1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1982, 1986, 1989, 1993, 1995 5 * The Regents of the University of California. All rights reserved. 6 * (c) UNIX System Laboratories, Inc. 7 * All or some portions of this file are derived from material licensed 8 * to the University of California by American Telephone and Telegraph 9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 10 * the permission of UNIX System Laboratories, Inc. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 */ 36 37 #include <sys/cdefs.h> 38 #include "opt_quota.h" 39 #include "opt_suiddir.h" 40 #include "opt_ufs.h" 41 #include "opt_ffs.h" 42 43 #include <sys/param.h> 44 #include <sys/systm.h> 45 #include <sys/malloc.h> 46 #include <sys/namei.h> 47 #include <sys/kernel.h> 48 #include <sys/fcntl.h> 49 #include <sys/filio.h> 50 #include <sys/stat.h> 51 #include <sys/bio.h> 52 #include <sys/buf.h> 53 #include <sys/mount.h> 54 #include <sys/priv.h> 55 #include <sys/refcount.h> 56 #include <sys/unistd.h> 57 #include <sys/vnode.h> 58 #include <sys/dirent.h> 59 #include <sys/lockf.h> 60 #include <sys/conf.h> 61 #include <sys/acl.h> 62 #include <sys/smr.h> 63 64 #include <security/audit/audit.h> 65 #include <security/mac/mac_framework.h> 66 67 #include <sys/file.h> /* XXX */ 68 69 #include <vm/vm.h> 70 #include <vm/vm_extern.h> 71 72 #include <ufs/ufs/acl.h> 73 #include <ufs/ufs/extattr.h> 74 #include <ufs/ufs/quota.h> 75 #include <ufs/ufs/inode.h> 76 #include <ufs/ufs/dir.h> 77 #include <ufs/ufs/ufsmount.h> 78 #include <ufs/ufs/ufs_extern.h> 79 #ifdef UFS_DIRHASH 80 #include <ufs/ufs/dirhash.h> 81 #endif 82 #ifdef UFS_GJOURNAL 83 #include <ufs/ufs/gjournal.h> 84 FEATURE(ufs_gjournal, "Journaling support through GEOM for UFS"); 85 #endif 86 87 #ifdef QUOTA 88 FEATURE(ufs_quota, "UFS disk quotas support"); 89 FEATURE(ufs_quota64, "64bit UFS disk quotas support"); 90 #endif 91 92 #ifdef SUIDDIR 93 FEATURE(suiddir, 94 "Give all new files in directory the same ownership as the directory"); 95 #endif 96 97 VFS_SMR_DECLARE; 98 99 #include <ufs/ffs/ffs_extern.h> 100 101 static vop_accessx_t ufs_accessx; 102 vop_fplookup_vexec_t ufs_fplookup_vexec; 103 static int ufs_chmod(struct vnode *, int, struct ucred *, struct thread *); 104 static int ufs_chown(struct vnode *, uid_t, gid_t, struct ucred *, 105 struct thread *); 106 static vop_close_t ufs_close; 107 static vop_create_t ufs_create; 108 static vop_stat_t ufs_stat; 109 static vop_getattr_t ufs_getattr; 110 static vop_ioctl_t ufs_ioctl; 111 static vop_link_t ufs_link; 112 static int ufs_makeinode(int mode, struct vnode *, struct vnode **, 113 struct componentname *, const char *); 114 static vop_mmapped_t ufs_mmapped; 115 static vop_mkdir_t ufs_mkdir; 116 static vop_mknod_t ufs_mknod; 117 static vop_open_t ufs_open; 118 static vop_pathconf_t ufs_pathconf; 119 static vop_print_t ufs_print; 120 static vop_readlink_t ufs_readlink; 121 static vop_remove_t ufs_remove; 122 static vop_rename_t ufs_rename; 123 static vop_rmdir_t ufs_rmdir; 124 static vop_setattr_t ufs_setattr; 125 static vop_strategy_t ufs_strategy; 126 static vop_symlink_t ufs_symlink; 127 static vop_whiteout_t ufs_whiteout; 128 static vop_close_t ufsfifo_close; 129 130 SYSCTL_NODE(_vfs, OID_AUTO, ufs, CTLFLAG_RD | CTLFLAG_MPSAFE, 0, 131 "UFS filesystem"); 132 133 /* 134 * A virgin directory (no blushing please). 135 */ 136 static struct dirtemplate mastertemplate = { 137 0, 12, DT_DIR, 1, ".", 138 0, DIRBLKSIZ - 12, DT_DIR, 2, ".." 139 }; 140 static struct odirtemplate omastertemplate = { 141 0, 12, 1, ".", 142 0, DIRBLKSIZ - 12, 2, ".." 143 }; 144 145 static void 146 ufs_itimes_locked(struct vnode *vp) 147 { 148 struct inode *ip; 149 struct timespec ts; 150 151 ASSERT_VI_LOCKED(vp, __func__); 152 153 ip = VTOI(vp); 154 if (UFS_RDONLY(ip)) 155 goto out; 156 if ((ip->i_flag & (IN_ACCESS | IN_CHANGE | IN_UPDATE)) == 0) 157 return; 158 159 if ((vp->v_type == VBLK || vp->v_type == VCHR) && !DOINGSOFTDEP(vp)) 160 UFS_INODE_SET_FLAG(ip, IN_LAZYMOD); 161 else if (((vp->v_mount->mnt_kern_flag & 162 (MNTK_SUSPENDED | MNTK_SUSPEND)) == 0) || 163 (ip->i_flag & (IN_CHANGE | IN_UPDATE))) 164 UFS_INODE_SET_FLAG(ip, IN_MODIFIED); 165 else if (ip->i_flag & IN_ACCESS) 166 UFS_INODE_SET_FLAG(ip, IN_LAZYACCESS); 167 vfs_timestamp(&ts); 168 if (ip->i_flag & IN_ACCESS) { 169 DIP_SET(ip, i_atime, ts.tv_sec); 170 DIP_SET(ip, i_atimensec, ts.tv_nsec); 171 } 172 if (ip->i_flag & IN_UPDATE) { 173 DIP_SET(ip, i_mtime, ts.tv_sec); 174 DIP_SET(ip, i_mtimensec, ts.tv_nsec); 175 } 176 if (ip->i_flag & IN_CHANGE) { 177 DIP_SET(ip, i_ctime, ts.tv_sec); 178 DIP_SET(ip, i_ctimensec, ts.tv_nsec); 179 DIP_SET(ip, i_modrev, DIP(ip, i_modrev) + 1); 180 } 181 182 out: 183 ip->i_flag &= ~(IN_ACCESS | IN_CHANGE | IN_UPDATE); 184 } 185 186 void 187 ufs_itimes(struct vnode *vp) 188 { 189 struct inode *ip; 190 191 ip = VTOI(vp); 192 if ((ip->i_flag & (IN_ACCESS | IN_CHANGE | IN_UPDATE)) == 0) 193 return; 194 195 VI_LOCK(vp); 196 ufs_itimes_locked(vp); 197 VI_UNLOCK(vp); 198 } 199 200 static int 201 ufs_sync_nlink1(struct mount *mp) 202 { 203 int error; 204 205 error = vfs_busy(mp, 0); 206 if (error == 0) { 207 VFS_SYNC(mp, MNT_WAIT); 208 vfs_unbusy(mp); 209 error = ERELOOKUP; 210 } 211 vfs_rel(mp); 212 return (error); 213 } 214 215 static int 216 ufs_sync_nlink(struct vnode *vp, struct vnode *vp1) 217 { 218 struct inode *ip; 219 struct mount *mp; 220 int error; 221 222 ip = VTOI(vp); 223 if (ip->i_nlink < UFS_LINK_MAX) 224 return (0); 225 if (!DOINGSOFTDEP(vp) || ip->i_effnlink >= UFS_LINK_MAX) 226 return (EMLINK); 227 228 mp = vp->v_mount; 229 vfs_ref(mp); 230 VOP_UNLOCK(vp); 231 if (vp1 != NULL) 232 VOP_UNLOCK(vp1); 233 error = ufs_sync_nlink1(mp); 234 vn_lock_pair(vp, false, LK_EXCLUSIVE, vp1, false, LK_EXCLUSIVE); 235 return (error); 236 } 237 238 /* 239 * Create a regular file 240 */ 241 static int 242 ufs_create( 243 struct vop_create_args /* { 244 struct vnode *a_dvp; 245 struct vnode **a_vpp; 246 struct componentname *a_cnp; 247 struct vattr *a_vap; 248 } */ *ap) 249 { 250 int error; 251 252 error = 253 ufs_makeinode(MAKEIMODE(ap->a_vap->va_type, ap->a_vap->va_mode), 254 ap->a_dvp, ap->a_vpp, ap->a_cnp, "ufs_create"); 255 if (error != 0) 256 return (error); 257 if ((ap->a_cnp->cn_flags & MAKEENTRY) != 0) 258 cache_enter(ap->a_dvp, *ap->a_vpp, ap->a_cnp); 259 return (0); 260 } 261 262 /* 263 * Mknod vnode call 264 */ 265 /* ARGSUSED */ 266 static int 267 ufs_mknod( 268 struct vop_mknod_args /* { 269 struct vnode *a_dvp; 270 struct vnode **a_vpp; 271 struct componentname *a_cnp; 272 struct vattr *a_vap; 273 } */ *ap) 274 { 275 struct vattr *vap = ap->a_vap; 276 struct vnode **vpp = ap->a_vpp; 277 struct inode *ip; 278 ino_t ino; 279 int error; 280 281 error = ufs_makeinode(MAKEIMODE(vap->va_type, vap->va_mode), 282 ap->a_dvp, vpp, ap->a_cnp, "ufs_mknod"); 283 if (error) 284 return (error); 285 ip = VTOI(*vpp); 286 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE); 287 if (vap->va_rdev != VNOVAL) { 288 /* 289 * Want to be able to use this to make badblock 290 * inodes, so don't truncate the dev number. 291 */ 292 DIP_SET(ip, i_rdev, vap->va_rdev); 293 } 294 /* 295 * Remove inode, then reload it through VFS_VGET(). This is 296 * needed to do further inode initialization, for instance 297 * fifo, which was too early for VFS_VGET() done as part of 298 * UFS_VALLOC(). 299 */ 300 (*vpp)->v_type = VNON; 301 ino = ip->i_number; /* Save this before vgone() invalidates ip. */ 302 vgone(*vpp); 303 vput(*vpp); 304 error = VFS_VGET(ap->a_dvp->v_mount, ino, LK_EXCLUSIVE, vpp); 305 if (error) { 306 *vpp = NULL; 307 return (error); 308 } 309 return (0); 310 } 311 312 /* 313 * Open called. 314 */ 315 /* ARGSUSED */ 316 static int 317 ufs_open(struct vop_open_args *ap) 318 { 319 struct vnode *vp = ap->a_vp; 320 struct inode *ip; 321 322 if (vp->v_type == VCHR || vp->v_type == VBLK) 323 return (EOPNOTSUPP); 324 325 ip = VTOI(vp); 326 vnode_create_vobject(vp, DIP(ip, i_size), ap->a_td); 327 if (vp->v_type == VREG && (vn_irflag_read(vp) & VIRF_PGREAD) == 0 && 328 ip->i_ump->um_bsize >= PAGE_SIZE) { 329 vn_irflag_set_cond(vp, VIRF_PGREAD); 330 } 331 332 /* 333 * Files marked append-only must be opened for appending. 334 */ 335 if ((ip->i_flags & APPEND) && 336 (ap->a_mode & (FWRITE | O_APPEND)) == FWRITE) 337 return (EPERM); 338 339 return (0); 340 } 341 342 /* 343 * Close called. 344 * 345 * Update the times on the inode. 346 */ 347 /* ARGSUSED */ 348 static int 349 ufs_close( 350 struct vop_close_args /* { 351 struct vnode *a_vp; 352 int a_fflag; 353 struct ucred *a_cred; 354 struct thread *a_td; 355 } */ *ap) 356 { 357 struct vnode *vp = ap->a_vp; 358 359 ufs_itimes(vp); 360 return (0); 361 } 362 363 static int 364 ufs_accessx( 365 struct vop_accessx_args /* { 366 struct vnode *a_vp; 367 accmode_t a_accmode; 368 struct ucred *a_cred; 369 struct thread *a_td; 370 } */ *ap) 371 { 372 struct vnode *vp = ap->a_vp; 373 struct inode *ip = VTOI(vp); 374 accmode_t accmode = ap->a_accmode; 375 int error; 376 #ifdef UFS_ACL 377 struct acl *acl; 378 acl_type_t type; 379 #endif 380 381 /* 382 * Disallow write attempts on read-only filesystems; 383 * unless the file is a socket, fifo, or a block or 384 * character device resident on the filesystem. 385 */ 386 if (accmode & VMODIFY_PERMS) { 387 switch (vp->v_type) { 388 case VDIR: 389 case VLNK: 390 case VREG: 391 if (vp->v_mount->mnt_flag & MNT_RDONLY) 392 return (EROFS); 393 #ifdef QUOTA 394 /* 395 * Inode is accounted in the quotas only if struct 396 * dquot is attached to it. VOP_ACCESS() is called 397 * from vn_open_cred() and provides a convenient 398 * point to call getinoquota(). The lock mode is 399 * exclusive when the file is opening for write. 400 */ 401 if (VOP_ISLOCKED(vp) == LK_EXCLUSIVE) { 402 error = getinoquota(ip); 403 if (error != 0) 404 return (error); 405 } 406 #endif 407 break; 408 default: 409 break; 410 } 411 } 412 413 /* 414 * If immutable bit set, nobody gets to write it. "& ~VADMIN_PERMS" 415 * permits the owner of the file to remove the IMMUTABLE flag. 416 */ 417 if ((accmode & (VMODIFY_PERMS & ~VADMIN_PERMS)) && 418 (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT))) 419 return (EPERM); 420 421 #ifdef UFS_ACL 422 if ((vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS)) != 0) { 423 if (vp->v_mount->mnt_flag & MNT_NFS4ACLS) 424 type = ACL_TYPE_NFS4; 425 else 426 type = ACL_TYPE_ACCESS; 427 428 acl = acl_alloc(M_WAITOK); 429 if (type == ACL_TYPE_NFS4) 430 error = ufs_getacl_nfs4_internal(vp, acl, ap->a_td); 431 else 432 error = VOP_GETACL(vp, type, acl, ap->a_cred, ap->a_td); 433 switch (error) { 434 case 0: 435 if (type == ACL_TYPE_NFS4) { 436 error = vaccess_acl_nfs4(vp->v_type, ip->i_uid, 437 ip->i_gid, acl, accmode, ap->a_cred); 438 } else { 439 error = vfs_unixify_accmode(&accmode); 440 if (error == 0) 441 error = vaccess_acl_posix1e(vp->v_type, ip->i_uid, 442 ip->i_gid, acl, accmode, ap->a_cred); 443 } 444 break; 445 default: 446 if (error != EOPNOTSUPP) 447 printf( 448 "ufs_accessx(): Error retrieving ACL on object (%d).