1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1994 Jan-Simon Pendry 5 * Copyright (c) 1994 6 * The Regents of the University of California. All rights reserved. 7 * Copyright (c) 2005, 2006, 2012 Masanori Ozawa <ozawa@ongs.co.jp>, ONGS Inc. 8 * Copyright (c) 2006, 2012 Daichi Goto <daichi@freebsd.org> 9 * 10 * This code is derived from software contributed to Berkeley by 11 * Jan-Simon Pendry. 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 3. Neither the name of the University nor the names of its contributors 22 * may be used to endorse or promote products derived from this software 23 * without specific prior written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * 37 * @(#)union_subr.c 8.20 (Berkeley) 5/20/95 38 * $FreeBSD$ 39 */ 40 41 #include <sys/param.h> 42 #include <sys/systm.h> 43 #include <sys/kernel.h> 44 #include <sys/ktr.h> 45 #include <sys/lock.h> 46 #include <sys/mutex.h> 47 #include <sys/malloc.h> 48 #include <sys/mount.h> 49 #include <sys/namei.h> 50 #include <sys/proc.h> 51 #include <sys/vnode.h> 52 #include <sys/dirent.h> 53 #include <sys/fcntl.h> 54 #include <sys/filedesc.h> 55 #include <sys/stat.h> 56 #include <sys/sysctl.h> 57 #include <sys/taskqueue.h> 58 #include <sys/resourcevar.h> 59 60 #include <machine/atomic.h> 61 62 #include <security/mac/mac_framework.h> 63 64 #include <vm/uma.h> 65 66 #include <fs/unionfs/union.h> 67 68 #define NUNIONFSNODECACHE 16 69 #define UNIONFSHASHMASK (NUNIONFSNODECACHE - 1) 70 71 static MALLOC_DEFINE(M_UNIONFSHASH, "UNIONFS hash", "UNIONFS hash table"); 72 MALLOC_DEFINE(M_UNIONFSNODE, "UNIONFS node", "UNIONFS vnode private part"); 73 MALLOC_DEFINE(M_UNIONFSPATH, "UNIONFS path", "UNIONFS path private part"); 74 75 static struct task unionfs_deferred_rele_task; 76 static struct mtx unionfs_deferred_rele_lock; 77 static STAILQ_HEAD(, unionfs_node) unionfs_deferred_rele_list = 78 STAILQ_HEAD_INITIALIZER(unionfs_deferred_rele_list); 79 static TASKQUEUE_DEFINE_THREAD(unionfs_rele); 80 81 unsigned int unionfs_ndeferred = 0; 82 SYSCTL_UINT(_vfs, OID_AUTO, unionfs_ndeferred, CTLFLAG_RD, 83 &unionfs_ndeferred, 0, "unionfs deferred vnode release"); 84 85 static void unionfs_deferred_rele(void *, int); 86 87 /* 88 * Initialize 89 */ 90 int 91 unionfs_init(struct vfsconf *vfsp) 92 { 93 UNIONFSDEBUG("unionfs_init\n"); /* printed during system boot */ 94 TASK_INIT(&unionfs_deferred_rele_task, 0, unionfs_deferred_rele, NULL); 95 mtx_init(&unionfs_deferred_rele_lock, "uniondefr", NULL, MTX_DEF); 96 return (0); 97 } 98 99 /* 100 * Uninitialize 101 */ 102 int 103 unionfs_uninit(struct vfsconf *vfsp) 104 { 105 taskqueue_quiesce(taskqueue_unionfs_rele); 106 taskqueue_free(taskqueue_unionfs_rele); 107 mtx_destroy(&unionfs_deferred_rele_lock); 108 return (0); 109 } 110 111 static void 112 unionfs_deferred_rele(void *arg __unused, int pending __unused) 113 { 114 STAILQ_HEAD(, unionfs_node) local_rele_list; 115 struct unionfs_node *unp, *tunp; 116 unsigned int ndeferred; 117 118 ndeferred = 0; 119 STAILQ_INIT(&local_rele_list); 120 mtx_lock(&unionfs_deferred_rele_lock); 121 STAILQ_CONCAT(&local_rele_list, &unionfs_deferred_rele_list); 122 mtx_unlock(&unionfs_deferred_rele_lock); 123 STAILQ_FOREACH_SAFE(unp, &local_rele_list, un_rele, tunp) { 124 ++ndeferred; 125 MPASS(unp->un_dvp != NULL); 126 vrele(unp->un_dvp); 127 free(unp, M_UNIONFSNODE); 128 } 129 130 /* We expect this function to be single-threaded, thus no atomic */ 131 unionfs_ndeferred += ndeferred; 132 } 133 134 static struct unionfs_node_hashhead * 135 unionfs_get_hashhead(struct vnode *dvp, struct vnode *lookup) 136 { 137 struct unionfs_node *unp; 138 139 unp = VTOUNIONFS(dvp); 140 141 return (&(unp->un_hashtbl[vfs_hash_index(lookup) & UNIONFSHASHMASK])); 142 } 143 144 /* 145 * Attempt to lookup a cached unionfs vnode by upper/lower vp 146 * from dvp, with dvp's interlock held. 147 */ 148 static struct vnode * 149 unionfs_get_cached_vnode_locked(struct vnode *lookup, struct vnode *dvp) 150 { 151 struct unionfs_node *unp; 152 struct unionfs_node_hashhead *hd; 153 struct vnode *vp; 154 155 hd = unionfs_get_hashhead(dvp, lookup); 156 157 LIST_FOREACH(unp, hd, un_hash) { 158 if (unp->un_uppervp == lookup || 159 unp->un_lowervp == lookup) { 160 vp = UNIONFSTOV(unp); 161 VI_LOCK_FLAGS(vp, MTX_DUPOK); 162 vp->v_iflag &= ~VI_OWEINACT; 163 if (VN_IS_DOOMED(vp) || 164 ((vp->v_iflag & VI_DOINGINACT) != 0)) { 165 VI_UNLOCK(vp); 166 vp = NULLVP; 167 } else { 168 vrefl(vp); 169 VI_UNLOCK(vp); 170 } 171 return (vp); 172 } 173 } 174 175 return (NULLVP); 176 } 177 178 179 /* 180 * Get the cached vnode. 