1 /* 2 * Copyright (c) 1994 The Regents of the University of California. 3 * Copyright (c) 1994 Jan-Simon Pendry. 4 * All rights reserved. 5 * 6 * This code is derived from software donated to Berkeley by 7 * Jan-Simon Pendry. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. All advertising materials mentioning features or use of this software 18 * must display the following acknowledgement: 19 * This product includes software developed by the University of 20 * California, Berkeley and its contributors. 21 * 4. Neither the name of the University nor the names of its contributors 22 * may be used to endorse or promote products derived from this software 23 * without specific prior written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * 37 * @(#)union_vfsops.c 8.7 (Berkeley) 3/5/94 38 * $Id: union_vfsops.c,v 1.6 1994/10/10 07:55:47 phk Exp $ 39 */ 40 41 /* 42 * Union Layer 43 */ 44 45 #include <sys/param.h> 46 #include <sys/systm.h> 47 #include <sys/kernel.h> 48 #include <sys/time.h> 49 #include <sys/types.h> 50 #include <sys/proc.h> 51 #include <sys/vnode.h> 52 #include <sys/mount.h> 53 #include <sys/namei.h> 54 #include <sys/malloc.h> 55 #include <sys/filedesc.h> 56 #include <sys/queue.h> 57 #include <miscfs/union/union.h> 58 59 /* 60 * Mount union filesystem 61 */ 62 int 63 union_mount(mp, path, data, ndp, p) 64 struct mount *mp; 65 char *path; 66 caddr_t data; 67 struct nameidata *ndp; 68 struct proc *p; 69 { 70 int error = 0; 71 struct union_args args; 72 struct vnode *lowerrootvp = NULLVP; 73 struct vnode *upperrootvp = NULLVP; 74 struct union_mount *um; 75 struct ucred *cred = 0; 76 struct ucred *scred; 77 struct vattr va; 78 char *cp = 0; 79 int len; 80 u_int size; 81 82 #ifdef UNION_DIAGNOSTIC 83 printf("union_mount(mp = %x)\n", mp); 84 #endif 85 86 /* 87 * Update is a no-op 88 */ 89 if (mp->mnt_flag & MNT_UPDATE) { 90 /* 91 * Need to provide. 92 * 1. a way to convert between rdonly and rdwr mounts. 93 * 2. support for nfs exports. 94 */ 95 error = EOPNOTSUPP; 96 goto bad; 97 } 98 99 /* 100 * Take a copy of the process's credentials. This isn't 101 * quite right since the euid will always be zero and we 102 * want to get the "real" users credentials. So fix up 103 * the uid field after taking the copy. 104 */ 105 cred = crdup(p->p_ucred); 106 cred->cr_uid = p->p_cred->p_ruid; 107 108 /* 109 * Ensure the *real* user has write permission on the 110 * mounted-on directory. This allows the mount_union 111 * command to be made setuid root so allowing anyone 112 * to do union mounts onto any directory on which they 113 * have write permission and which they also own. 114 */ 115 error = VOP_GETATTR(mp->mnt_vnodecovered, &va, cred, p); 116 if (error) 117 goto bad; 118 if ((va.va_uid != cred->cr_uid) && 119 (cred->cr_uid != 0)) { 120 error = EACCES; 121 goto bad; 122 } 123 error = VOP_ACCESS(mp->mnt_vnodecovered, VWRITE, cred, p); 124 if (error) 125 goto bad; 126 127 /* 128 * Get argument 129 */ 130 error = copyin(data, (caddr_t)&args, sizeof(struct union_args)); 131 if (error) 132 goto bad; 133 134 lowerrootvp = mp->mnt_vnodecovered; 135 VREF(lowerrootvp); 136 137 /* 138 * Find upper node. Use the real process credentials, 139 * not the effective ones since this will have come 140 * through a setuid process (mount_union). All this 141 * messing around with