1 /* 2 * Copyright (c) 1992, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * This code is derived from software contributed to Berkeley by 6 * John Heidemann of the UCLA Ficus project. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. All advertising materials mentioning features or use of this software 17 * must display the following acknowledgement: 18 * This product includes software developed by the University of 19 * California, Berkeley and its contributors. 20 * 4. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)null_vnops.c 8.6 (Berkeley) 5/27/95 37 * 38 * Ancestors: 39 * @(#)lofs_vnops.c 1.2 (Berkeley) 6/18/92 40 * $FreeBSD$ 41 * ...and... 42 * @(#)null_vnodeops.c 1.20 92/07/07 UCLA Ficus project 43 * 44 * $FreeBSD$ 45 */ 46 47 /* 48 * Null Layer 49 * 50 * (See mount_null(8) for more information.) 51 * 52 * The null layer duplicates a portion of the file system 53 * name space under a new name. In this respect, it is 54 * similar to the loopback file system. It differs from 55 * the loopback fs in two respects: it is implemented using 56 * a stackable layers techniques, and its "null-node"s stack above 57 * all lower-layer vnodes, not just over directory vnodes. 58 * 59 * The null layer has two purposes. First, it serves as a demonstration 60 * of layering by proving a layer which does nothing. (It actually 61 * does everything the loopback file system does, which is slightly 62 * more than nothing.) Second, the null layer can serve as a prototype 63 * layer. Since it provides all necessary layer framework, 64 * new file system layers can be created very easily be starting 65 * with a null layer. 66 * 67 * The remainder of this man page examines the null layer as a basis 68 * for constructing new layers. 69 * 70 * 71 * INSTANTIATING NEW NULL LAYERS 72 * 73 * New null layers are created with mount_null(8). 74 * Mount_null(8) takes two arguments, the pathname 75 * of the lower vfs (target-pn) and the pathname where the null 76 * layer will appear in the namespace (alias-pn). After 77 * the null layer is put into place, the contents 78 * of target-pn subtree will be aliased under alias-pn. 79 * 80 * 81 * OPERATION OF A NULL LAYER 82 * 83 * The null layer is the minimum file system layer, 84 * simply bypassing all possible operations to the lower layer 85 * for processing there. The majority of its activity centers 86 * on the bypass routine, through which nearly all vnode operations 87 * pass. 88 * 89 * The bypass routine accepts arbitrary vnode operations for 90 * handling by the lower layer. It begins by examing vnode 91 * operation arguments and replacing any null-nodes by their 92 * lower-layer equivlants. It then invokes the operation 93 * on the lower layer. Finally, it replaces the null-nodes 94 * in the arguments and, if a vnode is return by the operation, 95 * stacks a null-node on top of the returned vnode. 96 * 97 * Although bypass handles most operations, vop_getattr, vop_lock, 98 * vop_unlock, vop_inactive, vop_reclaim, and vop_print are not 99 * bypassed. Vop_getattr must change the fsid being returned. 100 * Vop_lock and vop_unlock must handle any locking for the 101 * current vnode as well as pass the lock request down. 102 * Vop_inactive and vop_reclaim are not bypassed so that 103 * they can handle freeing null-layer specific data. Vop_print 104 * is not bypassed to avoid excessive debugging information. 105 * Also, certain vnode operations change the locking state within 106 * the operation (create, mknod, remove, link, rename, mkdir, rmdir, 107 * and symlink). Ideally these operations should not change the 108 * lock state, but should be changed to let the caller of the 109 * function unlock them. Otherwise all intermediate vnode layers 110 * (such as union, umapfs, etc) must catch these functions to do 111 * the necessary locking at their layer. 