_mode, ip->i_mode); 1020 } 1021 } 1022 error = UFS_UPDATE(vp, 0); 1023 return (error); 1024 } 1025 1026 static int 1027 ufs_remove( 1028 struct vop_remove_args /* { 1029 struct vnode *a_dvp; 1030 struct vnode *a_vp; 1031 struct componentname *a_cnp; 1032 } */ *ap) 1033 { 1034 struct inode *ip; 1035 struct vnode *vp = ap->a_vp; 1036 struct vnode *dvp = ap->a_dvp; 1037 int error; 1038 struct thread *td; 1039 1040 td = curthread; 1041 ip = VTOI(vp); 1042 if ((ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) || 1043 (VTOI(dvp)->i_flags & APPEND)) 1044 return (EPERM); 1045 if (DOINGSUJ(dvp)) { 1046 error = softdep_prelink(dvp, vp, ap->a_cnp); 1047 if (error != 0) { 1048 MPASS(error == ERELOOKUP); 1049 return (error); 1050 } 1051 } 1052 1053 #ifdef UFS_GJOURNAL 1054 ufs_gjournal_orphan(vp); 1055 #endif 1056 error = ufs_dirremove(dvp, ip, ap->a_cnp->cn_flags, 0); 1057 if (ip->i_nlink <= 0) 1058 vp->v_vflag |= VV_NOSYNC; 1059 if (IS_SNAPSHOT(ip)) { 1060 /* 1061 * Avoid deadlock where another thread is trying to 1062 * update the inodeblock for dvp and is waiting on 1063 * snaplk. Temporary unlock the vnode lock for the 1064 * unlinked file and sync the directory. This should 1065 * allow vput() of the directory to not block later on 1066 * while holding the snapshot vnode locked, assuming 1067 * that the directory hasn't been unlinked too. 1068 */ 1069 VOP_UNLOCK(vp); 1070 (void) VOP_FSYNC(dvp, MNT_WAIT, td); 1071 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 1072 } 1073 return (error); 1074 } 1075 1076 static void 1077 print_bad_link_count(const char *funcname, struct vnode *dvp) 1078 { 1079 struct inode *dip; 1080 1081 dip = VTOI(dvp); 1082 uprintf("%s: Bad link count %d on parent inode %jd in file system %s\n", 1083 funcname, dip->i_effnlink, (intmax_t)dip->i_number, 1084 dvp->v_mount->mnt_stat.f_mntonname); 1085 } 1086 1087 /* 1088 * link vnode call 1089 */ 1090 static int 1091 ufs_link( 1092 struct vop_link_args /* { 1093 struct vnode *a_tdvp; 1094 struct vnode *a_vp; 1095 struct componentname *a_cnp; 1096 } */ *ap) 1097 { 1098 struct vnode *vp = ap->a_vp; 1099 struct vnode *tdvp = ap->a_tdvp; 1100 struct componentname *cnp = ap->a_cnp; 1101 struct inode *ip; 1102 struct direct newdir; 1103 int error; 1104 1105 if (DOINGSUJ(tdvp)) { 1106 error = softdep_prelink(tdvp, vp, cnp); 1107 if (error != 0) { 1108 MPASS(error == ERELOOKUP); 1109 return (error); 1110 } 1111 } 1112 1113 if (VTOI(tdvp)->i_effnlink < 2) { 1114 print_bad_link_count("ufs_link", tdvp); 1115 error = EINVAL; 1116 goto out; 1117 } 1118 error = ufs_sync_nlink(vp, tdvp); 1119 if (error != 0) 1120 goto out; 1121 ip = VTOI(vp); 1122 1123 /* 1124 * The file may have been removed after namei dropped the original 1125 * lock. 1126 */ 1127 if (ip->i_effnlink == 0) { 1128 error = ENOENT; 1129 goto out; 1130 } 1131 if (ip->i_flags & (IMMUTABLE | APPEND)) { 1132 error = EPERM; 1133 goto out; 1134 } 1135 1136 ip->i_effnlink++; 1137 ip->i_nlink++; 1138 DIP_SET(ip, i_nlink, ip->i_nlink); 1139 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 1140 if (DOINGSOFTDEP(vp)) 1141 softdep_setup_link(VTOI(tdvp), ip); 1142 error = UFS_UPDATE(vp, !DOINGSOFTDEP(vp) && !DOINGASYNC(vp)); 1143 if (!error) { 1144 ufs_makedirentry(ip, cnp, &newdir); 1145 error = ufs_direnter(tdvp, vp, &newdir, cnp, NULL); 1146 } 1147 1148 if (error) { 1149 ip->i_effnlink--; 1150 ip->i_nlink--; 1151 DIP_SET(ip, i_nlink, ip->i_nlink); 1152 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 1153 if (DOINGSOFTDEP(vp)) 1154 softdep_revert_link(VTOI(tdvp), ip); 1155 } 1156 out: 1157 return (error); 1158 } 1159 1160 /* 1161 * whiteout vnode call 1162 */ 1163 static int 1164 ufs_whiteout( 1165 struct vop_whiteout_args /* { 1166 struct vnode *a_dvp; 1167 struct componentname *a_cnp; 1168 int a_flags; 1169 } */ *ap) 1170 { 1171 struct vnode *dvp = ap->a_dvp; 1172 struct componentname *cnp = ap->a_cnp; 1173 struct direct newdir; 1174 int error = 0; 1175 1176 if (DOINGSUJ(dvp) && (ap->a_flags == CREATE || 1177 ap->a_flags == DELETE)) { 1178 error = softdep_prelink(dvp, NULL, cnp); 1179 if (error != 0) { 1180 MPASS(error == ERELOOKUP); 1181 return (error); 1182 } 1183 } 1184 1185 switch (ap->a_flags) { 1186 case LOOKUP: 1187 /* 4.4 format directories support whiteout operations */ 1188 if (!OFSFMT(dvp)) 1189 return (0); 1190 return (EOPNOTSUPP); 1191 1192 case CREATE: 1193 /* create a new directory whiteout */ 1194 #ifdef INVARIANTS 1195 if (OFSFMT(dvp)) 1196 panic("ufs_whiteout: old format filesystem"); 1197 #endif 1198 1199 newdir.d_ino = UFS_WINO; 1200 newdir.d_namlen = cnp->cn_namelen; 1201 bcopy(cnp->cn_nameptr, newdir.d_name, (unsigned)cnp->cn_namelen + 1); 1202 newdir.d_type = DT_WHT; 1203 error = ufs_direnter(dvp, NULL, &newdir, cnp, NULL); 1204 break; 1205 1206 case DELETE: 1207 /* remove an existing directory whiteout */ 1208 #ifdef INVARIANTS 1209 if (OFSFMT(dvp)) 1210 panic("ufs_whiteout: old format filesystem"); 1211 #endif 1212 1213 cnp->cn_flags &= ~DOWHITEOUT; 1214 error = ufs_dirremove(dvp, NULL, cnp->cn_flags, 0); 1215 break; 1216 default: 1217 panic("ufs_whiteout: unknown op"); 1218 } 1219 return (error); 1220 } 1221 1222 static volatile int rename_restarts; 1223 SYSCTL_INT(_vfs_ufs, OID_AUTO, rename_restarts, CTLFLAG_RD, 1224 __DEVOLATILE(int *, &rename_restarts), 0, 1225 "Times rename had to restart due to lock contention"); 1226 1227 /* 1228 * Rename system call. 1229 * rename("foo", "bar"); 1230 * is essentially 1231 * unlink("bar"); 1232 * link("foo", "bar"); 1233 * unlink("foo"); 1234 * but ``atomically''. Can't do full commit without saving state in the 1235 * inode on disk which isn't feasible at this time. Best we can do is 1236 * always guarantee the target exists. 1237 * 1238 * Basic algorithm is: 1239 * 1240 * 1) Bump link count on source while we're linking it to the 1241 * target. This also ensure the inode won't be deleted out 1242 * from underneath us while we work (it may be truncated by 1243 * a concurrent `trunc' or `open' for creation). 1244 * 2) Link source to destination. If destination already exists, 1245 * delete it first. 1246 * 3) Unlink source reference to inode if still around. If a 1247 * directory was moved and the parent of the destination 1248 * is different from the source, patch the ".." entry in the 1249 * directory. 1250 */ 1251 static int 1252 ufs_rename( 1253 struct vop_rename_args /* { 1254 struct vnode *a_fdvp; 1255 struct vnode *a_fvp; 1256 struct componentname *a_fcnp; 1257 struct vnode *a_tdvp; 1258 struct vnode *a_tvp; 1259 struct componentname *a_tcnp; 1260 } */ *ap) 1261 { 1262 struct vnode *tvp = ap->a_tvp; 1263 struct vnode *tdvp = ap->a_tdvp; 1264 struct vnode *fvp = ap->a_fvp; 1265 struct vnode *fdvp = ap->a_fdvp; 1266 struct vnode *nvp; 1267 struct componentname *tcnp = ap->a_tcnp; 1268 struct componentname *fcnp = ap->a_fcnp; 1269 struct thread *td = curthread; 1270 struct inode *fip, *tip, *tdp, *fdp; 1271 struct direct newdir; 1272 off_t endoff; 1273 int doingdirectory, newparent; 1274 int error = 0; 1275 struct mount *mp; 1276 ino_t ino; 1277 seqc_t fdvp_s, fvp_s, tdvp_s, tvp_s; 1278 bool checkpath_locked, want_seqc_end; 1279 1280 checkpath_locked = want_seqc_end = false; 1281 1282 endoff = 0; 1283 mp = tdvp->v_mount; 1284 VOP_UNLOCK(tdvp); 1285 if (tvp && tvp != tdvp) 1286 VOP_UNLOCK(tvp); 1287 /* 1288 * Check for cross-device rename. 