\n", 449 error); 450 /* 451 * XXX: Fall back until debugged. Should 452 * eventually possibly log an error, and return 453 * EPERM for safety. 454 */ 455 error = vfs_unixify_accmode(&accmode); 456 if (error == 0) 457 error = vaccess(vp->v_type, ip->i_mode, 458 ip->i_uid, ip->i_gid, accmode, ap->a_cred); 459 } 460 acl_free(acl); 461 462 return (error); 463 } 464 #endif /* !UFS_ACL */ 465 error = vfs_unixify_accmode(&accmode); 466 if (error == 0) 467 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, ip->i_gid, 468 accmode, ap->a_cred); 469 return (error); 470 } 471 472 /* 473 * VOP_FPLOOKUP_VEXEC routines are subject to special circumstances, see 474 * the comment above cache_fplookup for details. 475 */ 476 int 477 ufs_fplookup_vexec( 478 struct vop_fplookup_vexec_args /* { 479 struct vnode *a_vp; 480 struct ucred *a_cred; 481 struct thread *a_td; 482 } */ *ap) 483 { 484 struct vnode *vp; 485 struct inode *ip; 486 struct ucred *cred; 487 mode_t all_x, mode; 488 489 vp = ap->a_vp; 490 ip = VTOI_SMR(vp); 491 if (__predict_false(ip == NULL)) 492 return (EAGAIN); 493 494 /* 495 * XXX ACL race 496 * 497 * ACLs are not supported and UFS clears/sets this flag on mount and 498 * remount. However, we may still be racing with seeing them and there 499 * is no provision to make sure they were accounted for. This matches 500 * the behavior of the locked case, since the lookup there is also 501 * racy: mount takes no measures to block anyone from progressing. 502 */ 503 all_x = S_IXUSR | S_IXGRP | S_IXOTH; 504 mode = atomic_load_short(&ip->i_mode); 505 if (__predict_true((mode & all_x) == all_x)) 506 return (0); 507 508 cred = ap->a_cred; 509 return (vaccess_vexec_smr(mode, ip->i_uid, ip->i_gid, cred)); 510 } 511 512 /* ARGSUSED */ 513 static int 514 ufs_stat(struct vop_stat_args *ap) 515 { 516 struct vnode *vp = ap->a_vp; 517 struct inode *ip = VTOI(vp); 518 struct stat *sb = ap->a_sb; 519 int error; 520 521 error = vop_stat_helper_pre(ap); 522 if (__predict_false(error)) 523 return (error); 524 525 VI_LOCK(vp); 526 ufs_itimes_locked(vp); 527 if (I_IS_UFS1(ip)) { 528 sb->st_atim.tv_sec = ip->i_din1->di_atime; 529 sb->st_atim.tv_nsec = ip->i_din1->di_atimensec; 530 } else { 531 sb->st_atim.tv_sec = ip->i_din2->di_atime; 532 sb->st_atim.tv_nsec = ip->i_din2->di_atimensec; 533 } 534 VI_UNLOCK(vp); 535 536 sb->st_dev = dev2udev(ITOUMP(ip)->um_dev); 537 sb->st_ino = ip->i_number; 538 sb->st_mode = (ip->i_mode & ~IFMT) | VTTOIF(vp->v_type); 539 sb->st_nlink = ip->i_effnlink; 540 sb->st_uid = ip->i_uid; 541 sb->st_gid = ip->i_gid; 542 if (I_IS_UFS1(ip)) { 543 sb->st_rdev = ip->i_din1->di_rdev; 544 sb->st_size = ip->i_din1->di_size; 545 sb->st_mtim.tv_sec = ip->i_din1->di_mtime; 546 sb->st_mtim.tv_nsec = ip->i_din1->di_mtimensec; 547 sb->st_ctim.tv_sec = ip->i_din1->di_ctime; 548 sb->st_ctim.tv_nsec = ip->i_din1->di_ctimensec; 549 sb->st_birthtim.tv_sec = -1; 550 sb->st_birthtim.tv_nsec = 0; 551 sb->st_blocks = dbtob((uint64_t)ip->i_din1->di_blocks) / S_BLKSIZE; 552 sb->st_filerev = ip->i_din1->di_modrev; 553 } else { 554 sb->st_rdev = ip->i_din2->di_rdev; 555 sb->st_size = ip->i_din2->di_size; 556 sb->st_mtim.tv_sec = ip->i_din2->di_mtime; 557 sb->st_mtim.tv_nsec = ip->i_din2->di_mtimensec; 558 sb->st_ctim.tv_sec = ip->i_din2->di_ctime; 559 sb->st_ctim.tv_nsec = ip->i_din2->di_ctimensec; 560 sb->st_birthtim.tv_sec = ip->i_din2->di_birthtime; 561 sb->st_birthtim.tv_nsec = ip->i_din2->di_birthnsec; 562 sb->st_blocks = dbtob((uint64_t)ip->i_din2->di_blocks) / S_BLKSIZE; 563 sb->st_filerev = ip->i_din2->di_modrev; 564 } 565 566 sb->st_blksize = max(PAGE_SIZE, vp->v_mount->mnt_stat.f_iosize); 567 sb->st_flags = ip->i_flags; 568 sb->st_gen = ip->i_gen; 569 570 return (vop_stat_helper_post(ap, error)); 571 } 572 573 /* ARGSUSED */ 574 static int 575 ufs_getattr( 576 struct vop_getattr_args /* { 577 struct vnode *a_vp; 578 struct vattr *a_vap; 579 struct ucred *a_cred; 580 } */ *ap) 581 { 582 struct vnode *vp = ap->a_vp; 583 struct inode *ip = VTOI(vp); 584 struct vattr *vap = ap->a_vap; 585 586 VI_LOCK(vp); 587 ufs_itimes_locked(vp); 588 if (I_IS_UFS1(ip)) { 589 vap->va_atime.tv_sec = ip->i_din1->di_atime; 590 vap->va_atime.tv_nsec = ip->i_din1->di_atimensec; 591 } else { 592 vap->va_atime.tv_sec = ip->i_din2->di_atime; 593 vap->va_atime.tv_nsec = ip->i_din2->di_atimensec; 594 } 595 VI_UNLOCK(vp); 596 /* 597 * Copy from inode table 598 */ 599 vap->va_fsid = dev2udev(ITOUMP(ip)->um_dev); 600 vap->va_fileid = ip->i_number; 601 vap->va_mode = ip->i_mode & ~IFMT; 602 vap->va_nlink = ip->i_effnlink; 603 vap->va_uid = ip->i_uid; 604 vap->va_gid = ip->i_gid; 605 if (I_IS_UFS1(ip)) { 606 vap->va_rdev = ip->i_din1->di_rdev; 607 vap->va_size = ip->i_din1->di_size; 608 vap->va_mtime.tv_sec = ip->i_din1->di_mtime; 609 vap->va_mtime.tv_nsec = ip->i_din1->di_mtimensec; 610 vap->va_ctime.tv_sec = ip->i_din1->di_ctime; 611 vap->va_ctime.tv_nsec = ip->i_din1->di_ctimensec; 612 vap->va_bytes = dbtob((uint64_t)ip->i_din1->di_blocks); 613 vap->va_filerev = ip->i_din1->di_modrev; 614 } else { 615 vap->va_rdev = ip->i_din2->di_rdev; 616 vap->va_size = ip->i_din2->di_size; 617 vap->va_mtime.tv_sec = ip->i_din2->di_mtime; 618 vap->va_mtime.tv_nsec = ip->i_din2->di_mtimensec; 619 vap->va_ctime.tv_sec = ip->i_din2->di_ctime; 620 vap->va_ctime.tv_nsec = ip->i_din2->di_ctimensec; 621 vap->va_birthtime.tv_sec = ip->i_din2->di_birthtime; 622 vap->va_birthtime.tv_nsec = ip->i_din2->di_birthnsec; 623 vap->va_bytes = dbtob((uint64_t)ip->i_din2->di_blocks); 624 vap->va_filerev = ip->i_din2->di_modrev; 625 } 626 vap->va_flags = ip->i_flags; 627 vap->va_gen = ip->i_gen; 628 vap->va_blocksize = vp->v_mount->mnt_stat.f_iosize; 629 vap->va_type = IFTOVT(ip->i_mode); 630 return (0); 631 } 632 633 /* 634 * Set attribute vnode op. called from several syscalls 635 */ 636 static int 637 ufs_setattr( 638 struct vop_setattr_args /* { 639 struct vnode *a_vp; 640 struct vattr *a_vap; 641 struct ucred *a_cred; 642 } */ *ap) 643 { 644 struct vattr *vap = ap->a_vap; 645 struct vnode *vp = ap->a_vp; 646 struct inode *ip = VTOI(vp); 647 struct ucred *cred = ap->a_cred; 648 struct thread *td = curthread; 649 int error; 650 651 /* 652 * Check for unsettable attributes. 653 */ 654 if ((vap->va_type != VNON) || (vap->va_nlink != VNOVAL) || 655 (vap->va_fsid != VNOVAL) || (vap->va_fileid != VNOVAL) || 656 (vap->va_blocksize != VNOVAL) || (vap->va_rdev != VNOVAL) || 657 ((int)vap->va_bytes != VNOVAL) || (vap->va_gen != VNOVAL)) { 658 return (EINVAL); 659 } 660 if (vap->va_flags != VNOVAL) { 661 if ((vap->va_flags & ~(SF_APPEND | SF_ARCHIVED | SF_IMMUTABLE | 662 SF_NOUNLINK | SF_SNAPSHOT | UF_APPEND | UF_ARCHIVE | 663 UF_HIDDEN | UF_IMMUTABLE | UF_NODUMP | UF_NOUNLINK | 664 UF_OFFLINE | UF_OPAQUE | UF_READONLY | UF_REPARSE | 665 UF_SPARSE | UF_SYSTEM)) != 0) 666 return (EOPNOTSUPP); 667 if (vp->v_mount->mnt_flag & MNT_RDONLY) 668 return (EROFS); 669 /* 670 * Callers may only modify the file flags on objects they 671 * have VADMIN rights for. 672 */ 673 if ((error = VOP_ACCESS(vp, VADMIN, cred, td))) 674 return (error); 675 /* 676 * Unprivileged processes are not permitted to unset system 677 * flags, or modify flags if any system flags are set. 678 * Privileged non-jail processes may not modify system flags 679 * if securelevel > 0 and any existing system flags are set. 680 * Privileged jail processes behave like privileged non-jail 681 * processes if the PR_ALLOW_CHFLAGS permission bit is set; 682 * otherwise, they behave like unprivileged processes. 683 */ 684 if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS)) { 685 if (ip->i_flags & 686 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) { 687 error = securelevel_gt(cred, 0); 688 if (error) 689 return (error); 690 } 691 /* The snapshot flag cannot be toggled. */ 692 if ((vap->va_flags ^ ip->i_flags) & SF_SNAPSHOT) 693 return (EPERM); 694 } else { 695 if (ip->i_flags & 696 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND) || 697 ((vap->va_flags ^ ip->i_flags) & SF_SETTABLE)) 698 return (EPERM); 699 } 700 ip->i_flags = vap->va_flags; 701 DIP_SET(ip, i_flags, vap->va_flags); 702 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 703 error = UFS_UPDATE(vp, 0); 704 if (ip->i_flags & (IMMUTABLE | APPEND)) 705 return (error); 706 } 707 /* 708 * If immutable or append, no one can change any of its attributes 709 * except the ones already handled (in some cases, file flags 710 * including the immutability flags themselves for the superuser). 711 */ 712 if (ip->i_flags & (IMMUTABLE | APPEND)) 713 return (EPERM); 714 /* 715 * Go through the fields and update iff not VNOVAL. 716 */ 717 if (vap->va_uid != (uid_t)VNOVAL || vap->va_gid != (gid_t)VNOVAL) { 718 if (vp->v_mount->mnt_flag & MNT_RDONLY) 719 return (EROFS); 720 if ((error = ufs_chown(vp, vap->va_uid, vap->va_gid, cred, 721 td)) != 0) 722 return (error); 723 } 724 if (vap->va_size != VNOVAL) { 725 /* 726 * XXX most of the following special cases should be in 727 * callers instead of in N filesystems. The VDIR check 728 * mostly already is. 729 */ 730 switch (vp->v_type) { 731 case VDIR: 732 return (EISDIR); 733 case VLNK: 734 case VREG: 735 /* 736 * Truncation should have an effect in these cases. 737 * Disallow it if the filesystem is read-only or 738 * the file is being snapshotted. 739 */ 740 if (vp->v_mount->mnt_flag & MNT_RDONLY) 741 return (EROFS); 742 if (IS_SNAPSHOT(ip)) 743 return (EPERM); 744 break; 745 default: 746 /* 747 * According to POSIX, the result is unspecified 748 * for file types other than regular files, 749 * directories and shared memory objects. We 750 * don't support shared memory objects in the file 751 * system, and have dubious support for truncating 752 * symlinks. Just ignore the request in other cases. 