112 * 113 * 114 * INSTANTIATING VNODE STACKS 115 * 116 * Mounting associates the null layer with a lower layer, 117 * effect stacking two VFSes. Vnode stacks are instead 118 * created on demand as files are accessed. 119 * 120 * The initial mount creates a single vnode stack for the 121 * root of the new null layer. All other vnode stacks 122 * are created as a result of vnode operations on 123 * this or other null vnode stacks. 124 * 125 * New vnode stacks come into existance as a result of 126 * an operation which returns a vnode. 127 * The bypass routine stacks a null-node above the new 128 * vnode before returning it to the caller. 129 * 130 * For example, imagine mounting a null layer with 131 * "mount_null /usr/include /dev/layer/null". 132 * Changing directory to /dev/layer/null will assign 133 * the root null-node (which was created when the null layer was mounted). 134 * Now consider opening "sys". A vop_lookup would be 135 * done on the root null-node. This operation would bypass through 136 * to the lower layer which would return a vnode representing 137 * the UFS "sys". Null_bypass then builds a null-node 138 * aliasing the UFS "sys" and returns this to the caller. 139 * Later operations on the null-node "sys" will repeat this 140 * process when constructing other vnode stacks. 141 * 142 * 143 * CREATING OTHER FILE SYSTEM LAYERS 144 * 145 * One of the easiest ways to construct new file system layers is to make 146 * a copy of the null layer, rename all files and variables, and 147 * then begin modifing the copy. Sed can be used to easily rename 148 * all variables. 149 * 150 * The umap layer is an example of a layer descended from the 151 * null layer. 152 * 153 * 154 * INVOKING OPERATIONS ON LOWER LAYERS 155 * 156 * There are two techniques to invoke operations on a lower layer 157 * when the operation cannot be completely bypassed. Each method 158 * is appropriate in different situations. In both cases, 159 * it is the responsibility of the aliasing layer to make 160 * the operation arguments "correct" for the lower layer 161 * by mapping an vnode arguments to the lower layer. 162 * 163 * The first approach is to call the aliasing layer's bypass routine. 164 * This method is most suitable when you wish to invoke the operation 165 * currently being handled on the lower layer. It has the advantage 166 * that the bypass routine already must do argument mapping. 167 * An example of this is null_getattrs in the null layer. 168 * 169 * A second approach is to directly invoke vnode operations on 170 * the lower layer with the VOP_OPERATIONNAME interface. 171 * The advantage of this method is that it is easy to invoke 172 * arbitrary operations on the lower layer. The disadvantage 173 * is that vnode arguments must be manualy mapped. 174 * 175 */ 176 177 #include <sys/param.h> 178 #include <sys/systm.h> 179 #include <sys/kernel.h> 180 #include <sys/sysctl.h> 181 #include <sys/vnode.h> 182 #include <sys/mount.h> 183 #include <sys/namei.h> 184 #include <sys/malloc.h> 185 #include <sys/buf.h> 186 #include <miscfs/nullfs/null.h> 187 188 static int null_bug_bypass = 0; /* for debugging: enables bypass printf'ing */ 189 SYSCTL_INT(_debug, OID_AUTO, nullfs_bug_bypass, CTLFLAG_RW, 190 &null_bug_bypass, 0, ""); 191 192 static int null_access __P((struct vop_access_args *ap)); 193 static int null_getattr __P((struct vop_getattr_args *ap)); 194 static int null_inactive __P((struct vop_inactive_args *ap)); 195 static int null_lock __P((struct vop_lock_args *ap)); 196 static int null_lookup __P((struct vop_lookup_args *ap)); 197 static int null_print __P((struct vop_print_args *ap)); 198 static int null_reclaim __P((struct vop_reclaim_args *ap)); 199 static int null_setattr __P((struct vop_setattr_args *ap)); 200 static int null_unlock __P((struct vop_unlock_args *ap)); 201 202 /* 203 * This is the 10-Apr-92 bypass routine. 