1 /* 2 * Copyright (c) 1992, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * This code is derived from software contributed to Berkeley by 6 * John Heidemann of the UCLA Ficus project. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. All advertising materials mentioning features or use of this software 17 * must display the following acknowledgement: 18 * This product includes software developed by the University of 19 * California, Berkeley and its contributors. 20 * 4. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)null_vnops.c 8.6 (Berkeley) 5/27/95 37 * 38 * Ancestors: 39 * @(#)lofs_vnops.c 1.2 (Berkeley) 6/18/92 40 * $FreeBSD$ 41 * ...and... 42 * @(#)null_vnodeops.c 1.20 92/07/07 UCLA Ficus project 43 * 44 * $FreeBSD$ 45 */ 46 47 /* 48 * Null Layer 49 * 50 * (See mount_null(8) for more information.) 51 * 52 * The null layer duplicates a portion of the file system 53 * name space under a new name. In this respect, it is 54 * similar to the loopback file system. It differs from 55 * the loopback fs in two respects: it is implemented using 56 * a stackable layers techniques, and its "null-node"s stack above 57 * all lower-layer vnodes, not just over directory vnodes. 58 * 59 * The null layer has two purposes. First, it serves as a demonstration 60 * of layering by proving a layer which does nothing. (It actually 61 * does everything the loopback file system does, which is slightly 62 * more than nothing.) Second, the null layer can serve as a prototype 63 * layer. Since it provides all necessary layer framework, 64 * new file system layers can be created very easily be starting 65 * with a null layer. 66 * 67 * The remainder of this man page examines the null layer as a basis 68 * for constructing new layers. 69 * 70 * 71 * INSTANTIATING NEW NULL LAYERS 72 * 73 * New null layers are created with mount_null(8). 74 * Mount_null(8) takes two arguments, the pathname 75 * of the lower vfs (target-pn) and the pathname where the null 76 * layer will appear in the namespace (alias-pn). After 77 * the null layer is put into place, the contents 78 * of target-pn subtree will be aliased under alias-pn. 79 * 80 * 81 * OPERATION OF A NULL LAYER 82 * 83 * The null layer is the minimum file system layer, 84 * simply bypassing all possible operations to the lower layer 85 * for processing there. The majority of its activity centers 86 * on the bypass routine, through which nearly all vnode operations 87 * pass. 88 * 89 * The bypass routine accepts arbitrary vnode operations for 90 * handling by the lower layer. It begins by examing vnode 91 * operation arguments and replacing any null-nodes by their 92 * lower-layer equivlants. It then invokes the operation 93 * on the lower layer. Finally, it replaces the null-nodes 94 * in the arguments and, if a vnode is return by the operation, 95 * stacks a null-node on top of the returned vnode. 96 * 97 * Although bypass handles most operations, vop_getattr, vop_lock, 98 * vop_unlock, vop_inactive, vop_reclaim, and vop_print are not 99 * bypassed. Vop_getattr must change the fsid being returned. 100 * Vop_lock and vop_unlock must handle any locking for the 101 * current vnode as well as pass the lock request down. 102 * Vop_inactive and vop_reclaim are not bypassed so that 103 * they can handle freeing null-layer specific data. Vop_print 104 * is not bypassed to avoid excessive debugging information. 105 * Also, certain vnode operations change the locking state within 106 * the operation (create, mknod, remove, link, rename, mkdir, rmdir, 107 * and symlink). Ideally these operations should not change the 108 * lock state, but should be changed to let the caller of the 109 * function unlock them. Otherwise all intermediate vnode layers 110 * (such as union, umapfs, etc) must catch these functions to do 111 * the necessary locking at their layer. 