1289 */ 1290 if ((fvp->v_mount != tdvp->v_mount) || 1291 (tvp && (fvp->v_mount != tvp->v_mount))) { 1292 error = EXDEV; 1293 mp = NULL; 1294 goto releout; 1295 } 1296 1297 fdvp_s = fvp_s = tdvp_s = tvp_s = SEQC_MOD; 1298 relock: 1299 /* 1300 * We need to acquire 2 to 4 locks depending on whether tvp is NULL 1301 * and fdvp and tdvp are the same directory. Subsequently we need 1302 * to double-check all paths and in the directory rename case we 1303 * need to verify that we are not creating a directory loop. To 1304 * handle this we acquire all but fdvp using non-blocking 1305 * acquisitions. If we fail to acquire any lock in the path we will 1306 * drop all held locks, acquire the new lock in a blocking fashion, 1307 * and then release it and restart the rename. This acquire/release 1308 * step ensures that we do not spin on a lock waiting for release. 1309 */ 1310 error = vn_lock(fdvp, LK_EXCLUSIVE); 1311 if (error) 1312 goto releout; 1313 if (vn_lock(tdvp, LK_EXCLUSIVE | LK_NOWAIT) != 0) { 1314 VOP_UNLOCK(fdvp); 1315 error = vn_lock(tdvp, LK_EXCLUSIVE); 1316 if (error) 1317 goto releout; 1318 VOP_UNLOCK(tdvp); 1319 atomic_add_int(&rename_restarts, 1); 1320 goto relock; 1321 } 1322 /* 1323 * Re-resolve fvp to be certain it still exists and fetch the 1324 * correct vnode. 1325 */ 1326 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino); 1327 if (error) { 1328 VOP_UNLOCK(fdvp); 1329 VOP_UNLOCK(tdvp); 1330 goto releout; 1331 } 1332 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp); 1333 if (error) { 1334 VOP_UNLOCK(fdvp); 1335 VOP_UNLOCK(tdvp); 1336 if (error != EBUSY) 1337 goto releout; 1338 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp); 1339 if (error != 0) 1340 goto releout; 1341 VOP_UNLOCK(nvp); 1342 vrele(fvp); 1343 fvp = nvp; 1344 atomic_add_int(&rename_restarts, 1); 1345 goto relock; 1346 } 1347 vrele(fvp); 1348 fvp = nvp; 1349 /* 1350 * Re-resolve tvp and acquire the vnode lock if present. 1351 */ 1352 error = ufs_lookup_ino(tdvp, NULL, tcnp, &ino); 1353 if (error != 0 && error != EJUSTRETURN) { 1354 VOP_UNLOCK(fdvp); 1355 VOP_UNLOCK(tdvp); 1356 VOP_UNLOCK(fvp); 1357 goto releout; 1358 } 1359 /* 1360 * If tvp disappeared we just carry on. 1361 */ 1362 if (error == EJUSTRETURN && tvp != NULL) { 1363 vrele(tvp); 1364 tvp = NULL; 1365 } 1366 /* 1367 * Get the tvp ino if the lookup succeeded. We may have to restart 1368 * if the non-blocking acquire fails. 1369 */ 1370 if (error == 0) { 1371 nvp = NULL; 1372 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp); 1373 if (tvp) 1374 vrele(tvp); 1375 tvp = nvp; 1376 if (error) { 1377 VOP_UNLOCK(fdvp); 1378 VOP_UNLOCK(tdvp); 1379 VOP_UNLOCK(fvp); 1380 if (error != EBUSY) 1381 goto releout; 1382 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp); 1383 if (error != 0) 1384 goto releout; 1385 vput(nvp); 1386 atomic_add_int(&rename_restarts, 1); 1387 goto relock; 1388 } 1389 } 1390 1391 if (DOINGSUJ(fdvp) && 1392 (seqc_in_modify(fdvp_s) || !vn_seqc_consistent(fdvp, fdvp_s) || 1393 seqc_in_modify(fvp_s) || !vn_seqc_consistent(fvp, fvp_s) || 1394 seqc_in_modify(tdvp_s) || !vn_seqc_consistent(tdvp, tdvp_s) || 1395 (tvp != NULL && (seqc_in_modify(tvp_s) || 1396 !vn_seqc_consistent(tvp, tvp_s))))) { 1397 error = softdep_prerename(fdvp, fvp, tdvp, tvp); 1398 if (error != 0) 1399 goto releout; 1400 } 1401 1402 fdp = VTOI(fdvp); 1403 fip = VTOI(fvp); 1404 tdp = VTOI(tdvp); 1405 tip = NULL; 1406 if (tvp) 1407 tip = VTOI(tvp); 1408 if (tvp && ((VTOI(tvp)->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) || 1409 (VTOI(tdvp)->i_flags & APPEND))) { 1410 error = EPERM; 1411 goto unlockout; 1412 } 1413 /* 1414 * Renaming a file to itself has no effect. The upper layers should 1415 * not call us in that case. However, things could change after 1416 * we drop the locks above. 1417 */ 1418 if (fvp == tvp) { 1419 error = 0; 1420 goto unlockout; 1421 } 1422 doingdirectory = 0; 1423 newparent = 0; 1424 ino = fip->i_number; 1425 if (fip->i_nlink >= UFS_LINK_MAX) { 1426 if (!DOINGSOFTDEP(fvp) || fip->i_effnlink >= UFS_LINK_MAX) { 1427 error = EMLINK; 1428 goto unlockout; 1429 } 1430 vfs_ref(mp); 1431 MPASS(!want_seqc_end); 1432 if (checkpath_locked) { 1433 sx_xunlock(&VFSTOUFS(mp)->um_checkpath_lock); 1434 checkpath_locked = false; 1435 } 1436 VOP_UNLOCK(fdvp); 1437 VOP_UNLOCK(fvp); 1438 vref(tdvp); 1439 if (tvp != NULL) 1440 vref(tvp); 1441 VOP_VPUT_PAIR(tdvp, &tvp, true); 1442 error = ufs_sync_nlink1(mp); 1443 vrele(fdvp); 1444 vrele(fvp); 1445 vrele(tdvp); 1446 if (tvp != NULL) 1447 vrele(tvp); 1448 return (error); 1449 } 1450 if ((fip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) 1451 || (fdp->i_flags & APPEND)) { 1452 error = EPERM; 1453 goto unlockout; 1454 } 1455 if ((fip->i_mode & IFMT) == IFDIR) { 1456 /* 1457 * Avoid ".", "..", and aliases of "." for obvious reasons. 1458 */ 1459 if ((fcnp->cn_namelen == 1 && fcnp->cn_nameptr[0] == '.') || 1460 fdp == fip || 1461 (fcnp->cn_flags | tcnp->cn_flags) & ISDOTDOT) { 1462 error = EINVAL; 1463 goto unlockout; 1464 } 1465 if (fdp->i_number != tdp->i_number) 1466 newparent = tdp->i_number; 1467 doingdirectory = 1; 1468 } 1469 if ((fvp->v_type == VDIR && fvp->v_mountedhere != NULL) || 1470 (tvp != NULL && tvp->v_type == VDIR && 1471 tvp->v_mountedhere != NULL)) { 1472 error = EXDEV; 1473 goto unlockout; 1474 } 1475 1476 /* 1477 * If ".." must be changed (ie the directory gets a new 1478 * parent) then the source directory must not be in the 1479 * directory hierarchy above the target, as this would 1480 * orphan everything below the source directory. Also 1481 * the user must have write permission in the source so 1482 * as to be able to change "..". 1483 */ 1484 if (doingdirectory && newparent) { 1485 error = VOP_ACCESS(fvp, VWRITE, tcnp->cn_cred, curthread); 1486 if (error) 1487 goto unlockout; 1488 1489 sx_xlock(&VFSTOUFS(mp)->um_checkpath_lock); 1490 checkpath_locked = true; 1491 error = ufs_checkpath(ino, fdp->i_number, tdp, tcnp->cn_cred, 1492 &ino); 1493 /* 1494 * We encountered a lock that we have to wait for. Unlock 1495 * everything else and VGET before restarting. 1496 */ 1497 if (ino) { 1498 sx_xunlock(&VFSTOUFS(mp)->um_checkpath_lock); 1499 checkpath_locked = false; 1500 VOP_UNLOCK(fdvp); 1501 VOP_UNLOCK(fvp); 1502 VOP_UNLOCK(tdvp); 1503 if (tvp) 1504 VOP_UNLOCK(tvp); 1505 error = VFS_VGET(mp, ino, LK_SHARED, &nvp); 1506 if (error == 0) 1507 vput(nvp); 1508 atomic_add_int(&rename_restarts, 1); 1509 goto relock; 1510 } 1511 if (error) 1512 goto unlockout; 1513 } 1514 if (fip->i_effnlink == 0 || fdp->i_effnlink == 0 || 1515 tdp->i_effnlink == 0) 1516 panic("Bad effnlink fip %p, fdp %p, tdp %p", fip, fdp, tdp); 1517 1518 if (tvp != NULL) 1519 vn_seqc_write_begin(tvp); 1520 vn_seqc_write_begin(tdvp); 1521 vn_seqc_write_begin(fvp); 1522 vn_seqc_write_begin(fdvp); 1523 want_seqc_end = true; 1524 1525 /* 1526 * 1) Bump link count while we're moving stuff 1527 * around. If we crash somewhere before 1528 * completing our work, the link count 1529 * may be wrong, but correctable. 