1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1982, 1986, 1989, 1993, 1995 5 * The Regents of the University of California. All rights reserved. 6 * (c) UNIX System Laboratories, Inc. 7 * All or some portions of this file are derived from material licensed 8 * to the University of California by American Telephone and Telegraph 9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 10 * the permission of UNIX System Laboratories, Inc. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)ufs_vnops.c 8.27 (Berkeley) 5/27/95 37 */ 38 39 #include <sys/cdefs.h> 40 __FBSDID("$FreeBSD$"); 41 42 #include "opt_quota.h" 43 #include "opt_suiddir.h" 44 #include "opt_ufs.h" 45 #include "opt_ffs.h" 46 47 #include <sys/param.h> 48 #include <sys/systm.h> 49 #include <sys/malloc.h> 50 #include <sys/namei.h> 51 #include <sys/kernel.h> 52 #include <sys/fcntl.h> 53 #include <sys/filio.h> 54 #include <sys/stat.h> 55 #include <sys/bio.h> 56 #include <sys/buf.h> 57 #include <sys/mount.h> 58 #include <sys/priv.h> 59 #include <sys/refcount.h> 60 #include <sys/unistd.h> 61 #include <sys/vnode.h> 62 #include <sys/dirent.h> 63 #include <sys/lockf.h> 64 #include <sys/conf.h> 65 #include <sys/acl.h> 66 #include <sys/smr.h> 67 68 #include <security/audit/audit.h> 69 #include <security/mac/mac_framework.h> 70 71 #include <sys/file.h> /* XXX */ 72 73 #include <vm/vm.h> 74 #include <vm/vm_extern.h> 75 76 #include <ufs/ufs/acl.h> 77 #include <ufs/ufs/extattr.h> 78 #include <ufs/ufs/quota.h> 79 #include <ufs/ufs/inode.h> 80 #include <ufs/ufs/dir.h> 81 #include <ufs/ufs/ufsmount.h> 82 #include <ufs/ufs/ufs_extern.h> 83 #ifdef UFS_DIRHASH 84 #include <ufs/ufs/dirhash.h> 85 #endif 86 #ifdef UFS_GJOURNAL 87 #include <ufs/ufs/gjournal.h> 88 FEATURE(ufs_gjournal, "Journaling support through GEOM for UFS"); 89 #endif 90 91 #ifdef QUOTA 92 FEATURE(ufs_quota, "UFS disk quotas support"); 93 FEATURE(ufs_quota64, "64bit UFS disk quotas support"); 94 #endif 95 96 #ifdef SUIDDIR 97 FEATURE(suiddir, 98 "Give all new files in directory the same ownership as the directory"); 99 #endif 100 101 VFS_SMR_DECLARE; 102 103 #include <ufs/ffs/ffs_extern.h> 104 105 static vop_accessx_t ufs_accessx; 106 static vop_fplookup_vexec_t ufs_fplookup_vexec; 107 static int ufs_chmod(struct vnode *, int, struct ucred *, struct thread *); 108 static int ufs_chown(struct vnode *, uid_t, gid_t, struct ucred *, 109 struct thread *); 110 static vop_close_t ufs_close; 111 static vop_create_t ufs_create; 112 static vop_stat_t ufs_stat; 113 static vop_getattr_t ufs_getattr; 114 static vop_ioctl_t ufs_ioctl; 115 static vop_link_t ufs_link; 116 static int ufs_makeinode(int mode, struct vnode *, struct vnode **, 117 struct componentname *, const char *); 118 static vop_mmapped_t ufs_mmapped; 119 static vop_mkdir_t ufs_mkdir; 120 static vop_mknod_t ufs_mknod; 121 static vop_open_t ufs_open; 122 static vop_pathconf_t ufs_pathconf; 123 static vop_print_t ufs_print; 124 static vop_readlink_t ufs_readlink; 125 static vop_remove_t ufs_remove; 126 static vop_rename_t ufs_rename; 127 static vop_rmdir_t ufs_rmdir; 128 static vop_setattr_t ufs_setattr; 129 static vop_strategy_t ufs_strategy; 130 static vop_symlink_t ufs_symlink; 131 static vop_whiteout_t ufs_whiteout; 132 static vop_close_t ufsfifo_close; 133 134 SYSCTL_NODE(_vfs, OID_AUTO, ufs, CTLFLAG_RD | CTLFLAG_MPSAFE, 0, 135 "UFS filesystem"); 136 137 /* 138 * A virgin directory (no blushing please). 139 */ 140 static struct dirtemplate mastertemplate = { 141 0, 12, DT_DIR, 1, ".", 142 0, DIRBLKSIZ - 12, DT_DIR, 2, ".." 143 }; 144 static struct odirtemplate omastertemplate = { 145 0, 12, 1, ".", 146 0, DIRBLKSIZ - 12, 2, ".." 147 }; 148 149 static void 150 ufs_itimes_locked(struct vnode *vp) 151 { 152 struct inode *ip; 153 struct timespec ts; 154 155 ASSERT_VI_LOCKED(vp, __func__); 156 157 ip = VTOI(vp); 158 if (UFS_RDONLY(ip)) 159 goto out; 160 if ((ip->i_flag & (IN_ACCESS | IN_CHANGE | IN_UPDATE)) == 0) 161 return; 162 163 if ((vp->v_type == VBLK || vp->v_type == VCHR) && !DOINGSOFTDEP(vp)) 164 UFS_INODE_SET_FLAG(ip, IN_LAZYMOD); 165 else if (((vp->v_mount->mnt_kern_flag & 166 (MNTK_SUSPENDED | MNTK_SUSPEND)) == 0) || 167 (ip->i_flag & (IN_CHANGE | IN_UPDATE))) 168 UFS_INODE_SET_FLAG(ip, IN_MODIFIED); 169 else if (ip->i_flag & IN_ACCESS) 170 UFS_INODE_SET_FLAG(ip, IN_LAZYACCESS); 171 vfs_timestamp(&ts); 172 if (ip->i_flag & IN_ACCESS) { 173 DIP_SET(ip, i_atime, ts.tv_sec); 174 DIP_SET(ip, i_atimensec, ts.tv_nsec); 175 } 176 if (ip->i_flag & IN_UPDATE) { 177 DIP_SET(ip, i_mtime, ts.tv_sec); 178 DIP_SET(ip, i_mtimensec, ts.tv_nsec); 179 } 180 if (ip->i_flag & IN_CHANGE) { 181 DIP_SET(ip, i_ctime, ts.tv_sec); 182 DIP_SET(ip, i_ctimensec, ts.tv_nsec); 183 DIP_SET(ip, i_modrev, DIP(ip, i_modrev) + 1); 184 } 185 186 out: 187 ip->i_flag &= ~(IN_ACCESS | IN_CHANGE | IN_UPDATE); 188 } 189 190 void 191 ufs_itimes(struct vnode *vp) 192 { 193 struct inode *ip; 194 195 ip = VTOI(vp); 196 if ((ip->i_flag & (IN_ACCESS | IN_CHANGE | IN_UPDATE)) == 0) 197 return; 198 199 VI_LOCK(vp); 200 ufs_itimes_locked(vp); 201 VI_UNLOCK(vp); 202 } 203 204 static int 205 ufs_sync_nlink1(struct mount *mp) 206 { 207 int error; 208 209 error = vfs_busy(mp, 0); 210 if (error == 0) { 211 VFS_SYNC(mp, MNT_WAIT); 212 vfs_unbusy(mp); 213 error = ERELOOKUP; 214 } 215 vfs_rel(mp); 216 return (error); 217 } 218 219 static int 220 ufs_sync_nlink(struct vnode *vp, struct vnode *vp1) 221 { 222 struct inode *ip; 223 struct mount *mp; 224 int error; 225 226 ip = VTOI(vp); 227 if (ip->i_nlink < UFS_LINK_MAX) 228 return (0); 229 if (!DOINGSOFTDEP(vp) || ip->i_effnlink >= UFS_LINK_MAX) 230 return (EMLINK); 231 232 mp = vp->v_mount; 233 vfs_ref(mp); 234 VOP_UNLOCK(vp); 235 if (vp1 != NULL) 236 VOP_UNLOCK(vp1); 237 error = ufs_sync_nlink1(mp); 238 vn_lock_pair(vp, false, vp1, false); 239 return (error); 240 } 241 242 /* 243 * Create a regular file 244 */ 245 static int 246 ufs_create( 247 struct vop_create_args /* { 248 struct vnode *a_dvp; 249 struct vnode **a_vpp; 250 struct componentname *a_cnp; 251 struct vattr *a_vap; 252 } */ *ap) 253 { 254 int error; 255 256 error = 257 ufs_makeinode(MAKEIMODE(ap->a_vap->va_type, ap->a_vap->va_mode), 258 ap->a_dvp, ap->a_vpp, ap->a_cnp, "ufs_create"); 259 if (error != 0) 260 return (error); 261 if ((ap->a_cnp->cn_flags & MAKEENTRY) != 0) 262 cache_enter(ap->a_dvp, *ap->a_vpp, ap->a_cnp); 263 return (0); 264 } 265 266 /* 267 * Mknod vnode call 268 */ 269 /* ARGSUSED */ 270 static int 271 ufs_mknod( 272 struct vop_mknod_args /* { 273 struct vnode *a_dvp; 274 struct vnode **a_vpp; 275 struct componentname *a_cnp; 276 struct vattr *a_vap; 277 } */ *ap) 278 { 279 struct vattr *vap = ap->a_vap; 280 struct vnode **vpp = ap->a_vpp; 281 struct inode *ip; 282 ino_t ino; 283 int error; 284 285 error = ufs_makeinode(MAKEIMODE(vap->va_type, vap->va_mode), 286 ap->a_dvp, vpp, ap->a_cnp, "ufs_mknod"); 287 if (error) 288 return (error); 289 ip = VTOI(*vpp); 290 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE); 291 if (vap->va_rdev != VNOVAL) { 292 /* 293 * Want to be able to use this to make badblock 294 * inodes, so don't truncate the dev number. 295 */ 296 DIP_SET(ip, i_rdev, vap->va_rdev); 297 } 298 /* 299 * Remove inode, then reload it through VFS_VGET(). This is 300 * needed to do further inode initialization, for instance 301 * fifo, which was too early for VFS_VGET() done as part of 302 * UFS_VALLOC(). 303 */ 304 (*vpp)->v_type = VNON; 305 ino = ip->i_number; /* Save this before vgone() invalidates ip. */ 306 vgone(*vpp); 307 vput(*vpp); 308 error = VFS_VGET(ap->a_dvp->v_mount, ino, LK_EXCLUSIVE, vpp); 309 if (error) { 310 *vpp = NULL; 311 return (error); 312 } 313 return (0); 314 } 315 316 /* 317 * Open called. 318 */ 319 /* ARGSUSED */ 320 static int 321 ufs_open(struct vop_open_args *ap) 322 { 323 struct vnode *vp = ap->a_vp; 324 struct inode *ip; 325 326 if (vp->v_type == VCHR || vp->v_type == VBLK) 327 return (EOPNOTSUPP); 328 329 ip = VTOI(vp); 330 vnode_create_vobject(vp, DIP(ip, i_size), ap->a_td); 331 if (vp->v_type == VREG && (vn_irflag_read(vp) & VIRF_PGREAD) == 0 && 332 ip->i_ump->um_bsize >= PAGE_SIZE) { 333 vn_irflag_set_cond(vp, VIRF_PGREAD); 334 } 335 336 /* 337 * Files marked append-only must be opened for appending. 338 */ 339 if ((ip->i_flags & APPEND) && 340 (ap->a_mode & (FWRITE | O_APPEND)) == FWRITE) 341 return (EPERM); 342 343 return (0); 344 } 345 346 /* 347 * Close called. 348 * 349 * Update the times on the inode. 350 */ 351 /* ARGSUSED */ 352 static int 353 ufs_close( 354 struct vop_close_args /* { 355 struct vnode *a_vp; 356 int a_fflag; 357 struct ucred *a_cred; 358 struct thread *a_td; 359 } */ *ap) 360 { 361 struct vnode *vp = ap->a_vp; 362 363 ufs_itimes(vp); 364 return (0); 365 } 366 367 static int 368 ufs_accessx( 369 struct vop_accessx_args /* { 370 struct vnode *a_vp; 371 accmode_t a_accmode; 372 struct ucred *a_cred; 373 struct thread *a_td; 374 } */ *ap) 375 { 376 struct vnode *vp = ap->a_vp; 377 struct inode *ip = VTOI(vp); 378 accmode_t accmode = ap->a_accmode; 379 int error; 380 #ifdef UFS_ACL 381 struct acl *acl; 382 acl_type_t type; 383 #endif 384 385 /* 386 * Disallow write attempts on read-only filesystems; 387 * unless the file is a socket, fifo, or a block or 388 * character device resident on the filesystem. 389 */ 390 if (accmode & VMODIFY_PERMS) { 391 switch (vp->v_type) { 392 case VDIR: 393 case VLNK: 394 case VREG: 395 if (vp->v_mount->mnt_flag & MNT_RDONLY) 396 return (EROFS); 397 #ifdef QUOTA 398 /* 399 * Inode is accounted in the quotas only if struct 400 * dquot is attached to it. VOP_ACCESS() is called 401 * from vn_open_cred() and provides a convenient 402 * point to call getinoquota(). The lock mode is 403 * exclusive when the file is opening for write. 404 */ 405 if (VOP_ISLOCKED(vp) == LK_EXCLUSIVE) { 406 error = getinoquota(ip); 407 if (error != 0) 408 return (error); 409 } 410 #endif 411 break; 412 default: 413 break; 414 } 415 } 416 417 /* 418 * If immutable bit set, nobody gets to write it. "& ~VADMIN_PERMS" 419 * permits the owner of the file to remove the IMMUTABLE flag. 420 */ 421 if ((accmode & (VMODIFY_PERMS & ~VADMIN_PERMS)) && 422 (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT))) 423 return (EPERM); 424 425 #ifdef UFS_ACL 426 if ((vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS)) != 0) { 427 if (vp->v_mount->mnt_flag & MNT_NFS4ACLS) 428 type = ACL_TYPE_NFS4; 429 else 430 type = ACL_TYPE_ACCESS; 431 432 acl = acl_alloc(M_WAITOK); 433 if (type == ACL_TYPE_NFS4) 434 error = ufs_getacl_nfs4_internal(vp, acl, ap->a_td); 435 else 436 error = VOP_GETACL(vp, type, acl, ap->a_cred, ap->a_td); 437 switch (error) { 438 case 0: 439 if (type == ACL_TYPE_NFS4) { 440 error = vaccess_acl_nfs4(vp->v_type, ip->i_uid, 441 ip->i_gid, acl, accmode, ap->a_cred); 442 } else { 443 error = vfs_unixify_accmode(&accmode); 444 if (error == 0) 445 error = vaccess_acl_posix1e(vp->v_type, ip->i_uid, 446 ip->i_gid, acl, accmode, ap->a_cred); 447 } 448 break; 449 default: 450 if (error != EOPNOTSUPP) 451 printf( 452 "ufs_accessx(): Error retrieving ACL on object (%d).