112 * 113 * 114 * INSTANTIATING VNODE STACKS 115 * 116 * Mounting associates the null layer with a lower layer, 117 * effect stacking two VFSes. Vnode stacks are instead 118 * created on demand as files are accessed. 119 * 120 * The initial mount creates a single vnode stack for the 121 * root of the new null layer. All other vnode stacks 122 * are created as a result of vnode operations on 123 * this or other null vnode stacks. 124 * 125 * New vnode stacks come into existance as a result of 126 * an operation which returns a vnode. 127 * The bypass routine stacks a null-node above the new 128 * vnode before returning it to the caller. 129 * 130 * For example, imagine mounting a null layer with 131 * "mount_null /usr/include /dev/layer/null". 132 * Changing directory to /dev/layer/null will assign 133 * the root null-node (which was created when the null layer was mounted). 134 * Now consider opening "sys". A vop_lookup would be 135 * done on the root null-node. This operation would bypass through 136 * to the lower layer which would return a vnode representing 137 * the UFS "sys". Null_bypass then builds a null-node 138 * aliasing the UFS "sys" and returns this to the caller. 139 * Later operations on the null-node "sys" will repeat this 140 * process when constructing other vnode stacks. 141 * 142 * 143 * CREATING OTHER FILE SYSTEM LAYERS 144 * 145 * One of the easiest ways to construct new file system layers is to make 146 * a copy of the null layer, rename all files and variables, and 147 * then begin modifing the copy. Sed can be used to easily rename 148 * all variables. 149 * 150 * The umap layer is an example of a layer descended from the 151 * null layer. 152 * 153 * 154 * INVOKING OPERATIONS ON LOWER LAYERS 155 * 156 * There are two techniques to invoke operations on a lower layer 157 * when the operation cannot be completely bypassed. Each method 158 * is appropriate in different situations. In both cases, 159 * it is the responsibility of the aliasing layer to make 160 * the operation arguments "correct" for the lower layer 161 * by mapping an vnode arguments to the lower layer. 162 * 163 * The first approach is to call the aliasing layer's bypass routine. 164 * This method is most suitable when you wish to invoke the operation 165 * currently being handled on the lower layer. It has the advantage 166 * that the bypass routine already must do argument mapping. 167 * An example of this is null_getattrs in the null layer. 168 * 169 * A second approach is to directly invoke vnode operations on 170 * the lower layer with the VOP_OPERATIONNAME interface. 171 * The advantage of this method is that it is easy to invoke 172 * arbitrary operations on the lower layer. The disadvantage 173 * is that vnode arguments must be manualy mapped. 174 * 175 */ 176 177 #include <sys/param.h> 178 #include <sys/systm.h> 179 #include <sys/kernel.h> 180 #include <sys/sysctl.h> 181 #include <sys/vnode.h> 182 #include <sys/mount.h> 183 #include <sys/namei.h> 184 #include <sys/malloc.h> 185 #include <miscfs/nullfs/null.h> 186 187 static int null_bug_bypass = 0; /* for debugging: enables bypass printf'ing */ 188 SYSCTL_INT(_debug, OID_AUTO, nullfs_bug_bypass, CTLFLAG_RW, 189 &null_bug_bypass, 0, ""); 190 191 static int null_access __P((struct vop_access_args *ap)); 192 static int null_getattr __P((struct vop_getattr_args *ap)); 193 static int null_inactive __P((struct vop_inactive_args *ap)); 194 static int null_lock __P((struct vop_lock_args *ap)); 195 static int null_lookup __P((struct vop_lookup_args *ap)); 196 static int null_print __P((struct vop_print_args *ap)); 197 static int null_reclaim __P((struct vop_reclaim_args *ap)); 198 static int null_setattr __P((struct vop_setattr_args *ap)); 199 static int null_unlock __P((struct vop_unlock_args *ap)); 200 201 /* 202 * This is the 10-Apr-92 bypass routine. 