204 * This version has been optimized for speed, throwing away some 205 * safety checks. It should still always work, but it's not as 206 * robust to programmer errors. 207 * 208 * In general, we map all vnodes going down and unmap them on the way back. 209 * As an exception to this, vnodes can be marked "unmapped" by setting 210 * the Nth bit in operation's vdesc_flags. 211 * 212 * Also, some BSD vnode operations have the side effect of vrele'ing 213 * their arguments. With stacking, the reference counts are held 214 * by the upper node, not the lower one, so we must handle these 215 * side-effects here. This is not of concern in Sun-derived systems 216 * since there are no such side-effects. 217 * 218 * This makes the following assumptions: 219 * - only one returned vpp 220 * - no INOUT vpp's (Sun's vop_open has one of these) 221 * - the vnode operation vector of the first vnode should be used 222 * to determine what implementation of the op should be invoked 223 * - all mapped vnodes are of our vnode-type (NEEDSWORK: 224 * problems on rmdir'ing mount points and renaming?) 225 */ 226 int 227 null_bypass(ap) 228 struct vop_generic_args /* { 229 struct vnodeop_desc *a_desc; 230 <other random data follows, presumably> 231 } */ *ap; 232 { 233 register struct vnode **this_vp_p; 234 int error; 235 struct vnode *old_vps[VDESC_MAX_VPS]; 236 struct vnode **vps_p[VDESC_MAX_VPS]; 237 struct vnode ***vppp; 238 struct vnodeop_desc *descp = ap->a_desc; 239 int reles, i; 240 241 if (null_bug_bypass) 242 printf ("null_bypass: %s\n", descp->vdesc_name); 243 244 #ifdef DIAGNOSTIC 245 /* 246 * We require at least one vp. 247 */ 248 if (descp->vdesc_vp_offsets == NULL || 249 descp->vdesc_vp_offsets[0] == VDESC_NO_OFFSET) 250 panic ("null_bypass: no vp's in map"); 251 #endif 252 253 /* 254 * Map the vnodes going in. 255 * Later, we'll invoke the operation based on 256 * the first mapped vnode's operation vector. 257 */ 258 reles = descp->vdesc_flags; 259 for (i = 0; i < VDESC_MAX_VPS; reles >>= 1, i++) { 260 if (descp->vdesc_vp_offsets[i] == VDESC_NO_OFFSET) 261 break; /* bail out at end of list */ 262 vps_p[i] = this_vp_p = 263 VOPARG_OFFSETTO(struct vnode**,descp->vdesc_vp_offsets[i],ap); 264 /* 265 * We're not guaranteed that any but the first vnode 266 * are of our type. Check for and don't map any 267 * that aren't. (We must always map first vp or vclean fails.) 268 */ 269 if (i && (*this_vp_p == NULLVP || 270 (*this_vp_p)->v_op != null_vnodeop_p)) { 271 old_vps[i] = NULLVP; 272 } else { 273 old_vps[i] = *this_vp_p; 274 *(vps_p[i]) = NULLVPTOLOWERVP(*this_vp_p); 275 /* 276 * XXX - Several operations have the side effect 277 * of vrele'ing their vp's. We must account for 278 * that. (This should go away in the future.) 279 */ 280 if (reles & 1) 281 VREF(*this_vp_p); 282 } 283 284 } 285 286 /* 287 * Call the operation on the lower layer 288 * with the modified argument structure. 289 */ 290 error = VCALL(*(vps_p[0]), descp->vdesc_offset, ap); 291 292 /* 293 * Maintain the illusion of call-by-value 294 * by restoring vnodes in the argument structure 295 * to their original value. 296 */ 297 reles = descp->vdesc_flags; 298 for (i = 0; i < VDESC_MAX_VPS; reles >>= 1, i++) { 299 if (descp->vdesc_vp_offsets[i] == VDESC_NO_OFFSET) 300 break; /* bail out at end of list */ 301 if (old_vps[i]) { 302 *(vps_p[i]) = old_vps[i]; 303 if (reles & 1) 304 vrele(*(vps_p[i])); 305 } 306 } 307 308 /* 309 * Map the possible out-going vpp 310 * (Assumes that the lower layer always returns 311 * a VREF'ed vpp unless it gets an error.) 312 */ 313 if (descp->vdesc_vpp_offset != VDESC_NO_OFFSET && 314 !(descp->vdesc_flags & VDESC_NOMAP_VPP) && 315 !error) { 316 /* 317 * XXX - even though some ops have vpp returned vp's, 318 * several ops actually vrele this before returning. 319 * We must avoid these ops. 320 * (This should go away when these ops are regularized.) 