1530 */ 1531 fip->i_effnlink++; 1532 fip->i_nlink++; 1533 DIP_SET(fip, i_nlink, fip->i_nlink); 1534 UFS_INODE_SET_FLAG(fip, IN_CHANGE); 1535 if (DOINGSOFTDEP(fvp)) 1536 softdep_setup_link(tdp, fip); 1537 error = UFS_UPDATE(fvp, !DOINGSOFTDEP(fvp) && !DOINGASYNC(fvp)); 1538 if (error) 1539 goto bad; 1540 1541 /* 1542 * 2) If target doesn't exist, link the target 1543 * to the source and unlink the source. 1544 * Otherwise, rewrite the target directory 1545 * entry to reference the source inode and 1546 * expunge the original entry's existence. 1547 */ 1548 if (tip == NULL) { 1549 if (ITODEV(tdp) != ITODEV(fip)) 1550 panic("ufs_rename: EXDEV"); 1551 if (doingdirectory && newparent) { 1552 /* 1553 * Account for ".." in new directory. 1554 * When source and destination have the same 1555 * parent we don't adjust the link count. The 1556 * actual link modification is completed when 1557 * .. is rewritten below. 1558 */ 1559 if (tdp->i_nlink >= UFS_LINK_MAX) { 1560 fip->i_effnlink--; 1561 fip->i_nlink--; 1562 DIP_SET(fip, i_nlink, fip->i_nlink); 1563 UFS_INODE_SET_FLAG(fip, IN_CHANGE); 1564 if (DOINGSOFTDEP(fvp)) 1565 softdep_revert_link(tdp, fip); 1566 if (!DOINGSOFTDEP(tdvp) || 1567 tdp->i_effnlink >= UFS_LINK_MAX) { 1568 error = EMLINK; 1569 goto unlockout; 1570 } 1571 MPASS(want_seqc_end); 1572 if (tvp != NULL) 1573 vn_seqc_write_end(tvp); 1574 vn_seqc_write_end(tdvp); 1575 vn_seqc_write_end(fvp); 1576 vn_seqc_write_end(fdvp); 1577 want_seqc_end = false; 1578 vfs_ref(mp); 1579 MPASS(checkpath_locked); 1580 sx_xunlock(&VFSTOUFS(mp)->um_checkpath_lock); 1581 checkpath_locked = false; 1582 VOP_UNLOCK(fdvp); 1583 VOP_UNLOCK(fvp); 1584 vref(tdvp); 1585 if (tvp != NULL) 1586 vref(tvp); 1587 VOP_VPUT_PAIR(tdvp, &tvp, true); 1588 error = ufs_sync_nlink1(mp); 1589 vrele(fdvp); 1590 vrele(fvp); 1591 vrele(tdvp); 1592 if (tvp != NULL) 1593 vrele(tvp); 1594 return (error); 1595 } 1596 } 1597 ufs_makedirentry(fip, tcnp, &newdir); 1598 error = ufs_direnter(tdvp, NULL, &newdir, tcnp, NULL); 1599 if (error) 1600 goto bad; 1601 /* Setup tdvp for directory compaction if needed. */ 1602 if (I_COUNT(tdp) != 0 && I_ENDOFF(tdp) != 0 && 1603 I_ENDOFF(tdp) < tdp->i_size) 1604 endoff = I_ENDOFF(tdp); 1605 } else { 1606 if (ITODEV(tip) != ITODEV(tdp) || ITODEV(tip) != ITODEV(fip)) 1607 panic("ufs_rename: EXDEV"); 1608 /* 1609 * Short circuit rename(foo, foo). 1610 */ 1611 if (tip->i_number == fip->i_number) 1612 panic("ufs_rename: same file"); 1613 /* 1614 * If the parent directory is "sticky", then the caller 1615 * must possess VADMIN for the parent directory, or the 1616 * destination of the rename. This implements append-only 1617 * directories. 1618 */ 1619 if ((tdp->i_mode & S_ISTXT) && 1620 VOP_ACCESS(tdvp, VADMIN, tcnp->cn_cred, td) && 1621 VOP_ACCESS(tvp, VADMIN, tcnp->cn_cred, td)) { 1622 error = EPERM; 1623 goto bad; 1624 } 1625 /* 1626 * Target must be empty if a directory and have no links 1627 * to it. Also, ensure source and target are compatible 1628 * (both directories, or both not directories). 1629 */ 1630 if ((tip->i_mode & IFMT) == IFDIR) { 1631 if ((tip->i_effnlink > 2) || 1632 !ufs_dirempty(tip, tdp->i_number, tcnp->cn_cred)) { 1633 error = ENOTEMPTY; 1634 goto bad; 1635 } 1636 if (!doingdirectory) { 1637 error = ENOTDIR; 1638 goto bad; 1639 } 1640 cache_purge(tdvp); 1641 } else if (doingdirectory) { 1642 error = EISDIR; 1643 goto bad; 1644 } 1645 if (doingdirectory) { 1646 if (!newparent) { 1647 tdp->i_effnlink--; 1648 if (DOINGSOFTDEP(tdvp)) 1649 softdep_change_linkcnt(tdp); 1650 } 1651 tip->i_effnlink--; 1652 if (DOINGSOFTDEP(tvp)) 1653 softdep_change_linkcnt(tip); 1654 } 1655 error = ufs_dirrewrite(tdp, tip, fip->i_number, 1656 IFTODT(fip->i_mode), 1657 (doingdirectory && newparent) ? newparent : doingdirectory); 1658 if (error) { 1659 if (doingdirectory) { 1660 if (!newparent) { 1661 tdp->i_effnlink++; 1662 if (DOINGSOFTDEP(tdvp)) 1663 softdep_change_linkcnt(tdp); 1664 } 1665 tip->i_effnlink++; 1666 if (DOINGSOFTDEP(tvp)) 1667 softdep_change_linkcnt(tip); 1668 } 1669 goto bad; 1670 } 1671 if (doingdirectory && !DOINGSOFTDEP(tvp)) { 1672 /* 1673 * The only stuff left in the directory is "." 1674 * and "..". The "." reference is inconsequential 1675 * since we are quashing it. We have removed the "." 1676 * reference and the reference in the parent directory, 1677 * but there may be other hard links. The soft 1678 * dependency code will arrange to do these operations 1679 * after the parent directory entry has been deleted on 1680 * disk, so when running with that code we avoid doing 1681 * them now. 1682 */ 1683 if (!newparent) { 1684 tdp->i_nlink--; 1685 DIP_SET(tdp, i_nlink, tdp->i_nlink); 1686 UFS_INODE_SET_FLAG(tdp, IN_CHANGE); 1687 } 1688 tip->i_nlink--; 1689 DIP_SET(tip, i_nlink, tip->i_nlink); 1690 UFS_INODE_SET_FLAG(tip, IN_CHANGE); 1691 } 1692 } 1693 1694 /* 1695 * 3) Unlink the source. We have to resolve the path again to 1696 * fixup the directory offset and count for ufs_dirremove. 1697 */ 1698 if (fdvp == tdvp) { 1699 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino); 1700 if (error) 1701 panic("ufs_rename: from entry went away!"); 1702 if (ino != fip->i_number) 1703 panic("ufs_rename: ino mismatch %ju != %ju\n", 1704 (uintmax_t)ino, (uintmax_t)fip->i_number); 1705 } 1706 /* 1707 * If the source is a directory with a 1708 * new parent, the link count of the old 1709 * parent directory must be decremented 1710 * and ".." set to point to the new parent. 1711 */ 1712 if (doingdirectory && newparent) { 1713 /* 1714 * If tip exists we simply use its link, otherwise we must 1715 * add a new one. 1716 */ 1717 if (tip == NULL) { 1718 tdp->i_effnlink++; 1719 tdp->i_nlink++; 1720 DIP_SET(tdp, i_nlink, tdp->i_nlink); 1721 UFS_INODE_SET_FLAG(tdp, IN_CHANGE); 1722 if (DOINGSOFTDEP(tdvp)) 1723 softdep_setup_dotdot_link(tdp, fip); 1724 error = UFS_UPDATE(tdvp, !DOINGSOFTDEP(tdvp) && 1725 !DOINGASYNC(tdvp)); 1726 /* Don't go to bad here as the new link exists. */ 1727 if (error) 1728 goto unlockout; 1729 } else if (DOINGSUJ(tdvp)) 1730 /* Journal must account for each new link. */ 1731 softdep_setup_dotdot_link(tdp, fip); 1732 SET_I_OFFSET(fip, mastertemplate.dot_reclen); 1733 if (ufs_dirrewrite(fip, fdp, newparent, DT_DIR, 0) != 0) 1734 ufs_dirbad(fip, mastertemplate.dot_reclen, 1735 "rename: missing .. entry"); 1736 cache_purge(fdvp); 1737 } 1738 error = ufs_dirremove(fdvp, fip, fcnp->cn_flags, 0); 1739 /* 1740 * The kern_renameat() looks up the fvp using the DELETE flag, which 1741 * causes the removal of the name cache entry for fvp. 1742 * As the relookup of the fvp is done in two steps: 1743 * ufs_lookup_ino() and then VFS_VGET(), another thread might do a 1744 * normal lookup of the from name just before the VFS_VGET() call, 1745 * causing the cache entry to be re-instantiated. 1746 * 1747 * The same issue also applies to tvp if it exists as 1748 * otherwise we may have a stale name cache entry for the new 1749 * name that references the old i-node if it has other links 1750 * or open file descriptors. 