1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1982, 1986, 1989, 1993, 1995 5 * The Regents of the University of California. All rights reserved. 6 * (c) UNIX System Laboratories, Inc. 7 * All or some portions of this file are derived from material licensed 8 * to the University of California by American Telephone and Telegraph 9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 10 * the permission of UNIX System Laboratories, Inc. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 */ 36 37 #include <sys/cdefs.h> 38 #include "opt_quota.h" 39 #include "opt_suiddir.h" 40 #include "opt_ufs.h" 41 #include "opt_ffs.h" 42 43 #include <sys/param.h> 44 #include <sys/systm.h> 45 #include <sys/malloc.h> 46 #include <sys/namei.h> 47 #include <sys/kernel.h> 48 #include <sys/fcntl.h> 49 #include <sys/filio.h> 50 #include <sys/stat.h> 51 #include <sys/bio.h> 52 #include <sys/buf.h> 53 #include <sys/mount.h> 54 #include <sys/priv.h> 55 #include <sys/refcount.h> 56 #include <sys/unistd.h> 57 #include <sys/vnode.h> 58 #include <sys/dirent.h> 59 #include <sys/lockf.h> 60 #include <sys/conf.h> 61 #include <sys/acl.h> 62 #include <sys/smr.h> 63 64 #include <security/audit/audit.h> 65 #include <security/mac/mac_framework.h> 66 67 #include <sys/file.h> /* XXX */ 68 69 #include <vm/vm.h> 70 #include <vm/vm_extern.h> 71 72 #include <ufs/ufs/acl.h> 73 #include <ufs/ufs/extattr.h> 74 #include <ufs/ufs/quota.h> 75 #include <ufs/ufs/inode.h> 76 #include <ufs/ufs/dir.h> 77 #include <ufs/ufs/ufsmount.h> 78 #include <ufs/ufs/ufs_extern.h> 79 #ifdef UFS_DIRHASH 80 #include <ufs/ufs/dirhash.h> 81 #endif 82 #ifdef UFS_GJOURNAL 83 #include <ufs/ufs/gjournal.h> 84 FEATURE(ufs_gjournal, "Journaling support through GEOM for UFS"); 85 #endif 86 87 #ifdef QUOTA 88 FEATURE(ufs_quota, "UFS disk quotas support"); 89 FEATURE(ufs_quota64, "64bit UFS disk quotas support"); 90 #endif 91 92 #ifdef SUIDDIR 93 FEATURE(suiddir, 94 "Give all new files in directory the same ownership as the directory"); 95 #endif 96 97 VFS_SMR_DECLARE; 98 99 #include <ufs/ffs/ffs_extern.h> 100 101 static vop_accessx_t ufs_accessx; 102 vop_fplookup_vexec_t ufs_fplookup_vexec; 103 static int ufs_chmod(struct vnode *, int, struct ucred *, struct thread *); 104 static int ufs_chown(struct vnode *, uid_t, gid_t, struct ucred *, 105 struct thread *); 106 static vop_close_t ufs_close; 107 static vop_create_t ufs_create; 108 static vop_stat_t ufs_stat; 109 static vop_getattr_t ufs_getattr; 110 static vop_ioctl_t ufs_ioctl; 111 static vop_link_t ufs_link; 112 static int ufs_makeinode(int mode, struct vnode *, struct vnode **, 113 struct componentname *, const char *); 114 static vop_mmapped_t ufs_mmapped; 115 static vop_mkdir_t ufs_mkdir; 116 static vop_mknod_t ufs_mknod; 117 static vop_open_t ufs_open; 118 static vop_pathconf_t ufs_pathconf; 119 static vop_print_t ufs_print; 120 static vop_readlink_t ufs_readlink; 121 static vop_remove_t ufs_remove; 122 static vop_rename_t ufs_rename; 123 static vop_rmdir_t ufs_rmdir; 124 static vop_setattr_t ufs_setattr; 125 static vop_strategy_t ufs_strategy; 126 static vop_symlink_t ufs_symlink; 127 static vop_whiteout_t ufs_whiteout; 128 static vop_close_t ufsfifo_close; 129 130 SYSCTL_NODE(_vfs, OID_AUTO, ufs, CTLFLAG_RD | CTLFLAG_MPSAFE, 0, 131 "UFS filesystem"); 132 133 /* 134 * A virgin directory (no blushing please). 135 */ 136 static struct dirtemplate mastertemplate = { 137 0, 12, DT_DIR, 1, ".", 138 0, DIRBLKSIZ - 12, DT_DIR, 2, ".." 139 }; 140 static struct odirtemplate omastertemplate = { 141 0, 12, 1, ".", 142 0, DIRBLKSIZ - 12, 2, ".." 143 }; 144 145 static void 146 ufs_itimes_locked(struct vnode *vp) 147 { 148 struct inode *ip; 149 struct timespec ts; 150 151 ASSERT_VI_LOCKED(vp, __func__); 152 153 ip = VTOI(vp); 154 if (UFS_RDONLY(ip)) 155 goto out; 156 if ((ip->i_flag & (IN_ACCESS | IN_CHANGE | IN_UPDATE)) == 0) 157 return; 158 159 if ((vp->v_type == VBLK || vp->v_type == VCHR) && !DOINGSOFTDEP(vp)) 160 UFS_INODE_SET_FLAG(ip, IN_LAZYMOD); 161 else if (((vp->v_mount->mnt_kern_flag & 162 (MNTK_SUSPENDED | MNTK_SUSPEND)) == 0) || 163 (ip->i_flag & (IN_CHANGE | IN_UPDATE))) 164 UFS_INODE_SET_FLAG(ip, IN_MODIFIED); 165 else if (ip->i_flag & IN_ACCESS) 166 UFS_INODE_SET_FLAG(ip, IN_LAZYACCESS); 167 vfs_timestamp(&ts); 168 if (ip->i_flag & IN_ACCESS) { 169 DIP_SET(ip, i_atime, ts.tv_sec); 170 DIP_SET(ip, i_atimensec, ts.tv_nsec); 171 } 172 if (ip->i_flag & IN_UPDATE) { 173 DIP_SET(ip, i_mtime, ts.tv_sec); 174 DIP_SET(ip, i_mtimensec, ts.tv_nsec); 175 } 176 if (ip->i_flag & IN_CHANGE) { 177 DIP_SET(ip, i_ctime, ts.tv_sec); 178 DIP_SET(ip, i_ctimensec, ts.tv_nsec); 179 DIP_SET(ip, i_modrev, DIP(ip, i_modrev) + 1); 180 } 181 182 out: 183 ip->i_flag &= ~(IN_ACCESS | IN_CHANGE | IN_UPDATE); 184 } 185 186 void 187 ufs_itimes(struct vnode *vp) 188 { 189 struct inode *ip; 190 191 ip = VTOI(vp); 192 if ((ip->i_flag & (IN_ACCESS | IN_CHANGE | IN_UPDATE)) == 0) 193 return; 194 195 VI_LOCK(vp); 196 ufs_itimes_locked(vp); 197 VI_UNLOCK(vp); 198 } 199 200 static int 201 ufs_sync_nlink1(struct mount *mp) 202 { 203 int error; 204 205 error = vfs_busy(mp, 0); 206 if (error == 0) { 207 VFS_SYNC(mp, MNT_WAIT); 208 vfs_unbusy(mp); 209 error = ERELOOKUP; 210 } 211 vfs_rel(mp); 212 return (error); 213 } 214 215 static int 216 ufs_sync_nlink(struct vnode *vp, struct vnode *vp1) 217 { 218 struct inode *ip; 219 struct mount *mp; 220 int error; 221 222 ip = VTOI(vp); 223 if (ip->i_nlink < UFS_LINK_MAX) 224 return (0); 225 if (!DOINGSOFTDEP(vp) || ip->i_effnlink >= UFS_LINK_MAX) 226 return (EMLINK); 227 228 mp = vp->v_mount; 229 vfs_ref(mp); 230 VOP_UNLOCK(vp); 231 if (vp1 != NULL) 232 VOP_UNLOCK(vp1); 233 error = ufs_sync_nlink1(mp); 234 vn_lock_pair(vp, false, LK_EXCLUSIVE, vp1, false, LK_EXCLUSIVE); 235 return (error); 236 } 237 238 /* 239 * Create a regular file 240 */ 241 static int 242 ufs_create( 243 struct vop_create_args /* { 244 struct vnode *a_dvp; 245 struct vnode **a_vpp; 246 struct componentname *a_cnp; 247 struct vattr *a_vap; 248 } */ *ap) 249 { 250 int error; 251 252 error = 253 ufs_makeinode(MAKEIMODE(ap->a_vap->va_type, ap->a_vap->va_mode), 254 ap->a_dvp, ap->a_vpp, ap->a_cnp, "ufs_create"); 255 if (error != 0) 256 return (error); 257 if ((ap->a_cnp->cn_flags & MAKEENTRY) != 0) 258 cache_enter(ap->a_dvp, *ap->a_vpp, ap->a_cnp); 259 return (0); 260 } 261 262 /* 263 * Mknod vnode call 264 */ 265 /* ARGSUSED */ 266 static int 267 ufs_mknod( 268 struct vop_mknod_args /* { 269 struct vnode *a_dvp; 270 struct vnode **a_vpp; 271 struct componentname *a_cnp; 272 struct vattr *a_vap; 273 } */ *ap) 274 { 275 struct vattr *vap = ap->a_vap; 276 struct vnode **vpp = ap->a_vpp; 277 struct inode *ip; 278 ino_t ino; 279 int error; 280 281 error = ufs_makeinode(MAKEIMODE(vap->va_type, vap->va_mode), 282 ap->a_dvp, vpp, ap->a_cnp, "ufs_mknod"); 283 if (error) 284 return (error); 285 ip = VTOI(*vpp); 286 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE); 287 if (vap->va_rdev != VNOVAL) { 288 /* 289 * Want to be able to use this to make badblock 290 * inodes, so don't truncate the dev number. 291 */ 292 DIP_SET(ip, i_rdev, vap->va_rdev); 293 } 294 /* 295 * Remove inode, then reload it through VFS_VGET(). This is 296 * needed to do further inode initialization, for instance 297 * fifo, which was too early for VFS_VGET() done as part of 298 * UFS_VALLOC(). 299 */ 300 (*vpp)->v_type = VNON; 301 ino = ip->i_number; /* Save this before vgone() invalidates ip. */ 302 vgone(*vpp); 303 vput(*vpp); 304 error = VFS_VGET(ap->a_dvp->v_mount, ino, LK_EXCLUSIVE, vpp); 305 if (error) { 306 *vpp = NULL; 307 return (error); 308 } 309 return (0); 310 } 311 312 /* 313 * Open called. 314 */ 315 /* ARGSUSED */ 316 static int 317 ufs_open(struct vop_open_args *ap) 318 { 319 struct vnode *vp = ap->a_vp; 320 struct inode *ip; 321 322 if (vp->v_type == VCHR || vp->v_type == VBLK) 323 return (EOPNOTSUPP); 324 325 ip = VTOI(vp); 326 vnode_create_vobject(vp, DIP(ip, i_size), ap->a_td); 327 if (vp->v_type == VREG && (vn_irflag_read(vp) & VIRF_PGREAD) == 0 && 328 ip->i_ump->um_bsize >= PAGE_SIZE) { 329 vn_irflag_set_cond(vp, VIRF_PGREAD); 330 } 331 332 /* 333 * Files marked append-only must be opened for appending. 334 */ 335 if ((ip->i_flags & APPEND) && 336 (ap->a_mode & (FWRITE | O_APPEND)) == FWRITE) 337 return (EPERM); 338 339 return (0); 340 } 341 342 /* 343 * Close called. 344 * 345 * Update the times on the inode. 346 */ 347 /* ARGSUSED */ 348 static int 349 ufs_close( 350 struct vop_close_args /* { 351 struct vnode *a_vp; 352 int a_fflag; 353 struct ucred *a_cred; 354 struct thread *a_td; 355 } */ *ap) 356 { 357 struct vnode *vp = ap->a_vp; 358 359 ufs_itimes(vp); 360 return (0); 361 } 362 363 static int 364 ufs_accessx( 365 struct vop_accessx_args /* { 366 struct vnode *a_vp; 367 accmode_t a_accmode; 368 struct ucred *a_cred; 369 struct thread *a_td; 370 } */ *ap) 371 { 372 struct vnode *vp = ap->a_vp; 373 struct inode *ip = VTOI(vp); 374 accmode_t accmode = ap->a_accmode; 375 int error; 376 #ifdef UFS_ACL 377 struct acl *acl; 378 acl_type_t type; 379 #endif 380 381 /* 382 * Disallow write attempts on read-only filesystems; 383 * unless the file is a socket, fifo, or a block or 384 * character device resident on the filesystem. 385 */ 386 if (accmode & VMODIFY_PERMS) { 387 switch (vp->v_type) { 388 case VDIR: 389 case VLNK: 390 case VREG: 391 if (vp->v_mount->mnt_flag & MNT_RDONLY) 392 return (EROFS); 393 #ifdef QUOTA 394 /* 395 * Inode is accounted in the quotas only if struct 396 * dquot is attached to it. VOP_ACCESS() is called 397 * from vn_open_cred() and provides a convenient 398 * point to call getinoquota(). The lock mode is 399 * exclusive when the file is opening for write. 400 */ 401 if (VOP_ISLOCKED(vp) == LK_EXCLUSIVE) { 402 error = getinoquota(ip); 403 if (error != 0) 404 return (error); 405 } 406 #endif 407 break; 408 default: 409 break; 410 } 411 } 412 413 /* 414 * If immutable bit set, nobody gets to write it. "& ~VADMIN_PERMS" 415 * permits the owner of the file to remove the IMMUTABLE flag. 416 */ 417 if ((accmode & (VMODIFY_PERMS & ~VADMIN_PERMS)) && 418 (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT))) 419 return (EPERM); 420 421 #ifdef UFS_ACL 422 if ((vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS)) != 0) { 423 if (vp->v_mount->mnt_flag & MNT_NFS4ACLS) 424 type = ACL_TYPE_NFS4; 425 else 426 type = ACL_TYPE_ACCESS; 427 428 acl = acl_alloc(M_WAITOK); 429 if (type == ACL_TYPE_NFS4) 430 error = ufs_getacl_nfs4_internal(vp, acl, ap->a_td); 431 else 432 error = VOP_GETACL(vp, type, acl, ap->a_cred, ap->a_td); 433 switch (error) { 434 case 0: 435 if (type == ACL_TYPE_NFS4) { 436 error = vaccess_acl_nfs4(vp->v_type, ip->i_uid, 437 ip->i_gid, acl, accmode, ap->a_cred); 438 } else { 439 error = vfs_unixify_accmode(&accmode); 440 if (error == 0) 441 error = vaccess_acl_posix1e(vp->v_type, ip->i_uid, 442 ip->i_gid, acl, accmode, ap->a_cred); 443 } 444 break; 445 default: 446 if (error != EOPNOTSUPP) 447 printf( 448 "ufs_accessx(): Error retrieving ACL on object (%d).