203 * This version has been optimized for speed, throwing away some 204 * safety checks. It should still always work, but it's not as 205 * robust to programmer errors. 206 * 207 * In general, we map all vnodes going down and unmap them on the way back. 208 * As an exception to this, vnodes can be marked "unmapped" by setting 209 * the Nth bit in operation's vdesc_flags. 210 * 211 * Also, some BSD vnode operations have the side effect of vrele'ing 212 * their arguments. With stacking, the reference counts are held 213 * by the upper node, not the lower one, so we must handle these 214 * side-effects here. This is not of concern in Sun-derived systems 215 * since there are no such side-effects. 216 * 217 * This makes the following assumptions: 218 * - only one returned vpp 219 * - no INOUT vpp's (Sun's vop_open has one of these) 220 * - the vnode operation vector of the first vnode should be used 221 * to determine what implementation of the op should be invoked 222 * - all mapped vnodes are of our vnode-type (NEEDSWORK: 223 * problems on rmdir'ing mount points and renaming?) 224 */ 225 int 226 null_bypass(ap) 227 struct vop_generic_args /* { 228 struct vnodeop_desc *a_desc; 229 <other random data follows, presumably> 230 } */ *ap; 231 { 232 register struct vnode **this_vp_p; 233 int error; 234 struct vnode *old_vps[VDESC_MAX_VPS]; 235 struct vnode **vps_p[VDESC_MAX_VPS]; 236 struct vnode ***vppp; 237 struct vnodeop_desc *descp = ap->a_desc; 238 int reles, i; 239 240 if (null_bug_bypass) 241 printf ("null_bypass: %s\n", descp->vdesc_name); 242 243 #ifdef DIAGNOSTIC 244 /* 245 * We require at least one vp. 246 */ 247 if (descp->vdesc_vp_offsets == NULL || 248 descp->vdesc_vp_offsets[0] == VDESC_NO_OFFSET) 249 panic ("null_bypass: no vp's in map"); 250 #endif 251 252 /* 253 * Map the vnodes going in. 254 * Later, we'll invoke the operation based on 255 * the first mapped vnode's operation vector. 256 */ 257 reles = descp->vdesc_flags; 258 for (i = 0; i < VDESC_MAX_VPS; reles >>= 1, i++) { 259 if (descp->vdesc_vp_offsets[i] == VDESC_NO_OFFSET) 260 break; /* bail out at end of list */ 261 vps_p[i] = this_vp_p = 262 VOPARG_OFFSETTO(struct vnode**,descp->vdesc_vp_offsets[i],ap); 263 /* 264 * We're not guaranteed that any but the first vnode 265 * are of our type. Check for and don't map any 266 * that aren't. (We must always map first vp or vclean fails.) 267 */ 268 if (i && (*this_vp_p == NULLVP || 269 (*this_vp_p)->v_op != null_vnodeop_p)) { 270 old_vps[i] = NULLVP; 271 } else { 272 old_vps[i] = *this_vp_p; 273 *(vps_p[i]) = NULLVPTOLOWERVP(*this_vp_p); 274 /* 275 * XXX - Several operations have the side effect 276 * of vrele'ing their vp's. We must account for 277 * that. (This should go away in the future.) 278 */ 279 if (reles & 1) 280 VREF(*this_vp_p); 281 } 282 283 } 284 285 /* 286 * Call the operation on the lower layer 287 * with the modified argument structure. 288 */ 289 error = VCALL(*(vps_p[0]), descp->vdesc_offset, ap); 290 291 /* 292 * Maintain the illusion of call-by-value 293 * by restoring vnodes in the argument structure 294 * to their original value. 295 */ 296 reles = descp->vdesc_flags; 297 for (i = 0; i < VDESC_MAX_VPS; reles >>= 1, i++) { 298 if (descp->vdesc_vp_offsets[i] == VDESC_NO_OFFSET) 299 break; /* bail out at end of list */ 300 if (old_vps[i]) { 301 *(vps_p[i]) = old_vps[i]; 302 if (reles & 1) 303 vrele(*(vps_p[i])); 304 } 305 } 306 307 /* 308 * Map the possible out-going vpp 309 * (Assumes that the lower layer always returns 310 * a VREF'ed vpp unless it gets an error.) 311 */ 312 if (descp->vdesc_vpp_offset != VDESC_NO_OFFSET && 313 !(descp->vdesc_flags & VDESC_NOMAP_VPP) && 314 !error) { 315 /* 316 * XXX - even though some ops have vpp returned vp's, 317 * several ops actually vrele this before returning. 318 * We must avoid these ops. 319 * (This should go away when these ops are regularized.) 