1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1982, 1986, 1989, 1993, 1995 5 * The Regents of the University of California. All rights reserved. 6 * (c) UNIX System Laboratories, Inc. 7 * All or some portions of this file are derived from material licensed 8 * to the University of California by American Telephone and Telegraph 9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 10 * the permission of UNIX System Laboratories, Inc. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)ufs_vnops.c 8.27 (Berkeley) 5/27/95 37 */ 38 39 #include <sys/cdefs.h> 40 __FBSDID("$FreeBSD$"); 41 42 #include "opt_quota.h" 43 #include "opt_suiddir.h" 44 #include "opt_ufs.h" 45 #include "opt_ffs.h" 46 47 #include <sys/param.h> 48 #include <sys/systm.h> 49 #include <sys/malloc.h> 50 #include <sys/namei.h> 51 #include <sys/kernel.h> 52 #include <sys/fcntl.h> 53 #include <sys/filio.h> 54 #include <sys/stat.h> 55 #include <sys/bio.h> 56 #include <sys/buf.h> 57 #include <sys/mount.h> 58 #include <sys/priv.h> 59 #include <sys/refcount.h> 60 #include <sys/unistd.h> 61 #include <sys/vnode.h> 62 #include <sys/dirent.h> 63 #include <sys/lockf.h> 64 #include <sys/conf.h> 65 #include <sys/acl.h> 66 67 #include <security/mac/mac_framework.h> 68 69 #include <sys/file.h> /* XXX */ 70 71 #include <vm/vm.h> 72 #include <vm/vm_extern.h> 73 74 #include <ufs/ufs/acl.h> 75 #include <ufs/ufs/extattr.h> 76 #include <ufs/ufs/quota.h> 77 #include <ufs/ufs/inode.h> 78 #include <ufs/ufs/dir.h> 79 #include <ufs/ufs/ufsmount.h> 80 #include <ufs/ufs/ufs_extern.h> 81 #ifdef UFS_DIRHASH 82 #include <ufs/ufs/dirhash.h> 83 #endif 84 #ifdef UFS_GJOURNAL 85 #include <ufs/ufs/gjournal.h> 86 FEATURE(ufs_gjournal, "Journaling support through GEOM for UFS"); 87 #endif 88 89 #ifdef QUOTA 90 FEATURE(ufs_quota, "UFS disk quotas support"); 91 FEATURE(ufs_quota64, "64bit UFS disk quotas support"); 92 #endif 93 94 #ifdef SUIDDIR 95 FEATURE(suiddir, 96 "Give all new files in directory the same ownership as the directory"); 97 #endif 98 99 100 #include <ufs/ffs/ffs_extern.h> 101 102 static vop_accessx_t ufs_accessx; 103 static int ufs_chmod(struct vnode *, int, struct ucred *, struct thread *); 104 static int ufs_chown(struct vnode *, uid_t, gid_t, struct ucred *, struct thread *); 105 static vop_close_t ufs_close; 106 static vop_create_t ufs_create; 107 static vop_getattr_t ufs_getattr; 108 static vop_ioctl_t ufs_ioctl; 109 static vop_link_t ufs_link; 110 static int ufs_makeinode(int mode, struct vnode *, struct vnode **, struct componentname *, const char *); 111 static vop_mmapped_t ufs_mmapped; 112 static vop_mkdir_t ufs_mkdir; 113 static vop_mknod_t ufs_mknod; 114 static vop_open_t ufs_open; 115 static vop_pathconf_t ufs_pathconf; 116 static vop_print_t ufs_print; 117 static vop_readlink_t ufs_readlink; 118 static vop_remove_t ufs_remove; 119 static vop_rename_t ufs_rename; 120 static vop_rmdir_t ufs_rmdir; 121 static vop_setattr_t ufs_setattr; 122 static vop_strategy_t ufs_strategy; 123 static vop_symlink_t ufs_symlink; 124 static vop_whiteout_t ufs_whiteout; 125 static vop_close_t ufsfifo_close; 126 static vop_kqfilter_t ufsfifo_kqfilter; 127 128 SYSCTL_NODE(_vfs, OID_AUTO, ufs, CTLFLAG_RD | CTLFLAG_MPSAFE, 0, 129 "UFS filesystem"); 130 131 /* 132 * A virgin directory (no blushing please). 133 */ 134 static struct dirtemplate mastertemplate = { 135 0, 12, DT_DIR, 1, ".", 136 0, DIRBLKSIZ - 12, DT_DIR, 2, ".." 137 }; 138 static struct odirtemplate omastertemplate = { 139 0, 12, 1, ".", 140 0, DIRBLKSIZ - 12, 2, ".." 141 }; 142 143 static void 144 ufs_itimes_locked(struct vnode *vp) 145 { 146 struct inode *ip; 147 struct timespec ts; 148 149 ASSERT_VI_LOCKED(vp, __func__); 150 151 ip = VTOI(vp); 152 if (UFS_RDONLY(ip)) 153 goto out; 154 if ((ip->i_flag & (IN_ACCESS | IN_CHANGE | IN_UPDATE)) == 0) 155 return; 156 157 if ((vp->v_type == VBLK || vp->v_type == VCHR) && !DOINGSOFTDEP(vp)) 158 UFS_INODE_SET_FLAG(ip, IN_LAZYMOD); 159 else if (((vp->v_mount->mnt_kern_flag & 160 (MNTK_SUSPENDED | MNTK_SUSPEND)) == 0) || 161 (ip->i_flag & (IN_CHANGE | IN_UPDATE))) 162 UFS_INODE_SET_FLAG(ip, IN_MODIFIED); 163 else if (ip->i_flag & IN_ACCESS) 164 UFS_INODE_SET_FLAG(ip, IN_LAZYACCESS); 165 vfs_timestamp(&ts); 166 if (ip->i_flag & IN_ACCESS) { 167 DIP_SET(ip, i_atime, ts.tv_sec); 168 DIP_SET(ip, i_atimensec, ts.tv_nsec); 169 } 170 if (ip->i_flag & IN_UPDATE) { 171 DIP_SET(ip, i_mtime, ts.tv_sec); 172 DIP_SET(ip, i_mtimensec, ts.tv_nsec); 173 } 174 if (ip->i_flag & IN_CHANGE) { 175 DIP_SET(ip, i_ctime, ts.tv_sec); 176 DIP_SET(ip, i_ctimensec, ts.tv_nsec); 177 DIP_SET(ip, i_modrev, DIP(ip, i_modrev) + 1); 178 } 179 180 out: 181 ip->i_flag &= ~(IN_ACCESS | IN_CHANGE | IN_UPDATE); 182 } 183 184 void 185 ufs_itimes(struct vnode *vp) 186 { 187 188 VI_LOCK(vp); 189 ufs_itimes_locked(vp); 190 VI_UNLOCK(vp); 191 } 192 193 /* 194 * Create a regular file 195 */ 196 static int 197 ufs_create(ap) 198 struct vop_create_args /* { 199 struct vnode *a_dvp; 200 struct vnode **a_vpp; 201 struct componentname *a_cnp; 202 struct vattr *a_vap; 203 } */ *ap; 204 { 205 int error; 206 207 error = 208 ufs_makeinode(MAKEIMODE(ap->a_vap->va_type, ap->a_vap->va_mode), 209 ap->a_dvp, ap->a_vpp, ap->a_cnp, "ufs_create"); 210 if (error != 0) 211 return (error); 212 if ((ap->a_cnp->cn_flags & MAKEENTRY) != 0) 213 cache_enter(ap->a_dvp, *ap->a_vpp, ap->a_cnp); 214 return (0); 215 } 216 217 /* 218 * Mknod vnode call 219 */ 220 /* ARGSUSED */ 221 static int 222 ufs_mknod(ap) 223 struct vop_mknod_args /* { 224 struct vnode *a_dvp; 225 struct vnode **a_vpp; 226 struct componentname *a_cnp; 227 struct vattr *a_vap; 228 } */ *ap; 229 { 230 struct vattr *vap = ap->a_vap; 231 struct vnode **vpp = ap->a_vpp; 232 struct inode *ip; 233 ino_t ino; 234 int error; 235 236 error = ufs_makeinode(MAKEIMODE(vap->va_type, vap->va_mode), 237 ap->a_dvp, vpp, ap->a_cnp, "ufs_mknod"); 238 if (error) 239 return (error); 240 ip = VTOI(*vpp); 241 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE); 242 if (vap->va_rdev != VNOVAL) { 243 /* 244 * Want to be able to use this to make badblock 245 * inodes, so don't truncate the dev number. 246 */ 247 DIP_SET(ip, i_rdev, vap->va_rdev); 248 } 249 /* 250 * Remove inode, then reload it through VFS_VGET so it is 251 * checked to see if it is an alias of an existing entry in 252 * the inode cache. XXX I don't believe this is necessary now. 253 */ 254 (*vpp)->v_type = VNON; 255 ino = ip->i_number; /* Save this before vgone() invalidates ip. */ 256 vgone(*vpp); 257 vput(*vpp); 258 error = VFS_VGET(ap->a_dvp->v_mount, ino, LK_EXCLUSIVE, vpp); 259 if (error) { 260 *vpp = NULL; 261 return (error); 262 } 263 return (0); 264 } 265 266 /* 267 * Open called. 268 */ 269 /* ARGSUSED */ 270 static int 271 ufs_open(struct vop_open_args *ap) 272 { 273 struct vnode *vp = ap->a_vp; 274 struct inode *ip; 275 276 if (vp->v_type == VCHR || vp->v_type == VBLK) 277 return (EOPNOTSUPP); 278 279 ip = VTOI(vp); 280 /* 281 * Files marked append-only must be opened for appending. 282 */ 283 if ((ip->i_flags & APPEND) && 284 (ap->a_mode & (FWRITE | O_APPEND)) == FWRITE) 285 return (EPERM); 286 vnode_create_vobject(vp, DIP(ip, i_size), ap->a_td); 287 return (0); 288 } 289 290 /* 291 * Close called. 292 * 293 * Update the times on the inode. 294 */ 295 /* ARGSUSED */ 296 static int 297 ufs_close(ap) 298 struct vop_close_args /* { 299 struct vnode *a_vp; 300 int a_fflag; 301 struct ucred *a_cred; 302 struct thread *a_td; 303 } */ *ap; 304 { 305 struct vnode *vp = ap->a_vp; 306 int usecount; 307 308 VI_LOCK(vp); 309 usecount = vp->v_usecount; 310 if (usecount > 1) 311 ufs_itimes_locked(vp); 312 VI_UNLOCK(vp); 313 return (0); 314 } 315 316 static int 317 ufs_accessx(ap) 318 struct vop_accessx_args /* { 319 struct vnode *a_vp; 320 accmode_t a_accmode; 321 struct ucred *a_cred; 322 struct thread *a_td; 323 } */ *ap; 324 { 325 struct vnode *vp = ap->a_vp; 326 struct inode *ip = VTOI(vp); 327 accmode_t accmode = ap->a_accmode; 328 int error; 329 #ifdef UFS_ACL 330 struct acl *acl; 331 acl_type_t type; 332 #endif 333 334 /* 335 * Disallow write attempts on read-only filesystems; 336 * unless the file is a socket, fifo, or a block or 337 * character device resident on the filesystem. 338 */ 339 if (accmode & VMODIFY_PERMS) { 340 switch (vp->v_type) { 341 case VDIR: 342 case VLNK: 343 case VREG: 344 if (vp->v_mount->mnt_flag & MNT_RDONLY) 345 return (EROFS); 346 #ifdef QUOTA 347 /* 348 * Inode is accounted in the quotas only if struct 349 * dquot is attached to it. VOP_ACCESS() is called 350 * from vn_open_cred() and provides a convenient 351 * point to call getinoquota(). The lock mode is 352 * exclusive when the file is opening for write. 353 */ 354 if (VOP_ISLOCKED(vp) == LK_EXCLUSIVE) { 355 error = getinoquota(ip); 356 if (error != 0) 357 return (error); 358 } 359 #endif 360 break; 361 default: 362 break; 363 } 364 } 365 366 /* 367 * If immutable bit set, nobody gets to write it. "& ~VADMIN_PERMS" 368 * permits the owner of the file to remove the IMMUTABLE flag. 369 */ 370 if ((accmode & (VMODIFY_PERMS & ~VADMIN_PERMS)) && 371 (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT))) 372 return (EPERM); 373 374 #ifdef UFS_ACL 375 if ((vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS)) != 0) { 376 if (vp->v_mount->mnt_flag & MNT_NFS4ACLS) 377 type = ACL_TYPE_NFS4; 378 else 379 type = ACL_TYPE_ACCESS; 380 381 acl = acl_alloc(M_WAITOK); 382 if (type == ACL_TYPE_NFS4) 383 error = ufs_getacl_nfs4_internal(vp, acl, ap->a_td); 384 else 385 error = VOP_GETACL(vp, type, acl, ap->a_cred, ap->a_td); 386 switch (error) { 387 case 0: 388 if (type == ACL_TYPE_NFS4) { 389 error = vaccess_acl_nfs4(vp->v_type, ip->i_uid, 390 ip->i_gid, acl, accmode, ap->a_cred, NULL); 391 } else { 392 error = vfs_unixify_accmode(&accmode); 393 if (error == 0) 394 error = vaccess_acl_posix1e(vp->v_type, ip->i_uid, 395 ip->i_gid, acl, accmode, ap->a_cred, NULL); 396 } 397 break; 398 default: 399 if (error != EOPNOTSUPP) 400 printf( 401 "ufs_accessx(): Error retrieving ACL on object (%d).