\n", 449 error); 450 /* 451 * XXX: Fall back until debugged. Should 452 * eventually possibly log an error, and return 453 * EPERM for safety. 454 */ 455 error = vfs_unixify_accmode(&accmode); 456 if (error == 0) 457 error = vaccess(vp->v_type, ip->i_mode, 458 ip->i_uid, ip->i_gid, accmode, ap->a_cred); 459 } 460 acl_free(acl); 461 462 return (error); 463 } 464 #endif /* !UFS_ACL */ 465 error = vfs_unixify_accmode(&accmode); 466 if (error == 0) 467 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, ip->i_gid, 468 accmode, ap->a_cred); 469 return (error); 470 } 471 472 /* 473 * VOP_FPLOOKUP_VEXEC routines are subject to special circumstances, see 474 * the comment above cache_fplookup for details. 475 */ 476 int 477 ufs_fplookup_vexec( 478 struct vop_fplookup_vexec_args /* { 479 struct vnode *a_vp; 480 struct ucred *a_cred; 481 struct thread *a_td; 482 } */ *ap) 483 { 484 struct vnode *vp; 485 struct inode *ip; 486 struct ucred *cred; 487 mode_t all_x, mode; 488 489 vp = ap->a_vp; 490 ip = VTOI_SMR(vp); 491 if (__predict_false(ip == NULL)) 492 return (EAGAIN); 493 494 /* 495 * XXX ACL race 496 * 497 * ACLs are not supported and UFS clears/sets this flag on mount and 498 * remount. However, we may still be racing with seeing them and there 499 * is no provision to make sure they were accounted for. This matches 500 * the behavior of the locked case, since the lookup there is also 501 * racy: mount takes no measures to block anyone from progressing. 502 */ 503 all_x = S_IXUSR | S_IXGRP | S_IXOTH; 504 mode = atomic_load_short(&ip->i_mode); 505 if (__predict_true((mode & all_x) == all_x)) 506 return (0); 507 508 cred = ap->a_cred; 509 return (vaccess_vexec_smr(mode, ip->i_uid, ip->i_gid, cred)); 510 } 511 512 /* ARGSUSED */ 513 static int 514 ufs_stat(struct vop_stat_args *ap) 515 { 516 struct vnode *vp = ap->a_vp; 517 struct inode *ip = VTOI(vp); 518 struct stat *sb = ap->a_sb; 519 int error; 520 521 error = vop_stat_helper_pre(ap); 522 if (__predict_false(error)) 523 return (error); 524 525 VI_LOCK(vp); 526 ufs_itimes_locked(vp); 527 if (I_IS_UFS1(ip)) { 528 sb->st_atim.tv_sec = ip->i_din1->di_atime; 529 sb->st_atim.tv_nsec = ip->i_din1->di_atimensec; 530 } else { 531 sb->st_atim.tv_sec = ip->i_din2->di_atime; 532 sb->st_atim.tv_nsec = ip->i_din2->di_atimensec; 533 } 534 VI_UNLOCK(vp); 535 536 sb->st_dev = dev2udev(ITOUMP(ip)->um_dev); 537 sb->st_ino = ip->i_number; 538 sb->st_mode = (ip->i_mode & ~IFMT) | VTTOIF(vp->v_type); 539 sb->st_nlink = ip->i_effnlink; 540 sb->st_uid = ip->i_uid; 541 sb->st_gid = ip->i_gid; 542 if (I_IS_UFS1(ip)) { 543 sb->st_rdev = ip->i_din1->di_rdev; 544 sb->st_size = ip->i_din1->di_size; 545 sb->st_mtim.tv_sec = ip->i_din1->di_mtime; 546 sb->st_mtim.tv_nsec = ip->i_din1->di_mtimensec; 547 sb->st_ctim.tv_sec = ip->i_din1->di_ctime; 548 sb->st_ctim.tv_nsec = ip->i_din1->di_ctimensec; 549 sb->st_birthtim.tv_sec = -1; 550 sb->st_birthtim.tv_nsec = 0; 551 sb->st_blocks = dbtob((uint64_t)ip->i_din1->di_blocks) / S_BLKSIZE; 552 } else { 553 sb->st_rdev = ip->i_din2->di_rdev; 554 sb->st_size = ip->i_din2->di_size; 555 sb->st_mtim.tv_sec = ip->i_din2->di_mtime; 556 sb->st_mtim.tv_nsec = ip->i_din2->di_mtimensec; 557 sb->st_ctim.tv_sec = ip->i_din2->di_ctime; 558 sb->st_ctim.tv_nsec = ip->i_din2->di_ctimensec; 559 sb->st_birthtim.tv_sec = ip->i_din2->di_birthtime; 560 sb->st_birthtim.tv_nsec = ip->i_din2->di_birthnsec; 561 sb->st_blocks = dbtob((uint64_t)ip->i_din2->di_blocks) / S_BLKSIZE; 562 } 563 564 sb->st_blksize = max(PAGE_SIZE, vp->v_mount->mnt_stat.f_iosize); 565 sb->st_flags = ip->i_flags; 566 sb->st_gen = ip->i_gen; 567 568 return (vop_stat_helper_post(ap, error)); 569 } 570 571 /* ARGSUSED */ 572 static int 573 ufs_getattr( 574 struct vop_getattr_args /* { 575 struct vnode *a_vp; 576 struct vattr *a_vap; 577 struct ucred *a_cred; 578 } */ *ap) 579 { 580 struct vnode *vp = ap->a_vp; 581 struct inode *ip = VTOI(vp); 582 struct vattr *vap = ap->a_vap; 583 584 VI_LOCK(vp); 585 ufs_itimes_locked(vp); 586 if (I_IS_UFS1(ip)) { 587 vap->va_atime.tv_sec = ip->i_din1->di_atime; 588 vap->va_atime.tv_nsec = ip->i_din1->di_atimensec; 589 } else { 590 vap->va_atime.tv_sec = ip->i_din2->di_atime; 591 vap->va_atime.tv_nsec = ip->i_din2->di_atimensec; 592 } 593 VI_UNLOCK(vp); 594 /* 595 * Copy from inode table 596 */ 597 vap->va_fsid = dev2udev(ITOUMP(ip)->um_dev); 598 vap->va_fileid = ip->i_number; 599 vap->va_mode = ip->i_mode & ~IFMT; 600 vap->va_nlink = ip->i_effnlink; 601 vap->va_uid = ip->i_uid; 602 vap->va_gid = ip->i_gid; 603 if (I_IS_UFS1(ip)) { 604 vap->va_rdev = ip->i_din1->di_rdev; 605 vap->va_size = ip->i_din1->di_size; 606 vap->va_mtime.tv_sec = ip->i_din1->di_mtime; 607 vap->va_mtime.tv_nsec = ip->i_din1->di_mtimensec; 608 vap->va_ctime.tv_sec = ip->i_din1->di_ctime; 609 vap->va_ctime.tv_nsec = ip->i_din1->di_ctimensec; 610 vap->va_bytes = dbtob((uint64_t)ip->i_din1->di_blocks); 611 vap->va_filerev = ip->i_din1->di_modrev; 612 } else { 613 vap->va_rdev = ip->i_din2->di_rdev; 614 vap->va_size = ip->i_din2->di_size; 615 vap->va_mtime.tv_sec = ip->i_din2->di_mtime; 616 vap->va_mtime.tv_nsec = ip->i_din2->di_mtimensec; 617 vap->va_ctime.tv_sec = ip->i_din2->di_ctime; 618 vap->va_ctime.tv_nsec = ip->i_din2->di_ctimensec; 619 vap->va_birthtime.tv_sec = ip->i_din2->di_birthtime; 620 vap->va_birthtime.tv_nsec = ip->i_din2->di_birthnsec; 621 vap->va_bytes = dbtob((uint64_t)ip->i_din2->di_blocks); 622 vap->va_filerev = ip->i_din2->di_modrev; 623 } 624 vap->va_flags = ip->i_flags; 625 vap->va_gen = ip->i_gen; 626 vap->va_blocksize = vp->v_mount->mnt_stat.f_iosize; 627 vap->va_type = IFTOVT(ip->i_mode); 628 return (0); 629 } 630 631 /* 632 * Set attribute vnode op. called from several syscalls 633 */ 634 static int 635 ufs_setattr( 636 struct vop_setattr_args /* { 637 struct vnode *a_vp; 638 struct vattr *a_vap; 639 struct ucred *a_cred; 640 } */ *ap) 641 { 642 struct vattr *vap = ap->a_vap; 643 struct vnode *vp = ap->a_vp; 644 struct inode *ip = VTOI(vp); 645 struct ucred *cred = ap->a_cred; 646 struct thread *td = curthread; 647 int error; 648 649 /* 650 * Check for unsettable attributes. 651 */ 652 if ((vap->va_type != VNON) || (vap->va_nlink != VNOVAL) || 653 (vap->va_fsid != VNOVAL) || (vap->va_fileid != VNOVAL) || 654 (vap->va_blocksize != VNOVAL) || (vap->va_rdev != VNOVAL) || 655 ((int)vap->va_bytes != VNOVAL) || (vap->va_gen != VNOVAL)) { 656 return (EINVAL); 657 } 658 if (vap->va_flags != VNOVAL) { 659 if ((vap->va_flags & ~(SF_APPEND | SF_ARCHIVED | SF_IMMUTABLE | 660 SF_NOUNLINK | SF_SNAPSHOT | UF_APPEND | UF_ARCHIVE | 661 UF_HIDDEN | UF_IMMUTABLE | UF_NODUMP | UF_NOUNLINK | 662 UF_OFFLINE | UF_OPAQUE | UF_READONLY | UF_REPARSE | 663 UF_SPARSE | UF_SYSTEM)) != 0) 664 return (EOPNOTSUPP); 665 if (vp->v_mount->mnt_flag & MNT_RDONLY) 666 return (EROFS); 667 /* 668 * Callers may only modify the file flags on objects they 669 * have VADMIN rights for. 670 */ 671 if ((error = VOP_ACCESS(vp, VADMIN, cred, td))) 672 return (error); 673 /* 674 * Unprivileged processes are not permitted to unset system 675 * flags, or modify flags if any system flags are set. 676 * Privileged non-jail processes may not modify system flags 677 * if securelevel > 0 and any existing system flags are set. 678 * Privileged jail processes behave like privileged non-jail 679 * processes if the PR_ALLOW_CHFLAGS permission bit is set; 680 * otherwise, they behave like unprivileged processes. 681 */ 682 if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS)) { 683 if (ip->i_flags & 684 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) { 685 error = securelevel_gt(cred, 0); 686 if (error) 687 return (error); 688 } 689 /* The snapshot flag cannot be toggled. */ 690 if ((vap->va_flags ^ ip->i_flags) & SF_SNAPSHOT) 691 return (EPERM); 692 } else { 693 if (ip->i_flags & 694 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND) || 695 ((vap->va_flags ^ ip->i_flags) & SF_SETTABLE)) 696 return (EPERM); 697 } 698 ip->i_flags = vap->va_flags; 699 DIP_SET(ip, i_flags, vap->va_flags); 700 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 701 error = UFS_UPDATE(vp, 0); 702 if (ip->i_flags & (IMMUTABLE | APPEND)) 703 return (error); 704 } 705 /* 706 * If immutable or append, no one can change any of its attributes 707 * except the ones already handled (in some cases, file flags 708 * including the immutability flags themselves for the superuser). 709 */ 710 if (ip->i_flags & (IMMUTABLE | APPEND)) 711 return (EPERM); 712 /* 713 * Go through the fields and update iff not VNOVAL. 714 */ 715 if (vap->va_uid != (uid_t)VNOVAL || vap->va_gid != (gid_t)VNOVAL) { 716 if (vp->v_mount->mnt_flag & MNT_RDONLY) 717 return (EROFS); 718 if ((error = ufs_chown(vp, vap->va_uid, vap->va_gid, cred, 719 td)) != 0) 720 return (error); 721 } 722 if (vap->va_size != VNOVAL) { 723 /* 724 * XXX most of the following special cases should be in 725 * callers instead of in N filesystems. The VDIR check 726 * mostly already is. 727 */ 728 switch (vp->v_type) { 729 case VDIR: 730 return (EISDIR); 731 case VLNK: 732 case VREG: 733 /* 734 * Truncation should have an effect in these cases. 735 * Disallow it if the filesystem is read-only or 736 * the file is being snapshotted. 737 */ 738 if (vp->v_mount->mnt_flag & MNT_RDONLY) 739 return (EROFS); 740 if (IS_SNAPSHOT(ip)) 741 return (EPERM); 742 break; 743 default: 744 /* 745 * According to POSIX, the result is unspecified 746 * for file types other than regular files, 747 * directories and shared memory objects. We 748 * don't support shared memory objects in the file 749 * system, and have dubious support for truncating 750 * symlinks. Just ignore the request in other cases. 