1751 */ 1752 cache_vop_rename(fdvp, fvp, tdvp, tvp, fcnp, tcnp); 1753 1754 unlockout: 1755 if (want_seqc_end) { 1756 if (tvp != NULL) 1757 vn_seqc_write_end(tvp); 1758 vn_seqc_write_end(tdvp); 1759 vn_seqc_write_end(fvp); 1760 vn_seqc_write_end(fdvp); 1761 } 1762 1763 if (checkpath_locked) 1764 sx_xunlock(&VFSTOUFS(mp)->um_checkpath_lock); 1765 1766 vput(fdvp); 1767 vput(fvp); 1768 1769 /* 1770 * If compaction or fsync was requested do it in 1771 * ffs_vput_pair() now that other locks are no longer needed. 1772 */ 1773 if (error == 0 && endoff != 0) { 1774 UFS_INODE_SET_FLAG(tdp, IN_ENDOFF); 1775 SET_I_ENDOFF(tdp, endoff); 1776 } 1777 VOP_VPUT_PAIR(tdvp, &tvp, true); 1778 return (error); 1779 1780 bad: 1781 fip->i_effnlink--; 1782 fip->i_nlink--; 1783 DIP_SET(fip, i_nlink, fip->i_nlink); 1784 UFS_INODE_SET_FLAG(fip, IN_CHANGE); 1785 if (DOINGSOFTDEP(fvp)) 1786 softdep_revert_link(tdp, fip); 1787 goto unlockout; 1788 1789 releout: 1790 if (want_seqc_end) { 1791 if (tvp != NULL) 1792 vn_seqc_write_end(tvp); 1793 vn_seqc_write_end(tdvp); 1794 vn_seqc_write_end(fvp); 1795 vn_seqc_write_end(fdvp); 1796 } 1797 1798 vrele(fdvp); 1799 vrele(fvp); 1800 vrele(tdvp); 1801 if (tvp) 1802 vrele(tvp); 1803 1804 return (error); 1805 } 1806 1807 #ifdef UFS_ACL 1808 static int 1809 ufs_do_posix1e_acl_inheritance_dir(struct vnode *dvp, struct vnode *tvp, 1810 mode_t dmode, struct ucred *cred, struct thread *td) 1811 { 1812 int error; 1813 struct inode *ip = VTOI(tvp); 1814 struct acl *dacl, *acl; 1815 1816 acl = acl_alloc(M_WAITOK); 1817 dacl = acl_alloc(M_WAITOK); 1818 1819 /* 1820 * Retrieve default ACL from parent, if any. 1821 */ 1822 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td); 1823 switch (error) { 1824 case 0: 1825 /* 1826 * Retrieved a default ACL, so merge mode and ACL if 1827 * necessary. If the ACL is empty, fall through to 1828 * the "not defined or available" case. 1829 */ 1830 if (acl->acl_cnt != 0) { 1831 dmode = acl_posix1e_newfilemode(dmode, acl); 1832 UFS_INODE_SET_MODE(ip, dmode); 1833 DIP_SET(ip, i_mode, dmode); 1834 *dacl = *acl; 1835 ufs_sync_acl_from_inode(ip, acl); 1836 break; 1837 } 1838 /* FALLTHROUGH */ 1839 1840 case EOPNOTSUPP: 1841 /* 1842 * Just use the mode as-is. 1843 */ 1844 UFS_INODE_SET_MODE(ip, dmode); 1845 DIP_SET(ip, i_mode, dmode); 1846 error = 0; 1847 goto out; 1848 1849 default: 1850 goto out; 1851 } 1852 1853 /* 1854 * XXX: If we abort now, will Soft Updates notify the extattr 1855 * code that the EAs for the file need to be released? 1856 */ 1857 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td); 1858 if (error == 0) 1859 error = VOP_SETACL(tvp, ACL_TYPE_DEFAULT, dacl, cred, td); 1860 switch (error) { 1861 case 0: 1862 break; 1863 1864 case EOPNOTSUPP: 1865 /* 1866 * XXX: This should not happen, as EOPNOTSUPP above 1867 * was supposed to free acl. 1868 */ 1869 printf("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()\n"); 1870 /* 1871 panic("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()"); 1872 */ 1873 break; 1874 1875 default: 1876 goto out; 1877 } 1878 1879 out: 1880 acl_free(acl); 1881 acl_free(dacl); 1882 1883 return (error); 1884 } 1885 1886 static int 1887 ufs_do_posix1e_acl_inheritance_file(struct vnode *dvp, struct vnode *tvp, 1888 mode_t mode, struct ucred *cred, struct thread *td) 1889 { 1890 int error; 1891 struct inode *ip = VTOI(tvp); 1892 struct acl *acl; 1893 1894 acl = acl_alloc(M_WAITOK); 1895 1896 /* 1897 * Retrieve default ACL for parent, if any. 1898 */ 1899 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td); 1900 switch (error) { 1901 case 0: 1902 /* 1903 * Retrieved a default ACL, so merge mode and ACL if 1904 * necessary. 1905 */ 1906 if (acl->acl_cnt != 0) { 1907 /* 1908 * Two possible ways for default ACL to not 1909 * be present. First, the EA can be 1910 * undefined, or second, the default ACL can 1911 * be blank. If it's blank, fall through to 1912 * the it's not defined case. 1913 */ 1914 mode = acl_posix1e_newfilemode(mode, acl); 1915 UFS_INODE_SET_MODE(ip, mode); 1916 DIP_SET(ip, i_mode, mode); 1917 ufs_sync_acl_from_inode(ip, acl); 1918 break; 1919 } 1920 /* FALLTHROUGH */ 1921 1922 case EOPNOTSUPP: 1923 /* 1924 * Just use the mode as-is. 1925 */ 1926 UFS_INODE_SET_MODE(ip, mode); 1927 DIP_SET(ip, i_mode, mode); 1928 error = 0; 1929 goto out; 1930 1931 default: 1932 goto out; 1933 } 1934 1935 /* 1936 * XXX: If we abort now, will Soft Updates notify the extattr 1937 * code that the EAs for the file need to be released? 1938 */ 1939 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td); 1940 switch (error) { 1941 case 0: 1942 break; 1943 1944 case EOPNOTSUPP: 1945 /* 1946 * XXX: This should not happen, as EOPNOTSUPP above was 1947 * supposed to free acl. 1948 */ 1949 printf("ufs_do_posix1e_acl_inheritance_file: VOP_GETACL() " 1950 "but no VOP_SETACL()\n"); 1951 /* panic("ufs_do_posix1e_acl_inheritance_file: VOP_GETACL() " 1952 "but no VOP_SETACL()"); */ 1953 break; 1954 1955 default: 1956 goto out; 1957 } 1958 1959 out: 1960 acl_free(acl); 1961 1962 return (error); 1963 } 1964 1965 static int 1966 ufs_do_nfs4_acl_inheritance(struct vnode *dvp, struct vnode *tvp, 1967 mode_t child_mode, struct ucred *cred, struct thread *td) 1968 { 1969 int error; 1970 struct acl *parent_aclp, *child_aclp; 1971 1972 parent_aclp = acl_alloc(M_WAITOK); 1973 child_aclp = acl_alloc(M_WAITOK | M_ZERO); 1974 1975 error = ufs_getacl_nfs4_internal(dvp, parent_aclp, td); 1976 if (error) 1977 goto out; 1978 acl_nfs4_compute_inherited_acl(parent_aclp, child_aclp, 1979 child_mode, VTOI(tvp)->i_uid, tvp->v_type == VDIR); 1980 error = ufs_setacl_nfs4_internal(tvp, child_aclp, td); 1981 if (error) 1982 goto out; 1983 out: 1984 acl_free(parent_aclp); 1985 acl_free(child_aclp); 1986 1987 return (error); 1988 } 1989 #endif 1990 1991 /* 1992 * Mkdir system call 1993 */ 1994 static int 1995 ufs_mkdir( 1996 struct vop_mkdir_args /* { 1997 struct vnode *a_dvp; 1998 struct vnode **a_vpp; 1999 struct componentname *a_cnp; 2000 struct vattr *a_vap; 2001 } */ *ap) 2002 { 2003 struct vnode *dvp = ap->a_dvp; 2004 struct vattr *vap = ap->a_vap; 2005 struct componentname *cnp = ap->a_cnp; 2006 struct inode *ip, *dp; 2007 struct vnode *tvp; 2008 struct buf *bp; 2009 struct dirtemplate dirtemplate, *dtp; 2010 struct direct newdir; 2011 int error, dmode; 2012 long blkoff; 2013 2014 dp = VTOI(dvp); 2015 error = ufs_sync_nlink(dvp, NULL); 2016 if (error != 0) 2017 goto out; 2018 dmode = vap->va_mode & 0777; 2019 dmode |= IFDIR; 2020 2021 /* 2022 * Must simulate part of ufs_makeinode here to acquire the inode, 2023 * but not have it entered in the parent directory. The entry is 2024 * made later after writing "." and ".." entries. 