\n", 453 error); 454 /* 455 * XXX: Fall back until debugged. Should 456 * eventually possibly log an error, and return 457 * EPERM for safety. 458 */ 459 error = vfs_unixify_accmode(&accmode); 460 if (error == 0) 461 error = vaccess(vp->v_type, ip->i_mode, 462 ip->i_uid, ip->i_gid, accmode, ap->a_cred); 463 } 464 acl_free(acl); 465 466 return (error); 467 } 468 #endif /* !UFS_ACL */ 469 error = vfs_unixify_accmode(&accmode); 470 if (error == 0) 471 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, ip->i_gid, 472 accmode, ap->a_cred); 473 return (error); 474 } 475 476 /* 477 * VOP_FPLOOKUP_VEXEC routines are subject to special circumstances, see 478 * the comment above cache_fplookup for details. 479 */ 480 static int 481 ufs_fplookup_vexec( 482 struct vop_fplookup_vexec_args /* { 483 struct vnode *a_vp; 484 struct ucred *a_cred; 485 struct thread *a_td; 486 } */ *ap) 487 { 488 struct vnode *vp; 489 struct inode *ip; 490 struct ucred *cred; 491 mode_t all_x, mode; 492 493 vp = ap->a_vp; 494 ip = VTOI_SMR(vp); 495 if (__predict_false(ip == NULL)) 496 return (EAGAIN); 497 498 /* 499 * XXX ACL race 500 * 501 * ACLs are not supported and UFS clears/sets this flag on mount and 502 * remount. However, we may still be racing with seeing them and there 503 * is no provision to make sure they were accounted for. This matches 504 * the behavior of the locked case, since the lookup there is also 505 * racy: mount takes no measures to block anyone from progressing. 506 */ 507 all_x = S_IXUSR | S_IXGRP | S_IXOTH; 508 mode = atomic_load_short(&ip->i_mode); 509 if (__predict_true((mode & all_x) == all_x)) 510 return (0); 511 512 cred = ap->a_cred; 513 return (vaccess_vexec_smr(mode, ip->i_uid, ip->i_gid, cred)); 514 } 515 516 /* ARGSUSED */ 517 static int 518 ufs_stat(struct vop_stat_args *ap) 519 { 520 struct vnode *vp = ap->a_vp; 521 struct inode *ip = VTOI(vp); 522 struct stat *sb = ap->a_sb; 523 int error; 524 525 error = vop_stat_helper_pre(ap); 526 if (__predict_false(error)) 527 return (error); 528 529 VI_LOCK(vp); 530 ufs_itimes_locked(vp); 531 if (I_IS_UFS1(ip)) { 532 sb->st_atim.tv_sec = ip->i_din1->di_atime; 533 sb->st_atim.tv_nsec = ip->i_din1->di_atimensec; 534 } else { 535 sb->st_atim.tv_sec = ip->i_din2->di_atime; 536 sb->st_atim.tv_nsec = ip->i_din2->di_atimensec; 537 } 538 VI_UNLOCK(vp); 539 540 sb->st_dev = dev2udev(ITOUMP(ip)->um_dev); 541 sb->st_ino = ip->i_number; 542 sb->st_mode = (ip->i_mode & ~IFMT) | VTTOIF(vp->v_type); 543 sb->st_nlink = ip->i_effnlink; 544 sb->st_uid = ip->i_uid; 545 sb->st_gid = ip->i_gid; 546 if (I_IS_UFS1(ip)) { 547 sb->st_rdev = ip->i_din1->di_rdev; 548 sb->st_size = ip->i_din1->di_size; 549 sb->st_mtim.tv_sec = ip->i_din1->di_mtime; 550 sb->st_mtim.tv_nsec = ip->i_din1->di_mtimensec; 551 sb->st_ctim.tv_sec = ip->i_din1->di_ctime; 552 sb->st_ctim.tv_nsec = ip->i_din1->di_ctimensec; 553 sb->st_birthtim.tv_sec = -1; 554 sb->st_birthtim.tv_nsec = 0; 555 sb->st_blocks = dbtob((u_quad_t)ip->i_din1->di_blocks) / S_BLKSIZE; 556 } else { 557 sb->st_rdev = ip->i_din2->di_rdev; 558 sb->st_size = ip->i_din2->di_size; 559 sb->st_mtim.tv_sec = ip->i_din2->di_mtime; 560 sb->st_mtim.tv_nsec = ip->i_din2->di_mtimensec; 561 sb->st_ctim.tv_sec = ip->i_din2->di_ctime; 562 sb->st_ctim.tv_nsec = ip->i_din2->di_ctimensec; 563 sb->st_birthtim.tv_sec = ip->i_din2->di_birthtime; 564 sb->st_birthtim.tv_nsec = ip->i_din2->di_birthnsec; 565 sb->st_blocks = dbtob((u_quad_t)ip->i_din2->di_blocks) / S_BLKSIZE; 566 } 567 568 sb->st_blksize = max(PAGE_SIZE, vp->v_mount->mnt_stat.f_iosize); 569 sb->st_flags = ip->i_flags; 570 sb->st_gen = ip->i_gen; 571 572 return (vop_stat_helper_post(ap, error)); 573 } 574 575 /* ARGSUSED */ 576 static int 577 ufs_getattr( 578 struct vop_getattr_args /* { 579 struct vnode *a_vp; 580 struct vattr *a_vap; 581 struct ucred *a_cred; 582 } */ *ap) 583 { 584 struct vnode *vp = ap->a_vp; 585 struct inode *ip = VTOI(vp); 586 struct vattr *vap = ap->a_vap; 587 588 VI_LOCK(vp); 589 ufs_itimes_locked(vp); 590 if (I_IS_UFS1(ip)) { 591 vap->va_atime.tv_sec = ip->i_din1->di_atime; 592 vap->va_atime.tv_nsec = ip->i_din1->di_atimensec; 593 } else { 594 vap->va_atime.tv_sec = ip->i_din2->di_atime; 595 vap->va_atime.tv_nsec = ip->i_din2->di_atimensec; 596 } 597 VI_UNLOCK(vp); 598 /* 599 * Copy from inode table 600 */ 601 vap->va_fsid = dev2udev(ITOUMP(ip)->um_dev); 602 vap->va_fileid = ip->i_number; 603 vap->va_mode = ip->i_mode & ~IFMT; 604 vap->va_nlink = ip->i_effnlink; 605 vap->va_uid = ip->i_uid; 606 vap->va_gid = ip->i_gid; 607 if (I_IS_UFS1(ip)) { 608 vap->va_rdev = ip->i_din1->di_rdev; 609 vap->va_size = ip->i_din1->di_size; 610 vap->va_mtime.tv_sec = ip->i_din1->di_mtime; 611 vap->va_mtime.tv_nsec = ip->i_din1->di_mtimensec; 612 vap->va_ctime.tv_sec = ip->i_din1->di_ctime; 613 vap->va_ctime.tv_nsec = ip->i_din1->di_ctimensec; 614 vap->va_bytes = dbtob((u_quad_t)ip->i_din1->di_blocks); 615 vap->va_filerev = ip->i_din1->di_modrev; 616 } else { 617 vap->va_rdev = ip->i_din2->di_rdev; 618 vap->va_size = ip->i_din2->di_size; 619 vap->va_mtime.tv_sec = ip->i_din2->di_mtime; 620 vap->va_mtime.tv_nsec = ip->i_din2->di_mtimensec; 621 vap->va_ctime.tv_sec = ip->i_din2->di_ctime; 622 vap->va_ctime.tv_nsec = ip->i_din2->di_ctimensec; 623 vap->va_birthtime.tv_sec = ip->i_din2->di_birthtime; 624 vap->va_birthtime.tv_nsec = ip->i_din2->di_birthnsec; 625 vap->va_bytes = dbtob((u_quad_t)ip->i_din2->di_blocks); 626 vap->va_filerev = ip->i_din2->di_modrev; 627 } 628 vap->va_flags = ip->i_flags; 629 vap->va_gen = ip->i_gen; 630 vap->va_blocksize = vp->v_mount->mnt_stat.f_iosize; 631 vap->va_type = IFTOVT(ip->i_mode); 632 return (0); 633 } 634 635 /* 636 * Set attribute vnode op. called from several syscalls 637 */ 638 static int 639 ufs_setattr( 640 struct vop_setattr_args /* { 641 struct vnode *a_vp; 642 struct vattr *a_vap; 643 struct ucred *a_cred; 644 } */ *ap) 645 { 646 struct vattr *vap = ap->a_vap; 647 struct vnode *vp = ap->a_vp; 648 struct inode *ip = VTOI(vp); 649 struct ucred *cred = ap->a_cred; 650 struct thread *td = curthread; 651 int error; 652 653 /* 654 * Check for unsettable attributes. 655 */ 656 if ((vap->va_type != VNON) || (vap->va_nlink != VNOVAL) || 657 (vap->va_fsid != VNOVAL) || (vap->va_fileid != VNOVAL) || 658 (vap->va_blocksize != VNOVAL) || (vap->va_rdev != VNOVAL) || 659 ((int)vap->va_bytes != VNOVAL) || (vap->va_gen != VNOVAL)) { 660 return (EINVAL); 661 } 662 if (vap->va_flags != VNOVAL) { 663 if ((vap->va_flags & ~(SF_APPEND | SF_ARCHIVED | SF_IMMUTABLE | 664 SF_NOUNLINK | SF_SNAPSHOT | UF_APPEND | UF_ARCHIVE | 665 UF_HIDDEN | UF_IMMUTABLE | UF_NODUMP | UF_NOUNLINK | 666 UF_OFFLINE | UF_OPAQUE | UF_READONLY | UF_REPARSE | 667 UF_SPARSE | UF_SYSTEM)) != 0) 668 return (EOPNOTSUPP); 669 if (vp->v_mount->mnt_flag & MNT_RDONLY) 670 return (EROFS); 671 /* 672 * Callers may only modify the file flags on objects they 673 * have VADMIN rights for. 674 */ 675 if ((error = VOP_ACCESS(vp, VADMIN, cred, td))) 676 return (error); 677 /* 678 * Unprivileged processes are not permitted to unset system 679 * flags, or modify flags if any system flags are set. 680 * Privileged non-jail processes may not modify system flags 681 * if securelevel > 0 and any existing system flags are set. 682 * Privileged jail processes behave like privileged non-jail 683 * processes if the PR_ALLOW_CHFLAGS permission bit is set; 684 * otherwise, they behave like unprivileged processes. 685 */ 686 if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS)) { 687 if (ip->i_flags & 688 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) { 689 error = securelevel_gt(cred, 0); 690 if (error) 691 return (error); 692 } 693 /* The snapshot flag cannot be toggled. */ 694 if ((vap->va_flags ^ ip->i_flags) & SF_SNAPSHOT) 695 return (EPERM); 696 } else { 697 if (ip->i_flags & 698 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND) || 699 ((vap->va_flags ^ ip->i_flags) & SF_SETTABLE)) 700 return (EPERM); 701 } 702 ip->i_flags = vap->va_flags; 703 DIP_SET(ip, i_flags, vap->va_flags); 704 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 705 error = UFS_UPDATE(vp, 0); 706 if (ip->i_flags & (IMMUTABLE | APPEND)) 707 return (error); 708 } 709 /* 710 * If immutable or append, no one can change any of its attributes 711 * except the ones already handled (in some cases, file flags 712 * including the immutability flags themselves for the superuser). 713 */ 714 if (ip->i_flags & (IMMUTABLE | APPEND)) 715 return (EPERM); 716 /* 717 * Go through the fields and update iff not VNOVAL. 718 */ 719 if (vap->va_uid != (uid_t)VNOVAL || vap->va_gid != (gid_t)VNOVAL) { 720 if (vp->v_mount->mnt_flag & MNT_RDONLY) 721 return (EROFS); 722 if ((error = ufs_chown(vp, vap->va_uid, vap->va_gid, cred, 723 td)) != 0) 724 return (error); 725 } 726 if (vap->va_size != VNOVAL) { 727 /* 728 * XXX most of the following special cases should be in 729 * callers instead of in N filesystems. The VDIR check 730 * mostly already is. 731 */ 732 switch (vp->v_type) { 733 case VDIR: 734 return (EISDIR); 735 case VLNK: 736 case VREG: 737 /* 738 * Truncation should have an effect in these cases. 739 * Disallow it if the filesystem is read-only or 740 * the file is being snapshotted. 741 */ 742 if (vp->v_mount->mnt_flag & MNT_RDONLY) 743 return (EROFS); 744 if (IS_SNAPSHOT(ip)) 745 return (EPERM); 746 break; 747 default: 748 /* 749 * According to POSIX, the result is unspecified 750 * for file types other than regular files, 751 * directories and shared memory objects. We 752 * don't support shared memory objects in the file 753 * system, and have dubious support for truncating 754 * symlinks. Just ignore the request in other cases. 