751 */ 752 return (0); 753 } 754 error = vn_rlimit_trunc(vap->va_size, td); 755 if (error != 0) 756 return (error); 757 if ((error = UFS_TRUNCATE(vp, vap->va_size, IO_NORMAL | 758 ((vap->va_vaflags & VA_SYNC) != 0 ? IO_SYNC : 0), 759 cred)) != 0) 760 return (error); 761 } 762 if (vap->va_atime.tv_sec != VNOVAL || 763 vap->va_mtime.tv_sec != VNOVAL || 764 vap->va_birthtime.tv_sec != VNOVAL) { 765 if (vp->v_mount->mnt_flag & MNT_RDONLY) 766 return (EROFS); 767 if (IS_SNAPSHOT(ip)) 768 return (EPERM); 769 error = vn_utimes_perm(vp, vap, cred, td); 770 if (error != 0) 771 return (error); 772 UFS_INODE_SET_FLAG(ip, IN_CHANGE | IN_MODIFIED); 773 if (vap->va_atime.tv_sec != VNOVAL) { 774 ip->i_flag &= ~IN_ACCESS; 775 DIP_SET(ip, i_atime, vap->va_atime.tv_sec); 776 DIP_SET(ip, i_atimensec, vap->va_atime.tv_nsec); 777 } 778 if (vap->va_mtime.tv_sec != VNOVAL) { 779 ip->i_flag &= ~IN_UPDATE; 780 DIP_SET(ip, i_mtime, vap->va_mtime.tv_sec); 781 DIP_SET(ip, i_mtimensec, vap->va_mtime.tv_nsec); 782 } 783 if (vap->va_birthtime.tv_sec != VNOVAL && I_IS_UFS2(ip)) { 784 ip->i_din2->di_birthtime = vap->va_birthtime.tv_sec; 785 ip->i_din2->di_birthnsec = vap->va_birthtime.tv_nsec; 786 } 787 error = UFS_UPDATE(vp, 0); 788 if (error) 789 return (error); 790 } 791 error = 0; 792 if (vap->va_mode != (mode_t)VNOVAL) { 793 if (vp->v_mount->mnt_flag & MNT_RDONLY) 794 return (EROFS); 795 if (IS_SNAPSHOT(ip) && (vap->va_mode & (S_IXUSR | S_IWUSR | 796 S_IXGRP | S_IWGRP | S_IXOTH | S_IWOTH)) != 0) 797 return (EPERM); 798 error = ufs_chmod(vp, (int)vap->va_mode, cred, td); 799 } 800 return (error); 801 } 802 803 #ifdef UFS_ACL 804 static int 805 ufs_update_nfs4_acl_after_mode_change(struct vnode *vp, int mode, 806 int file_owner_id, struct ucred *cred, struct thread *td) 807 { 808 int error; 809 struct acl *aclp; 810 811 aclp = acl_alloc(M_WAITOK); 812 error = ufs_getacl_nfs4_internal(vp, aclp, td); 813 /* 814 * We don't have to handle EOPNOTSUPP here, as the filesystem claims 815 * it supports ACLs. 816 */ 817 if (error) 818 goto out; 819 820 acl_nfs4_sync_acl_from_mode(aclp, mode, file_owner_id); 821 error = ufs_setacl_nfs4_internal(vp, aclp, td); 822 823 out: 824 acl_free(aclp); 825 return (error); 826 } 827 #endif /* UFS_ACL */ 828 829 static int 830 ufs_mmapped( 831 struct vop_mmapped_args /* { 832 struct vnode *a_vp; 833 } */ *ap) 834 { 835 struct vnode *vp; 836 struct inode *ip; 837 struct mount *mp; 838 839 vp = ap->a_vp; 840 ip = VTOI(vp); 841 mp = vp->v_mount; 842 843 if ((mp->mnt_flag & (MNT_NOATIME | MNT_RDONLY)) == 0) 844 UFS_INODE_SET_FLAG_SHARED(ip, IN_ACCESS); 845 /* 846 * XXXKIB No UFS_UPDATE(ap->a_vp, 0) there. 847 */ 848 return (0); 849 } 850 851 /* 852 * Change the mode on a file. 853 * Inode must be locked before calling. 854 */ 855 static int 856 ufs_chmod(struct vnode *vp, int mode, struct ucred *cred, struct thread *td) 857 { 858 struct inode *ip = VTOI(vp); 859 int newmode, error; 860 861 /* 862 * To modify the permissions on a file, must possess VADMIN 863 * for that file. 864 */ 865 if ((error = VOP_ACCESSX(vp, VWRITE_ACL, cred, td))) 866 return (error); 867 /* 868 * Privileged processes may set the sticky bit on non-directories, 869 * as well as set the setgid bit on a file with a group that the 870 * process is not a member of. Both of these are allowed in 871 * jail(8). 872 */ 873 if (vp->v_type != VDIR && (mode & S_ISTXT)) { 874 if (priv_check_cred(cred, PRIV_VFS_STICKYFILE)) 875 return (EFTYPE); 876 } 877 if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) { 878 error = priv_check_cred(cred, PRIV_VFS_SETGID); 879 if (error) 880 return (error); 881 } 882 883 /* 884 * Deny setting setuid if we are not the file owner. 885 */ 886 if ((mode & ISUID) && ip->i_uid != cred->cr_uid) { 887 error = priv_check_cred(cred, PRIV_VFS_ADMIN); 888 if (error) 889 return (error); 890 } 891 892 newmode = ip->i_mode & ~ALLPERMS; 893 newmode |= (mode & ALLPERMS); 894 UFS_INODE_SET_MODE(ip, newmode); 895 DIP_SET(ip, i_mode, ip->i_mode); 896 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 897 #ifdef UFS_ACL 898 if ((vp->v_mount->mnt_flag & MNT_NFS4ACLS) != 0) 899 error = ufs_update_nfs4_acl_after_mode_change(vp, mode, ip->i_uid, cred, td); 900 #endif 901 if (error == 0 && (ip->i_flag & IN_CHANGE) != 0) 902 error = UFS_UPDATE(vp, 0); 903 904 return (error); 905 } 906 907 /* 908 * Perform chown operation on inode ip; 909 * inode must be locked prior to call. 910 */ 911 static int 912 ufs_chown(struct vnode *vp, uid_t uid, gid_t gid, struct ucred *cred, 913 struct thread *td) 914 { 915 struct inode *ip = VTOI(vp); 916 uid_t ouid; 917 gid_t ogid; 918 int error = 0; 919 #ifdef QUOTA 920 int i; 921 ufs2_daddr_t change; 922 #endif 923 924 if (uid == (uid_t)VNOVAL) 925 uid = ip->i_uid; 926 if (gid == (gid_t)VNOVAL) 927 gid = ip->i_gid; 928 /* 929 * To modify the ownership of a file, must possess VADMIN for that 930 * file. 931 */ 932 if ((error = VOP_ACCESSX(vp, VWRITE_OWNER, cred, td))) 933 return (error); 934 /* 935 * To change the owner of a file, or change the group of a file to a 936 * group of which we are not a member, the caller must have 937 * privilege. 938 */ 939 if (((uid != ip->i_uid && uid != cred->cr_uid) || 940 (gid != ip->i_gid && !groupmember(gid, cred))) && 941 (error = priv_check_cred(cred, PRIV_VFS_CHOWN))) 942 return (error); 943 ogid = ip->i_gid; 944 ouid = ip->i_uid; 945 #ifdef QUOTA 946 if ((error = getinoquota(ip)) != 0) 947 return (error); 948 if (ouid == uid) { 949 dqrele(vp, ip->i_dquot[USRQUOTA]); 950 ip->i_dquot[USRQUOTA] = NODQUOT; 951 } 952 if (ogid == gid) { 953 dqrele(vp, ip->i_dquot[GRPQUOTA]); 954 ip->i_dquot[GRPQUOTA] = NODQUOT; 955 } 956 change = DIP(ip, i_blocks); 957 (void) chkdq(ip, -change, cred, CHOWN|FORCE); 958 (void) chkiq(ip, -1, cred, CHOWN|FORCE); 959 for (i = 0; i < MAXQUOTAS; i++) { 960 dqrele(vp, ip->i_dquot[i]); 961 ip->i_dquot[i] = NODQUOT; 962 } 963 #endif 964 ip->i_gid = gid; 965 DIP_SET(ip, i_gid, gid); 966 ip->i_uid = uid; 967 DIP_SET(ip, i_uid, uid); 968 #ifdef QUOTA 969 if ((error = getinoquota(ip)) == 0) { 970 if (ouid == uid) { 971 dqrele(vp, ip->i_dquot[USRQUOTA]); 972 ip->i_dquot[USRQUOTA] = NODQUOT; 973 } 974 if (ogid == gid) { 975 dqrele(vp, ip->i_dquot[GRPQUOTA]); 976 ip->i_dquot[GRPQUOTA] = NODQUOT; 977 } 978 if ((error = chkdq(ip, change, cred, CHOWN)) == 0) { 979 if ((error = chkiq(ip, 1, cred, CHOWN)) == 0) 980 goto good; 981 else 982 (void) chkdq(ip, -change, cred, CHOWN|FORCE); 983 } 984 for (i = 0; i < MAXQUOTAS; i++) { 985 dqrele(vp, ip->i_dquot[i]); 986 ip->i_dquot[i] = NODQUOT; 987 } 988 } 989 ip->i_gid = ogid; 990 DIP_SET(ip, i_gid, ogid); 991 ip->i_uid = ouid; 992 DIP_SET(ip, i_uid, ouid); 993 if (getinoquota(ip) == 0) { 994 if (ouid == uid) { 995 dqrele(vp, ip->i_dquot[USRQUOTA]); 996 ip->i_dquot[USRQUOTA] = NODQUOT; 997 } 998 if (ogid == gid) { 999 dqrele(vp, ip->i_dquot[GRPQUOTA]); 1000 ip->i_dquot[GRPQUOTA] = NODQUOT; 1001 } 1002 (void) chkdq(ip, change, cred, FORCE|CHOWN); 1003 (void) chkiq(ip, 1, cred, FORCE|CHOWN); 1004 (void) getinoquota(ip); 1005 } 1006 return (error); 1007 good: 1008 if (getinoquota(ip)) 1009 panic("ufs_chown: lost quota"); 1010 #endif /* QUOTA */ 1011 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 1012 if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) { 1013 if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID)) { 1014 UFS_INODE_SET_MODE(ip, ip->i_mode & ~(ISUID | ISGID)); 1015 DIP_SET(ip, i_mode, ip->i_mode); 1016 } 1017 } 1018 error = UFS_UPDATE(vp, 0); 1019 return (error); 1020 } 1021 1022 static int 1023 ufs_remove( 1024 struct vop_remove_args /* { 1025 struct vnode *a_dvp; 1026 struct vnode *a_vp; 1027 struct componentname *a_cnp; 1028 } */ *ap) 1029 { 1030 struct inode *ip; 1031 struct vnode *vp = ap->a_vp; 1032 struct vnode *dvp = ap->a_dvp; 1033 int error; 1034 struct thread *td; 1035 1036 td = curthread; 1037 ip = VTOI(vp); 1038 if ((ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) || 1039 (VTOI(dvp)->i_flags & APPEND)) 1040 return (EPERM); 1041 if (DOINGSUJ(dvp)) { 1042 error = softdep_prelink(dvp, vp, ap->a_cnp); 1043 if (error != 0) { 1044 MPASS(error == ERELOOKUP); 1045 return (error); 1046 } 1047 } 1048 1049 #ifdef UFS_GJOURNAL 1050 ufs_gjournal_orphan(vp); 1051 #endif 1052 error = ufs_dirremove(dvp, ip, ap->a_cnp->cn_flags, 0); 1053 if (ip->i_nlink <= 0) 1054 vp->v_vflag |= VV_NOSYNC; 1055 if (IS_SNAPSHOT(ip)) { 1056 /* 1057 * Avoid deadlock where another thread is trying to 1058 * update the inodeblock for dvp and is waiting on 1059 * snaplk. Temporary unlock the vnode lock for the 1060 * unlinked file and sync the directory. This should 1061 * allow vput() of the directory to not block later on 1062 * while holding the snapshot vnode locked, assuming 1063 * that the directory hasn't been unlinked too. 1064 */ 1065 VOP_UNLOCK(vp); 1066 (void) VOP_FSYNC(dvp, MNT_WAIT, td); 1067 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 1068 } 1069 return (error); 1070 } 1071 1072 static void 1073 print_bad_link_count(const char *funcname, struct vnode *dvp) 1074 { 1075 struct inode *dip; 1076 1077 dip = VTOI(dvp); 1078 uprintf("%s: Bad link count %d on parent inode %jd in file system %s\n", 1079 funcname, dip->i_effnlink, (intmax_t)dip->i_number, 1080 dvp->v_mount->mnt_stat.f_mntonname); 1081 } 1082 1083 /* 1084 * link vnode call 1085 */ 1086 static int 1087 ufs_link( 1088 struct vop_link_args /* { 1089 struct vnode *a_tdvp; 1090 struct vnode *a_vp; 1091 struct componentname *a_cnp; 1092 } */ *ap) 1093 { 1094 struct vnode *vp = ap->a_vp; 1095 struct vnode *tdvp = ap->a_tdvp; 1096 struct componentname *cnp = ap->a_cnp; 1097 struct inode *ip; 1098 struct direct newdir; 1099 int error; 1100 1101 if (DOINGSUJ(tdvp)) { 1102 error = softdep_prelink(tdvp, vp, cnp); 1103 if (error != 0) { 1104 MPASS(error == ERELOOKUP); 1105 return (error); 1106 } 1107 } 1108 1109 if (VTOI(tdvp)->i_effnlink < 2) { 1110 print_bad_link_count("ufs_link", tdvp); 1111 error = EINVAL; 1112 goto out; 1113 } 1114 error = ufs_sync_nlink(vp, tdvp); 1115 if (error != 0) 1116 goto out; 1117 ip = VTOI(vp); 1118 1119 /* 1120 * The file may have been removed after namei dropped the original 1121 * lock. 1122 */ 1123 if (ip->i_effnlink == 0) { 1124 error = ENOENT; 1125 goto out; 1126 } 1127 if (ip->i_flags & (IMMUTABLE | APPEND)) { 1128 error = EPERM; 1129 goto out; 1130 } 1131 1132 ip->i_effnlink++; 1133 ip->i_nlink++; 1134 DIP_SET_NLINK(ip, ip->i_nlink); 1135 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 1136 if (DOINGSOFTDEP(vp)) 1137 softdep_setup_link(VTOI(tdvp), ip); 1138 error = UFS_UPDATE(vp, !DOINGSOFTDEP(vp) && !DOINGASYNC(vp)); 1139 if (!error) { 1140 ufs_makedirentry(ip, cnp, &newdir); 1141 error = ufs_direnter(tdvp, vp, &newdir, cnp, NULL); 1142 } 1143 1144 if (error) { 1145 ip->i_effnlink--; 1146 ip->i_nlink--; 1147 DIP_SET_NLINK(ip, ip->i_nlink); 1148 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 1149 if (DOINGSOFTDEP(vp)) 1150 softdep_revert_link(VTOI(tdvp), ip); 1151 } 1152 out: 1153 return (error); 1154 } 1155 1156 /* 1157 * whiteout vnode call 1158 */ 1159 static int 1160 ufs_whiteout( 1161 struct vop_whiteout_args /* { 1162 struct vnode *a_dvp; 1163 struct componentname *a_cnp; 1164 int a_flags; 1165 } */ *ap) 1166 { 1167 struct vnode *dvp = ap->a_dvp; 1168 struct componentname *cnp = ap->a_cnp; 1169 struct direct newdir; 1170 int error = 0; 