1 /*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 1982, 1986, 1989, 1993, 1995
5 * The Regents of the University of California. All rights reserved.
6 * (c) UNIX System Laboratories, Inc.
7 * All or some portions of this file are derived from material licensed
8 * to the University of California by American Telephone and Telegraph
9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
10 * the permission of UNIX System Laboratories, Inc.
11 *
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
14 * are met:
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. Neither the name of the University nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
23 *
24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * SUCH DAMAGE.
35 */
36
37 #include <sys/cdefs.h>
38 #include "opt_quota.h"
39 #include "opt_suiddir.h"
40 #include "opt_ufs.h"
41 #include "opt_ffs.h"
42
43 #include <sys/param.h>
44 #include <sys/systm.h>
45 #include <sys/malloc.h>
46 #include <sys/namei.h>
47 #include <sys/kernel.h>
48 #include <sys/fcntl.h>
49 #include <sys/filio.h>
50 #include <sys/stat.h>
51 #include <sys/bio.h>
52 #include <sys/buf.h>
53 #include <sys/mount.h>
54 #include <sys/priv.h>
55 #include <sys/refcount.h>
56 #include <sys/unistd.h>
57 #include <sys/vnode.h>
58 #include <sys/dirent.h>
59 #include <sys/lockf.h>
60 #include <sys/conf.h>
61 #include <sys/acl.h>
62 #include <sys/smr.h>
63
64 #include <security/audit/audit.h>
65 #include <security/mac/mac_framework.h>
66
67 #include <sys/file.h> /* XXX */
68
69 #include <vm/vm.h>
70 #include <vm/vm_extern.h>
71
72 #include <ufs/ufs/acl.h>
73 #include <ufs/ufs/extattr.h>
74 #include <ufs/ufs/quota.h>
75 #include <ufs/ufs/inode.h>
76 #include <ufs/ufs/dir.h>
77 #include <ufs/ufs/ufsmount.h>
78 #include <ufs/ufs/ufs_extern.h>
79 #ifdef UFS_DIRHASH
80 #include <ufs/ufs/dirhash.h>
81 #endif
82 #ifdef UFS_GJOURNAL
83 #include <ufs/ufs/gjournal.h>
84 FEATURE(ufs_gjournal, "Journaling support through GEOM for UFS");
85 #endif
86
87 #ifdef QUOTA
88 FEATURE(ufs_quota, "UFS disk quotas support");
89 FEATURE(ufs_quota64, "64bit UFS disk quotas support");
90 #endif
91
92 #ifdef SUIDDIR
93 FEATURE(suiddir,
94 "Give all new files in directory the same ownership as the directory");
95 #endif
96
97 VFS_SMR_DECLARE;
98
99 #include <ufs/ffs/ffs_extern.h>
100
101 static vop_accessx_t ufs_accessx;
102 vop_fplookup_vexec_t ufs_fplookup_vexec;
103 static int ufs_chmod(struct vnode *, int, struct ucred *, struct thread *);
104 static int ufs_chown(struct vnode *, uid_t, gid_t, struct ucred *,
105 struct thread *);
106 static vop_close_t ufs_close;
107 static vop_create_t ufs_create;
108 static vop_stat_t ufs_stat;
109 static vop_getattr_t ufs_getattr;
110 static vop_ioctl_t ufs_ioctl;
111 static vop_link_t ufs_link;
112 static int ufs_makeinode(int mode, struct vnode *, struct vnode **,
113 struct componentname *, const char *);
114 static vop_mmapped_t ufs_mmapped;
115 static vop_mkdir_t ufs_mkdir;
116 static vop_mknod_t ufs_mknod;
117 static vop_open_t ufs_open;
118 static vop_pathconf_t ufs_pathconf;
119 static vop_print_t ufs_print;
120 static vop_readlink_t ufs_readlink;
121 static vop_remove_t ufs_remove;
122 static vop_rename_t ufs_rename;
123 static vop_rmdir_t ufs_rmdir;
124 static vop_setattr_t ufs_setattr;
125 static vop_strategy_t ufs_strategy;
126 static vop_symlink_t ufs_symlink;
127 static vop_whiteout_t ufs_whiteout;
128 static vop_close_t ufsfifo_close;
129
130 SYSCTL_NODE(_vfs, OID_AUTO, ufs, CTLFLAG_RD | CTLFLAG_MPSAFE, 0,
131 "UFS filesystem");
132
133 /*
134 * A virgin directory (no blushing please).
135 */
136 static struct dirtemplate mastertemplate = {
137 0, 12, DT_DIR, 1, ".",
138 0, DIRBLKSIZ - 12, DT_DIR, 2, ".."
139 };
140 static struct odirtemplate omastertemplate = {
141 0, 12, 1, ".",
142 0, DIRBLKSIZ - 12, 2, ".."
143 };
144
145 static void
ufs_itimes_locked(struct vnode * vp)146 ufs_itimes_locked(struct vnode *vp)
147 {
148 struct inode *ip;
149 struct timespec ts;
150
151 ASSERT_VI_LOCKED(vp, __func__);
152
153 ip = VTOI(vp);
154 if (UFS_RDONLY(ip))
155 goto out;
156 if ((ip->i_flag & (IN_ACCESS | IN_CHANGE | IN_UPDATE)) == 0)
157 return;
158
159 if (VN_ISDEV(vp) && !DOINGSOFTDEP(vp))
160 UFS_INODE_SET_FLAG(ip, IN_LAZYMOD);
161 else if (((vp->v_mount->mnt_kern_flag &
162 (MNTK_SUSPENDED | MNTK_SUSPEND)) == 0) ||
163 (ip->i_flag & (IN_CHANGE | IN_UPDATE)) != 0)
164 UFS_INODE_SET_FLAG(ip, IN_MODIFIED);
165 else if ((ip->i_flag & IN_ACCESS) != 0)
166 UFS_INODE_SET_FLAG(ip, IN_LAZYACCESS);
167 vfs_timestamp(&ts);
168 if ((ip->i_flag & IN_ACCESS) != 0) {
169 DIP_SET(ip, i_atime, ts.tv_sec);
170 DIP_SET(ip, i_atimensec, ts.tv_nsec);
171 }
172 if ((ip->i_flag & IN_UPDATE) != 0) {
173 DIP_SET(ip, i_mtime, ts.tv_sec);
174 DIP_SET(ip, i_mtimensec, ts.tv_nsec);
175 }
176 if ((ip->i_flag & IN_CHANGE) != 0) {
177 DIP_SET(ip, i_ctime, ts.tv_sec);
178 DIP_SET(ip, i_ctimensec, ts.tv_nsec);
179 DIP_SET(ip, i_modrev, DIP(ip, i_modrev) + 1);
180 }
181
182 out:
183 ip->i_flag &= ~(IN_ACCESS | IN_CHANGE | IN_UPDATE);
184 }
185
186 void
ufs_itimes(struct vnode * vp)187 ufs_itimes(struct vnode *vp)
188 {
189 struct inode *ip;
190
191 ip = VTOI(vp);
192 if ((ip->i_flag & (IN_ACCESS | IN_CHANGE | IN_UPDATE)) == 0)
193 return;
194
195 VI_LOCK(vp);
196 ufs_itimes_locked(vp);
197 VI_UNLOCK(vp);
198 }
199
200 static int
ufs_sync_nlink1(struct mount * mp)201 ufs_sync_nlink1(struct mount *mp)
202 {
203 int error;
204
205 error = vfs_busy(mp, 0);
206 if (error == 0) {
207 VFS_SYNC(mp, MNT_WAIT);
208 vfs_unbusy(mp);
209 error = ERELOOKUP;
210 }
211 vfs_rel(mp);
212 return (error);
213 }
214
215 static int
ufs_sync_nlink(struct vnode * vp,struct vnode * vp1)216 ufs_sync_nlink(struct vnode *vp, struct vnode *vp1)
217 {
218 struct inode *ip;
219 struct mount *mp;
220 int error;
221
222 ip = VTOI(vp);
223 if (ip->i_nlink < UFS_LINK_MAX)
224 return (0);
225 if (!DOINGSOFTDEP(vp) || ip->i_effnlink >= UFS_LINK_MAX)
226 return (EMLINK);
227
228 mp = vp->v_mount;
229 vfs_ref(mp);
230 VOP_UNLOCK(vp);
231 if (vp1 != NULL)
232 VOP_UNLOCK(vp1);
233 error = ufs_sync_nlink1(mp);
234 vn_lock_pair(vp, false, LK_EXCLUSIVE, vp1, false, LK_EXCLUSIVE);
235 return (error);
236 }
237
238 /*
239 * Create a regular file
240 */
241 static int
ufs_create(struct vop_create_args * ap)242 ufs_create(
243 struct vop_create_args /* {
244 struct vnode *a_dvp;
245 struct vnode **a_vpp;
246 struct componentname *a_cnp;
247 struct vattr *a_vap;
248 } */ *ap)
249 {
250 int error;
251
252 error =
253 ufs_makeinode(MAKEIMODE(ap->a_vap->va_type, ap->a_vap->va_mode),
254 ap->a_dvp, ap->a_vpp, ap->a_cnp, "ufs_create");
255 if (error != 0)
256 return (error);
257 if ((ap->a_cnp->cn_flags & MAKEENTRY) != 0)
258 cache_enter(ap->a_dvp, *ap->a_vpp, ap->a_cnp);
259 return (0);
260 }
261
262 /*
263 * Mknod vnode call
264 */
265 /* ARGSUSED */
266 static int
ufs_mknod(struct vop_mknod_args * ap)267 ufs_mknod(
268 struct vop_mknod_args /* {
269 struct vnode *a_dvp;
270 struct vnode **a_vpp;
271 struct componentname *a_cnp;
272 struct vattr *a_vap;
273 } */ *ap)
274 {
275 struct vattr *vap = ap->a_vap;
276 struct vnode **vpp = ap->a_vpp;
277 struct inode *ip;
278 ino_t ino;
279 int error;
280
281 error = ufs_makeinode(MAKEIMODE(vap->va_type, vap->va_mode),
282 ap->a_dvp, vpp, ap->a_cnp, "ufs_mknod");
283 if (error)
284 return (error);
285 ip = VTOI(*vpp);
286 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE);
287 if (vap->va_rdev != VNOVAL) {
288 /*
289 * Want to be able to use this to make badblock
290 * inodes, so don't truncate the dev number.
291 */
292 DIP_SET(ip, i_rdev, vap->va_rdev);
293 }
294 /*
295 * Remove inode, then reload it through VFS_VGET(). This is
296 * needed to do further inode initialization, for instance
297 * fifo, which was too early for VFS_VGET() done as part of
298 * UFS_VALLOC().
299 */
300 (*vpp)->v_type = VNON;
301 ino = ip->i_number; /* Save this before vgone() invalidates ip. */
302 vgone(*vpp);
303 vput(*vpp);
304 error = VFS_VGET(ap->a_dvp->v_mount, ino, LK_EXCLUSIVE, vpp);
305 if (error) {
306 *vpp = NULL;
307 return (error);
308 }
309 return (0);
310 }
311
312 /*
313 * Open called.
314 */
315 /* ARGSUSED */
316 static int
ufs_open(struct vop_open_args * ap)317 ufs_open(struct vop_open_args *ap)
318 {
319 struct vnode *vp = ap->a_vp;
320 struct inode *ip;
321
322 if (VN_ISDEV(vp))
323 return (EOPNOTSUPP);
324
325 ip = VTOI(vp);
326 vnode_create_vobject(vp, DIP(ip, i_size), ap->a_td);
327 if (vp->v_type == VREG && (vn_irflag_read(vp) & VIRF_PGREAD) == 0 &&
328 ip->i_ump->um_bsize >= PAGE_SIZE) {
329 vn_irflag_set_cond(vp, VIRF_PGREAD);
330 }
331
332 /*
333 * Files marked append-only must be opened for appending.
334 */
335 if ((ip->i_flags & APPEND) &&
336 (ap->a_mode & (FWRITE | O_APPEND)) == FWRITE)
337 return (EPERM);
338
339 return (0);
340 }
341
342 /*
343 * Close called.
344 *
345 * Update the times on the inode.
346 */
347 /* ARGSUSED */
348 static int
ufs_close(struct vop_close_args * ap)349 ufs_close(
350 struct vop_close_args /* {
351 struct vnode *a_vp;
352 int a_fflag;
353 struct ucred *a_cred;
354 struct thread *a_td;
355 } */ *ap)
356 {
357 struct vnode *vp = ap->a_vp;
358
359 ufs_itimes(vp);
360 return (0);
361 }
362
363 static int
ufs_accessx(struct vop_accessx_args * ap)364 ufs_accessx(
365 struct vop_accessx_args /* {
366 struct vnode *a_vp;
367 accmode_t a_accmode;
368 struct ucred *a_cred;
369 struct thread *a_td;
370 } */ *ap)
371 {
372 struct vnode *vp = ap->a_vp;
373 struct inode *ip = VTOI(vp);
374 accmode_t accmode = ap->a_accmode;
375 int error;
376 #ifdef UFS_ACL
377 struct acl *acl;
378 acl_type_t type;
379 #endif
380
381 /*
382 * Disallow write attempts on read-only filesystems;
383 * unless the file is a socket, fifo, or a block or
384 * character device resident on the filesystem.
385 */
386 if (accmode & VMODIFY_PERMS) {
387 switch (vp->v_type) {
388 case VDIR:
389 case VLNK:
390 case VREG:
391 if (vp->v_mount->mnt_flag & MNT_RDONLY)
392 return (EROFS);
393 #ifdef QUOTA
394 /*
395 * Inode is accounted in the quotas only if struct
396 * dquot is attached to it. VOP_ACCESS() is called
397 * from vn_open_cred() and provides a convenient
398 * point to call getinoquota(). The lock mode is
399 * exclusive when the file is opening for write.
400 */
401 if (VOP_ISLOCKED(vp) == LK_EXCLUSIVE) {
402 error = getinoquota(ip);
403 if (error != 0)
404 return (error);
405 }
406 #endif
407 break;
408 default:
409 break;
410 }
411 }
412
413 /*
414 * If immutable bit set, nobody gets to write it. "& ~VADMIN_PERMS"
415 * permits the owner of the file to remove the IMMUTABLE flag.