755 */ 756 return (0); 757 } 758 error = vn_rlimit_trunc(vap->va_size, td); 759 if (error != 0) 760 return (error); 761 if ((error = UFS_TRUNCATE(vp, vap->va_size, IO_NORMAL | 762 ((vap->va_vaflags & VA_SYNC) != 0 ? IO_SYNC : 0), 763 cred)) != 0) 764 return (error); 765 } 766 if (vap->va_atime.tv_sec != VNOVAL || 767 vap->va_mtime.tv_sec != VNOVAL || 768 vap->va_birthtime.tv_sec != VNOVAL) { 769 if (vp->v_mount->mnt_flag & MNT_RDONLY) 770 return (EROFS); 771 if (IS_SNAPSHOT(ip)) 772 return (EPERM); 773 error = vn_utimes_perm(vp, vap, cred, td); 774 if (error != 0) 775 return (error); 776 UFS_INODE_SET_FLAG(ip, IN_CHANGE | IN_MODIFIED); 777 if (vap->va_atime.tv_sec != VNOVAL) { 778 ip->i_flag &= ~IN_ACCESS; 779 DIP_SET(ip, i_atime, vap->va_atime.tv_sec); 780 DIP_SET(ip, i_atimensec, vap->va_atime.tv_nsec); 781 } 782 if (vap->va_mtime.tv_sec != VNOVAL) { 783 ip->i_flag &= ~IN_UPDATE; 784 DIP_SET(ip, i_mtime, vap->va_mtime.tv_sec); 785 DIP_SET(ip, i_mtimensec, vap->va_mtime.tv_nsec); 786 } 787 if (vap->va_birthtime.tv_sec != VNOVAL && I_IS_UFS2(ip)) { 788 ip->i_din2->di_birthtime = vap->va_birthtime.tv_sec; 789 ip->i_din2->di_birthnsec = vap->va_birthtime.tv_nsec; 790 } 791 error = UFS_UPDATE(vp, 0); 792 if (error) 793 return (error); 794 } 795 error = 0; 796 if (vap->va_mode != (mode_t)VNOVAL) { 797 if (vp->v_mount->mnt_flag & MNT_RDONLY) 798 return (EROFS); 799 if (IS_SNAPSHOT(ip) && (vap->va_mode & (S_IXUSR | S_IWUSR | 800 S_IXGRP | S_IWGRP | S_IXOTH | S_IWOTH)) != 0) 801 return (EPERM); 802 error = ufs_chmod(vp, (int)vap->va_mode, cred, td); 803 } 804 return (error); 805 } 806 807 #ifdef UFS_ACL 808 static int 809 ufs_update_nfs4_acl_after_mode_change(struct vnode *vp, int mode, 810 int file_owner_id, struct ucred *cred, struct thread *td) 811 { 812 int error; 813 struct acl *aclp; 814 815 aclp = acl_alloc(M_WAITOK); 816 error = ufs_getacl_nfs4_internal(vp, aclp, td); 817 /* 818 * We don't have to handle EOPNOTSUPP here, as the filesystem claims 819 * it supports ACLs. 820 */ 821 if (error) 822 goto out; 823 824 acl_nfs4_sync_acl_from_mode(aclp, mode, file_owner_id); 825 error = ufs_setacl_nfs4_internal(vp, aclp, td); 826 827 out: 828 acl_free(aclp); 829 return (error); 830 } 831 #endif /* UFS_ACL */ 832 833 static int 834 ufs_mmapped( 835 struct vop_mmapped_args /* { 836 struct vnode *a_vp; 837 } */ *ap) 838 { 839 struct vnode *vp; 840 struct inode *ip; 841 struct mount *mp; 842 843 vp = ap->a_vp; 844 ip = VTOI(vp); 845 mp = vp->v_mount; 846 847 if ((mp->mnt_flag & (MNT_NOATIME | MNT_RDONLY)) == 0) 848 UFS_INODE_SET_FLAG_SHARED(ip, IN_ACCESS); 849 /* 850 * XXXKIB No UFS_UPDATE(ap->a_vp, 0) there. 851 */ 852 return (0); 853 } 854 855 /* 856 * Change the mode on a file. 857 * Inode must be locked before calling. 858 */ 859 static int 860 ufs_chmod(struct vnode *vp, int mode, struct ucred *cred, struct thread *td) 861 { 862 struct inode *ip = VTOI(vp); 863 int newmode, error; 864 865 /* 866 * To modify the permissions on a file, must possess VADMIN 867 * for that file. 868 */ 869 if ((error = VOP_ACCESSX(vp, VWRITE_ACL, cred, td))) 870 return (error); 871 /* 872 * Privileged processes may set the sticky bit on non-directories, 873 * as well as set the setgid bit on a file with a group that the 874 * process is not a member of. Both of these are allowed in 875 * jail(8). 876 */ 877 if (vp->v_type != VDIR && (mode & S_ISTXT)) { 878 if (priv_check_cred(cred, PRIV_VFS_STICKYFILE)) 879 return (EFTYPE); 880 } 881 if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) { 882 error = priv_check_cred(cred, PRIV_VFS_SETGID); 883 if (error) 884 return (error); 885 } 886 887 /* 888 * Deny setting setuid if we are not the file owner. 889 */ 890 if ((mode & ISUID) && ip->i_uid != cred->cr_uid) { 891 error = priv_check_cred(cred, PRIV_VFS_ADMIN); 892 if (error) 893 return (error); 894 } 895 896 newmode = ip->i_mode & ~ALLPERMS; 897 newmode |= (mode & ALLPERMS); 898 UFS_INODE_SET_MODE(ip, newmode); 899 DIP_SET(ip, i_mode, ip->i_mode); 900 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 901 #ifdef UFS_ACL 902 if ((vp->v_mount->mnt_flag & MNT_NFS4ACLS) != 0) 903 error = ufs_update_nfs4_acl_after_mode_change(vp, mode, ip->i_uid, cred, td); 904 #endif 905 if (error == 0 && (ip->i_flag & IN_CHANGE) != 0) 906 error = UFS_UPDATE(vp, 0); 907 908 return (error); 909 } 910 911 /* 912 * Perform chown operation on inode ip; 913 * inode must be locked prior to call. 914 */ 915 static int 916 ufs_chown(struct vnode *vp, uid_t uid, gid_t gid, struct ucred *cred, 917 struct thread *td) 918 { 919 struct inode *ip = VTOI(vp); 920 uid_t ouid; 921 gid_t ogid; 922 int error = 0; 923 #ifdef QUOTA 924 int i; 925 ufs2_daddr_t change; 926 #endif 927 928 if (uid == (uid_t)VNOVAL) 929 uid = ip->i_uid; 930 if (gid == (gid_t)VNOVAL) 931 gid = ip->i_gid; 932 /* 933 * To modify the ownership of a file, must possess VADMIN for that 934 * file. 935 */ 936 if ((error = VOP_ACCESSX(vp, VWRITE_OWNER, cred, td))) 937 return (error); 938 /* 939 * To change the owner of a file, or change the group of a file to a 940 * group of which we are not a member, the caller must have 941 * privilege. 942 */ 943 if (((uid != ip->i_uid && uid != cred->cr_uid) || 944 (gid != ip->i_gid && !groupmember(gid, cred))) && 945 (error = priv_check_cred(cred, PRIV_VFS_CHOWN))) 946 return (error); 947 ogid = ip->i_gid; 948 ouid = ip->i_uid; 949 #ifdef QUOTA 950 if ((error = getinoquota(ip)) != 0) 951 return (error); 952 if (ouid == uid) { 953 dqrele(vp, ip->i_dquot[USRQUOTA]); 954 ip->i_dquot[USRQUOTA] = NODQUOT; 955 } 956 if (ogid == gid) { 957 dqrele(vp, ip->i_dquot[GRPQUOTA]); 958 ip->i_dquot[GRPQUOTA] = NODQUOT; 959 } 960 change = DIP(ip, i_blocks); 961 (void) chkdq(ip, -change, cred, CHOWN|FORCE); 962 (void) chkiq(ip, -1, cred, CHOWN|FORCE); 963 for (i = 0; i < MAXQUOTAS; i++) { 964 dqrele(vp, ip->i_dquot[i]); 965 ip->i_dquot[i] = NODQUOT; 966 } 967 #endif 968 ip->i_gid = gid; 969 DIP_SET(ip, i_gid, gid); 970 ip->i_uid = uid; 971 DIP_SET(ip, i_uid, uid); 972 #ifdef QUOTA 973 if ((error = getinoquota(ip)) == 0) { 974 if (ouid == uid) { 975 dqrele(vp, ip->i_dquot[USRQUOTA]); 976 ip->i_dquot[USRQUOTA] = NODQUOT; 977 } 978 if (ogid == gid) { 979 dqrele(vp, ip->i_dquot[GRPQUOTA]); 980 ip->i_dquot[GRPQUOTA] = NODQUOT; 981 } 982 if ((error = chkdq(ip, change, cred, CHOWN)) == 0) { 983 if ((error = chkiq(ip, 1, cred, CHOWN)) == 0) 984 goto good; 985 else 986 (void) chkdq(ip, -change, cred, CHOWN|FORCE); 987 } 988 for (i = 0; i < MAXQUOTAS; i++) { 989 dqrele(vp, ip->i_dquot[i]); 990 ip->i_dquot[i] = NODQUOT; 991 } 992 } 993 ip->i_gid = ogid; 994 DIP_SET(ip, i_gid, ogid); 995 ip->i_uid = ouid; 996 DIP_SET(ip, i_uid, ouid); 997 if (getinoquota(ip) == 0) { 998 if (ouid == uid) { 999 dqrele(vp, ip->i_dquot[USRQUOTA]); 1000 ip->i_dquot[USRQUOTA] = NODQUOT; 1001 } 1002 if (ogid == gid) { 1003 dqrele(vp, ip->i_dquot[GRPQUOTA]); 1004 ip->i_dquot[GRPQUOTA] = NODQUOT; 1005 } 1006 (void) chkdq(ip, change, cred, FORCE|CHOWN); 1007 (void) chkiq(ip, 1, cred, FORCE|CHOWN); 1008 (void) getinoquota(ip); 1009 } 1010 return (error); 1011 good: 1012 if (getinoquota(ip)) 1013 panic("ufs_chown: lost quota"); 1014 #endif /* QUOTA */ 1015 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 1016 if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) { 1017 if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID)) { 1018 UFS_INODE_SET_MODE(ip, ip->i_mode & ~(ISUID | ISGID)); 1019 DIP_SET(ip, i_mode, ip->i_mode); 1020 } 1021 } 1022 error = UFS_UPDATE(vp, 0); 1023 return (error); 1024 } 1025 1026 static int 1027 ufs_remove( 1028 struct vop_remove_args /* { 1029 struct vnode *a_dvp; 1030 struct vnode *a_vp; 1031 struct componentname *a_cnp; 1032 } */ *ap) 1033 { 1034 struct inode *ip; 1035 struct vnode *vp = ap->a_vp; 1036 struct vnode *dvp = ap->a_dvp; 1037 int error; 1038 struct thread *td; 1039 1040 td = curthread; 1041 ip = VTOI(vp); 1042 if ((ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) || 1043 (VTOI(dvp)->i_flags & APPEND)) 1044 return (EPERM); 1045 if (DOINGSUJ(dvp)) { 1046 error = softdep_prelink(dvp, vp, ap->a_cnp); 1047 if (error != 0) { 1048 MPASS(error == ERELOOKUP); 1049 return (error); 1050 } 1051 } 1052 1053 #ifdef UFS_GJOURNAL 1054 ufs_gjournal_orphan(vp); 1055 #endif 1056 error = ufs_dirremove(dvp, ip, ap->a_cnp->cn_flags, 0); 1057 if (ip->i_nlink <= 0) 1058 vp->v_vflag |= VV_NOSYNC; 1059 if (IS_SNAPSHOT(ip)) { 1060 /* 1061 * Avoid deadlock where another thread is trying to 1062 * update the inodeblock for dvp and is waiting on 1063 * snaplk. Temporary unlock the vnode lock for the 1064 * unlinked file and sync the directory. This should 1065 * allow vput() of the directory to not block later on 1066 * while holding the snapshot vnode locked, assuming 1067 * that the directory hasn't been unlinked too. 1068 */ 1069 VOP_UNLOCK(vp); 1070 (void) VOP_FSYNC(dvp, MNT_WAIT, td); 1071 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 1072 } 1073 return (error); 1074 } 1075 1076 static void 1077 print_bad_link_count(const char *funcname, struct vnode *dvp) 1078 { 1079 struct inode *dip; 1080 1081 dip = VTOI(dvp); 1082 uprintf("%s: Bad link count %d on parent inode %jd in file system %s\n", 1083 funcname, dip->i_effnlink, (intmax_t)dip->i_number, 1084 dvp->v_mount->mnt_stat.f_mntonname); 1085 } 1086 1087 /* 1088 * link vnode call 1089 */ 1090 static int 1091 ufs_link( 1092 struct vop_link_args /* { 1093 struct vnode *a_tdvp; 1094 struct vnode *a_vp; 1095 struct componentname *a_cnp; 1096 } */ *ap) 1097 { 1098 struct vnode *vp = ap->a_vp; 1099 struct vnode *tdvp = ap->a_tdvp; 1100 struct componentname *cnp = ap->a_cnp; 1101 struct inode *ip; 1102 struct direct newdir; 1103 int error; 1104 1105 if (DOINGSUJ(tdvp)) { 1106 error = softdep_prelink(tdvp, vp, cnp); 1107 if (error != 0) { 1108 MPASS(error == ERELOOKUP); 1109 return (error); 1110 } 1111 } 1112 1113 if (VTOI(tdvp)->i_effnlink < 2) { 1114 print_bad_link_count("ufs_link", tdvp); 1115 error = EINVAL; 1116 goto out; 1117 } 1118 error = ufs_sync_nlink(vp, tdvp); 1119 if (error != 0) 1120 goto out; 1121 ip = VTOI(vp); 1122 1123 /* 1124 * The file may have been removed after namei dropped the original 1125 * lock. 1126 */ 1127 if (ip->i_effnlink == 0) { 1128 error = ENOENT; 1129 goto out; 1130 } 1131 if (ip->i_flags & (IMMUTABLE | APPEND)) { 1132 error = EPERM; 1133 goto out; 1134 } 1135 1136 ip->i_effnlink++; 1137 ip->i_nlink++; 1138 DIP_SET(ip, i_nlink, ip->i_nlink); 1139 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 1140 if (DOINGSOFTDEP(vp)) 1141 softdep_setup_link(VTOI(tdvp), ip); 1142 error = UFS_UPDATE(vp, !DOINGSOFTDEP(vp) && !DOINGASYNC(vp)); 1143 if (!error) { 1144 ufs_makedirentry(ip, cnp, &newdir); 1145 error = ufs_direnter(tdvp, vp, &newdir, cnp, NULL); 1146 } 1147 1148 if (error) { 1149 ip->i_effnlink--; 1150 ip->i_nlink--; 1151 DIP_SET(ip, i_nlink, ip->i_nlink); 1152 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 1153 if (DOINGSOFTDEP(vp)) 1154 softdep_revert_link(VTOI(tdvp), ip); 1155 } 1156 out: 1157 return (error); 1158 } 1159 1160 /* 1161 * whiteout vnode call 1162 */ 1163 static int 1164 ufs_whiteout( 1165 struct vop_whiteout_args /* { 1166 struct vnode *a_dvp; 1167 struct componentname *a_cnp; 1168 