321 */ 322 if (descp->vdesc_flags & VDESC_VPP_WILLRELE) 323 goto out; 324 vppp = VOPARG_OFFSETTO(struct vnode***, 325 descp->vdesc_vpp_offset,ap); 326 if (*vppp) 327 error = null_node_create(old_vps[0]->v_mount, **vppp, *vppp); 328 } 329 330 out: 331 return (error); 332 } 333 334 /* 335 * We have to carry on the locking protocol on the null layer vnodes 336 * as we progress through the tree. We also have to enforce read-only 337 * if this layer is mounted read-only. 338 */ 339 static int 340 null_lookup(ap) 341 struct vop_lookup_args /* { 342 struct vnode * a_dvp; 343 struct vnode ** a_vpp; 344 struct componentname * a_cnp; 345 } */ *ap; 346 { 347 struct componentname *cnp = ap->a_cnp; 348 struct proc *p = cnp->cn_proc; 349 int flags = cnp->cn_flags; 350 struct vop_lock_args lockargs; 351 struct vop_unlock_args unlockargs; 352 struct vnode *dvp, *vp; 353 int error; 354 355 if ((flags & ISLASTCN) && (ap->a_dvp->v_mount->mnt_flag & MNT_RDONLY) && 356 (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)) 357 return (EROFS); 358 error = null_bypass((struct vop_generic_args *)ap); 359 if (error == EJUSTRETURN && (flags & ISLASTCN) && 360 (ap->a_dvp->v_mount->mnt_flag & MNT_RDONLY) && 361 (cnp->cn_nameiop == CREATE || cnp->cn_nameiop == RENAME)) 362 error = EROFS; 363 /* 364 * We must do the same locking and unlocking at this layer as 365 * is done in the layers below us. We could figure this out 366 * based on the error return and the LASTCN, LOCKPARENT, and 367 * LOCKLEAF flags. However, it is more expidient to just find 368 * out the state of the lower level vnodes and set ours to the 369 * same state. 370 */ 371 dvp = ap->a_dvp; 372 vp = *ap->a_vpp; 373 if (dvp == vp) 374 return (error); 375 if (!VOP_ISLOCKED(dvp)) { 376 unlockargs.a_vp = dvp; 377 unlockargs.a_flags = 0; 378 unlockargs.a_p = p; 379 vop_nounlock(&unlockargs); 380 } 381 if (vp != NULLVP && VOP_ISLOCKED(vp)) { 382 lockargs.a_vp = vp; 383 lockargs.a_flags = LK_SHARED; 384 lockargs.a_p = p; 385 vop_nolock(&lockargs); 386 } 387 return (error); 388 } 389 390 /* 391 * Setattr call. Disallow write attempts if the layer is mounted read-only. 392 */ 393 int 394 null_setattr(ap) 395 struct vop_setattr_args /* { 396 struct vnodeop_desc *a_desc; 397 struct vnode *a_vp; 398 struct vattr *a_vap; 399 struct ucred *a_cred; 400 struct proc *a_p; 401 } */ *ap; 402 { 403 struct vnode *vp = ap->a_vp; 404 struct vattr *vap = ap->a_vap; 405 406 if ((vap->va_flags != VNOVAL || vap->va_uid != (uid_t)VNOVAL || 407 vap->va_gid != (gid_t)VNOVAL || vap->va_atime.tv_sec != VNOVAL || 408 vap->va_mtime.tv_sec != VNOVAL || vap->va_mode != (mode_t)VNOVAL) && 409 (vp->v_mount->mnt_flag & MNT_RDONLY)) 410 return (EROFS); 411 if (vap->va_size != VNOVAL) { 412 switch (vp->v_type) { 413 case VDIR: 414 return (EISDIR); 415 case VCHR: 416 case VBLK: 417 case VSOCK: 418 case VFIFO: 419 if (vap->va_flags != VNOVAL) 420 return (EOPNOTSUPP); 421 return (0); 422 case VREG: 423 case VLNK: 424 default: 425 /* 426 * Disallow write attempts if the filesystem is 427 * mounted read-only. 428 */ 429 if (vp->v_mount->mnt_flag & MNT_RDONLY) 430 return (EROFS); 431 } 432 } 433 return (null_bypass((struct vop_generic_args *)ap)); 434 } 435 436 /* 437 * We handle getattr only to change the fsid. 438 */ 439 static int 440 null_getattr(ap) 441 struct vop_getattr_args /* { 442 struct vnode *a_vp; 443 struct vattr *a_vap; 444 struct ucred *a_cred; 445 struct proc *a_p; 446 } */ *ap; 447 { 448 int error; 449 450 if ((error = null_bypass((struct vop_generic_args *)ap)) != 0) 451 return (error); 452 return (0); 453 } 454 455 static int 456 null_access(ap) 457 struct vop_access_args /* { 458 struct vnode *a_vp; 459 int a_mode; 460 struct ucred *a_cred; 461 struct proc *a_p; 462 } */ *ap; 463 { 464 struct vnode *vp = ap->a_vp; 465 mode_t mode = ap->a_mode; 466 467 /* 468 * Disallow write attempts on read-only layers; 469 * unless the file is a socket, fifo, or a block or 470 * character device resident on the file system. 