1171 1172 if (DOINGSUJ(dvp) && (ap->a_flags == CREATE || 1173 ap->a_flags == DELETE)) { 1174 error = softdep_prelink(dvp, NULL, cnp); 1175 if (error != 0) { 1176 MPASS(error == ERELOOKUP); 1177 return (error); 1178 } 1179 } 1180 1181 switch (ap->a_flags) { 1182 case LOOKUP: 1183 /* 4.4 format directories support whiteout operations */ 1184 if (!OFSFMT(dvp)) 1185 return (0); 1186 return (EOPNOTSUPP); 1187 1188 case CREATE: 1189 /* create a new directory whiteout */ 1190 #ifdef INVARIANTS 1191 if (OFSFMT(dvp)) 1192 panic("ufs_whiteout: old format filesystem"); 1193 #endif 1194 1195 newdir.d_ino = UFS_WINO; 1196 newdir.d_namlen = cnp->cn_namelen; 1197 bcopy(cnp->cn_nameptr, newdir.d_name, (unsigned)cnp->cn_namelen + 1); 1198 newdir.d_type = DT_WHT; 1199 error = ufs_direnter(dvp, NULL, &newdir, cnp, NULL); 1200 break; 1201 1202 case DELETE: 1203 /* remove an existing directory whiteout */ 1204 #ifdef INVARIANTS 1205 if (OFSFMT(dvp)) 1206 panic("ufs_whiteout: old format filesystem"); 1207 #endif 1208 1209 cnp->cn_flags &= ~DOWHITEOUT; 1210 error = ufs_dirremove(dvp, NULL, cnp->cn_flags, 0); 1211 break; 1212 default: 1213 panic("ufs_whiteout: unknown op"); 1214 } 1215 return (error); 1216 } 1217 1218 static volatile int rename_restarts; 1219 SYSCTL_INT(_vfs_ufs, OID_AUTO, rename_restarts, CTLFLAG_RD, 1220 __DEVOLATILE(int *, &rename_restarts), 0, 1221 "Times rename had to restart due to lock contention"); 1222 1223 /* 1224 * Rename system call. 1225 * rename("foo", "bar"); 1226 * is essentially 1227 * unlink("bar"); 1228 * link("foo", "bar"); 1229 * unlink("foo"); 1230 * but ``atomically''. Can't do full commit without saving state in the 1231 * inode on disk which isn't feasible at this time. Best we can do is 1232 * always guarantee the target exists. 1233 * 1234 * Basic algorithm is: 1235 * 1236 * 1) Bump link count on source while we're linking it to the 1237 * target. This also ensure the inode won't be deleted out 1238 * from underneath us while we work (it may be truncated by 1239 * a concurrent `trunc' or `open' for creation). 1240 * 2) Link source to destination. If destination already exists, 1241 * delete it first. 1242 * 3) Unlink source reference to inode if still around. If a 1243 * directory was moved and the parent of the destination 1244 * is different from the source, patch the ".." entry in the 1245 * directory. 1246 */ 1247 static int 1248 ufs_rename( 1249 struct vop_rename_args /* { 1250 struct vnode *a_fdvp; 1251 struct vnode *a_fvp; 1252 struct componentname *a_fcnp; 1253 struct vnode *a_tdvp; 1254 struct vnode *a_tvp; 1255 struct componentname *a_tcnp; 1256 } */ *ap) 1257 { 1258 struct vnode *tvp = ap->a_tvp; 1259 struct vnode *tdvp = ap->a_tdvp; 1260 struct vnode *fvp = ap->a_fvp; 1261 struct vnode *fdvp = ap->a_fdvp; 1262 struct vnode *nvp; 1263 struct componentname *tcnp = ap->a_tcnp; 1264 struct componentname *fcnp = ap->a_fcnp; 1265 struct thread *td = curthread; 1266 struct inode *fip, *tip, *tdp, *fdp; 1267 struct direct newdir; 1268 off_t endoff; 1269 int doingdirectory, newparent; 1270 int error = 0; 1271 struct mount *mp; 1272 ino_t ino; 1273 seqc_t fdvp_s, fvp_s, tdvp_s, tvp_s; 1274 bool checkpath_locked, want_seqc_end; 1275 1276 checkpath_locked = want_seqc_end = false; 1277 1278 endoff = 0; 1279 mp = tdvp->v_mount; 1280 VOP_UNLOCK(tdvp); 1281 if (tvp && tvp != tdvp) 1282 VOP_UNLOCK(tvp); 1283 /* 1284 * Check for cross-device rename. 1285 */ 1286 if ((fvp->v_mount != tdvp->v_mount) || 1287 (tvp && (fvp->v_mount != tvp->v_mount))) { 1288 error = EXDEV; 1289 mp = NULL; 1290 goto releout; 1291 } 1292 1293 fdvp_s = fvp_s = tdvp_s = tvp_s = SEQC_MOD; 1294 relock: 1295 /* 1296 * We need to acquire 2 to 4 locks depending on whether tvp is NULL 1297 * and fdvp and tdvp are the same directory. Subsequently we need 1298 * to double-check all paths and in the directory rename case we 1299 * need to verify that we are not creating a directory loop. To 1300 * handle this we acquire all but fdvp using non-blocking 1301 * acquisitions. If we fail to acquire any lock in the path we will 1302 * drop all held locks, acquire the new lock in a blocking fashion, 1303 * and then release it and restart the rename. This acquire/release 1304 * step ensures that we do not spin on a lock waiting for release. 1305 */ 1306 error = vn_lock(fdvp, LK_EXCLUSIVE); 1307 if (error) 1308 goto releout; 1309 if (vn_lock(tdvp, LK_EXCLUSIVE | LK_NOWAIT) != 0) { 1310 VOP_UNLOCK(fdvp); 1311 error = vn_lock(tdvp, LK_EXCLUSIVE); 1312 if (error) 1313 goto releout; 1314 VOP_UNLOCK(tdvp); 1315 atomic_add_int(&rename_restarts, 1); 1316 goto relock; 1317 } 1318 /* 1319 * Re-resolve fvp to be certain it still exists and fetch the 1320 * correct vnode. 1321 */ 1322 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino); 1323 if (error) { 1324 VOP_UNLOCK(fdvp); 1325 VOP_UNLOCK(tdvp); 1326 goto releout; 1327 } 1328 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp); 1329 if (error) { 1330 VOP_UNLOCK(fdvp); 1331 VOP_UNLOCK(tdvp); 1332 if (error != EBUSY) 1333 goto releout; 1334 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp); 1335 if (error != 0) 1336 goto releout; 1337 VOP_UNLOCK(nvp); 1338 vrele(fvp); 1339 fvp = nvp; 1340 atomic_add_int(&rename_restarts, 1); 1341 goto relock; 1342 } 1343 vrele(fvp); 1344 fvp = nvp; 1345 /* 1346 * Re-resolve tvp and acquire the vnode lock if present. 1347 */ 1348 error = ufs_lookup_ino(tdvp, NULL, tcnp, &ino); 1349 if (error != 0 && error != EJUSTRETURN) { 1350 VOP_UNLOCK(fdvp); 1351 VOP_UNLOCK(tdvp); 1352 VOP_UNLOCK(fvp); 1353 goto releout; 1354 } 1355 /* 1356 * If tvp disappeared we just carry on. 1357 */ 1358 if (error == EJUSTRETURN && tvp != NULL) { 1359 vrele(tvp); 1360 tvp = NULL; 1361 } 1362 /* 1363 * Get the tvp ino if the lookup succeeded. We may have to restart 1364 * if the non-blocking acquire fails. 1365 */ 1366 if (error == 0) { 1367 nvp = NULL; 1368 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp); 1369 if (tvp) 1370 vrele(tvp); 1371 tvp = nvp; 1372 if (error) { 1373 VOP_UNLOCK(fdvp); 1374 VOP_UNLOCK(tdvp); 1375 VOP_UNLOCK(fvp); 1376 if (error != EBUSY) 1377 goto releout; 1378 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp); 1379 if (error != 0) 1380 goto releout; 1381 vput(nvp); 1382 atomic_add_int(&rename_restarts, 1); 1383 goto relock; 1384 } 1385 } 1386 1387 if (DOINGSUJ(fdvp) && 1388 (seqc_in_modify(fdvp_s) || !vn_seqc_consistent(fdvp, fdvp_s) || 1389 seqc_in_modify(fvp_s) || !vn_seqc_consistent(fvp, fvp_s) || 1390 seqc_in_modify(tdvp_s) || !vn_seqc_consistent(tdvp, tdvp_s) || 1391 (tvp != NULL && (seqc_in_modify(tvp_s) || 1392 !vn_seqc_consistent(tvp, tvp_s))))) { 1393 error = softdep_prerename(fdvp, fvp, tdvp, tvp); 1394 if (error != 0) 1395 goto releout; 1396 } 1397 1398 fdp = VTOI(fdvp); 1399 fip = VTOI(fvp); 1400 tdp = VTOI(tdvp); 1401 tip = NULL; 1402 if (tvp) 1403 tip = VTOI(tvp); 1404 if (tvp && ((VTOI(tvp)->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) || 1405 (VTOI(tdvp)->i_flags & APPEND))) { 1406 error = EPERM; 1407 goto unlockout; 1408 } 1409 /* 1410 * Renaming a file to itself has no effect. The upper layers should 1411 * not call us in that case. However, things could change after 1412 * we drop the locks above. 1413 */ 1414 if (fvp == tvp) { 1415 error = 0; 1416 goto unlockout; 1417 } 1418 doingdirectory = 0; 1419 newparent = 0; 1420 ino = fip->i_number; 1421 if (fip->i_nlink >= UFS_LINK_MAX) { 1422 if (!DOINGSOFTDEP(fvp) || fip->i_effnlink >= UFS_LINK_MAX) { 1423 error = EMLINK; 1424 goto unlockout; 1425 } 1426 vfs_ref(mp); 1427 MPASS(!want_seqc_end); 1428 if (checkpath_locked) { 1429 sx_xunlock(&VFSTOUFS(mp)->um_checkpath_lock); 1430 checkpath_locked = false; 1431 } 1432 VOP_UNLOCK(fdvp); 1433 VOP_UNLOCK(fvp); 1434 vref(tdvp); 1435 if (tvp != NULL) 1436 vref(tvp); 1437 VOP_VPUT_PAIR(tdvp, &tvp, true); 1438 error = ufs_sync_nlink1(mp); 1439 vrele(fdvp); 1440 vrele(fvp); 1441 vrele(tdvp); 1442 if (tvp != NULL) 1443 vrele(tvp); 1444 return (error); 1445 } 1446 if ((fip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) 1447 || (fdp->i_flags & APPEND)) { 1448 error = EPERM; 1449 goto unlockout; 1450 } 1451 if ((fip->i_mode & IFMT) == IFDIR) { 1452 /* 1453 * Avoid ".", "..", and aliases of "." for obvious reasons. 1454 */ 1455 if ((fcnp->cn_namelen == 1 && fcnp->cn_nameptr[0] == '.') || 1456 fdp == fip || 1457 (fcnp->cn_flags | tcnp->cn_flags) & ISDOTDOT) { 1458 error = EINVAL; 1459 goto unlockout; 1460 } 1461 if (fdp->i_number != tdp->i_number) 1462 newparent = tdp->i_number; 1463 doingdirectory = 1; 1464 } 1465 if ((fvp->v_type == VDIR && fvp->v_mountedhere != NULL) || 1466 (tvp != NULL && tvp->v_type == VDIR && 1467 tvp->v_mountedhere != NULL)) { 1468 error = EXDEV; 1469 goto unlockout; 1470 } 1471 1472 /* 1473 * If ".." must be changed (ie the directory gets a new 1474 * parent) then the source directory must not be in the 1475 * directory hierarchy above the target, as this would 1476 * orphan everything below the source directory. Also 1477 * the user must have write permission in the source so 1478 * as to be able to change "..". 1479 */ 1480 if (doingdirectory && newparent) { 1481 error = VOP_ACCESS(fvp, VWRITE, tcnp->cn_cred, curthread); 1482 if (error) 1483 goto unlockout; 1484 1485 sx_xlock(&VFSTOUFS(mp)->um_checkpath_lock); 1486 checkpath_locked = true; 1487 error = ufs_checkpath(ino, fdp->i_number, tdp, tcnp->cn_cred, 1488 &ino); 1489 /* 1490 * We encountered a lock that we have to wait for. Unlock 1491 * everything else and VGET before restarting. 1492 */ 1493 if (ino) { 1494 sx_xunlock(&VFSTOUFS(mp)->um_checkpath_lock); 1495 checkpath_locked = false; 1496 VOP_UNLOCK(fdvp); 1497 VOP_UNLOCK(fvp); 1498 VOP_UNLOCK(tdvp); 1499 if (tvp) 1500 VOP_UNLOCK(tvp); 1501 error = VFS_VGET(mp, ino, LK_SHARED, &nvp); 1502 if (error == 0) 1503 vput(nvp); 1504 atomic_add_int(&rename_restarts, 1); 1505 goto relock; 1506 } 1507 if (error) 1508 goto unlockout; 1509 } 1510 if (fip->i_effnlink == 0 || fdp->i_effnlink == 0 || 1511 tdp->i_effnlink == 0) 1512 panic("Bad effnlink fip %p, fdp %p, tdp %p", fip, fdp, tdp); 1513 1514 if (tvp != NULL) 1515 vn_seqc_write_begin(tvp); 1516 vn_seqc_write_begin(tdvp); 1517 vn_seqc_write_begin(fvp); 1518 vn_seqc_write_begin(fdvp); 1519 want_seqc_end = true; 1520 1521 /* 1522 * 1) Bump link count while we're moving stuff 1523 * around. If we crash somewhere before 1524 * completing our work, the link count 1525 * may be wrong, but correctable. 1526 */ 1527 fip->i_effnlink++; 1528 fip->i_nlink++; 1529 DIP_SET_NLINK(fip, fip->i_nlink); 1530 UFS_INODE_SET_FLAG(fip, IN_CHANGE); 1531 if (DOINGSOFTDEP(fvp)) 1532 softdep_setup_link(tdp, fip); 1533 error = UFS_UPDATE(fvp, !DOINGSOFTDEP(fvp) && !DOINGASYNC(fvp)); 1534 if (error) 1535 goto bad; 1536 1537 /* 1538 * 2) If target doesn't exist, link the target 1539 * to the source and unlink the source. 