int a_flags; 1169 } */ *ap) 1170 { 1171 struct vnode *dvp = ap->a_dvp; 1172 struct componentname *cnp = ap->a_cnp; 1173 struct direct newdir; 1174 int error = 0; 1175 1176 if (DOINGSUJ(dvp) && (ap->a_flags == CREATE || 1177 ap->a_flags == DELETE)) { 1178 error = softdep_prelink(dvp, NULL, cnp); 1179 if (error != 0) { 1180 MPASS(error == ERELOOKUP); 1181 return (error); 1182 } 1183 } 1184 1185 switch (ap->a_flags) { 1186 case LOOKUP: 1187 /* 4.4 format directories support whiteout operations */ 1188 if (!OFSFMT(dvp)) 1189 return (0); 1190 return (EOPNOTSUPP); 1191 1192 case CREATE: 1193 /* create a new directory whiteout */ 1194 #ifdef INVARIANTS 1195 if (OFSFMT(dvp)) 1196 panic("ufs_whiteout: old format filesystem"); 1197 #endif 1198 1199 newdir.d_ino = UFS_WINO; 1200 newdir.d_namlen = cnp->cn_namelen; 1201 bcopy(cnp->cn_nameptr, newdir.d_name, (unsigned)cnp->cn_namelen + 1); 1202 newdir.d_type = DT_WHT; 1203 error = ufs_direnter(dvp, NULL, &newdir, cnp, NULL); 1204 break; 1205 1206 case DELETE: 1207 /* remove an existing directory whiteout */ 1208 #ifdef INVARIANTS 1209 if (OFSFMT(dvp)) 1210 panic("ufs_whiteout: old format filesystem"); 1211 #endif 1212 1213 cnp->cn_flags &= ~DOWHITEOUT; 1214 error = ufs_dirremove(dvp, NULL, cnp->cn_flags, 0); 1215 break; 1216 default: 1217 panic("ufs_whiteout: unknown op"); 1218 } 1219 return (error); 1220 } 1221 1222 static volatile int rename_restarts; 1223 SYSCTL_INT(_vfs_ufs, OID_AUTO, rename_restarts, CTLFLAG_RD, 1224 __DEVOLATILE(int *, &rename_restarts), 0, 1225 "Times rename had to restart due to lock contention"); 1226 1227 /* 1228 * Rename system call. 1229 * rename("foo", "bar"); 1230 * is essentially 1231 * unlink("bar"); 1232 * link("foo", "bar"); 1233 * unlink("foo"); 1234 * but ``atomically''. Can't do full commit without saving state in the 1235 * inode on disk which isn't feasible at this time. Best we can do is 1236 * always guarantee the target exists. 1237 * 1238 * Basic algorithm is: 1239 * 1240 * 1) Bump link count on source while we're linking it to the 1241 * target. This also ensure the inode won't be deleted out 1242 * from underneath us while we work (it may be truncated by 1243 * a concurrent `trunc' or `open' for creation). 1244 * 2) Link source to destination. If destination already exists, 1245 * delete it first. 1246 * 3) Unlink source reference to inode if still around. If a 1247 * directory was moved and the parent of the destination 1248 * is different from the source, patch the ".." entry in the 1249 * directory. 1250 */ 1251 static int 1252 ufs_rename( 1253 struct vop_rename_args /* { 1254 struct vnode *a_fdvp; 1255 struct vnode *a_fvp; 1256 struct componentname *a_fcnp; 1257 struct vnode *a_tdvp; 1258 struct vnode *a_tvp; 1259 struct componentname *a_tcnp; 1260 } */ *ap) 1261 { 1262 struct vnode *tvp = ap->a_tvp; 1263 struct vnode *tdvp = ap->a_tdvp; 1264 struct vnode *fvp = ap->a_fvp; 1265 struct vnode *fdvp = ap->a_fdvp; 1266 struct vnode *nvp; 1267 struct componentname *tcnp = ap->a_tcnp; 1268 struct componentname *fcnp = ap->a_fcnp; 1269 struct thread *td = curthread; 1270 struct inode *fip, *tip, *tdp, *fdp; 1271 struct direct newdir; 1272 off_t endoff; 1273 int doingdirectory, newparent; 1274 int error = 0; 1275 struct mount *mp; 1276 ino_t ino; 1277 seqc_t fdvp_s, fvp_s, tdvp_s, tvp_s; 1278 bool checkpath_locked, want_seqc_end; 1279 1280 checkpath_locked = want_seqc_end = false; 1281 1282 endoff = 0; 1283 mp = tdvp->v_mount; 1284 VOP_UNLOCK(tdvp); 1285 if (tvp && tvp != tdvp) 1286 VOP_UNLOCK(tvp); 1287 /* 1288 * Check for cross-device rename. 1289 */ 1290 if ((fvp->v_mount != tdvp->v_mount) || 1291 (tvp && (fvp->v_mount != tvp->v_mount))) { 1292 error = EXDEV; 1293 mp = NULL; 1294 goto releout; 1295 } 1296 1297 fdvp_s = fvp_s = tdvp_s = tvp_s = SEQC_MOD; 1298 relock: 1299 /* 1300 * We need to acquire 2 to 4 locks depending on whether tvp is NULL 1301 * and fdvp and tdvp are the same directory. Subsequently we need 1302 * to double-check all paths and in the directory rename case we 1303 * need to verify that we are not creating a directory loop. To 1304 * handle this we acquire all but fdvp using non-blocking 1305 * acquisitions. If we fail to acquire any lock in the path we will 1306 * drop all held locks, acquire the new lock in a blocking fashion, 1307 * and then release it and restart the rename. This acquire/release 1308 * step ensures that we do not spin on a lock waiting for release. 1309 */ 1310 error = vn_lock(fdvp, LK_EXCLUSIVE); 1311 if (error) 1312 goto releout; 1313 if (vn_lock(tdvp, LK_EXCLUSIVE | LK_NOWAIT) != 0) { 1314 VOP_UNLOCK(fdvp); 1315 error = vn_lock(tdvp, LK_EXCLUSIVE); 1316 if (error) 1317 goto releout; 1318 VOP_UNLOCK(tdvp); 1319 atomic_add_int(&rename_restarts, 1); 1320 goto relock; 1321 } 1322 /* 1323 * Re-resolve fvp to be certain it still exists and fetch the 1324 * correct vnode. 1325 */ 1326 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino); 1327 if (error) { 1328 VOP_UNLOCK(fdvp); 1329 VOP_UNLOCK(tdvp); 1330 goto releout; 1331 } 1332 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp); 1333 if (error) { 1334 VOP_UNLOCK(fdvp); 1335 VOP_UNLOCK(tdvp); 1336 if (error != EBUSY) 1337 goto releout; 1338 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp); 1339 if (error != 0) 1340 goto releout; 1341 VOP_UNLOCK(nvp); 1342 vrele(fvp); 1343 fvp = nvp; 1344 atomic_add_int(&rename_restarts, 1); 1345 goto relock; 1346 } 1347 vrele(fvp); 1348 fvp = nvp; 1349 /* 1350 * Re-resolve tvp and acquire the vnode lock if present. 1351 */ 1352 error = ufs_lookup_ino(tdvp, NULL, tcnp, &ino); 1353 if (error != 0 && error != EJUSTRETURN) { 1354 VOP_UNLOCK(fdvp); 1355 VOP_UNLOCK(tdvp); 1356 VOP_UNLOCK(fvp); 1357 goto releout; 1358 } 1359 /* 1360 * If tvp disappeared we just carry on. 1361 */ 1362 if (error == EJUSTRETURN && tvp != NULL) { 1363 vrele(tvp); 1364 tvp = NULL; 1365 } 1366 /* 1367 * Get the tvp ino if the lookup succeeded. We may have to restart 1368 * if the non-blocking acquire fails. 1369 */ 1370 if (error == 0) { 1371 nvp = NULL; 1372 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp); 1373 if (tvp) 1374 vrele(tvp); 1375 tvp = nvp; 1376 if (error) { 1377 VOP_UNLOCK(fdvp); 1378 VOP_UNLOCK(tdvp); 1379 VOP_UNLOCK(fvp); 1380 if (error != EBUSY) 1381 goto releout; 1382 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp); 1383 if (error != 0) 1384 goto releout; 1385 vput(nvp); 1386 atomic_add_int(&rename_restarts, 1); 1387 goto relock; 1388 } 1389 } 1390 1391 if (DOINGSUJ(fdvp) && 1392 (seqc_in_modify(fdvp_s) || !vn_seqc_consistent(fdvp, fdvp_s) || 1393 seqc_in_modify(fvp_s) || !vn_seqc_consistent(fvp, fvp_s) || 1394 seqc_in_modify(tdvp_s) || !vn_seqc_consistent(tdvp, tdvp_s) || 1395 (tvp != NULL && (seqc_in_modify(tvp_s) || 1396 !vn_seqc_consistent(tvp, tvp_s))))) { 1397 error = softdep_prerename(fdvp, fvp, tdvp, tvp); 1398 if (error != 0) 1399 goto releout; 1400 } 1401 1402 fdp = VTOI(fdvp); 1403 fip = VTOI(fvp); 1404 tdp = VTOI(tdvp); 1405 tip = NULL; 1406 if (tvp) 1407 tip = VTOI(tvp); 1408 if (tvp && ((VTOI(tvp)->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) || 1409 (VTOI(tdvp)->i_flags & APPEND))) { 1410 error = EPERM; 1411 goto unlockout; 1412 } 1413 /* 1414 * Renaming a file to itself has no effect. The upper layers should 1415 * not call us in that case. However, things could change after 1416 * we drop the locks above. 1417 */ 1418 if (fvp == tvp) { 1419 error = 0; 1420 goto unlockout; 1421 } 1422 doingdirectory = 0; 1423 newparent = 0; 1424 ino = fip->i_number; 1425 if (fip->i_nlink >= UFS_LINK_MAX) { 1426 if (!DOINGSOFTDEP(fvp) || fip->i_effnlink >= UFS_LINK_MAX) { 1427 error = EMLINK; 1428 goto unlockout; 1429 } 1430 vfs_ref(mp); 1431 MPASS(!want_seqc_end); 1432 if (checkpath_locked) { 1433 sx_xunlock(&VFSTOUFS(mp)->um_checkpath_lock); 1434 checkpath_locked = false; 1435 } 1436 VOP_UNLOCK(fdvp); 1437 VOP_UNLOCK(fvp); 1438 vref(tdvp); 1439 if (tvp != NULL) 1440 vref(tvp); 1441 VOP_VPUT_PAIR(tdvp, &tvp, true); 1442 error = ufs_sync_nlink1(mp); 1443 vrele(fdvp); 1444 vrele(fvp); 1445 vrele(tdvp); 1446 if (tvp != NULL) 1447 vrele(tvp); 1448 return (error); 1449 } 1450 if ((fip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) 1451 || (fdp->i_flags & APPEND)) { 1452 error = EPERM; 1453 goto unlockout; 1454 } 1455 if ((fip->i_mode & IFMT) == IFDIR) { 1456 /* 1457 * Avoid ".", "..", and aliases of "." for obvious reasons. 1458 */ 1459 if ((fcnp->cn_namelen == 1 && fcnp->cn_nameptr[0] == '.') || 1460 fdp == fip || 1461 (fcnp->cn_flags | tcnp->cn_flags) & ISDOTDOT) { 1462 error = EINVAL; 1463 goto unlockout; 1464 } 1465 if (fdp->i_number != tdp->i_number) 1466 newparent = tdp->i_number; 1467 doingdirectory = 1; 1468 } 1469 if ((fvp->v_type == VDIR && fvp->v_mountedhere != NULL) || 1470 (tvp != NULL && tvp->v_type == VDIR && 1471 tvp->v_mountedhere != NULL)) { 1472 error = EXDEV; 1473 goto unlockout; 1474 } 1475 1476 /* 1477 * If ".." must be changed (ie the directory gets a new 1478 * parent) then the source directory must not be in the 1479 * directory hierarchy above the target, as this would 1480 * orphan everything below the source directory. Also 1481 * the user must have write permission in the source so 1482 * as to be able to change "..". 1483 */ 1484 if (doingdirectory && newparent) { 1485 error = VOP_ACCESS(fvp, VWRITE, tcnp->cn_cred, curthread); 1486 if (error) 1487 goto unlockout; 1488 1489 sx_xlock(&VFSTOUFS(mp)->um_checkpath_lock); 1490 checkpath_locked = true; 1491 error = ufs_checkpath(ino, fdp->i_number, tdp, tcnp->cn_cred, 1492 &ino); 1493 /* 1494 * We encountered a lock that we have to wait for. Unlock 1495 * everything else and VGET before restarting. 1496 */ 1497 if (ino) { 1498 sx_xunlock(&VFSTOUFS(mp)->um_checkpath_lock); 1499 checkpath_locked = false; 1500 VOP_UNLOCK(fdvp); 1501 VOP_UNLOCK(fvp); 1502 VOP_UNLOCK(tdvp); 1503 if (tvp) 1504 VOP_UNLOCK(tvp); 1505 error = VFS_VGET(mp, ino, LK_SHARED, &nvp); 1506 if (error == 0) 1507 vput(nvp); 1508 atomic_add_int(&rename_restarts, 1); 1509 goto relock; 1510 } 1511 if (error) 1512 goto unlockout; 1513 } 1514 if (fip->i_effnlink == 0 || fdp->i_effnlink == 0 || 1515 tdp->i_effnlink == 0) 1516 panic("Bad effnlink fip %p, fdp %p, tdp %p", fip, fdp, tdp); 1517 1518 if (tvp != NULL) 1519 vn_seqc_write_begin(tvp); 1520 vn_seqc_write_begin(tdvp); 1521 vn_seqc_write_begin(fvp); 1522 vn_seqc_write_begin(fdvp); 1523 want_seqc_end = true; 1524 1525 /* 1526 * 1) Bump link count while we're moving stuff 1527 * around. If we crash somewhere before 1528 * completing our work, the link count 1529 * may be wrong, but correctable. 