471 */ 472 if (mode & VWRITE) { 473 switch (vp->v_type) { 474 case VDIR: 475 case VLNK: 476 case VREG: 477 if (vp->v_mount->mnt_flag & MNT_RDONLY) 478 return (EROFS); 479 break; 480 default: 481 break; 482 } 483 } 484 return (null_bypass((struct vop_generic_args *)ap)); 485 } 486 487 /* 488 * We need to process our own vnode lock and then clear the 489 * interlock flag as it applies only to our vnode, not the 490 * vnodes below us on the stack. 491 */ 492 static int 493 null_lock(ap) 494 struct vop_lock_args /* { 495 struct vnode *a_vp; 496 int a_flags; 497 struct proc *a_p; 498 } */ *ap; 499 { 500 501 vop_nolock(ap); 502 if ((ap->a_flags & LK_TYPE_MASK) == LK_DRAIN) 503 return (0); 504 ap->a_flags &= ~LK_INTERLOCK; 505 return (null_bypass((struct vop_generic_args *)ap)); 506 } 507 508 /* 509 * We need to process our own vnode unlock and then clear the 510 * interlock flag as it applies only to our vnode, not the 511 * vnodes below us on the stack. 512 */ 513 static int 514 null_unlock(ap) 515 struct vop_unlock_args /* { 516 struct vnode *a_vp; 517 int a_flags; 518 struct proc *a_p; 519 } */ *ap; 520 { 521 vop_nounlock(ap); 522 ap->a_flags &= ~LK_INTERLOCK; 523 return (null_bypass((struct vop_generic_args *)ap)); 524 } 525 526 static int 527 null_inactive(ap) 528 struct vop_inactive_args /* { 529 struct vnode *a_vp; 530 struct proc *a_p; 531 } */ *ap; 532 { 533 struct vnode *vp = ap->a_vp; 534 struct null_node *xp = VTONULL(vp); 535 struct vnode *lowervp = xp->null_lowervp; 536 /* 537 * Do nothing (and _don't_ bypass). 538 * Wait to vrele lowervp until reclaim, 539 * so that until then our null_node is in the 540 * cache and reusable. 541 * We still have to tell the lower layer the vnode 542 * is now inactive though. 543 * 544 * NEEDSWORK: Someday, consider inactive'ing 545 * the lowervp and then trying to reactivate it 546 * with capabilities (v_id) 547 * like they do in the name lookup cache code. 548 * That's too much work for now. 549 */ 550 VOP_INACTIVE(lowervp, ap->a_p); 551 VOP_UNLOCK(ap->a_vp, 0, ap->a_p); 552 return (0); 553 } 554 555 static int 556 null_reclaim(ap) 557 struct vop_reclaim_args /* { 558 struct vnode *a_vp; 559 struct proc *a_p; 560 } */ *ap; 561 { 562 struct vnode *vp = ap->a_vp; 563 struct null_node *xp = VTONULL(vp); 564 struct vnode *lowervp = xp->null_lowervp; 565 566 /* 567 * Note: in vop_reclaim, vp->v_op == dead_vnodeop_p, 568 * so we can't call VOPs on ourself. 569 */ 570 /* After this assignment, this node will not be re-used. */ 571 xp->null_lowervp = NULLVP; 572 LIST_REMOVE(xp, null_hash); 573 FREE(vp->v_data, M_TEMP); 574 vp->v_data = NULL; 575 vrele (lowervp); 576 return (0); 577 } 578 579 static int 580 null_print(ap) 581 struct vop_print_args /* { 582 struct vnode *a_vp; 583 } */ *ap; 584 { 585 register struct vnode *vp = ap->a_vp; 586 printf ("\ttag VT_NULLFS, vp=%p, lowervp=%p\n", vp, NULLVPTOLOWERVP(vp)); 587 return (0); 588 } 589 590 /* 591 * Global vfs data structures 592 */ 593 vop_t **null_vnodeop_p; 594 static struct vnodeopv_entry_desc null_vnodeop_entries[] = { 595 { &vop_default_desc, (vop_t *) null_bypass }, 596 { &vop_access_desc, (vop_t *) null_access }, 597 { &vop_getattr_desc, (vop_t *) null_getattr }, 598 { &vop_inactive_desc, (vop_t *) null_inactive }, 599 { &vop_lock_desc, (vop_t *) null_lock }, 600 { &vop_lookup_desc, (vop_t *) null_lookup }, 601 { &vop_print_desc, (vop_t *) null_print }, 602 { &vop_reclaim_desc, (vop_t *) null_reclaim }, 603 { &vop_setattr_desc, (vop_t *) null_setattr }, 604 { &vop_unlock_desc, (vop_t *) null_unlock }, 605 { NULL, NULL } 606 }; 607 static struct vnodeopv_desc null_vnodeop_opv_desc = 608 { &null_vnodeop_p, null_vnodeop_entries }; 609 610 VNODEOP_SET(null_vnodeop_opv_desc); 611