1540 * Otherwise, rewrite the target directory 1541 * entry to reference the source inode and 1542 * expunge the original entry's existence. 1543 */ 1544 if (tip == NULL) { 1545 if (ITODEV(tdp) != ITODEV(fip)) 1546 panic("ufs_rename: EXDEV"); 1547 if (doingdirectory && newparent) { 1548 /* 1549 * Account for ".." in new directory. 1550 * When source and destination have the same 1551 * parent we don't adjust the link count. The 1552 * actual link modification is completed when 1553 * .. is rewritten below. 1554 */ 1555 if (tdp->i_nlink >= UFS_LINK_MAX) { 1556 fip->i_effnlink--; 1557 fip->i_nlink--; 1558 DIP_SET_NLINK(fip, fip->i_nlink); 1559 UFS_INODE_SET_FLAG(fip, IN_CHANGE); 1560 if (DOINGSOFTDEP(fvp)) 1561 softdep_revert_link(tdp, fip); 1562 if (!DOINGSOFTDEP(tdvp) || 1563 tdp->i_effnlink >= UFS_LINK_MAX) { 1564 error = EMLINK; 1565 goto unlockout; 1566 } 1567 MPASS(want_seqc_end); 1568 if (tvp != NULL) 1569 vn_seqc_write_end(tvp); 1570 vn_seqc_write_end(tdvp); 1571 vn_seqc_write_end(fvp); 1572 vn_seqc_write_end(fdvp); 1573 want_seqc_end = false; 1574 vfs_ref(mp); 1575 MPASS(checkpath_locked); 1576 sx_xunlock(&VFSTOUFS(mp)->um_checkpath_lock); 1577 checkpath_locked = false; 1578 VOP_UNLOCK(fdvp); 1579 VOP_UNLOCK(fvp); 1580 vref(tdvp); 1581 if (tvp != NULL) 1582 vref(tvp); 1583 VOP_VPUT_PAIR(tdvp, &tvp, true); 1584 error = ufs_sync_nlink1(mp); 1585 vrele(fdvp); 1586 vrele(fvp); 1587 vrele(tdvp); 1588 if (tvp != NULL) 1589 vrele(tvp); 1590 return (error); 1591 } 1592 } 1593 ufs_makedirentry(fip, tcnp, &newdir); 1594 error = ufs_direnter(tdvp, NULL, &newdir, tcnp, NULL); 1595 if (error) 1596 goto bad; 1597 /* Setup tdvp for directory compaction if needed. */ 1598 if (I_COUNT(tdp) != 0 && I_ENDOFF(tdp) != 0 && 1599 I_ENDOFF(tdp) < tdp->i_size) 1600 endoff = I_ENDOFF(tdp); 1601 } else { 1602 if (ITODEV(tip) != ITODEV(tdp) || ITODEV(tip) != ITODEV(fip)) 1603 panic("ufs_rename: EXDEV"); 1604 /* 1605 * Short circuit rename(foo, foo). 1606 */ 1607 if (tip->i_number == fip->i_number) 1608 panic("ufs_rename: same file"); 1609 /* 1610 * If the parent directory is "sticky", then the caller 1611 * must possess VADMIN for the parent directory, or the 1612 * destination of the rename. This implements append-only 1613 * directories. 1614 */ 1615 if ((tdp->i_mode & S_ISTXT) && 1616 VOP_ACCESS(tdvp, VADMIN, tcnp->cn_cred, td) && 1617 VOP_ACCESS(tvp, VADMIN, tcnp->cn_cred, td)) { 1618 error = EPERM; 1619 goto bad; 1620 } 1621 /* 1622 * Target must be empty if a directory and have no links 1623 * to it. Also, ensure source and target are compatible 1624 * (both directories, or both not directories). 1625 */ 1626 if ((tip->i_mode & IFMT) == IFDIR) { 1627 if ((tip->i_effnlink > 2) || 1628 !ufs_dirempty(tip, tdp->i_number, tcnp->cn_cred)) { 1629 error = ENOTEMPTY; 1630 goto bad; 1631 } 1632 if (!doingdirectory) { 1633 error = ENOTDIR; 1634 goto bad; 1635 } 1636 cache_purge(tdvp); 1637 } else if (doingdirectory) { 1638 error = EISDIR; 1639 goto bad; 1640 } 1641 if (doingdirectory) { 1642 if (!newparent) { 1643 tdp->i_effnlink--; 1644 if (DOINGSOFTDEP(tdvp)) 1645 softdep_change_linkcnt(tdp); 1646 } 1647 tip->i_effnlink--; 1648 if (DOINGSOFTDEP(tvp)) 1649 softdep_change_linkcnt(tip); 1650 } 1651 error = ufs_dirrewrite(tdp, tip, fip->i_number, 1652 IFTODT(fip->i_mode), 1653 (doingdirectory && newparent) ? newparent : doingdirectory); 1654 if (error) { 1655 if (doingdirectory) { 1656 if (!newparent) { 1657 tdp->i_effnlink++; 1658 if (DOINGSOFTDEP(tdvp)) 1659 softdep_change_linkcnt(tdp); 1660 } 1661 tip->i_effnlink++; 1662 if (DOINGSOFTDEP(tvp)) 1663 softdep_change_linkcnt(tip); 1664 } 1665 goto bad; 1666 } 1667 if (doingdirectory && !DOINGSOFTDEP(tvp)) { 1668 /* 1669 * The only stuff left in the directory is "." 1670 * and "..". The "." reference is inconsequential 1671 * since we are quashing it. We have removed the "." 1672 * reference and the reference in the parent directory, 1673 * but there may be other hard links. The soft 1674 * dependency code will arrange to do these operations 1675 * after the parent directory entry has been deleted on 1676 * disk, so when running with that code we avoid doing 1677 * them now. 1678 */ 1679 if (!newparent) { 1680 tdp->i_nlink--; 1681 DIP_SET_NLINK(tdp, tdp->i_nlink); 1682 UFS_INODE_SET_FLAG(tdp, IN_CHANGE); 1683 } 1684 tip->i_nlink--; 1685 DIP_SET_NLINK(tip, tip->i_nlink); 1686 UFS_INODE_SET_FLAG(tip, IN_CHANGE); 1687 } 1688 } 1689 1690 /* 1691 * 3) Unlink the source. We have to resolve the path again to 1692 * fixup the directory offset and count for ufs_dirremove. 1693 */ 1694 if (fdvp == tdvp) { 1695 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino); 1696 if (error) 1697 panic("ufs_rename: from entry went away!"); 1698 if (ino != fip->i_number) 1699 panic("ufs_rename: ino mismatch %ju != %ju\n", 1700 (uintmax_t)ino, (uintmax_t)fip->i_number); 1701 } 1702 /* 1703 * If the source is a directory with a 1704 * new parent, the link count of the old 1705 * parent directory must be decremented 1706 * and ".." set to point to the new parent. 1707 */ 1708 if (doingdirectory && newparent) { 1709 /* 1710 * Set the directory depth based on its new parent. 1711 */ 1712 DIP_SET(fip, i_dirdepth, DIP(tdp, i_dirdepth) + 1); 1713 /* 1714 * If tip exists we simply use its link, otherwise we must 1715 * add a new one. 1716 */ 1717 if (tip == NULL) { 1718 tdp->i_effnlink++; 1719 tdp->i_nlink++; 1720 DIP_SET_NLINK(tdp, tdp->i_nlink); 1721 UFS_INODE_SET_FLAG(tdp, IN_CHANGE); 1722 if (DOINGSOFTDEP(tdvp)) 1723 softdep_setup_dotdot_link(tdp, fip); 1724 error = UFS_UPDATE(tdvp, !DOINGSOFTDEP(tdvp) && 1725 !DOINGASYNC(tdvp)); 1726 /* Don't go to bad here as the new link exists. */ 1727 if (error) 1728 goto unlockout; 1729 } else if (DOINGSUJ(tdvp)) 1730 /* Journal must account for each new link. */ 1731 softdep_setup_dotdot_link(tdp, fip); 1732 SET_I_OFFSET(fip, mastertemplate.dot_reclen); 1733 if (ufs_dirrewrite(fip, fdp, newparent, DT_DIR, 0) != 0) 1734 ufs_dirbad(fip, mastertemplate.dot_reclen, 1735 "rename: missing .. entry"); 1736 cache_purge(fdvp); 1737 } 1738 error = ufs_dirremove(fdvp, fip, fcnp->cn_flags, 0); 1739 /* 1740 * The kern_renameat() looks up the fvp using the DELETE flag, which 1741 * causes the removal of the name cache entry for fvp. 1742 * As the relookup of the fvp is done in two steps: 1743 * ufs_lookup_ino() and then VFS_VGET(), another thread might do a 1744 * normal lookup of the from name just before the VFS_VGET() call, 1745 * causing the cache entry to be re-instantiated. 1746 * 1747 * The same issue also applies to tvp if it exists as 1748 * otherwise we may have a stale name cache entry for the new 1749 * name that references the old i-node if it has other links 1750 * or open file descriptors. 1751 */ 1752 cache_vop_rename(fdvp, fvp, tdvp, tvp, fcnp, tcnp); 1753 1754 unlockout: 1755 if (want_seqc_end) { 1756 if (tvp != NULL) 1757 vn_seqc_write_end(tvp); 1758 vn_seqc_write_end(tdvp); 1759 vn_seqc_write_end(fvp); 1760 vn_seqc_write_end(fdvp); 1761 } 1762 1763 if (checkpath_locked) 1764 sx_xunlock(&VFSTOUFS(mp)->um_checkpath_lock); 1765 1766 vput(fdvp); 1767 vput(fvp); 1768 1769 /* 1770 * If compaction or fsync was requested do it in 1771 * ffs_vput_pair() now that other locks are no longer needed. 1772 */ 1773 if (error == 0 && endoff != 0) { 1774 UFS_INODE_SET_FLAG(tdp, IN_ENDOFF); 1775 SET_I_ENDOFF(tdp, endoff); 1776 } 1777 VOP_VPUT_PAIR(tdvp, &tvp, true); 1778 return (error); 1779 1780 bad: 1781 fip->i_effnlink--; 1782 fip->i_nlink--; 1783 DIP_SET_NLINK(fip, fip->i_nlink); 1784 UFS_INODE_SET_FLAG(fip, IN_CHANGE); 1785 if (DOINGSOFTDEP(fvp)) 1786 softdep_revert_link(tdp, fip); 1787 goto unlockout; 1788 1789 releout: 1790 if (want_seqc_end) { 1791 if (tvp != NULL) 1792 vn_seqc_write_end(tvp); 1793 vn_seqc_write_end(tdvp); 1794 vn_seqc_write_end(fvp); 1795 vn_seqc_write_end(fdvp); 1796 } 1797 1798 vrele(fdvp); 1799 vrele(fvp); 1800 vrele(tdvp); 1801 if (tvp) 1802 vrele(tvp); 1803 1804 return (error); 1805 } 1806 1807 #ifdef UFS_ACL 1808 static int 1809 ufs_do_posix1e_acl_inheritance_dir(struct vnode *dvp, struct vnode *tvp, 1810 mode_t dmode, struct ucred *cred, struct thread *td) 1811 { 1812 int error; 1813 struct inode *ip = VTOI(tvp); 1814 struct acl *dacl, *acl; 1815 1816 acl = acl_alloc(M_WAITOK); 1817 dacl = acl_alloc(M_WAITOK); 1818 1819 /* 1820 * Retrieve default ACL from parent, if any. 1821 */ 1822 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td); 1823 switch (error) { 1824 case 0: 1825 /* 1826 * Retrieved a default ACL, so merge mode and ACL if 1827 * necessary. If the ACL is empty, fall through to 1828 * the "not defined or available" case. 1829 */ 1830 if (acl->acl_cnt != 0) { 1831 dmode = acl_posix1e_newfilemode(dmode, acl); 1832 UFS_INODE_SET_MODE(ip, dmode); 1833 DIP_SET(ip, i_mode, dmode); 1834 *dacl = *acl; 1835 ufs_sync_acl_from_inode(ip, acl); 1836 break; 1837 } 1838 /* FALLTHROUGH */ 1839 1840 case EOPNOTSUPP: 1841 /* 1842 * Just use the mode as-is. 1843 */ 1844 UFS_INODE_SET_MODE(ip, dmode); 1845 DIP_SET(ip, i_mode, dmode); 1846 error = 0; 1847 goto out; 1848 1849 default: 1850 goto out; 1851 } 1852 1853 /* 1854 * XXX: If we abort now, will Soft Updates notify the extattr 1855 * code that the EAs for the file need to be released? 1856 */ 1857 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td); 1858 if (error == 0) 1859 error = VOP_SETACL(tvp, ACL_TYPE_DEFAULT, dacl, cred, td); 1860 switch (error) { 1861 case 0: 1862 break; 1863 1864 case EOPNOTSUPP: 1865 /* 1866 * XXX: This should not happen, as EOPNOTSUPP above 1867 * was supposed to free acl. 1868 */ 1869 printf("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()\n"); 1870 /* 1871 panic("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()"); 1872 */ 1873 break; 1874 1875 default: 1876 goto out; 1877 } 1878 1879 out: 1880 acl_free(acl); 1881 acl_free(dacl); 1882 1883 return (error); 1884 } 1885 1886 static int 1887 ufs_do_posix1e_acl_inheritance_file(struct vnode *dvp, struct vnode *tvp, 1888 mode_t mode, struct ucred *cred, struct thread *td) 1889 { 1890 int error; 1891 struct inode *ip = VTOI(tvp); 1892 struct acl *acl; 1893 1894 acl = acl_alloc(M_WAITOK); 1895 1896 /* 1897 * Retrieve default ACL for parent, if any. 1898 */ 1899 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td); 1900 switch (error) { 1901 case 0: 1902 /* 1903 * Retrieved a default ACL, so merge mode and ACL if 1904 * necessary. 