1530 */ 1531 fip->i_effnlink++; 1532 fip->i_nlink++; 1533 DIP_SET(fip, i_nlink, fip->i_nlink); 1534 UFS_INODE_SET_FLAG(fip, IN_CHANGE); 1535 if (DOINGSOFTDEP(fvp)) 1536 softdep_setup_link(tdp, fip); 1537 error = UFS_UPDATE(fvp, !DOINGSOFTDEP(fvp) && !DOINGASYNC(fvp)); 1538 if (error) 1539 goto bad; 1540 1541 /* 1542 * 2) If target doesn't exist, link the target 1543 * to the source and unlink the source. 1544 * Otherwise, rewrite the target directory 1545 * entry to reference the source inode and 1546 * expunge the original entry's existence. 1547 */ 1548 if (tip == NULL) { 1549 if (ITODEV(tdp) != ITODEV(fip)) 1550 panic("ufs_rename: EXDEV"); 1551 if (doingdirectory && newparent) { 1552 /* 1553 * Account for ".." in new directory. 1554 * When source and destination have the same 1555 * parent we don't adjust the link count. The 1556 * actual link modification is completed when 1557 * .. is rewritten below. 1558 */ 1559 if (tdp->i_nlink >= UFS_LINK_MAX) { 1560 fip->i_effnlink--; 1561 fip->i_nlink--; 1562 DIP_SET(fip, i_nlink, fip->i_nlink); 1563 UFS_INODE_SET_FLAG(fip, IN_CHANGE); 1564 if (DOINGSOFTDEP(fvp)) 1565 softdep_revert_link(tdp, fip); 1566 if (!DOINGSOFTDEP(tdvp) || 1567 tdp->i_effnlink >= UFS_LINK_MAX) { 1568 error = EMLINK; 1569 goto unlockout; 1570 } 1571 MPASS(want_seqc_end); 1572 if (tvp != NULL) 1573 vn_seqc_write_end(tvp); 1574 vn_seqc_write_end(tdvp); 1575 vn_seqc_write_end(fvp); 1576 vn_seqc_write_end(fdvp); 1577 want_seqc_end = false; 1578 vfs_ref(mp); 1579 MPASS(checkpath_locked); 1580 sx_xunlock(&VFSTOUFS(mp)->um_checkpath_lock); 1581 checkpath_locked = false; 1582 VOP_UNLOCK(fdvp); 1583 VOP_UNLOCK(fvp); 1584 vref(tdvp); 1585 if (tvp != NULL) 1586 vref(tvp); 1587 VOP_VPUT_PAIR(tdvp, &tvp, true); 1588 error = ufs_sync_nlink1(mp); 1589 vrele(fdvp); 1590 vrele(fvp); 1591 vrele(tdvp); 1592 if (tvp != NULL) 1593 vrele(tvp); 1594 return (error); 1595 } 1596 } 1597 ufs_makedirentry(fip, tcnp, &newdir); 1598 error = ufs_direnter(tdvp, NULL, &newdir, tcnp, NULL); 1599 if (error) 1600 goto bad; 1601 /* Setup tdvp for directory compaction if needed. */ 1602 if (I_COUNT(tdp) != 0 && I_ENDOFF(tdp) != 0 && 1603 I_ENDOFF(tdp) < tdp->i_size) 1604 endoff = I_ENDOFF(tdp); 1605 } else { 1606 if (ITODEV(tip) != ITODEV(tdp) || ITODEV(tip) != ITODEV(fip)) 1607 panic("ufs_rename: EXDEV"); 1608 /* 1609 * Short circuit rename(foo, foo). 1610 */ 1611 if (tip->i_number == fip->i_number) 1612 panic("ufs_rename: same file"); 1613 /* 1614 * If the parent directory is "sticky", then the caller 1615 * must possess VADMIN for the parent directory, or the 1616 * destination of the rename. This implements append-only 1617 * directories. 1618 */ 1619 if ((tdp->i_mode & S_ISTXT) && 1620 VOP_ACCESS(tdvp, VADMIN, tcnp->cn_cred, td) && 1621 VOP_ACCESS(tvp, VADMIN, tcnp->cn_cred, td)) { 1622 error = EPERM; 1623 goto bad; 1624 } 1625 /* 1626 * Target must be empty if a directory and have no links 1627 * to it. Also, ensure source and target are compatible 1628 * (both directories, or both not directories). 1629 */ 1630 if ((tip->i_mode & IFMT) == IFDIR) { 1631 if ((tip->i_effnlink > 2) || 1632 !ufs_dirempty(tip, tdp->i_number, tcnp->cn_cred)) { 1633 error = ENOTEMPTY; 1634 goto bad; 1635 } 1636 if (!doingdirectory) { 1637 error = ENOTDIR; 1638 goto bad; 1639 } 1640 cache_purge(tdvp); 1641 } else if (doingdirectory) { 1642 error = EISDIR; 1643 goto bad; 1644 } 1645 if (doingdirectory) { 1646 if (!newparent) { 1647 tdp->i_effnlink--; 1648 if (DOINGSOFTDEP(tdvp)) 1649 softdep_change_linkcnt(tdp); 1650 } 1651 tip->i_effnlink--; 1652 if (DOINGSOFTDEP(tvp)) 1653 softdep_change_linkcnt(tip); 1654 } 1655 error = ufs_dirrewrite(tdp, tip, fip->i_number, 1656 IFTODT(fip->i_mode), 1657 (doingdirectory && newparent) ? newparent : doingdirectory); 1658 if (error) { 1659 if (doingdirectory) { 1660 if (!newparent) { 1661 tdp->i_effnlink++; 1662 if (DOINGSOFTDEP(tdvp)) 1663 softdep_change_linkcnt(tdp); 1664 } 1665 tip->i_effnlink++; 1666 if (DOINGSOFTDEP(tvp)) 1667 softdep_change_linkcnt(tip); 1668 } 1669 goto bad; 1670 } 1671 if (doingdirectory && !DOINGSOFTDEP(tvp)) { 1672 /* 1673 * The only stuff left in the directory is "." 1674 * and "..". The "." reference is inconsequential 1675 * since we are quashing it. We have removed the "." 1676 * reference and the reference in the parent directory, 1677 * but there may be other hard links. The soft 1678 * dependency code will arrange to do these operations 1679 * after the parent directory entry has been deleted on 1680 * disk, so when running with that code we avoid doing 1681 * them now. 1682 */ 1683 if (!newparent) { 1684 tdp->i_nlink--; 1685 DIP_SET(tdp, i_nlink, tdp->i_nlink); 1686 UFS_INODE_SET_FLAG(tdp, IN_CHANGE); 1687 } 1688 tip->i_nlink--; 1689 DIP_SET(tip, i_nlink, tip->i_nlink); 1690 UFS_INODE_SET_FLAG(tip, IN_CHANGE); 1691 } 1692 } 1693 1694 /* 1695 * 3) Unlink the source. We have to resolve the path again to 1696 * fixup the directory offset and count for ufs_dirremove. 1697 */ 1698 if (fdvp == tdvp) { 1699 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino); 1700 if (error) 1701 panic("ufs_rename: from entry went away!"); 1702 if (ino != fip->i_number) 1703 panic("ufs_rename: ino mismatch %ju != %ju\n", 1704 (uintmax_t)ino, (uintmax_t)fip->i_number); 1705 } 1706 /* 1707 * If the source is a directory with a 1708 * new parent, the link count of the old 1709 * parent directory must be decremented 1710 * and ".." set to point to the new parent. 1711 */ 1712 if (doingdirectory && newparent) { 1713 /* 1714 * If tip exists we simply use its link, otherwise we must 1715 * add a new one. 1716 */ 1717 if (tip == NULL) { 1718 tdp->i_effnlink++; 1719 tdp->i_nlink++; 1720 DIP_SET(tdp, i_nlink, tdp->i_nlink); 1721 UFS_INODE_SET_FLAG(tdp, IN_CHANGE); 1722 if (DOINGSOFTDEP(tdvp)) 1723 softdep_setup_dotdot_link(tdp, fip); 1724 error = UFS_UPDATE(tdvp, !DOINGSOFTDEP(tdvp) && 1725 !DOINGASYNC(tdvp)); 1726 /* Don't go to bad here as the new link exists. */ 1727 if (error) 1728 goto unlockout; 1729 } else if (DOINGSUJ(tdvp)) 1730 /* Journal must account for each new link. */ 1731 softdep_setup_dotdot_link(tdp, fip); 1732 SET_I_OFFSET(fip, mastertemplate.dot_reclen); 1733 ufs_dirrewrite(fip, fdp, newparent, DT_DIR, 0); 1734 cache_purge(fdvp); 1735 } 1736 error = ufs_dirremove(fdvp, fip, fcnp->cn_flags, 0); 1737 /* 1738 * The kern_renameat() looks up the fvp using the DELETE flag, which 1739 * causes the removal of the name cache entry for fvp. 1740 * As the relookup of the fvp is done in two steps: 1741 * ufs_lookup_ino() and then VFS_VGET(), another thread might do a 1742 * normal lookup of the from name just before the VFS_VGET() call, 1743 * causing the cache entry to be re-instantiated. 1744 * 1745 * The same issue also applies to tvp if it exists as 1746 * otherwise we may have a stale name cache entry for the new 1747 * name that references the old i-node if it has other links 1748 * or open file descriptors. 1749 */ 1750 cache_vop_rename(fdvp, fvp, tdvp, tvp, fcnp, tcnp); 1751 1752 unlockout: 1753 if (want_seqc_end) { 1754 if (tvp != NULL) 1755 vn_seqc_write_end(tvp); 1756 vn_seqc_write_end(tdvp); 1757 vn_seqc_write_end(fvp); 1758 vn_seqc_write_end(fdvp); 1759 } 1760 1761 if (checkpath_locked) 1762 sx_xunlock(&VFSTOUFS(mp)->um_checkpath_lock); 1763 1764 vput(fdvp); 1765 vput(fvp); 1766 1767 /* 1768 * If compaction or fsync was requested do it in 1769 * ffs_vput_pair() now that other locks are no longer needed. 1770 */ 1771 if (error == 0 && endoff != 0) { 1772 UFS_INODE_SET_FLAG(tdp, IN_ENDOFF); 1773 SET_I_ENDOFF(tdp, endoff); 1774 } 1775 VOP_VPUT_PAIR(tdvp, &tvp, true); 1776 return (error); 1777 1778 bad: 1779 fip->i_effnlink--; 1780 fip->i_nlink--; 1781 DIP_SET(fip, i_nlink, fip->i_nlink); 1782 UFS_INODE_SET_FLAG(fip, IN_CHANGE); 1783 if (DOINGSOFTDEP(fvp)) 1784 softdep_revert_link(tdp, fip); 1785 goto unlockout; 1786 1787 releout: 1788 if (want_seqc_end) { 1789 if (tvp != NULL) 1790 vn_seqc_write_end(tvp); 1791 vn_seqc_write_end(tdvp); 1792 vn_seqc_write_end(fvp); 1793 vn_seqc_write_end(fdvp); 1794 } 1795 1796 vrele(fdvp); 1797 vrele(fvp); 1798 vrele(tdvp); 1799 if (tvp) 1800 vrele(tvp); 1801 1802 return (error); 1803 } 1804 1805 #ifdef UFS_ACL 1806 static int 1807 ufs_do_posix1e_acl_inheritance_dir(struct vnode *dvp, struct vnode *tvp, 1808 mode_t dmode, struct ucred *cred, struct thread *td) 1809 { 1810 int error; 1811 struct inode *ip = VTOI(tvp); 1812 struct acl *dacl, *acl; 1813 1814 acl = acl_alloc(M_WAITOK); 1815 dacl = acl_alloc(M_WAITOK); 1816 1817 /* 1818 * Retrieve default ACL from parent, if any. 1819 */ 1820 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td); 1821 switch (error) { 1822 case 0: 1823 /* 1824 * Retrieved a default ACL, so merge mode and ACL if 1825 * necessary. If the ACL is empty, fall through to 1826 * the "not defined or available" case. 1827 */ 1828 if (acl->acl_cnt != 0) { 1829 dmode = acl_posix1e_newfilemode(dmode, acl); 1830 UFS_INODE_SET_MODE(ip, dmode); 1831 DIP_SET(ip, i_mode, dmode); 1832 *dacl = *acl; 1833 ufs_sync_acl_from_inode(ip, acl); 1834 break; 1835 } 1836 /* FALLTHROUGH */ 1837 1838 case EOPNOTSUPP: 1839 /* 1840 * Just use the mode as-is. 1841 */ 1842 UFS_INODE_SET_MODE(ip, dmode); 1843 DIP_SET(ip, i_mode, dmode); 1844 error = 0; 1845 goto out; 1846 1847 default: 1848 goto out; 1849 } 1850 1851 /* 1852 * XXX: If we abort now, will Soft Updates notify the extattr 1853 * code that the EAs for the file need to be released? 1854 */ 1855 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td); 1856 if (error == 0) 1857 error = VOP_SETACL(tvp, ACL_TYPE_DEFAULT, dacl, cred, td); 1858 switch (error) { 1859 case 0: 1860 break; 1861 1862 case EOPNOTSUPP: 1863 /* 1864 * XXX: This should not happen, as EOPNOTSUPP above 1865 * was supposed to free acl. 1866 */ 1867 printf("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()\n"); 1868 /* 1869 panic("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()"); 1870 */ 1871 break; 1872 1873 default: 1874 goto out; 1875 } 1876 1877 out: 1878 acl_free(acl); 1879 acl_free(dacl); 1880 1881 return (error); 1882 } 1883 1884 static int 1885 ufs_do_posix1e_acl_inheritance_file(struct vnode *dvp, struct vnode *tvp, 1886 mode_t mode, struct ucred *cred, struct thread *td) 1887 { 1888 int error; 1889 struct inode *ip = VTOI(tvp); 1890 struct acl *acl; 1891 1892 acl = acl_alloc(M_WAITOK); 1893 1894 /* 1895 * Retrieve default ACL for parent, if any. 1896 */ 1897 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td); 1898 switch (error) { 1899 case 0: 1900 /* 1901 * Retrieved a default ACL, so merge mode and ACL if 1902 * necessary. 