1 /* 2 * Copyright (c) 1994 The Regents of the University of California. 3 * Copyright (c) 1994 Jan-Simon Pendry. 4 * All rights reserved. 5 * 6 * This code is derived from software donated to Berkeley by 7 * Jan-Simon Pendry. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. All advertising materials mentioning features or use of this software 18 * must display the following acknowledgement: 19 * This product includes software developed by the University of 20 * California, Berkeley and its contributors. 21 * 4. Neither the name of the University nor the names of its contributors 22 * may be used to endorse or promote products derived from this software 23 * without specific prior written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * 37 * @(#)union_vfsops.c 8.7 (Berkeley) 3/5/94 38 * $Id: union_vfsops.c,v 1.10 1995/05/30 08:07:26 rgrimes Exp $ 39 */ 40 41 /* 42 * Union Layer 43 */ 44 45 #include <sys/param.h> 46 #include <sys/systm.h> 47 #include <sys/kernel.h> 48 #include <sys/time.h> 49 #include <sys/types.h> 50 #include <sys/proc.h> 51 #include <sys/vnode.h> 52 #include <sys/mount.h> 53 #include <sys/namei.h> 54 #include <sys/malloc.h> 55 #include <sys/filedesc.h> 56 #include <sys/queue.h> 57 #include <miscfs/union/union.h> 58 59 extern int union_init __P((void)); 60 61 extern int union_fhtovp __P((struct mount *mp, struct fid *fidp, 62 struct mbuf *nam, struct vnode **vpp, 63 int *exflagsp, struct ucred **credanonp)); 64 extern int union_mount __P((struct mount *mp, char *path, caddr_t data, 65 struct nameidata *ndp, struct proc *p)); 66 extern int union_quotactl __P((struct mount *mp, int cmd, uid_t uid, 67 caddr_t arg, struct proc *p)); 68 extern int union_root __P((struct mount *mp, struct vnode **vpp)); 69 extern int union_start __P((struct mount *mp, int flags, struct proc *p)); 70 extern int union_statfs __P((struct mount *mp, struct statfs *sbp, 71 struct proc *p)); 72 extern int union_sync __P((struct mount *mp, int waitfor, 73 struct ucred *cred, struct proc *p)); 74 extern int union_unmount __P((struct mount *mp, int mntflags, 75 struct proc *p)); 76 extern int union_vget __P((struct mount *mp, ino_t ino, 77 struct vnode **vpp)); 78 extern int union_vptofh __P((struct vnode *vp, struct fid *fhp)); 79 80 /* 81 * Mount union filesystem 82 */ 83 int 84 union_mount(mp, path, data, ndp, p) 85 struct mount *mp; 86 char *path; 87 caddr_t data; 88 struct nameidata *ndp; 89 struct proc *p; 90 { 91 int error = 0; 92 struct union_args args; 93 struct vnode *lowerrootvp = NULLVP; 94 struct vnode *upperrootvp = NULLVP; 95 struct union_mount *um; 96 struct ucred *cred = 0; 97 struct ucred *scred; 98 struct vattr va; 99 char *cp = 0; 100 int len; 101 u_int size; 102 103 #ifdef UNION_DIAGNOSTIC 104 printf("union_mount(mp = %x)\n", mp); 105 #endif 106 107 /* 108 * Update is a no-op 109 */ 110 if (mp->mnt_flag & MNT_UPDATE) { 111 /* 112 * Need to provide. 113 * 1. a way to convert between rdonly and rdwr mounts. 114 * 2. support for nfs exports. 115 */ 116 error = EOPNOTSUPP; 117 goto bad; 118 } 119 120 /* 121 * Take a copy of the process's credentials. This isn't 122 * quite right since the euid will always be zero and we 123 * want to get the "real" users credentials. So fix up 124 * the uid field after taking the copy. 125 */ 126 cred = crdup(p->p_ucred); 127 cred->cr_uid = p->p_cred->p_ruid; 128 129 /* 130 * Ensure the *real* user has write permission on the 131 * mounted-on directory. This allows the mount_union 132 * command to be made setuid root so allowing anyone 133 * to do union mounts onto