\n", 402 error); 403 /* 404 * XXX: Fall back until debugged. Should 405 * eventually possibly log an error, and return 406 * EPERM for safety. 407 */ 408 error = vfs_unixify_accmode(&accmode); 409 if (error == 0) 410 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, 411 ip->i_gid, accmode, ap->a_cred, NULL); 412 } 413 acl_free(acl); 414 415 return (error); 416 } 417 #endif /* !UFS_ACL */ 418 error = vfs_unixify_accmode(&accmode); 419 if (error == 0) 420 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, ip->i_gid, 421 accmode, ap->a_cred, NULL); 422 return (error); 423 } 424 425 /* ARGSUSED */ 426 static int 427 ufs_getattr(ap) 428 struct vop_getattr_args /* { 429 struct vnode *a_vp; 430 struct vattr *a_vap; 431 struct ucred *a_cred; 432 } */ *ap; 433 { 434 struct vnode *vp = ap->a_vp; 435 struct inode *ip = VTOI(vp); 436 struct vattr *vap = ap->a_vap; 437 438 VI_LOCK(vp); 439 ufs_itimes_locked(vp); 440 if (I_IS_UFS1(ip)) { 441 vap->va_atime.tv_sec = ip->i_din1->di_atime; 442 vap->va_atime.tv_nsec = ip->i_din1->di_atimensec; 443 } else { 444 vap->va_atime.tv_sec = ip->i_din2->di_atime; 445 vap->va_atime.tv_nsec = ip->i_din2->di_atimensec; 446 } 447 VI_UNLOCK(vp); 448 /* 449 * Copy from inode table 450 */ 451 vap->va_fsid = dev2udev(ITOUMP(ip)->um_dev); 452 vap->va_fileid = ip->i_number; 453 vap->va_mode = ip->i_mode & ~IFMT; 454 vap->va_nlink = ip->i_effnlink; 455 vap->va_uid = ip->i_uid; 456 vap->va_gid = ip->i_gid; 457 if (I_IS_UFS1(ip)) { 458 vap->va_rdev = ip->i_din1->di_rdev; 459 vap->va_size = ip->i_din1->di_size; 460 vap->va_mtime.tv_sec = ip->i_din1->di_mtime; 461 vap->va_mtime.tv_nsec = ip->i_din1->di_mtimensec; 462 vap->va_ctime.tv_sec = ip->i_din1->di_ctime; 463 vap->va_ctime.tv_nsec = ip->i_din1->di_ctimensec; 464 vap->va_bytes = dbtob((u_quad_t)ip->i_din1->di_blocks); 465 vap->va_filerev = ip->i_din1->di_modrev; 466 } else { 467 vap->va_rdev = ip->i_din2->di_rdev; 468 vap->va_size = ip->i_din2->di_size; 469 vap->va_mtime.tv_sec = ip->i_din2->di_mtime; 470 vap->va_mtime.tv_nsec = ip->i_din2->di_mtimensec; 471 vap->va_ctime.tv_sec = ip->i_din2->di_ctime; 472 vap->va_ctime.tv_nsec = ip->i_din2->di_ctimensec; 473 vap->va_birthtime.tv_sec = ip->i_din2->di_birthtime; 474 vap->va_birthtime.tv_nsec = ip->i_din2->di_birthnsec; 475 vap->va_bytes = dbtob((u_quad_t)ip->i_din2->di_blocks); 476 vap->va_filerev = ip->i_din2->di_modrev; 477 } 478 vap->va_flags = ip->i_flags; 479 vap->va_gen = ip->i_gen; 480 vap->va_blocksize = vp->v_mount->mnt_stat.f_iosize; 481 vap->va_type = IFTOVT(ip->i_mode); 482 return (0); 483 } 484 485 /* 486 * Set attribute vnode op. called from several syscalls 487 */ 488 static int 489 ufs_setattr(ap) 490 struct vop_setattr_args /* { 491 struct vnode *a_vp; 492 struct vattr *a_vap; 493 struct ucred *a_cred; 494 } */ *ap; 495 { 496 struct vattr *vap = ap->a_vap; 497 struct vnode *vp = ap->a_vp; 498 struct inode *ip = VTOI(vp); 499 struct ucred *cred = ap->a_cred; 500 struct thread *td = curthread; 501 int error; 502 503 /* 504 * Check for unsettable attributes. 505 */ 506 if ((vap->va_type != VNON) || (vap->va_nlink != VNOVAL) || 507 (vap->va_fsid != VNOVAL) || (vap->va_fileid != VNOVAL) || 508 (vap->va_blocksize != VNOVAL) || (vap->va_rdev != VNOVAL) || 509 ((int)vap->va_bytes != VNOVAL) || (vap->va_gen != VNOVAL)) { 510 return (EINVAL); 511 } 512 if (vap->va_flags != VNOVAL) { 513 if ((vap->va_flags & ~(SF_APPEND | SF_ARCHIVED | SF_IMMUTABLE | 514 SF_NOUNLINK | SF_SNAPSHOT | UF_APPEND | UF_ARCHIVE | 515 UF_HIDDEN | UF_IMMUTABLE | UF_NODUMP | UF_NOUNLINK | 516 UF_OFFLINE | UF_OPAQUE | UF_READONLY | UF_REPARSE | 517 UF_SPARSE | UF_SYSTEM)) != 0) 518 return (EOPNOTSUPP); 519 if (vp->v_mount->mnt_flag & MNT_RDONLY) 520 return (EROFS); 521 /* 522 * Callers may only modify the file flags on objects they 523 * have VADMIN rights for. 524 */ 525 if ((error = VOP_ACCESS(vp, VADMIN, cred, td))) 526 return (error); 527 /* 528 * Unprivileged processes are not permitted to unset system 529 * flags, or modify flags if any system flags are set. 530 * Privileged non-jail processes may not modify system flags 531 * if securelevel > 0 and any existing system flags are set. 532 * Privileged jail processes behave like privileged non-jail 533 * processes if the PR_ALLOW_CHFLAGS permission bit is set; 534 * otherwise, they behave like unprivileged processes. 535 */ 536 if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS)) { 537 if (ip->i_flags & 538 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) { 539 error = securelevel_gt(cred, 0); 540 if (error) 541 return (error); 542 } 543 /* The snapshot flag cannot be toggled. */ 544 if ((vap->va_flags ^ ip->i_flags) & SF_SNAPSHOT) 545 return (EPERM); 546 } else { 547 if (ip->i_flags & 548 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND) || 549 ((vap->va_flags ^ ip->i_flags) & SF_SETTABLE)) 550 return (EPERM); 551 } 552 ip->i_flags = vap->va_flags; 553 DIP_SET(ip, i_flags, vap->va_flags); 554 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 555 error = UFS_UPDATE(vp, 0); 556 if (ip->i_flags & (IMMUTABLE | APPEND)) 557 return (error); 558 } 559 /* 560 * If immutable or append, no one can change any of its attributes 561 * except the ones already handled (in some cases, file flags 562 * including the immutability flags themselves for the superuser). 563 */ 564 if (ip->i_flags & (IMMUTABLE | APPEND)) 565 return (EPERM); 566 /* 567 * Go through the fields and update iff not VNOVAL. 568 */ 569 if (vap->va_uid != (uid_t)VNOVAL || vap->va_gid != (gid_t)VNOVAL) { 570 if (vp->v_mount->mnt_flag & MNT_RDONLY) 571 return (EROFS); 572 if ((error = ufs_chown(vp, vap->va_uid, vap->va_gid, cred, 573 td)) != 0) 574 return (error); 575 } 576 if (vap->va_size != VNOVAL) { 577 /* 578 * XXX most of the following special cases should be in 579 * callers instead of in N filesystems. The VDIR check 580 * mostly already is. 581 */ 582 switch (vp->v_type) { 583 case VDIR: 584 return (EISDIR); 585 case VLNK: 586 case VREG: 587 /* 588 * Truncation should have an effect in these cases. 589 * Disallow it if the filesystem is read-only or 590 * the file is being snapshotted. 591 */ 592 if (vp->v_mount->mnt_flag & MNT_RDONLY) 593 return (EROFS); 594 if ((ip->i_flags & SF_SNAPSHOT) != 0) 595 return (EPERM); 596 break; 597 default: 598 /* 599 * According to POSIX, the result is unspecified 600 * for file types other than regular files, 601 * directories and shared memory objects. We 602 * don't support shared memory objects in the file 603 * system, and have dubious support for truncating 604 * symlinks. Just ignore the request in other cases. 605 */ 606 return (0); 607 } 608 if ((error = UFS_TRUNCATE(vp, vap->va_size, IO_NORMAL | 609 ((vap->va_vaflags & VA_SYNC) != 0 ? IO_SYNC : 0), 610 cred)) != 0) 611 return (error); 612 } 613 if (vap->va_atime.tv_sec != VNOVAL || 614 vap->va_mtime.tv_sec != VNOVAL || 615 vap->va_birthtime.tv_sec != VNOVAL) { 616 if (vp->v_mount->mnt_flag & MNT_RDONLY) 617 return (EROFS); 618 if ((ip->i_flags & SF_SNAPSHOT) != 0) 619 return (EPERM); 620 error = vn_utimes_perm(vp, vap, cred, td); 621 if (error != 0) 622 return (error); 623 UFS_INODE_SET_FLAG(ip, IN_CHANGE | IN_MODIFIED); 624 if (vap->va_atime.tv_sec != VNOVAL) { 625 ip->i_flag &= ~IN_ACCESS; 626 DIP_SET(ip, i_atime, vap->va_atime.tv_sec); 627 DIP_SET(ip, i_atimensec, vap->va_atime.tv_nsec); 628 } 629 if (vap->va_mtime.tv_sec != VNOVAL) { 630 ip->i_flag &= ~IN_UPDATE; 631 DIP_SET(ip, i_mtime, vap->va_mtime.tv_sec); 632 DIP_SET(ip, i_mtimensec, vap->va_mtime.tv_nsec); 633 } 634 if (vap->va_birthtime.tv_sec != VNOVAL && I_IS_UFS2(ip)) { 635 ip->i_din2->di_birthtime = vap->va_birthtime.tv_sec; 636 ip->i_din2->di_birthnsec = vap->va_birthtime.tv_nsec; 637 } 638 error = UFS_UPDATE(vp, 0); 639 if (error) 640 return (error); 641 } 642 error = 0; 643 if (vap->va_mode != (mode_t)VNOVAL) { 644 if (vp->v_mount->mnt_flag & MNT_RDONLY) 645 return (EROFS); 646 if ((ip->i_flags & SF_SNAPSHOT) != 0 && (vap->va_mode & 647 (S_IXUSR | S_IWUSR | S_IXGRP | S_IWGRP | S_IXOTH | S_IWOTH))) 648 return (EPERM); 649 error = ufs_chmod(vp, (int)vap->va_mode, cred, td); 650 } 651 return (error); 652 } 653 654 #ifdef UFS_ACL 655 static int 656 ufs_update_nfs4_acl_after_mode_change(struct vnode *vp, int mode, 657 int file_owner_id, struct ucred *cred, struct thread *td) 658 { 659 int error; 660 struct acl *aclp; 661 662 aclp = acl_alloc(M_WAITOK); 663 error = ufs_getacl_nfs4_internal(vp, aclp, td); 664 /* 665 * We don't have to handle EOPNOTSUPP here, as the filesystem claims 666 * it supports ACLs. 667 */ 668 if (error) 669 goto out; 670 671 acl_nfs4_sync_acl_from_mode(aclp, mode, file_owner_id); 672 error = ufs_setacl_nfs4_internal(vp, aclp, td); 673 674 out: 675 acl_free(aclp); 676 return (error); 677 } 678 #endif /* UFS_ACL */ 679 680 static int 681 ufs_mmapped(ap) 682 struct vop_mmapped_args /* { 683 struct vnode *a_vp; 684 } */ *ap; 685 { 686 struct vnode *vp; 687 struct inode *ip; 688 struct mount *mp; 689 690 vp = ap->a_vp; 691 ip = VTOI(vp); 692 mp = vp->v_mount; 693 694 if ((mp->mnt_flag & (MNT_NOATIME | MNT_RDONLY)) == 0) 695 UFS_INODE_SET_FLAG_SHARED(ip, IN_ACCESS); 696 /* 697 * XXXKIB No UFS_UPDATE(ap->a_vp, 0) there. 698 */ 699 return (0); 700 } 701 702 /* 703 * Change the mode on a file. 704 * Inode must be locked before calling. 