xref: /freebsd/sys/fs/devfs/devfs_vnops.c (revision ef9ffb8594eee294334ced627755bf5b46b48f9f)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause
3  *
4  * Copyright (c) 2000-2004
5  *	Poul-Henning Kamp.  All rights reserved.
6  * Copyright (c) 1989, 1992-1993, 1995
7  *	The Regents of the University of California.  All rights reserved.
8  *
9  * This code is derived from software donated to Berkeley by
10  * Jan-Simon Pendry.
11  *
12  * Redistribution and use in source and binary forms, with or without
13  * modification, are permitted provided that the following conditions
14  * are met:
15  * 1. Redistributions of source code must retain the above copyright
16  *    notice, this list of conditions and the following disclaimer.
17  * 2. Neither the name of the University nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  * From: FreeBSD: src/sys/miscfs/kernfs/kernfs_vnops.c 1.43
33  */
34 
35 /*
36  * TODO:
37  *	mkdir: want it ?
38  */
39 
40 #include <sys/param.h>
41 #include <sys/systm.h>
42 #include <sys/conf.h>
43 #include <sys/dirent.h>
44 #include <sys/eventhandler.h>
45 #include <sys/fcntl.h>
46 #include <sys/file.h>
47 #include <sys/filedesc.h>
48 #include <sys/filio.h>
49 #include <sys/jail.h>
50 #include <sys/kernel.h>
51 #include <sys/limits.h>
52 #include <sys/lock.h>
53 #include <sys/malloc.h>
54 #include <sys/mman.h>
55 #include <sys/mount.h>
56 #include <sys/namei.h>
57 #include <sys/priv.h>
58 #include <sys/proc.h>
59 #include <sys/stat.h>
60 #include <sys/sx.h>
61 #include <sys/sysctl.h>
62 #include <sys/time.h>
63 #include <sys/ttycom.h>
64 #include <sys/unistd.h>
65 #include <sys/vnode.h>
66 
67 static struct vop_vector devfs_vnodeops;
68 static struct vop_vector devfs_specops;
69 static const struct fileops devfs_ops_f;
70 
71 #include <fs/devfs/devfs.h>
72 #include <fs/devfs/devfs_int.h>
73 
74 #include <security/mac/mac_framework.h>
75 
76 #include <vm/vm.h>
77 #include <vm/vm_extern.h>
78 #include <vm/vm_object.h>
79 
80 static MALLOC_DEFINE(M_CDEVPDATA, "DEVFSP", "Metainfo for cdev-fp data");
81 
82 struct mtx	devfs_de_interlock;
83 MTX_SYSINIT(devfs_de_interlock, &devfs_de_interlock, "devfs interlock", MTX_DEF);
84 struct mtx	cdevpriv_mtx;
85 MTX_SYSINIT(cdevpriv_mtx, &cdevpriv_mtx, "cdevpriv lock", MTX_DEF);
86 
87 SYSCTL_DECL(_vfs_devfs);
88 
89 static int devfs_dotimes;
90 SYSCTL_INT(_vfs_devfs, OID_AUTO, dotimes, CTLFLAG_RW,
91     &devfs_dotimes, 0, "Update timestamps on DEVFS with default precision");
92 
93 /*
94  * Update devfs node timestamp.  Note that updates are unlocked and
95  * stat(2) could see partially updated times.
96  */
97 static void
devfs_timestamp(struct timespec * tsp)98 devfs_timestamp(struct timespec *tsp)
99 {
100 	time_t ts;
101 
102 	if (devfs_dotimes) {
103 		vfs_timestamp(tsp);
104 	} else {
105 		ts = time_second;
106 		if (tsp->tv_sec != ts) {
107 			tsp->tv_sec = ts;
108 			tsp->tv_nsec = 0;
109 		}
110 	}
111 }
112 
113 static int
devfs_fp_check(struct file * fp,struct cdev ** devp,struct cdevsw ** dswp,int * ref)114 devfs_fp_check(struct file *fp, struct cdev **devp, struct cdevsw **dswp,
115     int *ref)
116 {
117 	*dswp = devvn_refthread(fp->f_vnode, devp, ref);
118 	if (*dswp == NULL || *devp != fp->f_data) {
119 		if (*dswp != NULL)
120 			dev_relthread(*devp, *ref);
121 		return (ENXIO);
122 	}
123 	KASSERT((*devp)->si_refcount > 0,
124 	    ("devfs: un-referenced struct cdev *(%s)", devtoname(*devp)));
125 	if (*dswp == NULL)
126 		return (ENXIO);
127 	curthread->td_fpop = fp;
128 	return (0);
129 }
130 
131 int
devfs_get_cdevpriv(void ** datap)132 devfs_get_cdevpriv(void **datap)
133 {
134 	struct file *fp;
135 	struct cdev_privdata *p;
136 	int error;
137 
138 	fp = curthread->td_fpop;
139 	if (fp == NULL)
140 		return (EBADF);
141 	p = fp->f_cdevpriv;
142 	if (p != NULL) {
143 		error = 0;
144 		*datap = p->cdpd_data;
145 	} else
146 		error = ENOENT;
147 	return (error);
148 }
149 
150 int
devfs_set_cdevpriv(void * priv,d_priv_dtor_t * priv_dtr)151 devfs_set_cdevpriv(void *priv, d_priv_dtor_t *priv_dtr)
152 {
153 	struct file *fp;
154 	struct cdev_priv *cdp;
155 	struct cdev_privdata *p;
156 	int error;
157 
158 	fp = curthread->td_fpop;
159 	if (fp == NULL)
160 		return (ENOENT);
161 	cdp = cdev2priv((struct cdev *)fp->f_data);
162 	p = malloc(sizeof(struct cdev_privdata), M_CDEVPDATA, M_WAITOK);
163 	p->cdpd_data = priv;
164 	p->cdpd_dtr = priv_dtr;
165 	p->cdpd_fp = fp;
166 	mtx_lock(&cdevpriv_mtx);
167 	if (fp->f_cdevpriv == NULL) {
168 		LIST_INSERT_HEAD(&cdp->cdp_fdpriv, p, cdpd_list);
169 		fp->f_cdevpriv = p;
170 		mtx_unlock(&cdevpriv_mtx);
171 		error = 0;
172 	} else {
173 		mtx_unlock(&cdevpriv_mtx);
174 		free(p, M_CDEVPDATA);
175 		error = EBUSY;
176 	}
177 	return (error);
178 }
179 
180 int
devfs_foreach_cdevpriv(struct cdev * dev,int (* cb)(void * data,void * arg),void * arg)181 devfs_foreach_cdevpriv(struct cdev *dev, int (*cb)(void *data, void *arg),
182     void *arg)
183 {
184 	struct cdev_priv *cdp;
185 	struct cdev_privdata *p;
186 	int error;
187 
188 	cdp = cdev2priv(dev);
189 	error = 0;
190 	mtx_lock(&cdevpriv_mtx);
191 	LIST_FOREACH(p, &cdp->cdp_fdpriv, cdpd_list) {
192 		error = cb(p->cdpd_data, arg);
193 		if (error != 0)
194 			break;
195 	}
196 	mtx_unlock(&cdevpriv_mtx);
197 	return (error);
198 }
199 
200 void
devfs_destroy_cdevpriv(struct cdev_privdata * p)201 devfs_destroy_cdevpriv(struct cdev_privdata *p)
202 {
203 
204 	mtx_assert(&cdevpriv_mtx, MA_OWNED);
205 	KASSERT(p->cdpd_fp->f_cdevpriv == p,
206 	    ("devfs_destoy_cdevpriv %p != %p", p->cdpd_fp->f_cdevpriv, p));
207 	p->cdpd_fp->f_cdevpriv = NULL;
208 	LIST_REMOVE(p, cdpd_list);
209 	mtx_unlock(&cdevpriv_mtx);
210 	(p->cdpd_dtr)(p->cdpd_data);
211 	free(p, M_CDEVPDATA);
212 }
213 
214 static void
devfs_fpdrop(struct file * fp)215 devfs_fpdrop(struct file *fp)
216 {
217 	struct cdev_privdata *p;
218 
219 	mtx_lock(&cdevpriv_mtx);
220 	if ((p = fp->f_cdevpriv) == NULL) {
221 		mtx_unlock(&cdevpriv_mtx);
222 		return;
223 	}
224 	devfs_destroy_cdevpriv(p);
225 }
226 
227 void
devfs_clear_cdevpriv(void)228 devfs_clear_cdevpriv(void)
229 {
230 	struct file *fp;
231 
232 	fp = curthread->td_fpop;
233 	if (fp == NULL)
234 		return;
235 	devfs_fpdrop(fp);
236 }
237 
238 static void
devfs_usecount_add(struct vnode * vp)239 devfs_usecount_add(struct vnode *vp)
240 {
241 	struct devfs_dirent *de;
242 	struct cdev *dev;
243 
244 	mtx_lock(&devfs_de_interlock);
245 	VI_LOCK(vp);
246 	VNPASS(vp->v_type == VCHR || vp->v_type == VBAD, vp);
247 	if (VN_IS_DOOMED(vp)) {
248 		goto out_unlock;
249 	}
250 
251 	de = vp->v_data;
252 	dev = vp->v_rdev;
253 	MPASS(de != NULL);
254 	MPASS(dev != NULL);
255 	dev->si_usecount++;
256 	de->de_usecount++;
257 out_unlock:
258 	VI_UNLOCK(vp);
259 	mtx_unlock(&devfs_de_interlock);
260 }
261 
262 static void
devfs_usecount_subl(struct vnode * vp)263 devfs_usecount_subl(struct vnode *vp)
264 {
265 	struct devfs_dirent *de;
266 	struct cdev *dev;
267 
268 	mtx_assert(&devfs_de_interlock, MA_OWNED);
269 	ASSERT_VI_LOCKED(vp, __func__);
270 	VNPASS(vp->v_type == VCHR || vp->v_type == VBAD, vp);
271 
272 	de = vp->v_data;
273 	dev = vp->v_rdev;
274 	if (de == NULL)
275 		return;
276 	if (dev == NULL) {
277 		MPASS(de->de_usecount == 0);
278 		return;
279 	}
280 	if (dev->si_usecount < de->de_usecount)
281 		panic("%s: si_usecount underflow for dev %p "
282 		    "(has %ld, dirent has %d)\n",
283 		    __func__, dev, dev->si_usecount, de->de_usecount);
284 	if (VN_IS_DOOMED(vp)) {
285 		dev->si_usecount -= de->de_usecount;
286 		de->de_usecount = 0;
287 	} else {
288 		if (de->de_usecount == 0)
289 			panic("%s: de_usecount underflow for dev %p\n",
290 			    __func__, dev);
291 		dev->si_usecount--;
292 		de->de_usecount--;
293 	}
294 }
295 
296 static void
devfs_usecount_sub(struct vnode * vp)297 devfs_usecount_sub(struct vnode *vp)
298 {
299 
300 	mtx_lock(&devfs_de_interlock);
301 	VI_LOCK(vp);
302 	devfs_usecount_subl(vp);
303 	VI_UNLOCK(vp);
304 	mtx_unlock(&devfs_de_interlock);
305 }
306 
307 static int
devfs_usecountl(struct vnode * vp)308 devfs_usecountl(struct vnode *vp)
309 {
310 
311 	VNPASS(vp->v_type == VCHR, vp);
312 	mtx_assert(&devfs_de_interlock, MA_OWNED);
313 	ASSERT_VI_LOCKED(vp, __func__);
314 	return (vp->v_rdev->si_usecount);
315 }
316 
317 int
devfs_usecount(struct vnode * vp)318 devfs_usecount(struct vnode *vp)
319 {
320 	int count;
321 
322 	VNPASS(vp->v_type == VCHR, vp);
323 	mtx_lock(&devfs_de_interlock);
324 	VI_LOCK(vp);
325 	count = devfs_usecountl(vp);
326 	VI_UNLOCK(vp);
327 	mtx_unlock(&devfs_de_interlock);
328 	return (count);
329 }
330 
331 void
devfs_ctty_ref(struct vnode * vp)332 devfs_ctty_ref(struct vnode *vp)
333 {
334 
335 	vrefact(vp);
336 	devfs_usecount_add(vp);
337 }
338 
339 void
devfs_ctty_unref(struct vnode * vp)340 devfs_ctty_unref(struct vnode *vp)
341 {
342 
343 	devfs_usecount_sub(vp);
344 	vrele(vp);
345 }
346 
347 /*
348  * On success devfs_populate_vp() returns with dmp->dm_lock held.