1903 */ 1904 if (acl->acl_cnt != 0) { 1905 /* 1906 * Two possible ways for default ACL to not 1907 * be present. First, the EA can be 1908 * undefined, or second, the default ACL can 1909 * be blank. If it's blank, fall through to 1910 * the it's not defined case. 1911 */ 1912 mode = acl_posix1e_newfilemode(mode, acl); 1913 UFS_INODE_SET_MODE(ip, mode); 1914 DIP_SET(ip, i_mode, mode); 1915 ufs_sync_acl_from_inode(ip, acl); 1916 break; 1917 } 1918 /* FALLTHROUGH */ 1919 1920 case EOPNOTSUPP: 1921 /* 1922 * Just use the mode as-is. 1923 */ 1924 UFS_INODE_SET_MODE(ip, mode); 1925 DIP_SET(ip, i_mode, mode); 1926 error = 0; 1927 goto out; 1928 1929 default: 1930 goto out; 1931 } 1932 1933 /* 1934 * XXX: If we abort now, will Soft Updates notify the extattr 1935 * code that the EAs for the file need to be released? 1936 */ 1937 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td); 1938 switch (error) { 1939 case 0: 1940 break; 1941 1942 case EOPNOTSUPP: 1943 /* 1944 * XXX: This should not happen, as EOPNOTSUPP above was 1945 * supposed to free acl. 1946 */ 1947 printf("ufs_do_posix1e_acl_inheritance_file: VOP_GETACL() " 1948 "but no VOP_SETACL()\n"); 1949 /* panic("ufs_do_posix1e_acl_inheritance_file: VOP_GETACL() " 1950 "but no VOP_SETACL()"); */ 1951 break; 1952 1953 default: 1954 goto out; 1955 } 1956 1957 out: 1958 acl_free(acl); 1959 1960 return (error); 1961 } 1962 1963 static int 1964 ufs_do_nfs4_acl_inheritance(struct vnode *dvp, struct vnode *tvp, 1965 mode_t child_mode, struct ucred *cred, struct thread *td) 1966 { 1967 int error; 1968 struct acl *parent_aclp, *child_aclp; 1969 1970 parent_aclp = acl_alloc(M_WAITOK); 1971 child_aclp = acl_alloc(M_WAITOK | M_ZERO); 1972 1973 error = ufs_getacl_nfs4_internal(dvp, parent_aclp, td); 1974 if (error) 1975 goto out; 1976 acl_nfs4_compute_inherited_acl(parent_aclp, child_aclp, 1977 child_mode, VTOI(tvp)->i_uid, tvp->v_type == VDIR); 1978 error = ufs_setacl_nfs4_internal(tvp, child_aclp, td); 1979 if (error) 1980 goto out; 1981 out: 1982 acl_free(parent_aclp); 1983 acl_free(child_aclp); 1984 1985 return (error); 1986 } 1987 #endif 1988 1989 /* 1990 * Mkdir system call 1991 */ 1992 static int 1993 ufs_mkdir( 1994 struct vop_mkdir_args /* { 1995 struct vnode *a_dvp; 1996 struct vnode **a_vpp; 1997 struct componentname *a_cnp; 1998 struct vattr *a_vap; 1999 } */ *ap) 2000 { 2001 struct vnode *dvp = ap->a_dvp; 2002 struct vattr *vap = ap->a_vap; 2003 struct componentname *cnp = ap->a_cnp; 2004 struct inode *ip, *dp; 2005 struct vnode *tvp; 2006 struct buf *bp; 2007 struct dirtemplate dirtemplate, *dtp; 2008 struct direct newdir; 2009 int error, dmode; 2010 long blkoff; 2011 2012 dp = VTOI(dvp); 2013 error = ufs_sync_nlink(dvp, NULL); 2014 if (error != 0) 2015 goto out; 2016 dmode = vap->va_mode & 0777; 2017 dmode |= IFDIR; 2018 2019 /* 2020 * Must simulate part of ufs_makeinode here to acquire the inode, 2021 * but not have it entered in the parent directory. The entry is 2022 * made later after writing "." and ".." entries. 2023 */ 2024 if (dp->i_effnlink < 2) { 2025 print_bad_link_count("ufs_mkdir", dvp); 2026 error = EINVAL; 2027 goto out; 2028 } 2029 2030 if (DOINGSUJ(dvp)) { 2031 error = softdep_prelink(dvp, NULL, cnp); 2032 if (error != 0) { 2033 MPASS(error == ERELOOKUP); 2034 return (error); 2035 } 2036 } 2037 2038 error = UFS_VALLOC(dvp, dmode, cnp->cn_cred, &tvp); 2039 if (error) 2040 goto out; 2041 vn_seqc_write_begin(tvp); 2042 ip = VTOI(tvp); 2043 ip->i_gid = dp->i_gid; 2044 DIP_SET(ip, i_gid, dp->i_gid); 2045 #ifdef SUIDDIR 2046 { 2047 #ifdef QUOTA 2048 struct ucred ucred, *ucp; 2049 gid_t ucred_group; 2050 ucp = cnp->cn_cred; 2051 #endif 2052 /* 2053 * If we are hacking owners here, (only do this where told to) 2054 * and we are not giving it TO root, (would subvert quotas) 2055 * then go ahead and give it to the other user. 2056 * The new directory also inherits the SUID bit. 2057 * If user's UID and dir UID are the same, 2058 * 'give it away' so that the SUID is still forced on. 2059 */ 2060 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) && 2061 (dp->i_mode & ISUID) && dp->i_uid) { 2062 dmode |= ISUID; 2063 ip->i_uid = dp->i_uid; 2064 DIP_SET(ip, i_uid, dp->i_uid); 2065 #ifdef QUOTA 2066 if (dp->i_uid != cnp->cn_cred->cr_uid) { 2067 /* 2068 * Make sure the correct user gets charged 2069 * for the space. 2070 * Make a dummy credential for the victim. 2071 * XXX This seems to never be accessed out of 2072 * our context so a stack variable is ok. 2073 */ 2074 refcount_init(&ucred.cr_ref, 1); 2075 ucred.cr_uid = ip->i_uid; 2076 ucred.cr_ngroups = 1; 2077 ucred.cr_groups = &ucred_group; 2078 ucred.cr_groups[0] = dp->i_gid; 2079 ucp = &ucred; 2080 } 2081 #endif 2082 } else { 2083 ip->i_uid = cnp->cn_cred->cr_uid; 2084 DIP_SET(ip, i_uid, ip->i_uid); 2085 } 2086 #ifdef QUOTA 2087 if ((error = getinoquota(ip)) || 2088 (error = chkiq(ip, 1, ucp, 0))) { 2089 if (DOINGSOFTDEP(tvp)) 2090 softdep_revert_link(dp, ip); 2091 UFS_VFREE(tvp, ip->i_number, dmode); 2092 vn_seqc_write_end(tvp); 2093 vgone(tvp); 2094 vput(tvp); 2095 return (error); 2096 } 2097 #endif 2098 } 2099 #else /* !SUIDDIR */ 2100 ip->i_uid = cnp->cn_cred->cr_uid; 2101 DIP_SET(ip, i_uid, ip->i_uid); 2102 #ifdef QUOTA 2103 if ((error = getinoquota(ip)) || 2104 (error = chkiq(ip, 1, cnp->cn_cred, 0))) { 2105 if (DOINGSOFTDEP(tvp)) 2106 softdep_revert_link(dp, ip); 2107 UFS_VFREE(tvp, ip->i_number, dmode); 2108 vn_seqc_write_end(tvp); 2109 vgone(tvp); 2110 vput(tvp); 2111 return (error); 2112 } 2113 #endif 2114 #endif /* !SUIDDIR */ 2115 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE); 2116 UFS_INODE_SET_MODE(ip, dmode); 2117 DIP_SET(ip, i_mode, dmode); 2118 tvp->v_type = VDIR; /* Rest init'd in getnewvnode(). */ 2119 ip->i_effnlink = 2; 2120 ip->i_nlink = 2; 2121 DIP_SET(ip, i_nlink, 2); 2122 2123 if (cnp->cn_flags & ISWHITEOUT) { 2124 ip->i_flags |= UF_OPAQUE; 2125 DIP_SET(ip, i_flags, ip->i_flags); 2126 } 2127 2128 /* 2129 * Bump link count in parent directory to reflect work done below. 2130 * Should be done before reference is created so cleanup is 2131 * possible if we crash. 2132 */ 2133 dp->i_effnlink++; 2134 dp->i_nlink++; 2135 DIP_SET(dp, i_nlink, dp->i_nlink); 2136 UFS_INODE_SET_FLAG(dp, IN_CHANGE); 2137 if (DOINGSOFTDEP(dvp)) 2138 softdep_setup_mkdir(dp, ip); 2139 error = UFS_UPDATE(dvp, !DOINGSOFTDEP(dvp) && !DOINGASYNC(dvp)); 2140 if (error) 2141 goto bad; 2142 #ifdef MAC 2143 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) { 2144 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount, 2145 dvp, tvp, cnp); 2146 if (error) 2147 goto bad; 2148 } 2149 #endif 2150 #ifdef UFS_ACL 2151 if (dvp->v_mount->mnt_flag & MNT_ACLS) { 2152 error = ufs_do_posix1e_acl_inheritance_dir(dvp, tvp, dmode, 2153 cnp->cn_cred, curthread); 2154 if (error) 2155 goto bad; 2156 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) { 2157 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, dmode, 2158 cnp->cn_cred, curthread); 2159 if (error) 2160 goto bad; 2161 } 2162 #endif /* !UFS_ACL */ 2163 2164 /* 2165 * Initialize directory with "." and ".." from static template. 2166 */ 2167 if (!OFSFMT(dvp)) 2168 dtp = &mastertemplate; 2169 else 2170 dtp = (struct dirtemplate *)&omastertemplate; 2171 dirtemplate = *dtp; 2172 dirtemplate.dot_ino = ip->i_number; 2173 dirtemplate.dotdot_ino = dp->i_number; 2174 vnode_pager_setsize(tvp, DIRBLKSIZ); 2175 if ((error = UFS_BALLOC(tvp, (off_t)0, DIRBLKSIZ, cnp->cn_cred, 2176 BA_CLRBUF, &bp)) != 0) 2177 goto bad; 2178 ip->i_size = DIRBLKSIZ; 2179 DIP_SET(ip, i_size, DIRBLKSIZ); 2180 UFS_INODE_SET_FLAG(ip, IN_SIZEMOD | IN_CHANGE | IN_UPDATE); 2181 bcopy((caddr_t)&dirtemplate, (caddr_t)bp->b_data, sizeof dirtemplate); 2182 if (DOINGSOFTDEP(tvp)) { 2183 /* 2184 * Ensure that the entire newly allocated block is a 2185 * valid directory so that future growth within the 2186 * block does not have to ensure that the block is 2187 * written before the inode. 2188 */ 2189 blkoff = DIRBLKSIZ; 2190 while (blkoff < bp->b_bcount) { 2191 ((struct direct *) 2192 (bp->b_data + blkoff))->d_reclen = DIRBLKSIZ; 2193 blkoff += DIRBLKSIZ; 2194 } 2195 } 2196 if ((error = UFS_UPDATE(tvp, !DOINGSOFTDEP(tvp) && 2197 !DOINGASYNC(tvp))) != 0) { 2198 (void)bwrite(bp); 2199 goto bad; 2200 } 2201 /* 2202 * Directory set up, now install its entry in the parent directory. 2203 * 2204 * If we are not doing soft dependencies, then we must write out the 2205 * buffer containing the new directory body before entering the new 2206 * name in the parent. If we are doing soft dependencies, then the 2207 * buffer containing the new directory body will be passed to and 2208 * released in the soft dependency code after the code has attached 2209 * an appropriate ordering dependency to the buffer which ensures that 2210 * the buffer is written before the new name is written in the parent. 2211 */ 2212 if (DOINGASYNC(dvp)) 2213 bdwrite(bp); 2214 else if (!DOINGSOFTDEP(dvp) && ((error = bwrite(bp)))) 2215 goto bad; 2216 ufs_makedirentry(ip, cnp, &newdir); 2217 error = ufs_direnter(dvp, tvp, &newdir, cnp, bp); 2218 2219 bad: 2220 if (error == 0) { 2221 *ap->a_vpp = tvp; 2222 vn_seqc_write_end(tvp); 2223 } else { 2224 dp->i_effnlink--; 2225 dp->i_nlink--; 2226 DIP_SET(dp, i_nlink, dp->i_nlink); 2227 UFS_INODE_SET_FLAG(dp, IN_CHANGE); 2228 /* 2229 * No need to do an explicit VOP_TRUNCATE here, vrele will 2230 * do this for us because we set the link count to 0. 2231 */ 2232 ip->i_effnlink = 0; 2233 ip->i_nlink = 0; 2234 DIP_SET(ip, i_nlink, 0); 2235 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 2236 if (DOINGSOFTDEP(tvp)) 2237 softdep_revert_mkdir(dp, ip); 2238 vn_seqc_write_end(tvp); 2239 vgone(tvp); 2240 vput(tvp); 2241 } 2242 out: 2243 return (error); 2244 } 2245 2246 /* 2247 * Rmdir system call. 2248 */ 2249 static int 2250 ufs_rmdir( 2251 struct vop_rmdir_args /* { 2252 struct vnode *a_dvp; 2253 struct vnode *a_vp; 2254 struct componentname *a_cnp; 2255 } */ *ap) 2256 { 2257 struct vnode *vp = ap->a_vp; 2258 struct vnode *dvp = ap->a_dvp; 2259 struct componentname *cnp = ap->a_cnp; 2260 struct inode *ip, *dp; 2261 int error; 2262 2263 ip = VTOI(vp); 2264 dp = VTOI(dvp); 2265 2266 /* 2267 * Do not remove a directory that is in the process of being renamed. 2268 * Verify the directory is empty (and valid). Rmdir ".." will not be 2269 * valid since ".." will contain a reference to the current directory 2270 * and thus be non-empty. Do not allow the removal of mounted on 2271 * directories (this can happen when an NFS exported filesystem 2272 * tries to remove a locally mounted on directory). 