705 */ 706 static int 707 ufs_chmod(vp, mode, cred, td) 708 struct vnode *vp; 709 int mode; 710 struct ucred *cred; 711 struct thread *td; 712 { 713 struct inode *ip = VTOI(vp); 714 int error; 715 716 /* 717 * To modify the permissions on a file, must possess VADMIN 718 * for that file. 719 */ 720 if ((error = VOP_ACCESSX(vp, VWRITE_ACL, cred, td))) 721 return (error); 722 /* 723 * Privileged processes may set the sticky bit on non-directories, 724 * as well as set the setgid bit on a file with a group that the 725 * process is not a member of. Both of these are allowed in 726 * jail(8). 727 */ 728 if (vp->v_type != VDIR && (mode & S_ISTXT)) { 729 if (priv_check_cred(cred, PRIV_VFS_STICKYFILE)) 730 return (EFTYPE); 731 } 732 if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) { 733 error = priv_check_cred(cred, PRIV_VFS_SETGID); 734 if (error) 735 return (error); 736 } 737 738 /* 739 * Deny setting setuid if we are not the file owner. 740 */ 741 if ((mode & ISUID) && ip->i_uid != cred->cr_uid) { 742 error = priv_check_cred(cred, PRIV_VFS_ADMIN); 743 if (error) 744 return (error); 745 } 746 747 ip->i_mode &= ~ALLPERMS; 748 ip->i_mode |= (mode & ALLPERMS); 749 DIP_SET(ip, i_mode, ip->i_mode); 750 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 751 #ifdef UFS_ACL 752 if ((vp->v_mount->mnt_flag & MNT_NFS4ACLS) != 0) 753 error = ufs_update_nfs4_acl_after_mode_change(vp, mode, ip->i_uid, cred, td); 754 #endif 755 if (error == 0 && (ip->i_flag & IN_CHANGE) != 0) 756 error = UFS_UPDATE(vp, 0); 757 758 return (error); 759 } 760 761 /* 762 * Perform chown operation on inode ip; 763 * inode must be locked prior to call. 764 */ 765 static int 766 ufs_chown(vp, uid, gid, cred, td) 767 struct vnode *vp; 768 uid_t uid; 769 gid_t gid; 770 struct ucred *cred; 771 struct thread *td; 772 { 773 struct inode *ip = VTOI(vp); 774 uid_t ouid; 775 gid_t ogid; 776 int error = 0; 777 #ifdef QUOTA 778 int i; 779 ufs2_daddr_t change; 780 #endif 781 782 if (uid == (uid_t)VNOVAL) 783 uid = ip->i_uid; 784 if (gid == (gid_t)VNOVAL) 785 gid = ip->i_gid; 786 /* 787 * To modify the ownership of a file, must possess VADMIN for that 788 * file. 789 */ 790 if ((error = VOP_ACCESSX(vp, VWRITE_OWNER, cred, td))) 791 return (error); 792 /* 793 * To change the owner of a file, or change the group of a file to a 794 * group of which we are not a member, the caller must have 795 * privilege. 796 */ 797 if (((uid != ip->i_uid && uid != cred->cr_uid) || 798 (gid != ip->i_gid && !groupmember(gid, cred))) && 799 (error = priv_check_cred(cred, PRIV_VFS_CHOWN))) 800 return (error); 801 ogid = ip->i_gid; 802 ouid = ip->i_uid; 803 #ifdef QUOTA 804 if ((error = getinoquota(ip)) != 0) 805 return (error); 806 if (ouid == uid) { 807 dqrele(vp, ip->i_dquot[USRQUOTA]); 808 ip->i_dquot[USRQUOTA] = NODQUOT; 809 } 810 if (ogid == gid) { 811 dqrele(vp, ip->i_dquot[GRPQUOTA]); 812 ip->i_dquot[GRPQUOTA] = NODQUOT; 813 } 814 change = DIP(ip, i_blocks); 815 (void) chkdq(ip, -change, cred, CHOWN|FORCE); 816 (void) chkiq(ip, -1, cred, CHOWN|FORCE); 817 for (i = 0; i < MAXQUOTAS; i++) { 818 dqrele(vp, ip->i_dquot[i]); 819 ip->i_dquot[i] = NODQUOT; 820 } 821 #endif 822 ip->i_gid = gid; 823 DIP_SET(ip, i_gid, gid); 824 ip->i_uid = uid; 825 DIP_SET(ip, i_uid, uid); 826 #ifdef QUOTA 827 if ((error = getinoquota(ip)) == 0) { 828 if (ouid == uid) { 829 dqrele(vp, ip->i_dquot[USRQUOTA]); 830 ip->i_dquot[USRQUOTA] = NODQUOT; 831 } 832 if (ogid == gid) { 833 dqrele(vp, ip->i_dquot[GRPQUOTA]); 834 ip->i_dquot[GRPQUOTA] = NODQUOT; 835 } 836 if ((error = chkdq(ip, change, cred, CHOWN)) == 0) { 837 if ((error = chkiq(ip, 1, cred, CHOWN)) == 0) 838 goto good; 839 else 840 (void) chkdq(ip, -change, cred, CHOWN|FORCE); 841 } 842 for (i = 0; i < MAXQUOTAS; i++) { 843 dqrele(vp, ip->i_dquot[i]); 844 ip->i_dquot[i] = NODQUOT; 845 } 846 } 847 ip->i_gid = ogid; 848 DIP_SET(ip, i_gid, ogid); 849 ip->i_uid = ouid; 850 DIP_SET(ip, i_uid, ouid); 851 if (getinoquota(ip) == 0) { 852 if (ouid == uid) { 853 dqrele(vp, ip->i_dquot[USRQUOTA]); 854 ip->i_dquot[USRQUOTA] = NODQUOT; 855 } 856 if (ogid == gid) { 857 dqrele(vp, ip->i_dquot[GRPQUOTA]); 858 ip->i_dquot[GRPQUOTA] = NODQUOT; 859 } 860 (void) chkdq(ip, change, cred, FORCE|CHOWN); 861 (void) chkiq(ip, 1, cred, FORCE|CHOWN); 862 (void) getinoquota(ip); 863 } 864 return (error); 865 good: 866 if (getinoquota(ip)) 867 panic("ufs_chown: lost quota"); 868 #endif /* QUOTA */ 869 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 870 if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) { 871 if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID)) { 872 ip->i_mode &= ~(ISUID | ISGID); 873 DIP_SET(ip, i_mode, ip->i_mode); 874 } 875 } 876 error = UFS_UPDATE(vp, 0); 877 return (error); 878 } 879 880 static int 881 ufs_remove(ap) 882 struct vop_remove_args /* { 883 struct vnode *a_dvp; 884 struct vnode *a_vp; 885 struct componentname *a_cnp; 886 } */ *ap; 887 { 888 struct inode *ip; 889 struct vnode *vp = ap->a_vp; 890 struct vnode *dvp = ap->a_dvp; 891 int error; 892 struct thread *td; 893 894 td = curthread; 895 ip = VTOI(vp); 896 if ((ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) || 897 (VTOI(dvp)->i_flags & APPEND)) { 898 error = EPERM; 899 goto out; 900 } 901 #ifdef UFS_GJOURNAL 902 ufs_gjournal_orphan(vp); 903 #endif 904 error = ufs_dirremove(dvp, ip, ap->a_cnp->cn_flags, 0); 905 if (ip->i_nlink <= 0) 906 vp->v_vflag |= VV_NOSYNC; 907 if ((ip->i_flags & SF_SNAPSHOT) != 0) { 908 /* 909 * Avoid deadlock where another thread is trying to 910 * update the inodeblock for dvp and is waiting on 911 * snaplk. Temporary unlock the vnode lock for the 912 * unlinked file and sync the directory. This should 913 * allow vput() of the directory to not block later on 914 * while holding the snapshot vnode locked, assuming 915 * that the directory hasn't been unlinked too. 916 */ 917 VOP_UNLOCK(vp); 918 (void) VOP_FSYNC(dvp, MNT_WAIT, td); 919 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 920 } 921 out: 922 return (error); 923 } 924 925 static void 926 print_bad_link_count(const char *funcname, struct vnode *dvp) 927 { 928 struct inode *dip; 929 930 dip = VTOI(dvp); 931 uprintf("%s: Bad link count %d on parent inode %jd in file system %s\n", 932 funcname, dip->i_effnlink, (intmax_t)dip->i_number, 933 dvp->v_mount->mnt_stat.f_mntonname); 934 } 935 936 /* 937 * link vnode call 938 */ 939 static int 940 ufs_link(ap) 941 struct vop_link_args /* { 942 struct vnode *a_tdvp; 943 struct vnode *a_vp; 944 struct componentname *a_cnp; 945 } */ *ap; 946 { 947 struct vnode *vp = ap->a_vp; 948 struct vnode *tdvp = ap->a_tdvp; 949 struct componentname *cnp = ap->a_cnp; 950 struct inode *ip; 951 struct direct newdir; 952 int error; 953 954 #ifdef INVARIANTS 955 if ((cnp->cn_flags & HASBUF) == 0) 956 panic("ufs_link: no name"); 957 #endif 958 if (VTOI(tdvp)->i_effnlink < 2) { 959 print_bad_link_count("ufs_link", tdvp); 960 error = EINVAL; 961 goto out; 962 } 963 ip = VTOI(vp); 964 if (ip->i_nlink >= UFS_LINK_MAX) { 965 error = EMLINK; 966 goto out; 967 } 968 /* 969 * The file may have been removed after namei droped the original 970 * lock. 971 */ 972 if (ip->i_effnlink == 0) { 973 error = ENOENT; 974 goto out; 975 } 976 if (ip->i_flags & (IMMUTABLE | APPEND)) { 977 error = EPERM; 978 goto out; 979 } 980 ip->i_effnlink++; 981 ip->i_nlink++; 982 DIP_SET(ip, i_nlink, ip->i_nlink); 983 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 984 if (DOINGSOFTDEP(vp)) 985 softdep_setup_link(VTOI(tdvp), ip); 986 error = UFS_UPDATE(vp, !DOINGSOFTDEP(vp) && !DOINGASYNC(vp)); 987 if (!error) { 988 ufs_makedirentry(ip, cnp, &newdir); 989 error = ufs_direnter(tdvp, vp, &newdir, cnp, NULL, 0); 990 } 991 992 if (error) { 993 ip->i_effnlink--; 994 ip->i_nlink--; 995 DIP_SET(ip, i_nlink, ip->i_nlink); 996 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 997 if (DOINGSOFTDEP(vp)) 998 softdep_revert_link(VTOI(tdvp), ip); 999 } 1000 out: 1001 return (error); 1002 } 1003 1004 /* 1005 * whiteout vnode call 1006 */ 1007 static int 1008 ufs_whiteout(ap) 1009 struct vop_whiteout_args /* { 1010 struct vnode *a_dvp; 1011 struct componentname *a_cnp; 1012 int a_flags; 1013 } */ *ap; 1014 { 1015 struct vnode *dvp = ap->a_dvp; 1016 struct componentname *cnp = ap->a_cnp; 1017 struct direct newdir; 1018 int error = 0; 1019 1020 switch (ap->a_flags) { 1021 case LOOKUP: 1022 /* 4.4 format directories support whiteout operations */ 1023 if (dvp->v_mount->mnt_maxsymlinklen > 0) 1024 return (0); 1025 return (EOPNOTSUPP); 1026 1027 case CREATE: 1028 /* create a new directory whiteout */ 1029 #ifdef INVARIANTS 1030 if ((cnp->cn_flags & SAVENAME) == 0) 1031 panic("ufs_whiteout: missing name"); 1032 if (dvp->v_mount->mnt_maxsymlinklen <= 0) 1033 panic("ufs_whiteout: old format filesystem"); 1034 #endif 1035 1036 newdir.d_ino = UFS_WINO; 1037 newdir.d_namlen = cnp->cn_namelen; 1038 bcopy(cnp->cn_nameptr, newdir.d_name, (unsigned)cnp->cn_namelen + 1); 1039 newdir.d_type = DT_WHT; 1040 error = ufs_direnter(dvp, NULL, &newdir, cnp, NULL, 0); 1041 break; 1042 1043 case DELETE: 1044 /* remove an existing directory whiteout */ 1045 #ifdef INVARIANTS 1046 if (dvp->v_mount->mnt_maxsymlinklen <= 0) 1047 panic("ufs_whiteout: old format filesystem"); 1048 #endif 1049 1050 cnp->cn_flags &= ~DOWHITEOUT; 1051 error = ufs_dirremove(dvp, NULL, cnp->cn_flags, 0); 1052 break; 1053 default: 1054 panic("ufs_whiteout: unknown op"); 1055 } 1056 return (error); 1057 } 1058 1059 static volatile int rename_restarts; 1060 SYSCTL_INT(_vfs_ufs, OID_AUTO, rename_restarts, CTLFLAG_RD, 1061 __DEVOLATILE(int *, &rename_restarts), 0, 1062 "Times rename had to restart due to lock contention"); 1063 1064 /* 1065 * Rename system call. 1066 * rename("foo", "bar"); 1067 * is essentially 1068 * unlink("bar"); 1069 * link("foo", "bar"); 1070 * unlink("foo"); 1071 * but ``atomically''. Can't do full commit without saving state in the 1072 * inode on disk which isn't feasible at this time. Best we can do is 1073 * always guarantee the target exists. 