181 */ 182 static struct vnode * 183 unionfs_get_cached_vnode(struct vnode *uvp, struct vnode *lvp, 184 struct vnode *dvp) 185 { 186 struct vnode *vp; 187 188 vp = NULLVP; 189 VI_LOCK(dvp); 190 if (uvp != NULLVP) 191 vp = unionfs_get_cached_vnode_locked(uvp, dvp); 192 else if (lvp != NULLVP) 193 vp = unionfs_get_cached_vnode_locked(lvp, dvp); 194 VI_UNLOCK(dvp); 195 196 return (vp); 197 } 198 199 /* 200 * Add the new vnode into cache. 201 */ 202 static struct vnode * 203 unionfs_ins_cached_vnode(struct unionfs_node *uncp, 204 struct vnode *dvp) 205 { 206 struct unionfs_node_hashhead *hd; 207 struct vnode *vp; 208 209 ASSERT_VOP_ELOCKED(uncp->un_uppervp, __func__); 210 ASSERT_VOP_ELOCKED(uncp->un_lowervp, __func__); 211 KASSERT(uncp->un_uppervp == NULLVP || uncp->un_uppervp->v_type == VDIR, 212 ("%s: v_type != VDIR", __func__)); 213 KASSERT(uncp->un_lowervp == NULLVP || uncp->un_lowervp->v_type == VDIR, 214 ("%s: v_type != VDIR", __func__)); 215 216 vp = NULLVP; 217 VI_LOCK(dvp); 218 if (uncp->un_uppervp != NULL) 219 vp = unionfs_get_cached_vnode_locked(uncp->un_uppervp, dvp); 220 else if (uncp->un_lowervp != NULL) 221 vp = unionfs_get_cached_vnode_locked(uncp->un_lowervp, dvp); 222 if (vp == NULLVP) { 223 hd = unionfs_get_hashhead(dvp, (uncp->un_uppervp != NULLVP ? 224 uncp->un_uppervp : uncp->un_lowervp)); 225 LIST_INSERT_HEAD(hd, uncp, un_hash); 226 } 227 VI_UNLOCK(dvp); 228 229 return (vp); 230 } 231 232 /* 233 * Remove the vnode. 234 */ 235 static void 236 unionfs_rem_cached_vnode(struct unionfs_node *unp, struct vnode *dvp) 237 { 238 KASSERT(unp != NULL, ("%s: null node", __func__)); 239 KASSERT(dvp != NULLVP, 240 ("%s: null parent vnode", __func__)); 241 242 VI_LOCK(dvp); 243 if (unp->un_hash.le_prev != NULL) { 244 LIST_REMOVE(unp, un_hash); 245 unp->un_hash.le_next = NULL; 246 unp->un_hash.le_prev = NULL; 247 } 248 VI_UNLOCK(dvp); 249 } 250 251 /* 252 * Common cleanup handling for unionfs_nodeget 253 * Upper, lower, and parent directory vnodes are expected to be referenced by 254 * the caller. Upper and lower vnodes, if non-NULL, are also expected to be 255 * exclusively locked by the caller. 256 * This function will return with the caller's locks and references undone. 257 */ 258 static void 259 unionfs_nodeget_cleanup(struct vnode *vp, void *arg) 260 { 261 struct unionfs_node *unp; 262 263 /* 264 * Lock and reset the default vnode lock; vgone() expects a locked 265 * vnode, and we're going to reset the vnode ops. 266 */ 267 lockmgr(&vp->v_lock, LK_EXCLUSIVE, NULL); 268 269 /* 270 * Clear out private data and reset the vnode ops to avoid use of 271 * unionfs vnode ops on a partially constructed vnode. 272 */ 273 VI_LOCK(vp); 274 vp->v_data = NULL; 275 vp->v_vnlock = &vp->v_lock; 276 vp->v_op = &dead_vnodeops; 277 VI_UNLOCK(vp); 278 vgone(vp); 279 vput(vp); 280 281 unp = arg; 282 if (unp->un_dvp != NULLVP) 283 vrele(unp->un_dvp); 284 if (unp->un_uppervp != NULLVP) 285 vput(unp->un_uppervp); 286 if (unp->un_lowervp != NULLVP) 287 vput(unp->un_lowervp); 288 if (unp->un_hashtbl != NULL) 289 hashdestroy(unp->un_hashtbl, M_UNIONFSHASH, UNIONFSHASHMASK); 290 free(unp->un_path, M_UNIONFSPATH); 291 free(unp, M_UNIONFSNODE); 292 } 293 294 /* 295 * Make a new or get existing unionfs node. 296 * 297 * uppervp and lowervp should be unlocked. Because if new unionfs vnode is 298 * locked, uppervp or lowervp is locked too. In order to prevent dead lock, 299 * you should not lock plurality simultaneously. 300 */ 301 int 302 unionfs_nodeget(struct mount *mp, struct vnode *uppervp, 303 struct vnode *lowervp, struct vnode *dvp, struct vnode **vpp, 304 struct componentname *cnp) 305 { 306 char *path; 307 struct unionfs_mount *ump; 308 struct unionfs_node *unp; 309 struct vnode *vp; 310 u_long hashmask; 311 int error; 312 int lkflags; 313 enum vtype vt; 314 315 error = 0; 316 ump = MOUNTTOUNIONFSMOUNT(mp); 317 lkflags = (cnp ? cnp->cn_lkflags : 0); 318 path = (cnp ? cnp->cn_nameptr : NULL); 319 *vpp = NULLVP; 320 321 if (uppervp == NULLVP && lowervp == NULLVP) 322 panic("%s: upper and lower is null", __func__); 323 324 vt = (uppervp != NULLVP ? uppervp->v_type : lowervp->v_type); 325 326 /* If it has no ISLASTCN flag, path check is skipped. */ 327 if (cnp && !