2273 */ 2274 error = 0; 2275 if (dp->i_effnlink <= 2) { 2276 if (dp->i_effnlink == 2) 2277 print_bad_link_count("ufs_rmdir", dvp); 2278 error = EINVAL; 2279 goto out; 2280 } 2281 if (!ufs_dirempty(ip, dp->i_number, cnp->cn_cred)) { 2282 error = ENOTEMPTY; 2283 goto out; 2284 } 2285 if ((dp->i_flags & APPEND) 2286 || (ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))) { 2287 error = EPERM; 2288 goto out; 2289 } 2290 if (vp->v_mountedhere != 0) { 2291 error = EINVAL; 2292 goto out; 2293 } 2294 if (DOINGSUJ(dvp)) { 2295 error = softdep_prelink(dvp, vp, cnp); 2296 if (error != 0) { 2297 MPASS(error == ERELOOKUP); 2298 return (error); 2299 } 2300 } 2301 2302 #ifdef UFS_GJOURNAL 2303 ufs_gjournal_orphan(vp); 2304 #endif 2305 /* 2306 * Delete reference to directory before purging 2307 * inode. If we crash in between, the directory 2308 * will be reattached to lost+found, 2309 */ 2310 dp->i_effnlink--; 2311 ip->i_effnlink--; 2312 if (DOINGSOFTDEP(vp)) 2313 softdep_setup_rmdir(dp, ip); 2314 error = ufs_dirremove(dvp, ip, cnp->cn_flags, 1); 2315 if (error) { 2316 dp->i_effnlink++; 2317 ip->i_effnlink++; 2318 if (DOINGSOFTDEP(vp)) 2319 softdep_revert_rmdir(dp, ip); 2320 goto out; 2321 } 2322 /* 2323 * The only stuff left in the directory is "." and "..". The "." 2324 * reference is inconsequential since we are quashing it. The soft 2325 * dependency code will arrange to do these operations after 2326 * the parent directory entry has been deleted on disk, so 2327 * when running with that code we avoid doing them now. 2328 */ 2329 if (!DOINGSOFTDEP(vp)) { 2330 dp->i_nlink--; 2331 DIP_SET(dp, i_nlink, dp->i_nlink); 2332 UFS_INODE_SET_FLAG(dp, IN_CHANGE); 2333 error = UFS_UPDATE(dvp, 0); 2334 ip->i_nlink--; 2335 DIP_SET(ip, i_nlink, ip->i_nlink); 2336 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 2337 } 2338 cache_vop_rmdir(dvp, vp); 2339 #ifdef UFS_DIRHASH 2340 /* Kill any active hash; i_effnlink == 0, so it will not come back. */ 2341 if (ip->i_dirhash != NULL) 2342 ufsdirhash_free(ip); 2343 #endif 2344 out: 2345 return (error); 2346 } 2347 2348 /* 2349 * symlink -- make a symbolic link 2350 */ 2351 static int 2352 ufs_symlink( 2353 struct vop_symlink_args /* { 2354 struct vnode *a_dvp; 2355 struct vnode **a_vpp; 2356 struct componentname *a_cnp; 2357 struct vattr *a_vap; 2358 const char *a_target; 2359 } */ *ap) 2360 { 2361 struct vnode *vp, **vpp = ap->a_vpp; 2362 struct inode *ip; 2363 int len, error; 2364 2365 error = ufs_makeinode(IFLNK | ap->a_vap->va_mode, ap->a_dvp, 2366 vpp, ap->a_cnp, "ufs_symlink"); 2367 if (error) 2368 return (error); 2369 vp = *vpp; 2370 len = strlen(ap->a_target); 2371 if (len < VFSTOUFS(vp->v_mount)->um_maxsymlinklen) { 2372 ip = VTOI(vp); 2373 bcopy(ap->a_target, DIP(ip, i_shortlink), len); 2374 ip->i_size = len; 2375 DIP_SET(ip, i_size, len); 2376 UFS_INODE_SET_FLAG(ip, IN_SIZEMOD | IN_CHANGE | IN_UPDATE); 2377 error = UFS_UPDATE(vp, 0); 2378 } else 2379 error = vn_rdwr(UIO_WRITE, vp, __DECONST(void *, ap->a_target), 2380 len, (off_t)0, UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK, 2381 ap->a_cnp->cn_cred, NOCRED, NULL, NULL); 2382 if (error) 2383 vput(vp); 2384 return (error); 2385 } 2386 2387 /* 2388 * Vnode op for reading directories. 2389 */ 2390 int 2391 ufs_readdir( 2392 struct vop_readdir_args /* { 2393 struct vnode *a_vp; 2394 struct uio *a_uio; 2395 struct ucred *a_cred; 2396 int *a_eofflag; 2397 int *a_ncookies; 2398 uint64_t **a_cookies; 2399 } */ *ap) 2400 { 2401 struct vnode *vp = ap->a_vp; 2402 struct uio *uio = ap->a_uio; 2403 struct buf *bp; 2404 struct inode *ip; 2405 struct direct *dp, *edp; 2406 uint64_t *cookies; 2407 struct dirent dstdp; 2408 off_t offset, startoffset; 2409 size_t readcnt, skipcnt; 2410 ssize_t startresid; 2411 u_int ncookies; 2412 int error; 2413 2414 if (uio->uio_offset < 0) 2415 return (EINVAL); 2416 ip = VTOI(vp); 2417 if (ip->i_effnlink == 0) 2418 return (0); 2419 if (ap->a_ncookies != NULL) { 2420 if (uio->uio_resid < 0) 2421 ncookies = 0; 2422 else 2423 ncookies = uio->uio_resid; 2424 if (uio->uio_offset >= ip->i_size) 2425 ncookies = 0; 2426 else if (ip->i_size - uio->uio_offset < ncookies) 2427 ncookies = ip->i_size - uio->uio_offset; 2428 ncookies = ncookies / (offsetof(struct direct, d_name) + 4) + 1; 2429 cookies = malloc(ncookies * sizeof(*cookies), M_TEMP, M_WAITOK); 2430 *ap->a_ncookies = ncookies; 2431 *ap->a_cookies = cookies; 2432 } else { 2433 ncookies = 0; 2434 cookies = NULL; 2435 } 2436 offset = startoffset = uio->uio_offset; 2437 startresid = uio->uio_resid; 2438 error = 0; 2439 while (error == 0 && uio->uio_resid > 0 && 2440 uio->uio_offset < ip->i_size) { 2441 error = UFS_BLKATOFF(vp, uio->uio_offset, NULL, &bp); 2442 if (error) 2443 break; 2444 if (bp->b_offset + bp->b_bcount > ip->i_size) 2445 readcnt = ip->i_size - bp->b_offset; 2446 else 2447 readcnt = bp->b_bcount; 2448 skipcnt = (size_t)(uio->uio_offset - bp->b_offset) & 2449 ~(size_t)(DIRBLKSIZ - 1); 2450 offset = bp->b_offset + skipcnt; 2451 dp = (struct direct *)&bp->b_data[skipcnt]; 2452 edp = (struct direct *)&bp->b_data[readcnt]; 2453 while (error == 0 && uio->uio_resid > 0 && dp < edp) { 2454 if (dp->d_reclen <= offsetof(struct direct, d_name) || 2455 (caddr_t)dp + dp->d_reclen > (caddr_t)edp) { 2456 error = EIO; 2457 break; 2458 } 2459 #if BYTE_ORDER == LITTLE_ENDIAN 2460 /* Old filesystem format. */ 2461 if (OFSFMT(vp)) { 2462 dstdp.d_namlen = dp->d_type; 2463 dstdp.d_type = dp->d_namlen; 2464 } else 2465 #endif 2466 { 2467 dstdp.d_namlen = dp->d_namlen; 2468 dstdp.d_type = dp->d_type; 2469 } 2470 if (offsetof(struct direct, d_name) + dstdp.d_namlen > 2471 dp->d_reclen) { 2472 error = EIO; 2473 break; 2474 } 2475 if (offset < startoffset || dp->d_ino == 0) 2476 goto nextentry; 2477 dstdp.d_fileno = dp->d_ino; 2478 dstdp.d_reclen = GENERIC_DIRSIZ(&dstdp); 2479 bcopy(dp->d_name, dstdp.d_name, dstdp.d_namlen); 2480 /* NOTE: d_off is the offset of the *next* entry. */ 2481 dstdp.d_off = offset + dp->d_reclen; 2482 dirent_terminate(&dstdp); 2483 if (dstdp.d_reclen > uio->uio_resid) { 2484 if (uio->uio_resid == startresid) 2485 error = EINVAL; 2486 else 2487 error = EJUSTRETURN; 2488 break; 2489 } 2490 /* Advance dp. */ 2491 error = uiomove((caddr_t)&dstdp, dstdp.d_reclen, uio); 2492 if (error) 2493 break; 2494 if (cookies != NULL) { 2495 KASSERT(ncookies > 0, 2496 ("ufs_readdir: cookies buffer too small")); 2497 *cookies = offset + dp->d_reclen; 2498 cookies++; 2499 ncookies--; 2500 } 2501 nextentry: 2502 offset += dp->d_reclen; 2503 dp = (struct direct *)((caddr_t)dp + dp->d_reclen); 2504 } 2505 bqrelse(bp); 2506 uio->uio_offset = offset; 2507 } 2508 /* We need to correct uio_offset. */ 2509 uio->uio_offset = offset; 2510 if (error == EJUSTRETURN) 2511 error = 0; 2512 if (ap->a_ncookies != NULL) { 2513 if (error == 0) { 2514 *ap->a_ncookies -= ncookies; 2515 } else { 2516 free(*ap->a_cookies, M_TEMP); 2517 *ap->a_ncookies = 0; 2518 *ap->a_cookies = NULL; 2519 } 2520 } 2521 if (error == 0 && ap->a_eofflag) 2522 *ap->a_eofflag = ip->i_size <= uio->uio_offset; 2523 return (error); 2524 } 2525 2526 /* 2527 * Return target name of a symbolic link 2528 */ 2529 static int 2530 ufs_readlink( 2531 struct vop_readlink_args /* { 2532 struct vnode *a_vp; 2533 struct uio *a_uio; 2534 struct ucred *a_cred; 2535 } */ *ap) 2536 { 2537 struct vnode *vp = ap->a_vp; 2538 struct inode *ip = VTOI(vp); 2539 doff_t isize; 2540 2541 isize = ip->i_size; 2542 if (isize < VFSTOUFS(vp->v_mount)->um_maxsymlinklen) 2543 return (uiomove(DIP(ip, i_shortlink), isize, ap->a_uio)); 2544 return (VOP_READ(vp, ap->a_uio, 0, ap->a_cred)); 2545 } 2546 2547 /* 2548 * Calculate the logical to physical mapping if not done already, 2549 * then call the device strategy routine. 2550 * 2551 * In order to be able to swap to a file, the ufs_bmaparray() operation may not 2552 * deadlock on memory. See ufs_bmap() for details. 2553 */ 2554 static int 2555 ufs_strategy( 2556 struct vop_strategy_args /* { 2557 struct vnode *a_vp; 2558 struct buf *a_bp; 2559 } */ *ap) 2560 { 2561 struct buf *bp = ap->a_bp; 2562 struct vnode *vp = ap->a_vp; 2563 ufs2_daddr_t blkno; 2564 int error; 2565 2566 if (bp->b_blkno == bp->b_lblkno) { 2567 error = ufs_bmaparray(vp, bp->b_lblkno, &blkno, bp, NULL, NULL); 2568 bp->b_blkno = blkno; 2569 if (error) { 2570 bp->b_error = error; 2571 bp->b_ioflags |= BIO_ERROR; 2572 bufdone(bp); 2573 return (0); 2574 } 2575 if ((long)bp->b_blkno == -1) 2576 vfs_bio_clrbuf(bp); 2577 } 2578 if ((long)bp->b_blkno == -1) { 2579 bufdone(bp); 2580 return (0); 2581 } 2582 bp->b_iooffset = dbtob(bp->b_blkno); 2583 BO_STRATEGY(VFSTOUFS(vp->v_mount)->um_bo, bp); 2584 return (0); 2585 } 2586 2587 /* 2588 * Print out the contents of an inode. 2589 */ 2590 static int 2591 ufs_print( 2592 struct vop_print_args /* { 2593 struct vnode *a_vp; 2594 } */ *ap) 2595 { 2596 struct vnode *vp = ap->a_vp; 2597 struct inode *ip = VTOI(vp); 2598 2599 printf("\tnlink=%d, effnlink=%d, size=%jd", ip->i_nlink, 2600 ip->i_effnlink, (intmax_t)ip->i_size); 2601 if (I_IS_UFS2(ip)) 2602 printf(", extsize %d", ip->i_din2->di_extsize); 2603 printf("\n\tgeneration=%jx, uid=%d, gid=%d, flags=0x%b\n", 2604 (uintmax_t)ip->i_gen, ip->i_uid, ip->i_gid, 2605 (u_int)ip->i_flags, PRINT_INODE_FLAGS); 2606 printf("\tino %lu, on dev %s", (u_long)ip->i_number, 2607 devtoname(ITODEV(ip))); 2608 if (vp->v_type == VFIFO) 2609 fifo_printinfo(vp); 2610 printf("\n"); 2611 return (0); 2612 } 2613 2614 /* 2615 * Close wrapper for fifos. 2616 * 2617 * Update the times on the inode then do device close. 2618 */ 2619 static int 2620 ufsfifo_close( 2621 struct vop_close_args /* { 2622 struct vnode *a_vp; 2623 int a_fflag; 2624 struct ucred *a_cred; 2625 struct thread *a_td; 2626 } */ *ap) 2627 { 2628 2629 ufs_close(ap); 2630 return (fifo_specops.vop_close(ap)); 2631 } 2632 2633 /* 2634 * Return POSIX pathconf information applicable to ufs filesystems. 