1074 * 1075 * Basic algorithm is: 1076 * 1077 * 1) Bump link count on source while we're linking it to the 1078 * target. This also ensure the inode won't be deleted out 1079 * from underneath us while we work (it may be truncated by 1080 * a concurrent `trunc' or `open' for creation). 1081 * 2) Link source to destination. If destination already exists, 1082 * delete it first. 1083 * 3) Unlink source reference to inode if still around. If a 1084 * directory was moved and the parent of the destination 1085 * is different from the source, patch the ".." entry in the 1086 * directory. 1087 */ 1088 static int 1089 ufs_rename(ap) 1090 struct vop_rename_args /* { 1091 struct vnode *a_fdvp; 1092 struct vnode *a_fvp; 1093 struct componentname *a_fcnp; 1094 struct vnode *a_tdvp; 1095 struct vnode *a_tvp; 1096 struct componentname *a_tcnp; 1097 } */ *ap; 1098 { 1099 struct vnode *tvp = ap->a_tvp; 1100 struct vnode *tdvp = ap->a_tdvp; 1101 struct vnode *fvp = ap->a_fvp; 1102 struct vnode *fdvp = ap->a_fdvp; 1103 struct vnode *nvp; 1104 struct componentname *tcnp = ap->a_tcnp; 1105 struct componentname *fcnp = ap->a_fcnp; 1106 struct thread *td = fcnp->cn_thread; 1107 struct inode *fip, *tip, *tdp, *fdp; 1108 struct direct newdir; 1109 off_t endoff; 1110 int doingdirectory, newparent; 1111 int error = 0; 1112 struct mount *mp; 1113 ino_t ino; 1114 1115 #ifdef INVARIANTS 1116 if ((tcnp->cn_flags & HASBUF) == 0 || 1117 (fcnp->cn_flags & HASBUF) == 0) 1118 panic("ufs_rename: no name"); 1119 #endif 1120 endoff = 0; 1121 mp = tdvp->v_mount; 1122 VOP_UNLOCK(tdvp); 1123 if (tvp && tvp != tdvp) 1124 VOP_UNLOCK(tvp); 1125 /* 1126 * Check for cross-device rename. 1127 */ 1128 if ((fvp->v_mount != tdvp->v_mount) || 1129 (tvp && (fvp->v_mount != tvp->v_mount))) { 1130 error = EXDEV; 1131 mp = NULL; 1132 goto releout; 1133 } 1134 relock: 1135 /* 1136 * We need to acquire 2 to 4 locks depending on whether tvp is NULL 1137 * and fdvp and tdvp are the same directory. Subsequently we need 1138 * to double-check all paths and in the directory rename case we 1139 * need to verify that we are not creating a directory loop. To 1140 * handle this we acquire all but fdvp using non-blocking 1141 * acquisitions. If we fail to acquire any lock in the path we will 1142 * drop all held locks, acquire the new lock in a blocking fashion, 1143 * and then release it and restart the rename. This acquire/release 1144 * step ensures that we do not spin on a lock waiting for release. 1145 */ 1146 error = vn_lock(fdvp, LK_EXCLUSIVE); 1147 if (error) 1148 goto releout; 1149 if (vn_lock(tdvp, LK_EXCLUSIVE | LK_NOWAIT) != 0) { 1150 VOP_UNLOCK(fdvp); 1151 error = vn_lock(tdvp, LK_EXCLUSIVE); 1152 if (error) 1153 goto releout; 1154 VOP_UNLOCK(tdvp); 1155 atomic_add_int(&rename_restarts, 1); 1156 goto relock; 1157 } 1158 /* 1159 * Re-resolve fvp to be certain it still exists and fetch the 1160 * correct vnode. 1161 */ 1162 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino); 1163 if (error) { 1164 VOP_UNLOCK(fdvp); 1165 VOP_UNLOCK(tdvp); 1166 goto releout; 1167 } 1168 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp); 1169 if (error) { 1170 VOP_UNLOCK(fdvp); 1171 VOP_UNLOCK(tdvp); 1172 if (error != EBUSY) 1173 goto releout; 1174 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp); 1175 if (error != 0) 1176 goto releout; 1177 VOP_UNLOCK(nvp); 1178 vrele(fvp); 1179 fvp = nvp; 1180 atomic_add_int(&rename_restarts, 1); 1181 goto relock; 1182 } 1183 vrele(fvp); 1184 fvp = nvp; 1185 /* 1186 * Re-resolve tvp and acquire the vnode lock if present. 1187 */ 1188 error = ufs_lookup_ino(tdvp, NULL, tcnp, &ino); 1189 if (error != 0 && error != EJUSTRETURN) { 1190 VOP_UNLOCK(fdvp); 1191 VOP_UNLOCK(tdvp); 1192 VOP_UNLOCK(fvp); 1193 goto releout; 1194 } 1195 /* 1196 * If tvp disappeared we just carry on. 1197 */ 1198 if (error == EJUSTRETURN && tvp != NULL) { 1199 vrele(tvp); 1200 tvp = NULL; 1201 } 1202 /* 1203 * Get the tvp ino if the lookup succeeded. We may have to restart 1204 * if the non-blocking acquire fails. 1205 */ 1206 if (error == 0) { 1207 nvp = NULL; 1208 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp); 1209 if (tvp) 1210 vrele(tvp); 1211 tvp = nvp; 1212 if (error) { 1213 VOP_UNLOCK(fdvp); 1214 VOP_UNLOCK(tdvp); 1215 VOP_UNLOCK(fvp); 1216 if (error != EBUSY) 1217 goto releout; 1218 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp); 1219 if (error != 0) 1220 goto releout; 1221 vput(nvp); 1222 atomic_add_int(&rename_restarts, 1); 1223 goto relock; 1224 } 1225 } 1226 fdp = VTOI(fdvp); 1227 fip = VTOI(fvp); 1228 tdp = VTOI(tdvp); 1229 tip = NULL; 1230 if (tvp) 1231 tip = VTOI(tvp); 1232 if (tvp && ((VTOI(tvp)->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) || 1233 (VTOI(tdvp)->i_flags & APPEND))) { 1234 error = EPERM; 1235 goto unlockout; 1236 } 1237 /* 1238 * Renaming a file to itself has no effect. The upper layers should 1239 * not call us in that case. However, things could change after 1240 * we drop the locks above. 1241 */ 1242 if (fvp == tvp) { 1243 error = 0; 1244 goto unlockout; 1245 } 1246 doingdirectory = 0; 1247 newparent = 0; 1248 ino = fip->i_number; 1249 if (fip->i_nlink >= UFS_LINK_MAX) { 1250 error = EMLINK; 1251 goto unlockout; 1252 } 1253 if ((fip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) 1254 || (fdp->i_flags & APPEND)) { 1255 error = EPERM; 1256 goto unlockout; 1257 } 1258 if ((fip->i_mode & IFMT) == IFDIR) { 1259 /* 1260 * Avoid ".", "..", and aliases of "." for obvious reasons. 1261 */ 1262 if ((fcnp->cn_namelen == 1 && fcnp->cn_nameptr[0] == '.') || 1263 fdp == fip || 1264 (fcnp->cn_flags | tcnp->cn_flags) & ISDOTDOT) { 1265 error = EINVAL; 1266 goto unlockout; 1267 } 1268 if (fdp->i_number != tdp->i_number) 1269 newparent = tdp->i_number; 1270 doingdirectory = 1; 1271 } 1272 if ((fvp->v_type == VDIR && fvp->v_mountedhere != NULL) || 1273 (tvp != NULL && tvp->v_type == VDIR && 1274 tvp->v_mountedhere != NULL)) { 1275 error = EXDEV; 1276 goto unlockout; 1277 } 1278 1279 /* 1280 * If ".." must be changed (ie the directory gets a new 1281 * parent) then the source directory must not be in the 1282 * directory hierarchy above the target, as this would 1283 * orphan everything below the source directory. Also 1284 * the user must have write permission in the source so 1285 * as to be able to change "..". 1286 */ 1287 if (doingdirectory && newparent) { 1288 error = VOP_ACCESS(fvp, VWRITE, tcnp->cn_cred, tcnp->cn_thread); 1289 if (error) 1290 goto unlockout; 1291 error = ufs_checkpath(ino, fdp->i_number, tdp, tcnp->cn_cred, 1292 &ino); 1293 /* 1294 * We encountered a lock that we have to wait for. Unlock 1295 * everything else and VGET before restarting. 1296 */ 1297 if (ino) { 1298 VOP_UNLOCK(fdvp); 1299 VOP_UNLOCK(fvp); 1300 VOP_UNLOCK(tdvp); 1301 if (tvp) 1302 VOP_UNLOCK(tvp); 1303 error = VFS_VGET(mp, ino, LK_SHARED, &nvp); 1304 if (error == 0) 1305 vput(nvp); 1306 atomic_add_int(&rename_restarts, 1); 1307 goto relock; 1308 } 1309 if (error) 1310 goto unlockout; 1311 if ((tcnp->cn_flags & SAVESTART) == 0) 1312 panic("ufs_rename: lost to startdir"); 1313 } 1314 if (fip->i_effnlink == 0 || fdp->i_effnlink == 0 || 1315 tdp->i_effnlink == 0) 1316 panic("Bad effnlink fip %p, fdp %p, tdp %p", fip, fdp, tdp); 1317 1318 /* 1319 * 1) Bump link count while we're moving stuff 1320 * around. If we crash somewhere before 1321 * completing our work, the link count 1322 * may be wrong, but correctable. 1323 */ 1324 fip->i_effnlink++; 1325 fip->i_nlink++; 1326 DIP_SET(fip, i_nlink, fip->i_nlink); 1327 UFS_INODE_SET_FLAG(fip, IN_CHANGE); 1328 if (DOINGSOFTDEP(fvp)) 1329 softdep_setup_link(tdp, fip); 1330 error = UFS_UPDATE(fvp, !DOINGSOFTDEP(fvp) && !DOINGASYNC(fvp)); 1331 if (error) 1332 goto bad; 1333 1334 /* 1335 * 2) If target doesn't exist, link the target 1336 * to the source and unlink the source. 1337 * Otherwise, rewrite the target directory 1338 * entry to reference the source inode and 1339 * expunge the original entry's existence. 1340 */ 1341 if (tip == NULL) { 1342 if (ITODEV(tdp) != ITODEV(fip)) 1343 panic("ufs_rename: EXDEV"); 1344 if (doingdirectory && newparent) { 1345 /* 1346 * Account for ".." in new directory. 1347 * When source and destination have the same 1348 * parent we don't adjust the link count. The 1349 * actual link modification is completed when 1350 * .. is rewritten below. 1351 */ 1352 if (tdp->i_nlink >= UFS_LINK_MAX) { 1353 error = EMLINK; 1354 goto bad; 1355 } 1356 } 1357 ufs_makedirentry(fip, tcnp, &newdir); 1358 error = ufs_direnter(tdvp, NULL, &newdir, tcnp, NULL, 1); 1359 if (error) 1360 goto bad; 1361 /* Setup tdvp for directory compaction if needed. */ 1362 if (tdp->i_count && tdp->i_endoff && 1363 tdp->i_endoff < tdp->i_size) 1364 endoff = tdp->i_endoff; 1365 } else { 1366 if (ITODEV(tip) != ITODEV(tdp) || ITODEV(tip) != ITODEV(fip)) 1367 panic("ufs_rename: EXDEV"); 1368 /* 1369 * Short circuit rename(foo, foo). 1370 */ 1371 if (tip->i_number == fip->i_number) 1372 panic("ufs_rename: same file"); 1373 /* 1374 * If the parent directory is "sticky", then the caller 1375 * must possess VADMIN for the parent directory, or the 1376 * destination of the rename. This implements append-only 1377 * directories. 1378 */ 1379 if ((tdp->i_mode & S_ISTXT) && 1380 VOP_ACCESS(tdvp, VADMIN, tcnp->cn_cred, td) && 1381 VOP_ACCESS(tvp, VADMIN, tcnp->cn_cred, td)) { 1382 error = EPERM; 1383 goto bad; 1384 } 1385 /* 1386 * Target must be empty if a directory and have no links 1387 * to it. Also, ensure source and target are compatible 1388 * (both directories, or both not directories). 