349  */
350 static int
devfs_populate_vp(struct vnode * vp)351 devfs_populate_vp(struct vnode *vp)
352 {
353 	struct devfs_dirent *de;
354 	struct devfs_mount *dmp;
355 	int locked;
356 
357 	ASSERT_VOP_LOCKED(vp, "devfs_populate_vp");
358 
359 	dmp = VFSTODEVFS(vp->v_mount);
360 	if (!devfs_populate_needed(dmp)) {
361 		sx_xlock(&dmp->dm_lock);
362 		goto out_nopopulate;
363 	}
364 
365 	locked = VOP_ISLOCKED(vp);
366 
367 	sx_xlock(&dmp->dm_lock);
368 	DEVFS_DMP_HOLD(dmp);
369 
370 	/* Can't call devfs_populate() with the vnode lock held. */
371 	VOP_UNLOCK(vp);
372 	devfs_populate(dmp);
373 
374 	sx_xunlock(&dmp->dm_lock);
375 	vn_lock(vp, locked | LK_RETRY);
376 	sx_xlock(&dmp->dm_lock);
377 	if (DEVFS_DMP_DROP(dmp)) {
378 		sx_xunlock(&dmp->dm_lock);
379 		devfs_unmount_final(dmp);
380 		return (ERESTART);
381 	}
382 out_nopopulate:
383 	if (VN_IS_DOOMED(vp)) {
384 		sx_xunlock(&dmp->dm_lock);
385 		return (ERESTART);
386 	}
387 	de = vp->v_data;
388 	KASSERT(de != NULL,
389 	    ("devfs_populate_vp: vp->v_data == NULL but vnode not doomed"));
390 	if ((de->de_flags & DE_DOOMED) != 0) {
391 		sx_xunlock(&dmp->dm_lock);
392 		return (ERESTART);
393 	}
394 
395 	return (0);
396 }
397 
398 static int
devfs_vptocnp(struct vop_vptocnp_args * ap)399 devfs_vptocnp(struct vop_vptocnp_args *ap)
400 {
401 	struct vnode *vp = ap->a_vp;
402 	struct vnode **dvp = ap->a_vpp;
403 	struct devfs_mount *dmp;
404 	char *buf = ap->a_buf;
405 	size_t *buflen = ap->a_buflen;
406 	struct devfs_dirent *dd, *de;
407 	int i, error;
408 
409 	dmp = VFSTODEVFS(vp->v_mount);
410 
411 	error = devfs_populate_vp(vp);
412 	if (error != 0)
413 		return (error);
414 
415 	if (vp->v_type != VCHR && vp->v_type != VDIR) {
416 		error = ENOENT;
417 		goto finished;
418 	}
419 
420 	dd = vp->v_data;
421 	if (vp->v_type == VDIR && dd == dmp->dm_rootdir) {
422 		*dvp = vp;
423 		vref(*dvp);
424 		goto finished;
425 	}
426 
427 	i = *buflen;
428 	i -= dd->de_dirent->d_namlen;
429 	if (i < 0) {
430 		error = ENOMEM;
431 		goto finished;
432 	}
433 	bcopy(dd->de_dirent->d_name, buf + i, dd->de_dirent->d_namlen);
434 	*buflen = i;
435 	de = devfs_parent_dirent(dd);
436 	if (de == NULL) {
437 		error = ENOENT;
438 		goto finished;
439 	}
440 	mtx_lock(&devfs_de_interlock);
441 	*dvp = de->de_vnode;
442 	if (*dvp != NULL) {
443 		VI_LOCK(*dvp);
444 		mtx_unlock(&devfs_de_interlock);
445 		vholdl(*dvp);
446 		VI_UNLOCK(*dvp);
447 		vref(*dvp);
448 		vdrop(*dvp);
449 	} else {
450 		mtx_unlock(&devfs_de_interlock);
451 		error = ENOENT;
452 	}
453 finished:
454 	sx_xunlock(&dmp->dm_lock);
455 	return (error);
456 }
457 
458 /*
459  * Construct the fully qualified path name relative to the mountpoint.
460  * If a NULL cnp is provided, no '/' is appended to the resulting path.
461  */
462 char *
devfs_fqpn(char * buf,struct devfs_mount * dmp,struct devfs_dirent * dd,struct componentname * cnp)463 devfs_fqpn(char *buf, struct devfs_mount *dmp, struct devfs_dirent *dd,
464     struct componentname *cnp)
465 {
466 	int i;
467 	struct devfs_dirent *de;
468 
469 	sx_assert(&dmp->dm_lock, SA_LOCKED);
470 
471 	i = SPECNAMELEN;
472 	buf[i] = '\0';
473 	if (cnp != NULL)
474 		i -= cnp->cn_namelen;
475 	if (i < 0)
476 		 return (NULL);
477 	if (cnp != NULL)
478 		bcopy(cnp->cn_nameptr, buf + i, cnp->cn_namelen);
479 	de = dd;
480 	while (de != dmp->dm_rootdir) {
481 		if (cnp != NULL || i < SPECNAMELEN) {
482 			i--;
483 			if (i < 0)
484 				 return (NULL);
485 			buf[i] = '/';
486 		}
487 		i -= de->de_dirent->d_namlen;
488 		if (i < 0)
489 			 return (NULL);
490 		bcopy(de->de_dirent->d_name, buf + i,
491 		    de->de_dirent->d_namlen);
492 		de = devfs_parent_dirent(de);
493 		if (de == NULL)
494 			return (NULL);
495 	}
496 	return (buf + i);
497 }
498 
499 static int
devfs_allocv_drop_refs(int drop_dm_lock,struct devfs_mount * dmp,struct devfs_dirent * de)500 devfs_allocv_drop_refs(int drop_dm_lock, struct devfs_mount *dmp,
501 	struct devfs_dirent *de)
502 {
503 	int not_found;
504 
505 	not_found = 0;
506 	if (de->de_flags & DE_DOOMED)
507 		not_found = 1;
508 	if (DEVFS_DE_DROP(de)) {
509 		KASSERT(not_found == 1, ("DEVFS de dropped but not doomed"));
510 		devfs_dirent_free(de);
511 	}
512 	if (DEVFS_DMP_DROP(dmp)) {
513 		KASSERT(not_found == 1,
514 			("DEVFS mount struct freed before dirent"));
515 		not_found = 2;
516 		sx_xunlock(&dmp->dm_lock);
517 		devfs_unmount_final(dmp);
518 	}
519 	if (not_found == 1 || (drop_dm_lock && not_found != 2))
520 		sx_unlock(&dmp->dm_lock);
521 	return (not_found);
522 }
523 
524 /*
525  * devfs_allocv shall be entered with dmp->dm_lock held, and it drops
526  * it on return.