320 */ 321 if (descp->vdesc_flags & VDESC_VPP_WILLRELE) 322 goto out; 323 vppp = VOPARG_OFFSETTO(struct vnode***, 324 descp->vdesc_vpp_offset,ap); 325 if (*vppp) 326 error = null_node_create(old_vps[0]->v_mount, **vppp, *vppp); 327 } 328 329 out: 330 return (error); 331 } 332 333 /* 334 * We have to carry on the locking protocol on the null layer vnodes 335 * as we progress through the tree. We also have to enforce read-only 336 * if this layer is mounted read-only. 337 */ 338 static int 339 null_lookup(ap) 340 struct vop_lookup_args /* { 341 struct vnode * a_dvp; 342 struct vnode ** a_vpp; 343 struct componentname * a_cnp; 344 } */ *ap; 345 { 346 struct componentname *cnp = ap->a_cnp; 347 struct proc *p = cnp->cn_proc; 348 int flags = cnp->cn_flags; 349 struct vop_lock_args lockargs; 350 struct vop_unlock_args unlockargs; 351 struct vnode *dvp, *vp; 352 int error; 353 354 if ((flags & ISLASTCN) && (ap->a_dvp->v_mount->mnt_flag & MNT_RDONLY) && 355 (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)) 356 return (EROFS); 357 error = null_bypass((struct vop_generic_args *)ap); 358 if (error == EJUSTRETURN && (flags & ISLASTCN) && 359 (ap->a_dvp->v_mount->mnt_flag & MNT_RDONLY) && 360 (cnp->cn_nameiop == CREATE || cnp->cn_nameiop == RENAME)) 361 error = EROFS; 362 /* 363 * We must do the same locking and unlocking at this layer as 364 * is done in the layers below us. We could figure this out 365 * based on the error return and the LASTCN, LOCKPARENT, and 366 * LOCKLEAF flags. However, it is more expidient to just find 367 * out the state of the lower level vnodes and set ours to the 368 * same state. 369 */ 370 dvp = ap->a_dvp; 371 vp = *ap->a_vpp; 372 if (dvp == vp) 373 return (error); 374 if (!VOP_ISLOCKED(dvp, NULL)) { 375 unlockargs.a_vp = dvp; 376 unlockargs.a_flags = 0; 377 unlockargs.a_p = p; 378 vop_nounlock(&unlockargs); 379 } 380 if (vp != NULLVP && VOP_ISLOCKED(vp, NULL)) { 381 lockargs.a_vp = vp; 382 lockargs.a_flags = LK_SHARED; 383 lockargs.a_p = p; 384 vop_nolock(&lockargs); 385 } 386 return (error); 387 } 388 389 /* 390 * Setattr call. Disallow write attempts if the layer is mounted read-only. 391 */ 392 int 393 null_setattr(ap) 394 struct vop_setattr_args /* { 395 struct vnodeop_desc *a_desc; 396 struct vnode *a_vp; 397 struct vattr *a_vap; 398 struct ucred *a_cred; 399 struct proc *a_p; 400 } */ *ap; 401 { 402 struct vnode *vp = ap->a_vp; 403 struct vattr *vap = ap->a_vap; 404 405 if ((vap->va_flags != VNOVAL || vap->va_uid != (uid_t)VNOVAL || 406 vap->va_gid != (gid_t)VNOVAL || vap->va_atime.tv_sec != VNOVAL || 407 vap->va_mtime.tv_sec != VNOVAL || vap->va_mode != (mode_t)VNOVAL) && 408 (vp->v_mount->mnt_flag & MNT_RDONLY)) 409 return (EROFS); 410 if (vap->va_size != VNOVAL) { 411 switch (vp->v_type) { 412 case VDIR: 413 return (EISDIR); 414 case VCHR: 415 case VBLK: 416 case VSOCK: 417 case VFIFO: 418 if (vap->va_flags != VNOVAL) 419 return (EOPNOTSUPP); 420 return (0); 421 case VREG: 422 case VLNK: 423 default: 424 /* 425 * Disallow write attempts if the filesystem is 426 * mounted read-only. 427 */ 428 if (vp->v_mount->mnt_flag & MNT_RDONLY) 429 return (EROFS); 430 } 431 } 432 return (null_bypass((struct vop_generic_args *)ap)); 433 } 434 435 /* 436 * We handle getattr only to change the fsid. 437 */ 438 static int 439 null_getattr(ap) 440 struct vop_getattr_args /* { 441 struct vnode *a_vp; 442 struct vattr *a_vap; 443 struct ucred *a_cred; 444 struct proc *a_p; 445 } */ *ap; 446 { 447 int error; 448 449 if ((error = null_bypass((struct vop_generic_args *)ap)) != 0) 450 return (error); 451 return (0); 452 } 453 454 static int 455 null_access(ap) 456 struct vop_access_args /* { 457 struct vnode *a_vp; 458 int a_mode; 459 struct ucred *a_cred; 460 struct proc *a_p; 461 } */ *ap; 462 { 463 struct vnode *vp = ap->a_vp; 464 mode_t mode = ap->a_mode; 465 466 /* 467 * Disallow write attempts on read-only layers; 468 * unless the file is a socket, fifo, or a block or 469 * character device resident on the file system. 