753 */ 754 return (0); 755 } 756 error = vn_rlimit_trunc(vap->va_size, td); 757 if (error != 0) 758 return (error); 759 if ((error = UFS_TRUNCATE(vp, vap->va_size, IO_NORMAL | 760 ((vap->va_vaflags & VA_SYNC) != 0 ? IO_SYNC : 0), 761 cred)) != 0) 762 return (error); 763 } 764 if (vap->va_atime.tv_sec != VNOVAL || 765 vap->va_mtime.tv_sec != VNOVAL || 766 vap->va_birthtime.tv_sec != VNOVAL) { 767 if (vp->v_mount->mnt_flag & MNT_RDONLY) 768 return (EROFS); 769 if (IS_SNAPSHOT(ip)) 770 return (EPERM); 771 error = vn_utimes_perm(vp, vap, cred, td); 772 if (error != 0) 773 return (error); 774 UFS_INODE_SET_FLAG(ip, IN_CHANGE | IN_MODIFIED); 775 if (vap->va_atime.tv_sec != VNOVAL) { 776 ip->i_flag &= ~IN_ACCESS; 777 DIP_SET(ip, i_atime, vap->va_atime.tv_sec); 778 DIP_SET(ip, i_atimensec, vap->va_atime.tv_nsec); 779 } 780 if (vap->va_mtime.tv_sec != VNOVAL) { 781 ip->i_flag &= ~IN_UPDATE; 782 DIP_SET(ip, i_mtime, vap->va_mtime.tv_sec); 783 DIP_SET(ip, i_mtimensec, vap->va_mtime.tv_nsec); 784 } 785 if (vap->va_birthtime.tv_sec != VNOVAL && I_IS_UFS2(ip)) { 786 ip->i_din2->di_birthtime = vap->va_birthtime.tv_sec; 787 ip->i_din2->di_birthnsec = vap->va_birthtime.tv_nsec; 788 } 789 error = UFS_UPDATE(vp, 0); 790 if (error) 791 return (error); 792 } 793 error = 0; 794 if (vap->va_mode != (mode_t)VNOVAL) { 795 if (vp->v_mount->mnt_flag & MNT_RDONLY) 796 return (EROFS); 797 if (IS_SNAPSHOT(ip) && (vap->va_mode & (S_IXUSR | S_IWUSR | 798 S_IXGRP | S_IWGRP | S_IXOTH | S_IWOTH)) != 0) 799 return (EPERM); 800 error = ufs_chmod(vp, (int)vap->va_mode, cred, td); 801 } 802 return (error); 803 } 804 805 #ifdef UFS_ACL 806 static int 807 ufs_update_nfs4_acl_after_mode_change(struct vnode *vp, int mode, 808 int file_owner_id, struct ucred *cred, struct thread *td) 809 { 810 int error; 811 struct acl *aclp; 812 813 aclp = acl_alloc(M_WAITOK); 814 error = ufs_getacl_nfs4_internal(vp, aclp, td); 815 /* 816 * We don't have to handle EOPNOTSUPP here, as the filesystem claims 817 * it supports ACLs. 818 */ 819 if (error) 820 goto out; 821 822 acl_nfs4_sync_acl_from_mode(aclp, mode, file_owner_id); 823 error = ufs_setacl_nfs4_internal(vp, aclp, td); 824 825 out: 826 acl_free(aclp); 827 return (error); 828 } 829 #endif /* UFS_ACL */ 830 831 static int 832 ufs_mmapped( 833 struct vop_mmapped_args /* { 834 struct vnode *a_vp; 835 } */ *ap) 836 { 837 struct vnode *vp; 838 struct inode *ip; 839 struct mount *mp; 840 841 vp = ap->a_vp; 842 ip = VTOI(vp); 843 mp = vp->v_mount; 844 845 if ((mp->mnt_flag & (MNT_NOATIME | MNT_RDONLY)) == 0) 846 UFS_INODE_SET_FLAG_SHARED(ip, IN_ACCESS); 847 /* 848 * XXXKIB No UFS_UPDATE(ap->a_vp, 0) there. 849 */ 850 return (0); 851 } 852 853 /* 854 * Change the mode on a file. 855 * Inode must be locked before calling. 856 */ 857 static int 858 ufs_chmod(struct vnode *vp, int mode, struct ucred *cred, struct thread *td) 859 { 860 struct inode *ip = VTOI(vp); 861 int newmode, error; 862 863 /* 864 * To modify the permissions on a file, must possess VADMIN 865 * for that file. 866 */ 867 if ((error = VOP_ACCESSX(vp, VWRITE_ACL, cred, td))) 868 return (error); 869 /* 870 * Privileged processes may set the sticky bit on non-directories, 871 * as well as set the setgid bit on a file with a group that the 872 * process is not a member of. Both of these are allowed in 873 * jail(8). 874 */ 875 if (vp->v_type != VDIR && (mode & S_ISTXT)) { 876 if (priv_check_cred(cred, PRIV_VFS_STICKYFILE)) 877 return (EFTYPE); 878 } 879 if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) { 880 error = priv_check_cred(cred, PRIV_VFS_SETGID); 881 if (error) 882 return (error); 883 } 884 885 /* 886 * Deny setting setuid if we are not the file owner. 887 */ 888 if ((mode & ISUID) && ip->i_uid != cred->cr_uid) { 889 error = priv_check_cred(cred, PRIV_VFS_ADMIN); 890 if (error) 891 return (error); 892 } 893 894 newmode = ip->i_mode & ~ALLPERMS; 895 newmode |= (mode & ALLPERMS); 896 UFS_INODE_SET_MODE(ip, newmode); 897 DIP_SET(ip, i_mode, ip->i_mode); 898 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 899 #ifdef UFS_ACL 900 if ((vp->v_mount->mnt_flag & MNT_NFS4ACLS) != 0) 901 error = ufs_update_nfs4_acl_after_mode_change(vp, mode, ip->i_uid, cred, td); 902 #endif 903 if (error == 0 && (ip->i_flag & IN_CHANGE) != 0) 904 error = UFS_UPDATE(vp, 0); 905 906 return (error); 907 } 908 909 /* 910 * Perform chown operation on inode ip; 911 * inode must be locked prior to call. 912 */ 913 static int 914 ufs_chown(struct vnode *vp, uid_t uid, gid_t gid, struct ucred *cred, 915 struct thread *td) 916 { 917 struct inode *ip = VTOI(vp); 918 uid_t ouid; 919 gid_t ogid; 920 int error = 0; 921 #ifdef QUOTA 922 int i; 923 ufs2_daddr_t change; 924 #endif 925 926 if (uid == (uid_t)VNOVAL) 927 uid = ip->i_uid; 928 if (gid == (gid_t)VNOVAL) 929 gid = ip->i_gid; 930 /* 931 * To modify the ownership of a file, must possess VADMIN for that 932 * file. 933 */ 934 if ((error = VOP_ACCESSX(vp, VWRITE_OWNER, cred, td))) 935 return (error); 936 /* 937 * To change the owner of a file, or change the group of a file to a 938 * group of which we are not a member, the caller must have 939 * privilege. 940 */ 941 if (((uid != ip->i_uid && uid != cred->cr_uid) || 942 (gid != ip->i_gid && !groupmember(gid, cred))) && 943 (error = priv_check_cred(cred, PRIV_VFS_CHOWN))) 944 return (error); 945 ogid = ip->i_gid; 946 ouid = ip->i_uid; 947 #ifdef QUOTA 948 if ((error = getinoquota(ip)) != 0) 949 return (error); 950 if (ouid == uid) { 951 dqrele(vp, ip->i_dquot[USRQUOTA]); 952 ip->i_dquot[USRQUOTA] = NODQUOT; 953 } 954 if (ogid == gid) { 955 dqrele(vp, ip->i_dquot[GRPQUOTA]); 956 ip->i_dquot[GRPQUOTA] = NODQUOT; 957 } 958 change = DIP(ip, i_blocks); 959 (void) chkdq(ip, -change, cred, CHOWN|FORCE); 960 (void) chkiq(ip, -1, cred, CHOWN|FORCE); 961 for (i = 0; i < MAXQUOTAS; i++) { 962 dqrele(vp, ip->i_dquot[i]); 963 ip->i_dquot[i] = NODQUOT; 964 } 965 #endif 966 ip->i_gid = gid; 967 DIP_SET(ip, i_gid, gid); 968 ip->i_uid = uid; 969 DIP_SET(ip, i_uid, uid); 970 #ifdef QUOTA 971 if ((error = getinoquota(ip)) == 0) { 972 if (ouid == uid) { 973 dqrele(vp, ip->i_dquot[USRQUOTA]); 974 ip->i_dquot[USRQUOTA] = NODQUOT; 975 } 976 if (ogid == gid) { 977 dqrele(vp, ip->i_dquot[GRPQUOTA]); 978 ip->i_dquot[GRPQUOTA] = NODQUOT; 979 } 980 if ((error = chkdq(ip, change, cred, CHOWN)) == 0) { 981 if ((error = chkiq(ip, 1, cred, CHOWN)) == 0) 982 goto good; 983 else 984 (void) chkdq(ip, -change, cred, CHOWN|FORCE); 985 } 986 for (i = 0; i < MAXQUOTAS; i++) { 987 dqrele(vp, ip->i_dquot[i]); 988 ip->i_dquot[i] = NODQUOT; 989 } 990 } 991 ip->i_gid = ogid; 992 DIP_SET(ip, i_gid, ogid); 993 ip->i_uid = ouid; 994 DIP_SET(ip, i_uid, ouid); 995 if (getinoquota(ip) == 0) { 996 if (ouid == uid) { 997 dqrele(vp, ip->i_dquot[USRQUOTA]); 998 ip->i_dquot[USRQUOTA] = NODQUOT; 999 } 1000 if (ogid == gid) { 1001 dqrele(vp, ip->i_dquot[GRPQUOTA]); 1002 ip->i_dquot[GRPQUOTA] = NODQUOT; 1003 } 1004 (void) chkdq(ip, change, cred, FORCE|CHOWN); 1005 (void) chkiq(ip, 1, cred, FORCE|CHOWN); 1006 (void) getinoquota(ip); 1007 } 1008 return (error); 1009 good: 1010 if (getinoquota(ip)) 1011 panic("ufs_chown: lost quota"); 1012 #endif /* QUOTA */ 1013 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 1014 if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) { 1015 if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID)) { 1016 UFS_INODE_SET_MODE(ip, ip->i_mode & ~(ISUID | ISGID)); 1017 DIP_SET(ip, i_mode, ip->i_mode); 1018 } 1019 } 1020 error = UFS_UPDATE(vp, 0); 1021 return (error); 1022 } 1023 1024 static int 1025 ufs_remove( 1026 struct vop_remove_args /* { 1027 struct vnode *a_dvp; 1028 struct vnode *a_vp; 1029 struct componentname *a_cnp; 1030 } */ *ap) 1031 { 1032 struct inode *ip; 1033 struct vnode *vp = ap->a_vp; 1034 struct vnode *dvp = ap->a_dvp; 1035 int error; 1036 struct thread *td; 1037 1038 td = curthread; 1039 ip = VTOI(vp); 1040 if ((ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) || 1041 (VTOI(dvp)->i_flags & APPEND)) 1042 return (EPERM); 1043 if (DOINGSUJ(dvp)) { 1044 error = softdep_prelink(dvp, vp, ap->a_cnp); 1045 if (error != 0) { 1046 MPASS(error == ERELOOKUP); 1047 return (error); 1048 } 1049 } 1050 1051 #ifdef UFS_GJOURNAL 1052 ufs_gjournal_orphan(vp); 1053 #endif 1054 error = ufs_dirremove(dvp, ip, ap->a_cnp->cn_flags, 0); 1055 if (ip->i_nlink <= 0) 1056 vp->v_vflag |= VV_NOSYNC; 1057 if (IS_SNAPSHOT(ip)) { 1058 /* 1059 * Avoid deadlock where another thread is trying to 1060 * update the inodeblock for dvp and is waiting on 1061 * snaplk. Temporary unlock the vnode lock for the 1062 * unlinked file and sync the directory. This should 1063 * allow vput() of the directory to not block later on 1064 * while holding the snapshot vnode locked, assuming 1065 * that the directory hasn't been unlinked too. 1066 */ 1067 VOP_UNLOCK(vp); 1068 (void) VOP_FSYNC(dvp, MNT_WAIT, td); 1069 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 1070 } 1071 return (error); 1072 } 1073 1074 static void 1075 print_bad_link_count(const char *funcname, struct vnode *dvp) 1076 { 1077 struct inode *dip; 1078 1079 dip = VTOI(dvp); 1080 uprintf("%s: Bad link count %d on parent inode %jd in file system %s\n", 1081 funcname, dip->i_effnlink, (intmax_t)dip->i_number, 1082 dvp->v_mount->mnt_stat.f_mntonname); 1083 } 1084 1085 /* 1086 * link vnode call 1087 */ 1088 static int 1089 ufs_link( 1090 struct vop_link_args /* { 1091 struct vnode *a_tdvp; 1092 struct vnode *a_vp; 1093 struct componentname *a_cnp; 1094 } */ *ap) 1095 { 1096 struct vnode *vp = ap->a_vp; 1097 struct vnode *tdvp = ap->a_tdvp; 1098 struct componentname *cnp = ap->a_cnp; 1099 struct inode *ip; 1100 struct direct newdir; 1101 int error; 1102 1103 if (DOINGSUJ(tdvp)) { 1104 error = softdep_prelink(tdvp, vp, cnp); 1105 if (error != 0) { 1106 MPASS(error == ERELOOKUP); 1107 return (error); 1108 } 1109 } 1110 1111 if (VTOI(tdvp)->i_effnlink < 2) { 1112 print_bad_link_count("ufs_link", tdvp); 1113 error = EINVAL; 1114 goto out; 1115 } 1116 error = ufs_sync_nlink(vp, tdvp); 1117 if (error != 0) 1118 goto out; 1119 ip = VTOI(vp); 1120 1121 /* 1122 * The file may have been removed after namei dropped the original 1123 * lock. 1124 */ 1125 if (ip->i_effnlink == 0) { 1126 error = ENOENT; 1127 goto out; 1128 } 1129 if (ip->i_flags & (IMMUTABLE | APPEND)) { 1130 error = EPERM; 1131 goto out; 1132 } 1133 1134 ip->i_effnlink++; 1135 ip->i_nlink++; 1136 DIP_SET_NLINK(ip, ip->i_nlink); 1137 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 1138 if (DOINGSOFTDEP(vp)) 1139 softdep_setup_link(VTOI(tdvp), ip); 1140 error = UFS_UPDATE(vp, !DOINGSOFTDEP(vp) && !DOINGASYNC(vp)); 1141 if (!error) { 1142 ufs_makedirentry(ip, cnp, &newdir); 1143 error = ufs_direnter(tdvp, vp, &newdir, cnp, NULL); 1144 } 1145 1146 if (error) { 1147 ip->i_effnlink--; 1148 ip->i_nlink--; 1149 DIP_SET_NLINK(ip, ip->i_nlink); 1150 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 1151 if (DOINGSOFTDEP(vp)) 1152 softdep_revert_link(VTOI(tdvp), ip); 1153 } 1154 out: 1155 return (error); 1156 } 1157 1158 /* 1159 * whiteout vnode call 1160 */ 1161 static int 1162 ufs_whiteout( 1163 struct vop_whiteout_args /* { 1164 struct vnode *a_dvp; 1165 struct componentname *a_cnp; 1166 int a_flags; 1167 } */ *ap) 1168 { 1169 struct vnode *dvp = ap->a_dvp; 1170 struct componentname *cnp = ap->a_cnp; 1171 struct direct