527  */
528 int
devfs_allocv(struct devfs_dirent * de,struct mount * mp,int lockmode,struct vnode ** vpp)529 devfs_allocv(struct devfs_dirent *de, struct mount *mp, int lockmode,
530     struct vnode **vpp)
531 {
532 	int error;
533 	struct vnode *vp;
534 	struct cdev *dev;
535 	struct devfs_mount *dmp;
536 	struct cdevsw *dsw;
537 	enum vgetstate vs;
538 
539 	dmp = VFSTODEVFS(mp);
540 	if (de->de_flags & DE_DOOMED) {
541 		sx_xunlock(&dmp->dm_lock);
542 		return (ENOENT);
543 	}
544 loop:
545 	DEVFS_DE_HOLD(de);
546 	DEVFS_DMP_HOLD(dmp);
547 	mtx_lock(&devfs_de_interlock);
548 	vp = de->de_vnode;
549 	if (vp != NULL) {
550 		vs = vget_prep(vp);
551 		mtx_unlock(&devfs_de_interlock);
552 		sx_xunlock(&dmp->dm_lock);
553 		vget_finish(vp, lockmode | LK_RETRY, vs);
554 		sx_xlock(&dmp->dm_lock);
555 		if (devfs_allocv_drop_refs(0, dmp, de)) {
556 			vput(vp);
557 			return (ENOENT);
558 		} else if (VN_IS_DOOMED(vp)) {
559 			mtx_lock(&devfs_de_interlock);
560 			if (de->de_vnode == vp) {
561 				de->de_vnode = NULL;
562 				vp->v_data = NULL;
563 			}
564 			mtx_unlock(&devfs_de_interlock);
565 			vput(vp);
566 			goto loop;
567 		}
568 		sx_xunlock(&dmp->dm_lock);
569 		*vpp = vp;
570 		return (0);
571 	}
572 	mtx_unlock(&devfs_de_interlock);
573 	if (de->de_dirent->d_type == DT_CHR) {
574 		if (!(de->de_cdp->cdp_flags & CDP_ACTIVE)) {
575 			devfs_allocv_drop_refs(1, dmp, de);
576 			return (ENOENT);
577 		}
578 		dev = &de->de_cdp->cdp_c;
579 	} else {
580 		dev = NULL;
581 	}
582 	error = getnewvnode("devfs", mp, &devfs_vnodeops, &vp);
583 	if (error != 0) {
584 		devfs_allocv_drop_refs(1, dmp, de);
585 		printf("devfs_allocv: failed to allocate new vnode\n");
586 		return (error);
587 	}
588 
589 	if (de->de_dirent->d_type == DT_CHR) {
590 		vp->v_type = VCHR;
591 		VI_LOCK(vp);
592 		dev_lock();
593 		dev_refl(dev);
594 		/* XXX: v_rdev should be protect by vnode lock */
595 		vp->v_rdev = dev;
596 		VNPASS(vp->v_usecount == 1, vp);
597 		/* Special casing of ttys for deadfs.  Probably redundant. */
598 		dsw = dev->si_devsw;
599 		if (dsw != NULL && (dsw->d_flags & D_TTY) != 0)
600 			vp->v_vflag |= VV_ISTTY;
601 		dev_unlock();
602 		VI_UNLOCK(vp);
603 		if ((dev->si_flags & SI_ETERNAL) != 0)
604 			vp->v_vflag |= VV_ETERNALDEV;
605 		vp->v_op = &devfs_specops;
606 	} else if (de->de_dirent->d_type == DT_DIR) {
607 		vp->v_type = VDIR;
608 	} else if (de->de_dirent->d_type == DT_LNK) {
609 		vp->v_type = VLNK;
610 	} else {
611 		vp->v_type = VBAD;
612 	}
613 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY | LK_NOWITNESS);
614 	VN_LOCK_ASHARE(vp);
615 	mtx_lock(&devfs_de_interlock);
616 	vp->v_data = de;
617 	de->de_vnode = vp;
618 	mtx_unlock(&devfs_de_interlock);
619 	error = insmntque1(vp, mp);
620 	if (error != 0) {
621 		mtx_lock(&devfs_de_interlock);
622 		vp->v_data = NULL;
623 		de->de_vnode = NULL;
624 		mtx_unlock(&devfs_de_interlock);
625 		vgone(vp);
626 		vput(vp);
627 		(void) devfs_allocv_drop_refs(1, dmp, de);
628 		return (error);
629 	}
630 	if (devfs_allocv_drop_refs(0, dmp, de)) {
631 		vgone(vp);
632 		vput(vp);
633 		return (ENOENT);
634 	}
635 #ifdef MAC
636 	mac_devfs_vnode_associate(mp, de, vp);
637 #endif
638 	sx_xunlock(&dmp->dm_lock);
639 	vn_set_state(vp, VSTATE_CONSTRUCTED);
640 	*vpp = vp;
641 	return (0);
642 }
643 
644 static int
devfs_access(struct vop_access_args * ap)645 devfs_access(struct vop_access_args *ap)
646 {
647 	struct vnode *vp = ap->a_vp;
648 	struct devfs_dirent *de;
649 	struct proc *p;
650 	int error;
651 
652 	de = vp->v_data;
653 	if (vp->v_type == VDIR)
654 		de = de->de_dir;
655 
656 	error = vaccess(vp->v_type, de->de_mode, de->de_uid, de->de_gid,
657 	    ap->a_accmode, ap->a_cred);
658 	if (error == 0)
659 		return (0);
660 	if (error != EACCES)
661 		return (error);
662 	p = ap->a_td->td_proc;
663 	/* We do, however, allow access to the controlling terminal */
664 	PROC_LOCK(p);
665 	if (!(p->p_flag & P_CONTROLT)) {
666 		PROC_UNLOCK(p);
667 		return (error);
668 	}
669 	if (p->p_session->s_ttydp == de->de_cdp)
670 		error = 0;
671 	PROC_UNLOCK(p);
672 	return (error);
673 }
674 
675 _Static_assert(((FMASK | FCNTLFLAGS) & (FLASTCLOSE | FREVOKE)) == 0,
676     "devfs-only flag reuse failed");
677 
678 static int
devfs_close(struct vop_close_args * ap)679 devfs_close(struct vop_close_args *ap)
680 {
681 	struct vnode *vp = ap->a_vp, *oldvp;
682 	struct thread *td = ap->a_td;
683 	struct proc *p;
684 	struct cdev *dev = vp->v_rdev;
685 	struct cdevsw *dsw;
686 	struct devfs_dirent *de = vp->v_data;
687 	int dflags, error, ref, vp_locked;
688 
689 	/*
690 	 * XXX: Don't call d_close() if we were called because of
691 	 * XXX: insmntque() failure.
692 	 */
693 	if (vp->v_data == NULL)
694 		return (0);
695 
696 	/*
697 	 * Hack: a tty device that is a controlling terminal
698 	 * has a reference from the session structure.
699 	 * We cannot easily tell that a character device is
700 	 * a controlling terminal, unless it is the closing
701 	 * process' controlling terminal.  In that case,
702 	 * if the reference count is 2 (this last descriptor
703 	 * plus the session), release the reference from the session.
704 	 */
705 	if (de->de_usecount == 2 && td != NULL) {
706 		p = td->td_proc;
707 		PROC_LOCK(p);
708 		if (vp == p->p_session->s_ttyvp) {
709 			PROC_UNLOCK(p);
710 			oldvp = NULL;
711 			sx_xlock(&proctree_lock);
712 			if (vp == p->p_session->s_ttyvp) {
713 				SESS_LOCK(p->p_session);
714 				mtx_lock(&devfs_de_interlock);
715 				VI_LOCK(vp);
716 				if (devfs_usecountl(vp) == 2 && !VN_IS_DOOMED(vp)) {
717 					p->p_session->s_ttyvp = NULL;
718 					p->p_session->s_ttydp = NULL;
719 					oldvp = vp;
720 				}
721 				VI_UNLOCK(vp);
722 				mtx_unlock(&devfs_de_interlock);
723 				SESS_UNLOCK(p->p_session);
724 			}
725 			sx_xunlock(&proctree_lock);
726 			if (oldvp != NULL)
727 				devfs_ctty_unref(oldvp);
728 		} else
729 			PROC_UNLOCK(p);
730 	}
731 	/*
732 	 * We do not want to really close the device if it
733 	 * is still in use unless we are trying to close it
734 	 * forcibly. Since every use (buffer, vnode, swap, cmap)
735 	 * holds a reference to the vnode, and because we mark
736 	 * any other vnodes that alias this device, when the
737 	 * sum of the reference counts on all the aliased
738 	 * vnodes descends to one, we are on last close.
739 	 */
740 	dsw = dev_refthread(dev, &ref);
741 	if (dsw == NULL)
742 		return (ENXIO);
743 	dflags = 0;
744 	mtx_lock(&devfs_de_interlock);
745 	VI_LOCK(vp);
746 	if (devfs_usecountl(vp) == 1)
747 		dflags |= FLASTCLOSE;
748 	devfs_usecount_subl(vp);
749 	mtx_unlock(&devfs_de_interlock);
750 	if (VN_IS_DOOMED(vp)) {
751 		/* Forced close. */
752 		dflags |= FREVOKE | FNONBLOCK;
753 	} else if (dsw->d_flags & D_TRACKCLOSE) {
754 		/* Keep device updated on status. */
755 	} else if ((dflags & FLASTCLOSE) == 0) {
756 		VI_UNLOCK(vp);
757 		dev_relthread(dev, ref);
758 		return (0);
759 	}
760 	vholdnz(vp);
761 	VI_UNLOCK(vp);
762 	vp_locked = VOP_ISLOCKED(vp);
763 	VOP_UNLOCK(vp);
764 	KASSERT(dev->si_refcount > 0,
765 	    ("devfs_close() on un-referenced struct cdev *(%s)", devtoname(dev)));
766 	error = dsw->d_close(dev, ap->a_fflag | dflags, S_IFCHR, td);
767 	dev_relthread(dev, ref);
768 	vn_lock(vp, vp_locked | LK_RETRY);
769 	vdrop(vp);
770 	return (error);
771 }
772 
773 static int
devfs_close_f(struct file * fp,struct thread * td)774 devfs_close_f(struct file *fp, struct thread *td)
775 {
776 	int error;
777 	struct file *fpop;
778 
779 	/*
780 	 * NB: td may be NULL if this descriptor is closed due to
781 	 * garbage collection from a closed UNIX domain socket.
782 	 */
783 	fpop = curthread->td_fpop;
784 	curthread->td_fpop = fp;
785 	error = vnops.fo_close(fp, td);
786 	curthread->td_fpop = fpop;
787 
788 	/*
789 	 * The f_cdevpriv cannot be assigned non-NULL value while we
790 	 * are destroying the file.