(cnp->cn_flags & ISLASTCN)) 328 path = NULL; 329 330 /* check the cache */ 331 if (dvp != NULLVP && vt == VDIR) { 332 vp = unionfs_get_cached_vnode(uppervp, lowervp, dvp); 333 if (vp != NULLVP) { 334 *vpp = vp; 335 goto unionfs_nodeget_out; 336 } 337 } 338 339 if ((uppervp == NULLVP || ump->um_uppervp != uppervp) || 340 (lowervp == NULLVP || ump->um_lowervp != lowervp)) { 341 /* dvp will be NULLVP only in case of root vnode. */ 342 if (dvp == NULLVP) 343 return (EINVAL); 344 } 345 unp = malloc(sizeof(struct unionfs_node), 346 M_UNIONFSNODE, M_WAITOK | M_ZERO); 347 348 error = getnewvnode("unionfs", mp, &unionfs_vnodeops, &vp); 349 if (error != 0) { 350 free(unp, M_UNIONFSNODE); 351 return (error); 352 } 353 if (dvp != NULLVP) 354 vref(dvp); 355 if (uppervp != NULLVP) 356 vref(uppervp); 357 if (lowervp != NULLVP) 358 vref(lowervp); 359 360 if (vt == VDIR) { 361 unp->un_hashtbl = hashinit(NUNIONFSNODECACHE, M_UNIONFSHASH, 362 &hashmask); 363 KASSERT(hashmask == UNIONFSHASHMASK, 364 ("unexpected unionfs hash mask 0x%lx", hashmask)); 365 } 366 367 unp->un_vnode = vp; 368 unp->un_uppervp = uppervp; 369 unp->un_lowervp = lowervp; 370 unp->un_dvp = dvp; 371 if (uppervp != NULLVP) 372 vp->v_vnlock = uppervp->v_vnlock; 373 else 374 vp->v_vnlock = lowervp->v_vnlock; 375 376 if (path != NULL) { 377 unp->un_path = malloc(cnp->cn_namelen + 1, 378 M_UNIONFSPATH, M_WAITOK | M_ZERO); 379 bcopy(cnp->cn_nameptr, unp->un_path, cnp->cn_namelen); 380 unp->un_path[cnp->cn_namelen] = '\0'; 381 unp->un_pathlen = cnp->cn_namelen; 382 } 383 vp->v_type = vt; 384 vp->v_data = unp; 385 386 if ((uppervp != NULLVP && ump->um_uppervp == uppervp) && 387 (lowervp != NULLVP && ump->um_lowervp == lowervp)) 388 vp->v_vflag |= VV_ROOT; 389 390 vn_lock_pair(lowervp, false, uppervp, false); 391 error = insmntque1(vp, mp, unionfs_nodeget_cleanup, unp); 392 if (error != 0) 393 return (error); 394 if (lowervp != NULL && VN_IS_DOOMED(lowervp)) { 395 vput(lowervp); 396 unp->un_lowervp = NULL; 397 } 398 if (uppervp != NULL && VN_IS_DOOMED(uppervp)) { 399 vput(uppervp); 400 unp->un_uppervp = NULL; 401 } 402 if (unp->un_lowervp == NULL && unp->un_uppervp == NULL) { 403 unionfs_nodeget_cleanup(vp, unp); 404 return (ENOENT); 405 } 406 407 if (dvp != NULLVP && vt == VDIR) 408 *vpp = unionfs_ins_cached_vnode(unp, dvp); 409 if (*vpp != NULLVP) { 410 unionfs_nodeget_cleanup(vp, unp); 411 vp = *vpp; 412 } else { 413 if (uppervp != NULL) 414 VOP_UNLOCK(uppervp); 415 if (lowervp != NULL) 416 VOP_UNLOCK(lowervp); 417 *vpp = vp; 418 } 419 420 unionfs_nodeget_out: 421 if (lkflags & LK_TYPE_MASK) 422 vn_lock(vp, lkflags | LK_RETRY); 423 424 return (0); 425 } 426 427 /* 428 * Clean up the unionfs node. 429 */ 430 void 431 unionfs_noderem(struct vnode *vp) 432 { 433 struct unionfs_node *unp, *unp_t1, *unp_t2; 434 struct unionfs_node_hashhead *hd; 435 struct unionfs_node_status *unsp, *unsp_tmp; 436 struct vnode *lvp; 437 struct vnode *uvp; 438 struct vnode *dvp; 439 int count; 440 int writerefs; 441 442 KASSERT(vp->v_vnlock->lk_recurse == 0, 443 ("%s: vnode %p locked recursively", __func__, vp)); 444 if (lockmgr(&vp->v_lock, LK_EXCLUSIVE | LK_NOWAIT, NULL) != 0) 445 panic("%s: failed to acquire lock for vnode lock", __func__); 446 447 /* 448 * Use the interlock to protect the clearing of v_data to 449 * prevent faults in unionfs_lock(). 450 */ 451 VI_LOCK(vp); 452 unp = VTOUNIONFS(vp); 453 lvp = unp->un_lowervp; 454 uvp = unp->un_uppervp; 455 dvp = unp->un_dvp; 456 unp->un_lowervp = unp->un_uppervp = NULLVP; 457 vp->v_vnlock = &(vp->v_lock); 458 vp->v_data = NULL; 459 vp->v_object = NULL; 460 if (unp->un_hashtbl != NULL) { 461 /* 462 * Clear out any cached child vnodes. This should only 463 * be necessary during forced unmount, when the vnode may 464 * be reclaimed with a non-zero use count. Otherwise the 465 * reference held by each child should prevent reclamation. 