2025 */ 2026 if (dp->i_effnlink < 2) { 2027 print_bad_link_count("ufs_mkdir", dvp); 2028 error = EINVAL; 2029 goto out; 2030 } 2031 2032 if (DOINGSUJ(dvp)) { 2033 error = softdep_prelink(dvp, NULL, cnp); 2034 if (error != 0) { 2035 MPASS(error == ERELOOKUP); 2036 return (error); 2037 } 2038 } 2039 2040 error = UFS_VALLOC(dvp, dmode, cnp->cn_cred, &tvp); 2041 if (error) 2042 goto out; 2043 vn_seqc_write_begin(tvp); 2044 ip = VTOI(tvp); 2045 ip->i_gid = dp->i_gid; 2046 DIP_SET(ip, i_gid, dp->i_gid); 2047 #ifdef SUIDDIR 2048 { 2049 #ifdef QUOTA 2050 struct ucred ucred, *ucp; 2051 gid_t ucred_group; 2052 ucp = cnp->cn_cred; 2053 #endif 2054 /* 2055 * If we are hacking owners here, (only do this where told to) 2056 * and we are not giving it TO root, (would subvert quotas) 2057 * then go ahead and give it to the other user. 2058 * The new directory also inherits the SUID bit. 2059 * If user's UID and dir UID are the same, 2060 * 'give it away' so that the SUID is still forced on. 2061 */ 2062 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) && 2063 (dp->i_mode & ISUID) && dp->i_uid) { 2064 dmode |= ISUID; 2065 ip->i_uid = dp->i_uid; 2066 DIP_SET(ip, i_uid, dp->i_uid); 2067 #ifdef QUOTA 2068 if (dp->i_uid != cnp->cn_cred->cr_uid) { 2069 /* 2070 * Make sure the correct user gets charged 2071 * for the space. 2072 * Make a dummy credential for the victim. 2073 * XXX This seems to never be accessed out of 2074 * our context so a stack variable is ok. 2075 */ 2076 refcount_init(&ucred.cr_ref, 1); 2077 ucred.cr_uid = ip->i_uid; 2078 ucred.cr_ngroups = 1; 2079 ucred.cr_groups = &ucred_group; 2080 ucred.cr_groups[0] = dp->i_gid; 2081 ucp = &ucred; 2082 } 2083 #endif 2084 } else { 2085 ip->i_uid = cnp->cn_cred->cr_uid; 2086 DIP_SET(ip, i_uid, ip->i_uid); 2087 } 2088 #ifdef QUOTA 2089 if ((error = getinoquota(ip)) || 2090 (error = chkiq(ip, 1, ucp, 0))) { 2091 if (DOINGSOFTDEP(tvp)) 2092 softdep_revert_link(dp, ip); 2093 UFS_VFREE(tvp, ip->i_number, dmode); 2094 vn_seqc_write_end(tvp); 2095 vgone(tvp); 2096 vput(tvp); 2097 return (error); 2098 } 2099 #endif 2100 } 2101 #else /* !SUIDDIR */ 2102 ip->i_uid = cnp->cn_cred->cr_uid; 2103 DIP_SET(ip, i_uid, ip->i_uid); 2104 #ifdef QUOTA 2105 if ((error = getinoquota(ip)) || 2106 (error = chkiq(ip, 1, cnp->cn_cred, 0))) { 2107 if (DOINGSOFTDEP(tvp)) 2108 softdep_revert_link(dp, ip); 2109 UFS_VFREE(tvp, ip->i_number, dmode); 2110 vn_seqc_write_end(tvp); 2111 vgone(tvp); 2112 vput(tvp); 2113 return (error); 2114 } 2115 #endif 2116 #endif /* !SUIDDIR */ 2117 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE); 2118 UFS_INODE_SET_MODE(ip, dmode); 2119 DIP_SET(ip, i_mode, dmode); 2120 tvp->v_type = VDIR; /* Rest init'd in getnewvnode(). */ 2121 ip->i_effnlink = 2; 2122 ip->i_nlink = 2; 2123 DIP_SET(ip, i_nlink, 2); 2124 2125 if (cnp->cn_flags & ISWHITEOUT) { 2126 ip->i_flags |= UF_OPAQUE; 2127 DIP_SET(ip, i_flags, ip->i_flags); 2128 } 2129 2130 /* 2131 * Bump link count in parent directory to reflect work done below. 2132 * Should be done before reference is created so cleanup is 2133 * possible if we crash. 2134 */ 2135 dp->i_effnlink++; 2136 dp->i_nlink++; 2137 DIP_SET(dp, i_nlink, dp->i_nlink); 2138 UFS_INODE_SET_FLAG(dp, IN_CHANGE); 2139 if (DOINGSOFTDEP(dvp)) 2140 softdep_setup_mkdir(dp, ip); 2141 error = UFS_UPDATE(dvp, !DOINGSOFTDEP(dvp) && !DOINGASYNC(dvp)); 2142 if (error) 2143 goto bad; 2144 #ifdef MAC 2145 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) { 2146 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount, 2147 dvp, tvp, cnp); 2148 if (error) 2149 goto bad; 2150 } 2151 #endif 2152 #ifdef UFS_ACL 2153 if (dvp->v_mount->mnt_flag & MNT_ACLS) { 2154 error = ufs_do_posix1e_acl_inheritance_dir(dvp, tvp, dmode, 2155 cnp->cn_cred, curthread); 2156 if (error) 2157 goto bad; 2158 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) { 2159 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, dmode, 2160 cnp->cn_cred, curthread); 2161 if (error) 2162 goto bad; 2163 } 2164 #endif /* !UFS_ACL */ 2165 2166 /* 2167 * Initialize directory with "." and ".." from static template. 2168 */ 2169 if (!OFSFMT(dvp)) 2170 dtp = &mastertemplate; 2171 else 2172 dtp = (struct dirtemplate *)&omastertemplate; 2173 dirtemplate = *dtp; 2174 dirtemplate.dot_ino = ip->i_number; 2175 dirtemplate.dotdot_ino = dp->i_number; 2176 vnode_pager_setsize(tvp, DIRBLKSIZ); 2177 if ((error = UFS_BALLOC(tvp, (off_t)0, DIRBLKSIZ, cnp->cn_cred, 2178 BA_CLRBUF, &bp)) != 0) 2179 goto bad; 2180 ip->i_size = DIRBLKSIZ; 2181 DIP_SET(ip, i_size, DIRBLKSIZ); 2182 UFS_INODE_SET_FLAG(ip, IN_SIZEMOD | IN_CHANGE | IN_UPDATE); 2183 bcopy((caddr_t)&dirtemplate, (caddr_t)bp->b_data, sizeof dirtemplate); 2184 if (DOINGSOFTDEP(tvp)) { 2185 /* 2186 * Ensure that the entire newly allocated block is a 2187 * valid directory so that future growth within the 2188 * block does not have to ensure that the block is 2189 * written before the inode. 2190 */ 2191 blkoff = DIRBLKSIZ; 2192 while (blkoff < bp->b_bcount) { 2193 ((struct direct *) 2194 (bp->b_data + blkoff))->d_reclen = DIRBLKSIZ; 2195 blkoff += DIRBLKSIZ; 2196 } 2197 } 2198 if ((error = UFS_UPDATE(tvp, !DOINGSOFTDEP(tvp) && 2199 !DOINGASYNC(tvp))) != 0) { 2200 (void)bwrite(bp); 2201 goto bad; 2202 } 2203 /* 2204 * Directory set up, now install its entry in the parent directory. 2205 * 2206 * If we are not doing soft dependencies, then we must write out the 2207 * buffer containing the new directory body before entering the new 2208 * name in the parent. If we are doing soft dependencies, then the 2209 * buffer containing the new directory body will be passed to and 2210 * released in the soft dependency code after the code has attached 2211 * an appropriate ordering dependency to the buffer which ensures that 2212 * the buffer is written before the new name is written in the parent. 2213 */ 2214 if (DOINGASYNC(dvp)) 2215 bdwrite(bp); 2216 else if (!DOINGSOFTDEP(dvp) && ((error = bwrite(bp)))) 2217 goto bad; 2218 ufs_makedirentry(ip, cnp, &newdir); 2219 error = ufs_direnter(dvp, tvp, &newdir, cnp, bp); 2220 2221 bad: 2222 if (error == 0) { 2223 *ap->a_vpp = tvp; 2224 vn_seqc_write_end(tvp); 2225 } else { 2226 dp->i_effnlink--; 2227 dp->i_nlink--; 2228 DIP_SET(dp, i_nlink, dp->i_nlink); 2229 UFS_INODE_SET_FLAG(dp, IN_CHANGE); 2230 /* 2231 * No need to do an explicit VOP_TRUNCATE here, vrele will 2232 * do this for us because we set the link count to 0. 2233 */ 2234 ip->i_effnlink = 0; 2235 ip->i_nlink = 0; 2236 DIP_SET(ip, i_nlink, 0); 2237 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 2238 if (DOINGSOFTDEP(tvp)) 2239 softdep_revert_mkdir(dp, ip); 2240 vn_seqc_write_end(tvp); 2241 vgone(tvp); 2242 vput(tvp); 2243 } 2244 out: 2245 return (error); 2246 } 2247 2248 /* 2249 * Rmdir system call. 2250 */ 2251 static int 2252 ufs_rmdir( 2253 struct vop_rmdir_args /* { 2254 struct vnode *a_dvp; 2255 struct vnode *a_vp; 2256 struct componentname *a_cnp; 2257 } */ *ap) 2258 { 2259 struct vnode *vp = ap->a_vp; 2260 struct vnode *dvp = ap->a_dvp; 2261 struct componentname *cnp = ap->a_cnp; 2262 struct inode *ip, *dp; 2263 int error; 2264 2265 ip = VTOI(vp); 2266 dp = VTOI(dvp); 2267 2268 /* 2269 * Do not remove a directory that is in the process of being renamed. 2270 * Verify the directory is empty (and valid). Rmdir ".." will not be 2271 * valid since ".." will contain a reference to the current directory 2272 * and thus be non-empty. Do not allow the removal of mounted on 2273 * directories (this can happen when an NFS exported filesystem 2274 * tries to remove a locally mounted on directory). 