any directory on which they 134 * have write permission and which they also own. 135 */ 136 error = VOP_GETATTR(mp->mnt_vnodecovered, &va, cred, p); 137 if (error) 138 goto bad; 139 if ((va.va_uid != cred->cr_uid) && 140 (cred->cr_uid != 0)) { 141 error = EACCES; 142 goto bad; 143 } 144 error = VOP_ACCESS(mp->mnt_vnodecovered, VWRITE, cred, p); 145 if (error) 146 goto bad; 147 148 /* 149 * Get argument 150 */ 151 error = copyin(data, (caddr_t)&args, sizeof(struct union_args)); 152 if (error) 153 goto bad; 154 155 lowerrootvp = mp->mnt_vnodecovered; 156 VREF(lowerrootvp); 157 158 /* 159 * Find upper node. Use the real process credentials, 160 * not the effective ones since this will have come 161 * through a setuid process (mount_union). All this 162 * messing around with permissions is entirely bogus 163 * and should be removed by allowing any user straight 164 * past the mount system call. 165 */ 166 scred = p->p_ucred; 167 p->p_ucred = cred; 168 NDINIT(ndp, LOOKUP, FOLLOW|WANTPARENT, 169 UIO_USERSPACE, args.target, p); 170 p->p_ucred = scred; 171 172 error = namei(ndp); 173 if (error) 174 goto bad; 175 176 upperrootvp = ndp->ni_vp; 177 vrele(ndp->ni_dvp); 178 ndp->ni_dvp = NULL; 179 180 if (upperrootvp->v_type != VDIR) { 181 error = EINVAL; 182 goto bad; 183 } 184 185 um = (struct union_mount *) malloc(sizeof(struct union_mount), 186 M_UFSMNT, M_WAITOK); /* XXX */ 187 188 /* 189 * Keep a held reference to the target vnodes. 190 * They are vrele'd in union_unmount. 191 * 192 * Depending on the _BELOW flag, the filesystems are 193 * viewed in a different order. In effect, this is the 194 * same as providing a mount under option to the mount syscall. 195 */ 196 197 um->um_op = args.mntflags & UNMNT_OPMASK; 198 switch (um->um_op) { 199 case UNMNT_ABOVE: 200 um->um_lowervp = lowerrootvp; 201 um->um_uppervp = upperrootvp; 202 break; 203 204 case UNMNT_BELOW: 205 um->um_lowervp = upperrootvp; 206 um->um_uppervp = lowerrootvp; 207 break; 208 209 case UNMNT_REPLACE: 210 vrele(lowerrootvp); 211 lowerrootvp = NULLVP; 212 um->um_uppervp = upperrootvp; 213 um->um_lowervp = lowerrootvp; 214 break; 215 216 default: 217 error = EINVAL; 218 goto bad; 219 } 220 221 um->um_cred = cred; 222 um->um_cmode = UN_DIRMODE &~ p->p_fd->fd_cmask; 223 224 /* 225 * Depending on what you think the MNT_LOCAL flag might mean, 226 * you may want the && to be || on the conditional below. 227 * At the moment it has been defined that the filesystem is 228 * only local if it is all local, ie the MNT_LOCAL flag implies 229 * that the entire namespace is local. If you think the MNT_LOCAL 230 * flag implies that some of the files might be stored locally 231 * then you will want to change the conditional. 232 */ 233 if (um->um_op == UNMNT_ABOVE) { 234 if (((um->um_lowervp == NULLVP) || 235 (um->um_lowervp->v_mount->mnt_flag & MNT_LOCAL)) && 236 (um->um_uppervp->v_mount->mnt_flag & MNT_LOCAL)) 237 mp->mnt_flag |= MNT_LOCAL; 238 } 239 240 /* 241 * Copy in the upper layer's RDONLY flag. This is for the benefit 242 * of lookup() which explicitly checks the flag, rather than asking 243 * the filesystem for it's own opinion. This means, that an update 244 * mount of the underlying filesystem to go from rdonly to rdwr 245 * will leave the unioned view as read-only. 246 */ 247 mp->mnt_flag |= (um->um_uppervp->v_mount->mnt_flag & MNT_RDONLY); 248 249 /* 250 * This is a user mount. Privilege check for unmount 251 * will be done in union_unmount. 