791 	 */
792 	if (fp->f_cdevpriv != NULL)
793 		devfs_fpdrop(fp);
794 	return (error);
795 }
796 
797 static int
devfs_getattr(struct vop_getattr_args * ap)798 devfs_getattr(struct vop_getattr_args *ap)
799 {
800 	struct vnode *vp = ap->a_vp;
801 	struct vattr *vap = ap->a_vap;
802 	struct devfs_dirent *de;
803 	struct devfs_mount *dmp;
804 	struct cdev *dev;
805 	struct timeval boottime;
806 	int error;
807 
808 	error = devfs_populate_vp(vp);
809 	if (error != 0)
810 		return (error);
811 
812 	dmp = VFSTODEVFS(vp->v_mount);
813 	sx_xunlock(&dmp->dm_lock);
814 
815 	de = vp->v_data;
816 	KASSERT(de != NULL, ("Null dirent in devfs_getattr vp=%p", vp));
817 	if (vp->v_type == VDIR) {
818 		de = de->de_dir;
819 		KASSERT(de != NULL,
820 		    ("Null dir dirent in devfs_getattr vp=%p", vp));
821 	}
822 	vap->va_uid = de->de_uid;
823 	vap->va_gid = de->de_gid;
824 	vap->va_mode = de->de_mode;
825 	if (vp->v_type == VLNK)
826 		vap->va_size = strlen(de->de_symlink);
827 	else if (vp->v_type == VDIR)
828 		vap->va_size = vap->va_bytes = DEV_BSIZE;
829 	else
830 		vap->va_size = 0;
831 	if (vp->v_type != VDIR)
832 		vap->va_bytes = 0;
833 	vap->va_blocksize = DEV_BSIZE;
834 	vap->va_type = vp->v_type;
835 
836 	getboottime(&boottime);
837 #define fix(aa)							\
838 	do {							\
839 		if ((aa).tv_sec <= 3600) {			\
840 			(aa).tv_sec = boottime.tv_sec;		\
841 			(aa).tv_nsec = boottime.tv_usec * 1000; \
842 		}						\
843 	} while (0)
844 
845 	if (vp->v_type != VCHR)  {
846 		fix(de->de_atime);
847 		vap->va_atime = de->de_atime;
848 		fix(de->de_mtime);
849 		vap->va_mtime = de->de_mtime;
850 		fix(de->de_ctime);
851 		vap->va_ctime = de->de_ctime;
852 	} else {
853 		dev = vp->v_rdev;
854 		fix(dev->si_atime);
855 		vap->va_atime = dev->si_atime;
856 		fix(dev->si_mtime);
857 		vap->va_mtime = dev->si_mtime;
858 		fix(dev->si_ctime);
859 		vap->va_ctime = dev->si_ctime;
860 
861 		vap->va_rdev = cdev2priv(dev)->cdp_inode;
862 	}
863 	vap->va_gen = 0;
864 	vap->va_flags = 0;
865 	vap->va_filerev = 0;
866 	vap->va_nlink = de->de_links;
867 	vap->va_fileid = de->de_inode;
868 
869 	return (error);
870 }
871 
872 /* ARGSUSED */
873 static int
devfs_ioctl_f(struct file * fp,u_long com,void * data,struct ucred * cred,struct thread * td)874 devfs_ioctl_f(struct file *fp, u_long com, void *data, struct ucred *cred, struct thread *td)
875 {
876 	struct file *fpop;
877 	int error;
878 
879 	fpop = td->td_fpop;
880 	td->td_fpop = fp;
881 	error = vnops.fo_ioctl(fp, com, data, cred, td);
882 	td->td_fpop = fpop;
883 	return (error);
884 }
885 
886 void *
fiodgname_buf_get_ptr(void * fgnp,u_long com)887 fiodgname_buf_get_ptr(void *fgnp, u_long com)
888 {
889 	union {
890 		struct fiodgname_arg	fgn;
891 #ifdef COMPAT_FREEBSD32
892 		struct fiodgname_arg32	fgn32;
893 #endif
894 	} *fgnup;
895 
896 	fgnup = fgnp;
897 	switch (com) {
898 	case FIODGNAME:
899 		return (fgnup->fgn.buf);
900 #ifdef COMPAT_FREEBSD32
901 	case FIODGNAME_32:
902 		return ((void *)(uintptr_t)fgnup->fgn32.buf);
903 #endif
904 	default:
905 		panic("Unhandled ioctl command %ld", com);
906 	}
907 }
908 
909 static int
devfs_ioctl(struct vop_ioctl_args * ap)910 devfs_ioctl(struct vop_ioctl_args *ap)
911 {
912 	struct fiodgname_arg *fgn;
913 	struct vnode *vpold, *vp;
914 	struct cdevsw *dsw;
915 	struct thread *td;
916 	struct session *sess;
917 	struct cdev *dev;
918 	int error, ref, i;
919 	const char *p;
920 	u_long com;
921 
922 	vp = ap->a_vp;
923 	com = ap->a_command;
924 	td = ap->a_td;
925 
926 	dsw = devvn_refthread(vp, &dev, &ref);
927 	if (dsw == NULL)
928 		return (ENXIO);
929 	KASSERT(dev->si_refcount > 0,
930 	    ("devfs: un-referenced struct cdev *(%s)", devtoname(dev)));
931 
932 	switch (com) {
933 	case FIODTYPE:
934 		*(int *)ap->a_data = dsw->d_flags & D_TYPEMASK;
935 		error = 0;
936 		break;
937 	case FIODGNAME:
938 #ifdef	COMPAT_FREEBSD32
939 	case FIODGNAME_32:
940 #endif
941 		fgn = ap->a_data;
942 		p = devtoname(dev);
943 		i = strlen(p) + 1;
944 		if (i > fgn->len)
945 			error = EINVAL;
946 		else
947 			error = copyout(p, fiodgname_buf_get_ptr(fgn, com), i);
948 		break;
949 	default:
950 		error = dsw->d_ioctl(dev, com, ap->a_data, ap->a_fflag, td);
951 	}
952 
953 	dev_relthread(dev, ref);
954 	if (error == ENOIOCTL)
955 		error = ENOTTY;
956 
957 	if (error == 0 && com == TIOCSCTTY) {
958 		/*
959 		 * Do nothing if reassigning same control tty, or if the
960 		 * control tty has already disappeared.  If it disappeared,
961 		 * it's because we were racing with TIOCNOTTY.  TIOCNOTTY
962 		 * already took care of releasing the old vnode and we have
963 		 * nothing left to do.
964 		 */
965 		sx_slock(&proctree_lock);
966 		sess = td->td_proc->p_session;
967 		if (sess->s_ttyvp == vp || sess->s_ttyp == NULL) {
968 			sx_sunlock(&proctree_lock);
969 			return (0);
970 		}
971 
972 		devfs_ctty_ref(vp);
973 		SESS_LOCK(sess);
974 		vpold = sess->s_ttyvp;
975 		sess->s_ttyvp = vp;
976 		sess->s_ttydp = cdev2priv(dev);
977 		SESS_UNLOCK(sess);
978 
979 		sx_sunlock(&proctree_lock);
980 
981 		/* Get rid of reference to old control tty */
982 		if (vpold)
983 			devfs_ctty_unref(vpold);
984 	}
985 	return (error);
986 }
987 
988 /* ARGSUSED */
989 static int
devfs_kqfilter_f(struct file * fp,struct knote * kn)990 devfs_kqfilter_f(struct file *fp, struct knote *kn)
991 {
992 	struct cdev *dev;
993 	struct cdevsw *dsw;
994 	int error, ref;
995 	struct file *fpop;
996 	struct thread *td;
997 
998 	td = curthread;
999 	fpop = td->td_fpop;
1000 	error = devfs_fp_check(fp, &dev, &dsw, &ref);
1001 	if (error)
1002 		return (error);
1003 	error = dsw->d_kqfilter(dev, kn);
1004 	td->td_fpop = fpop;
1005 	dev_relthread(dev, ref);
1006 	return (error);
1007 }
1008 
1009 static inline int
devfs_prison_check(struct devfs_dirent * de,struct thread * td)1010 devfs_prison_check(struct devfs_dirent *de, struct thread *td)
1011 {
1012 	struct cdev_priv *cdp;
1013 	struct ucred *dcr;
1014 	struct proc *p;
1015 	int error;
1016 
1017 	cdp = de->de_cdp;
1018 	if (cdp == NULL)
1019 		return (0);
1020 	dcr = cdp->cdp_c.si_cred;
1021 	if (dcr == NULL)
1022 		return (0);
1023 
1024 	error = prison_check(td->td_ucred, dcr);
1025 	if (error == 0)
1026 		return (0);
1027 	/* We do, however, allow access to the controlling terminal */
1028 	p = td->td_proc;
1029 	PROC_LOCK(p);
1030 	if (!(p->p_flag & P_CONTROLT)) {
1031 		PROC_UNLOCK(p);
1032 		return (error);
1033 	}
1034 	if (p->p_session->s_ttydp == cdp)
1035 		error = 0;
1036 	PROC_UNLOCK(p);
1037 	return (error);
1038 }
1039 
1040 static int
devfs_lookupx(struct vop_lookup_args * ap,int * dm_unlock)1041 devfs_lookupx(struct vop_lookup_args *ap, int *dm_unlock)
1042 {
1043 	struct componentname *cnp;
1044 	struct vnode *dvp, **vpp;
1045 	struct thread *td;
1046 	struct devfs_dirent *de, *dd;
1047 	struct devfs_dirent **dde;
1048 	struct devfs_mount *dmp;
1049 	struct mount *mp;
1050 	struct cdev *cdev;
1051 	int error, flags, nameiop, dvplocked;
1052 	char specname[SPECNAMELEN + 1], *pname;
1053 
1054 	td = curthread;
1055 	cnp = ap->a_cnp;
1056 	vpp = ap->a_vpp;
1057 	dvp = ap->a_dvp;
1058 	pname = cnp->cn_nameptr;
1059 	flags = cnp->cn_flags;
1060 	nameiop = cnp->cn_nameiop;
1061 	mp = dvp->v_mount;
1062 	dmp = VFSTODEVFS(mp);
1063 	dd = dvp->v_data;
1064 	*vpp = NULLVP;
1065 
1066 	if ((flags & ISLASTCN) && nameiop == RENAME)
1067 		return (EOPNOTSUPP);
1068 
1069 	if (dvp->v_type != VDIR)
1070 		return (ENOTDIR);
1071 
1072 	if ((flags & ISDOTDOT) && (dvp->v_vflag & VV_ROOT))
1073 		return (EIO);
1074 
1075 	error = vn_dir_check_exec(dvp, cnp);
1076 	if (error != 0)
1077 		return (error);
1078 
1079 	if (cnp->cn_namelen == 1 && *pname == '.') {
1080 		if ((flags & ISLASTCN) && nameiop != LOOKUP)
1081 			return (EINVAL);
1082 		*vpp = dvp;
1083 		VREF(dvp);
1084 		return (0);
1085 	}
1086 
1087 	if (flags & ISDOTDOT) {
1088 		if ((flags & ISLASTCN) && nameiop != LOOKUP)
1089 			return (EINVAL);
1090 		de = devfs_parent_dirent(dd);
1091 		if (de == NULL)
1092 			return (ENOENT);
1093 		dvplocked = VOP_ISLOCKED(dvp);
1094 		VOP_UNLOCK(dvp);
1095 		error = devfs_allocv(de, mp, cnp->cn_lkflags & LK_TYPE_MASK,
1096 		    vpp);
1097 		*dm_unlock = 0;
1098 		vn_lock(dvp, dvplocked | LK_RETRY);
1099 		return (error);
1100 	}
1101 
1102 	dd = dvp->v_data;
1103 	de = devfs_find(dd, cnp->cn_nameptr, cnp->cn_namelen, 0);
1104 	while (de == NULL) {	/* While(...) so we can use break */
1105 
1106 		if (nameiop == DELETE)
1107 			return (ENOENT);
1108 
1109 		/*
1110 		 * OK, we didn't have an entry for the name we were asked for
1111 		 * so we try to see if anybody can create it on demand.