416 */
417 if ((accmode & (VMODIFY_PERMS & ~VADMIN_PERMS)) &&
418 (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT)))
419 return (EPERM);
420
421 #ifdef UFS_ACL
422 if ((vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS)) != 0) {
423 if (vp->v_mount->mnt_flag & MNT_NFS4ACLS)
424 type = ACL_TYPE_NFS4;
425 else
426 type = ACL_TYPE_ACCESS;
427
428 acl = acl_alloc(M_WAITOK);
429 if (type == ACL_TYPE_NFS4)
430 error = ufs_getacl_nfs4_internal(vp, acl, ap->a_td);
431 else
432 error = VOP_GETACL(vp, type, acl, ap->a_cred, ap->a_td);
433 switch (error) {
434 case 0:
435 if (type == ACL_TYPE_NFS4) {
436 error = vaccess_acl_nfs4(vp->v_type, ip->i_uid,
437 ip->i_gid, acl, accmode, ap->a_cred);
438 } else {
439 error = vfs_unixify_accmode(&accmode);
440 if (error == 0)
441 error = vaccess_acl_posix1e(vp->v_type, ip->i_uid,
442 ip->i_gid, acl, accmode, ap->a_cred);
443 }
444 break;
445 default:
446 if (error != EOPNOTSUPP)
447 printf(
448 "ufs_accessx(): Error retrieving ACL on object (%d).\n",
449 error);
450 /*
451 * XXX: Fall back until debugged. Should
452 * eventually possibly log an error, and return
453 * EPERM for safety.
454 */
455 error = vfs_unixify_accmode(&accmode);
456 if (error == 0)
457 error = vaccess(vp->v_type, ip->i_mode,
458 ip->i_uid, ip->i_gid, accmode, ap->a_cred);
459 }
460 acl_free(acl);
461
462 return (error);
463 }
464 #endif /* !UFS_ACL */
465 error = vfs_unixify_accmode(&accmode);
466 if (error == 0)
467 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, ip->i_gid,
468 accmode, ap->a_cred);
469 return (error);
470 }
471
472 /*
473 * VOP_FPLOOKUP_VEXEC routines are subject to special circumstances, see
474 * the comment above cache_fplookup for details.
475 */
476 int
ufs_fplookup_vexec(struct vop_fplookup_vexec_args * ap)477 ufs_fplookup_vexec(
478 struct vop_fplookup_vexec_args /* {
479 struct vnode *a_vp;
480 struct ucred *a_cred;
481 struct thread *a_td;
482 } */ *ap)
483 {
484 struct vnode *vp;
485 struct inode *ip;
486 struct ucred *cred;
487 mode_t all_x, mode;
488
489 vp = ap->a_vp;
490 ip = VTOI_SMR(vp);
491 if (__predict_false(ip == NULL))
492 return (EAGAIN);
493
494 /*
495 * XXX ACL race
496 *
497 * ACLs are not supported and UFS clears/sets this flag on mount and
498 * remount. However, we may still be racing with seeing them and there
499 * is no provision to make sure they were accounted for. This matches
500 * the behavior of the locked case, since the lookup there is also
501 * racy: mount takes no measures to block anyone from progressing.
502 */
503 all_x = S_IXUSR | S_IXGRP | S_IXOTH;
504 mode = atomic_load_short(&ip->i_mode);
505 if (__predict_true((mode & all_x) == all_x))
506 return (0);
507
508 cred = ap->a_cred;
509 return (vaccess_vexec_smr(mode, ip->i_uid, ip->i_gid, cred));
510 }
511
512 /* ARGSUSED */
513 static int
ufs_stat(struct vop_stat_args * ap)514 ufs_stat(struct vop_stat_args *ap)
515 {
516 struct vnode *vp = ap->a_vp;
517 struct inode *ip = VTOI(vp);
518 struct stat *sb = ap->a_sb;
519 int error;
520
521 error = vop_stat_helper_pre(ap);
522 if (__predict_false(error))
523 return (error);
524
525 VI_LOCK(vp);
526 ufs_itimes_locked(vp);
527 if (I_IS_UFS1(ip)) {
528 sb->st_atim.tv_sec = ip->i_din1->di_atime;
529 sb->st_atim.tv_nsec = ip->i_din1->di_atimensec;
530 } else {
531 sb->st_atim.tv_sec = ip->i_din2->di_atime;
532 sb->st_atim.tv_nsec = ip->i_din2->di_atimensec;
533 }
534 VI_UNLOCK(vp);
535
536 sb->st_dev = dev2udev(ITOUMP(ip)->um_dev);
537 sb->st_ino = ip->i_number;
538 sb->st_mode = (ip->i_mode & ~IFMT) | VTTOIF(vp->v_type);
539 sb->st_nlink = ip->i_effnlink;
540 sb->st_uid = ip->i_uid;
541 sb->st_gid = ip->i_gid;
542 if (I_IS_UFS1(ip)) {
543 sb->st_rdev = VN_ISDEV(vp) ? ip->i_din1->di_rdev : NODEV;
544 sb->st_size = ip->i_din1->di_size;
545 sb->st_mtim.tv_sec = ip->i_din1->di_mtime;
546 sb->st_mtim.tv_nsec = ip->i_din1->di_mtimensec;
547 sb->st_ctim.tv_sec = ip->i_din1->di_ctime;
548 sb->st_ctim.tv_nsec = ip->i_din1->di_ctimensec;
549 sb->st_birthtim.tv_sec = -1;
550 sb->st_birthtim.tv_nsec = 0;
551 sb->st_blocks = dbtob((uint64_t)ip->i_din1->di_blocks) / S_BLKSIZE;
552 sb->st_filerev = ip->i_din1->di_modrev;
553 } else {
554 sb->st_rdev = VN_ISDEV(vp) ? ip->i_din2->di_rdev : NODEV;
555 sb->st_size = ip->i_din2->di_size;
556 sb->st_mtim.tv_sec = ip->i_din2->di_mtime;
557 sb->st_mtim.tv_nsec = ip->i_din2->di_mtimensec;
558 sb->st_ctim.tv_sec = ip->i_din2->di_ctime;
559 sb->st_ctim.tv_nsec = ip->i_din2->di_ctimensec;
560 sb->st_birthtim.tv_sec = ip->i_din2->di_birthtime;
561 sb->st_birthtim.tv_nsec = ip->i_din2->di_birthnsec;
562 sb->st_blocks = dbtob((uint64_t)ip->i_din2->di_blocks) / S_BLKSIZE;
563 sb->st_filerev = ip->i_din2->di_modrev;
564 }
565
566 sb->st_blksize = max(PAGE_SIZE, vp->v_mount->mnt_stat.f_iosize);
567 sb->st_flags = ip->i_flags;
568 sb->st_gen = ip->i_gen;
569
570 return (vop_stat_helper_post(ap, error));
571 }
572
573 /* ARGSUSED */
574 static int
ufs_getattr(struct vop_getattr_args * ap)575 ufs_getattr(
576 struct vop_getattr_args /* {
577 struct vnode *a_vp;
578 struct vattr *a_vap;
579 struct ucred *a_cred;
580 } */ *ap)
581 {
582 struct vnode *vp = ap->a_vp;
583 struct inode *ip = VTOI(vp);
584 struct vattr *vap = ap->a_vap;
585
586 VI_LOCK(vp);
587 ufs_itimes_locked(vp);
588 if (I_IS_UFS1(ip)) {
589 vap->va_atime.tv_sec = ip->i_din1->di_atime;
590 vap->va_atime.tv_nsec = ip->i_din1->di_atimensec;
591 } else {
592 vap->va_atime.tv_sec = ip->i_din2->di_atime;
593 vap->va_atime.tv_nsec = ip->i_din2->di_atimensec;
594 }
595 VI_UNLOCK(vp);
596 /*
597 * Copy from inode table
598 */
599 vap->va_fsid = dev2udev(ITOUMP(ip)->um_dev);
600 vap->va_fileid = ip->i_number;
601 vap->va_mode = ip->i_mode & ~IFMT;
602 vap->va_nlink = ip->i_effnlink;
603 vap->va_uid = ip->i_uid;
604 vap->va_gid = ip->i_gid;
605 if (I_IS_UFS1(ip)) {
606 vap->va_rdev = VN_ISDEV(vp) ? ip->i_din1->di_rdev : NODEV;
607 vap->va_size = ip->i_din1->di_size;
608 vap->va_mtime.tv_sec = ip->i_din1->di_mtime;
609 vap->va_mtime.tv_nsec = ip->i_din1->di_mtimensec;
610 vap->va_ctime.tv_sec = ip->i_din1->di_ctime;
611 vap->va_ctime.tv_nsec = ip->i_din1->di_ctimensec;
612 vap->va_bytes = dbtob((uint64_t)ip->i_din1->di_blocks);
613 vap->va_filerev = ip->i_din1->di_modrev;
614 } else {
615 vap->va_rdev = VN_ISDEV(vp) ? ip->i_din2->di_rdev : NODEV;
616 vap->va_size = ip->i_din2->di_size;
617 vap->va_mtime.tv_sec = ip->i_din2->di_mtime;
618 vap->va_mtime.tv_nsec = ip->i_din2->di_mtimensec;
619 vap->va_ctime.tv_sec = ip->i_din2->di_ctime;
620 vap->va_ctime.tv_nsec = ip->i_din2->di_ctimensec;
621 vap->va_birthtime.tv_sec = ip->i_din2->di_birthtime;
622 vap->va_birthtime.tv_nsec = ip->i_din2->di_birthnsec;
623 vap->va_bytes = dbtob((uint64_t)ip->i_din2->di_blocks);
624 vap->va_filerev = ip->i_din2->di_modrev;
625 }
626 vap->va_flags = ip->i_flags;
627 vap->va_gen = ip->i_gen;
628 vap->va_blocksize = vp->v_mount->mnt_stat.f_iosize;
629 vap->va_type = IFTOVT(ip->i_mode);
630 return (0);
631 }
632
633 /*
634 * Set attribute vnode op. called from several syscalls
635 */
636 static int
ufs_setattr(struct vop_setattr_args * ap)637 ufs_setattr(
638 struct vop_setattr_args /* {
639 struct vnode *a_vp;
640 struct vattr *a_vap;
641 struct ucred *a_cred;
642 } */ *ap)
643 {
644 struct vattr *vap = ap->a_vap;
645 struct vnode *vp = ap->a_vp;
646 struct inode *ip = VTOI(vp);
647 struct ucred *cred = ap->a_cred;
648 struct thread *td = curthread;
649 int error;
650
651 /*
652 * Check for unsettable attributes.
653 */
654 if ((vap->va_type != VNON) || (vap->va_nlink != VNOVAL) ||
655 (vap->va_fsid != VNOVAL) || (vap->va_fileid != VNOVAL) ||
656 (vap->va_blocksize != VNOVAL) || (vap->va_rdev != VNOVAL) ||
657 ((int)vap->va_bytes != VNOVAL) || (vap->va_gen != VNOVAL)) {
658 return (EINVAL);
659 }
660 if (vap->va_flags != VNOVAL) {
661 if ((vap->va_flags & ~(SF_APPEND | SF_ARCHIVED | SF_IMMUTABLE |
662 SF_NOUNLINK | SF_SNAPSHOT | UF_APPEND | UF_ARCHIVE |
663 UF_HIDDEN | UF_IMMUTABLE | UF_NODUMP | UF_NOUNLINK |
664 UF_OFFLINE | UF_OPAQUE | UF_READONLY | UF_REPARSE |
665 UF_SPARSE | UF_SYSTEM)) != 0)
666 return (EOPNOTSUPP);
667 if (vp->v_mount->mnt_flag & MNT_RDONLY)
668 return (EROFS);
669 /*
670 * Callers may only modify the file flags on objects they
671 * have VADMIN rights for.
672 */
673 if ((error = VOP_ACCESS(vp, VADMIN, cred, td)))
674 return (error);
675 /*
676 * Unprivileged processes are not permitted to unset system
677 * flags, or modify flags if any system flags are set.
678 * Privileged non-jail processes may not modify system flags
679 * if securelevel > 0 and any existing system flags are set.
680 * Privileged jail processes behave like privileged non-jail
681 * processes if the PR_ALLOW_CHFLAGS permission bit is set;
682 * otherwise, they behave like unprivileged processes.
683 */
684 if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS)) {
685 if (ip->i_flags &
686 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) {
687 error = securelevel_gt(cred, 0);
688 if (error)
689 return (error);
690 }
691 /* The snapshot flag cannot be toggled. */
692 if ((vap->va_flags ^ ip->i_flags) & SF_SNAPSHOT)
693 return (EPERM);
694 } else {
695 if (ip->i_flags &
696 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND) ||
697 ((vap->va_flags ^ ip->i_flags) & SF_SETTABLE))
698 return (EPERM);
699 }
700 ip->i_flags = vap->va_flags;
701 DIP_SET(ip, i_flags, vap->va_flags);
702 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
703 error = UFS_UPDATE(vp, 0);
704 if (ip->i_flags & (IMMUTABLE | APPEND))
705 return (error);
706 }
707 /*
708 * If immutable or append, no one can change any of its attributes
709 * except the ones already handled (in some cases, file flags
710 * including the immutability flags themselves for the superuser).
711 */
712 if (ip->i_flags & (IMMUTABLE | APPEND))
713 return (EPERM);
714 /*
715 * Go through the fields and update iff not VNOVAL.
716 */
717 if (vap->va_uid != (uid_t)VNOVAL || vap->va_gid != (gid_t)VNOVAL) {
718 if (vp->v_mount->mnt_flag & MNT_RDONLY)
719 return (EROFS);
720 if ((error = ufs_chown(vp, vap->va_uid, vap->va_gid, cred,
721 td)) != 0)
722 return (error);
723 }
724 if (vap->va_size != VNOVAL) {
725 /*
726 * XXX most of the following special cases should be in
727 * callers instead of in N filesystems. The VDIR check
728 * mostly already is.
729 */
730 switch (vp->v_type) {
731 case VDIR:
732 return (EISDIR);
733 case VLNK:
734 case VREG:
735 /*
736 * Truncation should have an effect in these cases.
737 * Disallow it if the filesystem is read-only or
738 * the file is being snapshotted.
739 */
740 if (vp->v_mount->mnt_flag & MNT_RDONLY)
741 return (EROFS);
742 if (IS_SNAPSHOT(ip))
743 return (EPERM);
744 break;
745 default:
746 /*
747 * According to POSIX, the result is unspecified
748 * for file types other than regular files,
749 * directories and shared memory objects. We
750 * don't support shared memory objects in the file
751 * system, and have dubious support for truncating
752 * symlinks. Just ignore the request in other cases.