252 */ 253 mp->mnt_flag |= MNT_USER; 254 255 mp->mnt_data = (qaddr_t) um; 256 getnewfsid(mp, MOUNT_UNION); 257 258 (void) copyinstr(path, mp->mnt_stat.f_mntonname, MNAMELEN - 1, &size); 259 bzero(mp->mnt_stat.f_mntonname + size, MNAMELEN - size); 260 261 switch (um->um_op) { 262 case UNMNT_ABOVE: 263 cp = "<above>"; 264 break; 265 case UNMNT_BELOW: 266 cp = "<below>"; 267 break; 268 case UNMNT_REPLACE: 269 cp = ""; 270 break; 271 } 272 len = strlen(cp); 273 bcopy(cp, mp->mnt_stat.f_mntfromname, len); 274 275 cp = mp->mnt_stat.f_mntfromname + len; 276 len = MNAMELEN - len; 277 278 (void) copyinstr(args.target, cp, len - 1, &size); 279 bzero(cp + size, len - size); 280 281 (void)union_statfs(mp, &mp->mnt_stat, p); 282 283 #ifdef UNION_DIAGNOSTIC 284 printf("union_mount: from %s, on %s\n", 285 mp->mnt_stat.f_mntfromname, mp->mnt_stat.f_mntonname); 286 #endif 287 return (0); 288 289 bad: 290 if (cred) 291 crfree(cred); 292 if (upperrootvp) 293 vrele(upperrootvp); 294 if (lowerrootvp) 295 vrele(lowerrootvp); 296 return (error); 297 } 298 299 /* 300 * VFS start. Nothing needed here - the start routine 301 * on the underlying filesystem(s) will have been called 302 * when that filesystem was mounted. 303 */ 304 int 305 union_start(mp, flags, p) 306 struct mount *mp; 307 int flags; 308 struct proc *p; 309 { 310 311 return (0); 312 } 313 314 /* 315 * Free reference to union layer 316 */ 317 int 318 union_unmount(mp, mntflags, p) 319 struct mount *mp; 320 int mntflags; 321 struct proc *p; 322 { 323 struct union_mount *um = MOUNTTOUNIONMOUNT(mp); 324 struct vnode *um_rootvp; 325 int error; 326 int flags = 0; 327 328 #ifdef UNION_DIAGNOSTIC 329 printf("union_unmount(mp = %x)\n", mp); 330 #endif 331 332 /* only the mounter, or superuser can unmount */ 333 if ((p->p_cred->p_ruid != um->um_cred->cr_uid) && 334 (error = suser(p->p_ucred, &p->p_acflag))) 335 return (error); 336 337 if (mntflags & MNT_FORCE) { 338 /* union can never be rootfs so don't check for it */ 339 if (!doforce) 340 return (EINVAL); 341 flags |= FORCECLOSE; 342 } 343 344 error = union_root(mp, &um_rootvp); 345 if (error) 346 return (error); 347 if (um_rootvp->v_usecount > 1) { 348 vput(um_rootvp); 349 return (EBUSY); 350 } 351 error = vflush(mp, um_rootvp, flags); 352 if (error) { 353 vput(um_rootvp); 354 return (error); 355 } 356 357 #ifdef UNION_DIAGNOSTIC 358 vprint("alias root of lower", um_rootvp); 359 #endif 360 /* 361 * Discard references to upper and lower target vnodes. 362 */ 363 if (um->um_lowervp) 364 vrele(um->um_lowervp); 365 vrele(um->um_uppervp); 366 crfree(um->um_cred); 367 /* 368 * Release reference on underlying root vnode 369 */ 370 vput(um_rootvp); 371 /* 372 * And blow it away for future re-use 373 */ 374 vgone(um_rootvp); 375 /* 376 * Finally, throw away the union_mount structure 377 */ 378 free(mp->mnt_data, M_UFSMNT); /* XXX */ 379 mp->mnt_data = 0; 380 return (0); 381 } 382 383 int 384 union_root(mp, vpp) 385 struct mount *mp; 386 struct vnode **vpp; 387 { 388 struct union_mount *um = MOUNTTOUNIONMOUNT(mp); 389 int error; 390 int loselock; 391 392 #ifdef UNION_DIAGNOSTIC 393 printf("union_root(mp = %x, lvp = %x, uvp = %x)\n", mp, 394 um->um_lowervp, 395 um->um_uppervp); 396 #endif 397 398 /* 399 * Return locked reference to root. 400 */ 401 VREF(um->um_uppervp); 402 if ((um->um_op == UNMNT_BELOW) && 403 VOP_ISLOCKED(um->um_uppervp)) { 404 loselock = 1; 405 } else { 406 VOP_LOCK(um->um_uppervp); 407 loselock = 0; 408 } 409 if (um->um_lowervp) 410 VREF(um->um_lowervp); 411 error = union_allocvp(vpp, mp, 412 (struct vnode *) 0, 413 (struct vnode *) 0, 414 (struct componentname *) 0, 415 um->um_uppervp, 416 um->um_lowervp); 417 418 if (error) { 