newdir; 1172 int error = 0; 1173 1174 if (DOINGSUJ(dvp) && (ap->a_flags == CREATE || 1175 ap->a_flags == DELETE)) { 1176 error = softdep_prelink(dvp, NULL, cnp); 1177 if (error != 0) { 1178 MPASS(error == ERELOOKUP); 1179 return (error); 1180 } 1181 } 1182 1183 switch (ap->a_flags) { 1184 case LOOKUP: 1185 /* 4.4 format directories support whiteout operations */ 1186 if (!OFSFMT(dvp)) 1187 return (0); 1188 return (EOPNOTSUPP); 1189 1190 case CREATE: 1191 /* create a new directory whiteout */ 1192 #ifdef INVARIANTS 1193 if (OFSFMT(dvp)) 1194 panic("ufs_whiteout: old format filesystem"); 1195 #endif 1196 1197 newdir.d_ino = UFS_WINO; 1198 newdir.d_namlen = cnp->cn_namelen; 1199 bcopy(cnp->cn_nameptr, newdir.d_name, (unsigned)cnp->cn_namelen + 1); 1200 newdir.d_type = DT_WHT; 1201 error = ufs_direnter(dvp, NULL, &newdir, cnp, NULL); 1202 break; 1203 1204 case DELETE: 1205 /* remove an existing directory whiteout */ 1206 #ifdef INVARIANTS 1207 if (OFSFMT(dvp)) 1208 panic("ufs_whiteout: old format filesystem"); 1209 #endif 1210 1211 cnp->cn_flags &= ~DOWHITEOUT; 1212 error = ufs_dirremove(dvp, NULL, cnp->cn_flags, 0); 1213 break; 1214 default: 1215 panic("ufs_whiteout: unknown op"); 1216 } 1217 return (error); 1218 } 1219 1220 static volatile int rename_restarts; 1221 SYSCTL_INT(_vfs_ufs, OID_AUTO, rename_restarts, CTLFLAG_RD, 1222 __DEVOLATILE(int *, &rename_restarts), 0, 1223 "Times rename had to restart due to lock contention"); 1224 1225 /* 1226 * Rename system call. 1227 * rename("foo", "bar"); 1228 * is essentially 1229 * unlink("bar"); 1230 * link("foo", "bar"); 1231 * unlink("foo"); 1232 * but ``atomically''. Can't do full commit without saving state in the 1233 * inode on disk which isn't feasible at this time. Best we can do is 1234 * always guarantee the target exists. 1235 * 1236 * Basic algorithm is: 1237 * 1238 * 1) Bump link count on source while we're linking it to the 1239 * target. This also ensure the inode won't be deleted out 1240 * from underneath us while we work (it may be truncated by 1241 * a concurrent `trunc' or `open' for creation). 1242 * 2) Link source to destination. If destination already exists, 1243 * delete it first. 1244 * 3) Unlink source reference to inode if still around. If a 1245 * directory was moved and the parent of the destination 1246 * is different from the source, patch the ".." entry in the 1247 * directory. 1248 */ 1249 static int 1250 ufs_rename( 1251 struct vop_rename_args /* { 1252 struct vnode *a_fdvp; 1253 struct vnode *a_fvp; 1254 struct componentname *a_fcnp; 1255 struct vnode *a_tdvp; 1256 struct vnode *a_tvp; 1257 struct componentname *a_tcnp; 1258 } */ *ap) 1259 { 1260 struct vnode *tvp = ap->a_tvp; 1261 struct vnode *tdvp = ap->a_tdvp; 1262 struct vnode *fvp = ap->a_fvp; 1263 struct vnode *fdvp = ap->a_fdvp; 1264 struct vnode *nvp; 1265 struct componentname *tcnp = ap->a_tcnp; 1266 struct componentname *fcnp = ap->a_fcnp; 1267 struct thread *td = curthread; 1268 struct inode *fip, *tip, *tdp, *fdp; 1269 struct direct newdir; 1270 off_t endoff; 1271 int doingdirectory, newparent; 1272 int error = 0; 1273 struct mount *mp; 1274 ino_t ino; 1275 seqc_t fdvp_s, fvp_s, tdvp_s, tvp_s; 1276 bool checkpath_locked, want_seqc_end; 1277 1278 checkpath_locked = want_seqc_end = false; 1279 1280 endoff = 0; 1281 mp = tdvp->v_mount; 1282 VOP_UNLOCK(tdvp); 1283 if (tvp && tvp != tdvp) 1284 VOP_UNLOCK(tvp); 1285 /* 1286 * Check for cross-device rename. 1287 */ 1288 if ((fvp->v_mount != tdvp->v_mount) || 1289 (tvp && (fvp->v_mount != tvp->v_mount))) { 1290 error = EXDEV; 1291 mp = NULL; 1292 goto releout; 1293 } 1294 1295 fdvp_s = fvp_s = tdvp_s = tvp_s = SEQC_MOD; 1296 relock: 1297 /* 1298 * We need to acquire 2 to 4 locks depending on whether tvp is NULL 1299 * and fdvp and tdvp are the same directory. Subsequently we need 1300 * to double-check all paths and in the directory rename case we 1301 * need to verify that we are not creating a directory loop. To 1302 * handle this we acquire all but fdvp using non-blocking 1303 * acquisitions. If we fail to acquire any lock in the path we will 1304 * drop all held locks, acquire the new lock in a blocking fashion, 1305 * and then release it and restart the rename. This acquire/release 1306 * step ensures that we do not spin on a lock waiting for release. 1307 */ 1308 error = vn_lock(fdvp, LK_EXCLUSIVE); 1309 if (error) 1310 goto releout; 1311 if (vn_lock(tdvp, LK_EXCLUSIVE | LK_NOWAIT) != 0) { 1312 VOP_UNLOCK(fdvp); 1313 error = vn_lock(tdvp, LK_EXCLUSIVE); 1314 if (error) 1315 goto releout; 1316 VOP_UNLOCK(tdvp); 1317 atomic_add_int(&rename_restarts, 1); 1318 goto relock; 1319 } 1320 /* 1321 * Re-resolve fvp to be certain it still exists and fetch the 1322 * correct vnode. 1323 */ 1324 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino); 1325 if (error) { 1326 VOP_UNLOCK(fdvp); 1327 VOP_UNLOCK(tdvp); 1328 goto releout; 1329 } 1330 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp); 1331 if (error) { 1332 VOP_UNLOCK(fdvp); 1333 VOP_UNLOCK(tdvp); 1334 if (error != EBUSY) 1335 goto releout; 1336 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp); 1337 if (error != 0) 1338 goto releout; 1339 VOP_UNLOCK(nvp); 1340 vrele(fvp); 1341 fvp = nvp; 1342 atomic_add_int(&rename_restarts, 1); 1343 goto relock; 1344 } 1345 vrele(fvp); 1346 fvp = nvp; 1347 /* 1348 * Re-resolve tvp and acquire the vnode lock if present. 1349 */ 1350 error = ufs_lookup_ino(tdvp, NULL, tcnp, &ino); 1351 if (error != 0 && error != EJUSTRETURN) { 1352 VOP_UNLOCK(fdvp); 1353 VOP_UNLOCK(tdvp); 1354 VOP_UNLOCK(fvp); 1355 goto releout; 1356 } 1357 /* 1358 * If tvp disappeared we just carry on. 1359 */ 1360 if (error == EJUSTRETURN && tvp != NULL) { 1361 vrele(tvp); 1362 tvp = NULL; 1363 } 1364 /* 1365 * Get the tvp ino if the lookup succeeded. We may have to restart 1366 * if the non-blocking acquire fails. 1367 */ 1368 if (error == 0) { 1369 nvp = NULL; 1370 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp); 1371 if (tvp) 1372 vrele(tvp); 1373 tvp = nvp; 1374 if (error) { 1375 VOP_UNLOCK(fdvp); 1376 VOP_UNLOCK(tdvp); 1377 VOP_UNLOCK(fvp); 1378 if (error != EBUSY) 1379 goto releout; 1380 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp); 1381 if (error != 0) 1382 goto releout; 1383 vput(nvp); 1384 atomic_add_int(&rename_restarts, 1); 1385 goto relock; 1386 } 1387 } 1388 1389 if (DOINGSUJ(fdvp) && 1390 (seqc_in_modify(fdvp_s) || !vn_seqc_consistent(fdvp, fdvp_s) || 1391 seqc_in_modify(fvp_s) || !vn_seqc_consistent(fvp, fvp_s) || 1392 seqc_in_modify(tdvp_s) || !vn_seqc_consistent(tdvp, tdvp_s) || 1393 (tvp != NULL && (seqc_in_modify(tvp_s) || 1394 !vn_seqc_consistent(tvp, tvp_s))))) { 1395 error = softdep_prerename(fdvp, fvp, tdvp, tvp); 1396 if (error != 0) 1397 goto releout; 1398 } 1399 1400 fdp = VTOI(fdvp); 1401 fip = VTOI(fvp); 1402 tdp = VTOI(tdvp); 1403 tip = NULL; 1404 if (tvp) 1405 tip = VTOI(tvp); 1406 if (tvp && ((VTOI(tvp)->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) || 1407 (VTOI(tdvp)->i_flags & APPEND))) { 1408 error = EPERM; 1409 goto unlockout; 1410 } 1411 /* 1412 * Renaming a file to itself has no effect. The upper layers should 1413 * not call us in that case. However, things could change after 1414 * we drop the locks above. 1415 */ 1416 if (fvp == tvp) { 1417 error = 0; 1418 goto unlockout; 1419 } 1420 doingdirectory = 0; 1421 newparent = 0; 1422 ino = fip->i_number; 1423 if (fip->i_nlink >= UFS_LINK_MAX) { 1424 if (!DOINGSOFTDEP(fvp) || fip->i_effnlink >= UFS_LINK_MAX) { 1425 error = EMLINK; 1426 goto unlockout; 1427 } 1428 vfs_ref(mp); 1429 MPASS(!want_seqc_end); 1430 if (checkpath_locked) { 1431 sx_xunlock(&VFSTOUFS(mp)->um_checkpath_lock); 1432 checkpath_locked = false; 1433 } 1434 VOP_UNLOCK(fdvp); 1435 VOP_UNLOCK(fvp); 1436 vref(tdvp); 1437 if (tvp != NULL) 1438 vref(tvp); 1439 VOP_VPUT_PAIR(tdvp, &tvp, true); 1440 error = ufs_sync_nlink1(mp); 1441 vrele(fdvp); 1442 vrele(fvp); 1443 vrele(tdvp); 1444 if (tvp != NULL) 1445 vrele(tvp); 1446 return (error); 1447 } 1448 if ((fip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) 1449 || (fdp->i_flags & APPEND)) { 1450 error = EPERM; 1451 goto unlockout; 1452 } 1453 if ((fip->i_mode & IFMT) == IFDIR) { 1454 /* 1455 * Avoid ".", "..", and aliases of "." for obvious reasons. 1456 */ 1457 if ((fcnp->cn_namelen == 1 && fcnp->cn_nameptr[0] == '.') || 1458 fdp == fip || 1459 (fcnp->cn_flags | tcnp->cn_flags) & ISDOTDOT) { 1460 error = EINVAL; 1461 goto unlockout; 1462 } 1463 if (fdp->i_number != tdp->i_number) 1464 newparent = tdp->i_number; 1465 doingdirectory = 1; 1466 } 1467 if ((fvp->v_type == VDIR && fvp->v_mountedhere != NULL) || 1468 (tvp != NULL && tvp->v_type == VDIR && 1469 tvp->v_mountedhere != NULL)) { 1470 error = EXDEV; 1471 goto unlockout; 1472 } 1473 1474 /* 1475 * If ".." must be changed (ie the directory gets a new 1476 * parent) then the source directory must not be in the 1477 * directory hierarchy above the target, as this would 1478 * orphan everything below the source directory. Also 1479 * the user must have write permission in the source so 1480 * as to be able to change "..". 1481 */ 1482 if (doingdirectory && newparent) { 1483 error = VOP_ACCESS(fvp, VWRITE, tcnp->cn_cred, curthread); 1484 if (error) 1485 goto unlockout; 1486 1487 sx_xlock(&VFSTOUFS(mp)->um_checkpath_lock); 1488 checkpath_locked = true; 1489 error = ufs_checkpath(ino, fdp->i_number, tdp, tcnp->cn_cred, 1490 &ino); 1491 /* 1492 * We encountered a lock that we have to wait for. Unlock 1493 * everything else and VGET before restarting. 1494 */ 1495 if (ino) { 1496 sx_xunlock(&VFSTOUFS(mp)->um_checkpath_lock); 1497 checkpath_locked = false; 1498 VOP_UNLOCK(fdvp); 1499 VOP_UNLOCK(fvp); 1500 VOP_UNLOCK(tdvp); 1501 if (tvp) 1502 VOP_UNLOCK(tvp); 1503 error = VFS_VGET(mp, ino, LK_SHARED, &nvp); 1504 if (error == 0) 1505 vput(nvp); 1506 atomic_add_int(&rename_restarts, 1); 1507 goto relock; 1508 } 1509 if (error) 1510 goto unlockout; 1511 } 1512 if (fip->i_effnlink == 0 || fdp->i_effnlink == 0 || 1513 tdp->i_effnlink == 0) 1514 panic("Bad effnlink fip %p, fdp %p, tdp %p", fip, fdp, tdp); 1515 1516 if (tvp != NULL) 1517 vn_seqc_write_begin(tvp); 1518 vn_seqc_write_begin(tdvp); 1519 vn_seqc_write_begin(fvp); 1520 vn_seqc_write_begin(fdvp); 1521 want_seqc_end = true; 1522 1523 /* 1524 * 1) Bump link count while we're moving stuff 1525 * around. If we crash somewhere before 1526 * completing our work, the link count 1527 * may be wrong, but correctable. 1528 */ 1529 fip->i_effnlink++; 1530 fip->i_nlink++; 1531 DIP_SET_NLINK(fip, fip->i_nlink); 1532 UFS_INODE_SET_FLAG(fip, IN_CHANGE); 1533 if (DOINGSOFTDEP(fvp)) 1534 softdep_setup_link(tdp, fip); 1535 error = UFS_UPDATE(fvp, !DOINGSOFTDEP(fvp) && !DOINGASYNC(fvp)); 1536 if (error) 1537 goto bad; 1538 1539 /* 1540 * 2) If target doesn't exist, link the target 1541 * to the source and unlink the source. 