2275 */ 2276 error = 0; 2277 if (dp->i_effnlink <= 2) { 2278 if (dp->i_effnlink == 2) 2279 print_bad_link_count("ufs_rmdir", dvp); 2280 error = EINVAL; 2281 goto out; 2282 } 2283 if (!ufs_dirempty(ip, dp->i_number, cnp->cn_cred)) { 2284 error = ENOTEMPTY; 2285 goto out; 2286 } 2287 if ((dp->i_flags & APPEND) 2288 || (ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))) { 2289 error = EPERM; 2290 goto out; 2291 } 2292 if (vp->v_mountedhere != 0) { 2293 error = EINVAL; 2294 goto out; 2295 } 2296 if (DOINGSUJ(dvp)) { 2297 error = softdep_prelink(dvp, vp, cnp); 2298 if (error != 0) { 2299 MPASS(error == ERELOOKUP); 2300 return (error); 2301 } 2302 } 2303 2304 #ifdef UFS_GJOURNAL 2305 ufs_gjournal_orphan(vp); 2306 #endif 2307 /* 2308 * Delete reference to directory before purging 2309 * inode. If we crash in between, the directory 2310 * will be reattached to lost+found, 2311 */ 2312 dp->i_effnlink--; 2313 ip->i_effnlink--; 2314 if (DOINGSOFTDEP(vp)) 2315 softdep_setup_rmdir(dp, ip); 2316 error = ufs_dirremove(dvp, ip, cnp->cn_flags, 1); 2317 if (error) { 2318 dp->i_effnlink++; 2319 ip->i_effnlink++; 2320 if (DOINGSOFTDEP(vp)) 2321 softdep_revert_rmdir(dp, ip); 2322 goto out; 2323 } 2324 /* 2325 * The only stuff left in the directory is "." and "..". The "." 2326 * reference is inconsequential since we are quashing it. The soft 2327 * dependency code will arrange to do these operations after 2328 * the parent directory entry has been deleted on disk, so 2329 * when running with that code we avoid doing them now. 2330 */ 2331 if (!DOINGSOFTDEP(vp)) { 2332 dp->i_nlink--; 2333 DIP_SET(dp, i_nlink, dp->i_nlink); 2334 UFS_INODE_SET_FLAG(dp, IN_CHANGE); 2335 error = UFS_UPDATE(dvp, 0); 2336 ip->i_nlink--; 2337 DIP_SET(ip, i_nlink, ip->i_nlink); 2338 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 2339 } 2340 cache_vop_rmdir(dvp, vp); 2341 #ifdef UFS_DIRHASH 2342 /* Kill any active hash; i_effnlink == 0, so it will not come back. */ 2343 if (ip->i_dirhash != NULL) 2344 ufsdirhash_free(ip); 2345 #endif 2346 out: 2347 return (error); 2348 } 2349 2350 /* 2351 * symlink -- make a symbolic link 2352 */ 2353 static int 2354 ufs_symlink( 2355 struct vop_symlink_args /* { 2356 struct vnode *a_dvp; 2357 struct vnode **a_vpp; 2358 struct componentname *a_cnp; 2359 struct vattr *a_vap; 2360 const char *a_target; 2361 } */ *ap) 2362 { 2363 struct vnode *vp, **vpp = ap->a_vpp; 2364 struct inode *ip; 2365 int len, error; 2366 2367 error = ufs_makeinode(IFLNK | ap->a_vap->va_mode, ap->a_dvp, 2368 vpp, ap->a_cnp, "ufs_symlink"); 2369 if (error) 2370 return (error); 2371 vp = *vpp; 2372 len = strlen(ap->a_target); 2373 if (len < VFSTOUFS(vp->v_mount)->um_maxsymlinklen) { 2374 ip = VTOI(vp); 2375 bcopy(ap->a_target, DIP(ip, i_shortlink), len); 2376 ip->i_size = len; 2377 DIP_SET(ip, i_size, len); 2378 UFS_INODE_SET_FLAG(ip, IN_SIZEMOD | IN_CHANGE | IN_UPDATE); 2379 error = UFS_UPDATE(vp, 0); 2380 } else 2381 error = vn_rdwr(UIO_WRITE, vp, __DECONST(void *, ap->a_target), 2382 len, (off_t)0, UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK, 2383 ap->a_cnp->cn_cred, NOCRED, NULL, NULL); 2384 if (error) 2385 vput(vp); 2386 return (error); 2387 } 2388 2389 /* 2390 * Vnode op for reading directories. 2391 */ 2392 int 2393 ufs_readdir( 2394 struct vop_readdir_args /* { 2395 struct vnode *a_vp; 2396 struct uio *a_uio; 2397 struct ucred *a_cred; 2398 int *a_eofflag; 2399 int *a_ncookies; 2400 uint64_t **a_cookies; 2401 } */ *ap) 2402 { 2403 struct vnode *vp = ap->a_vp; 2404 struct uio *uio = ap->a_uio; 2405 struct buf *bp; 2406 struct inode *ip; 2407 struct direct *dp, *edp; 2408 uint64_t *cookies; 2409 struct dirent dstdp; 2410 off_t offset, startoffset; 2411 size_t readcnt, skipcnt; 2412 ssize_t startresid; 2413 u_int ncookies; 2414 int error; 2415 2416 if (uio->uio_offset < 0) 2417 return (EINVAL); 2418 ip = VTOI(vp); 2419 if (ip->i_effnlink == 0) 2420 return (0); 2421 if (ap->a_ncookies != NULL) { 2422 if (uio->uio_resid < 0) 2423 ncookies = 0; 2424 else 2425 ncookies = uio->uio_resid; 2426 if (uio->uio_offset >= ip->i_size) 2427 ncookies = 0; 2428 else if (ip->i_size - uio->uio_offset < ncookies) 2429 ncookies = ip->i_size - uio->uio_offset; 2430 ncookies = ncookies / (offsetof(struct direct, d_name) + 4) + 1; 2431 cookies = malloc(ncookies * sizeof(*cookies), M_TEMP, M_WAITOK); 2432 *ap->a_ncookies = ncookies; 2433 *ap->a_cookies = cookies; 2434 } else { 2435 ncookies = 0; 2436 cookies = NULL; 2437 } 2438 offset = startoffset = uio->uio_offset; 2439 startresid = uio->uio_resid; 2440 error = 0; 2441 while (error == 0 && uio->uio_resid > 0 && 2442 uio->uio_offset < ip->i_size) { 2443 error = UFS_BLKATOFF(vp, uio->uio_offset, NULL, &bp); 2444 if (error) 2445 break; 2446 if (bp->b_offset + bp->b_bcount > ip->i_size) 2447 readcnt = ip->i_size - bp->b_offset; 2448 else 2449 readcnt = bp->b_bcount; 2450 skipcnt = (size_t)(uio->uio_offset - bp->b_offset) & 2451 ~(size_t)(DIRBLKSIZ - 1); 2452 offset = bp->b_offset + skipcnt; 2453 dp = (struct direct *)&bp->b_data[skipcnt]; 2454 edp = (struct direct *)&bp->b_data[readcnt]; 2455 while (error == 0 && uio->uio_resid > 0 && dp < edp) { 2456 if (dp->d_reclen <= offsetof(struct direct, d_name) || 2457 (caddr_t)dp + dp->d_reclen > (caddr_t)edp) { 2458 error = EIO; 2459 break; 2460 } 2461 #if BYTE_ORDER == LITTLE_ENDIAN 2462 /* Old filesystem format. */ 2463 if (OFSFMT(vp)) { 2464 dstdp.d_namlen = dp->d_type; 2465 dstdp.d_type = dp->d_namlen; 2466 } else 2467 #endif 2468 { 2469 dstdp.d_namlen = dp->d_namlen; 2470 dstdp.d_type = dp->d_type; 2471 } 2472 if (offsetof(struct direct, d_name) + dstdp.d_namlen > 2473 dp->d_reclen) { 2474 error = EIO; 2475 break; 2476 } 2477 if (offset < startoffset || dp->d_ino == 0) 2478 goto nextentry; 2479 dstdp.d_fileno = dp->d_ino; 2480 dstdp.d_reclen = GENERIC_DIRSIZ(&dstdp); 2481 bcopy(dp->d_name, dstdp.d_name, dstdp.d_namlen); 2482 /* NOTE: d_off is the offset of the *next* entry. */ 2483 dstdp.d_off = offset + dp->d_reclen; 2484 dirent_terminate(&dstdp); 2485 if (dstdp.d_reclen > uio->uio_resid) { 2486 if (uio->uio_resid == startresid) 2487 error = EINVAL; 2488 else 2489 error = EJUSTRETURN; 2490 break; 2491 } 2492 /* Advance dp. */ 2493 error = uiomove((caddr_t)&dstdp, dstdp.d_reclen, uio); 2494 if (error) 2495 break; 2496 if (cookies != NULL) { 2497 KASSERT(ncookies > 0, 2498 ("ufs_readdir: cookies buffer too small")); 2499 *cookies = offset + dp->d_reclen; 2500 cookies++; 2501 ncookies--; 2502 } 2503 nextentry: 2504 offset += dp->d_reclen; 2505 dp = (struct direct *)((caddr_t)dp + dp->d_reclen); 2506 } 2507 bqrelse(bp); 2508 uio->uio_offset = offset; 2509 } 2510 /* We need to correct uio_offset. */ 2511 uio->uio_offset = offset; 2512 if (error == EJUSTRETURN) 2513 error = 0; 2514 if (ap->a_ncookies != NULL) { 2515 if (error == 0) { 2516 *ap->a_ncookies -= ncookies; 2517 } else { 2518 free(*ap->a_cookies, M_TEMP); 2519 *ap->a_ncookies = 0; 2520 *ap->a_cookies = NULL; 2521 } 2522 } 2523 if (error == 0 && ap->a_eofflag) 2524 *ap->a_eofflag = ip->i_size <= uio->uio_offset; 2525 return (error); 2526 } 2527 2528 /* 2529 * Return target name of a symbolic link 2530 */ 2531 static int 2532 ufs_readlink( 2533 struct vop_readlink_args /* { 2534 struct vnode *a_vp; 2535 struct uio *a_uio; 2536 struct ucred *a_cred; 2537 } */ *ap) 2538 { 2539 struct vnode *vp = ap->a_vp; 2540 struct inode *ip = VTOI(vp); 2541 doff_t isize; 2542 2543 isize = ip->i_size; 2544 if (isize < VFSTOUFS(vp->v_mount)->um_maxsymlinklen) 2545 return (uiomove(DIP(ip, i_shortlink), isize, ap->a_uio)); 2546 return (VOP_READ(vp, ap->a_uio, 0, ap->a_cred)); 2547 } 2548 2549 /* 2550 * Calculate the logical to physical mapping if not done already, 2551 * then call the device strategy routine. 