permissions is entirely bogus 142 * and should be removed by allowing any user straight 143 * past the mount system call. 144 */ 145 scred = p->p_ucred; 146 p->p_ucred = cred; 147 NDINIT(ndp, LOOKUP, FOLLOW|WANTPARENT, 148 UIO_USERSPACE, args.target, p); 149 p->p_ucred = scred; 150 151 error = namei(ndp); 152 if (error) 153 goto bad; 154 155 upperrootvp = ndp->ni_vp; 156 vrele(ndp->ni_dvp); 157 ndp->ni_dvp = NULL; 158 159 if (upperrootvp->v_type != VDIR) { 160 error = EINVAL; 161 goto bad; 162 } 163 164 um = (struct union_mount *) malloc(sizeof(struct union_mount), 165 M_UFSMNT, M_WAITOK); /* XXX */ 166 167 /* 168 * Keep a held reference to the target vnodes. 169 * They are vrele'd in union_unmount. 170 * 171 * Depending on the _BELOW flag, the filesystems are 172 * viewed in a different order. In effect, this is the 173 * same as providing a mount under option to the mount syscall. 174 */ 175 176 um->um_op = args.mntflags & UNMNT_OPMASK; 177 switch (um->um_op) { 178 case UNMNT_ABOVE: 179 um->um_lowervp = lowerrootvp; 180 um->um_uppervp = upperrootvp; 181 break; 182 183 case UNMNT_BELOW: 184 um->um_lowervp = upperrootvp; 185 um->um_uppervp = lowerrootvp; 186 break; 187 188 case UNMNT_REPLACE: 189 vrele(lowerrootvp); 190 lowerrootvp = NULLVP; 191 um->um_uppervp = upperrootvp; 192 um->um_lowervp = lowerrootvp; 193 break; 194 195 default: 196 error = EINVAL; 197 goto bad; 198 } 199 200 um->um_cred = cred; 201 um->um_cmode = UN_DIRMODE &~ p->p_fd->fd_cmask; 202 203 /* 204 * Depending on what you think the MNT_LOCAL flag might mean, 205 * you may want the && to be || on the conditional below. 206 * At the moment it has been defined that the filesystem is 207 * only local if it is all local, ie the MNT_LOCAL flag implies 208 * that the entire namespace is local. If you think the MNT_LOCAL 209 * flag implies that some of the files might be stored locally 210 * then you will want to change the conditional. 211 */ 212 if (um->um_op == UNMNT_ABOVE) { 213 if (((um->um_lowervp == NULLVP) || 214 (um->um_lowervp->v_mount->mnt_flag & MNT_LOCAL)) && 215 (um->um_uppervp->v_mount->mnt_flag & MNT_LOCAL)) 216 mp->mnt_flag |= MNT_LOCAL; 217 } 218 219 /* 220 * Copy in the upper layer's RDONLY flag. This is for the benefit 221 * of lookup() which explicitly checks the flag, rather than asking 222 * the filesystem for it's own opinion. This means, that an update 223 * mount of the underlying filesystem to go from rdonly to rdwr 224 * will leave the unioned view as read-only. 225 */ 226 mp->mnt_flag |= (um->um_uppervp->v_mount->mnt_flag & MNT_RDONLY); 227 228 /* 229 * This is a user mount. Privilege check for unmount 230 * will be done in union_unmount. 231 */ 232 mp->mnt_flag |= MNT_USER; 233 234 mp->mnt_data = (qaddr_t) um; 235 getnewfsid(mp, MOUNT_UNION); 236 237 (void) copyinstr(path, mp->mnt_stat.f_mntonname, MNAMELEN - 1, &size); 238 bzero(mp->mnt_stat.f_mntonname + size, MNAMELEN - size); 239 240 switch (um->um_op) { 241 case UNMNT_ABOVE: 242 cp = "<above>"; 243 break; 244 case UNMNT_BELOW: 245 cp = "<below>"; 246 break; 247 case UNMNT_REPLACE: 248 cp = ""; 249 break; 250 } 251 len = strlen(cp); 252 bcopy(cp, mp->mnt_stat.f_mntfromname, len); 253 254 cp = mp->mnt_stat.f_mntfromname + len; 255 len = MNAMELEN - len; 256 257 (void) copyinstr(args.target, cp, len - 1, &size); 258 bzero(cp + size, len - size); 259 260 (void)union_statfs(mp, &mp->mnt_stat, p); 261 262 #ifdef UNION_DIAGNOSTIC 263 printf("union_mount: from %s, on %s\n", 264 mp->mnt_stat.f_mntfromname, mp->mnt_stat.f_mntonname); 265 #endif 266 return (0); 267 268 bad: 269 if (cred) 270 crfree(cred); 271 if (upperrootvp) 272 vrele(upperrootvp); 273 if (lowerrootvp) 274 vrele(lowerrootvp); 275 return (error); 276 } 277 278 /* 279 * VFS start. Nothing needed here - the start routine 280 * on the underlying filesystem(s) will have been called 281 * when that filesystem was mounted. 282 */ 283 int 284 union_start(mp, flags, p) 285 struct mount *mp; 286 int flags; 287 struct proc *p; 288 { 289 290 return (0); 291 } 292 293 /* 294 * Free reference to union layer 295 */ 296 int 297 union_unmount(mp, mntflags, p) 298 struct mount *mp; 299 int mntflags; 300 struct proc *p; 301 { 302 struct union_mount *um = MOUNTTOUNIONMOUNT(mp); 303 struct vnode *um_rootvp; 304 int error; 305 int flags = 0; 306 extern int doforce; 307 308 #ifdef UNION_DIAGNOSTIC 309 printf("union_unmount(mp = %x)\n", mp); 310 #endif 311 312 /* only the mounter, or superuser can unmount */ 313 if ((p->p_cred->p_ruid != um->um_cred->cr_uid) && 314 (error = suser(p->p_ucred, &p->p_acflag))) 315 return (error); 316 317 if (mntflags & MNT_FORCE) { 318 /* union can never be rootfs so don't check for it */ 319 if (!doforce) 320 return (EINVAL); 321 flags |= FORCECLOSE; 322 } 323 324 error = union_root(mp, &um_rootvp); 325 if (error) 326 return (error); 327 if (um_rootvp->v_usecount > 1) { 328 vput(um_rootvp); 329 return (EBUSY); 330 } 331 error = vflush(mp, um_rootvp, flags); 332 if (error) { 333 vput(um_rootvp); 334 return (error); 335 } 336 337 #ifdef UNION_DIAGNOSTIC 338 vprint("alias root of lower", um_rootvp); 339 #endif 340 /* 341 * Discard references to upper and lower target vnodes. 342 */ 343 if (um->um_lowervp) 344 vrele(um->um_lowervp); 345 vrele(um->um_uppervp); 346 crfree(um->um_cred); 347 /* 348 * Release reference on underlying root vnode 349 */ 350 vput(um_rootvp); 351 /* 352 * And blow it away for future re-use 353 */ 354 vgone(um_rootvp); 355 /* 356 * Finally, throw away the union_mount structure 357 */ 358 free(mp->mnt_data, M_UFSMNT); /* XXX */ 359 mp->mnt_data = 0; 360 return (0); 361 } 362 363 int 364 union_root(mp, vpp) 365 struct mount *mp; 366 struct vnode **vpp; 367 { 368 struct union_mount *um = MOUNTTOUNIONMOUNT(mp); 369 int error; 370 int loselock; 371 372 #ifdef UNION_DIAGNOSTIC 373 printf("union_root(mp = %x, lvp = %x, uvp = %x)\n", mp, 374 um->um_lowervp, 375 um->um_uppervp); 376 #endif 377 378 /* 379 * Return locked reference to root. 380 */ 381 VREF(um->um_uppervp); 382 if ((um->um_op == UNMNT_BELOW) && 383 VOP_ISLOCKED(um->um_uppervp)) { 384 loselock = 1; 385 } else { 386 VOP_LOCK(um->um_uppervp); 387 loselock = 0; 388 } 389 if (um->um_lowervp) 390 VREF(um->um_lowervp); 391 error = union_allocvp(vpp, mp, 392 (struct vnode *) 0, 393 (struct vnode *) 0, 394 (struct componentname *) 0, 395 um->um_uppervp, 396 um->um_lowervp); 397 398 if (error) { 399 if (!loselock) 400 VOP_UNLOCK(um->um_uppervp); 401 vrele(um->um_uppervp); 402 if (um->um_lowervp) 403 vrele(um->um_lowervp); 404 } else { 405 (*vpp)->v_flag |= VROOT; 406 if (loselock) 407 VTOUNION(*vpp)->un_flags &= ~UN_ULOCK; 408 } 409 410 return (error); 411 } 