753 */
754 return (0);
755 }
756 error = vn_rlimit_trunc(vap->va_size, td);
757 if (error != 0)
758 return (error);
759 if ((error = UFS_TRUNCATE(vp, vap->va_size, IO_NORMAL |
760 ((vap->va_vaflags & VA_SYNC) != 0 ? IO_SYNC : 0),
761 cred)) != 0)
762 return (error);
763 }
764 if (vap->va_atime.tv_sec != VNOVAL ||
765 vap->va_mtime.tv_sec != VNOVAL ||
766 vap->va_birthtime.tv_sec != VNOVAL) {
767 if (vp->v_mount->mnt_flag & MNT_RDONLY)
768 return (EROFS);
769 if (IS_SNAPSHOT(ip))
770 return (EPERM);
771 error = vn_utimes_perm(vp, vap, cred, td);
772 if (error != 0)
773 return (error);
774 UFS_INODE_SET_FLAG(ip, IN_CHANGE | IN_MODIFIED);
775 if (vap->va_atime.tv_sec != VNOVAL) {
776 ip->i_flag &= ~IN_ACCESS;
777 DIP_SET(ip, i_atime, vap->va_atime.tv_sec);
778 DIP_SET(ip, i_atimensec, vap->va_atime.tv_nsec);
779 }
780 if (vap->va_mtime.tv_sec != VNOVAL) {
781 ip->i_flag &= ~IN_UPDATE;
782 DIP_SET(ip, i_mtime, vap->va_mtime.tv_sec);
783 DIP_SET(ip, i_mtimensec, vap->va_mtime.tv_nsec);
784 }
785 if (vap->va_birthtime.tv_sec != VNOVAL && I_IS_UFS2(ip)) {
786 ip->i_din2->di_birthtime = vap->va_birthtime.tv_sec;
787 ip->i_din2->di_birthnsec = vap->va_birthtime.tv_nsec;
788 }
789 error = UFS_UPDATE(vp, 0);
790 if (error)
791 return (error);
792 }
793 error = 0;
794 if (vap->va_mode != (mode_t)VNOVAL) {
795 if (vp->v_mount->mnt_flag & MNT_RDONLY)
796 return (EROFS);
797 if (IS_SNAPSHOT(ip) && (vap->va_mode & (S_IXUSR | S_IWUSR |
798 S_IXGRP | S_IWGRP | S_IXOTH | S_IWOTH)) != 0)
799 return (EPERM);
800 error = ufs_chmod(vp, (int)vap->va_mode, cred, td);
801 }
802 return (error);
803 }
804
805 #ifdef UFS_ACL
806 static int
ufs_update_nfs4_acl_after_mode_change(struct vnode * vp,int mode,int file_owner_id,struct ucred * cred,struct thread * td)807 ufs_update_nfs4_acl_after_mode_change(struct vnode *vp, int mode,
808 int file_owner_id, struct ucred *cred, struct thread *td)
809 {
810 int error;
811 struct acl *aclp;
812
813 aclp = acl_alloc(M_WAITOK);
814 error = ufs_getacl_nfs4_internal(vp, aclp, td);
815 /*
816 * We don't have to handle EOPNOTSUPP here, as the filesystem claims
817 * it supports ACLs.
818 */
819 if (error)
820 goto out;
821
822 acl_nfs4_sync_acl_from_mode(aclp, mode, file_owner_id);
823 error = ufs_setacl_nfs4_internal(vp, aclp, td);
824
825 out:
826 acl_free(aclp);
827 return (error);
828 }
829 #endif /* UFS_ACL */
830
831 static int
ufs_mmapped(struct vop_mmapped_args * ap)832 ufs_mmapped(
833 struct vop_mmapped_args /* {
834 struct vnode *a_vp;
835 } */ *ap)
836 {
837 struct vnode *vp;
838 struct inode *ip;
839 struct mount *mp;
840
841 vp = ap->a_vp;
842 ip = VTOI(vp);
843 mp = vp->v_mount;
844
845 if ((mp->mnt_flag & (MNT_NOATIME | MNT_RDONLY)) == 0)
846 UFS_INODE_SET_FLAG_SHARED(ip, IN_ACCESS);
847 /*
848 * XXXKIB No UFS_UPDATE(ap->a_vp, 0) there.
849 */
850 return (0);
851 }
852
853 /*
854 * Change the mode on a file.
855 * Inode must be locked before calling.
856 */
857 static int
ufs_chmod(struct vnode * vp,int mode,struct ucred * cred,struct thread * td)858 ufs_chmod(struct vnode *vp, int mode, struct ucred *cred, struct thread *td)
859 {
860 struct inode *ip = VTOI(vp);
861 int newmode, error;
862
863 /*
864 * To modify the permissions on a file, must possess VADMIN
865 * for that file.
866 */
867 if ((error = VOP_ACCESSX(vp, VWRITE_ACL, cred, td)))
868 return (error);
869 /*
870 * Privileged processes may set the sticky bit on non-directories,
871 * as well as set the setgid bit on a file with a group that the
872 * process is not a member of. Both of these are allowed in
873 * jail(8).
874 */
875 if (vp->v_type != VDIR && (mode & S_ISTXT)) {
876 if (priv_check_cred(cred, PRIV_VFS_STICKYFILE))
877 return (EFTYPE);
878 }
879 if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) {
880 error = priv_check_cred(cred, PRIV_VFS_SETGID);
881 if (error)
882 return (error);
883 }
884
885 /*
886 * Deny setting setuid if we are not the file owner.
887 */
888 if ((mode & ISUID) && ip->i_uid != cred->cr_uid) {
889 error = priv_check_cred(cred, PRIV_VFS_ADMIN);
890 if (error)
891 return (error);
892 }
893
894 newmode = ip->i_mode & ~ALLPERMS;
895 newmode |= (mode & ALLPERMS);
896 UFS_INODE_SET_MODE(ip, newmode);
897 DIP_SET(ip, i_mode, ip->i_mode);
898 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
899 #ifdef UFS_ACL
900 if ((vp->v_mount->mnt_flag & MNT_NFS4ACLS) != 0)
901 error = ufs_update_nfs4_acl_after_mode_change(vp, mode, ip->i_uid, cred, td);
902 #endif
903 if (error == 0 && (ip->i_flag & IN_CHANGE) != 0)
904 error = UFS_UPDATE(vp, 0);
905
906 return (error);
907 }
908
909 /*
910 * Perform chown operation on inode ip;
911 * inode must be locked prior to call.
912 */
913 static int
ufs_chown(struct vnode * vp,uid_t uid,gid_t gid,struct ucred * cred,struct thread * td)914 ufs_chown(struct vnode *vp, uid_t uid, gid_t gid, struct ucred *cred,
915 struct thread *td)
916 {
917 struct inode *ip = VTOI(vp);
918 uid_t ouid;
919 gid_t ogid;
920 int error = 0;
921 #ifdef QUOTA
922 int i;
923 ufs2_daddr_t change;
924 #endif
925
926 if (uid == (uid_t)VNOVAL)
927 uid = ip->i_uid;
928 if (gid == (gid_t)VNOVAL)
929 gid = ip->i_gid;
930 /*
931 * To modify the ownership of a file, must possess VADMIN for that
932 * file.
933 */
934 if ((error = VOP_ACCESSX(vp, VWRITE_OWNER, cred, td)))
935 return (error);
936 /*
937 * To change the owner of a file, or change the group of a file to a
938 * group of which we are not a member, the caller must have
939 * privilege.
940 */
941 if (((uid != ip->i_uid && uid != cred->cr_uid) ||
942 (gid != ip->i_gid && !groupmember(gid, cred))) &&
943 (error = priv_check_cred(cred, PRIV_VFS_CHOWN)))
944 return (error);
945 ogid = ip->i_gid;
946 ouid = ip->i_uid;
947 #ifdef QUOTA
948 if ((error = getinoquota(ip)) != 0)
949 return (error);
950 if (ouid == uid) {
951 dqrele(vp, ip->i_dquot[USRQUOTA]);
952 ip->i_dquot[USRQUOTA] = NODQUOT;
953 }
954 if (ogid == gid) {
955 dqrele(vp, ip->i_dquot[GRPQUOTA]);
956 ip->i_dquot[GRPQUOTA] = NODQUOT;
957 }
958 change = DIP(ip, i_blocks);
959 (void) chkdq(ip, -change, cred, CHOWN|FORCE);
960 (void) chkiq(ip, -1, cred, CHOWN|FORCE);
961 for (i = 0; i < MAXQUOTAS; i++) {
962 dqrele(vp, ip->i_dquot[i]);
963 ip->i_dquot[i] = NODQUOT;
964 }
965 #endif
966 ip->i_gid = gid;
967 DIP_SET(ip, i_gid, gid);
968 ip->i_uid = uid;
969 DIP_SET(ip, i_uid, uid);
970 #ifdef QUOTA
971 if ((error = getinoquota(ip)) == 0) {
972 if (ouid == uid) {
973 dqrele(vp, ip->i_dquot[USRQUOTA]);
974 ip->i_dquot[USRQUOTA] = NODQUOT;
975 }
976 if (ogid == gid) {
977 dqrele(vp, ip->i_dquot[GRPQUOTA]);
978 ip->i_dquot[GRPQUOTA] = NODQUOT;
979 }
980 if ((error = chkdq(ip, change, cred, CHOWN)) == 0) {
981 if ((error = chkiq(ip, 1, cred, CHOWN)) == 0)
982 goto good;
983 else
984 (void) chkdq(ip, -change, cred, CHOWN|FORCE);
985 }
986 for (i = 0; i < MAXQUOTAS; i++) {
987 dqrele(vp, ip->i_dquot[i]);
988 ip->i_dquot[i] = NODQUOT;
989 }
990 }
991 ip->i_gid = ogid;
992 DIP_SET(ip, i_gid, ogid);
993 ip->i_uid = ouid;
994 DIP_SET(ip, i_uid, ouid);
995 if (getinoquota(ip) == 0) {
996 if (ouid == uid) {
997 dqrele(vp, ip->i_dquot[USRQUOTA]);
998 ip->i_dquot[USRQUOTA] = NODQUOT;
999 }
1000 if (ogid == gid) {
1001 dqrele(vp, ip->i_dquot[GRPQUOTA]);
1002 ip->i_dquot[GRPQUOTA] = NODQUOT;
1003 }
1004 (void) chkdq(ip, change, cred, FORCE|CHOWN);
1005 (void) chkiq(ip, 1, cred, FORCE|CHOWN);
1006 (void) getinoquota(ip);
1007 }
1008 return (error);
1009 good:
1010 if (getinoquota(ip))
1011 panic("ufs_chown: lost quota");
1012 #endif /* QUOTA */
1013 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
1014 if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) {
1015 if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID)) {
1016 UFS_INODE_SET_MODE(ip, ip->i_mode & ~(ISUID | ISGID));
1017 DIP_SET(ip, i_mode, ip->i_mode);
1018 }
1019 }
1020 error = UFS_UPDATE(vp, 0);
1021 return (error);
1022 }
1023
1024 static int
ufs_remove(struct vop_remove_args * ap)1025 ufs_remove(
1026 struct vop_remove_args /* {
1027 struct vnode *a_dvp;
1028 struct vnode *a_vp;
1029 struct componentname *a_cnp;
1030 } */ *ap)
1031 {
1032 struct inode *ip;
1033 struct vnode *vp = ap->a_vp;
1034 struct vnode *dvp = ap->a_dvp;
1035 int error;
1036 struct thread *td;
1037
1038 td = curthread;
1039 ip = VTOI(vp);
1040 if ((ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) ||
1041 (VTOI(dvp)->i_flags & APPEND))
1042 return (EPERM);
1043 if (DOINGSUJ(dvp)) {
1044 error = softdep_prelink(dvp, vp, ap->a_cnp);
1045 if (error != 0) {
1046 MPASS(error == ERELOOKUP);
1047 return (error);
1048 }
1049 }
1050
1051 #ifdef UFS_GJOURNAL
1052 ufs_gjournal_orphan(vp);
1053 #endif
1054 error = ufs_dirremove(dvp, ip, ap->a_cnp->cn_flags, false);
1055 if (ip->i_nlink <= 0)
1056 vp->v_vflag |= VV_NOSYNC;
1057 if (IS_SNAPSHOT(ip)) {
1058 /*
1059 * Avoid deadlock where another thread is trying to
1060 * update the inodeblock for dvp and is waiting on
1061 * snaplk. Temporary unlock the vnode lock for the
1062 * unlinked file and sync the directory. This should
1063 * allow vput() of the directory to not block later on
1064 * while holding the snapshot vnode locked, assuming
1065 * that the directory hasn't been unlinked too.
1066 */
1067 VOP_UNLOCK(vp);
1068 (void) VOP_FSYNC(dvp, MNT_WAIT, td);
1069 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
1070 }
1071 return (error);
1072 }
1073
1074 static void
print_bad_link_count(const char * funcname,struct vnode * dvp)1075 print_bad_link_count(const char *funcname, struct vnode *dvp)
1076 {
1077 struct inode *dip;
1078
1079 dip = VTOI(dvp);
1080 uprintf("%s: Bad link count %d on parent inode %jd in file system %s\n",
1081 funcname, dip->i_effnlink, (intmax_t)dip->i_number,
1082 dvp->v_mount->mnt_stat.f_mntonname);
1083 }
1084
1085 /*
1086 * link vnode call
1087 */
1088 static int
ufs_link(struct vop_link_args * ap)1089 ufs_link(
1090 struct vop_link_args /* {
1091 struct vnode *a_tdvp;
1092 struct vnode *a_vp;
1093 struct componentname *a_cnp;
1094 } */ *ap)
1095 {
1096 struct vnode *vp = ap->a_vp;
1097 struct vnode *tdvp = ap->a_tdvp;
1098 struct componentname *cnp = ap->a_cnp;
1099 struct inode *ip;
1100 struct direct newdir;
1101 int error;
1102
1103 if (DOINGSUJ(tdvp)) {
1104 error = softdep_prelink(tdvp, vp, cnp);
1105 if (error != 0) {
1106 MPASS(error == ERELOOKUP);
1107 return (error);
1108 }
1109 }
1110
1111 if (VTOI(tdvp)->i_effnlink < 2) {
1112 print_bad_link_count("ufs_link", tdvp);
1113 error = EINVAL;
1114 goto out;
1115 }
1116 error = ufs_sync_nlink(vp, tdvp);
1117 if (error != 0)
1118 goto out;
1119 ip = VTOI(vp);
1120
1121 /*
1122 * The file may have been removed after namei dropped the original
1123 * lock.