2552 * 2553 * In order to be able to swap to a file, the ufs_bmaparray() operation may not 2554 * deadlock on memory. See ufs_bmap() for details. 2555 */ 2556 static int 2557 ufs_strategy( 2558 struct vop_strategy_args /* { 2559 struct vnode *a_vp; 2560 struct buf *a_bp; 2561 } */ *ap) 2562 { 2563 struct buf *bp = ap->a_bp; 2564 struct vnode *vp = ap->a_vp; 2565 ufs2_daddr_t blkno; 2566 int error; 2567 2568 if (bp->b_blkno == bp->b_lblkno) { 2569 error = ufs_bmaparray(vp, bp->b_lblkno, &blkno, bp, NULL, NULL); 2570 bp->b_blkno = blkno; 2571 if (error) { 2572 bp->b_error = error; 2573 bp->b_ioflags |= BIO_ERROR; 2574 bufdone(bp); 2575 return (0); 2576 } 2577 if ((long)bp->b_blkno == -1) 2578 vfs_bio_clrbuf(bp); 2579 } 2580 if ((long)bp->b_blkno == -1) { 2581 bufdone(bp); 2582 return (0); 2583 } 2584 bp->b_iooffset = dbtob(bp->b_blkno); 2585 BO_STRATEGY(VFSTOUFS(vp->v_mount)->um_bo, bp); 2586 return (0); 2587 } 2588 2589 /* 2590 * Print out the contents of an inode. 2591 */ 2592 static int 2593 ufs_print( 2594 struct vop_print_args /* { 2595 struct vnode *a_vp; 2596 } */ *ap) 2597 { 2598 struct vnode *vp = ap->a_vp; 2599 struct inode *ip = VTOI(vp); 2600 2601 printf("\tnlink=%d, effnlink=%d, size=%jd", ip->i_nlink, 2602 ip->i_effnlink, (intmax_t)ip->i_size); 2603 if (I_IS_UFS2(ip)) 2604 printf(", extsize %d", ip->i_din2->di_extsize); 2605 printf("\n\tgeneration=%jx, uid=%d, gid=%d, flags=0x%b\n", 2606 (uintmax_t)ip->i_gen, ip->i_uid, ip->i_gid, 2607 (u_int)ip->i_flags, PRINT_INODE_FLAGS); 2608 printf("\tino %lu, on dev %s", (u_long)ip->i_number, 2609 devtoname(ITODEV(ip))); 2610 if (vp->v_type == VFIFO) 2611 fifo_printinfo(vp); 2612 printf("\n"); 2613 return (0); 2614 } 2615 2616 /* 2617 * Close wrapper for fifos. 2618 * 2619 * Update the times on the inode then do device close. 2620 */ 2621 static int 2622 ufsfifo_close( 2623 struct vop_close_args /* { 2624 struct vnode *a_vp; 2625 int a_fflag; 2626 struct ucred *a_cred; 2627 struct thread *a_td; 2628 } */ *ap) 2629 { 2630 2631 ufs_close(ap); 2632 return (fifo_specops.vop_close(ap)); 2633 } 2634 2635 /* 2636 * Return POSIX pathconf information applicable to ufs filesystems. 2637 */ 2638 static int 2639 ufs_pathconf( 2640 struct vop_pathconf_args /* { 2641 struct vnode *a_vp; 2642 int a_name; 2643 int *a_retval; 2644 } */ *ap) 2645 { 2646 int error; 2647 2648 error = 0; 2649 switch (ap->a_name) { 2650 case _PC_LINK_MAX: 2651 *ap->a_retval = UFS_LINK_MAX; 2652 break; 2653 case _PC_NAME_MAX: 2654 *ap->a_retval = UFS_MAXNAMLEN; 2655 break; 2656 case _PC_PIPE_BUF: 2657 if (ap->a_vp->v_type == VDIR || ap->a_vp->v_type == VFIFO) 2658 *ap->a_retval = PIPE_BUF; 2659 else 2660 error = EINVAL; 2661 break; 2662 case _PC_CHOWN_RESTRICTED: 2663 *ap->a_retval = 1; 2664 break; 2665 case _PC_NO_TRUNC: 2666 *ap->a_retval = 1; 2667 break; 2668 #ifdef UFS_ACL 2669 case _PC_ACL_EXTENDED: 2670 if (ap->a_vp->v_mount->mnt_flag & MNT_ACLS) 2671 *ap->a_retval = 1; 2672 else 2673 *ap->a_retval = 0; 2674 break; 2675 case _PC_ACL_NFS4: 2676 if (ap->a_vp->v_mount->mnt_flag & MNT_NFS4ACLS) 2677 *ap->a_retval = 1; 2678 else 2679 *ap->a_retval = 0; 2680 break; 2681 #endif 2682 case _PC_ACL_PATH_MAX: 2683 #ifdef UFS_ACL 2684 if (ap->a_vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS)) 2685 *ap->a_retval = ACL_MAX_ENTRIES; 2686 else 2687 *ap->a_retval = 3; 2688 #else 2689 *ap->a_retval = 3; 2690 #endif 2691 break; 2692 #ifdef MAC 2693 case _PC_MAC_PRESENT: 2694 if (ap->a_vp->v_mount->mnt_flag & MNT_MULTILABEL) 2695 *ap->a_retval = 1; 2696 else 2697 *ap->a_retval = 0; 2698 break; 2699 #endif 2700 case _PC_MIN_HOLE_SIZE: 2701 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2702 break; 2703 case _PC_PRIO_IO: 2704 *ap->a_retval = 0; 2705 break; 2706 case _PC_SYNC_IO: 2707 *ap->a_retval = 0; 2708 break; 2709 case _PC_ALLOC_SIZE_MIN: 2710 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_bsize; 2711 break; 2712 case _PC_FILESIZEBITS: 2713 *ap->a_retval = 64; 2714 break; 2715 case _PC_REC_INCR_XFER_SIZE: 2716 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2717 break; 2718 case _PC_REC_MAX_XFER_SIZE: 2719 *ap->a_retval = -1; /* means ``unlimited'' */ 2720 break; 2721 case _PC_REC_MIN_XFER_SIZE: 2722 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2723 break; 2724 case _PC_REC_XFER_ALIGN: 2725 *ap->a_retval = PAGE_SIZE; 2726 break; 2727 case _PC_SYMLINK_MAX: 2728 *ap->a_retval = MAXPATHLEN; 2729 break; 2730 2731 default: 2732 error = vop_stdpathconf(ap); 2733 break; 2734 } 2735 return (error); 2736 } 2737 2738 /* 2739 * Initialize the vnode associated with a new inode, handle aliased 2740 * vnodes. 2741 */ 2742 int 2743 ufs_vinit(struct mount *mntp, struct vop_vector *fifoops, struct vnode **vpp) 2744 { 2745 struct inode *ip; 2746 struct vnode *vp; 2747 2748 vp = *vpp; 2749 ASSERT_VOP_LOCKED(vp, "ufs_vinit"); 2750 ip = VTOI(vp); 2751 vp->v_type = IFTOVT(ip->i_mode); 2752 /* 2753 * Only unallocated inodes should be of type VNON. 2754 */ 2755 if (ip->i_mode != 0 && vp->v_type == VNON) 2756 return (EINVAL); 2757 if (vp->v_type == VFIFO) 2758 vp->v_op = fifoops; 2759 if (ip->i_number == UFS_ROOTINO) 2760 vp->v_vflag |= VV_ROOT; 2761 *vpp = vp; 2762 return (0); 2763 } 2764 2765 /* 2766 * Allocate a new inode. 2767 * Vnode dvp must be locked. 2768 */ 2769 static int 2770 ufs_makeinode(int mode, struct vnode *dvp, struct vnode **vpp, 2771 struct componentname *cnp, const char *callfunc) 2772 { 2773 struct inode *ip, *pdir; 2774 struct direct newdir; 2775 struct vnode *tvp; 2776 int error; 2777 2778 pdir = VTOI(dvp); 2779 *vpp = NULL; 2780 if ((mode & IFMT) == 0) 2781 mode |= IFREG; 2782 2783 if (pdir->i_effnlink < 2) { 2784 print_bad_link_count(callfunc, dvp); 2785 return (EINVAL); 2786 } 2787 if (DOINGSUJ(dvp)) { 2788 error = softdep_prelink(dvp, NULL, cnp); 2789 if (error != 0) { 2790 MPASS(error == ERELOOKUP); 2791 return (error); 2792 } 2793 } 2794 error = UFS_VALLOC(dvp, mode, cnp->cn_cred, &tvp); 2795 if (error) 2796 return (error); 2797 ip = VTOI(tvp); 2798 ip->i_gid = pdir->i_gid; 2799 DIP_SET(ip, i_gid, pdir->i_gid); 2800 #ifdef SUIDDIR 2801 { 2802 #ifdef QUOTA 2803 struct ucred ucred, *ucp; 2804 gid_t ucred_group; 2805 ucp = cnp->cn_cred; 2806 #endif 2807 /* 2808 * If we are not the owner of the directory, 2809 * and we are hacking owners here, (only do this where told to) 2810 * and we are not giving it TO root, (would subvert quotas) 2811 * then go ahead and give it to the other user. 2812 * Note that this drops off the execute bits for security. 