1905 */ 1906 if (acl->acl_cnt != 0) { 1907 /* 1908 * Two possible ways for default ACL to not 1909 * be present. First, the EA can be 1910 * undefined, or second, the default ACL can 1911 * be blank. If it's blank, fall through to 1912 * the it's not defined case. 1913 */ 1914 mode = acl_posix1e_newfilemode(mode, acl); 1915 UFS_INODE_SET_MODE(ip, mode); 1916 DIP_SET(ip, i_mode, mode); 1917 ufs_sync_acl_from_inode(ip, acl); 1918 break; 1919 } 1920 /* FALLTHROUGH */ 1921 1922 case EOPNOTSUPP: 1923 /* 1924 * Just use the mode as-is. 1925 */ 1926 UFS_INODE_SET_MODE(ip, mode); 1927 DIP_SET(ip, i_mode, mode); 1928 error = 0; 1929 goto out; 1930 1931 default: 1932 goto out; 1933 } 1934 1935 /* 1936 * XXX: If we abort now, will Soft Updates notify the extattr 1937 * code that the EAs for the file need to be released? 1938 */ 1939 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td); 1940 switch (error) { 1941 case 0: 1942 break; 1943 1944 case EOPNOTSUPP: 1945 /* 1946 * XXX: This should not happen, as EOPNOTSUPP above was 1947 * supposed to free acl. 1948 */ 1949 printf("ufs_do_posix1e_acl_inheritance_file: VOP_GETACL() " 1950 "but no VOP_SETACL()\n"); 1951 /* panic("ufs_do_posix1e_acl_inheritance_file: VOP_GETACL() " 1952 "but no VOP_SETACL()"); */ 1953 break; 1954 1955 default: 1956 goto out; 1957 } 1958 1959 out: 1960 acl_free(acl); 1961 1962 return (error); 1963 } 1964 1965 static int 1966 ufs_do_nfs4_acl_inheritance(struct vnode *dvp, struct vnode *tvp, 1967 mode_t child_mode, struct ucred *cred, struct thread *td) 1968 { 1969 int error; 1970 struct acl *parent_aclp, *child_aclp; 1971 1972 parent_aclp = acl_alloc(M_WAITOK); 1973 child_aclp = acl_alloc(M_WAITOK | M_ZERO); 1974 1975 error = ufs_getacl_nfs4_internal(dvp, parent_aclp, td); 1976 if (error) 1977 goto out; 1978 acl_nfs4_compute_inherited_acl(parent_aclp, child_aclp, 1979 child_mode, VTOI(tvp)->i_uid, tvp->v_type == VDIR); 1980 error = ufs_setacl_nfs4_internal(tvp, child_aclp, td); 1981 if (error) 1982 goto out; 1983 out: 1984 acl_free(parent_aclp); 1985 acl_free(child_aclp); 1986 1987 return (error); 1988 } 1989 #endif 1990 1991 /* 1992 * Mkdir system call 1993 */ 1994 static int 1995 ufs_mkdir( 1996 struct vop_mkdir_args /* { 1997 struct vnode *a_dvp; 1998 struct vnode **a_vpp; 1999 struct componentname *a_cnp; 2000 struct vattr *a_vap; 2001 } */ *ap) 2002 { 2003 struct vnode *dvp = ap->a_dvp; 2004 struct vattr *vap = ap->a_vap; 2005 struct componentname *cnp = ap->a_cnp; 2006 struct inode *ip, *dp; 2007 struct vnode *tvp; 2008 struct buf *bp; 2009 struct dirtemplate dirtemplate, *dtp; 2010 struct direct newdir; 2011 int error, dmode; 2012 long blkoff; 2013 2014 dp = VTOI(dvp); 2015 error = ufs_sync_nlink(dvp, NULL); 2016 if (error != 0) 2017 goto out; 2018 dmode = vap->va_mode & 0777; 2019 dmode |= IFDIR; 2020 2021 /* 2022 * Must simulate part of ufs_makeinode here to acquire the inode, 2023 * but not have it entered in the parent directory. The entry is 2024 * made later after writing "." and ".." entries. 2025 */ 2026 if (dp->i_effnlink < 2) { 2027 print_bad_link_count("ufs_mkdir", dvp); 2028 error = EINVAL; 2029 goto out; 2030 } 2031 2032 if (DOINGSUJ(dvp)) { 2033 error = softdep_prelink(dvp, NULL, cnp); 2034 if (error != 0) { 2035 MPASS(error == ERELOOKUP); 2036 return (error); 2037 } 2038 } 2039 2040 error = UFS_VALLOC(dvp, dmode, cnp->cn_cred, &tvp); 2041 if (error) 2042 goto out; 2043 vn_seqc_write_begin(tvp); 2044 ip = VTOI(tvp); 2045 ip->i_gid = dp->i_gid; 2046 DIP_SET(ip, i_gid, dp->i_gid); 2047 #ifdef SUIDDIR 2048 { 2049 #ifdef QUOTA 2050 struct ucred ucred, *ucp; 2051 gid_t ucred_group; 2052 ucp = cnp->cn_cred; 2053 #endif 2054 /* 2055 * If we are hacking owners here, (only do this where told to) 2056 * and we are not giving it TO root, (would subvert quotas) 2057 * then go ahead and give it to the other user. 2058 * The new directory also inherits the SUID bit. 2059 * If user's UID and dir UID are the same, 2060 * 'give it away' so that the SUID is still forced on. 2061 */ 2062 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) && 2063 (dp->i_mode & ISUID) && dp->i_uid) { 2064 dmode |= ISUID; 2065 ip->i_uid = dp->i_uid; 2066 DIP_SET(ip, i_uid, dp->i_uid); 2067 #ifdef QUOTA 2068 if (dp->i_uid != cnp->cn_cred->cr_uid) { 2069 /* 2070 * Make sure the correct user gets charged 2071 * for the space. 2072 * Make a dummy credential for the victim. 2073 * XXX This seems to never be accessed out of 2074 * our context so a stack variable is ok. 2075 */ 2076 ucred.cr_ref = 1; 2077 ucred.cr_uid = ip->i_uid; 2078 ucred.cr_ngroups = 1; 2079 ucred.cr_groups = &ucred_group; 2080 ucred.cr_groups[0] = dp->i_gid; 2081 ucp = &ucred; 2082 } 2083 #endif 2084 } else { 2085 ip->i_uid = cnp->cn_cred->cr_uid; 2086 DIP_SET(ip, i_uid, ip->i_uid); 2087 } 2088 #ifdef QUOTA 2089 if ((error = getinoquota(ip)) || 2090 (error = chkiq(ip, 1, ucp, 0))) { 2091 if (DOINGSOFTDEP(tvp)) 2092 softdep_revert_link(dp, ip); 2093 UFS_VFREE(tvp, ip->i_number, dmode); 2094 vn_seqc_write_end(tvp); 2095 vgone(tvp); 2096 vput(tvp); 2097 return (error); 2098 } 2099 #endif 2100 } 2101 #else /* !SUIDDIR */ 2102 ip->i_uid = cnp->cn_cred->cr_uid; 2103 DIP_SET(ip, i_uid, ip->i_uid); 2104 #ifdef QUOTA 2105 if ((error = getinoquota(ip)) || 2106 (error = chkiq(ip, 1, cnp->cn_cred, 0))) { 2107 if (DOINGSOFTDEP(tvp)) 2108 softdep_revert_link(dp, ip); 2109 UFS_VFREE(tvp, ip->i_number, dmode); 2110 vn_seqc_write_end(tvp); 2111 vgone(tvp); 2112 vput(tvp); 2113 return (error); 2114 } 2115 #endif 2116 #endif /* !SUIDDIR */ 2117 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE); 2118 UFS_INODE_SET_MODE(ip, dmode); 2119 DIP_SET(ip, i_mode, dmode); 2120 tvp->v_type = VDIR; /* Rest init'd in getnewvnode(). */ 2121 ip->i_effnlink = 2; 2122 ip->i_nlink = 2; 2123 DIP_SET_NLINK(ip, 2); 2124 DIP_SET(ip, i_dirdepth, DIP(dp,i_dirdepth) + 1); 2125 2126 if (cnp->cn_flags & ISWHITEOUT) { 2127 ip->i_flags |= UF_OPAQUE; 2128 DIP_SET(ip, i_flags, ip->i_flags); 2129 } 2130 2131 /* 2132 * Bump link count in parent directory to reflect work done below. 2133 * Should be done before reference is created so cleanup is 2134 * possible if we crash. 2135 */ 2136 dp->i_effnlink++; 2137 dp->i_nlink++; 2138 DIP_SET_NLINK(dp, dp->i_nlink); 2139 UFS_INODE_SET_FLAG(dp, IN_CHANGE); 2140 if (DOINGSOFTDEP(dvp)) 2141 softdep_setup_mkdir(dp, ip); 2142 error = UFS_UPDATE(dvp, !DOINGSOFTDEP(dvp) && !DOINGASYNC(dvp)); 2143 if (error) 2144 goto bad; 2145 #ifdef MAC 2146 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) { 2147 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount, 2148 dvp, tvp, cnp); 2149 if (error) 2150 goto bad; 2151 } 2152 #endif 2153 #ifdef UFS_ACL 2154 if (dvp->v_mount->mnt_flag & MNT_ACLS) { 2155 error = ufs_do_posix1e_acl_inheritance_dir(dvp, tvp, dmode, 2156 cnp->cn_cred, curthread); 2157 if (error) 2158 goto bad; 2159 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) { 2160 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, dmode, 2161 cnp->cn_cred, curthread); 2162 if (error) 2163 goto bad; 2164 } 2165 #endif /* !UFS_ACL */ 2166 2167 /* 2168 * Initialize directory with "." and ".." from static template. 2169 */ 2170 if (!OFSFMT(dvp)) 2171 dtp = &mastertemplate; 2172 else 2173 dtp = (struct dirtemplate *)&omastertemplate; 2174 dirtemplate = *dtp; 2175 dirtemplate.dot_ino = ip->i_number; 2176 dirtemplate.dotdot_ino = dp->i_number; 2177 vnode_pager_setsize(tvp, DIRBLKSIZ); 2178 if ((error = UFS_BALLOC(tvp, (off_t)0, DIRBLKSIZ, cnp->cn_cred, 2179 BA_CLRBUF, &bp)) != 0) 2180 goto bad; 2181 ip->i_size = DIRBLKSIZ; 2182 DIP_SET(ip, i_size, DIRBLKSIZ); 2183 UFS_INODE_SET_FLAG(ip, IN_SIZEMOD | IN_CHANGE | IN_UPDATE); 2184 bcopy((caddr_t)&dirtemplate, (caddr_t)bp->b_data, sizeof dirtemplate); 2185 if (DOINGSOFTDEP(tvp)) { 2186 /* 2187 * Ensure that the entire newly allocated block is a 2188 * valid directory so that future growth within the 2189 * block does not have to ensure that the block is 2190 * written before the inode. 2191 */ 2192 blkoff = DIRBLKSIZ; 2193 while (blkoff < bp->b_bcount) { 2194 ((struct direct *) 2195 (bp->b_data + blkoff))->d_reclen = DIRBLKSIZ; 2196 blkoff += DIRBLKSIZ; 2197 } 2198 } 2199 if ((error = UFS_UPDATE(tvp, !DOINGSOFTDEP(tvp) && 2200 !DOINGASYNC(tvp))) != 0) { 2201 (void)bwrite(bp); 2202 goto bad; 2203 } 2204 /* 2205 * Directory set up, now install its entry in the parent directory. 2206 * 2207 * If we are not doing soft dependencies, then we must write out the 2208 * buffer containing the new directory body before entering the new 2209 * name in the parent. If we are doing soft dependencies, then the 2210 * buffer containing the new directory body will be passed to and 2211 * released in the soft dependency code after the code has attached 2212 * an appropriate ordering dependency to the buffer which ensures that 2213 * the buffer is written before the new name is written in the parent. 2214 */ 2215 if (DOINGASYNC(dvp)) 2216 bdwrite(bp); 2217 else if (!DOINGSOFTDEP(dvp) && ((error = bwrite(bp)))) 2218 goto bad; 2219 ufs_makedirentry(ip, cnp, &newdir); 2220 error = ufs_direnter(dvp, tvp, &newdir, cnp, bp); 2221 2222 bad: 2223 if (error == 0) { 2224 *ap->a_vpp = tvp; 2225 vn_seqc_write_end(tvp); 2226 } else { 2227 dp->i_effnlink--; 2228 dp->i_nlink--; 2229 DIP_SET_NLINK(dp, dp->i_nlink); 2230 UFS_INODE_SET_FLAG(dp, IN_CHANGE); 2231 /* 2232 * No need to do an explicit VOP_TRUNCATE here, vrele will 2233 * do this for us because we set the link count to 0. 2234 */ 2235 ip->i_effnlink = 0; 2236 ip->i_nlink = 0; 2237 DIP_SET_NLINK(ip, 0); 2238 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 2239 if (DOINGSOFTDEP(tvp)) 2240 softdep_revert_mkdir(dp, ip); 2241 vn_seqc_write_end(tvp); 2242 vgone(tvp); 2243 vput(tvp); 2244 } 2245 out: 2246 return (error); 2247 } 2248 2249 /* 2250 * Rmdir system call. 2251 */ 2252 static int 2253 ufs_rmdir( 2254 struct vop_rmdir_args /* { 2255 struct vnode *a_dvp; 2256 struct vnode *a_vp; 2257 struct componentname *a_cnp; 2258 } */ *ap) 2259 { 2260 struct vnode *vp = ap->a_vp; 2261 struct vnode *dvp = ap->a_dvp; 2262 struct componentname *cnp = ap->a_cnp; 2263 struct inode *ip, *dp; 2264 int error; 2265 2266 ip = VTOI(vp); 2267 dp = VTOI(dvp); 2268 2269 /* 2270 * Do not remove a directory that is in the process of being renamed. 2271 * Verify the directory is empty (and valid). Rmdir ".." will not be 2272 * valid since ".." will contain a reference to the current directory 2273 * and thus be non-empty. Do not allow the removal of mounted on 2274 * directories (this can happen when an NFS exported filesystem 2275 * tries to remove a locally mounted on directory). 