1112 		 */
1113 		pname = devfs_fqpn(specname, dmp, dd, cnp);
1114 		if (pname == NULL)
1115 			break;
1116 
1117 		cdev = NULL;
1118 		DEVFS_DMP_HOLD(dmp);
1119 		sx_xunlock(&dmp->dm_lock);
1120 		EVENTHANDLER_INVOKE(dev_clone,
1121 		    td->td_ucred, pname, strlen(pname), &cdev);
1122 
1123 		if (cdev == NULL)
1124 			sx_xlock(&dmp->dm_lock);
1125 		else if (devfs_populate_vp(dvp) != 0) {
1126 			*dm_unlock = 0;
1127 			sx_xlock(&dmp->dm_lock);
1128 			if (DEVFS_DMP_DROP(dmp)) {
1129 				sx_xunlock(&dmp->dm_lock);
1130 				devfs_unmount_final(dmp);
1131 			} else
1132 				sx_xunlock(&dmp->dm_lock);
1133 			dev_rel(cdev);
1134 			return (ENOENT);
1135 		}
1136 		if (DEVFS_DMP_DROP(dmp)) {
1137 			*dm_unlock = 0;
1138 			sx_xunlock(&dmp->dm_lock);
1139 			devfs_unmount_final(dmp);
1140 			if (cdev != NULL)
1141 				dev_rel(cdev);
1142 			return (ENOENT);
1143 		}
1144 
1145 		if (cdev == NULL)
1146 			break;
1147 
1148 		dev_lock();
1149 		dde = &cdev2priv(cdev)->cdp_dirents[dmp->dm_idx];
1150 		if (dde != NULL && *dde != NULL)
1151 			de = *dde;
1152 		dev_unlock();
1153 		dev_rel(cdev);
1154 		break;
1155 	}
1156 
1157 	if (de == NULL || de->de_flags & DE_WHITEOUT) {
1158 		if ((nameiop == CREATE || nameiop == RENAME) &&
1159 		    (flags & (LOCKPARENT | WANTPARENT)) && (flags & ISLASTCN)) {
1160 			return (EJUSTRETURN);
1161 		}
1162 		return (ENOENT);
1163 	}
1164 
1165 	if (devfs_prison_check(de, td))
1166 		return (ENOENT);
1167 
1168 	if ((cnp->cn_nameiop == DELETE) && (flags & ISLASTCN)) {
1169 		error = VOP_ACCESS(dvp, VWRITE, cnp->cn_cred, td);
1170 		if (error)
1171 			return (error);
1172 		if (*vpp == dvp) {
1173 			VREF(dvp);
1174 			*vpp = dvp;
1175 			return (0);
1176 		}
1177 	}
1178 	error = devfs_allocv(de, mp, cnp->cn_lkflags & LK_TYPE_MASK, vpp);
1179 	*dm_unlock = 0;
1180 	return (error);
1181 }
1182 
1183 static int
devfs_lookup(struct vop_lookup_args * ap)1184 devfs_lookup(struct vop_lookup_args *ap)
1185 {
1186 	int j;
1187 	struct devfs_mount *dmp;
1188 	int dm_unlock;
1189 
1190 	if (devfs_populate_vp(ap->a_dvp) != 0)
1191 		return (ENOTDIR);
1192 
1193 	dmp = VFSTODEVFS(ap->a_dvp->v_mount);
1194 	dm_unlock = 1;
1195 	j = devfs_lookupx(ap, &dm_unlock);
1196 	if (dm_unlock == 1)
1197 		sx_xunlock(&dmp->dm_lock);
1198 	return (j);
1199 }
1200 
1201 static int
devfs_mknod(struct vop_mknod_args * ap)1202 devfs_mknod(struct vop_mknod_args *ap)
1203 {
1204 	struct componentname *cnp;
1205 	struct vnode *dvp, **vpp;
1206 	struct devfs_dirent *dd, *de;
1207 	struct devfs_mount *dmp;
1208 	int error;
1209 
1210 	/*
1211 	 * The only type of node we should be creating here is a
1212 	 * character device, for anything else return EOPNOTSUPP.
1213 	 */
1214 	if (ap->a_vap->va_type != VCHR)
1215 		return (EOPNOTSUPP);
1216 	dvp = ap->a_dvp;
1217 	dmp = VFSTODEVFS(dvp->v_mount);
1218 
1219 	cnp = ap->a_cnp;
1220 	vpp = ap->a_vpp;
1221 	dd = dvp->v_data;
1222 
1223 	error = ENOENT;
1224 	sx_xlock(&dmp->dm_lock);
1225 	TAILQ_FOREACH(de, &dd->de_dlist, de_list) {
1226 		if (cnp->cn_namelen != de->de_dirent->d_namlen)
1227 			continue;
1228 		if (de->de_dirent->d_type == DT_CHR &&
1229 		    (de->de_cdp->cdp_flags & CDP_ACTIVE) == 0)
1230 			continue;
1231 		if (bcmp(cnp->cn_nameptr, de->de_dirent->d_name,
1232 		    de->de_dirent->d_namlen) != 0)
1233 			continue;
1234 		if (de->de_flags & DE_WHITEOUT)
1235 			break;
1236 		goto notfound;
1237 	}
1238 	if (de == NULL)
1239 		goto notfound;
1240 	de->de_flags &= ~DE_WHITEOUT;
1241 	error = devfs_allocv(de, dvp->v_mount, LK_EXCLUSIVE, vpp);
1242 	return (error);
1243 notfound:
1244 	sx_xunlock(&dmp->dm_lock);
1245 	return (error);
1246 }
1247 
1248 /* ARGSUSED */
1249 static int
devfs_open(struct vop_open_args * ap)1250 devfs_open(struct vop_open_args *ap)
1251 {
1252 	struct thread *td = ap->a_td;
1253 	struct vnode *vp = ap->a_vp;
1254 	struct cdev *dev = vp->v_rdev;
1255 	struct file *fp = ap->a_fp;
1256 	int error, ref, vlocked;
1257 	struct cdevsw *dsw;
1258 	struct file *fpop;
1259 
1260 	if (vp->v_type == VBLK)
1261 		return (ENXIO);
1262 
1263 	if (dev == NULL)
1264 		return (ENXIO);
1265 
1266 	/* Make this field valid before any I/O in d_open. */
1267 	if (dev->si_iosize_max == 0)
1268 		dev->si_iosize_max = DFLTPHYS;
1269 
1270 	dsw = dev_refthread(dev, &ref);
1271 	if (dsw == NULL)
1272 		return (ENXIO);
1273 	if (fp == NULL && dsw->d_fdopen != NULL) {
1274 		dev_relthread(dev, ref);
1275 		return (ENXIO);
1276 	}
1277 
1278 	if (vp->v_type == VCHR)
1279 		devfs_usecount_add(vp);
1280 
1281 	vlocked = VOP_ISLOCKED(vp);
1282 	VOP_UNLOCK(vp);
1283 
1284 	fpop = td->td_fpop;
1285 	td->td_fpop = fp;
1286 	if (fp != NULL) {
1287 		fp->f_data = dev;
1288 		fp->f_vnode = vp;
1289 	}
1290 	if (dsw->d_fdopen != NULL)
1291 		error = dsw->d_fdopen(dev, ap->a_mode, td, fp);
1292 	else
1293 		error = dsw->d_open(dev, ap->a_mode, S_IFCHR, td);
1294 	/* Clean up any cdevpriv upon error. */
1295 	if (error != 0)
1296 		devfs_clear_cdevpriv();
1297 	td->td_fpop = fpop;
1298 
1299 	vn_lock(vp, vlocked | LK_RETRY);
1300 	if (error != 0 && vp->v_type == VCHR)
1301 		devfs_usecount_sub(vp);
1302 
1303 	dev_relthread(dev, ref);
1304 	if (error != 0) {
1305 		if (error == ERESTART)
1306 			error = EINTR;
1307 		return (error);
1308 	}
1309 
1310 #if 0	/* /dev/console */
1311 	KASSERT(fp != NULL, ("Could not vnode bypass device on NULL fp"));
1312 #else
1313 	if (fp == NULL)
1314 		return (error);
1315 #endif
1316 	if (fp->f_ops == &badfileops)
1317 		finit(fp, fp->f_flag, DTYPE_VNODE, dev, &devfs_ops_f);
1318 	return (error);
1319 }
1320 
1321 static int
devfs_pathconf(struct vop_pathconf_args * ap)1322 devfs_pathconf(struct vop_pathconf_args *ap)
1323 {
1324 
1325 	switch (ap->a_name) {
1326 	case _PC_FILESIZEBITS:
1327 		*ap->a_retval = 64;
1328 		return (0);
1329 	case _PC_NAME_MAX:
1330 		*ap->a_retval = NAME_MAX;
1331 		return (0);
1332 	case _PC_LINK_MAX:
1333 		*ap->a_retval = INT_MAX;
1334 		return (0);
1335 	case _PC_SYMLINK_MAX:
1336 		*ap->a_retval = MAXPATHLEN;
1337 		return (0);
1338 	case _PC_MAX_CANON:
1339 		if (ap->a_vp->v_vflag & VV_ISTTY) {
1340 			*ap->a_retval = MAX_CANON;
1341 			return (0);
1342 		}
1343 		return (EINVAL);
1344 	case _PC_MAX_INPUT:
1345 		if (ap->a_vp->v_vflag & VV_ISTTY) {
1346 			*ap->a_retval = MAX_INPUT;
1347 			return (0);
1348 		}
1349 		return (EINVAL);
1350 	case _PC_VDISABLE:
1351 		if (ap->a_vp->v_vflag & VV_ISTTY) {
1352 			*ap->a_retval = _POSIX_VDISABLE;
1353 			return (0);
1354 		}
1355 		return (EINVAL);
1356 	case _PC_MAC_PRESENT:
1357 #ifdef MAC
1358 		/*
1359 		 * If MAC is enabled, devfs automatically supports
1360 		 * trivial non-persistent label storage.
1361 		 */
1362 		*ap->a_retval = 1;
1363 #else
1364 		*ap->a_retval = 0;
1365 #endif
1366 		return (0);
1367 	case _PC_CHOWN_RESTRICTED:
1368 		*ap->a_retval = 1;
1369 		return (0);
1370 	default:
1371 		return (vop_stdpathconf(ap));
1372 	}
1373 	/* NOTREACHED */
1374 }
1375 
1376 /* ARGSUSED */
1377 static int
devfs_poll_f(struct file * fp,int events,struct ucred * cred,struct thread * td)1378 devfs_poll_f(struct file *fp, int events, struct ucred *cred, struct thread *td)
1379 {
1380 	struct cdev *dev;
1381 	struct cdevsw *dsw;
1382 	int error, ref;
1383 	struct file *fpop;
1384 
1385 	fpop = td->td_fpop;
1386 	error = devfs_fp_check(fp, &dev, &dsw, &ref);
1387 	if (error != 0) {
1388 		error = vnops.fo_poll(fp, events, cred, td);
1389 		return (error);
1390 	}
1391 	error = dsw->d_poll(dev, events, td);
1392 	td->td_fpop = fpop;
1393 	dev_relthread(dev, ref);
1394 	return(error);
1395 }
1396 
1397 /*
1398  * Print out the contents of a special device vnode.