1542 * Otherwise, rewrite the target directory 1543 * entry to reference the source inode and 1544 * expunge the original entry's existence. 1545 */ 1546 if (tip == NULL) { 1547 if (ITODEV(tdp) != ITODEV(fip)) 1548 panic("ufs_rename: EXDEV"); 1549 if (doingdirectory && newparent) { 1550 /* 1551 * Account for ".." in new directory. 1552 * When source and destination have the same 1553 * parent we don't adjust the link count. The 1554 * actual link modification is completed when 1555 * .. is rewritten below. 1556 */ 1557 if (tdp->i_nlink >= UFS_LINK_MAX) { 1558 fip->i_effnlink--; 1559 fip->i_nlink--; 1560 DIP_SET_NLINK(fip, fip->i_nlink); 1561 UFS_INODE_SET_FLAG(fip, IN_CHANGE); 1562 if (DOINGSOFTDEP(fvp)) 1563 softdep_revert_link(tdp, fip); 1564 if (!DOINGSOFTDEP(tdvp) || 1565 tdp->i_effnlink >= UFS_LINK_MAX) { 1566 error = EMLINK; 1567 goto unlockout; 1568 } 1569 MPASS(want_seqc_end); 1570 if (tvp != NULL) 1571 vn_seqc_write_end(tvp); 1572 vn_seqc_write_end(tdvp); 1573 vn_seqc_write_end(fvp); 1574 vn_seqc_write_end(fdvp); 1575 want_seqc_end = false; 1576 vfs_ref(mp); 1577 MPASS(checkpath_locked); 1578 sx_xunlock(&VFSTOUFS(mp)->um_checkpath_lock); 1579 checkpath_locked = false; 1580 VOP_UNLOCK(fdvp); 1581 VOP_UNLOCK(fvp); 1582 vref(tdvp); 1583 if (tvp != NULL) 1584 vref(tvp); 1585 VOP_VPUT_PAIR(tdvp, &tvp, true); 1586 error = ufs_sync_nlink1(mp); 1587 vrele(fdvp); 1588 vrele(fvp); 1589 vrele(tdvp); 1590 if (tvp != NULL) 1591 vrele(tvp); 1592 return (error); 1593 } 1594 } 1595 ufs_makedirentry(fip, tcnp, &newdir); 1596 error = ufs_direnter(tdvp, NULL, &newdir, tcnp, NULL); 1597 if (error) 1598 goto bad; 1599 /* Setup tdvp for directory compaction if needed. */ 1600 if (I_COUNT(tdp) != 0 && I_ENDOFF(tdp) != 0 && 1601 I_ENDOFF(tdp) < tdp->i_size) 1602 endoff = I_ENDOFF(tdp); 1603 } else { 1604 if (ITODEV(tip) != ITODEV(tdp) || ITODEV(tip) != ITODEV(fip)) 1605 panic("ufs_rename: EXDEV"); 1606 /* 1607 * Short circuit rename(foo, foo). 1608 */ 1609 if (tip->i_number == fip->i_number) 1610 panic("ufs_rename: same file"); 1611 /* 1612 * If the parent directory is "sticky", then the caller 1613 * must possess VADMIN for the parent directory, or the 1614 * destination of the rename. This implements append-only 1615 * directories. 1616 */ 1617 if ((tdp->i_mode & S_ISTXT) && 1618 VOP_ACCESS(tdvp, VADMIN, tcnp->cn_cred, td) && 1619 VOP_ACCESS(tvp, VADMIN, tcnp->cn_cred, td)) { 1620 error = EPERM; 1621 goto bad; 1622 } 1623 /* 1624 * Target must be empty if a directory and have no links 1625 * to it. Also, ensure source and target are compatible 1626 * (both directories, or both not directories). 1627 */ 1628 if ((tip->i_mode & IFMT) == IFDIR) { 1629 if ((tip->i_effnlink > 2) || 1630 !ufs_dirempty(tip, tdp->i_number, tcnp->cn_cred, 1631 (tcnp->cn_flags & IGNOREWHITEOUT) != 0)) { 1632 error = ENOTEMPTY; 1633 goto bad; 1634 } 1635 if (!doingdirectory) { 1636 error = ENOTDIR; 1637 goto bad; 1638 } 1639 cache_purge(tdvp); 1640 } else if (doingdirectory) { 1641 error = EISDIR; 1642 goto bad; 1643 } 1644 if (doingdirectory) { 1645 if (!newparent) { 1646 tdp->i_effnlink--; 1647 if (DOINGSOFTDEP(tdvp)) 1648 softdep_change_linkcnt(tdp); 1649 } 1650 tip->i_effnlink--; 1651 if (DOINGSOFTDEP(tvp)) 1652 softdep_change_linkcnt(tip); 1653 } 1654 error = ufs_dirrewrite(tdp, tip, fip->i_number, 1655 IFTODT(fip->i_mode), 1656 (doingdirectory && newparent) ? newparent : doingdirectory); 1657 if (error) { 1658 if (doingdirectory) { 1659 if (!newparent) { 1660 tdp->i_effnlink++; 1661 if (DOINGSOFTDEP(tdvp)) 1662 softdep_change_linkcnt(tdp); 1663 } 1664 tip->i_effnlink++; 1665 if (DOINGSOFTDEP(tvp)) 1666 softdep_change_linkcnt(tip); 1667 } 1668 goto bad; 1669 } 1670 if (doingdirectory && !DOINGSOFTDEP(tvp)) { 1671 /* 1672 * The only stuff left in the directory is "." 1673 * and "..". The "." reference is inconsequential 1674 * since we are quashing it. We have removed the "." 1675 * reference and the reference in the parent directory, 1676 * but there may be other hard links. The soft 1677 * dependency code will arrange to do these operations 1678 * after the parent directory entry has been deleted on 1679 * disk, so when running with that code we avoid doing 1680 * them now. 1681 */ 1682 if (!newparent) { 1683 tdp->i_nlink--; 1684 DIP_SET_NLINK(tdp, tdp->i_nlink); 1685 UFS_INODE_SET_FLAG(tdp, IN_CHANGE); 1686 } 1687 tip->i_nlink--; 1688 DIP_SET_NLINK(tip, tip->i_nlink); 1689 UFS_INODE_SET_FLAG(tip, IN_CHANGE); 1690 } 1691 } 1692 1693 /* 1694 * 3) Unlink the source. We have to resolve the path again to 1695 * fixup the directory offset and count for ufs_dirremove. 1696 */ 1697 if (fdvp == tdvp) { 1698 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino); 1699 if (error) 1700 panic("ufs_rename: from entry went away!"); 1701 if (ino != fip->i_number) 1702 panic("ufs_rename: ino mismatch %ju != %ju\n", 1703 (uintmax_t)ino, (uintmax_t)fip->i_number); 1704 } 1705 /* 1706 * If the source is a directory with a 1707 * new parent, the link count of the old 1708 * parent directory must be decremented 1709 * and ".." set to point to the new parent. 1710 */ 1711 if (doingdirectory && newparent) { 1712 /* 1713 * Set the directory depth based on its new parent. 1714 */ 1715 DIP_SET(fip, i_dirdepth, DIP(tdp, i_dirdepth) + 1); 1716 /* 1717 * If tip exists we simply use its link, otherwise we must 1718 * add a new one. 1719 */ 1720 if (tip == NULL) { 1721 tdp->i_effnlink++; 1722 tdp->i_nlink++; 1723 DIP_SET_NLINK(tdp, tdp->i_nlink); 1724 UFS_INODE_SET_FLAG(tdp, IN_CHANGE); 1725 if (DOINGSOFTDEP(tdvp)) 1726 softdep_setup_dotdot_link(tdp, fip); 1727 error = UFS_UPDATE(tdvp, !DOINGSOFTDEP(tdvp) && 1728 !DOINGASYNC(tdvp)); 1729 /* Don't go to bad here as the new link exists. */ 1730 if (error) 1731 goto unlockout; 1732 } else if (DOINGSUJ(tdvp)) 1733 /* Journal must account for each new link. */ 1734 softdep_setup_dotdot_link(tdp, fip); 1735 SET_I_OFFSET(fip, mastertemplate.dot_reclen); 1736 if (ufs_dirrewrite(fip, fdp, newparent, DT_DIR, 0) != 0) 1737 ufs_dirbad(fip, mastertemplate.dot_reclen, 1738 "rename: missing .. entry"); 1739 cache_purge(fdvp); 1740 } 1741 error = ufs_dirremove(fdvp, fip, fcnp->cn_flags, 0); 1742 /* 1743 * The kern_renameat() looks up the fvp using the DELETE flag, which 1744 * causes the removal of the name cache entry for fvp. 1745 * As the relookup of the fvp is done in two steps: 1746 * ufs_lookup_ino() and then VFS_VGET(), another thread might do a 1747 * normal lookup of the from name just before the VFS_VGET() call, 1748 * causing the cache entry to be re-instantiated. 1749 * 1750 * The same issue also applies to tvp if it exists as 1751 * otherwise we may have a stale name cache entry for the new 1752 * name that references the old i-node if it has other links 1753 * or open file descriptors. 1754 */ 1755 cache_vop_rename(fdvp, fvp, tdvp, tvp, fcnp, tcnp); 1756 1757 unlockout: 1758 if (want_seqc_end) { 1759 if (tvp != NULL) 1760 vn_seqc_write_end(tvp); 1761 vn_seqc_write_end(tdvp); 1762 vn_seqc_write_end(fvp); 1763 vn_seqc_write_end(fdvp); 1764 } 1765 1766 if (checkpath_locked) 1767 sx_xunlock(&VFSTOUFS(mp)->um_checkpath_lock); 1768 1769 vput(fdvp); 1770 vput(fvp); 1771 1772 /* 1773 * If compaction or fsync was requested do it in 1774 * ffs_vput_pair() now that other locks are no longer needed. 1775 */ 1776 if (error == 0 && endoff != 0) { 1777 UFS_INODE_SET_FLAG(tdp, IN_ENDOFF); 1778 SET_I_ENDOFF(tdp, endoff); 1779 } 1780 VOP_VPUT_PAIR(tdvp, &tvp, true); 1781 return (error); 1782 1783 bad: 1784 fip->i_effnlink--; 1785 fip->i_nlink--; 1786 DIP_SET_NLINK(fip, fip->i_nlink); 1787 UFS_INODE_SET_FLAG(fip, IN_CHANGE); 1788 if (DOINGSOFTDEP(fvp)) 1789 softdep_revert_link(tdp, fip); 1790 goto unlockout; 1791 1792 releout: 1793 if (want_seqc_end) { 1794 if (tvp != NULL) 1795 vn_seqc_write_end(tvp); 1796 vn_seqc_write_end(tdvp); 1797 vn_seqc_write_end(fvp); 1798 vn_seqc_write_end(fdvp); 1799 } 1800 1801 vrele(fdvp); 1802 vrele(fvp); 1803 vrele(tdvp); 1804 if (tvp) 1805 vrele(tvp); 1806 1807 return (error); 1808 } 1809 1810 #ifdef UFS_ACL 1811 static int 1812 ufs_do_posix1e_acl_inheritance_dir(struct vnode *dvp, struct vnode *tvp, 1813 mode_t dmode, struct ucred *cred, struct thread *td) 1814 { 1815 int error; 1816 struct inode *ip = VTOI(tvp); 1817 struct acl *dacl, *acl; 1818 1819 acl = acl_alloc(M_WAITOK); 1820 dacl = acl_alloc(M_WAITOK); 1821 1822 /* 1823 * Retrieve default ACL from parent, if any. 1824 */ 1825 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td); 1826 switch (error) { 1827 case 0: 1828 /* 1829 * Retrieved a default ACL, so merge mode and ACL if 1830 * necessary. If the ACL is empty, fall through to 1831 * the "not defined or available" case. 1832 */ 1833 if (acl->acl_cnt != 0) { 1834 dmode = acl_posix1e_newfilemode(dmode, acl); 1835 UFS_INODE_SET_MODE(ip, dmode); 1836 DIP_SET(ip, i_mode, dmode); 1837 *dacl = *acl; 1838 ufs_sync_acl_from_inode(ip, acl); 1839 break; 1840 } 1841 /* FALLTHROUGH */ 1842 1843 case EOPNOTSUPP: 1844 /* 1845 * Just use the mode as-is. 1846 */ 1847 UFS_INODE_SET_MODE(ip, dmode); 1848 DIP_SET(ip, i_mode, dmode); 1849 error = 0; 1850 goto out; 1851 1852 default: 1853 goto out; 1854 } 1855 1856 /* 1857 * XXX: If we abort now, will Soft Updates notify the extattr 1858 * code that the EAs for the file need to be released? 1859 */ 1860 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td); 1861 if (error == 0) 1862 error = VOP_SETACL(tvp, ACL_TYPE_DEFAULT, dacl, cred, td); 1863 switch (error) { 1864 case 0: 1865 break; 1866 1867 case EOPNOTSUPP: 1868 /* 1869 * XXX: This should not happen, as EOPNOTSUPP above 1870 * was supposed to free acl. 1871 */ 1872 printf("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()\n"); 1873 /* 1874 panic("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()"); 1875 */ 1876 break; 1877 1878 default: 1879 goto out; 1880 } 1881 1882 out: 1883 acl_free(acl); 1884 acl_free(dacl); 1885 1886 return (error); 1887 } 1888 1889 static int 1890 ufs_do_posix1e_acl_inheritance_file(struct vnode *dvp, struct vnode *tvp, 1891 mode_t mode, struct ucred *cred, struct thread *td) 1892 { 1893 int error; 1894 struct inode *ip = VTOI(tvp); 1895 struct acl *acl; 1896 1897 acl = acl_alloc(M_WAITOK); 1898 1899 /* 1900 * Retrieve default ACL for parent, if any. 1901 */ 1902 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td); 1903 switch (error) { 1904 case 0: 1905 /* 1906 * Retrieved a default ACL, so merge mode and ACL if 1907 * necessary. 