2813 */ 2814 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) && 2815 (pdir->i_mode & ISUID) && 2816 (pdir->i_uid != cnp->cn_cred->cr_uid) && pdir->i_uid) { 2817 ip->i_uid = pdir->i_uid; 2818 DIP_SET(ip, i_uid, ip->i_uid); 2819 mode &= ~07111; 2820 #ifdef QUOTA 2821 /* 2822 * Make sure the correct user gets charged 2823 * for the space. 2824 * Quickly knock up a dummy credential for the victim. 2825 * XXX This seems to never be accessed out of our 2826 * context so a stack variable is ok. 2827 */ 2828 refcount_init(&ucred.cr_ref, 1); 2829 ucred.cr_uid = ip->i_uid; 2830 ucred.cr_ngroups = 1; 2831 ucred.cr_groups = &ucred_group; 2832 ucred.cr_groups[0] = pdir->i_gid; 2833 ucp = &ucred; 2834 #endif 2835 } else { 2836 ip->i_uid = cnp->cn_cred->cr_uid; 2837 DIP_SET(ip, i_uid, ip->i_uid); 2838 } 2839 2840 #ifdef QUOTA 2841 if ((error = getinoquota(ip)) || 2842 (error = chkiq(ip, 1, ucp, 0))) { 2843 if (DOINGSOFTDEP(tvp)) 2844 softdep_revert_link(pdir, ip); 2845 UFS_VFREE(tvp, ip->i_number, mode); 2846 vgone(tvp); 2847 vput(tvp); 2848 return (error); 2849 } 2850 #endif 2851 } 2852 #else /* !SUIDDIR */ 2853 ip->i_uid = cnp->cn_cred->cr_uid; 2854 DIP_SET(ip, i_uid, ip->i_uid); 2855 #ifdef QUOTA 2856 if ((error = getinoquota(ip)) || 2857 (error = chkiq(ip, 1, cnp->cn_cred, 0))) { 2858 if (DOINGSOFTDEP(tvp)) 2859 softdep_revert_link(pdir, ip); 2860 UFS_VFREE(tvp, ip->i_number, mode); 2861 vgone(tvp); 2862 vput(tvp); 2863 return (error); 2864 } 2865 #endif 2866 #endif /* !SUIDDIR */ 2867 vn_seqc_write_begin(tvp); /* Mostly to cover asserts */ 2868 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE); 2869 UFS_INODE_SET_MODE(ip, mode); 2870 DIP_SET(ip, i_mode, mode); 2871 tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */ 2872 ip->i_effnlink = 1; 2873 ip->i_nlink = 1; 2874 DIP_SET(ip, i_nlink, 1); 2875 if (DOINGSOFTDEP(tvp)) 2876 softdep_setup_create(VTOI(dvp), ip); 2877 if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) && 2878 priv_check_cred(cnp->cn_cred, PRIV_VFS_SETGID)) { 2879 UFS_INODE_SET_MODE(ip, ip->i_mode & ~ISGID); 2880 DIP_SET(ip, i_mode, ip->i_mode); 2881 } 2882 2883 if (cnp->cn_flags & ISWHITEOUT) { 2884 ip->i_flags |= UF_OPAQUE; 2885 DIP_SET(ip, i_flags, ip->i_flags); 2886 } 2887 2888 /* 2889 * Make sure inode goes to disk before directory entry. 2890 */ 2891 error = UFS_UPDATE(tvp, !DOINGSOFTDEP(tvp) && !DOINGASYNC(tvp)); 2892 if (error) 2893 goto bad; 2894 #ifdef MAC 2895 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) { 2896 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount, 2897 dvp, tvp, cnp); 2898 if (error) 2899 goto bad; 2900 } 2901 #endif 2902 #ifdef UFS_ACL 2903 if (dvp->v_mount->mnt_flag & MNT_ACLS) { 2904 error = ufs_do_posix1e_acl_inheritance_file(dvp, tvp, mode, 2905 cnp->cn_cred, curthread); 2906 if (error) 2907 goto bad; 2908 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) { 2909 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, mode, 2910 cnp->cn_cred, curthread); 2911 if (error) 2912 goto bad; 2913 } 2914 #endif /* !UFS_ACL */ 2915 ufs_makedirentry(ip, cnp, &newdir); 2916 error = ufs_direnter(dvp, tvp, &newdir, cnp, NULL); 2917 if (error) 2918 goto bad; 2919 vn_seqc_write_end(tvp); 2920 *vpp = tvp; 2921 return (0); 2922 2923 bad: 2924 /* 2925 * Write error occurred trying to update the inode 2926 * or the directory so must deallocate the inode. 2927 */ 2928 ip->i_effnlink = 0; 2929 ip->i_nlink = 0; 2930 DIP_SET(ip, i_nlink, 0); 2931 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 2932 if (DOINGSOFTDEP(tvp)) 2933 softdep_revert_create(VTOI(dvp), ip); 2934 vn_seqc_write_end(tvp); 2935 vgone(tvp); 2936 vput(tvp); 2937 return (error); 2938 } 2939 2940 static int 2941 ufs_ioctl(struct vop_ioctl_args *ap) 2942 { 2943 struct vnode *vp; 2944 int error; 2945 2946 vp = ap->a_vp; 2947 switch (ap->a_command) { 2948 case FIOSEEKDATA: 2949 error = vn_lock(vp, LK_EXCLUSIVE); 2950 if (error == 0) { 2951 error = ufs_bmap_seekdata(vp, (off_t *)ap->a_data); 2952 VOP_UNLOCK(vp); 2953 } else 2954 error = EBADF; 2955 return (error); 2956 case FIOSEEKHOLE: 2957 return (vn_bmap_seekhole(vp, ap->a_command, (off_t *)ap->a_data, 2958 ap->a_cred)); 2959 default: 2960 return (ENOTTY); 2961 } 2962 } 2963 2964 static int 2965 ufs_read_pgcache(struct vop_read_pgcache_args *ap) 2966 { 2967 struct uio *uio; 2968 struct vnode *vp; 2969 2970 uio = ap->a_uio; 2971 vp = ap->a_vp; 2972 VNPASS((vn_irflag_read(vp) & VIRF_PGREAD) != 0, vp); 2973 2974 if (uio->uio_resid > ptoa(io_hold_cnt) || uio->uio_offset < 0 || 2975 (ap->a_ioflag & IO_DIRECT) != 0) 2976 return (EJUSTRETURN); 2977 return (vn_read_from_obj(vp, uio)); 2978 } 2979 2980 /* Global vfs data structures for ufs. */ 2981 struct vop_vector ufs_vnodeops = { 2982 .vop_default = &default_vnodeops, 2983 .vop_fsync = VOP_PANIC, 2984 .vop_read = VOP_PANIC, 2985 .vop_reallocblks = VOP_PANIC, 2986 .vop_write = VOP_PANIC, 2987 .vop_accessx = ufs_accessx, 2988 .vop_bmap = ufs_bmap, 2989 .vop_fplookup_vexec = ufs_fplookup_vexec, 2990 .vop_fplookup_symlink = VOP_EAGAIN, 2991 .vop_cachedlookup = ufs_lookup, 2992 .vop_close = ufs_close, 2993 .vop_create = ufs_create, 2994 .vop_stat = ufs_stat, 2995 .vop_getattr = ufs_getattr, 2996 .vop_inactive = ufs_inactive, 2997 .vop_ioctl = ufs_ioctl, 2998 .vop_link = ufs_link, 2999 .vop_lookup = vfs_cache_lookup, 3000 .vop_mmapped = ufs_mmapped, 3001 .vop_mkdir = ufs_mkdir, 3002 .vop_mknod = ufs_mknod, 3003 .vop_need_inactive = ufs_need_inactive, 3004 .vop_open = ufs_open, 3005 .vop_pathconf = ufs_pathconf, 3006 .vop_poll = vop_stdpoll, 3007 .vop_print = ufs_print, 3008 .vop_read_pgcache = ufs_read_pgcache, 3009 .vop_readdir = ufs_readdir, 3010 .vop_readlink = ufs_readlink, 3011 .vop_reclaim = ufs_reclaim, 3012 .vop_remove = ufs_remove, 3013 .vop_rename = ufs_rename, 3014 .vop_rmdir = ufs_rmdir, 3015 .vop_setattr = ufs_setattr, 3016 #ifdef MAC 3017 .vop_setlabel = vop_stdsetlabel_ea, 3018 #endif 3019 .vop_strategy = ufs_strategy, 3020 .vop_symlink = ufs_symlink, 3021 .vop_whiteout = ufs_whiteout, 3022 #ifdef UFS_EXTATTR 3023 .vop_getextattr = ufs_getextattr, 3024 .vop_deleteextattr = ufs_deleteextattr, 3025 .vop_setextattr = ufs_setextattr, 3026 #endif 3027 #ifdef UFS_ACL 3028 .vop_getacl = ufs_getacl, 3029 .vop_setacl = ufs_setacl, 3030 .vop_aclcheck = ufs_aclcheck, 3031 #endif 3032 }; 3033 VFS_VOP_VECTOR_REGISTER(ufs_vnodeops); 3034 3035 struct vop_vector ufs_fifoops = { 3036 .vop_default = &fifo_specops, 3037 .vop_fsync = VOP_PANIC, 3038 .vop_accessx = ufs_accessx, 3039 .vop_close = ufsfifo_close, 3040 .vop_getattr = ufs_getattr, 3041 .vop_inactive = ufs_inactive, 3042 .vop_pathconf = ufs_pathconf, 3043 .vop_print = ufs_print, 3044 .vop_read = VOP_PANIC, 3045 .vop_reclaim = ufs_reclaim, 3046 .vop_setattr = ufs_setattr, 3047 #ifdef MAC 3048 .vop_setlabel = vop_stdsetlabel_ea, 3049 #endif 3050 .vop_write = VOP_PANIC, 3051 #ifdef UFS_EXTATTR 3052 .vop_getextattr = ufs_getextattr, 3053 .vop_deleteextattr = ufs_deleteextattr, 3054 .vop_setextattr = ufs_setextattr, 3055 #endif 3056 #ifdef UFS_ACL 3057 .vop_getacl = ufs_getacl, 3058 .vop_setacl = ufs_setacl, 3059 .vop_aclcheck = ufs_aclcheck, 3060 #endif 3061 }; 3062 VFS_VOP_VECTOR_REGISTER(ufs_fifoops); 3063