2635 */ 2636 static int 2637 ufs_pathconf( 2638 struct vop_pathconf_args /* { 2639 struct vnode *a_vp; 2640 int a_name; 2641 int *a_retval; 2642 } */ *ap) 2643 { 2644 int error; 2645 2646 error = 0; 2647 switch (ap->a_name) { 2648 case _PC_LINK_MAX: 2649 *ap->a_retval = UFS_LINK_MAX; 2650 break; 2651 case _PC_NAME_MAX: 2652 *ap->a_retval = UFS_MAXNAMLEN; 2653 break; 2654 case _PC_PIPE_BUF: 2655 if (ap->a_vp->v_type == VDIR || ap->a_vp->v_type == VFIFO) 2656 *ap->a_retval = PIPE_BUF; 2657 else 2658 error = EINVAL; 2659 break; 2660 case _PC_CHOWN_RESTRICTED: 2661 *ap->a_retval = 1; 2662 break; 2663 case _PC_NO_TRUNC: 2664 *ap->a_retval = 1; 2665 break; 2666 #ifdef UFS_ACL 2667 case _PC_ACL_EXTENDED: 2668 if (ap->a_vp->v_mount->mnt_flag & MNT_ACLS) 2669 *ap->a_retval = 1; 2670 else 2671 *ap->a_retval = 0; 2672 break; 2673 case _PC_ACL_NFS4: 2674 if (ap->a_vp->v_mount->mnt_flag & MNT_NFS4ACLS) 2675 *ap->a_retval = 1; 2676 else 2677 *ap->a_retval = 0; 2678 break; 2679 #endif 2680 case _PC_ACL_PATH_MAX: 2681 #ifdef UFS_ACL 2682 if (ap->a_vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS)) 2683 *ap->a_retval = ACL_MAX_ENTRIES; 2684 else 2685 *ap->a_retval = 3; 2686 #else 2687 *ap->a_retval = 3; 2688 #endif 2689 break; 2690 #ifdef MAC 2691 case _PC_MAC_PRESENT: 2692 if (ap->a_vp->v_mount->mnt_flag & MNT_MULTILABEL) 2693 *ap->a_retval = 1; 2694 else 2695 *ap->a_retval = 0; 2696 break; 2697 #endif 2698 case _PC_MIN_HOLE_SIZE: 2699 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2700 break; 2701 case _PC_PRIO_IO: 2702 *ap->a_retval = 0; 2703 break; 2704 case _PC_SYNC_IO: 2705 *ap->a_retval = 0; 2706 break; 2707 case _PC_ALLOC_SIZE_MIN: 2708 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_bsize; 2709 break; 2710 case _PC_FILESIZEBITS: 2711 *ap->a_retval = 64; 2712 break; 2713 case _PC_REC_INCR_XFER_SIZE: 2714 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2715 break; 2716 case _PC_REC_MAX_XFER_SIZE: 2717 *ap->a_retval = -1; /* means ``unlimited'' */ 2718 break; 2719 case _PC_REC_MIN_XFER_SIZE: 2720 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2721 break; 2722 case _PC_REC_XFER_ALIGN: 2723 *ap->a_retval = PAGE_SIZE; 2724 break; 2725 case _PC_SYMLINK_MAX: 2726 *ap->a_retval = MAXPATHLEN; 2727 break; 2728 2729 default: 2730 error = vop_stdpathconf(ap); 2731 break; 2732 } 2733 return (error); 2734 } 2735 2736 /* 2737 * Initialize the vnode associated with a new inode, handle aliased 2738 * vnodes. 2739 */ 2740 int 2741 ufs_vinit(struct mount *mntp, struct vop_vector *fifoops, struct vnode **vpp) 2742 { 2743 struct inode *ip; 2744 struct vnode *vp; 2745 2746 vp = *vpp; 2747 ASSERT_VOP_LOCKED(vp, "ufs_vinit"); 2748 ip = VTOI(vp); 2749 vp->v_type = IFTOVT(ip->i_mode); 2750 /* 2751 * Only unallocated inodes should be of type VNON. 2752 */ 2753 if (ip->i_mode != 0 && vp->v_type == VNON) 2754 return (EINVAL); 2755 if (vp->v_type == VFIFO) 2756 vp->v_op = fifoops; 2757 if (ip->i_number == UFS_ROOTINO) 2758 vp->v_vflag |= VV_ROOT; 2759 *vpp = vp; 2760 return (0); 2761 } 2762 2763 /* 2764 * Allocate a new inode. 2765 * Vnode dvp must be locked. 2766 */ 2767 static int 2768 ufs_makeinode(int mode, struct vnode *dvp, struct vnode **vpp, 2769 struct componentname *cnp, const char *callfunc) 2770 { 2771 struct inode *ip, *pdir; 2772 struct direct newdir; 2773 struct vnode *tvp; 2774 int error; 2775 2776 pdir = VTOI(dvp); 2777 *vpp = NULL; 2778 if ((mode & IFMT) == 0) 2779 mode |= IFREG; 2780 2781 if (pdir->i_effnlink < 2) { 2782 print_bad_link_count(callfunc, dvp); 2783 return (EINVAL); 2784 } 2785 if (DOINGSUJ(dvp)) { 2786 error = softdep_prelink(dvp, NULL, cnp); 2787 if (error != 0) { 2788 MPASS(error == ERELOOKUP); 2789 return (error); 2790 } 2791 } 2792 error = UFS_VALLOC(dvp, mode, cnp->cn_cred, &tvp); 2793 if (error) 2794 return (error); 2795 ip = VTOI(tvp); 2796 ip->i_gid = pdir->i_gid; 2797 DIP_SET(ip, i_gid, pdir->i_gid); 2798 #ifdef SUIDDIR 2799 { 2800 #ifdef QUOTA 2801 struct ucred ucred, *ucp; 2802 gid_t ucred_group; 2803 ucp = cnp->cn_cred; 2804 #endif 2805 /* 2806 * If we are not the owner of the directory, 2807 * and we are hacking owners here, (only do this where told to) 2808 * and we are not giving it TO root, (would subvert quotas) 2809 * then go ahead and give it to the other user. 2810 * Note that this drops off the execute bits for security. 2811 */ 2812 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) && 2813 (pdir->i_mode & ISUID) && 2814 (pdir->i_uid != cnp->cn_cred->cr_uid) && pdir->i_uid) { 2815 ip->i_uid = pdir->i_uid; 2816 DIP_SET(ip, i_uid, ip->i_uid); 2817 mode &= ~07111; 2818 #ifdef QUOTA 2819 /* 2820 * Make sure the correct user gets charged 2821 * for the space. 2822 * Quickly knock up a dummy credential for the victim. 2823 * XXX This seems to never be accessed out of our 2824 * context so a stack variable is ok. 2825 */ 2826 refcount_init(&ucred.cr_ref, 1); 2827 ucred.cr_uid = ip->i_uid; 2828 ucred.cr_ngroups = 1; 2829 ucred.cr_groups = &ucred_group; 2830 ucred.cr_groups[0] = pdir->i_gid; 2831 ucp = &ucred; 2832 #endif 2833 } else { 2834 ip->i_uid = cnp->cn_cred->cr_uid; 2835 DIP_SET(ip, i_uid, ip->i_uid); 2836 } 2837 2838 #ifdef QUOTA 2839 if ((error = getinoquota(ip)) || 2840 (error = chkiq(ip, 1, ucp, 0))) { 2841 if (DOINGSOFTDEP(tvp)) 2842 softdep_revert_link(pdir, ip); 2843 UFS_VFREE(tvp, ip->i_number, mode); 2844 vgone(tvp); 2845 vput(tvp); 2846 return (error); 2847 } 2848 #endif 2849 } 2850 #else /* !SUIDDIR */ 2851 ip->i_uid = cnp->cn_cred->cr_uid; 2852 DIP_SET(ip, i_uid, ip->i_uid); 2853 #ifdef QUOTA 2854 if ((error = getinoquota(ip)) || 2855 (error = chkiq(ip, 1, cnp->cn_cred, 0))) { 2856 if (DOINGSOFTDEP(tvp)) 2857 softdep_revert_link(pdir, ip); 2858 UFS_VFREE(tvp, ip->i_number, mode); 2859 vgone(tvp); 2860 vput(tvp); 2861 return (error); 2862 } 2863 #endif 2864 #endif /* !SUIDDIR */ 2865 vn_seqc_write_begin(tvp); /* Mostly to cover asserts */ 2866 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE); 2867 UFS_INODE_SET_MODE(ip, mode); 2868 DIP_SET(ip, i_mode, mode); 2869 tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */ 2870 ip->i_effnlink = 1; 2871 ip->i_nlink = 1; 2872 DIP_SET(ip, i_nlink, 1); 2873 if (DOINGSOFTDEP(tvp)) 2874 softdep_setup_create(VTOI(dvp), ip); 2875 if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) && 2876 priv_check_cred(cnp->cn_cred, PRIV_VFS_SETGID)) { 2877 UFS_INODE_SET_MODE(ip, ip->i_mode & ~ISGID); 2878 DIP_SET(ip, i_mode, ip->i_mode); 2879 } 2880 2881 if (cnp->cn_flags & ISWHITEOUT) { 2882 ip->i_flags |= UF_OPAQUE; 2883 DIP_SET(ip, i_flags, ip->i_flags); 2884 } 2885 2886 /* 2887 * Make sure inode goes to disk before directory entry. 2888 */ 2889 error = UFS_UPDATE(tvp, !DOINGSOFTDEP(tvp) && !DOINGASYNC(tvp)); 2890 if (error) 2891 goto bad; 2892 #ifdef MAC 2893 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) { 2894 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount, 2895 dvp, tvp, cnp); 2896 if (error) 2897 goto bad; 2898 } 2899 #endif 2900 #ifdef UFS_ACL 2901 if (dvp->v_mount->mnt_flag & MNT_ACLS) { 2902 error = ufs_do_posix1e_acl_inheritance_file(dvp, tvp, mode, 2903 cnp->cn_cred, curthread); 2904 if (error) 2905 goto bad; 2906 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) { 2907 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, mode, 2908 cnp->cn_cred, curthread); 2909 if (error) 2910 goto bad; 2911 } 2912 #endif /* !UFS_ACL */ 2913 ufs_makedirentry(ip, cnp, &newdir); 2914 error = ufs_direnter(dvp, tvp, &newdir, cnp, NULL); 2915 if (error) 2916 goto bad; 2917 vn_seqc_write_end(tvp); 2918 *vpp = tvp; 2919 return (0); 2920 2921 bad: 2922 /* 2923 * Write error occurred trying to update the inode 2924 * or the directory so must deallocate the inode. 2925 */ 2926 ip->i_effnlink = 0; 2927 ip->i_nlink = 0; 2928 DIP_SET(ip, i_nlink, 0); 2929 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 2930 if (DOINGSOFTDEP(tvp)) 2931 softdep_revert_create(VTOI(dvp), ip); 2932 vn_seqc_write_end(tvp); 2933 vgone(tvp); 2934 vput(tvp); 2935 return (error); 2936 } 2937 2938 static int 2939 ufs_ioctl(struct vop_ioctl_args *ap) 2940 { 2941 struct vnode *vp; 2942 int error; 2943 2944 vp = ap->a_vp; 2945 switch (ap->a_command) { 2946 case FIOSEEKDATA: 2947 error = vn_lock(vp, LK_EXCLUSIVE); 2948 if (error == 0) { 2949 error = ufs_bmap_seekdata(vp, (off_t *)ap->a_data); 2950 VOP_UNLOCK(vp); 2951 } else 2952 error = EBADF; 2953 return (error); 2954 case FIOSEEKHOLE: 2955 return (vn_bmap_seekhole(vp, ap->a_command, (off_t *)ap->a_data, 2956 ap->a_cred)); 2957 default: 2958 return (ENOTTY); 2959 } 2960 } 2961 2962 static int 2963 ufs_read_pgcache(struct vop_read_pgcache_args *ap) 2964 { 2965 struct uio *uio; 2966 struct vnode *vp; 2967 2968 uio = ap->a_uio; 2969 vp = ap->a_vp; 2970 VNPASS((vn_irflag_read(vp) & VIRF_PGREAD) != 0, vp); 2971 2972 if (uio->uio_resid > ptoa(io_hold_cnt) || uio->uio_offset < 0 || 2973 (ap->a_ioflag & IO_DIRECT) != 0) 2974 return (EJUSTRETURN); 2975 return (vn_read_from_obj(vp, uio)); 2976 } 2977 2978 /* Global vfs data structures for ufs. */ 2979 struct vop_vector ufs_vnodeops = { 2980 .vop_default = &default_vnodeops, 2981 .vop_fsync = VOP_PANIC, 2982 .vop_read = VOP_PANIC, 2983 .vop_reallocblks = VOP_PANIC, 2984 .vop_write = VOP_PANIC, 2985 .vop_accessx = ufs_accessx, 2986 .vop_bmap = ufs_bmap, 2987 .vop_fplookup_vexec = ufs_fplookup_vexec, 2988 .vop_fplookup_symlink = VOP_EAGAIN, 2989 .vop_cachedlookup = ufs_lookup, 2990 .vop_close = ufs_close, 2991 .vop_create = ufs_create, 2992 .vop_stat = ufs_stat, 2993 .vop_getattr = ufs_getattr, 2994 .vop_inactive = ufs_inactive, 2995 .vop_ioctl = ufs_ioctl, 2996 .vop_link = ufs_link, 2997 .vop_lookup = vfs_cache_lookup, 2998 .vop_mmapped = ufs_mmapped, 2999 .vop_mkdir = ufs_mkdir, 3000 .vop_mknod = ufs_mknod, 3001 .vop_need_inactive = ufs_need_inactive, 3002 .vop_open = ufs_open, 3003 .vop_pathconf = ufs_pathconf, 3004 .vop_poll = vop_stdpoll, 3005 .vop_print = ufs_print, 3006 .vop_read_pgcache = ufs_read_pgcache, 3007 .vop_readdir = ufs_readdir, 3008 .vop_readlink = ufs_readlink, 3009 .vop_reclaim = ufs_reclaim, 3010 .vop_remove = ufs_remove, 3011 .vop_rename = ufs_rename, 3012 .vop_rmdir = ufs_rmdir, 3013 .vop_setattr = ufs_setattr, 3014 #ifdef MAC 3015 .vop_setlabel = vop_stdsetlabel_ea, 3016 #endif 3017 .vop_strategy = ufs_strategy, 3018 .vop_symlink = ufs_symlink, 3019 .vop_whiteout = ufs_whiteout, 3020 #ifdef UFS_EXTATTR 3021 .vop_getextattr = ufs_getextattr, 3022 .vop_deleteextattr = ufs_deleteextattr, 3023 .vop_setextattr = ufs_setextattr, 3024 #endif 3025 #ifdef UFS_ACL 3026 .vop_getacl = ufs_getacl, 3027 .vop_setacl = ufs_setacl, 3028 .vop_aclcheck = ufs_aclcheck, 3029 #endif 3030 }; 3031 VFS_VOP_VECTOR_REGISTER(ufs_vnodeops); 3032 3033 struct vop_vector ufs_fifoops = { 3034 .vop_default = &fifo_specops, 3035 .vop_fsync = VOP_PANIC, 3036 .vop_accessx = ufs_accessx, 3037 .vop_close = ufsfifo_close, 3038 .vop_getattr = ufs_getattr, 3039 .vop_inactive = ufs_inactive, 3040 .vop_pathconf = ufs_pathconf, 3041 .vop_print = ufs_print, 3042 .vop_read = VOP_PANIC, 3043 .vop_reclaim = ufs_reclaim, 3044 .vop_setattr = ufs_setattr, 3045 #ifdef MAC 3046 .vop_setlabel = vop_stdsetlabel_ea, 3047 #endif 3048 .vop_write = VOP_PANIC, 3049 #ifdef UFS_EXTATTR 3050 .vop_getextattr = ufs_getextattr, 3051 .vop_deleteextattr = ufs_deleteextattr, 3052 .vop_setextattr = ufs_setextattr, 3053 #endif 3054 #ifdef UFS_ACL 3055 .vop_getacl = ufs_getacl, 3056 .vop_setacl = ufs_setacl, 3057 .vop_aclcheck = ufs_aclcheck, 3058 #endif 3059 }; 3060 VFS_VOP_VECTOR_REGISTER(ufs_fifoops); 3061