1124 */
1125 if (ip->i_effnlink == 0) {
1126 error = ENOENT;
1127 goto out;
1128 }
1129 if (ip->i_flags & (IMMUTABLE | APPEND)) {
1130 error = EPERM;
1131 goto out;
1132 }
1133
1134 ip->i_effnlink++;
1135 ip->i_nlink++;
1136 DIP_SET_NLINK(ip, ip->i_nlink);
1137 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
1138 if (DOINGSOFTDEP(vp))
1139 softdep_setup_link(VTOI(tdvp), ip);
1140 error = UFS_UPDATE(vp, !DOINGSOFTDEP(vp) && !DOINGASYNC(vp));
1141 if (!error) {
1142 ufs_makedirentry(ip, cnp, &newdir);
1143 error = ufs_direnter(tdvp, vp, &newdir, cnp, NULL);
1144 }
1145
1146 if (error) {
1147 ip->i_effnlink--;
1148 ip->i_nlink--;
1149 DIP_SET_NLINK(ip, ip->i_nlink);
1150 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
1151 if (DOINGSOFTDEP(vp))
1152 softdep_revert_link(VTOI(tdvp), ip);
1153 }
1154 out:
1155 return (error);
1156 }
1157
1158 /*
1159 * whiteout vnode call
1160 */
1161 static int
ufs_whiteout(struct vop_whiteout_args * ap)1162 ufs_whiteout(
1163 struct vop_whiteout_args /* {
1164 struct vnode *a_dvp;
1165 struct componentname *a_cnp;
1166 int a_flags;
1167 } */ *ap)
1168 {
1169 struct vnode *dvp = ap->a_dvp;
1170 struct componentname *cnp = ap->a_cnp;
1171 struct direct newdir;
1172 int error = 0;
1173
1174 if (DOINGSUJ(dvp) && (ap->a_flags == CREATE ||
1175 ap->a_flags == DELETE)) {
1176 error = softdep_prelink(dvp, NULL, cnp);
1177 if (error != 0) {
1178 MPASS(error == ERELOOKUP);
1179 return (error);
1180 }
1181 }
1182
1183 switch (ap->a_flags) {
1184 case LOOKUP:
1185 /* 4.4 format directories support whiteout operations */
1186 if (!OFSFMT(dvp))
1187 return (0);
1188 return (EOPNOTSUPP);
1189
1190 case CREATE:
1191 /* create a new directory whiteout */
1192 #ifdef INVARIANTS
1193 if (OFSFMT(dvp))
1194 panic("ufs_whiteout: old format filesystem");
1195 #endif
1196
1197 newdir.d_ino = UFS_WINO;
1198 newdir.d_namlen = cnp->cn_namelen;
1199 bcopy(cnp->cn_nameptr, newdir.d_name, (unsigned)cnp->cn_namelen + 1);
1200 newdir.d_type = DT_WHT;
1201 error = ufs_direnter(dvp, NULL, &newdir, cnp, NULL);
1202 break;
1203
1204 case DELETE:
1205 /* remove an existing directory whiteout */
1206 #ifdef INVARIANTS
1207 if (OFSFMT(dvp))
1208 panic("ufs_whiteout: old format filesystem");
1209 #endif
1210
1211 cnp->cn_flags &= ~DOWHITEOUT;
1212 error = ufs_dirremove(dvp, NULL, cnp->cn_flags, false);
1213 break;
1214 default:
1215 panic("ufs_whiteout: unknown op");
1216 }
1217 return (error);
1218 }
1219
1220 static volatile int rename_restarts;
1221 SYSCTL_INT(_vfs_ufs, OID_AUTO, rename_restarts, CTLFLAG_RD,
1222 __DEVOLATILE(int *, &rename_restarts), 0,
1223 "Times rename had to restart due to lock contention");
1224
1225 /*
1226 * Rename system call.
1227 * rename("foo", "bar");
1228 * is essentially
1229 * unlink("bar");
1230 * link("foo", "bar");
1231 * unlink("foo");
1232 * but ``atomically''. Can't do full commit without saving state in the
1233 * inode on disk which isn't feasible at this time. Best we can do is
1234 * always guarantee the target exists.
1235 *
1236 * Basic algorithm is:
1237 *
1238 * 1) Bump link count on source while we're linking it to the
1239 * target. This also ensure the inode won't be deleted out
1240 * from underneath us while we work (it may be truncated by
1241 * a concurrent `trunc' or `open' for creation).
1242 * 2) Link source to destination. If destination already exists,
1243 * delete it first.
1244 * 3) Unlink source reference to inode if still around. If a
1245 * directory was moved and the parent of the destination
1246 * is different from the source, patch the ".." entry in the
1247 * directory.
1248 */
1249 static int
ufs_rename(struct vop_rename_args * ap)1250 ufs_rename(
1251 struct vop_rename_args /* {
1252 struct vnode *a_fdvp;
1253 struct vnode *a_fvp;
1254 struct componentname *a_fcnp;
1255 struct vnode *a_tdvp;
1256 struct vnode *a_tvp;
1257 struct componentname *a_tcnp;
1258 } */ *ap)
1259 {
1260 struct vnode *tvp = ap->a_tvp;
1261 struct vnode *tdvp = ap->a_tdvp;
1262 struct vnode *fvp = ap->a_fvp;
1263 struct vnode *fdvp = ap->a_fdvp;
1264 struct vnode *nvp;
1265 struct componentname *tcnp = ap->a_tcnp;
1266 struct componentname *fcnp = ap->a_fcnp;
1267 struct thread *td = curthread;
1268 struct inode *fip, *tip, *tdp, *fdp;
1269 struct direct newdir;
1270 off_t endoff;
1271 int doingdirectory;
1272 u_int newparent;
1273 int error = 0;
1274 struct mount *mp;
1275 ino_t ino;
1276 seqc_t fdvp_s, fvp_s, tdvp_s, tvp_s;
1277 bool want_seqc_end;
1278
1279 want_seqc_end = false;
1280
1281 endoff = 0;
1282 mp = tdvp->v_mount;
1283 VOP_UNLOCK(tdvp);
1284 if (tvp && tvp != tdvp)
1285 VOP_UNLOCK(tvp);
1286 /*
1287 * Check for cross-device rename.
1288 */
1289 if ((fvp->v_mount != tdvp->v_mount) ||
1290 (tvp && (fvp->v_mount != tvp->v_mount))) {
1291 error = EXDEV;
1292 mp = NULL;
1293 goto releout;
1294 }
1295
1296 fdvp_s = fvp_s = tdvp_s = tvp_s = SEQC_MOD;
1297 relock:
1298 /*
1299 * We need to acquire 2 to 4 locks depending on whether tvp is NULL
1300 * and fdvp and tdvp are the same directory. Subsequently we need
1301 * to double-check all paths and in the directory rename case we
1302 * need to verify that we are not creating a directory loop. To
1303 * handle this we acquire all but fdvp using non-blocking
1304 * acquisitions. If we fail to acquire any lock in the path we will
1305 * drop all held locks, acquire the new lock in a blocking fashion,
1306 * and then release it and restart the rename. This acquire/release
1307 * step ensures that we do not spin on a lock waiting for release.
1308 */
1309 error = vn_lock(fdvp, LK_EXCLUSIVE);
1310 if (error)
1311 goto releout;
1312 if (vn_lock(tdvp, LK_EXCLUSIVE | LK_NOWAIT) != 0) {
1313 VOP_UNLOCK(fdvp);
1314 error = vn_lock(tdvp, LK_EXCLUSIVE);
1315 if (error)
1316 goto releout;
1317 VOP_UNLOCK(tdvp);
1318 atomic_add_int(&rename_restarts, 1);
1319 goto relock;
1320 }
1321 /*
1322 * Re-resolve fvp to be certain it still exists and fetch the
1323 * correct vnode.
1324 */
1325 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino);
1326 if (error) {
1327 VOP_UNLOCK(fdvp);
1328 VOP_UNLOCK(tdvp);
1329 goto releout;
1330 }
1331 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp);
1332 if (error) {
1333 VOP_UNLOCK(fdvp);
1334 VOP_UNLOCK(tdvp);
1335 if (error != EBUSY)
1336 goto releout;
1337 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp);
1338 if (error != 0)
1339 goto releout;
1340 VOP_UNLOCK(nvp);
1341 vrele(fvp);
1342 fvp = nvp;
1343 atomic_add_int(&rename_restarts, 1);
1344 goto relock;
1345 }
1346 vrele(fvp);
1347 fvp = nvp;
1348 /*
1349 * Re-resolve tvp and acquire the vnode lock if present.
1350 */
1351 error = ufs_lookup_ino(tdvp, NULL, tcnp, &ino);
1352 if (error != 0 && error != EJUSTRETURN) {
1353 VOP_UNLOCK(fdvp);
1354 VOP_UNLOCK(tdvp);
1355 VOP_UNLOCK(fvp);
1356 goto releout;
1357 }
1358 /*
1359 * If tvp disappeared we just carry on.
1360 */
1361 if (error == EJUSTRETURN && tvp != NULL) {
1362 vrele(tvp);
1363 tvp = NULL;
1364 }
1365 /*
1366 * Get the tvp ino if the lookup succeeded. We may have to restart
1367 * if the non-blocking acquire fails.
1368 */
1369 if (error == 0) {
1370 nvp = NULL;
1371 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp);
1372 if (tvp)
1373 vrele(tvp);
1374 tvp = nvp;
1375 if (error) {
1376 VOP_UNLOCK(fdvp);
1377 VOP_UNLOCK(tdvp);
1378 VOP_UNLOCK(fvp);
1379 if (error != EBUSY)
1380 goto releout;
1381 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp);
1382 if (error != 0)
1383 goto releout;
1384 vput(nvp);
1385 atomic_add_int(&rename_restarts, 1);
1386 goto relock;
1387 }
1388 }
1389
1390 if (DOINGSUJ(fdvp) &&
1391 (seqc_in_modify(fdvp_s) || !vn_seqc_consistent(fdvp, fdvp_s) ||
1392 seqc_in_modify(fvp_s) || !vn_seqc_consistent(fvp, fvp_s) ||
1393 seqc_in_modify(tdvp_s) || !vn_seqc_consistent(tdvp, tdvp_s) ||
1394 (tvp != NULL && (seqc_in_modify(tvp_s) ||
1395 !vn_seqc_consistent(tvp, tvp_s))))) {
1396 error = softdep_prerename(fdvp, fvp, tdvp, tvp);
1397 if (error != 0)
1398 goto releout;
1399 }
1400
1401 fdp = VTOI(fdvp);
1402 fip = VTOI(fvp);
1403 tdp = VTOI(tdvp);
1404 tip = NULL;
1405 if (tvp)
1406 tip = VTOI(tvp);
1407 if (tvp && ((VTOI(tvp)->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) ||
1408 (VTOI(tdvp)->i_flags & APPEND))) {
1409 error = EPERM;
1410 goto unlockout;
1411 }
1412 /*
1413 * Renaming a file to itself has no effect. The upper layers should
1414 * not call us in that case. However, things could change after
1415 * we drop the locks above.
1416 */
1417 if (fvp == tvp) {
1418 error = 0;
1419 goto unlockout;
1420 }
1421 doingdirectory = 0;
1422 newparent = 0;
1423 ino = fip->i_number;
1424 if (fip->i_nlink >= UFS_LINK_MAX) {
1425 if (!DOINGSOFTDEP(fvp) || fip->i_effnlink >= UFS_LINK_MAX) {
1426 error = EMLINK;
1427 goto unlockout;
1428 }
1429 vfs_ref(mp);
1430 MPASS(!want_seqc_end);
1431 VOP_UNLOCK(fdvp);
1432 VOP_UNLOCK(fvp);
1433 vref(tdvp);
1434 if (tvp != NULL)
1435 vref(tvp);
1436 VOP_VPUT_PAIR(tdvp, &tvp, true);
1437 error = ufs_sync_nlink1(mp);
1438 vrele(fdvp);
1439 vrele(fvp);
1440 vrele(tdvp);
1441 if (tvp != NULL)
1442 vrele(tvp);
1443 return (error);
1444 }
1445 if ((fip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))
1446 || (fdp->i_flags & APPEND)) {
1447 error = EPERM;
1448 goto unlockout;
1449 }
1450 if ((fip->i_mode & IFMT) == IFDIR) {
1451 /*
1452 * Avoid ".", "..", and aliases of "." for obvious reasons.
1453 */
1454 if ((fcnp->cn_namelen == 1 && fcnp->cn_nameptr[0] == '.') ||
1455 fdp == fip ||
1456 (fcnp->cn_flags | tcnp->cn_flags) & ISDOTDOT) {
1457 error = EINVAL;
1458 goto unlockout;
1459 }
1460 if (fdp->i_number != tdp->i_number)
1461 newparent = tdp->i_number;
1462 doingdirectory = 1;
1463 }
1464 if ((fvp->v_type == VDIR && fvp->v_mountedhere != NULL) ||
1465 (tvp != NULL && tvp->v_type == VDIR &&
1466 tvp->v_mountedhere != NULL)) {
1467 error = EXDEV;
1468 goto unlockout;
1469 }
1470
1471 /*
1472 * If ".." must be changed (ie the directory gets a new
1473 * parent) then the source directory must not be in the
1474 * directory hierarchy above the target, as this would
1475 * orphan everything below the source directory. Also
1476 * the user must have write permission in the source so
1477 * as to be able to change "..".
1478 */
1479 if (doingdirectory && newparent != 0) {
1480 error = VOP_ACCESS(fvp, VWRITE, tcnp->cn_cred, curthread);
1481 if (error)
1482 goto unlockout;
1483
1484 error = ufs_checkpath(ino, fdp->i_number, tdp, tcnp->cn_cred,
1485 &ino);
1486 /*
1487 * We encountered a lock that we have to wait for. Unlock
1488 * everything else and VGET before restarting.
1489 */
1490 if (ino) {
1491 VOP_UNLOCK(fdvp);
1492 VOP_UNLOCK(fvp);
1493 VOP_UNLOCK(tdvp);
1494 if (tvp)
1495 VOP_UNLOCK(tvp);
1496 error = VFS_VGET(mp, ino, LK_SHARED, &nvp);
1497 if (error == 0)
1498 vput(nvp);
1499 atomic_add_int(&rename_restarts, 1);
1500 goto relock;
1501 }
1502 if (error)
1503 goto unlockout;
1504 }
1505 if (fip->i_effnlink == 0 || fdp->i_effnlink == 0 ||
1506 tdp->i_effnlink == 0)
1507 panic("Bad effnlink fip %p, fdp %p, tdp %p", fip, fdp, tdp);
1508
1509 if (tvp != NULL)
1510 vn_seqc_write_begin(tvp);
1511 vn_seqc_write_begin(tdvp);
1512 vn_seqc_write_begin(fvp);
1513 vn_seqc_write_begin(fdvp);
1514 want_seqc_end = true;
1515
1516 /*
1517 * 1) Bump link count while we're moving stuff
1518 * around. If we crash somewhere before
1519 * completing our work, the link count
1520 * may be wrong, but correctable.
1521 */
1522 fip->i_effnlink++;
1523 fip->i_nlink++;
1524 DIP_SET_NLINK(fip, fip->i_nlink);
1525 UFS_INODE_SET_FLAG(fip, IN_CHANGE);
1526 if (DOINGSOFTDEP(fvp))
1527 softdep_setup_link(tdp, fip);
1528 error = UFS_UPDATE(fvp, !DOINGSOFTDEP(fvp) && !DOINGASYNC(fvp));
1529 if (error)
1530 goto bad;
1531
1532 /*
1533 * 2) If target doesn't exist, link the target
1534 * to the source and unlink the source.
1535 * Otherwise, rewrite the target directory
1536 * entry to reference the source inode and
1537 * expunge the original entry's existence.