470 */ 471 if (mode & VWRITE) { 472 switch (vp->v_type) { 473 case VDIR: 474 case VLNK: 475 case VREG: 476 if (vp->v_mount->mnt_flag & MNT_RDONLY) 477 return (EROFS); 478 break; 479 default: 480 break; 481 } 482 } 483 return (null_bypass((struct vop_generic_args *)ap)); 484 } 485 486 /* 487 * We need to process our own vnode lock and then clear the 488 * interlock flag as it applies only to our vnode, not the 489 * vnodes below us on the stack. 490 */ 491 static int 492 null_lock(ap) 493 struct vop_lock_args /* { 494 struct vnode *a_vp; 495 int a_flags; 496 struct proc *a_p; 497 } */ *ap; 498 { 499 500 vop_nolock(ap); 501 if ((ap->a_flags & LK_TYPE_MASK) == LK_DRAIN) 502 return (0); 503 ap->a_flags &= ~LK_INTERLOCK; 504 return (null_bypass((struct vop_generic_args *)ap)); 505 } 506 507 /* 508 * We need to process our own vnode unlock and then clear the 509 * interlock flag as it applies only to our vnode, not the 510 * vnodes below us on the stack. 511 */ 512 static int 513 null_unlock(ap) 514 struct vop_unlock_args /* { 515 struct vnode *a_vp; 516 int a_flags; 517 struct proc *a_p; 518 } */ *ap; 519 { 520 vop_nounlock(ap); 521 ap->a_flags &= ~LK_INTERLOCK; 522 return (null_bypass((struct vop_generic_args *)ap)); 523 } 524 525 static int 526 null_inactive(ap) 527 struct vop_inactive_args /* { 528 struct vnode *a_vp; 529 struct proc *a_p; 530 } */ *ap; 531 { 532 struct vnode *vp = ap->a_vp; 533 struct null_node *xp = VTONULL(vp); 534 struct vnode *lowervp = xp->null_lowervp; 535 /* 536 * Do nothing (and _don't_ bypass). 537 * Wait to vrele lowervp until reclaim, 538 * so that until then our null_node is in the 539 * cache and reusable. 540 * We still have to tell the lower layer the vnode 541 * is now inactive though. 542 * 543 * NEEDSWORK: Someday, consider inactive'ing 544 * the lowervp and then trying to reactivate it 545 * with capabilities (v_id) 546 * like they do in the name lookup cache code. 547 * That's too much work for now. 548 */ 549 VOP_INACTIVE(lowervp, ap->a_p); 550 VOP_UNLOCK(ap->a_vp, 0, ap->a_p); 551 return (0); 552 } 553 554 static int 555 null_reclaim(ap) 556 struct vop_reclaim_args /* { 557 struct vnode *a_vp; 558 struct proc *a_p; 559 } */ *ap; 560 { 561 struct vnode *vp = ap->a_vp; 562 struct null_node *xp = VTONULL(vp); 563 struct vnode *lowervp = xp->null_lowervp; 564 565 /* 566 * Note: in vop_reclaim, vp->v_op == dead_vnodeop_p, 567 * so we can't call VOPs on ourself. 568 */ 569 /* After this assignment, this node will not be re-used. */ 570 xp->null_lowervp = NULLVP; 571 LIST_REMOVE(xp, null_hash); 572 FREE(vp->v_data, M_TEMP); 573 vp->v_data = NULL; 574 vrele (lowervp); 575 return (0); 576 } 577 578 static int 579 null_print(ap) 580 struct vop_print_args /* { 581 struct vnode *a_vp; 582 } */ *ap; 583 { 584 register struct vnode *vp = ap->a_vp; 585 printf ("\ttag VT_NULLFS, vp=%p, lowervp=%p\n", vp, NULLVPTOLOWERVP(vp)); 586 return (0); 587 } 588 589 /* 590 * Global vfs data structures 591 */ 592 vop_t **null_vnodeop_p; 593 static struct vnodeopv_entry_desc null_vnodeop_entries[] = { 594 { &vop_default_desc, (vop_t *) null_bypass }, 595 { &vop_access_desc, (vop_t *) null_access }, 596 { &vop_getattr_desc, (vop_t *) null_getattr }, 597 { &vop_inactive_desc, (vop_t *) null_inactive }, 598 { &vop_lock_desc, (vop_t *) null_lock }, 599 { &vop_lookup_desc, (vop_t *) null_lookup }, 600 { &vop_print_desc, (vop_t *) null_print }, 601 { &vop_reclaim_desc, (vop_t *) null_reclaim }, 602 { &vop_setattr_desc, (vop_t *) null_setattr }, 603 { &vop_unlock_desc, (vop_t *) null_unlock }, 604 { NULL, NULL } 605 }; 606 static struct vnodeopv_desc null_vnodeop_opv_desc = 607 { &null_vnodeop_p, null_vnodeop_entries }; 608 609 VNODEOP_SET(null_vnodeop_opv_desc); 610