466 */ 467 for (count = 0; count <= UNIONFSHASHMASK; count++) { 468 hd = unp->un_hashtbl + count; 469 LIST_FOREACH_SAFE(unp_t1, hd, un_hash, unp_t2) { 470 LIST_REMOVE(unp_t1, un_hash); 471 unp_t1->un_hash.le_next = NULL; 472 unp_t1->un_hash.le_prev = NULL; 473 } 474 } 475 } 476 VI_UNLOCK(vp); 477 478 writerefs = atomic_load_int(&vp->v_writecount); 479 VNASSERT(writerefs >= 0, vp, 480 ("%s: write count %d, unexpected text ref", __func__, writerefs)); 481 /* 482 * If we were opened for write, we leased the write reference 483 * to the lower vnode. If this is a reclamation due to the 484 * forced unmount, undo the reference now. 485 */ 486 if (writerefs > 0) { 487 VNASSERT(uvp != NULL, vp, 488 ("%s: write reference without upper vnode", __func__)); 489 VOP_ADD_WRITECOUNT(uvp, -writerefs); 490 } 491 if (lvp != NULLVP) 492 VOP_UNLOCK(lvp); 493 if (uvp != NULLVP) 494 VOP_UNLOCK(uvp); 495 496 if (dvp != NULLVP) 497 unionfs_rem_cached_vnode(unp, dvp); 498 499 if (lvp != NULLVP) 500 vrele(lvp); 501 if (uvp != NULLVP) 502 vrele(uvp); 503 if (unp->un_path != NULL) { 504 free(unp->un_path, M_UNIONFSPATH); 505 unp->un_path = NULL; 506 unp->un_pathlen = 0; 507 } 508 509 if (unp->un_hashtbl != NULL) { 510 hashdestroy(unp->un_hashtbl, M_UNIONFSHASH, UNIONFSHASHMASK); 511 } 512 513 LIST_FOREACH_SAFE(unsp, &(unp->un_unshead), uns_list, unsp_tmp) { 514 LIST_REMOVE(unsp, uns_list); 515 free(unsp, M_TEMP); 516 } 517 if (dvp != NULLVP) { 518 mtx_lock(&unionfs_deferred_rele_lock); 519 STAILQ_INSERT_TAIL(&unionfs_deferred_rele_list, unp, un_rele); 520 mtx_unlock(&unionfs_deferred_rele_lock); 521 taskqueue_enqueue(taskqueue_unionfs_rele, 522 &unionfs_deferred_rele_task); 523 } else 524 free(unp, M_UNIONFSNODE); 525 } 526 527 /* 528 * Get the unionfs node status. 529 * You need exclusive lock this vnode. 530 */ 531 void 532 unionfs_get_node_status(struct unionfs_node *unp, struct thread *td, 533 struct unionfs_node_status **unspp) 534 { 535 struct unionfs_node_status *unsp; 536 pid_t pid; 537 538 pid = td->td_proc->p_pid; 539 540 KASSERT(NULL != unspp, ("%s: NULL status", __func__)); 541 ASSERT_VOP_ELOCKED(UNIONFSTOV(unp), __func__); 542 543 LIST_FOREACH(unsp, &(unp->un_unshead), uns_list) { 544 if (unsp->uns_pid == pid) { 545 *unspp = unsp; 546 return; 547 } 548 } 549 550 /* create a new unionfs node status */ 551 unsp = malloc(sizeof(struct unionfs_node_status), 552 M_TEMP, M_WAITOK | M_ZERO); 553 554 unsp->uns_pid = pid; 555 LIST_INSERT_HEAD(&(unp->un_unshead), unsp, uns_list); 556 557 *unspp = unsp; 558 } 559 560 /* 561 * Remove the unionfs node status, if you can. 562 * You need exclusive lock this vnode. 563 */ 564 void 565 unionfs_tryrem_node_status(struct unionfs_node *unp, 566 struct unionfs_node_status *unsp) 567 { 568 KASSERT(NULL != unsp, ("%s: NULL status", __func__)); 569 ASSERT_VOP_ELOCKED(UNIONFSTOV(unp), __func__); 570 571 if (0 < unsp->uns_lower_opencnt || 0 < unsp->uns_upper_opencnt) 572 return; 573 574 LIST_REMOVE(unsp, uns_list); 575 free(unsp, M_TEMP); 576 } 577 578 /* 579 * Create upper node attr. 580 */ 581 void 582 unionfs_create_uppervattr_core(struct unionfs_mount *ump, struct vattr *lva, 583 struct vattr *uva, struct thread *td) 584 { 585 VATTR_NULL(uva); 586 uva->va_type = lva->va_type; 587 uva->va_atime = lva->va_atime; 588 uva->va_mtime = lva->va_mtime; 589 uva->va_ctime = lva->va_ctime; 590 591 switch (ump->um_copymode) { 592 case UNIONFS_TRANSPARENT: 593 uva->va_mode = lva->va_mode; 594 uva->va_uid = lva->va_uid; 595 uva->va_gid = lva->va_gid; 596 break; 597 case UNIONFS_MASQUERADE: 598 if (ump->um_uid == lva->va_uid) { 599 uva->va_mode = lva->va_mode & 077077; 600 uva->va_mode |= (lva->va_type == VDIR ? 601 ump->um_udir : ump->um_ufile) & 0700; 602 uva->va_uid = lva->va_uid; 603 uva->va_gid = lva->va_gid; 604 } else { 605 uva->va_mode = (lva->va_type == VDIR ? 606 ump->um_udir : ump->um_ufile); 607 uva->va_uid = ump->um_uid; 608 uva->va_gid = ump->um_gid; 609 } 610 break; 611 default: /* UNIONFS_TRADITIONAL */ 612 uva->va_mode = 0777 & ~td->td_proc->p_pd->pd_cmask; 613 uva->va_uid = ump->um_uid; 614 uva->va_gid = ump->um_gid; 615 break; 616 } 617 } 618 619 /* 620 * Create upper node attr. 621 */ 622 int 623 unionfs_create_uppervattr(struct unionfs_mount *ump, struct vnode *lvp, 624 struct vattr *uva, struct ucred *cred, struct thread *td) 625 { 626 struct vattr lva; 627 int error; 628 629 if ((error = VOP_GETATTR(lvp, &lva, cred))) 630 return (error); 631 632 unionfs_create_uppervattr_core(ump, &lva, uva, td); 633 634 return (error); 635 } 636 637 /* 638 * relookup 639 * 640 * dvp should be locked on entry and will be locked on return. 