1399  */
1400 static int
devfs_print(struct vop_print_args * ap)1401 devfs_print(struct vop_print_args *ap)
1402 {
1403 
1404 	printf("\tdev %s\n", devtoname(ap->a_vp->v_rdev));
1405 	return (0);
1406 }
1407 
1408 static int
devfs_read_f(struct file * fp,struct uio * uio,struct ucred * cred,int flags,struct thread * td)1409 devfs_read_f(struct file *fp, struct uio *uio, struct ucred *cred,
1410     int flags, struct thread *td)
1411 {
1412 	struct cdev *dev;
1413 	int ioflag, error, ref;
1414 	ssize_t resid;
1415 	struct cdevsw *dsw;
1416 	struct file *fpop;
1417 
1418 	if (uio->uio_resid > DEVFS_IOSIZE_MAX)
1419 		return (EINVAL);
1420 	fpop = td->td_fpop;
1421 	error = devfs_fp_check(fp, &dev, &dsw, &ref);
1422 	if (error != 0) {
1423 		error = vnops.fo_read(fp, uio, cred, flags, td);
1424 		return (error);
1425 	}
1426 	resid = uio->uio_resid;
1427 	ioflag = fp->f_flag & (O_NONBLOCK | O_DIRECT);
1428 	if (ioflag & O_DIRECT)
1429 		ioflag |= IO_DIRECT;
1430 
1431 	foffset_lock_uio(fp, uio, flags | FOF_NOLOCK);
1432 	error = dsw->d_read(dev, uio, ioflag);
1433 	if (uio->uio_resid != resid || (error == 0 && resid != 0))
1434 		devfs_timestamp(&dev->si_atime);
1435 	td->td_fpop = fpop;
1436 	dev_relthread(dev, ref);
1437 
1438 	foffset_unlock_uio(fp, uio, flags | FOF_NOLOCK | FOF_NEXTOFF_R);
1439 	return (error);
1440 }
1441 
1442 static int
devfs_readdir(struct vop_readdir_args * ap)1443 devfs_readdir(struct vop_readdir_args *ap)
1444 {
1445 	int error;
1446 	struct uio *uio;
1447 	struct dirent *dp;
1448 	struct devfs_dirent *dd;
1449 	struct devfs_dirent *de;
1450 	struct devfs_mount *dmp;
1451 	off_t off;
1452 	int *tmp_ncookies = NULL;
1453 
1454 	if (ap->a_vp->v_type != VDIR)
1455 		return (ENOTDIR);
1456 
1457 	uio = ap->a_uio;
1458 	if (uio->uio_offset < 0)
1459 		return (EINVAL);
1460 
1461 	/*
1462 	 * XXX: This is a temporary hack to get around this filesystem not
1463 	 * supporting cookies. We store the location of the ncookies pointer
1464 	 * in a temporary variable before calling vfs_subr.c:vfs_read_dirent()
1465 	 * and set the number of cookies to 0. We then set the pointer to
1466 	 * NULL so that vfs_read_dirent doesn't try to call realloc() on
1467 	 * ap->a_cookies. Later in this function, we restore the ap->a_ncookies
1468 	 * pointer to its original location before returning to the caller.
1469 	 */
1470 	if (ap->a_ncookies != NULL) {
1471 		tmp_ncookies = ap->a_ncookies;
1472 		*ap->a_ncookies = 0;
1473 		ap->a_ncookies = NULL;
1474 	}
1475 
1476 	dmp = VFSTODEVFS(ap->a_vp->v_mount);
1477 	if (devfs_populate_vp(ap->a_vp) != 0) {
1478 		if (tmp_ncookies != NULL)
1479 			ap->a_ncookies = tmp_ncookies;
1480 		return (EIO);
1481 	}
1482 	error = 0;
1483 	de = ap->a_vp->v_data;
1484 	off = 0;
1485 	TAILQ_FOREACH(dd, &de->de_dlist, de_list) {
1486 		KASSERT(dd->de_cdp != (void *)0xdeadc0de, ("%s %d\n", __func__, __LINE__));
1487 		if (dd->de_flags & (DE_COVERED | DE_WHITEOUT))
1488 			continue;
1489 		if (devfs_prison_check(dd, uio->uio_td))
1490 			continue;
1491 		if (dd->de_dirent->d_type == DT_DIR)
1492 			de = dd->de_dir;
1493 		else
1494 			de = dd;
1495 		dp = dd->de_dirent;
1496 		MPASS(dp->d_reclen == GENERIC_DIRSIZ(dp));
1497 		if (dp->d_reclen > uio->uio_resid)
1498 			break;
1499 		dp->d_fileno = de->de_inode;
1500 		/* NOTE: d_off is the offset for the *next* entry. */
1501 		dp->d_off = off + dp->d_reclen;
1502 		if (off >= uio->uio_offset) {
1503 			error = vfs_read_dirent(ap, dp, off);
1504 			if (error)
1505 				break;
1506 		}
1507 		off += dp->d_reclen;
1508 	}
1509 	sx_xunlock(&dmp->dm_lock);
1510 	uio->uio_offset = off;
1511 
1512 	/*
1513 	 * Restore ap->a_ncookies if it wasn't originally NULL in the first
1514 	 * place.
1515 	 */
1516 	if (tmp_ncookies != NULL)
1517 		ap->a_ncookies = tmp_ncookies;
1518 
1519 	return (error);
1520 }
1521 
1522 static int
devfs_readlink(struct vop_readlink_args * ap)1523 devfs_readlink(struct vop_readlink_args *ap)
1524 {
1525 	struct devfs_dirent *de;
1526 
1527 	de = ap->a_vp->v_data;
1528 	return (uiomove(de->de_symlink, strlen(de->de_symlink), ap->a_uio));
1529 }
1530 
1531 static void
devfs_reclaiml(struct vnode * vp)1532 devfs_reclaiml(struct vnode *vp)
1533 {
1534 	struct devfs_dirent *de;
1535 
1536 	mtx_assert(&devfs_de_interlock, MA_OWNED);
1537 	de = vp->v_data;
1538 	if (de != NULL) {
1539 		MPASS(de->de_usecount == 0);
1540 		de->de_vnode = NULL;
1541 		vp->v_data = NULL;
1542 	}
1543 }
1544 
1545 static int
devfs_reclaim(struct vop_reclaim_args * ap)1546 devfs_reclaim(struct vop_reclaim_args *ap)
1547 {
1548 	struct vnode *vp;
1549 
1550 	vp = ap->a_vp;
1551 	mtx_lock(&devfs_de_interlock);
1552 	devfs_reclaiml(vp);
1553 	mtx_unlock(&devfs_de_interlock);
1554 	return (0);
1555 }
1556 
1557 static int
devfs_reclaim_vchr(struct vop_reclaim_args * ap)1558 devfs_reclaim_vchr(struct vop_reclaim_args *ap)
1559 {
1560 	struct vnode *vp;
1561 	struct cdev *dev;
1562 
1563 	vp = ap->a_vp;
1564 	MPASS(vp->v_type == VCHR);
1565 
1566 	mtx_lock(&devfs_de_interlock);
1567 	VI_LOCK(vp);
1568 	devfs_usecount_subl(vp);
1569 	devfs_reclaiml(vp);
1570 	mtx_unlock(&devfs_de_interlock);
1571 	dev_lock();
1572 	dev = vp->v_rdev;
1573 	vp->v_rdev = NULL;
1574 	dev_unlock();
1575 	VI_UNLOCK(vp);
1576 	if (dev != NULL)
1577 		dev_rel(dev);
1578 	return (0);
1579 }
1580 
1581 static int
devfs_remove(struct vop_remove_args * ap)1582 devfs_remove(struct vop_remove_args *ap)
1583 {
1584 	struct vnode *dvp = ap->a_dvp;
1585 	struct vnode *vp = ap->a_vp;
1586 	struct devfs_dirent *dd;
1587 	struct devfs_dirent *de, *de_covered;
1588 	struct devfs_mount *dmp = VFSTODEVFS(vp->v_mount);
1589 
1590 	ASSERT_VOP_ELOCKED(dvp, "devfs_remove");
1591 	ASSERT_VOP_ELOCKED(vp, "devfs_remove");
1592 
1593 	sx_xlock(&dmp->dm_lock);
1594 	dd = ap->a_dvp->v_data;
1595 	de = vp->v_data;
1596 	if (de->de_cdp == NULL) {
1597 		TAILQ_REMOVE(&dd->de_dlist, de, de_list);
1598 		if (de->de_dirent->d_type == DT_LNK) {
1599 			de_covered = devfs_find(dd, de->de_dirent->d_name,
1600 			    de->de_dirent->d_namlen, 0);
1601 			if (de_covered != NULL)
1602 				de_covered->de_flags &= ~DE_COVERED;
1603 		}
1604 		/* We need to unlock dvp because devfs_delete() may lock it. */
1605 		VOP_UNLOCK(vp);
1606 		if (dvp != vp)
1607 			VOP_UNLOCK(dvp);
1608 		devfs_delete(dmp, de, 0);
1609 		sx_xunlock(&dmp->dm_lock);
1610 		if (dvp != vp)
1611 			vn_lock(dvp, LK_EXCLUSIVE | LK_RETRY);
1612 		vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
1613 	} else {
1614 		de->de_flags |= DE_WHITEOUT;
1615 		sx_xunlock(&dmp->dm_lock);
1616 	}
1617 	return (0);
1618 }
1619 
1620 /*
1621  * Revoke is called on a tty when a terminal session ends.  The vnode
1622  * is orphaned by setting v_op to deadfs so we need to let go of it
1623  * as well so that we create a new one next time around.