1538 */
1539 if (tip == NULL) {
1540 if (ITODEV(tdp) != ITODEV(fip))
1541 panic("ufs_rename: EXDEV");
1542 if (doingdirectory && newparent != 0) {
1543 /*
1544 * Account for ".." in new directory.
1545 * When source and destination have the same
1546 * parent we don't adjust the link count. The
1547 * actual link modification is completed when
1548 * .. is rewritten below.
1549 */
1550 if (tdp->i_nlink >= UFS_LINK_MAX) {
1551 fip->i_effnlink--;
1552 fip->i_nlink--;
1553 DIP_SET_NLINK(fip, fip->i_nlink);
1554 UFS_INODE_SET_FLAG(fip, IN_CHANGE);
1555 if (DOINGSOFTDEP(fvp))
1556 softdep_revert_link(tdp, fip);
1557 if (!DOINGSOFTDEP(tdvp) ||
1558 tdp->i_effnlink >= UFS_LINK_MAX) {
1559 error = EMLINK;
1560 goto unlockout;
1561 }
1562 MPASS(want_seqc_end);
1563 if (tvp != NULL)
1564 vn_seqc_write_end(tvp);
1565 vn_seqc_write_end(tdvp);
1566 vn_seqc_write_end(fvp);
1567 vn_seqc_write_end(fdvp);
1568 want_seqc_end = false;
1569 vfs_ref(mp);
1570 VOP_UNLOCK(fdvp);
1571 VOP_UNLOCK(fvp);
1572 vref(tdvp);
1573 if (tvp != NULL)
1574 vref(tvp);
1575 VOP_VPUT_PAIR(tdvp, &tvp, true);
1576 error = ufs_sync_nlink1(mp);
1577 vrele(fdvp);
1578 vrele(fvp);
1579 vrele(tdvp);
1580 if (tvp != NULL)
1581 vrele(tvp);
1582 return (error);
1583 }
1584 }
1585 ufs_makedirentry(fip, tcnp, &newdir);
1586 error = ufs_direnter(tdvp, NULL, &newdir, tcnp, NULL);
1587 if (error)
1588 goto bad;
1589 /* Setup tdvp for directory compaction if needed. */
1590 if (I_COUNT(tdp) != 0 && I_ENDOFF(tdp) != 0 &&
1591 I_ENDOFF(tdp) < tdp->i_size)
1592 endoff = I_ENDOFF(tdp);
1593 } else {
1594 if (ITODEV(tip) != ITODEV(tdp) || ITODEV(tip) != ITODEV(fip))
1595 panic("ufs_rename: EXDEV");
1596 /*
1597 * Short circuit rename(foo, foo).
1598 */
1599 if (tip->i_number == fip->i_number)
1600 panic("ufs_rename: same file");
1601 /*
1602 * If the parent directory is "sticky", then the caller
1603 * must possess VADMIN for the parent directory, or the
1604 * destination of the rename. This implements append-only
1605 * directories.
1606 */
1607 if ((tdp->i_mode & S_ISTXT) &&
1608 VOP_ACCESS(tdvp, VADMIN, tcnp->cn_cred, td) &&
1609 VOP_ACCESS(tvp, VADMIN, tcnp->cn_cred, td)) {
1610 error = EPERM;
1611 goto bad;
1612 }
1613 /*
1614 * Target must be empty if a directory and have no links
1615 * to it. Also, ensure source and target are compatible
1616 * (both directories, or both not directories).
1617 */
1618 if ((tip->i_mode & IFMT) == IFDIR) {
1619 if ((tip->i_effnlink > 2) ||
1620 !ufs_dirempty(tip, tdp->i_number, tcnp->cn_cred,
1621 (tcnp->cn_flags & IGNOREWHITEOUT) != 0)) {
1622 error = ENOTEMPTY;
1623 goto bad;
1624 }
1625 if (!doingdirectory) {
1626 error = ENOTDIR;
1627 goto bad;
1628 }
1629 cache_purge(tdvp);
1630 } else if (doingdirectory) {
1631 error = EISDIR;
1632 goto bad;
1633 }
1634 if (doingdirectory) {
1635 if (newparent == 0) {
1636 tdp->i_effnlink--;
1637 if (DOINGSOFTDEP(tdvp))
1638 softdep_change_linkcnt(tdp);
1639 }
1640 tip->i_effnlink--;
1641 if (DOINGSOFTDEP(tvp))
1642 softdep_change_linkcnt(tip);
1643 }
1644 error = ufs_dirrewrite(tdp, tip, fip->i_number,
1645 IFTODT(fip->i_mode), (doingdirectory && newparent != 0) ?
1646 newparent : doingdirectory);
1647 if (error) {
1648 if (doingdirectory) {
1649 if (newparent == 0) {
1650 tdp->i_effnlink++;
1651 if (DOINGSOFTDEP(tdvp))
1652 softdep_change_linkcnt(tdp);
1653 }
1654 tip->i_effnlink++;
1655 if (DOINGSOFTDEP(tvp))
1656 softdep_change_linkcnt(tip);
1657 }
1658 goto bad;
1659 }
1660 if (doingdirectory && !DOINGSOFTDEP(tvp)) {
1661 /*
1662 * The only stuff left in the directory is "."
1663 * and "..". The "." reference is inconsequential
1664 * since we are quashing it. We have removed the "."
1665 * reference and the reference in the parent directory,
1666 * but there may be other hard links. The soft
1667 * dependency code will arrange to do these operations
1668 * after the parent directory entry has been deleted on
1669 * disk, so when running with that code we avoid doing
1670 * them now.
1671 */
1672 if (newparent == 0) {
1673 tdp->i_nlink--;
1674 DIP_SET_NLINK(tdp, tdp->i_nlink);
1675 UFS_INODE_SET_FLAG(tdp, IN_CHANGE);
1676 }
1677 tip->i_nlink--;
1678 DIP_SET_NLINK(tip, tip->i_nlink);
1679 UFS_INODE_SET_FLAG(tip, IN_CHANGE);
1680 }
1681 }
1682
1683 /*
1684 * 3) Unlink the source. We have to resolve the path again to
1685 * fixup the directory offset and count for ufs_dirremove.
1686 */
1687 if (fdvp == tdvp) {
1688 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino);
1689 if (error)
1690 panic("ufs_rename: from entry went away!");
1691 if (ino != fip->i_number)
1692 panic("ufs_rename: ino mismatch %ju != %ju\n",
1693 (uintmax_t)ino, (uintmax_t)fip->i_number);
1694 }
1695 /*
1696 * If the source is a directory with a
1697 * new parent, the link count of the old
1698 * parent directory must be decremented
1699 * and ".." set to point to the new parent.
1700 */
1701 if (doingdirectory && newparent != 0) {
1702 /*
1703 * Set the directory depth based on its new parent.
1704 */
1705 DIP_SET(fip, i_dirdepth, DIP(tdp, i_dirdepth) + 1);
1706 /*
1707 * If tip exists we simply use its link, otherwise we must
1708 * add a new one.
1709 */
1710 if (tip == NULL) {
1711 tdp->i_effnlink++;
1712 tdp->i_nlink++;
1713 DIP_SET_NLINK(tdp, tdp->i_nlink);
1714 UFS_INODE_SET_FLAG(tdp, IN_CHANGE);
1715 if (DOINGSOFTDEP(tdvp))
1716 softdep_setup_dotdot_link(tdp, fip);
1717 error = UFS_UPDATE(tdvp, !DOINGSOFTDEP(tdvp) &&
1718 !DOINGASYNC(tdvp));
1719 /* Don't go to bad here as the new link exists. */
1720 if (error)
1721 goto unlockout;
1722 } else if (DOINGSUJ(tdvp))
1723 /* Journal must account for each new link. */
1724 softdep_setup_dotdot_link(tdp, fip);
1725 SET_I_OFFSET(fip, mastertemplate.dot_reclen);
1726 if (ufs_dirrewrite(fip, fdp, newparent, DT_DIR, 0) != 0)
1727 ufs_dirbad(fip, mastertemplate.dot_reclen,
1728 "rename: missing .. entry");
1729 cache_purge(fdvp);
1730 }
1731 error = ufs_dirremove(fdvp, fip, fcnp->cn_flags, false);
1732 /*
1733 * The kern_renameat() looks up the fvp using the DELETE flag, which
1734 * causes the removal of the name cache entry for fvp.
1735 * As the relookup of the fvp is done in two steps:
1736 * ufs_lookup_ino() and then VFS_VGET(), another thread might do a
1737 * normal lookup of the from name just before the VFS_VGET() call,
1738 * causing the cache entry to be re-instantiated.
1739 *
1740 * The same issue also applies to tvp if it exists as
1741 * otherwise we may have a stale name cache entry for the new
1742 * name that references the old i-node if it has other links
1743 * or open file descriptors.
1744 */
1745 cache_vop_rename(fdvp, fvp, tdvp, tvp, fcnp, tcnp);
1746
1747 unlockout:
1748 if (want_seqc_end) {
1749 if (tvp != NULL)
1750 vn_seqc_write_end(tvp);
1751 vn_seqc_write_end(tdvp);
1752 vn_seqc_write_end(fvp);
1753 vn_seqc_write_end(fdvp);
1754 }
1755
1756 vput(fdvp);
1757 vput(fvp);
1758
1759 /*
1760 * If compaction or fsync was requested do it in
1761 * ffs_vput_pair() now that other locks are no longer needed.
1762 */
1763 if (error == 0 && endoff != 0) {
1764 UFS_INODE_SET_FLAG(tdp, IN_ENDOFF);
1765 SET_I_ENDOFF(tdp, endoff);
1766 }
1767 VOP_VPUT_PAIR(tdvp, &tvp, true);
1768 return (error);
1769
1770 bad:
1771 fip->i_effnlink--;
1772 fip->i_nlink--;
1773 DIP_SET_NLINK(fip, fip->i_nlink);
1774 UFS_INODE_SET_FLAG(fip, IN_CHANGE);
1775 if (DOINGSOFTDEP(fvp))
1776 softdep_revert_link(tdp, fip);
1777 goto unlockout;
1778
1779 releout:
1780 if (want_seqc_end) {
1781 if (tvp != NULL)
1782 vn_seqc_write_end(tvp);
1783 vn_seqc_write_end(tdvp);
1784 vn_seqc_write_end(fvp);
1785 vn_seqc_write_end(fdvp);
1786 }
1787
1788 vrele(fdvp);
1789 vrele(fvp);
1790 vrele(tdvp);
1791 if (tvp)
1792 vrele(tvp);
1793
1794 return (error);
1795 }
1796
1797 #ifdef UFS_ACL
1798 static int
ufs_do_posix1e_acl_inheritance_dir(struct vnode * dvp,struct vnode * tvp,mode_t dmode,struct ucred * cred,struct thread * td)1799 ufs_do_posix1e_acl_inheritance_dir(struct vnode *dvp, struct vnode *tvp,
1800 mode_t dmode, struct ucred *cred, struct thread *td)
1801 {
1802 int error;
1803 struct inode *ip = VTOI(tvp);
1804 struct acl *dacl, *acl;
1805
1806 acl = acl_alloc(M_WAITOK);
1807 dacl = acl_alloc(M_WAITOK);
1808
1809 /*
1810 * Retrieve default ACL from parent, if any.
1811 */
1812 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td);
1813 switch (error) {
1814 case 0:
1815 /*
1816 * Retrieved a default ACL, so merge mode and ACL if
1817 * necessary. If the ACL is empty, fall through to
1818 * the "not defined or available" case.
1819 */
1820 if (acl->acl_cnt != 0) {
1821 dmode = acl_posix1e_newfilemode(dmode, acl);
1822 UFS_INODE_SET_MODE(ip, dmode);
1823 DIP_SET(ip, i_mode, dmode);
1824 *dacl = *acl;
1825 ufs_sync_acl_from_inode(ip, acl);
1826 break;
1827 }
1828 /* FALLTHROUGH */
1829
1830 case EOPNOTSUPP:
1831 /*
1832 * Just use the mode as-is.
1833 */
1834 UFS_INODE_SET_MODE(ip, dmode);
1835 DIP_SET(ip, i_mode, dmode);
1836 error = 0;
1837 goto out;
1838
1839 default:
1840 goto out;
1841 }
1842
1843 /*
1844 * XXX: If we abort now, will Soft Updates notify the extattr
1845 * code that the EAs for the file need to be released?
1846 */
1847 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td);
1848 if (error == 0)
1849 error = VOP_SETACL(tvp, ACL_TYPE_DEFAULT, dacl, cred, td);
1850 switch (error) {
1851 case 0:
1852 break;
1853
1854 case EOPNOTSUPP:
1855 /*
1856 * XXX: This should not happen, as EOPNOTSUPP above
1857 * was supposed to free acl.
1858 */
1859 printf("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()\n");
1860 /*
1861 panic("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()");
1862 */
1863 break;
1864
1865 default:
1866 goto out;
1867 }
1868
1869 out:
1870 acl_free(acl);
1871 acl_free(dacl);
1872
1873 return (error);
1874 }
1875
1876 static int
ufs_do_posix1e_acl_inheritance_file(struct vnode * dvp,struct vnode * tvp,mode_t mode,struct ucred * cred,struct thread * td)1877 ufs_do_posix1e_acl_inheritance_file(struct vnode *dvp, struct vnode *tvp,
1878 mode_t mode, struct ucred *cred, struct thread *td)
1879 {
1880 int error;
1881 struct inode *ip = VTOI(tvp);
1882 struct acl *acl;
1883
1884 acl = acl_alloc(M_WAITOK);
1885
1886 /*
1887 * Retrieve default ACL for parent, if any.
1888 */
1889 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td);
1890 switch (error) {
1891 case 0:
1892 /*
1893 * Retrieved a default ACL, so merge mode and ACL if
1894 * necessary.
1895 */
1896 if (acl->acl_cnt != 0) {
1897 /*
1898 * Two possible ways for default ACL to not
1899 * be present. First, the EA can be
1900 * undefined, or second, the default ACL can
1901 * be blank. If it's blank, fall through to
1902 * the it's not defined case.
1903 */
1904 mode = acl_posix1e_newfilemode(mode, acl);
1905 UFS_INODE_SET_MODE(ip, mode);
1906 DIP_SET(ip, i_mode, mode);
1907 ufs_sync_acl_from_inode(ip, acl);
1908 break;
1909 }
1910 /* FALLTHROUGH */
1911
1912 case EOPNOTSUPP:
1913 /*
1914 * Just use the mode as-is.
1915 */
1916 UFS_INODE_SET_MODE(ip, mode);
1917 DIP_SET(ip, i_mode, mode);
1918 error = 0;
1919 goto out;
1920
1921 default:
1922 goto out;
1923 }
1924
1925 /*
1926 * XXX: If we abort now, will Soft Updates notify the extattr
1927 * code that the EAs for the file need to be released?