641 * 642 * If an error is returned, *vpp will be invalid, otherwise it will hold a 643 * locked, referenced vnode. If *vpp == dvp then remember that only one 644 * LK_EXCLUSIVE lock is held. 645 */ 646 int 647 unionfs_relookup(struct vnode *dvp, struct vnode **vpp, 648 struct componentname *cnp, struct componentname *cn, struct thread *td, 649 char *path, int pathlen, u_long nameiop) 650 { 651 int error; 652 653 cn->cn_namelen = pathlen; 654 cn->cn_pnbuf = path; 655 cn->cn_nameiop = nameiop; 656 cn->cn_flags = (LOCKPARENT | LOCKLEAF | HASBUF | SAVENAME | ISLASTCN); 657 cn->cn_lkflags = LK_EXCLUSIVE; 658 cn->cn_cred = cnp->cn_cred; 659 cn->cn_nameptr = cn->cn_pnbuf; 660 661 if (nameiop == DELETE) 662 cn->cn_flags |= (cnp->cn_flags & (DOWHITEOUT | SAVESTART)); 663 else if (RENAME == nameiop) 664 cn->cn_flags |= (cnp->cn_flags & SAVESTART); 665 else if (nameiop == CREATE) 666 cn->cn_flags |= NOCACHE; 667 668 vref(dvp); 669 VOP_UNLOCK(dvp); 670 671 if ((error = relookup(dvp, vpp, cn))) { 672 vn_lock(dvp, LK_EXCLUSIVE | LK_RETRY); 673 } else 674 vrele(dvp); 675 676 KASSERT((cn->cn_flags & HASBUF) != 0, 677 ("%s: HASBUF cleared", __func__)); 678 KASSERT((cn->cn_flags & SAVENAME) != 0, 679 ("%s: SAVENAME cleared", __func__)); 680 KASSERT(cn->cn_pnbuf == path, ("%s: cn_pnbuf changed", __func__)); 681 682 return (error); 683 } 684 685 /* 686 * relookup for CREATE namei operation. 687 * 688 * dvp is unionfs vnode. dvp should be locked. 689 * 690 * If it called 'unionfs_copyfile' function by unionfs_link etc, 691 * VOP_LOOKUP information is broken. 692 * So it need relookup in order to create link etc. 693 */ 694 int 695 unionfs_relookup_for_create(struct vnode *dvp, struct componentname *cnp, 696 struct thread *td) 697 { 698 struct vnode *udvp; 699 struct vnode *vp; 700 struct componentname cn; 701 int error; 702 703 udvp = UNIONFSVPTOUPPERVP(dvp); 704 vp = NULLVP; 705 706 KASSERT((cnp->cn_flags & HASBUF) != 0, 707 ("%s called without HASBUF", __func__)); 708 error = unionfs_relookup(udvp, &vp, cnp, &cn, td, cnp->cn_nameptr, 709 cnp->cn_namelen, CREATE); 710 if (error) 711 return (error); 712 713 if (vp != NULLVP) { 714 if (udvp == vp) 715 vrele(vp); 716 else 717 vput(vp); 718 719 error = EEXIST; 720 } 721 722 return (error); 723 } 724 725 /* 726 * relookup for DELETE namei operation. 727 * 728 * dvp is unionfs vnode. dvp should be locked. 729 */ 730 int 731 unionfs_relookup_for_delete(struct vnode *dvp, struct componentname *cnp, 732 struct thread *td) 733 { 734 struct vnode *udvp; 735 struct vnode *vp; 736 struct componentname cn; 737 int error; 738 739 udvp = UNIONFSVPTOUPPERVP(dvp); 740 vp = NULLVP; 741 742 KASSERT((cnp->cn_flags & HASBUF) != 0, 743 ("%s called without HASBUF", __func__)); 744 error = unionfs_relookup(udvp, &vp, cnp, &cn, td, cnp->cn_nameptr, 745 cnp->cn_namelen, DELETE); 746 if (error) 747 return (error); 748 749 if (vp == NULLVP) 750 error = ENOENT; 751 else { 752 if (udvp == vp) 753 vrele(vp); 754 else 755 vput(vp); 756 } 757 758 return (error); 759 } 760 761 /* 762 * relookup for RENAME namei operation. 763 * 764 * dvp is unionfs vnode. dvp should be locked. 765 */ 766 int 767 unionfs_relookup_for_rename(struct vnode *dvp, struct componentname *cnp, 768 struct thread *td) 769 { 770 struct vnode *udvp; 771 struct vnode *vp; 772 struct componentname cn; 773 int error; 774 775 udvp = UNIONFSVPTOUPPERVP(dvp); 776 vp = NULLVP; 777 778 KASSERT((cnp->cn_flags & HASBUF) != 0, 779 ("%s called without HASBUF", __func__)); 780 error = unionfs_relookup(udvp, &vp, cnp, &cn, td, cnp->cn_nameptr, 781 cnp->cn_namelen, RENAME); 782 if (error) 783 return (error); 784 785 if (vp != NULLVP) { 786 if (udvp == vp) 787 vrele(vp); 788 else 789 vput(vp); 790 } 791 792 return (error); 793 } 794 795 /* 796 * Update the unionfs_node. 797 * 798 * uvp is new locked upper vnode. unionfs vnode's lock will be exchanged to the 799 * uvp's lock and lower's lock will be unlocked. 800 */ 801 static void 802 unionfs_node_update(struct unionfs_node *unp, struct vnode *uvp, 803 struct thread *td) 804 { 805 struct unionfs_node_hashhead *hd; 806 struct vnode *vp; 807 struct vnode *lvp; 808 struct vnode *dvp; 809 unsigned count, lockrec; 810 811 vp = UNIONFSTOV(unp); 812 lvp = unp->un_lowervp; 813 ASSERT_VOP_ELOCKED(lvp, __func__); 814 ASSERT_VOP_ELOCKED(uvp, __func__); 815 dvp = unp->un_dvp; 816 817 VNASSERT(vp->v_writecount == 0, vp, 818 ("%s: non-zero writecount", __func__)); 819 /* 820 * Uppdate the upper vnode's lock state to match the lower vnode, 821 * and then switch the unionfs vnode's lock to the upper vnode. 