1624  *
1625  */
1626 static int
devfs_revoke(struct vop_revoke_args * ap)1627 devfs_revoke(struct vop_revoke_args *ap)
1628 {
1629 	struct vnode *vp = ap->a_vp, *vp2;
1630 	struct cdev *dev;
1631 	struct cdev_priv *cdp;
1632 	struct devfs_dirent *de;
1633 	enum vgetstate vs;
1634 	u_int i;
1635 
1636 	KASSERT((ap->a_flags & REVOKEALL) != 0, ("devfs_revoke !REVOKEALL"));
1637 
1638 	dev = vp->v_rdev;
1639 	cdp = cdev2priv(dev);
1640 
1641 	dev_lock();
1642 	cdp->cdp_inuse++;
1643 	dev_unlock();
1644 
1645 	vhold(vp);
1646 	vgone(vp);
1647 	vdrop(vp);
1648 
1649 	VOP_UNLOCK(vp);
1650  loop:
1651 	for (;;) {
1652 		mtx_lock(&devfs_de_interlock);
1653 		dev_lock();
1654 		vp2 = NULL;
1655 		for (i = 0; i <= cdp->cdp_maxdirent; i++) {
1656 			de = cdp->cdp_dirents[i];
1657 			if (de == NULL)
1658 				continue;
1659 
1660 			vp2 = de->de_vnode;
1661 			if (vp2 != NULL) {
1662 				dev_unlock();
1663 				vs = vget_prep(vp2);
1664 				mtx_unlock(&devfs_de_interlock);
1665 				if (vget_finish(vp2, LK_EXCLUSIVE, vs) != 0)
1666 					goto loop;
1667 				vhold(vp2);
1668 				vgone(vp2);
1669 				vdrop(vp2);
1670 				vput(vp2);
1671 				break;
1672 			}
1673 		}
1674 		if (vp2 != NULL) {
1675 			continue;
1676 		}
1677 		dev_unlock();
1678 		mtx_unlock(&devfs_de_interlock);
1679 		break;
1680 	}
1681 	dev_lock();
1682 	cdp->cdp_inuse--;
1683 	if (!(cdp->cdp_flags & CDP_ACTIVE) && cdp->cdp_inuse == 0) {
1684 		KASSERT((cdp->cdp_flags & CDP_ON_ACTIVE_LIST) != 0,
1685 		    ("%s: cdp %p (%s) not on active list",
1686 		    __func__, cdp, dev->si_name));
1687 		cdp->cdp_flags &= ~CDP_ON_ACTIVE_LIST;
1688 		TAILQ_REMOVE(&cdevp_list, cdp, cdp_list);
1689 		dev_unlock();
1690 		dev_rel(&cdp->cdp_c);
1691 	} else
1692 		dev_unlock();
1693 
1694 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
1695 	return (0);
1696 }
1697 
1698 static int
devfs_rioctl(struct vop_ioctl_args * ap)1699 devfs_rioctl(struct vop_ioctl_args *ap)
1700 {
1701 	struct vnode *vp;
1702 	struct devfs_mount *dmp;
1703 	int error;
1704 
1705 	vp = ap->a_vp;
1706 	vn_lock(vp, LK_SHARED | LK_RETRY);
1707 	if (VN_IS_DOOMED(vp)) {
1708 		VOP_UNLOCK(vp);
1709 		return (EBADF);
1710 	}
1711 	dmp = VFSTODEVFS(vp->v_mount);
1712 	sx_xlock(&dmp->dm_lock);
1713 	VOP_UNLOCK(vp);
1714 	DEVFS_DMP_HOLD(dmp);
1715 	devfs_populate(dmp);
1716 	if (DEVFS_DMP_DROP(dmp)) {
1717 		sx_xunlock(&dmp->dm_lock);
1718 		devfs_unmount_final(dmp);
1719 		return (ENOENT);
1720 	}
1721 	error = devfs_rules_ioctl(dmp, ap->a_command, ap->a_data, ap->a_td);
1722 	sx_xunlock(&dmp->dm_lock);
1723 	return (error);
1724 }
1725 
1726 static int
devfs_rread(struct vop_read_args * ap)1727 devfs_rread(struct vop_read_args *ap)
1728 {
1729 
1730 	if (ap->a_vp->v_type != VDIR)
1731 		return (EINVAL);
1732 	return (VOP_READDIR(ap->a_vp, ap->a_uio, ap->a_cred, NULL, NULL, NULL));
1733 }
1734 
1735 static int
devfs_setattr(struct vop_setattr_args * ap)1736 devfs_setattr(struct vop_setattr_args *ap)
1737 {
1738 	struct devfs_dirent *de;
1739 	struct vattr *vap;
1740 	struct vnode *vp;
1741 	struct thread *td;
1742 	int c, error;
1743 	uid_t uid;
1744 	gid_t gid;
1745 
1746 	vap = ap->a_vap;
1747 	vp = ap->a_vp;
1748 	td = curthread;
1749 	if ((vap->va_type != VNON) ||
1750 	    (vap->va_nlink != VNOVAL) ||
1751 	    (vap->va_fsid != VNOVAL) ||
1752 	    (vap->va_fileid != VNOVAL) ||
1753 	    (vap->va_blocksize != VNOVAL) ||
1754 	    (vap->va_flags != VNOVAL && vap->va_flags != 0) ||
1755 	    (vap->va_rdev != VNOVAL) ||
1756 	    ((int)vap->va_bytes != VNOVAL) ||
1757 	    (vap->va_gen != VNOVAL)) {
1758 		return (EINVAL);
1759 	}
1760 
1761 	error = devfs_populate_vp(vp);
1762 	if (error != 0)
1763 		return (error);
1764 
1765 	de = vp->v_data;
1766 	if (vp->v_type == VDIR)
1767 		de = de->de_dir;
1768 
1769 	c = 0;
1770 	if (vap->va_uid == (uid_t)VNOVAL)
1771 		uid = de->de_uid;
1772 	else
1773 		uid = vap->va_uid;
1774 	if (vap->va_gid == (gid_t)VNOVAL)
1775 		gid = de->de_gid;
1776 	else
1777 		gid = vap->va_gid;
1778 	if (uid != de->de_uid || gid != de->de_gid) {
1779 		if ((ap->a_cred->cr_uid != de->de_uid) || uid != de->de_uid ||
1780 		    (gid != de->de_gid && !groupmember(gid, ap->a_cred))) {
1781 			error = priv_check(td, PRIV_VFS_CHOWN);
1782 			if (error != 0)
1783 				goto ret;
1784 		}
1785 		de->de_uid = uid;
1786 		de->de_gid = gid;
1787 		c = 1;
1788 	}
1789 
1790 	if (vap->va_mode != (mode_t)VNOVAL) {
1791 		if (ap->a_cred->cr_uid != de->de_uid) {
1792 			error = priv_check(td, PRIV_VFS_ADMIN);
1793 			if (error != 0)
1794 				goto ret;
1795 		}
1796 		de->de_mode = vap->va_mode;
1797 		c = 1;
1798 	}
1799 
1800 	if (vap->va_atime.tv_sec != VNOVAL || vap->va_mtime.tv_sec != VNOVAL) {
1801 		error = vn_utimes_perm(vp, vap, ap->a_cred, td);
1802 		if (error != 0)
1803 			goto ret;
1804 		if (vap->va_atime.tv_sec != VNOVAL) {
1805 			if (vp->v_type == VCHR)
1806 				vp->v_rdev->si_atime = vap->va_atime;
1807 			else
1808 				de->de_atime = vap->va_atime;
1809 		}
1810 		if (vap->va_mtime.tv_sec != VNOVAL) {
1811 			if (vp->v_type == VCHR)
1812 				vp->v_rdev->si_mtime = vap->va_mtime;
1813 			else
1814 				de->de_mtime = vap->va_mtime;
1815 		}
1816 		c = 1;
1817 	}
1818 
1819 	if (c) {
1820 		if (vp->v_type == VCHR)
1821 			vfs_timestamp(&vp->v_rdev->si_ctime);
1822 		else
1823 			vfs_timestamp(&de->de_mtime);
1824 	}
1825 
1826 ret:
1827 	sx_xunlock(&VFSTODEVFS(vp->v_mount)->dm_lock);
1828 	return (error);
1829 }
1830 
1831 #ifdef MAC
1832 static int
devfs_setlabel(struct vop_setlabel_args * ap)1833 devfs_setlabel(struct vop_setlabel_args *ap)
1834 {
1835 	struct vnode *vp;
1836 	struct devfs_dirent *de;
1837 
1838 	vp = ap->a_vp;
1839 	de = vp->v_data;
1840 
1841 	mac_vnode_relabel(ap->a_cred, vp, ap->a_label);
1842 	mac_devfs_update(vp->v_mount, de, vp);
1843 
1844 	return (0);
1845 }
1846 #endif
1847 
1848 static int
devfs_stat_f(struct file * fp,struct stat * sb,struct ucred * cred)1849 devfs_stat_f(struct file *fp, struct stat *sb, struct ucred *cred)
1850 {
1851 
1852 	return (vnops.fo_stat(fp, sb, cred));
1853 }
1854 
1855 static int
devfs_symlink(struct vop_symlink_args * ap)1856 devfs_symlink(struct vop_symlink_args *ap)
1857 {
1858 	int i, error;
1859 	struct devfs_dirent *dd;
1860 	struct devfs_dirent *de, *de_covered, *de_dotdot;
1861 	struct devfs_mount *dmp;
1862 
1863 	error = priv_check(curthread, PRIV_DEVFS_SYMLINK);
1864 	if (error)
1865 		return(error);
1866 	dmp = VFSTODEVFS(ap->a_dvp->v_mount);
1867 	if (devfs_populate_vp(ap->a_dvp) != 0)
1868 		return (ENOENT);
1869 
1870 	dd = ap->a_dvp->v_data;
1871 	de = devfs_newdirent(ap->a_cnp->cn_nameptr, ap->a_cnp->cn_namelen);
1872 	de->de_flags = DE_USER;
1873 	de->de_uid = 0;
1874 	de->de_gid = 0;
1875 	de->de_mode = 0755;
1876 	de->de_inode = alloc_unr(devfs_inos);
1877 	de->de_dir = dd;
1878 	de->de_dirent->d_type = DT_LNK;
1879 	i = strlen(ap->a_target) + 1;
1880 	de->de_symlink = malloc(i, M_DEVFS, M_WAITOK);
1881 	bcopy(ap->a_target, de->de_symlink, i);
1882 #ifdef MAC
1883 	mac_devfs_create_symlink(ap->a_cnp->cn_cred, dmp->dm_mount, dd, de);
1884 #endif
1885 	de_covered = devfs_find(dd, de->de_dirent->d_name,
1886 	    de->de_dirent->d_namlen, 0);
1887 	if (de_covered != NULL) {
1888 		if ((de_covered->de_flags & DE_USER) != 0) {
1889 			devfs_delete(dmp, de, DEVFS_DEL_NORECURSE);
1890 			sx_xunlock(&dmp->dm_lock);
1891 			return (EEXIST);
1892 		}
1893 		KASSERT((de_covered->de_flags & DE_COVERED) == 0,
1894 		    ("devfs_symlink: entry %p already covered", de_covered));
1895 		de_covered->de_flags |= DE_COVERED;
1896 	}
1897 
1898 	de_dotdot = TAILQ_FIRST(&dd->de_dlist);		/* "." */
1899 	de_dotdot = TAILQ_NEXT(de_dotdot, de_list);	/* ".." */
1900 	TAILQ_INSERT_AFTER(&dd->de_dlist, de_dotdot, de, de_list);
1901 	devfs_dir_ref_de(dmp, dd);
1902 	devfs_rules_apply(dmp, de);
1903 
1904 	return (devfs_allocv(de, ap->a_dvp->v_mount, LK_EXCLUSIVE, ap->a_vpp));
1905 }
1906 
1907 static int
devfs_truncate_f(struct file * fp,off_t length,struct ucred * cred,struct thread * td)1908 devfs_truncate_f(struct file *fp, off_t length, struct ucred *cred, struct thread *td)
1909 {
1910 
1911 	return (vnops.fo_truncate(fp, length, cred, td));
1912 }
1913 
1914 static int
devfs_write_f(struct file * fp,struct uio * uio,struct ucred * cred,int flags,struct thread * td)1915 devfs_write_f(struct file *fp, struct uio *uio, struct ucred *cred,
1916     int flags, struct thread *td)
1917 {
1918 	struct cdev *dev;
1919 	int error, ioflag, ref;
1920 	ssize_t resid;
1921 	struct cdevsw *dsw;
1922 	struct file *fpop;
1923 
1924 	if (uio->uio_resid > DEVFS_IOSIZE_MAX)
1925 		return (EINVAL);
1926 	fpop = td->td_fpop;
1927 	error = devfs_fp_check(fp, &dev, &dsw, &ref);
1928 	if (error != 0) {
1929 		error = vnops.fo_write(fp, uio, cred, flags, td);
1930 		return (error);
1931 	}
1932 	KASSERT(uio->uio_td == td, ("uio_td %p is not td %p", uio->uio_td, td));
1933 	ioflag = fp->f_flag & (O_NONBLOCK | O_DIRECT | O_FSYNC);
1934 	if (ioflag & O_DIRECT)
1935 		ioflag |= IO_DIRECT;
1936 	foffset_lock_uio(fp, uio, flags | FOF_NOLOCK);
1937 
1938 	resid = uio->uio_resid;
1939 
1940 	error = dsw->d_write(dev, uio, ioflag);
1941 	if (uio->uio_resid != resid || (error == 0 && resid != 0)) {
1942 		devfs_timestamp(&dev->si_ctime);
1943 		dev->si_mtime = dev->si_ctime;
1944 	}
1945 	td->td_fpop = fpop;
1946 	dev_relthread(dev, ref);
1947 
1948 	foffset_unlock_uio(fp, uio, flags | FOF_NOLOCK | FOF_NEXTOFF_W);
1949 	return (error);
1950 }
1951 
1952 static int
devfs_mmap_f(struct file * fp,vm_map_t map,vm_offset_t * addr,vm_size_t size,vm_prot_t prot,vm_prot_t cap_maxprot,int flags,vm_ooffset_t foff,struct thread * td)1953 devfs_mmap_f(struct file *fp, vm_map_t map, vm_offset_t *addr, vm_size_t size,
1954     vm_prot_t prot, vm_prot_t cap_maxprot, int flags, vm_ooffset_t foff,
1955     struct thread *td)
1956 {
1957 	struct cdev *dev;
1958 	struct cdevsw *dsw;
1959 	struct mount *mp;
1960 	struct vnode *vp;
1961 	struct file *fpop;
1962 	vm_object_t object;
1963 	vm_prot_t maxprot;
1964 	int error, ref;
1965 
1966 	vp = fp->f_vnode;
1967 
1968 	/*
1969 	 * Ensure that file and memory protections are
1970 	 * compatible.