1389 */ 1390 if ((tip->i_mode & IFMT) == IFDIR) { 1391 if ((tip->i_effnlink > 2) || 1392 !ufs_dirempty(tip, tdp->i_number, tcnp->cn_cred)) { 1393 error = ENOTEMPTY; 1394 goto bad; 1395 } 1396 if (!doingdirectory) { 1397 error = ENOTDIR; 1398 goto bad; 1399 } 1400 cache_purge(tdvp); 1401 } else if (doingdirectory) { 1402 error = EISDIR; 1403 goto bad; 1404 } 1405 if (doingdirectory) { 1406 if (!newparent) { 1407 tdp->i_effnlink--; 1408 if (DOINGSOFTDEP(tdvp)) 1409 softdep_change_linkcnt(tdp); 1410 } 1411 tip->i_effnlink--; 1412 if (DOINGSOFTDEP(tvp)) 1413 softdep_change_linkcnt(tip); 1414 } 1415 error = ufs_dirrewrite(tdp, tip, fip->i_number, 1416 IFTODT(fip->i_mode), 1417 (doingdirectory && newparent) ? newparent : doingdirectory); 1418 if (error) { 1419 if (doingdirectory) { 1420 if (!newparent) { 1421 tdp->i_effnlink++; 1422 if (DOINGSOFTDEP(tdvp)) 1423 softdep_change_linkcnt(tdp); 1424 } 1425 tip->i_effnlink++; 1426 if (DOINGSOFTDEP(tvp)) 1427 softdep_change_linkcnt(tip); 1428 } 1429 goto bad; 1430 } 1431 if (doingdirectory && !DOINGSOFTDEP(tvp)) { 1432 /* 1433 * The only stuff left in the directory is "." 1434 * and "..". The "." reference is inconsequential 1435 * since we are quashing it. We have removed the "." 1436 * reference and the reference in the parent directory, 1437 * but there may be other hard links. The soft 1438 * dependency code will arrange to do these operations 1439 * after the parent directory entry has been deleted on 1440 * disk, so when running with that code we avoid doing 1441 * them now. 1442 */ 1443 if (!newparent) { 1444 tdp->i_nlink--; 1445 DIP_SET(tdp, i_nlink, tdp->i_nlink); 1446 UFS_INODE_SET_FLAG(tdp, IN_CHANGE); 1447 } 1448 tip->i_nlink--; 1449 DIP_SET(tip, i_nlink, tip->i_nlink); 1450 UFS_INODE_SET_FLAG(tip, IN_CHANGE); 1451 } 1452 } 1453 1454 /* 1455 * 3) Unlink the source. We have to resolve the path again to 1456 * fixup the directory offset and count for ufs_dirremove. 1457 */ 1458 if (fdvp == tdvp) { 1459 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino); 1460 if (error) 1461 panic("ufs_rename: from entry went away!"); 1462 if (ino != fip->i_number) 1463 panic("ufs_rename: ino mismatch %ju != %ju\n", 1464 (uintmax_t)ino, (uintmax_t)fip->i_number); 1465 } 1466 /* 1467 * If the source is a directory with a 1468 * new parent, the link count of the old 1469 * parent directory must be decremented 1470 * and ".." set to point to the new parent. 1471 */ 1472 if (doingdirectory && newparent) { 1473 /* 1474 * If tip exists we simply use its link, otherwise we must 1475 * add a new one. 1476 */ 1477 if (tip == NULL) { 1478 tdp->i_effnlink++; 1479 tdp->i_nlink++; 1480 DIP_SET(tdp, i_nlink, tdp->i_nlink); 1481 UFS_INODE_SET_FLAG(tdp, IN_CHANGE); 1482 if (DOINGSOFTDEP(tdvp)) 1483 softdep_setup_dotdot_link(tdp, fip); 1484 error = UFS_UPDATE(tdvp, !DOINGSOFTDEP(tdvp) && 1485 !DOINGASYNC(tdvp)); 1486 /* Don't go to bad here as the new link exists. */ 1487 if (error) 1488 goto unlockout; 1489 } else if (DOINGSUJ(tdvp)) 1490 /* Journal must account for each new link. */ 1491 softdep_setup_dotdot_link(tdp, fip); 1492 fip->i_offset = mastertemplate.dot_reclen; 1493 ufs_dirrewrite(fip, fdp, newparent, DT_DIR, 0); 1494 cache_purge(fdvp); 1495 } 1496 error = ufs_dirremove(fdvp, fip, fcnp->cn_flags, 0); 1497 /* 1498 * The kern_renameat() looks up the fvp using the DELETE flag, which 1499 * causes the removal of the name cache entry for fvp. 1500 * As the relookup of the fvp is done in two steps: 1501 * ufs_lookup_ino() and then VFS_VGET(), another thread might do a 1502 * normal lookup of the from name just before the VFS_VGET() call, 1503 * causing the cache entry to be re-instantiated. 1504 * 1505 * The same issue also applies to tvp if it exists as 1506 * otherwise we may have a stale name cache entry for the new 1507 * name that references the old i-node if it has other links 1508 * or open file descriptors. 1509 */ 1510 cache_purge(fvp); 1511 if (tvp) 1512 cache_purge(tvp); 1513 cache_purge_negative(tdvp); 1514 1515 unlockout: 1516 vput(fdvp); 1517 vput(fvp); 1518 if (tvp) 1519 vput(tvp); 1520 /* 1521 * If compaction or fsync was requested do it now that other locks 1522 * are no longer needed. 1523 */ 1524 if (error == 0 && endoff != 0) { 1525 error = UFS_TRUNCATE(tdvp, endoff, IO_NORMAL | 1526 (DOINGASYNC(tdvp) ? 0 : IO_SYNC), tcnp->cn_cred); 1527 if (error != 0 && !ffs_fsfail_cleanup(VFSTOUFS(mp), error)) 1528 vn_printf(tdvp, 1529 "ufs_rename: failed to truncate, error %d\n", 1530 error); 1531 #ifdef UFS_DIRHASH 1532 if (error != 0) 1533 ufsdirhash_free(tdp); 1534 else if (tdp->i_dirhash != NULL) 1535 ufsdirhash_dirtrunc(tdp, endoff); 1536 #endif 1537 /* 1538 * Even if the directory compaction failed, rename was 1539 * succesful. Do not propagate a UFS_TRUNCATE() error 1540 * to the caller. 1541 */ 1542 error = 0; 1543 } 1544 if (error == 0 && tdp->i_flag & IN_NEEDSYNC) 1545 error = VOP_FSYNC(tdvp, MNT_WAIT, td); 1546 vput(tdvp); 1547 return (error); 1548 1549 bad: 1550 fip->i_effnlink--; 1551 fip->i_nlink--; 1552 DIP_SET(fip, i_nlink, fip->i_nlink); 1553 UFS_INODE_SET_FLAG(fip, IN_CHANGE); 1554 if (DOINGSOFTDEP(fvp)) 1555 softdep_revert_link(tdp, fip); 1556 goto unlockout; 1557 1558 releout: 1559 vrele(fdvp); 1560 vrele(fvp); 1561 vrele(tdvp); 1562 if (tvp) 1563 vrele(tvp); 1564 1565 return (error); 1566 } 1567 1568 #ifdef UFS_ACL 1569 static int 1570 ufs_do_posix1e_acl_inheritance_dir(struct vnode *dvp, struct vnode *tvp, 1571 mode_t dmode, struct ucred *cred, struct thread *td) 1572 { 1573 int error; 1574 struct inode *ip = VTOI(tvp); 1575 struct acl *dacl, *acl; 1576 1577 acl = acl_alloc(M_WAITOK); 1578 dacl = acl_alloc(M_WAITOK); 1579 1580 /* 1581 * Retrieve default ACL from parent, if any. 1582 */ 1583 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td); 1584 switch (error) { 1585 case 0: 1586 /* 1587 * Retrieved a default ACL, so merge mode and ACL if 1588 * necessary. If the ACL is empty, fall through to 1589 * the "not defined or available" case. 1590 */ 1591 if (acl->acl_cnt != 0) { 1592 dmode = acl_posix1e_newfilemode(dmode, acl); 1593 ip->i_mode = dmode; 1594 DIP_SET(ip, i_mode, dmode); 1595 *dacl = *acl; 1596 ufs_sync_acl_from_inode(ip, acl); 1597 break; 1598 } 1599 /* FALLTHROUGH */ 1600 1601 case EOPNOTSUPP: 1602 /* 1603 * Just use the mode as-is. 1604 */ 1605 ip->i_mode = dmode; 1606 DIP_SET(ip, i_mode, dmode); 1607 error = 0; 1608 goto out; 1609 1610 default: 1611 goto out; 1612 } 1613 1614 /* 1615 * XXX: If we abort now, will Soft Updates notify the extattr 1616 * code that the EAs for the file need to be released? 1617 */ 1618 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td); 1619 if (error == 0) 1620 error = VOP_SETACL(tvp, ACL_TYPE_DEFAULT, dacl, cred, td); 1621 switch (error) { 1622 case 0: 1623 break; 1624 1625 case EOPNOTSUPP: 1626 /* 1627 * XXX: This should not happen, as EOPNOTSUPP above 1628 * was supposed to free acl. 1629 */ 1630 printf("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()\n"); 1631 /* 1632 panic("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()"); 1633 */ 1634 break; 1635 1636 default: 1637 goto out; 1638 } 1639 1640 out: 1641 acl_free(acl); 1642 acl_free(dacl); 1643 1644 return (error); 1645 } 1646 1647 static int 1648 ufs_do_posix1e_acl_inheritance_file(struct vnode *dvp, struct vnode *tvp, 1649 mode_t mode, struct ucred *cred, struct thread *td) 1650 { 1651 int error; 1652 struct inode *ip = VTOI(tvp); 1653 struct acl *acl; 1654 1655 acl = acl_alloc(M_WAITOK); 1656 1657 /* 1658 * Retrieve default ACL for parent, if any. 1659 */ 1660 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td); 1661 switch (error) { 1662 case 0: 1663 /* 1664 * Retrieved a default ACL, so merge mode and ACL if 1665 * necessary. 1666 */ 1667 if (acl->acl_cnt != 0) { 1668 /* 1669 * Two possible ways for default ACL to not 1670 * be present. First, the EA can be 1671 * undefined, or second, the default ACL can 1672 * be blank. If it's blank, fall through to 1673 * the it's not defined case. 1674 */ 1675 mode = acl_posix1e_newfilemode(mode, acl); 1676 ip->i_mode = mode; 1677 DIP_SET(ip, i_mode, mode); 1678 ufs_sync_acl_from_inode(ip, acl); 1679 break; 1680 } 1681 /* FALLTHROUGH */ 1682 1683 case EOPNOTSUPP: 1684 /* 1685 * Just use the mode as-is. 1686 */ 1687 ip->i_mode = mode; 1688 DIP_SET(ip, i_mode, mode); 1689 error = 0; 1690 goto out; 1691 1692 default: 1693 goto out; 1694 } 1695 1696 /* 1697 * XXX: If we abort now, will Soft Updates notify the extattr 1698 * code that the EAs for the file need to be released? 1699 */ 1700 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td); 1701 switch (error) { 1702 case 0: 1703 break; 1704 1705 case EOPNOTSUPP: 1706 /* 1707 * XXX: This should not happen, as EOPNOTSUPP above was 1708 * supposed to free acl. 1709 */ 1710 printf("ufs_do_posix1e_acl_inheritance_file: VOP_GETACL() " 1711 "but no VOP_SETACL()\n"); 1712 /* panic("ufs_do_posix1e_acl_inheritance_file: VOP_GETACL() " 1713 "but no VOP_SETACL()"); */ 1714 break; 1715 1716 default: 1717 goto out; 1718 } 1719 1720 out: 1721 acl_free(acl); 1722 1723 return (error); 1724 } 1725 1726 static int 1727 ufs_do_nfs4_acl_inheritance(struct vnode *dvp, struct vnode *tvp, 1728 mode_t child_mode, struct ucred *cred, struct thread *td) 1729 { 1730 int error; 1731 struct acl *parent_aclp, *child_aclp; 1732 1733 parent_aclp = acl_alloc(M_WAITOK); 1734 child_aclp = acl_alloc(M_WAITOK | M_ZERO); 1735 1736 error = ufs_getacl_nfs4_internal(dvp, parent_aclp, td); 1737 if (error) 1738 goto out; 1739 acl_nfs4_compute_inherited_acl(parent_aclp, child_aclp, 1740 child_mode, VTOI(tvp)->i_uid, tvp->v_type == VDIR); 1741 error = ufs_setacl_nfs4_internal(tvp, child_aclp, td); 1742 if (error) 1743 goto out; 1744 out: 1745 acl_free(parent_aclp); 1746 acl_free(child_aclp); 1747 1748 return (error); 1749 } 1750 #endif 1751 1752 /* 1753 * Mkdir system call 1754 */ 1755 static int 1756 ufs_mkdir(ap) 1757 struct vop_mkdir_args /* { 1758 struct vnode *a_dvp; 1759 struct vnode **a_vpp; 1760 struct componentname *a_cnp; 1761 struct vattr *a_vap; 1762 } */ *ap; 1763 { 1764 struct vnode *dvp = ap->a_dvp; 1765 struct vattr *vap = ap->a_vap; 1766 struct componentname *cnp = ap->a_cnp; 1767 struct inode *ip, *dp; 1768 struct vnode *tvp; 1769 struct buf *bp; 1770 struct dirtemplate dirtemplate, *dtp; 1771 struct direct newdir; 1772 int error, dmode; 1773 long blkoff; 1774 1775 #ifdef INVARIANTS 1776 if ((cnp->cn_flags & HASBUF) == 0) 1777 panic("ufs_mkdir: no name"); 1778 #endif 1779 dp = VTOI(dvp); 1780 if (dp->i_nlink >= UFS_LINK_MAX) { 1781 error = EMLINK; 1782 goto out; 1783 } 1784 dmode = vap->va_mode & 0777; 1785 dmode |= IFDIR; 1786 /* 1787 * Must simulate part of ufs_makeinode here to acquire the inode, 1788 * but not have it entered in the parent directory. The entry is 1789 * made later after writing "." and ".." entries. 