822 */ 823 lockrec = lvp->v_vnlock->lk_recurse; 824 for (count = 0; count < lockrec; count++) 825 vn_lock(uvp, LK_EXCLUSIVE | LK_CANRECURSE | LK_RETRY); 826 VI_LOCK(vp); 827 unp->un_uppervp = uvp; 828 vp->v_vnlock = uvp->v_vnlock; 829 VI_UNLOCK(vp); 830 831 /* 832 * Re-cache the unionfs vnode against the upper vnode 833 */ 834 if (dvp != NULLVP && vp->v_type == VDIR) { 835 VI_LOCK(dvp); 836 if (unp->un_hash.le_prev != NULL) { 837 LIST_REMOVE(unp, un_hash); 838 hd = unionfs_get_hashhead(dvp, uvp); 839 LIST_INSERT_HEAD(hd, unp, un_hash); 840 } 841 VI_UNLOCK(unp->un_dvp); 842 } 843 } 844 845 /* 846 * Create a new shadow dir. 847 * 848 * udvp should be locked on entry and will be locked on return. 849 * 850 * If no error returned, unp will be updated. 851 */ 852 int 853 unionfs_mkshadowdir(struct unionfs_mount *ump, struct vnode *udvp, 854 struct unionfs_node *unp, struct componentname *cnp, struct thread *td) 855 { 856 struct vnode *lvp; 857 struct vnode *uvp; 858 struct vattr va; 859 struct vattr lva; 860 struct nameidata nd; 861 struct mount *mp; 862 struct ucred *cred; 863 struct ucred *credbk; 864 struct uidinfo *rootinfo; 865 int error; 866 867 if (unp->un_uppervp != NULLVP) 868 return (EEXIST); 869 870 lvp = unp->un_lowervp; 871 uvp = NULLVP; 872 credbk = cnp->cn_cred; 873 874 /* Authority change to root */ 875 rootinfo = uifind((uid_t)0); 876 cred = crdup(cnp->cn_cred); 877 /* 878 * The calls to chgproccnt() are needed to compensate for change_ruid() 879 * calling chgproccnt(). 880 */ 881 chgproccnt(cred->cr_ruidinfo, 1, 0); 882 change_euid(cred, rootinfo); 883 change_ruid(cred, rootinfo); 884 change_svuid(cred, (uid_t)0); 885 uifree(rootinfo); 886 cnp->cn_cred = cred; 887 888 memset(&nd.ni_cnd, 0, sizeof(struct componentname)); 889 NDPREINIT(&nd); 890 891 if ((error = VOP_GETATTR(lvp, &lva, cnp->cn_cred))) 892 goto unionfs_mkshadowdir_abort; 893 894 if ((error = unionfs_relookup(udvp, &uvp, cnp, &nd.ni_cnd, td, 895 cnp->cn_nameptr, cnp->cn_namelen, CREATE))) 896 goto unionfs_mkshadowdir_abort; 897 if (uvp != NULLVP) { 898 if (udvp == uvp) 899 vrele(uvp); 900 else 901 vput(uvp); 902 903 error = EEXIST; 904 goto unionfs_mkshadowdir_abort; 905 } 906 907 if ((error = vn_start_write(udvp, &mp, V_WAIT | PCATCH))) 908 goto unionfs_mkshadowdir_abort; 909 unionfs_create_uppervattr_core(ump, &lva, &va, td); 910 911 error = VOP_MKDIR(udvp, &uvp, &nd.ni_cnd, &va); 912 913 if (!error) { 914 unionfs_node_update(unp, uvp, td); 915 916 /* 917 * XXX The bug which cannot set uid/gid was corrected. 918 * Ignore errors. 919 */ 920 va.va_type = VNON; 921 VOP_SETATTR(uvp, &va, nd.ni_cnd.cn_cred); 922 } 923 vn_finished_write(mp); 924 925 unionfs_mkshadowdir_abort: 926 cnp->cn_cred = credbk; 927 chgproccnt(cred->cr_ruidinfo, -1, 0); 928 crfree(cred); 929 930 return (error); 931 } 932 933 /* 934 * Create a new whiteout. 935 * 936 * dvp should be locked on entry and will be locked on return. 937 */ 938 int 939 unionfs_mkwhiteout(struct vnode *dvp, struct componentname *cnp, 940 struct thread *td, char *path, int pathlen) 941 { 942 struct vnode *wvp; 943 struct nameidata nd; 944 struct mount *mp; 945 int error; 946 947 wvp = NULLVP; 948 NDPREINIT(&nd); 949 if ((error = unionfs_relookup(dvp, &wvp, cnp, &nd.ni_cnd, td, path, 950 pathlen, CREATE))) { 951 return (error); 952 } 953 if (wvp != NULLVP) { 954 if (dvp == wvp) 955 vrele(wvp); 956 else 957 vput(wvp); 958 959 return (EEXIST); 960 } 961 962 if ((error = vn_start_write(dvp, &mp, V_WAIT | PCATCH))) 963 goto unionfs_mkwhiteout_free_out; 964 error = VOP_WHITEOUT(dvp, &nd.ni_cnd, CREATE); 965 966 vn_finished_write(mp); 967 968 unionfs_mkwhiteout_free_out: 969 return (error); 970 } 971 972 /* 973 * Create a new vnode for create a new shadow file. 974 * 975 * If an error is returned, *vpp will be invalid, otherwise it will hold a 976 * locked, referenced and opened vnode. 977 * 978 * unp is never updated. 