1908 */ 1909 if (acl->acl_cnt != 0) { 1910 /* 1911 * Two possible ways for default ACL to not 1912 * be present. First, the EA can be 1913 * undefined, or second, the default ACL can 1914 * be blank. If it's blank, fall through to 1915 * the it's not defined case. 1916 */ 1917 mode = acl_posix1e_newfilemode(mode, acl); 1918 UFS_INODE_SET_MODE(ip, mode); 1919 DIP_SET(ip, i_mode, mode); 1920 ufs_sync_acl_from_inode(ip, acl); 1921 break; 1922 } 1923 /* FALLTHROUGH */ 1924 1925 case EOPNOTSUPP: 1926 /* 1927 * Just use the mode as-is. 1928 */ 1929 UFS_INODE_SET_MODE(ip, mode); 1930 DIP_SET(ip, i_mode, mode); 1931 error = 0; 1932 goto out; 1933 1934 default: 1935 goto out; 1936 } 1937 1938 /* 1939 * XXX: If we abort now, will Soft Updates notify the extattr 1940 * code that the EAs for the file need to be released? 1941 */ 1942 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td); 1943 switch (error) { 1944 case 0: 1945 break; 1946 1947 case EOPNOTSUPP: 1948 /* 1949 * XXX: This should not happen, as EOPNOTSUPP above was 1950 * supposed to free acl. 1951 */ 1952 printf("ufs_do_posix1e_acl_inheritance_file: VOP_GETACL() " 1953 "but no VOP_SETACL()\n"); 1954 /* panic("ufs_do_posix1e_acl_inheritance_file: VOP_GETACL() " 1955 "but no VOP_SETACL()"); */ 1956 break; 1957 1958 default: 1959 goto out; 1960 } 1961 1962 out: 1963 acl_free(acl); 1964 1965 return (error); 1966 } 1967 1968 static int 1969 ufs_do_nfs4_acl_inheritance(struct vnode *dvp, struct vnode *tvp, 1970 mode_t child_mode, struct ucred *cred, struct thread *td) 1971 { 1972 int error; 1973 struct acl *parent_aclp, *child_aclp; 1974 1975 parent_aclp = acl_alloc(M_WAITOK); 1976 child_aclp = acl_alloc(M_WAITOK | M_ZERO); 1977 1978 error = ufs_getacl_nfs4_internal(dvp, parent_aclp, td); 1979 if (error) 1980 goto out; 1981 acl_nfs4_compute_inherited_acl(parent_aclp, child_aclp, 1982 child_mode, VTOI(tvp)->i_uid, tvp->v_type == VDIR); 1983 error = ufs_setacl_nfs4_internal(tvp, child_aclp, td); 1984 if (error) 1985 goto out; 1986 out: 1987 acl_free(parent_aclp); 1988 acl_free(child_aclp); 1989 1990 return (error); 1991 } 1992 #endif 1993 1994 /* 1995 * Mkdir system call 1996 */ 1997 static int 1998 ufs_mkdir( 1999 struct vop_mkdir_args /* { 2000 struct vnode *a_dvp; 2001 struct vnode **a_vpp; 2002 struct componentname *a_cnp; 2003 struct vattr *a_vap; 2004 } */ *ap) 2005 { 2006 struct vnode *dvp = ap->a_dvp; 2007 struct vattr *vap = ap->a_vap; 2008 struct componentname *cnp = ap->a_cnp; 2009 struct inode *ip, *dp; 2010 struct vnode *tvp; 2011 struct buf *bp; 2012 struct dirtemplate dirtemplate, *dtp; 2013 struct direct newdir; 2014 int error, dmode; 2015 long blkoff; 2016 2017 dp = VTOI(dvp); 2018 error = ufs_sync_nlink(dvp, NULL); 2019 if (error != 0) 2020 goto out; 2021 dmode = vap->va_mode & 0777; 2022 dmode |= IFDIR; 2023 2024 /* 2025 * Must simulate part of ufs_makeinode here to acquire the inode, 2026 * but not have it entered in the parent directory. The entry is 2027 * made later after writing "." and ".." entries. 2028 */ 2029 if (dp->i_effnlink < 2) { 2030 print_bad_link_count("ufs_mkdir", dvp); 2031 error = EINVAL; 2032 goto out; 2033 } 2034 2035 if (DOINGSUJ(dvp)) { 2036 error = softdep_prelink(dvp, NULL, cnp); 2037 if (error != 0) { 2038 MPASS(error == ERELOOKUP); 2039 return (error); 2040 } 2041 } 2042 2043 error = UFS_VALLOC(dvp, dmode, cnp->cn_cred, &tvp); 2044 if (error) 2045 goto out; 2046 vn_seqc_write_begin(tvp); 2047 ip = VTOI(tvp); 2048 ip->i_gid = dp->i_gid; 2049 DIP_SET(ip, i_gid, dp->i_gid); 2050 #ifdef SUIDDIR 2051 { 2052 #ifdef QUOTA 2053 struct ucred ucred, *ucp; 2054 gid_t ucred_group; 2055 ucp = cnp->cn_cred; 2056 #endif 2057 /* 2058 * If we are hacking owners here, (only do this where told to) 2059 * and we are not giving it TO root, (would subvert quotas) 2060 * then go ahead and give it to the other user. 2061 * The new directory also inherits the SUID bit. 2062 * If user's UID and dir UID are the same, 2063 * 'give it away' so that the SUID is still forced on. 2064 */ 2065 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) && 2066 (dp->i_mode & ISUID) && dp->i_uid) { 2067 dmode |= ISUID; 2068 ip->i_uid = dp->i_uid; 2069 DIP_SET(ip, i_uid, dp->i_uid); 2070 #ifdef QUOTA 2071 if (dp->i_uid != cnp->cn_cred->cr_uid) { 2072 /* 2073 * Make sure the correct user gets charged 2074 * for the space. 2075 * Make a dummy credential for the victim. 2076 * XXX This seems to never be accessed out of 2077 * our context so a stack variable is ok. 2078 */ 2079 ucred.cr_ref = 1; 2080 ucred.cr_uid = ip->i_uid; 2081 ucred.cr_ngroups = 1; 2082 ucred.cr_groups = &ucred_group; 2083 ucred.cr_groups[0] = dp->i_gid; 2084 ucp = &ucred; 2085 } 2086 #endif 2087 } else { 2088 ip->i_uid = cnp->cn_cred->cr_uid; 2089 DIP_SET(ip, i_uid, ip->i_uid); 2090 } 2091 #ifdef QUOTA 2092 if ((error = getinoquota(ip)) || 2093 (error = chkiq(ip, 1, ucp, 0))) { 2094 if (DOINGSOFTDEP(tvp)) 2095 softdep_revert_link(dp, ip); 2096 UFS_VFREE(tvp, ip->i_number, dmode); 2097 vn_seqc_write_end(tvp); 2098 vgone(tvp); 2099 vput(tvp); 2100 return (error); 2101 } 2102 #endif 2103 } 2104 #else /* !SUIDDIR */ 2105 ip->i_uid = cnp->cn_cred->cr_uid; 2106 DIP_SET(ip, i_uid, ip->i_uid); 2107 #ifdef QUOTA 2108 if ((error = getinoquota(ip)) || 2109 (error = chkiq(ip, 1, cnp->cn_cred, 0))) { 2110 if (DOINGSOFTDEP(tvp)) 2111 softdep_revert_link(dp, ip); 2112 UFS_VFREE(tvp, ip->i_number, dmode); 2113 vn_seqc_write_end(tvp); 2114 vgone(tvp); 2115 vput(tvp); 2116 return (error); 2117 } 2118 #endif 2119 #endif /* !SUIDDIR */ 2120 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE); 2121 UFS_INODE_SET_MODE(ip, dmode); 2122 DIP_SET(ip, i_mode, dmode); 2123 tvp->v_type = VDIR; /* Rest init'd in getnewvnode(). */ 2124 ip->i_effnlink = 2; 2125 ip->i_nlink = 2; 2126 DIP_SET_NLINK(ip, 2); 2127 DIP_SET(ip, i_dirdepth, DIP(dp,i_dirdepth) + 1); 2128 2129 if (cnp->cn_flags & ISWHITEOUT) { 2130 ip->i_flags |= UF_OPAQUE; 2131 DIP_SET(ip, i_flags, ip->i_flags); 2132 } 2133 2134 /* 2135 * Bump link count in parent directory to reflect work done below. 2136 * Should be done before reference is created so cleanup is 2137 * possible if we crash. 2138 */ 2139 dp->i_effnlink++; 2140 dp->i_nlink++; 2141 DIP_SET_NLINK(dp, dp->i_nlink); 2142 UFS_INODE_SET_FLAG(dp, IN_CHANGE); 2143 if (DOINGSOFTDEP(dvp)) 2144 softdep_setup_mkdir(dp, ip); 2145 error = UFS_UPDATE(dvp, !DOINGSOFTDEP(dvp) && !DOINGASYNC(dvp)); 2146 if (error) 2147 goto bad; 2148 #ifdef MAC 2149 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) { 2150 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount, 2151 dvp, tvp, cnp); 2152 if (error) 2153 goto bad; 2154 } 2155 #endif 2156 #ifdef UFS_ACL 2157 if (dvp->v_mount->mnt_flag & MNT_ACLS) { 2158 error = ufs_do_posix1e_acl_inheritance_dir(dvp, tvp, dmode, 2159 cnp->cn_cred, curthread); 2160 if (error) 2161 goto bad; 2162 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) { 2163 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, dmode, 2164 cnp->cn_cred, curthread); 2165 if (error) 2166 goto bad; 2167 } 2168 #endif /* !UFS_ACL */ 2169 2170 /* 2171 * Initialize directory with "." and ".." from static template. 2172 */ 2173 if (!OFSFMT(dvp)) 2174 dtp = &mastertemplate; 2175 else 2176 dtp = (struct dirtemplate *)&omastertemplate; 2177 dirtemplate = *dtp; 2178 dirtemplate.dot_ino = ip->i_number; 2179 dirtemplate.dotdot_ino = dp->i_number; 2180 vnode_pager_setsize(tvp, DIRBLKSIZ); 2181 if ((error = UFS_BALLOC(tvp, (off_t)0, DIRBLKSIZ, cnp->cn_cred, 2182 BA_CLRBUF, &bp)) != 0) 2183 goto bad; 2184 ip->i_size = DIRBLKSIZ; 2185 DIP_SET(ip, i_size, DIRBLKSIZ); 2186 UFS_INODE_SET_FLAG(ip, IN_SIZEMOD | IN_CHANGE | IN_UPDATE); 2187 bcopy((caddr_t)&dirtemplate, (caddr_t)bp->b_data, sizeof dirtemplate); 2188 if (DOINGSOFTDEP(tvp)) { 2189 /* 2190 * Ensure that the entire newly allocated block is a 2191 * valid directory so that future growth within the 2192 * block does not have to ensure that the block is 2193 * written before the inode. 2194 */ 2195 blkoff = DIRBLKSIZ; 2196 while (blkoff < bp->b_bcount) { 2197 ((struct direct *) 2198 (bp->b_data + blkoff))->d_reclen = DIRBLKSIZ; 2199 blkoff += DIRBLKSIZ; 2200 } 2201 } 2202 if ((error = UFS_UPDATE(tvp, !DOINGSOFTDEP(tvp) && 2203 !DOINGASYNC(tvp))) != 0) { 2204 (void)bwrite(bp); 2205 goto bad; 2206 } 2207 /* 2208 * Directory set up, now install its entry in the parent directory. 2209 * 2210 * If we are not doing soft dependencies, then we must write out the 2211 * buffer containing the new directory body before entering the new 2212 * name in the parent. If we are doing soft dependencies, then the 2213 * buffer containing the new directory body will be passed to and 2214 * released in the soft dependency code after the code has attached 2215 * an appropriate ordering dependency to the buffer which ensures that 2216 * the buffer is written before the new name is written in the parent. 2217 */ 2218 if (DOINGASYNC(dvp)) 2219 bdwrite(bp); 2220 else if (!DOINGSOFTDEP(dvp) && ((error = bwrite(bp)))) 2221 goto bad; 2222 ufs_makedirentry(ip, cnp, &newdir); 2223 error = ufs_direnter(dvp, tvp, &newdir, cnp, bp); 2224 2225 bad: 2226 if (error == 0) { 2227 *ap->a_vpp = tvp; 2228 vn_seqc_write_end(tvp); 2229 } else { 2230 dp->i_effnlink--; 2231 dp->i_nlink--; 2232 DIP_SET_NLINK(dp, dp->i_nlink); 2233 UFS_INODE_SET_FLAG(dp, IN_CHANGE); 2234 /* 2235 * No need to do an explicit VOP_TRUNCATE here, vrele will 2236 * do this for us because we set the link count to 0. 2237 */ 2238 ip->i_effnlink = 0; 2239 ip->i_nlink = 0; 2240 DIP_SET_NLINK(ip, 0); 2241 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 2242 if (DOINGSOFTDEP(tvp)) 2243 softdep_revert_mkdir(dp, ip); 2244 vn_seqc_write_end(tvp); 2245 vgone(tvp); 2246 vput(tvp); 2247 } 2248 out: 2249 return (error); 2250 } 2251 2252 /* 2253 * Rmdir system call. 2254 */ 2255 static int 2256 ufs_rmdir( 2257 struct vop_rmdir_args /* { 2258 struct vnode *a_dvp; 2259 struct vnode *a_vp; 2260 struct componentname *a_cnp; 2261 } */ *ap) 2262 { 2263 struct vnode *vp = ap->a_vp; 2264 struct vnode *dvp = ap->a_dvp; 2265 struct componentname *cnp = ap->a_cnp; 2266 struct inode *ip, *dp; 2267 int error; 2268 2269 ip = VTOI(vp); 2270 dp = VTOI(dvp); 2271 2272 /* 2273 * Do not remove a directory that is in the process of being renamed. 2274 * Verify the directory is empty (and valid). Rmdir ".." will not be 2275 * valid since ".." will contain a reference to the current directory 2276 * and thus be non-empty. Do not allow the removal of mounted on 2277 * directories (this can happen when an NFS exported filesystem 2278 * tries to remove a locally mounted on directory). 