1928 */
1929 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td);
1930 switch (error) {
1931 case 0:
1932 break;
1933
1934 case EOPNOTSUPP:
1935 /*
1936 * XXX: This should not happen, as EOPNOTSUPP above was
1937 * supposed to free acl.
1938 */
1939 printf("ufs_do_posix1e_acl_inheritance_file: VOP_GETACL() "
1940 "but no VOP_SETACL()\n");
1941 /* panic("ufs_do_posix1e_acl_inheritance_file: VOP_GETACL() "
1942 "but no VOP_SETACL()"); */
1943 break;
1944
1945 default:
1946 goto out;
1947 }
1948
1949 out:
1950 acl_free(acl);
1951
1952 return (error);
1953 }
1954
1955 static int
ufs_do_nfs4_acl_inheritance(struct vnode * dvp,struct vnode * tvp,mode_t child_mode,struct ucred * cred,struct thread * td)1956 ufs_do_nfs4_acl_inheritance(struct vnode *dvp, struct vnode *tvp,
1957 mode_t child_mode, struct ucred *cred, struct thread *td)
1958 {
1959 int error;
1960 struct acl *parent_aclp, *child_aclp;
1961
1962 parent_aclp = acl_alloc(M_WAITOK);
1963 child_aclp = acl_alloc(M_WAITOK | M_ZERO);
1964
1965 error = ufs_getacl_nfs4_internal(dvp, parent_aclp, td);
1966 if (error)
1967 goto out;
1968 acl_nfs4_compute_inherited_acl(parent_aclp, child_aclp,
1969 child_mode, VTOI(tvp)->i_uid, tvp->v_type == VDIR);
1970 error = ufs_setacl_nfs4_internal(tvp, child_aclp, td);
1971 if (error)
1972 goto out;
1973 out:
1974 acl_free(parent_aclp);
1975 acl_free(child_aclp);
1976
1977 return (error);
1978 }
1979 #endif
1980
1981 /*
1982 * Mkdir system call
1983 */
1984 static int
ufs_mkdir(struct vop_mkdir_args * ap)1985 ufs_mkdir(
1986 struct vop_mkdir_args /* {
1987 struct vnode *a_dvp;
1988 struct vnode **a_vpp;
1989 struct componentname *a_cnp;
1990 struct vattr *a_vap;
1991 } */ *ap)
1992 {
1993 struct vnode *dvp = ap->a_dvp;
1994 struct vattr *vap = ap->a_vap;
1995 struct componentname *cnp = ap->a_cnp;
1996 struct inode *ip, *dp;
1997 struct vnode *tvp;
1998 struct buf *bp;
1999 struct dirtemplate dirtemplate, *dtp;
2000 struct direct newdir;
2001 int error, dmode;
2002 long blkoff;
2003
2004 dp = VTOI(dvp);
2005 error = ufs_sync_nlink(dvp, NULL);
2006 if (error != 0)
2007 goto out;
2008 dmode = vap->va_mode & 0777;
2009 dmode |= IFDIR;
2010
2011 /*
2012 * Must simulate part of ufs_makeinode here to acquire the inode,
2013 * but not have it entered in the parent directory. The entry is
2014 * made later after writing "." and ".." entries.
2015 */
2016 if (dp->i_effnlink < 2) {
2017 print_bad_link_count("ufs_mkdir", dvp);
2018 error = EINVAL;
2019 goto out;
2020 }
2021
2022 if (DOINGSUJ(dvp)) {
2023 error = softdep_prelink(dvp, NULL, cnp);
2024 if (error != 0) {
2025 MPASS(error == ERELOOKUP);
2026 return (error);
2027 }
2028 }
2029
2030 error = UFS_VALLOC(dvp, dmode, cnp->cn_cred, &tvp);
2031 if (error)
2032 goto out;
2033 vn_seqc_write_begin(tvp);
2034 ip = VTOI(tvp);
2035 ip->i_gid = dp->i_gid;
2036 DIP_SET(ip, i_gid, dp->i_gid);
2037 #ifdef SUIDDIR
2038 {
2039 #ifdef QUOTA
2040 struct ucred ucred, *ucp;
2041 ucp = cnp->cn_cred;
2042 #endif
2043 /*
2044 * If we are hacking owners here, (only do this where told to)
2045 * and we are not giving it TO root, (would subvert quotas)
2046 * then go ahead and give it to the other user.
2047 * The new directory also inherits the SUID bit.
2048 * If user's UID and dir UID are the same,
2049 * 'give it away' so that the SUID is still forced on.
2050 */
2051 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) &&
2052 (dp->i_mode & ISUID) && dp->i_uid) {
2053 dmode |= ISUID;
2054 ip->i_uid = dp->i_uid;
2055 DIP_SET(ip, i_uid, dp->i_uid);
2056 #ifdef QUOTA
2057 if (dp->i_uid != cnp->cn_cred->cr_uid) {
2058 /*
2059 * Make sure the correct user gets charged
2060 * for the space.
2061 * Make a dummy credential for the victim.
2062 * XXX This seems to never be accessed out of
2063 * our context so a stack variable is ok.
2064 */
2065 ucred.cr_ref = 1;
2066 ucred.cr_uid = ip->i_uid;
2067 ucred.cr_gid = dp->i_gid;
2068 ucred.cr_ngroups = 0;
2069 ucp = &ucred;
2070 }
2071 #endif
2072 } else {
2073 ip->i_uid = cnp->cn_cred->cr_uid;
2074 DIP_SET(ip, i_uid, ip->i_uid);
2075 }
2076 #ifdef QUOTA
2077 if ((error = getinoquota(ip)) ||
2078 (error = chkiq(ip, 1, ucp, 0))) {
2079 if (DOINGSOFTDEP(tvp))
2080 softdep_revert_link(dp, ip);
2081 UFS_VFREE(tvp, ip->i_number, dmode);
2082 vn_seqc_write_end(tvp);
2083 vgone(tvp);
2084 vput(tvp);
2085 return (error);
2086 }
2087 #endif
2088 }
2089 #else /* !SUIDDIR */
2090 ip->i_uid = cnp->cn_cred->cr_uid;
2091 DIP_SET(ip, i_uid, ip->i_uid);
2092 #ifdef QUOTA
2093 if ((error = getinoquota(ip)) ||
2094 (error = chkiq(ip, 1, cnp->cn_cred, 0))) {
2095 if (DOINGSOFTDEP(tvp))
2096 softdep_revert_link(dp, ip);
2097 UFS_VFREE(tvp, ip->i_number, dmode);
2098 vn_seqc_write_end(tvp);
2099 vgone(tvp);
2100 vput(tvp);
2101 return (error);
2102 }
2103 #endif
2104 #endif /* !SUIDDIR */
2105 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE);
2106 UFS_INODE_SET_MODE(ip, dmode);
2107 DIP_SET(ip, i_mode, dmode);
2108 tvp->v_type = VDIR; /* Rest init'd in getnewvnode(). */
2109 ip->i_effnlink = 2;
2110 ip->i_nlink = 2;
2111 DIP_SET_NLINK(ip, 2);
2112 DIP_SET(ip, i_dirdepth, DIP(dp,i_dirdepth) + 1);
2113
2114 if (cnp->cn_flags & ISWHITEOUT) {
2115 ip->i_flags |= UF_OPAQUE;
2116 DIP_SET(ip, i_flags, ip->i_flags);
2117 }
2118
2119 /*
2120 * Bump link count in parent directory to reflect work done below.
2121 * Should be done before reference is created so cleanup is
2122 * possible if we crash.
2123 */
2124 dp->i_effnlink++;
2125 dp->i_nlink++;
2126 DIP_SET_NLINK(dp, dp->i_nlink);
2127 UFS_INODE_SET_FLAG(dp, IN_CHANGE);
2128 if (DOINGSOFTDEP(dvp))
2129 softdep_setup_mkdir(dp, ip);
2130 error = UFS_UPDATE(dvp, !DOINGSOFTDEP(dvp) && !DOINGASYNC(dvp));
2131 if (error)
2132 goto bad;
2133 #ifdef MAC
2134 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) {
2135 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount,
2136 dvp, tvp, cnp);
2137 if (error)
2138 goto bad;
2139 }
2140 #endif
2141 #ifdef UFS_ACL
2142 if (dvp->v_mount->mnt_flag & MNT_ACLS) {
2143 error = ufs_do_posix1e_acl_inheritance_dir(dvp, tvp, dmode,
2144 cnp->cn_cred, curthread);
2145 if (error)
2146 goto bad;
2147 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) {
2148 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, dmode,
2149 cnp->cn_cred, curthread);
2150 if (error)
2151 goto bad;
2152 }
2153 #endif /* !UFS_ACL */
2154
2155 /*
2156 * Initialize directory with "." and ".." from static template.
2157 */
2158 if (!OFSFMT(dvp))
2159 dtp = &mastertemplate;
2160 else
2161 dtp = (struct dirtemplate *)&omastertemplate;
2162 dirtemplate = *dtp;
2163 dirtemplate.dot_ino = ip->i_number;
2164 dirtemplate.dotdot_ino = dp->i_number;
2165 vnode_pager_setsize(tvp, DIRBLKSIZ);
2166 if ((error = UFS_BALLOC(tvp, (off_t)0, DIRBLKSIZ, cnp->cn_cred,
2167 BA_CLRBUF, &bp)) != 0)
2168 goto bad;
2169 ip->i_size = DIRBLKSIZ;
2170 DIP_SET(ip, i_size, DIRBLKSIZ);
2171 UFS_INODE_SET_FLAG(ip, IN_SIZEMOD | IN_CHANGE | IN_UPDATE);
2172 bcopy((caddr_t)&dirtemplate, (caddr_t)bp->b_data, sizeof dirtemplate);
2173 if (DOINGSOFTDEP(tvp)) {
2174 /*
2175 * Ensure that the entire newly allocated block is a
2176 * valid directory so that future growth within the
2177 * block does not have to ensure that the block is
2178 * written before the inode.
2179 */
2180 blkoff = DIRBLKSIZ;
2181 while (blkoff < bp->b_bcount) {
2182 ((struct direct *)
2183 (bp->b_data + blkoff))->d_reclen = DIRBLKSIZ;
2184 blkoff += DIRBLKSIZ;
2185 }
2186 }
2187 if ((error = UFS_UPDATE(tvp, !DOINGSOFTDEP(tvp) &&
2188 !DOINGASYNC(tvp))) != 0) {
2189 (void)bwrite(bp);
2190 goto bad;
2191 }
2192 /*
2193 * Directory set up, now install its entry in the parent directory.
2194 *
2195 * If we are not doing soft dependencies, then we must write out the
2196 * buffer containing the new directory body before entering the new
2197 * name in the parent. If we are doing soft dependencies, then the
2198 * buffer containing the new directory body will be passed to and
2199 * released in the soft dependency code after the code has attached
2200 * an appropriate ordering dependency to the buffer which ensures that
2201 * the buffer is written before the new name is written in the parent.
2202 */
2203 if (DOINGASYNC(dvp))
2204 bdwrite(bp);
2205 else if (!DOINGSOFTDEP(dvp) && ((error = bwrite(bp))))
2206 goto bad;
2207 ufs_makedirentry(ip, cnp, &newdir);
2208 error = ufs_direnter(dvp, tvp, &newdir, cnp, bp);
2209
2210 bad:
2211 if (error == 0) {
2212 *ap->a_vpp = tvp;
2213 vn_seqc_write_end(tvp);
2214 } else {
2215 dp->i_effnlink--;
2216 dp->i_nlink--;
2217 DIP_SET_NLINK(dp, dp->i_nlink);
2218 UFS_INODE_SET_FLAG(dp, IN_CHANGE);
2219 /*
2220 * No need to do an explicit VOP_TRUNCATE here, vrele will
2221 * do this for us because we set the link count to 0.
2222 */
2223 ip->i_effnlink = 0;
2224 ip->i_nlink = 0;
2225 DIP_SET_NLINK(ip, 0);
2226 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
2227 if (DOINGSOFTDEP(tvp))
2228 softdep_revert_mkdir(dp, ip);
2229 vn_seqc_write_end(tvp);
2230 vgone(tvp);
2231 vput(tvp);
2232 }
2233 out:
2234 return (error);
2235 }
2236
2237 /*
2238 * Rmdir system call.
2239 */
2240 static int
ufs_rmdir(struct vop_rmdir_args * ap)2241 ufs_rmdir(
2242 struct vop_rmdir_args /* {
2243 struct vnode *a_dvp;
2244 struct vnode *a_vp;
2245 struct componentname *a_cnp;
2246 } */ *ap)
2247 {
2248 struct vnode *vp = ap->a_vp;
2249 struct vnode *dvp = ap->a_dvp;
2250 struct componentname *cnp = ap->a_cnp;
2251 struct inode *ip, *dp;
2252 int error;
2253
2254 ip = VTOI(vp);
2255 dp = VTOI(dvp);
2256
2257 /*
2258 * Do not remove a directory that is in the process of being renamed.
2259 * Verify the directory is empty (and valid). Rmdir ".." will not be
2260 * valid since ".." will contain a reference to the current directory
2261 * and thus be non-empty. Do not allow the removal of mounted on
2262 * directories (this can happen when an NFS exported filesystem
2263 * tries to remove a locally mounted on directory).
2264 */
2265 error = 0;
2266 if (dp->i_effnlink <= 2) {
2267 if (dp->i_effnlink == 2)
2268 print_bad_link_count("ufs_rmdir", dvp);
2269 error = EINVAL;
2270 goto out;
2271 }
2272 if (!ufs_dirempty(ip, dp->i_number, cnp->cn_cred,
2273 (cnp->cn_flags & IGNOREWHITEOUT) != 0)) {
2274 error = ENOTEMPTY;
2275 goto out;
2276 }
2277 if ((dp->i_flags & APPEND)
2278 || (ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))) {
2279 error = EPERM;
2280 goto out;
2281 }
2282 if (vp->v_mountedhere != 0) {
2283 error = EINVAL;
2284 goto out;
2285 }
2286 if (DOINGSUJ(dvp)) {
2287 error = softdep_prelink(dvp, vp, cnp);
2288 if (error != 0) {
2289 MPASS(error == ERELOOKUP);
2290 return (error);
2291 }
2292 }
2293
2294 #ifdef UFS_GJOURNAL
2295 ufs_gjournal_orphan(vp);
2296 #endif
2297 /*
2298 * Delete reference to directory before purging
2299 * inode. If we crash in between, the directory
2300 * will be reattached to lost+found,
2301 */
2302 dp->i_effnlink--;
2303 ip->i_effnlink--;
2304 if (DOINGSOFTDEP(vp))
2305 softdep_setup_rmdir(dp, ip);
2306 error = ufs_dirremove(dvp, ip, cnp->cn_flags, true);
2307 if (error) {
2308 dp->i_effnlink++;
2309 ip->i_effnlink++;
2310 if (DOINGSOFTDEP(vp))
2311 softdep_revert_rmdir(dp, ip);
2312 goto out;
2313 }
2314 /*
2315 * The only stuff left in the directory is "." and "..". The "."