1790 */ 1791 if (dp->i_effnlink < 2) { 1792 print_bad_link_count("ufs_mkdir", dvp); 1793 error = EINVAL; 1794 goto out; 1795 } 1796 error = UFS_VALLOC(dvp, dmode, cnp->cn_cred, &tvp); 1797 if (error) 1798 goto out; 1799 ip = VTOI(tvp); 1800 ip->i_gid = dp->i_gid; 1801 DIP_SET(ip, i_gid, dp->i_gid); 1802 #ifdef SUIDDIR 1803 { 1804 #ifdef QUOTA 1805 struct ucred ucred, *ucp; 1806 gid_t ucred_group; 1807 ucp = cnp->cn_cred; 1808 #endif 1809 /* 1810 * If we are hacking owners here, (only do this where told to) 1811 * and we are not giving it TO root, (would subvert quotas) 1812 * then go ahead and give it to the other user. 1813 * The new directory also inherits the SUID bit. 1814 * If user's UID and dir UID are the same, 1815 * 'give it away' so that the SUID is still forced on. 1816 */ 1817 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) && 1818 (dp->i_mode & ISUID) && dp->i_uid) { 1819 dmode |= ISUID; 1820 ip->i_uid = dp->i_uid; 1821 DIP_SET(ip, i_uid, dp->i_uid); 1822 #ifdef QUOTA 1823 if (dp->i_uid != cnp->cn_cred->cr_uid) { 1824 /* 1825 * Make sure the correct user gets charged 1826 * for the space. 1827 * Make a dummy credential for the victim. 1828 * XXX This seems to never be accessed out of 1829 * our context so a stack variable is ok. 1830 */ 1831 refcount_init(&ucred.cr_ref, 1); 1832 ucred.cr_uid = ip->i_uid; 1833 ucred.cr_ngroups = 1; 1834 ucred.cr_groups = &ucred_group; 1835 ucred.cr_groups[0] = dp->i_gid; 1836 ucp = &ucred; 1837 } 1838 #endif 1839 } else { 1840 ip->i_uid = cnp->cn_cred->cr_uid; 1841 DIP_SET(ip, i_uid, ip->i_uid); 1842 } 1843 #ifdef QUOTA 1844 if ((error = getinoquota(ip)) || 1845 (error = chkiq(ip, 1, ucp, 0))) { 1846 if (DOINGSOFTDEP(tvp)) 1847 softdep_revert_link(dp, ip); 1848 UFS_VFREE(tvp, ip->i_number, dmode); 1849 vgone(tvp); 1850 vput(tvp); 1851 return (error); 1852 } 1853 #endif 1854 } 1855 #else /* !SUIDDIR */ 1856 ip->i_uid = cnp->cn_cred->cr_uid; 1857 DIP_SET(ip, i_uid, ip->i_uid); 1858 #ifdef QUOTA 1859 if ((error = getinoquota(ip)) || 1860 (error = chkiq(ip, 1, cnp->cn_cred, 0))) { 1861 if (DOINGSOFTDEP(tvp)) 1862 softdep_revert_link(dp, ip); 1863 UFS_VFREE(tvp, ip->i_number, dmode); 1864 vgone(tvp); 1865 vput(tvp); 1866 return (error); 1867 } 1868 #endif 1869 #endif /* !SUIDDIR */ 1870 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE); 1871 ip->i_mode = dmode; 1872 DIP_SET(ip, i_mode, dmode); 1873 tvp->v_type = VDIR; /* Rest init'd in getnewvnode(). */ 1874 ip->i_effnlink = 2; 1875 ip->i_nlink = 2; 1876 DIP_SET(ip, i_nlink, 2); 1877 1878 if (cnp->cn_flags & ISWHITEOUT) { 1879 ip->i_flags |= UF_OPAQUE; 1880 DIP_SET(ip, i_flags, ip->i_flags); 1881 } 1882 1883 /* 1884 * Bump link count in parent directory to reflect work done below. 1885 * Should be done before reference is created so cleanup is 1886 * possible if we crash. 1887 */ 1888 dp->i_effnlink++; 1889 dp->i_nlink++; 1890 DIP_SET(dp, i_nlink, dp->i_nlink); 1891 UFS_INODE_SET_FLAG(dp, IN_CHANGE); 1892 if (DOINGSOFTDEP(dvp)) 1893 softdep_setup_mkdir(dp, ip); 1894 error = UFS_UPDATE(dvp, !DOINGSOFTDEP(dvp) && !DOINGASYNC(dvp)); 1895 if (error) 1896 goto bad; 1897 #ifdef MAC 1898 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) { 1899 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount, 1900 dvp, tvp, cnp); 1901 if (error) 1902 goto bad; 1903 } 1904 #endif 1905 #ifdef UFS_ACL 1906 if (dvp->v_mount->mnt_flag & MNT_ACLS) { 1907 error = ufs_do_posix1e_acl_inheritance_dir(dvp, tvp, dmode, 1908 cnp->cn_cred, cnp->cn_thread); 1909 if (error) 1910 goto bad; 1911 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) { 1912 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, dmode, 1913 cnp->cn_cred, cnp->cn_thread); 1914 if (error) 1915 goto bad; 1916 } 1917 #endif /* !UFS_ACL */ 1918 1919 /* 1920 * Initialize directory with "." and ".." from static template. 1921 */ 1922 if (dvp->v_mount->mnt_maxsymlinklen > 0) 1923 dtp = &mastertemplate; 1924 else 1925 dtp = (struct dirtemplate *)&omastertemplate; 1926 dirtemplate = *dtp; 1927 dirtemplate.dot_ino = ip->i_number; 1928 dirtemplate.dotdot_ino = dp->i_number; 1929 vnode_pager_setsize(tvp, DIRBLKSIZ); 1930 if ((error = UFS_BALLOC(tvp, (off_t)0, DIRBLKSIZ, cnp->cn_cred, 1931 BA_CLRBUF, &bp)) != 0) 1932 goto bad; 1933 ip->i_size = DIRBLKSIZ; 1934 DIP_SET(ip, i_size, DIRBLKSIZ); 1935 UFS_INODE_SET_FLAG(ip, IN_SIZEMOD | IN_CHANGE | IN_UPDATE); 1936 bcopy((caddr_t)&dirtemplate, (caddr_t)bp->b_data, sizeof dirtemplate); 1937 if (DOINGSOFTDEP(tvp)) { 1938 /* 1939 * Ensure that the entire newly allocated block is a 1940 * valid directory so that future growth within the 1941 * block does not have to ensure that the block is 1942 * written before the inode. 1943 */ 1944 blkoff = DIRBLKSIZ; 1945 while (blkoff < bp->b_bcount) { 1946 ((struct direct *) 1947 (bp->b_data + blkoff))->d_reclen = DIRBLKSIZ; 1948 blkoff += DIRBLKSIZ; 1949 } 1950 } 1951 if ((error = UFS_UPDATE(tvp, !DOINGSOFTDEP(tvp) && 1952 !DOINGASYNC(tvp))) != 0) { 1953 (void)bwrite(bp); 1954 goto bad; 1955 } 1956 /* 1957 * Directory set up, now install its entry in the parent directory. 1958 * 1959 * If we are not doing soft dependencies, then we must write out the 1960 * buffer containing the new directory body before entering the new 1961 * name in the parent. If we are doing soft dependencies, then the 1962 * buffer containing the new directory body will be passed to and 1963 * released in the soft dependency code after the code has attached 1964 * an appropriate ordering dependency to the buffer which ensures that 1965 * the buffer is written before the new name is written in the parent. 1966 */ 1967 if (DOINGASYNC(dvp)) 1968 bdwrite(bp); 1969 else if (!DOINGSOFTDEP(dvp) && ((error = bwrite(bp)))) 1970 goto bad; 1971 ufs_makedirentry(ip, cnp, &newdir); 1972 error = ufs_direnter(dvp, tvp, &newdir, cnp, bp, 0); 1973 1974 bad: 1975 if (error == 0) { 1976 *ap->a_vpp = tvp; 1977 } else { 1978 dp->i_effnlink--; 1979 dp->i_nlink--; 1980 DIP_SET(dp, i_nlink, dp->i_nlink); 1981 UFS_INODE_SET_FLAG(dp, IN_CHANGE); 1982 /* 1983 * No need to do an explicit VOP_TRUNCATE here, vrele will 1984 * do this for us because we set the link count to 0. 1985 */ 1986 ip->i_effnlink = 0; 1987 ip->i_nlink = 0; 1988 DIP_SET(ip, i_nlink, 0); 1989 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 1990 if (DOINGSOFTDEP(tvp)) 1991 softdep_revert_mkdir(dp, ip); 1992 vgone(tvp); 1993 vput(tvp); 1994 } 1995 out: 1996 return (error); 1997 } 1998 1999 /* 2000 * Rmdir system call. 2001 */ 2002 static int 2003 ufs_rmdir(ap) 2004 struct vop_rmdir_args /* { 2005 struct vnode *a_dvp; 2006 struct vnode *a_vp; 2007 struct componentname *a_cnp; 2008 } */ *ap; 2009 { 2010 struct vnode *vp = ap->a_vp; 2011 struct vnode *dvp = ap->a_dvp; 2012 struct componentname *cnp = ap->a_cnp; 2013 struct inode *ip, *dp; 2014 int error; 2015 2016 ip = VTOI(vp); 2017 dp = VTOI(dvp); 2018 2019 /* 2020 * Do not remove a directory that is in the process of being renamed. 2021 * Verify the directory is empty (and valid). Rmdir ".." will not be 2022 * valid since ".." will contain a reference to the current directory 2023 * and thus be non-empty. Do not allow the removal of mounted on 2024 * directories (this can happen when an NFS exported filesystem 2025 * tries to remove a locally mounted on directory). 2026 */ 2027 error = 0; 2028 if (dp->i_effnlink <= 2) { 2029 if (dp->i_effnlink == 2) 2030 print_bad_link_count("ufs_rmdir", dvp); 2031 error = EINVAL; 2032 goto out; 2033 } 2034 if (!ufs_dirempty(ip, dp->i_number, cnp->cn_cred)) { 2035 error = ENOTEMPTY; 2036 goto out; 2037 } 2038 if ((dp->i_flags & APPEND) 2039 || (ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))) { 2040 error = EPERM; 2041 goto out; 2042 } 2043 if (vp->v_mountedhere != 0) { 2044 error = EINVAL; 2045 goto out; 2046 } 2047 #ifdef UFS_GJOURNAL 2048 ufs_gjournal_orphan(vp); 2049 #endif 2050 /* 2051 * Delete reference to directory before purging 2052 * inode. If we crash in between, the directory 2053 * will be reattached to lost+found, 2054 */ 2055 dp->i_effnlink--; 2056 ip->i_effnlink--; 2057 if (DOINGSOFTDEP(vp)) 2058 softdep_setup_rmdir(dp, ip); 2059 error = ufs_dirremove(dvp, ip, cnp->cn_flags, 1); 2060 if (error) { 2061 dp->i_effnlink++; 2062 ip->i_effnlink++; 2063 if (DOINGSOFTDEP(vp)) 2064 softdep_revert_rmdir(dp, ip); 2065 goto out; 2066 } 2067 cache_purge(dvp); 2068 /* 2069 * The only stuff left in the directory is "." and "..". The "." 