2276 */ 2277 error = 0; 2278 if (dp->i_effnlink <= 2) { 2279 if (dp->i_effnlink == 2) 2280 print_bad_link_count("ufs_rmdir", dvp); 2281 error = EINVAL; 2282 goto out; 2283 } 2284 if (!ufs_dirempty(ip, dp->i_number, cnp->cn_cred)) { 2285 error = ENOTEMPTY; 2286 goto out; 2287 } 2288 if ((dp->i_flags & APPEND) 2289 || (ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))) { 2290 error = EPERM; 2291 goto out; 2292 } 2293 if (vp->v_mountedhere != 0) { 2294 error = EINVAL; 2295 goto out; 2296 } 2297 if (DOINGSUJ(dvp)) { 2298 error = softdep_prelink(dvp, vp, cnp); 2299 if (error != 0) { 2300 MPASS(error == ERELOOKUP); 2301 return (error); 2302 } 2303 } 2304 2305 #ifdef UFS_GJOURNAL 2306 ufs_gjournal_orphan(vp); 2307 #endif 2308 /* 2309 * Delete reference to directory before purging 2310 * inode. If we crash in between, the directory 2311 * will be reattached to lost+found, 2312 */ 2313 dp->i_effnlink--; 2314 ip->i_effnlink--; 2315 if (DOINGSOFTDEP(vp)) 2316 softdep_setup_rmdir(dp, ip); 2317 error = ufs_dirremove(dvp, ip, cnp->cn_flags, 1); 2318 if (error) { 2319 dp->i_effnlink++; 2320 ip->i_effnlink++; 2321 if (DOINGSOFTDEP(vp)) 2322 softdep_revert_rmdir(dp, ip); 2323 goto out; 2324 } 2325 /* 2326 * The only stuff left in the directory is "." and "..". The "." 2327 * reference is inconsequential since we are quashing it. The soft 2328 * dependency code will arrange to do these operations after 2329 * the parent directory entry has been deleted on disk, so 2330 * when running with that code we avoid doing them now. 2331 */ 2332 if (!DOINGSOFTDEP(vp)) { 2333 dp->i_nlink--; 2334 DIP_SET_NLINK(dp, dp->i_nlink); 2335 UFS_INODE_SET_FLAG(dp, IN_CHANGE); 2336 error = UFS_UPDATE(dvp, 0); 2337 ip->i_nlink--; 2338 DIP_SET_NLINK(ip, ip->i_nlink); 2339 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 2340 } 2341 cache_vop_rmdir(dvp, vp); 2342 #ifdef UFS_DIRHASH 2343 /* Kill any active hash; i_effnlink == 0, so it will not come back. */ 2344 if (ip->i_dirhash != NULL) 2345 ufsdirhash_free(ip); 2346 #endif 2347 out: 2348 return (error); 2349 } 2350 2351 /* 2352 * symlink -- make a symbolic link 2353 */ 2354 static int 2355 ufs_symlink( 2356 struct vop_symlink_args /* { 2357 struct vnode *a_dvp; 2358 struct vnode **a_vpp; 2359 struct componentname *a_cnp; 2360 struct vattr *a_vap; 2361 const char *a_target; 2362 } */ *ap) 2363 { 2364 struct vnode *vp, **vpp = ap->a_vpp; 2365 struct inode *ip; 2366 int len, error; 2367 2368 error = ufs_makeinode(IFLNK | ap->a_vap->va_mode, ap->a_dvp, 2369 vpp, ap->a_cnp, "ufs_symlink"); 2370 if (error) 2371 return (error); 2372 vp = *vpp; 2373 len = strlen(ap->a_target); 2374 if (len < VFSTOUFS(vp->v_mount)->um_maxsymlinklen) { 2375 ip = VTOI(vp); 2376 bcopy(ap->a_target, DIP(ip, i_shortlink), len); 2377 ip->i_size = len; 2378 DIP_SET(ip, i_size, len); 2379 UFS_INODE_SET_FLAG(ip, IN_SIZEMOD | IN_CHANGE | IN_UPDATE); 2380 error = UFS_UPDATE(vp, 0); 2381 } else 2382 error = vn_rdwr(UIO_WRITE, vp, __DECONST(void *, ap->a_target), 2383 len, (off_t)0, UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK, 2384 ap->a_cnp->cn_cred, NOCRED, NULL, NULL); 2385 if (error) 2386 vput(vp); 2387 return (error); 2388 } 2389 2390 /* 2391 * Vnode op for reading directories. 2392 */ 2393 int 2394 ufs_readdir( 2395 struct vop_readdir_args /* { 2396 struct vnode *a_vp; 2397 struct uio *a_uio; 2398 struct ucred *a_cred; 2399 int *a_eofflag; 2400 int *a_ncookies; 2401 uint64_t **a_cookies; 2402 } */ *ap) 2403 { 2404 struct vnode *vp = ap->a_vp; 2405 struct uio *uio = ap->a_uio; 2406 struct buf *bp; 2407 struct inode *ip; 2408 struct direct *dp, *edp; 2409 uint64_t *cookies; 2410 struct dirent dstdp; 2411 off_t offset, startoffset; 2412 size_t readcnt, skipcnt; 2413 ssize_t startresid; 2414 uint64_t ncookies; 2415 int error; 2416 2417 if (uio->uio_offset < 0) 2418 return (EINVAL); 2419 ip = VTOI(vp); 2420 if (ip->i_effnlink == 0) { 2421 *ap->a_eofflag = 1; 2422 return (0); 2423 } 2424 if (ap->a_ncookies != NULL) { 2425 if (uio->uio_resid < 0) 2426 ncookies = 0; 2427 else 2428 ncookies = uio->uio_resid; 2429 if (uio->uio_offset >= ip->i_size) 2430 ncookies = 0; 2431 else if (ip->i_size - uio->uio_offset < ncookies) 2432 ncookies = ip->i_size - uio->uio_offset; 2433 ncookies = ncookies / (offsetof(struct direct, d_name) + 4) + 1; 2434 cookies = malloc(ncookies * sizeof(*cookies), M_TEMP, M_WAITOK); 2435 *ap->a_ncookies = ncookies; 2436 *ap->a_cookies = cookies; 2437 } else { 2438 ncookies = 0; 2439 cookies = NULL; 2440 } 2441 offset = startoffset = uio->uio_offset; 2442 startresid = uio->uio_resid; 2443 error = 0; 2444 while (error == 0 && uio->uio_resid > 0 && 2445 uio->uio_offset < ip->i_size) { 2446 error = UFS_BLKATOFF(vp, uio->uio_offset, NULL, &bp); 2447 if (error) 2448 break; 2449 if (bp->b_offset + bp->b_bcount > ip->i_size) 2450 readcnt = ip->i_size - bp->b_offset; 2451 else 2452 readcnt = bp->b_bcount; 2453 skipcnt = (size_t)(uio->uio_offset - bp->b_offset) & 2454 ~(size_t)(DIRBLKSIZ - 1); 2455 offset = bp->b_offset + skipcnt; 2456 dp = (struct direct *)&bp->b_data[skipcnt]; 2457 edp = (struct direct *)&bp->b_data[readcnt]; 2458 while (error == 0 && uio->uio_resid > 0 && dp < edp) { 2459 if (dp->d_reclen <= offsetof(struct direct, d_name) || 2460 (caddr_t)dp + dp->d_reclen > (caddr_t)edp) { 2461 error = EIO; 2462 break; 2463 } 2464 #if BYTE_ORDER == LITTLE_ENDIAN 2465 /* Old filesystem format. */ 2466 if (OFSFMT(vp)) { 2467 dstdp.d_namlen = dp->d_type; 2468 dstdp.d_type = dp->d_namlen; 2469 } else 2470 #endif 2471 { 2472 dstdp.d_namlen = dp->d_namlen; 2473 dstdp.d_type = dp->d_type; 2474 } 2475 if (offsetof(struct direct, d_name) + dstdp.d_namlen > 2476 dp->d_reclen) { 2477 error = EIO; 2478 break; 2479 } 2480 if (offset < startoffset || dp->d_ino == 0) 2481 goto nextentry; 2482 dstdp.d_fileno = dp->d_ino; 2483 dstdp.d_reclen = GENERIC_DIRSIZ(&dstdp); 2484 bcopy(dp->d_name, dstdp.d_name, dstdp.d_namlen); 2485 /* NOTE: d_off is the offset of the *next* entry. */ 2486 dstdp.d_off = offset + dp->d_reclen; 2487 dirent_terminate(&dstdp); 2488 if (dstdp.d_reclen > uio->uio_resid) { 2489 if (uio->uio_resid == startresid) 2490 error = EINVAL; 2491 else 2492 error = EJUSTRETURN; 2493 break; 2494 } 2495 /* Advance dp. */ 2496 error = uiomove((caddr_t)&dstdp, dstdp.d_reclen, uio); 2497 if (error) 2498 break; 2499 if (cookies != NULL) { 2500 KASSERT(ncookies > 0, 2501 ("ufs_readdir: cookies buffer too small")); 2502 *cookies = offset + dp->d_reclen; 2503 cookies++; 2504 ncookies--; 2505 } 2506 nextentry: 2507 offset += dp->d_reclen; 2508 dp = (struct direct *)((caddr_t)dp + dp->d_reclen); 2509 } 2510 bqrelse(bp); 2511 uio->uio_offset = offset; 2512 } 2513 /* We need to correct uio_offset. */ 2514 uio->uio_offset = offset; 2515 if (error == EJUSTRETURN) 2516 error = 0; 2517 if (ap->a_ncookies != NULL) { 2518 if (error == 0) { 2519 *ap->a_ncookies -= ncookies; 2520 } else { 2521 free(*ap->a_cookies, M_TEMP); 2522 *ap->a_ncookies = 0; 2523 *ap->a_cookies = NULL; 2524 } 2525 } 2526 if (error == 0 && ap->a_eofflag) 2527 *ap->a_eofflag = ip->i_size <= uio->uio_offset; 2528 return (error); 2529 } 2530 2531 /* 2532 * Return target name of a symbolic link 2533 */ 2534 static int 2535 ufs_readlink( 2536 struct vop_readlink_args /* { 2537 struct vnode *a_vp; 2538 struct uio *a_uio; 2539 struct ucred *a_cred; 2540 } */ *ap) 2541 { 2542 struct vnode *vp = ap->a_vp; 2543 struct inode *ip = VTOI(vp); 2544 doff_t isize; 2545 2546 isize = ip->i_size; 2547 if (isize < VFSTOUFS(vp->v_mount)->um_maxsymlinklen) 2548 return (uiomove(DIP(ip, i_shortlink), isize, ap->a_uio)); 2549 return (VOP_READ(vp, ap->a_uio, 0, ap->a_cred)); 2550 } 2551 2552 /* 2553 * Calculate the logical to physical mapping if not done already, 2554 * then call the device strategy routine. 2555 * 2556 * In order to be able to swap to a file, the ufs_bmaparray() operation may not 2557 * deadlock on memory. See ufs_bmap() for details. 2558 */ 2559 static int 2560 ufs_strategy( 2561 struct vop_strategy_args /* { 2562 struct vnode *a_vp; 2563 struct buf *a_bp; 2564 } */ *ap) 2565 { 2566 struct buf *bp = ap->a_bp; 2567 struct vnode *vp = ap->a_vp; 2568 ufs2_daddr_t blkno; 2569 int error; 2570 2571 if (bp->b_blkno == bp->b_lblkno) { 2572 error = ufs_bmaparray(vp, bp->b_lblkno, &blkno, bp, NULL, NULL); 2573 bp->b_blkno = blkno; 2574 if (error) { 2575 bp->b_error = error; 2576 bp->b_ioflags |= BIO_ERROR; 2577 bufdone(bp); 2578 return (0); 2579 } 2580 if ((long)bp->b_blkno == -1) 2581 vfs_bio_clrbuf(bp); 2582 } 2583 if ((long)bp->b_blkno == -1) { 2584 bufdone(bp); 2585 return (0); 2586 } 2587 bp->b_iooffset = dbtob(bp->b_blkno); 2588 BO_STRATEGY(VFSTOUFS(vp->v_mount)->um_bo, bp); 2589 return (0); 2590 } 2591 2592 /* 2593 * Print out the contents of an inode. 2594 */ 2595 static int 2596 ufs_print( 2597 struct vop_print_args /* { 2598 struct vnode *a_vp; 2599 } */ *ap) 2600 { 2601 struct vnode *vp = ap->a_vp; 2602 struct inode *ip = VTOI(vp); 2603 2604 printf("\tnlink=%d, effnlink=%d, size=%jd", ip->i_nlink, 2605 ip->i_effnlink, (intmax_t)ip->i_size); 2606 if (I_IS_UFS2(ip)) 2607 printf(", extsize %d", ip->i_din2->di_extsize); 2608 printf("\n\tgeneration=%jx, uid=%d, gid=%d, flags=0x%b\n", 2609 (uintmax_t)ip->i_gen, ip->i_uid, ip->i_gid, 2610 (uint32_t)ip->i_flags, PRINT_INODE_FLAGS); 2611 printf("\tino %ju, on dev %s", (intmax_t)ip->i_number, 2612 devtoname(ITODEV(ip))); 2613 if (vp->v_type == VFIFO) 2614 fifo_printinfo(vp); 2615 printf("\n"); 2616 return (0); 2617 } 2618 2619 /* 2620 * Close wrapper for fifos. 2621 * 2622 * Update the times on the inode then do device close. 2623 */ 2624 static int 2625 ufsfifo_close( 2626 struct vop_close_args /* { 2627 struct vnode *a_vp; 2628 int a_fflag; 2629 struct ucred *a_cred; 2630 struct thread *a_td; 2631 } */ *ap) 2632 { 2633 2634 ufs_close(ap); 2635 return (fifo_specops.vop_close(ap)); 2636 } 2637 2638 /* 2639 * Return POSIX pathconf information applicable to ufs filesystems. 