419 if (!loselock) 420 VOP_UNLOCK(um->um_uppervp); 421 vrele(um->um_uppervp); 422 if (um->um_lowervp) 423 vrele(um->um_lowervp); 424 } else { 425 (*vpp)->v_flag |= VROOT; 426 if (loselock) 427 VTOUNION(*vpp)->un_flags &= ~UN_ULOCK; 428 } 429 430 return (error); 431 } 432 433 int 434 union_quotactl(mp, cmd, uid, arg, p) 435 struct mount *mp; 436 int cmd; 437 uid_t uid; 438 caddr_t arg; 439 struct proc *p; 440 { 441 442 return (EOPNOTSUPP); 443 } 444 445 int 446 union_statfs(mp, sbp, p) 447 struct mount *mp; 448 struct statfs *sbp; 449 struct proc *p; 450 { 451 int error; 452 struct union_mount *um = MOUNTTOUNIONMOUNT(mp); 453 struct statfs mstat; 454 int lbsize; 455 456 #ifdef UNION_DIAGNOSTIC 457 printf("union_statfs(mp = %x, lvp = %x, uvp = %x)\n", mp, 458 um->um_lowervp, 459 um->um_uppervp); 460 #endif 461 462 bzero(&mstat, sizeof(mstat)); 463 464 if (um->um_lowervp) { 465 error = VFS_STATFS(um->um_lowervp->v_mount, &mstat, p); 466 if (error) 467 return (error); 468 } 469 470 /* now copy across the "interesting" information and fake the rest */ 471 #if 0 472 sbp->f_type = mstat.f_type; 473 sbp->f_flags = mstat.f_flags; 474 sbp->f_bsize = mstat.f_bsize; 475 sbp->f_iosize = mstat.f_iosize; 476 #endif 477 lbsize = mstat.f_bsize; 478 sbp->f_blocks = mstat.f_blocks; 479 sbp->f_bfree = mstat.f_bfree; 480 sbp->f_bavail = mstat.f_bavail; 481 sbp->f_files = mstat.f_files; 482 sbp->f_ffree = mstat.f_ffree; 483 484 error = VFS_STATFS(um->um_uppervp->v_mount, &mstat, p); 485 if (error) 486 return (error); 487 488 sbp->f_type = MOUNT_UNION; 489 sbp->f_flags = mstat.f_flags; 490 sbp->f_bsize = mstat.f_bsize; 491 sbp->f_iosize = mstat.f_iosize; 492 493 /* 494 * if the lower and upper blocksizes differ, then frig the 495 * block counts so that the sizes reported by df make some 496 * kind of sense. none of this makes sense though. 497 */ 498 499 if (mstat.f_bsize != lbsize) { 500 sbp->f_blocks = sbp->f_blocks * lbsize / mstat.f_bsize; 501 sbp->f_bfree = sbp->f_bfree * lbsize / mstat.f_bsize; 502 sbp->f_bavail = sbp->f_bavail * lbsize / mstat.f_bsize; 503 } 504 sbp->f_blocks += mstat.f_blocks; 505 sbp->f_bfree += mstat.f_bfree; 506 sbp->f_bavail += mstat.f_bavail; 507 sbp->f_files += mstat.f_files; 508 sbp->f_ffree += mstat.f_ffree; 509 510 if (sbp != &mp->mnt_stat) { 511 bcopy(&mp->mnt_stat.f_fsid, &sbp->f_fsid, sizeof(sbp->f_fsid)); 512 bcopy(mp->mnt_stat.f_mntonname, sbp->f_mntonname, MNAMELEN); 513 bcopy(mp->mnt_stat.f_mntfromname, sbp->f_mntfromname, MNAMELEN); 514 } 515 return (0); 516 } 517 518 int 519 union_sync(mp, waitfor, cred, p) 520 struct mount *mp; 521 int waitfor; 522 struct ucred *cred; 523 struct proc *p; 524 { 525 526 /* 527 * XXX - Assumes no data cached at union layer. 528 */ 529 return (0); 530 } 531 532 int 533 union_vget(mp, ino, vpp) 534 struct mount *mp; 535 ino_t ino; 536 struct vnode **vpp; 537 { 538 539 return (EOPNOTSUPP); 540 } 541 542 int 543 union_fhtovp(mp, fidp, nam, vpp, exflagsp, credanonp) 544 struct mount *mp; 545 struct fid *fidp; 546 struct mbuf *nam; 547 struct vnode **vpp; 548 int *exflagsp; 549 struct ucred **credanonp; 550 { 551 552 return (EOPNOTSUPP); 553 } 554 555 int 556 union_vptofh(vp, fhp) 557 struct vnode *vp; 558 struct fid *fhp; 559 { 560 561 return (EOPNOTSUPP); 562 } 563 564 struct vfsops union_vfsops = { 565 union_mount, 566 union_start, 567 union_unmount, 568 union_root, 569 union_quotactl, 570 union_statfs, 571 union_sync, 572 union_vget, 573 union_fhtovp, 574 union_vptofh, 575 union_init, 576 }; 577 578 VFS_SET(union_vfsops, union, MOUNT_UNION, VFCF_LOOPBACK); 579