2316 * reference is inconsequential since we are quashing it. The soft
2317 * dependency code will arrange to do these operations after
2318 * the parent directory entry has been deleted on disk, so
2319 * when running with that code we avoid doing them now.
2320 */
2321 if (!DOINGSOFTDEP(vp)) {
2322 dp->i_nlink--;
2323 DIP_SET_NLINK(dp, dp->i_nlink);
2324 UFS_INODE_SET_FLAG(dp, IN_CHANGE);
2325 error = UFS_UPDATE(dvp, 0);
2326 ip->i_nlink--;
2327 DIP_SET_NLINK(ip, ip->i_nlink);
2328 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
2329 }
2330 cache_vop_rmdir(dvp, vp);
2331 #ifdef UFS_DIRHASH
2332 /* Kill any active hash; i_effnlink == 0, so it will not come back. */
2333 if (ip->i_dirhash != NULL)
2334 ufsdirhash_free(ip);
2335 #endif
2336 out:
2337 return (error);
2338 }
2339
2340 /*
2341 * symlink -- make a symbolic link
2342 */
2343 static int
ufs_symlink(struct vop_symlink_args * ap)2344 ufs_symlink(
2345 struct vop_symlink_args /* {
2346 struct vnode *a_dvp;
2347 struct vnode **a_vpp;
2348 struct componentname *a_cnp;
2349 struct vattr *a_vap;
2350 const char *a_target;
2351 } */ *ap)
2352 {
2353 struct vnode *vp, **vpp = ap->a_vpp;
2354 struct inode *ip;
2355 int len, error;
2356
2357 error = ufs_makeinode(IFLNK | ap->a_vap->va_mode, ap->a_dvp,
2358 vpp, ap->a_cnp, "ufs_symlink");
2359 if (error)
2360 return (error);
2361 vp = *vpp;
2362 len = strlen(ap->a_target);
2363 if (len < VFSTOUFS(vp->v_mount)->um_maxsymlinklen) {
2364 ip = VTOI(vp);
2365 bcopy(ap->a_target, DIP(ip, i_shortlink), len);
2366 ip->i_size = len;
2367 DIP_SET(ip, i_size, len);
2368 UFS_INODE_SET_FLAG(ip, IN_SIZEMOD | IN_CHANGE | IN_UPDATE);
2369 error = UFS_UPDATE(vp, 0);
2370 } else
2371 error = vn_rdwr(UIO_WRITE, vp, __DECONST(void *, ap->a_target),
2372 len, (off_t)0, UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK,
2373 ap->a_cnp->cn_cred, NOCRED, NULL, NULL);
2374 if (error)
2375 vput(vp);
2376 return (error);
2377 }
2378
2379 /*
2380 * Vnode op for reading directories.
2381 */
2382 int
ufs_readdir(struct vop_readdir_args * ap)2383 ufs_readdir(
2384 struct vop_readdir_args /* {
2385 struct vnode *a_vp;
2386 struct uio *a_uio;
2387 struct ucred *a_cred;
2388 int *a_eofflag;
2389 int *a_ncookies;
2390 uint64_t **a_cookies;
2391 } */ *ap)
2392 {
2393 struct vnode *vp = ap->a_vp;
2394 struct uio *uio = ap->a_uio;
2395 struct buf *bp;
2396 struct inode *ip;
2397 struct direct *dp, *edp;
2398 uint64_t *cookies;
2399 struct dirent dstdp;
2400 off_t offset, startoffset;
2401 size_t readcnt, skipcnt;
2402 ssize_t startresid;
2403 uint64_t ncookies;
2404 int error;
2405
2406 if (uio->uio_offset < 0)
2407 return (EINVAL);
2408 ip = VTOI(vp);
2409 if (ip->i_effnlink == 0) {
2410 *ap->a_eofflag = 1;
2411 return (0);
2412 }
2413 if (ap->a_ncookies != NULL) {
2414 if (uio->uio_resid < 0)
2415 ncookies = 0;
2416 else
2417 ncookies = uio->uio_resid;
2418 if (uio->uio_offset >= ip->i_size)
2419 ncookies = 0;
2420 else if (ip->i_size - uio->uio_offset < ncookies)
2421 ncookies = ip->i_size - uio->uio_offset;
2422 ncookies = ncookies / (offsetof(struct direct, d_name) + 4) + 1;
2423 cookies = malloc(ncookies * sizeof(*cookies), M_TEMP, M_WAITOK);
2424 *ap->a_ncookies = ncookies;
2425 *ap->a_cookies = cookies;
2426 } else {
2427 ncookies = 0;
2428 cookies = NULL;
2429 }
2430 offset = startoffset = uio->uio_offset;
2431 startresid = uio->uio_resid;
2432 error = 0;
2433 while (error == 0 && uio->uio_resid > 0 &&
2434 uio->uio_offset < ip->i_size) {
2435 error = UFS_BLKATOFF(vp, uio->uio_offset, NULL, &bp);
2436 if (error)
2437 break;
2438 if (bp->b_offset + bp->b_bcount > ip->i_size)
2439 readcnt = ip->i_size - bp->b_offset;
2440 else
2441 readcnt = bp->b_bcount;
2442 skipcnt = (size_t)(uio->uio_offset - bp->b_offset) &
2443 ~(size_t)(DIRBLKSIZ - 1);
2444 offset = bp->b_offset + skipcnt;
2445 dp = (struct direct *)&bp->b_data[skipcnt];
2446 edp = (struct direct *)&bp->b_data[readcnt];
2447 while (error == 0 && uio->uio_resid > 0 && dp < edp) {
2448 if (dp->d_reclen <= offsetof(struct direct, d_name) ||
2449 (caddr_t)dp + dp->d_reclen > (caddr_t)edp) {
2450 error = EIO;
2451 break;
2452 }
2453 #if BYTE_ORDER == LITTLE_ENDIAN
2454 /* Old filesystem format. */
2455 if (OFSFMT(vp)) {
2456 dstdp.d_namlen = dp->d_type;
2457 dstdp.d_type = dp->d_namlen;
2458 } else
2459 #endif
2460 {
2461 dstdp.d_namlen = dp->d_namlen;
2462 dstdp.d_type = dp->d_type;
2463 }
2464 if (offsetof(struct direct, d_name) + dstdp.d_namlen >
2465 dp->d_reclen) {
2466 error = EIO;
2467 break;
2468 }
2469 if (offset < startoffset || dp->d_ino == 0)
2470 goto nextentry;
2471 dstdp.d_fileno = dp->d_ino;
2472 dstdp.d_reclen = GENERIC_DIRSIZ(&dstdp);
2473 bcopy(dp->d_name, dstdp.d_name, dstdp.d_namlen);
2474 /* NOTE: d_off is the offset of the *next* entry. */
2475 dstdp.d_off = offset + dp->d_reclen;
2476 dirent_terminate(&dstdp);
2477 if (dstdp.d_reclen > uio->uio_resid) {
2478 if (uio->uio_resid == startresid)
2479 error = EINVAL;
2480 else
2481 error = EJUSTRETURN;
2482 break;
2483 }
2484 /* Advance dp. */
2485 error = uiomove((caddr_t)&dstdp, dstdp.d_reclen, uio);
2486 if (error)
2487 break;
2488 if (cookies != NULL) {
2489 KASSERT(ncookies > 0,
2490 ("ufs_readdir: cookies buffer too small"));
2491 *cookies = offset + dp->d_reclen;
2492 cookies++;
2493 ncookies--;
2494 }
2495 nextentry:
2496 offset += dp->d_reclen;
2497 dp = (struct direct *)((caddr_t)dp + dp->d_reclen);
2498 }
2499 bqrelse(bp);
2500 uio->uio_offset = offset;
2501 }
2502 /* We need to correct uio_offset. */
2503 uio->uio_offset = offset;
2504 if (error == EJUSTRETURN)
2505 error = 0;
2506 if (ap->a_ncookies != NULL) {
2507 if (error == 0) {
2508 *ap->a_ncookies -= ncookies;
2509 } else {
2510 free(*ap->a_cookies, M_TEMP);
2511 *ap->a_ncookies = 0;
2512 *ap->a_cookies = NULL;
2513 }
2514 }
2515 if (error == 0 && ap->a_eofflag)
2516 *ap->a_eofflag = ip->i_size <= uio->uio_offset;
2517 return (error);
2518 }
2519
2520 /*
2521 * Return target name of a symbolic link
2522 */
2523 static int
ufs_readlink(struct vop_readlink_args * ap)2524 ufs_readlink(
2525 struct vop_readlink_args /* {
2526 struct vnode *a_vp;
2527 struct uio *a_uio;
2528 struct ucred *a_cred;
2529 } */ *ap)
2530 {
2531 struct vnode *vp = ap->a_vp;
2532 struct inode *ip = VTOI(vp);
2533 doff_t isize;
2534
2535 isize = ip->i_size;
2536 if (isize < VFSTOUFS(vp->v_mount)->um_maxsymlinklen)
2537 return (uiomove(DIP(ip, i_shortlink), isize, ap->a_uio));
2538 return (VOP_READ(vp, ap->a_uio, 0, ap->a_cred));
2539 }
2540
2541 /*
2542 * Calculate the logical to physical mapping if not done already,
2543 * then call the device strategy routine.
2544 *
2545 * In order to be able to swap to a file, the ufs_bmaparray() operation may not
2546 * deadlock on memory. See ufs_bmap() for details.
2547 */
2548 static int
ufs_strategy(struct vop_strategy_args * ap)2549 ufs_strategy(
2550 struct vop_strategy_args /* {
2551 struct vnode *a_vp;
2552 struct buf *a_bp;
2553 } */ *ap)
2554 {
2555 struct buf *bp = ap->a_bp;
2556 struct vnode *vp = ap->a_vp;
2557 ufs2_daddr_t blkno;
2558 int error;
2559
2560 if (bp->b_blkno == bp->b_lblkno) {
2561 error = ufs_bmaparray(vp, bp->b_lblkno, &blkno, bp, NULL, NULL);
2562 bp->b_blkno = blkno;
2563 if (error) {
2564 bp->b_error = error;
2565 bp->b_ioflags |= BIO_ERROR;
2566 bufdone(bp);
2567 return (0);
2568 }
2569 if ((long)bp->b_blkno == -1)
2570 vfs_bio_clrbuf(bp);
2571 }
2572 if ((long)bp->b_blkno == -1) {
2573 bufdone(bp);
2574 return (0);
2575 }
2576 bp->b_iooffset = dbtob(bp->b_blkno);
2577 BO_STRATEGY(VFSTOUFS(vp->v_mount)->um_bo, bp);
2578 return (0);
2579 }
2580
2581 /*
2582 * Print out the contents of an inode.
2583 */
2584 static int
ufs_print(struct vop_print_args * ap)2585 ufs_print(
2586 struct vop_print_args /* {
2587 struct vnode *a_vp;
2588 } */ *ap)
2589 {
2590 struct vnode *vp = ap->a_vp;
2591 struct inode *ip = VTOI(vp);
2592
2593 printf("\tnlink=%d, effnlink=%d, size=%jd", ip->i_nlink,
2594 ip->i_effnlink, (intmax_t)ip->i_size);
2595 if (I_IS_UFS2(ip))
2596 printf(", extsize %d", ip->i_din2->di_extsize);
2597 printf("\n\tgeneration=%jx, uid=%d, gid=%d, flags=0x%b\n",
2598 (uintmax_t)ip->i_gen, ip->i_uid, ip->i_gid,
2599 (uint32_t)ip->i_flags, PRINT_INODE_FLAGS);
2600 printf("\tino %ju, on dev %s", (intmax_t)ip->i_number,
2601 devtoname(ITODEV(ip)));
2602 if (vp->v_type == VFIFO)
2603 fifo_printinfo(vp);
2604 printf("\n");
2605 return (0);
2606 }
2607
2608 /*
2609 * Close wrapper for fifos.
2610 *
2611 * Update the times on the inode then do device close.
2612 */
2613 static int
ufsfifo_close(struct vop_close_args * ap)2614 ufsfifo_close(
2615 struct vop_close_args /* {
2616 struct vnode *a_vp;
2617 int a_fflag;
2618 struct ucred *a_cred;
2619 struct thread *a_td;
2620 } */ *ap)
2621 {
2622
2623 ufs_close(ap);
2624 return (fifo_specops.vop_close(ap));
2625 }
2626
2627 /*
2628 * Return POSIX pathconf information applicable to ufs filesystems.
2629 */
2630 static int
ufs_pathconf(struct vop_pathconf_args * ap)2631 ufs_pathconf(
2632 struct vop_pathconf_args /* {
2633 struct vnode *a_vp;
2634 int a_name;
2635 int *a_retval;
2636 } */ *ap)
2637 {
2638 int error;
2639
2640 error = 0;
2641 switch (ap->a_name) {
2642 case _PC_LINK_MAX:
2643 *ap->a_retval = UFS_LINK_MAX;
2644 break;
2645 case _PC_NAME_MAX:
2646 *ap->a_retval = UFS_MAXNAMLEN;
2647 break;
2648 case _PC_PIPE_BUF:
2649 if (ap->a_vp->v_type == VDIR || ap->a_vp->v_type == VFIFO)
2650 *ap->a_retval = PIPE_BUF;
2651 else
2652 error = EINVAL;
2653 break;
2654 case _PC_CHOWN_RESTRICTED:
2655 *ap->a_retval = 1;
2656 break;
2657 case _PC_NO_TRUNC:
2658 *ap->a_retval = 1;
2659 break;
2660 #ifdef UFS_ACL
2661 case _PC_ACL_EXTENDED:
2662 if (ap->a_vp->v_mount->mnt_flag & MNT_ACLS)
2663 *ap->a_retval = 1;
2664 else
2665 *ap->a_retval = 0;
2666 break;
2667 case _PC_ACL_NFS4:
2668 if (ap->a_vp->v_mount->mnt_flag & MNT_NFS4ACLS)
2669 *ap->a_retval = 1;
2670 else
2671 *ap->a_retval = 0;
2672 break;
2673 #endif
2674 case _PC_ACL_PATH_MAX:
2675 #ifdef UFS_ACL
2676 if (ap->a_vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS))
2677 *ap->a_retval = ACL_MAX_ENTRIES;
2678 else
2679 *ap->a_retval = 3;
2680 #else
2681 *ap->a_retval = 3;
2682 #endif
2683 break;
2684 #ifdef MAC
2685 case _PC_MAC_PRESENT:
2686 if (ap->a_vp->v_mount->mnt_flag & MNT_MULTILABEL)
2687 *ap->a_retval = 1;
2688 else
2689 *ap->a_retval = 0;
2690 break;
2691 #endif
2692 case _PC_MIN_HOLE_SIZE:
2693 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize;
2694 break;
2695 case _PC_PRIO_IO:
2696 *ap->a_retval = 0;
2697 break;
2698 case _PC_SYNC_IO:
2699 *ap->a_retval = 0;
2700 break;
2701 case _PC_ALLOC_SIZE_MIN:
2702 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_bsize;
2703 break;
2704 case _PC_FILESIZEBITS:
2705 *ap->a_retval = 64;
2706 break;
2707 case _PC_REC_INCR_XFER_SIZE:
2708 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize;
2709 break;
2710 case _PC_REC_MAX_XFER_SIZE:
2711 *ap->a_retval = -1; /* means ``unlimited'' */
2712 break;
2713 case _PC_REC_MIN_XFER_SIZE:
2714 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize;
2715 break;
2716 case _PC_REC_XFER_ALIGN:
2717 *ap->a_retval = PAGE_SIZE;
2718 break;
2719 case _PC_SYMLINK_MAX:
2720 *ap->a_retval = MAXPATHLEN;
2721 break;
2722 case _PC_HAS_HIDDENSYSTEM:
2723 *ap->a_retval = 1;
2724 break;
2725
2726 default:
2727 error = vop_stdpathconf(ap);
2728 break;
2729 }
2730 return (error);
2731 }
2732
2733 /*
2734 * Initialize the vnode associated with a new inode, handle aliased
2735 * vnodes.