2070 * reference is inconsequential since we are quashing it. The soft 2071 * dependency code will arrange to do these operations after 2072 * the parent directory entry has been deleted on disk, so 2073 * when running with that code we avoid doing them now. 2074 */ 2075 if (!DOINGSOFTDEP(vp)) { 2076 dp->i_nlink--; 2077 DIP_SET(dp, i_nlink, dp->i_nlink); 2078 UFS_INODE_SET_FLAG(dp, IN_CHANGE); 2079 error = UFS_UPDATE(dvp, 0); 2080 ip->i_nlink--; 2081 DIP_SET(ip, i_nlink, ip->i_nlink); 2082 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 2083 } 2084 cache_purge(vp); 2085 #ifdef UFS_DIRHASH 2086 /* Kill any active hash; i_effnlink == 0, so it will not come back. */ 2087 if (ip->i_dirhash != NULL) 2088 ufsdirhash_free(ip); 2089 #endif 2090 out: 2091 return (error); 2092 } 2093 2094 /* 2095 * symlink -- make a symbolic link 2096 */ 2097 static int 2098 ufs_symlink(ap) 2099 struct vop_symlink_args /* { 2100 struct vnode *a_dvp; 2101 struct vnode **a_vpp; 2102 struct componentname *a_cnp; 2103 struct vattr *a_vap; 2104 const char *a_target; 2105 } */ *ap; 2106 { 2107 struct vnode *vp, **vpp = ap->a_vpp; 2108 struct inode *ip; 2109 int len, error; 2110 2111 error = ufs_makeinode(IFLNK | ap->a_vap->va_mode, ap->a_dvp, 2112 vpp, ap->a_cnp, "ufs_symlink"); 2113 if (error) 2114 return (error); 2115 vp = *vpp; 2116 len = strlen(ap->a_target); 2117 if (len < vp->v_mount->mnt_maxsymlinklen) { 2118 ip = VTOI(vp); 2119 bcopy(ap->a_target, SHORTLINK(ip), len); 2120 ip->i_size = len; 2121 DIP_SET(ip, i_size, len); 2122 UFS_INODE_SET_FLAG(ip, IN_SIZEMOD | IN_CHANGE | IN_UPDATE); 2123 error = UFS_UPDATE(vp, 0); 2124 } else 2125 error = vn_rdwr(UIO_WRITE, vp, __DECONST(void *, ap->a_target), 2126 len, (off_t)0, UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK, 2127 ap->a_cnp->cn_cred, NOCRED, NULL, NULL); 2128 if (error) 2129 vput(vp); 2130 return (error); 2131 } 2132 2133 /* 2134 * Vnode op for reading directories. 2135 */ 2136 int 2137 ufs_readdir(ap) 2138 struct vop_readdir_args /* { 2139 struct vnode *a_vp; 2140 struct uio *a_uio; 2141 struct ucred *a_cred; 2142 int *a_eofflag; 2143 int *a_ncookies; 2144 u_long **a_cookies; 2145 } */ *ap; 2146 { 2147 struct vnode *vp = ap->a_vp; 2148 struct uio *uio = ap->a_uio; 2149 struct buf *bp; 2150 struct inode *ip; 2151 struct direct *dp, *edp; 2152 u_long *cookies; 2153 struct dirent dstdp; 2154 off_t offset, startoffset; 2155 size_t readcnt, skipcnt; 2156 ssize_t startresid; 2157 u_int ncookies; 2158 int error; 2159 2160 if (uio->uio_offset < 0) 2161 return (EINVAL); 2162 ip = VTOI(vp); 2163 if (ip->i_effnlink == 0) 2164 return (0); 2165 if (ap->a_ncookies != NULL) { 2166 if (uio->uio_resid < 0) 2167 ncookies = 0; 2168 else 2169 ncookies = uio->uio_resid; 2170 if (uio->uio_offset >= ip->i_size) 2171 ncookies = 0; 2172 else if (ip->i_size - uio->uio_offset < ncookies) 2173 ncookies = ip->i_size - uio->uio_offset; 2174 ncookies = ncookies / (offsetof(struct direct, d_name) + 4) + 1; 2175 cookies = malloc(ncookies * sizeof(*cookies), M_TEMP, M_WAITOK); 2176 *ap->a_ncookies = ncookies; 2177 *ap->a_cookies = cookies; 2178 } else { 2179 ncookies = 0; 2180 cookies = NULL; 2181 } 2182 offset = startoffset = uio->uio_offset; 2183 startresid = uio->uio_resid; 2184 error = 0; 2185 while (error == 0 && uio->uio_resid > 0 && 2186 uio->uio_offset < ip->i_size) { 2187 error = UFS_BLKATOFF(vp, uio->uio_offset, NULL, &bp); 2188 if (error) 2189 break; 2190 if (bp->b_offset + bp->b_bcount > ip->i_size) 2191 readcnt = ip->i_size - bp->b_offset; 2192 else 2193 readcnt = bp->b_bcount; 2194 skipcnt = (size_t)(uio->uio_offset - bp->b_offset) & 2195 ~(size_t)(DIRBLKSIZ - 1); 2196 offset = bp->b_offset + skipcnt; 2197 dp = (struct direct *)&bp->b_data[skipcnt]; 2198 edp = (struct direct *)&bp->b_data[readcnt]; 2199 while (error == 0 && uio->uio_resid > 0 && dp < edp) { 2200 if (dp->d_reclen <= offsetof(struct direct, d_name) || 2201 (caddr_t)dp + dp->d_reclen > (caddr_t)edp) { 2202 error = EIO; 2203 break; 2204 } 2205 #if BYTE_ORDER == LITTLE_ENDIAN 2206 /* Old filesystem format. */ 2207 if (vp->v_mount->mnt_maxsymlinklen <= 0) { 2208 dstdp.d_namlen = dp->d_type; 2209 dstdp.d_type = dp->d_namlen; 2210 } else 2211 #endif 2212 { 2213 dstdp.d_namlen = dp->d_namlen; 2214 dstdp.d_type = dp->d_type; 2215 } 2216 if (offsetof(struct direct, d_name) + dstdp.d_namlen > 2217 dp->d_reclen) { 2218 error = EIO; 2219 break; 2220 } 2221 if (offset < startoffset || dp->d_ino == 0) 2222 goto nextentry; 2223 dstdp.d_fileno = dp->d_ino; 2224 dstdp.d_reclen = GENERIC_DIRSIZ(&dstdp); 2225 bcopy(dp->d_name, dstdp.d_name, dstdp.d_namlen); 2226 /* NOTE: d_off is the offset of the *next* entry. */ 2227 dstdp.d_off = offset + dp->d_reclen; 2228 dirent_terminate(&dstdp); 2229 if (dstdp.d_reclen > uio->uio_resid) { 2230 if (uio->uio_resid == startresid) 2231 error = EINVAL; 2232 else 2233 error = EJUSTRETURN; 2234 break; 2235 } 2236 /* Advance dp. */ 2237 error = uiomove((caddr_t)&dstdp, dstdp.d_reclen, uio); 2238 if (error) 2239 break; 2240 if (cookies != NULL) { 2241 KASSERT(ncookies > 0, 2242 ("ufs_readdir: cookies buffer too small")); 2243 *cookies = offset + dp->d_reclen; 2244 cookies++; 2245 ncookies--; 2246 } 2247 nextentry: 2248 offset += dp->d_reclen; 2249 dp = (struct direct *)((caddr_t)dp + dp->d_reclen); 2250 } 2251 bqrelse(bp); 2252 uio->uio_offset = offset; 2253 } 2254 /* We need to correct uio_offset. */ 2255 uio->uio_offset = offset; 2256 if (error == EJUSTRETURN) 2257 error = 0; 2258 if (ap->a_ncookies != NULL) { 2259 if (error == 0) { 2260 ap->a_ncookies -= ncookies; 2261 } else { 2262 free(*ap->a_cookies, M_TEMP); 2263 *ap->a_ncookies = 0; 2264 *ap->a_cookies = NULL; 2265 } 2266 } 2267 if (error == 0 && ap->a_eofflag) 2268 *ap->a_eofflag = ip->i_size <= uio->uio_offset; 2269 return (error); 2270 } 2271 2272 /* 2273 * Return target name of a symbolic link 2274 */ 2275 static int 2276 ufs_readlink(ap) 2277 struct vop_readlink_args /* { 2278 struct vnode *a_vp; 2279 struct uio *a_uio; 2280 struct ucred *a_cred; 2281 } */ *ap; 2282 { 2283 struct vnode *vp = ap->a_vp; 2284 struct inode *ip = VTOI(vp); 2285 doff_t isize; 2286 2287 isize = ip->i_size; 2288 if ((isize < vp->v_mount->mnt_maxsymlinklen) || 2289 DIP(ip, i_blocks) == 0) { /* XXX - for old fastlink support */ 2290 return (uiomove(SHORTLINK(ip), isize, ap->a_uio)); 2291 } 2292 return (VOP_READ(vp, ap->a_uio, 0, ap->a_cred)); 2293 } 2294 2295 /* 2296 * Calculate the logical to physical mapping if not done already, 2297 * then call the device strategy routine. 2298 * 2299 * In order to be able to swap to a file, the ufs_bmaparray() operation may not 2300 * deadlock on memory. See ufs_bmap() for details. 2301 */ 2302 static int 2303 ufs_strategy(ap) 2304 struct vop_strategy_args /* { 2305 struct vnode *a_vp; 2306 struct buf *a_bp; 2307 } */ *ap; 2308 { 2309 struct buf *bp = ap->a_bp; 2310 struct vnode *vp = ap->a_vp; 2311 ufs2_daddr_t blkno; 2312 int error; 2313 2314 if (bp->b_blkno == bp->b_lblkno) { 2315 error = ufs_bmaparray(vp, bp->b_lblkno, &blkno, bp, NULL, NULL); 2316 bp->b_blkno = blkno; 2317 if (error) { 2318 bp->b_error = error; 2319 bp->b_ioflags |= BIO_ERROR; 2320 bufdone(bp); 2321 return (0); 2322 } 2323 if ((long)bp->b_blkno == -1) 2324 vfs_bio_clrbuf(bp); 2325 } 2326 if ((long)bp->b_blkno == -1) { 2327 bufdone(bp); 2328 return (0); 2329 } 2330 bp->b_iooffset = dbtob(bp->b_blkno); 2331 BO_STRATEGY(VFSTOUFS(vp->v_mount)->um_bo, bp); 2332 return (0); 2333 } 2334 2335 /* 2336 * Print out the contents of an inode. 2337 */ 2338 static int 2339 ufs_print(ap) 2340 struct vop_print_args /* { 2341 struct vnode *a_vp; 2342 } */ *ap; 2343 { 2344 struct vnode *vp = ap->a_vp; 2345 struct inode *ip = VTOI(vp); 2346 2347 printf("\tnlink=%d, effnlink=%d, size=%jd", ip->i_nlink, 2348 ip->i_effnlink, (intmax_t)ip->i_size); 2349 if (I_IS_UFS2(ip)) 2350 printf(", extsize %d", ip->i_din2->di_extsize); 2351 printf("\n\tgeneration=%jx, uid=%d, gid=%d, flags=0x%b\n", 2352 (uintmax_t)ip->i_gen, ip->i_uid, ip->i_gid, 2353 (u_int)ip->i_flags, PRINT_INODE_FLAGS); 2354 printf("\tino %lu, on dev %s", (u_long)ip->i_number, 2355 devtoname(ITODEV(ip))); 2356 if (vp->v_type == VFIFO) 2357 fifo_printinfo(vp); 2358 printf("\n"); 2359 return (0); 2360 } 2361 2362 /* 2363 * Close wrapper for fifos. 2364 * 2365 * Update the times on the inode then do device close. 2366 */ 2367 static int 2368 ufsfifo_close(ap) 2369 struct vop_close_args /* { 2370 struct vnode *a_vp; 2371 int a_fflag; 2372 struct ucred *a_cred; 2373 struct thread *a_td; 2374 } */ *ap; 2375 { 2376 struct vnode *vp = ap->a_vp; 2377 int usecount; 2378 2379 VI_LOCK(vp); 2380 usecount = vp->v_usecount; 2381 if (usecount > 1) 2382 ufs_itimes_locked(vp); 2383 VI_UNLOCK(vp); 2384 return (fifo_specops.vop_close(ap)); 2385 } 2386 2387 /* 2388 * Kqfilter wrapper for fifos. 2389 * 2390 * Fall through to ufs kqfilter routines if needed 2391 */ 2392 static int 2393 ufsfifo_kqfilter(ap) 2394 struct vop_kqfilter_args *ap; 2395 { 2396 int error; 2397 2398 error = fifo_specops.vop_kqfilter(ap); 2399 if (error) 2400 error = vfs_kqfilter(ap); 2401 return (error); 2402 } 2403 2404 /* 2405 * Return POSIX pathconf information applicable to ufs filesystems. 