2640 */ 2641 static int 2642 ufs_pathconf( 2643 struct vop_pathconf_args /* { 2644 struct vnode *a_vp; 2645 int a_name; 2646 int *a_retval; 2647 } */ *ap) 2648 { 2649 int error; 2650 2651 error = 0; 2652 switch (ap->a_name) { 2653 case _PC_LINK_MAX: 2654 *ap->a_retval = UFS_LINK_MAX; 2655 break; 2656 case _PC_NAME_MAX: 2657 *ap->a_retval = UFS_MAXNAMLEN; 2658 break; 2659 case _PC_PIPE_BUF: 2660 if (ap->a_vp->v_type == VDIR || ap->a_vp->v_type == VFIFO) 2661 *ap->a_retval = PIPE_BUF; 2662 else 2663 error = EINVAL; 2664 break; 2665 case _PC_CHOWN_RESTRICTED: 2666 *ap->a_retval = 1; 2667 break; 2668 case _PC_NO_TRUNC: 2669 *ap->a_retval = 1; 2670 break; 2671 #ifdef UFS_ACL 2672 case _PC_ACL_EXTENDED: 2673 if (ap->a_vp->v_mount->mnt_flag & MNT_ACLS) 2674 *ap->a_retval = 1; 2675 else 2676 *ap->a_retval = 0; 2677 break; 2678 case _PC_ACL_NFS4: 2679 if (ap->a_vp->v_mount->mnt_flag & MNT_NFS4ACLS) 2680 *ap->a_retval = 1; 2681 else 2682 *ap->a_retval = 0; 2683 break; 2684 #endif 2685 case _PC_ACL_PATH_MAX: 2686 #ifdef UFS_ACL 2687 if (ap->a_vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS)) 2688 *ap->a_retval = ACL_MAX_ENTRIES; 2689 else 2690 *ap->a_retval = 3; 2691 #else 2692 *ap->a_retval = 3; 2693 #endif 2694 break; 2695 #ifdef MAC 2696 case _PC_MAC_PRESENT: 2697 if (ap->a_vp->v_mount->mnt_flag & MNT_MULTILABEL) 2698 *ap->a_retval = 1; 2699 else 2700 *ap->a_retval = 0; 2701 break; 2702 #endif 2703 case _PC_MIN_HOLE_SIZE: 2704 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2705 break; 2706 case _PC_PRIO_IO: 2707 *ap->a_retval = 0; 2708 break; 2709 case _PC_SYNC_IO: 2710 *ap->a_retval = 0; 2711 break; 2712 case _PC_ALLOC_SIZE_MIN: 2713 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_bsize; 2714 break; 2715 case _PC_FILESIZEBITS: 2716 *ap->a_retval = 64; 2717 break; 2718 case _PC_REC_INCR_XFER_SIZE: 2719 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2720 break; 2721 case _PC_REC_MAX_XFER_SIZE: 2722 *ap->a_retval = -1; /* means ``unlimited'' */ 2723 break; 2724 case _PC_REC_MIN_XFER_SIZE: 2725 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2726 break; 2727 case _PC_REC_XFER_ALIGN: 2728 *ap->a_retval = PAGE_SIZE; 2729 break; 2730 case _PC_SYMLINK_MAX: 2731 *ap->a_retval = MAXPATHLEN; 2732 break; 2733 2734 default: 2735 error = vop_stdpathconf(ap); 2736 break; 2737 } 2738 return (error); 2739 } 2740 2741 /* 2742 * Initialize the vnode associated with a new inode, handle aliased 2743 * vnodes. 2744 */ 2745 int 2746 ufs_vinit(struct mount *mntp, struct vop_vector *fifoops, struct vnode **vpp) 2747 { 2748 struct inode *ip; 2749 struct vnode *vp; 2750 2751 vp = *vpp; 2752 ASSERT_VOP_LOCKED(vp, "ufs_vinit"); 2753 ip = VTOI(vp); 2754 vp->v_type = IFTOVT(ip->i_mode); 2755 /* 2756 * Only unallocated inodes should be of type VNON. 2757 */ 2758 if (ip->i_mode != 0 && vp->v_type == VNON) 2759 return (EINVAL); 2760 if (vp->v_type == VFIFO) 2761 vp->v_op = fifoops; 2762 if (ip->i_number == UFS_ROOTINO) 2763 vp->v_vflag |= VV_ROOT; 2764 *vpp = vp; 2765 return (0); 2766 } 2767 2768 /* 2769 * Allocate a new inode. 2770 * Vnode dvp must be locked. 2771 */ 2772 static int 2773 ufs_makeinode(int mode, struct vnode *dvp, struct vnode **vpp, 2774 struct componentname *cnp, const char *callfunc) 2775 { 2776 struct inode *ip, *pdir; 2777 struct direct newdir; 2778 struct vnode *tvp; 2779 int error; 2780 2781 pdir = VTOI(dvp); 2782 *vpp = NULL; 2783 if ((mode & IFMT) == 0) 2784 mode |= IFREG; 2785 2786 if (pdir->i_effnlink < 2) { 2787 print_bad_link_count(callfunc, dvp); 2788 return (EINVAL); 2789 } 2790 if (DOINGSUJ(dvp)) { 2791 error = softdep_prelink(dvp, NULL, cnp); 2792 if (error != 0) { 2793 MPASS(error == ERELOOKUP); 2794 return (error); 2795 } 2796 } 2797 error = UFS_VALLOC(dvp, mode, cnp->cn_cred, &tvp); 2798 if (error) 2799 return (error); 2800 ip = VTOI(tvp); 2801 ip->i_gid = pdir->i_gid; 2802 DIP_SET(ip, i_gid, pdir->i_gid); 2803 #ifdef SUIDDIR 2804 { 2805 #ifdef QUOTA 2806 struct ucred ucred, *ucp; 2807 gid_t ucred_group; 2808 ucp = cnp->cn_cred; 2809 #endif 2810 /* 2811 * If we are not the owner of the directory, 2812 * and we are hacking owners here, (only do this where told to) 2813 * and we are not giving it TO root, (would subvert quotas) 2814 * then go ahead and give it to the other user. 2815 * Note that this drops off the execute bits for security. 2816 */ 2817 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) && 2818 (pdir->i_mode & ISUID) && 2819 (pdir->i_uid != cnp->cn_cred->cr_uid) && pdir->i_uid) { 2820 ip->i_uid = pdir->i_uid; 2821 DIP_SET(ip, i_uid, ip->i_uid); 2822 mode &= ~07111; 2823 #ifdef QUOTA 2824 /* 2825 * Make sure the correct user gets charged 2826 * for the space. 2827 * Quickly knock up a dummy credential for the victim. 2828 * XXX This seems to never be accessed out of our 2829 * context so a stack variable is ok. 2830 */ 2831 ucred.cr_ref = 1; 2832 ucred.cr_uid = ip->i_uid; 2833 ucred.cr_ngroups = 1; 2834 ucred.cr_groups = &ucred_group; 2835 ucred.cr_groups[0] = pdir->i_gid; 2836 ucp = &ucred; 2837 #endif 2838 } else { 2839 ip->i_uid = cnp->cn_cred->cr_uid; 2840 DIP_SET(ip, i_uid, ip->i_uid); 2841 } 2842 2843 #ifdef QUOTA 2844 if ((error = getinoquota(ip)) || 2845 (error = chkiq(ip, 1, ucp, 0))) { 2846 if (DOINGSOFTDEP(tvp)) 2847 softdep_revert_link(pdir, ip); 2848 UFS_VFREE(tvp, ip->i_number, mode); 2849 vgone(tvp); 2850 vput(tvp); 2851 return (error); 2852 } 2853 #endif 2854 } 2855 #else /* !SUIDDIR */ 2856 ip->i_uid = cnp->cn_cred->cr_uid; 2857 DIP_SET(ip, i_uid, ip->i_uid); 2858 #ifdef QUOTA 2859 if ((error = getinoquota(ip)) || 2860 (error = chkiq(ip, 1, cnp->cn_cred, 0))) { 2861 if (DOINGSOFTDEP(tvp)) 2862 softdep_revert_link(pdir, ip); 2863 UFS_VFREE(tvp, ip->i_number, mode); 2864 vgone(tvp); 2865 vput(tvp); 2866 return (error); 2867 } 2868 #endif 2869 #endif /* !SUIDDIR */ 2870 vn_seqc_write_begin(tvp); /* Mostly to cover asserts */ 2871 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE); 2872 UFS_INODE_SET_MODE(ip, mode); 2873 DIP_SET(ip, i_mode, mode); 2874 tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */ 2875 ip->i_effnlink = 1; 2876 ip->i_nlink = 1; 2877 DIP_SET_NLINK(ip, 1); 2878 if (DOINGSOFTDEP(tvp)) 2879 softdep_setup_create(VTOI(dvp), ip); 2880 if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) && 2881 priv_check_cred(cnp->cn_cred, PRIV_VFS_SETGID)) { 2882 UFS_INODE_SET_MODE(ip, ip->i_mode & ~ISGID); 2883 DIP_SET(ip, i_mode, ip->i_mode); 2884 } 2885 2886 if (cnp->cn_flags & ISWHITEOUT) { 2887 ip->i_flags |= UF_OPAQUE; 2888 DIP_SET(ip, i_flags, ip->i_flags); 2889 } 2890 2891 /* 2892 * Make sure inode goes to disk before directory entry. 2893 */ 2894 error = UFS_UPDATE(tvp, !DOINGSOFTDEP(tvp) && !DOINGASYNC(tvp)); 2895 if (error) 2896 goto bad; 2897 #ifdef MAC 2898 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) { 2899 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount, 2900 dvp, tvp, cnp); 2901 if (error) 2902 goto bad; 2903 } 2904 #endif 2905 #ifdef UFS_ACL 2906 if (dvp->v_mount->mnt_flag & MNT_ACLS) { 2907 error = ufs_do_posix1e_acl_inheritance_file(dvp, tvp, mode, 2908 cnp->cn_cred, curthread); 2909 if (error) 2910 goto bad; 2911 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) { 2912 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, mode, 2913 cnp->cn_cred, curthread); 2914 if (error) 2915 goto bad; 2916 } 2917 #endif /* !UFS_ACL */ 2918 ufs_makedirentry(ip, cnp, &newdir); 2919 error = ufs_direnter(dvp, tvp, &newdir, cnp, NULL); 2920 if (error) 2921 goto bad; 2922 vn_seqc_write_end(tvp); 2923 *vpp = tvp; 2924 return (0); 2925 2926 bad: 2927 /* 2928 * Write error occurred trying to update the inode 2929 * or the directory so must deallocate the inode. 2930 */ 2931 ip->i_effnlink = 0; 2932 ip->i_nlink = 0; 2933 DIP_SET_NLINK(ip, 0); 2934 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 2935 if (DOINGSOFTDEP(tvp)) 2936 softdep_revert_create(VTOI(dvp), ip); 2937 vn_seqc_write_end(tvp); 2938 vgone(tvp); 2939 vput(tvp); 2940 return (error); 2941 } 2942 2943 static int 2944 ufs_ioctl(struct vop_ioctl_args *ap) 2945 { 2946 struct vnode *vp; 2947 int error; 2948 2949 vp = ap->a_vp; 2950 switch (ap->a_command) { 2951 case FIOSEEKDATA: 2952 error = vn_lock(vp, LK_EXCLUSIVE); 2953 if (error == 0) { 2954 error = ufs_bmap_seekdata(vp, (off_t *)ap->a_data); 2955 VOP_UNLOCK(vp); 2956 } else 2957 error = EBADF; 2958 return (error); 2959 case FIOSEEKHOLE: 2960 return (vn_bmap_seekhole(vp, ap->a_command, (off_t *)ap->a_data, 2961 ap->a_cred)); 2962 default: 2963 return (ENOTTY); 2964 } 2965 } 2966 2967 static int 2968 ufs_read_pgcache(struct vop_read_pgcache_args *ap) 2969 { 2970 struct uio *uio; 2971 struct vnode *vp; 2972 2973 uio = ap->a_uio; 2974 vp = ap->a_vp; 2975 VNPASS((vn_irflag_read(vp) & VIRF_PGREAD) != 0, vp); 2976 2977 if (uio->uio_resid > ptoa(io_hold_cnt) || uio->uio_offset < 0 || 2978 (ap->a_ioflag & IO_DIRECT) != 0) 2979 return (EJUSTRETURN); 2980 return (vn_read_from_obj(vp, uio)); 2981 } 2982 2983 /* Global vfs data structures for ufs. */ 2984 struct vop_vector ufs_vnodeops = { 2985 .vop_default = &default_vnodeops, 2986 .vop_fsync = VOP_PANIC, 2987 .vop_read = VOP_PANIC, 2988 .vop_reallocblks = VOP_PANIC, 2989 .vop_write = VOP_PANIC, 2990 .vop_accessx = ufs_accessx, 2991 .vop_bmap = ufs_bmap, 2992 .vop_fplookup_vexec = ufs_fplookup_vexec, 2993 .vop_fplookup_symlink = VOP_EAGAIN, 2994 .vop_cachedlookup = ufs_lookup, 2995 .vop_close = ufs_close, 2996 .vop_create = ufs_create, 2997 .vop_stat = ufs_stat, 2998 .vop_getattr = ufs_getattr, 2999 .vop_inactive = ufs_inactive, 3000 .vop_ioctl = ufs_ioctl, 3001 .vop_link = ufs_link, 3002 .vop_lookup = vfs_cache_lookup, 3003 .vop_mmapped = ufs_mmapped, 3004 .vop_mkdir = ufs_mkdir, 3005 .vop_mknod = ufs_mknod, 3006 .vop_need_inactive = ufs_need_inactive, 3007 .vop_open = ufs_open, 3008 .vop_pathconf = ufs_pathconf, 3009 .vop_poll = vop_stdpoll, 3010 .vop_print = ufs_print, 3011 .vop_read_pgcache = ufs_read_pgcache, 3012 .vop_readdir = ufs_readdir, 3013 .vop_readlink = ufs_readlink, 3014 .vop_reclaim = ufs_reclaim, 3015 .vop_remove = ufs_remove, 3016 .vop_rename = ufs_rename, 3017 .vop_rmdir = ufs_rmdir, 3018 .vop_setattr = ufs_setattr, 3019 #ifdef MAC 3020 .vop_setlabel = vop_stdsetlabel_ea, 3021 #endif 3022 .vop_strategy = ufs_strategy, 3023 .vop_symlink = ufs_symlink, 3024 .vop_whiteout = ufs_whiteout, 3025 #ifdef UFS_EXTATTR 3026 .vop_getextattr = ufs_getextattr, 3027 .vop_deleteextattr = ufs_deleteextattr, 3028 .vop_setextattr = ufs_setextattr, 3029 #endif 3030 #ifdef UFS_ACL 3031 .vop_getacl = ufs_getacl, 3032 .vop_setacl = ufs_setacl, 3033 .vop_aclcheck = ufs_aclcheck, 3034 #endif 3035 }; 3036 VFS_VOP_VECTOR_REGISTER(ufs_vnodeops); 3037 3038 struct vop_vector ufs_fifoops = { 3039 .vop_default = &fifo_specops, 3040 .vop_fsync = VOP_PANIC, 3041 .vop_accessx = ufs_accessx, 3042 .vop_close = ufsfifo_close, 3043 .vop_getattr = ufs_getattr, 3044 .vop_inactive = ufs_inactive, 3045 .vop_pathconf = ufs_pathconf, 3046 .vop_print = ufs_print, 3047 .vop_read = VOP_PANIC, 3048 .vop_reclaim = ufs_reclaim, 3049 .vop_setattr = ufs_setattr, 3050 #ifdef MAC 3051 .vop_setlabel = vop_stdsetlabel_ea, 3052 #endif 3053 .vop_write = VOP_PANIC, 3054 #ifdef UFS_EXTATTR 3055 .vop_getextattr = ufs_getextattr, 3056 .vop_deleteextattr = ufs_deleteextattr, 3057 .vop_setextattr = ufs_setextattr, 3058 #endif 3059 #ifdef UFS_ACL 3060 .vop_getacl = ufs_getacl, 3061 .vop_setacl = ufs_setacl, 3062 .vop_aclcheck = ufs_aclcheck, 3063 #endif 3064 .vop_fplookup_vexec = VOP_EAGAIN, 3065 .vop_fplookup_symlink = VOP_EAGAIN, 3066 }; 3067 VFS_VOP_VECTOR_REGISTER(ufs_fifoops); 3068