979 */ 980 static int 981 unionfs_vn_create_on_upper(struct vnode **vpp, struct vnode *udvp, 982 struct unionfs_node *unp, struct vattr *uvap, struct thread *td) 983 { 984 struct unionfs_mount *ump; 985 struct vnode *vp; 986 struct vnode *lvp; 987 struct ucred *cred; 988 struct vattr lva; 989 struct nameidata nd; 990 int fmode; 991 int error; 992 993 ump = MOUNTTOUNIONFSMOUNT(UNIONFSTOV(unp)->v_mount); 994 vp = NULLVP; 995 lvp = unp->un_lowervp; 996 cred = td->td_ucred; 997 fmode = FFLAGS(O_WRONLY | O_CREAT | O_TRUNC | O_EXCL); 998 error = 0; 999 1000 if ((error = VOP_GETATTR(lvp, &lva, cred)) != 0) 1001 return (error); 1002 unionfs_create_uppervattr_core(ump, &lva, uvap, td); 1003 1004 if (unp->un_path == NULL) 1005 panic("%s: NULL un_path", __func__); 1006 1007 nd.ni_cnd.cn_namelen = unp->un_pathlen; 1008 nd.ni_cnd.cn_pnbuf = unp->un_path; 1009 nd.ni_cnd.cn_nameiop = CREATE; 1010 nd.ni_cnd.cn_flags = LOCKPARENT | LOCKLEAF | HASBUF | SAVENAME | 1011 ISLASTCN; 1012 nd.ni_cnd.cn_lkflags = LK_EXCLUSIVE; 1013 nd.ni_cnd.cn_cred = cred; 1014 nd.ni_cnd.cn_nameptr = nd.ni_cnd.cn_pnbuf; 1015 NDPREINIT(&nd); 1016 1017 vref(udvp); 1018 if ((error = relookup(udvp, &vp, &nd.ni_cnd)) != 0) 1019 goto unionfs_vn_create_on_upper_free_out2; 1020 vrele(udvp); 1021 1022 if (vp != NULLVP) { 1023 if (vp == udvp) 1024 vrele(vp); 1025 else 1026 vput(vp); 1027 error = EEXIST; 1028 goto unionfs_vn_create_on_upper_free_out1; 1029 } 1030 1031 if ((error = VOP_CREATE(udvp, &vp, &nd.ni_cnd, uvap)) != 0) 1032 goto unionfs_vn_create_on_upper_free_out1; 1033 1034 if ((error = VOP_OPEN(vp, fmode, cred, td, NULL)) != 0) { 1035 vput(vp); 1036 goto unionfs_vn_create_on_upper_free_out1; 1037 } 1038 error = VOP_ADD_WRITECOUNT(vp, 1); 1039 CTR3(KTR_VFS, "%s: vp %p v_writecount increased to %d", 1040 __func__, vp, vp->v_writecount); 1041 if (error == 0) { 1042 *vpp = vp; 1043 } else { 1044 VOP_CLOSE(vp, fmode, cred, td); 1045 } 1046 1047 unionfs_vn_create_on_upper_free_out1: 1048 VOP_UNLOCK(udvp); 1049 1050 unionfs_vn_create_on_upper_free_out2: 1051 KASSERT((nd.ni_cnd.cn_flags & HASBUF) != 0, 1052 ("%s: HASBUF cleared", __func__)); 1053 KASSERT((nd.ni_cnd.cn_flags & SAVENAME) != 0, 1054 ("%s: SAVENAME cleared", __func__)); 1055 KASSERT(nd.ni_cnd.cn_pnbuf == unp->un_path, 1056 ("%s: cn_pnbuf changed", __func__)); 1057 1058 return (error); 1059 } 1060 1061 /* 1062 * Copy from lvp to uvp. 1063 * 1064 * lvp and uvp should be locked and opened on entry and will be locked and 1065 * opened on return. 1066 */ 1067 static int 1068 unionfs_copyfile_core(struct vnode *lvp, struct vnode *uvp, 1069 struct ucred *cred, struct thread *td) 1070 { 1071 char *buf; 1072 struct uio uio; 1073 struct iovec iov; 1074 off_t offset; 1075 int count; 1076 int error; 1077 int bufoffset; 1078 1079 error = 0; 1080 memset(&uio, 0, sizeof(uio)); 1081 1082 uio.uio_td = td; 1083 uio.uio_segflg = UIO_SYSSPACE; 1084 uio.uio_offset = 0; 1085 1086 buf = malloc(MAXBSIZE, M_TEMP, M_WAITOK); 1087 1088 while (error == 0) { 1089 offset = uio.uio_offset; 1090 1091 uio.uio_iov = &iov; 1092 uio.uio_iovcnt = 1; 1093 iov.iov_base = buf; 1094 iov.iov_len = MAXBSIZE; 1095 uio.uio_resid = iov.iov_len; 1096 uio.uio_rw = UIO_READ; 1097 1098 if ((error = VOP_READ(lvp, &uio, 0, cred)) != 0) 1099 break; 1100 if ((count = MAXBSIZE - uio.uio_resid) == 0) 1101 break; 1102 1103 bufoffset = 0; 1104 while (bufoffset < count) { 1105 uio.uio_iov = &iov; 1106 uio.uio_iovcnt = 1; 1107 iov.iov_base = buf + bufoffset; 1108 iov.iov_len = count - bufoffset; 1109 uio.uio_offset = offset + bufoffset; 1110 uio.uio_resid = iov.iov_len; 1111 uio.uio_rw = UIO_WRITE; 1112 1113 if ((error = VOP_WRITE(uvp, &uio, 0, cred)) != 0) 1114 break; 1115 1116 bufoffset += (count - bufoffset) - uio.uio_resid; 1117 } 1118 1119 uio.uio_offset = offset + bufoffset; 1120 } 1121 1122 free(buf, M_TEMP); 1123 1124 return (error); 1125 } 1126 1127 /* 1128 * Copy file from lower to upper. 1129 * 1130 * If you need copy of the contents, set 1 to docopy. Otherwise, set 0 to 1131 * docopy. 1132 * 1133 * If no error returned, unp will be updated. 