2279 */ 2280 error = 0; 2281 if (dp->i_effnlink <= 2) { 2282 if (dp->i_effnlink == 2) 2283 print_bad_link_count("ufs_rmdir", dvp); 2284 error = EINVAL; 2285 goto out; 2286 } 2287 if (!ufs_dirempty(ip, dp->i_number, cnp->cn_cred, 2288 (cnp->cn_flags & IGNOREWHITEOUT) != 0)) { 2289 error = ENOTEMPTY; 2290 goto out; 2291 } 2292 if ((dp->i_flags & APPEND) 2293 || (ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))) { 2294 error = EPERM; 2295 goto out; 2296 } 2297 if (vp->v_mountedhere != 0) { 2298 error = EINVAL; 2299 goto out; 2300 } 2301 if (DOINGSUJ(dvp)) { 2302 error = softdep_prelink(dvp, vp, cnp); 2303 if (error != 0) { 2304 MPASS(error == ERELOOKUP); 2305 return (error); 2306 } 2307 } 2308 2309 #ifdef UFS_GJOURNAL 2310 ufs_gjournal_orphan(vp); 2311 #endif 2312 /* 2313 * Delete reference to directory before purging 2314 * inode. If we crash in between, the directory 2315 * will be reattached to lost+found, 2316 */ 2317 dp->i_effnlink--; 2318 ip->i_effnlink--; 2319 if (DOINGSOFTDEP(vp)) 2320 softdep_setup_rmdir(dp, ip); 2321 error = ufs_dirremove(dvp, ip, cnp->cn_flags, 1); 2322 if (error) { 2323 dp->i_effnlink++; 2324 ip->i_effnlink++; 2325 if (DOINGSOFTDEP(vp)) 2326 softdep_revert_rmdir(dp, ip); 2327 goto out; 2328 } 2329 /* 2330 * The only stuff left in the directory is "." and "..". The "." 2331 * reference is inconsequential since we are quashing it. The soft 2332 * dependency code will arrange to do these operations after 2333 * the parent directory entry has been deleted on disk, so 2334 * when running with that code we avoid doing them now. 2335 */ 2336 if (!DOINGSOFTDEP(vp)) { 2337 dp->i_nlink--; 2338 DIP_SET_NLINK(dp, dp->i_nlink); 2339 UFS_INODE_SET_FLAG(dp, IN_CHANGE); 2340 error = UFS_UPDATE(dvp, 0); 2341 ip->i_nlink--; 2342 DIP_SET_NLINK(ip, ip->i_nlink); 2343 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 2344 } 2345 cache_vop_rmdir(dvp, vp); 2346 #ifdef UFS_DIRHASH 2347 /* Kill any active hash; i_effnlink == 0, so it will not come back. */ 2348 if (ip->i_dirhash != NULL) 2349 ufsdirhash_free(ip); 2350 #endif 2351 out: 2352 return (error); 2353 } 2354 2355 /* 2356 * symlink -- make a symbolic link 2357 */ 2358 static int 2359 ufs_symlink( 2360 struct vop_symlink_args /* { 2361 struct vnode *a_dvp; 2362 struct vnode **a_vpp; 2363 struct componentname *a_cnp; 2364 struct vattr *a_vap; 2365 const char *a_target; 2366 } */ *ap) 2367 { 2368 struct vnode *vp, **vpp = ap->a_vpp; 2369 struct inode *ip; 2370 int len, error; 2371 2372 error = ufs_makeinode(IFLNK | ap->a_vap->va_mode, ap->a_dvp, 2373 vpp, ap->a_cnp, "ufs_symlink"); 2374 if (error) 2375 return (error); 2376 vp = *vpp; 2377 len = strlen(ap->a_target); 2378 if (len < VFSTOUFS(vp->v_mount)->um_maxsymlinklen) { 2379 ip = VTOI(vp); 2380 bcopy(ap->a_target, DIP(ip, i_shortlink), len); 2381 ip->i_size = len; 2382 DIP_SET(ip, i_size, len); 2383 UFS_INODE_SET_FLAG(ip, IN_SIZEMOD | IN_CHANGE | IN_UPDATE); 2384 error = UFS_UPDATE(vp, 0); 2385 } else 2386 error = vn_rdwr(UIO_WRITE, vp, __DECONST(void *, ap->a_target), 2387 len, (off_t)0, UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK, 2388 ap->a_cnp->cn_cred, NOCRED, NULL, NULL); 2389 if (error) 2390 vput(vp); 2391 return (error); 2392 } 2393 2394 /* 2395 * Vnode op for reading directories. 2396 */ 2397 int 2398 ufs_readdir( 2399 struct vop_readdir_args /* { 2400 struct vnode *a_vp; 2401 struct uio *a_uio; 2402 struct ucred *a_cred; 2403 int *a_eofflag; 2404 int *a_ncookies; 2405 uint64_t **a_cookies; 2406 } */ *ap) 2407 { 2408 struct vnode *vp = ap->a_vp; 2409 struct uio *uio = ap->a_uio; 2410 struct buf *bp; 2411 struct inode *ip; 2412 struct direct *dp, *edp; 2413 uint64_t *cookies; 2414 struct dirent dstdp; 2415 off_t offset, startoffset; 2416 size_t readcnt, skipcnt; 2417 ssize_t startresid; 2418 uint64_t ncookies; 2419 int error; 2420 2421 if (uio->uio_offset < 0) 2422 return (EINVAL); 2423 ip = VTOI(vp); 2424 if (ip->i_effnlink == 0) { 2425 *ap->a_eofflag = 1; 2426 return (0); 2427 } 2428 if (ap->a_ncookies != NULL) { 2429 if (uio->uio_resid < 0) 2430 ncookies = 0; 2431 else 2432 ncookies = uio->uio_resid; 2433 if (uio->uio_offset >= ip->i_size) 2434 ncookies = 0; 2435 else if (ip->i_size - uio->uio_offset < ncookies) 2436 ncookies = ip->i_size - uio->uio_offset; 2437 ncookies = ncookies / (offsetof(struct direct, d_name) + 4) + 1; 2438 cookies = malloc(ncookies * sizeof(*cookies), M_TEMP, M_WAITOK); 2439 *ap->a_ncookies = ncookies; 2440 *ap->a_cookies = cookies; 2441 } else { 2442 ncookies = 0; 2443 cookies = NULL; 2444 } 2445 offset = startoffset = uio->uio_offset; 2446 startresid = uio->uio_resid; 2447 error = 0; 2448 while (error == 0 && uio->uio_resid > 0 && 2449 uio->uio_offset < ip->i_size) { 2450 error = UFS_BLKATOFF(vp, uio->uio_offset, NULL, &bp); 2451 if (error) 2452 break; 2453 if (bp->b_offset + bp->b_bcount > ip->i_size) 2454 readcnt = ip->i_size - bp->b_offset; 2455 else 2456 readcnt = bp->b_bcount; 2457 skipcnt = (size_t)(uio->uio_offset - bp->b_offset) & 2458 ~(size_t)(DIRBLKSIZ - 1); 2459 offset = bp->b_offset + skipcnt; 2460 dp = (struct direct *)&bp->b_data[skipcnt]; 2461 edp = (struct direct *)&bp->b_data[readcnt]; 2462 while (error == 0 && uio->uio_resid > 0 && dp < edp) { 2463 if (dp->d_reclen <= offsetof(struct direct, d_name) || 2464 (caddr_t)dp + dp->d_reclen > (caddr_t)edp) { 2465 error = EIO; 2466 break; 2467 } 2468 #if BYTE_ORDER == LITTLE_ENDIAN 2469 /* Old filesystem format. */ 2470 if (OFSFMT(vp)) { 2471 dstdp.d_namlen = dp->d_type; 2472 dstdp.d_type = dp->d_namlen; 2473 } else 2474 #endif 2475 { 2476 dstdp.d_namlen = dp->d_namlen; 2477 dstdp.d_type = dp->d_type; 2478 } 2479 if (offsetof(struct direct, d_name) + dstdp.d_namlen > 2480 dp->d_reclen) { 2481 error = EIO; 2482 break; 2483 } 2484 if (offset < startoffset || dp->d_ino == 0) 2485 goto nextentry; 2486 dstdp.d_fileno = dp->d_ino; 2487 dstdp.d_reclen = GENERIC_DIRSIZ(&dstdp); 2488 bcopy(dp->d_name, dstdp.d_name, dstdp.d_namlen); 2489 /* NOTE: d_off is the offset of the *next* entry. */ 2490 dstdp.d_off = offset + dp->d_reclen; 2491 dirent_terminate(&dstdp); 2492 if (dstdp.d_reclen > uio->uio_resid) { 2493 if (uio->uio_resid == startresid) 2494 error = EINVAL; 2495 else 2496 error = EJUSTRETURN; 2497 break; 2498 } 2499 /* Advance dp. */ 2500 error = uiomove((caddr_t)&dstdp, dstdp.d_reclen, uio); 2501 if (error) 2502 break; 2503 if (cookies != NULL) { 2504 KASSERT(ncookies > 0, 2505 ("ufs_readdir: cookies buffer too small")); 2506 *cookies = offset + dp->d_reclen; 2507 cookies++; 2508 ncookies--; 2509 } 2510 nextentry: 2511 offset += dp->d_reclen; 2512 dp = (struct direct *)((caddr_t)dp + dp->d_reclen); 2513 } 2514 bqrelse(bp); 2515 uio->uio_offset = offset; 2516 } 2517 /* We need to correct uio_offset. */ 2518 uio->uio_offset = offset; 2519 if (error == EJUSTRETURN) 2520 error = 0; 2521 if (ap->a_ncookies != NULL) { 2522 if (error == 0) { 2523 *ap->a_ncookies -= ncookies; 2524 } else { 2525 free(*ap->a_cookies, M_TEMP); 2526 *ap->a_ncookies = 0; 2527 *ap->a_cookies = NULL; 2528 } 2529 } 2530 if (error == 0 && ap->a_eofflag) 2531 *ap->a_eofflag = ip->i_size <= uio->uio_offset; 2532 return (error); 2533 } 2534 2535 /* 2536 * Return target name of a symbolic link 2537 */ 2538 static int 2539 ufs_readlink( 2540 struct vop_readlink_args /* { 2541 struct vnode *a_vp; 2542 struct uio *a_uio; 2543 struct ucred *a_cred; 2544 } */ *ap) 2545 { 2546 struct vnode *vp = ap->a_vp; 2547 struct inode *ip = VTOI(vp); 2548 doff_t isize; 2549 2550 isize = ip->i_size; 2551 if (isize < VFSTOUFS(vp->v_mount)->um_maxsymlinklen) 2552 return (uiomove(DIP(ip, i_shortlink), isize, ap->a_uio)); 2553 return (VOP_READ(vp, ap->a_uio, 0, ap->a_cred)); 2554 } 2555 2556 /* 2557 * Calculate the logical to physical mapping if not done already, 2558 * then call the device strategy routine. 2559 * 2560 * In order to be able to swap to a file, the ufs_bmaparray() operation may not 2561 * deadlock on memory. See ufs_bmap() for details. 2562 */ 2563 static int 2564 ufs_strategy( 2565 struct vop_strategy_args /* { 2566 struct vnode *a_vp; 2567 struct buf *a_bp; 2568 } */ *ap) 2569 { 2570 struct buf *bp = ap->a_bp; 2571 struct vnode *vp = ap->a_vp; 2572 ufs2_daddr_t blkno; 2573 int error; 2574 2575 if (bp->b_blkno == bp->b_lblkno) { 2576 error = ufs_bmaparray(vp, bp->b_lblkno, &blkno, bp, NULL, NULL); 2577 bp->b_blkno = blkno; 2578 if (error) { 2579 bp->b_error = error; 2580 bp->b_ioflags |= BIO_ERROR; 2581 bufdone(bp); 2582 return (0); 2583 } 2584 if ((long)bp->b_blkno == -1) 2585 vfs_bio_clrbuf(bp); 2586 } 2587 if ((long)bp->b_blkno == -1) { 2588 bufdone(bp); 2589 return (0); 2590 } 2591 bp->b_iooffset = dbtob(bp->b_blkno); 2592 BO_STRATEGY(VFSTOUFS(vp->v_mount)->um_bo, bp); 2593 return (0); 2594 } 2595 2596 /* 2597 * Print out the contents of an inode. 2598 */ 2599 static int 2600 ufs_print( 2601 struct vop_print_args /* { 2602 struct vnode *a_vp; 2603 } */ *ap) 2604 { 2605 struct vnode *vp = ap->a_vp; 2606 struct inode *ip = VTOI(vp); 2607 2608 printf("\tnlink=%d, effnlink=%d, size=%jd", ip->i_nlink, 2609 ip->i_effnlink, (intmax_t)ip->i_size); 2610 if (I_IS_UFS2(ip)) 2611 printf(", extsize %d", ip->i_din2->di_extsize); 2612 printf("\n\tgeneration=%jx, uid=%d, gid=%d, flags=0x%b\n", 2613 (uintmax_t)ip->i_gen, ip->i_uid, ip->i_gid, 2614 (uint32_t)ip->i_flags, PRINT_INODE_FLAGS); 2615 printf("\tino %ju, on dev %s", (intmax_t)ip->i_number, 2616 devtoname(ITODEV(ip))); 2617 if (vp->v_type == VFIFO) 2618 fifo_printinfo(vp); 2619 printf("\n"); 2620 return (0); 2621 } 2622 2623 /* 2624 * Close wrapper for fifos. 2625 * 2626 * Update the times on the inode then do device close. 2627 */ 2628 static int 2629 ufsfifo_close( 2630 struct vop_close_args /* { 2631 struct vnode *a_vp; 2632 int a_fflag; 2633 struct ucred *a_cred; 2634 struct thread *a_td; 2635 } */ *ap) 2636 { 2637 2638 ufs_close(ap); 2639 return (fifo_specops.vop_close(ap)); 2640 } 2641 2642 /* 2643 * Return POSIX pathconf information applicable to ufs filesystems. 