1971 	 */
1972 	mp = vp->v_mount;
1973 	if (mp != NULL && (mp->mnt_flag & MNT_NOEXEC) != 0) {
1974 		maxprot = VM_PROT_NONE;
1975 		if ((prot & VM_PROT_EXECUTE) != 0)
1976 			return (EACCES);
1977 	} else
1978 		maxprot = VM_PROT_EXECUTE;
1979 	if ((fp->f_flag & FREAD) != 0)
1980 		maxprot |= VM_PROT_READ;
1981 	else if ((prot & VM_PROT_READ) != 0)
1982 		return (EACCES);
1983 
1984 	/*
1985 	 * If we are sharing potential changes via MAP_SHARED and we
1986 	 * are trying to get write permission although we opened it
1987 	 * without asking for it, bail out.
1988 	 *
1989 	 * Note that most character devices always share mappings.
1990 	 * The one exception is that D_MMAP_ANON devices
1991 	 * (i.e. /dev/zero) permit private writable mappings.
1992 	 *
1993 	 * Rely on vm_mmap_cdev() to fail invalid MAP_PRIVATE requests
1994 	 * as well as updating maxprot to permit writing for
1995 	 * D_MMAP_ANON devices rather than doing that here.
1996 	 */
1997 	if ((flags & MAP_SHARED) != 0) {
1998 		if ((fp->f_flag & FWRITE) != 0)
1999 			maxprot |= VM_PROT_WRITE;
2000 		else if ((prot & VM_PROT_WRITE) != 0)
2001 			return (EACCES);
2002 	}
2003 	maxprot &= cap_maxprot;
2004 
2005 	fpop = td->td_fpop;
2006 	error = devfs_fp_check(fp, &dev, &dsw, &ref);
2007 	if (error != 0)
2008 		return (error);
2009 
2010 	error = vm_mmap_cdev(td, size, prot, &maxprot, &flags, dev, dsw, &foff,
2011 	    &object);
2012 	td->td_fpop = fpop;
2013 	dev_relthread(dev, ref);
2014 	if (error != 0)
2015 		return (error);
2016 
2017 	error = vm_mmap_object(map, addr, size, prot, maxprot, flags, object,
2018 	    foff, FALSE, td);
2019 	if (error != 0)
2020 		vm_object_deallocate(object);
2021 	return (error);
2022 }
2023 
2024 dev_t
dev2udev(struct cdev * x)2025 dev2udev(struct cdev *x)
2026 {
2027 	if (x == NULL)
2028 		return (NODEV);
2029 	return (cdev2priv(x)->cdp_inode);
2030 }
2031 
2032 static int
devfs_cmp_f(struct file * fp1,struct file * fp2,struct thread * td)2033 devfs_cmp_f(struct file *fp1, struct file *fp2, struct thread *td)
2034 {
2035 	if (fp2->f_type != DTYPE_VNODE || fp2->f_ops != &devfs_ops_f)
2036 		return (3);
2037 	return (kcmp_cmp((uintptr_t)fp1->f_data, (uintptr_t)fp2->f_data));
2038 }
2039 
2040 static const struct fileops devfs_ops_f = {
2041 	.fo_read =	devfs_read_f,
2042 	.fo_write =	devfs_write_f,
2043 	.fo_truncate =	devfs_truncate_f,
2044 	.fo_ioctl =	devfs_ioctl_f,
2045 	.fo_poll =	devfs_poll_f,
2046 	.fo_kqfilter =	devfs_kqfilter_f,
2047 	.fo_stat =	devfs_stat_f,
2048 	.fo_close =	devfs_close_f,
2049 	.fo_chmod =	vn_chmod,
2050 	.fo_chown =	vn_chown,
2051 	.fo_sendfile =	vn_sendfile,
2052 	.fo_seek =	vn_seek,
2053 	.fo_fill_kinfo = vn_fill_kinfo,
2054 	.fo_mmap =	devfs_mmap_f,
2055 	.fo_cmp =	devfs_cmp_f,
2056 	.fo_flags =	DFLAG_PASSABLE | DFLAG_SEEKABLE
2057 };
2058 
2059 /* Vops for non-CHR vnodes in /dev. */
2060 static struct vop_vector devfs_vnodeops = {
2061 	.vop_default =		&default_vnodeops,
2062 
2063 	.vop_access =		devfs_access,
2064 	.vop_getattr =		devfs_getattr,
2065 	.vop_ioctl =		devfs_rioctl,
2066 	.vop_lookup =		devfs_lookup,
2067 	.vop_mknod =		devfs_mknod,
2068 	.vop_pathconf =		devfs_pathconf,
2069 	.vop_read =		devfs_rread,
2070 	.vop_readdir =		devfs_readdir,
2071 	.vop_readlink =		devfs_readlink,
2072 	.vop_reclaim =		devfs_reclaim,
2073 	.vop_remove =		devfs_remove,
2074 	.vop_revoke =		devfs_revoke,
2075 	.vop_setattr =		devfs_setattr,
2076 #ifdef MAC
2077 	.vop_setlabel =		devfs_setlabel,
2078 #endif
2079 	.vop_symlink =		devfs_symlink,
2080 	.vop_vptocnp =		devfs_vptocnp,
2081 	.vop_lock1 =		vop_lock,
2082 	.vop_unlock =		vop_unlock,
2083 	.vop_islocked =		vop_islocked,
2084 	.vop_add_writecount =	vop_stdadd_writecount_nomsync,
2085 };
2086 VFS_VOP_VECTOR_REGISTER(devfs_vnodeops);
2087 
2088 /* Vops for VCHR vnodes in /dev. */
2089 static struct vop_vector devfs_specops = {
2090 	.vop_default =		&default_vnodeops,
2091 
2092 	.vop_access =		devfs_access,
2093 	.vop_bmap =		VOP_PANIC,
2094 	.vop_close =		devfs_close,
2095 	.vop_create =		VOP_PANIC,
2096 	.vop_fsync =		vop_stdfsync,
2097 	.vop_getattr =		devfs_getattr,
2098 	.vop_ioctl =		devfs_ioctl,
2099 	.vop_link =		VOP_PANIC,
2100 	.vop_mkdir =		VOP_PANIC,
2101 	.vop_mknod =		VOP_PANIC,
2102 	.vop_open =		devfs_open,
2103 	.vop_pathconf =		devfs_pathconf,
2104 	.vop_poll =		dead_poll,
2105 	.vop_print =		devfs_print,
2106 	.vop_read =		dead_read,
2107 	.vop_readdir =		VOP_PANIC,
2108 	.vop_readlink =		VOP_PANIC,
2109 	.vop_reallocblks =	VOP_PANIC,
2110 	.vop_reclaim =		devfs_reclaim_vchr,
2111 	.vop_remove =		devfs_remove,
2112 	.vop_rename =		VOP_PANIC,
2113 	.vop_revoke =		devfs_revoke,
2114 	.vop_rmdir =		VOP_PANIC,
2115 	.vop_setattr =		devfs_setattr,
2116 #ifdef MAC
2117 	.vop_setlabel =		devfs_setlabel,
2118 #endif
2119 	.vop_strategy =		VOP_PANIC,
2120 	.vop_symlink =		VOP_PANIC,
2121 	.vop_vptocnp =		devfs_vptocnp,
2122 	.vop_write =		dead_write,
2123 	.vop_lock1 =		vop_lock,
2124 	.vop_unlock =		vop_unlock,
2125 	.vop_islocked =		vop_islocked,
2126 	.vop_add_writecount =	vop_stdadd_writecount_nomsync,
2127 };
2128 VFS_VOP_VECTOR_REGISTER(devfs_specops);
2129 
2130 /*
2131  * Our calling convention to the device drivers used to be that we passed
2132  * vnode.h IO_* flags to read()/write(), but we're moving to fcntl.h O_
2133  * flags instead since that's what open(), close() and ioctl() takes and
2134  * we don't really want vnode.h in device drivers.
2135  * We solved the source compatibility by redefining some vnode flags to
2136  * be the same as the fcntl ones and by sending down the bitwise OR of
2137  * the respective fcntl/vnode flags.  These CTASSERTS make sure nobody
2138  * pulls the rug out under this.
2139  */
2140 CTASSERT(O_NONBLOCK == IO_NDELAY);
2141 CTASSERT(O_FSYNC == IO_SYNC);
2142