2736 */
2737 int
ufs_vinit(struct mount * mntp,struct vop_vector * fifoops,struct vnode ** vpp)2738 ufs_vinit(struct mount *mntp, struct vop_vector *fifoops, struct vnode **vpp)
2739 {
2740 struct inode *ip;
2741 struct vnode *vp;
2742
2743 vp = *vpp;
2744 ASSERT_VOP_LOCKED(vp, "ufs_vinit");
2745 ip = VTOI(vp);
2746 vp->v_type = IFTOVT(ip->i_mode);
2747 /*
2748 * Only unallocated inodes should be of type VNON.
2749 */
2750 if (ip->i_mode != 0 && vp->v_type == VNON)
2751 return (EINVAL);
2752 if (vp->v_type == VFIFO)
2753 vp->v_op = fifoops;
2754 if (ip->i_number == UFS_ROOTINO)
2755 vp->v_vflag |= VV_ROOT;
2756 *vpp = vp;
2757 return (0);
2758 }
2759
2760 /*
2761 * Allocate a new inode.
2762 * Vnode dvp must be locked.
2763 */
2764 static int
ufs_makeinode(int mode,struct vnode * dvp,struct vnode ** vpp,struct componentname * cnp,const char * callfunc)2765 ufs_makeinode(int mode, struct vnode *dvp, struct vnode **vpp,
2766 struct componentname *cnp, const char *callfunc)
2767 {
2768 struct inode *ip, *pdir;
2769 struct direct newdir;
2770 struct vnode *tvp;
2771 int error;
2772
2773 pdir = VTOI(dvp);
2774 *vpp = NULL;
2775 if ((mode & IFMT) == 0)
2776 mode |= IFREG;
2777
2778 if (pdir->i_effnlink < 2) {
2779 print_bad_link_count(callfunc, dvp);
2780 return (EINVAL);
2781 }
2782 if (DOINGSUJ(dvp)) {
2783 error = softdep_prelink(dvp, NULL, cnp);
2784 if (error != 0) {
2785 MPASS(error == ERELOOKUP);
2786 return (error);
2787 }
2788 }
2789 error = UFS_VALLOC(dvp, mode, cnp->cn_cred, &tvp);
2790 if (error)
2791 return (error);
2792 ip = VTOI(tvp);
2793 ip->i_gid = pdir->i_gid;
2794 DIP_SET(ip, i_gid, pdir->i_gid);
2795 #ifdef SUIDDIR
2796 {
2797 #ifdef QUOTA
2798 struct ucred ucred, *ucp;
2799 ucp = cnp->cn_cred;
2800 #endif
2801 /*
2802 * If we are not the owner of the directory,
2803 * and we are hacking owners here, (only do this where told to)
2804 * and we are not giving it TO root, (would subvert quotas)
2805 * then go ahead and give it to the other user.
2806 * Note that this drops off the execute bits for security.
2807 */
2808 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) &&
2809 (pdir->i_mode & ISUID) &&
2810 (pdir->i_uid != cnp->cn_cred->cr_uid) && pdir->i_uid) {
2811 ip->i_uid = pdir->i_uid;
2812 DIP_SET(ip, i_uid, ip->i_uid);
2813 mode &= ~07111;
2814 #ifdef QUOTA
2815 /*
2816 * Make sure the correct user gets charged
2817 * for the space.
2818 * Quickly knock up a dummy credential for the victim.
2819 * XXX This seems to never be accessed out of our
2820 * context so a stack variable is ok.
2821 */
2822 ucred.cr_ref = 1;
2823 ucred.cr_uid = ip->i_uid;
2824 ucred.cr_gid = pdir->i_gid;
2825 ucred.cr_ngroups = 0;
2826 ucp = &ucred;
2827 #endif
2828 } else {
2829 ip->i_uid = cnp->cn_cred->cr_uid;
2830 DIP_SET(ip, i_uid, ip->i_uid);
2831 }
2832
2833 #ifdef QUOTA
2834 if ((error = getinoquota(ip)) ||
2835 (error = chkiq(ip, 1, ucp, 0))) {
2836 if (DOINGSOFTDEP(tvp))
2837 softdep_revert_link(pdir, ip);
2838 UFS_VFREE(tvp, ip->i_number, mode);
2839 vgone(tvp);
2840 vput(tvp);
2841 return (error);
2842 }
2843 #endif
2844 }
2845 #else /* !SUIDDIR */
2846 ip->i_uid = cnp->cn_cred->cr_uid;
2847 DIP_SET(ip, i_uid, ip->i_uid);
2848 #ifdef QUOTA
2849 if ((error = getinoquota(ip)) ||
2850 (error = chkiq(ip, 1, cnp->cn_cred, 0))) {
2851 if (DOINGSOFTDEP(tvp))
2852 softdep_revert_link(pdir, ip);
2853 UFS_VFREE(tvp, ip->i_number, mode);
2854 vgone(tvp);
2855 vput(tvp);
2856 return (error);
2857 }
2858 #endif
2859 #endif /* !SUIDDIR */
2860 vn_seqc_write_begin(tvp); /* Mostly to cover asserts */
2861 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE);
2862 UFS_INODE_SET_MODE(ip, mode);
2863 DIP_SET(ip, i_mode, mode);
2864 tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */
2865 ip->i_effnlink = 1;
2866 ip->i_nlink = 1;
2867 DIP_SET_NLINK(ip, 1);
2868 if (DOINGSOFTDEP(tvp))
2869 softdep_setup_create(VTOI(dvp), ip);
2870 if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) &&
2871 priv_check_cred(cnp->cn_cred, PRIV_VFS_SETGID)) {
2872 UFS_INODE_SET_MODE(ip, ip->i_mode & ~ISGID);
2873 DIP_SET(ip, i_mode, ip->i_mode);
2874 }
2875
2876 if (cnp->cn_flags & ISWHITEOUT) {
2877 ip->i_flags |= UF_OPAQUE;
2878 DIP_SET(ip, i_flags, ip->i_flags);
2879 }
2880
2881 /*
2882 * Make sure inode goes to disk before directory entry.
2883 */
2884 error = UFS_UPDATE(tvp, !DOINGSOFTDEP(tvp) && !DOINGASYNC(tvp));
2885 if (error)
2886 goto bad;
2887 #ifdef MAC
2888 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) {
2889 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount,
2890 dvp, tvp, cnp);
2891 if (error)
2892 goto bad;
2893 }
2894 #endif
2895 #ifdef UFS_ACL
2896 if (dvp->v_mount->mnt_flag & MNT_ACLS) {
2897 error = ufs_do_posix1e_acl_inheritance_file(dvp, tvp, mode,
2898 cnp->cn_cred, curthread);
2899 if (error)
2900 goto bad;
2901 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) {
2902 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, mode,
2903 cnp->cn_cred, curthread);
2904 if (error)
2905 goto bad;
2906 }
2907 #endif /* !UFS_ACL */
2908 ufs_makedirentry(ip, cnp, &newdir);
2909 error = ufs_direnter(dvp, tvp, &newdir, cnp, NULL);
2910 if (error)
2911 goto bad;
2912 vn_seqc_write_end(tvp);
2913 *vpp = tvp;
2914 return (0);
2915
2916 bad:
2917 /*
2918 * Write error occurred trying to update the inode
2919 * or the directory so must deallocate the inode.
2920 */
2921 ip->i_effnlink = 0;
2922 ip->i_nlink = 0;
2923 DIP_SET_NLINK(ip, 0);
2924 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
2925 if (DOINGSOFTDEP(tvp))
2926 softdep_revert_create(VTOI(dvp), ip);
2927 vn_seqc_write_end(tvp);
2928 vgone(tvp);
2929 vput(tvp);
2930 return (error);
2931 }
2932
2933 static int
ufs_ioctl(struct vop_ioctl_args * ap)2934 ufs_ioctl(struct vop_ioctl_args *ap)
2935 {
2936 struct vnode *vp;
2937 int error;
2938
2939 vp = ap->a_vp;
2940 switch (ap->a_command) {
2941 case FIOSEEKDATA:
2942 error = vn_lock(vp, LK_EXCLUSIVE);
2943 if (error == 0) {
2944 error = ufs_bmap_seekdata(vp, (off_t *)ap->a_data);
2945 VOP_UNLOCK(vp);
2946 } else
2947 error = EBADF;
2948 return (error);
2949 case FIOSEEKHOLE:
2950 return (vn_bmap_seekhole(vp, ap->a_command, (off_t *)ap->a_data,
2951 ap->a_cred));
2952 default:
2953 return (ENOTTY);
2954 }
2955 }
2956
2957 static int
ufs_read_pgcache(struct vop_read_pgcache_args * ap)2958 ufs_read_pgcache(struct vop_read_pgcache_args *ap)
2959 {
2960 struct uio *uio;
2961 struct vnode *vp;
2962
2963 uio = ap->a_uio;
2964 vp = ap->a_vp;
2965 VNPASS((vn_irflag_read(vp) & VIRF_PGREAD) != 0, vp);
2966
2967 if (uio->uio_resid > ptoa(io_hold_cnt) || uio->uio_offset < 0 ||
2968 (ap->a_ioflag & IO_DIRECT) != 0)
2969 return (EJUSTRETURN);
2970 return (vn_read_from_obj(vp, uio));
2971 }
2972
2973 /* Global vfs data structures for ufs. */
2974 struct vop_vector ufs_vnodeops = {
2975 .vop_default = &default_vnodeops,
2976 .vop_fsync = VOP_PANIC,
2977 .vop_read = VOP_PANIC,
2978 .vop_reallocblks = VOP_PANIC,
2979 .vop_write = VOP_PANIC,
2980 .vop_accessx = ufs_accessx,
2981 .vop_bmap = ufs_bmap,
2982 .vop_fplookup_vexec = ufs_fplookup_vexec,
2983 .vop_fplookup_symlink = VOP_EAGAIN,
2984 .vop_cachedlookup = ufs_lookup,
2985 .vop_close = ufs_close,
2986 .vop_create = ufs_create,
2987 .vop_stat = ufs_stat,
2988 .vop_getattr = ufs_getattr,
2989 .vop_inactive = ufs_inactive,
2990 .vop_ioctl = ufs_ioctl,
2991 .vop_link = ufs_link,
2992 .vop_lookup = vfs_cache_lookup,
2993 .vop_mmapped = ufs_mmapped,
2994 .vop_mkdir = ufs_mkdir,
2995 .vop_mknod = ufs_mknod,
2996 .vop_need_inactive = ufs_need_inactive,
2997 .vop_open = ufs_open,
2998 .vop_pathconf = ufs_pathconf,
2999 .vop_poll = vop_stdpoll,
3000 .vop_print = ufs_print,
3001 .vop_read_pgcache = ufs_read_pgcache,
3002 .vop_readdir = ufs_readdir,
3003 .vop_readlink = ufs_readlink,
3004 .vop_reclaim = ufs_reclaim,
3005 .vop_remove = ufs_remove,
3006 .vop_rename = ufs_rename,
3007 .vop_rmdir = ufs_rmdir,
3008 .vop_setattr = ufs_setattr,
3009 #ifdef MAC
3010 .vop_setlabel = vop_stdsetlabel_ea,
3011 #endif
3012 .vop_strategy = ufs_strategy,
3013 .vop_symlink = ufs_symlink,
3014 .vop_whiteout = ufs_whiteout,
3015 #ifdef UFS_EXTATTR
3016 .vop_getextattr = ufs_getextattr,
3017 .vop_deleteextattr = ufs_deleteextattr,
3018 .vop_setextattr = ufs_setextattr,
3019 #endif
3020 #ifdef UFS_ACL
3021 .vop_getacl = ufs_getacl,
3022 .vop_setacl = ufs_setacl,
3023 .vop_aclcheck = ufs_aclcheck,
3024 #endif
3025 };
3026 VFS_VOP_VECTOR_REGISTER(ufs_vnodeops);
3027
3028 struct vop_vector ufs_fifoops = {
3029 .vop_default = &fifo_specops,
3030 .vop_fsync = VOP_PANIC,
3031 .vop_accessx = ufs_accessx,
3032 .vop_close = ufsfifo_close,
3033 .vop_getattr = ufs_getattr,
3034 .vop_inactive = ufs_inactive,
3035 .vop_pathconf = ufs_pathconf,
3036 .vop_print = ufs_print,
3037 .vop_read = VOP_PANIC,
3038 .vop_reclaim = ufs_reclaim,
3039 .vop_setattr = ufs_setattr,
3040 #ifdef MAC
3041 .vop_setlabel = vop_stdsetlabel_ea,
3042 #endif
3043 .vop_write = VOP_PANIC,
3044 #ifdef UFS_EXTATTR
3045 .vop_getextattr = ufs_getextattr,
3046 .vop_deleteextattr = ufs_deleteextattr,
3047 .vop_setextattr = ufs_setextattr,
3048 #endif
3049 #ifdef UFS_ACL
3050 .vop_getacl = ufs_getacl,
3051 .vop_setacl = ufs_setacl,
3052 .vop_aclcheck = ufs_aclcheck,
3053 #endif
3054 .vop_fplookup_vexec = VOP_EAGAIN,
3055 .vop_fplookup_symlink = VOP_EAGAIN,
3056 };
3057 VFS_VOP_VECTOR_REGISTER(ufs_fifoops);
3058