2644 */ 2645 static int 2646 ufs_pathconf( 2647 struct vop_pathconf_args /* { 2648 struct vnode *a_vp; 2649 int a_name; 2650 int *a_retval; 2651 } */ *ap) 2652 { 2653 int error; 2654 2655 error = 0; 2656 switch (ap->a_name) { 2657 case _PC_LINK_MAX: 2658 *ap->a_retval = UFS_LINK_MAX; 2659 break; 2660 case _PC_NAME_MAX: 2661 *ap->a_retval = UFS_MAXNAMLEN; 2662 break; 2663 case _PC_PIPE_BUF: 2664 if (ap->a_vp->v_type == VDIR || ap->a_vp->v_type == VFIFO) 2665 *ap->a_retval = PIPE_BUF; 2666 else 2667 error = EINVAL; 2668 break; 2669 case _PC_CHOWN_RESTRICTED: 2670 *ap->a_retval = 1; 2671 break; 2672 case _PC_NO_TRUNC: 2673 *ap->a_retval = 1; 2674 break; 2675 #ifdef UFS_ACL 2676 case _PC_ACL_EXTENDED: 2677 if (ap->a_vp->v_mount->mnt_flag & MNT_ACLS) 2678 *ap->a_retval = 1; 2679 else 2680 *ap->a_retval = 0; 2681 break; 2682 case _PC_ACL_NFS4: 2683 if (ap->a_vp->v_mount->mnt_flag & MNT_NFS4ACLS) 2684 *ap->a_retval = 1; 2685 else 2686 *ap->a_retval = 0; 2687 break; 2688 #endif 2689 case _PC_ACL_PATH_MAX: 2690 #ifdef UFS_ACL 2691 if (ap->a_vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS)) 2692 *ap->a_retval = ACL_MAX_ENTRIES; 2693 else 2694 *ap->a_retval = 3; 2695 #else 2696 *ap->a_retval = 3; 2697 #endif 2698 break; 2699 #ifdef MAC 2700 case _PC_MAC_PRESENT: 2701 if (ap->a_vp->v_mount->mnt_flag & MNT_MULTILABEL) 2702 *ap->a_retval = 1; 2703 else 2704 *ap->a_retval = 0; 2705 break; 2706 #endif 2707 case _PC_MIN_HOLE_SIZE: 2708 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2709 break; 2710 case _PC_PRIO_IO: 2711 *ap->a_retval = 0; 2712 break; 2713 case _PC_SYNC_IO: 2714 *ap->a_retval = 0; 2715 break; 2716 case _PC_ALLOC_SIZE_MIN: 2717 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_bsize; 2718 break; 2719 case _PC_FILESIZEBITS: 2720 *ap->a_retval = 64; 2721 break; 2722 case _PC_REC_INCR_XFER_SIZE: 2723 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2724 break; 2725 case _PC_REC_MAX_XFER_SIZE: 2726 *ap->a_retval = -1; /* means ``unlimited'' */ 2727 break; 2728 case _PC_REC_MIN_XFER_SIZE: 2729 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2730 break; 2731 case _PC_REC_XFER_ALIGN: 2732 *ap->a_retval = PAGE_SIZE; 2733 break; 2734 case _PC_SYMLINK_MAX: 2735 *ap->a_retval = MAXPATHLEN; 2736 break; 2737 2738 default: 2739 error = vop_stdpathconf(ap); 2740 break; 2741 } 2742 return (error); 2743 } 2744 2745 /* 2746 * Initialize the vnode associated with a new inode, handle aliased 2747 * vnodes. 2748 */ 2749 int 2750 ufs_vinit(struct mount *mntp, struct vop_vector *fifoops, struct vnode **vpp) 2751 { 2752 struct inode *ip; 2753 struct vnode *vp; 2754 2755 vp = *vpp; 2756 ASSERT_VOP_LOCKED(vp, "ufs_vinit"); 2757 ip = VTOI(vp); 2758 vp->v_type = IFTOVT(ip->i_mode); 2759 /* 2760 * Only unallocated inodes should be of type VNON. 2761 */ 2762 if (ip->i_mode != 0 && vp->v_type == VNON) 2763 return (EINVAL); 2764 if (vp->v_type == VFIFO) 2765 vp->v_op = fifoops; 2766 if (ip->i_number == UFS_ROOTINO) 2767 vp->v_vflag |= VV_ROOT; 2768 *vpp = vp; 2769 return (0); 2770 } 2771 2772 /* 2773 * Allocate a new inode. 2774 * Vnode dvp must be locked. 2775 */ 2776 static int 2777 ufs_makeinode(int mode, struct vnode *dvp, struct vnode **vpp, 2778 struct componentname *cnp, const char *callfunc) 2779 { 2780 struct inode *ip, *pdir; 2781 struct direct newdir; 2782 struct vnode *tvp; 2783 int error; 2784 2785 pdir = VTOI(dvp); 2786 *vpp = NULL; 2787 if ((mode & IFMT) == 0) 2788 mode |= IFREG; 2789 2790 if (pdir->i_effnlink < 2) { 2791 print_bad_link_count(callfunc, dvp); 2792 return (EINVAL); 2793 } 2794 if (DOINGSUJ(dvp)) { 2795 error = softdep_prelink(dvp, NULL, cnp); 2796 if (error != 0) { 2797 MPASS(error == ERELOOKUP); 2798 return (error); 2799 } 2800 } 2801 error = UFS_VALLOC(dvp, mode, cnp->cn_cred, &tvp); 2802 if (error) 2803 return (error); 2804 ip = VTOI(tvp); 2805 ip->i_gid = pdir->i_gid; 2806 DIP_SET(ip, i_gid, pdir->i_gid); 2807 #ifdef SUIDDIR 2808 { 2809 #ifdef QUOTA 2810 struct ucred ucred, *ucp; 2811 gid_t ucred_group; 2812 ucp = cnp->cn_cred; 2813 #endif 2814 /* 2815 * If we are not the owner of the directory, 2816 * and we are hacking owners here, (only do this where told to) 2817 * and we are not giving it TO root, (would subvert quotas) 2818 * then go ahead and give it to the other user. 2819 * Note that this drops off the execute bits for security. 2820 */ 2821 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) && 2822 (pdir->i_mode & ISUID) && 2823 (pdir->i_uid != cnp->cn_cred->cr_uid) && pdir->i_uid) { 2824 ip->i_uid = pdir->i_uid; 2825 DIP_SET(ip, i_uid, ip->i_uid); 2826 mode &= ~07111; 2827 #ifdef QUOTA 2828 /* 2829 * Make sure the correct user gets charged 2830 * for the space. 2831 * Quickly knock up a dummy credential for the victim. 2832 * XXX This seems to never be accessed out of our 2833 * context so a stack variable is ok. 2834 */ 2835 ucred.cr_ref = 1; 2836 ucred.cr_uid = ip->i_uid; 2837 ucred.cr_ngroups = 1; 2838 ucred.cr_groups = &ucred_group; 2839 ucred.cr_groups[0] = pdir->i_gid; 2840 ucp = &ucred; 2841 #endif 2842 } else { 2843 ip->i_uid = cnp->cn_cred->cr_uid; 2844 DIP_SET(ip, i_uid, ip->i_uid); 2845 } 2846 2847 #ifdef QUOTA 2848 if ((error = getinoquota(ip)) || 2849 (error = chkiq(ip, 1, ucp, 0))) { 2850 if (DOINGSOFTDEP(tvp)) 2851 softdep_revert_link(pdir, ip); 2852 UFS_VFREE(tvp, ip->i_number, mode); 2853 vgone(tvp); 2854 vput(tvp); 2855 return (error); 2856 } 2857 #endif 2858 } 2859 #else /* !SUIDDIR */ 2860 ip->i_uid = cnp->cn_cred->cr_uid; 2861 DIP_SET(ip, i_uid, ip->i_uid); 2862 #ifdef QUOTA 2863 if ((error = getinoquota(ip)) || 2864 (error = chkiq(ip, 1, cnp->cn_cred, 0))) { 2865 if (DOINGSOFTDEP(tvp)) 2866 softdep_revert_link(pdir, ip); 2867 UFS_VFREE(tvp, ip->i_number, mode); 2868 vgone(tvp); 2869 vput(tvp); 2870 return (error); 2871 } 2872 #endif 2873 #endif /* !SUIDDIR */ 2874 vn_seqc_write_begin(tvp); /* Mostly to cover asserts */ 2875 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE); 2876 UFS_INODE_SET_MODE(ip, mode); 2877 DIP_SET(ip, i_mode, mode); 2878 tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */ 2879 ip->i_effnlink = 1; 2880 ip->i_nlink = 1; 2881 DIP_SET_NLINK(ip, 1); 2882 if (DOINGSOFTDEP(tvp)) 2883 softdep_setup_create(VTOI(dvp), ip); 2884 if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) && 2885 priv_check_cred(cnp->cn_cred, PRIV_VFS_SETGID)) { 2886 UFS_INODE_SET_MODE(ip, ip->i_mode & ~ISGID); 2887 DIP_SET(ip, i_mode, ip->i_mode); 2888 } 2889 2890 if (cnp->cn_flags & ISWHITEOUT) { 2891 ip->i_flags |= UF_OPAQUE; 2892 DIP_SET(ip, i_flags, ip->i_flags); 2893 } 2894 2895 /* 2896 * Make sure inode goes to disk before directory entry. 2897 */ 2898 error = UFS_UPDATE(tvp, !DOINGSOFTDEP(tvp) && !DOINGASYNC(tvp)); 2899 if (error) 2900 goto bad; 2901 #ifdef MAC 2902 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) { 2903 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount, 2904 dvp, tvp, cnp); 2905 if (error) 2906 goto bad; 2907 } 2908 #endif 2909 #ifdef UFS_ACL 2910 if (dvp->v_mount->mnt_flag & MNT_ACLS) { 2911 error = ufs_do_posix1e_acl_inheritance_file(dvp, tvp, mode, 2912 cnp->cn_cred, curthread); 2913 if (error) 2914 goto bad; 2915 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) { 2916 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, mode, 2917 cnp->cn_cred, curthread); 2918 if (error) 2919 goto bad; 2920 } 2921 #endif /* !UFS_ACL */ 2922 ufs_makedirentry(ip, cnp, &newdir); 2923 error = ufs_direnter(dvp, tvp, &newdir, cnp, NULL); 2924 if (error) 2925 goto bad; 2926 vn_seqc_write_end(tvp); 2927 *vpp = tvp; 2928 return (0); 2929 2930 bad: 2931 /* 2932 * Write error occurred trying to update the inode 2933 * or the directory so must deallocate the inode. 2934 */ 2935 ip->i_effnlink = 0; 2936 ip->i_nlink = 0; 2937 DIP_SET_NLINK(ip, 0); 2938 UFS_INODE_SET_FLAG(ip, IN_CHANGE); 2939 if (DOINGSOFTDEP(tvp)) 2940 softdep_revert_create(VTOI(dvp), ip); 2941 vn_seqc_write_end(tvp); 2942 vgone(tvp); 2943 vput(tvp); 2944 return (error); 2945 } 2946 2947 static int 2948 ufs_ioctl(struct vop_ioctl_args *ap) 2949 { 2950 struct vnode *vp; 2951 int error; 2952 2953 vp = ap->a_vp; 2954 switch (ap->a_command) { 2955 case FIOSEEKDATA: 2956 error = vn_lock(vp, LK_EXCLUSIVE); 2957 if (error == 0) { 2958 error = ufs_bmap_seekdata(vp, (off_t *)ap->a_data); 2959 VOP_UNLOCK(vp); 2960 } else 2961 error = EBADF; 2962 return (error); 2963 case FIOSEEKHOLE: 2964 return (vn_bmap_seekhole(vp, ap->a_command, (off_t *)ap->a_data, 2965 ap->a_cred)); 2966 default: 2967 return (ENOTTY); 2968 } 2969 } 2970 2971 static int 2972 ufs_read_pgcache(struct vop_read_pgcache_args *ap) 2973 { 2974 struct uio *uio; 2975 struct vnode *vp; 2976 2977 uio = ap->a_uio; 2978 vp = ap->a_vp; 2979 VNPASS((vn_irflag_read(vp) & VIRF_PGREAD) != 0, vp); 2980 2981 if (uio->uio_resid > ptoa(io_hold_cnt) || uio->uio_offset < 0 || 2982 (ap->a_ioflag & IO_DIRECT) != 0) 2983 return (EJUSTRETURN); 2984 return (vn_read_from_obj(vp, uio)); 2985 } 2986 2987 /* Global vfs data structures for ufs. */ 2988 struct vop_vector ufs_vnodeops = { 2989 .vop_default = &default_vnodeops, 2990 .vop_fsync = VOP_PANIC, 2991 .vop_read = VOP_PANIC, 2992 .vop_reallocblks = VOP_PANIC, 2993 .vop_write = VOP_PANIC, 2994 .vop_accessx = ufs_accessx, 2995 .vop_bmap = ufs_bmap, 2996 .vop_fplookup_vexec = ufs_fplookup_vexec, 2997 .vop_fplookup_symlink = VOP_EAGAIN, 2998 .vop_cachedlookup = ufs_lookup, 2999 .vop_close = ufs_close, 3000 .vop_create = ufs_create, 3001 .vop_stat = ufs_stat, 3002 .vop_getattr = ufs_getattr, 3003 .vop_inactive = ufs_inactive, 3004 .vop_ioctl = ufs_ioctl, 3005 .vop_link = ufs_link, 3006 .vop_lookup = vfs_cache_lookup, 3007 .vop_mmapped = ufs_mmapped, 3008 .vop_mkdir = ufs_mkdir, 3009 .vop_mknod = ufs_mknod, 3010 .vop_need_inactive = ufs_need_inactive, 3011 .vop_open = ufs_open, 3012 .vop_pathconf = ufs_pathconf, 3013 .vop_poll = vop_stdpoll, 3014 .vop_print = ufs_print, 3015 .vop_read_pgcache = ufs_read_pgcache, 3016 .vop_readdir = ufs_readdir, 3017 .vop_readlink = ufs_readlink, 3018 .vop_reclaim = ufs_reclaim, 3019 .vop_remove = ufs_remove, 3020 .vop_rename = ufs_rename, 3021 .vop_rmdir = ufs_rmdir, 3022 .vop_setattr = ufs_setattr, 3023 #ifdef MAC 3024 .vop_setlabel = vop_stdsetlabel_ea, 3025 #endif 3026 .vop_strategy = ufs_strategy, 3027 .vop_symlink = ufs_symlink, 3028 .vop_whiteout = ufs_whiteout, 3029 #ifdef UFS_EXTATTR 3030 .vop_getextattr = ufs_getextattr, 3031 .vop_deleteextattr = ufs_deleteextattr, 3032 .vop_setextattr = ufs_setextattr, 3033 #endif 3034 #ifdef UFS_ACL 3035 .vop_getacl = ufs_getacl, 3036 .vop_setacl = ufs_setacl, 3037 .vop_aclcheck = ufs_aclcheck, 3038 #endif 3039 }; 3040 VFS_VOP_VECTOR_REGISTER(ufs_vnodeops); 3041 3042 struct vop_vector ufs_fifoops = { 3043 .vop_default = &fifo_specops, 3044 .vop_fsync = VOP_PANIC, 3045 .vop_accessx = ufs_accessx, 3046 .vop_close = ufsfifo_close, 3047 .vop_getattr = ufs_getattr, 3048 .vop_inactive = ufs_inactive, 3049 .vop_pathconf = ufs_pathconf, 3050 .vop_print = ufs_print, 3051 .vop_read = VOP_PANIC, 3052 .vop_reclaim = ufs_reclaim, 3053 .vop_setattr = ufs_setattr, 3054 #ifdef MAC 3055 .vop_setlabel = vop_stdsetlabel_ea, 3056 #endif 3057 .vop_write = VOP_PANIC, 3058 #ifdef UFS_EXTATTR 3059 .vop_getextattr = ufs_getextattr, 3060 .vop_deleteextattr = ufs_deleteextattr, 3061 .vop_setextattr = ufs_setextattr, 3062 #endif 3063 #ifdef UFS_ACL 3064 .vop_getacl = ufs_getacl, 3065 .vop_setacl = ufs_setacl, 3066 .vop_aclcheck = ufs_aclcheck, 3067 #endif 3068 .vop_fplookup_vexec = VOP_EAGAIN, 3069 .vop_fplookup_symlink = VOP_EAGAIN, 3070 }; 3071 VFS_VOP_VECTOR_REGISTER(ufs_fifoops); 3072