2406 */ 2407 static int 2408 ufs_pathconf(ap) 2409 struct vop_pathconf_args /* { 2410 struct vnode *a_vp; 2411 int a_name; 2412 int *a_retval; 2413 } */ *ap; 2414 { 2415 int error; 2416 2417 error = 0; 2418 switch (ap->a_name) { 2419 case _PC_LINK_MAX: 2420 *ap->a_retval = UFS_LINK_MAX; 2421 break; 2422 case _PC_NAME_MAX: 2423 *ap->a_retval = UFS_MAXNAMLEN; 2424 break; 2425 case _PC_PIPE_BUF: 2426 if (ap->a_vp->v_type == VDIR || ap->a_vp->v_type == VFIFO) 2427 *ap->a_retval = PIPE_BUF; 2428 else 2429 error = EINVAL; 2430 break; 2431 case _PC_CHOWN_RESTRICTED: 2432 *ap->a_retval = 1; 2433 break; 2434 case _PC_NO_TRUNC: 2435 *ap->a_retval = 1; 2436 break; 2437 #ifdef UFS_ACL 2438 case _PC_ACL_EXTENDED: 2439 if (ap->a_vp->v_mount->mnt_flag & MNT_ACLS) 2440 *ap->a_retval = 1; 2441 else 2442 *ap->a_retval = 0; 2443 break; 2444 case _PC_ACL_NFS4: 2445 if (ap->a_vp->v_mount->mnt_flag & MNT_NFS4ACLS) 2446 *ap->a_retval = 1; 2447 else 2448 *ap->a_retval = 0; 2449 break; 2450 #endif 2451 case _PC_ACL_PATH_MAX: 2452 #ifdef UFS_ACL 2453 if (ap->a_vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS)) 2454 *ap->a_retval = ACL_MAX_ENTRIES; 2455 else 2456 *ap->a_retval = 3; 2457 #else 2458 *ap->a_retval = 3; 2459 #endif 2460 break; 2461 #ifdef MAC 2462 case _PC_MAC_PRESENT: 2463 if (ap->a_vp->v_mount->mnt_flag & MNT_MULTILABEL) 2464 *ap->a_retval = 1; 2465 else 2466 *ap->a_retval = 0; 2467 break; 2468 #endif 2469 case _PC_MIN_HOLE_SIZE: 2470 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2471 break; 2472 case _PC_PRIO_IO: 2473 *ap->a_retval = 0; 2474 break; 2475 case _PC_SYNC_IO: 2476 *ap->a_retval = 0; 2477 break; 2478 case _PC_ALLOC_SIZE_MIN: 2479 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_bsize; 2480 break; 2481 case _PC_FILESIZEBITS: 2482 *ap->a_retval = 64; 2483 break; 2484 case _PC_REC_INCR_XFER_SIZE: 2485 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2486 break; 2487 case _PC_REC_MAX_XFER_SIZE: 2488 *ap->a_retval = -1; /* means ``unlimited'' */ 2489 break; 2490 case _PC_REC_MIN_XFER_SIZE: 2491 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2492 break; 2493 case _PC_REC_XFER_ALIGN: 2494 *ap->a_retval = PAGE_SIZE; 2495 break; 2496 case _PC_SYMLINK_MAX: 2497 *ap->a_retval = MAXPATHLEN; 2498 break; 2499 2500 default: 2501 error = vop_stdpathconf(ap); 2502 break; 2503 } 2504 return (error); 2505 } 2506 2507 /* 2508 * Initialize the vnode associated with a new inode, handle aliased 2509 * vnodes. 2510 */ 2511 int 2512 ufs_vinit(mntp, fifoops, vpp) 2513 struct mount *mntp; 2514 struct vop_vector *fifoops; 2515 struct vnode **vpp; 2516 { 2517 struct inode *ip; 2518 struct vnode *vp; 2519 2520 vp = *vpp; 2521 ASSERT_VOP_LOCKED(vp, "ufs_vinit"); 2522 ip = VTOI(vp); 2523 vp->v_type = IFTOVT(ip->i_mode); 2524 /* 2525 * Only unallocated inodes should be of type VNON. 2526 */ 2527 if (ip->i_mode != 0 && vp->v_type == VNON) 2528 return (EINVAL); 2529 if (vp->v_type == VFIFO) 2530 vp->v_op = fifoops; 2531 if (ip->i_number == UFS_ROOTINO) 2532 vp->v_vflag |= VV_ROOT; 2533 *vpp = vp; 2534 return (0); 2535 } 2536 2537 /* 2538 * Allocate a new inode. 2539 * Vnode dvp must be locked. 2540 */ 2541 static int 2542 ufs_makeinode(mode, dvp, vpp, cnp, callfunc) 2543 int mode; 2544 struct vnode *dvp; 2545 struct vnode **vpp; 2546 struct componentname *cnp; 2547 const char *callfunc; 2548 { 2549 struct inode *ip, *pdir; 2550 struct direct newdir; 2551 struct vnode *tvp; 2552 int error; 2553 2554 pdir = VTOI(dvp); 2555 #ifdef INVARIANTS 2556 if ((cnp->cn_flags & HASBUF) == 0) 2557 panic("%s: no name", callfunc); 2558 #endif 2559 *vpp = NULL; 2560 if ((mode & IFMT) == 0) 2561 mode |= IFREG; 2562 2563 if (pdir->i_effnlink < 2) { 2564 print_bad_link_count(callfunc, dvp); 2565 return (EINVAL); 2566 } 2567 error = UFS_VALLOC(dvp, mode, cnp->cn_cred, &tvp); 2568 if (error) 2569 return (error); 2570 ip = VTOI(tvp); 2571 ip->i_gid = pdir->i_gid; 2572 DIP_SET(ip, i_gid, pdir->i_gid); 2573 #ifdef SUIDDIR 2574 { 2575 #ifdef QUOTA 2576 struct ucred ucred, *ucp; 2577 gid_t ucred_group; 2578 ucp = cnp->cn_cred; 2579 #endif 2580 /* 2581 * If we are not the owner of the directory, 2582 * and we are hacking owners here, (only do this where told to) 2583 * and we are not giving it TO root, (would subvert quotas) 2584 * then go ahead and give it to the other user. 2585 * Note that this drops off the execute bits for security. 2586 */ 2587 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) && 2588 (pdir->i_mode & ISUID) && 2589 (pdir->i_uid != cnp->cn_cred->cr_uid) && pdir->i_uid) { 2590 ip->i_uid = pdir->i_uid; 2591 DIP_SET(ip, i_uid, ip->i_uid); 2592 mode &= ~07111; 2593 #ifdef QUOTA 2594 /* 2595 * Make sure the correct user gets charged 2596 * for the space. 2597 * Quickly knock up a dummy credential for the victim. 2598 * XXX This seems to never be accessed out of our 2599 * context so a stack variable is ok. 2600 */ 2601 refcount_init(&ucred.cr_ref, 1); 2602 ucred.cr_uid = ip->i_uid; 2603 ucred.cr_ngroups = 1; 2604 ucred.cr_groups = &ucred_group; 2605 ucred.cr_groups[0] = pdir->i_gid; 2606 ucp = &ucred; 2607 #endif 2608 } else { 2609 ip->i_uid = cnp->cn_cred->cr_uid; 2610 DIP_SET(ip, i_uid, ip->i_uid); 2611 } 2612 2613 #ifdef QUOTA 2614 if ((error = getinoquota(ip)) || 2615 (error = chkiq(ip, 1, ucp, 0))) { 2616 if (DOINGSOFTDEP(tvp)) 2617 softdep_revert_link(pdir, ip); 2618 UFS_VFREE(tvp, ip->i_number, mode); 2619 vgone(tvp); 2620 vput(tvp); 2621 return (error); 2622 } 2623 #endif 2624 } 2625 #else /* !SUIDDIR */ 2626 ip->i_uid = cnp->cn_cred->cr_uid; 2627 DIP_SET(ip, i_uid, ip->i_uid); 2628 #ifdef QUOTA 2629 if ((error = getinoquota(ip)) || 2630 (error = chkiq(ip, 1, cnp->cn_cred, 0))) { 2631 if (DOINGSOFTDEP(tvp)) 2632 softdep_revert_link(pdir, ip); 2633 UFS_VFREE(tvp, ip->i_number, mode); 2634 vgone(tvp); 2635 vput(tvp); 2636 return (error); 2637 } 2638 #endif 2639 #endif /* !SUIDDIR */ 2640 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE); 2641 ip->i_mode = mode; 2642 DIP_SET(ip, i_mode, mode); 2643 tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */ 2644 ip->i_effnlink = 1; 2645 ip->i_nlink = 1; 2646 DIP_SET(ip, i_nlink, 1); 2647 if (DOINGSOFTDEP(tvp)) 2648 softdep_setup_create(VTOI(dvp), ip); 2649 if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) && 2650 priv_check_cred(cnp->cn_cred, PRIV_VFS_SETGID)) { 2651 ip->i_mode &= ~ISGID; 2652 DIP_SET(ip, i_mode, ip->i_mode); 2653 } 2654 2655 if (cnp->cn_flags & ISWHITEOUT) { 2656 ip->i_flags |= UF_OPAQUE; 2657 DIP_SET(ip, i_flags, ip->i_flags); 2658 } 2659 2660 /* 2661 * Make sure inode goes to disk before directory entry. 2662 */ 2663 error = UFS_UPDATE(tvp, !DOINGSOFTDEP(tvp) && !DOINGASYNC(tvp)); 2664 if (error) 2665 goto bad; 2666 #ifdef MAC 2667 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) { 2668 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount, 2669 dvp, tvp, cnp); 2670 if (error) 2671 goto bad; 2672 } 2673 #endif 2674 #ifdef UFS_ACL 2675 if (dvp->v_mount->mnt_flag & MNT_ACLS) { 2676 error = ufs_do_posix1e_acl_inheritance_file(dvp, tvp, mode, 2677 cnp->cn_cred, cnp->cn_thread); 2678 if (error) 2679 goto bad; 2680 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) { 2681 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, mode, 2682 cnp->cn_cred, cnp->cn_thread); 2683 if (error) 2684 goto bad; 2685 } 2686 #endif /* !UFS_ACL */ 2687 ufs_makedirentry(ip, cnp, &newdir); 2688 error = ufs_direnter(dvp, tvp, &newdir, cnp, NULL, 0); 2689 if (error) 2690 goto bad; 2691 *vpp = tvp; 2692 return (0); 2693 2694 bad: 2695 /* 2696 * Write error occurred trying to update the inode 2697 * or the directory so must deallocate the inode. 2698 */ 2699 ip->i_effnlink = 0; 2700 ip->i_nlink = 0; 2701 DIP_SET(ip, i_nlink, 0); 2702 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 2703 if (DOINGSOFTDEP(tvp)) 2704 softdep_revert_create(VTOI(dvp), ip); 2705 vgone(tvp); 2706 vput(tvp); 2707 return (error); 2708 } 2709 2710 static int 2711 ufs_ioctl(struct vop_ioctl_args *ap) 2712 { 2713 struct vnode *vp; 2714 int error; 2715 2716 vp = ap->a_vp; 2717 switch (ap->a_command) { 2718 case FIOSEEKDATA: 2719 error = vn_lock(vp, LK_SHARED); 2720 if (error == 0) { 2721 error = ufs_bmap_seekdata(vp, (off_t *)ap->a_data); 2722 VOP_UNLOCK(vp); 2723 } else 2724 error = EBADF; 2725 return (error); 2726 case FIOSEEKHOLE: 2727 return (vn_bmap_seekhole(vp, ap->a_command, (off_t *)ap->a_data, 2728 ap->a_cred)); 2729 default: 2730 return (ENOTTY); 2731 } 2732 } 2733 2734 /* Global vfs data structures for ufs. */ 2735 struct vop_vector ufs_vnodeops = { 2736 .vop_default = &default_vnodeops, 2737 .vop_fsync = VOP_PANIC, 2738 .vop_read = VOP_PANIC, 2739 .vop_reallocblks = VOP_PANIC, 2740 .vop_write = VOP_PANIC, 2741 .vop_accessx = ufs_accessx, 2742 .vop_bmap = ufs_bmap, 2743 .vop_cachedlookup = ufs_lookup, 2744 .vop_close = ufs_close, 2745 .vop_create = ufs_create, 2746 .vop_getattr = ufs_getattr, 2747 .vop_inactive = ufs_inactive, 2748 .vop_ioctl = ufs_ioctl, 2749 .vop_link = ufs_link, 2750 .vop_lookup = vfs_cache_lookup, 2751 .vop_mmapped = ufs_mmapped, 2752 .vop_mkdir = ufs_mkdir, 2753 .vop_mknod = ufs_mknod, 2754 .vop_need_inactive = ufs_need_inactive, 2755 .vop_open = ufs_open, 2756 .vop_pathconf = ufs_pathconf, 2757 .vop_poll = vop_stdpoll, 2758 .vop_print = ufs_print, 2759 .vop_readdir = ufs_readdir, 2760 .vop_readlink = ufs_readlink, 2761 .vop_reclaim = ufs_reclaim, 2762 .vop_remove = ufs_remove, 2763 .vop_rename = ufs_rename, 2764 .vop_rmdir = ufs_rmdir, 2765 .vop_setattr = ufs_setattr, 2766 #ifdef MAC 2767 .vop_setlabel = vop_stdsetlabel_ea, 2768 #endif 2769 .vop_strategy = ufs_strategy, 2770 .vop_symlink = ufs_symlink, 2771 .vop_whiteout = ufs_whiteout, 2772 #ifdef UFS_EXTATTR 2773 .vop_getextattr = ufs_getextattr, 2774 .vop_deleteextattr = ufs_deleteextattr, 2775 .vop_setextattr = ufs_setextattr, 2776 #endif 2777 #ifdef UFS_ACL 2778 .vop_getacl = ufs_getacl, 2779 .vop_setacl = ufs_setacl, 2780 .vop_aclcheck = ufs_aclcheck, 2781 #endif 2782 }; 2783 VFS_VOP_VECTOR_REGISTER(ufs_vnodeops); 2784 2785 struct vop_vector ufs_fifoops = { 2786 .vop_default = &fifo_specops, 2787 .vop_fsync = VOP_PANIC, 2788 .vop_accessx = ufs_accessx, 2789 .vop_close = ufsfifo_close, 2790 .vop_getattr = ufs_getattr, 2791 .vop_inactive = ufs_inactive, 2792 .vop_kqfilter = ufsfifo_kqfilter, 2793 .vop_pathconf = ufs_pathconf, 2794 .vop_print = ufs_print, 2795 .vop_read = VOP_PANIC, 2796 .vop_reclaim = ufs_reclaim, 2797 .vop_setattr = ufs_setattr, 2798 #ifdef MAC 2799 .vop_setlabel = vop_stdsetlabel_ea, 2800 #endif 2801 .vop_write = VOP_PANIC, 2802 #ifdef UFS_EXTATTR 2803 .vop_getextattr = ufs_getextattr, 2804 .vop_deleteextattr = ufs_deleteextattr, 2805 .vop_setextattr = ufs_setextattr, 2806 #endif 2807 #ifdef UFS_ACL 2808 .vop_getacl = ufs_getacl, 2809 .vop_setacl = ufs_setacl, 2810 .vop_aclcheck = ufs_aclcheck, 2811 #endif 2812 }; 2813 VFS_VOP_VECTOR_REGISTER(ufs_fifoops); 2814