412 413 int 414 union_quotactl(mp, cmd, uid, arg, p) 415 struct mount *mp; 416 int cmd; 417 uid_t uid; 418 caddr_t arg; 419 struct proc *p; 420 { 421 422 return (EOPNOTSUPP); 423 } 424 425 int 426 union_statfs(mp, sbp, p) 427 struct mount *mp; 428 struct statfs *sbp; 429 struct proc *p; 430 { 431 int error; 432 struct union_mount *um = MOUNTTOUNIONMOUNT(mp); 433 struct statfs mstat; 434 int lbsize; 435 436 #ifdef UNION_DIAGNOSTIC 437 printf("union_statfs(mp = %x, lvp = %x, uvp = %x)\n", mp, 438 um->um_lowervp, 439 um->um_uppervp); 440 #endif 441 442 bzero(&mstat, sizeof(mstat)); 443 444 if (um->um_lowervp) { 445 error = VFS_STATFS(um->um_lowervp->v_mount, &mstat, p); 446 if (error) 447 return (error); 448 } 449 450 /* now copy across the "interesting" information and fake the rest */ 451 #if 0 452 sbp->f_type = mstat.f_type; 453 sbp->f_flags = mstat.f_flags; 454 sbp->f_bsize = mstat.f_bsize; 455 sbp->f_iosize = mstat.f_iosize; 456 #endif 457 lbsize = mstat.f_bsize; 458 sbp->f_blocks = mstat.f_blocks; 459 sbp->f_bfree = mstat.f_bfree; 460 sbp->f_bavail = mstat.f_bavail; 461 sbp->f_files = mstat.f_files; 462 sbp->f_ffree = mstat.f_ffree; 463 464 error = VFS_STATFS(um->um_uppervp->v_mount, &mstat, p); 465 if (error) 466 return (error); 467 468 sbp->f_type = MOUNT_UNION; 469 sbp->f_flags = mstat.f_flags; 470 sbp->f_bsize = mstat.f_bsize; 471 sbp->f_iosize = mstat.f_iosize; 472 473 /* 474 * if the lower and upper blocksizes differ, then frig the 475 * block counts so that the sizes reported by df make some 476 * kind of sense. none of this makes sense though. 477 */ 478 479 if (mstat.f_bsize != lbsize) { 480 sbp->f_blocks = sbp->f_blocks * lbsize / mstat.f_bsize; 481 sbp->f_bfree = sbp->f_bfree * lbsize / mstat.f_bsize; 482 sbp->f_bavail = sbp->f_bavail * lbsize / mstat.f_bsize; 483 } 484 sbp->f_blocks += mstat.f_blocks; 485 sbp->f_bfree += mstat.f_bfree; 486 sbp->f_bavail += mstat.f_bavail; 487 sbp->f_files += mstat.f_files; 488 sbp->f_ffree += mstat.f_ffree; 489 490 if (sbp != &mp->mnt_stat) { 491 bcopy(&mp->mnt_stat.f_fsid, &sbp->f_fsid, sizeof(sbp->f_fsid)); 492 bcopy(mp->mnt_stat.f_mntonname, sbp->f_mntonname, MNAMELEN); 493 bcopy(mp->mnt_stat.f_mntfromname, sbp->f_mntfromname, MNAMELEN); 494 } 495 return (0); 496 } 497 498 int 499 union_sync(mp, waitfor, cred, p) 500 struct mount *mp; 501 int waitfor; 502 struct ucred *cred; 503 struct proc *p; 504 { 505 506 /* 507 * XXX - Assumes no data cached at union layer. 508 */ 509 return (0); 510 } 511 512 int 513 union_vget(mp, ino, vpp) 514 struct mount *mp; 515 ino_t ino; 516 struct vnode **vpp; 517 { 518 519 return (EOPNOTSUPP); 520 } 521 522 int 523 union_fhtovp(mp, fidp, nam, vpp, exflagsp, credanonp) 524 struct mount *mp; 525 struct fid *fidp; 526 struct mbuf *nam; 527 struct vnode **vpp; 528 int *exflagsp; 529 struct ucred **credanonp; 530 { 531 532 return (EOPNOTSUPP); 533 } 534 535 int 536 union_vptofh(vp, fhp) 537 struct vnode *vp; 538 struct fid *fhp; 539 { 540 541 return (EOPNOTSUPP); 542 } 543 544 int union_init __P((void)); 545 546 struct vfsops union_vfsops = { 547 union_mount, 548 union_start, 549 union_unmount, 550 union_root, 551 union_quotactl, 552 union_statfs, 553 union_sync, 554 union_vget, 555 union_fhtovp, 556 union_vptofh, 557 union_init, 558 }; 559 560 VFS_SET(union_vfsops, union, MOUNT_UNION, 0); 561