1134 */ 1135 int 1136 unionfs_copyfile(struct unionfs_node *unp, int docopy, struct ucred *cred, 1137 struct thread *td) 1138 { 1139 struct mount *mp; 1140 struct vnode *udvp; 1141 struct vnode *lvp; 1142 struct vnode *uvp; 1143 struct vattr uva; 1144 int error; 1145 1146 lvp = unp->un_lowervp; 1147 uvp = NULLVP; 1148 1149 if ((UNIONFSTOV(unp)->v_mount->mnt_flag & MNT_RDONLY)) 1150 return (EROFS); 1151 if (unp->un_dvp == NULLVP) 1152 return (EINVAL); 1153 if (unp->un_uppervp != NULLVP) 1154 return (EEXIST); 1155 udvp = VTOUNIONFS(unp->un_dvp)->un_uppervp; 1156 if (udvp == NULLVP) 1157 return (EROFS); 1158 if ((udvp->v_mount->mnt_flag & MNT_RDONLY)) 1159 return (EROFS); 1160 1161 error = VOP_ACCESS(lvp, VREAD, cred, td); 1162 if (error != 0) 1163 return (error); 1164 1165 if ((error = vn_start_write(udvp, &mp, V_WAIT | PCATCH)) != 0) 1166 return (error); 1167 error = unionfs_vn_create_on_upper(&uvp, udvp, unp, &uva, td); 1168 if (error != 0) { 1169 vn_finished_write(mp); 1170 return (error); 1171 } 1172 1173 if (docopy != 0) { 1174 error = VOP_OPEN(lvp, FREAD, cred, td, NULL); 1175 if (error == 0) { 1176 error = unionfs_copyfile_core(lvp, uvp, cred, td); 1177 VOP_CLOSE(lvp, FREAD, cred, td); 1178 } 1179 } 1180 VOP_CLOSE(uvp, FWRITE, cred, td); 1181 VOP_ADD_WRITECOUNT_CHECKED(uvp, -1); 1182 CTR3(KTR_VFS, "%s: vp %p v_writecount decreased to %d", 1183 __func__, uvp, uvp->v_writecount); 1184 1185 vn_finished_write(mp); 1186 1187 if (error == 0) { 1188 /* Reset the attributes. Ignore errors. */ 1189 uva.va_type = VNON; 1190 VOP_SETATTR(uvp, &uva, cred); 1191 } 1192 1193 unionfs_node_update(unp, uvp, td); 1194 1195 return (error); 1196 } 1197 1198 /* 1199 * It checks whether vp can rmdir. (check empty) 1200 * 1201 * vp is unionfs vnode. 1202 * vp should be locked. 1203 */ 1204 int 1205 unionfs_check_rmdir(struct vnode *vp, struct ucred *cred, struct thread *td) 1206 { 1207 struct vnode *uvp; 1208 struct vnode *lvp; 1209 struct vnode *tvp; 1210 struct dirent *dp; 1211 struct dirent *edp; 1212 struct componentname cn; 1213 struct iovec iov; 1214 struct uio uio; 1215 struct vattr va; 1216 int error; 1217 int eofflag; 1218 int lookuperr; 1219 1220 /* 1221 * The size of buf needs to be larger than DIRBLKSIZ. 1222 */ 1223 char buf[256 * 6]; 1224 1225 ASSERT_VOP_ELOCKED(vp, __func__); 1226 1227 eofflag = 0; 1228 uvp = UNIONFSVPTOUPPERVP(vp); 1229 lvp = UNIONFSVPTOLOWERVP(vp); 1230 1231 /* check opaque */ 1232 if ((error = VOP_GETATTR(uvp, &va, cred)) != 0) 1233 return (error); 1234 if (va.va_flags & OPAQUE) 1235 return (0); 1236 1237 /* open vnode */ 1238 #ifdef MAC 1239 if ((error = mac_vnode_check_open(cred, vp, VEXEC|VREAD)) != 0) 1240 return (error); 1241 #endif 1242 if ((error = VOP_ACCESS(vp, VEXEC|VREAD, cred, td)) != 0) 1243 return (error); 1244 if ((error = VOP_OPEN(vp, FREAD, cred, td, NULL)) != 0) 1245 return (error); 1246 1247 uio.uio_rw = UIO_READ; 1248 uio.uio_segflg = UIO_SYSSPACE; 1249 uio.uio_td = td; 1250 uio.uio_offset = 0; 1251 1252 #ifdef MAC 1253 error = mac_vnode_check_readdir(td->td_ucred, lvp); 1254 #endif 1255 while (!error && !eofflag) { 1256 iov.iov_base = buf; 1257 iov.iov_len = sizeof(buf); 1258 uio.uio_iov = &iov; 1259 uio.uio_iovcnt = 1; 1260 uio.uio_resid = iov.iov_len; 1261 1262 error = VOP_READDIR(lvp, &uio, cred, &eofflag, NULL, NULL); 1263 if (error != 0) 1264 break; 1265 KASSERT(eofflag != 0 || uio.uio_resid < sizeof(buf), 1266 ("%s: empty read from lower FS", __func__)); 1267 1268 edp = (struct dirent*)&buf[sizeof(buf) - uio.uio_resid]; 1269 for (dp = (struct dirent*)buf; !error && dp < edp; 1270 dp = (struct dirent*)((caddr_t)dp + dp->d_reclen)) { 1271 if (dp->d_type == DT_WHT || dp->d_fileno == 0 || 1272 (dp->d_namlen == 1 && dp->d_name[0] == '.') || 1273 (dp->d_namlen == 2 && !bcmp(dp->d_name, "..", 2))) 1274 continue; 1275 1276 cn.cn_namelen = dp->d_namlen; 1277 cn.cn_pnbuf = NULL; 1278 cn.cn_nameptr = dp->d_name; 1279 cn.cn_nameiop = LOOKUP; 1280 cn.cn_flags = LOCKPARENT | LOCKLEAF | SAVENAME | 1281 RDONLY | ISLASTCN; 1282 cn.cn_lkflags = LK_EXCLUSIVE; 1283 cn.cn_cred = cred; 1284 1285 /* 1286 * check entry in lower. 1287 * Sometimes, readdir function returns 1288 * wrong entry. 1289 */ 1290 lookuperr = VOP_LOOKUP(lvp, &tvp, &cn); 1291 1292 if (!lookuperr) 1293 vput(tvp); 1294 else 1295 continue; /* skip entry */ 1296 1297 /* 1298 * check entry 1299 * If it has no exist/whiteout entry in upper, 1300 * directory is not empty. 1301 */ 1302 cn.cn_flags = LOCKPARENT | LOCKLEAF | SAVENAME | 1303 RDONLY | ISLASTCN; 1304 lookuperr = VOP_LOOKUP(uvp, &tvp, &cn); 1305 1306 if (!lookuperr) 1307 vput(tvp); 1308 1309 /* ignore exist or whiteout entry */ 1310 if (!lookuperr || 1311 (lookuperr == ENOENT && (cn.cn_flags & ISWHITEOUT))) 1312 continue; 1313 1314 error = ENOTEMPTY; 1315 } 1316 } 1317 1318 /* close vnode */ 1319 VOP_CLOSE(vp, FREAD, cred, td); 1320 1321 return (error); 1322 } 1323 1324